xmrig | f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e

Analysis

max time kernel
113s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 04:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
Size

2.0MB
MD5

4a4cd7d141bc2cfba252aa132651973d
SHA1

0b75b34b7632c79e6d683efa322c5f2949e22e29
SHA256

f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e
SHA512

f88b956b8c9194bf74bd651e6c958d0764c77141614256288c7856f38cd4d14c4f91397ab803552f4a99f27a993c871a08708ef75a55dcf93e5544943f71fdee
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQW/dLUoJlrz:BemTLkNdfE0pZrQm

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4704-0-0x00007FF70DD30000-0x00007FF70E084000-memory.dmp	UPX
behavioral2/files/0x0007000000023288-6.dat	UPX
behavioral2/files/0x0008000000023404-12.dat	UPX
behavioral2/files/0x0007000000023409-23.dat	UPX
behavioral2/files/0x000700000002340a-30.dat	UPX
behavioral2/files/0x000700000002340e-45.dat	UPX
behavioral2/memory/2420-46-0x00007FF739FB0000-0x00007FF73A304000-memory.dmp	UPX
behavioral2/memory/1348-51-0x00007FF795010000-0x00007FF795364000-memory.dmp	UPX
behavioral2/memory/3472-58-0x00007FF79EB30000-0x00007FF79EE84000-memory.dmp	UPX
behavioral2/files/0x0007000000023410-63.dat	UPX
behavioral2/files/0x0007000000023419-111.dat	UPX
behavioral2/files/0x000700000002341f-141.dat	UPX
behavioral2/files/0x0007000000023424-168.dat	UPX
behavioral2/memory/3292-523-0x00007FF6BC170000-0x00007FF6BC4C4000-memory.dmp	UPX
behavioral2/memory/2180-525-0x00007FF74C6F0000-0x00007FF74CA44000-memory.dmp	UPX
behavioral2/memory/796-524-0x00007FF710B40000-0x00007FF710E94000-memory.dmp	UPX
behavioral2/memory/1608-526-0x00007FF6CAD30000-0x00007FF6CB084000-memory.dmp	UPX
behavioral2/memory/2820-527-0x00007FF615C10000-0x00007FF615F64000-memory.dmp	UPX
behavioral2/memory/3992-536-0x00007FF6CD160000-0x00007FF6CD4B4000-memory.dmp	UPX
behavioral2/memory/3320-532-0x00007FF791710000-0x00007FF791A64000-memory.dmp	UPX
behavioral2/memory/2620-543-0x00007FF70BBE0000-0x00007FF70BF34000-memory.dmp	UPX
behavioral2/memory/3856-569-0x00007FF607480000-0x00007FF6077D4000-memory.dmp	UPX
behavioral2/memory/3424-576-0x00007FF7A5DE0000-0x00007FF7A6134000-memory.dmp	UPX
behavioral2/memory/3060-566-0x00007FF6014D0000-0x00007FF601824000-memory.dmp	UPX
behavioral2/memory/2784-562-0x00007FF72F080000-0x00007FF72F3D4000-memory.dmp	UPX
behavioral2/memory/4444-557-0x00007FF6E2120000-0x00007FF6E2474000-memory.dmp	UPX
behavioral2/memory/4284-552-0x00007FF7066D0000-0x00007FF706A24000-memory.dmp	UPX
behavioral2/memory/776-547-0x00007FF60BDD0000-0x00007FF60C124000-memory.dmp	UPX
behavioral2/memory/1364-540-0x00007FF671CE0000-0x00007FF672034000-memory.dmp	UPX
behavioral2/memory/3696-588-0x00007FF76EC80000-0x00007FF76EFD4000-memory.dmp	UPX
behavioral2/memory/4428-585-0x00007FF708570000-0x00007FF7088C4000-memory.dmp	UPX
behavioral2/memory/2312-596-0x00007FF6AA5A0000-0x00007FF6AA8F4000-memory.dmp	UPX
behavioral2/memory/4548-600-0x00007FF7223E0000-0x00007FF722734000-memory.dmp	UPX
behavioral2/memory/1704-593-0x00007FF75D8A0000-0x00007FF75DBF4000-memory.dmp	UPX
behavioral2/memory/3124-590-0x00007FF7DD9F0000-0x00007FF7DDD44000-memory.dmp	UPX
behavioral2/files/0x0007000000023426-170.dat	UPX
behavioral2/files/0x0007000000023425-165.dat	UPX
behavioral2/files/0x0007000000023423-163.dat	UPX
behavioral2/files/0x0007000000023422-156.dat	UPX
behavioral2/files/0x0007000000023421-151.dat	UPX
behavioral2/files/0x0007000000023420-146.dat	UPX
behavioral2/files/0x000700000002341e-136.dat	UPX
behavioral2/files/0x000700000002341d-131.dat	UPX
behavioral2/files/0x000700000002341c-126.dat	UPX
behavioral2/files/0x000700000002341b-121.dat	UPX
behavioral2/files/0x000700000002341a-116.dat	UPX
behavioral2/files/0x0007000000023418-106.dat	UPX
behavioral2/files/0x0007000000023417-101.dat	UPX
behavioral2/files/0x0007000000023416-96.dat	UPX
behavioral2/files/0x0007000000023415-91.dat	UPX
behavioral2/files/0x0007000000023414-85.dat	UPX
behavioral2/files/0x0007000000023413-81.dat	UPX
behavioral2/files/0x0007000000023412-76.dat	UPX
behavioral2/files/0x0007000000023411-71.dat	UPX
behavioral2/files/0x000700000002340d-54.dat	UPX
behavioral2/files/0x000700000002340f-53.dat	UPX
behavioral2/memory/2116-52-0x00007FF76F090000-0x00007FF76F3E4000-memory.dmp	UPX
behavioral2/memory/1880-47-0x00007FF7A84B0000-0x00007FF7A8804000-memory.dmp	UPX
behavioral2/files/0x000700000002340c-41.dat	UPX
behavioral2/files/0x000700000002340b-36.dat	UPX
behavioral2/memory/2600-21-0x00007FF6D2E60000-0x00007FF6D31B4000-memory.dmp	UPX
behavioral2/memory/944-17-0x00007FF648560000-0x00007FF6488B4000-memory.dmp	UPX
behavioral2/files/0x0007000000023408-16.dat	UPX
behavioral2/memory/2116-2107-0x00007FF76F090000-0x00007FF76F3E4000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4704-0-0x00007FF70DD30000-0x00007FF70E084000-memory.dmp	xmrig
behavioral2/files/0x0007000000023288-6.dat	xmrig
behavioral2/files/0x0008000000023404-12.dat	xmrig
behavioral2/files/0x0007000000023409-23.dat	xmrig
behavioral2/files/0x000700000002340a-30.dat	xmrig
behavioral2/files/0x000700000002340e-45.dat	xmrig
behavioral2/memory/2420-46-0x00007FF739FB0000-0x00007FF73A304000-memory.dmp	xmrig
behavioral2/memory/1348-51-0x00007FF795010000-0x00007FF795364000-memory.dmp	xmrig
behavioral2/memory/3472-58-0x00007FF79EB30000-0x00007FF79EE84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-63.dat	xmrig
behavioral2/files/0x0007000000023419-111.dat	xmrig
behavioral2/files/0x000700000002341f-141.dat	xmrig
behavioral2/files/0x0007000000023424-168.dat	xmrig
behavioral2/memory/3292-523-0x00007FF6BC170000-0x00007FF6BC4C4000-memory.dmp	xmrig
behavioral2/memory/2180-525-0x00007FF74C6F0000-0x00007FF74CA44000-memory.dmp	xmrig
behavioral2/memory/796-524-0x00007FF710B40000-0x00007FF710E94000-memory.dmp	xmrig
behavioral2/memory/1608-526-0x00007FF6CAD30000-0x00007FF6CB084000-memory.dmp	xmrig
behavioral2/memory/2820-527-0x00007FF615C10000-0x00007FF615F64000-memory.dmp	xmrig
behavioral2/memory/3992-536-0x00007FF6CD160000-0x00007FF6CD4B4000-memory.dmp	xmrig
behavioral2/memory/3320-532-0x00007FF791710000-0x00007FF791A64000-memory.dmp	xmrig
behavioral2/memory/2620-543-0x00007FF70BBE0000-0x00007FF70BF34000-memory.dmp	xmrig
behavioral2/memory/3856-569-0x00007FF607480000-0x00007FF6077D4000-memory.dmp	xmrig
behavioral2/memory/3424-576-0x00007FF7A5DE0000-0x00007FF7A6134000-memory.dmp	xmrig
behavioral2/memory/3060-566-0x00007FF6014D0000-0x00007FF601824000-memory.dmp	xmrig
behavioral2/memory/2784-562-0x00007FF72F080000-0x00007FF72F3D4000-memory.dmp	xmrig
behavioral2/memory/4444-557-0x00007FF6E2120000-0x00007FF6E2474000-memory.dmp	xmrig
behavioral2/memory/4284-552-0x00007FF7066D0000-0x00007FF706A24000-memory.dmp	xmrig
behavioral2/memory/776-547-0x00007FF60BDD0000-0x00007FF60C124000-memory.dmp	xmrig
behavioral2/memory/1364-540-0x00007FF671CE0000-0x00007FF672034000-memory.dmp	xmrig
behavioral2/memory/3696-588-0x00007FF76EC80000-0x00007FF76EFD4000-memory.dmp	xmrig
behavioral2/memory/4428-585-0x00007FF708570000-0x00007FF7088C4000-memory.dmp	xmrig
behavioral2/memory/2312-596-0x00007FF6AA5A0000-0x00007FF6AA8F4000-memory.dmp	xmrig
behavioral2/memory/4548-600-0x00007FF7223E0000-0x00007FF722734000-memory.dmp	xmrig
behavioral2/memory/1704-593-0x00007FF75D8A0000-0x00007FF75DBF4000-memory.dmp	xmrig
behavioral2/memory/3124-590-0x00007FF7DD9F0000-0x00007FF7DDD44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-170.dat	xmrig
behavioral2/files/0x0007000000023425-165.dat	xmrig
behavioral2/files/0x0007000000023423-163.dat	xmrig
behavioral2/files/0x0007000000023422-156.dat	xmrig
behavioral2/files/0x0007000000023421-151.dat	xmrig
behavioral2/files/0x0007000000023420-146.dat	xmrig
behavioral2/files/0x000700000002341e-136.dat	xmrig
behavioral2/files/0x000700000002341d-131.dat	xmrig
behavioral2/files/0x000700000002341c-126.dat	xmrig
behavioral2/files/0x000700000002341b-121.dat	xmrig
behavioral2/files/0x000700000002341a-116.dat	xmrig
behavioral2/files/0x0007000000023418-106.dat	xmrig
behavioral2/files/0x0007000000023417-101.dat	xmrig
behavioral2/files/0x0007000000023416-96.dat	xmrig
behavioral2/files/0x0007000000023415-91.dat	xmrig
behavioral2/files/0x0007000000023414-85.dat	xmrig
behavioral2/files/0x0007000000023413-81.dat	xmrig
behavioral2/files/0x0007000000023412-76.dat	xmrig
behavioral2/files/0x0007000000023411-71.dat	xmrig
behavioral2/files/0x000700000002340d-54.dat	xmrig
behavioral2/files/0x000700000002340f-53.dat	xmrig
behavioral2/memory/2116-52-0x00007FF76F090000-0x00007FF76F3E4000-memory.dmp	xmrig
behavioral2/memory/1880-47-0x00007FF7A84B0000-0x00007FF7A8804000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-41.dat	xmrig
behavioral2/files/0x000700000002340b-36.dat	xmrig
behavioral2/memory/2600-21-0x00007FF6D2E60000-0x00007FF6D31B4000-memory.dmp	xmrig
behavioral2/memory/944-17-0x00007FF648560000-0x00007FF6488B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-16.dat	xmrig
behavioral2/memory/2116-2107-0x00007FF76F090000-0x00007FF76F3E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
944	mQkeyGt.exe
3472	yYPrSsC.exe
2600	nlcUQLh.exe
3292	VxvRBpD.exe
2420	buHTSfP.exe
1880	mlIyvfV.exe
1348	uQlLjnK.exe
2116	COXCYaR.exe
796	xOHWorR.exe
2180	orGpmkC.exe
4548	RRUgtCp.exe
1608	daNfaEX.exe
2820	xsFBLQE.exe
3320	xrHpnEF.exe
3992	IRmqkeb.exe
1364	erPNeUB.exe
2620	vQPNKUX.exe
776	dTbgyVQ.exe
4284	yqOwMBt.exe
4444	SGhyOPw.exe
2784	FmLSjXx.exe
3060	shvAreF.exe
3856	gSZqizb.exe
3424	dijCaRC.exe
4428	RUmwXVQ.exe
3696	pmLCIRc.exe
3124	HmQHqaQ.exe
1704	ndMjCeE.exe
2312	eQryCsp.exe
1304	PfOOBpz.exe
2432	MwGXJDF.exe
1416	PbslCRZ.exe
2596	KeOgOXS.exe
4440	TfQOsAz.exe
4904	ceglqCQ.exe
1664	MBZZicY.exe
3500	ODhcCEA.exe
3988	BvkYuBF.exe
2212	DVUGKoU.exe
4752	GGWPhsR.exe
4808	xYqYvUr.exe
3524	LKMcGrZ.exe
928	clWTFUI.exe
2516	HDlhliM.exe
4936	UxjqoDD.exe
4884	dyAsAIV.exe
4564	DYskwCw.exe
4328	MPkDPdt.exe
1360	licPuav.exe
2356	lHzQsDC.exe
1788	gsVsNaW.exe
4844	BgOTAjj.exe
324	DtDGYzn.exe
2932	XMyKNRb.exe
1432	QOMUBQX.exe
4400	lboOlMH.exe
1640	WKqTcnG.exe
728	nBaNZEj.exe
2340	fbOmuNS.exe
956	mKNCnxf.exe
3904	dlXRocp.exe
1960	NlyciMW.exe
3940	injcorQ.exe
2960	NaSGfdh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4704-0-0x00007FF70DD30000-0x00007FF70E084000-memory.dmp	upx
behavioral2/files/0x0007000000023288-6.dat	upx
behavioral2/files/0x0008000000023404-12.dat	upx
behavioral2/files/0x0007000000023409-23.dat	upx
behavioral2/files/0x000700000002340a-30.dat	upx
behavioral2/files/0x000700000002340e-45.dat	upx
behavioral2/memory/2420-46-0x00007FF739FB0000-0x00007FF73A304000-memory.dmp	upx
behavioral2/memory/1348-51-0x00007FF795010000-0x00007FF795364000-memory.dmp	upx
behavioral2/memory/3472-58-0x00007FF79EB30000-0x00007FF79EE84000-memory.dmp	upx
behavioral2/files/0x0007000000023410-63.dat	upx
behavioral2/files/0x0007000000023419-111.dat	upx
behavioral2/files/0x000700000002341f-141.dat	upx
behavioral2/files/0x0007000000023424-168.dat	upx
behavioral2/memory/3292-523-0x00007FF6BC170000-0x00007FF6BC4C4000-memory.dmp	upx
behavioral2/memory/2180-525-0x00007FF74C6F0000-0x00007FF74CA44000-memory.dmp	upx
behavioral2/memory/796-524-0x00007FF710B40000-0x00007FF710E94000-memory.dmp	upx
behavioral2/memory/1608-526-0x00007FF6CAD30000-0x00007FF6CB084000-memory.dmp	upx
behavioral2/memory/2820-527-0x00007FF615C10000-0x00007FF615F64000-memory.dmp	upx
behavioral2/memory/3992-536-0x00007FF6CD160000-0x00007FF6CD4B4000-memory.dmp	upx
behavioral2/memory/3320-532-0x00007FF791710000-0x00007FF791A64000-memory.dmp	upx
behavioral2/memory/2620-543-0x00007FF70BBE0000-0x00007FF70BF34000-memory.dmp	upx
behavioral2/memory/3856-569-0x00007FF607480000-0x00007FF6077D4000-memory.dmp	upx
behavioral2/memory/3424-576-0x00007FF7A5DE0000-0x00007FF7A6134000-memory.dmp	upx
behavioral2/memory/3060-566-0x00007FF6014D0000-0x00007FF601824000-memory.dmp	upx
behavioral2/memory/2784-562-0x00007FF72F080000-0x00007FF72F3D4000-memory.dmp	upx
behavioral2/memory/4444-557-0x00007FF6E2120000-0x00007FF6E2474000-memory.dmp	upx
behavioral2/memory/4284-552-0x00007FF7066D0000-0x00007FF706A24000-memory.dmp	upx
behavioral2/memory/776-547-0x00007FF60BDD0000-0x00007FF60C124000-memory.dmp	upx
behavioral2/memory/1364-540-0x00007FF671CE0000-0x00007FF672034000-memory.dmp	upx
behavioral2/memory/3696-588-0x00007FF76EC80000-0x00007FF76EFD4000-memory.dmp	upx
behavioral2/memory/4428-585-0x00007FF708570000-0x00007FF7088C4000-memory.dmp	upx
behavioral2/memory/2312-596-0x00007FF6AA5A0000-0x00007FF6AA8F4000-memory.dmp	upx
behavioral2/memory/4548-600-0x00007FF7223E0000-0x00007FF722734000-memory.dmp	upx
behavioral2/memory/1704-593-0x00007FF75D8A0000-0x00007FF75DBF4000-memory.dmp	upx
behavioral2/memory/3124-590-0x00007FF7DD9F0000-0x00007FF7DDD44000-memory.dmp	upx
behavioral2/files/0x0007000000023426-170.dat	upx
behavioral2/files/0x0007000000023425-165.dat	upx
behavioral2/files/0x0007000000023423-163.dat	upx
behavioral2/files/0x0007000000023422-156.dat	upx
behavioral2/files/0x0007000000023421-151.dat	upx
behavioral2/files/0x0007000000023420-146.dat	upx
behavioral2/files/0x000700000002341e-136.dat	upx
behavioral2/files/0x000700000002341d-131.dat	upx
behavioral2/files/0x000700000002341c-126.dat	upx
behavioral2/files/0x000700000002341b-121.dat	upx
behavioral2/files/0x000700000002341a-116.dat	upx
behavioral2/files/0x0007000000023418-106.dat	upx
behavioral2/files/0x0007000000023417-101.dat	upx
behavioral2/files/0x0007000000023416-96.dat	upx
behavioral2/files/0x0007000000023415-91.dat	upx
behavioral2/files/0x0007000000023414-85.dat	upx
behavioral2/files/0x0007000000023413-81.dat	upx
behavioral2/files/0x0007000000023412-76.dat	upx
behavioral2/files/0x0007000000023411-71.dat	upx
behavioral2/files/0x000700000002340d-54.dat	upx
behavioral2/files/0x000700000002340f-53.dat	upx
behavioral2/memory/2116-52-0x00007FF76F090000-0x00007FF76F3E4000-memory.dmp	upx
behavioral2/memory/1880-47-0x00007FF7A84B0000-0x00007FF7A8804000-memory.dmp	upx
behavioral2/files/0x000700000002340c-41.dat	upx
behavioral2/files/0x000700000002340b-36.dat	upx
behavioral2/memory/2600-21-0x00007FF6D2E60000-0x00007FF6D31B4000-memory.dmp	upx
behavioral2/memory/944-17-0x00007FF648560000-0x00007FF6488B4000-memory.dmp	upx
behavioral2/files/0x0007000000023408-16.dat	upx
behavioral2/memory/2116-2107-0x00007FF76F090000-0x00007FF76F3E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\buEwFVv.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\bmyjZdd.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\FTSkZKS.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\TtHtGDe.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\pJPDhIr.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\kmdGxCH.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\XfUtVuB.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\asTuCyh.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\KrRaZck.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\RpKNSly.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\DRyoppI.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\AXAQkip.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\IRmqkeb.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\HDlhliM.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\HrvPCEh.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\wEBsCCX.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\ClpmUhU.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\bOBovTt.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\lDijckn.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\pIecuAr.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\yPayuFB.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\iybFnRr.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\BvkYuBF.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\clWTFUI.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\KnNldKG.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\aWRbRoO.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\IzhYMEn.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\vNpkiLM.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\mbTEshb.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\OSvkowq.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\eZhAaiW.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\yOtJurG.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\UIfubja.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\GGWPhsR.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\fbOmuNS.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\kLfhTpX.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\vcTTqcJ.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\BVKHAic.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\AcyIGzv.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\zwCIoRh.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\zxNBpsk.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\sNhVMYl.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\tLaLTxs.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\OEOrIdW.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\rsFbprv.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\rLkPqSP.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\hTrvezg.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\dTbgyVQ.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\WDSLeVC.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\sDPhfdz.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\qUBltvW.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\SzqptOx.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\gYoIRHP.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\UxjqoDD.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\zZMdAUt.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\aearcmN.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\oPFpLla.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\HMjojVV.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\DuBPCif.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\YMbBntZ.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\kMUnTlh.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\BekXwPW.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\zaldvNc.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
File created	C:\Windows\System\FKlmjMI.exe	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14512	dwm.exe
Token: SeChangeNotifyPrivilege	14512	dwm.exe
Token: 33	14512	dwm.exe
Token: SeIncBasePriorityPrivilege	14512	dwm.exe
Token: SeShutdownPrivilege	14512	dwm.exe
Token: SeCreatePagefilePrivilege	14512	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 944	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	84
PID 4704 wrote to memory of 944	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	84
PID 4704 wrote to memory of 3472	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	85
PID 4704 wrote to memory of 3472	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	85
PID 4704 wrote to memory of 2600	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	86
PID 4704 wrote to memory of 2600	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	86
PID 4704 wrote to memory of 3292	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	87
PID 4704 wrote to memory of 3292	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	87
PID 4704 wrote to memory of 2420	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	88
PID 4704 wrote to memory of 2420	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	88
PID 4704 wrote to memory of 1880	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	89
PID 4704 wrote to memory of 1880	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	89
PID 4704 wrote to memory of 1348	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	90
PID 4704 wrote to memory of 1348	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	90
PID 4704 wrote to memory of 2116	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	91
PID 4704 wrote to memory of 2116	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	91
PID 4704 wrote to memory of 796	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	92
PID 4704 wrote to memory of 796	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	92
PID 4704 wrote to memory of 2180	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	93
PID 4704 wrote to memory of 2180	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	93
PID 4704 wrote to memory of 4548	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	94
PID 4704 wrote to memory of 4548	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	94
PID 4704 wrote to memory of 1608	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	95
PID 4704 wrote to memory of 1608	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	95
PID 4704 wrote to memory of 2820	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	96
PID 4704 wrote to memory of 2820	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	96
PID 4704 wrote to memory of 3320	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	97
PID 4704 wrote to memory of 3320	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	97
PID 4704 wrote to memory of 3992	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	98
PID 4704 wrote to memory of 3992	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	98
PID 4704 wrote to memory of 1364	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	99
PID 4704 wrote to memory of 1364	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	99
PID 4704 wrote to memory of 2620	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	100
PID 4704 wrote to memory of 2620	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	100
PID 4704 wrote to memory of 776	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	101
PID 4704 wrote to memory of 776	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	101
PID 4704 wrote to memory of 4284	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	102
PID 4704 wrote to memory of 4284	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	102
PID 4704 wrote to memory of 4444	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	103
PID 4704 wrote to memory of 4444	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	103
PID 4704 wrote to memory of 2784	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	104
PID 4704 wrote to memory of 2784	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	104
PID 4704 wrote to memory of 3060	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	105
PID 4704 wrote to memory of 3060	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	105
PID 4704 wrote to memory of 3856	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	106
PID 4704 wrote to memory of 3856	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	106
PID 4704 wrote to memory of 3424	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	107
PID 4704 wrote to memory of 3424	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	107
PID 4704 wrote to memory of 4428	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	108
PID 4704 wrote to memory of 4428	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	108
PID 4704 wrote to memory of 3696	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	109
PID 4704 wrote to memory of 3696	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	109
PID 4704 wrote to memory of 3124	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	110
PID 4704 wrote to memory of 3124	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	110
PID 4704 wrote to memory of 1704	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	111
PID 4704 wrote to memory of 1704	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	111
PID 4704 wrote to memory of 2312	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	112
PID 4704 wrote to memory of 2312	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	112
PID 4704 wrote to memory of 1304	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	113
PID 4704 wrote to memory of 1304	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	113
PID 4704 wrote to memory of 2432	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	114
PID 4704 wrote to memory of 2432	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	114
PID 4704 wrote to memory of 1416	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	115
PID 4704 wrote to memory of 1416	4704	f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe	115

C:\Users\Admin\AppData\Local\Temp\f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe
"C:\Users\Admin\AppData\Local\Temp\f1b9fad59ce7cae1007821d639588ab65f96bd07b3d4dbb124bbe7e4934fca6e.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Windows\System\mQkeyGt.exe
  C:\Windows\System\mQkeyGt.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\yYPrSsC.exe
  C:\Windows\System\yYPrSsC.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\nlcUQLh.exe
  C:\Windows\System\nlcUQLh.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\VxvRBpD.exe
  C:\Windows\System\VxvRBpD.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\buHTSfP.exe
  C:\Windows\System\buHTSfP.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\mlIyvfV.exe
  C:\Windows\System\mlIyvfV.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\uQlLjnK.exe
  C:\Windows\System\uQlLjnK.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\COXCYaR.exe
  C:\Windows\System\COXCYaR.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\xOHWorR.exe
  C:\Windows\System\xOHWorR.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\orGpmkC.exe
  C:\Windows\System\orGpmkC.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\RRUgtCp.exe
  C:\Windows\System\RRUgtCp.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\daNfaEX.exe
  C:\Windows\System\daNfaEX.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\xsFBLQE.exe
  C:\Windows\System\xsFBLQE.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\xrHpnEF.exe
  C:\Windows\System\xrHpnEF.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\IRmqkeb.exe
  C:\Windows\System\IRmqkeb.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\erPNeUB.exe
  C:\Windows\System\erPNeUB.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\vQPNKUX.exe
  C:\Windows\System\vQPNKUX.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\dTbgyVQ.exe
  C:\Windows\System\dTbgyVQ.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\yqOwMBt.exe
  C:\Windows\System\yqOwMBt.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\SGhyOPw.exe
  C:\Windows\System\SGhyOPw.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\FmLSjXx.exe
  C:\Windows\System\FmLSjXx.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\shvAreF.exe
  C:\Windows\System\shvAreF.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\gSZqizb.exe
  C:\Windows\System\gSZqizb.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\dijCaRC.exe
  C:\Windows\System\dijCaRC.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\RUmwXVQ.exe
  C:\Windows\System\RUmwXVQ.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\pmLCIRc.exe
  C:\Windows\System\pmLCIRc.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\HmQHqaQ.exe
  C:\Windows\System\HmQHqaQ.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\ndMjCeE.exe
  C:\Windows\System\ndMjCeE.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\eQryCsp.exe
  C:\Windows\System\eQryCsp.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\PfOOBpz.exe
  C:\Windows\System\PfOOBpz.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\MwGXJDF.exe
  C:\Windows\System\MwGXJDF.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\PbslCRZ.exe
  C:\Windows\System\PbslCRZ.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\KeOgOXS.exe
  C:\Windows\System\KeOgOXS.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\TfQOsAz.exe
  C:\Windows\System\TfQOsAz.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\ceglqCQ.exe
  C:\Windows\System\ceglqCQ.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\MBZZicY.exe
  C:\Windows\System\MBZZicY.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ODhcCEA.exe
  C:\Windows\System\ODhcCEA.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\BvkYuBF.exe
  C:\Windows\System\BvkYuBF.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\DVUGKoU.exe
  C:\Windows\System\DVUGKoU.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\GGWPhsR.exe
  C:\Windows\System\GGWPhsR.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\xYqYvUr.exe
  C:\Windows\System\xYqYvUr.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\LKMcGrZ.exe
  C:\Windows\System\LKMcGrZ.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\clWTFUI.exe
  C:\Windows\System\clWTFUI.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\HDlhliM.exe
  C:\Windows\System\HDlhliM.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\UxjqoDD.exe
  C:\Windows\System\UxjqoDD.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\dyAsAIV.exe
  C:\Windows\System\dyAsAIV.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\DYskwCw.exe
  C:\Windows\System\DYskwCw.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\MPkDPdt.exe
  C:\Windows\System\MPkDPdt.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\licPuav.exe
  C:\Windows\System\licPuav.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\lHzQsDC.exe
  C:\Windows\System\lHzQsDC.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\gsVsNaW.exe
  C:\Windows\System\gsVsNaW.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\BgOTAjj.exe
  C:\Windows\System\BgOTAjj.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\DtDGYzn.exe
  C:\Windows\System\DtDGYzn.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\XMyKNRb.exe
  C:\Windows\System\XMyKNRb.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\QOMUBQX.exe
  C:\Windows\System\QOMUBQX.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\lboOlMH.exe
  C:\Windows\System\lboOlMH.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\WKqTcnG.exe
  C:\Windows\System\WKqTcnG.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\nBaNZEj.exe
  C:\Windows\System\nBaNZEj.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\fbOmuNS.exe
  C:\Windows\System\fbOmuNS.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\mKNCnxf.exe
  C:\Windows\System\mKNCnxf.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\dlXRocp.exe
  C:\Windows\System\dlXRocp.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\NlyciMW.exe
  C:\Windows\System\NlyciMW.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\injcorQ.exe
  C:\Windows\System\injcorQ.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\NaSGfdh.exe
  C:\Windows\System\NaSGfdh.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\sWSTvmd.exe
  C:\Windows\System\sWSTvmd.exe
  2⤵
  PID:1552
- C:\Windows\System\UcLREXj.exe
  C:\Windows\System\UcLREXj.exe
  2⤵
  PID:548
- C:\Windows\System\VZRrgVL.exe
  C:\Windows\System\VZRrgVL.exe
  2⤵
  PID:4244
- C:\Windows\System\KMsSwJp.exe
  C:\Windows\System\KMsSwJp.exe
  2⤵
  PID:2256
- C:\Windows\System\chXlcvr.exe
  C:\Windows\System\chXlcvr.exe
  2⤵
  PID:8
- C:\Windows\System\HzXbUmO.exe
  C:\Windows\System\HzXbUmO.exe
  2⤵
  PID:4972
- C:\Windows\System\pTJhBrN.exe
  C:\Windows\System\pTJhBrN.exe
  2⤵
  PID:1924
- C:\Windows\System\gvTQPoK.exe
  C:\Windows\System\gvTQPoK.exe
  2⤵
  PID:1480
- C:\Windows\System\AVsxMYf.exe
  C:\Windows\System\AVsxMYf.exe
  2⤵
  PID:3668
- C:\Windows\System\kMUnTlh.exe
  C:\Windows\System\kMUnTlh.exe
  2⤵
  PID:1972
- C:\Windows\System\FigAcjx.exe
  C:\Windows\System\FigAcjx.exe
  2⤵
  PID:5128
- C:\Windows\System\zsJTXZO.exe
  C:\Windows\System\zsJTXZO.exe
  2⤵
  PID:5156
- C:\Windows\System\zwCIoRh.exe
  C:\Windows\System\zwCIoRh.exe
  2⤵
  PID:5184
- C:\Windows\System\TskSaiv.exe
  C:\Windows\System\TskSaiv.exe
  2⤵
  PID:5212
- C:\Windows\System\eqTUPFL.exe
  C:\Windows\System\eqTUPFL.exe
  2⤵
  PID:5244
- C:\Windows\System\LUqDPvF.exe
  C:\Windows\System\LUqDPvF.exe
  2⤵
  PID:5268
- C:\Windows\System\zZMdAUt.exe
  C:\Windows\System\zZMdAUt.exe
  2⤵
  PID:5296
- C:\Windows\System\gSZsYdV.exe
  C:\Windows\System\gSZsYdV.exe
  2⤵
  PID:5316
- C:\Windows\System\EjXoXpN.exe
  C:\Windows\System\EjXoXpN.exe
  2⤵
  PID:5344
- C:\Windows\System\veXnFfV.exe
  C:\Windows\System\veXnFfV.exe
  2⤵
  PID:5372
- C:\Windows\System\jIQhEaR.exe
  C:\Windows\System\jIQhEaR.exe
  2⤵
  PID:5400
- C:\Windows\System\FmRLyAQ.exe
  C:\Windows\System\FmRLyAQ.exe
  2⤵
  PID:5428
- C:\Windows\System\DBOgCEV.exe
  C:\Windows\System\DBOgCEV.exe
  2⤵
  PID:5456
- C:\Windows\System\MjxDSnP.exe
  C:\Windows\System\MjxDSnP.exe
  2⤵
  PID:5484
- C:\Windows\System\gKbTJaZ.exe
  C:\Windows\System\gKbTJaZ.exe
  2⤵
  PID:5512
- C:\Windows\System\cjcITiE.exe
  C:\Windows\System\cjcITiE.exe
  2⤵
  PID:5540
- C:\Windows\System\RoSbnjZ.exe
  C:\Windows\System\RoSbnjZ.exe
  2⤵
  PID:5568
- C:\Windows\System\MmFTeov.exe
  C:\Windows\System\MmFTeov.exe
  2⤵
  PID:5596
- C:\Windows\System\WDSLeVC.exe
  C:\Windows\System\WDSLeVC.exe
  2⤵
  PID:5624
- C:\Windows\System\hYgnKow.exe
  C:\Windows\System\hYgnKow.exe
  2⤵
  PID:5652
- C:\Windows\System\tUWzhdf.exe
  C:\Windows\System\tUWzhdf.exe
  2⤵
  PID:5680
- C:\Windows\System\VjdFafM.exe
  C:\Windows\System\VjdFafM.exe
  2⤵
  PID:5708
- C:\Windows\System\QAkXwQU.exe
  C:\Windows\System\QAkXwQU.exe
  2⤵
  PID:5736
- C:\Windows\System\OEOrIdW.exe
  C:\Windows\System\OEOrIdW.exe
  2⤵
  PID:5764
- C:\Windows\System\DHXvUSZ.exe
  C:\Windows\System\DHXvUSZ.exe
  2⤵
  PID:5792
- C:\Windows\System\FoPIPQn.exe
  C:\Windows\System\FoPIPQn.exe
  2⤵
  PID:5820
- C:\Windows\System\iRNPIsF.exe
  C:\Windows\System\iRNPIsF.exe
  2⤵
  PID:5848
- C:\Windows\System\LZoTAEP.exe
  C:\Windows\System\LZoTAEP.exe
  2⤵
  PID:5876
- C:\Windows\System\AGXsLXT.exe
  C:\Windows\System\AGXsLXT.exe
  2⤵
  PID:5904
- C:\Windows\System\UVPtTcw.exe
  C:\Windows\System\UVPtTcw.exe
  2⤵
  PID:5932
- C:\Windows\System\OcCbVoh.exe
  C:\Windows\System\OcCbVoh.exe
  2⤵
  PID:5960
- C:\Windows\System\TdmrEjh.exe
  C:\Windows\System\TdmrEjh.exe
  2⤵
  PID:5988
- C:\Windows\System\zxNBpsk.exe
  C:\Windows\System\zxNBpsk.exe
  2⤵
  PID:6016
- C:\Windows\System\XtvmpuE.exe
  C:\Windows\System\XtvmpuE.exe
  2⤵
  PID:6044
- C:\Windows\System\LJCcaeb.exe
  C:\Windows\System\LJCcaeb.exe
  2⤵
  PID:6072
- C:\Windows\System\UZkWVIT.exe
  C:\Windows\System\UZkWVIT.exe
  2⤵
  PID:6100
- C:\Windows\System\lNyQgFG.exe
  C:\Windows\System\lNyQgFG.exe
  2⤵
  PID:6128
- C:\Windows\System\oEbWUki.exe
  C:\Windows\System\oEbWUki.exe
  2⤵
  PID:1528
- C:\Windows\System\KnNldKG.exe
  C:\Windows\System\KnNldKG.exe
  2⤵
  PID:4076
- C:\Windows\System\BLycUsm.exe
  C:\Windows\System\BLycUsm.exe
  2⤵
  PID:4324
- C:\Windows\System\baYfBIV.exe
  C:\Windows\System\baYfBIV.exe
  2⤵
  PID:4748
- C:\Windows\System\esBroAm.exe
  C:\Windows\System\esBroAm.exe
  2⤵
  PID:516
- C:\Windows\System\YlYbhpD.exe
  C:\Windows\System\YlYbhpD.exe
  2⤵
  PID:5148
- C:\Windows\System\rsFbprv.exe
  C:\Windows\System\rsFbprv.exe
  2⤵
  PID:5208
- C:\Windows\System\liPWFsZ.exe
  C:\Windows\System\liPWFsZ.exe
  2⤵
  PID:5284
- C:\Windows\System\xRPiXkq.exe
  C:\Windows\System\xRPiXkq.exe
  2⤵
  PID:5332
- C:\Windows\System\DTuyRnP.exe
  C:\Windows\System\DTuyRnP.exe
  2⤵
  PID:5392
- C:\Windows\System\pRCgzZw.exe
  C:\Windows\System\pRCgzZw.exe
  2⤵
  PID:5468
- C:\Windows\System\JgYzPyH.exe
  C:\Windows\System\JgYzPyH.exe
  2⤵
  PID:5528
- C:\Windows\System\uRQiqKB.exe
  C:\Windows\System\uRQiqKB.exe
  2⤵
  PID:5584
- C:\Windows\System\qJUlyTN.exe
  C:\Windows\System\qJUlyTN.exe
  2⤵
  PID:5640
- C:\Windows\System\FcaZulm.exe
  C:\Windows\System\FcaZulm.exe
  2⤵
  PID:5700
- C:\Windows\System\rLkPqSP.exe
  C:\Windows\System\rLkPqSP.exe
  2⤵
  PID:5756
- C:\Windows\System\CNPgTiB.exe
  C:\Windows\System\CNPgTiB.exe
  2⤵
  PID:5812
- C:\Windows\System\hslRpgH.exe
  C:\Windows\System\hslRpgH.exe
  2⤵
  PID:5868
- C:\Windows\System\AyaeCeV.exe
  C:\Windows\System\AyaeCeV.exe
  2⤵
  PID:5944
- C:\Windows\System\OmxYYjy.exe
  C:\Windows\System\OmxYYjy.exe
  2⤵
  PID:6008
- C:\Windows\System\HfnsaiC.exe
  C:\Windows\System\HfnsaiC.exe
  2⤵
  PID:6084
- C:\Windows\System\HWmeKHd.exe
  C:\Windows\System\HWmeKHd.exe
  2⤵
  PID:6120
- C:\Windows\System\owLkMKR.exe
  C:\Windows\System\owLkMKR.exe
  2⤵
  PID:3896
- C:\Windows\System\YquEBZA.exe
  C:\Windows\System\YquEBZA.exe
  2⤵
  PID:632
- C:\Windows\System\LeuWzOz.exe
  C:\Windows\System\LeuWzOz.exe
  2⤵
  PID:5200
- C:\Windows\System\fzvMBOU.exe
  C:\Windows\System\fzvMBOU.exe
  2⤵
  PID:5360
- C:\Windows\System\bmyjZdd.exe
  C:\Windows\System\bmyjZdd.exe
  2⤵
  PID:5496
- C:\Windows\System\QaObknC.exe
  C:\Windows\System\QaObknC.exe
  2⤵
  PID:4636
- C:\Windows\System\UgnBDsJ.exe
  C:\Windows\System\UgnBDsJ.exe
  2⤵
  PID:5692
- C:\Windows\System\whWRIGL.exe
  C:\Windows\System\whWRIGL.exe
  2⤵
  PID:376
- C:\Windows\System\NACQWOd.exe
  C:\Windows\System\NACQWOd.exe
  2⤵
  PID:5924
- C:\Windows\System\ovibjiD.exe
  C:\Windows\System\ovibjiD.exe
  2⤵
  PID:6060
- C:\Windows\System\PbZMMlq.exe
  C:\Windows\System\PbZMMlq.exe
  2⤵
  PID:4716
- C:\Windows\System\UOrFNFl.exe
  C:\Windows\System\UOrFNFl.exe
  2⤵
  PID:5124
- C:\Windows\System\tPSLWcg.exe
  C:\Windows\System\tPSLWcg.exe
  2⤵
  PID:4348
- C:\Windows\System\gifCVEn.exe
  C:\Windows\System\gifCVEn.exe
  2⤵
  PID:4776
- C:\Windows\System\dGrNmWN.exe
  C:\Windows\System\dGrNmWN.exe
  2⤵
  PID:6000
- C:\Windows\System\XuQUeUu.exe
  C:\Windows\System\XuQUeUu.exe
  2⤵
  PID:1108
- C:\Windows\System\FilSKfl.exe
  C:\Windows\System\FilSKfl.exe
  2⤵
  PID:5560
- C:\Windows\System\OrHuten.exe
  C:\Windows\System\OrHuten.exe
  2⤵
  PID:6168
- C:\Windows\System\ZxxHGNB.exe
  C:\Windows\System\ZxxHGNB.exe
  2⤵
  PID:6256
- C:\Windows\System\jgeBpFt.exe
  C:\Windows\System\jgeBpFt.exe
  2⤵
  PID:6300
- C:\Windows\System\ZJZAmnB.exe
  C:\Windows\System\ZJZAmnB.exe
  2⤵
  PID:6320
- C:\Windows\System\mIfKXca.exe
  C:\Windows\System\mIfKXca.exe
  2⤵
  PID:6348
- C:\Windows\System\GaXrcjk.exe
  C:\Windows\System\GaXrcjk.exe
  2⤵
  PID:6368
- C:\Windows\System\obcnTeh.exe
  C:\Windows\System\obcnTeh.exe
  2⤵
  PID:6388
- C:\Windows\System\ugqQlTw.exe
  C:\Windows\System\ugqQlTw.exe
  2⤵
  PID:6408
- C:\Windows\System\ucAsDpE.exe
  C:\Windows\System\ucAsDpE.exe
  2⤵
  PID:6432
- C:\Windows\System\xMgvuUQ.exe
  C:\Windows\System\xMgvuUQ.exe
  2⤵
  PID:6488
- C:\Windows\System\FqEzsbI.exe
  C:\Windows\System\FqEzsbI.exe
  2⤵
  PID:6528
- C:\Windows\System\rGiWkuD.exe
  C:\Windows\System\rGiWkuD.exe
  2⤵
  PID:6548
- C:\Windows\System\pFZcrif.exe
  C:\Windows\System\pFZcrif.exe
  2⤵
  PID:6576
- C:\Windows\System\SzqptOx.exe
  C:\Windows\System\SzqptOx.exe
  2⤵
  PID:6616
- C:\Windows\System\oMoBurf.exe
  C:\Windows\System\oMoBurf.exe
  2⤵
  PID:6636
- C:\Windows\System\QWQWERQ.exe
  C:\Windows\System\QWQWERQ.exe
  2⤵
  PID:6736
- C:\Windows\System\kOfzbAN.exe
  C:\Windows\System\kOfzbAN.exe
  2⤵
  PID:6772
- C:\Windows\System\dMfmhgw.exe
  C:\Windows\System\dMfmhgw.exe
  2⤵
  PID:6800
- C:\Windows\System\DsXDGpK.exe
  C:\Windows\System\DsXDGpK.exe
  2⤵
  PID:6824
- C:\Windows\System\cCvJOWp.exe
  C:\Windows\System\cCvJOWp.exe
  2⤵
  PID:6848
- C:\Windows\System\csPldkB.exe
  C:\Windows\System\csPldkB.exe
  2⤵
  PID:6876
- C:\Windows\System\jsHQUYe.exe
  C:\Windows\System\jsHQUYe.exe
  2⤵
  PID:6892
- C:\Windows\System\pkIQtVH.exe
  C:\Windows\System\pkIQtVH.exe
  2⤵
  PID:6968
- C:\Windows\System\gfRBVOI.exe
  C:\Windows\System\gfRBVOI.exe
  2⤵
  PID:6984
- C:\Windows\System\rNBtGGT.exe
  C:\Windows\System\rNBtGGT.exe
  2⤵
  PID:7032
- C:\Windows\System\HtlMdqH.exe
  C:\Windows\System\HtlMdqH.exe
  2⤵
  PID:7072
- C:\Windows\System\mEUjToU.exe
  C:\Windows\System\mEUjToU.exe
  2⤵
  PID:7088
- C:\Windows\System\cEQWYhz.exe
  C:\Windows\System\cEQWYhz.exe
  2⤵
  PID:7104
- C:\Windows\System\kylMWhx.exe
  C:\Windows\System\kylMWhx.exe
  2⤵
  PID:7136
- C:\Windows\System\ogKLLrk.exe
  C:\Windows\System\ogKLLrk.exe
  2⤵
  PID:7160
- C:\Windows\System\HrvPCEh.exe
  C:\Windows\System\HrvPCEh.exe
  2⤵
  PID:6184
- C:\Windows\System\sYdZHYK.exe
  C:\Windows\System\sYdZHYK.exe
  2⤵
  PID:5312
- C:\Windows\System\GuvwPhi.exe
  C:\Windows\System\GuvwPhi.exe
  2⤵
  PID:4408
- C:\Windows\System\vEdBVEK.exe
  C:\Windows\System\vEdBVEK.exe
  2⤵
  PID:1556
- C:\Windows\System\oWbFYEH.exe
  C:\Windows\System\oWbFYEH.exe
  2⤵
  PID:4924
- C:\Windows\System\pSalOyl.exe
  C:\Windows\System\pSalOyl.exe
  2⤵
  PID:3224
- C:\Windows\System\NbdbTaW.exe
  C:\Windows\System\NbdbTaW.exe
  2⤵
  PID:6284
- C:\Windows\System\JzAjXYO.exe
  C:\Windows\System\JzAjXYO.exe
  2⤵
  PID:4868
- C:\Windows\System\VOXBZKi.exe
  C:\Windows\System\VOXBZKi.exe
  2⤵
  PID:844
- C:\Windows\System\BekXwPW.exe
  C:\Windows\System\BekXwPW.exe
  2⤵
  PID:6344
- C:\Windows\System\gejupOO.exe
  C:\Windows\System\gejupOO.exe
  2⤵
  PID:6396
- C:\Windows\System\BJCLvXx.exe
  C:\Windows\System\BJCLvXx.exe
  2⤵
  PID:6472
- C:\Windows\System\bSJnmoF.exe
  C:\Windows\System\bSJnmoF.exe
  2⤵
  PID:6592
- C:\Windows\System\yNAxslw.exe
  C:\Windows\System\yNAxslw.exe
  2⤵
  PID:6652
- C:\Windows\System\MWJEYkT.exe
  C:\Windows\System\MWJEYkT.exe
  2⤵
  PID:4624
- C:\Windows\System\wWLPVkt.exe
  C:\Windows\System\wWLPVkt.exe
  2⤵
  PID:6796
- C:\Windows\System\ZglZsmQ.exe
  C:\Windows\System\ZglZsmQ.exe
  2⤵
  PID:6872
- C:\Windows\System\KtUSJXg.exe
  C:\Windows\System\KtUSJXg.exe
  2⤵
  PID:6960
- C:\Windows\System\uUJXPoK.exe
  C:\Windows\System\uUJXPoK.exe
  2⤵
  PID:7096
- C:\Windows\System\tHIhnQq.exe
  C:\Windows\System\tHIhnQq.exe
  2⤵
  PID:7152
- C:\Windows\System\KtGBIet.exe
  C:\Windows\System\KtGBIet.exe
  2⤵
  PID:4256
- C:\Windows\System\LFDCTIm.exe
  C:\Windows\System\LFDCTIm.exe
  2⤵
  PID:2500
- C:\Windows\System\oPQtjGb.exe
  C:\Windows\System\oPQtjGb.exe
  2⤵
  PID:2780
- C:\Windows\System\aJNHElP.exe
  C:\Windows\System\aJNHElP.exe
  2⤵
  PID:5060
- C:\Windows\System\GEGBVyf.exe
  C:\Windows\System\GEGBVyf.exe
  2⤵
  PID:6364
- C:\Windows\System\LYmrhjF.exe
  C:\Windows\System\LYmrhjF.exe
  2⤵
  PID:6244
- C:\Windows\System\KHZGqIV.exe
  C:\Windows\System\KHZGqIV.exe
  2⤵
  PID:6720
- C:\Windows\System\hTrvezg.exe
  C:\Windows\System\hTrvezg.exe
  2⤵
  PID:6836
- C:\Windows\System\xOmprEh.exe
  C:\Windows\System\xOmprEh.exe
  2⤵
  PID:1164
- C:\Windows\System\RGyJMCX.exe
  C:\Windows\System\RGyJMCX.exe
  2⤵
  PID:4024
- C:\Windows\System\yOOKLXl.exe
  C:\Windows\System\yOOKLXl.exe
  2⤵
  PID:3700
- C:\Windows\System\TCYoNih.exe
  C:\Windows\System\TCYoNih.exe
  2⤵
  PID:6568
- C:\Windows\System\xDsVvzw.exe
  C:\Windows\System\xDsVvzw.exe
  2⤵
  PID:2912
- C:\Windows\System\aWRbRoO.exe
  C:\Windows\System\aWRbRoO.exe
  2⤵
  PID:6280
- C:\Windows\System\QlmcqGH.exe
  C:\Windows\System\QlmcqGH.exe
  2⤵
  PID:1012
- C:\Windows\System\lVFFaeX.exe
  C:\Windows\System\lVFFaeX.exe
  2⤵
  PID:6564
- C:\Windows\System\qudFPlY.exe
  C:\Windows\System\qudFPlY.exe
  2⤵
  PID:2824
- C:\Windows\System\wlAfxng.exe
  C:\Windows\System\wlAfxng.exe
  2⤵
  PID:7024
- C:\Windows\System\ZBwDIJS.exe
  C:\Windows\System\ZBwDIJS.exe
  2⤵
  PID:6560
- C:\Windows\System\UmtMMQt.exe
  C:\Windows\System\UmtMMQt.exe
  2⤵
  PID:6768
- C:\Windows\System\waKScOQ.exe
  C:\Windows\System\waKScOQ.exe
  2⤵
  PID:7204
- C:\Windows\System\EwCyfFo.exe
  C:\Windows\System\EwCyfFo.exe
  2⤵
  PID:7220
- C:\Windows\System\DfPtzWB.exe
  C:\Windows\System\DfPtzWB.exe
  2⤵
  PID:7248
- C:\Windows\System\gnjYGcN.exe
  C:\Windows\System\gnjYGcN.exe
  2⤵
  PID:7276
- C:\Windows\System\zrgsuXb.exe
  C:\Windows\System\zrgsuXb.exe
  2⤵
  PID:7320
- C:\Windows\System\aGmVQLR.exe
  C:\Windows\System\aGmVQLR.exe
  2⤵
  PID:7348
- C:\Windows\System\gNCrZxe.exe
  C:\Windows\System\gNCrZxe.exe
  2⤵
  PID:7388
- C:\Windows\System\zqaeGlu.exe
  C:\Windows\System\zqaeGlu.exe
  2⤵
  PID:7416
- C:\Windows\System\pZOilCz.exe
  C:\Windows\System\pZOilCz.exe
  2⤵
  PID:7444
- C:\Windows\System\qCGDyYd.exe
  C:\Windows\System\qCGDyYd.exe
  2⤵
  PID:7472
- C:\Windows\System\leUDoqP.exe
  C:\Windows\System\leUDoqP.exe
  2⤵
  PID:7500
- C:\Windows\System\bmfxjkF.exe
  C:\Windows\System\bmfxjkF.exe
  2⤵
  PID:7524
- C:\Windows\System\kUpsEsS.exe
  C:\Windows\System\kUpsEsS.exe
  2⤵
  PID:7544
- C:\Windows\System\YsomAuX.exe
  C:\Windows\System\YsomAuX.exe
  2⤵
  PID:7564
- C:\Windows\System\QHEsEfY.exe
  C:\Windows\System\QHEsEfY.exe
  2⤵
  PID:7600
- C:\Windows\System\CGEulrP.exe
  C:\Windows\System\CGEulrP.exe
  2⤵
  PID:7640
- C:\Windows\System\cTRrMPN.exe
  C:\Windows\System\cTRrMPN.exe
  2⤵
  PID:7664
- C:\Windows\System\cFjEbGI.exe
  C:\Windows\System\cFjEbGI.exe
  2⤵
  PID:7684
- C:\Windows\System\BJOyKhr.exe
  C:\Windows\System\BJOyKhr.exe
  2⤵
  PID:7712
- C:\Windows\System\IBTRWvG.exe
  C:\Windows\System\IBTRWvG.exe
  2⤵
  PID:7752
- C:\Windows\System\TAgeeYN.exe
  C:\Windows\System\TAgeeYN.exe
  2⤵
  PID:7780
- C:\Windows\System\FgmDVdF.exe
  C:\Windows\System\FgmDVdF.exe
  2⤵
  PID:7808
- C:\Windows\System\bXuQGqb.exe
  C:\Windows\System\bXuQGqb.exe
  2⤵
  PID:7828
- C:\Windows\System\OjfsngR.exe
  C:\Windows\System\OjfsngR.exe
  2⤵
  PID:7852
- C:\Windows\System\wWWxUBT.exe
  C:\Windows\System\wWWxUBT.exe
  2⤵
  PID:7880
- C:\Windows\System\cnabLxk.exe
  C:\Windows\System\cnabLxk.exe
  2⤵
  PID:7912
- C:\Windows\System\OiorDHW.exe
  C:\Windows\System\OiorDHW.exe
  2⤵
  PID:7948
- C:\Windows\System\PwOzPXw.exe
  C:\Windows\System\PwOzPXw.exe
  2⤵
  PID:7964
- C:\Windows\System\VSRlVYa.exe
  C:\Windows\System\VSRlVYa.exe
  2⤵
  PID:8004
- C:\Windows\System\fJqdqKs.exe
  C:\Windows\System\fJqdqKs.exe
  2⤵
  PID:8020
- C:\Windows\System\DztOcTi.exe
  C:\Windows\System\DztOcTi.exe
  2⤵
  PID:8048
- C:\Windows\System\BtewecO.exe
  C:\Windows\System\BtewecO.exe
  2⤵
  PID:8080
- C:\Windows\System\CuOeoMY.exe
  C:\Windows\System\CuOeoMY.exe
  2⤵
  PID:8104
- C:\Windows\System\dfetFAV.exe
  C:\Windows\System\dfetFAV.exe
  2⤵
  PID:8128
- C:\Windows\System\lxKBaUY.exe
  C:\Windows\System\lxKBaUY.exe
  2⤵
  PID:8148
- C:\Windows\System\mHYyvkz.exe
  C:\Windows\System\mHYyvkz.exe
  2⤵
  PID:8172
- C:\Windows\System\BTieGFC.exe
  C:\Windows\System\BTieGFC.exe
  2⤵
  PID:6812
- C:\Windows\System\euhLPkA.exe
  C:\Windows\System\euhLPkA.exe
  2⤵
  PID:7244
- C:\Windows\System\dajrtNU.exe
  C:\Windows\System\dajrtNU.exe
  2⤵
  PID:7304
- C:\Windows\System\BIbmfkE.exe
  C:\Windows\System\BIbmfkE.exe
  2⤵
  PID:7360
- C:\Windows\System\tLaLTxs.exe
  C:\Windows\System\tLaLTxs.exe
  2⤵
  PID:7372
- C:\Windows\System\wFCNoGW.exe
  C:\Windows\System\wFCNoGW.exe
  2⤵
  PID:7492
- C:\Windows\System\BVovYRD.exe
  C:\Windows\System\BVovYRD.exe
  2⤵
  PID:7556
- C:\Windows\System\ldtczpS.exe
  C:\Windows\System\ldtczpS.exe
  2⤵
  PID:7620
- C:\Windows\System\NWbWakA.exe
  C:\Windows\System\NWbWakA.exe
  2⤵
  PID:7656
- C:\Windows\System\CaOgxjg.exe
  C:\Windows\System\CaOgxjg.exe
  2⤵
  PID:7776
- C:\Windows\System\rVsNTdW.exe
  C:\Windows\System\rVsNTdW.exe
  2⤵
  PID:7804
- C:\Windows\System\EZZRcbI.exe
  C:\Windows\System\EZZRcbI.exe
  2⤵
  PID:7868
- C:\Windows\System\zNlbKin.exe
  C:\Windows\System\zNlbKin.exe
  2⤵
  PID:7928
- C:\Windows\System\MwTHOxF.exe
  C:\Windows\System\MwTHOxF.exe
  2⤵
  PID:8032
- C:\Windows\System\EvOuzbj.exe
  C:\Windows\System\EvOuzbj.exe
  2⤵
  PID:8060
- C:\Windows\System\wVsZjwn.exe
  C:\Windows\System\wVsZjwn.exe
  2⤵
  PID:8112
- C:\Windows\System\xiaDgpE.exe
  C:\Windows\System\xiaDgpE.exe
  2⤵
  PID:7240
- C:\Windows\System\zaldvNc.exe
  C:\Windows\System\zaldvNc.exe
  2⤵
  PID:7344
- C:\Windows\System\GkteqSF.exe
  C:\Windows\System\GkteqSF.exe
  2⤵
  PID:7540
- C:\Windows\System\xdKwrHU.exe
  C:\Windows\System\xdKwrHU.exe
  2⤵
  PID:7588
- C:\Windows\System\dtmolkH.exe
  C:\Windows\System\dtmolkH.exe
  2⤵
  PID:7796
- C:\Windows\System\fBzjSLZ.exe
  C:\Windows\System\fBzjSLZ.exe
  2⤵
  PID:7988
- C:\Windows\System\riiHFsv.exe
  C:\Windows\System\riiHFsv.exe
  2⤵
  PID:8140
- C:\Windows\System\aWcruHf.exe
  C:\Windows\System\aWcruHf.exe
  2⤵
  PID:7272
- C:\Windows\System\FfqdvHj.exe
  C:\Windows\System\FfqdvHj.exe
  2⤵
  PID:7612
- C:\Windows\System\qGjoYvP.exe
  C:\Windows\System\qGjoYvP.exe
  2⤵
  PID:8012
- C:\Windows\System\vYDDxVO.exe
  C:\Windows\System\vYDDxVO.exe
  2⤵
  PID:7496
- C:\Windows\System\yiliSLR.exe
  C:\Windows\System\yiliSLR.exe
  2⤵
  PID:7748
- C:\Windows\System\aearcmN.exe
  C:\Windows\System\aearcmN.exe
  2⤵
  PID:8212
- C:\Windows\System\ecPpuMK.exe
  C:\Windows\System\ecPpuMK.exe
  2⤵
  PID:8244
- C:\Windows\System\BaLXuRk.exe
  C:\Windows\System\BaLXuRk.exe
  2⤵
  PID:8268
- C:\Windows\System\YcFgzxo.exe
  C:\Windows\System\YcFgzxo.exe
  2⤵
  PID:8296
- C:\Windows\System\dAGGWJu.exe
  C:\Windows\System\dAGGWJu.exe
  2⤵
  PID:8324
- C:\Windows\System\nYNedTg.exe
  C:\Windows\System\nYNedTg.exe
  2⤵
  PID:8352
- C:\Windows\System\GqiJIYK.exe
  C:\Windows\System\GqiJIYK.exe
  2⤵
  PID:8380
- C:\Windows\System\EIbXtuP.exe
  C:\Windows\System\EIbXtuP.exe
  2⤵
  PID:8408
- C:\Windows\System\kLfhTpX.exe
  C:\Windows\System\kLfhTpX.exe
  2⤵
  PID:8424
- C:\Windows\System\cqlULAc.exe
  C:\Windows\System\cqlULAc.exe
  2⤵
  PID:8464
- C:\Windows\System\GNiTDSj.exe
  C:\Windows\System\GNiTDSj.exe
  2⤵
  PID:8492
- C:\Windows\System\MFxbVbb.exe
  C:\Windows\System\MFxbVbb.exe
  2⤵
  PID:8520
- C:\Windows\System\ZvsVtUV.exe
  C:\Windows\System\ZvsVtUV.exe
  2⤵
  PID:8536
- C:\Windows\System\yIbxKxe.exe
  C:\Windows\System\yIbxKxe.exe
  2⤵
  PID:8572
- C:\Windows\System\idciEOj.exe
  C:\Windows\System\idciEOj.exe
  2⤵
  PID:8604
- C:\Windows\System\ucrRDEM.exe
  C:\Windows\System\ucrRDEM.exe
  2⤵
  PID:8632
- C:\Windows\System\GtZdftw.exe
  C:\Windows\System\GtZdftw.exe
  2⤵
  PID:8648
- C:\Windows\System\AuOgzgf.exe
  C:\Windows\System\AuOgzgf.exe
  2⤵
  PID:8680
- C:\Windows\System\fdLssiW.exe
  C:\Windows\System\fdLssiW.exe
  2⤵
  PID:8704
- C:\Windows\System\bVAowtd.exe
  C:\Windows\System\bVAowtd.exe
  2⤵
  PID:8740
- C:\Windows\System\YYZqYOF.exe
  C:\Windows\System\YYZqYOF.exe
  2⤵
  PID:8756
- C:\Windows\System\QBObVFY.exe
  C:\Windows\System\QBObVFY.exe
  2⤵
  PID:8776
- C:\Windows\System\QSunnXB.exe
  C:\Windows\System\QSunnXB.exe
  2⤵
  PID:8816
- C:\Windows\System\sCqapDN.exe
  C:\Windows\System\sCqapDN.exe
  2⤵
  PID:8852
- C:\Windows\System\LTEWCnP.exe
  C:\Windows\System\LTEWCnP.exe
  2⤵
  PID:8884
- C:\Windows\System\BesLVZC.exe
  C:\Windows\System\BesLVZC.exe
  2⤵
  PID:8912
- C:\Windows\System\TuCWNku.exe
  C:\Windows\System\TuCWNku.exe
  2⤵
  PID:8928
- C:\Windows\System\FTSkZKS.exe
  C:\Windows\System\FTSkZKS.exe
  2⤵
  PID:8944
- C:\Windows\System\GVcZtkw.exe
  C:\Windows\System\GVcZtkw.exe
  2⤵
  PID:8960
- C:\Windows\System\Lpgklao.exe
  C:\Windows\System\Lpgklao.exe
  2⤵
  PID:8992
- C:\Windows\System\zNUzRvy.exe
  C:\Windows\System\zNUzRvy.exe
  2⤵
  PID:9020
- C:\Windows\System\dfceEBF.exe
  C:\Windows\System\dfceEBF.exe
  2⤵
  PID:9052
- C:\Windows\System\xGkvquv.exe
  C:\Windows\System\xGkvquv.exe
  2⤵
  PID:9080
- C:\Windows\System\pVuITVX.exe
  C:\Windows\System\pVuITVX.exe
  2⤵
  PID:9112
- C:\Windows\System\CEjKeYl.exe
  C:\Windows\System\CEjKeYl.exe
  2⤵
  PID:9152
- C:\Windows\System\NeiTEYe.exe
  C:\Windows\System\NeiTEYe.exe
  2⤵
  PID:9192
- C:\Windows\System\LgEuTMO.exe
  C:\Windows\System\LgEuTMO.exe
  2⤵
  PID:8164
- C:\Windows\System\FwdfVOy.exe
  C:\Windows\System\FwdfVOy.exe
  2⤵
  PID:8236
- C:\Windows\System\wEBsCCX.exe
  C:\Windows\System\wEBsCCX.exe
  2⤵
  PID:8264
- C:\Windows\System\qiluXCW.exe
  C:\Windows\System\qiluXCW.exe
  2⤵
  PID:8396
- C:\Windows\System\ydbwyHt.exe
  C:\Windows\System\ydbwyHt.exe
  2⤵
  PID:8456
- C:\Windows\System\NxewOjr.exe
  C:\Windows\System\NxewOjr.exe
  2⤵
  PID:8508
- C:\Windows\System\oThEKUz.exe
  C:\Windows\System\oThEKUz.exe
  2⤵
  PID:8592
- C:\Windows\System\OhRBPiS.exe
  C:\Windows\System\OhRBPiS.exe
  2⤵
  PID:8660
- C:\Windows\System\oXoLubH.exe
  C:\Windows\System\oXoLubH.exe
  2⤵
  PID:8692
- C:\Windows\System\fVRUAug.exe
  C:\Windows\System\fVRUAug.exe
  2⤵
  PID:8772
- C:\Windows\System\MmYMnYO.exe
  C:\Windows\System\MmYMnYO.exe
  2⤵
  PID:8840
- C:\Windows\System\ioesufQ.exe
  C:\Windows\System\ioesufQ.exe
  2⤵
  PID:8920
- C:\Windows\System\mPmNLWR.exe
  C:\Windows\System\mPmNLWR.exe
  2⤵
  PID:8952
- C:\Windows\System\vbUbRev.exe
  C:\Windows\System\vbUbRev.exe
  2⤵
  PID:9036
- C:\Windows\System\TvkmKUk.exe
  C:\Windows\System\TvkmKUk.exe
  2⤵
  PID:9100
- C:\Windows\System\ClpmUhU.exe
  C:\Windows\System\ClpmUhU.exe
  2⤵
  PID:9180
- C:\Windows\System\GyUcTnS.exe
  C:\Windows\System\GyUcTnS.exe
  2⤵
  PID:9212
- C:\Windows\System\XgLUdbC.exe
  C:\Windows\System\XgLUdbC.exe
  2⤵
  PID:8368
- C:\Windows\System\UAGIstC.exe
  C:\Windows\System\UAGIstC.exe
  2⤵
  PID:8528
- C:\Windows\System\EYloKXB.exe
  C:\Windows\System\EYloKXB.exe
  2⤵
  PID:8620
- C:\Windows\System\zRXzeuk.exe
  C:\Windows\System\zRXzeuk.exe
  2⤵
  PID:8796
- C:\Windows\System\fsthxPc.exe
  C:\Windows\System\fsthxPc.exe
  2⤵
  PID:9000
- C:\Windows\System\jQPHSTW.exe
  C:\Windows\System\jQPHSTW.exe
  2⤵
  PID:9176
- C:\Windows\System\xmSmyYN.exe
  C:\Windows\System\xmSmyYN.exe
  2⤵
  PID:8280
- C:\Windows\System\cEsSZjI.exe
  C:\Windows\System\cEsSZjI.exe
  2⤵
  PID:8548
- C:\Windows\System\RWxUvLE.exe
  C:\Windows\System\RWxUvLE.exe
  2⤵
  PID:8876
- C:\Windows\System\eRqyqIz.exe
  C:\Windows\System\eRqyqIz.exe
  2⤵
  PID:9208
- C:\Windows\System\seWJLfI.exe
  C:\Windows\System\seWJLfI.exe
  2⤵
  PID:9220
- C:\Windows\System\iIhPVqD.exe
  C:\Windows\System\iIhPVqD.exe
  2⤵
  PID:9240
- C:\Windows\System\IzhYMEn.exe
  C:\Windows\System\IzhYMEn.exe
  2⤵
  PID:9268
- C:\Windows\System\OQJWKST.exe
  C:\Windows\System\OQJWKST.exe
  2⤵
  PID:9300
- C:\Windows\System\mKKOvtD.exe
  C:\Windows\System\mKKOvtD.exe
  2⤵
  PID:9336
- C:\Windows\System\vpZAIdg.exe
  C:\Windows\System\vpZAIdg.exe
  2⤵
  PID:9356
- C:\Windows\System\zDDGJnI.exe
  C:\Windows\System\zDDGJnI.exe
  2⤵
  PID:9384
- C:\Windows\System\OVdiGKX.exe
  C:\Windows\System\OVdiGKX.exe
  2⤵
  PID:9412
- C:\Windows\System\RpKNSly.exe
  C:\Windows\System\RpKNSly.exe
  2⤵
  PID:9436
- C:\Windows\System\IvLzSjt.exe
  C:\Windows\System\IvLzSjt.exe
  2⤵
  PID:9464
- C:\Windows\System\tWZRBRP.exe
  C:\Windows\System\tWZRBRP.exe
  2⤵
  PID:9492
- C:\Windows\System\vdlIlkz.exe
  C:\Windows\System\vdlIlkz.exe
  2⤵
  PID:9532
- C:\Windows\System\fJfPnZT.exe
  C:\Windows\System\fJfPnZT.exe
  2⤵
  PID:9560
- C:\Windows\System\iCcXUeL.exe
  C:\Windows\System\iCcXUeL.exe
  2⤵
  PID:9576
- C:\Windows\System\SKiHFLW.exe
  C:\Windows\System\SKiHFLW.exe
  2⤵
  PID:9608
- C:\Windows\System\VksiIpY.exe
  C:\Windows\System\VksiIpY.exe
  2⤵
  PID:9632
- C:\Windows\System\GduEUHo.exe
  C:\Windows\System\GduEUHo.exe
  2⤵
  PID:9664
- C:\Windows\System\SkgiSqQ.exe
  C:\Windows\System\SkgiSqQ.exe
  2⤵
  PID:9688
- C:\Windows\System\wnGoFbh.exe
  C:\Windows\System\wnGoFbh.exe
  2⤵
  PID:9724
- C:\Windows\System\youjgsM.exe
  C:\Windows\System\youjgsM.exe
  2⤵
  PID:9744
- C:\Windows\System\wQvCZyG.exe
  C:\Windows\System\wQvCZyG.exe
  2⤵
  PID:9764
- C:\Windows\System\lfDaIlR.exe
  C:\Windows\System\lfDaIlR.exe
  2⤵
  PID:9788
- C:\Windows\System\ZzGVCVs.exe
  C:\Windows\System\ZzGVCVs.exe
  2⤵
  PID:9828
- C:\Windows\System\bOBovTt.exe
  C:\Windows\System\bOBovTt.exe
  2⤵
  PID:9860
- C:\Windows\System\vNpkiLM.exe
  C:\Windows\System\vNpkiLM.exe
  2⤵
  PID:9892
- C:\Windows\System\FKlmjMI.exe
  C:\Windows\System\FKlmjMI.exe
  2⤵
  PID:9912
- C:\Windows\System\GZHiVaW.exe
  C:\Windows\System\GZHiVaW.exe
  2⤵
  PID:9940
- C:\Windows\System\FFmSNWE.exe
  C:\Windows\System\FFmSNWE.exe
  2⤵
  PID:9968
- C:\Windows\System\CHCrbZG.exe
  C:\Windows\System\CHCrbZG.exe
  2⤵
  PID:10008
- C:\Windows\System\nQhOGXZ.exe
  C:\Windows\System\nQhOGXZ.exe
  2⤵
  PID:10036
- C:\Windows\System\qzpNEdC.exe
  C:\Windows\System\qzpNEdC.exe
  2⤵
  PID:10072
- C:\Windows\System\CgCXWOg.exe
  C:\Windows\System\CgCXWOg.exe
  2⤵
  PID:10092
- C:\Windows\System\RgApjIA.exe
  C:\Windows\System\RgApjIA.exe
  2⤵
  PID:10124
- C:\Windows\System\KRhGhHY.exe
  C:\Windows\System\KRhGhHY.exe
  2⤵
  PID:10148
- C:\Windows\System\RmOgIlc.exe
  C:\Windows\System\RmOgIlc.exe
  2⤵
  PID:10172
- C:\Windows\System\EuRvcyR.exe
  C:\Windows\System\EuRvcyR.exe
  2⤵
  PID:10200
- C:\Windows\System\jPGKggG.exe
  C:\Windows\System\jPGKggG.exe
  2⤵
  PID:10228
- C:\Windows\System\ZAbKCIO.exe
  C:\Windows\System\ZAbKCIO.exe
  2⤵
  PID:9252
- C:\Windows\System\dkpuobo.exe
  C:\Windows\System\dkpuobo.exe
  2⤵
  PID:9320
- C:\Windows\System\gkiQqKz.exe
  C:\Windows\System\gkiQqKz.exe
  2⤵
  PID:9400
- C:\Windows\System\XPEOlCb.exe
  C:\Windows\System\XPEOlCb.exe
  2⤵
  PID:9452
- C:\Windows\System\aEvzZJj.exe
  C:\Windows\System\aEvzZJj.exe
  2⤵
  PID:9528
- C:\Windows\System\TNqsWOo.exe
  C:\Windows\System\TNqsWOo.exe
  2⤵
  PID:9548
- C:\Windows\System\sDPhfdz.exe
  C:\Windows\System\sDPhfdz.exe
  2⤵
  PID:9624
- C:\Windows\System\fGoloOc.exe
  C:\Windows\System\fGoloOc.exe
  2⤵
  PID:9680
- C:\Windows\System\LwnRcIx.exe
  C:\Windows\System\LwnRcIx.exe
  2⤵
  PID:9756
- C:\Windows\System\mSgjCQo.exe
  C:\Windows\System\mSgjCQo.exe
  2⤵
  PID:9824
- C:\Windows\System\nXDlPXc.exe
  C:\Windows\System\nXDlPXc.exe
  2⤵
  PID:9868
- C:\Windows\System\sjcEagH.exe
  C:\Windows\System\sjcEagH.exe
  2⤵
  PID:9952
- C:\Windows\System\mbTEshb.exe
  C:\Windows\System\mbTEshb.exe
  2⤵
  PID:10060
- C:\Windows\System\xinwmfB.exe
  C:\Windows\System\xinwmfB.exe
  2⤵
  PID:10120
- C:\Windows\System\RSvDULo.exe
  C:\Windows\System\RSvDULo.exe
  2⤵
  PID:10188
- C:\Windows\System\SiYpyqt.exe
  C:\Windows\System\SiYpyqt.exe
  2⤵
  PID:9232
- C:\Windows\System\vFmfgjv.exe
  C:\Windows\System\vFmfgjv.exe
  2⤵
  PID:9380
- C:\Windows\System\hroasAo.exe
  C:\Windows\System\hroasAo.exe
  2⤵
  PID:9516
- C:\Windows\System\VJnELXw.exe
  C:\Windows\System\VJnELXw.exe
  2⤵
  PID:9648
- C:\Windows\System\uuesEPO.exe
  C:\Windows\System\uuesEPO.exe
  2⤵
  PID:9808
- C:\Windows\System\IeMzkXx.exe
  C:\Windows\System\IeMzkXx.exe
  2⤵
  PID:9904
- C:\Windows\System\YWFDDFW.exe
  C:\Windows\System\YWFDDFW.exe
  2⤵
  PID:10084
- C:\Windows\System\KgJwdkE.exe
  C:\Windows\System\KgJwdkE.exe
  2⤵
  PID:9308
- C:\Windows\System\bGTZrlb.exe
  C:\Windows\System\bGTZrlb.exe
  2⤵
  PID:9596
- C:\Windows\System\vcTTqcJ.exe
  C:\Windows\System\vcTTqcJ.exe
  2⤵
  PID:10020
- C:\Windows\System\CPGrLWK.exe
  C:\Windows\System\CPGrLWK.exe
  2⤵
  PID:9284
- C:\Windows\System\nLkTfse.exe
  C:\Windows\System\nLkTfse.exe
  2⤵
  PID:9908
- C:\Windows\System\SptYBpW.exe
  C:\Windows\System\SptYBpW.exe
  2⤵
  PID:10272
- C:\Windows\System\dvspzZm.exe
  C:\Windows\System\dvspzZm.exe
  2⤵
  PID:10300
- C:\Windows\System\qxAgnrA.exe
  C:\Windows\System\qxAgnrA.exe
  2⤵
  PID:10328
- C:\Windows\System\vizdJsV.exe
  C:\Windows\System\vizdJsV.exe
  2⤵
  PID:10356
- C:\Windows\System\TaCLUMk.exe
  C:\Windows\System\TaCLUMk.exe
  2⤵
  PID:10384
- C:\Windows\System\JlhSteh.exe
  C:\Windows\System\JlhSteh.exe
  2⤵
  PID:10416
- C:\Windows\System\UQkcauF.exe
  C:\Windows\System\UQkcauF.exe
  2⤵
  PID:10444
- C:\Windows\System\MGoRhwl.exe
  C:\Windows\System\MGoRhwl.exe
  2⤵
  PID:10472
- C:\Windows\System\bvRAVJR.exe
  C:\Windows\System\bvRAVJR.exe
  2⤵
  PID:10500
- C:\Windows\System\DRyoppI.exe
  C:\Windows\System\DRyoppI.exe
  2⤵
  PID:10520
- C:\Windows\System\XKWwOcF.exe
  C:\Windows\System\XKWwOcF.exe
  2⤵
  PID:10548
- C:\Windows\System\pjJOdXK.exe
  C:\Windows\System\pjJOdXK.exe
  2⤵
  PID:10572
- C:\Windows\System\wHEahIr.exe
  C:\Windows\System\wHEahIr.exe
  2⤵
  PID:10600
- C:\Windows\System\EgZOBqh.exe
  C:\Windows\System\EgZOBqh.exe
  2⤵
  PID:10628
- C:\Windows\System\UFzXbhn.exe
  C:\Windows\System\UFzXbhn.exe
  2⤵
  PID:10656
- C:\Windows\System\nMipwPe.exe
  C:\Windows\System\nMipwPe.exe
  2⤵
  PID:10696
- C:\Windows\System\nyKgrPP.exe
  C:\Windows\System\nyKgrPP.exe
  2⤵
  PID:10712
- C:\Windows\System\UdbpBbK.exe
  C:\Windows\System\UdbpBbK.exe
  2⤵
  PID:10740
- C:\Windows\System\oQUVlPf.exe
  C:\Windows\System\oQUVlPf.exe
  2⤵
  PID:10772
- C:\Windows\System\IvdjGXi.exe
  C:\Windows\System\IvdjGXi.exe
  2⤵
  PID:10796
- C:\Windows\System\vEiHXWI.exe
  C:\Windows\System\vEiHXWI.exe
  2⤵
  PID:10836
- C:\Windows\System\CHurmlr.exe
  C:\Windows\System\CHurmlr.exe
  2⤵
  PID:10864
- C:\Windows\System\IQNqzom.exe
  C:\Windows\System\IQNqzom.exe
  2⤵
  PID:10880
- C:\Windows\System\xosQsDt.exe
  C:\Windows\System\xosQsDt.exe
  2⤵
  PID:10928
- C:\Windows\System\lDijckn.exe
  C:\Windows\System\lDijckn.exe
  2⤵
  PID:10948
- C:\Windows\System\EqVcdhi.exe
  C:\Windows\System\EqVcdhi.exe
  2⤵
  PID:10968
- C:\Windows\System\bzozTIN.exe
  C:\Windows\System\bzozTIN.exe
  2⤵
  PID:11004
- C:\Windows\System\SLmnbZu.exe
  C:\Windows\System\SLmnbZu.exe
  2⤵
  PID:11048
- C:\Windows\System\gYoIRHP.exe
  C:\Windows\System\gYoIRHP.exe
  2⤵
  PID:11088
- C:\Windows\System\ROKMNzB.exe
  C:\Windows\System\ROKMNzB.exe
  2⤵
  PID:11108
- C:\Windows\System\PnqhAsc.exe
  C:\Windows\System\PnqhAsc.exe
  2⤵
  PID:11148
- C:\Windows\System\aRPFXlb.exe
  C:\Windows\System\aRPFXlb.exe
  2⤵
  PID:11172
- C:\Windows\System\SZJYNZl.exe
  C:\Windows\System\SZJYNZl.exe
  2⤵
  PID:11200
- C:\Windows\System\uVaYNIB.exe
  C:\Windows\System\uVaYNIB.exe
  2⤵
  PID:11216
- C:\Windows\System\tCUIveM.exe
  C:\Windows\System\tCUIveM.exe
  2⤵
  PID:11256
- C:\Windows\System\hQQIvZp.exe
  C:\Windows\System\hQQIvZp.exe
  2⤵
  PID:10256
- C:\Windows\System\DaixFjv.exe
  C:\Windows\System\DaixFjv.exe
  2⤵
  PID:10296
- C:\Windows\System\fAQbQGI.exe
  C:\Windows\System\fAQbQGI.exe
  2⤵
  PID:10344
- C:\Windows\System\kqUjTFE.exe
  C:\Windows\System\kqUjTFE.exe
  2⤵
  PID:10468
- C:\Windows\System\rOmvjOP.exe
  C:\Windows\System\rOmvjOP.exe
  2⤵
  PID:10528
- C:\Windows\System\JkQLpjr.exe
  C:\Windows\System\JkQLpjr.exe
  2⤵
  PID:10592
- C:\Windows\System\YkuZjTr.exe
  C:\Windows\System\YkuZjTr.exe
  2⤵
  PID:10644
- C:\Windows\System\iIEdDCv.exe
  C:\Windows\System\iIEdDCv.exe
  2⤵
  PID:10708
- C:\Windows\System\XAdDyHB.exe
  C:\Windows\System\XAdDyHB.exe
  2⤵
  PID:10788
- C:\Windows\System\BVKHAic.exe
  C:\Windows\System\BVKHAic.exe
  2⤵
  PID:10876
- C:\Windows\System\PczAYXO.exe
  C:\Windows\System\PczAYXO.exe
  2⤵
  PID:10976
- C:\Windows\System\HEthpWW.exe
  C:\Windows\System\HEthpWW.exe
  2⤵
  PID:11000
- C:\Windows\System\oPFpLla.exe
  C:\Windows\System\oPFpLla.exe
  2⤵
  PID:11104
- C:\Windows\System\mCjBALK.exe
  C:\Windows\System\mCjBALK.exe
  2⤵
  PID:11164
- C:\Windows\System\pJPDhIr.exe
  C:\Windows\System\pJPDhIr.exe
  2⤵
  PID:11240
- C:\Windows\System\TtHtGDe.exe
  C:\Windows\System\TtHtGDe.exe
  2⤵
  PID:10264
- C:\Windows\System\cIchHoj.exe
  C:\Windows\System\cIchHoj.exe
  2⤵
  PID:10320
- C:\Windows\System\UFjTwWv.exe
  C:\Windows\System\UFjTwWv.exe
  2⤵
  PID:10560
- C:\Windows\System\VUyirkn.exe
  C:\Windows\System\VUyirkn.exe
  2⤵
  PID:10668
- C:\Windows\System\hYYWipM.exe
  C:\Windows\System\hYYWipM.exe
  2⤵
  PID:10860
- C:\Windows\System\LQXLStk.exe
  C:\Windows\System\LQXLStk.exe
  2⤵
  PID:11024
- C:\Windows\System\AUHmLCS.exe
  C:\Windows\System\AUHmLCS.exe
  2⤵
  PID:11184
- C:\Windows\System\OVTDKvE.exe
  C:\Windows\System\OVTDKvE.exe
  2⤵
  PID:11228
- C:\Windows\System\SRqeysv.exe
  C:\Windows\System\SRqeysv.exe
  2⤵
  PID:10936
- C:\Windows\System\BhAhrqd.exe
  C:\Windows\System\BhAhrqd.exe
  2⤵
  PID:11156
- C:\Windows\System\rFTWrRC.exe
  C:\Windows\System\rFTWrRC.exe
  2⤵
  PID:10400
- C:\Windows\System\LwDBkrF.exe
  C:\Windows\System\LwDBkrF.exe
  2⤵
  PID:10992
- C:\Windows\System\qlmEudc.exe
  C:\Windows\System\qlmEudc.exe
  2⤵
  PID:11292
- C:\Windows\System\rzFmEDZ.exe
  C:\Windows\System\rzFmEDZ.exe
  2⤵
  PID:11348
- C:\Windows\System\QUIbiYv.exe
  C:\Windows\System\QUIbiYv.exe
  2⤵
  PID:11376
- C:\Windows\System\BsGCMUe.exe
  C:\Windows\System\BsGCMUe.exe
  2⤵
  PID:11404
- C:\Windows\System\NIFxdPw.exe
  C:\Windows\System\NIFxdPw.exe
  2⤵
  PID:11432
- C:\Windows\System\VQblmMS.exe
  C:\Windows\System\VQblmMS.exe
  2⤵
  PID:11460
- C:\Windows\System\OzqHdAe.exe
  C:\Windows\System\OzqHdAe.exe
  2⤵
  PID:11476
- C:\Windows\System\HBCSbtY.exe
  C:\Windows\System\HBCSbtY.exe
  2⤵
  PID:11516
- C:\Windows\System\IawdvmP.exe
  C:\Windows\System\IawdvmP.exe
  2⤵
  PID:11544
- C:\Windows\System\gEFrEih.exe
  C:\Windows\System\gEFrEih.exe
  2⤵
  PID:11576
- C:\Windows\System\AcyIGzv.exe
  C:\Windows\System\AcyIGzv.exe
  2⤵
  PID:11592
- C:\Windows\System\EcJnATY.exe
  C:\Windows\System\EcJnATY.exe
  2⤵
  PID:11636
- C:\Windows\System\WxIvplm.exe
  C:\Windows\System\WxIvplm.exe
  2⤵
  PID:11664
- C:\Windows\System\iWHwrEE.exe
  C:\Windows\System\iWHwrEE.exe
  2⤵
  PID:11684
- C:\Windows\System\AXAQkip.exe
  C:\Windows\System\AXAQkip.exe
  2⤵
  PID:11716
- C:\Windows\System\xeIJMrZ.exe
  C:\Windows\System\xeIJMrZ.exe
  2⤵
  PID:11752
- C:\Windows\System\AaMmKTV.exe
  C:\Windows\System\AaMmKTV.exe
  2⤵
  PID:11772
- C:\Windows\System\PLwqQFd.exe
  C:\Windows\System\PLwqQFd.exe
  2⤵
  PID:11808
- C:\Windows\System\TzsBBNs.exe
  C:\Windows\System\TzsBBNs.exe
  2⤵
  PID:11836
- C:\Windows\System\UXAnAQc.exe
  C:\Windows\System\UXAnAQc.exe
  2⤵
  PID:11864
- C:\Windows\System\VsSTEWv.exe
  C:\Windows\System\VsSTEWv.exe
  2⤵
  PID:11888
- C:\Windows\System\TCuTqBb.exe
  C:\Windows\System\TCuTqBb.exe
  2⤵
  PID:11920
- C:\Windows\System\kmdGxCH.exe
  C:\Windows\System\kmdGxCH.exe
  2⤵
  PID:11936
- C:\Windows\System\zpncCnJ.exe
  C:\Windows\System\zpncCnJ.exe
  2⤵
  PID:11976
- C:\Windows\System\VpnCTnQ.exe
  C:\Windows\System\VpnCTnQ.exe
  2⤵
  PID:11992
- C:\Windows\System\oIdGFDn.exe
  C:\Windows\System\oIdGFDn.exe
  2⤵
  PID:12028
- C:\Windows\System\spwnZME.exe
  C:\Windows\System\spwnZME.exe
  2⤵
  PID:12060
- C:\Windows\System\yjchnNO.exe
  C:\Windows\System\yjchnNO.exe
  2⤵
  PID:12108
- C:\Windows\System\IRlQfZU.exe
  C:\Windows\System\IRlQfZU.exe
  2⤵
  PID:12124
- C:\Windows\System\XSQwMvz.exe
  C:\Windows\System\XSQwMvz.exe
  2⤵
  PID:12152
- C:\Windows\System\VMqJYFJ.exe
  C:\Windows\System\VMqJYFJ.exe
  2⤵
  PID:12180
- C:\Windows\System\CwtynBQ.exe
  C:\Windows\System\CwtynBQ.exe
  2⤵
  PID:12208
- C:\Windows\System\tUpMHHv.exe
  C:\Windows\System\tUpMHHv.exe
  2⤵
  PID:12236
- C:\Windows\System\BUAWAwj.exe
  C:\Windows\System\BUAWAwj.exe
  2⤵
  PID:12264
- C:\Windows\System\aNqkMzu.exe
  C:\Windows\System\aNqkMzu.exe
  2⤵
  PID:12280
- C:\Windows\System\vXdsYto.exe
  C:\Windows\System\vXdsYto.exe
  2⤵
  PID:10704
- C:\Windows\System\iybFnRr.exe
  C:\Windows\System\iybFnRr.exe
  2⤵
  PID:11344
- C:\Windows\System\zZwaBRH.exe
  C:\Windows\System\zZwaBRH.exe
  2⤵
  PID:11416
- C:\Windows\System\AWhqmOC.exe
  C:\Windows\System\AWhqmOC.exe
  2⤵
  PID:11456
- C:\Windows\System\pYKBDmq.exe
  C:\Windows\System\pYKBDmq.exe
  2⤵
  PID:11540
- C:\Windows\System\pVhgKBh.exe
  C:\Windows\System\pVhgKBh.exe
  2⤵
  PID:11624
- C:\Windows\System\hJZowVi.exe
  C:\Windows\System\hJZowVi.exe
  2⤵
  PID:11712
- C:\Windows\System\qJWRjCj.exe
  C:\Windows\System\qJWRjCj.exe
  2⤵
  PID:11768
- C:\Windows\System\EGAdHIX.exe
  C:\Windows\System\EGAdHIX.exe
  2⤵
  PID:11852
- C:\Windows\System\sTrCXHF.exe
  C:\Windows\System\sTrCXHF.exe
  2⤵
  PID:11928
- C:\Windows\System\isplXCv.exe
  C:\Windows\System\isplXCv.exe
  2⤵
  PID:12004
- C:\Windows\System\xCkcZGU.exe
  C:\Windows\System\xCkcZGU.exe
  2⤵
  PID:12044
- C:\Windows\System\OwsMWni.exe
  C:\Windows\System\OwsMWni.exe
  2⤵
  PID:12144
- C:\Windows\System\GbpxrwM.exe
  C:\Windows\System\GbpxrwM.exe
  2⤵
  PID:12196
- C:\Windows\System\HQzcXWd.exe
  C:\Windows\System\HQzcXWd.exe
  2⤵
  PID:9604
- C:\Windows\System\pVjqZkb.exe
  C:\Windows\System\pVjqZkb.exe
  2⤵
  PID:11428
- C:\Windows\System\zQKsiXY.exe
  C:\Windows\System\zQKsiXY.exe
  2⤵
  PID:11448
- C:\Windows\System\ujxXPki.exe
  C:\Windows\System\ujxXPki.exe
  2⤵
  PID:11680
- C:\Windows\System\unJjQCR.exe
  C:\Windows\System\unJjQCR.exe
  2⤵
  PID:11984
- C:\Windows\System\dmEMayX.exe
  C:\Windows\System\dmEMayX.exe
  2⤵
  PID:12148
- C:\Windows\System\mTjiMPm.exe
  C:\Windows\System\mTjiMPm.exe
  2⤵
  PID:11740
- C:\Windows\System\XfUtVuB.exe
  C:\Windows\System\XfUtVuB.exe
  2⤵
  PID:11396
- C:\Windows\System\MEiNBOg.exe
  C:\Windows\System\MEiNBOg.exe
  2⤵
  PID:12292
- C:\Windows\System\PCirlKp.exe
  C:\Windows\System\PCirlKp.exe
  2⤵
  PID:12320
- C:\Windows\System\fVyhcjs.exe
  C:\Windows\System\fVyhcjs.exe
  2⤵
  PID:12344
- C:\Windows\System\vesdLZw.exe
  C:\Windows\System\vesdLZw.exe
  2⤵
  PID:12392
- C:\Windows\System\BRMaCuS.exe
  C:\Windows\System\BRMaCuS.exe
  2⤵
  PID:12424
- C:\Windows\System\IdKZEEL.exe
  C:\Windows\System\IdKZEEL.exe
  2⤵
  PID:12456
- C:\Windows\System\mUAQpAs.exe
  C:\Windows\System\mUAQpAs.exe
  2⤵
  PID:12484
- C:\Windows\System\EpdMqDA.exe
  C:\Windows\System\EpdMqDA.exe
  2⤵
  PID:12544
- C:\Windows\System\pwJVJJe.exe
  C:\Windows\System\pwJVJJe.exe
  2⤵
  PID:12576
- C:\Windows\System\DGIjRlL.exe
  C:\Windows\System\DGIjRlL.exe
  2⤵
  PID:12612
- C:\Windows\System\EGLetOP.exe
  C:\Windows\System\EGLetOP.exe
  2⤵
  PID:12640
- C:\Windows\System\DiWmdYH.exe
  C:\Windows\System\DiWmdYH.exe
  2⤵
  PID:12668
- C:\Windows\System\flTRBta.exe
  C:\Windows\System\flTRBta.exe
  2⤵
  PID:12696
- C:\Windows\System\LKUdliM.exe
  C:\Windows\System\LKUdliM.exe
  2⤵
  PID:12728
- C:\Windows\System\pQQWYBo.exe
  C:\Windows\System\pQQWYBo.exe
  2⤵
  PID:12748
- C:\Windows\System\OSvkowq.exe
  C:\Windows\System\OSvkowq.exe
  2⤵
  PID:12764
- C:\Windows\System\iMqDPrS.exe
  C:\Windows\System\iMqDPrS.exe
  2⤵
  PID:12780
- C:\Windows\System\OooQBvo.exe
  C:\Windows\System\OooQBvo.exe
  2⤵
  PID:12796
- C:\Windows\System\gFSpzUF.exe
  C:\Windows\System\gFSpzUF.exe
  2⤵
  PID:12824
- C:\Windows\System\ATYyawW.exe
  C:\Windows\System\ATYyawW.exe
  2⤵
  PID:12876
- C:\Windows\System\IAxrzuF.exe
  C:\Windows\System\IAxrzuF.exe
  2⤵
  PID:12908
- C:\Windows\System\xtfkLPs.exe
  C:\Windows\System\xtfkLPs.exe
  2⤵
  PID:12940
- C:\Windows\System\HkrNNiJ.exe
  C:\Windows\System\HkrNNiJ.exe
  2⤵
  PID:12980
- C:\Windows\System\eUkslAE.exe
  C:\Windows\System\eUkslAE.exe
  2⤵
  PID:13016
- C:\Windows\System\qrFyJKh.exe
  C:\Windows\System\qrFyJKh.exe
  2⤵
  PID:13036
- C:\Windows\System\rzXzYgu.exe
  C:\Windows\System\rzXzYgu.exe
  2⤵
  PID:13060
- C:\Windows\System\KzdzLQr.exe
  C:\Windows\System\KzdzLQr.exe
  2⤵
  PID:13100
- C:\Windows\System\JsWBgSr.exe
  C:\Windows\System\JsWBgSr.exe
  2⤵
  PID:13128
- C:\Windows\System\WUwzFvG.exe
  C:\Windows\System\WUwzFvG.exe
  2⤵
  PID:13160
- C:\Windows\System\bVagPiX.exe
  C:\Windows\System\bVagPiX.exe
  2⤵
  PID:13176
- C:\Windows\System\JEAnsTq.exe
  C:\Windows\System\JEAnsTq.exe
  2⤵
  PID:13208
- C:\Windows\System\MhwksiA.exe
  C:\Windows\System\MhwksiA.exe
  2⤵
  PID:13228
- C:\Windows\System\eZhAaiW.exe
  C:\Windows\System\eZhAaiW.exe
  2⤵
  PID:13248
- C:\Windows\System\OGjLMRl.exe
  C:\Windows\System\OGjLMRl.exe
  2⤵
  PID:13272
- C:\Windows\System\xDuYRta.exe
  C:\Windows\System\xDuYRta.exe
  2⤵
  PID:13304
- C:\Windows\System\BnQNaXy.exe
  C:\Windows\System\BnQNaXy.exe
  2⤵
  PID:12332
- C:\Windows\System\FLjemhH.exe
  C:\Windows\System\FLjemhH.exe
  2⤵
  PID:12436
- C:\Windows\System\oxPMjOk.exe
  C:\Windows\System\oxPMjOk.exe
  2⤵
  PID:12520
- C:\Windows\System\wxpdTYX.exe
  C:\Windows\System\wxpdTYX.exe
  2⤵
  PID:12636
- C:\Windows\System\qfgVbtk.exe
  C:\Windows\System\qfgVbtk.exe
  2⤵
  PID:12740
- C:\Windows\System\asTuCyh.exe
  C:\Windows\System\asTuCyh.exe
  2⤵
  PID:12840
- C:\Windows\System\yOtJurG.exe
  C:\Windows\System\yOtJurG.exe
  2⤵
  PID:12888
- C:\Windows\System\LyMHjBf.exe
  C:\Windows\System\LyMHjBf.exe
  2⤵
  PID:12936
- C:\Windows\System\GivvHZG.exe
  C:\Windows\System\GivvHZG.exe
  2⤵
  PID:12992
- C:\Windows\System\NLhhtsh.exe
  C:\Windows\System\NLhhtsh.exe
  2⤵
  PID:13076
- C:\Windows\System\YMbBntZ.exe
  C:\Windows\System\YMbBntZ.exe
  2⤵
  PID:13148
- C:\Windows\System\UnoXhzS.exe
  C:\Windows\System\UnoXhzS.exe
  2⤵
  PID:13220
- C:\Windows\System\zyWGJKP.exe
  C:\Windows\System\zyWGJKP.exe
  2⤵
  PID:13244
- C:\Windows\System\wurQpkx.exe
  C:\Windows\System\wurQpkx.exe
  2⤵
  PID:12420
- C:\Windows\System\QxwbomB.exe
  C:\Windows\System\QxwbomB.exe
  2⤵
  PID:12632
- C:\Windows\System\umRwWZp.exe
  C:\Windows\System\umRwWZp.exe
  2⤵
  PID:12720
- C:\Windows\System\qezUZPr.exe
  C:\Windows\System\qezUZPr.exe
  2⤵
  PID:12916
- C:\Windows\System\KYXoyQj.exe
  C:\Windows\System\KYXoyQj.exe
  2⤵
  PID:13092
- C:\Windows\System\vQwcyxV.exe
  C:\Windows\System\vQwcyxV.exe
  2⤵
  PID:13200
- C:\Windows\System\OTmkOJq.exe
  C:\Windows\System\OTmkOJq.exe
  2⤵
  PID:12512
- C:\Windows\System\IJNoSxg.exe
  C:\Windows\System\IJNoSxg.exe
  2⤵
  PID:12976
- C:\Windows\System\ADLVski.exe
  C:\Windows\System\ADLVski.exe
  2⤵
  PID:13192
- C:\Windows\System\DTcDDmM.exe
  C:\Windows\System\DTcDDmM.exe
  2⤵
  PID:12760
- C:\Windows\System\uoZUIxe.exe
  C:\Windows\System\uoZUIxe.exe
  2⤵
  PID:13316
- C:\Windows\System\UIfubja.exe
  C:\Windows\System\UIfubja.exe
  2⤵
  PID:13360
- C:\Windows\System\BtUaIZO.exe
  C:\Windows\System\BtUaIZO.exe
  2⤵
  PID:13388
- C:\Windows\System\nYZjYuI.exe
  C:\Windows\System\nYZjYuI.exe
  2⤵
  PID:13404
- C:\Windows\System\rFNiHcB.exe
  C:\Windows\System\rFNiHcB.exe
  2⤵
  PID:13444
- C:\Windows\System\ovjCwnk.exe
  C:\Windows\System\ovjCwnk.exe
  2⤵
  PID:13472
- C:\Windows\System\PrkuAHV.exe
  C:\Windows\System\PrkuAHV.exe
  2⤵
  PID:13500
- C:\Windows\System\KrRaZck.exe
  C:\Windows\System\KrRaZck.exe
  2⤵
  PID:13516
- C:\Windows\System\mQICXvN.exe
  C:\Windows\System\mQICXvN.exe
  2⤵
  PID:13548
- C:\Windows\System\EgzRvwz.exe
  C:\Windows\System\EgzRvwz.exe
  2⤵
  PID:13572
- C:\Windows\System\sNhVMYl.exe
  C:\Windows\System\sNhVMYl.exe
  2⤵
  PID:13596
- C:\Windows\System\AfRIRMp.exe
  C:\Windows\System\AfRIRMp.exe
  2⤵
  PID:13624
- C:\Windows\System\CffTQWa.exe
  C:\Windows\System\CffTQWa.exe
  2⤵
  PID:13668
- C:\Windows\System\YTnbyZO.exe
  C:\Windows\System\YTnbyZO.exe
  2⤵
  PID:13696
- C:\Windows\System\YXUiqkw.exe
  C:\Windows\System\YXUiqkw.exe
  2⤵
  PID:13712
- C:\Windows\System\pIecuAr.exe
  C:\Windows\System\pIecuAr.exe
  2⤵
  PID:13740
- C:\Windows\System\dqrQfUt.exe
  C:\Windows\System\dqrQfUt.exe
  2⤵
  PID:13768
- C:\Windows\System\urZUfvV.exe
  C:\Windows\System\urZUfvV.exe
  2⤵
  PID:13808
- C:\Windows\System\tCZyusZ.exe
  C:\Windows\System\tCZyusZ.exe
  2⤵
  PID:13836
- C:\Windows\System\yPayuFB.exe
  C:\Windows\System\yPayuFB.exe
  2⤵
  PID:13864
- C:\Windows\System\wPvSDge.exe
  C:\Windows\System\wPvSDge.exe
  2⤵
  PID:13892
- C:\Windows\System\acKSxrX.exe
  C:\Windows\System\acKSxrX.exe
  2⤵
  PID:13920
- C:\Windows\System\eeCiPsb.exe
  C:\Windows\System\eeCiPsb.exe
  2⤵
  PID:13948
- C:\Windows\System\cYPkfMI.exe
  C:\Windows\System\cYPkfMI.exe
  2⤵
  PID:13976
- C:\Windows\System\tIbFmsn.exe
  C:\Windows\System\tIbFmsn.exe
  2⤵
  PID:13996
- C:\Windows\System\GCUeBol.exe
  C:\Windows\System\GCUeBol.exe
  2⤵
  PID:14036
- C:\Windows\System\xtRmtSZ.exe
  C:\Windows\System\xtRmtSZ.exe
  2⤵
  PID:14064
- C:\Windows\System\MoRvxkA.exe
  C:\Windows\System\MoRvxkA.exe
  2⤵
  PID:14084
- C:\Windows\System\xpsdMrU.exe
  C:\Windows\System\xpsdMrU.exe
  2⤵
  PID:14120
- C:\Windows\System\HMjojVV.exe
  C:\Windows\System\HMjojVV.exe
  2⤵
  PID:14148
- C:\Windows\System\qUBltvW.exe
  C:\Windows\System\qUBltvW.exe
  2⤵
  PID:14176
- C:\Windows\System\YPCJFtO.exe
  C:\Windows\System\YPCJFtO.exe
  2⤵
  PID:14192
- C:\Windows\System\KwluDgo.exe
  C:\Windows\System\KwluDgo.exe
  2⤵
  PID:14220
- C:\Windows\System\egbMbDm.exe
  C:\Windows\System\egbMbDm.exe
  2⤵
  PID:14260
- C:\Windows\System\NmLxCEF.exe
  C:\Windows\System\NmLxCEF.exe
  2⤵
  PID:14280
- C:\Windows\System\hCqpZFF.exe
  C:\Windows\System\hCqpZFF.exe
  2⤵
  PID:14316
- C:\Windows\System\yiHxAhq.exe
  C:\Windows\System\yiHxAhq.exe
  2⤵
  PID:13044
- C:\Windows\System\yawNJkp.exe
  C:\Windows\System\yawNJkp.exe
  2⤵
  PID:4572
- C:\Windows\System\aEpjTFK.exe
  C:\Windows\System\aEpjTFK.exe
  2⤵
  PID:13376
- C:\Windows\System\xjHkhXR.exe
  C:\Windows\System\xjHkhXR.exe
  2⤵
  PID:13456
- C:\Windows\System\jYsuMBb.exe
  C:\Windows\System\jYsuMBb.exe
  2⤵
  PID:13488
- C:\Windows\System\HQXsbun.exe
  C:\Windows\System\HQXsbun.exe
  2⤵
  PID:13568
- C:\Windows\System\bZzRjWq.exe
  C:\Windows\System\bZzRjWq.exe
  2⤵
  PID:13612
- C:\Windows\System\pLHluwk.exe
  C:\Windows\System\pLHluwk.exe
  2⤵
  PID:13708
- C:\Windows\System\CuOVFZY.exe
  C:\Windows\System\CuOVFZY.exe
  2⤵
  PID:13732
- C:\Windows\System\FcCVPrO.exe
  C:\Windows\System\FcCVPrO.exe
  2⤵
  PID:13820
- C:\Windows\System\ZOKQvUP.exe
  C:\Windows\System\ZOKQvUP.exe
  2⤵
  PID:13852
- C:\Windows\System\DRyeawB.exe
  C:\Windows\System\DRyeawB.exe
  2⤵
  PID:13932
- C:\Windows\System\VHpBnRM.exe
  C:\Windows\System\VHpBnRM.exe
  2⤵
  PID:13984
- C:\Windows\System\PWwdovz.exe
  C:\Windows\System\PWwdovz.exe
  2⤵
  PID:14048
- C:\Windows\System\fnkhksp.exe
  C:\Windows\System\fnkhksp.exe
  2⤵
  PID:14132
- C:\Windows\System\mvMnwbK.exe
  C:\Windows\System\mvMnwbK.exe
  2⤵
  PID:14244
- C:\Windows\System\WCEupWS.exe
  C:\Windows\System\WCEupWS.exe
  2⤵
  PID:14268
- C:\Windows\System\MQGcMyy.exe
  C:\Windows\System\MQGcMyy.exe
  2⤵
  PID:13348
- C:\Windows\System\VgpSTzR.exe
  C:\Windows\System\VgpSTzR.exe
  2⤵
  PID:13372
- C:\Windows\System\SpbKCwT.exe
  C:\Windows\System\SpbKCwT.exe
  2⤵
  PID:13544
- C:\Windows\System\PrVqxus.exe
  C:\Windows\System\PrVqxus.exe
  2⤵
  PID:12904
- C:\Windows\System\UQMuCYs.exe
  C:\Windows\System\UQMuCYs.exe
  2⤵
  PID:13888
- C:\Windows\System\ebVgPKX.exe
  C:\Windows\System\ebVgPKX.exe
  2⤵
  PID:14028
- C:\Windows\System\sckqmMs.exe
  C:\Windows\System\sckqmMs.exe
  2⤵
  PID:14116
- C:\Windows\System\medJgkE.exe
  C:\Windows\System\medJgkE.exe
  2⤵
  PID:14324
- C:\Windows\System\PEbaVml.exe
  C:\Windows\System\PEbaVml.exe
  2⤵
  PID:13652

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\COXCYaR.exe

Filesize
2.0MB

MD5
8744bdff7aeb1ca8159ca676803f2075

SHA1
2f93215b8ce4f5ad1d31651fde07dbd6742d785f

SHA256
cf55da34b5f5635d3021f4739e1647e439c7f3e604d93798718a60c33cd8eaa1

SHA512
f7351c31d5b20702e1eec074c1d9618900288823f7a2bbeabc47da85904f236e6e8f16bdab5ac69872f8a2838a324033c24735ffbfbf8df3f677404eb53732cc

Download Submit
C:\Windows\System\FmLSjXx.exe

Filesize
2.0MB

MD5
e303518213a3ddcdeea55e5533abdd37

SHA1
3534993bc486f25494a0accc8369860adf750ea7

SHA256
70d432151364b10a13309c74383b2498d98c32659299fb7a22d89dbce5c88c20

SHA512
53af45e807995975f8686fe450e76376c47c26fda2696c43eca993686ab73c8ff7e344ea46184dc26af509508f404d7ef5716488d3b0d274e1c4ffe0309874b8

Download Submit
C:\Windows\System\HmQHqaQ.exe

Filesize
2.0MB

MD5
4e19326539ec866c37f3fc17f6188f07

SHA1
497e625d78fcf551d3a604c7398ae4abd0c8412e

SHA256
99d8ff46725a23f38b52aa3299dcf6021a8334f6dd62e93db9be0fe0d921cb74

SHA512
45f5515d700a8a37738c88a8d64e84708998b5316284394dfa3ccfa91cc9ee67b5a59ca368c635e91bddd624af7300a3e06b5bb7ff65b0133d8968d8cd444eff

Download Submit
C:\Windows\System\IRmqkeb.exe

Filesize
2.0MB

MD5
270a1cc84bffec16d2c37e83d9789030

SHA1
630c9d4edfa3a2f481a944b025ad3dc86299e3b8

SHA256
f242a9b3cb198470252c47404d66030c7ca028e87f6ecf0c2f05dc3bfadb5a2c

SHA512
caa76cde728d37851e228597248a23720a59ca9d3b96c8c61334fccf438464c05516b9053eca37f1e7cd6e9a52bd25b7474f4a87bd2fddbf1abbb7b6aedf5a80

Download Submit
C:\Windows\System\KeOgOXS.exe

Filesize
2.0MB

MD5
b2089af986ab537059d7313e319e2987

SHA1
f4aaeb9c9441035611c141e525bc6965e266a12d

SHA256
abfb774d730c5bb14e9e650ceb0d1474cabed42fcf3a4afa5b841a7875363609

SHA512
53532cd064cccedf77a4a6b47b63de40173f00e4771b49b91a72c2d19b38f9afa8b145a41b29a6061ad5ab5bf08a4f3c83b8012b5ee5a72c885875dc1176f778

Download Submit
C:\Windows\System\MwGXJDF.exe

Filesize
2.0MB

MD5
d6b7bf204e09b631ebd28eb3116c20a8

SHA1
bdc68332c09d1c163e98a817cafc0b9aaf2146a8

SHA256
91620efc68a8e725bbc599d5b1a7d5598606f8927bccaa44be613055aed59307

SHA512
1c5777d8ac657e60b64099238ef4ada06fe7a411611f55fbe736c3c47d9554ce91250db839c557a914e89a5e591226f1b227f6a98ed76397fc210423b9bac1da

Download Submit
C:\Windows\System\PbslCRZ.exe

Filesize
2.0MB

MD5
c869a2e8418011deb08bad81790a816b

SHA1
c304665f614c6d7719838b33fa4bd2786d23e111

SHA256
0420653f0778413c6b478094b0c6ea9c22aa90126fa23106326ab11cf678db68

SHA512
b91b7ed2ca1df6ccbbd776b45d13250b6a2a98eb347c357e455cec6eb7cd978d61eec01cba5009c2f500a2dd3ea1c907433ed9c9c93ef279b10fbaa3e18f2acf

Download Submit
C:\Windows\System\PfOOBpz.exe

Filesize
2.0MB

MD5
e47d696d5c91e41e7a092bb9f1dfaede

SHA1
54e46b9c15425583ce59be5e73fd04f583c55c6f

SHA256
29ff969576343299f7b1e1ecfc2e4d64c7722e7e5b9ad801699be5462ce1dfff

SHA512
fed15805a0770315193cc36aa1e0b4d176698672275d918cdbe965b6d4c05b940b562a6a9577d8d5a31549acb1df32ffd69df253b3eeff1ee48002903d66e919

Download Submit
C:\Windows\System\RRUgtCp.exe

Filesize
2.0MB

MD5
276e4d2ab56f514288fcce0c56e49f19

SHA1
4e4848ab9adaab55ab09075bb8fa2b1eefd3e74f

SHA256
f11bdd7b96f27fc737922e0d7457ebe9c00b99fa9dae96b6164efa1fe267326b

SHA512
75cdb77934fd58589a8f87f676048fe28ecdfe2f301732c155facd57a0eb0383bdf760d0a13a7f49040648f8341a5b31c771839be8e9fb1368a39669d6ed8765

Download Submit
C:\Windows\System\RUmwXVQ.exe

Filesize
2.0MB

MD5
aa55237314855adda444ed41a3a48a19

SHA1
5fc5c85a1b8f68ae28d4b1cc37dc6221fc8aa2d4

SHA256
228c696dfb66531e7fd6de2741dd48a3e14281a69ab3f01c557d0f43c5e01846

SHA512
be0263bf4e3a134715ba7271f434db0c191d20ae282ab1bd7e0d6e0034aba397c80779041e42511cb9ad3b0dd9a43a7e7a927f45877380f0cd0ad02fbf716906

Download Submit
C:\Windows\System\SGhyOPw.exe

Filesize
2.0MB

MD5
00ffaf68526e8390b2c830241a75f36c

SHA1
5ead0fcfb630934997d6efaf800cdd2acb0c20b2

SHA256
f9d0ab53fd723f2c5cd1b0522c9a3ea4341445d554bd68ec45bb3953743aaeb7

SHA512
df049406919d8268cb67c171c0b37f243fdda7d40461792e884a568db5e253764aaa8fa535f51b7c11c3d09e458a7ead98d81d64addec2768ed8ad9b130e7398

Download Submit
C:\Windows\System\VxvRBpD.exe

Filesize
2.0MB

MD5
04643bbbe0b11639ec32e214e82586cb

SHA1
66bb26f6f4f5aa4582b754110875de95b3fd33cd

SHA256
0812a21d54fcf231808587ba830566814591bb2b67aa952142791c5990e4052a

SHA512
a4f1298031f01f2588d9a40db471a2e5280d01d09523daf00854d6b0ecf072babd7fa043aad26a29fa43d1fb352905a59bfd2acf4956a1d12eb06316e8241ad1

Download Submit
C:\Windows\System\buHTSfP.exe

Filesize
2.0MB

MD5
f65136d887a3d308d5bcc340a242bd54

SHA1
d1bc672b81c282875496def86c025a3c9ba099b8

SHA256
348ba5e9845337b7a3ad5f07d2e2f7ef3fb24d6b1e8d90b71f73b74d0019c695

SHA512
015766601949fb1510c494adcb7ecb7473e6008f2fa4fd5e752534393f673a9d4d5cf59b7793560a351bd54592d360bef4dcce81ba6d0365b735cace3e1aa362

Download Submit
C:\Windows\System\dTbgyVQ.exe

Filesize
2.0MB

MD5
e1d3e4d22b6c1e84d7c3294856089cf4

SHA1
83c27134b6dce3b54019ac64e0b548fd0d65e0f4

SHA256
d26761f1e6519a4cadd60235ded85d0a8a6083481448f069d0012f688b4637b7

SHA512
f24708ef1772e75491141450bead74a0d53a0953a0c03ae8b52edade01334ffa48b0e51ff3276a217681758068e437494685023cdb922c691c5361e9da28fba2

Download Submit
C:\Windows\System\daNfaEX.exe

Filesize
2.0MB

MD5
ea50fb11210885bf6f433e6c9ecdf1c6

SHA1
ad3c8b0e78122b8ecb48043991dfb6e26e2871d9

SHA256
a1e29b3bc014a36bd45663f7419298cbabda3f59c6da194e68dbbda575ced657

SHA512
da0354129da3f0477f006aaec10f7f26f42d28ef08d1d47a4555c666514b59ef12b5ecd98a4cea039578df11ebea9788a5cb7b5e0beaa202204f73bd98a36820

Download Submit
C:\Windows\System\dijCaRC.exe

Filesize
2.0MB

MD5
ffb6979ee8f4865128507467a6d4fa39

SHA1
38962c64a69ba4471c41982ecc5966b51958a958

SHA256
72a8a1237df29ac94cdff3aedfd597eaa942444d05a03d3cb60ebf3fbc532b3d

SHA512
830c3deec4f239cb8a32568c40f5324a0752e2986f2c0d97569b12ff33b4c6fddb2c17adc7372f88fd244c8c9bd0e5c49fe50ede12e57d992ad63c22ba50dbbc

Download Submit
C:\Windows\System\eQryCsp.exe

Filesize
2.0MB

MD5
b2b4bc2f09b0a1629f27739d87650c01

SHA1
88c6ab38093e51a42fca2c6ecdb16c315586ddfc

SHA256
6b4ad38dd8c0cc4e151b3fa80154415f2adc8d3e081ffca920c5d17a75eb2cd9

SHA512
dff73a115fe64cc5b102d569b542e8dbdc3b1eb235811f3e089bf0e450420a70ec9a3cdd4cffb79e4d8422dc3de9e5ea8b78ef309d223070aef4f0194daafab6

Download Submit
C:\Windows\System\erPNeUB.exe

Filesize
2.0MB

MD5
bb78b1ce082e0e4a4b66a0c4edc29add

SHA1
af02a1cce7af3778a018fc307d5e15fe8e9e7664

SHA256
e240ed783cb1a6b46c45db8b9906aaf8599fd3ff4d88dc29933684526cba8dfd

SHA512
3b3f24b5dbe29bc98b00511794d92342e2250b8bfac7c68e9847d098bb03be46c1e02d73feae6bfdcb4272ee007066f25da6686103b1db93c42ddd7235dc429b

Download Submit
C:\Windows\System\gSZqizb.exe

Filesize
2.0MB

MD5
5ca71818810ea5a376af07ea7290fe74

SHA1
4324a6b129b5e71b15a9a9410a2a7be90639cd75

SHA256
05e94115c4bd576de1d3f8009ff09f22c388b101ba0008e1a222b77d17f44eb4

SHA512
f8adcd8b2f913eb172656897d43bb6cdb81256d97c1accfc8961f710ce0430938c6c65466aa8b70fe88ea871dff22ba5dcc06317208b4f1c36629d7a37d00f3c

Download Submit
C:\Windows\System\mQkeyGt.exe

Filesize
2.0MB

MD5
adc88237c6bd8c65c6c31b461b7a20da

SHA1
be4f924491910f87be9bc7f698ba3436805906bd

SHA256
c58f13bbf6dcbbc97a83158aec7bc6183865097d2ab417543668f47158b46989

SHA512
6bceb7671a5335063abca2708d26aaa8501955ee3a688ab535cc37767a6b6cba4bc546685c5f75c318b3f54d9a88b5e2069e4e2226d5d66d0a297254f8eb4589

Download Submit
C:\Windows\System\mlIyvfV.exe

Filesize
2.0MB

MD5
2980faaa774a83599b572c331fcd723e

SHA1
63cfc2bda909db7ab60146517c5e7032452a1d37

SHA256
413e0124814dabf1149aa7cf1698312f50f7bf8b39f339c6fb661ff55979c79f

SHA512
84c3d7168c065dc9fed452f98c7d6cd5822059100d6fe15d4001e2107f18b83bf59f891fe70c360dabe4481d753614c0fcb9be324b9ce26d7278e3db5d552966

Download Submit
C:\Windows\System\ndMjCeE.exe

Filesize
2.0MB

MD5
7cb0f7c4f5a7ea19c95884170de95b58

SHA1
a7f0eb9a7a131bcea4cbe139d44946318819a3f9

SHA256
3a1b07241b1e997f7fbdc621763050049dfa0e1c9a98b65b44a152aade8caada

SHA512
1b2084664981659bb0b0cb16a4e099a278e864753db720de4846993d7b096b895f0a4eb9310b7a38198698d3b77b0d29e543f66203d8a45deb77f80396aba782

Download Submit
C:\Windows\System\nlcUQLh.exe

Filesize
2.0MB

MD5
b4d25c166db5f91827ef8a91e7589bd5

SHA1
b2a969697a7bc64eace0b10b15a16976828b8e62

SHA256
6e6d94e71ea315e614be363834a1f68098cbc41a4e823db8554a8759f72152ea

SHA512
2157f5bf0ef414951fcd199f67a4d561f790f2d2f6978d1280850f38f1a0a09bd022f2eb460c2841125c8eaf5b37b1cf4dec1d17510ec2ac85200ef5423e7d84

Download Submit
C:\Windows\System\orGpmkC.exe

Filesize
2.0MB

MD5
3fba6f4d51dd7cc4bd08f1a79fa1b7ac

SHA1
3d2632c4d004306f68fbf1fcd25a5ea23fdcc23f

SHA256
1e16c23ffb4665d97cf9d8a06ebccb6fd52ad1a4798ddaea8c15c15a2c82f55e

SHA512
5ac6703921960fbcae02553bdf4478f5093154cfa1e718c375e4b0e7d2d75772544103a7b5ed82a15cffb8ceef1aff5e8c720aea09995445c50b9b5c17113155

Download Submit
C:\Windows\System\pmLCIRc.exe

Filesize
2.0MB

MD5
3da1944358d8b35932a949e30dc21e76

SHA1
adc971240b3182d5dc5f2123e73d0af07944d965

SHA256
a4347a5262ec8515e3de262efce0ef986e031fc4293d207f779215620dd5c8c4

SHA512
515124eec4879e89b4212a6911e141915b78738a0ae64de24a6a9464258fdf91bc26155d519a47468ea7e3bdc8bc05b953b1a4179a503902499bec80672a3868

Download Submit
C:\Windows\System\shvAreF.exe

Filesize
2.0MB

MD5
ef7c20ebf683bbc8a6eae57204191d2f

SHA1
b543b725b9a2e5ec27d685bbd0c1a170909a1d3d

SHA256
887a56ace43fd64feb2bf10e163f43d5dd801c7873f30fc542ff16ccfda2c27e

SHA512
a6bc7c4301c82d3f4d3809221a5c30b72e03ef54939007cd904b2829c18e62d2fb7141c049e3222c0dca06c0d3f48ae12eb6d804e72ed76a66c4367ca078e203

Download Submit
C:\Windows\System\uQlLjnK.exe

Filesize
2.0MB

MD5
b64baf12b5c8c7a059ad23d6150ee85e

SHA1
7827156ddee9874608398026e388eaaf7f41f82f

SHA256
824e6ed69523f77165d3b02d3d8c3640eb7cc4f6ba0d9d7cccb72069926a2d54

SHA512
9c703dd5bbe4ee7af7ad36510599379f51e4600c3e35fc0f9b97d5676b883fb0d9438c9e7e9935e5538c8caf35f84f6c1a1df581c8bdeee88901e14e2a2ff72e

Download Submit
C:\Windows\System\vQPNKUX.exe

Filesize
2.0MB

MD5
81fdb1918c3156118cc2e9906b081ef0

SHA1
c3b5a9cd4ea2fa9662347e9b013f901206706136

SHA256
da577e7d4bbac266e855173d7d0153a7d61545b8adbccda239cfbb43e677f1a9

SHA512
5e61d28f697f6d7fd9417104322109b98d0338bd11c35d0d95e398e25649fb3fa2abb5109a8f1a7522a19aa6da23f3edeb5c570739a928aab5d6708f5005bc2f

Download Submit
C:\Windows\System\xOHWorR.exe

Filesize
2.0MB

MD5
a51f773f194ab139c9ef1034167f1404

SHA1
5d66c83c22a85a01ff12aa3bbdabd955db604b2c

SHA256
d1d9d5d45908758d126c412089ec8b4c5b98086764fbff356846d1549576f601

SHA512
2790170c53732d8c8df89807374cf830d9c9c96fe154e4f441941bb1ac60bdb98871aa2ab5e13ce1538f407a41466f566fa88ea5fd96c28b2c027245325e61f3

Download Submit
C:\Windows\System\xrHpnEF.exe

Filesize
2.0MB

MD5
2be7574626b07240c40c1f4bf6ad5f03

SHA1
16df3d8a1ae9cc2109013c91ec1b21d9191c3ae6

SHA256
bd356463f3baad66842af25f79eaf073403e9b8e1efa2a350105e5d91a787d70

SHA512
989b8bfbb856b00f1fc2d245d77600de17c715001b8fbbe609749eac85f9ed51dd6579d8be9f1f29b73c2ceefcd9c385b04a78aaac139d47348c6b100fd38514

Download Submit
C:\Windows\System\xsFBLQE.exe

Filesize
2.0MB

MD5
64d069c23f0c082e3a469939fffa8dee

SHA1
8b3cd8e83aa8373a90373118a8b133744312b281

SHA256
fe086a9a1f87ff7bcf5a78ac5fb29b6a53388e80caa376436f228084529acddc

SHA512
ec21ea0a1a225964b5643fbf4d87056c0f6693f9d027401622851b7cb7c959a1dff2cf7e13672a3d7da00ce0f627e5c9a1aae43c357f225c77d053e8b231b7c6

Download Submit
C:\Windows\System\yYPrSsC.exe

Filesize
2.0MB

MD5
34ffa18c8a01ac401f6bb9dce891714d

SHA1
42da0f9c47dfdef6e48869db988f3bfea2267ff0

SHA256
ecf9414dc09b109de86bb279f6329dca515abce5ae2151fe97402385371ae1de

SHA512
6fb368f4e2cfcc7eeb8f9bcceb7fcc1374c5dee4be132471fdf6b483b5f1921ecb70422b7174dfddb65c6534efbc302b2f98d4867d1af4b7975d543d37073d8b

Download Submit
C:\Windows\System\yqOwMBt.exe

Filesize
2.0MB

MD5
3b43f289a9f5e35dd9799b8895f5cace

SHA1
e0c864bd3d6bca73b4ac5b644b1d7887398c4a63

SHA256
b66cdd9765a994b2526b2ad2b10ff9730428a579d8f20011e122cf19924e125b

SHA512
9a69ffa5d83e1f2d5f5f287605b5118aebe1a3a51495ca0379527504275746a9393b9781c8c4583b6b0d8e56eb7ff8ee76b369e37dcfc354a22898d10a86c222

Download Submit
memory/776-2121-0x00007FF60BDD0000-0x00007FF60C124000-memory.dmp

Filesize
3.3MB

Download
memory/776-547-0x00007FF60BDD0000-0x00007FF60C124000-memory.dmp

Filesize
3.3MB

Download
memory/796-524-0x00007FF710B40000-0x00007FF710E94000-memory.dmp

Filesize
3.3MB

Download
memory/796-2113-0x00007FF710B40000-0x00007FF710E94000-memory.dmp

Filesize
3.3MB

Download
memory/944-17-0x00007FF648560000-0x00007FF6488B4000-memory.dmp

Filesize
3.3MB

Download
memory/944-2108-0x00007FF648560000-0x00007FF6488B4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-51-0x00007FF795010000-0x00007FF795364000-memory.dmp

Filesize
3.3MB

Download
memory/1348-2116-0x00007FF795010000-0x00007FF795364000-memory.dmp

Filesize
3.3MB

Download
memory/1364-2128-0x00007FF671CE0000-0x00007FF672034000-memory.dmp

Filesize
3.3MB

Download
memory/1364-540-0x00007FF671CE0000-0x00007FF672034000-memory.dmp

Filesize
3.3MB

Download
memory/1608-526-0x00007FF6CAD30000-0x00007FF6CB084000-memory.dmp

Filesize
3.3MB

Download
memory/1608-2119-0x00007FF6CAD30000-0x00007FF6CB084000-memory.dmp

Filesize
3.3MB

Download
memory/1704-2136-0x00007FF75D8A0000-0x00007FF75DBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-593-0x00007FF75D8A0000-0x00007FF75DBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2112-0x00007FF7A84B0000-0x00007FF7A8804000-memory.dmp

Filesize
3.3MB

Download
memory/1880-47-0x00007FF7A84B0000-0x00007FF7A8804000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2115-0x00007FF76F090000-0x00007FF76F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2107-0x00007FF76F090000-0x00007FF76F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-52-0x00007FF76F090000-0x00007FF76F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-525-0x00007FF74C6F0000-0x00007FF74CA44000-memory.dmp

Filesize
3.3MB

Download
memory/2180-2117-0x00007FF74C6F0000-0x00007FF74CA44000-memory.dmp

Filesize
3.3MB

Download
memory/2312-596-0x00007FF6AA5A0000-0x00007FF6AA8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2129-0x00007FF6AA5A0000-0x00007FF6AA8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-46-0x00007FF739FB0000-0x00007FF73A304000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2114-0x00007FF739FB0000-0x00007FF73A304000-memory.dmp

Filesize
3.3MB

Download
memory/2600-21-0x00007FF6D2E60000-0x00007FF6D31B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2110-0x00007FF6D2E60000-0x00007FF6D31B4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-543-0x00007FF70BBE0000-0x00007FF70BF34000-memory.dmp

Filesize
3.3MB

Download
memory/2620-2124-0x00007FF70BBE0000-0x00007FF70BF34000-memory.dmp

Filesize
3.3MB

Download
memory/2784-562-0x00007FF72F080000-0x00007FF72F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2135-0x00007FF72F080000-0x00007FF72F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-527-0x00007FF615C10000-0x00007FF615F64000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2120-0x00007FF615C10000-0x00007FF615F64000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2131-0x00007FF6014D0000-0x00007FF601824000-memory.dmp

Filesize
3.3MB

Download
memory/3060-566-0x00007FF6014D0000-0x00007FF601824000-memory.dmp

Filesize
3.3MB

Download
memory/3124-590-0x00007FF7DD9F0000-0x00007FF7DDD44000-memory.dmp

Filesize
3.3MB

Download
memory/3124-2122-0x00007FF7DD9F0000-0x00007FF7DDD44000-memory.dmp

Filesize
3.3MB

Download
memory/3292-2111-0x00007FF6BC170000-0x00007FF6BC4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3292-523-0x00007FF6BC170000-0x00007FF6BC4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-532-0x00007FF791710000-0x00007FF791A64000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2126-0x00007FF791710000-0x00007FF791A64000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2133-0x00007FF7A5DE0000-0x00007FF7A6134000-memory.dmp

Filesize
3.3MB

Download
memory/3424-576-0x00007FF7A5DE0000-0x00007FF7A6134000-memory.dmp

Filesize
3.3MB

Download
memory/3472-58-0x00007FF79EB30000-0x00007FF79EE84000-memory.dmp

Filesize
3.3MB

Download
memory/3472-2109-0x00007FF79EB30000-0x00007FF79EE84000-memory.dmp

Filesize
3.3MB

Download
memory/3696-588-0x00007FF76EC80000-0x00007FF76EFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3696-2130-0x00007FF76EC80000-0x00007FF76EFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3856-2132-0x00007FF607480000-0x00007FF6077D4000-memory.dmp

Filesize
3.3MB

Download
memory/3856-569-0x00007FF607480000-0x00007FF6077D4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-536-0x00007FF6CD160000-0x00007FF6CD4B4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-2127-0x00007FF6CD160000-0x00007FF6CD4B4000-memory.dmp

Filesize
3.3MB

Download
memory/4284-552-0x00007FF7066D0000-0x00007FF706A24000-memory.dmp

Filesize
3.3MB

Download
memory/4284-2125-0x00007FF7066D0000-0x00007FF706A24000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2123-0x00007FF708570000-0x00007FF7088C4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-585-0x00007FF708570000-0x00007FF7088C4000-memory.dmp

Filesize
3.3MB

Download
memory/4444-557-0x00007FF6E2120000-0x00007FF6E2474000-memory.dmp

Filesize
3.3MB

Download
memory/4444-2134-0x00007FF6E2120000-0x00007FF6E2474000-memory.dmp

Filesize
3.3MB

Download
memory/4548-600-0x00007FF7223E0000-0x00007FF722734000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2118-0x00007FF7223E0000-0x00007FF722734000-memory.dmp

Filesize
3.3MB

Download
memory/4704-0-0x00007FF70DD30000-0x00007FF70E084000-memory.dmp

Filesize
3.3MB

Download
memory/4704-1-0x000001A367A60000-0x000001A367A70000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads