xmrig | ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 05:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
Size

1.3MB
MD5

35ac71ebd545880e22c50e5b9f4649f4
SHA1

bd2aed102b499001a2d17879e692f3f83f397096
SHA256

ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd
SHA512

832b2b7ad3af9c1e4b77812ecc43f5d67279e075d26891651707118530e6d2e5a68ef54723f733bc2354dc0a92edde2f345a534078e871ef8f4620689e3375b9
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbpwlKenszbWKDNEm/51m6Pb5x8r8:GezaTF8FcNkNdfE0pZ9ozttwIRx3T2zI

Score

10^/10

xmrig miner

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0009000000023c35-3.dat	xmrig
behavioral2/files/0x0008000000023c4f-9.dat	xmrig
behavioral2/files/0x0008000000023c50-8.dat	xmrig
behavioral2/files/0x0008000000023c81-61.dat	xmrig
behavioral2/files/0x0008000000023c82-74.dat	xmrig
behavioral2/files/0x0008000000023c84-84.dat	xmrig
behavioral2/files/0x0008000000023c89-101.dat	xmrig
behavioral2/files/0x0007000000023c94-124.dat	xmrig
behavioral2/files/0x0007000000023c9d-161.dat	xmrig
behavioral2/files/0x0007000000023c9b-159.dat	xmrig
behavioral2/files/0x0007000000023c9c-156.dat	xmrig
behavioral2/files/0x0007000000023c9a-154.dat	xmrig
behavioral2/files/0x0007000000023c99-149.dat	xmrig
behavioral2/files/0x0007000000023c98-144.dat	xmrig
behavioral2/files/0x0007000000023c97-139.dat	xmrig
behavioral2/files/0x0007000000023c96-134.dat	xmrig
behavioral2/files/0x0007000000023c95-129.dat	xmrig
behavioral2/files/0x0007000000023c93-119.dat	xmrig
behavioral2/files/0x0008000000023c8a-114.dat	xmrig
behavioral2/files/0x0008000000023c88-104.dat	xmrig
behavioral2/files/0x0008000000023c87-99.dat	xmrig
behavioral2/files/0x0008000000023c86-94.dat	xmrig
behavioral2/files/0x0008000000023c85-89.dat	xmrig
behavioral2/files/0x0008000000023c83-79.dat	xmrig
behavioral2/files/0x0008000000023c80-64.dat	xmrig
behavioral2/files/0x0008000000023c74-59.dat	xmrig
behavioral2/files/0x0008000000023c70-54.dat	xmrig
behavioral2/files/0x0016000000023c6a-49.dat	xmrig
behavioral2/files/0x000b000000023c69-41.dat	xmrig
behavioral2/files/0x0008000000023c54-37.dat	xmrig
behavioral2/files/0x0008000000023c53-31.dat	xmrig
behavioral2/files/0x0008000000023c52-26.dat	xmrig
behavioral2/files/0x0008000000023c51-21.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4324	lrQhupN.exe
2612	PajUHMi.exe
4304	sYWDrAR.exe
116	oWHrSHl.exe
2444	RDfCxqC.exe
1236	zKOdGoX.exe
1716	blxTVfF.exe
4700	JVXGYbl.exe
4464	tCtAujq.exe
4560	iUZcfYR.exe
2908	EBuKfIC.exe
2264	FTHpSXg.exe
1268	MjZZukz.exe
632	llyWiLo.exe
1900	oHKsSEs.exe
4968	whMJuEC.exe
4008	SosptYb.exe
2832	VwpAHlP.exe
4104	CabqLlS.exe
1256	QymCrpK.exe
1648	LnnURIN.exe
5040	NHkBhna.exe
4852	THLMbXe.exe
2436	KlpriEo.exe
3652	deJZsMf.exe
3736	ShmsVht.exe
4456	xIhvpFu.exe
4140	YnvBmSj.exe
3232	wISlieE.exe
2880	OkdDrwM.exe
3720	pjoWMjA.exe
3604	pOtRalA.exe
4164	WEliDYz.exe
3492	RdpkDQQ.exe
2900	NKkgirk.exe
1068	GSVMocL.exe
4596	QYIXfne.exe
4804	BJuERfS.exe
1628	DHFSoMk.exe
1952	BFtigBd.exe
4072	KTumdlx.exe
3956	iORuUmp.exe
3256	UNSmsIu.exe
2416	ZJtXarY.exe
1820	LJtDmUS.exe
3860	ZvHtsRi.exe
904	OiQqhLP.exe
4036	IANGlwR.exe
3816	SFdUFnW.exe
1860	BMURYne.exe
3540	OWXJsbz.exe
3772	nnWCnYi.exe
3504	eRjlpeM.exe
4420	ThwFGfi.exe
4428	lOmawiJ.exe
440	IuZpPQJ.exe
4044	ycTrdGw.exe
4540	kKIJTHe.exe
8	IDmjvVw.exe
4384	RPOwRlR.exe
2660	dHyAHYs.exe
1448	YxGBRQO.exe
2560	OiuCVnU.exe
2980	gmYmPPu.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AtwMwop.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\nDRHleX.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\ZcShOsn.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\PmowgNv.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\MJtIbJu.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\FXWGvMy.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\SzOkGxF.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\LPSglGv.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\vBzcxia.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\EzhFfqX.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\kxuGpVJ.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\LqXGtJT.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\bAiNfLb.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\THLMbXe.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\LhggIqS.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\xdeYeqE.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\nEekcMV.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\IsBtZIJ.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\RaEPRee.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\GrAeBqD.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\DLqISFV.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\lgZxhif.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\WCHCQcQ.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\ttQQEol.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\BJuERfS.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\YxGBRQO.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\emQNIsS.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\ivcznSx.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\GlGQoZK.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\QvKPTDk.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\pgsXPMh.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\iZnmIXm.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\CbLsunY.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\DgrsDrp.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\uVLngKt.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\xQcouHX.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\WMlpjzt.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\ppwRSsd.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\TjtGpmu.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\kTfiRRJ.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\vHfCdNJ.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\oJatEzZ.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\rXjwRvD.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\UoUPsJe.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\fuLpLYz.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\losiTTl.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\OLjehur.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\yraZMHu.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\TemZgQw.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\IuPnWnz.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\QpGBRpH.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\qYGHJyj.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\gdtbVrD.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\zaLwfaM.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\AYGLFJo.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\sNDtpfw.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\YTyfbOF.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\HeXQPPA.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\eQqMYnf.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\mGchEyA.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\EPgtTlt.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\HisuMDm.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\GcoELmB.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
File created	C:\Windows\System\zWThtGe.exe	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17164	dwm.exe
Token: SeChangeNotifyPrivilege	17164	dwm.exe
Token: 33	17164	dwm.exe
Token: SeIncBasePriorityPrivilege	17164	dwm.exe
Token: SeShutdownPrivilege	17164	dwm.exe
Token: SeCreatePagefilePrivilege	17164	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 4324	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	85
PID 372 wrote to memory of 4324	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	85
PID 372 wrote to memory of 2612	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	86
PID 372 wrote to memory of 2612	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	86
PID 372 wrote to memory of 4304	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	87
PID 372 wrote to memory of 4304	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	87
PID 372 wrote to memory of 116	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	88
PID 372 wrote to memory of 116	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	88
PID 372 wrote to memory of 2444	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	89
PID 372 wrote to memory of 2444	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	89
PID 372 wrote to memory of 1236	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	90
PID 372 wrote to memory of 1236	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	90
PID 372 wrote to memory of 1716	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	91
PID 372 wrote to memory of 1716	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	91
PID 372 wrote to memory of 4700	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	92
PID 372 wrote to memory of 4700	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	92
PID 372 wrote to memory of 4464	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	93
PID 372 wrote to memory of 4464	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	93
PID 372 wrote to memory of 4560	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	94
PID 372 wrote to memory of 4560	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	94
PID 372 wrote to memory of 2908	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	95
PID 372 wrote to memory of 2908	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	95
PID 372 wrote to memory of 2264	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	96
PID 372 wrote to memory of 2264	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	96
PID 372 wrote to memory of 1268	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	97
PID 372 wrote to memory of 1268	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	97
PID 372 wrote to memory of 632	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	98
PID 372 wrote to memory of 632	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	98
PID 372 wrote to memory of 1900	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	99
PID 372 wrote to memory of 1900	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	99
PID 372 wrote to memory of 4968	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	100
PID 372 wrote to memory of 4968	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	100
PID 372 wrote to memory of 4008	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	101
PID 372 wrote to memory of 4008	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	101
PID 372 wrote to memory of 2832	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	102
PID 372 wrote to memory of 2832	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	102
PID 372 wrote to memory of 4104	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	103
PID 372 wrote to memory of 4104	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	103
PID 372 wrote to memory of 1256	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	104
PID 372 wrote to memory of 1256	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	104
PID 372 wrote to memory of 1648	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	105
PID 372 wrote to memory of 1648	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	105
PID 372 wrote to memory of 5040	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	106
PID 372 wrote to memory of 5040	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	106
PID 372 wrote to memory of 4852	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	107
PID 372 wrote to memory of 4852	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	107
PID 372 wrote to memory of 2436	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	108
PID 372 wrote to memory of 2436	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	108
PID 372 wrote to memory of 3652	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	109
PID 372 wrote to memory of 3652	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	109
PID 372 wrote to memory of 3736	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	110
PID 372 wrote to memory of 3736	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	110
PID 372 wrote to memory of 4456	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	111
PID 372 wrote to memory of 4456	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	111
PID 372 wrote to memory of 4140	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	112
PID 372 wrote to memory of 4140	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	112
PID 372 wrote to memory of 3232	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	113
PID 372 wrote to memory of 3232	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	113
PID 372 wrote to memory of 2880	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	114
PID 372 wrote to memory of 2880	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	114
PID 372 wrote to memory of 3720	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	115
PID 372 wrote to memory of 3720	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	115
PID 372 wrote to memory of 3604	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	116
PID 372 wrote to memory of 3604	372	ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe	116

C:\Users\Admin\AppData\Local\Temp\ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe
"C:\Users\Admin\AppData\Local\Temp\ecb46d6c4d7d51c789aeefee4ac9c9415251da0d989dfdce105038df533dfccd.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:372
- C:\Windows\System\lrQhupN.exe
  C:\Windows\System\lrQhupN.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\PajUHMi.exe
  C:\Windows\System\PajUHMi.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\sYWDrAR.exe
  C:\Windows\System\sYWDrAR.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\oWHrSHl.exe
  C:\Windows\System\oWHrSHl.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\RDfCxqC.exe
  C:\Windows\System\RDfCxqC.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\zKOdGoX.exe
  C:\Windows\System\zKOdGoX.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\blxTVfF.exe
  C:\Windows\System\blxTVfF.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\JVXGYbl.exe
  C:\Windows\System\JVXGYbl.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\tCtAujq.exe
  C:\Windows\System\tCtAujq.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\iUZcfYR.exe
  C:\Windows\System\iUZcfYR.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\EBuKfIC.exe
  C:\Windows\System\EBuKfIC.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\FTHpSXg.exe
  C:\Windows\System\FTHpSXg.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\MjZZukz.exe
  C:\Windows\System\MjZZukz.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\llyWiLo.exe
  C:\Windows\System\llyWiLo.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\oHKsSEs.exe
  C:\Windows\System\oHKsSEs.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\whMJuEC.exe
  C:\Windows\System\whMJuEC.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\SosptYb.exe
  C:\Windows\System\SosptYb.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\VwpAHlP.exe
  C:\Windows\System\VwpAHlP.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\CabqLlS.exe
  C:\Windows\System\CabqLlS.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\QymCrpK.exe
  C:\Windows\System\QymCrpK.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\LnnURIN.exe
  C:\Windows\System\LnnURIN.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\NHkBhna.exe
  C:\Windows\System\NHkBhna.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\THLMbXe.exe
  C:\Windows\System\THLMbXe.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\KlpriEo.exe
  C:\Windows\System\KlpriEo.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\deJZsMf.exe
  C:\Windows\System\deJZsMf.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\ShmsVht.exe
  C:\Windows\System\ShmsVht.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\xIhvpFu.exe
  C:\Windows\System\xIhvpFu.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\YnvBmSj.exe
  C:\Windows\System\YnvBmSj.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\wISlieE.exe
  C:\Windows\System\wISlieE.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\OkdDrwM.exe
  C:\Windows\System\OkdDrwM.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\pjoWMjA.exe
  C:\Windows\System\pjoWMjA.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\pOtRalA.exe
  C:\Windows\System\pOtRalA.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\WEliDYz.exe
  C:\Windows\System\WEliDYz.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\RdpkDQQ.exe
  C:\Windows\System\RdpkDQQ.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\NKkgirk.exe
  C:\Windows\System\NKkgirk.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\GSVMocL.exe
  C:\Windows\System\GSVMocL.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\QYIXfne.exe
  C:\Windows\System\QYIXfne.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\BJuERfS.exe
  C:\Windows\System\BJuERfS.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\DHFSoMk.exe
  C:\Windows\System\DHFSoMk.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\BFtigBd.exe
  C:\Windows\System\BFtigBd.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\KTumdlx.exe
  C:\Windows\System\KTumdlx.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\iORuUmp.exe
  C:\Windows\System\iORuUmp.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\UNSmsIu.exe
  C:\Windows\System\UNSmsIu.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\ZJtXarY.exe
  C:\Windows\System\ZJtXarY.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\LJtDmUS.exe
  C:\Windows\System\LJtDmUS.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\ZvHtsRi.exe
  C:\Windows\System\ZvHtsRi.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\OiQqhLP.exe
  C:\Windows\System\OiQqhLP.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\IANGlwR.exe
  C:\Windows\System\IANGlwR.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\SFdUFnW.exe
  C:\Windows\System\SFdUFnW.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\BMURYne.exe
  C:\Windows\System\BMURYne.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\OWXJsbz.exe
  C:\Windows\System\OWXJsbz.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\nnWCnYi.exe
  C:\Windows\System\nnWCnYi.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\eRjlpeM.exe
  C:\Windows\System\eRjlpeM.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\ThwFGfi.exe
  C:\Windows\System\ThwFGfi.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\lOmawiJ.exe
  C:\Windows\System\lOmawiJ.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\IuZpPQJ.exe
  C:\Windows\System\IuZpPQJ.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\ycTrdGw.exe
  C:\Windows\System\ycTrdGw.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\kKIJTHe.exe
  C:\Windows\System\kKIJTHe.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\IDmjvVw.exe
  C:\Windows\System\IDmjvVw.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\RPOwRlR.exe
  C:\Windows\System\RPOwRlR.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\dHyAHYs.exe
  C:\Windows\System\dHyAHYs.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\YxGBRQO.exe
  C:\Windows\System\YxGBRQO.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\OiuCVnU.exe
  C:\Windows\System\OiuCVnU.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\gmYmPPu.exe
  C:\Windows\System\gmYmPPu.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\rmoHyuX.exe
  C:\Windows\System\rmoHyuX.exe
  2⤵
  PID:2208
- C:\Windows\System\FSKjNht.exe
  C:\Windows\System\FSKjNht.exe
  2⤵
  PID:1372
- C:\Windows\System\PrpEHAv.exe
  C:\Windows\System\PrpEHAv.exe
  2⤵
  PID:4932
- C:\Windows\System\hvCqzBp.exe
  C:\Windows\System\hvCqzBp.exe
  2⤵
  PID:4704
- C:\Windows\System\wsQhGcx.exe
  C:\Windows\System\wsQhGcx.exe
  2⤵
  PID:4744
- C:\Windows\System\gtQnFBj.exe
  C:\Windows\System\gtQnFBj.exe
  2⤵
  PID:316
- C:\Windows\System\GxapBzd.exe
  C:\Windows\System\GxapBzd.exe
  2⤵
  PID:1980
- C:\Windows\System\UyswQjb.exe
  C:\Windows\System\UyswQjb.exe
  2⤵
  PID:1756
- C:\Windows\System\UoqVibU.exe
  C:\Windows\System\UoqVibU.exe
  2⤵
  PID:1396
- C:\Windows\System\obRxsSY.exe
  C:\Windows\System\obRxsSY.exe
  2⤵
  PID:1840
- C:\Windows\System\YHnAzoh.exe
  C:\Windows\System\YHnAzoh.exe
  2⤵
  PID:2508
- C:\Windows\System\laIuUkS.exe
  C:\Windows\System\laIuUkS.exe
  2⤵
  PID:2864
- C:\Windows\System\TWjQSxn.exe
  C:\Windows\System\TWjQSxn.exe
  2⤵
  PID:1440
- C:\Windows\System\mlDiQjA.exe
  C:\Windows\System\mlDiQjA.exe
  2⤵
  PID:4640
- C:\Windows\System\qElOwfH.exe
  C:\Windows\System\qElOwfH.exe
  2⤵
  PID:3900
- C:\Windows\System\GfyrbXY.exe
  C:\Windows\System\GfyrbXY.exe
  2⤵
  PID:4496
- C:\Windows\System\mccpcsJ.exe
  C:\Windows\System\mccpcsJ.exe
  2⤵
  PID:2604
- C:\Windows\System\dcYvRsS.exe
  C:\Windows\System\dcYvRsS.exe
  2⤵
  PID:5136
- C:\Windows\System\ajbxNBx.exe
  C:\Windows\System\ajbxNBx.exe
  2⤵
  PID:5160
- C:\Windows\System\FXuloRU.exe
  C:\Windows\System\FXuloRU.exe
  2⤵
  PID:5188
- C:\Windows\System\jXPOxXz.exe
  C:\Windows\System\jXPOxXz.exe
  2⤵
  PID:5220
- C:\Windows\System\cXNtPoa.exe
  C:\Windows\System\cXNtPoa.exe
  2⤵
  PID:5248
- C:\Windows\System\ZacdPtI.exe
  C:\Windows\System\ZacdPtI.exe
  2⤵
  PID:5276
- C:\Windows\System\zWThtGe.exe
  C:\Windows\System\zWThtGe.exe
  2⤵
  PID:5300
- C:\Windows\System\PaalHxC.exe
  C:\Windows\System\PaalHxC.exe
  2⤵
  PID:5328
- C:\Windows\System\LNnFqqy.exe
  C:\Windows\System\LNnFqqy.exe
  2⤵
  PID:5360
- C:\Windows\System\mrjSBkb.exe
  C:\Windows\System\mrjSBkb.exe
  2⤵
  PID:5384
- C:\Windows\System\LUcBwcO.exe
  C:\Windows\System\LUcBwcO.exe
  2⤵
  PID:5412
- C:\Windows\System\aXDFpFp.exe
  C:\Windows\System\aXDFpFp.exe
  2⤵
  PID:5440
- C:\Windows\System\zOHuVmB.exe
  C:\Windows\System\zOHuVmB.exe
  2⤵
  PID:5468
- C:\Windows\System\hiSfkhH.exe
  C:\Windows\System\hiSfkhH.exe
  2⤵
  PID:5496
- C:\Windows\System\IPGtiZK.exe
  C:\Windows\System\IPGtiZK.exe
  2⤵
  PID:5528
- C:\Windows\System\mEyRCWS.exe
  C:\Windows\System\mEyRCWS.exe
  2⤵
  PID:5552
- C:\Windows\System\aCaldQd.exe
  C:\Windows\System\aCaldQd.exe
  2⤵
  PID:5580
- C:\Windows\System\YWobrlY.exe
  C:\Windows\System\YWobrlY.exe
  2⤵
  PID:5608
- C:\Windows\System\BghREUN.exe
  C:\Windows\System\BghREUN.exe
  2⤵
  PID:5672
- C:\Windows\System\YRtaypW.exe
  C:\Windows\System\YRtaypW.exe
  2⤵
  PID:5688
- C:\Windows\System\gpkDIns.exe
  C:\Windows\System\gpkDIns.exe
  2⤵
  PID:5704
- C:\Windows\System\KLYMKVw.exe
  C:\Windows\System\KLYMKVw.exe
  2⤵
  PID:5728
- C:\Windows\System\GsFToIy.exe
  C:\Windows\System\GsFToIy.exe
  2⤵
  PID:5756
- C:\Windows\System\tXSSiRQ.exe
  C:\Windows\System\tXSSiRQ.exe
  2⤵
  PID:5784
- C:\Windows\System\BlZfjdN.exe
  C:\Windows\System\BlZfjdN.exe
  2⤵
  PID:5812
- C:\Windows\System\irKhbtm.exe
  C:\Windows\System\irKhbtm.exe
  2⤵
  PID:5832
- C:\Windows\System\tjRAGQC.exe
  C:\Windows\System\tjRAGQC.exe
  2⤵
  PID:5868
- C:\Windows\System\pusFHQZ.exe
  C:\Windows\System\pusFHQZ.exe
  2⤵
  PID:5888
- C:\Windows\System\GCXMzuW.exe
  C:\Windows\System\GCXMzuW.exe
  2⤵
  PID:5916
- C:\Windows\System\ecQmKMc.exe
  C:\Windows\System\ecQmKMc.exe
  2⤵
  PID:5944
- C:\Windows\System\bLvEdwY.exe
  C:\Windows\System\bLvEdwY.exe
  2⤵
  PID:5972
- C:\Windows\System\lDDxXVB.exe
  C:\Windows\System\lDDxXVB.exe
  2⤵
  PID:6000
- C:\Windows\System\RdZaRlg.exe
  C:\Windows\System\RdZaRlg.exe
  2⤵
  PID:6028
- C:\Windows\System\pBVWWqN.exe
  C:\Windows\System\pBVWWqN.exe
  2⤵
  PID:6056
- C:\Windows\System\LprCoWK.exe
  C:\Windows\System\LprCoWK.exe
  2⤵
  PID:6084
- C:\Windows\System\nZWQvWP.exe
  C:\Windows\System\nZWQvWP.exe
  2⤵
  PID:6112
- C:\Windows\System\QvKPTDk.exe
  C:\Windows\System\QvKPTDk.exe
  2⤵
  PID:6140
- C:\Windows\System\roOzREi.exe
  C:\Windows\System\roOzREi.exe
  2⤵
  PID:2788
- C:\Windows\System\IxdJOKO.exe
  C:\Windows\System\IxdJOKO.exe
  2⤵
  PID:1428
- C:\Windows\System\JoLqGjj.exe
  C:\Windows\System\JoLqGjj.exe
  2⤵
  PID:5080
- C:\Windows\System\HfcTmiY.exe
  C:\Windows\System\HfcTmiY.exe
  2⤵
  PID:4028
- C:\Windows\System\WCfSWVi.exe
  C:\Windows\System\WCfSWVi.exe
  2⤵
  PID:4756
- C:\Windows\System\QneTYzv.exe
  C:\Windows\System\QneTYzv.exe
  2⤵
  PID:2492
- C:\Windows\System\mMJvvCz.exe
  C:\Windows\System\mMJvvCz.exe
  2⤵
  PID:4492
- C:\Windows\System\tnuvJuS.exe
  C:\Windows\System\tnuvJuS.exe
  2⤵
  PID:5124
- C:\Windows\System\pSZJNHt.exe
  C:\Windows\System\pSZJNHt.exe
  2⤵
  PID:5180
- C:\Windows\System\xLNrhQh.exe
  C:\Windows\System\xLNrhQh.exe
  2⤵
  PID:5264
- C:\Windows\System\FLzgMGB.exe
  C:\Windows\System\FLzgMGB.exe
  2⤵
  PID:5316
- C:\Windows\System\xFhOsAN.exe
  C:\Windows\System\xFhOsAN.exe
  2⤵
  PID:5376
- C:\Windows\System\VNfKktF.exe
  C:\Windows\System\VNfKktF.exe
  2⤵
  PID:5452
- C:\Windows\System\jaSkSfo.exe
  C:\Windows\System\jaSkSfo.exe
  2⤵
  PID:5512
- C:\Windows\System\losiTTl.exe
  C:\Windows\System\losiTTl.exe
  2⤵
  PID:5572
- C:\Windows\System\hmvQLnf.exe
  C:\Windows\System\hmvQLnf.exe
  2⤵
  PID:5652
- C:\Windows\System\pgsXPMh.exe
  C:\Windows\System\pgsXPMh.exe
  2⤵
  PID:5700
- C:\Windows\System\EXmXAlO.exe
  C:\Windows\System\EXmXAlO.exe
  2⤵
  PID:5776
- C:\Windows\System\JstFFPX.exe
  C:\Windows\System\JstFFPX.exe
  2⤵
  PID:5844
- C:\Windows\System\obQeJGy.exe
  C:\Windows\System\obQeJGy.exe
  2⤵
  PID:5884
- C:\Windows\System\kVzHAiK.exe
  C:\Windows\System\kVzHAiK.exe
  2⤵
  PID:5956
- C:\Windows\System\OLjehur.exe
  C:\Windows\System\OLjehur.exe
  2⤵
  PID:6020
- C:\Windows\System\ppwRSsd.exe
  C:\Windows\System\ppwRSsd.exe
  2⤵
  PID:6096
- C:\Windows\System\gMywVsM.exe
  C:\Windows\System\gMywVsM.exe
  2⤵
  PID:3140
- C:\Windows\System\irGohhu.exe
  C:\Windows\System\irGohhu.exe
  2⤵
  PID:3248
- C:\Windows\System\iyEpqrY.exe
  C:\Windows\System\iyEpqrY.exe
  2⤵
  PID:4444
- C:\Windows\System\evyAdQi.exe
  C:\Windows\System\evyAdQi.exe
  2⤵
  PID:2428
- C:\Windows\System\kcDjuWP.exe
  C:\Windows\System\kcDjuWP.exe
  2⤵
  PID:220
- C:\Windows\System\JoMlbyq.exe
  C:\Windows\System\JoMlbyq.exe
  2⤵
  PID:5348
- C:\Windows\System\DxYfkJJ.exe
  C:\Windows\System\DxYfkJJ.exe
  2⤵
  PID:5484
- C:\Windows\System\aPOOcEb.exe
  C:\Windows\System\aPOOcEb.exe
  2⤵
  PID:5620
- C:\Windows\System\LhggIqS.exe
  C:\Windows\System\LhggIqS.exe
  2⤵
  PID:4788
- C:\Windows\System\ncHiZXl.exe
  C:\Windows\System\ncHiZXl.exe
  2⤵
  PID:6148
- C:\Windows\System\yfdBlrK.exe
  C:\Windows\System\yfdBlrK.exe
  2⤵
  PID:6176
- C:\Windows\System\PBpvaeZ.exe
  C:\Windows\System\PBpvaeZ.exe
  2⤵
  PID:6204
- C:\Windows\System\zaLwfaM.exe
  C:\Windows\System\zaLwfaM.exe
  2⤵
  PID:6232
- C:\Windows\System\hmoTCdF.exe
  C:\Windows\System\hmoTCdF.exe
  2⤵
  PID:6260
- C:\Windows\System\zcfAMjc.exe
  C:\Windows\System\zcfAMjc.exe
  2⤵
  PID:6288
- C:\Windows\System\GqUSNLj.exe
  C:\Windows\System\GqUSNLj.exe
  2⤵
  PID:6320
- C:\Windows\System\gLqbZnC.exe
  C:\Windows\System\gLqbZnC.exe
  2⤵
  PID:6344
- C:\Windows\System\bSrHkIi.exe
  C:\Windows\System\bSrHkIi.exe
  2⤵
  PID:6368
- C:\Windows\System\WBnLinF.exe
  C:\Windows\System\WBnLinF.exe
  2⤵
  PID:6396
- C:\Windows\System\avqEwVS.exe
  C:\Windows\System\avqEwVS.exe
  2⤵
  PID:6428
- C:\Windows\System\xMODQCs.exe
  C:\Windows\System\xMODQCs.exe
  2⤵
  PID:6456
- C:\Windows\System\RrITUGO.exe
  C:\Windows\System\RrITUGO.exe
  2⤵
  PID:6484
- C:\Windows\System\xUWheES.exe
  C:\Windows\System\xUWheES.exe
  2⤵
  PID:6512
- C:\Windows\System\vWxPGmP.exe
  C:\Windows\System\vWxPGmP.exe
  2⤵
  PID:6536
- C:\Windows\System\TjtGpmu.exe
  C:\Windows\System\TjtGpmu.exe
  2⤵
  PID:6564
- C:\Windows\System\tVRhOCM.exe
  C:\Windows\System\tVRhOCM.exe
  2⤵
  PID:6592
- C:\Windows\System\OHAIFZw.exe
  C:\Windows\System\OHAIFZw.exe
  2⤵
  PID:6620
- C:\Windows\System\WyPeLNK.exe
  C:\Windows\System\WyPeLNK.exe
  2⤵
  PID:6648
- C:\Windows\System\GUwJeuP.exe
  C:\Windows\System\GUwJeuP.exe
  2⤵
  PID:6676
- C:\Windows\System\PNfYOjg.exe
  C:\Windows\System\PNfYOjg.exe
  2⤵
  PID:6704
- C:\Windows\System\mTekkiH.exe
  C:\Windows\System\mTekkiH.exe
  2⤵
  PID:6732
- C:\Windows\System\mXzkwOp.exe
  C:\Windows\System\mXzkwOp.exe
  2⤵
  PID:6760
- C:\Windows\System\IzkWWmV.exe
  C:\Windows\System\IzkWWmV.exe
  2⤵
  PID:6788
- C:\Windows\System\QJddGgA.exe
  C:\Windows\System\QJddGgA.exe
  2⤵
  PID:6820
- C:\Windows\System\UlBjqtd.exe
  C:\Windows\System\UlBjqtd.exe
  2⤵
  PID:6848
- C:\Windows\System\vLRGQQp.exe
  C:\Windows\System\vLRGQQp.exe
  2⤵
  PID:6876
- C:\Windows\System\DHlwwqD.exe
  C:\Windows\System\DHlwwqD.exe
  2⤵
  PID:6900
- C:\Windows\System\nIHBkOh.exe
  C:\Windows\System\nIHBkOh.exe
  2⤵
  PID:6928
- C:\Windows\System\rRVmDAx.exe
  C:\Windows\System\rRVmDAx.exe
  2⤵
  PID:6956
- C:\Windows\System\XJJshQP.exe
  C:\Windows\System\XJJshQP.exe
  2⤵
  PID:6984
- C:\Windows\System\FGOznnG.exe
  C:\Windows\System\FGOznnG.exe
  2⤵
  PID:7012
- C:\Windows\System\mdzSUSP.exe
  C:\Windows\System\mdzSUSP.exe
  2⤵
  PID:7044
- C:\Windows\System\TtIXKth.exe
  C:\Windows\System\TtIXKth.exe
  2⤵
  PID:7136
- C:\Windows\System\txhsigi.exe
  C:\Windows\System\txhsigi.exe
  2⤵
  PID:7156
- C:\Windows\System\sfgblXf.exe
  C:\Windows\System\sfgblXf.exe
  2⤵
  PID:5988
- C:\Windows\System\CFxQBkd.exe
  C:\Windows\System\CFxQBkd.exe
  2⤵
  PID:6072
- C:\Windows\System\ZyAWiCx.exe
  C:\Windows\System\ZyAWiCx.exe
  2⤵
  PID:3188
- C:\Windows\System\ilYCHXA.exe
  C:\Windows\System\ilYCHXA.exe
  2⤵
  PID:2748
- C:\Windows\System\KPskDvD.exe
  C:\Windows\System\KPskDvD.exe
  2⤵
  PID:5284
- C:\Windows\System\NceWwYR.exe
  C:\Windows\System\NceWwYR.exe
  2⤵
  PID:5824
- C:\Windows\System\oJatEzZ.exe
  C:\Windows\System\oJatEzZ.exe
  2⤵
  PID:6192
- C:\Windows\System\cLftmKG.exe
  C:\Windows\System\cLftmKG.exe
  2⤵
  PID:6220
- C:\Windows\System\vxDnPBb.exe
  C:\Windows\System\vxDnPBb.exe
  2⤵
  PID:6252
- C:\Windows\System\iMBQGsC.exe
  C:\Windows\System\iMBQGsC.exe
  2⤵
  PID:6328
- C:\Windows\System\ZLUWkZj.exe
  C:\Windows\System\ZLUWkZj.exe
  2⤵
  PID:6412
- C:\Windows\System\pVjLexv.exe
  C:\Windows\System\pVjLexv.exe
  2⤵
  PID:6448
- C:\Windows\System\CNcVQNL.exe
  C:\Windows\System\CNcVQNL.exe
  2⤵
  PID:6524
- C:\Windows\System\ZZMDUhp.exe
  C:\Windows\System\ZZMDUhp.exe
  2⤵
  PID:3836
- C:\Windows\System\YFTXpVw.exe
  C:\Windows\System\YFTXpVw.exe
  2⤵
  PID:4360
- C:\Windows\System\BuZcnft.exe
  C:\Windows\System\BuZcnft.exe
  2⤵
  PID:6640
- C:\Windows\System\PSjdzgc.exe
  C:\Windows\System\PSjdzgc.exe
  2⤵
  PID:6692
- C:\Windows\System\yLYMFKN.exe
  C:\Windows\System\yLYMFKN.exe
  2⤵
  PID:6748
- C:\Windows\System\THDtAXJ.exe
  C:\Windows\System\THDtAXJ.exe
  2⤵
  PID:6784
- C:\Windows\System\xQBfPxJ.exe
  C:\Windows\System\xQBfPxJ.exe
  2⤵
  PID:2224
- C:\Windows\System\qQuKlpj.exe
  C:\Windows\System\qQuKlpj.exe
  2⤵
  PID:2260
- C:\Windows\System\BRRNgkc.exe
  C:\Windows\System\BRRNgkc.exe
  2⤵
  PID:6920
- C:\Windows\System\dtRtROy.exe
  C:\Windows\System\dtRtROy.exe
  2⤵
  PID:4320
- C:\Windows\System\sgJuxdw.exe
  C:\Windows\System\sgJuxdw.exe
  2⤵
  PID:560
- C:\Windows\System\FPNklJp.exe
  C:\Windows\System\FPNklJp.exe
  2⤵
  PID:408
- C:\Windows\System\KdHqKKF.exe
  C:\Windows\System\KdHqKKF.exe
  2⤵
  PID:1496
- C:\Windows\System\JeDsuJO.exe
  C:\Windows\System\JeDsuJO.exe
  2⤵
  PID:1920
- C:\Windows\System\cTMjhXI.exe
  C:\Windows\System\cTMjhXI.exe
  2⤵
  PID:4440
- C:\Windows\System\TpYKzYi.exe
  C:\Windows\System\TpYKzYi.exe
  2⤵
  PID:1876
- C:\Windows\System\yDnhSNR.exe
  C:\Windows\System\yDnhSNR.exe
  2⤵
  PID:2016
- C:\Windows\System\QpGBRpH.exe
  C:\Windows\System\QpGBRpH.exe
  2⤵
  PID:7004
- C:\Windows\System\jVehbzk.exe
  C:\Windows\System\jVehbzk.exe
  2⤵
  PID:7108
- C:\Windows\System\Fafsxgx.exe
  C:\Windows\System\Fafsxgx.exe
  2⤵
  PID:2360
- C:\Windows\System\nhtAEZO.exe
  C:\Windows\System\nhtAEZO.exe
  2⤵
  PID:7100
- C:\Windows\System\cxcSrVe.exe
  C:\Windows\System\cxcSrVe.exe
  2⤵
  PID:7148
- C:\Windows\System\NlVUxmj.exe
  C:\Windows\System\NlVUxmj.exe
  2⤵
  PID:7128
- C:\Windows\System\ZCLYlFe.exe
  C:\Windows\System\ZCLYlFe.exe
  2⤵
  PID:6132
- C:\Windows\System\cBISWTo.exe
  C:\Windows\System\cBISWTo.exe
  2⤵
  PID:5600
- C:\Windows\System\nTfezXe.exe
  C:\Windows\System\nTfezXe.exe
  2⤵
  PID:400
- C:\Windows\System\cjemFrB.exe
  C:\Windows\System\cjemFrB.exe
  2⤵
  PID:6420
- C:\Windows\System\rqqCMyV.exe
  C:\Windows\System\rqqCMyV.exe
  2⤵
  PID:3596
- C:\Windows\System\NEQVqMl.exe
  C:\Windows\System\NEQVqMl.exe
  2⤵
  PID:6720
- C:\Windows\System\qSprPlX.exe
  C:\Windows\System\qSprPlX.exe
  2⤵
  PID:6728
- C:\Windows\System\kTEVPYu.exe
  C:\Windows\System\kTEVPYu.exe
  2⤵
  PID:6812
- C:\Windows\System\LPSglGv.exe
  C:\Windows\System\LPSglGv.exe
  2⤵
  PID:6892
- C:\Windows\System\ZVoZUXr.exe
  C:\Windows\System\ZVoZUXr.exe
  2⤵
  PID:1784
- C:\Windows\System\FDnbKQE.exe
  C:\Windows\System\FDnbKQE.exe
  2⤵
  PID:7000
- C:\Windows\System\nHXcdRn.exe
  C:\Windows\System\nHXcdRn.exe
  2⤵
  PID:7036
- C:\Windows\System\WwOMOpy.exe
  C:\Windows\System\WwOMOpy.exe
  2⤵
  PID:1436
- C:\Windows\System\yLetKMs.exe
  C:\Windows\System\yLetKMs.exe
  2⤵
  PID:5928
- C:\Windows\System\YxxLBbE.exe
  C:\Windows\System\YxxLBbE.exe
  2⤵
  PID:5296
- C:\Windows\System\WkWkBCX.exe
  C:\Windows\System\WkWkBCX.exe
  2⤵
  PID:6416
- C:\Windows\System\bWksnbV.exe
  C:\Windows\System\bWksnbV.exe
  2⤵
  PID:6588
- C:\Windows\System\uXVYpxZ.exe
  C:\Windows\System\uXVYpxZ.exe
  2⤵
  PID:5000
- C:\Windows\System\YIOjTNH.exe
  C:\Windows\System\YIOjTNH.exe
  2⤵
  PID:4452
- C:\Windows\System\TtRlLmT.exe
  C:\Windows\System\TtRlLmT.exe
  2⤵
  PID:3724
- C:\Windows\System\PtFoDFA.exe
  C:\Windows\System\PtFoDFA.exe
  2⤵
  PID:1560
- C:\Windows\System\sbZxkBb.exe
  C:\Windows\System\sbZxkBb.exe
  2⤵
  PID:1556
- C:\Windows\System\DGqktvU.exe
  C:\Windows\System\DGqktvU.exe
  2⤵
  PID:2392
- C:\Windows\System\uxrlogV.exe
  C:\Windows\System\uxrlogV.exe
  2⤵
  PID:6724
- C:\Windows\System\bDvrKfH.exe
  C:\Windows\System\bDvrKfH.exe
  2⤵
  PID:4040
- C:\Windows\System\pTTlewL.exe
  C:\Windows\System\pTTlewL.exe
  2⤵
  PID:7196
- C:\Windows\System\UsTKDDt.exe
  C:\Windows\System\UsTKDDt.exe
  2⤵
  PID:7220
- C:\Windows\System\NBpywJp.exe
  C:\Windows\System\NBpywJp.exe
  2⤵
  PID:7240
- C:\Windows\System\bUMbmZk.exe
  C:\Windows\System\bUMbmZk.exe
  2⤵
  PID:7268
- C:\Windows\System\iZlGBEW.exe
  C:\Windows\System\iZlGBEW.exe
  2⤵
  PID:7320
- C:\Windows\System\SGHYiEj.exe
  C:\Windows\System\SGHYiEj.exe
  2⤵
  PID:7336
- C:\Windows\System\UmDTAFD.exe
  C:\Windows\System\UmDTAFD.exe
  2⤵
  PID:7356
- C:\Windows\System\EsoITJv.exe
  C:\Windows\System\EsoITJv.exe
  2⤵
  PID:7384
- C:\Windows\System\tHFKVht.exe
  C:\Windows\System\tHFKVht.exe
  2⤵
  PID:7420
- C:\Windows\System\WPGVjgf.exe
  C:\Windows\System\WPGVjgf.exe
  2⤵
  PID:7448
- C:\Windows\System\EEkYuTH.exe
  C:\Windows\System\EEkYuTH.exe
  2⤵
  PID:7488
- C:\Windows\System\ExtBbhy.exe
  C:\Windows\System\ExtBbhy.exe
  2⤵
  PID:7504
- C:\Windows\System\JHaJcCM.exe
  C:\Windows\System\JHaJcCM.exe
  2⤵
  PID:7532
- C:\Windows\System\HisuMDm.exe
  C:\Windows\System\HisuMDm.exe
  2⤵
  PID:7560
- C:\Windows\System\DevyBAL.exe
  C:\Windows\System\DevyBAL.exe
  2⤵
  PID:7584
- C:\Windows\System\QxrYzjq.exe
  C:\Windows\System\QxrYzjq.exe
  2⤵
  PID:7612
- C:\Windows\System\SIevYSk.exe
  C:\Windows\System\SIevYSk.exe
  2⤵
  PID:7640
- C:\Windows\System\KyUwzTW.exe
  C:\Windows\System\KyUwzTW.exe
  2⤵
  PID:7676
- C:\Windows\System\HOsuzTi.exe
  C:\Windows\System\HOsuzTi.exe
  2⤵
  PID:7716
- C:\Windows\System\oyGsRJZ.exe
  C:\Windows\System\oyGsRJZ.exe
  2⤵
  PID:7740
- C:\Windows\System\zNnFAUl.exe
  C:\Windows\System\zNnFAUl.exe
  2⤵
  PID:7764
- C:\Windows\System\pUEYyhZ.exe
  C:\Windows\System\pUEYyhZ.exe
  2⤵
  PID:7792
- C:\Windows\System\ArehFgy.exe
  C:\Windows\System\ArehFgy.exe
  2⤵
  PID:7816
- C:\Windows\System\NGYrLim.exe
  C:\Windows\System\NGYrLim.exe
  2⤵
  PID:7860
- C:\Windows\System\GIFeWfC.exe
  C:\Windows\System\GIFeWfC.exe
  2⤵
  PID:7888
- C:\Windows\System\TASFwLp.exe
  C:\Windows\System\TASFwLp.exe
  2⤵
  PID:7904
- C:\Windows\System\BjiLYBE.exe
  C:\Windows\System\BjiLYBE.exe
  2⤵
  PID:7924
- C:\Windows\System\ZrTeYDh.exe
  C:\Windows\System\ZrTeYDh.exe
  2⤵
  PID:7952
- C:\Windows\System\KGnsZYJ.exe
  C:\Windows\System\KGnsZYJ.exe
  2⤵
  PID:7980
- C:\Windows\System\MJtIbJu.exe
  C:\Windows\System\MJtIbJu.exe
  2⤵
  PID:8008
- C:\Windows\System\szjAmgL.exe
  C:\Windows\System\szjAmgL.exe
  2⤵
  PID:8028
- C:\Windows\System\bMKXJWB.exe
  C:\Windows\System\bMKXJWB.exe
  2⤵
  PID:8080
- C:\Windows\System\qRlzVPp.exe
  C:\Windows\System\qRlzVPp.exe
  2⤵
  PID:8104
- C:\Windows\System\NaeHuqP.exe
  C:\Windows\System\NaeHuqP.exe
  2⤵
  PID:8144
- C:\Windows\System\ngpmfZH.exe
  C:\Windows\System\ngpmfZH.exe
  2⤵
  PID:8168
- C:\Windows\System\GXzJPUK.exe
  C:\Windows\System\GXzJPUK.exe
  2⤵
  PID:8188
- C:\Windows\System\rwGnKKD.exe
  C:\Windows\System\rwGnKKD.exe
  2⤵
  PID:3208
- C:\Windows\System\hBuzREs.exe
  C:\Windows\System\hBuzREs.exe
  2⤵
  PID:7264
- C:\Windows\System\DRKTuwA.exe
  C:\Windows\System\DRKTuwA.exe
  2⤵
  PID:7376
- C:\Windows\System\bXagjbG.exe
  C:\Windows\System\bXagjbG.exe
  2⤵
  PID:7460
- C:\Windows\System\jWwcuqO.exe
  C:\Windows\System\jWwcuqO.exe
  2⤵
  PID:7516
- C:\Windows\System\GxbyhKF.exe
  C:\Windows\System\GxbyhKF.exe
  2⤵
  PID:7600
- C:\Windows\System\uSVboiT.exe
  C:\Windows\System\uSVboiT.exe
  2⤵
  PID:7540
- C:\Windows\System\QoqTsdD.exe
  C:\Windows\System\QoqTsdD.exe
  2⤵
  PID:7684
- C:\Windows\System\HhXDNZK.exe
  C:\Windows\System\HhXDNZK.exe
  2⤵
  PID:7736
- C:\Windows\System\baNpzFb.exe
  C:\Windows\System\baNpzFb.exe
  2⤵
  PID:7788
- C:\Windows\System\QwfwoRC.exe
  C:\Windows\System\QwfwoRC.exe
  2⤵
  PID:7868
- C:\Windows\System\ntOFrLE.exe
  C:\Windows\System\ntOFrLE.exe
  2⤵
  PID:7964
- C:\Windows\System\SPdQtga.exe
  C:\Windows\System\SPdQtga.exe
  2⤵
  PID:7944
- C:\Windows\System\KrWzMBS.exe
  C:\Windows\System\KrWzMBS.exe
  2⤵
  PID:8068
- C:\Windows\System\djwWXSJ.exe
  C:\Windows\System\djwWXSJ.exe
  2⤵
  PID:8132
- C:\Windows\System\UMphvjH.exe
  C:\Windows\System\UMphvjH.exe
  2⤵
  PID:8180
- C:\Windows\System\oVSLafZ.exe
  C:\Windows\System\oVSLafZ.exe
  2⤵
  PID:7276
- C:\Windows\System\TGpdQtl.exe
  C:\Windows\System\TGpdQtl.exe
  2⤵
  PID:7316
- C:\Windows\System\gJcaLEf.exe
  C:\Windows\System\gJcaLEf.exe
  2⤵
  PID:7520
- C:\Windows\System\eYRlSET.exe
  C:\Windows\System\eYRlSET.exe
  2⤵
  PID:7804
- C:\Windows\System\UUaSmaM.exe
  C:\Windows\System\UUaSmaM.exe
  2⤵
  PID:7912
- C:\Windows\System\rXjwRvD.exe
  C:\Windows\System\rXjwRvD.exe
  2⤵
  PID:8016
- C:\Windows\System\XNLAthe.exe
  C:\Windows\System\XNLAthe.exe
  2⤵
  PID:7176
- C:\Windows\System\qbVdWqv.exe
  C:\Windows\System\qbVdWqv.exe
  2⤵
  PID:7440
- C:\Windows\System\zuilfzq.exe
  C:\Windows\System\zuilfzq.exe
  2⤵
  PID:7760
- C:\Windows\System\cWUuBBi.exe
  C:\Windows\System\cWUuBBi.exe
  2⤵
  PID:7476
- C:\Windows\System\sRqYnWN.exe
  C:\Windows\System\sRqYnWN.exe
  2⤵
  PID:8100
- C:\Windows\System\iXWGbDE.exe
  C:\Windows\System\iXWGbDE.exe
  2⤵
  PID:8228
- C:\Windows\System\BEjbzqP.exe
  C:\Windows\System\BEjbzqP.exe
  2⤵
  PID:8248
- C:\Windows\System\UwlyEXL.exe
  C:\Windows\System\UwlyEXL.exe
  2⤵
  PID:8280
- C:\Windows\System\uTKaRTL.exe
  C:\Windows\System\uTKaRTL.exe
  2⤵
  PID:8304
- C:\Windows\System\KUHdGOT.exe
  C:\Windows\System\KUHdGOT.exe
  2⤵
  PID:8340
- C:\Windows\System\HcixOfx.exe
  C:\Windows\System\HcixOfx.exe
  2⤵
  PID:8360
- C:\Windows\System\DFgUhHN.exe
  C:\Windows\System\DFgUhHN.exe
  2⤵
  PID:8388
- C:\Windows\System\lgZxhif.exe
  C:\Windows\System\lgZxhif.exe
  2⤵
  PID:8416
- C:\Windows\System\vRpUDrz.exe
  C:\Windows\System\vRpUDrz.exe
  2⤵
  PID:8440
- C:\Windows\System\OaxaBGV.exe
  C:\Windows\System\OaxaBGV.exe
  2⤵
  PID:8464
- C:\Windows\System\yNRtnIO.exe
  C:\Windows\System\yNRtnIO.exe
  2⤵
  PID:8488
- C:\Windows\System\EowfgAr.exe
  C:\Windows\System\EowfgAr.exe
  2⤵
  PID:8528
- C:\Windows\System\cJiUoOP.exe
  C:\Windows\System\cJiUoOP.exe
  2⤵
  PID:8568
- C:\Windows\System\HSnyrdf.exe
  C:\Windows\System\HSnyrdf.exe
  2⤵
  PID:8588
- C:\Windows\System\LbhmHqs.exe
  C:\Windows\System\LbhmHqs.exe
  2⤵
  PID:8612
- C:\Windows\System\skCdQKo.exe
  C:\Windows\System\skCdQKo.exe
  2⤵
  PID:8636
- C:\Windows\System\XNLHxNl.exe
  C:\Windows\System\XNLHxNl.exe
  2⤵
  PID:8668
- C:\Windows\System\rBpRbnb.exe
  C:\Windows\System\rBpRbnb.exe
  2⤵
  PID:8684
- C:\Windows\System\SAsjVTz.exe
  C:\Windows\System\SAsjVTz.exe
  2⤵
  PID:8728
- C:\Windows\System\FIzzpED.exe
  C:\Windows\System\FIzzpED.exe
  2⤵
  PID:8756
- C:\Windows\System\cWcRgvb.exe
  C:\Windows\System\cWcRgvb.exe
  2⤵
  PID:8780
- C:\Windows\System\isfIyEj.exe
  C:\Windows\System\isfIyEj.exe
  2⤵
  PID:8808
- C:\Windows\System\QHoCKfK.exe
  C:\Windows\System\QHoCKfK.exe
  2⤵
  PID:8836
- C:\Windows\System\aLqxnlY.exe
  C:\Windows\System\aLqxnlY.exe
  2⤵
  PID:8860
- C:\Windows\System\VjgUkyx.exe
  C:\Windows\System\VjgUkyx.exe
  2⤵
  PID:8892
- C:\Windows\System\buDVaWc.exe
  C:\Windows\System\buDVaWc.exe
  2⤵
  PID:8916
- C:\Windows\System\jnjrQSp.exe
  C:\Windows\System\jnjrQSp.exe
  2⤵
  PID:8944
- C:\Windows\System\stdItWJ.exe
  C:\Windows\System\stdItWJ.exe
  2⤵
  PID:8992
- C:\Windows\System\IPghUfa.exe
  C:\Windows\System\IPghUfa.exe
  2⤵
  PID:9020
- C:\Windows\System\IzGANIf.exe
  C:\Windows\System\IzGANIf.exe
  2⤵
  PID:9036
- C:\Windows\System\YiDDzWi.exe
  C:\Windows\System\YiDDzWi.exe
  2⤵
  PID:9064
- C:\Windows\System\uvsnwzQ.exe
  C:\Windows\System\uvsnwzQ.exe
  2⤵
  PID:9092
- C:\Windows\System\wASDBoU.exe
  C:\Windows\System\wASDBoU.exe
  2⤵
  PID:9120
- C:\Windows\System\WoRNflJ.exe
  C:\Windows\System\WoRNflJ.exe
  2⤵
  PID:9148
- C:\Windows\System\sQbpIhn.exe
  C:\Windows\System\sQbpIhn.exe
  2⤵
  PID:9176
- C:\Windows\System\BpVWFeZ.exe
  C:\Windows\System\BpVWFeZ.exe
  2⤵
  PID:9200
- C:\Windows\System\CESDjaW.exe
  C:\Windows\System\CESDjaW.exe
  2⤵
  PID:8240
- C:\Windows\System\qYGHJyj.exe
  C:\Windows\System\qYGHJyj.exe
  2⤵
  PID:8276
- C:\Windows\System\TLdIZKR.exe
  C:\Windows\System\TLdIZKR.exe
  2⤵
  PID:8380
- C:\Windows\System\fguDggb.exe
  C:\Windows\System\fguDggb.exe
  2⤵
  PID:8432
- C:\Windows\System\WeyLrlq.exe
  C:\Windows\System\WeyLrlq.exe
  2⤵
  PID:8424
- C:\Windows\System\CdxFRlT.exe
  C:\Windows\System\CdxFRlT.exe
  2⤵
  PID:8512
- C:\Windows\System\YTyfbOF.exe
  C:\Windows\System\YTyfbOF.exe
  2⤵
  PID:8552
- C:\Windows\System\YvNzOYy.exe
  C:\Windows\System\YvNzOYy.exe
  2⤵
  PID:8596
- C:\Windows\System\LWhwpBf.exe
  C:\Windows\System\LWhwpBf.exe
  2⤵
  PID:8724
- C:\Windows\System\UHOjsjc.exe
  C:\Windows\System\UHOjsjc.exe
  2⤵
  PID:8796
- C:\Windows\System\ExXSlRz.exe
  C:\Windows\System\ExXSlRz.exe
  2⤵
  PID:8848
- C:\Windows\System\eNGsWMU.exe
  C:\Windows\System\eNGsWMU.exe
  2⤵
  PID:8912
- C:\Windows\System\gRPdYHV.exe
  C:\Windows\System\gRPdYHV.exe
  2⤵
  PID:8972
- C:\Windows\System\kTfiRRJ.exe
  C:\Windows\System\kTfiRRJ.exe
  2⤵
  PID:9008
- C:\Windows\System\OKUcfJx.exe
  C:\Windows\System\OKUcfJx.exe
  2⤵
  PID:9084
- C:\Windows\System\LAKDzqC.exe
  C:\Windows\System\LAKDzqC.exe
  2⤵
  PID:9136
- C:\Windows\System\KUvmoCu.exe
  C:\Windows\System\KUvmoCu.exe
  2⤵
  PID:8212
- C:\Windows\System\xIxujJM.exe
  C:\Windows\System\xIxujJM.exe
  2⤵
  PID:8356
- C:\Windows\System\WMDqyCV.exe
  C:\Windows\System\WMDqyCV.exe
  2⤵
  PID:8456
- C:\Windows\System\RnWMKkJ.exe
  C:\Windows\System\RnWMKkJ.exe
  2⤵
  PID:8648
- C:\Windows\System\GcTIUha.exe
  C:\Windows\System\GcTIUha.exe
  2⤵
  PID:8744
- C:\Windows\System\IaMzmzw.exe
  C:\Windows\System\IaMzmzw.exe
  2⤵
  PID:8940
- C:\Windows\System\xuzKTjQ.exe
  C:\Windows\System\xuzKTjQ.exe
  2⤵
  PID:9140
- C:\Windows\System\Qjbaxss.exe
  C:\Windows\System\Qjbaxss.exe
  2⤵
  PID:8300
- C:\Windows\System\kpYKGZj.exe
  C:\Windows\System\kpYKGZj.exe
  2⤵
  PID:9188
- C:\Windows\System\VlDPQiX.exe
  C:\Windows\System\VlDPQiX.exe
  2⤵
  PID:9132
- C:\Windows\System\qkjvswk.exe
  C:\Windows\System\qkjvswk.exe
  2⤵
  PID:9224
- C:\Windows\System\otvPHqn.exe
  C:\Windows\System\otvPHqn.exe
  2⤵
  PID:9284
- C:\Windows\System\xQPUTHd.exe
  C:\Windows\System\xQPUTHd.exe
  2⤵
  PID:9316
- C:\Windows\System\SmOILcT.exe
  C:\Windows\System\SmOILcT.exe
  2⤵
  PID:9348
- C:\Windows\System\uIvESdn.exe
  C:\Windows\System\uIvESdn.exe
  2⤵
  PID:9364
- C:\Windows\System\PGhClwJ.exe
  C:\Windows\System\PGhClwJ.exe
  2⤵
  PID:9392
- C:\Windows\System\adWPsdH.exe
  C:\Windows\System\adWPsdH.exe
  2⤵
  PID:9408
- C:\Windows\System\QPuBfsl.exe
  C:\Windows\System\QPuBfsl.exe
  2⤵
  PID:9440
- C:\Windows\System\xayQHiC.exe
  C:\Windows\System\xayQHiC.exe
  2⤵
  PID:9468
- C:\Windows\System\ZRfLzNV.exe
  C:\Windows\System\ZRfLzNV.exe
  2⤵
  PID:9492
- C:\Windows\System\yvECIla.exe
  C:\Windows\System\yvECIla.exe
  2⤵
  PID:9520
- C:\Windows\System\HeXQPPA.exe
  C:\Windows\System\HeXQPPA.exe
  2⤵
  PID:9560
- C:\Windows\System\aXVjYdf.exe
  C:\Windows\System\aXVjYdf.exe
  2⤵
  PID:9588
- C:\Windows\System\pKFtmkr.exe
  C:\Windows\System\pKFtmkr.exe
  2⤵
  PID:9608
- C:\Windows\System\vBzcxia.exe
  C:\Windows\System\vBzcxia.exe
  2⤵
  PID:9636
- C:\Windows\System\jmMoHHk.exe
  C:\Windows\System\jmMoHHk.exe
  2⤵
  PID:9672
- C:\Windows\System\bPccNEB.exe
  C:\Windows\System\bPccNEB.exe
  2⤵
  PID:9712
- C:\Windows\System\UNwSVGL.exe
  C:\Windows\System\UNwSVGL.exe
  2⤵
  PID:9740
- C:\Windows\System\Xmtphfo.exe
  C:\Windows\System\Xmtphfo.exe
  2⤵
  PID:9768
- C:\Windows\System\pYiLkhx.exe
  C:\Windows\System\pYiLkhx.exe
  2⤵
  PID:9784
- C:\Windows\System\NGYCQut.exe
  C:\Windows\System\NGYCQut.exe
  2⤵
  PID:9820
- C:\Windows\System\AplsboA.exe
  C:\Windows\System\AplsboA.exe
  2⤵
  PID:9844
- C:\Windows\System\eFivgEe.exe
  C:\Windows\System\eFivgEe.exe
  2⤵
  PID:9864
- C:\Windows\System\ceFHeKn.exe
  C:\Windows\System\ceFHeKn.exe
  2⤵
  PID:9884
- C:\Windows\System\nNoiyUK.exe
  C:\Windows\System\nNoiyUK.exe
  2⤵
  PID:9900
- C:\Windows\System\KaFTGRl.exe
  C:\Windows\System\KaFTGRl.exe
  2⤵
  PID:9924
- C:\Windows\System\tCyHzkD.exe
  C:\Windows\System\tCyHzkD.exe
  2⤵
  PID:9960
- C:\Windows\System\otqDhph.exe
  C:\Windows\System\otqDhph.exe
  2⤵
  PID:9988
- C:\Windows\System\qijGpbo.exe
  C:\Windows\System\qijGpbo.exe
  2⤵
  PID:10012
- C:\Windows\System\XUpzNvF.exe
  C:\Windows\System\XUpzNvF.exe
  2⤵
  PID:10040
- C:\Windows\System\hPJVJit.exe
  C:\Windows\System\hPJVJit.exe
  2⤵
  PID:10076
- C:\Windows\System\xQcouHX.exe
  C:\Windows\System\xQcouHX.exe
  2⤵
  PID:10104
- C:\Windows\System\ElgWZLe.exe
  C:\Windows\System\ElgWZLe.exe
  2⤵
  PID:10132
- C:\Windows\System\kHuHKQq.exe
  C:\Windows\System\kHuHKQq.exe
  2⤵
  PID:10172
- C:\Windows\System\FbzTgzD.exe
  C:\Windows\System\FbzTgzD.exe
  2⤵
  PID:10204
- C:\Windows\System\TemZgQw.exe
  C:\Windows\System\TemZgQw.exe
  2⤵
  PID:10228
- C:\Windows\System\OWvRmeK.exe
  C:\Windows\System\OWvRmeK.exe
  2⤵
  PID:9244
- C:\Windows\System\aczNCoy.exe
  C:\Windows\System\aczNCoy.exe
  2⤵
  PID:9028
- C:\Windows\System\URgmCyP.exe
  C:\Windows\System\URgmCyP.exe
  2⤵
  PID:9300
- C:\Windows\System\ITWUxgY.exe
  C:\Windows\System\ITWUxgY.exe
  2⤵
  PID:9356
- C:\Windows\System\WfDnkxG.exe
  C:\Windows\System\WfDnkxG.exe
  2⤵
  PID:9432
- C:\Windows\System\ioJBCmM.exe
  C:\Windows\System\ioJBCmM.exe
  2⤵
  PID:9480
- C:\Windows\System\xnoFyLh.exe
  C:\Windows\System\xnoFyLh.exe
  2⤵
  PID:9576
- C:\Windows\System\eHoFPUk.exe
  C:\Windows\System\eHoFPUk.exe
  2⤵
  PID:9604
- C:\Windows\System\UxdBOBj.exe
  C:\Windows\System\UxdBOBj.exe
  2⤵
  PID:9692
- C:\Windows\System\XGjDnvr.exe
  C:\Windows\System\XGjDnvr.exe
  2⤵
  PID:9764
- C:\Windows\System\EMsDHoA.exe
  C:\Windows\System\EMsDHoA.exe
  2⤵
  PID:9828
- C:\Windows\System\EgtQIgI.exe
  C:\Windows\System\EgtQIgI.exe
  2⤵
  PID:9852
- C:\Windows\System\Lhbvuyf.exe
  C:\Windows\System\Lhbvuyf.exe
  2⤵
  PID:9984
- C:\Windows\System\vzcOYRU.exe
  C:\Windows\System\vzcOYRU.exe
  2⤵
  PID:10084
- C:\Windows\System\yraZMHu.exe
  C:\Windows\System\yraZMHu.exe
  2⤵
  PID:10116
- C:\Windows\System\iZaUnCP.exe
  C:\Windows\System\iZaUnCP.exe
  2⤵
  PID:10160
- C:\Windows\System\EyKOKOe.exe
  C:\Windows\System\EyKOKOe.exe
  2⤵
  PID:10216
- C:\Windows\System\SrSXpTO.exe
  C:\Windows\System\SrSXpTO.exe
  2⤵
  PID:9272
- C:\Windows\System\yLVBeEn.exe
  C:\Windows\System\yLVBeEn.exe
  2⤵
  PID:9456
- C:\Windows\System\saMDxoB.exe
  C:\Windows\System\saMDxoB.exe
  2⤵
  PID:9512
- C:\Windows\System\VJviqcp.exe
  C:\Windows\System\VJviqcp.exe
  2⤵
  PID:9540
- C:\Windows\System\VhocJTU.exe
  C:\Windows\System\VhocJTU.exe
  2⤵
  PID:9876
- C:\Windows\System\TZPbNqE.exe
  C:\Windows\System\TZPbNqE.exe
  2⤵
  PID:9896
- C:\Windows\System\UfQLYwj.exe
  C:\Windows\System\UfQLYwj.exe
  2⤵
  PID:10088
- C:\Windows\System\pxjuKdk.exe
  C:\Windows\System\pxjuKdk.exe
  2⤵
  PID:9632
- C:\Windows\System\FwIHNzK.exe
  C:\Windows\System\FwIHNzK.exe
  2⤵
  PID:9756
- C:\Windows\System\dLndrGR.exe
  C:\Windows\System\dLndrGR.exe
  2⤵
  PID:9996
- C:\Windows\System\BMXrtDB.exe
  C:\Windows\System\BMXrtDB.exe
  2⤵
  PID:9856
- C:\Windows\System\VAADiud.exe
  C:\Windows\System\VAADiud.exe
  2⤵
  PID:10256
- C:\Windows\System\CpAYIdO.exe
  C:\Windows\System\CpAYIdO.exe
  2⤵
  PID:10284
- C:\Windows\System\ZgRlVvJ.exe
  C:\Windows\System\ZgRlVvJ.exe
  2⤵
  PID:10300
- C:\Windows\System\XHOQtvy.exe
  C:\Windows\System\XHOQtvy.exe
  2⤵
  PID:10328
- C:\Windows\System\soVmAhY.exe
  C:\Windows\System\soVmAhY.exe
  2⤵
  PID:10352
- C:\Windows\System\GAWpvee.exe
  C:\Windows\System\GAWpvee.exe
  2⤵
  PID:10380
- C:\Windows\System\CylziXh.exe
  C:\Windows\System\CylziXh.exe
  2⤵
  PID:10400
- C:\Windows\System\nDRHleX.exe
  C:\Windows\System\nDRHleX.exe
  2⤵
  PID:10432
- C:\Windows\System\wJHALhO.exe
  C:\Windows\System\wJHALhO.exe
  2⤵
  PID:10464
- C:\Windows\System\DnlPpat.exe
  C:\Windows\System\DnlPpat.exe
  2⤵
  PID:10512
- C:\Windows\System\JbhARnV.exe
  C:\Windows\System\JbhARnV.exe
  2⤵
  PID:10536
- C:\Windows\System\RYDOdcH.exe
  C:\Windows\System\RYDOdcH.exe
  2⤵
  PID:10564
- C:\Windows\System\HNgGlZa.exe
  C:\Windows\System\HNgGlZa.exe
  2⤵
  PID:10584
- C:\Windows\System\LqXGtJT.exe
  C:\Windows\System\LqXGtJT.exe
  2⤵
  PID:10616
- C:\Windows\System\EZIVrAq.exe
  C:\Windows\System\EZIVrAq.exe
  2⤵
  PID:10640
- C:\Windows\System\iVIHPbz.exe
  C:\Windows\System\iVIHPbz.exe
  2⤵
  PID:10656
- C:\Windows\System\DRFqhvz.exe
  C:\Windows\System\DRFqhvz.exe
  2⤵
  PID:10692
- C:\Windows\System\nSnsxwY.exe
  C:\Windows\System\nSnsxwY.exe
  2⤵
  PID:10724
- C:\Windows\System\zNxxIuq.exe
  C:\Windows\System\zNxxIuq.exe
  2⤵
  PID:10744
- C:\Windows\System\bxYsTGT.exe
  C:\Windows\System\bxYsTGT.exe
  2⤵
  PID:10780
- C:\Windows\System\fworALI.exe
  C:\Windows\System\fworALI.exe
  2⤵
  PID:10816
- C:\Windows\System\DrQPnRg.exe
  C:\Windows\System\DrQPnRg.exe
  2⤵
  PID:10836
- C:\Windows\System\TtvmcvI.exe
  C:\Windows\System\TtvmcvI.exe
  2⤵
  PID:10876
- C:\Windows\System\VxAEiSs.exe
  C:\Windows\System\VxAEiSs.exe
  2⤵
  PID:10900
- C:\Windows\System\rADKkux.exe
  C:\Windows\System\rADKkux.exe
  2⤵
  PID:10932
- C:\Windows\System\VWRBqqz.exe
  C:\Windows\System\VWRBqqz.exe
  2⤵
  PID:10948
- C:\Windows\System\qjxVWNB.exe
  C:\Windows\System\qjxVWNB.exe
  2⤵
  PID:10972
- C:\Windows\System\aXrRHcS.exe
  C:\Windows\System\aXrRHcS.exe
  2⤵
  PID:10992
- C:\Windows\System\PFjGjmI.exe
  C:\Windows\System\PFjGjmI.exe
  2⤵
  PID:11016
- C:\Windows\System\WCHCQcQ.exe
  C:\Windows\System\WCHCQcQ.exe
  2⤵
  PID:11044
- C:\Windows\System\owOruaG.exe
  C:\Windows\System\owOruaG.exe
  2⤵
  PID:11092
- C:\Windows\System\lOzGgTM.exe
  C:\Windows\System\lOzGgTM.exe
  2⤵
  PID:11112
- C:\Windows\System\pGqXezB.exe
  C:\Windows\System\pGqXezB.exe
  2⤵
  PID:11136
- C:\Windows\System\YQHBlUG.exe
  C:\Windows\System\YQHBlUG.exe
  2⤵
  PID:11164
- C:\Windows\System\kwSFyJJ.exe
  C:\Windows\System\kwSFyJJ.exe
  2⤵
  PID:11188
- C:\Windows\System\xqFtoiz.exe
  C:\Windows\System\xqFtoiz.exe
  2⤵
  PID:11212
- C:\Windows\System\DESCZxa.exe
  C:\Windows\System\DESCZxa.exe
  2⤵
  PID:11240
- C:\Windows\System\xdeYeqE.exe
  C:\Windows\System\xdeYeqE.exe
  2⤵
  PID:10268
- C:\Windows\System\lebyXEl.exe
  C:\Windows\System\lebyXEl.exe
  2⤵
  PID:10348
- C:\Windows\System\QzhqFsz.exe
  C:\Windows\System\QzhqFsz.exe
  2⤵
  PID:10368
- C:\Windows\System\pRueZUz.exe
  C:\Windows\System\pRueZUz.exe
  2⤵
  PID:10444
- C:\Windows\System\MftrZie.exe
  C:\Windows\System\MftrZie.exe
  2⤵
  PID:10488
- C:\Windows\System\iCvGoho.exe
  C:\Windows\System\iCvGoho.exe
  2⤵
  PID:10600
- C:\Windows\System\qmockbB.exe
  C:\Windows\System\qmockbB.exe
  2⤵
  PID:10652
- C:\Windows\System\vzcAulC.exe
  C:\Windows\System\vzcAulC.exe
  2⤵
  PID:10732
- C:\Windows\System\rjuNyGJ.exe
  C:\Windows\System\rjuNyGJ.exe
  2⤵
  PID:10800
- C:\Windows\System\xeTnZZf.exe
  C:\Windows\System\xeTnZZf.exe
  2⤵
  PID:10856
- C:\Windows\System\iZnmIXm.exe
  C:\Windows\System\iZnmIXm.exe
  2⤵
  PID:10916
- C:\Windows\System\iUJiKfi.exe
  C:\Windows\System\iUJiKfi.exe
  2⤵
  PID:11004
- C:\Windows\System\nEekcMV.exe
  C:\Windows\System\nEekcMV.exe
  2⤵
  PID:11060
- C:\Windows\System\cTqfyIK.exe
  C:\Windows\System\cTqfyIK.exe
  2⤵
  PID:11108
- C:\Windows\System\AtwMwop.exe
  C:\Windows\System\AtwMwop.exe
  2⤵
  PID:11176
- C:\Windows\System\emrBSmc.exe
  C:\Windows\System\emrBSmc.exe
  2⤵
  PID:10244
- C:\Windows\System\GhQGbUX.exe
  C:\Windows\System\GhQGbUX.exe
  2⤵
  PID:10576
- C:\Windows\System\kgWoZUR.exe
  C:\Windows\System\kgWoZUR.exe
  2⤵
  PID:10704
- C:\Windows\System\GNqcYNb.exe
  C:\Windows\System\GNqcYNb.exe
  2⤵
  PID:10708
- C:\Windows\System\WjsKJCk.exe
  C:\Windows\System\WjsKJCk.exe
  2⤵
  PID:10772
- C:\Windows\System\PKtdxLh.exe
  C:\Windows\System\PKtdxLh.exe
  2⤵
  PID:10968
- C:\Windows\System\oVlVhni.exe
  C:\Windows\System\oVlVhni.exe
  2⤵
  PID:10944
- C:\Windows\System\oqOeNpp.exe
  C:\Windows\System\oqOeNpp.exe
  2⤵
  PID:11104
- C:\Windows\System\YpzWOFN.exe
  C:\Windows\System\YpzWOFN.exe
  2⤵
  PID:11172
- C:\Windows\System\fyfHSub.exe
  C:\Windows\System\fyfHSub.exe
  2⤵
  PID:4784
- C:\Windows\System\AFihgRh.exe
  C:\Windows\System\AFihgRh.exe
  2⤵
  PID:10252
- C:\Windows\System\gALrqbZ.exe
  C:\Windows\System\gALrqbZ.exe
  2⤵
  PID:752
- C:\Windows\System\QaDySRG.exe
  C:\Windows\System\QaDySRG.exe
  2⤵
  PID:10556
- C:\Windows\System\gStmFVj.exe
  C:\Windows\System\gStmFVj.exe
  2⤵
  PID:11028
- C:\Windows\System\GKtNGsp.exe
  C:\Windows\System\GKtNGsp.exe
  2⤵
  PID:11284
- C:\Windows\System\xGkzNBh.exe
  C:\Windows\System\xGkzNBh.exe
  2⤵
  PID:11304
- C:\Windows\System\bAiNfLb.exe
  C:\Windows\System\bAiNfLb.exe
  2⤵
  PID:11356
- C:\Windows\System\olEqkwf.exe
  C:\Windows\System\olEqkwf.exe
  2⤵
  PID:11372
- C:\Windows\System\QHLghmo.exe
  C:\Windows\System\QHLghmo.exe
  2⤵
  PID:11388
- C:\Windows\System\gfBWIvO.exe
  C:\Windows\System\gfBWIvO.exe
  2⤵
  PID:11408
- C:\Windows\System\DXsKuUz.exe
  C:\Windows\System\DXsKuUz.exe
  2⤵
  PID:11444
- C:\Windows\System\UdWIwNa.exe
  C:\Windows\System\UdWIwNa.exe
  2⤵
  PID:11464
- C:\Windows\System\eBXNoNo.exe
  C:\Windows\System\eBXNoNo.exe
  2⤵
  PID:11480
- C:\Windows\System\UoUPsJe.exe
  C:\Windows\System\UoUPsJe.exe
  2⤵
  PID:11512
- C:\Windows\System\gnyVPni.exe
  C:\Windows\System\gnyVPni.exe
  2⤵
  PID:11532
- C:\Windows\System\pknaEeq.exe
  C:\Windows\System\pknaEeq.exe
  2⤵
  PID:11556
- C:\Windows\System\kuNnCYU.exe
  C:\Windows\System\kuNnCYU.exe
  2⤵
  PID:11580
- C:\Windows\System\EBkwAZk.exe
  C:\Windows\System\EBkwAZk.exe
  2⤵
  PID:11596
- C:\Windows\System\hErrwaQ.exe
  C:\Windows\System\hErrwaQ.exe
  2⤵
  PID:11616
- C:\Windows\System\MUwTDwm.exe
  C:\Windows\System\MUwTDwm.exe
  2⤵
  PID:11648
- C:\Windows\System\LKeZyQk.exe
  C:\Windows\System\LKeZyQk.exe
  2⤵
  PID:11676
- C:\Windows\System\mBBkmgZ.exe
  C:\Windows\System\mBBkmgZ.exe
  2⤵
  PID:11720
- C:\Windows\System\gKDFgpx.exe
  C:\Windows\System\gKDFgpx.exe
  2⤵
  PID:11784
- C:\Windows\System\zUsCdiY.exe
  C:\Windows\System\zUsCdiY.exe
  2⤵
  PID:11820
- C:\Windows\System\XusqtDq.exe
  C:\Windows\System\XusqtDq.exe
  2⤵
  PID:11852
- C:\Windows\System\IgyieFP.exe
  C:\Windows\System\IgyieFP.exe
  2⤵
  PID:11880
- C:\Windows\System\AafVcAJ.exe
  C:\Windows\System\AafVcAJ.exe
  2⤵
  PID:11904
- C:\Windows\System\bKoIOOC.exe
  C:\Windows\System\bKoIOOC.exe
  2⤵
  PID:11948
- C:\Windows\System\kVtPiKC.exe
  C:\Windows\System\kVtPiKC.exe
  2⤵
  PID:11976
- C:\Windows\System\FXWGvMy.exe
  C:\Windows\System\FXWGvMy.exe
  2⤵
  PID:11992
- C:\Windows\System\DQiPZTS.exe
  C:\Windows\System\DQiPZTS.exe
  2⤵
  PID:12008
- C:\Windows\System\XJfABZk.exe
  C:\Windows\System\XJfABZk.exe
  2⤵
  PID:12024
- C:\Windows\System\zcWBnYc.exe
  C:\Windows\System\zcWBnYc.exe
  2⤵
  PID:12040
- C:\Windows\System\HfURiaf.exe
  C:\Windows\System\HfURiaf.exe
  2⤵
  PID:12056
- C:\Windows\System\CFBceog.exe
  C:\Windows\System\CFBceog.exe
  2⤵
  PID:12140
- C:\Windows\System\iMAfNyL.exe
  C:\Windows\System\iMAfNyL.exe
  2⤵
  PID:12172
- C:\Windows\System\DnTDGQL.exe
  C:\Windows\System\DnTDGQL.exe
  2⤵
  PID:12192
- C:\Windows\System\LUOMmha.exe
  C:\Windows\System\LUOMmha.exe
  2⤵
  PID:12216
- C:\Windows\System\OSZooKD.exe
  C:\Windows\System\OSZooKD.exe
  2⤵
  PID:12244
- C:\Windows\System\AgLxYHh.exe
  C:\Windows\System\AgLxYHh.exe
  2⤵
  PID:11036
- C:\Windows\System\cjhwUhe.exe
  C:\Windows\System\cjhwUhe.exe
  2⤵
  PID:11328
- C:\Windows\System\vTQNGWH.exe
  C:\Windows\System\vTQNGWH.exe
  2⤵
  PID:11348
- C:\Windows\System\oSWEtjn.exe
  C:\Windows\System\oSWEtjn.exe
  2⤵
  PID:11456
- C:\Windows\System\AjkLYYS.exe
  C:\Windows\System\AjkLYYS.exe
  2⤵
  PID:11504
- C:\Windows\System\yMEDAsm.exe
  C:\Windows\System\yMEDAsm.exe
  2⤵
  PID:11576
- C:\Windows\System\LrKPLSx.exe
  C:\Windows\System\LrKPLSx.exe
  2⤵
  PID:11640
- C:\Windows\System\NhOFmUM.exe
  C:\Windows\System\NhOFmUM.exe
  2⤵
  PID:11704
- C:\Windows\System\ECDLslq.exe
  C:\Windows\System\ECDLslq.exe
  2⤵
  PID:11796
- C:\Windows\System\AttvYgw.exe
  C:\Windows\System\AttvYgw.exe
  2⤵
  PID:11844
- C:\Windows\System\TXtNdkJ.exe
  C:\Windows\System\TXtNdkJ.exe
  2⤵
  PID:11940
- C:\Windows\System\ttQQEol.exe
  C:\Windows\System\ttQQEol.exe
  2⤵
  PID:11964
- C:\Windows\System\xuoMXhk.exe
  C:\Windows\System\xuoMXhk.exe
  2⤵
  PID:12068
- C:\Windows\System\vmQsPAJ.exe
  C:\Windows\System\vmQsPAJ.exe
  2⤵
  PID:12096
- C:\Windows\System\oAzscer.exe
  C:\Windows\System\oAzscer.exe
  2⤵
  PID:12148
- C:\Windows\System\FGotfgA.exe
  C:\Windows\System\FGotfgA.exe
  2⤵
  PID:12208
- C:\Windows\System\ehEoaIu.exe
  C:\Windows\System\ehEoaIu.exe
  2⤵
  PID:11364
- C:\Windows\System\VADNseA.exe
  C:\Windows\System\VADNseA.exe
  2⤵
  PID:11572
- C:\Windows\System\zwUfGNC.exe
  C:\Windows\System\zwUfGNC.exe
  2⤵
  PID:11792
- C:\Windows\System\qYrgbNb.exe
  C:\Windows\System\qYrgbNb.exe
  2⤵
  PID:11872
- C:\Windows\System\gkmfSGv.exe
  C:\Windows\System\gkmfSGv.exe
  2⤵
  PID:12016
- C:\Windows\System\ODhvXtT.exe
  C:\Windows\System\ODhvXtT.exe
  2⤵
  PID:12200
- C:\Windows\System\NrBUZXI.exe
  C:\Windows\System\NrBUZXI.exe
  2⤵
  PID:11280
- C:\Windows\System\dkmEDAL.exe
  C:\Windows\System\dkmEDAL.exe
  2⤵
  PID:11476
- C:\Windows\System\unLXjBY.exe
  C:\Windows\System\unLXjBY.exe
  2⤵
  PID:11984
- C:\Windows\System\ZwoKenG.exe
  C:\Windows\System\ZwoKenG.exe
  2⤵
  PID:11668
- C:\Windows\System\GzrUxgr.exe
  C:\Windows\System\GzrUxgr.exe
  2⤵
  PID:12304
- C:\Windows\System\rzUoRUf.exe
  C:\Windows\System\rzUoRUf.exe
  2⤵
  PID:12328
- C:\Windows\System\oXOQjAp.exe
  C:\Windows\System\oXOQjAp.exe
  2⤵
  PID:12356
- C:\Windows\System\DOmACFt.exe
  C:\Windows\System\DOmACFt.exe
  2⤵
  PID:12388
- C:\Windows\System\bLLaAYn.exe
  C:\Windows\System\bLLaAYn.exe
  2⤵
  PID:12420
- C:\Windows\System\ioneDTL.exe
  C:\Windows\System\ioneDTL.exe
  2⤵
  PID:12444
- C:\Windows\System\UfcbkZw.exe
  C:\Windows\System\UfcbkZw.exe
  2⤵
  PID:12460
- C:\Windows\System\dVpSMIJ.exe
  C:\Windows\System\dVpSMIJ.exe
  2⤵
  PID:12500
- C:\Windows\System\crsdfbg.exe
  C:\Windows\System\crsdfbg.exe
  2⤵
  PID:12536
- C:\Windows\System\oycjPfH.exe
  C:\Windows\System\oycjPfH.exe
  2⤵
  PID:12584
- C:\Windows\System\QXrnoaZ.exe
  C:\Windows\System\QXrnoaZ.exe
  2⤵
  PID:12604
- C:\Windows\System\LqLlSwK.exe
  C:\Windows\System\LqLlSwK.exe
  2⤵
  PID:12632
- C:\Windows\System\HTfnTDw.exe
  C:\Windows\System\HTfnTDw.exe
  2⤵
  PID:12660
- C:\Windows\System\jaMOKaE.exe
  C:\Windows\System\jaMOKaE.exe
  2⤵
  PID:12696
- C:\Windows\System\IsBtZIJ.exe
  C:\Windows\System\IsBtZIJ.exe
  2⤵
  PID:12724
- C:\Windows\System\uiVHBRs.exe
  C:\Windows\System\uiVHBRs.exe
  2⤵
  PID:12756
- C:\Windows\System\QgwmpVO.exe
  C:\Windows\System\QgwmpVO.exe
  2⤵
  PID:12792
- C:\Windows\System\zSDvilZ.exe
  C:\Windows\System\zSDvilZ.exe
  2⤵
  PID:12816
- C:\Windows\System\TGurpOt.exe
  C:\Windows\System\TGurpOt.exe
  2⤵
  PID:12836
- C:\Windows\System\NKhkyrx.exe
  C:\Windows\System\NKhkyrx.exe
  2⤵
  PID:12856
- C:\Windows\System\WKWzrBr.exe
  C:\Windows\System\WKWzrBr.exe
  2⤵
  PID:12880
- C:\Windows\System\vMGXVaE.exe
  C:\Windows\System\vMGXVaE.exe
  2⤵
  PID:12908
- C:\Windows\System\EzeQaPQ.exe
  C:\Windows\System\EzeQaPQ.exe
  2⤵
  PID:12928
- C:\Windows\System\qehMaWv.exe
  C:\Windows\System\qehMaWv.exe
  2⤵
  PID:12960
- C:\Windows\System\mGchEyA.exe
  C:\Windows\System\mGchEyA.exe
  2⤵
  PID:13000
- C:\Windows\System\dCVTPHn.exe
  C:\Windows\System\dCVTPHn.exe
  2⤵
  PID:13028
- C:\Windows\System\fuLpLYz.exe
  C:\Windows\System\fuLpLYz.exe
  2⤵
  PID:13072
- C:\Windows\System\CbLsunY.exe
  C:\Windows\System\CbLsunY.exe
  2⤵
  PID:13088
- C:\Windows\System\dNuxaHa.exe
  C:\Windows\System\dNuxaHa.exe
  2⤵
  PID:13116
- C:\Windows\System\WMlpjzt.exe
  C:\Windows\System\WMlpjzt.exe
  2⤵
  PID:13136
- C:\Windows\System\AjcBtiW.exe
  C:\Windows\System\AjcBtiW.exe
  2⤵
  PID:13172
- C:\Windows\System\otutmpM.exe
  C:\Windows\System\otutmpM.exe
  2⤵
  PID:13216
- C:\Windows\System\wVexwGw.exe
  C:\Windows\System\wVexwGw.exe
  2⤵
  PID:13240
- C:\Windows\System\QHSooRj.exe
  C:\Windows\System\QHSooRj.exe
  2⤵
  PID:13260
- C:\Windows\System\gxwmVZH.exe
  C:\Windows\System\gxwmVZH.exe
  2⤵
  PID:13280
- C:\Windows\System\aEpwpOI.exe
  C:\Windows\System\aEpwpOI.exe
  2⤵
  PID:13304
- C:\Windows\System\CAwSaXw.exe
  C:\Windows\System\CAwSaXw.exe
  2⤵
  PID:12004
- C:\Windows\System\UIczMKf.exe
  C:\Windows\System\UIczMKf.exe
  2⤵
  PID:12324
- C:\Windows\System\kxuGpVJ.exe
  C:\Windows\System\kxuGpVJ.exe
  2⤵
  PID:12412
- C:\Windows\System\yoirerY.exe
  C:\Windows\System\yoirerY.exe
  2⤵
  PID:12484
- C:\Windows\System\wfXqfqp.exe
  C:\Windows\System\wfXqfqp.exe
  2⤵
  PID:12524
- C:\Windows\System\JYAIIfH.exe
  C:\Windows\System\JYAIIfH.exe
  2⤵
  PID:12600
- C:\Windows\System\XjuIEEo.exe
  C:\Windows\System\XjuIEEo.exe
  2⤵
  PID:12648
- C:\Windows\System\zgHiDiU.exe
  C:\Windows\System\zgHiDiU.exe
  2⤵
  PID:12688
- C:\Windows\System\hzWEQSx.exe
  C:\Windows\System\hzWEQSx.exe
  2⤵
  PID:12780
- C:\Windows\System\BMguPBK.exe
  C:\Windows\System\BMguPBK.exe
  2⤵
  PID:12852
- C:\Windows\System\xvCrEdj.exe
  C:\Windows\System\xvCrEdj.exe
  2⤵
  PID:12892
- C:\Windows\System\qvjBcRW.exe
  C:\Windows\System\qvjBcRW.exe
  2⤵
  PID:12924
- C:\Windows\System\TpeFvXu.exe
  C:\Windows\System\TpeFvXu.exe
  2⤵
  PID:12988
- C:\Windows\System\FsEitxj.exe
  C:\Windows\System\FsEitxj.exe
  2⤵
  PID:13048
- C:\Windows\System\KDNxYAV.exe
  C:\Windows\System\KDNxYAV.exe
  2⤵
  PID:13208
- C:\Windows\System\rLwxnVV.exe
  C:\Windows\System\rLwxnVV.exe
  2⤵
  PID:12316
- C:\Windows\System\cdzXuvk.exe
  C:\Windows\System\cdzXuvk.exe
  2⤵
  PID:12400
- C:\Windows\System\MfpDsAm.exe
  C:\Windows\System\MfpDsAm.exe
  2⤵
  PID:12596
- C:\Windows\System\zqRxZhO.exe
  C:\Windows\System\zqRxZhO.exe
  2⤵
  PID:12680
- C:\Windows\System\hIjLcCO.exe
  C:\Windows\System\hIjLcCO.exe
  2⤵
  PID:12800
- C:\Windows\System\mbWiyjI.exe
  C:\Windows\System\mbWiyjI.exe
  2⤵
  PID:12844
- C:\Windows\System\gHIuojK.exe
  C:\Windows\System\gHIuojK.exe
  2⤵
  PID:12952
- C:\Windows\System\wCeavDb.exe
  C:\Windows\System\wCeavDb.exe
  2⤵
  PID:13300
- C:\Windows\System\AHaLbug.exe
  C:\Windows\System\AHaLbug.exe
  2⤵
  PID:13164
- C:\Windows\System\TeqWXct.exe
  C:\Windows\System\TeqWXct.exe
  2⤵
  PID:11292
- C:\Windows\System\NkhHogP.exe
  C:\Windows\System\NkhHogP.exe
  2⤵
  PID:12752
- C:\Windows\System\RqVxWgB.exe
  C:\Windows\System\RqVxWgB.exe
  2⤵
  PID:12992
- C:\Windows\System\imClhWc.exe
  C:\Windows\System\imClhWc.exe
  2⤵
  PID:13080
- C:\Windows\System\qLSjYYG.exe
  C:\Windows\System\qLSjYYG.exe
  2⤵
  PID:13332
- C:\Windows\System\gNeiGPD.exe
  C:\Windows\System\gNeiGPD.exe
  2⤵
  PID:13384
- C:\Windows\System\SzOkGxF.exe
  C:\Windows\System\SzOkGxF.exe
  2⤵
  PID:13420
- C:\Windows\System\kopfABU.exe
  C:\Windows\System\kopfABU.exe
  2⤵
  PID:13440
- C:\Windows\System\aKsnyzt.exe
  C:\Windows\System\aKsnyzt.exe
  2⤵
  PID:13476
- C:\Windows\System\HAEcjCp.exe
  C:\Windows\System\HAEcjCp.exe
  2⤵
  PID:13508
- C:\Windows\System\QTVUOfQ.exe
  C:\Windows\System\QTVUOfQ.exe
  2⤵
  PID:13536
- C:\Windows\System\IuaxMPg.exe
  C:\Windows\System\IuaxMPg.exe
  2⤵
  PID:13556
- C:\Windows\System\jPaKOUW.exe
  C:\Windows\System\jPaKOUW.exe
  2⤵
  PID:13612
- C:\Windows\System\IolgDWi.exe
  C:\Windows\System\IolgDWi.exe
  2⤵
  PID:13636
- C:\Windows\System\iFPmEOx.exe
  C:\Windows\System\iFPmEOx.exe
  2⤵
  PID:13660
- C:\Windows\System\gpgQOGQ.exe
  C:\Windows\System\gpgQOGQ.exe
  2⤵
  PID:13704
- C:\Windows\System\TYjSAUa.exe
  C:\Windows\System\TYjSAUa.exe
  2⤵
  PID:13732
- C:\Windows\System\oEappov.exe
  C:\Windows\System\oEappov.exe
  2⤵
  PID:13752
- C:\Windows\System\LDhLlBY.exe
  C:\Windows\System\LDhLlBY.exe
  2⤵
  PID:13776
- C:\Windows\System\PDcvdWR.exe
  C:\Windows\System\PDcvdWR.exe
  2⤵
  PID:13816
- C:\Windows\System\DgrsDrp.exe
  C:\Windows\System\DgrsDrp.exe
  2⤵
  PID:13832
- C:\Windows\System\pWwCaQJ.exe
  C:\Windows\System\pWwCaQJ.exe
  2⤵
  PID:13872
- C:\Windows\System\VXTUkrn.exe
  C:\Windows\System\VXTUkrn.exe
  2⤵
  PID:13892
- C:\Windows\System\DUhTJeH.exe
  C:\Windows\System\DUhTJeH.exe
  2⤵
  PID:13924
- C:\Windows\System\qyCyabI.exe
  C:\Windows\System\qyCyabI.exe
  2⤵
  PID:13944
- C:\Windows\System\JSkjzhN.exe
  C:\Windows\System\JSkjzhN.exe
  2⤵
  PID:13964
- C:\Windows\System\ZcShOsn.exe
  C:\Windows\System\ZcShOsn.exe
  2⤵
  PID:13988
- C:\Windows\System\HCZOxot.exe
  C:\Windows\System\HCZOxot.exe
  2⤵
  PID:14040
- C:\Windows\System\mZNBSwq.exe
  C:\Windows\System\mZNBSwq.exe
  2⤵
  PID:14056
- C:\Windows\System\ncERRtK.exe
  C:\Windows\System\ncERRtK.exe
  2⤵
  PID:14080
- C:\Windows\System\yWdHlQK.exe
  C:\Windows\System\yWdHlQK.exe
  2⤵
  PID:14108
- C:\Windows\System\hezoIVI.exe
  C:\Windows\System\hezoIVI.exe
  2⤵
  PID:14140
- C:\Windows\System\VhMcsfa.exe
  C:\Windows\System\VhMcsfa.exe
  2⤵
  PID:14180
- C:\Windows\System\DDwxvEW.exe
  C:\Windows\System\DDwxvEW.exe
  2⤵
  PID:14196
- C:\Windows\System\hDnpXvR.exe
  C:\Windows\System\hDnpXvR.exe
  2⤵
  PID:14236
- C:\Windows\System\TtuOlbC.exe
  C:\Windows\System\TtuOlbC.exe
  2⤵
  PID:14252
- C:\Windows\System\YDLCbpq.exe
  C:\Windows\System\YDLCbpq.exe
  2⤵
  PID:14276
- C:\Windows\System\TWxSxmN.exe
  C:\Windows\System\TWxSxmN.exe
  2⤵
  PID:14304
- C:\Windows\System\UWwDCnv.exe
  C:\Windows\System\UWwDCnv.exe
  2⤵
  PID:12480
- C:\Windows\System\ObdUnxt.exe
  C:\Windows\System\ObdUnxt.exe
  2⤵
  PID:12948
- C:\Windows\System\RaEPRee.exe
  C:\Windows\System\RaEPRee.exe
  2⤵
  PID:13428
- C:\Windows\System\oXKnlDL.exe
  C:\Windows\System\oXKnlDL.exe
  2⤵
  PID:13456
- C:\Windows\System\oBaVgYt.exe
  C:\Windows\System\oBaVgYt.exe
  2⤵
  PID:13516
- C:\Windows\System\LaomkEf.exe
  C:\Windows\System\LaomkEf.exe
  2⤵
  PID:13552
- C:\Windows\System\lTVTdUM.exe
  C:\Windows\System\lTVTdUM.exe
  2⤵
  PID:13620
- C:\Windows\System\uZgBNqm.exe
  C:\Windows\System\uZgBNqm.exe
  2⤵
  PID:13724
- C:\Windows\System\szsCpHT.exe
  C:\Windows\System\szsCpHT.exe
  2⤵
  PID:13772
- C:\Windows\System\JVftVdW.exe
  C:\Windows\System\JVftVdW.exe
  2⤵
  PID:13824
- C:\Windows\System\DFDlNaR.exe
  C:\Windows\System\DFDlNaR.exe
  2⤵
  PID:13864
- C:\Windows\System\MPuZsYX.exe
  C:\Windows\System\MPuZsYX.exe
  2⤵
  PID:13972
- C:\Windows\System\iPmvTwT.exe
  C:\Windows\System\iPmvTwT.exe
  2⤵
  PID:14000
- C:\Windows\System\emQNIsS.exe
  C:\Windows\System\emQNIsS.exe
  2⤵
  PID:14104
- C:\Windows\System\VyLbOto.exe
  C:\Windows\System\VyLbOto.exe
  2⤵
  PID:14164
- C:\Windows\System\uVLngKt.exe
  C:\Windows\System\uVLngKt.exe
  2⤵
  PID:14228
- C:\Windows\System\xZimZKb.exe
  C:\Windows\System\xZimZKb.exe
  2⤵
  PID:14296
- C:\Windows\System\TpVdhOD.exe
  C:\Windows\System\TpVdhOD.exe
  2⤵
  PID:14320
- C:\Windows\System\kLWUTxl.exe
  C:\Windows\System\kLWUTxl.exe
  2⤵
  PID:13380
- C:\Windows\System\NPFZWyN.exe
  C:\Windows\System\NPFZWyN.exe
  2⤵
  PID:13532
- C:\Windows\System\termWzV.exe
  C:\Windows\System\termWzV.exe
  2⤵
  PID:13808
- C:\Windows\System\DIDGwYJ.exe
  C:\Windows\System\DIDGwYJ.exe
  2⤵
  PID:13748
- C:\Windows\System\IuPnWnz.exe
  C:\Windows\System\IuPnWnz.exe
  2⤵
  PID:13980
- C:\Windows\System\yMivfBc.exe
  C:\Windows\System\yMivfBc.exe
  2⤵
  PID:14100
- C:\Windows\System\GISWFuF.exe
  C:\Windows\System\GISWFuF.exe
  2⤵
  PID:12868
- C:\Windows\System\vCYSTsF.exe
  C:\Windows\System\vCYSTsF.exe
  2⤵
  PID:13740
- C:\Windows\System\uLtWMeb.exe
  C:\Windows\System\uLtWMeb.exe
  2⤵
  PID:14076
- C:\Windows\System\ofHbZDh.exe
  C:\Windows\System\ofHbZDh.exe
  2⤵
  PID:14268
- C:\Windows\System\xfRHosN.exe
  C:\Windows\System\xfRHosN.exe
  2⤵
  PID:12684
- C:\Windows\System\RxnscEZ.exe
  C:\Windows\System\RxnscEZ.exe
  2⤵
  PID:14360
- C:\Windows\System\JfxaHWv.exe
  C:\Windows\System\JfxaHWv.exe
  2⤵
  PID:14388
- C:\Windows\System\ByZWuuc.exe
  C:\Windows\System\ByZWuuc.exe
  2⤵
  PID:14412
- C:\Windows\System\YwmFBki.exe
  C:\Windows\System\YwmFBki.exe
  2⤵
  PID:14452
- C:\Windows\System\rtmEVGL.exe
  C:\Windows\System\rtmEVGL.exe
  2⤵
  PID:14476
- C:\Windows\System\WLzsXCn.exe
  C:\Windows\System\WLzsXCn.exe
  2⤵
  PID:14532
- C:\Windows\System\fhQDIOR.exe
  C:\Windows\System\fhQDIOR.exe
  2⤵
  PID:14548
- C:\Windows\System\FiEfziM.exe
  C:\Windows\System\FiEfziM.exe
  2⤵
  PID:14576
- C:\Windows\System\CLLSxZw.exe
  C:\Windows\System\CLLSxZw.exe
  2⤵
  PID:14604
- C:\Windows\System\tjYgXrj.exe
  C:\Windows\System\tjYgXrj.exe
  2⤵
  PID:14620
- C:\Windows\System\dDjfyGC.exe
  C:\Windows\System\dDjfyGC.exe
  2⤵
  PID:14644
- C:\Windows\System\unjntLr.exe
  C:\Windows\System\unjntLr.exe
  2⤵
  PID:14676
- C:\Windows\System\fxLWNBm.exe
  C:\Windows\System\fxLWNBm.exe
  2⤵
  PID:14720
- C:\Windows\System\EzhFfqX.exe
  C:\Windows\System\EzhFfqX.exe
  2⤵
  PID:14744
- C:\Windows\System\hXIolFE.exe
  C:\Windows\System\hXIolFE.exe
  2⤵
  PID:14772
- C:\Windows\System\THSEjye.exe
  C:\Windows\System\THSEjye.exe
  2⤵
  PID:14792
- C:\Windows\System\uYUVhwQ.exe
  C:\Windows\System\uYUVhwQ.exe
  2⤵
  PID:14816
- C:\Windows\System\lcSkKwH.exe
  C:\Windows\System\lcSkKwH.exe
  2⤵
  PID:14844
- C:\Windows\System\QErMhzB.exe
  C:\Windows\System\QErMhzB.exe
  2⤵
  PID:14880
- C:\Windows\System\iRcrXly.exe
  C:\Windows\System\iRcrXly.exe
  2⤵
  PID:14912
- C:\Windows\System\NQfUTFX.exe
  C:\Windows\System\NQfUTFX.exe
  2⤵
  PID:14936
- C:\Windows\System\vQrPkxA.exe
  C:\Windows\System\vQrPkxA.exe
  2⤵
  PID:14956
- C:\Windows\System\htLxRmv.exe
  C:\Windows\System\htLxRmv.exe
  2⤵
  PID:14976
- C:\Windows\System\PHsdJtS.exe
  C:\Windows\System\PHsdJtS.exe
  2⤵
  PID:15016
- C:\Windows\System\qjVGPTV.exe
  C:\Windows\System\qjVGPTV.exe
  2⤵
  PID:15040
- C:\Windows\System\hBCrYhS.exe
  C:\Windows\System\hBCrYhS.exe
  2⤵
  PID:15092
- C:\Windows\System\xsVBtnI.exe
  C:\Windows\System\xsVBtnI.exe
  2⤵
  PID:15116
- C:\Windows\System\XmDBDmb.exe
  C:\Windows\System\XmDBDmb.exe
  2⤵
  PID:15136
- C:\Windows\System\cnJDozZ.exe
  C:\Windows\System\cnJDozZ.exe
  2⤵
  PID:15164
- C:\Windows\System\JYXDIyF.exe
  C:\Windows\System\JYXDIyF.exe
  2⤵
  PID:15184
- C:\Windows\System\vPaNjgY.exe
  C:\Windows\System\vPaNjgY.exe
  2⤵
  PID:15208
- C:\Windows\System\TtLsstv.exe
  C:\Windows\System\TtLsstv.exe
  2⤵
  PID:15228
- C:\Windows\System\CCRcgkB.exe
  C:\Windows\System\CCRcgkB.exe
  2⤵
  PID:15248
- C:\Windows\System\GcoELmB.exe
  C:\Windows\System\GcoELmB.exe
  2⤵
  PID:15268
- C:\Windows\System\eQqMYnf.exe
  C:\Windows\System\eQqMYnf.exe
  2⤵
  PID:15292
- C:\Windows\System\uTEETnK.exe
  C:\Windows\System\uTEETnK.exe
  2⤵
  PID:15332
- C:\Windows\System\bhPfTkS.exe
  C:\Windows\System\bhPfTkS.exe
  2⤵
  PID:14380
- C:\Windows\System\xaxHTBQ.exe
  C:\Windows\System\xaxHTBQ.exe
  2⤵
  PID:14400
- C:\Windows\System\rhQdmjO.exe
  C:\Windows\System\rhQdmjO.exe
  2⤵
  PID:14440
- C:\Windows\System\JucoOCJ.exe
  C:\Windows\System\JucoOCJ.exe
  2⤵
  PID:14544
- C:\Windows\System\SfZjrSg.exe
  C:\Windows\System\SfZjrSg.exe
  2⤵
  PID:14596
- C:\Windows\System\LjDaQlC.exe
  C:\Windows\System\LjDaQlC.exe
  2⤵
  PID:14712
- C:\Windows\System\fvSwNGl.exe
  C:\Windows\System\fvSwNGl.exe
  2⤵
  PID:14756
- C:\Windows\System\oIuBObI.exe
  C:\Windows\System\oIuBObI.exe
  2⤵
  PID:14808
- C:\Windows\System\gdtbVrD.exe
  C:\Windows\System\gdtbVrD.exe
  2⤵
  PID:14828
- C:\Windows\System\uhaVPtM.exe
  C:\Windows\System\uhaVPtM.exe
  2⤵
  PID:14992
- C:\Windows\System\OxjBiVA.exe
  C:\Windows\System\OxjBiVA.exe
  2⤵
  PID:15072
- C:\Windows\System\FcgKtMX.exe
  C:\Windows\System\FcgKtMX.exe
  2⤵
  PID:15084
- C:\Windows\System\VNyZYNc.exe
  C:\Windows\System\VNyZYNc.exe
  2⤵
  PID:15148
- C:\Windows\System\qwIRJox.exe
  C:\Windows\System\qwIRJox.exe
  2⤵
  PID:15156
- C:\Windows\System\LQeiWbz.exe
  C:\Windows\System\LQeiWbz.exe
  2⤵
  PID:15280
- C:\Windows\System\MzndStj.exe
  C:\Windows\System\MzndStj.exe
  2⤵
  PID:13580
- C:\Windows\System\IWEISfe.exe
  C:\Windows\System\IWEISfe.exe
  2⤵
  PID:14352
- C:\Windows\System\JYxtPnt.exe
  C:\Windows\System\JYxtPnt.exe
  2⤵
  PID:14472
- C:\Windows\System\JcFdIGi.exe
  C:\Windows\System\JcFdIGi.exe
  2⤵
  PID:14592
- C:\Windows\System\bgwZaws.exe
  C:\Windows\System\bgwZaws.exe
  2⤵
  PID:14780
- C:\Windows\System\UdfSNct.exe
  C:\Windows\System\UdfSNct.exe
  2⤵
  PID:15036
- C:\Windows\System\sFQFjBn.exe
  C:\Windows\System\sFQFjBn.exe
  2⤵
  PID:15180
- C:\Windows\System\JoWXMMO.exe
  C:\Windows\System\JoWXMMO.exe
  2⤵
  PID:15152
- C:\Windows\System\izuwLHk.exe
  C:\Windows\System\izuwLHk.exe
  2⤵
  PID:14564
- C:\Windows\System\jaFZgWB.exe
  C:\Windows\System\jaFZgWB.exe
  2⤵
  PID:14804
- C:\Windows\System\Jnpqkkw.exe
  C:\Windows\System\Jnpqkkw.exe
  2⤵
  PID:14436
- C:\Windows\System\BPlEbjs.exe
  C:\Windows\System\BPlEbjs.exe
  2⤵
  PID:15124
- C:\Windows\System\laygsDF.exe
  C:\Windows\System\laygsDF.exe
  2⤵
  PID:15368
- C:\Windows\System\qwslMUv.exe
  C:\Windows\System\qwslMUv.exe
  2⤵
  PID:15384
- C:\Windows\System\ivcznSx.exe
  C:\Windows\System\ivcznSx.exe
  2⤵
  PID:15400
- C:\Windows\System\OhbGpyb.exe
  C:\Windows\System\OhbGpyb.exe
  2⤵
  PID:15432
- C:\Windows\System\LthMNNW.exe
  C:\Windows\System\LthMNNW.exe
  2⤵
  PID:15480
- C:\Windows\System\ynwtEbB.exe
  C:\Windows\System\ynwtEbB.exe
  2⤵
  PID:15508
- C:\Windows\System\HbPQOJg.exe
  C:\Windows\System\HbPQOJg.exe
  2⤵
  PID:15524
- C:\Windows\System\dxYielS.exe
  C:\Windows\System\dxYielS.exe
  2⤵
  PID:15544
- C:\Windows\System\CWxhiYc.exe
  C:\Windows\System\CWxhiYc.exe
  2⤵
  PID:15568
- C:\Windows\System\XhcDiFK.exe
  C:\Windows\System\XhcDiFK.exe
  2⤵
  PID:15612
- C:\Windows\System\NHOkIZR.exe
  C:\Windows\System\NHOkIZR.exe
  2⤵
  PID:15636
- C:\Windows\System\PtYibZE.exe
  C:\Windows\System\PtYibZE.exe
  2⤵
  PID:15664
- C:\Windows\System\apHYbDT.exe
  C:\Windows\System\apHYbDT.exe
  2⤵
  PID:15680
- C:\Windows\System\ZAcvuof.exe
  C:\Windows\System\ZAcvuof.exe
  2⤵
  PID:15704
- C:\Windows\System\tnRWpIE.exe
  C:\Windows\System\tnRWpIE.exe
  2⤵
  PID:15736
- C:\Windows\System\YSBkNPj.exe
  C:\Windows\System\YSBkNPj.exe
  2⤵
  PID:15760
- C:\Windows\System\guQtEAQ.exe
  C:\Windows\System\guQtEAQ.exe
  2⤵
  PID:15780
- C:\Windows\System\tdqwWEQ.exe
  C:\Windows\System\tdqwWEQ.exe
  2⤵
  PID:15808
- C:\Windows\System\hctJVqC.exe
  C:\Windows\System\hctJVqC.exe
  2⤵
  PID:15828
- C:\Windows\System\ABMSaKo.exe
  C:\Windows\System\ABMSaKo.exe
  2⤵
  PID:15860
- C:\Windows\System\yLUyjSG.exe
  C:\Windows\System\yLUyjSG.exe
  2⤵
  PID:15888
- C:\Windows\System\AdvYTYQ.exe
  C:\Windows\System\AdvYTYQ.exe
  2⤵
  PID:15928
- C:\Windows\System\ggpIpLQ.exe
  C:\Windows\System\ggpIpLQ.exe
  2⤵
  PID:15956
- C:\Windows\System\MvQzzqy.exe
  C:\Windows\System\MvQzzqy.exe
  2⤵
  PID:15988
- C:\Windows\System\dUHsajB.exe
  C:\Windows\System\dUHsajB.exe
  2⤵
  PID:16028
- C:\Windows\System\dzZjLoO.exe
  C:\Windows\System\dzZjLoO.exe
  2⤵
  PID:16080
- C:\Windows\System\vgnhbsP.exe
  C:\Windows\System\vgnhbsP.exe
  2⤵
  PID:16096
- C:\Windows\System\sfwwEyC.exe
  C:\Windows\System\sfwwEyC.exe
  2⤵
  PID:16112
- C:\Windows\System\zecxGCV.exe
  C:\Windows\System\zecxGCV.exe
  2⤵
  PID:16148
- C:\Windows\System\EPgtTlt.exe
  C:\Windows\System\EPgtTlt.exe
  2⤵
  PID:16172
- C:\Windows\System\HEMwDCc.exe
  C:\Windows\System\HEMwDCc.exe
  2⤵
  PID:16196
- C:\Windows\System\droLfxh.exe
  C:\Windows\System\droLfxh.exe
  2⤵
  PID:16212
- C:\Windows\System\iRhmYKB.exe
  C:\Windows\System\iRhmYKB.exe
  2⤵
  PID:16248
- C:\Windows\System\ifQjoHC.exe
  C:\Windows\System\ifQjoHC.exe
  2⤵
  PID:16268
- C:\Windows\System\PmowgNv.exe
  C:\Windows\System\PmowgNv.exe
  2⤵
  PID:16320
- C:\Windows\System\iUcCmhs.exe
  C:\Windows\System\iUcCmhs.exe
  2⤵
  PID:16340
- C:\Windows\System\PIXPBpi.exe
  C:\Windows\System\PIXPBpi.exe
  2⤵
  PID:16364
- C:\Windows\System\AoOBFXO.exe
  C:\Windows\System\AoOBFXO.exe
  2⤵
  PID:15364
- C:\Windows\System\KREuMQN.exe
  C:\Windows\System\KREuMQN.exe
  2⤵
  PID:15440
- C:\Windows\System\tcCPEdi.exe
  C:\Windows\System\tcCPEdi.exe
  2⤵
  PID:15504
- C:\Windows\System\HmcqXcR.exe
  C:\Windows\System\HmcqXcR.exe
  2⤵
  PID:15516
- C:\Windows\System\QZpZarn.exe
  C:\Windows\System\QZpZarn.exe
  2⤵
  PID:15608
- C:\Windows\System\JrZurPY.exe
  C:\Windows\System\JrZurPY.exe
  2⤵
  PID:15676
- C:\Windows\System\CMpCctY.exe
  C:\Windows\System\CMpCctY.exe
  2⤵
  PID:15752
- C:\Windows\System\HEItguX.exe
  C:\Windows\System\HEItguX.exe
  2⤵
  PID:15836
- C:\Windows\System\rThgECc.exe
  C:\Windows\System\rThgECc.exe
  2⤵
  PID:15872
- C:\Windows\System\FPKslNr.exe
  C:\Windows\System\FPKslNr.exe
  2⤵
  PID:15948
- C:\Windows\System\ugouZdA.exe
  C:\Windows\System\ugouZdA.exe
  2⤵
  PID:16008
- C:\Windows\System\wkrsJvX.exe
  C:\Windows\System\wkrsJvX.exe
  2⤵
  PID:16124
- C:\Windows\System\KEiiadL.exe
  C:\Windows\System\KEiiadL.exe
  2⤵
  PID:16160
- C:\Windows\System\tCUVsGq.exe
  C:\Windows\System\tCUVsGq.exe
  2⤵
  PID:16264
- C:\Windows\System\GSsBPQF.exe
  C:\Windows\System\GSsBPQF.exe
  2⤵
  PID:16308
- C:\Windows\System\sNDtpfw.exe
  C:\Windows\System\sNDtpfw.exe
  2⤵
  PID:16360
- C:\Windows\System\GlcStEQ.exe
  C:\Windows\System\GlcStEQ.exe
  2⤵
  PID:15392
- C:\Windows\System\vHfCdNJ.exe
  C:\Windows\System\vHfCdNJ.exe
  2⤵
  PID:15452
- C:\Windows\System\TIhWHNM.exe
  C:\Windows\System\TIhWHNM.exe
  2⤵
  PID:15580
- C:\Windows\System\GlGQoZK.exe
  C:\Windows\System\GlGQoZK.exe
  2⤵
  PID:15868
- C:\Windows\System\kKnrvvP.exe
  C:\Windows\System\kKnrvvP.exe
  2⤵
  PID:15984
- C:\Windows\System\zhcQlha.exe
  C:\Windows\System\zhcQlha.exe
  2⤵
  PID:16092
- C:\Windows\System\YFnOJyI.exe
  C:\Windows\System\YFnOJyI.exe
  2⤵
  PID:16304
- C:\Windows\System\WNlGqal.exe
  C:\Windows\System\WNlGqal.exe
  2⤵
  PID:16352
- C:\Windows\System\vdbCZcx.exe
  C:\Windows\System\vdbCZcx.exe
  2⤵
  PID:15792
- C:\Windows\System\UwbMeeh.exe
  C:\Windows\System\UwbMeeh.exe
  2⤵
  PID:16044
- C:\Windows\System\tHnmeed.exe
  C:\Windows\System\tHnmeed.exe
  2⤵
  PID:15776
- C:\Windows\System\OzdzXHN.exe
  C:\Windows\System\OzdzXHN.exe
  2⤵
  PID:16412
- C:\Windows\System\GrAeBqD.exe
  C:\Windows\System\GrAeBqD.exe
  2⤵
  PID:16440
- C:\Windows\System\fbGdwUi.exe
  C:\Windows\System\fbGdwUi.exe
  2⤵
  PID:16468
- C:\Windows\System\dtWUnJy.exe
  C:\Windows\System\dtWUnJy.exe
  2⤵
  PID:16492
- C:\Windows\System\qWIHJEC.exe
  C:\Windows\System\qWIHJEC.exe
  2⤵
  PID:16508
- C:\Windows\System\eUEZyob.exe
  C:\Windows\System\eUEZyob.exe
  2⤵
  PID:16524
- C:\Windows\System\kQBrYYV.exe
  C:\Windows\System\kQBrYYV.exe
  2⤵
  PID:16588
- C:\Windows\System\WePscGJ.exe
  C:\Windows\System\WePscGJ.exe
  2⤵
  PID:16616
- C:\Windows\System\gtXzgGz.exe
  C:\Windows\System\gtXzgGz.exe
  2⤵
  PID:16644
- C:\Windows\System\qjIikTq.exe
  C:\Windows\System\qjIikTq.exe
  2⤵
  PID:16660
- C:\Windows\System\bXLIRcI.exe
  C:\Windows\System\bXLIRcI.exe
  2⤵
  PID:16680
- C:\Windows\System\mNVMPxL.exe
  C:\Windows\System\mNVMPxL.exe
  2⤵
  PID:16712
- C:\Windows\System\AYGLFJo.exe
  C:\Windows\System\AYGLFJo.exe
  2⤵
  PID:16752
- C:\Windows\System\pdjovfT.exe
  C:\Windows\System\pdjovfT.exe
  2⤵
  PID:16776
- C:\Windows\System\HLeHGqN.exe
  C:\Windows\System\HLeHGqN.exe
  2⤵
  PID:16816

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CabqLlS.exe

Filesize
1.3MB

MD5
9aca03fe0a400bbd82ee59e1a94d39b6

SHA1
50e1b56fd09cb9e2919a3f6de1e5429e3b87ce53

SHA256
6aaa15ca87aa69f79b66dfb6e4a7014e631960b498e0bb09232bdfa149d40100

SHA512
7e184d1cb8240ce1d6d1aa7e8ca0369e8e3f084b94fe90950261523003e7cad4256d1b04431c2a318b67fa5f4176b6f13a97ba625325f8a804266a340804cfe9

Download Submit
C:\Windows\System\EBuKfIC.exe

Filesize
1.3MB

MD5
2f3511ef80a3f0e67ea46db42147731e

SHA1
66ac8e540307c9021e3560dc6bf52cf7a68f09aa

SHA256
e9535a466df124546304fec4cd8191ed3d5acfd2ece3ae582ac82ab9bd2cd5ac

SHA512
0c584501cd424335667409fd3e39a22f197d276147bb6cfb808ff1367963c16f9662439bd8d52d3c8a1de6dfad0a68729b99642bd258b7e8f2cd76fe571a7b97

Download Submit
C:\Windows\System\FTHpSXg.exe

Filesize
1.3MB

MD5
e4e2eb6af6f518d5f241b907aeec3992

SHA1
18cdec57227e1f0c19a0877f94c3edb93b187c6a

SHA256
4aa474f89ef00a8a5e068a11256985637d00d976989e632881bccede9e001356

SHA512
64a02d74bf489828544fbe56196ede2b150f5eec6ae65ef29147c5a1883f367bdad52f2813bd8d9792e89b18cbe39d65efdb71a2dba8591994c38129bd764614

Download Submit
C:\Windows\System\JVXGYbl.exe

Filesize
1.3MB

MD5
8cc1356423df201c97adaec050cb5dee

SHA1
8747fb909dd958a28d8d8c2c58eec43930ac1b46

SHA256
e2e60be92f51d71b62a22397f8a4cc36f5079f94ac118017f1374daefd7c26bc

SHA512
77999106ce0ae65312b4fc319dde1581d88b424e6705ba67195667d539e8e9370c94c9fec8b5f59cc49e1adef51ad76c4fae63d2e1e8886ae491b01dbab6b8b6

Download Submit
C:\Windows\System\KlpriEo.exe

Filesize
1.3MB

MD5
c19d2ccfdd96969e9dca9f8e305a1e60

SHA1
c50cd1c83db3d68de6e3cf7e4cee8d722bb86ada

SHA256
55362aab94863748907b5a8edc246d47a412feeece286a5adb208a735e639b01

SHA512
1705da19c2c9fb553b8e3340fab847402856cb478524de3515e3b03a5487f30f4fe20338c208676b697396d55d421424d43d838d36ff069a34cdf0a50caca6e5

Download Submit
C:\Windows\System\LnnURIN.exe

Filesize
1.3MB

MD5
0fced60c9c152698fcad00eb7390eea6

SHA1
687fa3609a60c294fe7e837f1e9fd89cec4cf056

SHA256
c6c845c103ee0de2a500352b297dea352fcc53fd3c3d49ce14c2bed7960a6c49

SHA512
77a8feefc3d8ba06d4c149a4490defcb979fa8a47b44e8066cffa36b3499dde69edbfe980c9e0ae45d815d56bdd5d580892d0d512ff0476168e71969f65fd0a5

Download Submit
C:\Windows\System\MjZZukz.exe

Filesize
1.3MB

MD5
b756b5c136c7eccb47c7cc01a677ded5

SHA1
fced86f7f1c25dbfddb80f523767c692f4d5d91a

SHA256
2472777ce30de1078c1e4d40bcf111a3a5981638eb1113e7e8e9c7bcf90fe9b9

SHA512
e8b2cf3f801479add3a18cb8fbe55d03f04133db4a6a496b08b4997bce04d97ce30d33835e8e2aa77f257869d4623dc64c9a3546f19192addcddd3419a251065

Download Submit
C:\Windows\System\NHkBhna.exe

Filesize
1.3MB

MD5
74761a275e4fdaa1252bf3ad66cb351e

SHA1
fe8c06cb7a4761aa7a44dc8ef8959a047badec4f

SHA256
1d441f13a8e05c3bb171d7ea3c25e9fa9dba9e9a4beaaa944bc809663aa85349

SHA512
3b3b60e41dc17a902fc2f11efa9d7f681b49479ceda5116ac7734fdbf7cdc7f27d201b3b47d3a36d8e515644de01940bf35df08d2c88b6837cd72df6cccec90c

Download Submit
C:\Windows\System\OkdDrwM.exe

Filesize
1.3MB

MD5
dfa163b19889b9d1bb8d17743418f5dd

SHA1
284aea3275ff6080d37ce9151a44b78cffd87bbb

SHA256
755fefc2a4bb48ffe882bd9901326583a590d130dc13bc3e2659ccaea870dac2

SHA512
4fcb3293fc4caf56622982cbe79e7624f525bdc11ba78df3230092c0d4c41596f406b12f277e4e0f4811318215fb91c5ba1601fa4c4db363bf1917de376a8a81

Download Submit
C:\Windows\System\PajUHMi.exe

Filesize
1.3MB

MD5
7d5ab20b08906e97192fdfd6e24da249

SHA1
4cff6e48c8525db224146636cef04aaa0a2ee70d

SHA256
bcf8d39dc609d37ac0a91903830ddd0e4f08c281a73597763ca42eac97d92d21

SHA512
ece076f1777ed6df93ce60cde0d55916f1bf424a92c71711942e143d5fee29a9c3d206b7db8bd91c918153da6971845d3c8471729e246cbb490e6c6161822ce5

Download Submit
C:\Windows\System\QymCrpK.exe

Filesize
1.3MB

MD5
cd5df2ea07d21ce3c2db05bc24d02a5d

SHA1
39362c81c4057c60eb6dbd020425886f4b3bfb4b

SHA256
d0bc4dbb68692c5db5805a5cff38887b28be1c211656e5a62fbf956b2717f499

SHA512
357f4c69a523352ac948dc065323b978d4cac63a4dba619b3de71560ccd1d324f56d12777f5004a41a2376833e6d45de07b8a6c53d8bfe21606e3b9d6d4a3ab6

Download Submit
C:\Windows\System\RDfCxqC.exe

Filesize
1.3MB

MD5
783f6c7a0b5987ed67757d188f87d3cd

SHA1
14686c821784cb67569f667ec9d5d6fbfe0eaba9

SHA256
46aa49a6d42f96bb7862aa879aa4b91e532e71093e4a9db5bcf32c6a0ea4efcb

SHA512
7441f516496cfed554232e2f5c9fa8f43560a2c76b5a3a16f437df7c37bd1c44b97c720e39b63c9923aa365cce803175a6d77fc87f6a8892cb7530a172a72460

Download Submit
C:\Windows\System\ShmsVht.exe

Filesize
1.3MB

MD5
636ef82bf73f6e7ad77bfc0d0615ad96

SHA1
6209cbace91e1c3068ee6302891463b066c2e719

SHA256
ef5ea709e227e83fb3f7f57401dcfce59449160d7604dd662f3cde816929d05c

SHA512
a91fba398f93ece91e120b6acad5c42566948ccaf592a7309a0403ae6340b60277d6a0022ec3762b351d21fbcfda064b44ceaad923d9cf250caf88a79f16a68f

Download Submit
C:\Windows\System\SosptYb.exe

Filesize
1.3MB

MD5
3d26bcc6f9ac03af4429603d247e54c6

SHA1
b5443686b1a199f3f39bd954a8b26c63e4de5d7d

SHA256
21b6aadeeb921c0a157b9674ea6c869bf29797a86c96f3f193642e0188f45982

SHA512
af31d0dee24d8667aeac22f27195c64786fa2e1dd09cf8736de330144595f308a2bb563a1a5ffcd693ebdf0e01c3d970982f4cec7ce648802d794d820a56bc75

Download Submit
C:\Windows\System\THLMbXe.exe

Filesize
1.3MB

MD5
692f71b223d814a66d78f4ab9c529445

SHA1
c2a479517cc2318c710ef65e910907017af20fb3

SHA256
5a83a90046d435fc428f09fb2dfdcabe740149d2d4eec4d4b761bf832a5e35fa

SHA512
7d2f3325eaad6a6d822bc570bc1890347b6bd943b45beef0b854e0c38905caa33dbf5b7b8c647175a673f7d5d953e8416d89cb6f069dd83c55a88141f0e0c4b8

Download Submit
C:\Windows\System\VwpAHlP.exe

Filesize
1.3MB

MD5
a7207d3874ceffd50177381582f3dcdb

SHA1
b61c8bf4487b3d3439bdace6bc5e525e9bb82acb

SHA256
c3073c2d3a0d586c2e67b57f70e053e982df65dff9795b7f9e4e58884a0fc88c

SHA512
a3fbb588b8a1f8606bc6fa9a306fc235b2a3e66ddf08c3e8c3239d8b86e47cad9e9b88dee2db532ee4fed53d1547798767f54a0d426d92475663773037043baa

Download Submit
C:\Windows\System\WEliDYz.exe

Filesize
1.3MB

MD5
bdaff24c427938237e68f109cfd6a5b3

SHA1
b2ba1afbdd210b38872a162bc53595bc671c988f

SHA256
63211d9a1faa7b4b0a87b6e9bbf8aa0933b8df56b5d8aa2778026a55e2ebc7c7

SHA512
b81b5c0547958d88538d97904c0be2b30a9387663f42591c9add4b00b74f7ec1aec2f6137d541d203ca1de4162ff08de5b9f7b44197bb18e76c0e4fdba9e5a5d

Download Submit
C:\Windows\System\YnvBmSj.exe

Filesize
1.3MB

MD5
7ccd534d05ebf5798dab77a08f31637a

SHA1
f4b2182dbfb8076575707bb5cc7aafa14bff3eeb

SHA256
758e63530d439c91622bc5e091c00845fa34510ffffa6f8502e873e6fdfe5412

SHA512
0c8d8effee8564b3f6e68efdd588e8312dbf0ca4eea5ba244cee0e748742b73417c15b170371e2296dcfc0f7b3616622cccdf901c769933aa42579bb4e598494

Download Submit
C:\Windows\System\blxTVfF.exe

Filesize
1.3MB

MD5
b0184a4023d20fae869c337bd9851a64

SHA1
4c6580c15c67800eb2b801b14d6ad86b92429f1a

SHA256
91dcb0c10866ad7f12ca26c7e9b60c4577652ee0fcb2512642276846bdf0fa34

SHA512
cca4e4d73a907340b75b472f7fadb77f22a8eb6f31eea6837b52877de8d8a539132975018646172f103eb3f97ce77da2f1dac7dab578c4e8eaff4a4b95e9197c

Download Submit
C:\Windows\System\deJZsMf.exe

Filesize
1.3MB

MD5
f4c7598502704632d68d3504c007524b

SHA1
56f80eee3d9315bb1a0b45ce22f8d7d9bd61ef91

SHA256
c3c062eb8ff676f179448a64c28a5fed6534ab3b557893ad0f772d7b0ad2dcd0

SHA512
9d7a4bd01a7261a533cca4137611e4581c3f14b05c47d7c3c27418f593eccbd13dc37cf6b9a92871d9e2fc272cdceecb25d68db8a3aa2d44c59c2dfbd16c4c09

Download Submit
C:\Windows\System\iUZcfYR.exe

Filesize
1.3MB

MD5
cb10b1c9c5829eae2e4356a279a1006c

SHA1
06f5b082707bee18aef27e4d41c95d16e19721d3

SHA256
6c160d1cd86d48aee52d3ee69b15662a03f39af729aaf1dde9d0cb2097d98df9

SHA512
171abd5392bcaa1234ac46fa75d2e3fc0a75d7f64d65c444f6957fe3a2442a4cbcafdb4ca9a1800ecdfc7bd62f85743309fb048febe9eea4768f6850db3d361f

Download Submit
C:\Windows\System\llyWiLo.exe

Filesize
1.3MB

MD5
75729e77100d9fde1e08fab63da33bd0

SHA1
2a7f0c59ae2b56379d174ca71425b23c54e975e5

SHA256
d92abff72003b487303fb8e8f0640875e7dd330f18c29b3fc439a41f780b4609

SHA512
5fb5eae0e4e24901808ba4041f3c8d1b56f56a11a7c84bb7580ac28389f7b491377c822073c623ce77ee28678f758b24bcc958164035beba8f4531161f6a32ff

Download Submit
C:\Windows\System\lrQhupN.exe

Filesize
1.3MB

MD5
33e0ecc84b925df97f9c9b3743f833b2

SHA1
d99edcfed49c290e203726272d33d3e6630e0d7b

SHA256
e85e4c112ed095c0884e3aee69c8d21776a50640baff8c809df5b0271dfcbcec

SHA512
56cedcde43fd1d4497783986e812df02c027356a57e74cd59f8ae524e566e2f96089d782d770fff0045c6520b5be0440281fcdf14b4dab39730f2ef6a9cfb838

Download Submit
C:\Windows\System\oHKsSEs.exe

Filesize
1.3MB

MD5
68ae33280ef49faeb40d6772692276d3

SHA1
5a4492b5174497f4d1fc06f3b13a265a24b46bcd

SHA256
14238a67d815904dc5a3aab9451e6db1af3c3091e5259a8381bb2037fe8538b0

SHA512
636a02a34154ef06a8a3b863e7eceed10359eb84122323df2e829657c4cf57165b6cb368105e468eb3bcf88fb9b5ccfd50a352acd88bf2d81afa4a4719f2be83

Download Submit
C:\Windows\System\oWHrSHl.exe

Filesize
1.3MB

MD5
92a0e3133cd7002ac78243df0af4676b

SHA1
9d9115ed473c3bf93254df3bb85163caaaef4464

SHA256
2eb3f9663a489fd39a2a8a05310abfa1d3e1b8ea70a55628f1fcc4c2c39875b8

SHA512
878a19000d3d41ad97edc8dd5b2115d806d24ad5a474b5aeb100d77b72b9a9df86a96c19abf800b6c3c0589830699c0e44b5c5daf63241d64231d8a9a47fdeea

Download Submit
C:\Windows\System\pOtRalA.exe

Filesize
1.3MB

MD5
02be49b2cc06e7f3a0b144bbfff8d6ee

SHA1
9cbabea4abd16d01f192e155486e15a69ea4c005

SHA256
341a1b6321c9b4966ffc2a9d4ee52dfaac7b23c995843618c6dcefa7317a79a6

SHA512
ee662aa76af4a357fe61c6aba72e66034a26bb8e0770ae1f1f2b3fd2332eb43e910ab34d4c4a4bc3fced279ecd4bb9b4418d36f24b80988fe208accd4c5376c8

Download Submit
C:\Windows\System\pjoWMjA.exe

Filesize
1.3MB

MD5
dede938230237fe6e8a377b882c6ba7b

SHA1
296ceb6a0550ea8934d987e974bdae15a81577ce

SHA256
1ddf809b8811be7763427798e913b66384b64461cf13ff9dcaf851fc409aac56

SHA512
b61c53a769743b0b9568199aa7fae5805476d0a09ed938b129257622f07facb351b71f3ae6259dc27b29d36f5bb28ebbd1aa55bde322e0e4fd7f24367c2670a6

Download Submit
C:\Windows\System\sYWDrAR.exe

Filesize
1.3MB

MD5
ae47aa5a82b377c54a5367e648178cc1

SHA1
3bf69aa4c3c32fa590b83f6f56a9e61f94ea2174

SHA256
b554b6a99ca2e1b916cfbb1c30956497f4e193b1216ff6b1c96e1bfc0d0c6d87

SHA512
69a4810ffa0de701a5e4dd7acb3214a5a6598d07ffdc44539421469975ec55ef445dcb7ebef127b0658029742e47a375af18dfbd2ea188090699d34ba403bedf

Download Submit
C:\Windows\System\tCtAujq.exe

Filesize
1.3MB

MD5
2afef6cbfdc3210f759e94e45f4b0155

SHA1
0b6c99ba9be9a787776f5148dbb4472ad1920d95

SHA256
cb5392e510b5ac987cefc1a427d9698798b23315cb5312bd8f77497daf716b41

SHA512
e0678cf3829f7d768cc4cd298cbaa79e9d8c316be4ff2650853aab6506169a684c1e686e2614081bcaec7bc855848891cf088c13600926547f3d376d393f343e

Download Submit
C:\Windows\System\wISlieE.exe

Filesize
1.3MB

MD5
97ba7fc3b1ad14a2d228dc0e43a176cf

SHA1
741d29c041dd9f7152f9b8c74062488893d76623

SHA256
e9797c775a034acae753473c5bf84031ac77e150e7a7ac7a8195d09d0f0fba2a

SHA512
b5ab5dfc274a9dc661d7daba7f54e15c512acc8ecd81d47c79ebd75ad2c15a50738ba3ae22d9cc986c4c3e6a0135c7ad650cf26b39be62a86b66e0d0f1f65424

Download Submit
C:\Windows\System\whMJuEC.exe

Filesize
1.3MB

MD5
0a8d99d11c57f7db82eeb7ccfee30caa

SHA1
51ea3e1c6bfac89f83735fca42aaf6b66962db1b

SHA256
b94a1661949c2db57df385987f2023f1d6b95bc48a2edaf1460a01b302199d30

SHA512
49501afd4de4554d1758809d749791de1e1d329def7a09aca86dbc4c73440154eb0a8be3d1f28407aea45ee735bc12e271d7ce446c292e3b653091d8a0e42fe0

Download Submit
C:\Windows\System\xIhvpFu.exe

Filesize
1.3MB

MD5
4980540ac5f02b2b0b5bddf6e6e4a2e8

SHA1
8d8bca1969f4e1ad29c7dcf1bda0ed0090a09c27

SHA256
6d924aa66b08c6be2926c7a2294d013bdfa388d6c0276db0b8b2096b680bd6bd

SHA512
d6aa09c0d31ebd0fbb0c216219ecd9fe79999962f3f58694e4d2e95d8b059e57ac1e926d71825944c9c952ae55650e23d9ea8d250f96bb55778e237d658d1eb3

Download Submit
C:\Windows\System\zKOdGoX.exe

Filesize
1.3MB

MD5
2fe498030a8309af817ec31675406197

SHA1
7fab75bae7cb2cb86b525f49e4850ce5f630714f

SHA256
0ee09dc446d9947b8047d4a406ac9750361274d977838e2b2212428a2b02cbe7

SHA512
20878b88ff6627746d56f2d482eca445f6a5319400422c47c8b4594829903d0226804ff403cf558b03b33042764820df208ec5434f624ecac5e976dfae77af6b

Download Submit
memory/372-0-0x000001E9181A0000-0x000001E9181B0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads