xmrig | 00fcdee68338cf48e4b190d2804dff2142d8791cec78404ebfc0e6cdfb5caac7

Analysis

max time kernel
88s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55ce85f3b4f610ca56c41564eb928a30.exe
Size

1.7MB
MD5

55ce85f3b4f610ca56c41564eb928a30
SHA1

5514733390916aca54b1062e77e5449c0349c1ec
SHA256

00fcdee68338cf48e4b190d2804dff2142d8791cec78404ebfc0e6cdfb5caac7
SHA512

3c5edba28af69d95f3d26f043b34fce2832db37bf96c7952f1de418cb73fbc442d5bce3c9252bbd25e6d5b27d2786f3fa1b13167b73dec32861c39e2cd0d1cce
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIRxj4c5yOBQP4Z5EX+:GemTLkNdfE0pZaN

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0009000000023400-4.dat	xmrig
behavioral2/files/0x0007000000023409-9.dat	xmrig
behavioral2/files/0x000700000002340a-6.dat	xmrig
behavioral2/files/0x000700000002340b-19.dat	xmrig
behavioral2/files/0x000700000002340c-21.dat	xmrig
behavioral2/files/0x000700000002340d-30.dat	xmrig
behavioral2/files/0x000700000002340e-34.dat	xmrig
behavioral2/files/0x000700000002340f-39.dat	xmrig
behavioral2/files/0x0007000000023410-45.dat	xmrig
behavioral2/files/0x0009000000023401-54.dat	xmrig
behavioral2/files/0x0007000000023412-63.dat	xmrig
behavioral2/files/0x0007000000023414-69.dat	xmrig
behavioral2/files/0x0007000000023415-78.dat	xmrig
behavioral2/files/0x0007000000023417-88.dat	xmrig
behavioral2/files/0x0007000000023419-98.dat	xmrig
behavioral2/files/0x000700000002341c-107.dat	xmrig
behavioral2/files/0x000700000002341f-124.dat	xmrig
behavioral2/files/0x0007000000023426-157.dat	xmrig
behavioral2/files/0x0007000000023427-162.dat	xmrig
behavioral2/files/0x0007000000023425-160.dat	xmrig
behavioral2/files/0x0007000000023424-155.dat	xmrig
behavioral2/files/0x0007000000023423-150.dat	xmrig
behavioral2/files/0x0007000000023422-145.dat	xmrig
behavioral2/files/0x0007000000023421-140.dat	xmrig
behavioral2/files/0x0007000000023420-135.dat	xmrig
behavioral2/files/0x000700000002341e-120.dat	xmrig
behavioral2/files/0x000700000002341d-118.dat	xmrig
behavioral2/files/0x000700000002341b-108.dat	xmrig
behavioral2/files/0x000700000002341a-103.dat	xmrig
behavioral2/files/0x0007000000023418-93.dat	xmrig
behavioral2/files/0x0007000000023416-83.dat	xmrig
behavioral2/files/0x0007000000023413-67.dat	xmrig
behavioral2/files/0x0007000000023411-50.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
960	iIvWtzZ.exe
4904	SdHCZOb.exe
4256	ytGPJAb.exe
4732	ZnXKiWu.exe
1600	TsHWYFv.exe
60	ddUbARY.exe
2096	oHDAbVz.exe
4068	uPpqnGw.exe
1660	YmKTbQQ.exe
2432	spQQuHk.exe
1320	gbVxAOo.exe
2672	TAdkwTm.exe
3164	yFgIgFg.exe
1480	mhCHOCy.exe
3332	ulWqRfh.exe
2380	ZEqZMje.exe
4960	GwBzcVS.exe
5020	RuzxFbE.exe
4812	OeLQCLZ.exe
372	pAUabRR.exe
2536	QcCUrfW.exe
2936	YxRNpLQ.exe
1692	BpRmyiP.exe
1436	aRVvMoH.exe
5012	vMDcWqv.exe
792	wZJRQxA.exe
2988	LHHsAtR.exe
2400	zYSPgWb.exe
2312	KDBYveH.exe
1696	eSlrEsH.exe
4080	MeZsRFO.exe
1408	otjZsIZ.exe
3564	IWZYgDZ.exe
1808	retVdSe.exe
5004	upUxdMq.exe
4348	BtORUWh.exe
4396	OhmvWdo.exe
4788	wWGKCwl.exe
5112	UKurGqr.exe
3676	apJNuDJ.exe
4424	cmPVdRK.exe
2224	ZDfQcxK.exe
4352	BFrCkyn.exe
4368	XmxGPad.exe
3736	AVhitCN.exe
4752	HNbXPTw.exe
4772	TPWuerl.exe
1208	idTtAAQ.exe
2648	UIvSmmr.exe
2320	qUtGEbe.exe
2052	PkeVmAC.exe
4676	nCLHyQa.exe
4360	SAhQQkN.exe
4680	MALpWbG.exe
2792	HuExoiJ.exe
4468	uYikBLO.exe
1684	iSPoqYM.exe
4964	eocPMXq.exe
4596	CiQNatd.exe
4744	eWModfp.exe
2872	cwnniau.exe
912	YIBfNcO.exe
1596	dYAyhyr.exe
3420	hVBsOiF.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ClbeGef.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\gZmsMfo.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\mzQMsee.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\migNTux.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\LWbuMff.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\VseNGcB.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\lBYPHYJ.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\vctvUwt.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\SIsSaSs.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\xnFNydB.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\YTvvtKO.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\UYARTLR.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\YiogdmG.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\qkogdYc.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\onGzPvH.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\LJTvMzZ.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\tcujsIs.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\jitDter.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\qNsFvgg.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\ETSNgkN.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\pAUabRR.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\ZDfQcxK.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\abhewtK.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\erThjyo.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\TsHWYFv.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\pgYBzeM.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\VJSrFwO.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\cWumDnG.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\WsITLep.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\AAStmet.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\ohruJcB.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\bbLALjt.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\QfWFnJA.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\NHxKHGF.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\yaYBzLr.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\udcEcaS.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\GChDApK.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\QzmaoFw.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\ueBxlNO.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\NaJpUOq.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\pGlRizh.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\GyBYRnM.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\AYVvCbL.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\VjJpYJo.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\zhGMGBo.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\WgpvxRg.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\JgYEDet.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\AVhitCN.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\mqlWLSz.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\HTDBkQr.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\sPKEXvD.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\MQLSKje.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\hjGwgbr.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\wZJRQxA.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\rtRMexf.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\WJCwBmc.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\OZqNWQz.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\TbZmugC.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\NPcsLlR.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\iTrQSGA.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\ZbWtRVd.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\qiECEkv.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\APvMSRA.exe	55ce85f3b4f610ca56c41564eb928a30.exe
File created	C:\Windows\System\UOmnXFO.exe	55ce85f3b4f610ca56c41564eb928a30.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16648	dwm.exe
Token: SeChangeNotifyPrivilege	16648	dwm.exe
Token: 33	16648	dwm.exe
Token: SeIncBasePriorityPrivilege	16648	dwm.exe
Token: SeShutdownPrivilege	16648	dwm.exe
Token: SeCreatePagefilePrivilege	16648	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 960	668	55ce85f3b4f610ca56c41564eb928a30.exe	83
PID 668 wrote to memory of 960	668	55ce85f3b4f610ca56c41564eb928a30.exe	83
PID 668 wrote to memory of 4904	668	55ce85f3b4f610ca56c41564eb928a30.exe	84
PID 668 wrote to memory of 4904	668	55ce85f3b4f610ca56c41564eb928a30.exe	84
PID 668 wrote to memory of 4256	668	55ce85f3b4f610ca56c41564eb928a30.exe	85
PID 668 wrote to memory of 4256	668	55ce85f3b4f610ca56c41564eb928a30.exe	85
PID 668 wrote to memory of 4732	668	55ce85f3b4f610ca56c41564eb928a30.exe	86
PID 668 wrote to memory of 4732	668	55ce85f3b4f610ca56c41564eb928a30.exe	86
PID 668 wrote to memory of 1600	668	55ce85f3b4f610ca56c41564eb928a30.exe	87
PID 668 wrote to memory of 1600	668	55ce85f3b4f610ca56c41564eb928a30.exe	87
PID 668 wrote to memory of 60	668	55ce85f3b4f610ca56c41564eb928a30.exe	88
PID 668 wrote to memory of 60	668	55ce85f3b4f610ca56c41564eb928a30.exe	88
PID 668 wrote to memory of 2096	668	55ce85f3b4f610ca56c41564eb928a30.exe	91
PID 668 wrote to memory of 2096	668	55ce85f3b4f610ca56c41564eb928a30.exe	91
PID 668 wrote to memory of 4068	668	55ce85f3b4f610ca56c41564eb928a30.exe	92
PID 668 wrote to memory of 4068	668	55ce85f3b4f610ca56c41564eb928a30.exe	92
PID 668 wrote to memory of 1660	668	55ce85f3b4f610ca56c41564eb928a30.exe	93
PID 668 wrote to memory of 1660	668	55ce85f3b4f610ca56c41564eb928a30.exe	93
PID 668 wrote to memory of 2432	668	55ce85f3b4f610ca56c41564eb928a30.exe	94
PID 668 wrote to memory of 2432	668	55ce85f3b4f610ca56c41564eb928a30.exe	94
PID 668 wrote to memory of 1320	668	55ce85f3b4f610ca56c41564eb928a30.exe	95
PID 668 wrote to memory of 1320	668	55ce85f3b4f610ca56c41564eb928a30.exe	95
PID 668 wrote to memory of 2672	668	55ce85f3b4f610ca56c41564eb928a30.exe	96
PID 668 wrote to memory of 2672	668	55ce85f3b4f610ca56c41564eb928a30.exe	96
PID 668 wrote to memory of 3164	668	55ce85f3b4f610ca56c41564eb928a30.exe	97
PID 668 wrote to memory of 3164	668	55ce85f3b4f610ca56c41564eb928a30.exe	97
PID 668 wrote to memory of 1480	668	55ce85f3b4f610ca56c41564eb928a30.exe	98
PID 668 wrote to memory of 1480	668	55ce85f3b4f610ca56c41564eb928a30.exe	98
PID 668 wrote to memory of 3332	668	55ce85f3b4f610ca56c41564eb928a30.exe	99
PID 668 wrote to memory of 3332	668	55ce85f3b4f610ca56c41564eb928a30.exe	99
PID 668 wrote to memory of 2380	668	55ce85f3b4f610ca56c41564eb928a30.exe	100
PID 668 wrote to memory of 2380	668	55ce85f3b4f610ca56c41564eb928a30.exe	100
PID 668 wrote to memory of 4960	668	55ce85f3b4f610ca56c41564eb928a30.exe	101
PID 668 wrote to memory of 4960	668	55ce85f3b4f610ca56c41564eb928a30.exe	101
PID 668 wrote to memory of 5020	668	55ce85f3b4f610ca56c41564eb928a30.exe	102
PID 668 wrote to memory of 5020	668	55ce85f3b4f610ca56c41564eb928a30.exe	102
PID 668 wrote to memory of 4812	668	55ce85f3b4f610ca56c41564eb928a30.exe	103
PID 668 wrote to memory of 4812	668	55ce85f3b4f610ca56c41564eb928a30.exe	103
PID 668 wrote to memory of 372	668	55ce85f3b4f610ca56c41564eb928a30.exe	104
PID 668 wrote to memory of 372	668	55ce85f3b4f610ca56c41564eb928a30.exe	104
PID 668 wrote to memory of 2536	668	55ce85f3b4f610ca56c41564eb928a30.exe	105
PID 668 wrote to memory of 2536	668	55ce85f3b4f610ca56c41564eb928a30.exe	105
PID 668 wrote to memory of 2936	668	55ce85f3b4f610ca56c41564eb928a30.exe	106
PID 668 wrote to memory of 2936	668	55ce85f3b4f610ca56c41564eb928a30.exe	106
PID 668 wrote to memory of 1692	668	55ce85f3b4f610ca56c41564eb928a30.exe	107
PID 668 wrote to memory of 1692	668	55ce85f3b4f610ca56c41564eb928a30.exe	107
PID 668 wrote to memory of 1436	668	55ce85f3b4f610ca56c41564eb928a30.exe	108
PID 668 wrote to memory of 1436	668	55ce85f3b4f610ca56c41564eb928a30.exe	108
PID 668 wrote to memory of 5012	668	55ce85f3b4f610ca56c41564eb928a30.exe	109
PID 668 wrote to memory of 5012	668	55ce85f3b4f610ca56c41564eb928a30.exe	109
PID 668 wrote to memory of 792	668	55ce85f3b4f610ca56c41564eb928a30.exe	110
PID 668 wrote to memory of 792	668	55ce85f3b4f610ca56c41564eb928a30.exe	110
PID 668 wrote to memory of 2988	668	55ce85f3b4f610ca56c41564eb928a30.exe	111
PID 668 wrote to memory of 2988	668	55ce85f3b4f610ca56c41564eb928a30.exe	111
PID 668 wrote to memory of 2400	668	55ce85f3b4f610ca56c41564eb928a30.exe	112
PID 668 wrote to memory of 2400	668	55ce85f3b4f610ca56c41564eb928a30.exe	112
PID 668 wrote to memory of 2312	668	55ce85f3b4f610ca56c41564eb928a30.exe	113
PID 668 wrote to memory of 2312	668	55ce85f3b4f610ca56c41564eb928a30.exe	113
PID 668 wrote to memory of 1696	668	55ce85f3b4f610ca56c41564eb928a30.exe	114
PID 668 wrote to memory of 1696	668	55ce85f3b4f610ca56c41564eb928a30.exe	114
PID 668 wrote to memory of 4080	668	55ce85f3b4f610ca56c41564eb928a30.exe	115
PID 668 wrote to memory of 4080	668	55ce85f3b4f610ca56c41564eb928a30.exe	115
PID 668 wrote to memory of 1408	668	55ce85f3b4f610ca56c41564eb928a30.exe	116
PID 668 wrote to memory of 1408	668	55ce85f3b4f610ca56c41564eb928a30.exe	116

C:\Users\Admin\AppData\Local\Temp\55ce85f3b4f610ca56c41564eb928a30.exe
"C:\Users\Admin\AppData\Local\Temp\55ce85f3b4f610ca56c41564eb928a30.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:668
- C:\Windows\System\iIvWtzZ.exe
  C:\Windows\System\iIvWtzZ.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\SdHCZOb.exe
  C:\Windows\System\SdHCZOb.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\ytGPJAb.exe
  C:\Windows\System\ytGPJAb.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\ZnXKiWu.exe
  C:\Windows\System\ZnXKiWu.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\TsHWYFv.exe
  C:\Windows\System\TsHWYFv.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\ddUbARY.exe
  C:\Windows\System\ddUbARY.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\oHDAbVz.exe
  C:\Windows\System\oHDAbVz.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\uPpqnGw.exe
  C:\Windows\System\uPpqnGw.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\YmKTbQQ.exe
  C:\Windows\System\YmKTbQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\spQQuHk.exe
  C:\Windows\System\spQQuHk.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\gbVxAOo.exe
  C:\Windows\System\gbVxAOo.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\TAdkwTm.exe
  C:\Windows\System\TAdkwTm.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\yFgIgFg.exe
  C:\Windows\System\yFgIgFg.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\mhCHOCy.exe
  C:\Windows\System\mhCHOCy.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\ulWqRfh.exe
  C:\Windows\System\ulWqRfh.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\ZEqZMje.exe
  C:\Windows\System\ZEqZMje.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\GwBzcVS.exe
  C:\Windows\System\GwBzcVS.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\RuzxFbE.exe
  C:\Windows\System\RuzxFbE.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\OeLQCLZ.exe
  C:\Windows\System\OeLQCLZ.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\pAUabRR.exe
  C:\Windows\System\pAUabRR.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\QcCUrfW.exe
  C:\Windows\System\QcCUrfW.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\YxRNpLQ.exe
  C:\Windows\System\YxRNpLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\BpRmyiP.exe
  C:\Windows\System\BpRmyiP.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\aRVvMoH.exe
  C:\Windows\System\aRVvMoH.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\vMDcWqv.exe
  C:\Windows\System\vMDcWqv.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\wZJRQxA.exe
  C:\Windows\System\wZJRQxA.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\LHHsAtR.exe
  C:\Windows\System\LHHsAtR.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\zYSPgWb.exe
  C:\Windows\System\zYSPgWb.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\KDBYveH.exe
  C:\Windows\System\KDBYveH.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\eSlrEsH.exe
  C:\Windows\System\eSlrEsH.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\MeZsRFO.exe
  C:\Windows\System\MeZsRFO.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\otjZsIZ.exe
  C:\Windows\System\otjZsIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\IWZYgDZ.exe
  C:\Windows\System\IWZYgDZ.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\retVdSe.exe
  C:\Windows\System\retVdSe.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\upUxdMq.exe
  C:\Windows\System\upUxdMq.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\BtORUWh.exe
  C:\Windows\System\BtORUWh.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\OhmvWdo.exe
  C:\Windows\System\OhmvWdo.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\wWGKCwl.exe
  C:\Windows\System\wWGKCwl.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\UKurGqr.exe
  C:\Windows\System\UKurGqr.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\apJNuDJ.exe
  C:\Windows\System\apJNuDJ.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\cmPVdRK.exe
  C:\Windows\System\cmPVdRK.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\ZDfQcxK.exe
  C:\Windows\System\ZDfQcxK.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\BFrCkyn.exe
  C:\Windows\System\BFrCkyn.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\XmxGPad.exe
  C:\Windows\System\XmxGPad.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\AVhitCN.exe
  C:\Windows\System\AVhitCN.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\HNbXPTw.exe
  C:\Windows\System\HNbXPTw.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\TPWuerl.exe
  C:\Windows\System\TPWuerl.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\idTtAAQ.exe
  C:\Windows\System\idTtAAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\UIvSmmr.exe
  C:\Windows\System\UIvSmmr.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\qUtGEbe.exe
  C:\Windows\System\qUtGEbe.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\PkeVmAC.exe
  C:\Windows\System\PkeVmAC.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\nCLHyQa.exe
  C:\Windows\System\nCLHyQa.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\SAhQQkN.exe
  C:\Windows\System\SAhQQkN.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\MALpWbG.exe
  C:\Windows\System\MALpWbG.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\HuExoiJ.exe
  C:\Windows\System\HuExoiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\uYikBLO.exe
  C:\Windows\System\uYikBLO.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\iSPoqYM.exe
  C:\Windows\System\iSPoqYM.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\eocPMXq.exe
  C:\Windows\System\eocPMXq.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\CiQNatd.exe
  C:\Windows\System\CiQNatd.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\eWModfp.exe
  C:\Windows\System\eWModfp.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\cwnniau.exe
  C:\Windows\System\cwnniau.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\YIBfNcO.exe
  C:\Windows\System\YIBfNcO.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\dYAyhyr.exe
  C:\Windows\System\dYAyhyr.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\hVBsOiF.exe
  C:\Windows\System\hVBsOiF.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\LuoOXBU.exe
  C:\Windows\System\LuoOXBU.exe
  2⤵
  PID:4908
- C:\Windows\System\USxpDaf.exe
  C:\Windows\System\USxpDaf.exe
  2⤵
  PID:2440
- C:\Windows\System\bYIMIot.exe
  C:\Windows\System\bYIMIot.exe
  2⤵
  PID:2676
- C:\Windows\System\sCkYjuL.exe
  C:\Windows\System\sCkYjuL.exe
  2⤵
  PID:388
- C:\Windows\System\NtfXaQV.exe
  C:\Windows\System\NtfXaQV.exe
  2⤵
  PID:4700
- C:\Windows\System\iFVIslx.exe
  C:\Windows\System\iFVIslx.exe
  2⤵
  PID:1440
- C:\Windows\System\mzQMsee.exe
  C:\Windows\System\mzQMsee.exe
  2⤵
  PID:2716
- C:\Windows\System\wAOjFJI.exe
  C:\Windows\System\wAOjFJI.exe
  2⤵
  PID:2992
- C:\Windows\System\DwtoNZC.exe
  C:\Windows\System\DwtoNZC.exe
  2⤵
  PID:4716
- C:\Windows\System\SQZVXkd.exe
  C:\Windows\System\SQZVXkd.exe
  2⤵
  PID:644
- C:\Windows\System\pxWYHFe.exe
  C:\Windows\System\pxWYHFe.exe
  2⤵
  PID:1784
- C:\Windows\System\flAACMq.exe
  C:\Windows\System\flAACMq.exe
  2⤵
  PID:4388
- C:\Windows\System\fghnNue.exe
  C:\Windows\System\fghnNue.exe
  2⤵
  PID:468
- C:\Windows\System\PIsslPh.exe
  C:\Windows\System\PIsslPh.exe
  2⤵
  PID:3204
- C:\Windows\System\THfpYAh.exe
  C:\Windows\System\THfpYAh.exe
  2⤵
  PID:972
- C:\Windows\System\lfXSgat.exe
  C:\Windows\System\lfXSgat.exe
  2⤵
  PID:2996
- C:\Windows\System\qVvMPbp.exe
  C:\Windows\System\qVvMPbp.exe
  2⤵
  PID:3996
- C:\Windows\System\svIJHIC.exe
  C:\Windows\System\svIJHIC.exe
  2⤵
  PID:2036
- C:\Windows\System\vaeczCn.exe
  C:\Windows\System\vaeczCn.exe
  2⤵
  PID:4224
- C:\Windows\System\BRczwsc.exe
  C:\Windows\System\BRczwsc.exe
  2⤵
  PID:1200
- C:\Windows\System\OoEFQut.exe
  C:\Windows\System\OoEFQut.exe
  2⤵
  PID:2068
- C:\Windows\System\UIeApfQ.exe
  C:\Windows\System\UIeApfQ.exe
  2⤵
  PID:2360
- C:\Windows\System\LaIQBLv.exe
  C:\Windows\System\LaIQBLv.exe
  2⤵
  PID:2688
- C:\Windows\System\pGlRizh.exe
  C:\Windows\System\pGlRizh.exe
  2⤵
  PID:3460
- C:\Windows\System\uOJPGYm.exe
  C:\Windows\System\uOJPGYm.exe
  2⤵
  PID:3004
- C:\Windows\System\wWLUqgc.exe
  C:\Windows\System\wWLUqgc.exe
  2⤵
  PID:4612
- C:\Windows\System\mqlWLSz.exe
  C:\Windows\System\mqlWLSz.exe
  2⤵
  PID:4988
- C:\Windows\System\HTDBkQr.exe
  C:\Windows\System\HTDBkQr.exe
  2⤵
  PID:5032
- C:\Windows\System\sPKEXvD.exe
  C:\Windows\System\sPKEXvD.exe
  2⤵
  PID:4748
- C:\Windows\System\TGcupyD.exe
  C:\Windows\System\TGcupyD.exe
  2⤵
  PID:1584
- C:\Windows\System\EkIQheC.exe
  C:\Windows\System\EkIQheC.exe
  2⤵
  PID:4708
- C:\Windows\System\wrLDSHl.exe
  C:\Windows\System\wrLDSHl.exe
  2⤵
  PID:4976
- C:\Windows\System\JAujSzd.exe
  C:\Windows\System\JAujSzd.exe
  2⤵
  PID:4684
- C:\Windows\System\JpUpMOI.exe
  C:\Windows\System\JpUpMOI.exe
  2⤵
  PID:1780
- C:\Windows\System\oBzXeEC.exe
  C:\Windows\System\oBzXeEC.exe
  2⤵
  PID:3192
- C:\Windows\System\MebbrRD.exe
  C:\Windows\System\MebbrRD.exe
  2⤵
  PID:692
- C:\Windows\System\vKxqEGv.exe
  C:\Windows\System\vKxqEGv.exe
  2⤵
  PID:1100
- C:\Windows\System\YXnDWZv.exe
  C:\Windows\System\YXnDWZv.exe
  2⤵
  PID:4548
- C:\Windows\System\oVVIBXl.exe
  C:\Windows\System\oVVIBXl.exe
  2⤵
  PID:732
- C:\Windows\System\QFjitNL.exe
  C:\Windows\System\QFjitNL.exe
  2⤵
  PID:2752
- C:\Windows\System\wfxUqCD.exe
  C:\Windows\System\wfxUqCD.exe
  2⤵
  PID:2900
- C:\Windows\System\haXTGby.exe
  C:\Windows\System\haXTGby.exe
  2⤵
  PID:4736
- C:\Windows\System\ljjlivi.exe
  C:\Windows\System\ljjlivi.exe
  2⤵
  PID:1548
- C:\Windows\System\xjStrwR.exe
  C:\Windows\System\xjStrwR.exe
  2⤵
  PID:5136
- C:\Windows\System\WTUJLaN.exe
  C:\Windows\System\WTUJLaN.exe
  2⤵
  PID:5160
- C:\Windows\System\aPKWYQP.exe
  C:\Windows\System\aPKWYQP.exe
  2⤵
  PID:5192
- C:\Windows\System\EnnBxDa.exe
  C:\Windows\System\EnnBxDa.exe
  2⤵
  PID:5228
- C:\Windows\System\YdDdHNf.exe
  C:\Windows\System\YdDdHNf.exe
  2⤵
  PID:5260
- C:\Windows\System\sSZzBmG.exe
  C:\Windows\System\sSZzBmG.exe
  2⤵
  PID:5288
- C:\Windows\System\RDcDjip.exe
  C:\Windows\System\RDcDjip.exe
  2⤵
  PID:5316
- C:\Windows\System\EqDRFbD.exe
  C:\Windows\System\EqDRFbD.exe
  2⤵
  PID:5344
- C:\Windows\System\mEvoMxu.exe
  C:\Windows\System\mEvoMxu.exe
  2⤵
  PID:5368
- C:\Windows\System\nAGAEEM.exe
  C:\Windows\System\nAGAEEM.exe
  2⤵
  PID:5400
- C:\Windows\System\jJkIfEU.exe
  C:\Windows\System\jJkIfEU.exe
  2⤵
  PID:5420
- C:\Windows\System\uGxAeUE.exe
  C:\Windows\System\uGxAeUE.exe
  2⤵
  PID:5448
- C:\Windows\System\NDTqVyG.exe
  C:\Windows\System\NDTqVyG.exe
  2⤵
  PID:5472
- C:\Windows\System\KwqVlma.exe
  C:\Windows\System\KwqVlma.exe
  2⤵
  PID:5500
- C:\Windows\System\hFBFGnV.exe
  C:\Windows\System\hFBFGnV.exe
  2⤵
  PID:5532
- C:\Windows\System\smBdsEf.exe
  C:\Windows\System\smBdsEf.exe
  2⤵
  PID:5556
- C:\Windows\System\TDXwwlJ.exe
  C:\Windows\System\TDXwwlJ.exe
  2⤵
  PID:5584
- C:\Windows\System\fWBrEvg.exe
  C:\Windows\System\fWBrEvg.exe
  2⤵
  PID:5612
- C:\Windows\System\WPzEZCW.exe
  C:\Windows\System\WPzEZCW.exe
  2⤵
  PID:5640
- C:\Windows\System\RjXWuaE.exe
  C:\Windows\System\RjXWuaE.exe
  2⤵
  PID:5668
- C:\Windows\System\LYYhoqQ.exe
  C:\Windows\System\LYYhoqQ.exe
  2⤵
  PID:5688
- C:\Windows\System\ohtRZoB.exe
  C:\Windows\System\ohtRZoB.exe
  2⤵
  PID:5716
- C:\Windows\System\abhewtK.exe
  C:\Windows\System\abhewtK.exe
  2⤵
  PID:5744
- C:\Windows\System\OCdOKUE.exe
  C:\Windows\System\OCdOKUE.exe
  2⤵
  PID:5768
- C:\Windows\System\OZqNWQz.exe
  C:\Windows\System\OZqNWQz.exe
  2⤵
  PID:5804
- C:\Windows\System\kuoVImk.exe
  C:\Windows\System\kuoVImk.exe
  2⤵
  PID:5836
- C:\Windows\System\VjJpYJo.exe
  C:\Windows\System\VjJpYJo.exe
  2⤵
  PID:5872
- C:\Windows\System\HiBYtvD.exe
  C:\Windows\System\HiBYtvD.exe
  2⤵
  PID:5892
- C:\Windows\System\migNTux.exe
  C:\Windows\System\migNTux.exe
  2⤵
  PID:5920
- C:\Windows\System\pVlhECL.exe
  C:\Windows\System\pVlhECL.exe
  2⤵
  PID:5952
- C:\Windows\System\RENPQne.exe
  C:\Windows\System\RENPQne.exe
  2⤵
  PID:5984
- C:\Windows\System\oAyhMjN.exe
  C:\Windows\System\oAyhMjN.exe
  2⤵
  PID:6004
- C:\Windows\System\zunlkmV.exe
  C:\Windows\System\zunlkmV.exe
  2⤵
  PID:6032
- C:\Windows\System\BddDdyY.exe
  C:\Windows\System\BddDdyY.exe
  2⤵
  PID:6060
- C:\Windows\System\LWtpxdL.exe
  C:\Windows\System\LWtpxdL.exe
  2⤵
  PID:6092
- C:\Windows\System\wEIsVec.exe
  C:\Windows\System\wEIsVec.exe
  2⤵
  PID:6128
- C:\Windows\System\NDPdeUT.exe
  C:\Windows\System\NDPdeUT.exe
  2⤵
  PID:4012
- C:\Windows\System\awmQLSB.exe
  C:\Windows\System\awmQLSB.exe
  2⤵
  PID:2092
- C:\Windows\System\QIYEQvo.exe
  C:\Windows\System\QIYEQvo.exe
  2⤵
  PID:5236
- C:\Windows\System\YfQRvkS.exe
  C:\Windows\System\YfQRvkS.exe
  2⤵
  PID:5284
- C:\Windows\System\ospDGPV.exe
  C:\Windows\System\ospDGPV.exe
  2⤵
  PID:5328
- C:\Windows\System\BgYoErV.exe
  C:\Windows\System\BgYoErV.exe
  2⤵
  PID:5408
- C:\Windows\System\yaYBzLr.exe
  C:\Windows\System\yaYBzLr.exe
  2⤵
  PID:5484
- C:\Windows\System\IljyNac.exe
  C:\Windows\System\IljyNac.exe
  2⤵
  PID:5540
- C:\Windows\System\NsDEroM.exe
  C:\Windows\System\NsDEroM.exe
  2⤵
  PID:5632
- C:\Windows\System\UTiGTuT.exe
  C:\Windows\System\UTiGTuT.exe
  2⤵
  PID:5700
- C:\Windows\System\GvoRUhn.exe
  C:\Windows\System\GvoRUhn.exe
  2⤵
  PID:5760
- C:\Windows\System\niRhNOJ.exe
  C:\Windows\System\niRhNOJ.exe
  2⤵
  PID:5780
- C:\Windows\System\SfUMdXq.exe
  C:\Windows\System\SfUMdXq.exe
  2⤵
  PID:5860
- C:\Windows\System\zjphmQY.exe
  C:\Windows\System\zjphmQY.exe
  2⤵
  PID:5948
- C:\Windows\System\uRwpQpe.exe
  C:\Windows\System\uRwpQpe.exe
  2⤵
  PID:5992
- C:\Windows\System\DdWPjUU.exe
  C:\Windows\System\DdWPjUU.exe
  2⤵
  PID:6116
- C:\Windows\System\leJCsEE.exe
  C:\Windows\System\leJCsEE.exe
  2⤵
  PID:5180
- C:\Windows\System\ddUiBIP.exe
  C:\Windows\System\ddUiBIP.exe
  2⤵
  PID:5248
- C:\Windows\System\cAhjfDy.exe
  C:\Windows\System\cAhjfDy.exe
  2⤵
  PID:5380
- C:\Windows\System\krsCODH.exe
  C:\Windows\System\krsCODH.exe
  2⤵
  PID:5568
- C:\Windows\System\WWIISdg.exe
  C:\Windows\System\WWIISdg.exe
  2⤵
  PID:5664
- C:\Windows\System\tnlUZhu.exe
  C:\Windows\System\tnlUZhu.exe
  2⤵
  PID:5756
- C:\Windows\System\giTUbQk.exe
  C:\Windows\System\giTUbQk.exe
  2⤵
  PID:5960
- C:\Windows\System\fTEuhdt.exe
  C:\Windows\System\fTEuhdt.exe
  2⤵
  PID:4448
- C:\Windows\System\zNmpVxF.exe
  C:\Windows\System\zNmpVxF.exe
  2⤵
  PID:5628
- C:\Windows\System\cWumDnG.exe
  C:\Windows\System\cWumDnG.exe
  2⤵
  PID:5848
- C:\Windows\System\LTqtSML.exe
  C:\Windows\System\LTqtSML.exe
  2⤵
  PID:5388
- C:\Windows\System\ODZQYWl.exe
  C:\Windows\System\ODZQYWl.exe
  2⤵
  PID:5304
- C:\Windows\System\ZKTvgGu.exe
  C:\Windows\System\ZKTvgGu.exe
  2⤵
  PID:6160
- C:\Windows\System\ZyMqRVx.exe
  C:\Windows\System\ZyMqRVx.exe
  2⤵
  PID:6188
- C:\Windows\System\LhNVTeL.exe
  C:\Windows\System\LhNVTeL.exe
  2⤵
  PID:6216
- C:\Windows\System\wOEAWna.exe
  C:\Windows\System\wOEAWna.exe
  2⤵
  PID:6244
- C:\Windows\System\DtuLFcx.exe
  C:\Windows\System\DtuLFcx.exe
  2⤵
  PID:6272
- C:\Windows\System\jjsXCrw.exe
  C:\Windows\System\jjsXCrw.exe
  2⤵
  PID:6300
- C:\Windows\System\qaBSNlh.exe
  C:\Windows\System\qaBSNlh.exe
  2⤵
  PID:6320
- C:\Windows\System\TSmcWgP.exe
  C:\Windows\System\TSmcWgP.exe
  2⤵
  PID:6348
- C:\Windows\System\tBYwyzw.exe
  C:\Windows\System\tBYwyzw.exe
  2⤵
  PID:6372
- C:\Windows\System\pIxdYXI.exe
  C:\Windows\System\pIxdYXI.exe
  2⤵
  PID:6400
- C:\Windows\System\JMFRKrA.exe
  C:\Windows\System\JMFRKrA.exe
  2⤵
  PID:6420
- C:\Windows\System\NcacNbk.exe
  C:\Windows\System\NcacNbk.exe
  2⤵
  PID:6444
- C:\Windows\System\BUerELC.exe
  C:\Windows\System\BUerELC.exe
  2⤵
  PID:6460
- C:\Windows\System\eMJdhFW.exe
  C:\Windows\System\eMJdhFW.exe
  2⤵
  PID:6512
- C:\Windows\System\FaQwPSF.exe
  C:\Windows\System\FaQwPSF.exe
  2⤵
  PID:6552
- C:\Windows\System\LrgTecl.exe
  C:\Windows\System\LrgTecl.exe
  2⤵
  PID:6580
- C:\Windows\System\onaoHon.exe
  C:\Windows\System\onaoHon.exe
  2⤵
  PID:6608
- C:\Windows\System\PltKxmW.exe
  C:\Windows\System\PltKxmW.exe
  2⤵
  PID:6636
- C:\Windows\System\jBgVyOj.exe
  C:\Windows\System\jBgVyOj.exe
  2⤵
  PID:6664
- C:\Windows\System\DJJdQur.exe
  C:\Windows\System\DJJdQur.exe
  2⤵
  PID:6680
- C:\Windows\System\ObFjhBY.exe
  C:\Windows\System\ObFjhBY.exe
  2⤵
  PID:6712
- C:\Windows\System\YAWABDI.exe
  C:\Windows\System\YAWABDI.exe
  2⤵
  PID:6732
- C:\Windows\System\udcEcaS.exe
  C:\Windows\System\udcEcaS.exe
  2⤵
  PID:6764
- C:\Windows\System\ZibSstv.exe
  C:\Windows\System\ZibSstv.exe
  2⤵
  PID:6784
- C:\Windows\System\QdfCuKY.exe
  C:\Windows\System\QdfCuKY.exe
  2⤵
  PID:6812
- C:\Windows\System\ErLlUiz.exe
  C:\Windows\System\ErLlUiz.exe
  2⤵
  PID:6848
- C:\Windows\System\MQFmOay.exe
  C:\Windows\System\MQFmOay.exe
  2⤵
  PID:6876
- C:\Windows\System\EvuLchm.exe
  C:\Windows\System\EvuLchm.exe
  2⤵
  PID:6916
- C:\Windows\System\OEtYnuB.exe
  C:\Windows\System\OEtYnuB.exe
  2⤵
  PID:6944
- C:\Windows\System\mggZAQJ.exe
  C:\Windows\System\mggZAQJ.exe
  2⤵
  PID:6972
- C:\Windows\System\exzXjyy.exe
  C:\Windows\System\exzXjyy.exe
  2⤵
  PID:7000
- C:\Windows\System\TYTLdTc.exe
  C:\Windows\System\TYTLdTc.exe
  2⤵
  PID:7028
- C:\Windows\System\hEWkckJ.exe
  C:\Windows\System\hEWkckJ.exe
  2⤵
  PID:7044
- C:\Windows\System\oOKdDMm.exe
  C:\Windows\System\oOKdDMm.exe
  2⤵
  PID:7080
- C:\Windows\System\KLTCSsD.exe
  C:\Windows\System\KLTCSsD.exe
  2⤵
  PID:7104
- C:\Windows\System\Pomamhl.exe
  C:\Windows\System\Pomamhl.exe
  2⤵
  PID:7132
- C:\Windows\System\PUoeUAO.exe
  C:\Windows\System\PUoeUAO.exe
  2⤵
  PID:5128
- C:\Windows\System\FOQIwhA.exe
  C:\Windows\System\FOQIwhA.exe
  2⤵
  PID:6208
- C:\Windows\System\quWcURi.exe
  C:\Windows\System\quWcURi.exe
  2⤵
  PID:6256
- C:\Windows\System\HREweFY.exe
  C:\Windows\System\HREweFY.exe
  2⤵
  PID:6332
- C:\Windows\System\WXhPRXQ.exe
  C:\Windows\System\WXhPRXQ.exe
  2⤵
  PID:6428
- C:\Windows\System\SROQMvR.exe
  C:\Windows\System\SROQMvR.exe
  2⤵
  PID:6452
- C:\Windows\System\wrxnGgA.exe
  C:\Windows\System\wrxnGgA.exe
  2⤵
  PID:6488
- C:\Windows\System\ljajexw.exe
  C:\Windows\System\ljajexw.exe
  2⤵
  PID:6592
- C:\Windows\System\KGvhghG.exe
  C:\Windows\System\KGvhghG.exe
  2⤵
  PID:6648
- C:\Windows\System\VnYQZVe.exe
  C:\Windows\System\VnYQZVe.exe
  2⤵
  PID:6728
- C:\Windows\System\ggKPkZX.exe
  C:\Windows\System\ggKPkZX.exe
  2⤵
  PID:6792
- C:\Windows\System\ZnCfjUv.exe
  C:\Windows\System\ZnCfjUv.exe
  2⤵
  PID:6872
- C:\Windows\System\ozdBjOs.exe
  C:\Windows\System\ozdBjOs.exe
  2⤵
  PID:6912
- C:\Windows\System\UgeFpKU.exe
  C:\Windows\System\UgeFpKU.exe
  2⤵
  PID:6956
- C:\Windows\System\RCPYHhy.exe
  C:\Windows\System\RCPYHhy.exe
  2⤵
  PID:7076
- C:\Windows\System\NwsDNLQ.exe
  C:\Windows\System\NwsDNLQ.exe
  2⤵
  PID:7128
- C:\Windows\System\zqWXoUA.exe
  C:\Windows\System\zqWXoUA.exe
  2⤵
  PID:6184
- C:\Windows\System\VJZViNz.exe
  C:\Windows\System\VJZViNz.exe
  2⤵
  PID:6308
- C:\Windows\System\VMhWogk.exe
  C:\Windows\System\VMhWogk.exe
  2⤵
  PID:6384
- C:\Windows\System\kkUCZIM.exe
  C:\Windows\System\kkUCZIM.exe
  2⤵
  PID:6544
- C:\Windows\System\MAKxiZr.exe
  C:\Windows\System\MAKxiZr.exe
  2⤵
  PID:6808
- C:\Windows\System\UdoGBHd.exe
  C:\Windows\System\UdoGBHd.exe
  2⤵
  PID:6932
- C:\Windows\System\iJHoBTO.exe
  C:\Windows\System\iJHoBTO.exe
  2⤵
  PID:7140
- C:\Windows\System\VcPfXzk.exe
  C:\Windows\System\VcPfXzk.exe
  2⤵
  PID:6356
- C:\Windows\System\PFIGzwo.exe
  C:\Windows\System\PFIGzwo.exe
  2⤵
  PID:6800
- C:\Windows\System\fBYUqSE.exe
  C:\Windows\System\fBYUqSE.exe
  2⤵
  PID:6292
- C:\Windows\System\qLzjFQA.exe
  C:\Windows\System\qLzjFQA.exe
  2⤵
  PID:6676
- C:\Windows\System\wLWOwQc.exe
  C:\Windows\System\wLWOwQc.exe
  2⤵
  PID:7196
- C:\Windows\System\NwYJDYW.exe
  C:\Windows\System\NwYJDYW.exe
  2⤵
  PID:7224
- C:\Windows\System\UNrFlyh.exe
  C:\Windows\System\UNrFlyh.exe
  2⤵
  PID:7252
- C:\Windows\System\rtRMexf.exe
  C:\Windows\System\rtRMexf.exe
  2⤵
  PID:7268
- C:\Windows\System\LTqigYw.exe
  C:\Windows\System\LTqigYw.exe
  2⤵
  PID:7296
- C:\Windows\System\MKyeTpo.exe
  C:\Windows\System\MKyeTpo.exe
  2⤵
  PID:7316
- C:\Windows\System\eGqOwZM.exe
  C:\Windows\System\eGqOwZM.exe
  2⤵
  PID:7356
- C:\Windows\System\oGIPfWd.exe
  C:\Windows\System\oGIPfWd.exe
  2⤵
  PID:7380
- C:\Windows\System\eVOgbQo.exe
  C:\Windows\System\eVOgbQo.exe
  2⤵
  PID:7412
- C:\Windows\System\PRcMyZo.exe
  C:\Windows\System\PRcMyZo.exe
  2⤵
  PID:7436
- C:\Windows\System\chKEnMM.exe
  C:\Windows\System\chKEnMM.exe
  2⤵
  PID:7468
- C:\Windows\System\ayLTNqa.exe
  C:\Windows\System\ayLTNqa.exe
  2⤵
  PID:7492
- C:\Windows\System\DhDrwGL.exe
  C:\Windows\System\DhDrwGL.exe
  2⤵
  PID:7532
- C:\Windows\System\LkrhCKX.exe
  C:\Windows\System\LkrhCKX.exe
  2⤵
  PID:7560
- C:\Windows\System\ALJBaMU.exe
  C:\Windows\System\ALJBaMU.exe
  2⤵
  PID:7576
- C:\Windows\System\zYCyTzx.exe
  C:\Windows\System\zYCyTzx.exe
  2⤵
  PID:7616
- C:\Windows\System\woNvPEv.exe
  C:\Windows\System\woNvPEv.exe
  2⤵
  PID:7632
- C:\Windows\System\vutYoYr.exe
  C:\Windows\System\vutYoYr.exe
  2⤵
  PID:7660
- C:\Windows\System\gZHGtUp.exe
  C:\Windows\System\gZHGtUp.exe
  2⤵
  PID:7688
- C:\Windows\System\kyWmHaj.exe
  C:\Windows\System\kyWmHaj.exe
  2⤵
  PID:7708
- C:\Windows\System\paTYDno.exe
  C:\Windows\System\paTYDno.exe
  2⤵
  PID:7744
- C:\Windows\System\PLEXdiI.exe
  C:\Windows\System\PLEXdiI.exe
  2⤵
  PID:7772
- C:\Windows\System\PVAmCvR.exe
  C:\Windows\System\PVAmCvR.exe
  2⤵
  PID:7800
- C:\Windows\System\nrEVvSH.exe
  C:\Windows\System\nrEVvSH.exe
  2⤵
  PID:7816
- C:\Windows\System\eaPrJKd.exe
  C:\Windows\System\eaPrJKd.exe
  2⤵
  PID:7844
- C:\Windows\System\JJtPPUI.exe
  C:\Windows\System\JJtPPUI.exe
  2⤵
  PID:7872
- C:\Windows\System\GChDApK.exe
  C:\Windows\System\GChDApK.exe
  2⤵
  PID:7888
- C:\Windows\System\iMZOZTd.exe
  C:\Windows\System\iMZOZTd.exe
  2⤵
  PID:7916
- C:\Windows\System\LWbuMff.exe
  C:\Windows\System\LWbuMff.exe
  2⤵
  PID:7944
- C:\Windows\System\zzLePkC.exe
  C:\Windows\System\zzLePkC.exe
  2⤵
  PID:7980
- C:\Windows\System\WRQxtnW.exe
  C:\Windows\System\WRQxtnW.exe
  2⤵
  PID:8020
- C:\Windows\System\LyLxuCX.exe
  C:\Windows\System\LyLxuCX.exe
  2⤵
  PID:8044
- C:\Windows\System\cUeMFHD.exe
  C:\Windows\System\cUeMFHD.exe
  2⤵
  PID:8080
- C:\Windows\System\GyBYRnM.exe
  C:\Windows\System\GyBYRnM.exe
  2⤵
  PID:8108
- C:\Windows\System\ZbWtRVd.exe
  C:\Windows\System\ZbWtRVd.exe
  2⤵
  PID:8140
- C:\Windows\System\UiYLobF.exe
  C:\Windows\System\UiYLobF.exe
  2⤵
  PID:8172
- C:\Windows\System\KCfgUwT.exe
  C:\Windows\System\KCfgUwT.exe
  2⤵
  PID:6440
- C:\Windows\System\KJUIlbB.exe
  C:\Windows\System\KJUIlbB.exe
  2⤵
  PID:7208
- C:\Windows\System\bjqbulU.exe
  C:\Windows\System\bjqbulU.exe
  2⤵
  PID:7280
- C:\Windows\System\ggCdjhM.exe
  C:\Windows\System\ggCdjhM.exe
  2⤵
  PID:7312
- C:\Windows\System\HTuthIL.exe
  C:\Windows\System\HTuthIL.exe
  2⤵
  PID:7404
- C:\Windows\System\cgWnJsx.exe
  C:\Windows\System\cgWnJsx.exe
  2⤵
  PID:7476
- C:\Windows\System\wWOGuOZ.exe
  C:\Windows\System\wWOGuOZ.exe
  2⤵
  PID:7548
- C:\Windows\System\gSWAGlc.exe
  C:\Windows\System\gSWAGlc.exe
  2⤵
  PID:7592
- C:\Windows\System\cLxjckh.exe
  C:\Windows\System\cLxjckh.exe
  2⤵
  PID:7716
- C:\Windows\System\AhmAnEd.exe
  C:\Windows\System\AhmAnEd.exe
  2⤵
  PID:7756
- C:\Windows\System\ZZlBBpb.exe
  C:\Windows\System\ZZlBBpb.exe
  2⤵
  PID:7760
- C:\Windows\System\IrLvAIr.exe
  C:\Windows\System\IrLvAIr.exe
  2⤵
  PID:7880
- C:\Windows\System\wlWhrBh.exe
  C:\Windows\System\wlWhrBh.exe
  2⤵
  PID:7912
- C:\Windows\System\dtXfyqr.exe
  C:\Windows\System\dtXfyqr.exe
  2⤵
  PID:8032
- C:\Windows\System\maRWDYQ.exe
  C:\Windows\System\maRWDYQ.exe
  2⤵
  PID:8040
- C:\Windows\System\PWbjjxZ.exe
  C:\Windows\System\PWbjjxZ.exe
  2⤵
  PID:8120
- C:\Windows\System\DSTiJvD.exe
  C:\Windows\System\DSTiJvD.exe
  2⤵
  PID:7184
- C:\Windows\System\iDwmwrk.exe
  C:\Windows\System\iDwmwrk.exe
  2⤵
  PID:7288
- C:\Windows\System\YDazLnV.exe
  C:\Windows\System\YDazLnV.exe
  2⤵
  PID:7432
- C:\Windows\System\KZyLRzu.exe
  C:\Windows\System\KZyLRzu.exe
  2⤵
  PID:7520
- C:\Windows\System\xDFcbEo.exe
  C:\Windows\System\xDFcbEo.exe
  2⤵
  PID:7732
- C:\Windows\System\oMjqAys.exe
  C:\Windows\System\oMjqAys.exe
  2⤵
  PID:7968
- C:\Windows\System\wcADtzw.exe
  C:\Windows\System\wcADtzw.exe
  2⤵
  PID:8064
- C:\Windows\System\cSYEQuf.exe
  C:\Windows\System\cSYEQuf.exe
  2⤵
  PID:7452
- C:\Windows\System\WriDlBo.exe
  C:\Windows\System\WriDlBo.exe
  2⤵
  PID:7556
- C:\Windows\System\xuMowqq.exe
  C:\Windows\System\xuMowqq.exe
  2⤵
  PID:7940
- C:\Windows\System\JylqOJc.exe
  C:\Windows\System\JylqOJc.exe
  2⤵
  PID:7244
- C:\Windows\System\ONCMXCR.exe
  C:\Windows\System\ONCMXCR.exe
  2⤵
  PID:8196
- C:\Windows\System\fsotrob.exe
  C:\Windows\System\fsotrob.exe
  2⤵
  PID:8216
- C:\Windows\System\opBiqLg.exe
  C:\Windows\System\opBiqLg.exe
  2⤵
  PID:8244
- C:\Windows\System\BdEBAGK.exe
  C:\Windows\System\BdEBAGK.exe
  2⤵
  PID:8288
- C:\Windows\System\jvdevxw.exe
  C:\Windows\System\jvdevxw.exe
  2⤵
  PID:8316
- C:\Windows\System\NSjUvaj.exe
  C:\Windows\System\NSjUvaj.exe
  2⤵
  PID:8332
- C:\Windows\System\ZoxXHBX.exe
  C:\Windows\System\ZoxXHBX.exe
  2⤵
  PID:8360
- C:\Windows\System\bAguGnd.exe
  C:\Windows\System\bAguGnd.exe
  2⤵
  PID:8376
- C:\Windows\System\zXFVTya.exe
  C:\Windows\System\zXFVTya.exe
  2⤵
  PID:8428
- C:\Windows\System\nmBhLOF.exe
  C:\Windows\System\nmBhLOF.exe
  2⤵
  PID:8456
- C:\Windows\System\QLxMPAP.exe
  C:\Windows\System\QLxMPAP.exe
  2⤵
  PID:8472
- C:\Windows\System\IXaNptU.exe
  C:\Windows\System\IXaNptU.exe
  2⤵
  PID:8500
- C:\Windows\System\WPQguiW.exe
  C:\Windows\System\WPQguiW.exe
  2⤵
  PID:8528
- C:\Windows\System\QxYhNiI.exe
  C:\Windows\System\QxYhNiI.exe
  2⤵
  PID:8556
- C:\Windows\System\eWjEjFc.exe
  C:\Windows\System\eWjEjFc.exe
  2⤵
  PID:8584
- C:\Windows\System\CVBQwAs.exe
  C:\Windows\System\CVBQwAs.exe
  2⤵
  PID:8612
- C:\Windows\System\JXxcCbJ.exe
  C:\Windows\System\JXxcCbJ.exe
  2⤵
  PID:8644
- C:\Windows\System\xWcRjyF.exe
  C:\Windows\System\xWcRjyF.exe
  2⤵
  PID:8668
- C:\Windows\System\OrNTRAS.exe
  C:\Windows\System\OrNTRAS.exe
  2⤵
  PID:8692
- C:\Windows\System\iRUkpJX.exe
  C:\Windows\System\iRUkpJX.exe
  2⤵
  PID:8724
- C:\Windows\System\LpYeyGt.exe
  C:\Windows\System\LpYeyGt.exe
  2⤵
  PID:8764
- C:\Windows\System\WZeTLpH.exe
  C:\Windows\System\WZeTLpH.exe
  2⤵
  PID:8792
- C:\Windows\System\YcNEkSc.exe
  C:\Windows\System\YcNEkSc.exe
  2⤵
  PID:8812
- C:\Windows\System\GBRkUDk.exe
  C:\Windows\System\GBRkUDk.exe
  2⤵
  PID:8848
- C:\Windows\System\tSnmGMH.exe
  C:\Windows\System\tSnmGMH.exe
  2⤵
  PID:8864
- C:\Windows\System\QzmaoFw.exe
  C:\Windows\System\QzmaoFw.exe
  2⤵
  PID:8900
- C:\Windows\System\FOqctoK.exe
  C:\Windows\System\FOqctoK.exe
  2⤵
  PID:8932
- C:\Windows\System\ksFmbDW.exe
  C:\Windows\System\ksFmbDW.exe
  2⤵
  PID:8956
- C:\Windows\System\jWaOEND.exe
  C:\Windows\System\jWaOEND.exe
  2⤵
  PID:8988
- C:\Windows\System\ytFIhmC.exe
  C:\Windows\System\ytFIhmC.exe
  2⤵
  PID:9016
- C:\Windows\System\pHUMulm.exe
  C:\Windows\System\pHUMulm.exe
  2⤵
  PID:9044
- C:\Windows\System\SiUAEOl.exe
  C:\Windows\System\SiUAEOl.exe
  2⤵
  PID:9072
- C:\Windows\System\ysxwoyk.exe
  C:\Windows\System\ysxwoyk.exe
  2⤵
  PID:9096
- C:\Windows\System\uVgejsS.exe
  C:\Windows\System\uVgejsS.exe
  2⤵
  PID:9116
- C:\Windows\System\HWRrDiN.exe
  C:\Windows\System\HWRrDiN.exe
  2⤵
  PID:9136
- C:\Windows\System\SSgCmkn.exe
  C:\Windows\System\SSgCmkn.exe
  2⤵
  PID:9160
- C:\Windows\System\xUCvvHS.exe
  C:\Windows\System\xUCvvHS.exe
  2⤵
  PID:9188
- C:\Windows\System\IrBewQs.exe
  C:\Windows\System\IrBewQs.exe
  2⤵
  PID:9204
- C:\Windows\System\pfeUJFw.exe
  C:\Windows\System\pfeUJFw.exe
  2⤵
  PID:8096
- C:\Windows\System\saxOFGj.exe
  C:\Windows\System\saxOFGj.exe
  2⤵
  PID:8236
- C:\Windows\System\HPoEdMi.exe
  C:\Windows\System\HPoEdMi.exe
  2⤵
  PID:8352
- C:\Windows\System\NuKLeqW.exe
  C:\Windows\System\NuKLeqW.exe
  2⤵
  PID:8372
- C:\Windows\System\BrKvmCk.exe
  C:\Windows\System\BrKvmCk.exe
  2⤵
  PID:8464
- C:\Windows\System\KwNmAYu.exe
  C:\Windows\System\KwNmAYu.exe
  2⤵
  PID:8600
- C:\Windows\System\UYARTLR.exe
  C:\Windows\System\UYARTLR.exe
  2⤵
  PID:8688
- C:\Windows\System\GGdUrwB.exe
  C:\Windows\System\GGdUrwB.exe
  2⤵
  PID:8744
- C:\Windows\System\zhGMGBo.exe
  C:\Windows\System\zhGMGBo.exe
  2⤵
  PID:8824
- C:\Windows\System\seDrqFz.exe
  C:\Windows\System\seDrqFz.exe
  2⤵
  PID:8832
- C:\Windows\System\RmpRCxX.exe
  C:\Windows\System\RmpRCxX.exe
  2⤵
  PID:8948
- C:\Windows\System\MfQNDwP.exe
  C:\Windows\System\MfQNDwP.exe
  2⤵
  PID:9004
- C:\Windows\System\ByEsWPA.exe
  C:\Windows\System\ByEsWPA.exe
  2⤵
  PID:9028
- C:\Windows\System\QgioUId.exe
  C:\Windows\System\QgioUId.exe
  2⤵
  PID:9092
- C:\Windows\System\sdTlNea.exe
  C:\Windows\System\sdTlNea.exe
  2⤵
  PID:9148
- C:\Windows\System\YfVIajT.exe
  C:\Windows\System\YfVIajT.exe
  2⤵
  PID:8284
- C:\Windows\System\eEUaPkc.exe
  C:\Windows\System\eEUaPkc.exe
  2⤵
  PID:8440
- C:\Windows\System\hwMZWWW.exe
  C:\Windows\System\hwMZWWW.exe
  2⤵
  PID:8628
- C:\Windows\System\BGmGBVs.exe
  C:\Windows\System\BGmGBVs.exe
  2⤵
  PID:8800
- C:\Windows\System\kWBUcqd.exe
  C:\Windows\System\kWBUcqd.exe
  2⤵
  PID:8912
- C:\Windows\System\TbZmugC.exe
  C:\Windows\System\TbZmugC.exe
  2⤵
  PID:9200
- C:\Windows\System\lHHRDir.exe
  C:\Windows\System\lHHRDir.exe
  2⤵
  PID:9112
- C:\Windows\System\YiogdmG.exe
  C:\Windows\System\YiogdmG.exe
  2⤵
  PID:8400
- C:\Windows\System\ydmQVxG.exe
  C:\Windows\System\ydmQVxG.exe
  2⤵
  PID:9012
- C:\Windows\System\DMWjwOd.exe
  C:\Windows\System\DMWjwOd.exe
  2⤵
  PID:8016
- C:\Windows\System\BprrfUC.exe
  C:\Windows\System\BprrfUC.exe
  2⤵
  PID:8208
- C:\Windows\System\rvnGBbC.exe
  C:\Windows\System\rvnGBbC.exe
  2⤵
  PID:9256
- C:\Windows\System\IhpSinm.exe
  C:\Windows\System\IhpSinm.exe
  2⤵
  PID:9284
- C:\Windows\System\eALLHbY.exe
  C:\Windows\System\eALLHbY.exe
  2⤵
  PID:9300
- C:\Windows\System\ruWfXlm.exe
  C:\Windows\System\ruWfXlm.exe
  2⤵
  PID:9336
- C:\Windows\System\iUZIVtz.exe
  C:\Windows\System\iUZIVtz.exe
  2⤵
  PID:9368
- C:\Windows\System\PhBlrUh.exe
  C:\Windows\System\PhBlrUh.exe
  2⤵
  PID:9396
- C:\Windows\System\XSyCXEu.exe
  C:\Windows\System\XSyCXEu.exe
  2⤵
  PID:9424
- C:\Windows\System\UFrlquh.exe
  C:\Windows\System\UFrlquh.exe
  2⤵
  PID:9452
- C:\Windows\System\nNgtzoq.exe
  C:\Windows\System\nNgtzoq.exe
  2⤵
  PID:9480
- C:\Windows\System\VXnwuUu.exe
  C:\Windows\System\VXnwuUu.exe
  2⤵
  PID:9508
- C:\Windows\System\UMSHVMv.exe
  C:\Windows\System\UMSHVMv.exe
  2⤵
  PID:9524
- C:\Windows\System\eafofjN.exe
  C:\Windows\System\eafofjN.exe
  2⤵
  PID:9564
- C:\Windows\System\SiignOM.exe
  C:\Windows\System\SiignOM.exe
  2⤵
  PID:9592
- C:\Windows\System\onGzPvH.exe
  C:\Windows\System\onGzPvH.exe
  2⤵
  PID:9620
- C:\Windows\System\pgYBzeM.exe
  C:\Windows\System\pgYBzeM.exe
  2⤵
  PID:9648
- C:\Windows\System\TxAcbVu.exe
  C:\Windows\System\TxAcbVu.exe
  2⤵
  PID:9664
- C:\Windows\System\QefBlOZ.exe
  C:\Windows\System\QefBlOZ.exe
  2⤵
  PID:9692
- C:\Windows\System\sQdUHbL.exe
  C:\Windows\System\sQdUHbL.exe
  2⤵
  PID:9728
- C:\Windows\System\cPwWEtG.exe
  C:\Windows\System\cPwWEtG.exe
  2⤵
  PID:9748
- C:\Windows\System\dVGHrEm.exe
  C:\Windows\System\dVGHrEm.exe
  2⤵
  PID:9776
- C:\Windows\System\ZzhaiHx.exe
  C:\Windows\System\ZzhaiHx.exe
  2⤵
  PID:9796
- C:\Windows\System\vTJBlnN.exe
  C:\Windows\System\vTJBlnN.exe
  2⤵
  PID:9844
- C:\Windows\System\ztJrnpo.exe
  C:\Windows\System\ztJrnpo.exe
  2⤵
  PID:9860
- C:\Windows\System\fnrWfIi.exe
  C:\Windows\System\fnrWfIi.exe
  2⤵
  PID:9888
- C:\Windows\System\VpDmnpD.exe
  C:\Windows\System\VpDmnpD.exe
  2⤵
  PID:9916
- C:\Windows\System\PgGeDTj.exe
  C:\Windows\System\PgGeDTj.exe
  2⤵
  PID:9956
- C:\Windows\System\gTwUsnu.exe
  C:\Windows\System\gTwUsnu.exe
  2⤵
  PID:9984
- C:\Windows\System\cMjDdEV.exe
  C:\Windows\System\cMjDdEV.exe
  2⤵
  PID:10012
- C:\Windows\System\fzbuVTf.exe
  C:\Windows\System\fzbuVTf.exe
  2⤵
  PID:10040
- C:\Windows\System\wmWWous.exe
  C:\Windows\System\wmWWous.exe
  2⤵
  PID:10056
- C:\Windows\System\cjfZUMf.exe
  C:\Windows\System\cjfZUMf.exe
  2⤵
  PID:10096
- C:\Windows\System\cEbTXOS.exe
  C:\Windows\System\cEbTXOS.exe
  2⤵
  PID:10112
- C:\Windows\System\diZRVIR.exe
  C:\Windows\System\diZRVIR.exe
  2⤵
  PID:10152
- C:\Windows\System\xHfhVRy.exe
  C:\Windows\System\xHfhVRy.exe
  2⤵
  PID:10176
- C:\Windows\System\SIsSaSs.exe
  C:\Windows\System\SIsSaSs.exe
  2⤵
  PID:10196
- C:\Windows\System\cFYZbKK.exe
  C:\Windows\System\cFYZbKK.exe
  2⤵
  PID:10224
- C:\Windows\System\xEIuUnI.exe
  C:\Windows\System\xEIuUnI.exe
  2⤵
  PID:9252
- C:\Windows\System\Jrvvslz.exe
  C:\Windows\System\Jrvvslz.exe
  2⤵
  PID:9316
- C:\Windows\System\KdKpYFz.exe
  C:\Windows\System\KdKpYFz.exe
  2⤵
  PID:9348
- C:\Windows\System\UorhKDc.exe
  C:\Windows\System\UorhKDc.exe
  2⤵
  PID:9436
- C:\Windows\System\YPchGSd.exe
  C:\Windows\System\YPchGSd.exe
  2⤵
  PID:9520
- C:\Windows\System\fNgbjTF.exe
  C:\Windows\System\fNgbjTF.exe
  2⤵
  PID:9580
- C:\Windows\System\MmHWZIG.exe
  C:\Windows\System\MmHWZIG.exe
  2⤵
  PID:9636
- C:\Windows\System\erxXFoK.exe
  C:\Windows\System\erxXFoK.exe
  2⤵
  PID:9676
- C:\Windows\System\bxiFCmU.exe
  C:\Windows\System\bxiFCmU.exe
  2⤵
  PID:9736
- C:\Windows\System\UEEQgRn.exe
  C:\Windows\System\UEEQgRn.exe
  2⤵
  PID:9768
- C:\Windows\System\UlNOIya.exe
  C:\Windows\System\UlNOIya.exe
  2⤵
  PID:9828
- C:\Windows\System\uuRfEmg.exe
  C:\Windows\System\uuRfEmg.exe
  2⤵
  PID:9940
- C:\Windows\System\ntWAktP.exe
  C:\Windows\System\ntWAktP.exe
  2⤵
  PID:9996
- C:\Windows\System\JmlzayF.exe
  C:\Windows\System\JmlzayF.exe
  2⤵
  PID:10052
- C:\Windows\System\BNSdbos.exe
  C:\Windows\System\BNSdbos.exe
  2⤵
  PID:10140
- C:\Windows\System\srKYMmd.exe
  C:\Windows\System\srKYMmd.exe
  2⤵
  PID:10172
- C:\Windows\System\UGfaXzJ.exe
  C:\Windows\System\UGfaXzJ.exe
  2⤵
  PID:9036
- C:\Windows\System\XukaQjV.exe
  C:\Windows\System\XukaQjV.exe
  2⤵
  PID:9492
- C:\Windows\System\TtTkgsY.exe
  C:\Windows\System\TtTkgsY.exe
  2⤵
  PID:9656
- C:\Windows\System\WgpvxRg.exe
  C:\Windows\System\WgpvxRg.exe
  2⤵
  PID:9764
- C:\Windows\System\pkQqQNT.exe
  C:\Windows\System\pkQqQNT.exe
  2⤵
  PID:9876
- C:\Windows\System\PtnhNvi.exe
  C:\Windows\System\PtnhNvi.exe
  2⤵
  PID:10024
- C:\Windows\System\ClbeGef.exe
  C:\Windows\System\ClbeGef.exe
  2⤵
  PID:10188
- C:\Windows\System\vvwkZYH.exe
  C:\Windows\System\vvwkZYH.exe
  2⤵
  PID:9408
- C:\Windows\System\AYVvCbL.exe
  C:\Windows\System\AYVvCbL.exe
  2⤵
  PID:10404
- C:\Windows\System\CZBouBH.exe
  C:\Windows\System\CZBouBH.exe
  2⤵
  PID:10420
- C:\Windows\System\TrCFAdo.exe
  C:\Windows\System\TrCFAdo.exe
  2⤵
  PID:10444
- C:\Windows\System\GDlcdwC.exe
  C:\Windows\System\GDlcdwC.exe
  2⤵
  PID:10468
- C:\Windows\System\xSytSmv.exe
  C:\Windows\System\xSytSmv.exe
  2⤵
  PID:10488
- C:\Windows\System\NPcsLlR.exe
  C:\Windows\System\NPcsLlR.exe
  2⤵
  PID:10536
- C:\Windows\System\DWxYMku.exe
  C:\Windows\System\DWxYMku.exe
  2⤵
  PID:10600
- C:\Windows\System\qPTXJOz.exe
  C:\Windows\System\qPTXJOz.exe
  2⤵
  PID:10624
- C:\Windows\System\MEtSoxF.exe
  C:\Windows\System\MEtSoxF.exe
  2⤵
  PID:10664
- C:\Windows\System\LJTvMzZ.exe
  C:\Windows\System\LJTvMzZ.exe
  2⤵
  PID:10692
- C:\Windows\System\ThJSZmJ.exe
  C:\Windows\System\ThJSZmJ.exe
  2⤵
  PID:10724
- C:\Windows\System\kYSvPVT.exe
  C:\Windows\System\kYSvPVT.exe
  2⤵
  PID:10752
- C:\Windows\System\wnZvulK.exe
  C:\Windows\System\wnZvulK.exe
  2⤵
  PID:10768
- C:\Windows\System\YxKdgzj.exe
  C:\Windows\System\YxKdgzj.exe
  2⤵
  PID:10796
- C:\Windows\System\MELOEgm.exe
  C:\Windows\System\MELOEgm.exe
  2⤵
  PID:10824
- C:\Windows\System\oNGwbBd.exe
  C:\Windows\System\oNGwbBd.exe
  2⤵
  PID:10848
- C:\Windows\System\osHomrx.exe
  C:\Windows\System\osHomrx.exe
  2⤵
  PID:10892
- C:\Windows\System\TsXROso.exe
  C:\Windows\System\TsXROso.exe
  2⤵
  PID:10920
- C:\Windows\System\aOQwLdZ.exe
  C:\Windows\System\aOQwLdZ.exe
  2⤵
  PID:10936
- C:\Windows\System\nAUWnaz.exe
  C:\Windows\System\nAUWnaz.exe
  2⤵
  PID:10960
- C:\Windows\System\VCLfyDB.exe
  C:\Windows\System\VCLfyDB.exe
  2⤵
  PID:11004
- C:\Windows\System\cHswFCp.exe
  C:\Windows\System\cHswFCp.exe
  2⤵
  PID:11020
- C:\Windows\System\tmIwULx.exe
  C:\Windows\System\tmIwULx.exe
  2⤵
  PID:11040
- C:\Windows\System\xXCIxKo.exe
  C:\Windows\System\xXCIxKo.exe
  2⤵
  PID:11084
- C:\Windows\System\DXItEhr.exe
  C:\Windows\System\DXItEhr.exe
  2⤵
  PID:11108
- C:\Windows\System\WsITLep.exe
  C:\Windows\System\WsITLep.exe
  2⤵
  PID:11132
- C:\Windows\System\DPaokas.exe
  C:\Windows\System\DPaokas.exe
  2⤵
  PID:11172
- C:\Windows\System\QkwcUuR.exe
  C:\Windows\System\QkwcUuR.exe
  2⤵
  PID:11192
- C:\Windows\System\tWenstY.exe
  C:\Windows\System\tWenstY.exe
  2⤵
  PID:11216
- C:\Windows\System\oaxcdQP.exe
  C:\Windows\System\oaxcdQP.exe
  2⤵
  PID:11232
- C:\Windows\System\SiWgRYE.exe
  C:\Windows\System\SiWgRYE.exe
  2⤵
  PID:11248
- C:\Windows\System\FonxaTg.exe
  C:\Windows\System\FonxaTg.exe
  2⤵
  PID:9476
- C:\Windows\System\TXHhoKV.exe
  C:\Windows\System\TXHhoKV.exe
  2⤵
  PID:9968
- C:\Windows\System\NRIYDaH.exe
  C:\Windows\System\NRIYDaH.exe
  2⤵
  PID:10268
- C:\Windows\System\IQwvdHw.exe
  C:\Windows\System\IQwvdHw.exe
  2⤵
  PID:10296
- C:\Windows\System\qaDqUfx.exe
  C:\Windows\System\qaDqUfx.exe
  2⤵
  PID:10324
- C:\Windows\System\aZfHWxy.exe
  C:\Windows\System\aZfHWxy.exe
  2⤵
  PID:10356
- C:\Windows\System\FRtCnQl.exe
  C:\Windows\System\FRtCnQl.exe
  2⤵
  PID:10380
- C:\Windows\System\tuEISTd.exe
  C:\Windows\System\tuEISTd.exe
  2⤵
  PID:10412
- C:\Windows\System\AAStmet.exe
  C:\Windows\System\AAStmet.exe
  2⤵
  PID:10456
- C:\Windows\System\ZEeSxMh.exe
  C:\Windows\System\ZEeSxMh.exe
  2⤵
  PID:10588
- C:\Windows\System\thdkais.exe
  C:\Windows\System\thdkais.exe
  2⤵
  PID:10660
- C:\Windows\System\xskECzC.exe
  C:\Windows\System\xskECzC.exe
  2⤵
  PID:712
- C:\Windows\System\vpeLjlz.exe
  C:\Windows\System\vpeLjlz.exe
  2⤵
  PID:10744
- C:\Windows\System\uTHriCj.exe
  C:\Windows\System\uTHriCj.exe
  2⤵
  PID:10816
- C:\Windows\System\XZcNTmk.exe
  C:\Windows\System\XZcNTmk.exe
  2⤵
  PID:10880
- C:\Windows\System\HKIctiG.exe
  C:\Windows\System\HKIctiG.exe
  2⤵
  PID:10928
- C:\Windows\System\TKkexiH.exe
  C:\Windows\System\TKkexiH.exe
  2⤵
  PID:10992
- C:\Windows\System\xIvlxhm.exe
  C:\Windows\System\xIvlxhm.exe
  2⤵
  PID:11072
- C:\Windows\System\dsATaTY.exe
  C:\Windows\System\dsATaTY.exe
  2⤵
  PID:11128
- C:\Windows\System\BmNqMUl.exe
  C:\Windows\System\BmNqMUl.exe
  2⤵
  PID:11212
- C:\Windows\System\sAzUbcE.exe
  C:\Windows\System\sAzUbcE.exe
  2⤵
  PID:11240
- C:\Windows\System\qBthZnb.exe
  C:\Windows\System\qBthZnb.exe
  2⤵
  PID:9880
- C:\Windows\System\clTrMfg.exe
  C:\Windows\System\clTrMfg.exe
  2⤵
  PID:10280
- C:\Windows\System\TTrdWqV.exe
  C:\Windows\System\TTrdWqV.exe
  2⤵
  PID:10336
- C:\Windows\System\ZbDmrUi.exe
  C:\Windows\System\ZbDmrUi.exe
  2⤵
  PID:10436
- C:\Windows\System\nCDLnlK.exe
  C:\Windows\System\nCDLnlK.exe
  2⤵
  PID:10704
- C:\Windows\System\icPQfVe.exe
  C:\Windows\System\icPQfVe.exe
  2⤵
  PID:10820
- C:\Windows\System\WHjzhKU.exe
  C:\Windows\System\WHjzhKU.exe
  2⤵
  PID:11164
- C:\Windows\System\nezgCtl.exe
  C:\Windows\System\nezgCtl.exe
  2⤵
  PID:11120
- C:\Windows\System\qvLUuQB.exe
  C:\Windows\System\qvLUuQB.exe
  2⤵
  PID:10260
- C:\Windows\System\gZmsMfo.exe
  C:\Windows\System\gZmsMfo.exe
  2⤵
  PID:10656
- C:\Windows\System\viRNvNH.exe
  C:\Windows\System\viRNvNH.exe
  2⤵
  PID:10984
- C:\Windows\System\WfXOJwK.exe
  C:\Windows\System\WfXOJwK.exe
  2⤵
  PID:9852
- C:\Windows\System\zxWqlFG.exe
  C:\Windows\System\zxWqlFG.exe
  2⤵
  PID:10284
- C:\Windows\System\kQJfkZm.exe
  C:\Windows\System\kQJfkZm.exe
  2⤵
  PID:11228
- C:\Windows\System\ACMsbOf.exe
  C:\Windows\System\ACMsbOf.exe
  2⤵
  PID:11284
- C:\Windows\System\twTcgNo.exe
  C:\Windows\System\twTcgNo.exe
  2⤵
  PID:11316
- C:\Windows\System\pdcaiYk.exe
  C:\Windows\System\pdcaiYk.exe
  2⤵
  PID:11344
- C:\Windows\System\sJsQgVR.exe
  C:\Windows\System\sJsQgVR.exe
  2⤵
  PID:11364
- C:\Windows\System\ovKkLZC.exe
  C:\Windows\System\ovKkLZC.exe
  2⤵
  PID:11388
- C:\Windows\System\GVSgWWX.exe
  C:\Windows\System\GVSgWWX.exe
  2⤵
  PID:11416
- C:\Windows\System\NzBbsbo.exe
  C:\Windows\System\NzBbsbo.exe
  2⤵
  PID:11440
- C:\Windows\System\DFZXXis.exe
  C:\Windows\System\DFZXXis.exe
  2⤵
  PID:11488
- C:\Windows\System\UIWEHeN.exe
  C:\Windows\System\UIWEHeN.exe
  2⤵
  PID:11520
- C:\Windows\System\yaclVpn.exe
  C:\Windows\System\yaclVpn.exe
  2⤵
  PID:11548
- C:\Windows\System\OtFSMxj.exe
  C:\Windows\System\OtFSMxj.exe
  2⤵
  PID:11576
- C:\Windows\System\gvnbWqA.exe
  C:\Windows\System\gvnbWqA.exe
  2⤵
  PID:11592
- C:\Windows\System\GuEogZu.exe
  C:\Windows\System\GuEogZu.exe
  2⤵
  PID:11620
- C:\Windows\System\MccZWly.exe
  C:\Windows\System\MccZWly.exe
  2⤵
  PID:11644
- C:\Windows\System\mBNIWFw.exe
  C:\Windows\System\mBNIWFw.exe
  2⤵
  PID:11672
- C:\Windows\System\ZkZjDOf.exe
  C:\Windows\System\ZkZjDOf.exe
  2⤵
  PID:11716
- C:\Windows\System\EOVMBjC.exe
  C:\Windows\System\EOVMBjC.exe
  2⤵
  PID:11732
- C:\Windows\System\mJIlxou.exe
  C:\Windows\System\mJIlxou.exe
  2⤵
  PID:11760
- C:\Windows\System\yrFyHuN.exe
  C:\Windows\System\yrFyHuN.exe
  2⤵
  PID:11776
- C:\Windows\System\tHxfeUk.exe
  C:\Windows\System\tHxfeUk.exe
  2⤵
  PID:11808
- C:\Windows\System\FnEfBpi.exe
  C:\Windows\System\FnEfBpi.exe
  2⤵
  PID:11852
- C:\Windows\System\jBNvxPD.exe
  C:\Windows\System\jBNvxPD.exe
  2⤵
  PID:11868
- C:\Windows\System\oiiMKYH.exe
  C:\Windows\System\oiiMKYH.exe
  2⤵
  PID:11916
- C:\Windows\System\srbBfCG.exe
  C:\Windows\System\srbBfCG.exe
  2⤵
  PID:11940
- C:\Windows\System\UqqWhNY.exe
  C:\Windows\System\UqqWhNY.exe
  2⤵
  PID:11964
- C:\Windows\System\vjuZFgj.exe
  C:\Windows\System\vjuZFgj.exe
  2⤵
  PID:12004
- C:\Windows\System\Dnzxgfg.exe
  C:\Windows\System\Dnzxgfg.exe
  2⤵
  PID:12032
- C:\Windows\System\pUOQWba.exe
  C:\Windows\System\pUOQWba.exe
  2⤵
  PID:12060
- C:\Windows\System\TUYfSpo.exe
  C:\Windows\System\TUYfSpo.exe
  2⤵
  PID:12080
- C:\Windows\System\ntxpiQc.exe
  C:\Windows\System\ntxpiQc.exe
  2⤵
  PID:12104
- C:\Windows\System\tVcULaF.exe
  C:\Windows\System\tVcULaF.exe
  2⤵
  PID:12144
- C:\Windows\System\JwlhYPJ.exe
  C:\Windows\System\JwlhYPJ.exe
  2⤵
  PID:12172
- C:\Windows\System\JxgHFvt.exe
  C:\Windows\System\JxgHFvt.exe
  2⤵
  PID:12200
- C:\Windows\System\fKDgGEK.exe
  C:\Windows\System\fKDgGEK.exe
  2⤵
  PID:12224
- C:\Windows\System\QVUrhwc.exe
  C:\Windows\System\QVUrhwc.exe
  2⤵
  PID:12248
- C:\Windows\System\qARJbFV.exe
  C:\Windows\System\qARJbFV.exe
  2⤵
  PID:12280
- C:\Windows\System\LuUmDlc.exe
  C:\Windows\System\LuUmDlc.exe
  2⤵
  PID:11276
- C:\Windows\System\lEibgeH.exe
  C:\Windows\System\lEibgeH.exe
  2⤵
  PID:11308
- C:\Windows\System\DlAlctv.exe
  C:\Windows\System\DlAlctv.exe
  2⤵
  PID:11412
- C:\Windows\System\AabZZoE.exe
  C:\Windows\System\AabZZoE.exe
  2⤵
  PID:11516
- C:\Windows\System\wYgdAxF.exe
  C:\Windows\System\wYgdAxF.exe
  2⤵
  PID:11564
- C:\Windows\System\uQJJuDc.exe
  C:\Windows\System\uQJJuDc.exe
  2⤵
  PID:11628
- C:\Windows\System\FYTDuFO.exe
  C:\Windows\System\FYTDuFO.exe
  2⤵
  PID:11692
- C:\Windows\System\jqboSDA.exe
  C:\Windows\System\jqboSDA.exe
  2⤵
  PID:11744
- C:\Windows\System\ZqFmZJL.exe
  C:\Windows\System\ZqFmZJL.exe
  2⤵
  PID:11768
- C:\Windows\System\qiECEkv.exe
  C:\Windows\System\qiECEkv.exe
  2⤵
  PID:11824
- C:\Windows\System\ueBxlNO.exe
  C:\Windows\System\ueBxlNO.exe
  2⤵
  PID:11900
- C:\Windows\System\ljjjVFm.exe
  C:\Windows\System\ljjjVFm.exe
  2⤵
  PID:12028
- C:\Windows\System\AEQjkms.exe
  C:\Windows\System\AEQjkms.exe
  2⤵
  PID:10616
- C:\Windows\System\ollkDid.exe
  C:\Windows\System\ollkDid.exe
  2⤵
  PID:12160
- C:\Windows\System\eOaTCYo.exe
  C:\Windows\System\eOaTCYo.exe
  2⤵
  PID:12208
- C:\Windows\System\HtLIJay.exe
  C:\Windows\System\HtLIJay.exe
  2⤵
  PID:12264
- C:\Windows\System\xnFNydB.exe
  C:\Windows\System\xnFNydB.exe
  2⤵
  PID:11356
- C:\Windows\System\HzfSZHj.exe
  C:\Windows\System\HzfSZHj.exe
  2⤵
  PID:11544
- C:\Windows\System\yczIsEp.exe
  C:\Windows\System\yczIsEp.exe
  2⤵
  PID:11612
- C:\Windows\System\IxaSTyp.exe
  C:\Windows\System\IxaSTyp.exe
  2⤵
  PID:11888
- C:\Windows\System\BaWwyDx.exe
  C:\Windows\System\BaWwyDx.exe
  2⤵
  PID:12016
- C:\Windows\System\efZlcCA.exe
  C:\Windows\System\efZlcCA.exe
  2⤵
  PID:12128
- C:\Windows\System\gqxLcic.exe
  C:\Windows\System\gqxLcic.exe
  2⤵
  PID:11700
- C:\Windows\System\qKMhzed.exe
  C:\Windows\System\qKMhzed.exe
  2⤵
  PID:11752
- C:\Windows\System\cFbEBAg.exe
  C:\Windows\System\cFbEBAg.exe
  2⤵
  PID:12240
- C:\Windows\System\HBoVtre.exe
  C:\Windows\System\HBoVtre.exe
  2⤵
  PID:11324
- C:\Windows\System\tIvBhDH.exe
  C:\Windows\System\tIvBhDH.exe
  2⤵
  PID:12044
- C:\Windows\System\uxBirDu.exe
  C:\Windows\System\uxBirDu.exe
  2⤵
  PID:12300
- C:\Windows\System\uasoQOC.exe
  C:\Windows\System\uasoQOC.exe
  2⤵
  PID:12316
- C:\Windows\System\vsFkgvc.exe
  C:\Windows\System\vsFkgvc.exe
  2⤵
  PID:12336
- C:\Windows\System\ddnVsth.exe
  C:\Windows\System\ddnVsth.exe
  2⤵
  PID:12352
- C:\Windows\System\odfVQIQ.exe
  C:\Windows\System\odfVQIQ.exe
  2⤵
  PID:12380
- C:\Windows\System\nugwHjk.exe
  C:\Windows\System\nugwHjk.exe
  2⤵
  PID:12400
- C:\Windows\System\QDcbuJI.exe
  C:\Windows\System\QDcbuJI.exe
  2⤵
  PID:12428
- C:\Windows\System\FsRwNZy.exe
  C:\Windows\System\FsRwNZy.exe
  2⤵
  PID:12452
- C:\Windows\System\iTrQSGA.exe
  C:\Windows\System\iTrQSGA.exe
  2⤵
  PID:12468
- C:\Windows\System\tcujsIs.exe
  C:\Windows\System\tcujsIs.exe
  2⤵
  PID:12484
- C:\Windows\System\YTvvtKO.exe
  C:\Windows\System\YTvvtKO.exe
  2⤵
  PID:12508
- C:\Windows\System\dVGHVPk.exe
  C:\Windows\System\dVGHVPk.exe
  2⤵
  PID:12596
- C:\Windows\System\tePXyvC.exe
  C:\Windows\System\tePXyvC.exe
  2⤵
  PID:12640
- C:\Windows\System\YPFWZLp.exe
  C:\Windows\System\YPFWZLp.exe
  2⤵
  PID:12668
- C:\Windows\System\poIVVru.exe
  C:\Windows\System\poIVVru.exe
  2⤵
  PID:12696
- C:\Windows\System\rgbAXno.exe
  C:\Windows\System\rgbAXno.exe
  2⤵
  PID:12752
- C:\Windows\System\jufAoAc.exe
  C:\Windows\System\jufAoAc.exe
  2⤵
  PID:12768
- C:\Windows\System\AZdSLYT.exe
  C:\Windows\System\AZdSLYT.exe
  2⤵
  PID:12796
- C:\Windows\System\EWMnMDW.exe
  C:\Windows\System\EWMnMDW.exe
  2⤵
  PID:12820
- C:\Windows\System\ZwdMWRG.exe
  C:\Windows\System\ZwdMWRG.exe
  2⤵
  PID:12852
- C:\Windows\System\jjJLHlv.exe
  C:\Windows\System\jjJLHlv.exe
  2⤵
  PID:12880
- C:\Windows\System\gPgILsk.exe
  C:\Windows\System\gPgILsk.exe
  2⤵
  PID:12908
- C:\Windows\System\SfyrRSO.exe
  C:\Windows\System\SfyrRSO.exe
  2⤵
  PID:12936
- C:\Windows\System\McwjJLN.exe
  C:\Windows\System\McwjJLN.exe
  2⤵
  PID:12976
- C:\Windows\System\StSmAue.exe
  C:\Windows\System\StSmAue.exe
  2⤵
  PID:13004
- C:\Windows\System\CxQGkEh.exe
  C:\Windows\System\CxQGkEh.exe
  2⤵
  PID:13032
- C:\Windows\System\aWsZHTb.exe
  C:\Windows\System\aWsZHTb.exe
  2⤵
  PID:13052
- C:\Windows\System\VseNGcB.exe
  C:\Windows\System\VseNGcB.exe
  2⤵
  PID:13076
- C:\Windows\System\rTJKzQN.exe
  C:\Windows\System\rTJKzQN.exe
  2⤵
  PID:13104
- C:\Windows\System\XFyedXa.exe
  C:\Windows\System\XFyedXa.exe
  2⤵
  PID:13132
- C:\Windows\System\GeBrGVw.exe
  C:\Windows\System\GeBrGVw.exe
  2⤵
  PID:13172
- C:\Windows\System\qeNiHfA.exe
  C:\Windows\System\qeNiHfA.exe
  2⤵
  PID:13200
- C:\Windows\System\ohruJcB.exe
  C:\Windows\System\ohruJcB.exe
  2⤵
  PID:13216
- C:\Windows\System\MDVcIve.exe
  C:\Windows\System\MDVcIve.exe
  2⤵
  PID:13256
- C:\Windows\System\ThsStat.exe
  C:\Windows\System\ThsStat.exe
  2⤵
  PID:13284
- C:\Windows\System\DJTFYyd.exe
  C:\Windows\System\DJTFYyd.exe
  2⤵
  PID:12132
- C:\Windows\System\ofTRqKY.exe
  C:\Windows\System\ofTRqKY.exe
  2⤵
  PID:12376
- C:\Windows\System\QooAKbS.exe
  C:\Windows\System\QooAKbS.exe
  2⤵
  PID:12328
- C:\Windows\System\ftYvqDe.exe
  C:\Windows\System\ftYvqDe.exe
  2⤵
  PID:12348
- C:\Windows\System\darHsMk.exe
  C:\Windows\System\darHsMk.exe
  2⤵
  PID:12480
- C:\Windows\System\zBttNGR.exe
  C:\Windows\System\zBttNGR.exe
  2⤵
  PID:12588
- C:\Windows\System\cwzroRl.exe
  C:\Windows\System\cwzroRl.exe
  2⤵
  PID:12568
- C:\Windows\System\fGUnauL.exe
  C:\Windows\System\fGUnauL.exe
  2⤵
  PID:12660
- C:\Windows\System\ZKyhtPA.exe
  C:\Windows\System\ZKyhtPA.exe
  2⤵
  PID:12732
- C:\Windows\System\pfTVIcT.exe
  C:\Windows\System\pfTVIcT.exe
  2⤵
  PID:12808
- C:\Windows\System\KMeAbxv.exe
  C:\Windows\System\KMeAbxv.exe
  2⤵
  PID:12844
- C:\Windows\System\lDPwiYE.exe
  C:\Windows\System\lDPwiYE.exe
  2⤵
  PID:12900
- C:\Windows\System\vPzIXyP.exe
  C:\Windows\System\vPzIXyP.exe
  2⤵
  PID:12932
- C:\Windows\System\ItbFkbG.exe
  C:\Windows\System\ItbFkbG.exe
  2⤵
  PID:13060
- C:\Windows\System\saNKgOk.exe
  C:\Windows\System\saNKgOk.exe
  2⤵
  PID:13128
- C:\Windows\System\gMroMll.exe
  C:\Windows\System\gMroMll.exe
  2⤵
  PID:13228
- C:\Windows\System\cUlnZsM.exe
  C:\Windows\System\cUlnZsM.exe
  2⤵
  PID:13296
- C:\Windows\System\MSijJsZ.exe
  C:\Windows\System\MSijJsZ.exe
  2⤵
  PID:12460
- C:\Windows\System\OzfNGIX.exe
  C:\Windows\System\OzfNGIX.exe
  2⤵
  PID:12420
- C:\Windows\System\GUxXOyw.exe
  C:\Windows\System\GUxXOyw.exe
  2⤵
  PID:12620
- C:\Windows\System\XVAZyIG.exe
  C:\Windows\System\XVAZyIG.exe
  2⤵
  PID:12816
- C:\Windows\System\JwRDEdS.exe
  C:\Windows\System\JwRDEdS.exe
  2⤵
  PID:12996
- C:\Windows\System\mOHHpPJ.exe
  C:\Windows\System\mOHHpPJ.exe
  2⤵
  PID:13020
- C:\Windows\System\UvDJLzk.exe
  C:\Windows\System\UvDJLzk.exe
  2⤵
  PID:13168
- C:\Windows\System\HpiwsCP.exe
  C:\Windows\System\HpiwsCP.exe
  2⤵
  PID:12444
- C:\Windows\System\ZwxTlDb.exe
  C:\Windows\System\ZwxTlDb.exe
  2⤵
  PID:12500
- C:\Windows\System\wrZvMUr.exe
  C:\Windows\System\wrZvMUr.exe
  2⤵
  PID:13072
- C:\Windows\System\wiUpARa.exe
  C:\Windows\System\wiUpARa.exe
  2⤵
  PID:12360
- C:\Windows\System\GGsvSiy.exe
  C:\Windows\System\GGsvSiy.exe
  2⤵
  PID:13332
- C:\Windows\System\HqxxngJ.exe
  C:\Windows\System\HqxxngJ.exe
  2⤵
  PID:13360
- C:\Windows\System\RSvKRxN.exe
  C:\Windows\System\RSvKRxN.exe
  2⤵
  PID:13384
- C:\Windows\System\lWvUCVO.exe
  C:\Windows\System\lWvUCVO.exe
  2⤵
  PID:13408
- C:\Windows\System\LuNWbwX.exe
  C:\Windows\System\LuNWbwX.exe
  2⤵
  PID:13448
- C:\Windows\System\BgdFHec.exe
  C:\Windows\System\BgdFHec.exe
  2⤵
  PID:13472
- C:\Windows\System\GICvwxV.exe
  C:\Windows\System\GICvwxV.exe
  2⤵
  PID:13496
- C:\Windows\System\aivrhaB.exe
  C:\Windows\System\aivrhaB.exe
  2⤵
  PID:13520
- C:\Windows\System\ETBgPjq.exe
  C:\Windows\System\ETBgPjq.exe
  2⤵
  PID:13548
- C:\Windows\System\XoxcnXa.exe
  C:\Windows\System\XoxcnXa.exe
  2⤵
  PID:13616
- C:\Windows\System\cxvFguf.exe
  C:\Windows\System\cxvFguf.exe
  2⤵
  PID:13632
- C:\Windows\System\euqYhUW.exe
  C:\Windows\System\euqYhUW.exe
  2⤵
  PID:13660
- C:\Windows\System\KpmFBYA.exe
  C:\Windows\System\KpmFBYA.exe
  2⤵
  PID:13688
- C:\Windows\System\raoJCqv.exe
  C:\Windows\System\raoJCqv.exe
  2⤵
  PID:13716
- C:\Windows\System\VaKQAly.exe
  C:\Windows\System\VaKQAly.exe
  2⤵
  PID:13744
- C:\Windows\System\mVOKPIT.exe
  C:\Windows\System\mVOKPIT.exe
  2⤵
  PID:13768
- C:\Windows\System\jitDter.exe
  C:\Windows\System\jitDter.exe
  2⤵
  PID:13796
- C:\Windows\System\LPVAmTw.exe
  C:\Windows\System\LPVAmTw.exe
  2⤵
  PID:13816
- C:\Windows\System\QOriPQF.exe
  C:\Windows\System\QOriPQF.exe
  2⤵
  PID:13840
- C:\Windows\System\lURAfud.exe
  C:\Windows\System\lURAfud.exe
  2⤵
  PID:13860
- C:\Windows\System\FuLDhCq.exe
  C:\Windows\System\FuLDhCq.exe
  2⤵
  PID:13896
- C:\Windows\System\mAzoLkB.exe
  C:\Windows\System\mAzoLkB.exe
  2⤵
  PID:13920
- C:\Windows\System\OmgWfwR.exe
  C:\Windows\System\OmgWfwR.exe
  2⤵
  PID:13944
- C:\Windows\System\JuNdogd.exe
  C:\Windows\System\JuNdogd.exe
  2⤵
  PID:13992
- C:\Windows\System\voOFOnl.exe
  C:\Windows\System\voOFOnl.exe
  2⤵
  PID:14012
- C:\Windows\System\TNFrSXQ.exe
  C:\Windows\System\TNFrSXQ.exe
  2⤵
  PID:14048
- C:\Windows\System\VhEzjRl.exe
  C:\Windows\System\VhEzjRl.exe
  2⤵
  PID:14080
- C:\Windows\System\QSuqnuZ.exe
  C:\Windows\System\QSuqnuZ.exe
  2⤵
  PID:14108
- C:\Windows\System\RyPzEce.exe
  C:\Windows\System\RyPzEce.exe
  2⤵
  PID:14136
- C:\Windows\System\nLipGtV.exe
  C:\Windows\System\nLipGtV.exe
  2⤵
  PID:14168
- C:\Windows\System\LootkVX.exe
  C:\Windows\System\LootkVX.exe
  2⤵
  PID:14192
- C:\Windows\System\ycwaAXg.exe
  C:\Windows\System\ycwaAXg.exe
  2⤵
  PID:14216
- C:\Windows\System\DFLsNEQ.exe
  C:\Windows\System\DFLsNEQ.exe
  2⤵
  PID:14244
- C:\Windows\System\uUdrojr.exe
  C:\Windows\System\uUdrojr.exe
  2⤵
  PID:14276
- C:\Windows\System\sSNTPND.exe
  C:\Windows\System\sSNTPND.exe
  2⤵
  PID:14308
- C:\Windows\System\WCQvlYT.exe
  C:\Windows\System\WCQvlYT.exe
  2⤵
  PID:14328
- C:\Windows\System\LWLMJLv.exe
  C:\Windows\System\LWLMJLv.exe
  2⤵
  PID:13320
- C:\Windows\System\kPbfVBI.exe
  C:\Windows\System\kPbfVBI.exe
  2⤵
  PID:13424
- C:\Windows\System\UZYBuVx.exe
  C:\Windows\System\UZYBuVx.exe
  2⤵
  PID:13468
- C:\Windows\System\KekwSwm.exe
  C:\Windows\System\KekwSwm.exe
  2⤵
  PID:13516
- C:\Windows\System\WJhitnv.exe
  C:\Windows\System\WJhitnv.exe
  2⤵
  PID:13572
- C:\Windows\System\APvMSRA.exe
  C:\Windows\System\APvMSRA.exe
  2⤵
  PID:13680
- C:\Windows\System\OtXrYvc.exe
  C:\Windows\System\OtXrYvc.exe
  2⤵
  PID:13760
- C:\Windows\System\MuDsCGp.exe
  C:\Windows\System\MuDsCGp.exe
  2⤵
  PID:13836
- C:\Windows\System\CIToubv.exe
  C:\Windows\System\CIToubv.exe
  2⤵
  PID:13916
- C:\Windows\System\ANODVfL.exe
  C:\Windows\System\ANODVfL.exe
  2⤵
  PID:13928
- C:\Windows\System\nhQeGad.exe
  C:\Windows\System\nhQeGad.exe
  2⤵
  PID:14020
- C:\Windows\System\JgYEDet.exe
  C:\Windows\System\JgYEDet.exe
  2⤵
  PID:14076
- C:\Windows\System\GWiPSfr.exe
  C:\Windows\System\GWiPSfr.exe
  2⤵
  PID:14152
- C:\Windows\System\CpjYqvl.exe
  C:\Windows\System\CpjYqvl.exe
  2⤵
  PID:14184
- C:\Windows\System\ZBoqOlj.exe
  C:\Windows\System\ZBoqOlj.exe
  2⤵
  PID:14268
- C:\Windows\System\zGVfyZX.exe
  C:\Windows\System\zGVfyZX.exe
  2⤵
  PID:13240
- C:\Windows\System\ayaxLGR.exe
  C:\Windows\System\ayaxLGR.exe
  2⤵
  PID:13464
- C:\Windows\System\OXTXoJo.exe
  C:\Windows\System\OXTXoJo.exe
  2⤵
  PID:13580
- C:\Windows\System\mUlsgUj.exe
  C:\Windows\System\mUlsgUj.exe
  2⤵
  PID:13708
- C:\Windows\System\TyNdLjx.exe
  C:\Windows\System\TyNdLjx.exe
  2⤵
  PID:13912
- C:\Windows\System\QlEJNwa.exe
  C:\Windows\System\QlEJNwa.exe
  2⤵
  PID:14044
- C:\Windows\System\OVsnbAp.exe
  C:\Windows\System\OVsnbAp.exe
  2⤵
  PID:14212
- C:\Windows\System\UOmnXFO.exe
  C:\Windows\System\UOmnXFO.exe
  2⤵
  PID:12832
- C:\Windows\System\atxCfRP.exe
  C:\Windows\System\atxCfRP.exe
  2⤵
  PID:12312
- C:\Windows\System\ciMDkxm.exe
  C:\Windows\System\ciMDkxm.exe
  2⤵
  PID:13956
- C:\Windows\System\VObjiqU.exe
  C:\Windows\System\VObjiqU.exe
  2⤵
  PID:14300
- C:\Windows\System\XvkqJlR.exe
  C:\Windows\System\XvkqJlR.exe
  2⤵
  PID:14104
- C:\Windows\System\ThtnGxJ.exe
  C:\Windows\System\ThtnGxJ.exe
  2⤵
  PID:14344
- C:\Windows\System\yXxBkJs.exe
  C:\Windows\System\yXxBkJs.exe
  2⤵
  PID:14372
- C:\Windows\System\PIlHEva.exe
  C:\Windows\System\PIlHEva.exe
  2⤵
  PID:14400
- C:\Windows\System\xzDuNKF.exe
  C:\Windows\System\xzDuNKF.exe
  2⤵
  PID:14424
- C:\Windows\System\dKyLlvr.exe
  C:\Windows\System\dKyLlvr.exe
  2⤵
  PID:14456
- C:\Windows\System\lbxYIqF.exe
  C:\Windows\System\lbxYIqF.exe
  2⤵
  PID:14484
- C:\Windows\System\bhItZiw.exe
  C:\Windows\System\bhItZiw.exe
  2⤵
  PID:14516
- C:\Windows\System\nowGCAn.exe
  C:\Windows\System\nowGCAn.exe
  2⤵
  PID:14544
- C:\Windows\System\qiglTun.exe
  C:\Windows\System\qiglTun.exe
  2⤵
  PID:14572
- C:\Windows\System\jKOcTuI.exe
  C:\Windows\System\jKOcTuI.exe
  2⤵
  PID:14600
- C:\Windows\System\MrDnQsP.exe
  C:\Windows\System\MrDnQsP.exe
  2⤵
  PID:14628
- C:\Windows\System\QuTTnuH.exe
  C:\Windows\System\QuTTnuH.exe
  2⤵
  PID:14656
- C:\Windows\System\aANxGuk.exe
  C:\Windows\System\aANxGuk.exe
  2⤵
  PID:14684
- C:\Windows\System\chMtMAl.exe
  C:\Windows\System\chMtMAl.exe
  2⤵
  PID:14712
- C:\Windows\System\rukIxJV.exe
  C:\Windows\System\rukIxJV.exe
  2⤵
  PID:14740
- C:\Windows\System\AYrFzIR.exe
  C:\Windows\System\AYrFzIR.exe
  2⤵
  PID:14768
- C:\Windows\System\ZXmUccs.exe
  C:\Windows\System\ZXmUccs.exe
  2⤵
  PID:14796
- C:\Windows\System\SWwWVxQ.exe
  C:\Windows\System\SWwWVxQ.exe
  2⤵
  PID:14824
- C:\Windows\System\PSDluvd.exe
  C:\Windows\System\PSDluvd.exe
  2⤵
  PID:14852
- C:\Windows\System\Jfrrvia.exe
  C:\Windows\System\Jfrrvia.exe
  2⤵
  PID:14884
- C:\Windows\System\NaJpUOq.exe
  C:\Windows\System\NaJpUOq.exe
  2⤵
  PID:14912
- C:\Windows\System\KcPDvVn.exe
  C:\Windows\System\KcPDvVn.exe
  2⤵
  PID:14940
- C:\Windows\System\iuOrGCA.exe
  C:\Windows\System\iuOrGCA.exe
  2⤵
  PID:14968
- C:\Windows\System\IvAvvss.exe
  C:\Windows\System\IvAvvss.exe
  2⤵
  PID:14996
- C:\Windows\System\iiCgmsg.exe
  C:\Windows\System\iiCgmsg.exe
  2⤵
  PID:15024
- C:\Windows\System\tfdnMbs.exe
  C:\Windows\System\tfdnMbs.exe
  2⤵
  PID:15052
- C:\Windows\System\qkogdYc.exe
  C:\Windows\System\qkogdYc.exe
  2⤵
  PID:15080
- C:\Windows\System\VJSrFwO.exe
  C:\Windows\System\VJSrFwO.exe
  2⤵
  PID:15108
- C:\Windows\System\lGAVsjd.exe
  C:\Windows\System\lGAVsjd.exe
  2⤵
  PID:15136
- C:\Windows\System\CJDvKOb.exe
  C:\Windows\System\CJDvKOb.exe
  2⤵
  PID:15168
- C:\Windows\System\QUmNhAQ.exe
  C:\Windows\System\QUmNhAQ.exe
  2⤵
  PID:15196
- C:\Windows\System\FBjPNAR.exe
  C:\Windows\System\FBjPNAR.exe
  2⤵
  PID:15224
- C:\Windows\System\nfErGtv.exe
  C:\Windows\System\nfErGtv.exe
  2⤵
  PID:15256
- C:\Windows\System\fTUKjhG.exe
  C:\Windows\System\fTUKjhG.exe
  2⤵
  PID:15284
- C:\Windows\System\cKTTEZH.exe
  C:\Windows\System\cKTTEZH.exe
  2⤵
  PID:15312
- C:\Windows\System\ItuwpSJ.exe
  C:\Windows\System\ItuwpSJ.exe
  2⤵
  PID:15340
- C:\Windows\System\EiYgWTy.exe
  C:\Windows\System\EiYgWTy.exe
  2⤵
  PID:13828
- C:\Windows\System\hoWpOqd.exe
  C:\Windows\System\hoWpOqd.exe
  2⤵
  PID:14412
- C:\Windows\System\AwqHzmA.exe
  C:\Windows\System\AwqHzmA.exe
  2⤵
  PID:14468
- C:\Windows\System\DVgiaZP.exe
  C:\Windows\System\DVgiaZP.exe
  2⤵
  PID:14540
- C:\Windows\System\GUXreHZ.exe
  C:\Windows\System\GUXreHZ.exe
  2⤵
  PID:14620
- C:\Windows\System\GKgDfas.exe
  C:\Windows\System\GKgDfas.exe
  2⤵
  PID:14676
- C:\Windows\System\VgRwZJu.exe
  C:\Windows\System\VgRwZJu.exe
  2⤵
  PID:14728
- C:\Windows\System\QfWFnJA.exe
  C:\Windows\System\QfWFnJA.exe
  2⤵
  PID:14808
- C:\Windows\System\wSqhNOM.exe
  C:\Windows\System\wSqhNOM.exe
  2⤵
  PID:14872
- C:\Windows\System\ErChzGO.exe
  C:\Windows\System\ErChzGO.exe
  2⤵
  PID:14936
- C:\Windows\System\UkHEpEa.exe
  C:\Windows\System\UkHEpEa.exe
  2⤵
  PID:15012
- C:\Windows\System\mYlDOzR.exe
  C:\Windows\System\mYlDOzR.exe
  2⤵
  PID:15072
- C:\Windows\System\DGfJgPS.exe
  C:\Windows\System\DGfJgPS.exe
  2⤵
  PID:15120
- C:\Windows\System\dDEqGNx.exe
  C:\Windows\System\dDEqGNx.exe
  2⤵
  PID:15192
- C:\Windows\System\zYzaIvF.exe
  C:\Windows\System\zYzaIvF.exe
  2⤵
  PID:15268
- C:\Windows\System\HAloXey.exe
  C:\Windows\System\HAloXey.exe
  2⤵
  PID:15324
- C:\Windows\System\pboKuZD.exe
  C:\Windows\System\pboKuZD.exe
  2⤵
  PID:14392
- C:\Windows\System\WgCsRje.exe
  C:\Windows\System\WgCsRje.exe
  2⤵
  PID:14504
- C:\Windows\System\ctZJfQD.exe
  C:\Windows\System\ctZJfQD.exe
  2⤵
  PID:14732
- C:\Windows\System\lBYPHYJ.exe
  C:\Windows\System\lBYPHYJ.exe
  2⤵
  PID:14848
- C:\Windows\System\MQLSKje.exe
  C:\Windows\System\MQLSKje.exe
  2⤵
  PID:15064
- C:\Windows\System\fvhFKgj.exe
  C:\Windows\System\fvhFKgj.exe
  2⤵
  PID:13592
- C:\Windows\System\dWkwCQK.exe
  C:\Windows\System\dWkwCQK.exe
  2⤵
  PID:15308
- C:\Windows\System\LPPtJyy.exe
  C:\Windows\System\LPPtJyy.exe
  2⤵
  PID:14788
- C:\Windows\System\eZftZzc.exe
  C:\Windows\System\eZftZzc.exe
  2⤵
  PID:3752
- C:\Windows\System\pXMnyyt.exe
  C:\Windows\System\pXMnyyt.exe
  2⤵
  PID:14652
- C:\Windows\System\OtPYyNy.exe
  C:\Windows\System\OtPYyNy.exe
  2⤵
  PID:15304
- C:\Windows\System\hKCUOWd.exe
  C:\Windows\System\hKCUOWd.exe
  2⤵
  PID:15372
- C:\Windows\System\vctvUwt.exe
  C:\Windows\System\vctvUwt.exe
  2⤵
  PID:15400
- C:\Windows\System\qyzOztE.exe
  C:\Windows\System\qyzOztE.exe
  2⤵
  PID:15428
- C:\Windows\System\iehpLSR.exe
  C:\Windows\System\iehpLSR.exe
  2⤵
  PID:15456
- C:\Windows\System\WJCwBmc.exe
  C:\Windows\System\WJCwBmc.exe
  2⤵
  PID:15484
- C:\Windows\System\RWYKYnF.exe
  C:\Windows\System\RWYKYnF.exe
  2⤵
  PID:15512
- C:\Windows\System\ZlTMcLu.exe
  C:\Windows\System\ZlTMcLu.exe
  2⤵
  PID:15540
- C:\Windows\System\WKpEydg.exe
  C:\Windows\System\WKpEydg.exe
  2⤵
  PID:15568
- C:\Windows\System\YfjVOIQ.exe
  C:\Windows\System\YfjVOIQ.exe
  2⤵
  PID:15596
- C:\Windows\System\TSURcgU.exe
  C:\Windows\System\TSURcgU.exe
  2⤵
  PID:15624
- C:\Windows\System\gjugjyE.exe
  C:\Windows\System\gjugjyE.exe
  2⤵
  PID:15652
- C:\Windows\System\FJaufWq.exe
  C:\Windows\System\FJaufWq.exe
  2⤵
  PID:15680
- C:\Windows\System\uAgMiQn.exe
  C:\Windows\System\uAgMiQn.exe
  2⤵
  PID:15704
- C:\Windows\System\JYZGBwR.exe
  C:\Windows\System\JYZGBwR.exe
  2⤵
  PID:15728
- C:\Windows\System\KWkrfea.exe
  C:\Windows\System\KWkrfea.exe
  2⤵
  PID:15764
- C:\Windows\System\bTqxbSn.exe
  C:\Windows\System\bTqxbSn.exe
  2⤵
  PID:15792
- C:\Windows\System\HBZCYTe.exe
  C:\Windows\System\HBZCYTe.exe
  2⤵
  PID:15820
- C:\Windows\System\KNkIATR.exe
  C:\Windows\System\KNkIATR.exe
  2⤵
  PID:15848
- C:\Windows\System\khKclaP.exe
  C:\Windows\System\khKclaP.exe
  2⤵
  PID:15876
- C:\Windows\System\ywFQfvl.exe
  C:\Windows\System\ywFQfvl.exe
  2⤵
  PID:15904
- C:\Windows\System\kVKKWaE.exe
  C:\Windows\System\kVKKWaE.exe
  2⤵
  PID:15932
- C:\Windows\System\hSSKGyh.exe
  C:\Windows\System\hSSKGyh.exe
  2⤵
  PID:15960
- C:\Windows\System\sHahwAM.exe
  C:\Windows\System\sHahwAM.exe
  2⤵
  PID:15988
- C:\Windows\System\scYkMWL.exe
  C:\Windows\System\scYkMWL.exe
  2⤵
  PID:16016
- C:\Windows\System\oqQjpFi.exe
  C:\Windows\System\oqQjpFi.exe
  2⤵
  PID:16044
- C:\Windows\System\AbNNPLA.exe
  C:\Windows\System\AbNNPLA.exe
  2⤵
  PID:16072
- C:\Windows\System\qNsFvgg.exe
  C:\Windows\System\qNsFvgg.exe
  2⤵
  PID:16100
- C:\Windows\System\xKgUtru.exe
  C:\Windows\System\xKgUtru.exe
  2⤵
  PID:16128
- C:\Windows\System\PWKzuLr.exe
  C:\Windows\System\PWKzuLr.exe
  2⤵
  PID:16156
- C:\Windows\System\ZwrRavv.exe
  C:\Windows\System\ZwrRavv.exe
  2⤵
  PID:16184
- C:\Windows\System\kEMUKzc.exe
  C:\Windows\System\kEMUKzc.exe
  2⤵
  PID:16212
- C:\Windows\System\VpjwaBg.exe
  C:\Windows\System\VpjwaBg.exe
  2⤵
  PID:16240
- C:\Windows\System\naJFjsS.exe
  C:\Windows\System\naJFjsS.exe
  2⤵
  PID:16268
- C:\Windows\System\OirmPNs.exe
  C:\Windows\System\OirmPNs.exe
  2⤵
  PID:16296
- C:\Windows\System\SkhDnEP.exe
  C:\Windows\System\SkhDnEP.exe
  2⤵
  PID:16324
- C:\Windows\System\AbyrdNt.exe
  C:\Windows\System\AbyrdNt.exe
  2⤵
  PID:16348
- C:\Windows\System\WxqKVxe.exe
  C:\Windows\System\WxqKVxe.exe
  2⤵
  PID:16380
- C:\Windows\System\ZRxZEeE.exe
  C:\Windows\System\ZRxZEeE.exe
  2⤵
  PID:15424
- C:\Windows\System\bqPwiQW.exe
  C:\Windows\System\bqPwiQW.exe
  2⤵
  PID:15480
- C:\Windows\System\maacDCA.exe
  C:\Windows\System\maacDCA.exe
  2⤵
  PID:15556
- C:\Windows\System\OLkfoxS.exe
  C:\Windows\System\OLkfoxS.exe
  2⤵
  PID:15616
- C:\Windows\System\fzYPNRM.exe
  C:\Windows\System\fzYPNRM.exe
  2⤵
  PID:15672
- C:\Windows\System\tDqFqib.exe
  C:\Windows\System\tDqFqib.exe
  2⤵
  PID:15748
- C:\Windows\System\YfUrYpq.exe
  C:\Windows\System\YfUrYpq.exe
  2⤵
  PID:15788
- C:\Windows\System\sZfIcRg.exe
  C:\Windows\System\sZfIcRg.exe
  2⤵
  PID:15860
- C:\Windows\System\afJhQDS.exe
  C:\Windows\System\afJhQDS.exe
  2⤵
  PID:15928
- C:\Windows\System\bbLALjt.exe
  C:\Windows\System\bbLALjt.exe
  2⤵
  PID:16004
- C:\Windows\System\VzuBBte.exe
  C:\Windows\System\VzuBBte.exe
  2⤵
  PID:16060
- C:\Windows\System\YivgsVY.exe
  C:\Windows\System\YivgsVY.exe
  2⤵
  PID:16124
- C:\Windows\System\qcckvzX.exe
  C:\Windows\System\qcckvzX.exe
  2⤵
  PID:16200
- C:\Windows\System\PwmYnfG.exe
  C:\Windows\System\PwmYnfG.exe
  2⤵
  PID:880
- C:\Windows\System\DhkcvXs.exe
  C:\Windows\System\DhkcvXs.exe
  2⤵
  PID:16312
- C:\Windows\System\WVQYASu.exe
  C:\Windows\System\WVQYASu.exe
  2⤵
  PID:16372
- C:\Windows\System\SejRCOR.exe
  C:\Windows\System\SejRCOR.exe
  2⤵
  PID:15452
- C:\Windows\System\usTZpDO.exe
  C:\Windows\System\usTZpDO.exe
  2⤵
  PID:15668
- C:\Windows\System\QgSZwau.exe
  C:\Windows\System\QgSZwau.exe
  2⤵
  PID:15752
- C:\Windows\System\fICRLhq.exe
  C:\Windows\System\fICRLhq.exe
  2⤵
  PID:15844
- C:\Windows\System\jvbkxBU.exe
  C:\Windows\System\jvbkxBU.exe
  2⤵
  PID:16040
- C:\Windows\System\KwVELif.exe
  C:\Windows\System\KwVELif.exe
  2⤵
  PID:16180
- C:\Windows\System\jdrUDsl.exe
  C:\Windows\System\jdrUDsl.exe
  2⤵
  PID:16344
- C:\Windows\System\vgntxmP.exe
  C:\Windows\System\vgntxmP.exe
  2⤵
  PID:15588
- C:\Windows\System\yFGJnaY.exe
  C:\Windows\System\yFGJnaY.exe
  2⤵
  PID:3800
- C:\Windows\System\kxvNYfw.exe
  C:\Windows\System\kxvNYfw.exe
  2⤵
  PID:2248
- C:\Windows\System\JIuLZxo.exe
  C:\Windows\System\JIuLZxo.exe
  2⤵
  PID:15384
- C:\Windows\System\vcdRtYm.exe
  C:\Windows\System\vcdRtYm.exe
  2⤵
  PID:16292
- C:\Windows\System\wTiAQVS.exe
  C:\Windows\System\wTiAQVS.exe
  2⤵
  PID:16396
- C:\Windows\System\QQULrlx.exe
  C:\Windows\System\QQULrlx.exe
  2⤵
  PID:16424
- C:\Windows\System\sCxXaiD.exe
  C:\Windows\System\sCxXaiD.exe
  2⤵
  PID:16452
- C:\Windows\System\kDLzrFA.exe
  C:\Windows\System\kDLzrFA.exe
  2⤵
  PID:16480
- C:\Windows\System\QMDtJjq.exe
  C:\Windows\System\QMDtJjq.exe
  2⤵
  PID:16508
- C:\Windows\System\erThjyo.exe
  C:\Windows\System\erThjyo.exe
  2⤵
  PID:16536
- C:\Windows\System\eUBEeOQ.exe
  C:\Windows\System\eUBEeOQ.exe
  2⤵
  PID:16564
- C:\Windows\System\IJVrKsL.exe
  C:\Windows\System\IJVrKsL.exe
  2⤵
  PID:16592
- C:\Windows\System\oHuudlt.exe
  C:\Windows\System\oHuudlt.exe
  2⤵
  PID:16612
- C:\Windows\System\JyrXNKu.exe
  C:\Windows\System\JyrXNKu.exe
  2⤵
  PID:16636
- C:\Windows\System\kCEdDNm.exe
  C:\Windows\System\kCEdDNm.exe
  2⤵
  PID:16676
- C:\Windows\System\AfESfOn.exe
  C:\Windows\System\AfESfOn.exe
  2⤵
  PID:16704
- C:\Windows\System\UrQOVjQ.exe
  C:\Windows\System\UrQOVjQ.exe
  2⤵
  PID:16732
- C:\Windows\System\uQCOIXU.exe
  C:\Windows\System\uQCOIXU.exe
  2⤵
  PID:16760
- C:\Windows\System\BQiskFZ.exe
  C:\Windows\System\BQiskFZ.exe
  2⤵
  PID:16788
- C:\Windows\System\tYHLWrS.exe
  C:\Windows\System\tYHLWrS.exe
  2⤵
  PID:16804
- C:\Windows\System\DYAOzEi.exe
  C:\Windows\System\DYAOzEi.exe
  2⤵
  PID:16844
- C:\Windows\System\NHxKHGF.exe
  C:\Windows\System\NHxKHGF.exe
  2⤵
  PID:16872
- C:\Windows\System\YJPcNYj.exe
  C:\Windows\System\YJPcNYj.exe
  2⤵
  PID:16900
- C:\Windows\System\UHSSsxh.exe
  C:\Windows\System\UHSSsxh.exe
  2⤵
  PID:16928
- C:\Windows\System\AEOHhff.exe
  C:\Windows\System\AEOHhff.exe
  2⤵
  PID:16944
- C:\Windows\System\ETSNgkN.exe
  C:\Windows\System\ETSNgkN.exe
  2⤵
  PID:16972
- C:\Windows\System\afwzZGK.exe
  C:\Windows\System\afwzZGK.exe
  2⤵
  PID:17000
- C:\Windows\System\UFtcbGV.exe
  C:\Windows\System\UFtcbGV.exe
  2⤵
  PID:17020
- C:\Windows\System\LIaYvNT.exe
  C:\Windows\System\LIaYvNT.exe
  2⤵
  PID:17056
- C:\Windows\System\PROKzhP.exe
  C:\Windows\System\PROKzhP.exe
  2⤵
  PID:17076
- C:\Windows\System\XyLzWxT.exe
  C:\Windows\System\XyLzWxT.exe
  2⤵
  PID:17116
- C:\Windows\System\SQNeGcQ.exe
  C:\Windows\System\SQNeGcQ.exe
  2⤵
  PID:17144
- C:\Windows\System\cBtYRJv.exe
  C:\Windows\System\cBtYRJv.exe
  2⤵
  PID:17160
- C:\Windows\System\PYkbVKh.exe
  C:\Windows\System\PYkbVKh.exe
  2⤵
  PID:17200
- C:\Windows\System\gWPYHZo.exe
  C:\Windows\System\gWPYHZo.exe
  2⤵
  PID:17216
- C:\Windows\System\IdwuWIx.exe
  C:\Windows\System\IdwuWIx.exe
  2⤵
  PID:17248
- C:\Windows\System\JagGPgU.exe
  C:\Windows\System\JagGPgU.exe
  2⤵
  PID:17272

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BpRmyiP.exe

Filesize
1.7MB

MD5
a702c4e477432774186d9e8f1ccb1346

SHA1
93a0427f047facecc07771b7f2cc19d8e9534c5f

SHA256
fdea51ec34070970fafa5cb8b726a29a53292f78bf7ba00ad959077b7b53b00c

SHA512
f855f00f74a13af5c6106e9bb3af5b8d7fcc6d894842d451efda5ba15e4ad1bb8bbdf477486ada8d538c1ea1c993da04e7f4ca694774f1597c31fbcbeb095f36

Download Submit
C:\Windows\System\GwBzcVS.exe

Filesize
1.7MB

MD5
0c7c1109a20803b974ec1579077fedb3

SHA1
38f2fc2fb108c3c7932683fd8c8d0bf518cfbeed

SHA256
fe9ac1c6ee2fdb89116637fa66dfa7d2248a4aea12edef26c98ae8f6d9ab1aaf

SHA512
61edf623334e3dedf53afcaf968f17f200025a381d3bc560f6bfa546c851ab6a7f373ab473c9a56a33d4e796166b3d7e6e85d17a674190b04659ced8a10ffea7

Download Submit
C:\Windows\System\IWZYgDZ.exe

Filesize
1.7MB

MD5
3f8760e319c0f5ad010156c623d3e025

SHA1
ca75af79f406bd53e348a982dab02dc105265f90

SHA256
c7f4e734ae441f67bf4e81ba7b01c3ddadfd87072ca3df1838381efffd35a345

SHA512
11f4736c92ee1de13197e629efde13bdfb9db6505c0c8c958565ff9d3fae94d8219100b07a2c5c55e052c862dcb8ccf10da0f53bba8cadd7014d394c3614ccc7

Download Submit
C:\Windows\System\KDBYveH.exe

Filesize
1.7MB

MD5
b0e0e9a144c051c412962c620775c485

SHA1
7414e23f833f7adf27aad01a3cd50a158b676272

SHA256
d15410f94d2c5e32351a6413d94245361f2bab285c7b8a2444f3a8fdde73aa11

SHA512
6166374b2d39f3eee85adabfe530e0ba3dc80b989792413493ffab935620703506cd4e63ba20f01c2a86aa45def88cf0b8f4c30ab25f47d5a871b524125dcea4

Download Submit
C:\Windows\System\LHHsAtR.exe

Filesize
1.7MB

MD5
3578104155021e1391650c95049d89d0

SHA1
380106886195929679a9c34bf1aee37d7429ac01

SHA256
4537b5dded881a5ff0caa1f9daeb241f806f5373a0bfa39d1fc3e6e7a7f3bd72

SHA512
9a1615a8bf9ff4ea628895e70f44f6cb551319d2a90cf09ff50ba0d138fe7ecf8e1c91d81394bbf7749e27b91edc5eb261c0d727dc33fb5617ffb2bd946564b2

Download Submit
C:\Windows\System\MeZsRFO.exe

Filesize
1.7MB

MD5
d9ede2b439eda333ae6b4538f7c4240b

SHA1
f4b64377ec86e0d7bf4ba71d50ee0f59aa43fc9c

SHA256
12bf3564d19a6ef35fda182f460b4fd0f92c9a8b60a0ea634c8de008ffec4098

SHA512
ed9dca98f972e22516a9baa90985cb6773dc015e73b381601efef67150ce2150c9265a5095484a1e8a8fcc4c2bf32cbce8f1478dc910eb5e9ff864562ce12d6e

Download Submit
C:\Windows\System\OeLQCLZ.exe

Filesize
1.7MB

MD5
6563756a7858846bb529c88316dccc24

SHA1
3a97c60902203a265fbd9cb460b1e750b77ea04a

SHA256
235490fa5f14ccda04fbcaa8a5e6160a3b0962f5a5efeb1e76bd083a18f54cd2

SHA512
266d86e8298c4f160faf94596c9efb2603f055992b9f2e2b14ad9a7d24bb43ad6990eae248a685822ec5c3e325854d0a97199289bd4db9034573b12c88f67a10

Download Submit
C:\Windows\System\QcCUrfW.exe

Filesize
1.7MB

MD5
71ff4328a4b9ca5f232d85ec3da17f83

SHA1
6d309b36b665a63112e2b0f9554d562f5a890e1e

SHA256
e356177f8cb14f0c1ebe52166e98807a0632a7371ebff829f969aaf0d11c63fd

SHA512
0c330184a525bea8d5e35bd98d6e4226b5a08af1a0092a7f3d7ea1fab7ae7776739b13a7698c266ee47710580c7a984d35816f359b83b1e1e9b6f99c8cea387d

Download Submit
C:\Windows\System\RuzxFbE.exe

Filesize
1.7MB

MD5
ade178e7d910996e573b776a7a05bbfc

SHA1
815c9bf4f97eb4877b63b123c0ccc37a0a0a9cc5

SHA256
edeee71e69ad22fab24f64a5a39dde23d00396bbed1f2921dea9fd70b413b1de

SHA512
cf69eb88a10349696f1c193b856395562b8d463b0f8a668228fd35f6355b2b47fe3396a2ae43d8f6fcc312dd44b4cdb0bc0336476b5d2ac3061df8fcf3bce406

Download Submit
C:\Windows\System\SdHCZOb.exe

Filesize
1.7MB

MD5
354f1c1bc7c8b019d7cf06bae4f2c745

SHA1
beb301bdbdef154143d98c56fa238ce1a3de9c2c

SHA256
59abf892d5d760def8def4a3acd32fd6c93fef76aeb4218dc2ec78826c0127ca

SHA512
932d673120d77a761ee2fdd2c8164981af61e40c9f9dbec69c8a4ea36828ed2b9975dfa38c7d3b0e57c02b7b2aae9964e06c08a62b81dd42a056406289c5608a

Download Submit
C:\Windows\System\TAdkwTm.exe

Filesize
1.7MB

MD5
0a51b10b91a39bbfa1cbfc55a32e4141

SHA1
c2f71d8269288c155631ec04ea84d613b5300489

SHA256
609fc3d91dad99b5fdc0ec93ad252910a73c5d58bff667ffa534bae1304a675a

SHA512
cd5cfd6c0f40541785b9cbff91cfbb79356312dfc657ca772bad9075d27c53340c58f8c6a1e2f629415694d948895f11bb2019031c49af68f568984c522f4459

Download Submit
C:\Windows\System\TsHWYFv.exe

Filesize
1.7MB

MD5
cd86ec8537062dde7f2c928532cf010d

SHA1
d99e31a84de7c4623d0fed672991c6e8a2070957

SHA256
0b95937727770a154c58f09eabaffa213171fba86c6e43cc7e56296336e37366

SHA512
0f2c86d01565dc842b37598f5966eca43aeddaddb160966b7e93fe50a6f4e3ea82bc4a32709e19978cded8bcf984104d9e9fca88f5392f7820bbda1e5e79063c

Download Submit
C:\Windows\System\YmKTbQQ.exe

Filesize
1.7MB

MD5
8592509a53f8617d77488f308b5e631c

SHA1
c432b8f95a72b60c9bb0b4b1dd4ba83335a41813

SHA256
6256bdd3ce696f5628fd86aeb493d908400bc1e438a3ff83c6ca6685da9b7f64

SHA512
6609b6b32abd6a6601dd6d705517e9c2cd770ec1ecbfbbadf4baaa9ed7b887e6e2dd2359a8701e61772251a7b67f86f557d5757f072aa31a94123cafa9a9bd7f

Download Submit
C:\Windows\System\YxRNpLQ.exe

Filesize
1.7MB

MD5
d6ec7ae053ad95275252e43c8ee495cd

SHA1
a3143348c005943ea5109d0274d3fb8ca609ac0a

SHA256
c7d6ba3e3d7fbe3edafdf82e19606c56cd514892a3e22afdc674de390ef067c3

SHA512
249d6e415ecb638c4e095f5f69d3420cfa88e609691bc95617b2440ae80ff0c3af66361aa27bb119541915b120477df2b363f0c1713a40b9b3233a67f1e16118

Download Submit
C:\Windows\System\ZEqZMje.exe

Filesize
1.7MB

MD5
42a69b19b99551daaf8da0006e4a4853

SHA1
f4e38bd9b5b57c751de9831c570bd737a6581b04

SHA256
ad41f64b24e5187fc4a4c1ef6b85a2eeeccb75e1e469dc4b254c176e7505df23

SHA512
73023da9e2deb4d2afe7008aaedf902de078e0f3979dbeb2e1737ff8c99e5988588cdd8a092e24d4a54c1eb0f0162fe8687a7b867aa3d3feaa07dd73119d6552

Download Submit
C:\Windows\System\ZnXKiWu.exe

Filesize
1.7MB

MD5
8f27ffe092306c36169a79bf1cdf5386

SHA1
7d0f2c81b3765e8641425114b7918709dfff47aa

SHA256
71c90ccc03f8e98c12a1d3827fdb263725245d499a441a1478cc59bc4afc02bc

SHA512
3712470d30d2ef89aade9404239c832ed003c2de62c3aadac41e5992b182fb0a305c533b63acf6e64488e4f54b3c09b422fe61ac530d5a944381aac3dec1ad87

Download Submit
C:\Windows\System\aRVvMoH.exe

Filesize
1.7MB

MD5
b81b335223eee305a8d6202691368386

SHA1
8c72d8e53391d263844e89f0c276da09cf954598

SHA256
08a70290699ed32b4c51d28656721ce679fefca8aecf2ff488149607d79497fe

SHA512
fe0001b2dae6eae92b7897ea75f941c779b43fac383c929f6bb96f876ce4ec3d44a9bacca9b4fde6ea977f352d001778e9a5e2398c1ee96b9e14416a571e18be

Download Submit
C:\Windows\System\ddUbARY.exe

Filesize
1.7MB

MD5
355f7e6278499c6be4913c0432bf0df1

SHA1
f0bae45afac93f884bcde50b4bd4d4460d86026e

SHA256
6e00dd12a32380093416de29729d90932fd21d35ae3b30833766f2b78a98f741

SHA512
76929e52587aed138cfb02983a960cc31650b596354c55f2ca3433325a93198365551bd2b75f12c459d50152ee09c2c878caa03e5389bc15df5289341c8f7eb8

Download Submit
C:\Windows\System\eSlrEsH.exe

Filesize
1.7MB

MD5
a2e766885bf329b893d663350e07067b

SHA1
497d25096d74d72f34f3df6db87d723fab216dbe

SHA256
3b60d9f51ef3a8f7191551501be02fd794e89eb4830afa27889198e5602d84a1

SHA512
0aaf2c53178d414b444d18376e397240aa9e9132710f560931c301f552d188e82c3c113c079b0db815fac82b3797ccbb7b235f965e6a5673ebecbcb337c39dce

Download Submit
C:\Windows\System\gbVxAOo.exe

Filesize
1.7MB

MD5
53a6affd8220603b92e92d0ff40692a0

SHA1
bac387ad1f4e3b6b0d462099122de250784f9a03

SHA256
12afa909e73ebf67cddbc7374bdc23b0655069e77bf38d514dc20be4fbc193c3

SHA512
0146f201a59ee41683c8d2885dac15188989c63c2c41894545a2e5039a88a401041c29462260f95c929e60990b52204b0909490a4574d0c3e43c6400770f0c07

Download Submit
C:\Windows\System\iIvWtzZ.exe

Filesize
1.7MB

MD5
4a912b8752034aa4ab5249d671bd8c9c

SHA1
c45b403d8e249fe31eb7ee6db399b0b8483499f4

SHA256
48c4b7d1250107910b3ba99ac5fbf3854602e5e765ff856284acc250291349fa

SHA512
43a8b20300cf849dbd32548f7e11d7544e366302a2804f6add2c0d8ddd12f7940b1283dda04490cbe6b3ef93959cc4c6b53175c15684e16eeefebee306f014b8

Download Submit
C:\Windows\System\mhCHOCy.exe

Filesize
1.7MB

MD5
c92439972b2ce00d1ea1493f363cf385

SHA1
792a73edcaf1efd56202d3390fbd18d29fe133fa

SHA256
c86692a1c58ee2293f050ab5042cd9648e022babebc2e1dabd84f24d4db901e5

SHA512
30e388d3b3f71103fc8ba3830dc066371936fa754e7dbb3a7884837f91fa692fc0a3220c03cacf51a12fb8439187b6b9e40a2b447e83df65ecc17be52ec09d12

Download Submit
C:\Windows\System\oHDAbVz.exe

Filesize
1.7MB

MD5
4844e116b17feca9dc296d09e2287837

SHA1
50ec39577b588ca2828ce677b02ac902b2c3f1bc

SHA256
af53b5e29a26a4863834644a698d8ddc217d6706a8572ee9a98350e32a5f1c08

SHA512
3c0ef7ec09aad7a6838d8c0319f432e39be5aef32a4f82ba82fe2299272a1620752c6b7becb44baf6f6f5fb62b425ad37004bdb57c6fb7f3ef539ed14e1e6766

Download Submit
C:\Windows\System\otjZsIZ.exe

Filesize
1.7MB

MD5
271693c59d9fe3248d69644889d3e407

SHA1
0f1b8875e9d0dbc747c72cec20823a242f02e571

SHA256
e31d68ba8371b24db7f6b5130e90606865e4e95279f3e6693ccbfcdd3dc2d763

SHA512
701ae476f8d5a3d87b3052efe5db9c784bbb3a28df7069f37f0bf39d7446776daff837d2ca61f622288584a96abc635397b5088a4ad620e88042eaf1720ca49d

Download Submit
C:\Windows\System\pAUabRR.exe

Filesize
1.7MB

MD5
fc9cef675e23e4ac8cc0480a7d68e01b

SHA1
ebe3d09489c05d30b87adbd62362445d3840cf45

SHA256
9acfb5eec241038f8e31576ec86d2a5c660840a21c9efc28a629bb7fa51d025b

SHA512
50f73826bc73b528fa3fb8391c617ef6a5a4ce65644d8cac15086225bdda8756c41c82e42204cde3b18172e97ad240d2f60d864818a58fb530f8a0b3fced6930

Download Submit
C:\Windows\System\spQQuHk.exe

Filesize
1.7MB

MD5
565d5b95edb06bb68bca6ddafb989d8e

SHA1
edf94e63ed0b100ede3c289ac46fa099231f1b4f

SHA256
15b93d27b40fbcb366912bfa9a0c2b18f01543de3b7e7c633db1d6fdaf805e75

SHA512
5fa092b87c3199cd49952b63bc36cce660ca55a10a8ded49786e45823bdf4e8912aba499f88ca96920d37c9fb36bc99f0c39b21bdd4e1f1d2fd8163dca582b1b

Download Submit
C:\Windows\System\uPpqnGw.exe

Filesize
1.7MB

MD5
89d5e6821777962d79197c2f77512488

SHA1
0ca8d208fb4a57b9e5535da37866d319946341ef

SHA256
295cccac6361898c8ceb8aacb059084a91ebe4cf18709e99e2c3e7061946b692

SHA512
ef175262ff677c475f1b3210e2880f763d3447cf27b38aef2389ceca0e741209aa9c22076e3f4330566386c6009d75c222e71b2ca3ee10ff021be8e94fbc9961

Download Submit
C:\Windows\System\ulWqRfh.exe

Filesize
1.7MB

MD5
f4f3299b2a117dbdf4639151ebb857ed

SHA1
bb97c5703238e9fa0ccaccfdf5d48c6faf931900

SHA256
4e22e70932482a2cae7e53d79dd117d2b31167c4a7575a903c333f76638bdde6

SHA512
ddf669d713029950563661753511417a5810ba76a3ff8bbef525a0912aac15246cb94dc0f71df191fb8b4e9bfc269739a00fafa48d6212e7c5e8e7978c4526c0

Download Submit
C:\Windows\System\vMDcWqv.exe

Filesize
1.7MB

MD5
f65b12cf9b29053383497be4218723b3

SHA1
ef4cf0c904bd2c06b9b6cae91b62ea50267ceae5

SHA256
72f357088a49530da45bdc733da5d8d566e5b51903ea40c688e2e2ea43b94ec5

SHA512
65179541ab638983910f38a58aa9e2ef356f1760478adcd06d0197594ff6b96a7b77793f854fcdffe0ca25e07e854e2b9bdc5f15a5b10d6b2ff3d5928d067f74

Download Submit
C:\Windows\System\wZJRQxA.exe

Filesize
1.7MB

MD5
844a826b83fed16948c60f410e842b41

SHA1
c13af1ab0ca01896941712cc841ab21dbb3832f1

SHA256
1dd7f4f7d1d9834b21d9d98f70fd5d1c1e6918455d1f7e4a777a3c0e493ea83f

SHA512
95be14ff7bd85902cb893771131b619be96b031f62aec9be0a57a3e6830838f3ae8a0d55400e0a1bf8db34fb80ea0fb2749e533d753fdd19155d1ce7246d216c

Download Submit
C:\Windows\System\yFgIgFg.exe

Filesize
1.7MB

MD5
7b466c2e094aefe769a9fa65dc8dbc05

SHA1
c0fa28a8fee62854555134fed0a3120e7ff7e94a

SHA256
7283ba0a1f76708dcf279c701a4b6c4a309ee8bc3ed5c7a6465b32ca5d44fc45

SHA512
f0f826a25ceefe0ee5da62b3f6dc5f2599d9749c2a12dec4e663a50045053d72025d80dc7697720285b4e8e33a7f7edca16b03ca63c05025b895a2ac96801249

Download Submit
C:\Windows\System\ytGPJAb.exe

Filesize
1.7MB

MD5
973c2f2b29f681c36356fd0445ec04cf

SHA1
89f285e240b649c79eddc3b74b718463d98699f1

SHA256
ed7f2be7355d8dff3a765422627e1782efec24a1eda147f725c8ff76a08e9dff

SHA512
7240a75d4b0f735d77896ba4309a80d97fda8327be1cf4ccb20f93dfd8b7050c62b36f2e24893caa05be0307f67cebfe567c0cb2395475b5558de6c1fd36e0c5

Download Submit
C:\Windows\System\zYSPgWb.exe

Filesize
1.7MB

MD5
d6b866bf2b7fee31b2d01d546f9ad3d1

SHA1
e62c2354a39bd847ec244f1af53ca682757998ff

SHA256
7718115dee64c57ae43205c8a39cd27de43c62b2ac05a15412419c4427a3c364

SHA512
a3eabf9d3c70fbec31dba0991acd8a5252b0bdceb812dacc05a7d17669ff19aafa88bbb5a0ad46c4c273e2f7da299849ad12a73b7f89c65ab536df1a2c048416

Download Submit
memory/668-0-0x000001CF8EC60000-0x000001CF8EC70000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads