xmrig | 2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04

Analysis

max time kernel
144s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
Size

1.5MB
MD5

8b7ed5c1192339d9baf91ab3db6fc88e
SHA1

1e6f63297ade8c0cb6f55b8f9187a0b9979dfac9
SHA256

2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04
SHA512

9d2e222f672c3fb21159bf70beee09358b9e949dfaeec8ca6d394d607d3609785a66e8ce3b8461048c9d9d7d5c2c6c0efd6f23389610c6ab73ac5ad0536fdd64
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXxeHNswDK:BemTLkNdfE0pZr/

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4220-0-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp	UPX
behavioral2/files/0x000500000002328f-5.dat	UPX
behavioral2/files/0x00070000000233ed-8.dat	UPX
behavioral2/files/0x00080000000233ec-13.dat	UPX
behavioral2/files/0x00070000000233ee-25.dat	UPX
behavioral2/files/0x00070000000233f9-74.dat	UPX
behavioral2/files/0x00070000000233fc-89.dat	UPX
behavioral2/files/0x00070000000233fe-107.dat	UPX
behavioral2/files/0x0007000000023401-122.dat	UPX
behavioral2/memory/5084-689-0x00007FF68DC30000-0x00007FF68DF84000-memory.dmp	UPX
behavioral2/files/0x000700000002340b-164.dat	UPX
behavioral2/files/0x0007000000023409-162.dat	UPX
behavioral2/files/0x000700000002340a-159.dat	UPX
behavioral2/files/0x0007000000023408-154.dat	UPX
behavioral2/files/0x0007000000023407-150.dat	UPX
behavioral2/files/0x0007000000023406-144.dat	UPX
behavioral2/files/0x0007000000023405-140.dat	UPX
behavioral2/files/0x0007000000023404-135.dat	UPX
behavioral2/files/0x0007000000023403-127.dat	UPX
behavioral2/files/0x0007000000023402-125.dat	UPX
behavioral2/files/0x0007000000023400-117.dat	UPX
behavioral2/files/0x00070000000233ff-112.dat	UPX
behavioral2/files/0x00070000000233fd-102.dat	UPX
behavioral2/files/0x00070000000233fb-92.dat	UPX
behavioral2/files/0x00070000000233fa-87.dat	UPX
behavioral2/files/0x00070000000233f8-77.dat	UPX
behavioral2/files/0x00070000000233f7-72.dat	UPX
behavioral2/files/0x00070000000233f6-64.dat	UPX
behavioral2/files/0x00070000000233f5-60.dat	UPX
behavioral2/files/0x00070000000233f4-54.dat	UPX
behavioral2/files/0x00070000000233f3-50.dat	UPX
behavioral2/files/0x00070000000233f2-44.dat	UPX
behavioral2/files/0x00070000000233f1-40.dat	UPX
behavioral2/files/0x00070000000233f0-34.dat	UPX
behavioral2/files/0x00070000000233ef-30.dat	UPX
behavioral2/memory/2128-10-0x00007FF6F62A0000-0x00007FF6F65F4000-memory.dmp	UPX
behavioral2/memory/2192-690-0x00007FF63D010000-0x00007FF63D364000-memory.dmp	UPX
behavioral2/memory/2412-692-0x00007FF68B1C0000-0x00007FF68B514000-memory.dmp	UPX
behavioral2/memory/2504-691-0x00007FF7DA8A0000-0x00007FF7DABF4000-memory.dmp	UPX
behavioral2/memory/4092-693-0x00007FF6DA0B0000-0x00007FF6DA404000-memory.dmp	UPX
behavioral2/memory/3248-694-0x00007FF7009F0000-0x00007FF700D44000-memory.dmp	UPX
behavioral2/memory/3804-699-0x00007FF7EF520000-0x00007FF7EF874000-memory.dmp	UPX
behavioral2/memory/2572-708-0x00007FF611490000-0x00007FF6117E4000-memory.dmp	UPX
behavioral2/memory/2492-704-0x00007FF6385C0000-0x00007FF638914000-memory.dmp	UPX
behavioral2/memory/3180-717-0x00007FF6F1300000-0x00007FF6F1654000-memory.dmp	UPX
behavioral2/memory/1864-739-0x00007FF7A4C80000-0x00007FF7A4FD4000-memory.dmp	UPX
behavioral2/memory/3948-752-0x00007FF758350000-0x00007FF7586A4000-memory.dmp	UPX
behavioral2/memory/2528-754-0x00007FF7A73F0000-0x00007FF7A7744000-memory.dmp	UPX
behavioral2/memory/2396-769-0x00007FF61C7C0000-0x00007FF61CB14000-memory.dmp	UPX
behavioral2/memory/3316-771-0x00007FF63F870000-0x00007FF63FBC4000-memory.dmp	UPX
behavioral2/memory/3792-781-0x00007FF71B880000-0x00007FF71BBD4000-memory.dmp	UPX
behavioral2/memory/4568-786-0x00007FF667BF0000-0x00007FF667F44000-memory.dmp	UPX
behavioral2/memory/832-793-0x00007FF76CB60000-0x00007FF76CEB4000-memory.dmp	UPX
behavioral2/memory/4508-794-0x00007FF764660000-0x00007FF7649B4000-memory.dmp	UPX
behavioral2/memory/1184-796-0x00007FF662780000-0x00007FF662AD4000-memory.dmp	UPX
behavioral2/memory/3456-777-0x00007FF72E220000-0x00007FF72E574000-memory.dmp	UPX
behavioral2/memory/2264-774-0x00007FF7AF810000-0x00007FF7AFB64000-memory.dmp	UPX
behavioral2/memory/2176-745-0x00007FF61E710000-0x00007FF61EA64000-memory.dmp	UPX
behavioral2/memory/4444-727-0x00007FF6D8D10000-0x00007FF6D9064000-memory.dmp	UPX
behavioral2/memory/3224-805-0x00007FF6603B0000-0x00007FF660704000-memory.dmp	UPX
behavioral2/memory/1248-823-0x00007FF769F70000-0x00007FF76A2C4000-memory.dmp	UPX
behavioral2/memory/2296-821-0x00007FF78C710000-0x00007FF78CA64000-memory.dmp	UPX
behavioral2/memory/2260-829-0x00007FF685D20000-0x00007FF686074000-memory.dmp	UPX
behavioral2/memory/4220-2156-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4220-0-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp	xmrig
behavioral2/files/0x000500000002328f-5.dat	xmrig
behavioral2/files/0x00070000000233ed-8.dat	xmrig
behavioral2/files/0x00080000000233ec-13.dat	xmrig
behavioral2/files/0x00070000000233ee-25.dat	xmrig
behavioral2/files/0x00070000000233f9-74.dat	xmrig
behavioral2/files/0x00070000000233fc-89.dat	xmrig
behavioral2/files/0x00070000000233fe-107.dat	xmrig
behavioral2/files/0x0007000000023401-122.dat	xmrig
behavioral2/memory/5084-689-0x00007FF68DC30000-0x00007FF68DF84000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-164.dat	xmrig
behavioral2/files/0x0007000000023409-162.dat	xmrig
behavioral2/files/0x000700000002340a-159.dat	xmrig
behavioral2/files/0x0007000000023408-154.dat	xmrig
behavioral2/files/0x0007000000023407-150.dat	xmrig
behavioral2/files/0x0007000000023406-144.dat	xmrig
behavioral2/files/0x0007000000023405-140.dat	xmrig
behavioral2/files/0x0007000000023404-135.dat	xmrig
behavioral2/files/0x0007000000023403-127.dat	xmrig
behavioral2/files/0x0007000000023402-125.dat	xmrig
behavioral2/files/0x0007000000023400-117.dat	xmrig
behavioral2/files/0x00070000000233ff-112.dat	xmrig
behavioral2/files/0x00070000000233fd-102.dat	xmrig
behavioral2/files/0x00070000000233fb-92.dat	xmrig
behavioral2/files/0x00070000000233fa-87.dat	xmrig
behavioral2/files/0x00070000000233f8-77.dat	xmrig
behavioral2/files/0x00070000000233f7-72.dat	xmrig
behavioral2/files/0x00070000000233f6-64.dat	xmrig
behavioral2/files/0x00070000000233f5-60.dat	xmrig
behavioral2/files/0x00070000000233f4-54.dat	xmrig
behavioral2/files/0x00070000000233f3-50.dat	xmrig
behavioral2/files/0x00070000000233f2-44.dat	xmrig
behavioral2/files/0x00070000000233f1-40.dat	xmrig
behavioral2/files/0x00070000000233f0-34.dat	xmrig
behavioral2/files/0x00070000000233ef-30.dat	xmrig
behavioral2/memory/2128-10-0x00007FF6F62A0000-0x00007FF6F65F4000-memory.dmp	xmrig
behavioral2/memory/2192-690-0x00007FF63D010000-0x00007FF63D364000-memory.dmp	xmrig
behavioral2/memory/2412-692-0x00007FF68B1C0000-0x00007FF68B514000-memory.dmp	xmrig
behavioral2/memory/2504-691-0x00007FF7DA8A0000-0x00007FF7DABF4000-memory.dmp	xmrig
behavioral2/memory/4092-693-0x00007FF6DA0B0000-0x00007FF6DA404000-memory.dmp	xmrig
behavioral2/memory/3248-694-0x00007FF7009F0000-0x00007FF700D44000-memory.dmp	xmrig
behavioral2/memory/3804-699-0x00007FF7EF520000-0x00007FF7EF874000-memory.dmp	xmrig
behavioral2/memory/2572-708-0x00007FF611490000-0x00007FF6117E4000-memory.dmp	xmrig
behavioral2/memory/2492-704-0x00007FF6385C0000-0x00007FF638914000-memory.dmp	xmrig
behavioral2/memory/3180-717-0x00007FF6F1300000-0x00007FF6F1654000-memory.dmp	xmrig
behavioral2/memory/1864-739-0x00007FF7A4C80000-0x00007FF7A4FD4000-memory.dmp	xmrig
behavioral2/memory/3948-752-0x00007FF758350000-0x00007FF7586A4000-memory.dmp	xmrig
behavioral2/memory/2528-754-0x00007FF7A73F0000-0x00007FF7A7744000-memory.dmp	xmrig
behavioral2/memory/2396-769-0x00007FF61C7C0000-0x00007FF61CB14000-memory.dmp	xmrig
behavioral2/memory/3316-771-0x00007FF63F870000-0x00007FF63FBC4000-memory.dmp	xmrig
behavioral2/memory/3792-781-0x00007FF71B880000-0x00007FF71BBD4000-memory.dmp	xmrig
behavioral2/memory/4568-786-0x00007FF667BF0000-0x00007FF667F44000-memory.dmp	xmrig
behavioral2/memory/832-793-0x00007FF76CB60000-0x00007FF76CEB4000-memory.dmp	xmrig
behavioral2/memory/4508-794-0x00007FF764660000-0x00007FF7649B4000-memory.dmp	xmrig
behavioral2/memory/1184-796-0x00007FF662780000-0x00007FF662AD4000-memory.dmp	xmrig
behavioral2/memory/3456-777-0x00007FF72E220000-0x00007FF72E574000-memory.dmp	xmrig
behavioral2/memory/2264-774-0x00007FF7AF810000-0x00007FF7AFB64000-memory.dmp	xmrig
behavioral2/memory/2176-745-0x00007FF61E710000-0x00007FF61EA64000-memory.dmp	xmrig
behavioral2/memory/4444-727-0x00007FF6D8D10000-0x00007FF6D9064000-memory.dmp	xmrig
behavioral2/memory/3224-805-0x00007FF6603B0000-0x00007FF660704000-memory.dmp	xmrig
behavioral2/memory/1248-823-0x00007FF769F70000-0x00007FF76A2C4000-memory.dmp	xmrig
behavioral2/memory/2296-821-0x00007FF78C710000-0x00007FF78CA64000-memory.dmp	xmrig
behavioral2/memory/2260-829-0x00007FF685D20000-0x00007FF686074000-memory.dmp	xmrig
behavioral2/memory/4220-2156-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2128	shyUxND.exe
5084	nXfYzsx.exe
2192	mDgPRBy.exe
2504	WOjwROQ.exe
2260	UEYrnQs.exe
2412	TlYJczH.exe
4092	mHZGPqP.exe
3248	CgKaFBZ.exe
3804	NKVwYXl.exe
2492	BkaDHEB.exe
2572	GKdvvCo.exe
3180	emOTwqF.exe
4444	gVzXrxb.exe
1864	uJyOyAB.exe
2176	AfYJNdY.exe
3948	UOHzhmO.exe
2528	PAXNoPF.exe
2396	wwNWNec.exe
3316	PqvjfQr.exe
2264	qYuqUGL.exe
3456	wQoACJS.exe
3792	QRclOMp.exe
4568	jMUTXFp.exe
832	MwgyKPz.exe
4508	kGxYXeY.exe
1184	CfAstoi.exe
3224	GbZGkdJ.exe
2296	LjWjiXn.exe
1248	XwQrngi.exe
2972	prwoBLv.exe
3496	SktocXA.exe
5092	YDtLKfQ.exe
4964	qVerncq.exe
2208	hxBMWug.exe
2588	ogtURrw.exe
756	xSfAPLP.exe
1732	SIqJMmA.exe
4576	ghRifoZ.exe
4892	oYskiHj.exe
2984	AarMnqn.exe
4328	YSpdgOz.exe
3252	xradYoW.exe
3768	sOnqasX.exe
3528	vpAxeiB.exe
4736	YIBPqrP.exe
464	btyDwzl.exe
4776	YtReoFv.exe
2544	mkBwWDC.exe
3060	rqlZiSz.exe
632	GjdvRuO.exe
4740	gJjmwxt.exe
4668	UiMEZcd.exe
4376	geItUjN.exe
960	GcODeRq.exe
2432	SDNIDhH.exe
2136	gyfREzI.exe
2216	sdJHqyS.exe
2632	FzgEJPJ.exe
3380	McDjyZS.exe
4952	EdHDjYg.exe
1728	YsQRCZl.exe
4600	QHWnkJt.exe
2308	gAbmIsO.exe
2756	LjIqvGC.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4220-0-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp	upx
behavioral2/files/0x000500000002328f-5.dat	upx
behavioral2/files/0x00070000000233ed-8.dat	upx
behavioral2/files/0x00080000000233ec-13.dat	upx
behavioral2/files/0x00070000000233ee-25.dat	upx
behavioral2/files/0x00070000000233f9-74.dat	upx
behavioral2/files/0x00070000000233fc-89.dat	upx
behavioral2/files/0x00070000000233fe-107.dat	upx
behavioral2/files/0x0007000000023401-122.dat	upx
behavioral2/memory/5084-689-0x00007FF68DC30000-0x00007FF68DF84000-memory.dmp	upx
behavioral2/files/0x000700000002340b-164.dat	upx
behavioral2/files/0x0007000000023409-162.dat	upx
behavioral2/files/0x000700000002340a-159.dat	upx
behavioral2/files/0x0007000000023408-154.dat	upx
behavioral2/files/0x0007000000023407-150.dat	upx
behavioral2/files/0x0007000000023406-144.dat	upx
behavioral2/files/0x0007000000023405-140.dat	upx
behavioral2/files/0x0007000000023404-135.dat	upx
behavioral2/files/0x0007000000023403-127.dat	upx
behavioral2/files/0x0007000000023402-125.dat	upx
behavioral2/files/0x0007000000023400-117.dat	upx
behavioral2/files/0x00070000000233ff-112.dat	upx
behavioral2/files/0x00070000000233fd-102.dat	upx
behavioral2/files/0x00070000000233fb-92.dat	upx
behavioral2/files/0x00070000000233fa-87.dat	upx
behavioral2/files/0x00070000000233f8-77.dat	upx
behavioral2/files/0x00070000000233f7-72.dat	upx
behavioral2/files/0x00070000000233f6-64.dat	upx
behavioral2/files/0x00070000000233f5-60.dat	upx
behavioral2/files/0x00070000000233f4-54.dat	upx
behavioral2/files/0x00070000000233f3-50.dat	upx
behavioral2/files/0x00070000000233f2-44.dat	upx
behavioral2/files/0x00070000000233f1-40.dat	upx
behavioral2/files/0x00070000000233f0-34.dat	upx
behavioral2/files/0x00070000000233ef-30.dat	upx
behavioral2/memory/2128-10-0x00007FF6F62A0000-0x00007FF6F65F4000-memory.dmp	upx
behavioral2/memory/2192-690-0x00007FF63D010000-0x00007FF63D364000-memory.dmp	upx
behavioral2/memory/2412-692-0x00007FF68B1C0000-0x00007FF68B514000-memory.dmp	upx
behavioral2/memory/2504-691-0x00007FF7DA8A0000-0x00007FF7DABF4000-memory.dmp	upx
behavioral2/memory/4092-693-0x00007FF6DA0B0000-0x00007FF6DA404000-memory.dmp	upx
behavioral2/memory/3248-694-0x00007FF7009F0000-0x00007FF700D44000-memory.dmp	upx
behavioral2/memory/3804-699-0x00007FF7EF520000-0x00007FF7EF874000-memory.dmp	upx
behavioral2/memory/2572-708-0x00007FF611490000-0x00007FF6117E4000-memory.dmp	upx
behavioral2/memory/2492-704-0x00007FF6385C0000-0x00007FF638914000-memory.dmp	upx
behavioral2/memory/3180-717-0x00007FF6F1300000-0x00007FF6F1654000-memory.dmp	upx
behavioral2/memory/1864-739-0x00007FF7A4C80000-0x00007FF7A4FD4000-memory.dmp	upx
behavioral2/memory/3948-752-0x00007FF758350000-0x00007FF7586A4000-memory.dmp	upx
behavioral2/memory/2528-754-0x00007FF7A73F0000-0x00007FF7A7744000-memory.dmp	upx
behavioral2/memory/2396-769-0x00007FF61C7C0000-0x00007FF61CB14000-memory.dmp	upx
behavioral2/memory/3316-771-0x00007FF63F870000-0x00007FF63FBC4000-memory.dmp	upx
behavioral2/memory/3792-781-0x00007FF71B880000-0x00007FF71BBD4000-memory.dmp	upx
behavioral2/memory/4568-786-0x00007FF667BF0000-0x00007FF667F44000-memory.dmp	upx
behavioral2/memory/832-793-0x00007FF76CB60000-0x00007FF76CEB4000-memory.dmp	upx
behavioral2/memory/4508-794-0x00007FF764660000-0x00007FF7649B4000-memory.dmp	upx
behavioral2/memory/1184-796-0x00007FF662780000-0x00007FF662AD4000-memory.dmp	upx
behavioral2/memory/3456-777-0x00007FF72E220000-0x00007FF72E574000-memory.dmp	upx
behavioral2/memory/2264-774-0x00007FF7AF810000-0x00007FF7AFB64000-memory.dmp	upx
behavioral2/memory/2176-745-0x00007FF61E710000-0x00007FF61EA64000-memory.dmp	upx
behavioral2/memory/4444-727-0x00007FF6D8D10000-0x00007FF6D9064000-memory.dmp	upx
behavioral2/memory/3224-805-0x00007FF6603B0000-0x00007FF660704000-memory.dmp	upx
behavioral2/memory/1248-823-0x00007FF769F70000-0x00007FF76A2C4000-memory.dmp	upx
behavioral2/memory/2296-821-0x00007FF78C710000-0x00007FF78CA64000-memory.dmp	upx
behavioral2/memory/2260-829-0x00007FF685D20000-0x00007FF686074000-memory.dmp	upx
behavioral2/memory/4220-2156-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aGflQNZ.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\JRTpdEr.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\EXKTRNB.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\SIqJMmA.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\sOnqasX.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\ROBvmCV.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\OFaZXRl.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\qzjrxHV.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\dgtoXye.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\LJXohBD.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\NrUVIhu.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\CcsRYCz.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\lYKmufz.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\krLlebP.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\AnfMkAY.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\WDrnVBj.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\gomQnpU.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\ZEbFUsx.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\oqecgwY.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\uyYAwxU.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\hdlfxxr.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\EdHDjYg.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\qxpRbbW.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\BieFoNf.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\mDkQFUk.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\seUsLAW.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\UDapssH.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\SHvKoBb.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\FZDmZeW.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\MsqELQa.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\XoxrwkS.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\hZFfyIG.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\wZfiHvn.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\LjWjiXn.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\vLNdJTk.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\RedTYPv.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\ikYMPfS.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\eoKbFWO.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\IAZWQap.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\epVYtxK.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\JUONDzy.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\lJFgizG.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\YIBPqrP.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\SWZwtus.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\RyTHEOK.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\xSfAPLP.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\MyQcKAQ.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\RWAxxXW.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\EOHbwbS.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\VIDZPyQ.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\UiMEZcd.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\CZluirm.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\MByHgaf.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\UyVbdkp.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\rIwGHYy.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\mDBPPqG.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\UEYrnQs.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\PAXNoPF.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\SCoKwXm.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\mYmxopN.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\JCqLQMY.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\bKDhbRK.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\zksKCdN.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
File created	C:\Windows\System\pIEWdPi.exe	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13656	dwm.exe
Token: SeChangeNotifyPrivilege	13656	dwm.exe
Token: 33	13656	dwm.exe
Token: SeIncBasePriorityPrivilege	13656	dwm.exe
Token: SeShutdownPrivilege	13656	dwm.exe
Token: SeCreatePagefilePrivilege	13656	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 2128	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	83
PID 4220 wrote to memory of 2128	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	83
PID 4220 wrote to memory of 5084	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	84
PID 4220 wrote to memory of 5084	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	84
PID 4220 wrote to memory of 2192	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	85
PID 4220 wrote to memory of 2192	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	85
PID 4220 wrote to memory of 2504	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	86
PID 4220 wrote to memory of 2504	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	86
PID 4220 wrote to memory of 2260	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	87
PID 4220 wrote to memory of 2260	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	87
PID 4220 wrote to memory of 2412	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	88
PID 4220 wrote to memory of 2412	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	88
PID 4220 wrote to memory of 4092	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	89
PID 4220 wrote to memory of 4092	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	89
PID 4220 wrote to memory of 3248	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	90
PID 4220 wrote to memory of 3248	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	90
PID 4220 wrote to memory of 3804	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	91
PID 4220 wrote to memory of 3804	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	91
PID 4220 wrote to memory of 2492	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	92
PID 4220 wrote to memory of 2492	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	92
PID 4220 wrote to memory of 2572	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	93
PID 4220 wrote to memory of 2572	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	93
PID 4220 wrote to memory of 3180	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	94
PID 4220 wrote to memory of 3180	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	94
PID 4220 wrote to memory of 4444	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	95
PID 4220 wrote to memory of 4444	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	95
PID 4220 wrote to memory of 1864	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	96
PID 4220 wrote to memory of 1864	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	96
PID 4220 wrote to memory of 2176	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	97
PID 4220 wrote to memory of 2176	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	97
PID 4220 wrote to memory of 3948	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	98
PID 4220 wrote to memory of 3948	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	98
PID 4220 wrote to memory of 2528	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	99
PID 4220 wrote to memory of 2528	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	99
PID 4220 wrote to memory of 2396	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	100
PID 4220 wrote to memory of 2396	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	100
PID 4220 wrote to memory of 3316	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	101
PID 4220 wrote to memory of 3316	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	101
PID 4220 wrote to memory of 2264	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	102
PID 4220 wrote to memory of 2264	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	102
PID 4220 wrote to memory of 3456	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	103
PID 4220 wrote to memory of 3456	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	103
PID 4220 wrote to memory of 3792	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	104
PID 4220 wrote to memory of 3792	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	104
PID 4220 wrote to memory of 4568	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	105
PID 4220 wrote to memory of 4568	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	105
PID 4220 wrote to memory of 832	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	106
PID 4220 wrote to memory of 832	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	106
PID 4220 wrote to memory of 4508	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	107
PID 4220 wrote to memory of 4508	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	107
PID 4220 wrote to memory of 1184	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	108
PID 4220 wrote to memory of 1184	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	108
PID 4220 wrote to memory of 3224	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	109
PID 4220 wrote to memory of 3224	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	109
PID 4220 wrote to memory of 2296	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	110
PID 4220 wrote to memory of 2296	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	110
PID 4220 wrote to memory of 1248	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	111
PID 4220 wrote to memory of 1248	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	111
PID 4220 wrote to memory of 2972	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	112
PID 4220 wrote to memory of 2972	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	112
PID 4220 wrote to memory of 3496	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	113
PID 4220 wrote to memory of 3496	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	113
PID 4220 wrote to memory of 5092	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	114
PID 4220 wrote to memory of 5092	4220	2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe	114

C:\Users\Admin\AppData\Local\Temp\2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe
"C:\Users\Admin\AppData\Local\Temp\2da1c7c69b1dee20f665b3207aa897df656da5b3252ac6604b0c3ce7335cec04.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Windows\System\shyUxND.exe
  C:\Windows\System\shyUxND.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\nXfYzsx.exe
  C:\Windows\System\nXfYzsx.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\mDgPRBy.exe
  C:\Windows\System\mDgPRBy.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\WOjwROQ.exe
  C:\Windows\System\WOjwROQ.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\UEYrnQs.exe
  C:\Windows\System\UEYrnQs.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\TlYJczH.exe
  C:\Windows\System\TlYJczH.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\mHZGPqP.exe
  C:\Windows\System\mHZGPqP.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\CgKaFBZ.exe
  C:\Windows\System\CgKaFBZ.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\NKVwYXl.exe
  C:\Windows\System\NKVwYXl.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\BkaDHEB.exe
  C:\Windows\System\BkaDHEB.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\GKdvvCo.exe
  C:\Windows\System\GKdvvCo.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\emOTwqF.exe
  C:\Windows\System\emOTwqF.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\gVzXrxb.exe
  C:\Windows\System\gVzXrxb.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\uJyOyAB.exe
  C:\Windows\System\uJyOyAB.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\AfYJNdY.exe
  C:\Windows\System\AfYJNdY.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\UOHzhmO.exe
  C:\Windows\System\UOHzhmO.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\PAXNoPF.exe
  C:\Windows\System\PAXNoPF.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\wwNWNec.exe
  C:\Windows\System\wwNWNec.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\PqvjfQr.exe
  C:\Windows\System\PqvjfQr.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\qYuqUGL.exe
  C:\Windows\System\qYuqUGL.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\wQoACJS.exe
  C:\Windows\System\wQoACJS.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\QRclOMp.exe
  C:\Windows\System\QRclOMp.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\jMUTXFp.exe
  C:\Windows\System\jMUTXFp.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\MwgyKPz.exe
  C:\Windows\System\MwgyKPz.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\kGxYXeY.exe
  C:\Windows\System\kGxYXeY.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\CfAstoi.exe
  C:\Windows\System\CfAstoi.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\GbZGkdJ.exe
  C:\Windows\System\GbZGkdJ.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\LjWjiXn.exe
  C:\Windows\System\LjWjiXn.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\XwQrngi.exe
  C:\Windows\System\XwQrngi.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\prwoBLv.exe
  C:\Windows\System\prwoBLv.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\SktocXA.exe
  C:\Windows\System\SktocXA.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\YDtLKfQ.exe
  C:\Windows\System\YDtLKfQ.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\qVerncq.exe
  C:\Windows\System\qVerncq.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\hxBMWug.exe
  C:\Windows\System\hxBMWug.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\ogtURrw.exe
  C:\Windows\System\ogtURrw.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\xSfAPLP.exe
  C:\Windows\System\xSfAPLP.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\SIqJMmA.exe
  C:\Windows\System\SIqJMmA.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\ghRifoZ.exe
  C:\Windows\System\ghRifoZ.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\oYskiHj.exe
  C:\Windows\System\oYskiHj.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\AarMnqn.exe
  C:\Windows\System\AarMnqn.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\YSpdgOz.exe
  C:\Windows\System\YSpdgOz.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\xradYoW.exe
  C:\Windows\System\xradYoW.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\sOnqasX.exe
  C:\Windows\System\sOnqasX.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\vpAxeiB.exe
  C:\Windows\System\vpAxeiB.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\YIBPqrP.exe
  C:\Windows\System\YIBPqrP.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\btyDwzl.exe
  C:\Windows\System\btyDwzl.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\YtReoFv.exe
  C:\Windows\System\YtReoFv.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\mkBwWDC.exe
  C:\Windows\System\mkBwWDC.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\rqlZiSz.exe
  C:\Windows\System\rqlZiSz.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\GjdvRuO.exe
  C:\Windows\System\GjdvRuO.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\gJjmwxt.exe
  C:\Windows\System\gJjmwxt.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\UiMEZcd.exe
  C:\Windows\System\UiMEZcd.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\geItUjN.exe
  C:\Windows\System\geItUjN.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\GcODeRq.exe
  C:\Windows\System\GcODeRq.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\SDNIDhH.exe
  C:\Windows\System\SDNIDhH.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\gyfREzI.exe
  C:\Windows\System\gyfREzI.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\sdJHqyS.exe
  C:\Windows\System\sdJHqyS.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\FzgEJPJ.exe
  C:\Windows\System\FzgEJPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\McDjyZS.exe
  C:\Windows\System\McDjyZS.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\EdHDjYg.exe
  C:\Windows\System\EdHDjYg.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\YsQRCZl.exe
  C:\Windows\System\YsQRCZl.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\QHWnkJt.exe
  C:\Windows\System\QHWnkJt.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\gAbmIsO.exe
  C:\Windows\System\gAbmIsO.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\LjIqvGC.exe
  C:\Windows\System\LjIqvGC.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\eRWmwoT.exe
  C:\Windows\System\eRWmwoT.exe
  2⤵
  PID:4612
- C:\Windows\System\NtAjjOX.exe
  C:\Windows\System\NtAjjOX.exe
  2⤵
  PID:2696
- C:\Windows\System\SjvNakm.exe
  C:\Windows\System\SjvNakm.exe
  2⤵
  PID:3628
- C:\Windows\System\FzlzBuA.exe
  C:\Windows\System\FzlzBuA.exe
  2⤵
  PID:3112
- C:\Windows\System\PhBxraL.exe
  C:\Windows\System\PhBxraL.exe
  2⤵
  PID:3160
- C:\Windows\System\RoyOOat.exe
  C:\Windows\System\RoyOOat.exe
  2⤵
  PID:316
- C:\Windows\System\Fjtvnyf.exe
  C:\Windows\System\Fjtvnyf.exe
  2⤵
  PID:440
- C:\Windows\System\MsqELQa.exe
  C:\Windows\System\MsqELQa.exe
  2⤵
  PID:2804
- C:\Windows\System\duVipAb.exe
  C:\Windows\System\duVipAb.exe
  2⤵
  PID:4764
- C:\Windows\System\iNEjgTl.exe
  C:\Windows\System\iNEjgTl.exe
  2⤵
  PID:2856
- C:\Windows\System\QnFDRzW.exe
  C:\Windows\System\QnFDRzW.exe
  2⤵
  PID:3228
- C:\Windows\System\rsnpuOp.exe
  C:\Windows\System\rsnpuOp.exe
  2⤵
  PID:3208
- C:\Windows\System\vREPXsz.exe
  C:\Windows\System\vREPXsz.exe
  2⤵
  PID:4364
- C:\Windows\System\WDrnVBj.exe
  C:\Windows\System\WDrnVBj.exe
  2⤵
  PID:3664
- C:\Windows\System\PxaIgqe.exe
  C:\Windows\System\PxaIgqe.exe
  2⤵
  PID:2180
- C:\Windows\System\FMZVmZn.exe
  C:\Windows\System\FMZVmZn.exe
  2⤵
  PID:4572
- C:\Windows\System\XTrTXBg.exe
  C:\Windows\System\XTrTXBg.exe
  2⤵
  PID:4360
- C:\Windows\System\OmItsby.exe
  C:\Windows\System\OmItsby.exe
  2⤵
  PID:3188
- C:\Windows\System\KUbyFIe.exe
  C:\Windows\System\KUbyFIe.exe
  2⤵
  PID:3448
- C:\Windows\System\BZqTTvL.exe
  C:\Windows\System\BZqTTvL.exe
  2⤵
  PID:2364
- C:\Windows\System\vrvuMtN.exe
  C:\Windows\System\vrvuMtN.exe
  2⤵
  PID:5152
- C:\Windows\System\rGWmofW.exe
  C:\Windows\System\rGWmofW.exe
  2⤵
  PID:5180
- C:\Windows\System\gomQnpU.exe
  C:\Windows\System\gomQnpU.exe
  2⤵
  PID:5208
- C:\Windows\System\izvoHGZ.exe
  C:\Windows\System\izvoHGZ.exe
  2⤵
  PID:5232
- C:\Windows\System\cCmrgrh.exe
  C:\Windows\System\cCmrgrh.exe
  2⤵
  PID:5264
- C:\Windows\System\vLNdJTk.exe
  C:\Windows\System\vLNdJTk.exe
  2⤵
  PID:5288
- C:\Windows\System\ZkUPyqR.exe
  C:\Windows\System\ZkUPyqR.exe
  2⤵
  PID:5316
- C:\Windows\System\vZEuxDr.exe
  C:\Windows\System\vZEuxDr.exe
  2⤵
  PID:5344
- C:\Windows\System\jzXANvD.exe
  C:\Windows\System\jzXANvD.exe
  2⤵
  PID:5376
- C:\Windows\System\XJSdBEg.exe
  C:\Windows\System\XJSdBEg.exe
  2⤵
  PID:5404
- C:\Windows\System\XtIvcjd.exe
  C:\Windows\System\XtIvcjd.exe
  2⤵
  PID:5432
- C:\Windows\System\tToRYOU.exe
  C:\Windows\System\tToRYOU.exe
  2⤵
  PID:5460
- C:\Windows\System\iMNnkey.exe
  C:\Windows\System\iMNnkey.exe
  2⤵
  PID:5488
- C:\Windows\System\OfhRxZm.exe
  C:\Windows\System\OfhRxZm.exe
  2⤵
  PID:5512
- C:\Windows\System\kpzMeTw.exe
  C:\Windows\System\kpzMeTw.exe
  2⤵
  PID:5544
- C:\Windows\System\ayfeCbK.exe
  C:\Windows\System\ayfeCbK.exe
  2⤵
  PID:5576
- C:\Windows\System\KcMImTl.exe
  C:\Windows\System\KcMImTl.exe
  2⤵
  PID:5600
- C:\Windows\System\PotUITi.exe
  C:\Windows\System\PotUITi.exe
  2⤵
  PID:5628
- C:\Windows\System\dGxAqCf.exe
  C:\Windows\System\dGxAqCf.exe
  2⤵
  PID:5656
- C:\Windows\System\RuuFMnI.exe
  C:\Windows\System\RuuFMnI.exe
  2⤵
  PID:5684
- C:\Windows\System\IkhUJNe.exe
  C:\Windows\System\IkhUJNe.exe
  2⤵
  PID:5712
- C:\Windows\System\KStdqSs.exe
  C:\Windows\System\KStdqSs.exe
  2⤵
  PID:5736
- C:\Windows\System\XtvOBYv.exe
  C:\Windows\System\XtvOBYv.exe
  2⤵
  PID:5768
- C:\Windows\System\XoxrwkS.exe
  C:\Windows\System\XoxrwkS.exe
  2⤵
  PID:5796
- C:\Windows\System\ikMaFfj.exe
  C:\Windows\System\ikMaFfj.exe
  2⤵
  PID:5824
- C:\Windows\System\CUHjXeU.exe
  C:\Windows\System\CUHjXeU.exe
  2⤵
  PID:5848
- C:\Windows\System\ROBvmCV.exe
  C:\Windows\System\ROBvmCV.exe
  2⤵
  PID:5876
- C:\Windows\System\UgcHcWB.exe
  C:\Windows\System\UgcHcWB.exe
  2⤵
  PID:5908
- C:\Windows\System\ZEbFUsx.exe
  C:\Windows\System\ZEbFUsx.exe
  2⤵
  PID:5936
- C:\Windows\System\ABvRTxV.exe
  C:\Windows\System\ABvRTxV.exe
  2⤵
  PID:5960
- C:\Windows\System\KPmkRXd.exe
  C:\Windows\System\KPmkRXd.exe
  2⤵
  PID:5992
- C:\Windows\System\szmTiac.exe
  C:\Windows\System\szmTiac.exe
  2⤵
  PID:6020
- C:\Windows\System\ebkAPXG.exe
  C:\Windows\System\ebkAPXG.exe
  2⤵
  PID:6048
- C:\Windows\System\vZuZvUJ.exe
  C:\Windows\System\vZuZvUJ.exe
  2⤵
  PID:6072
- C:\Windows\System\HUzRgwv.exe
  C:\Windows\System\HUzRgwv.exe
  2⤵
  PID:6104
- C:\Windows\System\IhYeMEO.exe
  C:\Windows\System\IhYeMEO.exe
  2⤵
  PID:6132
- C:\Windows\System\HLuOxBt.exe
  C:\Windows\System\HLuOxBt.exe
  2⤵
  PID:1008
- C:\Windows\System\bKDhbRK.exe
  C:\Windows\System\bKDhbRK.exe
  2⤵
  PID:4428
- C:\Windows\System\QnvAhmQ.exe
  C:\Windows\System\QnvAhmQ.exe
  2⤵
  PID:3432
- C:\Windows\System\EoFdPyw.exe
  C:\Windows\System\EoFdPyw.exe
  2⤵
  PID:2232
- C:\Windows\System\XTGEodD.exe
  C:\Windows\System\XTGEodD.exe
  2⤵
  PID:3300
- C:\Windows\System\mDkQFUk.exe
  C:\Windows\System\mDkQFUk.exe
  2⤵
  PID:2248
- C:\Windows\System\WoMfzsu.exe
  C:\Windows\System\WoMfzsu.exe
  2⤵
  PID:3084
- C:\Windows\System\hFBdfnl.exe
  C:\Windows\System\hFBdfnl.exe
  2⤵
  PID:4884
- C:\Windows\System\HsKTDbC.exe
  C:\Windows\System\HsKTDbC.exe
  2⤵
  PID:5144
- C:\Windows\System\lQYDWqd.exe
  C:\Windows\System\lQYDWqd.exe
  2⤵
  PID:5224
- C:\Windows\System\AMgjThS.exe
  C:\Windows\System\AMgjThS.exe
  2⤵
  PID:5280
- C:\Windows\System\TuXDznh.exe
  C:\Windows\System\TuXDznh.exe
  2⤵
  PID:5332
- C:\Windows\System\bboyyOD.exe
  C:\Windows\System\bboyyOD.exe
  2⤵
  PID:5392
- C:\Windows\System\ieUyxKF.exe
  C:\Windows\System\ieUyxKF.exe
  2⤵
  PID:5452
- C:\Windows\System\ipOjzLc.exe
  C:\Windows\System\ipOjzLc.exe
  2⤵
  PID:5528
- C:\Windows\System\vgcPNDP.exe
  C:\Windows\System\vgcPNDP.exe
  2⤵
  PID:5584
- C:\Windows\System\JBhpKWX.exe
  C:\Windows\System\JBhpKWX.exe
  2⤵
  PID:5644
- C:\Windows\System\PewoAQd.exe
  C:\Windows\System\PewoAQd.exe
  2⤵
  PID:5704
- C:\Windows\System\nYPQuWs.exe
  C:\Windows\System\nYPQuWs.exe
  2⤵
  PID:5780
- C:\Windows\System\bphLJDf.exe
  C:\Windows\System\bphLJDf.exe
  2⤵
  PID:5840
- C:\Windows\System\YRDJKxP.exe
  C:\Windows\System\YRDJKxP.exe
  2⤵
  PID:5900
- C:\Windows\System\lkrOxOz.exe
  C:\Windows\System\lkrOxOz.exe
  2⤵
  PID:5980
- C:\Windows\System\RedTYPv.exe
  C:\Windows\System\RedTYPv.exe
  2⤵
  PID:6040
- C:\Windows\System\MSGNBjI.exe
  C:\Windows\System\MSGNBjI.exe
  2⤵
  PID:6096
- C:\Windows\System\ikYMPfS.exe
  C:\Windows\System\ikYMPfS.exe
  2⤵
  PID:2244
- C:\Windows\System\GguKOXB.exe
  C:\Windows\System\GguKOXB.exe
  2⤵
  PID:1348
- C:\Windows\System\iCBjWbR.exe
  C:\Windows\System\iCBjWbR.exe
  2⤵
  PID:3580
- C:\Windows\System\OFaZXRl.exe
  C:\Windows\System\OFaZXRl.exe
  2⤵
  PID:2524
- C:\Windows\System\eLwmpot.exe
  C:\Windows\System\eLwmpot.exe
  2⤵
  PID:5220
- C:\Windows\System\OvoikKl.exe
  C:\Windows\System\OvoikKl.exe
  2⤵
  PID:5364
- C:\Windows\System\ASkRFSJ.exe
  C:\Windows\System\ASkRFSJ.exe
  2⤵
  PID:6148
- C:\Windows\System\WKvczUL.exe
  C:\Windows\System\WKvczUL.exe
  2⤵
  PID:6176
- C:\Windows\System\vgvHfFh.exe
  C:\Windows\System\vgvHfFh.exe
  2⤵
  PID:6204
- C:\Windows\System\epVYtxK.exe
  C:\Windows\System\epVYtxK.exe
  2⤵
  PID:6236
- C:\Windows\System\SRpeTeZ.exe
  C:\Windows\System\SRpeTeZ.exe
  2⤵
  PID:6272
- C:\Windows\System\WJzkJgI.exe
  C:\Windows\System\WJzkJgI.exe
  2⤵
  PID:6300
- C:\Windows\System\cvdaHUk.exe
  C:\Windows\System\cvdaHUk.exe
  2⤵
  PID:6316
- C:\Windows\System\hhIhjNw.exe
  C:\Windows\System\hhIhjNw.exe
  2⤵
  PID:6344
- C:\Windows\System\fIHStbY.exe
  C:\Windows\System\fIHStbY.exe
  2⤵
  PID:6372
- C:\Windows\System\rEnQKyt.exe
  C:\Windows\System\rEnQKyt.exe
  2⤵
  PID:6400
- C:\Windows\System\VmDSWaA.exe
  C:\Windows\System\VmDSWaA.exe
  2⤵
  PID:6424
- C:\Windows\System\AvTgYnY.exe
  C:\Windows\System\AvTgYnY.exe
  2⤵
  PID:6456
- C:\Windows\System\YCjWaqt.exe
  C:\Windows\System\YCjWaqt.exe
  2⤵
  PID:6484
- C:\Windows\System\FMfXDAS.exe
  C:\Windows\System\FMfXDAS.exe
  2⤵
  PID:6512
- C:\Windows\System\jMxSfHL.exe
  C:\Windows\System\jMxSfHL.exe
  2⤵
  PID:6540
- C:\Windows\System\CZluirm.exe
  C:\Windows\System\CZluirm.exe
  2⤵
  PID:6568
- C:\Windows\System\mKyYnxa.exe
  C:\Windows\System\mKyYnxa.exe
  2⤵
  PID:6596
- C:\Windows\System\qzjrxHV.exe
  C:\Windows\System\qzjrxHV.exe
  2⤵
  PID:6624
- C:\Windows\System\IMFyIVn.exe
  C:\Windows\System\IMFyIVn.exe
  2⤵
  PID:6648
- C:\Windows\System\MByHgaf.exe
  C:\Windows\System\MByHgaf.exe
  2⤵
  PID:6680
- C:\Windows\System\uEeworr.exe
  C:\Windows\System\uEeworr.exe
  2⤵
  PID:6708
- C:\Windows\System\HSCIQDp.exe
  C:\Windows\System\HSCIQDp.exe
  2⤵
  PID:6736
- C:\Windows\System\tRuvIiY.exe
  C:\Windows\System\tRuvIiY.exe
  2⤵
  PID:6764
- C:\Windows\System\NjDekNB.exe
  C:\Windows\System\NjDekNB.exe
  2⤵
  PID:6792
- C:\Windows\System\oqecgwY.exe
  C:\Windows\System\oqecgwY.exe
  2⤵
  PID:6820
- C:\Windows\System\PQeQtcv.exe
  C:\Windows\System\PQeQtcv.exe
  2⤵
  PID:6848
- C:\Windows\System\dgtoXye.exe
  C:\Windows\System\dgtoXye.exe
  2⤵
  PID:6876
- C:\Windows\System\CfwQUzg.exe
  C:\Windows\System\CfwQUzg.exe
  2⤵
  PID:6904
- C:\Windows\System\sibomHU.exe
  C:\Windows\System\sibomHU.exe
  2⤵
  PID:6928
- C:\Windows\System\kKQytsF.exe
  C:\Windows\System\kKQytsF.exe
  2⤵
  PID:6960
- C:\Windows\System\XiiNaFs.exe
  C:\Windows\System\XiiNaFs.exe
  2⤵
  PID:6992
- C:\Windows\System\MBujtLH.exe
  C:\Windows\System\MBujtLH.exe
  2⤵
  PID:7016
- C:\Windows\System\rHduKAh.exe
  C:\Windows\System\rHduKAh.exe
  2⤵
  PID:7044
- C:\Windows\System\SpUFAfA.exe
  C:\Windows\System\SpUFAfA.exe
  2⤵
  PID:7072
- C:\Windows\System\aGflQNZ.exe
  C:\Windows\System\aGflQNZ.exe
  2⤵
  PID:7100
- C:\Windows\System\rtrZMuy.exe
  C:\Windows\System\rtrZMuy.exe
  2⤵
  PID:7124
- C:\Windows\System\duWcHST.exe
  C:\Windows\System\duWcHST.exe
  2⤵
  PID:7152
- C:\Windows\System\ahAvklr.exe
  C:\Windows\System\ahAvklr.exe
  2⤵
  PID:5564
- C:\Windows\System\enHluvY.exe
  C:\Windows\System\enHluvY.exe
  2⤵
  PID:5752
- C:\Windows\System\vZllvPl.exe
  C:\Windows\System\vZllvPl.exe
  2⤵
  PID:5892
- C:\Windows\System\MyQcKAQ.exe
  C:\Windows\System\MyQcKAQ.exe
  2⤵
  PID:6012
- C:\Windows\System\nAwViLA.exe
  C:\Windows\System\nAwViLA.exe
  2⤵
  PID:1508
- C:\Windows\System\PKXYgfr.exe
  C:\Windows\System\PKXYgfr.exe
  2⤵
  PID:4484
- C:\Windows\System\yzNJQGj.exe
  C:\Windows\System\yzNJQGj.exe
  2⤵
  PID:5308
- C:\Windows\System\PCcsyhr.exe
  C:\Windows\System\PCcsyhr.exe
  2⤵
  PID:4492
- C:\Windows\System\QMpGacN.exe
  C:\Windows\System\QMpGacN.exe
  2⤵
  PID:6252
- C:\Windows\System\FJiUlVm.exe
  C:\Windows\System\FJiUlVm.exe
  2⤵
  PID:6308
- C:\Windows\System\LyuVCWs.exe
  C:\Windows\System\LyuVCWs.exe
  2⤵
  PID:6364
- C:\Windows\System\CCHWdRo.exe
  C:\Windows\System\CCHWdRo.exe
  2⤵
  PID:6440
- C:\Windows\System\zBIctbF.exe
  C:\Windows\System\zBIctbF.exe
  2⤵
  PID:2500
- C:\Windows\System\UyVbdkp.exe
  C:\Windows\System\UyVbdkp.exe
  2⤵
  PID:1468
- C:\Windows\System\ComrfoR.exe
  C:\Windows\System\ComrfoR.exe
  2⤵
  PID:6612
- C:\Windows\System\opSDCpS.exe
  C:\Windows\System\opSDCpS.exe
  2⤵
  PID:6672
- C:\Windows\System\rQCUZwj.exe
  C:\Windows\System\rQCUZwj.exe
  2⤵
  PID:6748
- C:\Windows\System\uyYAwxU.exe
  C:\Windows\System\uyYAwxU.exe
  2⤵
  PID:6808
- C:\Windows\System\rIwGHYy.exe
  C:\Windows\System\rIwGHYy.exe
  2⤵
  PID:6864
- C:\Windows\System\aNoliZC.exe
  C:\Windows\System\aNoliZC.exe
  2⤵
  PID:6924
- C:\Windows\System\vNIvcss.exe
  C:\Windows\System\vNIvcss.exe
  2⤵
  PID:620
- C:\Windows\System\UAQpkiF.exe
  C:\Windows\System\UAQpkiF.exe
  2⤵
  PID:4908
- C:\Windows\System\HOCMbqV.exe
  C:\Windows\System\HOCMbqV.exe
  2⤵
  PID:2448
- C:\Windows\System\MRtqOdB.exe
  C:\Windows\System\MRtqOdB.exe
  2⤵
  PID:1784
- C:\Windows\System\fPbxwHR.exe
  C:\Windows\System\fPbxwHR.exe
  2⤵
  PID:3744
- C:\Windows\System\fXvbWuA.exe
  C:\Windows\System\fXvbWuA.exe
  2⤵
  PID:5172
- C:\Windows\System\UOuFclS.exe
  C:\Windows\System\UOuFclS.exe
  2⤵
  PID:4020
- C:\Windows\System\zvCKUgo.exe
  C:\Windows\System\zvCKUgo.exe
  2⤵
  PID:6216
- C:\Windows\System\uumpWIh.exe
  C:\Windows\System\uumpWIh.exe
  2⤵
  PID:6264
- C:\Windows\System\wZANfPu.exe
  C:\Windows\System\wZANfPu.exe
  2⤵
  PID:6356
- C:\Windows\System\qXLowxt.exe
  C:\Windows\System\qXLowxt.exe
  2⤵
  PID:6468
- C:\Windows\System\waZWjlF.exe
  C:\Windows\System\waZWjlF.exe
  2⤵
  PID:6580
- C:\Windows\System\AohaHFA.exe
  C:\Windows\System\AohaHFA.exe
  2⤵
  PID:6588
- C:\Windows\System\GfIGgjK.exe
  C:\Windows\System\GfIGgjK.exe
  2⤵
  PID:6664
- C:\Windows\System\qdlalnq.exe
  C:\Windows\System\qdlalnq.exe
  2⤵
  PID:4684
- C:\Windows\System\FixIqoW.exe
  C:\Windows\System\FixIqoW.exe
  2⤵
  PID:3548
- C:\Windows\System\lpTtqyq.exe
  C:\Windows\System\lpTtqyq.exe
  2⤵
  PID:748
- C:\Windows\System\njiliSM.exe
  C:\Windows\System\njiliSM.exe
  2⤵
  PID:7032
- C:\Windows\System\PKUJCbO.exe
  C:\Windows\System\PKUJCbO.exe
  2⤵
  PID:7140
- C:\Windows\System\JkSNJjx.exe
  C:\Windows\System\JkSNJjx.exe
  2⤵
  PID:5696
- C:\Windows\System\YJzDgiB.exe
  C:\Windows\System\YJzDgiB.exe
  2⤵
  PID:6160
- C:\Windows\System\FYbELRx.exe
  C:\Windows\System\FYbELRx.exe
  2⤵
  PID:3156
- C:\Windows\System\wxNQZEr.exe
  C:\Windows\System\wxNQZEr.exe
  2⤵
  PID:6476
- C:\Windows\System\KwLPVFf.exe
  C:\Windows\System\KwLPVFf.exe
  2⤵
  PID:6584
- C:\Windows\System\pcKfBtm.exe
  C:\Windows\System\pcKfBtm.exe
  2⤵
  PID:6916
- C:\Windows\System\mDBPPqG.exe
  C:\Windows\System\mDBPPqG.exe
  2⤵
  PID:6988
- C:\Windows\System\UttThxt.exe
  C:\Windows\System\UttThxt.exe
  2⤵
  PID:5504
- C:\Windows\System\jITwVQM.exe
  C:\Windows\System\jITwVQM.exe
  2⤵
  PID:1428
- C:\Windows\System\aPAdRKO.exe
  C:\Windows\System\aPAdRKO.exe
  2⤵
  PID:7172
- C:\Windows\System\dqmhGfU.exe
  C:\Windows\System\dqmhGfU.exe
  2⤵
  PID:7200
- C:\Windows\System\KgEVOdd.exe
  C:\Windows\System\KgEVOdd.exe
  2⤵
  PID:7240
- C:\Windows\System\HMLEZuG.exe
  C:\Windows\System\HMLEZuG.exe
  2⤵
  PID:7320
- C:\Windows\System\TJFyGwm.exe
  C:\Windows\System\TJFyGwm.exe
  2⤵
  PID:7340
- C:\Windows\System\pkELCaU.exe
  C:\Windows\System\pkELCaU.exe
  2⤵
  PID:7356
- C:\Windows\System\WOLpNjr.exe
  C:\Windows\System\WOLpNjr.exe
  2⤵
  PID:7408
- C:\Windows\System\gFihuyM.exe
  C:\Windows\System\gFihuyM.exe
  2⤵
  PID:7424
- C:\Windows\System\qUaZEag.exe
  C:\Windows\System\qUaZEag.exe
  2⤵
  PID:7440
- C:\Windows\System\UkOncSu.exe
  C:\Windows\System\UkOncSu.exe
  2⤵
  PID:7472
- C:\Windows\System\UDSURfv.exe
  C:\Windows\System\UDSURfv.exe
  2⤵
  PID:7528
- C:\Windows\System\BRvqysd.exe
  C:\Windows\System\BRvqysd.exe
  2⤵
  PID:7616
- C:\Windows\System\hOCZaEi.exe
  C:\Windows\System\hOCZaEi.exe
  2⤵
  PID:7632
- C:\Windows\System\ndEUpyI.exe
  C:\Windows\System\ndEUpyI.exe
  2⤵
  PID:7648
- C:\Windows\System\fFOGpWC.exe
  C:\Windows\System\fFOGpWC.exe
  2⤵
  PID:7664
- C:\Windows\System\fiOJBAV.exe
  C:\Windows\System\fiOJBAV.exe
  2⤵
  PID:7688
- C:\Windows\System\oiStyEc.exe
  C:\Windows\System\oiStyEc.exe
  2⤵
  PID:7704
- C:\Windows\System\jghcCoO.exe
  C:\Windows\System\jghcCoO.exe
  2⤵
  PID:7728
- C:\Windows\System\gxPJqLs.exe
  C:\Windows\System\gxPJqLs.exe
  2⤵
  PID:7748
- C:\Windows\System\cgVYOih.exe
  C:\Windows\System\cgVYOih.exe
  2⤵
  PID:7820
- C:\Windows\System\GfKjgyD.exe
  C:\Windows\System\GfKjgyD.exe
  2⤵
  PID:7852
- C:\Windows\System\binlebW.exe
  C:\Windows\System\binlebW.exe
  2⤵
  PID:7876
- C:\Windows\System\vPkohvh.exe
  C:\Windows\System\vPkohvh.exe
  2⤵
  PID:7912
- C:\Windows\System\LMBWpAA.exe
  C:\Windows\System\LMBWpAA.exe
  2⤵
  PID:7928
- C:\Windows\System\tUIUFun.exe
  C:\Windows\System\tUIUFun.exe
  2⤵
  PID:7964
- C:\Windows\System\fQVvqCa.exe
  C:\Windows\System\fQVvqCa.exe
  2⤵
  PID:8032
- C:\Windows\System\eVYFDLo.exe
  C:\Windows\System\eVYFDLo.exe
  2⤵
  PID:8056
- C:\Windows\System\SCoKwXm.exe
  C:\Windows\System\SCoKwXm.exe
  2⤵
  PID:8076
- C:\Windows\System\YTfrAPy.exe
  C:\Windows\System\YTfrAPy.exe
  2⤵
  PID:8108
- C:\Windows\System\KqNUtPB.exe
  C:\Windows\System\KqNUtPB.exe
  2⤵
  PID:8136
- C:\Windows\System\tKrjpOG.exe
  C:\Windows\System\tKrjpOG.exe
  2⤵
  PID:8164
- C:\Windows\System\RfQLVVE.exe
  C:\Windows\System\RfQLVVE.exe
  2⤵
  PID:6336
- C:\Windows\System\xKcgaul.exe
  C:\Windows\System\xKcgaul.exe
  2⤵
  PID:6724
- C:\Windows\System\sArBhwR.exe
  C:\Windows\System\sArBhwR.exe
  2⤵
  PID:7252
- C:\Windows\System\AWNpNOO.exe
  C:\Windows\System\AWNpNOO.exe
  2⤵
  PID:3352
- C:\Windows\System\CTHzZnS.exe
  C:\Windows\System\CTHzZnS.exe
  2⤵
  PID:7316
- C:\Windows\System\sxxmSMi.exe
  C:\Windows\System\sxxmSMi.exe
  2⤵
  PID:7332
- C:\Windows\System\NDtiOWj.exe
  C:\Windows\System\NDtiOWj.exe
  2⤵
  PID:7196
- C:\Windows\System\xNkgfco.exe
  C:\Windows\System\xNkgfco.exe
  2⤵
  PID:7452
- C:\Windows\System\aFPmNZd.exe
  C:\Windows\System\aFPmNZd.exe
  2⤵
  PID:7520
- C:\Windows\System\AszCOGr.exe
  C:\Windows\System\AszCOGr.exe
  2⤵
  PID:7684
- C:\Windows\System\hVMuJuo.exe
  C:\Windows\System\hVMuJuo.exe
  2⤵
  PID:7700
- C:\Windows\System\uQgtSRF.exe
  C:\Windows\System\uQgtSRF.exe
  2⤵
  PID:7764
- C:\Windows\System\ZWEOUKZ.exe
  C:\Windows\System\ZWEOUKZ.exe
  2⤵
  PID:7780
- C:\Windows\System\wnzEoLL.exe
  C:\Windows\System\wnzEoLL.exe
  2⤵
  PID:7844
- C:\Windows\System\tBikFyG.exe
  C:\Windows\System\tBikFyG.exe
  2⤵
  PID:7904
- C:\Windows\System\bpCqfML.exe
  C:\Windows\System\bpCqfML.exe
  2⤵
  PID:7948
- C:\Windows\System\CRSwumG.exe
  C:\Windows\System\CRSwumG.exe
  2⤵
  PID:8024
- C:\Windows\System\lmkYFXa.exe
  C:\Windows\System\lmkYFXa.exe
  2⤵
  PID:8152
- C:\Windows\System\NEyTsij.exe
  C:\Windows\System\NEyTsij.exe
  2⤵
  PID:5500
- C:\Windows\System\BHjONRa.exe
  C:\Windows\System\BHjONRa.exe
  2⤵
  PID:7008
- C:\Windows\System\njgmJGJ.exe
  C:\Windows\System\njgmJGJ.exe
  2⤵
  PID:7388
- C:\Windows\System\dKNXOUP.exe
  C:\Windows\System\dKNXOUP.exe
  2⤵
  PID:7456
- C:\Windows\System\ECEsmze.exe
  C:\Windows\System\ECEsmze.exe
  2⤵
  PID:7624
- C:\Windows\System\bXeraaE.exe
  C:\Windows\System\bXeraaE.exe
  2⤵
  PID:7696
- C:\Windows\System\QvayPbW.exe
  C:\Windows\System\QvayPbW.exe
  2⤵
  PID:1680
- C:\Windows\System\WtPwGwa.exe
  C:\Windows\System\WtPwGwa.exe
  2⤵
  PID:8120
- C:\Windows\System\smolOGT.exe
  C:\Windows\System\smolOGT.exe
  2⤵
  PID:7352
- C:\Windows\System\ZMhxthD.exe
  C:\Windows\System\ZMhxthD.exe
  2⤵
  PID:1380
- C:\Windows\System\ZRMGAGp.exe
  C:\Windows\System\ZRMGAGp.exe
  2⤵
  PID:7720
- C:\Windows\System\ZWrhjNw.exe
  C:\Windows\System\ZWrhjNw.exe
  2⤵
  PID:8088
- C:\Windows\System\wsCVTzf.exe
  C:\Windows\System\wsCVTzf.exe
  2⤵
  PID:2212
- C:\Windows\System\oSzUBLo.exe
  C:\Windows\System\oSzUBLo.exe
  2⤵
  PID:7604
- C:\Windows\System\RASJeAk.exe
  C:\Windows\System\RASJeAk.exe
  2⤵
  PID:8204
- C:\Windows\System\MimmOCZ.exe
  C:\Windows\System\MimmOCZ.exe
  2⤵
  PID:8244
- C:\Windows\System\rwFJmzl.exe
  C:\Windows\System\rwFJmzl.exe
  2⤵
  PID:8272
- C:\Windows\System\nPJYdGO.exe
  C:\Windows\System\nPJYdGO.exe
  2⤵
  PID:8312
- C:\Windows\System\JmUIelm.exe
  C:\Windows\System\JmUIelm.exe
  2⤵
  PID:8340
- C:\Windows\System\orPylva.exe
  C:\Windows\System\orPylva.exe
  2⤵
  PID:8360
- C:\Windows\System\kyCSryV.exe
  C:\Windows\System\kyCSryV.exe
  2⤵
  PID:8384
- C:\Windows\System\SlQUgtr.exe
  C:\Windows\System\SlQUgtr.exe
  2⤵
  PID:8408
- C:\Windows\System\JRTpdEr.exe
  C:\Windows\System\JRTpdEr.exe
  2⤵
  PID:8436
- C:\Windows\System\skNfpWu.exe
  C:\Windows\System\skNfpWu.exe
  2⤵
  PID:8456
- C:\Windows\System\GQozdeU.exe
  C:\Windows\System\GQozdeU.exe
  2⤵
  PID:8476
- C:\Windows\System\qguGNbx.exe
  C:\Windows\System\qguGNbx.exe
  2⤵
  PID:8500
- C:\Windows\System\jityCsY.exe
  C:\Windows\System\jityCsY.exe
  2⤵
  PID:8532
- C:\Windows\System\tnNHUNd.exe
  C:\Windows\System\tnNHUNd.exe
  2⤵
  PID:8556
- C:\Windows\System\HeSOvvk.exe
  C:\Windows\System\HeSOvvk.exe
  2⤵
  PID:8572
- C:\Windows\System\RGjgJoX.exe
  C:\Windows\System\RGjgJoX.exe
  2⤵
  PID:8600
- C:\Windows\System\OThXmUT.exe
  C:\Windows\System\OThXmUT.exe
  2⤵
  PID:8620
- C:\Windows\System\hdlfxxr.exe
  C:\Windows\System\hdlfxxr.exe
  2⤵
  PID:8684
- C:\Windows\System\wZOkmwn.exe
  C:\Windows\System\wZOkmwn.exe
  2⤵
  PID:8712
- C:\Windows\System\vMdFGkN.exe
  C:\Windows\System\vMdFGkN.exe
  2⤵
  PID:8740
- C:\Windows\System\wryfQcn.exe
  C:\Windows\System\wryfQcn.exe
  2⤵
  PID:8776
- C:\Windows\System\TTdaVIm.exe
  C:\Windows\System\TTdaVIm.exe
  2⤵
  PID:8804
- C:\Windows\System\GIIutII.exe
  C:\Windows\System\GIIutII.exe
  2⤵
  PID:8828
- C:\Windows\System\eAeFWIX.exe
  C:\Windows\System\eAeFWIX.exe
  2⤵
  PID:8852
- C:\Windows\System\AHFJjZo.exe
  C:\Windows\System\AHFJjZo.exe
  2⤵
  PID:8884
- C:\Windows\System\YTGiyVi.exe
  C:\Windows\System\YTGiyVi.exe
  2⤵
  PID:8916
- C:\Windows\System\nIbtbne.exe
  C:\Windows\System\nIbtbne.exe
  2⤵
  PID:8944
- C:\Windows\System\VniAexr.exe
  C:\Windows\System\VniAexr.exe
  2⤵
  PID:8968
- C:\Windows\System\xRVpDSi.exe
  C:\Windows\System\xRVpDSi.exe
  2⤵
  PID:9008
- C:\Windows\System\jZHHDdT.exe
  C:\Windows\System\jZHHDdT.exe
  2⤵
  PID:9024
- C:\Windows\System\gBSFqyH.exe
  C:\Windows\System\gBSFqyH.exe
  2⤵
  PID:9056
- C:\Windows\System\qxpRbbW.exe
  C:\Windows\System\qxpRbbW.exe
  2⤵
  PID:9096
- C:\Windows\System\AuRBUNj.exe
  C:\Windows\System\AuRBUNj.exe
  2⤵
  PID:9124
- C:\Windows\System\vrGRRge.exe
  C:\Windows\System\vrGRRge.exe
  2⤵
  PID:9152
- C:\Windows\System\IXAodJt.exe
  C:\Windows\System\IXAodJt.exe
  2⤵
  PID:9172
- C:\Windows\System\EXKTRNB.exe
  C:\Windows\System\EXKTRNB.exe
  2⤵
  PID:9196
- C:\Windows\System\yMmRMWF.exe
  C:\Windows\System\yMmRMWF.exe
  2⤵
  PID:3052
- C:\Windows\System\BpIDXyX.exe
  C:\Windows\System\BpIDXyX.exe
  2⤵
  PID:8232
- C:\Windows\System\lQZKNOf.exe
  C:\Windows\System\lQZKNOf.exe
  2⤵
  PID:8296
- C:\Windows\System\cFUJeMX.exe
  C:\Windows\System\cFUJeMX.exe
  2⤵
  PID:8328
- C:\Windows\System\ptTIksw.exe
  C:\Windows\System\ptTIksw.exe
  2⤵
  PID:8376
- C:\Windows\System\jkHShiM.exe
  C:\Windows\System\jkHShiM.exe
  2⤵
  PID:8420
- C:\Windows\System\kirXYlU.exe
  C:\Windows\System\kirXYlU.exe
  2⤵
  PID:8496
- C:\Windows\System\eoKbFWO.exe
  C:\Windows\System\eoKbFWO.exe
  2⤵
  PID:8564
- C:\Windows\System\XkiKphV.exe
  C:\Windows\System\XkiKphV.exe
  2⤵
  PID:8680
- C:\Windows\System\eJOtdNG.exe
  C:\Windows\System\eJOtdNG.exe
  2⤵
  PID:8764
- C:\Windows\System\VXLGHyY.exe
  C:\Windows\System\VXLGHyY.exe
  2⤵
  PID:8816
- C:\Windows\System\dcYpoqW.exe
  C:\Windows\System\dcYpoqW.exe
  2⤵
  PID:8824
- C:\Windows\System\ukibcKm.exe
  C:\Windows\System\ukibcKm.exe
  2⤵
  PID:8876
- C:\Windows\System\qySddee.exe
  C:\Windows\System\qySddee.exe
  2⤵
  PID:8952
- C:\Windows\System\tCSifbZ.exe
  C:\Windows\System\tCSifbZ.exe
  2⤵
  PID:3024
- C:\Windows\System\cLlNisx.exe
  C:\Windows\System\cLlNisx.exe
  2⤵
  PID:9092
- C:\Windows\System\RyvrBAb.exe
  C:\Windows\System\RyvrBAb.exe
  2⤵
  PID:9168
- C:\Windows\System\Odlktpw.exe
  C:\Windows\System\Odlktpw.exe
  2⤵
  PID:9212
- C:\Windows\System\wkbOwUn.exe
  C:\Windows\System\wkbOwUn.exe
  2⤵
  PID:8292
- C:\Windows\System\xkvjWMH.exe
  C:\Windows\System\xkvjWMH.exe
  2⤵
  PID:8488
- C:\Windows\System\IiBAsuz.exe
  C:\Windows\System\IiBAsuz.exe
  2⤵
  PID:8672
- C:\Windows\System\jDoEeLt.exe
  C:\Windows\System\jDoEeLt.exe
  2⤵
  PID:8800
- C:\Windows\System\obPbBVR.exe
  C:\Windows\System\obPbBVR.exe
  2⤵
  PID:8860
- C:\Windows\System\BZRpizB.exe
  C:\Windows\System\BZRpizB.exe
  2⤵
  PID:9076
- C:\Windows\System\sZNBNDW.exe
  C:\Windows\System\sZNBNDW.exe
  2⤵
  PID:9136
- C:\Windows\System\CRPIGJd.exe
  C:\Windows\System\CRPIGJd.exe
  2⤵
  PID:1176
- C:\Windows\System\tEGKRFa.exe
  C:\Windows\System\tEGKRFa.exe
  2⤵
  PID:8348
- C:\Windows\System\hXGzQrG.exe
  C:\Windows\System\hXGzQrG.exe
  2⤵
  PID:8768
- C:\Windows\System\xVgsuHJ.exe
  C:\Windows\System\xVgsuHJ.exe
  2⤵
  PID:8908
- C:\Windows\System\tAfCZbL.exe
  C:\Windows\System\tAfCZbL.exe
  2⤵
  PID:8268
- C:\Windows\System\pbVHWtu.exe
  C:\Windows\System\pbVHWtu.exe
  2⤵
  PID:1332
- C:\Windows\System\fBenxXm.exe
  C:\Windows\System\fBenxXm.exe
  2⤵
  PID:9228
- C:\Windows\System\ytxLkUw.exe
  C:\Windows\System\ytxLkUw.exe
  2⤵
  PID:9256
- C:\Windows\System\rOzYEwt.exe
  C:\Windows\System\rOzYEwt.exe
  2⤵
  PID:9300
- C:\Windows\System\SWZwtus.exe
  C:\Windows\System\SWZwtus.exe
  2⤵
  PID:9328
- C:\Windows\System\wJfkHzy.exe
  C:\Windows\System\wJfkHzy.exe
  2⤵
  PID:9348
- C:\Windows\System\PdCVXMj.exe
  C:\Windows\System\PdCVXMj.exe
  2⤵
  PID:9372
- C:\Windows\System\dHvtHOx.exe
  C:\Windows\System\dHvtHOx.exe
  2⤵
  PID:9408
- C:\Windows\System\esxAhUa.exe
  C:\Windows\System\esxAhUa.exe
  2⤵
  PID:9428
- C:\Windows\System\EQLWyZW.exe
  C:\Windows\System\EQLWyZW.exe
  2⤵
  PID:9464
- C:\Windows\System\AxHBEmY.exe
  C:\Windows\System\AxHBEmY.exe
  2⤵
  PID:9484
- C:\Windows\System\StXzpMr.exe
  C:\Windows\System\StXzpMr.exe
  2⤵
  PID:9516
- C:\Windows\System\LJXohBD.exe
  C:\Windows\System\LJXohBD.exe
  2⤵
  PID:9540
- C:\Windows\System\jAqMopQ.exe
  C:\Windows\System\jAqMopQ.exe
  2⤵
  PID:9568
- C:\Windows\System\GkFQtMy.exe
  C:\Windows\System\GkFQtMy.exe
  2⤵
  PID:9608
- C:\Windows\System\ROIodWo.exe
  C:\Windows\System\ROIodWo.exe
  2⤵
  PID:9624
- C:\Windows\System\jnZWRuN.exe
  C:\Windows\System\jnZWRuN.exe
  2⤵
  PID:9664
- C:\Windows\System\SmbcQmI.exe
  C:\Windows\System\SmbcQmI.exe
  2⤵
  PID:9684
- C:\Windows\System\iSjfizA.exe
  C:\Windows\System\iSjfizA.exe
  2⤵
  PID:9708
- C:\Windows\System\kIKzOIu.exe
  C:\Windows\System\kIKzOIu.exe
  2⤵
  PID:9728
- C:\Windows\System\bhxGCiT.exe
  C:\Windows\System\bhxGCiT.exe
  2⤵
  PID:9764
- C:\Windows\System\yRVgdzW.exe
  C:\Windows\System\yRVgdzW.exe
  2⤵
  PID:9780
- C:\Windows\System\XfeqkVx.exe
  C:\Windows\System\XfeqkVx.exe
  2⤵
  PID:9796
- C:\Windows\System\vRpMQIo.exe
  C:\Windows\System\vRpMQIo.exe
  2⤵
  PID:9824
- C:\Windows\System\zIfrXlK.exe
  C:\Windows\System\zIfrXlK.exe
  2⤵
  PID:9892
- C:\Windows\System\CYoOdHA.exe
  C:\Windows\System\CYoOdHA.exe
  2⤵
  PID:9916
- C:\Windows\System\yajvwlg.exe
  C:\Windows\System\yajvwlg.exe
  2⤵
  PID:9944
- C:\Windows\System\mYmxopN.exe
  C:\Windows\System\mYmxopN.exe
  2⤵
  PID:9976
- C:\Windows\System\geeWwqY.exe
  C:\Windows\System\geeWwqY.exe
  2⤵
  PID:9992
- C:\Windows\System\YNORofz.exe
  C:\Windows\System\YNORofz.exe
  2⤵
  PID:10012
- C:\Windows\System\cRrxJSa.exe
  C:\Windows\System\cRrxJSa.exe
  2⤵
  PID:10048
- C:\Windows\System\werVIXY.exe
  C:\Windows\System\werVIXY.exe
  2⤵
  PID:10080
- C:\Windows\System\KyvVtdi.exe
  C:\Windows\System\KyvVtdi.exe
  2⤵
  PID:10104
- C:\Windows\System\DezGFoK.exe
  C:\Windows\System\DezGFoK.exe
  2⤵
  PID:10132
- C:\Windows\System\knRKJmf.exe
  C:\Windows\System\knRKJmf.exe
  2⤵
  PID:10156
- C:\Windows\System\cWxRQmA.exe
  C:\Windows\System\cWxRQmA.exe
  2⤵
  PID:10176
- C:\Windows\System\pQSiOvh.exe
  C:\Windows\System\pQSiOvh.exe
  2⤵
  PID:10204
- C:\Windows\System\pSiMESv.exe
  C:\Windows\System\pSiMESv.exe
  2⤵
  PID:10228
- C:\Windows\System\atFsyBs.exe
  C:\Windows\System\atFsyBs.exe
  2⤵
  PID:9240
- C:\Windows\System\hCsuKeW.exe
  C:\Windows\System\hCsuKeW.exe
  2⤵
  PID:9312
- C:\Windows\System\ABhVBio.exe
  C:\Windows\System\ABhVBio.exe
  2⤵
  PID:9388
- C:\Windows\System\iYwWlzV.exe
  C:\Windows\System\iYwWlzV.exe
  2⤵
  PID:9404
- C:\Windows\System\MNtdXVW.exe
  C:\Windows\System\MNtdXVW.exe
  2⤵
  PID:9532
- C:\Windows\System\mXDgyhg.exe
  C:\Windows\System\mXDgyhg.exe
  2⤵
  PID:9584
- C:\Windows\System\pwBoCmY.exe
  C:\Windows\System\pwBoCmY.exe
  2⤵
  PID:9644
- C:\Windows\System\IAZWQap.exe
  C:\Windows\System\IAZWQap.exe
  2⤵
  PID:9752
- C:\Windows\System\LLEIdpr.exe
  C:\Windows\System\LLEIdpr.exe
  2⤵
  PID:9832
- C:\Windows\System\JlFKaBo.exe
  C:\Windows\System\JlFKaBo.exe
  2⤵
  PID:9880
- C:\Windows\System\jEkHmuD.exe
  C:\Windows\System\jEkHmuD.exe
  2⤵
  PID:9924
- C:\Windows\System\DuLZowV.exe
  C:\Windows\System\DuLZowV.exe
  2⤵
  PID:9964
- C:\Windows\System\JUONDzy.exe
  C:\Windows\System\JUONDzy.exe
  2⤵
  PID:10020
- C:\Windows\System\dQUZTkq.exe
  C:\Windows\System\dQUZTkq.exe
  2⤵
  PID:10036
- C:\Windows\System\LwKwXuh.exe
  C:\Windows\System\LwKwXuh.exe
  2⤵
  PID:10088
- C:\Windows\System\jttMlEF.exe
  C:\Windows\System\jttMlEF.exe
  2⤵
  PID:9244
- C:\Windows\System\xyaAZHg.exe
  C:\Windows\System\xyaAZHg.exe
  2⤵
  PID:9364
- C:\Windows\System\nQFfaXO.exe
  C:\Windows\System\nQFfaXO.exe
  2⤵
  PID:9524
- C:\Windows\System\xWUyGHz.exe
  C:\Windows\System\xWUyGHz.exe
  2⤵
  PID:9748
- C:\Windows\System\sYWuQak.exe
  C:\Windows\System\sYWuQak.exe
  2⤵
  PID:9952
- C:\Windows\System\lLmnqNC.exe
  C:\Windows\System\lLmnqNC.exe
  2⤵
  PID:10008
- C:\Windows\System\kAEkLrX.exe
  C:\Windows\System\kAEkLrX.exe
  2⤵
  PID:10168
- C:\Windows\System\NvXOYXo.exe
  C:\Windows\System\NvXOYXo.exe
  2⤵
  PID:9224
- C:\Windows\System\gRIjOCx.exe
  C:\Windows\System\gRIjOCx.exe
  2⤵
  PID:9716
- C:\Windows\System\xPPctQl.exe
  C:\Windows\System\xPPctQl.exe
  2⤵
  PID:10144
- C:\Windows\System\yJVyFIi.exe
  C:\Windows\System\yJVyFIi.exe
  2⤵
  PID:9552
- C:\Windows\System\Nizepnj.exe
  C:\Windows\System\Nizepnj.exe
  2⤵
  PID:10264
- C:\Windows\System\KuDVOts.exe
  C:\Windows\System\KuDVOts.exe
  2⤵
  PID:10284
- C:\Windows\System\uMGOEEA.exe
  C:\Windows\System\uMGOEEA.exe
  2⤵
  PID:10320
- C:\Windows\System\CtBLKMk.exe
  C:\Windows\System\CtBLKMk.exe
  2⤵
  PID:10340
- C:\Windows\System\HdYSgPd.exe
  C:\Windows\System\HdYSgPd.exe
  2⤵
  PID:10364
- C:\Windows\System\PCUCFbG.exe
  C:\Windows\System\PCUCFbG.exe
  2⤵
  PID:10380
- C:\Windows\System\GaAAoXH.exe
  C:\Windows\System\GaAAoXH.exe
  2⤵
  PID:10412
- C:\Windows\System\NBGnGDP.exe
  C:\Windows\System\NBGnGDP.exe
  2⤵
  PID:10432
- C:\Windows\System\OdzDwhM.exe
  C:\Windows\System\OdzDwhM.exe
  2⤵
  PID:10452
- C:\Windows\System\NrbrdGM.exe
  C:\Windows\System\NrbrdGM.exe
  2⤵
  PID:10484
- C:\Windows\System\kgKlHUr.exe
  C:\Windows\System\kgKlHUr.exe
  2⤵
  PID:10516
- C:\Windows\System\JvAIJRi.exe
  C:\Windows\System\JvAIJRi.exe
  2⤵
  PID:10548
- C:\Windows\System\aUFpFkw.exe
  C:\Windows\System\aUFpFkw.exe
  2⤵
  PID:10568
- C:\Windows\System\XiEWSZV.exe
  C:\Windows\System\XiEWSZV.exe
  2⤵
  PID:10592
- C:\Windows\System\oaIxcet.exe
  C:\Windows\System\oaIxcet.exe
  2⤵
  PID:10660
- C:\Windows\System\oKLRLPr.exe
  C:\Windows\System\oKLRLPr.exe
  2⤵
  PID:10688
- C:\Windows\System\zBWhzTv.exe
  C:\Windows\System\zBWhzTv.exe
  2⤵
  PID:10716
- C:\Windows\System\nnpXeUa.exe
  C:\Windows\System\nnpXeUa.exe
  2⤵
  PID:10744
- C:\Windows\System\cPoZCmW.exe
  C:\Windows\System\cPoZCmW.exe
  2⤵
  PID:10772
- C:\Windows\System\XJWKpeJ.exe
  C:\Windows\System\XJWKpeJ.exe
  2⤵
  PID:10796
- C:\Windows\System\wxiFHhE.exe
  C:\Windows\System\wxiFHhE.exe
  2⤵
  PID:10816
- C:\Windows\System\AnfMkAY.exe
  C:\Windows\System\AnfMkAY.exe
  2⤵
  PID:10872
- C:\Windows\System\aXGhgve.exe
  C:\Windows\System\aXGhgve.exe
  2⤵
  PID:10904
- C:\Windows\System\hBfhkAR.exe
  C:\Windows\System\hBfhkAR.exe
  2⤵
  PID:10920
- C:\Windows\System\lJFgizG.exe
  C:\Windows\System\lJFgizG.exe
  2⤵
  PID:10960
- C:\Windows\System\vXPYauH.exe
  C:\Windows\System\vXPYauH.exe
  2⤵
  PID:10980
- C:\Windows\System\fhsNfJo.exe
  C:\Windows\System\fhsNfJo.exe
  2⤵
  PID:11004
- C:\Windows\System\jESJVdv.exe
  C:\Windows\System\jESJVdv.exe
  2⤵
  PID:11028
- C:\Windows\System\EOHbwbS.exe
  C:\Windows\System\EOHbwbS.exe
  2⤵
  PID:11052
- C:\Windows\System\XlgiLtU.exe
  C:\Windows\System\XlgiLtU.exe
  2⤵
  PID:11080
- C:\Windows\System\oxnCyjo.exe
  C:\Windows\System\oxnCyjo.exe
  2⤵
  PID:11104
- C:\Windows\System\TodYVHV.exe
  C:\Windows\System\TodYVHV.exe
  2⤵
  PID:11136
- C:\Windows\System\MhxCYHP.exe
  C:\Windows\System\MhxCYHP.exe
  2⤵
  PID:11160
- C:\Windows\System\eZwwjxh.exe
  C:\Windows\System\eZwwjxh.exe
  2⤵
  PID:11184
- C:\Windows\System\mNgvbjq.exe
  C:\Windows\System\mNgvbjq.exe
  2⤵
  PID:11216
- C:\Windows\System\UzABnyG.exe
  C:\Windows\System\UzABnyG.exe
  2⤵
  PID:11240
- C:\Windows\System\oezigoB.exe
  C:\Windows\System\oezigoB.exe
  2⤵
  PID:9288
- C:\Windows\System\WDGRqMu.exe
  C:\Windows\System\WDGRqMu.exe
  2⤵
  PID:10312
- C:\Windows\System\cjZpOFE.exe
  C:\Windows\System\cjZpOFE.exe
  2⤵
  PID:10352
- C:\Windows\System\HfBBvvr.exe
  C:\Windows\System\HfBBvvr.exe
  2⤵
  PID:10476
- C:\Windows\System\BskRWXB.exe
  C:\Windows\System\BskRWXB.exe
  2⤵
  PID:10532
- C:\Windows\System\IZrAGFf.exe
  C:\Windows\System\IZrAGFf.exe
  2⤵
  PID:10588
- C:\Windows\System\rlzQjle.exe
  C:\Windows\System\rlzQjle.exe
  2⤵
  PID:10632
- C:\Windows\System\HWiTBAf.exe
  C:\Windows\System\HWiTBAf.exe
  2⤵
  PID:10712
- C:\Windows\System\TYHFPny.exe
  C:\Windows\System\TYHFPny.exe
  2⤵
  PID:224
- C:\Windows\System\FBjxgJc.exe
  C:\Windows\System\FBjxgJc.exe
  2⤵
  PID:10812
- C:\Windows\System\ZjYbGeM.exe
  C:\Windows\System\ZjYbGeM.exe
  2⤵
  PID:7588
- C:\Windows\System\YjAzMQA.exe
  C:\Windows\System\YjAzMQA.exe
  2⤵
  PID:7584
- C:\Windows\System\NrEVzgF.exe
  C:\Windows\System\NrEVzgF.exe
  2⤵
  PID:10900
- C:\Windows\System\ssFDnwH.exe
  C:\Windows\System\ssFDnwH.exe
  2⤵
  PID:11020
- C:\Windows\System\QAWtxDw.exe
  C:\Windows\System\QAWtxDw.exe
  2⤵
  PID:11072
- C:\Windows\System\QXNNwGL.exe
  C:\Windows\System\QXNNwGL.exe
  2⤵
  PID:11124
- C:\Windows\System\SUpWbVy.exe
  C:\Windows\System\SUpWbVy.exe
  2⤵
  PID:11196
- C:\Windows\System\nfCHcfA.exe
  C:\Windows\System\nfCHcfA.exe
  2⤵
  PID:11232
- C:\Windows\System\PaNOYLF.exe
  C:\Windows\System\PaNOYLF.exe
  2⤵
  PID:10392
- C:\Windows\System\DQljIXR.exe
  C:\Windows\System\DQljIXR.exe
  2⤵
  PID:10512
- C:\Windows\System\ElTgLQJ.exe
  C:\Windows\System\ElTgLQJ.exe
  2⤵
  PID:10612
- C:\Windows\System\fDiCIZS.exe
  C:\Windows\System\fDiCIZS.exe
  2⤵
  PID:10704
- C:\Windows\System\WIUZJfb.exe
  C:\Windows\System\WIUZJfb.exe
  2⤵
  PID:7556
- C:\Windows\System\PgYfrbt.exe
  C:\Windows\System\PgYfrbt.exe
  2⤵
  PID:10916
- C:\Windows\System\oUcbUiL.exe
  C:\Windows\System\oUcbUiL.exe
  2⤵
  PID:11076
- C:\Windows\System\jccFLvk.exe
  C:\Windows\System\jccFLvk.exe
  2⤵
  PID:11144
- C:\Windows\System\KFMynYS.exe
  C:\Windows\System\KFMynYS.exe
  2⤵
  PID:10272
- C:\Windows\System\VIDZPyQ.exe
  C:\Windows\System\VIDZPyQ.exe
  2⤵
  PID:10584
- C:\Windows\System\CGATUWc.exe
  C:\Windows\System\CGATUWc.exe
  2⤵
  PID:11176
- C:\Windows\System\ACYOsXM.exe
  C:\Windows\System\ACYOsXM.exe
  2⤵
  PID:1792
- C:\Windows\System\xNbxwpb.exe
  C:\Windows\System\xNbxwpb.exe
  2⤵
  PID:10444
- C:\Windows\System\DVxAPfU.exe
  C:\Windows\System\DVxAPfU.exe
  2⤵
  PID:11272
- C:\Windows\System\HHTrkZY.exe
  C:\Windows\System\HHTrkZY.exe
  2⤵
  PID:11300
- C:\Windows\System\zksKCdN.exe
  C:\Windows\System\zksKCdN.exe
  2⤵
  PID:11316
- C:\Windows\System\SMDgJBn.exe
  C:\Windows\System\SMDgJBn.exe
  2⤵
  PID:11348
- C:\Windows\System\cdFcmwi.exe
  C:\Windows\System\cdFcmwi.exe
  2⤵
  PID:11372
- C:\Windows\System\seUsLAW.exe
  C:\Windows\System\seUsLAW.exe
  2⤵
  PID:11412
- C:\Windows\System\SYgepFZ.exe
  C:\Windows\System\SYgepFZ.exe
  2⤵
  PID:11440
- C:\Windows\System\gQIjniY.exe
  C:\Windows\System\gQIjniY.exe
  2⤵
  PID:11468
- C:\Windows\System\gWWjMqB.exe
  C:\Windows\System\gWWjMqB.exe
  2⤵
  PID:11488
- C:\Windows\System\wZfiHvn.exe
  C:\Windows\System\wZfiHvn.exe
  2⤵
  PID:11512
- C:\Windows\System\UAzmvLi.exe
  C:\Windows\System\UAzmvLi.exe
  2⤵
  PID:11536
- C:\Windows\System\bIJlyqU.exe
  C:\Windows\System\bIJlyqU.exe
  2⤵
  PID:11560
- C:\Windows\System\WRaVpZo.exe
  C:\Windows\System\WRaVpZo.exe
  2⤵
  PID:11608
- C:\Windows\System\sQNTwid.exe
  C:\Windows\System\sQNTwid.exe
  2⤵
  PID:11624
- C:\Windows\System\gasmCid.exe
  C:\Windows\System\gasmCid.exe
  2⤵
  PID:11652
- C:\Windows\System\JDmgXSH.exe
  C:\Windows\System\JDmgXSH.exe
  2⤵
  PID:11692
- C:\Windows\System\rDcqMoJ.exe
  C:\Windows\System\rDcqMoJ.exe
  2⤵
  PID:11720
- C:\Windows\System\IgfxGHk.exe
  C:\Windows\System\IgfxGHk.exe
  2⤵
  PID:11740
- C:\Windows\System\GKHypVz.exe
  C:\Windows\System\GKHypVz.exe
  2⤵
  PID:11764
- C:\Windows\System\fUoCXRj.exe
  C:\Windows\System\fUoCXRj.exe
  2⤵
  PID:11800
- C:\Windows\System\FMKToYn.exe
  C:\Windows\System\FMKToYn.exe
  2⤵
  PID:11824
- C:\Windows\System\MetWQjP.exe
  C:\Windows\System\MetWQjP.exe
  2⤵
  PID:11848
- C:\Windows\System\zQNeQeI.exe
  C:\Windows\System\zQNeQeI.exe
  2⤵
  PID:11888
- C:\Windows\System\PEaTeGy.exe
  C:\Windows\System\PEaTeGy.exe
  2⤵
  PID:11916
- C:\Windows\System\IIZCVTw.exe
  C:\Windows\System\IIZCVTw.exe
  2⤵
  PID:11932
- C:\Windows\System\SBgnAoP.exe
  C:\Windows\System\SBgnAoP.exe
  2⤵
  PID:11948
- C:\Windows\System\QWlVyex.exe
  C:\Windows\System\QWlVyex.exe
  2⤵
  PID:11968
- C:\Windows\System\WyahmiT.exe
  C:\Windows\System\WyahmiT.exe
  2⤵
  PID:11992
- C:\Windows\System\akDorns.exe
  C:\Windows\System\akDorns.exe
  2⤵
  PID:12012
- C:\Windows\System\jhJaRcM.exe
  C:\Windows\System\jhJaRcM.exe
  2⤵
  PID:12032
- C:\Windows\System\ThddmNe.exe
  C:\Windows\System\ThddmNe.exe
  2⤵
  PID:12088
- C:\Windows\System\GZrXqIz.exe
  C:\Windows\System\GZrXqIz.exe
  2⤵
  PID:12128
- C:\Windows\System\itlbNwL.exe
  C:\Windows\System\itlbNwL.exe
  2⤵
  PID:12148
- C:\Windows\System\hAElLKD.exe
  C:\Windows\System\hAElLKD.exe
  2⤵
  PID:12176
- C:\Windows\System\hZFfyIG.exe
  C:\Windows\System\hZFfyIG.exe
  2⤵
  PID:12200
- C:\Windows\System\TRsQiQw.exe
  C:\Windows\System\TRsQiQw.exe
  2⤵
  PID:12224
- C:\Windows\System\TaaUaNK.exe
  C:\Windows\System\TaaUaNK.exe
  2⤵
  PID:12252
- C:\Windows\System\TbaviNt.exe
  C:\Windows\System\TbaviNt.exe
  2⤵
  PID:11268
- C:\Windows\System\mpFedoy.exe
  C:\Windows\System\mpFedoy.exe
  2⤵
  PID:11336
- C:\Windows\System\WOKfvuc.exe
  C:\Windows\System\WOKfvuc.exe
  2⤵
  PID:11384
- C:\Windows\System\JZLVoau.exe
  C:\Windows\System\JZLVoau.exe
  2⤵
  PID:11428
- C:\Windows\System\EGkyYwK.exe
  C:\Windows\System\EGkyYwK.exe
  2⤵
  PID:11596
- C:\Windows\System\aGbleSX.exe
  C:\Windows\System\aGbleSX.exe
  2⤵
  PID:11680
- C:\Windows\System\kkWrtql.exe
  C:\Windows\System\kkWrtql.exe
  2⤵
  PID:11736
- C:\Windows\System\WrnvXxi.exe
  C:\Windows\System\WrnvXxi.exe
  2⤵
  PID:11788
- C:\Windows\System\BieFoNf.exe
  C:\Windows\System\BieFoNf.exe
  2⤵
  PID:11820
- C:\Windows\System\EkEevRM.exe
  C:\Windows\System\EkEevRM.exe
  2⤵
  PID:11860
- C:\Windows\System\nDdCQfs.exe
  C:\Windows\System\nDdCQfs.exe
  2⤵
  PID:11976
- C:\Windows\System\wUXqBLp.exe
  C:\Windows\System\wUXqBLp.exe
  2⤵
  PID:12004
- C:\Windows\System\DFMzwAA.exe
  C:\Windows\System\DFMzwAA.exe
  2⤵
  PID:12072
- C:\Windows\System\MatoVlH.exe
  C:\Windows\System\MatoVlH.exe
  2⤵
  PID:12144
- C:\Windows\System\aAiNbZC.exe
  C:\Windows\System\aAiNbZC.exe
  2⤵
  PID:12212
- C:\Windows\System\pKKhDLK.exe
  C:\Windows\System\pKKhDLK.exe
  2⤵
  PID:12276
- C:\Windows\System\vdUbrPf.exe
  C:\Windows\System\vdUbrPf.exe
  2⤵
  PID:11360
- C:\Windows\System\QkTqMAf.exe
  C:\Windows\System\QkTqMAf.exe
  2⤵
  PID:11580
- C:\Windows\System\dAWzxyS.exe
  C:\Windows\System\dAWzxyS.exe
  2⤵
  PID:11700
- C:\Windows\System\XBizeOO.exe
  C:\Windows\System\XBizeOO.exe
  2⤵
  PID:12020
- C:\Windows\System\GokyNqZ.exe
  C:\Windows\System\GokyNqZ.exe
  2⤵
  PID:12172
- C:\Windows\System\UDapssH.exe
  C:\Windows\System\UDapssH.exe
  2⤵
  PID:12264
- C:\Windows\System\hYwWtKn.exe
  C:\Windows\System\hYwWtKn.exe
  2⤵
  PID:11364
- C:\Windows\System\guBItxU.exe
  C:\Windows\System\guBItxU.exe
  2⤵
  PID:11960
- C:\Windows\System\onfJRJp.exe
  C:\Windows\System\onfJRJp.exe
  2⤵
  PID:12120
- C:\Windows\System\NMSEQbW.exe
  C:\Windows\System\NMSEQbW.exe
  2⤵
  PID:11900
- C:\Windows\System\XRQnWbL.exe
  C:\Windows\System\XRQnWbL.exe
  2⤵
  PID:12308
- C:\Windows\System\FBgSLQf.exe
  C:\Windows\System\FBgSLQf.exe
  2⤵
  PID:12344
- C:\Windows\System\PUqIWMF.exe
  C:\Windows\System\PUqIWMF.exe
  2⤵
  PID:12376
- C:\Windows\System\wCtjCbt.exe
  C:\Windows\System\wCtjCbt.exe
  2⤵
  PID:12396
- C:\Windows\System\oqROoxc.exe
  C:\Windows\System\oqROoxc.exe
  2⤵
  PID:12424
- C:\Windows\System\WsIRbaU.exe
  C:\Windows\System\WsIRbaU.exe
  2⤵
  PID:12448
- C:\Windows\System\jEuiIyp.exe
  C:\Windows\System\jEuiIyp.exe
  2⤵
  PID:12476
- C:\Windows\System\ZnAmaYr.exe
  C:\Windows\System\ZnAmaYr.exe
  2⤵
  PID:12516
- C:\Windows\System\SHvKoBb.exe
  C:\Windows\System\SHvKoBb.exe
  2⤵
  PID:12544
- C:\Windows\System\haizOUX.exe
  C:\Windows\System\haizOUX.exe
  2⤵
  PID:12572
- C:\Windows\System\dUgnhrF.exe
  C:\Windows\System\dUgnhrF.exe
  2⤵
  PID:12588
- C:\Windows\System\ukUzHsf.exe
  C:\Windows\System\ukUzHsf.exe
  2⤵
  PID:12628
- C:\Windows\System\mTAyXJH.exe
  C:\Windows\System\mTAyXJH.exe
  2⤵
  PID:12656
- C:\Windows\System\DrVJFMv.exe
  C:\Windows\System\DrVJFMv.exe
  2⤵
  PID:12672
- C:\Windows\System\TkyNAEL.exe
  C:\Windows\System\TkyNAEL.exe
  2⤵
  PID:12696
- C:\Windows\System\UIaIjSD.exe
  C:\Windows\System\UIaIjSD.exe
  2⤵
  PID:12724
- C:\Windows\System\FZDmZeW.exe
  C:\Windows\System\FZDmZeW.exe
  2⤵
  PID:12744
- C:\Windows\System\kpckmMM.exe
  C:\Windows\System\kpckmMM.exe
  2⤵
  PID:12784
- C:\Windows\System\TFAwtXm.exe
  C:\Windows\System\TFAwtXm.exe
  2⤵
  PID:12808
- C:\Windows\System\JFhCyXS.exe
  C:\Windows\System\JFhCyXS.exe
  2⤵
  PID:12828
- C:\Windows\System\YxYQNQF.exe
  C:\Windows\System\YxYQNQF.exe
  2⤵
  PID:12844
- C:\Windows\System\JRtHaBP.exe
  C:\Windows\System\JRtHaBP.exe
  2⤵
  PID:12860
- C:\Windows\System\htbOSWP.exe
  C:\Windows\System\htbOSWP.exe
  2⤵
  PID:12900
- C:\Windows\System\eBgAvyb.exe
  C:\Windows\System\eBgAvyb.exe
  2⤵
  PID:12932
- C:\Windows\System\HlTgmrH.exe
  C:\Windows\System\HlTgmrH.exe
  2⤵
  PID:12976
- C:\Windows\System\TpGFkja.exe
  C:\Windows\System\TpGFkja.exe
  2⤵
  PID:13004
- C:\Windows\System\QatSeCK.exe
  C:\Windows\System\QatSeCK.exe
  2⤵
  PID:13024
- C:\Windows\System\NrUVIhu.exe
  C:\Windows\System\NrUVIhu.exe
  2⤵
  PID:13040
- C:\Windows\System\FDnRUEe.exe
  C:\Windows\System\FDnRUEe.exe
  2⤵
  PID:13064
- C:\Windows\System\VHCjJkw.exe
  C:\Windows\System\VHCjJkw.exe
  2⤵
  PID:13104
- C:\Windows\System\Uairqgh.exe
  C:\Windows\System\Uairqgh.exe
  2⤵
  PID:13136
- C:\Windows\System\kVHqiTJ.exe
  C:\Windows\System\kVHqiTJ.exe
  2⤵
  PID:13164
- C:\Windows\System\OIvzTJX.exe
  C:\Windows\System\OIvzTJX.exe
  2⤵
  PID:13188
- C:\Windows\System\kApSLYh.exe
  C:\Windows\System\kApSLYh.exe
  2⤵
  PID:13208
- C:\Windows\System\WzlUCVz.exe
  C:\Windows\System\WzlUCVz.exe
  2⤵
  PID:13232
- C:\Windows\System\NjhHSOq.exe
  C:\Windows\System\NjhHSOq.exe
  2⤵
  PID:13264
- C:\Windows\System\SvNxFex.exe
  C:\Windows\System\SvNxFex.exe
  2⤵
  PID:13296
- C:\Windows\System\nVvGqLm.exe
  C:\Windows\System\nVvGqLm.exe
  2⤵
  PID:12292
- C:\Windows\System\DMimNPp.exe
  C:\Windows\System\DMimNPp.exe
  2⤵
  PID:12336
- C:\Windows\System\vUUzsfc.exe
  C:\Windows\System\vUUzsfc.exe
  2⤵
  PID:12408
- C:\Windows\System\gPUlNkw.exe
  C:\Windows\System\gPUlNkw.exe
  2⤵
  PID:12436
- C:\Windows\System\YNDcGSR.exe
  C:\Windows\System\YNDcGSR.exe
  2⤵
  PID:12500
- C:\Windows\System\JbimXqA.exe
  C:\Windows\System\JbimXqA.exe
  2⤵
  PID:12564
- C:\Windows\System\pzObcXa.exe
  C:\Windows\System\pzObcXa.exe
  2⤵
  PID:12608
- C:\Windows\System\xmeZgkm.exe
  C:\Windows\System\xmeZgkm.exe
  2⤵
  PID:12764
- C:\Windows\System\bRfLPKL.exe
  C:\Windows\System\bRfLPKL.exe
  2⤵
  PID:12852
- C:\Windows\System\OiGfjcV.exe
  C:\Windows\System\OiGfjcV.exe
  2⤵
  PID:12908
- C:\Windows\System\szysgTr.exe
  C:\Windows\System\szysgTr.exe
  2⤵
  PID:12964
- C:\Windows\System\oRJSZge.exe
  C:\Windows\System\oRJSZge.exe
  2⤵
  PID:13032
- C:\Windows\System\CcsRYCz.exe
  C:\Windows\System\CcsRYCz.exe
  2⤵
  PID:13132
- C:\Windows\System\QiDzeMJ.exe
  C:\Windows\System\QiDzeMJ.exe
  2⤵
  PID:13148
- C:\Windows\System\WKqmVpW.exe
  C:\Windows\System\WKqmVpW.exe
  2⤵
  PID:13156
- C:\Windows\System\Gpxqdej.exe
  C:\Windows\System\Gpxqdej.exe
  2⤵
  PID:13292
- C:\Windows\System\DnroHVK.exe
  C:\Windows\System\DnroHVK.exe
  2⤵
  PID:12364
- C:\Windows\System\ABfrVtG.exe
  C:\Windows\System\ABfrVtG.exe
  2⤵
  PID:12560
- C:\Windows\System\lDolGxl.exe
  C:\Windows\System\lDolGxl.exe
  2⤵
  PID:12692
- C:\Windows\System\cSPcSGM.exe
  C:\Windows\System\cSPcSGM.exe
  2⤵
  PID:12820
- C:\Windows\System\JyexJQs.exe
  C:\Windows\System\JyexJQs.exe
  2⤵
  PID:12928
- C:\Windows\System\ketWLWV.exe
  C:\Windows\System\ketWLWV.exe
  2⤵
  PID:13056
- C:\Windows\System\aXqCTWa.exe
  C:\Windows\System\aXqCTWa.exe
  2⤵
  PID:3760
- C:\Windows\System\AsWfBHc.exe
  C:\Windows\System\AsWfBHc.exe
  2⤵
  PID:13200
- C:\Windows\System\ZGUfkAK.exe
  C:\Windows\System\ZGUfkAK.exe
  2⤵
  PID:12532
- C:\Windows\System\HwYRlem.exe
  C:\Windows\System\HwYRlem.exe
  2⤵
  PID:12800
- C:\Windows\System\RIXpkqi.exe
  C:\Windows\System\RIXpkqi.exe
  2⤵
  PID:4124
- C:\Windows\System\cfWBlgO.exe
  C:\Windows\System\cfWBlgO.exe
  2⤵
  PID:13284
- C:\Windows\System\HWMyuof.exe
  C:\Windows\System\HWMyuof.exe
  2⤵
  PID:13180
- C:\Windows\System\JjuBMnU.exe
  C:\Windows\System\JjuBMnU.exe
  2⤵
  PID:13340
- C:\Windows\System\mAdxFWB.exe
  C:\Windows\System\mAdxFWB.exe
  2⤵
  PID:13360
- C:\Windows\System\qRUlrvo.exe
  C:\Windows\System\qRUlrvo.exe
  2⤵
  PID:13380
- C:\Windows\System\LdDBSAM.exe
  C:\Windows\System\LdDBSAM.exe
  2⤵
  PID:13400
- C:\Windows\System\DqziVrr.exe
  C:\Windows\System\DqziVrr.exe
  2⤵
  PID:13420
- C:\Windows\System\PtVNkTA.exe
  C:\Windows\System\PtVNkTA.exe
  2⤵
  PID:13444
- C:\Windows\System\cZCYCBk.exe
  C:\Windows\System\cZCYCBk.exe
  2⤵
  PID:13508
- C:\Windows\System\LHhBbGG.exe
  C:\Windows\System\LHhBbGG.exe
  2⤵
  PID:13524
- C:\Windows\System\ZSizAvM.exe
  C:\Windows\System\ZSizAvM.exe
  2⤵
  PID:13552
- C:\Windows\System\RIgWqXo.exe
  C:\Windows\System\RIgWqXo.exe
  2⤵
  PID:13592
- C:\Windows\System\TLKtbXC.exe
  C:\Windows\System\TLKtbXC.exe
  2⤵
  PID:13620
- C:\Windows\System\AHMMtTB.exe
  C:\Windows\System\AHMMtTB.exe
  2⤵
  PID:13648
- C:\Windows\System\CNdqHBO.exe
  C:\Windows\System\CNdqHBO.exe
  2⤵
  PID:13668
- C:\Windows\System\zYtSQyf.exe
  C:\Windows\System\zYtSQyf.exe
  2⤵
  PID:13692
- C:\Windows\System\AiJIwrr.exe
  C:\Windows\System\AiJIwrr.exe
  2⤵
  PID:13720
- C:\Windows\System\yxGATuo.exe
  C:\Windows\System\yxGATuo.exe
  2⤵
  PID:13740
- C:\Windows\System\OBBuKbO.exe
  C:\Windows\System\OBBuKbO.exe
  2⤵
  PID:13784
- C:\Windows\System\WpVrGBl.exe
  C:\Windows\System\WpVrGBl.exe
  2⤵
  PID:13808
- C:\Windows\System\fbLbyvO.exe
  C:\Windows\System\fbLbyvO.exe
  2⤵
  PID:13840
- C:\Windows\System\JSELEPy.exe
  C:\Windows\System\JSELEPy.exe
  2⤵
  PID:13860
- C:\Windows\System\mHgrWHo.exe
  C:\Windows\System\mHgrWHo.exe
  2⤵
  PID:13900
- C:\Windows\System\QTbdAWw.exe
  C:\Windows\System\QTbdAWw.exe
  2⤵
  PID:13920
- C:\Windows\System\RkhNcdd.exe
  C:\Windows\System\RkhNcdd.exe
  2⤵
  PID:13944
- C:\Windows\System\TvVRWSo.exe
  C:\Windows\System\TvVRWSo.exe
  2⤵
  PID:13972
- C:\Windows\System\BWSSUpS.exe
  C:\Windows\System\BWSSUpS.exe
  2⤵
  PID:13988
- C:\Windows\System\vdFYZrX.exe
  C:\Windows\System\vdFYZrX.exe
  2⤵
  PID:14008
- C:\Windows\System\WZZQfVu.exe
  C:\Windows\System\WZZQfVu.exe
  2⤵
  PID:14040
- C:\Windows\System\qRERVpr.exe
  C:\Windows\System\qRERVpr.exe
  2⤵
  PID:14080
- C:\Windows\System\lYKmufz.exe
  C:\Windows\System\lYKmufz.exe
  2⤵
  PID:14100
- C:\Windows\System\EzEXDhO.exe
  C:\Windows\System\EzEXDhO.exe
  2⤵
  PID:14124
- C:\Windows\System\JCqLQMY.exe
  C:\Windows\System\JCqLQMY.exe
  2⤵
  PID:13356
- C:\Windows\System\Pbebosr.exe
  C:\Windows\System\Pbebosr.exe
  2⤵
  PID:13376
- C:\Windows\System\aSnyfYZ.exe
  C:\Windows\System\aSnyfYZ.exe
  2⤵
  PID:13456
- C:\Windows\System\RWAxxXW.exe
  C:\Windows\System\RWAxxXW.exe
  2⤵
  PID:13480
- C:\Windows\System\gLwzMiR.exe
  C:\Windows\System\gLwzMiR.exe
  2⤵
  PID:13520
- C:\Windows\System\KlohTSx.exe
  C:\Windows\System\KlohTSx.exe
  2⤵
  PID:13588

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AfYJNdY.exe

Filesize
1.5MB

MD5
57230f3bb867147d031ad98b89c614ac

SHA1
5274cec2c970941f004c1b90d19eac2727e50521

SHA256
945d711b10dd206e88cfd8f4ea30077fee1f37965b52251b1e60f9ac2defe232

SHA512
35d59ee87494146a23675964b806396b5f12610439fdfec9cabd6f0f8ffb1899441ea730a6ff025106111275281832218ca26edbc242efc2456f136a0cebece6

Download Submit
C:\Windows\System\BkaDHEB.exe

Filesize
1.5MB

MD5
00ee978274800dae9881d70c6a020bce

SHA1
85717e7e9756ef7559f31b21ac396975afd024fd

SHA256
cadd245cbe1c12b53dcf8c34435d8ab9e6c72f2ff7b1e914e1ad0e6cc3c213f0

SHA512
9115aa6eda67211173e09e13752329220203f5dbd7d37f2bccae8692e8ecb15e889272b5b9d5fee7734d04e416b4d9dc4a79e106cec5979d8963ed802aa8061d

Download Submit
C:\Windows\System\CfAstoi.exe

Filesize
1.5MB

MD5
184ba68f5729931219b3cc65f93d2651

SHA1
d75683a32a26010886e38bf04acd1a52074bdb18

SHA256
05cd003f7a9c0b7a8b0fac6915a6b5c4e24e616a122a6b6ecb256c618f3fabf0

SHA512
277baeec12e8bc36f60427f731964591d452922be253d6d97e6e7cf564d50bd11d2ded78668a6375dd495b77514900c086db403cd516da6bc55566c20eeda4c2

Download Submit
C:\Windows\System\CgKaFBZ.exe

Filesize
1.5MB

MD5
00fbedd323c4d8498acd9f214706fc24

SHA1
be555b2728a52281f71ae06194563719b892f995

SHA256
5d91e571133243dab55c99f248f5a31e290919251dafd17fb9f5d94a409d5ae8

SHA512
dffdcb6918945bed85ada5e7f3806cd478247efa9de76c5b5828490e4f7b7d61e45f15dbe4d912d2c3bb5366222f57e45d571f97f9d242ebc08d71cf254b2727

Download Submit
C:\Windows\System\GKdvvCo.exe

Filesize
1.5MB

MD5
b11849cb45e14ce635af4f48d5ad5ca0

SHA1
f34d470d465b39c9cbd3e116f39417b9beb90d3b

SHA256
a69d062777b0aece5f1d3dc8c0210c7adbd6640297a8e6c9d26129c61fb1bdfa

SHA512
d6cb0bbf914a364f8e8f718a265f51f9b4ce6da74e24eaa8a17638c84cbc16144da617fe2841c7cd8be091633f6993264088399f3edc1280c2f869d4e7b4f402

Download Submit
C:\Windows\System\GbZGkdJ.exe

Filesize
1.5MB

MD5
39d7ca8913a67bb0b635f051514e2795

SHA1
47e3b55a5aefdde7ee289352fd0bb186b0543846

SHA256
e1a2a10084e49297314741a6942c83fc90f4a5d77e536a096f174a52c3c8da70

SHA512
9ac82aeb42a5c2e3fe1362a50d3936acf1d83edec2f7d1a2cfe5847d51e20bdc136d71e4ca2a369e62ae54748c69c40e4f2e1609895f35fcd586a75a6d1dada6

Download Submit
C:\Windows\System\LjWjiXn.exe

Filesize
1.5MB

MD5
b77bb1ffc34d3ba17fd923ec679af839

SHA1
15b6f4ed714be34726b57d5e5d767e8943e9b61c

SHA256
f58aaf37ed16ad5b1127f078018d24b7b7a4313914cf9096815c61e4492f86d7

SHA512
06655c65ba2c826cf8aa0df820ac3d002781de263db0f678e91444d4d4f0f0bd7eaedbf788362a66420e7b2eb30a524868f5d335676e179d728e348b08d3e0a6

Download Submit
C:\Windows\System\MwgyKPz.exe

Filesize
1.5MB

MD5
d2195b37a59df6b58dbaec0a55d1fe23

SHA1
023588bc778366df12d155a41858d22ad5a1242c

SHA256
3132fd294a4b6a8e29f56204e60e105dfa92bc2140e9e1efb65e2a3ff8fce7b1

SHA512
8b59e247879ca722e969866a3c755b63047591c71d913a08d58369f49e2eaf949288f30a700f274f867d4cda36f53b39cfb8fae368ecb2899496affd78741b95

Download Submit
C:\Windows\System\NKVwYXl.exe

Filesize
1.5MB

MD5
0a4bb85b22e158b030aa5014e83de2da

SHA1
d1d9bf0d93532284ad424d83bb87a70167445b65

SHA256
694e95c9b901ab452061f85225877e43fbecf956323207053cf2a7dbf9aecf56

SHA512
709a77cc27ca87c18ab0dad6405d547cb511b07b989a436f9b957fd9c39234392b133aa56a113b9dfe2a5c55fc78b48768795040cc9faadff3bb9ad87020e978

Download Submit
C:\Windows\System\PAXNoPF.exe

Filesize
1.5MB

MD5
ffa5e76636d4d865019feda76f5ea9b2

SHA1
c50d246b62796380329a557d9c51b99dc222ed7f

SHA256
aceda7c74386c6689e155edb0ff00656a4443cd3c2787b49d609e6774651b4aa

SHA512
a691aa17dec864a70855cb274b8d92f14cbd2c3ba3e73ce4b8f970a1d8d366cea86847513d84b894a6ba16b13265333691896d414761b36b87f5c233b18ab5ca

Download Submit
C:\Windows\System\PqvjfQr.exe

Filesize
1.5MB

MD5
4b1814265ca21ca791cc767c279f023f

SHA1
0d5b4d5af3463fd3c39f2ae101a5ac321b8f71a9

SHA256
c5858d2f6506709e53621987e71a1d35a132ea7add28675b089f4f3b2579c87a

SHA512
b6b54410d41815385fab2f48cc4214e24f5c04856574c38f431ace079354388816c583730197fcb79ec8798d507a523aec20e3e194c9a8698384052d502296f7

Download Submit
C:\Windows\System\QRclOMp.exe

Filesize
1.5MB

MD5
de69397ee035ecae94e1cbb9c2f38792

SHA1
fd2d2ac42f025d3b8cbd67f1c55a83e2bd7f1351

SHA256
27bf5eb47d778e03c21dd75945797bad99b1732627b35bdc1e48058684e1ef44

SHA512
b196483e4ed250c1641adb6ae7196a1c86358db6905b9e427f5d679ac653c3c668fd13e79ecc3b404088a18d1bdff126dbecafda3851bad3a1b68f7417a296ba

Download Submit
C:\Windows\System\SktocXA.exe

Filesize
1.5MB

MD5
2765cfd33e63c06f9b125d4b8d2e6c5e

SHA1
df335e028bfabffd126688fef45be440b366204b

SHA256
272e05484d9eef13db71ce9dccc57773958873c7539b8fc6e2b0d6335b269031

SHA512
ed1e34cac3b4a0fe4f6f20cf6d9dfa0ba226a4c871cafe3ea008d3675baa999a625fd61d26891b59a9771ae81716bd595d6d2ef8462eceff4be458abf66542c7

Download Submit
C:\Windows\System\TlYJczH.exe

Filesize
1.5MB

MD5
5110ef68f4e275f84528851bf3b16330

SHA1
a3ff55c8aa1f8f67c14850ddc6e67c5c70890813

SHA256
4f91fabacc78b6ae5ee7478feedc1ce67d0e94029784e0792cc2fbed584c60de

SHA512
5c70f45a39f3b925cc51b1a70ff66bfc065b828fa3b0fe72679f9fb57f58580ab2e4f7b077e774cdf08284145cb8b4eef2fb7b1cadadca2ded811c447be6a0e7

Download Submit
C:\Windows\System\UEYrnQs.exe

Filesize
1.5MB

MD5
2cbcbe4066a44f3d1d4c21b930df1d4a

SHA1
e0cbcbdee9dda949ee7cfaa853c39bd53378d495

SHA256
a4d18d50266a88fee115b9ef4b0000443f08475cf1e860f408ade47e139cb2d8

SHA512
8aff80988159292079939899e6f055c88dd068b38f202c384d583fe6a09bae95e3d92bf179ad6988a814d89b1f35cb9e4d60d7bc561a7cce49f6422d8d315fdd

Download Submit
C:\Windows\System\UOHzhmO.exe

Filesize
1.5MB

MD5
7d434d7c2943e9b8144834cab1293f74

SHA1
498b176f1e7126cd6692cc93f647ebcbe26e9c59

SHA256
4d5bf57c14f5a4408f2fc1eab47df55452fb5437872021c6efc5b0f3c4622fc2

SHA512
5ebf8d93f77061062d95e1055819b0f26053e758f4a6ebf03e8dacaea3fb85b96aaa16efc8977466c77883c2260ef1173637eb5c7ef0a247c643501f7a287c48

Download Submit
C:\Windows\System\WOjwROQ.exe

Filesize
1.5MB

MD5
815956aeccb7399346d1ca8a2275bec7

SHA1
e2b235b471233a2b23e9f4196cc101295a44c2a4

SHA256
14326af488195e303a74e24968979180b462907397c35e2595c0cb8449f2afc4

SHA512
9b87f4344a38aa74ae4fb2f66e5b7ff4c800580796b2d674ecafcc201e319e7d3bd2c22ca5b5be5c38a34d79ceb70771149d83ea5064a3c153a9a3b451643206

Download Submit
C:\Windows\System\XwQrngi.exe

Filesize
1.5MB

MD5
232313593f264b296d7295ce5ccd0e3a

SHA1
dede79032eefa3c4592220350bf58e6274c542d5

SHA256
e9c5d7e450946129d8d6cf1f45483963e76375928b2afde0a86f7bae3d6ebbbd

SHA512
5480a515663b71e7d55e7b391a7d6e252e8b1def9f4bbd9c36b11a5b96fa97cb1640375e477c58e3b0f0873d35a6ec36b955da5e225fd387584fb983fc6197b2

Download Submit
C:\Windows\System\YDtLKfQ.exe

Filesize
1.5MB

MD5
e743fea0374ca6b4e02fba8e9418dec9

SHA1
88932fe4cab1fc0fbb92eaccad5cae1b851ae847

SHA256
be263e4eef5a283bf8e169aed2990dc9cc8396068862d61c88759506057084e3

SHA512
3daf2bd7d5a5c22cc9aabdaaf1646b5bfdbb549c2db130af679f6b88f092534337118951646f1b1481a02b85bd676a017b52929ba558188b53b44fd0758c5bc0

Download Submit
C:\Windows\System\emOTwqF.exe

Filesize
1.5MB

MD5
a2cb5f6c65fa56b0789337541ee8b9e1

SHA1
f58fcff9bfe30a4a97ff0fc42124d3dc6e30c67e

SHA256
139e5da1a1dd50eb4494d62cde5b325eeaa2cfa499272fe08a823b77e7ca0fd9

SHA512
43bad875eabcd4c91669c31c7b2db525be6722bbb94107da68dabc8d26e39c5238403065946126e637909480cbe378800eb5d94068af320434d3ef394d3e4f4b

Download Submit
C:\Windows\System\gVzXrxb.exe

Filesize
1.5MB

MD5
9059b625b9c89a87f5398d62cd06fed5

SHA1
36eedaba31df8274e0bf2fca45ab183b6a2fe8e2

SHA256
aec8cfdc8cf5442847295cbc0f3a97a86ea30e279e787095eab9452764ddd40b

SHA512
e7411df473e168cf54d55bbe27819abc07638cab8fbb89ae091883f0bdc42e921970312c4f5d96583118ef499854b1755229beb8def7e82844c304e5d0deef57

Download Submit
C:\Windows\System\jMUTXFp.exe

Filesize
1.5MB

MD5
12aabde581d74093f20f1be464617679

SHA1
9e2cb2668a0c1ae71d22203f06d1a94587e3c738

SHA256
5fd744cb7024bbe89a997f60f26016e7c45765b20df0e155347415cc2405f1d4

SHA512
c5c51a5aeb742ca7675be5adc7ac72627cf14797d8b99a1a9ab33bb9ec935ce58e2a16755c097904888780e933c083466409c141c814b6f66521e6d27855d5dc

Download Submit
C:\Windows\System\kGxYXeY.exe

Filesize
1.5MB

MD5
40c280bb10e0d5c280c16d42f70b9eab

SHA1
6f4444677cac2ff1fcb0d583b6240b907dff5e62

SHA256
2732a6030f9b02d4a69c59867be753a8fe4e329a18d15438a7da441dfa0d1b06

SHA512
3370ba9851afab9ea9949cd9ea83ba0b0b190727eb0353d6755040e9363e4ea473a82e8658b5096a2997929766221c29e192dfaf73ca1b8145e19b5e9e1f46dd

Download Submit
C:\Windows\System\mDgPRBy.exe

Filesize
1.5MB

MD5
59ddc028d20bb178ac13a7c5f71fd50d

SHA1
ac76ccd4173240ac0ba860f489ff3ccdf70b040a

SHA256
ccae2eef2622cea7e2a84ec600f23ed16e6bd184d5afa1669681675afa3408c3

SHA512
3572acc993aa21d74129310cfb0bab25afdd4e67de9ff978790f79b0d8d8dd460696ae6dd896448d6ba89b559bede8b7b59317a83f1c6d026829c112c39a1d32

Download Submit
C:\Windows\System\mHZGPqP.exe

Filesize
1.5MB

MD5
841d88ee08a478b732da9882a59ba4f6

SHA1
686081d6a88259fb059a5f499282881dfa0385b6

SHA256
c6fa76d61f0f0fdfbc31e6806ac44109c0e1bd2010dfbaef9802636538406af8

SHA512
98613a7983b874c80b2a78cc3d4de15eaefb7241a3572f1d5750e9bd7e827bcdaf084fffe72ae83a67a5ae6d94e6d577cd54da5f3688d7eee5831b191626bfab

Download Submit
C:\Windows\System\nXfYzsx.exe

Filesize
1.5MB

MD5
08a48fcddf710761801b2e1e7230278e

SHA1
2bed756d4b572f52b253925616f494df1b3bd584

SHA256
ce660f3de0c01ae135213907ea0bfa9e725b672a364a61b1037267b62d2c032d

SHA512
6ab11b429d19a00c2410beaa57df797d45c2e52d5f87f14323a7bae7ca88bd17bae289c191a9196868fbc9f2552855be60195cabfa529d7adfb6eee6c9d4c60f

Download Submit
C:\Windows\System\prwoBLv.exe

Filesize
1.5MB

MD5
755ba833bb18149f79af7bb020d6e04e

SHA1
6918ff5a783879ef07214980d0695016eb80a72d

SHA256
82214e438e1a6bbc533c44103672ed700787203009b92ad1e6fc6fa76d3bf7f0

SHA512
aaed0a1e2a2b6f0c92132923a7be84985813059bf821e144c05ff978ad22844a9028eb1d9836cefd45576b659393e94508f055ff9a648360000157ecbfd7c7e8

Download Submit
C:\Windows\System\qVerncq.exe

Filesize
1.5MB

MD5
aad428d9bc01b8ad07c15b6426f63443

SHA1
f6d9ff1d5aecc54b70915b90f2f021cca372b1c0

SHA256
9489a08d6ba31c9ce5d3222effe79370e85fef7fed2bcf4dd718730dd25f6652

SHA512
9922f8637967e6c51224624f5e77e779cd34b2af5d79c95f4dba75592a95e5bfc6d3c8a01a4c7b754e8a7f35c2708368e243247af10e1de9ff014f2343e75eb6

Download Submit
C:\Windows\System\qYuqUGL.exe

Filesize
1.5MB

MD5
2204d33002464496bec4e3a0a623948e

SHA1
477c89f3a579e61c4534a7e95b26104431b38f38

SHA256
fcce95f763340d590962fbfdae81dfac9b74c72e8c7c4eaa50fc832a7800cdd8

SHA512
0ed8cd0c9c23b4a499bd0069f857d5dc14c5973826be0f6f861bd4ddd4cf4f7839af252679dc17a8077b3579465873295c18e139c648727d28694fa95a9b120c

Download Submit
C:\Windows\System\shyUxND.exe

Filesize
1.5MB

MD5
7b4465b04510e5bb067d120bcfbeb08d

SHA1
d252ed533e934dc43ae10551ccd2d625c299e2f5

SHA256
8c7f93add6e8fe7fe74d34eebb0da04047cd6ee1245423b2bf7546a3f156b31d

SHA512
cd5888463686ad43e309f550aec879aeec1d3e06eae85ddfe5deed7c47ae1f989a61c155968d6fe5fcb459c19c4ad5063adbee80f5d07e5afabc89ad535f2f56

Download Submit
C:\Windows\System\uJyOyAB.exe

Filesize
1.5MB

MD5
82e74e8422abb73c9c9bf9db003f9aae

SHA1
cf0e16517351baf218a5f1fefe4feecf61c2831c

SHA256
4d3a07b52edebe0b8f22fac27e459df05c4c4e363c3ed23b3e83fd4ff7241845

SHA512
2bd386ac9b4b2b8c81cef8b4977a643fa9082abee9e2c98526d6c942c41f945fa7a5c5b8a8388f487d473e1221d15bc90abdfcf727142e5790cb6eb338ca7df9

Download Submit
C:\Windows\System\wQoACJS.exe

Filesize
1.5MB

MD5
2676e23d1b0f6cd84d558b2972dcd41f

SHA1
0edf934cafe024d95e040e5dd0a237afc8e13d4b

SHA256
c999dcbd10fea3d873c1800929fb51a7d0505e14a20819c5ef801feaa75e88a7

SHA512
3aad27d9bd97f7a8ba17ab44f190114c7a5f845f456397edd7602bd10d801338449b8f233ef74f65e488862d5250c73d6b04de095a1af85af845d8ba53f0cc39

Download Submit
C:\Windows\System\wwNWNec.exe

Filesize
1.5MB

MD5
953480815138d052a4de8477174b637e

SHA1
e8a227f26c02b40d8e625d2c917962a976626fe6

SHA256
fdfb7b240c04d6ba5af83317874207f6d840fab82c92569753290e4740d3501e

SHA512
72d10e8b993f0af6c82a4650c78c557c35a5fc763c857dc990a66a6ba88693ba45fbe69ee9175813baf5cbdb149762bbc38af1d9c8afe35392c82ba5e7e2723f

Download Submit
memory/832-2173-0x00007FF76CB60000-0x00007FF76CEB4000-memory.dmp

Filesize
3.3MB

Download
memory/832-793-0x00007FF76CB60000-0x00007FF76CEB4000-memory.dmp

Filesize
3.3MB

Download
memory/1184-796-0x00007FF662780000-0x00007FF662AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1184-2184-0x00007FF662780000-0x00007FF662AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2181-0x00007FF769F70000-0x00007FF76A2C4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-823-0x00007FF769F70000-0x00007FF76A2C4000-memory.dmp

Filesize
3.3MB

Download
memory/1864-739-0x00007FF7A4C80000-0x00007FF7A4FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1864-2177-0x00007FF7A4C80000-0x00007FF7A4FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-10-0x00007FF6F62A0000-0x00007FF6F65F4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2157-0x00007FF6F62A0000-0x00007FF6F65F4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-2179-0x00007FF61E710000-0x00007FF61EA64000-memory.dmp

Filesize
3.3MB

Download
memory/2176-745-0x00007FF61E710000-0x00007FF61EA64000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2159-0x00007FF63D010000-0x00007FF63D364000-memory.dmp

Filesize
3.3MB

Download
memory/2192-690-0x00007FF63D010000-0x00007FF63D364000-memory.dmp

Filesize
3.3MB

Download
memory/2260-829-0x00007FF685D20000-0x00007FF686074000-memory.dmp

Filesize
3.3MB

Download
memory/2260-2165-0x00007FF685D20000-0x00007FF686074000-memory.dmp

Filesize
3.3MB

Download
memory/2264-774-0x00007FF7AF810000-0x00007FF7AFB64000-memory.dmp

Filesize
3.3MB

Download
memory/2264-2176-0x00007FF7AF810000-0x00007FF7AFB64000-memory.dmp

Filesize
3.3MB

Download
memory/2296-821-0x00007FF78C710000-0x00007FF78CA64000-memory.dmp

Filesize
3.3MB

Download
memory/2296-2185-0x00007FF78C710000-0x00007FF78CA64000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2175-0x00007FF61C7C0000-0x00007FF61CB14000-memory.dmp

Filesize
3.3MB

Download
memory/2396-769-0x00007FF61C7C0000-0x00007FF61CB14000-memory.dmp

Filesize
3.3MB

Download
memory/2412-692-0x00007FF68B1C0000-0x00007FF68B514000-memory.dmp

Filesize
3.3MB

Download
memory/2412-2161-0x00007FF68B1C0000-0x00007FF68B514000-memory.dmp

Filesize
3.3MB

Download
memory/2492-2163-0x00007FF6385C0000-0x00007FF638914000-memory.dmp

Filesize
3.3MB

Download
memory/2492-704-0x00007FF6385C0000-0x00007FF638914000-memory.dmp

Filesize
3.3MB

Download
memory/2504-2158-0x00007FF7DA8A0000-0x00007FF7DABF4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-691-0x00007FF7DA8A0000-0x00007FF7DABF4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-754-0x00007FF7A73F0000-0x00007FF7A7744000-memory.dmp

Filesize
3.3MB

Download
memory/2528-2171-0x00007FF7A73F0000-0x00007FF7A7744000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2168-0x00007FF611490000-0x00007FF6117E4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-708-0x00007FF611490000-0x00007FF6117E4000-memory.dmp

Filesize
3.3MB

Download
memory/3180-717-0x00007FF6F1300000-0x00007FF6F1654000-memory.dmp

Filesize
3.3MB

Download
memory/3180-2167-0x00007FF6F1300000-0x00007FF6F1654000-memory.dmp

Filesize
3.3MB

Download
memory/3224-805-0x00007FF6603B0000-0x00007FF660704000-memory.dmp

Filesize
3.3MB

Download
memory/3224-2183-0x00007FF6603B0000-0x00007FF660704000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2162-0x00007FF7009F0000-0x00007FF700D44000-memory.dmp

Filesize
3.3MB

Download
memory/3248-694-0x00007FF7009F0000-0x00007FF700D44000-memory.dmp

Filesize
3.3MB

Download
memory/3316-771-0x00007FF63F870000-0x00007FF63FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3316-2174-0x00007FF63F870000-0x00007FF63FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-777-0x00007FF72E220000-0x00007FF72E574000-memory.dmp

Filesize
3.3MB

Download
memory/3456-2172-0x00007FF72E220000-0x00007FF72E574000-memory.dmp

Filesize
3.3MB

Download
memory/3792-2169-0x00007FF71B880000-0x00007FF71BBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3792-781-0x00007FF71B880000-0x00007FF71BBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3804-2164-0x00007FF7EF520000-0x00007FF7EF874000-memory.dmp

Filesize
3.3MB

Download
memory/3804-699-0x00007FF7EF520000-0x00007FF7EF874000-memory.dmp

Filesize
3.3MB

Download
memory/3948-752-0x00007FF758350000-0x00007FF7586A4000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2180-0x00007FF758350000-0x00007FF7586A4000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2166-0x00007FF6DA0B0000-0x00007FF6DA404000-memory.dmp

Filesize
3.3MB

Download
memory/4092-693-0x00007FF6DA0B0000-0x00007FF6DA404000-memory.dmp

Filesize
3.3MB

Download
memory/4220-2156-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp

Filesize
3.3MB

Download
memory/4220-0-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp

Filesize
3.3MB

Download
memory/4220-1-0x00000165899D0000-0x00000165899E0000-memory.dmp

Filesize
64KB

Download
memory/4444-2178-0x00007FF6D8D10000-0x00007FF6D9064000-memory.dmp

Filesize
3.3MB

Download
memory/4444-727-0x00007FF6D8D10000-0x00007FF6D9064000-memory.dmp

Filesize
3.3MB

Download
memory/4508-794-0x00007FF764660000-0x00007FF7649B4000-memory.dmp

Filesize
3.3MB

Download
memory/4508-2182-0x00007FF764660000-0x00007FF7649B4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2170-0x00007FF667BF0000-0x00007FF667F44000-memory.dmp

Filesize
3.3MB

Download
memory/4568-786-0x00007FF667BF0000-0x00007FF667F44000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2160-0x00007FF68DC30000-0x00007FF68DF84000-memory.dmp

Filesize
3.3MB

Download
memory/5084-689-0x00007FF68DC30000-0x00007FF68DF84000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads