xmrig | e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2023, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
Size

2.1MB
MD5

20bd02c373aadbb8ee8289406dad0046
SHA1

5f99c942e00b0da6e51fc206180445c2a999c5f7
SHA256

e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded
SHA512

b5b7e7ce80c1119043e6be1b7ad4e0a07213ef811a22212df21a0b96e1b64e9655f11c593c2573ddd637535085d914c70048f4ce9934c4870b6f1c4e1e8b9ddf
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wINaKnurG7QvL1/:BemTLkNdfE0pZrg

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/files/0x000a000000023130-137.dat	xmrig
behavioral2/files/0x000a000000023130-138.dat	xmrig
behavioral2/files/0x000a000000023151-143.dat	xmrig
behavioral2/files/0x0007000000023155-154.dat	xmrig
behavioral2/files/0x0007000000023155-158.dat	xmrig
behavioral2/files/0x0007000000023156-161.dat	xmrig
behavioral2/files/0x0007000000023157-170.dat	xmrig
behavioral2/files/0x0007000000023158-174.dat	xmrig
behavioral2/files/0x000700000002315c-188.dat	xmrig
behavioral2/files/0x000700000002315a-189.dat	xmrig
behavioral2/memory/3240-194-0x00007FF6E0AB0000-0x00007FF6E0E04000-memory.dmp	xmrig
behavioral2/files/0x000700000002315c-197.dat	xmrig
behavioral2/files/0x0009000000023136-202.dat	xmrig
behavioral2/files/0x0009000000023136-210.dat	xmrig
behavioral2/files/0x000700000002315e-213.dat	xmrig
behavioral2/files/0x0007000000023160-219.dat	xmrig
behavioral2/files/0x000700000002315f-217.dat	xmrig
behavioral2/files/0x0007000000023160-216.dat	xmrig
behavioral2/files/0x000700000002315f-212.dat	xmrig
behavioral2/files/0x000700000002315e-207.dat	xmrig
behavioral2/files/0x000700000002315d-205.dat	xmrig
behavioral2/memory/3392-201-0x00007FF780810000-0x00007FF780B64000-memory.dmp	xmrig
behavioral2/files/0x000700000002315d-196.dat	xmrig
behavioral2/files/0x000700000002315b-191.dat	xmrig
behavioral2/memory/620-187-0x00007FF6AE940000-0x00007FF6AEC94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023159-185.dat	xmrig
behavioral2/files/0x000700000002315b-182.dat	xmrig
behavioral2/files/0x0007000000023158-180.dat	xmrig
behavioral2/files/0x000700000002315a-179.dat	xmrig
behavioral2/memory/4836-176-0x00007FF707C80000-0x00007FF707FD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023159-175.dat	xmrig
behavioral2/memory/4124-164-0x00007FF75A4C0000-0x00007FF75A814000-memory.dmp	xmrig
behavioral2/files/0x0007000000023157-163.dat	xmrig
behavioral2/memory/456-156-0x00007FF6F81B0000-0x00007FF6F8504000-memory.dmp	xmrig
behavioral2/files/0x0007000000023156-155.dat	xmrig
behavioral2/memory/4656-150-0x00007FF67B090000-0x00007FF67B3E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023154-148.dat	xmrig
behavioral2/files/0x0007000000023154-147.dat	xmrig
behavioral2/files/0x000a000000023151-142.dat	xmrig
behavioral2/files/0x0007000000023154-141.dat	xmrig
behavioral2/memory/748-222-0x00007FF602C30000-0x00007FF602F84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023161-225.dat	xmrig
behavioral2/memory/4476-228-0x00007FF6F4040000-0x00007FF6F4394000-memory.dmp	xmrig
behavioral2/memory/588-244-0x00007FF73C560000-0x00007FF73C8B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023162-235.dat	xmrig
behavioral2/files/0x0006000000023165-243.dat	xmrig
behavioral2/files/0x0006000000023163-246.dat	xmrig
behavioral2/memory/2776-252-0x00007FF7D1AE0000-0x00007FF7D1E34000-memory.dmp	xmrig
behavioral2/files/0x0006000000023164-255.dat	xmrig
behavioral2/files/0x0006000000023165-260.dat	xmrig
behavioral2/files/0x0006000000023167-267.dat	xmrig
behavioral2/files/0x0006000000023169-271.dat	xmrig
behavioral2/memory/844-274-0x00007FF781DA0000-0x00007FF7820F4000-memory.dmp	xmrig
behavioral2/memory/3156-275-0x00007FF6AB540000-0x00007FF6AB894000-memory.dmp	xmrig
behavioral2/memory/4544-276-0x00007FF755640000-0x00007FF755994000-memory.dmp	xmrig
behavioral2/files/0x000600000002316a-280.dat	xmrig
behavioral2/files/0x000600000002316b-284.dat	xmrig
behavioral2/files/0x000600000002316b-292.dat	xmrig
behavioral2/files/0x000600000002316c-295.dat	xmrig
behavioral2/files/0x000600000002316e-308.dat	xmrig
behavioral2/files/0x0006000000023170-314.dat	xmrig
behavioral2/memory/4092-360-0x00007FF7D5380000-0x00007FF7D56D4000-memory.dmp	xmrig
behavioral2/memory/2880-366-0x00007FF76A040000-0x00007FF76A394000-memory.dmp	xmrig
behavioral2/memory/4292-371-0x00007FF6716C0000-0x00007FF671A14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
456	nFNPoyw.exe
748	VFfduTv.exe
4124	mPZgOuc.exe
4476	fhcxScc.exe
4836	yDppkQj.exe
1208	qIklTXx.exe
588	EUMrOnX.exe
620	opbuMWm.exe
2776	DIuhBaJ.exe
3240	deauaVb.exe
3392	cQKqMeH.exe
3232	DfckvIL.exe
344	RUvoVCw.exe
844	KaDzWkk.exe
3156	RzzWuKZ.exe
4544	TXxmYwe.exe
4092	EgmUjab.exe
2456	dBxXmHi.exe
4132	BVtWiXo.exe
2880	mHVPzCm.exe
1888	HpXfHpy.exe
3512	BSUaiam.exe
860	MZJXbXr.exe
384	QBpqkMw.exe
3724	grirUop.exe
4292	pJRlsfS.exe
3952	ivFtabd.exe
4648	GugiVsU.exe
4740	hStVWah.exe
4560	VRHJgbQ.exe
3560	VXrknMX.exe
3432	pgSjZKt.exe
4360	zEDpXiq.exe
1148	XGiPAEG.exe
800	ROaFfRE.exe
464	QlMdLAz.exe
1924	krAUmVy.exe
2252	BavyWIV.exe
1552	todsjeD.exe
2344	voYYrYw.exe
2464	CGEMCyl.exe
4036	QAawFLO.exe
3052	wQeUliF.exe
1848	QWFTMFn.exe
1356	aUvwGtU.exe
4780	vAtVCoa.exe
4536	eIPtQMM.exe
4832	wkhKUgL.exe
552	yvrXlkg.exe
4204	qNHMzjD.exe
368	MIeTkCc.exe
4952	enilfvB.exe
640	cBkNdYX.exe
1640	OvEKcWW.exe
452	jmeSkgb.exe
4028	qjRXXJg.exe
4600	LICLnkL.exe
4080	jmXaVLn.exe
1920	zKPlJFT.exe
2808	kcPpUMq.exe
736	dtjgfcg.exe
5092	QYqmwRZ.exe
1840	EKxUVeg.exe
2500	XaXUPJu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000a000000023130-137.dat	upx
behavioral2/files/0x000a000000023130-138.dat	upx
behavioral2/files/0x000a000000023151-143.dat	upx
behavioral2/files/0x0007000000023155-154.dat	upx
behavioral2/files/0x0007000000023155-158.dat	upx
behavioral2/files/0x0007000000023156-161.dat	upx
behavioral2/files/0x0007000000023157-170.dat	upx
behavioral2/files/0x0007000000023158-174.dat	upx
behavioral2/files/0x000700000002315c-188.dat	upx
behavioral2/files/0x000700000002315a-189.dat	upx
behavioral2/memory/3240-194-0x00007FF6E0AB0000-0x00007FF6E0E04000-memory.dmp	upx
behavioral2/files/0x000700000002315c-197.dat	upx
behavioral2/files/0x0009000000023136-202.dat	upx
behavioral2/files/0x0009000000023136-210.dat	upx
behavioral2/files/0x000700000002315e-213.dat	upx
behavioral2/files/0x0007000000023160-219.dat	upx
behavioral2/files/0x000700000002315f-217.dat	upx
behavioral2/files/0x0007000000023160-216.dat	upx
behavioral2/files/0x000700000002315f-212.dat	upx
behavioral2/files/0x000700000002315e-207.dat	upx
behavioral2/files/0x000700000002315d-205.dat	upx
behavioral2/memory/3392-201-0x00007FF780810000-0x00007FF780B64000-memory.dmp	upx
behavioral2/files/0x000700000002315d-196.dat	upx
behavioral2/files/0x000700000002315b-191.dat	upx
behavioral2/memory/620-187-0x00007FF6AE940000-0x00007FF6AEC94000-memory.dmp	upx
behavioral2/files/0x0007000000023159-185.dat	upx
behavioral2/files/0x000700000002315b-182.dat	upx
behavioral2/files/0x0007000000023158-180.dat	upx
behavioral2/files/0x000700000002315a-179.dat	upx
behavioral2/memory/4836-176-0x00007FF707C80000-0x00007FF707FD4000-memory.dmp	upx
behavioral2/files/0x0007000000023159-175.dat	upx
behavioral2/memory/4124-164-0x00007FF75A4C0000-0x00007FF75A814000-memory.dmp	upx
behavioral2/files/0x0007000000023157-163.dat	upx
behavioral2/memory/456-156-0x00007FF6F81B0000-0x00007FF6F8504000-memory.dmp	upx
behavioral2/files/0x0007000000023156-155.dat	upx
behavioral2/memory/4656-150-0x00007FF67B090000-0x00007FF67B3E4000-memory.dmp	upx
behavioral2/files/0x0007000000023154-148.dat	upx
behavioral2/files/0x0007000000023154-147.dat	upx
behavioral2/files/0x000a000000023151-142.dat	upx
behavioral2/files/0x0007000000023154-141.dat	upx
behavioral2/memory/748-222-0x00007FF602C30000-0x00007FF602F84000-memory.dmp	upx
behavioral2/files/0x0007000000023161-225.dat	upx
behavioral2/memory/4476-228-0x00007FF6F4040000-0x00007FF6F4394000-memory.dmp	upx
behavioral2/memory/588-244-0x00007FF73C560000-0x00007FF73C8B4000-memory.dmp	upx
behavioral2/files/0x0007000000023162-235.dat	upx
behavioral2/files/0x0006000000023165-243.dat	upx
behavioral2/files/0x0006000000023163-246.dat	upx
behavioral2/memory/2776-252-0x00007FF7D1AE0000-0x00007FF7D1E34000-memory.dmp	upx
behavioral2/files/0x0006000000023164-255.dat	upx
behavioral2/files/0x0006000000023165-260.dat	upx
behavioral2/files/0x0006000000023167-267.dat	upx
behavioral2/files/0x0006000000023169-271.dat	upx
behavioral2/memory/844-274-0x00007FF781DA0000-0x00007FF7820F4000-memory.dmp	upx
behavioral2/memory/3156-275-0x00007FF6AB540000-0x00007FF6AB894000-memory.dmp	upx
behavioral2/memory/4544-276-0x00007FF755640000-0x00007FF755994000-memory.dmp	upx
behavioral2/files/0x000600000002316a-280.dat	upx
behavioral2/files/0x000600000002316b-284.dat	upx
behavioral2/files/0x000600000002316b-292.dat	upx
behavioral2/files/0x000600000002316c-295.dat	upx
behavioral2/files/0x000600000002316e-308.dat	upx
behavioral2/files/0x0006000000023170-314.dat	upx
behavioral2/memory/4092-360-0x00007FF7D5380000-0x00007FF7D56D4000-memory.dmp	upx
behavioral2/memory/2880-366-0x00007FF76A040000-0x00007FF76A394000-memory.dmp	upx
behavioral2/memory/4292-371-0x00007FF6716C0000-0x00007FF671A14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QBpqkMw.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\VEtEUWu.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\JgLuMyG.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\XEtZKYi.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\Urwvlgd.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\SmEXMjb.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\NtzXtxD.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\CKccUib.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\BcqHplR.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\IqvBDPd.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\eIPtQMM.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\cBkNdYX.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\JOOJLwZ.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\hoXylfJ.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\nbNYkRo.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\jjMGANu.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\fevNHCH.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\FLoglBv.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\qbmuqeF.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\XCxvVwx.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\UGTirnf.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\ivFtabd.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\lRxcTzF.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\rErrqeJ.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\QBrbymB.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\Jbasofk.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\oqCLvGo.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\ovSUXER.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\DVTjXcK.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\aUvwGtU.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\PbNPEgD.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\bXhaEvi.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\BavyWIV.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\VolHYnQ.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\iEGirLP.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\knuVxSk.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\gofhgFR.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\hrhOUap.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\RzzWuKZ.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\VuGlVRv.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\hdPMknu.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\qQHjUOT.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\fNONmCA.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\dQDCQCQ.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\fOuxpIY.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\lShvZHV.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\YcJlwar.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\WhXYrRC.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\hAduNAr.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\zkEulcd.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\jLLhURG.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\nquWPzB.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\aVINLwx.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\OvEKcWW.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\fTCFXLb.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\EYhEnZs.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\QOtmweW.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\YrxuQYy.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\OyLVDRJ.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\IZnumzA.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\ULzKigx.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\HpXfHpy.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\XTIiQFt.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
File created	C:\Windows\System\GtnhECt.exe	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	9932	dwm.exe
Token: SeChangeNotifyPrivilege	9932	dwm.exe
Token: 33	9932	dwm.exe
Token: SeIncBasePriorityPrivilege	9932	dwm.exe
Token: SeShutdownPrivilege	9932	dwm.exe
Token: SeCreatePagefilePrivilege	9932	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 456	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	84
PID 4656 wrote to memory of 456	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	84
PID 4656 wrote to memory of 748	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	85
PID 4656 wrote to memory of 748	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	85
PID 4656 wrote to memory of 4124	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	86
PID 4656 wrote to memory of 4124	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	86
PID 4656 wrote to memory of 4476	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	87
PID 4656 wrote to memory of 4476	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	87
PID 4656 wrote to memory of 4836	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	88
PID 4656 wrote to memory of 4836	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	88
PID 4656 wrote to memory of 1208	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	99
PID 4656 wrote to memory of 1208	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	99
PID 4656 wrote to memory of 588	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	89
PID 4656 wrote to memory of 588	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	89
PID 4656 wrote to memory of 620	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	98
PID 4656 wrote to memory of 620	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	98
PID 4656 wrote to memory of 2776	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	97
PID 4656 wrote to memory of 2776	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	97
PID 4656 wrote to memory of 3240	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	96
PID 4656 wrote to memory of 3240	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	96
PID 4656 wrote to memory of 3392	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	95
PID 4656 wrote to memory of 3392	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	95
PID 4656 wrote to memory of 3232	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	90
PID 4656 wrote to memory of 3232	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	90
PID 4656 wrote to memory of 344	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	94
PID 4656 wrote to memory of 344	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	94
PID 4656 wrote to memory of 844	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	93
PID 4656 wrote to memory of 844	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	93
PID 4656 wrote to memory of 3156	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	92
PID 4656 wrote to memory of 3156	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	92
PID 4656 wrote to memory of 4544	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	91
PID 4656 wrote to memory of 4544	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	91
PID 4656 wrote to memory of 4092	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	100
PID 4656 wrote to memory of 4092	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	100
PID 4656 wrote to memory of 2456	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	401
PID 4656 wrote to memory of 2456	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	401
PID 4656 wrote to memory of 4132	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	393
PID 4656 wrote to memory of 4132	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	393
PID 4656 wrote to memory of 2880	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	102
PID 4656 wrote to memory of 2880	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	102
PID 4656 wrote to memory of 1888	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	101
PID 4656 wrote to memory of 1888	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	101
PID 4656 wrote to memory of 3512	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	103
PID 4656 wrote to memory of 3512	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	103
PID 4656 wrote to memory of 860	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	391
PID 4656 wrote to memory of 860	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	391
PID 4656 wrote to memory of 384	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	147
PID 4656 wrote to memory of 384	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	147
PID 4656 wrote to memory of 3724	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	144
PID 4656 wrote to memory of 3724	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	144
PID 4656 wrote to memory of 4292	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	130
PID 4656 wrote to memory of 4292	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	130
PID 4656 wrote to memory of 3952	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	129
PID 4656 wrote to memory of 3952	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	129
PID 4656 wrote to memory of 4648	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	128
PID 4656 wrote to memory of 4648	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	128
PID 4656 wrote to memory of 4740	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	127
PID 4656 wrote to memory of 4740	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	127
PID 4656 wrote to memory of 4560	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	126
PID 4656 wrote to memory of 4560	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	126
PID 4656 wrote to memory of 3560	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	125
PID 4656 wrote to memory of 3560	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	125
PID 4656 wrote to memory of 3432	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	104
PID 4656 wrote to memory of 3432	4656	e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe	104

C:\Users\Admin\AppData\Local\Temp\e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe
"C:\Users\Admin\AppData\Local\Temp\e4966b6763381bdae672747224ec8058e043db5fe0723be39d6afd9cd3e65ded.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Windows\System\nFNPoyw.exe
  C:\Windows\System\nFNPoyw.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\VFfduTv.exe
  C:\Windows\System\VFfduTv.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\mPZgOuc.exe
  C:\Windows\System\mPZgOuc.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\fhcxScc.exe
  C:\Windows\System\fhcxScc.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\yDppkQj.exe
  C:\Windows\System\yDppkQj.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\EUMrOnX.exe
  C:\Windows\System\EUMrOnX.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\DfckvIL.exe
  C:\Windows\System\DfckvIL.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\TXxmYwe.exe
  C:\Windows\System\TXxmYwe.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\RzzWuKZ.exe
  C:\Windows\System\RzzWuKZ.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\KaDzWkk.exe
  C:\Windows\System\KaDzWkk.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\RUvoVCw.exe
  C:\Windows\System\RUvoVCw.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\cQKqMeH.exe
  C:\Windows\System\cQKqMeH.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\deauaVb.exe
  C:\Windows\System\deauaVb.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\DIuhBaJ.exe
  C:\Windows\System\DIuhBaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\opbuMWm.exe
  C:\Windows\System\opbuMWm.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\qIklTXx.exe
  C:\Windows\System\qIklTXx.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\EgmUjab.exe
  C:\Windows\System\EgmUjab.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\HpXfHpy.exe
  C:\Windows\System\HpXfHpy.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\mHVPzCm.exe
  C:\Windows\System\mHVPzCm.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\BSUaiam.exe
  C:\Windows\System\BSUaiam.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\pgSjZKt.exe
  C:\Windows\System\pgSjZKt.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\krAUmVy.exe
  C:\Windows\System\krAUmVy.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\todsjeD.exe
  C:\Windows\System\todsjeD.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\CGEMCyl.exe
  C:\Windows\System\CGEMCyl.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\QAawFLO.exe
  C:\Windows\System\QAawFLO.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\QWFTMFn.exe
  C:\Windows\System\QWFTMFn.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\aUvwGtU.exe
  C:\Windows\System\aUvwGtU.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\vAtVCoa.exe
  C:\Windows\System\vAtVCoa.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\eIPtQMM.exe
  C:\Windows\System\eIPtQMM.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\wQeUliF.exe
  C:\Windows\System\wQeUliF.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\wkhKUgL.exe
  C:\Windows\System\wkhKUgL.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\yvrXlkg.exe
  C:\Windows\System\yvrXlkg.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\voYYrYw.exe
  C:\Windows\System\voYYrYw.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\qNHMzjD.exe
  C:\Windows\System\qNHMzjD.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\enilfvB.exe
  C:\Windows\System\enilfvB.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\MIeTkCc.exe
  C:\Windows\System\MIeTkCc.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\BavyWIV.exe
  C:\Windows\System\BavyWIV.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\QlMdLAz.exe
  C:\Windows\System\QlMdLAz.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\ROaFfRE.exe
  C:\Windows\System\ROaFfRE.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\XGiPAEG.exe
  C:\Windows\System\XGiPAEG.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\zEDpXiq.exe
  C:\Windows\System\zEDpXiq.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\VXrknMX.exe
  C:\Windows\System\VXrknMX.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\VRHJgbQ.exe
  C:\Windows\System\VRHJgbQ.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\hStVWah.exe
  C:\Windows\System\hStVWah.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\GugiVsU.exe
  C:\Windows\System\GugiVsU.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\ivFtabd.exe
  C:\Windows\System\ivFtabd.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\pJRlsfS.exe
  C:\Windows\System\pJRlsfS.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\cBkNdYX.exe
  C:\Windows\System\cBkNdYX.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\OvEKcWW.exe
  C:\Windows\System\OvEKcWW.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\qjRXXJg.exe
  C:\Windows\System\qjRXXJg.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\zKPlJFT.exe
  C:\Windows\System\zKPlJFT.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\LICLnkL.exe
  C:\Windows\System\LICLnkL.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\jmXaVLn.exe
  C:\Windows\System\jmXaVLn.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\kcPpUMq.exe
  C:\Windows\System\kcPpUMq.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\dtjgfcg.exe
  C:\Windows\System\dtjgfcg.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\QYqmwRZ.exe
  C:\Windows\System\QYqmwRZ.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\EKxUVeg.exe
  C:\Windows\System\EKxUVeg.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\FWpRSoX.exe
  C:\Windows\System\FWpRSoX.exe
  2⤵
  PID:3384
- C:\Windows\System\XaXUPJu.exe
  C:\Windows\System\XaXUPJu.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\jmeSkgb.exe
  C:\Windows\System\jmeSkgb.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\grirUop.exe
  C:\Windows\System\grirUop.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\ruowiRO.exe
  C:\Windows\System\ruowiRO.exe
  2⤵
  PID:2480
- C:\Windows\System\vYrcWoK.exe
  C:\Windows\System\vYrcWoK.exe
  2⤵
  PID:2228
- C:\Windows\System\QBpqkMw.exe
  C:\Windows\System\QBpqkMw.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\RbhrnAU.exe
  C:\Windows\System\RbhrnAU.exe
  2⤵
  PID:3664
- C:\Windows\System\RzAMvNV.exe
  C:\Windows\System\RzAMvNV.exe
  2⤵
  PID:4000
- C:\Windows\System\ONeaqfm.exe
  C:\Windows\System\ONeaqfm.exe
  2⤵
  PID:1320
- C:\Windows\System\mVIIGFT.exe
  C:\Windows\System\mVIIGFT.exe
  2⤵
  PID:836
- C:\Windows\System\fOuxpIY.exe
  C:\Windows\System\fOuxpIY.exe
  2⤵
  PID:2372
- C:\Windows\System\kXiqZwA.exe
  C:\Windows\System\kXiqZwA.exe
  2⤵
  PID:2564
- C:\Windows\System\wLWFERk.exe
  C:\Windows\System\wLWFERk.exe
  2⤵
  PID:2364
- C:\Windows\System\ypwmMBX.exe
  C:\Windows\System\ypwmMBX.exe
  2⤵
  PID:1736
- C:\Windows\System\ZbxXBhe.exe
  C:\Windows\System\ZbxXBhe.exe
  2⤵
  PID:4492
- C:\Windows\System\spwnEzN.exe
  C:\Windows\System\spwnEzN.exe
  2⤵
  PID:1496
- C:\Windows\System\PhrvAzC.exe
  C:\Windows\System\PhrvAzC.exe
  2⤵
  PID:4580
- C:\Windows\System\HxNguAt.exe
  C:\Windows\System\HxNguAt.exe
  2⤵
  PID:1868
- C:\Windows\System\aTYrzls.exe
  C:\Windows\System\aTYrzls.exe
  2⤵
  PID:3104
- C:\Windows\System\OFCafUN.exe
  C:\Windows\System\OFCafUN.exe
  2⤵
  PID:3564
- C:\Windows\System\YNPuWee.exe
  C:\Windows\System\YNPuWee.exe
  2⤵
  PID:2764
- C:\Windows\System\rErrqeJ.exe
  C:\Windows\System\rErrqeJ.exe
  2⤵
  PID:2640
- C:\Windows\System\VuGlVRv.exe
  C:\Windows\System\VuGlVRv.exe
  2⤵
  PID:2532
- C:\Windows\System\SShxFXQ.exe
  C:\Windows\System\SShxFXQ.exe
  2⤵
  PID:5152
- C:\Windows\System\SmZUMcp.exe
  C:\Windows\System\SmZUMcp.exe
  2⤵
  PID:5192
- C:\Windows\System\iECmfBc.exe
  C:\Windows\System\iECmfBc.exe
  2⤵
  PID:4604
- C:\Windows\System\jxseKmd.exe
  C:\Windows\System\jxseKmd.exe
  2⤵
  PID:5280
- C:\Windows\System\mzeSOBC.exe
  C:\Windows\System\mzeSOBC.exe
  2⤵
  PID:5356
- C:\Windows\System\LWkkYhy.exe
  C:\Windows\System\LWkkYhy.exe
  2⤵
  PID:5380
- C:\Windows\System\JjAeaHW.exe
  C:\Windows\System\JjAeaHW.exe
  2⤵
  PID:5412
- C:\Windows\System\SUoplmD.exe
  C:\Windows\System\SUoplmD.exe
  2⤵
  PID:5332
- C:\Windows\System\LDBjejz.exe
  C:\Windows\System\LDBjejz.exe
  2⤵
  PID:5452
- C:\Windows\System\JOOJLwZ.exe
  C:\Windows\System\JOOJLwZ.exe
  2⤵
  PID:5476
- C:\Windows\System\GALvhgn.exe
  C:\Windows\System\GALvhgn.exe
  2⤵
  PID:5520
- C:\Windows\System\VEtEUWu.exe
  C:\Windows\System\VEtEUWu.exe
  2⤵
  PID:5608
- C:\Windows\System\FLoglBv.exe
  C:\Windows\System\FLoglBv.exe
  2⤵
  PID:5648
- C:\Windows\System\QBrbymB.exe
  C:\Windows\System\QBrbymB.exe
  2⤵
  PID:5680
- C:\Windows\System\nbNYkRo.exe
  C:\Windows\System\nbNYkRo.exe
  2⤵
  PID:5748
- C:\Windows\System\LDqjVjD.exe
  C:\Windows\System\LDqjVjD.exe
  2⤵
  PID:5816
- C:\Windows\System\ttnHelH.exe
  C:\Windows\System\ttnHelH.exe
  2⤵
  PID:5724
- C:\Windows\System\ZcvzGxL.exe
  C:\Windows\System\ZcvzGxL.exe
  2⤵
  PID:5904
- C:\Windows\System\CZjdegh.exe
  C:\Windows\System\CZjdegh.exe
  2⤵
  PID:5936
- C:\Windows\System\jwOxIsL.exe
  C:\Windows\System\jwOxIsL.exe
  2⤵
  PID:6036
- C:\Windows\System\RCeHUgB.exe
  C:\Windows\System\RCeHUgB.exe
  2⤵
  PID:6012
- C:\Windows\System\MJAebVQ.exe
  C:\Windows\System\MJAebVQ.exe
  2⤵
  PID:5992
- C:\Windows\System\qveAsTJ.exe
  C:\Windows\System\qveAsTJ.exe
  2⤵
  PID:6112
- C:\Windows\System\sbNllCI.exe
  C:\Windows\System\sbNllCI.exe
  2⤵
  PID:5960
- C:\Windows\System\GPyjhEG.exe
  C:\Windows\System\GPyjhEG.exe
  2⤵
  PID:3680
- C:\Windows\System\oFZEfwr.exe
  C:\Windows\System\oFZEfwr.exe
  2⤵
  PID:5268
- C:\Windows\System\GtnhECt.exe
  C:\Windows\System\GtnhECt.exe
  2⤵
  PID:5276
- C:\Windows\System\YpmgxGp.exe
  C:\Windows\System\YpmgxGp.exe
  2⤵
  PID:5232
- C:\Windows\System\tFQLfMe.exe
  C:\Windows\System\tFQLfMe.exe
  2⤵
  PID:5168
- C:\Windows\System\fTCFXLb.exe
  C:\Windows\System\fTCFXLb.exe
  2⤵
  PID:5140
- C:\Windows\System\WOxegEA.exe
  C:\Windows\System\WOxegEA.exe
  2⤵
  PID:5884
- C:\Windows\System\wtuUrpv.exe
  C:\Windows\System\wtuUrpv.exe
  2⤵
  PID:5864
- C:\Windows\System\iUizhUd.exe
  C:\Windows\System\iUizhUd.exe
  2⤵
  PID:5848
- C:\Windows\System\SXXOtBI.exe
  C:\Windows\System\SXXOtBI.exe
  2⤵
  PID:5700
- C:\Windows\System\FfgfYqR.exe
  C:\Windows\System\FfgfYqR.exe
  2⤵
  PID:5624
- C:\Windows\System\hoXylfJ.exe
  C:\Windows\System\hoXylfJ.exe
  2⤵
  PID:5556
- C:\Windows\System\uitTyur.exe
  C:\Windows\System\uitTyur.exe
  2⤵
  PID:5616
- C:\Windows\System\vqrRNqM.exe
  C:\Windows\System\vqrRNqM.exe
  2⤵
  PID:4436
- C:\Windows\System\NYqQgmX.exe
  C:\Windows\System\NYqQgmX.exe
  2⤵
  PID:5956
- C:\Windows\System\WhXYrRC.exe
  C:\Windows\System\WhXYrRC.exe
  2⤵
  PID:5464
- C:\Windows\System\SDaCQqz.exe
  C:\Windows\System\SDaCQqz.exe
  2⤵
  PID:5828
- C:\Windows\System\VolHYnQ.exe
  C:\Windows\System\VolHYnQ.exe
  2⤵
  PID:6068
- C:\Windows\System\YSTqyfh.exe
  C:\Windows\System\YSTqyfh.exe
  2⤵
  PID:5796
- C:\Windows\System\RbxAygl.exe
  C:\Windows\System\RbxAygl.exe
  2⤵
  PID:5440
- C:\Windows\System\THWevry.exe
  C:\Windows\System\THWevry.exe
  2⤵
  PID:6256
- C:\Windows\System\IZnumzA.exe
  C:\Windows\System\IZnumzA.exe
  2⤵
  PID:6316
- C:\Windows\System\uoEVwWy.exe
  C:\Windows\System\uoEVwWy.exe
  2⤵
  PID:6428
- C:\Windows\System\CszIZac.exe
  C:\Windows\System\CszIZac.exe
  2⤵
  PID:6412
- C:\Windows\System\hUhCtrC.exe
  C:\Windows\System\hUhCtrC.exe
  2⤵
  PID:6492
- C:\Windows\System\iEGirLP.exe
  C:\Windows\System\iEGirLP.exe
  2⤵
  PID:6384
- C:\Windows\System\oymotWG.exe
  C:\Windows\System\oymotWG.exe
  2⤵
  PID:6356
- C:\Windows\System\tlCYYAv.exe
  C:\Windows\System\tlCYYAv.exe
  2⤵
  PID:6340
- C:\Windows\System\JOIAxmu.exe
  C:\Windows\System\JOIAxmu.exe
  2⤵
  PID:6548
- C:\Windows\System\ehiUBqP.exe
  C:\Windows\System\ehiUBqP.exe
  2⤵
  PID:6588
- C:\Windows\System\emFcwZy.exe
  C:\Windows\System\emFcwZy.exe
  2⤵
  PID:6640
- C:\Windows\System\mtlmqLD.exe
  C:\Windows\System\mtlmqLD.exe
  2⤵
  PID:6568
- C:\Windows\System\QOtmweW.exe
  C:\Windows\System\QOtmweW.exe
  2⤵
  PID:6676
- C:\Windows\System\LmZRenm.exe
  C:\Windows\System\LmZRenm.exe
  2⤵
  PID:6760
- C:\Windows\System\tVTgmem.exe
  C:\Windows\System\tVTgmem.exe
  2⤵
  PID:6780
- C:\Windows\System\dwTIcNG.exe
  C:\Windows\System\dwTIcNG.exe
  2⤵
  PID:6740
- C:\Windows\System\UVQezGd.exe
  C:\Windows\System\UVQezGd.exe
  2⤵
  PID:6852
- C:\Windows\System\WrrFzyv.exe
  C:\Windows\System\WrrFzyv.exe
  2⤵
  PID:6832
- C:\Windows\System\qwlWyOB.exe
  C:\Windows\System\qwlWyOB.exe
  2⤵
  PID:6812
- C:\Windows\System\jOuGdQL.exe
  C:\Windows\System\jOuGdQL.exe
  2⤵
  PID:6972
- C:\Windows\System\dINQUmu.exe
  C:\Windows\System\dINQUmu.exe
  2⤵
  PID:7040
- C:\Windows\System\XxwZTMG.exe
  C:\Windows\System\XxwZTMG.exe
  2⤵
  PID:7092
- C:\Windows\System\FfRurNZ.exe
  C:\Windows\System\FfRurNZ.exe
  2⤵
  PID:7068
- C:\Windows\System\kQPCUNT.exe
  C:\Windows\System\kQPCUNT.exe
  2⤵
  PID:7020
- C:\Windows\System\opqjJuD.exe
  C:\Windows\System\opqjJuD.exe
  2⤵
  PID:6208
- C:\Windows\System\vFtVAgZ.exe
  C:\Windows\System\vFtVAgZ.exe
  2⤵
  PID:6328
- C:\Windows\System\jjMGANu.exe
  C:\Windows\System\jjMGANu.exe
  2⤵
  PID:2768
- C:\Windows\System\HvdAnnL.exe
  C:\Windows\System\HvdAnnL.exe
  2⤵
  PID:6684
- C:\Windows\System\DtsarFB.exe
  C:\Windows\System\DtsarFB.exe
  2⤵
  PID:6672
- C:\Windows\System\VZGbmnr.exe
  C:\Windows\System\VZGbmnr.exe
  2⤵
  PID:6840
- C:\Windows\System\XEtZKYi.exe
  C:\Windows\System\XEtZKYi.exe
  2⤵
  PID:6992
- C:\Windows\System\cCpDSeM.exe
  C:\Windows\System\cCpDSeM.exe
  2⤵
  PID:7080
- C:\Windows\System\fZPPGhz.exe
  C:\Windows\System\fZPPGhz.exe
  2⤵
  PID:6948
- C:\Windows\System\yMiLiZa.exe
  C:\Windows\System\yMiLiZa.exe
  2⤵
  PID:6800
- C:\Windows\System\kRqwceR.exe
  C:\Windows\System\kRqwceR.exe
  2⤵
  PID:6348
- C:\Windows\System\DxlUhVV.exe
  C:\Windows\System\DxlUhVV.exe
  2⤵
  PID:7124
- C:\Windows\System\FXOOrMM.exe
  C:\Windows\System\FXOOrMM.exe
  2⤵
  PID:7056
- C:\Windows\System\dlIQvdV.exe
  C:\Windows\System\dlIQvdV.exe
  2⤵
  PID:6880
- C:\Windows\System\ahUSnaM.exe
  C:\Windows\System\ahUSnaM.exe
  2⤵
  PID:7104
- C:\Windows\System\egBOLrM.exe
  C:\Windows\System\egBOLrM.exe
  2⤵
  PID:6668
- C:\Windows\System\Cfhtive.exe
  C:\Windows\System\Cfhtive.exe
  2⤵
  PID:6600
- C:\Windows\System\AjuGdVe.exe
  C:\Windows\System\AjuGdVe.exe
  2⤵
  PID:6180
- C:\Windows\System\kaYNubg.exe
  C:\Windows\System\kaYNubg.exe
  2⤵
  PID:6168
- C:\Windows\System\SmEXMjb.exe
  C:\Windows\System\SmEXMjb.exe
  2⤵
  PID:6132
- C:\Windows\System\DhYBbAw.exe
  C:\Windows\System\DhYBbAw.exe
  2⤵
  PID:7192
- C:\Windows\System\NfZMlaN.exe
  C:\Windows\System\NfZMlaN.exe
  2⤵
  PID:6204
- C:\Windows\System\alKlEPX.exe
  C:\Windows\System\alKlEPX.exe
  2⤵
  PID:6820
- C:\Windows\System\WdLjOiI.exe
  C:\Windows\System\WdLjOiI.exe
  2⤵
  PID:7276
- C:\Windows\System\wHdkrVG.exe
  C:\Windows\System\wHdkrVG.exe
  2⤵
  PID:7328
- C:\Windows\System\fevNHCH.exe
  C:\Windows\System\fevNHCH.exe
  2⤵
  PID:7428
- C:\Windows\System\YuMDkIZ.exe
  C:\Windows\System\YuMDkIZ.exe
  2⤵
  PID:7396
- C:\Windows\System\EezUsmy.exe
  C:\Windows\System\EezUsmy.exe
  2⤵
  PID:7372
- C:\Windows\System\ZkeYLZy.exe
  C:\Windows\System\ZkeYLZy.exe
  2⤵
  PID:7476
- C:\Windows\System\jUmMeBk.exe
  C:\Windows\System\jUmMeBk.exe
  2⤵
  PID:7584
- C:\Windows\System\EojMwNL.exe
  C:\Windows\System\EojMwNL.exe
  2⤵
  PID:7556
- C:\Windows\System\axLEqxJ.exe
  C:\Windows\System\axLEqxJ.exe
  2⤵
  PID:7532
- C:\Windows\System\VnwXlaG.exe
  C:\Windows\System\VnwXlaG.exe
  2⤵
  PID:7680
- C:\Windows\System\oKQJxSi.exe
  C:\Windows\System\oKQJxSi.exe
  2⤵
  PID:7792
- C:\Windows\System\ycrGdSk.exe
  C:\Windows\System\ycrGdSk.exe
  2⤵
  PID:7824
- C:\Windows\System\oKePKls.exe
  C:\Windows\System\oKePKls.exe
  2⤵
  PID:7772
- C:\Windows\System\uEGNnzF.exe
  C:\Windows\System\uEGNnzF.exe
  2⤵
  PID:7660
- C:\Windows\System\HeLxdvF.exe
  C:\Windows\System\HeLxdvF.exe
  2⤵
  PID:7640
- C:\Windows\System\fcGpmuz.exe
  C:\Windows\System\fcGpmuz.exe
  2⤵
  PID:7516
- C:\Windows\System\NtzXtxD.exe
  C:\Windows\System\NtzXtxD.exe
  2⤵
  PID:7456
- C:\Windows\System\bVldiIh.exe
  C:\Windows\System\bVldiIh.exe
  2⤵
  PID:7308
- C:\Windows\System\zNyFPPk.exe
  C:\Windows\System\zNyFPPk.exe
  2⤵
  PID:7248
- C:\Windows\System\knuVxSk.exe
  C:\Windows\System\knuVxSk.exe
  2⤵
  PID:7224
- C:\Windows\System\GBiNSvc.exe
  C:\Windows\System\GBiNSvc.exe
  2⤵
  PID:6776
- C:\Windows\System\ucpAGVR.exe
  C:\Windows\System\ucpAGVR.exe
  2⤵
  PID:6620
- C:\Windows\System\QMdvIGa.exe
  C:\Windows\System\QMdvIGa.exe
  2⤵
  PID:6420
- C:\Windows\System\YrxuQYy.exe
  C:\Windows\System\YrxuQYy.exe
  2⤵
  PID:6276
- C:\Windows\System\jLLhURG.exe
  C:\Windows\System\jLLhURG.exe
  2⤵
  PID:7860
- C:\Windows\System\ubiyLyO.exe
  C:\Windows\System\ubiyLyO.exe
  2⤵
  PID:6252
- C:\Windows\System\AuVmAnL.exe
  C:\Windows\System\AuVmAnL.exe
  2⤵
  PID:5712
- C:\Windows\System\OqeaCrp.exe
  C:\Windows\System\OqeaCrp.exe
  2⤵
  PID:6148
- C:\Windows\System\fsQouDA.exe
  C:\Windows\System\fsQouDA.exe
  2⤵
  PID:5508
- C:\Windows\System\QBuWDaz.exe
  C:\Windows\System\QBuWDaz.exe
  2⤵
  PID:5132
- C:\Windows\System\SErqTKb.exe
  C:\Windows\System\SErqTKb.exe
  2⤵
  PID:5976
- C:\Windows\System\PbNPEgD.exe
  C:\Windows\System\PbNPEgD.exe
  2⤵
  PID:7148
- C:\Windows\System\OOrWxeC.exe
  C:\Windows\System\OOrWxeC.exe
  2⤵
  PID:6952
- C:\Windows\System\xkWWojD.exe
  C:\Windows\System\xkWWojD.exe
  2⤵
  PID:6932
- C:\Windows\System\yJnIZvi.exe
  C:\Windows\System\yJnIZvi.exe
  2⤵
  PID:6904
- C:\Windows\System\Jbasofk.exe
  C:\Windows\System\Jbasofk.exe
  2⤵
  PID:6720
- C:\Windows\System\TSHYzOq.exe
  C:\Windows\System\TSHYzOq.exe
  2⤵
  PID:6700
- C:\Windows\System\WdkCZmK.exe
  C:\Windows\System\WdkCZmK.exe
  2⤵
  PID:6220
- C:\Windows\System\zwcHSVW.exe
  C:\Windows\System\zwcHSVW.exe
  2⤵
  PID:6192
- C:\Windows\System\MjkCUHr.exe
  C:\Windows\System\MjkCUHr.exe
  2⤵
  PID:6172
- C:\Windows\System\lrIctap.exe
  C:\Windows\System\lrIctap.exe
  2⤵
  PID:7996
- C:\Windows\System\SftXLVe.exe
  C:\Windows\System\SftXLVe.exe
  2⤵
  PID:5404
- C:\Windows\System\rixXTgz.exe
  C:\Windows\System\rixXTgz.exe
  2⤵
  PID:5756
- C:\Windows\System\OyLVDRJ.exe
  C:\Windows\System\OyLVDRJ.exe
  2⤵
  PID:5776
- C:\Windows\System\FDiWbFg.exe
  C:\Windows\System\FDiWbFg.exe
  2⤵
  PID:8016
- C:\Windows\System\pYZgFap.exe
  C:\Windows\System\pYZgFap.exe
  2⤵
  PID:8036
- C:\Windows\System\CohmMGW.exe
  C:\Windows\System\CohmMGW.exe
  2⤵
  PID:5856
- C:\Windows\System\eHuGARv.exe
  C:\Windows\System\eHuGARv.exe
  2⤵
  PID:5180
- C:\Windows\System\oqCLvGo.exe
  C:\Windows\System\oqCLvGo.exe
  2⤵
  PID:8084
- C:\Windows\System\vuwCDja.exe
  C:\Windows\System\vuwCDja.exe
  2⤵
  PID:8148
- C:\Windows\System\BfXCRpx.exe
  C:\Windows\System\BfXCRpx.exe
  2⤵
  PID:8128
- C:\Windows\System\ovSUXER.exe
  C:\Windows\System\ovSUXER.exe
  2⤵
  PID:6652
- C:\Windows\System\PSENfkk.exe
  C:\Windows\System\PSENfkk.exe
  2⤵
  PID:6184
- C:\Windows\System\lpYjzpy.exe
  C:\Windows\System\lpYjzpy.exe
  2⤵
  PID:7088
- C:\Windows\System\UGTirnf.exe
  C:\Windows\System\UGTirnf.exe
  2⤵
  PID:7256
- C:\Windows\System\KxhtFnN.exe
  C:\Windows\System\KxhtFnN.exe
  2⤵
  PID:6528
- C:\Windows\System\RtQsaet.exe
  C:\Windows\System\RtQsaet.exe
  2⤵
  PID:7244
- C:\Windows\System\earoREm.exe
  C:\Windows\System\earoREm.exe
  2⤵
  PID:7464
- C:\Windows\System\gofhgFR.exe
  C:\Windows\System\gofhgFR.exe
  2⤵
  PID:7468
- C:\Windows\System\UeFHlIH.exe
  C:\Windows\System\UeFHlIH.exe
  2⤵
  PID:7552
- C:\Windows\System\dGFiZTO.exe
  C:\Windows\System\dGFiZTO.exe
  2⤵
  PID:7628
- C:\Windows\System\AHroALM.exe
  C:\Windows\System\AHroALM.exe
  2⤵
  PID:7848
- C:\Windows\System\aoFymwR.exe
  C:\Windows\System\aoFymwR.exe
  2⤵
  PID:7956
- C:\Windows\System\JwBzGDn.exe
  C:\Windows\System\JwBzGDn.exe
  2⤵
  PID:7980
- C:\Windows\System\DTXPeYY.exe
  C:\Windows\System\DTXPeYY.exe
  2⤵
  PID:7812
- C:\Windows\System\lShvZHV.exe
  C:\Windows\System\lShvZHV.exe
  2⤵
  PID:7752
- C:\Windows\System\VWUnOqh.exe
  C:\Windows\System\VWUnOqh.exe
  2⤵
  PID:7636
- C:\Windows\System\LTYIjUC.exe
  C:\Windows\System\LTYIjUC.exe
  2⤵
  PID:7404
- C:\Windows\System\pYhHDZy.exe
  C:\Windows\System\pYhHDZy.exe
  2⤵
  PID:4744
- C:\Windows\System\tIkYTQy.exe
  C:\Windows\System\tIkYTQy.exe
  2⤵
  PID:8112
- C:\Windows\System\mQAcTvh.exe
  C:\Windows\System\mQAcTvh.exe
  2⤵
  PID:8068
- C:\Windows\System\JgLuMyG.exe
  C:\Windows\System\JgLuMyG.exe
  2⤵
  PID:5208
- C:\Windows\System\Pbwycxk.exe
  C:\Windows\System\Pbwycxk.exe
  2⤵
  PID:5400
- C:\Windows\System\KuSLDsW.exe
  C:\Windows\System\KuSLDsW.exe
  2⤵
  PID:5184
- C:\Windows\System\oFUGpWY.exe
  C:\Windows\System\oFUGpWY.exe
  2⤵
  PID:5212
- C:\Windows\System\EwxWWkt.exe
  C:\Windows\System\EwxWWkt.exe
  2⤵
  PID:1648
- C:\Windows\System\qbmuqeF.exe
  C:\Windows\System\qbmuqeF.exe
  2⤵
  PID:6104
- C:\Windows\System\JrSzaal.exe
  C:\Windows\System\JrSzaal.exe
  2⤵
  PID:6044
- C:\Windows\System\FfqYTdx.exe
  C:\Windows\System\FfqYTdx.exe
  2⤵
  PID:6004
- C:\Windows\System\VjtvdMm.exe
  C:\Windows\System\VjtvdMm.exe
  2⤵
  PID:4432
- C:\Windows\System\EYhEnZs.exe
  C:\Windows\System\EYhEnZs.exe
  2⤵
  PID:4688
- C:\Windows\System\qpntrls.exe
  C:\Windows\System\qpntrls.exe
  2⤵
  PID:8172
- C:\Windows\System\IIqtBSq.exe
  C:\Windows\System\IIqtBSq.exe
  2⤵
  PID:6916
- C:\Windows\System\kAWKPlK.exe
  C:\Windows\System\kAWKPlK.exe
  2⤵
  PID:6368
- C:\Windows\System\bAaZmJi.exe
  C:\Windows\System\bAaZmJi.exe
  2⤵
  PID:6408
- C:\Windows\System\vmrEVWo.exe
  C:\Windows\System\vmrEVWo.exe
  2⤵
  PID:8164
- C:\Windows\System\ktUIzYP.exe
  C:\Windows\System\ktUIzYP.exe
  2⤵
  PID:8080
- C:\Windows\System\rLkwLVx.exe
  C:\Windows\System\rLkwLVx.exe
  2⤵
  PID:7524
- C:\Windows\System\mKbmtrR.exe
  C:\Windows\System\mKbmtrR.exe
  2⤵
  PID:7748
- C:\Windows\System\LKKEmpK.exe
  C:\Windows\System\LKKEmpK.exe
  2⤵
  PID:8076
- C:\Windows\System\HDoXphH.exe
  C:\Windows\System\HDoXphH.exe
  2⤵
  PID:7988
- C:\Windows\System\bylYahJ.exe
  C:\Windows\System\bylYahJ.exe
  2⤵
  PID:7368
- C:\Windows\System\IVltEGH.exe
  C:\Windows\System\IVltEGH.exe
  2⤵
  PID:8292
- C:\Windows\System\LuBhniE.exe
  C:\Windows\System\LuBhniE.exe
  2⤵
  PID:8380
- C:\Windows\System\ljDtxfu.exe
  C:\Windows\System\ljDtxfu.exe
  2⤵
  PID:8404
- C:\Windows\System\Urwvlgd.exe
  C:\Windows\System\Urwvlgd.exe
  2⤵
  PID:8452
- C:\Windows\System\YcJlwar.exe
  C:\Windows\System\YcJlwar.exe
  2⤵
  PID:8496
- C:\Windows\System\nquWPzB.exe
  C:\Windows\System\nquWPzB.exe
  2⤵
  PID:8552
- C:\Windows\System\hBlwfPh.exe
  C:\Windows\System\hBlwfPh.exe
  2⤵
  PID:8472
- C:\Windows\System\FFwRhAt.exe
  C:\Windows\System\FFwRhAt.exe
  2⤵
  PID:8360
- C:\Windows\System\hrhOUap.exe
  C:\Windows\System\hrhOUap.exe
  2⤵
  PID:8344
- C:\Windows\System\fseswAL.exe
  C:\Windows\System\fseswAL.exe
  2⤵
  PID:8652
- C:\Windows\System\JuDQnQM.exe
  C:\Windows\System\JuDQnQM.exe
  2⤵
  PID:8620
- C:\Windows\System\rDzAJCc.exe
  C:\Windows\System\rDzAJCc.exe
  2⤵
  PID:8316
- C:\Windows\System\XnTMSxq.exe
  C:\Windows\System\XnTMSxq.exe
  2⤵
  PID:8272
- C:\Windows\System\UFonyaH.exe
  C:\Windows\System\UFonyaH.exe
  2⤵
  PID:7212
- C:\Windows\System\RKbxuap.exe
  C:\Windows\System\RKbxuap.exe
  2⤵
  PID:7316
- C:\Windows\System\pgBGiYk.exe
  C:\Windows\System\pgBGiYk.exe
  2⤵
  PID:8180
- C:\Windows\System\EyYzAbw.exe
  C:\Windows\System\EyYzAbw.exe
  2⤵
  PID:7964
- C:\Windows\System\yXAhoDO.exe
  C:\Windows\System\yXAhoDO.exe
  2⤵
  PID:7344
- C:\Windows\System\QSyXnrv.exe
  C:\Windows\System\QSyXnrv.exe
  2⤵
  PID:8056
- C:\Windows\System\wnBZhEe.exe
  C:\Windows\System\wnBZhEe.exe
  2⤵
  PID:8032
- C:\Windows\System\tfinKFO.exe
  C:\Windows\System\tfinKFO.exe
  2⤵
  PID:5716
- C:\Windows\System\vhBaHIj.exe
  C:\Windows\System\vhBaHIj.exe
  2⤵
  PID:624
- C:\Windows\System\PQIZHTJ.exe
  C:\Windows\System\PQIZHTJ.exe
  2⤵
  PID:5676
- C:\Windows\System\ityjOUW.exe
  C:\Windows\System\ityjOUW.exe
  2⤵
  PID:5532
- C:\Windows\System\YCmTTVP.exe
  C:\Windows\System\YCmTTVP.exe
  2⤵
  PID:5472
- C:\Windows\System\sgwRhgH.exe
  C:\Windows\System\sgwRhgH.exe
  2⤵
  PID:5312
- C:\Windows\System\XSyFMTs.exe
  C:\Windows\System\XSyFMTs.exe
  2⤵
  PID:5240
- C:\Windows\System\hdPMknu.exe
  C:\Windows\System\hdPMknu.exe
  2⤵
  PID:5220
- C:\Windows\System\vRkvkRs.exe
  C:\Windows\System\vRkvkRs.exe
  2⤵
  PID:4572
- C:\Windows\System\CdrcOlx.exe
  C:\Windows\System\CdrcOlx.exe
  2⤵
  PID:4856
- C:\Windows\System\eMWfGof.exe
  C:\Windows\System\eMWfGof.exe
  2⤵
  PID:1348
- C:\Windows\System\YsyzSOA.exe
  C:\Windows\System\YsyzSOA.exe
  2⤵
  PID:3760
- C:\Windows\System\IwNPqXb.exe
  C:\Windows\System\IwNPqXb.exe
  2⤵
  PID:2920
- C:\Windows\System\nVARNUn.exe
  C:\Windows\System\nVARNUn.exe
  2⤵
  PID:1424
- C:\Windows\System\sZZKiMi.exe
  C:\Windows\System\sZZKiMi.exe
  2⤵
  PID:1600
- C:\Windows\System\lRxcTzF.exe
  C:\Windows\System\lRxcTzF.exe
  2⤵
  PID:3988
- C:\Windows\System\GCSvyYg.exe
  C:\Windows\System\GCSvyYg.exe
  2⤵
  PID:3848
- C:\Windows\System\nDdPUbi.exe
  C:\Windows\System\nDdPUbi.exe
  2⤵
  PID:4636
- C:\Windows\System\tFdGUsN.exe
  C:\Windows\System\tFdGUsN.exe
  2⤵
  PID:3028
- C:\Windows\System\AmPldiZ.exe
  C:\Windows\System\AmPldiZ.exe
  2⤵
  PID:3836
- C:\Windows\System\dQDCQCQ.exe
  C:\Windows\System\dQDCQCQ.exe
  2⤵
  PID:4768
- C:\Windows\System\BWqKmYK.exe
  C:\Windows\System\BWqKmYK.exe
  2⤵
  PID:3688
- C:\Windows\System\golEhRX.exe
  C:\Windows\System\golEhRX.exe
  2⤵
  PID:3652
- C:\Windows\System\MZJXbXr.exe
  C:\Windows\System\MZJXbXr.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\MZJxDfF.exe
  C:\Windows\System\MZJxDfF.exe
  2⤵
  PID:8668
- C:\Windows\System\BVtWiXo.exe
  C:\Windows\System\BVtWiXo.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\ZFdCkMC.exe
  C:\Windows\System\ZFdCkMC.exe
  2⤵
  PID:8752
- C:\Windows\System\PvMwKOD.exe
  C:\Windows\System\PvMwKOD.exe
  2⤵
  PID:8732
- C:\Windows\System\sHzijGP.exe
  C:\Windows\System\sHzijGP.exe
  2⤵
  PID:8856
- C:\Windows\System\FbsBhqs.exe
  C:\Windows\System\FbsBhqs.exe
  2⤵
  PID:8832
- C:\Windows\System\vnvQHIh.exe
  C:\Windows\System\vnvQHIh.exe
  2⤵
  PID:8804
- C:\Windows\System\kXvoHhW.exe
  C:\Windows\System\kXvoHhW.exe
  2⤵
  PID:8908
- C:\Windows\System\WNnvcol.exe
  C:\Windows\System\WNnvcol.exe
  2⤵
  PID:8704
- C:\Windows\System\dBxXmHi.exe
  C:\Windows\System\dBxXmHi.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\Suszyzv.exe
  C:\Windows\System\Suszyzv.exe
  2⤵
  PID:8948
- C:\Windows\System\lARpFTp.exe
  C:\Windows\System\lARpFTp.exe
  2⤵
  PID:9008
- C:\Windows\System\OXPXHdk.exe
  C:\Windows\System\OXPXHdk.exe
  2⤵
  PID:9044
- C:\Windows\System\wEJrGcB.exe
  C:\Windows\System\wEJrGcB.exe
  2⤵
  PID:9064
- C:\Windows\System\FuBxHWr.exe
  C:\Windows\System\FuBxHWr.exe
  2⤵
  PID:9132
- C:\Windows\System\XCxvVwx.exe
  C:\Windows\System\XCxvVwx.exe
  2⤵
  PID:9184
- C:\Windows\System\ESgSaCU.exe
  C:\Windows\System\ESgSaCU.exe
  2⤵
  PID:9156
- C:\Windows\System\uAlLJHr.exe
  C:\Windows\System\uAlLJHr.exe
  2⤵
  PID:9112
- C:\Windows\System\CKccUib.exe
  C:\Windows\System\CKccUib.exe
  2⤵
  PID:9024
- C:\Windows\System\uYwXwTn.exe
  C:\Windows\System\uYwXwTn.exe
  2⤵
  PID:8992
- C:\Windows\System\vsFOPca.exe
  C:\Windows\System\vsFOPca.exe
  2⤵
  PID:8176
- C:\Windows\System\LYyqjjz.exe
  C:\Windows\System\LYyqjjz.exe
  2⤵
  PID:7364
- C:\Windows\System\EeJIpRQ.exe
  C:\Windows\System\EeJIpRQ.exe
  2⤵
  PID:8204
- C:\Windows\System\OxjWSvF.exe
  C:\Windows\System\OxjWSvF.exe
  2⤵
  PID:8368
- C:\Windows\System\TZvOcME.exe
  C:\Windows\System\TZvOcME.exe
  2⤵
  PID:8576
- C:\Windows\System\RNCbhSi.exe
  C:\Windows\System\RNCbhSi.exe
  2⤵
  PID:8544
- C:\Windows\System\qQHjUOT.exe
  C:\Windows\System\qQHjUOT.exe
  2⤵
  PID:8724
- C:\Windows\System\GBdQVIN.exe
  C:\Windows\System\GBdQVIN.exe
  2⤵
  PID:8936
- C:\Windows\System\tRLYUTz.exe
  C:\Windows\System\tRLYUTz.exe
  2⤵
  PID:8884
- C:\Windows\System\UYfCzZm.exe
  C:\Windows\System\UYfCzZm.exe
  2⤵
  PID:8844
- C:\Windows\System\iBscRoL.exe
  C:\Windows\System\iBscRoL.exe
  2⤵
  PID:8660
- C:\Windows\System\wDKDGWI.exe
  C:\Windows\System\wDKDGWI.exe
  2⤵
  PID:8664
- C:\Windows\System\iHOuTec.exe
  C:\Windows\System\iHOuTec.exe
  2⤵
  PID:8508
- C:\Windows\System\vzpBKYL.exe
  C:\Windows\System\vzpBKYL.exe
  2⤵
  PID:8460
- C:\Windows\System\bGmQFAm.exe
  C:\Windows\System\bGmQFAm.exe
  2⤵
  PID:8372
- C:\Windows\System\rFJGmQE.exe
  C:\Windows\System\rFJGmQE.exe
  2⤵
  PID:8120
- C:\Windows\System\xViaMCQ.exe
  C:\Windows\System\xViaMCQ.exe
  2⤵
  PID:9020
- C:\Windows\System\ZZHGJgY.exe
  C:\Windows\System\ZZHGJgY.exe
  2⤵
  PID:9124
- C:\Windows\System\ifMPVkL.exe
  C:\Windows\System\ifMPVkL.exe
  2⤵
  PID:8256
- C:\Windows\System\mGqOcxc.exe
  C:\Windows\System\mGqOcxc.exe
  2⤵
  PID:5044
- C:\Windows\System\MjPwMRg.exe
  C:\Windows\System\MjPwMRg.exe
  2⤵
  PID:7784
- C:\Windows\System\ULzKigx.exe
  C:\Windows\System\ULzKigx.exe
  2⤵
  PID:9100
- C:\Windows\System\qwXkspE.exe
  C:\Windows\System\qwXkspE.exe
  2⤵
  PID:8680
- C:\Windows\System\bXhaEvi.exe
  C:\Windows\System\bXhaEvi.exe
  2⤵
  PID:8904
- C:\Windows\System\DPTzPUF.exe
  C:\Windows\System\DPTzPUF.exe
  2⤵
  PID:9228
- C:\Windows\System\BAojdDg.exe
  C:\Windows\System\BAojdDg.exe
  2⤵
  PID:9292
- C:\Windows\System\tgvWQlH.exe
  C:\Windows\System\tgvWQlH.exe
  2⤵
  PID:8388
- C:\Windows\System\OQpyAFp.exe
  C:\Windows\System\OQpyAFp.exe
  2⤵
  PID:7844
- C:\Windows\System\cXrJJFj.exe
  C:\Windows\System\cXrJJFj.exe
  2⤵
  PID:9204
- C:\Windows\System\Dotwpds.exe
  C:\Windows\System\Dotwpds.exe
  2⤵
  PID:9088
- C:\Windows\System\CQaoTXs.exe
  C:\Windows\System\CQaoTXs.exe
  2⤵
  PID:8492
- C:\Windows\System\XTIiQFt.exe
  C:\Windows\System\XTIiQFt.exe
  2⤵
  PID:8520
- C:\Windows\System\SoSZSCr.exe
  C:\Windows\System\SoSZSCr.exe
  2⤵
  PID:8484
- C:\Windows\System\LkHAMQG.exe
  C:\Windows\System\LkHAMQG.exe
  2⤵
  PID:9384
- C:\Windows\System\XBhjuFG.exe
  C:\Windows\System\XBhjuFG.exe
  2⤵
  PID:9352

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:9932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BSUaiam.exe

Filesize
2.1MB

MD5
826e05d3035bc0c633db0be6d8c2213b

SHA1
b22899f5a29d880f20add0a84433415322240efd

SHA256
e898cc2e4ff8868e86111d4a59daeeb83f19d671096b9c53d731a193563cd8fc

SHA512
6680cf443cee26fc345dc8eb93b21b09b2068636edf06d9f0cfbde19345076779c58ce6ac370668382453e510bfc9c9e885bd1ad49de80730154c202e086cbb4

Download Submit
C:\Windows\System\BSUaiam.exe

Filesize
2.1MB

MD5
826e05d3035bc0c633db0be6d8c2213b

SHA1
b22899f5a29d880f20add0a84433415322240efd

SHA256
e898cc2e4ff8868e86111d4a59daeeb83f19d671096b9c53d731a193563cd8fc

SHA512
6680cf443cee26fc345dc8eb93b21b09b2068636edf06d9f0cfbde19345076779c58ce6ac370668382453e510bfc9c9e885bd1ad49de80730154c202e086cbb4

Download Submit
C:\Windows\System\BVtWiXo.exe

Filesize
2.1MB

MD5
7199c9fda55cf22298090a5c01c65481

SHA1
b9ae7000063af7ee2e5d0d13232c0b980bde8156

SHA256
13f963fa68f6e2bcb0e4929fe5faa4b612071771d4447054876fbf7b71bdb9c9

SHA512
8231c1214f1c18e1758376c5a08d17599251e8f1884956a315f513b346b499b0f0aadc45cc5eee89a383d8ed0b9884e03f050dfa9bae5632a5d789f803b7f29a

Download Submit
C:\Windows\System\BVtWiXo.exe

Filesize
2.1MB

MD5
7199c9fda55cf22298090a5c01c65481

SHA1
b9ae7000063af7ee2e5d0d13232c0b980bde8156

SHA256
13f963fa68f6e2bcb0e4929fe5faa4b612071771d4447054876fbf7b71bdb9c9

SHA512
8231c1214f1c18e1758376c5a08d17599251e8f1884956a315f513b346b499b0f0aadc45cc5eee89a383d8ed0b9884e03f050dfa9bae5632a5d789f803b7f29a

Download Submit
C:\Windows\System\DIuhBaJ.exe

Filesize
2.1MB

MD5
b2b58230b546278104d85e98d1b4ee45

SHA1
9bf2215298a4f6b008a651b2b317dd8db9c1b4d6

SHA256
b86fc014ba9d9b3afb7f94d8af65e52b495148898740cf5773494e12bb9467bb

SHA512
188a83b11f65138c7b77963bbeccac5f9d2b31b503647042abb2736445db06c4abe00e0918e40d7302199070198199c07660507777b8793978b65961bec84a2e

Download Submit
C:\Windows\System\DIuhBaJ.exe

Filesize
2.1MB

MD5
b2b58230b546278104d85e98d1b4ee45

SHA1
9bf2215298a4f6b008a651b2b317dd8db9c1b4d6

SHA256
b86fc014ba9d9b3afb7f94d8af65e52b495148898740cf5773494e12bb9467bb

SHA512
188a83b11f65138c7b77963bbeccac5f9d2b31b503647042abb2736445db06c4abe00e0918e40d7302199070198199c07660507777b8793978b65961bec84a2e

Download Submit
C:\Windows\System\DfckvIL.exe

Filesize
2.1MB

MD5
1de6f483e68c3b59811ab1238117ea87

SHA1
db4f030cd844d0177e6eee6db5bb7c9d62fbb384

SHA256
49ce0648c7397e68590b4196559c06f60def8d039f85d99cb9d870a9e78fb1ec

SHA512
efc39e56fa57772a7c4ba8b9c9c618060c2c4ce8d27417d2caa026f6fe52a1a72bcb22904b2daeabd0be90464e95ad6f6fffefc145346f2ba15c365abead4b77

Download Submit
C:\Windows\System\DfckvIL.exe

Filesize
2.1MB

MD5
1de6f483e68c3b59811ab1238117ea87

SHA1
db4f030cd844d0177e6eee6db5bb7c9d62fbb384

SHA256
49ce0648c7397e68590b4196559c06f60def8d039f85d99cb9d870a9e78fb1ec

SHA512
efc39e56fa57772a7c4ba8b9c9c618060c2c4ce8d27417d2caa026f6fe52a1a72bcb22904b2daeabd0be90464e95ad6f6fffefc145346f2ba15c365abead4b77

Download Submit
C:\Windows\System\EUMrOnX.exe

Filesize
2.1MB

MD5
d06e743d26e6b253e99c77f570ff7407

SHA1
43505bf8ed05bb6936b48c8ebd9dd655d068e682

SHA256
7e4f26b4da5fd867801b9fce20882cbfa1c8bd65cfd3edaf550f60c97551b6c7

SHA512
39fbe3914a708f25954a7450c2feddc1755f398d429227a38629de3c1f728ae62ed41dc11f68b70ee807f06de8e588527cfe36f9cf98c454fe9065ddf1b2b19d

Download Submit
C:\Windows\System\EUMrOnX.exe

Filesize
2.1MB

MD5
d06e743d26e6b253e99c77f570ff7407

SHA1
43505bf8ed05bb6936b48c8ebd9dd655d068e682

SHA256
7e4f26b4da5fd867801b9fce20882cbfa1c8bd65cfd3edaf550f60c97551b6c7

SHA512
39fbe3914a708f25954a7450c2feddc1755f398d429227a38629de3c1f728ae62ed41dc11f68b70ee807f06de8e588527cfe36f9cf98c454fe9065ddf1b2b19d

Download Submit
C:\Windows\System\EgmUjab.exe

Filesize
2.1MB

MD5
2a796178d46f4b80f47f29ffdbf4c4ff

SHA1
200a1967f97e9110c7571f8c2fe46fd008d6b9cd

SHA256
a6611be122f9a56c1a70d02af0d7297770e0bc575c5bef5a9f94b3924f9113d4

SHA512
de4cbe8db73cb3810e72b96aa63f4ed8ed84c4d7e6672679476e394151fd55f53dd9ab24fa5f9b524b2003a1d9de6329e051f9fa183ae0afa18eeb59fb3b3ded

Download Submit
C:\Windows\System\EgmUjab.exe

Filesize
2.1MB

MD5
2a796178d46f4b80f47f29ffdbf4c4ff

SHA1
200a1967f97e9110c7571f8c2fe46fd008d6b9cd

SHA256
a6611be122f9a56c1a70d02af0d7297770e0bc575c5bef5a9f94b3924f9113d4

SHA512
de4cbe8db73cb3810e72b96aa63f4ed8ed84c4d7e6672679476e394151fd55f53dd9ab24fa5f9b524b2003a1d9de6329e051f9fa183ae0afa18eeb59fb3b3ded

Download Submit
C:\Windows\System\GugiVsU.exe

Filesize
2.1MB

MD5
649a074facac3d6bf7874c25451a969e

SHA1
553dcb30bd79f4c635d4d5348e11eaa24268a246

SHA256
83616ddae318b16b77f3ac52e7861e0fa6abd815f87d73b49eab10a3effb378b

SHA512
2379fea341fd8a70ba7df555eb0ca6cc9fcac6226464103634f33992a8fe6310078a0b28584350bf1967474ca2c241de63e2bb68d8ae96ad7c15be66e743e74a

Download Submit
C:\Windows\System\GugiVsU.exe

Filesize
2.1MB

MD5
649a074facac3d6bf7874c25451a969e

SHA1
553dcb30bd79f4c635d4d5348e11eaa24268a246

SHA256
83616ddae318b16b77f3ac52e7861e0fa6abd815f87d73b49eab10a3effb378b

SHA512
2379fea341fd8a70ba7df555eb0ca6cc9fcac6226464103634f33992a8fe6310078a0b28584350bf1967474ca2c241de63e2bb68d8ae96ad7c15be66e743e74a

Download Submit
C:\Windows\System\HpXfHpy.exe

Filesize
2.1MB

MD5
c1a4cc28289c73bc8664fd0ffe3cd46c

SHA1
de2fbf2769e4e9204ab7cb3b55293852e83b40ee

SHA256
57e5a9da2c831b5de2979e4c9be48a530f48ebad4c39845e996ef5c73daba09f

SHA512
00662af422315c5839ace9c12c015211c2332424ab19181d93db05def12784a0017c53cae45e766c6383fa3de2c8c74c0c51d2b7870131df4ad8e8e45f05aa17

Download Submit
C:\Windows\System\HpXfHpy.exe

Filesize
2.1MB

MD5
c1a4cc28289c73bc8664fd0ffe3cd46c

SHA1
de2fbf2769e4e9204ab7cb3b55293852e83b40ee

SHA256
57e5a9da2c831b5de2979e4c9be48a530f48ebad4c39845e996ef5c73daba09f

SHA512
00662af422315c5839ace9c12c015211c2332424ab19181d93db05def12784a0017c53cae45e766c6383fa3de2c8c74c0c51d2b7870131df4ad8e8e45f05aa17

Download Submit
C:\Windows\System\KaDzWkk.exe

Filesize
2.1MB

MD5
3fade7a80295081e987b9c6123f1719b

SHA1
9a23d41fb668de74d9a82422ba1c2ddee6888789

SHA256
0bcc3cb291ba04157ce36b347fdff25891d0bdcbf0ea1e0816ff209228f2c23d

SHA512
fc1f9088bd240b13d23f12d4b1f6cb5dbf5069af1cf6941c8cd0efd6292d94105fc78a0e426ccb49b194024aed84800459dbec00ee89fa209a018d94fe142621

Download Submit
C:\Windows\System\KaDzWkk.exe

Filesize
2.1MB

MD5
3fade7a80295081e987b9c6123f1719b

SHA1
9a23d41fb668de74d9a82422ba1c2ddee6888789

SHA256
0bcc3cb291ba04157ce36b347fdff25891d0bdcbf0ea1e0816ff209228f2c23d

SHA512
fc1f9088bd240b13d23f12d4b1f6cb5dbf5069af1cf6941c8cd0efd6292d94105fc78a0e426ccb49b194024aed84800459dbec00ee89fa209a018d94fe142621

Download Submit
C:\Windows\System\MZJXbXr.exe

Filesize
2.1MB

MD5
7ca936a130b1c8ccf8355715deec43f8

SHA1
49778a253339ac87e0ea08bcb91f29fd5c25b909

SHA256
ae106dd65ee475ae266ef64fa741cc330009e56657e25c18ee192408a489c3e4

SHA512
09a4aad1b2a0b2da0dc7c43e4dde5480c2454a68db4189bcb3a1ccfebd866dfd8c946d10322d4c43a8d1dcaeb3023af0b2995ebc7349533dbd27d32a16fd7c73

Download Submit
C:\Windows\System\MZJXbXr.exe

Filesize
2.1MB

MD5
7ca936a130b1c8ccf8355715deec43f8

SHA1
49778a253339ac87e0ea08bcb91f29fd5c25b909

SHA256
ae106dd65ee475ae266ef64fa741cc330009e56657e25c18ee192408a489c3e4

SHA512
09a4aad1b2a0b2da0dc7c43e4dde5480c2454a68db4189bcb3a1ccfebd866dfd8c946d10322d4c43a8d1dcaeb3023af0b2995ebc7349533dbd27d32a16fd7c73

Download Submit
C:\Windows\System\QBpqkMw.exe

Filesize
2.1MB

MD5
38dc12d333c52b88dc24293a748d247b

SHA1
82fa00b546160243a2d4382508fb3539051b45aa

SHA256
3d3c53917deea454b8b9c480fc5be5db5e4edde7621ee755db4fe29cc85d851a

SHA512
f414dd711389ea813b0d0507a72eab340408f63683780605e077fc46850bb9c7fbad06ccc70cc4da1c185c34ed2eee66997434eebb3ea5d38c668d7dfe862041

Download Submit
C:\Windows\System\QBpqkMw.exe

Filesize
2.1MB

MD5
38dc12d333c52b88dc24293a748d247b

SHA1
82fa00b546160243a2d4382508fb3539051b45aa

SHA256
3d3c53917deea454b8b9c480fc5be5db5e4edde7621ee755db4fe29cc85d851a

SHA512
f414dd711389ea813b0d0507a72eab340408f63683780605e077fc46850bb9c7fbad06ccc70cc4da1c185c34ed2eee66997434eebb3ea5d38c668d7dfe862041

Download Submit
C:\Windows\System\RUvoVCw.exe

Filesize
2.1MB

MD5
ecc44add4fd15c15eb554f2bb50ee2a2

SHA1
fc299952d9ac4780cd96d30ee7ca0224f8200d81

SHA256
df121ca87f27cadd13a996a597fcd4918b818575bd94db9ad12baf681833202d

SHA512
1f5940be343259672724a36743e6412fda7e7b735f56775bb9751be2cb90806be3ce99ef5bc323aff4d0ac9ef0a6a12a6f3583e3cf2b5471148890fe91631446

Download Submit
C:\Windows\System\RUvoVCw.exe

Filesize
2.1MB

MD5
ecc44add4fd15c15eb554f2bb50ee2a2

SHA1
fc299952d9ac4780cd96d30ee7ca0224f8200d81

SHA256
df121ca87f27cadd13a996a597fcd4918b818575bd94db9ad12baf681833202d

SHA512
1f5940be343259672724a36743e6412fda7e7b735f56775bb9751be2cb90806be3ce99ef5bc323aff4d0ac9ef0a6a12a6f3583e3cf2b5471148890fe91631446

Download Submit
C:\Windows\System\RzzWuKZ.exe

Filesize
2.1MB

MD5
fc2d3a9f88fff079309f3a8f4cfea505

SHA1
dc6f3aa3d6263fcafc74eb87c45f20b19fdd08e1

SHA256
f26fdaf72c8be99233ed9c430557e8bdc41a0ce56292bf139652608d43bc3529

SHA512
99b96b3c474530a8d60f2298227b0836393d7fb01a6292fac7b842c357bac8f2ac3ef2f331c021382eabd5a457aa4963391f9961fbd04efe070597b7bb66885b

Download Submit
C:\Windows\System\RzzWuKZ.exe

Filesize
2.1MB

MD5
fc2d3a9f88fff079309f3a8f4cfea505

SHA1
dc6f3aa3d6263fcafc74eb87c45f20b19fdd08e1

SHA256
f26fdaf72c8be99233ed9c430557e8bdc41a0ce56292bf139652608d43bc3529

SHA512
99b96b3c474530a8d60f2298227b0836393d7fb01a6292fac7b842c357bac8f2ac3ef2f331c021382eabd5a457aa4963391f9961fbd04efe070597b7bb66885b

Download Submit
C:\Windows\System\TXxmYwe.exe

Filesize
2.1MB

MD5
8caa0d42421132cc822d79be6fac8e4b

SHA1
6d3483b4f19972c3de1e59e9932ef2cb945eb95e

SHA256
7b599a1e366de2ca82cb5d626a9ae50d92b9e01962b6e6dff3c37ef6ef925226

SHA512
d7e080338f419a075e6936005669eac9e73fd32e34dcd473c0e5b86cb64ccc655ce012e54b324c883e0455bc3e84e874049811045b0eaba89cf9004092822678

Download Submit
C:\Windows\System\TXxmYwe.exe

Filesize
2.1MB

MD5
8caa0d42421132cc822d79be6fac8e4b

SHA1
6d3483b4f19972c3de1e59e9932ef2cb945eb95e

SHA256
7b599a1e366de2ca82cb5d626a9ae50d92b9e01962b6e6dff3c37ef6ef925226

SHA512
d7e080338f419a075e6936005669eac9e73fd32e34dcd473c0e5b86cb64ccc655ce012e54b324c883e0455bc3e84e874049811045b0eaba89cf9004092822678

Download Submit
C:\Windows\System\VFfduTv.exe

Filesize
2.1MB

MD5
d9682e1a54f27b4b5c53d5fe7b6be1d7

SHA1
4970479dce9fa25ff57c495e04989797f0bbc75c

SHA256
69b67df53a2bcf04d0fdc1a16584d2393f22288d166be2aec63efbe44712d600

SHA512
508e4f1c6d73787c902881e3bbfac325e1e10b13a4cd0533b98962cf7cba93d1177a3e424098c971463b8fd1929957e819546a8351697d47a86f3dfb4d55b7f7

Download Submit
C:\Windows\System\VFfduTv.exe

Filesize
2.1MB

MD5
d9682e1a54f27b4b5c53d5fe7b6be1d7

SHA1
4970479dce9fa25ff57c495e04989797f0bbc75c

SHA256
69b67df53a2bcf04d0fdc1a16584d2393f22288d166be2aec63efbe44712d600

SHA512
508e4f1c6d73787c902881e3bbfac325e1e10b13a4cd0533b98962cf7cba93d1177a3e424098c971463b8fd1929957e819546a8351697d47a86f3dfb4d55b7f7

Download Submit
C:\Windows\System\VRHJgbQ.exe

Filesize
2.1MB

MD5
92284ef392767039dfd9c375d33b10a8

SHA1
95abeb5a4b8a2b39a8c03c357c79d2a46ff3c37d

SHA256
25515019312ac331195ebb06333a12eb661e22990921169a4c5dff957fbe78dc

SHA512
6b37229c65f07d23b012c3b0b06e60c152425830888d232618794cf1416e6147ffed79e6a6ec63eb74b051797abcfbb766317f2f509e0a1a5b5558100ca31350

Download Submit
C:\Windows\System\VRHJgbQ.exe

Filesize
2.1MB

MD5
92284ef392767039dfd9c375d33b10a8

SHA1
95abeb5a4b8a2b39a8c03c357c79d2a46ff3c37d

SHA256
25515019312ac331195ebb06333a12eb661e22990921169a4c5dff957fbe78dc

SHA512
6b37229c65f07d23b012c3b0b06e60c152425830888d232618794cf1416e6147ffed79e6a6ec63eb74b051797abcfbb766317f2f509e0a1a5b5558100ca31350

Download Submit
C:\Windows\System\VXrknMX.exe

Filesize
2.1MB

MD5
4784de4c2bee70baa4962a05c5a39dee

SHA1
4b01af9734c863e6c5a04fe3515ac7f5bd3b2fcb

SHA256
9b74459c4a50f85e7338b1c8df3fee238bc8b7226ea2241ff4ae2d38af0df655

SHA512
4f1d24795cc9ab17bdbc55d263bfc57a97c6c1e04d4c112824cbf7114f3e47453c9475f99fa69ca2f6a9639e0f463a4aa36d3caa3714d950b1da54b9ffc3a516

Download Submit
C:\Windows\System\VXrknMX.exe

Filesize
2.1MB

MD5
4784de4c2bee70baa4962a05c5a39dee

SHA1
4b01af9734c863e6c5a04fe3515ac7f5bd3b2fcb

SHA256
9b74459c4a50f85e7338b1c8df3fee238bc8b7226ea2241ff4ae2d38af0df655

SHA512
4f1d24795cc9ab17bdbc55d263bfc57a97c6c1e04d4c112824cbf7114f3e47453c9475f99fa69ca2f6a9639e0f463a4aa36d3caa3714d950b1da54b9ffc3a516

Download Submit
C:\Windows\System\cQKqMeH.exe

Filesize
2.1MB

MD5
ca112d2ca91a3d67bec7de6ad3b6bac3

SHA1
cd60f86dc7545d41d78a17ae5cad28961e73b9ac

SHA256
61863abecc0de5fc30dda67e8dc229f937d12afbd798e32544d9ca6f42e06360

SHA512
b36e8cee158f1f7fb66f81e7daea5f37d08bb701a63cd111d63988978f4d949fdcc2d46b3597e09de302b7333b6e06cf1718ad779b277b499d3bf2af524b8557

Download Submit
C:\Windows\System\cQKqMeH.exe

Filesize
2.1MB

MD5
ca112d2ca91a3d67bec7de6ad3b6bac3

SHA1
cd60f86dc7545d41d78a17ae5cad28961e73b9ac

SHA256
61863abecc0de5fc30dda67e8dc229f937d12afbd798e32544d9ca6f42e06360

SHA512
b36e8cee158f1f7fb66f81e7daea5f37d08bb701a63cd111d63988978f4d949fdcc2d46b3597e09de302b7333b6e06cf1718ad779b277b499d3bf2af524b8557

Download Submit
C:\Windows\System\dBxXmHi.exe

Filesize
2.1MB

MD5
1c20298d3a30e2d87133abe297b341c1

SHA1
52314e0127bcf7d3983b28d7b8454a0087c21fbf

SHA256
d4e2d54d496a5f80322d6cfd684ea6615fdd6ff93e689a77cced5a8d6d5f31d3

SHA512
2feba094175166cfbb6c7272c1285da06f401fb77b2d4f59dd2159751dec852fd7eb8709a332db8b82bf6c7a8445f5303d22b21330616f07e9917f5f7e6e23ac

Download Submit
C:\Windows\System\dBxXmHi.exe

Filesize
2.1MB

MD5
1c20298d3a30e2d87133abe297b341c1

SHA1
52314e0127bcf7d3983b28d7b8454a0087c21fbf

SHA256
d4e2d54d496a5f80322d6cfd684ea6615fdd6ff93e689a77cced5a8d6d5f31d3

SHA512
2feba094175166cfbb6c7272c1285da06f401fb77b2d4f59dd2159751dec852fd7eb8709a332db8b82bf6c7a8445f5303d22b21330616f07e9917f5f7e6e23ac

Download Submit
C:\Windows\System\deauaVb.exe

Filesize
2.1MB

MD5
09e9b1dae131ef2908fae0c2dbea3d14

SHA1
7217d19122cd1ce294824209cf529ef0d34b5507

SHA256
c2ee331c0759371ae0bbd92c568c120965d05f19da35445707cfb0968bb13e33

SHA512
d5c494f0dbc8a86be42dd5b75afac94f9154bf36ac849c731063d06b0937c9d1fa6a75718a28cd6d7c915f7e6686c5badf3aa9f87a4df402766ce2fb4a95d80d

Download Submit
C:\Windows\System\deauaVb.exe

Filesize
2.1MB

MD5
09e9b1dae131ef2908fae0c2dbea3d14

SHA1
7217d19122cd1ce294824209cf529ef0d34b5507

SHA256
c2ee331c0759371ae0bbd92c568c120965d05f19da35445707cfb0968bb13e33

SHA512
d5c494f0dbc8a86be42dd5b75afac94f9154bf36ac849c731063d06b0937c9d1fa6a75718a28cd6d7c915f7e6686c5badf3aa9f87a4df402766ce2fb4a95d80d

Download Submit
C:\Windows\System\fhcxScc.exe

Filesize
2.1MB

MD5
2248913b6a185cbceb6a7f1fdcf3d266

SHA1
146ed4f992be1ca373dcef4c49b024f882c06ae2

SHA256
93fd01897302a6caf8a57409f86efd6da3ee4d479c38398c5fe1b8bfa56e5795

SHA512
4f4919923ad90e71f1f061751d0f165cbd07581587354a897d0810338c1ff601439baa1c6e3e9314cd20c26a9539d58fbc70af7d00e8efed14cd6d4b8d81c6d4

Download Submit
C:\Windows\System\fhcxScc.exe

Filesize
2.1MB

MD5
2248913b6a185cbceb6a7f1fdcf3d266

SHA1
146ed4f992be1ca373dcef4c49b024f882c06ae2

SHA256
93fd01897302a6caf8a57409f86efd6da3ee4d479c38398c5fe1b8bfa56e5795

SHA512
4f4919923ad90e71f1f061751d0f165cbd07581587354a897d0810338c1ff601439baa1c6e3e9314cd20c26a9539d58fbc70af7d00e8efed14cd6d4b8d81c6d4

Download Submit
C:\Windows\System\grirUop.exe

Filesize
2.1MB

MD5
ec38df92477d2fbbb2160b53c752985a

SHA1
63212aecaee3f464a100a739f54db2d8cba5b889

SHA256
740b147a108a51aeb2ae488714bab1a61319bcf87f3805c270ac900b844f0ae9

SHA512
775604dc42fc2c81a8db83e5aa89239e3670c9b4599e4dac59800bef4d98918d49f76daeb12e355d3d5ca5d5f74e7ca10743a3ebc03eab1932ac7e6c8bb5f7a7

Download Submit
C:\Windows\System\grirUop.exe

Filesize
2.1MB

MD5
ec38df92477d2fbbb2160b53c752985a

SHA1
63212aecaee3f464a100a739f54db2d8cba5b889

SHA256
740b147a108a51aeb2ae488714bab1a61319bcf87f3805c270ac900b844f0ae9

SHA512
775604dc42fc2c81a8db83e5aa89239e3670c9b4599e4dac59800bef4d98918d49f76daeb12e355d3d5ca5d5f74e7ca10743a3ebc03eab1932ac7e6c8bb5f7a7

Download Submit
C:\Windows\System\hStVWah.exe

Filesize
2.1MB

MD5
851f16bc8281127a4c7e3b171f60fc4e

SHA1
5150e0b49fa38c461285b8ec91d765bf7e54d920

SHA256
0c57d367166b2041f2ebd6d8e35799e8c87bdb29dca9fd26259c6255307f3564

SHA512
7b702b3ab266b419a99d41d22fefa0e4f3b0295f5d9775e29820098a4b87ba4362d0000a2ec63bf30d176133fbcd6dad5ef49900ff96ffef67febce45df562e7

Download Submit
C:\Windows\System\hStVWah.exe

Filesize
2.1MB

MD5
851f16bc8281127a4c7e3b171f60fc4e

SHA1
5150e0b49fa38c461285b8ec91d765bf7e54d920

SHA256
0c57d367166b2041f2ebd6d8e35799e8c87bdb29dca9fd26259c6255307f3564

SHA512
7b702b3ab266b419a99d41d22fefa0e4f3b0295f5d9775e29820098a4b87ba4362d0000a2ec63bf30d176133fbcd6dad5ef49900ff96ffef67febce45df562e7

Download Submit
C:\Windows\System\ivFtabd.exe

Filesize
2.1MB

MD5
680779969ddd3c8919187f6967ea05e3

SHA1
21cdc7c3c84e0ffbd464fdf39cdfe658ef46e2c3

SHA256
5793728c56e3c2b53f81654a80f216c7aadcaa9dd82b1f31cf0b7f50db333c53

SHA512
ceeee885b69088c59f0eab9adc2124c102514dbe6d360d56e280be677c1f81df118a5e9315f562c4864e9540137948e9fe8674a42a7bc880300f1e76d1d5cb4c

Download Submit
C:\Windows\System\ivFtabd.exe

Filesize
2.1MB

MD5
680779969ddd3c8919187f6967ea05e3

SHA1
21cdc7c3c84e0ffbd464fdf39cdfe658ef46e2c3

SHA256
5793728c56e3c2b53f81654a80f216c7aadcaa9dd82b1f31cf0b7f50db333c53

SHA512
ceeee885b69088c59f0eab9adc2124c102514dbe6d360d56e280be677c1f81df118a5e9315f562c4864e9540137948e9fe8674a42a7bc880300f1e76d1d5cb4c

Download Submit
C:\Windows\System\mHVPzCm.exe

Filesize
2.1MB

MD5
aede6e47ca9cba04ca282883c5207d5d

SHA1
01aad690a8d7e5371aec549866fe83b95c53970a

SHA256
c60ea3978dac59adf5c0000797209058ca1c5aeaae3b479983b1bc8c44a8a6b4

SHA512
c0c044cf287537602aebb34bd94acf9f99fe07bf705542a176c8c23a2a87304f02737d944f7f6d01abb170263aacb5e19d8f6845c9badf9b57e96ff12b381f9f

Download Submit
C:\Windows\System\mHVPzCm.exe

Filesize
2.1MB

MD5
aede6e47ca9cba04ca282883c5207d5d

SHA1
01aad690a8d7e5371aec549866fe83b95c53970a

SHA256
c60ea3978dac59adf5c0000797209058ca1c5aeaae3b479983b1bc8c44a8a6b4

SHA512
c0c044cf287537602aebb34bd94acf9f99fe07bf705542a176c8c23a2a87304f02737d944f7f6d01abb170263aacb5e19d8f6845c9badf9b57e96ff12b381f9f

Download Submit
C:\Windows\System\mPZgOuc.exe

Filesize
2.1MB

MD5
713bc29d61fdb913a19ab457a8b16b32

SHA1
7623fe7fc24bd679165a979fc5a2ef984bd0eecc

SHA256
a9bbaa1a697720361d5d56333afef05ff82c1395f402e485dbe249959d767d61

SHA512
31fc9c3a4880392d84534a4e01b2320b8d948c78c6b8cb6325b80c4ecb70ceb150db84391c6b9557964ed705bd130f3b8d51f7b63fd3d978cdbc4f8531ab5b2f

Download Submit
C:\Windows\System\mPZgOuc.exe

Filesize
2.1MB

MD5
713bc29d61fdb913a19ab457a8b16b32

SHA1
7623fe7fc24bd679165a979fc5a2ef984bd0eecc

SHA256
a9bbaa1a697720361d5d56333afef05ff82c1395f402e485dbe249959d767d61

SHA512
31fc9c3a4880392d84534a4e01b2320b8d948c78c6b8cb6325b80c4ecb70ceb150db84391c6b9557964ed705bd130f3b8d51f7b63fd3d978cdbc4f8531ab5b2f

Download Submit
C:\Windows\System\mPZgOuc.exe

Filesize
2.1MB

MD5
713bc29d61fdb913a19ab457a8b16b32

SHA1
7623fe7fc24bd679165a979fc5a2ef984bd0eecc

SHA256
a9bbaa1a697720361d5d56333afef05ff82c1395f402e485dbe249959d767d61

SHA512
31fc9c3a4880392d84534a4e01b2320b8d948c78c6b8cb6325b80c4ecb70ceb150db84391c6b9557964ed705bd130f3b8d51f7b63fd3d978cdbc4f8531ab5b2f

Download Submit
C:\Windows\System\nFNPoyw.exe

Filesize
2.1MB

MD5
b5d78a64027121bb002bb805781379c4

SHA1
6f4655859b7c099e19c4dd560b639a1c9079ab0b

SHA256
0f2881b59309d2b5cc339729403058314c3ae4fa56b73af3005493f09bfd775a

SHA512
28061a8eb1ac38d9f1a4b4cb792aee789569380dce71e5418a677fab788fb10733608781f42c0ad88a275d48be54275f047217c04bc3db0a4efc7788dced26e6

Download Submit
C:\Windows\System\nFNPoyw.exe

Filesize
2.1MB

MD5
b5d78a64027121bb002bb805781379c4

SHA1
6f4655859b7c099e19c4dd560b639a1c9079ab0b

SHA256
0f2881b59309d2b5cc339729403058314c3ae4fa56b73af3005493f09bfd775a

SHA512
28061a8eb1ac38d9f1a4b4cb792aee789569380dce71e5418a677fab788fb10733608781f42c0ad88a275d48be54275f047217c04bc3db0a4efc7788dced26e6

Download Submit
C:\Windows\System\opbuMWm.exe

Filesize
2.1MB

MD5
2cc7af15ffcd64647d9709ee49a8e277

SHA1
86e1f92e86deb3499e9bd6451bd03d8c3a4e8e2b

SHA256
fb7e8c723b03201360445780bf5b725c5b2df74eb922f903b9d38442d794f6d0

SHA512
546534ef48d2c0e58b4a2a9bd1256d70bcb8787a3e514f3c56f885004d36c88245e11c3b1a284959e468bd1b85cbb3e889142a1e778f44c576867ac161e31bd2

Download Submit
C:\Windows\System\opbuMWm.exe

Filesize
2.1MB

MD5
2cc7af15ffcd64647d9709ee49a8e277

SHA1
86e1f92e86deb3499e9bd6451bd03d8c3a4e8e2b

SHA256
fb7e8c723b03201360445780bf5b725c5b2df74eb922f903b9d38442d794f6d0

SHA512
546534ef48d2c0e58b4a2a9bd1256d70bcb8787a3e514f3c56f885004d36c88245e11c3b1a284959e468bd1b85cbb3e889142a1e778f44c576867ac161e31bd2

Download Submit
C:\Windows\System\pJRlsfS.exe

Filesize
2.1MB

MD5
c6f6b981d3d079e5884ae202431aff8e

SHA1
5c9ed6de43d573c4e872ee8133fc614dee97e82d

SHA256
9b67bdbc226c2b4cf06d3deb52858458a59435b17d81f0bdf17965f5e2cb4a3c

SHA512
2d9b1339c318e0251eb9b61d0f16562fccdab064e2db8749761d98a42d9a71e0caa570d4725fcccdee6278c357662f2c4b3f82d2b9c1b0b92dd3709171061520

Download Submit
C:\Windows\System\pJRlsfS.exe

Filesize
2.1MB

MD5
c6f6b981d3d079e5884ae202431aff8e

SHA1
5c9ed6de43d573c4e872ee8133fc614dee97e82d

SHA256
9b67bdbc226c2b4cf06d3deb52858458a59435b17d81f0bdf17965f5e2cb4a3c

SHA512
2d9b1339c318e0251eb9b61d0f16562fccdab064e2db8749761d98a42d9a71e0caa570d4725fcccdee6278c357662f2c4b3f82d2b9c1b0b92dd3709171061520

Download Submit
C:\Windows\System\pgSjZKt.exe

Filesize
2.1MB

MD5
5a853949898b989c710fd75c2752088a

SHA1
e9916f25260e2865736dd53b0037288b73cb7931

SHA256
cb31fd807c983ebd3580dc47f62ac8b19c585085271204649d1a7b46d74d725f

SHA512
050215dea4a37c625a26f87599c83edfc91f4a936642a440c780239709ba1dcbe1656d5854633298602df552b452d9ebca2fa5a159dce0431dc03a717a76d97f

Download Submit
C:\Windows\System\qIklTXx.exe

Filesize
2.1MB

MD5
fca157ba9ac163ed906d3929f874d675

SHA1
144b504f4d3953f2828f983f74e6918952289038

SHA256
37b4e2030d106156fe94dfee7f1e32d5a4014dced0ef278870a499796d1b27a9

SHA512
07cc956c2d70388cebaa62b9a5464c236b5301a21bba2e840a462f73e9a90eeca624744a74594b49d5c4b71265c34a9c59ae5eee42b5b4a0282a933aa57fe983

Download Submit
C:\Windows\System\qIklTXx.exe

Filesize
2.1MB

MD5
fca157ba9ac163ed906d3929f874d675

SHA1
144b504f4d3953f2828f983f74e6918952289038

SHA256
37b4e2030d106156fe94dfee7f1e32d5a4014dced0ef278870a499796d1b27a9

SHA512
07cc956c2d70388cebaa62b9a5464c236b5301a21bba2e840a462f73e9a90eeca624744a74594b49d5c4b71265c34a9c59ae5eee42b5b4a0282a933aa57fe983

Download Submit
C:\Windows\System\yDppkQj.exe

Filesize
2.1MB

MD5
78a0d3fd6acf3426954e61ea6f283d68

SHA1
5f0a2705843a67ff1918af03c2fc8cc53580e2fe

SHA256
cbeb5af95bd26862f2c2a111eaaab6eda23e36f12768281ec4f5947a671efe9d

SHA512
62749afff8e3b4d74593ab50b3f1eb05618c15961012820ac0aadb9b637fdf7b47b751c2a3de65bf591cf1dc083f70f5889464a64201b71a3da618ccdb04f5c8

Download Submit
C:\Windows\System\yDppkQj.exe

Filesize
2.1MB

MD5
78a0d3fd6acf3426954e61ea6f283d68

SHA1
5f0a2705843a67ff1918af03c2fc8cc53580e2fe

SHA256
cbeb5af95bd26862f2c2a111eaaab6eda23e36f12768281ec4f5947a671efe9d

SHA512
62749afff8e3b4d74593ab50b3f1eb05618c15961012820ac0aadb9b637fdf7b47b751c2a3de65bf591cf1dc083f70f5889464a64201b71a3da618ccdb04f5c8

Download Submit
C:\Windows\System\zEDpXiq.exe

Filesize
2.1MB

MD5
f7d2a251c89079b67eb746c6b08ec856

SHA1
6cdd4c7e0dc361652cd2902378ca4683cada5b91

SHA256
9afeda947de60b12442abe897900e371d0ce3a59d1d414ac51ca356aa41223fe

SHA512
eb23e872f7b3534bf50ea232ff236996be93a3d39a977f1bccc3a77d30bfa9a32a6ea9897b6980358f67df6e4c060b7cf2b290c688880f68aeba751e3749f614

Download Submit
memory/344-273-0x00007FF6A4580000-0x00007FF6A48D4000-memory.dmp

Filesize
3.3MB

Download
memory/368-407-0x00007FF675990000-0x00007FF675CE4000-memory.dmp

Filesize
3.3MB

Download
memory/384-291-0x00007FF7D1770000-0x00007FF7D1AC4000-memory.dmp

Filesize
3.3MB

Download
memory/452-481-0x00007FF6ADA80000-0x00007FF6ADDD4000-memory.dmp

Filesize
3.3MB

Download
memory/456-156-0x00007FF6F81B0000-0x00007FF6F8504000-memory.dmp

Filesize
3.3MB

Download
memory/464-387-0x00007FF618610000-0x00007FF618964000-memory.dmp

Filesize
3.3MB

Download
memory/552-405-0x00007FF644CE0000-0x00007FF645034000-memory.dmp

Filesize
3.3MB

Download
memory/588-244-0x00007FF73C560000-0x00007FF73C8B4000-memory.dmp

Filesize
3.3MB

Download
memory/620-187-0x00007FF6AE940000-0x00007FF6AEC94000-memory.dmp

Filesize
3.3MB

Download
memory/640-464-0x00007FF6A0F50000-0x00007FF6A12A4000-memory.dmp

Filesize
3.3MB

Download
memory/736-523-0x00007FF6D1560000-0x00007FF6D18B4000-memory.dmp

Filesize
3.3MB

Download
memory/748-222-0x00007FF602C30000-0x00007FF602F84000-memory.dmp

Filesize
3.3MB

Download
memory/800-386-0x00007FF6976C0000-0x00007FF697A14000-memory.dmp

Filesize
3.3MB

Download
memory/844-274-0x00007FF781DA0000-0x00007FF7820F4000-memory.dmp

Filesize
3.3MB

Download
memory/860-369-0x00007FF7C7760000-0x00007FF7C7AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1148-385-0x00007FF799DE0000-0x00007FF79A134000-memory.dmp

Filesize
3.3MB

Download
memory/1208-231-0x00007FF6D0120000-0x00007FF6D0474000-memory.dmp

Filesize
3.3MB

Download
memory/1356-397-0x00007FF6DA6A0000-0x00007FF6DA9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-390-0x00007FF77A1D0000-0x00007FF77A524000-memory.dmp

Filesize
3.3MB

Download
memory/1640-474-0x00007FF6596D0000-0x00007FF659A24000-memory.dmp

Filesize
3.3MB

Download
memory/1840-542-0x00007FF7AA9C0000-0x00007FF7AAD14000-memory.dmp

Filesize
3.3MB

Download
memory/1848-396-0x00007FF7A55D0000-0x00007FF7A5924000-memory.dmp

Filesize
3.3MB

Download
memory/1888-283-0x00007FF7F28F0000-0x00007FF7F2C44000-memory.dmp

Filesize
3.3MB

Download
memory/1920-505-0x00007FF7A0E00000-0x00007FF7A1154000-memory.dmp

Filesize
3.3MB

Download
memory/1924-388-0x00007FF72A550000-0x00007FF72A8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-389-0x00007FF722DD0000-0x00007FF723124000-memory.dmp

Filesize
3.3MB

Download
memory/2344-391-0x00007FF6F9450000-0x00007FF6F97A4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-362-0x00007FF622510000-0x00007FF622864000-memory.dmp

Filesize
3.3MB

Download
memory/2464-393-0x00007FF6CE9C0000-0x00007FF6CED14000-memory.dmp

Filesize
3.3MB

Download
memory/2776-252-0x00007FF7D1AE0000-0x00007FF7D1E34000-memory.dmp

Filesize
3.3MB

Download
memory/2808-513-0x00007FF7EF9E0000-0x00007FF7EFD34000-memory.dmp

Filesize
3.3MB

Download
memory/2880-366-0x00007FF76A040000-0x00007FF76A394000-memory.dmp

Filesize
3.3MB

Download
memory/3052-395-0x00007FF679080000-0x00007FF6793D4000-memory.dmp

Filesize
3.3MB

Download
memory/3156-275-0x00007FF6AB540000-0x00007FF6AB894000-memory.dmp

Filesize
3.3MB

Download
memory/3232-262-0x00007FF6374E0000-0x00007FF637834000-memory.dmp

Filesize
3.3MB

Download
memory/3240-194-0x00007FF6E0AB0000-0x00007FF6E0E04000-memory.dmp

Filesize
3.3MB

Download
memory/3392-201-0x00007FF780810000-0x00007FF780B64000-memory.dmp

Filesize
3.3MB

Download
memory/3432-383-0x00007FF66D120000-0x00007FF66D474000-memory.dmp

Filesize
3.3MB

Download
memory/3512-287-0x00007FF788A60000-0x00007FF788DB4000-memory.dmp

Filesize
3.3MB

Download
memory/3560-382-0x00007FF7723B0000-0x00007FF772704000-memory.dmp

Filesize
3.3MB

Download
memory/3724-294-0x00007FF7C53F0000-0x00007FF7C5744000-memory.dmp

Filesize
3.3MB

Download
memory/3952-375-0x00007FF7D9F90000-0x00007FF7DA2E4000-memory.dmp

Filesize
3.3MB

Download
memory/4028-485-0x00007FF64E1D0000-0x00007FF64E524000-memory.dmp

Filesize
3.3MB

Download
memory/4036-394-0x00007FF769940000-0x00007FF769C94000-memory.dmp

Filesize
3.3MB

Download
memory/4080-500-0x00007FF60FE50000-0x00007FF6101A4000-memory.dmp

Filesize
3.3MB

Download
memory/4092-360-0x00007FF7D5380000-0x00007FF7D56D4000-memory.dmp

Filesize
3.3MB

Download
memory/4124-164-0x00007FF75A4C0000-0x00007FF75A814000-memory.dmp

Filesize
3.3MB

Download
memory/4132-279-0x00007FF73B820000-0x00007FF73BB74000-memory.dmp

Filesize
3.3MB

Download
memory/4204-406-0x00007FF710320000-0x00007FF710674000-memory.dmp

Filesize
3.3MB

Download
memory/4292-371-0x00007FF6716C0000-0x00007FF671A14000-memory.dmp

Filesize
3.3MB

Download
memory/4360-384-0x00007FF764990000-0x00007FF764CE4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-228-0x00007FF6F4040000-0x00007FF6F4394000-memory.dmp

Filesize
3.3MB

Download
memory/4536-399-0x00007FF781CC0000-0x00007FF782014000-memory.dmp

Filesize
3.3MB

Download
memory/4544-276-0x00007FF755640000-0x00007FF755994000-memory.dmp

Filesize
3.3MB

Download
memory/4560-381-0x00007FF6115C0000-0x00007FF611914000-memory.dmp

Filesize
3.3MB

Download
memory/4600-496-0x00007FF771580000-0x00007FF7718D4000-memory.dmp

Filesize
3.3MB

Download
memory/4648-378-0x00007FF75DF50000-0x00007FF75E2A4000-memory.dmp

Filesize
3.3MB

Download
memory/4656-133-0x0000027C05B70000-0x0000027C05B80000-memory.dmp

Filesize
64KB

Download
memory/4656-150-0x00007FF67B090000-0x00007FF67B3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4740-380-0x00007FF7D4300000-0x00007FF7D4654000-memory.dmp

Filesize
3.3MB

Download
memory/4780-398-0x00007FF6C5160000-0x00007FF6C54B4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-403-0x00007FF7900E0000-0x00007FF790434000-memory.dmp

Filesize
3.3MB

Download
memory/4836-176-0x00007FF707C80000-0x00007FF707FD4000-memory.dmp

Filesize
3.3MB

Download
memory/4952-410-0x00007FF6FB3F0000-0x00007FF6FB744000-memory.dmp

Filesize
3.3MB

Download
memory/5092-531-0x00007FF6E60F0000-0x00007FF6E6444000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads