xmrig | 1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44

Analysis

max time kernel
140s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2025 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
Size

1.8MB
MD5

154491de2e3785140ebfb065c42b7dea
SHA1

e7f01787d1ee0219a39cb478a1b108eff4156401
SHA256

1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44
SHA512

430374fad1e3907765ca27bfd0096c6fef3db256b36b7c3692f73d3070bb710477cc275e76bb502a19163e9ea607987294fe3ba551e4bc46cac255dcf6afe35f
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9ozttwIRRvzc26JxSHQ:GemTLkNdfE0pZy+

Score

10^/10

xmrig miner

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x001200000001e75a-4.dat	xmrig
behavioral2/files/0x000e000000023b26-7.dat	xmrig
behavioral2/files/0x000a000000023b31-18.dat	xmrig
behavioral2/files/0x000a000000023b32-20.dat	xmrig
behavioral2/files/0x000a000000023b33-25.dat	xmrig
behavioral2/files/0x000a000000023b35-29.dat	xmrig
behavioral2/files/0x000a000000023b36-34.dat	xmrig
behavioral2/files/0x000a000000023b3a-52.dat	xmrig
behavioral2/files/0x000a000000023b39-53.dat	xmrig
behavioral2/files/0x000a000000023b3c-70.dat	xmrig
behavioral2/files/0x000a000000023b40-83.dat	xmrig
behavioral2/files/0x000a000000023b45-112.dat	xmrig
behavioral2/files/0x000a000000023b49-138.dat	xmrig
behavioral2/files/0x000a000000023b4a-140.dat	xmrig
behavioral2/files/0x000a000000023b47-136.dat	xmrig
behavioral2/files/0x000a000000023b48-134.dat	xmrig
behavioral2/files/0x000a000000023b46-132.dat	xmrig
behavioral2/files/0x000a000000023b44-122.dat	xmrig
behavioral2/files/0x000a000000023b43-115.dat	xmrig
behavioral2/files/0x000a000000023b42-108.dat	xmrig
behavioral2/files/0x000a000000023b41-95.dat	xmrig
behavioral2/files/0x000a000000023b3f-88.dat	xmrig
behavioral2/files/0x000a000000023b3e-86.dat	xmrig
behavioral2/files/0x000a000000023b3d-84.dat	xmrig
behavioral2/files/0x000a000000023b3b-65.dat	xmrig
behavioral2/files/0x000a000000023b4b-144.dat	xmrig
behavioral2/files/0x000a000000023b4c-148.dat	xmrig
behavioral2/files/0x000a000000023b4d-152.dat	xmrig
behavioral2/files/0x000a000000023b4e-157.dat	xmrig
behavioral2/files/0x000d000000023b2e-63.dat	xmrig
behavioral2/files/0x000a000000023b37-50.dat	xmrig
behavioral2/files/0x000a000000023b38-44.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2612	MMZiscv.exe
4072	cKlkHJY.exe
4812	jrGGAkA.exe
2916	uOCFSZu.exe
3264	wLdbWMD.exe
1872	SItFsID.exe
1164	uLIboAN.exe
844	nlAewGH.exe
3960	CgUzsgx.exe
2036	QFOEsNf.exe
5048	XryPXLv.exe
2808	BEXHdBX.exe
4792	wTVJsnz.exe
3852	KTxDyMc.exe
4500	vkWpslu.exe
3476	HPJlmZw.exe
2268	dEzbmQz.exe
2480	MQRNRAV.exe
2428	gkiXhbe.exe
3580	mTqmUsa.exe
1144	IFnprbK.exe
3496	srzsWcX.exe
1576	TnhFkov.exe
2300	Ryzbdgb.exe
4964	BQGVDsH.exe
3052	gqfVYpC.exe
3036	bBLzsDF.exe
3128	tXzgLVA.exe
4536	wUaPRbD.exe
4180	eExerCK.exe
2804	ijRQwTF.exe
660	cFqNHjY.exe
2280	eDweXpU.exe
3132	raaxUIn.exe
2920	FJZTeXk.exe
3332	WtleMLd.exe
4056	WHwsDCy.exe
5036	mYXONIE.exe
1156	MsJIdKp.exe
4552	GAegKqF.exe
4164	zbQdZZE.exe
2188	EAZgGDp.exe
4560	BVXlqMz.exe
4016	eWtZHmV.exe
3112	ojMPACc.exe
5024	lMULMJa.exe
3276	OHTeNQO.exe
4740	TCvphML.exe
2172	zTdPeBY.exe
924	QkyjEEL.exe
4132	jUpfXIa.exe
2004	zWrccrF.exe
4452	fDBVubL.exe
4400	AfZgdsg.exe
3980	ifPEgUn.exe
3764	keNkOdT.exe
3100	MvhfTVE.exe
2632	MWUknYt.exe
3500	NEmytoD.exe
2160	JhtegWE.exe
3548	CBobIMK.exe
4640	FvZEIGw.exe
1100	JuiZebN.exe
3560	dSrpxEd.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EoSkoSH.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\sQHKgFs.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\XRxqoug.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\dclnwvo.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\wmMXYNW.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\gEjCrDG.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\YVJterr.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\qgUOXSf.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\tyzghVZ.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\lBbThYy.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\OiQXRsO.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\TrmJGoU.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\tgsXlgQ.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\QvQYygd.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\gbZdCuE.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\LCtpYPm.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\sypiNqC.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\UCHfrJR.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\NErhWwE.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\ThKgzsD.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\oTjEJVR.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\pvUuGez.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\OGAGyiP.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\ZraJbVF.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\LDmGzZo.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\MvGAkkM.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\NOwnnGo.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\tQiheRs.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\qVtDLjz.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\OmsLgvD.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\GbKnGzV.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\TyRwLaS.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\hgkpqEM.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\QDgMdtB.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\jyogViR.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\XWTwRJW.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\nlAewGH.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\vkWpslu.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\IuuLJwY.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\cLxJetA.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\rVMnmHb.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\IfbfxCK.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\mcKHBLi.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\IBqwXba.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\bGOhmam.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\jFIzkKM.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\aEXqBsH.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\GJPBCbz.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\SrszcOr.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\LcfEIvR.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\sPngIwY.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\JJdHdtX.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\bOeDZYq.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\VWXKyBN.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\jcjwGVZ.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\kJDHykM.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\cKlkHJY.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\CgUzsgx.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\JBlMnHH.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\mhLbsMx.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\FBpPYwu.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\MLwspaJ.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\LBIUfxS.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
File created	C:\Windows\System\znNahcG.exe	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe

Checks SCSI registry key(s) 3 TTPs 30 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17072	dwm.exe
Token: SeChangeNotifyPrivilege	17072	dwm.exe
Token: 33	17072	dwm.exe
Token: SeIncBasePriorityPrivilege	17072	dwm.exe
Token: SeCreateGlobalPrivilege	16448	dwm.exe
Token: SeChangeNotifyPrivilege	16448	dwm.exe
Token: 33	16448	dwm.exe
Token: SeIncBasePriorityPrivilege	16448	dwm.exe
Token: SeCreateGlobalPrivilege	1196	dwm.exe
Token: SeChangeNotifyPrivilege	1196	dwm.exe
Token: 33	1196	dwm.exe
Token: SeIncBasePriorityPrivilege	1196	dwm.exe
Token: SeCreateGlobalPrivilege	16180	dwm.exe
Token: SeChangeNotifyPrivilege	16180	dwm.exe
Token: 33	16180	dwm.exe
Token: SeIncBasePriorityPrivilege	16180	dwm.exe
Token: SeCreateGlobalPrivilege	17192	dwm.exe
Token: SeChangeNotifyPrivilege	17192	dwm.exe
Token: 33	17192	dwm.exe
Token: SeIncBasePriorityPrivilege	17192	dwm.exe
Token: SeCreateGlobalPrivilege	2096	dwm.exe
Token: SeChangeNotifyPrivilege	2096	dwm.exe
Token: 33	2096	dwm.exe
Token: SeIncBasePriorityPrivilege	2096	dwm.exe
Token: SeShutdownPrivilege	2096	dwm.exe
Token: SeCreatePagefilePrivilege	2096	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4580	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2612	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	84
PID 2216 wrote to memory of 2612	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	84
PID 2216 wrote to memory of 4072	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	85
PID 2216 wrote to memory of 4072	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	85
PID 2216 wrote to memory of 4812	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	86
PID 2216 wrote to memory of 4812	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	86
PID 2216 wrote to memory of 2916	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	87
PID 2216 wrote to memory of 2916	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	87
PID 2216 wrote to memory of 3264	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	88
PID 2216 wrote to memory of 3264	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	88
PID 2216 wrote to memory of 1872	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	89
PID 2216 wrote to memory of 1872	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	89
PID 2216 wrote to memory of 1164	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	90
PID 2216 wrote to memory of 1164	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	90
PID 2216 wrote to memory of 844	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	91
PID 2216 wrote to memory of 844	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	91
PID 2216 wrote to memory of 3960	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	92
PID 2216 wrote to memory of 3960	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	92
PID 2216 wrote to memory of 2036	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	93
PID 2216 wrote to memory of 2036	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	93
PID 2216 wrote to memory of 5048	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	94
PID 2216 wrote to memory of 5048	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	94
PID 2216 wrote to memory of 2808	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	95
PID 2216 wrote to memory of 2808	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	95
PID 2216 wrote to memory of 4792	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	96
PID 2216 wrote to memory of 4792	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	96
PID 2216 wrote to memory of 3852	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	97
PID 2216 wrote to memory of 3852	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	97
PID 2216 wrote to memory of 4500	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	98
PID 2216 wrote to memory of 4500	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	98
PID 2216 wrote to memory of 3476	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	99
PID 2216 wrote to memory of 3476	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	99
PID 2216 wrote to memory of 2268	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	100
PID 2216 wrote to memory of 2268	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	100
PID 2216 wrote to memory of 2480	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	101
PID 2216 wrote to memory of 2480	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	101
PID 2216 wrote to memory of 2428	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	102
PID 2216 wrote to memory of 2428	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	102
PID 2216 wrote to memory of 3580	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	103
PID 2216 wrote to memory of 3580	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	103
PID 2216 wrote to memory of 1144	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	104
PID 2216 wrote to memory of 1144	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	104
PID 2216 wrote to memory of 3496	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	105
PID 2216 wrote to memory of 3496	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	105
PID 2216 wrote to memory of 1576	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	106
PID 2216 wrote to memory of 1576	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	106
PID 2216 wrote to memory of 2300	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	107
PID 2216 wrote to memory of 2300	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	107
PID 2216 wrote to memory of 4964	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	108
PID 2216 wrote to memory of 4964	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	108
PID 2216 wrote to memory of 3052	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	109
PID 2216 wrote to memory of 3052	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	109
PID 2216 wrote to memory of 3036	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	110
PID 2216 wrote to memory of 3036	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	110
PID 2216 wrote to memory of 3128	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	111
PID 2216 wrote to memory of 3128	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	111
PID 2216 wrote to memory of 4536	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	112
PID 2216 wrote to memory of 4536	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	112
PID 2216 wrote to memory of 4180	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	113
PID 2216 wrote to memory of 4180	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	113
PID 2216 wrote to memory of 2804	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	114
PID 2216 wrote to memory of 2804	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	114
PID 2216 wrote to memory of 660	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	115
PID 2216 wrote to memory of 660	2216	1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe	115

C:\Users\Admin\AppData\Local\Temp\1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe
"C:\Users\Admin\AppData\Local\Temp\1bfc567255501b0cfd66d1207229d9719e1ebcb7a5d37189078a66cc99b5cb44.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\System\MMZiscv.exe
  C:\Windows\System\MMZiscv.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\cKlkHJY.exe
  C:\Windows\System\cKlkHJY.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\jrGGAkA.exe
  C:\Windows\System\jrGGAkA.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\uOCFSZu.exe
  C:\Windows\System\uOCFSZu.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\wLdbWMD.exe
  C:\Windows\System\wLdbWMD.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\SItFsID.exe
  C:\Windows\System\SItFsID.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\uLIboAN.exe
  C:\Windows\System\uLIboAN.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\nlAewGH.exe
  C:\Windows\System\nlAewGH.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\CgUzsgx.exe
  C:\Windows\System\CgUzsgx.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\QFOEsNf.exe
  C:\Windows\System\QFOEsNf.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\XryPXLv.exe
  C:\Windows\System\XryPXLv.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\BEXHdBX.exe
  C:\Windows\System\BEXHdBX.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\wTVJsnz.exe
  C:\Windows\System\wTVJsnz.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\KTxDyMc.exe
  C:\Windows\System\KTxDyMc.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\vkWpslu.exe
  C:\Windows\System\vkWpslu.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\HPJlmZw.exe
  C:\Windows\System\HPJlmZw.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\dEzbmQz.exe
  C:\Windows\System\dEzbmQz.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\MQRNRAV.exe
  C:\Windows\System\MQRNRAV.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\gkiXhbe.exe
  C:\Windows\System\gkiXhbe.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\mTqmUsa.exe
  C:\Windows\System\mTqmUsa.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\IFnprbK.exe
  C:\Windows\System\IFnprbK.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\srzsWcX.exe
  C:\Windows\System\srzsWcX.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\TnhFkov.exe
  C:\Windows\System\TnhFkov.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\Ryzbdgb.exe
  C:\Windows\System\Ryzbdgb.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\BQGVDsH.exe
  C:\Windows\System\BQGVDsH.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\gqfVYpC.exe
  C:\Windows\System\gqfVYpC.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\bBLzsDF.exe
  C:\Windows\System\bBLzsDF.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\tXzgLVA.exe
  C:\Windows\System\tXzgLVA.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\wUaPRbD.exe
  C:\Windows\System\wUaPRbD.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\eExerCK.exe
  C:\Windows\System\eExerCK.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\ijRQwTF.exe
  C:\Windows\System\ijRQwTF.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\cFqNHjY.exe
  C:\Windows\System\cFqNHjY.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\eDweXpU.exe
  C:\Windows\System\eDweXpU.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\raaxUIn.exe
  C:\Windows\System\raaxUIn.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\FJZTeXk.exe
  C:\Windows\System\FJZTeXk.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\WtleMLd.exe
  C:\Windows\System\WtleMLd.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\WHwsDCy.exe
  C:\Windows\System\WHwsDCy.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\mYXONIE.exe
  C:\Windows\System\mYXONIE.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\MsJIdKp.exe
  C:\Windows\System\MsJIdKp.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\GAegKqF.exe
  C:\Windows\System\GAegKqF.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\zbQdZZE.exe
  C:\Windows\System\zbQdZZE.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\EAZgGDp.exe
  C:\Windows\System\EAZgGDp.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\BVXlqMz.exe
  C:\Windows\System\BVXlqMz.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\eWtZHmV.exe
  C:\Windows\System\eWtZHmV.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\ojMPACc.exe
  C:\Windows\System\ojMPACc.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\lMULMJa.exe
  C:\Windows\System\lMULMJa.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\OHTeNQO.exe
  C:\Windows\System\OHTeNQO.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\TCvphML.exe
  C:\Windows\System\TCvphML.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\zTdPeBY.exe
  C:\Windows\System\zTdPeBY.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\QkyjEEL.exe
  C:\Windows\System\QkyjEEL.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\jUpfXIa.exe
  C:\Windows\System\jUpfXIa.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\zWrccrF.exe
  C:\Windows\System\zWrccrF.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\fDBVubL.exe
  C:\Windows\System\fDBVubL.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\AfZgdsg.exe
  C:\Windows\System\AfZgdsg.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\ifPEgUn.exe
  C:\Windows\System\ifPEgUn.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\keNkOdT.exe
  C:\Windows\System\keNkOdT.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\MvhfTVE.exe
  C:\Windows\System\MvhfTVE.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\MWUknYt.exe
  C:\Windows\System\MWUknYt.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\NEmytoD.exe
  C:\Windows\System\NEmytoD.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\JhtegWE.exe
  C:\Windows\System\JhtegWE.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\CBobIMK.exe
  C:\Windows\System\CBobIMK.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\FvZEIGw.exe
  C:\Windows\System\FvZEIGw.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\JuiZebN.exe
  C:\Windows\System\JuiZebN.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\dSrpxEd.exe
  C:\Windows\System\dSrpxEd.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\lXsuBzx.exe
  C:\Windows\System\lXsuBzx.exe
  2⤵
  PID:1680
- C:\Windows\System\FskDmmo.exe
  C:\Windows\System\FskDmmo.exe
  2⤵
  PID:2228
- C:\Windows\System\adYUXoz.exe
  C:\Windows\System\adYUXoz.exe
  2⤵
  PID:2344
- C:\Windows\System\LUDktiY.exe
  C:\Windows\System\LUDktiY.exe
  2⤵
  PID:4668
- C:\Windows\System\WIJgxtK.exe
  C:\Windows\System\WIJgxtK.exe
  2⤵
  PID:3168
- C:\Windows\System\AJTnyxp.exe
  C:\Windows\System\AJTnyxp.exe
  2⤵
  PID:1764
- C:\Windows\System\OiXUGFZ.exe
  C:\Windows\System\OiXUGFZ.exe
  2⤵
  PID:3328
- C:\Windows\System\uDKSQLX.exe
  C:\Windows\System\uDKSQLX.exe
  2⤵
  PID:2620
- C:\Windows\System\aPvIyYU.exe
  C:\Windows\System\aPvIyYU.exe
  2⤵
  PID:3028
- C:\Windows\System\hqNHEbC.exe
  C:\Windows\System\hqNHEbC.exe
  2⤵
  PID:3776
- C:\Windows\System\pbHyPJN.exe
  C:\Windows\System\pbHyPJN.exe
  2⤵
  PID:4508
- C:\Windows\System\IXcpDrJ.exe
  C:\Windows\System\IXcpDrJ.exe
  2⤵
  PID:4564
- C:\Windows\System\otjBjsk.exe
  C:\Windows\System\otjBjsk.exe
  2⤵
  PID:1160
- C:\Windows\System\ZraJbVF.exe
  C:\Windows\System\ZraJbVF.exe
  2⤵
  PID:2844
- C:\Windows\System\AlwdInQ.exe
  C:\Windows\System\AlwdInQ.exe
  2⤵
  PID:3532
- C:\Windows\System\rQVTIaZ.exe
  C:\Windows\System\rQVTIaZ.exe
  2⤵
  PID:1840
- C:\Windows\System\EJjoQRy.exe
  C:\Windows\System\EJjoQRy.exe
  2⤵
  PID:1004
- C:\Windows\System\KgVVjAk.exe
  C:\Windows\System\KgVVjAk.exe
  2⤵
  PID:4232
- C:\Windows\System\djqJmxr.exe
  C:\Windows\System\djqJmxr.exe
  2⤵
  PID:1000
- C:\Windows\System\PtXAaxD.exe
  C:\Windows\System\PtXAaxD.exe
  2⤵
  PID:916
- C:\Windows\System\uwPKUqL.exe
  C:\Windows\System\uwPKUqL.exe
  2⤵
  PID:3244
- C:\Windows\System\bOeDZYq.exe
  C:\Windows\System\bOeDZYq.exe
  2⤵
  PID:1580
- C:\Windows\System\aBjkAnE.exe
  C:\Windows\System\aBjkAnE.exe
  2⤵
  PID:4028
- C:\Windows\System\wnuxNse.exe
  C:\Windows\System\wnuxNse.exe
  2⤵
  PID:4344
- C:\Windows\System\kOBQFXX.exe
  C:\Windows\System\kOBQFXX.exe
  2⤵
  PID:1280
- C:\Windows\System\TnNaMPN.exe
  C:\Windows\System\TnNaMPN.exe
  2⤵
  PID:2432
- C:\Windows\System\XRSsMhI.exe
  C:\Windows\System\XRSsMhI.exe
  2⤵
  PID:720
- C:\Windows\System\LxAcTec.exe
  C:\Windows\System\LxAcTec.exe
  2⤵
  PID:2724
- C:\Windows\System\NVkyTUC.exe
  C:\Windows\System\NVkyTUC.exe
  2⤵
  PID:2276
- C:\Windows\System\ELaGOCJ.exe
  C:\Windows\System\ELaGOCJ.exe
  2⤵
  PID:2208
- C:\Windows\System\NKdlYIU.exe
  C:\Windows\System\NKdlYIU.exe
  2⤵
  PID:3064
- C:\Windows\System\EoSkoSH.exe
  C:\Windows\System\EoSkoSH.exe
  2⤵
  PID:2940
- C:\Windows\System\OEteTvz.exe
  C:\Windows\System\OEteTvz.exe
  2⤵
  PID:4516
- C:\Windows\System\jKSdLNE.exe
  C:\Windows\System\jKSdLNE.exe
  2⤵
  PID:4364
- C:\Windows\System\fvGmOPk.exe
  C:\Windows\System\fvGmOPk.exe
  2⤵
  PID:2892
- C:\Windows\System\VxNmuWT.exe
  C:\Windows\System\VxNmuWT.exe
  2⤵
  PID:4960
- C:\Windows\System\YWlkQpr.exe
  C:\Windows\System\YWlkQpr.exe
  2⤵
  PID:2040
- C:\Windows\System\GynojoG.exe
  C:\Windows\System\GynojoG.exe
  2⤵
  PID:4920
- C:\Windows\System\AfBfYbG.exe
  C:\Windows\System\AfBfYbG.exe
  2⤵
  PID:4336
- C:\Windows\System\IhvpirW.exe
  C:\Windows\System\IhvpirW.exe
  2⤵
  PID:228
- C:\Windows\System\jSoRDxV.exe
  C:\Windows\System\jSoRDxV.exe
  2⤵
  PID:2912
- C:\Windows\System\enaKcmz.exe
  C:\Windows\System\enaKcmz.exe
  2⤵
  PID:432
- C:\Windows\System\IuuLJwY.exe
  C:\Windows\System\IuuLJwY.exe
  2⤵
  PID:3780
- C:\Windows\System\WRnxOEU.exe
  C:\Windows\System\WRnxOEU.exe
  2⤵
  PID:2372
- C:\Windows\System\zUeEzXt.exe
  C:\Windows\System\zUeEzXt.exe
  2⤵
  PID:3732
- C:\Windows\System\IrCXrHV.exe
  C:\Windows\System\IrCXrHV.exe
  2⤵
  PID:2104
- C:\Windows\System\xOEuUFT.exe
  C:\Windows\System\xOEuUFT.exe
  2⤵
  PID:5128
- C:\Windows\System\AoMXWva.exe
  C:\Windows\System\AoMXWva.exe
  2⤵
  PID:5156
- C:\Windows\System\cqMMrNb.exe
  C:\Windows\System\cqMMrNb.exe
  2⤵
  PID:5176
- C:\Windows\System\dyqFiUC.exe
  C:\Windows\System\dyqFiUC.exe
  2⤵
  PID:5204
- C:\Windows\System\UxlFINr.exe
  C:\Windows\System\UxlFINr.exe
  2⤵
  PID:5232
- C:\Windows\System\COzupiG.exe
  C:\Windows\System\COzupiG.exe
  2⤵
  PID:5272
- C:\Windows\System\ZnlBVnC.exe
  C:\Windows\System\ZnlBVnC.exe
  2⤵
  PID:5296
- C:\Windows\System\KffPrvL.exe
  C:\Windows\System\KffPrvL.exe
  2⤵
  PID:5320
- C:\Windows\System\hhWFthu.exe
  C:\Windows\System\hhWFthu.exe
  2⤵
  PID:5352
- C:\Windows\System\vlnvlFD.exe
  C:\Windows\System\vlnvlFD.exe
  2⤵
  PID:5376
- C:\Windows\System\zdkwSJi.exe
  C:\Windows\System\zdkwSJi.exe
  2⤵
  PID:5404
- C:\Windows\System\EADZpvf.exe
  C:\Windows\System\EADZpvf.exe
  2⤵
  PID:5420
- C:\Windows\System\CAejDEg.exe
  C:\Windows\System\CAejDEg.exe
  2⤵
  PID:5448
- C:\Windows\System\XDKYVUZ.exe
  C:\Windows\System\XDKYVUZ.exe
  2⤵
  PID:5476
- C:\Windows\System\lEGPCYH.exe
  C:\Windows\System\lEGPCYH.exe
  2⤵
  PID:5508
- C:\Windows\System\LKWScDh.exe
  C:\Windows\System\LKWScDh.exe
  2⤵
  PID:5544
- C:\Windows\System\tnhqCPT.exe
  C:\Windows\System\tnhqCPT.exe
  2⤵
  PID:5572
- C:\Windows\System\eWowUgP.exe
  C:\Windows\System\eWowUgP.exe
  2⤵
  PID:5600
- C:\Windows\System\vCvOooD.exe
  C:\Windows\System\vCvOooD.exe
  2⤵
  PID:5628
- C:\Windows\System\hrnANbJ.exe
  C:\Windows\System\hrnANbJ.exe
  2⤵
  PID:5656
- C:\Windows\System\HxFMjMM.exe
  C:\Windows\System\HxFMjMM.exe
  2⤵
  PID:5684
- C:\Windows\System\VGFPKYq.exe
  C:\Windows\System\VGFPKYq.exe
  2⤵
  PID:5700
- C:\Windows\System\GYfrxhy.exe
  C:\Windows\System\GYfrxhy.exe
  2⤵
  PID:5728
- C:\Windows\System\hNpFvNj.exe
  C:\Windows\System\hNpFvNj.exe
  2⤵
  PID:5764
- C:\Windows\System\GJPBCbz.exe
  C:\Windows\System\GJPBCbz.exe
  2⤵
  PID:5804
- C:\Windows\System\XODUwsw.exe
  C:\Windows\System\XODUwsw.exe
  2⤵
  PID:5828
- C:\Windows\System\aCbilga.exe
  C:\Windows\System\aCbilga.exe
  2⤵
  PID:5864
- C:\Windows\System\IlcwAEb.exe
  C:\Windows\System\IlcwAEb.exe
  2⤵
  PID:5892
- C:\Windows\System\mdHfHzU.exe
  C:\Windows\System\mdHfHzU.exe
  2⤵
  PID:5908
- C:\Windows\System\TmfzQOW.exe
  C:\Windows\System\TmfzQOW.exe
  2⤵
  PID:5936
- C:\Windows\System\mlMUKhd.exe
  C:\Windows\System\mlMUKhd.exe
  2⤵
  PID:5968
- C:\Windows\System\dWVnPDh.exe
  C:\Windows\System\dWVnPDh.exe
  2⤵
  PID:5996
- C:\Windows\System\VJPCeDs.exe
  C:\Windows\System\VJPCeDs.exe
  2⤵
  PID:6024
- C:\Windows\System\ubjFfOf.exe
  C:\Windows\System\ubjFfOf.exe
  2⤵
  PID:6056
- C:\Windows\System\niJOrhx.exe
  C:\Windows\System\niJOrhx.exe
  2⤵
  PID:6080
- C:\Windows\System\eFNodEp.exe
  C:\Windows\System\eFNodEp.exe
  2⤵
  PID:6100
- C:\Windows\System\cLxJetA.exe
  C:\Windows\System\cLxJetA.exe
  2⤵
  PID:6136
- C:\Windows\System\kHiXtDD.exe
  C:\Windows\System\kHiXtDD.exe
  2⤵
  PID:5168
- C:\Windows\System\NEZSZch.exe
  C:\Windows\System\NEZSZch.exe
  2⤵
  PID:5228
- C:\Windows\System\rAXKuWR.exe
  C:\Windows\System\rAXKuWR.exe
  2⤵
  PID:5316
- C:\Windows\System\JOHXmBs.exe
  C:\Windows\System\JOHXmBs.exe
  2⤵
  PID:5364
- C:\Windows\System\dYIhkQy.exe
  C:\Windows\System\dYIhkQy.exe
  2⤵
  PID:5436
- C:\Windows\System\fYwgSPL.exe
  C:\Windows\System\fYwgSPL.exe
  2⤵
  PID:5464
- C:\Windows\System\IBpOsAO.exe
  C:\Windows\System\IBpOsAO.exe
  2⤵
  PID:5540
- C:\Windows\System\xdMkNWr.exe
  C:\Windows\System\xdMkNWr.exe
  2⤵
  PID:5644
- C:\Windows\System\ujWZZBn.exe
  C:\Windows\System\ujWZZBn.exe
  2⤵
  PID:5720
- C:\Windows\System\PDySREv.exe
  C:\Windows\System\PDySREv.exe
  2⤵
  PID:5796
- C:\Windows\System\DpTSYkQ.exe
  C:\Windows\System\DpTSYkQ.exe
  2⤵
  PID:5836
- C:\Windows\System\zMDPrSF.exe
  C:\Windows\System\zMDPrSF.exe
  2⤵
  PID:5900
- C:\Windows\System\mEInNAL.exe
  C:\Windows\System\mEInNAL.exe
  2⤵
  PID:5964
- C:\Windows\System\lBPyVCg.exe
  C:\Windows\System\lBPyVCg.exe
  2⤵
  PID:6012
- C:\Windows\System\mQEICyN.exe
  C:\Windows\System\mQEICyN.exe
  2⤵
  PID:6128
- C:\Windows\System\LlPwlvx.exe
  C:\Windows\System\LlPwlvx.exe
  2⤵
  PID:5196
- C:\Windows\System\BxxRCro.exe
  C:\Windows\System\BxxRCro.exe
  2⤵
  PID:5224
- C:\Windows\System\FiByKfi.exe
  C:\Windows\System\FiByKfi.exe
  2⤵
  PID:5360
- C:\Windows\System\iQUXzyL.exe
  C:\Windows\System\iQUXzyL.exe
  2⤵
  PID:5564
- C:\Windows\System\AmGPSuD.exe
  C:\Windows\System\AmGPSuD.exe
  2⤵
  PID:5748
- C:\Windows\System\LLgxaYn.exe
  C:\Windows\System\LLgxaYn.exe
  2⤵
  PID:5924
- C:\Windows\System\Poopjet.exe
  C:\Windows\System\Poopjet.exe
  2⤵
  PID:6096
- C:\Windows\System\jWPXqRW.exe
  C:\Windows\System\jWPXqRW.exe
  2⤵
  PID:5192
- C:\Windows\System\uYMzHLW.exe
  C:\Windows\System\uYMzHLW.exe
  2⤵
  PID:5520
- C:\Windows\System\ZwmNQNT.exe
  C:\Windows\System\ZwmNQNT.exe
  2⤵
  PID:5884
- C:\Windows\System\ELTlLAj.exe
  C:\Windows\System\ELTlLAj.exe
  2⤵
  PID:6160
- C:\Windows\System\omBEEqX.exe
  C:\Windows\System\omBEEqX.exe
  2⤵
  PID:6180
- C:\Windows\System\LUqDGMY.exe
  C:\Windows\System\LUqDGMY.exe
  2⤵
  PID:6204
- C:\Windows\System\jAooflu.exe
  C:\Windows\System\jAooflu.exe
  2⤵
  PID:6232
- C:\Windows\System\dBZmKzh.exe
  C:\Windows\System\dBZmKzh.exe
  2⤵
  PID:6268
- C:\Windows\System\IHVaUcP.exe
  C:\Windows\System\IHVaUcP.exe
  2⤵
  PID:6288
- C:\Windows\System\WhozoWW.exe
  C:\Windows\System\WhozoWW.exe
  2⤵
  PID:6320
- C:\Windows\System\pmcZUQK.exe
  C:\Windows\System\pmcZUQK.exe
  2⤵
  PID:6360
- C:\Windows\System\VQBwNzL.exe
  C:\Windows\System\VQBwNzL.exe
  2⤵
  PID:6384
- C:\Windows\System\wPCzrEE.exe
  C:\Windows\System\wPCzrEE.exe
  2⤵
  PID:6412
- C:\Windows\System\gSWrPLc.exe
  C:\Windows\System\gSWrPLc.exe
  2⤵
  PID:6440
- C:\Windows\System\TRgsJcA.exe
  C:\Windows\System\TRgsJcA.exe
  2⤵
  PID:6480
- C:\Windows\System\SrszcOr.exe
  C:\Windows\System\SrszcOr.exe
  2⤵
  PID:6496
- C:\Windows\System\GfykoCW.exe
  C:\Windows\System\GfykoCW.exe
  2⤵
  PID:6524
- C:\Windows\System\hdiTFbe.exe
  C:\Windows\System\hdiTFbe.exe
  2⤵
  PID:6560
- C:\Windows\System\aZYfNIB.exe
  C:\Windows\System\aZYfNIB.exe
  2⤵
  PID:6580
- C:\Windows\System\TJIZYjY.exe
  C:\Windows\System\TJIZYjY.exe
  2⤵
  PID:6616
- C:\Windows\System\uPEBiBl.exe
  C:\Windows\System\uPEBiBl.exe
  2⤵
  PID:6636
- C:\Windows\System\qXBxwgY.exe
  C:\Windows\System\qXBxwgY.exe
  2⤵
  PID:6672
- C:\Windows\System\ELcRbdF.exe
  C:\Windows\System\ELcRbdF.exe
  2⤵
  PID:6692
- C:\Windows\System\MJDXSCh.exe
  C:\Windows\System\MJDXSCh.exe
  2⤵
  PID:6724
- C:\Windows\System\mzZkcTT.exe
  C:\Windows\System\mzZkcTT.exe
  2⤵
  PID:6748
- C:\Windows\System\unVbCMB.exe
  C:\Windows\System\unVbCMB.exe
  2⤵
  PID:6772
- C:\Windows\System\WIQjmfW.exe
  C:\Windows\System\WIQjmfW.exe
  2⤵
  PID:6792
- C:\Windows\System\zVtJIJf.exe
  C:\Windows\System\zVtJIJf.exe
  2⤵
  PID:6820
- C:\Windows\System\rpUEWCv.exe
  C:\Windows\System\rpUEWCv.exe
  2⤵
  PID:6836
- C:\Windows\System\CLhvQWh.exe
  C:\Windows\System\CLhvQWh.exe
  2⤵
  PID:6868
- C:\Windows\System\JTLdswe.exe
  C:\Windows\System\JTLdswe.exe
  2⤵
  PID:6908
- C:\Windows\System\KlsYirs.exe
  C:\Windows\System\KlsYirs.exe
  2⤵
  PID:6944
- C:\Windows\System\OimPEBc.exe
  C:\Windows\System\OimPEBc.exe
  2⤵
  PID:6960
- C:\Windows\System\wkXfgMd.exe
  C:\Windows\System\wkXfgMd.exe
  2⤵
  PID:7000
- C:\Windows\System\fJSinwO.exe
  C:\Windows\System\fJSinwO.exe
  2⤵
  PID:7016
- C:\Windows\System\yStWhlM.exe
  C:\Windows\System\yStWhlM.exe
  2⤵
  PID:7048
- C:\Windows\System\AFUiVzp.exe
  C:\Windows\System\AFUiVzp.exe
  2⤵
  PID:7084
- C:\Windows\System\ZNLHLxs.exe
  C:\Windows\System\ZNLHLxs.exe
  2⤵
  PID:7104
- C:\Windows\System\ijJlvzm.exe
  C:\Windows\System\ijJlvzm.exe
  2⤵
  PID:7140
- C:\Windows\System\mvMcFhT.exe
  C:\Windows\System\mvMcFhT.exe
  2⤵
  PID:5372
- C:\Windows\System\gEjCrDG.exe
  C:\Windows\System\gEjCrDG.exe
  2⤵
  PID:5692
- C:\Windows\System\eRwvrOz.exe
  C:\Windows\System\eRwvrOz.exe
  2⤵
  PID:6240
- C:\Windows\System\mIBOvnK.exe
  C:\Windows\System\mIBOvnK.exe
  2⤵
  PID:6312
- C:\Windows\System\uTKEvJc.exe
  C:\Windows\System\uTKEvJc.exe
  2⤵
  PID:6352
- C:\Windows\System\XexaWtK.exe
  C:\Windows\System\XexaWtK.exe
  2⤵
  PID:6400
- C:\Windows\System\YEknSAc.exe
  C:\Windows\System\YEknSAc.exe
  2⤵
  PID:6452
- C:\Windows\System\sIFobDM.exe
  C:\Windows\System\sIFobDM.exe
  2⤵
  PID:6540
- C:\Windows\System\ORFtFhm.exe
  C:\Windows\System\ORFtFhm.exe
  2⤵
  PID:6592
- C:\Windows\System\PNtRUIs.exe
  C:\Windows\System\PNtRUIs.exe
  2⤵
  PID:6648
- C:\Windows\System\pIBTZkQ.exe
  C:\Windows\System\pIBTZkQ.exe
  2⤵
  PID:6716
- C:\Windows\System\IpUOpdJ.exe
  C:\Windows\System\IpUOpdJ.exe
  2⤵
  PID:6812
- C:\Windows\System\ojfmkXR.exe
  C:\Windows\System\ojfmkXR.exe
  2⤵
  PID:6808
- C:\Windows\System\VqeEbjx.exe
  C:\Windows\System\VqeEbjx.exe
  2⤵
  PID:6928
- C:\Windows\System\GWFyIGu.exe
  C:\Windows\System\GWFyIGu.exe
  2⤵
  PID:6984
- C:\Windows\System\CWOfOaN.exe
  C:\Windows\System\CWOfOaN.exe
  2⤵
  PID:7056
- C:\Windows\System\AaGMiEx.exe
  C:\Windows\System\AaGMiEx.exe
  2⤵
  PID:7124
- C:\Windows\System\uDBhNmg.exe
  C:\Windows\System\uDBhNmg.exe
  2⤵
  PID:5712
- C:\Windows\System\NGSUFSb.exe
  C:\Windows\System\NGSUFSb.exe
  2⤵
  PID:6116
- C:\Windows\System\sQHKgFs.exe
  C:\Windows\System\sQHKgFs.exe
  2⤵
  PID:6020
- C:\Windows\System\YAMTDIV.exe
  C:\Windows\System\YAMTDIV.exe
  2⤵
  PID:6680
- C:\Windows\System\iOuupGz.exe
  C:\Windows\System\iOuupGz.exe
  2⤵
  PID:6688
- C:\Windows\System\UEAXNzm.exe
  C:\Windows\System\UEAXNzm.exe
  2⤵
  PID:6784
- C:\Windows\System\JzwjboS.exe
  C:\Windows\System\JzwjboS.exe
  2⤵
  PID:7032
- C:\Windows\System\DTKtCGs.exe
  C:\Windows\System\DTKtCGs.exe
  2⤵
  PID:6176
- C:\Windows\System\yUaClHa.exe
  C:\Windows\System\yUaClHa.exe
  2⤵
  PID:6572
- C:\Windows\System\VMdHRmZ.exe
  C:\Windows\System\VMdHRmZ.exe
  2⤵
  PID:7028
- C:\Windows\System\FWiWYTl.exe
  C:\Windows\System\FWiWYTl.exe
  2⤵
  PID:6340
- C:\Windows\System\ArqUuBP.exe
  C:\Windows\System\ArqUuBP.exe
  2⤵
  PID:7112
- C:\Windows\System\HNZOvek.exe
  C:\Windows\System\HNZOvek.exe
  2⤵
  PID:7192
- C:\Windows\System\WilVZoj.exe
  C:\Windows\System\WilVZoj.exe
  2⤵
  PID:7228
- C:\Windows\System\ZhDQpXI.exe
  C:\Windows\System\ZhDQpXI.exe
  2⤵
  PID:7248
- C:\Windows\System\yzChTTT.exe
  C:\Windows\System\yzChTTT.exe
  2⤵
  PID:7276
- C:\Windows\System\qkXZirB.exe
  C:\Windows\System\qkXZirB.exe
  2⤵
  PID:7292
- C:\Windows\System\HFKXdKJ.exe
  C:\Windows\System\HFKXdKJ.exe
  2⤵
  PID:7328
- C:\Windows\System\RVGtcqE.exe
  C:\Windows\System\RVGtcqE.exe
  2⤵
  PID:7360
- C:\Windows\System\kMgagfE.exe
  C:\Windows\System\kMgagfE.exe
  2⤵
  PID:7388
- C:\Windows\System\CvrXCeJ.exe
  C:\Windows\System\CvrXCeJ.exe
  2⤵
  PID:7416
- C:\Windows\System\TnExAfh.exe
  C:\Windows\System\TnExAfh.exe
  2⤵
  PID:7448
- C:\Windows\System\Zchgwky.exe
  C:\Windows\System\Zchgwky.exe
  2⤵
  PID:7476
- C:\Windows\System\xUKSAUE.exe
  C:\Windows\System\xUKSAUE.exe
  2⤵
  PID:7500
- C:\Windows\System\SIHpeIq.exe
  C:\Windows\System\SIHpeIq.exe
  2⤵
  PID:7516
- C:\Windows\System\uZllMXx.exe
  C:\Windows\System\uZllMXx.exe
  2⤵
  PID:7552
- C:\Windows\System\VWXKyBN.exe
  C:\Windows\System\VWXKyBN.exe
  2⤵
  PID:7572
- C:\Windows\System\XsYhLbf.exe
  C:\Windows\System\XsYhLbf.exe
  2⤵
  PID:7612
- C:\Windows\System\BJEJXVk.exe
  C:\Windows\System\BJEJXVk.exe
  2⤵
  PID:7640
- C:\Windows\System\bXHXUCc.exe
  C:\Windows\System\bXHXUCc.exe
  2⤵
  PID:7668
- C:\Windows\System\ZNzFzVR.exe
  C:\Windows\System\ZNzFzVR.exe
  2⤵
  PID:7696
- C:\Windows\System\NTVltSZ.exe
  C:\Windows\System\NTVltSZ.exe
  2⤵
  PID:7728
- C:\Windows\System\aFlHLbX.exe
  C:\Windows\System\aFlHLbX.exe
  2⤵
  PID:7752
- C:\Windows\System\jiYhyHM.exe
  C:\Windows\System\jiYhyHM.exe
  2⤵
  PID:7780
- C:\Windows\System\LBIUfxS.exe
  C:\Windows\System\LBIUfxS.exe
  2⤵
  PID:7820
- C:\Windows\System\DHuxExN.exe
  C:\Windows\System\DHuxExN.exe
  2⤵
  PID:7848
- C:\Windows\System\pNVcfYb.exe
  C:\Windows\System\pNVcfYb.exe
  2⤵
  PID:7864
- C:\Windows\System\eNEOpbe.exe
  C:\Windows\System\eNEOpbe.exe
  2⤵
  PID:7880
- C:\Windows\System\uSSxlQa.exe
  C:\Windows\System\uSSxlQa.exe
  2⤵
  PID:7912
- C:\Windows\System\abLLWbM.exe
  C:\Windows\System\abLLWbM.exe
  2⤵
  PID:7932
- C:\Windows\System\qEryEtv.exe
  C:\Windows\System\qEryEtv.exe
  2⤵
  PID:7960
- C:\Windows\System\lQVuQFu.exe
  C:\Windows\System\lQVuQFu.exe
  2⤵
  PID:7992
- C:\Windows\System\bHnKEqG.exe
  C:\Windows\System\bHnKEqG.exe
  2⤵
  PID:8024
- C:\Windows\System\tVoyxmU.exe
  C:\Windows\System\tVoyxmU.exe
  2⤵
  PID:8048
- C:\Windows\System\YvUilMo.exe
  C:\Windows\System\YvUilMo.exe
  2⤵
  PID:8080
- C:\Windows\System\uptlhsz.exe
  C:\Windows\System\uptlhsz.exe
  2⤵
  PID:8104
- C:\Windows\System\wmiguei.exe
  C:\Windows\System\wmiguei.exe
  2⤵
  PID:8136
- C:\Windows\System\GLIvJEA.exe
  C:\Windows\System\GLIvJEA.exe
  2⤵
  PID:8168
- C:\Windows\System\IINLxms.exe
  C:\Windows\System\IINLxms.exe
  2⤵
  PID:7188
- C:\Windows\System\pxqsvev.exe
  C:\Windows\System\pxqsvev.exe
  2⤵
  PID:7240
- C:\Windows\System\LtSavZQ.exe
  C:\Windows\System\LtSavZQ.exe
  2⤵
  PID:7288
- C:\Windows\System\GjbZxjg.exe
  C:\Windows\System\GjbZxjg.exe
  2⤵
  PID:7340
- C:\Windows\System\PTEjniO.exe
  C:\Windows\System\PTEjniO.exe
  2⤵
  PID:7444
- C:\Windows\System\ThKgzsD.exe
  C:\Windows\System\ThKgzsD.exe
  2⤵
  PID:7512
- C:\Windows\System\WhFZfKi.exe
  C:\Windows\System\WhFZfKi.exe
  2⤵
  PID:7568
- C:\Windows\System\lODWeMQ.exe
  C:\Windows\System\lODWeMQ.exe
  2⤵
  PID:7652
- C:\Windows\System\szYiNoz.exe
  C:\Windows\System\szYiNoz.exe
  2⤵
  PID:7680
- C:\Windows\System\TMFUace.exe
  C:\Windows\System\TMFUace.exe
  2⤵
  PID:7764
- C:\Windows\System\rqgrobq.exe
  C:\Windows\System\rqgrobq.exe
  2⤵
  PID:7772
- C:\Windows\System\bQrkKyU.exe
  C:\Windows\System\bQrkKyU.exe
  2⤵
  PID:7900
- C:\Windows\System\MfGaJMy.exe
  C:\Windows\System\MfGaJMy.exe
  2⤵
  PID:7952
- C:\Windows\System\FERtXoG.exe
  C:\Windows\System\FERtXoG.exe
  2⤵
  PID:8044
- C:\Windows\System\kZnvAQz.exe
  C:\Windows\System\kZnvAQz.exe
  2⤵
  PID:8036
- C:\Windows\System\AGuGYCN.exe
  C:\Windows\System\AGuGYCN.exe
  2⤵
  PID:8112
- C:\Windows\System\VYuGEyk.exe
  C:\Windows\System\VYuGEyk.exe
  2⤵
  PID:8184
- C:\Windows\System\hAhfRRv.exe
  C:\Windows\System\hAhfRRv.exe
  2⤵
  PID:7284
- C:\Windows\System\QDqHRRL.exe
  C:\Windows\System\QDqHRRL.exe
  2⤵
  PID:7320
- C:\Windows\System\VLauhKO.exe
  C:\Windows\System\VLauhKO.exe
  2⤵
  PID:7544
- C:\Windows\System\qohKtAK.exe
  C:\Windows\System\qohKtAK.exe
  2⤵
  PID:7720
- C:\Windows\System\kezYzph.exe
  C:\Windows\System\kezYzph.exe
  2⤵
  PID:7908
- C:\Windows\System\VBqcPoq.exe
  C:\Windows\System\VBqcPoq.exe
  2⤵
  PID:8008
- C:\Windows\System\fsFfKKR.exe
  C:\Windows\System\fsFfKKR.exe
  2⤵
  PID:8128
- C:\Windows\System\bjxzrVT.exe
  C:\Windows\System\bjxzrVT.exe
  2⤵
  PID:8116
- C:\Windows\System\zBBdslx.exe
  C:\Windows\System\zBBdslx.exe
  2⤵
  PID:7632
- C:\Windows\System\JocMeGZ.exe
  C:\Windows\System\JocMeGZ.exe
  2⤵
  PID:8064
- C:\Windows\System\JVpGxlf.exe
  C:\Windows\System\JVpGxlf.exe
  2⤵
  PID:6704
- C:\Windows\System\PvWMgxc.exe
  C:\Windows\System\PvWMgxc.exe
  2⤵
  PID:8220
- C:\Windows\System\pnpHrGS.exe
  C:\Windows\System\pnpHrGS.exe
  2⤵
  PID:8252
- C:\Windows\System\IoWGuFj.exe
  C:\Windows\System\IoWGuFj.exe
  2⤵
  PID:8280
- C:\Windows\System\QpUMOEL.exe
  C:\Windows\System\QpUMOEL.exe
  2⤵
  PID:8308
- C:\Windows\System\ZAAzsSA.exe
  C:\Windows\System\ZAAzsSA.exe
  2⤵
  PID:8344
- C:\Windows\System\xkDJSCm.exe
  C:\Windows\System\xkDJSCm.exe
  2⤵
  PID:8376
- C:\Windows\System\wkZJHje.exe
  C:\Windows\System\wkZJHje.exe
  2⤵
  PID:8400
- C:\Windows\System\gAqiEmr.exe
  C:\Windows\System\gAqiEmr.exe
  2⤵
  PID:8416
- C:\Windows\System\MywwqCN.exe
  C:\Windows\System\MywwqCN.exe
  2⤵
  PID:8440
- C:\Windows\System\egmwfMN.exe
  C:\Windows\System\egmwfMN.exe
  2⤵
  PID:8476
- C:\Windows\System\qsorQCp.exe
  C:\Windows\System\qsorQCp.exe
  2⤵
  PID:8500
- C:\Windows\System\hgkpqEM.exe
  C:\Windows\System\hgkpqEM.exe
  2⤵
  PID:8544
- C:\Windows\System\paTiEiw.exe
  C:\Windows\System\paTiEiw.exe
  2⤵
  PID:8572
- C:\Windows\System\dRvFqZG.exe
  C:\Windows\System\dRvFqZG.exe
  2⤵
  PID:8608
- C:\Windows\System\vHoyScs.exe
  C:\Windows\System\vHoyScs.exe
  2⤵
  PID:8624
- C:\Windows\System\lcoBtOa.exe
  C:\Windows\System\lcoBtOa.exe
  2⤵
  PID:8652
- C:\Windows\System\EuEhBnW.exe
  C:\Windows\System\EuEhBnW.exe
  2⤵
  PID:8668
- C:\Windows\System\cCBnOjM.exe
  C:\Windows\System\cCBnOjM.exe
  2⤵
  PID:8696
- C:\Windows\System\QWVUiku.exe
  C:\Windows\System\QWVUiku.exe
  2⤵
  PID:8740
- C:\Windows\System\HtsPXYs.exe
  C:\Windows\System\HtsPXYs.exe
  2⤵
  PID:8764
- C:\Windows\System\YVJterr.exe
  C:\Windows\System\YVJterr.exe
  2⤵
  PID:8788
- C:\Windows\System\eXOpeWM.exe
  C:\Windows\System\eXOpeWM.exe
  2⤵
  PID:8824
- C:\Windows\System\hKhhmnF.exe
  C:\Windows\System\hKhhmnF.exe
  2⤵
  PID:8856
- C:\Windows\System\tntEsIc.exe
  C:\Windows\System\tntEsIc.exe
  2⤵
  PID:8888
- C:\Windows\System\jcjwGVZ.exe
  C:\Windows\System\jcjwGVZ.exe
  2⤵
  PID:8904
- C:\Windows\System\OXrVzqu.exe
  C:\Windows\System\OXrVzqu.exe
  2⤵
  PID:8924
- C:\Windows\System\tiwrVsi.exe
  C:\Windows\System\tiwrVsi.exe
  2⤵
  PID:8948
- C:\Windows\System\GwSjLsM.exe
  C:\Windows\System\GwSjLsM.exe
  2⤵
  PID:8972
- C:\Windows\System\osbfFNm.exe
  C:\Windows\System\osbfFNm.exe
  2⤵
  PID:9016
- C:\Windows\System\kuXbJKV.exe
  C:\Windows\System\kuXbJKV.exe
  2⤵
  PID:9036
- C:\Windows\System\fxlmLHs.exe
  C:\Windows\System\fxlmLHs.exe
  2⤵
  PID:9072
- C:\Windows\System\NOfpICJ.exe
  C:\Windows\System\NOfpICJ.exe
  2⤵
  PID:9096
- C:\Windows\System\ghGXHoO.exe
  C:\Windows\System\ghGXHoO.exe
  2⤵
  PID:9112
- C:\Windows\System\noUUChi.exe
  C:\Windows\System\noUUChi.exe
  2⤵
  PID:9148
- C:\Windows\System\hJqldKb.exe
  C:\Windows\System\hJqldKb.exe
  2⤵
  PID:9180
- C:\Windows\System\JPlrjQI.exe
  C:\Windows\System\JPlrjQI.exe
  2⤵
  PID:9208
- C:\Windows\System\LDmGzZo.exe
  C:\Windows\System\LDmGzZo.exe
  2⤵
  PID:8204
- C:\Windows\System\HCLYoek.exe
  C:\Windows\System\HCLYoek.exe
  2⤵
  PID:8272
- C:\Windows\System\RuLWVky.exe
  C:\Windows\System\RuLWVky.exe
  2⤵
  PID:8392
- C:\Windows\System\DcGJuwi.exe
  C:\Windows\System\DcGJuwi.exe
  2⤵
  PID:8360
- C:\Windows\System\TgYwfxC.exe
  C:\Windows\System\TgYwfxC.exe
  2⤵
  PID:8436
- C:\Windows\System\XRxqoug.exe
  C:\Windows\System\XRxqoug.exe
  2⤵
  PID:8496
- C:\Windows\System\lsQBadS.exe
  C:\Windows\System\lsQBadS.exe
  2⤵
  PID:8588
- C:\Windows\System\sDRPppq.exe
  C:\Windows\System\sDRPppq.exe
  2⤵
  PID:8660
- C:\Windows\System\wCyVFYT.exe
  C:\Windows\System\wCyVFYT.exe
  2⤵
  PID:8684
- C:\Windows\System\TBVQqpd.exe
  C:\Windows\System\TBVQqpd.exe
  2⤵
  PID:8840
- C:\Windows\System\eDxqoTm.exe
  C:\Windows\System\eDxqoTm.exe
  2⤵
  PID:8832
- C:\Windows\System\oTjEJVR.exe
  C:\Windows\System\oTjEJVR.exe
  2⤵
  PID:8912
- C:\Windows\System\LcfEIvR.exe
  C:\Windows\System\LcfEIvR.exe
  2⤵
  PID:8960
- C:\Windows\System\whqpMXh.exe
  C:\Windows\System\whqpMXh.exe
  2⤵
  PID:9064
- C:\Windows\System\oHmFFJP.exe
  C:\Windows\System\oHmFFJP.exe
  2⤵
  PID:9132
- C:\Windows\System\XNLsZfP.exe
  C:\Windows\System\XNLsZfP.exe
  2⤵
  PID:7980
- C:\Windows\System\GflsjGs.exe
  C:\Windows\System\GflsjGs.exe
  2⤵
  PID:8200
- C:\Windows\System\vjGsZYT.exe
  C:\Windows\System\vjGsZYT.exe
  2⤵
  PID:8368
- C:\Windows\System\jVOkYra.exe
  C:\Windows\System\jVOkYra.exe
  2⤵
  PID:8508
- C:\Windows\System\YMgJzzn.exe
  C:\Windows\System\YMgJzzn.exe
  2⤵
  PID:8732
- C:\Windows\System\SViSXrM.exe
  C:\Windows\System\SViSXrM.exe
  2⤵
  PID:8900
- C:\Windows\System\BnUOaIi.exe
  C:\Windows\System\BnUOaIi.exe
  2⤵
  PID:9088
- C:\Windows\System\fIMogob.exe
  C:\Windows\System\fIMogob.exe
  2⤵
  PID:9104
- C:\Windows\System\rWCFthf.exe
  C:\Windows\System\rWCFthf.exe
  2⤵
  PID:8316
- C:\Windows\System\WzXUmHJ.exe
  C:\Windows\System\WzXUmHJ.exe
  2⤵
  PID:8796
- C:\Windows\System\PoQRvYC.exe
  C:\Windows\System\PoQRvYC.exe
  2⤵
  PID:8240
- C:\Windows\System\lqufCfZ.exe
  C:\Windows\System\lqufCfZ.exe
  2⤵
  PID:9236
- C:\Windows\System\NNvuJQh.exe
  C:\Windows\System\NNvuJQh.exe
  2⤵
  PID:9264
- C:\Windows\System\nlgHLxk.exe
  C:\Windows\System\nlgHLxk.exe
  2⤵
  PID:9280
- C:\Windows\System\MkqWiKD.exe
  C:\Windows\System\MkqWiKD.exe
  2⤵
  PID:9312
- C:\Windows\System\qNvirCn.exe
  C:\Windows\System\qNvirCn.exe
  2⤵
  PID:9336
- C:\Windows\System\BvAfnnX.exe
  C:\Windows\System\BvAfnnX.exe
  2⤵
  PID:9352
- C:\Windows\System\KFdnyME.exe
  C:\Windows\System\KFdnyME.exe
  2⤵
  PID:9376
- C:\Windows\System\qgUOXSf.exe
  C:\Windows\System\qgUOXSf.exe
  2⤵
  PID:9408
- C:\Windows\System\MyNChtH.exe
  C:\Windows\System\MyNChtH.exe
  2⤵
  PID:9436
- C:\Windows\System\TLrdslb.exe
  C:\Windows\System\TLrdslb.exe
  2⤵
  PID:9460
- C:\Windows\System\eNzCdjA.exe
  C:\Windows\System\eNzCdjA.exe
  2⤵
  PID:9496
- C:\Windows\System\hgqAEPh.exe
  C:\Windows\System\hgqAEPh.exe
  2⤵
  PID:9528
- C:\Windows\System\AxjgPZF.exe
  C:\Windows\System\AxjgPZF.exe
  2⤵
  PID:9560
- C:\Windows\System\ctjdnqX.exe
  C:\Windows\System\ctjdnqX.exe
  2⤵
  PID:9600
- C:\Windows\System\lObdzka.exe
  C:\Windows\System\lObdzka.exe
  2⤵
  PID:9616
- C:\Windows\System\GcgxlIz.exe
  C:\Windows\System\GcgxlIz.exe
  2⤵
  PID:9632
- C:\Windows\System\qEJLLRt.exe
  C:\Windows\System\qEJLLRt.exe
  2⤵
  PID:9660
- C:\Windows\System\pebTYIX.exe
  C:\Windows\System\pebTYIX.exe
  2⤵
  PID:9688
- C:\Windows\System\mviSqPT.exe
  C:\Windows\System\mviSqPT.exe
  2⤵
  PID:9712
- C:\Windows\System\BlgHKdO.exe
  C:\Windows\System\BlgHKdO.exe
  2⤵
  PID:9728
- C:\Windows\System\psSRJPE.exe
  C:\Windows\System\psSRJPE.exe
  2⤵
  PID:9756
- C:\Windows\System\MzYWubP.exe
  C:\Windows\System\MzYWubP.exe
  2⤵
  PID:9784
- C:\Windows\System\gbZdCuE.exe
  C:\Windows\System\gbZdCuE.exe
  2⤵
  PID:9804
- C:\Windows\System\sRTcuIY.exe
  C:\Windows\System\sRTcuIY.exe
  2⤵
  PID:9836
- C:\Windows\System\PqonQkT.exe
  C:\Windows\System\PqonQkT.exe
  2⤵
  PID:9872
- C:\Windows\System\OJYRgvg.exe
  C:\Windows\System\OJYRgvg.exe
  2⤵
  PID:9900
- C:\Windows\System\iXKxTqP.exe
  C:\Windows\System\iXKxTqP.exe
  2⤵
  PID:9940
- C:\Windows\System\fEoVkjJ.exe
  C:\Windows\System\fEoVkjJ.exe
  2⤵
  PID:9964
- C:\Windows\System\nMaMGHk.exe
  C:\Windows\System\nMaMGHk.exe
  2⤵
  PID:9996
- C:\Windows\System\zxHTDcS.exe
  C:\Windows\System\zxHTDcS.exe
  2⤵
  PID:10028
- C:\Windows\System\wxfeakf.exe
  C:\Windows\System\wxfeakf.exe
  2⤵
  PID:10064
- C:\Windows\System\pScPuCJ.exe
  C:\Windows\System\pScPuCJ.exe
  2⤵
  PID:10088
- C:\Windows\System\LXbHMdN.exe
  C:\Windows\System\LXbHMdN.exe
  2⤵
  PID:10132
- C:\Windows\System\cgMTEJH.exe
  C:\Windows\System\cgMTEJH.exe
  2⤵
  PID:10148
- C:\Windows\System\UKNYPIr.exe
  C:\Windows\System\UKNYPIr.exe
  2⤵
  PID:10180
- C:\Windows\System\RvrjYfj.exe
  C:\Windows\System\RvrjYfj.exe
  2⤵
  PID:10212
- C:\Windows\System\cvdthdx.exe
  C:\Windows\System\cvdthdx.exe
  2⤵
  PID:8620
- C:\Windows\System\liLTcqH.exe
  C:\Windows\System\liLTcqH.exe
  2⤵
  PID:9232
- C:\Windows\System\DjGHmvx.exe
  C:\Windows\System\DjGHmvx.exe
  2⤵
  PID:9272
- C:\Windows\System\jFHnxFq.exe
  C:\Windows\System\jFHnxFq.exe
  2⤵
  PID:9372
- C:\Windows\System\fCGTNpr.exe
  C:\Windows\System\fCGTNpr.exe
  2⤵
  PID:9404
- C:\Windows\System\nkpHwRs.exe
  C:\Windows\System\nkpHwRs.exe
  2⤵
  PID:9452
- C:\Windows\System\jNlqdNw.exe
  C:\Windows\System\jNlqdNw.exe
  2⤵
  PID:9580
- C:\Windows\System\uFtIOWx.exe
  C:\Windows\System\uFtIOWx.exe
  2⤵
  PID:9644
- C:\Windows\System\LkqIqrP.exe
  C:\Windows\System\LkqIqrP.exe
  2⤵
  PID:9708
- C:\Windows\System\kzCGaAS.exe
  C:\Windows\System\kzCGaAS.exe
  2⤵
  PID:9704
- C:\Windows\System\JjzgyMo.exe
  C:\Windows\System\JjzgyMo.exe
  2⤵
  PID:9832
- C:\Windows\System\qFETnVB.exe
  C:\Windows\System\qFETnVB.exe
  2⤵
  PID:9888
- C:\Windows\System\BHwdrZh.exe
  C:\Windows\System\BHwdrZh.exe
  2⤵
  PID:9956
- C:\Windows\System\UctAvHC.exe
  C:\Windows\System\UctAvHC.exe
  2⤵
  PID:9976
- C:\Windows\System\ChFEyfk.exe
  C:\Windows\System\ChFEyfk.exe
  2⤵
  PID:10120
- C:\Windows\System\jGolrAP.exe
  C:\Windows\System\jGolrAP.exe
  2⤵
  PID:10144
- C:\Windows\System\aqtOHSX.exe
  C:\Windows\System\aqtOHSX.exe
  2⤵
  PID:10224
- C:\Windows\System\DRuIDdG.exe
  C:\Windows\System\DRuIDdG.exe
  2⤵
  PID:9292
- C:\Windows\System\tHQiLNW.exe
  C:\Windows\System\tHQiLNW.exe
  2⤵
  PID:9332
- C:\Windows\System\ooDYxOs.exe
  C:\Windows\System\ooDYxOs.exe
  2⤵
  PID:9628
- C:\Windows\System\nPTLUeP.exe
  C:\Windows\System\nPTLUeP.exe
  2⤵
  PID:9624
- C:\Windows\System\KPsaJzK.exe
  C:\Windows\System\KPsaJzK.exe
  2⤵
  PID:9868
- C:\Windows\System\ehLfvDi.exe
  C:\Windows\System\ehLfvDi.exe
  2⤵
  PID:9948
- C:\Windows\System\hUFEcRv.exe
  C:\Windows\System\hUFEcRv.exe
  2⤵
  PID:10044
- C:\Windows\System\rMJqpTh.exe
  C:\Windows\System\rMJqpTh.exe
  2⤵
  PID:9220
- C:\Windows\System\MvLbadH.exe
  C:\Windows\System\MvLbadH.exe
  2⤵
  PID:9612
- C:\Windows\System\jVjDwMI.exe
  C:\Windows\System\jVjDwMI.exe
  2⤵
  PID:9912
- C:\Windows\System\htbNBms.exe
  C:\Windows\System\htbNBms.exe
  2⤵
  PID:10204
- C:\Windows\System\hLNucOo.exe
  C:\Windows\System\hLNucOo.exe
  2⤵
  PID:9484
- C:\Windows\System\jOtZhkr.exe
  C:\Windows\System\jOtZhkr.exe
  2⤵
  PID:10264
- C:\Windows\System\PKAugDO.exe
  C:\Windows\System\PKAugDO.exe
  2⤵
  PID:10288
- C:\Windows\System\gJkKMDU.exe
  C:\Windows\System\gJkKMDU.exe
  2⤵
  PID:10324
- C:\Windows\System\Cnsixvg.exe
  C:\Windows\System\Cnsixvg.exe
  2⤵
  PID:10344
- C:\Windows\System\bQJcOkW.exe
  C:\Windows\System\bQJcOkW.exe
  2⤵
  PID:10376
- C:\Windows\System\uIwOhOS.exe
  C:\Windows\System\uIwOhOS.exe
  2⤵
  PID:10392
- C:\Windows\System\xBzGYVC.exe
  C:\Windows\System\xBzGYVC.exe
  2⤵
  PID:10412
- C:\Windows\System\UsmvARM.exe
  C:\Windows\System\UsmvARM.exe
  2⤵
  PID:10444
- C:\Windows\System\wjsCszI.exe
  C:\Windows\System\wjsCszI.exe
  2⤵
  PID:10480
- C:\Windows\System\MIvkeyy.exe
  C:\Windows\System\MIvkeyy.exe
  2⤵
  PID:10516
- C:\Windows\System\JEGhcgf.exe
  C:\Windows\System\JEGhcgf.exe
  2⤵
  PID:10532
- C:\Windows\System\JBlMnHH.exe
  C:\Windows\System\JBlMnHH.exe
  2⤵
  PID:10560
- C:\Windows\System\TNYSBmV.exe
  C:\Windows\System\TNYSBmV.exe
  2⤵
  PID:10588
- C:\Windows\System\wIFSepa.exe
  C:\Windows\System\wIFSepa.exe
  2⤵
  PID:10624
- C:\Windows\System\OcweUZe.exe
  C:\Windows\System\OcweUZe.exe
  2⤵
  PID:10648
- C:\Windows\System\VoIEDrC.exe
  C:\Windows\System\VoIEDrC.exe
  2⤵
  PID:10684
- C:\Windows\System\sCFTXOV.exe
  C:\Windows\System\sCFTXOV.exe
  2⤵
  PID:10712
- C:\Windows\System\GHwAJoQ.exe
  C:\Windows\System\GHwAJoQ.exe
  2⤵
  PID:10728
- C:\Windows\System\XYpsogw.exe
  C:\Windows\System\XYpsogw.exe
  2⤵
  PID:10768
- C:\Windows\System\BQzlJis.exe
  C:\Windows\System\BQzlJis.exe
  2⤵
  PID:10784
- C:\Windows\System\eMtyQUs.exe
  C:\Windows\System\eMtyQUs.exe
  2⤵
  PID:10816
- C:\Windows\System\yivvFVf.exe
  C:\Windows\System\yivvFVf.exe
  2⤵
  PID:10840
- C:\Windows\System\nxzhiLH.exe
  C:\Windows\System\nxzhiLH.exe
  2⤵
  PID:10876
- C:\Windows\System\lGTCEyU.exe
  C:\Windows\System\lGTCEyU.exe
  2⤵
  PID:10904
- C:\Windows\System\YFDdkJx.exe
  C:\Windows\System\YFDdkJx.exe
  2⤵
  PID:10920
- C:\Windows\System\YFmCXOk.exe
  C:\Windows\System\YFmCXOk.exe
  2⤵
  PID:10940
- C:\Windows\System\btmGDxH.exe
  C:\Windows\System\btmGDxH.exe
  2⤵
  PID:10964
- C:\Windows\System\aQLLfqe.exe
  C:\Windows\System\aQLLfqe.exe
  2⤵
  PID:10996
- C:\Windows\System\PqBkBZA.exe
  C:\Windows\System\PqBkBZA.exe
  2⤵
  PID:11020
- C:\Windows\System\uoJZWjV.exe
  C:\Windows\System\uoJZWjV.exe
  2⤵
  PID:11040
- C:\Windows\System\EAkGGGq.exe
  C:\Windows\System\EAkGGGq.exe
  2⤵
  PID:11068
- C:\Windows\System\jsAAfQG.exe
  C:\Windows\System\jsAAfQG.exe
  2⤵
  PID:11104
- C:\Windows\System\xIBbQIO.exe
  C:\Windows\System\xIBbQIO.exe
  2⤵
  PID:11136
- C:\Windows\System\UwxGuvD.exe
  C:\Windows\System\UwxGuvD.exe
  2⤵
  PID:11168
- C:\Windows\System\imQLlPj.exe
  C:\Windows\System\imQLlPj.exe
  2⤵
  PID:11188
- C:\Windows\System\UmIoQTh.exe
  C:\Windows\System\UmIoQTh.exe
  2⤵
  PID:11220
- C:\Windows\System\dhqvmVG.exe
  C:\Windows\System\dhqvmVG.exe
  2⤵
  PID:11252
- C:\Windows\System\yMFsAVv.exe
  C:\Windows\System\yMFsAVv.exe
  2⤵
  PID:10284
- C:\Windows\System\hpqsPwG.exe
  C:\Windows\System\hpqsPwG.exe
  2⤵
  PID:10336
- C:\Windows\System\YWSlscy.exe
  C:\Windows\System\YWSlscy.exe
  2⤵
  PID:10356
- C:\Windows\System\RNDgKBs.exe
  C:\Windows\System\RNDgKBs.exe
  2⤵
  PID:10472
- C:\Windows\System\ASvFoXm.exe
  C:\Windows\System\ASvFoXm.exe
  2⤵
  PID:10544
- C:\Windows\System\mtCfiQK.exe
  C:\Windows\System\mtCfiQK.exe
  2⤵
  PID:10528
- C:\Windows\System\DWolihd.exe
  C:\Windows\System\DWolihd.exe
  2⤵
  PID:10636
- C:\Windows\System\HuLReQa.exe
  C:\Windows\System\HuLReQa.exe
  2⤵
  PID:10748
- C:\Windows\System\hBbEPLa.exe
  C:\Windows\System\hBbEPLa.exe
  2⤵
  PID:10828
- C:\Windows\System\GapgQti.exe
  C:\Windows\System\GapgQti.exe
  2⤵
  PID:10864
- C:\Windows\System\sPngIwY.exe
  C:\Windows\System\sPngIwY.exe
  2⤵
  PID:10912
- C:\Windows\System\NifJWVh.exe
  C:\Windows\System\NifJWVh.exe
  2⤵
  PID:10988
- C:\Windows\System\ZNcXGdy.exe
  C:\Windows\System\ZNcXGdy.exe
  2⤵
  PID:11028
- C:\Windows\System\zqTGdWk.exe
  C:\Windows\System\zqTGdWk.exe
  2⤵
  PID:11144
- C:\Windows\System\OOHRYTt.exe
  C:\Windows\System\OOHRYTt.exe
  2⤵
  PID:11212
- C:\Windows\System\HYpcUJH.exe
  C:\Windows\System\HYpcUJH.exe
  2⤵
  PID:11244
- C:\Windows\System\OBCyOcG.exe
  C:\Windows\System\OBCyOcG.exe
  2⤵
  PID:10360
- C:\Windows\System\CPDPdUH.exe
  C:\Windows\System\CPDPdUH.exe
  2⤵
  PID:10552
- C:\Windows\System\rdpGfzg.exe
  C:\Windows\System\rdpGfzg.exe
  2⤵
  PID:10580
- C:\Windows\System\xTklPPi.exe
  C:\Windows\System\xTklPPi.exe
  2⤵
  PID:10860
- C:\Windows\System\bGOhmam.exe
  C:\Windows\System\bGOhmam.exe
  2⤵
  PID:11004
- C:\Windows\System\GdLjsIL.exe
  C:\Windows\System\GdLjsIL.exe
  2⤵
  PID:11092
- C:\Windows\System\SvGjNSc.exe
  C:\Windows\System\SvGjNSc.exe
  2⤵
  PID:10260
- C:\Windows\System\cEVyhjK.exe
  C:\Windows\System\cEVyhjK.exe
  2⤵
  PID:10440
- C:\Windows\System\GhfMnVh.exe
  C:\Windows\System\GhfMnVh.exe
  2⤵
  PID:10776
- C:\Windows\System\RDEmMrc.exe
  C:\Windows\System\RDEmMrc.exe
  2⤵
  PID:10304
- C:\Windows\System\hoCyljr.exe
  C:\Windows\System\hoCyljr.exe
  2⤵
  PID:11280
- C:\Windows\System\fUVihyv.exe
  C:\Windows\System\fUVihyv.exe
  2⤵
  PID:11312
- C:\Windows\System\vDwSQmg.exe
  C:\Windows\System\vDwSQmg.exe
  2⤵
  PID:11332
- C:\Windows\System\fdzWcac.exe
  C:\Windows\System\fdzWcac.exe
  2⤵
  PID:11352
- C:\Windows\System\IvsYrPW.exe
  C:\Windows\System\IvsYrPW.exe
  2⤵
  PID:11380
- C:\Windows\System\xFulMeU.exe
  C:\Windows\System\xFulMeU.exe
  2⤵
  PID:11404
- C:\Windows\System\QETsQQk.exe
  C:\Windows\System\QETsQQk.exe
  2⤵
  PID:11436
- C:\Windows\System\CtiRJgi.exe
  C:\Windows\System\CtiRJgi.exe
  2⤵
  PID:11468
- C:\Windows\System\sKFBdiH.exe
  C:\Windows\System\sKFBdiH.exe
  2⤵
  PID:11504
- C:\Windows\System\HlvuYpj.exe
  C:\Windows\System\HlvuYpj.exe
  2⤵
  PID:11520
- C:\Windows\System\vWwDdjQ.exe
  C:\Windows\System\vWwDdjQ.exe
  2⤵
  PID:11552
- C:\Windows\System\JsIutKh.exe
  C:\Windows\System\JsIutKh.exe
  2⤵
  PID:11572
- C:\Windows\System\cZaObZZ.exe
  C:\Windows\System\cZaObZZ.exe
  2⤵
  PID:11600
- C:\Windows\System\zACjxLy.exe
  C:\Windows\System\zACjxLy.exe
  2⤵
  PID:11628
- C:\Windows\System\xXfepan.exe
  C:\Windows\System\xXfepan.exe
  2⤵
  PID:11652
- C:\Windows\System\DeHHHrm.exe
  C:\Windows\System\DeHHHrm.exe
  2⤵
  PID:11684
- C:\Windows\System\hoIqVfO.exe
  C:\Windows\System\hoIqVfO.exe
  2⤵
  PID:11708
- C:\Windows\System\IriWqYA.exe
  C:\Windows\System\IriWqYA.exe
  2⤵
  PID:11736
- C:\Windows\System\pvUuGez.exe
  C:\Windows\System\pvUuGez.exe
  2⤵
  PID:11760
- C:\Windows\System\kOTJtiB.exe
  C:\Windows\System\kOTJtiB.exe
  2⤵
  PID:11788
- C:\Windows\System\CVbYFcA.exe
  C:\Windows\System\CVbYFcA.exe
  2⤵
  PID:11816
- C:\Windows\System\MBjmEjp.exe
  C:\Windows\System\MBjmEjp.exe
  2⤵
  PID:11856
- C:\Windows\System\OqsJRAj.exe
  C:\Windows\System\OqsJRAj.exe
  2⤵
  PID:11884
- C:\Windows\System\RLPSyYW.exe
  C:\Windows\System\RLPSyYW.exe
  2⤵
  PID:11916
- C:\Windows\System\TtQNmic.exe
  C:\Windows\System\TtQNmic.exe
  2⤵
  PID:11948
- C:\Windows\System\BaoIEzM.exe
  C:\Windows\System\BaoIEzM.exe
  2⤵
  PID:11980
- C:\Windows\System\uHDYIfM.exe
  C:\Windows\System\uHDYIfM.exe
  2⤵
  PID:12000
- C:\Windows\System\gpRXgsh.exe
  C:\Windows\System\gpRXgsh.exe
  2⤵
  PID:12016
- C:\Windows\System\PVGeAFa.exe
  C:\Windows\System\PVGeAFa.exe
  2⤵
  PID:12056
- C:\Windows\System\sHkqNjF.exe
  C:\Windows\System\sHkqNjF.exe
  2⤵
  PID:12080
- C:\Windows\System\KhrRvOY.exe
  C:\Windows\System\KhrRvOY.exe
  2⤵
  PID:12100
- C:\Windows\System\dnHPLyI.exe
  C:\Windows\System\dnHPLyI.exe
  2⤵
  PID:12128
- C:\Windows\System\DZNWUuK.exe
  C:\Windows\System\DZNWUuK.exe
  2⤵
  PID:12164
- C:\Windows\System\kalaYzj.exe
  C:\Windows\System\kalaYzj.exe
  2⤵
  PID:12204
- C:\Windows\System\QUykyXe.exe
  C:\Windows\System\QUykyXe.exe
  2⤵
  PID:12224
- C:\Windows\System\noaDwtP.exe
  C:\Windows\System\noaDwtP.exe
  2⤵
  PID:12248
- C:\Windows\System\TftJIKC.exe
  C:\Windows\System\TftJIKC.exe
  2⤵
  PID:12280
- C:\Windows\System\QMiBTaT.exe
  C:\Windows\System\QMiBTaT.exe
  2⤵
  PID:10696
- C:\Windows\System\jLPfjzS.exe
  C:\Windows\System\jLPfjzS.exe
  2⤵
  PID:11368
- C:\Windows\System\JfAogfi.exe
  C:\Windows\System\JfAogfi.exe
  2⤵
  PID:11432
- C:\Windows\System\mhLbsMx.exe
  C:\Windows\System\mhLbsMx.exe
  2⤵
  PID:11480
- C:\Windows\System\ZjcLVBB.exe
  C:\Windows\System\ZjcLVBB.exe
  2⤵
  PID:11536
- C:\Windows\System\gifIaLH.exe
  C:\Windows\System\gifIaLH.exe
  2⤵
  PID:11616
- C:\Windows\System\FkASJbZ.exe
  C:\Windows\System\FkASJbZ.exe
  2⤵
  PID:11672
- C:\Windows\System\VmENmec.exe
  C:\Windows\System\VmENmec.exe
  2⤵
  PID:11724
- C:\Windows\System\nexRnCM.exe
  C:\Windows\System\nexRnCM.exe
  2⤵
  PID:11840
- C:\Windows\System\ftycION.exe
  C:\Windows\System\ftycION.exe
  2⤵
  PID:11868
- C:\Windows\System\xwaQlAl.exe
  C:\Windows\System\xwaQlAl.exe
  2⤵
  PID:11992
- C:\Windows\System\DXHQXAd.exe
  C:\Windows\System\DXHQXAd.exe
  2⤵
  PID:11972
- C:\Windows\System\xSHatTU.exe
  C:\Windows\System\xSHatTU.exe
  2⤵
  PID:2240
- C:\Windows\System\cxwgccT.exe
  C:\Windows\System\cxwgccT.exe
  2⤵
  PID:12092
- C:\Windows\System\GXPkoOh.exe
  C:\Windows\System\GXPkoOh.exe
  2⤵
  PID:12192
- C:\Windows\System\dgtnqLA.exe
  C:\Windows\System\dgtnqLA.exe
  2⤵
  PID:12268
- C:\Windows\System\TiegbKD.exe
  C:\Windows\System\TiegbKD.exe
  2⤵
  PID:12260
- C:\Windows\System\GpfEyuO.exe
  C:\Windows\System\GpfEyuO.exe
  2⤵
  PID:11364
- C:\Windows\System\LkOJhCT.exe
  C:\Windows\System\LkOJhCT.exe
  2⤵
  PID:11568
- C:\Windows\System\bnVhIKv.exe
  C:\Windows\System\bnVhIKv.exe
  2⤵
  PID:11876
- C:\Windows\System\HRrnVHH.exe
  C:\Windows\System\HRrnVHH.exe
  2⤵
  PID:11940
- C:\Windows\System\LGeLeeq.exe
  C:\Windows\System\LGeLeeq.exe
  2⤵
  PID:4720
- C:\Windows\System\iBXymle.exe
  C:\Windows\System\iBXymle.exe
  2⤵
  PID:3136
- C:\Windows\System\KntfTEo.exe
  C:\Windows\System\KntfTEo.exe
  2⤵
  PID:12216
- C:\Windows\System\pUtimmB.exe
  C:\Windows\System\pUtimmB.exe
  2⤵
  PID:11344
- C:\Windows\System\THbASev.exe
  C:\Windows\System\THbASev.exe
  2⤵
  PID:11828
- C:\Windows\System\PXBfzNh.exe
  C:\Windows\System\PXBfzNh.exe
  2⤵
  PID:11812
- C:\Windows\System\RxYyTBM.exe
  C:\Windows\System\RxYyTBM.exe
  2⤵
  PID:11608
- C:\Windows\System\RRYPpZQ.exe
  C:\Windows\System\RRYPpZQ.exe
  2⤵
  PID:12300
- C:\Windows\System\PcOHNfp.exe
  C:\Windows\System\PcOHNfp.exe
  2⤵
  PID:12320
- C:\Windows\System\rVMnmHb.exe
  C:\Windows\System\rVMnmHb.exe
  2⤵
  PID:12348
- C:\Windows\System\wRDUgzF.exe
  C:\Windows\System\wRDUgzF.exe
  2⤵
  PID:12372
- C:\Windows\System\jKZzDSF.exe
  C:\Windows\System\jKZzDSF.exe
  2⤵
  PID:12400
- C:\Windows\System\ImRwKFI.exe
  C:\Windows\System\ImRwKFI.exe
  2⤵
  PID:12452
- C:\Windows\System\OGAGyiP.exe
  C:\Windows\System\OGAGyiP.exe
  2⤵
  PID:12472
- C:\Windows\System\QDgMdtB.exe
  C:\Windows\System\QDgMdtB.exe
  2⤵
  PID:12500
- C:\Windows\System\kEmlIbe.exe
  C:\Windows\System\kEmlIbe.exe
  2⤵
  PID:12528
- C:\Windows\System\pkuLmVo.exe
  C:\Windows\System\pkuLmVo.exe
  2⤵
  PID:12552
- C:\Windows\System\IfbfxCK.exe
  C:\Windows\System\IfbfxCK.exe
  2⤵
  PID:12580
- C:\Windows\System\BYOLXeN.exe
  C:\Windows\System\BYOLXeN.exe
  2⤵
  PID:12612
- C:\Windows\System\vvNRQKq.exe
  C:\Windows\System\vvNRQKq.exe
  2⤵
  PID:12632
- C:\Windows\System\AUYNMCh.exe
  C:\Windows\System\AUYNMCh.exe
  2⤵
  PID:12664
- C:\Windows\System\rpqaCML.exe
  C:\Windows\System\rpqaCML.exe
  2⤵
  PID:12692
- C:\Windows\System\IcJIdch.exe
  C:\Windows\System\IcJIdch.exe
  2⤵
  PID:12736
- C:\Windows\System\DxWIluN.exe
  C:\Windows\System\DxWIluN.exe
  2⤵
  PID:12756
- C:\Windows\System\giFlZLG.exe
  C:\Windows\System\giFlZLG.exe
  2⤵
  PID:12792
- C:\Windows\System\eApnLFN.exe
  C:\Windows\System\eApnLFN.exe
  2⤵
  PID:12812
- C:\Windows\System\qkFFMCB.exe
  C:\Windows\System\qkFFMCB.exe
  2⤵
  PID:12840
- C:\Windows\System\uhabqzJ.exe
  C:\Windows\System\uhabqzJ.exe
  2⤵
  PID:12868
- C:\Windows\System\ZVNdBmH.exe
  C:\Windows\System\ZVNdBmH.exe
  2⤵
  PID:12900
- C:\Windows\System\ReFULqO.exe
  C:\Windows\System\ReFULqO.exe
  2⤵
  PID:12928
- C:\Windows\System\ZVOZuvn.exe
  C:\Windows\System\ZVOZuvn.exe
  2⤵
  PID:12960
- C:\Windows\System\zdsCIFo.exe
  C:\Windows\System\zdsCIFo.exe
  2⤵
  PID:12980
- C:\Windows\System\xldTECP.exe
  C:\Windows\System\xldTECP.exe
  2⤵
  PID:13008
- C:\Windows\System\ZlBFPiZ.exe
  C:\Windows\System\ZlBFPiZ.exe
  2⤵
  PID:13044
- C:\Windows\System\PkdyZbH.exe
  C:\Windows\System\PkdyZbH.exe
  2⤵
  PID:13072
- C:\Windows\System\tDIITzB.exe
  C:\Windows\System\tDIITzB.exe
  2⤵
  PID:13092
- C:\Windows\System\VXXVchg.exe
  C:\Windows\System\VXXVchg.exe
  2⤵
  PID:13116
- C:\Windows\System\EQBXhlX.exe
  C:\Windows\System\EQBXhlX.exe
  2⤵
  PID:13140
- C:\Windows\System\bZXpoEx.exe
  C:\Windows\System\bZXpoEx.exe
  2⤵
  PID:13176
- C:\Windows\System\BVQgAlQ.exe
  C:\Windows\System\BVQgAlQ.exe
  2⤵
  PID:13196
- C:\Windows\System\dFwXRVY.exe
  C:\Windows\System\dFwXRVY.exe
  2⤵
  PID:13212
- C:\Windows\System\BWFchkW.exe
  C:\Windows\System\BWFchkW.exe
  2⤵
  PID:13240
- C:\Windows\System\wFOVUYj.exe
  C:\Windows\System\wFOVUYj.exe
  2⤵
  PID:13268
- C:\Windows\System\dygrFto.exe
  C:\Windows\System\dygrFto.exe
  2⤵
  PID:13300
- C:\Windows\System\KsIoCAm.exe
  C:\Windows\System\KsIoCAm.exe
  2⤵
  PID:12040
- C:\Windows\System\XneSddM.exe
  C:\Windows\System\XneSddM.exe
  2⤵
  PID:12308
- C:\Windows\System\dkliLej.exe
  C:\Windows\System\dkliLej.exe
  2⤵
  PID:12344
- C:\Windows\System\nDQNbEK.exe
  C:\Windows\System\nDQNbEK.exe
  2⤵
  PID:12388
- C:\Windows\System\dxfYygb.exe
  C:\Windows\System\dxfYygb.exe
  2⤵
  PID:4684
- C:\Windows\System\hLQudgf.exe
  C:\Windows\System\hLQudgf.exe
  2⤵
  PID:12524
- C:\Windows\System\FnIbevI.exe
  C:\Windows\System\FnIbevI.exe
  2⤵
  PID:12544
- C:\Windows\System\zZsZPWq.exe
  C:\Windows\System\zZsZPWq.exe
  2⤵
  PID:12628
- C:\Windows\System\znNahcG.exe
  C:\Windows\System\znNahcG.exe
  2⤵
  PID:12700
- C:\Windows\System\asiSuPE.exe
  C:\Windows\System\asiSuPE.exe
  2⤵
  PID:12724
- C:\Windows\System\LCtpYPm.exe
  C:\Windows\System\LCtpYPm.exe
  2⤵
  PID:11548
- C:\Windows\System\KULZMIl.exe
  C:\Windows\System\KULZMIl.exe
  2⤵
  PID:12804
- C:\Windows\System\EEOxsRX.exe
  C:\Windows\System\EEOxsRX.exe
  2⤵
  PID:4572
- C:\Windows\System\KyZmOUI.exe
  C:\Windows\System\KyZmOUI.exe
  2⤵
  PID:12860
- C:\Windows\System\dclnwvo.exe
  C:\Windows\System\dclnwvo.exe
  2⤵
  PID:12920
- C:\Windows\System\vJUBZZC.exe
  C:\Windows\System\vJUBZZC.exe
  2⤵
  PID:12948
- C:\Windows\System\PmPRiAL.exe
  C:\Windows\System\PmPRiAL.exe
  2⤵
  PID:12996
- C:\Windows\System\SqENqbw.exe
  C:\Windows\System\SqENqbw.exe
  2⤵
  PID:13064
- C:\Windows\System\rYltviS.exe
  C:\Windows\System\rYltviS.exe
  2⤵
  PID:13108
- C:\Windows\System\ywBEALV.exe
  C:\Windows\System\ywBEALV.exe
  2⤵
  PID:13204
- C:\Windows\System\ghqulvp.exe
  C:\Windows\System\ghqulvp.exe
  2⤵
  PID:13252
- C:\Windows\System\fdoGWLA.exe
  C:\Windows\System\fdoGWLA.exe
  2⤵
  PID:4076
- C:\Windows\System\ZJnJwOe.exe
  C:\Windows\System\ZJnJwOe.exe
  2⤵
  PID:12588
- C:\Windows\System\mcKHBLi.exe
  C:\Windows\System\mcKHBLi.exe
  2⤵
  PID:12720
- C:\Windows\System\TWxPpGJ.exe
  C:\Windows\System\TWxPpGJ.exe
  2⤵
  PID:12800
- C:\Windows\System\nhNyLqK.exe
  C:\Windows\System\nhNyLqK.exe
  2⤵
  PID:12656
- C:\Windows\System\GxvLAwg.exe
  C:\Windows\System\GxvLAwg.exe
  2⤵
  PID:12908
- C:\Windows\System\tDrNdPe.exe
  C:\Windows\System\tDrNdPe.exe
  2⤵
  PID:13104
- C:\Windows\System\UIJEdpt.exe
  C:\Windows\System\UIJEdpt.exe
  2⤵
  PID:13124
- C:\Windows\System\upesmla.exe
  C:\Windows\System\upesmla.exe
  2⤵
  PID:13148
- C:\Windows\System\SMxfqjh.exe
  C:\Windows\System\SMxfqjh.exe
  2⤵
  PID:13308
- C:\Windows\System\VWihBPh.exe
  C:\Windows\System\VWihBPh.exe
  2⤵
  PID:12548
- C:\Windows\System\ylpbtCw.exe
  C:\Windows\System\ylpbtCw.exe
  2⤵
  PID:13248
- C:\Windows\System\vUdNkhB.exe
  C:\Windows\System\vUdNkhB.exe
  2⤵
  PID:13100
- C:\Windows\System\EcRDWSD.exe
  C:\Windows\System\EcRDWSD.exe
  2⤵
  PID:13344
- C:\Windows\System\XtDLtAi.exe
  C:\Windows\System\XtDLtAi.exe
  2⤵
  PID:13360
- C:\Windows\System\UtpjdJA.exe
  C:\Windows\System\UtpjdJA.exe
  2⤵
  PID:13392
- C:\Windows\System\wCPeWcJ.exe
  C:\Windows\System\wCPeWcJ.exe
  2⤵
  PID:13424
- C:\Windows\System\cARHvjV.exe
  C:\Windows\System\cARHvjV.exe
  2⤵
  PID:13548
- C:\Windows\System\jyogViR.exe
  C:\Windows\System\jyogViR.exe
  2⤵
  PID:13564
- C:\Windows\System\NOwnnGo.exe
  C:\Windows\System\NOwnnGo.exe
  2⤵
  PID:13580
- C:\Windows\System\tyzghVZ.exe
  C:\Windows\System\tyzghVZ.exe
  2⤵
  PID:13612
- C:\Windows\System\nDrHnHE.exe
  C:\Windows\System\nDrHnHE.exe
  2⤵
  PID:13636
- C:\Windows\System\LGOlkzO.exe
  C:\Windows\System\LGOlkzO.exe
  2⤵
  PID:13668
- C:\Windows\System\kdrgSlT.exe
  C:\Windows\System\kdrgSlT.exe
  2⤵
  PID:13692
- C:\Windows\System\ThlmgtM.exe
  C:\Windows\System\ThlmgtM.exe
  2⤵
  PID:13720
- C:\Windows\System\vsbBgco.exe
  C:\Windows\System\vsbBgco.exe
  2⤵
  PID:13748
- C:\Windows\System\QNiwCBY.exe
  C:\Windows\System\QNiwCBY.exe
  2⤵
  PID:13776
- C:\Windows\System\FxUHpMV.exe
  C:\Windows\System\FxUHpMV.exe
  2⤵
  PID:13804
- C:\Windows\System\ajTeLjb.exe
  C:\Windows\System\ajTeLjb.exe
  2⤵
  PID:13820
- C:\Windows\System\LvZVwWV.exe
  C:\Windows\System\LvZVwWV.exe
  2⤵
  PID:13844
- C:\Windows\System\gBIuEGE.exe
  C:\Windows\System\gBIuEGE.exe
  2⤵
  PID:13872
- C:\Windows\System\sypiNqC.exe
  C:\Windows\System\sypiNqC.exe
  2⤵
  PID:13900
- C:\Windows\System\OJLbMdh.exe
  C:\Windows\System\OJLbMdh.exe
  2⤵
  PID:13928
- C:\Windows\System\QRzqCxp.exe
  C:\Windows\System\QRzqCxp.exe
  2⤵
  PID:13948
- C:\Windows\System\SHNbvRk.exe
  C:\Windows\System\SHNbvRk.exe
  2⤵
  PID:13972
- C:\Windows\System\hDjnlji.exe
  C:\Windows\System\hDjnlji.exe
  2⤵
  PID:14008
- C:\Windows\System\FebBeXX.exe
  C:\Windows\System\FebBeXX.exe
  2⤵
  PID:14032
- C:\Windows\System\sFCYiBj.exe
  C:\Windows\System\sFCYiBj.exe
  2⤵
  PID:14048
- C:\Windows\System\siOsMPz.exe
  C:\Windows\System\siOsMPz.exe
  2⤵
  PID:14076
- C:\Windows\System\lBbThYy.exe
  C:\Windows\System\lBbThYy.exe
  2⤵
  PID:14096
- C:\Windows\System\rvlmYRn.exe
  C:\Windows\System\rvlmYRn.exe
  2⤵
  PID:14116
- C:\Windows\System\cpRHEhu.exe
  C:\Windows\System\cpRHEhu.exe
  2⤵
  PID:14152
- C:\Windows\System\tQiheRs.exe
  C:\Windows\System\tQiheRs.exe
  2⤵
  PID:14168
- C:\Windows\System\DONIlIT.exe
  C:\Windows\System\DONIlIT.exe
  2⤵
  PID:14192
- C:\Windows\System\wUKPLTq.exe
  C:\Windows\System\wUKPLTq.exe
  2⤵
  PID:14212
- C:\Windows\System\zzsGfZN.exe
  C:\Windows\System\zzsGfZN.exe
  2⤵
  PID:14244
- C:\Windows\System\HZcGFPq.exe
  C:\Windows\System\HZcGFPq.exe
  2⤵
  PID:14272
- C:\Windows\System\ukNMBKK.exe
  C:\Windows\System\ukNMBKK.exe
  2⤵
  PID:14304
- C:\Windows\System\NudeAOx.exe
  C:\Windows\System\NudeAOx.exe
  2⤵
  PID:14328
- C:\Windows\System\HyvkmAx.exe
  C:\Windows\System\HyvkmAx.exe
  2⤵
  PID:1808
- C:\Windows\System\TQlahbv.exe
  C:\Windows\System\TQlahbv.exe
  2⤵
  PID:13388
- C:\Windows\System\teabGOL.exe
  C:\Windows\System\teabGOL.exe
  2⤵
  PID:13384
- C:\Windows\System\RixTbqR.exe
  C:\Windows\System\RixTbqR.exe
  2⤵
  PID:13472
- C:\Windows\System\OZQzDqu.exe
  C:\Windows\System\OZQzDqu.exe
  2⤵
  PID:12676
- C:\Windows\System\GHOnLVX.exe
  C:\Windows\System\GHOnLVX.exe
  2⤵
  PID:13556
- C:\Windows\System\jnsbekK.exe
  C:\Windows\System\jnsbekK.exe
  2⤵
  PID:13592
- C:\Windows\System\OOjRJHz.exe
  C:\Windows\System\OOjRJHz.exe
  2⤵
  PID:13656
- C:\Windows\System\wlseSSJ.exe
  C:\Windows\System\wlseSSJ.exe
  2⤵
  PID:13740
- C:\Windows\System\rOijQep.exe
  C:\Windows\System\rOijQep.exe
  2⤵
  PID:13772
- C:\Windows\System\rVGdCiO.exe
  C:\Windows\System\rVGdCiO.exe
  2⤵
  PID:13840
- C:\Windows\System\TiOvqge.exe
  C:\Windows\System\TiOvqge.exe
  2⤵
  PID:13924
- C:\Windows\System\EIziwYg.exe
  C:\Windows\System\EIziwYg.exe
  2⤵
  PID:13940
- C:\Windows\System\UiSLqqR.exe
  C:\Windows\System\UiSLqqR.exe
  2⤵
  PID:14088
- C:\Windows\System\NskGlbn.exe
  C:\Windows\System\NskGlbn.exe
  2⤵
  PID:14084
- C:\Windows\System\whSTQvd.exe
  C:\Windows\System\whSTQvd.exe
  2⤵
  PID:14224
- C:\Windows\System\ykJONMg.exe
  C:\Windows\System\ykJONMg.exe
  2⤵
  PID:14256
- C:\Windows\System\vnzUSqn.exe
  C:\Windows\System\vnzUSqn.exe
  2⤵
  PID:14288
- C:\Windows\System\IqyZBaV.exe
  C:\Windows\System\IqyZBaV.exe
  2⤵
  PID:13380
- C:\Windows\System\OkbQqyV.exe
  C:\Windows\System\OkbQqyV.exe
  2⤵
  PID:13276
- C:\Windows\System\OBPgqOA.exe
  C:\Windows\System\OBPgqOA.exe
  2⤵
  PID:2824
- C:\Windows\System\veNTFhu.exe
  C:\Windows\System\veNTFhu.exe
  2⤵
  PID:3900
- C:\Windows\System\IsESHRc.exe
  C:\Windows\System\IsESHRc.exe
  2⤵
  PID:13620
- C:\Windows\System\CMpSIcT.exe
  C:\Windows\System\CMpSIcT.exe
  2⤵
  PID:13712
- C:\Windows\System\mtCJMub.exe
  C:\Windows\System\mtCJMub.exe
  2⤵
  PID:13864
- C:\Windows\System\LKLQFWo.exe
  C:\Windows\System\LKLQFWo.exe
  2⤵
  PID:14204
- C:\Windows\System\ueBoAfq.exe
  C:\Windows\System\ueBoAfq.exe
  2⤵
  PID:13024
- C:\Windows\System\ucdEKSw.exe
  C:\Windows\System\ucdEKSw.exe
  2⤵
  PID:13572
- C:\Windows\System\kJDHykM.exe
  C:\Windows\System\kJDHykM.exe
  2⤵
  PID:14352
- C:\Windows\System\wfoPBNY.exe
  C:\Windows\System\wfoPBNY.exe
  2⤵
  PID:14372
- C:\Windows\System\LOFcCfa.exe
  C:\Windows\System\LOFcCfa.exe
  2⤵
  PID:14416
- C:\Windows\System\Yssoybs.exe
  C:\Windows\System\Yssoybs.exe
  2⤵
  PID:14436
- C:\Windows\System\JqYGYXD.exe
  C:\Windows\System\JqYGYXD.exe
  2⤵
  PID:14456
- C:\Windows\System\TlavjIw.exe
  C:\Windows\System\TlavjIw.exe
  2⤵
  PID:14480
- C:\Windows\System\sCDXmSI.exe
  C:\Windows\System\sCDXmSI.exe
  2⤵
  PID:14504
- C:\Windows\System\pFIMZGE.exe
  C:\Windows\System\pFIMZGE.exe
  2⤵
  PID:14528
- C:\Windows\System\reifHER.exe
  C:\Windows\System\reifHER.exe
  2⤵
  PID:14556
- C:\Windows\System\qoEYfbw.exe
  C:\Windows\System\qoEYfbw.exe
  2⤵
  PID:14588
- C:\Windows\System\vweABUM.exe
  C:\Windows\System\vweABUM.exe
  2⤵
  PID:14616
- C:\Windows\System\RXLdnHm.exe
  C:\Windows\System\RXLdnHm.exe
  2⤵
  PID:14656
- C:\Windows\System\HugzVtU.exe
  C:\Windows\System\HugzVtU.exe
  2⤵
  PID:14680
- C:\Windows\System\DpYSFkm.exe
  C:\Windows\System\DpYSFkm.exe
  2⤵
  PID:14712
- C:\Windows\System\cazIlOM.exe
  C:\Windows\System\cazIlOM.exe
  2⤵
  PID:14744
- C:\Windows\System\eacaAnu.exe
  C:\Windows\System\eacaAnu.exe
  2⤵
  PID:14760
- C:\Windows\System\hSZnAXH.exe
  C:\Windows\System\hSZnAXH.exe
  2⤵
  PID:14784
- C:\Windows\System\jrWcNXC.exe
  C:\Windows\System\jrWcNXC.exe
  2⤵
  PID:14812
- C:\Windows\System\CvlatYn.exe
  C:\Windows\System\CvlatYn.exe
  2⤵
  PID:14840
- C:\Windows\System\bkFGPZk.exe
  C:\Windows\System\bkFGPZk.exe
  2⤵
  PID:14864
- C:\Windows\System\ETcskic.exe
  C:\Windows\System\ETcskic.exe
  2⤵
  PID:14884
- C:\Windows\System\jqUqhJu.exe
  C:\Windows\System\jqUqhJu.exe
  2⤵
  PID:14916
- C:\Windows\System\MMuATUA.exe
  C:\Windows\System\MMuATUA.exe
  2⤵
  PID:14952
- C:\Windows\System\dGrCzKQ.exe
  C:\Windows\System\dGrCzKQ.exe
  2⤵
  PID:14968
- C:\Windows\System\sFfolHk.exe
  C:\Windows\System\sFfolHk.exe
  2⤵
  PID:15004
- C:\Windows\System\yEPWQFT.exe
  C:\Windows\System\yEPWQFT.exe
  2⤵
  PID:15044
- C:\Windows\System\aZQDYNC.exe
  C:\Windows\System\aZQDYNC.exe
  2⤵
  PID:15080
- C:\Windows\System\AIrZmHI.exe
  C:\Windows\System\AIrZmHI.exe
  2⤵
  PID:15104
- C:\Windows\System\BLAJYie.exe
  C:\Windows\System\BLAJYie.exe
  2⤵
  PID:15128
- C:\Windows\System\ReakJXn.exe
  C:\Windows\System\ReakJXn.exe
  2⤵
  PID:15160
- C:\Windows\System\ueoHodh.exe
  C:\Windows\System\ueoHodh.exe
  2⤵
  PID:15180
- C:\Windows\System\qnaHgta.exe
  C:\Windows\System\qnaHgta.exe
  2⤵
  PID:15196
- C:\Windows\System\dNRaSWd.exe
  C:\Windows\System\dNRaSWd.exe
  2⤵
  PID:15224
- C:\Windows\System\mgWVsmS.exe
  C:\Windows\System\mgWVsmS.exe
  2⤵
  PID:15256
- C:\Windows\System\DbIZhDg.exe
  C:\Windows\System\DbIZhDg.exe
  2⤵
  PID:15284
- C:\Windows\System\ZIKgBCl.exe
  C:\Windows\System\ZIKgBCl.exe
  2⤵
  PID:15312
- C:\Windows\System\DHlQnkE.exe
  C:\Windows\System\DHlQnkE.exe
  2⤵
  PID:15336
- C:\Windows\System\DWPzJaf.exe
  C:\Windows\System\DWPzJaf.exe
  2⤵
  PID:13604
- C:\Windows\System\hfHyDXm.exe
  C:\Windows\System\hfHyDXm.exe
  2⤵
  PID:13964
- C:\Windows\System\OiQXRsO.exe
  C:\Windows\System\OiQXRsO.exe
  2⤵
  PID:14396
- C:\Windows\System\SATxkEp.exe
  C:\Windows\System\SATxkEp.exe
  2⤵
  PID:14468
- C:\Windows\System\YscXTRS.exe
  C:\Windows\System\YscXTRS.exe
  2⤵
  PID:14540
- C:\Windows\System\zBYtHNN.exe
  C:\Windows\System\zBYtHNN.exe
  2⤵
  PID:14600
- C:\Windows\System\JcHFLoE.exe
  C:\Windows\System\JcHFLoE.exe
  2⤵
  PID:14636
- C:\Windows\System\xYjcsZI.exe
  C:\Windows\System\xYjcsZI.exe
  2⤵
  PID:14644
- C:\Windows\System\PIeFdMz.exe
  C:\Windows\System\PIeFdMz.exe
  2⤵
  PID:14668
- C:\Windows\System\NxYwWbZ.exe
  C:\Windows\System\NxYwWbZ.exe
  2⤵
  PID:14768
- C:\Windows\System\GnqtThh.exe
  C:\Windows\System\GnqtThh.exe
  2⤵
  PID:14836
- C:\Windows\System\wUlzoLl.exe
  C:\Windows\System\wUlzoLl.exe
  2⤵
  PID:14908
- C:\Windows\System\QIOlZFZ.exe
  C:\Windows\System\QIOlZFZ.exe
  2⤵
  PID:14964
- C:\Windows\System\xfjWYjE.exe
  C:\Windows\System\xfjWYjE.exe
  2⤵
  PID:14944
- C:\Windows\System\dcFUdkR.exe
  C:\Windows\System\dcFUdkR.exe
  2⤵
  PID:15208
- C:\Windows\System\MBOduNU.exe
  C:\Windows\System\MBOduNU.exe
  2⤵
  PID:15272
- C:\Windows\System\wTCdxeL.exe
  C:\Windows\System\wTCdxeL.exe
  2⤵
  PID:15212
- C:\Windows\System\YVvtsyO.exe
  C:\Windows\System\YVvtsyO.exe
  2⤵
  PID:15328
- C:\Windows\System\yZlwRON.exe
  C:\Windows\System\yZlwRON.exe
  2⤵
  PID:15348
- C:\Windows\System\DYUfHNz.exe
  C:\Windows\System\DYUfHNz.exe
  2⤵
  PID:14544
- C:\Windows\System\YAtXVKG.exe
  C:\Windows\System\YAtXVKG.exe
  2⤵
  PID:15356
- C:\Windows\System\hjpRjLq.exe
  C:\Windows\System\hjpRjLq.exe
  2⤵
  PID:14828
- C:\Windows\System\aTYRtyw.exe
  C:\Windows\System\aTYRtyw.exe
  2⤵
  PID:14740
- C:\Windows\System\ELzCDpV.exe
  C:\Windows\System\ELzCDpV.exe
  2⤵
  PID:15120
- C:\Windows\System\qVtDLjz.exe
  C:\Windows\System\qVtDLjz.exe
  2⤵
  PID:14464
- C:\Windows\System\cxxlDzN.exe
  C:\Windows\System\cxxlDzN.exe
  2⤵
  PID:14928
- C:\Windows\System\IuYYDYd.exe
  C:\Windows\System\IuYYDYd.exe
  2⤵
  PID:4104
- C:\Windows\System\JpivYwE.exe
  C:\Windows\System\JpivYwE.exe
  2⤵
  PID:15324
- C:\Windows\System\MAIlOCz.exe
  C:\Windows\System\MAIlOCz.exe
  2⤵
  PID:15384
- C:\Windows\System\qTeteak.exe
  C:\Windows\System\qTeteak.exe
  2⤵
  PID:15420
- C:\Windows\System\QGDksLD.exe
  C:\Windows\System\QGDksLD.exe
  2⤵
  PID:15444
- C:\Windows\System\FBpPYwu.exe
  C:\Windows\System\FBpPYwu.exe
  2⤵
  PID:15476
- C:\Windows\System\jvoPIop.exe
  C:\Windows\System\jvoPIop.exe
  2⤵
  PID:15512
- C:\Windows\System\dktdhGZ.exe
  C:\Windows\System\dktdhGZ.exe
  2⤵
  PID:15540
- C:\Windows\System\jFIzkKM.exe
  C:\Windows\System\jFIzkKM.exe
  2⤵
  PID:15564
- C:\Windows\System\zsrjaWJ.exe
  C:\Windows\System\zsrjaWJ.exe
  2⤵
  PID:15580
- C:\Windows\System\TrmJGoU.exe
  C:\Windows\System\TrmJGoU.exe
  2⤵
  PID:15608
- C:\Windows\System\zfKdjBs.exe
  C:\Windows\System\zfKdjBs.exe
  2⤵
  PID:15640
- C:\Windows\System\bLpxrTj.exe
  C:\Windows\System\bLpxrTj.exe
  2⤵
  PID:15660
- C:\Windows\System\FOsBdSV.exe
  C:\Windows\System\FOsBdSV.exe
  2⤵
  PID:15684
- C:\Windows\System\dAuZthX.exe
  C:\Windows\System\dAuZthX.exe
  2⤵
  PID:15708
- C:\Windows\System\NZFctHR.exe
  C:\Windows\System\NZFctHR.exe
  2⤵
  PID:15724
- C:\Windows\System\FiggQcO.exe
  C:\Windows\System\FiggQcO.exe
  2⤵
  PID:15756
- C:\Windows\System\oIbwjxs.exe
  C:\Windows\System\oIbwjxs.exe
  2⤵
  PID:15780
- C:\Windows\System\UaciKnB.exe
  C:\Windows\System\UaciKnB.exe
  2⤵
  PID:15796
- C:\Windows\System\tUzaXwM.exe
  C:\Windows\System\tUzaXwM.exe
  2⤵
  PID:15828
- C:\Windows\System\IbBaVbK.exe
  C:\Windows\System\IbBaVbK.exe
  2⤵
  PID:15880
- C:\Windows\System\GetNxPc.exe
  C:\Windows\System\GetNxPc.exe
  2⤵
  PID:15908
- C:\Windows\System\cVLuqKM.exe
  C:\Windows\System\cVLuqKM.exe
  2⤵
  PID:15952
- C:\Windows\System\xkQDYWk.exe
  C:\Windows\System\xkQDYWk.exe
  2⤵
  PID:15972
- C:\Windows\System\aEXqBsH.exe
  C:\Windows\System\aEXqBsH.exe
  2⤵
  PID:16000
- C:\Windows\System\JQNAnnI.exe
  C:\Windows\System\JQNAnnI.exe
  2⤵
  PID:16024
- C:\Windows\System\FMAINyv.exe
  C:\Windows\System\FMAINyv.exe
  2⤵
  PID:16052
- C:\Windows\System\eQNkVIu.exe
  C:\Windows\System\eQNkVIu.exe
  2⤵
  PID:16080
- C:\Windows\System\WNhcxTg.exe
  C:\Windows\System\WNhcxTg.exe
  2⤵
  PID:16096
- C:\Windows\System\cSOEQvD.exe
  C:\Windows\System\cSOEQvD.exe
  2⤵
  PID:16128
- C:\Windows\System\NHjoaGl.exe
  C:\Windows\System\NHjoaGl.exe
  2⤵
  PID:16152
- C:\Windows\System\XYnJftR.exe
  C:\Windows\System\XYnJftR.exe
  2⤵
  PID:16184
- C:\Windows\System\LcoNSeT.exe
  C:\Windows\System\LcoNSeT.exe
  2⤵
  PID:16204
- C:\Windows\System\wbGnzFE.exe
  C:\Windows\System\wbGnzFE.exe
  2⤵
  PID:16232
- C:\Windows\System\uhrfHNv.exe
  C:\Windows\System\uhrfHNv.exe
  2⤵
  PID:16256
- C:\Windows\System\wmMXYNW.exe
  C:\Windows\System\wmMXYNW.exe
  2⤵
  PID:16276
- C:\Windows\System\eiJBUPF.exe
  C:\Windows\System\eiJBUPF.exe
  2⤵
  PID:16304
- C:\Windows\System\ehCGjQD.exe
  C:\Windows\System\ehCGjQD.exe
  2⤵
  PID:16328
- C:\Windows\System\XItNvCG.exe
  C:\Windows\System\XItNvCG.exe
  2⤵
  PID:16360
- C:\Windows\System\XWTwRJW.exe
  C:\Windows\System\XWTwRJW.exe
  2⤵
  PID:15088
- C:\Windows\System\pDRluiV.exe
  C:\Windows\System\pDRluiV.exe
  2⤵
  PID:15380
- C:\Windows\System\OmsLgvD.exe
  C:\Windows\System\OmsLgvD.exe
  2⤵
  PID:14736
- C:\Windows\System\AiRySKO.exe
  C:\Windows\System\AiRySKO.exe
  2⤵
  PID:15464
- C:\Windows\System\bsZQxHK.exe
  C:\Windows\System\bsZQxHK.exe
  2⤵
  PID:15532
- C:\Windows\System\hTchzjh.exe
  C:\Windows\System\hTchzjh.exe
  2⤵
  PID:15560
- C:\Windows\System\cVJJKsb.exe
  C:\Windows\System\cVJJKsb.exe
  2⤵
  PID:15468
- C:\Windows\System\EtQAtgH.exe
  C:\Windows\System\EtQAtgH.exe
  2⤵
  PID:15440
- C:\Windows\System\AXGFGoa.exe
  C:\Windows\System\AXGFGoa.exe
  2⤵
  PID:15492
- C:\Windows\System\POVYABZ.exe
  C:\Windows\System\POVYABZ.exe
  2⤵
  PID:15676
- C:\Windows\System\kwBRRNZ.exe
  C:\Windows\System\kwBRRNZ.exe
  2⤵
  PID:15840
- C:\Windows\System\atBuIHX.exe
  C:\Windows\System\atBuIHX.exe
  2⤵
  PID:15752
- C:\Windows\System\CuErROE.exe
  C:\Windows\System\CuErROE.exe
  2⤵
  PID:15792
- C:\Windows\System\PuxGzTl.exe
  C:\Windows\System\PuxGzTl.exe
  2⤵
  PID:15900
- C:\Windows\System\pnObkGV.exe
  C:\Windows\System\pnObkGV.exe
  2⤵
  PID:16012
- C:\Windows\System\JJigbsq.exe
  C:\Windows\System\JJigbsq.exe
  2⤵
  PID:15940
- C:\Windows\System\GZmbHpp.exe
  C:\Windows\System\GZmbHpp.exe
  2⤵
  PID:15980
- C:\Windows\System\RvLbxui.exe
  C:\Windows\System\RvLbxui.exe
  2⤵
  PID:16176
- C:\Windows\System\gzOZKZN.exe
  C:\Windows\System\gzOZKZN.exe
  2⤵
  PID:16376
- C:\Windows\System\CuhBqrf.exe
  C:\Windows\System\CuhBqrf.exe
  2⤵
  PID:14584
- C:\Windows\System\emsYtfz.exe
  C:\Windows\System\emsYtfz.exe
  2⤵
  PID:15680
- C:\Windows\System\WWuMDNr.exe
  C:\Windows\System\WWuMDNr.exe
  2⤵
  PID:16348
- C:\Windows\System\dfyJxsx.exe
  C:\Windows\System\dfyJxsx.exe
  2⤵
  PID:15064
- C:\Windows\System\gMIHThs.exe
  C:\Windows\System\gMIHThs.exe
  2⤵
  PID:15996
- C:\Windows\System\suTzaTh.exe
  C:\Windows\System\suTzaTh.exe
  2⤵
  PID:15592
- C:\Windows\System\UpGgFRm.exe
  C:\Windows\System\UpGgFRm.exe
  2⤵
  PID:16008
- C:\Windows\System\ltqZkVX.exe
  C:\Windows\System\ltqZkVX.exe
  2⤵
  PID:16368
- C:\Windows\System\tRfKDGf.exe
  C:\Windows\System\tRfKDGf.exe
  2⤵
  PID:15068
- C:\Windows\System\hQRfnDt.exe
  C:\Windows\System\hQRfnDt.exe
  2⤵
  PID:16400
- C:\Windows\System\lUCkgCo.exe
  C:\Windows\System\lUCkgCo.exe
  2⤵
  PID:16424
- C:\Windows\System\SyGStjq.exe
  C:\Windows\System\SyGStjq.exe
  2⤵
  PID:16460
- C:\Windows\System\TtzvHhK.exe
  C:\Windows\System\TtzvHhK.exe
  2⤵
  PID:16500
- C:\Windows\System\YHLTxtc.exe
  C:\Windows\System\YHLTxtc.exe
  2⤵
  PID:16536
- C:\Windows\System\DTDRwxO.exe
  C:\Windows\System\DTDRwxO.exe
  2⤵
  PID:16560
- C:\Windows\System\fusYyiF.exe
  C:\Windows\System\fusYyiF.exe
  2⤵
  PID:16580
- C:\Windows\System\mNbKiTt.exe
  C:\Windows\System\mNbKiTt.exe
  2⤵
  PID:16612
- C:\Windows\System\XlIiSgf.exe
  C:\Windows\System\XlIiSgf.exe
  2⤵
  PID:16644
- C:\Windows\System\pUIRrUf.exe
  C:\Windows\System\pUIRrUf.exe
  2⤵
  PID:16676
- C:\Windows\System\xwEQpfz.exe
  C:\Windows\System\xwEQpfz.exe
  2⤵
  PID:16696
- C:\Windows\System\MvGAkkM.exe
  C:\Windows\System\MvGAkkM.exe
  2⤵
  PID:16736
- C:\Windows\System\ciKmNXK.exe
  C:\Windows\System\ciKmNXK.exe
  2⤵
  PID:16752
- C:\Windows\System\RAjNFwi.exe
  C:\Windows\System\RAjNFwi.exe
  2⤵
  PID:16788
- C:\Windows\System\KuhXnFH.exe
  C:\Windows\System\KuhXnFH.exe
  2⤵
  PID:16812
- C:\Windows\System\LwFhGDl.exe
  C:\Windows\System\LwFhGDl.exe
  2⤵
  PID:16840
- C:\Windows\System\lwCTDFc.exe
  C:\Windows\System\lwCTDFc.exe
  2⤵
  PID:16872
- C:\Windows\System\JCymAPj.exe
  C:\Windows\System\JCymAPj.exe
  2⤵
  PID:16892
- C:\Windows\System\OkIMrwW.exe
  C:\Windows\System\OkIMrwW.exe
  2⤵
  PID:16932
- C:\Windows\System\tgsXlgQ.exe
  C:\Windows\System\tgsXlgQ.exe
  2⤵
  PID:16948
- C:\Windows\System\AkVdKXp.exe
  C:\Windows\System\AkVdKXp.exe
  2⤵
  PID:16988
- C:\Windows\System\aHZASFz.exe
  C:\Windows\System\aHZASFz.exe
  2⤵
  PID:17008
- C:\Windows\System\PekwvES.exe
  C:\Windows\System\PekwvES.exe
  2⤵
  PID:17264
- C:\Windows\System\PXSvIBG.exe
  C:\Windows\System\PXSvIBG.exe
  2⤵
  PID:17280
- C:\Windows\System\AbOlLkG.exe
  C:\Windows\System\AbOlLkG.exe
  2⤵
  PID:17308
- C:\Windows\System\jsNRHhh.exe
  C:\Windows\System\jsNRHhh.exe
  2⤵
  PID:17324
- C:\Windows\System\AgCYwQu.exe
  C:\Windows\System\AgCYwQu.exe
  2⤵
  PID:16264
- C:\Windows\System\GrJjWQh.exe
  C:\Windows\System\GrJjWQh.exe
  2⤵
  PID:16336
- C:\Windows\System\xKZQEQG.exe
  C:\Windows\System\xKZQEQG.exe
  2⤵
  PID:16796
- C:\Windows\System\dohSThV.exe
  C:\Windows\System\dohSThV.exe
  2⤵
  PID:17048
- C:\Windows\System\OpmYvqA.exe
  C:\Windows\System\OpmYvqA.exe
  2⤵
  PID:17096
- C:\Windows\System\SOYYSpg.exe
  C:\Windows\System\SOYYSpg.exe
  2⤵
  PID:17152
- C:\Windows\System\bToMjYi.exe
  C:\Windows\System\bToMjYi.exe
  2⤵
  PID:17216
- C:\Windows\System\arrfRPX.exe
  C:\Windows\System\arrfRPX.exe
  2⤵
  PID:17172
- C:\Windows\System\IBqwXba.exe
  C:\Windows\System\IBqwXba.exe
  2⤵
  PID:17208
- C:\Windows\System\VqTwTDv.exe
  C:\Windows\System\VqTwTDv.exe
  2⤵
  PID:17240
- C:\Windows\System\KqXAdRN.exe
  C:\Windows\System\KqXAdRN.exe
  2⤵
  PID:17336
- C:\Windows\System\iMyJsHO.exe
  C:\Windows\System\iMyJsHO.exe
  2⤵
  PID:17356

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 2108 -i 2108 -h 420 -j 428 -s 528 -d 0
1⤵
PID:16528

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:17072

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16448

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1196

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16180

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17192

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2096

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BEXHdBX.exe

Filesize
1.8MB

MD5
25f3bc9249b41cb2176d2cb8bce3deee

SHA1
c44b6112598f3320608d9f3f26422f9c5654898a

SHA256
114e41adfd5f43208d6ec1a46387ae7b45aae8f2ac57b7bcde9ff282fabb16b4

SHA512
c210f03417e0033e9738f1eae688b72f027aef9222d2f3bc8fa3fdd8d1a14bdc9a9ec68ea5e0e5d88413eb20b03fb59f0d2ac6bc04a8396283cd557635509bf0

Download Submit
C:\Windows\System\BQGVDsH.exe

Filesize
1.8MB

MD5
adc5f1648337e70b327cb0d98fd5664f

SHA1
4580daf003bddb5a9053c532e16f6e18fb35371b

SHA256
8134e053e1a81fcafeb0c9823ab0d88c3bb77f224ee587660caeabacaca3b2ee

SHA512
79ce73ed2fc8b48dd06702b85da352f63c827773e7198c33978ffd92cff1f5fd240a7cc7c6dcf6f3fd5184195394f7255877ae69aba0a238a367f95d8be040d9

Download Submit
C:\Windows\System\CgUzsgx.exe

Filesize
1.8MB

MD5
937ca0971f18719ac89885cdf54c697c

SHA1
5415f23ab3c30af96203f3eb0d878e846e324de1

SHA256
2f414b307124741000d04e1a655602239ca10d13e09929eebdb89229e16380b8

SHA512
ac2d73a67a9a50e49b6a20bcc6fa3ee3b9737204afc3883101df1fa6343eac8b5ad7a7aa1644165a1e5d4c0636a06deca0b32254b6acc4997a6a2c4015393fe9

Download Submit
C:\Windows\System\HPJlmZw.exe

Filesize
1.8MB

MD5
a48318d937ad1350a42991df5ad27fdc

SHA1
c6ce83fc9afecdf718bf4abb4a16e8a72e3644c0

SHA256
eed9cb4fd7a7bc74bb40d6944f72abcccdc7600a1d25c078f0f6ffd3bf3708fa

SHA512
0d4bed3f4d989c641efd19635250df301c8f7be9be5e5074eea7b54ed91d3b382c77a3c8d5e02f8992f16d518ce23780c3283ea90d934de592f2a91cf1b45e69

Download Submit
C:\Windows\System\IFnprbK.exe

Filesize
1.8MB

MD5
d5a6be6c51283928935da1e623d233a5

SHA1
2ab5720bb0f420a729d4b7d266d503217818dafb

SHA256
d0300704eecef4d6b8118c904d528b52cc0d06ca4ffed525ae28891e0f8a219f

SHA512
642ca1941004988aa803bfd618017415688c91740cdff1ebb05237a7146b279f8428f89658e0344737c49f3909efe10b692c0d1b24d4b8a3f004377a57193d1a

Download Submit
C:\Windows\System\KTxDyMc.exe

Filesize
1.8MB

MD5
51d42426eec9cf61b489cb1040e9cbd4

SHA1
fa34a63af0b5673b290ea789c6baeabbdea378ab

SHA256
5d9401e97e32ae4dcff1d1354fcc4bb68ddd43e5809f202c586d1002664ae090

SHA512
e085fca55b58fc53bef75b3ffa8fc39db6cffbd4524d5888d8ccb5100403f3c0773dc8194044696eae85f4e0726761d01b9832cfc16859c6805598d61633e19e

Download Submit
C:\Windows\System\MMZiscv.exe

Filesize
1.8MB

MD5
c01babf031c99d32c934c136128f6c99

SHA1
4af69b952783f2fe6eafadff4472c870cf95788c

SHA256
a4c8cd3c3529e339e0c129d796431d67a61251e55970bcaf230d132579a54e44

SHA512
e7d16a88a96156c9cbc66120a10458699eb111fce0ca7560d779c32d5a49ca785d275a2700cecf4823cb3dfa66fb20117fa2701409c76d4037377ec1f123d6e3

Download Submit
C:\Windows\System\MQRNRAV.exe

Filesize
1.8MB

MD5
b95c263c4e4fb2f4bcf1d3f85a3931dd

SHA1
3db45581a1d915c8c4e631f3ca46bca05a9e6bf1

SHA256
aa1e1f5c10d27fd54d05be0c1cd7c21f023e3bf27f014e9296f6a7f728be6a0b

SHA512
1bd818ab6e690fbc0abc3900bccd9c21eb066090d8438824b161ef8863cb01201db35bebc810fb45b0c3afe263b7b8b0c19c005770e789c8320efe111a257c2f

Download Submit
C:\Windows\System\QFOEsNf.exe

Filesize
1.8MB

MD5
1e904274451a9ab13a0a7a3451597abb

SHA1
aea170315a9de5750fb3544e84abcf25382ca757

SHA256
4bf4d0e87a9068c0ef1f774de69b6afce861e6a8ee9e14a7cdbb2fed3fba717c

SHA512
e6db4d41f82cc6b8277f60da14c511258eca816ed409ab3431ed236b50b9c657e312b40b4f7f81973c2e64427271c3efdadb2c3117fc639dabcef778602a2bb8

Download Submit
C:\Windows\System\Ryzbdgb.exe

Filesize
1.8MB

MD5
2cd690818bfd5ae053817b6f83a45981

SHA1
0705ee34eb78da5204feb16acc14fbee0a9e9554

SHA256
319d67959b58102b347e40fbe7e5ccee0671f77966afc37f522a5a185cc2d2e8

SHA512
59d7fa5653310fd70ba96c8b5ba691812bd71594fa71e03dc62c593b9c4a6b6668972c041afe5d44963f3af3d097605c2a710b7fb4222c69b9a6a466149e8f29

Download Submit
C:\Windows\System\SItFsID.exe

Filesize
1.8MB

MD5
52956841317f6dc7e4174ef888ea8e7c

SHA1
0b071eb9b16498c24e20c6a1561486525e304689

SHA256
1a25170d9b98288dcfdbd4a554f87640603919a57e26fe45d2d7f63d04da3dd9

SHA512
2f1298f741507010c8a5d9fd258796e4302b422a569d5003454782a3a3fe2378b7a49f61d7906bfb07c6f7cf287e413d2fa59778b2b620c9526c946b24e2c247

Download Submit
C:\Windows\System\TnhFkov.exe

Filesize
1.8MB

MD5
6f6b9308e8e69b7a4690c76973469db7

SHA1
dccbd59af7a274df7ea5e334c28534486b08095d

SHA256
2884039c94e748d6396262e0d53293441a829222b86e459e5bee76984841c2c6

SHA512
43abafad0ef8ddcb3e6eeecb366fbd2129400371c98cce8210558c347bf3b77339e9034a1ea9a3d70de06af310f53de368bde9dc93ba48b5b3724aa38e933917

Download Submit
C:\Windows\System\XryPXLv.exe

Filesize
1.8MB

MD5
137629011e8339a986dc6723e924edd1

SHA1
238e366be875e76a3dd486ebe089291641bfc8bb

SHA256
0ad3d2ac2b528fe8b0aede3ceabcb0ce8dce0091376e1198b8ffba4f1aa7c697

SHA512
081142fae9d4cb9d7e68646ab66129999dadddbe09f1ab4e2e495ee45e600e4067144dde95a01c93b0f5386c7f655431a7bf8e1f1831572a279255d54d9694a1

Download Submit
C:\Windows\System\bBLzsDF.exe

Filesize
1.8MB

MD5
6024228d3859522cd8f404d4ba7437f0

SHA1
d08a5d8a2be32167ae72c4bc79a90b19f12799b0

SHA256
79f40c71a75f179fcfd55acb95fc15ee0feb94787f698fbc6af7644388080fe6

SHA512
c81f638040fb9ff600978e89ede4bd799448fc8518849a9dd0033995a8c39da7f68c8461e53aed74823b64aa275c32763c4c403b145a6df5bddb50b3c13b7419

Download Submit
C:\Windows\System\cFqNHjY.exe

Filesize
1.8MB

MD5
5b1fb0d70ea1d3bfc2de743035e2fc0a

SHA1
dd4412f146482b41deb5ab6b126e7d2cc76ef787

SHA256
64787387f75c7fc72ea649b1ad02c155f10cdfc86b2a34e11c4faadf36a49dda

SHA512
1177bdec14f316cb7e2e3b3e73f74686e2a4a72f0f2a7f6229fbdc4f2d56b8fc054dcb033c0b3bc64a88f9942b84661d4f86f143b87c150edc96238295198039

Download Submit
C:\Windows\System\cKlkHJY.exe

Filesize
1.8MB

MD5
442ea71df2daa593207c08d16c33f1bc

SHA1
96ddf59266e16ac17c1b81ae64cdc5ceeb2a4b94

SHA256
be8e9a92e06bcffa19335034647bee95a6df6956ef974997dac662cb331b91e0

SHA512
9d82065fe0a72a31be515152317df9a86b5590446b5f9fcba6940f9028533363a3ab45cf650862d72482eae9003da48a9212e4f6b98152a9035d012fe90bb4e0

Download Submit
C:\Windows\System\dEzbmQz.exe

Filesize
1.8MB

MD5
0a3300421c933f5bbba0532865df5731

SHA1
1cd7051a0a184ae9f2692ad2bb2589218b34e9a9

SHA256
e3c01a9c7de104525bb8e9bb10b713a01bde0780afc2bf408a62479ce63de001

SHA512
c3528b83542ac961d63f3f181094934c79e1666d40dceab0a1f4b25f82aa906100c918a1b37f1d8fc3888c4c24f859ce4c3a7c239038cd4dcaa3eb9c1d4852de

Download Submit
C:\Windows\System\eExerCK.exe

Filesize
1.8MB

MD5
b9e16fb33f0e693648a5df37f7402946

SHA1
b8d7d6e2464563041cef9cbc1cc637d593ac9aa6

SHA256
e748ee6a3fcc2aa38254fa55deae93d465708494a66c663ead6244287929102d

SHA512
ab56d7055770fd11a3decf1debf711466b470435afc3a4b276992bbebdc3eb732c455574990a9ea9fea305a247b76ca0f17ea661f29c26378f2bfebfbb908bc9

Download Submit
C:\Windows\System\gkiXhbe.exe

Filesize
1.8MB

MD5
f1195f1698e7f97d846ba3a80950bc77

SHA1
446152c6cad3c38538f0157dbdc63d1b67a28680

SHA256
f1163427446dfdfe6db1a9f90af0d989659313f0a447d9ae9beae62955049245

SHA512
3d505ab584737ece14a2bbe96dbe58f5e27e009e109b08063fe9b2c92adbc9e8f69d69873837ef4dae16a562226de0a9461a87afda06e90540b8d0f4fb99e4bf

Download Submit
C:\Windows\System\gqfVYpC.exe

Filesize
1.8MB

MD5
31742c22e210f83a13ec1a031879d52f

SHA1
bf1b29bd928fdc7f1cc5316c32e9c9204b55a665

SHA256
8f7f62ff70bf3b2f6f4d6add0e9a31712adb3668519177e6e57c3b42769d4170

SHA512
166d0eb3c02cee8c28d9abc4d70814e8f8ebe6f2cf3b63c4fc065011ac6e3d447f9cb404985ea2683f54d9dc8661036ad2a84f338557e0468dcca4eba7e21325

Download Submit
C:\Windows\System\ijRQwTF.exe

Filesize
1.8MB

MD5
6e6c77c3e122f2e711c2213d3b2c5bb0

SHA1
1848661314a934a48ad873cf45c0fe3f570cc468

SHA256
1ddeb23145cbac358eab1cfebb706d8234128ec6ba4ff1138fe314ab86c4a172

SHA512
08bfbed92e7a1cd02881b94e8e504dd35c6569bb7bf61851cd6fa765f6cc984118d01d1b38c6b1ea52af0aa11e6748645c58cbbdd8d6540ec3bc6720830f1e2d

Download Submit
C:\Windows\System\jrGGAkA.exe

Filesize
1.8MB

MD5
b62123bf36c5c94e9e92ad5c8780f5ad

SHA1
17e7f7039c8f14a20934ed450c3572893d893d2e

SHA256
6fdd3d1a17ac07aa96cf786ed95187fffb2837ce46f93a71f0014d47ead2a492

SHA512
20e8b37565525aafe209fb5da8f56a95aeaceda2d8cf080d2614bdded5157950ce8bcf9efae9242e292681436048abec37e248279efc0f883b75069d02254015

Download Submit
C:\Windows\System\mTqmUsa.exe

Filesize
1.8MB

MD5
bbcf64ae946691b7e938779d16ebe59f

SHA1
20c25e4fdd0f8a2461098a5794f0ff9d4a4abee4

SHA256
f49403dfdd84a03bde02244af68d667b3f97fe83858e922793cb8a63551898ca

SHA512
67ec3dca224f2abbb766b4b3aa14c316e9af1d9dad02dc4b07f375882abe2976ae3c38043efac41d7eead9fec40e81d385693b666d76b6a29dcfc2acd698cc28

Download Submit
C:\Windows\System\nlAewGH.exe

Filesize
1.8MB

MD5
0686ec0f5bdcc8d6b818beb9b6ea7003

SHA1
63309fad06a45a0fc006edb2f6d363ae6a9f5d6b

SHA256
eb9efe5c4a0fcdba903dc1a180805b11ef4610a4de43e752b7ba63538280114b

SHA512
9606fd7182cb11bf2ee6af22334e0a406d356dbbd25bfbf6f809b404a9bfbcf772535c6cf12162a64126eeb1e93e408ef322d6cc9534cdc3b79039572cc3ae16

Download Submit
C:\Windows\System\srzsWcX.exe

Filesize
1.8MB

MD5
af5e9b4a7caabd5cc70e94219f5401f1

SHA1
3fd702cdfda508dbcc04b51777cbdb109077f37c

SHA256
aac7f6ca4e5b042392a0963f6dfb9db7e3fcd863c20644dda66428c150ccdbfb

SHA512
807e5a76648e070fa50081e90009965bbd7c361bf7bd3de1d54571ef3e265224524596073cce2ac2142dec001e100b26525a4ed658c5ac95c4f9499236a85206

Download Submit
C:\Windows\System\tXzgLVA.exe

Filesize
1.8MB

MD5
142bca67bf599d3764db513ab4a2c23d

SHA1
5e5bdb613c917e8a39a9d209f4ba44cf43fc54a2

SHA256
995960a1607e4407cacb5fecf2e60d020c20293d97cd6dcf16521400f3d85a26

SHA512
210e21bccbdf35fc1b2a6e4ae950f18b8317eced24db27326f7f6556a9787f08457f10e6b62f17d92070edfc506fce48a851e02d917da3fce2cb5e1e2a02b0d4

Download Submit
C:\Windows\System\uLIboAN.exe

Filesize
1.8MB

MD5
711f9848eaa2b3febd9534dd51225e43

SHA1
45fca3244d453db4a14618ecf2b43fe8e09f37ce

SHA256
b5fbe169e1f43ca69511b789f5f552779e7917aa77dd01e31acb5d76ced27eca

SHA512
ef188c83a9f4847b00efe050fae0d7a984eaf785afa00410538517cff2148010c994811fa6ed95541dbe6658a79be05d9fce51fc15ec989f826896fbe538d801

Download Submit
C:\Windows\System\uOCFSZu.exe

Filesize
1.8MB

MD5
dbe6628302696c70f26fec94614738b1

SHA1
d13d4cfae4feaaf0b3ad5576c77db894fac211f1

SHA256
41b116e0b023e6779103ff57cd30ab52fabdea0aa1d09f65f9980df0bb284f67

SHA512
cb1f2c419a56dd74326e4fd038ccf9424ee1fe43eb3ff96fa8e69400327ebc71dc9e64f1aecf3647f05cd36387804cab5dccca8f0881e7fa759361ccc37303c4

Download Submit
C:\Windows\System\vkWpslu.exe

Filesize
1.8MB

MD5
031d03032246b98fd594656c043700c2

SHA1
bc63a180a33aef5a3578fbf4d0c7479c8f64e867

SHA256
abd4c27059705f0d35aedc5af69b67f362804444818b51a17fa89c40d9ce2f37

SHA512
a912b141a6a45343549443e3a68f220d2e4b5e680de3a01254e8331b2c779adcb17b52795e085b277249e645b5016751c804a6650f6890ff86221680b9db5ff2

Download Submit
C:\Windows\System\wLdbWMD.exe

Filesize
1.8MB

MD5
e47c5a8e789c366a167a29cba912ee8c

SHA1
46b9ec41e7d150018f7ea4ffe81835ba2b1d84a2

SHA256
7095c1fccd7c7d8b627a3c7184aa4a7da5c1a9cb98468e576a1099a5b0b82d0f

SHA512
2a33e12095f89ed690b41323c7c885b89242501843ddae9b3dd1f085dee0e42ec69b78955a7c7719a5394075e02e1d3b5bd860fb39e63b077b9378cb37c6ac62

Download Submit
C:\Windows\System\wTVJsnz.exe

Filesize
1.8MB

MD5
282df0b11862d5cb90c8cc5938560bac

SHA1
aadf2c7e9734bc6f6ad2e8d9fced54208a78b85c

SHA256
14cc4bb5079b19ad393d06b03be5e42a975f6ccb3f1daff39d0391de6ab02a66

SHA512
a34b136b7b2ca503c0a3e44308f653961f47cc0cf558f92db19e2b58ff01bdff289dace155a25da1af4fe3087b0050fe2594277b6508d5134fed2bfd460d5d52

Download Submit
C:\Windows\System\wUaPRbD.exe

Filesize
1.8MB

MD5
d95a28aefbe25c05762041e1c02b084d

SHA1
8b37838a8bdd80979910575e624b4f2d88cfb684

SHA256
46bb7019de66a53550ef1d2a98d2bfafc170e33866f55fcd023b9e52a4ab0e81

SHA512
a51d2b7c8ea03cc021d39c3e46bae9c37ca29e194aa0ad9ec2188e37328262b5fa3b0e2f97773ec433fa00579222ad277ef11e6a0d0aa852e1e3de0d67a216e1

Download Submit
memory/2216-0-0x000001C2EEF90000-0x000001C2EEFA0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads