xmrig | 77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901

Analysis

max time kernel
125s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
Size

1.3MB
MD5

5644607501cce10578f24830a30540a3
SHA1

737b012c292eb24b70cd3ef2c66a18c64715d2db
SHA256

77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901
SHA512

8621a1acf5bf2be2959104f02f6808d2c5dee89daf27084438667b5b69a9d4b6b20efeed7af328dddf3bcd793f0e3823cc992e48b7b486a4cfdd60a08d1b3803
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727vrNaT/QoZo6TOZmkTz5sRRvwBzK8:ROdWCCi7/rahW/zaZTdsnYz3

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/2344-0-0x00007FF6B6B60000-0x00007FF6B6EB1000-memory.dmp	UPX
behavioral2/files/0x000b000000023b69-5.dat	UPX
behavioral2/files/0x000a000000023b6e-7.dat	UPX
behavioral2/memory/4300-13-0x00007FF79B850000-0x00007FF79BBA1000-memory.dmp	UPX
behavioral2/memory/4576-16-0x00007FF6C7FE0000-0x00007FF6C8331000-memory.dmp	UPX
behavioral2/files/0x000a000000023b6f-22.dat	UPX
behavioral2/files/0x000a000000023b72-34.dat	UPX
behavioral2/memory/2768-44-0x00007FF6CB5E0000-0x00007FF6CB931000-memory.dmp	UPX
behavioral2/memory/3468-43-0x00007FF7CB330000-0x00007FF7CB681000-memory.dmp	UPX
behavioral2/memory/3208-49-0x00007FF6B6A00000-0x00007FF6B6D51000-memory.dmp	UPX
behavioral2/files/0x000a000000023b76-63.dat	UPX
behavioral2/files/0x000a000000023b77-71.dat	UPX
behavioral2/files/0x000a000000023b7d-96.dat	UPX
behavioral2/files/0x000a000000023b7e-107.dat	UPX
behavioral2/files/0x000a000000023b82-123.dat	UPX
behavioral2/files/0x000a000000023b85-141.dat	UPX
behavioral2/files/0x000a000000023b88-157.dat	UPX
behavioral2/memory/2940-477-0x00007FF69E910000-0x00007FF69EC61000-memory.dmp	UPX
behavioral2/memory/5064-479-0x00007FF63D910000-0x00007FF63DC61000-memory.dmp	UPX
behavioral2/memory/2252-689-0x00007FF7B9970000-0x00007FF7B9CC1000-memory.dmp	UPX
behavioral2/memory/1316-750-0x00007FF6C4DF0000-0x00007FF6C5141000-memory.dmp	UPX
behavioral2/memory/2732-629-0x00007FF6A1040000-0x00007FF6A1391000-memory.dmp	UPX
behavioral2/memory/2908-634-0x00007FF7B0410000-0x00007FF7B0761000-memory.dmp	UPX
behavioral2/memory/2696-587-0x00007FF61E4D0000-0x00007FF61E821000-memory.dmp	UPX
behavioral2/memory/3820-751-0x00007FF6D3580000-0x00007FF6D38D1000-memory.dmp	UPX
behavioral2/memory/956-779-0x00007FF632CE0000-0x00007FF633031000-memory.dmp	UPX
behavioral2/memory/4240-824-0x00007FF617BB0000-0x00007FF617F01000-memory.dmp	UPX
behavioral2/memory/2704-839-0x00007FF6E7410000-0x00007FF6E7761000-memory.dmp	UPX
behavioral2/memory/704-846-0x00007FF621340000-0x00007FF621691000-memory.dmp	UPX
behavioral2/memory/4692-833-0x00007FF62F820000-0x00007FF62FB71000-memory.dmp	UPX
behavioral2/memory/1320-822-0x00007FF701160000-0x00007FF7014B1000-memory.dmp	UPX
behavioral2/memory/4784-803-0x00007FF74D260000-0x00007FF74D5B1000-memory.dmp	UPX
behavioral2/memory/2388-802-0x00007FF7656F0000-0x00007FF765A41000-memory.dmp	UPX
behavioral2/memory/3236-538-0x00007FF6970C0000-0x00007FF697411000-memory.dmp	UPX
behavioral2/memory/2312-548-0x00007FF7C9F40000-0x00007FF7CA291000-memory.dmp	UPX
behavioral2/memory/4712-512-0x00007FF708C50000-0x00007FF708FA1000-memory.dmp	UPX
behavioral2/memory/380-505-0x00007FF6592E0000-0x00007FF659631000-memory.dmp	UPX
behavioral2/memory/3904-500-0x00007FF6616F0000-0x00007FF661A41000-memory.dmp	UPX
behavioral2/files/0x000a000000023b8c-171.dat	UPX
behavioral2/files/0x000a000000023b8a-169.dat	UPX
behavioral2/files/0x000a000000023b8b-166.dat	UPX
behavioral2/files/0x000a000000023b89-161.dat	UPX
behavioral2/files/0x000a000000023b87-151.dat	UPX
behavioral2/files/0x000a000000023b86-147.dat	UPX
behavioral2/files/0x000a000000023b84-137.dat	UPX
behavioral2/files/0x000a000000023b83-131.dat	UPX
behavioral2/files/0x000a000000023b81-121.dat	UPX
behavioral2/files/0x000a000000023b80-117.dat	UPX
behavioral2/files/0x000a000000023b7f-111.dat	UPX
behavioral2/files/0x000a000000023b7c-97.dat	UPX
behavioral2/files/0x000a000000023b7b-91.dat	UPX
behavioral2/files/0x000a000000023b7a-87.dat	UPX
behavioral2/files/0x000a000000023b79-81.dat	UPX
behavioral2/files/0x000a000000023b78-77.dat	UPX
behavioral2/files/0x000a000000023b75-61.dat	UPX
behavioral2/files/0x000a000000023b74-57.dat	UPX
behavioral2/files/0x000a000000023b73-55.dat	UPX
behavioral2/memory/4860-50-0x00007FF62D940000-0x00007FF62DC91000-memory.dmp	UPX
behavioral2/memory/3668-38-0x00007FF658490000-0x00007FF6587E1000-memory.dmp	UPX
behavioral2/files/0x000a000000023b71-37.dat	UPX
behavioral2/files/0x000a000000023b70-35.dat	UPX
behavioral2/files/0x000a000000023b6d-19.dat	UPX
behavioral2/memory/1824-15-0x00007FF748740000-0x00007FF748A91000-memory.dmp	UPX
behavioral2/memory/1824-2168-0x00007FF748740000-0x00007FF748A91000-memory.dmp	UPX

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/3468-43-0x00007FF7CB330000-0x00007FF7CB681000-memory.dmp	xmrig
behavioral2/memory/3208-49-0x00007FF6B6A00000-0x00007FF6B6D51000-memory.dmp	xmrig
behavioral2/memory/2940-477-0x00007FF69E910000-0x00007FF69EC61000-memory.dmp	xmrig
behavioral2/memory/5064-479-0x00007FF63D910000-0x00007FF63DC61000-memory.dmp	xmrig
behavioral2/memory/2252-689-0x00007FF7B9970000-0x00007FF7B9CC1000-memory.dmp	xmrig
behavioral2/memory/1316-750-0x00007FF6C4DF0000-0x00007FF6C5141000-memory.dmp	xmrig
behavioral2/memory/2732-629-0x00007FF6A1040000-0x00007FF6A1391000-memory.dmp	xmrig
behavioral2/memory/2908-634-0x00007FF7B0410000-0x00007FF7B0761000-memory.dmp	xmrig
behavioral2/memory/2696-587-0x00007FF61E4D0000-0x00007FF61E821000-memory.dmp	xmrig
behavioral2/memory/3820-751-0x00007FF6D3580000-0x00007FF6D38D1000-memory.dmp	xmrig
behavioral2/memory/956-779-0x00007FF632CE0000-0x00007FF633031000-memory.dmp	xmrig
behavioral2/memory/4240-824-0x00007FF617BB0000-0x00007FF617F01000-memory.dmp	xmrig
behavioral2/memory/2704-839-0x00007FF6E7410000-0x00007FF6E7761000-memory.dmp	xmrig
behavioral2/memory/704-846-0x00007FF621340000-0x00007FF621691000-memory.dmp	xmrig
behavioral2/memory/4692-833-0x00007FF62F820000-0x00007FF62FB71000-memory.dmp	xmrig
behavioral2/memory/1320-822-0x00007FF701160000-0x00007FF7014B1000-memory.dmp	xmrig
behavioral2/memory/4784-803-0x00007FF74D260000-0x00007FF74D5B1000-memory.dmp	xmrig
behavioral2/memory/2388-802-0x00007FF7656F0000-0x00007FF765A41000-memory.dmp	xmrig
behavioral2/memory/3236-538-0x00007FF6970C0000-0x00007FF697411000-memory.dmp	xmrig
behavioral2/memory/2312-548-0x00007FF7C9F40000-0x00007FF7CA291000-memory.dmp	xmrig
behavioral2/memory/4712-512-0x00007FF708C50000-0x00007FF708FA1000-memory.dmp	xmrig
behavioral2/memory/380-505-0x00007FF6592E0000-0x00007FF659631000-memory.dmp	xmrig
behavioral2/memory/3904-500-0x00007FF6616F0000-0x00007FF661A41000-memory.dmp	xmrig
behavioral2/memory/1824-2168-0x00007FF748740000-0x00007FF748A91000-memory.dmp	xmrig
behavioral2/memory/4576-2201-0x00007FF6C7FE0000-0x00007FF6C8331000-memory.dmp	xmrig
behavioral2/memory/3668-2202-0x00007FF658490000-0x00007FF6587E1000-memory.dmp	xmrig
behavioral2/memory/2768-2207-0x00007FF6CB5E0000-0x00007FF6CB931000-memory.dmp	xmrig
behavioral2/memory/4860-2208-0x00007FF62D940000-0x00007FF62DC91000-memory.dmp	xmrig
behavioral2/memory/4300-2231-0x00007FF79B850000-0x00007FF79BBA1000-memory.dmp	xmrig
behavioral2/memory/4576-2233-0x00007FF6C7FE0000-0x00007FF6C8331000-memory.dmp	xmrig
behavioral2/memory/3668-2237-0x00007FF658490000-0x00007FF6587E1000-memory.dmp	xmrig
behavioral2/memory/1824-2236-0x00007FF748740000-0x00007FF748A91000-memory.dmp	xmrig
behavioral2/memory/3208-2239-0x00007FF6B6A00000-0x00007FF6B6D51000-memory.dmp	xmrig
behavioral2/memory/2940-2247-0x00007FF69E910000-0x00007FF69EC61000-memory.dmp	xmrig
behavioral2/memory/4860-2245-0x00007FF62D940000-0x00007FF62DC91000-memory.dmp	xmrig
behavioral2/memory/2768-2243-0x00007FF6CB5E0000-0x00007FF6CB931000-memory.dmp	xmrig
behavioral2/memory/3468-2241-0x00007FF7CB330000-0x00007FF7CB681000-memory.dmp	xmrig
behavioral2/memory/4712-2271-0x00007FF708C50000-0x00007FF708FA1000-memory.dmp	xmrig
behavioral2/memory/2732-2269-0x00007FF6A1040000-0x00007FF6A1391000-memory.dmp	xmrig
behavioral2/memory/3236-2275-0x00007FF6970C0000-0x00007FF697411000-memory.dmp	xmrig
behavioral2/memory/1320-2283-0x00007FF701160000-0x00007FF7014B1000-memory.dmp	xmrig
behavioral2/memory/704-2287-0x00007FF621340000-0x00007FF621691000-memory.dmp	xmrig
behavioral2/memory/2704-2285-0x00007FF6E7410000-0x00007FF6E7761000-memory.dmp	xmrig
behavioral2/memory/956-2281-0x00007FF632CE0000-0x00007FF633031000-memory.dmp	xmrig
behavioral2/memory/4692-2279-0x00007FF62F820000-0x00007FF62FB71000-memory.dmp	xmrig
behavioral2/memory/4240-2277-0x00007FF617BB0000-0x00007FF617F01000-memory.dmp	xmrig
behavioral2/memory/2312-2273-0x00007FF7C9F40000-0x00007FF7CA291000-memory.dmp	xmrig
behavioral2/memory/3820-2263-0x00007FF6D3580000-0x00007FF6D38D1000-memory.dmp	xmrig
behavioral2/memory/2252-2261-0x00007FF7B9970000-0x00007FF7B9CC1000-memory.dmp	xmrig
behavioral2/memory/2696-2267-0x00007FF61E4D0000-0x00007FF61E821000-memory.dmp	xmrig
behavioral2/memory/2908-2265-0x00007FF7B0410000-0x00007FF7B0761000-memory.dmp	xmrig
behavioral2/memory/1316-2259-0x00007FF6C4DF0000-0x00007FF6C5141000-memory.dmp	xmrig
behavioral2/memory/2388-2257-0x00007FF7656F0000-0x00007FF765A41000-memory.dmp	xmrig
behavioral2/memory/4784-2255-0x00007FF74D260000-0x00007FF74D5B1000-memory.dmp	xmrig
behavioral2/memory/3904-2251-0x00007FF6616F0000-0x00007FF661A41000-memory.dmp	xmrig
behavioral2/memory/5064-2249-0x00007FF63D910000-0x00007FF63DC61000-memory.dmp	xmrig
behavioral2/memory/380-2253-0x00007FF6592E0000-0x00007FF659631000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4300	keROWwh.exe
1824	fCzhgeR.exe
4576	GXtwzQQ.exe
3668	yXmFIFK.exe
3208	kmYsdlG.exe
3468	pgaxLGG.exe
2768	WQOqpvO.exe
4860	hxGRBKJ.exe
2940	ZjDrovo.exe
5064	mSeotTZ.exe
3904	GaLaPGz.exe
380	BJoOWRe.exe
4712	GjDaYtF.exe
3236	dJwVJbC.exe
2312	DTVKnfA.exe
2696	oOWzDkQ.exe
2732	LIjahaw.exe
2908	QNwTvMp.exe
2252	oJsOCCU.exe
1316	ZiqNwln.exe
3820	hRNUzSr.exe
956	PapDuNj.exe
2388	olkZXPO.exe
4784	wHjKEfC.exe
1320	BniWkvS.exe
4240	HUfCyly.exe
4692	tHzxZDH.exe
2704	LjTLbLR.exe
704	rJHyzBU.exe
1752	ovpoRQW.exe
4260	bYaeocL.exe
4820	pJklhPi.exe
2968	fldCWaU.exe
376	LkTPfLQ.exe
3584	cyXWZaQ.exe
3556	fqwwlwa.exe
1576	KDTqKQC.exe
3540	hyumzCG.exe
3448	mSkFkzp.exe
1660	dlFIovh.exe
2928	gWUdPTb.exe
3696	cOnBtaC.exe
4196	RqOsfeJ.exe
2184	wbicQVu.exe
836	SoyCIhj.exe
3240	ClGkRtI.exe
5060	RvxrDgN.exe
744	TsSyJor.exe
400	epFsrbc.exe
1912	ZuqmbFj.exe
4336	dUhbZuH.exe
5096	iULasMT.exe
4464	mtaLxJD.exe
2376	GurzIoO.exe
3924	dVOYiOF.exe
3088	vCgbLoQ.exe
808	tidVpdc.exe
3064	LqivqEP.exe
5004	SRQehmQ.exe
3788	FJTOfpk.exe
4708	rBAofNa.exe
2644	LKkWeCs.exe
4396	IxllBsL.exe
4184	eKQlULN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2344-0-0x00007FF6B6B60000-0x00007FF6B6EB1000-memory.dmp	upx
behavioral2/files/0x000b000000023b69-5.dat	upx
behavioral2/files/0x000a000000023b6e-7.dat	upx
behavioral2/memory/4300-13-0x00007FF79B850000-0x00007FF79BBA1000-memory.dmp	upx
behavioral2/memory/4576-16-0x00007FF6C7FE0000-0x00007FF6C8331000-memory.dmp	upx
behavioral2/files/0x000a000000023b6f-22.dat	upx
behavioral2/files/0x000a000000023b72-34.dat	upx
behavioral2/memory/2768-44-0x00007FF6CB5E0000-0x00007FF6CB931000-memory.dmp	upx
behavioral2/memory/3468-43-0x00007FF7CB330000-0x00007FF7CB681000-memory.dmp	upx
behavioral2/memory/3208-49-0x00007FF6B6A00000-0x00007FF6B6D51000-memory.dmp	upx
behavioral2/files/0x000a000000023b76-63.dat	upx
behavioral2/files/0x000a000000023b77-71.dat	upx
behavioral2/files/0x000a000000023b7d-96.dat	upx
behavioral2/files/0x000a000000023b7e-107.dat	upx
behavioral2/files/0x000a000000023b82-123.dat	upx
behavioral2/files/0x000a000000023b85-141.dat	upx
behavioral2/files/0x000a000000023b88-157.dat	upx
behavioral2/memory/2940-477-0x00007FF69E910000-0x00007FF69EC61000-memory.dmp	upx
behavioral2/memory/5064-479-0x00007FF63D910000-0x00007FF63DC61000-memory.dmp	upx
behavioral2/memory/2252-689-0x00007FF7B9970000-0x00007FF7B9CC1000-memory.dmp	upx
behavioral2/memory/1316-750-0x00007FF6C4DF0000-0x00007FF6C5141000-memory.dmp	upx
behavioral2/memory/2732-629-0x00007FF6A1040000-0x00007FF6A1391000-memory.dmp	upx
behavioral2/memory/2908-634-0x00007FF7B0410000-0x00007FF7B0761000-memory.dmp	upx
behavioral2/memory/2696-587-0x00007FF61E4D0000-0x00007FF61E821000-memory.dmp	upx
behavioral2/memory/3820-751-0x00007FF6D3580000-0x00007FF6D38D1000-memory.dmp	upx
behavioral2/memory/956-779-0x00007FF632CE0000-0x00007FF633031000-memory.dmp	upx
behavioral2/memory/4240-824-0x00007FF617BB0000-0x00007FF617F01000-memory.dmp	upx
behavioral2/memory/2704-839-0x00007FF6E7410000-0x00007FF6E7761000-memory.dmp	upx
behavioral2/memory/704-846-0x00007FF621340000-0x00007FF621691000-memory.dmp	upx
behavioral2/memory/4692-833-0x00007FF62F820000-0x00007FF62FB71000-memory.dmp	upx
behavioral2/memory/1320-822-0x00007FF701160000-0x00007FF7014B1000-memory.dmp	upx
behavioral2/memory/4784-803-0x00007FF74D260000-0x00007FF74D5B1000-memory.dmp	upx
behavioral2/memory/2388-802-0x00007FF7656F0000-0x00007FF765A41000-memory.dmp	upx
behavioral2/memory/3236-538-0x00007FF6970C0000-0x00007FF697411000-memory.dmp	upx
behavioral2/memory/2312-548-0x00007FF7C9F40000-0x00007FF7CA291000-memory.dmp	upx
behavioral2/memory/4712-512-0x00007FF708C50000-0x00007FF708FA1000-memory.dmp	upx
behavioral2/memory/380-505-0x00007FF6592E0000-0x00007FF659631000-memory.dmp	upx
behavioral2/memory/3904-500-0x00007FF6616F0000-0x00007FF661A41000-memory.dmp	upx
behavioral2/files/0x000a000000023b8c-171.dat	upx
behavioral2/files/0x000a000000023b8a-169.dat	upx
behavioral2/files/0x000a000000023b8b-166.dat	upx
behavioral2/files/0x000a000000023b89-161.dat	upx
behavioral2/files/0x000a000000023b87-151.dat	upx
behavioral2/files/0x000a000000023b86-147.dat	upx
behavioral2/files/0x000a000000023b84-137.dat	upx
behavioral2/files/0x000a000000023b83-131.dat	upx
behavioral2/files/0x000a000000023b81-121.dat	upx
behavioral2/files/0x000a000000023b80-117.dat	upx
behavioral2/files/0x000a000000023b7f-111.dat	upx
behavioral2/files/0x000a000000023b7c-97.dat	upx
behavioral2/files/0x000a000000023b7b-91.dat	upx
behavioral2/files/0x000a000000023b7a-87.dat	upx
behavioral2/files/0x000a000000023b79-81.dat	upx
behavioral2/files/0x000a000000023b78-77.dat	upx
behavioral2/files/0x000a000000023b75-61.dat	upx
behavioral2/files/0x000a000000023b74-57.dat	upx
behavioral2/files/0x000a000000023b73-55.dat	upx
behavioral2/memory/4860-50-0x00007FF62D940000-0x00007FF62DC91000-memory.dmp	upx
behavioral2/memory/3668-38-0x00007FF658490000-0x00007FF6587E1000-memory.dmp	upx
behavioral2/files/0x000a000000023b71-37.dat	upx
behavioral2/files/0x000a000000023b70-35.dat	upx
behavioral2/files/0x000a000000023b6d-19.dat	upx
behavioral2/memory/1824-15-0x00007FF748740000-0x00007FF748A91000-memory.dmp	upx
behavioral2/memory/1824-2168-0x00007FF748740000-0x00007FF748A91000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JKcWtVq.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\rMSuXEm.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\rYcpxFE.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\RiiBHlE.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\WGlDJEp.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\IMLruVq.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\QUzucrg.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\HcmMndq.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\Cpoexnb.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\unxIDaK.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\ABvAVuA.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\oulCDxu.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\IzuORWm.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\jAbJjCi.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\AFzxiVS.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\HuFHMYE.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\uRgQHls.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\olkZXPO.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\jSsMbMp.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\ZycDZYg.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\KXfUkJu.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\cHgXgQG.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\XHSoDVd.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\tHzxZDH.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\TNkRtmG.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\FMsIXLL.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\giRpVMo.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\aOBEsuE.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\ClGkRtI.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\FyqhqLw.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\aGMKVtH.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\KRbXuTp.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\EcTlwgC.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\VJALCEJ.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\ZuqmbFj.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\haVSMSi.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\ttwqEnA.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\qClyXmS.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\rGPBjPU.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\wYFccEa.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\IqWDQbt.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\ZiqNwln.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\VcXMwXQ.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\KWDtoQK.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\ZiKJsQE.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\EafoFex.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\LjYCfTW.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\orKJoAv.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\SgOcffp.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\reGeCmQ.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\LEUZLJn.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\QcYYtay.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\qGlzsZc.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\LrdXknl.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\IlTatTK.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\NLlZFOS.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\ZkZCaLi.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\oJsOCCU.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\aovfosO.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\VHMCQLM.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\uoHjwvz.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\QQtGjKI.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\gWVoAjJ.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
File created	C:\Windows\System\DRALXRl.exe	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4964	dwm.exe
Token: SeChangeNotifyPrivilege	4964	dwm.exe
Token: 33	4964	dwm.exe
Token: SeIncBasePriorityPrivilege	4964	dwm.exe
Token: SeShutdownPrivilege	4964	dwm.exe
Token: SeCreatePagefilePrivilege	4964	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 4300	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	84
PID 2344 wrote to memory of 4300	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	84
PID 2344 wrote to memory of 1824	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	85
PID 2344 wrote to memory of 1824	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	85
PID 2344 wrote to memory of 4576	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	86
PID 2344 wrote to memory of 4576	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	86
PID 2344 wrote to memory of 3668	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	87
PID 2344 wrote to memory of 3668	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	87
PID 2344 wrote to memory of 3208	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	88
PID 2344 wrote to memory of 3208	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	88
PID 2344 wrote to memory of 3468	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	89
PID 2344 wrote to memory of 3468	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	89
PID 2344 wrote to memory of 2768	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	90
PID 2344 wrote to memory of 2768	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	90
PID 2344 wrote to memory of 4860	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	91
PID 2344 wrote to memory of 4860	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	91
PID 2344 wrote to memory of 2940	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	92
PID 2344 wrote to memory of 2940	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	92
PID 2344 wrote to memory of 5064	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	93
PID 2344 wrote to memory of 5064	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	93
PID 2344 wrote to memory of 3904	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	94
PID 2344 wrote to memory of 3904	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	94
PID 2344 wrote to memory of 380	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	95
PID 2344 wrote to memory of 380	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	95
PID 2344 wrote to memory of 4712	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	96
PID 2344 wrote to memory of 4712	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	96
PID 2344 wrote to memory of 3236	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	97
PID 2344 wrote to memory of 3236	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	97
PID 2344 wrote to memory of 2312	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	98
PID 2344 wrote to memory of 2312	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	98
PID 2344 wrote to memory of 2696	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	99
PID 2344 wrote to memory of 2696	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	99
PID 2344 wrote to memory of 2732	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	100
PID 2344 wrote to memory of 2732	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	100
PID 2344 wrote to memory of 2908	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	101
PID 2344 wrote to memory of 2908	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	101
PID 2344 wrote to memory of 2252	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	102
PID 2344 wrote to memory of 2252	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	102
PID 2344 wrote to memory of 1316	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	103
PID 2344 wrote to memory of 1316	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	103
PID 2344 wrote to memory of 3820	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	104
PID 2344 wrote to memory of 3820	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	104
PID 2344 wrote to memory of 956	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	105
PID 2344 wrote to memory of 956	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	105
PID 2344 wrote to memory of 2388	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	106
PID 2344 wrote to memory of 2388	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	106
PID 2344 wrote to memory of 4784	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	107
PID 2344 wrote to memory of 4784	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	107
PID 2344 wrote to memory of 1320	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	108
PID 2344 wrote to memory of 1320	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	108
PID 2344 wrote to memory of 4240	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	109
PID 2344 wrote to memory of 4240	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	109
PID 2344 wrote to memory of 4692	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	110
PID 2344 wrote to memory of 4692	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	110
PID 2344 wrote to memory of 2704	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	111
PID 2344 wrote to memory of 2704	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	111
PID 2344 wrote to memory of 704	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	112
PID 2344 wrote to memory of 704	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	112
PID 2344 wrote to memory of 1752	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	113
PID 2344 wrote to memory of 1752	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	113
PID 2344 wrote to memory of 4260	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	114
PID 2344 wrote to memory of 4260	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	114
PID 2344 wrote to memory of 4820	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	115
PID 2344 wrote to memory of 4820	2344	77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe	115

C:\Users\Admin\AppData\Local\Temp\77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe
"C:\Users\Admin\AppData\Local\Temp\77afe50be4c03abe198775b8da955188193870aeb2fed2f0e1311c95e1cd6901.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\System\keROWwh.exe
  C:\Windows\System\keROWwh.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\fCzhgeR.exe
  C:\Windows\System\fCzhgeR.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\GXtwzQQ.exe
  C:\Windows\System\GXtwzQQ.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\yXmFIFK.exe
  C:\Windows\System\yXmFIFK.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\kmYsdlG.exe
  C:\Windows\System\kmYsdlG.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\pgaxLGG.exe
  C:\Windows\System\pgaxLGG.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\WQOqpvO.exe
  C:\Windows\System\WQOqpvO.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\hxGRBKJ.exe
  C:\Windows\System\hxGRBKJ.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\ZjDrovo.exe
  C:\Windows\System\ZjDrovo.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\mSeotTZ.exe
  C:\Windows\System\mSeotTZ.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\GaLaPGz.exe
  C:\Windows\System\GaLaPGz.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\BJoOWRe.exe
  C:\Windows\System\BJoOWRe.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\GjDaYtF.exe
  C:\Windows\System\GjDaYtF.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\dJwVJbC.exe
  C:\Windows\System\dJwVJbC.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\DTVKnfA.exe
  C:\Windows\System\DTVKnfA.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\oOWzDkQ.exe
  C:\Windows\System\oOWzDkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\LIjahaw.exe
  C:\Windows\System\LIjahaw.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\QNwTvMp.exe
  C:\Windows\System\QNwTvMp.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\oJsOCCU.exe
  C:\Windows\System\oJsOCCU.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\ZiqNwln.exe
  C:\Windows\System\ZiqNwln.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\hRNUzSr.exe
  C:\Windows\System\hRNUzSr.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\PapDuNj.exe
  C:\Windows\System\PapDuNj.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\olkZXPO.exe
  C:\Windows\System\olkZXPO.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\wHjKEfC.exe
  C:\Windows\System\wHjKEfC.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\BniWkvS.exe
  C:\Windows\System\BniWkvS.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\HUfCyly.exe
  C:\Windows\System\HUfCyly.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\tHzxZDH.exe
  C:\Windows\System\tHzxZDH.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\LjTLbLR.exe
  C:\Windows\System\LjTLbLR.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\rJHyzBU.exe
  C:\Windows\System\rJHyzBU.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\ovpoRQW.exe
  C:\Windows\System\ovpoRQW.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\bYaeocL.exe
  C:\Windows\System\bYaeocL.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\pJklhPi.exe
  C:\Windows\System\pJklhPi.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\fldCWaU.exe
  C:\Windows\System\fldCWaU.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\LkTPfLQ.exe
  C:\Windows\System\LkTPfLQ.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\cyXWZaQ.exe
  C:\Windows\System\cyXWZaQ.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\fqwwlwa.exe
  C:\Windows\System\fqwwlwa.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\KDTqKQC.exe
  C:\Windows\System\KDTqKQC.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\hyumzCG.exe
  C:\Windows\System\hyumzCG.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\mSkFkzp.exe
  C:\Windows\System\mSkFkzp.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\dlFIovh.exe
  C:\Windows\System\dlFIovh.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\gWUdPTb.exe
  C:\Windows\System\gWUdPTb.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\cOnBtaC.exe
  C:\Windows\System\cOnBtaC.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\RqOsfeJ.exe
  C:\Windows\System\RqOsfeJ.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\wbicQVu.exe
  C:\Windows\System\wbicQVu.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\SoyCIhj.exe
  C:\Windows\System\SoyCIhj.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\ClGkRtI.exe
  C:\Windows\System\ClGkRtI.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\RvxrDgN.exe
  C:\Windows\System\RvxrDgN.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\TsSyJor.exe
  C:\Windows\System\TsSyJor.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\epFsrbc.exe
  C:\Windows\System\epFsrbc.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\ZuqmbFj.exe
  C:\Windows\System\ZuqmbFj.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\dUhbZuH.exe
  C:\Windows\System\dUhbZuH.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\iULasMT.exe
  C:\Windows\System\iULasMT.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\mtaLxJD.exe
  C:\Windows\System\mtaLxJD.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\GurzIoO.exe
  C:\Windows\System\GurzIoO.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\dVOYiOF.exe
  C:\Windows\System\dVOYiOF.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\vCgbLoQ.exe
  C:\Windows\System\vCgbLoQ.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\tidVpdc.exe
  C:\Windows\System\tidVpdc.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\LqivqEP.exe
  C:\Windows\System\LqivqEP.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\SRQehmQ.exe
  C:\Windows\System\SRQehmQ.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\FJTOfpk.exe
  C:\Windows\System\FJTOfpk.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\rBAofNa.exe
  C:\Windows\System\rBAofNa.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\LKkWeCs.exe
  C:\Windows\System\LKkWeCs.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\IxllBsL.exe
  C:\Windows\System\IxllBsL.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\eKQlULN.exe
  C:\Windows\System\eKQlULN.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\DFOfOYD.exe
  C:\Windows\System\DFOfOYD.exe
  2⤵
  PID:2264
- C:\Windows\System\CJghcVp.exe
  C:\Windows\System\CJghcVp.exe
  2⤵
  PID:4836
- C:\Windows\System\agLQsTu.exe
  C:\Windows\System\agLQsTu.exe
  2⤵
  PID:4656
- C:\Windows\System\sifkXlb.exe
  C:\Windows\System\sifkXlb.exe
  2⤵
  PID:412
- C:\Windows\System\bqFzbUL.exe
  C:\Windows\System\bqFzbUL.exe
  2⤵
  PID:3864
- C:\Windows\System\kEYoPqz.exe
  C:\Windows\System\kEYoPqz.exe
  2⤵
  PID:1888
- C:\Windows\System\InepGyB.exe
  C:\Windows\System\InepGyB.exe
  2⤵
  PID:4020
- C:\Windows\System\gnfhaIM.exe
  C:\Windows\System\gnfhaIM.exe
  2⤵
  PID:348
- C:\Windows\System\VXKWPxo.exe
  C:\Windows\System\VXKWPxo.exe
  2⤵
  PID:4332
- C:\Windows\System\snZrzJH.exe
  C:\Windows\System\snZrzJH.exe
  2⤵
  PID:3188
- C:\Windows\System\jRVMSbc.exe
  C:\Windows\System\jRVMSbc.exe
  2⤵
  PID:1616
- C:\Windows\System\FJImFHb.exe
  C:\Windows\System\FJImFHb.exe
  2⤵
  PID:5104
- C:\Windows\System\ZUuGcmI.exe
  C:\Windows\System\ZUuGcmI.exe
  2⤵
  PID:4640
- C:\Windows\System\nIyyTos.exe
  C:\Windows\System\nIyyTos.exe
  2⤵
  PID:3044
- C:\Windows\System\oxdTRya.exe
  C:\Windows\System\oxdTRya.exe
  2⤵
  PID:952
- C:\Windows\System\LrdXknl.exe
  C:\Windows\System\LrdXknl.exe
  2⤵
  PID:2864
- C:\Windows\System\jtmdimU.exe
  C:\Windows\System\jtmdimU.exe
  2⤵
  PID:760
- C:\Windows\System\ABvAVuA.exe
  C:\Windows\System\ABvAVuA.exe
  2⤵
  PID:5144
- C:\Windows\System\HJLOLWD.exe
  C:\Windows\System\HJLOLWD.exe
  2⤵
  PID:5160
- C:\Windows\System\NxSzWMx.exe
  C:\Windows\System\NxSzWMx.exe
  2⤵
  PID:5188
- C:\Windows\System\IlTatTK.exe
  C:\Windows\System\IlTatTK.exe
  2⤵
  PID:5220
- C:\Windows\System\aYwxfNH.exe
  C:\Windows\System\aYwxfNH.exe
  2⤵
  PID:5248
- C:\Windows\System\LHzsqjg.exe
  C:\Windows\System\LHzsqjg.exe
  2⤵
  PID:5276
- C:\Windows\System\xtucngg.exe
  C:\Windows\System\xtucngg.exe
  2⤵
  PID:5300
- C:\Windows\System\TNkRtmG.exe
  C:\Windows\System\TNkRtmG.exe
  2⤵
  PID:5332
- C:\Windows\System\LSySivY.exe
  C:\Windows\System\LSySivY.exe
  2⤵
  PID:5360
- C:\Windows\System\MXQpPBg.exe
  C:\Windows\System\MXQpPBg.exe
  2⤵
  PID:5384
- C:\Windows\System\UdKPwKB.exe
  C:\Windows\System\UdKPwKB.exe
  2⤵
  PID:5416
- C:\Windows\System\qXEfpyi.exe
  C:\Windows\System\qXEfpyi.exe
  2⤵
  PID:5444
- C:\Windows\System\MuChBqQ.exe
  C:\Windows\System\MuChBqQ.exe
  2⤵
  PID:5468
- C:\Windows\System\oskpfLk.exe
  C:\Windows\System\oskpfLk.exe
  2⤵
  PID:5500
- C:\Windows\System\jSsMbMp.exe
  C:\Windows\System\jSsMbMp.exe
  2⤵
  PID:5528
- C:\Windows\System\yWcxWCl.exe
  C:\Windows\System\yWcxWCl.exe
  2⤵
  PID:5552
- C:\Windows\System\miTPVGr.exe
  C:\Windows\System\miTPVGr.exe
  2⤵
  PID:5584
- C:\Windows\System\oulCDxu.exe
  C:\Windows\System\oulCDxu.exe
  2⤵
  PID:5612
- C:\Windows\System\czStkHe.exe
  C:\Windows\System\czStkHe.exe
  2⤵
  PID:5636
- C:\Windows\System\zBErrZY.exe
  C:\Windows\System\zBErrZY.exe
  2⤵
  PID:5668
- C:\Windows\System\HcmMndq.exe
  C:\Windows\System\HcmMndq.exe
  2⤵
  PID:5696
- C:\Windows\System\lNYtXXF.exe
  C:\Windows\System\lNYtXXF.exe
  2⤵
  PID:5720
- C:\Windows\System\BKNQWRs.exe
  C:\Windows\System\BKNQWRs.exe
  2⤵
  PID:5752
- C:\Windows\System\myfuZjs.exe
  C:\Windows\System\myfuZjs.exe
  2⤵
  PID:5780
- C:\Windows\System\xEiJafW.exe
  C:\Windows\System\xEiJafW.exe
  2⤵
  PID:5804
- C:\Windows\System\ESJfSqw.exe
  C:\Windows\System\ESJfSqw.exe
  2⤵
  PID:5832
- C:\Windows\System\FyqhqLw.exe
  C:\Windows\System\FyqhqLw.exe
  2⤵
  PID:5860
- C:\Windows\System\AUXdRWG.exe
  C:\Windows\System\AUXdRWG.exe
  2⤵
  PID:5888
- C:\Windows\System\KpoiGPb.exe
  C:\Windows\System\KpoiGPb.exe
  2⤵
  PID:5916
- C:\Windows\System\pvbypRP.exe
  C:\Windows\System\pvbypRP.exe
  2⤵
  PID:5940
- C:\Windows\System\nGmQZxm.exe
  C:\Windows\System\nGmQZxm.exe
  2⤵
  PID:5972
- C:\Windows\System\KlylwjD.exe
  C:\Windows\System\KlylwjD.exe
  2⤵
  PID:6000
- C:\Windows\System\GJArWDR.exe
  C:\Windows\System\GJArWDR.exe
  2⤵
  PID:6024
- C:\Windows\System\orDOjWm.exe
  C:\Windows\System\orDOjWm.exe
  2⤵
  PID:6056
- C:\Windows\System\mxFEuFU.exe
  C:\Windows\System\mxFEuFU.exe
  2⤵
  PID:6084
- C:\Windows\System\zqBvXlv.exe
  C:\Windows\System\zqBvXlv.exe
  2⤵
  PID:6108
- C:\Windows\System\ZycDZYg.exe
  C:\Windows\System\ZycDZYg.exe
  2⤵
  PID:6140
- C:\Windows\System\urFPDIw.exe
  C:\Windows\System\urFPDIw.exe
  2⤵
  PID:3516
- C:\Windows\System\rXqMHee.exe
  C:\Windows\System\rXqMHee.exe
  2⤵
  PID:3512
- C:\Windows\System\stOtJmo.exe
  C:\Windows\System\stOtJmo.exe
  2⤵
  PID:2196
- C:\Windows\System\CRSdiUP.exe
  C:\Windows\System\CRSdiUP.exe
  2⤵
  PID:4600
- C:\Windows\System\Tuzczmv.exe
  C:\Windows\System\Tuzczmv.exe
  2⤵
  PID:1436
- C:\Windows\System\MzODHRF.exe
  C:\Windows\System\MzODHRF.exe
  2⤵
  PID:2416
- C:\Windows\System\jCwsGCv.exe
  C:\Windows\System\jCwsGCv.exe
  2⤵
  PID:5180
- C:\Windows\System\EpFbcFr.exe
  C:\Windows\System\EpFbcFr.exe
  2⤵
  PID:2560
- C:\Windows\System\xEhmwSr.exe
  C:\Windows\System\xEhmwSr.exe
  2⤵
  PID:5316
- C:\Windows\System\PUpOCGi.exe
  C:\Windows\System\PUpOCGi.exe
  2⤵
  PID:5396
- C:\Windows\System\BQDJnHT.exe
  C:\Windows\System\BQDJnHT.exe
  2⤵
  PID:5432
- C:\Windows\System\WWnhvtA.exe
  C:\Windows\System\WWnhvtA.exe
  2⤵
  PID:5484
- C:\Windows\System\uUsUnis.exe
  C:\Windows\System\uUsUnis.exe
  2⤵
  PID:5544
- C:\Windows\System\AZzPiXT.exe
  C:\Windows\System\AZzPiXT.exe
  2⤵
  PID:5620
- C:\Windows\System\iVbVfsL.exe
  C:\Windows\System\iVbVfsL.exe
  2⤵
  PID:5676
- C:\Windows\System\JIJYLIa.exe
  C:\Windows\System\JIJYLIa.exe
  2⤵
  PID:5732
- C:\Windows\System\sruOzuV.exe
  C:\Windows\System\sruOzuV.exe
  2⤵
  PID:5796
- C:\Windows\System\cKKJtCj.exe
  C:\Windows\System\cKKJtCj.exe
  2⤵
  PID:5824
- C:\Windows\System\cLxfThG.exe
  C:\Windows\System\cLxfThG.exe
  2⤵
  PID:5936
- C:\Windows\System\XGSIHUd.exe
  C:\Windows\System\XGSIHUd.exe
  2⤵
  PID:5984
- C:\Windows\System\IKVOtNV.exe
  C:\Windows\System\IKVOtNV.exe
  2⤵
  PID:6020
- C:\Windows\System\QQHsBua.exe
  C:\Windows\System\QQHsBua.exe
  2⤵
  PID:6044
- C:\Windows\System\wkeQXPP.exe
  C:\Windows\System\wkeQXPP.exe
  2⤵
  PID:4696
- C:\Windows\System\FIUMqjc.exe
  C:\Windows\System\FIUMqjc.exe
  2⤵
  PID:6104
- C:\Windows\System\DwhEYzf.exe
  C:\Windows\System\DwhEYzf.exe
  2⤵
  PID:2716
- C:\Windows\System\haVSMSi.exe
  C:\Windows\System\haVSMSi.exe
  2⤵
  PID:1252
- C:\Windows\System\mHRlQVG.exe
  C:\Windows\System\mHRlQVG.exe
  2⤵
  PID:2380
- C:\Windows\System\hysYpQq.exe
  C:\Windows\System\hysYpQq.exe
  2⤵
  PID:1664
- C:\Windows\System\bfvkdeh.exe
  C:\Windows\System\bfvkdeh.exe
  2⤵
  PID:3752
- C:\Windows\System\MUOHcoR.exe
  C:\Windows\System\MUOHcoR.exe
  2⤵
  PID:368
- C:\Windows\System\jQWMidA.exe
  C:\Windows\System\jQWMidA.exe
  2⤵
  PID:4548
- C:\Windows\System\QuLYNEh.exe
  C:\Windows\System\QuLYNEh.exe
  2⤵
  PID:5240
- C:\Windows\System\BZSwCFX.exe
  C:\Windows\System\BZSwCFX.exe
  2⤵
  PID:5352
- C:\Windows\System\CNHQfVa.exe
  C:\Windows\System\CNHQfVa.exe
  2⤵
  PID:5424
- C:\Windows\System\fklJXoX.exe
  C:\Windows\System\fklJXoX.exe
  2⤵
  PID:5460
- C:\Windows\System\IzuORWm.exe
  C:\Windows\System\IzuORWm.exe
  2⤵
  PID:5520
- C:\Windows\System\raoIAjd.exe
  C:\Windows\System\raoIAjd.exe
  2⤵
  PID:5572
- C:\Windows\System\FMsIXLL.exe
  C:\Windows\System\FMsIXLL.exe
  2⤵
  PID:5648
- C:\Windows\System\vbDeJKw.exe
  C:\Windows\System\vbDeJKw.exe
  2⤵
  PID:5652
- C:\Windows\System\bJrSmLf.exe
  C:\Windows\System\bJrSmLf.exe
  2⤵
  PID:2736
- C:\Windows\System\YwWQOwL.exe
  C:\Windows\System\YwWQOwL.exe
  2⤵
  PID:1148
- C:\Windows\System\eJmLkNr.exe
  C:\Windows\System\eJmLkNr.exe
  2⤵
  PID:216
- C:\Windows\System\jwDqbjv.exe
  C:\Windows\System\jwDqbjv.exe
  2⤵
  PID:1208
- C:\Windows\System\aGMKVtH.exe
  C:\Windows\System\aGMKVtH.exe
  2⤵
  PID:888
- C:\Windows\System\IdMyLgv.exe
  C:\Windows\System\IdMyLgv.exe
  2⤵
  PID:2088
- C:\Windows\System\zkQDkgM.exe
  C:\Windows\System\zkQDkgM.exe
  2⤵
  PID:5928
- C:\Windows\System\UMvyjre.exe
  C:\Windows\System\UMvyjre.exe
  2⤵
  PID:5152
- C:\Windows\System\jWgPwaU.exe
  C:\Windows\System\jWgPwaU.exe
  2⤵
  PID:1756
- C:\Windows\System\nFoGalq.exe
  C:\Windows\System\nFoGalq.exe
  2⤵
  PID:6132
- C:\Windows\System\JgiribX.exe
  C:\Windows\System\JgiribX.exe
  2⤵
  PID:4320
- C:\Windows\System\OiJTngW.exe
  C:\Windows\System\OiJTngW.exe
  2⤵
  PID:2220
- C:\Windows\System\msANmIO.exe
  C:\Windows\System\msANmIO.exe
  2⤵
  PID:6156
- C:\Windows\System\nANeTCb.exe
  C:\Windows\System\nANeTCb.exe
  2⤵
  PID:6180
- C:\Windows\System\ZyxjkMg.exe
  C:\Windows\System\ZyxjkMg.exe
  2⤵
  PID:6204
- C:\Windows\System\grjDpnl.exe
  C:\Windows\System\grjDpnl.exe
  2⤵
  PID:6220
- C:\Windows\System\glusvHc.exe
  C:\Windows\System\glusvHc.exe
  2⤵
  PID:6244
- C:\Windows\System\rDdhIxy.exe
  C:\Windows\System\rDdhIxy.exe
  2⤵
  PID:6268
- C:\Windows\System\UaPgNaV.exe
  C:\Windows\System\UaPgNaV.exe
  2⤵
  PID:6284
- C:\Windows\System\TgLkaFk.exe
  C:\Windows\System\TgLkaFk.exe
  2⤵
  PID:6308
- C:\Windows\System\vlIjUVj.exe
  C:\Windows\System\vlIjUVj.exe
  2⤵
  PID:6324
- C:\Windows\System\kIDsveg.exe
  C:\Windows\System\kIDsveg.exe
  2⤵
  PID:6340
- C:\Windows\System\YSXyddK.exe
  C:\Windows\System\YSXyddK.exe
  2⤵
  PID:6364
- C:\Windows\System\demePEX.exe
  C:\Windows\System\demePEX.exe
  2⤵
  PID:6380
- C:\Windows\System\eaZYDeZ.exe
  C:\Windows\System\eaZYDeZ.exe
  2⤵
  PID:6404
- C:\Windows\System\hSYLBLl.exe
  C:\Windows\System\hSYLBLl.exe
  2⤵
  PID:6424
- C:\Windows\System\tyyQlDg.exe
  C:\Windows\System\tyyQlDg.exe
  2⤵
  PID:6440
- C:\Windows\System\KAgidlu.exe
  C:\Windows\System\KAgidlu.exe
  2⤵
  PID:6456
- C:\Windows\System\VnaycBW.exe
  C:\Windows\System\VnaycBW.exe
  2⤵
  PID:6472
- C:\Windows\System\VanpXCa.exe
  C:\Windows\System\VanpXCa.exe
  2⤵
  PID:6496
- C:\Windows\System\SiMAjLA.exe
  C:\Windows\System\SiMAjLA.exe
  2⤵
  PID:6516
- C:\Windows\System\sdSPfal.exe
  C:\Windows\System\sdSPfal.exe
  2⤵
  PID:6532
- C:\Windows\System\NEJNLTT.exe
  C:\Windows\System\NEJNLTT.exe
  2⤵
  PID:6552
- C:\Windows\System\IecodOU.exe
  C:\Windows\System\IecodOU.exe
  2⤵
  PID:6572
- C:\Windows\System\IMLruVq.exe
  C:\Windows\System\IMLruVq.exe
  2⤵
  PID:6600
- C:\Windows\System\VcXMwXQ.exe
  C:\Windows\System\VcXMwXQ.exe
  2⤵
  PID:6620
- C:\Windows\System\qVbEggn.exe
  C:\Windows\System\qVbEggn.exe
  2⤵
  PID:6636
- C:\Windows\System\fZVPZVA.exe
  C:\Windows\System\fZVPZVA.exe
  2⤵
  PID:6656
- C:\Windows\System\qEHUisE.exe
  C:\Windows\System\qEHUisE.exe
  2⤵
  PID:6672
- C:\Windows\System\aWXeyPz.exe
  C:\Windows\System\aWXeyPz.exe
  2⤵
  PID:6692
- C:\Windows\System\ZJFuoIj.exe
  C:\Windows\System\ZJFuoIj.exe
  2⤵
  PID:6708
- C:\Windows\System\vCqvRlf.exe
  C:\Windows\System\vCqvRlf.exe
  2⤵
  PID:6732
- C:\Windows\System\tYCnyJm.exe
  C:\Windows\System\tYCnyJm.exe
  2⤵
  PID:6748
- C:\Windows\System\JrnxYwx.exe
  C:\Windows\System\JrnxYwx.exe
  2⤵
  PID:6768
- C:\Windows\System\qTwdOyy.exe
  C:\Windows\System\qTwdOyy.exe
  2⤵
  PID:6784
- C:\Windows\System\ypuuGvW.exe
  C:\Windows\System\ypuuGvW.exe
  2⤵
  PID:6812
- C:\Windows\System\RsSjqUG.exe
  C:\Windows\System\RsSjqUG.exe
  2⤵
  PID:6828
- C:\Windows\System\ARRaINp.exe
  C:\Windows\System\ARRaINp.exe
  2⤵
  PID:6848
- C:\Windows\System\okynJQC.exe
  C:\Windows\System\okynJQC.exe
  2⤵
  PID:6868
- C:\Windows\System\teEOLFA.exe
  C:\Windows\System\teEOLFA.exe
  2⤵
  PID:6888
- C:\Windows\System\RXfYjdH.exe
  C:\Windows\System\RXfYjdH.exe
  2⤵
  PID:6908
- C:\Windows\System\DEfeLia.exe
  C:\Windows\System\DEfeLia.exe
  2⤵
  PID:6928
- C:\Windows\System\uKbQADc.exe
  C:\Windows\System\uKbQADc.exe
  2⤵
  PID:6956
- C:\Windows\System\LfKuHHf.exe
  C:\Windows\System\LfKuHHf.exe
  2⤵
  PID:6972
- C:\Windows\System\lvSELLq.exe
  C:\Windows\System\lvSELLq.exe
  2⤵
  PID:7004
- C:\Windows\System\vQLJuzV.exe
  C:\Windows\System\vQLJuzV.exe
  2⤵
  PID:7024
- C:\Windows\System\NFCDDFA.exe
  C:\Windows\System\NFCDDFA.exe
  2⤵
  PID:7040
- C:\Windows\System\yEAoSVd.exe
  C:\Windows\System\yEAoSVd.exe
  2⤵
  PID:7060
- C:\Windows\System\MHmTHqw.exe
  C:\Windows\System\MHmTHqw.exe
  2⤵
  PID:7076
- C:\Windows\System\fsiKOcB.exe
  C:\Windows\System\fsiKOcB.exe
  2⤵
  PID:7100
- C:\Windows\System\CNfEDJX.exe
  C:\Windows\System\CNfEDJX.exe
  2⤵
  PID:7116
- C:\Windows\System\ziwaMNV.exe
  C:\Windows\System\ziwaMNV.exe
  2⤵
  PID:7132
- C:\Windows\System\UieHVPj.exe
  C:\Windows\System\UieHVPj.exe
  2⤵
  PID:7148
- C:\Windows\System\HtUBMWt.exe
  C:\Windows\System\HtUBMWt.exe
  2⤵
  PID:4328
- C:\Windows\System\FgHdoec.exe
  C:\Windows\System\FgHdoec.exe
  2⤵
  PID:1340
- C:\Windows\System\XRXlTMr.exe
  C:\Windows\System\XRXlTMr.exe
  2⤵
  PID:5816
- C:\Windows\System\GNlJseG.exe
  C:\Windows\System\GNlJseG.exe
  2⤵
  PID:3132
- C:\Windows\System\bFxTxmf.exe
  C:\Windows\System\bFxTxmf.exe
  2⤵
  PID:6152
- C:\Windows\System\ucrBIFO.exe
  C:\Windows\System\ucrBIFO.exe
  2⤵
  PID:3084
- C:\Windows\System\SBckrzs.exe
  C:\Windows\System\SBckrzs.exe
  2⤵
  PID:5516
- C:\Windows\System\dmaGszk.exe
  C:\Windows\System\dmaGszk.exe
  2⤵
  PID:5592
- C:\Windows\System\SijNtZY.exe
  C:\Windows\System\SijNtZY.exe
  2⤵
  PID:6300
- C:\Windows\System\GMDLhWo.exe
  C:\Windows\System\GMDLhWo.exe
  2⤵
  PID:6332
- C:\Windows\System\PMHwPFx.exe
  C:\Windows\System\PMHwPFx.exe
  2⤵
  PID:6396
- C:\Windows\System\SxdZNSN.exe
  C:\Windows\System\SxdZNSN.exe
  2⤵
  PID:6464
- C:\Windows\System\NmfOygK.exe
  C:\Windows\System\NmfOygK.exe
  2⤵
  PID:4704
- C:\Windows\System\AKbXAQp.exe
  C:\Windows\System\AKbXAQp.exe
  2⤵
  PID:4636
- C:\Windows\System\jAbJjCi.exe
  C:\Windows\System\jAbJjCi.exe
  2⤵
  PID:6584
- C:\Windows\System\MpjrTzZ.exe
  C:\Windows\System\MpjrTzZ.exe
  2⤵
  PID:6632
- C:\Windows\System\sfsdzhv.exe
  C:\Windows\System\sfsdzhv.exe
  2⤵
  PID:6688
- C:\Windows\System\dlHwkOi.exe
  C:\Windows\System\dlHwkOi.exe
  2⤵
  PID:6388
- C:\Windows\System\twayEnG.exe
  C:\Windows\System\twayEnG.exe
  2⤵
  PID:6820
- C:\Windows\System\qYpcfXD.exe
  C:\Windows\System\qYpcfXD.exe
  2⤵
  PID:6448
- C:\Windows\System\MHXwJJL.exe
  C:\Windows\System\MHXwJJL.exe
  2⤵
  PID:6484
- C:\Windows\System\koWiEwZ.exe
  C:\Windows\System\koWiEwZ.exe
  2⤵
  PID:6948
- C:\Windows\System\QrcpxTN.exe
  C:\Windows\System\QrcpxTN.exe
  2⤵
  PID:6212
- C:\Windows\System\EHEdojG.exe
  C:\Windows\System\EHEdojG.exe
  2⤵
  PID:6252
- C:\Windows\System\XTUVegC.exe
  C:\Windows\System\XTUVegC.exe
  2⤵
  PID:7084
- C:\Windows\System\BWBqKSD.exe
  C:\Windows\System\BWBqKSD.exe
  2⤵
  PID:7180
- C:\Windows\System\rwqMLED.exe
  C:\Windows\System\rwqMLED.exe
  2⤵
  PID:7488
- C:\Windows\System\jsXvhwx.exe
  C:\Windows\System\jsXvhwx.exe
  2⤵
  PID:7764
- C:\Windows\System\WbADKqJ.exe
  C:\Windows\System\WbADKqJ.exe
  2⤵
  PID:7984
- C:\Windows\System\peBCduF.exe
  C:\Windows\System\peBCduF.exe
  2⤵
  PID:8004
- C:\Windows\System\rnsxyuw.exe
  C:\Windows\System\rnsxyuw.exe
  2⤵
  PID:8160
- C:\Windows\System\GBRLsfF.exe
  C:\Windows\System\GBRLsfF.exe
  2⤵
  PID:6492
- C:\Windows\System\NqhZXuu.exe
  C:\Windows\System\NqhZXuu.exe
  2⤵
  PID:6840
- C:\Windows\System\jvtJLbl.exe
  C:\Windows\System\jvtJLbl.exe
  2⤵
  PID:6720
- C:\Windows\System\ycDjpBP.exe
  C:\Windows\System\ycDjpBP.exe
  2⤵
  PID:6800
- C:\Windows\System\uCzGRMO.exe
  C:\Windows\System\uCzGRMO.exe
  2⤵
  PID:2796
- C:\Windows\System\UHMUSyT.exe
  C:\Windows\System\UHMUSyT.exe
  2⤵
  PID:7300
- C:\Windows\System\PuppIAK.exe
  C:\Windows\System\PuppIAK.exe
  2⤵
  PID:6924
- C:\Windows\System\VtRphol.exe
  C:\Windows\System\VtRphol.exe
  2⤵
  PID:6436
- C:\Windows\System\ckamSaG.exe
  C:\Windows\System\ckamSaG.exe
  2⤵
  PID:6260
- C:\Windows\System\WBsDYHy.exe
  C:\Windows\System\WBsDYHy.exe
  2⤵
  PID:7068
- C:\Windows\System\npCBibR.exe
  C:\Windows\System\npCBibR.exe
  2⤵
  PID:7092
- C:\Windows\System\pipujSD.exe
  C:\Windows\System\pipujSD.exe
  2⤵
  PID:7128
- C:\Windows\System\mUQRLbc.exe
  C:\Windows\System\mUQRLbc.exe
  2⤵
  PID:6148
- C:\Windows\System\ZLhgNEq.exe
  C:\Windows\System\ZLhgNEq.exe
  2⤵
  PID:3368
- C:\Windows\System\OKgdcdH.exe
  C:\Windows\System\OKgdcdH.exe
  2⤵
  PID:6296
- C:\Windows\System\QmhGVdG.exe
  C:\Windows\System\QmhGVdG.exe
  2⤵
  PID:7336
- C:\Windows\System\BfNXDgk.exe
  C:\Windows\System\BfNXDgk.exe
  2⤵
  PID:3052
- C:\Windows\System\EhlrLWz.exe
  C:\Windows\System\EhlrLWz.exe
  2⤵
  PID:6580
- C:\Windows\System\XsPMxAF.exe
  C:\Windows\System\XsPMxAF.exe
  2⤵
  PID:6240
- C:\Windows\System\aonSfCU.exe
  C:\Windows\System\aonSfCU.exe
  2⤵
  PID:6940
- C:\Windows\System\BGaNtYn.exe
  C:\Windows\System\BGaNtYn.exe
  2⤵
  PID:6468
- C:\Windows\System\GiZZOdH.exe
  C:\Windows\System\GiZZOdH.exe
  2⤵
  PID:6724
- C:\Windows\System\QEXuaVu.exe
  C:\Windows\System\QEXuaVu.exe
  2⤵
  PID:6652
- C:\Windows\System\wxRLXjQ.exe
  C:\Windows\System\wxRLXjQ.exe
  2⤵
  PID:7176
- C:\Windows\System\ZbBWTIN.exe
  C:\Windows\System\ZbBWTIN.exe
  2⤵
  PID:7252
- C:\Windows\System\orKJoAv.exe
  C:\Windows\System\orKJoAv.exe
  2⤵
  PID:7404
- C:\Windows\System\UfIcewF.exe
  C:\Windows\System\UfIcewF.exe
  2⤵
  PID:7452
- C:\Windows\System\NzyqKcU.exe
  C:\Windows\System\NzyqKcU.exe
  2⤵
  PID:7752
- C:\Windows\System\uUGapEN.exe
  C:\Windows\System\uUGapEN.exe
  2⤵
  PID:7992
- C:\Windows\System\ArrhqGW.exe
  C:\Windows\System\ArrhqGW.exe
  2⤵
  PID:7544
- C:\Windows\System\EGHanMU.exe
  C:\Windows\System\EGHanMU.exe
  2⤵
  PID:7660
- C:\Windows\System\kRLcCHm.exe
  C:\Windows\System\kRLcCHm.exe
  2⤵
  PID:7716
- C:\Windows\System\FFPKtkN.exe
  C:\Windows\System\FFPKtkN.exe
  2⤵
  PID:7744
- C:\Windows\System\RFqDFfy.exe
  C:\Windows\System\RFqDFfy.exe
  2⤵
  PID:7816
- C:\Windows\System\pvjRaDL.exe
  C:\Windows\System\pvjRaDL.exe
  2⤵
  PID:7844
- C:\Windows\System\YlUrARd.exe
  C:\Windows\System\YlUrARd.exe
  2⤵
  PID:7896
- C:\Windows\System\CUiWCPU.exe
  C:\Windows\System\CUiWCPU.exe
  2⤵
  PID:7916
- C:\Windows\System\BTHeTgZ.exe
  C:\Windows\System\BTHeTgZ.exe
  2⤵
  PID:7956
- C:\Windows\System\rIwGRRk.exe
  C:\Windows\System\rIwGRRk.exe
  2⤵
  PID:8044
- C:\Windows\System\QUzucrg.exe
  C:\Windows\System\QUzucrg.exe
  2⤵
  PID:8124
- C:\Windows\System\ufHSwUN.exe
  C:\Windows\System\ufHSwUN.exe
  2⤵
  PID:8152
- C:\Windows\System\Neuniuh.exe
  C:\Windows\System\Neuniuh.exe
  2⤵
  PID:5172
- C:\Windows\System\gnpQrbt.exe
  C:\Windows\System\gnpQrbt.exe
  2⤵
  PID:5964
- C:\Windows\System\SgOcffp.exe
  C:\Windows\System\SgOcffp.exe
  2⤵
  PID:7112
- C:\Windows\System\UEiKDwP.exe
  C:\Windows\System\UEiKDwP.exe
  2⤵
  PID:6100
- C:\Windows\System\WSFxuVQ.exe
  C:\Windows\System\WSFxuVQ.exe
  2⤵
  PID:6864
- C:\Windows\System\OuDVhtk.exe
  C:\Windows\System\OuDVhtk.exe
  2⤵
  PID:7356
- C:\Windows\System\AvTquKw.exe
  C:\Windows\System\AvTquKw.exe
  2⤵
  PID:2012
- C:\Windows\System\RtCEaoY.exe
  C:\Windows\System\RtCEaoY.exe
  2⤵
  PID:7500
- C:\Windows\System\QyzhMeR.exe
  C:\Windows\System\QyzhMeR.exe
  2⤵
  PID:3136
- C:\Windows\System\VuUpfea.exe
  C:\Windows\System\VuUpfea.exe
  2⤵
  PID:7324
- C:\Windows\System\ZoTZozt.exe
  C:\Windows\System\ZoTZozt.exe
  2⤵
  PID:6564
- C:\Windows\System\VJpngwd.exe
  C:\Windows\System\VJpngwd.exe
  2⤵
  PID:6196
- C:\Windows\System\XbTtJrD.exe
  C:\Windows\System\XbTtJrD.exe
  2⤵
  PID:7048
- C:\Windows\System\ulBkLHD.exe
  C:\Windows\System\ulBkLHD.exe
  2⤵
  PID:7268
- C:\Windows\System\RhuSHfr.exe
  C:\Windows\System\RhuSHfr.exe
  2⤵
  PID:7480
- C:\Windows\System\wxpqgvk.exe
  C:\Windows\System\wxpqgvk.exe
  2⤵
  PID:7780
- C:\Windows\System\aznmEYV.exe
  C:\Windows\System\aznmEYV.exe
  2⤵
  PID:7680
- C:\Windows\System\gDpCxMy.exe
  C:\Windows\System\gDpCxMy.exe
  2⤵
  PID:4092
- C:\Windows\System\LTwjOgX.exe
  C:\Windows\System\LTwjOgX.exe
  2⤵
  PID:7836
- C:\Windows\System\arjxdOy.exe
  C:\Windows\System\arjxdOy.exe
  2⤵
  PID:7912
- C:\Windows\System\BrZGglG.exe
  C:\Windows\System\BrZGglG.exe
  2⤵
  PID:8036
- C:\Windows\System\KURxYTY.exe
  C:\Windows\System\KURxYTY.exe
  2⤵
  PID:8140
- C:\Windows\System\eHzoPGq.exe
  C:\Windows\System\eHzoPGq.exe
  2⤵
  PID:224
- C:\Windows\System\FTmnmmr.exe
  C:\Windows\System\FTmnmmr.exe
  2⤵
  PID:4804
- C:\Windows\System\vJiCuff.exe
  C:\Windows\System\vJiCuff.exe
  2⤵
  PID:6920
- C:\Windows\System\RbpVMZp.exe
  C:\Windows\System\RbpVMZp.exe
  2⤵
  PID:7000
- C:\Windows\System\XXyQaaw.exe
  C:\Windows\System\XXyQaaw.exe
  2⤵
  PID:7308
- C:\Windows\System\luVtGnu.exe
  C:\Windows\System\luVtGnu.exe
  2⤵
  PID:3112
- C:\Windows\System\eHvddew.exe
  C:\Windows\System\eHvddew.exe
  2⤵
  PID:6744
- C:\Windows\System\gOcuyPY.exe
  C:\Windows\System\gOcuyPY.exe
  2⤵
  PID:7220
- C:\Windows\System\znGaIYp.exe
  C:\Windows\System\znGaIYp.exe
  2⤵
  PID:7772
- C:\Windows\System\YPxQTii.exe
  C:\Windows\System\YPxQTii.exe
  2⤵
  PID:7740
- C:\Windows\System\DGjGAPF.exe
  C:\Windows\System\DGjGAPF.exe
  2⤵
  PID:7908
- C:\Windows\System\gWVoAjJ.exe
  C:\Windows\System\gWVoAjJ.exe
  2⤵
  PID:8136
- C:\Windows\System\dGgiTtY.exe
  C:\Windows\System\dGgiTtY.exe
  2⤵
  PID:7164
- C:\Windows\System\civmKyG.exe
  C:\Windows\System\civmKyG.exe
  2⤵
  PID:2600
- C:\Windows\System\cgyoHLg.exe
  C:\Windows\System\cgyoHLg.exe
  2⤵
  PID:4896
- C:\Windows\System\jXdccEQ.exe
  C:\Windows\System\jXdccEQ.exe
  2⤵
  PID:6348
- C:\Windows\System\PyJRLQC.exe
  C:\Windows\System\PyJRLQC.exe
  2⤵
  PID:7512
- C:\Windows\System\rTjwdSo.exe
  C:\Windows\System\rTjwdSo.exe
  2⤵
  PID:8200
- C:\Windows\System\hKiLOsF.exe
  C:\Windows\System\hKiLOsF.exe
  2⤵
  PID:8216
- C:\Windows\System\AFzxiVS.exe
  C:\Windows\System\AFzxiVS.exe
  2⤵
  PID:8232
- C:\Windows\System\lLNzrKl.exe
  C:\Windows\System\lLNzrKl.exe
  2⤵
  PID:8248
- C:\Windows\System\lkzidPW.exe
  C:\Windows\System\lkzidPW.exe
  2⤵
  PID:8264
- C:\Windows\System\ljnkmWm.exe
  C:\Windows\System\ljnkmWm.exe
  2⤵
  PID:8280
- C:\Windows\System\PXVcmsz.exe
  C:\Windows\System\PXVcmsz.exe
  2⤵
  PID:8296
- C:\Windows\System\ROXXCvF.exe
  C:\Windows\System\ROXXCvF.exe
  2⤵
  PID:8312
- C:\Windows\System\YysNjzC.exe
  C:\Windows\System\YysNjzC.exe
  2⤵
  PID:8332
- C:\Windows\System\dnfcJWT.exe
  C:\Windows\System\dnfcJWT.exe
  2⤵
  PID:8348
- C:\Windows\System\VaiyWtf.exe
  C:\Windows\System\VaiyWtf.exe
  2⤵
  PID:8364
- C:\Windows\System\bWgNkNc.exe
  C:\Windows\System\bWgNkNc.exe
  2⤵
  PID:8380
- C:\Windows\System\hqEnFlS.exe
  C:\Windows\System\hqEnFlS.exe
  2⤵
  PID:8396
- C:\Windows\System\ZOnkyTU.exe
  C:\Windows\System\ZOnkyTU.exe
  2⤵
  PID:8412
- C:\Windows\System\TRknSHN.exe
  C:\Windows\System\TRknSHN.exe
  2⤵
  PID:8444
- C:\Windows\System\FanQvRR.exe
  C:\Windows\System\FanQvRR.exe
  2⤵
  PID:8460
- C:\Windows\System\FkkLhIP.exe
  C:\Windows\System\FkkLhIP.exe
  2⤵
  PID:8476
- C:\Windows\System\HTWPRLT.exe
  C:\Windows\System\HTWPRLT.exe
  2⤵
  PID:8492
- C:\Windows\System\niztpKr.exe
  C:\Windows\System\niztpKr.exe
  2⤵
  PID:8508
- C:\Windows\System\MSBqVBI.exe
  C:\Windows\System\MSBqVBI.exe
  2⤵
  PID:8524
- C:\Windows\System\DRALXRl.exe
  C:\Windows\System\DRALXRl.exe
  2⤵
  PID:8616
- C:\Windows\System\CYNKioE.exe
  C:\Windows\System\CYNKioE.exe
  2⤵
  PID:8740
- C:\Windows\System\NTSfJEC.exe
  C:\Windows\System\NTSfJEC.exe
  2⤵
  PID:2004
- C:\Windows\System\aJDixqM.exe
  C:\Windows\System\aJDixqM.exe
  2⤵
  PID:8196
- C:\Windows\System\JpsMugY.exe
  C:\Windows\System\JpsMugY.exe
  2⤵
  PID:8228
- C:\Windows\System\hhNIioO.exe
  C:\Windows\System\hhNIioO.exe
  2⤵
  PID:9232
- C:\Windows\System\kpPCSHH.exe
  C:\Windows\System\kpPCSHH.exe
  2⤵
  PID:9256
- C:\Windows\System\bUdoNnD.exe
  C:\Windows\System\bUdoNnD.exe
  2⤵
  PID:9432
- C:\Windows\System\SpoffHB.exe
  C:\Windows\System\SpoffHB.exe
  2⤵
  PID:9448
- C:\Windows\System\ufuKydH.exe
  C:\Windows\System\ufuKydH.exe
  2⤵
  PID:9472
- C:\Windows\System\BlWpMmu.exe
  C:\Windows\System\BlWpMmu.exe
  2⤵
  PID:9492
- C:\Windows\System\lrgSAmm.exe
  C:\Windows\System\lrgSAmm.exe
  2⤵
  PID:9576
- C:\Windows\System\VZUVfrk.exe
  C:\Windows\System\VZUVfrk.exe
  2⤵
  PID:9600
- C:\Windows\System\KWDtoQK.exe
  C:\Windows\System\KWDtoQK.exe
  2⤵
  PID:9636
- C:\Windows\System\vKAsWls.exe
  C:\Windows\System\vKAsWls.exe
  2⤵
  PID:9656
- C:\Windows\System\vxXAlll.exe
  C:\Windows\System\vxXAlll.exe
  2⤵
  PID:9680
- C:\Windows\System\EfPdDxC.exe
  C:\Windows\System\EfPdDxC.exe
  2⤵
  PID:9736
- C:\Windows\System\sDibtPh.exe
  C:\Windows\System\sDibtPh.exe
  2⤵
  PID:9804
- C:\Windows\System\lshiAds.exe
  C:\Windows\System\lshiAds.exe
  2⤵
  PID:9836
- C:\Windows\System\HovFToo.exe
  C:\Windows\System\HovFToo.exe
  2⤵
  PID:9852
- C:\Windows\System\ybRIwtH.exe
  C:\Windows\System\ybRIwtH.exe
  2⤵
  PID:9872
- C:\Windows\System\qhUfogc.exe
  C:\Windows\System\qhUfogc.exe
  2⤵
  PID:9900
- C:\Windows\System\pDJShwj.exe
  C:\Windows\System\pDJShwj.exe
  2⤵
  PID:9932
- C:\Windows\System\reGeCmQ.exe
  C:\Windows\System\reGeCmQ.exe
  2⤵
  PID:9964
- C:\Windows\System\ZVnWDnr.exe
  C:\Windows\System\ZVnWDnr.exe
  2⤵
  PID:9996
- C:\Windows\System\XCVyrOx.exe
  C:\Windows\System\XCVyrOx.exe
  2⤵
  PID:10028
- C:\Windows\System\PgrkDse.exe
  C:\Windows\System\PgrkDse.exe
  2⤵
  PID:10048
- C:\Windows\System\ttwqEnA.exe
  C:\Windows\System\ttwqEnA.exe
  2⤵
  PID:10072
- C:\Windows\System\fWPUUWT.exe
  C:\Windows\System\fWPUUWT.exe
  2⤵
  PID:10092
- C:\Windows\System\RKtKvcn.exe
  C:\Windows\System\RKtKvcn.exe
  2⤵
  PID:10124
- C:\Windows\System\JKcWtVq.exe
  C:\Windows\System\JKcWtVq.exe
  2⤵
  PID:10156
- C:\Windows\System\uGkNssi.exe
  C:\Windows\System\uGkNssi.exe
  2⤵
  PID:10188
- C:\Windows\System\wEwzyrp.exe
  C:\Windows\System\wEwzyrp.exe
  2⤵
  PID:10232
- C:\Windows\System\KXfUkJu.exe
  C:\Windows\System\KXfUkJu.exe
  2⤵
  PID:8656
- C:\Windows\System\uvBycPW.exe
  C:\Windows\System\uvBycPW.exe
  2⤵
  PID:9276
- C:\Windows\System\qPdGKTV.exe
  C:\Windows\System\qPdGKTV.exe
  2⤵
  PID:8844
- C:\Windows\System\ujjoxZE.exe
  C:\Windows\System\ujjoxZE.exe
  2⤵
  PID:8944
- C:\Windows\System\xukJnjX.exe
  C:\Windows\System\xukJnjX.exe
  2⤵
  PID:8484
- C:\Windows\System\MSlhLyn.exe
  C:\Windows\System\MSlhLyn.exe
  2⤵
  PID:9176
- C:\Windows\System\MWWXuHr.exe
  C:\Windows\System\MWWXuHr.exe
  2⤵
  PID:6200
- C:\Windows\System\uyxWDYU.exe
  C:\Windows\System\uyxWDYU.exe
  2⤵
  PID:9268
- C:\Windows\System\VgLOOIk.exe
  C:\Windows\System\VgLOOIk.exe
  2⤵
  PID:9508
- C:\Windows\System\sfBzPno.exe
  C:\Windows\System\sfBzPno.exe
  2⤵
  PID:9244
- C:\Windows\System\rLAqUyW.exe
  C:\Windows\System\rLAqUyW.exe
  2⤵
  PID:9288
- C:\Windows\System\ljULHWV.exe
  C:\Windows\System\ljULHWV.exe
  2⤵
  PID:9488
- C:\Windows\System\qClyXmS.exe
  C:\Windows\System\qClyXmS.exe
  2⤵
  PID:9424
- C:\Windows\System\gVkcXxF.exe
  C:\Windows\System\gVkcXxF.exe
  2⤵
  PID:9616
- C:\Windows\System\TKIIgzg.exe
  C:\Windows\System\TKIIgzg.exe
  2⤵
  PID:9672
- C:\Windows\System\brmZTrd.exe
  C:\Windows\System\brmZTrd.exe
  2⤵
  PID:9664
- C:\Windows\System\lpMNWur.exe
  C:\Windows\System\lpMNWur.exe
  2⤵
  PID:9768
- C:\Windows\System\CpRFJfE.exe
  C:\Windows\System\CpRFJfE.exe
  2⤵
  PID:9812
- C:\Windows\System\rMSuXEm.exe
  C:\Windows\System\rMSuXEm.exe
  2⤵
  PID:9920
- C:\Windows\System\ZiKJsQE.exe
  C:\Windows\System\ZiKJsQE.exe
  2⤵
  PID:10012
- C:\Windows\System\HuFHMYE.exe
  C:\Windows\System\HuFHMYE.exe
  2⤵
  PID:10064
- C:\Windows\System\iEftOQL.exe
  C:\Windows\System\iEftOQL.exe
  2⤵
  PID:10116
- C:\Windows\System\zdKWxLa.exe
  C:\Windows\System\zdKWxLa.exe
  2⤵
  PID:10204
- C:\Windows\System\hzkolzS.exe
  C:\Windows\System\hzkolzS.exe
  2⤵
  PID:8984
- C:\Windows\System\wubJbtv.exe
  C:\Windows\System\wubJbtv.exe
  2⤵
  PID:8868
- C:\Windows\System\jWyzXWJ.exe
  C:\Windows\System\jWyzXWJ.exe
  2⤵
  PID:8920
- C:\Windows\System\DRwQWPp.exe
  C:\Windows\System\DRwQWPp.exe
  2⤵
  PID:9048
- C:\Windows\System\ADYAZFw.exe
  C:\Windows\System\ADYAZFw.exe
  2⤵
  PID:8212
- C:\Windows\System\qzYPzEP.exe
  C:\Windows\System\qzYPzEP.exe
  2⤵
  PID:9464
- C:\Windows\System\VKWvsLJ.exe
  C:\Windows\System\VKWvsLJ.exe
  2⤵
  PID:9700
- C:\Windows\System\Ljhegzh.exe
  C:\Windows\System\Ljhegzh.exe
  2⤵
  PID:9816
- C:\Windows\System\UMMiCeS.exe
  C:\Windows\System\UMMiCeS.exe
  2⤵
  PID:10044
- C:\Windows\System\mqybGGt.exe
  C:\Windows\System\mqybGGt.exe
  2⤵
  PID:10084
- C:\Windows\System\fzeeTUo.exe
  C:\Windows\System\fzeeTUo.exe
  2⤵
  PID:8640
- C:\Windows\System\hUomciQ.exe
  C:\Windows\System\hUomciQ.exe
  2⤵
  PID:9040
- C:\Windows\System\zigCUKV.exe
  C:\Windows\System\zigCUKV.exe
  2⤵
  PID:10020
- C:\Windows\System\hpvwsGS.exe
  C:\Windows\System\hpvwsGS.exe
  2⤵
  PID:9692
- C:\Windows\System\rYcpxFE.exe
  C:\Windows\System\rYcpxFE.exe
  2⤵
  PID:8968
- C:\Windows\System\LEUZLJn.exe
  C:\Windows\System\LEUZLJn.exe
  2⤵
  PID:9888
- C:\Windows\System\lUMWaaK.exe
  C:\Windows\System\lUMWaaK.exe
  2⤵
  PID:10248
- C:\Windows\System\lHXMvTw.exe
  C:\Windows\System\lHXMvTw.exe
  2⤵
  PID:10284
- C:\Windows\System\ZRGBjfw.exe
  C:\Windows\System\ZRGBjfw.exe
  2⤵
  PID:10308
- C:\Windows\System\byLKIrT.exe
  C:\Windows\System\byLKIrT.exe
  2⤵
  PID:10332
- C:\Windows\System\bdRcLIu.exe
  C:\Windows\System\bdRcLIu.exe
  2⤵
  PID:10348
- C:\Windows\System\XxlciSv.exe
  C:\Windows\System\XxlciSv.exe
  2⤵
  PID:10364
- C:\Windows\System\hCcvpZr.exe
  C:\Windows\System\hCcvpZr.exe
  2⤵
  PID:10384
- C:\Windows\System\hiXkGOu.exe
  C:\Windows\System\hiXkGOu.exe
  2⤵
  PID:10412
- C:\Windows\System\boXSxbH.exe
  C:\Windows\System\boXSxbH.exe
  2⤵
  PID:10476
- C:\Windows\System\oyZKOuA.exe
  C:\Windows\System\oyZKOuA.exe
  2⤵
  PID:10500
- C:\Windows\System\VZUalUd.exe
  C:\Windows\System\VZUalUd.exe
  2⤵
  PID:10528
- C:\Windows\System\dqhohog.exe
  C:\Windows\System\dqhohog.exe
  2⤵
  PID:10584
- C:\Windows\System\yQOamlw.exe
  C:\Windows\System\yQOamlw.exe
  2⤵
  PID:10604
- C:\Windows\System\qorfDoC.exe
  C:\Windows\System\qorfDoC.exe
  2⤵
  PID:10624
- C:\Windows\System\QcYYtay.exe
  C:\Windows\System\QcYYtay.exe
  2⤵
  PID:10652
- C:\Windows\System\MNjviKz.exe
  C:\Windows\System\MNjviKz.exe
  2⤵
  PID:10672
- C:\Windows\System\pIKGTRH.exe
  C:\Windows\System\pIKGTRH.exe
  2⤵
  PID:10692
- C:\Windows\System\fWdgyeN.exe
  C:\Windows\System\fWdgyeN.exe
  2⤵
  PID:10720
- C:\Windows\System\FmqRDZI.exe
  C:\Windows\System\FmqRDZI.exe
  2⤵
  PID:10736
- C:\Windows\System\KRbXuTp.exe
  C:\Windows\System\KRbXuTp.exe
  2⤵
  PID:10772
- C:\Windows\System\DRECrhM.exe
  C:\Windows\System\DRECrhM.exe
  2⤵
  PID:10796
- C:\Windows\System\oidqbpX.exe
  C:\Windows\System\oidqbpX.exe
  2⤵
  PID:10820
- C:\Windows\System\rGPBjPU.exe
  C:\Windows\System\rGPBjPU.exe
  2⤵
  PID:10884
- C:\Windows\System\EpeQrxm.exe
  C:\Windows\System\EpeQrxm.exe
  2⤵
  PID:10912
- C:\Windows\System\jERkdOo.exe
  C:\Windows\System\jERkdOo.exe
  2⤵
  PID:10952
- C:\Windows\System\ZumHUCm.exe
  C:\Windows\System\ZumHUCm.exe
  2⤵
  PID:10968
- C:\Windows\System\VHMCQLM.exe
  C:\Windows\System\VHMCQLM.exe
  2⤵
  PID:11000
- C:\Windows\System\dJRCKHp.exe
  C:\Windows\System\dJRCKHp.exe
  2⤵
  PID:11020
- C:\Windows\System\YrZxvCH.exe
  C:\Windows\System\YrZxvCH.exe
  2⤵
  PID:11048
- C:\Windows\System\fXGCcTW.exe
  C:\Windows\System\fXGCcTW.exe
  2⤵
  PID:11080
- C:\Windows\System\KfwPXne.exe
  C:\Windows\System\KfwPXne.exe
  2⤵
  PID:11096
- C:\Windows\System\milBPaz.exe
  C:\Windows\System\milBPaz.exe
  2⤵
  PID:11120
- C:\Windows\System\NsnNUXF.exe
  C:\Windows\System\NsnNUXF.exe
  2⤵
  PID:11152
- C:\Windows\System\hhcExre.exe
  C:\Windows\System\hhcExre.exe
  2⤵
  PID:11180
- C:\Windows\System\qExsMyY.exe
  C:\Windows\System\qExsMyY.exe
  2⤵
  PID:11196
- C:\Windows\System\jbfwDcp.exe
  C:\Windows\System\jbfwDcp.exe
  2⤵
  PID:11232
- C:\Windows\System\sPCuTQo.exe
  C:\Windows\System\sPCuTQo.exe
  2⤵
  PID:10320
- C:\Windows\System\dQWdOYX.exe
  C:\Windows\System\dQWdOYX.exe
  2⤵
  PID:10296
- C:\Windows\System\KubwdDh.exe
  C:\Windows\System\KubwdDh.exe
  2⤵
  PID:10344
- C:\Windows\System\wBWTWOE.exe
  C:\Windows\System\wBWTWOE.exe
  2⤵
  PID:10380
- C:\Windows\System\JdacBys.exe
  C:\Windows\System\JdacBys.exe
  2⤵
  PID:10492
- C:\Windows\System\tbZPLnB.exe
  C:\Windows\System\tbZPLnB.exe
  2⤵
  PID:10516
- C:\Windows\System\iOqxzeZ.exe
  C:\Windows\System\iOqxzeZ.exe
  2⤵
  PID:10576
- C:\Windows\System\GdroLRi.exe
  C:\Windows\System\GdroLRi.exe
  2⤵
  PID:10640
- C:\Windows\System\xSMrJTM.exe
  C:\Windows\System\xSMrJTM.exe
  2⤵
  PID:10684
- C:\Windows\System\ezMomek.exe
  C:\Windows\System\ezMomek.exe
  2⤵
  PID:10728
- C:\Windows\System\oTYGPJB.exe
  C:\Windows\System\oTYGPJB.exe
  2⤵
  PID:10780
- C:\Windows\System\aovfosO.exe
  C:\Windows\System\aovfosO.exe
  2⤵
  PID:10864
- C:\Windows\System\dVpwLxK.exe
  C:\Windows\System\dVpwLxK.exe
  2⤵
  PID:10908
- C:\Windows\System\FFfzIBc.exe
  C:\Windows\System\FFfzIBc.exe
  2⤵
  PID:11028
- C:\Windows\System\nFmKjlt.exe
  C:\Windows\System\nFmKjlt.exe
  2⤵
  PID:11128
- C:\Windows\System\VefTMio.exe
  C:\Windows\System\VefTMio.exe
  2⤵
  PID:11168
- C:\Windows\System\OCFXLpG.exe
  C:\Windows\System\OCFXLpG.exe
  2⤵
  PID:11208
- C:\Windows\System\NyvyVFz.exe
  C:\Windows\System\NyvyVFz.exe
  2⤵
  PID:9320
- C:\Windows\System\ltVXceA.exe
  C:\Windows\System\ltVXceA.exe
  2⤵
  PID:10456
- C:\Windows\System\ocdDaXI.exe
  C:\Windows\System\ocdDaXI.exe
  2⤵
  PID:10376
- C:\Windows\System\aeOlgsH.exe
  C:\Windows\System\aeOlgsH.exe
  2⤵
  PID:10748
- C:\Windows\System\sUTJSiA.exe
  C:\Windows\System\sUTJSiA.exe
  2⤵
  PID:10984
- C:\Windows\System\iCIhskS.exe
  C:\Windows\System\iCIhskS.exe
  2⤵
  PID:10904
- C:\Windows\System\lZDtVKr.exe
  C:\Windows\System\lZDtVKr.exe
  2⤵
  PID:11112
- C:\Windows\System\QckaGdr.exe
  C:\Windows\System\QckaGdr.exe
  2⤵
  PID:10632
- C:\Windows\System\lcKvpoy.exe
  C:\Windows\System\lcKvpoy.exe
  2⤵
  PID:11076
- C:\Windows\System\pbBqRoO.exe
  C:\Windows\System\pbBqRoO.exe
  2⤵
  PID:11276
- C:\Windows\System\moiIGuc.exe
  C:\Windows\System\moiIGuc.exe
  2⤵
  PID:11292
- C:\Windows\System\QaqtwkD.exe
  C:\Windows\System\QaqtwkD.exe
  2⤵
  PID:11316
- C:\Windows\System\uoHjwvz.exe
  C:\Windows\System\uoHjwvz.exe
  2⤵
  PID:11344
- C:\Windows\System\FgnkLJe.exe
  C:\Windows\System\FgnkLJe.exe
  2⤵
  PID:11368
- C:\Windows\System\OCAECXw.exe
  C:\Windows\System\OCAECXw.exe
  2⤵
  PID:11384
- C:\Windows\System\EFSIRHG.exe
  C:\Windows\System\EFSIRHG.exe
  2⤵
  PID:11408
- C:\Windows\System\uekuDEg.exe
  C:\Windows\System\uekuDEg.exe
  2⤵
  PID:11428
- C:\Windows\System\kbMzNQw.exe
  C:\Windows\System\kbMzNQw.exe
  2⤵
  PID:11480
- C:\Windows\System\UjLSIIZ.exe
  C:\Windows\System\UjLSIIZ.exe
  2⤵
  PID:11500
- C:\Windows\System\PTsPqAY.exe
  C:\Windows\System\PTsPqAY.exe
  2⤵
  PID:11520
- C:\Windows\System\ryQfbyh.exe
  C:\Windows\System\ryQfbyh.exe
  2⤵
  PID:11544
- C:\Windows\System\JcgurLx.exe
  C:\Windows\System\JcgurLx.exe
  2⤵
  PID:11600
- C:\Windows\System\kdkefls.exe
  C:\Windows\System\kdkefls.exe
  2⤵
  PID:11616
- C:\Windows\System\tyqKXvn.exe
  C:\Windows\System\tyqKXvn.exe
  2⤵
  PID:11644
- C:\Windows\System\DKMecwU.exe
  C:\Windows\System\DKMecwU.exe
  2⤵
  PID:11660
- C:\Windows\System\KFfjqmy.exe
  C:\Windows\System\KFfjqmy.exe
  2⤵
  PID:11680
- C:\Windows\System\JhgRrrg.exe
  C:\Windows\System\JhgRrrg.exe
  2⤵
  PID:11708
- C:\Windows\System\RmmleLT.exe
  C:\Windows\System\RmmleLT.exe
  2⤵
  PID:11760
- C:\Windows\System\Cpoexnb.exe
  C:\Windows\System\Cpoexnb.exe
  2⤵
  PID:11780
- C:\Windows\System\PibKzmG.exe
  C:\Windows\System\PibKzmG.exe
  2⤵
  PID:11808
- C:\Windows\System\eLvzwwm.exe
  C:\Windows\System\eLvzwwm.exe
  2⤵
  PID:11844
- C:\Windows\System\dQcSvCT.exe
  C:\Windows\System\dQcSvCT.exe
  2⤵
  PID:11860
- C:\Windows\System\UvHxZGD.exe
  C:\Windows\System\UvHxZGD.exe
  2⤵
  PID:11884
- C:\Windows\System\tJalhMZ.exe
  C:\Windows\System\tJalhMZ.exe
  2⤵
  PID:11912
- C:\Windows\System\swwkWcv.exe
  C:\Windows\System\swwkWcv.exe
  2⤵
  PID:11956
- C:\Windows\System\wCrgiin.exe
  C:\Windows\System\wCrgiin.exe
  2⤵
  PID:11992
- C:\Windows\System\OOQgMlP.exe
  C:\Windows\System\OOQgMlP.exe
  2⤵
  PID:12016
- C:\Windows\System\wEFIGnF.exe
  C:\Windows\System\wEFIGnF.exe
  2⤵
  PID:12060
- C:\Windows\System\NJvkhPM.exe
  C:\Windows\System\NJvkhPM.exe
  2⤵
  PID:12080
- C:\Windows\System\MTLAOZA.exe
  C:\Windows\System\MTLAOZA.exe
  2⤵
  PID:12100
- C:\Windows\System\aHirhjz.exe
  C:\Windows\System\aHirhjz.exe
  2⤵
  PID:12116
- C:\Windows\System\DkTynGv.exe
  C:\Windows\System\DkTynGv.exe
  2⤵
  PID:12180
- C:\Windows\System\uWOUgoh.exe
  C:\Windows\System\uWOUgoh.exe
  2⤵
  PID:12208
- C:\Windows\System\JlcLmex.exe
  C:\Windows\System\JlcLmex.exe
  2⤵
  PID:12224
- C:\Windows\System\EpQExgR.exe
  C:\Windows\System\EpQExgR.exe
  2⤵
  PID:12264
- C:\Windows\System\FAIdEKb.exe
  C:\Windows\System\FAIdEKb.exe
  2⤵
  PID:12280
- C:\Windows\System\YctsFrw.exe
  C:\Windows\System\YctsFrw.exe
  2⤵
  PID:10396
- C:\Windows\System\bPPnSUc.exe
  C:\Windows\System\bPPnSUc.exe
  2⤵
  PID:11288
- C:\Windows\System\nswykmb.exe
  C:\Windows\System\nswykmb.exe
  2⤵
  PID:11356
- C:\Windows\System\XGzJrmW.exe
  C:\Windows\System\XGzJrmW.exe
  2⤵
  PID:11444
- C:\Windows\System\DwvTEgG.exe
  C:\Windows\System\DwvTEgG.exe
  2⤵
  PID:11552
- C:\Windows\System\zlwadCP.exe
  C:\Windows\System\zlwadCP.exe
  2⤵
  PID:11608
- C:\Windows\System\zZyStrR.exe
  C:\Windows\System\zZyStrR.exe
  2⤵
  PID:11628
- C:\Windows\System\SExkPhx.exe
  C:\Windows\System\SExkPhx.exe
  2⤵
  PID:11676
- C:\Windows\System\NLlZFOS.exe
  C:\Windows\System\NLlZFOS.exe
  2⤵
  PID:11720
- C:\Windows\System\QOGZHRJ.exe
  C:\Windows\System\QOGZHRJ.exe
  2⤵
  PID:11800
- C:\Windows\System\RiiBHlE.exe
  C:\Windows\System\RiiBHlE.exe
  2⤵
  PID:11752
- C:\Windows\System\qGlzsZc.exe
  C:\Windows\System\qGlzsZc.exe
  2⤵
  PID:11928
- C:\Windows\System\YPrVznH.exe
  C:\Windows\System\YPrVznH.exe
  2⤵
  PID:11896
- C:\Windows\System\KKUvHja.exe
  C:\Windows\System\KKUvHja.exe
  2⤵
  PID:12004
- C:\Windows\System\uhiluID.exe
  C:\Windows\System\uhiluID.exe
  2⤵
  PID:12048
- C:\Windows\System\LSkYiYI.exe
  C:\Windows\System\LSkYiYI.exe
  2⤵
  PID:12092
- C:\Windows\System\lJslZQD.exe
  C:\Windows\System\lJslZQD.exe
  2⤵
  PID:12112
- C:\Windows\System\GNtvALW.exe
  C:\Windows\System\GNtvALW.exe
  2⤵
  PID:12244
- C:\Windows\System\JODVUKq.exe
  C:\Windows\System\JODVUKq.exe
  2⤵
  PID:12252
- C:\Windows\System\nxznZsG.exe
  C:\Windows\System\nxznZsG.exe
  2⤵
  PID:10792
- C:\Windows\System\MREiqRk.exe
  C:\Windows\System\MREiqRk.exe
  2⤵
  PID:11420
- C:\Windows\System\VZhColL.exe
  C:\Windows\System\VZhColL.exe
  2⤵
  PID:11516
- C:\Windows\System\JmLgXIs.exe
  C:\Windows\System\JmLgXIs.exe
  2⤵
  PID:11624
- C:\Windows\System\CHbrkoX.exe
  C:\Windows\System\CHbrkoX.exe
  2⤵
  PID:11696
- C:\Windows\System\dwwTxCG.exe
  C:\Windows\System\dwwTxCG.exe
  2⤵
  PID:11816
- C:\Windows\System\XSjnNHP.exe
  C:\Windows\System\XSjnNHP.exe
  2⤵
  PID:12136
- C:\Windows\System\rsPWMPC.exe
  C:\Windows\System\rsPWMPC.exe
  2⤵
  PID:12188
- C:\Windows\System\tqmExat.exe
  C:\Windows\System\tqmExat.exe
  2⤵
  PID:10616
- C:\Windows\System\YhnsRcH.exe
  C:\Windows\System\YhnsRcH.exe
  2⤵
  PID:12296
- C:\Windows\System\MVVjcXY.exe
  C:\Windows\System\MVVjcXY.exe
  2⤵
  PID:12312
- C:\Windows\System\eRbPDZr.exe
  C:\Windows\System\eRbPDZr.exe
  2⤵
  PID:12348
- C:\Windows\System\itWqfmD.exe
  C:\Windows\System\itWqfmD.exe
  2⤵
  PID:12384
- C:\Windows\System\hRWCkcc.exe
  C:\Windows\System\hRWCkcc.exe
  2⤵
  PID:12424
- C:\Windows\System\gBbyPQb.exe
  C:\Windows\System\gBbyPQb.exe
  2⤵
  PID:12460
- C:\Windows\System\pVdDSmQ.exe
  C:\Windows\System\pVdDSmQ.exe
  2⤵
  PID:12504
- C:\Windows\System\aoAlWZz.exe
  C:\Windows\System\aoAlWZz.exe
  2⤵
  PID:12520
- C:\Windows\System\LsesnRO.exe
  C:\Windows\System\LsesnRO.exe
  2⤵
  PID:12608
- C:\Windows\System\IMOWNGU.exe
  C:\Windows\System\IMOWNGU.exe
  2⤵
  PID:12644
- C:\Windows\System\NGScNdM.exe
  C:\Windows\System\NGScNdM.exe
  2⤵
  PID:12660
- C:\Windows\System\qpNMBqN.exe
  C:\Windows\System\qpNMBqN.exe
  2⤵
  PID:12684
- C:\Windows\System\wTuOLOk.exe
  C:\Windows\System\wTuOLOk.exe
  2⤵
  PID:12712
- C:\Windows\System\DYVruIr.exe
  C:\Windows\System\DYVruIr.exe
  2⤵
  PID:12732
- C:\Windows\System\wTCQkYG.exe
  C:\Windows\System\wTCQkYG.exe
  2⤵
  PID:12760
- C:\Windows\System\DOCHoZI.exe
  C:\Windows\System\DOCHoZI.exe
  2⤵
  PID:12788
- C:\Windows\System\wYFccEa.exe
  C:\Windows\System\wYFccEa.exe
  2⤵
  PID:12824
- C:\Windows\System\nGXsIRv.exe
  C:\Windows\System\nGXsIRv.exe
  2⤵
  PID:12848
- C:\Windows\System\QFfdefP.exe
  C:\Windows\System\QFfdefP.exe
  2⤵
  PID:12868
- C:\Windows\System\WppONUr.exe
  C:\Windows\System\WppONUr.exe
  2⤵
  PID:12892
- C:\Windows\System\cHgXgQG.exe
  C:\Windows\System\cHgXgQG.exe
  2⤵
  PID:12912
- C:\Windows\System\TUTmLNw.exe
  C:\Windows\System\TUTmLNw.exe
  2⤵
  PID:12932
- C:\Windows\System\sXjWWXe.exe
  C:\Windows\System\sXjWWXe.exe
  2⤵
  PID:12976
- C:\Windows\System\lRIlIab.exe
  C:\Windows\System\lRIlIab.exe
  2⤵
  PID:12992
- C:\Windows\System\rbtFuxX.exe
  C:\Windows\System\rbtFuxX.exe
  2⤵
  PID:13052
- C:\Windows\System\dPrzOqx.exe
  C:\Windows\System\dPrzOqx.exe
  2⤵
  PID:13084
- C:\Windows\System\mGnihSS.exe
  C:\Windows\System\mGnihSS.exe
  2⤵
  PID:13100
- C:\Windows\System\ocPFHoS.exe
  C:\Windows\System\ocPFHoS.exe
  2⤵
  PID:13124
- C:\Windows\System\WLjGSSa.exe
  C:\Windows\System\WLjGSSa.exe
  2⤵
  PID:13160
- C:\Windows\System\CrNnJOL.exe
  C:\Windows\System\CrNnJOL.exe
  2⤵
  PID:13180
- C:\Windows\System\ioYbPbZ.exe
  C:\Windows\System\ioYbPbZ.exe
  2⤵
  PID:13200
- C:\Windows\System\OxBGALx.exe
  C:\Windows\System\OxBGALx.exe
  2⤵
  PID:13216
- C:\Windows\System\QDQUBLJ.exe
  C:\Windows\System\QDQUBLJ.exe
  2⤵
  PID:13236
- C:\Windows\System\NfGAYNS.exe
  C:\Windows\System\NfGAYNS.exe
  2⤵
  PID:13256
- C:\Windows\System\JCYghPO.exe
  C:\Windows\System\JCYghPO.exe
  2⤵
  PID:13288
- C:\Windows\System\MmgsrVm.exe
  C:\Windows\System\MmgsrVm.exe
  2⤵
  PID:12488
- C:\Windows\System\GoITuOC.exe
  C:\Windows\System\GoITuOC.exe
  2⤵
  PID:12624
- C:\Windows\System\kPbxvHy.exe
  C:\Windows\System\kPbxvHy.exe
  2⤵
  PID:12632
- C:\Windows\System\fisbBYn.exe
  C:\Windows\System\fisbBYn.exe
  2⤵
  PID:12676
- C:\Windows\System\HHuXSVK.exe
  C:\Windows\System\HHuXSVK.exe
  2⤵
  PID:12704
- C:\Windows\System\NrAUvfm.exe
  C:\Windows\System\NrAUvfm.exe
  2⤵
  PID:12784
- C:\Windows\System\SrLjXqZ.exe
  C:\Windows\System\SrLjXqZ.exe
  2⤵
  PID:12876
- C:\Windows\System\MfyWrYG.exe
  C:\Windows\System\MfyWrYG.exe
  2⤵
  PID:12908
- C:\Windows\System\vYdSywR.exe
  C:\Windows\System\vYdSywR.exe
  2⤵
  PID:12972
- C:\Windows\System\ZkZCaLi.exe
  C:\Windows\System\ZkZCaLi.exe
  2⤵
  PID:13068
- C:\Windows\System\JmnpyMs.exe
  C:\Windows\System\JmnpyMs.exe
  2⤵
  PID:13140
- C:\Windows\System\NLptPPj.exe
  C:\Windows\System\NLptPPj.exe
  2⤵
  PID:13192
- C:\Windows\System\GNFyGCB.exe
  C:\Windows\System\GNFyGCB.exe
  2⤵
  PID:12236
- C:\Windows\System\kPEFLoG.exe
  C:\Windows\System\kPEFLoG.exe
  2⤵
  PID:13284
- C:\Windows\System\rtYFWxx.exe
  C:\Windows\System\rtYFWxx.exe
  2⤵
  PID:12448
- C:\Windows\System\wRpJkpv.exe
  C:\Windows\System\wRpJkpv.exe
  2⤵
  PID:12672
- C:\Windows\System\dyzWbgX.exe
  C:\Windows\System\dyzWbgX.exe
  2⤵
  PID:12776
- C:\Windows\System\YiTyQrR.exe
  C:\Windows\System\YiTyQrR.exe
  2⤵
  PID:11464
- C:\Windows\System\FMQEnfo.exe
  C:\Windows\System\FMQEnfo.exe
  2⤵
  PID:11588
- C:\Windows\System\OhOCvzF.exe
  C:\Windows\System\OhOCvzF.exe
  2⤵
  PID:12456
- C:\Windows\System\dVVoSLw.exe
  C:\Windows\System\dVVoSLw.exe
  2⤵
  PID:12816
- C:\Windows\System\aaLBOhG.exe
  C:\Windows\System\aaLBOhG.exe
  2⤵
  PID:116
- C:\Windows\System\YHKnUjL.exe
  C:\Windows\System\YHKnUjL.exe
  2⤵
  PID:12928
- C:\Windows\System\EcTlwgC.exe
  C:\Windows\System\EcTlwgC.exe
  2⤵
  PID:11952
- C:\Windows\System\uRgQHls.exe
  C:\Windows\System\uRgQHls.exe
  2⤵
  PID:12724
- C:\Windows\System\vyPpEGt.exe
  C:\Windows\System\vyPpEGt.exe
  2⤵
  PID:12840
- C:\Windows\System\tMngdTQ.exe
  C:\Windows\System\tMngdTQ.exe
  2⤵
  PID:912
- C:\Windows\System\lfJbSRp.exe
  C:\Windows\System\lfJbSRp.exe
  2⤵
  PID:13020
- C:\Windows\System\jlamuWD.exe
  C:\Windows\System\jlamuWD.exe
  2⤵
  PID:11564
- C:\Windows\System\URghJxn.exe
  C:\Windows\System\URghJxn.exe
  2⤵
  PID:12728
- C:\Windows\System\VXecHjw.exe
  C:\Windows\System\VXecHjw.exe
  2⤵
  PID:13316
- C:\Windows\System\NGnUltc.exe
  C:\Windows\System\NGnUltc.exe
  2⤵
  PID:13348
- C:\Windows\System\XUXvxgs.exe
  C:\Windows\System\XUXvxgs.exe
  2⤵
  PID:13376
- C:\Windows\System\JSKXgAJ.exe
  C:\Windows\System\JSKXgAJ.exe
  2⤵
  PID:13404
- C:\Windows\System\WCvIyYO.exe
  C:\Windows\System\WCvIyYO.exe
  2⤵
  PID:13440
- C:\Windows\System\tDsHoco.exe
  C:\Windows\System\tDsHoco.exe
  2⤵
  PID:13512
- C:\Windows\System\ThKAcQH.exe
  C:\Windows\System\ThKAcQH.exe
  2⤵
  PID:13532
- C:\Windows\System\IJpouUI.exe
  C:\Windows\System\IJpouUI.exe
  2⤵
  PID:13556
- C:\Windows\System\WnXpncg.exe
  C:\Windows\System\WnXpncg.exe
  2⤵
  PID:13584
- C:\Windows\System\FGUvjls.exe
  C:\Windows\System\FGUvjls.exe
  2⤵
  PID:13604
- C:\Windows\System\LFVOZeh.exe
  C:\Windows\System\LFVOZeh.exe
  2⤵
  PID:13628
- C:\Windows\System\IrQmZPY.exe
  C:\Windows\System\IrQmZPY.exe
  2⤵
  PID:13656
- C:\Windows\System\UeEmFuh.exe
  C:\Windows\System\UeEmFuh.exe
  2⤵
  PID:13680
- C:\Windows\System\ulCKfxX.exe
  C:\Windows\System\ulCKfxX.exe
  2⤵
  PID:13700
- C:\Windows\System\fXMgmxU.exe
  C:\Windows\System\fXMgmxU.exe
  2⤵
  PID:13732
- C:\Windows\System\unxIDaK.exe
  C:\Windows\System\unxIDaK.exe
  2⤵
  PID:13756
- C:\Windows\System\IYDmpPW.exe
  C:\Windows\System\IYDmpPW.exe
  2⤵
  PID:13772
- C:\Windows\System\cByObpI.exe
  C:\Windows\System\cByObpI.exe
  2⤵
  PID:13808
- C:\Windows\System\upupBZM.exe
  C:\Windows\System\upupBZM.exe
  2⤵
  PID:13832
- C:\Windows\System\SOAKydv.exe
  C:\Windows\System\SOAKydv.exe
  2⤵
  PID:13872
- C:\Windows\System\PfrckaW.exe
  C:\Windows\System\PfrckaW.exe
  2⤵
  PID:13896
- C:\Windows\System\VJALCEJ.exe
  C:\Windows\System\VJALCEJ.exe
  2⤵
  PID:13912
- C:\Windows\System\vVOTMzy.exe
  C:\Windows\System\vVOTMzy.exe
  2⤵
  PID:13968
- C:\Windows\System\lyOTSIv.exe
  C:\Windows\System\lyOTSIv.exe
  2⤵
  PID:13992
- C:\Windows\System\PhZxxyL.exe
  C:\Windows\System\PhZxxyL.exe
  2⤵
  PID:14036
- C:\Windows\System\JDQlPZj.exe
  C:\Windows\System\JDQlPZj.exe
  2⤵
  PID:14056
- C:\Windows\System\UemuLkv.exe
  C:\Windows\System\UemuLkv.exe
  2⤵
  PID:14076
- C:\Windows\System\vUobTbp.exe
  C:\Windows\System\vUobTbp.exe
  2⤵
  PID:14092
- C:\Windows\System\PjavlVj.exe
  C:\Windows\System\PjavlVj.exe
  2⤵
  PID:14112
- C:\Windows\System\eMzeVEa.exe
  C:\Windows\System\eMzeVEa.exe
  2⤵
  PID:14132
- C:\Windows\System\EafoFex.exe
  C:\Windows\System\EafoFex.exe
  2⤵
  PID:14160
- C:\Windows\System\mXpZANy.exe
  C:\Windows\System\mXpZANy.exe
  2⤵
  PID:14180
- C:\Windows\System\GoWREku.exe
  C:\Windows\System\GoWREku.exe
  2⤵
  PID:14224
- C:\Windows\System\lbAOOMV.exe
  C:\Windows\System\lbAOOMV.exe
  2⤵
  PID:14260
- C:\Windows\System\gGhfQVx.exe
  C:\Windows\System\gGhfQVx.exe
  2⤵
  PID:14280
- C:\Windows\System\giRpVMo.exe
  C:\Windows\System\giRpVMo.exe
  2⤵
  PID:14304
- C:\Windows\System\sMwDwYS.exe
  C:\Windows\System\sMwDwYS.exe
  2⤵
  PID:14332
- C:\Windows\System\PequoeL.exe
  C:\Windows\System\PequoeL.exe
  2⤵
  PID:13336
- C:\Windows\System\pQVWyZD.exe
  C:\Windows\System\pQVWyZD.exe
  2⤵
  PID:13332
- C:\Windows\System\dmdHPVX.exe
  C:\Windows\System\dmdHPVX.exe
  2⤵
  PID:13424
- C:\Windows\System\uXxfcmC.exe
  C:\Windows\System\uXxfcmC.exe
  2⤵
  PID:13496
- C:\Windows\System\DZmviIZ.exe
  C:\Windows\System\DZmviIZ.exe
  2⤵
  PID:13480
- C:\Windows\System\FPfQHnM.exe
  C:\Windows\System\FPfQHnM.exe
  2⤵
  PID:13568
- C:\Windows\System\tnjFSkJ.exe
  C:\Windows\System\tnjFSkJ.exe
  2⤵
  PID:13696
- C:\Windows\System\QyEutGN.exe
  C:\Windows\System\QyEutGN.exe
  2⤵
  PID:13720
- C:\Windows\System\VHlDdpG.exe
  C:\Windows\System\VHlDdpG.exe
  2⤵
  PID:13824
- C:\Windows\System\lYxNAyL.exe
  C:\Windows\System\lYxNAyL.exe
  2⤵
  PID:13868
- C:\Windows\System\jeUCHYv.exe
  C:\Windows\System\jeUCHYv.exe
  2⤵
  PID:13976
- C:\Windows\System\CSyKsjE.exe
  C:\Windows\System\CSyKsjE.exe
  2⤵
  PID:14044

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BJoOWRe.exe

Filesize
1.3MB

MD5
c7760dd7b00ce5a3d4a9cb1ca9bc1ce9

SHA1
f03e11aea38a278a791d2dc5597b483a9437be76

SHA256
379b35c69e741d4480d0614aaaadc5d16d86d3590f51caf5d50b0e53a281a0b3

SHA512
2f247d91f29339c231099a7c9edc17d72e344df37757fd99f9b2a8c38b73712ce8234505c45aaa6d7754e07105eaca707df4e2ac73589a34a44b34e7ce7d4c27

Download Submit
C:\Windows\System\BniWkvS.exe

Filesize
1.3MB

MD5
db4cef1f14951bb8d4ebe315e65efa94

SHA1
8f621f274a39c9b6575e6d25f8125a4c23ce6570

SHA256
4816b4efe4c7ffb1f8d04cb24cb3dafca6c702bc49a83cbae2d7292e010911d8

SHA512
80dd2a7088d03da298812ed177c6468999563bf6570251663f7c420997cd38b8c7e70c08dd108fbccf281ff48447f49c9b83e7cd1085fd4975a5f6d5e1c26955

Download Submit
C:\Windows\System\DTVKnfA.exe

Filesize
1.3MB

MD5
abb4ea2dd04a97cd6b75fbc85d814ff9

SHA1
8d67720686273ab5f95d0e378f7e8414dd4c25ed

SHA256
b0e61cc93efc48a5035620a91b781549f2e1654d60e2e853ac5d80e78123a0aa

SHA512
cbb165a2f5ddc026cf0ce9321cdceeb157e5dd0d6536656058be1ffb6145cd3b7d221ec40b7f2eaa0004d76c3774d432074418633b75dd6e8b8184c0529a0a8a

Download Submit
C:\Windows\System\GXtwzQQ.exe

Filesize
1.3MB

MD5
3f24bc84e62cae5abc552a2e37a9a0a4

SHA1
946447425fe0984e4b07246a2bbe0b6ee4db3c8c

SHA256
16a0f5154e1af424c76875382c1ef822bbc6d0588511cba24993668d1df7139e

SHA512
81743ee4e31e04bac44930729af1e2e05f691422b6df6b54a59a8e9ae131a83975012401913b273a5696e7e87860afd6d805f9d96c46ff1a132fe128ba2ee7af

Download Submit
C:\Windows\System\GaLaPGz.exe

Filesize
1.3MB

MD5
a0f068199d597553d630105361374594

SHA1
ee68a2aa1ff8106bbe059ff4c8358c48675d81aa

SHA256
0a6e54f969e4033603b1e6b34121d8f9d41d3d0f9bf146c4e165ec1280397026

SHA512
a751b7e16c27c12786d82ce93c02d9b36ccfd307a643022dcb74332959a0ec594d44b9a850f9fea6492a236791dd1791d34a9a28182c83ea370d0fe8d5e2cf6f

Download Submit
C:\Windows\System\GjDaYtF.exe

Filesize
1.3MB

MD5
a130c5da694768239a49e160ea3dd1a9

SHA1
4cda3147d49408a3a4bb2995f12fe71a30c872ff

SHA256
fb7b8961db05f5c764c37c26e76f2d016d596a7a2592202f34435a36910584a9

SHA512
851123a30062c694c5cc5c0455f7e81beec4b6bd7f6ae43fbc0d03339301289a048351967df03c40ba1aed9016326c62b549d26ed5150cb58babb73a6d0e52d9

Download Submit
C:\Windows\System\HUfCyly.exe

Filesize
1.3MB

MD5
e74d9fc32529dbe2102151e675745ae2

SHA1
d59baffdab216ef8205f38fc8efe6b6f44b5ef78

SHA256
25309ef7f53a598127c1819ed6cda31672b75d76f151e7f99a4c3bd61b54a05c

SHA512
c8f7d5d39f233152182019ae3adbd891afc199df34e3aa45eadcd85cb9f36a57573884cad5971121966c57db5b9277d36d72451e62b2277d9af3ddc20dade7ac

Download Submit
C:\Windows\System\LIjahaw.exe

Filesize
1.3MB

MD5
4ef7f4565cbedba45017ed4f5155c42d

SHA1
1b3eab1543bc660b5ca2cffdb223f2a21ce637c0

SHA256
d17c7b7e86836cbe3bbc208e62d7fa9637ed4569d9d95b3a46e8260c6f2a5c55

SHA512
5f4227b092e8a70a494141ad3918a6b9cb3755e444faf60bc1fd7d4b6abb31307af65b7ec7282b91bebf5508581a195f99084cb19ff233cde4b83ba927e6c6c1

Download Submit
C:\Windows\System\LjTLbLR.exe

Filesize
1.3MB

MD5
f52181ad608a18b246619b601c5c5bfe

SHA1
803b7692fd543802235a094ea6baf1112d4fd3e8

SHA256
b990562a722feb4ab4da725985fea198e0b50da0498e02cc411aa6fbc07d6a7a

SHA512
18d6e7d8f1343c5ec2db1a5a25157231fb1fb8319d1b9058becba6f31fe0f5bb57a3ea5e342c221039843660f93e48d5d3b583006c7e089096a4bd34c774aace

Download Submit
C:\Windows\System\PapDuNj.exe

Filesize
1.3MB

MD5
b65b055a426f4bacb95665d04c0d3115

SHA1
ba7b7247f983e81cc80f12c397385271bcfebcc0

SHA256
626051bd23e07dc0009a1dfbe3a40df88c27513152537499a8b93b1eee3f4743

SHA512
99bc3b30986dcb01db09e63f6ef55fa3e43f7cf981bdbecb1c0f25bc24777f919a8d03f43fe3fd246787fe976ccb14436dfaf82d130fa5fb991d832cea5fab5f

Download Submit
C:\Windows\System\QNwTvMp.exe

Filesize
1.3MB

MD5
1a0ea8296f2807639fd14cd180b2748f

SHA1
69af08c0ede9087250a65bd802ef6c0e7e5389e3

SHA256
ec62505362dd7269bbe5699182aa21d5d5ea900c380325140bb26d853d1bea05

SHA512
b92d2d78596a5fe330a724db4fd73e98ff1abdd25cfdec24c5776bc17920e25d571ec74e2f78007f1b9881f8f6e9debdec4db660e5103e2340413eeb45bd03af

Download Submit
C:\Windows\System\WQOqpvO.exe

Filesize
1.3MB

MD5
b260f8db8a91ae1c27be0ad97717c026

SHA1
798dac6753662104aa5f1f79ca2ce3740934fbb7

SHA256
e8063dc9800a3292642dbefb980061477ba4c3152bd8ec6a60b06c2b409dd56c

SHA512
b98d9865beaea05962eed0ee4c09c4e6084377e5fb550ef87f9765f8f29ab814d3d5f93eed36370822ef013ffe0983002d5fb6ef238852d8140dfeb3c3717b4e

Download Submit
C:\Windows\System\ZiqNwln.exe

Filesize
1.3MB

MD5
ca6103aa3991246ea9b479a61f80c063

SHA1
5d693a8e98de119cb012ab3d99fd41cc9d190d83

SHA256
69727a1900df90823da4c0ba61499762b09f80b395af525312e77ba23f27ebe4

SHA512
607f8417d3081154d4eb570b5698bdc085fa15f1488510d96b0a807054f5e6b1f6dc3e2257b0ba6f2ac69a4e3d3b91ce26709e070d25c09b9d32cf0dab34f6d3

Download Submit
C:\Windows\System\ZjDrovo.exe

Filesize
1.3MB

MD5
39d2302a51cee198f406cc2951a30895

SHA1
0b70b855a0e1626ad2763a09c3aa07069b304640

SHA256
1c8abb4b510df427f96c433dac363b0b40f78dd8ad89af2ee3ecbc92e37b606f

SHA512
4986b383a9b0575e8eab998a24475417500479b9421f781883eec4aa3688593d376e336932ff8fce54f268495aae43da4437e3228a36021f064e817a0bdeb06c

Download Submit
C:\Windows\System\bYaeocL.exe

Filesize
1.3MB

MD5
2ea341e6bd06238df725da88b5538f79

SHA1
20dfd4cd746de814b5bdc9164fdcbea12fbcd92a

SHA256
217707db45551fc2146d4698026b8b917aa70813bf2f1ce002c353f50f5bc2e0

SHA512
d8eab7e68510fa60c7a18b41c48303b7b9ee109fc0eb12cae7e679435e22e8e328064291a9e12b8222f437566148ec5c9dd9c5f4307a075933be5e42a2c200fb

Download Submit
C:\Windows\System\dJwVJbC.exe

Filesize
1.3MB

MD5
6968bb580a47ba09ef86c6c1b238ff11

SHA1
392ef9f9673cdd42369843feb43de09473629c05

SHA256
04651020802ad7b7f59f75528824b744249a2ec2baad95289fed9a868b0dc4a9

SHA512
2db5379e844657d04985c3f15ce97619ba06e2e245b32408293ef3ce1bb587fc5516cb46420856848b36650fdc450d6a846f79d72aab086f2ccf67303aaae79a

Download Submit
C:\Windows\System\fCzhgeR.exe

Filesize
1.3MB

MD5
f6088468544834762d78b3c9bd8a65b3

SHA1
71b16569ce786fecc304422ac10e5182ea1a1623

SHA256
68886c2743b76b474cf38d785b6ddcdc09976aea877ab6cb08634de00c03632c

SHA512
ddc1b4637005196daefcd0ca8f989fdb266d08637ae794dc336849429ab871952e9f879aa098132923ed54d64451f38d67b0bc1aa9cd8eef04c4fa17c984736f

Download Submit
C:\Windows\System\fldCWaU.exe

Filesize
1.3MB

MD5
c0a338310a8c89720d55aa7a87d9f864

SHA1
55f997c29b982b9ad585e2f35b3997f4763a1206

SHA256
eef4111b75696f7b48fa0cb75015102d2f166f01f88420f6fef6b4db0732c091

SHA512
6b2c709eb06c9d93991e253552f5160a533b10bf76ae00b523b667439c8cbb1fb6da4ad65b86e0a34c5815eeb732a24f8c7a85fcab7e1dcd3f51f69ba626d79d

Download Submit
C:\Windows\System\hRNUzSr.exe

Filesize
1.3MB

MD5
e0ef649392561900e271aac1df6edbd4

SHA1
fe33139d7765b120dc7a002e65e5830c69fd10ec

SHA256
a99eb59a5818f79f3aaeac24cbca1792f216ddb65345924add89cd1dc72fd710

SHA512
6ba180110daf5d4407ce7fe9ea635677692c35495d7e20fed33b839aed9001bf576eccd93359fbaa116bb6fc3edfd2938f8d9246fccf4ee0ad2fd8ab198395a1

Download Submit
C:\Windows\System\hxGRBKJ.exe

Filesize
1.3MB

MD5
e39e3d96a93db02e3bfab99be8ad72ed

SHA1
0c033afbe8cd1a15b55a9df9c029603de03347c1

SHA256
800a7bcb1a02b40940b812111e83ade94fdf9fed4449653c01dc1d6fbe095f3b

SHA512
1d6fcc4bd0e11cbf12d65fec0633f692919852723eb41cf3d6a8b24ed7ff9d60265ed2954581181f6d62ce7a5c7e1808790ba9d6e88419089630c4ccd10eaf7c

Download Submit
C:\Windows\System\keROWwh.exe

Filesize
1.3MB

MD5
5f543b54a03fae274a08fd6fec5d0856

SHA1
3d022b107ba17c32b5f1fc97f20efd201dc7732e

SHA256
2aaa2909557b2b4200d44947fb65c34683f5fbfe8bd5c2560547b916b1eac254

SHA512
5489c0272df601c05f72fec60478ab428a0d42ba22a05e2dad1e77ebb626bd3171e5a2bf57ef34d937d25e0932bcb2ac5ca0a59b4f74fded6415ef81b050c8af

Download Submit
C:\Windows\System\kmYsdlG.exe

Filesize
1.3MB

MD5
547b977d8414fb062136f0b6a2dd3263

SHA1
2f12909973fff7c7a4dec5478000e368742fd93f

SHA256
17930db75b1181bbfbfdeaf9453b33795aaead4a2f4316150472cd5a8c138f7f

SHA512
921d2dbcb3f7e593684a6450b935246f4e5558216d38d7dc075881c35f19854694b0e74a1c1190eb571a48b81372d7ef8c881a4ff9cda77e4b016fdb71bd6804

Download Submit
C:\Windows\System\mSeotTZ.exe

Filesize
1.3MB

MD5
44e6674876b4550da686237445c1596e

SHA1
499b8a50328016aefb38e4acf23c6e321ccfea51

SHA256
734c58bc38172d4dd48f6798169c166f2de3fdc4b3e6df527168cce685949113

SHA512
e30688c6c0d2d55246cfea3ceb631affc251aee04525c90e07c9e711a87491d16bf1c3cbae3434164413e18f19daeac0705769319847e22f772d43c1f123cc33

Download Submit
C:\Windows\System\oJsOCCU.exe

Filesize
1.3MB

MD5
f430785e973807786b354ee884287de0

SHA1
219b418630b98c10abe3850930d23ae48e6277dd

SHA256
18408e048b0aa3ed682323fa36be0de58b792c1af25a52e055d253d7c4253b03

SHA512
9ef7cb890b9002c0f6d91903fd2e4839293be5b5b5b4825134cdb035cda7f56c5b29c1fc381223ee6406320ea901f1dd9284ea50aa211b8ace46fbf73cc1dce6

Download Submit
C:\Windows\System\oOWzDkQ.exe

Filesize
1.3MB

MD5
0b1fb9f7cdca8ccc391fab2d702fe0c4

SHA1
00171d46012b28e9cbe1b4e64fdd46657e8d29e9

SHA256
d54472d3361c9d9b65220e4a39490ef68d84a911783ef0822948d4b4e3333c04

SHA512
247e4c1dcce22a85ebd30d36ab8e87fcc82831e30e656c0834dc92eaf065df64e947d73b9704f91270841635d979939013594fdb82210e65295816b060370760

Download Submit
C:\Windows\System\olkZXPO.exe

Filesize
1.3MB

MD5
96f4e8ab9859746ffc0fb68569911023

SHA1
dd905bee78a6a80e5792f1a2378b50fe8943b0bc

SHA256
df855a3ab93b17c0f20f6ccd0ad581f1ec735b9648578fb3dce052df6e3261f5

SHA512
96cc33bc32dcf53094c33deac60027386e66b55eb2a2d607e6e3cac78b13e5f95d46261b5db7f4c34c8e15ef0d2faab2f60e319bfae14345991c8409d3c6fa1a

Download Submit
C:\Windows\System\ovpoRQW.exe

Filesize
1.3MB

MD5
c59fb09c873728ff7e90043c46199998

SHA1
6342a19199df589674644ef2b047dee251f5e7fc

SHA256
99d9ff695e68387d7cf2604b92138a93f74b30caeb193c26eb2204f3d3570a85

SHA512
7bd5683a9ce545eac23249ae5a3c287496cb48ea203e90bacaa8d848f46d45bb15d100eb6f48326bccee03cc6e34abeff195c78baf94a5c191c8d855342c8821

Download Submit
C:\Windows\System\pJklhPi.exe

Filesize
1.3MB

MD5
17a413602f6b4233fd3aef0593067169

SHA1
878d3a082ca2e642c741e0eae2bf49d3582845f1

SHA256
5aaac348475a81b27158b88b1685fbc5b928743b28ca9142f7493d9835f120bd

SHA512
fb2bafba6a653d18702156c2d63ea61bd06af41436fca15a4b5bb2a2655dbca697e96b8ebc36c3c659c8ac5addac43be97e816a37ed0a2312b99f80fde54cf51

Download Submit
C:\Windows\System\pgaxLGG.exe

Filesize
1.3MB

MD5
559860dd0bc75bec2bafed18e3abeff1

SHA1
59c922a16ff505af5b5ceafb5e2f9e714a0cfba9

SHA256
69a904ad280807f28bfd2d09b058047f9b5f5574e078488f7b46657a26efef13

SHA512
02d936153bdaffb686147ee091afb7f46ef011961dadab4f012d39b70e7df7697af58ff6505fe07ee7405707898ab049baa413877c4ccadb7df879fa415f4006

Download Submit
C:\Windows\System\rJHyzBU.exe

Filesize
1.3MB

MD5
4e13c92abd08fbfd4bf433852667b160

SHA1
86b8b5f90de52ce7046249cd21d59560ba2a5cc2

SHA256
079dc8fd2d1fd987822af539d21e3fc1eb7ae4f7adb269726d3228901d7910ab

SHA512
cd878852e6a74b48999660d1bb0c27d5a2815fb2ea97c7bfe2bdd66f59afa9ed890fa5955f7f4c2ebfa4c4758668fb98acfd018ab1dce8914d4db46febbc121d

Download Submit
C:\Windows\System\tHzxZDH.exe

Filesize
1.3MB

MD5
b7b06c5bd59d4a91ba4d89844e5e18e7

SHA1
1c5841d6fc85a063defa1b7b27985a155fe565d5

SHA256
f3f73c5e980d750f74064dd2adaba6615adb8263796f988dfc4fd6fdf66c3dcb

SHA512
f2f3cb04ceca5a603cacfc3ef0893714b2bf888a96c403a5be1a638df0526cac5e32a0a9bd460e28317ee90627ccaffc22b75dde52906fa4719ebfa0ec04be18

Download Submit
C:\Windows\System\wHjKEfC.exe

Filesize
1.3MB

MD5
4f204017859c608bbd2adcf1f782c506

SHA1
962962f0a5b7c4e584eddeb080d06eeb4bf8da60

SHA256
13ed48605f8f83febeeb7008ae835b6beb7a9511a1704ebe8415b729939c126b

SHA512
00fc3cf95fdc4bb4bc3b4f5b707d652031caeacba77ee580e151d6a04fb1c145d4ab43b6302aeb8e3bde4571745b6dff15c101d03919def274b7b2c3a141258c

Download Submit
C:\Windows\System\yXmFIFK.exe

Filesize
1.3MB

MD5
3f5ed32706f4a62bec9d59c9e800262b

SHA1
1427a05117124b89dd69d3e55e647e362547b551

SHA256
74cbcd0ecb7e622c18c5e0314777fae096b41a91022006ae1ee611d51cde4d7c

SHA512
052a8dff798b5cb23c940b7a85f2325cd1289af6ed8eb25e79a09cad88861eddc80833553572d7aa31b5c3a24bc20963bded000373d8b8b530ead0df47fb4ffe

Download Submit
memory/380-2253-0x00007FF6592E0000-0x00007FF659631000-memory.dmp

Filesize
3.3MB

Download
memory/380-505-0x00007FF6592E0000-0x00007FF659631000-memory.dmp

Filesize
3.3MB

Download
memory/704-2287-0x00007FF621340000-0x00007FF621691000-memory.dmp

Filesize
3.3MB

Download
memory/704-846-0x00007FF621340000-0x00007FF621691000-memory.dmp

Filesize
3.3MB

Download
memory/956-2281-0x00007FF632CE0000-0x00007FF633031000-memory.dmp

Filesize
3.3MB

Download
memory/956-779-0x00007FF632CE0000-0x00007FF633031000-memory.dmp

Filesize
3.3MB

Download
memory/1316-2259-0x00007FF6C4DF0000-0x00007FF6C5141000-memory.dmp

Filesize
3.3MB

Download
memory/1316-750-0x00007FF6C4DF0000-0x00007FF6C5141000-memory.dmp

Filesize
3.3MB

Download
memory/1320-822-0x00007FF701160000-0x00007FF7014B1000-memory.dmp

Filesize
3.3MB

Download
memory/1320-2283-0x00007FF701160000-0x00007FF7014B1000-memory.dmp

Filesize
3.3MB

Download
memory/1824-15-0x00007FF748740000-0x00007FF748A91000-memory.dmp

Filesize
3.3MB

Download
memory/1824-2168-0x00007FF748740000-0x00007FF748A91000-memory.dmp

Filesize
3.3MB

Download
memory/1824-2236-0x00007FF748740000-0x00007FF748A91000-memory.dmp

Filesize
3.3MB

Download
memory/2252-689-0x00007FF7B9970000-0x00007FF7B9CC1000-memory.dmp

Filesize
3.3MB

Download
memory/2252-2261-0x00007FF7B9970000-0x00007FF7B9CC1000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2273-0x00007FF7C9F40000-0x00007FF7CA291000-memory.dmp

Filesize
3.3MB

Download
memory/2312-548-0x00007FF7C9F40000-0x00007FF7CA291000-memory.dmp

Filesize
3.3MB

Download
memory/2344-1-0x0000027EC1CA0000-0x0000027EC1CB0000-memory.dmp

Filesize
64KB

Download
memory/2344-0-0x00007FF6B6B60000-0x00007FF6B6EB1000-memory.dmp

Filesize
3.3MB

Download
memory/2388-802-0x00007FF7656F0000-0x00007FF765A41000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2257-0x00007FF7656F0000-0x00007FF765A41000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2267-0x00007FF61E4D0000-0x00007FF61E821000-memory.dmp

Filesize
3.3MB

Download
memory/2696-587-0x00007FF61E4D0000-0x00007FF61E821000-memory.dmp

Filesize
3.3MB

Download
memory/2704-839-0x00007FF6E7410000-0x00007FF6E7761000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2285-0x00007FF6E7410000-0x00007FF6E7761000-memory.dmp

Filesize
3.3MB

Download
memory/2732-629-0x00007FF6A1040000-0x00007FF6A1391000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2269-0x00007FF6A1040000-0x00007FF6A1391000-memory.dmp

Filesize
3.3MB

Download
memory/2768-44-0x00007FF6CB5E0000-0x00007FF6CB931000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2207-0x00007FF6CB5E0000-0x00007FF6CB931000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2243-0x00007FF6CB5E0000-0x00007FF6CB931000-memory.dmp

Filesize
3.3MB

Download
memory/2908-634-0x00007FF7B0410000-0x00007FF7B0761000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2265-0x00007FF7B0410000-0x00007FF7B0761000-memory.dmp

Filesize
3.3MB

Download
memory/2940-477-0x00007FF69E910000-0x00007FF69EC61000-memory.dmp

Filesize
3.3MB

Download
memory/2940-2247-0x00007FF69E910000-0x00007FF69EC61000-memory.dmp

Filesize
3.3MB

Download
memory/3208-49-0x00007FF6B6A00000-0x00007FF6B6D51000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2239-0x00007FF6B6A00000-0x00007FF6B6D51000-memory.dmp

Filesize
3.3MB

Download
memory/3236-2275-0x00007FF6970C0000-0x00007FF697411000-memory.dmp

Filesize
3.3MB

Download
memory/3236-538-0x00007FF6970C0000-0x00007FF697411000-memory.dmp

Filesize
3.3MB

Download
memory/3468-2241-0x00007FF7CB330000-0x00007FF7CB681000-memory.dmp

Filesize
3.3MB

Download
memory/3468-43-0x00007FF7CB330000-0x00007FF7CB681000-memory.dmp

Filesize
3.3MB

Download
memory/3668-2202-0x00007FF658490000-0x00007FF6587E1000-memory.dmp

Filesize
3.3MB

Download
memory/3668-38-0x00007FF658490000-0x00007FF6587E1000-memory.dmp

Filesize
3.3MB

Download
memory/3668-2237-0x00007FF658490000-0x00007FF6587E1000-memory.dmp

Filesize
3.3MB

Download
memory/3820-2263-0x00007FF6D3580000-0x00007FF6D38D1000-memory.dmp

Filesize
3.3MB

Download
memory/3820-751-0x00007FF6D3580000-0x00007FF6D38D1000-memory.dmp

Filesize
3.3MB

Download
memory/3904-2251-0x00007FF6616F0000-0x00007FF661A41000-memory.dmp

Filesize
3.3MB

Download
memory/3904-500-0x00007FF6616F0000-0x00007FF661A41000-memory.dmp

Filesize
3.3MB

Download
memory/4240-824-0x00007FF617BB0000-0x00007FF617F01000-memory.dmp

Filesize
3.3MB

Download
memory/4240-2277-0x00007FF617BB0000-0x00007FF617F01000-memory.dmp

Filesize
3.3MB

Download
memory/4300-13-0x00007FF79B850000-0x00007FF79BBA1000-memory.dmp

Filesize
3.3MB

Download
memory/4300-2231-0x00007FF79B850000-0x00007FF79BBA1000-memory.dmp

Filesize
3.3MB

Download
memory/4576-2233-0x00007FF6C7FE0000-0x00007FF6C8331000-memory.dmp

Filesize
3.3MB

Download
memory/4576-16-0x00007FF6C7FE0000-0x00007FF6C8331000-memory.dmp

Filesize
3.3MB

Download
memory/4576-2201-0x00007FF6C7FE0000-0x00007FF6C8331000-memory.dmp

Filesize
3.3MB

Download
memory/4692-833-0x00007FF62F820000-0x00007FF62FB71000-memory.dmp

Filesize
3.3MB

Download
memory/4692-2279-0x00007FF62F820000-0x00007FF62FB71000-memory.dmp

Filesize
3.3MB

Download
memory/4712-512-0x00007FF708C50000-0x00007FF708FA1000-memory.dmp

Filesize
3.3MB

Download
memory/4712-2271-0x00007FF708C50000-0x00007FF708FA1000-memory.dmp

Filesize
3.3MB

Download
memory/4784-803-0x00007FF74D260000-0x00007FF74D5B1000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2255-0x00007FF74D260000-0x00007FF74D5B1000-memory.dmp

Filesize
3.3MB

Download
memory/4860-2208-0x00007FF62D940000-0x00007FF62DC91000-memory.dmp

Filesize
3.3MB

Download
memory/4860-50-0x00007FF62D940000-0x00007FF62DC91000-memory.dmp

Filesize
3.3MB

Download
memory/4860-2245-0x00007FF62D940000-0x00007FF62DC91000-memory.dmp

Filesize
3.3MB

Download
memory/5064-479-0x00007FF63D910000-0x00007FF63DC61000-memory.dmp

Filesize
3.3MB

Download
memory/5064-2249-0x00007FF63D910000-0x00007FF63DC61000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads