xmrig | 15d54f7f7c2736c23b47e80fe8e2d63ca3402af3676d4ee20456bf6195dcc5a8

Analysis

max time kernel
118s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93d8e6589a24246b6a410642bab61080_NEAS.exe
Size

1.4MB
MD5

93d8e6589a24246b6a410642bab61080
SHA1

90d20f12a88aae96571bce55f2e9c3986ee04e80
SHA256

15d54f7f7c2736c23b47e80fe8e2d63ca3402af3676d4ee20456bf6195dcc5a8
SHA512

beb8245886fea2a1e4f200a2cecd4a5b66b6894228e3244afae5b33c9aa3f9fa89100ef0c144f2a8609d841323c992eef598bd37799c2092ba2cfcb732d61720
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKenUT5J33PzVwUz7DMKTbcU2:GezaTF8FcNkNdfE0pZ9oztFwIHT5JbVm

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000b000000023b91-4.dat	xmrig
behavioral2/files/0x000a000000023b96-11.dat	xmrig
behavioral2/files/0x000a000000023b98-24.dat	xmrig
behavioral2/files/0x000a000000023b97-22.dat	xmrig
behavioral2/files/0x000a000000023b99-29.dat	xmrig
behavioral2/files/0x000a000000023b95-15.dat	xmrig
behavioral2/files/0x000a000000023b9a-33.dat	xmrig
behavioral2/files/0x000b000000023b92-38.dat	xmrig
behavioral2/files/0x000a000000023b9c-45.dat	xmrig
behavioral2/files/0x000a000000023b9d-49.dat	xmrig
behavioral2/files/0x000a000000023b9e-53.dat	xmrig
behavioral2/files/0x000a000000023b9f-57.dat	xmrig
behavioral2/files/0x000a000000023ba0-67.dat	xmrig
behavioral2/files/0x000a000000023ba2-73.dat	xmrig
behavioral2/files/0x000a000000023ba1-75.dat	xmrig
behavioral2/files/0x000a000000023ba3-79.dat	xmrig
behavioral2/files/0x000a000000023ba4-85.dat	xmrig
behavioral2/files/0x000a000000023ba5-92.dat	xmrig
behavioral2/files/0x000a000000023ba6-98.dat	xmrig
behavioral2/files/0x000a000000023ba8-104.dat	xmrig
behavioral2/files/0x000a000000023ba9-112.dat	xmrig
behavioral2/files/0x000a000000023bad-133.dat	xmrig
behavioral2/files/0x000a000000023baf-143.dat	xmrig
behavioral2/files/0x000a000000023bb3-162.dat	xmrig
behavioral2/files/0x000a000000023bb2-158.dat	xmrig
behavioral2/files/0x000a000000023bb1-153.dat	xmrig
behavioral2/files/0x000a000000023bb0-148.dat	xmrig
behavioral2/files/0x000a000000023bae-138.dat	xmrig
behavioral2/files/0x000a000000023bac-128.dat	xmrig
behavioral2/files/0x000a000000023bab-123.dat	xmrig
behavioral2/files/0x000a000000023baa-118.dat	xmrig
behavioral2/files/0x000a000000023ba7-102.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1228	mkVWcxu.exe
1132	YsAvzRx.exe
4412	aBPNAVT.exe
2348	YbvqZOF.exe
4364	WxHTkyi.exe
816	fyJdwIu.exe
2968	JHMUXzL.exe
3052	WdHUfcY.exe
1632	iCEofrt.exe
3868	YrxFiBV.exe
2032	wEBPWPc.exe
2712	iZPibOQ.exe
2368	RkfuYNK.exe
4892	KvuxPgE.exe
3448	HvvJRhp.exe
396	FpGNJOb.exe
5052	zwVTvvD.exe
4088	UrvEwga.exe
4668	GVDrrLr.exe
2212	eUzwCXG.exe
3748	PGeTUYh.exe
3556	cTomNRT.exe
3984	GZgydpa.exe
556	EsovgsA.exe
5008	enZInOw.exe
3388	GVddjrV.exe
3996	yCkLpwU.exe
3652	ebgFLIg.exe
264	cgmdEUE.exe
4888	IJDgOmu.exe
5104	Ljyqfvs.exe
2572	RGndtIF.exe
4036	IyhgMcQ.exe
3680	LIlJelQ.exe
5116	SyJlQaM.exe
5072	jZqCpkt.exe
2500	rmUeHFr.exe
4868	BdgTIuy.exe
4168	nWOHIwf.exe
3104	hIjCsNi.exe
4436	iYwcJnc.exe
4292	CvqFxZQ.exe
4940	XnKYzmn.exe
3736	xhaVyPX.exe
3344	rQenGPH.exe
2664	WXdznON.exe
4056	VQjRpJA.exe
700	woLhgBA.exe
5060	SZUsgMF.exe
3228	psYSSIz.exe
2028	cIlMAQb.exe
5076	AqCNkHD.exe
2812	sNWDiwa.exe
4716	fxhcilu.exe
3132	ayaLbOX.exe
4612	YspJdvr.exe
3936	zhmdtPF.exe
4576	DsRhEHY.exe
1856	YPTsEXD.exe
2316	NqYAtra.exe
4108	EytGWxG.exe
2700	GXEQtbL.exe
3544	sLOmmBs.exe
3000	oTMzEML.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\utCsVcf.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\fktmJld.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\NLGwCyx.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\LmUtvKd.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\CXHGtjX.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\SNQElUu.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\grrkIBP.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\nFJUkSZ.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\svMONTe.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\iZBmgrL.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\LeKZKmL.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\hAFJoqr.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\aLonnIU.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\LzIOnfo.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\snLmWnz.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\hIjCsNi.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\hUKIGqW.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\StaUWnF.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\VzuqRjW.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\oWjZHCp.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\bxkKHsW.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\iJObgbg.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\qXmsQLA.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\JUPfoiE.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\DBYyfxo.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\hBKUHMM.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\NteiJIJ.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\EmAnCcP.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\yAhJmzr.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\PgYJear.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\mDnzEbR.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\FtAFLwo.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\OnUgmAX.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\XbBFOvF.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\ayaLbOX.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\dqdMSHN.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\zOXxeVz.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\LbjSZXP.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\VHNvDDk.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\leKDBVp.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\daUhCkk.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\mPFvpLO.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\pEVAzNz.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\NaQEAfX.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\XNQPPcW.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\uxFEaEg.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\sSCCiit.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\GZgydpa.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\throAuc.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\pJtdHKy.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\QnpbRLT.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\aFpqsGR.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\mYuyEBe.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\KaNtdci.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\FcpFNtQ.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\bezQDdL.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\MtwLNbr.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\gCtNBta.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\lhpeMnM.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\vqSROGW.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\rLRRqff.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\lbilhry.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\vGzSHlK.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe
File created	C:\Windows\System\IGcvPVd.exe	93d8e6589a24246b6a410642bab61080_NEAS.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5212	dwm.exe
Token: SeChangeNotifyPrivilege	5212	dwm.exe
Token: 33	5212	dwm.exe
Token: SeIncBasePriorityPrivilege	5212	dwm.exe
Token: SeShutdownPrivilege	5212	dwm.exe
Token: SeCreatePagefilePrivilege	5212	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4064	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 1228	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	84
PID 4872 wrote to memory of 1228	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	84
PID 4872 wrote to memory of 1132	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	85
PID 4872 wrote to memory of 1132	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	85
PID 4872 wrote to memory of 4412	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	86
PID 4872 wrote to memory of 4412	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	86
PID 4872 wrote to memory of 2348	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	87
PID 4872 wrote to memory of 2348	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	87
PID 4872 wrote to memory of 4364	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	88
PID 4872 wrote to memory of 4364	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	88
PID 4872 wrote to memory of 816	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	89
PID 4872 wrote to memory of 816	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	89
PID 4872 wrote to memory of 2968	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	90
PID 4872 wrote to memory of 2968	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	90
PID 4872 wrote to memory of 3052	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	91
PID 4872 wrote to memory of 3052	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	91
PID 4872 wrote to memory of 1632	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	93
PID 4872 wrote to memory of 1632	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	93
PID 4872 wrote to memory of 3868	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	95
PID 4872 wrote to memory of 3868	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	95
PID 4872 wrote to memory of 2032	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	96
PID 4872 wrote to memory of 2032	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	96
PID 4872 wrote to memory of 2712	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	97
PID 4872 wrote to memory of 2712	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	97
PID 4872 wrote to memory of 2368	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	98
PID 4872 wrote to memory of 2368	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	98
PID 4872 wrote to memory of 3448	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	99
PID 4872 wrote to memory of 3448	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	99
PID 4872 wrote to memory of 4892	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	100
PID 4872 wrote to memory of 4892	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	100
PID 4872 wrote to memory of 396	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	101
PID 4872 wrote to memory of 396	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	101
PID 4872 wrote to memory of 5052	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	103
PID 4872 wrote to memory of 5052	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	103
PID 4872 wrote to memory of 4088	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	104
PID 4872 wrote to memory of 4088	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	104
PID 4872 wrote to memory of 4668	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	105
PID 4872 wrote to memory of 4668	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	105
PID 4872 wrote to memory of 2212	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	106
PID 4872 wrote to memory of 2212	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	106
PID 4872 wrote to memory of 3748	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	107
PID 4872 wrote to memory of 3748	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	107
PID 4872 wrote to memory of 3556	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	108
PID 4872 wrote to memory of 3556	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	108
PID 4872 wrote to memory of 3984	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	109
PID 4872 wrote to memory of 3984	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	109
PID 4872 wrote to memory of 556	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	110
PID 4872 wrote to memory of 556	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	110
PID 4872 wrote to memory of 5008	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	111
PID 4872 wrote to memory of 5008	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	111
PID 4872 wrote to memory of 3388	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	112
PID 4872 wrote to memory of 3388	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	112
PID 4872 wrote to memory of 3996	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	113
PID 4872 wrote to memory of 3996	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	113
PID 4872 wrote to memory of 3652	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	114
PID 4872 wrote to memory of 3652	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	114
PID 4872 wrote to memory of 264	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	115
PID 4872 wrote to memory of 264	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	115
PID 4872 wrote to memory of 4888	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	116
PID 4872 wrote to memory of 4888	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	116
PID 4872 wrote to memory of 5104	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	117
PID 4872 wrote to memory of 5104	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	117
PID 4872 wrote to memory of 2572	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	118
PID 4872 wrote to memory of 2572	4872	93d8e6589a24246b6a410642bab61080_NEAS.exe	118

C:\Users\Admin\AppData\Local\Temp\93d8e6589a24246b6a410642bab61080_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\93d8e6589a24246b6a410642bab61080_NEAS.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Windows\System\mkVWcxu.exe
  C:\Windows\System\mkVWcxu.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\YsAvzRx.exe
  C:\Windows\System\YsAvzRx.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\aBPNAVT.exe
  C:\Windows\System\aBPNAVT.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\YbvqZOF.exe
  C:\Windows\System\YbvqZOF.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\WxHTkyi.exe
  C:\Windows\System\WxHTkyi.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\fyJdwIu.exe
  C:\Windows\System\fyJdwIu.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\JHMUXzL.exe
  C:\Windows\System\JHMUXzL.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\WdHUfcY.exe
  C:\Windows\System\WdHUfcY.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\iCEofrt.exe
  C:\Windows\System\iCEofrt.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\YrxFiBV.exe
  C:\Windows\System\YrxFiBV.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\wEBPWPc.exe
  C:\Windows\System\wEBPWPc.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\iZPibOQ.exe
  C:\Windows\System\iZPibOQ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\RkfuYNK.exe
  C:\Windows\System\RkfuYNK.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\HvvJRhp.exe
  C:\Windows\System\HvvJRhp.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\KvuxPgE.exe
  C:\Windows\System\KvuxPgE.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\FpGNJOb.exe
  C:\Windows\System\FpGNJOb.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\zwVTvvD.exe
  C:\Windows\System\zwVTvvD.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\UrvEwga.exe
  C:\Windows\System\UrvEwga.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\GVDrrLr.exe
  C:\Windows\System\GVDrrLr.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\eUzwCXG.exe
  C:\Windows\System\eUzwCXG.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\PGeTUYh.exe
  C:\Windows\System\PGeTUYh.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\cTomNRT.exe
  C:\Windows\System\cTomNRT.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\GZgydpa.exe
  C:\Windows\System\GZgydpa.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\EsovgsA.exe
  C:\Windows\System\EsovgsA.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\enZInOw.exe
  C:\Windows\System\enZInOw.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\GVddjrV.exe
  C:\Windows\System\GVddjrV.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\yCkLpwU.exe
  C:\Windows\System\yCkLpwU.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\ebgFLIg.exe
  C:\Windows\System\ebgFLIg.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\cgmdEUE.exe
  C:\Windows\System\cgmdEUE.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\IJDgOmu.exe
  C:\Windows\System\IJDgOmu.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\Ljyqfvs.exe
  C:\Windows\System\Ljyqfvs.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\RGndtIF.exe
  C:\Windows\System\RGndtIF.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\IyhgMcQ.exe
  C:\Windows\System\IyhgMcQ.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\LIlJelQ.exe
  C:\Windows\System\LIlJelQ.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\SyJlQaM.exe
  C:\Windows\System\SyJlQaM.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\jZqCpkt.exe
  C:\Windows\System\jZqCpkt.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\rmUeHFr.exe
  C:\Windows\System\rmUeHFr.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\BdgTIuy.exe
  C:\Windows\System\BdgTIuy.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\nWOHIwf.exe
  C:\Windows\System\nWOHIwf.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\hIjCsNi.exe
  C:\Windows\System\hIjCsNi.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\iYwcJnc.exe
  C:\Windows\System\iYwcJnc.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\CvqFxZQ.exe
  C:\Windows\System\CvqFxZQ.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\XnKYzmn.exe
  C:\Windows\System\XnKYzmn.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\xhaVyPX.exe
  C:\Windows\System\xhaVyPX.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\rQenGPH.exe
  C:\Windows\System\rQenGPH.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\WXdznON.exe
  C:\Windows\System\WXdznON.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\VQjRpJA.exe
  C:\Windows\System\VQjRpJA.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\woLhgBA.exe
  C:\Windows\System\woLhgBA.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\SZUsgMF.exe
  C:\Windows\System\SZUsgMF.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\psYSSIz.exe
  C:\Windows\System\psYSSIz.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\cIlMAQb.exe
  C:\Windows\System\cIlMAQb.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\AqCNkHD.exe
  C:\Windows\System\AqCNkHD.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\sNWDiwa.exe
  C:\Windows\System\sNWDiwa.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\fxhcilu.exe
  C:\Windows\System\fxhcilu.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\ayaLbOX.exe
  C:\Windows\System\ayaLbOX.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\YspJdvr.exe
  C:\Windows\System\YspJdvr.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\zhmdtPF.exe
  C:\Windows\System\zhmdtPF.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\DsRhEHY.exe
  C:\Windows\System\DsRhEHY.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\YPTsEXD.exe
  C:\Windows\System\YPTsEXD.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\NqYAtra.exe
  C:\Windows\System\NqYAtra.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\EytGWxG.exe
  C:\Windows\System\EytGWxG.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\GXEQtbL.exe
  C:\Windows\System\GXEQtbL.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\sLOmmBs.exe
  C:\Windows\System\sLOmmBs.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\oTMzEML.exe
  C:\Windows\System\oTMzEML.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\SnciDmC.exe
  C:\Windows\System\SnciDmC.exe
  2⤵
  PID:3360
- C:\Windows\System\eXrtRaf.exe
  C:\Windows\System\eXrtRaf.exe
  2⤵
  PID:5080
- C:\Windows\System\lCzlxHA.exe
  C:\Windows\System\lCzlxHA.exe
  2⤵
  PID:2692
- C:\Windows\System\TiFTbmX.exe
  C:\Windows\System\TiFTbmX.exe
  2⤵
  PID:3420
- C:\Windows\System\mdtFGgu.exe
  C:\Windows\System\mdtFGgu.exe
  2⤵
  PID:4884
- C:\Windows\System\mcQazMv.exe
  C:\Windows\System\mcQazMv.exe
  2⤵
  PID:4092
- C:\Windows\System\hsjVLEf.exe
  C:\Windows\System\hsjVLEf.exe
  2⤵
  PID:208
- C:\Windows\System\ZNuHZzt.exe
  C:\Windows\System\ZNuHZzt.exe
  2⤵
  PID:1428
- C:\Windows\System\sjsegIN.exe
  C:\Windows\System\sjsegIN.exe
  2⤵
  PID:4900
- C:\Windows\System\fByrluv.exe
  C:\Windows\System\fByrluv.exe
  2⤵
  PID:1672
- C:\Windows\System\YqzwUMl.exe
  C:\Windows\System\YqzwUMl.exe
  2⤵
  PID:4948
- C:\Windows\System\znmQvqn.exe
  C:\Windows\System\znmQvqn.exe
  2⤵
  PID:3400
- C:\Windows\System\wbtkNpc.exe
  C:\Windows\System\wbtkNpc.exe
  2⤵
  PID:1516
- C:\Windows\System\bMOfxEb.exe
  C:\Windows\System\bMOfxEb.exe
  2⤵
  PID:4284
- C:\Windows\System\iWwknvm.exe
  C:\Windows\System\iWwknvm.exe
  2⤵
  PID:4160
- C:\Windows\System\HQWbKBV.exe
  C:\Windows\System\HQWbKBV.exe
  2⤵
  PID:4424
- C:\Windows\System\snXTiFi.exe
  C:\Windows\System\snXTiFi.exe
  2⤵
  PID:1288
- C:\Windows\System\mvjAYGF.exe
  C:\Windows\System\mvjAYGF.exe
  2⤵
  PID:4720
- C:\Windows\System\yhKDZMo.exe
  C:\Windows\System\yhKDZMo.exe
  2⤵
  PID:4456
- C:\Windows\System\sNKIadn.exe
  C:\Windows\System\sNKIadn.exe
  2⤵
  PID:3604
- C:\Windows\System\lptmzBs.exe
  C:\Windows\System\lptmzBs.exe
  2⤵
  PID:4484
- C:\Windows\System\kFnwcKJ.exe
  C:\Windows\System\kFnwcKJ.exe
  2⤵
  PID:5032
- C:\Windows\System\oLjBiTG.exe
  C:\Windows\System\oLjBiTG.exe
  2⤵
  PID:1928
- C:\Windows\System\LYicYXN.exe
  C:\Windows\System\LYicYXN.exe
  2⤵
  PID:3768
- C:\Windows\System\PkxFtMK.exe
  C:\Windows\System\PkxFtMK.exe
  2⤵
  PID:4736
- C:\Windows\System\WBpVtCt.exe
  C:\Windows\System\WBpVtCt.exe
  2⤵
  PID:1452
- C:\Windows\System\aRRDKrW.exe
  C:\Windows\System\aRRDKrW.exe
  2⤵
  PID:372
- C:\Windows\System\mCLJbKq.exe
  C:\Windows\System\mCLJbKq.exe
  2⤵
  PID:4276
- C:\Windows\System\oAWKTRS.exe
  C:\Windows\System\oAWKTRS.exe
  2⤵
  PID:4652
- C:\Windows\System\vzHlyeU.exe
  C:\Windows\System\vzHlyeU.exe
  2⤵
  PID:2240
- C:\Windows\System\onkTjmc.exe
  C:\Windows\System\onkTjmc.exe
  2⤵
  PID:5128
- C:\Windows\System\WcwJrYL.exe
  C:\Windows\System\WcwJrYL.exe
  2⤵
  PID:5176
- C:\Windows\System\YnRIdci.exe
  C:\Windows\System\YnRIdci.exe
  2⤵
  PID:5216
- C:\Windows\System\vqSROGW.exe
  C:\Windows\System\vqSROGW.exe
  2⤵
  PID:5244
- C:\Windows\System\XrCWgYc.exe
  C:\Windows\System\XrCWgYc.exe
  2⤵
  PID:5272
- C:\Windows\System\PLlPUfV.exe
  C:\Windows\System\PLlPUfV.exe
  2⤵
  PID:5312
- C:\Windows\System\uzlAhVn.exe
  C:\Windows\System\uzlAhVn.exe
  2⤵
  PID:5332
- C:\Windows\System\EZUkwCN.exe
  C:\Windows\System\EZUkwCN.exe
  2⤵
  PID:5368
- C:\Windows\System\dDhXkbI.exe
  C:\Windows\System\dDhXkbI.exe
  2⤵
  PID:5396
- C:\Windows\System\mPFvpLO.exe
  C:\Windows\System\mPFvpLO.exe
  2⤵
  PID:5428
- C:\Windows\System\DdrCaxX.exe
  C:\Windows\System\DdrCaxX.exe
  2⤵
  PID:5452
- C:\Windows\System\xfcjgNX.exe
  C:\Windows\System\xfcjgNX.exe
  2⤵
  PID:5468
- C:\Windows\System\jzQoBRp.exe
  C:\Windows\System\jzQoBRp.exe
  2⤵
  PID:5512
- C:\Windows\System\NfMeJkX.exe
  C:\Windows\System\NfMeJkX.exe
  2⤵
  PID:5544
- C:\Windows\System\QiaPKOQ.exe
  C:\Windows\System\QiaPKOQ.exe
  2⤵
  PID:5568
- C:\Windows\System\tlwFifL.exe
  C:\Windows\System\tlwFifL.exe
  2⤵
  PID:5592
- C:\Windows\System\ddidrGr.exe
  C:\Windows\System\ddidrGr.exe
  2⤵
  PID:5612
- C:\Windows\System\yMfnVDT.exe
  C:\Windows\System\yMfnVDT.exe
  2⤵
  PID:5652
- C:\Windows\System\MujtZpG.exe
  C:\Windows\System\MujtZpG.exe
  2⤵
  PID:5680
- C:\Windows\System\FHyAEWh.exe
  C:\Windows\System\FHyAEWh.exe
  2⤵
  PID:5704
- C:\Windows\System\GwPlhia.exe
  C:\Windows\System\GwPlhia.exe
  2⤵
  PID:5736
- C:\Windows\System\LReOxMW.exe
  C:\Windows\System\LReOxMW.exe
  2⤵
  PID:5756
- C:\Windows\System\yShuqQu.exe
  C:\Windows\System\yShuqQu.exe
  2⤵
  PID:5792
- C:\Windows\System\jtZfnOf.exe
  C:\Windows\System\jtZfnOf.exe
  2⤵
  PID:5820
- C:\Windows\System\vsAlIKb.exe
  C:\Windows\System\vsAlIKb.exe
  2⤵
  PID:5848
- C:\Windows\System\coIIRrj.exe
  C:\Windows\System\coIIRrj.exe
  2⤵
  PID:5876
- C:\Windows\System\yaiIqag.exe
  C:\Windows\System\yaiIqag.exe
  2⤵
  PID:5892
- C:\Windows\System\rJFJiVV.exe
  C:\Windows\System\rJFJiVV.exe
  2⤵
  PID:5908
- C:\Windows\System\doonmpy.exe
  C:\Windows\System\doonmpy.exe
  2⤵
  PID:5944
- C:\Windows\System\XJmHUiQ.exe
  C:\Windows\System\XJmHUiQ.exe
  2⤵
  PID:5980
- C:\Windows\System\throAuc.exe
  C:\Windows\System\throAuc.exe
  2⤵
  PID:6024
- C:\Windows\System\HaPANpk.exe
  C:\Windows\System\HaPANpk.exe
  2⤵
  PID:6052
- C:\Windows\System\dxpnHTd.exe
  C:\Windows\System\dxpnHTd.exe
  2⤵
  PID:6072
- C:\Windows\System\tnwaiWa.exe
  C:\Windows\System\tnwaiWa.exe
  2⤵
  PID:6108
- C:\Windows\System\TbgKtWD.exe
  C:\Windows\System\TbgKtWD.exe
  2⤵
  PID:1464
- C:\Windows\System\jRBGAHA.exe
  C:\Windows\System\jRBGAHA.exe
  2⤵
  PID:5160
- C:\Windows\System\DunoHmQ.exe
  C:\Windows\System\DunoHmQ.exe
  2⤵
  PID:5208
- C:\Windows\System\oeglQck.exe
  C:\Windows\System\oeglQck.exe
  2⤵
  PID:5328
- C:\Windows\System\AfezYyL.exe
  C:\Windows\System\AfezYyL.exe
  2⤵
  PID:5384
- C:\Windows\System\yyKjZkQ.exe
  C:\Windows\System\yyKjZkQ.exe
  2⤵
  PID:5420
- C:\Windows\System\lZQMnQY.exe
  C:\Windows\System\lZQMnQY.exe
  2⤵
  PID:5496
- C:\Windows\System\fvyuhag.exe
  C:\Windows\System\fvyuhag.exe
  2⤵
  PID:5584
- C:\Windows\System\zfabTXk.exe
  C:\Windows\System\zfabTXk.exe
  2⤵
  PID:5648
- C:\Windows\System\qpDcNFg.exe
  C:\Windows\System\qpDcNFg.exe
  2⤵
  PID:5752
- C:\Windows\System\TrJZraM.exe
  C:\Windows\System\TrJZraM.exe
  2⤵
  PID:5804
- C:\Windows\System\VZDbpln.exe
  C:\Windows\System\VZDbpln.exe
  2⤵
  PID:5864
- C:\Windows\System\DBYyfxo.exe
  C:\Windows\System\DBYyfxo.exe
  2⤵
  PID:5920
- C:\Windows\System\AeQQQum.exe
  C:\Windows\System\AeQQQum.exe
  2⤵
  PID:5964
- C:\Windows\System\ryVoTjX.exe
  C:\Windows\System\ryVoTjX.exe
  2⤵
  PID:6068
- C:\Windows\System\FpaNwZF.exe
  C:\Windows\System\FpaNwZF.exe
  2⤵
  PID:6088
- C:\Windows\System\OTHlMeZ.exe
  C:\Windows\System\OTHlMeZ.exe
  2⤵
  PID:5152
- C:\Windows\System\Hdgrpcz.exe
  C:\Windows\System\Hdgrpcz.exe
  2⤵
  PID:5348
- C:\Windows\System\WgWOgCS.exe
  C:\Windows\System\WgWOgCS.exe
  2⤵
  PID:5460
- C:\Windows\System\QPrqhSN.exe
  C:\Windows\System\QPrqhSN.exe
  2⤵
  PID:5564
- C:\Windows\System\TXfdPUR.exe
  C:\Windows\System\TXfdPUR.exe
  2⤵
  PID:5692
- C:\Windows\System\lvoHKSs.exe
  C:\Windows\System\lvoHKSs.exe
  2⤵
  PID:6132
- C:\Windows\System\DVFTGtG.exe
  C:\Windows\System\DVFTGtG.exe
  2⤵
  PID:5408
- C:\Windows\System\VIEluzl.exe
  C:\Windows\System\VIEluzl.exe
  2⤵
  PID:5688
- C:\Windows\System\gCoXawV.exe
  C:\Windows\System\gCoXawV.exe
  2⤵
  PID:5672
- C:\Windows\System\yjOVwzb.exe
  C:\Windows\System\yjOVwzb.exe
  2⤵
  PID:6164
- C:\Windows\System\OsWegLz.exe
  C:\Windows\System\OsWegLz.exe
  2⤵
  PID:6200
- C:\Windows\System\exhiGuh.exe
  C:\Windows\System\exhiGuh.exe
  2⤵
  PID:6232
- C:\Windows\System\nbfaUqX.exe
  C:\Windows\System\nbfaUqX.exe
  2⤵
  PID:6252
- C:\Windows\System\eatztOp.exe
  C:\Windows\System\eatztOp.exe
  2⤵
  PID:6280
- C:\Windows\System\OnUgmAX.exe
  C:\Windows\System\OnUgmAX.exe
  2⤵
  PID:6312
- C:\Windows\System\OtpvSLL.exe
  C:\Windows\System\OtpvSLL.exe
  2⤵
  PID:6332
- C:\Windows\System\SmbJZDO.exe
  C:\Windows\System\SmbJZDO.exe
  2⤵
  PID:6348
- C:\Windows\System\SDiYfXq.exe
  C:\Windows\System\SDiYfXq.exe
  2⤵
  PID:6384
- C:\Windows\System\neUclob.exe
  C:\Windows\System\neUclob.exe
  2⤵
  PID:6408
- C:\Windows\System\wlmSzMg.exe
  C:\Windows\System\wlmSzMg.exe
  2⤵
  PID:6432
- C:\Windows\System\EyDiYWe.exe
  C:\Windows\System\EyDiYWe.exe
  2⤵
  PID:6464
- C:\Windows\System\YhCDMdI.exe
  C:\Windows\System\YhCDMdI.exe
  2⤵
  PID:6488
- C:\Windows\System\ghtBLAt.exe
  C:\Windows\System\ghtBLAt.exe
  2⤵
  PID:6508
- C:\Windows\System\WJWonCX.exe
  C:\Windows\System\WJWonCX.exe
  2⤵
  PID:6540
- C:\Windows\System\FmoxFFj.exe
  C:\Windows\System\FmoxFFj.exe
  2⤵
  PID:6572
- C:\Windows\System\nFJUkSZ.exe
  C:\Windows\System\nFJUkSZ.exe
  2⤵
  PID:6632
- C:\Windows\System\SlGNESC.exe
  C:\Windows\System\SlGNESC.exe
  2⤵
  PID:6652
- C:\Windows\System\eugDroi.exe
  C:\Windows\System\eugDroi.exe
  2⤵
  PID:6684
- C:\Windows\System\ZXbDWbL.exe
  C:\Windows\System\ZXbDWbL.exe
  2⤵
  PID:6708
- C:\Windows\System\kTgQwJO.exe
  C:\Windows\System\kTgQwJO.exe
  2⤵
  PID:6736
- C:\Windows\System\eQQKLKz.exe
  C:\Windows\System\eQQKLKz.exe
  2⤵
  PID:6760
- C:\Windows\System\rSbxgRs.exe
  C:\Windows\System\rSbxgRs.exe
  2⤵
  PID:6792
- C:\Windows\System\WlokkgH.exe
  C:\Windows\System\WlokkgH.exe
  2⤵
  PID:6816
- C:\Windows\System\HRVpEAx.exe
  C:\Windows\System\HRVpEAx.exe
  2⤵
  PID:6848
- C:\Windows\System\nyhySQP.exe
  C:\Windows\System\nyhySQP.exe
  2⤵
  PID:6876
- C:\Windows\System\gWZUCgu.exe
  C:\Windows\System\gWZUCgu.exe
  2⤵
  PID:6920
- C:\Windows\System\fdMJGtA.exe
  C:\Windows\System\fdMJGtA.exe
  2⤵
  PID:6936
- C:\Windows\System\JarXOxs.exe
  C:\Windows\System\JarXOxs.exe
  2⤵
  PID:6992
- C:\Windows\System\kXFOohL.exe
  C:\Windows\System\kXFOohL.exe
  2⤵
  PID:7008
- C:\Windows\System\svMONTe.exe
  C:\Windows\System\svMONTe.exe
  2⤵
  PID:7028
- C:\Windows\System\SxPSXcf.exe
  C:\Windows\System\SxPSXcf.exe
  2⤵
  PID:7068
- C:\Windows\System\jECtuAQ.exe
  C:\Windows\System\jECtuAQ.exe
  2⤵
  PID:7096
- C:\Windows\System\oIRnYvQ.exe
  C:\Windows\System\oIRnYvQ.exe
  2⤵
  PID:7120
- C:\Windows\System\jhjfXAn.exe
  C:\Windows\System\jhjfXAn.exe
  2⤵
  PID:7148
- C:\Windows\System\RfWifwE.exe
  C:\Windows\System\RfWifwE.exe
  2⤵
  PID:7164
- C:\Windows\System\plBKspe.exe
  C:\Windows\System\plBKspe.exe
  2⤵
  PID:6192
- C:\Windows\System\kYWmwYL.exe
  C:\Windows\System\kYWmwYL.exe
  2⤵
  PID:6264
- C:\Windows\System\ptJlWAj.exe
  C:\Windows\System\ptJlWAj.exe
  2⤵
  PID:6424
- C:\Windows\System\BAbdvct.exe
  C:\Windows\System\BAbdvct.exe
  2⤵
  PID:6496
- C:\Windows\System\IdsUsAD.exe
  C:\Windows\System\IdsUsAD.exe
  2⤵
  PID:6460
- C:\Windows\System\lRHHDOG.exe
  C:\Windows\System\lRHHDOG.exe
  2⤵
  PID:6580
- C:\Windows\System\FDycwoV.exe
  C:\Windows\System\FDycwoV.exe
  2⤵
  PID:6640
- C:\Windows\System\OgstwRX.exe
  C:\Windows\System\OgstwRX.exe
  2⤵
  PID:6648
- C:\Windows\System\bEpzKSN.exe
  C:\Windows\System\bEpzKSN.exe
  2⤵
  PID:6728
- C:\Windows\System\nDfZyfN.exe
  C:\Windows\System\nDfZyfN.exe
  2⤵
  PID:6808
- C:\Windows\System\tQWoVNB.exe
  C:\Windows\System\tQWoVNB.exe
  2⤵
  PID:6956
- C:\Windows\System\gJqBycc.exe
  C:\Windows\System\gJqBycc.exe
  2⤵
  PID:7112
- C:\Windows\System\MVBBOwa.exe
  C:\Windows\System\MVBBOwa.exe
  2⤵
  PID:7136
- C:\Windows\System\SurFXoi.exe
  C:\Windows\System\SurFXoi.exe
  2⤵
  PID:6400
- C:\Windows\System\hUKIGqW.exe
  C:\Windows\System\hUKIGqW.exe
  2⤵
  PID:6548
- C:\Windows\System\dBjIjRu.exe
  C:\Windows\System\dBjIjRu.exe
  2⤵
  PID:6724
- C:\Windows\System\OZcSBaw.exe
  C:\Windows\System\OZcSBaw.exe
  2⤵
  PID:6184
- C:\Windows\System\ROkDNfJ.exe
  C:\Windows\System\ROkDNfJ.exe
  2⤵
  PID:6224
- C:\Windows\System\lxaOvNU.exe
  C:\Windows\System\lxaOvNU.exe
  2⤵
  PID:6700
- C:\Windows\System\FcpFNtQ.exe
  C:\Windows\System\FcpFNtQ.exe
  2⤵
  PID:6416
- C:\Windows\System\YaZmXOy.exe
  C:\Windows\System\YaZmXOy.exe
  2⤵
  PID:6404
- C:\Windows\System\JyyNYxy.exe
  C:\Windows\System\JyyNYxy.exe
  2⤵
  PID:7192
- C:\Windows\System\hWnBzVu.exe
  C:\Windows\System\hWnBzVu.exe
  2⤵
  PID:7220
- C:\Windows\System\XUOfUjI.exe
  C:\Windows\System\XUOfUjI.exe
  2⤵
  PID:7248
- C:\Windows\System\bezQDdL.exe
  C:\Windows\System\bezQDdL.exe
  2⤵
  PID:7280
- C:\Windows\System\CgpeeNi.exe
  C:\Windows\System\CgpeeNi.exe
  2⤵
  PID:7304
- C:\Windows\System\KaNtdci.exe
  C:\Windows\System\KaNtdci.exe
  2⤵
  PID:7336
- C:\Windows\System\rFMIVXE.exe
  C:\Windows\System\rFMIVXE.exe
  2⤵
  PID:7372
- C:\Windows\System\FIqVAcQ.exe
  C:\Windows\System\FIqVAcQ.exe
  2⤵
  PID:7396
- C:\Windows\System\eBfZnAK.exe
  C:\Windows\System\eBfZnAK.exe
  2⤵
  PID:7452
- C:\Windows\System\kdQaQxg.exe
  C:\Windows\System\kdQaQxg.exe
  2⤵
  PID:7468
- C:\Windows\System\gssNdca.exe
  C:\Windows\System\gssNdca.exe
  2⤵
  PID:7500
- C:\Windows\System\LGuEAYj.exe
  C:\Windows\System\LGuEAYj.exe
  2⤵
  PID:7524
- C:\Windows\System\ujDUIgT.exe
  C:\Windows\System\ujDUIgT.exe
  2⤵
  PID:7552
- C:\Windows\System\lcmOvgB.exe
  C:\Windows\System\lcmOvgB.exe
  2⤵
  PID:7568
- C:\Windows\System\ABeAclZ.exe
  C:\Windows\System\ABeAclZ.exe
  2⤵
  PID:7584
- C:\Windows\System\EfPXCRr.exe
  C:\Windows\System\EfPXCRr.exe
  2⤵
  PID:7616
- C:\Windows\System\dEykjIs.exe
  C:\Windows\System\dEykjIs.exe
  2⤵
  PID:7668
- C:\Windows\System\DwBfdwM.exe
  C:\Windows\System\DwBfdwM.exe
  2⤵
  PID:7688
- C:\Windows\System\yEtQtTn.exe
  C:\Windows\System\yEtQtTn.exe
  2⤵
  PID:7708
- C:\Windows\System\emOvvXf.exe
  C:\Windows\System\emOvvXf.exe
  2⤵
  PID:7728
- C:\Windows\System\MHvgOMm.exe
  C:\Windows\System\MHvgOMm.exe
  2⤵
  PID:7756
- C:\Windows\System\FiIErOn.exe
  C:\Windows\System\FiIErOn.exe
  2⤵
  PID:7792
- C:\Windows\System\osraMwb.exe
  C:\Windows\System\osraMwb.exe
  2⤵
  PID:7824
- C:\Windows\System\VRTMubZ.exe
  C:\Windows\System\VRTMubZ.exe
  2⤵
  PID:7856
- C:\Windows\System\EuIVxaM.exe
  C:\Windows\System\EuIVxaM.exe
  2⤵
  PID:7892
- C:\Windows\System\klCTcrq.exe
  C:\Windows\System\klCTcrq.exe
  2⤵
  PID:7920
- C:\Windows\System\QPwiAsF.exe
  C:\Windows\System\QPwiAsF.exe
  2⤵
  PID:7948
- C:\Windows\System\NqzBanx.exe
  C:\Windows\System\NqzBanx.exe
  2⤵
  PID:7976
- C:\Windows\System\VysJjRy.exe
  C:\Windows\System\VysJjRy.exe
  2⤵
  PID:8004
- C:\Windows\System\rzTicTE.exe
  C:\Windows\System\rzTicTE.exe
  2⤵
  PID:8036
- C:\Windows\System\yMTlzjc.exe
  C:\Windows\System\yMTlzjc.exe
  2⤵
  PID:8060
- C:\Windows\System\ZtIipHw.exe
  C:\Windows\System\ZtIipHw.exe
  2⤵
  PID:8100
- C:\Windows\System\sHqTsnX.exe
  C:\Windows\System\sHqTsnX.exe
  2⤵
  PID:8116
- C:\Windows\System\dHdQdrh.exe
  C:\Windows\System\dHdQdrh.exe
  2⤵
  PID:8144
- C:\Windows\System\bXmDIix.exe
  C:\Windows\System\bXmDIix.exe
  2⤵
  PID:8172
- C:\Windows\System\AHzoIrV.exe
  C:\Windows\System\AHzoIrV.exe
  2⤵
  PID:7176
- C:\Windows\System\mmoHXqT.exe
  C:\Windows\System\mmoHXqT.exe
  2⤵
  PID:7216
- C:\Windows\System\bEooHQm.exe
  C:\Windows\System\bEooHQm.exe
  2⤵
  PID:7292
- C:\Windows\System\PDfFKpG.exe
  C:\Windows\System\PDfFKpG.exe
  2⤵
  PID:7360
- C:\Windows\System\lDHFfvC.exe
  C:\Windows\System\lDHFfvC.exe
  2⤵
  PID:7432
- C:\Windows\System\TnPlcKY.exe
  C:\Windows\System\TnPlcKY.exe
  2⤵
  PID:7516
- C:\Windows\System\TVhZtce.exe
  C:\Windows\System\TVhZtce.exe
  2⤵
  PID:7576
- C:\Windows\System\wPBkbeF.exe
  C:\Windows\System\wPBkbeF.exe
  2⤵
  PID:7656
- C:\Windows\System\ApAZyRM.exe
  C:\Windows\System\ApAZyRM.exe
  2⤵
  PID:7720
- C:\Windows\System\czearrB.exe
  C:\Windows\System\czearrB.exe
  2⤵
  PID:7784
- C:\Windows\System\omHPXvq.exe
  C:\Windows\System\omHPXvq.exe
  2⤵
  PID:7836
- C:\Windows\System\sZAdnNW.exe
  C:\Windows\System\sZAdnNW.exe
  2⤵
  PID:7880
- C:\Windows\System\TYXoxug.exe
  C:\Windows\System\TYXoxug.exe
  2⤵
  PID:7960
- C:\Windows\System\hzHScCW.exe
  C:\Windows\System\hzHScCW.exe
  2⤵
  PID:8056
- C:\Windows\System\MgqyAgD.exe
  C:\Windows\System\MgqyAgD.exe
  2⤵
  PID:8184
- C:\Windows\System\fktmJld.exe
  C:\Windows\System\fktmJld.exe
  2⤵
  PID:8136
- C:\Windows\System\VsawKPG.exe
  C:\Windows\System\VsawKPG.exe
  2⤵
  PID:7272
- C:\Windows\System\FJFTbQC.exe
  C:\Windows\System\FJFTbQC.exe
  2⤵
  PID:7384
- C:\Windows\System\NEOeHZE.exe
  C:\Windows\System\NEOeHZE.exe
  2⤵
  PID:7644
- C:\Windows\System\hXAQpgg.exe
  C:\Windows\System\hXAQpgg.exe
  2⤵
  PID:7788
- C:\Windows\System\eveisvn.exe
  C:\Windows\System\eveisvn.exe
  2⤵
  PID:7876
- C:\Windows\System\PoZdkfh.exe
  C:\Windows\System\PoZdkfh.exe
  2⤵
  PID:8044
- C:\Windows\System\ugbWLeC.exe
  C:\Windows\System\ugbWLeC.exe
  2⤵
  PID:7240
- C:\Windows\System\OpGKzrb.exe
  C:\Windows\System\OpGKzrb.exe
  2⤵
  PID:7608
- C:\Windows\System\SMCZClv.exe
  C:\Windows\System\SMCZClv.exe
  2⤵
  PID:8000
- C:\Windows\System\gMlCidv.exe
  C:\Windows\System\gMlCidv.exe
  2⤵
  PID:7912
- C:\Windows\System\VzesDSU.exe
  C:\Windows\System\VzesDSU.exe
  2⤵
  PID:7564
- C:\Windows\System\uJKnRHz.exe
  C:\Windows\System\uJKnRHz.exe
  2⤵
  PID:8204
- C:\Windows\System\LeKZKmL.exe
  C:\Windows\System\LeKZKmL.exe
  2⤵
  PID:8220
- C:\Windows\System\XWWzpwZ.exe
  C:\Windows\System\XWWzpwZ.exe
  2⤵
  PID:8248
- C:\Windows\System\bdAKcjo.exe
  C:\Windows\System\bdAKcjo.exe
  2⤵
  PID:8276
- C:\Windows\System\XbBFOvF.exe
  C:\Windows\System\XbBFOvF.exe
  2⤵
  PID:8300
- C:\Windows\System\bVMvHTi.exe
  C:\Windows\System\bVMvHTi.exe
  2⤵
  PID:8320
- C:\Windows\System\jYbiwIe.exe
  C:\Windows\System\jYbiwIe.exe
  2⤵
  PID:8368
- C:\Windows\System\KOrdFlG.exe
  C:\Windows\System\KOrdFlG.exe
  2⤵
  PID:8404
- C:\Windows\System\rwfpcpP.exe
  C:\Windows\System\rwfpcpP.exe
  2⤵
  PID:8440
- C:\Windows\System\zwDBFae.exe
  C:\Windows\System\zwDBFae.exe
  2⤵
  PID:8484
- C:\Windows\System\cBMosRz.exe
  C:\Windows\System\cBMosRz.exe
  2⤵
  PID:8500
- C:\Windows\System\zmaapLC.exe
  C:\Windows\System\zmaapLC.exe
  2⤵
  PID:8524
- C:\Windows\System\JEVRgur.exe
  C:\Windows\System\JEVRgur.exe
  2⤵
  PID:8544
- C:\Windows\System\ZiAWxIV.exe
  C:\Windows\System\ZiAWxIV.exe
  2⤵
  PID:8576
- C:\Windows\System\mpfdNnH.exe
  C:\Windows\System\mpfdNnH.exe
  2⤵
  PID:8600
- C:\Windows\System\kybIARt.exe
  C:\Windows\System\kybIARt.exe
  2⤵
  PID:8620
- C:\Windows\System\sMkBWlo.exe
  C:\Windows\System\sMkBWlo.exe
  2⤵
  PID:8652
- C:\Windows\System\lxYKNkL.exe
  C:\Windows\System\lxYKNkL.exe
  2⤵
  PID:8680
- C:\Windows\System\HlQNyMH.exe
  C:\Windows\System\HlQNyMH.exe
  2⤵
  PID:8704
- C:\Windows\System\ijqhiDP.exe
  C:\Windows\System\ijqhiDP.exe
  2⤵
  PID:8724
- C:\Windows\System\ypGpSld.exe
  C:\Windows\System\ypGpSld.exe
  2⤵
  PID:8756
- C:\Windows\System\UoBBULm.exe
  C:\Windows\System\UoBBULm.exe
  2⤵
  PID:8804
- C:\Windows\System\WFEBTOb.exe
  C:\Windows\System\WFEBTOb.exe
  2⤵
  PID:8852
- C:\Windows\System\vhefTzx.exe
  C:\Windows\System\vhefTzx.exe
  2⤵
  PID:8872
- C:\Windows\System\EmBkNJX.exe
  C:\Windows\System\EmBkNJX.exe
  2⤵
  PID:8900
- C:\Windows\System\aVIJUlz.exe
  C:\Windows\System\aVIJUlz.exe
  2⤵
  PID:8928
- C:\Windows\System\NNHkbIJ.exe
  C:\Windows\System\NNHkbIJ.exe
  2⤵
  PID:8956
- C:\Windows\System\fRKYwIi.exe
  C:\Windows\System\fRKYwIi.exe
  2⤵
  PID:8972
- C:\Windows\System\fuBKbyI.exe
  C:\Windows\System\fuBKbyI.exe
  2⤵
  PID:8996
- C:\Windows\System\vOUreXk.exe
  C:\Windows\System\vOUreXk.exe
  2⤵
  PID:9032
- C:\Windows\System\ZieyaDe.exe
  C:\Windows\System\ZieyaDe.exe
  2⤵
  PID:9076
- C:\Windows\System\mDnzEbR.exe
  C:\Windows\System\mDnzEbR.exe
  2⤵
  PID:9100
- C:\Windows\System\LIortIR.exe
  C:\Windows\System\LIortIR.exe
  2⤵
  PID:9124
- C:\Windows\System\KUrrfvA.exe
  C:\Windows\System\KUrrfvA.exe
  2⤵
  PID:9172
- C:\Windows\System\IiNLcbE.exe
  C:\Windows\System\IiNLcbE.exe
  2⤵
  PID:9200
- C:\Windows\System\oUkGQIx.exe
  C:\Windows\System\oUkGQIx.exe
  2⤵
  PID:8212
- C:\Windows\System\fLxtbIP.exe
  C:\Windows\System\fLxtbIP.exe
  2⤵
  PID:8264
- C:\Windows\System\shZIqwO.exe
  C:\Windows\System\shZIqwO.exe
  2⤵
  PID:8296
- C:\Windows\System\iiNrNCT.exe
  C:\Windows\System\iiNrNCT.exe
  2⤵
  PID:8364
- C:\Windows\System\YwAmFGN.exe
  C:\Windows\System\YwAmFGN.exe
  2⤵
  PID:8468
- C:\Windows\System\pnVKAUZ.exe
  C:\Windows\System\pnVKAUZ.exe
  2⤵
  PID:8520
- C:\Windows\System\vbHsYrZ.exe
  C:\Windows\System\vbHsYrZ.exe
  2⤵
  PID:8616
- C:\Windows\System\NAscBtW.exe
  C:\Windows\System\NAscBtW.exe
  2⤵
  PID:8596
- C:\Windows\System\tuCdqPp.exe
  C:\Windows\System\tuCdqPp.exe
  2⤵
  PID:8736
- C:\Windows\System\TWwtcpd.exe
  C:\Windows\System\TWwtcpd.exe
  2⤵
  PID:8716
- C:\Windows\System\kSKKTKW.exe
  C:\Windows\System\kSKKTKW.exe
  2⤵
  PID:8800
- C:\Windows\System\VGzYGGu.exe
  C:\Windows\System\VGzYGGu.exe
  2⤵
  PID:8888
- C:\Windows\System\OVgxdWj.exe
  C:\Windows\System\OVgxdWj.exe
  2⤵
  PID:8964
- C:\Windows\System\gvfyvtT.exe
  C:\Windows\System\gvfyvtT.exe
  2⤵
  PID:9008
- C:\Windows\System\qxqVndj.exe
  C:\Windows\System\qxqVndj.exe
  2⤵
  PID:9056
- C:\Windows\System\wPLoibI.exe
  C:\Windows\System\wPLoibI.exe
  2⤵
  PID:9196
- C:\Windows\System\YOgdGCl.exe
  C:\Windows\System\YOgdGCl.exe
  2⤵
  PID:8260
- C:\Windows\System\rynLTJt.exe
  C:\Windows\System\rynLTJt.exe
  2⤵
  PID:8456
- C:\Windows\System\QwODumr.exe
  C:\Windows\System\QwODumr.exe
  2⤵
  PID:8608
- C:\Windows\System\JkILAwf.exe
  C:\Windows\System\JkILAwf.exe
  2⤵
  PID:8816
- C:\Windows\System\NLGwCyx.exe
  C:\Windows\System\NLGwCyx.exe
  2⤵
  PID:8788
- C:\Windows\System\ARdhuPo.exe
  C:\Windows\System\ARdhuPo.exe
  2⤵
  PID:8860
- C:\Windows\System\CDkCvDG.exe
  C:\Windows\System\CDkCvDG.exe
  2⤵
  PID:8200
- C:\Windows\System\AFQIKLD.exe
  C:\Windows\System\AFQIKLD.exe
  2⤵
  PID:8592
- C:\Windows\System\LoiiiYe.exe
  C:\Windows\System\LoiiiYe.exe
  2⤵
  PID:8848
- C:\Windows\System\fupPtpZ.exe
  C:\Windows\System\fupPtpZ.exe
  2⤵
  PID:8352
- C:\Windows\System\KwGymiy.exe
  C:\Windows\System\KwGymiy.exe
  2⤵
  PID:9168
- C:\Windows\System\MdYYjCJ.exe
  C:\Windows\System\MdYYjCJ.exe
  2⤵
  PID:9224
- C:\Windows\System\wsWcwkn.exe
  C:\Windows\System\wsWcwkn.exe
  2⤵
  PID:9240
- C:\Windows\System\HrQGFzr.exe
  C:\Windows\System\HrQGFzr.exe
  2⤵
  PID:9268
- C:\Windows\System\RAHTbqb.exe
  C:\Windows\System\RAHTbqb.exe
  2⤵
  PID:9292
- C:\Windows\System\lRqqXAJ.exe
  C:\Windows\System\lRqqXAJ.exe
  2⤵
  PID:9324
- C:\Windows\System\SNQElUu.exe
  C:\Windows\System\SNQElUu.exe
  2⤵
  PID:9364
- C:\Windows\System\OZsvKrp.exe
  C:\Windows\System\OZsvKrp.exe
  2⤵
  PID:9380
- C:\Windows\System\LZnjCDG.exe
  C:\Windows\System\LZnjCDG.exe
  2⤵
  PID:9404
- C:\Windows\System\iIHxuVq.exe
  C:\Windows\System\iIHxuVq.exe
  2⤵
  PID:9424
- C:\Windows\System\qtBAWjL.exe
  C:\Windows\System\qtBAWjL.exe
  2⤵
  PID:9440
- C:\Windows\System\boAFSxP.exe
  C:\Windows\System\boAFSxP.exe
  2⤵
  PID:9468
- C:\Windows\System\oWYEAoL.exe
  C:\Windows\System\oWYEAoL.exe
  2⤵
  PID:9496
- C:\Windows\System\VzuqRjW.exe
  C:\Windows\System\VzuqRjW.exe
  2⤵
  PID:9560
- C:\Windows\System\rLiFurR.exe
  C:\Windows\System\rLiFurR.exe
  2⤵
  PID:9584
- C:\Windows\System\damMAie.exe
  C:\Windows\System\damMAie.exe
  2⤵
  PID:9600
- C:\Windows\System\rLRRqff.exe
  C:\Windows\System\rLRRqff.exe
  2⤵
  PID:9644
- C:\Windows\System\ofigCIP.exe
  C:\Windows\System\ofigCIP.exe
  2⤵
  PID:9660
- C:\Windows\System\lTEhHXT.exe
  C:\Windows\System\lTEhHXT.exe
  2⤵
  PID:9688
- C:\Windows\System\hYoAjoU.exe
  C:\Windows\System\hYoAjoU.exe
  2⤵
  PID:9728
- C:\Windows\System\dqdMSHN.exe
  C:\Windows\System\dqdMSHN.exe
  2⤵
  PID:9744
- C:\Windows\System\cJidfJI.exe
  C:\Windows\System\cJidfJI.exe
  2⤵
  PID:9784
- C:\Windows\System\mrxxisj.exe
  C:\Windows\System\mrxxisj.exe
  2⤵
  PID:9800
- C:\Windows\System\aFIZlYS.exe
  C:\Windows\System\aFIZlYS.exe
  2⤵
  PID:9832
- C:\Windows\System\EOCtBCV.exe
  C:\Windows\System\EOCtBCV.exe
  2⤵
  PID:9864
- C:\Windows\System\EVKsjzk.exe
  C:\Windows\System\EVKsjzk.exe
  2⤵
  PID:9888
- C:\Windows\System\MvIfIQG.exe
  C:\Windows\System\MvIfIQG.exe
  2⤵
  PID:9912
- C:\Windows\System\ttEUGSY.exe
  C:\Windows\System\ttEUGSY.exe
  2⤵
  PID:9928
- C:\Windows\System\eKyBUbr.exe
  C:\Windows\System\eKyBUbr.exe
  2⤵
  PID:9956
- C:\Windows\System\VXZcaNL.exe
  C:\Windows\System\VXZcaNL.exe
  2⤵
  PID:9976
- C:\Windows\System\XNQPPcW.exe
  C:\Windows\System\XNQPPcW.exe
  2⤵
  PID:10004
- C:\Windows\System\lnGIbES.exe
  C:\Windows\System\lnGIbES.exe
  2⤵
  PID:10040
- C:\Windows\System\uGMjeGL.exe
  C:\Windows\System\uGMjeGL.exe
  2⤵
  PID:10068
- C:\Windows\System\ZaSIsPG.exe
  C:\Windows\System\ZaSIsPG.exe
  2⤵
  PID:10096
- C:\Windows\System\luwQeex.exe
  C:\Windows\System\luwQeex.exe
  2⤵
  PID:10112
- C:\Windows\System\dkUTuoX.exe
  C:\Windows\System\dkUTuoX.exe
  2⤵
  PID:10136
- C:\Windows\System\uZmfebr.exe
  C:\Windows\System\uZmfebr.exe
  2⤵
  PID:10164
- C:\Windows\System\yUHPRvk.exe
  C:\Windows\System\yUHPRvk.exe
  2⤵
  PID:10216
- C:\Windows\System\nDUVeEN.exe
  C:\Windows\System\nDUVeEN.exe
  2⤵
  PID:9252
- C:\Windows\System\FvMjfDk.exe
  C:\Windows\System\FvMjfDk.exe
  2⤵
  PID:9288
- C:\Windows\System\VPxEvzA.exe
  C:\Windows\System\VPxEvzA.exe
  2⤵
  PID:9356
- C:\Windows\System\vCAIuVP.exe
  C:\Windows\System\vCAIuVP.exe
  2⤵
  PID:9432
- C:\Windows\System\mSUzpQB.exe
  C:\Windows\System\mSUzpQB.exe
  2⤵
  PID:9484
- C:\Windows\System\lftcSiQ.exe
  C:\Windows\System\lftcSiQ.exe
  2⤵
  PID:9592
- C:\Windows\System\rzATroX.exe
  C:\Windows\System\rzATroX.exe
  2⤵
  PID:9680
- C:\Windows\System\yftaDZa.exe
  C:\Windows\System\yftaDZa.exe
  2⤵
  PID:9760
- C:\Windows\System\zwhGykA.exe
  C:\Windows\System\zwhGykA.exe
  2⤵
  PID:9812
- C:\Windows\System\gEEBqkj.exe
  C:\Windows\System\gEEBqkj.exe
  2⤵
  PID:9884
- C:\Windows\System\mfFgHvg.exe
  C:\Windows\System\mfFgHvg.exe
  2⤵
  PID:9948
- C:\Windows\System\bHzQYSs.exe
  C:\Windows\System\bHzQYSs.exe
  2⤵
  PID:9968
- C:\Windows\System\LrpWcWK.exe
  C:\Windows\System\LrpWcWK.exe
  2⤵
  PID:10056
- C:\Windows\System\VZwmqHl.exe
  C:\Windows\System\VZwmqHl.exe
  2⤵
  PID:10148
- C:\Windows\System\IStdHhc.exe
  C:\Windows\System\IStdHhc.exe
  2⤵
  PID:10208
- C:\Windows\System\LuHytQM.exe
  C:\Windows\System\LuHytQM.exe
  2⤵
  PID:9236
- C:\Windows\System\hAFJoqr.exe
  C:\Windows\System\hAFJoqr.exe
  2⤵
  PID:9460
- C:\Windows\System\uzdbnij.exe
  C:\Windows\System\uzdbnij.exe
  2⤵
  PID:9736
- C:\Windows\System\IwMvEps.exe
  C:\Windows\System\IwMvEps.exe
  2⤵
  PID:9856
- C:\Windows\System\iwGEsqN.exe
  C:\Windows\System\iwGEsqN.exe
  2⤵
  PID:9904
- C:\Windows\System\cwOZqcQ.exe
  C:\Windows\System\cwOZqcQ.exe
  2⤵
  PID:10204
- C:\Windows\System\XlrIShd.exe
  C:\Windows\System\XlrIShd.exe
  2⤵
  PID:9412
- C:\Windows\System\hyKNfEk.exe
  C:\Windows\System\hyKNfEk.exe
  2⤵
  PID:9876
- C:\Windows\System\rYebKjj.exe
  C:\Windows\System\rYebKjj.exe
  2⤵
  PID:10108
- C:\Windows\System\mYzzpey.exe
  C:\Windows\System\mYzzpey.exe
  2⤵
  PID:10268
- C:\Windows\System\aTtHDrq.exe
  C:\Windows\System\aTtHDrq.exe
  2⤵
  PID:10292
- C:\Windows\System\gkYNpGh.exe
  C:\Windows\System\gkYNpGh.exe
  2⤵
  PID:10312
- C:\Windows\System\NUZrzyD.exe
  C:\Windows\System\NUZrzyD.exe
  2⤵
  PID:10332
- C:\Windows\System\SULdzCY.exe
  C:\Windows\System\SULdzCY.exe
  2⤵
  PID:10360
- C:\Windows\System\WKpKzKS.exe
  C:\Windows\System\WKpKzKS.exe
  2⤵
  PID:10380
- C:\Windows\System\zZAlEmZ.exe
  C:\Windows\System\zZAlEmZ.exe
  2⤵
  PID:10428
- C:\Windows\System\pOKbylc.exe
  C:\Windows\System\pOKbylc.exe
  2⤵
  PID:10452
- C:\Windows\System\bJGsATH.exe
  C:\Windows\System\bJGsATH.exe
  2⤵
  PID:10492
- C:\Windows\System\wdDsqMr.exe
  C:\Windows\System\wdDsqMr.exe
  2⤵
  PID:10512
- C:\Windows\System\xKApcKV.exe
  C:\Windows\System\xKApcKV.exe
  2⤵
  PID:10536
- C:\Windows\System\pJtdHKy.exe
  C:\Windows\System\pJtdHKy.exe
  2⤵
  PID:10552
- C:\Windows\System\YbHTJhb.exe
  C:\Windows\System\YbHTJhb.exe
  2⤵
  PID:10592
- C:\Windows\System\lYMGXlS.exe
  C:\Windows\System\lYMGXlS.exe
  2⤵
  PID:10620
- C:\Windows\System\czVuPrB.exe
  C:\Windows\System\czVuPrB.exe
  2⤵
  PID:10648
- C:\Windows\System\qEjYcBD.exe
  C:\Windows\System\qEjYcBD.exe
  2⤵
  PID:10668
- C:\Windows\System\IFbtxeZ.exe
  C:\Windows\System\IFbtxeZ.exe
  2⤵
  PID:10696
- C:\Windows\System\UHgWEhf.exe
  C:\Windows\System\UHgWEhf.exe
  2⤵
  PID:10728
- C:\Windows\System\DZfyihx.exe
  C:\Windows\System\DZfyihx.exe
  2⤵
  PID:10748
- C:\Windows\System\utCsVcf.exe
  C:\Windows\System\utCsVcf.exe
  2⤵
  PID:10776
- C:\Windows\System\OCaXKVH.exe
  C:\Windows\System\OCaXKVH.exe
  2⤵
  PID:10800
- C:\Windows\System\PxqMbuP.exe
  C:\Windows\System\PxqMbuP.exe
  2⤵
  PID:10828
- C:\Windows\System\BdWuwzW.exe
  C:\Windows\System\BdWuwzW.exe
  2⤵
  PID:10872
- C:\Windows\System\wjBEoXQ.exe
  C:\Windows\System\wjBEoXQ.exe
  2⤵
  PID:10900
- C:\Windows\System\IALmNIj.exe
  C:\Windows\System\IALmNIj.exe
  2⤵
  PID:10940
- C:\Windows\System\lbilhry.exe
  C:\Windows\System\lbilhry.exe
  2⤵
  PID:10956
- C:\Windows\System\NxImBrc.exe
  C:\Windows\System\NxImBrc.exe
  2⤵
  PID:10984
- C:\Windows\System\sFbsbPN.exe
  C:\Windows\System\sFbsbPN.exe
  2⤵
  PID:11000
- C:\Windows\System\wXCOfNA.exe
  C:\Windows\System\wXCOfNA.exe
  2⤵
  PID:11052
- C:\Windows\System\zJmZmoQ.exe
  C:\Windows\System\zJmZmoQ.exe
  2⤵
  PID:11080
- C:\Windows\System\dbYctmJ.exe
  C:\Windows\System\dbYctmJ.exe
  2⤵
  PID:11096
- C:\Windows\System\swrCOIg.exe
  C:\Windows\System\swrCOIg.exe
  2⤵
  PID:11124
- C:\Windows\System\FiMnxae.exe
  C:\Windows\System\FiMnxae.exe
  2⤵
  PID:11148
- C:\Windows\System\OSEHwTV.exe
  C:\Windows\System\OSEHwTV.exe
  2⤵
  PID:11180
- C:\Windows\System\LqpRYgu.exe
  C:\Windows\System\LqpRYgu.exe
  2⤵
  PID:11196
- C:\Windows\System\zXcEyGO.exe
  C:\Windows\System\zXcEyGO.exe
  2⤵
  PID:11236
- C:\Windows\System\SXYIpzL.exe
  C:\Windows\System\SXYIpzL.exe
  2⤵
  PID:11252
- C:\Windows\System\kBScOis.exe
  C:\Windows\System\kBScOis.exe
  2⤵
  PID:8776
- C:\Windows\System\dSpSKog.exe
  C:\Windows\System\dSpSKog.exe
  2⤵
  PID:10284
- C:\Windows\System\kVxvDQC.exe
  C:\Windows\System\kVxvDQC.exe
  2⤵
  PID:10356
- C:\Windows\System\oFburTF.exe
  C:\Windows\System\oFburTF.exe
  2⤵
  PID:10416
- C:\Windows\System\XQbkkem.exe
  C:\Windows\System\XQbkkem.exe
  2⤵
  PID:10472
- C:\Windows\System\zKjjelJ.exe
  C:\Windows\System\zKjjelJ.exe
  2⤵
  PID:10532
- C:\Windows\System\kbRPbvA.exe
  C:\Windows\System\kbRPbvA.exe
  2⤵
  PID:10608
- C:\Windows\System\mnkkuHk.exe
  C:\Windows\System\mnkkuHk.exe
  2⤵
  PID:10656
- C:\Windows\System\dUbkbKw.exe
  C:\Windows\System\dUbkbKw.exe
  2⤵
  PID:10704
- C:\Windows\System\bVNiPxP.exe
  C:\Windows\System\bVNiPxP.exe
  2⤵
  PID:10812
- C:\Windows\System\KmjQTyZ.exe
  C:\Windows\System\KmjQTyZ.exe
  2⤵
  PID:10888
- C:\Windows\System\viGFRkf.exe
  C:\Windows\System\viGFRkf.exe
  2⤵
  PID:10924
- C:\Windows\System\FkDayRM.exe
  C:\Windows\System\FkDayRM.exe
  2⤵
  PID:10996
- C:\Windows\System\otXwryS.exe
  C:\Windows\System\otXwryS.exe
  2⤵
  PID:11088
- C:\Windows\System\qzpVdCP.exe
  C:\Windows\System\qzpVdCP.exe
  2⤵
  PID:11132
- C:\Windows\System\fsTbxHr.exe
  C:\Windows\System\fsTbxHr.exe
  2⤵
  PID:11188
- C:\Windows\System\AoTifQu.exe
  C:\Windows\System\AoTifQu.exe
  2⤵
  PID:9964
- C:\Windows\System\pEVAzNz.exe
  C:\Windows\System\pEVAzNz.exe
  2⤵
  PID:10372
- C:\Windows\System\JDrjROu.exe
  C:\Windows\System\JDrjROu.exe
  2⤵
  PID:10636
- C:\Windows\System\ffDoVBR.exe
  C:\Windows\System\ffDoVBR.exe
  2⤵
  PID:10788
- C:\Windows\System\RGMnzrr.exe
  C:\Windows\System\RGMnzrr.exe
  2⤵
  PID:10932
- C:\Windows\System\WNEdGZm.exe
  C:\Windows\System\WNEdGZm.exe
  2⤵
  PID:11020
- C:\Windows\System\sMiAjzS.exe
  C:\Windows\System\sMiAjzS.exe
  2⤵
  PID:11160
- C:\Windows\System\mseqbmK.exe
  C:\Windows\System\mseqbmK.exe
  2⤵
  PID:10304
- C:\Windows\System\oVckOlx.exe
  C:\Windows\System\oVckOlx.exe
  2⤵
  PID:10796
- C:\Windows\System\cEwpQSr.exe
  C:\Windows\System\cEwpQSr.exe
  2⤵
  PID:10972
- C:\Windows\System\aKNSCUw.exe
  C:\Windows\System\aKNSCUw.exe
  2⤵
  PID:10368
- C:\Windows\System\SyjjnVD.exe
  C:\Windows\System\SyjjnVD.exe
  2⤵
  PID:11276
- C:\Windows\System\pOYnDzI.exe
  C:\Windows\System\pOYnDzI.exe
  2⤵
  PID:11304
- C:\Windows\System\jhRFTps.exe
  C:\Windows\System\jhRFTps.exe
  2⤵
  PID:11324
- C:\Windows\System\AXkLlIt.exe
  C:\Windows\System\AXkLlIt.exe
  2⤵
  PID:11352
- C:\Windows\System\zOXxeVz.exe
  C:\Windows\System\zOXxeVz.exe
  2⤵
  PID:11392
- C:\Windows\System\pNHFBAC.exe
  C:\Windows\System\pNHFBAC.exe
  2⤵
  PID:11412
- C:\Windows\System\cExbrYo.exe
  C:\Windows\System\cExbrYo.exe
  2⤵
  PID:11436
- C:\Windows\System\oWjZHCp.exe
  C:\Windows\System\oWjZHCp.exe
  2⤵
  PID:11464
- C:\Windows\System\UjGKahN.exe
  C:\Windows\System\UjGKahN.exe
  2⤵
  PID:11492
- C:\Windows\System\ZAKdoqi.exe
  C:\Windows\System\ZAKdoqi.exe
  2⤵
  PID:11508
- C:\Windows\System\zfrcKfU.exe
  C:\Windows\System\zfrcKfU.exe
  2⤵
  PID:11532
- C:\Windows\System\dOhSrIv.exe
  C:\Windows\System\dOhSrIv.exe
  2⤵
  PID:11552
- C:\Windows\System\GryyElB.exe
  C:\Windows\System\GryyElB.exe
  2⤵
  PID:11592
- C:\Windows\System\JCFZIiJ.exe
  C:\Windows\System\JCFZIiJ.exe
  2⤵
  PID:11628
- C:\Windows\System\EmWBsOy.exe
  C:\Windows\System\EmWBsOy.exe
  2⤵
  PID:11660
- C:\Windows\System\lApqUUv.exe
  C:\Windows\System\lApqUUv.exe
  2⤵
  PID:11696
- C:\Windows\System\vXPGATc.exe
  C:\Windows\System\vXPGATc.exe
  2⤵
  PID:11720
- C:\Windows\System\LDZUuWe.exe
  C:\Windows\System\LDZUuWe.exe
  2⤵
  PID:11748
- C:\Windows\System\MTkhZaz.exe
  C:\Windows\System\MTkhZaz.exe
  2⤵
  PID:11788
- C:\Windows\System\iZBmgrL.exe
  C:\Windows\System\iZBmgrL.exe
  2⤵
  PID:11812
- C:\Windows\System\CsLkTEG.exe
  C:\Windows\System\CsLkTEG.exe
  2⤵
  PID:11856
- C:\Windows\System\eanOLKn.exe
  C:\Windows\System\eanOLKn.exe
  2⤵
  PID:11884
- C:\Windows\System\HXUsjjg.exe
  C:\Windows\System\HXUsjjg.exe
  2⤵
  PID:11900
- C:\Windows\System\kfjgHBx.exe
  C:\Windows\System\kfjgHBx.exe
  2⤵
  PID:11928
- C:\Windows\System\nxWNbGr.exe
  C:\Windows\System\nxWNbGr.exe
  2⤵
  PID:11952
- C:\Windows\System\jcpFOeL.exe
  C:\Windows\System\jcpFOeL.exe
  2⤵
  PID:11984
- C:\Windows\System\HlZppXQ.exe
  C:\Windows\System\HlZppXQ.exe
  2⤵
  PID:12024
- C:\Windows\System\UtiKiWP.exe
  C:\Windows\System\UtiKiWP.exe
  2⤵
  PID:12044
- C:\Windows\System\wSFwrgV.exe
  C:\Windows\System\wSFwrgV.exe
  2⤵
  PID:12068
- C:\Windows\System\rdOQJmE.exe
  C:\Windows\System\rdOQJmE.exe
  2⤵
  PID:12100
- C:\Windows\System\LqqXuih.exe
  C:\Windows\System\LqqXuih.exe
  2⤵
  PID:12120
- C:\Windows\System\WrqZPzr.exe
  C:\Windows\System\WrqZPzr.exe
  2⤵
  PID:12164
- C:\Windows\System\jIPVvPT.exe
  C:\Windows\System\jIPVvPT.exe
  2⤵
  PID:12180
- C:\Windows\System\SlBlrbX.exe
  C:\Windows\System\SlBlrbX.exe
  2⤵
  PID:12200
- C:\Windows\System\AEwMeIZ.exe
  C:\Windows\System\AEwMeIZ.exe
  2⤵
  PID:12220
- C:\Windows\System\yAhJmzr.exe
  C:\Windows\System\yAhJmzr.exe
  2⤵
  PID:12248
- C:\Windows\System\TaJcdQz.exe
  C:\Windows\System\TaJcdQz.exe
  2⤵
  PID:12272
- C:\Windows\System\dXmfNzK.exe
  C:\Windows\System\dXmfNzK.exe
  2⤵
  PID:11248
- C:\Windows\System\HUdysev.exe
  C:\Windows\System\HUdysev.exe
  2⤵
  PID:10856
- C:\Windows\System\dFrqOeK.exe
  C:\Windows\System\dFrqOeK.exe
  2⤵
  PID:11452
- C:\Windows\System\KlIwLcZ.exe
  C:\Windows\System\KlIwLcZ.exe
  2⤵
  PID:11424
- C:\Windows\System\MdOguKv.exe
  C:\Windows\System\MdOguKv.exe
  2⤵
  PID:11484
- C:\Windows\System\SqUPJuP.exe
  C:\Windows\System\SqUPJuP.exe
  2⤵
  PID:11656
- C:\Windows\System\fhRDOPI.exe
  C:\Windows\System\fhRDOPI.exe
  2⤵
  PID:11680
- C:\Windows\System\RjUZACJ.exe
  C:\Windows\System\RjUZACJ.exe
  2⤵
  PID:11736
- C:\Windows\System\LZctyNf.exe
  C:\Windows\System\LZctyNf.exe
  2⤵
  PID:11852
- C:\Windows\System\CGOYFvc.exe
  C:\Windows\System\CGOYFvc.exe
  2⤵
  PID:11912
- C:\Windows\System\dClNrDV.exe
  C:\Windows\System\dClNrDV.exe
  2⤵
  PID:11964
- C:\Windows\System\YVhlPTL.exe
  C:\Windows\System\YVhlPTL.exe
  2⤵
  PID:12004
- C:\Windows\System\pPDSidy.exe
  C:\Windows\System\pPDSidy.exe
  2⤵
  PID:12080
- C:\Windows\System\ITTOVkc.exe
  C:\Windows\System\ITTOVkc.exe
  2⤵
  PID:12152
- C:\Windows\System\Gxpktwx.exe
  C:\Windows\System\Gxpktwx.exe
  2⤵
  PID:12176
- C:\Windows\System\TPcISsT.exe
  C:\Windows\System\TPcISsT.exe
  2⤵
  PID:10548
- C:\Windows\System\zYxtogY.exe
  C:\Windows\System\zYxtogY.exe
  2⤵
  PID:11300
- C:\Windows\System\JKwoNuE.exe
  C:\Windows\System\JKwoNuE.exe
  2⤵
  PID:11376
- C:\Windows\System\RjsZOlH.exe
  C:\Windows\System\RjsZOlH.exe
  2⤵
  PID:11624
- C:\Windows\System\DrwUBnL.exe
  C:\Windows\System\DrwUBnL.exe
  2⤵
  PID:11588
- C:\Windows\System\mUSfQVB.exe
  C:\Windows\System\mUSfQVB.exe
  2⤵
  PID:11832
- C:\Windows\System\YTWNOYj.exe
  C:\Windows\System\YTWNOYj.exe
  2⤵
  PID:12140
- C:\Windows\System\UxQcObk.exe
  C:\Windows\System\UxQcObk.exe
  2⤵
  PID:12144
- C:\Windows\System\nqCutQx.exe
  C:\Windows\System\nqCutQx.exe
  2⤵
  PID:11420
- C:\Windows\System\WlDKELm.exe
  C:\Windows\System\WlDKELm.exe
  2⤵
  PID:11936
- C:\Windows\System\hBKUHMM.exe
  C:\Windows\System\hBKUHMM.exe
  2⤵
  PID:12064
- C:\Windows\System\IfMEoyM.exe
  C:\Windows\System\IfMEoyM.exe
  2⤵
  PID:11384
- C:\Windows\System\AMwHccP.exe
  C:\Windows\System\AMwHccP.exe
  2⤵
  PID:11684
- C:\Windows\System\GjQXQnl.exe
  C:\Windows\System\GjQXQnl.exe
  2⤵
  PID:12328
- C:\Windows\System\fXPzxzw.exe
  C:\Windows\System\fXPzxzw.exe
  2⤵
  PID:12352
- C:\Windows\System\PrWBLUH.exe
  C:\Windows\System\PrWBLUH.exe
  2⤵
  PID:12372
- C:\Windows\System\nzswvAA.exe
  C:\Windows\System\nzswvAA.exe
  2⤵
  PID:12396
- C:\Windows\System\ipAdaEq.exe
  C:\Windows\System\ipAdaEq.exe
  2⤵
  PID:12428
- C:\Windows\System\MKXMDWq.exe
  C:\Windows\System\MKXMDWq.exe
  2⤵
  PID:12448
- C:\Windows\System\fFvuwMA.exe
  C:\Windows\System\fFvuwMA.exe
  2⤵
  PID:12476
- C:\Windows\System\LAYBghA.exe
  C:\Windows\System\LAYBghA.exe
  2⤵
  PID:12520
- C:\Windows\System\aWFivoo.exe
  C:\Windows\System\aWFivoo.exe
  2⤵
  PID:12544
- C:\Windows\System\zNpxabk.exe
  C:\Windows\System\zNpxabk.exe
  2⤵
  PID:12568
- C:\Windows\System\PgYJear.exe
  C:\Windows\System\PgYJear.exe
  2⤵
  PID:12596
- C:\Windows\System\DawMRcN.exe
  C:\Windows\System\DawMRcN.exe
  2⤵
  PID:12616
- C:\Windows\System\JncBnLZ.exe
  C:\Windows\System\JncBnLZ.exe
  2⤵
  PID:12644
- C:\Windows\System\KkLnuXZ.exe
  C:\Windows\System\KkLnuXZ.exe
  2⤵
  PID:12700
- C:\Windows\System\kWHTpwE.exe
  C:\Windows\System\kWHTpwE.exe
  2⤵
  PID:12752
- C:\Windows\System\iGlVWXT.exe
  C:\Windows\System\iGlVWXT.exe
  2⤵
  PID:12792
- C:\Windows\System\gtbKqfb.exe
  C:\Windows\System\gtbKqfb.exe
  2⤵
  PID:12832
- C:\Windows\System\vGzSHlK.exe
  C:\Windows\System\vGzSHlK.exe
  2⤵
  PID:12852
- C:\Windows\System\vcCOBEU.exe
  C:\Windows\System\vcCOBEU.exe
  2⤵
  PID:12868
- C:\Windows\System\BllUlcX.exe
  C:\Windows\System\BllUlcX.exe
  2⤵
  PID:12896
- C:\Windows\System\OQFJxZf.exe
  C:\Windows\System\OQFJxZf.exe
  2⤵
  PID:12920
- C:\Windows\System\FclNHkM.exe
  C:\Windows\System\FclNHkM.exe
  2⤵
  PID:12960
- C:\Windows\System\CvOWbwE.exe
  C:\Windows\System\CvOWbwE.exe
  2⤵
  PID:12988
- C:\Windows\System\DfEalTf.exe
  C:\Windows\System\DfEalTf.exe
  2⤵
  PID:13008
- C:\Windows\System\cXvNQnO.exe
  C:\Windows\System\cXvNQnO.exe
  2⤵
  PID:13036
- C:\Windows\System\ydoJzic.exe
  C:\Windows\System\ydoJzic.exe
  2⤵
  PID:13084
- C:\Windows\System\WaPKYGN.exe
  C:\Windows\System\WaPKYGN.exe
  2⤵
  PID:13104
- C:\Windows\System\CkPfLHn.exe
  C:\Windows\System\CkPfLHn.exe
  2⤵
  PID:13168
- C:\Windows\System\LmUtvKd.exe
  C:\Windows\System\LmUtvKd.exe
  2⤵
  PID:13196
- C:\Windows\System\MkZCGeI.exe
  C:\Windows\System\MkZCGeI.exe
  2⤵
  PID:13240
- C:\Windows\System\chFjtPs.exe
  C:\Windows\System\chFjtPs.exe
  2⤵
  PID:13268
- C:\Windows\System\nSPxPLv.exe
  C:\Windows\System\nSPxPLv.exe
  2⤵
  PID:13284
- C:\Windows\System\dKbDivv.exe
  C:\Windows\System\dKbDivv.exe
  2⤵
  PID:12312
- C:\Windows\System\vumtbmt.exe
  C:\Windows\System\vumtbmt.exe
  2⤵
  PID:12348
- C:\Windows\System\DOfQtPL.exe
  C:\Windows\System\DOfQtPL.exe
  2⤵
  PID:12420
- C:\Windows\System\LlRLaeV.exe
  C:\Windows\System\LlRLaeV.exe
  2⤵
  PID:12464
- C:\Windows\System\aVDcvqI.exe
  C:\Windows\System\aVDcvqI.exe
  2⤵
  PID:12608
- C:\Windows\System\daUhCkk.exe
  C:\Windows\System\daUhCkk.exe
  2⤵
  PID:12680
- C:\Windows\System\eKeduEk.exe
  C:\Windows\System\eKeduEk.exe
  2⤵
  PID:12824
- C:\Windows\System\pxrQCAh.exe
  C:\Windows\System\pxrQCAh.exe
  2⤵
  PID:12884
- C:\Windows\System\TEeJKvK.exe
  C:\Windows\System\TEeJKvK.exe
  2⤵
  PID:12916
- C:\Windows\System\Pmytnlc.exe
  C:\Windows\System\Pmytnlc.exe
  2⤵
  PID:12980
- C:\Windows\System\XruBFFl.exe
  C:\Windows\System\XruBFFl.exe
  2⤵
  PID:13064
- C:\Windows\System\zNpxTfp.exe
  C:\Windows\System\zNpxTfp.exe
  2⤵
  PID:13128
- C:\Windows\System\CXOAtLL.exe
  C:\Windows\System\CXOAtLL.exe
  2⤵
  PID:13236
- C:\Windows\System\QFUZHBc.exe
  C:\Windows\System\QFUZHBc.exe
  2⤵
  PID:13276
- C:\Windows\System\DWuWwBs.exe
  C:\Windows\System\DWuWwBs.exe
  2⤵
  PID:12384
- C:\Windows\System\KMmzMUK.exe
  C:\Windows\System\KMmzMUK.exe
  2⤵
  PID:12444
- C:\Windows\System\YxShUDa.exe
  C:\Windows\System\YxShUDa.exe
  2⤵
  PID:12632
- C:\Windows\System\hrRRDQj.exe
  C:\Windows\System\hrRRDQj.exe
  2⤵
  PID:12860
- C:\Windows\System\grrkIBP.exe
  C:\Windows\System\grrkIBP.exe
  2⤵
  PID:12956
- C:\Windows\System\BhSAIWx.exe
  C:\Windows\System\BhSAIWx.exe
  2⤵
  PID:13096
- C:\Windows\System\IAsNBSe.exe
  C:\Windows\System\IAsNBSe.exe
  2⤵
  PID:12392
- C:\Windows\System\YiQPnrU.exe
  C:\Windows\System\YiQPnrU.exe
  2⤵
  PID:12972
- C:\Windows\System\JKApRYy.exe
  C:\Windows\System\JKApRYy.exe
  2⤵
  PID:13092
- C:\Windows\System\TDadozF.exe
  C:\Windows\System\TDadozF.exe
  2⤵
  PID:13324
- C:\Windows\System\bxkKHsW.exe
  C:\Windows\System\bxkKHsW.exe
  2⤵
  PID:13360
- C:\Windows\System\sSCCiit.exe
  C:\Windows\System\sSCCiit.exe
  2⤵
  PID:13396
- C:\Windows\System\IGcvPVd.exe
  C:\Windows\System\IGcvPVd.exe
  2⤵
  PID:13420
- C:\Windows\System\LbjSZXP.exe
  C:\Windows\System\LbjSZXP.exe
  2⤵
  PID:13440
- C:\Windows\System\teEOeYu.exe
  C:\Windows\System\teEOeYu.exe
  2⤵
  PID:13480
- C:\Windows\System\eMpKuGE.exe
  C:\Windows\System\eMpKuGE.exe
  2⤵
  PID:13508
- C:\Windows\System\xySOLQz.exe
  C:\Windows\System\xySOLQz.exe
  2⤵
  PID:13532
- C:\Windows\System\GygeIVT.exe
  C:\Windows\System\GygeIVT.exe
  2⤵
  PID:13564
- C:\Windows\System\XYTHivc.exe
  C:\Windows\System\XYTHivc.exe
  2⤵
  PID:13592
- C:\Windows\System\MtwLNbr.exe
  C:\Windows\System\MtwLNbr.exe
  2⤵
  PID:13612
- C:\Windows\System\wbJRMUq.exe
  C:\Windows\System\wbJRMUq.exe
  2⤵
  PID:13636
- C:\Windows\System\irpDBZT.exe
  C:\Windows\System\irpDBZT.exe
  2⤵
  PID:13656
- C:\Windows\System\EWfWWPq.exe
  C:\Windows\System\EWfWWPq.exe
  2⤵
  PID:13676
- C:\Windows\System\KnUFocu.exe
  C:\Windows\System\KnUFocu.exe
  2⤵
  PID:13704
- C:\Windows\System\xyguDGJ.exe
  C:\Windows\System\xyguDGJ.exe
  2⤵
  PID:13736
- C:\Windows\System\mPUaVQm.exe
  C:\Windows\System\mPUaVQm.exe
  2⤵
  PID:13800
- C:\Windows\System\lGZaTnI.exe
  C:\Windows\System\lGZaTnI.exe
  2⤵
  PID:13828
- C:\Windows\System\YQYISpg.exe
  C:\Windows\System\YQYISpg.exe
  2⤵
  PID:13860
- C:\Windows\System\ZHcmYVM.exe
  C:\Windows\System\ZHcmYVM.exe
  2⤵
  PID:13880
- C:\Windows\System\DwLWaBf.exe
  C:\Windows\System\DwLWaBf.exe
  2⤵
  PID:13912
- C:\Windows\System\SmqHOJp.exe
  C:\Windows\System\SmqHOJp.exe
  2⤵
  PID:13936
- C:\Windows\System\QlUAtXG.exe
  C:\Windows\System\QlUAtXG.exe
  2⤵
  PID:13968
- C:\Windows\System\aLonnIU.exe
  C:\Windows\System\aLonnIU.exe
  2⤵
  PID:13996
- C:\Windows\System\TOiSnyf.exe
  C:\Windows\System\TOiSnyf.exe
  2⤵
  PID:14020
- C:\Windows\System\tWBDaRj.exe
  C:\Windows\System\tWBDaRj.exe
  2⤵
  PID:14040
- C:\Windows\System\mREgFCs.exe
  C:\Windows\System\mREgFCs.exe
  2⤵
  PID:14068
- C:\Windows\System\pZVfiEY.exe
  C:\Windows\System\pZVfiEY.exe
  2⤵
  PID:14120
- C:\Windows\System\XUngoUd.exe
  C:\Windows\System\XUngoUd.exe
  2⤵
  PID:14144
- C:\Windows\System\jjaGjrf.exe
  C:\Windows\System\jjaGjrf.exe
  2⤵
  PID:14160
- C:\Windows\System\dvjChmz.exe
  C:\Windows\System\dvjChmz.exe
  2⤵
  PID:14180
- C:\Windows\System\IhsZYIu.exe
  C:\Windows\System\IhsZYIu.exe
  2⤵
  PID:14204
- C:\Windows\System\gijItrM.exe
  C:\Windows\System\gijItrM.exe
  2⤵
  PID:14268
- C:\Windows\System\EhlkfsU.exe
  C:\Windows\System\EhlkfsU.exe
  2⤵
  PID:14284
- C:\Windows\System\eGJngHX.exe
  C:\Windows\System\eGJngHX.exe
  2⤵
  PID:14312
- C:\Windows\System\xkiHRiO.exe
  C:\Windows\System\xkiHRiO.exe
  2⤵
  PID:13220
- C:\Windows\System\oIashak.exe
  C:\Windows\System\oIashak.exe
  2⤵
  PID:13380
- C:\Windows\System\FjEEdQy.exe
  C:\Windows\System\FjEEdQy.exe
  2⤵
  PID:13336
- C:\Windows\System\kgTtSzM.exe
  C:\Windows\System\kgTtSzM.exe
  2⤵
  PID:13524
- C:\Windows\System\hKEdUDn.exe
  C:\Windows\System\hKEdUDn.exe
  2⤵
  PID:13560
- C:\Windows\System\sZmqzVA.exe
  C:\Windows\System\sZmqzVA.exe
  2⤵
  PID:13628
- C:\Windows\System\jldUbkV.exe
  C:\Windows\System\jldUbkV.exe
  2⤵
  PID:13700
- C:\Windows\System\iYpjTQk.exe
  C:\Windows\System\iYpjTQk.exe
  2⤵
  PID:13732
- C:\Windows\System\AhkhMCQ.exe
  C:\Windows\System\AhkhMCQ.exe
  2⤵
  PID:13840
- C:\Windows\System\NteiJIJ.exe
  C:\Windows\System\NteiJIJ.exe
  2⤵
  PID:13872
- C:\Windows\System\JQfTJNK.exe
  C:\Windows\System\JQfTJNK.exe
  2⤵
  PID:12504
- C:\Windows\System\pyYMymz.exe
  C:\Windows\System\pyYMymz.exe
  2⤵
  PID:13992
- C:\Windows\System\VHNvDDk.exe
  C:\Windows\System\VHNvDDk.exe
  2⤵
  PID:14004
- C:\Windows\System\qeRmJmW.exe
  C:\Windows\System\qeRmJmW.exe
  2⤵
  PID:14092
- C:\Windows\System\Kelpawv.exe
  C:\Windows\System\Kelpawv.exe
  2⤵
  PID:14128
- C:\Windows\System\QHvQVrS.exe
  C:\Windows\System\QHvQVrS.exe
  2⤵
  PID:14224
- C:\Windows\System\VSKJDGp.exe
  C:\Windows\System\VSKJDGp.exe
  2⤵
  PID:13368
- C:\Windows\System\FiRYPPy.exe
  C:\Windows\System\FiRYPPy.exe
  2⤵
  PID:13412
- C:\Windows\System\OOfhLnK.exe
  C:\Windows\System\OOfhLnK.exe
  2⤵
  PID:13540
- C:\Windows\System\RvtTmUX.exe
  C:\Windows\System\RvtTmUX.exe
  2⤵
  PID:13720
- C:\Windows\System\VMgrTQZ.exe
  C:\Windows\System\VMgrTQZ.exe
  2⤵
  PID:13900
- C:\Windows\System\hcNXtYW.exe
  C:\Windows\System\hcNXtYW.exe
  2⤵
  PID:14036
- C:\Windows\System\yVWpjRZ.exe
  C:\Windows\System\yVWpjRZ.exe
  2⤵
  PID:14188
- C:\Windows\System\HOdyUze.exe
  C:\Windows\System\HOdyUze.exe
  2⤵
  PID:14280
- C:\Windows\System\WOnCTMm.exe
  C:\Windows\System\WOnCTMm.exe
  2⤵
  PID:13644
- C:\Windows\System\bSkwcNs.exe
  C:\Windows\System\bSkwcNs.exe
  2⤵
  PID:13952
- C:\Windows\System\iJObgbg.exe
  C:\Windows\System\iJObgbg.exe
  2⤵
  PID:14116
- C:\Windows\System\mobFfpm.exe
  C:\Windows\System\mobFfpm.exe
  2⤵
  PID:13500
- C:\Windows\System\kHhCYUy.exe
  C:\Windows\System\kHhCYUy.exe
  2⤵
  PID:14340
- C:\Windows\System\EAvsifj.exe
  C:\Windows\System\EAvsifj.exe
  2⤵
  PID:14372
- C:\Windows\System\rkfJTXM.exe
  C:\Windows\System\rkfJTXM.exe
  2⤵
  PID:14388
- C:\Windows\System\dZIlZLP.exe
  C:\Windows\System\dZIlZLP.exe
  2⤵
  PID:14452
- C:\Windows\System\dEKDQer.exe
  C:\Windows\System\dEKDQer.exe
  2⤵
  PID:14468
- C:\Windows\System\CXHGtjX.exe
  C:\Windows\System\CXHGtjX.exe
  2⤵
  PID:14488
- C:\Windows\System\WoLXTgD.exe
  C:\Windows\System\WoLXTgD.exe
  2⤵
  PID:14512
- C:\Windows\System\CBftfNx.exe
  C:\Windows\System\CBftfNx.exe
  2⤵
  PID:14528
- C:\Windows\System\OIJDeKP.exe
  C:\Windows\System\OIJDeKP.exe
  2⤵
  PID:14552
- C:\Windows\System\ZiiSgQg.exe
  C:\Windows\System\ZiiSgQg.exe
  2⤵
  PID:14572
- C:\Windows\System\HzDmlgZ.exe
  C:\Windows\System\HzDmlgZ.exe
  2⤵
  PID:14632
- C:\Windows\System\uYnMlVT.exe
  C:\Windows\System\uYnMlVT.exe
  2⤵
  PID:14656
- C:\Windows\System\yoDDAmg.exe
  C:\Windows\System\yoDDAmg.exe
  2⤵
  PID:14680
- C:\Windows\System\hZaaDFE.exe
  C:\Windows\System\hZaaDFE.exe
  2⤵
  PID:14724
- C:\Windows\System\jjEFZwG.exe
  C:\Windows\System\jjEFZwG.exe
  2⤵
  PID:14748
- C:\Windows\System\JiCdKPY.exe
  C:\Windows\System\JiCdKPY.exe
  2⤵
  PID:14780
- C:\Windows\System\aKVePZI.exe
  C:\Windows\System\aKVePZI.exe
  2⤵
  PID:14812
- C:\Windows\System\LuKYhmo.exe
  C:\Windows\System\LuKYhmo.exe
  2⤵
  PID:14836
- C:\Windows\System\bZkismG.exe
  C:\Windows\System\bZkismG.exe
  2⤵
  PID:14860
- C:\Windows\System\qXmsQLA.exe
  C:\Windows\System\qXmsQLA.exe
  2⤵
  PID:14884
- C:\Windows\System\FazcloN.exe
  C:\Windows\System\FazcloN.exe
  2⤵
  PID:14916
- C:\Windows\System\yUFwhmY.exe
  C:\Windows\System\yUFwhmY.exe
  2⤵
  PID:14948
- C:\Windows\System\tlZfjPY.exe
  C:\Windows\System\tlZfjPY.exe
  2⤵
  PID:14976
- C:\Windows\System\QoWxphV.exe
  C:\Windows\System\QoWxphV.exe
  2⤵
  PID:14996
- C:\Windows\System\HmOsqpm.exe
  C:\Windows\System\HmOsqpm.exe
  2⤵
  PID:15020
- C:\Windows\System\QTcNDfC.exe
  C:\Windows\System\QTcNDfC.exe
  2⤵
  PID:15064
- C:\Windows\System\MGGlvPd.exe
  C:\Windows\System\MGGlvPd.exe
  2⤵
  PID:15088
- C:\Windows\System\LNQXVDT.exe
  C:\Windows\System\LNQXVDT.exe
  2⤵
  PID:15108
- C:\Windows\System\EeLWanR.exe
  C:\Windows\System\EeLWanR.exe
  2⤵
  PID:15132
- C:\Windows\System\QmJIYZi.exe
  C:\Windows\System\QmJIYZi.exe
  2⤵
  PID:15160
- C:\Windows\System\NaQEAfX.exe
  C:\Windows\System\NaQEAfX.exe
  2⤵
  PID:15192
- C:\Windows\System\pRZSXwk.exe
  C:\Windows\System\pRZSXwk.exe
  2⤵
  PID:15216
- C:\Windows\System\klrHecW.exe
  C:\Windows\System\klrHecW.exe
  2⤵
  PID:15248
- C:\Windows\System\qpdYpmk.exe
  C:\Windows\System\qpdYpmk.exe
  2⤵
  PID:15276
- C:\Windows\System\ruozThc.exe
  C:\Windows\System\ruozThc.exe
  2⤵
  PID:15292
- C:\Windows\System\QnpbRLT.exe
  C:\Windows\System\QnpbRLT.exe
  2⤵
  PID:15316
- C:\Windows\System\lnjuFQg.exe
  C:\Windows\System\lnjuFQg.exe
  2⤵
  PID:13812
- C:\Windows\System\pPUyJHT.exe
  C:\Windows\System\pPUyJHT.exe
  2⤵
  PID:14400
- C:\Windows\System\AVuclBH.exe
  C:\Windows\System\AVuclBH.exe
  2⤵
  PID:14444
- C:\Windows\System\UflDrlX.exe
  C:\Windows\System\UflDrlX.exe
  2⤵
  PID:14496
- C:\Windows\System\spLyZBR.exe
  C:\Windows\System\spLyZBR.exe
  2⤵
  PID:14548
- C:\Windows\System\iErRiaY.exe
  C:\Windows\System\iErRiaY.exe
  2⤵
  PID:14616
- C:\Windows\System\lYaxUtV.exe
  C:\Windows\System\lYaxUtV.exe
  2⤵
  PID:14676
- C:\Windows\System\rAPjacY.exe
  C:\Windows\System\rAPjacY.exe
  2⤵
  PID:14776
- C:\Windows\System\mcjHWzA.exe
  C:\Windows\System\mcjHWzA.exe
  2⤵
  PID:14892
- C:\Windows\System\jVvNAzA.exe
  C:\Windows\System\jVvNAzA.exe
  2⤵
  PID:14940
- C:\Windows\System\gbmzxpk.exe
  C:\Windows\System\gbmzxpk.exe
  2⤵
  PID:15016
- C:\Windows\System\FQLKWCk.exe
  C:\Windows\System\FQLKWCk.exe
  2⤵
  PID:15072
- C:\Windows\System\XScNRCK.exe
  C:\Windows\System\XScNRCK.exe
  2⤵
  PID:15124
- C:\Windows\System\zHQleTe.exe
  C:\Windows\System\zHQleTe.exe
  2⤵
  PID:15172
- C:\Windows\System\YWBUsBK.exe
  C:\Windows\System\YWBUsBK.exe
  2⤵
  PID:15212
- C:\Windows\System\HhmehQk.exe
  C:\Windows\System\HhmehQk.exe
  2⤵
  PID:15260
- C:\Windows\System\DSgmjmG.exe
  C:\Windows\System\DSgmjmG.exe
  2⤵
  PID:15312
- C:\Windows\System\hGuotZB.exe
  C:\Windows\System\hGuotZB.exe
  2⤵
  PID:14476
- C:\Windows\System\PNNYBSq.exe
  C:\Windows\System\PNNYBSq.exe
  2⤵
  PID:14484
- C:\Windows\System\RkqYnEP.exe
  C:\Windows\System\RkqYnEP.exe
  2⤵
  PID:14652
- C:\Windows\System\JBWrTbf.exe
  C:\Windows\System\JBWrTbf.exe
  2⤵
  PID:14832
- C:\Windows\System\RteIFDN.exe
  C:\Windows\System\RteIFDN.exe
  2⤵
  PID:14960
- C:\Windows\System\LkynbnC.exe
  C:\Windows\System\LkynbnC.exe
  2⤵
  PID:14360
- C:\Windows\System\SXsAgZA.exe
  C:\Windows\System\SXsAgZA.exe
  2⤵
  PID:13856
- C:\Windows\System\aFpqsGR.exe
  C:\Windows\System\aFpqsGR.exe
  2⤵
  PID:14740
- C:\Windows\System\wxGUloW.exe
  C:\Windows\System\wxGUloW.exe
  2⤵
  PID:15040
- C:\Windows\System\Fnxayme.exe
  C:\Windows\System\Fnxayme.exe
  2⤵
  PID:14384
- C:\Windows\System\DGDrsDN.exe
  C:\Windows\System\DGDrsDN.exe
  2⤵
  PID:15376
- C:\Windows\System\XjSKVIp.exe
  C:\Windows\System\XjSKVIp.exe
  2⤵
  PID:15412
- C:\Windows\System\nqitbQe.exe
  C:\Windows\System\nqitbQe.exe
  2⤵
  PID:15428
- C:\Windows\System\BOpAUnB.exe
  C:\Windows\System\BOpAUnB.exe
  2⤵
  PID:15468
- C:\Windows\System\vdQJfCt.exe
  C:\Windows\System\vdQJfCt.exe
  2⤵
  PID:15484
- C:\Windows\System\IPqAPNN.exe
  C:\Windows\System\IPqAPNN.exe
  2⤵
  PID:15512
- C:\Windows\System\FtAFLwo.exe
  C:\Windows\System\FtAFLwo.exe
  2⤵
  PID:15528
- C:\Windows\System\LzIOnfo.exe
  C:\Windows\System\LzIOnfo.exe
  2⤵
  PID:15556
- C:\Windows\System\leKDBVp.exe
  C:\Windows\System\leKDBVp.exe
  2⤵
  PID:15592
- C:\Windows\System\dIRtLGR.exe
  C:\Windows\System\dIRtLGR.exe
  2⤵
  PID:15612
- C:\Windows\System\OtuEOTV.exe
  C:\Windows\System\OtuEOTV.exe
  2⤵
  PID:15664
- C:\Windows\System\aQvpJeh.exe
  C:\Windows\System\aQvpJeh.exe
  2⤵
  PID:15680
- C:\Windows\System\ljLDsuH.exe
  C:\Windows\System\ljLDsuH.exe
  2⤵
  PID:15708
- C:\Windows\System\pNTqwiP.exe
  C:\Windows\System\pNTqwiP.exe
  2⤵
  PID:15748
- C:\Windows\System\KuTVkXc.exe
  C:\Windows\System\KuTVkXc.exe
  2⤵
  PID:15764
- C:\Windows\System\UwkajwO.exe
  C:\Windows\System\UwkajwO.exe
  2⤵
  PID:15792
- C:\Windows\System\KswtZzR.exe
  C:\Windows\System\KswtZzR.exe
  2⤵
  PID:15832
- C:\Windows\System\mYuyEBe.exe
  C:\Windows\System\mYuyEBe.exe
  2⤵
  PID:15860
- C:\Windows\System\FSjtMWj.exe
  C:\Windows\System\FSjtMWj.exe
  2⤵
  PID:15884
- C:\Windows\System\NfIpKGT.exe
  C:\Windows\System\NfIpKGT.exe
  2⤵
  PID:15904
- C:\Windows\System\ubOCKWg.exe
  C:\Windows\System\ubOCKWg.exe
  2⤵
  PID:15928
- C:\Windows\System\OKwtCZy.exe
  C:\Windows\System\OKwtCZy.exe
  2⤵
  PID:15956
- C:\Windows\System\ULglJIC.exe
  C:\Windows\System\ULglJIC.exe
  2⤵
  PID:15984
- C:\Windows\System\kkzMsPo.exe
  C:\Windows\System\kkzMsPo.exe
  2⤵
  PID:16008
- C:\Windows\System\EOTaKzT.exe
  C:\Windows\System\EOTaKzT.exe
  2⤵
  PID:16028
- C:\Windows\System\XURomai.exe
  C:\Windows\System\XURomai.exe
  2⤵
  PID:16100
- C:\Windows\System\rIoxmHC.exe
  C:\Windows\System\rIoxmHC.exe
  2⤵
  PID:16120
- C:\Windows\System\jcsVmOc.exe
  C:\Windows\System\jcsVmOc.exe
  2⤵
  PID:16140
- C:\Windows\System\gCtNBta.exe
  C:\Windows\System\gCtNBta.exe
  2⤵
  PID:16156
- C:\Windows\System\cEKuZMp.exe
  C:\Windows\System\cEKuZMp.exe
  2⤵
  PID:16184
- C:\Windows\System\lzfrSSt.exe
  C:\Windows\System\lzfrSSt.exe
  2⤵
  PID:16208
- C:\Windows\System\RCBtzqf.exe
  C:\Windows\System\RCBtzqf.exe
  2⤵
  PID:16232
- C:\Windows\System\wmqGrPz.exe
  C:\Windows\System\wmqGrPz.exe
  2⤵
  PID:16256
- C:\Windows\System\EoKZJZQ.exe
  C:\Windows\System\EoKZJZQ.exe
  2⤵
  PID:16280
- C:\Windows\System\lhpeMnM.exe
  C:\Windows\System\lhpeMnM.exe
  2⤵
  PID:16320
- C:\Windows\System\ehPNYQp.exe
  C:\Windows\System\ehPNYQp.exe
  2⤵
  PID:16368
- C:\Windows\System\OFiABdH.exe
  C:\Windows\System\OFiABdH.exe
  2⤵
  PID:15364
- C:\Windows\System\auTOUJC.exe
  C:\Windows\System\auTOUJC.exe
  2⤵
  PID:15400
- C:\Windows\System\VBTHZXw.exe
  C:\Windows\System\VBTHZXw.exe
  2⤵
  PID:15452
- C:\Windows\System\AkaFlxQ.exe
  C:\Windows\System\AkaFlxQ.exe
  2⤵
  PID:15520
- C:\Windows\System\PxMkZvE.exe
  C:\Windows\System\PxMkZvE.exe
  2⤵
  PID:15584
- C:\Windows\System\fzibWSM.exe
  C:\Windows\System\fzibWSM.exe
  2⤵
  PID:15604
- C:\Windows\System\NJemAuN.exe
  C:\Windows\System\NJemAuN.exe
  2⤵
  PID:15692
- C:\Windows\System\VgwNbrw.exe
  C:\Windows\System\VgwNbrw.exe
  2⤵
  PID:15824
- C:\Windows\System\xDHBpCQ.exe
  C:\Windows\System\xDHBpCQ.exe
  2⤵
  PID:14720
- C:\Windows\System\OEkTvPx.exe
  C:\Windows\System\OEkTvPx.exe
  2⤵
  PID:15944
- C:\Windows\System\tvojNDM.exe
  C:\Windows\System\tvojNDM.exe
  2⤵
  PID:15996
- C:\Windows\System\hnuslRy.exe
  C:\Windows\System\hnuslRy.exe
  2⤵
  PID:16056
- C:\Windows\System\MdfUsuf.exe
  C:\Windows\System\MdfUsuf.exe
  2⤵
  PID:16116
- C:\Windows\System\loPDhyz.exe
  C:\Windows\System\loPDhyz.exe
  2⤵
  PID:16152
- C:\Windows\System\GhGCrbr.exe
  C:\Windows\System\GhGCrbr.exe
  2⤵
  PID:3704
- C:\Windows\System\uxFEaEg.exe
  C:\Windows\System\uxFEaEg.exe
  2⤵
  PID:16276
- C:\Windows\System\nvjMgPW.exe
  C:\Windows\System\nvjMgPW.exe
  2⤵
  PID:3956
- C:\Windows\System\auwFzVv.exe
  C:\Windows\System\auwFzVv.exe
  2⤵
  PID:16336
- C:\Windows\System\BMfbLPH.exe
  C:\Windows\System\BMfbLPH.exe
  2⤵
  PID:15116
- C:\Windows\System\BROExfS.exe
  C:\Windows\System\BROExfS.exe
  2⤵
  PID:15568
- C:\Windows\System\VbYEpJJ.exe
  C:\Windows\System\VbYEpJJ.exe
  2⤵
  PID:15736
- C:\Windows\System\tIZrUPs.exe
  C:\Windows\System\tIZrUPs.exe
  2⤵
  PID:15968
- C:\Windows\System\jKOHHwd.exe
  C:\Windows\System\jKOHHwd.exe
  2⤵
  PID:16168
- C:\Windows\System\QCyuIGZ.exe
  C:\Windows\System\QCyuIGZ.exe
  2⤵
  PID:16220
- C:\Windows\System\iwQtrpv.exe
  C:\Windows\System\iwQtrpv.exe
  2⤵
  PID:16376
- C:\Windows\System\DpFXhWL.exe
  C:\Windows\System\DpFXhWL.exe
  2⤵
  PID:15636
- C:\Windows\System\rTkrjIS.exe
  C:\Windows\System\rTkrjIS.exe
  2⤵
  PID:15964
- C:\Windows\System\hVfbwEV.exe
  C:\Windows\System\hVfbwEV.exe
  2⤵
  PID:16080
- C:\Windows\System\IZzlSLn.exe
  C:\Windows\System\IZzlSLn.exe
  2⤵
  PID:16228
- C:\Windows\System\IJvhfay.exe
  C:\Windows\System\IJvhfay.exe
  2⤵
  PID:16396
- C:\Windows\System\HwjvEwI.exe
  C:\Windows\System\HwjvEwI.exe
  2⤵
  PID:16424
- C:\Windows\System\rjQSabQ.exe
  C:\Windows\System\rjQSabQ.exe
  2⤵
  PID:16468
- C:\Windows\System\idjDtIb.exe
  C:\Windows\System\idjDtIb.exe
  2⤵
  PID:16496
- C:\Windows\System\EmAnCcP.exe
  C:\Windows\System\EmAnCcP.exe
  2⤵
  PID:16512
- C:\Windows\System\OKhICZV.exe
  C:\Windows\System\OKhICZV.exe
  2⤵
  PID:16532
- C:\Windows\System\NucKCgh.exe
  C:\Windows\System\NucKCgh.exe
  2⤵
  PID:16556
- C:\Windows\System\ntUUgir.exe
  C:\Windows\System\ntUUgir.exe
  2⤵
  PID:16588
- C:\Windows\System\zrEhGau.exe
  C:\Windows\System\zrEhGau.exe
  2⤵
  PID:16612
- C:\Windows\System\wCwLAgm.exe
  C:\Windows\System\wCwLAgm.exe
  2⤵
  PID:16664
- C:\Windows\System\oYPPDUa.exe
  C:\Windows\System\oYPPDUa.exe
  2⤵
  PID:16680
- C:\Windows\System\ywakiyz.exe
  C:\Windows\System\ywakiyz.exe
  2⤵
  PID:16700
- C:\Windows\System\FwFiyim.exe
  C:\Windows\System\FwFiyim.exe
  2⤵
  PID:16720
- C:\Windows\System\zJYrlxV.exe
  C:\Windows\System\zJYrlxV.exe
  2⤵
  PID:16748
- C:\Windows\System\xbNhcTC.exe
  C:\Windows\System\xbNhcTC.exe
  2⤵
  PID:16768
- C:\Windows\System\moKlynb.exe
  C:\Windows\System\moKlynb.exe
  2⤵
  PID:16808
- C:\Windows\System\xSHqyRR.exe
  C:\Windows\System\xSHqyRR.exe
  2⤵
  PID:16868
- C:\Windows\System\QqpOydV.exe
  C:\Windows\System\QqpOydV.exe
  2⤵
  PID:16884
- C:\Windows\System\WXEUpbl.exe
  C:\Windows\System\WXEUpbl.exe
  2⤵
  PID:16920
- C:\Windows\System\GwcFDFw.exe
  C:\Windows\System\GwcFDFw.exe
  2⤵
  PID:16936
- C:\Windows\System\ImnSdVX.exe
  C:\Windows\System\ImnSdVX.exe
  2⤵
  PID:16952
- C:\Windows\System\thniSyf.exe
  C:\Windows\System\thniSyf.exe
  2⤵
  PID:16980
- C:\Windows\System\JUPfoiE.exe
  C:\Windows\System\JUPfoiE.exe
  2⤵
  PID:17000
- C:\Windows\System\HnhSUKO.exe
  C:\Windows\System\HnhSUKO.exe
  2⤵
  PID:17028
- C:\Windows\System\CdLwkck.exe
  C:\Windows\System\CdLwkck.exe
  2⤵
  PID:17056
- C:\Windows\System\TtrDkSy.exe
  C:\Windows\System\TtrDkSy.exe
  2⤵
  PID:17100
- C:\Windows\System\ZluRedm.exe
  C:\Windows\System\ZluRedm.exe
  2⤵
  PID:17120
- C:\Windows\System\LwtkXDM.exe
  C:\Windows\System\LwtkXDM.exe
  2⤵
  PID:17180
- C:\Windows\System\mabUUoq.exe
  C:\Windows\System\mabUUoq.exe
  2⤵
  PID:17196
- C:\Windows\System\IulKsRC.exe
  C:\Windows\System\IulKsRC.exe
  2⤵
  PID:17220
- C:\Windows\System\CzcCHXP.exe
  C:\Windows\System\CzcCHXP.exe
  2⤵
  PID:17240
- C:\Windows\System\qlstTSg.exe
  C:\Windows\System\qlstTSg.exe
  2⤵
  PID:17292
- C:\Windows\System\XWpeZqU.exe
  C:\Windows\System\XWpeZqU.exe
  2⤵
  PID:17308
- C:\Windows\System\labZyuV.exe
  C:\Windows\System\labZyuV.exe
  2⤵
  PID:17324
- C:\Windows\System\jHajjad.exe
  C:\Windows\System\jHajjad.exe
  2⤵
  PID:17352
- C:\Windows\System\mMqDvSH.exe
  C:\Windows\System\mMqDvSH.exe
  2⤵
  PID:17376
- C:\Windows\System\cdwQaNU.exe
  C:\Windows\System\cdwQaNU.exe
  2⤵
  PID:15480
- C:\Windows\System\shqMSZb.exe
  C:\Windows\System\shqMSZb.exe
  2⤵
  PID:6196
- C:\Windows\System\BfBAbgR.exe
  C:\Windows\System\BfBAbgR.exe
  2⤵
  PID:16456
- C:\Windows\System\YhnqROP.exe
  C:\Windows\System\YhnqROP.exe
  2⤵
  PID:16544
- C:\Windows\System\ZfZYphS.exe
  C:\Windows\System\ZfZYphS.exe
  2⤵
  PID:16552
- C:\Windows\System\JBTEdom.exe
  C:\Windows\System\JBTEdom.exe
  2⤵
  PID:16648
- C:\Windows\System\hYviXCU.exe
  C:\Windows\System\hYviXCU.exe
  2⤵
  PID:16708
- C:\Windows\System\QkNcSTD.exe
  C:\Windows\System\QkNcSTD.exe
  2⤵
  PID:16740
- C:\Windows\System\GszADWy.exe
  C:\Windows\System\GszADWy.exe
  2⤵
  PID:16876
- C:\Windows\System\ZMthvvf.exe
  C:\Windows\System\ZMthvvf.exe
  2⤵
  PID:16928
- C:\Windows\System\jQgrMHF.exe
  C:\Windows\System\jQgrMHF.exe
  2⤵
  PID:16976
- C:\Windows\System\RFbFrfV.exe
  C:\Windows\System\RFbFrfV.exe
  2⤵
  PID:17052
- C:\Windows\System\StaUWnF.exe
  C:\Windows\System\StaUWnF.exe
  2⤵
  PID:17208
- C:\Windows\System\hMplmVv.exe
  C:\Windows\System\hMplmVv.exe
  2⤵
  PID:17260
- C:\Windows\System\SOxLKfH.exe
  C:\Windows\System\SOxLKfH.exe
  2⤵
  PID:17316
- C:\Windows\System\veSxblg.exe
  C:\Windows\System\veSxblg.exe
  2⤵
  PID:3084
- C:\Windows\System\HrmhHCR.exe
  C:\Windows\System\HrmhHCR.exe
  2⤵
  PID:5252

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5212

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EsovgsA.exe

Filesize
1.4MB

MD5
36a73800cda63b63e5bdae0966baef8c

SHA1
e495815f662d298aaa6fca7770fc88796cfc2b4d

SHA256
6f390f2564000723bdc23cb4b06b3fd8464974631c351e666051346b88de940a

SHA512
ced5c4fe80a95508a8c2c1e8da1cde4f53ff727404454efeae6140d0b7de041ee729a94a5d5fe094b5a870033474c08ac56ee880c0037f3f18d4cfd022f6ecf8

Download Submit
C:\Windows\System\FpGNJOb.exe

Filesize
1.4MB

MD5
3ed3e7a52a2d665e7bbd9882b743654b

SHA1
640adc8b4a414bd30130138333f5450ec3102c8d

SHA256
27fe149ebff229e47f23c8c318e0ae5dac5ff8ba46ebb0c58bc638a0884b45c7

SHA512
f2903d150ab8559a98df36869e5c30960605df96a28cece63fb134c04fe1c1226a158221286c0e2bddfa8a327fcbf6bcd2fe1414c4e791a4e8cf229ae1320ffe

Download Submit
C:\Windows\System\GVDrrLr.exe

Filesize
1.4MB

MD5
a12f9f55cd13b8ef9b3b2b81b8c163fe

SHA1
c4fa47a442acd5919f9c657fea1ca8499b976d4b

SHA256
9d4a9bb2163c3568dac04117d268f41931d577b212c07353ed8e85930561c109

SHA512
e3d013775d01ae858c29abd2f032248fc1244971d38f0cd91f95d452260c1e8593c64696c84a62ceb37d88c8d78de74604f38a6d7c4bc36798d6f9d6a0d145a7

Download Submit
C:\Windows\System\GVddjrV.exe

Filesize
1.4MB

MD5
8845619fb850cb856048a7d30819716d

SHA1
2a8874b92fbc8090cb6eccc1b49921c847e9e0e4

SHA256
f30bd521ede98d2d1117370ed1f61b2dbc7be56775bb3df199ce1063d2a01b60

SHA512
c7857c4523e6ef09cbd4b3f84320d45c863439abca22f243365ddc91b7e9a6b614f2856b677ef5388376d45c1cdb623bc4ad13675edcdcd931c26e55cbbd27d2

Download Submit
C:\Windows\System\GZgydpa.exe

Filesize
1.4MB

MD5
d8e0e398ff02eef1f2bc284f3e08c0a5

SHA1
6a5e65c748fdf50d78ad7640e9e619078b498b9e

SHA256
c090d73c868da72b4abd87a7311b5b4729e66d835a8045f02da3bd57b5a68037

SHA512
36c5126e15635fea10610505443ed635ddd0449f1aeebdae96038844358d9659109941696770e80408b6f2a034f8c84c216938beea6128a26f92c71e81ade786

Download Submit
C:\Windows\System\HvvJRhp.exe

Filesize
1.4MB

MD5
43a4d75203e1377e3ac8b3a034b54c0a

SHA1
b7e9e69762f87c526df4e8474dea7fbe60cb260a

SHA256
4adccb8fea0c71fca4ee34fbbc94c166c52b05d35123c3c3f75a9621dece3645

SHA512
1951a8ad827874b1751771b87b873d4fe58fa10787b353d659d5a4b1fca1e3d2e7b19cbb7b63271326645acdd9239d9ded162f48815aa1329d829561232b4787

Download Submit
C:\Windows\System\IJDgOmu.exe

Filesize
1.4MB

MD5
6c4b5a27b5ddf6be946e9691bc8d1ddc

SHA1
2170eae594a49b9ea07c904662c42127532172ad

SHA256
0eed81f7777cd268a81eae48aabc8276de85b960bb6bf80cfb70fbdd2c456bab

SHA512
62aa2598e79c5064d5aef81c55c3a86bc1c1de2088f873e70810703dc482204c70476b44cd513dd4482a561848659387aa110858e276ada1bc5d19382082a2b6

Download Submit
C:\Windows\System\JHMUXzL.exe

Filesize
1.4MB

MD5
aa2f1e4b3135855cae84a6b77e55786d

SHA1
47b86b006f0cde0d98426eaaba91ec69bdfac484

SHA256
d05291722e4c6b3897be3744e8733bb99e61f78d517cd97e27047a94a935a267

SHA512
e26f6d089feda563f5f776e7a6069aea808627ca0c3b25c3733f683aea66e38f7ba7fdd313e0909a9e589c1209ade6d900b3fdb474d8bcc3b5b32c4580e73654

Download Submit
C:\Windows\System\KvuxPgE.exe

Filesize
1.4MB

MD5
a6ccc4e2df95b48e399e6b9a578a0d3b

SHA1
03943125839a4647baafbd1446b7d7b27ea202a4

SHA256
6473bbf15e8891b43acc7f6719b9a4395bcc226450fb1d4327a3e758247a24f2

SHA512
814118077f91132af6789472006e11368e7587fad87e3cbf3d5267e8b2553e238cd7493347c6f7ff72f357692fe21de636e8e5d339bad1724538388f96d27eef

Download Submit
C:\Windows\System\Ljyqfvs.exe

Filesize
1.4MB

MD5
209eae53c42438b38cfb26fcd84e73e7

SHA1
c5996b93143a4227137c61c1e820ca2b2134a03e

SHA256
d62dfe115e281e7896a5666684fa8b3c3c91677f9beb551e7b5cdfa097205893

SHA512
e0275eaf07bfe5efa05c77271fe0549e1d7094e865b5d3759f5d951c3931fa0a39c0533d1d4c7f81c1b762302151461e88de448aa879cb63c775432e4fb5b458

Download Submit
C:\Windows\System\PGeTUYh.exe

Filesize
1.4MB

MD5
c1f5b682b5cdc89bd9a0aae1a7aa0e2c

SHA1
9b866eb8536c1bcccabb3556335911f5d5f42a39

SHA256
b8fc8a55a2ac58246a9453f887d9c0c760a6c935a61f27b64f80207d11c38790

SHA512
472dc0bce08702dbf1cafbfa8e4fcb591e5dea26e23ce9040f313642e8ce85bec3d8c26e94328ee69f64f260770ab77145ea332eb6e0fc4e469ec9091cdf9ce0

Download Submit
C:\Windows\System\RGndtIF.exe

Filesize
1.4MB

MD5
278a7ba7daec0ba63fefa76afb4098db

SHA1
b113d0342b539ebafc1830a68297538f4d9b0acf

SHA256
e3239908c6883df50b9195933d4e33e93b2dc7d7e426443d4664cdd052c596ba

SHA512
381a00adadd2ebfc506fdddc48bb72e29952460c81895650ff9befc65fbd0a218cda1b20d44fa08a5a5859fb62656133b19313e0a8e8ff000d4440814a602365

Download Submit
C:\Windows\System\RkfuYNK.exe

Filesize
1.4MB

MD5
0d8715d020ea30660a50da93af42f039

SHA1
ecc5ca568ac83f2445ae5e7059f094e947930c97

SHA256
7704b238fd89ebf50bf90c8a95a074676d4e7549b1e5f9fad1234c778e7bf94c

SHA512
6d6c5a23859b7b19c34d64e91c97b74e61602f6b56f6c5796767b4c72bee2e64fe164042d3565e6e0f247a4f3953aaf27270e4c1421804eb9941b1ddf13969ce

Download Submit
C:\Windows\System\UrvEwga.exe

Filesize
1.4MB

MD5
3bd14b3a18e5fb7d21b64bab577c2258

SHA1
6ec720e10fd9329cca8130e954dfd8d648d27f35

SHA256
98c711f69e25302ef5e2acf8f3e1c86ea927a9247556ebf5395dc77232bfb484

SHA512
24e2f118675c6ae7d37501792e5fbfd2fcb329ddc7ed6f55258eb4f3b91fcc82eba8cde0e95f71d06a355448d948db7c72115915ef52dad22896872bf56ab2ae

Download Submit
C:\Windows\System\WdHUfcY.exe

Filesize
1.4MB

MD5
769659622ff1e5260955e16f8cdd2970

SHA1
096ef8dccf53eb1c37d4618f77151f16999a3eae

SHA256
1f0dfbaec1522bdb3afdaec9c94a7053fdf84f83ee6c63f54cc8ad9ced834459

SHA512
52d1c5acc4893112f75bdae431587812d6eaf6b5b34f0e1b1e08a097255bf891479e24f8e5f3669018f60b18c4d43779ee3f733a1f95f7a6c5495524396f9fac

Download Submit
C:\Windows\System\WxHTkyi.exe

Filesize
1.4MB

MD5
d9d5d0292f88066dad5b02332603beaf

SHA1
8ed44b4c12210e59295bd769242604646d03698e

SHA256
b9795f1f69c7624c7c956af897118b60092e9f75a9d99485e8597d1fb8cbce1b

SHA512
04a2595f46442479ce6d513924cfdca38b9fb1e79568e79df663c78c8fbe1cbc3fe21c03399c6f31abc37b60ad593d45d735f31e66523fd5ade566b639e0fb5f

Download Submit
C:\Windows\System\YbvqZOF.exe

Filesize
1.4MB

MD5
16a4fe13cbc650e8e744a4d8dca5a97c

SHA1
f17d96b3c93371fd97cb3ceb89cdd58441db0b31

SHA256
2e6bc5c6630fd2594843b8a3ea29589e841d858f240c642887db20abaead49d4

SHA512
cd52c2b05e886b4f13058e12b3ff4bf1f31dcbd29b0af3133da56592204916f6ace69b5bf7f18ee3d09629a2a50577d95ddc478a67121aa45b2e7aa81b02e905

Download Submit
C:\Windows\System\YrxFiBV.exe

Filesize
1.4MB

MD5
201cd2444a3be2cadb613c31afa155c7

SHA1
8e228d3a71d7fb1d1232fea172c492d0abcd7147

SHA256
fcceeac8bef6d5e4f3857b353bdb362b7312a8a2833156f924454f7d87f3722f

SHA512
af1a543d3df35bceccf2c41bbd614de0c1bb3956ab2c9325dded43b765e6d87440a29ddf59e7ad5660d012c94383fa2e07055d2eb0a9f16a1de32884fbe2582a

Download Submit
C:\Windows\System\YsAvzRx.exe

Filesize
1.4MB

MD5
00036a5bac8b4744e00e281b45456573

SHA1
356d8626eea59baa4ff17773a028d08376c0baf6

SHA256
00717160f8e1bb16f8c12db94fddd3485031422d9bee2fa00329956cc029b3d5

SHA512
e39dc8df455788b56946d6c301463b0843a2600e4f67d655a545d357b2c020f8dead5b22a32e8442faa65c04c89bb4aba9a97d5733ab73cbc1e4497f74992557

Download Submit
C:\Windows\System\aBPNAVT.exe

Filesize
1.4MB

MD5
858d5223dc71eac3ac342989add2c86f

SHA1
b9cf26cc4bf67860b49df5594af89090c2a27b37

SHA256
2a19e4de5735039ec314bb8046554b5842d6ce4f4253879846cc7b47182aba57

SHA512
57a0b78333eb7f45e7648e95cfd3a83e54d11976486938dcbc80bafbaea7bf03b7e187933637fd6c4fa8605592fe2887adc1506503ed3edf8e5c8348912fb2fa

Download Submit
C:\Windows\System\cTomNRT.exe

Filesize
1.4MB

MD5
f97d3c5d07d13b8ec9e660321ff83fa9

SHA1
65c5a68de79023bc35067587ca4095dae330f466

SHA256
bf35110cfcaf5f76bf1326d878f66e188189f4441c5e0602f7f6787e4a87bf44

SHA512
c80dcac9512fe9aaf5ed97d97b9daa83c0d5d19256a3a15fb14e132bc447347d458968699b1649ae1e00eabd7c6196a9d56b8030f492e5faeab055090cf833f2

Download Submit
C:\Windows\System\cgmdEUE.exe

Filesize
1.4MB

MD5
be2004b80c19a7697d96a09fdae2fa6e

SHA1
b27989b23e3ff3885c45b2c83a6bd53cea56cba1

SHA256
c45144e3999ad3241f9d68791ece21a87037a243acc6b3e065b5e3f84fe814d9

SHA512
b38dd7a30bf64a102222c90d3e2db5abf682cae5702d99c351161cd4cb16fc8f175109239bf1dcee4699e3eaef1d5ea61d79269e437b241fee63853d1ae2e202

Download Submit
C:\Windows\System\eUzwCXG.exe

Filesize
1.4MB

MD5
f1eff1c307a1de745da2f301a9d7b36f

SHA1
adb23de983e4e38667fecba74fb78d7d296c75a2

SHA256
86d01c790b5019a5f24eccd00460427298703f3236862f8a5c6761be68d81c1f

SHA512
c08af0c570d320c29da83249f0d05e5cf04a633165147351f452e79bd235af7cc9ab51f19f072861f491288878c81f0d2ca479d933ea01dc1ff09d31b7eaf2fd

Download Submit
C:\Windows\System\ebgFLIg.exe

Filesize
1.4MB

MD5
e55ec35618ca2b9620ad9e42edab32ca

SHA1
5d75564bbafeb97ec9c4f9ddc57919ab0b708c8d

SHA256
ac10b6c625a74364f98913817a6bd443e4bcf8ead11bb5051a359047ab8f178b

SHA512
d36217c46bb4c91a6cd394c65f41d3d5b37a05da8f395f1f8dfa160a91d526a88c99380f3f98927013175577f71fab6b81196b2e557c4f3d726e72c353d12eb4

Download Submit
C:\Windows\System\enZInOw.exe

Filesize
1.4MB

MD5
d34a2a53d21608a9b8bec546c815f975

SHA1
34223d521fa22523bd7cde92d030e69d25b0513a

SHA256
060f024dd3d3e1e0e1d6ffc95b7984907f104849d6107cf116385d4d80fb22be

SHA512
54653e6297f585a4fdead255f35e12e460c012c12758ce9eeaac231976108894f01e1a5cb9db9764f77e529639985f14b25cd5606142a6c0af258e216e3f83ca

Download Submit
C:\Windows\System\fyJdwIu.exe

Filesize
1.4MB

MD5
68506d4aad4ea08c9298d89f7bba8fd4

SHA1
da28b548baf0938b9c2b6160420d3ae98a129e96

SHA256
22950ebbd1712a87b598ab91ac21ae71bde5d1577037020bbb0fa30369f57261

SHA512
bc86e792e313c416965cf3cc03099b6425c0b2025c0c90b5a3625985ebaa10f0d16283a1489ed5df127ed1356b86e18ecf349189be0a425756568fbbc4b9ee3f

Download Submit
C:\Windows\System\iCEofrt.exe

Filesize
1.4MB

MD5
8b7b77e674476150f0874e4872818c16

SHA1
88a90e7a1f3aa230e1fd76441146a0176fcaf07d

SHA256
fd285c4e4e187764fb1229a55f06aa6820b05278a73578e8ee72b5ed228f5d4d

SHA512
4d1bf05da5909146b12e79bd039aa75102cdac9a78b132025e857886abb9e6399c676f0fc60ca73b697952b0f10974e736786a5939460788ad09ba29e10f526b

Download Submit
C:\Windows\System\iZPibOQ.exe

Filesize
1.4MB

MD5
6703d36bc10ac17a9d8d52dae5e6afff

SHA1
6be004281e16a42fe6dfe7810962046f13c7c3be

SHA256
507378040e4bfae123dbdef576bf2da71e516c3226b858c489f8f76753f964fb

SHA512
a008d647ad71e7f0f817112b3d18ff5767e4440fd7ce7be5bdcaca7e73fee5b6918423fdc7db23f9dde92080b818cfc6ce887a6f713709d04758c9a722a5e17a

Download Submit
C:\Windows\System\mkVWcxu.exe

Filesize
1.4MB

MD5
973b0a445c414d2f7e9699084685c725

SHA1
3bf4e6991f8c7cad8af11cf1897e5c7655b9c6dd

SHA256
135e7aaf1bceaadf9ff9f3078d173f428f60c1fa3def49abfc5d28f0314920c0

SHA512
1fcbc7c23286f92ca70edd4346af49b297ecfb53ad6f27eff569cb4da862ccbdcd4e7d55e43382d55116158b66381a4a1e348105a35a9f6d1bc2be5b4c1e336e

Download Submit
C:\Windows\System\wEBPWPc.exe

Filesize
1.4MB

MD5
f8dcbab6f825cda2442480be868eed9d

SHA1
000ecfe4ab07178af448cf83554dda32bf6084b1

SHA256
10cd8f6e69aef29d1cf66328fec2cb446f20d36f40052fcb571253706335dc7d

SHA512
3e984cddf3d5103d106f0d3839719255b3eb92b66ff4a1d47197955f1f2d45d394ea9ca23a8a5582b81f189c349bbc5e857684ec7aca57b4f7952e6a62e8df8f

Download Submit
C:\Windows\System\yCkLpwU.exe

Filesize
1.4MB

MD5
eca82f0d797e06c38ee09fc078277da7

SHA1
8fe22b32bc731196e715e08dba20310ad84de86d

SHA256
acd2c82870ab6a76534b1eab80b48e7866c9a5997db05bfa7135e23b38b90077

SHA512
4b231b1c01646829dd0248cb2ccc6731e7909d0f3ce5fd67ffbc16d73143b0e00684d650b22af558969b29b4a09f944c0aa129f826ef38dbe4e62893447204dc

Download Submit
C:\Windows\System\zwVTvvD.exe

Filesize
1.4MB

MD5
67b4da93caf7165cdff65749f5bd124c

SHA1
6dcfb46d4b4a639c824a49ad123c0da2b8b4a3e1

SHA256
1291218f3a219672bbca5a97910a7f271555bcc0c5ac44d1382a6a8138cdb3bd

SHA512
92cb232ea953ef50154aa951f5dedde5f56b8fb614fc6ae1782b50d0d1d0258a911e5be48b13f05f9fecc186c131e2f6e49fa1423d2095a39507e0e5a7a1311a

Download Submit
memory/4872-0-0x000001FF234C0000-0x000001FF234D0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads