xmrig | 4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8d

Analysis

max time kernel
109s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
Size

3.5MB
MD5

e891ba751c9d180de1872f3aec1a86c0
SHA1

9fd0171c1804b503d35c7d74a3041a8dbb2bc77b
SHA256

4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8d
SHA512

82b552e6d1861e2b482c39a499f5dd5e14885377fd6057256f9f4fcf6c6629186ba2f8a342ffc8f7bac72e052d23b53cf05d71d167b0e324c3697dc9260f7052
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2Wf:RWWBibf56utgpPFotBER/mQe

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/2136-180-0x00007FF6237A0000-0x00007FF623AF1000-memory.dmp	xmrig
behavioral2/memory/4688-186-0x00007FF79DE50000-0x00007FF79E1A1000-memory.dmp	xmrig
behavioral2/memory/3060-185-0x00007FF788A60000-0x00007FF788DB1000-memory.dmp	xmrig
behavioral2/memory/2264-184-0x00007FF763E60000-0x00007FF7641B1000-memory.dmp	xmrig
behavioral2/memory/4236-183-0x00007FF6B1510000-0x00007FF6B1861000-memory.dmp	xmrig
behavioral2/memory/848-182-0x00007FF6FB8D0000-0x00007FF6FBC21000-memory.dmp	xmrig
behavioral2/memory/2132-181-0x00007FF7C53F0000-0x00007FF7C5741000-memory.dmp	xmrig
behavioral2/memory/2400-177-0x00007FF6EDD00000-0x00007FF6EE051000-memory.dmp	xmrig
behavioral2/memory/2824-176-0x00007FF72D5D0000-0x00007FF72D921000-memory.dmp	xmrig
behavioral2/memory/4860-173-0x00007FF71CA70000-0x00007FF71CDC1000-memory.dmp	xmrig
behavioral2/memory/956-172-0x00007FF6C6A00000-0x00007FF6C6D51000-memory.dmp	xmrig
behavioral2/memory/3876-168-0x00007FF7806B0000-0x00007FF780A01000-memory.dmp	xmrig
behavioral2/memory/1124-160-0x00007FF63E2E0000-0x00007FF63E631000-memory.dmp	xmrig
behavioral2/memory/3348-159-0x00007FF742C70000-0x00007FF742FC1000-memory.dmp	xmrig
behavioral2/memory/2680-148-0x00007FF67FD30000-0x00007FF680081000-memory.dmp	xmrig
behavioral2/memory/4256-145-0x00007FF6869D0000-0x00007FF686D21000-memory.dmp	xmrig
behavioral2/memory/2184-136-0x00007FF629B30000-0x00007FF629E81000-memory.dmp	xmrig
behavioral2/memory/1620-134-0x00007FF60AAC0000-0x00007FF60AE11000-memory.dmp	xmrig
behavioral2/memory/2096-869-0x00007FF6F4970000-0x00007FF6F4CC1000-memory.dmp	xmrig
behavioral2/memory/2256-1123-0x00007FF6E8B40000-0x00007FF6E8E91000-memory.dmp	xmrig
behavioral2/memory/1088-1115-0x00007FF695890000-0x00007FF695BE1000-memory.dmp	xmrig
behavioral2/memory/2152-1108-0x00007FF750850000-0x00007FF750BA1000-memory.dmp	xmrig
behavioral2/memory/4488-1112-0x00007FF728280000-0x00007FF7285D1000-memory.dmp	xmrig
behavioral2/memory/1268-1110-0x00007FF6D23B0000-0x00007FF6D2701000-memory.dmp	xmrig
behavioral2/memory/1832-968-0x00007FF6599B0000-0x00007FF659D01000-memory.dmp	xmrig
behavioral2/memory/3648-965-0x00007FF605D90000-0x00007FF6060E1000-memory.dmp	xmrig
behavioral2/memory/1380-116-0x00007FF75D6C0000-0x00007FF75DA11000-memory.dmp	xmrig
behavioral2/memory/2300-96-0x00007FF7E3EB0000-0x00007FF7E4201000-memory.dmp	xmrig
behavioral2/memory/2688-95-0x00007FF6C2A70000-0x00007FF6C2DC1000-memory.dmp	xmrig
behavioral2/memory/2496-80-0x00007FF7294F0000-0x00007FF729841000-memory.dmp	xmrig
behavioral2/memory/3648-2347-0x00007FF605D90000-0x00007FF6060E1000-memory.dmp	xmrig
behavioral2/memory/1832-2350-0x00007FF6599B0000-0x00007FF659D01000-memory.dmp	xmrig
behavioral2/memory/2152-2351-0x00007FF750850000-0x00007FF750BA1000-memory.dmp	xmrig
behavioral2/memory/1268-2373-0x00007FF6D23B0000-0x00007FF6D2701000-memory.dmp	xmrig
behavioral2/memory/2300-2375-0x00007FF7E3EB0000-0x00007FF7E4201000-memory.dmp	xmrig
behavioral2/memory/2136-2387-0x00007FF6237A0000-0x00007FF623AF1000-memory.dmp	xmrig
behavioral2/memory/2256-2397-0x00007FF6E8B40000-0x00007FF6E8E91000-memory.dmp	xmrig
behavioral2/memory/2184-2403-0x00007FF629B30000-0x00007FF629E81000-memory.dmp	xmrig
behavioral2/memory/2132-2401-0x00007FF7C53F0000-0x00007FF7C5741000-memory.dmp	xmrig
behavioral2/memory/4256-2399-0x00007FF6869D0000-0x00007FF686D21000-memory.dmp	xmrig
behavioral2/memory/1620-2395-0x00007FF60AAC0000-0x00007FF60AE11000-memory.dmp	xmrig
behavioral2/memory/1380-2393-0x00007FF75D6C0000-0x00007FF75DA11000-memory.dmp	xmrig
behavioral2/memory/2400-2389-0x00007FF6EDD00000-0x00007FF6EE051000-memory.dmp	xmrig
behavioral2/memory/2824-2391-0x00007FF72D5D0000-0x00007FF72D921000-memory.dmp	xmrig
behavioral2/memory/4860-2381-0x00007FF71CA70000-0x00007FF71CDC1000-memory.dmp	xmrig
behavioral2/memory/2688-2379-0x00007FF6C2A70000-0x00007FF6C2DC1000-memory.dmp	xmrig
behavioral2/memory/1088-2385-0x00007FF695890000-0x00007FF695BE1000-memory.dmp	xmrig
behavioral2/memory/4488-2383-0x00007FF728280000-0x00007FF7285D1000-memory.dmp	xmrig
behavioral2/memory/2496-2377-0x00007FF7294F0000-0x00007FF729841000-memory.dmp	xmrig
behavioral2/memory/2680-2407-0x00007FF67FD30000-0x00007FF680081000-memory.dmp	xmrig
behavioral2/memory/2264-2409-0x00007FF763E60000-0x00007FF7641B1000-memory.dmp	xmrig
behavioral2/memory/1124-2405-0x00007FF63E2E0000-0x00007FF63E631000-memory.dmp	xmrig
behavioral2/memory/3348-2417-0x00007FF742C70000-0x00007FF742FC1000-memory.dmp	xmrig
behavioral2/memory/3060-2449-0x00007FF788A60000-0x00007FF788DB1000-memory.dmp	xmrig
behavioral2/memory/4236-2416-0x00007FF6B1510000-0x00007FF6B1861000-memory.dmp	xmrig
behavioral2/memory/3876-2413-0x00007FF7806B0000-0x00007FF780A01000-memory.dmp	xmrig
behavioral2/memory/848-2411-0x00007FF6FB8D0000-0x00007FF6FBC21000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3648	ghSWgPz.exe
1832	QczGJCA.exe
2152	GUwzYku.exe
1268	jtkHDVI.exe
4860	PGUMufm.exe
4488	kQwOmUK.exe
1088	BXGpIDU.exe
2824	HwHsrBw.exe
2400	wGLBglg.exe
2496	CXYkMLr.exe
2688	HFZREYO.exe
2300	yiNWOYw.exe
2136	BViLayp.exe
2256	xXtnHlf.exe
2132	IiKUFwY.exe
1380	YOmyWgB.exe
1620	dzGCdnp.exe
2184	ZXIBcKH.exe
4256	JzydvuF.exe
848	BGJhGiQ.exe
2680	gjuobjV.exe
4236	CEpYhom.exe
3348	VVDrHAJ.exe
1124	hREsnFu.exe
3876	POXiony.exe
2264	DzRhwgA.exe
3060	NCojjod.exe
956	UwNugjm.exe
4688	wwnOLwS.exe
4732	zllDbMw.exe
5000	WsXzQNX.exe
112	QJjyBEt.exe
2200	GrslPQn.exe
5028	bNpHnub.exe
4788	zdfUpPe.exe
1916	OQgddOw.exe
1644	oDRwzjL.exe
2704	pnyEERL.exe
5064	KNDAMrj.exe
816	ZSZZQGz.exe
3440	YbJJLtB.exe
4560	qTuvnXc.exe
1956	vYZKxAd.exe
1532	rsDwTDe.exe
2124	RhKwFvf.exe
2556	XajgufE.exe
4784	RpmCfQi.exe
2392	prLpgnb.exe
3552	dQNKfDO.exe
64	ICTlKYY.exe
184	yfjXOBK.exe
2740	fJpCQaH.exe
4332	WudWoRf.exe
4980	bMuPYfQ.exe
4404	pWhXgQf.exe
3660	yBfhpEo.exe
2860	sFaMdyf.exe
936	NFQEKft.exe
1456	uAAUfTb.exe
1496	NQZxnFw.exe
3912	aGNrLTt.exe
3612	wgGXJWz.exe
2068	xAtSxQa.exe
1136	VeVKozA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2096-0-0x00007FF6F4970000-0x00007FF6F4CC1000-memory.dmp	upx
behavioral2/files/0x0009000000023c83-5.dat	upx
behavioral2/files/0x0007000000023c87-12.dat	upx
behavioral2/memory/3648-9-0x00007FF605D90000-0x00007FF6060E1000-memory.dmp	upx
behavioral2/files/0x0007000000023c88-8.dat	upx
behavioral2/memory/1832-20-0x00007FF6599B0000-0x00007FF659D01000-memory.dmp	upx
behavioral2/files/0x0007000000023c89-16.dat	upx
behavioral2/files/0x0007000000023c8b-33.dat	upx
behavioral2/files/0x0007000000023c8e-45.dat	upx
behavioral2/files/0x0007000000023c90-52.dat	upx
behavioral2/files/0x0007000000023c96-89.dat	upx
behavioral2/files/0x0007000000023c9c-122.dat	upx
behavioral2/files/0x0007000000023c9b-141.dat	upx
behavioral2/files/0x0007000000023c9e-155.dat	upx
behavioral2/files/0x0007000000023ca3-169.dat	upx
behavioral2/memory/2136-180-0x00007FF6237A0000-0x00007FF623AF1000-memory.dmp	upx
behavioral2/memory/4688-186-0x00007FF79DE50000-0x00007FF79E1A1000-memory.dmp	upx
behavioral2/files/0x0007000000023ca5-192.dat	upx
behavioral2/files/0x0007000000023ca4-189.dat	upx
behavioral2/memory/3060-185-0x00007FF788A60000-0x00007FF788DB1000-memory.dmp	upx
behavioral2/memory/2264-184-0x00007FF763E60000-0x00007FF7641B1000-memory.dmp	upx
behavioral2/memory/4236-183-0x00007FF6B1510000-0x00007FF6B1861000-memory.dmp	upx
behavioral2/memory/848-182-0x00007FF6FB8D0000-0x00007FF6FBC21000-memory.dmp	upx
behavioral2/memory/2132-181-0x00007FF7C53F0000-0x00007FF7C5741000-memory.dmp	upx
behavioral2/memory/2400-177-0x00007FF6EDD00000-0x00007FF6EE051000-memory.dmp	upx
behavioral2/memory/2824-176-0x00007FF72D5D0000-0x00007FF72D921000-memory.dmp	upx
behavioral2/files/0x0007000000023ca2-174.dat	upx
behavioral2/memory/4860-173-0x00007FF71CA70000-0x00007FF71CDC1000-memory.dmp	upx
behavioral2/memory/956-172-0x00007FF6C6A00000-0x00007FF6C6D51000-memory.dmp	upx
behavioral2/files/0x0007000000023ca1-170.dat	upx
behavioral2/memory/3876-168-0x00007FF7806B0000-0x00007FF780A01000-memory.dmp	upx
behavioral2/files/0x0008000000023c84-166.dat	upx
behavioral2/files/0x0007000000023ca0-161.dat	upx
behavioral2/memory/1124-160-0x00007FF63E2E0000-0x00007FF63E631000-memory.dmp	upx
behavioral2/memory/3348-159-0x00007FF742C70000-0x00007FF742FC1000-memory.dmp	upx
behavioral2/files/0x0007000000023c9d-151.dat	upx
behavioral2/memory/2680-148-0x00007FF67FD30000-0x00007FF680081000-memory.dmp	upx
behavioral2/memory/4256-145-0x00007FF6869D0000-0x00007FF686D21000-memory.dmp	upx
behavioral2/files/0x0007000000023c9f-143.dat	upx
behavioral2/memory/2184-136-0x00007FF629B30000-0x00007FF629E81000-memory.dmp	upx
behavioral2/memory/1620-134-0x00007FF60AAC0000-0x00007FF60AE11000-memory.dmp	upx
behavioral2/files/0x0007000000023c9a-131.dat	upx
behavioral2/memory/2096-869-0x00007FF6F4970000-0x00007FF6F4CC1000-memory.dmp	upx
behavioral2/memory/2256-1123-0x00007FF6E8B40000-0x00007FF6E8E91000-memory.dmp	upx
behavioral2/memory/1088-1115-0x00007FF695890000-0x00007FF695BE1000-memory.dmp	upx
behavioral2/memory/2152-1108-0x00007FF750850000-0x00007FF750BA1000-memory.dmp	upx
behavioral2/memory/4488-1112-0x00007FF728280000-0x00007FF7285D1000-memory.dmp	upx
behavioral2/memory/1268-1110-0x00007FF6D23B0000-0x00007FF6D2701000-memory.dmp	upx
behavioral2/memory/1832-968-0x00007FF6599B0000-0x00007FF659D01000-memory.dmp	upx
behavioral2/memory/3648-965-0x00007FF605D90000-0x00007FF6060E1000-memory.dmp	upx
behavioral2/files/0x0007000000023c98-127.dat	upx
behavioral2/files/0x0007000000023c97-126.dat	upx
behavioral2/files/0x0007000000023c99-120.dat	upx
behavioral2/files/0x0007000000023c94-117.dat	upx
behavioral2/memory/1380-116-0x00007FF75D6C0000-0x00007FF75DA11000-memory.dmp	upx
behavioral2/memory/2256-113-0x00007FF6E8B40000-0x00007FF6E8E91000-memory.dmp	upx
behavioral2/files/0x0007000000023c93-108.dat	upx
behavioral2/files/0x0007000000023c95-104.dat	upx
behavioral2/files/0x0007000000023c8d-99.dat	upx
behavioral2/memory/2300-96-0x00007FF7E3EB0000-0x00007FF7E4201000-memory.dmp	upx
behavioral2/memory/2688-95-0x00007FF6C2A70000-0x00007FF6C2DC1000-memory.dmp	upx
behavioral2/files/0x0007000000023c92-84.dat	upx
behavioral2/memory/2496-80-0x00007FF7294F0000-0x00007FF729841000-memory.dmp	upx
behavioral2/files/0x0007000000023c8c-76.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EWlJnaV.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\IlWxHuO.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\wEeXmGD.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\gayerSt.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\WeNbNkA.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\FiWryEl.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\NGZrdWm.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\jEgpxIt.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\hCglveh.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\nAZrKcl.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\qhyJbsj.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\pnyEERL.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\RpmCfQi.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\whLVCLd.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\DzRhwgA.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\BzxaLar.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\omOzZHI.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\ISCocLb.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\pVLxsyN.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\qOSSoTR.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\bpnKOik.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\UZrsWZe.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\mMgHkxx.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\fDTaXLx.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\xMGLVhf.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\rNrKVLg.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\zDoSdJG.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\ReAgNHL.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\mjDqjBH.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\lPBWESn.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\qXtImYU.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\KIWXmqQ.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\OCihUzu.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\OdQQFyC.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\BGJhGiQ.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\ifWztND.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\ErdvpSY.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\guHWpoc.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\qNcytzD.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\UrsXzBe.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\gcZLqtM.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\DICiLWK.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\WqTYKQY.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\DRRuPiZ.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\nXFsjof.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\GVLYoxN.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\qICMsxe.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\vhkZwrf.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\ltJhgbL.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\lYKjUzv.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\VMkPUpH.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\oeKyEys.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\yQHKARD.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\uldUzYN.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\xqdrxNh.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\VKGFQdh.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\sKztNsW.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\XwJlfKx.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\dZzbYDp.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\mdezKgG.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\sZbpTMg.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\otktQDp.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\JtpXqsE.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
File created	C:\Windows\System\paUPdQQ.exe	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14572	dwm.exe
Token: SeChangeNotifyPrivilege	14572	dwm.exe
Token: 33	14572	dwm.exe
Token: SeIncBasePriorityPrivilege	14572	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 3648	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	85
PID 2096 wrote to memory of 3648	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	85
PID 2096 wrote to memory of 1832	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	86
PID 2096 wrote to memory of 1832	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	86
PID 2096 wrote to memory of 2152	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	87
PID 2096 wrote to memory of 2152	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	87
PID 2096 wrote to memory of 1268	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	88
PID 2096 wrote to memory of 1268	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	88
PID 2096 wrote to memory of 4860	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	89
PID 2096 wrote to memory of 4860	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	89
PID 2096 wrote to memory of 4488	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	90
PID 2096 wrote to memory of 4488	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	90
PID 2096 wrote to memory of 1088	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	91
PID 2096 wrote to memory of 1088	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	91
PID 2096 wrote to memory of 2824	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	92
PID 2096 wrote to memory of 2824	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	92
PID 2096 wrote to memory of 2400	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	93
PID 2096 wrote to memory of 2400	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	93
PID 2096 wrote to memory of 2496	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	94
PID 2096 wrote to memory of 2496	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	94
PID 2096 wrote to memory of 2688	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	95
PID 2096 wrote to memory of 2688	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	95
PID 2096 wrote to memory of 2300	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	96
PID 2096 wrote to memory of 2300	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	96
PID 2096 wrote to memory of 2136	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	97
PID 2096 wrote to memory of 2136	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	97
PID 2096 wrote to memory of 2256	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	98
PID 2096 wrote to memory of 2256	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	98
PID 2096 wrote to memory of 2132	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	99
PID 2096 wrote to memory of 2132	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	99
PID 2096 wrote to memory of 1380	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	100
PID 2096 wrote to memory of 1380	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	100
PID 2096 wrote to memory of 1620	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	101
PID 2096 wrote to memory of 1620	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	101
PID 2096 wrote to memory of 2184	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	102
PID 2096 wrote to memory of 2184	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	102
PID 2096 wrote to memory of 4256	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	103
PID 2096 wrote to memory of 4256	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	103
PID 2096 wrote to memory of 848	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	104
PID 2096 wrote to memory of 848	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	104
PID 2096 wrote to memory of 1124	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	105
PID 2096 wrote to memory of 1124	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	105
PID 2096 wrote to memory of 2680	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	106
PID 2096 wrote to memory of 2680	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	106
PID 2096 wrote to memory of 4236	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	107
PID 2096 wrote to memory of 4236	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	107
PID 2096 wrote to memory of 3348	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	108
PID 2096 wrote to memory of 3348	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	108
PID 2096 wrote to memory of 3876	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	109
PID 2096 wrote to memory of 3876	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	109
PID 2096 wrote to memory of 2264	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	110
PID 2096 wrote to memory of 2264	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	110
PID 2096 wrote to memory of 3060	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	111
PID 2096 wrote to memory of 3060	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	111
PID 2096 wrote to memory of 956	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	112
PID 2096 wrote to memory of 956	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	112
PID 2096 wrote to memory of 4688	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	113
PID 2096 wrote to memory of 4688	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	113
PID 2096 wrote to memory of 4732	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	114
PID 2096 wrote to memory of 4732	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	114
PID 2096 wrote to memory of 5000	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	115
PID 2096 wrote to memory of 5000	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	115
PID 2096 wrote to memory of 112	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	116
PID 2096 wrote to memory of 112	2096	4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe	116

C:\Users\Admin\AppData\Local\Temp\4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe
"C:\Users\Admin\AppData\Local\Temp\4b505ff7c52537f3cda5f83aa267277523f2ea83cd695cccdc42168fe316ff8dN.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\System\ghSWgPz.exe
  C:\Windows\System\ghSWgPz.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\QczGJCA.exe
  C:\Windows\System\QczGJCA.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\GUwzYku.exe
  C:\Windows\System\GUwzYku.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\jtkHDVI.exe
  C:\Windows\System\jtkHDVI.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\PGUMufm.exe
  C:\Windows\System\PGUMufm.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\kQwOmUK.exe
  C:\Windows\System\kQwOmUK.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\BXGpIDU.exe
  C:\Windows\System\BXGpIDU.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\HwHsrBw.exe
  C:\Windows\System\HwHsrBw.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\wGLBglg.exe
  C:\Windows\System\wGLBglg.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\CXYkMLr.exe
  C:\Windows\System\CXYkMLr.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\HFZREYO.exe
  C:\Windows\System\HFZREYO.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\yiNWOYw.exe
  C:\Windows\System\yiNWOYw.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\BViLayp.exe
  C:\Windows\System\BViLayp.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\xXtnHlf.exe
  C:\Windows\System\xXtnHlf.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\IiKUFwY.exe
  C:\Windows\System\IiKUFwY.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\YOmyWgB.exe
  C:\Windows\System\YOmyWgB.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\dzGCdnp.exe
  C:\Windows\System\dzGCdnp.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\ZXIBcKH.exe
  C:\Windows\System\ZXIBcKH.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\JzydvuF.exe
  C:\Windows\System\JzydvuF.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\BGJhGiQ.exe
  C:\Windows\System\BGJhGiQ.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\hREsnFu.exe
  C:\Windows\System\hREsnFu.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\gjuobjV.exe
  C:\Windows\System\gjuobjV.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\CEpYhom.exe
  C:\Windows\System\CEpYhom.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\VVDrHAJ.exe
  C:\Windows\System\VVDrHAJ.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\POXiony.exe
  C:\Windows\System\POXiony.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\DzRhwgA.exe
  C:\Windows\System\DzRhwgA.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\NCojjod.exe
  C:\Windows\System\NCojjod.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\UwNugjm.exe
  C:\Windows\System\UwNugjm.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\wwnOLwS.exe
  C:\Windows\System\wwnOLwS.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\zllDbMw.exe
  C:\Windows\System\zllDbMw.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\WsXzQNX.exe
  C:\Windows\System\WsXzQNX.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\QJjyBEt.exe
  C:\Windows\System\QJjyBEt.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\GrslPQn.exe
  C:\Windows\System\GrslPQn.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\bNpHnub.exe
  C:\Windows\System\bNpHnub.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\zdfUpPe.exe
  C:\Windows\System\zdfUpPe.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\OQgddOw.exe
  C:\Windows\System\OQgddOw.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\oDRwzjL.exe
  C:\Windows\System\oDRwzjL.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\pnyEERL.exe
  C:\Windows\System\pnyEERL.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\KNDAMrj.exe
  C:\Windows\System\KNDAMrj.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\ZSZZQGz.exe
  C:\Windows\System\ZSZZQGz.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\YbJJLtB.exe
  C:\Windows\System\YbJJLtB.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\qTuvnXc.exe
  C:\Windows\System\qTuvnXc.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\vYZKxAd.exe
  C:\Windows\System\vYZKxAd.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\rsDwTDe.exe
  C:\Windows\System\rsDwTDe.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\RhKwFvf.exe
  C:\Windows\System\RhKwFvf.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\XajgufE.exe
  C:\Windows\System\XajgufE.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\RpmCfQi.exe
  C:\Windows\System\RpmCfQi.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\prLpgnb.exe
  C:\Windows\System\prLpgnb.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\dQNKfDO.exe
  C:\Windows\System\dQNKfDO.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\ICTlKYY.exe
  C:\Windows\System\ICTlKYY.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\yfjXOBK.exe
  C:\Windows\System\yfjXOBK.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\fJpCQaH.exe
  C:\Windows\System\fJpCQaH.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\WudWoRf.exe
  C:\Windows\System\WudWoRf.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\bMuPYfQ.exe
  C:\Windows\System\bMuPYfQ.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\pWhXgQf.exe
  C:\Windows\System\pWhXgQf.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\yBfhpEo.exe
  C:\Windows\System\yBfhpEo.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\sFaMdyf.exe
  C:\Windows\System\sFaMdyf.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\NFQEKft.exe
  C:\Windows\System\NFQEKft.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\uAAUfTb.exe
  C:\Windows\System\uAAUfTb.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\NQZxnFw.exe
  C:\Windows\System\NQZxnFw.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\aGNrLTt.exe
  C:\Windows\System\aGNrLTt.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\wgGXJWz.exe
  C:\Windows\System\wgGXJWz.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\xAtSxQa.exe
  C:\Windows\System\xAtSxQa.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\VeVKozA.exe
  C:\Windows\System\VeVKozA.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\VPLklvn.exe
  C:\Windows\System\VPLklvn.exe
  2⤵
  PID:1944
- C:\Windows\System\XAHgCrR.exe
  C:\Windows\System\XAHgCrR.exe
  2⤵
  PID:1500
- C:\Windows\System\PvBelNQ.exe
  C:\Windows\System\PvBelNQ.exe
  2⤵
  PID:4844
- C:\Windows\System\rJOcDhd.exe
  C:\Windows\System\rJOcDhd.exe
  2⤵
  PID:836
- C:\Windows\System\otktQDp.exe
  C:\Windows\System\otktQDp.exe
  2⤵
  PID:3480
- C:\Windows\System\iaJKKcI.exe
  C:\Windows\System\iaJKKcI.exe
  2⤵
  PID:2532
- C:\Windows\System\yLMWjPV.exe
  C:\Windows\System\yLMWjPV.exe
  2⤵
  PID:1168
- C:\Windows\System\IbONmwe.exe
  C:\Windows\System\IbONmwe.exe
  2⤵
  PID:1920
- C:\Windows\System\CpiqXnq.exe
  C:\Windows\System\CpiqXnq.exe
  2⤵
  PID:4020
- C:\Windows\System\PViHBKx.exe
  C:\Windows\System\PViHBKx.exe
  2⤵
  PID:2612
- C:\Windows\System\mMgHkxx.exe
  C:\Windows\System\mMgHkxx.exe
  2⤵
  PID:2492
- C:\Windows\System\vWqYXvX.exe
  C:\Windows\System\vWqYXvX.exe
  2⤵
  PID:2848
- C:\Windows\System\nabOaKE.exe
  C:\Windows\System\nabOaKE.exe
  2⤵
  PID:2044
- C:\Windows\System\rKktpmL.exe
  C:\Windows\System\rKktpmL.exe
  2⤵
  PID:3192
- C:\Windows\System\oWdSDkO.exe
  C:\Windows\System\oWdSDkO.exe
  2⤵
  PID:2584
- C:\Windows\System\sOsZKFZ.exe
  C:\Windows\System\sOsZKFZ.exe
  2⤵
  PID:3964
- C:\Windows\System\gLcQOSa.exe
  C:\Windows\System\gLcQOSa.exe
  2⤵
  PID:1476
- C:\Windows\System\pJscEKQ.exe
  C:\Windows\System\pJscEKQ.exe
  2⤵
  PID:3608
- C:\Windows\System\cDeDhEI.exe
  C:\Windows\System\cDeDhEI.exe
  2⤵
  PID:1568
- C:\Windows\System\ZqMNcSE.exe
  C:\Windows\System\ZqMNcSE.exe
  2⤵
  PID:3556
- C:\Windows\System\OdQhrnj.exe
  C:\Windows\System\OdQhrnj.exe
  2⤵
  PID:3952
- C:\Windows\System\ljxMEyk.exe
  C:\Windows\System\ljxMEyk.exe
  2⤵
  PID:3824
- C:\Windows\System\mWzHBbZ.exe
  C:\Windows\System\mWzHBbZ.exe
  2⤵
  PID:4196
- C:\Windows\System\azDrhyS.exe
  C:\Windows\System\azDrhyS.exe
  2⤵
  PID:368
- C:\Windows\System\QMOBsdK.exe
  C:\Windows\System\QMOBsdK.exe
  2⤵
  PID:4396
- C:\Windows\System\qsxPxzn.exe
  C:\Windows\System\qsxPxzn.exe
  2⤵
  PID:1696
- C:\Windows\System\JtpXqsE.exe
  C:\Windows\System\JtpXqsE.exe
  2⤵
  PID:2684
- C:\Windows\System\EqmObxz.exe
  C:\Windows\System\EqmObxz.exe
  2⤵
  PID:2140
- C:\Windows\System\qYNymCw.exe
  C:\Windows\System\qYNymCw.exe
  2⤵
  PID:4200
- C:\Windows\System\wLXLKVl.exe
  C:\Windows\System\wLXLKVl.exe
  2⤵
  PID:1148
- C:\Windows\System\gxgKWrJ.exe
  C:\Windows\System\gxgKWrJ.exe
  2⤵
  PID:2600
- C:\Windows\System\YnRlEjI.exe
  C:\Windows\System\YnRlEjI.exe
  2⤵
  PID:4176
- C:\Windows\System\CzreTDf.exe
  C:\Windows\System\CzreTDf.exe
  2⤵
  PID:4244
- C:\Windows\System\ywwOAux.exe
  C:\Windows\System\ywwOAux.exe
  2⤵
  PID:720
- C:\Windows\System\LzrsmQN.exe
  C:\Windows\System\LzrsmQN.exe
  2⤵
  PID:4468
- C:\Windows\System\JHubAoZ.exe
  C:\Windows\System\JHubAoZ.exe
  2⤵
  PID:2284
- C:\Windows\System\njHhzRU.exe
  C:\Windows\System\njHhzRU.exe
  2⤵
  PID:4156
- C:\Windows\System\tndcgIF.exe
  C:\Windows\System\tndcgIF.exe
  2⤵
  PID:4104
- C:\Windows\System\zwajUPG.exe
  C:\Windows\System\zwajUPG.exe
  2⤵
  PID:840
- C:\Windows\System\lQIYgFR.exe
  C:\Windows\System\lQIYgFR.exe
  2⤵
  PID:1192
- C:\Windows\System\zaVYToQ.exe
  C:\Windows\System\zaVYToQ.exe
  2⤵
  PID:5132
- C:\Windows\System\hxeaRPu.exe
  C:\Windows\System\hxeaRPu.exe
  2⤵
  PID:5160
- C:\Windows\System\bQuDzfS.exe
  C:\Windows\System\bQuDzfS.exe
  2⤵
  PID:5196
- C:\Windows\System\vExoxbf.exe
  C:\Windows\System\vExoxbf.exe
  2⤵
  PID:5212
- C:\Windows\System\xEHolST.exe
  C:\Windows\System\xEHolST.exe
  2⤵
  PID:5240
- C:\Windows\System\qICMsxe.exe
  C:\Windows\System\qICMsxe.exe
  2⤵
  PID:5272
- C:\Windows\System\bavZUzH.exe
  C:\Windows\System\bavZUzH.exe
  2⤵
  PID:5300
- C:\Windows\System\zgiazGi.exe
  C:\Windows\System\zgiazGi.exe
  2⤵
  PID:5328
- C:\Windows\System\rFrlbYr.exe
  C:\Windows\System\rFrlbYr.exe
  2⤵
  PID:5360
- C:\Windows\System\fDTaXLx.exe
  C:\Windows\System\fDTaXLx.exe
  2⤵
  PID:5384
- C:\Windows\System\kGaOALu.exe
  C:\Windows\System\kGaOALu.exe
  2⤵
  PID:5420
- C:\Windows\System\ifWztND.exe
  C:\Windows\System\ifWztND.exe
  2⤵
  PID:5448
- C:\Windows\System\LfTnKVW.exe
  C:\Windows\System\LfTnKVW.exe
  2⤵
  PID:5476
- C:\Windows\System\mKTEckH.exe
  C:\Windows\System\mKTEckH.exe
  2⤵
  PID:5504
- C:\Windows\System\pwvkNYj.exe
  C:\Windows\System\pwvkNYj.exe
  2⤵
  PID:5524
- C:\Windows\System\ueCtTCG.exe
  C:\Windows\System\ueCtTCG.exe
  2⤵
  PID:5552
- C:\Windows\System\hHxJmkl.exe
  C:\Windows\System\hHxJmkl.exe
  2⤵
  PID:5580
- C:\Windows\System\VjByhoS.exe
  C:\Windows\System\VjByhoS.exe
  2⤵
  PID:5608
- C:\Windows\System\rEPYpho.exe
  C:\Windows\System\rEPYpho.exe
  2⤵
  PID:5644
- C:\Windows\System\pPBwnwK.exe
  C:\Windows\System\pPBwnwK.exe
  2⤵
  PID:5672
- C:\Windows\System\UtfJtNT.exe
  C:\Windows\System\UtfJtNT.exe
  2⤵
  PID:5700
- C:\Windows\System\VGQKBwO.exe
  C:\Windows\System\VGQKBwO.exe
  2⤵
  PID:5720
- C:\Windows\System\hTBGXRc.exe
  C:\Windows\System\hTBGXRc.exe
  2⤵
  PID:5752
- C:\Windows\System\ikRcIAe.exe
  C:\Windows\System\ikRcIAe.exe
  2⤵
  PID:5780
- C:\Windows\System\zUsNYdW.exe
  C:\Windows\System\zUsNYdW.exe
  2⤵
  PID:5816
- C:\Windows\System\sBeIUTf.exe
  C:\Windows\System\sBeIUTf.exe
  2⤵
  PID:5848
- C:\Windows\System\WtavNNv.exe
  C:\Windows\System\WtavNNv.exe
  2⤵
  PID:5876
- C:\Windows\System\gBKSQWx.exe
  C:\Windows\System\gBKSQWx.exe
  2⤵
  PID:5904
- C:\Windows\System\ERUkeMd.exe
  C:\Windows\System\ERUkeMd.exe
  2⤵
  PID:5932
- C:\Windows\System\tkbOVOS.exe
  C:\Windows\System\tkbOVOS.exe
  2⤵
  PID:5960
- C:\Windows\System\XerXbEy.exe
  C:\Windows\System\XerXbEy.exe
  2⤵
  PID:5988
- C:\Windows\System\TYTxOvp.exe
  C:\Windows\System\TYTxOvp.exe
  2⤵
  PID:6020
- C:\Windows\System\lYKjUzv.exe
  C:\Windows\System\lYKjUzv.exe
  2⤵
  PID:6052
- C:\Windows\System\zQXmdQR.exe
  C:\Windows\System\zQXmdQR.exe
  2⤵
  PID:6072
- C:\Windows\System\ixyPjZR.exe
  C:\Windows\System\ixyPjZR.exe
  2⤵
  PID:6092
- C:\Windows\System\ENAvuPp.exe
  C:\Windows\System\ENAvuPp.exe
  2⤵
  PID:6108
- C:\Windows\System\vBbEOhs.exe
  C:\Windows\System\vBbEOhs.exe
  2⤵
  PID:6128
- C:\Windows\System\SVPYUJZ.exe
  C:\Windows\System\SVPYUJZ.exe
  2⤵
  PID:5172
- C:\Windows\System\YMttjdy.exe
  C:\Windows\System\YMttjdy.exe
  2⤵
  PID:5220
- C:\Windows\System\mUaaaZX.exe
  C:\Windows\System\mUaaaZX.exe
  2⤵
  PID:5256
- C:\Windows\System\giIfxeW.exe
  C:\Windows\System\giIfxeW.exe
  2⤵
  PID:5288
- C:\Windows\System\utMfVdd.exe
  C:\Windows\System\utMfVdd.exe
  2⤵
  PID:5372
- C:\Windows\System\OdFYfJA.exe
  C:\Windows\System\OdFYfJA.exe
  2⤵
  PID:5432
- C:\Windows\System\qqwOskb.exe
  C:\Windows\System\qqwOskb.exe
  2⤵
  PID:5496
- C:\Windows\System\NXrqrFd.exe
  C:\Windows\System\NXrqrFd.exe
  2⤵
  PID:5564
- C:\Windows\System\BzxaLar.exe
  C:\Windows\System\BzxaLar.exe
  2⤵
  PID:5628
- C:\Windows\System\qoJDzIz.exe
  C:\Windows\System\qoJDzIz.exe
  2⤵
  PID:5688
- C:\Windows\System\uOlwcsY.exe
  C:\Windows\System\uOlwcsY.exe
  2⤵
  PID:5748
- C:\Windows\System\uldUzYN.exe
  C:\Windows\System\uldUzYN.exe
  2⤵
  PID:5832
- C:\Windows\System\THwgSiP.exe
  C:\Windows\System\THwgSiP.exe
  2⤵
  PID:5912
- C:\Windows\System\vtxGKZM.exe
  C:\Windows\System\vtxGKZM.exe
  2⤵
  PID:5972
- C:\Windows\System\MQbzTpa.exe
  C:\Windows\System\MQbzTpa.exe
  2⤵
  PID:6088
- C:\Windows\System\rpqitkn.exe
  C:\Windows\System\rpqitkn.exe
  2⤵
  PID:6136
- C:\Windows\System\Klywzne.exe
  C:\Windows\System\Klywzne.exe
  2⤵
  PID:6068
- C:\Windows\System\qWWufjr.exe
  C:\Windows\System\qWWufjr.exe
  2⤵
  PID:4736
- C:\Windows\System\aWfHSOs.exe
  C:\Windows\System\aWfHSOs.exe
  2⤵
  PID:5324
- C:\Windows\System\eNDpccC.exe
  C:\Windows\System\eNDpccC.exe
  2⤵
  PID:5536
- C:\Windows\System\iMDEmSg.exe
  C:\Windows\System\iMDEmSg.exe
  2⤵
  PID:5516
- C:\Windows\System\pIPDDIs.exe
  C:\Windows\System\pIPDDIs.exe
  2⤵
  PID:5664
- C:\Windows\System\rYEFwMp.exe
  C:\Windows\System\rYEFwMp.exe
  2⤵
  PID:5924
- C:\Windows\System\PEsTvLm.exe
  C:\Windows\System\PEsTvLm.exe
  2⤵
  PID:6040
- C:\Windows\System\eHpgJdX.exe
  C:\Windows\System\eHpgJdX.exe
  2⤵
  PID:5208
- C:\Windows\System\ErdvpSY.exe
  C:\Windows\System\ErdvpSY.exe
  2⤵
  PID:5396
- C:\Windows\System\vrVpLst.exe
  C:\Windows\System\vrVpLst.exe
  2⤵
  PID:6080
- C:\Windows\System\xMGLVhf.exe
  C:\Windows\System\xMGLVhf.exe
  2⤵
  PID:6140
- C:\Windows\System\paUPdQQ.exe
  C:\Windows\System\paUPdQQ.exe
  2⤵
  PID:6036
- C:\Windows\System\wOqXYxF.exe
  C:\Windows\System\wOqXYxF.exe
  2⤵
  PID:6160
- C:\Windows\System\sKztNsW.exe
  C:\Windows\System\sKztNsW.exe
  2⤵
  PID:6184
- C:\Windows\System\gOnfpJz.exe
  C:\Windows\System\gOnfpJz.exe
  2⤵
  PID:6212
- C:\Windows\System\ozPtNoG.exe
  C:\Windows\System\ozPtNoG.exe
  2⤵
  PID:6236
- C:\Windows\System\ISCocLb.exe
  C:\Windows\System\ISCocLb.exe
  2⤵
  PID:6268
- C:\Windows\System\GLZjBsr.exe
  C:\Windows\System\GLZjBsr.exe
  2⤵
  PID:6296
- C:\Windows\System\NxJwlnS.exe
  C:\Windows\System\NxJwlnS.exe
  2⤵
  PID:6324
- C:\Windows\System\kufqzOb.exe
  C:\Windows\System\kufqzOb.exe
  2⤵
  PID:6352
- C:\Windows\System\pDVJRsz.exe
  C:\Windows\System\pDVJRsz.exe
  2⤵
  PID:6384
- C:\Windows\System\ostgwNV.exe
  C:\Windows\System\ostgwNV.exe
  2⤵
  PID:6416
- C:\Windows\System\rpkiMJP.exe
  C:\Windows\System\rpkiMJP.exe
  2⤵
  PID:6436
- C:\Windows\System\kHCeyXF.exe
  C:\Windows\System\kHCeyXF.exe
  2⤵
  PID:6460
- C:\Windows\System\RemGoST.exe
  C:\Windows\System\RemGoST.exe
  2⤵
  PID:6492
- C:\Windows\System\BzEcOnF.exe
  C:\Windows\System\BzEcOnF.exe
  2⤵
  PID:6520
- C:\Windows\System\vASXacV.exe
  C:\Windows\System\vASXacV.exe
  2⤵
  PID:6556
- C:\Windows\System\TXBGEZl.exe
  C:\Windows\System\TXBGEZl.exe
  2⤵
  PID:6596
- C:\Windows\System\HhUGCzr.exe
  C:\Windows\System\HhUGCzr.exe
  2⤵
  PID:6628
- C:\Windows\System\VMkPUpH.exe
  C:\Windows\System\VMkPUpH.exe
  2⤵
  PID:6648
- C:\Windows\System\vhkZwrf.exe
  C:\Windows\System\vhkZwrf.exe
  2⤵
  PID:6664
- C:\Windows\System\PjYpHbo.exe
  C:\Windows\System\PjYpHbo.exe
  2⤵
  PID:6680
- C:\Windows\System\tppWrnl.exe
  C:\Windows\System\tppWrnl.exe
  2⤵
  PID:6716
- C:\Windows\System\NVTldEM.exe
  C:\Windows\System\NVTldEM.exe
  2⤵
  PID:6764
- C:\Windows\System\RsvoRkx.exe
  C:\Windows\System\RsvoRkx.exe
  2⤵
  PID:6788
- C:\Windows\System\sogMmPn.exe
  C:\Windows\System\sogMmPn.exe
  2⤵
  PID:6812
- C:\Windows\System\gcZLqtM.exe
  C:\Windows\System\gcZLqtM.exe
  2⤵
  PID:6836
- C:\Windows\System\oojJIoM.exe
  C:\Windows\System\oojJIoM.exe
  2⤵
  PID:6852
- C:\Windows\System\ZnPWZfW.exe
  C:\Windows\System\ZnPWZfW.exe
  2⤵
  PID:6872
- C:\Windows\System\PaRrlGf.exe
  C:\Windows\System\PaRrlGf.exe
  2⤵
  PID:6892
- C:\Windows\System\whLVCLd.exe
  C:\Windows\System\whLVCLd.exe
  2⤵
  PID:6908
- C:\Windows\System\cCwUlFl.exe
  C:\Windows\System\cCwUlFl.exe
  2⤵
  PID:6924
- C:\Windows\System\QOsFLNQ.exe
  C:\Windows\System\QOsFLNQ.exe
  2⤵
  PID:6944
- C:\Windows\System\ARHWfym.exe
  C:\Windows\System\ARHWfym.exe
  2⤵
  PID:6968
- C:\Windows\System\FrgeHdW.exe
  C:\Windows\System\FrgeHdW.exe
  2⤵
  PID:7000
- C:\Windows\System\JkTLrtq.exe
  C:\Windows\System\JkTLrtq.exe
  2⤵
  PID:7024
- C:\Windows\System\JZnIKPt.exe
  C:\Windows\System\JZnIKPt.exe
  2⤵
  PID:7052
- C:\Windows\System\IDYnOSb.exe
  C:\Windows\System\IDYnOSb.exe
  2⤵
  PID:7080
- C:\Windows\System\YDagKoK.exe
  C:\Windows\System\YDagKoK.exe
  2⤵
  PID:7104
- C:\Windows\System\DICiLWK.exe
  C:\Windows\System\DICiLWK.exe
  2⤵
  PID:7132
- C:\Windows\System\UApvXwd.exe
  C:\Windows\System\UApvXwd.exe
  2⤵
  PID:5284
- C:\Windows\System\WqTYKQY.exe
  C:\Windows\System\WqTYKQY.exe
  2⤵
  PID:3680
- C:\Windows\System\xojMAWm.exe
  C:\Windows\System\xojMAWm.exe
  2⤵
  PID:6196
- C:\Windows\System\SapwanF.exe
  C:\Windows\System\SapwanF.exe
  2⤵
  PID:6276
- C:\Windows\System\KiGMcrg.exe
  C:\Windows\System\KiGMcrg.exe
  2⤵
  PID:6368
- C:\Windows\System\OCesAsQ.exe
  C:\Windows\System\OCesAsQ.exe
  2⤵
  PID:6428
- C:\Windows\System\neoLjSU.exe
  C:\Windows\System\neoLjSU.exe
  2⤵
  PID:6488
- C:\Windows\System\zCDcqBf.exe
  C:\Windows\System\zCDcqBf.exe
  2⤵
  PID:6688
- C:\Windows\System\oDWIcJs.exe
  C:\Windows\System\oDWIcJs.exe
  2⤵
  PID:6804
- C:\Windows\System\OPGLHsg.exe
  C:\Windows\System\OPGLHsg.exe
  2⤵
  PID:6580
- C:\Windows\System\HPQwZUN.exe
  C:\Windows\System\HPQwZUN.exe
  2⤵
  PID:6848
- C:\Windows\System\YWmdiXZ.exe
  C:\Windows\System\YWmdiXZ.exe
  2⤵
  PID:6884
- C:\Windows\System\FwDfUWb.exe
  C:\Windows\System\FwDfUWb.exe
  2⤵
  PID:6824
- C:\Windows\System\reWRKvB.exe
  C:\Windows\System\reWRKvB.exe
  2⤵
  PID:6868
- C:\Windows\System\wSuCWJz.exe
  C:\Windows\System\wSuCWJz.exe
  2⤵
  PID:6932
- C:\Windows\System\GnnLsgx.exe
  C:\Windows\System\GnnLsgx.exe
  2⤵
  PID:7048
- C:\Windows\System\CwkTtuv.exe
  C:\Windows\System\CwkTtuv.exe
  2⤵
  PID:7112
- C:\Windows\System\NetgMCM.exe
  C:\Windows\System\NetgMCM.exe
  2⤵
  PID:6232
- C:\Windows\System\FBbAkgV.exe
  C:\Windows\System\FBbAkgV.exe
  2⤵
  PID:6360
- C:\Windows\System\aqQMDaM.exe
  C:\Windows\System\aqQMDaM.exe
  2⤵
  PID:6292
- C:\Windows\System\WjAdXpO.exe
  C:\Windows\System\WjAdXpO.exe
  2⤵
  PID:6620
- C:\Windows\System\SCTuBzj.exe
  C:\Windows\System\SCTuBzj.exe
  2⤵
  PID:6528
- C:\Windows\System\ZWyLVdN.exe
  C:\Windows\System\ZWyLVdN.exe
  2⤵
  PID:6992
- C:\Windows\System\XwJlfKx.exe
  C:\Windows\System\XwJlfKx.exe
  2⤵
  PID:6828
- C:\Windows\System\sPwHlnx.exe
  C:\Windows\System\sPwHlnx.exe
  2⤵
  PID:6048
- C:\Windows\System\gPyHEof.exe
  C:\Windows\System\gPyHEof.exe
  2⤵
  PID:7160
- C:\Windows\System\kdwxaaJ.exe
  C:\Windows\System\kdwxaaJ.exe
  2⤵
  PID:6180
- C:\Windows\System\dZzbYDp.exe
  C:\Windows\System\dZzbYDp.exe
  2⤵
  PID:7200
- C:\Windows\System\WNGVlvx.exe
  C:\Windows\System\WNGVlvx.exe
  2⤵
  PID:7228
- C:\Windows\System\GRcDPWF.exe
  C:\Windows\System\GRcDPWF.exe
  2⤵
  PID:7256
- C:\Windows\System\PHyHaBi.exe
  C:\Windows\System\PHyHaBi.exe
  2⤵
  PID:7280
- C:\Windows\System\APwebqY.exe
  C:\Windows\System\APwebqY.exe
  2⤵
  PID:7308
- C:\Windows\System\zmtsuUh.exe
  C:\Windows\System\zmtsuUh.exe
  2⤵
  PID:7340
- C:\Windows\System\DCxcYNq.exe
  C:\Windows\System\DCxcYNq.exe
  2⤵
  PID:7360
- C:\Windows\System\jRbSXZZ.exe
  C:\Windows\System\jRbSXZZ.exe
  2⤵
  PID:7404
- C:\Windows\System\jypuZPD.exe
  C:\Windows\System\jypuZPD.exe
  2⤵
  PID:7432
- C:\Windows\System\mZUgecl.exe
  C:\Windows\System\mZUgecl.exe
  2⤵
  PID:7460
- C:\Windows\System\LlCgDYW.exe
  C:\Windows\System\LlCgDYW.exe
  2⤵
  PID:7484
- C:\Windows\System\mQWBVJG.exe
  C:\Windows\System\mQWBVJG.exe
  2⤵
  PID:7516
- C:\Windows\System\BHJKhxQ.exe
  C:\Windows\System\BHJKhxQ.exe
  2⤵
  PID:7540
- C:\Windows\System\pVLxsyN.exe
  C:\Windows\System\pVLxsyN.exe
  2⤵
  PID:7564
- C:\Windows\System\vQhZkYo.exe
  C:\Windows\System\vQhZkYo.exe
  2⤵
  PID:7600
- C:\Windows\System\cTJnUsn.exe
  C:\Windows\System\cTJnUsn.exe
  2⤵
  PID:7636
- C:\Windows\System\xmHzQbc.exe
  C:\Windows\System\xmHzQbc.exe
  2⤵
  PID:7660
- C:\Windows\System\lSfsPoE.exe
  C:\Windows\System\lSfsPoE.exe
  2⤵
  PID:7684
- C:\Windows\System\wgwlIjZ.exe
  C:\Windows\System\wgwlIjZ.exe
  2⤵
  PID:7712
- C:\Windows\System\ZcbrFPJ.exe
  C:\Windows\System\ZcbrFPJ.exe
  2⤵
  PID:7740
- C:\Windows\System\OaVVlUQ.exe
  C:\Windows\System\OaVVlUQ.exe
  2⤵
  PID:7768
- C:\Windows\System\vMbzstK.exe
  C:\Windows\System\vMbzstK.exe
  2⤵
  PID:7796
- C:\Windows\System\ltJhgbL.exe
  C:\Windows\System\ltJhgbL.exe
  2⤵
  PID:7824
- C:\Windows\System\LYkmjRt.exe
  C:\Windows\System\LYkmjRt.exe
  2⤵
  PID:7860
- C:\Windows\System\tkhMZpf.exe
  C:\Windows\System\tkhMZpf.exe
  2⤵
  PID:7884
- C:\Windows\System\BrhHfLc.exe
  C:\Windows\System\BrhHfLc.exe
  2⤵
  PID:8048
- C:\Windows\System\KnJxUXf.exe
  C:\Windows\System\KnJxUXf.exe
  2⤵
  PID:8064
- C:\Windows\System\qXtImYU.exe
  C:\Windows\System\qXtImYU.exe
  2⤵
  PID:8092
- C:\Windows\System\AKIdtjy.exe
  C:\Windows\System\AKIdtjy.exe
  2⤵
  PID:8120
- C:\Windows\System\qoHjgQv.exe
  C:\Windows\System\qoHjgQv.exe
  2⤵
  PID:8148
- C:\Windows\System\QMqOwAY.exe
  C:\Windows\System\QMqOwAY.exe
  2⤵
  PID:8176
- C:\Windows\System\OzsMWIQ.exe
  C:\Windows\System\OzsMWIQ.exe
  2⤵
  PID:7176
- C:\Windows\System\iaovCNS.exe
  C:\Windows\System\iaovCNS.exe
  2⤵
  PID:6576
- C:\Windows\System\tDlOqBr.exe
  C:\Windows\System\tDlOqBr.exe
  2⤵
  PID:7220
- C:\Windows\System\fhenWMc.exe
  C:\Windows\System\fhenWMc.exe
  2⤵
  PID:7288
- C:\Windows\System\whYwfVB.exe
  C:\Windows\System\whYwfVB.exe
  2⤵
  PID:7332
- C:\Windows\System\WVWwrxK.exe
  C:\Windows\System\WVWwrxK.exe
  2⤵
  PID:7368
- C:\Windows\System\EmXrTTf.exe
  C:\Windows\System\EmXrTTf.exe
  2⤵
  PID:7504
- C:\Windows\System\ROtHraM.exe
  C:\Windows\System\ROtHraM.exe
  2⤵
  PID:7476
- C:\Windows\System\jBZiObg.exe
  C:\Windows\System\jBZiObg.exe
  2⤵
  PID:7592
- C:\Windows\System\npUmWPW.exe
  C:\Windows\System\npUmWPW.exe
  2⤵
  PID:7560
- C:\Windows\System\BjMWkpt.exe
  C:\Windows\System\BjMWkpt.exe
  2⤵
  PID:7732
- C:\Windows\System\baIrfMR.exe
  C:\Windows\System\baIrfMR.exe
  2⤵
  PID:7724
- C:\Windows\System\TrhUxmJ.exe
  C:\Windows\System\TrhUxmJ.exe
  2⤵
  PID:7760
- C:\Windows\System\PNIXZqE.exe
  C:\Windows\System\PNIXZqE.exe
  2⤵
  PID:7868
- C:\Windows\System\CvgRGPJ.exe
  C:\Windows\System\CvgRGPJ.exe
  2⤵
  PID:8032
- C:\Windows\System\bJndxuW.exe
  C:\Windows\System\bJndxuW.exe
  2⤵
  PID:8060
- C:\Windows\System\tquUBog.exe
  C:\Windows\System\tquUBog.exe
  2⤵
  PID:8136
- C:\Windows\System\YvaXPSb.exe
  C:\Windows\System\YvaXPSb.exe
  2⤵
  PID:7044
- C:\Windows\System\isKkLfg.exe
  C:\Windows\System\isKkLfg.exe
  2⤵
  PID:6192
- C:\Windows\System\NLznkgM.exe
  C:\Windows\System\NLznkgM.exe
  2⤵
  PID:7248
- C:\Windows\System\yOmPPMf.exe
  C:\Windows\System\yOmPPMf.exe
  2⤵
  PID:7444
- C:\Windows\System\NaXarxg.exe
  C:\Windows\System\NaXarxg.exe
  2⤵
  PID:7152
- C:\Windows\System\aeLHvaM.exe
  C:\Windows\System\aeLHvaM.exe
  2⤵
  PID:7912
- C:\Windows\System\leNrWid.exe
  C:\Windows\System\leNrWid.exe
  2⤵
  PID:8056
- C:\Windows\System\sdBAJEr.exe
  C:\Windows\System\sdBAJEr.exe
  2⤵
  PID:8168
- C:\Windows\System\ZjgIjBa.exe
  C:\Windows\System\ZjgIjBa.exe
  2⤵
  PID:7356
- C:\Windows\System\GXEFgWn.exe
  C:\Windows\System\GXEFgWn.exe
  2⤵
  PID:7704
- C:\Windows\System\TRpgnnS.exe
  C:\Windows\System\TRpgnnS.exe
  2⤵
  PID:7728
- C:\Windows\System\PkcUqfx.exe
  C:\Windows\System\PkcUqfx.exe
  2⤵
  PID:7304
- C:\Windows\System\mPRkLEv.exe
  C:\Windows\System\mPRkLEv.exe
  2⤵
  PID:6604
- C:\Windows\System\jAXEHrW.exe
  C:\Windows\System\jAXEHrW.exe
  2⤵
  PID:8196
- C:\Windows\System\wvPKLMI.exe
  C:\Windows\System\wvPKLMI.exe
  2⤵
  PID:8224
- C:\Windows\System\qOSSoTR.exe
  C:\Windows\System\qOSSoTR.exe
  2⤵
  PID:8252
- C:\Windows\System\uDUtIkq.exe
  C:\Windows\System\uDUtIkq.exe
  2⤵
  PID:8276
- C:\Windows\System\FOktBBX.exe
  C:\Windows\System\FOktBBX.exe
  2⤵
  PID:8308
- C:\Windows\System\RXGVgBE.exe
  C:\Windows\System\RXGVgBE.exe
  2⤵
  PID:8336
- C:\Windows\System\hOigdUd.exe
  C:\Windows\System\hOigdUd.exe
  2⤵
  PID:8360
- C:\Windows\System\MlpDyYb.exe
  C:\Windows\System\MlpDyYb.exe
  2⤵
  PID:8376
- C:\Windows\System\xitMluf.exe
  C:\Windows\System\xitMluf.exe
  2⤵
  PID:8396
- C:\Windows\System\wQvxhTS.exe
  C:\Windows\System\wQvxhTS.exe
  2⤵
  PID:8424
- C:\Windows\System\wFclxFg.exe
  C:\Windows\System\wFclxFg.exe
  2⤵
  PID:8456
- C:\Windows\System\WfeFJrM.exe
  C:\Windows\System\WfeFJrM.exe
  2⤵
  PID:8484
- C:\Windows\System\izMppgQ.exe
  C:\Windows\System\izMppgQ.exe
  2⤵
  PID:8516
- C:\Windows\System\iZijpnC.exe
  C:\Windows\System\iZijpnC.exe
  2⤵
  PID:8548
- C:\Windows\System\iJLgJuA.exe
  C:\Windows\System\iJLgJuA.exe
  2⤵
  PID:8576
- C:\Windows\System\IACaYdR.exe
  C:\Windows\System\IACaYdR.exe
  2⤵
  PID:8608
- C:\Windows\System\vKVgjJg.exe
  C:\Windows\System\vKVgjJg.exe
  2⤵
  PID:8640
- C:\Windows\System\dfkKTYh.exe
  C:\Windows\System\dfkKTYh.exe
  2⤵
  PID:8676
- C:\Windows\System\XoMfxiU.exe
  C:\Windows\System\XoMfxiU.exe
  2⤵
  PID:8700
- C:\Windows\System\prncCTT.exe
  C:\Windows\System\prncCTT.exe
  2⤵
  PID:8724
- C:\Windows\System\BVumvhO.exe
  C:\Windows\System\BVumvhO.exe
  2⤵
  PID:8756
- C:\Windows\System\qpGBySe.exe
  C:\Windows\System\qpGBySe.exe
  2⤵
  PID:8780
- C:\Windows\System\NhqIZFE.exe
  C:\Windows\System\NhqIZFE.exe
  2⤵
  PID:8812
- C:\Windows\System\FiWryEl.exe
  C:\Windows\System\FiWryEl.exe
  2⤵
  PID:8844
- C:\Windows\System\ewIzRYr.exe
  C:\Windows\System\ewIzRYr.exe
  2⤵
  PID:8872
- C:\Windows\System\FIKmmSN.exe
  C:\Windows\System\FIKmmSN.exe
  2⤵
  PID:8900
- C:\Windows\System\UPubgYj.exe
  C:\Windows\System\UPubgYj.exe
  2⤵
  PID:8932
- C:\Windows\System\aCIgBvo.exe
  C:\Windows\System\aCIgBvo.exe
  2⤵
  PID:8960
- C:\Windows\System\rkyWdCX.exe
  C:\Windows\System\rkyWdCX.exe
  2⤵
  PID:8988
- C:\Windows\System\RgKfdSy.exe
  C:\Windows\System\RgKfdSy.exe
  2⤵
  PID:9016
- C:\Windows\System\HNznJOu.exe
  C:\Windows\System\HNznJOu.exe
  2⤵
  PID:9044
- C:\Windows\System\JHcdBlM.exe
  C:\Windows\System\JHcdBlM.exe
  2⤵
  PID:9068
- C:\Windows\System\hevqLoS.exe
  C:\Windows\System\hevqLoS.exe
  2⤵
  PID:9088
- C:\Windows\System\NsVEJKf.exe
  C:\Windows\System\NsVEJKf.exe
  2⤵
  PID:9108
- C:\Windows\System\VVTceXg.exe
  C:\Windows\System\VVTceXg.exe
  2⤵
  PID:9128
- C:\Windows\System\nsdTgnN.exe
  C:\Windows\System\nsdTgnN.exe
  2⤵
  PID:9152
- C:\Windows\System\kKLwKXa.exe
  C:\Windows\System\kKLwKXa.exe
  2⤵
  PID:9172
- C:\Windows\System\ZGRUEQk.exe
  C:\Windows\System\ZGRUEQk.exe
  2⤵
  PID:9200
- C:\Windows\System\AXoZlTi.exe
  C:\Windows\System\AXoZlTi.exe
  2⤵
  PID:8204
- C:\Windows\System\fABBEZH.exe
  C:\Windows\System\fABBEZH.exe
  2⤵
  PID:8260
- C:\Windows\System\NAbQMgM.exe
  C:\Windows\System\NAbQMgM.exe
  2⤵
  PID:8296
- C:\Windows\System\puupgtJ.exe
  C:\Windows\System\puupgtJ.exe
  2⤵
  PID:8384
- C:\Windows\System\HAtnETk.exe
  C:\Windows\System\HAtnETk.exe
  2⤵
  PID:8416
- C:\Windows\System\wjvupuj.exe
  C:\Windows\System\wjvupuj.exe
  2⤵
  PID:8540
- C:\Windows\System\vqRSodS.exe
  C:\Windows\System\vqRSodS.exe
  2⤵
  PID:8600
- C:\Windows\System\UwQOdtR.exe
  C:\Windows\System\UwQOdtR.exe
  2⤵
  PID:8652
- C:\Windows\System\DUvNdkc.exe
  C:\Windows\System\DUvNdkc.exe
  2⤵
  PID:8740
- C:\Windows\System\FMAhcLh.exe
  C:\Windows\System\FMAhcLh.exe
  2⤵
  PID:8792
- C:\Windows\System\QcfCrHi.exe
  C:\Windows\System\QcfCrHi.exe
  2⤵
  PID:8880
- C:\Windows\System\CNXyyjJ.exe
  C:\Windows\System\CNXyyjJ.exe
  2⤵
  PID:8916
- C:\Windows\System\eLLfFDY.exe
  C:\Windows\System\eLLfFDY.exe
  2⤵
  PID:8972
- C:\Windows\System\ckXOVbg.exe
  C:\Windows\System\ckXOVbg.exe
  2⤵
  PID:9056
- C:\Windows\System\JKcHqbf.exe
  C:\Windows\System\JKcHqbf.exe
  2⤵
  PID:9124
- C:\Windows\System\fTlKbUa.exe
  C:\Windows\System\fTlKbUa.exe
  2⤵
  PID:9168
- C:\Windows\System\pGYZPgJ.exe
  C:\Windows\System\pGYZPgJ.exe
  2⤵
  PID:8328
- C:\Windows\System\NORwOzL.exe
  C:\Windows\System\NORwOzL.exe
  2⤵
  PID:8504
- C:\Windows\System\yEmfjHl.exe
  C:\Windows\System\yEmfjHl.exe
  2⤵
  PID:8568
- C:\Windows\System\YPlxcpv.exe
  C:\Windows\System\YPlxcpv.exe
  2⤵
  PID:8684
- C:\Windows\System\IWWKaPC.exe
  C:\Windows\System\IWWKaPC.exe
  2⤵
  PID:8836
- C:\Windows\System\UHiUKWr.exe
  C:\Windows\System\UHiUKWr.exe
  2⤵
  PID:9000
- C:\Windows\System\dlOHYbl.exe
  C:\Windows\System\dlOHYbl.exe
  2⤵
  PID:9104
- C:\Windows\System\sQlSTtt.exe
  C:\Windows\System\sQlSTtt.exe
  2⤵
  PID:8776
- C:\Windows\System\caPZCCB.exe
  C:\Windows\System\caPZCCB.exe
  2⤵
  PID:8944
- C:\Windows\System\qbgdjOy.exe
  C:\Windows\System\qbgdjOy.exe
  2⤵
  PID:9220
- C:\Windows\System\mmYawor.exe
  C:\Windows\System\mmYawor.exe
  2⤵
  PID:9248
- C:\Windows\System\jYnzWzR.exe
  C:\Windows\System\jYnzWzR.exe
  2⤵
  PID:9284
- C:\Windows\System\CQbeeMv.exe
  C:\Windows\System\CQbeeMv.exe
  2⤵
  PID:9308
- C:\Windows\System\YNisKKv.exe
  C:\Windows\System\YNisKKv.exe
  2⤵
  PID:9336
- C:\Windows\System\eAFwZzb.exe
  C:\Windows\System\eAFwZzb.exe
  2⤵
  PID:9360
- C:\Windows\System\oMOILlC.exe
  C:\Windows\System\oMOILlC.exe
  2⤵
  PID:9392
- C:\Windows\System\reQEzJG.exe
  C:\Windows\System\reQEzJG.exe
  2⤵
  PID:9416
- C:\Windows\System\eFRMxNW.exe
  C:\Windows\System\eFRMxNW.exe
  2⤵
  PID:9440
- C:\Windows\System\bpnKOik.exe
  C:\Windows\System\bpnKOik.exe
  2⤵
  PID:9468
- C:\Windows\System\rEzovxU.exe
  C:\Windows\System\rEzovxU.exe
  2⤵
  PID:9500
- C:\Windows\System\LecjwFc.exe
  C:\Windows\System\LecjwFc.exe
  2⤵
  PID:9532
- C:\Windows\System\VbgESMY.exe
  C:\Windows\System\VbgESMY.exe
  2⤵
  PID:9576
- C:\Windows\System\oSesbuQ.exe
  C:\Windows\System\oSesbuQ.exe
  2⤵
  PID:9616
- C:\Windows\System\dqkfWfp.exe
  C:\Windows\System\dqkfWfp.exe
  2⤵
  PID:9640
- C:\Windows\System\LOJwucF.exe
  C:\Windows\System\LOJwucF.exe
  2⤵
  PID:9672
- C:\Windows\System\RSFxXWX.exe
  C:\Windows\System\RSFxXWX.exe
  2⤵
  PID:9700
- C:\Windows\System\NGZrdWm.exe
  C:\Windows\System\NGZrdWm.exe
  2⤵
  PID:9728
- C:\Windows\System\lEdmKDf.exe
  C:\Windows\System\lEdmKDf.exe
  2⤵
  PID:9760
- C:\Windows\System\NlDlTKm.exe
  C:\Windows\System\NlDlTKm.exe
  2⤵
  PID:9784
- C:\Windows\System\ZUwpCxy.exe
  C:\Windows\System\ZUwpCxy.exe
  2⤵
  PID:9812
- C:\Windows\System\WaYyCul.exe
  C:\Windows\System\WaYyCul.exe
  2⤵
  PID:9828
- C:\Windows\System\DRRuPiZ.exe
  C:\Windows\System\DRRuPiZ.exe
  2⤵
  PID:9860
- C:\Windows\System\ZLeqEBC.exe
  C:\Windows\System\ZLeqEBC.exe
  2⤵
  PID:9876
- C:\Windows\System\jvrQvDH.exe
  C:\Windows\System\jvrQvDH.exe
  2⤵
  PID:9896
- C:\Windows\System\YcyftgW.exe
  C:\Windows\System\YcyftgW.exe
  2⤵
  PID:9920
- C:\Windows\System\DUhJklM.exe
  C:\Windows\System\DUhJklM.exe
  2⤵
  PID:9948
- C:\Windows\System\IuijdDD.exe
  C:\Windows\System\IuijdDD.exe
  2⤵
  PID:9972
- C:\Windows\System\DdtQbyp.exe
  C:\Windows\System\DdtQbyp.exe
  2⤵
  PID:9996
- C:\Windows\System\ejSsABA.exe
  C:\Windows\System\ejSsABA.exe
  2⤵
  PID:10012
- C:\Windows\System\kolOouQ.exe
  C:\Windows\System\kolOouQ.exe
  2⤵
  PID:10040
- C:\Windows\System\Vjzvayj.exe
  C:\Windows\System\Vjzvayj.exe
  2⤵
  PID:10068
- C:\Windows\System\omOzZHI.exe
  C:\Windows\System\omOzZHI.exe
  2⤵
  PID:10092
- C:\Windows\System\ZzTmNSU.exe
  C:\Windows\System\ZzTmNSU.exe
  2⤵
  PID:10112
- C:\Windows\System\dqmdrTD.exe
  C:\Windows\System\dqmdrTD.exe
  2⤵
  PID:10144
- C:\Windows\System\KIWXmqQ.exe
  C:\Windows\System\KIWXmqQ.exe
  2⤵
  PID:10180
- C:\Windows\System\YOApjmM.exe
  C:\Windows\System\YOApjmM.exe
  2⤵
  PID:10200
- C:\Windows\System\QkYgPIW.exe
  C:\Windows\System\QkYgPIW.exe
  2⤵
  PID:10224
- C:\Windows\System\cklZINs.exe
  C:\Windows\System\cklZINs.exe
  2⤵
  PID:9144
- C:\Windows\System\hwseqHr.exe
  C:\Windows\System\hwseqHr.exe
  2⤵
  PID:8300
- C:\Windows\System\usHsJAp.exe
  C:\Windows\System\usHsJAp.exe
  2⤵
  PID:9344
- C:\Windows\System\tRrOUPB.exe
  C:\Windows\System\tRrOUPB.exe
  2⤵
  PID:9436
- C:\Windows\System\jxiytOP.exe
  C:\Windows\System\jxiytOP.exe
  2⤵
  PID:9408
- C:\Windows\System\tARafTB.exe
  C:\Windows\System\tARafTB.exe
  2⤵
  PID:9520
- C:\Windows\System\JCohhCO.exe
  C:\Windows\System\JCohhCO.exe
  2⤵
  PID:9560
- C:\Windows\System\GWQwNih.exe
  C:\Windows\System\GWQwNih.exe
  2⤵
  PID:9604
- C:\Windows\System\lbwWEkM.exe
  C:\Windows\System\lbwWEkM.exe
  2⤵
  PID:9736
- C:\Windows\System\oNlHrzv.exe
  C:\Windows\System\oNlHrzv.exe
  2⤵
  PID:9792
- C:\Windows\System\VmjRjPs.exe
  C:\Windows\System\VmjRjPs.exe
  2⤵
  PID:9820
- C:\Windows\System\iUjwqVR.exe
  C:\Windows\System\iUjwqVR.exe
  2⤵
  PID:9960
- C:\Windows\System\PvvmQcK.exe
  C:\Windows\System\PvvmQcK.exe
  2⤵
  PID:9892
- C:\Windows\System\sabhZxk.exe
  C:\Windows\System\sabhZxk.exe
  2⤵
  PID:10132
- C:\Windows\System\URBNGSw.exe
  C:\Windows\System\URBNGSw.exe
  2⤵
  PID:10192
- C:\Windows\System\SuaFycb.exe
  C:\Windows\System\SuaFycb.exe
  2⤵
  PID:10100
- C:\Windows\System\UzdxJof.exe
  C:\Windows\System\UzdxJof.exe
  2⤵
  PID:9300
- C:\Windows\System\PpWwAGX.exe
  C:\Windows\System\PpWwAGX.exe
  2⤵
  PID:9268
- C:\Windows\System\vILYFcT.exe
  C:\Windows\System\vILYFcT.exe
  2⤵
  PID:9600
- C:\Windows\System\bxXfqyc.exe
  C:\Windows\System\bxXfqyc.exe
  2⤵
  PID:9548
- C:\Windows\System\dmoeqjG.exe
  C:\Windows\System\dmoeqjG.exe
  2⤵
  PID:9756
- C:\Windows\System\TcfQrSK.exe
  C:\Windows\System\TcfQrSK.exe
  2⤵
  PID:9684
- C:\Windows\System\bjRpXwX.exe
  C:\Windows\System\bjRpXwX.exe
  2⤵
  PID:9916
- C:\Windows\System\OxoNlno.exe
  C:\Windows\System\OxoNlno.exe
  2⤵
  PID:10004
- C:\Windows\System\daWNFQD.exe
  C:\Windows\System\daWNFQD.exe
  2⤵
  PID:8408
- C:\Windows\System\yjzIADj.exe
  C:\Windows\System\yjzIADj.exe
  2⤵
  PID:9992
- C:\Windows\System\wVWtrHy.exe
  C:\Windows\System\wVWtrHy.exe
  2⤵
  PID:9460
- C:\Windows\System\VXFsmTe.exe
  C:\Windows\System\VXFsmTe.exe
  2⤵
  PID:10252
- C:\Windows\System\YvGTiyg.exe
  C:\Windows\System\YvGTiyg.exe
  2⤵
  PID:10284
- C:\Windows\System\IwPwwBe.exe
  C:\Windows\System\IwPwwBe.exe
  2⤵
  PID:10316
- C:\Windows\System\xyyUTCn.exe
  C:\Windows\System\xyyUTCn.exe
  2⤵
  PID:10348
- C:\Windows\System\aYatKAE.exe
  C:\Windows\System\aYatKAE.exe
  2⤵
  PID:10376
- C:\Windows\System\jZvXQEX.exe
  C:\Windows\System\jZvXQEX.exe
  2⤵
  PID:10392
- C:\Windows\System\lJzGTEr.exe
  C:\Windows\System\lJzGTEr.exe
  2⤵
  PID:10412
- C:\Windows\System\SmNroOr.exe
  C:\Windows\System\SmNroOr.exe
  2⤵
  PID:10432
- C:\Windows\System\iQKwdAU.exe
  C:\Windows\System\iQKwdAU.exe
  2⤵
  PID:10448
- C:\Windows\System\hhXGgLa.exe
  C:\Windows\System\hhXGgLa.exe
  2⤵
  PID:10476
- C:\Windows\System\UZrsWZe.exe
  C:\Windows\System\UZrsWZe.exe
  2⤵
  PID:10496
- C:\Windows\System\cDjgSXr.exe
  C:\Windows\System\cDjgSXr.exe
  2⤵
  PID:10524
- C:\Windows\System\djoeKVB.exe
  C:\Windows\System\djoeKVB.exe
  2⤵
  PID:10540
- C:\Windows\System\Uybjsss.exe
  C:\Windows\System\Uybjsss.exe
  2⤵
  PID:10556
- C:\Windows\System\rCAIhop.exe
  C:\Windows\System\rCAIhop.exe
  2⤵
  PID:10580
- C:\Windows\System\wrYyWOv.exe
  C:\Windows\System\wrYyWOv.exe
  2⤵
  PID:10608
- C:\Windows\System\PKiXFkj.exe
  C:\Windows\System\PKiXFkj.exe
  2⤵
  PID:10632
- C:\Windows\System\kemxuaq.exe
  C:\Windows\System\kemxuaq.exe
  2⤵
  PID:10664
- C:\Windows\System\FVJKlnW.exe
  C:\Windows\System\FVJKlnW.exe
  2⤵
  PID:10688
- C:\Windows\System\NMvvsMX.exe
  C:\Windows\System\NMvvsMX.exe
  2⤵
  PID:10708
- C:\Windows\System\exBZZGN.exe
  C:\Windows\System\exBZZGN.exe
  2⤵
  PID:10732
- C:\Windows\System\FNlEJLQ.exe
  C:\Windows\System\FNlEJLQ.exe
  2⤵
  PID:10764
- C:\Windows\System\KAMpceA.exe
  C:\Windows\System\KAMpceA.exe
  2⤵
  PID:10800
- C:\Windows\System\viOIjOK.exe
  C:\Windows\System\viOIjOK.exe
  2⤵
  PID:10828
- C:\Windows\System\GvpkWKh.exe
  C:\Windows\System\GvpkWKh.exe
  2⤵
  PID:10852
- C:\Windows\System\PFwzGgH.exe
  C:\Windows\System\PFwzGgH.exe
  2⤵
  PID:10880
- C:\Windows\System\NYWFDOw.exe
  C:\Windows\System\NYWFDOw.exe
  2⤵
  PID:10912
- C:\Windows\System\APKRjcx.exe
  C:\Windows\System\APKRjcx.exe
  2⤵
  PID:10936
- C:\Windows\System\AjBxLvx.exe
  C:\Windows\System\AjBxLvx.exe
  2⤵
  PID:10968
- C:\Windows\System\jEgpxIt.exe
  C:\Windows\System\jEgpxIt.exe
  2⤵
  PID:10996
- C:\Windows\System\PgTTBAP.exe
  C:\Windows\System\PgTTBAP.exe
  2⤵
  PID:11060
- C:\Windows\System\GjLtNgE.exe
  C:\Windows\System\GjLtNgE.exe
  2⤵
  PID:11088
- C:\Windows\System\UcOmQyh.exe
  C:\Windows\System\UcOmQyh.exe
  2⤵
  PID:11116
- C:\Windows\System\babcMAI.exe
  C:\Windows\System\babcMAI.exe
  2⤵
  PID:11148
- C:\Windows\System\hxYEScS.exe
  C:\Windows\System\hxYEScS.exe
  2⤵
  PID:11180
- C:\Windows\System\CjYHZyp.exe
  C:\Windows\System\CjYHZyp.exe
  2⤵
  PID:11208
- C:\Windows\System\PvwXHdE.exe
  C:\Windows\System\PvwXHdE.exe
  2⤵
  PID:11236
- C:\Windows\System\LsSbSwm.exe
  C:\Windows\System\LsSbSwm.exe
  2⤵
  PID:10080
- C:\Windows\System\VdyIBos.exe
  C:\Windows\System\VdyIBos.exe
  2⤵
  PID:9492
- C:\Windows\System\neIXSbM.exe
  C:\Windows\System\neIXSbM.exe
  2⤵
  PID:3784
- C:\Windows\System\BawUCbg.exe
  C:\Windows\System\BawUCbg.exe
  2⤵
  PID:10516
- C:\Windows\System\IFyhKIi.exe
  C:\Windows\System\IFyhKIi.exe
  2⤵
  PID:10568
- C:\Windows\System\ReAgNHL.exe
  C:\Windows\System\ReAgNHL.exe
  2⤵
  PID:10596
- C:\Windows\System\eguqULV.exe
  C:\Windows\System\eguqULV.exe
  2⤵
  PID:10704
- C:\Windows\System\IgwGWWh.exe
  C:\Windows\System\IgwGWWh.exe
  2⤵
  PID:10744
- C:\Windows\System\mdezKgG.exe
  C:\Windows\System\mdezKgG.exe
  2⤵
  PID:10672
- C:\Windows\System\ZxRuoUw.exe
  C:\Windows\System\ZxRuoUw.exe
  2⤵
  PID:10728
- C:\Windows\System\DtlYeHg.exe
  C:\Windows\System\DtlYeHg.exe
  2⤵
  PID:10700
- C:\Windows\System\wQhCHAY.exe
  C:\Windows\System\wQhCHAY.exe
  2⤵
  PID:10780
- C:\Windows\System\jGZrxxz.exe
  C:\Windows\System\jGZrxxz.exe
  2⤵
  PID:10952
- C:\Windows\System\FyHVVnG.exe
  C:\Windows\System\FyHVVnG.exe
  2⤵
  PID:10992
- C:\Windows\System\JRMhqGf.exe
  C:\Windows\System\JRMhqGf.exe
  2⤵
  PID:11072
- C:\Windows\System\tPDlxUv.exe
  C:\Windows\System\tPDlxUv.exe
  2⤵
  PID:11192
- C:\Windows\System\uPRVorf.exe
  C:\Windows\System\uPRVorf.exe
  2⤵
  PID:10248
- C:\Windows\System\yMCHISk.exe
  C:\Windows\System\yMCHISk.exe
  2⤵
  PID:10296
- C:\Windows\System\AkYzjot.exe
  C:\Windows\System\AkYzjot.exe
  2⤵
  PID:10364
- C:\Windows\System\jiAJajO.exe
  C:\Windows\System\jiAJajO.exe
  2⤵
  PID:10548
- C:\Windows\System\kyjZVyP.exe
  C:\Windows\System\kyjZVyP.exe
  2⤵
  PID:10408
- C:\Windows\System\UJCPoUb.exe
  C:\Windows\System\UJCPoUb.exe
  2⤵
  PID:11108
- C:\Windows\System\KHxqjoO.exe
  C:\Windows\System\KHxqjoO.exe
  2⤵
  PID:10592
- C:\Windows\System\NShJefI.exe
  C:\Windows\System\NShJefI.exe
  2⤵
  PID:10900
- C:\Windows\System\qosVlNU.exe
  C:\Windows\System\qosVlNU.exe
  2⤵
  PID:11016
- C:\Windows\System\MocGYxJ.exe
  C:\Windows\System\MocGYxJ.exe
  2⤵
  PID:10644
- C:\Windows\System\lITnHUj.exe
  C:\Windows\System\lITnHUj.exe
  2⤵
  PID:11292
- C:\Windows\System\ALAaTIR.exe
  C:\Windows\System\ALAaTIR.exe
  2⤵
  PID:11320
- C:\Windows\System\zTlCOYk.exe
  C:\Windows\System\zTlCOYk.exe
  2⤵
  PID:11356
- C:\Windows\System\UensuVH.exe
  C:\Windows\System\UensuVH.exe
  2⤵
  PID:11376
- C:\Windows\System\qzeABfu.exe
  C:\Windows\System\qzeABfu.exe
  2⤵
  PID:11404
- C:\Windows\System\PyhVKZO.exe
  C:\Windows\System\PyhVKZO.exe
  2⤵
  PID:11432
- C:\Windows\System\SOsTALn.exe
  C:\Windows\System\SOsTALn.exe
  2⤵
  PID:11460
- C:\Windows\System\ckfgJgS.exe
  C:\Windows\System\ckfgJgS.exe
  2⤵
  PID:11496
- C:\Windows\System\kJIkful.exe
  C:\Windows\System\kJIkful.exe
  2⤵
  PID:11528
- C:\Windows\System\kXeOKvP.exe
  C:\Windows\System\kXeOKvP.exe
  2⤵
  PID:11556
- C:\Windows\System\gEePpIm.exe
  C:\Windows\System\gEePpIm.exe
  2⤵
  PID:11584
- C:\Windows\System\EWGHQIo.exe
  C:\Windows\System\EWGHQIo.exe
  2⤵
  PID:11612
- C:\Windows\System\DDPRbnV.exe
  C:\Windows\System\DDPRbnV.exe
  2⤵
  PID:11640
- C:\Windows\System\ziIHlXU.exe
  C:\Windows\System\ziIHlXU.exe
  2⤵
  PID:11656
- C:\Windows\System\zOkIxcJ.exe
  C:\Windows\System\zOkIxcJ.exe
  2⤵
  PID:11672
- C:\Windows\System\EWlJnaV.exe
  C:\Windows\System\EWlJnaV.exe
  2⤵
  PID:11688
- C:\Windows\System\epWipaj.exe
  C:\Windows\System\epWipaj.exe
  2⤵
  PID:11704
- C:\Windows\System\VFYgrsb.exe
  C:\Windows\System\VFYgrsb.exe
  2⤵
  PID:11720
- C:\Windows\System\oeKGGFC.exe
  C:\Windows\System\oeKGGFC.exe
  2⤵
  PID:11740
- C:\Windows\System\OCihUzu.exe
  C:\Windows\System\OCihUzu.exe
  2⤵
  PID:11772
- C:\Windows\System\aQDhYZU.exe
  C:\Windows\System\aQDhYZU.exe
  2⤵
  PID:11804
- C:\Windows\System\xBuLNFO.exe
  C:\Windows\System\xBuLNFO.exe
  2⤵
  PID:11832
- C:\Windows\System\TFueOLO.exe
  C:\Windows\System\TFueOLO.exe
  2⤵
  PID:11868
- C:\Windows\System\GpeknQY.exe
  C:\Windows\System\GpeknQY.exe
  2⤵
  PID:11896
- C:\Windows\System\UOAOgUm.exe
  C:\Windows\System\UOAOgUm.exe
  2⤵
  PID:11932
- C:\Windows\System\teZmOlf.exe
  C:\Windows\System\teZmOlf.exe
  2⤵
  PID:11960
- C:\Windows\System\hgpbFiI.exe
  C:\Windows\System\hgpbFiI.exe
  2⤵
  PID:11988
- C:\Windows\System\pveOwUO.exe
  C:\Windows\System\pveOwUO.exe
  2⤵
  PID:12020
- C:\Windows\System\NAxPhCE.exe
  C:\Windows\System\NAxPhCE.exe
  2⤵
  PID:12048
- C:\Windows\System\xpgIKVY.exe
  C:\Windows\System\xpgIKVY.exe
  2⤵
  PID:12076
- C:\Windows\System\LMtpkwu.exe
  C:\Windows\System\LMtpkwu.exe
  2⤵
  PID:12116
- C:\Windows\System\tlhlibq.exe
  C:\Windows\System\tlhlibq.exe
  2⤵
  PID:12140
- C:\Windows\System\CVQUhsS.exe
  C:\Windows\System\CVQUhsS.exe
  2⤵
  PID:12168
- C:\Windows\System\nAZrKcl.exe
  C:\Windows\System\nAZrKcl.exe
  2⤵
  PID:12192
- C:\Windows\System\nbTWqwP.exe
  C:\Windows\System\nbTWqwP.exe
  2⤵
  PID:12220
- C:\Windows\System\SkQEaup.exe
  C:\Windows\System\SkQEaup.exe
  2⤵
  PID:12256
- C:\Windows\System\PUBRlpC.exe
  C:\Windows\System\PUBRlpC.exe
  2⤵
  PID:12284
- C:\Windows\System\PTjscCa.exe
  C:\Windows\System\PTjscCa.exe
  2⤵
  PID:11312
- C:\Windows\System\ihBJaBI.exe
  C:\Windows\System\ihBJaBI.exe
  2⤵
  PID:11388
- C:\Windows\System\KiIaSPz.exe
  C:\Windows\System\KiIaSPz.exe
  2⤵
  PID:11480
- C:\Windows\System\amEfzpF.exe
  C:\Windows\System\amEfzpF.exe
  2⤵
  PID:9076
- C:\Windows\System\mjDqjBH.exe
  C:\Windows\System\mjDqjBH.exe
  2⤵
  PID:11604
- C:\Windows\System\aqETIFC.exe
  C:\Windows\System\aqETIFC.exe
  2⤵
  PID:11668
- C:\Windows\System\IlWxHuO.exe
  C:\Windows\System\IlWxHuO.exe
  2⤵
  PID:11700
- C:\Windows\System\AtQWEXn.exe
  C:\Windows\System\AtQWEXn.exe
  2⤵
  PID:11716
- C:\Windows\System\rbuVXGm.exe
  C:\Windows\System\rbuVXGm.exe
  2⤵
  PID:11824
- C:\Windows\System\DKxsumj.exe
  C:\Windows\System\DKxsumj.exe
  2⤵
  PID:11920
- C:\Windows\System\WRiZXSp.exe
  C:\Windows\System\WRiZXSp.exe
  2⤵
  PID:11996
- C:\Windows\System\DyfRizQ.exe
  C:\Windows\System\DyfRizQ.exe
  2⤵
  PID:12056
- C:\Windows\System\KjHpiNy.exe
  C:\Windows\System\KjHpiNy.exe
  2⤵
  PID:12100
- C:\Windows\System\AOzQflS.exe
  C:\Windows\System\AOzQflS.exe
  2⤵
  PID:12132
- C:\Windows\System\cAejVBl.exe
  C:\Windows\System\cAejVBl.exe
  2⤵
  PID:12236
- C:\Windows\System\pJEGTPK.exe
  C:\Windows\System\pJEGTPK.exe
  2⤵
  PID:11452
- C:\Windows\System\yGzMxHN.exe
  C:\Windows\System\yGzMxHN.exe
  2⤵
  PID:11548
- C:\Windows\System\UWfmOzL.exe
  C:\Windows\System\UWfmOzL.exe
  2⤵
  PID:9052
- C:\Windows\System\guHWpoc.exe
  C:\Windows\System\guHWpoc.exe
  2⤵
  PID:11632
- C:\Windows\System\PlUMHRk.exe
  C:\Windows\System\PlUMHRk.exe
  2⤵
  PID:11820
- C:\Windows\System\MKfDVtQ.exe
  C:\Windows\System\MKfDVtQ.exe
  2⤵
  PID:11980
- C:\Windows\System\tskOXck.exe
  C:\Windows\System\tskOXck.exe
  2⤵
  PID:12156
- C:\Windows\System\WnduGiy.exe
  C:\Windows\System\WnduGiy.exe
  2⤵
  PID:11304
- C:\Windows\System\WfGMkOd.exe
  C:\Windows\System\WfGMkOd.exe
  2⤵
  PID:11684
- C:\Windows\System\mtdTzTJ.exe
  C:\Windows\System\mtdTzTJ.exe
  2⤵
  PID:12088
- C:\Windows\System\sZbpTMg.exe
  C:\Windows\System\sZbpTMg.exe
  2⤵
  PID:12228
- C:\Windows\System\GhSmOlJ.exe
  C:\Windows\System\GhSmOlJ.exe
  2⤵
  PID:11856
- C:\Windows\System\URrkQAx.exe
  C:\Windows\System\URrkQAx.exe
  2⤵
  PID:12304
- C:\Windows\System\gkItZaa.exe
  C:\Windows\System\gkItZaa.exe
  2⤵
  PID:12332
- C:\Windows\System\wZmLxXx.exe
  C:\Windows\System\wZmLxXx.exe
  2⤵
  PID:12352
- C:\Windows\System\PChkUtI.exe
  C:\Windows\System\PChkUtI.exe
  2⤵
  PID:12388
- C:\Windows\System\YIklajc.exe
  C:\Windows\System\YIklajc.exe
  2⤵
  PID:12500
- C:\Windows\System\fdwgzxd.exe
  C:\Windows\System\fdwgzxd.exe
  2⤵
  PID:12524
- C:\Windows\System\hKHwxVS.exe
  C:\Windows\System\hKHwxVS.exe
  2⤵
  PID:12544
- C:\Windows\System\vylrhKF.exe
  C:\Windows\System\vylrhKF.exe
  2⤵
  PID:12560
- C:\Windows\System\widEWrs.exe
  C:\Windows\System\widEWrs.exe
  2⤵
  PID:12576
- C:\Windows\System\zOzVdXd.exe
  C:\Windows\System\zOzVdXd.exe
  2⤵
  PID:12592
- C:\Windows\System\OkMCDlz.exe
  C:\Windows\System\OkMCDlz.exe
  2⤵
  PID:12608
- C:\Windows\System\tUfJfro.exe
  C:\Windows\System\tUfJfro.exe
  2⤵
  PID:12624
- C:\Windows\System\POxunBy.exe
  C:\Windows\System\POxunBy.exe
  2⤵
  PID:12640
- C:\Windows\System\MGwSYgb.exe
  C:\Windows\System\MGwSYgb.exe
  2⤵
  PID:12656
- C:\Windows\System\nVBSMRC.exe
  C:\Windows\System\nVBSMRC.exe
  2⤵
  PID:12672
- C:\Windows\System\RuuWLJv.exe
  C:\Windows\System\RuuWLJv.exe
  2⤵
  PID:12704
- C:\Windows\System\BwDNMpk.exe
  C:\Windows\System\BwDNMpk.exe
  2⤵
  PID:12728
- C:\Windows\System\EpjGEyD.exe
  C:\Windows\System\EpjGEyD.exe
  2⤵
  PID:12756
- C:\Windows\System\vDSGJvT.exe
  C:\Windows\System\vDSGJvT.exe
  2⤵
  PID:12776
- C:\Windows\System\WZGPuyk.exe
  C:\Windows\System\WZGPuyk.exe
  2⤵
  PID:12796
- C:\Windows\System\rnIoGgw.exe
  C:\Windows\System\rnIoGgw.exe
  2⤵
  PID:12824
- C:\Windows\System\xqdrxNh.exe
  C:\Windows\System\xqdrxNh.exe
  2⤵
  PID:12844
- C:\Windows\System\RkMtlnD.exe
  C:\Windows\System\RkMtlnD.exe
  2⤵
  PID:12864
- C:\Windows\System\vZaMQpI.exe
  C:\Windows\System\vZaMQpI.exe
  2⤵
  PID:12892
- C:\Windows\System\wEeXmGD.exe
  C:\Windows\System\wEeXmGD.exe
  2⤵
  PID:12928
- C:\Windows\System\YQvQoag.exe
  C:\Windows\System\YQvQoag.exe
  2⤵
  PID:12956
- C:\Windows\System\FRWSHcL.exe
  C:\Windows\System\FRWSHcL.exe
  2⤵
  PID:12980
- C:\Windows\System\zMMGKyh.exe
  C:\Windows\System\zMMGKyh.exe
  2⤵
  PID:13008
- C:\Windows\System\HOUGGbS.exe
  C:\Windows\System\HOUGGbS.exe
  2⤵
  PID:13024
- C:\Windows\System\flZaFCA.exe
  C:\Windows\System\flZaFCA.exe
  2⤵
  PID:13044
- C:\Windows\System\GfGimxh.exe
  C:\Windows\System\GfGimxh.exe
  2⤵
  PID:13060
- C:\Windows\System\nVESRTc.exe
  C:\Windows\System\nVESRTc.exe
  2⤵
  PID:13076
- C:\Windows\System\MlMLSQI.exe
  C:\Windows\System\MlMLSQI.exe
  2⤵
  PID:13092
- C:\Windows\System\TkNhKfo.exe
  C:\Windows\System\TkNhKfo.exe
  2⤵
  PID:13116
- C:\Windows\System\CGmWcAa.exe
  C:\Windows\System\CGmWcAa.exe
  2⤵
  PID:13152
- C:\Windows\System\qoUffkZ.exe
  C:\Windows\System\qoUffkZ.exe
  2⤵
  PID:13176
- C:\Windows\System\BEnQWdZ.exe
  C:\Windows\System\BEnQWdZ.exe
  2⤵
  PID:13204
- C:\Windows\System\exBUMmK.exe
  C:\Windows\System\exBUMmK.exe
  2⤵
  PID:13232
- C:\Windows\System\NVooEDQ.exe
  C:\Windows\System\NVooEDQ.exe
  2⤵
  PID:13264
- C:\Windows\System\TCQVCgB.exe
  C:\Windows\System\TCQVCgB.exe
  2⤵
  PID:13284
- C:\Windows\System\HkzPsnO.exe
  C:\Windows\System\HkzPsnO.exe
  2⤵
  PID:13308
- C:\Windows\System\nbXetlp.exe
  C:\Windows\System\nbXetlp.exe
  2⤵
  PID:12320
- C:\Windows\System\jiWcGSQ.exe
  C:\Windows\System\jiWcGSQ.exe
  2⤵
  PID:12464
- C:\Windows\System\EjTAKwW.exe
  C:\Windows\System\EjTAKwW.exe
  2⤵
  PID:12440
- C:\Windows\System\BakwHEf.exe
  C:\Windows\System\BakwHEf.exe
  2⤵
  PID:12636
- C:\Windows\System\RsnUQmU.exe
  C:\Windows\System\RsnUQmU.exe
  2⤵
  PID:12508
- C:\Windows\System\lPBWESn.exe
  C:\Windows\System\lPBWESn.exe
  2⤵
  PID:12724
- C:\Windows\System\rodBPbx.exe
  C:\Windows\System\rodBPbx.exe
  2⤵
  PID:12568
- C:\Windows\System\GwHRVyW.exe
  C:\Windows\System\GwHRVyW.exe
  2⤵
  PID:12420
- C:\Windows\System\RGjtAzX.exe
  C:\Windows\System\RGjtAzX.exe
  2⤵
  PID:12616
- C:\Windows\System\AMLzJZe.exe
  C:\Windows\System\AMLzJZe.exe
  2⤵
  PID:12788
- C:\Windows\System\RwDNSvu.exe
  C:\Windows\System\RwDNSvu.exe
  2⤵
  PID:12936
- C:\Windows\System\WAtzKPr.exe
  C:\Windows\System\WAtzKPr.exe
  2⤵
  PID:13020
- C:\Windows\System\JaGFNaE.exe
  C:\Windows\System\JaGFNaE.exe
  2⤵
  PID:13104
- C:\Windows\System\vRyHmFF.exe
  C:\Windows\System\vRyHmFF.exe
  2⤵
  PID:13168
- C:\Windows\System\LlJudjv.exe
  C:\Windows\System\LlJudjv.exe
  2⤵
  PID:13248
- C:\Windows\System\ckDcadE.exe
  C:\Windows\System\ckDcadE.exe
  2⤵
  PID:12344
- C:\Windows\System\tOntetk.exe
  C:\Windows\System\tOntetk.exe
  2⤵
  PID:12428
- C:\Windows\System\kIAPedL.exe
  C:\Windows\System\kIAPedL.exe
  2⤵
  PID:13052
- C:\Windows\System\viPXbAh.exe
  C:\Windows\System\viPXbAh.exe
  2⤵
  PID:13144
- C:\Windows\System\RqIzHxD.exe
  C:\Windows\System\RqIzHxD.exe
  2⤵
  PID:12368
- C:\Windows\System\GhgUIHv.exe
  C:\Windows\System\GhgUIHv.exe
  2⤵
  PID:12768
- C:\Windows\System\dCHKQEb.exe
  C:\Windows\System\dCHKQEb.exe
  2⤵
  PID:13016
- C:\Windows\System\gayerSt.exe
  C:\Windows\System\gayerSt.exe
  2⤵
  PID:12412
- C:\Windows\System\VwqwQgc.exe
  C:\Windows\System\VwqwQgc.exe
  2⤵
  PID:13340
- C:\Windows\System\LzlpOmP.exe
  C:\Windows\System\LzlpOmP.exe
  2⤵
  PID:13368
- C:\Windows\System\HNXPtcr.exe
  C:\Windows\System\HNXPtcr.exe
  2⤵
  PID:13392
- C:\Windows\System\zfqeGwK.exe
  C:\Windows\System\zfqeGwK.exe
  2⤵
  PID:13416
- C:\Windows\System\usqjJjx.exe
  C:\Windows\System\usqjJjx.exe
  2⤵
  PID:13448
- C:\Windows\System\VKGFQdh.exe
  C:\Windows\System\VKGFQdh.exe
  2⤵
  PID:13472
- C:\Windows\System\oeDBAYY.exe
  C:\Windows\System\oeDBAYY.exe
  2⤵
  PID:13488
- C:\Windows\System\yQHKARD.exe
  C:\Windows\System\yQHKARD.exe
  2⤵
  PID:13504
- C:\Windows\System\LAGvNKo.exe
  C:\Windows\System\LAGvNKo.exe
  2⤵
  PID:13520
- C:\Windows\System\uMppWeL.exe
  C:\Windows\System\uMppWeL.exe
  2⤵
  PID:13540
- C:\Windows\System\yGhsseR.exe
  C:\Windows\System\yGhsseR.exe
  2⤵
  PID:13560
- C:\Windows\System\JcoOlOl.exe
  C:\Windows\System\JcoOlOl.exe
  2⤵
  PID:13580
- C:\Windows\System\WRjkNBX.exe
  C:\Windows\System\WRjkNBX.exe
  2⤵
  PID:13612
- C:\Windows\System\HUrILCM.exe
  C:\Windows\System\HUrILCM.exe
  2⤵
  PID:13648
- C:\Windows\System\ecrQRvS.exe
  C:\Windows\System\ecrQRvS.exe
  2⤵
  PID:13684
- C:\Windows\System\ClRhFON.exe
  C:\Windows\System\ClRhFON.exe
  2⤵
  PID:13712
- C:\Windows\System\KNTesQz.exe
  C:\Windows\System\KNTesQz.exe
  2⤵
  PID:13740
- C:\Windows\System\ajjcuRt.exe
  C:\Windows\System\ajjcuRt.exe
  2⤵
  PID:13772
- C:\Windows\System\QCEgBMS.exe
  C:\Windows\System\QCEgBMS.exe
  2⤵
  PID:13800
- C:\Windows\System\gJFQkGL.exe
  C:\Windows\System\gJFQkGL.exe
  2⤵
  PID:13832
- C:\Windows\System\nXFsjof.exe
  C:\Windows\System\nXFsjof.exe
  2⤵
  PID:13860
- C:\Windows\System\vWMmNcE.exe
  C:\Windows\System\vWMmNcE.exe
  2⤵
  PID:13888
- C:\Windows\System\UOAgmmr.exe
  C:\Windows\System\UOAgmmr.exe
  2⤵
  PID:13924
- C:\Windows\System\MFWRiDK.exe
  C:\Windows\System\MFWRiDK.exe
  2⤵
  PID:13964
- C:\Windows\System\Gcvqroe.exe
  C:\Windows\System\Gcvqroe.exe
  2⤵
  PID:13996
- C:\Windows\System\LGtbAds.exe
  C:\Windows\System\LGtbAds.exe
  2⤵
  PID:14032
- C:\Windows\System\fMSAylm.exe
  C:\Windows\System\fMSAylm.exe
  2⤵
  PID:14052
- C:\Windows\System\jKdEPXp.exe
  C:\Windows\System\jKdEPXp.exe
  2⤵
  PID:14080
- C:\Windows\System\MfltwhX.exe
  C:\Windows\System\MfltwhX.exe
  2⤵
  PID:14112
- C:\Windows\System\bGyKwAN.exe
  C:\Windows\System\bGyKwAN.exe
  2⤵
  PID:14140
- C:\Windows\System\WeNbNkA.exe
  C:\Windows\System\WeNbNkA.exe
  2⤵
  PID:14168
- C:\Windows\System\hCglveh.exe
  C:\Windows\System\hCglveh.exe
  2⤵
  PID:14192
- C:\Windows\System\UjngSgc.exe
  C:\Windows\System\UjngSgc.exe
  2⤵
  PID:14216
- C:\Windows\System\eYiTEUG.exe
  C:\Windows\System\eYiTEUG.exe
  2⤵
  PID:14244
- C:\Windows\System\eGAGWwz.exe
  C:\Windows\System\eGAGWwz.exe
  2⤵
  PID:14280
- C:\Windows\System\bqHgHty.exe
  C:\Windows\System\bqHgHty.exe
  2⤵
  PID:14312
- C:\Windows\System\vsOgKSU.exe
  C:\Windows\System\vsOgKSU.exe
  2⤵
  PID:12904
- C:\Windows\System\LNmWlyD.exe
  C:\Windows\System\LNmWlyD.exe
  2⤵
  PID:13056
- C:\Windows\System\FsRcdfM.exe
  C:\Windows\System\FsRcdfM.exe
  2⤵
  PID:12888
- C:\Windows\System\kCVtjeT.exe
  C:\Windows\System\kCVtjeT.exe
  2⤵
  PID:12988
- C:\Windows\System\jnmptZp.exe
  C:\Windows\System\jnmptZp.exe
  2⤵
  PID:12836
- C:\Windows\System\ozHepuq.exe
  C:\Windows\System\ozHepuq.exe
  2⤵
  PID:13384
- C:\Windows\System\mvnjvKq.exe
  C:\Windows\System\mvnjvKq.exe
  2⤵
  PID:13424
- C:\Windows\System\rNrKVLg.exe
  C:\Windows\System\rNrKVLg.exe
  2⤵
  PID:12292
- C:\Windows\System\bfGOsuT.exe
  C:\Windows\System\bfGOsuT.exe
  2⤵
  PID:13480
- C:\Windows\System\JbApBdr.exe
  C:\Windows\System\JbApBdr.exe
  2⤵
  PID:13512
- C:\Windows\System\KcWYUTr.exe
  C:\Windows\System\KcWYUTr.exe
  2⤵
  PID:13704
- C:\Windows\System\kTApCQZ.exe
  C:\Windows\System\kTApCQZ.exe
  2⤵
  PID:13824
- C:\Windows\System\usbUxNK.exe
  C:\Windows\System\usbUxNK.exe
  2⤵
  PID:13608
- C:\Windows\System\wZDVzPj.exe
  C:\Windows\System\wZDVzPj.exe
  2⤵
  PID:13908
- C:\Windows\System\OovdHhb.exe
  C:\Windows\System\OovdHhb.exe
  2⤵
  PID:13952
- C:\Windows\System\gFEliQb.exe
  C:\Windows\System\gFEliQb.exe
  2⤵
  PID:13748
- C:\Windows\System\zDAtwco.exe
  C:\Windows\System\zDAtwco.exe
  2⤵
  PID:13980
- C:\Windows\System\XgMStRU.exe
  C:\Windows\System\XgMStRU.exe
  2⤵
  PID:14020
- C:\Windows\System\ZYChsAn.exe
  C:\Windows\System\ZYChsAn.exe
  2⤵
  PID:13816
- C:\Windows\System\SqpbXUt.exe
  C:\Windows\System\SqpbXUt.exe
  2⤵
  PID:13632
- C:\Windows\System\vExndcV.exe
  C:\Windows\System\vExndcV.exe
  2⤵
  PID:13956
- C:\Windows\System\dasIRjc.exe
  C:\Windows\System\dasIRjc.exe
  2⤵
  PID:14088
- C:\Windows\System\qNcytzD.exe
  C:\Windows\System\qNcytzD.exe
  2⤵
  PID:14208
- C:\Windows\System\zDoSdJG.exe
  C:\Windows\System\zDoSdJG.exe
  2⤵
  PID:12812
- C:\Windows\System\RgEWtKT.exe
  C:\Windows\System\RgEWtKT.exe
  2⤵
  PID:14304
- C:\Windows\System\DjSYtGT.exe
  C:\Windows\System\DjSYtGT.exe
  2⤵
  PID:12856
- C:\Windows\System\HzkgWKp.exe
  C:\Windows\System\HzkgWKp.exe
  2⤵
  PID:13212
- C:\Windows\System\eebjBuk.exe
  C:\Windows\System\eebjBuk.exe
  2⤵
  PID:14240
- C:\Windows\System\MxdCtIk.exe
  C:\Windows\System\MxdCtIk.exe
  2⤵
  PID:12600
- C:\Windows\System\nLbWVIr.exe
  C:\Windows\System\nLbWVIr.exe
  2⤵
  PID:14340
- C:\Windows\System\NqqSRWa.exe
  C:\Windows\System\NqqSRWa.exe
  2⤵
  PID:14360
- C:\Windows\System\qBbbxvS.exe
  C:\Windows\System\qBbbxvS.exe
  2⤵
  PID:14388
- C:\Windows\System\YsGhuKC.exe
  C:\Windows\System\YsGhuKC.exe
  2⤵
  PID:14424
- C:\Windows\System\tVfdpFz.exe
  C:\Windows\System\tVfdpFz.exe
  2⤵
  PID:14452
- C:\Windows\System\DBdTqhF.exe
  C:\Windows\System\DBdTqhF.exe
  2⤵
  PID:14480
- C:\Windows\System\oeKyEys.exe
  C:\Windows\System\oeKyEys.exe
  2⤵
  PID:14508
- C:\Windows\System\LkCswaF.exe
  C:\Windows\System\LkCswaF.exe
  2⤵
  PID:14552
- C:\Windows\System\VexZuyT.exe
  C:\Windows\System\VexZuyT.exe
  2⤵
  PID:14584
- C:\Windows\System\oSOtWag.exe
  C:\Windows\System\oSOtWag.exe
  2⤵
  PID:14612
- C:\Windows\System\SWQJgsz.exe
  C:\Windows\System\SWQJgsz.exe
  2⤵
  PID:14636
- C:\Windows\System\awzmtbe.exe
  C:\Windows\System\awzmtbe.exe
  2⤵
  PID:14664
- C:\Windows\System\MMBsCLK.exe
  C:\Windows\System\MMBsCLK.exe
  2⤵
  PID:14692
- C:\Windows\System\KTnDcbh.exe
  C:\Windows\System\KTnDcbh.exe
  2⤵
  PID:14716
- C:\Windows\System\MMxTBxZ.exe
  C:\Windows\System\MMxTBxZ.exe
  2⤵
  PID:14744
- C:\Windows\System\eMqisLz.exe
  C:\Windows\System\eMqisLz.exe
  2⤵
  PID:15116
- C:\Windows\System\lSMWPqv.exe
  C:\Windows\System\lSMWPqv.exe
  2⤵
  PID:15132
- C:\Windows\System\TvNaVeZ.exe
  C:\Windows\System\TvNaVeZ.exe
  2⤵
  PID:15148
- C:\Windows\System\UrsXzBe.exe
  C:\Windows\System\UrsXzBe.exe
  2⤵
  PID:15164

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BGJhGiQ.exe

Filesize
3.5MB

MD5
62540d9b1a70f6d37d8765a9ead40f5a

SHA1
4eb45170cc27c24847dcece6e32a63cc0b9d0ac2

SHA256
f580bf7260dfa9ad9ab5b4477c33d5ba836e9d1fd561ad769ff4bd87142f05da

SHA512
d0de5035a951c42cc09fc189d055d273beab5fe250bd27bed6e08347de18462d07056776ac9a8fa90d28e227a13ab8ece94b7518316363f59f5a8c8cababf9df

Download Submit
C:\Windows\System\BViLayp.exe

Filesize
3.5MB

MD5
c35d482cc62bbd730fd49a8fcf4fad3f

SHA1
e45825c1f20616cc248312147aa23dcb775dda14

SHA256
113ab4be97cb365f50c82964b197a30d181e483216d8f2afdc765a8f47725f96

SHA512
87e400f83f69b9f6e6afe738c4b0890cfdc3b5036df3f493cdd40dbc35e76db6ed2f30df255630c9e6271e3b595af5a60062ce135bdf667a7753b1e9f139c556

Download Submit
C:\Windows\System\BXGpIDU.exe

Filesize
3.5MB

MD5
8629c2c15e36fa5538cef7bf1a4ab5e4

SHA1
d6d0b5d624228c17cb768b30bb524e8267914cd3

SHA256
6bdc91cda63986b1c7c7906ba72665f1871aee3c75a4f6f6f8a631e2e0334d74

SHA512
49cad7a0560256ef6b43f7e662a34ed9ff9f569cd48c053ce3dcca1c5e9bd08edad1000bc9bb11f7a7311f229435909b50032988e4aef72f31a2d0a7a77fa3d8

Download Submit
C:\Windows\System\CEpYhom.exe

Filesize
3.5MB

MD5
380fbb48c43b43f269436ea65c54b66d

SHA1
5e63f4d7fcaa5b09aee10aa9513006bdd01f86b6

SHA256
ab1b5edea263a19f56dc54fe802b91b038cbf4c4540e87e3dc028c8daf004187

SHA512
581bd80b890c46662f8710d755bfd6dd577b8af3f0437078442af49313222aec011d2bda86fb1c1f985739b73ab814551f5cfd043572ce198e8144a657059263

Download Submit
C:\Windows\System\CXYkMLr.exe

Filesize
3.5MB

MD5
64ad14974f78a286c101b9871b443345

SHA1
f27277c9fa0081445e8870e6ab68cee945557669

SHA256
ee6c6319f8383637421d52a04e3380b0be813b90eb8fa8a09df45ac0862d2072

SHA512
aa0b1bebf7439c8c1919bcb9e323b0b0bffc025e2fb003149b140887738dfb63dbc247f77bfc3f63de0ef3ff1ffd98fd63d6676aaa37cb3e06106015424aa289

Download Submit
C:\Windows\System\DzRhwgA.exe

Filesize
3.5MB

MD5
6dcb6c752e6973bfa1a94163ea9a99c3

SHA1
240c25553b7b53084045e93076013f473fa84bef

SHA256
e0436b908cd6ff9aac7f3c02adc64b7573cf19359f468fad66600aae07331012

SHA512
9d7b3ce3f42eea90d62fc9a746405bb880f36b40731d34d2979670364d19a7ce02b361f5deac77c19090de8b5f44bd6c78119b489d2c273344cb36c8a2de1541

Download Submit
C:\Windows\System\GUwzYku.exe

Filesize
3.5MB

MD5
a0809ebee89eb6d0c1e4f8a91e001e4c

SHA1
daebcee5030d4b3b48b13a07cc3c52358d66a925

SHA256
c7834a17ba73fdd87d785410ab0cc32a9e44f215c1c0b13dc0fcfde8a761adcb

SHA512
28a8b4faaf9950bc300b492636428504b978cf81251b6d8f417b6a0970647b7786a77fcfc63807823ff258bec1c568863ff04cfb0365bc35b33bc25b762727e2

Download Submit
C:\Windows\System\GrslPQn.exe

Filesize
3.5MB

MD5
e90143b065bf5fab3ff8abcdd2fb94af

SHA1
fd78ec98eb8767a52b8f07ad268e67bf15cfe976

SHA256
0cc1efeac35f1b1e9d638b22811045e1894e6652d7a7b7276218b5e1a611e7a7

SHA512
28f9b322136301dea45ac8f462c6506c39c23d041ddec599693ecac22bbe679c0cd24547cb1ccfe604aefbeae1e21b221d8a7adde52d5910f83a4c990c742312

Download Submit
C:\Windows\System\HFZREYO.exe

Filesize
3.5MB

MD5
aac94105545468779a3aff75ae579e83

SHA1
ffd844514bb2e952d0d2fdec8b9dabd7b9550c94

SHA256
f86157e2b961896e229222a111b27a3ca0cdf5f2e8d175e28e32527436e8c16c

SHA512
e4ff4081263b858a2ef33161df1928f516633c93532652900b5cd7accbbc32d48b5e916c548682347f509b0e132afae3b86dc75e6dc13e3d6b5de9a7c7d93ea2

Download Submit
C:\Windows\System\HwHsrBw.exe

Filesize
3.5MB

MD5
4f1199dc6bd348d9f02cd0e60a26e12b

SHA1
01b862c7ddd6e0a274d66952865972253e455727

SHA256
1cf5457aff42694aadd51628918d2ce570126b817a3d6192ce6a45154dd77f2a

SHA512
1d71cf55ea4e5f60068e45444b1f6aab3019f3787b2e76323704f8b51db69aa7d1d3ed9c75ebf90463f84cdeb55f2bf28bccb54d96e0cb56daf1ca1bce521698

Download Submit
C:\Windows\System\IiKUFwY.exe

Filesize
3.5MB

MD5
3eaa49e8dbf077874fbb85a9266571e8

SHA1
baf917ed7f45bcdaabc468daad2bee0060ec0b95

SHA256
93d4f1c10a09e3113fa89d0968e875db6c7c8460c988e7bdc16aa6cb6db9143e

SHA512
15fb206f68b83195c4b774d6126130a49f7d91302f7f0e5607fd0e42aa4759db3600ae1c6ee55d77d11abd2ac06caa21eafdebb0f063f6c09f573f21ba65b8e7

Download Submit
C:\Windows\System\JzydvuF.exe

Filesize
3.5MB

MD5
95dbb3382399d66bb64e0931d6338d42

SHA1
29e6ee63d1106c52cbd5f3d000acd26db41dab48

SHA256
a70f1662c45d44ab5427278c0d826bd731c364c3c4fbaa12f06724da3dd5677f

SHA512
450438aa9297ee589d03b78f0e97aa9ad0871f118c6603a38fc83be14ac3023b5a5a46ae7ab72475bec207a03a254c7ce639a4f1e8ef3c9b0115d95fe1e9e489

Download Submit
C:\Windows\System\NCojjod.exe

Filesize
3.5MB

MD5
52a8a7e8a6259f0fd631c75b18081871

SHA1
2ea36facbeb38fc49b5a218dd7b74c81093b9bd3

SHA256
33289d5155efb01602de76457e12d99adb41c60a844bcd04e4c417979422844c

SHA512
e0ab97e69b0236b2e00b01f309aa4deef58e417204318f7324d7944fc9817fe3379ddf51be132710c2803b66cf5161355f006063104a11c29bd67233afa3765a

Download Submit
C:\Windows\System\PGUMufm.exe

Filesize
3.5MB

MD5
a9faf075dddffc24858035ed89131521

SHA1
a678981fe7aa4da7b089a363e2546a1e9e6f6398

SHA256
f2add67a0b9ec9dd46ce88e8209161af47692170633bfc8490bbdd30669365f6

SHA512
5b90e71af33bed4ebfc53be3516f2c58c32ecbd6b269a6c0b2e7d69fd93b05cf088c11138836dc046de1848bc0d0758a64111fa30ea032f39525af8078892e0a

Download Submit
C:\Windows\System\POXiony.exe

Filesize
3.5MB

MD5
74850d537ea9d0dd7efd2237d3c946bc

SHA1
a13724f27bfe0584f9a8f900d66eb61dd709ad36

SHA256
3edc4f3d21f9592d4888f36dc49c7b1993d8a7b88cb2d95c555def536df9ce0a

SHA512
7fe1fd21ed284fbc69d497d2dc5254ba25076e5e2f591b3a1bd1e66cab25e8769ed75ec217e0f629b8e47310fcaea98d5a0f64cc6ebaf2d4d2f1f3fe73d6cd20

Download Submit
C:\Windows\System\QJjyBEt.exe

Filesize
3.5MB

MD5
4b114c241f04ec236c449c4d6cf7e081

SHA1
a9c0c57d856a4a1fd4e016d544275dd374a7c97c

SHA256
4b1eb8f6344b084e2e927a17c868df6d0ecacd904e122e30320f25c9643301ca

SHA512
8b2c4daf544385d5e32311b558ab388ba347ef0a132c78c19609051b2feb526a873b3303ada0e37c7a2dadcc0fa0fd6924ebd62f01f0884c3ba4c964e2cf22b8

Download Submit
C:\Windows\System\QczGJCA.exe

Filesize
3.5MB

MD5
8deb3dbc922721f38fee017360d27d0e

SHA1
db63d41aa76c417767e57fd2c56cb43f2a5771e6

SHA256
4be0ba7eacbcb596f57c1bb3e864f6f30afdc27cb084c0a5de4937a30e642701

SHA512
bb8977d935ee559a0379250a3f1b7c44e600be641fe8d1cfa40d924f9ecee3142e01d46ed4425ca6ae9cb42a984ddecfc55eadebecf021541b7979d4f1bb8573

Download Submit
C:\Windows\System\UwNugjm.exe

Filesize
3.5MB

MD5
914bea6a495c0855ac4d598b3de843be

SHA1
517143a6b7716a3c7a76c5799b90c2b9ac3b2e45

SHA256
7331d37b4d27792371f150b7e1be7740b98812bc4d6b69e61db4381abf5deeae

SHA512
17094d94ee9b9dfd0682eaef68025624ee6f8da8b14b970b3d9287b9976f545ee34607f124cd76ba977ad146b588e01bce37cba3987b951e15725e16ed3dc055

Download Submit
C:\Windows\System\VVDrHAJ.exe

Filesize
3.5MB

MD5
638af03229ff7d271d88b1cc326f8d99

SHA1
44d5a8a242dac40fa3f5d314101e81b573f46018

SHA256
27a75e4b667d6cc51ea3e48ff860424a78edb3b1174386136de0abf9b823cf0f

SHA512
0f5d2e6f4419d755fe96d51c9cbd4280a4813b55810c5ae4e2c008d29757a068a4fa4e81f656c544df2bb7f26544c33cdb230e2c2407792b34015892897b9521

Download Submit
C:\Windows\System\WsXzQNX.exe

Filesize
3.5MB

MD5
e58dd40054c5d151e1b61122c99bc1a6

SHA1
c4e534b856ead48ac47abf05b6f5d4d17d6604ec

SHA256
3cdaf6f659600d6629fe885067a2e367f484e54bceedda9b606d5a4b17a09ae4

SHA512
cf47d22a6d3fc20ee675c9a6b7b59b11031c870a191fa5cabc0d97dd7396879020260a9180a3298f2d8b8cc0fb5bd7d814b226b387ded1369f164b73d93a40c3

Download Submit
C:\Windows\System\YOmyWgB.exe

Filesize
3.5MB

MD5
00e028da8fc86aa5d7342bf439925674

SHA1
e5205931422cecedd1392518673e0ad6b8cdf45b

SHA256
2eab851d96a6745ee4a3f38eafc003be025ac5e82fb60884b0cc2339d309ac63

SHA512
638d95bcb731deb9d58b305780bf9deef1f26211e1731c2a0e52e3a71850bbfb8a9a655ba3b3ce36d7663b4a586df7d958300147b49a9b4305ee2d321e0d3102

Download Submit
C:\Windows\System\ZXIBcKH.exe

Filesize
3.5MB

MD5
4c8127040ef7cf29cde011ae93938047

SHA1
1225ffa8e191cdd9ed819228a0c914c8ed215da9

SHA256
7a9dac9f3d839baf58b858c15d1f954db7c058d6d4b8246c734d8880ca33af76

SHA512
40975e9ce7b380480f5178471002a5acdba3097713773f2099adba6c35bc84685b2f82c5a72feb741a16d070689ecd041b6e8ca458aed2efd1bf735651e351e4

Download Submit
C:\Windows\System\dzGCdnp.exe

Filesize
3.5MB

MD5
b5f5ebde64b76fe2ea408522b1d9b5c1

SHA1
975e5f63e5257c0a7110d9d4752eec9f3147f716

SHA256
a708573c72e782ac27ad383dc62836dcaba492544116d1e6a766343c7b62b93e

SHA512
907a9dfaba75507c55ec96b6d3280387d5d04eabbd35b0ef36291cfdc80392ad316b1f10d1eb424c2652de934f64297eccdb604e7afa3254908bceb10690595f

Download Submit
C:\Windows\System\ghSWgPz.exe

Filesize
3.5MB

MD5
5c4f74187e0419dec2aaab11f19e3754

SHA1
c3500b7107ecb70ed4035893742c4c273d61cf3a

SHA256
a9399a2c5d359eef303592d4bdc6b1dd0cbfa62f81213f8e2d3c4bf3df55cc10

SHA512
fa1db20dd049d51538340dd3606c95f8a6ad333b77509636547687299aaacdc5020a6426b9dc7f252206c6f4cd2cc0b8b7e708d0a93a1110e75ad6d742944a1d

Download Submit
C:\Windows\System\gjuobjV.exe

Filesize
3.5MB

MD5
819e8790424587d1aa34f77efba40810

SHA1
886aa2d10950892af05c576819a4ffc39e27a55e

SHA256
5413e271134d522c91419b839d82984d4c9f845636765f3fdbb2d37258a5274f

SHA512
f973493493243a56827d2856189792feac954423b5ee997e33b85b8844b69b3ce06870f2237e65806e6ed6344784de906065456133587e970705fc0d77caa0db

Download Submit
C:\Windows\System\hREsnFu.exe

Filesize
3.5MB

MD5
d8693ddd2a542e07993d0a9f7a0fd6d7

SHA1
ec53af705130813bcc61defa1f4bcc0a62c4a5be

SHA256
63045f999b9c31961adab6269c83881600db2f54340a70b3a344aae07d4b8098

SHA512
7fb65a4c6d6e3f0c42ce43b73ea08477b208d763174b3ff58c84a72f542dfb94bf6da5d4f71777711e6bc7b1dc1023e1534840c3b8a9439ac81d74c6102a4a04

Download Submit
C:\Windows\System\jtkHDVI.exe

Filesize
3.5MB

MD5
13a4682eeb745bef19436a9666604107

SHA1
8b238f9cd2cbeec15d509de2396d841eeb48c5fb

SHA256
b311fa8a52af012238851c62dbb0968819fcab66c2da308d9d6d4d75892d137d

SHA512
1d6f140043246f49afd8cfc1d1c3096a7b47e14ed9abc56218c70b8ae8e840fc5281f1c97095dbbb9a03c825d909cc2ec467d725083a3b8acac9067e5b0b8986

Download Submit
C:\Windows\System\kQwOmUK.exe

Filesize
3.5MB

MD5
fb9980b68e1a5ab5284384a16bb2c28b

SHA1
482d9070f2b031d16501b79d0db1ae60dec24b33

SHA256
7a0dd2191601a3c4630c5d2dd70e1887f24a47b18a7307738c102d223bbee12a

SHA512
a5bd1504e4bb7134439bdc13f723d41842089229ea9c24d1e1dd56098aa0dd204ee8c447663c91ae70d8ed3aaf9c5005d5258b377c5634adfe89bcb70d594adc

Download Submit
C:\Windows\System\wGLBglg.exe

Filesize
3.5MB

MD5
b58069c8ef35790c4ecb1ac1ecf8b4a8

SHA1
c80aa0d8ace945d29558461df4a41e2009ae7d89

SHA256
133d35da4ca2d3045317f268d97b81440e30ca50e94c5fcc11ae9c7d317215a5

SHA512
787b903138ab16b5dde0138b035c55c0c73bf377cb2bd4bc23b24ff46aaa52df70820ce19c2ebe84b429d50bcd61b0b52b169e96ea3a33d593815090053c4213

Download Submit
C:\Windows\System\wwnOLwS.exe

Filesize
3.5MB

MD5
136642c10cfb1e405c1ef05941075b19

SHA1
b7b7f639ddc80cc9942f62c87796c454ae1b7ce6

SHA256
ffd7fa32c5efd188e0e0347119a9410dcab4950a405b9972ba7accddb5eeaaf4

SHA512
c41fbb3de1b0afc75ac759e1697051c87af6edb75d09783945cea003ff4011e2b55bc2d06427f9474dd273bc4f9badceaf25d6616c861983b10f3cfc51394a87

Download Submit
C:\Windows\System\xXtnHlf.exe

Filesize
3.5MB

MD5
3a8d066acf5f6a294d67393cc51fd661

SHA1
ac9cc2442e8423caf2ba8b82f67b581ab5f2992a

SHA256
678f49c48c7c59b907292d07fd97439ea97f31b6068a6761f3f2be340664f1fb

SHA512
aa350a2d1f9b102c6e2bbd2fe0a6ae343b12c46cec54ea0b0968855b302b2ba7dd631ef838756a93b1bef76e2ff7a82bb1b996e63dfdebe1dfef0009412462d8

Download Submit
C:\Windows\System\yiNWOYw.exe

Filesize
3.5MB

MD5
36ecfd280cf16428b3b0ac0d3da760ba

SHA1
a78f2aea3f8a03934e74d34314827c6f194b41da

SHA256
985eb7de75c6e357aba5850623e3ab384fccc11dd8a45ae65fdcc758146a73ce

SHA512
54549e3ffa6557c037d84d977676a754ce5fc3395ec3eb4a4fed426ac138122bf58d0d260280233e3cbff9a953509b62c3f881214a9d7ce1202561d691dbdfa5

Download Submit
C:\Windows\System\zllDbMw.exe

Filesize
3.5MB

MD5
442d0cb77aff525db929adde28ff2b51

SHA1
af3825bc672fe8587287fed1094e838951a06ca9

SHA256
a3c68e3de3a6cf0d37f9a0013056d66da683cf187bbdc57f89ddf845b9db164d

SHA512
086de816d53e7f12ff59aeffe9f375bd36b87f23b3b58c459e19f7cdcdd929e40b9998e7f072db7d3f279ae5dd3366c945d0dbda0397c73a1756ef9e74420049

Download Submit
memory/848-2411-0x00007FF6FB8D0000-0x00007FF6FBC21000-memory.dmp

Filesize
3.3MB

Download
memory/848-182-0x00007FF6FB8D0000-0x00007FF6FBC21000-memory.dmp

Filesize
3.3MB

Download
memory/956-172-0x00007FF6C6A00000-0x00007FF6C6D51000-memory.dmp

Filesize
3.3MB

Download
memory/1088-55-0x00007FF695890000-0x00007FF695BE1000-memory.dmp

Filesize
3.3MB

Download
memory/1088-2385-0x00007FF695890000-0x00007FF695BE1000-memory.dmp

Filesize
3.3MB

Download
memory/1088-1115-0x00007FF695890000-0x00007FF695BE1000-memory.dmp

Filesize
3.3MB

Download
memory/1124-160-0x00007FF63E2E0000-0x00007FF63E631000-memory.dmp

Filesize
3.3MB

Download
memory/1124-2405-0x00007FF63E2E0000-0x00007FF63E631000-memory.dmp

Filesize
3.3MB

Download
memory/1268-1110-0x00007FF6D23B0000-0x00007FF6D2701000-memory.dmp

Filesize
3.3MB

Download
memory/1268-2373-0x00007FF6D23B0000-0x00007FF6D2701000-memory.dmp

Filesize
3.3MB

Download
memory/1268-37-0x00007FF6D23B0000-0x00007FF6D2701000-memory.dmp

Filesize
3.3MB

Download
memory/1380-2393-0x00007FF75D6C0000-0x00007FF75DA11000-memory.dmp

Filesize
3.3MB

Download
memory/1380-116-0x00007FF75D6C0000-0x00007FF75DA11000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2395-0x00007FF60AAC0000-0x00007FF60AE11000-memory.dmp

Filesize
3.3MB

Download
memory/1620-134-0x00007FF60AAC0000-0x00007FF60AE11000-memory.dmp

Filesize
3.3MB

Download
memory/1832-20-0x00007FF6599B0000-0x00007FF659D01000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2350-0x00007FF6599B0000-0x00007FF659D01000-memory.dmp

Filesize
3.3MB

Download
memory/1832-968-0x00007FF6599B0000-0x00007FF659D01000-memory.dmp

Filesize
3.3MB

Download
memory/2096-0-0x00007FF6F4970000-0x00007FF6F4CC1000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1-0x00000297E8620000-0x00000297E8630000-memory.dmp

Filesize
64KB

Download
memory/2096-869-0x00007FF6F4970000-0x00007FF6F4CC1000-memory.dmp

Filesize
3.3MB

Download
memory/2132-181-0x00007FF7C53F0000-0x00007FF7C5741000-memory.dmp

Filesize
3.3MB

Download
memory/2132-2401-0x00007FF7C53F0000-0x00007FF7C5741000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2387-0x00007FF6237A0000-0x00007FF623AF1000-memory.dmp

Filesize
3.3MB

Download
memory/2136-180-0x00007FF6237A0000-0x00007FF623AF1000-memory.dmp

Filesize
3.3MB

Download
memory/2152-2351-0x00007FF750850000-0x00007FF750BA1000-memory.dmp

Filesize
3.3MB

Download
memory/2152-1108-0x00007FF750850000-0x00007FF750BA1000-memory.dmp

Filesize
3.3MB

Download
memory/2152-24-0x00007FF750850000-0x00007FF750BA1000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2403-0x00007FF629B30000-0x00007FF629E81000-memory.dmp

Filesize
3.3MB

Download
memory/2184-136-0x00007FF629B30000-0x00007FF629E81000-memory.dmp

Filesize
3.3MB

Download
memory/2256-113-0x00007FF6E8B40000-0x00007FF6E8E91000-memory.dmp

Filesize
3.3MB

Download
memory/2256-1123-0x00007FF6E8B40000-0x00007FF6E8E91000-memory.dmp

Filesize
3.3MB

Download
memory/2256-2397-0x00007FF6E8B40000-0x00007FF6E8E91000-memory.dmp

Filesize
3.3MB

Download
memory/2264-184-0x00007FF763E60000-0x00007FF7641B1000-memory.dmp

Filesize
3.3MB

Download
memory/2264-2409-0x00007FF763E60000-0x00007FF7641B1000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2375-0x00007FF7E3EB0000-0x00007FF7E4201000-memory.dmp

Filesize
3.3MB

Download
memory/2300-96-0x00007FF7E3EB0000-0x00007FF7E4201000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2389-0x00007FF6EDD00000-0x00007FF6EE051000-memory.dmp

Filesize
3.3MB

Download
memory/2400-177-0x00007FF6EDD00000-0x00007FF6EE051000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2377-0x00007FF7294F0000-0x00007FF729841000-memory.dmp

Filesize
3.3MB

Download
memory/2496-80-0x00007FF7294F0000-0x00007FF729841000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2407-0x00007FF67FD30000-0x00007FF680081000-memory.dmp

Filesize
3.3MB

Download
memory/2680-148-0x00007FF67FD30000-0x00007FF680081000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2379-0x00007FF6C2A70000-0x00007FF6C2DC1000-memory.dmp

Filesize
3.3MB

Download
memory/2688-95-0x00007FF6C2A70000-0x00007FF6C2DC1000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2391-0x00007FF72D5D0000-0x00007FF72D921000-memory.dmp

Filesize
3.3MB

Download
memory/2824-176-0x00007FF72D5D0000-0x00007FF72D921000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2449-0x00007FF788A60000-0x00007FF788DB1000-memory.dmp

Filesize
3.3MB

Download
memory/3060-185-0x00007FF788A60000-0x00007FF788DB1000-memory.dmp

Filesize
3.3MB

Download
memory/3348-159-0x00007FF742C70000-0x00007FF742FC1000-memory.dmp

Filesize
3.3MB

Download
memory/3348-2417-0x00007FF742C70000-0x00007FF742FC1000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2347-0x00007FF605D90000-0x00007FF6060E1000-memory.dmp

Filesize
3.3MB

Download
memory/3648-9-0x00007FF605D90000-0x00007FF6060E1000-memory.dmp

Filesize
3.3MB

Download
memory/3648-965-0x00007FF605D90000-0x00007FF6060E1000-memory.dmp

Filesize
3.3MB

Download
memory/3876-2413-0x00007FF7806B0000-0x00007FF780A01000-memory.dmp

Filesize
3.3MB

Download
memory/3876-168-0x00007FF7806B0000-0x00007FF780A01000-memory.dmp

Filesize
3.3MB

Download
memory/4236-183-0x00007FF6B1510000-0x00007FF6B1861000-memory.dmp

Filesize
3.3MB

Download
memory/4236-2416-0x00007FF6B1510000-0x00007FF6B1861000-memory.dmp

Filesize
3.3MB

Download
memory/4256-145-0x00007FF6869D0000-0x00007FF686D21000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2399-0x00007FF6869D0000-0x00007FF686D21000-memory.dmp

Filesize
3.3MB

Download
memory/4488-42-0x00007FF728280000-0x00007FF7285D1000-memory.dmp

Filesize
3.3MB

Download
memory/4488-1112-0x00007FF728280000-0x00007FF7285D1000-memory.dmp

Filesize
3.3MB

Download
memory/4488-2383-0x00007FF728280000-0x00007FF7285D1000-memory.dmp

Filesize
3.3MB

Download
memory/4688-186-0x00007FF79DE50000-0x00007FF79E1A1000-memory.dmp

Filesize
3.3MB

Download
memory/4860-173-0x00007FF71CA70000-0x00007FF71CDC1000-memory.dmp

Filesize
3.3MB

Download
memory/4860-2381-0x00007FF71CA70000-0x00007FF71CDC1000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads