xmrig | 4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2025, 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
Size

1.7MB
MD5

1639155649ae69f2d523f83905587122
SHA1

741807289576b34b51defca4a4f34b7ee7f995b1
SHA256

4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247
SHA512

035ae868c60001088b0857912dcecacd464113af6617dcf88893c5f490e88da2ef960c5e8e82ee9eb6c61bad5663e258567ed207e3693fe04a4b0537ce58f5f6
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9ozttwIRxA1Mc2Zb90z:GemTLkNdfE0pZyA

Score

10^/10

xmrig miner

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x000c000000023ae5-3.dat	xmrig
behavioral2/files/0x000a000000023b39-8.dat	xmrig
behavioral2/files/0x000b000000023b38-9.dat	xmrig
behavioral2/files/0x000a000000023b3b-25.dat	xmrig
behavioral2/files/0x000a000000023b3e-40.dat	xmrig
behavioral2/files/0x000a000000023b3f-48.dat	xmrig
behavioral2/files/0x000a000000023b42-62.dat	xmrig
behavioral2/files/0x000a000000023b50-132.dat	xmrig
behavioral2/files/0x000b000000023b57-162.dat	xmrig
behavioral2/files/0x000a000000023b55-158.dat	xmrig
behavioral2/files/0x000a000000023b56-157.dat	xmrig
behavioral2/files/0x000a000000023b54-153.dat	xmrig
behavioral2/files/0x000a000000023b53-148.dat	xmrig
behavioral2/files/0x000a000000023b52-143.dat	xmrig
behavioral2/files/0x000a000000023b51-138.dat	xmrig
behavioral2/files/0x000a000000023b4f-128.dat	xmrig
behavioral2/files/0x000a000000023b4e-122.dat	xmrig
behavioral2/files/0x000a000000023b4d-118.dat	xmrig
behavioral2/files/0x000a000000023b4c-112.dat	xmrig
behavioral2/files/0x000a000000023b4b-108.dat	xmrig
behavioral2/files/0x000a000000023b4a-102.dat	xmrig
behavioral2/files/0x000a000000023b49-98.dat	xmrig
behavioral2/files/0x000a000000023b48-92.dat	xmrig
behavioral2/files/0x000a000000023b47-88.dat	xmrig
behavioral2/files/0x000a000000023b46-83.dat	xmrig
behavioral2/files/0x000a000000023b45-78.dat	xmrig
behavioral2/files/0x000a000000023b44-72.dat	xmrig
behavioral2/files/0x000a000000023b43-68.dat	xmrig
behavioral2/files/0x000a000000023b41-58.dat	xmrig
behavioral2/files/0x000a000000023b40-53.dat	xmrig
behavioral2/files/0x000a000000023b3d-38.dat	xmrig
behavioral2/files/0x000a000000023b3c-33.dat	xmrig
behavioral2/files/0x000a000000023b3a-20.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1952	RRghJyN.exe
4560	arVJogK.exe
2448	DamsmOt.exe
4516	HTmmrPP.exe
2036	QWGficG.exe
1492	YqOzhOr.exe
4956	CrDTKYZ.exe
2092	MkRgJMv.exe
3016	ZeVCUrE.exe
2404	RSvEViS.exe
2596	YpQyrBF.exe
1084	JxBxzps.exe
1604	VeNkgmn.exe
2472	tBEXPjc.exe
3212	YaemRLH.exe
2104	gqBxzQq.exe
2912	ZGXlIco.exe
1868	jZRmiST.exe
1108	EtRCNdT.exe
2196	kqJtCas.exe
2700	Fuulzti.exe
3036	PanXyoa.exe
4936	pGsgMrR.exe
2056	hikLRQt.exe
1088	MbSeykG.exe
1368	pPGkves.exe
2780	UMrpKWn.exe
4124	bfPhdYB.exe
1704	xIeCDXw.exe
3968	OdbAHev.exe
1996	lNZNdNE.exe
624	ksQZMyU.exe
1176	IVuybRb.exe
448	YkaPbow.exe
544	MmAHZkM.exe
816	VNJQNxN.exe
4544	wtxqiFr.exe
4664	ADWrzlJ.exe
4880	KREIwtL.exe
232	EjuLpDF.exe
3440	gTdqOts.exe
5012	nxeewmH.exe
2612	rLgzhow.exe
704	qQnNfRo.exe
5052	KgkmaUD.exe
208	oqCsUpj.exe
696	yQvoshp.exe
2184	jvNfyVY.exe
4876	LHQYKhQ.exe
4848	aAuKXET.exe
4568	bDzxXPF.exe
1548	TysGanK.exe
2688	msjZJJx.exe
3436	SpXItIL.exe
3512	dbtRwNj.exe
3280	GeEqeRY.exe
3524	qDDojUW.exe
2140	OhPhGRL.exe
5032	OMcmZDf.exe
4044	rtHqofe.exe
3096	zkAHGGW.exe
592	aetkRxW.exe
3580	nsmsFVs.exe
2004	zQCItms.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NmtQtWa.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\MZfLpdd.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\XMSbFzp.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\YxOnQef.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\bfPhdYB.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\goGYNfK.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\XNVynHr.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\GLEnUGB.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\yQvoshp.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\jvNfyVY.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\CBuffzM.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\RqyMfNU.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\vrelkYs.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\dOKGKZc.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\kiPNNGD.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\RiqGEoY.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\iLNTiFf.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\TSIAKJN.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\gTdqOts.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\QdmoVzo.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\pPwmBqC.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\KlQqBuw.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\oARcUOM.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\RRmaLsW.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\baXtaPh.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\gjtZZFo.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\djrjofu.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\DqZsCLm.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\JKRhivF.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\rNZFRwF.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\YUuKkzU.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\BQhfiKt.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\HSdQfuo.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\CRbofxR.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\VkFwqWS.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\ymQKZvq.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\lyzcjYM.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\OnhRcED.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\lhWZwCm.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\DUUsoSz.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\Jpwatlb.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\hikLRQt.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\eLkXhXt.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\HlhFKjx.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\XLLbfIL.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\ksQZMyU.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\GvFAKLc.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\SpXItIL.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\TQvCtLH.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\gAPEpOV.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\pKZGvXU.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\qfEwofF.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\MgczQIl.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\SkTewqP.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\oCvKNgh.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\BCGktpF.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\LRXngMm.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\DnKsFeg.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\SzWFPUc.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\ruePnCR.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\qIPxLis.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\lSVZQKa.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\NiiIyNy.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
File created	C:\Windows\System\dWPPsII.exe	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16396	dwm.exe
Token: SeChangeNotifyPrivilege	16396	dwm.exe
Token: 33	16396	dwm.exe
Token: SeIncBasePriorityPrivilege	16396	dwm.exe
Token: SeCreateGlobalPrivilege	17444	dwm.exe
Token: SeChangeNotifyPrivilege	17444	dwm.exe
Token: 33	17444	dwm.exe
Token: SeIncBasePriorityPrivilege	17444	dwm.exe
Token: SeCreateGlobalPrivilege	17620	dwm.exe
Token: SeChangeNotifyPrivilege	17620	dwm.exe
Token: 33	17620	dwm.exe
Token: SeIncBasePriorityPrivilege	17620	dwm.exe
Token: SeCreateGlobalPrivilege	17756	dwm.exe
Token: SeChangeNotifyPrivilege	17756	dwm.exe
Token: 33	17756	dwm.exe
Token: SeIncBasePriorityPrivilege	17756	dwm.exe
Token: SeCreateGlobalPrivilege	17864	dwm.exe
Token: SeChangeNotifyPrivilege	17864	dwm.exe
Token: 33	17864	dwm.exe
Token: SeIncBasePriorityPrivilege	17864	dwm.exe
Token: SeCreateGlobalPrivilege	17960	dwm.exe
Token: SeChangeNotifyPrivilege	17960	dwm.exe
Token: 33	17960	dwm.exe
Token: SeIncBasePriorityPrivilege	17960	dwm.exe
Token: SeShutdownPrivilege	17960	dwm.exe
Token: SeCreatePagefilePrivilege	17960	dwm.exe
Token: SeShutdownPrivilege	17960	dwm.exe
Token: SeCreatePagefilePrivilege	17960	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1952	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	84
PID 1192 wrote to memory of 1952	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	84
PID 1192 wrote to memory of 4560	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	85
PID 1192 wrote to memory of 4560	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	85
PID 1192 wrote to memory of 2448	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	86
PID 1192 wrote to memory of 2448	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	86
PID 1192 wrote to memory of 4516	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	90
PID 1192 wrote to memory of 4516	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	90
PID 1192 wrote to memory of 2036	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	91
PID 1192 wrote to memory of 2036	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	91
PID 1192 wrote to memory of 1492	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	92
PID 1192 wrote to memory of 1492	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	92
PID 1192 wrote to memory of 4956	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	93
PID 1192 wrote to memory of 4956	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	93
PID 1192 wrote to memory of 2092	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	94
PID 1192 wrote to memory of 2092	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	94
PID 1192 wrote to memory of 3016	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	95
PID 1192 wrote to memory of 3016	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	95
PID 1192 wrote to memory of 2404	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	96
PID 1192 wrote to memory of 2404	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	96
PID 1192 wrote to memory of 2596	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	97
PID 1192 wrote to memory of 2596	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	97
PID 1192 wrote to memory of 1084	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	98
PID 1192 wrote to memory of 1084	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	98
PID 1192 wrote to memory of 1604	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	99
PID 1192 wrote to memory of 1604	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	99
PID 1192 wrote to memory of 2472	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	100
PID 1192 wrote to memory of 2472	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	100
PID 1192 wrote to memory of 3212	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	101
PID 1192 wrote to memory of 3212	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	101
PID 1192 wrote to memory of 2104	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	102
PID 1192 wrote to memory of 2104	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	102
PID 1192 wrote to memory of 2912	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	103
PID 1192 wrote to memory of 2912	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	103
PID 1192 wrote to memory of 1868	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	104
PID 1192 wrote to memory of 1868	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	104
PID 1192 wrote to memory of 1108	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	105
PID 1192 wrote to memory of 1108	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	105
PID 1192 wrote to memory of 2196	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	106
PID 1192 wrote to memory of 2196	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	106
PID 1192 wrote to memory of 2700	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	107
PID 1192 wrote to memory of 2700	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	107
PID 1192 wrote to memory of 3036	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	108
PID 1192 wrote to memory of 3036	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	108
PID 1192 wrote to memory of 4936	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	109
PID 1192 wrote to memory of 4936	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	109
PID 1192 wrote to memory of 2056	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	110
PID 1192 wrote to memory of 2056	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	110
PID 1192 wrote to memory of 1088	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	111
PID 1192 wrote to memory of 1088	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	111
PID 1192 wrote to memory of 1368	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	112
PID 1192 wrote to memory of 1368	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	112
PID 1192 wrote to memory of 2780	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	113
PID 1192 wrote to memory of 2780	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	113
PID 1192 wrote to memory of 4124	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	114
PID 1192 wrote to memory of 4124	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	114
PID 1192 wrote to memory of 1704	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	115
PID 1192 wrote to memory of 1704	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	115
PID 1192 wrote to memory of 3968	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	116
PID 1192 wrote to memory of 3968	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	116
PID 1192 wrote to memory of 1996	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	117
PID 1192 wrote to memory of 1996	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	117
PID 1192 wrote to memory of 624	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	118
PID 1192 wrote to memory of 624	1192	4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe	118

C:\Users\Admin\AppData\Local\Temp\4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe
"C:\Users\Admin\AppData\Local\Temp\4b00a4b33f09e5159dbcfb46a72b27c90dec0abd24aef712e65af059e033f247.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\System\RRghJyN.exe
  C:\Windows\System\RRghJyN.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\arVJogK.exe
  C:\Windows\System\arVJogK.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\DamsmOt.exe
  C:\Windows\System\DamsmOt.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\HTmmrPP.exe
  C:\Windows\System\HTmmrPP.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\QWGficG.exe
  C:\Windows\System\QWGficG.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\YqOzhOr.exe
  C:\Windows\System\YqOzhOr.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\CrDTKYZ.exe
  C:\Windows\System\CrDTKYZ.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\MkRgJMv.exe
  C:\Windows\System\MkRgJMv.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\ZeVCUrE.exe
  C:\Windows\System\ZeVCUrE.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\RSvEViS.exe
  C:\Windows\System\RSvEViS.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\YpQyrBF.exe
  C:\Windows\System\YpQyrBF.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\JxBxzps.exe
  C:\Windows\System\JxBxzps.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\VeNkgmn.exe
  C:\Windows\System\VeNkgmn.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\tBEXPjc.exe
  C:\Windows\System\tBEXPjc.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\YaemRLH.exe
  C:\Windows\System\YaemRLH.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\gqBxzQq.exe
  C:\Windows\System\gqBxzQq.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ZGXlIco.exe
  C:\Windows\System\ZGXlIco.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\jZRmiST.exe
  C:\Windows\System\jZRmiST.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\EtRCNdT.exe
  C:\Windows\System\EtRCNdT.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\kqJtCas.exe
  C:\Windows\System\kqJtCas.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\Fuulzti.exe
  C:\Windows\System\Fuulzti.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\PanXyoa.exe
  C:\Windows\System\PanXyoa.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\pGsgMrR.exe
  C:\Windows\System\pGsgMrR.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\hikLRQt.exe
  C:\Windows\System\hikLRQt.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\MbSeykG.exe
  C:\Windows\System\MbSeykG.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\pPGkves.exe
  C:\Windows\System\pPGkves.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\UMrpKWn.exe
  C:\Windows\System\UMrpKWn.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\bfPhdYB.exe
  C:\Windows\System\bfPhdYB.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\xIeCDXw.exe
  C:\Windows\System\xIeCDXw.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\OdbAHev.exe
  C:\Windows\System\OdbAHev.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\lNZNdNE.exe
  C:\Windows\System\lNZNdNE.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\ksQZMyU.exe
  C:\Windows\System\ksQZMyU.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\IVuybRb.exe
  C:\Windows\System\IVuybRb.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\YkaPbow.exe
  C:\Windows\System\YkaPbow.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\MmAHZkM.exe
  C:\Windows\System\MmAHZkM.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\VNJQNxN.exe
  C:\Windows\System\VNJQNxN.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\wtxqiFr.exe
  C:\Windows\System\wtxqiFr.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\ADWrzlJ.exe
  C:\Windows\System\ADWrzlJ.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\KREIwtL.exe
  C:\Windows\System\KREIwtL.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\EjuLpDF.exe
  C:\Windows\System\EjuLpDF.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\gTdqOts.exe
  C:\Windows\System\gTdqOts.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\nxeewmH.exe
  C:\Windows\System\nxeewmH.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\rLgzhow.exe
  C:\Windows\System\rLgzhow.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\qQnNfRo.exe
  C:\Windows\System\qQnNfRo.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\KgkmaUD.exe
  C:\Windows\System\KgkmaUD.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\oqCsUpj.exe
  C:\Windows\System\oqCsUpj.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\yQvoshp.exe
  C:\Windows\System\yQvoshp.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\jvNfyVY.exe
  C:\Windows\System\jvNfyVY.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\LHQYKhQ.exe
  C:\Windows\System\LHQYKhQ.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\aAuKXET.exe
  C:\Windows\System\aAuKXET.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\bDzxXPF.exe
  C:\Windows\System\bDzxXPF.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\TysGanK.exe
  C:\Windows\System\TysGanK.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\msjZJJx.exe
  C:\Windows\System\msjZJJx.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\SpXItIL.exe
  C:\Windows\System\SpXItIL.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\dbtRwNj.exe
  C:\Windows\System\dbtRwNj.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\GeEqeRY.exe
  C:\Windows\System\GeEqeRY.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\qDDojUW.exe
  C:\Windows\System\qDDojUW.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\OhPhGRL.exe
  C:\Windows\System\OhPhGRL.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\OMcmZDf.exe
  C:\Windows\System\OMcmZDf.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\rtHqofe.exe
  C:\Windows\System\rtHqofe.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\zkAHGGW.exe
  C:\Windows\System\zkAHGGW.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\aetkRxW.exe
  C:\Windows\System\aetkRxW.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\nsmsFVs.exe
  C:\Windows\System\nsmsFVs.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\zQCItms.exe
  C:\Windows\System\zQCItms.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\LcQrvNM.exe
  C:\Windows\System\LcQrvNM.exe
  2⤵
  PID:4836
- C:\Windows\System\lyzcjYM.exe
  C:\Windows\System\lyzcjYM.exe
  2⤵
  PID:4104
- C:\Windows\System\ELlqJrl.exe
  C:\Windows\System\ELlqJrl.exe
  2⤵
  PID:1596
- C:\Windows\System\ialahfO.exe
  C:\Windows\System\ialahfO.exe
  2⤵
  PID:1684
- C:\Windows\System\bUpgixi.exe
  C:\Windows\System\bUpgixi.exe
  2⤵
  PID:4128
- C:\Windows\System\LRXngMm.exe
  C:\Windows\System\LRXngMm.exe
  2⤵
  PID:3420
- C:\Windows\System\MBhnkCX.exe
  C:\Windows\System\MBhnkCX.exe
  2⤵
  PID:244
- C:\Windows\System\wEjoraJ.exe
  C:\Windows\System\wEjoraJ.exe
  2⤵
  PID:1804
- C:\Windows\System\NCefiEu.exe
  C:\Windows\System\NCefiEu.exe
  2⤵
  PID:4672
- C:\Windows\System\gaRcxUv.exe
  C:\Windows\System\gaRcxUv.exe
  2⤵
  PID:3188
- C:\Windows\System\wAifuCQ.exe
  C:\Windows\System\wAifuCQ.exe
  2⤵
  PID:4808
- C:\Windows\System\GSMKgIy.exe
  C:\Windows\System\GSMKgIy.exe
  2⤵
  PID:2748
- C:\Windows\System\CqyTcKs.exe
  C:\Windows\System\CqyTcKs.exe
  2⤵
  PID:456
- C:\Windows\System\lhdZgpC.exe
  C:\Windows\System\lhdZgpC.exe
  2⤵
  PID:2152
- C:\Windows\System\yTDKkJj.exe
  C:\Windows\System\yTDKkJj.exe
  2⤵
  PID:2272
- C:\Windows\System\yWoJQTh.exe
  C:\Windows\System\yWoJQTh.exe
  2⤵
  PID:3384
- C:\Windows\System\MmkvmBm.exe
  C:\Windows\System\MmkvmBm.exe
  2⤵
  PID:5152
- C:\Windows\System\SevdLwI.exe
  C:\Windows\System\SevdLwI.exe
  2⤵
  PID:5176
- C:\Windows\System\mtanMHn.exe
  C:\Windows\System\mtanMHn.exe
  2⤵
  PID:5204
- C:\Windows\System\HzTHaSU.exe
  C:\Windows\System\HzTHaSU.exe
  2⤵
  PID:5232
- C:\Windows\System\eggCRPH.exe
  C:\Windows\System\eggCRPH.exe
  2⤵
  PID:5260
- C:\Windows\System\Daavdzd.exe
  C:\Windows\System\Daavdzd.exe
  2⤵
  PID:5288
- C:\Windows\System\dKgliQY.exe
  C:\Windows\System\dKgliQY.exe
  2⤵
  PID:5320
- C:\Windows\System\NvOoxcF.exe
  C:\Windows\System\NvOoxcF.exe
  2⤵
  PID:5348
- C:\Windows\System\TFskZfF.exe
  C:\Windows\System\TFskZfF.exe
  2⤵
  PID:5372
- C:\Windows\System\cOhhKfB.exe
  C:\Windows\System\cOhhKfB.exe
  2⤵
  PID:5400
- C:\Windows\System\UuKbpWt.exe
  C:\Windows\System\UuKbpWt.exe
  2⤵
  PID:5432
- C:\Windows\System\HjkPymX.exe
  C:\Windows\System\HjkPymX.exe
  2⤵
  PID:5456
- C:\Windows\System\aqimdcb.exe
  C:\Windows\System\aqimdcb.exe
  2⤵
  PID:5484
- C:\Windows\System\tiLzlfe.exe
  C:\Windows\System\tiLzlfe.exe
  2⤵
  PID:5512
- C:\Windows\System\ErjmfAj.exe
  C:\Windows\System\ErjmfAj.exe
  2⤵
  PID:5540
- C:\Windows\System\EEGqeCY.exe
  C:\Windows\System\EEGqeCY.exe
  2⤵
  PID:5568
- C:\Windows\System\PrWnWdf.exe
  C:\Windows\System\PrWnWdf.exe
  2⤵
  PID:5596
- C:\Windows\System\JsiJIeq.exe
  C:\Windows\System\JsiJIeq.exe
  2⤵
  PID:5624
- C:\Windows\System\uvBYGHz.exe
  C:\Windows\System\uvBYGHz.exe
  2⤵
  PID:5652
- C:\Windows\System\cLNjESd.exe
  C:\Windows\System\cLNjESd.exe
  2⤵
  PID:5680
- C:\Windows\System\aOzNXCE.exe
  C:\Windows\System\aOzNXCE.exe
  2⤵
  PID:5708
- C:\Windows\System\DuxOrrG.exe
  C:\Windows\System\DuxOrrG.exe
  2⤵
  PID:5736
- C:\Windows\System\lBdkdGV.exe
  C:\Windows\System\lBdkdGV.exe
  2⤵
  PID:5764
- C:\Windows\System\BbdjhLV.exe
  C:\Windows\System\BbdjhLV.exe
  2⤵
  PID:5796
- C:\Windows\System\DNwTLQh.exe
  C:\Windows\System\DNwTLQh.exe
  2⤵
  PID:5820
- C:\Windows\System\JpPbYsK.exe
  C:\Windows\System\JpPbYsK.exe
  2⤵
  PID:5848
- C:\Windows\System\axGlUIn.exe
  C:\Windows\System\axGlUIn.exe
  2⤵
  PID:5876
- C:\Windows\System\xgAyCTt.exe
  C:\Windows\System\xgAyCTt.exe
  2⤵
  PID:5904
- C:\Windows\System\QMrgXRL.exe
  C:\Windows\System\QMrgXRL.exe
  2⤵
  PID:5932
- C:\Windows\System\PQtzsWw.exe
  C:\Windows\System\PQtzsWw.exe
  2⤵
  PID:5956
- C:\Windows\System\LxsyArC.exe
  C:\Windows\System\LxsyArC.exe
  2⤵
  PID:5988
- C:\Windows\System\gyzFHYb.exe
  C:\Windows\System\gyzFHYb.exe
  2⤵
  PID:6016
- C:\Windows\System\DnKsFeg.exe
  C:\Windows\System\DnKsFeg.exe
  2⤵
  PID:6044
- C:\Windows\System\mahhKID.exe
  C:\Windows\System\mahhKID.exe
  2⤵
  PID:6080
- C:\Windows\System\yoZJsqA.exe
  C:\Windows\System\yoZJsqA.exe
  2⤵
  PID:2684
- C:\Windows\System\JLXHSfo.exe
  C:\Windows\System\JLXHSfo.exe
  2⤵
  PID:2232
- C:\Windows\System\elZQeTr.exe
  C:\Windows\System\elZQeTr.exe
  2⤵
  PID:4748
- C:\Windows\System\aVHPMQo.exe
  C:\Windows\System\aVHPMQo.exe
  2⤵
  PID:4860
- C:\Windows\System\ehQWlAW.exe
  C:\Windows\System\ehQWlAW.exe
  2⤵
  PID:2488
- C:\Windows\System\TQvCtLH.exe
  C:\Windows\System\TQvCtLH.exe
  2⤵
  PID:2240
- C:\Windows\System\PbNzQKd.exe
  C:\Windows\System\PbNzQKd.exe
  2⤵
  PID:4472
- C:\Windows\System\xfJgppg.exe
  C:\Windows\System\xfJgppg.exe
  2⤵
  PID:1780
- C:\Windows\System\ZhrdrWa.exe
  C:\Windows\System\ZhrdrWa.exe
  2⤵
  PID:2548
- C:\Windows\System\EirgETE.exe
  C:\Windows\System\EirgETE.exe
  2⤵
  PID:5160
- C:\Windows\System\dOKGKZc.exe
  C:\Windows\System\dOKGKZc.exe
  2⤵
  PID:5216
- C:\Windows\System\zBDQaMg.exe
  C:\Windows\System\zBDQaMg.exe
  2⤵
  PID:5276
- C:\Windows\System\JOMzEMB.exe
  C:\Windows\System\JOMzEMB.exe
  2⤵
  PID:5340
- C:\Windows\System\LgDCjdo.exe
  C:\Windows\System\LgDCjdo.exe
  2⤵
  PID:5412
- C:\Windows\System\SPNqsGm.exe
  C:\Windows\System\SPNqsGm.exe
  2⤵
  PID:5472
- C:\Windows\System\LyAdKww.exe
  C:\Windows\System\LyAdKww.exe
  2⤵
  PID:5532
- C:\Windows\System\fxjLoIb.exe
  C:\Windows\System\fxjLoIb.exe
  2⤵
  PID:5608
- C:\Windows\System\yNdjNZv.exe
  C:\Windows\System\yNdjNZv.exe
  2⤵
  PID:5676
- C:\Windows\System\cjTEPWz.exe
  C:\Windows\System\cjTEPWz.exe
  2⤵
  PID:5748
- C:\Windows\System\XwKowvo.exe
  C:\Windows\System\XwKowvo.exe
  2⤵
  PID:5804
- C:\Windows\System\NnATrVF.exe
  C:\Windows\System\NnATrVF.exe
  2⤵
  PID:5868
- C:\Windows\System\TpYzujU.exe
  C:\Windows\System\TpYzujU.exe
  2⤵
  PID:5944
- C:\Windows\System\qZTciyE.exe
  C:\Windows\System\qZTciyE.exe
  2⤵
  PID:6004
- C:\Windows\System\pkyaBOq.exe
  C:\Windows\System\pkyaBOq.exe
  2⤵
  PID:6064
- C:\Windows\System\ypPSquH.exe
  C:\Windows\System\ypPSquH.exe
  2⤵
  PID:3664
- C:\Windows\System\ncwIbJn.exe
  C:\Windows\System\ncwIbJn.exe
  2⤵
  PID:4620
- C:\Windows\System\JLCJItH.exe
  C:\Windows\System\JLCJItH.exe
  2⤵
  PID:1448
- C:\Windows\System\GUvwkcm.exe
  C:\Windows\System\GUvwkcm.exe
  2⤵
  PID:648
- C:\Windows\System\TwAQFsy.exe
  C:\Windows\System\TwAQFsy.exe
  2⤵
  PID:5248
- C:\Windows\System\WQahlCM.exe
  C:\Windows\System\WQahlCM.exe
  2⤵
  PID:5388
- C:\Windows\System\IJbGqbb.exe
  C:\Windows\System\IJbGqbb.exe
  2⤵
  PID:5580
- C:\Windows\System\nQMrAqm.exe
  C:\Windows\System\nQMrAqm.exe
  2⤵
  PID:6172
- C:\Windows\System\riOqfMN.exe
  C:\Windows\System\riOqfMN.exe
  2⤵
  PID:6200
- C:\Windows\System\CBuffzM.exe
  C:\Windows\System\CBuffzM.exe
  2⤵
  PID:6228
- C:\Windows\System\Gwpuqpe.exe
  C:\Windows\System\Gwpuqpe.exe
  2⤵
  PID:6256
- C:\Windows\System\oGCodLD.exe
  C:\Windows\System\oGCodLD.exe
  2⤵
  PID:6288
- C:\Windows\System\VtmDKCv.exe
  C:\Windows\System\VtmDKCv.exe
  2⤵
  PID:6316
- C:\Windows\System\fxCEaTm.exe
  C:\Windows\System\fxCEaTm.exe
  2⤵
  PID:6340
- C:\Windows\System\yvAXVwD.exe
  C:\Windows\System\yvAXVwD.exe
  2⤵
  PID:6368
- C:\Windows\System\WPLFtvc.exe
  C:\Windows\System\WPLFtvc.exe
  2⤵
  PID:6392
- C:\Windows\System\ChIUHZE.exe
  C:\Windows\System\ChIUHZE.exe
  2⤵
  PID:6420
- C:\Windows\System\OqfOStp.exe
  C:\Windows\System\OqfOStp.exe
  2⤵
  PID:6448
- C:\Windows\System\EczcHxY.exe
  C:\Windows\System\EczcHxY.exe
  2⤵
  PID:6476
- C:\Windows\System\IHbfVZP.exe
  C:\Windows\System\IHbfVZP.exe
  2⤵
  PID:6508
- C:\Windows\System\jROjYZq.exe
  C:\Windows\System\jROjYZq.exe
  2⤵
  PID:6532
- C:\Windows\System\DPWhQlp.exe
  C:\Windows\System\DPWhQlp.exe
  2⤵
  PID:6564
- C:\Windows\System\NugcETX.exe
  C:\Windows\System\NugcETX.exe
  2⤵
  PID:6588
- C:\Windows\System\PRVRRLU.exe
  C:\Windows\System\PRVRRLU.exe
  2⤵
  PID:6620
- C:\Windows\System\iWQkHyz.exe
  C:\Windows\System\iWQkHyz.exe
  2⤵
  PID:6644
- C:\Windows\System\MSirZgV.exe
  C:\Windows\System\MSirZgV.exe
  2⤵
  PID:6676
- C:\Windows\System\XQhiXPK.exe
  C:\Windows\System\XQhiXPK.exe
  2⤵
  PID:6704
- C:\Windows\System\jRolwPG.exe
  C:\Windows\System\jRolwPG.exe
  2⤵
  PID:6736
- C:\Windows\System\NIPIjUK.exe
  C:\Windows\System\NIPIjUK.exe
  2⤵
  PID:6768
- C:\Windows\System\lNfxKar.exe
  C:\Windows\System\lNfxKar.exe
  2⤵
  PID:6804
- C:\Windows\System\SmIpWSy.exe
  C:\Windows\System\SmIpWSy.exe
  2⤵
  PID:6832
- C:\Windows\System\BFEnQtp.exe
  C:\Windows\System\BFEnQtp.exe
  2⤵
  PID:6856
- C:\Windows\System\HBzlbAY.exe
  C:\Windows\System\HBzlbAY.exe
  2⤵
  PID:6876
- C:\Windows\System\hTjsQKG.exe
  C:\Windows\System\hTjsQKG.exe
  2⤵
  PID:6904
- C:\Windows\System\ACFlVKE.exe
  C:\Windows\System\ACFlVKE.exe
  2⤵
  PID:6932
- C:\Windows\System\CpKmXwY.exe
  C:\Windows\System\CpKmXwY.exe
  2⤵
  PID:6956
- C:\Windows\System\ZNvarjD.exe
  C:\Windows\System\ZNvarjD.exe
  2⤵
  PID:6984
- C:\Windows\System\fHFukWb.exe
  C:\Windows\System\fHFukWb.exe
  2⤵
  PID:7016
- C:\Windows\System\jCiJGeb.exe
  C:\Windows\System\jCiJGeb.exe
  2⤵
  PID:7052
- C:\Windows\System\QlgPFfU.exe
  C:\Windows\System\QlgPFfU.exe
  2⤵
  PID:7072
- C:\Windows\System\wHHspwV.exe
  C:\Windows\System\wHHspwV.exe
  2⤵
  PID:7100
- C:\Windows\System\gAPEpOV.exe
  C:\Windows\System\gAPEpOV.exe
  2⤵
  PID:7124
- C:\Windows\System\RkdVkhi.exe
  C:\Windows\System\RkdVkhi.exe
  2⤵
  PID:7152
- C:\Windows\System\DFjbeNL.exe
  C:\Windows\System\DFjbeNL.exe
  2⤵
  PID:5644
- C:\Windows\System\AbFsYdo.exe
  C:\Windows\System\AbFsYdo.exe
  2⤵
  PID:5836
- C:\Windows\System\OnhRcED.exe
  C:\Windows\System\OnhRcED.exe
  2⤵
  PID:5976
- C:\Windows\System\YyryASq.exe
  C:\Windows\System\YyryASq.exe
  2⤵
  PID:6128
- C:\Windows\System\xGyBsSH.exe
  C:\Windows\System\xGyBsSH.exe
  2⤵
  PID:4784
- C:\Windows\System\PPQbuhl.exe
  C:\Windows\System\PPQbuhl.exe
  2⤵
  PID:5328
- C:\Windows\System\aLQvXtN.exe
  C:\Windows\System\aLQvXtN.exe
  2⤵
  PID:6164
- C:\Windows\System\kRAcagE.exe
  C:\Windows\System\kRAcagE.exe
  2⤵
  PID:6220
- C:\Windows\System\AgCIBhh.exe
  C:\Windows\System\AgCIBhh.exe
  2⤵
  PID:6272
- C:\Windows\System\sAwbGmW.exe
  C:\Windows\System\sAwbGmW.exe
  2⤵
  PID:6352
- C:\Windows\System\MFHvxNJ.exe
  C:\Windows\System\MFHvxNJ.exe
  2⤵
  PID:6408
- C:\Windows\System\JRPFGNi.exe
  C:\Windows\System\JRPFGNi.exe
  2⤵
  PID:6468
- C:\Windows\System\rNZFRwF.exe
  C:\Windows\System\rNZFRwF.exe
  2⤵
  PID:6524
- C:\Windows\System\gEwenxN.exe
  C:\Windows\System\gEwenxN.exe
  2⤵
  PID:6584
- C:\Windows\System\SzWFPUc.exe
  C:\Windows\System\SzWFPUc.exe
  2⤵
  PID:6664
- C:\Windows\System\PEEHXHp.exe
  C:\Windows\System\PEEHXHp.exe
  2⤵
  PID:6724
- C:\Windows\System\nWGJHHx.exe
  C:\Windows\System\nWGJHHx.exe
  2⤵
  PID:6788
- C:\Windows\System\XIVwlDF.exe
  C:\Windows\System\XIVwlDF.exe
  2⤵
  PID:6844
- C:\Windows\System\kTUZNEl.exe
  C:\Windows\System\kTUZNEl.exe
  2⤵
  PID:6896
- C:\Windows\System\vsCWZmY.exe
  C:\Windows\System\vsCWZmY.exe
  2⤵
  PID:6972
- C:\Windows\System\goGYNfK.exe
  C:\Windows\System\goGYNfK.exe
  2⤵
  PID:7028
- C:\Windows\System\GAgvZac.exe
  C:\Windows\System\GAgvZac.exe
  2⤵
  PID:7088
- C:\Windows\System\RQRGIPb.exe
  C:\Windows\System\RQRGIPb.exe
  2⤵
  PID:7148
- C:\Windows\System\CayVIce.exe
  C:\Windows\System\CayVIce.exe
  2⤵
  PID:5780
- C:\Windows\System\juuPNSC.exe
  C:\Windows\System\juuPNSC.exe
  2⤵
  PID:264
- C:\Windows\System\NZrxcpd.exe
  C:\Windows\System\NZrxcpd.exe
  2⤵
  PID:5504
- C:\Windows\System\MUvPGcx.exe
  C:\Windows\System\MUvPGcx.exe
  2⤵
  PID:6248
- C:\Windows\System\YUuKkzU.exe
  C:\Windows\System\YUuKkzU.exe
  2⤵
  PID:6388
- C:\Windows\System\ysYgGjx.exe
  C:\Windows\System\ysYgGjx.exe
  2⤵
  PID:3204
- C:\Windows\System\RhJvuMg.exe
  C:\Windows\System\RhJvuMg.exe
  2⤵
  PID:6632
- C:\Windows\System\lSfnDaf.exe
  C:\Windows\System\lSfnDaf.exe
  2⤵
  PID:6752
- C:\Windows\System\XNBMsPN.exe
  C:\Windows\System\XNBMsPN.exe
  2⤵
  PID:6888
- C:\Windows\System\MeTWjmE.exe
  C:\Windows\System\MeTWjmE.exe
  2⤵
  PID:7000
- C:\Windows\System\sJdlBJI.exe
  C:\Windows\System\sJdlBJI.exe
  2⤵
  PID:7120
- C:\Windows\System\wlquryN.exe
  C:\Windows\System\wlquryN.exe
  2⤵
  PID:5776
- C:\Windows\System\hMBiMHM.exe
  C:\Windows\System\hMBiMHM.exe
  2⤵
  PID:5192
- C:\Windows\System\SlDoMgz.exe
  C:\Windows\System\SlDoMgz.exe
  2⤵
  PID:6380
- C:\Windows\System\vuBXKwN.exe
  C:\Windows\System\vuBXKwN.exe
  2⤵
  PID:6580
- C:\Windows\System\qFuZzOd.exe
  C:\Windows\System\qFuZzOd.exe
  2⤵
  PID:956
- C:\Windows\System\lhWZwCm.exe
  C:\Windows\System\lhWZwCm.exe
  2⤵
  PID:1156
- C:\Windows\System\PANUDAo.exe
  C:\Windows\System\PANUDAo.exe
  2⤵
  PID:2616
- C:\Windows\System\yXCNfHo.exe
  C:\Windows\System\yXCNfHo.exe
  2⤵
  PID:7208
- C:\Windows\System\DvKzGIv.exe
  C:\Windows\System\DvKzGIv.exe
  2⤵
  PID:7244
- C:\Windows\System\ALztPzB.exe
  C:\Windows\System\ALztPzB.exe
  2⤵
  PID:7264
- C:\Windows\System\AoPBrFg.exe
  C:\Windows\System\AoPBrFg.exe
  2⤵
  PID:7292
- C:\Windows\System\EvnPRgI.exe
  C:\Windows\System\EvnPRgI.exe
  2⤵
  PID:7324
- C:\Windows\System\EgbngxP.exe
  C:\Windows\System\EgbngxP.exe
  2⤵
  PID:7376
- C:\Windows\System\hMqmcLZ.exe
  C:\Windows\System\hMqmcLZ.exe
  2⤵
  PID:7396
- C:\Windows\System\aDtdMIw.exe
  C:\Windows\System\aDtdMIw.exe
  2⤵
  PID:7420
- C:\Windows\System\ZjmdARO.exe
  C:\Windows\System\ZjmdARO.exe
  2⤵
  PID:7436
- C:\Windows\System\DYluzpu.exe
  C:\Windows\System\DYluzpu.exe
  2⤵
  PID:7460
- C:\Windows\System\KXuAzxK.exe
  C:\Windows\System\KXuAzxK.exe
  2⤵
  PID:7516
- C:\Windows\System\XwQdUSp.exe
  C:\Windows\System\XwQdUSp.exe
  2⤵
  PID:7544
- C:\Windows\System\SfTMzgZ.exe
  C:\Windows\System\SfTMzgZ.exe
  2⤵
  PID:7560
- C:\Windows\System\YhueQEF.exe
  C:\Windows\System\YhueQEF.exe
  2⤵
  PID:7580
- C:\Windows\System\PyOhDvu.exe
  C:\Windows\System\PyOhDvu.exe
  2⤵
  PID:7600
- C:\Windows\System\ZRsFbkY.exe
  C:\Windows\System\ZRsFbkY.exe
  2⤵
  PID:7628
- C:\Windows\System\neWaHgP.exe
  C:\Windows\System\neWaHgP.exe
  2⤵
  PID:7652
- C:\Windows\System\AhaJZYM.exe
  C:\Windows\System\AhaJZYM.exe
  2⤵
  PID:7680
- C:\Windows\System\fViPiSJ.exe
  C:\Windows\System\fViPiSJ.exe
  2⤵
  PID:7716
- C:\Windows\System\ZpGPtei.exe
  C:\Windows\System\ZpGPtei.exe
  2⤵
  PID:7740
- C:\Windows\System\TDrderi.exe
  C:\Windows\System\TDrderi.exe
  2⤵
  PID:7784
- C:\Windows\System\rxojBRl.exe
  C:\Windows\System\rxojBRl.exe
  2⤵
  PID:7800
- C:\Windows\System\VkFwqWS.exe
  C:\Windows\System\VkFwqWS.exe
  2⤵
  PID:7852
- C:\Windows\System\sMNnNIJ.exe
  C:\Windows\System\sMNnNIJ.exe
  2⤵
  PID:7880
- C:\Windows\System\mUqOpDM.exe
  C:\Windows\System\mUqOpDM.exe
  2⤵
  PID:7908
- C:\Windows\System\AHKDHBE.exe
  C:\Windows\System\AHKDHBE.exe
  2⤵
  PID:7936
- C:\Windows\System\hNPhaDX.exe
  C:\Windows\System\hNPhaDX.exe
  2⤵
  PID:7956
- C:\Windows\System\QTrloVL.exe
  C:\Windows\System\QTrloVL.exe
  2⤵
  PID:7984
- C:\Windows\System\WndcUES.exe
  C:\Windows\System\WndcUES.exe
  2⤵
  PID:8012
- C:\Windows\System\HHebXVx.exe
  C:\Windows\System\HHebXVx.exe
  2⤵
  PID:8036
- C:\Windows\System\GvFAKLc.exe
  C:\Windows\System\GvFAKLc.exe
  2⤵
  PID:8060
- C:\Windows\System\dnbFSDJ.exe
  C:\Windows\System\dnbFSDJ.exe
  2⤵
  PID:8084
- C:\Windows\System\rdtjiVm.exe
  C:\Windows\System\rdtjiVm.exe
  2⤵
  PID:8104
- C:\Windows\System\UUXmfQg.exe
  C:\Windows\System\UUXmfQg.exe
  2⤵
  PID:8148
- C:\Windows\System\wyjFjty.exe
  C:\Windows\System\wyjFjty.exe
  2⤵
  PID:8176
- C:\Windows\System\MFoINrz.exe
  C:\Windows\System\MFoINrz.exe
  2⤵
  PID:2672
- C:\Windows\System\jqJPHFh.exe
  C:\Windows\System\jqJPHFh.exe
  2⤵
  PID:3492
- C:\Windows\System\CYBwzSw.exe
  C:\Windows\System\CYBwzSw.exe
  2⤵
  PID:2100
- C:\Windows\System\srVkYUk.exe
  C:\Windows\System\srVkYUk.exe
  2⤵
  PID:6872
- C:\Windows\System\OcPEAGm.exe
  C:\Windows\System\OcPEAGm.exe
  2⤵
  PID:2460
- C:\Windows\System\lVylhmp.exe
  C:\Windows\System\lVylhmp.exe
  2⤵
  PID:7200
- C:\Windows\System\DrvNQtC.exe
  C:\Windows\System\DrvNQtC.exe
  2⤵
  PID:992
- C:\Windows\System\hXyVhYo.exe
  C:\Windows\System\hXyVhYo.exe
  2⤵
  PID:7280
- C:\Windows\System\RZhbmsv.exe
  C:\Windows\System\RZhbmsv.exe
  2⤵
  PID:7352
- C:\Windows\System\ExbIZlH.exe
  C:\Windows\System\ExbIZlH.exe
  2⤵
  PID:7404
- C:\Windows\System\PZbJvje.exe
  C:\Windows\System\PZbJvje.exe
  2⤵
  PID:7452
- C:\Windows\System\CjEQEHj.exe
  C:\Windows\System\CjEQEHj.exe
  2⤵
  PID:7556
- C:\Windows\System\MZfLpdd.exe
  C:\Windows\System\MZfLpdd.exe
  2⤵
  PID:7640
- C:\Windows\System\vBfcmLq.exe
  C:\Windows\System\vBfcmLq.exe
  2⤵
  PID:7592
- C:\Windows\System\IBIwPOW.exe
  C:\Windows\System\IBIwPOW.exe
  2⤵
  PID:7676
- C:\Windows\System\QLjOwkw.exe
  C:\Windows\System\QLjOwkw.exe
  2⤵
  PID:7792
- C:\Windows\System\ktQrfkK.exe
  C:\Windows\System\ktQrfkK.exe
  2⤵
  PID:7840
- C:\Windows\System\uOHYiwY.exe
  C:\Windows\System\uOHYiwY.exe
  2⤵
  PID:7868
- C:\Windows\System\gSUXQvI.exe
  C:\Windows\System\gSUXQvI.exe
  2⤵
  PID:8020
- C:\Windows\System\nUsZyQe.exe
  C:\Windows\System\nUsZyQe.exe
  2⤵
  PID:8028
- C:\Windows\System\NFOIIFs.exe
  C:\Windows\System\NFOIIFs.exe
  2⤵
  PID:8080
- C:\Windows\System\UExPRvF.exe
  C:\Windows\System\UExPRvF.exe
  2⤵
  PID:8124
- C:\Windows\System\zqZTYdk.exe
  C:\Windows\System\zqZTYdk.exe
  2⤵
  PID:8188
- C:\Windows\System\wZQaRnk.exe
  C:\Windows\System\wZQaRnk.exe
  2⤵
  PID:1904
- C:\Windows\System\UBsZnbT.exe
  C:\Windows\System\UBsZnbT.exe
  2⤵
  PID:7240
- C:\Windows\System\phRhlSO.exe
  C:\Windows\System\phRhlSO.exe
  2⤵
  PID:7256
- C:\Windows\System\Srqtzdp.exe
  C:\Windows\System\Srqtzdp.exe
  2⤵
  PID:7372
- C:\Windows\System\kzoxObF.exe
  C:\Windows\System\kzoxObF.exe
  2⤵
  PID:7492
- C:\Windows\System\KAYZnpb.exe
  C:\Windows\System\KAYZnpb.exe
  2⤵
  PID:7728
- C:\Windows\System\RsMEAXR.exe
  C:\Windows\System\RsMEAXR.exe
  2⤵
  PID:7816
- C:\Windows\System\OkZDAzi.exe
  C:\Windows\System\OkZDAzi.exe
  2⤵
  PID:7980
- C:\Windows\System\DpvgVQK.exe
  C:\Windows\System\DpvgVQK.exe
  2⤵
  PID:8168
- C:\Windows\System\HBUrsCI.exe
  C:\Windows\System\HBUrsCI.exe
  2⤵
  PID:7312
- C:\Windows\System\QJdkeaj.exe
  C:\Windows\System\QJdkeaj.exe
  2⤵
  PID:7476
- C:\Windows\System\QdmoVzo.exe
  C:\Windows\System\QdmoVzo.exe
  2⤵
  PID:7944
- C:\Windows\System\tFSExUJ.exe
  C:\Windows\System\tFSExUJ.exe
  2⤵
  PID:6332
- C:\Windows\System\CpOdLUW.exe
  C:\Windows\System\CpOdLUW.exe
  2⤵
  PID:7596
- C:\Windows\System\RqyrnaV.exe
  C:\Windows\System\RqyrnaV.exe
  2⤵
  PID:7432
- C:\Windows\System\INONEAJ.exe
  C:\Windows\System\INONEAJ.exe
  2⤵
  PID:8200
- C:\Windows\System\ZEELCpB.exe
  C:\Windows\System\ZEELCpB.exe
  2⤵
  PID:8240
- C:\Windows\System\XYOWxPf.exe
  C:\Windows\System\XYOWxPf.exe
  2⤵
  PID:8268
- C:\Windows\System\bWqynLY.exe
  C:\Windows\System\bWqynLY.exe
  2⤵
  PID:8296
- C:\Windows\System\gLbBDXI.exe
  C:\Windows\System\gLbBDXI.exe
  2⤵
  PID:8324
- C:\Windows\System\XMSbFzp.exe
  C:\Windows\System\XMSbFzp.exe
  2⤵
  PID:8340
- C:\Windows\System\QJHSCyS.exe
  C:\Windows\System\QJHSCyS.exe
  2⤵
  PID:8368
- C:\Windows\System\OKzfJQa.exe
  C:\Windows\System\OKzfJQa.exe
  2⤵
  PID:8384
- C:\Windows\System\XtBvLar.exe
  C:\Windows\System\XtBvLar.exe
  2⤵
  PID:8432
- C:\Windows\System\HXDpfxH.exe
  C:\Windows\System\HXDpfxH.exe
  2⤵
  PID:8464
- C:\Windows\System\vbTRMdB.exe
  C:\Windows\System\vbTRMdB.exe
  2⤵
  PID:8492
- C:\Windows\System\VUTQQdJ.exe
  C:\Windows\System\VUTQQdJ.exe
  2⤵
  PID:8516
- C:\Windows\System\KaGlEjA.exe
  C:\Windows\System\KaGlEjA.exe
  2⤵
  PID:8540
- C:\Windows\System\IaAzUbg.exe
  C:\Windows\System\IaAzUbg.exe
  2⤵
  PID:8568
- C:\Windows\System\tDwrvlz.exe
  C:\Windows\System\tDwrvlz.exe
  2⤵
  PID:8592
- C:\Windows\System\MIVZBcB.exe
  C:\Windows\System\MIVZBcB.exe
  2⤵
  PID:8620
- C:\Windows\System\MyXraxq.exe
  C:\Windows\System\MyXraxq.exe
  2⤵
  PID:8660
- C:\Windows\System\ngwVyiL.exe
  C:\Windows\System\ngwVyiL.exe
  2⤵
  PID:8676
- C:\Windows\System\RqyMfNU.exe
  C:\Windows\System\RqyMfNU.exe
  2⤵
  PID:8704
- C:\Windows\System\AodrXSA.exe
  C:\Windows\System\AodrXSA.exe
  2⤵
  PID:8748
- C:\Windows\System\BQhfiKt.exe
  C:\Windows\System\BQhfiKt.exe
  2⤵
  PID:8772
- C:\Windows\System\mOUrONG.exe
  C:\Windows\System\mOUrONG.exe
  2⤵
  PID:8796
- C:\Windows\System\OhMvJPM.exe
  C:\Windows\System\OhMvJPM.exe
  2⤵
  PID:8820
- C:\Windows\System\zqHQwhE.exe
  C:\Windows\System\zqHQwhE.exe
  2⤵
  PID:8848
- C:\Windows\System\OUmHNWr.exe
  C:\Windows\System\OUmHNWr.exe
  2⤵
  PID:8880
- C:\Windows\System\ngoFSHd.exe
  C:\Windows\System\ngoFSHd.exe
  2⤵
  PID:8904
- C:\Windows\System\wejdMFT.exe
  C:\Windows\System\wejdMFT.exe
  2⤵
  PID:8932
- C:\Windows\System\UBIomRW.exe
  C:\Windows\System\UBIomRW.exe
  2⤵
  PID:8972
- C:\Windows\System\umYfpUL.exe
  C:\Windows\System\umYfpUL.exe
  2⤵
  PID:9000
- C:\Windows\System\kfcMpEF.exe
  C:\Windows\System\kfcMpEF.exe
  2⤵
  PID:9016
- C:\Windows\System\eqyOTal.exe
  C:\Windows\System\eqyOTal.exe
  2⤵
  PID:9040
- C:\Windows\System\HSdQfuo.exe
  C:\Windows\System\HSdQfuo.exe
  2⤵
  PID:9060
- C:\Windows\System\QBlIPpU.exe
  C:\Windows\System\QBlIPpU.exe
  2⤵
  PID:9092
- C:\Windows\System\GqTFnzC.exe
  C:\Windows\System\GqTFnzC.exe
  2⤵
  PID:9128
- C:\Windows\System\JNDKqAl.exe
  C:\Windows\System\JNDKqAl.exe
  2⤵
  PID:9164
- C:\Windows\System\QiSHhJC.exe
  C:\Windows\System\QiSHhJC.exe
  2⤵
  PID:9196
- C:\Windows\System\shOcENM.exe
  C:\Windows\System\shOcENM.exe
  2⤵
  PID:8216
- C:\Windows\System\LRKpgJx.exe
  C:\Windows\System\LRKpgJx.exe
  2⤵
  PID:8292
- C:\Windows\System\JPVMqNn.exe
  C:\Windows\System\JPVMqNn.exe
  2⤵
  PID:8356
- C:\Windows\System\ilhTdrC.exe
  C:\Windows\System\ilhTdrC.exe
  2⤵
  PID:8376
- C:\Windows\System\GXXzIEB.exe
  C:\Windows\System\GXXzIEB.exe
  2⤵
  PID:8448
- C:\Windows\System\QJlGLkD.exe
  C:\Windows\System\QJlGLkD.exe
  2⤵
  PID:8512
- C:\Windows\System\ncqVRxf.exe
  C:\Windows\System\ncqVRxf.exe
  2⤵
  PID:8584
- C:\Windows\System\MpQbZkZ.exe
  C:\Windows\System\MpQbZkZ.exe
  2⤵
  PID:8616
- C:\Windows\System\fzztElJ.exe
  C:\Windows\System\fzztElJ.exe
  2⤵
  PID:8668
- C:\Windows\System\RdfdTBs.exe
  C:\Windows\System\RdfdTBs.exe
  2⤵
  PID:8740
- C:\Windows\System\OfZDPXL.exe
  C:\Windows\System\OfZDPXL.exe
  2⤵
  PID:8804
- C:\Windows\System\AeafouA.exe
  C:\Windows\System\AeafouA.exe
  2⤵
  PID:8872
- C:\Windows\System\zabvNTN.exe
  C:\Windows\System\zabvNTN.exe
  2⤵
  PID:8996
- C:\Windows\System\AlvXIsE.exe
  C:\Windows\System\AlvXIsE.exe
  2⤵
  PID:9056
- C:\Windows\System\MWrxrnx.exe
  C:\Windows\System\MWrxrnx.exe
  2⤵
  PID:9112
- C:\Windows\System\SpAuDEQ.exe
  C:\Windows\System\SpAuDEQ.exe
  2⤵
  PID:9184
- C:\Windows\System\FdIiRlA.exe
  C:\Windows\System\FdIiRlA.exe
  2⤵
  PID:8264
- C:\Windows\System\RXibtbO.exe
  C:\Windows\System\RXibtbO.exe
  2⤵
  PID:8536
- C:\Windows\System\hsIGxoC.exe
  C:\Windows\System\hsIGxoC.exe
  2⤵
  PID:8644
- C:\Windows\System\cwujnce.exe
  C:\Windows\System\cwujnce.exe
  2⤵
  PID:8736
- C:\Windows\System\PLEqaOe.exe
  C:\Windows\System\PLEqaOe.exe
  2⤵
  PID:8960
- C:\Windows\System\DegmhKb.exe
  C:\Windows\System\DegmhKb.exe
  2⤵
  PID:9080
- C:\Windows\System\IcJbWqe.exe
  C:\Windows\System\IcJbWqe.exe
  2⤵
  PID:8220
- C:\Windows\System\qdaDAgC.exe
  C:\Windows\System\qdaDAgC.exe
  2⤵
  PID:8440
- C:\Windows\System\kiyhMaF.exe
  C:\Windows\System\kiyhMaF.exe
  2⤵
  PID:8816
- C:\Windows\System\vwdKtnq.exe
  C:\Windows\System\vwdKtnq.exe
  2⤵
  PID:9148
- C:\Windows\System\enVGjdX.exe
  C:\Windows\System\enVGjdX.exe
  2⤵
  PID:8652
- C:\Windows\System\VIUycWU.exe
  C:\Windows\System\VIUycWU.exe
  2⤵
  PID:9232
- C:\Windows\System\mzxTVey.exe
  C:\Windows\System\mzxTVey.exe
  2⤵
  PID:9264
- C:\Windows\System\gIEysrb.exe
  C:\Windows\System\gIEysrb.exe
  2⤵
  PID:9284
- C:\Windows\System\ymQKZvq.exe
  C:\Windows\System\ymQKZvq.exe
  2⤵
  PID:9312
- C:\Windows\System\mDwOTGw.exe
  C:\Windows\System\mDwOTGw.exe
  2⤵
  PID:9348
- C:\Windows\System\UxdpHPG.exe
  C:\Windows\System\UxdpHPG.exe
  2⤵
  PID:9368
- C:\Windows\System\irVEnzm.exe
  C:\Windows\System\irVEnzm.exe
  2⤵
  PID:9388
- C:\Windows\System\Hdrzfhw.exe
  C:\Windows\System\Hdrzfhw.exe
  2⤵
  PID:9428
- C:\Windows\System\gplgetw.exe
  C:\Windows\System\gplgetw.exe
  2⤵
  PID:9452
- C:\Windows\System\tbQMcfu.exe
  C:\Windows\System\tbQMcfu.exe
  2⤵
  PID:9480
- C:\Windows\System\rJeYTlT.exe
  C:\Windows\System\rJeYTlT.exe
  2⤵
  PID:9504
- C:\Windows\System\wnHHAUV.exe
  C:\Windows\System\wnHHAUV.exe
  2⤵
  PID:9532
- C:\Windows\System\xnWnZiM.exe
  C:\Windows\System\xnWnZiM.exe
  2⤵
  PID:9564
- C:\Windows\System\lCultan.exe
  C:\Windows\System\lCultan.exe
  2⤵
  PID:9624
- C:\Windows\System\tqGztAK.exe
  C:\Windows\System\tqGztAK.exe
  2⤵
  PID:9652
- C:\Windows\System\CKYUjXk.exe
  C:\Windows\System\CKYUjXk.exe
  2⤵
  PID:9680
- C:\Windows\System\KhclCpM.exe
  C:\Windows\System\KhclCpM.exe
  2⤵
  PID:9696
- C:\Windows\System\ySiGBWi.exe
  C:\Windows\System\ySiGBWi.exe
  2⤵
  PID:9736
- C:\Windows\System\YamGIiu.exe
  C:\Windows\System\YamGIiu.exe
  2⤵
  PID:9764
- C:\Windows\System\oWRNWYm.exe
  C:\Windows\System\oWRNWYm.exe
  2⤵
  PID:9784
- C:\Windows\System\kgABusr.exe
  C:\Windows\System\kgABusr.exe
  2⤵
  PID:9808
- C:\Windows\System\DLRobBb.exe
  C:\Windows\System\DLRobBb.exe
  2⤵
  PID:9836
- C:\Windows\System\gaPwmDt.exe
  C:\Windows\System\gaPwmDt.exe
  2⤵
  PID:9868
- C:\Windows\System\nSyNupG.exe
  C:\Windows\System\nSyNupG.exe
  2⤵
  PID:9900
- C:\Windows\System\yrepIba.exe
  C:\Windows\System\yrepIba.exe
  2⤵
  PID:9924
- C:\Windows\System\lqHwjpU.exe
  C:\Windows\System\lqHwjpU.exe
  2⤵
  PID:9944
- C:\Windows\System\mQhXvmv.exe
  C:\Windows\System\mQhXvmv.exe
  2⤵
  PID:9980
- C:\Windows\System\adBBUIT.exe
  C:\Windows\System\adBBUIT.exe
  2⤵
  PID:10016
- C:\Windows\System\TeCvCUw.exe
  C:\Windows\System\TeCvCUw.exe
  2⤵
  PID:10032
- C:\Windows\System\iHJKpJe.exe
  C:\Windows\System\iHJKpJe.exe
  2⤵
  PID:10072
- C:\Windows\System\tVLueXf.exe
  C:\Windows\System\tVLueXf.exe
  2⤵
  PID:10088
- C:\Windows\System\eoxupss.exe
  C:\Windows\System\eoxupss.exe
  2⤵
  PID:10120
- C:\Windows\System\dixqrkG.exe
  C:\Windows\System\dixqrkG.exe
  2⤵
  PID:10148
- C:\Windows\System\QsrxGpU.exe
  C:\Windows\System\QsrxGpU.exe
  2⤵
  PID:10172
- C:\Windows\System\PABFUIs.exe
  C:\Windows\System\PABFUIs.exe
  2⤵
  PID:10212
- C:\Windows\System\PZlPaUN.exe
  C:\Windows\System\PZlPaUN.exe
  2⤵
  PID:10228
- C:\Windows\System\OiPEpTa.exe
  C:\Windows\System\OiPEpTa.exe
  2⤵
  PID:9224
- C:\Windows\System\CRbofxR.exe
  C:\Windows\System\CRbofxR.exe
  2⤵
  PID:9296
- C:\Windows\System\jdLJArk.exe
  C:\Windows\System\jdLJArk.exe
  2⤵
  PID:9364
- C:\Windows\System\zIXhWTc.exe
  C:\Windows\System\zIXhWTc.exe
  2⤵
  PID:9440
- C:\Windows\System\cUvqLdW.exe
  C:\Windows\System\cUvqLdW.exe
  2⤵
  PID:9476
- C:\Windows\System\fAqRKVp.exe
  C:\Windows\System\fAqRKVp.exe
  2⤵
  PID:9556
- C:\Windows\System\QDssflU.exe
  C:\Windows\System\QDssflU.exe
  2⤵
  PID:9668
- C:\Windows\System\ZNgqGVa.exe
  C:\Windows\System\ZNgqGVa.exe
  2⤵
  PID:9692
- C:\Windows\System\FJUYljn.exe
  C:\Windows\System\FJUYljn.exe
  2⤵
  PID:9772
- C:\Windows\System\ObPXaBl.exe
  C:\Windows\System\ObPXaBl.exe
  2⤵
  PID:9828
- C:\Windows\System\RYYvhdz.exe
  C:\Windows\System\RYYvhdz.exe
  2⤵
  PID:9892
- C:\Windows\System\ruePnCR.exe
  C:\Windows\System\ruePnCR.exe
  2⤵
  PID:9968
- C:\Windows\System\MccnYOL.exe
  C:\Windows\System\MccnYOL.exe
  2⤵
  PID:10044
- C:\Windows\System\mmkdOFr.exe
  C:\Windows\System\mmkdOFr.exe
  2⤵
  PID:10116
- C:\Windows\System\DFvcpwW.exe
  C:\Windows\System\DFvcpwW.exe
  2⤵
  PID:10188
- C:\Windows\System\uOdkaGX.exe
  C:\Windows\System\uOdkaGX.exe
  2⤵
  PID:10224
- C:\Windows\System\tbrpOeM.exe
  C:\Windows\System\tbrpOeM.exe
  2⤵
  PID:9336
- C:\Windows\System\djrjofu.exe
  C:\Windows\System\djrjofu.exe
  2⤵
  PID:9448
- C:\Windows\System\YsSMrSz.exe
  C:\Windows\System\YsSMrSz.exe
  2⤵
  PID:9648
- C:\Windows\System\gjtZZFo.exe
  C:\Windows\System\gjtZZFo.exe
  2⤵
  PID:9792
- C:\Windows\System\oFSjonB.exe
  C:\Windows\System\oFSjonB.exe
  2⤵
  PID:9936
- C:\Windows\System\GcBUJED.exe
  C:\Windows\System\GcBUJED.exe
  2⤵
  PID:10056
- C:\Windows\System\ifTKPKr.exe
  C:\Windows\System\ifTKPKr.exe
  2⤵
  PID:10200
- C:\Windows\System\HcQvUWp.exe
  C:\Windows\System\HcQvUWp.exe
  2⤵
  PID:9516
- C:\Windows\System\iXGeVtT.exe
  C:\Windows\System\iXGeVtT.exe
  2⤵
  PID:9912
- C:\Windows\System\ITwfBsR.exe
  C:\Windows\System\ITwfBsR.exe
  2⤵
  PID:8396
- C:\Windows\System\ctHWurg.exe
  C:\Windows\System\ctHWurg.exe
  2⤵
  PID:9544
- C:\Windows\System\agVUdPz.exe
  C:\Windows\System\agVUdPz.exe
  2⤵
  PID:10248
- C:\Windows\System\NiiVDLF.exe
  C:\Windows\System\NiiVDLF.exe
  2⤵
  PID:10268
- C:\Windows\System\mUkMCMV.exe
  C:\Windows\System\mUkMCMV.exe
  2⤵
  PID:10296
- C:\Windows\System\MIcfDLx.exe
  C:\Windows\System\MIcfDLx.exe
  2⤵
  PID:10320
- C:\Windows\System\DqZsCLm.exe
  C:\Windows\System\DqZsCLm.exe
  2⤵
  PID:10352
- C:\Windows\System\ANRNXFx.exe
  C:\Windows\System\ANRNXFx.exe
  2⤵
  PID:10380
- C:\Windows\System\YbcpFBP.exe
  C:\Windows\System\YbcpFBP.exe
  2⤵
  PID:10400
- C:\Windows\System\mnsvWvT.exe
  C:\Windows\System\mnsvWvT.exe
  2⤵
  PID:10456
- C:\Windows\System\fMBMViF.exe
  C:\Windows\System\fMBMViF.exe
  2⤵
  PID:10476
- C:\Windows\System\yVDaJPN.exe
  C:\Windows\System\yVDaJPN.exe
  2⤵
  PID:10512
- C:\Windows\System\cmmTCAP.exe
  C:\Windows\System\cmmTCAP.exe
  2⤵
  PID:10540
- C:\Windows\System\bPlkMXP.exe
  C:\Windows\System\bPlkMXP.exe
  2⤵
  PID:10568
- C:\Windows\System\iFeaMKm.exe
  C:\Windows\System\iFeaMKm.exe
  2⤵
  PID:10592
- C:\Windows\System\asbkjEl.exe
  C:\Windows\System\asbkjEl.exe
  2⤵
  PID:10612
- C:\Windows\System\ZhqVEeo.exe
  C:\Windows\System\ZhqVEeo.exe
  2⤵
  PID:10636
- C:\Windows\System\czDHQUh.exe
  C:\Windows\System\czDHQUh.exe
  2⤵
  PID:10656
- C:\Windows\System\jkdyxLk.exe
  C:\Windows\System\jkdyxLk.exe
  2⤵
  PID:10696
- C:\Windows\System\klNlylG.exe
  C:\Windows\System\klNlylG.exe
  2⤵
  PID:10724
- C:\Windows\System\ublPMFK.exe
  C:\Windows\System\ublPMFK.exe
  2⤵
  PID:10752
- C:\Windows\System\VMdoYYM.exe
  C:\Windows\System\VMdoYYM.exe
  2⤵
  PID:10780
- C:\Windows\System\tsLRqPl.exe
  C:\Windows\System\tsLRqPl.exe
  2⤵
  PID:10824
- C:\Windows\System\SdOlVdv.exe
  C:\Windows\System\SdOlVdv.exe
  2⤵
  PID:10848
- C:\Windows\System\xjKyOKh.exe
  C:\Windows\System\xjKyOKh.exe
  2⤵
  PID:10872
- C:\Windows\System\scWUPxw.exe
  C:\Windows\System\scWUPxw.exe
  2⤵
  PID:10896
- C:\Windows\System\UkiXqsg.exe
  C:\Windows\System\UkiXqsg.exe
  2⤵
  PID:10912
- C:\Windows\System\lPKraHn.exe
  C:\Windows\System\lPKraHn.exe
  2⤵
  PID:10944
- C:\Windows\System\DBIvSze.exe
  C:\Windows\System\DBIvSze.exe
  2⤵
  PID:10968
- C:\Windows\System\dVcACLp.exe
  C:\Windows\System\dVcACLp.exe
  2⤵
  PID:11004
- C:\Windows\System\vGaMEGV.exe
  C:\Windows\System\vGaMEGV.exe
  2⤵
  PID:11048
- C:\Windows\System\kUkEGTz.exe
  C:\Windows\System\kUkEGTz.exe
  2⤵
  PID:11064
- C:\Windows\System\SfrHsjH.exe
  C:\Windows\System\SfrHsjH.exe
  2⤵
  PID:11104
- C:\Windows\System\lVZnHKO.exe
  C:\Windows\System\lVZnHKO.exe
  2⤵
  PID:11132
- C:\Windows\System\OZNWIrp.exe
  C:\Windows\System\OZNWIrp.exe
  2⤵
  PID:11160
- C:\Windows\System\TKCSpgD.exe
  C:\Windows\System\TKCSpgD.exe
  2⤵
  PID:11188
- C:\Windows\System\lxfFddd.exe
  C:\Windows\System\lxfFddd.exe
  2⤵
  PID:11204
- C:\Windows\System\JKRhivF.exe
  C:\Windows\System\JKRhivF.exe
  2⤵
  PID:11220
- C:\Windows\System\qouqrcB.exe
  C:\Windows\System\qouqrcB.exe
  2⤵
  PID:11244
- C:\Windows\System\DjgclqY.exe
  C:\Windows\System\DjgclqY.exe
  2⤵
  PID:9424
- C:\Windows\System\ooBtpmK.exe
  C:\Windows\System\ooBtpmK.exe
  2⤵
  PID:10316
- C:\Windows\System\QWXsgEI.exe
  C:\Windows\System\QWXsgEI.exe
  2⤵
  PID:10344
- C:\Windows\System\oNvjozZ.exe
  C:\Windows\System\oNvjozZ.exe
  2⤵
  PID:10448
- C:\Windows\System\TDKnLgt.exe
  C:\Windows\System\TDKnLgt.exe
  2⤵
  PID:10556
- C:\Windows\System\ZyPSjmC.exe
  C:\Windows\System\ZyPSjmC.exe
  2⤵
  PID:10604
- C:\Windows\System\xsQiGbW.exe
  C:\Windows\System\xsQiGbW.exe
  2⤵
  PID:10652
- C:\Windows\System\RrNhQRq.exe
  C:\Windows\System\RrNhQRq.exe
  2⤵
  PID:10708
- C:\Windows\System\kiPNNGD.exe
  C:\Windows\System\kiPNNGD.exe
  2⤵
  PID:10804
- C:\Windows\System\BiUFGyA.exe
  C:\Windows\System\BiUFGyA.exe
  2⤵
  PID:10844
- C:\Windows\System\nwhwcdH.exe
  C:\Windows\System\nwhwcdH.exe
  2⤵
  PID:10908
- C:\Windows\System\QAvvyTr.exe
  C:\Windows\System\QAvvyTr.exe
  2⤵
  PID:10964
- C:\Windows\System\taXbzRx.exe
  C:\Windows\System\taXbzRx.exe
  2⤵
  PID:11036
- C:\Windows\System\bNQJvuO.exe
  C:\Windows\System\bNQJvuO.exe
  2⤵
  PID:11096
- C:\Windows\System\XhNCMhM.exe
  C:\Windows\System\XhNCMhM.exe
  2⤵
  PID:11200
- C:\Windows\System\aWiFywv.exe
  C:\Windows\System\aWiFywv.exe
  2⤵
  PID:11232
- C:\Windows\System\uPQPBjF.exe
  C:\Windows\System\uPQPBjF.exe
  2⤵
  PID:10336
- C:\Windows\System\qIPxLis.exe
  C:\Windows\System\qIPxLis.exe
  2⤵
  PID:10560
- C:\Windows\System\FrifdyZ.exe
  C:\Windows\System\FrifdyZ.exe
  2⤵
  PID:10672
- C:\Windows\System\cbLQYLp.exe
  C:\Windows\System\cbLQYLp.exe
  2⤵
  PID:10776
- C:\Windows\System\jlWHfwk.exe
  C:\Windows\System\jlWHfwk.exe
  2⤵
  PID:11000
- C:\Windows\System\nGhIbVZ.exe
  C:\Windows\System\nGhIbVZ.exe
  2⤵
  PID:11212
- C:\Windows\System\tXCuQUa.exe
  C:\Windows\System\tXCuQUa.exe
  2⤵
  PID:10508
- C:\Windows\System\JhDUJKh.exe
  C:\Windows\System\JhDUJKh.exe
  2⤵
  PID:10608
- C:\Windows\System\FyNKjWE.exe
  C:\Windows\System\FyNKjWE.exe
  2⤵
  PID:10932
- C:\Windows\System\RvyKBac.exe
  C:\Windows\System\RvyKBac.exe
  2⤵
  PID:10992
- C:\Windows\System\DUUsoSz.exe
  C:\Windows\System\DUUsoSz.exe
  2⤵
  PID:10632
- C:\Windows\System\DRWfiDy.exe
  C:\Windows\System\DRWfiDy.exe
  2⤵
  PID:11268
- C:\Windows\System\FwGtttW.exe
  C:\Windows\System\FwGtttW.exe
  2⤵
  PID:11284
- C:\Windows\System\pVuYgRU.exe
  C:\Windows\System\pVuYgRU.exe
  2⤵
  PID:11308
- C:\Windows\System\TUqUpgZ.exe
  C:\Windows\System\TUqUpgZ.exe
  2⤵
  PID:11352
- C:\Windows\System\pDedCGX.exe
  C:\Windows\System\pDedCGX.exe
  2⤵
  PID:11376
- C:\Windows\System\XNVynHr.exe
  C:\Windows\System\XNVynHr.exe
  2⤵
  PID:11408
- C:\Windows\System\QkIyONT.exe
  C:\Windows\System\QkIyONT.exe
  2⤵
  PID:11440
- C:\Windows\System\lSVZQKa.exe
  C:\Windows\System\lSVZQKa.exe
  2⤵
  PID:11460
- C:\Windows\System\SPDSCFt.exe
  C:\Windows\System\SPDSCFt.exe
  2⤵
  PID:11484
- C:\Windows\System\ljjoJvR.exe
  C:\Windows\System\ljjoJvR.exe
  2⤵
  PID:11504
- C:\Windows\System\OPwVDlQ.exe
  C:\Windows\System\OPwVDlQ.exe
  2⤵
  PID:11528
- C:\Windows\System\gUCkgeN.exe
  C:\Windows\System\gUCkgeN.exe
  2⤵
  PID:11580
- C:\Windows\System\LwElQjk.exe
  C:\Windows\System\LwElQjk.exe
  2⤵
  PID:11620
- C:\Windows\System\yzIPJQr.exe
  C:\Windows\System\yzIPJQr.exe
  2⤵
  PID:11648
- C:\Windows\System\YpAmhhN.exe
  C:\Windows\System\YpAmhhN.exe
  2⤵
  PID:11668
- C:\Windows\System\CabhicW.exe
  C:\Windows\System\CabhicW.exe
  2⤵
  PID:11704
- C:\Windows\System\gRElpNb.exe
  C:\Windows\System\gRElpNb.exe
  2⤵
  PID:11740
- C:\Windows\System\SkTewqP.exe
  C:\Windows\System\SkTewqP.exe
  2⤵
  PID:11764
- C:\Windows\System\cPnPEhc.exe
  C:\Windows\System\cPnPEhc.exe
  2⤵
  PID:11792
- C:\Windows\System\HBNqiUm.exe
  C:\Windows\System\HBNqiUm.exe
  2⤵
  PID:11852
- C:\Windows\System\BYskudt.exe
  C:\Windows\System\BYskudt.exe
  2⤵
  PID:11868
- C:\Windows\System\OrblYuR.exe
  C:\Windows\System\OrblYuR.exe
  2⤵
  PID:11884
- C:\Windows\System\PixMLEW.exe
  C:\Windows\System\PixMLEW.exe
  2⤵
  PID:11904
- C:\Windows\System\CMjLXWN.exe
  C:\Windows\System\CMjLXWN.exe
  2⤵
  PID:11932
- C:\Windows\System\WczDvxx.exe
  C:\Windows\System\WczDvxx.exe
  2⤵
  PID:11980
- C:\Windows\System\NGPKjlv.exe
  C:\Windows\System\NGPKjlv.exe
  2⤵
  PID:12008
- C:\Windows\System\IbQIVoh.exe
  C:\Windows\System\IbQIVoh.exe
  2⤵
  PID:12036
- C:\Windows\System\RdUvDmR.exe
  C:\Windows\System\RdUvDmR.exe
  2⤵
  PID:12064
- C:\Windows\System\ppuVkDL.exe
  C:\Windows\System\ppuVkDL.exe
  2⤵
  PID:12080
- C:\Windows\System\oIBwKmb.exe
  C:\Windows\System\oIBwKmb.exe
  2⤵
  PID:12096
- C:\Windows\System\PPxEBOD.exe
  C:\Windows\System\PPxEBOD.exe
  2⤵
  PID:12112
- C:\Windows\System\iaKfYBN.exe
  C:\Windows\System\iaKfYBN.exe
  2⤵
  PID:12148
- C:\Windows\System\TJLiakG.exe
  C:\Windows\System\TJLiakG.exe
  2⤵
  PID:12184
- C:\Windows\System\aZEKiaP.exe
  C:\Windows\System\aZEKiaP.exe
  2⤵
  PID:12208
- C:\Windows\System\FsLYNoi.exe
  C:\Windows\System\FsLYNoi.exe
  2⤵
  PID:12224
- C:\Windows\System\bTdWHbt.exe
  C:\Windows\System\bTdWHbt.exe
  2⤵
  PID:12256
- C:\Windows\System\ELhpcnH.exe
  C:\Windows\System\ELhpcnH.exe
  2⤵
  PID:11292
- C:\Windows\System\BegHRse.exe
  C:\Windows\System\BegHRse.exe
  2⤵
  PID:11348
- C:\Windows\System\LPDONkJ.exe
  C:\Windows\System\LPDONkJ.exe
  2⤵
  PID:11372
- C:\Windows\System\wqqCVda.exe
  C:\Windows\System\wqqCVda.exe
  2⤵
  PID:11404
- C:\Windows\System\xGMascE.exe
  C:\Windows\System\xGMascE.exe
  2⤵
  PID:11480
- C:\Windows\System\VGXbppf.exe
  C:\Windows\System\VGXbppf.exe
  2⤵
  PID:11592
- C:\Windows\System\qxgJNGl.exe
  C:\Windows\System\qxgJNGl.exe
  2⤵
  PID:11612
- C:\Windows\System\dFiMLze.exe
  C:\Windows\System\dFiMLze.exe
  2⤵
  PID:11760
- C:\Windows\System\iLNTiFf.exe
  C:\Windows\System\iLNTiFf.exe
  2⤵
  PID:11800
- C:\Windows\System\JGafZJv.exe
  C:\Windows\System\JGafZJv.exe
  2⤵
  PID:11876
- C:\Windows\System\JRCMgVy.exe
  C:\Windows\System\JRCMgVy.exe
  2⤵
  PID:11920
- C:\Windows\System\gNIrOFw.exe
  C:\Windows\System\gNIrOFw.exe
  2⤵
  PID:12024
- C:\Windows\System\mVyYTBX.exe
  C:\Windows\System\mVyYTBX.exe
  2⤵
  PID:12052
- C:\Windows\System\BrYooAW.exe
  C:\Windows\System\BrYooAW.exe
  2⤵
  PID:12144
- C:\Windows\System\OZspdwS.exe
  C:\Windows\System\OZspdwS.exe
  2⤵
  PID:12196
- C:\Windows\System\DMkodTx.exe
  C:\Windows\System\DMkodTx.exe
  2⤵
  PID:12248
- C:\Windows\System\tpXdtCs.exe
  C:\Windows\System\tpXdtCs.exe
  2⤵
  PID:12268
- C:\Windows\System\ZoljNkT.exe
  C:\Windows\System\ZoljNkT.exe
  2⤵
  PID:11396
- C:\Windows\System\yRAvDTE.exe
  C:\Windows\System\yRAvDTE.exe
  2⤵
  PID:11616
- C:\Windows\System\wrVVwlF.exe
  C:\Windows\System\wrVVwlF.exe
  2⤵
  PID:11680
- C:\Windows\System\HtqYoXK.exe
  C:\Windows\System\HtqYoXK.exe
  2⤵
  PID:11860
- C:\Windows\System\LsEcxKd.exe
  C:\Windows\System\LsEcxKd.exe
  2⤵
  PID:11992
- C:\Windows\System\CqBLiPF.exe
  C:\Windows\System\CqBLiPF.exe
  2⤵
  PID:12168
- C:\Windows\System\FnXvigv.exe
  C:\Windows\System\FnXvigv.exe
  2⤵
  PID:12216
- C:\Windows\System\EpAZvyj.exe
  C:\Windows\System\EpAZvyj.exe
  2⤵
  PID:11784
- C:\Windows\System\iSLqVvv.exe
  C:\Windows\System\iSLqVvv.exe
  2⤵
  PID:11892
- C:\Windows\System\xTZFbvi.exe
  C:\Windows\System\xTZFbvi.exe
  2⤵
  PID:12004
- C:\Windows\System\okdplVk.exe
  C:\Windows\System\okdplVk.exe
  2⤵
  PID:12304
- C:\Windows\System\TFEtgJJ.exe
  C:\Windows\System\TFEtgJJ.exe
  2⤵
  PID:12328
- C:\Windows\System\NNKxUlC.exe
  C:\Windows\System\NNKxUlC.exe
  2⤵
  PID:12364
- C:\Windows\System\KlQqBuw.exe
  C:\Windows\System\KlQqBuw.exe
  2⤵
  PID:12388
- C:\Windows\System\TvNFNzF.exe
  C:\Windows\System\TvNFNzF.exe
  2⤵
  PID:12416
- C:\Windows\System\KVllPKt.exe
  C:\Windows\System\KVllPKt.exe
  2⤵
  PID:12440
- C:\Windows\System\djVaDse.exe
  C:\Windows\System\djVaDse.exe
  2⤵
  PID:12464
- C:\Windows\System\AZyAJHK.exe
  C:\Windows\System\AZyAJHK.exe
  2⤵
  PID:12512
- C:\Windows\System\OiSSaxa.exe
  C:\Windows\System\OiSSaxa.exe
  2⤵
  PID:12552
- C:\Windows\System\aSrFaVg.exe
  C:\Windows\System\aSrFaVg.exe
  2⤵
  PID:12568
- C:\Windows\System\gKFgkNh.exe
  C:\Windows\System\gKFgkNh.exe
  2⤵
  PID:12592
- C:\Windows\System\Jpwatlb.exe
  C:\Windows\System\Jpwatlb.exe
  2⤵
  PID:12624
- C:\Windows\System\oxwpiTr.exe
  C:\Windows\System\oxwpiTr.exe
  2⤵
  PID:12640
- C:\Windows\System\ikmOcls.exe
  C:\Windows\System\ikmOcls.exe
  2⤵
  PID:12664
- C:\Windows\System\ZbYFPBK.exe
  C:\Windows\System\ZbYFPBK.exe
  2⤵
  PID:12712
- C:\Windows\System\PAKToRB.exe
  C:\Windows\System\PAKToRB.exe
  2⤵
  PID:12752
- C:\Windows\System\RiqGEoY.exe
  C:\Windows\System\RiqGEoY.exe
  2⤵
  PID:12780
- C:\Windows\System\xXPATwZ.exe
  C:\Windows\System\xXPATwZ.exe
  2⤵
  PID:12796
- C:\Windows\System\lLqXIgg.exe
  C:\Windows\System\lLqXIgg.exe
  2⤵
  PID:12816
- C:\Windows\System\gYAWDPy.exe
  C:\Windows\System\gYAWDPy.exe
  2⤵
  PID:12836
- C:\Windows\System\NiiIyNy.exe
  C:\Windows\System\NiiIyNy.exe
  2⤵
  PID:12892
- C:\Windows\System\ClYdpTe.exe
  C:\Windows\System\ClYdpTe.exe
  2⤵
  PID:12912
- C:\Windows\System\wXvWjTD.exe
  C:\Windows\System\wXvWjTD.exe
  2⤵
  PID:12932
- C:\Windows\System\hsEPyoG.exe
  C:\Windows\System\hsEPyoG.exe
  2⤵
  PID:12956
- C:\Windows\System\zNbwEfU.exe
  C:\Windows\System\zNbwEfU.exe
  2⤵
  PID:12984
- C:\Windows\System\QlxLXEg.exe
  C:\Windows\System\QlxLXEg.exe
  2⤵
  PID:13012
- C:\Windows\System\deqddsa.exe
  C:\Windows\System\deqddsa.exe
  2⤵
  PID:13048
- C:\Windows\System\qdTRPdl.exe
  C:\Windows\System\qdTRPdl.exe
  2⤵
  PID:13064
- C:\Windows\System\UlyajWJ.exe
  C:\Windows\System\UlyajWJ.exe
  2⤵
  PID:13080
- C:\Windows\System\lJZFUtz.exe
  C:\Windows\System\lJZFUtz.exe
  2⤵
  PID:13096
- C:\Windows\System\WRZTitI.exe
  C:\Windows\System\WRZTitI.exe
  2⤵
  PID:13128
- C:\Windows\System\HnZtHgv.exe
  C:\Windows\System\HnZtHgv.exe
  2⤵
  PID:13160
- C:\Windows\System\CpGWOci.exe
  C:\Windows\System\CpGWOci.exe
  2⤵
  PID:13208
- C:\Windows\System\vFCAhqO.exe
  C:\Windows\System\vFCAhqO.exe
  2⤵
  PID:13236
- C:\Windows\System\EwEygZG.exe
  C:\Windows\System\EwEygZG.exe
  2⤵
  PID:13268
- C:\Windows\System\zEdFEfh.exe
  C:\Windows\System\zEdFEfh.exe
  2⤵
  PID:11640
- C:\Windows\System\tYrYqdM.exe
  C:\Windows\System\tYrYqdM.exe
  2⤵
  PID:12296
- C:\Windows\System\YhMdVGJ.exe
  C:\Windows\System\YhMdVGJ.exe
  2⤵
  PID:12360
- C:\Windows\System\uXrElZu.exe
  C:\Windows\System\uXrElZu.exe
  2⤵
  PID:12428
- C:\Windows\System\htPgqEY.exe
  C:\Windows\System\htPgqEY.exe
  2⤵
  PID:12460
- C:\Windows\System\yaQlVSg.exe
  C:\Windows\System\yaQlVSg.exe
  2⤵
  PID:12532
- C:\Windows\System\Pnqtezb.exe
  C:\Windows\System\Pnqtezb.exe
  2⤵
  PID:12612
- C:\Windows\System\EUBlVHA.exe
  C:\Windows\System\EUBlVHA.exe
  2⤵
  PID:12656
- C:\Windows\System\JCcHvqY.exe
  C:\Windows\System\JCcHvqY.exe
  2⤵
  PID:12744
- C:\Windows\System\quEDlRB.exe
  C:\Windows\System\quEDlRB.exe
  2⤵
  PID:12804
- C:\Windows\System\WUwHUYd.exe
  C:\Windows\System\WUwHUYd.exe
  2⤵
  PID:12876
- C:\Windows\System\IHcZFXt.exe
  C:\Windows\System\IHcZFXt.exe
  2⤵
  PID:12920
- C:\Windows\System\oARcUOM.exe
  C:\Windows\System\oARcUOM.exe
  2⤵
  PID:12980
- C:\Windows\System\eMvhYlK.exe
  C:\Windows\System\eMvhYlK.exe
  2⤵
  PID:12992
- C:\Windows\System\LmmtjJf.exe
  C:\Windows\System\LmmtjJf.exe
  2⤵
  PID:13060
- C:\Windows\System\NMNyXeS.exe
  C:\Windows\System\NMNyXeS.exe
  2⤵
  PID:13116
- C:\Windows\System\ITGHOMg.exe
  C:\Windows\System\ITGHOMg.exe
  2⤵
  PID:13156
- C:\Windows\System\eLkXhXt.exe
  C:\Windows\System\eLkXhXt.exe
  2⤵
  PID:13248
- C:\Windows\System\tUfARoK.exe
  C:\Windows\System\tUfARoK.exe
  2⤵
  PID:12436
- C:\Windows\System\qfhWcQm.exe
  C:\Windows\System\qfhWcQm.exe
  2⤵
  PID:12584
- C:\Windows\System\qxWalWk.exe
  C:\Windows\System\qxWalWk.exe
  2⤵
  PID:12652
- C:\Windows\System\aOvyOzS.exe
  C:\Windows\System\aOvyOzS.exe
  2⤵
  PID:12900
- C:\Windows\System\Xgukzop.exe
  C:\Windows\System\Xgukzop.exe
  2⤵
  PID:13056
- C:\Windows\System\jfvyUOe.exe
  C:\Windows\System\jfvyUOe.exe
  2⤵
  PID:13124
- C:\Windows\System\rkrlFQh.exe
  C:\Windows\System\rkrlFQh.exe
  2⤵
  PID:13188
- C:\Windows\System\YLhUylJ.exe
  C:\Windows\System\YLhUylJ.exe
  2⤵
  PID:12548
- C:\Windows\System\WxtIatx.exe
  C:\Windows\System\WxtIatx.exe
  2⤵
  PID:12852
- C:\Windows\System\IRJETrv.exe
  C:\Windows\System\IRJETrv.exe
  2⤵
  PID:12500
- C:\Windows\System\uvmpuBX.exe
  C:\Windows\System\uvmpuBX.exe
  2⤵
  PID:13040
- C:\Windows\System\HlhFKjx.exe
  C:\Windows\System\HlhFKjx.exe
  2⤵
  PID:13332
- C:\Windows\System\zJQBloy.exe
  C:\Windows\System\zJQBloy.exe
  2⤵
  PID:13352
- C:\Windows\System\uOkmifN.exe
  C:\Windows\System\uOkmifN.exe
  2⤵
  PID:13380
- C:\Windows\System\cKIGXbq.exe
  C:\Windows\System\cKIGXbq.exe
  2⤵
  PID:13428
- C:\Windows\System\XqdjToc.exe
  C:\Windows\System\XqdjToc.exe
  2⤵
  PID:13452
- C:\Windows\System\dWPPsII.exe
  C:\Windows\System\dWPPsII.exe
  2⤵
  PID:13476
- C:\Windows\System\MeXpLyG.exe
  C:\Windows\System\MeXpLyG.exe
  2⤵
  PID:13504
- C:\Windows\System\tdQupKQ.exe
  C:\Windows\System\tdQupKQ.exe
  2⤵
  PID:13524
- C:\Windows\System\xnNlxEz.exe
  C:\Windows\System\xnNlxEz.exe
  2⤵
  PID:13556
- C:\Windows\System\aAfsvLG.exe
  C:\Windows\System\aAfsvLG.exe
  2⤵
  PID:13576
- C:\Windows\System\ygbbVQv.exe
  C:\Windows\System\ygbbVQv.exe
  2⤵
  PID:13608
- C:\Windows\System\fhnRjxT.exe
  C:\Windows\System\fhnRjxT.exe
  2⤵
  PID:13660
- C:\Windows\System\xRfHWBw.exe
  C:\Windows\System\xRfHWBw.exe
  2⤵
  PID:13688
- C:\Windows\System\jjiOwih.exe
  C:\Windows\System\jjiOwih.exe
  2⤵
  PID:13708
- C:\Windows\System\phsyFNq.exe
  C:\Windows\System\phsyFNq.exe
  2⤵
  PID:13732
- C:\Windows\System\jSSCFWo.exe
  C:\Windows\System\jSSCFWo.exe
  2⤵
  PID:13760
- C:\Windows\System\zcIlObT.exe
  C:\Windows\System\zcIlObT.exe
  2⤵
  PID:13780
- C:\Windows\System\HgkILQC.exe
  C:\Windows\System\HgkILQC.exe
  2⤵
  PID:13804
- C:\Windows\System\HeadmVw.exe
  C:\Windows\System\HeadmVw.exe
  2⤵
  PID:13836
- C:\Windows\System\KCgLrKW.exe
  C:\Windows\System\KCgLrKW.exe
  2⤵
  PID:13868
- C:\Windows\System\rXQMlQF.exe
  C:\Windows\System\rXQMlQF.exe
  2⤵
  PID:13904
- C:\Windows\System\WsLJZVR.exe
  C:\Windows\System\WsLJZVR.exe
  2⤵
  PID:13920
- C:\Windows\System\cRavzLj.exe
  C:\Windows\System\cRavzLj.exe
  2⤵
  PID:13972
- C:\Windows\System\QDlWrdp.exe
  C:\Windows\System\QDlWrdp.exe
  2⤵
  PID:13988
- C:\Windows\System\NEvQMPL.exe
  C:\Windows\System\NEvQMPL.exe
  2⤵
  PID:14012
- C:\Windows\System\lZsHJUT.exe
  C:\Windows\System\lZsHJUT.exe
  2⤵
  PID:14036
- C:\Windows\System\VdpdqZV.exe
  C:\Windows\System\VdpdqZV.exe
  2⤵
  PID:14084
- C:\Windows\System\uGVTKCu.exe
  C:\Windows\System\uGVTKCu.exe
  2⤵
  PID:14100
- C:\Windows\System\UYAxkcH.exe
  C:\Windows\System\UYAxkcH.exe
  2⤵
  PID:14128
- C:\Windows\System\AjsTYVc.exe
  C:\Windows\System\AjsTYVc.exe
  2⤵
  PID:14152
- C:\Windows\System\xQoJiXX.exe
  C:\Windows\System\xQoJiXX.exe
  2⤵
  PID:14172
- C:\Windows\System\MvGQcra.exe
  C:\Windows\System\MvGQcra.exe
  2⤵
  PID:14188
- C:\Windows\System\IpZnbKR.exe
  C:\Windows\System\IpZnbKR.exe
  2⤵
  PID:14248
- C:\Windows\System\MJimTWd.exe
  C:\Windows\System\MJimTWd.exe
  2⤵
  PID:14280
- C:\Windows\System\jvkcZVt.exe
  C:\Windows\System\jvkcZVt.exe
  2⤵
  PID:14296
- C:\Windows\System\nqTZMyO.exe
  C:\Windows\System\nqTZMyO.exe
  2⤵
  PID:14324
- C:\Windows\System\rxVDXUr.exe
  C:\Windows\System\rxVDXUr.exe
  2⤵
  PID:13368
- C:\Windows\System\CQStqpB.exe
  C:\Windows\System\CQStqpB.exe
  2⤵
  PID:13404
- C:\Windows\System\phZAeyj.exe
  C:\Windows\System\phZAeyj.exe
  2⤵
  PID:13448
- C:\Windows\System\vwkPymO.exe
  C:\Windows\System\vwkPymO.exe
  2⤵
  PID:13488
- C:\Windows\System\SJlwmqU.exe
  C:\Windows\System\SJlwmqU.exe
  2⤵
  PID:13548
- C:\Windows\System\FTmgXgU.exe
  C:\Windows\System\FTmgXgU.exe
  2⤵
  PID:13656
- C:\Windows\System\HynDXHw.exe
  C:\Windows\System\HynDXHw.exe
  2⤵
  PID:13720
- C:\Windows\System\dxXQpqE.exe
  C:\Windows\System\dxXQpqE.exe
  2⤵
  PID:13768
- C:\Windows\System\eSAPzAv.exe
  C:\Windows\System\eSAPzAv.exe
  2⤵
  PID:13820
- C:\Windows\System\pzGWvGE.exe
  C:\Windows\System\pzGWvGE.exe
  2⤵
  PID:13892
- C:\Windows\System\ONpZFFb.exe
  C:\Windows\System\ONpZFFb.exe
  2⤵
  PID:13932
- C:\Windows\System\QamAzIc.exe
  C:\Windows\System\QamAzIc.exe
  2⤵
  PID:14064
- C:\Windows\System\LFZiLMe.exe
  C:\Windows\System\LFZiLMe.exe
  2⤵
  PID:14120
- C:\Windows\System\BPQjcyq.exe
  C:\Windows\System\BPQjcyq.exe
  2⤵
  PID:14148
- C:\Windows\System\SxQhMNt.exe
  C:\Windows\System\SxQhMNt.exe
  2⤵
  PID:14256
- C:\Windows\System\fygjkpa.exe
  C:\Windows\System\fygjkpa.exe
  2⤵
  PID:14308
- C:\Windows\System\ylBzCBY.exe
  C:\Windows\System\ylBzCBY.exe
  2⤵
  PID:13340
- C:\Windows\System\MiJhpKx.exe
  C:\Windows\System\MiJhpKx.exe
  2⤵
  PID:13416
- C:\Windows\System\lswkHce.exe
  C:\Windows\System\lswkHce.exe
  2⤵
  PID:13520
- C:\Windows\System\Txtqheu.exe
  C:\Windows\System\Txtqheu.exe
  2⤵
  PID:13800
- C:\Windows\System\RZsZtqn.exe
  C:\Windows\System\RZsZtqn.exe
  2⤵
  PID:13916
- C:\Windows\System\zGsdoTf.exe
  C:\Windows\System\zGsdoTf.exe
  2⤵
  PID:14028
- C:\Windows\System\nmfEGka.exe
  C:\Windows\System\nmfEGka.exe
  2⤵
  PID:14240
- C:\Windows\System\jbBZgEb.exe
  C:\Windows\System\jbBZgEb.exe
  2⤵
  PID:14316
- C:\Windows\System\oCvKNgh.exe
  C:\Windows\System\oCvKNgh.exe
  2⤵
  PID:13964
- C:\Windows\System\xMJugPg.exe
  C:\Windows\System\xMJugPg.exe
  2⤵
  PID:14144
- C:\Windows\System\VFplijc.exe
  C:\Windows\System\VFplijc.exe
  2⤵
  PID:13844
- C:\Windows\System\CCDtAtb.exe
  C:\Windows\System\CCDtAtb.exe
  2⤵
  PID:14348
- C:\Windows\System\ARjjQtM.exe
  C:\Windows\System\ARjjQtM.exe
  2⤵
  PID:14364
- C:\Windows\System\IBotsJL.exe
  C:\Windows\System\IBotsJL.exe
  2⤵
  PID:14380
- C:\Windows\System\DHzURLz.exe
  C:\Windows\System\DHzURLz.exe
  2⤵
  PID:14404
- C:\Windows\System\BxvRgrt.exe
  C:\Windows\System\BxvRgrt.exe
  2⤵
  PID:14448
- C:\Windows\System\PMPyTqe.exe
  C:\Windows\System\PMPyTqe.exe
  2⤵
  PID:14488
- C:\Windows\System\DMNcNXA.exe
  C:\Windows\System\DMNcNXA.exe
  2⤵
  PID:14504
- C:\Windows\System\CzdOovM.exe
  C:\Windows\System\CzdOovM.exe
  2⤵
  PID:14532
- C:\Windows\System\plQpMCW.exe
  C:\Windows\System\plQpMCW.exe
  2⤵
  PID:14548
- C:\Windows\System\GLEnUGB.exe
  C:\Windows\System\GLEnUGB.exe
  2⤵
  PID:14580
- C:\Windows\System\BmtoKGr.exe
  C:\Windows\System\BmtoKGr.exe
  2⤵
  PID:14612
- C:\Windows\System\BCGktpF.exe
  C:\Windows\System\BCGktpF.exe
  2⤵
  PID:14632
- C:\Windows\System\rjirNBg.exe
  C:\Windows\System\rjirNBg.exe
  2⤵
  PID:14676
- C:\Windows\System\qZHRodw.exe
  C:\Windows\System\qZHRodw.exe
  2⤵
  PID:14696
- C:\Windows\System\GzewMSa.exe
  C:\Windows\System\GzewMSa.exe
  2⤵
  PID:14712
- C:\Windows\System\rUKWrZo.exe
  C:\Windows\System\rUKWrZo.exe
  2⤵
  PID:14732
- C:\Windows\System\LYvIBpK.exe
  C:\Windows\System\LYvIBpK.exe
  2⤵
  PID:14760
- C:\Windows\System\qUCzpuv.exe
  C:\Windows\System\qUCzpuv.exe
  2⤵
  PID:14796
- C:\Windows\System\IQawVbr.exe
  C:\Windows\System\IQawVbr.exe
  2⤵
  PID:14816
- C:\Windows\System\OwjgqjT.exe
  C:\Windows\System\OwjgqjT.exe
  2⤵
  PID:14852
- C:\Windows\System\rSjDXkn.exe
  C:\Windows\System\rSjDXkn.exe
  2⤵
  PID:14904
- C:\Windows\System\BfgcxRQ.exe
  C:\Windows\System\BfgcxRQ.exe
  2⤵
  PID:14924
- C:\Windows\System\XkxQtex.exe
  C:\Windows\System\XkxQtex.exe
  2⤵
  PID:14944
- C:\Windows\System\SYxmCzD.exe
  C:\Windows\System\SYxmCzD.exe
  2⤵
  PID:14968
- C:\Windows\System\idTqfAT.exe
  C:\Windows\System\idTqfAT.exe
  2⤵
  PID:15012
- C:\Windows\System\SRpbRjz.exe
  C:\Windows\System\SRpbRjz.exe
  2⤵
  PID:15040
- C:\Windows\System\vhIkwmh.exe
  C:\Windows\System\vhIkwmh.exe
  2⤵
  PID:15068
- C:\Windows\System\NjqWMDe.exe
  C:\Windows\System\NjqWMDe.exe
  2⤵
  PID:15084
- C:\Windows\System\pUvlpKB.exe
  C:\Windows\System\pUvlpKB.exe
  2⤵
  PID:15136
- C:\Windows\System\sbzWccV.exe
  C:\Windows\System\sbzWccV.exe
  2⤵
  PID:15164
- C:\Windows\System\NmtQtWa.exe
  C:\Windows\System\NmtQtWa.exe
  2⤵
  PID:15188
- C:\Windows\System\jdypSkm.exe
  C:\Windows\System\jdypSkm.exe
  2⤵
  PID:15208
- C:\Windows\System\pKZGvXU.exe
  C:\Windows\System\pKZGvXU.exe
  2⤵
  PID:15240
- C:\Windows\System\kTnCpMs.exe
  C:\Windows\System\kTnCpMs.exe
  2⤵
  PID:15260
- C:\Windows\System\ABfEzQD.exe
  C:\Windows\System\ABfEzQD.exe
  2⤵
  PID:15296
- C:\Windows\System\RRmaLsW.exe
  C:\Windows\System\RRmaLsW.exe
  2⤵
  PID:15320
- C:\Windows\System\RaUgIQH.exe
  C:\Windows\System\RaUgIQH.exe
  2⤵
  PID:15340
- C:\Windows\System\hpxqCJM.exe
  C:\Windows\System\hpxqCJM.exe
  2⤵
  PID:13984
- C:\Windows\System\iBjDXbu.exe
  C:\Windows\System\iBjDXbu.exe
  2⤵
  PID:14460
- C:\Windows\System\BpDjCzl.exe
  C:\Windows\System\BpDjCzl.exe
  2⤵
  PID:14500
- C:\Windows\System\SluaUKH.exe
  C:\Windows\System\SluaUKH.exe
  2⤵
  PID:14576
- C:\Windows\System\EVWdjqk.exe
  C:\Windows\System\EVWdjqk.exe
  2⤵
  PID:14664
- C:\Windows\System\fTqldCZ.exe
  C:\Windows\System\fTqldCZ.exe
  2⤵
  PID:14688
- C:\Windows\System\uTbWXdz.exe
  C:\Windows\System\uTbWXdz.exe
  2⤵
  PID:14724
- C:\Windows\System\IKFXnFO.exe
  C:\Windows\System\IKFXnFO.exe
  2⤵
  PID:14804
- C:\Windows\System\TSIAKJN.exe
  C:\Windows\System\TSIAKJN.exe
  2⤵
  PID:14840
- C:\Windows\System\lcbEJNM.exe
  C:\Windows\System\lcbEJNM.exe
  2⤵
  PID:14932
- C:\Windows\System\lNcMNXv.exe
  C:\Windows\System\lNcMNXv.exe
  2⤵
  PID:15008
- C:\Windows\System\UwjxHok.exe
  C:\Windows\System\UwjxHok.exe
  2⤵
  PID:15060
- C:\Windows\System\JEeZpaW.exe
  C:\Windows\System\JEeZpaW.exe
  2⤵
  PID:15104
- C:\Windows\System\WTmKPOM.exe
  C:\Windows\System\WTmKPOM.exe
  2⤵
  PID:15196
- C:\Windows\System\ntwETWQ.exe
  C:\Windows\System\ntwETWQ.exe
  2⤵
  PID:15276
- C:\Windows\System\pjtzuVN.exe
  C:\Windows\System\pjtzuVN.exe
  2⤵
  PID:15332
- C:\Windows\System\fkzjaIe.exe
  C:\Windows\System\fkzjaIe.exe
  2⤵
  PID:14392
- C:\Windows\System\pJTNinx.exe
  C:\Windows\System\pJTNinx.exe
  2⤵
  PID:14432
- C:\Windows\System\HGqgngL.exe
  C:\Windows\System\HGqgngL.exe
  2⤵
  PID:14624
- C:\Windows\System\LJaiEQY.exe
  C:\Windows\System\LJaiEQY.exe
  2⤵
  PID:14880
- C:\Windows\System\zTkLEnu.exe
  C:\Windows\System\zTkLEnu.exe
  2⤵
  PID:15000
- C:\Windows\System\jnjSnoF.exe
  C:\Windows\System\jnjSnoF.exe
  2⤵
  PID:15288
- C:\Windows\System\bBkHiPl.exe
  C:\Windows\System\bBkHiPl.exe
  2⤵
  PID:14496
- C:\Windows\System\MAGQHsK.exe
  C:\Windows\System\MAGQHsK.exe
  2⤵
  PID:14708
- C:\Windows\System\AVvpygw.exe
  C:\Windows\System\AVvpygw.exe
  2⤵
  PID:14984
- C:\Windows\System\XQUiGON.exe
  C:\Windows\System\XQUiGON.exe
  2⤵
  PID:13792
- C:\Windows\System\sKlMwyq.exe
  C:\Windows\System\sKlMwyq.exe
  2⤵
  PID:15384
- C:\Windows\System\HBGPEib.exe
  C:\Windows\System\HBGPEib.exe
  2⤵
  PID:15412
- C:\Windows\System\bZVIRWg.exe
  C:\Windows\System\bZVIRWg.exe
  2⤵
  PID:15440
- C:\Windows\System\JkKClED.exe
  C:\Windows\System\JkKClED.exe
  2⤵
  PID:15456
- C:\Windows\System\bzfOvMA.exe
  C:\Windows\System\bzfOvMA.exe
  2⤵
  PID:15488
- C:\Windows\System\opaTmDc.exe
  C:\Windows\System\opaTmDc.exe
  2⤵
  PID:15516
- C:\Windows\System\repqdKr.exe
  C:\Windows\System\repqdKr.exe
  2⤵
  PID:15540
- C:\Windows\System\CTerSRS.exe
  C:\Windows\System\CTerSRS.exe
  2⤵
  PID:15556
- C:\Windows\System\ayiuAEe.exe
  C:\Windows\System\ayiuAEe.exe
  2⤵
  PID:15608
- C:\Windows\System\qVIZZBm.exe
  C:\Windows\System\qVIZZBm.exe
  2⤵
  PID:15628
- C:\Windows\System\RHGPfLE.exe
  C:\Windows\System\RHGPfLE.exe
  2⤵
  PID:15648
- C:\Windows\System\hscFAHj.exe
  C:\Windows\System\hscFAHj.exe
  2⤵
  PID:15668
- C:\Windows\System\ArLBGwm.exe
  C:\Windows\System\ArLBGwm.exe
  2⤵
  PID:15712
- C:\Windows\System\dmYPrYe.exe
  C:\Windows\System\dmYPrYe.exe
  2⤵
  PID:15748
- C:\Windows\System\rBYgQzX.exe
  C:\Windows\System\rBYgQzX.exe
  2⤵
  PID:15784
- C:\Windows\System\QkNJdel.exe
  C:\Windows\System\QkNJdel.exe
  2⤵
  PID:15804
- C:\Windows\System\kpkIKoG.exe
  C:\Windows\System\kpkIKoG.exe
  2⤵
  PID:15820
- C:\Windows\System\HKJESGj.exe
  C:\Windows\System\HKJESGj.exe
  2⤵
  PID:15848
- C:\Windows\System\wlSUQME.exe
  C:\Windows\System\wlSUQME.exe
  2⤵
  PID:15884
- C:\Windows\System\OcoRGXK.exe
  C:\Windows\System\OcoRGXK.exe
  2⤵
  PID:15904
- C:\Windows\System\FXKcEKk.exe
  C:\Windows\System\FXKcEKk.exe
  2⤵
  PID:15920
- C:\Windows\System\Nstyial.exe
  C:\Windows\System\Nstyial.exe
  2⤵
  PID:15968
- C:\Windows\System\DLxwkzm.exe
  C:\Windows\System\DLxwkzm.exe
  2⤵
  PID:15988
- C:\Windows\System\baXtaPh.exe
  C:\Windows\System\baXtaPh.exe
  2⤵
  PID:16040
- C:\Windows\System\LJKfeHV.exe
  C:\Windows\System\LJKfeHV.exe
  2⤵
  PID:16056
- C:\Windows\System\lCqLYJx.exe
  C:\Windows\System\lCqLYJx.exe
  2⤵
  PID:16092
- C:\Windows\System\dLzUeTR.exe
  C:\Windows\System\dLzUeTR.exe
  2⤵
  PID:16112
- C:\Windows\System\ZYFqOxC.exe
  C:\Windows\System\ZYFqOxC.exe
  2⤵
  PID:16132
- C:\Windows\System\pCjfpDj.exe
  C:\Windows\System\pCjfpDj.exe
  2⤵
  PID:16152
- C:\Windows\System\JLnpNak.exe
  C:\Windows\System\JLnpNak.exe
  2⤵
  PID:16172
- C:\Windows\System\oGUjKlq.exe
  C:\Windows\System\oGUjKlq.exe
  2⤵
  PID:16228
- C:\Windows\System\MfCshSR.exe
  C:\Windows\System\MfCshSR.exe
  2⤵
  PID:16244
- C:\Windows\System\rsrjjZT.exe
  C:\Windows\System\rsrjjZT.exe
  2⤵
  PID:16264
- C:\Windows\System\qBoOcFE.exe
  C:\Windows\System\qBoOcFE.exe
  2⤵
  PID:16284
- C:\Windows\System\zjZwWJw.exe
  C:\Windows\System\zjZwWJw.exe
  2⤵
  PID:16340
- C:\Windows\System\RMBLJcJ.exe
  C:\Windows\System\RMBLJcJ.exe
  2⤵
  PID:16364
- C:\Windows\System\MfwUcYD.exe
  C:\Windows\System\MfwUcYD.exe
  2⤵
  PID:15184
- C:\Windows\System\pnQdIZd.exe
  C:\Windows\System\pnQdIZd.exe
  2⤵
  PID:14540
- C:\Windows\System\fFeqUwF.exe
  C:\Windows\System\fFeqUwF.exe
  2⤵
  PID:15404
- C:\Windows\System\RPQcQRU.exe
  C:\Windows\System\RPQcQRU.exe
  2⤵
  PID:15428
- C:\Windows\System\tODUfgM.exe
  C:\Windows\System\tODUfgM.exe
  2⤵
  PID:4852
- C:\Windows\System\RXVOcTX.exe
  C:\Windows\System\RXVOcTX.exe
  2⤵
  PID:15496
- C:\Windows\System\gWJFQSy.exe
  C:\Windows\System\gWJFQSy.exe
  2⤵
  PID:15548
- C:\Windows\System\BWLaCGt.exe
  C:\Windows\System\BWLaCGt.exe
  2⤵
  PID:15584
- C:\Windows\System\tkEFdkZ.exe
  C:\Windows\System\tkEFdkZ.exe
  2⤵
  PID:15644
- C:\Windows\System\qUWlpQZ.exe
  C:\Windows\System\qUWlpQZ.exe
  2⤵
  PID:15660
- C:\Windows\System\oiidrMC.exe
  C:\Windows\System\oiidrMC.exe
  2⤵
  PID:15704
- C:\Windows\System\jbfwMTC.exe
  C:\Windows\System\jbfwMTC.exe
  2⤵
  PID:15800
- C:\Windows\System\vbrtuQU.exe
  C:\Windows\System\vbrtuQU.exe
  2⤵
  PID:15836
- C:\Windows\System\suqXmKr.exe
  C:\Windows\System\suqXmKr.exe
  2⤵
  PID:15896
- C:\Windows\System\mAivsYM.exe
  C:\Windows\System\mAivsYM.exe
  2⤵
  PID:15940
- C:\Windows\System\gzlpNuJ.exe
  C:\Windows\System\gzlpNuJ.exe
  2⤵
  PID:15956
- C:\Windows\System\ANJjtsd.exe
  C:\Windows\System\ANJjtsd.exe
  2⤵
  PID:16032
- C:\Windows\System\chBMgoK.exe
  C:\Windows\System\chBMgoK.exe
  2⤵
  PID:16080
- C:\Windows\System\LlmEIib.exe
  C:\Windows\System\LlmEIib.exe
  2⤵
  PID:16148
- C:\Windows\System\TaAfmEq.exe
  C:\Windows\System\TaAfmEq.exe
  2⤵
  PID:920
- C:\Windows\System\zKvLTcy.exe
  C:\Windows\System\zKvLTcy.exe
  2⤵
  PID:16168
- C:\Windows\System\wAPnBQR.exe
  C:\Windows\System\wAPnBQR.exe
  2⤵
  PID:16240
- C:\Windows\System\TKTPzJH.exe
  C:\Windows\System\TKTPzJH.exe
  2⤵
  PID:14896
- C:\Windows\System\rpSYwqS.exe
  C:\Windows\System\rpSYwqS.exe
  2⤵
  PID:16400
- C:\Windows\System\XLLbfIL.exe
  C:\Windows\System\XLLbfIL.exe
  2⤵
  PID:16440
- C:\Windows\System\wiuheYm.exe
  C:\Windows\System\wiuheYm.exe
  2⤵
  PID:16480
- C:\Windows\System\ofwEYeP.exe
  C:\Windows\System\ofwEYeP.exe
  2⤵
  PID:16504
- C:\Windows\System\jiiBhjv.exe
  C:\Windows\System\jiiBhjv.exe
  2⤵
  PID:16524
- C:\Windows\System\lFMmuBp.exe
  C:\Windows\System\lFMmuBp.exe
  2⤵
  PID:16544
- C:\Windows\System\gAycbld.exe
  C:\Windows\System\gAycbld.exe
  2⤵
  PID:16560
- C:\Windows\System\csmUnrV.exe
  C:\Windows\System\csmUnrV.exe
  2⤵
  PID:16580
- C:\Windows\System\mjcMsYx.exe
  C:\Windows\System\mjcMsYx.exe
  2⤵
  PID:16600
- C:\Windows\System\AjsFjLA.exe
  C:\Windows\System\AjsFjLA.exe
  2⤵
  PID:16620
- C:\Windows\System\qfEwofF.exe
  C:\Windows\System\qfEwofF.exe
  2⤵
  PID:16636
- C:\Windows\System\voQSKTf.exe
  C:\Windows\System\voQSKTf.exe
  2⤵
  PID:16676
- C:\Windows\System\XlFdYKQ.exe
  C:\Windows\System\XlFdYKQ.exe
  2⤵
  PID:16700
- C:\Windows\System\gKSpdom.exe
  C:\Windows\System\gKSpdom.exe
  2⤵
  PID:16728
- C:\Windows\System\iQyJZpi.exe
  C:\Windows\System\iQyJZpi.exe
  2⤵
  PID:16748
- C:\Windows\System\iuPfudx.exe
  C:\Windows\System\iuPfudx.exe
  2⤵
  PID:16764
- C:\Windows\System\ahIqXmT.exe
  C:\Windows\System\ahIqXmT.exe
  2⤵
  PID:16784
- C:\Windows\System\MMMjJUi.exe
  C:\Windows\System\MMMjJUi.exe
  2⤵
  PID:16804
- C:\Windows\System\pPwmBqC.exe
  C:\Windows\System\pPwmBqC.exe
  2⤵
  PID:16824
- C:\Windows\System\cZbTuLd.exe
  C:\Windows\System\cZbTuLd.exe
  2⤵
  PID:16844
- C:\Windows\System\HTPxVKJ.exe
  C:\Windows\System\HTPxVKJ.exe
  2⤵
  PID:16864
- C:\Windows\System\aYsEAzm.exe
  C:\Windows\System\aYsEAzm.exe
  2⤵
  PID:16880
- C:\Windows\System\fgpzSIn.exe
  C:\Windows\System\fgpzSIn.exe
  2⤵
  PID:16896
- C:\Windows\System\AkybKOa.exe
  C:\Windows\System\AkybKOa.exe
  2⤵
  PID:16920
- C:\Windows\System\MgczQIl.exe
  C:\Windows\System\MgczQIl.exe
  2⤵
  PID:16940
- C:\Windows\System\sEJAhLu.exe
  C:\Windows\System\sEJAhLu.exe
  2⤵
  PID:16964
- C:\Windows\System\evHvGnI.exe
  C:\Windows\System\evHvGnI.exe
  2⤵
  PID:16988
- C:\Windows\System\hXauBzL.exe
  C:\Windows\System\hXauBzL.exe
  2⤵
  PID:17004
- C:\Windows\System\lGPYKID.exe
  C:\Windows\System\lGPYKID.exe
  2⤵
  PID:17020
- C:\Windows\System\WQjjmSU.exe
  C:\Windows\System\WQjjmSU.exe
  2⤵
  PID:17036
- C:\Windows\System\UXyAcbx.exe
  C:\Windows\System\UXyAcbx.exe
  2⤵
  PID:17052
- C:\Windows\System\tzAsDGX.exe
  C:\Windows\System\tzAsDGX.exe
  2⤵
  PID:17072
- C:\Windows\System\PrDJzeb.exe
  C:\Windows\System\PrDJzeb.exe
  2⤵
  PID:17096
- C:\Windows\System\NwmJExe.exe
  C:\Windows\System\NwmJExe.exe
  2⤵
  PID:17120
- C:\Windows\System\IRrEMeh.exe
  C:\Windows\System\IRrEMeh.exe
  2⤵
  PID:17144
- C:\Windows\System\csZgOQS.exe
  C:\Windows\System\csZgOQS.exe
  2⤵
  PID:17172
- C:\Windows\System\ZVBuKme.exe
  C:\Windows\System\ZVBuKme.exe
  2⤵
  PID:17200
- C:\Windows\System\igMBjOh.exe
  C:\Windows\System\igMBjOh.exe
  2⤵
  PID:17236
- C:\Windows\System\TngmzNB.exe
  C:\Windows\System\TngmzNB.exe
  2⤵
  PID:17256
- C:\Windows\System\bQZZAeK.exe
  C:\Windows\System\bQZZAeK.exe
  2⤵
  PID:17276
- C:\Windows\System\qnMDJlV.exe
  C:\Windows\System\qnMDJlV.exe
  2⤵
  PID:17296

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16396

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17444

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17620

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17756

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17864

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CrDTKYZ.exe

Filesize
1.7MB

MD5
3be9f9e721f41d0245863d79471ca4d9

SHA1
26592f90b93843a9d475283ef03d38a3169f7e0a

SHA256
6081c20a5bfa62dbdf30c788f4361c7cbff9986a964837919df6af93fa8805b6

SHA512
57fae78192adf71eb91aa3513235c5bc3c195c952a26f62f1741860efcafb5dce435d5bf446fb50eaa6b9b2192961eacafa4ac241b23ace7826937a3372fe4cd

Download Submit
C:\Windows\System\DamsmOt.exe

Filesize
1.7MB

MD5
165894d9b9b28c08252e5591ef8714be

SHA1
934f313e032036439e3bae1b3b60bf83c707d2d0

SHA256
ca09ecb9de0973109b70987dd8a1e94a4adc6547206f4ce76783d2ea648cc86b

SHA512
ebc90c684acb1ccabbd59511211fae83665e7e23f2a8cf18322754be49a2678df335f897f5c9db2286ca82913fb71780c3a3e6c2eeb7a27a1cc9a1f0914085c5

Download Submit
C:\Windows\System\EtRCNdT.exe

Filesize
1.7MB

MD5
9484900c06308833226203b24ba50c9c

SHA1
68af2686b02eb9fc5b5a1b3738ccbeb269811de0

SHA256
a986a19e7b7bc33ee8633623345354d9d28bf20f7339d634d9fe2de213770129

SHA512
be2167cbac39a080293f523788262bcd23052105139b1226dc51352759c950f9b3ed8626cfc6af0b8dd33a2b0469626a740e40e67a5edabf2e21cb62033cf4dc

Download Submit
C:\Windows\System\Fuulzti.exe

Filesize
1.7MB

MD5
fd969f72996d746707cb127342a87eb9

SHA1
42cc3341e4d459c40a3475ee1dd1b8f5311db6f9

SHA256
b01744aaa96a28a92e2e073cf76ef52d2a55f51597c0a2fd7ad844879299c63c

SHA512
b2237aaa6f3acde6de53895c9371ab46572ecc2cb6aec373dbc8b57f2bb543a6e4ca0ade25695dd4fedc1186a40b5d08467b9e838a23c19985268ce6e81980b6

Download Submit
C:\Windows\System\HTmmrPP.exe

Filesize
1.7MB

MD5
15eb7c396a604a4521747b0e6a8b1bb4

SHA1
90427a06bf349dcc9c3e20c2902c2b43daaca657

SHA256
e744ed52d801d3a23f3aeff191b240f5c4cbf6b51f829b71ecf1fa84992ce891

SHA512
7bbd2824cb80a2810b67a47d369925425a83e2ce830f8a0744a14cb22b0ae4e1dd27bc6196276edbc47d6b802281a55aebf0400e1c1121f23f40c4ba6163cba5

Download Submit
C:\Windows\System\IVuybRb.exe

Filesize
1.7MB

MD5
bad2aeb2fdd05fd704eedf43b908caac

SHA1
22b6554eefe7dd8a23cbdf2a49e4333dbc76ec53

SHA256
3af2687557994b183719910cddca6d00754d7aa61766ca636fcaa487a4580a93

SHA512
17303fdecb576ba6b79fb83edbcbef1411f0d9d8a4cf2c97e281a51e9c8e71731778d44b0d24ec370e9cbc12a21ef95e515261d0bbb48bf6734dd322cdffc528

Download Submit
C:\Windows\System\JxBxzps.exe

Filesize
1.7MB

MD5
c1c0e5378c7bbee8722645c021944dc2

SHA1
f83c1329518ed89a2217b1515a45ad1016ab952a

SHA256
f6b75131ffcaa151bfc02723ccdae026bb9a8cb0d2557db8a9a9a41f4edb49c4

SHA512
df718d6f98a3bfea775170cb76faa8850e17a6e583722a57854690d4b74dd779455dcfa1fb83da5269f1ef8d9d5deba92e91bc6ea3dba9295e7fc46d8dcb5a4e

Download Submit
C:\Windows\System\MbSeykG.exe

Filesize
1.7MB

MD5
5bcaba5c73a8363c461c068b7bb6bdeb

SHA1
743501e2be2329d23e169632e7668eea64659945

SHA256
3c7b2bb7edcc4951f2479a55be9c77b5daa27ae7f647e5ab376e24778dfa94ec

SHA512
9e913281961a00a0bb2df993089fbeb1a7576ada0356cc40bf779c90cd2d2ac8200f1f7d225b1f2718ede98652b933a61d011a29e7a41adb74a66182bb5578e4

Download Submit
C:\Windows\System\MkRgJMv.exe

Filesize
1.7MB

MD5
2a8f2c2b475030a0ccd9aa22929f796e

SHA1
ad8301495e1bac695b568376ba1cc5400b7089cb

SHA256
c72643b2566ae18fd8502f251f5ef62ca8d1939877fdc1f347304e6f9c1cdcbf

SHA512
6fecbd7a1aadd91a929ae72cae072f37187d5381a5b98d6a4fe405e1e294061c2b082732ddb80ca3963542121df73e395649d004bfe211538bfc5ecf91e919a4

Download Submit
C:\Windows\System\OdbAHev.exe

Filesize
1.7MB

MD5
ee67d8500ceb00bce582b0bf02fcf2c1

SHA1
caeae67b42c05f189c9de373650c2f5564b5ed66

SHA256
dff6213cfe0a57b72cec069dd3ff1d6cdc4e3607b38b605eddbe2a40cbcdc132

SHA512
7574ce3aa8c11e32b22a5f4bb55cee6df5d604ffc8304652f40cfc7a83ee3f55f5f65a6e83c23fa32ba49b6bed963096327a4564536b400f80e1d26978e2ebd8

Download Submit
C:\Windows\System\PanXyoa.exe

Filesize
1.7MB

MD5
2cc9a7282a71b9524efe4c8a51c05fde

SHA1
fabab86822c3b9e6bc6aae30b2f3003ce046e5ad

SHA256
04e6cfaa40b3476ce29b5ab400e29887527f69e63a248f2e524e3b633b3e7a28

SHA512
af5dfb1d7e1f071aa10519d214020908752840a9f3c6229982ddba4920303137240fe44cd46a27a015df5418960b2ee316f023c80fd6893b96d62bb10dd52c31

Download Submit
C:\Windows\System\QWGficG.exe

Filesize
1.7MB

MD5
c778c07bd9d695e98f4e5756c9f82e19

SHA1
d834cd52b61f2e26b9bd8b3125830ba3fb35583b

SHA256
d380ee738037a01ee33ecc4af114c4b68425cd93a7eeefe32fdea5ee2cef3fd0

SHA512
d6ee642738efaa5f49cb9e31a30dc59834b5d7362cbfab68bc8e1796e58f82c0fee61464e64fe0d1145075bdc34fbf372160a60bfafa99bd3e5797d63f3883af

Download Submit
C:\Windows\System\RRghJyN.exe

Filesize
1.7MB

MD5
bc297e614aaf73983d7ceac1b123f6a3

SHA1
6239a34a0620aaab49f48a56a218d1ec9b0d049d

SHA256
f69ecd287b5b328c2f37cd4ab9f4bd509af34a1371a45b811905a1933a2a8011

SHA512
43c06b8b57e19176d0f86f334e4923551116b247edc495702d5847add6822475cb495d8e1da29df37876711baa0df6936f56de2d57b1e838bfc47ff534f0b3cd

Download Submit
C:\Windows\System\RSvEViS.exe

Filesize
1.7MB

MD5
3c47b7823fcbeb69a5defd86e904a9f6

SHA1
c9ca44396fc7fb06c6d1bfd82553b1975fb35eda

SHA256
9aed0b0adb03ec88aacae0f918316692bcfe43a35d5ecf3d0f8908953fcde364

SHA512
decbe1ad24e15a4aaca3065a32a56f212e9e165b2f1e21a7f609ecc433a3d547d9ec15292a0d561b97c5ce7f01333e5f1e56a6d1e5b225369003010db9be1023

Download Submit
C:\Windows\System\UMrpKWn.exe

Filesize
1.7MB

MD5
f00c6e417a707adf115d5e3bfb6de30c

SHA1
85d0e419b5ef8610187f7aa3f0504e26ae77a9ed

SHA256
3412d20dbbda899836e17bcc6f772cb617765d2c6bd2b6cc1e7cc758e04ddb64

SHA512
14a0d434a73eb2f033c879d8fddc57545b0e3ae639cfd6c167be2356d763c877903b92b7a3598b25cecef40dff299720a7f0c94475c1366cd0e4846abab01841

Download Submit
C:\Windows\System\VeNkgmn.exe

Filesize
1.7MB

MD5
4da3b6331355cdc156d8d29e2bf73e6f

SHA1
d1a4fa4ccf89626c0050d126f8d438f3e8a4ae03

SHA256
98805b1180cc6b738ba24c9f3f52b5e5e92dc5df59f0373929e4ce12a210c2d4

SHA512
904e8a9eef9218b8065f572a03305a8b1e7e46d03bdd9029b2c874c9ab9d5efe4abe2d03c17aea77d0eee185f829d3e67974b066ac0d43fcc8b79ef7b9934ec6

Download Submit
C:\Windows\System\YaemRLH.exe

Filesize
1.7MB

MD5
d1d5f4151415e65b8944d38fd292f953

SHA1
f71c1d444693ae621e5f1e71d074abff3dfc1da0

SHA256
55cf092014e10681760321bf93070d256c5ec9082972f9ab89722c436e39fc92

SHA512
52d8959790043062ea49e7c5a11bcaf6360851f4fd09c0bc2e999a3a007510dad41b999e341255e94297cc2d28d3162f56fb660c98ffc7ed959581898e7555ab

Download Submit
C:\Windows\System\YpQyrBF.exe

Filesize
1.7MB

MD5
bb1563b4b612dd7faad77e178791f38f

SHA1
90d1a3e8ff98235bccca845fab5d0d80184b79ea

SHA256
85ae4919d60664553ed8f15a11f5a8a2036af8c6836dd17859154ac9dd73c8f5

SHA512
159105abde96dff99c297c6b62e2bcad8f044e82c6a670d23c6e30b5510b0287a33f86307199661b5b8eac94d1a9e6135e2ebfc03962929528e2d77d597cdda9

Download Submit
C:\Windows\System\YqOzhOr.exe

Filesize
1.7MB

MD5
61313672811fbd35ffd31247bc707e2c

SHA1
0c36d9ce155727e3ff9248e653516030d0f1fbde

SHA256
9330c053bfbbed5c4ccbb799691867141631dee6254c5dbd24d96afd5003e5cd

SHA512
0782c505695a63288c76e4554928271e4beb3571704268b996e96b5eaa98409348c40acb3a81fec658687bd808bd3b085795e890c62779fe30817bc32b42c9cb

Download Submit
C:\Windows\System\ZGXlIco.exe

Filesize
1.7MB

MD5
7b8b8ac0ed74ffbb1d8c1cbe7f0a0262

SHA1
46911e7f3fc4d7c0e7f3e7442c06ee9203da95c5

SHA256
f1d1b4d0b2c9d5bef4119a94c077b6b21124d2e988eb9039c6ea02d81d17f44a

SHA512
baedd5eff622bcb356dffea7794e0e0b6a240b3a6868b96ac63d8f331c7be5d2d9a964f21ce17ad60c1d1c3a55c8d85d94b7a813c6f34fd0b95df6fc462ceee2

Download Submit
C:\Windows\System\ZeVCUrE.exe

Filesize
1.7MB

MD5
4abcba485810ddddf04af5bc5ff0d830

SHA1
341c1ebb188fdffe5040c9be48f2e8890766f93d

SHA256
30b55308c7ddd031193811be4ac6f0828c4d4292c769bc55a5ebd26dd1fdfc8d

SHA512
5dfa29279fe1e1f780dbaab5f07a93196aa44e8276331a4428a769400dada17f520733762ae21c96a19c3dbc30425836878be1885696a528136d0533359aa4f6

Download Submit
C:\Windows\System\arVJogK.exe

Filesize
1.7MB

MD5
0c839e9062c9d1ddeb939f9379d3624a

SHA1
4c6d7fab1ccf6ea16e59cf1da50c907af027d9fa

SHA256
8de25ea227c3e3ee4c17b2333a7f5cadcc0c48a42c18fc4b572efeae29cbd11e

SHA512
41303202356df261cf7a0aa7177022c499a14137ffdb2c5ee0254b41a0fe14f2b995cd2a00fd57e81fef76ea3003cafea2dda8999a70f71db5a2d1e3c181e107

Download Submit
C:\Windows\System\bfPhdYB.exe

Filesize
1.7MB

MD5
b6a6fe23d489cd7f6422f6deb463cb36

SHA1
0d1d7e57d0500d994284f7161184b94cc775e302

SHA256
c4cde2b95d425799bb068b9bfe9a463b4c91b88f75443a1a84a047dcc06ebbfe

SHA512
0936a358c01e820eb7ccb9d7e170f4fd09929d2f5b423f52e63ac4b310d5d72854a11f371fa5f335eb2f4f22a9f41ada28dbcce492c75e2c55611670095bf7a7

Download Submit
C:\Windows\System\gqBxzQq.exe

Filesize
1.7MB

MD5
4016f0a9ca7220bdcd98b6fd93d7ea89

SHA1
8af90d86755e6f0f3db9edd58cb3587deea82230

SHA256
d5f3371f911879ccb490b0952e732fd7a94e08a457eba0e349ef29cee0ad3826

SHA512
25f51874a28afa8d7d78adb0b30696f0e9814b661343af0854aa5aebaedeb21a0f99d30cab873d09315593ef2596a85d0d348cc046a781204fd694b934bbd046

Download Submit
C:\Windows\System\hikLRQt.exe

Filesize
1.7MB

MD5
828ca61058d1b112d8e9863253d9f7cc

SHA1
e5374b220855071a19f2a484341e679029bbf7c2

SHA256
12ec2850cbd3c7c417202c7fc1c5c2f66791c328f43e3f172d27f6a66eb801dd

SHA512
cd91c5f0c37870ce3654aae3a28a722094401ebaab1a027ff5fe0c51f51b0361df8a0014e3b5d527be907d8e572cf4699c7b9dedbd90557c5d9b1c64671635ae

Download Submit
C:\Windows\System\jZRmiST.exe

Filesize
1.7MB

MD5
19f0efc09a763eb0d193303c23d9384e

SHA1
1808de6f3864c1462897b8e12907d254867826a0

SHA256
b9ad116745b570eb22b9f8aaa2e3b446db6bca10abaae83544238a54bfbfd9d9

SHA512
e2a1743f5566a2c13b234440945e0eec3b8254e8cef034e5bf624267a1188e5aa535abdecc6fbefe3eee70c8700ae02985298fce3b720b0105a80cd815bacf17

Download Submit
C:\Windows\System\kqJtCas.exe

Filesize
1.7MB

MD5
e1578498dc582c10b3bbc29815ca6384

SHA1
0d763e934e6e854839657c5f1961a3d18a779d8f

SHA256
4f75c430b55a26aac66ea718d5f0229ea71d2651e63b3340058d103323c51df5

SHA512
c03d3455a2df1fc5b2b07195e8fc260a7b7107df972e91e5cfa444a8e66df55e4347118b677bbc9916331888eaed7ddd58e15841fcbeb6768a15b330ab383143

Download Submit
C:\Windows\System\ksQZMyU.exe

Filesize
1.7MB

MD5
ee1b08d0ccc8daeaae5edc388f3ab54a

SHA1
d6c21de2d47985f48a5931a4cea7825f63178974

SHA256
9dde74d75d4d8acbd7b704cf20752dfe7caf533219a61ce35acf3340feb40ffc

SHA512
27c892a408fa16433d95ef020d7fecd2c45402d5e0d9bbb54da584baf4cd676db995c03e1969c9defef1933aa30dea8067eac1f74937bcb5504ff971b5f94850

Download Submit
C:\Windows\System\lNZNdNE.exe

Filesize
1.7MB

MD5
c331c3ededf2c033d1038e22a5ae5fb0

SHA1
a6df8a53cfb6f22a37c4d421d06b19b61f542509

SHA256
3dc2cb6bad888366adb249a909f8c8f7a508e0ef3fe56f56f311ac3440afc758

SHA512
19612bb85618d543589fdb5ac5fc485e02ca6ba4c2e23298fff686885516d40e4e9a27f4ae38d78194621ba532e945ee8239834fe2baa0ce8a30ef109ca700be

Download Submit
C:\Windows\System\pGsgMrR.exe

Filesize
1.7MB

MD5
bd925dc340766ecb1a5235e834441724

SHA1
b9146ce8f354b543ac67994cb82b7117948d5a12

SHA256
fd93268ae1611353cb606ae9f33d238bc5d0e0dba619b255f6b0004ca6c5a640

SHA512
d2ee22209ab4c81952494655b3b7902c34e768cc3c49faf4458a1f622c184db817cb05731f94e9325914254fe0309467abefbef668ef299f99e2671f0ce4588f

Download Submit
C:\Windows\System\pPGkves.exe

Filesize
1.7MB

MD5
792a1208907f5e6117bb6df8aff79598

SHA1
eacc3dd8678fa7d51e9aae552f8c8008036eaeb8

SHA256
4f0d9fb7b3510a49447e7fe4dc1f5fccdfd3ea54c086e4e4b48e96265d6dcece

SHA512
7e9d7c05647fc407acec393d65fd9697cc2de5aeb5796c211b0a359e323d1bf6d9fe129d07f5f5e83fa1cf5acc0e7a49f076ed93541eeedace5e76af56954c2d

Download Submit
C:\Windows\System\tBEXPjc.exe

Filesize
1.7MB

MD5
92ebc241eab73b55641aaaafe7626393

SHA1
267673baf220ce526e7e42a94cf9dfa4614f4735

SHA256
95774aba9cf075ddb0e08e4478a06299748dc858f19687666e22055e440587cf

SHA512
c0fb124856675d4632449d6779ab9ee577f557901113a3704b90eb9bbe1123be00e36babfc0bc4b015966298b980453f0d1c7ae1ddbdace3201d4f3347ef512a

Download Submit
C:\Windows\System\xIeCDXw.exe

Filesize
1.7MB

MD5
f21c5d8d1e9a7e7b6306dd9846d16688

SHA1
324fb87871d682305804a8a3a20eddc44ded0e9a

SHA256
bbe1df76477b36f27ab426ed4c2b6a7a10065fe0b2e8ae93388d447d989630d0

SHA512
2eba96b83274e95cb643328f120994c3f783684860fbbe00a47886c6ebd7eae3aeff5762aa5321fa4a1ccf6476150f3b72a9ad056eb74e6082ba74f3232f021b

Download Submit
memory/1192-0-0x000001DB43AA0000-0x000001DB43AB0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads