xmrig | 057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013

Analysis

max time kernel
110s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
Size

1.4MB
MD5

b7ef92165a33709db864d1048e0665bf
SHA1

b39d2eac130cfe0408ea21cb8e50bb8dddb30a1d
SHA256

057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013
SHA512

c801471a79dd9507396d3e44426d70bce04f78c388905805772bce104138abe372882fe69e10cbeb30c46f42c88c6d63c7ff01a8d983815c7ef86b23b33cf712
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlia+zzDwD/YCgU+Lqq6a9vu2kjGAiYYqmLR7eyCZzq:knw9oUUEEDlnDwq6xkGA78LR7eyjVB

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3712-0-0x00007FF6689B0000-0x00007FF668DA1000-memory.dmp	UPX
behavioral2/files/0x000900000002328e-5.dat	UPX
behavioral2/files/0x0007000000023406-7.dat	UPX
behavioral2/files/0x0008000000023405-12.dat	UPX
behavioral2/files/0x0007000000023407-16.dat	UPX
behavioral2/files/0x0007000000023409-29.dat	UPX
behavioral2/memory/3624-28-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp	UPX
behavioral2/files/0x0007000000023408-33.dat	UPX
behavioral2/files/0x000700000002340a-41.dat	UPX
behavioral2/files/0x000700000002340c-50.dat	UPX
behavioral2/files/0x0007000000023410-70.dat	UPX
behavioral2/files/0x0007000000023414-93.dat	UPX
behavioral2/files/0x000700000002341a-120.dat	UPX
behavioral2/files/0x000700000002341c-133.dat	UPX
behavioral2/files/0x0007000000023423-164.dat	UPX
behavioral2/memory/4380-434-0x00007FF7429F0000-0x00007FF742DE1000-memory.dmp	UPX
behavioral2/memory/2676-442-0x00007FF70D550000-0x00007FF70D941000-memory.dmp	UPX
behavioral2/memory/3340-427-0x00007FF7E6320000-0x00007FF7E6711000-memory.dmp	UPX
behavioral2/memory/4216-447-0x00007FF65E950000-0x00007FF65ED41000-memory.dmp	UPX
behavioral2/memory/3656-450-0x00007FF77CF60000-0x00007FF77D351000-memory.dmp	UPX
behavioral2/memory/2068-457-0x00007FF6C3C70000-0x00007FF6C4061000-memory.dmp	UPX
behavioral2/memory/2464-464-0x00007FF642510000-0x00007FF642901000-memory.dmp	UPX
behavioral2/memory/5068-490-0x00007FF64E000000-0x00007FF64E3F1000-memory.dmp	UPX
behavioral2/memory/3224-499-0x00007FF6B9180000-0x00007FF6B9571000-memory.dmp	UPX
behavioral2/memory/1600-501-0x00007FF788AB0000-0x00007FF788EA1000-memory.dmp	UPX
behavioral2/memory/3152-509-0x00007FF70BE70000-0x00007FF70C261000-memory.dmp	UPX
behavioral2/memory/2392-537-0x00007FF786600000-0x00007FF7869F1000-memory.dmp	UPX
behavioral2/memory/3764-544-0x00007FF6B3940000-0x00007FF6B3D31000-memory.dmp	UPX
behavioral2/memory/4744-542-0x00007FF78CF70000-0x00007FF78D361000-memory.dmp	UPX
behavioral2/memory/1592-536-0x00007FF76B2F0000-0x00007FF76B6E1000-memory.dmp	UPX
behavioral2/memory/4628-530-0x00007FF76BD80000-0x00007FF76C171000-memory.dmp	UPX
behavioral2/memory/4464-518-0x00007FF73EE90000-0x00007FF73F281000-memory.dmp	UPX
behavioral2/memory/5044-516-0x00007FF7C8240000-0x00007FF7C8631000-memory.dmp	UPX
behavioral2/memory/1736-476-0x00007FF7826A0000-0x00007FF782A91000-memory.dmp	UPX
behavioral2/memory/544-467-0x00007FF789710000-0x00007FF789B01000-memory.dmp	UPX
behavioral2/files/0x0007000000023424-166.dat	UPX
behavioral2/files/0x0007000000023422-160.dat	UPX
behavioral2/files/0x0007000000023421-155.dat	UPX
behavioral2/files/0x0007000000023420-150.dat	UPX
behavioral2/files/0x000700000002341f-148.dat	UPX
behavioral2/files/0x000700000002341e-140.dat	UPX
behavioral2/files/0x000700000002341d-135.dat	UPX
behavioral2/files/0x000700000002341b-128.dat	UPX
behavioral2/files/0x0007000000023419-118.dat	UPX
behavioral2/files/0x0007000000023418-113.dat	UPX
behavioral2/files/0x0007000000023417-108.dat	UPX
behavioral2/files/0x0007000000023416-100.dat	UPX
behavioral2/files/0x0007000000023415-98.dat	UPX
behavioral2/files/0x0007000000023413-88.dat	UPX
behavioral2/files/0x0007000000023412-83.dat	UPX
behavioral2/files/0x0007000000023411-78.dat	UPX
behavioral2/files/0x000700000002340f-68.dat	UPX
behavioral2/files/0x000700000002340e-60.dat	UPX
behavioral2/files/0x000700000002340d-58.dat	UPX
behavioral2/files/0x000700000002340b-48.dat	UPX
behavioral2/memory/2636-32-0x00007FF6D61D0000-0x00007FF6D65C1000-memory.dmp	UPX
behavioral2/memory/3184-22-0x00007FF619600000-0x00007FF6199F1000-memory.dmp	UPX
behavioral2/memory/2280-14-0x00007FF6EF340000-0x00007FF6EF731000-memory.dmp	UPX
behavioral2/memory/3184-2008-0x00007FF619600000-0x00007FF6199F1000-memory.dmp	UPX
behavioral2/memory/3624-2009-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp	UPX
behavioral2/memory/3340-2010-0x00007FF7E6320000-0x00007FF7E6711000-memory.dmp	UPX
behavioral2/memory/2280-2013-0x00007FF6EF340000-0x00007FF6EF731000-memory.dmp	UPX
behavioral2/memory/3624-2044-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp	UPX
behavioral2/memory/2636-2030-0x00007FF6D61D0000-0x00007FF6D65C1000-memory.dmp	UPX

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral2/memory/4380-434-0x00007FF7429F0000-0x00007FF742DE1000-memory.dmp	xmrig
behavioral2/memory/2676-442-0x00007FF70D550000-0x00007FF70D941000-memory.dmp	xmrig
behavioral2/memory/3340-427-0x00007FF7E6320000-0x00007FF7E6711000-memory.dmp	xmrig
behavioral2/memory/4216-447-0x00007FF65E950000-0x00007FF65ED41000-memory.dmp	xmrig
behavioral2/memory/3656-450-0x00007FF77CF60000-0x00007FF77D351000-memory.dmp	xmrig
behavioral2/memory/2068-457-0x00007FF6C3C70000-0x00007FF6C4061000-memory.dmp	xmrig
behavioral2/memory/2464-464-0x00007FF642510000-0x00007FF642901000-memory.dmp	xmrig
behavioral2/memory/5068-490-0x00007FF64E000000-0x00007FF64E3F1000-memory.dmp	xmrig
behavioral2/memory/3224-499-0x00007FF6B9180000-0x00007FF6B9571000-memory.dmp	xmrig
behavioral2/memory/1600-501-0x00007FF788AB0000-0x00007FF788EA1000-memory.dmp	xmrig
behavioral2/memory/3152-509-0x00007FF70BE70000-0x00007FF70C261000-memory.dmp	xmrig
behavioral2/memory/2392-537-0x00007FF786600000-0x00007FF7869F1000-memory.dmp	xmrig
behavioral2/memory/3764-544-0x00007FF6B3940000-0x00007FF6B3D31000-memory.dmp	xmrig
behavioral2/memory/4744-542-0x00007FF78CF70000-0x00007FF78D361000-memory.dmp	xmrig
behavioral2/memory/1592-536-0x00007FF76B2F0000-0x00007FF76B6E1000-memory.dmp	xmrig
behavioral2/memory/4628-530-0x00007FF76BD80000-0x00007FF76C171000-memory.dmp	xmrig
behavioral2/memory/4464-518-0x00007FF73EE90000-0x00007FF73F281000-memory.dmp	xmrig
behavioral2/memory/5044-516-0x00007FF7C8240000-0x00007FF7C8631000-memory.dmp	xmrig
behavioral2/memory/1736-476-0x00007FF7826A0000-0x00007FF782A91000-memory.dmp	xmrig
behavioral2/memory/544-467-0x00007FF789710000-0x00007FF789B01000-memory.dmp	xmrig
behavioral2/memory/2636-32-0x00007FF6D61D0000-0x00007FF6D65C1000-memory.dmp	xmrig
behavioral2/memory/3184-2008-0x00007FF619600000-0x00007FF6199F1000-memory.dmp	xmrig
behavioral2/memory/3624-2009-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp	xmrig
behavioral2/memory/3340-2010-0x00007FF7E6320000-0x00007FF7E6711000-memory.dmp	xmrig
behavioral2/memory/2280-2013-0x00007FF6EF340000-0x00007FF6EF731000-memory.dmp	xmrig
behavioral2/memory/3624-2044-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp	xmrig
behavioral2/memory/2636-2030-0x00007FF6D61D0000-0x00007FF6D65C1000-memory.dmp	xmrig
behavioral2/memory/3184-2052-0x00007FF619600000-0x00007FF6199F1000-memory.dmp	xmrig
behavioral2/memory/3340-2054-0x00007FF7E6320000-0x00007FF7E6711000-memory.dmp	xmrig
behavioral2/memory/3656-2080-0x00007FF77CF60000-0x00007FF77D351000-memory.dmp	xmrig
behavioral2/memory/2464-2096-0x00007FF642510000-0x00007FF642901000-memory.dmp	xmrig
behavioral2/memory/4744-2159-0x00007FF78CF70000-0x00007FF78D361000-memory.dmp	xmrig
behavioral2/memory/2392-2157-0x00007FF786600000-0x00007FF7869F1000-memory.dmp	xmrig
behavioral2/memory/1592-2137-0x00007FF76B2F0000-0x00007FF76B6E1000-memory.dmp	xmrig
behavioral2/memory/4464-2133-0x00007FF73EE90000-0x00007FF73F281000-memory.dmp	xmrig
behavioral2/memory/5044-2131-0x00007FF7C8240000-0x00007FF7C8631000-memory.dmp	xmrig
behavioral2/memory/4628-2135-0x00007FF76BD80000-0x00007FF76C171000-memory.dmp	xmrig
behavioral2/memory/3152-2116-0x00007FF70BE70000-0x00007FF70C261000-memory.dmp	xmrig
behavioral2/memory/1736-2099-0x00007FF7826A0000-0x00007FF782A91000-memory.dmp	xmrig
behavioral2/memory/1600-2114-0x00007FF788AB0000-0x00007FF788EA1000-memory.dmp	xmrig
behavioral2/memory/4216-2094-0x00007FF65E950000-0x00007FF65ED41000-memory.dmp	xmrig
behavioral2/memory/5068-2108-0x00007FF64E000000-0x00007FF64E3F1000-memory.dmp	xmrig
behavioral2/memory/2068-2082-0x00007FF6C3C70000-0x00007FF6C4061000-memory.dmp	xmrig
behavioral2/memory/2676-2077-0x00007FF70D550000-0x00007FF70D941000-memory.dmp	xmrig
behavioral2/memory/4380-2068-0x00007FF7429F0000-0x00007FF742DE1000-memory.dmp	xmrig
behavioral2/memory/3764-2062-0x00007FF6B3940000-0x00007FF6B3D31000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2280	hfvaJGr.exe
2636	cGkpaAF.exe
3184	xXYpJJN.exe
3624	HeKUlCv.exe
3340	jmyriEl.exe
4380	znSkljv.exe
3764	ooOblyg.exe
2676	GQJzjfQ.exe
4216	kBeWfkH.exe
3656	tBrfHcl.exe
2068	VZULCgk.exe
2464	CLnuPqr.exe
544	sCLcnqS.exe
1736	APNCxcl.exe
5068	syYxDYc.exe
3224	nGwkyfz.exe
1600	rcQMPHJ.exe
3152	wTwiiFr.exe
5044	tfUKhMJ.exe
4464	OKmSSyd.exe
4628	zyiIUZf.exe
1592	eOobaeX.exe
2392	vUOJlhk.exe
4744	TpQxOyQ.exe
1960	YDEMSrD.exe
3088	tsllXFq.exe
4908	ryNJajp.exe
1180	TVdGfDV.exe
440	PBcCFKM.exe
4632	wKSoaPZ.exe
4016	BWfoPFf.exe
4684	iYUMIIR.exe
1732	jMyEfsJ.exe
2240	FflZlUH.exe
4364	ZuYFaXj.exe
2168	PgCVwsH.exe
1540	IAkzLzc.exe
3832	mwfuyoM.exe
1488	PpUBQie.exe
2136	yVuWBvp.exe
4328	sIXaQGg.exe
3356	JDfcXcq.exe
4924	yUhZrNe.exe
4916	vPCDzpT.exe
4784	dZwAyKH.exe
2856	cIELBvG.exe
2504	EzvegmQ.exe
4696	iUXHtti.exe
388	gHrRBTi.exe
3352	sSoPWvD.exe
2344	hBlgfQn.exe
1936	NmTvhra.exe
4404	XunLJXE.exe
1288	eNmoaRl.exe
1560	hBanRFn.exe
3168	zftFBNt.exe
2208	tsEfBcq.exe
2876	TUDUTMQ.exe
2976	uzUZODd.exe
1972	dzCCRgT.exe
2860	jNZTBsh.exe
60	ybqXFqe.exe
3732	aQWsHMz.exe
2524	IdJhkFK.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3712-0-0x00007FF6689B0000-0x00007FF668DA1000-memory.dmp	upx
behavioral2/files/0x000900000002328e-5.dat	upx
behavioral2/files/0x0007000000023406-7.dat	upx
behavioral2/files/0x0008000000023405-12.dat	upx
behavioral2/files/0x0007000000023407-16.dat	upx
behavioral2/files/0x0007000000023409-29.dat	upx
behavioral2/memory/3624-28-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp	upx
behavioral2/files/0x0007000000023408-33.dat	upx
behavioral2/files/0x000700000002340a-41.dat	upx
behavioral2/files/0x000700000002340c-50.dat	upx
behavioral2/files/0x0007000000023410-70.dat	upx
behavioral2/files/0x0007000000023414-93.dat	upx
behavioral2/files/0x000700000002341a-120.dat	upx
behavioral2/files/0x000700000002341c-133.dat	upx
behavioral2/files/0x0007000000023423-164.dat	upx
behavioral2/memory/4380-434-0x00007FF7429F0000-0x00007FF742DE1000-memory.dmp	upx
behavioral2/memory/2676-442-0x00007FF70D550000-0x00007FF70D941000-memory.dmp	upx
behavioral2/memory/3340-427-0x00007FF7E6320000-0x00007FF7E6711000-memory.dmp	upx
behavioral2/memory/4216-447-0x00007FF65E950000-0x00007FF65ED41000-memory.dmp	upx
behavioral2/memory/3656-450-0x00007FF77CF60000-0x00007FF77D351000-memory.dmp	upx
behavioral2/memory/2068-457-0x00007FF6C3C70000-0x00007FF6C4061000-memory.dmp	upx
behavioral2/memory/2464-464-0x00007FF642510000-0x00007FF642901000-memory.dmp	upx
behavioral2/memory/5068-490-0x00007FF64E000000-0x00007FF64E3F1000-memory.dmp	upx
behavioral2/memory/3224-499-0x00007FF6B9180000-0x00007FF6B9571000-memory.dmp	upx
behavioral2/memory/1600-501-0x00007FF788AB0000-0x00007FF788EA1000-memory.dmp	upx
behavioral2/memory/3152-509-0x00007FF70BE70000-0x00007FF70C261000-memory.dmp	upx
behavioral2/memory/2392-537-0x00007FF786600000-0x00007FF7869F1000-memory.dmp	upx
behavioral2/memory/3764-544-0x00007FF6B3940000-0x00007FF6B3D31000-memory.dmp	upx
behavioral2/memory/4744-542-0x00007FF78CF70000-0x00007FF78D361000-memory.dmp	upx
behavioral2/memory/1592-536-0x00007FF76B2F0000-0x00007FF76B6E1000-memory.dmp	upx
behavioral2/memory/4628-530-0x00007FF76BD80000-0x00007FF76C171000-memory.dmp	upx
behavioral2/memory/4464-518-0x00007FF73EE90000-0x00007FF73F281000-memory.dmp	upx
behavioral2/memory/5044-516-0x00007FF7C8240000-0x00007FF7C8631000-memory.dmp	upx
behavioral2/memory/1736-476-0x00007FF7826A0000-0x00007FF782A91000-memory.dmp	upx
behavioral2/memory/544-467-0x00007FF789710000-0x00007FF789B01000-memory.dmp	upx
behavioral2/files/0x0007000000023424-166.dat	upx
behavioral2/files/0x0007000000023422-160.dat	upx
behavioral2/files/0x0007000000023421-155.dat	upx
behavioral2/files/0x0007000000023420-150.dat	upx
behavioral2/files/0x000700000002341f-148.dat	upx
behavioral2/files/0x000700000002341e-140.dat	upx
behavioral2/files/0x000700000002341d-135.dat	upx
behavioral2/files/0x000700000002341b-128.dat	upx
behavioral2/files/0x0007000000023419-118.dat	upx
behavioral2/files/0x0007000000023418-113.dat	upx
behavioral2/files/0x0007000000023417-108.dat	upx
behavioral2/files/0x0007000000023416-100.dat	upx
behavioral2/files/0x0007000000023415-98.dat	upx
behavioral2/files/0x0007000000023413-88.dat	upx
behavioral2/files/0x0007000000023412-83.dat	upx
behavioral2/files/0x0007000000023411-78.dat	upx
behavioral2/files/0x000700000002340f-68.dat	upx
behavioral2/files/0x000700000002340e-60.dat	upx
behavioral2/files/0x000700000002340d-58.dat	upx
behavioral2/files/0x000700000002340b-48.dat	upx
behavioral2/memory/2636-32-0x00007FF6D61D0000-0x00007FF6D65C1000-memory.dmp	upx
behavioral2/memory/3184-22-0x00007FF619600000-0x00007FF6199F1000-memory.dmp	upx
behavioral2/memory/2280-14-0x00007FF6EF340000-0x00007FF6EF731000-memory.dmp	upx
behavioral2/memory/3184-2008-0x00007FF619600000-0x00007FF6199F1000-memory.dmp	upx
behavioral2/memory/3624-2009-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp	upx
behavioral2/memory/3340-2010-0x00007FF7E6320000-0x00007FF7E6711000-memory.dmp	upx
behavioral2/memory/2280-2013-0x00007FF6EF340000-0x00007FF6EF731000-memory.dmp	upx
behavioral2/memory/3624-2044-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp	upx
behavioral2/memory/2636-2030-0x00007FF6D61D0000-0x00007FF6D65C1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\AWnQGbR.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\gbnNqty.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\KPGCHxM.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\SxpDOpZ.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\RVNLLih.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\LCpqDmp.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\fsHDBKu.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\VZULCgk.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\eOobaeX.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\TpQxOyQ.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\ZjJaFZC.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\xTuXfHY.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\dSzXNxM.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\wTwiiFr.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\oDUDhSO.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\VuZdsCn.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\tHgWVbB.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\yUhZrNe.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\jjbdvtS.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\MdTmhki.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\iToFanD.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\jHJNhPO.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\MKRkbvA.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\jwJahGh.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\ZOHsXdr.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\HMbwSaq.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\cBQZPVl.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\yVuWBvp.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\JuKxAeJ.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\QUfNbEO.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\HuQqzbR.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\tfUKhMJ.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\IAkzLzc.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\ZVVAtlQ.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\oiJNqmK.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\BktITbw.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\YdDwsXn.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\BRxGFpa.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\FqxXjlf.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\HeKUlCv.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\vQZBXEE.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\VCnbhik.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\CKlTLEU.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\KOiNLYV.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\krsgDZG.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\dzCCRgT.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\oZpKVxx.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\QvaxOQg.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\GrmfmTM.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\oqGgIdO.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\qBlISBn.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\VJPwIIa.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\jmqkXNN.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\jCMgNta.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\EzvegmQ.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\gBknWqy.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\zWhGhaZ.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\TwmfxIM.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\DhaUsRa.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\nZBLAUw.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\JJBHEol.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\egFNyXU.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\maFBSTP.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
File created	C:\Windows\System32\ezNOifY.exe	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13260	dwm.exe
Token: SeChangeNotifyPrivilege	13260	dwm.exe
Token: 33	13260	dwm.exe
Token: SeIncBasePriorityPrivilege	13260	dwm.exe
Token: SeShutdownPrivilege	13260	dwm.exe
Token: SeCreatePagefilePrivilege	13260	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 2280	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	83
PID 3712 wrote to memory of 2280	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	83
PID 3712 wrote to memory of 2636	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	84
PID 3712 wrote to memory of 2636	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	84
PID 3712 wrote to memory of 3184	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	85
PID 3712 wrote to memory of 3184	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	85
PID 3712 wrote to memory of 3624	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	86
PID 3712 wrote to memory of 3624	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	86
PID 3712 wrote to memory of 3340	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	87
PID 3712 wrote to memory of 3340	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	87
PID 3712 wrote to memory of 4380	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	88
PID 3712 wrote to memory of 4380	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	88
PID 3712 wrote to memory of 3764	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	89
PID 3712 wrote to memory of 3764	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	89
PID 3712 wrote to memory of 2676	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	90
PID 3712 wrote to memory of 2676	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	90
PID 3712 wrote to memory of 4216	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	91
PID 3712 wrote to memory of 4216	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	91
PID 3712 wrote to memory of 3656	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	92
PID 3712 wrote to memory of 3656	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	92
PID 3712 wrote to memory of 2068	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	93
PID 3712 wrote to memory of 2068	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	93
PID 3712 wrote to memory of 2464	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	94
PID 3712 wrote to memory of 2464	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	94
PID 3712 wrote to memory of 544	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	95
PID 3712 wrote to memory of 544	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	95
PID 3712 wrote to memory of 1736	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	96
PID 3712 wrote to memory of 1736	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	96
PID 3712 wrote to memory of 5068	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	97
PID 3712 wrote to memory of 5068	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	97
PID 3712 wrote to memory of 3224	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	98
PID 3712 wrote to memory of 3224	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	98
PID 3712 wrote to memory of 1600	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	99
PID 3712 wrote to memory of 1600	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	99
PID 3712 wrote to memory of 3152	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	100
PID 3712 wrote to memory of 3152	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	100
PID 3712 wrote to memory of 5044	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	101
PID 3712 wrote to memory of 5044	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	101
PID 3712 wrote to memory of 4464	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	102
PID 3712 wrote to memory of 4464	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	102
PID 3712 wrote to memory of 4628	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	103
PID 3712 wrote to memory of 4628	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	103
PID 3712 wrote to memory of 1592	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	104
PID 3712 wrote to memory of 1592	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	104
PID 3712 wrote to memory of 2392	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	105
PID 3712 wrote to memory of 2392	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	105
PID 3712 wrote to memory of 4744	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	106
PID 3712 wrote to memory of 4744	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	106
PID 3712 wrote to memory of 1960	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	107
PID 3712 wrote to memory of 1960	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	107
PID 3712 wrote to memory of 3088	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	108
PID 3712 wrote to memory of 3088	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	108
PID 3712 wrote to memory of 4908	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	109
PID 3712 wrote to memory of 4908	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	109
PID 3712 wrote to memory of 1180	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	110
PID 3712 wrote to memory of 1180	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	110
PID 3712 wrote to memory of 440	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	111
PID 3712 wrote to memory of 440	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	111
PID 3712 wrote to memory of 4632	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	112
PID 3712 wrote to memory of 4632	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	112
PID 3712 wrote to memory of 4016	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	113
PID 3712 wrote to memory of 4016	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	113
PID 3712 wrote to memory of 4684	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	114
PID 3712 wrote to memory of 4684	3712	057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe	114

C:\Users\Admin\AppData\Local\Temp\057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe
"C:\Users\Admin\AppData\Local\Temp\057279d9eb0e300512fbdb0a0f608812c2b2905abe0ca24edd8cc06b53ea6013.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Windows\System32\hfvaJGr.exe
  C:\Windows\System32\hfvaJGr.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System32\cGkpaAF.exe
  C:\Windows\System32\cGkpaAF.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System32\xXYpJJN.exe
  C:\Windows\System32\xXYpJJN.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System32\HeKUlCv.exe
  C:\Windows\System32\HeKUlCv.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System32\jmyriEl.exe
  C:\Windows\System32\jmyriEl.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System32\znSkljv.exe
  C:\Windows\System32\znSkljv.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System32\ooOblyg.exe
  C:\Windows\System32\ooOblyg.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System32\GQJzjfQ.exe
  C:\Windows\System32\GQJzjfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System32\kBeWfkH.exe
  C:\Windows\System32\kBeWfkH.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System32\tBrfHcl.exe
  C:\Windows\System32\tBrfHcl.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System32\VZULCgk.exe
  C:\Windows\System32\VZULCgk.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System32\CLnuPqr.exe
  C:\Windows\System32\CLnuPqr.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System32\sCLcnqS.exe
  C:\Windows\System32\sCLcnqS.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System32\APNCxcl.exe
  C:\Windows\System32\APNCxcl.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System32\syYxDYc.exe
  C:\Windows\System32\syYxDYc.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System32\nGwkyfz.exe
  C:\Windows\System32\nGwkyfz.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System32\rcQMPHJ.exe
  C:\Windows\System32\rcQMPHJ.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System32\wTwiiFr.exe
  C:\Windows\System32\wTwiiFr.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System32\tfUKhMJ.exe
  C:\Windows\System32\tfUKhMJ.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System32\OKmSSyd.exe
  C:\Windows\System32\OKmSSyd.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System32\zyiIUZf.exe
  C:\Windows\System32\zyiIUZf.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System32\eOobaeX.exe
  C:\Windows\System32\eOobaeX.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System32\vUOJlhk.exe
  C:\Windows\System32\vUOJlhk.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System32\TpQxOyQ.exe
  C:\Windows\System32\TpQxOyQ.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System32\YDEMSrD.exe
  C:\Windows\System32\YDEMSrD.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System32\tsllXFq.exe
  C:\Windows\System32\tsllXFq.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System32\ryNJajp.exe
  C:\Windows\System32\ryNJajp.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System32\TVdGfDV.exe
  C:\Windows\System32\TVdGfDV.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System32\PBcCFKM.exe
  C:\Windows\System32\PBcCFKM.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System32\wKSoaPZ.exe
  C:\Windows\System32\wKSoaPZ.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System32\BWfoPFf.exe
  C:\Windows\System32\BWfoPFf.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System32\iYUMIIR.exe
  C:\Windows\System32\iYUMIIR.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System32\jMyEfsJ.exe
  C:\Windows\System32\jMyEfsJ.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System32\FflZlUH.exe
  C:\Windows\System32\FflZlUH.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System32\ZuYFaXj.exe
  C:\Windows\System32\ZuYFaXj.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System32\PgCVwsH.exe
  C:\Windows\System32\PgCVwsH.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System32\IAkzLzc.exe
  C:\Windows\System32\IAkzLzc.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System32\mwfuyoM.exe
  C:\Windows\System32\mwfuyoM.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System32\PpUBQie.exe
  C:\Windows\System32\PpUBQie.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System32\yVuWBvp.exe
  C:\Windows\System32\yVuWBvp.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System32\sIXaQGg.exe
  C:\Windows\System32\sIXaQGg.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System32\JDfcXcq.exe
  C:\Windows\System32\JDfcXcq.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System32\yUhZrNe.exe
  C:\Windows\System32\yUhZrNe.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System32\vPCDzpT.exe
  C:\Windows\System32\vPCDzpT.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System32\dZwAyKH.exe
  C:\Windows\System32\dZwAyKH.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System32\cIELBvG.exe
  C:\Windows\System32\cIELBvG.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System32\EzvegmQ.exe
  C:\Windows\System32\EzvegmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System32\iUXHtti.exe
  C:\Windows\System32\iUXHtti.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System32\gHrRBTi.exe
  C:\Windows\System32\gHrRBTi.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System32\sSoPWvD.exe
  C:\Windows\System32\sSoPWvD.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System32\hBlgfQn.exe
  C:\Windows\System32\hBlgfQn.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System32\NmTvhra.exe
  C:\Windows\System32\NmTvhra.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System32\XunLJXE.exe
  C:\Windows\System32\XunLJXE.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System32\eNmoaRl.exe
  C:\Windows\System32\eNmoaRl.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System32\hBanRFn.exe
  C:\Windows\System32\hBanRFn.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System32\zftFBNt.exe
  C:\Windows\System32\zftFBNt.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System32\tsEfBcq.exe
  C:\Windows\System32\tsEfBcq.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System32\TUDUTMQ.exe
  C:\Windows\System32\TUDUTMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System32\uzUZODd.exe
  C:\Windows\System32\uzUZODd.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System32\dzCCRgT.exe
  C:\Windows\System32\dzCCRgT.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System32\jNZTBsh.exe
  C:\Windows\System32\jNZTBsh.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System32\ybqXFqe.exe
  C:\Windows\System32\ybqXFqe.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System32\aQWsHMz.exe
  C:\Windows\System32\aQWsHMz.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System32\IdJhkFK.exe
  C:\Windows\System32\IdJhkFK.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System32\verWmaO.exe
  C:\Windows\System32\verWmaO.exe
  2⤵
  PID:3844
- C:\Windows\System32\WJCtWcD.exe
  C:\Windows\System32\WJCtWcD.exe
  2⤵
  PID:2172
- C:\Windows\System32\ZVVAtlQ.exe
  C:\Windows\System32\ZVVAtlQ.exe
  2⤵
  PID:2368
- C:\Windows\System32\EOMxeDf.exe
  C:\Windows\System32\EOMxeDf.exe
  2⤵
  PID:4256
- C:\Windows\System32\oZpKVxx.exe
  C:\Windows\System32\oZpKVxx.exe
  2⤵
  PID:3748
- C:\Windows\System32\eZfzHyS.exe
  C:\Windows\System32\eZfzHyS.exe
  2⤵
  PID:768
- C:\Windows\System32\DZccbts.exe
  C:\Windows\System32\DZccbts.exe
  2⤵
  PID:3544
- C:\Windows\System32\ZLFmAyE.exe
  C:\Windows\System32\ZLFmAyE.exe
  2⤵
  PID:456
- C:\Windows\System32\TpLCWSW.exe
  C:\Windows\System32\TpLCWSW.exe
  2⤵
  PID:2720
- C:\Windows\System32\ppVOref.exe
  C:\Windows\System32\ppVOref.exe
  2⤵
  PID:2512
- C:\Windows\System32\XqFOJyq.exe
  C:\Windows\System32\XqFOJyq.exe
  2⤵
  PID:2688
- C:\Windows\System32\oiJNqmK.exe
  C:\Windows\System32\oiJNqmK.exe
  2⤵
  PID:4124
- C:\Windows\System32\SbyPgto.exe
  C:\Windows\System32\SbyPgto.exe
  2⤵
  PID:604
- C:\Windows\System32\KxKwpaU.exe
  C:\Windows\System32\KxKwpaU.exe
  2⤵
  PID:4292
- C:\Windows\System32\SdhkaOC.exe
  C:\Windows\System32\SdhkaOC.exe
  2⤵
  PID:1696
- C:\Windows\System32\KOiNLYV.exe
  C:\Windows\System32\KOiNLYV.exe
  2⤵
  PID:1020
- C:\Windows\System32\YTushlW.exe
  C:\Windows\System32\YTushlW.exe
  2⤵
  PID:1552
- C:\Windows\System32\jHjhOnt.exe
  C:\Windows\System32\jHjhOnt.exe
  2⤵
  PID:2232
- C:\Windows\System32\gBknWqy.exe
  C:\Windows\System32\gBknWqy.exe
  2⤵
  PID:516
- C:\Windows\System32\odIFnmY.exe
  C:\Windows\System32\odIFnmY.exe
  2⤵
  PID:3148
- C:\Windows\System32\YoSHGHq.exe
  C:\Windows\System32\YoSHGHq.exe
  2⤵
  PID:3616
- C:\Windows\System32\zNYVJKw.exe
  C:\Windows\System32\zNYVJKw.exe
  2⤵
  PID:972
- C:\Windows\System32\euwitpj.exe
  C:\Windows\System32\euwitpj.exe
  2⤵
  PID:4960
- C:\Windows\System32\nNtMGbF.exe
  C:\Windows\System32\nNtMGbF.exe
  2⤵
  PID:3612
- C:\Windows\System32\nowhLvt.exe
  C:\Windows\System32\nowhLvt.exe
  2⤵
  PID:4608
- C:\Windows\System32\MqdVMVd.exe
  C:\Windows\System32\MqdVMVd.exe
  2⤵
  PID:1216
- C:\Windows\System32\LFtOhIc.exe
  C:\Windows\System32\LFtOhIc.exe
  2⤵
  PID:2964
- C:\Windows\System32\BVjmcdv.exe
  C:\Windows\System32\BVjmcdv.exe
  2⤵
  PID:4524
- C:\Windows\System32\CXoRRbe.exe
  C:\Windows\System32\CXoRRbe.exe
  2⤵
  PID:4208
- C:\Windows\System32\SafEzAK.exe
  C:\Windows\System32\SafEzAK.exe
  2⤵
  PID:5140
- C:\Windows\System32\hiuyHwH.exe
  C:\Windows\System32\hiuyHwH.exe
  2⤵
  PID:5168
- C:\Windows\System32\lQqzpVd.exe
  C:\Windows\System32\lQqzpVd.exe
  2⤵
  PID:5192
- C:\Windows\System32\hmleIEU.exe
  C:\Windows\System32\hmleIEU.exe
  2⤵
  PID:5224
- C:\Windows\System32\LqDfqpD.exe
  C:\Windows\System32\LqDfqpD.exe
  2⤵
  PID:5252
- C:\Windows\System32\FBquzDk.exe
  C:\Windows\System32\FBquzDk.exe
  2⤵
  PID:5280
- C:\Windows\System32\TUbbpNU.exe
  C:\Windows\System32\TUbbpNU.exe
  2⤵
  PID:5304
- C:\Windows\System32\PtWClLQ.exe
  C:\Windows\System32\PtWClLQ.exe
  2⤵
  PID:5336
- C:\Windows\System32\ndYDNPo.exe
  C:\Windows\System32\ndYDNPo.exe
  2⤵
  PID:5364
- C:\Windows\System32\QTwltOd.exe
  C:\Windows\System32\QTwltOd.exe
  2⤵
  PID:5392
- C:\Windows\System32\OgCfbks.exe
  C:\Windows\System32\OgCfbks.exe
  2⤵
  PID:5428
- C:\Windows\System32\pJxOtmy.exe
  C:\Windows\System32\pJxOtmy.exe
  2⤵
  PID:5448
- C:\Windows\System32\DlcLWJP.exe
  C:\Windows\System32\DlcLWJP.exe
  2⤵
  PID:5476
- C:\Windows\System32\aLdhZiQ.exe
  C:\Windows\System32\aLdhZiQ.exe
  2⤵
  PID:5504
- C:\Windows\System32\mDyhQOt.exe
  C:\Windows\System32\mDyhQOt.exe
  2⤵
  PID:5532
- C:\Windows\System32\nFfBsqP.exe
  C:\Windows\System32\nFfBsqP.exe
  2⤵
  PID:5560
- C:\Windows\System32\TjLFijU.exe
  C:\Windows\System32\TjLFijU.exe
  2⤵
  PID:5588
- C:\Windows\System32\NtHPvAH.exe
  C:\Windows\System32\NtHPvAH.exe
  2⤵
  PID:5616
- C:\Windows\System32\zSXMpAY.exe
  C:\Windows\System32\zSXMpAY.exe
  2⤵
  PID:5644
- C:\Windows\System32\cdlCnUT.exe
  C:\Windows\System32\cdlCnUT.exe
  2⤵
  PID:5668
- C:\Windows\System32\MSkFnOb.exe
  C:\Windows\System32\MSkFnOb.exe
  2⤵
  PID:5696
- C:\Windows\System32\ASGfqjt.exe
  C:\Windows\System32\ASGfqjt.exe
  2⤵
  PID:5724
- C:\Windows\System32\iUBrSfN.exe
  C:\Windows\System32\iUBrSfN.exe
  2⤵
  PID:5776
- C:\Windows\System32\TLSyugH.exe
  C:\Windows\System32\TLSyugH.exe
  2⤵
  PID:5792
- C:\Windows\System32\yWlQKha.exe
  C:\Windows\System32\yWlQKha.exe
  2⤵
  PID:5812
- C:\Windows\System32\BktITbw.exe
  C:\Windows\System32\BktITbw.exe
  2⤵
  PID:5828
- C:\Windows\System32\joeyaLj.exe
  C:\Windows\System32\joeyaLj.exe
  2⤵
  PID:5844
- C:\Windows\System32\RWOgEVv.exe
  C:\Windows\System32\RWOgEVv.exe
  2⤵
  PID:5860
- C:\Windows\System32\PAuQCfH.exe
  C:\Windows\System32\PAuQCfH.exe
  2⤵
  PID:5884
- C:\Windows\System32\cUuOMir.exe
  C:\Windows\System32\cUuOMir.exe
  2⤵
  PID:5912
- C:\Windows\System32\QYyhgHw.exe
  C:\Windows\System32\QYyhgHw.exe
  2⤵
  PID:5928
- C:\Windows\System32\jmqkXNN.exe
  C:\Windows\System32\jmqkXNN.exe
  2⤵
  PID:5988
- C:\Windows\System32\ZjJaFZC.exe
  C:\Windows\System32\ZjJaFZC.exe
  2⤵
  PID:6016
- C:\Windows\System32\eLtYDHE.exe
  C:\Windows\System32\eLtYDHE.exe
  2⤵
  PID:6036
- C:\Windows\System32\dXGdzxW.exe
  C:\Windows\System32\dXGdzxW.exe
  2⤵
  PID:6060
- C:\Windows\System32\MmpICOD.exe
  C:\Windows\System32\MmpICOD.exe
  2⤵
  PID:6088
- C:\Windows\System32\ZQRxIyB.exe
  C:\Windows\System32\ZQRxIyB.exe
  2⤵
  PID:6112
- C:\Windows\System32\NfTkjZy.exe
  C:\Windows\System32\NfTkjZy.exe
  2⤵
  PID:6128
- C:\Windows\System32\kYFcAQA.exe
  C:\Windows\System32\kYFcAQA.exe
  2⤵
  PID:2096
- C:\Windows\System32\FcetykB.exe
  C:\Windows\System32\FcetykB.exe
  2⤵
  PID:4500
- C:\Windows\System32\axDlKsD.exe
  C:\Windows\System32\axDlKsD.exe
  2⤵
  PID:5180
- C:\Windows\System32\xMlrijC.exe
  C:\Windows\System32\xMlrijC.exe
  2⤵
  PID:3944
- C:\Windows\System32\QvaxOQg.exe
  C:\Windows\System32\QvaxOQg.exe
  2⤵
  PID:5232
- C:\Windows\System32\dKfNNXL.exe
  C:\Windows\System32\dKfNNXL.exe
  2⤵
  PID:5260
- C:\Windows\System32\yNBlhtH.exe
  C:\Windows\System32\yNBlhtH.exe
  2⤵
  PID:5356
- C:\Windows\System32\QnsOumA.exe
  C:\Windows\System32\QnsOumA.exe
  2⤵
  PID:5412
- C:\Windows\System32\dnLzKqL.exe
  C:\Windows\System32\dnLzKqL.exe
  2⤵
  PID:5404
- C:\Windows\System32\YHBOTSN.exe
  C:\Windows\System32\YHBOTSN.exe
  2⤵
  PID:5444
- C:\Windows\System32\TJSipxg.exe
  C:\Windows\System32\TJSipxg.exe
  2⤵
  PID:5488
- C:\Windows\System32\HjJKpIW.exe
  C:\Windows\System32\HjJKpIW.exe
  2⤵
  PID:5512
- C:\Windows\System32\xvleTeO.exe
  C:\Windows\System32\xvleTeO.exe
  2⤵
  PID:3256
- C:\Windows\System32\HEbafSr.exe
  C:\Windows\System32\HEbafSr.exe
  2⤵
  PID:4748
- C:\Windows\System32\CHjeoWu.exe
  C:\Windows\System32\CHjeoWu.exe
  2⤵
  PID:2980
- C:\Windows\System32\XCiluny.exe
  C:\Windows\System32\XCiluny.exe
  2⤵
  PID:4544
- C:\Windows\System32\QduuXuA.exe
  C:\Windows\System32\QduuXuA.exe
  2⤵
  PID:4836
- C:\Windows\System32\qjHCZyo.exe
  C:\Windows\System32\qjHCZyo.exe
  2⤵
  PID:5784
- C:\Windows\System32\mtnHUdO.exe
  C:\Windows\System32\mtnHUdO.exe
  2⤵
  PID:5836
- C:\Windows\System32\HidOKxb.exe
  C:\Windows\System32\HidOKxb.exe
  2⤵
  PID:5840
- C:\Windows\System32\juTrViM.exe
  C:\Windows\System32\juTrViM.exe
  2⤵
  PID:5996
- C:\Windows\System32\UXcZgOU.exe
  C:\Windows\System32\UXcZgOU.exe
  2⤵
  PID:5964
- C:\Windows\System32\WUXduHm.exe
  C:\Windows\System32\WUXduHm.exe
  2⤵
  PID:6028
- C:\Windows\System32\LItnmGe.exe
  C:\Windows\System32\LItnmGe.exe
  2⤵
  PID:6124
- C:\Windows\System32\BMswhKW.exe
  C:\Windows\System32\BMswhKW.exe
  2⤵
  PID:5272
- C:\Windows\System32\JkNwUSA.exe
  C:\Windows\System32\JkNwUSA.exe
  2⤵
  PID:4064
- C:\Windows\System32\uXbBBEd.exe
  C:\Windows\System32\uXbBBEd.exe
  2⤵
  PID:5376
- C:\Windows\System32\AkVszWM.exe
  C:\Windows\System32\AkVszWM.exe
  2⤵
  PID:2492
- C:\Windows\System32\YlZUHsV.exe
  C:\Windows\System32\YlZUHsV.exe
  2⤵
  PID:5292
- C:\Windows\System32\ZiTlxcJ.exe
  C:\Windows\System32\ZiTlxcJ.exe
  2⤵
  PID:4352
- C:\Windows\System32\ypnqlYq.exe
  C:\Windows\System32\ypnqlYq.exe
  2⤵
  PID:4636
- C:\Windows\System32\delEKYf.exe
  C:\Windows\System32\delEKYf.exe
  2⤵
  PID:5972
- C:\Windows\System32\yFYErqF.exe
  C:\Windows\System32\yFYErqF.exe
  2⤵
  PID:372
- C:\Windows\System32\elCnRZb.exe
  C:\Windows\System32\elCnRZb.exe
  2⤵
  PID:5460
- C:\Windows\System32\nUDmrZy.exe
  C:\Windows\System32\nUDmrZy.exe
  2⤵
  PID:1532
- C:\Windows\System32\eiCXyeJ.exe
  C:\Windows\System32\eiCXyeJ.exe
  2⤵
  PID:6004
- C:\Windows\System32\hIoADyh.exe
  C:\Windows\System32\hIoADyh.exe
  2⤵
  PID:5484
- C:\Windows\System32\IPDoKZS.exe
  C:\Windows\System32\IPDoKZS.exe
  2⤵
  PID:5868
- C:\Windows\System32\xTuXfHY.exe
  C:\Windows\System32\xTuXfHY.exe
  2⤵
  PID:5676
- C:\Windows\System32\ihGNdhR.exe
  C:\Windows\System32\ihGNdhR.exe
  2⤵
  PID:1688
- C:\Windows\System32\PhFGaUN.exe
  C:\Windows\System32\PhFGaUN.exe
  2⤵
  PID:5544
- C:\Windows\System32\lpwyYku.exe
  C:\Windows\System32\lpwyYku.exe
  2⤵
  PID:5608
- C:\Windows\System32\xMlqwzO.exe
  C:\Windows\System32\xMlqwzO.exe
  2⤵
  PID:1716
- C:\Windows\System32\ICLaSpk.exe
  C:\Windows\System32\ICLaSpk.exe
  2⤵
  PID:6172
- C:\Windows\System32\IkgJwdQ.exe
  C:\Windows\System32\IkgJwdQ.exe
  2⤵
  PID:6200
- C:\Windows\System32\WlaSNxV.exe
  C:\Windows\System32\WlaSNxV.exe
  2⤵
  PID:6228
- C:\Windows\System32\rBBAOyV.exe
  C:\Windows\System32\rBBAOyV.exe
  2⤵
  PID:6268
- C:\Windows\System32\IXEnugn.exe
  C:\Windows\System32\IXEnugn.exe
  2⤵
  PID:6300
- C:\Windows\System32\WAylSae.exe
  C:\Windows\System32\WAylSae.exe
  2⤵
  PID:6316
- C:\Windows\System32\mPZxkac.exe
  C:\Windows\System32\mPZxkac.exe
  2⤵
  PID:6360
- C:\Windows\System32\wJQKZIB.exe
  C:\Windows\System32\wJQKZIB.exe
  2⤵
  PID:6380
- C:\Windows\System32\fEXvyVT.exe
  C:\Windows\System32\fEXvyVT.exe
  2⤵
  PID:6408
- C:\Windows\System32\rItfmag.exe
  C:\Windows\System32\rItfmag.exe
  2⤵
  PID:6436
- C:\Windows\System32\ouTDvyI.exe
  C:\Windows\System32\ouTDvyI.exe
  2⤵
  PID:6464
- C:\Windows\System32\sfXdcbM.exe
  C:\Windows\System32\sfXdcbM.exe
  2⤵
  PID:6480
- C:\Windows\System32\WZNbMHp.exe
  C:\Windows\System32\WZNbMHp.exe
  2⤵
  PID:6496
- C:\Windows\System32\gLBajXq.exe
  C:\Windows\System32\gLBajXq.exe
  2⤵
  PID:6516
- C:\Windows\System32\aLrtONT.exe
  C:\Windows\System32\aLrtONT.exe
  2⤵
  PID:6536
- C:\Windows\System32\TdKHcHD.exe
  C:\Windows\System32\TdKHcHD.exe
  2⤵
  PID:6556
- C:\Windows\System32\MIoHLVd.exe
  C:\Windows\System32\MIoHLVd.exe
  2⤵
  PID:6584
- C:\Windows\System32\WZblYKt.exe
  C:\Windows\System32\WZblYKt.exe
  2⤵
  PID:6628
- C:\Windows\System32\XIvpzWM.exe
  C:\Windows\System32\XIvpzWM.exe
  2⤵
  PID:6644
- C:\Windows\System32\zWhGhaZ.exe
  C:\Windows\System32\zWhGhaZ.exe
  2⤵
  PID:6664
- C:\Windows\System32\JtnoXMz.exe
  C:\Windows\System32\JtnoXMz.exe
  2⤵
  PID:6684
- C:\Windows\System32\uUkiOwu.exe
  C:\Windows\System32\uUkiOwu.exe
  2⤵
  PID:6700
- C:\Windows\System32\zKYCyxb.exe
  C:\Windows\System32\zKYCyxb.exe
  2⤵
  PID:6748
- C:\Windows\System32\JuKxAeJ.exe
  C:\Windows\System32\JuKxAeJ.exe
  2⤵
  PID:6784
- C:\Windows\System32\EYxldtI.exe
  C:\Windows\System32\EYxldtI.exe
  2⤵
  PID:6844
- C:\Windows\System32\waAkPmD.exe
  C:\Windows\System32\waAkPmD.exe
  2⤵
  PID:6868
- C:\Windows\System32\JJBHEol.exe
  C:\Windows\System32\JJBHEol.exe
  2⤵
  PID:6892
- C:\Windows\System32\uBZlVjb.exe
  C:\Windows\System32\uBZlVjb.exe
  2⤵
  PID:6908
- C:\Windows\System32\rvbKJDU.exe
  C:\Windows\System32\rvbKJDU.exe
  2⤵
  PID:6952
- C:\Windows\System32\fJnXVRl.exe
  C:\Windows\System32\fJnXVRl.exe
  2⤵
  PID:6980
- C:\Windows\System32\anuGwZq.exe
  C:\Windows\System32\anuGwZq.exe
  2⤵
  PID:7024
- C:\Windows\System32\dnCuEjW.exe
  C:\Windows\System32\dnCuEjW.exe
  2⤵
  PID:7072
- C:\Windows\System32\VexWgJL.exe
  C:\Windows\System32\VexWgJL.exe
  2⤵
  PID:7104
- C:\Windows\System32\YbJAxKm.exe
  C:\Windows\System32\YbJAxKm.exe
  2⤵
  PID:7132
- C:\Windows\System32\oDUDhSO.exe
  C:\Windows\System32\oDUDhSO.exe
  2⤵
  PID:6164
- C:\Windows\System32\KWpvwIu.exe
  C:\Windows\System32\KWpvwIu.exe
  2⤵
  PID:5940
- C:\Windows\System32\SyJfnQR.exe
  C:\Windows\System32\SyJfnQR.exe
  2⤵
  PID:6188
- C:\Windows\System32\HkKBotu.exe
  C:\Windows\System32\HkKBotu.exe
  2⤵
  PID:6256
- C:\Windows\System32\nlBhbzR.exe
  C:\Windows\System32\nlBhbzR.exe
  2⤵
  PID:6340
- C:\Windows\System32\zXEnUgB.exe
  C:\Windows\System32\zXEnUgB.exe
  2⤵
  PID:6344
- C:\Windows\System32\WfhILlc.exe
  C:\Windows\System32\WfhILlc.exe
  2⤵
  PID:6416
- C:\Windows\System32\kaLWpWb.exe
  C:\Windows\System32\kaLWpWb.exe
  2⤵
  PID:3272
- C:\Windows\System32\nYbfdZM.exe
  C:\Windows\System32\nYbfdZM.exe
  2⤵
  PID:6528
- C:\Windows\System32\xqWivLP.exe
  C:\Windows\System32\xqWivLP.exe
  2⤵
  PID:6600
- C:\Windows\System32\DCPQiWz.exe
  C:\Windows\System32\DCPQiWz.exe
  2⤵
  PID:6660
- C:\Windows\System32\DLYAvML.exe
  C:\Windows\System32\DLYAvML.exe
  2⤵
  PID:6696
- C:\Windows\System32\MJTYxGU.exe
  C:\Windows\System32\MJTYxGU.exe
  2⤵
  PID:6720
- C:\Windows\System32\YOKqXMs.exe
  C:\Windows\System32\YOKqXMs.exe
  2⤵
  PID:6792
- C:\Windows\System32\tbQwPgr.exe
  C:\Windows\System32\tbQwPgr.exe
  2⤵
  PID:6772
- C:\Windows\System32\vQZBXEE.exe
  C:\Windows\System32\vQZBXEE.exe
  2⤵
  PID:6936
- C:\Windows\System32\nPFEyIH.exe
  C:\Windows\System32\nPFEyIH.exe
  2⤵
  PID:7056
- C:\Windows\System32\cLYBTVP.exe
  C:\Windows\System32\cLYBTVP.exe
  2⤵
  PID:1496
- C:\Windows\System32\CgtXzwC.exe
  C:\Windows\System32\CgtXzwC.exe
  2⤵
  PID:7156
- C:\Windows\System32\DLTnNyw.exe
  C:\Windows\System32\DLTnNyw.exe
  2⤵
  PID:6244
- C:\Windows\System32\WlGjbUJ.exe
  C:\Windows\System32\WlGjbUJ.exe
  2⤵
  PID:6264
- C:\Windows\System32\JEaPynU.exe
  C:\Windows\System32\JEaPynU.exe
  2⤵
  PID:6388
- C:\Windows\System32\fPohneb.exe
  C:\Windows\System32\fPohneb.exe
  2⤵
  PID:6552
- C:\Windows\System32\FHeORFx.exe
  C:\Windows\System32\FHeORFx.exe
  2⤵
  PID:6596
- C:\Windows\System32\QUfNbEO.exe
  C:\Windows\System32\QUfNbEO.exe
  2⤵
  PID:6680
- C:\Windows\System32\sQRnazn.exe
  C:\Windows\System32\sQRnazn.exe
  2⤵
  PID:6900
- C:\Windows\System32\izYWzRV.exe
  C:\Windows\System32\izYWzRV.exe
  2⤵
  PID:7036
- C:\Windows\System32\PgLJDFF.exe
  C:\Windows\System32\PgLJDFF.exe
  2⤵
  PID:7092
- C:\Windows\System32\XltIbXc.exe
  C:\Windows\System32\XltIbXc.exe
  2⤵
  PID:6308
- C:\Windows\System32\xGZlqva.exe
  C:\Windows\System32\xGZlqva.exe
  2⤵
  PID:6924
- C:\Windows\System32\CkisNuh.exe
  C:\Windows\System32\CkisNuh.exe
  2⤵
  PID:7000
- C:\Windows\System32\Narnhwg.exe
  C:\Windows\System32\Narnhwg.exe
  2⤵
  PID:5516
- C:\Windows\System32\uaOYfpt.exe
  C:\Windows\System32\uaOYfpt.exe
  2⤵
  PID:7180
- C:\Windows\System32\aYTXvMX.exe
  C:\Windows\System32\aYTXvMX.exe
  2⤵
  PID:7208
- C:\Windows\System32\zvHIxjL.exe
  C:\Windows\System32\zvHIxjL.exe
  2⤵
  PID:7232
- C:\Windows\System32\HteOXiQ.exe
  C:\Windows\System32\HteOXiQ.exe
  2⤵
  PID:7248
- C:\Windows\System32\qzadZyt.exe
  C:\Windows\System32\qzadZyt.exe
  2⤵
  PID:7280
- C:\Windows\System32\RulkFiw.exe
  C:\Windows\System32\RulkFiw.exe
  2⤵
  PID:7332
- C:\Windows\System32\jHJNhPO.exe
  C:\Windows\System32\jHJNhPO.exe
  2⤵
  PID:7380
- C:\Windows\System32\AQxFHXE.exe
  C:\Windows\System32\AQxFHXE.exe
  2⤵
  PID:7400
- C:\Windows\System32\AMzxuXX.exe
  C:\Windows\System32\AMzxuXX.exe
  2⤵
  PID:7428
- C:\Windows\System32\RbQqcuI.exe
  C:\Windows\System32\RbQqcuI.exe
  2⤵
  PID:7448
- C:\Windows\System32\ElZJbix.exe
  C:\Windows\System32\ElZJbix.exe
  2⤵
  PID:7472
- C:\Windows\System32\HcniLdh.exe
  C:\Windows\System32\HcniLdh.exe
  2⤵
  PID:7512
- C:\Windows\System32\NUiwQRV.exe
  C:\Windows\System32\NUiwQRV.exe
  2⤵
  PID:7544
- C:\Windows\System32\WxOncdB.exe
  C:\Windows\System32\WxOncdB.exe
  2⤵
  PID:7564
- C:\Windows\System32\MKRkbvA.exe
  C:\Windows\System32\MKRkbvA.exe
  2⤵
  PID:7580
- C:\Windows\System32\jfOrUFY.exe
  C:\Windows\System32\jfOrUFY.exe
  2⤵
  PID:7604
- C:\Windows\System32\ssMxRxf.exe
  C:\Windows\System32\ssMxRxf.exe
  2⤵
  PID:7628
- C:\Windows\System32\dUOQMkF.exe
  C:\Windows\System32\dUOQMkF.exe
  2⤵
  PID:7644
- C:\Windows\System32\aSjlhkc.exe
  C:\Windows\System32\aSjlhkc.exe
  2⤵
  PID:7704
- C:\Windows\System32\aaLDTse.exe
  C:\Windows\System32\aaLDTse.exe
  2⤵
  PID:7752
- C:\Windows\System32\scDfrHZ.exe
  C:\Windows\System32\scDfrHZ.exe
  2⤵
  PID:7788
- C:\Windows\System32\CZYsHTI.exe
  C:\Windows\System32\CZYsHTI.exe
  2⤵
  PID:7812
- C:\Windows\System32\mxcawCU.exe
  C:\Windows\System32\mxcawCU.exe
  2⤵
  PID:7836
- C:\Windows\System32\HJjoSPp.exe
  C:\Windows\System32\HJjoSPp.exe
  2⤵
  PID:7868
- C:\Windows\System32\LqbTjsU.exe
  C:\Windows\System32\LqbTjsU.exe
  2⤵
  PID:7892
- C:\Windows\System32\DgnlDxH.exe
  C:\Windows\System32\DgnlDxH.exe
  2⤵
  PID:7916
- C:\Windows\System32\RnsgimE.exe
  C:\Windows\System32\RnsgimE.exe
  2⤵
  PID:7932
- C:\Windows\System32\bJnJFTU.exe
  C:\Windows\System32\bJnJFTU.exe
  2⤵
  PID:7952
- C:\Windows\System32\IjoKEFh.exe
  C:\Windows\System32\IjoKEFh.exe
  2⤵
  PID:7980
- C:\Windows\System32\Oyoswdk.exe
  C:\Windows\System32\Oyoswdk.exe
  2⤵
  PID:8004
- C:\Windows\System32\irbhTqe.exe
  C:\Windows\System32\irbhTqe.exe
  2⤵
  PID:8032
- C:\Windows\System32\fOaDZzV.exe
  C:\Windows\System32\fOaDZzV.exe
  2⤵
  PID:8052
- C:\Windows\System32\wDYqXqy.exe
  C:\Windows\System32\wDYqXqy.exe
  2⤵
  PID:8072
- C:\Windows\System32\BVLpaip.exe
  C:\Windows\System32\BVLpaip.exe
  2⤵
  PID:8092
- C:\Windows\System32\SKkCHIX.exe
  C:\Windows\System32\SKkCHIX.exe
  2⤵
  PID:8144
- C:\Windows\System32\TwmfxIM.exe
  C:\Windows\System32\TwmfxIM.exe
  2⤵
  PID:8160
- C:\Windows\System32\JbZFval.exe
  C:\Windows\System32\JbZFval.exe
  2⤵
  PID:6544
- C:\Windows\System32\uWFxYyS.exe
  C:\Windows\System32\uWFxYyS.exe
  2⤵
  PID:7220
- C:\Windows\System32\TrUyQVC.exe
  C:\Windows\System32\TrUyQVC.exe
  2⤵
  PID:6832
- C:\Windows\System32\QyjrAUE.exe
  C:\Windows\System32\QyjrAUE.exe
  2⤵
  PID:7436
- C:\Windows\System32\ZyQgznK.exe
  C:\Windows\System32\ZyQgznK.exe
  2⤵
  PID:2312
- C:\Windows\System32\cfyICgT.exe
  C:\Windows\System32\cfyICgT.exe
  2⤵
  PID:7464
- C:\Windows\System32\vUpGAbv.exe
  C:\Windows\System32\vUpGAbv.exe
  2⤵
  PID:7504
- C:\Windows\System32\jhoIUcw.exe
  C:\Windows\System32\jhoIUcw.exe
  2⤵
  PID:7640
- C:\Windows\System32\YdDwsXn.exe
  C:\Windows\System32\YdDwsXn.exe
  2⤵
  PID:7652
- C:\Windows\System32\UWQhdQl.exe
  C:\Windows\System32\UWQhdQl.exe
  2⤵
  PID:7700
- C:\Windows\System32\cAlHDqm.exe
  C:\Windows\System32\cAlHDqm.exe
  2⤵
  PID:3808
- C:\Windows\System32\CYibaid.exe
  C:\Windows\System32\CYibaid.exe
  2⤵
  PID:7820
- C:\Windows\System32\yxVNfTb.exe
  C:\Windows\System32\yxVNfTb.exe
  2⤵
  PID:7828
- C:\Windows\System32\HNNBfHY.exe
  C:\Windows\System32\HNNBfHY.exe
  2⤵
  PID:7948
- C:\Windows\System32\qRaGGcc.exe
  C:\Windows\System32\qRaGGcc.exe
  2⤵
  PID:7996
- C:\Windows\System32\CEqdmeQ.exe
  C:\Windows\System32\CEqdmeQ.exe
  2⤵
  PID:8068
- C:\Windows\System32\Clolguq.exe
  C:\Windows\System32\Clolguq.exe
  2⤵
  PID:7200
- C:\Windows\System32\ICwcwIU.exe
  C:\Windows\System32\ICwcwIU.exe
  2⤵
  PID:7016
- C:\Windows\System32\RulUoSN.exe
  C:\Windows\System32\RulUoSN.exe
  2⤵
  PID:7312
- C:\Windows\System32\gtOcdjJ.exe
  C:\Windows\System32\gtOcdjJ.exe
  2⤵
  PID:7356
- C:\Windows\System32\fhvlBKo.exe
  C:\Windows\System32\fhvlBKo.exe
  2⤵
  PID:1108
- C:\Windows\System32\DhaUsRa.exe
  C:\Windows\System32\DhaUsRa.exe
  2⤵
  PID:7612
- C:\Windows\System32\uFfvnHk.exe
  C:\Windows\System32\uFfvnHk.exe
  2⤵
  PID:7712
- C:\Windows\System32\gcwbJhv.exe
  C:\Windows\System32\gcwbJhv.exe
  2⤵
  PID:7852
- C:\Windows\System32\qIMzjki.exe
  C:\Windows\System32\qIMzjki.exe
  2⤵
  PID:7992
- C:\Windows\System32\CiZPMvf.exe
  C:\Windows\System32\CiZPMvf.exe
  2⤵
  PID:8172
- C:\Windows\System32\JXcsYvI.exe
  C:\Windows\System32\JXcsYvI.exe
  2⤵
  PID:7228
- C:\Windows\System32\KbiGgEq.exe
  C:\Windows\System32\KbiGgEq.exe
  2⤵
  PID:7192
- C:\Windows\System32\tVxppFN.exe
  C:\Windows\System32\tVxppFN.exe
  2⤵
  PID:3336
- C:\Windows\System32\GrmfmTM.exe
  C:\Windows\System32\GrmfmTM.exe
  2⤵
  PID:7672
- C:\Windows\System32\LfUlJHL.exe
  C:\Windows\System32\LfUlJHL.exe
  2⤵
  PID:1948
- C:\Windows\System32\TUOaYwX.exe
  C:\Windows\System32\TUOaYwX.exe
  2⤵
  PID:8204
- C:\Windows\System32\xnIWMnd.exe
  C:\Windows\System32\xnIWMnd.exe
  2⤵
  PID:8256
- C:\Windows\System32\zENwEoV.exe
  C:\Windows\System32\zENwEoV.exe
  2⤵
  PID:8284
- C:\Windows\System32\pDFqAkT.exe
  C:\Windows\System32\pDFqAkT.exe
  2⤵
  PID:8320
- C:\Windows\System32\NLiELac.exe
  C:\Windows\System32\NLiELac.exe
  2⤵
  PID:8344
- C:\Windows\System32\OTnBavf.exe
  C:\Windows\System32\OTnBavf.exe
  2⤵
  PID:8360
- C:\Windows\System32\yqrQlqk.exe
  C:\Windows\System32\yqrQlqk.exe
  2⤵
  PID:8388
- C:\Windows\System32\yEbIoGF.exe
  C:\Windows\System32\yEbIoGF.exe
  2⤵
  PID:8404
- C:\Windows\System32\MODdbQt.exe
  C:\Windows\System32\MODdbQt.exe
  2⤵
  PID:8436
- C:\Windows\System32\YwWyIMS.exe
  C:\Windows\System32\YwWyIMS.exe
  2⤵
  PID:8456
- C:\Windows\System32\XmOxkSo.exe
  C:\Windows\System32\XmOxkSo.exe
  2⤵
  PID:8472
- C:\Windows\System32\yyOcvxw.exe
  C:\Windows\System32\yyOcvxw.exe
  2⤵
  PID:8516
- C:\Windows\System32\VASxZCV.exe
  C:\Windows\System32\VASxZCV.exe
  2⤵
  PID:8544
- C:\Windows\System32\zycQeoL.exe
  C:\Windows\System32\zycQeoL.exe
  2⤵
  PID:8576
- C:\Windows\System32\YyxGxGX.exe
  C:\Windows\System32\YyxGxGX.exe
  2⤵
  PID:8592
- C:\Windows\System32\mnRiRNj.exe
  C:\Windows\System32\mnRiRNj.exe
  2⤵
  PID:8628
- C:\Windows\System32\IpxyZkS.exe
  C:\Windows\System32\IpxyZkS.exe
  2⤵
  PID:8648
- C:\Windows\System32\mNcBebR.exe
  C:\Windows\System32\mNcBebR.exe
  2⤵
  PID:8664
- C:\Windows\System32\FSpaqQo.exe
  C:\Windows\System32\FSpaqQo.exe
  2⤵
  PID:8680
- C:\Windows\System32\ZBXJzkh.exe
  C:\Windows\System32\ZBXJzkh.exe
  2⤵
  PID:8704
- C:\Windows\System32\jjbdvtS.exe
  C:\Windows\System32\jjbdvtS.exe
  2⤵
  PID:8732
- C:\Windows\System32\HhNWfwI.exe
  C:\Windows\System32\HhNWfwI.exe
  2⤵
  PID:8800
- C:\Windows\System32\gjWCUGl.exe
  C:\Windows\System32\gjWCUGl.exe
  2⤵
  PID:8824
- C:\Windows\System32\jnhhpfq.exe
  C:\Windows\System32\jnhhpfq.exe
  2⤵
  PID:8844
- C:\Windows\System32\OKibMKR.exe
  C:\Windows\System32\OKibMKR.exe
  2⤵
  PID:8872
- C:\Windows\System32\PaPDdLQ.exe
  C:\Windows\System32\PaPDdLQ.exe
  2⤵
  PID:8908
- C:\Windows\System32\ZiZFUOL.exe
  C:\Windows\System32\ZiZFUOL.exe
  2⤵
  PID:8948
- C:\Windows\System32\RVNLLih.exe
  C:\Windows\System32\RVNLLih.exe
  2⤵
  PID:8976
- C:\Windows\System32\TJgiLOH.exe
  C:\Windows\System32\TJgiLOH.exe
  2⤵
  PID:8992
- C:\Windows\System32\ZNeMRGH.exe
  C:\Windows\System32\ZNeMRGH.exe
  2⤵
  PID:9040
- C:\Windows\System32\pbXTLHT.exe
  C:\Windows\System32\pbXTLHT.exe
  2⤵
  PID:9056
- C:\Windows\System32\RexyNNo.exe
  C:\Windows\System32\RexyNNo.exe
  2⤵
  PID:9084
- C:\Windows\System32\iJZsOjg.exe
  C:\Windows\System32\iJZsOjg.exe
  2⤵
  PID:9124
- C:\Windows\System32\jwJahGh.exe
  C:\Windows\System32\jwJahGh.exe
  2⤵
  PID:9148
- C:\Windows\System32\UQtTfMj.exe
  C:\Windows\System32\UQtTfMj.exe
  2⤵
  PID:9164
- C:\Windows\System32\OLKpxgx.exe
  C:\Windows\System32\OLKpxgx.exe
  2⤵
  PID:9208
- C:\Windows\System32\hNRIUMV.exe
  C:\Windows\System32\hNRIUMV.exe
  2⤵
  PID:8240
- C:\Windows\System32\EGVIkdI.exe
  C:\Windows\System32\EGVIkdI.exe
  2⤵
  PID:8380
- C:\Windows\System32\PkLSLHq.exe
  C:\Windows\System32\PkLSLHq.exe
  2⤵
  PID:8356
- C:\Windows\System32\DGtlcGn.exe
  C:\Windows\System32\DGtlcGn.exe
  2⤵
  PID:8416
- C:\Windows\System32\NYiqGRq.exe
  C:\Windows\System32\NYiqGRq.exe
  2⤵
  PID:8448
- C:\Windows\System32\LJrupnW.exe
  C:\Windows\System32\LJrupnW.exe
  2⤵
  PID:8464
- C:\Windows\System32\bkBTrrT.exe
  C:\Windows\System32\bkBTrrT.exe
  2⤵
  PID:8608
- C:\Windows\System32\Grlskrj.exe
  C:\Windows\System32\Grlskrj.exe
  2⤵
  PID:8676
- C:\Windows\System32\mPpluFq.exe
  C:\Windows\System32\mPpluFq.exe
  2⤵
  PID:8744
- C:\Windows\System32\VuZdsCn.exe
  C:\Windows\System32\VuZdsCn.exe
  2⤵
  PID:8808
- C:\Windows\System32\tHgWVbB.exe
  C:\Windows\System32\tHgWVbB.exe
  2⤵
  PID:8900
- C:\Windows\System32\bOEtjHR.exe
  C:\Windows\System32\bOEtjHR.exe
  2⤵
  PID:8988
- C:\Windows\System32\DSjicCN.exe
  C:\Windows\System32\DSjicCN.exe
  2⤵
  PID:9076
- C:\Windows\System32\hgXDvQO.exe
  C:\Windows\System32\hgXDvQO.exe
  2⤵
  PID:9092
- C:\Windows\System32\mhRqHZQ.exe
  C:\Windows\System32\mhRqHZQ.exe
  2⤵
  PID:9180
- C:\Windows\System32\uexjplw.exe
  C:\Windows\System32\uexjplw.exe
  2⤵
  PID:9200
- C:\Windows\System32\ofTbPSg.exe
  C:\Windows\System32\ofTbPSg.exe
  2⤵
  PID:7968
- C:\Windows\System32\oshfuYK.exe
  C:\Windows\System32\oshfuYK.exe
  2⤵
  PID:8268
- C:\Windows\System32\KCjdvsE.exe
  C:\Windows\System32\KCjdvsE.exe
  2⤵
  PID:8488
- C:\Windows\System32\brXhVaW.exe
  C:\Windows\System32\brXhVaW.exe
  2⤵
  PID:8588
- C:\Windows\System32\krsgDZG.exe
  C:\Windows\System32\krsgDZG.exe
  2⤵
  PID:8820
- C:\Windows\System32\YnrCqza.exe
  C:\Windows\System32\YnrCqza.exe
  2⤵
  PID:4136
- C:\Windows\System32\XzkfquJ.exe
  C:\Windows\System32\XzkfquJ.exe
  2⤵
  PID:9292
- C:\Windows\System32\PwJjMXs.exe
  C:\Windows\System32\PwJjMXs.exe
  2⤵
  PID:9308
- C:\Windows\System32\wYjFpKA.exe
  C:\Windows\System32\wYjFpKA.exe
  2⤵
  PID:9328
- C:\Windows\System32\ZOHsXdr.exe
  C:\Windows\System32\ZOHsXdr.exe
  2⤵
  PID:9408
- C:\Windows\System32\GuKgYpU.exe
  C:\Windows\System32\GuKgYpU.exe
  2⤵
  PID:9440
- C:\Windows\System32\SrFDANK.exe
  C:\Windows\System32\SrFDANK.exe
  2⤵
  PID:9464
- C:\Windows\System32\MgEAJTb.exe
  C:\Windows\System32\MgEAJTb.exe
  2⤵
  PID:9488
- C:\Windows\System32\VCnbhik.exe
  C:\Windows\System32\VCnbhik.exe
  2⤵
  PID:9508
- C:\Windows\System32\sspOwyT.exe
  C:\Windows\System32\sspOwyT.exe
  2⤵
  PID:9548
- C:\Windows\System32\KQppjBg.exe
  C:\Windows\System32\KQppjBg.exe
  2⤵
  PID:9588
- C:\Windows\System32\pSYTUmu.exe
  C:\Windows\System32\pSYTUmu.exe
  2⤵
  PID:9608
- C:\Windows\System32\PvFExLI.exe
  C:\Windows\System32\PvFExLI.exe
  2⤵
  PID:9628
- C:\Windows\System32\roiWdkW.exe
  C:\Windows\System32\roiWdkW.exe
  2⤵
  PID:9656
- C:\Windows\System32\NwxDzcc.exe
  C:\Windows\System32\NwxDzcc.exe
  2⤵
  PID:9700
- C:\Windows\System32\cCEGGSi.exe
  C:\Windows\System32\cCEGGSi.exe
  2⤵
  PID:9724
- C:\Windows\System32\UYDyecO.exe
  C:\Windows\System32\UYDyecO.exe
  2⤵
  PID:9744
- C:\Windows\System32\LVZOkPp.exe
  C:\Windows\System32\LVZOkPp.exe
  2⤵
  PID:9760
- C:\Windows\System32\rEWbMSi.exe
  C:\Windows\System32\rEWbMSi.exe
  2⤵
  PID:9776
- C:\Windows\System32\aVzbVsK.exe
  C:\Windows\System32\aVzbVsK.exe
  2⤵
  PID:9796
- C:\Windows\System32\QNXlTLc.exe
  C:\Windows\System32\QNXlTLc.exe
  2⤵
  PID:9824
- C:\Windows\System32\vrAJgTp.exe
  C:\Windows\System32\vrAJgTp.exe
  2⤵
  PID:9888
- C:\Windows\System32\fEwMYVS.exe
  C:\Windows\System32\fEwMYVS.exe
  2⤵
  PID:9920
- C:\Windows\System32\cavwzfT.exe
  C:\Windows\System32\cavwzfT.exe
  2⤵
  PID:9948
- C:\Windows\System32\wmZfkhx.exe
  C:\Windows\System32\wmZfkhx.exe
  2⤵
  PID:9988
- C:\Windows\System32\egemRJV.exe
  C:\Windows\System32\egemRJV.exe
  2⤵
  PID:10004
- C:\Windows\System32\LqkvSEr.exe
  C:\Windows\System32\LqkvSEr.exe
  2⤵
  PID:10020
- C:\Windows\System32\LxZmXdq.exe
  C:\Windows\System32\LxZmXdq.exe
  2⤵
  PID:10048
- C:\Windows\System32\ZZlgWQa.exe
  C:\Windows\System32\ZZlgWQa.exe
  2⤵
  PID:10080
- C:\Windows\System32\peisusO.exe
  C:\Windows\System32\peisusO.exe
  2⤵
  PID:10100
- C:\Windows\System32\tuUsrNw.exe
  C:\Windows\System32\tuUsrNw.exe
  2⤵
  PID:10140
- C:\Windows\System32\zywmIou.exe
  C:\Windows\System32\zywmIou.exe
  2⤵
  PID:10156
- C:\Windows\System32\lActlHu.exe
  C:\Windows\System32\lActlHu.exe
  2⤵
  PID:10224
- C:\Windows\System32\WRSFRTU.exe
  C:\Windows\System32\WRSFRTU.exe
  2⤵
  PID:8924
- C:\Windows\System32\ZtZTGKZ.exe
  C:\Windows\System32\ZtZTGKZ.exe
  2⤵
  PID:8612
- C:\Windows\System32\eQTxTTV.exe
  C:\Windows\System32\eQTxTTV.exe
  2⤵
  PID:8836
- C:\Windows\System32\tlQNcOJ.exe
  C:\Windows\System32\tlQNcOJ.exe
  2⤵
  PID:9244
- C:\Windows\System32\BKgydth.exe
  C:\Windows\System32\BKgydth.exe
  2⤵
  PID:9272
- C:\Windows\System32\FSsOFMp.exe
  C:\Windows\System32\FSsOFMp.exe
  2⤵
  PID:8696
- C:\Windows\System32\HcnYrZB.exe
  C:\Windows\System32\HcnYrZB.exe
  2⤵
  PID:9228
- C:\Windows\System32\wpfENwz.exe
  C:\Windows\System32\wpfENwz.exe
  2⤵
  PID:9340
- C:\Windows\System32\LCpqDmp.exe
  C:\Windows\System32\LCpqDmp.exe
  2⤵
  PID:9432
- C:\Windows\System32\AWnQGbR.exe
  C:\Windows\System32\AWnQGbR.exe
  2⤵
  PID:9456
- C:\Windows\System32\CQHxDxB.exe
  C:\Windows\System32\CQHxDxB.exe
  2⤵
  PID:9564
- C:\Windows\System32\ezNOifY.exe
  C:\Windows\System32\ezNOifY.exe
  2⤵
  PID:9600
- C:\Windows\System32\egFNyXU.exe
  C:\Windows\System32\egFNyXU.exe
  2⤵
  PID:9668
- C:\Windows\System32\ADipRTV.exe
  C:\Windows\System32\ADipRTV.exe
  2⤵
  PID:9720
- C:\Windows\System32\BcUSsNW.exe
  C:\Windows\System32\BcUSsNW.exe
  2⤵
  PID:9768
- C:\Windows\System32\nZBLAUw.exe
  C:\Windows\System32\nZBLAUw.exe
  2⤵
  PID:9848
- C:\Windows\System32\vcivhaC.exe
  C:\Windows\System32\vcivhaC.exe
  2⤵
  PID:9940
- C:\Windows\System32\ZjdcwkF.exe
  C:\Windows\System32\ZjdcwkF.exe
  2⤵
  PID:10032
- C:\Windows\System32\ylMUdmb.exe
  C:\Windows\System32\ylMUdmb.exe
  2⤵
  PID:10088
- C:\Windows\System32\dArTqEg.exe
  C:\Windows\System32\dArTqEg.exe
  2⤵
  PID:10196
- C:\Windows\System32\csNzFYI.exe
  C:\Windows\System32\csNzFYI.exe
  2⤵
  PID:10232
- C:\Windows\System32\TKoeDbl.exe
  C:\Windows\System32\TKoeDbl.exe
  2⤵
  PID:8716
- C:\Windows\System32\LpMFLpD.exe
  C:\Windows\System32\LpMFLpD.exe
  2⤵
  PID:9356
- C:\Windows\System32\JDLRbVa.exe
  C:\Windows\System32\JDLRbVa.exe
  2⤵
  PID:9452
- C:\Windows\System32\TrRYyxO.exe
  C:\Windows\System32\TrRYyxO.exe
  2⤵
  PID:9520
- C:\Windows\System32\tksYOXJ.exe
  C:\Windows\System32\tksYOXJ.exe
  2⤵
  PID:9680
- C:\Windows\System32\UFtHvWp.exe
  C:\Windows\System32\UFtHvWp.exe
  2⤵
  PID:9788
- C:\Windows\System32\IBjcsJG.exe
  C:\Windows\System32\IBjcsJG.exe
  2⤵
  PID:9808
- C:\Windows\System32\JeVrBtN.exe
  C:\Windows\System32\JeVrBtN.exe
  2⤵
  PID:10040
- C:\Windows\System32\bkYoWLM.exe
  C:\Windows\System32\bkYoWLM.exe
  2⤵
  PID:10188
- C:\Windows\System32\GnYDlhm.exe
  C:\Windows\System32\GnYDlhm.exe
  2⤵
  PID:9108
- C:\Windows\System32\HuQqzbR.exe
  C:\Windows\System32\HuQqzbR.exe
  2⤵
  PID:8512
- C:\Windows\System32\VHyiMJU.exe
  C:\Windows\System32\VHyiMJU.exe
  2⤵
  PID:9860
- C:\Windows\System32\fvldzjp.exe
  C:\Windows\System32\fvldzjp.exe
  2⤵
  PID:9172
- C:\Windows\System32\KJJSNJB.exe
  C:\Windows\System32\KJJSNJB.exe
  2⤵
  PID:9972
- C:\Windows\System32\sAZqWEi.exe
  C:\Windows\System32\sAZqWEi.exe
  2⤵
  PID:10276
- C:\Windows\System32\OgjRnfH.exe
  C:\Windows\System32\OgjRnfH.exe
  2⤵
  PID:10300
- C:\Windows\System32\mGIGdBI.exe
  C:\Windows\System32\mGIGdBI.exe
  2⤵
  PID:10316
- C:\Windows\System32\AmyUqRF.exe
  C:\Windows\System32\AmyUqRF.exe
  2⤵
  PID:10344
- C:\Windows\System32\pFEcFDu.exe
  C:\Windows\System32\pFEcFDu.exe
  2⤵
  PID:10376
- C:\Windows\System32\CWUngce.exe
  C:\Windows\System32\CWUngce.exe
  2⤵
  PID:10408
- C:\Windows\System32\QsUSvRT.exe
  C:\Windows\System32\QsUSvRT.exe
  2⤵
  PID:10436
- C:\Windows\System32\mhLLkcI.exe
  C:\Windows\System32\mhLLkcI.exe
  2⤵
  PID:10468
- C:\Windows\System32\qCDKdCa.exe
  C:\Windows\System32\qCDKdCa.exe
  2⤵
  PID:10492
- C:\Windows\System32\obfFbbo.exe
  C:\Windows\System32\obfFbbo.exe
  2⤵
  PID:10512
- C:\Windows\System32\zXRTgjy.exe
  C:\Windows\System32\zXRTgjy.exe
  2⤵
  PID:10532
- C:\Windows\System32\xXrmKEY.exe
  C:\Windows\System32\xXrmKEY.exe
  2⤵
  PID:10576
- C:\Windows\System32\EgNavmK.exe
  C:\Windows\System32\EgNavmK.exe
  2⤵
  PID:10596
- C:\Windows\System32\MdTmhki.exe
  C:\Windows\System32\MdTmhki.exe
  2⤵
  PID:10620
- C:\Windows\System32\FHVctyo.exe
  C:\Windows\System32\FHVctyo.exe
  2⤵
  PID:10640
- C:\Windows\System32\QZRWfAt.exe
  C:\Windows\System32\QZRWfAt.exe
  2⤵
  PID:10680
- C:\Windows\System32\nalQENK.exe
  C:\Windows\System32\nalQENK.exe
  2⤵
  PID:10708
- C:\Windows\System32\CYpwJlK.exe
  C:\Windows\System32\CYpwJlK.exe
  2⤵
  PID:10736
- C:\Windows\System32\ckwXkis.exe
  C:\Windows\System32\ckwXkis.exe
  2⤵
  PID:10764
- C:\Windows\System32\HMbwSaq.exe
  C:\Windows\System32\HMbwSaq.exe
  2⤵
  PID:10784
- C:\Windows\System32\OPYWIQQ.exe
  C:\Windows\System32\OPYWIQQ.exe
  2⤵
  PID:10836
- C:\Windows\System32\xQpRMuY.exe
  C:\Windows\System32\xQpRMuY.exe
  2⤵
  PID:10864
- C:\Windows\System32\HYtDtVa.exe
  C:\Windows\System32\HYtDtVa.exe
  2⤵
  PID:10884
- C:\Windows\System32\PTTZEWt.exe
  C:\Windows\System32\PTTZEWt.exe
  2⤵
  PID:10908
- C:\Windows\System32\lqwsezs.exe
  C:\Windows\System32\lqwsezs.exe
  2⤵
  PID:10932
- C:\Windows\System32\aYjWPLT.exe
  C:\Windows\System32\aYjWPLT.exe
  2⤵
  PID:10972
- C:\Windows\System32\MpUXGVZ.exe
  C:\Windows\System32\MpUXGVZ.exe
  2⤵
  PID:10992
- C:\Windows\System32\erJpcyQ.exe
  C:\Windows\System32\erJpcyQ.exe
  2⤵
  PID:11024
- C:\Windows\System32\knRfHov.exe
  C:\Windows\System32\knRfHov.exe
  2⤵
  PID:11040
- C:\Windows\System32\thSjVEK.exe
  C:\Windows\System32\thSjVEK.exe
  2⤵
  PID:11064
- C:\Windows\System32\UmhSSeD.exe
  C:\Windows\System32\UmhSSeD.exe
  2⤵
  PID:11084
- C:\Windows\System32\iWbiuBl.exe
  C:\Windows\System32\iWbiuBl.exe
  2⤵
  PID:11116
- C:\Windows\System32\TaREKFt.exe
  C:\Windows\System32\TaREKFt.exe
  2⤵
  PID:11152
- C:\Windows\System32\ckGOukh.exe
  C:\Windows\System32\ckGOukh.exe
  2⤵
  PID:11176
- C:\Windows\System32\BBzPjQk.exe
  C:\Windows\System32\BBzPjQk.exe
  2⤵
  PID:11196
- C:\Windows\System32\NlUOgnj.exe
  C:\Windows\System32\NlUOgnj.exe
  2⤵
  PID:11216
- C:\Windows\System32\yNqaQYR.exe
  C:\Windows\System32\yNqaQYR.exe
  2⤵
  PID:11240
- C:\Windows\System32\VrrpHnp.exe
  C:\Windows\System32\VrrpHnp.exe
  2⤵
  PID:11256
- C:\Windows\System32\fKEtwVv.exe
  C:\Windows\System32\fKEtwVv.exe
  2⤵
  PID:4732
- C:\Windows\System32\HuDPUQU.exe
  C:\Windows\System32\HuDPUQU.exe
  2⤵
  PID:10308
- C:\Windows\System32\CKlTLEU.exe
  C:\Windows\System32\CKlTLEU.exe
  2⤵
  PID:10384
- C:\Windows\System32\NsUQHKd.exe
  C:\Windows\System32\NsUQHKd.exe
  2⤵
  PID:10416
- C:\Windows\System32\EQsdOhT.exe
  C:\Windows\System32\EQsdOhT.exe
  2⤵
  PID:10612
- C:\Windows\System32\UylBOEj.exe
  C:\Windows\System32\UylBOEj.exe
  2⤵
  PID:10668
- C:\Windows\System32\zUrGJKl.exe
  C:\Windows\System32\zUrGJKl.exe
  2⤵
  PID:10760
- C:\Windows\System32\SdprnVu.exe
  C:\Windows\System32\SdprnVu.exe
  2⤵
  PID:10844
- C:\Windows\System32\zxXfZNn.exe
  C:\Windows\System32\zxXfZNn.exe
  2⤵
  PID:10900
- C:\Windows\System32\xAxXylW.exe
  C:\Windows\System32\xAxXylW.exe
  2⤵
  PID:10980
- C:\Windows\System32\DPtoPGf.exe
  C:\Windows\System32\DPtoPGf.exe
  2⤵
  PID:10988
- C:\Windows\System32\vQStPjq.exe
  C:\Windows\System32\vQStPjq.exe
  2⤵
  PID:11092
- C:\Windows\System32\wioTwhl.exe
  C:\Windows\System32\wioTwhl.exe
  2⤵
  PID:11192
- C:\Windows\System32\QCUrhAm.exe
  C:\Windows\System32\QCUrhAm.exe
  2⤵
  PID:11228
- C:\Windows\System32\dlEkazg.exe
  C:\Windows\System32\dlEkazg.exe
  2⤵
  PID:10460
- C:\Windows\System32\hhAkdCN.exe
  C:\Windows\System32\hhAkdCN.exe
  2⤵
  PID:10336
- C:\Windows\System32\GTGcgFX.exe
  C:\Windows\System32\GTGcgFX.exe
  2⤵
  PID:10528
- C:\Windows\System32\cLYbSde.exe
  C:\Windows\System32\cLYbSde.exe
  2⤵
  PID:10588
- C:\Windows\System32\RkkYxuD.exe
  C:\Windows\System32\RkkYxuD.exe
  2⤵
  PID:10700
- C:\Windows\System32\sypqMfR.exe
  C:\Windows\System32\sypqMfR.exe
  2⤵
  PID:10880
- C:\Windows\System32\slaDVWc.exe
  C:\Windows\System32\slaDVWc.exe
  2⤵
  PID:11008
- C:\Windows\System32\GRKpLJD.exe
  C:\Windows\System32\GRKpLJD.exe
  2⤵
  PID:11076
- C:\Windows\System32\KoCbthY.exe
  C:\Windows\System32\KoCbthY.exe
  2⤵
  PID:11212
- C:\Windows\System32\RvgUvDZ.exe
  C:\Windows\System32\RvgUvDZ.exe
  2⤵
  PID:10312
- C:\Windows\System32\lrhZfDL.exe
  C:\Windows\System32\lrhZfDL.exe
  2⤵
  PID:11060
- C:\Windows\System32\XpMWKrp.exe
  C:\Windows\System32\XpMWKrp.exe
  2⤵
  PID:11280
- C:\Windows\System32\pEmHIHi.exe
  C:\Windows\System32\pEmHIHi.exe
  2⤵
  PID:11304
- C:\Windows\System32\ZRCDVol.exe
  C:\Windows\System32\ZRCDVol.exe
  2⤵
  PID:11320
- C:\Windows\System32\GpgJISB.exe
  C:\Windows\System32\GpgJISB.exe
  2⤵
  PID:11372
- C:\Windows\System32\yeGwAvr.exe
  C:\Windows\System32\yeGwAvr.exe
  2⤵
  PID:11388
- C:\Windows\System32\JPhHOav.exe
  C:\Windows\System32\JPhHOav.exe
  2⤵
  PID:11412
- C:\Windows\System32\PliHUpe.exe
  C:\Windows\System32\PliHUpe.exe
  2⤵
  PID:11464
- C:\Windows\System32\tECXmCL.exe
  C:\Windows\System32\tECXmCL.exe
  2⤵
  PID:11492
- C:\Windows\System32\HIDLWYE.exe
  C:\Windows\System32\HIDLWYE.exe
  2⤵
  PID:11508
- C:\Windows\System32\LhvaFJC.exe
  C:\Windows\System32\LhvaFJC.exe
  2⤵
  PID:11536
- C:\Windows\System32\hkFdkMx.exe
  C:\Windows\System32\hkFdkMx.exe
  2⤵
  PID:11576
- C:\Windows\System32\ONJbfMI.exe
  C:\Windows\System32\ONJbfMI.exe
  2⤵
  PID:11592
- C:\Windows\System32\hKFoqxP.exe
  C:\Windows\System32\hKFoqxP.exe
  2⤵
  PID:11608
- C:\Windows\System32\YPoPdBs.exe
  C:\Windows\System32\YPoPdBs.exe
  2⤵
  PID:11628
- C:\Windows\System32\ETsdNkR.exe
  C:\Windows\System32\ETsdNkR.exe
  2⤵
  PID:11644
- C:\Windows\System32\qgjYlbD.exe
  C:\Windows\System32\qgjYlbD.exe
  2⤵
  PID:11668
- C:\Windows\System32\mtQmrpo.exe
  C:\Windows\System32\mtQmrpo.exe
  2⤵
  PID:11720
- C:\Windows\System32\ZMrnCzp.exe
  C:\Windows\System32\ZMrnCzp.exe
  2⤵
  PID:11752
- C:\Windows\System32\sFPsMNG.exe
  C:\Windows\System32\sFPsMNG.exe
  2⤵
  PID:11776
- C:\Windows\System32\JYRGDkV.exe
  C:\Windows\System32\JYRGDkV.exe
  2⤵
  PID:11796
- C:\Windows\System32\HILzYZa.exe
  C:\Windows\System32\HILzYZa.exe
  2⤵
  PID:11812
- C:\Windows\System32\gbnNqty.exe
  C:\Windows\System32\gbnNqty.exe
  2⤵
  PID:11852
- C:\Windows\System32\SOQqnKD.exe
  C:\Windows\System32\SOQqnKD.exe
  2⤵
  PID:11896
- C:\Windows\System32\BRxGFpa.exe
  C:\Windows\System32\BRxGFpa.exe
  2⤵
  PID:11916
- C:\Windows\System32\PorDspA.exe
  C:\Windows\System32\PorDspA.exe
  2⤵
  PID:11936
- C:\Windows\System32\DqXLSKU.exe
  C:\Windows\System32\DqXLSKU.exe
  2⤵
  PID:11968
- C:\Windows\System32\fdxZVhC.exe
  C:\Windows\System32\fdxZVhC.exe
  2⤵
  PID:12016
- C:\Windows\System32\rjJGsCd.exe
  C:\Windows\System32\rjJGsCd.exe
  2⤵
  PID:12044
- C:\Windows\System32\DFducbk.exe
  C:\Windows\System32\DFducbk.exe
  2⤵
  PID:12064
- C:\Windows\System32\DNoaHDr.exe
  C:\Windows\System32\DNoaHDr.exe
  2⤵
  PID:12088
- C:\Windows\System32\zewsVwh.exe
  C:\Windows\System32\zewsVwh.exe
  2⤵
  PID:12120
- C:\Windows\System32\uWcgaFt.exe
  C:\Windows\System32\uWcgaFt.exe
  2⤵
  PID:12152
- C:\Windows\System32\WEprqpN.exe
  C:\Windows\System32\WEprqpN.exe
  2⤵
  PID:12176
- C:\Windows\System32\boJWNbN.exe
  C:\Windows\System32\boJWNbN.exe
  2⤵
  PID:12200
- C:\Windows\System32\lxVWgyJ.exe
  C:\Windows\System32\lxVWgyJ.exe
  2⤵
  PID:12224
- C:\Windows\System32\FkLofOX.exe
  C:\Windows\System32\FkLofOX.exe
  2⤵
  PID:12252
- C:\Windows\System32\eLUnNsy.exe
  C:\Windows\System32\eLUnNsy.exe
  2⤵
  PID:11272
- C:\Windows\System32\oqGgIdO.exe
  C:\Windows\System32\oqGgIdO.exe
  2⤵
  PID:10292
- C:\Windows\System32\RhISAYS.exe
  C:\Windows\System32\RhISAYS.exe
  2⤵
  PID:11368
- C:\Windows\System32\lrvEFHR.exe
  C:\Windows\System32\lrvEFHR.exe
  2⤵
  PID:11384
- C:\Windows\System32\IVESHEn.exe
  C:\Windows\System32\IVESHEn.exe
  2⤵
  PID:11476
- C:\Windows\System32\onDPBpe.exe
  C:\Windows\System32\onDPBpe.exe
  2⤵
  PID:11556
- C:\Windows\System32\ggNEulC.exe
  C:\Windows\System32\ggNEulC.exe
  2⤵
  PID:11600
- C:\Windows\System32\VMMmIxI.exe
  C:\Windows\System32\VMMmIxI.exe
  2⤵
  PID:11624
- C:\Windows\System32\wCMrAPh.exe
  C:\Windows\System32\wCMrAPh.exe
  2⤵
  PID:11676
- C:\Windows\System32\yPPFVas.exe
  C:\Windows\System32\yPPFVas.exe
  2⤵
  PID:11768
- C:\Windows\System32\TEssaDD.exe
  C:\Windows\System32\TEssaDD.exe
  2⤵
  PID:12000
- C:\Windows\System32\qBlISBn.exe
  C:\Windows\System32\qBlISBn.exe
  2⤵
  PID:12116
- C:\Windows\System32\dSzXNxM.exe
  C:\Windows\System32\dSzXNxM.exe
  2⤵
  PID:12212
- C:\Windows\System32\XYOgpzz.exe
  C:\Windows\System32\XYOgpzz.exe
  2⤵
  PID:12280
- C:\Windows\System32\adkbTwk.exe
  C:\Windows\System32\adkbTwk.exe
  2⤵
  PID:11652
- C:\Windows\System32\tGmMgsb.exe
  C:\Windows\System32\tGmMgsb.exe
  2⤵
  PID:11656
- C:\Windows\System32\AhvTLuG.exe
  C:\Windows\System32\AhvTLuG.exe
  2⤵
  PID:1452
- C:\Windows\System32\VzyMbiG.exe
  C:\Windows\System32\VzyMbiG.exe
  2⤵
  PID:11980
- C:\Windows\System32\NKObxRN.exe
  C:\Windows\System32\NKObxRN.exe
  2⤵
  PID:11828
- C:\Windows\System32\RYwetXp.exe
  C:\Windows\System32\RYwetXp.exe
  2⤵
  PID:12192
- C:\Windows\System32\woAUioK.exe
  C:\Windows\System32\woAUioK.exe
  2⤵
  PID:11932
- C:\Windows\System32\IoMCnTF.exe
  C:\Windows\System32\IoMCnTF.exe
  2⤵
  PID:12004
- C:\Windows\System32\fSOdqMA.exe
  C:\Windows\System32\fSOdqMA.exe
  2⤵
  PID:12084
- C:\Windows\System32\MZyrdmg.exe
  C:\Windows\System32\MZyrdmg.exe
  2⤵
  PID:12168
- C:\Windows\System32\IoERxAx.exe
  C:\Windows\System32\IoERxAx.exe
  2⤵
  PID:11332
- C:\Windows\System32\IeZUeZS.exe
  C:\Windows\System32\IeZUeZS.exe
  2⤵
  PID:11684
- C:\Windows\System32\jCMgNta.exe
  C:\Windows\System32\jCMgNta.exe
  2⤵
  PID:11860
- C:\Windows\System32\RtPUXWi.exe
  C:\Windows\System32\RtPUXWi.exe
  2⤵
  PID:12184
- C:\Windows\System32\BNIEWpQ.exe
  C:\Windows\System32\BNIEWpQ.exe
  2⤵
  PID:11792
- C:\Windows\System32\wiBuLOv.exe
  C:\Windows\System32\wiBuLOv.exe
  2⤵
  PID:4816
- C:\Windows\System32\aviKlGe.exe
  C:\Windows\System32\aviKlGe.exe
  2⤵
  PID:12308
- C:\Windows\System32\GwFsWMd.exe
  C:\Windows\System32\GwFsWMd.exe
  2⤵
  PID:12344
- C:\Windows\System32\CDKOxEz.exe
  C:\Windows\System32\CDKOxEz.exe
  2⤵
  PID:12364
- C:\Windows\System32\RZDmVGg.exe
  C:\Windows\System32\RZDmVGg.exe
  2⤵
  PID:12380
- C:\Windows\System32\iiXVteE.exe
  C:\Windows\System32\iiXVteE.exe
  2⤵
  PID:12408
- C:\Windows\System32\Djbualc.exe
  C:\Windows\System32\Djbualc.exe
  2⤵
  PID:12456
- C:\Windows\System32\pWlcWhk.exe
  C:\Windows\System32\pWlcWhk.exe
  2⤵
  PID:12476
- C:\Windows\System32\OjbdlEy.exe
  C:\Windows\System32\OjbdlEy.exe
  2⤵
  PID:12504
- C:\Windows\System32\uWsVOiN.exe
  C:\Windows\System32\uWsVOiN.exe
  2⤵
  PID:12520
- C:\Windows\System32\xYrkkrc.exe
  C:\Windows\System32\xYrkkrc.exe
  2⤵
  PID:12552
- C:\Windows\System32\aTTWGGs.exe
  C:\Windows\System32\aTTWGGs.exe
  2⤵
  PID:12580
- C:\Windows\System32\XRZsViy.exe
  C:\Windows\System32\XRZsViy.exe
  2⤵
  PID:12616
- C:\Windows\System32\KHYuWwR.exe
  C:\Windows\System32\KHYuWwR.exe
  2⤵
  PID:12640
- C:\Windows\System32\Aqhnqbw.exe
  C:\Windows\System32\Aqhnqbw.exe
  2⤵
  PID:12664
- C:\Windows\System32\wBpvFhi.exe
  C:\Windows\System32\wBpvFhi.exe
  2⤵
  PID:12704
- C:\Windows\System32\UkDwYAZ.exe
  C:\Windows\System32\UkDwYAZ.exe
  2⤵
  PID:12728
- C:\Windows\System32\AJexRPN.exe
  C:\Windows\System32\AJexRPN.exe
  2⤵
  PID:12748
- C:\Windows\System32\ePbWkEF.exe
  C:\Windows\System32\ePbWkEF.exe
  2⤵
  PID:12764
- C:\Windows\System32\maFBSTP.exe
  C:\Windows\System32\maFBSTP.exe
  2⤵
  PID:12808
- C:\Windows\System32\iToFanD.exe
  C:\Windows\System32\iToFanD.exe
  2⤵
  PID:12832
- C:\Windows\System32\ChmyaVU.exe
  C:\Windows\System32\ChmyaVU.exe
  2⤵
  PID:12848
- C:\Windows\System32\lCMAYxs.exe
  C:\Windows\System32\lCMAYxs.exe
  2⤵
  PID:12872
- C:\Windows\System32\fRTulat.exe
  C:\Windows\System32\fRTulat.exe
  2⤵
  PID:12912
- C:\Windows\System32\kHZdiVc.exe
  C:\Windows\System32\kHZdiVc.exe
  2⤵
  PID:12944
- C:\Windows\System32\xfgtCAZ.exe
  C:\Windows\System32\xfgtCAZ.exe
  2⤵
  PID:12988
- C:\Windows\System32\tJjHAtI.exe
  C:\Windows\System32\tJjHAtI.exe
  2⤵
  PID:13004
- C:\Windows\System32\mFMmcox.exe
  C:\Windows\System32\mFMmcox.exe
  2⤵
  PID:13024
- C:\Windows\System32\uajBdrL.exe
  C:\Windows\System32\uajBdrL.exe
  2⤵
  PID:13052
- C:\Windows\System32\ylKIqAJ.exe
  C:\Windows\System32\ylKIqAJ.exe
  2⤵
  PID:13092
- C:\Windows\System32\hGSkegp.exe
  C:\Windows\System32\hGSkegp.exe
  2⤵
  PID:13116
- C:\Windows\System32\yGoopDU.exe
  C:\Windows\System32\yGoopDU.exe
  2⤵
  PID:13136
- C:\Windows\System32\RFxXbuH.exe
  C:\Windows\System32\RFxXbuH.exe
  2⤵
  PID:13152
- C:\Windows\System32\NGprdsU.exe
  C:\Windows\System32\NGprdsU.exe
  2⤵
  PID:13220

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\APNCxcl.exe

Filesize
1.4MB

MD5
534731d386a0db7a4afe9578dc2fbe0f

SHA1
1ce609c774a1c009a6038e72b12ef2aed37afb9d

SHA256
8c109237c93782d3316af1497169d95ecc05151011b85004062591d62eba7803

SHA512
c3ae62a3f8d3b796024481ab3e77d1b914f03eacd0ffed945a0f8eab10a61b2766df8347721429decab36d9d949f66d8fe8bca504b65234d60fe15b48943d30b

Download Submit
C:\Windows\System32\BWfoPFf.exe

Filesize
1.4MB

MD5
d55ab8a0ac65e7723e57aefaeaf36f25

SHA1
46c1659e6d8f767442abdbad4b5cf64a1f7f6b16

SHA256
0429945959ec9beb25039b67d99864f59a61087b6754211b03986ebc91f729da

SHA512
f216c83c4383e573afce6b44b94f6d60add58c6f003d00184b51e8b74b1b7eeed794c89eea5bf1283340c39a6200cc53773119f7f75d5ad2a0ab38f98f1d0bcb

Download Submit
C:\Windows\System32\CLnuPqr.exe

Filesize
1.4MB

MD5
800264b0349ca3e4af5f6ccea7164ee5

SHA1
4f9500c31987caada74105e6637091cea4f9e403

SHA256
6128debe3ea685ab36ba2175bb7e02613b8e85c76eb21e0c8a7b286237a14929

SHA512
30cdaf6f0781b83ba8e0e7efe8d92059356729eb8a12ea4708ea65a84acdf6b66ac801fb481292685832c86351867e81703eb6c9fc3b4b987a78b5a36569e4ed

Download Submit
C:\Windows\System32\GQJzjfQ.exe

Filesize
1.4MB

MD5
f9a8a9c5585080c1f3978d40dc2ed823

SHA1
65d3565bc3e2bafdcc11c7f736420c434491e4c9

SHA256
78eadaea393f6ac06785d7d5064a49df4a30cb86b79d04ba554e1829462ad9f9

SHA512
fc3857961ebb54778206a2d60d3f30cdb4ee3ba4240638d56b12a1e3bb8d7982b208f495517077d3c6ff5ab9fe9df24c191577183a7d9cc333963cf89acd595e

Download Submit
C:\Windows\System32\HeKUlCv.exe

Filesize
1.4MB

MD5
d2a033b10c5ce7204004618d0afcff14

SHA1
30bce0036faff45d58d891709b4164596ac5643d

SHA256
98c89bd0b4e3383bbb5c01e766d43d71e30c4c0a0faa752a08b8cee5079df3cf

SHA512
14f9cad366c3a4b3a9fb3cc6306866c94ed6013183e39bc25c924517573ea3e30af6d1c039fba26ac3858466b6aa1fbcb2ab80d1c4d38986fac0fe443ce58b2b

Download Submit
C:\Windows\System32\OKmSSyd.exe

Filesize
1.4MB

MD5
11a7d1163bdb0c7d988374f278f295f3

SHA1
1f71bb058463805b2e7afe15a5215378c99b0d2d

SHA256
b45afdacbe252af16f9649272ecbdd0f6fc7c4e765194f7e1da88731485bffb6

SHA512
854c2fe34de73355b16bcb69386fd597dc8a7c89e0e593f621785220adde1feec79ee9044895d5f33bab73f233f6a266e1a9b7a6cbd79101d9f4bea30d1b7d4b

Download Submit
C:\Windows\System32\PBcCFKM.exe

Filesize
1.4MB

MD5
691d235b8a88416c97993d26549ae532

SHA1
26dd40ebd64e0e0964f7a71ebfaeb5b8a1d1957e

SHA256
c5bd0c7600425ec3d964353027f8a0785b92e0f392442571a86c6f9b5072849c

SHA512
db125479b4dcc84ee15a73a127a9131bc298b98905c37b490971046b19a8c2ae2a2b1a89b626a1dfa5c0ae9a45c48a2770f49ab1a596553d200e24d0cfdc96e6

Download Submit
C:\Windows\System32\TVdGfDV.exe

Filesize
1.4MB

MD5
eb25593d0b2499505147115cf9ff3f71

SHA1
4c035290beb59417b1ecd4716b883e0b54c40426

SHA256
2c23f79be2dc98b36390b5f00de74c388e5f4c23280f2873ec09d7758dbd5d8c

SHA512
c3ecd9cca57a63956f7929b6b5b7c7d34bc00dc6f5952c0fb0af89533cee437b2e1e382b846dae098b003db5f27c1fc8c1b02fe76988dbd6fdb2bb023f07832b

Download Submit
C:\Windows\System32\TpQxOyQ.exe

Filesize
1.4MB

MD5
b2a26c97214ca05ef478487ca4b5de90

SHA1
8f8c77b9eb0fc99b834b05952710b044884ff087

SHA256
9d51430fede53d68d8ad794f5c359e0045dfd92a57e9202208a05020a09ff9e1

SHA512
2d4641b5aed4ee46a2a6ec2cb3a37fcf0a5555f71476c779c35785d87dbfdee80d9a748711bf7ac8f64ee994d222fa5f095b052504133569e64ff6b73ac38b44

Download Submit
C:\Windows\System32\VZULCgk.exe

Filesize
1.4MB

MD5
61140059276106cebab3dd0c4e09055d

SHA1
f29a179180d57ca3f190644d73810b50648bf2eb

SHA256
838fbf44791254d645a4301af263c627f177c70ccc81310986a53449550f2626

SHA512
4f6c75472be5a0ccaa6dd148824327ed049eaa466db77b6dfc58569abf6388b30dfc68766b784c51b0fb70a3b2d122d5c07cc85e15f0b90eb384dc2a05702186

Download Submit
C:\Windows\System32\YDEMSrD.exe

Filesize
1.4MB

MD5
52482bc68301753413c96621d8f753d5

SHA1
fe3c1306aacce4122e936425a73210afcf4fd0a6

SHA256
31fceb5bc73604ef2466e2d664b6380e295219c9b7fd3cd61ba79a0c8ab2e216

SHA512
8a93f1e9c72eab786333b4003d8d4f009621acd748b23ccac35ee7f8e158e129664a0a4336fe21d8bc11995f998d8c1ae3a90ad0a32b7738b4c51eb8058ca7d7

Download Submit
C:\Windows\System32\cGkpaAF.exe

Filesize
1.4MB

MD5
9aaa316c9ab7dd0050a1de34f2a5cedb

SHA1
148bfa8b3586ae6b469ca9a269c80013436bc692

SHA256
11684a1a72421edaa31259394730dcbd003a2440e0c1a574ff26c634d5a89e4b

SHA512
0efab7e16c9ebda337ebe3a491e322cc539f98f83ac813b6651104b22a58338a5ce381603e537d068ad48136ed695fd86e7105e1f02cf564f173a322e914df90

Download Submit
C:\Windows\System32\eOobaeX.exe

Filesize
1.4MB

MD5
271c5541e4e797a5d1a5d6298ef806b4

SHA1
c54f5aed091aeee562d428182ee31da82fd8b7f8

SHA256
72149b1b51a46eeea851c1a1f3cf1a63ebe28d9b37e0ef2cd2f58dbed8f10dd4

SHA512
ec0929a70653ffad329f76403ecb36c226467fee467ba698115227234d4b6d1ecbebe81815f67fabb57ba6772b516b86e8d154fa220a6d131be363aed09d88a3

Download Submit
C:\Windows\System32\hfvaJGr.exe

Filesize
1.4MB

MD5
5333ab451e92df736bb9ed89f81929fb

SHA1
50ad4722845fb88c76c011b51f23238de56d0e4f

SHA256
fbc6604af7888435dca2d40eef7eb9cddcc32848227d1184d1a821ee971cbe53

SHA512
57468440d70ea0b3afa05852c203b12bd23e5a577394a51aa3d2669940cd916de4977366579c6bc3126a3f8c382810267adf00100b5a524a35a4d51e4c06acaf

Download Submit
C:\Windows\System32\iYUMIIR.exe

Filesize
1.4MB

MD5
51efc45f88bf8c3ef556e9a71e8266db

SHA1
979567f95360d6c7e9c595ac188c4b1bb0141e31

SHA256
8bc80a71ccd52d44f0b28f073561aa8d51b6214405c833da06269fafbfae3cd8

SHA512
3e6b2322510b6927bd98175dca107f226a4fc204b194990fd6039317f75b0e7e240be6112f05fd1bad2010690cd603042d09eee5b9ab2aa1a6428ba8d5aa0de9

Download Submit
C:\Windows\System32\jMyEfsJ.exe

Filesize
1.4MB

MD5
3835bf32eed9e3e2524bf68d317d1caf

SHA1
804dd08c0b96d2530724215dbf5592a3b900cf15

SHA256
021dc45074a1fde98d76303ed308529fcb032cf579afccb08ad178ec05f50d6c

SHA512
8ead7796b245de418138a5a37e9a833119a5743d3eab035dc2e18656d29c7a95fcf2b743701c1d5109a0c7303125c54893a566c963e499c83d12541e4a2ffbe9

Download Submit
C:\Windows\System32\jmyriEl.exe

Filesize
1.4MB

MD5
7b84a41bd162938134ba20446cf76b7f

SHA1
5c9788c8879c820ce569dfd65159d2065a4f4b87

SHA256
c59b7842cd5f6ed10b75878b31abceefca42a5e1a87251ab23b72eb89275e01d

SHA512
126044482f411c5c5c4758cf7c58b554c8311acb8220bed44149848611466437324cefc5828f4ac4eb3d27a49f6380612173a523de9f5bc4ee39b4f9949ab6ea

Download Submit
C:\Windows\System32\kBeWfkH.exe

Filesize
1.4MB

MD5
e3c15523b5c0ff75c36c30b250c80a11

SHA1
04200e1bbaa9ff7bca210ff05ca65006839ef849

SHA256
29f721fc2f1fa4bd56947f88e8fcbe757de07897afb7544269197870602c4493

SHA512
bb57efb864efd87fe16f5c89a9bde6a716c8f28c7f981a3b4eb7d31c2fe6411c9c1e32575c72297d3fc17c78d32274cc2436e18c7ee0012d827419ff221005c5

Download Submit
C:\Windows\System32\nGwkyfz.exe

Filesize
1.4MB

MD5
c6bc9deebcb6b6603614836b509805e1

SHA1
77dedb68e65a902ca9ee61193d9a699080d2224f

SHA256
874fc99c78aa0fbb97646c7005fc05dd81e51d2f1ec085c998e5d13df5f41458

SHA512
6e4053860fe3d5cfca8e9d6bcc2b0d0d1de3055a7154106ac673ba07a7a361ad618fd331f60a4020fa3911f93e946f39a4339ab5627940f3a05c18f6006286f2

Download Submit
C:\Windows\System32\ooOblyg.exe

Filesize
1.4MB

MD5
630f824b1bce66c26d2ec0f74c087496

SHA1
31a2cdced0a59516a6f3c3f11b6b015afb57920f

SHA256
2e7284811304f0de2fdc968ce93e853893bcdb83d02d234e0f39502e1c717922

SHA512
871176e9e63c11050ad47393c108154ed7c3c81fc98deacb7ea95c2411117a3665590838ed1ae342cec01869c755216d6c6f04948a43bdcfb0bbe7b52ed55093

Download Submit
C:\Windows\System32\rcQMPHJ.exe

Filesize
1.4MB

MD5
a62a7cae5ca4388d63e58f6193ee06d8

SHA1
0081e333c1985a4f89c7b75a5918518663d02d38

SHA256
b3ad4ee5db41aaa2164b435efce6ee21233c944c62ecd9374e28e3eb396a45ee

SHA512
e7a9918556e3626a66f2f8af1866c6ed41365d8dc543498fadefe032a88b092e1108469ac700833beafaad92b49036b8d9869f6258a69e2f988c836fc6a761d7

Download Submit
C:\Windows\System32\ryNJajp.exe

Filesize
1.4MB

MD5
4b4de203fe20794ab895d944e36b789d

SHA1
47b25bd4087fa5e1b826a7ccf10c29ea569b7746

SHA256
98ba3876241a99d4107c9eb89e5fb9b0680c2e941d60666cf9e19762c7689463

SHA512
cee7539c5cd279f8fa9b665ea5a759c75b940dddc2955fd10fceeeeacb77e4003f13b0878086b680871703745c4552235d09c430eadb9e45db25cdfb7870d6d1

Download Submit
C:\Windows\System32\sCLcnqS.exe

Filesize
1.4MB

MD5
fd35f449a93dfe2de85933daac5d7782

SHA1
07237dd5600a8b67b05d3afdf6acc6a4f7b18db5

SHA256
56d3749afd384c04f144774f13867e6cf6192d9db1ffb77210042515dfa8cc43

SHA512
73ce05996d277f5078be44f52a841120f82deb1ee198c31ac216fb70ba25f7e53d677b8af462134e079702d851c493afa6580f941c86221e63559792ac3cc091

Download Submit
C:\Windows\System32\syYxDYc.exe

Filesize
1.4MB

MD5
ec099941c4abff200acb16a5cfd87d99

SHA1
681bb8101ad95cce65d2dca0aba74703058a680b

SHA256
0afb7e88a8ed247474ef3beca854481187cecf5571cd1ea0f1cf65d2e4538cd2

SHA512
8b4c50907db071201cc29af905bd2f75e9f43fd094e425d7531f8e3c2c991ab007afc896ee15f61cf5c39f067535eebe00ff7ba4cdd2fa9ffdb424c17bb5ecd8

Download Submit
C:\Windows\System32\tBrfHcl.exe

Filesize
1.4MB

MD5
614c64fb102c63e4aefecd0b3b6d396d

SHA1
41a25686c65abd65daa1b307235cbd2906c37bae

SHA256
1a4de7f45df0e02f7393c0fd91f0dce23cafdad404b7b3c1381d25483753a5b5

SHA512
3c509bf2f16f33c6b4e9d7c10077569d8a3ce52f4f84f8417164012bb00ad78df1eb748a927e3d71b296fb6416203915e328f68cc0c3070ce81136b18d5db930

Download Submit
C:\Windows\System32\tfUKhMJ.exe

Filesize
1.4MB

MD5
05152574f559895a8aa5d8e4805da25e

SHA1
b9a0b293912ad09f8a77a2f5c57f1bfe5858bead

SHA256
697df08cd43f8184dc7a3f36d4795961f01bd1fcde0f2789e0c58175903a912d

SHA512
74d575593af2083b3c538f80cdf6dedbe42e472b56a940cbccdf43c413536fda4ac2bfca80e64ae9960775a985b312ae41f7a66741973a2914a6028da69ec0aa

Download Submit
C:\Windows\System32\tsllXFq.exe

Filesize
1.4MB

MD5
e35ecbb40c77fefb66ab0f6664662830

SHA1
ff0a80393ebd303271eb9f1a8008925601539124

SHA256
49b37db8eaa84f588595da8b6b1a8a0cab29f08b469d5ddac73fc01e4ca27b6a

SHA512
7f79721b8c2e01d8b48a6765d9aa702ee666c0ee689f34fc8002f8108f3b32d2a99c12678dfe4ccd4aa65a8feb360dc7b7a7ade800c97ff22c0cc6676ebad758

Download Submit
C:\Windows\System32\vUOJlhk.exe

Filesize
1.4MB

MD5
617704448e00a6d503ce9fa8c16a5d85

SHA1
9491bdc9d80f35bec0a4b3cae23ea1445a6f222c

SHA256
baf1d8452d557af11f977b33a6d5ca6095136fe3ca139a515b0990c67c431e90

SHA512
9e744db6b37979436e0f9a5bd00d7cfb4cd5e73a768ee53ac710681542b4de3098a9c7234ca58ed9ec0f22d371ad4ed35bbd7e2f5e44d178057140e552bf7bad

Download Submit
C:\Windows\System32\wKSoaPZ.exe

Filesize
1.4MB

MD5
eaec4aaec97efba21a2f84c98912a267

SHA1
0d98638539fbdf2756e59838f7834099dc20d90d

SHA256
ea4ff079e1d2b0c9171017f1e7e42d4410b7f9e8a1372b23130b509853eac723

SHA512
cbe1bf1134de50d1672ec57782ca91e891136733fe3770486237c8db75f2bcd8be53f6b5522483fd84b19686fad0aa479dfe197598104093b1a3f5d34a6f81ed

Download Submit
C:\Windows\System32\wTwiiFr.exe

Filesize
1.4MB

MD5
49b2d011f51b0de390f3b1a8ad9d1e7f

SHA1
07467d65c4aa20e7bc256a596eba3874ec986dad

SHA256
27110dcab998651a6729bdef3c467b6fad02964e70ed0c3542db7c7853f0bdc1

SHA512
fd7327b824d6107bfdad6e33cfe20ae22f554a4a9018709df3e350afc79a6332ea9d8b7f04d1c5dbe8dc7101c2f2e4b77d5459bccdff58ce12389e6a53a7948c

Download Submit
C:\Windows\System32\xXYpJJN.exe

Filesize
1.4MB

MD5
4e514f6236a0982d6932b17f26b8e5c9

SHA1
cfa231901b60318aca050b87359978a0c62b02b6

SHA256
f8f279f1df2aee452b12f4412c739d7c1bb5db71506ed8d507661dae28e7a6cc

SHA512
7b9dce4fe26a426b88beacb8bb949caf1537c78834c8171bcb0a27dce0c967579bd26592d56191aa91b0591422fcfcef934760315058fd2097c691f5414dbbbc

Download Submit
C:\Windows\System32\znSkljv.exe

Filesize
1.4MB

MD5
849d08b6ef30aa1d9f6297a6f9047231

SHA1
2008ff20908477666ca8f7b0521e00ce32b9b5c3

SHA256
24fafcf3f5fe4a8f616acfbc4934457b4528008b616e8d736907e17bbc6846ae

SHA512
7d856d85dea065a76c31eaea7c28a1e1ddbf176dbcacde7a6fcb36da818622f015f492777e0bcfa3af34c943984b582d29d474df9f10ff549c2cfe25c1035eac

Download Submit
C:\Windows\System32\zyiIUZf.exe

Filesize
1.4MB

MD5
2ff0b08d6104668d79ecb6716cb4eb06

SHA1
5f20665194f1656a353c9807bafb38755ae0514a

SHA256
7e9079211cad48bcada4a5935934264dce930177c9cf2659f18a40c2e379d071

SHA512
0806831362ac0af6ad209c196c8e982858c0edd855799a3f9baeae5d08fbef75aba622ab805d56ba7a86cd2e586e400f3f248ab293aa75d7e23f6dc155a4074b

Download Submit
memory/544-467-0x00007FF789710000-0x00007FF789B01000-memory.dmp

Filesize
3.9MB

Download
memory/1592-536-0x00007FF76B2F0000-0x00007FF76B6E1000-memory.dmp

Filesize
3.9MB

Download
memory/1592-2137-0x00007FF76B2F0000-0x00007FF76B6E1000-memory.dmp

Filesize
3.9MB

Download
memory/1600-501-0x00007FF788AB0000-0x00007FF788EA1000-memory.dmp

Filesize
3.9MB

Download
memory/1600-2114-0x00007FF788AB0000-0x00007FF788EA1000-memory.dmp

Filesize
3.9MB

Download
memory/1736-2099-0x00007FF7826A0000-0x00007FF782A91000-memory.dmp

Filesize
3.9MB

Download
memory/1736-476-0x00007FF7826A0000-0x00007FF782A91000-memory.dmp

Filesize
3.9MB

Download
memory/2068-457-0x00007FF6C3C70000-0x00007FF6C4061000-memory.dmp

Filesize
3.9MB

Download
memory/2068-2082-0x00007FF6C3C70000-0x00007FF6C4061000-memory.dmp

Filesize
3.9MB

Download
memory/2280-14-0x00007FF6EF340000-0x00007FF6EF731000-memory.dmp

Filesize
3.9MB

Download
memory/2280-2013-0x00007FF6EF340000-0x00007FF6EF731000-memory.dmp

Filesize
3.9MB

Download
memory/2392-537-0x00007FF786600000-0x00007FF7869F1000-memory.dmp

Filesize
3.9MB

Download
memory/2392-2157-0x00007FF786600000-0x00007FF7869F1000-memory.dmp

Filesize
3.9MB

Download
memory/2464-464-0x00007FF642510000-0x00007FF642901000-memory.dmp

Filesize
3.9MB

Download
memory/2464-2096-0x00007FF642510000-0x00007FF642901000-memory.dmp

Filesize
3.9MB

Download
memory/2636-32-0x00007FF6D61D0000-0x00007FF6D65C1000-memory.dmp

Filesize
3.9MB

Download
memory/2636-2030-0x00007FF6D61D0000-0x00007FF6D65C1000-memory.dmp

Filesize
3.9MB

Download
memory/2676-2077-0x00007FF70D550000-0x00007FF70D941000-memory.dmp

Filesize
3.9MB

Download
memory/2676-442-0x00007FF70D550000-0x00007FF70D941000-memory.dmp

Filesize
3.9MB

Download
memory/3152-2116-0x00007FF70BE70000-0x00007FF70C261000-memory.dmp

Filesize
3.9MB

Download
memory/3152-509-0x00007FF70BE70000-0x00007FF70C261000-memory.dmp

Filesize
3.9MB

Download
memory/3184-2052-0x00007FF619600000-0x00007FF6199F1000-memory.dmp

Filesize
3.9MB

Download
memory/3184-22-0x00007FF619600000-0x00007FF6199F1000-memory.dmp

Filesize
3.9MB

Download
memory/3184-2008-0x00007FF619600000-0x00007FF6199F1000-memory.dmp

Filesize
3.9MB

Download
memory/3224-499-0x00007FF6B9180000-0x00007FF6B9571000-memory.dmp

Filesize
3.9MB

Download
memory/3340-2010-0x00007FF7E6320000-0x00007FF7E6711000-memory.dmp

Filesize
3.9MB

Download
memory/3340-427-0x00007FF7E6320000-0x00007FF7E6711000-memory.dmp

Filesize
3.9MB

Download
memory/3340-2054-0x00007FF7E6320000-0x00007FF7E6711000-memory.dmp

Filesize
3.9MB

Download
memory/3624-2044-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp

Filesize
3.9MB

Download
memory/3624-2009-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp

Filesize
3.9MB

Download
memory/3624-28-0x00007FF7860E0000-0x00007FF7864D1000-memory.dmp

Filesize
3.9MB

Download
memory/3656-450-0x00007FF77CF60000-0x00007FF77D351000-memory.dmp

Filesize
3.9MB

Download
memory/3656-2080-0x00007FF77CF60000-0x00007FF77D351000-memory.dmp

Filesize
3.9MB

Download
memory/3712-0-0x00007FF6689B0000-0x00007FF668DA1000-memory.dmp

Filesize
3.9MB

Download
memory/3712-1-0x0000021C648B0000-0x0000021C648C0000-memory.dmp

Filesize
64KB

Download
memory/3764-544-0x00007FF6B3940000-0x00007FF6B3D31000-memory.dmp

Filesize
3.9MB

Download
memory/3764-2062-0x00007FF6B3940000-0x00007FF6B3D31000-memory.dmp

Filesize
3.9MB

Download
memory/4216-447-0x00007FF65E950000-0x00007FF65ED41000-memory.dmp

Filesize
3.9MB

Download
memory/4216-2094-0x00007FF65E950000-0x00007FF65ED41000-memory.dmp

Filesize
3.9MB

Download
memory/4380-434-0x00007FF7429F0000-0x00007FF742DE1000-memory.dmp

Filesize
3.9MB

Download
memory/4380-2068-0x00007FF7429F0000-0x00007FF742DE1000-memory.dmp

Filesize
3.9MB

Download
memory/4464-2133-0x00007FF73EE90000-0x00007FF73F281000-memory.dmp

Filesize
3.9MB

Download
memory/4464-518-0x00007FF73EE90000-0x00007FF73F281000-memory.dmp

Filesize
3.9MB

Download
memory/4628-2135-0x00007FF76BD80000-0x00007FF76C171000-memory.dmp

Filesize
3.9MB

Download
memory/4628-530-0x00007FF76BD80000-0x00007FF76C171000-memory.dmp

Filesize
3.9MB

Download
memory/4744-542-0x00007FF78CF70000-0x00007FF78D361000-memory.dmp

Filesize
3.9MB

Download
memory/4744-2159-0x00007FF78CF70000-0x00007FF78D361000-memory.dmp

Filesize
3.9MB

Download
memory/5044-2131-0x00007FF7C8240000-0x00007FF7C8631000-memory.dmp

Filesize
3.9MB

Download
memory/5044-516-0x00007FF7C8240000-0x00007FF7C8631000-memory.dmp

Filesize
3.9MB

Download
memory/5068-2108-0x00007FF64E000000-0x00007FF64E3F1000-memory.dmp

Filesize
3.9MB

Download
memory/5068-490-0x00007FF64E000000-0x00007FF64E3F1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads