xmrig | d4cc31085ef4e2ba71340ab4902c5841a3fcfd75beddabcd0338870fe154b59b

Analysis

max time kernel
151s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2023 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
Size

2.1MB
MD5

28a2d043a2bc6c5adb9a3e4541bef160
SHA1

022f4905c466aa6b0d9a723a44a32a252cd169a4
SHA256

d4cc31085ef4e2ba71340ab4902c5841a3fcfd75beddabcd0338870fe154b59b
SHA512

73b64f9449f8e2cd7bad261c6c6c4527d81d255fad8c0a0e379fcaeada7ec04043f282392a5a1f29dfa00c576d52dd989c1f7c822c2d61dfa5a7e8ae391dd67f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbdKuAcem1DbC:BemTLkNdfE0pZrB

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4912-0-0x00007FF703280000-0x00007FF7035D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000022e4a-5.dat	xmrig
behavioral2/files/0x0007000000022e4d-13.dat	xmrig
behavioral2/files/0x0007000000022e4a-12.dat	xmrig
behavioral2/files/0x0006000000022e53-27.dat	xmrig
behavioral2/files/0x0006000000022e54-33.dat	xmrig
behavioral2/files/0x0006000000022e55-38.dat	xmrig
behavioral2/memory/4972-40-0x00007FF7C46A0000-0x00007FF7C49F4000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e57-45.dat	xmrig
behavioral2/files/0x0006000000022e5c-59.dat	xmrig
behavioral2/files/0x0006000000022e5c-63.dat	xmrig
behavioral2/memory/4244-67-0x00007FF7CD340000-0x00007FF7CD694000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e5e-72.dat	xmrig
behavioral2/memory/4988-73-0x00007FF78D610000-0x00007FF78D964000-memory.dmp	xmrig
behavioral2/files/0x0007000000022e4e-80.dat	xmrig
behavioral2/files/0x0006000000022e5f-84.dat	xmrig
behavioral2/memory/4652-90-0x00007FF75B4A0000-0x00007FF75B7F4000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e5f-92.dat	xmrig
behavioral2/files/0x0006000000022e62-103.dat	xmrig
behavioral2/files/0x0006000000022e63-105.dat	xmrig
behavioral2/memory/4104-113-0x00007FF7680C0000-0x00007FF768414000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e64-121.dat	xmrig
behavioral2/files/0x0006000000022e66-126.dat	xmrig
behavioral2/memory/3076-128-0x00007FF7F2060000-0x00007FF7F23B4000-memory.dmp	xmrig
behavioral2/memory/3284-130-0x00007FF648550000-0x00007FF6488A4000-memory.dmp	xmrig
behavioral2/memory/4156-132-0x00007FF68DDB0000-0x00007FF68E104000-memory.dmp	xmrig
behavioral2/memory/5100-133-0x00007FF65AAA0000-0x00007FF65ADF4000-memory.dmp	xmrig
behavioral2/memory/764-134-0x00007FF775EA0000-0x00007FF7761F4000-memory.dmp	xmrig
behavioral2/memory/4712-131-0x00007FF65E820000-0x00007FF65EB74000-memory.dmp	xmrig
behavioral2/memory/2420-129-0x00007FF6006F0000-0x00007FF600A44000-memory.dmp	xmrig
behavioral2/memory/4704-125-0x00007FF6228A0000-0x00007FF622BF4000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e65-123.dat	xmrig
behavioral2/files/0x0006000000022e66-120.dat	xmrig
behavioral2/memory/1952-119-0x00007FF6C6770000-0x00007FF6C6AC4000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e65-118.dat	xmrig
behavioral2/files/0x0006000000022e63-114.dat	xmrig
behavioral2/files/0x0006000000022e62-109.dat	xmrig
behavioral2/files/0x0006000000022e64-108.dat	xmrig
behavioral2/memory/4604-104-0x00007FF744870000-0x00007FF744BC4000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e61-99.dat	xmrig
behavioral2/memory/5028-98-0x00007FF613B30000-0x00007FF613E84000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e60-96.dat	xmrig
behavioral2/files/0x0006000000022e61-91.dat	xmrig
behavioral2/files/0x0006000000022e60-87.dat	xmrig
behavioral2/files/0x0007000000022e4e-76.dat	xmrig
behavioral2/memory/3032-83-0x00007FF6D23E0000-0x00007FF6D2734000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e5e-77.dat	xmrig
behavioral2/memory/1672-68-0x00007FF72C790000-0x00007FF72CAE4000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e5d-66.dat	xmrig
behavioral2/memory/4400-65-0x00007FF69C8F0000-0x00007FF69CC44000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e5d-62.dat	xmrig
behavioral2/files/0x0006000000022e5b-55.dat	xmrig
behavioral2/files/0x0006000000022e5b-54.dat	xmrig
behavioral2/files/0x0006000000022e59-50.dat	xmrig
behavioral2/files/0x0006000000022e59-49.dat	xmrig
behavioral2/files/0x0006000000022e57-44.dat	xmrig
behavioral2/memory/2744-41-0x00007FF664810000-0x00007FF664B64000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e55-37.dat	xmrig
behavioral2/memory/2920-32-0x00007FF6887A0000-0x00007FF688AF4000-memory.dmp	xmrig
behavioral2/files/0x0006000000022e54-31.dat	xmrig
behavioral2/files/0x0006000000022e53-26.dat	xmrig
behavioral2/files/0x0006000000022e52-24.dat	xmrig
behavioral2/files/0x0006000000022e52-23.dat	xmrig
behavioral2/files/0x0006000000022e51-21.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3776	QREpprx.exe
2920	mnJryxn.exe
4972	zPlIpgR.exe
4104	dOvtVLu.exe
2744	abhKjJb.exe
4400	KBYqILI.exe
4244	tAXusWf.exe
1952	GtBdXmG.exe
1672	FLuqbrD.exe
4988	oEocMCy.exe
3032	DCXpgNg.exe
4652	kwrUNEU.exe
4704	XiujvkK.exe
3076	sGuvQOE.exe
5028	IydsRMP.exe
2420	CLKszwp.exe
4604	CRLNldL.exe
3284	yLhdNCv.exe
4712	qWgrwSo.exe
5100	EPjlFRv.exe
4156	kSNXWrm.exe
764	MAYsqzf.exe
960	QjvDPio.exe
2480	dHFpSQu.exe
1268	UwvVHql.exe
3236	dRElpjS.exe
1896	LkbSISO.exe
3648	zJZAWtj.exe
1556	iTAhXLZ.exe
3992	dWTeYgx.exe
1752	vEfiild.exe
1888	BMenauy.exe
4224	fXhEBrJ.exe
4620	cZmsPyy.exe
1584	CEwLgLf.exe
1248	UkVARWd.exe
560	HUcrKst.exe
1364	dAtMjoV.exe
4124	GxLVUMX.exe
4140	fCnKGRe.exe
3192	xcMekUx.exe
4748	nqWQZUV.exe
2284	uzcPGtY.exe
5024	TTUqiPy.exe
3588	MyMfUdW.exe
2732	xDDQgyN.exe
2168	JNYqUcO.exe
2104	eQxdjmt.exe
1300	xldHzBx.exe
2536	mSgEtlZ.exe
4088	qEqbnrm.exe
3664	iOdxeGa.exe
3548	TCxKzhE.exe
372	OZrFiDw.exe
4836	VePgGzK.exe
4944	FVkGyPd.exe
1576	WwgAhLD.exe
2068	JUKFqsq.exe
3088	nidRquj.exe
5004	EHRekmI.exe
2008	OcsEFXb.exe
1304	BcxdbrR.exe
3484	tClJMDL.exe
1972	pMstLoH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4912-0-0x00007FF703280000-0x00007FF7035D4000-memory.dmp	upx
behavioral2/files/0x0007000000022e4a-5.dat	upx
behavioral2/files/0x0007000000022e4d-13.dat	upx
behavioral2/files/0x0007000000022e4a-12.dat	upx
behavioral2/files/0x0006000000022e53-27.dat	upx
behavioral2/files/0x0006000000022e54-33.dat	upx
behavioral2/files/0x0006000000022e55-38.dat	upx
behavioral2/memory/4972-40-0x00007FF7C46A0000-0x00007FF7C49F4000-memory.dmp	upx
behavioral2/files/0x0006000000022e57-45.dat	upx
behavioral2/files/0x0006000000022e5c-59.dat	upx
behavioral2/files/0x0006000000022e5c-63.dat	upx
behavioral2/memory/4244-67-0x00007FF7CD340000-0x00007FF7CD694000-memory.dmp	upx
behavioral2/files/0x0006000000022e5e-72.dat	upx
behavioral2/memory/4988-73-0x00007FF78D610000-0x00007FF78D964000-memory.dmp	upx
behavioral2/files/0x0007000000022e4e-80.dat	upx
behavioral2/files/0x0006000000022e5f-84.dat	upx
behavioral2/memory/4652-90-0x00007FF75B4A0000-0x00007FF75B7F4000-memory.dmp	upx
behavioral2/files/0x0006000000022e5f-92.dat	upx
behavioral2/files/0x0006000000022e62-103.dat	upx
behavioral2/files/0x0006000000022e63-105.dat	upx
behavioral2/memory/4104-113-0x00007FF7680C0000-0x00007FF768414000-memory.dmp	upx
behavioral2/files/0x0006000000022e64-121.dat	upx
behavioral2/files/0x0006000000022e66-126.dat	upx
behavioral2/memory/3076-128-0x00007FF7F2060000-0x00007FF7F23B4000-memory.dmp	upx
behavioral2/memory/3284-130-0x00007FF648550000-0x00007FF6488A4000-memory.dmp	upx
behavioral2/memory/4156-132-0x00007FF68DDB0000-0x00007FF68E104000-memory.dmp	upx
behavioral2/memory/5100-133-0x00007FF65AAA0000-0x00007FF65ADF4000-memory.dmp	upx
behavioral2/memory/764-134-0x00007FF775EA0000-0x00007FF7761F4000-memory.dmp	upx
behavioral2/memory/4712-131-0x00007FF65E820000-0x00007FF65EB74000-memory.dmp	upx
behavioral2/memory/2420-129-0x00007FF6006F0000-0x00007FF600A44000-memory.dmp	upx
behavioral2/memory/4704-125-0x00007FF6228A0000-0x00007FF622BF4000-memory.dmp	upx
behavioral2/files/0x0006000000022e65-123.dat	upx
behavioral2/files/0x0006000000022e66-120.dat	upx
behavioral2/memory/1952-119-0x00007FF6C6770000-0x00007FF6C6AC4000-memory.dmp	upx
behavioral2/files/0x0006000000022e65-118.dat	upx
behavioral2/files/0x0006000000022e63-114.dat	upx
behavioral2/files/0x0006000000022e62-109.dat	upx
behavioral2/files/0x0006000000022e64-108.dat	upx
behavioral2/memory/4604-104-0x00007FF744870000-0x00007FF744BC4000-memory.dmp	upx
behavioral2/files/0x0006000000022e61-99.dat	upx
behavioral2/memory/5028-98-0x00007FF613B30000-0x00007FF613E84000-memory.dmp	upx
behavioral2/files/0x0006000000022e60-96.dat	upx
behavioral2/files/0x0006000000022e61-91.dat	upx
behavioral2/files/0x0006000000022e60-87.dat	upx
behavioral2/files/0x0007000000022e4e-76.dat	upx
behavioral2/memory/3032-83-0x00007FF6D23E0000-0x00007FF6D2734000-memory.dmp	upx
behavioral2/files/0x0006000000022e5e-77.dat	upx
behavioral2/memory/1672-68-0x00007FF72C790000-0x00007FF72CAE4000-memory.dmp	upx
behavioral2/files/0x0006000000022e5d-66.dat	upx
behavioral2/memory/4400-65-0x00007FF69C8F0000-0x00007FF69CC44000-memory.dmp	upx
behavioral2/files/0x0006000000022e5d-62.dat	upx
behavioral2/files/0x0006000000022e5b-55.dat	upx
behavioral2/files/0x0006000000022e5b-54.dat	upx
behavioral2/files/0x0006000000022e59-50.dat	upx
behavioral2/files/0x0006000000022e59-49.dat	upx
behavioral2/files/0x0006000000022e57-44.dat	upx
behavioral2/memory/2744-41-0x00007FF664810000-0x00007FF664B64000-memory.dmp	upx
behavioral2/files/0x0006000000022e55-37.dat	upx
behavioral2/memory/2920-32-0x00007FF6887A0000-0x00007FF688AF4000-memory.dmp	upx
behavioral2/files/0x0006000000022e54-31.dat	upx
behavioral2/files/0x0006000000022e53-26.dat	upx
behavioral2/files/0x0006000000022e52-24.dat	upx
behavioral2/files/0x0006000000022e52-23.dat	upx
behavioral2/files/0x0006000000022e51-21.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bClekyc.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\PzpWuMX.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\kjlYaFH.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\RqcGHkk.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\KcdLHdr.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\JUKFqsq.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\BvqmEiY.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\TYGmryT.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\BzmjPny.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\dIdkAkM.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\VeDPlBl.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\LPmxXEu.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\fPTwCkN.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\MsxILjV.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\YZnqQee.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\nQYtmAA.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\SyFFMDm.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\VbldMUa.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\nPKGWdC.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\VBoPtAF.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\HcZBLgL.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\FfPuFrE.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\CCTAIJu.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\fCnKGRe.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\uBWsrod.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\riURoua.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\oesyKDk.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\qmOgtlL.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\CRLNldL.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\MAYsqzf.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\tUFBGiw.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\utKNaab.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\ZALeKnp.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\LmnJYxm.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\tAddCCD.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\rsmKylf.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\mTLKIvF.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\lMTMkNr.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\MyMfUdW.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\yVaIxmr.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\iTAhXLZ.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\uiDCuMi.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\TABSOMP.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\ArnemXY.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\pMstLoH.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\HHcGYER.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\DCXpgNg.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\TCxKzhE.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\tClJMDL.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\aVYSPDN.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\VmwJhBV.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\nadaoCC.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\uyEsqgl.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\GmubnoE.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\ppgJIVy.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\bPxGJte.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\BQcMlJX.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\EHRekmI.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\PpSmxRk.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\fMgvqnR.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\XRitAKg.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\EPjlFRv.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\CbFCIMi.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
File created	C:\Windows\System\wIvwRMO.exe	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4604	dwm.exe
Token: SeChangeNotifyPrivilege	4604	dwm.exe
Token: 33	4604	dwm.exe
Token: SeIncBasePriorityPrivilege	4604	dwm.exe
Token: SeShutdownPrivilege	4604	dwm.exe
Token: SeCreatePagefilePrivilege	4604	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 3776	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	86
PID 4912 wrote to memory of 3776	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	86
PID 4912 wrote to memory of 2920	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	87
PID 4912 wrote to memory of 2920	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	87
PID 4912 wrote to memory of 4972	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	108
PID 4912 wrote to memory of 4972	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	108
PID 4912 wrote to memory of 4104	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	90
PID 4912 wrote to memory of 4104	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	90
PID 4912 wrote to memory of 2744	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	89
PID 4912 wrote to memory of 2744	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	89
PID 4912 wrote to memory of 4400	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	88
PID 4912 wrote to memory of 4400	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	88
PID 4912 wrote to memory of 4244	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	107
PID 4912 wrote to memory of 4244	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	107
PID 4912 wrote to memory of 1952	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	91
PID 4912 wrote to memory of 1952	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	91
PID 4912 wrote to memory of 1672	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	92
PID 4912 wrote to memory of 1672	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	92
PID 4912 wrote to memory of 4988	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	93
PID 4912 wrote to memory of 4988	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	93
PID 4912 wrote to memory of 3032	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	94
PID 4912 wrote to memory of 3032	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	94
PID 4912 wrote to memory of 4652	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	95
PID 4912 wrote to memory of 4652	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	95
PID 4912 wrote to memory of 4704	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	106
PID 4912 wrote to memory of 4704	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	106
PID 4912 wrote to memory of 3076	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	96
PID 4912 wrote to memory of 3076	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	96
PID 4912 wrote to memory of 5028	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	105
PID 4912 wrote to memory of 5028	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	105
PID 4912 wrote to memory of 2420	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	97
PID 4912 wrote to memory of 2420	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	97
PID 4912 wrote to memory of 4604	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	104
PID 4912 wrote to memory of 4604	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	104
PID 4912 wrote to memory of 3284	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	103
PID 4912 wrote to memory of 3284	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	103
PID 4912 wrote to memory of 4712	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	102
PID 4912 wrote to memory of 4712	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	102
PID 4912 wrote to memory of 5100	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	101
PID 4912 wrote to memory of 5100	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	101
PID 4912 wrote to memory of 4156	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	98
PID 4912 wrote to memory of 4156	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	98
PID 4912 wrote to memory of 764	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	100
PID 4912 wrote to memory of 764	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	100
PID 4912 wrote to memory of 960	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	99
PID 4912 wrote to memory of 960	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	99
PID 4912 wrote to memory of 2480	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	109
PID 4912 wrote to memory of 2480	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	109
PID 4912 wrote to memory of 1268	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	110
PID 4912 wrote to memory of 1268	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	110
PID 4912 wrote to memory of 3236	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	111
PID 4912 wrote to memory of 3236	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	111
PID 4912 wrote to memory of 1896	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	502
PID 4912 wrote to memory of 1896	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	502
PID 4912 wrote to memory of 3648	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	501
PID 4912 wrote to memory of 3648	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	501
PID 4912 wrote to memory of 1556	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	499
PID 4912 wrote to memory of 1556	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	499
PID 4912 wrote to memory of 3992	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	112
PID 4912 wrote to memory of 3992	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	112
PID 4912 wrote to memory of 1888	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	113
PID 4912 wrote to memory of 1888	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	113
PID 4912 wrote to memory of 1752	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	498
PID 4912 wrote to memory of 1752	4912	NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe	498

C:\Users\Admin\AppData\Local\Temp\NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.28a2d043a2bc6c5adb9a3e4541bef160.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Windows\System\QREpprx.exe
  C:\Windows\System\QREpprx.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\mnJryxn.exe
  C:\Windows\System\mnJryxn.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\KBYqILI.exe
  C:\Windows\System\KBYqILI.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\abhKjJb.exe
  C:\Windows\System\abhKjJb.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\dOvtVLu.exe
  C:\Windows\System\dOvtVLu.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\GtBdXmG.exe
  C:\Windows\System\GtBdXmG.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\FLuqbrD.exe
  C:\Windows\System\FLuqbrD.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\oEocMCy.exe
  C:\Windows\System\oEocMCy.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\DCXpgNg.exe
  C:\Windows\System\DCXpgNg.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\kwrUNEU.exe
  C:\Windows\System\kwrUNEU.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\sGuvQOE.exe
  C:\Windows\System\sGuvQOE.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\CLKszwp.exe
  C:\Windows\System\CLKszwp.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\kSNXWrm.exe
  C:\Windows\System\kSNXWrm.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\QjvDPio.exe
  C:\Windows\System\QjvDPio.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\MAYsqzf.exe
  C:\Windows\System\MAYsqzf.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\EPjlFRv.exe
  C:\Windows\System\EPjlFRv.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\qWgrwSo.exe
  C:\Windows\System\qWgrwSo.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\yLhdNCv.exe
  C:\Windows\System\yLhdNCv.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\CRLNldL.exe
  C:\Windows\System\CRLNldL.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\IydsRMP.exe
  C:\Windows\System\IydsRMP.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\XiujvkK.exe
  C:\Windows\System\XiujvkK.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\tAXusWf.exe
  C:\Windows\System\tAXusWf.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\zPlIpgR.exe
  C:\Windows\System\zPlIpgR.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\dHFpSQu.exe
  C:\Windows\System\dHFpSQu.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\UwvVHql.exe
  C:\Windows\System\UwvVHql.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\dRElpjS.exe
  C:\Windows\System\dRElpjS.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\dWTeYgx.exe
  C:\Windows\System\dWTeYgx.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\BMenauy.exe
  C:\Windows\System\BMenauy.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\dAtMjoV.exe
  C:\Windows\System\dAtMjoV.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\GxLVUMX.exe
  C:\Windows\System\GxLVUMX.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\xcMekUx.exe
  C:\Windows\System\xcMekUx.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\uzcPGtY.exe
  C:\Windows\System\uzcPGtY.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\xldHzBx.exe
  C:\Windows\System\xldHzBx.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\mSgEtlZ.exe
  C:\Windows\System\mSgEtlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\TCxKzhE.exe
  C:\Windows\System\TCxKzhE.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\VePgGzK.exe
  C:\Windows\System\VePgGzK.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\FVkGyPd.exe
  C:\Windows\System\FVkGyPd.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\WwgAhLD.exe
  C:\Windows\System\WwgAhLD.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\EHRekmI.exe
  C:\Windows\System\EHRekmI.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\nidRquj.exe
  C:\Windows\System\nidRquj.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\OcsEFXb.exe
  C:\Windows\System\OcsEFXb.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\tClJMDL.exe
  C:\Windows\System\tClJMDL.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\SuzuzdO.exe
  C:\Windows\System\SuzuzdO.exe
  2⤵
  PID:4132
- C:\Windows\System\bgZFgXa.exe
  C:\Windows\System\bgZFgXa.exe
  2⤵
  PID:1848
- C:\Windows\System\LPvQKAy.exe
  C:\Windows\System\LPvQKAy.exe
  2⤵
  PID:2360
- C:\Windows\System\pMstLoH.exe
  C:\Windows\System\pMstLoH.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\BcxdbrR.exe
  C:\Windows\System\BcxdbrR.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\JUKFqsq.exe
  C:\Windows\System\JUKFqsq.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\iOdxeGa.exe
  C:\Windows\System\iOdxeGa.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\wPWuMBx.exe
  C:\Windows\System\wPWuMBx.exe
  2⤵
  PID:892
- C:\Windows\System\wcbqMNq.exe
  C:\Windows\System\wcbqMNq.exe
  2⤵
  PID:3416
- C:\Windows\System\dgENMSj.exe
  C:\Windows\System\dgENMSj.exe
  2⤵
  PID:1944
- C:\Windows\System\BpFhLve.exe
  C:\Windows\System\BpFhLve.exe
  2⤵
  PID:3824
- C:\Windows\System\BzmjPny.exe
  C:\Windows\System\BzmjPny.exe
  2⤵
  PID:1756
- C:\Windows\System\PpSmxRk.exe
  C:\Windows\System\PpSmxRk.exe
  2⤵
  PID:3164
- C:\Windows\System\LZTGfVc.exe
  C:\Windows\System\LZTGfVc.exe
  2⤵
  PID:2580
- C:\Windows\System\MetXleZ.exe
  C:\Windows\System\MetXleZ.exe
  2⤵
  PID:1708
- C:\Windows\System\aciLphi.exe
  C:\Windows\System\aciLphi.exe
  2⤵
  PID:4496
- C:\Windows\System\dIdkAkM.exe
  C:\Windows\System\dIdkAkM.exe
  2⤵
  PID:1632
- C:\Windows\System\cpNCFuE.exe
  C:\Windows\System\cpNCFuE.exe
  2⤵
  PID:4800
- C:\Windows\System\mTLKIvF.exe
  C:\Windows\System\mTLKIvF.exe
  2⤵
  PID:5132
- C:\Windows\System\HceolEk.exe
  C:\Windows\System\HceolEk.exe
  2⤵
  PID:4796
- C:\Windows\System\WGAKnEi.exe
  C:\Windows\System\WGAKnEi.exe
  2⤵
  PID:5164
- C:\Windows\System\OmSEUfo.exe
  C:\Windows\System\OmSEUfo.exe
  2⤵
  PID:5244
- C:\Windows\System\ZqByaIS.exe
  C:\Windows\System\ZqByaIS.exe
  2⤵
  PID:5344
- C:\Windows\System\oaWCnDQ.exe
  C:\Windows\System\oaWCnDQ.exe
  2⤵
  PID:5400
- C:\Windows\System\gzjCSkT.exe
  C:\Windows\System\gzjCSkT.exe
  2⤵
  PID:5376
- C:\Windows\System\IpfyndW.exe
  C:\Windows\System\IpfyndW.exe
  2⤵
  PID:5440
- C:\Windows\System\NDtOwzp.exe
  C:\Windows\System\NDtOwzp.exe
  2⤵
  PID:5504
- C:\Windows\System\DGBnVQt.exe
  C:\Windows\System\DGBnVQt.exe
  2⤵
  PID:5520
- C:\Windows\System\yRUInkp.exe
  C:\Windows\System\yRUInkp.exe
  2⤵
  PID:5572
- C:\Windows\System\glTkiBi.exe
  C:\Windows\System\glTkiBi.exe
  2⤵
  PID:5484
- C:\Windows\System\rmrLfPN.exe
  C:\Windows\System\rmrLfPN.exe
  2⤵
  PID:5660
- C:\Windows\System\DAzgRMG.exe
  C:\Windows\System\DAzgRMG.exe
  2⤵
  PID:5636
- C:\Windows\System\lTVjHDn.exe
  C:\Windows\System\lTVjHDn.exe
  2⤵
  PID:5740
- C:\Windows\System\zFnTWbD.exe
  C:\Windows\System\zFnTWbD.exe
  2⤵
  PID:5760
- C:\Windows\System\IUwgGUc.exe
  C:\Windows\System\IUwgGUc.exe
  2⤵
  PID:5696
- C:\Windows\System\VBoPtAF.exe
  C:\Windows\System\VBoPtAF.exe
  2⤵
  PID:5804
- C:\Windows\System\aVYSPDN.exe
  C:\Windows\System\aVYSPDN.exe
  2⤵
  PID:5832
- C:\Windows\System\BQRumJh.exe
  C:\Windows\System\BQRumJh.exe
  2⤵
  PID:5864
- C:\Windows\System\DLcqywl.exe
  C:\Windows\System\DLcqywl.exe
  2⤵
  PID:5904
- C:\Windows\System\HqljQwK.exe
  C:\Windows\System\HqljQwK.exe
  2⤵
  PID:5936
- C:\Windows\System\PkmDeyH.exe
  C:\Windows\System\PkmDeyH.exe
  2⤵
  PID:5996
- C:\Windows\System\lCBnTve.exe
  C:\Windows\System\lCBnTve.exe
  2⤵
  PID:6020
- C:\Windows\System\IkAuqdO.exe
  C:\Windows\System\IkAuqdO.exe
  2⤵
  PID:6136
- C:\Windows\System\kyfrzKz.exe
  C:\Windows\System\kyfrzKz.exe
  2⤵
  PID:6116
- C:\Windows\System\NXetCgW.exe
  C:\Windows\System\NXetCgW.exe
  2⤵
  PID:720
- C:\Windows\System\ypNKyZQ.exe
  C:\Windows\System\ypNKyZQ.exe
  2⤵
  PID:6100
- C:\Windows\System\SjEYKoQ.exe
  C:\Windows\System\SjEYKoQ.exe
  2⤵
  PID:6084
- C:\Windows\System\VeDPlBl.exe
  C:\Windows\System\VeDPlBl.exe
  2⤵
  PID:5236
- C:\Windows\System\oUwcsXF.exe
  C:\Windows\System\oUwcsXF.exe
  2⤵
  PID:1640
- C:\Windows\System\VdWazPn.exe
  C:\Windows\System\VdWazPn.exe
  2⤵
  PID:5392
- C:\Windows\System\nYKWsxr.exe
  C:\Windows\System\nYKWsxr.exe
  2⤵
  PID:5496
- C:\Windows\System\eAJjFaP.exe
  C:\Windows\System\eAJjFaP.exe
  2⤵
  PID:5972
- C:\Windows\System\xosUoRC.exe
  C:\Windows\System\xosUoRC.exe
  2⤵
  PID:5308
- C:\Windows\System\tcnJhGI.exe
  C:\Windows\System\tcnJhGI.exe
  2⤵
  PID:5272
- C:\Windows\System\bClekyc.exe
  C:\Windows\System\bClekyc.exe
  2⤵
  PID:5212
- C:\Windows\System\SinZFKt.exe
  C:\Windows\System\SinZFKt.exe
  2⤵
  PID:5628
- C:\Windows\System\JHPxOqA.exe
  C:\Windows\System\JHPxOqA.exe
  2⤵
  PID:5676
- C:\Windows\System\uAYiwau.exe
  C:\Windows\System\uAYiwau.exe
  2⤵
  PID:5728
- C:\Windows\System\YwghVWC.exe
  C:\Windows\System\YwghVWC.exe
  2⤵
  PID:5648
- C:\Windows\System\ppgJIVy.exe
  C:\Windows\System\ppgJIVy.exe
  2⤵
  PID:5820
- C:\Windows\System\QwxLkbD.exe
  C:\Windows\System\QwxLkbD.exe
  2⤵
  PID:5916
- C:\Windows\System\PzpWuMX.exe
  C:\Windows\System\PzpWuMX.exe
  2⤵
  PID:5752
- C:\Windows\System\jglbPxC.exe
  C:\Windows\System\jglbPxC.exe
  2⤵
  PID:3288
- C:\Windows\System\ZljsLgK.exe
  C:\Windows\System\ZljsLgK.exe
  2⤵
  PID:6128
- C:\Windows\System\qOXZCpA.exe
  C:\Windows\System\qOXZCpA.exe
  2⤵
  PID:6112
- C:\Windows\System\koBzEcp.exe
  C:\Windows\System\koBzEcp.exe
  2⤵
  PID:984
- C:\Windows\System\cYuugKV.exe
  C:\Windows\System\cYuugKV.exe
  2⤵
  PID:5172
- C:\Windows\System\fqQAZpY.exe
  C:\Windows\System\fqQAZpY.exe
  2⤵
  PID:1872
- C:\Windows\System\brftHiq.exe
  C:\Windows\System\brftHiq.exe
  2⤵
  PID:5492
- C:\Windows\System\BvqmEiY.exe
  C:\Windows\System\BvqmEiY.exe
  2⤵
  PID:5684
- C:\Windows\System\bPxGJte.exe
  C:\Windows\System\bPxGJte.exe
  2⤵
  PID:4404
- C:\Windows\System\FLQJYCl.exe
  C:\Windows\System\FLQJYCl.exe
  2⤵
  PID:5128
- C:\Windows\System\mMlKXTG.exe
  C:\Windows\System\mMlKXTG.exe
  2⤵
  PID:3812
- C:\Windows\System\EWaavQF.exe
  C:\Windows\System\EWaavQF.exe
  2⤵
  PID:1048
- C:\Windows\System\qoSsKdv.exe
  C:\Windows\System\qoSsKdv.exe
  2⤵
  PID:6108
- C:\Windows\System\VFhqMxD.exe
  C:\Windows\System\VFhqMxD.exe
  2⤵
  PID:6152
- C:\Windows\System\utZZfSy.exe
  C:\Windows\System\utZZfSy.exe
  2⤵
  PID:1172
- C:\Windows\System\yvvTzyV.exe
  C:\Windows\System\yvvTzyV.exe
  2⤵
  PID:6200
- C:\Windows\System\vKryJxV.exe
  C:\Windows\System\vKryJxV.exe
  2⤵
  PID:5356
- C:\Windows\System\IpyODdE.exe
  C:\Windows\System\IpyODdE.exe
  2⤵
  PID:6260
- C:\Windows\System\HbmxZJC.exe
  C:\Windows\System\HbmxZJC.exe
  2⤵
  PID:6328
- C:\Windows\System\xnPljrW.exe
  C:\Windows\System\xnPljrW.exe
  2⤵
  PID:6384
- C:\Windows\System\cEYmmbf.exe
  C:\Windows\System\cEYmmbf.exe
  2⤵
  PID:6304
- C:\Windows\System\REVTsNg.exe
  C:\Windows\System\REVTsNg.exe
  2⤵
  PID:6424
- C:\Windows\System\ZZqGiVN.exe
  C:\Windows\System\ZZqGiVN.exe
  2⤵
  PID:6492
- C:\Windows\System\wjaHVLT.exe
  C:\Windows\System\wjaHVLT.exe
  2⤵
  PID:6468
- C:\Windows\System\WyLfTLV.exe
  C:\Windows\System\WyLfTLV.exe
  2⤵
  PID:6448
- C:\Windows\System\lwUjOYd.exe
  C:\Windows\System\lwUjOYd.exe
  2⤵
  PID:6528
- C:\Windows\System\WqYzjut.exe
  C:\Windows\System\WqYzjut.exe
  2⤵
  PID:6548
- C:\Windows\System\nPKGWdC.exe
  C:\Windows\System\nPKGWdC.exe
  2⤵
  PID:6236
- C:\Windows\System\hvgkaKY.exe
  C:\Windows\System\hvgkaKY.exe
  2⤵
  PID:6672
- C:\Windows\System\Lewwwzt.exe
  C:\Windows\System\Lewwwzt.exe
  2⤵
  PID:6708
- C:\Windows\System\WTeyxoT.exe
  C:\Windows\System\WTeyxoT.exe
  2⤵
  PID:6652
- C:\Windows\System\jGktMZa.exe
  C:\Windows\System\jGktMZa.exe
  2⤵
  PID:6624
- C:\Windows\System\FKWouaK.exe
  C:\Windows\System\FKWouaK.exe
  2⤵
  PID:6604
- C:\Windows\System\GmubnoE.exe
  C:\Windows\System\GmubnoE.exe
  2⤵
  PID:6780
- C:\Windows\System\GlHdCgO.exe
  C:\Windows\System\GlHdCgO.exe
  2⤵
  PID:6748
- C:\Windows\System\ArnemXY.exe
  C:\Windows\System\ArnemXY.exe
  2⤵
  PID:6836
- C:\Windows\System\pvdWxIO.exe
  C:\Windows\System\pvdWxIO.exe
  2⤵
  PID:6216
- C:\Windows\System\mYkEevj.exe
  C:\Windows\System\mYkEevj.exe
  2⤵
  PID:6864
- C:\Windows\System\xQFyjaa.exe
  C:\Windows\System\xQFyjaa.exe
  2⤵
  PID:6908
- C:\Windows\System\wUDDfhn.exe
  C:\Windows\System\wUDDfhn.exe
  2⤵
  PID:6968
- C:\Windows\System\ADgdJeE.exe
  C:\Windows\System\ADgdJeE.exe
  2⤵
  PID:7004
- C:\Windows\System\FQiZYIM.exe
  C:\Windows\System\FQiZYIM.exe
  2⤵
  PID:7060
- C:\Windows\System\KibuoeA.exe
  C:\Windows\System\KibuoeA.exe
  2⤵
  PID:7112
- C:\Windows\System\HcZBLgL.exe
  C:\Windows\System\HcZBLgL.exe
  2⤵
  PID:6988
- C:\Windows\System\YtdwByE.exe
  C:\Windows\System\YtdwByE.exe
  2⤵
  PID:6952
- C:\Windows\System\hieoYKa.exe
  C:\Windows\System\hieoYKa.exe
  2⤵
  PID:6924
- C:\Windows\System\kjaGWfJ.exe
  C:\Windows\System\kjaGWfJ.exe
  2⤵
  PID:7144
- C:\Windows\System\hjJsNKG.exe
  C:\Windows\System\hjJsNKG.exe
  2⤵
  PID:5188
- C:\Windows\System\diBtPmg.exe
  C:\Windows\System\diBtPmg.exe
  2⤵
  PID:6172
- C:\Windows\System\IgwtoHz.exe
  C:\Windows\System\IgwtoHz.exe
  2⤵
  PID:6280
- C:\Windows\System\HrGcYjv.exe
  C:\Windows\System\HrGcYjv.exe
  2⤵
  PID:6464
- C:\Windows\System\tHkyyqZ.exe
  C:\Windows\System\tHkyyqZ.exe
  2⤵
  PID:6616
- C:\Windows\System\XKurTUw.exe
  C:\Windows\System\XKurTUw.exe
  2⤵
  PID:6692
- C:\Windows\System\gPlkwcC.exe
  C:\Windows\System\gPlkwcC.exe
  2⤵
  PID:6960
- C:\Windows\System\yGkWpOZ.exe
  C:\Windows\System\yGkWpOZ.exe
  2⤵
  PID:6948
- C:\Windows\System\MywmxKm.exe
  C:\Windows\System\MywmxKm.exe
  2⤵
  PID:7056
- C:\Windows\System\XRfyPgk.exe
  C:\Windows\System\XRfyPgk.exe
  2⤵
  PID:6340
- C:\Windows\System\sJIqAmm.exe
  C:\Windows\System\sJIqAmm.exe
  2⤵
  PID:6520
- C:\Windows\System\UqMQvlq.exe
  C:\Windows\System\UqMQvlq.exe
  2⤵
  PID:6420
- C:\Windows\System\YfAuYmQ.exe
  C:\Windows\System\YfAuYmQ.exe
  2⤵
  PID:6188
- C:\Windows\System\qGZMqyD.exe
  C:\Windows\System\qGZMqyD.exe
  2⤵
  PID:6944
- C:\Windows\System\nUHiCwV.exe
  C:\Windows\System\nUHiCwV.exe
  2⤵
  PID:5456
- C:\Windows\System\tAddCCD.exe
  C:\Windows\System\tAddCCD.exe
  2⤵
  PID:3800
- C:\Windows\System\IqfApfo.exe
  C:\Windows\System\IqfApfo.exe
  2⤵
  PID:6576
- C:\Windows\System\zNoZHeY.exe
  C:\Windows\System\zNoZHeY.exe
  2⤵
  PID:1020
- C:\Windows\System\pckiFly.exe
  C:\Windows\System\pckiFly.exe
  2⤵
  PID:828
- C:\Windows\System\xPQKsaL.exe
  C:\Windows\System\xPQKsaL.exe
  2⤵
  PID:6832
- C:\Windows\System\ZHvpIqy.exe
  C:\Windows\System\ZHvpIqy.exe
  2⤵
  PID:7172
- C:\Windows\System\desQBlN.exe
  C:\Windows\System\desQBlN.exe
  2⤵
  PID:7204
- C:\Windows\System\vvjlTgb.exe
  C:\Windows\System\vvjlTgb.exe
  2⤵
  PID:6996
- C:\Windows\System\VmwJhBV.exe
  C:\Windows\System\VmwJhBV.exe
  2⤵
  PID:6936
- C:\Windows\System\LPmxXEu.exe
  C:\Windows\System\LPmxXEu.exe
  2⤵
  PID:6536
- C:\Windows\System\szEDsna.exe
  C:\Windows\System\szEDsna.exe
  2⤵
  PID:7152
- C:\Windows\System\rQZFwZM.exe
  C:\Windows\System\rQZFwZM.exe
  2⤵
  PID:6896
- C:\Windows\System\vHhutDz.exe
  C:\Windows\System\vHhutDz.exe
  2⤵
  PID:6880
- C:\Windows\System\ZLTfDzl.exe
  C:\Windows\System\ZLTfDzl.exe
  2⤵
  PID:6852
- C:\Windows\System\RPOTkXs.exe
  C:\Windows\System\RPOTkXs.exe
  2⤵
  PID:6756
- C:\Windows\System\CbIBNWK.exe
  C:\Windows\System\CbIBNWK.exe
  2⤵
  PID:6644
- C:\Windows\System\ZnsuFNQ.exe
  C:\Windows\System\ZnsuFNQ.exe
  2⤵
  PID:6540
- C:\Windows\System\bRoCDhz.exe
  C:\Windows\System\bRoCDhz.exe
  2⤵
  PID:6504
- C:\Windows\System\kNOTmku.exe
  C:\Windows\System\kNOTmku.exe
  2⤵
  PID:6248
- C:\Windows\System\FfPuFrE.exe
  C:\Windows\System\FfPuFrE.exe
  2⤵
  PID:2996
- C:\Windows\System\XSXqSnr.exe
  C:\Windows\System\XSXqSnr.exe
  2⤵
  PID:932
- C:\Windows\System\tUFBGiw.exe
  C:\Windows\System\tUFBGiw.exe
  2⤵
  PID:7164
- C:\Windows\System\nQYtmAA.exe
  C:\Windows\System\nQYtmAA.exe
  2⤵
  PID:6884
- C:\Windows\System\CvTkejP.exe
  C:\Windows\System\CvTkejP.exe
  2⤵
  PID:4180
- C:\Windows\System\GPvuNdX.exe
  C:\Windows\System\GPvuNdX.exe
  2⤵
  PID:6032
- C:\Windows\System\yNugoNQ.exe
  C:\Windows\System\yNugoNQ.exe
  2⤵
  PID:7352
- C:\Windows\System\XIofdxd.exe
  C:\Windows\System\XIofdxd.exe
  2⤵
  PID:6012
- C:\Windows\System\HUaOIQl.exe
  C:\Windows\System\HUaOIQl.exe
  2⤵
  PID:5844
- C:\Windows\System\kIGNEWj.exe
  C:\Windows\System\kIGNEWj.exe
  2⤵
  PID:5828
- C:\Windows\System\cCVGqCu.exe
  C:\Windows\System\cCVGqCu.exe
  2⤵
  PID:5416
- C:\Windows\System\BkQszSo.exe
  C:\Windows\System\BkQszSo.exe
  2⤵
  PID:3064
- C:\Windows\System\PnCEejv.exe
  C:\Windows\System\PnCEejv.exe
  2⤵
  PID:7420
- C:\Windows\System\cIyAJgY.exe
  C:\Windows\System\cIyAJgY.exe
  2⤵
  PID:7436
- C:\Windows\System\TYGmryT.exe
  C:\Windows\System\TYGmryT.exe
  2⤵
  PID:7468
- C:\Windows\System\dywqtaA.exe
  C:\Windows\System\dywqtaA.exe
  2⤵
  PID:5224
- C:\Windows\System\bMkVYxl.exe
  C:\Windows\System\bMkVYxl.exe
  2⤵
  PID:7592
- C:\Windows\System\BQcMlJX.exe
  C:\Windows\System\BQcMlJX.exe
  2⤵
  PID:7572
- C:\Windows\System\LDxoSVb.exe
  C:\Windows\System\LDxoSVb.exe
  2⤵
  PID:7644
- C:\Windows\System\fMgvqnR.exe
  C:\Windows\System\fMgvqnR.exe
  2⤵
  PID:7692
- C:\Windows\System\VbldMUa.exe
  C:\Windows\System\VbldMUa.exe
  2⤵
  PID:7796
- C:\Windows\System\LQyzpdi.exe
  C:\Windows\System\LQyzpdi.exe
  2⤵
  PID:7856
- C:\Windows\System\MgykDel.exe
  C:\Windows\System\MgykDel.exe
  2⤵
  PID:7936
- C:\Windows\System\BnZEusD.exe
  C:\Windows\System\BnZEusD.exe
  2⤵
  PID:8000
- C:\Windows\System\vgOHtTV.exe
  C:\Windows\System\vgOHtTV.exe
  2⤵
  PID:8064
- C:\Windows\System\LCVGlcV.exe
  C:\Windows\System\LCVGlcV.exe
  2⤵
  PID:8044
- C:\Windows\System\HfWfcII.exe
  C:\Windows\System\HfWfcII.exe
  2⤵
  PID:7984
- C:\Windows\System\mQKUTzB.exe
  C:\Windows\System\mQKUTzB.exe
  2⤵
  PID:8184
- C:\Windows\System\Dcxmjrf.exe
  C:\Windows\System\Dcxmjrf.exe
  2⤵
  PID:7228
- C:\Windows\System\yQGwajg.exe
  C:\Windows\System\yQGwajg.exe
  2⤵
  PID:7400
- C:\Windows\System\uiDCuMi.exe
  C:\Windows\System\uiDCuMi.exe
  2⤵
  PID:7568
- C:\Windows\System\LyuDfHm.exe
  C:\Windows\System\LyuDfHm.exe
  2⤵
  PID:7512
- C:\Windows\System\DshdhMf.exe
  C:\Windows\System\DshdhMf.exe
  2⤵
  PID:7792
- C:\Windows\System\xewSQtG.exe
  C:\Windows\System\xewSQtG.exe
  2⤵
  PID:7752
- C:\Windows\System\pLXAhjm.exe
  C:\Windows\System\pLXAhjm.exe
  2⤵
  PID:7744
- C:\Windows\System\HLvZCFh.exe
  C:\Windows\System\HLvZCFh.exe
  2⤵
  PID:7976
- C:\Windows\System\CLxKYlf.exe
  C:\Windows\System\CLxKYlf.exe
  2⤵
  PID:8156
- C:\Windows\System\RrSmtAq.exe
  C:\Windows\System\RrSmtAq.exe
  2⤵
  PID:7992
- C:\Windows\System\wIvwRMO.exe
  C:\Windows\System\wIvwRMO.exe
  2⤵
  PID:7196
- C:\Windows\System\SuiZKmb.exe
  C:\Windows\System\SuiZKmb.exe
  2⤵
  PID:7392
- C:\Windows\System\GqOYcuH.exe
  C:\Windows\System\GqOYcuH.exe
  2⤵
  PID:7584
- C:\Windows\System\QUoRkMW.exe
  C:\Windows\System\QUoRkMW.exe
  2⤵
  PID:7224
- C:\Windows\System\ObcHjcc.exe
  C:\Windows\System\ObcHjcc.exe
  2⤵
  PID:6212
- C:\Windows\System\vaOLMZv.exe
  C:\Windows\System\vaOLMZv.exe
  2⤵
  PID:7892
- C:\Windows\System\lJXEIZG.exe
  C:\Windows\System\lJXEIZG.exe
  2⤵
  PID:8104
- C:\Windows\System\mASgGGM.exe
  C:\Windows\System\mASgGGM.exe
  2⤵
  PID:3744
- C:\Windows\System\jAfkkTA.exe
  C:\Windows\System\jAfkkTA.exe
  2⤵
  PID:7496
- C:\Windows\System\HHcGYER.exe
  C:\Windows\System\HHcGYER.exe
  2⤵
  PID:7504
- C:\Windows\System\ScTccYA.exe
  C:\Windows\System\ScTccYA.exe
  2⤵
  PID:8060
- C:\Windows\System\HAykMRO.exe
  C:\Windows\System\HAykMRO.exe
  2⤵
  PID:8196
- C:\Windows\System\uBgKvrs.exe
  C:\Windows\System\uBgKvrs.exe
  2⤵
  PID:7884
- C:\Windows\System\LZsBOTH.exe
  C:\Windows\System\LZsBOTH.exe
  2⤵
  PID:8228
- C:\Windows\System\EOfjDBz.exe
  C:\Windows\System\EOfjDBz.exe
  2⤵
  PID:8284
- C:\Windows\System\gEdDYCr.exe
  C:\Windows\System\gEdDYCr.exe
  2⤵
  PID:8336
- C:\Windows\System\nWHdfdo.exe
  C:\Windows\System\nWHdfdo.exe
  2⤵
  PID:8252
- C:\Windows\System\KPOynJw.exe
  C:\Windows\System\KPOynJw.exe
  2⤵
  PID:7320
- C:\Windows\System\ZwlSXFf.exe
  C:\Windows\System\ZwlSXFf.exe
  2⤵
  PID:8420
- C:\Windows\System\FrDQFuO.exe
  C:\Windows\System\FrDQFuO.exe
  2⤵
  PID:8472
- C:\Windows\System\NRpDbUF.exe
  C:\Windows\System\NRpDbUF.exe
  2⤵
  PID:8456
- C:\Windows\System\YCFSUEE.exe
  C:\Windows\System\YCFSUEE.exe
  2⤵
  PID:8548
- C:\Windows\System\QAWXxBm.exe
  C:\Windows\System\QAWXxBm.exe
  2⤵
  PID:8524
- C:\Windows\System\vaNILbD.exe
  C:\Windows\System\vaNILbD.exe
  2⤵
  PID:8504
- C:\Windows\System\AjHcDRV.exe
  C:\Windows\System\AjHcDRV.exe
  2⤵
  PID:8668
- C:\Windows\System\cnEmwxa.exe
  C:\Windows\System\cnEmwxa.exe
  2⤵
  PID:8744
- C:\Windows\System\pOMWCeP.exe
  C:\Windows\System\pOMWCeP.exe
  2⤵
  PID:8824
- C:\Windows\System\XRitAKg.exe
  C:\Windows\System\XRitAKg.exe
  2⤵
  PID:8908
- C:\Windows\System\MgusrQm.exe
  C:\Windows\System\MgusrQm.exe
  2⤵
  PID:9192
- C:\Windows\System\wzgprgI.exe
  C:\Windows\System\wzgprgI.exe
  2⤵
  PID:9160
- C:\Windows\System\WWsiFfi.exe
  C:\Windows\System\WWsiFfi.exe
  2⤵
  PID:9140
- C:\Windows\System\RqcGHkk.exe
  C:\Windows\System\RqcGHkk.exe
  2⤵
  PID:9036
- C:\Windows\System\nLEElJi.exe
  C:\Windows\System\nLEElJi.exe
  2⤵
  PID:8952
- C:\Windows\System\QlxDAmG.exe
  C:\Windows\System\QlxDAmG.exe
  2⤵
  PID:8932
- C:\Windows\System\CxxYFsS.exe
  C:\Windows\System\CxxYFsS.exe
  2⤵
  PID:8888
- C:\Windows\System\xwigDyc.exe
  C:\Windows\System\xwigDyc.exe
  2⤵
  PID:8872
- C:\Windows\System\sunBxkE.exe
  C:\Windows\System\sunBxkE.exe
  2⤵
  PID:8852
- C:\Windows\System\SmXBdDC.exe
  C:\Windows\System\SmXBdDC.exe
  2⤵
  PID:8808
- C:\Windows\System\lMTMkNr.exe
  C:\Windows\System\lMTMkNr.exe
  2⤵
  PID:8792
- C:\Windows\System\kjlYaFH.exe
  C:\Windows\System\kjlYaFH.exe
  2⤵
  PID:8768
- C:\Windows\System\wWtfOvJ.exe
  C:\Windows\System\wWtfOvJ.exe
  2⤵
  PID:8652
- C:\Windows\System\uubxFfp.exe
  C:\Windows\System\uubxFfp.exe
  2⤵
  PID:8620
- C:\Windows\System\oogMYeX.exe
  C:\Windows\System\oogMYeX.exe
  2⤵
  PID:8392
- C:\Windows\System\ufqhoqT.exe
  C:\Windows\System\ufqhoqT.exe
  2⤵
  PID:8384
- C:\Windows\System\uBWsrod.exe
  C:\Windows\System\uBWsrod.exe
  2⤵
  PID:8628
- C:\Windows\System\pCORCvL.exe
  C:\Windows\System\pCORCvL.exe
  2⤵
  PID:9104
- C:\Windows\System\yVaIxmr.exe
  C:\Windows\System\yVaIxmr.exe
  2⤵
  PID:5612
- C:\Windows\System\utKNaab.exe
  C:\Windows\System\utKNaab.exe
  2⤵
  PID:9096
- C:\Windows\System\bAtAfue.exe
  C:\Windows\System\bAtAfue.exe
  2⤵
  PID:3692
- C:\Windows\System\ZIeDFAF.exe
  C:\Windows\System\ZIeDFAF.exe
  2⤵
  PID:8416
- C:\Windows\System\riURoua.exe
  C:\Windows\System\riURoua.exe
  2⤵
  PID:8584
- C:\Windows\System\dVpfpns.exe
  C:\Windows\System\dVpfpns.exe
  2⤵
  PID:5712
- C:\Windows\System\WdwQKRa.exe
  C:\Windows\System\WdwQKRa.exe
  2⤵
  PID:1200
- C:\Windows\System\fRQXWDG.exe
  C:\Windows\System\fRQXWDG.exe
  2⤵
  PID:1180
- C:\Windows\System\rXhzzaJ.exe
  C:\Windows\System\rXhzzaJ.exe
  2⤵
  PID:8864
- C:\Windows\System\PzallXz.exe
  C:\Windows\System\PzallXz.exe
  2⤵
  PID:9256
- C:\Windows\System\NbknTmu.exe
  C:\Windows\System\NbknTmu.exe
  2⤵
  PID:9236
- C:\Windows\System\CwmiyQl.exe
  C:\Windows\System\CwmiyQl.exe
  2⤵
  PID:8364
- C:\Windows\System\VrzEGFp.exe
  C:\Windows\System\VrzEGFp.exe
  2⤵
  PID:9348
- C:\Windows\System\APCUAcf.exe
  C:\Windows\System\APCUAcf.exe
  2⤵
  PID:9492
- C:\Windows\System\JQSqtud.exe
  C:\Windows\System\JQSqtud.exe
  2⤵
  PID:9472
- C:\Windows\System\uCgWnmx.exe
  C:\Windows\System\uCgWnmx.exe
  2⤵
  PID:9548
- C:\Windows\System\PpdyLiv.exe
  C:\Windows\System\PpdyLiv.exe
  2⤵
  PID:9444
- C:\Windows\System\mxwwyKh.exe
  C:\Windows\System\mxwwyKh.exe
  2⤵
  PID:9620
- C:\Windows\System\yRWoyvV.exe
  C:\Windows\System\yRWoyvV.exe
  2⤵
  PID:9660
- C:\Windows\System\nVZFxaA.exe
  C:\Windows\System\nVZFxaA.exe
  2⤵
  PID:9636
- C:\Windows\System\LIsRCeR.exe
  C:\Windows\System\LIsRCeR.exe
  2⤵
  PID:9592
- C:\Windows\System\kacsrbJ.exe
  C:\Windows\System\kacsrbJ.exe
  2⤵
  PID:9568
- C:\Windows\System\mcYzrSI.exe
  C:\Windows\System\mcYzrSI.exe
  2⤵
  PID:9424
- C:\Windows\System\sTPaqTK.exe
  C:\Windows\System\sTPaqTK.exe
  2⤵
  PID:8832
- C:\Windows\System\sTqESOj.exe
  C:\Windows\System\sTqESOj.exe
  2⤵
  PID:8088
- C:\Windows\System\tXZRlAN.exe
  C:\Windows\System\tXZRlAN.exe
  2⤵
  PID:1712
- C:\Windows\System\JBptIEs.exe
  C:\Windows\System\JBptIEs.exe
  2⤵
  PID:9748
- C:\Windows\System\SlPJLqU.exe
  C:\Windows\System\SlPJLqU.exe
  2⤵
  PID:9812
- C:\Windows\System\lVeDxxU.exe
  C:\Windows\System\lVeDxxU.exe
  2⤵
  PID:9728
- C:\Windows\System\mdPLrJU.exe
  C:\Windows\System\mdPLrJU.exe
  2⤵
  PID:9888
- C:\Windows\System\CFreCNF.exe
  C:\Windows\System\CFreCNF.exe
  2⤵
  PID:9864
- C:\Windows\System\udIhFMV.exe
  C:\Windows\System\udIhFMV.exe
  2⤵
  PID:9924
- C:\Windows\System\mICyLsC.exe
  C:\Windows\System\mICyLsC.exe
  2⤵
  PID:9836
- C:\Windows\System\gmpSvCg.exe
  C:\Windows\System\gmpSvCg.exe
  2⤵
  PID:10012
- C:\Windows\System\KTPFALz.exe
  C:\Windows\System\KTPFALz.exe
  2⤵
  PID:10056
- C:\Windows\System\ljzJAsR.exe
  C:\Windows\System\ljzJAsR.exe
  2⤵
  PID:9992
- C:\Windows\System\cmYrXGk.exe
  C:\Windows\System\cmYrXGk.exe
  2⤵
  PID:9968
- C:\Windows\System\dpzlwMk.exe
  C:\Windows\System\dpzlwMk.exe
  2⤵
  PID:9708
- C:\Windows\System\uyEsqgl.exe
  C:\Windows\System\uyEsqgl.exe
  2⤵
  PID:10232
- C:\Windows\System\LtcOJWn.exe
  C:\Windows\System\LtcOJWn.exe
  2⤵
  PID:10208
- C:\Windows\System\gDURPsH.exe
  C:\Windows\System\gDURPsH.exe
  2⤵
  PID:10188
- C:\Windows\System\oesyKDk.exe
  C:\Windows\System\oesyKDk.exe
  2⤵
  PID:2728
- C:\Windows\System\OOfzwnz.exe
  C:\Windows\System\OOfzwnz.exe
  2⤵
  PID:9580
- C:\Windows\System\CCTAIJu.exe
  C:\Windows\System\CCTAIJu.exe
  2⤵
  PID:9264
- C:\Windows\System\XVzuPDR.exe
  C:\Windows\System\XVzuPDR.exe
  2⤵
  PID:9296
- C:\Windows\System\NogBbKZ.exe
  C:\Windows\System\NogBbKZ.exe
  2⤵
  PID:8464
- C:\Windows\System\zBhujxC.exe
  C:\Windows\System\zBhujxC.exe
  2⤵
  PID:4896
- C:\Windows\System\nSnFcZX.exe
  C:\Windows\System\nSnFcZX.exe
  2⤵
  PID:9176
- C:\Windows\System\ZmnYInK.exe
  C:\Windows\System\ZmnYInK.exe
  2⤵
  PID:10168
- C:\Windows\System\XJLLKDx.exe
  C:\Windows\System\XJLLKDx.exe
  2⤵
  PID:10148
- C:\Windows\System\TXwguMX.exe
  C:\Windows\System\TXwguMX.exe
  2⤵
  PID:10128
- C:\Windows\System\cRmcDIn.exe
  C:\Windows\System\cRmcDIn.exe
  2⤵
  PID:10104
- C:\Windows\System\FSJyNMk.exe
  C:\Windows\System\FSJyNMk.exe
  2⤵
  PID:9676
- C:\Windows\System\LmnJYxm.exe
  C:\Windows\System\LmnJYxm.exe
  2⤵
  PID:8604
- C:\Windows\System\rmVEpmd.exe
  C:\Windows\System\rmVEpmd.exe
  2⤵
  PID:8536
- C:\Windows\System\xKFbLIq.exe
  C:\Windows\System\xKFbLIq.exe
  2⤵
  PID:8388
- C:\Windows\System\xTlPtFz.exe
  C:\Windows\System\xTlPtFz.exe
  2⤵
  PID:8024
- C:\Windows\System\RimSuqv.exe
  C:\Windows\System\RimSuqv.exe
  2⤵
  PID:9540
- C:\Windows\System\BPrVPSX.exe
  C:\Windows\System\BPrVPSX.exe
  2⤵
  PID:9740
- C:\Windows\System\KcdLHdr.exe
  C:\Windows\System\KcdLHdr.exe
  2⤵
  PID:9852
- C:\Windows\System\KwqaWeR.exe
  C:\Windows\System\KwqaWeR.exe
  2⤵
  PID:9652
- C:\Windows\System\rgtWNmu.exe
  C:\Windows\System\rgtWNmu.exe
  2⤵
  PID:9672
- C:\Windows\System\gMUglGS.exe
  C:\Windows\System\gMUglGS.exe
  2⤵
  PID:10028
- C:\Windows\System\KZQcaJz.exe
  C:\Windows\System\KZQcaJz.exe
  2⤵
  PID:10048
- C:\Windows\System\TABSOMP.exe
  C:\Windows\System\TABSOMP.exe
  2⤵
  PID:9980
- C:\Windows\System\XZHWaMr.exe
  C:\Windows\System\XZHWaMr.exe
  2⤵
  PID:10200
- C:\Windows\System\qmOgtlL.exe
  C:\Windows\System\qmOgtlL.exe
  2⤵
  PID:10160
- C:\Windows\System\VraTDjF.exe
  C:\Windows\System\VraTDjF.exe
  2⤵
  PID:2988
- C:\Windows\System\KDTBvRe.exe
  C:\Windows\System\KDTBvRe.exe
  2⤵
  PID:9136
- C:\Windows\System\fhVgDYt.exe
  C:\Windows\System\fhVgDYt.exe
  2⤵
  PID:9300
- C:\Windows\System\JaxxiJv.exe
  C:\Windows\System\JaxxiJv.exe
  2⤵
  PID:9280
- C:\Windows\System\FUqKVKj.exe
  C:\Windows\System\FUqKVKj.exe
  2⤵
  PID:10196
- C:\Windows\System\FUTjsVy.exe
  C:\Windows\System\FUTjsVy.exe
  2⤵
  PID:9668
- C:\Windows\System\ZALeKnp.exe
  C:\Windows\System\ZALeKnp.exe
  2⤵
  PID:8784
- C:\Windows\System\qeENhKG.exe
  C:\Windows\System\qeENhKG.exe
  2⤵
  PID:8860
- C:\Windows\System\XZyFoaq.exe
  C:\Windows\System\XZyFoaq.exe
  2⤵
  PID:1780
- C:\Windows\System\jxLuHrs.exe
  C:\Windows\System\jxLuHrs.exe
  2⤵
  PID:8804
- C:\Windows\System\HvgDhYU.exe
  C:\Windows\System\HvgDhYU.exe
  2⤵
  PID:8724
- C:\Windows\System\TeXuqvm.exe
  C:\Windows\System\TeXuqvm.exe
  2⤵
  PID:8544
- C:\Windows\System\LTlIacz.exe
  C:\Windows\System\LTlIacz.exe
  2⤵
  PID:8372
- C:\Windows\System\fUvzBHN.exe
  C:\Windows\System\fUvzBHN.exe
  2⤵
  PID:3828
- C:\Windows\System\tPeFDDA.exe
  C:\Windows\System\tPeFDDA.exe
  2⤵
  PID:3708
- C:\Windows\System\MsxILjV.exe
  C:\Windows\System\MsxILjV.exe
  2⤵
  PID:7728
- C:\Windows\System\rsmKylf.exe
  C:\Windows\System\rsmKylf.exe
  2⤵
  PID:9048
- C:\Windows\System\rEeSlrb.exe
  C:\Windows\System\rEeSlrb.exe
  2⤵
  PID:8996
- C:\Windows\System\qimhMbu.exe
  C:\Windows\System\qimhMbu.exe
  2⤵
  PID:3124
- C:\Windows\System\wVfSfyJ.exe
  C:\Windows\System\wVfSfyJ.exe
  2⤵
  PID:2500
- C:\Windows\System\UhtPhaY.exe
  C:\Windows\System\UhtPhaY.exe
  2⤵
  PID:8948
- C:\Windows\System\RWaXBtL.exe
  C:\Windows\System\RWaXBtL.exe
  2⤵
  PID:8836
- C:\Windows\System\YTygApQ.exe
  C:\Windows\System\YTygApQ.exe
  2⤵
  PID:8760
- C:\Windows\System\XAZKphI.exe
  C:\Windows\System\XAZKphI.exe
  2⤵
  PID:8692
- C:\Windows\System\YBuQLma.exe
  C:\Windows\System\YBuQLma.exe
  2⤵
  PID:8740
- C:\Windows\System\WhpGIpj.exe
  C:\Windows\System\WhpGIpj.exe
  2⤵
  PID:8540
- C:\Windows\System\dgLnmIZ.exe
  C:\Windows\System\dgLnmIZ.exe
  2⤵
  PID:8516
- C:\Windows\System\CueoDyz.exe
  C:\Windows\System\CueoDyz.exe
  2⤵
  PID:8376
- C:\Windows\System\TDrxRBk.exe
  C:\Windows\System\TDrxRBk.exe
  2⤵
  PID:8356
- C:\Windows\System\zqADouo.exe
  C:\Windows\System\zqADouo.exe
  2⤵
  PID:7480
- C:\Windows\System\VmVLZvK.exe
  C:\Windows\System\VmVLZvK.exe
  2⤵
  PID:8172
- C:\Windows\System\ajanGcW.exe
  C:\Windows\System\ajanGcW.exe
  2⤵
  PID:7552
- C:\Windows\System\dJrBfba.exe
  C:\Windows\System\dJrBfba.exe
  2⤵
  PID:7448
- C:\Windows\System\hAdfzRQ.exe
  C:\Windows\System\hAdfzRQ.exe
  2⤵
  PID:7232
- C:\Windows\System\hqcUkhT.exe
  C:\Windows\System\hqcUkhT.exe
  2⤵
  PID:7324
- C:\Windows\System\xBdqduS.exe
  C:\Windows\System\xBdqduS.exe
  2⤵
  PID:7292
- C:\Windows\System\wYoXrzt.exe
  C:\Windows\System\wYoXrzt.exe
  2⤵
  PID:8164
- C:\Windows\System\jJDNQLm.exe
  C:\Windows\System\jJDNQLm.exe
  2⤵
  PID:8148
- C:\Windows\System\EUrGehZ.exe
  C:\Windows\System\EUrGehZ.exe
  2⤵
  PID:8112
- C:\Windows\System\YbWcNpf.exe
  C:\Windows\System\YbWcNpf.exe
  2⤵
  PID:7968
- C:\Windows\System\bJgyzne.exe
  C:\Windows\System\bJgyzne.exe
  2⤵
  PID:7912
- C:\Windows\System\UilJbNd.exe
  C:\Windows\System\UilJbNd.exe
  2⤵
  PID:7772
- C:\Windows\System\EnIKJfq.exe
  C:\Windows\System\EnIKJfq.exe
  2⤵
  PID:7756
- C:\Windows\System\LiklBsu.exe
  C:\Windows\System\LiklBsu.exe
  2⤵
  PID:7736
- C:\Windows\System\fPTwCkN.exe
  C:\Windows\System\fPTwCkN.exe
  2⤵
  PID:7712
- C:\Windows\System\bHdhFCy.exe
  C:\Windows\System\bHdhFCy.exe
  2⤵
  PID:7672
- C:\Windows\System\SyFFMDm.exe
  C:\Windows\System\SyFFMDm.exe
  2⤵
  PID:7556
- C:\Windows\System\djmVUTV.exe
  C:\Windows\System\djmVUTV.exe
  2⤵
  PID:7532
- C:\Windows\System\nadaoCC.exe
  C:\Windows\System\nadaoCC.exe
  2⤵
  PID:7516
- C:\Windows\System\eJjweJR.exe
  C:\Windows\System\eJjweJR.exe
  2⤵
  PID:7484
- C:\Windows\System\WVKHgUN.exe
  C:\Windows\System\WVKHgUN.exe
  2⤵
  PID:5956
- C:\Windows\System\Ederrau.exe
  C:\Windows\System\Ederrau.exe
  2⤵
  PID:4024
- C:\Windows\System\CbFCIMi.exe
  C:\Windows\System\CbFCIMi.exe
  2⤵
  PID:1980
- C:\Windows\System\uXPNjtL.exe
  C:\Windows\System\uXPNjtL.exe
  2⤵
  PID:4968
- C:\Windows\System\WFcqTvw.exe
  C:\Windows\System\WFcqTvw.exe
  2⤵
  PID:4424
- C:\Windows\System\uAbLUzS.exe
  C:\Windows\System\uAbLUzS.exe
  2⤵
  PID:384
- C:\Windows\System\MeDFAwp.exe
  C:\Windows\System\MeDFAwp.exe
  2⤵
  PID:776
- C:\Windows\System\THwwJCs.exe
  C:\Windows\System\THwwJCs.exe
  2⤵
  PID:1228
- C:\Windows\System\qEqbnrm.exe
  C:\Windows\System\qEqbnrm.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\OZrFiDw.exe
  C:\Windows\System\OZrFiDw.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\eQxdjmt.exe
  C:\Windows\System\eQxdjmt.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\JNYqUcO.exe
  C:\Windows\System\JNYqUcO.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\xDDQgyN.exe
  C:\Windows\System\xDDQgyN.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\MyMfUdW.exe
  C:\Windows\System\MyMfUdW.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\TTUqiPy.exe
  C:\Windows\System\TTUqiPy.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\nqWQZUV.exe
  C:\Windows\System\nqWQZUV.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\fCnKGRe.exe
  C:\Windows\System\fCnKGRe.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\HUcrKst.exe
  C:\Windows\System\HUcrKst.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\CEwLgLf.exe
  C:\Windows\System\CEwLgLf.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\cZmsPyy.exe
  C:\Windows\System\cZmsPyy.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\UkVARWd.exe
  C:\Windows\System\UkVARWd.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\fXhEBrJ.exe
  C:\Windows\System\fXhEBrJ.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\vEfiild.exe
  C:\Windows\System\vEfiild.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\iTAhXLZ.exe
  C:\Windows\System\iTAhXLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\zJZAWtj.exe
  C:\Windows\System\zJZAWtj.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\LkbSISO.exe
  C:\Windows\System\LkbSISO.exe
  2⤵
  - Executes dropped EXE
  PID:1896

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BMenauy.exe

Filesize
2.1MB

MD5
5108f962d77d8c19a9b1d2281515522a

SHA1
323a24f92d74b0f73721364c6d833153f98d7293

SHA256
60bae5669561e0a0d291a64ec09b7b9786bfd78d06e3d244ab3c810686bd7ed9

SHA512
85cf827b523b4ae23690344b3b7fd42959de30d80e36d8b5747448b8c60742d59c443e016de51c1ec5438e2eed2397a961a5e074b1fc53d4a78cc18ac52b08a4

Download Submit
C:\Windows\System\BMenauy.exe

Filesize
2.1MB

MD5
5108f962d77d8c19a9b1d2281515522a

SHA1
323a24f92d74b0f73721364c6d833153f98d7293

SHA256
60bae5669561e0a0d291a64ec09b7b9786bfd78d06e3d244ab3c810686bd7ed9

SHA512
85cf827b523b4ae23690344b3b7fd42959de30d80e36d8b5747448b8c60742d59c443e016de51c1ec5438e2eed2397a961a5e074b1fc53d4a78cc18ac52b08a4

Download Submit
C:\Windows\System\CLKszwp.exe

Filesize
2.1MB

MD5
ead6495bdebb582b2d47d867b6280c8b

SHA1
b1ec8000616b43aa0ed7c4449dc3149508d03dcc

SHA256
5bc27d61e9d84827818072dc72ddea0eda623929db0bfa2b4090556e73612590

SHA512
d4354f506b027742369e96a0f3bce3fbd46208d1027115fa2604e3757f65d475120708da8c79e6f1daacb6ae7496451f4bde1c7105129438c7c063486ce46354

Download Submit
C:\Windows\System\CLKszwp.exe

Filesize
2.1MB

MD5
ead6495bdebb582b2d47d867b6280c8b

SHA1
b1ec8000616b43aa0ed7c4449dc3149508d03dcc

SHA256
5bc27d61e9d84827818072dc72ddea0eda623929db0bfa2b4090556e73612590

SHA512
d4354f506b027742369e96a0f3bce3fbd46208d1027115fa2604e3757f65d475120708da8c79e6f1daacb6ae7496451f4bde1c7105129438c7c063486ce46354

Download Submit
C:\Windows\System\CRLNldL.exe

Filesize
2.1MB

MD5
664fa93b02bcb984140d247339c14a03

SHA1
bc0635f71c97e5ea0a8ebd31150a06479dfd31ff

SHA256
9542e0ce4d28e248c8d21afca3c36339c10361ead589767db8df66ddb47611a0

SHA512
de04869f1813e3c7cc504cc1dbf1748bae1d32a3848b1dcf90251bae4bb8c0d328255699303506f48a34045626fcbeaf9a01b3da2d16fd1aa998af3ef8970aa4

Download Submit
C:\Windows\System\CRLNldL.exe

Filesize
2.1MB

MD5
664fa93b02bcb984140d247339c14a03

SHA1
bc0635f71c97e5ea0a8ebd31150a06479dfd31ff

SHA256
9542e0ce4d28e248c8d21afca3c36339c10361ead589767db8df66ddb47611a0

SHA512
de04869f1813e3c7cc504cc1dbf1748bae1d32a3848b1dcf90251bae4bb8c0d328255699303506f48a34045626fcbeaf9a01b3da2d16fd1aa998af3ef8970aa4

Download Submit
C:\Windows\System\DCXpgNg.exe

Filesize
2.1MB

MD5
07b70099f242f2971cf8fa7cb2af5339

SHA1
f79802e01f104d223491e64da28c7c82ba26b12a

SHA256
7cfa1fbaacd06cbe71ebf5145ace345785470899b9f9f672028826cc57858aca

SHA512
f716a06f355a6f81807680c2ce75f79861a854b5aa06731eb560d06c24f5c50582030fdbf4215c9602c4afd0c1f8d64478824dda09b981f5edd65e1549be13e7

Download Submit
C:\Windows\System\DCXpgNg.exe

Filesize
2.1MB

MD5
07b70099f242f2971cf8fa7cb2af5339

SHA1
f79802e01f104d223491e64da28c7c82ba26b12a

SHA256
7cfa1fbaacd06cbe71ebf5145ace345785470899b9f9f672028826cc57858aca

SHA512
f716a06f355a6f81807680c2ce75f79861a854b5aa06731eb560d06c24f5c50582030fdbf4215c9602c4afd0c1f8d64478824dda09b981f5edd65e1549be13e7

Download Submit
C:\Windows\System\EPjlFRv.exe

Filesize
2.1MB

MD5
2ac431fc41e0d69c23f0d6afd0947d67

SHA1
7ecb9c1cd8ec84ed3b2593498e7a40512a2af20d

SHA256
61821187ebdcd64b2cdd5a3ce0730b7edea50cd654a03bf1e1538543be86e260

SHA512
cbdc4c50207781166026e8fbc42000fe3dd6f4ed1e7cbfebc001338470a2798f210bfe14c77b1caa57addf2691bc3b7c3cebc5ac4ee4192ed072c77a18e989e5

Download Submit
C:\Windows\System\EPjlFRv.exe

Filesize
2.1MB

MD5
2ac431fc41e0d69c23f0d6afd0947d67

SHA1
7ecb9c1cd8ec84ed3b2593498e7a40512a2af20d

SHA256
61821187ebdcd64b2cdd5a3ce0730b7edea50cd654a03bf1e1538543be86e260

SHA512
cbdc4c50207781166026e8fbc42000fe3dd6f4ed1e7cbfebc001338470a2798f210bfe14c77b1caa57addf2691bc3b7c3cebc5ac4ee4192ed072c77a18e989e5

Download Submit
C:\Windows\System\FLuqbrD.exe

Filesize
2.1MB

MD5
6491d80189d66a1153b8eac7f4e31c24

SHA1
bd976d49c8a80be9989889b29ce0c16fb6cf727b

SHA256
15c3739f6b4bc8b13d096d8c90bfb76ee46beec2d7720df1efeff5a1aac98323

SHA512
0b50e7a9540d0362a358148365ffa48ce8deb821a805a3183c4a8997d1c457c60b3bb5e1c9a1bc2d91ce4f0652fd35e66d2099ca59f0ea18be83e48df8f10096

Download Submit
C:\Windows\System\FLuqbrD.exe

Filesize
2.1MB

MD5
6491d80189d66a1153b8eac7f4e31c24

SHA1
bd976d49c8a80be9989889b29ce0c16fb6cf727b

SHA256
15c3739f6b4bc8b13d096d8c90bfb76ee46beec2d7720df1efeff5a1aac98323

SHA512
0b50e7a9540d0362a358148365ffa48ce8deb821a805a3183c4a8997d1c457c60b3bb5e1c9a1bc2d91ce4f0652fd35e66d2099ca59f0ea18be83e48df8f10096

Download Submit
C:\Windows\System\GtBdXmG.exe

Filesize
2.1MB

MD5
2f466f14ea79cb92115e2b0295abc69c

SHA1
93b32a75c9c6e76c83d55bd03f25d67ef37a8be7

SHA256
6960a9526b5b2de3cecf396db45b9bb4995311baca0ab923a5f7b1329dd03dbd

SHA512
851158466002a9f06ebd811f1c561c5e4824fb97687ec2a344881037872515470d03b1eff76970900b4b5a463a9ef20acedd3124e1d67404d543d6a19456553d

Download Submit
C:\Windows\System\GtBdXmG.exe

Filesize
2.1MB

MD5
2f466f14ea79cb92115e2b0295abc69c

SHA1
93b32a75c9c6e76c83d55bd03f25d67ef37a8be7

SHA256
6960a9526b5b2de3cecf396db45b9bb4995311baca0ab923a5f7b1329dd03dbd

SHA512
851158466002a9f06ebd811f1c561c5e4824fb97687ec2a344881037872515470d03b1eff76970900b4b5a463a9ef20acedd3124e1d67404d543d6a19456553d

Download Submit
C:\Windows\System\IydsRMP.exe

Filesize
2.1MB

MD5
69b5ac7f7a5ca4e0a933c3e9652bb94a

SHA1
4ff48e19c99d670c75eb9e04944b820918982e85

SHA256
3c39f62c3a42abad7442f8183332f203cf2845dca2d59ab7053c7f251d82c1d4

SHA512
c05809e75e0e565ea4c795c372a71972b8c40144118b9278f635f56f5f34a4d603bd9907cf27bc13e31e7b7b9f2a1f0dd20da34469ae61260028bdd4c754ca66

Download Submit
C:\Windows\System\IydsRMP.exe

Filesize
2.1MB

MD5
69b5ac7f7a5ca4e0a933c3e9652bb94a

SHA1
4ff48e19c99d670c75eb9e04944b820918982e85

SHA256
3c39f62c3a42abad7442f8183332f203cf2845dca2d59ab7053c7f251d82c1d4

SHA512
c05809e75e0e565ea4c795c372a71972b8c40144118b9278f635f56f5f34a4d603bd9907cf27bc13e31e7b7b9f2a1f0dd20da34469ae61260028bdd4c754ca66

Download Submit
C:\Windows\System\KBYqILI.exe

Filesize
2.1MB

MD5
18d31f04bd1da1c5db065384caefafc5

SHA1
f92500b7b1c34efb3c2517c9d6b1bd183dfdabf4

SHA256
ae0516e4cdff59c3651465f2dd0478097eb1107624a61077e4fd837923dd84f9

SHA512
8e0d576780b2e1bbb8e7a256c2e27342992e86aed6b3e0b24cad5588ca7ed3a9090e56200282bda26db65bca0764706e92b5c93a330bde478dc8de090e9c5810

Download Submit
C:\Windows\System\KBYqILI.exe

Filesize
2.1MB

MD5
18d31f04bd1da1c5db065384caefafc5

SHA1
f92500b7b1c34efb3c2517c9d6b1bd183dfdabf4

SHA256
ae0516e4cdff59c3651465f2dd0478097eb1107624a61077e4fd837923dd84f9

SHA512
8e0d576780b2e1bbb8e7a256c2e27342992e86aed6b3e0b24cad5588ca7ed3a9090e56200282bda26db65bca0764706e92b5c93a330bde478dc8de090e9c5810

Download Submit
C:\Windows\System\LkbSISO.exe

Filesize
2.1MB

MD5
8f02389850a903c96c64de1534ec70dd

SHA1
f54908b1f3d810da28c06ecdd55e79cc3cf054b4

SHA256
2482047492a4de5ed23543258c5b0c8c2b26fc5a5d9a10c8fed7c6b9ddc11ca2

SHA512
53ba9a8b0d7d2ab6e40eecec078ad3965721fe02491493ba0f2ae16c4decc2f24b09b006559ea4e81e7d6fea4ff038c63a173082d47f27bcb2ce339b9ba5f8b2

Download Submit
C:\Windows\System\LkbSISO.exe

Filesize
2.1MB

MD5
8f02389850a903c96c64de1534ec70dd

SHA1
f54908b1f3d810da28c06ecdd55e79cc3cf054b4

SHA256
2482047492a4de5ed23543258c5b0c8c2b26fc5a5d9a10c8fed7c6b9ddc11ca2

SHA512
53ba9a8b0d7d2ab6e40eecec078ad3965721fe02491493ba0f2ae16c4decc2f24b09b006559ea4e81e7d6fea4ff038c63a173082d47f27bcb2ce339b9ba5f8b2

Download Submit
C:\Windows\System\MAYsqzf.exe

Filesize
2.1MB

MD5
999f6bfef94580503238c0ce591e0c48

SHA1
bffd7576a76139a2ee25380c8f78c434cb144dc2

SHA256
a70be95f5c9bd5ab7f9df5ca9707fdc9ca7feb919204e88726a86ca6801fc60a

SHA512
0d12d3656c3a924359ef77abafddf407856c3acad282d4b7eba4a3df410fa19202ab0e32ed29fda990faa615324289b4f5dff10d72421c011f3ac88453cef59a

Download Submit
C:\Windows\System\MAYsqzf.exe

Filesize
2.1MB

MD5
999f6bfef94580503238c0ce591e0c48

SHA1
bffd7576a76139a2ee25380c8f78c434cb144dc2

SHA256
a70be95f5c9bd5ab7f9df5ca9707fdc9ca7feb919204e88726a86ca6801fc60a

SHA512
0d12d3656c3a924359ef77abafddf407856c3acad282d4b7eba4a3df410fa19202ab0e32ed29fda990faa615324289b4f5dff10d72421c011f3ac88453cef59a

Download Submit
C:\Windows\System\QREpprx.exe

Filesize
2.1MB

MD5
8c49c9b005cd1ec323a26b1fcad914c0

SHA1
c139761d3fe45377ad1a2148d6f68b61ffbeb766

SHA256
c651f578b8a2d3873639b5bebac2f2a889c1104804c251d9ed1758d7b4cd0ee8

SHA512
5c76bf887167889f17d15eb79b554502aa344e10eb6e5b8efc56d6614102a3eb61ac3b3e2b90249ff9b2aeabecfc892d7db986ff73d3ee491e35482619fd833b

Download Submit
C:\Windows\System\QREpprx.exe

Filesize
2.1MB

MD5
8c49c9b005cd1ec323a26b1fcad914c0

SHA1
c139761d3fe45377ad1a2148d6f68b61ffbeb766

SHA256
c651f578b8a2d3873639b5bebac2f2a889c1104804c251d9ed1758d7b4cd0ee8

SHA512
5c76bf887167889f17d15eb79b554502aa344e10eb6e5b8efc56d6614102a3eb61ac3b3e2b90249ff9b2aeabecfc892d7db986ff73d3ee491e35482619fd833b

Download Submit
C:\Windows\System\QjvDPio.exe

Filesize
2.1MB

MD5
0e9244c7011be1452b26ad96faa022f1

SHA1
4bdfc67f6be16462c392333395ade5adac8274b4

SHA256
14e5d4b06d04f0e8809de380c330e9e39a19ff9a6448ed9634d509bd532f5621

SHA512
7787270824608e75f39026034229f3a8c07fcc61a29862871720fc9c7e765ac223697e2f6beda9df525ad2cefab12ba85aa37bdf7fb380e1c88ba3d9fb51b7de

Download Submit
C:\Windows\System\QjvDPio.exe

Filesize
2.1MB

MD5
0e9244c7011be1452b26ad96faa022f1

SHA1
4bdfc67f6be16462c392333395ade5adac8274b4

SHA256
14e5d4b06d04f0e8809de380c330e9e39a19ff9a6448ed9634d509bd532f5621

SHA512
7787270824608e75f39026034229f3a8c07fcc61a29862871720fc9c7e765ac223697e2f6beda9df525ad2cefab12ba85aa37bdf7fb380e1c88ba3d9fb51b7de

Download Submit
C:\Windows\System\UwvVHql.exe

Filesize
2.1MB

MD5
3813ca699bd6dbb24d85b146a6f0fd94

SHA1
dfcf164429a09aa8a8b5b2595c2bbb245fab6ac7

SHA256
5c49641998528cfa81ff964f6e103397b254e902951357b91779a7d0340ad22d

SHA512
0267296eff18a2b3405f0a2df179ddd1c5a8aa2963a57758432d026e89ff800e9dea22a9730ed406b16d26743e34ce33a9b2e11e8041e65f69002ad038ee8fe6

Download Submit
C:\Windows\System\UwvVHql.exe

Filesize
2.1MB

MD5
3813ca699bd6dbb24d85b146a6f0fd94

SHA1
dfcf164429a09aa8a8b5b2595c2bbb245fab6ac7

SHA256
5c49641998528cfa81ff964f6e103397b254e902951357b91779a7d0340ad22d

SHA512
0267296eff18a2b3405f0a2df179ddd1c5a8aa2963a57758432d026e89ff800e9dea22a9730ed406b16d26743e34ce33a9b2e11e8041e65f69002ad038ee8fe6

Download Submit
C:\Windows\System\XiujvkK.exe

Filesize
2.1MB

MD5
456b60423121cd9c8c8496fc67434f70

SHA1
b3f34c91f14b8884aebc5627cc73edcc125c2ade

SHA256
d9663391466baf41b6d15d26c1c45e1b96a76c997ac4dc3add87f1cdc29cd775

SHA512
ca7dd0771ebb92f2a10f5739c84313609d002f0119dceb650e9943d45cc256930cc31997dded8d06470fe88da39039411a8552aca1e947289fe9a6a379cf9398

Download Submit
C:\Windows\System\XiujvkK.exe

Filesize
2.1MB

MD5
456b60423121cd9c8c8496fc67434f70

SHA1
b3f34c91f14b8884aebc5627cc73edcc125c2ade

SHA256
d9663391466baf41b6d15d26c1c45e1b96a76c997ac4dc3add87f1cdc29cd775

SHA512
ca7dd0771ebb92f2a10f5739c84313609d002f0119dceb650e9943d45cc256930cc31997dded8d06470fe88da39039411a8552aca1e947289fe9a6a379cf9398

Download Submit
C:\Windows\System\abhKjJb.exe

Filesize
2.1MB

MD5
ddf527ff1586faacfd1d55dec226fe82

SHA1
3f2308b7643c30416a09bf0fd355f20b29ed0aab

SHA256
2f6513a1d17242c03b77c2e69f571f5dc80ff894ac9da7c24256b74ea3f87b3d

SHA512
ad8eb36f6de799487624efc3c8eb3db20634bf08bfa60a2fbb9303b7f6c800db090d6d3768a029ca7bb0b8f78965e035897a69183b1e26e499f6a76ef7fb5bbc

Download Submit
C:\Windows\System\abhKjJb.exe

Filesize
2.1MB

MD5
ddf527ff1586faacfd1d55dec226fe82

SHA1
3f2308b7643c30416a09bf0fd355f20b29ed0aab

SHA256
2f6513a1d17242c03b77c2e69f571f5dc80ff894ac9da7c24256b74ea3f87b3d

SHA512
ad8eb36f6de799487624efc3c8eb3db20634bf08bfa60a2fbb9303b7f6c800db090d6d3768a029ca7bb0b8f78965e035897a69183b1e26e499f6a76ef7fb5bbc

Download Submit
C:\Windows\System\dHFpSQu.exe

Filesize
2.1MB

MD5
6d699e71577191fd842e80f5bef59cc3

SHA1
4be416afe763b4d4de4159ae7201a4f35845dfc7

SHA256
c879f94a587a3491c41b5e749584a51ee206f108aec38c6e3dbc663ea9f80c52

SHA512
ad724147fec4214e63120c0b75ee60459588afdd8146978d0de6d780ce5ea7e94e93523e4397e314965b3d0943b30e00be4bd2732751fa3ac3ce7f5cf6fb174a

Download Submit
C:\Windows\System\dHFpSQu.exe

Filesize
2.1MB

MD5
6d699e71577191fd842e80f5bef59cc3

SHA1
4be416afe763b4d4de4159ae7201a4f35845dfc7

SHA256
c879f94a587a3491c41b5e749584a51ee206f108aec38c6e3dbc663ea9f80c52

SHA512
ad724147fec4214e63120c0b75ee60459588afdd8146978d0de6d780ce5ea7e94e93523e4397e314965b3d0943b30e00be4bd2732751fa3ac3ce7f5cf6fb174a

Download Submit
C:\Windows\System\dOvtVLu.exe

Filesize
2.1MB

MD5
053e24bcb97dff833543138a26412c3f

SHA1
4e61f4492b2e5888a2e5c79335e9f2b959cc11f0

SHA256
6272141300b5a5bf53c893fd006173d912897af115e49d1d468522e66f38b246

SHA512
5cead3019c8b7e7580374a6ad75219d0d70d617680a1450c09d0eda7373f97d6d8cdd92f51d207691d596728fe2fbc999a8484a7ab078560c75a90bb70a21799

Download Submit
C:\Windows\System\dOvtVLu.exe

Filesize
2.1MB

MD5
053e24bcb97dff833543138a26412c3f

SHA1
4e61f4492b2e5888a2e5c79335e9f2b959cc11f0

SHA256
6272141300b5a5bf53c893fd006173d912897af115e49d1d468522e66f38b246

SHA512
5cead3019c8b7e7580374a6ad75219d0d70d617680a1450c09d0eda7373f97d6d8cdd92f51d207691d596728fe2fbc999a8484a7ab078560c75a90bb70a21799

Download Submit
C:\Windows\System\dRElpjS.exe

Filesize
2.1MB

MD5
4d1f37204dbf5f3d88e3938008f17798

SHA1
4ff93cd7834782b33559fff6a82731a91606fbaf

SHA256
6539cc6943741f4eee2e4c9c121162191902bdafdccac79e2868faf97e33da44

SHA512
1fdafd3d588c94a157659f02562db4d8fdb617290eade9c3d0ef263395585cac63d5b62bcd7a434a0db41e5e2d7c6efeaecf2a2002236d8488c3afcbfa082bc5

Download Submit
C:\Windows\System\dRElpjS.exe

Filesize
2.1MB

MD5
4d1f37204dbf5f3d88e3938008f17798

SHA1
4ff93cd7834782b33559fff6a82731a91606fbaf

SHA256
6539cc6943741f4eee2e4c9c121162191902bdafdccac79e2868faf97e33da44

SHA512
1fdafd3d588c94a157659f02562db4d8fdb617290eade9c3d0ef263395585cac63d5b62bcd7a434a0db41e5e2d7c6efeaecf2a2002236d8488c3afcbfa082bc5

Download Submit
C:\Windows\System\dWTeYgx.exe

Filesize
2.1MB

MD5
2402b036936970b6b05db6bcfc5b43e0

SHA1
12745ff9298aae5e4a92798efbf8c780a11bcf5b

SHA256
997ba86695869242fa54846384c6a110e04055dd08e380933c7ab64be983725a

SHA512
668256d9702c42064e4975ffdb74e6f539aae5f87290d472b2dd4711fc834fb56df8b496ebea2124e3398e85db2e212f1ea7a2dc0210bdc9f3c20c693053e1b8

Download Submit
C:\Windows\System\dWTeYgx.exe

Filesize
2.1MB

MD5
2402b036936970b6b05db6bcfc5b43e0

SHA1
12745ff9298aae5e4a92798efbf8c780a11bcf5b

SHA256
997ba86695869242fa54846384c6a110e04055dd08e380933c7ab64be983725a

SHA512
668256d9702c42064e4975ffdb74e6f539aae5f87290d472b2dd4711fc834fb56df8b496ebea2124e3398e85db2e212f1ea7a2dc0210bdc9f3c20c693053e1b8

Download Submit
C:\Windows\System\fXhEBrJ.exe

Filesize
2.1MB

MD5
350b4ecf608f477dea1e0eec31a47e81

SHA1
5b50aa0e1da72336c6eafc0bacee12baa6e6200a

SHA256
b32460880ecc9e2fd68412147a2b2eabd37a98ace5dc81312c9c2a5610678a43

SHA512
4928f804c6381461d174c57a531daef4bc8da715fff46dc3c942b600cf8d736a77060ab738681e10bf1788d54bd6586b4bdf3e58b1d91c97fe77801379681c52

Download Submit
C:\Windows\System\iTAhXLZ.exe

Filesize
2.1MB

MD5
2e97e42fa3ace3c4c786a1e073deb6d2

SHA1
af0781671ab02af3d54bd47b62cf1f179eded346

SHA256
5d46249a8186598458c994d21864c07f487190b5bfcfcbf8c5b7e894cbcffbbd

SHA512
b605ed00c4e893e722076c73c5f89acf6971bb408d4dad85cdcf62ee5c038ac04fc5b08ce1fe5bb6fd930599164bb6c2789582939b6a5f26c5addf146248859d

Download Submit
C:\Windows\System\iTAhXLZ.exe

Filesize
2.1MB

MD5
2e97e42fa3ace3c4c786a1e073deb6d2

SHA1
af0781671ab02af3d54bd47b62cf1f179eded346

SHA256
5d46249a8186598458c994d21864c07f487190b5bfcfcbf8c5b7e894cbcffbbd

SHA512
b605ed00c4e893e722076c73c5f89acf6971bb408d4dad85cdcf62ee5c038ac04fc5b08ce1fe5bb6fd930599164bb6c2789582939b6a5f26c5addf146248859d

Download Submit
C:\Windows\System\kSNXWrm.exe

Filesize
2.1MB

MD5
d113276f31c9ddc8e932fb36fb6e2c06

SHA1
161509ba53f7ab4abada4be2ea2f1dca2e117c1d

SHA256
525220fef4ba5898b1d4bc2012a278a5a314d49199e711a72f64f62d64ada1f5

SHA512
11c1d9502b59d3306899b9ecfc3c95bff6aa8cc285eb596e65efc7ea3e6036152a7a3e4322c093106d6624bb2cc936a27f91cea62209e3866b74c0d4c36387ed

Download Submit
C:\Windows\System\kSNXWrm.exe

Filesize
2.1MB

MD5
d113276f31c9ddc8e932fb36fb6e2c06

SHA1
161509ba53f7ab4abada4be2ea2f1dca2e117c1d

SHA256
525220fef4ba5898b1d4bc2012a278a5a314d49199e711a72f64f62d64ada1f5

SHA512
11c1d9502b59d3306899b9ecfc3c95bff6aa8cc285eb596e65efc7ea3e6036152a7a3e4322c093106d6624bb2cc936a27f91cea62209e3866b74c0d4c36387ed

Download Submit
C:\Windows\System\kwrUNEU.exe

Filesize
2.1MB

MD5
ff314f055f63aa812cb4c441a38a5b00

SHA1
f923df9ea6257270aa8e8a3f0b856b7191a7ffc3

SHA256
f35338b729e29ffc4ecedd4d5410746532619c9cd58aed69c4b8d971fe4eb495

SHA512
6a04668ac0d1fb8b86592bff963a95595a6caa0f8cdc8b9804cb92f6838161f1a1f56dd67a2cca1e93be18873ce5aa75c09796c01dc5fc9b5acdc9f797e77c47

Download Submit
C:\Windows\System\kwrUNEU.exe

Filesize
2.1MB

MD5
ff314f055f63aa812cb4c441a38a5b00

SHA1
f923df9ea6257270aa8e8a3f0b856b7191a7ffc3

SHA256
f35338b729e29ffc4ecedd4d5410746532619c9cd58aed69c4b8d971fe4eb495

SHA512
6a04668ac0d1fb8b86592bff963a95595a6caa0f8cdc8b9804cb92f6838161f1a1f56dd67a2cca1e93be18873ce5aa75c09796c01dc5fc9b5acdc9f797e77c47

Download Submit
C:\Windows\System\mnJryxn.exe

Filesize
2.1MB

MD5
bc46fcf57d62c96b1ee16ad7f0862d58

SHA1
225c9d060a5849dc6a0efef4834ad376c12aeff7

SHA256
057cd590d3591d7f8904051e263e1c6ec0b65a4d0ed1bca78578abbfe39638f9

SHA512
f89457f8f31e9b4198056a5826a8c7df1279b8c885d7760acda4229b9ef0744812fe1efb97f4aaff75f4c55d016be58e0fd89eec99bcb267190c195fa8133d5d

Download Submit
C:\Windows\System\mnJryxn.exe

Filesize
2.1MB

MD5
bc46fcf57d62c96b1ee16ad7f0862d58

SHA1
225c9d060a5849dc6a0efef4834ad376c12aeff7

SHA256
057cd590d3591d7f8904051e263e1c6ec0b65a4d0ed1bca78578abbfe39638f9

SHA512
f89457f8f31e9b4198056a5826a8c7df1279b8c885d7760acda4229b9ef0744812fe1efb97f4aaff75f4c55d016be58e0fd89eec99bcb267190c195fa8133d5d

Download Submit
C:\Windows\System\oEocMCy.exe

Filesize
2.1MB

MD5
4b3372cb6aad033760e6e1d883f2cccb

SHA1
b2c651f2dabed6b907b3bf470b79ba62afff624b

SHA256
966aa46824d4ed93deaaa36c486ff6b3341813cf19a50e38825fb4433d8804c2

SHA512
0169cff943ba4f480048e03f3eebf814f79f428b83aaf79637367bad544ddd053779669b15039c30293ace92f152d518320d0da753c242f6e31ae248ff78eb1c

Download Submit
C:\Windows\System\oEocMCy.exe

Filesize
2.1MB

MD5
4b3372cb6aad033760e6e1d883f2cccb

SHA1
b2c651f2dabed6b907b3bf470b79ba62afff624b

SHA256
966aa46824d4ed93deaaa36c486ff6b3341813cf19a50e38825fb4433d8804c2

SHA512
0169cff943ba4f480048e03f3eebf814f79f428b83aaf79637367bad544ddd053779669b15039c30293ace92f152d518320d0da753c242f6e31ae248ff78eb1c

Download Submit
C:\Windows\System\qWgrwSo.exe

Filesize
2.1MB

MD5
4ccfdb9770563eae2013dc80198a9c1c

SHA1
5525a83cefe9e90870dd57f8271418de36e965fd

SHA256
b07a3c2d8f291f2dcde713dca2c27cb707cf02998e801d153ff0bf8737f1dcac

SHA512
48b6f4bcc479ab66498b6d3aef2defea5153a73f270d8447b73a960a349a3a94661adb6dc9b1f4f807b3ca3a763cb8787c3b687ddbee49ab453542a8642060e6

Download Submit
C:\Windows\System\qWgrwSo.exe

Filesize
2.1MB

MD5
4ccfdb9770563eae2013dc80198a9c1c

SHA1
5525a83cefe9e90870dd57f8271418de36e965fd

SHA256
b07a3c2d8f291f2dcde713dca2c27cb707cf02998e801d153ff0bf8737f1dcac

SHA512
48b6f4bcc479ab66498b6d3aef2defea5153a73f270d8447b73a960a349a3a94661adb6dc9b1f4f807b3ca3a763cb8787c3b687ddbee49ab453542a8642060e6

Download Submit
C:\Windows\System\sGuvQOE.exe

Filesize
2.1MB

MD5
9f42f7abe5a0c19d90fc38ad87999bf5

SHA1
3f52e8318e66baf94ec4b22a77837a8565ae6997

SHA256
2cd0d54f3a0712a3786ba38590eeca0cf8ad7ebc9de281fac2da792bdf210472

SHA512
70c0736436e0beb9318a77199026fb751b5848f9ae6e036fd6ac6187677228367d68b608dc87617b960a579b53268cf3ccb12cb12874f40f8984f2bf600db9b7

Download Submit
C:\Windows\System\sGuvQOE.exe

Filesize
2.1MB

MD5
9f42f7abe5a0c19d90fc38ad87999bf5

SHA1
3f52e8318e66baf94ec4b22a77837a8565ae6997

SHA256
2cd0d54f3a0712a3786ba38590eeca0cf8ad7ebc9de281fac2da792bdf210472

SHA512
70c0736436e0beb9318a77199026fb751b5848f9ae6e036fd6ac6187677228367d68b608dc87617b960a579b53268cf3ccb12cb12874f40f8984f2bf600db9b7

Download Submit
C:\Windows\System\tAXusWf.exe

Filesize
2.1MB

MD5
08a823aa059a01ce58c82288096750cb

SHA1
0742bbbc1ca98b4cb8a35653eb88850b4aa8b95a

SHA256
83eb16754bd9539612e6485e6f53cac34d67fdca0c53f6121eec260f5f6ef984

SHA512
431aa66ef48aa8ee2ab97021b747b653ac2ef5ee07915525aae1c99fb0a99a64408f4e46c38eb01575e49e2c4cc5e62184ed05194fb2aa3eb582673392c97b49

Download Submit
C:\Windows\System\tAXusWf.exe

Filesize
2.1MB

MD5
08a823aa059a01ce58c82288096750cb

SHA1
0742bbbc1ca98b4cb8a35653eb88850b4aa8b95a

SHA256
83eb16754bd9539612e6485e6f53cac34d67fdca0c53f6121eec260f5f6ef984

SHA512
431aa66ef48aa8ee2ab97021b747b653ac2ef5ee07915525aae1c99fb0a99a64408f4e46c38eb01575e49e2c4cc5e62184ed05194fb2aa3eb582673392c97b49

Download Submit
C:\Windows\System\vEfiild.exe

Filesize
2.1MB

MD5
cc0126fbf3c80bb2eb15056cf26bfa92

SHA1
4e44cec991e32ce6ce44a289975b500a1682f5dd

SHA256
9a388952bfe720004d05deb137e4a777fd89c7860517d31f63e9c681a71ed174

SHA512
5f71bbefb1dbc6717cf64576010112c0d1e75789790b1e4a636467446cfb89ccecb185df3d1dc2b3cd560d25b7324e40649624121fc4bf17a1bea8f3f56ee8d6

Download Submit
C:\Windows\System\yLhdNCv.exe

Filesize
2.1MB

MD5
b3bf76ac54ed5d99fea86ef069ff9ac9

SHA1
e428f4674c6f0de8f5f42ba29efb497d4026411a

SHA256
ac2c5d66107de2a563d6cb975d4a2e9e39b68a3dfeaf1571acc859a87a7a1759

SHA512
93eb9695da593c4078a38593115af8e714c1df59d4d12e8f4ccf6bf9e5711164c1d8e6711054c8943eb2a69cb4ae998808f05f41e9bc028d70c33bbc706c7cfd

Download Submit
C:\Windows\System\yLhdNCv.exe

Filesize
2.1MB

MD5
b3bf76ac54ed5d99fea86ef069ff9ac9

SHA1
e428f4674c6f0de8f5f42ba29efb497d4026411a

SHA256
ac2c5d66107de2a563d6cb975d4a2e9e39b68a3dfeaf1571acc859a87a7a1759

SHA512
93eb9695da593c4078a38593115af8e714c1df59d4d12e8f4ccf6bf9e5711164c1d8e6711054c8943eb2a69cb4ae998808f05f41e9bc028d70c33bbc706c7cfd

Download Submit
C:\Windows\System\zJZAWtj.exe

Filesize
2.1MB

MD5
2de15ea075e75899ed2cb5c00601733f

SHA1
c2ef7570206618023e0d5f6b63664f4075741f90

SHA256
4cef8eed3d4971f8e06403fbdb8049c7317b848f9be9539db5f5cb85922c810e

SHA512
53675ad6172b5b1f97127af58277b0084a5d2f9e2e7d2de3f326ec4a4972a63558dbe63ce932940e79601e6b3f59a4f012cd56fc75f8f3d108798ac1152421e9

Download Submit
C:\Windows\System\zJZAWtj.exe

Filesize
2.1MB

MD5
2de15ea075e75899ed2cb5c00601733f

SHA1
c2ef7570206618023e0d5f6b63664f4075741f90

SHA256
4cef8eed3d4971f8e06403fbdb8049c7317b848f9be9539db5f5cb85922c810e

SHA512
53675ad6172b5b1f97127af58277b0084a5d2f9e2e7d2de3f326ec4a4972a63558dbe63ce932940e79601e6b3f59a4f012cd56fc75f8f3d108798ac1152421e9

Download Submit
C:\Windows\System\zPlIpgR.exe

Filesize
2.1MB

MD5
2327abf4102e27b0e9d50f541f5fb6ec

SHA1
1891dc1eccf35983f6776f7d5030f5c1e5697698

SHA256
5155b66ac2db235f6c9ca8c88644716b01cffd397a0d25d964ef1a625a4a9194

SHA512
8e543e6e50b8abd371570b797878eb509d3c6011bea2746a673beef524b6e1cc1e034823e5056ac189edb5f9b474203b6542152fb6ef111b8d214bf22e313e71

Download Submit
C:\Windows\System\zPlIpgR.exe

Filesize
2.1MB

MD5
2327abf4102e27b0e9d50f541f5fb6ec

SHA1
1891dc1eccf35983f6776f7d5030f5c1e5697698

SHA256
5155b66ac2db235f6c9ca8c88644716b01cffd397a0d25d964ef1a625a4a9194

SHA512
8e543e6e50b8abd371570b797878eb509d3c6011bea2746a673beef524b6e1cc1e034823e5056ac189edb5f9b474203b6542152fb6ef111b8d214bf22e313e71

Download Submit
C:\Windows\System\zPlIpgR.exe

Filesize
2.1MB

MD5
2327abf4102e27b0e9d50f541f5fb6ec

SHA1
1891dc1eccf35983f6776f7d5030f5c1e5697698

SHA256
5155b66ac2db235f6c9ca8c88644716b01cffd397a0d25d964ef1a625a4a9194

SHA512
8e543e6e50b8abd371570b797878eb509d3c6011bea2746a673beef524b6e1cc1e034823e5056ac189edb5f9b474203b6542152fb6ef111b8d214bf22e313e71

Download Submit
memory/372-297-0x00007FF6C6370000-0x00007FF6C66C4000-memory.dmp

Filesize
3.3MB

Download
memory/384-358-0x00007FF6A3410000-0x00007FF6A3764000-memory.dmp

Filesize
3.3MB

Download
memory/560-217-0x00007FF7E57F0000-0x00007FF7E5B44000-memory.dmp

Filesize
3.3MB

Download
memory/764-134-0x00007FF775EA0000-0x00007FF7761F4000-memory.dmp

Filesize
3.3MB

Download
memory/892-353-0x00007FF68BC80000-0x00007FF68BFD4000-memory.dmp

Filesize
3.3MB

Download
memory/960-145-0x00007FF663F90000-0x00007FF6642E4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-342-0x00007FF654180000-0x00007FF6544D4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-233-0x00007FF7B32E0000-0x00007FF7B3634000-memory.dmp

Filesize
3.3MB

Download
memory/1268-165-0x00007FF66A3F0000-0x00007FF66A744000-memory.dmp

Filesize
3.3MB

Download
memory/1300-270-0x00007FF762900000-0x00007FF762C54000-memory.dmp

Filesize
3.3MB

Download
memory/1364-236-0x00007FF6C7460000-0x00007FF6C77B4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-194-0x00007FF6A2630000-0x00007FF6A2984000-memory.dmp

Filesize
3.3MB

Download
memory/1576-304-0x00007FF66A510000-0x00007FF66A864000-memory.dmp

Filesize
3.3MB

Download
memory/1584-212-0x00007FF7666B0000-0x00007FF766A04000-memory.dmp

Filesize
3.3MB

Download
memory/1672-68-0x00007FF72C790000-0x00007FF72CAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1752-200-0x00007FF65C1E0000-0x00007FF65C534000-memory.dmp

Filesize
3.3MB

Download
memory/1756-382-0x00007FF715D30000-0x00007FF716084000-memory.dmp

Filesize
3.3MB

Download
memory/1888-230-0x00007FF633810000-0x00007FF633B64000-memory.dmp

Filesize
3.3MB

Download
memory/1896-177-0x00007FF6B1C90000-0x00007FF6B1FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-376-0x00007FF7549D0000-0x00007FF754D24000-memory.dmp

Filesize
3.3MB

Download
memory/1952-119-0x00007FF6C6770000-0x00007FF6C6AC4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-396-0x00007FF6727A0000-0x00007FF672AF4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-307-0x00007FF6C5A80000-0x00007FF6C5DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-265-0x00007FF6A5D90000-0x00007FF6A60E4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-247-0x00007FF6F0D70000-0x00007FF6F10C4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-338-0x00007FF743A40000-0x00007FF743D94000-memory.dmp

Filesize
3.3MB

Download
memory/2420-129-0x00007FF6006F0000-0x00007FF600A44000-memory.dmp

Filesize
3.3MB

Download
memory/2480-156-0x00007FF6EF410000-0x00007FF6EF764000-memory.dmp

Filesize
3.3MB

Download
memory/2580-395-0x00007FF713540000-0x00007FF713894000-memory.dmp

Filesize
3.3MB

Download
memory/2744-41-0x00007FF664810000-0x00007FF664B64000-memory.dmp

Filesize
3.3MB

Download
memory/2920-32-0x00007FF6887A0000-0x00007FF688AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-83-0x00007FF6D23E0000-0x00007FF6D2734000-memory.dmp

Filesize
3.3MB

Download
memory/3076-128-0x00007FF7F2060000-0x00007FF7F23B4000-memory.dmp

Filesize
3.3MB

Download
memory/3088-318-0x00007FF75B0F0000-0x00007FF75B444000-memory.dmp

Filesize
3.3MB

Download
memory/3236-222-0x00007FF6BFFC0000-0x00007FF6C0314000-memory.dmp

Filesize
3.3MB

Download
memory/3284-130-0x00007FF648550000-0x00007FF6488A4000-memory.dmp

Filesize
3.3MB

Download
memory/3484-325-0x00007FF68BA50000-0x00007FF68BDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3548-292-0x00007FF660370000-0x00007FF6606C4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-224-0x00007FF726BD0000-0x00007FF726F24000-memory.dmp

Filesize
3.3MB

Download
memory/3664-287-0x00007FF75A510000-0x00007FF75A864000-memory.dmp

Filesize
3.3MB

Download
memory/3776-8-0x00007FF731870000-0x00007FF731BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-225-0x00007FF6354B0000-0x00007FF635804000-memory.dmp

Filesize
3.3MB

Download
memory/4088-281-0x00007FF6E1B70000-0x00007FF6E1EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4104-113-0x00007FF7680C0000-0x00007FF768414000-memory.dmp

Filesize
3.3MB

Download
memory/4124-218-0x00007FF605BE0000-0x00007FF605F34000-memory.dmp

Filesize
3.3MB

Download
memory/4132-335-0x00007FF795490000-0x00007FF7957E4000-memory.dmp

Filesize
3.3MB

Download
memory/4140-239-0x00007FF7CA4A0000-0x00007FF7CA7F4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-132-0x00007FF68DDB0000-0x00007FF68E104000-memory.dmp

Filesize
3.3MB

Download
memory/4224-207-0x00007FF6D68A0000-0x00007FF6D6BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-67-0x00007FF7CD340000-0x00007FF7CD694000-memory.dmp

Filesize
3.3MB

Download
memory/4400-65-0x00007FF69C8F0000-0x00007FF69CC44000-memory.dmp

Filesize
3.3MB

Download
memory/4424-362-0x00007FF65CA50000-0x00007FF65CDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4604-104-0x00007FF744870000-0x00007FF744BC4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-211-0x00007FF63A3F0000-0x00007FF63A744000-memory.dmp

Filesize
3.3MB

Download
memory/4652-90-0x00007FF75B4A0000-0x00007FF75B7F4000-memory.dmp

Filesize
3.3MB

Download
memory/4704-125-0x00007FF6228A0000-0x00007FF622BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-131-0x00007FF65E820000-0x00007FF65EB74000-memory.dmp

Filesize
3.3MB

Download
memory/4800-400-0x00007FF7AB310000-0x00007FF7AB664000-memory.dmp

Filesize
3.3MB

Download
memory/4912-0-0x00007FF703280000-0x00007FF7035D4000-memory.dmp

Filesize
3.3MB

Download
memory/4912-1-0x0000025E1D4D0000-0x0000025E1D4E0000-memory.dmp

Filesize
64KB

Download
memory/4968-385-0x00007FF7C64A0000-0x00007FF7C67F4000-memory.dmp

Filesize
3.3MB

Download
memory/4972-40-0x00007FF7C46A0000-0x00007FF7C49F4000-memory.dmp

Filesize
3.3MB

Download
memory/4988-73-0x00007FF78D610000-0x00007FF78D964000-memory.dmp

Filesize
3.3MB

Download
memory/5028-98-0x00007FF613B30000-0x00007FF613E84000-memory.dmp

Filesize
3.3MB

Download
memory/5100-133-0x00007FF65AAA0000-0x00007FF65ADF4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads