xmrig | 6a1dd69d505496129ab3c64fcc388f49cd75257b8b32e1b47241b7d472f702e3

Analysis

max time kernel
147s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

302695dbdaf33bfaaaaf124960a30b49.exe
Size

1.3MB
MD5

302695dbdaf33bfaaaaf124960a30b49
SHA1

b3fe82d68505eddcd6e1b45507a5aef9da8597ea
SHA256

6a1dd69d505496129ab3c64fcc388f49cd75257b8b32e1b47241b7d472f702e3
SHA512

718b7145b87ace81ddfa133824d65ffd43ca46b90613a35404247627d405226bd247ce33ec03d22af200dc486c426f34c62f0d85e3f8afe301e5c34809f01f2d
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoCSxnhvwFrqHyyZd:Lz071uv4BPMkHC0I6GCInhGOZd

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 15 IoCs

miner

resource	yara_rule
behavioral1/memory/2136-23-0x000000013F860000-0x000000013FC52000-memory.dmp	xmrig
behavioral1/memory/2648-166-0x000000013F530000-0x000000013F922000-memory.dmp	xmrig
behavioral1/memory/2652-196-0x000000013F540000-0x000000013F932000-memory.dmp	xmrig
behavioral1/memory/2416-198-0x000000013F8D0000-0x000000013FCC2000-memory.dmp	xmrig
behavioral1/memory/2504-200-0x000000013F170000-0x000000013F562000-memory.dmp	xmrig
behavioral1/memory/1888-263-0x000000013FE00000-0x00000001401F2000-memory.dmp	xmrig
behavioral1/memory/268-266-0x000000013FB70000-0x000000013FF62000-memory.dmp	xmrig
behavioral1/memory/2464-204-0x000000013FBF0000-0x000000013FFE2000-memory.dmp	xmrig
behavioral1/memory/2056-283-0x000000013FE20000-0x0000000140212000-memory.dmp	xmrig
behavioral1/memory/2540-315-0x000000013FE00000-0x00000001401F2000-memory.dmp	xmrig
behavioral1/memory/2952-335-0x000000013FF70000-0x0000000140362000-memory.dmp	xmrig
behavioral1/memory/2056-420-0x0000000003180000-0x0000000003572000-memory.dmp	xmrig
behavioral1/memory/1356-430-0x000000013F2F0000-0x000000013F6E2000-memory.dmp	xmrig
behavioral1/memory/2724-435-0x000000013FD70000-0x0000000140162000-memory.dmp	xmrig
behavioral1/memory/2828-444-0x000000013F100000-0x000000013F4F2000-memory.dmp	xmrig

UPX packed file 48 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2056-2-0x000000013FE20000-0x0000000140212000-memory.dmp	upx
behavioral1/files/0x000a000000012254-3.dat	upx
behavioral1/files/0x0009000000008527-19.dat	upx
behavioral1/memory/2136-23-0x000000013F860000-0x000000013FC52000-memory.dmp	upx
behavioral1/files/0x00040000000130fc-20.dat	upx
behavioral1/files/0x0007000000016bee-31.dat	upx
behavioral1/files/0x0009000000016ad6-27.dat	upx
behavioral1/files/0x0007000000016c5c-40.dat	upx
behavioral1/files/0x0006000000016d6a-45.dat	upx
behavioral1/files/0x0007000000016c07-35.dat	upx
behavioral1/files/0x0006000000016d6f-58.dat	upx
behavioral1/files/0x00050000000186ba-86.dat	upx
behavioral1/files/0x0006000000018b58-140.dat	upx
behavioral1/files/0x0006000000017554-146.dat	upx
behavioral1/files/0x00060000000171cb-145.dat	upx
behavioral1/files/0x0005000000019330-144.dat	upx
behavioral1/files/0x0005000000019151-143.dat	upx
behavioral1/files/0x0006000000018b95-142.dat	upx
behavioral1/files/0x0006000000018b74-141.dat	upx
behavioral1/files/0x0006000000017076-139.dat	upx
behavioral1/files/0x0006000000018b08-138.dat	upx
behavioral1/files/0x0006000000018aac-137.dat	upx
behavioral1/files/0x002f000000016576-134.dat	upx
behavioral1/files/0x0005000000018687-79.dat	upx
behavioral1/files/0x00060000000170b5-83.dat	upx
behavioral1/files/0x000600000001754f-84.dat	upx
behavioral1/files/0x0005000000018683-85.dat	upx
behavioral1/files/0x000500000001872a-89.dat	upx
behavioral1/files/0x0006000000018b02-95.dat	upx
behavioral1/files/0x0008000000016d62-78.dat	upx
behavioral1/files/0x0006000000018b44-102.dat	upx
behavioral1/files/0x0006000000018b63-111.dat	upx
behavioral1/memory/2648-166-0x000000013F530000-0x000000013F922000-memory.dmp	upx
behavioral1/files/0x0006000000018b8b-117.dat	upx
behavioral1/files/0x000500000001932a-129.dat	upx
behavioral1/files/0x0006000000018bb2-123.dat	upx
behavioral1/memory/2652-196-0x000000013F540000-0x000000013F932000-memory.dmp	upx
behavioral1/memory/2416-198-0x000000013F8D0000-0x000000013FCC2000-memory.dmp	upx
behavioral1/memory/2504-200-0x000000013F170000-0x000000013F562000-memory.dmp	upx
behavioral1/memory/1888-263-0x000000013FE00000-0x00000001401F2000-memory.dmp	upx
behavioral1/memory/268-266-0x000000013FB70000-0x000000013FF62000-memory.dmp	upx
behavioral1/memory/2464-204-0x000000013FBF0000-0x000000013FFE2000-memory.dmp	upx
behavioral1/memory/2056-283-0x000000013FE20000-0x0000000140212000-memory.dmp	upx
behavioral1/memory/2540-315-0x000000013FE00000-0x00000001401F2000-memory.dmp	upx
behavioral1/memory/2952-335-0x000000013FF70000-0x0000000140362000-memory.dmp	upx
behavioral1/memory/1356-430-0x000000013F2F0000-0x000000013F6E2000-memory.dmp	upx
behavioral1/memory/2724-435-0x000000013FD70000-0x0000000140162000-memory.dmp	upx
behavioral1/memory/2828-444-0x000000013F100000-0x000000013F4F2000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System\wpvGEyZ.exe	302695dbdaf33bfaaaaf124960a30b49.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 3020	2056	302695dbdaf33bfaaaaf124960a30b49.exe	29
PID 2056 wrote to memory of 3020	2056	302695dbdaf33bfaaaaf124960a30b49.exe	29
PID 2056 wrote to memory of 3020	2056	302695dbdaf33bfaaaaf124960a30b49.exe	29

C:\Users\Admin\AppData\Local\Temp\302695dbdaf33bfaaaaf124960a30b49.exe
"C:\Users\Admin\AppData\Local\Temp\302695dbdaf33bfaaaaf124960a30b49.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  PID:3020
- C:\Windows\System\wpvGEyZ.exe
  C:\Windows\System\wpvGEyZ.exe
  2⤵
  PID:2136
- C:\Windows\System\HoXWaFq.exe
  C:\Windows\System\HoXWaFq.exe
  2⤵
  PID:2652
- C:\Windows\System\WEpkMET.exe
  C:\Windows\System\WEpkMET.exe
  2⤵
  PID:2648
- C:\Windows\System\EGMGHsf.exe
  C:\Windows\System\EGMGHsf.exe
  2⤵
  PID:2540
- C:\Windows\System\YvvUyZS.exe
  C:\Windows\System\YvvUyZS.exe
  2⤵
  PID:2416
- C:\Windows\System\WpTAfQe.exe
  C:\Windows\System\WpTAfQe.exe
  2⤵
  PID:2504
- C:\Windows\System\RycCsXD.exe
  C:\Windows\System\RycCsXD.exe
  2⤵
  PID:2464
- C:\Windows\System\PoWRFtH.exe
  C:\Windows\System\PoWRFtH.exe
  2⤵
  PID:2952
- C:\Windows\System\DTZAEnA.exe
  C:\Windows\System\DTZAEnA.exe
  2⤵
  PID:1888
- C:\Windows\System\OxCFyCL.exe
  C:\Windows\System\OxCFyCL.exe
  2⤵
  PID:1996
- C:\Windows\System\nhpfyAU.exe
  C:\Windows\System\nhpfyAU.exe
  2⤵
  PID:268
- C:\Windows\System\jZhQvnz.exe
  C:\Windows\System\jZhQvnz.exe
  2⤵
  PID:1176
- C:\Windows\System\WWchSQB.exe
  C:\Windows\System\WWchSQB.exe
  2⤵
  PID:1356
- C:\Windows\System\bRKDUEr.exe
  C:\Windows\System\bRKDUEr.exe
  2⤵
  PID:2736
- C:\Windows\System\saCpxdo.exe
  C:\Windows\System\saCpxdo.exe
  2⤵
  PID:2724
- C:\Windows\System\VXhuXbX.exe
  C:\Windows\System\VXhuXbX.exe
  2⤵
  PID:2800
- C:\Windows\System\tchCeLc.exe
  C:\Windows\System\tchCeLc.exe
  2⤵
  PID:2828
- C:\Windows\System\zWWpTBO.exe
  C:\Windows\System\zWWpTBO.exe
  2⤵
  PID:572
- C:\Windows\System\wmAUJax.exe
  C:\Windows\System\wmAUJax.exe
  2⤵
  PID:2696
- C:\Windows\System\NyvETPt.exe
  C:\Windows\System\NyvETPt.exe
  2⤵
  PID:2976
- C:\Windows\System\XFBlmOF.exe
  C:\Windows\System\XFBlmOF.exe
  2⤵
  PID:2300
- C:\Windows\System\QegDXoi.exe
  C:\Windows\System\QegDXoi.exe
  2⤵
  PID:1096
- C:\Windows\System\OQXYtve.exe
  C:\Windows\System\OQXYtve.exe
  2⤵
  PID:308
- C:\Windows\System\uLQhSps.exe
  C:\Windows\System\uLQhSps.exe
  2⤵
  PID:2008
- C:\Windows\System\BSMmlRs.exe
  C:\Windows\System\BSMmlRs.exe
  2⤵
  PID:1808
- C:\Windows\System\JTiwqwn.exe
  C:\Windows\System\JTiwqwn.exe
  2⤵
  PID:2712
- C:\Windows\System\OfojaZu.exe
  C:\Windows\System\OfojaZu.exe
  2⤵
  PID:2580
- C:\Windows\System\lmCrIyR.exe
  C:\Windows\System\lmCrIyR.exe
  2⤵
  PID:1516
- C:\Windows\System\LDWslxs.exe
  C:\Windows\System\LDWslxs.exe
  2⤵
  PID:1660
- C:\Windows\System\BVwZHrB.exe
  C:\Windows\System\BVwZHrB.exe
  2⤵
  PID:484
- C:\Windows\System\hYCsBFt.exe
  C:\Windows\System\hYCsBFt.exe
  2⤵
  PID:292
- C:\Windows\System\BlTODbD.exe
  C:\Windows\System\BlTODbD.exe
  2⤵
  PID:1772
- C:\Windows\System\PlESLez.exe
  C:\Windows\System\PlESLez.exe
  2⤵
  PID:1632
- C:\Windows\System\eEQVUEw.exe
  C:\Windows\System\eEQVUEw.exe
  2⤵
  PID:900
- C:\Windows\System\EsxRSqw.exe
  C:\Windows\System\EsxRSqw.exe
  2⤵
  PID:1816
- C:\Windows\System\fXyWyKq.exe
  C:\Windows\System\fXyWyKq.exe
  2⤵
  PID:1028
- C:\Windows\System\MJrJtbJ.exe
  C:\Windows\System\MJrJtbJ.exe
  2⤵
  PID:2288
- C:\Windows\System\CYkxeUk.exe
  C:\Windows\System\CYkxeUk.exe
  2⤵
  PID:2244
- C:\Windows\System\ZPSHgCT.exe
  C:\Windows\System\ZPSHgCT.exe
  2⤵
  PID:1164
- C:\Windows\System\VanBOUL.exe
  C:\Windows\System\VanBOUL.exe
  2⤵
  PID:1100
- C:\Windows\System\CnevbdY.exe
  C:\Windows\System\CnevbdY.exe
  2⤵
  PID:1976
- C:\Windows\System\NHZHPPX.exe
  C:\Windows\System\NHZHPPX.exe
  2⤵
  PID:824
- C:\Windows\System\EkMoSXT.exe
  C:\Windows\System\EkMoSXT.exe
  2⤵
  PID:1560
- C:\Windows\System\Vhkhhvk.exe
  C:\Windows\System\Vhkhhvk.exe
  2⤵
  PID:276
- C:\Windows\System\pXsfGSx.exe
  C:\Windows\System\pXsfGSx.exe
  2⤵
  PID:1628
- C:\Windows\System\ZSOlzwa.exe
  C:\Windows\System\ZSOlzwa.exe
  2⤵
  PID:1904
- C:\Windows\System\empsMhc.exe
  C:\Windows\System\empsMhc.exe
  2⤵
  PID:800
- C:\Windows\System\EYOYzAW.exe
  C:\Windows\System\EYOYzAW.exe
  2⤵
  PID:2308
- C:\Windows\System\ShHgPgv.exe
  C:\Windows\System\ShHgPgv.exe
  2⤵
  PID:2236
- C:\Windows\System\tbTNaGs.exe
  C:\Windows\System\tbTNaGs.exe
  2⤵
  PID:2460
- C:\Windows\System\KJJfRGe.exe
  C:\Windows\System\KJJfRGe.exe
  2⤵
  PID:1960
- C:\Windows\System\YhmoWfJ.exe
  C:\Windows\System\YhmoWfJ.exe
  2⤵
  PID:2232
- C:\Windows\System\DvEQeAS.exe
  C:\Windows\System\DvEQeAS.exe
  2⤵
  PID:2208
- C:\Windows\System\pudSmxY.exe
  C:\Windows\System\pudSmxY.exe
  2⤵
  PID:2312
- C:\Windows\System\VqRbJGu.exe
  C:\Windows\System\VqRbJGu.exe
  2⤵
  PID:2172
- C:\Windows\System\wyduFlG.exe
  C:\Windows\System\wyduFlG.exe
  2⤵
  PID:1060
- C:\Windows\System\VQIOyMr.exe
  C:\Windows\System\VQIOyMr.exe
  2⤵
  PID:2256
- C:\Windows\System\fvPcatl.exe
  C:\Windows\System\fvPcatl.exe
  2⤵
  PID:804
- C:\Windows\System\yYtGRzG.exe
  C:\Windows\System\yYtGRzG.exe
  2⤵
  PID:540
- C:\Windows\System\oMLbcLs.exe
  C:\Windows\System\oMLbcLs.exe
  2⤵
  PID:2144
- C:\Windows\System\GeCMyIX.exe
  C:\Windows\System\GeCMyIX.exe
  2⤵
  PID:1696
- C:\Windows\System\bhakWyM.exe
  C:\Windows\System\bhakWyM.exe
  2⤵
  PID:1880
- C:\Windows\System\uheGHac.exe
  C:\Windows\System\uheGHac.exe
  2⤵
  PID:2104
- C:\Windows\System\DZbboYU.exe
  C:\Windows\System\DZbboYU.exe
  2⤵
  PID:2072
- C:\Windows\System\kMfQRFy.exe
  C:\Windows\System\kMfQRFy.exe
  2⤵
  PID:1580
- C:\Windows\System\xoesoIa.exe
  C:\Windows\System\xoesoIa.exe
  2⤵
  PID:1348
- C:\Windows\System\eBeVKkb.exe
  C:\Windows\System\eBeVKkb.exe
  2⤵
  PID:2728
- C:\Windows\System\APlsNQx.exe
  C:\Windows\System\APlsNQx.exe
  2⤵
  PID:2536
- C:\Windows\System\AvCAKev.exe
  C:\Windows\System\AvCAKev.exe
  2⤵
  PID:2876
- C:\Windows\System\WKWIdwL.exe
  C:\Windows\System\WKWIdwL.exe
  2⤵
  PID:2524
- C:\Windows\System\OTAqPdf.exe
  C:\Windows\System\OTAqPdf.exe
  2⤵
  PID:2840
- C:\Windows\System\iefnIdH.exe
  C:\Windows\System\iefnIdH.exe
  2⤵
  PID:1948
- C:\Windows\System\DzubePG.exe
  C:\Windows\System\DzubePG.exe
  2⤵
  PID:2424
- C:\Windows\System\auRdQfX.exe
  C:\Windows\System\auRdQfX.exe
  2⤵
  PID:2596
- C:\Windows\System\dRGUPfH.exe
  C:\Windows\System\dRGUPfH.exe
  2⤵
  PID:836
- C:\Windows\System\rEXYGZQ.exe
  C:\Windows\System\rEXYGZQ.exe
  2⤵
  PID:320
- C:\Windows\System\QgBgQAo.exe
  C:\Windows\System\QgBgQAo.exe
  2⤵
  PID:2752
- C:\Windows\System\DLhGXkm.exe
  C:\Windows\System\DLhGXkm.exe
  2⤵
  PID:2788
- C:\Windows\System\knFcFyy.exe
  C:\Windows\System\knFcFyy.exe
  2⤵
  PID:2636
- C:\Windows\System\ktwynck.exe
  C:\Windows\System\ktwynck.exe
  2⤵
  PID:2640
- C:\Windows\System\bzcQfir.exe
  C:\Windows\System\bzcQfir.exe
  2⤵
  PID:2748
- C:\Windows\System\BfKDtuD.exe
  C:\Windows\System\BfKDtuD.exe
  2⤵
  PID:2368
- C:\Windows\System\zyUjZZU.exe
  C:\Windows\System\zyUjZZU.exe
  2⤵
  PID:620
- C:\Windows\System\qBBEMFS.exe
  C:\Windows\System\qBBEMFS.exe
  2⤵
  PID:2584
- C:\Windows\System\TKHYNIc.exe
  C:\Windows\System\TKHYNIc.exe
  2⤵
  PID:2168
- C:\Windows\System\rMuyqUU.exe
  C:\Windows\System\rMuyqUU.exe
  2⤵
  PID:2068
- C:\Windows\System\DoKBqaA.exe
  C:\Windows\System\DoKBqaA.exe
  2⤵
  PID:2820
- C:\Windows\System\umHmxik.exe
  C:\Windows\System\umHmxik.exe
  2⤵
  PID:1352
- C:\Windows\System\JEtGpvt.exe
  C:\Windows\System\JEtGpvt.exe
  2⤵
  PID:2856
- C:\Windows\System\nKzekAw.exe
  C:\Windows\System\nKzekAw.exe
  2⤵
  PID:2664
- C:\Windows\System\WlPmgPi.exe
  C:\Windows\System\WlPmgPi.exe
  2⤵
  PID:2760
- C:\Windows\System\SCzfOak.exe
  C:\Windows\System\SCzfOak.exe
  2⤵
  PID:1332
- C:\Windows\System\qXoszCb.exe
  C:\Windows\System\qXoszCb.exe
  2⤵
  PID:1200
- C:\Windows\System\pEkMglX.exe
  C:\Windows\System\pEkMglX.exe
  2⤵
  PID:2884
- C:\Windows\System\kpPHhvk.exe
  C:\Windows\System\kpPHhvk.exe
  2⤵
  PID:948
- C:\Windows\System\FQGJqYP.exe
  C:\Windows\System\FQGJqYP.exe
  2⤵
  PID:2708
- C:\Windows\System\emPqPwS.exe
  C:\Windows\System\emPqPwS.exe
  2⤵
  PID:2924
- C:\Windows\System\AJoBHlv.exe
  C:\Windows\System\AJoBHlv.exe
  2⤵
  PID:2556
- C:\Windows\System\tdbctne.exe
  C:\Windows\System\tdbctne.exe
  2⤵
  PID:2348
- C:\Windows\System\qeqBExU.exe
  C:\Windows\System\qeqBExU.exe
  2⤵
  PID:2004
- C:\Windows\System\vAcRksp.exe
  C:\Windows\System\vAcRksp.exe
  2⤵
  PID:2944
- C:\Windows\System\dMvNAAB.exe
  C:\Windows\System\dMvNAAB.exe
  2⤵
  PID:2632
- C:\Windows\System\caLPNiy.exe
  C:\Windows\System\caLPNiy.exe
  2⤵
  PID:2688
- C:\Windows\System\lchdioB.exe
  C:\Windows\System\lchdioB.exe
  2⤵
  PID:1584
- C:\Windows\System\goRmbWh.exe
  C:\Windows\System\goRmbWh.exe
  2⤵
  PID:2488
- C:\Windows\System\HyCMQjz.exe
  C:\Windows\System\HyCMQjz.exe
  2⤵
  PID:1116
- C:\Windows\System\fYHrURg.exe
  C:\Windows\System\fYHrURg.exe
  2⤵
  PID:2756
- C:\Windows\System\khDSIsw.exe
  C:\Windows\System\khDSIsw.exe
  2⤵
  PID:1532
- C:\Windows\System\xaBqWLk.exe
  C:\Windows\System\xaBqWLk.exe
  2⤵
  PID:2780
- C:\Windows\System\HsqiMaq.exe
  C:\Windows\System\HsqiMaq.exe
  2⤵
  PID:2376
- C:\Windows\System\tqAnCYj.exe
  C:\Windows\System\tqAnCYj.exe
  2⤵
  PID:2060
- C:\Windows\System\TVeCgGW.exe
  C:\Windows\System\TVeCgGW.exe
  2⤵
  PID:2180
- C:\Windows\System\gMHqYwL.exe
  C:\Windows\System\gMHqYwL.exe
  2⤵
  PID:2608
- C:\Windows\System\fXTHhhW.exe
  C:\Windows\System\fXTHhhW.exe
  2⤵
  PID:1184
- C:\Windows\System\GIVJDhz.exe
  C:\Windows\System\GIVJDhz.exe
  2⤵
  PID:588
- C:\Windows\System\TEeNKtL.exe
  C:\Windows\System\TEeNKtL.exe
  2⤵
  PID:2280
- C:\Windows\System\QeBRyIO.exe
  C:\Windows\System\QeBRyIO.exe
  2⤵
  PID:2776
- C:\Windows\System\lKSAMto.exe
  C:\Windows\System\lKSAMto.exe
  2⤵
  PID:1336
- C:\Windows\System\jnTJTmW.exe
  C:\Windows\System\jnTJTmW.exe
  2⤵
  PID:1692
- C:\Windows\System\AZELIBx.exe
  C:\Windows\System\AZELIBx.exe
  2⤵
  PID:2836
- C:\Windows\System\syIwPIo.exe
  C:\Windows\System\syIwPIo.exe
  2⤵
  PID:3084
- C:\Windows\System\SIyOdyO.exe
  C:\Windows\System\SIyOdyO.exe
  2⤵
  PID:3100
- C:\Windows\System\JIoYiMx.exe
  C:\Windows\System\JIoYiMx.exe
  2⤵
  PID:3116
- C:\Windows\System\kWfZjXP.exe
  C:\Windows\System\kWfZjXP.exe
  2⤵
  PID:3132
- C:\Windows\System\nauczdN.exe
  C:\Windows\System\nauczdN.exe
  2⤵
  PID:3148
- C:\Windows\System\iQwOYrk.exe
  C:\Windows\System\iQwOYrk.exe
  2⤵
  PID:3164
- C:\Windows\System\lahQKJn.exe
  C:\Windows\System\lahQKJn.exe
  2⤵
  PID:3180
- C:\Windows\System\kXCXSkj.exe
  C:\Windows\System\kXCXSkj.exe
  2⤵
  PID:3196
- C:\Windows\System\GSxWWtF.exe
  C:\Windows\System\GSxWWtF.exe
  2⤵
  PID:3212
- C:\Windows\System\yydsqjj.exe
  C:\Windows\System\yydsqjj.exe
  2⤵
  PID:3228
- C:\Windows\System\JqjWitd.exe
  C:\Windows\System\JqjWitd.exe
  2⤵
  PID:3244
- C:\Windows\System\pigVFru.exe
  C:\Windows\System\pigVFru.exe
  2⤵
  PID:3260
- C:\Windows\System\ImzvXjC.exe
  C:\Windows\System\ImzvXjC.exe
  2⤵
  PID:3276
- C:\Windows\System\KRVVuxy.exe
  C:\Windows\System\KRVVuxy.exe
  2⤵
  PID:3292
- C:\Windows\System\FfjAAtw.exe
  C:\Windows\System\FfjAAtw.exe
  2⤵
  PID:3308
- C:\Windows\System\CXGeZCF.exe
  C:\Windows\System\CXGeZCF.exe
  2⤵
  PID:3324
- C:\Windows\System\sfFrvoB.exe
  C:\Windows\System\sfFrvoB.exe
  2⤵
  PID:3340
- C:\Windows\System\akUoFTf.exe
  C:\Windows\System\akUoFTf.exe
  2⤵
  PID:3356
- C:\Windows\System\MWBMLRn.exe
  C:\Windows\System\MWBMLRn.exe
  2⤵
  PID:3372
- C:\Windows\System\joaNApX.exe
  C:\Windows\System\joaNApX.exe
  2⤵
  PID:3388
- C:\Windows\System\rbafaFz.exe
  C:\Windows\System\rbafaFz.exe
  2⤵
  PID:3404
- C:\Windows\System\vRtjJDA.exe
  C:\Windows\System\vRtjJDA.exe
  2⤵
  PID:3420
- C:\Windows\System\GoLmYxZ.exe
  C:\Windows\System\GoLmYxZ.exe
  2⤵
  PID:3444
- C:\Windows\System\GfNEtnw.exe
  C:\Windows\System\GfNEtnw.exe
  2⤵
  PID:3588
- C:\Windows\System\MIjkArv.exe
  C:\Windows\System\MIjkArv.exe
  2⤵
  PID:3604
- C:\Windows\System\PxUNsyZ.exe
  C:\Windows\System\PxUNsyZ.exe
  2⤵
  PID:3640
- C:\Windows\System\TfazrcU.exe
  C:\Windows\System\TfazrcU.exe
  2⤵
  PID:3656
- C:\Windows\System\CIVWeXV.exe
  C:\Windows\System\CIVWeXV.exe
  2⤵
  PID:3672
- C:\Windows\System\yxAnvau.exe
  C:\Windows\System\yxAnvau.exe
  2⤵
  PID:3688
- C:\Windows\System\zBwVGjt.exe
  C:\Windows\System\zBwVGjt.exe
  2⤵
  PID:3704
- C:\Windows\System\erFEFxB.exe
  C:\Windows\System\erFEFxB.exe
  2⤵
  PID:3720
- C:\Windows\System\pgFSwmN.exe
  C:\Windows\System\pgFSwmN.exe
  2⤵
  PID:3736
- C:\Windows\System\vodYKtO.exe
  C:\Windows\System\vodYKtO.exe
  2⤵
  PID:3752
- C:\Windows\System\GajIUhC.exe
  C:\Windows\System\GajIUhC.exe
  2⤵
  PID:3772
- C:\Windows\System\gjrxIBd.exe
  C:\Windows\System\gjrxIBd.exe
  2⤵
  PID:3788
- C:\Windows\System\HWICSJD.exe
  C:\Windows\System\HWICSJD.exe
  2⤵
  PID:3804
- C:\Windows\System\KywOJcJ.exe
  C:\Windows\System\KywOJcJ.exe
  2⤵
  PID:3820
- C:\Windows\System\pUqdfRt.exe
  C:\Windows\System\pUqdfRt.exe
  2⤵
  PID:3836
- C:\Windows\System\XCqMdFK.exe
  C:\Windows\System\XCqMdFK.exe
  2⤵
  PID:3852
- C:\Windows\System\vtNUZNb.exe
  C:\Windows\System\vtNUZNb.exe
  2⤵
  PID:3872
- C:\Windows\System\GERSJVp.exe
  C:\Windows\System\GERSJVp.exe
  2⤵
  PID:3888
- C:\Windows\System\NCOihyG.exe
  C:\Windows\System\NCOihyG.exe
  2⤵
  PID:3952
- C:\Windows\System\ahxfxJt.exe
  C:\Windows\System\ahxfxJt.exe
  2⤵
  PID:3992
- C:\Windows\System\XPITaUK.exe
  C:\Windows\System\XPITaUK.exe
  2⤵
  PID:4068
- C:\Windows\System\MUFsDLB.exe
  C:\Windows\System\MUFsDLB.exe
  2⤵
  PID:2872
- C:\Windows\System\htsuXpx.exe
  C:\Windows\System\htsuXpx.exe
  2⤵
  PID:4304
- C:\Windows\System\DGmbyKD.exe
  C:\Windows\System\DGmbyKD.exe
  2⤵
  PID:4612
- C:\Windows\System\IxWopda.exe
  C:\Windows\System\IxWopda.exe
  2⤵
  PID:4924
- C:\Windows\System\AWBeAEH.exe
  C:\Windows\System\AWBeAEH.exe
  2⤵
  PID:4972
- C:\Windows\System\RZzKZLv.exe
  C:\Windows\System\RZzKZLv.exe
  2⤵
  PID:3680
- C:\Windows\System\VXNkUBE.exe
  C:\Windows\System\VXNkUBE.exe
  2⤵
  PID:3668
- C:\Windows\System\GHyAfnd.exe
  C:\Windows\System\GHyAfnd.exe
  2⤵
  PID:5184
- C:\Windows\System\QEmEvMb.exe
  C:\Windows\System\QEmEvMb.exe
  2⤵
  PID:5200
- C:\Windows\System\otvcIXP.exe
  C:\Windows\System\otvcIXP.exe
  2⤵
  PID:5380
- C:\Windows\System\eAIGxHH.exe
  C:\Windows\System\eAIGxHH.exe
  2⤵
  PID:5476
- C:\Windows\System\FqKLyvS.exe
  C:\Windows\System\FqKLyvS.exe
  2⤵
  PID:5492
- C:\Windows\System\QDryEtk.exe
  C:\Windows\System\QDryEtk.exe
  2⤵
  PID:6068
- C:\Windows\System\LOKdVoP.exe
  C:\Windows\System\LOKdVoP.exe
  2⤵
  PID:3272
- C:\Windows\System\TudnxRW.exe
  C:\Windows\System\TudnxRW.exe
  2⤵
  PID:4344
- C:\Windows\System\ABVOrSm.exe
  C:\Windows\System\ABVOrSm.exe
  2⤵
  PID:4332
- C:\Windows\System\cdRWWAy.exe
  C:\Windows\System\cdRWWAy.exe
  2⤵
  PID:5192
- C:\Windows\System\ODAYAdO.exe
  C:\Windows\System\ODAYAdO.exe
  2⤵
  PID:5888
- C:\Windows\System\qLXdXmC.exe
  C:\Windows\System\qLXdXmC.exe
  2⤵
  PID:3464
- C:\Windows\System\QtMuAMY.exe
  C:\Windows\System\QtMuAMY.exe
  2⤵
  PID:3428
- C:\Windows\System\pFxmjjT.exe
  C:\Windows\System\pFxmjjT.exe
  2⤵
  PID:4884
- C:\Windows\System\MYbiYFu.exe
  C:\Windows\System\MYbiYFu.exe
  2⤵
  PID:4840
- C:\Windows\System\VcgoyTU.exe
  C:\Windows\System\VcgoyTU.exe
  2⤵
  PID:5328
- C:\Windows\System\wHSzTVy.exe
  C:\Windows\System\wHSzTVy.exe
  2⤵
  PID:4852
- C:\Windows\System\oDKReGr.exe
  C:\Windows\System\oDKReGr.exe
  2⤵
  PID:1768
- C:\Windows\System\zkQtRGN.exe
  C:\Windows\System\zkQtRGN.exe
  2⤵
  PID:5660
- C:\Windows\System\IAyQBHr.exe
  C:\Windows\System\IAyQBHr.exe
  2⤵
  PID:6172
- C:\Windows\System\gEbWOTH.exe
  C:\Windows\System\gEbWOTH.exe
  2⤵
  PID:6316
- C:\Windows\System\NHtUtya.exe
  C:\Windows\System\NHtUtya.exe
  2⤵
  PID:6332
- C:\Windows\System\dtZyWIH.exe
  C:\Windows\System\dtZyWIH.exe
  2⤵
  PID:6348
- C:\Windows\System\MakxYdi.exe
  C:\Windows\System\MakxYdi.exe
  2⤵
  PID:6368
- C:\Windows\System\fdjqvyD.exe
  C:\Windows\System\fdjqvyD.exe
  2⤵
  PID:6612
- C:\Windows\System\rooUFGv.exe
  C:\Windows\System\rooUFGv.exe
  2⤵
  PID:6628
- C:\Windows\System\MChXKfm.exe
  C:\Windows\System\MChXKfm.exe
  2⤵
  PID:6644
- C:\Windows\System\GjQHlMW.exe
  C:\Windows\System\GjQHlMW.exe
  2⤵
  PID:6664
- C:\Windows\System\gMlnQUH.exe
  C:\Windows\System\gMlnQUH.exe
  2⤵
  PID:6692
- C:\Windows\System\ZIrjVBE.exe
  C:\Windows\System\ZIrjVBE.exe
  2⤵
  PID:6820
- C:\Windows\System\WsDkncF.exe
  C:\Windows\System\WsDkncF.exe
  2⤵
  PID:6836
- C:\Windows\System\IbBkAdu.exe
  C:\Windows\System\IbBkAdu.exe
  2⤵
  PID:6852
- C:\Windows\System\zbmLTWn.exe
  C:\Windows\System\zbmLTWn.exe
  2⤵
  PID:6868
- C:\Windows\System\JEApYSu.exe
  C:\Windows\System\JEApYSu.exe
  2⤵
  PID:6900
- C:\Windows\System\RpEglVz.exe
  C:\Windows\System\RpEglVz.exe
  2⤵
  PID:1988
- C:\Windows\System\EevKSEC.exe
  C:\Windows\System\EevKSEC.exe
  2⤵
  PID:6212
- C:\Windows\System\gTUNXUp.exe
  C:\Windows\System\gTUNXUp.exe
  2⤵
  PID:4168
- C:\Windows\System\FPaeJXT.exe
  C:\Windows\System\FPaeJXT.exe
  2⤵
  PID:6992
- C:\Windows\System\IyolKZT.exe
  C:\Windows\System\IyolKZT.exe
  2⤵
  PID:7180
- C:\Windows\System\XDTPldP.exe
  C:\Windows\System\XDTPldP.exe
  2⤵
  PID:7196
- C:\Windows\System\moRZIbc.exe
  C:\Windows\System\moRZIbc.exe
  2⤵
  PID:7212
- C:\Windows\System\XZVlxoV.exe
  C:\Windows\System\XZVlxoV.exe
  2⤵
  PID:7232
- C:\Windows\System\SUdMsIy.exe
  C:\Windows\System\SUdMsIy.exe
  2⤵
  PID:7344
- C:\Windows\System\ljYNoSw.exe
  C:\Windows\System\ljYNoSw.exe
  2⤵
  PID:7360
- C:\Windows\System\cdYDtEM.exe
  C:\Windows\System\cdYDtEM.exe
  2⤵
  PID:7376
- C:\Windows\System\tTKjkuB.exe
  C:\Windows\System\tTKjkuB.exe
  2⤵
  PID:7392
- C:\Windows\System\aVMYdDp.exe
  C:\Windows\System\aVMYdDp.exe
  2⤵
  PID:7680
- C:\Windows\System\bAdKicP.exe
  C:\Windows\System\bAdKicP.exe
  2⤵
  PID:7840
- C:\Windows\System\UHJELun.exe
  C:\Windows\System\UHJELun.exe
  2⤵
  PID:8016
- C:\Windows\System\kCiUILD.exe
  C:\Windows\System\kCiUILD.exe
  2⤵
  PID:8032
- C:\Windows\System\LotbAEZ.exe
  C:\Windows\System\LotbAEZ.exe
  2⤵
  PID:7036
- C:\Windows\System\cJkAztP.exe
  C:\Windows\System\cJkAztP.exe
  2⤵
  PID:6152
- C:\Windows\System\TqREXMf.exe
  C:\Windows\System\TqREXMf.exe
  2⤵
  PID:7432
- C:\Windows\System\fmHvVIa.exe
  C:\Windows\System\fmHvVIa.exe
  2⤵
  PID:4140
- C:\Windows\System\reBraPn.exe
  C:\Windows\System\reBraPn.exe
  2⤵
  PID:6656
- C:\Windows\System\GYROhIs.exe
  C:\Windows\System\GYROhIs.exe
  2⤵
  PID:8076
- C:\Windows\System\wVSHnMS.exe
  C:\Windows\System\wVSHnMS.exe
  2⤵
  PID:7404
- C:\Windows\System\lVMjcxg.exe
  C:\Windows\System\lVMjcxg.exe
  2⤵
  PID:7068
- C:\Windows\System\lYBZSHN.exe
  C:\Windows\System\lYBZSHN.exe
  2⤵
  PID:8324
- C:\Windows\System\klCyaSW.exe
  C:\Windows\System\klCyaSW.exe
  2⤵
  PID:8340
- C:\Windows\System\LvAhHYL.exe
  C:\Windows\System\LvAhHYL.exe
  2⤵
  PID:8484
- C:\Windows\System\rAKYOIQ.exe
  C:\Windows\System\rAKYOIQ.exe
  2⤵
  PID:8500
- C:\Windows\System\omvpcZv.exe
  C:\Windows\System\omvpcZv.exe
  2⤵
  PID:8520
- C:\Windows\System\JgkXwNw.exe
  C:\Windows\System\JgkXwNw.exe
  2⤵
  PID:8536
- C:\Windows\System\hsAescm.exe
  C:\Windows\System\hsAescm.exe
  2⤵
  PID:8552
- C:\Windows\System\OSYyslS.exe
  C:\Windows\System\OSYyslS.exe
  2⤵
  PID:8568
- C:\Windows\System\wQlzqKf.exe
  C:\Windows\System\wQlzqKf.exe
  2⤵
  PID:9052
- C:\Windows\System\VuMFckC.exe
  C:\Windows\System\VuMFckC.exe
  2⤵
  PID:9068
- C:\Windows\System\sdATCLX.exe
  C:\Windows\System\sdATCLX.exe
  2⤵
  PID:9196
- C:\Windows\System\PIUyCdI.exe
  C:\Windows\System\PIUyCdI.exe
  2⤵
  PID:7896
- C:\Windows\System\ffGKrcj.exe
  C:\Windows\System\ffGKrcj.exe
  2⤵
  PID:7660
- C:\Windows\System\nrLnXmo.exe
  C:\Windows\System\nrLnXmo.exe
  2⤵
  PID:7708
- C:\Windows\System\BsbXixL.exe
  C:\Windows\System\BsbXixL.exe
  2⤵
  PID:7928
- C:\Windows\System\xswLAgd.exe
  C:\Windows\System\xswLAgd.exe
  2⤵
  PID:7596
- C:\Windows\System\EVRPfny.exe
  C:\Windows\System\EVRPfny.exe
  2⤵
  PID:8152
- C:\Windows\System\bjcHeur.exe
  C:\Windows\System\bjcHeur.exe
  2⤵
  PID:6620
- C:\Windows\System\sLgKLuo.exe
  C:\Windows\System\sLgKLuo.exe
  2⤵
  PID:8040
- C:\Windows\System\SDEWMiO.exe
  C:\Windows\System\SDEWMiO.exe
  2⤵
  PID:8952
- C:\Windows\System\izhRBgl.exe
  C:\Windows\System\izhRBgl.exe
  2⤵
  PID:6636
- C:\Windows\System\FAhhQGE.exe
  C:\Windows\System\FAhhQGE.exe
  2⤵
  PID:9172
- C:\Windows\System\GIJBxNe.exe
  C:\Windows\System\GIJBxNe.exe
  2⤵
  PID:8136
- C:\Windows\System\DyfYfKz.exe
  C:\Windows\System\DyfYfKz.exe
  2⤵
  PID:8476
- C:\Windows\System\EcjYJWk.exe
  C:\Windows\System\EcjYJWk.exe
  2⤵
  PID:9276
- C:\Windows\System\UqboRDy.exe
  C:\Windows\System\UqboRDy.exe
  2⤵
  PID:9292
- C:\Windows\System\fbEmyqE.exe
  C:\Windows\System\fbEmyqE.exe
  2⤵
  PID:9492
- C:\Windows\System\doPOPdL.exe
  C:\Windows\System\doPOPdL.exe
  2⤵
  PID:9780
- C:\Windows\System\GccFcRf.exe
  C:\Windows\System\GccFcRf.exe
  2⤵
  PID:9860
- C:\Windows\System\jLhJqIi.exe
  C:\Windows\System\jLhJqIi.exe
  2⤵
  PID:9876
- C:\Windows\System\ExcpPOl.exe
  C:\Windows\System\ExcpPOl.exe
  2⤵
  PID:9892
- C:\Windows\System\wBVfEbx.exe
  C:\Windows\System\wBVfEbx.exe
  2⤵
  PID:9908
- C:\Windows\System\fkOxbmz.exe
  C:\Windows\System\fkOxbmz.exe
  2⤵
  PID:9924
- C:\Windows\System\LKaVGbF.exe
  C:\Windows\System\LKaVGbF.exe
  2⤵
  PID:9940
- C:\Windows\System\KpaqfOX.exe
  C:\Windows\System\KpaqfOX.exe
  2⤵
  PID:9956
- C:\Windows\System\wCrkvUS.exe
  C:\Windows\System\wCrkvUS.exe
  2⤵
  PID:9972
- C:\Windows\System\MYnznLm.exe
  C:\Windows\System\MYnznLm.exe
  2⤵
  PID:9988
- C:\Windows\System\fzxqBur.exe
  C:\Windows\System\fzxqBur.exe
  2⤵
  PID:10004
- C:\Windows\System\ftBWWKB.exe
  C:\Windows\System\ftBWWKB.exe
  2⤵
  PID:10020
- C:\Windows\System\zckqzIT.exe
  C:\Windows\System\zckqzIT.exe
  2⤵
  PID:10036
- C:\Windows\System\OSKHrKz.exe
  C:\Windows\System\OSKHrKz.exe
  2⤵
  PID:10052
- C:\Windows\System\ZdzZvKZ.exe
  C:\Windows\System\ZdzZvKZ.exe
  2⤵
  PID:10068
- C:\Windows\System\MLgRkNV.exe
  C:\Windows\System\MLgRkNV.exe
  2⤵
  PID:10092
- C:\Windows\System\pqiXlqR.exe
  C:\Windows\System\pqiXlqR.exe
  2⤵
  PID:10140
- C:\Windows\System\waPpefy.exe
  C:\Windows\System\waPpefy.exe
  2⤵
  PID:8304
- C:\Windows\System\MjLbTNb.exe
  C:\Windows\System\MjLbTNb.exe
  2⤵
  PID:9240
- C:\Windows\System\YwSyDMC.exe
  C:\Windows\System\YwSyDMC.exe
  2⤵
  PID:9580
- C:\Windows\System\REmZBqy.exe
  C:\Windows\System\REmZBqy.exe
  2⤵
  PID:9708
- C:\Windows\System\QbPPtSp.exe
  C:\Windows\System\QbPPtSp.exe
  2⤵
  PID:9600
- C:\Windows\System\KsfwSAU.exe
  C:\Windows\System\KsfwSAU.exe
  2⤵
  PID:8632
- C:\Windows\System\xOmPqAG.exe
  C:\Windows\System\xOmPqAG.exe
  2⤵
  PID:7932
- C:\Windows\System\kdVCizq.exe
  C:\Windows\System\kdVCizq.exe
  2⤵
  PID:10244
- C:\Windows\System\RMMGRRk.exe
  C:\Windows\System\RMMGRRk.exe
  2⤵
  PID:10584
- C:\Windows\System\uhsWEJN.exe
  C:\Windows\System\uhsWEJN.exe
  2⤵
  PID:10808
- C:\Windows\System\WZbxUvS.exe
  C:\Windows\System\WZbxUvS.exe
  2⤵
  PID:11004
- C:\Windows\System\QgvuYkh.exe
  C:\Windows\System\QgvuYkh.exe
  2⤵
  PID:11152
- C:\Windows\System\FcWUHcU.exe
  C:\Windows\System\FcWUHcU.exe
  2⤵
  PID:9948
- C:\Windows\System\MBusNRT.exe
  C:\Windows\System\MBusNRT.exe
  2⤵
  PID:10768
- C:\Windows\System\ypsLYOg.exe
  C:\Windows\System\ypsLYOg.exe
  2⤵
  PID:10688
- C:\Windows\System\kDzOicn.exe
  C:\Windows\System\kDzOicn.exe
  2⤵
  PID:11292
- C:\Windows\System\ADpGnuz.exe
  C:\Windows\System\ADpGnuz.exe
  2⤵
  PID:12024
- C:\Windows\System\EzikPxL.exe
  C:\Windows\System\EzikPxL.exe
  2⤵
  PID:11492
- C:\Windows\System\CVdgCnA.exe
  C:\Windows\System\CVdgCnA.exe
  2⤵
  PID:11832
- C:\Windows\System\NdTMLeR.exe
  C:\Windows\System\NdTMLeR.exe
  2⤵
  PID:12160
- C:\Windows\System\yciIapb.exe
  C:\Windows\System\yciIapb.exe
  2⤵
  PID:12188
- C:\Windows\System\sXALyWK.exe
  C:\Windows\System\sXALyWK.exe
  2⤵
  PID:12208
- C:\Windows\System\btZRhPU.exe
  C:\Windows\System\btZRhPU.exe
  2⤵
  PID:12272
- C:\Windows\System\DXjvqMX.exe
  C:\Windows\System\DXjvqMX.exe
  2⤵
  PID:12296
- C:\Windows\System\JvQFRNe.exe
  C:\Windows\System\JvQFRNe.exe
  2⤵
  PID:12664
- C:\Windows\System\dEXhUPA.exe
  C:\Windows\System\dEXhUPA.exe
  2⤵
  PID:12804
- C:\Windows\System\kXjancT.exe
  C:\Windows\System\kXjancT.exe
  2⤵
  PID:12948
- C:\Windows\System\JCVFUxW.exe
  C:\Windows\System\JCVFUxW.exe
  2⤵
  PID:12964
- C:\Windows\System\hclcbJV.exe
  C:\Windows\System\hclcbJV.exe
  2⤵
  PID:13136
- C:\Windows\System\hWnqWHZ.exe
  C:\Windows\System\hWnqWHZ.exe
  2⤵
  PID:13252
- C:\Windows\System\QsNelEu.exe
  C:\Windows\System\QsNelEu.exe
  2⤵
  PID:13268
- C:\Windows\System\aXNvgTk.exe
  C:\Windows\System\aXNvgTk.exe
  2⤵
  PID:13284
- C:\Windows\System\JgwUJYK.exe
  C:\Windows\System\JgwUJYK.exe
  2⤵
  PID:10720
- C:\Windows\System\wFcxwaF.exe
  C:\Windows\System\wFcxwaF.exe
  2⤵
  PID:11904
- C:\Windows\System\auXLKQE.exe
  C:\Windows\System\auXLKQE.exe
  2⤵
  PID:12544
- C:\Windows\System\vHpEBVN.exe
  C:\Windows\System\vHpEBVN.exe
  2⤵
  PID:12984
- C:\Windows\System\wyCLiMU.exe
  C:\Windows\System\wyCLiMU.exe
  2⤵
  PID:12716
- C:\Windows\System\vqvXKBs.exe
  C:\Windows\System\vqvXKBs.exe
  2⤵
  PID:12460
- C:\Windows\System\avGtLhJ.exe
  C:\Windows\System\avGtLhJ.exe
  2⤵
  PID:13200
- C:\Windows\System\fcAENYY.exe
  C:\Windows\System\fcAENYY.exe
  2⤵
  PID:10416
- C:\Windows\System\lZJtWJb.exe
  C:\Windows\System\lZJtWJb.exe
  2⤵
  PID:9872
- C:\Windows\System\qXnxrsQ.exe
  C:\Windows\System\qXnxrsQ.exe
  2⤵
  PID:12364
- C:\Windows\System\pSQEkKv.exe
  C:\Windows\System\pSQEkKv.exe
  2⤵
  PID:12764
- C:\Windows\System\ZSVPDAE.exe
  C:\Windows\System\ZSVPDAE.exe
  2⤵
  PID:13048
- C:\Windows\System\SoqPPVk.exe
  C:\Windows\System\SoqPPVk.exe
  2⤵
  PID:13328
- C:\Windows\System\jPDULNM.exe
  C:\Windows\System\jPDULNM.exe
  2⤵
  PID:13344
- C:\Windows\System\TslQHpw.exe
  C:\Windows\System\TslQHpw.exe
  2⤵
  PID:13360
- C:\Windows\System\HPDENtS.exe
  C:\Windows\System\HPDENtS.exe
  2⤵
  PID:13376
- C:\Windows\System\bybdztQ.exe
  C:\Windows\System\bybdztQ.exe
  2⤵
  PID:13396
- C:\Windows\System\TUldlNW.exe
  C:\Windows\System\TUldlNW.exe
  2⤵
  PID:13412
- C:\Windows\System\qErCJDp.exe
  C:\Windows\System\qErCJDp.exe
  2⤵
  PID:13428
- C:\Windows\System\hYzCZXD.exe
  C:\Windows\System\hYzCZXD.exe
  2⤵
  PID:13444
- C:\Windows\System\kvaCbiB.exe
  C:\Windows\System\kvaCbiB.exe
  2⤵
  PID:13460
- C:\Windows\System\mQrvZfL.exe
  C:\Windows\System\mQrvZfL.exe
  2⤵
  PID:13476
- C:\Windows\System\fuiiWZO.exe
  C:\Windows\System\fuiiWZO.exe
  2⤵
  PID:13492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BSMmlRs.exe

Filesize
1.3MB

MD5
0ac769172c1c4c8903629dd96938a163

SHA1
e70839acbcd97e0c53357c18ae9a4908ad4563a4

SHA256
e125662080fb9b63a93993b85e74bdd8deb310791b04625ceeccd9d56dcdd41c

SHA512
38a6401409ad81e818bca540b4aa971a6b11f2ba64bb4e7c5d453e17e7c732497ef486e24854ffd4883796816ac1f1c32145b3b8566174a3dec43877205e8f2a

Download Submit
C:\Windows\system\EGMGHsf.exe

Filesize
1.3MB

MD5
e17aae787d8fb5457c0188b8ce08737a

SHA1
f26d57b9d921fcf5b6f3791f68eed47e058469d5

SHA256
8905a260afe79e7bd15e7c136dd42d50769d6c042dc89aec3781f49162a8e5e4

SHA512
e2407fe7fd95c1f8b70c0ebdd65ad7b0c813474c2beef1b83f2d6b4842d51075e0de5d42d8f9f70ecf436f02cbdced45e4990d9a3c31e686af4e9a4d87fbad11

Download Submit
C:\Windows\system\HoXWaFq.exe

Filesize
1.3MB

MD5
f4708c6fa4c0e7f8be4a7db6f7c0b7c4

SHA1
366b7fef31613f809dd3414abc1611a492967e54

SHA256
caa034dcaf759214f1a4269b3007f33c69925d5eeee56db908ca3dff79e8ca75

SHA512
1735b8416fcb0d700109fd0b39aff4d94766d76df329ff5f65d1024d7fd74b6e8530908732930146b12ec361eb41d840aa3e8bbdd72c1cdc8f827feaee799d08

Download Submit
C:\Windows\system\LDWslxs.exe

Filesize
1.3MB

MD5
d173c4fdacacf940b1497b52081b7038

SHA1
990acc86346d1207608c83deed698ba47a34cec2

SHA256
ee1c12c5b88cd7d433afcf7f02063e4eccfffe209a468325dfd65eec1e61eaed

SHA512
6abf1ccc1cc5fce256b4fb70ea452b717c03e528a57b8ce330b54a402db914edc51f2a1ba4b4d29c5e054c58267ab059b8a37449c1e8681d234278d97bf4b66e

Download Submit
C:\Windows\system\OQXYtve.exe

Filesize
1.3MB

MD5
401c165069a9e3c52dcc89056a0128bb

SHA1
78c45cd6851447eed1bf530f133de2515e73c963

SHA256
3176d79e3d10b82971dfa55d454babf954e5ae0779cea8f27cc7c9369cb76691

SHA512
ffa97af4d98c19b7f80b6d992085b93224a12fae5ae3cf9fdab883a1a988b2d852186087de3b4d9b119475237485b3996e2ab93c83a58172490a3004bc2fdee2

Download Submit
C:\Windows\system\OfojaZu.exe

Filesize
1.3MB

MD5
478b291fad37376505377dd0897badb9

SHA1
9e3f2765890d9390fcae7755f4f0bf8e02eaad84

SHA256
b2daaa6597251254759a000317a144b192692421f32bd4d12391ec2ef443559d

SHA512
1e4474ce1fbce5c7bb9fedcc8c916f1cf8edcba5f5bd377e0c33727813b158734ea2118817c725807e110594d36dedaf0d71932f105d94d6f440ffade89a8b63

Download Submit
C:\Windows\system\OxCFyCL.exe

Filesize
1.3MB

MD5
f1806c9a6bd7a0e6668df7005904fb9b

SHA1
7203895524821870d7445a039bd19b3723cc1096

SHA256
4f087ed8194ff930f807ef909c6660fdab052429736a442f84a65c08bc561382

SHA512
b50c0da1eb6718275745d46916e7984b227db720af899eca0526a17dcb47f1921cbe0d606235175983b6e11910f2cbbf73e3c1a08b6dc6af280398964bd6b69f

Download Submit
C:\Windows\system\PlESLez.exe

Filesize
1.3MB

MD5
7272107607f3a4de43e8876b89463961

SHA1
00b6632e91dbe2516d09154304050fe591cc615a

SHA256
410a16901d61db7a918e94c63d440ae3d0865599ec2522a5cdd7a651efc012e4

SHA512
03e6ac673673ea6b7e07c960b7b685b7bd2f465edbf6a8c68ae1873e0014251194f60e384cc00ac44d4f590ffae9585ecd7507b4be5a90e9478420729e32be1d

Download Submit
C:\Windows\system\PoWRFtH.exe

Filesize
1.3MB

MD5
84d796cc9649de5c6a7825e2226aebaa

SHA1
fb9e78f3f1b760cd08b398f9eeb727c3c911e0d2

SHA256
6c93d1db27037f38d84551b5f70f40867ccbbda2ceaf1150e4a7832b10648aec

SHA512
8902c7831c64d81e107d360d9116f94940e2548c15a02cae4e63d32178b2bd9b9f87a8933c72469843ed3121ae74a9f3c909350b0cd47b56b08c9a8449c0927d

Download Submit
C:\Windows\system\RycCsXD.exe

Filesize
1.3MB

MD5
292a0d35cd97db7ad786613744abcc9e

SHA1
f1fcbb26bdbb9388f8dd228e23df602cdfa4fb89

SHA256
9e4dafb4a5ad64b390adb009819252d5e446fc047a3c119c2f68afa5ff41fa86

SHA512
0c447376e8673e749ce6079df663e8c169c117b723a6b362e381f90f45025bf3bd02d8c950ce4b3b3596c790cf10a4315faab4f8c0a0af86934cb9b78e3db48a

Download Submit
C:\Windows\system\VXhuXbX.exe

Filesize
1.3MB

MD5
2f35d587c6c94e5f2dd74e55505b2b44

SHA1
b7ed220bdbaf0344d56cde85b6a3ebe9026f130f

SHA256
08eb0e4d1e66293a57d63ae66687c6fe15d35308ec434ef431bc5f9ff982d83c

SHA512
bc4d39b73d851bb2dfc94d99416df77fe319031075fc9d5b26dac977d4153a9451e3287962a2c2632d2a8c8e74b65146c3406994f1781d2e38cc181c9e2bcc6e

Download Submit
C:\Windows\system\WEpkMET.exe

Filesize
1.3MB

MD5
efc90f239759a9d6db70b9a8c61e1bd5

SHA1
9eaad0c4ff92a5a8811a45bda65e00c5feabe2b0

SHA256
f9cb33962fe1ff322f9d2e4d109f2cb9de9d812f893339ccb62e15e01726e0f2

SHA512
b82282ebf979a3c28accde13386a439ef8b50db773ec49bfe33241041d5a65c1af4ef9fa98a2bcba31230390340be0c75f0616224b7a54ff2400a8b0ad430790

Download Submit
C:\Windows\system\WWchSQB.exe

Filesize
1.3MB

MD5
4c1e47b9861cf52de4122590ba3ad0aa

SHA1
a6e435527e09fc75ee0ecb9bf2bbe1b82718bdb9

SHA256
d4f34f8fd04b77cc60abddcb9a918db8cd74cb466e7a1d3443b821a8bf1f514b

SHA512
89c3bb4ecd8af0f587987b79078dd12a585eb3cd595b70a093639b2aa84bee74350a5719b3523a58967cef0daac09aedf6919b539e9687a90cbcb3108361b6f5

Download Submit
C:\Windows\system\WpTAfQe.exe

Filesize
1.3MB

MD5
1303a76be1e6a61c425d868610cc8e7c

SHA1
a98c42484610badfe953c90d78611f7fd97f859e

SHA256
ffe8c314d76dd620087a56c5101eb8ec12e37d9f2553de3b065aa4a3da69bd29

SHA512
1b9d92c6808468eea81a55b40aa0f14f992be63ccb552b87a5b867b2aa8a7d5b9fae50ed6ec08962bae0328c248dff98dff6380f92db6d818c0062ff5b60efdd

Download Submit
C:\Windows\system\XFBlmOF.exe

Filesize
1.3MB

MD5
50f13ecd1cc77f7337280473bb39902c

SHA1
87257d7fc958c6b9b545fa786e34bfd9180f8cd9

SHA256
bd7c0a0342c99624f661a7cfc2ec6cfc62cc079df554596c4617b0d1bb5a2642

SHA512
3e6ae9c2e743f95bc17e2ac8dc11797db6880216d5d7d940cb1d6c88fd092e8a21e6b0867d7fbfc170ef9905a1baab0d07c0bc37a4742e7dd9c884c144170355

Download Submit
C:\Windows\system\YvvUyZS.exe

Filesize
1.3MB

MD5
f90cbb1e3fed9bd3c787ffe682d792a4

SHA1
41247d501c094e54d3b4b77df8b7d0b6a2c3807b

SHA256
a38644ea36758efc82b7aa8ff6a53990e8b728501c669b1ba1c51f3a157d5899

SHA512
1cc83920c8ef65c01ad2c887c85cad89e34a78b3528a1230fd7c05d9d386763caf6e0d1a474625837f1da2113b21b90ade0c7aa20ae233cf54e3725d5adb22b9

Download Submit
C:\Windows\system\bRKDUEr.exe

Filesize
1.3MB

MD5
5a35bc39b06cdd446ff429b4b1a39119

SHA1
dbfe1322577a8f9f0e8e54b2ccd14845989436ab

SHA256
99fa3ac434dc69297a44ad1c076fa409e97b44e6f81b8a2e894a101e87799347

SHA512
77106c2159205d37b82ff7605389c609a846d0c0a63e37547890a610d23e873069338a83c6448b465534a3be5ee6d7c963caf13f57e04df7062c2023d0c52745

Download Submit
C:\Windows\system\hYCsBFt.exe

Filesize
1.3MB

MD5
ac2e3ac60d89da622f5eaf898e33e273

SHA1
a06550b51892b4b3c683fa0818e081198a4921d8

SHA256
e5890edd0ab5dae47d48b733847a4e8da900ce0a60d6cdf582a755bf236a69d1

SHA512
81d6f9ab5d1d5b9e4a67facbee28b29b3f64f72210a8f87bf1d4e9e1e4c9ac5522ec3baae33c4980676b79fae66cab2c7a7389e47ff253c5522166365d50dc15

Download Submit
C:\Windows\system\jZhQvnz.exe

Filesize
1.3MB

MD5
532181e16dccacfeca0f777ea42725a8

SHA1
fe56ac7f9db124b8e8a1b2843f5752c0c1e2e897

SHA256
7d8ed78ad20a9f49284f7b8b665a38e50c76f9570464f5a7527c3fc282b539a7

SHA512
8bd2cfc691005166db42043a96eb6d26df9e9ffdf7c4fc50a02e910b47fe52acb9aca2b8625c80c102456d6805ab6a2cab0b52d2c0e84b013501014e0f1d7bc7

Download Submit
C:\Windows\system\nhpfyAU.exe

Filesize
1.3MB

MD5
a541377fecbdddbd429c4ec61a3116c4

SHA1
7247999e4a9e6056dc521ab242ba881e0cac6f78

SHA256
03e81f3fe8cade479dc54b800ac4f563d102783e8c8aeefd19d666125ba8c30e

SHA512
8a541f0a939f658d56ed49c133a6da722b2296641a15a533b0dc5f29c21c08d77402017f60ff567ffde748c3c13e55c71f0ed12333f71206b118d62f4d63c81e

Download Submit
C:\Windows\system\saCpxdo.exe

Filesize
1.3MB

MD5
1591320568b219abf74831344adea697

SHA1
c8e3bc400571cee1ee935c0854e63e0dcaf48235

SHA256
cb38d19071d0071939cf343fc5d52d1db30109eee42e82b23886fc03e9cc2a5e

SHA512
19e54a2abd2e6f0ade992f5ae22b1c584b681577de59acc83c8279d6430f53ae10ce1dc0542562870f5fa872ad87ef2ed5d68021150f8bcd5d22a3c6d346ed4d

Download Submit
C:\Windows\system\tchCeLc.exe

Filesize
1.3MB

MD5
e2f6affa516b32dfea635660d7bcbda1

SHA1
20e1080e874e796de06a74a76cd34477f121145f

SHA256
5b3aa8732504ad1b84711ebaaf71453ce700c9ad70656b52274b303b54aeb8bc

SHA512
2d7bea15b23823cc818b1d3822552b0e1e5ff318da6940bca5c9a2dae8f45d2f43cd642fdc9aae12055dfa6d8a8ccae871029929ef0d37c09f759c5a1bb8bbb8

Download Submit
\Windows\system\BVwZHrB.exe

Filesize
1.3MB

MD5
5c5b047581d610207218e12fc400d51f

SHA1
9d94c9b839e73409b9822afe5e61680ec70d39d8

SHA256
d67ca02de6db11d4abad123c6567ed6a26573ff08ea387a424f848932b45993f

SHA512
d7dd8fc3f695aa6982e7c64d85d2f38de7cda6361ec646d9c8287e9cdccabfc4b34fbe12d3a82f0c32aa9c74c44ea0bf1b219698b7242a1a9d852cde0dd15bc8

Download Submit
\Windows\system\BlTODbD.exe

Filesize
1.3MB

MD5
d11137765e0c7437cf45180803dadb17

SHA1
5178a543102a4797f1ae41b80c762140531c7001

SHA256
beeb1c97cce99aed24345d4baf686969f9452328c01b110c5ede2b730d444dd7

SHA512
6a52e73469144519025e7159fd8170ad471b279804b5b92c833a3342e775da1ba145a085791d18971adc9f38f31150af7a3d8ec69133806b4fed06095d4d862e

Download Submit
\Windows\system\DTZAEnA.exe

Filesize
1.3MB

MD5
92ba2082dc4eec04f7dd45dfcb7e68ba

SHA1
80133acb2ff2129605ec8c678499c3ca93d427fd

SHA256
ad040763149bd9111baabe54687d39851a9e3e850b3d93a0cddf48cbcca8e701

SHA512
f1f827d75932b62718a5fffdfce9296a053f3d2e8be43189c8aa1f48a3f2e0dd7f616f1d96f262c5ad396b8fb257adad6a833fe389074272a66c3072f440ade4

Download Submit
\Windows\system\JTiwqwn.exe

Filesize
1.3MB

MD5
42af4a1f4aa9bc293f231b955c57354c

SHA1
8a116a44718acde8178981d7233510edf1b2f9fc

SHA256
bec10b67c43c978de637b06d8b5381b484b930c52d5d7a3927eaa52ec6afd810

SHA512
2142076c4d6e3413dd291861e8414abdc577b48800c196048613c03b080a0b5a1ff9caccc58453f0434e6be4de05d35a9b88e9f6d3571583fafcaab81aa87c64

Download Submit
\Windows\system\NyvETPt.exe

Filesize
1.3MB

MD5
ef36147e64559d297677a40e5ec97076

SHA1
803351833cc1dc1f8141d20009a8b7768a41ad72

SHA256
dee10b20e95884a0024a0a6ed0f21dcba8ada1972afa1128ad91f3ed291ab755

SHA512
62cdb8f730870b086dc8633bf8d14d0b39c63412578728a1e3fe6f0d7fe8ce3d571a588e15dfa9ea840f0be0c2c204c367d2c1800d26cfde3d0a3e47bda0b73f

Download Submit
\Windows\system\QegDXoi.exe

Filesize
1.3MB

MD5
f211ee755b6f755eb43b0c2b3bfc1612

SHA1
562fb8a5405649fe6fd07477b0a01b05b2db023e

SHA256
465f1498fc9a90826476c266c19eaf2a528ce1e93220b803c659f7e66ebda04a

SHA512
e65a75c634756b78cf9ae32bb277c62a7e6cb0a04d63063eac95f087bda81653050fde1b8c97f27006cb5b7b01f58c7818a81b2382d0aa8dd80752a75f638930

Download Submit
\Windows\system\lmCrIyR.exe

Filesize
1.3MB

MD5
3a36910e6e416f02785f90e7e255ca05

SHA1
e33119aa72c1586d1b534fac1d25e3f2af7f6914

SHA256
1264c116d4dfe8502cc135d29fd90ec1011cc98e20aa0ce89b34e5ebb54769a0

SHA512
65ecfc829f4e193ea165751e90a20865882d2c2d4a4dfa7c82ea8871aa416aa1e7d8ad5ab38372f8e5b6586984020f0d011bf1bc65a4c16eef1d2299165cfcec

Download Submit
\Windows\system\uLQhSps.exe

Filesize
1.3MB

MD5
66b475ae6267d2039739f4e2071190fc

SHA1
7ed5c451a5cae6019d838cfa775b75f5055c3635

SHA256
ed133bc3f449f82cfe0d2f057800c0bfc8b2ec9497517a62c9d95e529fa8bfaa

SHA512
2b9a81cdc993f1d81364fb84576ee6ecec08c79a66a9924af1a87163270d3a305a6420a3f01f794e8174b0ea67cdef115cbc46e2c4ed6290652c78ee0d58c578

Download Submit
\Windows\system\wmAUJax.exe

Filesize
1.3MB

MD5
85600060ef95173ded3311b9c1c4be0f

SHA1
bb3b8c2db47c28a4b1829a7d59dfa9533795ba3e

SHA256
a1b9a88d44ae4a2affd8ed111a06a1b352dbe89781bb5992825ed7fdc4b3ac59

SHA512
ac4ecdfeaf0a0aafc4d82d72fb99f09c1640baff8dd1ce08134ca34f1fd201b3a2fc92e8c26f4960d1ae8f682f1c6c514d54846311ab6184d9257a4e019ca6a4

Download Submit
\Windows\system\wpvGEyZ.exe

Filesize
1.3MB

MD5
7a86e9146ad2fafab3c0eb114b152997

SHA1
9c4a3feeb4a71f2f5057e185172206c574467abd

SHA256
3683aaf2a5bcc23298b871969085f4c91a201c6fffb3581b78d45683d858ac81

SHA512
64f8edb283ea59c267a031d9d8fafef05ac421c9e0c46b2e813f5eee6f86b1dbdc8b434d8ab7d99bd5199d0c7b50e6687685c3701334c4a756fdef705d0eb182

Download Submit
\Windows\system\zWWpTBO.exe

Filesize
1.3MB

MD5
905cf696db2687b59031f496d44f24b8

SHA1
c294dbb7d33f3a0ae7079dce9bc23c95afb74818

SHA256
4a63a4b4d7a5a59a61c559cbfe7d0b9fec78a1c83cd35f19246f2957fac3a474

SHA512
305318b6451bcb78787cf99d34d9bd68788e23d1bcb2f9bbef81c32e2f1e3eb21747d2b27a7f19b11ee8bde0bca670b928e4d34a5a6e07eea1f41650cdf53182

Download Submit
memory/268-266-0x000000013FB70000-0x000000013FF62000-memory.dmp

Filesize
3.9MB

Download
memory/1356-430-0x000000013F2F0000-0x000000013F6E2000-memory.dmp

Filesize
3.9MB

Download
memory/1888-263-0x000000013FE00000-0x00000001401F2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-283-0x000000013FE20000-0x0000000140212000-memory.dmp

Filesize
3.9MB

Download
memory/2056-421-0x0000000003180000-0x0000000003572000-memory.dmp

Filesize
3.9MB

Download
memory/2056-156-0x000000013F530000-0x000000013F922000-memory.dmp

Filesize
3.9MB

Download
memory/2056-618-0x000000013F080000-0x000000013F472000-memory.dmp

Filesize
3.9MB

Download
memory/2056-515-0x0000000003180000-0x0000000003572000-memory.dmp

Filesize
3.9MB

Download
memory/2056-497-0x000000013F790000-0x000000013FB82000-memory.dmp

Filesize
3.9MB

Download
memory/2056-447-0x000000013F9A0000-0x000000013FD92000-memory.dmp

Filesize
3.9MB

Download
memory/2056-197-0x000000013F8D0000-0x000000013FCC2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-2-0x000000013FE20000-0x0000000140212000-memory.dmp

Filesize
3.9MB

Download
memory/2056-199-0x000000013F170000-0x000000013F562000-memory.dmp

Filesize
3.9MB

Download
memory/2056-427-0x0000000003180000-0x0000000003572000-memory.dmp

Filesize
3.9MB

Download
memory/2056-201-0x0000000003180000-0x0000000003572000-memory.dmp

Filesize
3.9MB

Download
memory/2056-423-0x000000013F100000-0x000000013F4F2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-264-0x0000000003180000-0x0000000003572000-memory.dmp

Filesize
3.9MB

Download
memory/2056-15-0x000000013F860000-0x000000013FC52000-memory.dmp

Filesize
3.9MB

Download
memory/2056-267-0x000000013F870000-0x000000013FC62000-memory.dmp

Filesize
3.9MB

Download
memory/2056-265-0x0000000003180000-0x0000000003572000-memory.dmp

Filesize
3.9MB

Download
memory/2056-422-0x0000000003180000-0x0000000003572000-memory.dmp

Filesize
3.9MB

Download
memory/2056-270-0x000000013F2F0000-0x000000013F6E2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-0-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2056-420-0x0000000003180000-0x0000000003572000-memory.dmp

Filesize
3.9MB

Download
memory/2136-23-0x000000013F860000-0x000000013FC52000-memory.dmp

Filesize
3.9MB

Download
memory/2416-198-0x000000013F8D0000-0x000000013FCC2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-204-0x000000013FBF0000-0x000000013FFE2000-memory.dmp

Filesize
3.9MB

Download
memory/2504-200-0x000000013F170000-0x000000013F562000-memory.dmp

Filesize
3.9MB

Download
memory/2540-315-0x000000013FE00000-0x00000001401F2000-memory.dmp

Filesize
3.9MB

Download
memory/2648-166-0x000000013F530000-0x000000013F922000-memory.dmp

Filesize
3.9MB

Download
memory/2652-196-0x000000013F540000-0x000000013F932000-memory.dmp

Filesize
3.9MB

Download
memory/2724-435-0x000000013FD70000-0x0000000140162000-memory.dmp

Filesize
3.9MB

Download
memory/2828-444-0x000000013F100000-0x000000013F4F2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-335-0x000000013FF70000-0x0000000140362000-memory.dmp

Filesize
3.9MB

Download
memory/3020-387-0x0000000001F30000-0x0000000001F38000-memory.dmp

Filesize
32KB

Download
memory/3020-370-0x000000001B440000-0x000000001B722000-memory.dmp

Filesize
2.9MB

Download
memory/3020-167-0x0000000002A20000-0x0000000002AA0000-memory.dmp

Filesize
512KB

Download
memory/3020-148-0x000007FEF5990000-0x000007FEF632D000-memory.dmp

Filesize
9.6MB

Download
memory/3020-149-0x0000000002A20000-0x0000000002AA0000-memory.dmp

Filesize
512KB

Download