xmrig | 78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833

Analysis

max time kernel
131s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
Size

2.5MB
MD5

fce9d2e0c2eb4c604478e23415c6e85a
SHA1

9bef3be3950761a979d7e98eb4c6ebfb563a07e5
SHA256

78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833
SHA512

aa6621bae306f78e4832aa2ddca2e46630e393736e0eec026d73403cd81467c418dff09a065f52cc33788603cd75131eb469d42ed892dd99ddaecd29b2d34c4f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdMKPFoa4IoEPfa:BemTLkNdfE0pZrV56utgpPFoB

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4788-0-0x00007FF6ADE50000-0x00007FF6AE1A4000-memory.dmp	UPX
behavioral2/files/0x000c000000023b5e-5.dat	UPX
behavioral2/files/0x000a000000023bbc-9.dat	UPX
behavioral2/files/0x000e000000023baf-16.dat	UPX
behavioral2/memory/2976-12-0x00007FF6EEF30000-0x00007FF6EF284000-memory.dmp	UPX
behavioral2/files/0x000a000000023bbf-33.dat	UPX
behavioral2/files/0x000c000000023bb0-35.dat	UPX
behavioral2/files/0x000a000000023bc0-39.dat	UPX
behavioral2/files/0x000a000000023bc1-55.dat	UPX
behavioral2/files/0x000a000000023bc5-70.dat	UPX
behavioral2/files/0x000a000000023bc9-91.dat	UPX
behavioral2/files/0x000a000000023bca-92.dat	UPX
behavioral2/files/0x000a000000023bcc-117.dat	UPX
behavioral2/files/0x000a000000023bd2-130.dat	UPX
behavioral2/files/0x000a000000023bcd-143.dat	UPX
behavioral2/files/0x000a000000023bd7-174.dat	UPX
behavioral2/memory/3204-183-0x00007FF72E480000-0x00007FF72E7D4000-memory.dmp	UPX
behavioral2/memory/2544-188-0x00007FF620CF0000-0x00007FF621044000-memory.dmp	UPX
behavioral2/memory/4928-193-0x00007FF60D290000-0x00007FF60D5E4000-memory.dmp	UPX
behavioral2/memory/3208-192-0x00007FF63DE00000-0x00007FF63E154000-memory.dmp	UPX
behavioral2/memory/4824-191-0x00007FF6951A0000-0x00007FF6954F4000-memory.dmp	UPX
behavioral2/memory/4280-190-0x00007FF60CE40000-0x00007FF60D194000-memory.dmp	UPX
behavioral2/memory/4580-189-0x00007FF674830000-0x00007FF674B84000-memory.dmp	UPX
behavioral2/memory/4140-187-0x00007FF72FD80000-0x00007FF7300D4000-memory.dmp	UPX
behavioral2/memory/4004-186-0x00007FF6D68A0000-0x00007FF6D6BF4000-memory.dmp	UPX
behavioral2/memory/1996-185-0x00007FF672AE0000-0x00007FF672E34000-memory.dmp	UPX
behavioral2/memory/696-184-0x00007FF75C860000-0x00007FF75CBB4000-memory.dmp	UPX
behavioral2/memory/2964-182-0x00007FF7B8100000-0x00007FF7B8454000-memory.dmp	UPX
behavioral2/memory/2176-180-0x00007FF7DD8D0000-0x00007FF7DDC24000-memory.dmp	UPX
behavioral2/memory/2592-176-0x00007FF73EF60000-0x00007FF73F2B4000-memory.dmp	UPX
behavioral2/files/0x000a000000023bd6-172.dat	UPX
behavioral2/files/0x000a000000023bd5-170.dat	UPX
behavioral2/files/0x000a000000023bd4-168.dat	UPX
behavioral2/files/0x000a000000023bd9-167.dat	UPX
behavioral2/files/0x000a000000023bcf-165.dat	UPX
behavioral2/files/0x000a000000023bd3-163.dat	UPX
behavioral2/memory/624-162-0x00007FF6FBDE0000-0x00007FF6FC134000-memory.dmp	UPX
behavioral2/files/0x000a000000023bd8-161.dat	UPX
behavioral2/files/0x000a000000023bd1-155.dat	UPX
behavioral2/files/0x000a000000023bd0-153.dat	UPX
behavioral2/memory/2536-152-0x00007FF74B020000-0x00007FF74B374000-memory.dmp	UPX
behavioral2/memory/1908-149-0x00007FF74B960000-0x00007FF74BCB4000-memory.dmp	UPX
behavioral2/files/0x000a000000023bce-147.dat	UPX
behavioral2/memory/4284-132-0x00007FF6894E0000-0x00007FF689834000-memory.dmp	UPX
behavioral2/files/0x000a000000023bcb-124.dat	UPX
behavioral2/memory/1968-122-0x00007FF7F5550000-0x00007FF7F58A4000-memory.dmp	UPX
behavioral2/files/0x000a000000023bc8-107.dat	UPX
behavioral2/memory/1488-104-0x00007FF7CC7C0000-0x00007FF7CCB14000-memory.dmp	UPX
behavioral2/files/0x000a000000023bc6-97.dat	UPX
behavioral2/memory/1268-94-0x00007FF617010000-0x00007FF617364000-memory.dmp	UPX
behavioral2/memory/1936-93-0x00007FF64B980000-0x00007FF64BCD4000-memory.dmp	UPX
behavioral2/files/0x000a000000023bc7-87.dat	UPX
behavioral2/files/0x000a000000023bc3-76.dat	UPX
behavioral2/files/0x000a000000023bc4-72.dat	UPX
behavioral2/memory/3788-71-0x00007FF741AB0000-0x00007FF741E04000-memory.dmp	UPX
behavioral2/files/0x000a000000023bc2-65.dat	UPX
behavioral2/memory/1088-58-0x00007FF7AC960000-0x00007FF7ACCB4000-memory.dmp	UPX
behavioral2/memory/3320-42-0x00007FF6C0170000-0x00007FF6C04C4000-memory.dmp	UPX
behavioral2/files/0x000a000000023bbe-38.dat	UPX
behavioral2/memory/1352-28-0x00007FF639200000-0x00007FF639554000-memory.dmp	UPX
behavioral2/memory/1684-27-0x00007FF7977D0000-0x00007FF797B24000-memory.dmp	UPX
behavioral2/memory/1280-22-0x00007FF760640000-0x00007FF760994000-memory.dmp	UPX
behavioral2/files/0x000a000000023bbd-18.dat	UPX
behavioral2/memory/1280-2108-0x00007FF760640000-0x00007FF760994000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4788-0-0x00007FF6ADE50000-0x00007FF6AE1A4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b5e-5.dat	xmrig
behavioral2/files/0x000a000000023bbc-9.dat	xmrig
behavioral2/files/0x000e000000023baf-16.dat	xmrig
behavioral2/memory/2976-12-0x00007FF6EEF30000-0x00007FF6EF284000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbf-33.dat	xmrig
behavioral2/files/0x000c000000023bb0-35.dat	xmrig
behavioral2/files/0x000a000000023bc0-39.dat	xmrig
behavioral2/files/0x000a000000023bc1-55.dat	xmrig
behavioral2/files/0x000a000000023bc5-70.dat	xmrig
behavioral2/files/0x000a000000023bc9-91.dat	xmrig
behavioral2/files/0x000a000000023bca-92.dat	xmrig
behavioral2/files/0x000a000000023bcc-117.dat	xmrig
behavioral2/files/0x000a000000023bd2-130.dat	xmrig
behavioral2/files/0x000a000000023bcd-143.dat	xmrig
behavioral2/files/0x000a000000023bd7-174.dat	xmrig
behavioral2/memory/3204-183-0x00007FF72E480000-0x00007FF72E7D4000-memory.dmp	xmrig
behavioral2/memory/2544-188-0x00007FF620CF0000-0x00007FF621044000-memory.dmp	xmrig
behavioral2/memory/4928-193-0x00007FF60D290000-0x00007FF60D5E4000-memory.dmp	xmrig
behavioral2/memory/3208-192-0x00007FF63DE00000-0x00007FF63E154000-memory.dmp	xmrig
behavioral2/memory/4824-191-0x00007FF6951A0000-0x00007FF6954F4000-memory.dmp	xmrig
behavioral2/memory/4280-190-0x00007FF60CE40000-0x00007FF60D194000-memory.dmp	xmrig
behavioral2/memory/4580-189-0x00007FF674830000-0x00007FF674B84000-memory.dmp	xmrig
behavioral2/memory/4140-187-0x00007FF72FD80000-0x00007FF7300D4000-memory.dmp	xmrig
behavioral2/memory/4004-186-0x00007FF6D68A0000-0x00007FF6D6BF4000-memory.dmp	xmrig
behavioral2/memory/1996-185-0x00007FF672AE0000-0x00007FF672E34000-memory.dmp	xmrig
behavioral2/memory/696-184-0x00007FF75C860000-0x00007FF75CBB4000-memory.dmp	xmrig
behavioral2/memory/2964-182-0x00007FF7B8100000-0x00007FF7B8454000-memory.dmp	xmrig
behavioral2/memory/2176-180-0x00007FF7DD8D0000-0x00007FF7DDC24000-memory.dmp	xmrig
behavioral2/memory/2592-176-0x00007FF73EF60000-0x00007FF73F2B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bd6-172.dat	xmrig
behavioral2/files/0x000a000000023bd5-170.dat	xmrig
behavioral2/files/0x000a000000023bd4-168.dat	xmrig
behavioral2/files/0x000a000000023bd9-167.dat	xmrig
behavioral2/files/0x000a000000023bcf-165.dat	xmrig
behavioral2/files/0x000a000000023bd3-163.dat	xmrig
behavioral2/memory/624-162-0x00007FF6FBDE0000-0x00007FF6FC134000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bd8-161.dat	xmrig
behavioral2/files/0x000a000000023bd1-155.dat	xmrig
behavioral2/files/0x000a000000023bd0-153.dat	xmrig
behavioral2/memory/2536-152-0x00007FF74B020000-0x00007FF74B374000-memory.dmp	xmrig
behavioral2/memory/1908-149-0x00007FF74B960000-0x00007FF74BCB4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bce-147.dat	xmrig
behavioral2/memory/4284-132-0x00007FF6894E0000-0x00007FF689834000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bcb-124.dat	xmrig
behavioral2/memory/1968-122-0x00007FF7F5550000-0x00007FF7F58A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc8-107.dat	xmrig
behavioral2/memory/1488-104-0x00007FF7CC7C0000-0x00007FF7CCB14000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc6-97.dat	xmrig
behavioral2/memory/1268-94-0x00007FF617010000-0x00007FF617364000-memory.dmp	xmrig
behavioral2/memory/1936-93-0x00007FF64B980000-0x00007FF64BCD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc7-87.dat	xmrig
behavioral2/files/0x000a000000023bc3-76.dat	xmrig
behavioral2/files/0x000a000000023bc4-72.dat	xmrig
behavioral2/memory/3788-71-0x00007FF741AB0000-0x00007FF741E04000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc2-65.dat	xmrig
behavioral2/memory/1088-58-0x00007FF7AC960000-0x00007FF7ACCB4000-memory.dmp	xmrig
behavioral2/memory/3320-42-0x00007FF6C0170000-0x00007FF6C04C4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbe-38.dat	xmrig
behavioral2/memory/1352-28-0x00007FF639200000-0x00007FF639554000-memory.dmp	xmrig
behavioral2/memory/1684-27-0x00007FF7977D0000-0x00007FF797B24000-memory.dmp	xmrig
behavioral2/memory/1280-22-0x00007FF760640000-0x00007FF760994000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bbd-18.dat	xmrig
behavioral2/memory/1280-2108-0x00007FF760640000-0x00007FF760994000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2976	WBnbAnP.exe
1280	UqHUtAz.exe
1684	CjKaxFK.exe
3320	VfpNjcO.exe
1352	SIQUdFe.exe
1996	XrGOrwH.exe
1088	UsFXDfn.exe
3788	HZWsrVC.exe
4004	XGURMnA.exe
1936	TdOpnQM.exe
1268	OueXvNv.exe
4140	UmjsXWJ.exe
1488	PePVVcV.exe
2544	jxZjxWD.exe
1968	jMwuPIZ.exe
4284	VOoiDmG.exe
1908	InQvLCN.exe
2536	BRGWuZk.exe
4580	ujgyQbb.exe
4280	geZkQVV.exe
624	TxAZQuz.exe
2592	QBIxcLy.exe
4824	lqmmkrP.exe
2176	fIKDkHh.exe
2964	UeluHGh.exe
3204	FqIyXfQ.exe
3208	lMvkVJw.exe
696	VBMUumg.exe
4928	LIyBqGT.exe
1484	ZGLfQKE.exe
2384	ijSosVI.exe
3244	rNspWJH.exe
5088	qCNklDm.exe
3456	llZRpfr.exe
952	xeTuZfG.exe
5092	vIZyyGS.exe
2452	GgRXKUy.exe
4808	pipUBLL.exe
3336	hrnrGKK.exe
364	VGIXnYY.exe
2736	xuENNlW.exe
1448	qIjkmOa.exe
3364	Lducezp.exe
3672	iGTwbKs.exe
4336	PEdNtpB.exe
5108	YqTcFHP.exe
3416	LSqQcbZ.exe
1516	NjLmCnF.exe
3024	XmsBSmE.exe
4396	eKFcZKU.exe
884	SFdLAeF.exe
3688	etJgjHe.exe
5028	fprKpWw.exe
5072	VQRtpzu.exe
4540	UFVYQDN.exe
392	URYWLWK.exe
4836	YhPSbWj.exe
2796	ggCnqOB.exe
1132	ylomXFV.exe
2368	WRugJRw.exe
3524	fVZkACi.exe
1496	rPyTqbD.exe
4032	UiuQTox.exe
2968	PxBrahi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4788-0-0x00007FF6ADE50000-0x00007FF6AE1A4000-memory.dmp	upx
behavioral2/files/0x000c000000023b5e-5.dat	upx
behavioral2/files/0x000a000000023bbc-9.dat	upx
behavioral2/files/0x000e000000023baf-16.dat	upx
behavioral2/memory/2976-12-0x00007FF6EEF30000-0x00007FF6EF284000-memory.dmp	upx
behavioral2/files/0x000a000000023bbf-33.dat	upx
behavioral2/files/0x000c000000023bb0-35.dat	upx
behavioral2/files/0x000a000000023bc0-39.dat	upx
behavioral2/files/0x000a000000023bc1-55.dat	upx
behavioral2/files/0x000a000000023bc5-70.dat	upx
behavioral2/files/0x000a000000023bc9-91.dat	upx
behavioral2/files/0x000a000000023bca-92.dat	upx
behavioral2/files/0x000a000000023bcc-117.dat	upx
behavioral2/files/0x000a000000023bd2-130.dat	upx
behavioral2/files/0x000a000000023bcd-143.dat	upx
behavioral2/files/0x000a000000023bd7-174.dat	upx
behavioral2/memory/3204-183-0x00007FF72E480000-0x00007FF72E7D4000-memory.dmp	upx
behavioral2/memory/2544-188-0x00007FF620CF0000-0x00007FF621044000-memory.dmp	upx
behavioral2/memory/4928-193-0x00007FF60D290000-0x00007FF60D5E4000-memory.dmp	upx
behavioral2/memory/3208-192-0x00007FF63DE00000-0x00007FF63E154000-memory.dmp	upx
behavioral2/memory/4824-191-0x00007FF6951A0000-0x00007FF6954F4000-memory.dmp	upx
behavioral2/memory/4280-190-0x00007FF60CE40000-0x00007FF60D194000-memory.dmp	upx
behavioral2/memory/4580-189-0x00007FF674830000-0x00007FF674B84000-memory.dmp	upx
behavioral2/memory/4140-187-0x00007FF72FD80000-0x00007FF7300D4000-memory.dmp	upx
behavioral2/memory/4004-186-0x00007FF6D68A0000-0x00007FF6D6BF4000-memory.dmp	upx
behavioral2/memory/1996-185-0x00007FF672AE0000-0x00007FF672E34000-memory.dmp	upx
behavioral2/memory/696-184-0x00007FF75C860000-0x00007FF75CBB4000-memory.dmp	upx
behavioral2/memory/2964-182-0x00007FF7B8100000-0x00007FF7B8454000-memory.dmp	upx
behavioral2/memory/2176-180-0x00007FF7DD8D0000-0x00007FF7DDC24000-memory.dmp	upx
behavioral2/memory/2592-176-0x00007FF73EF60000-0x00007FF73F2B4000-memory.dmp	upx
behavioral2/files/0x000a000000023bd6-172.dat	upx
behavioral2/files/0x000a000000023bd5-170.dat	upx
behavioral2/files/0x000a000000023bd4-168.dat	upx
behavioral2/files/0x000a000000023bd9-167.dat	upx
behavioral2/files/0x000a000000023bcf-165.dat	upx
behavioral2/files/0x000a000000023bd3-163.dat	upx
behavioral2/memory/624-162-0x00007FF6FBDE0000-0x00007FF6FC134000-memory.dmp	upx
behavioral2/files/0x000a000000023bd8-161.dat	upx
behavioral2/files/0x000a000000023bd1-155.dat	upx
behavioral2/files/0x000a000000023bd0-153.dat	upx
behavioral2/memory/2536-152-0x00007FF74B020000-0x00007FF74B374000-memory.dmp	upx
behavioral2/memory/1908-149-0x00007FF74B960000-0x00007FF74BCB4000-memory.dmp	upx
behavioral2/files/0x000a000000023bce-147.dat	upx
behavioral2/memory/4284-132-0x00007FF6894E0000-0x00007FF689834000-memory.dmp	upx
behavioral2/files/0x000a000000023bcb-124.dat	upx
behavioral2/memory/1968-122-0x00007FF7F5550000-0x00007FF7F58A4000-memory.dmp	upx
behavioral2/files/0x000a000000023bc8-107.dat	upx
behavioral2/memory/1488-104-0x00007FF7CC7C0000-0x00007FF7CCB14000-memory.dmp	upx
behavioral2/files/0x000a000000023bc6-97.dat	upx
behavioral2/memory/1268-94-0x00007FF617010000-0x00007FF617364000-memory.dmp	upx
behavioral2/memory/1936-93-0x00007FF64B980000-0x00007FF64BCD4000-memory.dmp	upx
behavioral2/files/0x000a000000023bc7-87.dat	upx
behavioral2/files/0x000a000000023bc3-76.dat	upx
behavioral2/files/0x000a000000023bc4-72.dat	upx
behavioral2/memory/3788-71-0x00007FF741AB0000-0x00007FF741E04000-memory.dmp	upx
behavioral2/files/0x000a000000023bc2-65.dat	upx
behavioral2/memory/1088-58-0x00007FF7AC960000-0x00007FF7ACCB4000-memory.dmp	upx
behavioral2/memory/3320-42-0x00007FF6C0170000-0x00007FF6C04C4000-memory.dmp	upx
behavioral2/files/0x000a000000023bbe-38.dat	upx
behavioral2/memory/1352-28-0x00007FF639200000-0x00007FF639554000-memory.dmp	upx
behavioral2/memory/1684-27-0x00007FF7977D0000-0x00007FF797B24000-memory.dmp	upx
behavioral2/memory/1280-22-0x00007FF760640000-0x00007FF760994000-memory.dmp	upx
behavioral2/files/0x000a000000023bbd-18.dat	upx
behavioral2/memory/1280-2108-0x00007FF760640000-0x00007FF760994000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nBJQjed.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\cpzNFwD.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\giTFoLq.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\JdOwsza.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\OVjrwBM.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\wzIiHNF.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\KjPldnz.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\EVVqgQY.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\enDSvop.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\vBWPgeV.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\CNFdoAJ.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\KurLwpB.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\VqgJNdC.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\ZESzNhO.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\hHjswzz.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\PInGNYV.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\yCMZMTb.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\wvNGpuR.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\oOCPruj.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\lWvFhum.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\ehzMuZI.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\XGURMnA.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\mlcyMFe.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\FKCwthy.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\juLdZdu.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\mqHaDSw.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\TlAhEIw.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\MNdYgSV.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\UeluHGh.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\YiKANGa.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\KnQkpzY.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\vJMSxpw.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\vgNdaID.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\VSjSPxX.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\MwcXZMS.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\erGniEI.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\fDIXCKB.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\aPZBnYH.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\naSDGwN.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\zTnnxdb.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\kTndTxS.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\ltsaNHu.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\RYZZiYH.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\zeoRcNe.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\ggCnqOB.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\yHjpMJD.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\dSluxDa.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\FOjvuom.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\nDrgNQu.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\GucIRIF.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\HPEJoeu.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\cIlxVcu.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\YfeCJly.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\OJRITBb.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\UbbnRtS.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\GasuKPV.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\YGphTwu.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\TmsAqrr.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\mlKnBki.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\jdUYitX.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\WdLCWPG.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\qqFHkTH.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\NQgjcZk.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
File created	C:\Windows\System\ZIIMUEg.exe	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14956	dwm.exe
Token: SeChangeNotifyPrivilege	14956	dwm.exe
Token: 33	14956	dwm.exe
Token: SeIncBasePriorityPrivilege	14956	dwm.exe
Token: SeShutdownPrivilege	14956	dwm.exe
Token: SeCreatePagefilePrivilege	14956	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 2976	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	84
PID 4788 wrote to memory of 2976	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	84
PID 4788 wrote to memory of 1684	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	85
PID 4788 wrote to memory of 1684	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	85
PID 4788 wrote to memory of 1280	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	86
PID 4788 wrote to memory of 1280	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	86
PID 4788 wrote to memory of 3320	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	87
PID 4788 wrote to memory of 3320	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	87
PID 4788 wrote to memory of 1352	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	88
PID 4788 wrote to memory of 1352	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	88
PID 4788 wrote to memory of 1996	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	89
PID 4788 wrote to memory of 1996	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	89
PID 4788 wrote to memory of 1088	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	90
PID 4788 wrote to memory of 1088	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	90
PID 4788 wrote to memory of 3788	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	91
PID 4788 wrote to memory of 3788	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	91
PID 4788 wrote to memory of 4004	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	92
PID 4788 wrote to memory of 4004	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	92
PID 4788 wrote to memory of 1936	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	93
PID 4788 wrote to memory of 1936	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	93
PID 4788 wrote to memory of 1268	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	94
PID 4788 wrote to memory of 1268	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	94
PID 4788 wrote to memory of 4140	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	95
PID 4788 wrote to memory of 4140	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	95
PID 4788 wrote to memory of 1488	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	96
PID 4788 wrote to memory of 1488	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	96
PID 4788 wrote to memory of 2544	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	97
PID 4788 wrote to memory of 2544	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	97
PID 4788 wrote to memory of 1968	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	98
PID 4788 wrote to memory of 1968	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	98
PID 4788 wrote to memory of 4284	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	99
PID 4788 wrote to memory of 4284	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	99
PID 4788 wrote to memory of 1908	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	100
PID 4788 wrote to memory of 1908	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	100
PID 4788 wrote to memory of 2536	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	101
PID 4788 wrote to memory of 2536	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	101
PID 4788 wrote to memory of 4580	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	102
PID 4788 wrote to memory of 4580	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	102
PID 4788 wrote to memory of 4280	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	103
PID 4788 wrote to memory of 4280	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	103
PID 4788 wrote to memory of 624	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	104
PID 4788 wrote to memory of 624	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	104
PID 4788 wrote to memory of 2592	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	105
PID 4788 wrote to memory of 2592	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	105
PID 4788 wrote to memory of 4824	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	106
PID 4788 wrote to memory of 4824	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	106
PID 4788 wrote to memory of 2176	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	107
PID 4788 wrote to memory of 2176	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	107
PID 4788 wrote to memory of 2964	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	108
PID 4788 wrote to memory of 2964	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	108
PID 4788 wrote to memory of 3204	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	109
PID 4788 wrote to memory of 3204	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	109
PID 4788 wrote to memory of 3208	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	110
PID 4788 wrote to memory of 3208	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	110
PID 4788 wrote to memory of 696	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	111
PID 4788 wrote to memory of 696	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	111
PID 4788 wrote to memory of 4928	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	112
PID 4788 wrote to memory of 4928	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	112
PID 4788 wrote to memory of 1484	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	113
PID 4788 wrote to memory of 1484	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	113
PID 4788 wrote to memory of 2384	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	114
PID 4788 wrote to memory of 2384	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	114
PID 4788 wrote to memory of 3244	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	115
PID 4788 wrote to memory of 3244	4788	78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe	115

C:\Users\Admin\AppData\Local\Temp\78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe
"C:\Users\Admin\AppData\Local\Temp\78beea5f5d22cff509c9743f438a9e146b27b8af2f18de5b3fd9b0e2c5e3a833.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\System\WBnbAnP.exe
  C:\Windows\System\WBnbAnP.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\CjKaxFK.exe
  C:\Windows\System\CjKaxFK.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\UqHUtAz.exe
  C:\Windows\System\UqHUtAz.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\VfpNjcO.exe
  C:\Windows\System\VfpNjcO.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\SIQUdFe.exe
  C:\Windows\System\SIQUdFe.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\XrGOrwH.exe
  C:\Windows\System\XrGOrwH.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\UsFXDfn.exe
  C:\Windows\System\UsFXDfn.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\HZWsrVC.exe
  C:\Windows\System\HZWsrVC.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\XGURMnA.exe
  C:\Windows\System\XGURMnA.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\TdOpnQM.exe
  C:\Windows\System\TdOpnQM.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\OueXvNv.exe
  C:\Windows\System\OueXvNv.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\UmjsXWJ.exe
  C:\Windows\System\UmjsXWJ.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\PePVVcV.exe
  C:\Windows\System\PePVVcV.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\jxZjxWD.exe
  C:\Windows\System\jxZjxWD.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\jMwuPIZ.exe
  C:\Windows\System\jMwuPIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\VOoiDmG.exe
  C:\Windows\System\VOoiDmG.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\InQvLCN.exe
  C:\Windows\System\InQvLCN.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\BRGWuZk.exe
  C:\Windows\System\BRGWuZk.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\ujgyQbb.exe
  C:\Windows\System\ujgyQbb.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\geZkQVV.exe
  C:\Windows\System\geZkQVV.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\TxAZQuz.exe
  C:\Windows\System\TxAZQuz.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\QBIxcLy.exe
  C:\Windows\System\QBIxcLy.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\lqmmkrP.exe
  C:\Windows\System\lqmmkrP.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\fIKDkHh.exe
  C:\Windows\System\fIKDkHh.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\UeluHGh.exe
  C:\Windows\System\UeluHGh.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\FqIyXfQ.exe
  C:\Windows\System\FqIyXfQ.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\lMvkVJw.exe
  C:\Windows\System\lMvkVJw.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\VBMUumg.exe
  C:\Windows\System\VBMUumg.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\LIyBqGT.exe
  C:\Windows\System\LIyBqGT.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\ZGLfQKE.exe
  C:\Windows\System\ZGLfQKE.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\ijSosVI.exe
  C:\Windows\System\ijSosVI.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\rNspWJH.exe
  C:\Windows\System\rNspWJH.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\qCNklDm.exe
  C:\Windows\System\qCNklDm.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\llZRpfr.exe
  C:\Windows\System\llZRpfr.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\xeTuZfG.exe
  C:\Windows\System\xeTuZfG.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\vIZyyGS.exe
  C:\Windows\System\vIZyyGS.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\GgRXKUy.exe
  C:\Windows\System\GgRXKUy.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\pipUBLL.exe
  C:\Windows\System\pipUBLL.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\hrnrGKK.exe
  C:\Windows\System\hrnrGKK.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\VGIXnYY.exe
  C:\Windows\System\VGIXnYY.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\xuENNlW.exe
  C:\Windows\System\xuENNlW.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\qIjkmOa.exe
  C:\Windows\System\qIjkmOa.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\Lducezp.exe
  C:\Windows\System\Lducezp.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\iGTwbKs.exe
  C:\Windows\System\iGTwbKs.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\PEdNtpB.exe
  C:\Windows\System\PEdNtpB.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\YqTcFHP.exe
  C:\Windows\System\YqTcFHP.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\LSqQcbZ.exe
  C:\Windows\System\LSqQcbZ.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\NjLmCnF.exe
  C:\Windows\System\NjLmCnF.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\XmsBSmE.exe
  C:\Windows\System\XmsBSmE.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\eKFcZKU.exe
  C:\Windows\System\eKFcZKU.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\SFdLAeF.exe
  C:\Windows\System\SFdLAeF.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\etJgjHe.exe
  C:\Windows\System\etJgjHe.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\fprKpWw.exe
  C:\Windows\System\fprKpWw.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\VQRtpzu.exe
  C:\Windows\System\VQRtpzu.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\UFVYQDN.exe
  C:\Windows\System\UFVYQDN.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\URYWLWK.exe
  C:\Windows\System\URYWLWK.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\YhPSbWj.exe
  C:\Windows\System\YhPSbWj.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\ggCnqOB.exe
  C:\Windows\System\ggCnqOB.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\ylomXFV.exe
  C:\Windows\System\ylomXFV.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\WRugJRw.exe
  C:\Windows\System\WRugJRw.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\fVZkACi.exe
  C:\Windows\System\fVZkACi.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\rPyTqbD.exe
  C:\Windows\System\rPyTqbD.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\UiuQTox.exe
  C:\Windows\System\UiuQTox.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\PxBrahi.exe
  C:\Windows\System\PxBrahi.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\NyolXPn.exe
  C:\Windows\System\NyolXPn.exe
  2⤵
  PID:748
- C:\Windows\System\aPlPQEx.exe
  C:\Windows\System\aPlPQEx.exe
  2⤵
  PID:5016
- C:\Windows\System\wjlyYsy.exe
  C:\Windows\System\wjlyYsy.exe
  2⤵
  PID:2848
- C:\Windows\System\HcGUgtf.exe
  C:\Windows\System\HcGUgtf.exe
  2⤵
  PID:4228
- C:\Windows\System\vRCkIwE.exe
  C:\Windows\System\vRCkIwE.exe
  2⤵
  PID:1712
- C:\Windows\System\FWVPOoQ.exe
  C:\Windows\System\FWVPOoQ.exe
  2⤵
  PID:4696
- C:\Windows\System\EaSfhJP.exe
  C:\Windows\System\EaSfhJP.exe
  2⤵
  PID:3512
- C:\Windows\System\suScYhG.exe
  C:\Windows\System\suScYhG.exe
  2⤵
  PID:3760
- C:\Windows\System\VxJDFYj.exe
  C:\Windows\System\VxJDFYj.exe
  2⤵
  PID:1248
- C:\Windows\System\ttvkBAX.exe
  C:\Windows\System\ttvkBAX.exe
  2⤵
  PID:1584
- C:\Windows\System\yojWnQw.exe
  C:\Windows\System\yojWnQw.exe
  2⤵
  PID:4308
- C:\Windows\System\SQGHIKB.exe
  C:\Windows\System\SQGHIKB.exe
  2⤵
  PID:4536
- C:\Windows\System\PSppAhQ.exe
  C:\Windows\System\PSppAhQ.exe
  2⤵
  PID:2952
- C:\Windows\System\vZUThJp.exe
  C:\Windows\System\vZUThJp.exe
  2⤵
  PID:2832
- C:\Windows\System\bVfcVxA.exe
  C:\Windows\System\bVfcVxA.exe
  2⤵
  PID:2512
- C:\Windows\System\kBVOegS.exe
  C:\Windows\System\kBVOegS.exe
  2⤵
  PID:1932
- C:\Windows\System\eQniFAU.exe
  C:\Windows\System\eQniFAU.exe
  2⤵
  PID:1588
- C:\Windows\System\oeUPsRj.exe
  C:\Windows\System\oeUPsRj.exe
  2⤵
  PID:1400
- C:\Windows\System\HVKBJdj.exe
  C:\Windows\System\HVKBJdj.exe
  2⤵
  PID:3276
- C:\Windows\System\fofyCVe.exe
  C:\Windows\System\fofyCVe.exe
  2⤵
  PID:2924
- C:\Windows\System\zrYQXDs.exe
  C:\Windows\System\zrYQXDs.exe
  2⤵
  PID:2172
- C:\Windows\System\KDlAGRi.exe
  C:\Windows\System\KDlAGRi.exe
  2⤵
  PID:2300
- C:\Windows\System\lIWAuIu.exe
  C:\Windows\System\lIWAuIu.exe
  2⤵
  PID:4464
- C:\Windows\System\QbcgVwJ.exe
  C:\Windows\System\QbcgVwJ.exe
  2⤵
  PID:836
- C:\Windows\System\JSNOdyL.exe
  C:\Windows\System\JSNOdyL.exe
  2⤵
  PID:2576
- C:\Windows\System\glJqebf.exe
  C:\Windows\System\glJqebf.exe
  2⤵
  PID:728
- C:\Windows\System\xBQXNht.exe
  C:\Windows\System\xBQXNht.exe
  2⤵
  PID:864
- C:\Windows\System\mXKhvab.exe
  C:\Windows\System\mXKhvab.exe
  2⤵
  PID:400
- C:\Windows\System\biaxgDl.exe
  C:\Windows\System\biaxgDl.exe
  2⤵
  PID:2456
- C:\Windows\System\ZelWkwO.exe
  C:\Windows\System\ZelWkwO.exe
  2⤵
  PID:4160
- C:\Windows\System\xgQteEH.exe
  C:\Windows\System\xgQteEH.exe
  2⤵
  PID:4668
- C:\Windows\System\ABjvMOa.exe
  C:\Windows\System\ABjvMOa.exe
  2⤵
  PID:444
- C:\Windows\System\mlcyMFe.exe
  C:\Windows\System\mlcyMFe.exe
  2⤵
  PID:4204
- C:\Windows\System\iyvcVZC.exe
  C:\Windows\System\iyvcVZC.exe
  2⤵
  PID:5128
- C:\Windows\System\pJIJSNl.exe
  C:\Windows\System\pJIJSNl.exe
  2⤵
  PID:5160
- C:\Windows\System\BmVmwcl.exe
  C:\Windows\System\BmVmwcl.exe
  2⤵
  PID:5192
- C:\Windows\System\ulJPFzz.exe
  C:\Windows\System\ulJPFzz.exe
  2⤵
  PID:5216
- C:\Windows\System\UBzOdJA.exe
  C:\Windows\System\UBzOdJA.exe
  2⤵
  PID:5248
- C:\Windows\System\nHJaqsM.exe
  C:\Windows\System\nHJaqsM.exe
  2⤵
  PID:5280
- C:\Windows\System\PwTKKzF.exe
  C:\Windows\System\PwTKKzF.exe
  2⤵
  PID:5304
- C:\Windows\System\ssNSlya.exe
  C:\Windows\System\ssNSlya.exe
  2⤵
  PID:5332
- C:\Windows\System\wIGzzGY.exe
  C:\Windows\System\wIGzzGY.exe
  2⤵
  PID:5364
- C:\Windows\System\aHMuJTY.exe
  C:\Windows\System\aHMuJTY.exe
  2⤵
  PID:5392
- C:\Windows\System\CnSqvqN.exe
  C:\Windows\System\CnSqvqN.exe
  2⤵
  PID:5428
- C:\Windows\System\AmiLppZ.exe
  C:\Windows\System\AmiLppZ.exe
  2⤵
  PID:5456
- C:\Windows\System\CgiEgeq.exe
  C:\Windows\System\CgiEgeq.exe
  2⤵
  PID:5484
- C:\Windows\System\qMoHLSc.exe
  C:\Windows\System\qMoHLSc.exe
  2⤵
  PID:5512
- C:\Windows\System\XlyZtZX.exe
  C:\Windows\System\XlyZtZX.exe
  2⤵
  PID:5544
- C:\Windows\System\ODNpleT.exe
  C:\Windows\System\ODNpleT.exe
  2⤵
  PID:5572
- C:\Windows\System\mlKnBki.exe
  C:\Windows\System\mlKnBki.exe
  2⤵
  PID:5588
- C:\Windows\System\YEHYvmi.exe
  C:\Windows\System\YEHYvmi.exe
  2⤵
  PID:5612
- C:\Windows\System\RIBXeNa.exe
  C:\Windows\System\RIBXeNa.exe
  2⤵
  PID:5648
- C:\Windows\System\SnxBTZL.exe
  C:\Windows\System\SnxBTZL.exe
  2⤵
  PID:5696
- C:\Windows\System\PLFJPWm.exe
  C:\Windows\System\PLFJPWm.exe
  2⤵
  PID:5712
- C:\Windows\System\FxCiZAG.exe
  C:\Windows\System\FxCiZAG.exe
  2⤵
  PID:5752
- C:\Windows\System\lhiIGlW.exe
  C:\Windows\System\lhiIGlW.exe
  2⤵
  PID:5768
- C:\Windows\System\QPrGgpX.exe
  C:\Windows\System\QPrGgpX.exe
  2⤵
  PID:5808
- C:\Windows\System\qqFHkTH.exe
  C:\Windows\System\qqFHkTH.exe
  2⤵
  PID:5832
- C:\Windows\System\EOWRTGN.exe
  C:\Windows\System\EOWRTGN.exe
  2⤵
  PID:5860
- C:\Windows\System\GucIRIF.exe
  C:\Windows\System\GucIRIF.exe
  2⤵
  PID:5880
- C:\Windows\System\rlsKBik.exe
  C:\Windows\System\rlsKBik.exe
  2⤵
  PID:5904
- C:\Windows\System\VqgJNdC.exe
  C:\Windows\System\VqgJNdC.exe
  2⤵
  PID:5924
- C:\Windows\System\XbeWmwT.exe
  C:\Windows\System\XbeWmwT.exe
  2⤵
  PID:5952
- C:\Windows\System\voxygGz.exe
  C:\Windows\System\voxygGz.exe
  2⤵
  PID:5984
- C:\Windows\System\sJtsbzu.exe
  C:\Windows\System\sJtsbzu.exe
  2⤵
  PID:6016
- C:\Windows\System\INDYGJp.exe
  C:\Windows\System\INDYGJp.exe
  2⤵
  PID:6040
- C:\Windows\System\pAATbJe.exe
  C:\Windows\System\pAATbJe.exe
  2⤵
  PID:6076
- C:\Windows\System\JWYhSsd.exe
  C:\Windows\System\JWYhSsd.exe
  2⤵
  PID:6108
- C:\Windows\System\WNogzQn.exe
  C:\Windows\System\WNogzQn.exe
  2⤵
  PID:6136
- C:\Windows\System\oLJCyro.exe
  C:\Windows\System\oLJCyro.exe
  2⤵
  PID:5148
- C:\Windows\System\rVEVNSV.exe
  C:\Windows\System\rVEVNSV.exe
  2⤵
  PID:5208
- C:\Windows\System\yiUkBrP.exe
  C:\Windows\System\yiUkBrP.exe
  2⤵
  PID:5292
- C:\Windows\System\OVjrwBM.exe
  C:\Windows\System\OVjrwBM.exe
  2⤵
  PID:5388
- C:\Windows\System\RsgCugI.exe
  C:\Windows\System\RsgCugI.exe
  2⤵
  PID:5500
- C:\Windows\System\DJKshkF.exe
  C:\Windows\System\DJKshkF.exe
  2⤵
  PID:5552
- C:\Windows\System\bfyITKL.exe
  C:\Windows\System\bfyITKL.exe
  2⤵
  PID:2344
- C:\Windows\System\wupNCwI.exe
  C:\Windows\System\wupNCwI.exe
  2⤵
  PID:5668
- C:\Windows\System\vKfKrAe.exe
  C:\Windows\System\vKfKrAe.exe
  2⤵
  PID:5744
- C:\Windows\System\uDfJKNL.exe
  C:\Windows\System\uDfJKNL.exe
  2⤵
  PID:5780
- C:\Windows\System\hXhRdnr.exe
  C:\Windows\System\hXhRdnr.exe
  2⤵
  PID:5892
- C:\Windows\System\VPLfRGW.exe
  C:\Windows\System\VPLfRGW.exe
  2⤵
  PID:5964
- C:\Windows\System\dDpgDiG.exe
  C:\Windows\System\dDpgDiG.exe
  2⤵
  PID:5968
- C:\Windows\System\SCLUClE.exe
  C:\Windows\System\SCLUClE.exe
  2⤵
  PID:6036
- C:\Windows\System\qoBjqcR.exe
  C:\Windows\System\qoBjqcR.exe
  2⤵
  PID:6100
- C:\Windows\System\goQHIrx.exe
  C:\Windows\System\goQHIrx.exe
  2⤵
  PID:5124
- C:\Windows\System\PzUBpit.exe
  C:\Windows\System\PzUBpit.exe
  2⤵
  PID:5256
- C:\Windows\System\MPMdnJQ.exe
  C:\Windows\System\MPMdnJQ.exe
  2⤵
  PID:3656
- C:\Windows\System\KwNESRJ.exe
  C:\Windows\System\KwNESRJ.exe
  2⤵
  PID:2356
- C:\Windows\System\vuKBAZc.exe
  C:\Windows\System\vuKBAZc.exe
  2⤵
  PID:5596
- C:\Windows\System\JfJSwdM.exe
  C:\Windows\System\JfJSwdM.exe
  2⤵
  PID:5796
- C:\Windows\System\jEHntXz.exe
  C:\Windows\System\jEHntXz.exe
  2⤵
  PID:6008
- C:\Windows\System\YrwxeMp.exe
  C:\Windows\System\YrwxeMp.exe
  2⤵
  PID:5356
- C:\Windows\System\YnFRyBQ.exe
  C:\Windows\System\YnFRyBQ.exe
  2⤵
  PID:2676
- C:\Windows\System\lvLreiH.exe
  C:\Windows\System\lvLreiH.exe
  2⤵
  PID:5944
- C:\Windows\System\vdmfZxY.exe
  C:\Windows\System\vdmfZxY.exe
  2⤵
  PID:5264
- C:\Windows\System\nHtOCYZ.exe
  C:\Windows\System\nHtOCYZ.exe
  2⤵
  PID:2984
- C:\Windows\System\JUEHlWA.exe
  C:\Windows\System\JUEHlWA.exe
  2⤵
  PID:6160
- C:\Windows\System\MSpvyMT.exe
  C:\Windows\System\MSpvyMT.exe
  2⤵
  PID:6188
- C:\Windows\System\zgXkKQl.exe
  C:\Windows\System\zgXkKQl.exe
  2⤵
  PID:6204
- C:\Windows\System\OJRITBb.exe
  C:\Windows\System\OJRITBb.exe
  2⤵
  PID:6244
- C:\Windows\System\ABILnvw.exe
  C:\Windows\System\ABILnvw.exe
  2⤵
  PID:6272
- C:\Windows\System\eyJjOKr.exe
  C:\Windows\System\eyJjOKr.exe
  2⤵
  PID:6300
- C:\Windows\System\AccEZtH.exe
  C:\Windows\System\AccEZtH.exe
  2⤵
  PID:6336
- C:\Windows\System\OyFctXG.exe
  C:\Windows\System\OyFctXG.exe
  2⤵
  PID:6364
- C:\Windows\System\LTDhCuN.exe
  C:\Windows\System\LTDhCuN.exe
  2⤵
  PID:6400
- C:\Windows\System\HPgScje.exe
  C:\Windows\System\HPgScje.exe
  2⤵
  PID:6424
- C:\Windows\System\eDVhYAI.exe
  C:\Windows\System\eDVhYAI.exe
  2⤵
  PID:6452
- C:\Windows\System\BlieACR.exe
  C:\Windows\System\BlieACR.exe
  2⤵
  PID:6480
- C:\Windows\System\PnZOdWd.exe
  C:\Windows\System\PnZOdWd.exe
  2⤵
  PID:6516
- C:\Windows\System\bDRKVcN.exe
  C:\Windows\System\bDRKVcN.exe
  2⤵
  PID:6540
- C:\Windows\System\Gjuhcvu.exe
  C:\Windows\System\Gjuhcvu.exe
  2⤵
  PID:6572
- C:\Windows\System\yHjpMJD.exe
  C:\Windows\System\yHjpMJD.exe
  2⤵
  PID:6604
- C:\Windows\System\XWPTGBE.exe
  C:\Windows\System\XWPTGBE.exe
  2⤵
  PID:6628
- C:\Windows\System\kvPGBQy.exe
  C:\Windows\System\kvPGBQy.exe
  2⤵
  PID:6652
- C:\Windows\System\PiGidgb.exe
  C:\Windows\System\PiGidgb.exe
  2⤵
  PID:6680
- C:\Windows\System\vUxZzmp.exe
  C:\Windows\System\vUxZzmp.exe
  2⤵
  PID:6708
- C:\Windows\System\qzBQxdy.exe
  C:\Windows\System\qzBQxdy.exe
  2⤵
  PID:6740
- C:\Windows\System\QnqnwRo.exe
  C:\Windows\System\QnqnwRo.exe
  2⤵
  PID:6768
- C:\Windows\System\KnUWQHR.exe
  C:\Windows\System\KnUWQHR.exe
  2⤵
  PID:6792
- C:\Windows\System\McCvNVf.exe
  C:\Windows\System\McCvNVf.exe
  2⤵
  PID:6824
- C:\Windows\System\rzIbtEB.exe
  C:\Windows\System\rzIbtEB.exe
  2⤵
  PID:6864
- C:\Windows\System\ZESzNhO.exe
  C:\Windows\System\ZESzNhO.exe
  2⤵
  PID:6892
- C:\Windows\System\dBydnAl.exe
  C:\Windows\System\dBydnAl.exe
  2⤵
  PID:6936
- C:\Windows\System\pYbDHWM.exe
  C:\Windows\System\pYbDHWM.exe
  2⤵
  PID:6976
- C:\Windows\System\hMahEDk.exe
  C:\Windows\System\hMahEDk.exe
  2⤵
  PID:7004
- C:\Windows\System\ydqxiKM.exe
  C:\Windows\System\ydqxiKM.exe
  2⤵
  PID:7032
- C:\Windows\System\hlvdDYb.exe
  C:\Windows\System\hlvdDYb.exe
  2⤵
  PID:7060
- C:\Windows\System\FCwsiFE.exe
  C:\Windows\System\FCwsiFE.exe
  2⤵
  PID:7092
- C:\Windows\System\vVQmlWQ.exe
  C:\Windows\System\vVQmlWQ.exe
  2⤵
  PID:7120
- C:\Windows\System\HPEJoeu.exe
  C:\Windows\System\HPEJoeu.exe
  2⤵
  PID:7148
- C:\Windows\System\YkDkNvL.exe
  C:\Windows\System\YkDkNvL.exe
  2⤵
  PID:6148
- C:\Windows\System\qubsXfT.exe
  C:\Windows\System\qubsXfT.exe
  2⤵
  PID:6216
- C:\Windows\System\jdUYitX.exe
  C:\Windows\System\jdUYitX.exe
  2⤵
  PID:6288
- C:\Windows\System\msOwMdL.exe
  C:\Windows\System\msOwMdL.exe
  2⤵
  PID:4428
- C:\Windows\System\WdLCWPG.exe
  C:\Windows\System\WdLCWPG.exe
  2⤵
  PID:6416
- C:\Windows\System\bgthFxN.exe
  C:\Windows\System\bgthFxN.exe
  2⤵
  PID:6464
- C:\Windows\System\HrZFEMc.exe
  C:\Windows\System\HrZFEMc.exe
  2⤵
  PID:6532
- C:\Windows\System\XXeJKOR.exe
  C:\Windows\System\XXeJKOR.exe
  2⤵
  PID:6596
- C:\Windows\System\ytwXsCc.exe
  C:\Windows\System\ytwXsCc.exe
  2⤵
  PID:6664
- C:\Windows\System\IcmzzVQ.exe
  C:\Windows\System\IcmzzVQ.exe
  2⤵
  PID:6700
- C:\Windows\System\YQodcvA.exe
  C:\Windows\System\YQodcvA.exe
  2⤵
  PID:6776
- C:\Windows\System\SkqbWeC.exe
  C:\Windows\System\SkqbWeC.exe
  2⤵
  PID:6816
- C:\Windows\System\hiIojUs.exe
  C:\Windows\System\hiIojUs.exe
  2⤵
  PID:6904
- C:\Windows\System\jsEpXjp.exe
  C:\Windows\System\jsEpXjp.exe
  2⤵
  PID:7000
- C:\Windows\System\qKLamHO.exe
  C:\Windows\System\qKLamHO.exe
  2⤵
  PID:7052
- C:\Windows\System\oeERZbS.exe
  C:\Windows\System\oeERZbS.exe
  2⤵
  PID:7116
- C:\Windows\System\WmKQapy.exe
  C:\Windows\System\WmKQapy.exe
  2⤵
  PID:4568
- C:\Windows\System\ItgBgzE.exe
  C:\Windows\System\ItgBgzE.exe
  2⤵
  PID:6316
- C:\Windows\System\DAlKubX.exe
  C:\Windows\System\DAlKubX.exe
  2⤵
  PID:6492
- C:\Windows\System\YsTryCC.exe
  C:\Windows\System\YsTryCC.exe
  2⤵
  PID:6588
- C:\Windows\System\vnCQscx.exe
  C:\Windows\System\vnCQscx.exe
  2⤵
  PID:6620
- C:\Windows\System\ZBZkmkO.exe
  C:\Windows\System\ZBZkmkO.exe
  2⤵
  PID:6756
- C:\Windows\System\kEXxxDP.exe
  C:\Windows\System\kEXxxDP.exe
  2⤵
  PID:6888
- C:\Windows\System\PInGNYV.exe
  C:\Windows\System\PInGNYV.exe
  2⤵
  PID:7072
- C:\Windows\System\OPUzMZC.exe
  C:\Windows\System\OPUzMZC.exe
  2⤵
  PID:6252
- C:\Windows\System\hoAuPay.exe
  C:\Windows\System\hoAuPay.exe
  2⤵
  PID:6580
- C:\Windows\System\LrDNgdY.exe
  C:\Windows\System\LrDNgdY.exe
  2⤵
  PID:6884
- C:\Windows\System\ABGGeey.exe
  C:\Windows\System\ABGGeey.exe
  2⤵
  PID:6156
- C:\Windows\System\NMUPuOU.exe
  C:\Windows\System\NMUPuOU.exe
  2⤵
  PID:6728
- C:\Windows\System\EZBBcot.exe
  C:\Windows\System\EZBBcot.exe
  2⤵
  PID:7144
- C:\Windows\System\XJFBQPt.exe
  C:\Windows\System\XJFBQPt.exe
  2⤵
  PID:7188
- C:\Windows\System\ZNJqlIo.exe
  C:\Windows\System\ZNJqlIo.exe
  2⤵
  PID:7220
- C:\Windows\System\TisgeJq.exe
  C:\Windows\System\TisgeJq.exe
  2⤵
  PID:7244
- C:\Windows\System\vFmosdQ.exe
  C:\Windows\System\vFmosdQ.exe
  2⤵
  PID:7280
- C:\Windows\System\rMtXuNe.exe
  C:\Windows\System\rMtXuNe.exe
  2⤵
  PID:7300
- C:\Windows\System\TBQRcOl.exe
  C:\Windows\System\TBQRcOl.exe
  2⤵
  PID:7328
- C:\Windows\System\UbbnRtS.exe
  C:\Windows\System\UbbnRtS.exe
  2⤵
  PID:7356
- C:\Windows\System\fKdqbkw.exe
  C:\Windows\System\fKdqbkw.exe
  2⤵
  PID:7388
- C:\Windows\System\iDRuVpy.exe
  C:\Windows\System\iDRuVpy.exe
  2⤵
  PID:7420
- C:\Windows\System\focxZxG.exe
  C:\Windows\System\focxZxG.exe
  2⤵
  PID:7472
- C:\Windows\System\fDIXCKB.exe
  C:\Windows\System\fDIXCKB.exe
  2⤵
  PID:7500
- C:\Windows\System\kACYTsw.exe
  C:\Windows\System\kACYTsw.exe
  2⤵
  PID:7516
- C:\Windows\System\PvzchgK.exe
  C:\Windows\System\PvzchgK.exe
  2⤵
  PID:7544
- C:\Windows\System\kABaTeC.exe
  C:\Windows\System\kABaTeC.exe
  2⤵
  PID:7584
- C:\Windows\System\YGphTwu.exe
  C:\Windows\System\YGphTwu.exe
  2⤵
  PID:7608
- C:\Windows\System\fDTpqxW.exe
  C:\Windows\System\fDTpqxW.exe
  2⤵
  PID:7644
- C:\Windows\System\JKGnofc.exe
  C:\Windows\System\JKGnofc.exe
  2⤵
  PID:7676
- C:\Windows\System\cIlxVcu.exe
  C:\Windows\System\cIlxVcu.exe
  2⤵
  PID:7724
- C:\Windows\System\tcJTDjx.exe
  C:\Windows\System\tcJTDjx.exe
  2⤵
  PID:7744
- C:\Windows\System\herZlqK.exe
  C:\Windows\System\herZlqK.exe
  2⤵
  PID:7768
- C:\Windows\System\DnQbGZG.exe
  C:\Windows\System\DnQbGZG.exe
  2⤵
  PID:7792
- C:\Windows\System\IlfHiWY.exe
  C:\Windows\System\IlfHiWY.exe
  2⤵
  PID:7816
- C:\Windows\System\COGoUuL.exe
  C:\Windows\System\COGoUuL.exe
  2⤵
  PID:7836
- C:\Windows\System\FOltHjs.exe
  C:\Windows\System\FOltHjs.exe
  2⤵
  PID:7872
- C:\Windows\System\dHevFaW.exe
  C:\Windows\System\dHevFaW.exe
  2⤵
  PID:7908
- C:\Windows\System\iserHlt.exe
  C:\Windows\System\iserHlt.exe
  2⤵
  PID:7952
- C:\Windows\System\TQtpOje.exe
  C:\Windows\System\TQtpOje.exe
  2⤵
  PID:7984
- C:\Windows\System\TnnUmHu.exe
  C:\Windows\System\TnnUmHu.exe
  2⤵
  PID:8028
- C:\Windows\System\NajLApo.exe
  C:\Windows\System\NajLApo.exe
  2⤵
  PID:8048
- C:\Windows\System\HGtDAql.exe
  C:\Windows\System\HGtDAql.exe
  2⤵
  PID:8084
- C:\Windows\System\DEcmlOm.exe
  C:\Windows\System\DEcmlOm.exe
  2⤵
  PID:8104
- C:\Windows\System\AAOPrha.exe
  C:\Windows\System\AAOPrha.exe
  2⤵
  PID:8132
- C:\Windows\System\iffVtwM.exe
  C:\Windows\System\iffVtwM.exe
  2⤵
  PID:8172
- C:\Windows\System\UsouuxD.exe
  C:\Windows\System\UsouuxD.exe
  2⤵
  PID:7232
- C:\Windows\System\YfMabSc.exe
  C:\Windows\System\YfMabSc.exe
  2⤵
  PID:7296
- C:\Windows\System\vTnVoJv.exe
  C:\Windows\System\vTnVoJv.exe
  2⤵
  PID:7412
- C:\Windows\System\hHjswzz.exe
  C:\Windows\System\hHjswzz.exe
  2⤵
  PID:7492
- C:\Windows\System\rDrTjTw.exe
  C:\Windows\System\rDrTjTw.exe
  2⤵
  PID:7540
- C:\Windows\System\YiKANGa.exe
  C:\Windows\System\YiKANGa.exe
  2⤵
  PID:7592
- C:\Windows\System\oWhhpNg.exe
  C:\Windows\System\oWhhpNg.exe
  2⤵
  PID:7668
- C:\Windows\System\sVcpKPC.exe
  C:\Windows\System\sVcpKPC.exe
  2⤵
  PID:7784
- C:\Windows\System\zEEUXgG.exe
  C:\Windows\System\zEEUXgG.exe
  2⤵
  PID:7832
- C:\Windows\System\OZhaugf.exe
  C:\Windows\System\OZhaugf.exe
  2⤵
  PID:7936
- C:\Windows\System\plPotjg.exe
  C:\Windows\System\plPotjg.exe
  2⤵
  PID:7968
- C:\Windows\System\dSluxDa.exe
  C:\Windows\System\dSluxDa.exe
  2⤵
  PID:8068
- C:\Windows\System\xnGunDJ.exe
  C:\Windows\System\xnGunDJ.exe
  2⤵
  PID:2776
- C:\Windows\System\YbdJPGg.exe
  C:\Windows\System\YbdJPGg.exe
  2⤵
  PID:7264
- C:\Windows\System\vgNdaID.exe
  C:\Windows\System\vgNdaID.exe
  2⤵
  PID:7568
- C:\Windows\System\wyEDlvB.exe
  C:\Windows\System\wyEDlvB.exe
  2⤵
  PID:7620
- C:\Windows\System\kECWaei.exe
  C:\Windows\System\kECWaei.exe
  2⤵
  PID:7944
- C:\Windows\System\wtbIOeM.exe
  C:\Windows\System\wtbIOeM.exe
  2⤵
  PID:8008
- C:\Windows\System\mDMSjkg.exe
  C:\Windows\System\mDMSjkg.exe
  2⤵
  PID:7528
- C:\Windows\System\LIqJfQV.exe
  C:\Windows\System\LIqJfQV.exe
  2⤵
  PID:7736
- C:\Windows\System\FKCwthy.exe
  C:\Windows\System\FKCwthy.exe
  2⤵
  PID:7760
- C:\Windows\System\ZkcBQGo.exe
  C:\Windows\System\ZkcBQGo.exe
  2⤵
  PID:8216
- C:\Windows\System\uAvNGcg.exe
  C:\Windows\System\uAvNGcg.exe
  2⤵
  PID:8252
- C:\Windows\System\EPpsnFJ.exe
  C:\Windows\System\EPpsnFJ.exe
  2⤵
  PID:8280
- C:\Windows\System\HYdymsD.exe
  C:\Windows\System\HYdymsD.exe
  2⤵
  PID:8300
- C:\Windows\System\vCUbfdB.exe
  C:\Windows\System\vCUbfdB.exe
  2⤵
  PID:8328
- C:\Windows\System\tCsaxad.exe
  C:\Windows\System\tCsaxad.exe
  2⤵
  PID:8356
- C:\Windows\System\TnnqheI.exe
  C:\Windows\System\TnnqheI.exe
  2⤵
  PID:8396
- C:\Windows\System\nBJQjed.exe
  C:\Windows\System\nBJQjed.exe
  2⤵
  PID:8420
- C:\Windows\System\vvcGpCi.exe
  C:\Windows\System\vvcGpCi.exe
  2⤵
  PID:8436
- C:\Windows\System\eqAHtAp.exe
  C:\Windows\System\eqAHtAp.exe
  2⤵
  PID:8464
- C:\Windows\System\WjOmcDp.exe
  C:\Windows\System\WjOmcDp.exe
  2⤵
  PID:8488
- C:\Windows\System\qrsqRRV.exe
  C:\Windows\System\qrsqRRV.exe
  2⤵
  PID:8516
- C:\Windows\System\cytTqfE.exe
  C:\Windows\System\cytTqfE.exe
  2⤵
  PID:8552
- C:\Windows\System\UqELzRE.exe
  C:\Windows\System\UqELzRE.exe
  2⤵
  PID:8576
- C:\Windows\System\EypjYbN.exe
  C:\Windows\System\EypjYbN.exe
  2⤵
  PID:8604
- C:\Windows\System\FQUlgsW.exe
  C:\Windows\System\FQUlgsW.exe
  2⤵
  PID:8640
- C:\Windows\System\ReWlPIG.exe
  C:\Windows\System\ReWlPIG.exe
  2⤵
  PID:8680
- C:\Windows\System\yCMZMTb.exe
  C:\Windows\System\yCMZMTb.exe
  2⤵
  PID:8720
- C:\Windows\System\BkMRCDN.exe
  C:\Windows\System\BkMRCDN.exe
  2⤵
  PID:8740
- C:\Windows\System\dBHkpwq.exe
  C:\Windows\System\dBHkpwq.exe
  2⤵
  PID:8760
- C:\Windows\System\qKOqQNa.exe
  C:\Windows\System\qKOqQNa.exe
  2⤵
  PID:8804
- C:\Windows\System\yAnEYVR.exe
  C:\Windows\System\yAnEYVR.exe
  2⤵
  PID:8840
- C:\Windows\System\FCoqYTL.exe
  C:\Windows\System\FCoqYTL.exe
  2⤵
  PID:8860
- C:\Windows\System\BVGkGOO.exe
  C:\Windows\System\BVGkGOO.exe
  2⤵
  PID:8884
- C:\Windows\System\DbAbzUl.exe
  C:\Windows\System\DbAbzUl.exe
  2⤵
  PID:8920
- C:\Windows\System\WPWRwnT.exe
  C:\Windows\System\WPWRwnT.exe
  2⤵
  PID:8956
- C:\Windows\System\ynuSndu.exe
  C:\Windows\System\ynuSndu.exe
  2⤵
  PID:8980
- C:\Windows\System\pUbRkqf.exe
  C:\Windows\System\pUbRkqf.exe
  2⤵
  PID:9012
- C:\Windows\System\vodFdfc.exe
  C:\Windows\System\vodFdfc.exe
  2⤵
  PID:9044
- C:\Windows\System\fkwGldq.exe
  C:\Windows\System\fkwGldq.exe
  2⤵
  PID:9064
- C:\Windows\System\aWWqHDb.exe
  C:\Windows\System\aWWqHDb.exe
  2⤵
  PID:9108
- C:\Windows\System\VDdZFXc.exe
  C:\Windows\System\VDdZFXc.exe
  2⤵
  PID:9140
- C:\Windows\System\LmVYSkg.exe
  C:\Windows\System\LmVYSkg.exe
  2⤵
  PID:9200
- C:\Windows\System\DbHUIxC.exe
  C:\Windows\System\DbHUIxC.exe
  2⤵
  PID:7512
- C:\Windows\System\wkEhWnh.exe
  C:\Windows\System\wkEhWnh.exe
  2⤵
  PID:8228
- C:\Windows\System\NIMPkdh.exe
  C:\Windows\System\NIMPkdh.exe
  2⤵
  PID:8272
- C:\Windows\System\OVrBMXb.exe
  C:\Windows\System\OVrBMXb.exe
  2⤵
  PID:8344
- C:\Windows\System\CQPejLL.exe
  C:\Windows\System\CQPejLL.exe
  2⤵
  PID:8432
- C:\Windows\System\aHamzkg.exe
  C:\Windows\System\aHamzkg.exe
  2⤵
  PID:764
- C:\Windows\System\TEtIYOF.exe
  C:\Windows\System\TEtIYOF.exe
  2⤵
  PID:8484
- C:\Windows\System\EVVqgQY.exe
  C:\Windows\System\EVVqgQY.exe
  2⤵
  PID:8632
- C:\Windows\System\NoyKUGJ.exe
  C:\Windows\System\NoyKUGJ.exe
  2⤵
  PID:8736
- C:\Windows\System\MJeLKaD.exe
  C:\Windows\System\MJeLKaD.exe
  2⤵
  PID:8772
- C:\Windows\System\LDikrdJ.exe
  C:\Windows\System\LDikrdJ.exe
  2⤵
  PID:8788
- C:\Windows\System\imvQMmq.exe
  C:\Windows\System\imvQMmq.exe
  2⤵
  PID:7852
- C:\Windows\System\bgftkqO.exe
  C:\Windows\System\bgftkqO.exe
  2⤵
  PID:9008
- C:\Windows\System\IJQoCGA.exe
  C:\Windows\System\IJQoCGA.exe
  2⤵
  PID:9004
- C:\Windows\System\MPVMAnQ.exe
  C:\Windows\System\MPVMAnQ.exe
  2⤵
  PID:9124
- C:\Windows\System\uIyVypU.exe
  C:\Windows\System\uIyVypU.exe
  2⤵
  PID:9164
- C:\Windows\System\sfLKRmL.exe
  C:\Windows\System\sfLKRmL.exe
  2⤵
  PID:8248
- C:\Windows\System\EtDDWlb.exe
  C:\Windows\System\EtDDWlb.exe
  2⤵
  PID:8416
- C:\Windows\System\AAAYXMU.exe
  C:\Windows\System\AAAYXMU.exe
  2⤵
  PID:8572
- C:\Windows\System\UzwBzAi.exe
  C:\Windows\System\UzwBzAi.exe
  2⤵
  PID:8728
- C:\Windows\System\loMQcAe.exe
  C:\Windows\System\loMQcAe.exe
  2⤵
  PID:8908
- C:\Windows\System\vHlySpX.exe
  C:\Windows\System\vHlySpX.exe
  2⤵
  PID:9096
- C:\Windows\System\TvTfdvW.exe
  C:\Windows\System\TvTfdvW.exe
  2⤵
  PID:1524
- C:\Windows\System\KsfYgky.exe
  C:\Windows\System\KsfYgky.exe
  2⤵
  PID:8544
- C:\Windows\System\MLFdLma.exe
  C:\Windows\System\MLFdLma.exe
  2⤵
  PID:9000
- C:\Windows\System\tIGnmua.exe
  C:\Windows\System\tIGnmua.exe
  2⤵
  PID:8388
- C:\Windows\System\mKPgzrb.exe
  C:\Windows\System\mKPgzrb.exe
  2⤵
  PID:9184
- C:\Windows\System\zTnnxdb.exe
  C:\Windows\System\zTnnxdb.exe
  2⤵
  PID:9224
- C:\Windows\System\LCIlwlQ.exe
  C:\Windows\System\LCIlwlQ.exe
  2⤵
  PID:9256
- C:\Windows\System\xelQXPw.exe
  C:\Windows\System\xelQXPw.exe
  2⤵
  PID:9284
- C:\Windows\System\ltCvWTF.exe
  C:\Windows\System\ltCvWTF.exe
  2⤵
  PID:9312
- C:\Windows\System\ffbMNUC.exe
  C:\Windows\System\ffbMNUC.exe
  2⤵
  PID:9340
- C:\Windows\System\FToRRtO.exe
  C:\Windows\System\FToRRtO.exe
  2⤵
  PID:9368
- C:\Windows\System\kTndTxS.exe
  C:\Windows\System\kTndTxS.exe
  2⤵
  PID:9396
- C:\Windows\System\wzIiHNF.exe
  C:\Windows\System\wzIiHNF.exe
  2⤵
  PID:9428
- C:\Windows\System\hvHjyiV.exe
  C:\Windows\System\hvHjyiV.exe
  2⤵
  PID:9452
- C:\Windows\System\BxYMlqn.exe
  C:\Windows\System\BxYMlqn.exe
  2⤵
  PID:9480
- C:\Windows\System\BlVmmgh.exe
  C:\Windows\System\BlVmmgh.exe
  2⤵
  PID:9512
- C:\Windows\System\pVNvehl.exe
  C:\Windows\System\pVNvehl.exe
  2⤵
  PID:9536
- C:\Windows\System\UMQXCWL.exe
  C:\Windows\System\UMQXCWL.exe
  2⤵
  PID:9564
- C:\Windows\System\uiRSptq.exe
  C:\Windows\System\uiRSptq.exe
  2⤵
  PID:9592
- C:\Windows\System\zZwpShT.exe
  C:\Windows\System\zZwpShT.exe
  2⤵
  PID:9624
- C:\Windows\System\awNRgsj.exe
  C:\Windows\System\awNRgsj.exe
  2⤵
  PID:9652
- C:\Windows\System\LiwDNtu.exe
  C:\Windows\System\LiwDNtu.exe
  2⤵
  PID:9688
- C:\Windows\System\lhOjfHy.exe
  C:\Windows\System\lhOjfHy.exe
  2⤵
  PID:9724
- C:\Windows\System\KnQkpzY.exe
  C:\Windows\System\KnQkpzY.exe
  2⤵
  PID:9764
- C:\Windows\System\WIIUenp.exe
  C:\Windows\System\WIIUenp.exe
  2⤵
  PID:9800
- C:\Windows\System\RrHYeiu.exe
  C:\Windows\System\RrHYeiu.exe
  2⤵
  PID:9828
- C:\Windows\System\KYWkmin.exe
  C:\Windows\System\KYWkmin.exe
  2⤵
  PID:9856
- C:\Windows\System\LmMnslo.exe
  C:\Windows\System\LmMnslo.exe
  2⤵
  PID:9888
- C:\Windows\System\lBILkcm.exe
  C:\Windows\System\lBILkcm.exe
  2⤵
  PID:9912
- C:\Windows\System\nwuBNNg.exe
  C:\Windows\System\nwuBNNg.exe
  2⤵
  PID:9940
- C:\Windows\System\IVRjeOQ.exe
  C:\Windows\System\IVRjeOQ.exe
  2⤵
  PID:9968
- C:\Windows\System\YxrVXXh.exe
  C:\Windows\System\YxrVXXh.exe
  2⤵
  PID:9996
- C:\Windows\System\FEDArOw.exe
  C:\Windows\System\FEDArOw.exe
  2⤵
  PID:10012
- C:\Windows\System\NyIvFfH.exe
  C:\Windows\System\NyIvFfH.exe
  2⤵
  PID:10036
- C:\Windows\System\iSfNalQ.exe
  C:\Windows\System\iSfNalQ.exe
  2⤵
  PID:10052
- C:\Windows\System\nBSadpD.exe
  C:\Windows\System\nBSadpD.exe
  2⤵
  PID:10072
- C:\Windows\System\MXTIbdU.exe
  C:\Windows\System\MXTIbdU.exe
  2⤵
  PID:10088
- C:\Windows\System\fIhnqYD.exe
  C:\Windows\System\fIhnqYD.exe
  2⤵
  PID:10116
- C:\Windows\System\koXCPgt.exe
  C:\Windows\System\koXCPgt.exe
  2⤵
  PID:10148
- C:\Windows\System\rEKaUqk.exe
  C:\Windows\System\rEKaUqk.exe
  2⤵
  PID:10172
- C:\Windows\System\xjjNyLe.exe
  C:\Windows\System\xjjNyLe.exe
  2⤵
  PID:10212
- C:\Windows\System\abQOqtr.exe
  C:\Windows\System\abQOqtr.exe
  2⤵
  PID:9220
- C:\Windows\System\KEzSqxM.exe
  C:\Windows\System\KEzSqxM.exe
  2⤵
  PID:9296
- C:\Windows\System\KjPldnz.exe
  C:\Windows\System\KjPldnz.exe
  2⤵
  PID:9360
- C:\Windows\System\hvFjwXW.exe
  C:\Windows\System\hvFjwXW.exe
  2⤵
  PID:9448
- C:\Windows\System\kWzNbtZ.exe
  C:\Windows\System\kWzNbtZ.exe
  2⤵
  PID:9528
- C:\Windows\System\IZIPuLS.exe
  C:\Windows\System\IZIPuLS.exe
  2⤵
  PID:9648
- C:\Windows\System\djswmJC.exe
  C:\Windows\System\djswmJC.exe
  2⤵
  PID:9716
- C:\Windows\System\HDhKmIP.exe
  C:\Windows\System\HDhKmIP.exe
  2⤵
  PID:9820
- C:\Windows\System\pODkVEk.exe
  C:\Windows\System\pODkVEk.exe
  2⤵
  PID:9852
- C:\Windows\System\EYxRJYo.exe
  C:\Windows\System\EYxRJYo.exe
  2⤵
  PID:9928
- C:\Windows\System\hEmTYOo.exe
  C:\Windows\System\hEmTYOo.exe
  2⤵
  PID:9988
- C:\Windows\System\LaehYio.exe
  C:\Windows\System\LaehYio.exe
  2⤵
  PID:10024
- C:\Windows\System\GbhOFIU.exe
  C:\Windows\System\GbhOFIU.exe
  2⤵
  PID:10136
- C:\Windows\System\YbXGJyr.exe
  C:\Windows\System\YbXGJyr.exe
  2⤵
  PID:10232
- C:\Windows\System\lWkdjTp.exe
  C:\Windows\System\lWkdjTp.exe
  2⤵
  PID:9332
- C:\Windows\System\hsIEbfj.exe
  C:\Windows\System\hsIEbfj.exe
  2⤵
  PID:9272
- C:\Windows\System\kbTcYLN.exe
  C:\Windows\System\kbTcYLN.exe
  2⤵
  PID:9556
- C:\Windows\System\hgwPcIe.exe
  C:\Windows\System\hgwPcIe.exe
  2⤵
  PID:9756
- C:\Windows\System\gmvcHCn.exe
  C:\Windows\System\gmvcHCn.exe
  2⤵
  PID:9840
- C:\Windows\System\GofnSlr.exe
  C:\Windows\System\GofnSlr.exe
  2⤵
  PID:10032
- C:\Windows\System\gJyEdVi.exe
  C:\Windows\System\gJyEdVi.exe
  2⤵
  PID:10132
- C:\Windows\System\pASNhEP.exe
  C:\Windows\System\pASNhEP.exe
  2⤵
  PID:9504
- C:\Windows\System\znUjrUO.exe
  C:\Windows\System\znUjrUO.exe
  2⤵
  PID:9812
- C:\Windows\System\tBRSJvB.exe
  C:\Windows\System\tBRSJvB.exe
  2⤵
  PID:10196
- C:\Windows\System\UDFpmYP.exe
  C:\Windows\System\UDFpmYP.exe
  2⤵
  PID:9612
- C:\Windows\System\juLdZdu.exe
  C:\Windows\System\juLdZdu.exe
  2⤵
  PID:10192
- C:\Windows\System\ZbcgowX.exe
  C:\Windows\System\ZbcgowX.exe
  2⤵
  PID:10260
- C:\Windows\System\mfeRAYx.exe
  C:\Windows\System\mfeRAYx.exe
  2⤵
  PID:10292
- C:\Windows\System\AUGPokn.exe
  C:\Windows\System\AUGPokn.exe
  2⤵
  PID:10316
- C:\Windows\System\BitGLte.exe
  C:\Windows\System\BitGLte.exe
  2⤵
  PID:10344
- C:\Windows\System\NAHTUWs.exe
  C:\Windows\System\NAHTUWs.exe
  2⤵
  PID:10372
- C:\Windows\System\clvZstC.exe
  C:\Windows\System\clvZstC.exe
  2⤵
  PID:10404
- C:\Windows\System\VSjSPxX.exe
  C:\Windows\System\VSjSPxX.exe
  2⤵
  PID:10436
- C:\Windows\System\ORkWlER.exe
  C:\Windows\System\ORkWlER.exe
  2⤵
  PID:10456
- C:\Windows\System\sULcwdt.exe
  C:\Windows\System\sULcwdt.exe
  2⤵
  PID:10492
- C:\Windows\System\jmvqsnQ.exe
  C:\Windows\System\jmvqsnQ.exe
  2⤵
  PID:10524
- C:\Windows\System\ZvZXMst.exe
  C:\Windows\System\ZvZXMst.exe
  2⤵
  PID:10552
- C:\Windows\System\JxFYGRI.exe
  C:\Windows\System\JxFYGRI.exe
  2⤵
  PID:10576
- C:\Windows\System\VfbreHa.exe
  C:\Windows\System\VfbreHa.exe
  2⤵
  PID:10596
- C:\Windows\System\TvSdfDF.exe
  C:\Windows\System\TvSdfDF.exe
  2⤵
  PID:10624
- C:\Windows\System\RGwtgIL.exe
  C:\Windows\System\RGwtgIL.exe
  2⤵
  PID:10656
- C:\Windows\System\MJpROoU.exe
  C:\Windows\System\MJpROoU.exe
  2⤵
  PID:10680
- C:\Windows\System\hNSiJPk.exe
  C:\Windows\System\hNSiJPk.exe
  2⤵
  PID:10716
- C:\Windows\System\zhBVSjO.exe
  C:\Windows\System\zhBVSjO.exe
  2⤵
  PID:10736
- C:\Windows\System\ARJnotY.exe
  C:\Windows\System\ARJnotY.exe
  2⤵
  PID:10772
- C:\Windows\System\xIVSNlu.exe
  C:\Windows\System\xIVSNlu.exe
  2⤵
  PID:10804
- C:\Windows\System\aoZArAI.exe
  C:\Windows\System\aoZArAI.exe
  2⤵
  PID:10828
- C:\Windows\System\LSRNaAX.exe
  C:\Windows\System\LSRNaAX.exe
  2⤵
  PID:10860
- C:\Windows\System\wdnOHoY.exe
  C:\Windows\System\wdnOHoY.exe
  2⤵
  PID:10888
- C:\Windows\System\oOCPruj.exe
  C:\Windows\System\oOCPruj.exe
  2⤵
  PID:10916
- C:\Windows\System\sZMCAFB.exe
  C:\Windows\System\sZMCAFB.exe
  2⤵
  PID:10936
- C:\Windows\System\rZcLoOb.exe
  C:\Windows\System\rZcLoOb.exe
  2⤵
  PID:10972
- C:\Windows\System\KFiROqS.exe
  C:\Windows\System\KFiROqS.exe
  2⤵
  PID:10988
- C:\Windows\System\iQnbyGG.exe
  C:\Windows\System\iQnbyGG.exe
  2⤵
  PID:11004
- C:\Windows\System\FGVIhUU.exe
  C:\Windows\System\FGVIhUU.exe
  2⤵
  PID:11048
- C:\Windows\System\FwhCGZx.exe
  C:\Windows\System\FwhCGZx.exe
  2⤵
  PID:11080
- C:\Windows\System\XFJycJP.exe
  C:\Windows\System\XFJycJP.exe
  2⤵
  PID:11096
- C:\Windows\System\QHnFXZi.exe
  C:\Windows\System\QHnFXZi.exe
  2⤵
  PID:11128
- C:\Windows\System\zFeZcVO.exe
  C:\Windows\System\zFeZcVO.exe
  2⤵
  PID:11156
- C:\Windows\System\MJZQywO.exe
  C:\Windows\System\MJZQywO.exe
  2⤵
  PID:11184
- C:\Windows\System\NbrBHmP.exe
  C:\Windows\System\NbrBHmP.exe
  2⤵
  PID:11216
- C:\Windows\System\xJeYXBS.exe
  C:\Windows\System\xJeYXBS.exe
  2⤵
  PID:11248
- C:\Windows\System\KxJdsve.exe
  C:\Windows\System\KxJdsve.exe
  2⤵
  PID:10276
- C:\Windows\System\YsCbVmi.exe
  C:\Windows\System\YsCbVmi.exe
  2⤵
  PID:10304
- C:\Windows\System\uxIvwSN.exe
  C:\Windows\System\uxIvwSN.exe
  2⤵
  PID:10368
- C:\Windows\System\EfaFSOv.exe
  C:\Windows\System\EfaFSOv.exe
  2⤵
  PID:10508
- C:\Windows\System\TqODVfU.exe
  C:\Windows\System\TqODVfU.exe
  2⤵
  PID:10540
- C:\Windows\System\PlJEFWv.exe
  C:\Windows\System\PlJEFWv.exe
  2⤵
  PID:10616
- C:\Windows\System\CGKNFzU.exe
  C:\Windows\System\CGKNFzU.exe
  2⤵
  PID:10676
- C:\Windows\System\hkJqitw.exe
  C:\Windows\System\hkJqitw.exe
  2⤵
  PID:10732
- C:\Windows\System\JOxnUmf.exe
  C:\Windows\System\JOxnUmf.exe
  2⤵
  PID:10784
- C:\Windows\System\vzOfxqn.exe
  C:\Windows\System\vzOfxqn.exe
  2⤵
  PID:10852
- C:\Windows\System\GpOAIQf.exe
  C:\Windows\System\GpOAIQf.exe
  2⤵
  PID:10908
- C:\Windows\System\keaQRLI.exe
  C:\Windows\System\keaQRLI.exe
  2⤵
  PID:10984
- C:\Windows\System\zhbldFl.exe
  C:\Windows\System\zhbldFl.exe
  2⤵
  PID:11016
- C:\Windows\System\FwhXIIb.exe
  C:\Windows\System\FwhXIIb.exe
  2⤵
  PID:11104
- C:\Windows\System\zYSzWCD.exe
  C:\Windows\System\zYSzWCD.exe
  2⤵
  PID:11140
- C:\Windows\System\bjlmAlX.exe
  C:\Windows\System\bjlmAlX.exe
  2⤵
  PID:11212
- C:\Windows\System\omfJcIM.exe
  C:\Windows\System\omfJcIM.exe
  2⤵
  PID:10360
- C:\Windows\System\mqHaDSw.exe
  C:\Windows\System\mqHaDSw.exe
  2⤵
  PID:10520
- C:\Windows\System\ZIIMUEg.exe
  C:\Windows\System\ZIIMUEg.exe
  2⤵
  PID:10592
- C:\Windows\System\srvoPTb.exe
  C:\Windows\System\srvoPTb.exe
  2⤵
  PID:10752
- C:\Windows\System\oMMCGGV.exe
  C:\Windows\System\oMMCGGV.exe
  2⤵
  PID:10944
- C:\Windows\System\fLQidLP.exe
  C:\Windows\System\fLQidLP.exe
  2⤵
  PID:11072
- C:\Windows\System\BFKfJrb.exe
  C:\Windows\System\BFKfJrb.exe
  2⤵
  PID:10244
- C:\Windows\System\MldVQXi.exe
  C:\Windows\System\MldVQXi.exe
  2⤵
  PID:10568
- C:\Windows\System\VadXLol.exe
  C:\Windows\System\VadXLol.exe
  2⤵
  PID:10836
- C:\Windows\System\rLTjvVY.exe
  C:\Windows\System\rLTjvVY.exe
  2⤵
  PID:11196
- C:\Windows\System\WrIBHQu.exe
  C:\Windows\System\WrIBHQu.exe
  2⤵
  PID:11000
- C:\Windows\System\ofRBmCi.exe
  C:\Windows\System\ofRBmCi.exe
  2⤵
  PID:10300
- C:\Windows\System\dHPIUBV.exe
  C:\Windows\System\dHPIUBV.exe
  2⤵
  PID:11300
- C:\Windows\System\fbMTEGD.exe
  C:\Windows\System\fbMTEGD.exe
  2⤵
  PID:11320
- C:\Windows\System\zgsTKpT.exe
  C:\Windows\System\zgsTKpT.exe
  2⤵
  PID:11348
- C:\Windows\System\JgmZDsa.exe
  C:\Windows\System\JgmZDsa.exe
  2⤵
  PID:11388
- C:\Windows\System\OozfQbk.exe
  C:\Windows\System\OozfQbk.exe
  2⤵
  PID:11416
- C:\Windows\System\kjxcvxq.exe
  C:\Windows\System\kjxcvxq.exe
  2⤵
  PID:11444
- C:\Windows\System\anXhwsm.exe
  C:\Windows\System\anXhwsm.exe
  2⤵
  PID:11460
- C:\Windows\System\QmKPzjo.exe
  C:\Windows\System\QmKPzjo.exe
  2⤵
  PID:11488
- C:\Windows\System\MuOJYIT.exe
  C:\Windows\System\MuOJYIT.exe
  2⤵
  PID:11516
- C:\Windows\System\QvMbYqI.exe
  C:\Windows\System\QvMbYqI.exe
  2⤵
  PID:11560
- C:\Windows\System\TfFvODe.exe
  C:\Windows\System\TfFvODe.exe
  2⤵
  PID:11584
- C:\Windows\System\waraVPb.exe
  C:\Windows\System\waraVPb.exe
  2⤵
  PID:11620
- C:\Windows\System\aAukSTo.exe
  C:\Windows\System\aAukSTo.exe
  2⤵
  PID:11652
- C:\Windows\System\cpzNFwD.exe
  C:\Windows\System\cpzNFwD.exe
  2⤵
  PID:11672
- C:\Windows\System\xxFevJt.exe
  C:\Windows\System\xxFevJt.exe
  2⤵
  PID:11696
- C:\Windows\System\PDUhicy.exe
  C:\Windows\System\PDUhicy.exe
  2⤵
  PID:11728
- C:\Windows\System\aPZBnYH.exe
  C:\Windows\System\aPZBnYH.exe
  2⤵
  PID:11756
- C:\Windows\System\RlgMpMu.exe
  C:\Windows\System\RlgMpMu.exe
  2⤵
  PID:11792
- C:\Windows\System\qHhPeKo.exe
  C:\Windows\System\qHhPeKo.exe
  2⤵
  PID:11828
- C:\Windows\System\sFROluh.exe
  C:\Windows\System\sFROluh.exe
  2⤵
  PID:11860
- C:\Windows\System\wTpNXSg.exe
  C:\Windows\System\wTpNXSg.exe
  2⤵
  PID:11880
- C:\Windows\System\rEbwrID.exe
  C:\Windows\System\rEbwrID.exe
  2⤵
  PID:11900
- C:\Windows\System\DgVOeAF.exe
  C:\Windows\System\DgVOeAF.exe
  2⤵
  PID:11948
- C:\Windows\System\YPBWjYn.exe
  C:\Windows\System\YPBWjYn.exe
  2⤵
  PID:11992
- C:\Windows\System\yOZkmpU.exe
  C:\Windows\System\yOZkmpU.exe
  2⤵
  PID:12016
- C:\Windows\System\enDSvop.exe
  C:\Windows\System\enDSvop.exe
  2⤵
  PID:12040
- C:\Windows\System\qNjwLxl.exe
  C:\Windows\System\qNjwLxl.exe
  2⤵
  PID:12068
- C:\Windows\System\bLSecZz.exe
  C:\Windows\System\bLSecZz.exe
  2⤵
  PID:12096
- C:\Windows\System\kLyaLGn.exe
  C:\Windows\System\kLyaLGn.exe
  2⤵
  PID:12128
- C:\Windows\System\QJHizPt.exe
  C:\Windows\System\QJHizPt.exe
  2⤵
  PID:12164
- C:\Windows\System\IhiCuSa.exe
  C:\Windows\System\IhiCuSa.exe
  2⤵
  PID:12192
- C:\Windows\System\UMldImh.exe
  C:\Windows\System\UMldImh.exe
  2⤵
  PID:12224
- C:\Windows\System\TlAhEIw.exe
  C:\Windows\System\TlAhEIw.exe
  2⤵
  PID:12264
- C:\Windows\System\OLPPQJM.exe
  C:\Windows\System\OLPPQJM.exe
  2⤵
  PID:11276
- C:\Windows\System\dMAXjFb.exe
  C:\Windows\System\dMAXjFb.exe
  2⤵
  PID:11308
- C:\Windows\System\mvOswFG.exe
  C:\Windows\System\mvOswFG.exe
  2⤵
  PID:11360
- C:\Windows\System\KprBjsB.exe
  C:\Windows\System\KprBjsB.exe
  2⤵
  PID:11480
- C:\Windows\System\naSDGwN.exe
  C:\Windows\System\naSDGwN.exe
  2⤵
  PID:11528
- C:\Windows\System\tQdlzRJ.exe
  C:\Windows\System\tQdlzRJ.exe
  2⤵
  PID:11640
- C:\Windows\System\TWHMvQn.exe
  C:\Windows\System\TWHMvQn.exe
  2⤵
  PID:11748
- C:\Windows\System\tHWrXJL.exe
  C:\Windows\System\tHWrXJL.exe
  2⤵
  PID:11712
- C:\Windows\System\eevkBZh.exe
  C:\Windows\System\eevkBZh.exe
  2⤵
  PID:11868
- C:\Windows\System\fhzhSHz.exe
  C:\Windows\System\fhzhSHz.exe
  2⤵
  PID:11928
- C:\Windows\System\rIjgkfJ.exe
  C:\Windows\System\rIjgkfJ.exe
  2⤵
  PID:11988
- C:\Windows\System\HBESGRu.exe
  C:\Windows\System\HBESGRu.exe
  2⤵
  PID:11592
- C:\Windows\System\rVQOaPG.exe
  C:\Windows\System\rVQOaPG.exe
  2⤵
  PID:12204
- C:\Windows\System\qgGORHB.exe
  C:\Windows\System\qgGORHB.exe
  2⤵
  PID:12220
- C:\Windows\System\yMrXgbF.exe
  C:\Windows\System\yMrXgbF.exe
  2⤵
  PID:11372
- C:\Windows\System\szBJHkX.exe
  C:\Windows\System\szBJHkX.exe
  2⤵
  PID:11548
- C:\Windows\System\giTFoLq.exe
  C:\Windows\System\giTFoLq.exe
  2⤵
  PID:11604
- C:\Windows\System\mLGGuqv.exe
  C:\Windows\System\mLGGuqv.exe
  2⤵
  PID:11912
- C:\Windows\System\zxDPwTe.exe
  C:\Windows\System\zxDPwTe.exe
  2⤵
  PID:12120
- C:\Windows\System\ltsaNHu.exe
  C:\Windows\System\ltsaNHu.exe
  2⤵
  PID:12256
- C:\Windows\System\KVTaZfw.exe
  C:\Windows\System\KVTaZfw.exe
  2⤵
  PID:11544
- C:\Windows\System\ONuXpMG.exe
  C:\Windows\System\ONuXpMG.exe
  2⤵
  PID:12012
- C:\Windows\System\YdeZJrI.exe
  C:\Windows\System\YdeZJrI.exe
  2⤵
  PID:12304
- C:\Windows\System\vfRLqJK.exe
  C:\Windows\System\vfRLqJK.exe
  2⤵
  PID:12320
- C:\Windows\System\MhECUOP.exe
  C:\Windows\System\MhECUOP.exe
  2⤵
  PID:12340
- C:\Windows\System\gRhOWWB.exe
  C:\Windows\System\gRhOWWB.exe
  2⤵
  PID:12364
- C:\Windows\System\jLUHMSl.exe
  C:\Windows\System\jLUHMSl.exe
  2⤵
  PID:12384
- C:\Windows\System\FsxALNg.exe
  C:\Windows\System\FsxALNg.exe
  2⤵
  PID:12408
- C:\Windows\System\IrNLmzw.exe
  C:\Windows\System\IrNLmzw.exe
  2⤵
  PID:12436
- C:\Windows\System\TQAadrB.exe
  C:\Windows\System\TQAadrB.exe
  2⤵
  PID:12472
- C:\Windows\System\GIgVOzi.exe
  C:\Windows\System\GIgVOzi.exe
  2⤵
  PID:12504
- C:\Windows\System\loDVJtD.exe
  C:\Windows\System\loDVJtD.exe
  2⤵
  PID:12524
- C:\Windows\System\SWVpIye.exe
  C:\Windows\System\SWVpIye.exe
  2⤵
  PID:12556
- C:\Windows\System\HIknRfk.exe
  C:\Windows\System\HIknRfk.exe
  2⤵
  PID:12588
- C:\Windows\System\meAaNCS.exe
  C:\Windows\System\meAaNCS.exe
  2⤵
  PID:12624
- C:\Windows\System\pgmvfdV.exe
  C:\Windows\System\pgmvfdV.exe
  2⤵
  PID:12688
- C:\Windows\System\LZLVUBs.exe
  C:\Windows\System\LZLVUBs.exe
  2⤵
  PID:12720
- C:\Windows\System\npMXxjg.exe
  C:\Windows\System\npMXxjg.exe
  2⤵
  PID:12752
- C:\Windows\System\IjrwOvA.exe
  C:\Windows\System\IjrwOvA.exe
  2⤵
  PID:12772
- C:\Windows\System\fqfwcSb.exe
  C:\Windows\System\fqfwcSb.exe
  2⤵
  PID:12800
- C:\Windows\System\qIHYbPU.exe
  C:\Windows\System\qIHYbPU.exe
  2⤵
  PID:12828
- C:\Windows\System\ydkzjXM.exe
  C:\Windows\System\ydkzjXM.exe
  2⤵
  PID:12856
- C:\Windows\System\IYKmuhF.exe
  C:\Windows\System\IYKmuhF.exe
  2⤵
  PID:12896
- C:\Windows\System\RYZZiYH.exe
  C:\Windows\System\RYZZiYH.exe
  2⤵
  PID:12924
- C:\Windows\System\utZjoJD.exe
  C:\Windows\System\utZjoJD.exe
  2⤵
  PID:12948
- C:\Windows\System\lWvFhum.exe
  C:\Windows\System\lWvFhum.exe
  2⤵
  PID:12972
- C:\Windows\System\vBqghxx.exe
  C:\Windows\System\vBqghxx.exe
  2⤵
  PID:13008
- C:\Windows\System\jtduFMV.exe
  C:\Windows\System\jtduFMV.exe
  2⤵
  PID:13028
- C:\Windows\System\erJoTWe.exe
  C:\Windows\System\erJoTWe.exe
  2⤵
  PID:13068
- C:\Windows\System\NQgjcZk.exe
  C:\Windows\System\NQgjcZk.exe
  2⤵
  PID:13104
- C:\Windows\System\XnthGBv.exe
  C:\Windows\System\XnthGBv.exe
  2⤵
  PID:13128
- C:\Windows\System\zeoRcNe.exe
  C:\Windows\System\zeoRcNe.exe
  2⤵
  PID:13144
- C:\Windows\System\zwxwpEi.exe
  C:\Windows\System\zwxwpEi.exe
  2⤵
  PID:13188
- C:\Windows\System\OELYikY.exe
  C:\Windows\System\OELYikY.exe
  2⤵
  PID:13204
- C:\Windows\System\JHShELA.exe
  C:\Windows\System\JHShELA.exe
  2⤵
  PID:13224
- C:\Windows\System\nDrgNQu.exe
  C:\Windows\System\nDrgNQu.exe
  2⤵
  PID:13260
- C:\Windows\System\eIYapQz.exe
  C:\Windows\System\eIYapQz.exe
  2⤵
  PID:13296
- C:\Windows\System\wlAbzQV.exe
  C:\Windows\System\wlAbzQV.exe
  2⤵
  PID:11292
- C:\Windows\System\wEurffv.exe
  C:\Windows\System\wEurffv.exe
  2⤵
  PID:12360
- C:\Windows\System\kPpJJmP.exe
  C:\Windows\System\kPpJJmP.exe
  2⤵
  PID:12352
- C:\Windows\System\DjaFdkf.exe
  C:\Windows\System\DjaFdkf.exe
  2⤵
  PID:12484
- C:\Windows\System\hLUFoan.exe
  C:\Windows\System\hLUFoan.exe
  2⤵
  PID:12396
- C:\Windows\System\ZhOtYFc.exe
  C:\Windows\System\ZhOtYFc.exe
  2⤵
  PID:12568
- C:\Windows\System\HjdgSiB.exe
  C:\Windows\System\HjdgSiB.exe
  2⤵
  PID:12708
- C:\Windows\System\erGniEI.exe
  C:\Windows\System\erGniEI.exe
  2⤵
  PID:12684
- C:\Windows\System\GpIBXyU.exe
  C:\Windows\System\GpIBXyU.exe
  2⤵
  PID:12788
- C:\Windows\System\GCSPahF.exe
  C:\Windows\System\GCSPahF.exe
  2⤵
  PID:12824
- C:\Windows\System\ndPcjik.exe
  C:\Windows\System\ndPcjik.exe
  2⤵
  PID:12848
- C:\Windows\System\CdCCoVX.exe
  C:\Windows\System\CdCCoVX.exe
  2⤵
  PID:12936
- C:\Windows\System\MFSSPjU.exe
  C:\Windows\System\MFSSPjU.exe
  2⤵
  PID:12992
- C:\Windows\System\TEwnbTA.exe
  C:\Windows\System\TEwnbTA.exe
  2⤵
  PID:13116
- C:\Windows\System\FpXhLXt.exe
  C:\Windows\System\FpXhLXt.exe
  2⤵
  PID:13160
- C:\Windows\System\AmQdYCA.exe
  C:\Windows\System\AmQdYCA.exe
  2⤵
  PID:13236
- C:\Windows\System\hbDyQIL.exe
  C:\Windows\System\hbDyQIL.exe
  2⤵
  PID:13248
- C:\Windows\System\TwebEAQ.exe
  C:\Windows\System\TwebEAQ.exe
  2⤵
  PID:12356
- C:\Windows\System\jKGRHhF.exe
  C:\Windows\System\jKGRHhF.exe
  2⤵
  PID:12496
- C:\Windows\System\mraLwzc.exe
  C:\Windows\System\mraLwzc.exe
  2⤵
  PID:12620
- C:\Windows\System\ihCuLRx.exe
  C:\Windows\System\ihCuLRx.exe
  2⤵
  PID:12764
- C:\Windows\System\upxTcom.exe
  C:\Windows\System\upxTcom.exe
  2⤵
  PID:12820
- C:\Windows\System\MdngiCp.exe
  C:\Windows\System\MdngiCp.exe
  2⤵
  PID:13036
- C:\Windows\System\BSALwcD.exe
  C:\Windows\System\BSALwcD.exe
  2⤵
  PID:13200
- C:\Windows\System\TmsAqrr.exe
  C:\Windows\System\TmsAqrr.exe
  2⤵
  PID:11368
- C:\Windows\System\mHpDadb.exe
  C:\Windows\System\mHpDadb.exe
  2⤵
  PID:12700
- C:\Windows\System\vLATNWe.exe
  C:\Windows\System\vLATNWe.exe
  2⤵
  PID:12608
- C:\Windows\System\OiooIYn.exe
  C:\Windows\System\OiooIYn.exe
  2⤵
  PID:13080
- C:\Windows\System\LsQhsjr.exe
  C:\Windows\System\LsQhsjr.exe
  2⤵
  PID:12432
- C:\Windows\System\iniWzMB.exe
  C:\Windows\System\iniWzMB.exe
  2⤵
  PID:13340
- C:\Windows\System\NnHeYYV.exe
  C:\Windows\System\NnHeYYV.exe
  2⤵
  PID:13364
- C:\Windows\System\IqTaeqv.exe
  C:\Windows\System\IqTaeqv.exe
  2⤵
  PID:13392
- C:\Windows\System\QMfGWyv.exe
  C:\Windows\System\QMfGWyv.exe
  2⤵
  PID:13420
- C:\Windows\System\GasuKPV.exe
  C:\Windows\System\GasuKPV.exe
  2⤵
  PID:13448
- C:\Windows\System\eyrZWPc.exe
  C:\Windows\System\eyrZWPc.exe
  2⤵
  PID:13492
- C:\Windows\System\NvNgjfQ.exe
  C:\Windows\System\NvNgjfQ.exe
  2⤵
  PID:13532
- C:\Windows\System\oyUWQZi.exe
  C:\Windows\System\oyUWQZi.exe
  2⤵
  PID:13560
- C:\Windows\System\ajfKLik.exe
  C:\Windows\System\ajfKLik.exe
  2⤵
  PID:13588
- C:\Windows\System\puzNQBX.exe
  C:\Windows\System\puzNQBX.exe
  2⤵
  PID:13608
- C:\Windows\System\WYczoLS.exe
  C:\Windows\System\WYczoLS.exe
  2⤵
  PID:13628
- C:\Windows\System\BGvHGyJ.exe
  C:\Windows\System\BGvHGyJ.exe
  2⤵
  PID:13656
- C:\Windows\System\Kibiwzn.exe
  C:\Windows\System\Kibiwzn.exe
  2⤵
  PID:13688
- C:\Windows\System\tPvmGsz.exe
  C:\Windows\System\tPvmGsz.exe
  2⤵
  PID:13716
- C:\Windows\System\BdBFvcl.exe
  C:\Windows\System\BdBFvcl.exe
  2⤵
  PID:13748
- C:\Windows\System\PAKilNc.exe
  C:\Windows\System\PAKilNc.exe
  2⤵
  PID:13784
- C:\Windows\System\RquhoJF.exe
  C:\Windows\System\RquhoJF.exe
  2⤵
  PID:13816
- C:\Windows\System\VSEuHvv.exe
  C:\Windows\System\VSEuHvv.exe
  2⤵
  PID:13844
- C:\Windows\System\aQiYLcJ.exe
  C:\Windows\System\aQiYLcJ.exe
  2⤵
  PID:13876
- C:\Windows\System\DPpMkFa.exe
  C:\Windows\System\DPpMkFa.exe
  2⤵
  PID:13896
- C:\Windows\System\SARJFxl.exe
  C:\Windows\System\SARJFxl.exe
  2⤵
  PID:13928
- C:\Windows\System\ZnKyeqv.exe
  C:\Windows\System\ZnKyeqv.exe
  2⤵
  PID:13968
- C:\Windows\System\ymfXKga.exe
  C:\Windows\System\ymfXKga.exe
  2⤵
  PID:13992
- C:\Windows\System\VjuLIyt.exe
  C:\Windows\System\VjuLIyt.exe
  2⤵
  PID:14008
- C:\Windows\System\eVyjMrU.exe
  C:\Windows\System\eVyjMrU.exe
  2⤵
  PID:14040
- C:\Windows\System\nANhuEG.exe
  C:\Windows\System\nANhuEG.exe
  2⤵
  PID:14064
- C:\Windows\System\fNlkYdm.exe
  C:\Windows\System\fNlkYdm.exe
  2⤵
  PID:14092
- C:\Windows\System\PZpLOUA.exe
  C:\Windows\System\PZpLOUA.exe
  2⤵
  PID:14116
- C:\Windows\System\ypiuBcM.exe
  C:\Windows\System\ypiuBcM.exe
  2⤵
  PID:14144
- C:\Windows\System\EYZugSD.exe
  C:\Windows\System\EYZugSD.exe
  2⤵
  PID:14180
- C:\Windows\System\Ctwkeuo.exe
  C:\Windows\System\Ctwkeuo.exe
  2⤵
  PID:14212
- C:\Windows\System\JdOwsza.exe
  C:\Windows\System\JdOwsza.exe
  2⤵
  PID:14232
- C:\Windows\System\gSWgwDi.exe
  C:\Windows\System\gSWgwDi.exe
  2⤵
  PID:14248
- C:\Windows\System\zCFhedz.exe
  C:\Windows\System\zCFhedz.exe
  2⤵
  PID:14268
- C:\Windows\System\FdEdnZO.exe
  C:\Windows\System\FdEdnZO.exe
  2⤵
  PID:14300
- C:\Windows\System\vfnHPVy.exe
  C:\Windows\System\vfnHPVy.exe
  2⤵
  PID:14324
- C:\Windows\System\dyGCjAB.exe
  C:\Windows\System\dyGCjAB.exe
  2⤵
  PID:13352
- C:\Windows\System\WhzIGbc.exe
  C:\Windows\System\WhzIGbc.exe
  2⤵
  PID:2484
- C:\Windows\System\CPONtsU.exe
  C:\Windows\System\CPONtsU.exe
  2⤵
  PID:13336
- C:\Windows\System\qVTOZaL.exe
  C:\Windows\System\qVTOZaL.exe
  2⤵
  PID:13508
- C:\Windows\System\bAeOloD.exe
  C:\Windows\System\bAeOloD.exe
  2⤵
  PID:13548
- C:\Windows\System\WVQpSjs.exe
  C:\Windows\System\WVQpSjs.exe
  2⤵
  PID:13644
- C:\Windows\System\HvFHHfc.exe
  C:\Windows\System\HvFHHfc.exe
  2⤵
  PID:13740
- C:\Windows\System\JaGjvwm.exe
  C:\Windows\System\JaGjvwm.exe
  2⤵
  PID:13732
- C:\Windows\System\FOjvuom.exe
  C:\Windows\System\FOjvuom.exe
  2⤵
  PID:13800
- C:\Windows\System\HjykeWc.exe
  C:\Windows\System\HjykeWc.exe
  2⤵
  PID:13864
- C:\Windows\System\pljyvlD.exe
  C:\Windows\System\pljyvlD.exe
  2⤵
  PID:13872
- C:\Windows\System\KiYomNK.exe
  C:\Windows\System\KiYomNK.exe
  2⤵
  PID:13984
- C:\Windows\System\llKrnTN.exe
  C:\Windows\System\llKrnTN.exe
  2⤵
  PID:14080
- C:\Windows\System\GoRKErR.exe
  C:\Windows\System\GoRKErR.exe
  2⤵
  PID:14136
- C:\Windows\System\OxUaXJb.exe
  C:\Windows\System\OxUaXJb.exe
  2⤵
  PID:14168
- C:\Windows\System\NciuAGk.exe
  C:\Windows\System\NciuAGk.exe
  2⤵
  PID:14256
- C:\Windows\System\MzFANkZ.exe
  C:\Windows\System\MzFANkZ.exe
  2⤵
  PID:13220
- C:\Windows\System\gfeAFGV.exe
  C:\Windows\System\gfeAFGV.exe
  2⤵
  PID:13404
- C:\Windows\System\wvNGpuR.exe
  C:\Windows\System\wvNGpuR.exe
  2⤵
  PID:13544
- C:\Windows\System\OzHQXjn.exe
  C:\Windows\System\OzHQXjn.exe
  2⤵
  PID:13712
- C:\Windows\System\DlTKnzo.exe
  C:\Windows\System\DlTKnzo.exe
  2⤵
  PID:13860
- C:\Windows\System\MNdYgSV.exe
  C:\Windows\System\MNdYgSV.exe
  2⤵
  PID:13980
- C:\Windows\System\wpXNftI.exe
  C:\Windows\System\wpXNftI.exe
  2⤵
  PID:14176
- C:\Windows\System\BQZKFMY.exe
  C:\Windows\System\BQZKFMY.exe
  2⤵
  PID:3504
- C:\Windows\System\ZOUhGdb.exe
  C:\Windows\System\ZOUhGdb.exe
  2⤵
  PID:13444
- C:\Windows\System\TMrIxji.exe
  C:\Windows\System\TMrIxji.exe
  2⤵
  PID:12808
- C:\Windows\System\JTBoxJw.exe
  C:\Windows\System\JTBoxJw.exe
  2⤵
  PID:14156

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BRGWuZk.exe

Filesize
2.5MB

MD5
ecdbf7a4c517305eb5533e8cabaef9a7

SHA1
e492dd565f29020982258ff5a8979564cd96641d

SHA256
179ee79df1170fbdddf79a2fdab991c5d794d876bffe32b52705de1298e1f332

SHA512
32329e3156058c01a4ab4139b5d05a327027a6b41cf3bdce4b6f60a095f4613cbfd40b1fc4c08c8ad5e1026393bd55929825cfe50158d29ed3d1588a280ed76f

Download Submit
C:\Windows\System\CjKaxFK.exe

Filesize
2.5MB

MD5
974b48d5565d75756dcfb635dd0032d3

SHA1
42c319fd1d451018afac2da3a956993fd79e2a73

SHA256
33d9c2e3e26a49c0120858384839561feb99b6177c678327bc1bafc8f39f4889

SHA512
ccf53d49b36a3f3141f0b84aa30ddcc50b7cbb1ac807d0e91223632a1420e6f5e739a56b5fc2083a29a210b09c09c58fc3793260d03859a2e38d9fe5821a2069

Download Submit
C:\Windows\System\FqIyXfQ.exe

Filesize
2.5MB

MD5
cd53bb33d0ce9318d4c0fcf48a95fdc2

SHA1
7d7f0ebb544e47cbde1a2d299689985a11b1e79a

SHA256
ef385e0b41007c051208ad9621b1e82f0b3dccf97e50849e3ce150015247deaa

SHA512
e53f760abcfb0954f7ba25be63603c0688c9d7af93a89f3a8d10f4b922a41871be8447fa1c0cb2403d0b5c39439df5e01ed93452299c35b6caed5a1ec328f6cd

Download Submit
C:\Windows\System\HZWsrVC.exe

Filesize
2.5MB

MD5
776fb565bb008a106a74022a6dde6d35

SHA1
947f3c7cc6fa9863bd129c56a025163f73a13e5f

SHA256
aa75b38a013d67765a054fa6398a040f4ed4b7c3caffcc3ee0cbe87a68410ec1

SHA512
32ab15722b274fa299802bf5cde1ccfccb3f8f8907a5ea849d59a69e76b57d9d297a6e0ebef0cf92d8ea9078f975fa486d57e310a37952ff6ea3ad299f1b6b08

Download Submit
C:\Windows\System\InQvLCN.exe

Filesize
2.5MB

MD5
aa133141759bb1a12dade59544f176e2

SHA1
46a24ea3409da9d15d0ad9dc796afaec43b42830

SHA256
afab64ed33944a05b7fda04539e05892616de55db6aa7f697f919950504a99cc

SHA512
67a95783069124b66f9156d88bcb94e85308aae380cd0512dd084ac0c3e8cdc3365d1aaf5a9b7fb887b71bced9d252c40510cc65cc1072557fbd12932782b295

Download Submit
C:\Windows\System\LIyBqGT.exe

Filesize
2.5MB

MD5
51ee9d2e624a3d9709e15fd0a16aea3b

SHA1
9d495400e718cfc9e85d3353173db1f39bd3f27f

SHA256
0fc46197007a310b16e80c6d6dcd66265c72124df35dec327651fa495b77fb7b

SHA512
174c41b9b986dcc5f1f5c911f2013076837a9cb7c6d1c285dd72e2fbcc84c53c108c86aafa2fa401fa98c3354604645ecab2cb0061028719cf710f4c46427db9

Download Submit
C:\Windows\System\OueXvNv.exe

Filesize
2.5MB

MD5
100cdd738b2dcbb279b2d40d95f0ede1

SHA1
ae61ce2c74344188cfda9ee5d06465c6694045f8

SHA256
dbb898878a14f63976cc0c5d56c41810c828b22bd1c185c6e9846d3fc7056e2c

SHA512
00752f59a041f6b6b509c13d53714f7039dbb801cf27751d08f67d04343bfbe21cf41da2fd81906d0e6ef193383619f383e0639103b3f1f49830f6b157a42056

Download Submit
C:\Windows\System\PePVVcV.exe

Filesize
2.5MB

MD5
1ef956d367db0eb6f4a130e661555694

SHA1
f278d24720efd1930ebce104ab0c6a0331e573b8

SHA256
d92a644f104d439d1db32e255a43a45ea6dd8b3dc894b83de880af7798eb303e

SHA512
cf557424d8a0282854bcfef614843d4aaa644c8960c322334903edac472cdc637b19ffb0f561d06ffa4f7b496969308cbfac32c9dab7c309b05515a92439412e

Download Submit
C:\Windows\System\QBIxcLy.exe

Filesize
2.5MB

MD5
f0f75d926d92d03170d4c27bbead6c9c

SHA1
607dd41c6c84f90209943475275d62fe5f98e130

SHA256
6d6b7344f2f256a05040b70ee59068689c93272e6cc39fe60b607e1582564670

SHA512
e78f2577f5fd263674ff28e79404edd2472712d8794db01c17e8548aee2d7f7e784d5a20812f68d0320537e88424894764582a01b3c82453c68b082405bd74e0

Download Submit
C:\Windows\System\SIQUdFe.exe

Filesize
2.5MB

MD5
f78113d6f13330b0c15a6cb2cf2916a2

SHA1
e2e21f491ce76307c5602dc3fef59bfa3ee9f46f

SHA256
efe9d467c8f540c512462cf63e4b132978cb8fd7642509ec23fa0633f5b2073d

SHA512
170b4863fb894aff02a5744af50637b7e7a3cf730cb5e2a6083abf6bc97af05304e3a89a490397a01daa7c16fc8e6cc30f7012af0fdd710ce38081eeecede622

Download Submit
C:\Windows\System\TdOpnQM.exe

Filesize
2.5MB

MD5
0237ff1b045c5aafcaff0f83bb2a3380

SHA1
f45d6c2d363c9e6e901d4e6e840838b1200131f9

SHA256
6ebe6b3311b74523ae296fdb8ef9cd7097732f2810ccd1e32700cf6e0ae01556

SHA512
985cf448454a93b911e4fcf573fb7a51922709058de1a6e129c383420d1f00b9fc70bf491d84465da70c45390525d0dac4d02902b82ad2a7dcece05dd0dee09e

Download Submit
C:\Windows\System\TxAZQuz.exe

Filesize
2.5MB

MD5
ae61d9aea468b3db253b32e545437477

SHA1
58e0d42ffe9f5e1d6c994cd0c7d9cdc6a0f0eabc

SHA256
7d1613a2dac9314981b164f3acffca0cfb7c4d43ceb03ff1d24ed8f654bd23d8

SHA512
3e957afa4eaae8e58b164271ddea0f4563c2a7d2fef490768874d19a57cdae8f43ee2d3cc2cf1353a8cb2f2dd0b65d91a882707cdb242eae14d7a04982ca1556

Download Submit
C:\Windows\System\UeluHGh.exe

Filesize
2.5MB

MD5
2ddcf39ccac493afacfc1db05bbf37af

SHA1
1f8f9337d0e659cb1c4bcc5c3818070118b9c476

SHA256
59ac390b88ea547cdde700382bae56044e500e23c8890fee76afe588f40958fd

SHA512
4d5fe536334e6f487521cc92b09f1ccbe98b1e6aafff55d486c7ca01b351e7c4f7c9e895efbaacdd09983a183aea239f197a5a5b70ab217e23bd69abb52964c5

Download Submit
C:\Windows\System\UmjsXWJ.exe

Filesize
2.5MB

MD5
6de9c05342ff153bd8d7d30ee9044424

SHA1
a2e6a35598c9cb2ef30b3380a73c539a6959111c

SHA256
f850855a195a8fafc371d07e4c20ff044144492d68f8b15c0d99b3267a577341

SHA512
b112b3f8ce5ea2bddb5bc9b4b1cea91783a1f6bf85912073b48268983379481f1709e3d0c8ade896fc02e868e05e112779340b5f3fd16033ccecd9c94ecd910a

Download Submit
C:\Windows\System\UqHUtAz.exe

Filesize
2.5MB

MD5
1a23c8591d8c28f2b19ef9dce2741b86

SHA1
b3f4ef9e46b1505ecd1be1dceabfb6bb8f64a22e

SHA256
b6f49b1a509cb8287220da98625e5ecf7e972b051f3331c458ef57f911c0db3a

SHA512
a938c115ff6da46c05dfb44f053674aae20ba1cacc16edbf02fbac3a2df3d45c2870840b5a2fb59abc9b7d18c70f4ea98d2a1e480f6e4495825437c725a2b95a

Download Submit
C:\Windows\System\UsFXDfn.exe

Filesize
2.5MB

MD5
23a7b2b3836c6e92983fc5e53a56a2de

SHA1
146d7332d3df18efd529012ba2c3202906e3f91b

SHA256
0b21e419b573defa478534c97aabc8b57aedb76341ca0565d434b81a40845852

SHA512
4f7f35642beab2f9763a4812ad46099fcc4cd11c28519971a76731a6d9e5f68371b5b531a1bec79ac091c910e5019cc52b14078ffea1edee52da972c6d003f9d

Download Submit
C:\Windows\System\VBMUumg.exe

Filesize
2.5MB

MD5
c1b8968991de0d8a7918362bc448d5f2

SHA1
cbabe927fa3b7209487b7f8e141d5d2496294161

SHA256
f2d3c0412766ae76fad0800f71bfa8508f460cc81e18a47b9a4889f3cec4f44f

SHA512
9b4ccfc2b87f3ada59ba6e2406cf646da81d6cf4d7811d78bb7d308bebace8f151490ab0739a389e0711331b580d9d1af400c2f031cde8be40b6db2c2588f5ec

Download Submit
C:\Windows\System\VOoiDmG.exe

Filesize
2.5MB

MD5
9048d5a2c7290eac8dd006ecf08efe00

SHA1
d91b10ad95d0ff8a95117306fc56fbcecf5d5eb4

SHA256
b177304c47a32e1c807b5c8ea7857a4b176b869ffb4a0c8e9d8f8467e14305c1

SHA512
6c73c8ad1643ec6fe6a7c811813fbdf3a2d3ae309123b450ea61b084e6a4faac4daf2691edd40ba2d7340bbd6755722340554522378fb04c4219980a76f30e83

Download Submit
C:\Windows\System\VfpNjcO.exe

Filesize
2.5MB

MD5
0c4fb85f5d643804828fbb804622bc1a

SHA1
8aa2670a2821fbce33332a9bab9b61738323a3ce

SHA256
772d71800aac076483e435a1e21b6fa15d760fb3f4b80b5d95e44a0b02c8baf5

SHA512
d4c9a7b73dd9741d21c54279a790400db5fae982ef4d4c6ef5205a8cf5dacb74995c6c6abe3ce1fb592ff3480cc86676879e600134df87de4fc7c3f7d5ab8f42

Download Submit
C:\Windows\System\WBnbAnP.exe

Filesize
2.5MB

MD5
1d4fa3a20e808c072277237414b6e04a

SHA1
e939a7e05e5c8f44cb9b078f84fc8f2cc1f01a7a

SHA256
300b2ed9f3dbc80f289f98e231dd22b8f27688c7e9579f005cf4d5f18a7cf231

SHA512
2f5fd04e6e14b3be91d4f0e599588d55e1f9fa0f79e201895bbcaac984409cc44f2dd81c4deef3e176f8e2361080170cd5518a0cac659fc6e003e9ade949eb66

Download Submit
C:\Windows\System\XGURMnA.exe

Filesize
2.5MB

MD5
30a0431627cd8e0dc3c4ba7e5cf04158

SHA1
9fb939ccf25c89b177d67f41bedc0849d963a284

SHA256
8ed4f8e336cf2e6b83261d5f7dec66d97b5fb7ccd966533a32658d149fb33fc3

SHA512
2ca2c4cf5c03df1f10bc12b2e427e119274e4e6d0de127174f74f91725f970af95fc18f9b3ccf9c7a877b8a8b13559353a75f4ad2da820ae30830c6a03f60581

Download Submit
C:\Windows\System\XrGOrwH.exe

Filesize
2.5MB

MD5
74e83c5d3de744bddf9cb40a675f7097

SHA1
82ae553d889afba171e2adb6f31ce57cd20460f6

SHA256
96b652f4f56bd8228db9cb9ded19882df333f955a2f833e646cac13eaa4265c4

SHA512
ebfed42103d174cfd89104cf7d7775085151815fa2a053c9ce47418573608c1f1d5fe3ba7a1b7de5c466ebff0b4d1df0879d57a9d014f84589bf9e9242f57d39

Download Submit
C:\Windows\System\ZGLfQKE.exe

Filesize
2.5MB

MD5
4777c6144066df8363104ac4cfa12ede

SHA1
687207470c60aa3077809818c3bbda5b0a0d39f8

SHA256
b054a3dbf7ed8e7a2d47b440c791ea0f34d399fa36239e4f5e3a65b32ea60f76

SHA512
886c43977a9230b65ded4cc869a4b440e4c4a1ab07c05fd452d333e5c43bf52db7c4be989996f736e8f4b7f9c5b53049fa26d51f85ba84e8e884be21c9f4950e

Download Submit
C:\Windows\System\fIKDkHh.exe

Filesize
2.5MB

MD5
aa541140df497e7dd8bf724942efbce8

SHA1
a48625cb1d12410a279175abbc8745ac7221177f

SHA256
6a8b308dc547a5832c937e542e2fb9071d616910fe5df7800c8147be0fabf720

SHA512
46b0179b297e010efa0f4c6d61681efda1d34c0277b8b521f6ce394cd8f34df5051c5587e36ce5f02101fb7befebb3e5a240b4ed33aeea612e607843a68a2792

Download Submit
C:\Windows\System\geZkQVV.exe

Filesize
2.5MB

MD5
161d1c4176b7d8d8a98bcdcac3880e0c

SHA1
edd0cd475d13bbda5ff280ad89197b501fd1d9ea

SHA256
a9332c735a45a3363ce5e756dccbbb1d63cfb00b61503d8530018e71cb22a0ca

SHA512
1090928575af07470abf1f49c7fa63156205d805bb29253de37e6c0d193e7a1b269249d082d14ff4a6d450dfa7dcd9874d3182404d4d8fc644fd656f6391b01a

Download Submit
C:\Windows\System\ijSosVI.exe

Filesize
2.5MB

MD5
84900b8af8f6e614e87a3dd6a26ba33b

SHA1
142dad0125a4db1b5805bbd7f25414db49b7a995

SHA256
49d9dea4108bf2672cf65804b41d95fa426f23a0813194722a4d77c9775a7fd2

SHA512
e330c637b4ef0a0f00c7ea457e1ee18ed5fe2813ad9d38844e7e10bf3353645000fac2591a8ac40d0980b7d6099fd978bf0da0b9f1e79952aab7b5e9ad519ec5

Download Submit
C:\Windows\System\jMwuPIZ.exe

Filesize
2.5MB

MD5
4fb9ea1227d5f628a2f86827db5c3d1b

SHA1
36dad778c80786d16d59766a4a926d50588d2c95

SHA256
1e1f1b2e18e9dcdacf754cc12184923852a3ba60e40c4a0e81b8b4f4d4c2ff78

SHA512
7051d953cb82e344332c5b79c73f6a035b2f3eb8913433d45a815b9a7b313cf2714d27a0c722e97f4efe97eb47e0a73b8e1fa257cfbbddb87b94e6cfc9156385

Download Submit
C:\Windows\System\jxZjxWD.exe

Filesize
2.5MB

MD5
b93ac52ae080bf1155dc3da7cb2bf4a6

SHA1
c61db0ff88042ac4e6c6576bd90aecfc62756d8d

SHA256
19a46bcc40177b116a7decc90ebcd6454eb62a4fcce335ab0e005d40762f431a

SHA512
f87ca4a4f4a6a04db8e251eb02542c94637f91a1f80aedfe48d37a5136c0148171d0b668f417f303c49a75328ff732728cfe18cc4f07f92875cca176c3ffe369

Download Submit
C:\Windows\System\lMvkVJw.exe

Filesize
2.5MB

MD5
3756eef09af43748785474ab275c1fde

SHA1
cca0fd657c6d0bd08ff443fa65a0ec0e86d9e55c

SHA256
c4bd90bd6d657c8462f810f558b16c71194de041bf20e23d6bb36e9a167bc928

SHA512
d8062615522e2cfb7865ec615e92a47578ac818e8900953a52c9e1860d58db1f1e38100652dd6ee2d01549fd124f375b26bc1f6f3a7d2a349b288aa355c40ef9

Download Submit
C:\Windows\System\lqmmkrP.exe

Filesize
2.5MB

MD5
15a087af8c53f79a26fc1d22f3122591

SHA1
dabddbe54635452769bbb81b60644c1185ef57c3

SHA256
8fe24ea507408ffa44f65e95e602a5becc64cbc15412fabbbd244a89fc244ce1

SHA512
000abc84b9133b24efe697aa013ac61ae7822dea86ea96413335ede4942e5fc3bdc44b4dfa0819fe5aeb2a14d263413c2457f674272f4134a2c90ece21f373e0

Download Submit
C:\Windows\System\qCNklDm.exe

Filesize
2.5MB

MD5
410194b9ed2e3fe7dfb4f7f5cbbb8dfb

SHA1
fef17ff1ce49871edd94fdd01df3c2d8cdde6c6c

SHA256
560630b13cc980cef47f7da4ee852f6a0d302eb121b466c6f5218145ee765319

SHA512
bb95ae46476c74b1a1e8f20fe937e15a74e2061001a6308d8c276b9f3967988ca7a44081b7622dfe9a192d51f0ab8d03bda2abf130d37d273dcc3a7d7a297475

Download Submit
C:\Windows\System\rNspWJH.exe

Filesize
2.5MB

MD5
5ac9dc3e0f29344af7d48770171e7e57

SHA1
40ca9c639f3262f86e836b7527f8ba1867b67af5

SHA256
861f3902b669c6e19498f3f72e23d8cbff8fc4ea49abf9f9020dd379f168226a

SHA512
cb75ff951b0d1c8069d4080b093091f74124bd271f74e9e7467adb26bc51584d58d5c1fe6f67b3861982dfd10570334e18197ab19b454c09bfb164d4ada89d05

Download Submit
C:\Windows\System\ujgyQbb.exe

Filesize
2.5MB

MD5
c94d467e2fec890dea81ed20a15decf0

SHA1
04d5147de18176b9b34417ccdf9ed1ce390d477a

SHA256
c80557a5b02759e8a03cffd293afbdcb90c57a56ce5b876e8b38d0f0eae07ae9

SHA512
84eb601e95b87003b390c873d121fb49ddb92e2bcab663c050b75cb0ae45e607285ebe415e24bf2714b98248a89b5df24fbe1be1112b6f5dcce746e0297e40b5

Download Submit
memory/624-162-0x00007FF6FBDE0000-0x00007FF6FC134000-memory.dmp

Filesize
3.3MB

Download
memory/624-2140-0x00007FF6FBDE0000-0x00007FF6FC134000-memory.dmp

Filesize
3.3MB

Download
memory/696-2134-0x00007FF75C860000-0x00007FF75CBB4000-memory.dmp

Filesize
3.3MB

Download
memory/696-184-0x00007FF75C860000-0x00007FF75CBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-58-0x00007FF7AC960000-0x00007FF7ACCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-2111-0x00007FF7AC960000-0x00007FF7ACCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-2120-0x00007FF7AC960000-0x00007FF7ACCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-2119-0x00007FF617010000-0x00007FF617364000-memory.dmp

Filesize
3.3MB

Download
memory/1268-94-0x00007FF617010000-0x00007FF617364000-memory.dmp

Filesize
3.3MB

Download
memory/1280-2116-0x00007FF760640000-0x00007FF760994000-memory.dmp

Filesize
3.3MB

Download
memory/1280-22-0x00007FF760640000-0x00007FF760994000-memory.dmp

Filesize
3.3MB

Download
memory/1280-2108-0x00007FF760640000-0x00007FF760994000-memory.dmp

Filesize
3.3MB

Download
memory/1352-2118-0x00007FF639200000-0x00007FF639554000-memory.dmp

Filesize
3.3MB

Download
memory/1352-2110-0x00007FF639200000-0x00007FF639554000-memory.dmp

Filesize
3.3MB

Download
memory/1352-28-0x00007FF639200000-0x00007FF639554000-memory.dmp

Filesize
3.3MB

Download
memory/1488-104-0x00007FF7CC7C0000-0x00007FF7CCB14000-memory.dmp

Filesize
3.3MB

Download
memory/1488-2125-0x00007FF7CC7C0000-0x00007FF7CCB14000-memory.dmp

Filesize
3.3MB

Download
memory/1684-27-0x00007FF7977D0000-0x00007FF797B24000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2109-0x00007FF7977D0000-0x00007FF797B24000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2115-0x00007FF7977D0000-0x00007FF797B24000-memory.dmp

Filesize
3.3MB

Download
memory/1908-149-0x00007FF74B960000-0x00007FF74BCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2132-0x00007FF74B960000-0x00007FF74BCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-93-0x00007FF64B980000-0x00007FF64BCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-2123-0x00007FF64B980000-0x00007FF64BCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-122-0x00007FF7F5550000-0x00007FF7F58A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2126-0x00007FF7F5550000-0x00007FF7F58A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-185-0x00007FF672AE0000-0x00007FF672E34000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2117-0x00007FF672AE0000-0x00007FF672E34000-memory.dmp

Filesize
3.3MB

Download
memory/2176-2137-0x00007FF7DD8D0000-0x00007FF7DDC24000-memory.dmp

Filesize
3.3MB

Download
memory/2176-180-0x00007FF7DD8D0000-0x00007FF7DDC24000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2128-0x00007FF74B020000-0x00007FF74B374000-memory.dmp

Filesize
3.3MB

Download
memory/2536-152-0x00007FF74B020000-0x00007FF74B374000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2130-0x00007FF620CF0000-0x00007FF621044000-memory.dmp

Filesize
3.3MB

Download
memory/2544-188-0x00007FF620CF0000-0x00007FF621044000-memory.dmp

Filesize
3.3MB

Download
memory/2592-176-0x00007FF73EF60000-0x00007FF73F2B4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2129-0x00007FF73EF60000-0x00007FF73F2B4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2138-0x00007FF7B8100000-0x00007FF7B8454000-memory.dmp

Filesize
3.3MB

Download
memory/2964-182-0x00007FF7B8100000-0x00007FF7B8454000-memory.dmp

Filesize
3.3MB

Download
memory/2976-12-0x00007FF6EEF30000-0x00007FF6EF284000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2113-0x00007FF6EEF30000-0x00007FF6EF284000-memory.dmp

Filesize
3.3MB

Download
memory/3204-183-0x00007FF72E480000-0x00007FF72E7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-2141-0x00007FF72E480000-0x00007FF72E7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2139-0x00007FF63DE00000-0x00007FF63E154000-memory.dmp

Filesize
3.3MB

Download
memory/3208-192-0x00007FF63DE00000-0x00007FF63E154000-memory.dmp

Filesize
3.3MB

Download
memory/3320-42-0x00007FF6C0170000-0x00007FF6C04C4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2114-0x00007FF6C0170000-0x00007FF6C04C4000-memory.dmp

Filesize
3.3MB

Download
memory/3788-2121-0x00007FF741AB0000-0x00007FF741E04000-memory.dmp

Filesize
3.3MB

Download
memory/3788-2112-0x00007FF741AB0000-0x00007FF741E04000-memory.dmp

Filesize
3.3MB

Download
memory/3788-71-0x00007FF741AB0000-0x00007FF741E04000-memory.dmp

Filesize
3.3MB

Download
memory/4004-2124-0x00007FF6D68A0000-0x00007FF6D6BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4004-186-0x00007FF6D68A0000-0x00007FF6D6BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4140-187-0x00007FF72FD80000-0x00007FF7300D4000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2122-0x00007FF72FD80000-0x00007FF7300D4000-memory.dmp

Filesize
3.3MB

Download
memory/4280-2133-0x00007FF60CE40000-0x00007FF60D194000-memory.dmp

Filesize
3.3MB

Download
memory/4280-190-0x00007FF60CE40000-0x00007FF60D194000-memory.dmp

Filesize
3.3MB

Download
memory/4284-2127-0x00007FF6894E0000-0x00007FF689834000-memory.dmp

Filesize
3.3MB

Download
memory/4284-132-0x00007FF6894E0000-0x00007FF689834000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2131-0x00007FF674830000-0x00007FF674B84000-memory.dmp

Filesize
3.3MB

Download
memory/4580-189-0x00007FF674830000-0x00007FF674B84000-memory.dmp

Filesize
3.3MB

Download
memory/4788-1-0x000002CC80DE0000-0x000002CC80DF0000-memory.dmp

Filesize
64KB

Download
memory/4788-0-0x00007FF6ADE50000-0x00007FF6AE1A4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-191-0x00007FF6951A0000-0x00007FF6954F4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-2135-0x00007FF6951A0000-0x00007FF6954F4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2136-0x00007FF60D290000-0x00007FF60D5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-193-0x00007FF60D290000-0x00007FF60D5E4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads