xmrig | cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
Size

1.9MB
MD5

716baac2059689c0d6de9ace55eb4d88
SHA1

2cb48ad62e4abd7df82e0c0c562f87a1a8b659fc
SHA256

cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560
SHA512

55f7ac4215d22c2d1fbfdeec593924dcf7b58249019640cf51730d4de4ebfd1028f8d630c8e6a6f57b967e3fca2cdae7bbe354e99e941b3b9aa37814144be859
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9ozttwIRxj4c5yOBZHeuf:GemTLkNdfE0pZyF

Score

10^/10

xmrig miner

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 35 IoCs

miner

resource	yara_rule
behavioral2/files/0x0009000000023c64-4.dat	xmrig
behavioral2/files/0x0007000000023cc2-6.dat	xmrig
behavioral2/files/0x0008000000023cbe-13.dat	xmrig
behavioral2/files/0x0007000000023cc3-20.dat	xmrig
behavioral2/files/0x0007000000023cc4-25.dat	xmrig
behavioral2/files/0x0008000000023cbf-32.dat	xmrig
behavioral2/files/0x0007000000023cc8-43.dat	xmrig
behavioral2/files/0x0007000000023ccc-67.dat	xmrig
behavioral2/files/0x0007000000023cc9-49.dat	xmrig
behavioral2/files/0x0007000000023cd4-97.dat	xmrig
behavioral2/files/0x0007000000023cdd-150.dat	xmrig
behavioral2/files/0x0007000000023ce3-174.dat	xmrig
behavioral2/files/0x0007000000023ce2-169.dat	xmrig
behavioral2/files/0x0007000000023ce1-168.dat	xmrig
behavioral2/files/0x0007000000023ce0-164.dat	xmrig
behavioral2/files/0x0007000000023cdf-162.dat	xmrig
behavioral2/files/0x0007000000023cde-147.dat	xmrig
behavioral2/files/0x0007000000023cdc-140.dat	xmrig
behavioral2/files/0x0007000000023cdb-138.dat	xmrig
behavioral2/files/0x0007000000023cda-136.dat	xmrig
behavioral2/files/0x0007000000023cd9-134.dat	xmrig
behavioral2/files/0x0007000000023cd8-132.dat	xmrig
behavioral2/files/0x0007000000023cd7-130.dat	xmrig
behavioral2/files/0x0007000000023cd6-128.dat	xmrig
behavioral2/files/0x0007000000023cd5-126.dat	xmrig
behavioral2/files/0x0007000000023cd3-120.dat	xmrig
behavioral2/files/0x0007000000023cd2-117.dat	xmrig
behavioral2/files/0x0007000000023cd1-108.dat	xmrig
behavioral2/files/0x0007000000023cd0-82.dat	xmrig
behavioral2/files/0x0007000000023ccf-75.dat	xmrig
behavioral2/files/0x0007000000023ccb-73.dat	xmrig
behavioral2/files/0x0007000000023cca-71.dat	xmrig
behavioral2/files/0x0007000000023cce-69.dat	xmrig
behavioral2/files/0x0007000000023ccd-63.dat	xmrig
behavioral2/files/0x0007000000023cc5-35.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4852	QqgSVrR.exe
4136	mucJxnN.exe
4456	CwyGThz.exe
4144	TlhVviX.exe
4100	CJjXsdz.exe
3188	VJVBkvB.exe
3956	QgCswgh.exe
4296	wMBkVNW.exe
1816	rRuhQLD.exe
4880	xSWJRzV.exe
3476	tNZYlOM.exe
3932	kOdUGJO.exe
2904	eUpcwCL.exe
3132	rESixYY.exe
2676	TCXqhmi.exe
5000	HTnBgEM.exe
2252	AMinGGN.exe
4216	wsOCEXr.exe
3032	BIDiYeJ.exe
4828	aNxRYls.exe
2556	oGmBCje.exe
4872	wdMASGD.exe
3976	PkXnOwJ.exe
3488	fkLlstH.exe
2964	vYZLicx.exe
2052	igVBUCF.exe
1684	ymWyTux.exe
4072	kAfWqny.exe
2640	EOMkEgH.exe
4264	WgmOlUq.exe
1196	czqdRwZ.exe
4472	FoRpIJN.exe
4060	yKpuWFi.exe
2188	bhcvuET.exe
764	wYyqIPT.exe
1308	awwfhvl.exe
1852	RbRRXnf.exe
220	iDDJuAk.exe
3836	lIJqHPC.exe
3348	msbRNuj.exe
1444	FHoWuay.exe
3904	nsYsJwj.exe
4836	xVEdIbW.exe
3204	PHXMXcy.exe
4356	fUclhcN.exe
1820	KfztOYu.exe
264	yuUEbwQ.exe
3448	WOZOrDT.exe
4860	jMVigiB.exe
1256	tVjqKPh.exe
5108	ZLTRbza.exe
4760	NbGIAVQ.exe
3616	EkoBxmL.exe
4764	EQYGqVh.exe
820	MVMPSAg.exe
1640	VaqjGME.exe
2624	DwTRfuU.exe
1072	vjmjFPq.exe
1160	sFoASwS.exe
4744	scIpHnL.exe
3532	uowPuxs.exe
548	POaFikM.exe
348	nKofngU.exe
3096	dZnlBrF.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NSKsXxo.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\NPMhpxC.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\UhTQFoD.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\ObfaNVd.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\ldJXpoe.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\EUKmEUx.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\uoiKpWV.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\umcHkkk.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\LPlHlAD.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\vuwYYii.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\TRJCVqe.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\JZqoHpj.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\DAlQCde.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\taFnvfq.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\XDrwOjW.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\tFzIFaL.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\nmkLGIc.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\uqdPUpw.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\euUySUR.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\tNZYlOM.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\sJTpZoU.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\pUStekW.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\vmLTHXe.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\ODRQaHf.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\DkrwLMq.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\ScjbdbB.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\SkkIAIU.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\fhCLzAk.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\VOMhDzu.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\SMPBmRd.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\IcAZxOl.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\XDHTiin.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\obXhIQu.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\CprfLKB.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\CDWkRyW.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\EXUcGYM.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\quAfmin.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\RYsLAqb.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\JoydNjw.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\nUTHhKf.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\xuzHZXu.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\HmbccQY.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\asuMbiJ.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\ejcbSaE.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\ZRvucHu.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\NQqruaM.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\pBoMLwj.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\iOQuFnj.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\lrBIEZc.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\IjvenSK.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\bJKGadL.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\BoglWjR.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\TDldmdC.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\jMVigiB.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\EFgtpgs.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\vYZLicx.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\ZfcOsOr.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\BLloaqe.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\NioKgRJ.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\RUzxFnm.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\tXLImzx.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\KjsPqvZ.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\PFbDJNJ.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
File created	C:\Windows\System\ozoJXYR.exe	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 50 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17020	dwm.exe
Token: SeChangeNotifyPrivilege	17020	dwm.exe
Token: 33	17020	dwm.exe
Token: SeIncBasePriorityPrivilege	17020	dwm.exe
Token: SeCreateGlobalPrivilege	1136	dwm.exe
Token: SeChangeNotifyPrivilege	1136	dwm.exe
Token: 33	1136	dwm.exe
Token: SeIncBasePriorityPrivilege	1136	dwm.exe
Token: SeCreateGlobalPrivilege	17164	dwm.exe
Token: SeChangeNotifyPrivilege	17164	dwm.exe
Token: 33	17164	dwm.exe
Token: SeIncBasePriorityPrivilege	17164	dwm.exe
Token: SeShutdownPrivilege	17164	dwm.exe
Token: SeCreatePagefilePrivilege	17164	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 4852	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	86
PID 1804 wrote to memory of 4852	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	86
PID 1804 wrote to memory of 4136	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	87
PID 1804 wrote to memory of 4136	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	87
PID 1804 wrote to memory of 4456	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	88
PID 1804 wrote to memory of 4456	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	88
PID 1804 wrote to memory of 4144	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	89
PID 1804 wrote to memory of 4144	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	89
PID 1804 wrote to memory of 4100	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	90
PID 1804 wrote to memory of 4100	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	90
PID 1804 wrote to memory of 3188	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	91
PID 1804 wrote to memory of 3188	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	91
PID 1804 wrote to memory of 3956	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	92
PID 1804 wrote to memory of 3956	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	92
PID 1804 wrote to memory of 4296	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	93
PID 1804 wrote to memory of 4296	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	93
PID 1804 wrote to memory of 1816	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	94
PID 1804 wrote to memory of 1816	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	94
PID 1804 wrote to memory of 2904	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	95
PID 1804 wrote to memory of 2904	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	95
PID 1804 wrote to memory of 3132	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	96
PID 1804 wrote to memory of 3132	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	96
PID 1804 wrote to memory of 4880	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	97
PID 1804 wrote to memory of 4880	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	97
PID 1804 wrote to memory of 3476	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	98
PID 1804 wrote to memory of 3476	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	98
PID 1804 wrote to memory of 3932	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	99
PID 1804 wrote to memory of 3932	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	99
PID 1804 wrote to memory of 2676	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	100
PID 1804 wrote to memory of 2676	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	100
PID 1804 wrote to memory of 5000	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	101
PID 1804 wrote to memory of 5000	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	101
PID 1804 wrote to memory of 2252	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	102
PID 1804 wrote to memory of 2252	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	102
PID 1804 wrote to memory of 4216	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	103
PID 1804 wrote to memory of 4216	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	103
PID 1804 wrote to memory of 3032	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	104
PID 1804 wrote to memory of 3032	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	104
PID 1804 wrote to memory of 4828	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	105
PID 1804 wrote to memory of 4828	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	105
PID 1804 wrote to memory of 2556	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	106
PID 1804 wrote to memory of 2556	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	106
PID 1804 wrote to memory of 4872	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	107
PID 1804 wrote to memory of 4872	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	107
PID 1804 wrote to memory of 3976	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	108
PID 1804 wrote to memory of 3976	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	108
PID 1804 wrote to memory of 3488	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	109
PID 1804 wrote to memory of 3488	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	109
PID 1804 wrote to memory of 2964	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	110
PID 1804 wrote to memory of 2964	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	110
PID 1804 wrote to memory of 2052	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	111
PID 1804 wrote to memory of 2052	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	111
PID 1804 wrote to memory of 1684	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	112
PID 1804 wrote to memory of 1684	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	112
PID 1804 wrote to memory of 4072	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	113
PID 1804 wrote to memory of 4072	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	113
PID 1804 wrote to memory of 2640	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	114
PID 1804 wrote to memory of 2640	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	114
PID 1804 wrote to memory of 4264	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	115
PID 1804 wrote to memory of 4264	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	115
PID 1804 wrote to memory of 1196	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	116
PID 1804 wrote to memory of 1196	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	116
PID 1804 wrote to memory of 4472	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	117
PID 1804 wrote to memory of 4472	1804	cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe	117

C:\Users\Admin\AppData\Local\Temp\cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe
"C:\Users\Admin\AppData\Local\Temp\cdbcad94777bf7188848290326fcebca3d6bbc299eb9fc13ff79f5d00066d560.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\System\QqgSVrR.exe
  C:\Windows\System\QqgSVrR.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\mucJxnN.exe
  C:\Windows\System\mucJxnN.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\CwyGThz.exe
  C:\Windows\System\CwyGThz.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\TlhVviX.exe
  C:\Windows\System\TlhVviX.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\CJjXsdz.exe
  C:\Windows\System\CJjXsdz.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\VJVBkvB.exe
  C:\Windows\System\VJVBkvB.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\QgCswgh.exe
  C:\Windows\System\QgCswgh.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\wMBkVNW.exe
  C:\Windows\System\wMBkVNW.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\rRuhQLD.exe
  C:\Windows\System\rRuhQLD.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\eUpcwCL.exe
  C:\Windows\System\eUpcwCL.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\rESixYY.exe
  C:\Windows\System\rESixYY.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\xSWJRzV.exe
  C:\Windows\System\xSWJRzV.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\tNZYlOM.exe
  C:\Windows\System\tNZYlOM.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\kOdUGJO.exe
  C:\Windows\System\kOdUGJO.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\TCXqhmi.exe
  C:\Windows\System\TCXqhmi.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\HTnBgEM.exe
  C:\Windows\System\HTnBgEM.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\AMinGGN.exe
  C:\Windows\System\AMinGGN.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\wsOCEXr.exe
  C:\Windows\System\wsOCEXr.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\BIDiYeJ.exe
  C:\Windows\System\BIDiYeJ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\aNxRYls.exe
  C:\Windows\System\aNxRYls.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\oGmBCje.exe
  C:\Windows\System\oGmBCje.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\wdMASGD.exe
  C:\Windows\System\wdMASGD.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\PkXnOwJ.exe
  C:\Windows\System\PkXnOwJ.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\fkLlstH.exe
  C:\Windows\System\fkLlstH.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\vYZLicx.exe
  C:\Windows\System\vYZLicx.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\igVBUCF.exe
  C:\Windows\System\igVBUCF.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\ymWyTux.exe
  C:\Windows\System\ymWyTux.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\kAfWqny.exe
  C:\Windows\System\kAfWqny.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\EOMkEgH.exe
  C:\Windows\System\EOMkEgH.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\WgmOlUq.exe
  C:\Windows\System\WgmOlUq.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\czqdRwZ.exe
  C:\Windows\System\czqdRwZ.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\FoRpIJN.exe
  C:\Windows\System\FoRpIJN.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\yKpuWFi.exe
  C:\Windows\System\yKpuWFi.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\bhcvuET.exe
  C:\Windows\System\bhcvuET.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\wYyqIPT.exe
  C:\Windows\System\wYyqIPT.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\awwfhvl.exe
  C:\Windows\System\awwfhvl.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\RbRRXnf.exe
  C:\Windows\System\RbRRXnf.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\iDDJuAk.exe
  C:\Windows\System\iDDJuAk.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\lIJqHPC.exe
  C:\Windows\System\lIJqHPC.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\msbRNuj.exe
  C:\Windows\System\msbRNuj.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\FHoWuay.exe
  C:\Windows\System\FHoWuay.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\nsYsJwj.exe
  C:\Windows\System\nsYsJwj.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\xVEdIbW.exe
  C:\Windows\System\xVEdIbW.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\PHXMXcy.exe
  C:\Windows\System\PHXMXcy.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\fUclhcN.exe
  C:\Windows\System\fUclhcN.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\KfztOYu.exe
  C:\Windows\System\KfztOYu.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\yuUEbwQ.exe
  C:\Windows\System\yuUEbwQ.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\jMVigiB.exe
  C:\Windows\System\jMVigiB.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\WOZOrDT.exe
  C:\Windows\System\WOZOrDT.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\tVjqKPh.exe
  C:\Windows\System\tVjqKPh.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\ZLTRbza.exe
  C:\Windows\System\ZLTRbza.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\NbGIAVQ.exe
  C:\Windows\System\NbGIAVQ.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\EQYGqVh.exe
  C:\Windows\System\EQYGqVh.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\EkoBxmL.exe
  C:\Windows\System\EkoBxmL.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\MVMPSAg.exe
  C:\Windows\System\MVMPSAg.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\VaqjGME.exe
  C:\Windows\System\VaqjGME.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\DwTRfuU.exe
  C:\Windows\System\DwTRfuU.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\vjmjFPq.exe
  C:\Windows\System\vjmjFPq.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\sFoASwS.exe
  C:\Windows\System\sFoASwS.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\scIpHnL.exe
  C:\Windows\System\scIpHnL.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\uowPuxs.exe
  C:\Windows\System\uowPuxs.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\POaFikM.exe
  C:\Windows\System\POaFikM.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\nKofngU.exe
  C:\Windows\System\nKofngU.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\dZnlBrF.exe
  C:\Windows\System\dZnlBrF.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\HPnFtZh.exe
  C:\Windows\System\HPnFtZh.exe
  2⤵
  PID:1456
- C:\Windows\System\dujGMYp.exe
  C:\Windows\System\dujGMYp.exe
  2⤵
  PID:3020
- C:\Windows\System\VBnrFko.exe
  C:\Windows\System\VBnrFko.exe
  2⤵
  PID:1800
- C:\Windows\System\sMvadBh.exe
  C:\Windows\System\sMvadBh.exe
  2⤵
  PID:2176
- C:\Windows\System\GyUixFP.exe
  C:\Windows\System\GyUixFP.exe
  2⤵
  PID:2948
- C:\Windows\System\vlxKffm.exe
  C:\Windows\System\vlxKffm.exe
  2⤵
  PID:4552
- C:\Windows\System\RgqvDDN.exe
  C:\Windows\System\RgqvDDN.exe
  2⤵
  PID:1216
- C:\Windows\System\pvVkYDv.exe
  C:\Windows\System\pvVkYDv.exe
  2⤵
  PID:4404
- C:\Windows\System\orjJzIh.exe
  C:\Windows\System\orjJzIh.exe
  2⤵
  PID:4524
- C:\Windows\System\ETBpkSU.exe
  C:\Windows\System\ETBpkSU.exe
  2⤵
  PID:4676
- C:\Windows\System\pCkszPJ.exe
  C:\Windows\System\pCkszPJ.exe
  2⤵
  PID:2956
- C:\Windows\System\UIiaSVc.exe
  C:\Windows\System\UIiaSVc.exe
  2⤵
  PID:1384
- C:\Windows\System\sZWTFVb.exe
  C:\Windows\System\sZWTFVb.exe
  2⤵
  PID:3900
- C:\Windows\System\DzWKwdu.exe
  C:\Windows\System\DzWKwdu.exe
  2⤵
  PID:3768
- C:\Windows\System\YqTVNRy.exe
  C:\Windows\System\YqTVNRy.exe
  2⤵
  PID:4832
- C:\Windows\System\JPNsmYf.exe
  C:\Windows\System\JPNsmYf.exe
  2⤵
  PID:4280
- C:\Windows\System\QXufxPJ.exe
  C:\Windows\System\QXufxPJ.exe
  2⤵
  PID:2664
- C:\Windows\System\GjMywDl.exe
  C:\Windows\System\GjMywDl.exe
  2⤵
  PID:2852
- C:\Windows\System\dCkTpiV.exe
  C:\Windows\System\dCkTpiV.exe
  2⤵
  PID:208
- C:\Windows\System\WcyuPpE.exe
  C:\Windows\System\WcyuPpE.exe
  2⤵
  PID:3324
- C:\Windows\System\fltxLWX.exe
  C:\Windows\System\fltxLWX.exe
  2⤵
  PID:2856
- C:\Windows\System\uTpLslP.exe
  C:\Windows\System\uTpLslP.exe
  2⤵
  PID:2388
- C:\Windows\System\OcBBRby.exe
  C:\Windows\System\OcBBRby.exe
  2⤵
  PID:4352
- C:\Windows\System\ueOfdqq.exe
  C:\Windows\System\ueOfdqq.exe
  2⤵
  PID:4148
- C:\Windows\System\aCcKdJL.exe
  C:\Windows\System\aCcKdJL.exe
  2⤵
  PID:388
- C:\Windows\System\gXBxCSI.exe
  C:\Windows\System\gXBxCSI.exe
  2⤵
  PID:4420
- C:\Windows\System\UTEnPVR.exe
  C:\Windows\System\UTEnPVR.exe
  2⤵
  PID:4564
- C:\Windows\System\omRljlK.exe
  C:\Windows\System\omRljlK.exe
  2⤵
  PID:4968
- C:\Windows\System\xdlteuw.exe
  C:\Windows\System\xdlteuw.exe
  2⤵
  PID:4068
- C:\Windows\System\WFFfbpT.exe
  C:\Windows\System\WFFfbpT.exe
  2⤵
  PID:228
- C:\Windows\System\qWGRgyw.exe
  C:\Windows\System\qWGRgyw.exe
  2⤵
  PID:844
- C:\Windows\System\NPGWaDh.exe
  C:\Windows\System\NPGWaDh.exe
  2⤵
  PID:1288
- C:\Windows\System\opjuugr.exe
  C:\Windows\System\opjuugr.exe
  2⤵
  PID:3676
- C:\Windows\System\mJjfumV.exe
  C:\Windows\System\mJjfumV.exe
  2⤵
  PID:4892
- C:\Windows\System\LlnFmbq.exe
  C:\Windows\System\LlnFmbq.exe
  2⤵
  PID:3000
- C:\Windows\System\yVeaLKn.exe
  C:\Windows\System\yVeaLKn.exe
  2⤵
  PID:3864
- C:\Windows\System\AaJDTyf.exe
  C:\Windows\System\AaJDTyf.exe
  2⤵
  PID:1628
- C:\Windows\System\jtjAOQV.exe
  C:\Windows\System\jtjAOQV.exe
  2⤵
  PID:5040
- C:\Windows\System\vpaoTbJ.exe
  C:\Windows\System\vpaoTbJ.exe
  2⤵
  PID:1680
- C:\Windows\System\DSnviBq.exe
  C:\Windows\System\DSnviBq.exe
  2⤵
  PID:720
- C:\Windows\System\UyGanYL.exe
  C:\Windows\System\UyGanYL.exe
  2⤵
  PID:2300
- C:\Windows\System\whmlInf.exe
  C:\Windows\System\whmlInf.exe
  2⤵
  PID:2796
- C:\Windows\System\xnQfVIT.exe
  C:\Windows\System\xnQfVIT.exe
  2⤵
  PID:2712
- C:\Windows\System\nONUCoI.exe
  C:\Windows\System\nONUCoI.exe
  2⤵
  PID:2440
- C:\Windows\System\esOmWMS.exe
  C:\Windows\System\esOmWMS.exe
  2⤵
  PID:2196
- C:\Windows\System\mFKmxGK.exe
  C:\Windows\System\mFKmxGK.exe
  2⤵
  PID:5132
- C:\Windows\System\CFjgXeA.exe
  C:\Windows\System\CFjgXeA.exe
  2⤵
  PID:5164
- C:\Windows\System\GqdVtBo.exe
  C:\Windows\System\GqdVtBo.exe
  2⤵
  PID:5188
- C:\Windows\System\UIAbCck.exe
  C:\Windows\System\UIAbCck.exe
  2⤵
  PID:5216
- C:\Windows\System\cIhkEcF.exe
  C:\Windows\System\cIhkEcF.exe
  2⤵
  PID:5240
- C:\Windows\System\pNKNlYY.exe
  C:\Windows\System\pNKNlYY.exe
  2⤵
  PID:5264
- C:\Windows\System\wlXrHBM.exe
  C:\Windows\System\wlXrHBM.exe
  2⤵
  PID:5288
- C:\Windows\System\wNaGGCi.exe
  C:\Windows\System\wNaGGCi.exe
  2⤵
  PID:5320
- C:\Windows\System\ldcpPYH.exe
  C:\Windows\System\ldcpPYH.exe
  2⤵
  PID:5344
- C:\Windows\System\PWXlDMg.exe
  C:\Windows\System\PWXlDMg.exe
  2⤵
  PID:5360
- C:\Windows\System\JURIdbZ.exe
  C:\Windows\System\JURIdbZ.exe
  2⤵
  PID:5388
- C:\Windows\System\LfTzUwV.exe
  C:\Windows\System\LfTzUwV.exe
  2⤵
  PID:5428
- C:\Windows\System\vflEWam.exe
  C:\Windows\System\vflEWam.exe
  2⤵
  PID:5456
- C:\Windows\System\IcAZxOl.exe
  C:\Windows\System\IcAZxOl.exe
  2⤵
  PID:5488
- C:\Windows\System\tXLImzx.exe
  C:\Windows\System\tXLImzx.exe
  2⤵
  PID:5524
- C:\Windows\System\AeZiIYj.exe
  C:\Windows\System\AeZiIYj.exe
  2⤵
  PID:5544
- C:\Windows\System\sXbFFLs.exe
  C:\Windows\System\sXbFFLs.exe
  2⤵
  PID:5576
- C:\Windows\System\rrMpaNz.exe
  C:\Windows\System\rrMpaNz.exe
  2⤵
  PID:5608
- C:\Windows\System\LVqWngB.exe
  C:\Windows\System\LVqWngB.exe
  2⤵
  PID:5644
- C:\Windows\System\BhczlMf.exe
  C:\Windows\System\BhczlMf.exe
  2⤵
  PID:5668
- C:\Windows\System\UiOJZjR.exe
  C:\Windows\System\UiOJZjR.exe
  2⤵
  PID:5692
- C:\Windows\System\QeVYcco.exe
  C:\Windows\System\QeVYcco.exe
  2⤵
  PID:5724
- C:\Windows\System\HQxLTkI.exe
  C:\Windows\System\HQxLTkI.exe
  2⤵
  PID:5764
- C:\Windows\System\frbhoPq.exe
  C:\Windows\System\frbhoPq.exe
  2⤵
  PID:5780
- C:\Windows\System\fnMWTeH.exe
  C:\Windows\System\fnMWTeH.exe
  2⤵
  PID:5808
- C:\Windows\System\MOtxVVD.exe
  C:\Windows\System\MOtxVVD.exe
  2⤵
  PID:5836
- C:\Windows\System\uZVtGjQ.exe
  C:\Windows\System\uZVtGjQ.exe
  2⤵
  PID:5868
- C:\Windows\System\wHzsywA.exe
  C:\Windows\System\wHzsywA.exe
  2⤵
  PID:5892
- C:\Windows\System\fdubRjQ.exe
  C:\Windows\System\fdubRjQ.exe
  2⤵
  PID:5920
- C:\Windows\System\jOeDWLV.exe
  C:\Windows\System\jOeDWLV.exe
  2⤵
  PID:5940
- C:\Windows\System\gASKvgY.exe
  C:\Windows\System\gASKvgY.exe
  2⤵
  PID:5988
- C:\Windows\System\CIIaTiC.exe
  C:\Windows\System\CIIaTiC.exe
  2⤵
  PID:6016
- C:\Windows\System\YlXPWSc.exe
  C:\Windows\System\YlXPWSc.exe
  2⤵
  PID:6044
- C:\Windows\System\HESCZjL.exe
  C:\Windows\System\HESCZjL.exe
  2⤵
  PID:6072
- C:\Windows\System\DAlQCde.exe
  C:\Windows\System\DAlQCde.exe
  2⤵
  PID:6088
- C:\Windows\System\SUYuUpz.exe
  C:\Windows\System\SUYuUpz.exe
  2⤵
  PID:6120
- C:\Windows\System\JeDSuNb.exe
  C:\Windows\System\JeDSuNb.exe
  2⤵
  PID:2916
- C:\Windows\System\SgrBzTF.exe
  C:\Windows\System\SgrBzTF.exe
  2⤵
  PID:5208
- C:\Windows\System\LpebLBc.exe
  C:\Windows\System\LpebLBc.exe
  2⤵
  PID:5272
- C:\Windows\System\NMKVSyX.exe
  C:\Windows\System\NMKVSyX.exe
  2⤵
  PID:5308
- C:\Windows\System\XnFBans.exe
  C:\Windows\System\XnFBans.exe
  2⤵
  PID:5408
- C:\Windows\System\GFdqYVd.exe
  C:\Windows\System\GFdqYVd.exe
  2⤵
  PID:5448
- C:\Windows\System\zTimVVA.exe
  C:\Windows\System\zTimVVA.exe
  2⤵
  PID:5496
- C:\Windows\System\etFEJVD.exe
  C:\Windows\System\etFEJVD.exe
  2⤵
  PID:5588
- C:\Windows\System\XtLiWcT.exe
  C:\Windows\System\XtLiWcT.exe
  2⤵
  PID:5664
- C:\Windows\System\KUjmJSM.exe
  C:\Windows\System\KUjmJSM.exe
  2⤵
  PID:5704
- C:\Windows\System\yleEssL.exe
  C:\Windows\System\yleEssL.exe
  2⤵
  PID:5720
- C:\Windows\System\OPGDtKt.exe
  C:\Windows\System\OPGDtKt.exe
  2⤵
  PID:5832
- C:\Windows\System\BmbOpNu.exe
  C:\Windows\System\BmbOpNu.exe
  2⤵
  PID:5888
- C:\Windows\System\ZGqkDPx.exe
  C:\Windows\System\ZGqkDPx.exe
  2⤵
  PID:5996
- C:\Windows\System\VNDzfbd.exe
  C:\Windows\System\VNDzfbd.exe
  2⤵
  PID:6064
- C:\Windows\System\BLloaqe.exe
  C:\Windows\System\BLloaqe.exe
  2⤵
  PID:6104
- C:\Windows\System\dNkgMqK.exe
  C:\Windows\System\dNkgMqK.exe
  2⤵
  PID:5176
- C:\Windows\System\SCpxrUr.exe
  C:\Windows\System\SCpxrUr.exe
  2⤵
  PID:5252
- C:\Windows\System\UhTQFoD.exe
  C:\Windows\System\UhTQFoD.exe
  2⤵
  PID:5352
- C:\Windows\System\KBGnZSq.exe
  C:\Windows\System\KBGnZSq.exe
  2⤵
  PID:5552
- C:\Windows\System\GFBppTD.exe
  C:\Windows\System\GFBppTD.exe
  2⤵
  PID:5748
- C:\Windows\System\zzeugnS.exe
  C:\Windows\System\zzeugnS.exe
  2⤵
  PID:5912
- C:\Windows\System\VMQyxpk.exe
  C:\Windows\System\VMQyxpk.exe
  2⤵
  PID:6060
- C:\Windows\System\cXsocat.exe
  C:\Windows\System\cXsocat.exe
  2⤵
  PID:5232
- C:\Windows\System\kMeUInf.exe
  C:\Windows\System\kMeUInf.exe
  2⤵
  PID:5620
- C:\Windows\System\taFnvfq.exe
  C:\Windows\System\taFnvfq.exe
  2⤵
  PID:6100
- C:\Windows\System\UXdnFAm.exe
  C:\Windows\System\UXdnFAm.exe
  2⤵
  PID:5396
- C:\Windows\System\cbVEZqG.exe
  C:\Windows\System\cbVEZqG.exe
  2⤵
  PID:6172
- C:\Windows\System\soAWZRy.exe
  C:\Windows\System\soAWZRy.exe
  2⤵
  PID:6192
- C:\Windows\System\QCGLvse.exe
  C:\Windows\System\QCGLvse.exe
  2⤵
  PID:6216
- C:\Windows\System\Sczpkhq.exe
  C:\Windows\System\Sczpkhq.exe
  2⤵
  PID:6248
- C:\Windows\System\pLWEVha.exe
  C:\Windows\System\pLWEVha.exe
  2⤵
  PID:6268
- C:\Windows\System\ardPzHv.exe
  C:\Windows\System\ardPzHv.exe
  2⤵
  PID:6292
- C:\Windows\System\aXRhlvV.exe
  C:\Windows\System\aXRhlvV.exe
  2⤵
  PID:6324
- C:\Windows\System\AVTRyAd.exe
  C:\Windows\System\AVTRyAd.exe
  2⤵
  PID:6360
- C:\Windows\System\dllnoZJ.exe
  C:\Windows\System\dllnoZJ.exe
  2⤵
  PID:6388
- C:\Windows\System\ZggoGek.exe
  C:\Windows\System\ZggoGek.exe
  2⤵
  PID:6412
- C:\Windows\System\ZYdYcYU.exe
  C:\Windows\System\ZYdYcYU.exe
  2⤵
  PID:6444
- C:\Windows\System\exFhVXF.exe
  C:\Windows\System\exFhVXF.exe
  2⤵
  PID:6480
- C:\Windows\System\houEKLT.exe
  C:\Windows\System\houEKLT.exe
  2⤵
  PID:6512
- C:\Windows\System\QfVBNas.exe
  C:\Windows\System\QfVBNas.exe
  2⤵
  PID:6528
- C:\Windows\System\gGVAqBM.exe
  C:\Windows\System\gGVAqBM.exe
  2⤵
  PID:6556
- C:\Windows\System\gzWZVzk.exe
  C:\Windows\System\gzWZVzk.exe
  2⤵
  PID:6576
- C:\Windows\System\VojuZpV.exe
  C:\Windows\System\VojuZpV.exe
  2⤵
  PID:6600
- C:\Windows\System\MirrNFZ.exe
  C:\Windows\System\MirrNFZ.exe
  2⤵
  PID:6632
- C:\Windows\System\GacphDQ.exe
  C:\Windows\System\GacphDQ.exe
  2⤵
  PID:6668
- C:\Windows\System\Uxqzizk.exe
  C:\Windows\System\Uxqzizk.exe
  2⤵
  PID:6700
- C:\Windows\System\UJhLdly.exe
  C:\Windows\System\UJhLdly.exe
  2⤵
  PID:6732
- C:\Windows\System\QyPjkjc.exe
  C:\Windows\System\QyPjkjc.exe
  2⤵
  PID:6764
- C:\Windows\System\XDHTiin.exe
  C:\Windows\System\XDHTiin.exe
  2⤵
  PID:6784
- C:\Windows\System\UbSaJOh.exe
  C:\Windows\System\UbSaJOh.exe
  2⤵
  PID:6816
- C:\Windows\System\LXWxNbd.exe
  C:\Windows\System\LXWxNbd.exe
  2⤵
  PID:6836
- C:\Windows\System\BiHxeBi.exe
  C:\Windows\System\BiHxeBi.exe
  2⤵
  PID:6864
- C:\Windows\System\ZRvucHu.exe
  C:\Windows\System\ZRvucHu.exe
  2⤵
  PID:6892
- C:\Windows\System\rruaWEY.exe
  C:\Windows\System\rruaWEY.exe
  2⤵
  PID:6912
- C:\Windows\System\RxueyIt.exe
  C:\Windows\System\RxueyIt.exe
  2⤵
  PID:6932
- C:\Windows\System\RvBetmD.exe
  C:\Windows\System\RvBetmD.exe
  2⤵
  PID:6964
- C:\Windows\System\lmuvoxE.exe
  C:\Windows\System\lmuvoxE.exe
  2⤵
  PID:7004
- C:\Windows\System\DGgEsOq.exe
  C:\Windows\System\DGgEsOq.exe
  2⤵
  PID:7028
- C:\Windows\System\sHYGrUL.exe
  C:\Windows\System\sHYGrUL.exe
  2⤵
  PID:7052
- C:\Windows\System\LpaeHSj.exe
  C:\Windows\System\LpaeHSj.exe
  2⤵
  PID:7080
- C:\Windows\System\QDsuehl.exe
  C:\Windows\System\QDsuehl.exe
  2⤵
  PID:7120
- C:\Windows\System\JLxdoko.exe
  C:\Windows\System\JLxdoko.exe
  2⤵
  PID:7140
- C:\Windows\System\GqWYrFt.exe
  C:\Windows\System\GqWYrFt.exe
  2⤵
  PID:5312
- C:\Windows\System\PcfjrND.exe
  C:\Windows\System\PcfjrND.exe
  2⤵
  PID:6204
- C:\Windows\System\OGrcpac.exe
  C:\Windows\System\OGrcpac.exe
  2⤵
  PID:6256
- C:\Windows\System\DEehewW.exe
  C:\Windows\System\DEehewW.exe
  2⤵
  PID:6344
- C:\Windows\System\suwmgMy.exe
  C:\Windows\System\suwmgMy.exe
  2⤵
  PID:6380
- C:\Windows\System\RMAZBFp.exe
  C:\Windows\System\RMAZBFp.exe
  2⤵
  PID:6452
- C:\Windows\System\sYVRPCY.exe
  C:\Windows\System\sYVRPCY.exe
  2⤵
  PID:6488
- C:\Windows\System\jweVSua.exe
  C:\Windows\System\jweVSua.exe
  2⤵
  PID:6540
- C:\Windows\System\CTCEgdQ.exe
  C:\Windows\System\CTCEgdQ.exe
  2⤵
  PID:6616
- C:\Windows\System\NOxYkPV.exe
  C:\Windows\System\NOxYkPV.exe
  2⤵
  PID:6652
- C:\Windows\System\EsPwJES.exe
  C:\Windows\System\EsPwJES.exe
  2⤵
  PID:6748
- C:\Windows\System\mvjExSg.exe
  C:\Windows\System\mvjExSg.exe
  2⤵
  PID:6824
- C:\Windows\System\kdhpLkY.exe
  C:\Windows\System\kdhpLkY.exe
  2⤵
  PID:6876
- C:\Windows\System\hSNMPRx.exe
  C:\Windows\System\hSNMPRx.exe
  2⤵
  PID:6952
- C:\Windows\System\LIZiGsC.exe
  C:\Windows\System\LIZiGsC.exe
  2⤵
  PID:7016
- C:\Windows\System\FWucJds.exe
  C:\Windows\System\FWucJds.exe
  2⤵
  PID:7088
- C:\Windows\System\jFtCTzh.exe
  C:\Windows\System\jFtCTzh.exe
  2⤵
  PID:7132
- C:\Windows\System\goFJErG.exe
  C:\Windows\System\goFJErG.exe
  2⤵
  PID:6164
- C:\Windows\System\yCEiFuo.exe
  C:\Windows\System\yCEiFuo.exe
  2⤵
  PID:6372
- C:\Windows\System\QWIEoCN.exe
  C:\Windows\System\QWIEoCN.exe
  2⤵
  PID:6500
- C:\Windows\System\hrsjlYM.exe
  C:\Windows\System\hrsjlYM.exe
  2⤵
  PID:6808
- C:\Windows\System\UDLFdSS.exe
  C:\Windows\System\UDLFdSS.exe
  2⤵
  PID:6920
- C:\Windows\System\BcyVhrH.exe
  C:\Windows\System\BcyVhrH.exe
  2⤵
  PID:6996
- C:\Windows\System\SaOJWPa.exe
  C:\Windows\System\SaOJWPa.exe
  2⤵
  PID:7104
- C:\Windows\System\HeItKMc.exe
  C:\Windows\System\HeItKMc.exe
  2⤵
  PID:4980
- C:\Windows\System\pIPffES.exe
  C:\Windows\System\pIPffES.exe
  2⤵
  PID:2732
- C:\Windows\System\xgrjMAR.exe
  C:\Windows\System\xgrjMAR.exe
  2⤵
  PID:6340
- C:\Windows\System\cadYYwO.exe
  C:\Windows\System\cadYYwO.exe
  2⤵
  PID:6832
- C:\Windows\System\feNqClx.exe
  C:\Windows\System\feNqClx.exe
  2⤵
  PID:6924
- C:\Windows\System\gxZcFrE.exe
  C:\Windows\System\gxZcFrE.exe
  2⤵
  PID:976
- C:\Windows\System\UAMQEep.exe
  C:\Windows\System\UAMQEep.exe
  2⤵
  PID:6564
- C:\Windows\System\ylymtPg.exe
  C:\Windows\System\ylymtPg.exe
  2⤵
  PID:7172
- C:\Windows\System\tprrxZI.exe
  C:\Windows\System\tprrxZI.exe
  2⤵
  PID:7200
- C:\Windows\System\wBCSZzZ.exe
  C:\Windows\System\wBCSZzZ.exe
  2⤵
  PID:7224
- C:\Windows\System\uQyOTfS.exe
  C:\Windows\System\uQyOTfS.exe
  2⤵
  PID:7240
- C:\Windows\System\jieJaLQ.exe
  C:\Windows\System\jieJaLQ.exe
  2⤵
  PID:7268
- C:\Windows\System\aqqEdhI.exe
  C:\Windows\System\aqqEdhI.exe
  2⤵
  PID:7296
- C:\Windows\System\zAuCMgX.exe
  C:\Windows\System\zAuCMgX.exe
  2⤵
  PID:7336
- C:\Windows\System\tDSLFMe.exe
  C:\Windows\System\tDSLFMe.exe
  2⤵
  PID:7364
- C:\Windows\System\mBeWwII.exe
  C:\Windows\System\mBeWwII.exe
  2⤵
  PID:7380
- C:\Windows\System\JORILkm.exe
  C:\Windows\System\JORILkm.exe
  2⤵
  PID:7404
- C:\Windows\System\UWSnqsi.exe
  C:\Windows\System\UWSnqsi.exe
  2⤵
  PID:7444
- C:\Windows\System\MIoDZCh.exe
  C:\Windows\System\MIoDZCh.exe
  2⤵
  PID:7488
- C:\Windows\System\ltMNQjs.exe
  C:\Windows\System\ltMNQjs.exe
  2⤵
  PID:7516
- C:\Windows\System\vmLTHXe.exe
  C:\Windows\System\vmLTHXe.exe
  2⤵
  PID:7544
- C:\Windows\System\ZaxYdXG.exe
  C:\Windows\System\ZaxYdXG.exe
  2⤵
  PID:7572
- C:\Windows\System\nTiEobb.exe
  C:\Windows\System\nTiEobb.exe
  2⤵
  PID:7600
- C:\Windows\System\ewvFMvL.exe
  C:\Windows\System\ewvFMvL.exe
  2⤵
  PID:7620
- C:\Windows\System\qnFSGvj.exe
  C:\Windows\System\qnFSGvj.exe
  2⤵
  PID:7648
- C:\Windows\System\zttvRdt.exe
  C:\Windows\System\zttvRdt.exe
  2⤵
  PID:7680
- C:\Windows\System\ObfaNVd.exe
  C:\Windows\System\ObfaNVd.exe
  2⤵
  PID:7708
- C:\Windows\System\TKWzogj.exe
  C:\Windows\System\TKWzogj.exe
  2⤵
  PID:7728
- C:\Windows\System\obXhIQu.exe
  C:\Windows\System\obXhIQu.exe
  2⤵
  PID:7744
- C:\Windows\System\xiYeOoN.exe
  C:\Windows\System\xiYeOoN.exe
  2⤵
  PID:7776
- C:\Windows\System\gfwdXQm.exe
  C:\Windows\System\gfwdXQm.exe
  2⤵
  PID:7800
- C:\Windows\System\MVpApnz.exe
  C:\Windows\System\MVpApnz.exe
  2⤵
  PID:7828
- C:\Windows\System\NJAOlIu.exe
  C:\Windows\System\NJAOlIu.exe
  2⤵
  PID:7852
- C:\Windows\System\gkcxuqq.exe
  C:\Windows\System\gkcxuqq.exe
  2⤵
  PID:7888
- C:\Windows\System\zqizIEy.exe
  C:\Windows\System\zqizIEy.exe
  2⤵
  PID:7912
- C:\Windows\System\YNShVQQ.exe
  C:\Windows\System\YNShVQQ.exe
  2⤵
  PID:7936
- C:\Windows\System\TWYrZAg.exe
  C:\Windows\System\TWYrZAg.exe
  2⤵
  PID:7956
- C:\Windows\System\ZLBolOb.exe
  C:\Windows\System\ZLBolOb.exe
  2⤵
  PID:7980
- C:\Windows\System\fkxJOvx.exe
  C:\Windows\System\fkxJOvx.exe
  2⤵
  PID:8016
- C:\Windows\System\LvmWApd.exe
  C:\Windows\System\LvmWApd.exe
  2⤵
  PID:8056
- C:\Windows\System\MuHMCaM.exe
  C:\Windows\System\MuHMCaM.exe
  2⤵
  PID:8088
- C:\Windows\System\CaplOaO.exe
  C:\Windows\System\CaplOaO.exe
  2⤵
  PID:8108
- C:\Windows\System\uDAbgPG.exe
  C:\Windows\System\uDAbgPG.exe
  2⤵
  PID:8136
- C:\Windows\System\RANXKzd.exe
  C:\Windows\System\RANXKzd.exe
  2⤵
  PID:8160
- C:\Windows\System\rkLwgXg.exe
  C:\Windows\System\rkLwgXg.exe
  2⤵
  PID:6644
- C:\Windows\System\CvSYAGU.exe
  C:\Windows\System\CvSYAGU.exe
  2⤵
  PID:7184
- C:\Windows\System\JtAnKck.exe
  C:\Windows\System\JtAnKck.exe
  2⤵
  PID:7280
- C:\Windows\System\zxMxuor.exe
  C:\Windows\System\zxMxuor.exe
  2⤵
  PID:7320
- C:\Windows\System\rVmDkti.exe
  C:\Windows\System\rVmDkti.exe
  2⤵
  PID:7456
- C:\Windows\System\kApDQnS.exe
  C:\Windows\System\kApDQnS.exe
  2⤵
  PID:7432
- C:\Windows\System\CYcUDwL.exe
  C:\Windows\System\CYcUDwL.exe
  2⤵
  PID:7536
- C:\Windows\System\ABCkuTT.exe
  C:\Windows\System\ABCkuTT.exe
  2⤵
  PID:7592
- C:\Windows\System\ODRQaHf.exe
  C:\Windows\System\ODRQaHf.exe
  2⤵
  PID:7636
- C:\Windows\System\Ibdgslh.exe
  C:\Windows\System\Ibdgslh.exe
  2⤵
  PID:7704
- C:\Windows\System\SfTzJJd.exe
  C:\Windows\System\SfTzJJd.exe
  2⤵
  PID:7772
- C:\Windows\System\tLKvmgN.exe
  C:\Windows\System\tLKvmgN.exe
  2⤵
  PID:7848
- C:\Windows\System\kKBGXAq.exe
  C:\Windows\System\kKBGXAq.exe
  2⤵
  PID:7900
- C:\Windows\System\kPciLWR.exe
  C:\Windows\System\kPciLWR.exe
  2⤵
  PID:7972
- C:\Windows\System\tWtLGqn.exe
  C:\Windows\System\tWtLGqn.exe
  2⤵
  PID:8036
- C:\Windows\System\KUHjOQX.exe
  C:\Windows\System\KUHjOQX.exe
  2⤵
  PID:8152
- C:\Windows\System\AAPcrAJ.exe
  C:\Windows\System\AAPcrAJ.exe
  2⤵
  PID:8176
- C:\Windows\System\vLIcJMH.exe
  C:\Windows\System\vLIcJMH.exe
  2⤵
  PID:7232
- C:\Windows\System\ZuFomyi.exe
  C:\Windows\System\ZuFomyi.exe
  2⤵
  PID:7352
- C:\Windows\System\ToNxGDe.exe
  C:\Windows\System\ToNxGDe.exe
  2⤵
  PID:7588
- C:\Windows\System\zKsRAaI.exe
  C:\Windows\System\zKsRAaI.exe
  2⤵
  PID:7700
- C:\Windows\System\aDdOIjo.exe
  C:\Windows\System\aDdOIjo.exe
  2⤵
  PID:7756
- C:\Windows\System\uiffvWH.exe
  C:\Windows\System\uiffvWH.exe
  2⤵
  PID:7996
- C:\Windows\System\GypIXIg.exe
  C:\Windows\System\GypIXIg.exe
  2⤵
  PID:8172
- C:\Windows\System\FACFJmU.exe
  C:\Windows\System\FACFJmU.exe
  2⤵
  PID:7480
- C:\Windows\System\yXJCNMq.exe
  C:\Windows\System\yXJCNMq.exe
  2⤵
  PID:7724
- C:\Windows\System\PkZoQgF.exe
  C:\Windows\System\PkZoQgF.exe
  2⤵
  PID:7500
- C:\Windows\System\mLmbgDp.exe
  C:\Windows\System\mLmbgDp.exe
  2⤵
  PID:8196
- C:\Windows\System\ejsxkao.exe
  C:\Windows\System\ejsxkao.exe
  2⤵
  PID:8232
- C:\Windows\System\vHwStqm.exe
  C:\Windows\System\vHwStqm.exe
  2⤵
  PID:8260
- C:\Windows\System\PtzPzQZ.exe
  C:\Windows\System\PtzPzQZ.exe
  2⤵
  PID:8288
- C:\Windows\System\EhhDZuP.exe
  C:\Windows\System\EhhDZuP.exe
  2⤵
  PID:8320
- C:\Windows\System\XVLmQwW.exe
  C:\Windows\System\XVLmQwW.exe
  2⤵
  PID:8348
- C:\Windows\System\DKouTNm.exe
  C:\Windows\System\DKouTNm.exe
  2⤵
  PID:8372
- C:\Windows\System\eRXQGLl.exe
  C:\Windows\System\eRXQGLl.exe
  2⤵
  PID:8400
- C:\Windows\System\iyQEBfS.exe
  C:\Windows\System\iyQEBfS.exe
  2⤵
  PID:8428
- C:\Windows\System\vhKKxSG.exe
  C:\Windows\System\vhKKxSG.exe
  2⤵
  PID:8448
- C:\Windows\System\FaxuFYG.exe
  C:\Windows\System\FaxuFYG.exe
  2⤵
  PID:8472
- C:\Windows\System\AuLvixq.exe
  C:\Windows\System\AuLvixq.exe
  2⤵
  PID:8492
- C:\Windows\System\AQxsouN.exe
  C:\Windows\System\AQxsouN.exe
  2⤵
  PID:8524
- C:\Windows\System\VfTcQPq.exe
  C:\Windows\System\VfTcQPq.exe
  2⤵
  PID:8560
- C:\Windows\System\xwLcJcp.exe
  C:\Windows\System\xwLcJcp.exe
  2⤵
  PID:8596
- C:\Windows\System\xNoCMom.exe
  C:\Windows\System\xNoCMom.exe
  2⤵
  PID:8616
- C:\Windows\System\lrBIEZc.exe
  C:\Windows\System\lrBIEZc.exe
  2⤵
  PID:8656
- C:\Windows\System\eOcvyMQ.exe
  C:\Windows\System\eOcvyMQ.exe
  2⤵
  PID:8680
- C:\Windows\System\PclvlRi.exe
  C:\Windows\System\PclvlRi.exe
  2⤵
  PID:8708
- C:\Windows\System\WjgJDyK.exe
  C:\Windows\System\WjgJDyK.exe
  2⤵
  PID:8736
- C:\Windows\System\FsxYjil.exe
  C:\Windows\System\FsxYjil.exe
  2⤵
  PID:8764
- C:\Windows\System\dTpKNar.exe
  C:\Windows\System\dTpKNar.exe
  2⤵
  PID:8792
- C:\Windows\System\kJkOpGG.exe
  C:\Windows\System\kJkOpGG.exe
  2⤵
  PID:8820
- C:\Windows\System\BZcvGVf.exe
  C:\Windows\System\BZcvGVf.exe
  2⤵
  PID:8844
- C:\Windows\System\OypWFgl.exe
  C:\Windows\System\OypWFgl.exe
  2⤵
  PID:8872
- C:\Windows\System\fOdZZPp.exe
  C:\Windows\System\fOdZZPp.exe
  2⤵
  PID:8896
- C:\Windows\System\fdlJKgL.exe
  C:\Windows\System\fdlJKgL.exe
  2⤵
  PID:8916
- C:\Windows\System\hOcYhtg.exe
  C:\Windows\System\hOcYhtg.exe
  2⤵
  PID:8948
- C:\Windows\System\nWKYWZg.exe
  C:\Windows\System\nWKYWZg.exe
  2⤵
  PID:8972
- C:\Windows\System\ygaYaZc.exe
  C:\Windows\System\ygaYaZc.exe
  2⤵
  PID:8992
- C:\Windows\System\YGihPhR.exe
  C:\Windows\System\YGihPhR.exe
  2⤵
  PID:9020
- C:\Windows\System\UnCeuQx.exe
  C:\Windows\System\UnCeuQx.exe
  2⤵
  PID:9044
- C:\Windows\System\tepzaMO.exe
  C:\Windows\System\tepzaMO.exe
  2⤵
  PID:9072
- C:\Windows\System\FkmrqqJ.exe
  C:\Windows\System\FkmrqqJ.exe
  2⤵
  PID:9096
- C:\Windows\System\kYLLrNh.exe
  C:\Windows\System\kYLLrNh.exe
  2⤵
  PID:9124
- C:\Windows\System\nUTHhKf.exe
  C:\Windows\System\nUTHhKf.exe
  2⤵
  PID:9156
- C:\Windows\System\lWDyFJF.exe
  C:\Windows\System\lWDyFJF.exe
  2⤵
  PID:9180
- C:\Windows\System\qNrSCAS.exe
  C:\Windows\System\qNrSCAS.exe
  2⤵
  PID:9212
- C:\Windows\System\FQoGmUh.exe
  C:\Windows\System\FQoGmUh.exe
  2⤵
  PID:7616
- C:\Windows\System\ALezlBm.exe
  C:\Windows\System\ALezlBm.exe
  2⤵
  PID:8072
- C:\Windows\System\DJTNsEz.exe
  C:\Windows\System\DJTNsEz.exe
  2⤵
  PID:8356
- C:\Windows\System\aSNBEMh.exe
  C:\Windows\System\aSNBEMh.exe
  2⤵
  PID:8388
- C:\Windows\System\jEaySKi.exe
  C:\Windows\System\jEaySKi.exe
  2⤵
  PID:8468
- C:\Windows\System\dzWknpP.exe
  C:\Windows\System\dzWknpP.exe
  2⤵
  PID:8512
- C:\Windows\System\xytOAEf.exe
  C:\Windows\System\xytOAEf.exe
  2⤵
  PID:8548
- C:\Windows\System\XwKfAgY.exe
  C:\Windows\System\XwKfAgY.exe
  2⤵
  PID:8628
- C:\Windows\System\pBoMLwj.exe
  C:\Windows\System\pBoMLwj.exe
  2⤵
  PID:8676
- C:\Windows\System\AFkSJZx.exe
  C:\Windows\System\AFkSJZx.exe
  2⤵
  PID:8788
- C:\Windows\System\dsSVlZS.exe
  C:\Windows\System\dsSVlZS.exe
  2⤵
  PID:8852
- C:\Windows\System\nEjFApk.exe
  C:\Windows\System\nEjFApk.exe
  2⤵
  PID:8904
- C:\Windows\System\keotDqk.exe
  C:\Windows\System\keotDqk.exe
  2⤵
  PID:1836
- C:\Windows\System\piCZJcu.exe
  C:\Windows\System\piCZJcu.exe
  2⤵
  PID:9056
- C:\Windows\System\PtmxpdW.exe
  C:\Windows\System\PtmxpdW.exe
  2⤵
  PID:9140
- C:\Windows\System\rysdPOR.exe
  C:\Windows\System\rysdPOR.exe
  2⤵
  PID:9064
- C:\Windows\System\kccJwCA.exe
  C:\Windows\System\kccJwCA.exe
  2⤵
  PID:7468
- C:\Windows\System\MheFHBe.exe
  C:\Windows\System\MheFHBe.exe
  2⤵
  PID:8396
- C:\Windows\System\pFBCHUq.exe
  C:\Windows\System\pFBCHUq.exe
  2⤵
  PID:8668
- C:\Windows\System\ScjbdbB.exe
  C:\Windows\System\ScjbdbB.exe
  2⤵
  PID:8864
- C:\Windows\System\POguicJ.exe
  C:\Windows\System\POguicJ.exe
  2⤵
  PID:8812
- C:\Windows\System\azTEoes.exe
  C:\Windows\System\azTEoes.exe
  2⤵
  PID:8832
- C:\Windows\System\aXDfPzG.exe
  C:\Windows\System\aXDfPzG.exe
  2⤵
  PID:9004
- C:\Windows\System\QmwproJ.exe
  C:\Windows\System\QmwproJ.exe
  2⤵
  PID:8480
- C:\Windows\System\ffMtxBa.exe
  C:\Windows\System\ffMtxBa.exe
  2⤵
  PID:8724
- C:\Windows\System\bNIfMZC.exe
  C:\Windows\System\bNIfMZC.exe
  2⤵
  PID:8728
- C:\Windows\System\znPBeQA.exe
  C:\Windows\System\znPBeQA.exe
  2⤵
  PID:7376
- C:\Windows\System\BADNwtm.exe
  C:\Windows\System\BADNwtm.exe
  2⤵
  PID:9244
- C:\Windows\System\hRPDPJS.exe
  C:\Windows\System\hRPDPJS.exe
  2⤵
  PID:9268
- C:\Windows\System\vaCZawI.exe
  C:\Windows\System\vaCZawI.exe
  2⤵
  PID:9300
- C:\Windows\System\DemAFoc.exe
  C:\Windows\System\DemAFoc.exe
  2⤵
  PID:9332
- C:\Windows\System\wMKsRIf.exe
  C:\Windows\System\wMKsRIf.exe
  2⤵
  PID:9348
- C:\Windows\System\FJpNWen.exe
  C:\Windows\System\FJpNWen.exe
  2⤵
  PID:9372
- C:\Windows\System\asuMbiJ.exe
  C:\Windows\System\asuMbiJ.exe
  2⤵
  PID:9392
- C:\Windows\System\DKgjwcY.exe
  C:\Windows\System\DKgjwcY.exe
  2⤵
  PID:9416
- C:\Windows\System\UHXTXnI.exe
  C:\Windows\System\UHXTXnI.exe
  2⤵
  PID:9444
- C:\Windows\System\ikYtztK.exe
  C:\Windows\System\ikYtztK.exe
  2⤵
  PID:9464
- C:\Windows\System\kPYvaVG.exe
  C:\Windows\System\kPYvaVG.exe
  2⤵
  PID:9488
- C:\Windows\System\iFlZPZQ.exe
  C:\Windows\System\iFlZPZQ.exe
  2⤵
  PID:9508
- C:\Windows\System\KUdmbRR.exe
  C:\Windows\System\KUdmbRR.exe
  2⤵
  PID:9528
- C:\Windows\System\XLULtBN.exe
  C:\Windows\System\XLULtBN.exe
  2⤵
  PID:9556
- C:\Windows\System\aBgijsC.exe
  C:\Windows\System\aBgijsC.exe
  2⤵
  PID:9580
- C:\Windows\System\vWBXaRx.exe
  C:\Windows\System\vWBXaRx.exe
  2⤵
  PID:9612
- C:\Windows\System\oTmbTVa.exe
  C:\Windows\System\oTmbTVa.exe
  2⤵
  PID:9632
- C:\Windows\System\iutoKuO.exe
  C:\Windows\System\iutoKuO.exe
  2⤵
  PID:9660
- C:\Windows\System\quuxbVH.exe
  C:\Windows\System\quuxbVH.exe
  2⤵
  PID:9692
- C:\Windows\System\QPvrRHx.exe
  C:\Windows\System\QPvrRHx.exe
  2⤵
  PID:9708
- C:\Windows\System\SmYQBmH.exe
  C:\Windows\System\SmYQBmH.exe
  2⤵
  PID:9736
- C:\Windows\System\EFgtpgs.exe
  C:\Windows\System\EFgtpgs.exe
  2⤵
  PID:9768
- C:\Windows\System\JaTPied.exe
  C:\Windows\System\JaTPied.exe
  2⤵
  PID:9800
- C:\Windows\System\TnKNYmy.exe
  C:\Windows\System\TnKNYmy.exe
  2⤵
  PID:9820
- C:\Windows\System\mFBLlSx.exe
  C:\Windows\System\mFBLlSx.exe
  2⤵
  PID:9848
- C:\Windows\System\KSeGsYU.exe
  C:\Windows\System\KSeGsYU.exe
  2⤵
  PID:9888
- C:\Windows\System\sJTpZoU.exe
  C:\Windows\System\sJTpZoU.exe
  2⤵
  PID:9924
- C:\Windows\System\MBCiUaB.exe
  C:\Windows\System\MBCiUaB.exe
  2⤵
  PID:9956
- C:\Windows\System\dSNekBv.exe
  C:\Windows\System\dSNekBv.exe
  2⤵
  PID:9976
- C:\Windows\System\yjvkWkv.exe
  C:\Windows\System\yjvkWkv.exe
  2⤵
  PID:10004
- C:\Windows\System\vPxCbNP.exe
  C:\Windows\System\vPxCbNP.exe
  2⤵
  PID:10024
- C:\Windows\System\bMdWTcF.exe
  C:\Windows\System\bMdWTcF.exe
  2⤵
  PID:10048
- C:\Windows\System\PXhpWBv.exe
  C:\Windows\System\PXhpWBv.exe
  2⤵
  PID:10076
- C:\Windows\System\fBvSpSr.exe
  C:\Windows\System\fBvSpSr.exe
  2⤵
  PID:10112
- C:\Windows\System\AgqHxWX.exe
  C:\Windows\System\AgqHxWX.exe
  2⤵
  PID:10140
- C:\Windows\System\XlQhZDn.exe
  C:\Windows\System\XlQhZDn.exe
  2⤵
  PID:10168
- C:\Windows\System\NKYhSDe.exe
  C:\Windows\System\NKYhSDe.exe
  2⤵
  PID:10196
- C:\Windows\System\WKIWpwq.exe
  C:\Windows\System\WKIWpwq.exe
  2⤵
  PID:10228
- C:\Windows\System\pXLmQFQ.exe
  C:\Windows\System\pXLmQFQ.exe
  2⤵
  PID:8436
- C:\Windows\System\YxrWEqS.exe
  C:\Windows\System\YxrWEqS.exe
  2⤵
  PID:9228
- C:\Windows\System\MkzVbrh.exe
  C:\Windows\System\MkzVbrh.exe
  2⤵
  PID:9344
- C:\Windows\System\mVwBDWS.exe
  C:\Windows\System\mVwBDWS.exe
  2⤵
  PID:9312
- C:\Windows\System\TGBBikm.exe
  C:\Windows\System\TGBBikm.exe
  2⤵
  PID:9364
- C:\Windows\System\XwOatVw.exe
  C:\Windows\System\XwOatVw.exe
  2⤵
  PID:9552
- C:\Windows\System\lhkjYLp.exe
  C:\Windows\System\lhkjYLp.exe
  2⤵
  PID:9648
- C:\Windows\System\sujlNTt.exe
  C:\Windows\System\sujlNTt.exe
  2⤵
  PID:9624
- C:\Windows\System\ojYLcVe.exe
  C:\Windows\System\ojYLcVe.exe
  2⤵
  PID:9756
- C:\Windows\System\GZUpOTP.exe
  C:\Windows\System\GZUpOTP.exe
  2⤵
  PID:9836
- C:\Windows\System\QDdacGD.exe
  C:\Windows\System\QDdacGD.exe
  2⤵
  PID:9808
- C:\Windows\System\XsAsKYV.exe
  C:\Windows\System\XsAsKYV.exe
  2⤵
  PID:9920
- C:\Windows\System\tpRXekg.exe
  C:\Windows\System\tpRXekg.exe
  2⤵
  PID:9884
- C:\Windows\System\dbQRMuT.exe
  C:\Windows\System\dbQRMuT.exe
  2⤵
  PID:10020
- C:\Windows\System\SjNDmtA.exe
  C:\Windows\System\SjNDmtA.exe
  2⤵
  PID:10152
- C:\Windows\System\ALUZEYf.exe
  C:\Windows\System\ALUZEYf.exe
  2⤵
  PID:10164
- C:\Windows\System\YHLRpUX.exe
  C:\Windows\System\YHLRpUX.exe
  2⤵
  PID:9428
- C:\Windows\System\uumPLXF.exe
  C:\Windows\System\uumPLXF.exe
  2⤵
  PID:10192
- C:\Windows\System\voMwDgY.exe
  C:\Windows\System\voMwDgY.exe
  2⤵
  PID:9316
- C:\Windows\System\MkwDnPN.exe
  C:\Windows\System\MkwDnPN.exe
  2⤵
  PID:9652
- C:\Windows\System\estCfLI.exe
  C:\Windows\System\estCfLI.exe
  2⤵
  PID:9916
- C:\Windows\System\oHwIGpR.exe
  C:\Windows\System\oHwIGpR.exe
  2⤵
  PID:9520
- C:\Windows\System\zcspmku.exe
  C:\Windows\System\zcspmku.exe
  2⤵
  PID:9988
- C:\Windows\System\tFzIFaL.exe
  C:\Windows\System\tFzIFaL.exe
  2⤵
  PID:10124
- C:\Windows\System\lFUYJeA.exe
  C:\Windows\System\lFUYJeA.exe
  2⤵
  PID:9952
- C:\Windows\System\zgtIhnD.exe
  C:\Windows\System\zgtIhnD.exe
  2⤵
  PID:10260
- C:\Windows\System\vSFUbpo.exe
  C:\Windows\System\vSFUbpo.exe
  2⤵
  PID:10284
- C:\Windows\System\cyfgzbS.exe
  C:\Windows\System\cyfgzbS.exe
  2⤵
  PID:10304
- C:\Windows\System\sKyAqIi.exe
  C:\Windows\System\sKyAqIi.exe
  2⤵
  PID:10320
- C:\Windows\System\osrQZKm.exe
  C:\Windows\System\osrQZKm.exe
  2⤵
  PID:10348
- C:\Windows\System\BPCcgRL.exe
  C:\Windows\System\BPCcgRL.exe
  2⤵
  PID:10380
- C:\Windows\System\dzFGVzp.exe
  C:\Windows\System\dzFGVzp.exe
  2⤵
  PID:10408
- C:\Windows\System\UkdSYMy.exe
  C:\Windows\System\UkdSYMy.exe
  2⤵
  PID:10432
- C:\Windows\System\nhdbVaQ.exe
  C:\Windows\System\nhdbVaQ.exe
  2⤵
  PID:10464
- C:\Windows\System\KueWlfH.exe
  C:\Windows\System\KueWlfH.exe
  2⤵
  PID:10492
- C:\Windows\System\PHgRCcZ.exe
  C:\Windows\System\PHgRCcZ.exe
  2⤵
  PID:10508
- C:\Windows\System\NoOQXvR.exe
  C:\Windows\System\NoOQXvR.exe
  2⤵
  PID:10540
- C:\Windows\System\JMcZTEE.exe
  C:\Windows\System\JMcZTEE.exe
  2⤵
  PID:10564
- C:\Windows\System\wtDIERn.exe
  C:\Windows\System\wtDIERn.exe
  2⤵
  PID:10584
- C:\Windows\System\TlEsVCn.exe
  C:\Windows\System\TlEsVCn.exe
  2⤵
  PID:10608
- C:\Windows\System\dLAtDrU.exe
  C:\Windows\System\dLAtDrU.exe
  2⤵
  PID:10632
- C:\Windows\System\ZwRHiqE.exe
  C:\Windows\System\ZwRHiqE.exe
  2⤵
  PID:10656
- C:\Windows\System\clrRgxm.exe
  C:\Windows\System\clrRgxm.exe
  2⤵
  PID:10680
- C:\Windows\System\uwaVKhZ.exe
  C:\Windows\System\uwaVKhZ.exe
  2⤵
  PID:10708
- C:\Windows\System\GVBqVVq.exe
  C:\Windows\System\GVBqVVq.exe
  2⤵
  PID:10728
- C:\Windows\System\OwYEIwi.exe
  C:\Windows\System\OwYEIwi.exe
  2⤵
  PID:10760
- C:\Windows\System\QdcSuYi.exe
  C:\Windows\System\QdcSuYi.exe
  2⤵
  PID:10784
- C:\Windows\System\viHqVFT.exe
  C:\Windows\System\viHqVFT.exe
  2⤵
  PID:10812
- C:\Windows\System\uoiKpWV.exe
  C:\Windows\System\uoiKpWV.exe
  2⤵
  PID:10832
- C:\Windows\System\tIkJYhy.exe
  C:\Windows\System\tIkJYhy.exe
  2⤵
  PID:10856
- C:\Windows\System\ldJXpoe.exe
  C:\Windows\System\ldJXpoe.exe
  2⤵
  PID:10892
- C:\Windows\System\ZiJzkVY.exe
  C:\Windows\System\ZiJzkVY.exe
  2⤵
  PID:10912
- C:\Windows\System\CAbzLsw.exe
  C:\Windows\System\CAbzLsw.exe
  2⤵
  PID:10944
- C:\Windows\System\HFFnyer.exe
  C:\Windows\System\HFFnyer.exe
  2⤵
  PID:10968
- C:\Windows\System\MsBpxJt.exe
  C:\Windows\System\MsBpxJt.exe
  2⤵
  PID:10996
- C:\Windows\System\pVLxIzO.exe
  C:\Windows\System\pVLxIzO.exe
  2⤵
  PID:11024
- C:\Windows\System\hhcVbOi.exe
  C:\Windows\System\hhcVbOi.exe
  2⤵
  PID:11052
- C:\Windows\System\OmWdJdD.exe
  C:\Windows\System\OmWdJdD.exe
  2⤵
  PID:11080
- C:\Windows\System\wATZxwJ.exe
  C:\Windows\System\wATZxwJ.exe
  2⤵
  PID:11104
- C:\Windows\System\aunlXAU.exe
  C:\Windows\System\aunlXAU.exe
  2⤵
  PID:11132
- C:\Windows\System\UMOcuHD.exe
  C:\Windows\System\UMOcuHD.exe
  2⤵
  PID:11156
- C:\Windows\System\LLAqdVJ.exe
  C:\Windows\System\LLAqdVJ.exe
  2⤵
  PID:11188
- C:\Windows\System\QfCoEnG.exe
  C:\Windows\System\QfCoEnG.exe
  2⤵
  PID:11220
- C:\Windows\System\ZaoVEJM.exe
  C:\Windows\System\ZaoVEJM.exe
  2⤵
  PID:11260
- C:\Windows\System\MQEwkyk.exe
  C:\Windows\System\MQEwkyk.exe
  2⤵
  PID:9408
- C:\Windows\System\BgEIeto.exe
  C:\Windows\System\BgEIeto.exe
  2⤵
  PID:9896
- C:\Windows\System\nUsAQJm.exe
  C:\Windows\System\nUsAQJm.exe
  2⤵
  PID:10100
- C:\Windows\System\NlvSFcg.exe
  C:\Windows\System\NlvSFcg.exe
  2⤵
  PID:10480
- C:\Windows\System\uByaOdx.exe
  C:\Windows\System\uByaOdx.exe
  2⤵
  PID:10392
- C:\Windows\System\MjPOjGS.exe
  C:\Windows\System\MjPOjGS.exe
  2⤵
  PID:10416
- C:\Windows\System\rpjYaDJ.exe
  C:\Windows\System\rpjYaDJ.exe
  2⤵
  PID:10580
- C:\Windows\System\RkZeHWN.exe
  C:\Windows\System\RkZeHWN.exe
  2⤵
  PID:10672
- C:\Windows\System\SkkIAIU.exe
  C:\Windows\System\SkkIAIU.exe
  2⤵
  PID:10552
- C:\Windows\System\CNkZlze.exe
  C:\Windows\System\CNkZlze.exe
  2⤵
  PID:10768
- C:\Windows\System\LUuuJiv.exe
  C:\Windows\System\LUuuJiv.exe
  2⤵
  PID:10700
- C:\Windows\System\beqTGYG.exe
  C:\Windows\System\beqTGYG.exe
  2⤵
  PID:10848
- C:\Windows\System\sQVyNhx.exe
  C:\Windows\System\sQVyNhx.exe
  2⤵
  PID:10924
- C:\Windows\System\GGpYPLE.exe
  C:\Windows\System\GGpYPLE.exe
  2⤵
  PID:11004
- C:\Windows\System\yPgCWVP.exe
  C:\Windows\System\yPgCWVP.exe
  2⤵
  PID:11072
- C:\Windows\System\evqUUBG.exe
  C:\Windows\System\evqUUBG.exe
  2⤵
  PID:11036
- C:\Windows\System\rRjfGGt.exe
  C:\Windows\System\rRjfGGt.exe
  2⤵
  PID:11208
- C:\Windows\System\siRNIAG.exe
  C:\Windows\System\siRNIAG.exe
  2⤵
  PID:10964
- C:\Windows\System\WtJjFwv.exe
  C:\Windows\System\WtJjFwv.exe
  2⤵
  PID:10256
- C:\Windows\System\dSRNLfM.exe
  C:\Windows\System\dSRNLfM.exe
  2⤵
  PID:11096
- C:\Windows\System\fhHtAuX.exe
  C:\Windows\System\fhHtAuX.exe
  2⤵
  PID:10444
- C:\Windows\System\AkpcucC.exe
  C:\Windows\System\AkpcucC.exe
  2⤵
  PID:10692
- C:\Windows\System\Cpoestx.exe
  C:\Windows\System\Cpoestx.exe
  2⤵
  PID:10500
- C:\Windows\System\uoIlZHR.exe
  C:\Windows\System\uoIlZHR.exe
  2⤵
  PID:10980
- C:\Windows\System\KtKMqWs.exe
  C:\Windows\System\KtKMqWs.exe
  2⤵
  PID:10696
- C:\Windows\System\vsBbXjZ.exe
  C:\Windows\System\vsBbXjZ.exe
  2⤵
  PID:10624
- C:\Windows\System\GVXFnEj.exe
  C:\Windows\System\GVXFnEj.exe
  2⤵
  PID:11276
- C:\Windows\System\vusalWQ.exe
  C:\Windows\System\vusalWQ.exe
  2⤵
  PID:11308
- C:\Windows\System\xuzHZXu.exe
  C:\Windows\System\xuzHZXu.exe
  2⤵
  PID:11332
- C:\Windows\System\XYWLZUU.exe
  C:\Windows\System\XYWLZUU.exe
  2⤵
  PID:11364
- C:\Windows\System\WmzjlEv.exe
  C:\Windows\System\WmzjlEv.exe
  2⤵
  PID:11396
- C:\Windows\System\nNAOQTg.exe
  C:\Windows\System\nNAOQTg.exe
  2⤵
  PID:11420
- C:\Windows\System\AbPbamd.exe
  C:\Windows\System\AbPbamd.exe
  2⤵
  PID:11448
- C:\Windows\System\AlOXEaE.exe
  C:\Windows\System\AlOXEaE.exe
  2⤵
  PID:11476
- C:\Windows\System\nWNRrgK.exe
  C:\Windows\System\nWNRrgK.exe
  2⤵
  PID:11500
- C:\Windows\System\IFqmMtz.exe
  C:\Windows\System\IFqmMtz.exe
  2⤵
  PID:11520
- C:\Windows\System\KBFCfaX.exe
  C:\Windows\System\KBFCfaX.exe
  2⤵
  PID:11544
- C:\Windows\System\fxWkKyM.exe
  C:\Windows\System\fxWkKyM.exe
  2⤵
  PID:11572
- C:\Windows\System\CprfLKB.exe
  C:\Windows\System\CprfLKB.exe
  2⤵
  PID:11608
- C:\Windows\System\KjsPqvZ.exe
  C:\Windows\System\KjsPqvZ.exe
  2⤵
  PID:11632
- C:\Windows\System\iSfrzTP.exe
  C:\Windows\System\iSfrzTP.exe
  2⤵
  PID:11656
- C:\Windows\System\oWjXcFn.exe
  C:\Windows\System\oWjXcFn.exe
  2⤵
  PID:11692
- C:\Windows\System\ilYfwJH.exe
  C:\Windows\System\ilYfwJH.exe
  2⤵
  PID:11708
- C:\Windows\System\mWhPTZf.exe
  C:\Windows\System\mWhPTZf.exe
  2⤵
  PID:11736
- C:\Windows\System\tQCYhDF.exe
  C:\Windows\System\tQCYhDF.exe
  2⤵
  PID:11768
- C:\Windows\System\mapgXUt.exe
  C:\Windows\System\mapgXUt.exe
  2⤵
  PID:11788
- C:\Windows\System\lTlxKwA.exe
  C:\Windows\System\lTlxKwA.exe
  2⤵
  PID:11820
- C:\Windows\System\gRxqJyD.exe
  C:\Windows\System\gRxqJyD.exe
  2⤵
  PID:11856
- C:\Windows\System\eXwIUyp.exe
  C:\Windows\System\eXwIUyp.exe
  2⤵
  PID:11888
- C:\Windows\System\XIXNLTC.exe
  C:\Windows\System\XIXNLTC.exe
  2⤵
  PID:11908
- C:\Windows\System\tPPGtyw.exe
  C:\Windows\System\tPPGtyw.exe
  2⤵
  PID:11932
- C:\Windows\System\ACBRmge.exe
  C:\Windows\System\ACBRmge.exe
  2⤵
  PID:11960
- C:\Windows\System\RihKAGv.exe
  C:\Windows\System\RihKAGv.exe
  2⤵
  PID:11988
- C:\Windows\System\IjvenSK.exe
  C:\Windows\System\IjvenSK.exe
  2⤵
  PID:12032
- C:\Windows\System\nhSUnUK.exe
  C:\Windows\System\nhSUnUK.exe
  2⤵
  PID:12056
- C:\Windows\System\bJKGadL.exe
  C:\Windows\System\bJKGadL.exe
  2⤵
  PID:12084
- C:\Windows\System\MdOGgWu.exe
  C:\Windows\System\MdOGgWu.exe
  2⤵
  PID:12188
- C:\Windows\System\QAsoOpF.exe
  C:\Windows\System\QAsoOpF.exe
  2⤵
  PID:12224
- C:\Windows\System\GKBMNHp.exe
  C:\Windows\System\GKBMNHp.exe
  2⤵
  PID:12248
- C:\Windows\System\hTVRGog.exe
  C:\Windows\System\hTVRGog.exe
  2⤵
  PID:12276
- C:\Windows\System\dgYZCXZ.exe
  C:\Windows\System\dgYZCXZ.exe
  2⤵
  PID:10720
- C:\Windows\System\hJPiRSo.exe
  C:\Windows\System\hJPiRSo.exe
  2⤵
  PID:10524
- C:\Windows\System\QsyIMBp.exe
  C:\Windows\System\QsyIMBp.exe
  2⤵
  PID:11284
- C:\Windows\System\qIyODts.exe
  C:\Windows\System\qIyODts.exe
  2⤵
  PID:11360
- C:\Windows\System\dPHoTud.exe
  C:\Windows\System\dPHoTud.exe
  2⤵
  PID:11440
- C:\Windows\System\qnrPuCZ.exe
  C:\Windows\System\qnrPuCZ.exe
  2⤵
  PID:11320
- C:\Windows\System\FlxJsTY.exe
  C:\Windows\System\FlxJsTY.exe
  2⤵
  PID:11432
- C:\Windows\System\kBLfaTy.exe
  C:\Windows\System\kBLfaTy.exe
  2⤵
  PID:11468
- C:\Windows\System\ZTLApLi.exe
  C:\Windows\System\ZTLApLi.exe
  2⤵
  PID:11376
- C:\Windows\System\CMnQtCa.exe
  C:\Windows\System\CMnQtCa.exe
  2⤵
  PID:11624
- C:\Windows\System\iZfWDtY.exe
  C:\Windows\System\iZfWDtY.exe
  2⤵
  PID:11796
- C:\Windows\System\hfVZdse.exe
  C:\Windows\System\hfVZdse.exe
  2⤵
  PID:11880
- C:\Windows\System\yeGWYTL.exe
  C:\Windows\System\yeGWYTL.exe
  2⤵
  PID:11676
- C:\Windows\System\XpESuBM.exe
  C:\Windows\System\XpESuBM.exe
  2⤵
  PID:11916
- C:\Windows\System\YPCUGqs.exe
  C:\Windows\System\YPCUGqs.exe
  2⤵
  PID:12000
- C:\Windows\System\TrJEthS.exe
  C:\Windows\System\TrJEthS.exe
  2⤵
  PID:11848
- C:\Windows\System\kGBOecW.exe
  C:\Windows\System\kGBOecW.exe
  2⤵
  PID:12040
- C:\Windows\System\xHFVmTv.exe
  C:\Windows\System\xHFVmTv.exe
  2⤵
  PID:12208
- C:\Windows\System\tQUldYZ.exe
  C:\Windows\System\tQUldYZ.exe
  2⤵
  PID:12012
- C:\Windows\System\dhftJWz.exe
  C:\Windows\System\dhftJWz.exe
  2⤵
  PID:12184
- C:\Windows\System\HmbccQY.exe
  C:\Windows\System\HmbccQY.exe
  2⤵
  PID:11272
- C:\Windows\System\aeRksOr.exe
  C:\Windows\System\aeRksOr.exe
  2⤵
  PID:11216
- C:\Windows\System\YEqmEcM.exe
  C:\Windows\System\YEqmEcM.exe
  2⤵
  PID:10372
- C:\Windows\System\yYMnwEX.exe
  C:\Windows\System\yYMnwEX.exe
  2⤵
  PID:11516
- C:\Windows\System\oxTITDK.exe
  C:\Windows\System\oxTITDK.exe
  2⤵
  PID:11684
- C:\Windows\System\quAfmin.exe
  C:\Windows\System\quAfmin.exe
  2⤵
  PID:11896
- C:\Windows\System\NSKsXxo.exe
  C:\Windows\System\NSKsXxo.exe
  2⤵
  PID:11980
- C:\Windows\System\ZJtBGfU.exe
  C:\Windows\System\ZJtBGfU.exe
  2⤵
  PID:12300
- C:\Windows\System\RIXHvOA.exe
  C:\Windows\System\RIXHvOA.exe
  2⤵
  PID:12324
- C:\Windows\System\EXhrXde.exe
  C:\Windows\System\EXhrXde.exe
  2⤵
  PID:12340
- C:\Windows\System\EeEivrU.exe
  C:\Windows\System\EeEivrU.exe
  2⤵
  PID:12372
- C:\Windows\System\CDWkRyW.exe
  C:\Windows\System\CDWkRyW.exe
  2⤵
  PID:12396
- C:\Windows\System\SNtnSTq.exe
  C:\Windows\System\SNtnSTq.exe
  2⤵
  PID:12428
- C:\Windows\System\MOBYVFE.exe
  C:\Windows\System\MOBYVFE.exe
  2⤵
  PID:12448
- C:\Windows\System\oIlQYRl.exe
  C:\Windows\System\oIlQYRl.exe
  2⤵
  PID:12472
- C:\Windows\System\vKONvrQ.exe
  C:\Windows\System\vKONvrQ.exe
  2⤵
  PID:12496
- C:\Windows\System\umcHkkk.exe
  C:\Windows\System\umcHkkk.exe
  2⤵
  PID:12528
- C:\Windows\System\hDtcdkP.exe
  C:\Windows\System\hDtcdkP.exe
  2⤵
  PID:12556
- C:\Windows\System\ZtbVRvT.exe
  C:\Windows\System\ZtbVRvT.exe
  2⤵
  PID:12588
- C:\Windows\System\WyhLwzw.exe
  C:\Windows\System\WyhLwzw.exe
  2⤵
  PID:12608
- C:\Windows\System\KhZIBTA.exe
  C:\Windows\System\KhZIBTA.exe
  2⤵
  PID:12640
- C:\Windows\System\PzEtyAW.exe
  C:\Windows\System\PzEtyAW.exe
  2⤵
  PID:12664
- C:\Windows\System\ddATwIF.exe
  C:\Windows\System\ddATwIF.exe
  2⤵
  PID:12688
- C:\Windows\System\mISSGnQ.exe
  C:\Windows\System\mISSGnQ.exe
  2⤵
  PID:12716
- C:\Windows\System\dzprHKu.exe
  C:\Windows\System\dzprHKu.exe
  2⤵
  PID:12736
- C:\Windows\System\mEiAIuZ.exe
  C:\Windows\System\mEiAIuZ.exe
  2⤵
  PID:12764
- C:\Windows\System\GrnTRwI.exe
  C:\Windows\System\GrnTRwI.exe
  2⤵
  PID:12784
- C:\Windows\System\CnIJvjR.exe
  C:\Windows\System\CnIJvjR.exe
  2⤵
  PID:12812
- C:\Windows\System\NqXGgnf.exe
  C:\Windows\System\NqXGgnf.exe
  2⤵
  PID:12832
- C:\Windows\System\nmkLGIc.exe
  C:\Windows\System\nmkLGIc.exe
  2⤵
  PID:12856
- C:\Windows\System\WlfpEpt.exe
  C:\Windows\System\WlfpEpt.exe
  2⤵
  PID:12876
- C:\Windows\System\vCmICnh.exe
  C:\Windows\System\vCmICnh.exe
  2⤵
  PID:12908
- C:\Windows\System\rdAQkaX.exe
  C:\Windows\System\rdAQkaX.exe
  2⤵
  PID:12940
- C:\Windows\System\NwjqsKU.exe
  C:\Windows\System\NwjqsKU.exe
  2⤵
  PID:12960
- C:\Windows\System\LPlHlAD.exe
  C:\Windows\System\LPlHlAD.exe
  2⤵
  PID:12992
- C:\Windows\System\fhCLzAk.exe
  C:\Windows\System\fhCLzAk.exe
  2⤵
  PID:13012
- C:\Windows\System\EQrGySl.exe
  C:\Windows\System\EQrGySl.exe
  2⤵
  PID:13032
- C:\Windows\System\TOkQByG.exe
  C:\Windows\System\TOkQByG.exe
  2⤵
  PID:13056
- C:\Windows\System\mmMgkkv.exe
  C:\Windows\System\mmMgkkv.exe
  2⤵
  PID:13080
- C:\Windows\System\DTctRTZ.exe
  C:\Windows\System\DTctRTZ.exe
  2⤵
  PID:13112
- C:\Windows\System\OSKupOv.exe
  C:\Windows\System\OSKupOv.exe
  2⤵
  PID:13140
- C:\Windows\System\nivUNqK.exe
  C:\Windows\System\nivUNqK.exe
  2⤵
  PID:13160
- C:\Windows\System\HqxSxKb.exe
  C:\Windows\System\HqxSxKb.exe
  2⤵
  PID:13180
- C:\Windows\System\czISbVT.exe
  C:\Windows\System\czISbVT.exe
  2⤵
  PID:13208
- C:\Windows\System\vnnAUID.exe
  C:\Windows\System\vnnAUID.exe
  2⤵
  PID:13236
- C:\Windows\System\NuthVXF.exe
  C:\Windows\System\NuthVXF.exe
  2⤵
  PID:13256
- C:\Windows\System\LDalSoj.exe
  C:\Windows\System\LDalSoj.exe
  2⤵
  PID:13296
- C:\Windows\System\ivwSHwI.exe
  C:\Windows\System\ivwSHwI.exe
  2⤵
  PID:12072
- C:\Windows\System\MIlDzlX.exe
  C:\Windows\System\MIlDzlX.exe
  2⤵
  PID:11568
- C:\Windows\System\iCaOdAB.exe
  C:\Windows\System\iCaOdAB.exe
  2⤵
  PID:12204
- C:\Windows\System\JksZMlY.exe
  C:\Windows\System\JksZMlY.exe
  2⤵
  PID:11328
- C:\Windows\System\UYIktcT.exe
  C:\Windows\System\UYIktcT.exe
  2⤵
  PID:11456
- C:\Windows\System\zJSaqHD.exe
  C:\Windows\System\zJSaqHD.exe
  2⤵
  PID:11784
- C:\Windows\System\PzSMzdu.exe
  C:\Windows\System\PzSMzdu.exe
  2⤵
  PID:11876
- C:\Windows\System\gdlUVcG.exe
  C:\Windows\System\gdlUVcG.exe
  2⤵
  PID:12336
- C:\Windows\System\SYheYCo.exe
  C:\Windows\System\SYheYCo.exe
  2⤵
  PID:12548
- C:\Windows\System\ExcAkiM.exe
  C:\Windows\System\ExcAkiM.exe
  2⤵
  PID:12412
- C:\Windows\System\DQhvqwS.exe
  C:\Windows\System\DQhvqwS.exe
  2⤵
  PID:12524
- C:\Windows\System\gwNprBn.exe
  C:\Windows\System\gwNprBn.exe
  2⤵
  PID:12568
- C:\Windows\System\npOdmMo.exe
  C:\Windows\System\npOdmMo.exe
  2⤵
  PID:12772
- C:\Windows\System\pMLCGQZ.exe
  C:\Windows\System\pMLCGQZ.exe
  2⤵
  PID:12808
- C:\Windows\System\iOQuFnj.exe
  C:\Windows\System\iOQuFnj.exe
  2⤵
  PID:12848
- C:\Windows\System\BoglWjR.exe
  C:\Windows\System\BoglWjR.exe
  2⤵
  PID:12916
- C:\Windows\System\TxskpeR.exe
  C:\Windows\System\TxskpeR.exe
  2⤵
  PID:12980
- C:\Windows\System\yAlsFBA.exe
  C:\Windows\System\yAlsFBA.exe
  2⤵
  PID:12724
- C:\Windows\System\kFZnSaY.exe
  C:\Windows\System\kFZnSaY.exe
  2⤵
  PID:13136
- C:\Windows\System\fsVGmTe.exe
  C:\Windows\System\fsVGmTe.exe
  2⤵
  PID:13244
- C:\Windows\System\XlwdnIs.exe
  C:\Windows\System\XlwdnIs.exe
  2⤵
  PID:13048
- C:\Windows\System\hRUAwFj.exe
  C:\Windows\System\hRUAwFj.exe
  2⤵
  PID:13152
- C:\Windows\System\XDrwOjW.exe
  C:\Windows\System\XDrwOjW.exe
  2⤵
  PID:13248
- C:\Windows\System\VTxyRKi.exe
  C:\Windows\System\VTxyRKi.exe
  2⤵
  PID:13308
- C:\Windows\System\KAYvTLl.exe
  C:\Windows\System\KAYvTLl.exe
  2⤵
  PID:10600
- C:\Windows\System\tIHsgCG.exe
  C:\Windows\System\tIHsgCG.exe
  2⤵
  PID:11828
- C:\Windows\System\RXPQpZf.exe
  C:\Windows\System\RXPQpZf.exe
  2⤵
  PID:13028
- C:\Windows\System\MZYkLZa.exe
  C:\Windows\System\MZYkLZa.exe
  2⤵
  PID:13336
- C:\Windows\System\VPqLsZa.exe
  C:\Windows\System\VPqLsZa.exe
  2⤵
  PID:13356
- C:\Windows\System\TwhrcRW.exe
  C:\Windows\System\TwhrcRW.exe
  2⤵
  PID:13396
- C:\Windows\System\MRrwRqC.exe
  C:\Windows\System\MRrwRqC.exe
  2⤵
  PID:13412
- C:\Windows\System\VqQxWPH.exe
  C:\Windows\System\VqQxWPH.exe
  2⤵
  PID:13432
- C:\Windows\System\qAIqiGV.exe
  C:\Windows\System\qAIqiGV.exe
  2⤵
  PID:13452
- C:\Windows\System\fsolRlZ.exe
  C:\Windows\System\fsolRlZ.exe
  2⤵
  PID:13488
- C:\Windows\System\meJVZbF.exe
  C:\Windows\System\meJVZbF.exe
  2⤵
  PID:13512
- C:\Windows\System\SoIlIrp.exe
  C:\Windows\System\SoIlIrp.exe
  2⤵
  PID:13536
- C:\Windows\System\rXpxaOx.exe
  C:\Windows\System\rXpxaOx.exe
  2⤵
  PID:13552
- C:\Windows\System\HZiHVuo.exe
  C:\Windows\System\HZiHVuo.exe
  2⤵
  PID:13568
- C:\Windows\System\FaQFWGl.exe
  C:\Windows\System\FaQFWGl.exe
  2⤵
  PID:13592
- C:\Windows\System\fAKkQpN.exe
  C:\Windows\System\fAKkQpN.exe
  2⤵
  PID:13620
- C:\Windows\System\lGgHPOd.exe
  C:\Windows\System\lGgHPOd.exe
  2⤵
  PID:13644
- C:\Windows\System\fZCuXoL.exe
  C:\Windows\System\fZCuXoL.exe
  2⤵
  PID:13668
- C:\Windows\System\NJSGTwu.exe
  C:\Windows\System\NJSGTwu.exe
  2⤵
  PID:13692
- C:\Windows\System\dCmhnoj.exe
  C:\Windows\System\dCmhnoj.exe
  2⤵
  PID:13724
- C:\Windows\System\SkllVrV.exe
  C:\Windows\System\SkllVrV.exe
  2⤵
  PID:13752
- C:\Windows\System\CUKYYEE.exe
  C:\Windows\System\CUKYYEE.exe
  2⤵
  PID:13780
- C:\Windows\System\rQvJScU.exe
  C:\Windows\System\rQvJScU.exe
  2⤵
  PID:13800
- C:\Windows\System\ovvNcgV.exe
  C:\Windows\System\ovvNcgV.exe
  2⤵
  PID:13820
- C:\Windows\System\AVyFGkD.exe
  C:\Windows\System\AVyFGkD.exe
  2⤵
  PID:13836
- C:\Windows\System\jLUnYdi.exe
  C:\Windows\System\jLUnYdi.exe
  2⤵
  PID:13864
- C:\Windows\System\zLUzzmm.exe
  C:\Windows\System\zLUzzmm.exe
  2⤵
  PID:13900
- C:\Windows\System\jgunaSw.exe
  C:\Windows\System\jgunaSw.exe
  2⤵
  PID:13920
- C:\Windows\System\XskmZWN.exe
  C:\Windows\System\XskmZWN.exe
  2⤵
  PID:13956
- C:\Windows\System\reTmubO.exe
  C:\Windows\System\reTmubO.exe
  2⤵
  PID:13976
- C:\Windows\System\JzdkvZo.exe
  C:\Windows\System\JzdkvZo.exe
  2⤵
  PID:13996
- C:\Windows\System\pendPyO.exe
  C:\Windows\System\pendPyO.exe
  2⤵
  PID:14028
- C:\Windows\System\VjpejZI.exe
  C:\Windows\System\VjpejZI.exe
  2⤵
  PID:14136
- C:\Windows\System\uBWlydJ.exe
  C:\Windows\System\uBWlydJ.exe
  2⤵
  PID:14152
- C:\Windows\System\STXNWAx.exe
  C:\Windows\System\STXNWAx.exe
  2⤵
  PID:14168
- C:\Windows\System\iIMelgp.exe
  C:\Windows\System\iIMelgp.exe
  2⤵
  PID:14184
- C:\Windows\System\LnEfrYR.exe
  C:\Windows\System\LnEfrYR.exe
  2⤵
  PID:14204
- C:\Windows\System\EKDucun.exe
  C:\Windows\System\EKDucun.exe
  2⤵
  PID:14228
- C:\Windows\System\kEfSiYL.exe
  C:\Windows\System\kEfSiYL.exe
  2⤵
  PID:14244
- C:\Windows\System\vPMWrdA.exe
  C:\Windows\System\vPMWrdA.exe
  2⤵
  PID:14284
- C:\Windows\System\XExVqQu.exe
  C:\Windows\System\XExVqQu.exe
  2⤵
  PID:14328
- C:\Windows\System\GCDBTgG.exe
  C:\Windows\System\GCDBTgG.exe
  2⤵
  PID:13124
- C:\Windows\System\coLdxQJ.exe
  C:\Windows\System\coLdxQJ.exe
  2⤵
  PID:12800
- C:\Windows\System\TNTwwuw.exe
  C:\Windows\System\TNTwwuw.exe
  2⤵
  PID:12616
- C:\Windows\System\DvPmyeT.exe
  C:\Windows\System\DvPmyeT.exe
  2⤵
  PID:12972
- C:\Windows\System\ubydxtj.exe
  C:\Windows\System\ubydxtj.exe
  2⤵
  PID:13344
- C:\Windows\System\WsgPhZc.exe
  C:\Windows\System\WsgPhZc.exe
  2⤵
  PID:14040
- C:\Windows\System\esfmtlT.exe
  C:\Windows\System\esfmtlT.exe
  2⤵
  PID:14120
- C:\Windows\System\aPRPHnL.exe
  C:\Windows\System\aPRPHnL.exe
  2⤵
  PID:13860
- C:\Windows\System\dzRQMgt.exe
  C:\Windows\System\dzRQMgt.exe
  2⤵
  PID:14268
- C:\Windows\System\ILoxHZu.exe
  C:\Windows\System\ILoxHZu.exe
  2⤵
  PID:14132
- C:\Windows\System\ZqPlAQm.exe
  C:\Windows\System\ZqPlAQm.exe
  2⤵
  PID:14320
- C:\Windows\System\YJHOZwu.exe
  C:\Windows\System\YJHOZwu.exe
  2⤵
  PID:13288
- C:\Windows\System\hOrbzOX.exe
  C:\Windows\System\hOrbzOX.exe
  2⤵
  PID:14220
- C:\Windows\System\xnuckzw.exe
  C:\Windows\System\xnuckzw.exe
  2⤵
  PID:13520
- C:\Windows\System\IDSJlFl.exe
  C:\Windows\System\IDSJlFl.exe
  2⤵
  PID:13560
- C:\Windows\System\nKwfRLQ.exe
  C:\Windows\System\nKwfRLQ.exe
  2⤵
  PID:14008
- C:\Windows\System\vACGPSJ.exe
  C:\Windows\System\vACGPSJ.exe
  2⤵
  PID:13324
- C:\Windows\System\GJLzSrX.exe
  C:\Windows\System\GJLzSrX.exe
  2⤵
  PID:14360
- C:\Windows\System\EKPeAPp.exe
  C:\Windows\System\EKPeAPp.exe
  2⤵
  PID:14384
- C:\Windows\System\hmctVxV.exe
  C:\Windows\System\hmctVxV.exe
  2⤵
  PID:14400
- C:\Windows\System\CwOssRA.exe
  C:\Windows\System\CwOssRA.exe
  2⤵
  PID:14436
- C:\Windows\System\ttRQCli.exe
  C:\Windows\System\ttRQCli.exe
  2⤵
  PID:14460
- C:\Windows\System\oPZdhsT.exe
  C:\Windows\System\oPZdhsT.exe
  2⤵
  PID:14488
- C:\Windows\System\xYzcjie.exe
  C:\Windows\System\xYzcjie.exe
  2⤵
  PID:14524
- C:\Windows\System\QFfQxpV.exe
  C:\Windows\System\QFfQxpV.exe
  2⤵
  PID:14548
- C:\Windows\System\SOWlxSi.exe
  C:\Windows\System\SOWlxSi.exe
  2⤵
  PID:14576
- C:\Windows\System\yyPGjvQ.exe
  C:\Windows\System\yyPGjvQ.exe
  2⤵
  PID:14596
- C:\Windows\System\dKGDUdi.exe
  C:\Windows\System\dKGDUdi.exe
  2⤵
  PID:14620
- C:\Windows\System\ofhNCIE.exe
  C:\Windows\System\ofhNCIE.exe
  2⤵
  PID:14640
- C:\Windows\System\xyIeeCY.exe
  C:\Windows\System\xyIeeCY.exe
  2⤵
  PID:14680
- C:\Windows\System\zDQSNbv.exe
  C:\Windows\System\zDQSNbv.exe
  2⤵
  PID:14700
- C:\Windows\System\mTIKWBn.exe
  C:\Windows\System\mTIKWBn.exe
  2⤵
  PID:14724
- C:\Windows\System\NPDKHuO.exe
  C:\Windows\System\NPDKHuO.exe
  2⤵
  PID:14756
- C:\Windows\System\bsjnyEe.exe
  C:\Windows\System\bsjnyEe.exe
  2⤵
  PID:14772
- C:\Windows\System\hmgDimB.exe
  C:\Windows\System\hmgDimB.exe
  2⤵
  PID:14796
- C:\Windows\System\RgywGYQ.exe
  C:\Windows\System\RgywGYQ.exe
  2⤵
  PID:14820
- C:\Windows\System\wIEuvnM.exe
  C:\Windows\System\wIEuvnM.exe
  2⤵
  PID:14852
- C:\Windows\System\hvUfmfC.exe
  C:\Windows\System\hvUfmfC.exe
  2⤵
  PID:14872
- C:\Windows\System\JPNolaA.exe
  C:\Windows\System\JPNolaA.exe
  2⤵
  PID:14892
- C:\Windows\System\dVMyQZb.exe
  C:\Windows\System\dVMyQZb.exe
  2⤵
  PID:14916
- C:\Windows\System\OhbXjuB.exe
  C:\Windows\System\OhbXjuB.exe
  2⤵
  PID:14940
- C:\Windows\System\ICDszAC.exe
  C:\Windows\System\ICDszAC.exe
  2⤵
  PID:14960
- C:\Windows\System\ZfcOsOr.exe
  C:\Windows\System\ZfcOsOr.exe
  2⤵
  PID:14988
- C:\Windows\System\zZHsxsR.exe
  C:\Windows\System\zZHsxsR.exe
  2⤵
  PID:15016
- C:\Windows\System\yOegDXE.exe
  C:\Windows\System\yOegDXE.exe
  2⤵
  PID:15040
- C:\Windows\System\trNttfO.exe
  C:\Windows\System\trNttfO.exe
  2⤵
  PID:15064
- C:\Windows\System\OUDGesJ.exe
  C:\Windows\System\OUDGesJ.exe
  2⤵
  PID:15080
- C:\Windows\System\btNxrsz.exe
  C:\Windows\System\btNxrsz.exe
  2⤵
  PID:15108
- C:\Windows\System\ZsbRkQu.exe
  C:\Windows\System\ZsbRkQu.exe
  2⤵
  PID:15136
- C:\Windows\System\RyjloFz.exe
  C:\Windows\System\RyjloFz.exe
  2⤵
  PID:15156
- C:\Windows\System\yDiqqbF.exe
  C:\Windows\System\yDiqqbF.exe
  2⤵
  PID:15180
- C:\Windows\System\WjcyKiO.exe
  C:\Windows\System\WjcyKiO.exe
  2⤵
  PID:15200
- C:\Windows\System\ufzWJGW.exe
  C:\Windows\System\ufzWJGW.exe
  2⤵
  PID:15220
- C:\Windows\System\IOkbiti.exe
  C:\Windows\System\IOkbiti.exe
  2⤵
  PID:15244
- C:\Windows\System\NioKgRJ.exe
  C:\Windows\System\NioKgRJ.exe
  2⤵
  PID:15264
- C:\Windows\System\NQqruaM.exe
  C:\Windows\System\NQqruaM.exe
  2⤵
  PID:15292
- C:\Windows\System\UJiqPMU.exe
  C:\Windows\System\UJiqPMU.exe
  2⤵
  PID:15320
- C:\Windows\System\BbknxYo.exe
  C:\Windows\System\BbknxYo.exe
  2⤵
  PID:15340
- C:\Windows\System\XvrIueE.exe
  C:\Windows\System\XvrIueE.exe
  2⤵
  PID:14236
- C:\Windows\System\iupFgdq.exe
  C:\Windows\System\iupFgdq.exe
  2⤵
  PID:14216
- C:\Windows\System\xYMCGbb.exe
  C:\Windows\System\xYMCGbb.exe
  2⤵
  PID:13852
- C:\Windows\System\snzBasZ.exe
  C:\Windows\System\snzBasZ.exe
  2⤵
  PID:13916
- C:\Windows\System\TOzsRMU.exe
  C:\Windows\System\TOzsRMU.exe
  2⤵
  PID:14292
- C:\Windows\System\LGhWGel.exe
  C:\Windows\System\LGhWGel.exe
  2⤵
  PID:14160
- C:\Windows\System\VOMhDzu.exe
  C:\Windows\System\VOMhDzu.exe
  2⤵
  PID:14352
- C:\Windows\System\heFmQOP.exe
  C:\Windows\System\heFmQOP.exe
  2⤵
  PID:14420
- C:\Windows\System\HrMhdrS.exe
  C:\Windows\System\HrMhdrS.exe
  2⤵
  PID:14496
- C:\Windows\System\Haqptre.exe
  C:\Windows\System\Haqptre.exe
  2⤵
  PID:14536
- C:\Windows\System\pUStekW.exe
  C:\Windows\System\pUStekW.exe
  2⤵
  PID:14564
- C:\Windows\System\syNBvoX.exe
  C:\Windows\System\syNBvoX.exe
  2⤵
  PID:14664
- C:\Windows\System\dTLqwoT.exe
  C:\Windows\System\dTLqwoT.exe
  2⤵
  PID:14716
- C:\Windows\System\PwLWVgf.exe
  C:\Windows\System\PwLWVgf.exe
  2⤵
  PID:15004
- C:\Windows\System\vhJHQew.exe
  C:\Windows\System\vhJHQew.exe
  2⤵
  PID:14632
- C:\Windows\System\JKbYXoi.exe
  C:\Windows\System\JKbYXoi.exe
  2⤵
  PID:14904
- C:\Windows\System\RJUcZLj.exe
  C:\Windows\System\RJUcZLj.exe
  2⤵
  PID:14788
- C:\Windows\System\ACNUKKs.exe
  C:\Windows\System\ACNUKKs.exe
  2⤵
  PID:14832
- C:\Windows\System\lMfxTCl.exe
  C:\Windows\System\lMfxTCl.exe
  2⤵
  PID:15300
- C:\Windows\System\WlXmoSa.exe
  C:\Windows\System\WlXmoSa.exe
  2⤵
  PID:14936
- C:\Windows\System\MmaTeAU.exe
  C:\Windows\System\MmaTeAU.exe
  2⤵
  PID:14980
- C:\Windows\System\CxjIyKc.exe
  C:\Windows\System\CxjIyKc.exe
  2⤵
  PID:15056
- C:\Windows\System\GdHfpnc.exe
  C:\Windows\System\GdHfpnc.exe
  2⤵
  PID:15104
- C:\Windows\System\YrGPEWB.exe
  C:\Windows\System\YrGPEWB.exe
  2⤵
  PID:13984
- C:\Windows\System\EaJEThd.exe
  C:\Windows\System\EaJEThd.exe
  2⤵
  PID:14180
- C:\Windows\System\PviRQjA.exe
  C:\Windows\System\PviRQjA.exe
  2⤵
  PID:14816
- C:\Windows\System\XzhZVbE.exe
  C:\Windows\System\XzhZVbE.exe
  2⤵
  PID:14884
- C:\Windows\System\KEWiqRT.exe
  C:\Windows\System\KEWiqRT.exe
  2⤵
  PID:15228
- C:\Windows\System\sDCIjAL.exe
  C:\Windows\System\sDCIjAL.exe
  2⤵
  PID:15388
- C:\Windows\System\uqdPUpw.exe
  C:\Windows\System\uqdPUpw.exe
  2⤵
  PID:15416
- C:\Windows\System\RxmCiQF.exe
  C:\Windows\System\RxmCiQF.exe
  2⤵
  PID:15440
- C:\Windows\System\HAWvDRl.exe
  C:\Windows\System\HAWvDRl.exe
  2⤵
  PID:15464
- C:\Windows\System\ecdaUII.exe
  C:\Windows\System\ecdaUII.exe
  2⤵
  PID:15492
- C:\Windows\System\cSovnat.exe
  C:\Windows\System\cSovnat.exe
  2⤵
  PID:15524
- C:\Windows\System\ydjiVNl.exe
  C:\Windows\System\ydjiVNl.exe
  2⤵
  PID:15540
- C:\Windows\System\ZAoXKmf.exe
  C:\Windows\System\ZAoXKmf.exe
  2⤵
  PID:15564
- C:\Windows\System\NoRtvJD.exe
  C:\Windows\System\NoRtvJD.exe
  2⤵
  PID:15584
- C:\Windows\System\NdIlOIj.exe
  C:\Windows\System\NdIlOIj.exe
  2⤵
  PID:15604
- C:\Windows\System\CEFGJrx.exe
  C:\Windows\System\CEFGJrx.exe
  2⤵
  PID:15640
- C:\Windows\System\wiBySmu.exe
  C:\Windows\System\wiBySmu.exe
  2⤵
  PID:15672
- C:\Windows\System\PFbDJNJ.exe
  C:\Windows\System\PFbDJNJ.exe
  2⤵
  PID:15700
- C:\Windows\System\eJgzEXP.exe
  C:\Windows\System\eJgzEXP.exe
  2⤵
  PID:15724
- C:\Windows\System\CnYCrlm.exe
  C:\Windows\System\CnYCrlm.exe
  2⤵
  PID:15764
- C:\Windows\System\DGzMTPz.exe
  C:\Windows\System\DGzMTPz.exe
  2⤵
  PID:15788
- C:\Windows\System\Imaiday.exe
  C:\Windows\System\Imaiday.exe
  2⤵
  PID:15808
- C:\Windows\System\YvkUcEN.exe
  C:\Windows\System\YvkUcEN.exe
  2⤵
  PID:15824
- C:\Windows\System\kzWfbcU.exe
  C:\Windows\System\kzWfbcU.exe
  2⤵
  PID:15852
- C:\Windows\System\HutHWZW.exe
  C:\Windows\System\HutHWZW.exe
  2⤵
  PID:15876
- C:\Windows\System\UdtuNZJ.exe
  C:\Windows\System\UdtuNZJ.exe
  2⤵
  PID:15896
- C:\Windows\System\jNqNfDn.exe
  C:\Windows\System\jNqNfDn.exe
  2⤵
  PID:15912
- C:\Windows\System\WfGoHPr.exe
  C:\Windows\System\WfGoHPr.exe
  2⤵
  PID:15948
- C:\Windows\System\mgGbdWd.exe
  C:\Windows\System\mgGbdWd.exe
  2⤵
  PID:15964
- C:\Windows\System\oxRbuyz.exe
  C:\Windows\System\oxRbuyz.exe
  2⤵
  PID:15980
- C:\Windows\System\IeUPbfA.exe
  C:\Windows\System\IeUPbfA.exe
  2⤵
  PID:15996
- C:\Windows\System\JWhFwOL.exe
  C:\Windows\System\JWhFwOL.exe
  2⤵
  PID:16020
- C:\Windows\System\rlCwrgr.exe
  C:\Windows\System\rlCwrgr.exe
  2⤵
  PID:16036
- C:\Windows\System\rftPLfc.exe
  C:\Windows\System\rftPLfc.exe
  2⤵
  PID:16064
- C:\Windows\System\KKgahEF.exe
  C:\Windows\System\KKgahEF.exe
  2⤵
  PID:16092
- C:\Windows\System\VcBouil.exe
  C:\Windows\System\VcBouil.exe
  2⤵
  PID:16108
- C:\Windows\System\CanJwLa.exe
  C:\Windows\System\CanJwLa.exe
  2⤵
  PID:16136
- C:\Windows\System\kCKcDem.exe
  C:\Windows\System\kCKcDem.exe
  2⤵
  PID:16160
- C:\Windows\System\caRahTV.exe
  C:\Windows\System\caRahTV.exe
  2⤵
  PID:16180
- C:\Windows\System\sTkhoDp.exe
  C:\Windows\System\sTkhoDp.exe
  2⤵
  PID:16204
- C:\Windows\System\UQLhqSP.exe
  C:\Windows\System\UQLhqSP.exe
  2⤵
  PID:16228
- C:\Windows\System\SQZiGDd.exe
  C:\Windows\System\SQZiGDd.exe
  2⤵
  PID:16248
- C:\Windows\System\yVnckoH.exe
  C:\Windows\System\yVnckoH.exe
  2⤵
  PID:16276
- C:\Windows\System\ziqqSQq.exe
  C:\Windows\System\ziqqSQq.exe
  2⤵
  PID:16296
- C:\Windows\System\LpnMbIt.exe
  C:\Windows\System\LpnMbIt.exe
  2⤵
  PID:16316
- C:\Windows\System\yxzvyoU.exe
  C:\Windows\System\yxzvyoU.exe
  2⤵
  PID:16336
- C:\Windows\System\tbECJVd.exe
  C:\Windows\System\tbECJVd.exe
  2⤵
  PID:16356
- C:\Windows\System\vAoQrpr.exe
  C:\Windows\System\vAoQrpr.exe
  2⤵
  PID:16372
- C:\Windows\System\CUTbBRJ.exe
  C:\Windows\System\CUTbBRJ.exe
  2⤵
  PID:14616
- C:\Windows\System\JPZdOHh.exe
  C:\Windows\System\JPZdOHh.exe
  2⤵
  PID:14972
- C:\Windows\System\zYvZOoI.exe
  C:\Windows\System\zYvZOoI.exe
  2⤵
  PID:14768
- C:\Windows\System\xdoyNto.exe
  C:\Windows\System\xdoyNto.exe
  2⤵
  PID:14932
- C:\Windows\System\TlRVFqz.exe
  C:\Windows\System\TlRVFqz.exe
  2⤵
  PID:15336
- C:\Windows\System\LBcedMb.exe
  C:\Windows\System\LBcedMb.exe
  2⤵
  PID:15476
- C:\Windows\System\ruELcVN.exe
  C:\Windows\System\ruELcVN.exe
  2⤵
  PID:15552
- C:\Windows\System\gyEIcsn.exe
  C:\Windows\System\gyEIcsn.exe
  2⤵
  PID:14668
- C:\Windows\System\mUIzdAJ.exe
  C:\Windows\System\mUIzdAJ.exe
  2⤵
  PID:14280
- C:\Windows\System\qTJpbRN.exe
  C:\Windows\System\qTJpbRN.exe
  2⤵
  PID:14456
- C:\Windows\System\FypLVms.exe
  C:\Windows\System\FypLVms.exe
  2⤵
  PID:15664
- C:\Windows\System\KVsTIXu.exe
  C:\Windows\System\KVsTIXu.exe
  2⤵
  PID:14148
- C:\Windows\System\RQgCnMh.exe
  C:\Windows\System\RQgCnMh.exe
  2⤵
  PID:15488
- C:\Windows\System\kxeAlRC.exe
  C:\Windows\System\kxeAlRC.exe
  2⤵
  PID:15652
- C:\Windows\System\edVnTiN.exe
  C:\Windows\System\edVnTiN.exe
  2⤵
  PID:15988
- C:\Windows\System\HMSmjrT.exe
  C:\Windows\System\HMSmjrT.exe
  2⤵
  PID:15716
- C:\Windows\System\OqyAYnb.exe
  C:\Windows\System\OqyAYnb.exe
  2⤵
  PID:15396
- C:\Windows\System\yTJguce.exe
  C:\Windows\System\yTJguce.exe
  2⤵
  PID:16100
- C:\Windows\System\YzdFyLT.exe
  C:\Windows\System\YzdFyLT.exe
  2⤵
  PID:15452
- C:\Windows\System\QaKKNqC.exe
  C:\Windows\System\QaKKNqC.exe
  2⤵
  PID:16168
- C:\Windows\System\NRurryB.exe
  C:\Windows\System\NRurryB.exe
  2⤵
  PID:16196
- C:\Windows\System\vuwYYii.exe
  C:\Windows\System\vuwYYii.exe
  2⤵
  PID:16256
- C:\Windows\System\lFqZtIs.exe
  C:\Windows\System\lFqZtIs.exe
  2⤵
  PID:16312
- C:\Windows\System\tugrTaC.exe
  C:\Windows\System\tugrTaC.exe
  2⤵
  PID:16368
- C:\Windows\System\wmXFzym.exe
  C:\Windows\System\wmXFzym.exe
  2⤵
  PID:15772
- C:\Windows\System\AAyRABZ.exe
  C:\Windows\System\AAyRABZ.exe
  2⤵
  PID:14864
- C:\Windows\System\cJbYIxP.exe
  C:\Windows\System\cJbYIxP.exe
  2⤵
  PID:15840
- C:\Windows\System\PDtZCYa.exe
  C:\Windows\System\PDtZCYa.exe
  2⤵
  PID:16412
- C:\Windows\System\TsIfvKM.exe
  C:\Windows\System\TsIfvKM.exe
  2⤵
  PID:16428
- C:\Windows\System\rxwAvki.exe
  C:\Windows\System\rxwAvki.exe
  2⤵
  PID:16444
- C:\Windows\System\GwXeZqn.exe
  C:\Windows\System\GwXeZqn.exe
  2⤵
  PID:16476
- C:\Windows\System\QafMDHx.exe
  C:\Windows\System\QafMDHx.exe
  2⤵
  PID:16492
- C:\Windows\System\KLkpoCp.exe
  C:\Windows\System\KLkpoCp.exe
  2⤵
  PID:16516
- C:\Windows\System\ySCrLba.exe
  C:\Windows\System\ySCrLba.exe
  2⤵
  PID:16548
- C:\Windows\System\AlvqIvg.exe
  C:\Windows\System\AlvqIvg.exe
  2⤵
  PID:16576
- C:\Windows\System\zmAnxYU.exe
  C:\Windows\System\zmAnxYU.exe
  2⤵
  PID:16600
- C:\Windows\System\bXRIHIJ.exe
  C:\Windows\System\bXRIHIJ.exe
  2⤵
  PID:16624
- C:\Windows\System\LFnAnjz.exe
  C:\Windows\System\LFnAnjz.exe
  2⤵
  PID:16656
- C:\Windows\System\xFjBpXB.exe
  C:\Windows\System\xFjBpXB.exe
  2⤵
  PID:16684
- C:\Windows\System\AytqbKl.exe
  C:\Windows\System\AytqbKl.exe
  2⤵
  PID:16724
- C:\Windows\System\mqgXLww.exe
  C:\Windows\System\mqgXLww.exe
  2⤵
  PID:16744
- C:\Windows\System\ZiVMbvj.exe
  C:\Windows\System\ZiVMbvj.exe
  2⤵
  PID:16760
- C:\Windows\System\EUKmEUx.exe
  C:\Windows\System\EUKmEUx.exe
  2⤵
  PID:16792
- C:\Windows\System\zQoAilx.exe
  C:\Windows\System\zQoAilx.exe
  2⤵
  PID:16820
- C:\Windows\System\YCutkBo.exe
  C:\Windows\System\YCutkBo.exe
  2⤵
  PID:16840
- C:\Windows\System\qGstQJN.exe
  C:\Windows\System\qGstQJN.exe
  2⤵
  PID:16860
- C:\Windows\System\HCtYUeh.exe
  C:\Windows\System\HCtYUeh.exe
  2⤵
  PID:16880
- C:\Windows\System\wSGowBt.exe
  C:\Windows\System\wSGowBt.exe
  2⤵
  PID:16904
- C:\Windows\System\uHPQkSu.exe
  C:\Windows\System\uHPQkSu.exe
  2⤵
  PID:16932
- C:\Windows\System\phjzXTj.exe
  C:\Windows\System\phjzXTj.exe
  2⤵
  PID:16956
- C:\Windows\System\WMWXhPD.exe
  C:\Windows\System\WMWXhPD.exe
  2⤵
  PID:16972
- C:\Windows\System\gNIFQoE.exe
  C:\Windows\System\gNIFQoE.exe
  2⤵
  PID:16988
- C:\Windows\System\qwZZyxy.exe
  C:\Windows\System\qwZZyxy.exe
  2⤵
  PID:17008
- C:\Windows\System\EyfNYOA.exe
  C:\Windows\System\EyfNYOA.exe
  2⤵
  PID:17348
- C:\Windows\System\TRJCVqe.exe
  C:\Windows\System\TRJCVqe.exe
  2⤵
  PID:15972
- C:\Windows\System\vVnNzRt.exe
  C:\Windows\System\vVnNzRt.exe
  2⤵
  PID:16124
- C:\Windows\System\mmYIqyc.exe
  C:\Windows\System\mmYIqyc.exe
  2⤵
  PID:15904
- C:\Windows\System\qCJjcDy.exe
  C:\Windows\System\qCJjcDy.exe
  2⤵
  PID:16088
- C:\Windows\System\cMvRcqS.exe
  C:\Windows\System\cMvRcqS.exe
  2⤵
  PID:16364
- C:\Windows\System\VDspRKA.exe
  C:\Windows\System\VDspRKA.exe
  2⤵
  PID:16424
- C:\Windows\System\wTomWTf.exe
  C:\Windows\System\wTomWTf.exe
  2⤵
  PID:17028
- C:\Windows\System\lcNEwOf.exe
  C:\Windows\System\lcNEwOf.exe
  2⤵
  PID:15796
- C:\Windows\System\rovqaKp.exe
  C:\Windows\System\rovqaKp.exe
  2⤵
  PID:16696
- C:\Windows\System\pZoVZMC.exe
  C:\Windows\System\pZoVZMC.exe
  2⤵
  PID:16192
- C:\Windows\System\LWxkiIZ.exe
  C:\Windows\System\LWxkiIZ.exe
  2⤵
  PID:16388
- C:\Windows\System\aLjfrKO.exe
  C:\Windows\System\aLjfrKO.exe
  2⤵
  PID:16436
- C:\Windows\System\dRUxKQN.exe
  C:\Windows\System\dRUxKQN.exe
  2⤵
  PID:17192
- C:\Windows\System\HnPEnHB.exe
  C:\Windows\System\HnPEnHB.exe
  2⤵
  PID:17072
- C:\Windows\System\rWODBMT.exe
  C:\Windows\System\rWODBMT.exe
  2⤵
  PID:16592
- C:\Windows\System\EImrjQZ.exe
  C:\Windows\System\EImrjQZ.exe
  2⤵
  PID:16984
- C:\Windows\System\hoLXuTY.exe
  C:\Windows\System\hoLXuTY.exe
  2⤵
  PID:17200
- C:\Windows\System\uxYbenv.exe
  C:\Windows\System\uxYbenv.exe
  2⤵
  PID:17176
- C:\Windows\System\euUySUR.exe
  C:\Windows\System\euUySUR.exe
  2⤵
  PID:17280
- C:\Windows\System\vuZMSlb.exe
  C:\Windows\System\vuZMSlb.exe
  2⤵
  PID:17308
- C:\Windows\System\VwbNENy.exe
  C:\Windows\System\VwbNENy.exe
  2⤵
  PID:16240
- C:\Windows\System\iPiCKlc.exe
  C:\Windows\System\iPiCKlc.exe
  2⤵
  PID:2404
- C:\Windows\System\cafpRxG.exe
  C:\Windows\System\cafpRxG.exe
  2⤵
  PID:17088
- C:\Windows\System\IvdCntu.exe
  C:\Windows\System\IvdCntu.exe
  2⤵
  PID:16812
- C:\Windows\System\OwQEQcq.exe
  C:\Windows\System\OwQEQcq.exe
  2⤵
  PID:17208
- C:\Windows\System\QNcaQRg.exe
  C:\Windows\System\QNcaQRg.exe
  2⤵
  PID:17116
- C:\Windows\System\fJhImvF.exe
  C:\Windows\System\fJhImvF.exe
  2⤵
  PID:17276
- C:\Windows\System\PvNXEMC.exe
  C:\Windows\System\PvNXEMC.exe
  2⤵
  PID:17400
- C:\Windows\System\JlkpDkC.exe
  C:\Windows\System\JlkpDkC.exe
  2⤵
  PID:16800
- C:\Windows\System\mraiHma.exe
  C:\Windows\System\mraiHma.exe
  2⤵
  PID:17120
- C:\Windows\System\ZZtVnoo.exe
  C:\Windows\System\ZZtVnoo.exe
  2⤵
  PID:16664
- C:\Windows\System\YqMcHBI.exe
  C:\Windows\System\YqMcHBI.exe
  2⤵
  PID:16836
- C:\Windows\System\mlgnlPJ.exe
  C:\Windows\System\mlgnlPJ.exe
  2⤵
  PID:17152
- C:\Windows\System\KcMJXoX.exe
  C:\Windows\System\KcMJXoX.exe
  2⤵
  PID:14840
- C:\Windows\System\ERkaHPC.exe
  C:\Windows\System\ERkaHPC.exe
  2⤵
  PID:17232

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17020

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1136

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:15716

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:15772

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:16820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AMinGGN.exe

Filesize
1.9MB

MD5
67c1e72ad1822fee07f50f59ada84ec4

SHA1
f18306b925702a8a8e2cdbc5ff97e700d7e88c63

SHA256
51caf18d9b73f3154abe0d189a6fd07954ddd9052f58cd8d1816174d86d98cd3

SHA512
ee767808c5213e21b91030dc3fc0d7cb09a9ab0f39c20be5b2fb6a8a5c122c0e6e4f6404b0c9b656dfe5d8271133203327f97be17ff3456ec52b9047b899a150

Download Submit
C:\Windows\System\BIDiYeJ.exe

Filesize
1.9MB

MD5
72e77ada618ac0b5d8b7ef10daef4d43

SHA1
a6c72825527b0aca236cb24c848bbabaa1371b02

SHA256
c61e9e5a3d28230550bc7f14a9e334782988c70ffe8ac4ea6c44fde72326cde2

SHA512
17630ba37a4be4e1246f22a6891288685c2a80c4239084ad92518f638d2b811db5bd7b0ebf0aa059a1727fb94d6f9f89e54501abbb5e469acd2ae6adc02c6fd5

Download Submit
C:\Windows\System\CJjXsdz.exe

Filesize
1.9MB

MD5
505af901db3af253fdf15420c7d95c31

SHA1
00c7de75145a40dfbe8ef87ce6aa878b2554f69e

SHA256
c79fc4e6a96868b1707fd81fcb320dc628ff3ae37cfadddd0e488e0ba982722d

SHA512
c31e575302666291139b7543c4e93b1403bcf08d82072ecd60e4b5adf7326b5fb24d78ddbd4004871c787b135490f77ab3d1981f5df68fe6bd449f8cabeeaaa0

Download Submit
C:\Windows\System\CwyGThz.exe

Filesize
1.9MB

MD5
e2d433f7b4308455ff8da92439d374c7

SHA1
8aca5eb5ce5f9c1d284c24efc802cdb3dbbdc973

SHA256
135d82f82d056c2c9d455ecb2af65e8956db4b4e2cf4d1844ee45d0862abae74

SHA512
0a42b1af844eb7aa5b5d34e61db0cf804a15276f586e19e631d87823e095905c6865d692bdec981b82c8de004bea496cea9b4dda7130277a89445436c909ef9a

Download Submit
C:\Windows\System\EOMkEgH.exe

Filesize
1.9MB

MD5
bbb97a8ec312a70d98f879dcdb262e69

SHA1
8811924435110081da5a4079ba751dbe8bb0337f

SHA256
9bd07eecaeff5653a28060aafabd99d42981c9b634a1f33871cbd6937b5c62da

SHA512
5826d6490472246a27b2b2deecb64b3c45482ff3dcd72cbe45a0e9e3b18abc77eab0a52f7c4fce45b98d16cae4705cde010dc726c87a40d92323f45a03448950

Download Submit
C:\Windows\System\FoRpIJN.exe

Filesize
1.9MB

MD5
eb7e4f501fa87236d4405b602571851e

SHA1
03d166edbbaf03d8b5063c6b5b1be0a6de2bfcee

SHA256
47238cf360a069f221d2e9d30a2884ba123265ddf74b4f6d25d6026a1204c763

SHA512
54f59ba55fe83b5a12317958c4f9df6323cdb9c4dddaa61ce8450ae804a57ba5f615ea7ae3279009448093ecf4f1e4a796dfc38d6a66ca9c6251246e680284f7

Download Submit
C:\Windows\System\HTnBgEM.exe

Filesize
1.9MB

MD5
86883f97de5f7aaa19c4b31a6caf16aa

SHA1
2578e5e3d65ace6f039a6b8855dab9af1b3eb77a

SHA256
4363347984761f4b0e544717b06b06d74e611d57458a6c17c7c2d90cc5a9fc39

SHA512
5e4b8a7939f09a6b2f52dff7b6a53a51a859360c9912eccbd01ba5fb025978eec7cdce57c4f0e10ee6e94900079be56abe66d8a859df00ce69fb18b708eebf36

Download Submit
C:\Windows\System\PkXnOwJ.exe

Filesize
1.9MB

MD5
0c5418e425979e1e317b767730336632

SHA1
66d63c78d49754a289c6d8db2e5aaf7daed10315

SHA256
af9d7d03458c9463be821436ef5047c175a6bca7427d259114ed522c1bec2779

SHA512
843d9e7bc9872d59caa0c31d9ba613eb06c0617d13225d167e75825948fd46cbcf3b8baba02e7ef92dd056cae994025b041051457519d4f9f717f2b3e685b42d

Download Submit
C:\Windows\System\QgCswgh.exe

Filesize
1.9MB

MD5
a9b905ce9d8720f79098f2790ebcd5cd

SHA1
859b82cdf11af8d6e274b9a8ac14ddaa2c9b9312

SHA256
fb045dfb85590616b974b46ee75f3c454f890673107418284a74c14148cbd96c

SHA512
6d3da0a6f1d1b3e3820be56c914be3636dde3f4e73e9d58b7067b0f3f4a7267af4a1031208feeb7654e95ffd3a4788d99f6de499b324fdc69b4a2418a441f2d5

Download Submit
C:\Windows\System\QqgSVrR.exe

Filesize
1.9MB

MD5
a897ee85de9d31224b5f8ca1b99d7e1e

SHA1
65398866991e381bedb074e4f6016d3b16f17b62

SHA256
da1786a631104d899b7699f1a02ce3b3dd4351e1c03ed400f5875e04fc1e9b9a

SHA512
e55fa8c902b8ac4e8112bfbe73c2ecce1db59d3a8c0e568ea7053ff2544fb372bae0eb7f231948211a95185196cc94575aef2f8f07b8d2ecf4e31ad7480bc850

Download Submit
C:\Windows\System\TCXqhmi.exe

Filesize
1.9MB

MD5
ae29d872beb9a8c885e3c6379079ab2f

SHA1
ebec348e9654ab8e2997bed31e7e31acdbf94d22

SHA256
e78f0a4f87d4220214071b446ae90da5ef15d59cd4e07602a2d0b171069ed39f

SHA512
2ff0d86081ff83bbe9e98f41841eff40e03f92dc87a44a51659ff33474ad24e9fb31f57cdeb8d43840e76acc42edf09df5bd2487bdeb604b617cbdca88968856

Download Submit
C:\Windows\System\TlhVviX.exe

Filesize
1.9MB

MD5
739c5a41091ffdd9b4b4113f49a63000

SHA1
f9a57cea97e9179971865422a4fd726761f5fb5f

SHA256
efed3e5e6cefbe7c65b8b52de36d0baea43a37c1daa0a1d5879598e96f31776b

SHA512
d81287230a80beaee5ea785bc52c7c25c354b59ad45128a5c80bd3044b64f0de36824479628ba66f1984dcb9aee4f1a5e165475072db28233ca21779eca5f8f0

Download Submit
C:\Windows\System\VJVBkvB.exe

Filesize
1.9MB

MD5
94696da848d8530869a0d304b13d621f

SHA1
59c1f2cea7c33a05cd5f735d8ef42478c221cc74

SHA256
70674663ed6724edc9a2477118a804d5f6fddedbe5028654c0374baf5ed28de5

SHA512
6a673b4dd6e185abb261e8eb0e1a6ae0c01c8c55718c6043eb152e5cb1f6f9afbf19df3c7081395426eea6a2bffb4a07d52a68d55e85068072d4664c9e573426

Download Submit
C:\Windows\System\WgmOlUq.exe

Filesize
1.9MB

MD5
d6c2ba835790c232657e8147ccbbccb4

SHA1
5357c1f046b567566c888381ccc3270b141cc0c3

SHA256
67e2302bed33396088c9a0ed28089ce03b5b0ce07e607bdf2e92dcb68c801aab

SHA512
26442409a68a948830a2055de7f1ad7d1350e8072c9d4954550ed5245228d1cd0b05af1aaa8c5280188b4db6b934226c73c7f9e03a5ca9632266867ebeda2b58

Download Submit
C:\Windows\System\aNxRYls.exe

Filesize
1.9MB

MD5
f815a56f96f2c323f530498b8b3fd259

SHA1
b45754f1a7c7ca0f1a24682c5d32d9a3f583b816

SHA256
4041e03bfbc9510abe0a9e7465290fecacb4ab9caf391c4c565580ab76613e12

SHA512
c30a672edbf14c3171ca09fbef1cc1540a69c436bd4add07e367a155ec21cae4a29e67db97bbd62a73bf8aa2ba417ae14542f0c3eccc48b37a8426a247297306

Download Submit
C:\Windows\System\bhcvuET.exe

Filesize
1.9MB

MD5
b264a359b36b7669da256b23034b1300

SHA1
2b49ba2fe17402b1aadd8f0efb3b62ccd325c368

SHA256
4d1e43a3ff753e2bea614d745c4829fd9578ac52a5589ef4358d89c751a4acad

SHA512
ae314a6fdfcaeba7e379568753b7fdc07a832d95e2b126293332f23118c03cc2b36d2226c39d48cbbf72e31581baa01cdf1090ac5298f4afcc7f57254366460f

Download Submit
C:\Windows\System\czqdRwZ.exe

Filesize
1.9MB

MD5
a8e1318acbcb2698c2cf6d40b4ef911c

SHA1
4aab3af3965aff65cc49e2f126e489f7088a377c

SHA256
b032dc68aea5d6352a99d47bd090e0573a479cd21e43e3b742722379cbcdd27d

SHA512
e696fc2a14f27a559dbdc1551e70df510fa39b395a4ca31f6455b71d36f370b60e86afff12596f15bc5c2c596469ebcbc89fd1614d3e4caf11d9ab7d2b866735

Download Submit
C:\Windows\System\eUpcwCL.exe

Filesize
1.9MB

MD5
ea2efc9efbe00570d9d5ae8d550dcf50

SHA1
806c22c36b411bcd1fae187b3e2808ca30ec23ce

SHA256
ff5dc437f7eb1218dd51fb9264d52133b54c770b39c8e359eda7c8f3d6f38248

SHA512
43881c6323aff128141367ce1ce7a03476d494cd4a6884d6aebf51f1e69e28f959c234eb7d38fe00f320490f311dbd203935c662df98065895f48bb2099d8569

Download Submit
C:\Windows\System\fkLlstH.exe

Filesize
1.9MB

MD5
a6d6f99cf004e6864e94aa09dedf1db6

SHA1
4de95446b8dab6f4f1f3fb3c6f9bb0c4191dc501

SHA256
eee16dbcd936a6d233808dc20fbbdb285e88f4034e96e0f9e9281b464a84a364

SHA512
38c780dc243a4589137df36068ebcf4fc294c8ccb9f9dfa4ccf8fd1b4c0653fbc876571be33e77fe27b97d2516a2648f257d011e2a72cff68a7373176a196131

Download Submit
C:\Windows\System\igVBUCF.exe

Filesize
1.9MB

MD5
5201bb3a1be64033c431ccd610409cd6

SHA1
63014412ad70b02c70ba3d0bf60c78addb3c6bd1

SHA256
cf91a2725fa585c9923cfb514cfa584747ee5076b1f1db001bdd7c5f03f3a411

SHA512
e170d2acadf4b607b6e61a7ad54f73e4210b712b7e8ce8f30e1d1fa3dadd1e8494e974e93c4aec56cf2c4a24ebcc808e860ada94645f7725f523a4b432328509

Download Submit
C:\Windows\System\kAfWqny.exe

Filesize
1.9MB

MD5
38157b4ec856e3e5e134cfd413b5574d

SHA1
9cc5803093aba40a753fd81c26e61c69659585dc

SHA256
e5ce79df7ba7670fae96433c60aae8ba7425b67b740b7cb3b58b20ca0c08f729

SHA512
04c945c103b299322548cc6651dea2957dcce203ca0b2ee12f1095208c184f6046d9e40240d06d03dee83ccb0708774929a494d1bfc86d1ef3b06486e25d05cf

Download Submit
C:\Windows\System\kOdUGJO.exe

Filesize
1.9MB

MD5
173ddcb9ab45a56b0795d846a00cea40

SHA1
a79113a5c090a4c0a934aab6257c2f384fb6332e

SHA256
44e8efd952fc449d4df8c32896d5f5618d774d7d7dc2a621ec199f5c5b3f604d

SHA512
1ef15e795d73b8bf495fcc222813f0c3e7002bf3a67c0d7f58c2b6695f36353a7fc230fbcb1d21007477cf1b742f159590d9787e855cb248b938b6d59a8f1102

Download Submit
C:\Windows\System\mucJxnN.exe

Filesize
1.9MB

MD5
6c3aba1b4a6e9792ffe9999e09366642

SHA1
5f39db36ce7fb0c2960dee34f51638a06aba0c64

SHA256
81685362e8f63bb2a59cb3305acf1f0d629ba4d3160a727fc8af15f89931db40

SHA512
bbdfda1586f3687e0a523102313804cde46e1ce9014e48dc62b492ffbb85fa8558510b1047656b5b74525f8107d2f36b8c91f721560b73488c7e7b83292075d9

Download Submit
C:\Windows\System\oGmBCje.exe

Filesize
1.9MB

MD5
a770f768cbb8481a294d63c23c165b9a

SHA1
635c2ef1910afc9256dd8f36643ba77cde496dae

SHA256
4e2057fa0d797d3b3ff792124918d476f57bdb05e61226e9eab9b872804bfaa1

SHA512
51cca1cef2c69fc60658a8d18bd6838ac6d01e42522cee8bd587de81a563368d6cfa8102e1389df97afd58ac7e283353edba4204ba4774fbb4b070a27ede50a3

Download Submit
C:\Windows\System\rESixYY.exe

Filesize
1.9MB

MD5
da895d92ad0fd501a5c1d929746f7b76

SHA1
36e70b0fcc0ed3b38a8511f4d44b69db9cd3f071

SHA256
6e0e4706c585f2cf946b549d7f2972d8186ae597d05b3c166231bc83784f4e3a

SHA512
cd0ab6e86da36c298004ec0e0c4068c864e23940dbc7a48b4198b4ec736919e0d38ca799151b718003d9a26575abde15209ca282461ab5492664f068a241a03e

Download Submit
C:\Windows\System\rRuhQLD.exe

Filesize
1.9MB

MD5
1acffb6a1810977e0fae790d412db071

SHA1
4eed7d7eea7f68282dd3681cd48b748759863bc5

SHA256
7b68a29cf1da956ccc9dcafde88d4ea8c41743b198163038192cb6845a779e39

SHA512
591595bb68ce69629b7544d4d70797ddbba2e4c730028b5f4d782d7124a7495fc18360852657de59f8d7293bc1bd823914c647e97495dc3ea98509795fdbdf41

Download Submit
C:\Windows\System\tNZYlOM.exe

Filesize
1.9MB

MD5
a7f835ddde7944ba271d71075ec9eb80

SHA1
85dca611aed685c1f69ff2e0a012f23a3e2a6a3d

SHA256
ceec816e317397ab1202b51108b9d12f417c1ec61f63b5420126f7a815545ed8

SHA512
34580e983d42eb3b03f13fdd13b608f97f615a093c4c5f14df1750f9e02ecc22991837bc0a58a83087e88488f4fac6581aa5bf27a86a0251d25e15f849cd8a06

Download Submit
C:\Windows\System\vYZLicx.exe

Filesize
1.9MB

MD5
e18dc55dc30d3a926bc30f661ce8d7a3

SHA1
ae7d9b05e414d36b96e850c43ac6fe7b4aa1a74c

SHA256
8b9905e16488ef50ef0a7a1129b588ae65fe8f9993cad1b12775905a8a63e302

SHA512
2c6dbd72d9e8e3fecb54a2f75779be7fcef674f4e7ade65e88510a940ad5829be5068fc17619ea209552bceb0d8b7a91b8fb2184b2b480e44fbf711b5068bf51

Download Submit
C:\Windows\System\wMBkVNW.exe

Filesize
1.9MB

MD5
888cba3071e6ee6a12b3aa68b351ba05

SHA1
c4bfa41c20d05f7a445405502c75cc7cc6edd6da

SHA256
cdfb44ac3864cdc63055ebda03fdc20c25e3723ead21c9ef480cf56fc0806723

SHA512
985e3a4ad4897f2ffdd147e7a5633232fbae8d2d7061d8f5d25407f50cf63bebdaa557f64587a87b425f17ce74702a45231f408d20a92bc0a315e81503af39a0

Download Submit
C:\Windows\System\wYyqIPT.exe

Filesize
1.9MB

MD5
2b36210e95a869863162d95d5b3f8f60

SHA1
7e34562ff435ba79e02b56a8459c984c7ddeea64

SHA256
78edc1d6a978295c43b0a6665d49a1e113826251bc8604bee1b94a91f1f25804

SHA512
79961337faea99c4d726060a62124aefc7be2f88726a859ed0544a9a84d3e1d8d33ba5d5da4d53cbf52fe033ef5a84e150d5540368c02a0da4bd596ec055e0bc

Download Submit
C:\Windows\System\wdMASGD.exe

Filesize
1.9MB

MD5
aa51327388bde5e3200169c37577496a

SHA1
08b12b9e96a1140f8a0c981f6d7e80372ffc8fd8

SHA256
d67ea443836f549f81038abd810625914034ddbfc35a4e52665c0f0c49a47afc

SHA512
e2e7c42292a0dd37baccb2fe1dd38c1489b64cf133ee461d17b6f6f5adb588e590756c1bdb616cb9cd5c12a211b9dbd05f6a09ab519c27c4c87ecaa156ca286a

Download Submit
C:\Windows\System\wsOCEXr.exe

Filesize
1.9MB

MD5
7aaae82ef513205af351756abc7e3e94

SHA1
df7fc2f12dffcb732fdd9a9d9752c0c7f9f06a4c

SHA256
dd964b645b09dea606aa4b9a937ab07d9ac66657f8435fb13411a3e77a4ab6c0

SHA512
33fa463e8e8a9b8acca0baa00ced885393ca806993ee25af6d6c160e277e0aadef0dfe64da53dc6e4ec2472e0d3749b17e0f49646f8ffe2f8bd174f17f3368a1

Download Submit
C:\Windows\System\xSWJRzV.exe

Filesize
1.9MB

MD5
96a2593958835366a035ed9dafce93a9

SHA1
3a8bb54ff4f931cbdbec2332e88827cee0afb941

SHA256
029691c9816c89201b8478ee474362aecc5906bbd1392d98a43a96f67f61f59e

SHA512
4bf859503c851fd022c59b4d7bd5f332686973f4e6ab649f83f8ae5c2b0bef108a59c85e6af48828a3adc39f47fe8e20808c3e716b8462705cbf138b729ec7bf

Download Submit
C:\Windows\System\yKpuWFi.exe

Filesize
1.9MB

MD5
dab15f9d827047b641a4d9d68b4c4585

SHA1
3b25b2379bc51d3820f2e4085143665da83e0362

SHA256
4d578b73d4ecc4a1c666d55590ce4d29e1dd7aad768f7e06f78a674ec1c1c243

SHA512
f45329b00ce804f2e3fc82fcb56399e20cd63905b7a2f5c76cb6458094ecdbf493054ef1b723c5998b6b4dcb73e2ec11e0817f45b2cd13fddbff747cdbb572b8

Download Submit
C:\Windows\System\ymWyTux.exe

Filesize
1.9MB

MD5
7b392bd70cb560b9dc278b6c8dc4932c

SHA1
e6a7999ad79b426af3718df3b4ef467f3c392a82

SHA256
650eff107b2481c40586b06e1554df5754f65ea2d8450a657398d3862ee34468

SHA512
153bee787323e81d7f751643cf0268c758c94f2869c65aa04580c9fb2c061f86acf28a93b92632a2a7de3b98c1b4813b02ebd11abb58ba2eb3f97b94a02162db

Download Submit
memory/1804-0-0x00000119D3C30000-0x00000119D3C40000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads