xmrig | 01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7

Analysis

max time kernel
146s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 18:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
Size

2.1MB
MD5

07d36d947ddeb52bfe279fdef794a074
SHA1

742be35abfb6e36cbb62ae7c8abda81613d694fd
SHA256

01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7
SHA512

5a7bf6c509cdd3c75766f8b9e5be6e9e1aa852e1e294b2e5fdedd17e9c109cfc9946fc71dc51e00264c18a0b9b50017ab43995136ecc9ef7d6288f3992698da4
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQlqOdgWqDp6:BemTLkNdfE0pZrQx

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/1688-0-0x00007FF7D2AF0000-0x00007FF7D2E44000-memory.dmp	UPX
behavioral2/files/0x000b00000002345d-5.dat	UPX
behavioral2/files/0x0007000000023466-12.dat	UPX
behavioral2/files/0x000700000002346e-47.dat	UPX
behavioral2/files/0x0007000000023481-146.dat	UPX
behavioral2/memory/3108-171-0x00007FF742510000-0x00007FF742864000-memory.dmp	UPX
behavioral2/memory/3740-182-0x00007FF60C980000-0x00007FF60CCD4000-memory.dmp	UPX
behavioral2/memory/748-195-0x00007FF76CEC0000-0x00007FF76D214000-memory.dmp	UPX
behavioral2/memory/2056-203-0x00007FF611FF0000-0x00007FF612344000-memory.dmp	UPX
behavioral2/memory/736-202-0x00007FF6C8F30000-0x00007FF6C9284000-memory.dmp	UPX
behavioral2/memory/4116-201-0x00007FF7456E0000-0x00007FF745A34000-memory.dmp	UPX
behavioral2/memory/2984-200-0x00007FF7B4230000-0x00007FF7B4584000-memory.dmp	UPX
behavioral2/memory/2112-199-0x00007FF71B0C0000-0x00007FF71B414000-memory.dmp	UPX
behavioral2/memory/4104-198-0x00007FF6903D0000-0x00007FF690724000-memory.dmp	UPX
behavioral2/memory/1632-197-0x00007FF7B16A0000-0x00007FF7B19F4000-memory.dmp	UPX
behavioral2/memory/1808-196-0x00007FF7AFE70000-0x00007FF7B01C4000-memory.dmp	UPX
behavioral2/memory/384-194-0x00007FF78F330000-0x00007FF78F684000-memory.dmp	UPX
behavioral2/memory/3776-193-0x00007FF63BF10000-0x00007FF63C264000-memory.dmp	UPX
behavioral2/memory/1192-192-0x00007FF68B260000-0x00007FF68B5B4000-memory.dmp	UPX
behavioral2/memory/1052-191-0x00007FF7A3530000-0x00007FF7A3884000-memory.dmp	UPX
behavioral2/memory/3552-190-0x00007FF7B6F60000-0x00007FF7B72B4000-memory.dmp	UPX
behavioral2/memory/400-188-0x00007FF65EE40000-0x00007FF65F194000-memory.dmp	UPX
behavioral2/memory/2024-187-0x00007FF7FD290000-0x00007FF7FD5E4000-memory.dmp	UPX
behavioral2/memory/3668-181-0x00007FF622890000-0x00007FF622BE4000-memory.dmp	UPX
behavioral2/files/0x0007000000023480-176.dat	UPX
behavioral2/files/0x0007000000023484-175.dat	UPX
behavioral2/files/0x000700000002347f-173.dat	UPX
behavioral2/memory/4632-172-0x00007FF6A0E60000-0x00007FF6A11B4000-memory.dmp	UPX
behavioral2/files/0x0007000000023487-170.dat	UPX
behavioral2/files/0x000700000002347e-168.dat	UPX
behavioral2/files/0x000700000002347d-166.dat	UPX
behavioral2/files/0x000700000002347c-164.dat	UPX
behavioral2/files/0x000700000002347b-162.dat	UPX
behavioral2/files/0x0007000000023486-161.dat	UPX
behavioral2/files/0x0007000000023485-160.dat	UPX
behavioral2/files/0x0008000000023463-159.dat	UPX
behavioral2/files/0x0007000000023478-156.dat	UPX
behavioral2/files/0x0007000000023474-155.dat	UPX
behavioral2/memory/628-152-0x00007FF6627B0000-0x00007FF662B04000-memory.dmp	UPX
behavioral2/files/0x0007000000023483-151.dat	UPX
behavioral2/files/0x0007000000023477-148.dat	UPX
behavioral2/files/0x0007000000023482-147.dat	UPX
behavioral2/files/0x0007000000023475-133.dat	UPX
behavioral2/files/0x0007000000023470-129.dat	UPX
behavioral2/memory/3412-127-0x00007FF6F5000000-0x00007FF6F5354000-memory.dmp	UPX
behavioral2/memory/2544-126-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp	UPX
behavioral2/files/0x0007000000023473-124.dat	UPX
behavioral2/files/0x000700000002347a-116.dat	UPX
behavioral2/files/0x0007000000023476-113.dat	UPX
behavioral2/files/0x0007000000023479-112.dat	UPX
behavioral2/files/0x0007000000023472-103.dat	UPX
behavioral2/files/0x0007000000023471-101.dat	UPX
behavioral2/files/0x000700000002346c-94.dat	UPX
behavioral2/memory/1376-91-0x00007FF6A0660000-0x00007FF6A09B4000-memory.dmp	UPX
behavioral2/files/0x000700000002346d-79.dat	UPX
behavioral2/files/0x000700000002346f-97.dat	UPX
behavioral2/memory/1556-68-0x00007FF7E9460000-0x00007FF7E97B4000-memory.dmp	UPX
behavioral2/files/0x000700000002346a-62.dat	UPX
behavioral2/files/0x000700000002346b-54.dat	UPX
behavioral2/files/0x0007000000023469-70.dat	UPX
behavioral2/memory/4280-51-0x00007FF687000000-0x00007FF687354000-memory.dmp	UPX
behavioral2/memory/456-30-0x00007FF6D4960000-0x00007FF6D4CB4000-memory.dmp	UPX
behavioral2/files/0x0007000000023468-39.dat	UPX
behavioral2/memory/3944-21-0x00007FF7FCFC0000-0x00007FF7FD314000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1688-0-0x00007FF7D2AF0000-0x00007FF7D2E44000-memory.dmp	xmrig
behavioral2/files/0x000b00000002345d-5.dat	xmrig
behavioral2/files/0x0007000000023466-12.dat	xmrig
behavioral2/files/0x000700000002346e-47.dat	xmrig
behavioral2/files/0x0007000000023481-146.dat	xmrig
behavioral2/memory/3108-171-0x00007FF742510000-0x00007FF742864000-memory.dmp	xmrig
behavioral2/memory/3740-182-0x00007FF60C980000-0x00007FF60CCD4000-memory.dmp	xmrig
behavioral2/memory/748-195-0x00007FF76CEC0000-0x00007FF76D214000-memory.dmp	xmrig
behavioral2/memory/2056-203-0x00007FF611FF0000-0x00007FF612344000-memory.dmp	xmrig
behavioral2/memory/736-202-0x00007FF6C8F30000-0x00007FF6C9284000-memory.dmp	xmrig
behavioral2/memory/4116-201-0x00007FF7456E0000-0x00007FF745A34000-memory.dmp	xmrig
behavioral2/memory/2984-200-0x00007FF7B4230000-0x00007FF7B4584000-memory.dmp	xmrig
behavioral2/memory/2112-199-0x00007FF71B0C0000-0x00007FF71B414000-memory.dmp	xmrig
behavioral2/memory/4104-198-0x00007FF6903D0000-0x00007FF690724000-memory.dmp	xmrig
behavioral2/memory/1632-197-0x00007FF7B16A0000-0x00007FF7B19F4000-memory.dmp	xmrig
behavioral2/memory/1808-196-0x00007FF7AFE70000-0x00007FF7B01C4000-memory.dmp	xmrig
behavioral2/memory/384-194-0x00007FF78F330000-0x00007FF78F684000-memory.dmp	xmrig
behavioral2/memory/3776-193-0x00007FF63BF10000-0x00007FF63C264000-memory.dmp	xmrig
behavioral2/memory/1192-192-0x00007FF68B260000-0x00007FF68B5B4000-memory.dmp	xmrig
behavioral2/memory/1052-191-0x00007FF7A3530000-0x00007FF7A3884000-memory.dmp	xmrig
behavioral2/memory/3552-190-0x00007FF7B6F60000-0x00007FF7B72B4000-memory.dmp	xmrig
behavioral2/memory/400-188-0x00007FF65EE40000-0x00007FF65F194000-memory.dmp	xmrig
behavioral2/memory/2024-187-0x00007FF7FD290000-0x00007FF7FD5E4000-memory.dmp	xmrig
behavioral2/memory/3668-181-0x00007FF622890000-0x00007FF622BE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023480-176.dat	xmrig
behavioral2/files/0x0007000000023484-175.dat	xmrig
behavioral2/files/0x000700000002347f-173.dat	xmrig
behavioral2/memory/4632-172-0x00007FF6A0E60000-0x00007FF6A11B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023487-170.dat	xmrig
behavioral2/files/0x000700000002347e-168.dat	xmrig
behavioral2/files/0x000700000002347d-166.dat	xmrig
behavioral2/files/0x000700000002347c-164.dat	xmrig
behavioral2/files/0x000700000002347b-162.dat	xmrig
behavioral2/files/0x0007000000023486-161.dat	xmrig
behavioral2/files/0x0007000000023485-160.dat	xmrig
behavioral2/files/0x0008000000023463-159.dat	xmrig
behavioral2/files/0x0007000000023478-156.dat	xmrig
behavioral2/files/0x0007000000023474-155.dat	xmrig
behavioral2/memory/628-152-0x00007FF6627B0000-0x00007FF662B04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023483-151.dat	xmrig
behavioral2/files/0x0007000000023477-148.dat	xmrig
behavioral2/files/0x0007000000023482-147.dat	xmrig
behavioral2/files/0x0007000000023475-133.dat	xmrig
behavioral2/files/0x0007000000023470-129.dat	xmrig
behavioral2/memory/3412-127-0x00007FF6F5000000-0x00007FF6F5354000-memory.dmp	xmrig
behavioral2/memory/2544-126-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp	xmrig
behavioral2/files/0x0007000000023473-124.dat	xmrig
behavioral2/files/0x000700000002347a-116.dat	xmrig
behavioral2/files/0x0007000000023476-113.dat	xmrig
behavioral2/files/0x0007000000023479-112.dat	xmrig
behavioral2/files/0x0007000000023472-103.dat	xmrig
behavioral2/files/0x0007000000023471-101.dat	xmrig
behavioral2/files/0x000700000002346c-94.dat	xmrig
behavioral2/memory/1376-91-0x00007FF6A0660000-0x00007FF6A09B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002346d-79.dat	xmrig
behavioral2/files/0x000700000002346f-97.dat	xmrig
behavioral2/memory/1556-68-0x00007FF7E9460000-0x00007FF7E97B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002346a-62.dat	xmrig
behavioral2/files/0x000700000002346b-54.dat	xmrig
behavioral2/files/0x0007000000023469-70.dat	xmrig
behavioral2/memory/4280-51-0x00007FF687000000-0x00007FF687354000-memory.dmp	xmrig
behavioral2/memory/456-30-0x00007FF6D4960000-0x00007FF6D4CB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023468-39.dat	xmrig
behavioral2/memory/3944-21-0x00007FF7FCFC0000-0x00007FF7FD314000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4876	FgiNKIq.exe
3944	vKdKOge.exe
456	hRcZaHg.exe
4104	QfMRMAx.exe
2112	PWpMTOe.exe
4280	ZpzGTLr.exe
1556	mTjAAKq.exe
1376	WjpjCeb.exe
2984	CAEmxWt.exe
2544	yuXdPjW.exe
3412	gSoGYWR.exe
628	YgtDuVt.exe
3108	kMJVjOB.exe
4116	WXQnnNi.exe
4632	AitJVqR.exe
3668	jDSrqNX.exe
3740	Ixipurk.exe
2024	OfAGvlX.exe
400	vDIqRHP.exe
736	SxntZZZ.exe
3552	UORYBsU.exe
1052	cUlbSOD.exe
1192	jBwWmrq.exe
3776	jUKUcrQ.exe
384	KYGiVxd.exe
748	VAfUvxx.exe
2056	JswPVsK.exe
1808	CgtUqmX.exe
1632	onaySIi.exe
2080	zMPDGsE.exe
4372	Tyhityc.exe
2264	CQGMHKv.exe
5080	iOjBEmj.exe
2956	SZPJmGv.exe
2640	nyetbSl.exe
3732	nnOhCeL.exe
3520	ismmcRJ.exe
2996	HUSOTgW.exe
1580	SLWSNnt.exe
1652	sJkjQbv.exe
1072	iQVzVet.exe
1488	sIDMDvs.exe
1056	APzFJCG.exe
4080	kuOGbRC.exe
968	IVcUWrC.exe
2788	MFMACie.exe
464	vcGdlma.exe
3980	MScYgOB.exe
2528	lesPsqC.exe
1184	mFaFoUE.exe
4468	OcFgwki.exe
4828	DeIsuUr.exe
4376	sXbgviX.exe
536	rcaplDe.exe
1008	OlFuLID.exe
2908	uGKhBiY.exe
3360	JZnqZPM.exe
4452	LQXdQCC.exe
4300	EjGeGSm.exe
4228	hcEqubW.exe
1388	FROHAqf.exe
4848	vsdnVAo.exe
4716	oQgfLfu.exe
208	xxWmHQH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1688-0-0x00007FF7D2AF0000-0x00007FF7D2E44000-memory.dmp	upx
behavioral2/files/0x000b00000002345d-5.dat	upx
behavioral2/files/0x0007000000023466-12.dat	upx
behavioral2/files/0x000700000002346e-47.dat	upx
behavioral2/files/0x0007000000023481-146.dat	upx
behavioral2/memory/3108-171-0x00007FF742510000-0x00007FF742864000-memory.dmp	upx
behavioral2/memory/3740-182-0x00007FF60C980000-0x00007FF60CCD4000-memory.dmp	upx
behavioral2/memory/748-195-0x00007FF76CEC0000-0x00007FF76D214000-memory.dmp	upx
behavioral2/memory/2056-203-0x00007FF611FF0000-0x00007FF612344000-memory.dmp	upx
behavioral2/memory/736-202-0x00007FF6C8F30000-0x00007FF6C9284000-memory.dmp	upx
behavioral2/memory/4116-201-0x00007FF7456E0000-0x00007FF745A34000-memory.dmp	upx
behavioral2/memory/2984-200-0x00007FF7B4230000-0x00007FF7B4584000-memory.dmp	upx
behavioral2/memory/2112-199-0x00007FF71B0C0000-0x00007FF71B414000-memory.dmp	upx
behavioral2/memory/4104-198-0x00007FF6903D0000-0x00007FF690724000-memory.dmp	upx
behavioral2/memory/1632-197-0x00007FF7B16A0000-0x00007FF7B19F4000-memory.dmp	upx
behavioral2/memory/1808-196-0x00007FF7AFE70000-0x00007FF7B01C4000-memory.dmp	upx
behavioral2/memory/384-194-0x00007FF78F330000-0x00007FF78F684000-memory.dmp	upx
behavioral2/memory/3776-193-0x00007FF63BF10000-0x00007FF63C264000-memory.dmp	upx
behavioral2/memory/1192-192-0x00007FF68B260000-0x00007FF68B5B4000-memory.dmp	upx
behavioral2/memory/1052-191-0x00007FF7A3530000-0x00007FF7A3884000-memory.dmp	upx
behavioral2/memory/3552-190-0x00007FF7B6F60000-0x00007FF7B72B4000-memory.dmp	upx
behavioral2/memory/400-188-0x00007FF65EE40000-0x00007FF65F194000-memory.dmp	upx
behavioral2/memory/2024-187-0x00007FF7FD290000-0x00007FF7FD5E4000-memory.dmp	upx
behavioral2/memory/3668-181-0x00007FF622890000-0x00007FF622BE4000-memory.dmp	upx
behavioral2/files/0x0007000000023480-176.dat	upx
behavioral2/files/0x0007000000023484-175.dat	upx
behavioral2/files/0x000700000002347f-173.dat	upx
behavioral2/memory/4632-172-0x00007FF6A0E60000-0x00007FF6A11B4000-memory.dmp	upx
behavioral2/files/0x0007000000023487-170.dat	upx
behavioral2/files/0x000700000002347e-168.dat	upx
behavioral2/files/0x000700000002347d-166.dat	upx
behavioral2/files/0x000700000002347c-164.dat	upx
behavioral2/files/0x000700000002347b-162.dat	upx
behavioral2/files/0x0007000000023486-161.dat	upx
behavioral2/files/0x0007000000023485-160.dat	upx
behavioral2/files/0x0008000000023463-159.dat	upx
behavioral2/files/0x0007000000023478-156.dat	upx
behavioral2/files/0x0007000000023474-155.dat	upx
behavioral2/memory/628-152-0x00007FF6627B0000-0x00007FF662B04000-memory.dmp	upx
behavioral2/files/0x0007000000023483-151.dat	upx
behavioral2/files/0x0007000000023477-148.dat	upx
behavioral2/files/0x0007000000023482-147.dat	upx
behavioral2/files/0x0007000000023475-133.dat	upx
behavioral2/files/0x0007000000023470-129.dat	upx
behavioral2/memory/3412-127-0x00007FF6F5000000-0x00007FF6F5354000-memory.dmp	upx
behavioral2/memory/2544-126-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp	upx
behavioral2/files/0x0007000000023473-124.dat	upx
behavioral2/files/0x000700000002347a-116.dat	upx
behavioral2/files/0x0007000000023476-113.dat	upx
behavioral2/files/0x0007000000023479-112.dat	upx
behavioral2/files/0x0007000000023472-103.dat	upx
behavioral2/files/0x0007000000023471-101.dat	upx
behavioral2/files/0x000700000002346c-94.dat	upx
behavioral2/memory/1376-91-0x00007FF6A0660000-0x00007FF6A09B4000-memory.dmp	upx
behavioral2/files/0x000700000002346d-79.dat	upx
behavioral2/files/0x000700000002346f-97.dat	upx
behavioral2/memory/1556-68-0x00007FF7E9460000-0x00007FF7E97B4000-memory.dmp	upx
behavioral2/files/0x000700000002346a-62.dat	upx
behavioral2/files/0x000700000002346b-54.dat	upx
behavioral2/files/0x0007000000023469-70.dat	upx
behavioral2/memory/4280-51-0x00007FF687000000-0x00007FF687354000-memory.dmp	upx
behavioral2/memory/456-30-0x00007FF6D4960000-0x00007FF6D4CB4000-memory.dmp	upx
behavioral2/files/0x0007000000023468-39.dat	upx
behavioral2/memory/3944-21-0x00007FF7FCFC0000-0x00007FF7FD314000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jgXlNEM.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\BZAOvmB.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\mmhwNRa.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\Nvjgjor.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\PkJCIdk.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\ccKnaFb.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\Azjafgq.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\RYQjSqg.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\QcinCuv.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\ZPvbwvc.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\iKiyful.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\zhIaIct.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\ZvjbtOx.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\bzQrokY.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\ZGWrEFe.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\PZgFlCr.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\cUlbSOD.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\ODCMIIa.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\UCsaLCq.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\IQuafQt.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\UYvHevp.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\inoarqO.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\LTmUaCe.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\krVklBI.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\oLDFVSe.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\yOXgytW.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\cANOYzX.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\xXBseAb.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\bcRTXBA.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\ZqMDLPQ.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\RPfnCuW.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\onaySIi.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\fVmZZEC.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\LPNTrZV.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\FkwYLWb.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\FeLMzUr.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\NIslORB.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\MmMAaeF.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\fWHMHCL.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\GcPFYEr.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\FZMWaCR.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\VTnHDcB.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\IdZsAUC.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\LjxwaQB.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\NYBMNwO.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\VzxsDvF.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\LfSfQTk.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\RcLXNUH.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\SqKkIlR.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\qgOHfnt.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\vKdKOge.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\MFMACie.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\ozMXPga.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\XtNjxYU.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\UosjdZy.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\TTOOaHR.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\jXjudNj.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\jBwWmrq.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\ymsHRWx.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\wHoqvAt.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\BcWvgCL.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\tsKtieH.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\iQVzVet.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
File created	C:\Windows\System\xxWmHQH.exe	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6684	dwm.exe
Token: SeChangeNotifyPrivilege	6684	dwm.exe
Token: 33	6684	dwm.exe
Token: SeIncBasePriorityPrivilege	6684	dwm.exe
Token: SeShutdownPrivilege	6684	dwm.exe
Token: SeCreatePagefilePrivilege	6684	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 4876	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	83
PID 1688 wrote to memory of 4876	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	83
PID 1688 wrote to memory of 3944	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	84
PID 1688 wrote to memory of 3944	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	84
PID 1688 wrote to memory of 456	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	85
PID 1688 wrote to memory of 456	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	85
PID 1688 wrote to memory of 4104	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	86
PID 1688 wrote to memory of 4104	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	86
PID 1688 wrote to memory of 2112	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	87
PID 1688 wrote to memory of 2112	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	87
PID 1688 wrote to memory of 4280	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	88
PID 1688 wrote to memory of 4280	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	88
PID 1688 wrote to memory of 1556	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	89
PID 1688 wrote to memory of 1556	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	89
PID 1688 wrote to memory of 1376	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	90
PID 1688 wrote to memory of 1376	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	90
PID 1688 wrote to memory of 2984	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	91
PID 1688 wrote to memory of 2984	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	91
PID 1688 wrote to memory of 2544	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	92
PID 1688 wrote to memory of 2544	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	92
PID 1688 wrote to memory of 3412	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	93
PID 1688 wrote to memory of 3412	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	93
PID 1688 wrote to memory of 3668	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	94
PID 1688 wrote to memory of 3668	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	94
PID 1688 wrote to memory of 628	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	95
PID 1688 wrote to memory of 628	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	95
PID 1688 wrote to memory of 3108	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	96
PID 1688 wrote to memory of 3108	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	96
PID 1688 wrote to memory of 4116	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	97
PID 1688 wrote to memory of 4116	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	97
PID 1688 wrote to memory of 4632	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	98
PID 1688 wrote to memory of 4632	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	98
PID 1688 wrote to memory of 3740	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	99
PID 1688 wrote to memory of 3740	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	99
PID 1688 wrote to memory of 2024	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	100
PID 1688 wrote to memory of 2024	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	100
PID 1688 wrote to memory of 400	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	101
PID 1688 wrote to memory of 400	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	101
PID 1688 wrote to memory of 736	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	102
PID 1688 wrote to memory of 736	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	102
PID 1688 wrote to memory of 3552	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	103
PID 1688 wrote to memory of 3552	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	103
PID 1688 wrote to memory of 1052	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	104
PID 1688 wrote to memory of 1052	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	104
PID 1688 wrote to memory of 1192	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	105
PID 1688 wrote to memory of 1192	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	105
PID 1688 wrote to memory of 3776	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	106
PID 1688 wrote to memory of 3776	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	106
PID 1688 wrote to memory of 384	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	107
PID 1688 wrote to memory of 384	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	107
PID 1688 wrote to memory of 748	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	108
PID 1688 wrote to memory of 748	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	108
PID 1688 wrote to memory of 2056	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	109
PID 1688 wrote to memory of 2056	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	109
PID 1688 wrote to memory of 1808	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	110
PID 1688 wrote to memory of 1808	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	110
PID 1688 wrote to memory of 1632	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	111
PID 1688 wrote to memory of 1632	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	111
PID 1688 wrote to memory of 2080	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	112
PID 1688 wrote to memory of 2080	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	112
PID 1688 wrote to memory of 4372	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	113
PID 1688 wrote to memory of 4372	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	113
PID 1688 wrote to memory of 3732	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	114
PID 1688 wrote to memory of 3732	1688	01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe	114

C:\Users\Admin\AppData\Local\Temp\01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe
"C:\Users\Admin\AppData\Local\Temp\01a6d164518138616ef368ec0b0a3c4d03166827ed702fbd10449dc5743149b7.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\System\FgiNKIq.exe
  C:\Windows\System\FgiNKIq.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\vKdKOge.exe
  C:\Windows\System\vKdKOge.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\hRcZaHg.exe
  C:\Windows\System\hRcZaHg.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\QfMRMAx.exe
  C:\Windows\System\QfMRMAx.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\PWpMTOe.exe
  C:\Windows\System\PWpMTOe.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\ZpzGTLr.exe
  C:\Windows\System\ZpzGTLr.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\mTjAAKq.exe
  C:\Windows\System\mTjAAKq.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\WjpjCeb.exe
  C:\Windows\System\WjpjCeb.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\CAEmxWt.exe
  C:\Windows\System\CAEmxWt.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\yuXdPjW.exe
  C:\Windows\System\yuXdPjW.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\gSoGYWR.exe
  C:\Windows\System\gSoGYWR.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\jDSrqNX.exe
  C:\Windows\System\jDSrqNX.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\YgtDuVt.exe
  C:\Windows\System\YgtDuVt.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\kMJVjOB.exe
  C:\Windows\System\kMJVjOB.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\WXQnnNi.exe
  C:\Windows\System\WXQnnNi.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\AitJVqR.exe
  C:\Windows\System\AitJVqR.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\Ixipurk.exe
  C:\Windows\System\Ixipurk.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\OfAGvlX.exe
  C:\Windows\System\OfAGvlX.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\vDIqRHP.exe
  C:\Windows\System\vDIqRHP.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\SxntZZZ.exe
  C:\Windows\System\SxntZZZ.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\UORYBsU.exe
  C:\Windows\System\UORYBsU.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\cUlbSOD.exe
  C:\Windows\System\cUlbSOD.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\jBwWmrq.exe
  C:\Windows\System\jBwWmrq.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\jUKUcrQ.exe
  C:\Windows\System\jUKUcrQ.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\KYGiVxd.exe
  C:\Windows\System\KYGiVxd.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\VAfUvxx.exe
  C:\Windows\System\VAfUvxx.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\JswPVsK.exe
  C:\Windows\System\JswPVsK.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\CgtUqmX.exe
  C:\Windows\System\CgtUqmX.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\onaySIi.exe
  C:\Windows\System\onaySIi.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\zMPDGsE.exe
  C:\Windows\System\zMPDGsE.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\Tyhityc.exe
  C:\Windows\System\Tyhityc.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\nnOhCeL.exe
  C:\Windows\System\nnOhCeL.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\CQGMHKv.exe
  C:\Windows\System\CQGMHKv.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\iOjBEmj.exe
  C:\Windows\System\iOjBEmj.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\SZPJmGv.exe
  C:\Windows\System\SZPJmGv.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\nyetbSl.exe
  C:\Windows\System\nyetbSl.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ismmcRJ.exe
  C:\Windows\System\ismmcRJ.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\HUSOTgW.exe
  C:\Windows\System\HUSOTgW.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\SLWSNnt.exe
  C:\Windows\System\SLWSNnt.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\sJkjQbv.exe
  C:\Windows\System\sJkjQbv.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\iQVzVet.exe
  C:\Windows\System\iQVzVet.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\sIDMDvs.exe
  C:\Windows\System\sIDMDvs.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\APzFJCG.exe
  C:\Windows\System\APzFJCG.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\kuOGbRC.exe
  C:\Windows\System\kuOGbRC.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\IVcUWrC.exe
  C:\Windows\System\IVcUWrC.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\MFMACie.exe
  C:\Windows\System\MFMACie.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\vcGdlma.exe
  C:\Windows\System\vcGdlma.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\MScYgOB.exe
  C:\Windows\System\MScYgOB.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\lesPsqC.exe
  C:\Windows\System\lesPsqC.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\mFaFoUE.exe
  C:\Windows\System\mFaFoUE.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\OcFgwki.exe
  C:\Windows\System\OcFgwki.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\DeIsuUr.exe
  C:\Windows\System\DeIsuUr.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\sXbgviX.exe
  C:\Windows\System\sXbgviX.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\OlFuLID.exe
  C:\Windows\System\OlFuLID.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\rcaplDe.exe
  C:\Windows\System\rcaplDe.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\uGKhBiY.exe
  C:\Windows\System\uGKhBiY.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\JZnqZPM.exe
  C:\Windows\System\JZnqZPM.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\LQXdQCC.exe
  C:\Windows\System\LQXdQCC.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\EjGeGSm.exe
  C:\Windows\System\EjGeGSm.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\hcEqubW.exe
  C:\Windows\System\hcEqubW.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\FROHAqf.exe
  C:\Windows\System\FROHAqf.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\oQgfLfu.exe
  C:\Windows\System\oQgfLfu.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\vsdnVAo.exe
  C:\Windows\System\vsdnVAo.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\xxWmHQH.exe
  C:\Windows\System\xxWmHQH.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\FeLMzUr.exe
  C:\Windows\System\FeLMzUr.exe
  2⤵
  PID:3644
- C:\Windows\System\cNvWMHp.exe
  C:\Windows\System\cNvWMHp.exe
  2⤵
  PID:2184
- C:\Windows\System\ODCMIIa.exe
  C:\Windows\System\ODCMIIa.exe
  2⤵
  PID:2636
- C:\Windows\System\kQBSZyH.exe
  C:\Windows\System\kQBSZyH.exe
  2⤵
  PID:1500
- C:\Windows\System\cIqVZzF.exe
  C:\Windows\System\cIqVZzF.exe
  2⤵
  PID:5028
- C:\Windows\System\ZnVbWsI.exe
  C:\Windows\System\ZnVbWsI.exe
  2⤵
  PID:1892
- C:\Windows\System\pnCJLCC.exe
  C:\Windows\System\pnCJLCC.exe
  2⤵
  PID:2540
- C:\Windows\System\jUZwNWT.exe
  C:\Windows\System\jUZwNWT.exe
  2⤵
  PID:1124
- C:\Windows\System\sLDGuqM.exe
  C:\Windows\System\sLDGuqM.exe
  2⤵
  PID:3388
- C:\Windows\System\WOvfyze.exe
  C:\Windows\System\WOvfyze.exe
  2⤵
  PID:4000
- C:\Windows\System\hDzEClQ.exe
  C:\Windows\System\hDzEClQ.exe
  2⤵
  PID:928
- C:\Windows\System\RCxJHaO.exe
  C:\Windows\System\RCxJHaO.exe
  2⤵
  PID:4044
- C:\Windows\System\voLfrTo.exe
  C:\Windows\System\voLfrTo.exe
  2⤵
  PID:2068
- C:\Windows\System\dJAGlLf.exe
  C:\Windows\System\dJAGlLf.exe
  2⤵
  PID:3648
- C:\Windows\System\aiLvkcy.exe
  C:\Windows\System\aiLvkcy.exe
  2⤵
  PID:4952
- C:\Windows\System\hjEffXv.exe
  C:\Windows\System\hjEffXv.exe
  2⤵
  PID:1980
- C:\Windows\System\xfgsrKK.exe
  C:\Windows\System\xfgsrKK.exe
  2⤵
  PID:3996
- C:\Windows\System\yzWxMQF.exe
  C:\Windows\System\yzWxMQF.exe
  2⤵
  PID:4328
- C:\Windows\System\inoarqO.exe
  C:\Windows\System\inoarqO.exe
  2⤵
  PID:2164
- C:\Windows\System\WnXOwdJ.exe
  C:\Windows\System\WnXOwdJ.exe
  2⤵
  PID:3780
- C:\Windows\System\ErWzwAd.exe
  C:\Windows\System\ErWzwAd.exe
  2⤵
  PID:4564
- C:\Windows\System\ymsHRWx.exe
  C:\Windows\System\ymsHRWx.exe
  2⤵
  PID:4224
- C:\Windows\System\tGqfTMT.exe
  C:\Windows\System\tGqfTMT.exe
  2⤵
  PID:3852
- C:\Windows\System\MkFDycO.exe
  C:\Windows\System\MkFDycO.exe
  2⤵
  PID:2344
- C:\Windows\System\LrcefiO.exe
  C:\Windows\System\LrcefiO.exe
  2⤵
  PID:1352
- C:\Windows\System\rxsXVWx.exe
  C:\Windows\System\rxsXVWx.exe
  2⤵
  PID:4548
- C:\Windows\System\XlsZfsA.exe
  C:\Windows\System\XlsZfsA.exe
  2⤵
  PID:1096
- C:\Windows\System\OfGGzvE.exe
  C:\Windows\System\OfGGzvE.exe
  2⤵
  PID:4692
- C:\Windows\System\ErQESaI.exe
  C:\Windows\System\ErQESaI.exe
  2⤵
  PID:5084
- C:\Windows\System\vScLZVD.exe
  C:\Windows\System\vScLZVD.exe
  2⤵
  PID:5128
- C:\Windows\System\IVCZDJM.exe
  C:\Windows\System\IVCZDJM.exe
  2⤵
  PID:5156
- C:\Windows\System\oWctZuD.exe
  C:\Windows\System\oWctZuD.exe
  2⤵
  PID:5196
- C:\Windows\System\nroDSQr.exe
  C:\Windows\System\nroDSQr.exe
  2⤵
  PID:5212
- C:\Windows\System\VPrpZXp.exe
  C:\Windows\System\VPrpZXp.exe
  2⤵
  PID:5248
- C:\Windows\System\axTAXlM.exe
  C:\Windows\System\axTAXlM.exe
  2⤵
  PID:5264
- C:\Windows\System\NIslORB.exe
  C:\Windows\System\NIslORB.exe
  2⤵
  PID:5292
- C:\Windows\System\MmFljXh.exe
  C:\Windows\System\MmFljXh.exe
  2⤵
  PID:5328
- C:\Windows\System\vbJDUrC.exe
  C:\Windows\System\vbJDUrC.exe
  2⤵
  PID:5360
- C:\Windows\System\kuBBcrW.exe
  C:\Windows\System\kuBBcrW.exe
  2⤵
  PID:5412
- C:\Windows\System\LTmUaCe.exe
  C:\Windows\System\LTmUaCe.exe
  2⤵
  PID:5440
- C:\Windows\System\MmMAaeF.exe
  C:\Windows\System\MmMAaeF.exe
  2⤵
  PID:5468
- C:\Windows\System\tcvlrbi.exe
  C:\Windows\System\tcvlrbi.exe
  2⤵
  PID:5508
- C:\Windows\System\gsmxYui.exe
  C:\Windows\System\gsmxYui.exe
  2⤵
  PID:5528
- C:\Windows\System\lIoFMUV.exe
  C:\Windows\System\lIoFMUV.exe
  2⤵
  PID:5564
- C:\Windows\System\yelIGnE.exe
  C:\Windows\System\yelIGnE.exe
  2⤵
  PID:5604
- C:\Windows\System\gFiKjjt.exe
  C:\Windows\System\gFiKjjt.exe
  2⤵
  PID:5632
- C:\Windows\System\EYbsVPE.exe
  C:\Windows\System\EYbsVPE.exe
  2⤵
  PID:5664
- C:\Windows\System\iHzZXgE.exe
  C:\Windows\System\iHzZXgE.exe
  2⤵
  PID:5704
- C:\Windows\System\gNAsDHK.exe
  C:\Windows\System\gNAsDHK.exe
  2⤵
  PID:5728
- C:\Windows\System\EqzdUWq.exe
  C:\Windows\System\EqzdUWq.exe
  2⤵
  PID:5760
- C:\Windows\System\QLrIqWd.exe
  C:\Windows\System\QLrIqWd.exe
  2⤵
  PID:5776
- C:\Windows\System\TpCMreV.exe
  C:\Windows\System\TpCMreV.exe
  2⤵
  PID:5804
- C:\Windows\System\hAByYbB.exe
  C:\Windows\System\hAByYbB.exe
  2⤵
  PID:5836
- C:\Windows\System\sLZZoWj.exe
  C:\Windows\System\sLZZoWj.exe
  2⤵
  PID:5868
- C:\Windows\System\gnwsxAw.exe
  C:\Windows\System\gnwsxAw.exe
  2⤵
  PID:5908
- C:\Windows\System\VEcQdBB.exe
  C:\Windows\System\VEcQdBB.exe
  2⤵
  PID:5932
- C:\Windows\System\dPtPfwF.exe
  C:\Windows\System\dPtPfwF.exe
  2⤵
  PID:5964
- C:\Windows\System\YNYyscg.exe
  C:\Windows\System\YNYyscg.exe
  2⤵
  PID:5980
- C:\Windows\System\FIHbZbq.exe
  C:\Windows\System\FIHbZbq.exe
  2⤵
  PID:6000
- C:\Windows\System\JGZlYPv.exe
  C:\Windows\System\JGZlYPv.exe
  2⤵
  PID:6040
- C:\Windows\System\DqAqPvA.exe
  C:\Windows\System\DqAqPvA.exe
  2⤵
  PID:6072
- C:\Windows\System\fJZwusq.exe
  C:\Windows\System\fJZwusq.exe
  2⤵
  PID:6108
- C:\Windows\System\avgUANr.exe
  C:\Windows\System\avgUANr.exe
  2⤵
  PID:6136
- C:\Windows\System\tUQJvdI.exe
  C:\Windows\System\tUQJvdI.exe
  2⤵
  PID:3084
- C:\Windows\System\jPHXwrF.exe
  C:\Windows\System\jPHXwrF.exe
  2⤵
  PID:5176
- C:\Windows\System\FUOXEfn.exe
  C:\Windows\System\FUOXEfn.exe
  2⤵
  PID:4492
- C:\Windows\System\sNoiomo.exe
  C:\Windows\System\sNoiomo.exe
  2⤵
  PID:5244
- C:\Windows\System\CfEOOkq.exe
  C:\Windows\System\CfEOOkq.exe
  2⤵
  PID:5316
- C:\Windows\System\myNGVlD.exe
  C:\Windows\System\myNGVlD.exe
  2⤵
  PID:5396
- C:\Windows\System\rmBbdQr.exe
  C:\Windows\System\rmBbdQr.exe
  2⤵
  PID:5480
- C:\Windows\System\DisaDCI.exe
  C:\Windows\System\DisaDCI.exe
  2⤵
  PID:5536
- C:\Windows\System\LjxwaQB.exe
  C:\Windows\System\LjxwaQB.exe
  2⤵
  PID:4932
- C:\Windows\System\BUyxnaB.exe
  C:\Windows\System\BUyxnaB.exe
  2⤵
  PID:5656
- C:\Windows\System\fasjvMd.exe
  C:\Windows\System\fasjvMd.exe
  2⤵
  PID:5724
- C:\Windows\System\ejTPvOq.exe
  C:\Windows\System\ejTPvOq.exe
  2⤵
  PID:5768
- C:\Windows\System\RLiCXJT.exe
  C:\Windows\System\RLiCXJT.exe
  2⤵
  PID:2012
- C:\Windows\System\LjOjvjK.exe
  C:\Windows\System\LjOjvjK.exe
  2⤵
  PID:5864
- C:\Windows\System\BsOpifj.exe
  C:\Windows\System\BsOpifj.exe
  2⤵
  PID:5916
- C:\Windows\System\cGmNSbz.exe
  C:\Windows\System\cGmNSbz.exe
  2⤵
  PID:3144
- C:\Windows\System\XTPBaVw.exe
  C:\Windows\System\XTPBaVw.exe
  2⤵
  PID:5972
- C:\Windows\System\dXOVwdQ.exe
  C:\Windows\System\dXOVwdQ.exe
  2⤵
  PID:5988
- C:\Windows\System\HdhpHlS.exe
  C:\Windows\System\HdhpHlS.exe
  2⤵
  PID:6092
- C:\Windows\System\yzpekLc.exe
  C:\Windows\System\yzpekLc.exe
  2⤵
  PID:5184
- C:\Windows\System\Azjafgq.exe
  C:\Windows\System\Azjafgq.exe
  2⤵
  PID:5256
- C:\Windows\System\RYQjSqg.exe
  C:\Windows\System\RYQjSqg.exe
  2⤵
  PID:5436
- C:\Windows\System\BtuqEHL.exe
  C:\Windows\System\BtuqEHL.exe
  2⤵
  PID:5516
- C:\Windows\System\RwDPvom.exe
  C:\Windows\System\RwDPvom.exe
  2⤵
  PID:5748
- C:\Windows\System\QcinCuv.exe
  C:\Windows\System\QcinCuv.exe
  2⤵
  PID:5856
- C:\Windows\System\KYSINLH.exe
  C:\Windows\System\KYSINLH.exe
  2⤵
  PID:6132
- C:\Windows\System\MKOGmdQ.exe
  C:\Windows\System\MKOGmdQ.exe
  2⤵
  PID:3956
- C:\Windows\System\YmyEjzG.exe
  C:\Windows\System\YmyEjzG.exe
  2⤵
  PID:5352
- C:\Windows\System\lcSOhAR.exe
  C:\Windows\System\lcSOhAR.exe
  2⤵
  PID:5816
- C:\Windows\System\QWcgkmc.exe
  C:\Windows\System\QWcgkmc.exe
  2⤵
  PID:1952
- C:\Windows\System\VtJyQKE.exe
  C:\Windows\System\VtJyQKE.exe
  2⤵
  PID:5688
- C:\Windows\System\clDqYoK.exe
  C:\Windows\System\clDqYoK.exe
  2⤵
  PID:6160
- C:\Windows\System\xlzGGXW.exe
  C:\Windows\System\xlzGGXW.exe
  2⤵
  PID:6188
- C:\Windows\System\fkiNBpM.exe
  C:\Windows\System\fkiNBpM.exe
  2⤵
  PID:6216
- C:\Windows\System\IIoXJeT.exe
  C:\Windows\System\IIoXJeT.exe
  2⤵
  PID:6248
- C:\Windows\System\JVoLOzZ.exe
  C:\Windows\System\JVoLOzZ.exe
  2⤵
  PID:6284
- C:\Windows\System\ogxIVxa.exe
  C:\Windows\System\ogxIVxa.exe
  2⤵
  PID:6324
- C:\Windows\System\VcYlISZ.exe
  C:\Windows\System\VcYlISZ.exe
  2⤵
  PID:6352
- C:\Windows\System\CcjmZpn.exe
  C:\Windows\System\CcjmZpn.exe
  2⤵
  PID:6376
- C:\Windows\System\ZPvbwvc.exe
  C:\Windows\System\ZPvbwvc.exe
  2⤵
  PID:6408
- C:\Windows\System\dppFCvw.exe
  C:\Windows\System\dppFCvw.exe
  2⤵
  PID:6432
- C:\Windows\System\sFmcTGK.exe
  C:\Windows\System\sFmcTGK.exe
  2⤵
  PID:6464
- C:\Windows\System\tTALqxP.exe
  C:\Windows\System\tTALqxP.exe
  2⤵
  PID:6492
- C:\Windows\System\VsquOgK.exe
  C:\Windows\System\VsquOgK.exe
  2⤵
  PID:6524
- C:\Windows\System\NYBMNwO.exe
  C:\Windows\System\NYBMNwO.exe
  2⤵
  PID:6552
- C:\Windows\System\ovPpxil.exe
  C:\Windows\System\ovPpxil.exe
  2⤵
  PID:6588
- C:\Windows\System\TPEzJPV.exe
  C:\Windows\System\TPEzJPV.exe
  2⤵
  PID:6616
- C:\Windows\System\jlwWIrc.exe
  C:\Windows\System\jlwWIrc.exe
  2⤵
  PID:6644
- C:\Windows\System\UCHhYTX.exe
  C:\Windows\System\UCHhYTX.exe
  2⤵
  PID:6668
- C:\Windows\System\UhrBKUg.exe
  C:\Windows\System\UhrBKUg.exe
  2⤵
  PID:6692
- C:\Windows\System\beUGuWD.exe
  C:\Windows\System\beUGuWD.exe
  2⤵
  PID:6720
- C:\Windows\System\BsDwOOG.exe
  C:\Windows\System\BsDwOOG.exe
  2⤵
  PID:6756
- C:\Windows\System\amyIkTN.exe
  C:\Windows\System\amyIkTN.exe
  2⤵
  PID:6784
- C:\Windows\System\RgMbiJT.exe
  C:\Windows\System\RgMbiJT.exe
  2⤵
  PID:6812
- C:\Windows\System\hzBTpkV.exe
  C:\Windows\System\hzBTpkV.exe
  2⤵
  PID:6848
- C:\Windows\System\jtsBuxf.exe
  C:\Windows\System\jtsBuxf.exe
  2⤵
  PID:6868
- C:\Windows\System\LCDsQKS.exe
  C:\Windows\System\LCDsQKS.exe
  2⤵
  PID:6904
- C:\Windows\System\nXayFUw.exe
  C:\Windows\System\nXayFUw.exe
  2⤵
  PID:6924
- C:\Windows\System\KhDsWMA.exe
  C:\Windows\System\KhDsWMA.exe
  2⤵
  PID:6944
- C:\Windows\System\PddcXXV.exe
  C:\Windows\System\PddcXXV.exe
  2⤵
  PID:6968
- C:\Windows\System\jWtbCYN.exe
  C:\Windows\System\jWtbCYN.exe
  2⤵
  PID:7000
- C:\Windows\System\dnWSgCg.exe
  C:\Windows\System\dnWSgCg.exe
  2⤵
  PID:7032
- C:\Windows\System\krVklBI.exe
  C:\Windows\System\krVklBI.exe
  2⤵
  PID:7064
- C:\Windows\System\qImlDBv.exe
  C:\Windows\System\qImlDBv.exe
  2⤵
  PID:7080
- C:\Windows\System\ynfEGIA.exe
  C:\Windows\System\ynfEGIA.exe
  2⤵
  PID:7108
- C:\Windows\System\rgGwqCx.exe
  C:\Windows\System\rgGwqCx.exe
  2⤵
  PID:7148
- C:\Windows\System\qPOdnhR.exe
  C:\Windows\System\qPOdnhR.exe
  2⤵
  PID:5960
- C:\Windows\System\KzIKamM.exe
  C:\Windows\System\KzIKamM.exe
  2⤵
  PID:6152
- C:\Windows\System\OrOoYVC.exe
  C:\Windows\System\OrOoYVC.exe
  2⤵
  PID:6232
- C:\Windows\System\fbugzFM.exe
  C:\Windows\System\fbugzFM.exe
  2⤵
  PID:6296
- C:\Windows\System\LgFuAIb.exe
  C:\Windows\System\LgFuAIb.exe
  2⤵
  PID:6388
- C:\Windows\System\aJxtvdm.exe
  C:\Windows\System\aJxtvdm.exe
  2⤵
  PID:6480
- C:\Windows\System\wzKOiLH.exe
  C:\Windows\System\wzKOiLH.exe
  2⤵
  PID:6512
- C:\Windows\System\UCsaLCq.exe
  C:\Windows\System\UCsaLCq.exe
  2⤵
  PID:6560
- C:\Windows\System\AlxDnzY.exe
  C:\Windows\System\AlxDnzY.exe
  2⤵
  PID:6628
- C:\Windows\System\DrQOZkb.exe
  C:\Windows\System\DrQOZkb.exe
  2⤵
  PID:6712
- C:\Windows\System\clHOstg.exe
  C:\Windows\System\clHOstg.exe
  2⤵
  PID:6768
- C:\Windows\System\PunYcIX.exe
  C:\Windows\System\PunYcIX.exe
  2⤵
  PID:6856
- C:\Windows\System\CNsPcCb.exe
  C:\Windows\System\CNsPcCb.exe
  2⤵
  PID:6940
- C:\Windows\System\clASLtq.exe
  C:\Windows\System\clASLtq.exe
  2⤵
  PID:7008
- C:\Windows\System\ROwRMtY.exe
  C:\Windows\System\ROwRMtY.exe
  2⤵
  PID:7052
- C:\Windows\System\jgXlNEM.exe
  C:\Windows\System\jgXlNEM.exe
  2⤵
  PID:7120
- C:\Windows\System\cANOYzX.exe
  C:\Windows\System\cANOYzX.exe
  2⤵
  PID:6208
- C:\Windows\System\iKiyful.exe
  C:\Windows\System\iKiyful.exe
  2⤵
  PID:6348
- C:\Windows\System\UJJZzDx.exe
  C:\Windows\System\UJJZzDx.exe
  2⤵
  PID:6516
- C:\Windows\System\apsnmts.exe
  C:\Windows\System\apsnmts.exe
  2⤵
  PID:6600
- C:\Windows\System\fWHMHCL.exe
  C:\Windows\System\fWHMHCL.exe
  2⤵
  PID:6824
- C:\Windows\System\rIThEZd.exe
  C:\Windows\System\rIThEZd.exe
  2⤵
  PID:4884
- C:\Windows\System\NvscYSb.exe
  C:\Windows\System\NvscYSb.exe
  2⤵
  PID:7056
- C:\Windows\System\LbedrQa.exe
  C:\Windows\System\LbedrQa.exe
  2⤵
  PID:5956
- C:\Windows\System\uWtaBxO.exe
  C:\Windows\System\uWtaBxO.exe
  2⤵
  PID:6608
- C:\Windows\System\OLMDRXa.exe
  C:\Windows\System\OLMDRXa.exe
  2⤵
  PID:6956
- C:\Windows\System\ubmyTAE.exe
  C:\Windows\System\ubmyTAE.exe
  2⤵
  PID:6740
- C:\Windows\System\kUJUQkA.exe
  C:\Windows\System\kUJUQkA.exe
  2⤵
  PID:6540
- C:\Windows\System\NClbvOy.exe
  C:\Windows\System\NClbvOy.exe
  2⤵
  PID:7184
- C:\Windows\System\hGCpiuw.exe
  C:\Windows\System\hGCpiuw.exe
  2⤵
  PID:7208
- C:\Windows\System\yDnDaac.exe
  C:\Windows\System\yDnDaac.exe
  2⤵
  PID:7228
- C:\Windows\System\oLDFVSe.exe
  C:\Windows\System\oLDFVSe.exe
  2⤵
  PID:7260
- C:\Windows\System\zAnNaPo.exe
  C:\Windows\System\zAnNaPo.exe
  2⤵
  PID:7288
- C:\Windows\System\ZMjLLOZ.exe
  C:\Windows\System\ZMjLLOZ.exe
  2⤵
  PID:7312
- C:\Windows\System\xVxVpIx.exe
  C:\Windows\System\xVxVpIx.exe
  2⤵
  PID:7336
- C:\Windows\System\vZVtjaI.exe
  C:\Windows\System\vZVtjaI.exe
  2⤵
  PID:7364
- C:\Windows\System\gCkkqnt.exe
  C:\Windows\System\gCkkqnt.exe
  2⤵
  PID:7384
- C:\Windows\System\YNvrYGf.exe
  C:\Windows\System\YNvrYGf.exe
  2⤵
  PID:7420
- C:\Windows\System\cGFrdZB.exe
  C:\Windows\System\cGFrdZB.exe
  2⤵
  PID:7456
- C:\Windows\System\iurCEdQ.exe
  C:\Windows\System\iurCEdQ.exe
  2⤵
  PID:7480
- C:\Windows\System\WSLpytX.exe
  C:\Windows\System\WSLpytX.exe
  2⤵
  PID:7508
- C:\Windows\System\yPgMVPg.exe
  C:\Windows\System\yPgMVPg.exe
  2⤵
  PID:7540
- C:\Windows\System\utFsBHQ.exe
  C:\Windows\System\utFsBHQ.exe
  2⤵
  PID:7560
- C:\Windows\System\KnKGeem.exe
  C:\Windows\System\KnKGeem.exe
  2⤵
  PID:7596
- C:\Windows\System\LjRmLuK.exe
  C:\Windows\System\LjRmLuK.exe
  2⤵
  PID:7628
- C:\Windows\System\kcTWgDp.exe
  C:\Windows\System\kcTWgDp.exe
  2⤵
  PID:7656
- C:\Windows\System\WmlPnzU.exe
  C:\Windows\System\WmlPnzU.exe
  2⤵
  PID:7688
- C:\Windows\System\PfOohJO.exe
  C:\Windows\System\PfOohJO.exe
  2⤵
  PID:7720
- C:\Windows\System\mKzDObW.exe
  C:\Windows\System\mKzDObW.exe
  2⤵
  PID:7748
- C:\Windows\System\TejlPzb.exe
  C:\Windows\System\TejlPzb.exe
  2⤵
  PID:7780
- C:\Windows\System\zhyCGIe.exe
  C:\Windows\System\zhyCGIe.exe
  2⤵
  PID:7808
- C:\Windows\System\uRACztf.exe
  C:\Windows\System\uRACztf.exe
  2⤵
  PID:7824
- C:\Windows\System\PlEcOar.exe
  C:\Windows\System\PlEcOar.exe
  2⤵
  PID:7852
- C:\Windows\System\tcABThT.exe
  C:\Windows\System\tcABThT.exe
  2⤵
  PID:7880
- C:\Windows\System\qPPtJda.exe
  C:\Windows\System\qPPtJda.exe
  2⤵
  PID:7908
- C:\Windows\System\XsOszVv.exe
  C:\Windows\System\XsOszVv.exe
  2⤵
  PID:7940
- C:\Windows\System\gpKaGRo.exe
  C:\Windows\System\gpKaGRo.exe
  2⤵
  PID:7968
- C:\Windows\System\xVwlmnz.exe
  C:\Windows\System\xVwlmnz.exe
  2⤵
  PID:8000
- C:\Windows\System\zgcXgsw.exe
  C:\Windows\System\zgcXgsw.exe
  2⤵
  PID:8024
- C:\Windows\System\zHxWkHL.exe
  C:\Windows\System\zHxWkHL.exe
  2⤵
  PID:8048
- C:\Windows\System\fzNLsua.exe
  C:\Windows\System\fzNLsua.exe
  2⤵
  PID:8064
- C:\Windows\System\JnLAPJU.exe
  C:\Windows\System\JnLAPJU.exe
  2⤵
  PID:8084
- C:\Windows\System\HBMwWIQ.exe
  C:\Windows\System\HBMwWIQ.exe
  2⤵
  PID:8132
- C:\Windows\System\lgkEfBG.exe
  C:\Windows\System\lgkEfBG.exe
  2⤵
  PID:8160
- C:\Windows\System\blDvvxJ.exe
  C:\Windows\System\blDvvxJ.exe
  2⤵
  PID:8184
- C:\Windows\System\PENCaEf.exe
  C:\Windows\System\PENCaEf.exe
  2⤵
  PID:7216
- C:\Windows\System\NhgoJeX.exe
  C:\Windows\System\NhgoJeX.exe
  2⤵
  PID:7272
- C:\Windows\System\xsTzMmI.exe
  C:\Windows\System\xsTzMmI.exe
  2⤵
  PID:7296
- C:\Windows\System\Nvjgjor.exe
  C:\Windows\System\Nvjgjor.exe
  2⤵
  PID:7376
- C:\Windows\System\MTRizMl.exe
  C:\Windows\System\MTRizMl.exe
  2⤵
  PID:7452
- C:\Windows\System\NytobMb.exe
  C:\Windows\System\NytobMb.exe
  2⤵
  PID:7496
- C:\Windows\System\xGNWRht.exe
  C:\Windows\System\xGNWRht.exe
  2⤵
  PID:7576
- C:\Windows\System\QkgDkkm.exe
  C:\Windows\System\QkgDkkm.exe
  2⤵
  PID:7664
- C:\Windows\System\kKuyWdr.exe
  C:\Windows\System\kKuyWdr.exe
  2⤵
  PID:7708
- C:\Windows\System\cVzkxET.exe
  C:\Windows\System\cVzkxET.exe
  2⤵
  PID:7776
- C:\Windows\System\vEdykHD.exe
  C:\Windows\System\vEdykHD.exe
  2⤵
  PID:7840
- C:\Windows\System\uUQkOmV.exe
  C:\Windows\System\uUQkOmV.exe
  2⤵
  PID:7896
- C:\Windows\System\ucZaNGZ.exe
  C:\Windows\System\ucZaNGZ.exe
  2⤵
  PID:7984
- C:\Windows\System\DNOEseb.exe
  C:\Windows\System\DNOEseb.exe
  2⤵
  PID:8056
- C:\Windows\System\LjTPCrp.exe
  C:\Windows\System\LjTPCrp.exe
  2⤵
  PID:8100
- C:\Windows\System\qaGITkG.exe
  C:\Windows\System\qaGITkG.exe
  2⤵
  PID:8176
- C:\Windows\System\tiGITiZ.exe
  C:\Windows\System\tiGITiZ.exe
  2⤵
  PID:7240
- C:\Windows\System\SUmCOmY.exe
  C:\Windows\System\SUmCOmY.exe
  2⤵
  PID:7332
- C:\Windows\System\fJYkEum.exe
  C:\Windows\System\fJYkEum.exe
  2⤵
  PID:7472
- C:\Windows\System\DsokHCA.exe
  C:\Windows\System\DsokHCA.exe
  2⤵
  PID:7712
- C:\Windows\System\cuGfVRC.exe
  C:\Windows\System\cuGfVRC.exe
  2⤵
  PID:7820
- C:\Windows\System\qGmRErq.exe
  C:\Windows\System\qGmRErq.exe
  2⤵
  PID:7924
- C:\Windows\System\fHupBgu.exe
  C:\Windows\System\fHupBgu.exe
  2⤵
  PID:8128
- C:\Windows\System\kSKHXjr.exe
  C:\Windows\System\kSKHXjr.exe
  2⤵
  PID:7300
- C:\Windows\System\AfMfdcG.exe
  C:\Windows\System\AfMfdcG.exe
  2⤵
  PID:7768
- C:\Windows\System\VXcUsQc.exe
  C:\Windows\System\VXcUsQc.exe
  2⤵
  PID:8044
- C:\Windows\System\gCXZTjX.exe
  C:\Windows\System\gCXZTjX.exe
  2⤵
  PID:7616
- C:\Windows\System\oNIwyTt.exe
  C:\Windows\System\oNIwyTt.exe
  2⤵
  PID:8196
- C:\Windows\System\hVdkLbA.exe
  C:\Windows\System\hVdkLbA.exe
  2⤵
  PID:8232
- C:\Windows\System\jVoRPHl.exe
  C:\Windows\System\jVoRPHl.exe
  2⤵
  PID:8252
- C:\Windows\System\PTXMwKR.exe
  C:\Windows\System\PTXMwKR.exe
  2⤵
  PID:8276
- C:\Windows\System\aEaTKSU.exe
  C:\Windows\System\aEaTKSU.exe
  2⤵
  PID:8308
- C:\Windows\System\RPuvvmQ.exe
  C:\Windows\System\RPuvvmQ.exe
  2⤵
  PID:8336
- C:\Windows\System\lAgJhmx.exe
  C:\Windows\System\lAgJhmx.exe
  2⤵
  PID:8372
- C:\Windows\System\NiDeFIW.exe
  C:\Windows\System\NiDeFIW.exe
  2⤵
  PID:8392
- C:\Windows\System\DSIxvod.exe
  C:\Windows\System\DSIxvod.exe
  2⤵
  PID:8420
- C:\Windows\System\YqbKoRL.exe
  C:\Windows\System\YqbKoRL.exe
  2⤵
  PID:8444
- C:\Windows\System\zLyZxpJ.exe
  C:\Windows\System\zLyZxpJ.exe
  2⤵
  PID:8464
- C:\Windows\System\FhoIRAP.exe
  C:\Windows\System\FhoIRAP.exe
  2⤵
  PID:8496
- C:\Windows\System\LhGApTD.exe
  C:\Windows\System\LhGApTD.exe
  2⤵
  PID:8536
- C:\Windows\System\LfnGnEq.exe
  C:\Windows\System\LfnGnEq.exe
  2⤵
  PID:8552
- C:\Windows\System\erQQmyf.exe
  C:\Windows\System\erQQmyf.exe
  2⤵
  PID:8572
- C:\Windows\System\AzukVvG.exe
  C:\Windows\System\AzukVvG.exe
  2⤵
  PID:8608
- C:\Windows\System\KERwddM.exe
  C:\Windows\System\KERwddM.exe
  2⤵
  PID:8628
- C:\Windows\System\vVuRzbD.exe
  C:\Windows\System\vVuRzbD.exe
  2⤵
  PID:8664
- C:\Windows\System\INXNkWZ.exe
  C:\Windows\System\INXNkWZ.exe
  2⤵
  PID:8680
- C:\Windows\System\obPuNZC.exe
  C:\Windows\System\obPuNZC.exe
  2⤵
  PID:8712
- C:\Windows\System\mivRsOl.exe
  C:\Windows\System\mivRsOl.exe
  2⤵
  PID:8736
- C:\Windows\System\tLZOnqP.exe
  C:\Windows\System\tLZOnqP.exe
  2⤵
  PID:8768
- C:\Windows\System\Wdlawtg.exe
  C:\Windows\System\Wdlawtg.exe
  2⤵
  PID:8792
- C:\Windows\System\fcVlWPz.exe
  C:\Windows\System\fcVlWPz.exe
  2⤵
  PID:8812
- C:\Windows\System\YoavojD.exe
  C:\Windows\System\YoavojD.exe
  2⤵
  PID:8848
- C:\Windows\System\wACzYQp.exe
  C:\Windows\System\wACzYQp.exe
  2⤵
  PID:8876
- C:\Windows\System\hABHgNZ.exe
  C:\Windows\System\hABHgNZ.exe
  2⤵
  PID:8908
- C:\Windows\System\OHiNRtc.exe
  C:\Windows\System\OHiNRtc.exe
  2⤵
  PID:8936
- C:\Windows\System\GcPFYEr.exe
  C:\Windows\System\GcPFYEr.exe
  2⤵
  PID:8960
- C:\Windows\System\TlIIPOc.exe
  C:\Windows\System\TlIIPOc.exe
  2⤵
  PID:8992
- C:\Windows\System\JniTNcM.exe
  C:\Windows\System\JniTNcM.exe
  2⤵
  PID:9040
- C:\Windows\System\VfubltS.exe
  C:\Windows\System\VfubltS.exe
  2⤵
  PID:9068
- C:\Windows\System\UtIZLOF.exe
  C:\Windows\System\UtIZLOF.exe
  2⤵
  PID:9088
- C:\Windows\System\iDAFTIf.exe
  C:\Windows\System\iDAFTIf.exe
  2⤵
  PID:9128
- C:\Windows\System\BDmwNFm.exe
  C:\Windows\System\BDmwNFm.exe
  2⤵
  PID:9160
- C:\Windows\System\SxOewDw.exe
  C:\Windows\System\SxOewDw.exe
  2⤵
  PID:9192
- C:\Windows\System\ULtaOiF.exe
  C:\Windows\System\ULtaOiF.exe
  2⤵
  PID:7608
- C:\Windows\System\hlSPlPq.exe
  C:\Windows\System\hlSPlPq.exe
  2⤵
  PID:8244
- C:\Windows\System\eJhEPeF.exe
  C:\Windows\System\eJhEPeF.exe
  2⤵
  PID:7436
- C:\Windows\System\vdZuSBY.exe
  C:\Windows\System\vdZuSBY.exe
  2⤵
  PID:8428
- C:\Windows\System\VzxsDvF.exe
  C:\Windows\System\VzxsDvF.exe
  2⤵
  PID:8456
- C:\Windows\System\QuhqfHi.exe
  C:\Windows\System\QuhqfHi.exe
  2⤵
  PID:8488
- C:\Windows\System\uowCjHr.exe
  C:\Windows\System\uowCjHr.exe
  2⤵
  PID:8620
- C:\Windows\System\EwpYeYp.exe
  C:\Windows\System\EwpYeYp.exe
  2⤵
  PID:8636
- C:\Windows\System\VWItImK.exe
  C:\Windows\System\VWItImK.exe
  2⤵
  PID:8692
- C:\Windows\System\ldWHxGa.exe
  C:\Windows\System\ldWHxGa.exe
  2⤵
  PID:8700
- C:\Windows\System\DbFhayu.exe
  C:\Windows\System\DbFhayu.exe
  2⤵
  PID:8760
- C:\Windows\System\jWDMiLC.exe
  C:\Windows\System\jWDMiLC.exe
  2⤵
  PID:8840
- C:\Windows\System\goHjZEb.exe
  C:\Windows\System\goHjZEb.exe
  2⤵
  PID:8952
- C:\Windows\System\buFEXsm.exe
  C:\Windows\System\buFEXsm.exe
  2⤵
  PID:9028
- C:\Windows\System\yglxWpC.exe
  C:\Windows\System\yglxWpC.exe
  2⤵
  PID:9116
- C:\Windows\System\BTeAwlA.exe
  C:\Windows\System\BTeAwlA.exe
  2⤵
  PID:9152
- C:\Windows\System\PkJCIdk.exe
  C:\Windows\System\PkJCIdk.exe
  2⤵
  PID:9212
- C:\Windows\System\NwSuSgE.exe
  C:\Windows\System\NwSuSgE.exe
  2⤵
  PID:8300
- C:\Windows\System\CNPuaQF.exe
  C:\Windows\System\CNPuaQF.exe
  2⤵
  PID:8516
- C:\Windows\System\AIWiscD.exe
  C:\Windows\System\AIWiscD.exe
  2⤵
  PID:8672
- C:\Windows\System\sgHeShi.exe
  C:\Windows\System\sgHeShi.exe
  2⤵
  PID:8732
- C:\Windows\System\GiYjaIg.exe
  C:\Windows\System\GiYjaIg.exe
  2⤵
  PID:8928
- C:\Windows\System\XwSPWWN.exe
  C:\Windows\System\XwSPWWN.exe
  2⤵
  PID:9104
- C:\Windows\System\ENVPHoH.exe
  C:\Windows\System\ENVPHoH.exe
  2⤵
  PID:8332
- C:\Windows\System\aRXxeDk.exe
  C:\Windows\System\aRXxeDk.exe
  2⤵
  PID:8788
- C:\Windows\System\fDMUcbd.exe
  C:\Windows\System\fDMUcbd.exe
  2⤵
  PID:9048
- C:\Windows\System\atqsOzN.exe
  C:\Windows\System\atqsOzN.exe
  2⤵
  PID:9224
- C:\Windows\System\IQuafQt.exe
  C:\Windows\System\IQuafQt.exe
  2⤵
  PID:9244
- C:\Windows\System\glrSFax.exe
  C:\Windows\System\glrSFax.exe
  2⤵
  PID:9268
- C:\Windows\System\HCfRBst.exe
  C:\Windows\System\HCfRBst.exe
  2⤵
  PID:9296
- C:\Windows\System\YHSEvCB.exe
  C:\Windows\System\YHSEvCB.exe
  2⤵
  PID:9328
- C:\Windows\System\FVNekyy.exe
  C:\Windows\System\FVNekyy.exe
  2⤵
  PID:9352
- C:\Windows\System\FUnrMuj.exe
  C:\Windows\System\FUnrMuj.exe
  2⤵
  PID:9380
- C:\Windows\System\lqCUEge.exe
  C:\Windows\System\lqCUEge.exe
  2⤵
  PID:9404
- C:\Windows\System\LEeQoRd.exe
  C:\Windows\System\LEeQoRd.exe
  2⤵
  PID:9424
- C:\Windows\System\zmSgokP.exe
  C:\Windows\System\zmSgokP.exe
  2⤵
  PID:9456
- C:\Windows\System\UnzUlFB.exe
  C:\Windows\System\UnzUlFB.exe
  2⤵
  PID:9476
- C:\Windows\System\LfSfQTk.exe
  C:\Windows\System\LfSfQTk.exe
  2⤵
  PID:9504
- C:\Windows\System\eLgkcGY.exe
  C:\Windows\System\eLgkcGY.exe
  2⤵
  PID:9544
- C:\Windows\System\MNfLeHb.exe
  C:\Windows\System\MNfLeHb.exe
  2⤵
  PID:9580
- C:\Windows\System\cfLgmOt.exe
  C:\Windows\System\cfLgmOt.exe
  2⤵
  PID:9600
- C:\Windows\System\ceTNfnG.exe
  C:\Windows\System\ceTNfnG.exe
  2⤵
  PID:9616
- C:\Windows\System\XUXCjsj.exe
  C:\Windows\System\XUXCjsj.exe
  2⤵
  PID:9648
- C:\Windows\System\iLQWGjI.exe
  C:\Windows\System\iLQWGjI.exe
  2⤵
  PID:9672
- C:\Windows\System\rLkocsH.exe
  C:\Windows\System\rLkocsH.exe
  2⤵
  PID:9700
- C:\Windows\System\EDPHDeK.exe
  C:\Windows\System\EDPHDeK.exe
  2⤵
  PID:9736
- C:\Windows\System\PHLIDtJ.exe
  C:\Windows\System\PHLIDtJ.exe
  2⤵
  PID:9756
- C:\Windows\System\nskWwdn.exe
  C:\Windows\System\nskWwdn.exe
  2⤵
  PID:9788
- C:\Windows\System\xWYLUSn.exe
  C:\Windows\System\xWYLUSn.exe
  2⤵
  PID:9892
- C:\Windows\System\LbIFNbB.exe
  C:\Windows\System\LbIFNbB.exe
  2⤵
  PID:9920
- C:\Windows\System\oTnilxf.exe
  C:\Windows\System\oTnilxf.exe
  2⤵
  PID:9936
- C:\Windows\System\EwHRzWy.exe
  C:\Windows\System\EwHRzWy.exe
  2⤵
  PID:9952
- C:\Windows\System\XdHJtoX.exe
  C:\Windows\System\XdHJtoX.exe
  2⤵
  PID:9980
- C:\Windows\System\BjgIRYT.exe
  C:\Windows\System\BjgIRYT.exe
  2⤵
  PID:10012
- C:\Windows\System\QMXZVfv.exe
  C:\Windows\System\QMXZVfv.exe
  2⤵
  PID:10044
- C:\Windows\System\eAMxrcV.exe
  C:\Windows\System\eAMxrcV.exe
  2⤵
  PID:10064
- C:\Windows\System\cUphQVh.exe
  C:\Windows\System\cUphQVh.exe
  2⤵
  PID:10096
- C:\Windows\System\iJtnjat.exe
  C:\Windows\System\iJtnjat.exe
  2⤵
  PID:10112
- C:\Windows\System\pnLEbPi.exe
  C:\Windows\System\pnLEbPi.exe
  2⤵
  PID:10144
- C:\Windows\System\wDnxVwH.exe
  C:\Windows\System\wDnxVwH.exe
  2⤵
  PID:10168
- C:\Windows\System\Dklhehq.exe
  C:\Windows\System\Dklhehq.exe
  2⤵
  PID:10204
- C:\Windows\System\JoPSeTa.exe
  C:\Windows\System\JoPSeTa.exe
  2⤵
  PID:10228
- C:\Windows\System\uhNBFkw.exe
  C:\Windows\System\uhNBFkw.exe
  2⤵
  PID:9220
- C:\Windows\System\ccKnaFb.exe
  C:\Windows\System\ccKnaFb.exe
  2⤵
  PID:9292
- C:\Windows\System\CMQRPRw.exe
  C:\Windows\System\CMQRPRw.exe
  2⤵
  PID:9348
- C:\Windows\System\PmCkRAj.exe
  C:\Windows\System\PmCkRAj.exe
  2⤵
  PID:9416
- C:\Windows\System\gqtdpqZ.exe
  C:\Windows\System\gqtdpqZ.exe
  2⤵
  PID:9472
- C:\Windows\System\NNpKDST.exe
  C:\Windows\System\NNpKDST.exe
  2⤵
  PID:9532
- C:\Windows\System\EFCWqqc.exe
  C:\Windows\System\EFCWqqc.exe
  2⤵
  PID:9628
- C:\Windows\System\WeXVXBM.exe
  C:\Windows\System\WeXVXBM.exe
  2⤵
  PID:9748
- C:\Windows\System\rvBOonm.exe
  C:\Windows\System\rvBOonm.exe
  2⤵
  PID:9796
- C:\Windows\System\xHkBjaK.exe
  C:\Windows\System\xHkBjaK.exe
  2⤵
  PID:9804
- C:\Windows\System\vUCWOWG.exe
  C:\Windows\System\vUCWOWG.exe
  2⤵
  PID:9976
- C:\Windows\System\aIekeGM.exe
  C:\Windows\System\aIekeGM.exe
  2⤵
  PID:10040
- C:\Windows\System\kabkrtb.exe
  C:\Windows\System\kabkrtb.exe
  2⤵
  PID:10128
- C:\Windows\System\EbvneJY.exe
  C:\Windows\System\EbvneJY.exe
  2⤵
  PID:10160
- C:\Windows\System\ENmAXHn.exe
  C:\Windows\System\ENmAXHn.exe
  2⤵
  PID:10212
- C:\Windows\System\NlMFQVL.exe
  C:\Windows\System\NlMFQVL.exe
  2⤵
  PID:9264
- C:\Windows\System\orNevej.exe
  C:\Windows\System\orNevej.exe
  2⤵
  PID:9308
- C:\Windows\System\VBQAFnb.exe
  C:\Windows\System\VBQAFnb.exe
  2⤵
  PID:9656
- C:\Windows\System\kRBMgte.exe
  C:\Windows\System\kRBMgte.exe
  2⤵
  PID:9724
- C:\Windows\System\lzzgXXz.exe
  C:\Windows\System\lzzgXXz.exe
  2⤵
  PID:10180
- C:\Windows\System\wQGhuue.exe
  C:\Windows\System\wQGhuue.exe
  2⤵
  PID:9568
- C:\Windows\System\xXBseAb.exe
  C:\Windows\System\xXBseAb.exe
  2⤵
  PID:10108
- C:\Windows\System\kuKEKMC.exe
  C:\Windows\System\kuKEKMC.exe
  2⤵
  PID:10264
- C:\Windows\System\ajuhbjD.exe
  C:\Windows\System\ajuhbjD.exe
  2⤵
  PID:10280
- C:\Windows\System\QGXpCzv.exe
  C:\Windows\System\QGXpCzv.exe
  2⤵
  PID:10304
- C:\Windows\System\UYvHevp.exe
  C:\Windows\System\UYvHevp.exe
  2⤵
  PID:10320
- C:\Windows\System\QwhzTkE.exe
  C:\Windows\System\QwhzTkE.exe
  2⤵
  PID:10348
- C:\Windows\System\FDedAcT.exe
  C:\Windows\System\FDedAcT.exe
  2⤵
  PID:10380
- C:\Windows\System\SZTTtDH.exe
  C:\Windows\System\SZTTtDH.exe
  2⤵
  PID:10416
- C:\Windows\System\EGWIKqK.exe
  C:\Windows\System\EGWIKqK.exe
  2⤵
  PID:10448
- C:\Windows\System\WjgcxqO.exe
  C:\Windows\System\WjgcxqO.exe
  2⤵
  PID:10488
- C:\Windows\System\DhggfVr.exe
  C:\Windows\System\DhggfVr.exe
  2⤵
  PID:10516
- C:\Windows\System\uwxzdKQ.exe
  C:\Windows\System\uwxzdKQ.exe
  2⤵
  PID:10540
- C:\Windows\System\BokSrSX.exe
  C:\Windows\System\BokSrSX.exe
  2⤵
  PID:10572
- C:\Windows\System\hjJOEUS.exe
  C:\Windows\System\hjJOEUS.exe
  2⤵
  PID:10604
- C:\Windows\System\ZYomYwz.exe
  C:\Windows\System\ZYomYwz.exe
  2⤵
  PID:10632
- C:\Windows\System\SuQdkez.exe
  C:\Windows\System\SuQdkez.exe
  2⤵
  PID:10656
- C:\Windows\System\JuOGGiT.exe
  C:\Windows\System\JuOGGiT.exe
  2⤵
  PID:10680
- C:\Windows\System\seeKiiD.exe
  C:\Windows\System\seeKiiD.exe
  2⤵
  PID:10712
- C:\Windows\System\ITYsIFG.exe
  C:\Windows\System\ITYsIFG.exe
  2⤵
  PID:10744
- C:\Windows\System\ZnDHxFn.exe
  C:\Windows\System\ZnDHxFn.exe
  2⤵
  PID:10768
- C:\Windows\System\QLySkht.exe
  C:\Windows\System\QLySkht.exe
  2⤵
  PID:10800
- C:\Windows\System\BNJsJSm.exe
  C:\Windows\System\BNJsJSm.exe
  2⤵
  PID:10836
- C:\Windows\System\iAsQtHC.exe
  C:\Windows\System\iAsQtHC.exe
  2⤵
  PID:10864
- C:\Windows\System\PegrMLh.exe
  C:\Windows\System\PegrMLh.exe
  2⤵
  PID:10896
- C:\Windows\System\gCOhpkm.exe
  C:\Windows\System\gCOhpkm.exe
  2⤵
  PID:10920
- C:\Windows\System\ufyPqSk.exe
  C:\Windows\System\ufyPqSk.exe
  2⤵
  PID:10936
- C:\Windows\System\ozMXPga.exe
  C:\Windows\System\ozMXPga.exe
  2⤵
  PID:10960
- C:\Windows\System\JOgnhnM.exe
  C:\Windows\System\JOgnhnM.exe
  2⤵
  PID:10988
- C:\Windows\System\VfYpUZE.exe
  C:\Windows\System\VfYpUZE.exe
  2⤵
  PID:11020
- C:\Windows\System\IRWubsY.exe
  C:\Windows\System\IRWubsY.exe
  2⤵
  PID:11036
- C:\Windows\System\VDoPtBL.exe
  C:\Windows\System\VDoPtBL.exe
  2⤵
  PID:11056
- C:\Windows\System\XmoPvof.exe
  C:\Windows\System\XmoPvof.exe
  2⤵
  PID:11080
- C:\Windows\System\hbztjfI.exe
  C:\Windows\System\hbztjfI.exe
  2⤵
  PID:11112
- C:\Windows\System\wHoqvAt.exe
  C:\Windows\System\wHoqvAt.exe
  2⤵
  PID:11128
- C:\Windows\System\teBkyrP.exe
  C:\Windows\System\teBkyrP.exe
  2⤵
  PID:11144
- C:\Windows\System\rMDsBSY.exe
  C:\Windows\System\rMDsBSY.exe
  2⤵
  PID:11168
- C:\Windows\System\VqRzWAY.exe
  C:\Windows\System\VqRzWAY.exe
  2⤵
  PID:11192
- C:\Windows\System\KSAFrTv.exe
  C:\Windows\System\KSAFrTv.exe
  2⤵
  PID:11220
- C:\Windows\System\AZXykDs.exe
  C:\Windows\System\AZXykDs.exe
  2⤵
  PID:11248
- C:\Windows\System\oaENSGI.exe
  C:\Windows\System\oaENSGI.exe
  2⤵
  PID:9612
- C:\Windows\System\OuebiqA.exe
  C:\Windows\System\OuebiqA.exe
  2⤵
  PID:10260
- C:\Windows\System\ZNeLxkQ.exe
  C:\Windows\System\ZNeLxkQ.exe
  2⤵
  PID:10316
- C:\Windows\System\CgSwWyD.exe
  C:\Windows\System\CgSwWyD.exe
  2⤵
  PID:10364
- C:\Windows\System\TaBiMNN.exe
  C:\Windows\System\TaBiMNN.exe
  2⤵
  PID:10484
- C:\Windows\System\BcWvgCL.exe
  C:\Windows\System\BcWvgCL.exe
  2⤵
  PID:10592
- C:\Windows\System\LBdGWxa.exe
  C:\Windows\System\LBdGWxa.exe
  2⤵
  PID:10588
- C:\Windows\System\JGaKgvM.exe
  C:\Windows\System\JGaKgvM.exe
  2⤵
  PID:10728
- C:\Windows\System\BZAOvmB.exe
  C:\Windows\System\BZAOvmB.exe
  2⤵
  PID:10708
- C:\Windows\System\zZVrmcA.exe
  C:\Windows\System\zZVrmcA.exe
  2⤵
  PID:10756
- C:\Windows\System\IROUmMU.exe
  C:\Windows\System\IROUmMU.exe
  2⤵
  PID:10928
- C:\Windows\System\WBRDnbf.exe
  C:\Windows\System\WBRDnbf.exe
  2⤵
  PID:11004
- C:\Windows\System\wEbFwhc.exe
  C:\Windows\System\wEbFwhc.exe
  2⤵
  PID:10916
- C:\Windows\System\YzehBsc.exe
  C:\Windows\System\YzehBsc.exe
  2⤵
  PID:11100
- C:\Windows\System\cOIpCzF.exe
  C:\Windows\System\cOIpCzF.exe
  2⤵
  PID:11124
- C:\Windows\System\DOgeRTl.exe
  C:\Windows\System\DOgeRTl.exe
  2⤵
  PID:11028
- C:\Windows\System\qLtqkiV.exe
  C:\Windows\System\qLtqkiV.exe
  2⤵
  PID:11240
- C:\Windows\System\cAYixlS.exe
  C:\Windows\System\cAYixlS.exe
  2⤵
  PID:11156
- C:\Windows\System\yEQVFlo.exe
  C:\Windows\System\yEQVFlo.exe
  2⤵
  PID:10584
- C:\Windows\System\yOXgytW.exe
  C:\Windows\System\yOXgytW.exe
  2⤵
  PID:10812
- C:\Windows\System\qFyoBwE.exe
  C:\Windows\System\qFyoBwE.exe
  2⤵
  PID:10908
- C:\Windows\System\LJiCfQn.exe
  C:\Windows\System\LJiCfQn.exe
  2⤵
  PID:10616
- C:\Windows\System\mmhwNRa.exe
  C:\Windows\System\mmhwNRa.exe
  2⤵
  PID:11276
- C:\Windows\System\hpmTfoI.exe
  C:\Windows\System\hpmTfoI.exe
  2⤵
  PID:11300
- C:\Windows\System\kwlmOoB.exe
  C:\Windows\System\kwlmOoB.exe
  2⤵
  PID:11324
- C:\Windows\System\qiJuWmP.exe
  C:\Windows\System\qiJuWmP.exe
  2⤵
  PID:11344
- C:\Windows\System\OxgElKq.exe
  C:\Windows\System\OxgElKq.exe
  2⤵
  PID:11376
- C:\Windows\System\ttOCkWn.exe
  C:\Windows\System\ttOCkWn.exe
  2⤵
  PID:11392
- C:\Windows\System\lUtwJJn.exe
  C:\Windows\System\lUtwJJn.exe
  2⤵
  PID:11432
- C:\Windows\System\WpMXYmV.exe
  C:\Windows\System\WpMXYmV.exe
  2⤵
  PID:11456
- C:\Windows\System\eLhBTvO.exe
  C:\Windows\System\eLhBTvO.exe
  2⤵
  PID:11484
- C:\Windows\System\DGhTvTE.exe
  C:\Windows\System\DGhTvTE.exe
  2⤵
  PID:11512
- C:\Windows\System\zCCdDZW.exe
  C:\Windows\System\zCCdDZW.exe
  2⤵
  PID:11536
- C:\Windows\System\RzXyPWq.exe
  C:\Windows\System\RzXyPWq.exe
  2⤵
  PID:11572
- C:\Windows\System\zvJMAJw.exe
  C:\Windows\System\zvJMAJw.exe
  2⤵
  PID:11604
- C:\Windows\System\FhMWlCy.exe
  C:\Windows\System\FhMWlCy.exe
  2⤵
  PID:11636
- C:\Windows\System\HxWrgDb.exe
  C:\Windows\System\HxWrgDb.exe
  2⤵
  PID:11664
- C:\Windows\System\iitVzty.exe
  C:\Windows\System\iitVzty.exe
  2⤵
  PID:11692
- C:\Windows\System\EyUfajn.exe
  C:\Windows\System\EyUfajn.exe
  2⤵
  PID:11720
- C:\Windows\System\FKncddv.exe
  C:\Windows\System\FKncddv.exe
  2⤵
  PID:11752
- C:\Windows\System\AuUVMwy.exe
  C:\Windows\System\AuUVMwy.exe
  2⤵
  PID:11776
- C:\Windows\System\LOfxaJi.exe
  C:\Windows\System\LOfxaJi.exe
  2⤵
  PID:11812
- C:\Windows\System\BrfzgCZ.exe
  C:\Windows\System\BrfzgCZ.exe
  2⤵
  PID:11840
- C:\Windows\System\fgGmMnm.exe
  C:\Windows\System\fgGmMnm.exe
  2⤵
  PID:11868
- C:\Windows\System\MDUEYqE.exe
  C:\Windows\System\MDUEYqE.exe
  2⤵
  PID:11884
- C:\Windows\System\uTgrpPb.exe
  C:\Windows\System\uTgrpPb.exe
  2⤵
  PID:11916
- C:\Windows\System\vjERSJv.exe
  C:\Windows\System\vjERSJv.exe
  2⤵
  PID:11956
- C:\Windows\System\buqAZtt.exe
  C:\Windows\System\buqAZtt.exe
  2⤵
  PID:11976
- C:\Windows\System\NtRCCEb.exe
  C:\Windows\System\NtRCCEb.exe
  2⤵
  PID:12000
- C:\Windows\System\TVmlimz.exe
  C:\Windows\System\TVmlimz.exe
  2⤵
  PID:12024
- C:\Windows\System\ThjlZQN.exe
  C:\Windows\System\ThjlZQN.exe
  2⤵
  PID:12048
- C:\Windows\System\ahgaLfH.exe
  C:\Windows\System\ahgaLfH.exe
  2⤵
  PID:12080
- C:\Windows\System\wolnASO.exe
  C:\Windows\System\wolnASO.exe
  2⤵
  PID:12108
- C:\Windows\System\YsXqMMf.exe
  C:\Windows\System\YsXqMMf.exe
  2⤵
  PID:12136
- C:\Windows\System\YkmqDgg.exe
  C:\Windows\System\YkmqDgg.exe
  2⤵
  PID:12164
- C:\Windows\System\LPNTrZV.exe
  C:\Windows\System\LPNTrZV.exe
  2⤵
  PID:12196
- C:\Windows\System\MftApoc.exe
  C:\Windows\System\MftApoc.exe
  2⤵
  PID:12216
- C:\Windows\System\PCPuIVl.exe
  C:\Windows\System\PCPuIVl.exe
  2⤵
  PID:12232
- C:\Windows\System\rfzRdxY.exe
  C:\Windows\System\rfzRdxY.exe
  2⤵
  PID:12264
- C:\Windows\System\bcRTXBA.exe
  C:\Windows\System\bcRTXBA.exe
  2⤵
  PID:10884
- C:\Windows\System\bbnzWno.exe
  C:\Windows\System\bbnzWno.exe
  2⤵
  PID:10508
- C:\Windows\System\OCyngXk.exe
  C:\Windows\System\OCyngXk.exe
  2⤵
  PID:11032
- C:\Windows\System\dFASXWr.exe
  C:\Windows\System\dFASXWr.exe
  2⤵
  PID:11372
- C:\Windows\System\HkXfcTL.exe
  C:\Windows\System\HkXfcTL.exe
  2⤵
  PID:10888
- C:\Windows\System\YavgMFg.exe
  C:\Windows\System\YavgMFg.exe
  2⤵
  PID:11356
- C:\Windows\System\VZOuCFw.exe
  C:\Windows\System\VZOuCFw.exe
  2⤵
  PID:11592
- C:\Windows\System\lfGVlnD.exe
  C:\Windows\System\lfGVlnD.exe
  2⤵
  PID:11524
- C:\Windows\System\phXKGQI.exe
  C:\Windows\System\phXKGQI.exe
  2⤵
  PID:11416
- C:\Windows\System\ZLaMlMB.exe
  C:\Windows\System\ZLaMlMB.exe
  2⤵
  PID:11708
- C:\Windows\System\gqRFhfs.exe
  C:\Windows\System\gqRFhfs.exe
  2⤵
  PID:11676
- C:\Windows\System\Ruyingf.exe
  C:\Windows\System\Ruyingf.exe
  2⤵
  PID:11792
- C:\Windows\System\ANDdcHE.exe
  C:\Windows\System\ANDdcHE.exe
  2⤵
  PID:11624
- C:\Windows\System\AZGBhRD.exe
  C:\Windows\System\AZGBhRD.exe
  2⤵
  PID:11908
- C:\Windows\System\WhnoXMh.exe
  C:\Windows\System\WhnoXMh.exe
  2⤵
  PID:11828
- C:\Windows\System\PvtDeGq.exe
  C:\Windows\System\PvtDeGq.exe
  2⤵
  PID:11936
- C:\Windows\System\ElqjzFL.exe
  C:\Windows\System\ElqjzFL.exe
  2⤵
  PID:12100
- C:\Windows\System\WemKaMR.exe
  C:\Windows\System\WemKaMR.exe
  2⤵
  PID:12096
- C:\Windows\System\RyDfyOH.exe
  C:\Windows\System\RyDfyOH.exe
  2⤵
  PID:11996
- C:\Windows\System\dTfYUPr.exe
  C:\Windows\System\dTfYUPr.exe
  2⤵
  PID:12092
- C:\Windows\System\lAywiFe.exe
  C:\Windows\System\lAywiFe.exe
  2⤵
  PID:9340
- C:\Windows\System\XtNjxYU.exe
  C:\Windows\System\XtNjxYU.exe
  2⤵
  PID:11164
- C:\Windows\System\NNuCtSW.exe
  C:\Windows\System\NNuCtSW.exe
  2⤵
  PID:12248
- C:\Windows\System\uxtAcrT.exe
  C:\Windows\System\uxtAcrT.exe
  2⤵
  PID:11528
- C:\Windows\System\UosjdZy.exe
  C:\Windows\System\UosjdZy.exe
  2⤵
  PID:11384
- C:\Windows\System\xiVWGsw.exe
  C:\Windows\System\xiVWGsw.exe
  2⤵
  PID:11560
- C:\Windows\System\XCqvpRd.exe
  C:\Windows\System\XCqvpRd.exe
  2⤵
  PID:12072
- C:\Windows\System\ziHURwy.exe
  C:\Windows\System\ziHURwy.exe
  2⤵
  PID:10252
- C:\Windows\System\eWpfYXt.exe
  C:\Windows\System\eWpfYXt.exe
  2⤵
  PID:12296
- C:\Windows\System\zebWOhR.exe
  C:\Windows\System\zebWOhR.exe
  2⤵
  PID:12324
- C:\Windows\System\jNCGohu.exe
  C:\Windows\System\jNCGohu.exe
  2⤵
  PID:12352
- C:\Windows\System\vadexwg.exe
  C:\Windows\System\vadexwg.exe
  2⤵
  PID:12396
- C:\Windows\System\CSmSOoM.exe
  C:\Windows\System\CSmSOoM.exe
  2⤵
  PID:12420
- C:\Windows\System\reFsJZD.exe
  C:\Windows\System\reFsJZD.exe
  2⤵
  PID:12440
- C:\Windows\System\mQsBntB.exe
  C:\Windows\System\mQsBntB.exe
  2⤵
  PID:12472
- C:\Windows\System\FliBMAI.exe
  C:\Windows\System\FliBMAI.exe
  2⤵
  PID:12504
- C:\Windows\System\KlRagjR.exe
  C:\Windows\System\KlRagjR.exe
  2⤵
  PID:12532
- C:\Windows\System\fVmZZEC.exe
  C:\Windows\System\fVmZZEC.exe
  2⤵
  PID:12552
- C:\Windows\System\hneWJIZ.exe
  C:\Windows\System\hneWJIZ.exe
  2⤵
  PID:12592
- C:\Windows\System\iYQOUUP.exe
  C:\Windows\System\iYQOUUP.exe
  2⤵
  PID:12608
- C:\Windows\System\RTjLbOS.exe
  C:\Windows\System\RTjLbOS.exe
  2⤵
  PID:12632
- C:\Windows\System\ZqMDLPQ.exe
  C:\Windows\System\ZqMDLPQ.exe
  2⤵
  PID:12652
- C:\Windows\System\mMpePIa.exe
  C:\Windows\System\mMpePIa.exe
  2⤵
  PID:12676
- C:\Windows\System\wccYmwU.exe
  C:\Windows\System\wccYmwU.exe
  2⤵
  PID:12708
- C:\Windows\System\RcLXNUH.exe
  C:\Windows\System\RcLXNUH.exe
  2⤵
  PID:12732
- C:\Windows\System\pvsTkhi.exe
  C:\Windows\System\pvsTkhi.exe
  2⤵
  PID:12760
- C:\Windows\System\SqKkIlR.exe
  C:\Windows\System\SqKkIlR.exe
  2⤵
  PID:12792
- C:\Windows\System\FZMWaCR.exe
  C:\Windows\System\FZMWaCR.exe
  2⤵
  PID:12812
- C:\Windows\System\FnWosAS.exe
  C:\Windows\System\FnWosAS.exe
  2⤵
  PID:12832
- C:\Windows\System\MaFMFgt.exe
  C:\Windows\System\MaFMFgt.exe
  2⤵
  PID:12868
- C:\Windows\System\GgRiHVD.exe
  C:\Windows\System\GgRiHVD.exe
  2⤵
  PID:12896
- C:\Windows\System\McMGNBz.exe
  C:\Windows\System\McMGNBz.exe
  2⤵
  PID:12912
- C:\Windows\System\pclBIYz.exe
  C:\Windows\System\pclBIYz.exe
  2⤵
  PID:12952
- C:\Windows\System\hXlEPqP.exe
  C:\Windows\System\hXlEPqP.exe
  2⤵
  PID:12980
- C:\Windows\System\tsKtieH.exe
  C:\Windows\System\tsKtieH.exe
  2⤵
  PID:13004
- C:\Windows\System\GtsdrSU.exe
  C:\Windows\System\GtsdrSU.exe
  2⤵
  PID:13028
- C:\Windows\System\VQTvntK.exe
  C:\Windows\System\VQTvntK.exe
  2⤵
  PID:13056
- C:\Windows\System\uFAEqjo.exe
  C:\Windows\System\uFAEqjo.exe
  2⤵
  PID:13084
- C:\Windows\System\xaxjzbc.exe
  C:\Windows\System\xaxjzbc.exe
  2⤵
  PID:13112
- C:\Windows\System\kCKyeVE.exe
  C:\Windows\System\kCKyeVE.exe
  2⤵
  PID:13136
- C:\Windows\System\NfHXkyh.exe
  C:\Windows\System\NfHXkyh.exe
  2⤵
  PID:13160
- C:\Windows\System\QycLfDD.exe
  C:\Windows\System\QycLfDD.exe
  2⤵
  PID:13184
- C:\Windows\System\QQlAHFN.exe
  C:\Windows\System\QQlAHFN.exe
  2⤵
  PID:13208
- C:\Windows\System\ZBCLnQs.exe
  C:\Windows\System\ZBCLnQs.exe
  2⤵
  PID:13232
- C:\Windows\System\OnEINTF.exe
  C:\Windows\System\OnEINTF.exe
  2⤵
  PID:13284
- C:\Windows\System\KHdvqaM.exe
  C:\Windows\System\KHdvqaM.exe
  2⤵
  PID:13300
- C:\Windows\System\tsOPvhV.exe
  C:\Windows\System\tsOPvhV.exe
  2⤵
  PID:12192
- C:\Windows\System\jLmwOsm.exe
  C:\Windows\System\jLmwOsm.exe
  2⤵
  PID:11336
- C:\Windows\System\JizwqbR.exe
  C:\Windows\System\JizwqbR.exe
  2⤵
  PID:11452
- C:\Windows\System\TTOOaHR.exe
  C:\Windows\System\TTOOaHR.exe
  2⤵
  PID:12292
- C:\Windows\System\vHrhIdr.exe
  C:\Windows\System\vHrhIdr.exe
  2⤵
  PID:11364
- C:\Windows\System\CjCNhCz.exe
  C:\Windows\System\CjCNhCz.exe
  2⤵
  PID:11388
- C:\Windows\System\CToKfGb.exe
  C:\Windows\System\CToKfGb.exe
  2⤵
  PID:12604
- C:\Windows\System\bzQrokY.exe
  C:\Windows\System\bzQrokY.exe
  2⤵
  PID:12696
- C:\Windows\System\VFaWvQP.exe
  C:\Windows\System\VFaWvQP.exe
  2⤵
  PID:12788
- C:\Windows\System\vuZUaHb.exe
  C:\Windows\System\vuZUaHb.exe
  2⤵
  PID:12684
- C:\Windows\System\mJdUfxr.exe
  C:\Windows\System\mJdUfxr.exe
  2⤵
  PID:12580
- C:\Windows\System\VTnHDcB.exe
  C:\Windows\System\VTnHDcB.exe
  2⤵
  PID:12784
- C:\Windows\System\ccqmWtN.exe
  C:\Windows\System\ccqmWtN.exe
  2⤵
  PID:12828
- C:\Windows\System\kWwauoY.exe
  C:\Windows\System\kWwauoY.exe
  2⤵
  PID:12884
- C:\Windows\System\dueNACA.exe
  C:\Windows\System\dueNACA.exe
  2⤵
  PID:12944
- C:\Windows\System\zDuzfJd.exe
  C:\Windows\System\zDuzfJd.exe
  2⤵
  PID:12904
- C:\Windows\System\hegMYQX.exe
  C:\Windows\System\hegMYQX.exe
  2⤵
  PID:13172
- C:\Windows\System\bwMYMTB.exe
  C:\Windows\System\bwMYMTB.exe
  2⤵
  PID:13168
- C:\Windows\System\DiabuSq.exe
  C:\Windows\System\DiabuSq.exe
  2⤵
  PID:13108
- C:\Windows\System\rVkiLxQ.exe
  C:\Windows\System\rVkiLxQ.exe
  2⤵
  PID:13200
- C:\Windows\System\ZGWrEFe.exe
  C:\Windows\System\ZGWrEFe.exe
  2⤵
  PID:12416
- C:\Windows\System\QwdJfQO.exe
  C:\Windows\System\QwdJfQO.exe
  2⤵
  PID:12308
- C:\Windows\System\lgprvJD.exe
  C:\Windows\System\lgprvJD.exe
  2⤵
  PID:12388
- C:\Windows\System\gUgFEGT.exe
  C:\Windows\System\gUgFEGT.exe
  2⤵
  PID:12856
- C:\Windows\System\apWybGz.exe
  C:\Windows\System\apWybGz.exe
  2⤵
  PID:12348
- C:\Windows\System\NyeYHwh.exe
  C:\Windows\System\NyeYHwh.exe
  2⤵
  PID:13320
- C:\Windows\System\qgOHfnt.exe
  C:\Windows\System\qgOHfnt.exe
  2⤵
  PID:13356
- C:\Windows\System\sWcEeeG.exe
  C:\Windows\System\sWcEeeG.exe
  2⤵
  PID:13388
- C:\Windows\System\RXUuZGX.exe
  C:\Windows\System\RXUuZGX.exe
  2⤵
  PID:13408
- C:\Windows\System\tcZLlKC.exe
  C:\Windows\System\tcZLlKC.exe
  2⤵
  PID:13436
- C:\Windows\System\FkwYLWb.exe
  C:\Windows\System\FkwYLWb.exe
  2⤵
  PID:13464
- C:\Windows\System\YjhMAii.exe
  C:\Windows\System\YjhMAii.exe
  2⤵
  PID:13496
- C:\Windows\System\gxfldnL.exe
  C:\Windows\System\gxfldnL.exe
  2⤵
  PID:13792
- C:\Windows\System\vvAcIqx.exe
  C:\Windows\System\vvAcIqx.exe
  2⤵
  PID:13808
- C:\Windows\System\wEiZzdo.exe
  C:\Windows\System\wEiZzdo.exe
  2⤵
  PID:13836
- C:\Windows\System\oNgcIWo.exe
  C:\Windows\System\oNgcIWo.exe
  2⤵
  PID:13856
- C:\Windows\System\igBZfHg.exe
  C:\Windows\System\igBZfHg.exe
  2⤵
  PID:13880
- C:\Windows\System\jznAcCc.exe
  C:\Windows\System\jznAcCc.exe
  2⤵
  PID:13896
- C:\Windows\System\kySiVir.exe
  C:\Windows\System\kySiVir.exe
  2⤵
  PID:13920
- C:\Windows\System\rGuUDER.exe
  C:\Windows\System\rGuUDER.exe
  2⤵
  PID:13940
- C:\Windows\System\cJJjDLn.exe
  C:\Windows\System\cJJjDLn.exe
  2⤵
  PID:13964
- C:\Windows\System\wyBOQiT.exe
  C:\Windows\System\wyBOQiT.exe
  2⤵
  PID:13992
- C:\Windows\System\exYDPJZ.exe
  C:\Windows\System\exYDPJZ.exe
  2⤵
  PID:14020
- C:\Windows\System\bazkhuE.exe
  C:\Windows\System\bazkhuE.exe
  2⤵
  PID:14052
- C:\Windows\System\IdZsAUC.exe
  C:\Windows\System\IdZsAUC.exe
  2⤵
  PID:14072
- C:\Windows\System\HVwsoNu.exe
  C:\Windows\System\HVwsoNu.exe
  2⤵
  PID:14096
- C:\Windows\System\czNgVxs.exe
  C:\Windows\System\czNgVxs.exe
  2⤵
  PID:14120
- C:\Windows\System\zhIaIct.exe
  C:\Windows\System\zhIaIct.exe
  2⤵
  PID:14136
- C:\Windows\System\VnNhBaU.exe
  C:\Windows\System\VnNhBaU.exe
  2⤵
  PID:14172
- C:\Windows\System\CpZUCOF.exe
  C:\Windows\System\CpZUCOF.exe
  2⤵
  PID:14212
- C:\Windows\System\KhpWkNJ.exe
  C:\Windows\System\KhpWkNJ.exe
  2⤵
  PID:14236
- C:\Windows\System\PZgFlCr.exe
  C:\Windows\System\PZgFlCr.exe
  2⤵
  PID:14260
- C:\Windows\System\QCQWroi.exe
  C:\Windows\System\QCQWroi.exe
  2⤵
  PID:14276
- C:\Windows\System\wKDomLE.exe
  C:\Windows\System\wKDomLE.exe
  2⤵
  PID:14300
- C:\Windows\System\rtZfLDt.exe
  C:\Windows\System\rtZfLDt.exe
  2⤵
  PID:14324
- C:\Windows\System\Bakhhpk.exe
  C:\Windows\System\Bakhhpk.exe
  2⤵
  PID:13292
- C:\Windows\System\RdipzxV.exe
  C:\Windows\System\RdipzxV.exe
  2⤵
  PID:12992
- C:\Windows\System\UMDTTgK.exe
  C:\Windows\System\UMDTTgK.exe
  2⤵
  PID:13332
- C:\Windows\System\wyGUeZM.exe
  C:\Windows\System\wyGUeZM.exe
  2⤵
  PID:13368
- C:\Windows\System\WavdSZu.exe
  C:\Windows\System\WavdSZu.exe
  2⤵
  PID:12312
- C:\Windows\System\NaHSJvR.exe
  C:\Windows\System\NaHSJvR.exe
  2⤵
  PID:12020
- C:\Windows\System\kAfbhcy.exe
  C:\Windows\System\kAfbhcy.exe
  2⤵
  PID:11092
- C:\Windows\System\AkyjaJs.exe
  C:\Windows\System\AkyjaJs.exe
  2⤵
  PID:12644
- C:\Windows\System\uacjYGH.exe
  C:\Windows\System\uacjYGH.exe
  2⤵
  PID:13460
- C:\Windows\System\GXFlaPD.exe
  C:\Windows\System\GXFlaPD.exe
  2⤵
  PID:13544
- C:\Windows\System\qBQijXh.exe
  C:\Windows\System\qBQijXh.exe
  2⤵
  PID:13660
- C:\Windows\System\gBNdWay.exe
  C:\Windows\System\gBNdWay.exe
  2⤵
  PID:13768
- C:\Windows\System\jXjudNj.exe
  C:\Windows\System\jXjudNj.exe
  2⤵
  PID:1604
- C:\Windows\System\OJBSwnt.exe
  C:\Windows\System\OJBSwnt.exe
  2⤵
  PID:13800
- C:\Windows\System\KxQfkks.exe
  C:\Windows\System\KxQfkks.exe
  2⤵
  PID:13844
- C:\Windows\System\WfEpzgz.exe
  C:\Windows\System\WfEpzgz.exe
  2⤵
  PID:13872
- C:\Windows\System\RPfnCuW.exe
  C:\Windows\System\RPfnCuW.exe
  2⤵
  PID:13932
- C:\Windows\System\MuvdRwa.exe
  C:\Windows\System\MuvdRwa.exe
  2⤵
  PID:13956
- C:\Windows\System\wuFqcRy.exe
  C:\Windows\System\wuFqcRy.exe
  2⤵
  PID:14080
- C:\Windows\System\soVAEgB.exe
  C:\Windows\System\soVAEgB.exe
  2⤵
  PID:14168
- C:\Windows\System\ZvjbtOx.exe
  C:\Windows\System\ZvjbtOx.exe
  2⤵
  PID:14252
- C:\Windows\System\DrqoncY.exe
  C:\Windows\System\DrqoncY.exe
  2⤵
  PID:14128
- C:\Windows\System\vyNnCyH.exe
  C:\Windows\System\vyNnCyH.exe
  2⤵
  PID:14244
- C:\Windows\System\LpVDIiS.exe
  C:\Windows\System\LpVDIiS.exe
  2⤵
  PID:12772
- C:\Windows\System\BMPJVMB.exe
  C:\Windows\System\BMPJVMB.exe
  2⤵
  PID:12752
- C:\Windows\System\fLsYKZR.exe
  C:\Windows\System\fLsYKZR.exe
  2⤵
  PID:13424
- C:\Windows\System\UVeArqF.exe
  C:\Windows\System\UVeArqF.exe
  2⤵
  PID:13576
- C:\Windows\System\ULNeqvS.exe
  C:\Windows\System\ULNeqvS.exe
  2⤵
  PID:12572
- C:\Windows\System\rIGmSsR.exe
  C:\Windows\System\rIGmSsR.exe
  2⤵
  PID:14284
- C:\Windows\System\awpDHEq.exe
  C:\Windows\System\awpDHEq.exe
  2⤵
  PID:13632

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AitJVqR.exe

Filesize
2.1MB

MD5
9aa9d7fe6654d43bcfb70d6d7fc594d4

SHA1
46474b680953fc5f8d7d4b087efb808506f8f289

SHA256
6b4a0c74fcf700c2e5e0bb409eb991222dbc939501cd416c7f62441572a06ee6

SHA512
2701217ee412810b3d4f8ea642b8db29a56ff6c95ce1786aff097c6d4247d6b093af75b4bfa8a9618f82156c026c88528be43a71c781fd67eb2f9438dd836cad

Download Submit
C:\Windows\System\CAEmxWt.exe

Filesize
2.1MB

MD5
6c4917ffaeb72bf19b5ea7e50d449a57

SHA1
84323903471912dc8302304a2cfe177fa143b7de

SHA256
2760e26199e7093dbb4b87d1735c1391df962fc16b3a88207b43b7bf3684cf9a

SHA512
ee291e931abc6e7faedcf9be2e4fc7b729960d5fced18492656a2df1e5dde04e14dfcce54f0e01e9ed1b8bcfb3ee3bb3099a599f96773cffbf28ad8a034f2b4d

Download Submit
C:\Windows\System\CQGMHKv.exe

Filesize
2.2MB

MD5
0b88b527011a6be5ad93e069d3058d85

SHA1
2b2c0c4fd8d9902090b632844b80bc909ce2c331

SHA256
9aa51ed97129a777d20100d1b66c7b1adfab5add458daffb409db0d1e3fa3fdc

SHA512
2dc17dab7bb6d0d87bf129060e57d19d0bd9cabb0b3f18d983bd4fbdd6dbbd4df0f6ad9549bdc416e60ea0741baf883b5ca05242b5c375d27258a92eee355520

Download Submit
C:\Windows\System\CgtUqmX.exe

Filesize
2.2MB

MD5
dcc4ccdc7fbfad2490c4a647a218ee3f

SHA1
757071460fe99b34cc76c11082f48fce4645559b

SHA256
60d44f4a1a6d1251e84622360de550979ad0be029786aa8b4fea18074e285a44

SHA512
2ca137d6c935fca6491b5288f187af87996ec00bf83d436feb284869fbc712c05347bbdf61d5c8d0373d0ab64c92b08b4bdf5afe446287416b06b063dc3e1dec

Download Submit
C:\Windows\System\FgiNKIq.exe

Filesize
2.1MB

MD5
165c529445236a03a625ce35e29866bb

SHA1
c6085286666497a99c56683392c4c4aa5ce68da5

SHA256
b11aa3ddf4dad8ef5af427204e2fac91217ef15e6d447e6fb1f982c3d958ffce

SHA512
61626490034ff8a0aa4d8a06f3330b6c212111dbd11362d2fdb59db87dca60eb621912eb6f68742b1c536d320c3641c0f6f69e70ac55e095f0f2b7594687f46a

Download Submit
C:\Windows\System\Ixipurk.exe

Filesize
2.1MB

MD5
22ae9493e5a525d9ac5a7df2f759e80e

SHA1
b3740271c45e451bbd24e9174e5da27f99484250

SHA256
3d71b27a1749ccac959871f4c17b3b36f494ca8258370d58fedf298b390b9080

SHA512
3b2210e1462c83b9b57971a4a4c7eb0295658dbd26f3d1067a6e7e4a863467f0889036ca44201c9c5074984ba79e05325ee7f138819331e674e3a0da9d856bdd

Download Submit
C:\Windows\System\JswPVsK.exe

Filesize
2.2MB

MD5
435a8df88c5203bc16d12fdfae6133fb

SHA1
aca0ae680aade31735dc6825a634d3dc72ae2578

SHA256
1e575e16154f67de3f89f618849769c3bcc84878528a0b13e9254464994d2b57

SHA512
7f40f9eabe70014e83a7f844e62e119b14bf648734b0055c7c4244efc2ade74f077bc2d808eda9fcafad7239cdcf8cc4d7911d3fb1f6005fa2220d99d6e7f37a

Download Submit
C:\Windows\System\KYGiVxd.exe

Filesize
2.1MB

MD5
8c0454b9fcd795a2127c0dc7b82e9d09

SHA1
d422db9a03163de4ec675a6edd9893395fd9daa8

SHA256
ee7d95623980fe59c10d7c66d4320ca0f226e22c74dfdfd987e02e6c3cf00dae

SHA512
3db748bec6f6c6986742a03890b5f2474797c1998ac8f339250ac97c1d72bf107b7e2b800e657e3d3e35a0d6687457d0cb7114362dd2506074865dfc08c8a09e

Download Submit
C:\Windows\System\OfAGvlX.exe

Filesize
2.1MB

MD5
f1f3abdb984426209c9d88033c67799a

SHA1
c2b1e0526154ae55899848fb179bbd455665a5b9

SHA256
6a55cdc094fde100715dd718f951eecddcf46e0221fb4f42e09cb9945640399b

SHA512
4b203908f9727f32af2142be63b0db987d2090549f69074f9bf1d6321793f3deb66312c1d185d54ceb625504898e2bf6f258e8d7b3f1293761887527bce4accc

Download Submit
C:\Windows\System\PWpMTOe.exe

Filesize
2.1MB

MD5
61d31693be9d18b4cf0b3888a7013fd6

SHA1
3825a2d9597640ee5c3cda674b04a7e29c8c7d47

SHA256
aac5a42982a3c2f53d851746b5d761aad0be8c48da8ea85c74205a9ed94506c4

SHA512
58e96ddbc31893dd984779177f83a66937114ffbb8b1d3ca7e5696994c69bd2e739b0ecc96c06622b0b2b077d77a5f120959411bec7a10b9652356cfbebf4b95

Download Submit
C:\Windows\System\QfMRMAx.exe

Filesize
2.1MB

MD5
08cf9c75ce48fc20166f6766f6e36344

SHA1
91e252479824636e8ce8c2811499fb639e9ab386

SHA256
da8fb9ad8bc57759226e7a949eacb900813cfdbce02a8ef91d9754ef06188030

SHA512
312f96f5cbe5a3069611e1da9f93e3cf1bcbe456aff6b0cb7fbadf5ad4470c510a16b21397cd1444fd8ded349962db4e1ca879e7e095515244c9a517d6c04095

Download Submit
C:\Windows\System\SZPJmGv.exe

Filesize
2.2MB

MD5
1bc3d55d7e5c1c13464386122ad36b10

SHA1
29b1f7e2bc9bad79b424e59d46af927bcdf48bdc

SHA256
643f1d5da4722ce5169e9c9d10a88864b476040f6126e07259206a8c03559ed7

SHA512
5eeeb4ce3d1a0e81940b8a3d0cb1208cb8938b48fa9905e57375439acf941bdc483fe92ab9fb2c6f11f0297fbcb6eb3a10b0602d42bc66e2fe67c61f6dd86127

Download Submit
C:\Windows\System\SxntZZZ.exe

Filesize
2.1MB

MD5
be628843a3a82d60fc2fcdc0c5bf6d5a

SHA1
06c52bec739f2e75675254d4966f555125bed930

SHA256
3a7e10cd0a263acbc2fb2acb0b478bbaac0d810a826a049830d12c34e5066c74

SHA512
83aa5abafe088f30ea7e34fa0da8a59a9b1761b57b302dc3562c3b4a4d0c2f21ed63e8288a702c1028a71b0dca1d9743d94357423e015d8276c5def0f8b52614

Download Submit
C:\Windows\System\Tyhityc.exe

Filesize
2.2MB

MD5
a669a8391fe6baba60c8177790f6ef90

SHA1
00ef2706362890e7206b5a858bdbe2eaa76463a2

SHA256
da215047861e5d2c3423f795a89e2edd7cd37825f71d0026c2f2072df532b830

SHA512
230983d582279fb2da4bfa56ea8e57074ddf08e84914d5a990eb3ddc7756c76556a71ce8570757876946e5a44a91a16ca63f502b43e6da1640dc1ff688209b37

Download Submit
C:\Windows\System\UORYBsU.exe

Filesize
2.1MB

MD5
c1cc5f5d6069265ea8dbb660a25835e5

SHA1
071ec8a1cc0e1d2923a57b2590b5ee2997bfa8e0

SHA256
640880d3bbca6f5c057b5df3cd4aac16757f57c43c76d0b4fef31dc3a31e7888

SHA512
076bed38b3af627adefb164a9442125c25185b937640737856b913489f3971fec14a6bab8f920541c6d21809977d146412d7c3f64b28a611c105f31a7222e749

Download Submit
C:\Windows\System\VAfUvxx.exe

Filesize
2.1MB

MD5
baffb0bfe3d9ae0a03d3bb845348476c

SHA1
a35bd02740696f4473fb48847f700dffb8fef680

SHA256
67ec4b483f9627b702a0abede6dedf91fe6897ec8ed038af8a67ad94fb4d4936

SHA512
7d3b861f512ba824783ab386a615a1190f4a74144a4104ee98fabfb13e853dde1dd0202390f56c336d7407f60db430fd34ab1b462badc5e33172282bb4055af4

Download Submit
C:\Windows\System\WXQnnNi.exe

Filesize
2.1MB

MD5
7ea8dec1bef9d4005c85dc5121b217b1

SHA1
c6dbc2826ca58fd8747fa0b7b6b2fb066cdefe59

SHA256
9efddd9a13904d63a3b985b8debfaf5a8013f018524f40e5924f8ecd28b4e2c3

SHA512
6f871591b116b6cff5c0c7fbb198c7081e6d8f5f45233f21a4741eb982b4c1e37846eed66380f248421dc57e9c19590782c361e8e5f90aea6d380ffdb3b68aba

Download Submit
C:\Windows\System\WjpjCeb.exe

Filesize
2.1MB

MD5
aaca7cc96bf0adba9d8996bf018c25ff

SHA1
845ab324a7f64d67b68a6e30db84d83c21784e3e

SHA256
cab2c7584a2d7690acd8d308a114ff108adee462c422541bb06e4248980fa60d

SHA512
9831c02b73902440e7f1b4b0e5cf29eda3ebe92a047ec0606b15652c64c0789901bf3d2b888df96d286888b1c0cb1853897783babdd758a2205b833971222254

Download Submit
C:\Windows\System\YgtDuVt.exe

Filesize
2.1MB

MD5
5495913766ca2f04b029b768b13c4005

SHA1
78174a26a390967f8589892da7b60f540bfa6608

SHA256
b9b6f97d88488c4b14e2e2612e17f02aab67f332da13736d1054c49af75cc3c7

SHA512
e3a3aa4b43842e5045596281eb2f17269c90e5ed5737504f34f4f0b182f7c52f91ad4943b6092fbe68be9649b880a04ff28805d6a7d39ba61c1ad4a770b63047

Download Submit
C:\Windows\System\ZpzGTLr.exe

Filesize
2.1MB

MD5
2ec299c56935940b4a68c067193f40a3

SHA1
c9c8dcf8fcc873bbb736edef22c8b0c541d851dd

SHA256
4004fd066ed4fbba00479b4f6c9a23fb964f6b43dcaccea019531ea573fbfe1a

SHA512
b599b0b3fc799b0a893dceecd561138500b2bcb5b1849142ed869177aa1df082c62dd11d933ab7dd27a919b406d9f64beacd1b0fc9cebb7b1bf1d50978cc7228

Download Submit
C:\Windows\System\cUlbSOD.exe

Filesize
2.1MB

MD5
d820491dd3856f21de8ccb7a2f39628f

SHA1
4c8d6b3ab276808b760463359675fee02f2756ac

SHA256
0b339c0afdc16a80265604b097270b57f05fe5d5aacbb57c35cf6105ed0b2cb3

SHA512
dfff15c614d4b20974a6cb394c77707518dbe11b470dd78888e2dc89a9aca26c964dedbbdd3339797416332a7c22a663c5ed2296307be0300ee6c79888369380

Download Submit
C:\Windows\System\gSoGYWR.exe

Filesize
2.1MB

MD5
d96e62be6660615ce095654f97499b9c

SHA1
c984b4c8e972067bef96360eeb06712c51aec3f7

SHA256
ea9ce5bbb10be45657d3f2866ee8fc0faf3fe506319cca752961a40d60504ac4

SHA512
c0fc18aafdfb48d856c26eedab34b6f9202046f728966e348df83ad6bd91a86c9061c0958c38cf0a67a89dba080be316b50a05c08b67f0929b96fe0c65c19f51

Download Submit
C:\Windows\System\hRcZaHg.exe

Filesize
2.1MB

MD5
257bade47bde96ffed77ffd8da63fb63

SHA1
eeab53a17abaae7ef1067a36c767452f539ca809

SHA256
995153ad3f2c376384f69d26e9a3ec0d8ffad997672539b1918da431d1388a25

SHA512
76c82296de8b091e903d5c67f59cfc9a668ddff19334187c8f282b333ca7dce0f16c6564f3d30d52208116341496556c263d4899529013a90bb2ebdaa29da1fd

Download Submit
C:\Windows\System\iOjBEmj.exe

Filesize
2.2MB

MD5
3bd3033933295825945a2f0b3f397b8f

SHA1
c127baefda01c38760a656b1f9e363e3b0c0b5ef

SHA256
18c12ce486c7bdc839797fc7ecc3f71e91f46c1979d3dd6904dcd3dc62c6668c

SHA512
2b13ca262492c34ae3f4881e35b70b200799623a8c9374ff857e980d00348c7e351550411dcba635de9c961e94c3d5eab0872b989c735a257925d7e2d4a316fb

Download Submit
C:\Windows\System\jBwWmrq.exe

Filesize
2.1MB

MD5
c889183e8d1b0a56e174511ba7fcf039

SHA1
94a8744c1db4e0372719413ebd040ab876744660

SHA256
49db74c4af680675a08d3cc17d78f64b5f4cafd624b82c23079cb27cabda42f6

SHA512
e80ad9a0817eb76f1e7471e896106ac12b03cfd4256ae560eedb52f717a0702e8857dc4c6ad6f5896d65d280fb07e604e8ac31fa3e6d9efd117c0113fa31b275

Download Submit
C:\Windows\System\jDSrqNX.exe

Filesize
2.1MB

MD5
a428b638e9be9c0716d2ffeebea66eb4

SHA1
1e7bf85b988714b6d6eca9d688e8fe465a717ff2

SHA256
3083f4f997fd5c59b26a18fc7c7c49b2dfe1f77bfe7e9e9fb69931eac1a8f65d

SHA512
fffc7fa67f1e115f23b53dab84a7216a637bf7a995f723aa673c72e2c436471e5894f72e982fdafa6631fd93f34358d0cd04d0563794bd8c460a5179a9523e01

Download Submit
C:\Windows\System\jUKUcrQ.exe

Filesize
2.1MB

MD5
d89a839174b69394429e03b247e6fbd3

SHA1
4905ff5e10e985e6c5b2e7f58d61c38a72d184a7

SHA256
d5858650375dbc511d091849579bfbd5623b6cfccaf6274091488b6651683903

SHA512
66099f918a676862175d6ae9b027de824e23470b6083f9f55f487c4243f162df8a20ee99a23ebcc0700a81297b6939873f38efced28d19357de1f6da422090c6

Download Submit
C:\Windows\System\kMJVjOB.exe

Filesize
2.1MB

MD5
376923eaeda5207a281df87a6aa09493

SHA1
173bce10091d33d1c4722109b30b6e21f74558ee

SHA256
29acb2d3cfc72b80fa7162cc311ce074b76116d826ccf8123d9607c76427fcfe

SHA512
09f2b53afb165d27f150b32a133ac112a20f0270b30ae2b3d0c5a9ddbb1713eaf05aa88db3217825680bdec9d81958ef6a537436570bd224ebd7a9853036aa33

Download Submit
C:\Windows\System\mTjAAKq.exe

Filesize
2.1MB

MD5
add57c1dc9a757072d3165aa876099d7

SHA1
a4b2172ce76a5b979aea7cd7f3390ed0113e32bf

SHA256
2bb93d1625eef515f4f0a2d76fe79fa1d47cebdd3bc60e3ab7b3ed8c021174c9

SHA512
d57c7b06d302e900524bd2f0e3f84a5d3714e7dfc8b26fdb3f255b772ca8ac21f0ee80579053167843b6575cb60be90092b77af85c080aa075f758dae78d7dc7

Download Submit
C:\Windows\System\nnOhCeL.exe

Filesize
2.2MB

MD5
8a5dcb50ca875316dc4af2b3a925f6e5

SHA1
0bc0b876a6ac95fe420b6b790d36605fe36e2a37

SHA256
06d66fa3623152698c25b37dac33fef97eda2a9dce4ab9ad0fc653bea1be96a9

SHA512
7fb915caafb333c165b2b984c7f99672fe4c39c8dc5b03425c786e8c3adc00bcb41e80c87fae6ac98fbdf5dbab5f865d32ab12622f73660c12670c85f884d19d

Download Submit
C:\Windows\System\nyetbSl.exe

Filesize
2.2MB

MD5
204ba2f140a49aa8b139aa936d63ac5f

SHA1
31ad7952bf1f8a73bfa26df5c95ab8ffa506acd1

SHA256
3e49c8d596407d999f882db835e615c949ecdb781f2c0851dd8884122d332be6

SHA512
cfa230a83e5b0ee0c0adc3d36617d224ba2fa6b5384ad49fffa29da87cf9cc4c3431fb6c63cf6157c997bdfc5d1ac5fc287304c9ff9c44a138ac4e7b8e9cc549

Download Submit
C:\Windows\System\onaySIi.exe

Filesize
2.2MB

MD5
92d7fe4ff6895ff07262eb9de4cbfc93

SHA1
af0c5c4a2c1072146f662edd683d025446505437

SHA256
b40b2dbefaf230b491c152389f526234ba4b2faa24a1cfb0d744ec0c60b18808

SHA512
b061a64bfda9f3403cbe6fcf9699b623561c950f5d1eb9f008df2add23c0b917fd874e4440b42204acfef72e5cd62d01495bd31c14ae104c61159781b8d85827

Download Submit
C:\Windows\System\vDIqRHP.exe

Filesize
2.1MB

MD5
2266da5f36dfd996497a61387269f14a

SHA1
e5bdd58399c2fe1d8149c5d0310bb6afc04c6aa1

SHA256
33109592e6ed24b02ccfb2e3f7acef31fdf568c7c27192200499e0ff0630c123

SHA512
3863a1a9074d501829e95c365fecae942133be925efda536d3a7e7de7f49beb86336bfd8945ec0a3ce8989bd54c6f3ae20c79921aadf2f1a4abeb6a1be709568

Download Submit
C:\Windows\System\vKdKOge.exe

Filesize
2.1MB

MD5
01056195b971a0f7aa163e52bbd491d1

SHA1
b6e6b9b5343ddc416a6c16365fc30d2669ebba65

SHA256
1ed34f250ac7c3f306e52814f0c40700032e82974b376ce15104d9c53c930c53

SHA512
2de9e1e8f77e9e9c69e1968603cac64031eb97076a96eb3355333f3d24b9bf9740b146a31609c461623d4f705cfa6566716522f2e8ab8281a06575be212dd354

Download Submit
C:\Windows\System\yuXdPjW.exe

Filesize
2.1MB

MD5
27ed51c5330dad3c9d343aa71c822ad3

SHA1
487b2ad2e062581e3eb12ef3ed1d25df7d3e34cb

SHA256
7ae7ab9e15775d6353d05dc9df4a370359c71276a14afeec60afc052ed8fdb81

SHA512
0ff08811c044c86b032d62250e97098a4f1d732b899cdc04cc29fdb757c1ecd9c37edfeea5ded473d93cc8f5648eab6c7af8f56205542c7b0ffec56a5c07c3a3

Download Submit
C:\Windows\System\zMPDGsE.exe

Filesize
2.2MB

MD5
272fb13fbbe823d6f720cf466bc9197a

SHA1
8ce1a159ad86bf7a909f1e02fa8a5b26622e1bcf

SHA256
461b476f00bec9eabaa35754dca05ba5f2a38ff168b75149d48e91f63a950f39

SHA512
26e406f491a434bd0230df1a9d691ef6fea4a076cde00f610de52b1331d2b3e1ac9d933711b2ee3edd5f375f98dbd28ef21587e3d371b25127a8a6a8101ea6a7

Download Submit
memory/384-2123-0x00007FF78F330000-0x00007FF78F684000-memory.dmp

Filesize
3.3MB

Download
memory/384-194-0x00007FF78F330000-0x00007FF78F684000-memory.dmp

Filesize
3.3MB

Download
memory/400-188-0x00007FF65EE40000-0x00007FF65F194000-memory.dmp

Filesize
3.3MB

Download
memory/400-2128-0x00007FF65EE40000-0x00007FF65F194000-memory.dmp

Filesize
3.3MB

Download
memory/456-30-0x00007FF6D4960000-0x00007FF6D4CB4000-memory.dmp

Filesize
3.3MB

Download
memory/456-2111-0x00007FF6D4960000-0x00007FF6D4CB4000-memory.dmp

Filesize
3.3MB

Download
memory/628-152-0x00007FF6627B0000-0x00007FF662B04000-memory.dmp

Filesize
3.3MB

Download
memory/628-2108-0x00007FF6627B0000-0x00007FF662B04000-memory.dmp

Filesize
3.3MB

Download
memory/628-2125-0x00007FF6627B0000-0x00007FF662B04000-memory.dmp

Filesize
3.3MB

Download
memory/736-2130-0x00007FF6C8F30000-0x00007FF6C9284000-memory.dmp

Filesize
3.3MB

Download
memory/736-202-0x00007FF6C8F30000-0x00007FF6C9284000-memory.dmp

Filesize
3.3MB

Download
memory/748-2135-0x00007FF76CEC0000-0x00007FF76D214000-memory.dmp

Filesize
3.3MB

Download
memory/748-195-0x00007FF76CEC0000-0x00007FF76D214000-memory.dmp

Filesize
3.3MB

Download
memory/1052-191-0x00007FF7A3530000-0x00007FF7A3884000-memory.dmp

Filesize
3.3MB

Download
memory/1052-2119-0x00007FF7A3530000-0x00007FF7A3884000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2132-0x00007FF68B260000-0x00007FF68B5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1192-192-0x00007FF68B260000-0x00007FF68B5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-2106-0x00007FF6A0660000-0x00007FF6A09B4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-91-0x00007FF6A0660000-0x00007FF6A09B4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-2117-0x00007FF6A0660000-0x00007FF6A09B4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-2113-0x00007FF7E9460000-0x00007FF7E97B4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-68-0x00007FF7E9460000-0x00007FF7E97B4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-2137-0x00007FF7B16A0000-0x00007FF7B19F4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-197-0x00007FF7B16A0000-0x00007FF7B19F4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-0-0x00007FF7D2AF0000-0x00007FF7D2E44000-memory.dmp

Filesize
3.3MB

Download
memory/1688-1-0x0000015C350F0000-0x0000015C35100000-memory.dmp

Filesize
64KB

Download
memory/1688-2104-0x00007FF7D2AF0000-0x00007FF7D2E44000-memory.dmp

Filesize
3.3MB

Download
memory/1808-196-0x00007FF7AFE70000-0x00007FF7B01C4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-2136-0x00007FF7AFE70000-0x00007FF7B01C4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2120-0x00007FF7FD290000-0x00007FF7FD5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-187-0x00007FF7FD290000-0x00007FF7FD5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-2133-0x00007FF611FF0000-0x00007FF612344000-memory.dmp

Filesize
3.3MB

Download
memory/2056-203-0x00007FF611FF0000-0x00007FF612344000-memory.dmp

Filesize
3.3MB

Download
memory/2112-199-0x00007FF71B0C0000-0x00007FF71B414000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2116-0x00007FF71B0C0000-0x00007FF71B414000-memory.dmp

Filesize
3.3MB

Download
memory/2544-126-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2107-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2131-0x00007FF75FCE0000-0x00007FF760034000-memory.dmp

Filesize
3.3MB

Download
memory/2984-200-0x00007FF7B4230000-0x00007FF7B4584000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2115-0x00007FF7B4230000-0x00007FF7B4584000-memory.dmp

Filesize
3.3MB

Download
memory/3108-2126-0x00007FF742510000-0x00007FF742864000-memory.dmp

Filesize
3.3MB

Download
memory/3108-171-0x00007FF742510000-0x00007FF742864000-memory.dmp

Filesize
3.3MB

Download
memory/3412-2121-0x00007FF6F5000000-0x00007FF6F5354000-memory.dmp

Filesize
3.3MB

Download
memory/3412-127-0x00007FF6F5000000-0x00007FF6F5354000-memory.dmp

Filesize
3.3MB

Download
memory/3552-190-0x00007FF7B6F60000-0x00007FF7B72B4000-memory.dmp

Filesize
3.3MB

Download
memory/3552-2118-0x00007FF7B6F60000-0x00007FF7B72B4000-memory.dmp

Filesize
3.3MB

Download
memory/3668-181-0x00007FF622890000-0x00007FF622BE4000-memory.dmp

Filesize
3.3MB

Download
memory/3668-2122-0x00007FF622890000-0x00007FF622BE4000-memory.dmp

Filesize
3.3MB

Download
memory/3740-182-0x00007FF60C980000-0x00007FF60CCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3740-2124-0x00007FF60C980000-0x00007FF60CCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-193-0x00007FF63BF10000-0x00007FF63C264000-memory.dmp

Filesize
3.3MB

Download
memory/3776-2134-0x00007FF63BF10000-0x00007FF63C264000-memory.dmp

Filesize
3.3MB

Download
memory/3944-2110-0x00007FF7FCFC0000-0x00007FF7FD314000-memory.dmp

Filesize
3.3MB

Download
memory/3944-21-0x00007FF7FCFC0000-0x00007FF7FD314000-memory.dmp

Filesize
3.3MB

Download
memory/4104-198-0x00007FF6903D0000-0x00007FF690724000-memory.dmp

Filesize
3.3MB

Download
memory/4104-2112-0x00007FF6903D0000-0x00007FF690724000-memory.dmp

Filesize
3.3MB

Download
memory/4116-2127-0x00007FF7456E0000-0x00007FF745A34000-memory.dmp

Filesize
3.3MB

Download
memory/4116-201-0x00007FF7456E0000-0x00007FF745A34000-memory.dmp

Filesize
3.3MB

Download
memory/4280-2114-0x00007FF687000000-0x00007FF687354000-memory.dmp

Filesize
3.3MB

Download
memory/4280-2105-0x00007FF687000000-0x00007FF687354000-memory.dmp

Filesize
3.3MB

Download
memory/4280-51-0x00007FF687000000-0x00007FF687354000-memory.dmp

Filesize
3.3MB

Download
memory/4632-2129-0x00007FF6A0E60000-0x00007FF6A11B4000-memory.dmp

Filesize
3.3MB

Download
memory/4632-172-0x00007FF6A0E60000-0x00007FF6A11B4000-memory.dmp

Filesize
3.3MB

Download
memory/4876-10-0x00007FF7C98D0000-0x00007FF7C9C24000-memory.dmp

Filesize
3.3MB

Download
memory/4876-2109-0x00007FF7C98D0000-0x00007FF7C9C24000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads