xmrig | de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
Size

2.1MB
MD5

f8b68052674f3454e077bb99c8bd54bb
SHA1

2200d74687fad348830e3fbbd3540e1518be03f9
SHA256

de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b
SHA512

0d22bafe6dd1279a2efc66a5393cbbde913a9b130ca3dad9c68403f716ea4437c073e92c5ffb7f973e6745bc1bdae0c87c27e5b8546cf40564452cbb7b1b6e9d
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIlMmSdbbUGsVOutxLL:oemTLkNdfE0pZrZ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4540-0-0x00007FF6B72D0000-0x00007FF6B7624000-memory.dmp	xmrig
C:\Windows\System\cIkOyrm.exe	xmrig
C:\Windows\System\JhVXjWR.exe	xmrig
behavioral2/memory/5004-17-0x00007FF7AC700000-0x00007FF7ACA54000-memory.dmp	xmrig
C:\Windows\System\RjzgIGb.exe	xmrig
C:\Windows\System\jwGYSuc.exe	xmrig
C:\Windows\System\tpkbqCY.exe	xmrig
behavioral2/memory/3588-47-0x00007FF6F2DD0000-0x00007FF6F3124000-memory.dmp	xmrig
C:\Windows\System\qMrJjfG.exe	xmrig
C:\Windows\System\JHhgLti.exe	xmrig
C:\Windows\System\UftzUoJ.exe	xmrig
C:\Windows\System\KoIPzAU.exe	xmrig
C:\Windows\System\OvqcBeO.exe	xmrig
behavioral2/memory/1280-728-0x00007FF719230000-0x00007FF719584000-memory.dmp	xmrig
behavioral2/memory/2628-731-0x00007FF6F0980000-0x00007FF6F0CD4000-memory.dmp	xmrig
behavioral2/memory/2428-732-0x00007FF687AC0000-0x00007FF687E14000-memory.dmp	xmrig
behavioral2/memory/1704-730-0x00007FF726A60000-0x00007FF726DB4000-memory.dmp	xmrig
behavioral2/memory/3180-729-0x00007FF77F740000-0x00007FF77FA94000-memory.dmp	xmrig
behavioral2/memory/556-733-0x00007FF695880000-0x00007FF695BD4000-memory.dmp	xmrig
behavioral2/memory/348-742-0x00007FF721780000-0x00007FF721AD4000-memory.dmp	xmrig
behavioral2/memory/2264-744-0x00007FF7A4480000-0x00007FF7A47D4000-memory.dmp	xmrig
behavioral2/memory/2112-751-0x00007FF63E740000-0x00007FF63EA94000-memory.dmp	xmrig
behavioral2/memory/2372-748-0x00007FF671AC0000-0x00007FF671E14000-memory.dmp	xmrig
behavioral2/memory/2660-739-0x00007FF67AEE0000-0x00007FF67B234000-memory.dmp	xmrig
C:\Windows\System\lzGuDFt.exe	xmrig
C:\Windows\System\SVmTynX.exe	xmrig
C:\Windows\System\gqBGcDi.exe	xmrig
C:\Windows\System\EXvhTbC.exe	xmrig
C:\Windows\System\RkdxHOf.exe	xmrig
C:\Windows\System\BlCFUxe.exe	xmrig
C:\Windows\System\VTjMSYG.exe	xmrig
C:\Windows\System\nSeSFmh.exe	xmrig
C:\Windows\System\EqoujYS.exe	xmrig
C:\Windows\System\fosoqsv.exe	xmrig
C:\Windows\System\QQzheQm.exe	xmrig
behavioral2/memory/3712-808-0x00007FF61AE00000-0x00007FF61B154000-memory.dmp	xmrig
behavioral2/memory/2928-811-0x00007FF63DCB0000-0x00007FF63E004000-memory.dmp	xmrig
behavioral2/memory/744-819-0x00007FF600820000-0x00007FF600B74000-memory.dmp	xmrig
behavioral2/memory/1684-818-0x00007FF609370000-0x00007FF6096C4000-memory.dmp	xmrig
behavioral2/memory/4476-814-0x00007FF6BD790000-0x00007FF6BDAE4000-memory.dmp	xmrig
C:\Windows\System\YhGpAWC.exe	xmrig
C:\Windows\System\pzvDLxg.exe	xmrig
behavioral2/memory/3276-826-0x00007FF6B0C60000-0x00007FF6B0FB4000-memory.dmp	xmrig
behavioral2/memory/1988-837-0x00007FF67A790000-0x00007FF67AAE4000-memory.dmp	xmrig
behavioral2/memory/316-840-0x00007FF6FD770000-0x00007FF6FDAC4000-memory.dmp	xmrig
behavioral2/memory/4392-842-0x00007FF7BA230000-0x00007FF7BA584000-memory.dmp	xmrig
behavioral2/memory/1596-827-0x00007FF64B3A0000-0x00007FF64B6F4000-memory.dmp	xmrig
behavioral2/memory/2444-822-0x00007FF643A00000-0x00007FF643D54000-memory.dmp	xmrig
C:\Windows\System\ftTOgFw.exe	xmrig
C:\Windows\System\bnlrWbD.exe	xmrig
C:\Windows\System\DxDFsEx.exe	xmrig
C:\Windows\System\EcAKeOW.exe	xmrig
C:\Windows\System\pDYaRhn.exe	xmrig
C:\Windows\System\LotjvRk.exe	xmrig
C:\Windows\System\upuDnNh.exe	xmrig
C:\Windows\System\ypVuhVB.exe	xmrig
behavioral2/memory/4828-41-0x00007FF62BDE0000-0x00007FF62C134000-memory.dmp	xmrig
C:\Windows\System\oulQcjI.exe	xmrig
behavioral2/memory/1488-30-0x00007FF7ADA00000-0x00007FF7ADD54000-memory.dmp	xmrig
behavioral2/memory/2124-27-0x00007FF6571A0000-0x00007FF6574F4000-memory.dmp	xmrig
C:\Windows\System\ncSMlcb.exe	xmrig
behavioral2/memory/4908-15-0x00007FF7F6530000-0x00007FF7F6884000-memory.dmp	xmrig
behavioral2/memory/3720-8-0x00007FF6888E0000-0x00007FF688C34000-memory.dmp	xmrig
behavioral2/memory/4540-929-0x00007FF6B72D0000-0x00007FF6B7624000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

cIkOyrm.exeJhVXjWR.exeRjzgIGb.exeoulQcjI.exencSMlcb.exejwGYSuc.exetpkbqCY.exeypVuhVB.exeupuDnNh.exeqMrJjfG.exeLotjvRk.exeJHhgLti.exepDYaRhn.exeEcAKeOW.exeDxDFsEx.exebnlrWbD.exeUftzUoJ.exeftTOgFw.exepzvDLxg.exeYhGpAWC.exeQQzheQm.exeKoIPzAU.exefosoqsv.exeEqoujYS.exeOvqcBeO.exenSeSFmh.exeVTjMSYG.exeBlCFUxe.exeRkdxHOf.exeEXvhTbC.exegqBGcDi.exeSVmTynX.exelzGuDFt.exeJfjWpXL.exeVHvvHBT.exeXDFnbLP.exemFwwHqm.exeqzAewhD.exeDlBGmSo.exeuMyAmQT.exeizaRpTA.exeOUMSPDv.exeeZzHEFf.exetSbZEQe.exeqlLdIvO.exerueATpb.exeTfUnCtb.exeuVQexlK.exeSnobtEe.exeicZKCxn.exeGQneqkJ.exeBwRQUJU.exekutbXRU.exeiEsPdmA.exepKxOsSj.exerzTaayi.exeMUQzCUg.exeqyArzoh.exejwwEhGb.exeCnmrpQX.exeagmWQDs.exenemmtFD.exectkXJDa.exeJNIEoba.exe

pid	process
3720	cIkOyrm.exe
4908	JhVXjWR.exe
5004	RjzgIGb.exe
2124	oulQcjI.exe
1488	ncSMlcb.exe
4828	jwGYSuc.exe
3588	tpkbqCY.exe
1280	ypVuhVB.exe
4392	upuDnNh.exe
3180	qMrJjfG.exe
1704	LotjvRk.exe
2628	JHhgLti.exe
2428	pDYaRhn.exe
556	EcAKeOW.exe
2660	DxDFsEx.exe
348	bnlrWbD.exe
2264	UftzUoJ.exe
2372	ftTOgFw.exe
2112	pzvDLxg.exe
3712	YhGpAWC.exe
2928	QQzheQm.exe
4476	KoIPzAU.exe
1684	fosoqsv.exe
744	EqoujYS.exe
2444	OvqcBeO.exe
3276	nSeSFmh.exe
1596	VTjMSYG.exe
1988	BlCFUxe.exe
316	RkdxHOf.exe
2336	EXvhTbC.exe
1252	gqBGcDi.exe
4624	SVmTynX.exe
2852	lzGuDFt.exe
4916	JfjWpXL.exe
5044	VHvvHBT.exe
1856	XDFnbLP.exe
4932	mFwwHqm.exe
4244	qzAewhD.exe
4368	DlBGmSo.exe
1828	uMyAmQT.exe
1620	izaRpTA.exe
3284	OUMSPDv.exe
412	eZzHEFf.exe
116	tSbZEQe.exe
2964	qlLdIvO.exe
4436	rueATpb.exe
3572	TfUnCtb.exe
396	uVQexlK.exe
3060	SnobtEe.exe
3204	icZKCxn.exe
2004	GQneqkJ.exe
924	BwRQUJU.exe
1212	kutbXRU.exe
592	iEsPdmA.exe
4432	pKxOsSj.exe
4332	rzTaayi.exe
1532	MUQzCUg.exe
1932	qyArzoh.exe
1652	jwwEhGb.exe
4936	CnmrpQX.exe
3312	agmWQDs.exe
4300	nemmtFD.exe
3976	ctkXJDa.exe
4380	JNIEoba.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4540-0-0x00007FF6B72D0000-0x00007FF6B7624000-memory.dmp	upx
C:\Windows\System\cIkOyrm.exe	upx
C:\Windows\System\JhVXjWR.exe	upx
behavioral2/memory/5004-17-0x00007FF7AC700000-0x00007FF7ACA54000-memory.dmp	upx
C:\Windows\System\RjzgIGb.exe	upx
C:\Windows\System\jwGYSuc.exe	upx
C:\Windows\System\tpkbqCY.exe	upx
behavioral2/memory/3588-47-0x00007FF6F2DD0000-0x00007FF6F3124000-memory.dmp	upx
C:\Windows\System\qMrJjfG.exe	upx
C:\Windows\System\JHhgLti.exe	upx
C:\Windows\System\UftzUoJ.exe	upx
C:\Windows\System\KoIPzAU.exe	upx
C:\Windows\System\OvqcBeO.exe	upx
behavioral2/memory/1280-728-0x00007FF719230000-0x00007FF719584000-memory.dmp	upx
behavioral2/memory/2628-731-0x00007FF6F0980000-0x00007FF6F0CD4000-memory.dmp	upx
behavioral2/memory/2428-732-0x00007FF687AC0000-0x00007FF687E14000-memory.dmp	upx
behavioral2/memory/1704-730-0x00007FF726A60000-0x00007FF726DB4000-memory.dmp	upx
behavioral2/memory/3180-729-0x00007FF77F740000-0x00007FF77FA94000-memory.dmp	upx
behavioral2/memory/556-733-0x00007FF695880000-0x00007FF695BD4000-memory.dmp	upx
behavioral2/memory/348-742-0x00007FF721780000-0x00007FF721AD4000-memory.dmp	upx
behavioral2/memory/2264-744-0x00007FF7A4480000-0x00007FF7A47D4000-memory.dmp	upx
behavioral2/memory/2112-751-0x00007FF63E740000-0x00007FF63EA94000-memory.dmp	upx
behavioral2/memory/2372-748-0x00007FF671AC0000-0x00007FF671E14000-memory.dmp	upx
behavioral2/memory/2660-739-0x00007FF67AEE0000-0x00007FF67B234000-memory.dmp	upx
C:\Windows\System\lzGuDFt.exe	upx
C:\Windows\System\SVmTynX.exe	upx
C:\Windows\System\gqBGcDi.exe	upx
C:\Windows\System\EXvhTbC.exe	upx
C:\Windows\System\RkdxHOf.exe	upx
C:\Windows\System\BlCFUxe.exe	upx
C:\Windows\System\VTjMSYG.exe	upx
C:\Windows\System\nSeSFmh.exe	upx
C:\Windows\System\EqoujYS.exe	upx
C:\Windows\System\fosoqsv.exe	upx
C:\Windows\System\QQzheQm.exe	upx
behavioral2/memory/3712-808-0x00007FF61AE00000-0x00007FF61B154000-memory.dmp	upx
behavioral2/memory/2928-811-0x00007FF63DCB0000-0x00007FF63E004000-memory.dmp	upx
behavioral2/memory/744-819-0x00007FF600820000-0x00007FF600B74000-memory.dmp	upx
behavioral2/memory/1684-818-0x00007FF609370000-0x00007FF6096C4000-memory.dmp	upx
behavioral2/memory/4476-814-0x00007FF6BD790000-0x00007FF6BDAE4000-memory.dmp	upx
C:\Windows\System\YhGpAWC.exe	upx
C:\Windows\System\pzvDLxg.exe	upx
behavioral2/memory/3276-826-0x00007FF6B0C60000-0x00007FF6B0FB4000-memory.dmp	upx
behavioral2/memory/1988-837-0x00007FF67A790000-0x00007FF67AAE4000-memory.dmp	upx
behavioral2/memory/316-840-0x00007FF6FD770000-0x00007FF6FDAC4000-memory.dmp	upx
behavioral2/memory/4392-842-0x00007FF7BA230000-0x00007FF7BA584000-memory.dmp	upx
behavioral2/memory/1596-827-0x00007FF64B3A0000-0x00007FF64B6F4000-memory.dmp	upx
behavioral2/memory/2444-822-0x00007FF643A00000-0x00007FF643D54000-memory.dmp	upx
C:\Windows\System\ftTOgFw.exe	upx
C:\Windows\System\bnlrWbD.exe	upx
C:\Windows\System\DxDFsEx.exe	upx
C:\Windows\System\EcAKeOW.exe	upx
C:\Windows\System\pDYaRhn.exe	upx
C:\Windows\System\LotjvRk.exe	upx
C:\Windows\System\upuDnNh.exe	upx
C:\Windows\System\ypVuhVB.exe	upx
behavioral2/memory/4828-41-0x00007FF62BDE0000-0x00007FF62C134000-memory.dmp	upx
C:\Windows\System\oulQcjI.exe	upx
behavioral2/memory/1488-30-0x00007FF7ADA00000-0x00007FF7ADD54000-memory.dmp	upx
behavioral2/memory/2124-27-0x00007FF6571A0000-0x00007FF6574F4000-memory.dmp	upx
C:\Windows\System\ncSMlcb.exe	upx
behavioral2/memory/4908-15-0x00007FF7F6530000-0x00007FF7F6884000-memory.dmp	upx
behavioral2/memory/3720-8-0x00007FF6888E0000-0x00007FF688C34000-memory.dmp	upx
behavioral2/memory/4540-929-0x00007FF6B72D0000-0x00007FF6B7624000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe

description	ioc	process
File created	C:\Windows\System\Kwccntg.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\oSckMRM.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\hqWDAZN.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\HNhHiml.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\GDMzqQg.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\uMyAmQT.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\zIJlCBw.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\hcaRYsu.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\EcAKeOW.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\PzCkNAW.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\aFGTRvM.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\BApxhZK.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\VHyCLMy.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\EXlwsfx.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\hKruCTt.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\qwMmzvX.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\nxZwNqe.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\dbOxpWe.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\IhSBlOx.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\qXzfIAg.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\ILfMUUR.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\UXcLCnz.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\sAheDjw.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\rOMMbFT.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\WcPAVSt.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\SlmDgiM.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\KiXIhsS.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\xniTcNW.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\oqVyrcn.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\lGKZyHs.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\oqoXiwL.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\SjKJSob.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\nCAUceN.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\TAMMcJE.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\seJbCvA.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\bERFtwT.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\INvluEn.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\pSNYYdv.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\FrIyMJw.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\icZKCxn.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\RveFPPa.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\nWWAytG.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\ZRqjxby.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\POswZhR.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\KqGmcji.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\qFLvLJA.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\yyapxGw.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\XeNKnSN.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\HIvVuSa.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\EMhFbCI.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\VYawCmF.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\oEEiIxA.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\agmWQDs.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\tSNsNyo.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\cHJZUjD.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\YMapFWp.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\ecgzhPF.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\SdMIbiQ.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\sQHoKdR.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\nraVnwb.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\aPvKKgY.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\QKELeCt.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\YLQASDV.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
File created	C:\Windows\System\trWRFYN.exe	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	14708	dwm.exe
Token: SeChangeNotifyPrivilege	14708	dwm.exe
Token: 33	14708	dwm.exe
Token: SeIncBasePriorityPrivilege	14708	dwm.exe
Token: SeShutdownPrivilege	14708	dwm.exe
Token: SeCreatePagefilePrivilege	14708	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe

description	pid	process	target process
PID 4540 wrote to memory of 3720	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	cIkOyrm.exe
PID 4540 wrote to memory of 3720	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	cIkOyrm.exe
PID 4540 wrote to memory of 5004	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	RjzgIGb.exe
PID 4540 wrote to memory of 5004	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	RjzgIGb.exe
PID 4540 wrote to memory of 4908	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	JhVXjWR.exe
PID 4540 wrote to memory of 4908	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	JhVXjWR.exe
PID 4540 wrote to memory of 2124	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	oulQcjI.exe
PID 4540 wrote to memory of 2124	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	oulQcjI.exe
PID 4540 wrote to memory of 1488	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	ncSMlcb.exe
PID 4540 wrote to memory of 1488	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	ncSMlcb.exe
PID 4540 wrote to memory of 4828	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	jwGYSuc.exe
PID 4540 wrote to memory of 4828	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	jwGYSuc.exe
PID 4540 wrote to memory of 3588	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	tpkbqCY.exe
PID 4540 wrote to memory of 3588	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	tpkbqCY.exe
PID 4540 wrote to memory of 1280	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	ypVuhVB.exe
PID 4540 wrote to memory of 1280	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	ypVuhVB.exe
PID 4540 wrote to memory of 4392	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	upuDnNh.exe
PID 4540 wrote to memory of 4392	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	upuDnNh.exe
PID 4540 wrote to memory of 3180	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	qMrJjfG.exe
PID 4540 wrote to memory of 3180	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	qMrJjfG.exe
PID 4540 wrote to memory of 1704	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	LotjvRk.exe
PID 4540 wrote to memory of 1704	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	LotjvRk.exe
PID 4540 wrote to memory of 2628	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	JHhgLti.exe
PID 4540 wrote to memory of 2628	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	JHhgLti.exe
PID 4540 wrote to memory of 2428	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	pDYaRhn.exe
PID 4540 wrote to memory of 2428	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	pDYaRhn.exe
PID 4540 wrote to memory of 556	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	EcAKeOW.exe
PID 4540 wrote to memory of 556	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	EcAKeOW.exe
PID 4540 wrote to memory of 2660	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	DxDFsEx.exe
PID 4540 wrote to memory of 2660	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	DxDFsEx.exe
PID 4540 wrote to memory of 348	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	bnlrWbD.exe
PID 4540 wrote to memory of 348	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	bnlrWbD.exe
PID 4540 wrote to memory of 2264	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	UftzUoJ.exe
PID 4540 wrote to memory of 2264	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	UftzUoJ.exe
PID 4540 wrote to memory of 2372	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	ftTOgFw.exe
PID 4540 wrote to memory of 2372	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	ftTOgFw.exe
PID 4540 wrote to memory of 2112	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	pzvDLxg.exe
PID 4540 wrote to memory of 2112	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	pzvDLxg.exe
PID 4540 wrote to memory of 3712	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	YhGpAWC.exe
PID 4540 wrote to memory of 3712	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	YhGpAWC.exe
PID 4540 wrote to memory of 2928	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	QQzheQm.exe
PID 4540 wrote to memory of 2928	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	QQzheQm.exe
PID 4540 wrote to memory of 4476	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	KoIPzAU.exe
PID 4540 wrote to memory of 4476	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	KoIPzAU.exe
PID 4540 wrote to memory of 1684	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	fosoqsv.exe
PID 4540 wrote to memory of 1684	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	fosoqsv.exe
PID 4540 wrote to memory of 744	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	EqoujYS.exe
PID 4540 wrote to memory of 744	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	EqoujYS.exe
PID 4540 wrote to memory of 2444	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	OvqcBeO.exe
PID 4540 wrote to memory of 2444	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	OvqcBeO.exe
PID 4540 wrote to memory of 3276	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	nSeSFmh.exe
PID 4540 wrote to memory of 3276	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	nSeSFmh.exe
PID 4540 wrote to memory of 1596	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	VTjMSYG.exe
PID 4540 wrote to memory of 1596	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	VTjMSYG.exe
PID 4540 wrote to memory of 1988	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	BlCFUxe.exe
PID 4540 wrote to memory of 1988	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	BlCFUxe.exe
PID 4540 wrote to memory of 316	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	RkdxHOf.exe
PID 4540 wrote to memory of 316	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	RkdxHOf.exe
PID 4540 wrote to memory of 2336	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	EXvhTbC.exe
PID 4540 wrote to memory of 2336	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	EXvhTbC.exe
PID 4540 wrote to memory of 1252	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	gqBGcDi.exe
PID 4540 wrote to memory of 1252	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	gqBGcDi.exe
PID 4540 wrote to memory of 4624	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	SVmTynX.exe
PID 4540 wrote to memory of 4624	4540	de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe	SVmTynX.exe

C:\Users\Admin\AppData\Local\Temp\de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe
"C:\Users\Admin\AppData\Local\Temp\de3e2218dcab3d3ea47ad02d511432e3b61dd42b9d6aed6a8df9511b1e65031b.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Windows\System\cIkOyrm.exe
  C:\Windows\System\cIkOyrm.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\RjzgIGb.exe
  C:\Windows\System\RjzgIGb.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\JhVXjWR.exe
  C:\Windows\System\JhVXjWR.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\oulQcjI.exe
  C:\Windows\System\oulQcjI.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\ncSMlcb.exe
  C:\Windows\System\ncSMlcb.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\jwGYSuc.exe
  C:\Windows\System\jwGYSuc.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\tpkbqCY.exe
  C:\Windows\System\tpkbqCY.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\ypVuhVB.exe
  C:\Windows\System\ypVuhVB.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\upuDnNh.exe
  C:\Windows\System\upuDnNh.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\qMrJjfG.exe
  C:\Windows\System\qMrJjfG.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\LotjvRk.exe
  C:\Windows\System\LotjvRk.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\JHhgLti.exe
  C:\Windows\System\JHhgLti.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\pDYaRhn.exe
  C:\Windows\System\pDYaRhn.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\EcAKeOW.exe
  C:\Windows\System\EcAKeOW.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\DxDFsEx.exe
  C:\Windows\System\DxDFsEx.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\bnlrWbD.exe
  C:\Windows\System\bnlrWbD.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\UftzUoJ.exe
  C:\Windows\System\UftzUoJ.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ftTOgFw.exe
  C:\Windows\System\ftTOgFw.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\pzvDLxg.exe
  C:\Windows\System\pzvDLxg.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\YhGpAWC.exe
  C:\Windows\System\YhGpAWC.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\QQzheQm.exe
  C:\Windows\System\QQzheQm.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\KoIPzAU.exe
  C:\Windows\System\KoIPzAU.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\fosoqsv.exe
  C:\Windows\System\fosoqsv.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\EqoujYS.exe
  C:\Windows\System\EqoujYS.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\OvqcBeO.exe
  C:\Windows\System\OvqcBeO.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\nSeSFmh.exe
  C:\Windows\System\nSeSFmh.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\VTjMSYG.exe
  C:\Windows\System\VTjMSYG.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\BlCFUxe.exe
  C:\Windows\System\BlCFUxe.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\RkdxHOf.exe
  C:\Windows\System\RkdxHOf.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\EXvhTbC.exe
  C:\Windows\System\EXvhTbC.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\gqBGcDi.exe
  C:\Windows\System\gqBGcDi.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\SVmTynX.exe
  C:\Windows\System\SVmTynX.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\lzGuDFt.exe
  C:\Windows\System\lzGuDFt.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\JfjWpXL.exe
  C:\Windows\System\JfjWpXL.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\VHvvHBT.exe
  C:\Windows\System\VHvvHBT.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\XDFnbLP.exe
  C:\Windows\System\XDFnbLP.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\mFwwHqm.exe
  C:\Windows\System\mFwwHqm.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\qzAewhD.exe
  C:\Windows\System\qzAewhD.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\DlBGmSo.exe
  C:\Windows\System\DlBGmSo.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\uMyAmQT.exe
  C:\Windows\System\uMyAmQT.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\izaRpTA.exe
  C:\Windows\System\izaRpTA.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\OUMSPDv.exe
  C:\Windows\System\OUMSPDv.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\eZzHEFf.exe
  C:\Windows\System\eZzHEFf.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\tSbZEQe.exe
  C:\Windows\System\tSbZEQe.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\qlLdIvO.exe
  C:\Windows\System\qlLdIvO.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\rueATpb.exe
  C:\Windows\System\rueATpb.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\TfUnCtb.exe
  C:\Windows\System\TfUnCtb.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\uVQexlK.exe
  C:\Windows\System\uVQexlK.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\SnobtEe.exe
  C:\Windows\System\SnobtEe.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\icZKCxn.exe
  C:\Windows\System\icZKCxn.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\GQneqkJ.exe
  C:\Windows\System\GQneqkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\BwRQUJU.exe
  C:\Windows\System\BwRQUJU.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\kutbXRU.exe
  C:\Windows\System\kutbXRU.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\iEsPdmA.exe
  C:\Windows\System\iEsPdmA.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\pKxOsSj.exe
  C:\Windows\System\pKxOsSj.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\rzTaayi.exe
  C:\Windows\System\rzTaayi.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\MUQzCUg.exe
  C:\Windows\System\MUQzCUg.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\qyArzoh.exe
  C:\Windows\System\qyArzoh.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\jwwEhGb.exe
  C:\Windows\System\jwwEhGb.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\CnmrpQX.exe
  C:\Windows\System\CnmrpQX.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\agmWQDs.exe
  C:\Windows\System\agmWQDs.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\nemmtFD.exe
  C:\Windows\System\nemmtFD.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\ctkXJDa.exe
  C:\Windows\System\ctkXJDa.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\JNIEoba.exe
  C:\Windows\System\JNIEoba.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\JELSkks.exe
  C:\Windows\System\JELSkks.exe
  2⤵
  PID:4308
- C:\Windows\System\xMAlKYB.exe
  C:\Windows\System\xMAlKYB.exe
  2⤵
  PID:2532
- C:\Windows\System\CdehowD.exe
  C:\Windows\System\CdehowD.exe
  2⤵
  PID:1036
- C:\Windows\System\SjKJSob.exe
  C:\Windows\System\SjKJSob.exe
  2⤵
  PID:5124
- C:\Windows\System\AWTRLnZ.exe
  C:\Windows\System\AWTRLnZ.exe
  2⤵
  PID:5152
- C:\Windows\System\UpQazNm.exe
  C:\Windows\System\UpQazNm.exe
  2⤵
  PID:5180
- C:\Windows\System\sISvlKI.exe
  C:\Windows\System\sISvlKI.exe
  2⤵
  PID:5208
- C:\Windows\System\nabGKsV.exe
  C:\Windows\System\nabGKsV.exe
  2⤵
  PID:5236
- C:\Windows\System\moGDLXd.exe
  C:\Windows\System\moGDLXd.exe
  2⤵
  PID:5264
- C:\Windows\System\KqGmcji.exe
  C:\Windows\System\KqGmcji.exe
  2⤵
  PID:5292
- C:\Windows\System\nxtXhYq.exe
  C:\Windows\System\nxtXhYq.exe
  2⤵
  PID:5316
- C:\Windows\System\nCAUceN.exe
  C:\Windows\System\nCAUceN.exe
  2⤵
  PID:5348
- C:\Windows\System\jUHdjJn.exe
  C:\Windows\System\jUHdjJn.exe
  2⤵
  PID:5376
- C:\Windows\System\bQOmQVF.exe
  C:\Windows\System\bQOmQVF.exe
  2⤵
  PID:5400
- C:\Windows\System\HaEyaeJ.exe
  C:\Windows\System\HaEyaeJ.exe
  2⤵
  PID:5436
- C:\Windows\System\tSNsNyo.exe
  C:\Windows\System\tSNsNyo.exe
  2⤵
  PID:5460
- C:\Windows\System\CTNrbom.exe
  C:\Windows\System\CTNrbom.exe
  2⤵
  PID:5488
- C:\Windows\System\HNqCvUE.exe
  C:\Windows\System\HNqCvUE.exe
  2⤵
  PID:5516
- C:\Windows\System\NXLhbRS.exe
  C:\Windows\System\NXLhbRS.exe
  2⤵
  PID:5540
- C:\Windows\System\nDGElTB.exe
  C:\Windows\System\nDGElTB.exe
  2⤵
  PID:5568
- C:\Windows\System\EXlwsfx.exe
  C:\Windows\System\EXlwsfx.exe
  2⤵
  PID:5596
- C:\Windows\System\DkvspWg.exe
  C:\Windows\System\DkvspWg.exe
  2⤵
  PID:5624
- C:\Windows\System\zkcBuzu.exe
  C:\Windows\System\zkcBuzu.exe
  2⤵
  PID:5652
- C:\Windows\System\iRQAdjA.exe
  C:\Windows\System\iRQAdjA.exe
  2⤵
  PID:5684
- C:\Windows\System\UvddKzV.exe
  C:\Windows\System\UvddKzV.exe
  2⤵
  PID:5712
- C:\Windows\System\FPHhYsA.exe
  C:\Windows\System\FPHhYsA.exe
  2⤵
  PID:5740
- C:\Windows\System\mzuDSon.exe
  C:\Windows\System\mzuDSon.exe
  2⤵
  PID:5768
- C:\Windows\System\wQsSuVf.exe
  C:\Windows\System\wQsSuVf.exe
  2⤵
  PID:5796
- C:\Windows\System\ILuKGWt.exe
  C:\Windows\System\ILuKGWt.exe
  2⤵
  PID:5824
- C:\Windows\System\IrwqSKk.exe
  C:\Windows\System\IrwqSKk.exe
  2⤵
  PID:5852
- C:\Windows\System\QuPjqgL.exe
  C:\Windows\System\QuPjqgL.exe
  2⤵
  PID:5880
- C:\Windows\System\HJOyRdV.exe
  C:\Windows\System\HJOyRdV.exe
  2⤵
  PID:5904
- C:\Windows\System\xoJMFcR.exe
  C:\Windows\System\xoJMFcR.exe
  2⤵
  PID:5932
- C:\Windows\System\cDGxPdg.exe
  C:\Windows\System\cDGxPdg.exe
  2⤵
  PID:5964
- C:\Windows\System\SlmDgiM.exe
  C:\Windows\System\SlmDgiM.exe
  2⤵
  PID:5992
- C:\Windows\System\LAfdNOM.exe
  C:\Windows\System\LAfdNOM.exe
  2⤵
  PID:6016
- C:\Windows\System\RfNGHax.exe
  C:\Windows\System\RfNGHax.exe
  2⤵
  PID:6044
- C:\Windows\System\lFbZhff.exe
  C:\Windows\System\lFbZhff.exe
  2⤵
  PID:6076
- C:\Windows\System\DbmNHeY.exe
  C:\Windows\System\DbmNHeY.exe
  2⤵
  PID:6100
- C:\Windows\System\CXGzzOe.exe
  C:\Windows\System\CXGzzOe.exe
  2⤵
  PID:6128
- C:\Windows\System\HhxBmls.exe
  C:\Windows\System\HhxBmls.exe
  2⤵
  PID:1508
- C:\Windows\System\QGuTyQb.exe
  C:\Windows\System\QGuTyQb.exe
  2⤵
  PID:3516
- C:\Windows\System\jebgNtx.exe
  C:\Windows\System\jebgNtx.exe
  2⤵
  PID:1912
- C:\Windows\System\zIJlCBw.exe
  C:\Windows\System\zIJlCBw.exe
  2⤵
  PID:4276
- C:\Windows\System\wUIvOyN.exe
  C:\Windows\System\wUIvOyN.exe
  2⤵
  PID:1352
- C:\Windows\System\yhbcJcZ.exe
  C:\Windows\System\yhbcJcZ.exe
  2⤵
  PID:2088
- C:\Windows\System\NZuavOV.exe
  C:\Windows\System\NZuavOV.exe
  2⤵
  PID:1708
- C:\Windows\System\gtskewM.exe
  C:\Windows\System\gtskewM.exe
  2⤵
  PID:5144
- C:\Windows\System\aLdEbac.exe
  C:\Windows\System\aLdEbac.exe
  2⤵
  PID:5204
- C:\Windows\System\ZRCsJcG.exe
  C:\Windows\System\ZRCsJcG.exe
  2⤵
  PID:5284
- C:\Windows\System\qWijODm.exe
  C:\Windows\System\qWijODm.exe
  2⤵
  PID:5340
- C:\Windows\System\arGtAUV.exe
  C:\Windows\System\arGtAUV.exe
  2⤵
  PID:5396
- C:\Windows\System\qFLvLJA.exe
  C:\Windows\System\qFLvLJA.exe
  2⤵
  PID:5472
- C:\Windows\System\xapSvGW.exe
  C:\Windows\System\xapSvGW.exe
  2⤵
  PID:5536
- C:\Windows\System\GREbCFq.exe
  C:\Windows\System\GREbCFq.exe
  2⤵
  PID:5612
- C:\Windows\System\EQSQkNj.exe
  C:\Windows\System\EQSQkNj.exe
  2⤵
  PID:5672
- C:\Windows\System\aXdvYhb.exe
  C:\Windows\System\aXdvYhb.exe
  2⤵
  PID:5728
- C:\Windows\System\icSgFHp.exe
  C:\Windows\System\icSgFHp.exe
  2⤵
  PID:5808
- C:\Windows\System\GQTkvrJ.exe
  C:\Windows\System\GQTkvrJ.exe
  2⤵
  PID:5868
- C:\Windows\System\tFLcYsQ.exe
  C:\Windows\System\tFLcYsQ.exe
  2⤵
  PID:5928
- C:\Windows\System\sZRlfCS.exe
  C:\Windows\System\sZRlfCS.exe
  2⤵
  PID:5984
- C:\Windows\System\HlVzGvR.exe
  C:\Windows\System\HlVzGvR.exe
  2⤵
  PID:6064
- C:\Windows\System\vODGrCZ.exe
  C:\Windows\System\vODGrCZ.exe
  2⤵
  PID:6124
- C:\Windows\System\QKELeCt.exe
  C:\Windows\System\QKELeCt.exe
  2⤵
  PID:2924
- C:\Windows\System\MSAtNlL.exe
  C:\Windows\System\MSAtNlL.exe
  2⤵
  PID:3600
- C:\Windows\System\HuIPAZk.exe
  C:\Windows\System\HuIPAZk.exe
  2⤵
  PID:4704
- C:\Windows\System\WqmgJUm.exe
  C:\Windows\System\WqmgJUm.exe
  2⤵
  PID:5248
- C:\Windows\System\vVohbpx.exe
  C:\Windows\System\vVohbpx.exe
  2⤵
  PID:5388
- C:\Windows\System\AEfoyYN.exe
  C:\Windows\System\AEfoyYN.exe
  2⤵
  PID:6160
- C:\Windows\System\tMzqzpQ.exe
  C:\Windows\System\tMzqzpQ.exe
  2⤵
  PID:6192
- C:\Windows\System\QBNeDWL.exe
  C:\Windows\System\QBNeDWL.exe
  2⤵
  PID:6220
- C:\Windows\System\fvdEWJb.exe
  C:\Windows\System\fvdEWJb.exe
  2⤵
  PID:6248
- C:\Windows\System\ryoqFNV.exe
  C:\Windows\System\ryoqFNV.exe
  2⤵
  PID:6276
- C:\Windows\System\lMIvuOv.exe
  C:\Windows\System\lMIvuOv.exe
  2⤵
  PID:6300
- C:\Windows\System\WykVrhd.exe
  C:\Windows\System\WykVrhd.exe
  2⤵
  PID:6328
- C:\Windows\System\VEifXcj.exe
  C:\Windows\System\VEifXcj.exe
  2⤵
  PID:6360
- C:\Windows\System\IhSBlOx.exe
  C:\Windows\System\IhSBlOx.exe
  2⤵
  PID:6388
- C:\Windows\System\KyGVIFU.exe
  C:\Windows\System\KyGVIFU.exe
  2⤵
  PID:6416
- C:\Windows\System\MkyPqNU.exe
  C:\Windows\System\MkyPqNU.exe
  2⤵
  PID:6440
- C:\Windows\System\FdEuovL.exe
  C:\Windows\System\FdEuovL.exe
  2⤵
  PID:6472
- C:\Windows\System\oUzCxXG.exe
  C:\Windows\System\oUzCxXG.exe
  2⤵
  PID:6500
- C:\Windows\System\yhcKCFy.exe
  C:\Windows\System\yhcKCFy.exe
  2⤵
  PID:6528
- C:\Windows\System\sIkscjS.exe
  C:\Windows\System\sIkscjS.exe
  2⤵
  PID:6556
- C:\Windows\System\bjQqwoz.exe
  C:\Windows\System\bjQqwoz.exe
  2⤵
  PID:6584
- C:\Windows\System\rKzQTjG.exe
  C:\Windows\System\rKzQTjG.exe
  2⤵
  PID:6608
- C:\Windows\System\ZvwRaoo.exe
  C:\Windows\System\ZvwRaoo.exe
  2⤵
  PID:6636
- C:\Windows\System\UFRsyJY.exe
  C:\Windows\System\UFRsyJY.exe
  2⤵
  PID:6668
- C:\Windows\System\Kwccntg.exe
  C:\Windows\System\Kwccntg.exe
  2⤵
  PID:6692
- C:\Windows\System\mxNUOYg.exe
  C:\Windows\System\mxNUOYg.exe
  2⤵
  PID:6720
- C:\Windows\System\BlEKQBZ.exe
  C:\Windows\System\BlEKQBZ.exe
  2⤵
  PID:6752
- C:\Windows\System\nvlUKXV.exe
  C:\Windows\System\nvlUKXV.exe
  2⤵
  PID:6776
- C:\Windows\System\LOUafeU.exe
  C:\Windows\System\LOUafeU.exe
  2⤵
  PID:6808
- C:\Windows\System\KiXIhsS.exe
  C:\Windows\System\KiXIhsS.exe
  2⤵
  PID:6840
- C:\Windows\System\AFCmsRy.exe
  C:\Windows\System\AFCmsRy.exe
  2⤵
  PID:6876
- C:\Windows\System\dpHjwQs.exe
  C:\Windows\System\dpHjwQs.exe
  2⤵
  PID:6900
- C:\Windows\System\bGStNRW.exe
  C:\Windows\System\bGStNRW.exe
  2⤵
  PID:6920
- C:\Windows\System\trWRFYN.exe
  C:\Windows\System\trWRFYN.exe
  2⤵
  PID:6948
- C:\Windows\System\hyAWuxG.exe
  C:\Windows\System\hyAWuxG.exe
  2⤵
  PID:6976
- C:\Windows\System\ZwUluJi.exe
  C:\Windows\System\ZwUluJi.exe
  2⤵
  PID:7012
- C:\Windows\System\PwmDRZk.exe
  C:\Windows\System\PwmDRZk.exe
  2⤵
  PID:7044
- C:\Windows\System\xVGGkAh.exe
  C:\Windows\System\xVGGkAh.exe
  2⤵
  PID:7068
- C:\Windows\System\NaELsxa.exe
  C:\Windows\System\NaELsxa.exe
  2⤵
  PID:7096
- C:\Windows\System\PYAcKyj.exe
  C:\Windows\System\PYAcKyj.exe
  2⤵
  PID:7116
- C:\Windows\System\xKKXYuO.exe
  C:\Windows\System\xKKXYuO.exe
  2⤵
  PID:7140
- C:\Windows\System\cqxDlbn.exe
  C:\Windows\System\cqxDlbn.exe
  2⤵
  PID:5452
- C:\Windows\System\AdIBmEd.exe
  C:\Windows\System\AdIBmEd.exe
  2⤵
  PID:5588
- C:\Windows\System\jzeWBMZ.exe
  C:\Windows\System\jzeWBMZ.exe
  2⤵
  PID:5780
- C:\Windows\System\VlCwHSN.exe
  C:\Windows\System\VlCwHSN.exe
  2⤵
  PID:5920
- C:\Windows\System\RTUNgSi.exe
  C:\Windows\System\RTUNgSi.exe
  2⤵
  PID:6040
- C:\Windows\System\qmSbHEc.exe
  C:\Windows\System\qmSbHEc.exe
  2⤵
  PID:2024
- C:\Windows\System\YkNQnid.exe
  C:\Windows\System\YkNQnid.exe
  2⤵
  PID:5172
- C:\Windows\System\GQvuQyw.exe
  C:\Windows\System\GQvuQyw.exe
  2⤵
  PID:6156
- C:\Windows\System\fKgtIXe.exe
  C:\Windows\System\fKgtIXe.exe
  2⤵
  PID:6236
- C:\Windows\System\PzCkNAW.exe
  C:\Windows\System\PzCkNAW.exe
  2⤵
  PID:6296
- C:\Windows\System\glslXgd.exe
  C:\Windows\System\glslXgd.exe
  2⤵
  PID:6372
- C:\Windows\System\BoAALbx.exe
  C:\Windows\System\BoAALbx.exe
  2⤵
  PID:6432
- C:\Windows\System\CUQfoyC.exe
  C:\Windows\System\CUQfoyC.exe
  2⤵
  PID:6492
- C:\Windows\System\dhysGyE.exe
  C:\Windows\System\dhysGyE.exe
  2⤵
  PID:6568
- C:\Windows\System\PBweeUo.exe
  C:\Windows\System\PBweeUo.exe
  2⤵
  PID:6628
- C:\Windows\System\TOnequC.exe
  C:\Windows\System\TOnequC.exe
  2⤵
  PID:6688
- C:\Windows\System\wcgnZbh.exe
  C:\Windows\System\wcgnZbh.exe
  2⤵
  PID:6744
- C:\Windows\System\oZmJLhS.exe
  C:\Windows\System\oZmJLhS.exe
  2⤵
  PID:6820
- C:\Windows\System\IsNqWbo.exe
  C:\Windows\System\IsNqWbo.exe
  2⤵
  PID:6888
- C:\Windows\System\JyaAXFh.exe
  C:\Windows\System\JyaAXFh.exe
  2⤵
  PID:6936
- C:\Windows\System\hKruCTt.exe
  C:\Windows\System\hKruCTt.exe
  2⤵
  PID:7000
- C:\Windows\System\QvjiBWC.exe
  C:\Windows\System\QvjiBWC.exe
  2⤵
  PID:7060
- C:\Windows\System\CpAQYAI.exe
  C:\Windows\System\CpAQYAI.exe
  2⤵
  PID:7128
- C:\Windows\System\deAjszy.exe
  C:\Windows\System\deAjszy.exe
  2⤵
  PID:5584
- C:\Windows\System\KGundrg.exe
  C:\Windows\System\KGundrg.exe
  2⤵
  PID:5980
- C:\Windows\System\TQEbLcF.exe
  C:\Windows\System\TQEbLcF.exe
  2⤵
  PID:1640
- C:\Windows\System\IvukIZP.exe
  C:\Windows\System\IvukIZP.exe
  2⤵
  PID:6204
- C:\Windows\System\SdMIbiQ.exe
  C:\Windows\System\SdMIbiQ.exe
  2⤵
  PID:6324
- C:\Windows\System\WGEcJTW.exe
  C:\Windows\System\WGEcJTW.exe
  2⤵
  PID:3408
- C:\Windows\System\XiJGhBF.exe
  C:\Windows\System\XiJGhBF.exe
  2⤵
  PID:6596
- C:\Windows\System\EYuUPya.exe
  C:\Windows\System\EYuUPya.exe
  2⤵
  PID:6716
- C:\Windows\System\NkSWERW.exe
  C:\Windows\System\NkSWERW.exe
  2⤵
  PID:6864
- C:\Windows\System\tFUAafc.exe
  C:\Windows\System\tFUAafc.exe
  2⤵
  PID:6992
- C:\Windows\System\bXGBMbe.exe
  C:\Windows\System\bXGBMbe.exe
  2⤵
  PID:7112
- C:\Windows\System\DnQnahl.exe
  C:\Windows\System\DnQnahl.exe
  2⤵
  PID:5844
- C:\Windows\System\fjtOdlE.exe
  C:\Windows\System\fjtOdlE.exe
  2⤵
  PID:6264
- C:\Windows\System\EikeMic.exe
  C:\Windows\System\EikeMic.exe
  2⤵
  PID:6408
- C:\Windows\System\qmEwmxq.exe
  C:\Windows\System\qmEwmxq.exe
  2⤵
  PID:2500
- C:\Windows\System\xlPzqfy.exe
  C:\Windows\System\xlPzqfy.exe
  2⤵
  PID:3896
- C:\Windows\System\nRHNQWU.exe
  C:\Windows\System\nRHNQWU.exe
  2⤵
  PID:5840
- C:\Windows\System\fArclny.exe
  C:\Windows\System\fArclny.exe
  2⤵
  PID:7196
- C:\Windows\System\zFygqEy.exe
  C:\Windows\System\zFygqEy.exe
  2⤵
  PID:7228
- C:\Windows\System\NRAZRLL.exe
  C:\Windows\System\NRAZRLL.exe
  2⤵
  PID:7256
- C:\Windows\System\zJPbSxi.exe
  C:\Windows\System\zJPbSxi.exe
  2⤵
  PID:7284
- C:\Windows\System\lpsNeCQ.exe
  C:\Windows\System\lpsNeCQ.exe
  2⤵
  PID:7300
- C:\Windows\System\jwXgJOr.exe
  C:\Windows\System\jwXgJOr.exe
  2⤵
  PID:7340
- C:\Windows\System\KJcrckO.exe
  C:\Windows\System\KJcrckO.exe
  2⤵
  PID:7364
- C:\Windows\System\hQDFJFN.exe
  C:\Windows\System\hQDFJFN.exe
  2⤵
  PID:7392
- C:\Windows\System\lpLHkCm.exe
  C:\Windows\System\lpLHkCm.exe
  2⤵
  PID:7420
- C:\Windows\System\FeRYNXE.exe
  C:\Windows\System\FeRYNXE.exe
  2⤵
  PID:7448
- C:\Windows\System\ZvPuHQF.exe
  C:\Windows\System\ZvPuHQF.exe
  2⤵
  PID:7480
- C:\Windows\System\jmBdjiw.exe
  C:\Windows\System\jmBdjiw.exe
  2⤵
  PID:7508
- C:\Windows\System\yBXIucM.exe
  C:\Windows\System\yBXIucM.exe
  2⤵
  PID:7604
- C:\Windows\System\ZOaxkzn.exe
  C:\Windows\System\ZOaxkzn.exe
  2⤵
  PID:7624
- C:\Windows\System\mNlXgVw.exe
  C:\Windows\System\mNlXgVw.exe
  2⤵
  PID:7684
- C:\Windows\System\JSGBtEE.exe
  C:\Windows\System\JSGBtEE.exe
  2⤵
  PID:7708
- C:\Windows\System\DMVAMrV.exe
  C:\Windows\System\DMVAMrV.exe
  2⤵
  PID:7744
- C:\Windows\System\FeGYtWi.exe
  C:\Windows\System\FeGYtWi.exe
  2⤵
  PID:7832
- C:\Windows\System\PTSQpOO.exe
  C:\Windows\System\PTSQpOO.exe
  2⤵
  PID:7848
- C:\Windows\System\sZjYIsI.exe
  C:\Windows\System\sZjYIsI.exe
  2⤵
  PID:7864
- C:\Windows\System\BDeCZBn.exe
  C:\Windows\System\BDeCZBn.exe
  2⤵
  PID:7880
- C:\Windows\System\pMuAubZ.exe
  C:\Windows\System\pMuAubZ.exe
  2⤵
  PID:7896
- C:\Windows\System\wiXGDOB.exe
  C:\Windows\System\wiXGDOB.exe
  2⤵
  PID:7920
- C:\Windows\System\GBKVWJY.exe
  C:\Windows\System\GBKVWJY.exe
  2⤵
  PID:7936
- C:\Windows\System\akkQjiH.exe
  C:\Windows\System\akkQjiH.exe
  2⤵
  PID:7980
- C:\Windows\System\zfVgneJ.exe
  C:\Windows\System\zfVgneJ.exe
  2⤵
  PID:8040
- C:\Windows\System\dwhpzYu.exe
  C:\Windows\System\dwhpzYu.exe
  2⤵
  PID:8056
- C:\Windows\System\IDXeeIH.exe
  C:\Windows\System\IDXeeIH.exe
  2⤵
  PID:8076
- C:\Windows\System\wStVkVw.exe
  C:\Windows\System\wStVkVw.exe
  2⤵
  PID:8092
- C:\Windows\System\CtPEvAe.exe
  C:\Windows\System\CtPEvAe.exe
  2⤵
  PID:8124
- C:\Windows\System\IGGqSDG.exe
  C:\Windows\System\IGGqSDG.exe
  2⤵
  PID:8152
- C:\Windows\System\eQhOCaO.exe
  C:\Windows\System\eQhOCaO.exe
  2⤵
  PID:5136
- C:\Windows\System\oSckMRM.exe
  C:\Windows\System\oSckMRM.exe
  2⤵
  PID:6968
- C:\Windows\System\ERSIlaE.exe
  C:\Windows\System\ERSIlaE.exe
  2⤵
  PID:7184
- C:\Windows\System\IgqUFYR.exe
  C:\Windows\System\IgqUFYR.exe
  2⤵
  PID:7292
- C:\Windows\System\TPZDYCp.exe
  C:\Windows\System\TPZDYCp.exe
  2⤵
  PID:7328
- C:\Windows\System\xLhVaCJ.exe
  C:\Windows\System\xLhVaCJ.exe
  2⤵
  PID:7380
- C:\Windows\System\OXOxRGN.exe
  C:\Windows\System\OXOxRGN.exe
  2⤵
  PID:4580
- C:\Windows\System\ZgiAlPx.exe
  C:\Windows\System\ZgiAlPx.exe
  2⤵
  PID:2528
- C:\Windows\System\dbVmRdm.exe
  C:\Windows\System\dbVmRdm.exe
  2⤵
  PID:1952
- C:\Windows\System\XQdVBsL.exe
  C:\Windows\System\XQdVBsL.exe
  2⤵
  PID:4676
- C:\Windows\System\IXrHdUF.exe
  C:\Windows\System\IXrHdUF.exe
  2⤵
  PID:7444
- C:\Windows\System\sQHoKdR.exe
  C:\Windows\System\sQHoKdR.exe
  2⤵
  PID:5024
- C:\Windows\System\hqWDAZN.exe
  C:\Windows\System\hqWDAZN.exe
  2⤵
  PID:2440
- C:\Windows\System\JEaYjrm.exe
  C:\Windows\System\JEaYjrm.exe
  2⤵
  PID:2848
- C:\Windows\System\puWhiNn.exe
  C:\Windows\System\puWhiNn.exe
  2⤵
  PID:1860
- C:\Windows\System\RveFPPa.exe
  C:\Windows\System\RveFPPa.exe
  2⤵
  PID:7620
- C:\Windows\System\YLQASDV.exe
  C:\Windows\System\YLQASDV.exe
  2⤵
  PID:7764
- C:\Windows\System\iIhxjhi.exe
  C:\Windows\System\iIhxjhi.exe
  2⤵
  PID:7876
- C:\Windows\System\KiIXjhc.exe
  C:\Windows\System\KiIXjhc.exe
  2⤵
  PID:7908
- C:\Windows\System\aUiVKNu.exe
  C:\Windows\System\aUiVKNu.exe
  2⤵
  PID:7976
- C:\Windows\System\pkODxjO.exe
  C:\Windows\System\pkODxjO.exe
  2⤵
  PID:8064
- C:\Windows\System\TAMMcJE.exe
  C:\Windows\System\TAMMcJE.exe
  2⤵
  PID:8088
- C:\Windows\System\Chbtulq.exe
  C:\Windows\System\Chbtulq.exe
  2⤵
  PID:6660
- C:\Windows\System\ZxAZaaV.exe
  C:\Windows\System\ZxAZaaV.exe
  2⤵
  PID:7164
- C:\Windows\System\tqUeSSS.exe
  C:\Windows\System\tqUeSSS.exe
  2⤵
  PID:2608
- C:\Windows\System\rDlBpKD.exe
  C:\Windows\System\rDlBpKD.exe
  2⤵
  PID:7356
- C:\Windows\System\TavhjSz.exe
  C:\Windows\System\TavhjSz.exe
  2⤵
  PID:1216
- C:\Windows\System\KsjHGyz.exe
  C:\Windows\System\KsjHGyz.exe
  2⤵
  PID:716
- C:\Windows\System\HNhHiml.exe
  C:\Windows\System\HNhHiml.exe
  2⤵
  PID:3900
- C:\Windows\System\zkOtckx.exe
  C:\Windows\System\zkOtckx.exe
  2⤵
  PID:4212
- C:\Windows\System\qgLtHFT.exe
  C:\Windows\System\qgLtHFT.exe
  2⤵
  PID:3336
- C:\Windows\System\jwUBTeI.exe
  C:\Windows\System\jwUBTeI.exe
  2⤵
  PID:3916
- C:\Windows\System\FVFpNvW.exe
  C:\Windows\System\FVFpNvW.exe
  2⤵
  PID:5048
- C:\Windows\System\aOENMil.exe
  C:\Windows\System\aOENMil.exe
  2⤵
  PID:840
- C:\Windows\System\PtUTryr.exe
  C:\Windows\System\PtUTryr.exe
  2⤵
  PID:7756
- C:\Windows\System\tyvybqm.exe
  C:\Windows\System\tyvybqm.exe
  2⤵
  PID:7888
- C:\Windows\System\RJUvbac.exe
  C:\Windows\System\RJUvbac.exe
  2⤵
  PID:8004
- C:\Windows\System\yEBHijc.exe
  C:\Windows\System\yEBHijc.exe
  2⤵
  PID:8120
- C:\Windows\System\GjDHTcy.exe
  C:\Windows\System\GjDHTcy.exe
  2⤵
  PID:3716
- C:\Windows\System\cHJZUjD.exe
  C:\Windows\System\cHJZUjD.exe
  2⤵
  PID:1812
- C:\Windows\System\qXzfIAg.exe
  C:\Windows\System\qXzfIAg.exe
  2⤵
  PID:3832
- C:\Windows\System\osGllfs.exe
  C:\Windows\System\osGllfs.exe
  2⤵
  PID:7276
- C:\Windows\System\WsBOyAA.exe
  C:\Windows\System\WsBOyAA.exe
  2⤵
  PID:1472
- C:\Windows\System\nwdZNzz.exe
  C:\Windows\System\nwdZNzz.exe
  2⤵
  PID:7964
- C:\Windows\System\DEcElyE.exe
  C:\Windows\System\DEcElyE.exe
  2⤵
  PID:3332
- C:\Windows\System\BhnoafD.exe
  C:\Windows\System\BhnoafD.exe
  2⤵
  PID:8036
- C:\Windows\System\nMgPLqb.exe
  C:\Windows\System\nMgPLqb.exe
  2⤵
  PID:4564
- C:\Windows\System\wHgleqZ.exe
  C:\Windows\System\wHgleqZ.exe
  2⤵
  PID:5068
- C:\Windows\System\qXZveZz.exe
  C:\Windows\System\qXZveZz.exe
  2⤵
  PID:8204
- C:\Windows\System\IfePizg.exe
  C:\Windows\System\IfePizg.exe
  2⤵
  PID:8232
- C:\Windows\System\HGfwxuD.exe
  C:\Windows\System\HGfwxuD.exe
  2⤵
  PID:8268
- C:\Windows\System\EGjXEFQ.exe
  C:\Windows\System\EGjXEFQ.exe
  2⤵
  PID:8312
- C:\Windows\System\JpyQdjE.exe
  C:\Windows\System\JpyQdjE.exe
  2⤵
  PID:8340
- C:\Windows\System\nFRHPLq.exe
  C:\Windows\System\nFRHPLq.exe
  2⤵
  PID:8372
- C:\Windows\System\GpeMetw.exe
  C:\Windows\System\GpeMetw.exe
  2⤵
  PID:8400
- C:\Windows\System\tCdGDuA.exe
  C:\Windows\System\tCdGDuA.exe
  2⤵
  PID:8456
- C:\Windows\System\illrgyo.exe
  C:\Windows\System\illrgyo.exe
  2⤵
  PID:8500
- C:\Windows\System\MZUJgYd.exe
  C:\Windows\System\MZUJgYd.exe
  2⤵
  PID:8560
- C:\Windows\System\MajMIar.exe
  C:\Windows\System\MajMIar.exe
  2⤵
  PID:8588
- C:\Windows\System\WpodBDJ.exe
  C:\Windows\System\WpodBDJ.exe
  2⤵
  PID:8640
- C:\Windows\System\MonrIVo.exe
  C:\Windows\System\MonrIVo.exe
  2⤵
  PID:8660
- C:\Windows\System\luxqIes.exe
  C:\Windows\System\luxqIes.exe
  2⤵
  PID:8692
- C:\Windows\System\vqldVAL.exe
  C:\Windows\System\vqldVAL.exe
  2⤵
  PID:8720
- C:\Windows\System\MipevAW.exe
  C:\Windows\System\MipevAW.exe
  2⤵
  PID:8752
- C:\Windows\System\EkzrFZs.exe
  C:\Windows\System\EkzrFZs.exe
  2⤵
  PID:8784
- C:\Windows\System\aRaPCfV.exe
  C:\Windows\System\aRaPCfV.exe
  2⤵
  PID:8820
- C:\Windows\System\jzVGujw.exe
  C:\Windows\System\jzVGujw.exe
  2⤵
  PID:8848
- C:\Windows\System\nLIgHlb.exe
  C:\Windows\System\nLIgHlb.exe
  2⤵
  PID:8884
- C:\Windows\System\PETpsSF.exe
  C:\Windows\System\PETpsSF.exe
  2⤵
  PID:8900
- C:\Windows\System\DDiIsUW.exe
  C:\Windows\System\DDiIsUW.exe
  2⤵
  PID:8924
- C:\Windows\System\vALdyyG.exe
  C:\Windows\System\vALdyyG.exe
  2⤵
  PID:8944
- C:\Windows\System\HFWqPqL.exe
  C:\Windows\System\HFWqPqL.exe
  2⤵
  PID:8996
- C:\Windows\System\GgZqcOk.exe
  C:\Windows\System\GgZqcOk.exe
  2⤵
  PID:9028
- C:\Windows\System\PtrqziZ.exe
  C:\Windows\System\PtrqziZ.exe
  2⤵
  PID:9052
- C:\Windows\System\TBrCFSW.exe
  C:\Windows\System\TBrCFSW.exe
  2⤵
  PID:9092
- C:\Windows\System\OxRvaZf.exe
  C:\Windows\System\OxRvaZf.exe
  2⤵
  PID:9124
- C:\Windows\System\eHkkEeV.exe
  C:\Windows\System\eHkkEeV.exe
  2⤵
  PID:9144
- C:\Windows\System\fFXoccA.exe
  C:\Windows\System\fFXoccA.exe
  2⤵
  PID:9160
- C:\Windows\System\jUWfukQ.exe
  C:\Windows\System\jUWfukQ.exe
  2⤵
  PID:9212
- C:\Windows\System\yyapxGw.exe
  C:\Windows\System\yyapxGw.exe
  2⤵
  PID:8252
- C:\Windows\System\PAryONd.exe
  C:\Windows\System\PAryONd.exe
  2⤵
  PID:8332
- C:\Windows\System\mZDRYCv.exe
  C:\Windows\System\mZDRYCv.exe
  2⤵
  PID:8384
- C:\Windows\System\oUHBLwM.exe
  C:\Windows\System\oUHBLwM.exe
  2⤵
  PID:8484
- C:\Windows\System\hVubeHO.exe
  C:\Windows\System\hVubeHO.exe
  2⤵
  PID:8632
- C:\Windows\System\spNwlwf.exe
  C:\Windows\System\spNwlwf.exe
  2⤵
  PID:8712
- C:\Windows\System\WKzPpUx.exe
  C:\Windows\System\WKzPpUx.exe
  2⤵
  PID:8844
- C:\Windows\System\hTEjmuj.exe
  C:\Windows\System\hTEjmuj.exe
  2⤵
  PID:1076
- C:\Windows\System\DJwZHuX.exe
  C:\Windows\System\DJwZHuX.exe
  2⤵
  PID:8920
- C:\Windows\System\ZfUDMuJ.exe
  C:\Windows\System\ZfUDMuJ.exe
  2⤵
  PID:9012
- C:\Windows\System\KPwNzYG.exe
  C:\Windows\System\KPwNzYG.exe
  2⤵
  PID:9080
- C:\Windows\System\yhwiGLJ.exe
  C:\Windows\System\yhwiGLJ.exe
  2⤵
  PID:9152
- C:\Windows\System\FqNbiSH.exe
  C:\Windows\System\FqNbiSH.exe
  2⤵
  PID:9176
- C:\Windows\System\TFMEVoC.exe
  C:\Windows\System\TFMEVoC.exe
  2⤵
  PID:9196
- C:\Windows\System\nlwMsoY.exe
  C:\Windows\System\nlwMsoY.exe
  2⤵
  PID:8548
- C:\Windows\System\nYoerxh.exe
  C:\Windows\System\nYoerxh.exe
  2⤵
  PID:8684
- C:\Windows\System\mNsPkhu.exe
  C:\Windows\System\mNsPkhu.exe
  2⤵
  PID:8836
- C:\Windows\System\VVjijWy.exe
  C:\Windows\System\VVjijWy.exe
  2⤵
  PID:9044
- C:\Windows\System\PSnGSyw.exe
  C:\Windows\System\PSnGSyw.exe
  2⤵
  PID:2256
- C:\Windows\System\ZRtDEZF.exe
  C:\Windows\System\ZRtDEZF.exe
  2⤵
  PID:8612
- C:\Windows\System\nLbRmGT.exe
  C:\Windows\System\nLbRmGT.exe
  2⤵
  PID:9136
- C:\Windows\System\KTPLfQN.exe
  C:\Windows\System\KTPLfQN.exe
  2⤵
  PID:9224
- C:\Windows\System\hPJGjWy.exe
  C:\Windows\System\hPJGjWy.exe
  2⤵
  PID:9244
- C:\Windows\System\tolkzvI.exe
  C:\Windows\System\tolkzvI.exe
  2⤵
  PID:9260
- C:\Windows\System\jfMOnPI.exe
  C:\Windows\System\jfMOnPI.exe
  2⤵
  PID:9284
- C:\Windows\System\WnJLcgN.exe
  C:\Windows\System\WnJLcgN.exe
  2⤵
  PID:9312
- C:\Windows\System\UUwClJu.exe
  C:\Windows\System\UUwClJu.exe
  2⤵
  PID:9356
- C:\Windows\System\XeNKnSN.exe
  C:\Windows\System\XeNKnSN.exe
  2⤵
  PID:9408
- C:\Windows\System\fYjZYUO.exe
  C:\Windows\System\fYjZYUO.exe
  2⤵
  PID:9432
- C:\Windows\System\otFlqPo.exe
  C:\Windows\System\otFlqPo.exe
  2⤵
  PID:9464
- C:\Windows\System\zJLmATI.exe
  C:\Windows\System\zJLmATI.exe
  2⤵
  PID:9480
- C:\Windows\System\thQwEZM.exe
  C:\Windows\System\thQwEZM.exe
  2⤵
  PID:9504
- C:\Windows\System\bUBffjA.exe
  C:\Windows\System\bUBffjA.exe
  2⤵
  PID:9536
- C:\Windows\System\KMUVIvk.exe
  C:\Windows\System\KMUVIvk.exe
  2⤵
  PID:9564
- C:\Windows\System\bREmWnm.exe
  C:\Windows\System\bREmWnm.exe
  2⤵
  PID:9592
- C:\Windows\System\UGcIFpG.exe
  C:\Windows\System\UGcIFpG.exe
  2⤵
  PID:9632
- C:\Windows\System\PVlUQWD.exe
  C:\Windows\System\PVlUQWD.exe
  2⤵
  PID:9660
- C:\Windows\System\vTSrljs.exe
  C:\Windows\System\vTSrljs.exe
  2⤵
  PID:9688
- C:\Windows\System\soVGGzL.exe
  C:\Windows\System\soVGGzL.exe
  2⤵
  PID:9716
- C:\Windows\System\grDoFDT.exe
  C:\Windows\System\grDoFDT.exe
  2⤵
  PID:9744
- C:\Windows\System\zNniKSK.exe
  C:\Windows\System\zNniKSK.exe
  2⤵
  PID:9772
- C:\Windows\System\dZjXLoN.exe
  C:\Windows\System\dZjXLoN.exe
  2⤵
  PID:9796
- C:\Windows\System\oMNBTrw.exe
  C:\Windows\System\oMNBTrw.exe
  2⤵
  PID:9820
- C:\Windows\System\FxPhiAi.exe
  C:\Windows\System\FxPhiAi.exe
  2⤵
  PID:9864
- C:\Windows\System\ymzmTLO.exe
  C:\Windows\System\ymzmTLO.exe
  2⤵
  PID:9888
- C:\Windows\System\ofwjlTR.exe
  C:\Windows\System\ofwjlTR.exe
  2⤵
  PID:9912
- C:\Windows\System\NSIMUBh.exe
  C:\Windows\System\NSIMUBh.exe
  2⤵
  PID:9936
- C:\Windows\System\UBdCCIE.exe
  C:\Windows\System\UBdCCIE.exe
  2⤵
  PID:9960
- C:\Windows\System\VMVKnlO.exe
  C:\Windows\System\VMVKnlO.exe
  2⤵
  PID:9992
- C:\Windows\System\ZPlAJFh.exe
  C:\Windows\System\ZPlAJFh.exe
  2⤵
  PID:10020
- C:\Windows\System\UyuhbhF.exe
  C:\Windows\System\UyuhbhF.exe
  2⤵
  PID:10068
- C:\Windows\System\xdwwMmC.exe
  C:\Windows\System\xdwwMmC.exe
  2⤵
  PID:10084
- C:\Windows\System\dutBCVz.exe
  C:\Windows\System\dutBCVz.exe
  2⤵
  PID:10124
- C:\Windows\System\LLCBXVE.exe
  C:\Windows\System\LLCBXVE.exe
  2⤵
  PID:10140
- C:\Windows\System\bCmYzsp.exe
  C:\Windows\System\bCmYzsp.exe
  2⤵
  PID:10160
- C:\Windows\System\FOqYGGa.exe
  C:\Windows\System\FOqYGGa.exe
  2⤵
  PID:10192
- C:\Windows\System\zIvXMZf.exe
  C:\Windows\System\zIvXMZf.exe
  2⤵
  PID:10224
- C:\Windows\System\ROOwkdr.exe
  C:\Windows\System\ROOwkdr.exe
  2⤵
  PID:9236
- C:\Windows\System\fAHDUIf.exe
  C:\Windows\System\fAHDUIf.exe
  2⤵
  PID:9276
- C:\Windows\System\NnCrtdF.exe
  C:\Windows\System\NnCrtdF.exe
  2⤵
  PID:9340
- C:\Windows\System\ENKcTXP.exe
  C:\Windows\System\ENKcTXP.exe
  2⤵
  PID:9380
- C:\Windows\System\PeDKmqt.exe
  C:\Windows\System\PeDKmqt.exe
  2⤵
  PID:2332
- C:\Windows\System\QztsOAo.exe
  C:\Windows\System\QztsOAo.exe
  2⤵
  PID:9476
- C:\Windows\System\ZQIQpHw.exe
  C:\Windows\System\ZQIQpHw.exe
  2⤵
  PID:9516
- C:\Windows\System\zwskBVy.exe
  C:\Windows\System\zwskBVy.exe
  2⤵
  PID:9576
- C:\Windows\System\PUWxxob.exe
  C:\Windows\System\PUWxxob.exe
  2⤵
  PID:9656
- C:\Windows\System\nraVnwb.exe
  C:\Windows\System\nraVnwb.exe
  2⤵
  PID:9780
- C:\Windows\System\peGEkBi.exe
  C:\Windows\System\peGEkBi.exe
  2⤵
  PID:9876
- C:\Windows\System\seJbCvA.exe
  C:\Windows\System\seJbCvA.exe
  2⤵
  PID:9920
- C:\Windows\System\YMapFWp.exe
  C:\Windows\System\YMapFWp.exe
  2⤵
  PID:10004
- C:\Windows\System\YtWGqNy.exe
  C:\Windows\System\YtWGqNy.exe
  2⤵
  PID:10080
- C:\Windows\System\RKSowST.exe
  C:\Windows\System\RKSowST.exe
  2⤵
  PID:10132
- C:\Windows\System\FaGZzuB.exe
  C:\Windows\System\FaGZzuB.exe
  2⤵
  PID:10168
- C:\Windows\System\jtZpDks.exe
  C:\Windows\System\jtZpDks.exe
  2⤵
  PID:9072
- C:\Windows\System\tZkEEzU.exe
  C:\Windows\System\tZkEEzU.exe
  2⤵
  PID:9452
- C:\Windows\System\gkojaqh.exe
  C:\Windows\System\gkojaqh.exe
  2⤵
  PID:9608
- C:\Windows\System\GDoRHLd.exe
  C:\Windows\System\GDoRHLd.exe
  2⤵
  PID:9884
- C:\Windows\System\rOMMbFT.exe
  C:\Windows\System\rOMMbFT.exe
  2⤵
  PID:10060
- C:\Windows\System\fjJJdGE.exe
  C:\Windows\System\fjJJdGE.exe
  2⤵
  PID:10120
- C:\Windows\System\xCrFeVy.exe
  C:\Windows\System\xCrFeVy.exe
  2⤵
  PID:9644
- C:\Windows\System\ZIdMTQU.exe
  C:\Windows\System\ZIdMTQU.exe
  2⤵
  PID:9460
- C:\Windows\System\bERFtwT.exe
  C:\Windows\System\bERFtwT.exe
  2⤵
  PID:10148
- C:\Windows\System\HIvVuSa.exe
  C:\Windows\System\HIvVuSa.exe
  2⤵
  PID:9548
- C:\Windows\System\ShWkSvG.exe
  C:\Windows\System\ShWkSvG.exe
  2⤵
  PID:10244
- C:\Windows\System\RcOZlhm.exe
  C:\Windows\System\RcOZlhm.exe
  2⤵
  PID:10272
- C:\Windows\System\logRBxG.exe
  C:\Windows\System\logRBxG.exe
  2⤵
  PID:10300
- C:\Windows\System\ujpXcHB.exe
  C:\Windows\System\ujpXcHB.exe
  2⤵
  PID:10316
- C:\Windows\System\FotZWNP.exe
  C:\Windows\System\FotZWNP.exe
  2⤵
  PID:10344
- C:\Windows\System\edMjpeB.exe
  C:\Windows\System\edMjpeB.exe
  2⤵
  PID:10372
- C:\Windows\System\VmsrcOX.exe
  C:\Windows\System\VmsrcOX.exe
  2⤵
  PID:10396
- C:\Windows\System\ZjCuLKr.exe
  C:\Windows\System\ZjCuLKr.exe
  2⤵
  PID:10416
- C:\Windows\System\isUkZHo.exe
  C:\Windows\System\isUkZHo.exe
  2⤵
  PID:10436
- C:\Windows\System\qwMmzvX.exe
  C:\Windows\System\qwMmzvX.exe
  2⤵
  PID:10456
- C:\Windows\System\aPvKKgY.exe
  C:\Windows\System\aPvKKgY.exe
  2⤵
  PID:10472
- C:\Windows\System\zoWhGGr.exe
  C:\Windows\System\zoWhGGr.exe
  2⤵
  PID:10508
- C:\Windows\System\AItZYNA.exe
  C:\Windows\System\AItZYNA.exe
  2⤵
  PID:10560
- C:\Windows\System\GuMoLMo.exe
  C:\Windows\System\GuMoLMo.exe
  2⤵
  PID:10588
- C:\Windows\System\INvluEn.exe
  C:\Windows\System\INvluEn.exe
  2⤵
  PID:10604
- C:\Windows\System\ecgzhPF.exe
  C:\Windows\System\ecgzhPF.exe
  2⤵
  PID:10648
- C:\Windows\System\gvROCBL.exe
  C:\Windows\System\gvROCBL.exe
  2⤵
  PID:10676
- C:\Windows\System\poJaEBn.exe
  C:\Windows\System\poJaEBn.exe
  2⤵
  PID:10728
- C:\Windows\System\VrPNMyb.exe
  C:\Windows\System\VrPNMyb.exe
  2⤵
  PID:10760
- C:\Windows\System\POUuhee.exe
  C:\Windows\System\POUuhee.exe
  2⤵
  PID:10784
- C:\Windows\System\egivjGJ.exe
  C:\Windows\System\egivjGJ.exe
  2⤵
  PID:10812
- C:\Windows\System\mOMpfGn.exe
  C:\Windows\System\mOMpfGn.exe
  2⤵
  PID:10840
- C:\Windows\System\yMSDeRA.exe
  C:\Windows\System\yMSDeRA.exe
  2⤵
  PID:10860
- C:\Windows\System\nxZwNqe.exe
  C:\Windows\System\nxZwNqe.exe
  2⤵
  PID:10908
- C:\Windows\System\TwIsUlq.exe
  C:\Windows\System\TwIsUlq.exe
  2⤵
  PID:10924
- C:\Windows\System\EMhFbCI.exe
  C:\Windows\System\EMhFbCI.exe
  2⤵
  PID:10944
- C:\Windows\System\tMbXMQZ.exe
  C:\Windows\System\tMbXMQZ.exe
  2⤵
  PID:10980
- C:\Windows\System\gxrTJCl.exe
  C:\Windows\System\gxrTJCl.exe
  2⤵
  PID:11012
- C:\Windows\System\yvuNeEZ.exe
  C:\Windows\System\yvuNeEZ.exe
  2⤵
  PID:11040
- C:\Windows\System\WcPAVSt.exe
  C:\Windows\System\WcPAVSt.exe
  2⤵
  PID:11068
- C:\Windows\System\RbbsJHb.exe
  C:\Windows\System\RbbsJHb.exe
  2⤵
  PID:11096
- C:\Windows\System\ANfyCPS.exe
  C:\Windows\System\ANfyCPS.exe
  2⤵
  PID:11120
- C:\Windows\System\VYawCmF.exe
  C:\Windows\System\VYawCmF.exe
  2⤵
  PID:11152
- C:\Windows\System\mRlPOPk.exe
  C:\Windows\System\mRlPOPk.exe
  2⤵
  PID:11180
- C:\Windows\System\wdHOwoj.exe
  C:\Windows\System\wdHOwoj.exe
  2⤵
  PID:11208
- C:\Windows\System\iiOBWGR.exe
  C:\Windows\System\iiOBWGR.exe
  2⤵
  PID:11224
- C:\Windows\System\TiWvony.exe
  C:\Windows\System\TiWvony.exe
  2⤵
  PID:11244
- C:\Windows\System\ONqaDMc.exe
  C:\Windows\System\ONqaDMc.exe
  2⤵
  PID:9956
- C:\Windows\System\fcurlrd.exe
  C:\Windows\System\fcurlrd.exe
  2⤵
  PID:10308
- C:\Windows\System\EOVWEpM.exe
  C:\Windows\System\EOVWEpM.exe
  2⤵
  PID:10384
- C:\Windows\System\CBCEhvB.exe
  C:\Windows\System\CBCEhvB.exe
  2⤵
  PID:10464
- C:\Windows\System\AOvmYwR.exe
  C:\Windows\System\AOvmYwR.exe
  2⤵
  PID:10492
- C:\Windows\System\tMcKbfo.exe
  C:\Windows\System\tMcKbfo.exe
  2⤵
  PID:10548
- C:\Windows\System\EtalsBt.exe
  C:\Windows\System\EtalsBt.exe
  2⤵
  PID:10660
- C:\Windows\System\dWwMniH.exe
  C:\Windows\System\dWwMniH.exe
  2⤵
  PID:10776
- C:\Windows\System\EEjHlYH.exe
  C:\Windows\System\EEjHlYH.exe
  2⤵
  PID:10828
- C:\Windows\System\bBAVSCP.exe
  C:\Windows\System\bBAVSCP.exe
  2⤵
  PID:10876
- C:\Windows\System\YwSwBKL.exe
  C:\Windows\System\YwSwBKL.exe
  2⤵
  PID:10920
- C:\Windows\System\YQNQpsW.exe
  C:\Windows\System\YQNQpsW.exe
  2⤵
  PID:10992
- C:\Windows\System\RbnvraA.exe
  C:\Windows\System\RbnvraA.exe
  2⤵
  PID:11088
- C:\Windows\System\BBRpDnK.exe
  C:\Windows\System\BBRpDnK.exe
  2⤵
  PID:11148
- C:\Windows\System\tQFyvJS.exe
  C:\Windows\System\tQFyvJS.exe
  2⤵
  PID:11200
- C:\Windows\System\iEmUJnr.exe
  C:\Windows\System\iEmUJnr.exe
  2⤵
  PID:11240
- C:\Windows\System\celsKiS.exe
  C:\Windows\System\celsKiS.exe
  2⤵
  PID:10284
- C:\Windows\System\DbtQXEC.exe
  C:\Windows\System\DbtQXEC.exe
  2⤵
  PID:10428
- C:\Windows\System\GhynjCy.exe
  C:\Windows\System\GhynjCy.exe
  2⤵
  PID:10636
- C:\Windows\System\QztGnbO.exe
  C:\Windows\System\QztGnbO.exe
  2⤵
  PID:10808
- C:\Windows\System\axhQNvU.exe
  C:\Windows\System\axhQNvU.exe
  2⤵
  PID:10904
- C:\Windows\System\kqpfIfD.exe
  C:\Windows\System\kqpfIfD.exe
  2⤵
  PID:11036
- C:\Windows\System\JFSuaiu.exe
  C:\Windows\System\JFSuaiu.exe
  2⤵
  PID:11196
- C:\Windows\System\ozPsThn.exe
  C:\Windows\System\ozPsThn.exe
  2⤵
  PID:10752
- C:\Windows\System\EJwhFbV.exe
  C:\Windows\System\EJwhFbV.exe
  2⤵
  PID:10424
- C:\Windows\System\kxaEbXe.exe
  C:\Windows\System\kxaEbXe.exe
  2⤵
  PID:10360
- C:\Windows\System\BctoYOw.exe
  C:\Windows\System\BctoYOw.exe
  2⤵
  PID:10976
- C:\Windows\System\aFGTRvM.exe
  C:\Windows\System\aFGTRvM.exe
  2⤵
  PID:11268
- C:\Windows\System\QtUJhyy.exe
  C:\Windows\System\QtUJhyy.exe
  2⤵
  PID:11296
- C:\Windows\System\QmyjVzL.exe
  C:\Windows\System\QmyjVzL.exe
  2⤵
  PID:11332
- C:\Windows\System\XGZwOqa.exe
  C:\Windows\System\XGZwOqa.exe
  2⤵
  PID:11356
- C:\Windows\System\uBGxAkt.exe
  C:\Windows\System\uBGxAkt.exe
  2⤵
  PID:11376
- C:\Windows\System\ulSetJp.exe
  C:\Windows\System\ulSetJp.exe
  2⤵
  PID:11404
- C:\Windows\System\maiZZXr.exe
  C:\Windows\System\maiZZXr.exe
  2⤵
  PID:11440
- C:\Windows\System\WjbtkMw.exe
  C:\Windows\System\WjbtkMw.exe
  2⤵
  PID:11464
- C:\Windows\System\gqLKkGF.exe
  C:\Windows\System\gqLKkGF.exe
  2⤵
  PID:11492
- C:\Windows\System\zhpAXwN.exe
  C:\Windows\System\zhpAXwN.exe
  2⤵
  PID:11508
- C:\Windows\System\UwLukcj.exe
  C:\Windows\System\UwLukcj.exe
  2⤵
  PID:11560
- C:\Windows\System\OIRBMuz.exe
  C:\Windows\System\OIRBMuz.exe
  2⤵
  PID:11588
- C:\Windows\System\LBfsfcP.exe
  C:\Windows\System\LBfsfcP.exe
  2⤵
  PID:11620
- C:\Windows\System\qbMoWlX.exe
  C:\Windows\System\qbMoWlX.exe
  2⤵
  PID:11648
- C:\Windows\System\dmBWRDH.exe
  C:\Windows\System\dmBWRDH.exe
  2⤵
  PID:11672
- C:\Windows\System\dKhXyzP.exe
  C:\Windows\System\dKhXyzP.exe
  2⤵
  PID:11728
- C:\Windows\System\HntEYjx.exe
  C:\Windows\System\HntEYjx.exe
  2⤵
  PID:11760
- C:\Windows\System\dbOxpWe.exe
  C:\Windows\System\dbOxpWe.exe
  2⤵
  PID:11800
- C:\Windows\System\ElbbtyN.exe
  C:\Windows\System\ElbbtyN.exe
  2⤵
  PID:11820
- C:\Windows\System\BlmzpLu.exe
  C:\Windows\System\BlmzpLu.exe
  2⤵
  PID:11856
- C:\Windows\System\FXGMXkX.exe
  C:\Windows\System\FXGMXkX.exe
  2⤵
  PID:11888
- C:\Windows\System\FIOwrLB.exe
  C:\Windows\System\FIOwrLB.exe
  2⤵
  PID:11936
- C:\Windows\System\igTpasA.exe
  C:\Windows\System\igTpasA.exe
  2⤵
  PID:11968
- C:\Windows\System\sNdGBxY.exe
  C:\Windows\System\sNdGBxY.exe
  2⤵
  PID:12012
- C:\Windows\System\FvALvLB.exe
  C:\Windows\System\FvALvLB.exe
  2⤵
  PID:12056
- C:\Windows\System\JeOUibg.exe
  C:\Windows\System\JeOUibg.exe
  2⤵
  PID:12072
- C:\Windows\System\mHHpuCZ.exe
  C:\Windows\System\mHHpuCZ.exe
  2⤵
  PID:12092
- C:\Windows\System\qFGzLpB.exe
  C:\Windows\System\qFGzLpB.exe
  2⤵
  PID:12112
- C:\Windows\System\hqJDMou.exe
  C:\Windows\System\hqJDMou.exe
  2⤵
  PID:12144
- C:\Windows\System\AHXCenk.exe
  C:\Windows\System\AHXCenk.exe
  2⤵
  PID:12208
- C:\Windows\System\cgMoeUT.exe
  C:\Windows\System\cgMoeUT.exe
  2⤵
  PID:12244
- C:\Windows\System\jniqQhC.exe
  C:\Windows\System\jniqQhC.exe
  2⤵
  PID:12264
- C:\Windows\System\gCVFJtu.exe
  C:\Windows\System\gCVFJtu.exe
  2⤵
  PID:11292
- C:\Windows\System\NtOzWrD.exe
  C:\Windows\System\NtOzWrD.exe
  2⤵
  PID:11368
- C:\Windows\System\hcaRYsu.exe
  C:\Windows\System\hcaRYsu.exe
  2⤵
  PID:11396
- C:\Windows\System\klFziCy.exe
  C:\Windows\System\klFziCy.exe
  2⤵
  PID:11412
- C:\Windows\System\KNgsdUS.exe
  C:\Windows\System\KNgsdUS.exe
  2⤵
  PID:11452
- C:\Windows\System\XlyVcUM.exe
  C:\Windows\System\XlyVcUM.exe
  2⤵
  PID:11544
- C:\Windows\System\IySfumj.exe
  C:\Windows\System\IySfumj.exe
  2⤵
  PID:11668
- C:\Windows\System\ayUlKLg.exe
  C:\Windows\System\ayUlKLg.exe
  2⤵
  PID:11736
- C:\Windows\System\FrhTCvi.exe
  C:\Windows\System\FrhTCvi.exe
  2⤵
  PID:11848
- C:\Windows\System\iOkcaqo.exe
  C:\Windows\System\iOkcaqo.exe
  2⤵
  PID:11988
- C:\Windows\System\cLrFewj.exe
  C:\Windows\System\cLrFewj.exe
  2⤵
  PID:12008
- C:\Windows\System\uPGYbxB.exe
  C:\Windows\System\uPGYbxB.exe
  2⤵
  PID:12100
- C:\Windows\System\UeCfbGL.exe
  C:\Windows\System\UeCfbGL.exe
  2⤵
  PID:12104
- C:\Windows\System\SNEgmjk.exe
  C:\Windows\System\SNEgmjk.exe
  2⤵
  PID:12200
- C:\Windows\System\BDSXnXI.exe
  C:\Windows\System\BDSXnXI.exe
  2⤵
  PID:10724
- C:\Windows\System\GvwBKlf.exe
  C:\Windows\System\GvwBKlf.exe
  2⤵
  PID:11436
- C:\Windows\System\hPnRDyj.exe
  C:\Windows\System\hPnRDyj.exe
  2⤵
  PID:11472
- C:\Windows\System\thyxkmZ.exe
  C:\Windows\System\thyxkmZ.exe
  2⤵
  PID:11552
- C:\Windows\System\DopwfhC.exe
  C:\Windows\System\DopwfhC.exe
  2⤵
  PID:11880
- C:\Windows\System\ESHraDr.exe
  C:\Windows\System\ESHraDr.exe
  2⤵
  PID:11920
- C:\Windows\System\DIvTFbX.exe
  C:\Windows\System\DIvTFbX.exe
  2⤵
  PID:12176
- C:\Windows\System\UMuFLDj.exe
  C:\Windows\System\UMuFLDj.exe
  2⤵
  PID:11524
- C:\Windows\System\TRlNYiZ.exe
  C:\Windows\System\TRlNYiZ.exe
  2⤵
  PID:12308
- C:\Windows\System\WQCAllQ.exe
  C:\Windows\System\WQCAllQ.exe
  2⤵
  PID:12332
- C:\Windows\System\nypSQTx.exe
  C:\Windows\System\nypSQTx.exe
  2⤵
  PID:12352
- C:\Windows\System\IaHYjRA.exe
  C:\Windows\System\IaHYjRA.exe
  2⤵
  PID:12392
- C:\Windows\System\GZIJvVv.exe
  C:\Windows\System\GZIJvVv.exe
  2⤵
  PID:12408
- C:\Windows\System\OvLdkgi.exe
  C:\Windows\System\OvLdkgi.exe
  2⤵
  PID:12428
- C:\Windows\System\DphaGKL.exe
  C:\Windows\System\DphaGKL.exe
  2⤵
  PID:12464
- C:\Windows\System\RFckRCm.exe
  C:\Windows\System\RFckRCm.exe
  2⤵
  PID:12504
- C:\Windows\System\UFXtvZn.exe
  C:\Windows\System\UFXtvZn.exe
  2⤵
  PID:12520
- C:\Windows\System\DOhpCPm.exe
  C:\Windows\System\DOhpCPm.exe
  2⤵
  PID:12560
- C:\Windows\System\MaiqQRP.exe
  C:\Windows\System\MaiqQRP.exe
  2⤵
  PID:12588
- C:\Windows\System\rnmzFZT.exe
  C:\Windows\System\rnmzFZT.exe
  2⤵
  PID:12616
- C:\Windows\System\bXBHRko.exe
  C:\Windows\System\bXBHRko.exe
  2⤵
  PID:12636
- C:\Windows\System\KCQbcbp.exe
  C:\Windows\System\KCQbcbp.exe
  2⤵
  PID:12660
- C:\Windows\System\nJpAUSm.exe
  C:\Windows\System\nJpAUSm.exe
  2⤵
  PID:12692
- C:\Windows\System\fchVkFZ.exe
  C:\Windows\System\fchVkFZ.exe
  2⤵
  PID:12716
- C:\Windows\System\GeLnTdR.exe
  C:\Windows\System\GeLnTdR.exe
  2⤵
  PID:12756
- C:\Windows\System\oSNXXmw.exe
  C:\Windows\System\oSNXXmw.exe
  2⤵
  PID:12772
- C:\Windows\System\UYWpMLs.exe
  C:\Windows\System\UYWpMLs.exe
  2⤵
  PID:12796
- C:\Windows\System\XKFDPgu.exe
  C:\Windows\System\XKFDPgu.exe
  2⤵
  PID:12820
- C:\Windows\System\DSAAZpx.exe
  C:\Windows\System\DSAAZpx.exe
  2⤵
  PID:12844
- C:\Windows\System\nczKPhl.exe
  C:\Windows\System\nczKPhl.exe
  2⤵
  PID:12868
- C:\Windows\System\wAAXRbG.exe
  C:\Windows\System\wAAXRbG.exe
  2⤵
  PID:12924
- C:\Windows\System\CitLvOp.exe
  C:\Windows\System\CitLvOp.exe
  2⤵
  PID:12952
- C:\Windows\System\ILfMUUR.exe
  C:\Windows\System\ILfMUUR.exe
  2⤵
  PID:12968
- C:\Windows\System\dOgbOzl.exe
  C:\Windows\System\dOgbOzl.exe
  2⤵
  PID:12996
- C:\Windows\System\UgdImQl.exe
  C:\Windows\System\UgdImQl.exe
  2⤵
  PID:13036
- C:\Windows\System\gjWWnCG.exe
  C:\Windows\System\gjWWnCG.exe
  2⤵
  PID:13056
- C:\Windows\System\wRojBpw.exe
  C:\Windows\System\wRojBpw.exe
  2⤵
  PID:13092
- C:\Windows\System\JAkRtqU.exe
  C:\Windows\System\JAkRtqU.exe
  2⤵
  PID:13120
- C:\Windows\System\IQZlivU.exe
  C:\Windows\System\IQZlivU.exe
  2⤵
  PID:13144
- C:\Windows\System\FluJCjx.exe
  C:\Windows\System\FluJCjx.exe
  2⤵
  PID:13164
- C:\Windows\System\FchofBy.exe
  C:\Windows\System\FchofBy.exe
  2⤵
  PID:13188
- C:\Windows\System\hyobwAV.exe
  C:\Windows\System\hyobwAV.exe
  2⤵
  PID:13220
- C:\Windows\System\pbjcvnU.exe
  C:\Windows\System\pbjcvnU.exe
  2⤵
  PID:13248
- C:\Windows\System\tHjBHiJ.exe
  C:\Windows\System\tHjBHiJ.exe
  2⤵
  PID:13280
- C:\Windows\System\oUhfecw.exe
  C:\Windows\System\oUhfecw.exe
  2⤵
  PID:13304
- C:\Windows\System\ilEZBrw.exe
  C:\Windows\System\ilEZBrw.exe
  2⤵
  PID:11636
- C:\Windows\System\cEiRJRG.exe
  C:\Windows\System\cEiRJRG.exe
  2⤵
  PID:12300
- C:\Windows\System\XXkfaAi.exe
  C:\Windows\System\XXkfaAi.exe
  2⤵
  PID:12368
- C:\Windows\System\VEtBMfI.exe
  C:\Windows\System\VEtBMfI.exe
  2⤵
  PID:12448
- C:\Windows\System\YOmdRbZ.exe
  C:\Windows\System\YOmdRbZ.exe
  2⤵
  PID:12484
- C:\Windows\System\qRuzhyo.exe
  C:\Windows\System\qRuzhyo.exe
  2⤵
  PID:12516
- C:\Windows\System\qoyLTlT.exe
  C:\Windows\System\qoyLTlT.exe
  2⤵
  PID:12556
- C:\Windows\System\fCavTsU.exe
  C:\Windows\System\fCavTsU.exe
  2⤵
  PID:12612
- C:\Windows\System\MNdmHBG.exe
  C:\Windows\System\MNdmHBG.exe
  2⤵
  PID:12680
- C:\Windows\System\iBYJZgJ.exe
  C:\Windows\System\iBYJZgJ.exe
  2⤵
  PID:12728
- C:\Windows\System\gCpcxYo.exe
  C:\Windows\System\gCpcxYo.exe
  2⤵
  PID:12812
- C:\Windows\System\zgVcgcM.exe
  C:\Windows\System\zgVcgcM.exe
  2⤵
  PID:12836
- C:\Windows\System\oopTbVF.exe
  C:\Windows\System\oopTbVF.exe
  2⤵
  PID:12908
- C:\Windows\System\rhfvsJq.exe
  C:\Windows\System\rhfvsJq.exe
  2⤵
  PID:12964
- C:\Windows\System\cncARKN.exe
  C:\Windows\System\cncARKN.exe
  2⤵
  PID:13012
- C:\Windows\System\zhrAwBJ.exe
  C:\Windows\System\zhrAwBJ.exe
  2⤵
  PID:13084
- C:\Windows\System\XZXXCXx.exe
  C:\Windows\System\XZXXCXx.exe
  2⤵
  PID:13136
- C:\Windows\System\BApxhZK.exe
  C:\Windows\System\BApxhZK.exe
  2⤵
  PID:13160
- C:\Windows\System\JNjNrGk.exe
  C:\Windows\System\JNjNrGk.exe
  2⤵
  PID:13260
- C:\Windows\System\ewsRlBX.exe
  C:\Windows\System\ewsRlBX.exe
  2⤵
  PID:12380
- C:\Windows\System\UXcLCnz.exe
  C:\Windows\System\UXcLCnz.exe
  2⤵
  PID:12344
- C:\Windows\System\WhYYutJ.exe
  C:\Windows\System\WhYYutJ.exe
  2⤵
  PID:12604
- C:\Windows\System\LWPEOJw.exe
  C:\Windows\System\LWPEOJw.exe
  2⤵
  PID:12700
- C:\Windows\System\thjuLja.exe
  C:\Windows\System\thjuLja.exe
  2⤵
  PID:12652
- C:\Windows\System\WBtypzS.exe
  C:\Windows\System\WBtypzS.exe
  2⤵
  PID:12888
- C:\Windows\System\VHyCLMy.exe
  C:\Windows\System\VHyCLMy.exe
  2⤵
  PID:12204
- C:\Windows\System\sAheDjw.exe
  C:\Windows\System\sAheDjw.exe
  2⤵
  PID:12828
- C:\Windows\System\onAqhWW.exe
  C:\Windows\System\onAqhWW.exe
  2⤵
  PID:13268
- C:\Windows\System\sYfxdIF.exe
  C:\Windows\System\sYfxdIF.exe
  2⤵
  PID:13336
- C:\Windows\System\gdQsqxO.exe
  C:\Windows\System\gdQsqxO.exe
  2⤵
  PID:13364
- C:\Windows\System\BsMSyBX.exe
  C:\Windows\System\BsMSyBX.exe
  2⤵
  PID:13392
- C:\Windows\System\tFFSdvu.exe
  C:\Windows\System\tFFSdvu.exe
  2⤵
  PID:13408
- C:\Windows\System\SRrFDhD.exe
  C:\Windows\System\SRrFDhD.exe
  2⤵
  PID:13436
- C:\Windows\System\ueoDVGf.exe
  C:\Windows\System\ueoDVGf.exe
  2⤵
  PID:13460
- C:\Windows\System\SiargWq.exe
  C:\Windows\System\SiargWq.exe
  2⤵
  PID:13480
- C:\Windows\System\etMHPpB.exe
  C:\Windows\System\etMHPpB.exe
  2⤵
  PID:13504
- C:\Windows\System\Wveaqjz.exe
  C:\Windows\System\Wveaqjz.exe
  2⤵
  PID:13524
- C:\Windows\System\tCaDAZc.exe
  C:\Windows\System\tCaDAZc.exe
  2⤵
  PID:13552
- C:\Windows\System\gsUXyWq.exe
  C:\Windows\System\gsUXyWq.exe
  2⤵
  PID:13572
- C:\Windows\System\wyeLGao.exe
  C:\Windows\System\wyeLGao.exe
  2⤵
  PID:13596
- C:\Windows\System\nujnrHd.exe
  C:\Windows\System\nujnrHd.exe
  2⤵
  PID:13624
- C:\Windows\System\ZuBCPhH.exe
  C:\Windows\System\ZuBCPhH.exe
  2⤵
  PID:13648
- C:\Windows\System\IYyqacF.exe
  C:\Windows\System\IYyqacF.exe
  2⤵
  PID:13676
- C:\Windows\System\YmJLVyY.exe
  C:\Windows\System\YmJLVyY.exe
  2⤵
  PID:13700
- C:\Windows\System\qjlxVEB.exe
  C:\Windows\System\qjlxVEB.exe
  2⤵
  PID:13732
- C:\Windows\System\TPIeYGk.exe
  C:\Windows\System\TPIeYGk.exe
  2⤵
  PID:13760
- C:\Windows\System\pSNYYdv.exe
  C:\Windows\System\pSNYYdv.exe
  2⤵
  PID:13792
- C:\Windows\System\zHAqBzX.exe
  C:\Windows\System\zHAqBzX.exe
  2⤵
  PID:13820
- C:\Windows\System\goFEDGl.exe
  C:\Windows\System\goFEDGl.exe
  2⤵
  PID:13844
- C:\Windows\System\IxlpdPp.exe
  C:\Windows\System\IxlpdPp.exe
  2⤵
  PID:13872
- C:\Windows\System\vvBVaYM.exe
  C:\Windows\System\vvBVaYM.exe
  2⤵
  PID:13900
- C:\Windows\System\OpUnMsx.exe
  C:\Windows\System\OpUnMsx.exe
  2⤵
  PID:13920
- C:\Windows\System\ekNdtUO.exe
  C:\Windows\System\ekNdtUO.exe
  2⤵
  PID:13944
- C:\Windows\System\jklVNuj.exe
  C:\Windows\System\jklVNuj.exe
  2⤵
  PID:13964
- C:\Windows\System\iWaPtHU.exe
  C:\Windows\System\iWaPtHU.exe
  2⤵
  PID:14004
- C:\Windows\System\xniTcNW.exe
  C:\Windows\System\xniTcNW.exe
  2⤵
  PID:14036
- C:\Windows\System\hLyAnXI.exe
  C:\Windows\System\hLyAnXI.exe
  2⤵
  PID:14068
- C:\Windows\System\sfRtsuh.exe
  C:\Windows\System\sfRtsuh.exe
  2⤵
  PID:14088
- C:\Windows\System\VwntXYe.exe
  C:\Windows\System\VwntXYe.exe
  2⤵
  PID:14104
- C:\Windows\System\GYugFpi.exe
  C:\Windows\System\GYugFpi.exe
  2⤵
  PID:14124
- C:\Windows\System\TdMDSTy.exe
  C:\Windows\System\TdMDSTy.exe
  2⤵
  PID:14140
- C:\Windows\System\YqrOnKa.exe
  C:\Windows\System\YqrOnKa.exe
  2⤵
  PID:14172
- C:\Windows\System\TZcbcDY.exe
  C:\Windows\System\TZcbcDY.exe
  2⤵
  PID:14192
- C:\Windows\System\zPtUOWT.exe
  C:\Windows\System\zPtUOWT.exe
  2⤵
  PID:14208
- C:\Windows\System\FmqfMOA.exe
  C:\Windows\System\FmqfMOA.exe
  2⤵
  PID:14228
- C:\Windows\System\ccQRpSZ.exe
  C:\Windows\System\ccQRpSZ.exe
  2⤵
  PID:14256
- C:\Windows\System\yqnfseM.exe
  C:\Windows\System\yqnfseM.exe
  2⤵
  PID:14288
- C:\Windows\System\ZABDKLM.exe
  C:\Windows\System\ZABDKLM.exe
  2⤵
  PID:14308
- C:\Windows\System\ZMgYUud.exe
  C:\Windows\System\ZMgYUud.exe
  2⤵
  PID:14332
- C:\Windows\System\KfwSNic.exe
  C:\Windows\System\KfwSNic.exe
  2⤵
  PID:13212
- C:\Windows\System\HIJJcZV.exe
  C:\Windows\System\HIJJcZV.exe
  2⤵
  PID:13236
- C:\Windows\System\pKFAMQG.exe
  C:\Windows\System\pKFAMQG.exe
  2⤵
  PID:13380
- C:\Windows\System\XxLWMNn.exe
  C:\Windows\System\XxLWMNn.exe
  2⤵
  PID:13324
- C:\Windows\System\usZZzps.exe
  C:\Windows\System\usZZzps.exe
  2⤵
  PID:13540
- C:\Windows\System\luYlkrv.exe
  C:\Windows\System\luYlkrv.exe
  2⤵
  PID:13644
- C:\Windows\System\pOBXrQq.exe
  C:\Windows\System\pOBXrQq.exe
  2⤵
  PID:13448
- C:\Windows\System\rsscOAg.exe
  C:\Windows\System\rsscOAg.exe
  2⤵
  PID:13476
- C:\Windows\System\HwFILRn.exe
  C:\Windows\System\HwFILRn.exe
  2⤵
  PID:13496
- C:\Windows\System\oEEiIxA.exe
  C:\Windows\System\oEEiIxA.exe
  2⤵
  PID:13512
- C:\Windows\System\LZlFZuf.exe
  C:\Windows\System\LZlFZuf.exe
  2⤵
  PID:13720
- C:\Windows\System\SPHgWTI.exe
  C:\Windows\System\SPHgWTI.exe
  2⤵
  PID:14028
- C:\Windows\System\yYBHPdQ.exe
  C:\Windows\System\yYBHPdQ.exe
  2⤵
  PID:13884
- C:\Windows\System\JjbJWGE.exe
  C:\Windows\System\JjbJWGE.exe
  2⤵
  PID:14100
- C:\Windows\System\tpBJHtU.exe
  C:\Windows\System\tpBJHtU.exe
  2⤵
  PID:13996
- C:\Windows\System\zmGfUCu.exe
  C:\Windows\System\zmGfUCu.exe
  2⤵
  PID:14056
- C:\Windows\System\BkKLhvi.exe
  C:\Windows\System\BkKLhvi.exe
  2⤵
  PID:13564
- C:\Windows\System\AEZARNV.exe
  C:\Windows\System\AEZARNV.exe
  2⤵
  PID:13328
- C:\Windows\System\nwOjgVW.exe
  C:\Windows\System\nwOjgVW.exe
  2⤵
  PID:14132
- C:\Windows\System\GAnCElW.exe
  C:\Windows\System\GAnCElW.exe
  2⤵
  PID:13800
- C:\Windows\System\jfHrcNZ.exe
  C:\Windows\System\jfHrcNZ.exe
  2⤵
  PID:14000
- C:\Windows\System\RSZmKQA.exe
  C:\Windows\System\RSZmKQA.exe
  2⤵
  PID:14116
- C:\Windows\System\hNbJTdc.exe
  C:\Windows\System\hNbJTdc.exe
  2⤵
  PID:14344
- C:\Windows\System\iCmRoXe.exe
  C:\Windows\System\iCmRoXe.exe
  2⤵
  PID:14368
- C:\Windows\System\YRfOdsE.exe
  C:\Windows\System\YRfOdsE.exe
  2⤵
  PID:14388
- C:\Windows\System\AiJkpbn.exe
  C:\Windows\System\AiJkpbn.exe
  2⤵
  PID:14412
- C:\Windows\System\QPvrRNt.exe
  C:\Windows\System\QPvrRNt.exe
  2⤵
  PID:14444
- C:\Windows\System\EzPKCXq.exe
  C:\Windows\System\EzPKCXq.exe
  2⤵
  PID:14476
- C:\Windows\System\GFKPqni.exe
  C:\Windows\System\GFKPqni.exe
  2⤵
  PID:14504
- C:\Windows\System\nWWAytG.exe
  C:\Windows\System\nWWAytG.exe
  2⤵
  PID:14528
- C:\Windows\System\bNsabjl.exe
  C:\Windows\System\bNsabjl.exe
  2⤵
  PID:14552
- C:\Windows\System\NtBCRcR.exe
  C:\Windows\System\NtBCRcR.exe
  2⤵
  PID:14576
- C:\Windows\System\lzZgUHr.exe
  C:\Windows\System\lzZgUHr.exe
  2⤵
  PID:14600
- C:\Windows\System\PCCHcpn.exe
  C:\Windows\System\PCCHcpn.exe
  2⤵
  PID:14624
- C:\Windows\System\oqVyrcn.exe
  C:\Windows\System\oqVyrcn.exe
  2⤵
  PID:14644
- C:\Windows\System\jeVUfsj.exe
  C:\Windows\System\jeVUfsj.exe
  2⤵
  PID:14668
- C:\Windows\System\omHgwYY.exe
  C:\Windows\System\omHgwYY.exe
  2⤵
  PID:14696
- C:\Windows\System\GDMzqQg.exe
  C:\Windows\System\GDMzqQg.exe
  2⤵
  PID:14724
- C:\Windows\System\NDBQMZh.exe
  C:\Windows\System\NDBQMZh.exe
  2⤵
  PID:14752
- C:\Windows\System\lGKZyHs.exe
  C:\Windows\System\lGKZyHs.exe
  2⤵
  PID:14776
- C:\Windows\System\ZRqjxby.exe
  C:\Windows\System\ZRqjxby.exe
  2⤵
  PID:14804
- C:\Windows\System\SLllFFD.exe
  C:\Windows\System\SLllFFD.exe
  2⤵
  PID:14832
- C:\Windows\System\rWEMDQR.exe
  C:\Windows\System\rWEMDQR.exe
  2⤵
  PID:14856
- C:\Windows\System\SFbHwxq.exe
  C:\Windows\System\SFbHwxq.exe
  2⤵
  PID:14876
- C:\Windows\System\SENCHfP.exe
  C:\Windows\System\SENCHfP.exe
  2⤵
  PID:14904
- C:\Windows\System\NmSfRZi.exe
  C:\Windows\System\NmSfRZi.exe
  2⤵
  PID:14924
- C:\Windows\System\XaJTlZC.exe
  C:\Windows\System\XaJTlZC.exe
  2⤵
  PID:14956
- C:\Windows\System\gsPbasP.exe
  C:\Windows\System\gsPbasP.exe
  2⤵
  PID:14976
- C:\Windows\System\JdkHNnu.exe
  C:\Windows\System\JdkHNnu.exe
  2⤵
  PID:14992
- C:\Windows\System\SepmgDz.exe
  C:\Windows\System\SepmgDz.exe
  2⤵
  PID:15016
- C:\Windows\System\KADSFRL.exe
  C:\Windows\System\KADSFRL.exe
  2⤵
  PID:15040
- C:\Windows\System\eiMQIut.exe
  C:\Windows\System\eiMQIut.exe
  2⤵
  PID:15064
- C:\Windows\System\tpSUEZG.exe
  C:\Windows\System\tpSUEZG.exe
  2⤵
  PID:15088
- C:\Windows\System\CKuZnlW.exe
  C:\Windows\System\CKuZnlW.exe
  2⤵
  PID:15116
- C:\Windows\System\FdfJDKb.exe
  C:\Windows\System\FdfJDKb.exe
  2⤵
  PID:15136
- C:\Windows\System\dXqKPaL.exe
  C:\Windows\System\dXqKPaL.exe
  2⤵
  PID:15176
- C:\Windows\System\JaxgsTB.exe
  C:\Windows\System\JaxgsTB.exe
  2⤵
  PID:15196
- C:\Windows\System\IHZKKSt.exe
  C:\Windows\System\IHZKKSt.exe
  2⤵
  PID:15228
- C:\Windows\System\ipOjXNK.exe
  C:\Windows\System\ipOjXNK.exe
  2⤵
  PID:15256
- C:\Windows\System\eCsXIcR.exe
  C:\Windows\System\eCsXIcR.exe
  2⤵
  PID:15296
- C:\Windows\System\ZNElnGl.exe
  C:\Windows\System\ZNElnGl.exe
  2⤵
  PID:15312
- C:\Windows\System\mePyVPm.exe
  C:\Windows\System\mePyVPm.exe
  2⤵
  PID:15328
- C:\Windows\System\jRpzxuI.exe
  C:\Windows\System\jRpzxuI.exe
  2⤵
  PID:13568
- C:\Windows\System\iPwVWEX.exe
  C:\Windows\System\iPwVWEX.exe
  2⤵
  PID:13632
- C:\Windows\System\BahCtrO.exe
  C:\Windows\System\BahCtrO.exe
  2⤵
  PID:14356
- C:\Windows\System\uDFMqPJ.exe
  C:\Windows\System\uDFMqPJ.exe
  2⤵
  PID:14452
- C:\Windows\System\UqewSkS.exe
  C:\Windows\System\UqewSkS.exe
  2⤵
  PID:14984
- C:\Windows\System\TCArtoR.exe
  C:\Windows\System\TCArtoR.exe
  2⤵
  PID:15008
- C:\Windows\System\GgnduBO.exe
  C:\Windows\System\GgnduBO.exe
  2⤵
  PID:15032

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BlCFUxe.exe

Filesize
2.1MB

MD5
d9f470f9293b9fbdd821558b0df29051

SHA1
2e6d876249d34cefd1275b92fec854a57414d07a

SHA256
f4fc447d14a9933cbed5fe2f682212a1aa4a9a7f36eda33eec28cb42abcedba3

SHA512
ffcbe64d70ddc546fe619c0d5f6030042ea1f812f7290b44a9b5024a941faa8f84c1f339190bca45b01de334511ad24dc8f2dbfd3af2069e702d025020b57c8c

Download Submit
C:\Windows\System\DxDFsEx.exe

Filesize
2.1MB

MD5
ecbe7e1737822818a74300c3aacf4f3a

SHA1
d76deace51988cc36a29ccd815a7a17404cdc582

SHA256
0b87b9478763c67844d3ddb799d7ddf3a2b1ef39f5dc8eb12635f23d72ef5bcc

SHA512
e7e61d153359229d523ebaf9edf8bf50e6e5311b1df44225182237ccd605d4c9f2a118619e9894957b548e0f14a16c483c67c0687f7dc1a3a599448e770ed1cd

Download Submit
C:\Windows\System\EXvhTbC.exe

Filesize
2.1MB

MD5
f64c41b6357fc8b3c254242a576ee555

SHA1
e8c11ac6810f56f45535fe234ba5f3d1683337dd

SHA256
8388ea1109d36bc673095e8e56fa09bb37fbbc79ae3780b4c4b749e911c2e1bc

SHA512
34ee9ca2449ca21b22bf4a40e850e5d0d1cae0865458e8a1c62525f92a57be8702d48d351de05b731126064bf8437b79b268aaaac5411d0f7ad9c17e00267c50

Download Submit
C:\Windows\System\EcAKeOW.exe

Filesize
2.1MB

MD5
43d2ff93a41e7440ca6bdec1600d95a8

SHA1
73e67b87c571d724702a66c0495dd192428c69ba

SHA256
5da62c6a304852020135ed918fe831011d94e938deec06fe1ae27609ede8d97a

SHA512
6f9cf4902bcbc3f6b939b163e617d03b72883031b8c04d02696c52228de627a32d425a965d935ee2294458ef7472ff022592d53c0fba7156d9723165e38ac26f

Download Submit
C:\Windows\System\EqoujYS.exe

Filesize
2.1MB

MD5
510e7f1ac61affb4c4ab5b4d7242238a

SHA1
bf6660ec3ae2865f7963d2f4aaafea3c143255ad

SHA256
a2b4dfcd82c5cf0aab9c2cc8dd629e940a5614b939d3a7996d165005c2170e57

SHA512
aa83ef141e6b7a96b02f3b3728a49097fd6e827ea0d3fbcbb94122cae872d432e01f80f37e9733f82a37eaaa4e7129a41b052683309fe599fe228a6ae4f54c4c

Download Submit
C:\Windows\System\JHhgLti.exe

Filesize
2.1MB

MD5
2b31b8ff48cc231c3138e54fc851c1de

SHA1
0781f460598ad1c717d9d4da095ba1d85a578250

SHA256
03ddb36afe8dc88a51d33303ea2e0449f14860aea3a2737b5a519f000731533f

SHA512
fc8bb85d9fe9c65ba1226196cf4b77bc2b2ea6e344220583d12e00ad57c0cc5346b489dcaee7f8e5df5199bc9d59e5fc54ad7e02f453d5642313bcc51e3f51a2

Download Submit
C:\Windows\System\JhVXjWR.exe

Filesize
2.1MB

MD5
483f57140a0a56fd6f80072595ae5c75

SHA1
88455c731c3c30bb88109c3b63bcbb366ef1e888

SHA256
bc0a7bd30803dc4bce51eb2e147009e465d96efda7127a83f273b905f5f6995a

SHA512
300b9dd18bcf9bae3859b855f150bbbf339952137b110188fcf4910b630fb14f80bfbc645df37538980847b54e521febc4be72b59d126b50e6fc9408235d5887

Download Submit
C:\Windows\System\KoIPzAU.exe

Filesize
2.1MB

MD5
fe9bbabf34f4aad05c4da5bb23bd616a

SHA1
95af43b46a15ad9901f4923e8c0291beeba371d6

SHA256
5bc351f47fb9f7a76130285a4a7f264adac6b4f102ab4fd3a569cff59f572e55

SHA512
0c13b9e521802c42e371d7eddb6a3f8e81023d2b20abc4c50290b2da8fb3b0d432bf71a877661937833f5ef2c8d0257d1937c7c574e0d568a39ff1e6ae046ffe

Download Submit
C:\Windows\System\LotjvRk.exe

Filesize
2.1MB

MD5
2be826fbad2dd7730285463d1e93b731

SHA1
ab22db5914650f48c6b64caebd4c0672d1775328

SHA256
5f5ba7e24588fd621321ebf7b7c48674ec956b5ffef38e907b571938788ddbcd

SHA512
b287d176c664bbc1cda53e4b2168c30910a2314c1d1292d7695d967ea2e61ddb14f1957e6b868d041ed553a5ce7f70ae54d59dc39f422c10d8523ff81f050637

Download Submit
C:\Windows\System\OvqcBeO.exe

Filesize
2.1MB

MD5
7cf0fdcfed16efd3df8f7c24152cb372

SHA1
9063e01f39cc18f3cbf81ac5dee01327a0cfa293

SHA256
60dbffe5e7c308baaf500e6caf37211cb00ba800c711f0749123ce0078909db5

SHA512
702bf6730875c7088ebc96e3ba7fbf24027fea5692965f44dc20b4d234fd1ebd47e8be85bbee2688c7f13d89742de3b681a7c19ba6bb87cd18b692184c02310c

Download Submit
C:\Windows\System\QQzheQm.exe

Filesize
2.1MB

MD5
ca224197e4daf755420e296628c5a18a

SHA1
bf2c7c64e6e78ec4185a05bcc39ced7602bdd36d

SHA256
fe900a95b5d63c23a4f5725c58a020a1e34e42e47fad24f4d000a69ecb056ce7

SHA512
6b22f7ee7ad9c7d89d4eb6e5f1ddc0d883d926ee7b8764433f3bcd74f3980309783c8585c50a753384e46d1d187b275e30072d4c7ca36cf4e7ee65f970133fdd

Download Submit
C:\Windows\System\RjzgIGb.exe

Filesize
2.1MB

MD5
a9fef8f87c70e2b212f75b3e6f018c4d

SHA1
152eb6b555f8c261cd7c89c07b4c9b9f62ccb1e2

SHA256
4f2dbbdc8e8f76c0768c22e74c5c018a5e5cde0434f74c3b2cfc1a55bb777cf8

SHA512
0cae35b91962f808738390feb7ecbbd5804c1420598015544b2b1b1e7ca558c3a46f5f026cf8a27d52663ab3523297d2177104fcc46c20a12fc69c450af3fd19

Download Submit
C:\Windows\System\RkdxHOf.exe

Filesize
2.1MB

MD5
e0b5ce8e10c5eafeff85e677226447b6

SHA1
4d69193ac9d644796bac952f6edd5e4adeea0399

SHA256
f48fc1a42a64085be4989f9236fb0cda7083c63abd32d8a0e78550db37d1ef36

SHA512
84278f9945da6fe2b2946a582e04474c0c0743ae032cc61378cdbedaeb25c74d6cba6f1468a5eee129987e18fbbe18a94974da854aa4c3fdd850a14e536a859b

Download Submit
C:\Windows\System\SVmTynX.exe

Filesize
2.1MB

MD5
194725c4182c8342248d289de4a85f9e

SHA1
a5bc530574041dba49902d8d45429afa9bb59dc1

SHA256
95ec288979853a2c01b25be44558545f1b97bbbb2a38b11dfbb5feefa45f5500

SHA512
5f3a059519b389f3fffd26a65430e2808fc072637d5ee894eb3c6f53fd755b8136994d7a555318a64ec88e4b092e1cc79e86eeb8042b848eff508a1140b6c366

Download Submit
C:\Windows\System\UftzUoJ.exe

Filesize
2.1MB

MD5
5b3511b12b92a43d7865357de9d64e83

SHA1
763870e45734c3fb28f06b822e0148c858329edd

SHA256
4fe910554795de591550f907a5d104a90fb3f813348402d3be4b1869f66f615c

SHA512
97e9b53e86c6f7b48830100d3fd1f0d7c4be7411b0bce5cdf9f46814b409540f870d45825926effa7ac99f8634999fc86a3b5866cc215c573b57b13a870ddee2

Download Submit
C:\Windows\System\VTjMSYG.exe

Filesize
2.1MB

MD5
068aa23ab73d35945430cd65a122f785

SHA1
0b7155e09facbb8c612aa7d4a0e5b681ef3192f3

SHA256
642b3e6bfdd19da17ac6f0f9d375c4d14fe7ef25438a832f31b3b4292d121a29

SHA512
0aa5472c3fcac8550e776946822ff02d5c3616f344d4c5e42f3ae88c5a9ed91d1b8e66a320c40ba124fd8cfc103de80f949e56e81dc7ab572b37911fd6c883bd

Download Submit
C:\Windows\System\YhGpAWC.exe

Filesize
2.1MB

MD5
364b2a35fdabd6d8ad6e69f7177475a3

SHA1
9316ad34850620c8651161a3292818a9b15de22d

SHA256
15a1003042b75f97427463ace5f479051eeffb5d90492c94b975a8692df7e1e2

SHA512
22f783a8976b060516608b5cb940298318b7d400cff7f0177debc08fef9421a1ab60f057c008944347f40fae31bb625d2188c011a30e1aa85ec1593dd2054596

Download Submit
C:\Windows\System\bnlrWbD.exe

Filesize
2.1MB

MD5
0b7e5a51ec2c731fe62aa8af52194645

SHA1
32669f47bb9b7efd43291b7b98c486d499de3db5

SHA256
84a920b74a06e74abc2e73c1bb390a4f0a601c425791dadb4f0fca64f41cd9ca

SHA512
0986444c14552171b1a84bf4f05cd8f6ff3c94ca40348f8a1050e4e094fe60ce28381d76181be2dc222ab112e380c9e56e265be2f5024a18eea9d097291a7e40

Download Submit
C:\Windows\System\cIkOyrm.exe

Filesize
2.1MB

MD5
76509beb4629b92378b0818abb6371a8

SHA1
f05854b3efb85f81659bd98b085629817c97744e

SHA256
b1f4ef62d21f6f647766678939de1d4711e11a9571dc7119d701d1c143bcb5d9

SHA512
e48fa19168db8b41102636279f1eb0c8b2f923422c53ef49112dfa35bb20a309366dee2eec0475bab9c3d7a784300bd8412d0fd8a117dcc6181f33d556710e64

Download Submit
C:\Windows\System\fosoqsv.exe

Filesize
2.1MB

MD5
6d166796d77c165f5bf32914a0dabcab

SHA1
7f15ecbc1a1efe1fc6d07f161821d76445b95155

SHA256
6a8ee282ec95e0fee0f16233cffa9bcb45e758fca430075495f167075690d174

SHA512
8e974fc8ce3b05a2a61d4d89e99731cd67a4ca6431e1e71574885b71645cb0edc6aa0c39c2949a73b85c272f911ed337811850c7584e7266f93025362fa87c36

Download Submit
C:\Windows\System\ftTOgFw.exe

Filesize
2.1MB

MD5
39e3008ad8a98fab09a3529331807be3

SHA1
5ad19c077aeeaa131078b564656a9103cf0d8216

SHA256
76d693224c9ad5b7bd4925258a43c01e28eec462ba6294f8ec64f6bf6de540ce

SHA512
db50b8eb97a4e7adea58b76111bbf162f5ca970a79b0234d89f9ed370383b143205ce4fb69a57adcc38a88c3252924ba692b43d57b929d70f354bc418b64789e

Download Submit
C:\Windows\System\gqBGcDi.exe

Filesize
2.1MB

MD5
740e49ffb8ff1b8470ddaccbddad3a3f

SHA1
5c652508c1c1857777585697b435155548653dff

SHA256
becd37f5535ea729ca6128f2e8e3f470aa80644e572ed0850d4fc06e30546ada

SHA512
c45dd0621629379dcf1bf040064a0a1e49a242c0bbba29c6d1bf5086b393708b0da61684b277ff297a8ee3f974274accd03c883612828ed19dc2f95e89432143

Download Submit
C:\Windows\System\jwGYSuc.exe

Filesize
2.1MB

MD5
b02b3362fbee4aae55fe0c9a2409fffc

SHA1
eb709b83f6980856da48190e517ce1555597e850

SHA256
86c84239d88abb4f110d306d15aef9e1749410459802258794533d0a96e2a696

SHA512
ba9d107d51307c35bbd0c182901ad50d77c348acc8da2bd78551718168870e9564bf97ac01bbb63a4ed4cc9c2ea15faab050544f688f6433e985c299133576e7

Download Submit
C:\Windows\System\lzGuDFt.exe

Filesize
2.1MB

MD5
0196748388ffd5d14413fc061f353040

SHA1
56241b4afcb152f557709b0b629e3055938af7af

SHA256
bd20a487c8ce20f2a86612f37350a29da0159686ed7543993ad4c6c1e060dccb

SHA512
965dffd337a3b67e7c2b76ec7f1a21a49658d29698955898259c0f6f4279437db42ee9512b8c9799872b7f1fbf66f672bb8d54d5c64bddfc950e250d2e9d9f4c

Download Submit
C:\Windows\System\nSeSFmh.exe

Filesize
2.1MB

MD5
1ca6c1e5d15277e22566dc72e706f2f2

SHA1
e4d73faf78b89e0fc8fe631cb52ed34943cac068

SHA256
86f47efc49d8ee6c5f009fe927aaaa0687af3cc41c1f01829e94ddaf2eedb64e

SHA512
16977c73fc359681e9cff81a8cf6ce5ce2ae4d0bdb59d30d9bd2ba84391700535e51b3723e93231a1434e15e156c63f9f861145cca654aad5f08044d6101f173

Download Submit
C:\Windows\System\ncSMlcb.exe

Filesize
2.1MB

MD5
6a613be1fb512c6788af3db31b531909

SHA1
bbe36cef94425a98a30baf51ff7e6fd4028b62d6

SHA256
6da2ce6c9e424d14379b61716ed6075e9476198595935ca32b85865276e2242e

SHA512
aaf2d3bfae2d22a870ae7b2d58b3f367ee27a31581cba08dc1dd0a2f36e83ba0ed9928b96e2e786a028efe5656b73c3fb8aa143d785f8e2d802cce21c32988cd

Download Submit
C:\Windows\System\oulQcjI.exe

Filesize
2.1MB

MD5
c43976175c077b61780b82a7947889ca

SHA1
5647928ce9af8052cf822b1247e83e7bf9f5fdda

SHA256
60582ecfb7a06cf874ff381bb71e294f4d4ed2d5ef489a0a74b26d0a309d0a7c

SHA512
c84160d39f1d5d0064b75eff5c9c6c9285c6a24ca583e1af3c9bbcefd0d730f4c489d88761a332cea4706ad9f2240d2f83fdd06b8cf40f87cd8f3de8d7056568

Download Submit
C:\Windows\System\pDYaRhn.exe

Filesize
2.1MB

MD5
6223ce037c38952cc233d9e951701554

SHA1
a197d5e35c6a4d6b34878b24e0ba66e16232c9b5

SHA256
a37ccc6f5f35aaef032ccf80b65ea580267c812969323c5873d458f380ba88ac

SHA512
44b5c0f1085e72ae313ad472cf6ac58c94673e666b4982c0a474768c7529b924dbcc2c2fd9dadcec2a0d91b62263ef3766fd571e322d129d82f659efb59d12f1

Download Submit
C:\Windows\System\pzvDLxg.exe

Filesize
2.1MB

MD5
6d2aa9b5ca4e1ef4bec5267e3a75a178

SHA1
141a796c86721b0a0460291fa4a3a0adc93b2496

SHA256
78864da53efc33438deae435af8a9fdfa0f09c4f1e7f2c2d54a91442e959eeb4

SHA512
bbb80398bedeba0dcc16d30a8448b60454ea7b6f187ba6a861381d0fe7a8af4d8466e7b8a9755a04c5b303886b321b423c17cce49ea327deaff05c38c0e72699

Download Submit
C:\Windows\System\qMrJjfG.exe

Filesize
2.1MB

MD5
fcbd231df9ee9d2178625e828e6e19be

SHA1
aa6478ac90fa5e18e5b3a0a66e78db665522587e

SHA256
c0133d2974a9263f98887e661b33683eafd8ac72d405790302eb3a5c1325c7c0

SHA512
f0c4bb7cb717c6d758b2d4c1b43d563b9203c8a7201b4f2522cc027585c376a1f08c58e832c0060a108dfcc75a2e2c7a71e18cd7820aedb17bad810f6e04475e

Download Submit
C:\Windows\System\tpkbqCY.exe

Filesize
2.1MB

MD5
c57c103fab127a61bf90ac63f815182b

SHA1
e7c19503c180809cb73b53fef7b9fc1f600a5974

SHA256
d3ff8c559743157f7613b5dd6b6936ae813011d0050ec83741d90c64ef8fe6d1

SHA512
12c8965d9b39b22d0ee7df0a099733a4a286dc76bf1217000d687c86c8de9b17ec915c48a5d47cac0cae60d55cdb8d27a25000c6d7f70a6e2e52135741a1e8f6

Download Submit
C:\Windows\System\upuDnNh.exe

Filesize
2.1MB

MD5
f824833323b36667717a726c2399541f

SHA1
59495c2a1413e2d6a591c5794609b123b2c88e60

SHA256
fa75aa3a20b6c2d534628f04d60c74d769f880853db4b22035951f0ba6d50b47

SHA512
ba3b665d52f493892f4c881da858a2abeb5504dd5489a2553958e49349c0f702932219f041c8b4c4d3f3b372693461fecee75b2d263af504eac5c772e0d14080

Download Submit
C:\Windows\System\ypVuhVB.exe

Filesize
2.1MB

MD5
5fd661c48c41c56c160d7cc035143348

SHA1
9e58a063cf1ef7b1f587fd250f71ba9b13b542d2

SHA256
4168b7d1ebdbedb26567c30793d72fc736dbc6da451f4136c30ebcfd2a9d618b

SHA512
5a00039016763fac8f87728f9930777bbd6c2e69d02f7033628d47ef5cb30e60bd520182fcf355dd627c68b554ef46e209d656526a47e9c484237b20e07b500c

Download Submit
memory/316-2286-0x00007FF6FD770000-0x00007FF6FDAC4000-memory.dmp

Filesize
3.3MB

Download
memory/316-840-0x00007FF6FD770000-0x00007FF6FDAC4000-memory.dmp

Filesize
3.3MB

Download
memory/348-742-0x00007FF721780000-0x00007FF721AD4000-memory.dmp

Filesize
3.3MB

Download
memory/348-2272-0x00007FF721780000-0x00007FF721AD4000-memory.dmp

Filesize
3.3MB

Download
memory/556-733-0x00007FF695880000-0x00007FF695BD4000-memory.dmp

Filesize
3.3MB

Download
memory/556-2274-0x00007FF695880000-0x00007FF695BD4000-memory.dmp

Filesize
3.3MB

Download
memory/744-819-0x00007FF600820000-0x00007FF600B74000-memory.dmp

Filesize
3.3MB

Download
memory/744-2278-0x00007FF600820000-0x00007FF600B74000-memory.dmp

Filesize
3.3MB

Download
memory/1280-1519-0x00007FF719230000-0x00007FF719584000-memory.dmp

Filesize
3.3MB

Download
memory/1280-2265-0x00007FF719230000-0x00007FF719584000-memory.dmp

Filesize
3.3MB

Download
memory/1280-728-0x00007FF719230000-0x00007FF719584000-memory.dmp

Filesize
3.3MB

Download
memory/1488-2262-0x00007FF7ADA00000-0x00007FF7ADD54000-memory.dmp

Filesize
3.3MB

Download
memory/1488-30-0x00007FF7ADA00000-0x00007FF7ADD54000-memory.dmp

Filesize
3.3MB

Download
memory/1488-1322-0x00007FF7ADA00000-0x00007FF7ADD54000-memory.dmp

Filesize
3.3MB

Download
memory/1596-827-0x00007FF64B3A0000-0x00007FF64B6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-2285-0x00007FF64B3A0000-0x00007FF64B6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-818-0x00007FF609370000-0x00007FF6096C4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2279-0x00007FF609370000-0x00007FF6096C4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-730-0x00007FF726A60000-0x00007FF726DB4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-2281-0x00007FF726A60000-0x00007FF726DB4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-837-0x00007FF67A790000-0x00007FF67AAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-2287-0x00007FF67A790000-0x00007FF67AAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2266-0x00007FF63E740000-0x00007FF63EA94000-memory.dmp

Filesize
3.3MB

Download
memory/2112-751-0x00007FF63E740000-0x00007FF63EA94000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2263-0x00007FF6571A0000-0x00007FF6574F4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1116-0x00007FF6571A0000-0x00007FF6574F4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-27-0x00007FF6571A0000-0x00007FF6574F4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-2275-0x00007FF7A4480000-0x00007FF7A47D4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-744-0x00007FF7A4480000-0x00007FF7A47D4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-748-0x00007FF671AC0000-0x00007FF671E14000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2276-0x00007FF671AC0000-0x00007FF671E14000-memory.dmp

Filesize
3.3MB

Download
memory/2428-732-0x00007FF687AC0000-0x00007FF687E14000-memory.dmp

Filesize
3.3MB

Download
memory/2428-2277-0x00007FF687AC0000-0x00007FF687E14000-memory.dmp

Filesize
3.3MB

Download
memory/2444-822-0x00007FF643A00000-0x00007FF643D54000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2283-0x00007FF643A00000-0x00007FF643D54000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2282-0x00007FF6F0980000-0x00007FF6F0CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-731-0x00007FF6F0980000-0x00007FF6F0CD4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-739-0x00007FF67AEE0000-0x00007FF67B234000-memory.dmp

Filesize
3.3MB

Download
memory/2660-2273-0x00007FF67AEE0000-0x00007FF67B234000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2269-0x00007FF63DCB0000-0x00007FF63E004000-memory.dmp

Filesize
3.3MB

Download
memory/2928-811-0x00007FF63DCB0000-0x00007FF63E004000-memory.dmp

Filesize
3.3MB

Download
memory/3180-2280-0x00007FF77F740000-0x00007FF77FA94000-memory.dmp

Filesize
3.3MB

Download
memory/3180-729-0x00007FF77F740000-0x00007FF77FA94000-memory.dmp

Filesize
3.3MB

Download
memory/3276-826-0x00007FF6B0C60000-0x00007FF6B0FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3276-2284-0x00007FF6B0C60000-0x00007FF6B0FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3588-1409-0x00007FF6F2DD0000-0x00007FF6F3124000-memory.dmp

Filesize
3.3MB

Download
memory/3588-2270-0x00007FF6F2DD0000-0x00007FF6F3124000-memory.dmp

Filesize
3.3MB

Download
memory/3588-47-0x00007FF6F2DD0000-0x00007FF6F3124000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2268-0x00007FF61AE00000-0x00007FF61B154000-memory.dmp

Filesize
3.3MB

Download
memory/3712-808-0x00007FF61AE00000-0x00007FF61B154000-memory.dmp

Filesize
3.3MB

Download
memory/3720-8-0x00007FF6888E0000-0x00007FF688C34000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2259-0x00007FF6888E0000-0x00007FF688C34000-memory.dmp

Filesize
3.3MB

Download
memory/3720-1024-0x00007FF6888E0000-0x00007FF688C34000-memory.dmp

Filesize
3.3MB

Download
memory/4392-2271-0x00007FF7BA230000-0x00007FF7BA584000-memory.dmp

Filesize
3.3MB

Download
memory/4392-842-0x00007FF7BA230000-0x00007FF7BA584000-memory.dmp

Filesize
3.3MB

Download
memory/4476-814-0x00007FF6BD790000-0x00007FF6BDAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2267-0x00007FF6BD790000-0x00007FF6BDAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-929-0x00007FF6B72D0000-0x00007FF6B7624000-memory.dmp

Filesize
3.3MB

Download
memory/4540-1-0x000001DBAAE90000-0x000001DBAAEA0000-memory.dmp

Filesize
64KB

Download
memory/4540-0-0x00007FF6B72D0000-0x00007FF6B7624000-memory.dmp

Filesize
3.3MB

Download
memory/4828-2264-0x00007FF62BDE0000-0x00007FF62C134000-memory.dmp

Filesize
3.3MB

Download
memory/4828-41-0x00007FF62BDE0000-0x00007FF62C134000-memory.dmp

Filesize
3.3MB

Download
memory/4828-1325-0x00007FF62BDE0000-0x00007FF62C134000-memory.dmp

Filesize
3.3MB

Download
memory/4908-1115-0x00007FF7F6530000-0x00007FF7F6884000-memory.dmp

Filesize
3.3MB

Download
memory/4908-15-0x00007FF7F6530000-0x00007FF7F6884000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2260-0x00007FF7F6530000-0x00007FF7F6884000-memory.dmp

Filesize
3.3MB

Download
memory/5004-17-0x00007FF7AC700000-0x00007FF7ACA54000-memory.dmp

Filesize
3.3MB

Download
memory/5004-1026-0x00007FF7AC700000-0x00007FF7ACA54000-memory.dmp

Filesize
3.3MB

Download
memory/5004-2261-0x00007FF7AC700000-0x00007FF7ACA54000-memory.dmp

Filesize
3.3MB

Download