xmrig | 2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
Size

2.4MB
MD5

f780964b7672b80379e43edeb8be3fa6
SHA1

7073d8c797b17ef112d55bae226db97ebf78bada
SHA256

2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b
SHA512

e3c599a50525e0a0f2f137f91b6a108fb5fc3b62bf92be45fbdd9372630530691fbe5f9caa198c52a1740e7d78b67078b1362131d7c750c8a26c36d15b6abdbe
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQHxWiVuZNV+pKfMK:BemTLkNdfE0pZrQu

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/2136-0-0x00007FF7834F0000-0x00007FF783844000-memory.dmp	UPX
behavioral2/files/0x0009000000023297-5.dat	UPX
behavioral2/files/0x000700000002342e-8.dat	UPX
behavioral2/files/0x0007000000023431-31.dat	UPX
behavioral2/memory/5076-28-0x00007FF76F1C0000-0x00007FF76F514000-memory.dmp	UPX
behavioral2/memory/4404-25-0x00007FF712940000-0x00007FF712C94000-memory.dmp	UPX
behavioral2/files/0x000700000002342d-23.dat	UPX
behavioral2/files/0x000700000002342f-21.dat	UPX
behavioral2/files/0x0007000000023430-18.dat	UPX
behavioral2/files/0x0007000000023433-33.dat	UPX
behavioral2/files/0x0007000000023436-60.dat	UPX
behavioral2/files/0x0007000000023435-70.dat	UPX
behavioral2/files/0x000700000002343e-109.dat	UPX
behavioral2/files/0x000700000002343f-110.dat	UPX
behavioral2/files/0x0007000000023449-139.dat	UPX
behavioral2/files/0x000700000002343d-155.dat	UPX
behavioral2/files/0x000700000002344c-183.dat	UPX
behavioral2/memory/4720-195-0x00007FF7F5390000-0x00007FF7F56E4000-memory.dmp	UPX
behavioral2/memory/2072-201-0x00007FF7B3500000-0x00007FF7B3854000-memory.dmp	UPX
behavioral2/memory/4704-206-0x00007FF786E70000-0x00007FF7871C4000-memory.dmp	UPX
behavioral2/memory/4608-209-0x00007FF61CB20000-0x00007FF61CE74000-memory.dmp	UPX
behavioral2/memory/4308-208-0x00007FF713040000-0x00007FF713394000-memory.dmp	UPX
behavioral2/memory/1420-207-0x00007FF73F8E0000-0x00007FF73FC34000-memory.dmp	UPX
behavioral2/memory/1224-205-0x00007FF7C0330000-0x00007FF7C0684000-memory.dmp	UPX
behavioral2/memory/880-204-0x00007FF71C3D0000-0x00007FF71C724000-memory.dmp	UPX
behavioral2/memory/1988-203-0x00007FF6D0060000-0x00007FF6D03B4000-memory.dmp	UPX
behavioral2/memory/4784-202-0x00007FF75EA60000-0x00007FF75EDB4000-memory.dmp	UPX
behavioral2/memory/2436-200-0x00007FF7063A0000-0x00007FF7066F4000-memory.dmp	UPX
behavioral2/memory/2948-199-0x00007FF75E790000-0x00007FF75EAE4000-memory.dmp	UPX
behavioral2/memory/4424-198-0x00007FF755DA0000-0x00007FF7560F4000-memory.dmp	UPX
behavioral2/memory/1376-197-0x00007FF744F60000-0x00007FF7452B4000-memory.dmp	UPX
behavioral2/memory/4980-196-0x00007FF6A87E0000-0x00007FF6A8B34000-memory.dmp	UPX
behavioral2/memory/1268-192-0x00007FF7BF7E0000-0x00007FF7BFB34000-memory.dmp	UPX
behavioral2/memory/4936-191-0x00007FF75B360000-0x00007FF75B6B4000-memory.dmp	UPX
behavioral2/memory/5016-184-0x00007FF7E3770000-0x00007FF7E3AC4000-memory.dmp	UPX
behavioral2/files/0x000900000002342a-180.dat	UPX
behavioral2/files/0x0007000000023448-178.dat	UPX
behavioral2/files/0x0007000000023446-176.dat	UPX
behavioral2/files/0x0007000000023445-174.dat	UPX
behavioral2/files/0x000700000002344b-171.dat	UPX
behavioral2/memory/3540-170-0x00007FF6F7830000-0x00007FF6F7B84000-memory.dmp	UPX
behavioral2/memory/1300-164-0x00007FF72FAC0000-0x00007FF72FE14000-memory.dmp	UPX
behavioral2/files/0x0007000000023444-154.dat	UPX
behavioral2/files/0x0007000000023443-152.dat	UPX
behavioral2/files/0x000700000002344a-150.dat	UPX
behavioral2/files/0x0007000000023442-148.dat	UPX
behavioral2/files/0x0007000000023447-145.dat	UPX
behavioral2/files/0x0007000000023441-144.dat	UPX
behavioral2/files/0x0007000000023440-142.dat	UPX
behavioral2/memory/724-141-0x00007FF683340000-0x00007FF683694000-memory.dmp	UPX
behavioral2/memory/2340-140-0x00007FF61D120000-0x00007FF61D474000-memory.dmp	UPX
behavioral2/memory/4552-123-0x00007FF7C43D0000-0x00007FF7C4724000-memory.dmp	UPX
behavioral2/files/0x000700000002343b-113.dat	UPX
behavioral2/files/0x000700000002343a-108.dat	UPX
behavioral2/memory/2052-105-0x00007FF609D80000-0x00007FF60A0D4000-memory.dmp	UPX
behavioral2/files/0x000700000002343c-100.dat	UPX
behavioral2/files/0x0007000000023439-93.dat	UPX
behavioral2/files/0x0007000000023438-89.dat	UPX
behavioral2/files/0x0007000000023437-86.dat	UPX
behavioral2/memory/2648-76-0x00007FF6A1B20000-0x00007FF6A1E74000-memory.dmp	UPX
behavioral2/files/0x0007000000023434-73.dat	UPX
behavioral2/files/0x0007000000023432-51.dat	UPX
behavioral2/memory/3884-40-0x00007FF745CA0000-0x00007FF745FF4000-memory.dmp	UPX
behavioral2/memory/2736-11-0x00007FF660A20000-0x00007FF660D74000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2136-0-0x00007FF7834F0000-0x00007FF783844000-memory.dmp	xmrig
behavioral2/files/0x0009000000023297-5.dat	xmrig
behavioral2/files/0x000700000002342e-8.dat	xmrig
behavioral2/files/0x0007000000023431-31.dat	xmrig
behavioral2/memory/5076-28-0x00007FF76F1C0000-0x00007FF76F514000-memory.dmp	xmrig
behavioral2/memory/4404-25-0x00007FF712940000-0x00007FF712C94000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-23.dat	xmrig
behavioral2/files/0x000700000002342f-21.dat	xmrig
behavioral2/files/0x0007000000023430-18.dat	xmrig
behavioral2/files/0x0007000000023433-33.dat	xmrig
behavioral2/files/0x0007000000023436-60.dat	xmrig
behavioral2/files/0x0007000000023435-70.dat	xmrig
behavioral2/files/0x000700000002343e-109.dat	xmrig
behavioral2/files/0x000700000002343f-110.dat	xmrig
behavioral2/files/0x0007000000023449-139.dat	xmrig
behavioral2/files/0x000700000002343d-155.dat	xmrig
behavioral2/files/0x000700000002344c-183.dat	xmrig
behavioral2/memory/4720-195-0x00007FF7F5390000-0x00007FF7F56E4000-memory.dmp	xmrig
behavioral2/memory/2072-201-0x00007FF7B3500000-0x00007FF7B3854000-memory.dmp	xmrig
behavioral2/memory/4704-206-0x00007FF786E70000-0x00007FF7871C4000-memory.dmp	xmrig
behavioral2/memory/4608-209-0x00007FF61CB20000-0x00007FF61CE74000-memory.dmp	xmrig
behavioral2/memory/4308-208-0x00007FF713040000-0x00007FF713394000-memory.dmp	xmrig
behavioral2/memory/1420-207-0x00007FF73F8E0000-0x00007FF73FC34000-memory.dmp	xmrig
behavioral2/memory/1224-205-0x00007FF7C0330000-0x00007FF7C0684000-memory.dmp	xmrig
behavioral2/memory/880-204-0x00007FF71C3D0000-0x00007FF71C724000-memory.dmp	xmrig
behavioral2/memory/1988-203-0x00007FF6D0060000-0x00007FF6D03B4000-memory.dmp	xmrig
behavioral2/memory/4784-202-0x00007FF75EA60000-0x00007FF75EDB4000-memory.dmp	xmrig
behavioral2/memory/2436-200-0x00007FF7063A0000-0x00007FF7066F4000-memory.dmp	xmrig
behavioral2/memory/2948-199-0x00007FF75E790000-0x00007FF75EAE4000-memory.dmp	xmrig
behavioral2/memory/4424-198-0x00007FF755DA0000-0x00007FF7560F4000-memory.dmp	xmrig
behavioral2/memory/1376-197-0x00007FF744F60000-0x00007FF7452B4000-memory.dmp	xmrig
behavioral2/memory/4980-196-0x00007FF6A87E0000-0x00007FF6A8B34000-memory.dmp	xmrig
behavioral2/memory/1268-192-0x00007FF7BF7E0000-0x00007FF7BFB34000-memory.dmp	xmrig
behavioral2/memory/4936-191-0x00007FF75B360000-0x00007FF75B6B4000-memory.dmp	xmrig
behavioral2/memory/5016-184-0x00007FF7E3770000-0x00007FF7E3AC4000-memory.dmp	xmrig
behavioral2/files/0x000900000002342a-180.dat	xmrig
behavioral2/files/0x0007000000023448-178.dat	xmrig
behavioral2/files/0x0007000000023446-176.dat	xmrig
behavioral2/files/0x0007000000023445-174.dat	xmrig
behavioral2/files/0x000700000002344b-171.dat	xmrig
behavioral2/memory/3540-170-0x00007FF6F7830000-0x00007FF6F7B84000-memory.dmp	xmrig
behavioral2/memory/1300-164-0x00007FF72FAC0000-0x00007FF72FE14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023444-154.dat	xmrig
behavioral2/files/0x0007000000023443-152.dat	xmrig
behavioral2/files/0x000700000002344a-150.dat	xmrig
behavioral2/files/0x0007000000023442-148.dat	xmrig
behavioral2/files/0x0007000000023447-145.dat	xmrig
behavioral2/files/0x0007000000023441-144.dat	xmrig
behavioral2/files/0x0007000000023440-142.dat	xmrig
behavioral2/memory/724-141-0x00007FF683340000-0x00007FF683694000-memory.dmp	xmrig
behavioral2/memory/2340-140-0x00007FF61D120000-0x00007FF61D474000-memory.dmp	xmrig
behavioral2/memory/4552-123-0x00007FF7C43D0000-0x00007FF7C4724000-memory.dmp	xmrig
behavioral2/files/0x000700000002343b-113.dat	xmrig
behavioral2/files/0x000700000002343a-108.dat	xmrig
behavioral2/memory/2052-105-0x00007FF609D80000-0x00007FF60A0D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343c-100.dat	xmrig
behavioral2/files/0x0007000000023439-93.dat	xmrig
behavioral2/files/0x0007000000023438-89.dat	xmrig
behavioral2/files/0x0007000000023437-86.dat	xmrig
behavioral2/memory/2648-76-0x00007FF6A1B20000-0x00007FF6A1E74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-73.dat	xmrig
behavioral2/files/0x0007000000023432-51.dat	xmrig
behavioral2/memory/3884-40-0x00007FF745CA0000-0x00007FF745FF4000-memory.dmp	xmrig
behavioral2/memory/2736-11-0x00007FF660A20000-0x00007FF660D74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2736	rpWmFMU.exe
4404	OewxYqg.exe
1988	stSkegb.exe
5076	tkmkFUV.exe
880	JtzQTFX.exe
1224	EaDXjuq.exe
3884	DQYDfRy.exe
2648	vmebbIO.exe
4704	okqptxd.exe
2052	ABOBtoL.exe
4552	JScncFW.exe
2340	PaoHATD.exe
724	XxonuiY.exe
1300	TgwwQxL.exe
3540	wtrNVWT.exe
5016	cGTLuJP.exe
1420	pulgFgp.exe
4936	NziNyrf.exe
4308	HwFqHhT.exe
1268	uGpFkaP.exe
4720	KoNbVNh.exe
4980	cvAunDm.exe
1376	aKUhpVa.exe
4424	jSbpfHV.exe
2948	rKikQpY.exe
2436	qxnAAwH.exe
4608	SnQqamD.exe
2072	ctYzmcq.exe
4784	GkhnIkE.exe
2920	ZdRvOnx.exe
3464	zBTAQQt.exe
3952	QNKGhTg.exe
1696	BQIBzrk.exe
4192	iDKGCZt.exe
3336	TnCnblw.exe
3664	zRvVfGc.exe
3552	zepPDJA.exe
1852	NUAcpzY.exe
1400	lVSeGFa.exe
2840	vFdnPix.exe
4564	WerjyCH.exe
1160	XAjPlJc.exe
1452	bmSgIPe.exe
2468	xOnnAEq.exe
1680	sPkcKjJ.exe
1788	MpnCZOD.exe
2864	TSWsdiJ.exe
3240	NniFUhr.exe
1560	XsTOCMP.exe
4652	wYNayhC.exe
3796	xtMGUTq.exe
3816	TVDyTcS.exe
2608	LbFECoQ.exe
3932	dYWrnNl.exe
3216	jMflXEw.exe
2148	ReUxExG.exe
916	HWdiLgw.exe
736	rWciADL.exe
4256	HKCQidn.exe
3272	mBteacK.exe
1152	CrGDrFY.exe
4856	tUZelLY.exe
4428	ZYGyPRB.exe
4736	DEiVQeD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2136-0-0x00007FF7834F0000-0x00007FF783844000-memory.dmp	upx
behavioral2/files/0x0009000000023297-5.dat	upx
behavioral2/files/0x000700000002342e-8.dat	upx
behavioral2/files/0x0007000000023431-31.dat	upx
behavioral2/memory/5076-28-0x00007FF76F1C0000-0x00007FF76F514000-memory.dmp	upx
behavioral2/memory/4404-25-0x00007FF712940000-0x00007FF712C94000-memory.dmp	upx
behavioral2/files/0x000700000002342d-23.dat	upx
behavioral2/files/0x000700000002342f-21.dat	upx
behavioral2/files/0x0007000000023430-18.dat	upx
behavioral2/files/0x0007000000023433-33.dat	upx
behavioral2/files/0x0007000000023436-60.dat	upx
behavioral2/files/0x0007000000023435-70.dat	upx
behavioral2/files/0x000700000002343e-109.dat	upx
behavioral2/files/0x000700000002343f-110.dat	upx
behavioral2/files/0x0007000000023449-139.dat	upx
behavioral2/files/0x000700000002343d-155.dat	upx
behavioral2/files/0x000700000002344c-183.dat	upx
behavioral2/memory/4720-195-0x00007FF7F5390000-0x00007FF7F56E4000-memory.dmp	upx
behavioral2/memory/2072-201-0x00007FF7B3500000-0x00007FF7B3854000-memory.dmp	upx
behavioral2/memory/4704-206-0x00007FF786E70000-0x00007FF7871C4000-memory.dmp	upx
behavioral2/memory/4608-209-0x00007FF61CB20000-0x00007FF61CE74000-memory.dmp	upx
behavioral2/memory/4308-208-0x00007FF713040000-0x00007FF713394000-memory.dmp	upx
behavioral2/memory/1420-207-0x00007FF73F8E0000-0x00007FF73FC34000-memory.dmp	upx
behavioral2/memory/1224-205-0x00007FF7C0330000-0x00007FF7C0684000-memory.dmp	upx
behavioral2/memory/880-204-0x00007FF71C3D0000-0x00007FF71C724000-memory.dmp	upx
behavioral2/memory/1988-203-0x00007FF6D0060000-0x00007FF6D03B4000-memory.dmp	upx
behavioral2/memory/4784-202-0x00007FF75EA60000-0x00007FF75EDB4000-memory.dmp	upx
behavioral2/memory/2436-200-0x00007FF7063A0000-0x00007FF7066F4000-memory.dmp	upx
behavioral2/memory/2948-199-0x00007FF75E790000-0x00007FF75EAE4000-memory.dmp	upx
behavioral2/memory/4424-198-0x00007FF755DA0000-0x00007FF7560F4000-memory.dmp	upx
behavioral2/memory/1376-197-0x00007FF744F60000-0x00007FF7452B4000-memory.dmp	upx
behavioral2/memory/4980-196-0x00007FF6A87E0000-0x00007FF6A8B34000-memory.dmp	upx
behavioral2/memory/1268-192-0x00007FF7BF7E0000-0x00007FF7BFB34000-memory.dmp	upx
behavioral2/memory/4936-191-0x00007FF75B360000-0x00007FF75B6B4000-memory.dmp	upx
behavioral2/memory/5016-184-0x00007FF7E3770000-0x00007FF7E3AC4000-memory.dmp	upx
behavioral2/files/0x000900000002342a-180.dat	upx
behavioral2/files/0x0007000000023448-178.dat	upx
behavioral2/files/0x0007000000023446-176.dat	upx
behavioral2/files/0x0007000000023445-174.dat	upx
behavioral2/files/0x000700000002344b-171.dat	upx
behavioral2/memory/3540-170-0x00007FF6F7830000-0x00007FF6F7B84000-memory.dmp	upx
behavioral2/memory/1300-164-0x00007FF72FAC0000-0x00007FF72FE14000-memory.dmp	upx
behavioral2/files/0x0007000000023444-154.dat	upx
behavioral2/files/0x0007000000023443-152.dat	upx
behavioral2/files/0x000700000002344a-150.dat	upx
behavioral2/files/0x0007000000023442-148.dat	upx
behavioral2/files/0x0007000000023447-145.dat	upx
behavioral2/files/0x0007000000023441-144.dat	upx
behavioral2/files/0x0007000000023440-142.dat	upx
behavioral2/memory/724-141-0x00007FF683340000-0x00007FF683694000-memory.dmp	upx
behavioral2/memory/2340-140-0x00007FF61D120000-0x00007FF61D474000-memory.dmp	upx
behavioral2/memory/4552-123-0x00007FF7C43D0000-0x00007FF7C4724000-memory.dmp	upx
behavioral2/files/0x000700000002343b-113.dat	upx
behavioral2/files/0x000700000002343a-108.dat	upx
behavioral2/memory/2052-105-0x00007FF609D80000-0x00007FF60A0D4000-memory.dmp	upx
behavioral2/files/0x000700000002343c-100.dat	upx
behavioral2/files/0x0007000000023439-93.dat	upx
behavioral2/files/0x0007000000023438-89.dat	upx
behavioral2/files/0x0007000000023437-86.dat	upx
behavioral2/memory/2648-76-0x00007FF6A1B20000-0x00007FF6A1E74000-memory.dmp	upx
behavioral2/files/0x0007000000023434-73.dat	upx
behavioral2/files/0x0007000000023432-51.dat	upx
behavioral2/memory/3884-40-0x00007FF745CA0000-0x00007FF745FF4000-memory.dmp	upx
behavioral2/memory/2736-11-0x00007FF660A20000-0x00007FF660D74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hyDztPW.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\cGTLuJP.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\hUOfKhf.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\gjwuxIG.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\cEnwLts.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\Bjlphdm.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\lNIsYJW.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\MkTVxVV.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\DbmzrSl.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\RORknqh.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\ovtTKVa.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\KWQVVui.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\btaddkj.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\JoxknxE.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\pulgFgp.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\XAjPlJc.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\XCMuVik.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\NGHbMrp.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\gWeaeXg.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\SvDqqpI.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\fLGbkLf.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\fzWdUoS.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\jIPnhct.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\qWsSibe.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\rUXJkTU.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\sgGKBWw.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\ebXqLop.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\Pelbcpu.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\jMflXEw.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\QcwpzYc.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\tJoNOvX.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\enkldOF.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\ZIaUKSy.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\OdAZFly.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\mUnoQDS.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\WHUmYKl.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\nhIljtZ.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\VgHlCWG.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\GAeLwvD.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\qKlWiqM.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\aJLyjpz.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\gJBcUqE.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\cHhyXJL.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\NTfqKqE.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\zVEPibU.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\KeRZLor.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\yyjXopT.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\BfjnQjp.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\wxgWETU.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\wVnQqax.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\dAsAGVY.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\dHXkcFQ.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\WidkAeu.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\mcLebQO.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\CbmSJVC.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\rxHRhqU.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\kiLFXrH.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\YsbhJHC.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\GLFcguE.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\FmwwYTl.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\qQWTdgw.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\iDKGCZt.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\OjiSdBX.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
File created	C:\Windows\System\ejSYYzk.exe	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15172	dwm.exe
Token: SeChangeNotifyPrivilege	15172	dwm.exe
Token: 33	15172	dwm.exe
Token: SeIncBasePriorityPrivilege	15172	dwm.exe
Token: SeShutdownPrivilege	15172	dwm.exe
Token: SeCreatePagefilePrivilege	15172	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2736	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	86
PID 2136 wrote to memory of 2736	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	86
PID 2136 wrote to memory of 4404	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	87
PID 2136 wrote to memory of 4404	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	87
PID 2136 wrote to memory of 5076	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	88
PID 2136 wrote to memory of 5076	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	88
PID 2136 wrote to memory of 880	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	89
PID 2136 wrote to memory of 880	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	89
PID 2136 wrote to memory of 1988	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	90
PID 2136 wrote to memory of 1988	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	90
PID 2136 wrote to memory of 1224	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	91
PID 2136 wrote to memory of 1224	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	91
PID 2136 wrote to memory of 3884	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	92
PID 2136 wrote to memory of 3884	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	92
PID 2136 wrote to memory of 2648	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	93
PID 2136 wrote to memory of 2648	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	93
PID 2136 wrote to memory of 2052	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	94
PID 2136 wrote to memory of 2052	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	94
PID 2136 wrote to memory of 4704	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	95
PID 2136 wrote to memory of 4704	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	95
PID 2136 wrote to memory of 4552	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	96
PID 2136 wrote to memory of 4552	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	96
PID 2136 wrote to memory of 2340	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	97
PID 2136 wrote to memory of 2340	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	97
PID 2136 wrote to memory of 724	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	98
PID 2136 wrote to memory of 724	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	98
PID 2136 wrote to memory of 1300	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	99
PID 2136 wrote to memory of 1300	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	99
PID 2136 wrote to memory of 3540	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	100
PID 2136 wrote to memory of 3540	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	100
PID 2136 wrote to memory of 5016	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	101
PID 2136 wrote to memory of 5016	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	101
PID 2136 wrote to memory of 1420	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	102
PID 2136 wrote to memory of 1420	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	102
PID 2136 wrote to memory of 4936	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	103
PID 2136 wrote to memory of 4936	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	103
PID 2136 wrote to memory of 4308	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	104
PID 2136 wrote to memory of 4308	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	104
PID 2136 wrote to memory of 1268	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	105
PID 2136 wrote to memory of 1268	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	105
PID 2136 wrote to memory of 4720	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	106
PID 2136 wrote to memory of 4720	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	106
PID 2136 wrote to memory of 4980	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	107
PID 2136 wrote to memory of 4980	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	107
PID 2136 wrote to memory of 1376	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	108
PID 2136 wrote to memory of 1376	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	108
PID 2136 wrote to memory of 4424	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	109
PID 2136 wrote to memory of 4424	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	109
PID 2136 wrote to memory of 2948	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	110
PID 2136 wrote to memory of 2948	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	110
PID 2136 wrote to memory of 2436	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	111
PID 2136 wrote to memory of 2436	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	111
PID 2136 wrote to memory of 2072	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	112
PID 2136 wrote to memory of 2072	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	112
PID 2136 wrote to memory of 4608	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	113
PID 2136 wrote to memory of 4608	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	113
PID 2136 wrote to memory of 4784	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	114
PID 2136 wrote to memory of 4784	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	114
PID 2136 wrote to memory of 2920	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	115
PID 2136 wrote to memory of 2920	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	115
PID 2136 wrote to memory of 3464	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	116
PID 2136 wrote to memory of 3464	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	116
PID 2136 wrote to memory of 3952	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	117
PID 2136 wrote to memory of 3952	2136	2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe	117

C:\Users\Admin\AppData\Local\Temp\2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe
"C:\Users\Admin\AppData\Local\Temp\2dc84ad74c0ff4617841658f273b0ed08ae542a185f12a5b7d0c65ae67cd608b.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\System\rpWmFMU.exe
  C:\Windows\System\rpWmFMU.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\OewxYqg.exe
  C:\Windows\System\OewxYqg.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\tkmkFUV.exe
  C:\Windows\System\tkmkFUV.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\JtzQTFX.exe
  C:\Windows\System\JtzQTFX.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\stSkegb.exe
  C:\Windows\System\stSkegb.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\EaDXjuq.exe
  C:\Windows\System\EaDXjuq.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\DQYDfRy.exe
  C:\Windows\System\DQYDfRy.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\vmebbIO.exe
  C:\Windows\System\vmebbIO.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\ABOBtoL.exe
  C:\Windows\System\ABOBtoL.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\okqptxd.exe
  C:\Windows\System\okqptxd.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\JScncFW.exe
  C:\Windows\System\JScncFW.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\PaoHATD.exe
  C:\Windows\System\PaoHATD.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\XxonuiY.exe
  C:\Windows\System\XxonuiY.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\TgwwQxL.exe
  C:\Windows\System\TgwwQxL.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\wtrNVWT.exe
  C:\Windows\System\wtrNVWT.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\cGTLuJP.exe
  C:\Windows\System\cGTLuJP.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\pulgFgp.exe
  C:\Windows\System\pulgFgp.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\NziNyrf.exe
  C:\Windows\System\NziNyrf.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\HwFqHhT.exe
  C:\Windows\System\HwFqHhT.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\uGpFkaP.exe
  C:\Windows\System\uGpFkaP.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\KoNbVNh.exe
  C:\Windows\System\KoNbVNh.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\cvAunDm.exe
  C:\Windows\System\cvAunDm.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\aKUhpVa.exe
  C:\Windows\System\aKUhpVa.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\jSbpfHV.exe
  C:\Windows\System\jSbpfHV.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\rKikQpY.exe
  C:\Windows\System\rKikQpY.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\qxnAAwH.exe
  C:\Windows\System\qxnAAwH.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\ctYzmcq.exe
  C:\Windows\System\ctYzmcq.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\SnQqamD.exe
  C:\Windows\System\SnQqamD.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\GkhnIkE.exe
  C:\Windows\System\GkhnIkE.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\ZdRvOnx.exe
  C:\Windows\System\ZdRvOnx.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\zBTAQQt.exe
  C:\Windows\System\zBTAQQt.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\QNKGhTg.exe
  C:\Windows\System\QNKGhTg.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\BQIBzrk.exe
  C:\Windows\System\BQIBzrk.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\iDKGCZt.exe
  C:\Windows\System\iDKGCZt.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\TnCnblw.exe
  C:\Windows\System\TnCnblw.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\zRvVfGc.exe
  C:\Windows\System\zRvVfGc.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\zepPDJA.exe
  C:\Windows\System\zepPDJA.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\NUAcpzY.exe
  C:\Windows\System\NUAcpzY.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\lVSeGFa.exe
  C:\Windows\System\lVSeGFa.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\vFdnPix.exe
  C:\Windows\System\vFdnPix.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\WerjyCH.exe
  C:\Windows\System\WerjyCH.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\XAjPlJc.exe
  C:\Windows\System\XAjPlJc.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\bmSgIPe.exe
  C:\Windows\System\bmSgIPe.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\xOnnAEq.exe
  C:\Windows\System\xOnnAEq.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\sPkcKjJ.exe
  C:\Windows\System\sPkcKjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\MpnCZOD.exe
  C:\Windows\System\MpnCZOD.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\TSWsdiJ.exe
  C:\Windows\System\TSWsdiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\NniFUhr.exe
  C:\Windows\System\NniFUhr.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\XsTOCMP.exe
  C:\Windows\System\XsTOCMP.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\wYNayhC.exe
  C:\Windows\System\wYNayhC.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\xtMGUTq.exe
  C:\Windows\System\xtMGUTq.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\TVDyTcS.exe
  C:\Windows\System\TVDyTcS.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\LbFECoQ.exe
  C:\Windows\System\LbFECoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\dYWrnNl.exe
  C:\Windows\System\dYWrnNl.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\jMflXEw.exe
  C:\Windows\System\jMflXEw.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\ReUxExG.exe
  C:\Windows\System\ReUxExG.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\HWdiLgw.exe
  C:\Windows\System\HWdiLgw.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\rWciADL.exe
  C:\Windows\System\rWciADL.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\HKCQidn.exe
  C:\Windows\System\HKCQidn.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\mBteacK.exe
  C:\Windows\System\mBteacK.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\CrGDrFY.exe
  C:\Windows\System\CrGDrFY.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\tUZelLY.exe
  C:\Windows\System\tUZelLY.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\ZYGyPRB.exe
  C:\Windows\System\ZYGyPRB.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\DEiVQeD.exe
  C:\Windows\System\DEiVQeD.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\shEkUpp.exe
  C:\Windows\System\shEkUpp.exe
  2⤵
  PID:1192
- C:\Windows\System\JuvfCOc.exe
  C:\Windows\System\JuvfCOc.exe
  2⤵
  PID:3292
- C:\Windows\System\jYOvSaV.exe
  C:\Windows\System\jYOvSaV.exe
  2⤵
  PID:756
- C:\Windows\System\zEpqRdM.exe
  C:\Windows\System\zEpqRdM.exe
  2⤵
  PID:1524
- C:\Windows\System\zNvuyNb.exe
  C:\Windows\System\zNvuyNb.exe
  2⤵
  PID:2964
- C:\Windows\System\isTxJuZ.exe
  C:\Windows\System\isTxJuZ.exe
  2⤵
  PID:4392
- C:\Windows\System\xbQjWnS.exe
  C:\Windows\System\xbQjWnS.exe
  2⤵
  PID:1140
- C:\Windows\System\rxHRhqU.exe
  C:\Windows\System\rxHRhqU.exe
  2⤵
  PID:4036
- C:\Windows\System\ZJyyfoM.exe
  C:\Windows\System\ZJyyfoM.exe
  2⤵
  PID:4752
- C:\Windows\System\abJWxVD.exe
  C:\Windows\System\abJWxVD.exe
  2⤵
  PID:3528
- C:\Windows\System\efvPrmf.exe
  C:\Windows\System\efvPrmf.exe
  2⤵
  PID:3728
- C:\Windows\System\pbtBlSc.exe
  C:\Windows\System\pbtBlSc.exe
  2⤵
  PID:384
- C:\Windows\System\QcwpzYc.exe
  C:\Windows\System\QcwpzYc.exe
  2⤵
  PID:5136
- C:\Windows\System\AqFAIbh.exe
  C:\Windows\System\AqFAIbh.exe
  2⤵
  PID:5176
- C:\Windows\System\DaAdJAh.exe
  C:\Windows\System\DaAdJAh.exe
  2⤵
  PID:5212
- C:\Windows\System\djekPcf.exe
  C:\Windows\System\djekPcf.exe
  2⤵
  PID:5244
- C:\Windows\System\nNJKutP.exe
  C:\Windows\System\nNJKutP.exe
  2⤵
  PID:5280
- C:\Windows\System\rWBIxjC.exe
  C:\Windows\System\rWBIxjC.exe
  2⤵
  PID:5316
- C:\Windows\System\eWsIkmN.exe
  C:\Windows\System\eWsIkmN.exe
  2⤵
  PID:5356
- C:\Windows\System\SORpbnL.exe
  C:\Windows\System\SORpbnL.exe
  2⤵
  PID:5384
- C:\Windows\System\nimeNCf.exe
  C:\Windows\System\nimeNCf.exe
  2⤵
  PID:5416
- C:\Windows\System\LxrQHjO.exe
  C:\Windows\System\LxrQHjO.exe
  2⤵
  PID:5456
- C:\Windows\System\wxgWETU.exe
  C:\Windows\System\wxgWETU.exe
  2⤵
  PID:5488
- C:\Windows\System\uBJwNtC.exe
  C:\Windows\System\uBJwNtC.exe
  2⤵
  PID:5516
- C:\Windows\System\RrmOypX.exe
  C:\Windows\System\RrmOypX.exe
  2⤵
  PID:5556
- C:\Windows\System\ExYPyNE.exe
  C:\Windows\System\ExYPyNE.exe
  2⤵
  PID:5576
- C:\Windows\System\UaVpXPU.exe
  C:\Windows\System\UaVpXPU.exe
  2⤵
  PID:5604
- C:\Windows\System\pIgSuGy.exe
  C:\Windows\System\pIgSuGy.exe
  2⤵
  PID:5640
- C:\Windows\System\GfKWfnM.exe
  C:\Windows\System\GfKWfnM.exe
  2⤵
  PID:5664
- C:\Windows\System\orCshlh.exe
  C:\Windows\System\orCshlh.exe
  2⤵
  PID:5688
- C:\Windows\System\yZGofew.exe
  C:\Windows\System\yZGofew.exe
  2⤵
  PID:5720
- C:\Windows\System\XBFTPkD.exe
  C:\Windows\System\XBFTPkD.exe
  2⤵
  PID:5748
- C:\Windows\System\VgVGWBV.exe
  C:\Windows\System\VgVGWBV.exe
  2⤵
  PID:5784
- C:\Windows\System\lkAEBbW.exe
  C:\Windows\System\lkAEBbW.exe
  2⤵
  PID:5812
- C:\Windows\System\dkObFCV.exe
  C:\Windows\System\dkObFCV.exe
  2⤵
  PID:5836
- C:\Windows\System\PVRKpCh.exe
  C:\Windows\System\PVRKpCh.exe
  2⤵
  PID:5872
- C:\Windows\System\oygIFnY.exe
  C:\Windows\System\oygIFnY.exe
  2⤵
  PID:5896
- C:\Windows\System\iDPZqgS.exe
  C:\Windows\System\iDPZqgS.exe
  2⤵
  PID:5928
- C:\Windows\System\DCHmySQ.exe
  C:\Windows\System\DCHmySQ.exe
  2⤵
  PID:5952
- C:\Windows\System\neKdBDj.exe
  C:\Windows\System\neKdBDj.exe
  2⤵
  PID:5984
- C:\Windows\System\nswxadH.exe
  C:\Windows\System\nswxadH.exe
  2⤵
  PID:6012
- C:\Windows\System\vukGzql.exe
  C:\Windows\System\vukGzql.exe
  2⤵
  PID:6040
- C:\Windows\System\JdAWloe.exe
  C:\Windows\System\JdAWloe.exe
  2⤵
  PID:6076
- C:\Windows\System\fFtuWGR.exe
  C:\Windows\System\fFtuWGR.exe
  2⤵
  PID:6104
- C:\Windows\System\djxGwwm.exe
  C:\Windows\System\djxGwwm.exe
  2⤵
  PID:6124
- C:\Windows\System\GpGXann.exe
  C:\Windows\System\GpGXann.exe
  2⤵
  PID:5148
- C:\Windows\System\FjKfpGL.exe
  C:\Windows\System\FjKfpGL.exe
  2⤵
  PID:5240
- C:\Windows\System\MMzbQLn.exe
  C:\Windows\System\MMzbQLn.exe
  2⤵
  PID:5312
- C:\Windows\System\DbmzrSl.exe
  C:\Windows\System\DbmzrSl.exe
  2⤵
  PID:5408
- C:\Windows\System\tJoNOvX.exe
  C:\Windows\System\tJoNOvX.exe
  2⤵
  PID:5472
- C:\Windows\System\nYWNhCZ.exe
  C:\Windows\System\nYWNhCZ.exe
  2⤵
  PID:1372
- C:\Windows\System\CmdeWzG.exe
  C:\Windows\System\CmdeWzG.exe
  2⤵
  PID:5536
- C:\Windows\System\OdAZFly.exe
  C:\Windows\System\OdAZFly.exe
  2⤵
  PID:4828
- C:\Windows\System\eyvIvGx.exe
  C:\Windows\System\eyvIvGx.exe
  2⤵
  PID:5628
- C:\Windows\System\qBfPzCl.exe
  C:\Windows\System\qBfPzCl.exe
  2⤵
  PID:5684
- C:\Windows\System\MrPXrtM.exe
  C:\Windows\System\MrPXrtM.exe
  2⤵
  PID:5768
- C:\Windows\System\FwPhzAZ.exe
  C:\Windows\System\FwPhzAZ.exe
  2⤵
  PID:5824
- C:\Windows\System\LZXWVaM.exe
  C:\Windows\System\LZXWVaM.exe
  2⤵
  PID:5888
- C:\Windows\System\JmyEWMc.exe
  C:\Windows\System\JmyEWMc.exe
  2⤵
  PID:5976
- C:\Windows\System\RBeegks.exe
  C:\Windows\System\RBeegks.exe
  2⤵
  PID:6024
- C:\Windows\System\ZDjLSSB.exe
  C:\Windows\System\ZDjLSSB.exe
  2⤵
  PID:6088
- C:\Windows\System\IYIpWhG.exe
  C:\Windows\System\IYIpWhG.exe
  2⤵
  PID:5132
- C:\Windows\System\XRwFtww.exe
  C:\Windows\System\XRwFtww.exe
  2⤵
  PID:5340
- C:\Windows\System\IXTcggp.exe
  C:\Windows\System\IXTcggp.exe
  2⤵
  PID:5124
- C:\Windows\System\aRrziFO.exe
  C:\Windows\System\aRrziFO.exe
  2⤵
  PID:5568
- C:\Windows\System\jRqplrG.exe
  C:\Windows\System\jRqplrG.exe
  2⤵
  PID:5712
- C:\Windows\System\IPWHEis.exe
  C:\Windows\System\IPWHEis.exe
  2⤵
  PID:5880
- C:\Windows\System\XnqdaPK.exe
  C:\Windows\System\XnqdaPK.exe
  2⤵
  PID:64
- C:\Windows\System\OowZALV.exe
  C:\Windows\System\OowZALV.exe
  2⤵
  PID:5304
- C:\Windows\System\hodVBxc.exe
  C:\Windows\System\hodVBxc.exe
  2⤵
  PID:5796
- C:\Windows\System\DryDgfO.exe
  C:\Windows\System\DryDgfO.exe
  2⤵
  PID:5292
- C:\Windows\System\znUjvcT.exe
  C:\Windows\System\znUjvcT.exe
  2⤵
  PID:5600
- C:\Windows\System\bCxAYPO.exe
  C:\Windows\System\bCxAYPO.exe
  2⤵
  PID:6164
- C:\Windows\System\jwUTjDu.exe
  C:\Windows\System\jwUTjDu.exe
  2⤵
  PID:6200
- C:\Windows\System\CCLUzIO.exe
  C:\Windows\System\CCLUzIO.exe
  2⤵
  PID:6224
- C:\Windows\System\zwRdcYR.exe
  C:\Windows\System\zwRdcYR.exe
  2⤵
  PID:6248
- C:\Windows\System\gZpzaMi.exe
  C:\Windows\System\gZpzaMi.exe
  2⤵
  PID:6276
- C:\Windows\System\vspODrj.exe
  C:\Windows\System\vspODrj.exe
  2⤵
  PID:6300
- C:\Windows\System\HsvfJsk.exe
  C:\Windows\System\HsvfJsk.exe
  2⤵
  PID:6332
- C:\Windows\System\VoBsNXC.exe
  C:\Windows\System\VoBsNXC.exe
  2⤵
  PID:6364
- C:\Windows\System\ttvejUV.exe
  C:\Windows\System\ttvejUV.exe
  2⤵
  PID:6396
- C:\Windows\System\wFBfxQs.exe
  C:\Windows\System\wFBfxQs.exe
  2⤵
  PID:6424
- C:\Windows\System\onfXhnt.exe
  C:\Windows\System\onfXhnt.exe
  2⤵
  PID:6452
- C:\Windows\System\sCCDpLo.exe
  C:\Windows\System\sCCDpLo.exe
  2⤵
  PID:6484
- C:\Windows\System\XXnQnjU.exe
  C:\Windows\System\XXnQnjU.exe
  2⤵
  PID:6508
- C:\Windows\System\nfTcHqS.exe
  C:\Windows\System\nfTcHqS.exe
  2⤵
  PID:6536
- C:\Windows\System\QJdQVsC.exe
  C:\Windows\System\QJdQVsC.exe
  2⤵
  PID:6564
- C:\Windows\System\FngvBMd.exe
  C:\Windows\System\FngvBMd.exe
  2⤵
  PID:6604
- C:\Windows\System\srgmAAe.exe
  C:\Windows\System\srgmAAe.exe
  2⤵
  PID:6632
- C:\Windows\System\pvlRCwY.exe
  C:\Windows\System\pvlRCwY.exe
  2⤵
  PID:6668
- C:\Windows\System\gOzLyhc.exe
  C:\Windows\System\gOzLyhc.exe
  2⤵
  PID:6704
- C:\Windows\System\pdfTSZO.exe
  C:\Windows\System\pdfTSZO.exe
  2⤵
  PID:6724
- C:\Windows\System\JAftfyy.exe
  C:\Windows\System\JAftfyy.exe
  2⤵
  PID:6752
- C:\Windows\System\beqjoeN.exe
  C:\Windows\System\beqjoeN.exe
  2⤵
  PID:6780
- C:\Windows\System\XCMuVik.exe
  C:\Windows\System\XCMuVik.exe
  2⤵
  PID:6808
- C:\Windows\System\hgArJKM.exe
  C:\Windows\System\hgArJKM.exe
  2⤵
  PID:6840
- C:\Windows\System\mUnoQDS.exe
  C:\Windows\System\mUnoQDS.exe
  2⤵
  PID:6864
- C:\Windows\System\zAvdMGZ.exe
  C:\Windows\System\zAvdMGZ.exe
  2⤵
  PID:6892
- C:\Windows\System\KQuKooF.exe
  C:\Windows\System\KQuKooF.exe
  2⤵
  PID:6928
- C:\Windows\System\tshoBWz.exe
  C:\Windows\System\tshoBWz.exe
  2⤵
  PID:6956
- C:\Windows\System\wTMMJuR.exe
  C:\Windows\System\wTMMJuR.exe
  2⤵
  PID:6984
- C:\Windows\System\kSAbDAB.exe
  C:\Windows\System\kSAbDAB.exe
  2⤵
  PID:7016
- C:\Windows\System\hUOfKhf.exe
  C:\Windows\System\hUOfKhf.exe
  2⤵
  PID:7044
- C:\Windows\System\PRULHXM.exe
  C:\Windows\System\PRULHXM.exe
  2⤵
  PID:7072
- C:\Windows\System\WfIAdLa.exe
  C:\Windows\System\WfIAdLa.exe
  2⤵
  PID:7104
- C:\Windows\System\SLNMHUb.exe
  C:\Windows\System\SLNMHUb.exe
  2⤵
  PID:7128
- C:\Windows\System\rMdkYmt.exe
  C:\Windows\System\rMdkYmt.exe
  2⤵
  PID:7160
- C:\Windows\System\SdNOgsU.exe
  C:\Windows\System\SdNOgsU.exe
  2⤵
  PID:6188
- C:\Windows\System\RORknqh.exe
  C:\Windows\System\RORknqh.exe
  2⤵
  PID:6268
- C:\Windows\System\kiLFXrH.exe
  C:\Windows\System\kiLFXrH.exe
  2⤵
  PID:6328
- C:\Windows\System\zJMkccy.exe
  C:\Windows\System\zJMkccy.exe
  2⤵
  PID:6388
- C:\Windows\System\WHUmYKl.exe
  C:\Windows\System\WHUmYKl.exe
  2⤵
  PID:6472
- C:\Windows\System\cLQaEbf.exe
  C:\Windows\System\cLQaEbf.exe
  2⤵
  PID:6528
- C:\Windows\System\CVkzrqZ.exe
  C:\Windows\System\CVkzrqZ.exe
  2⤵
  PID:6576
- C:\Windows\System\puZjAme.exe
  C:\Windows\System\puZjAme.exe
  2⤵
  PID:6676
- C:\Windows\System\HPWmzIr.exe
  C:\Windows\System\HPWmzIr.exe
  2⤵
  PID:6744
- C:\Windows\System\YlIxWeO.exe
  C:\Windows\System\YlIxWeO.exe
  2⤵
  PID:6804
- C:\Windows\System\wBvKbqJ.exe
  C:\Windows\System\wBvKbqJ.exe
  2⤵
  PID:6884
- C:\Windows\System\CfCafuJ.exe
  C:\Windows\System\CfCafuJ.exe
  2⤵
  PID:6948
- C:\Windows\System\jiNiDuF.exe
  C:\Windows\System\jiNiDuF.exe
  2⤵
  PID:7008
- C:\Windows\System\lDipNuC.exe
  C:\Windows\System\lDipNuC.exe
  2⤵
  PID:7064
- C:\Windows\System\JGWXXUL.exe
  C:\Windows\System\JGWXXUL.exe
  2⤵
  PID:7148
- C:\Windows\System\GZhzXXb.exe
  C:\Windows\System\GZhzXXb.exe
  2⤵
  PID:6240
- C:\Windows\System\tleYCud.exe
  C:\Windows\System\tleYCud.exe
  2⤵
  PID:6384
- C:\Windows\System\IBtBOIT.exe
  C:\Windows\System\IBtBOIT.exe
  2⤵
  PID:6520
- C:\Windows\System\FlssPlw.exe
  C:\Windows\System\FlssPlw.exe
  2⤵
  PID:6712
- C:\Windows\System\KOdGvyU.exe
  C:\Windows\System\KOdGvyU.exe
  2⤵
  PID:6860
- C:\Windows\System\YKYipjp.exe
  C:\Windows\System\YKYipjp.exe
  2⤵
  PID:6996
- C:\Windows\System\NyFITrT.exe
  C:\Windows\System\NyFITrT.exe
  2⤵
  PID:6184
- C:\Windows\System\gjwuxIG.exe
  C:\Windows\System\gjwuxIG.exe
  2⤵
  PID:6768
- C:\Windows\System\hxVOAqI.exe
  C:\Windows\System\hxVOAqI.exe
  2⤵
  PID:6980
- C:\Windows\System\nwNmqPU.exe
  C:\Windows\System\nwNmqPU.exe
  2⤵
  PID:7188
- C:\Windows\System\wFafWSO.exe
  C:\Windows\System\wFafWSO.exe
  2⤵
  PID:7216
- C:\Windows\System\iDZqJzv.exe
  C:\Windows\System\iDZqJzv.exe
  2⤵
  PID:7244
- C:\Windows\System\OjiSdBX.exe
  C:\Windows\System\OjiSdBX.exe
  2⤵
  PID:7276
- C:\Windows\System\KcNcuwF.exe
  C:\Windows\System\KcNcuwF.exe
  2⤵
  PID:7304
- C:\Windows\System\mzyIZQj.exe
  C:\Windows\System\mzyIZQj.exe
  2⤵
  PID:7332
- C:\Windows\System\EpzHVFM.exe
  C:\Windows\System\EpzHVFM.exe
  2⤵
  PID:7360
- C:\Windows\System\dTrPxew.exe
  C:\Windows\System\dTrPxew.exe
  2⤵
  PID:7388
- C:\Windows\System\rGqifZP.exe
  C:\Windows\System\rGqifZP.exe
  2⤵
  PID:7420
- C:\Windows\System\olNBZwb.exe
  C:\Windows\System\olNBZwb.exe
  2⤵
  PID:7448
- C:\Windows\System\enkldOF.exe
  C:\Windows\System\enkldOF.exe
  2⤵
  PID:7476
- C:\Windows\System\tnIaXAm.exe
  C:\Windows\System\tnIaXAm.exe
  2⤵
  PID:7504
- C:\Windows\System\dyoclKb.exe
  C:\Windows\System\dyoclKb.exe
  2⤵
  PID:7532
- C:\Windows\System\ItkvziH.exe
  C:\Windows\System\ItkvziH.exe
  2⤵
  PID:7564
- C:\Windows\System\YuFxrNX.exe
  C:\Windows\System\YuFxrNX.exe
  2⤵
  PID:7588
- C:\Windows\System\hKaBotP.exe
  C:\Windows\System\hKaBotP.exe
  2⤵
  PID:7616
- C:\Windows\System\LEJfOdc.exe
  C:\Windows\System\LEJfOdc.exe
  2⤵
  PID:7648
- C:\Windows\System\PLVKSpf.exe
  C:\Windows\System\PLVKSpf.exe
  2⤵
  PID:7672
- C:\Windows\System\jKmuaDy.exe
  C:\Windows\System\jKmuaDy.exe
  2⤵
  PID:7704
- C:\Windows\System\cpJcrPN.exe
  C:\Windows\System\cpJcrPN.exe
  2⤵
  PID:7732
- C:\Windows\System\ijmdiDv.exe
  C:\Windows\System\ijmdiDv.exe
  2⤵
  PID:7760
- C:\Windows\System\wJsnsCl.exe
  C:\Windows\System\wJsnsCl.exe
  2⤵
  PID:7788
- C:\Windows\System\msqjzHW.exe
  C:\Windows\System\msqjzHW.exe
  2⤵
  PID:7816
- C:\Windows\System\bQRtVtC.exe
  C:\Windows\System\bQRtVtC.exe
  2⤵
  PID:7844
- C:\Windows\System\KfciMCV.exe
  C:\Windows\System\KfciMCV.exe
  2⤵
  PID:7872
- C:\Windows\System\LrYAfHu.exe
  C:\Windows\System\LrYAfHu.exe
  2⤵
  PID:7900
- C:\Windows\System\wVnQqax.exe
  C:\Windows\System\wVnQqax.exe
  2⤵
  PID:7928
- C:\Windows\System\BUbqytQ.exe
  C:\Windows\System\BUbqytQ.exe
  2⤵
  PID:7960
- C:\Windows\System\jZPjRFg.exe
  C:\Windows\System\jZPjRFg.exe
  2⤵
  PID:7984
- C:\Windows\System\PekcRaj.exe
  C:\Windows\System\PekcRaj.exe
  2⤵
  PID:8012
- C:\Windows\System\kjWmFpO.exe
  C:\Windows\System\kjWmFpO.exe
  2⤵
  PID:8044
- C:\Windows\System\OXRJkCW.exe
  C:\Windows\System\OXRJkCW.exe
  2⤵
  PID:8072
- C:\Windows\System\wROQlHo.exe
  C:\Windows\System\wROQlHo.exe
  2⤵
  PID:8100
- C:\Windows\System\cEnwLts.exe
  C:\Windows\System\cEnwLts.exe
  2⤵
  PID:8128
- C:\Windows\System\zqsLSzA.exe
  C:\Windows\System\zqsLSzA.exe
  2⤵
  PID:8156
- C:\Windows\System\dLPHRjd.exe
  C:\Windows\System\dLPHRjd.exe
  2⤵
  PID:8184
- C:\Windows\System\pTZInhD.exe
  C:\Windows\System\pTZInhD.exe
  2⤵
  PID:7208
- C:\Windows\System\qCmpHIR.exe
  C:\Windows\System\qCmpHIR.exe
  2⤵
  PID:7268
- C:\Windows\System\YaCfUSE.exe
  C:\Windows\System\YaCfUSE.exe
  2⤵
  PID:7352
- C:\Windows\System\DonxQtF.exe
  C:\Windows\System\DonxQtF.exe
  2⤵
  PID:7416
- C:\Windows\System\ednpYkU.exe
  C:\Windows\System\ednpYkU.exe
  2⤵
  PID:7488
- C:\Windows\System\cHhyXJL.exe
  C:\Windows\System\cHhyXJL.exe
  2⤵
  PID:7556
- C:\Windows\System\gkaBjdc.exe
  C:\Windows\System\gkaBjdc.exe
  2⤵
  PID:7608
- C:\Windows\System\TMciOsF.exe
  C:\Windows\System\TMciOsF.exe
  2⤵
  PID:7668
- C:\Windows\System\bxRnGyh.exe
  C:\Windows\System\bxRnGyh.exe
  2⤵
  PID:7744
- C:\Windows\System\ODbabmt.exe
  C:\Windows\System\ODbabmt.exe
  2⤵
  PID:7812
- C:\Windows\System\tcklFWq.exe
  C:\Windows\System\tcklFWq.exe
  2⤵
  PID:7868
- C:\Windows\System\hugkXmB.exe
  C:\Windows\System\hugkXmB.exe
  2⤵
  PID:7940
- C:\Windows\System\QRkkwzU.exe
  C:\Windows\System\QRkkwzU.exe
  2⤵
  PID:8008
- C:\Windows\System\JQrIvgs.exe
  C:\Windows\System\JQrIvgs.exe
  2⤵
  PID:8068
- C:\Windows\System\kQJLJUl.exe
  C:\Windows\System\kQJLJUl.exe
  2⤵
  PID:8140
- C:\Windows\System\TieuFQG.exe
  C:\Windows\System\TieuFQG.exe
  2⤵
  PID:7200
- C:\Windows\System\EHLkNUL.exe
  C:\Windows\System\EHLkNUL.exe
  2⤵
  PID:7328
- C:\Windows\System\erLYbLH.exe
  C:\Windows\System\erLYbLH.exe
  2⤵
  PID:7500
- C:\Windows\System\PLxneUk.exe
  C:\Windows\System\PLxneUk.exe
  2⤵
  PID:7656
- C:\Windows\System\efpDtLV.exe
  C:\Windows\System\efpDtLV.exe
  2⤵
  PID:7784
- C:\Windows\System\zhYYGba.exe
  C:\Windows\System\zhYYGba.exe
  2⤵
  PID:7980
- C:\Windows\System\ymGoPiw.exe
  C:\Windows\System\ymGoPiw.exe
  2⤵
  PID:8124
- C:\Windows\System\iLvWmkm.exe
  C:\Windows\System\iLvWmkm.exe
  2⤵
  PID:7400
- C:\Windows\System\akjxjmA.exe
  C:\Windows\System\akjxjmA.exe
  2⤵
  PID:7756
- C:\Windows\System\ridAnmv.exe
  C:\Windows\System\ridAnmv.exe
  2⤵
  PID:8096
- C:\Windows\System\dnBfYcs.exe
  C:\Windows\System\dnBfYcs.exe
  2⤵
  PID:7920
- C:\Windows\System\NTfqKqE.exe
  C:\Windows\System\NTfqKqE.exe
  2⤵
  PID:8200
- C:\Windows\System\EZZQcqz.exe
  C:\Windows\System\EZZQcqz.exe
  2⤵
  PID:8240
- C:\Windows\System\BYyRmOZ.exe
  C:\Windows\System\BYyRmOZ.exe
  2⤵
  PID:8280
- C:\Windows\System\dAsAGVY.exe
  C:\Windows\System\dAsAGVY.exe
  2⤵
  PID:8312
- C:\Windows\System\YsbhJHC.exe
  C:\Windows\System\YsbhJHC.exe
  2⤵
  PID:8340
- C:\Windows\System\fHkGhzv.exe
  C:\Windows\System\fHkGhzv.exe
  2⤵
  PID:8376
- C:\Windows\System\cbzdvcd.exe
  C:\Windows\System\cbzdvcd.exe
  2⤵
  PID:8392
- C:\Windows\System\uZdqYXw.exe
  C:\Windows\System\uZdqYXw.exe
  2⤵
  PID:8408
- C:\Windows\System\rPqLNnD.exe
  C:\Windows\System\rPqLNnD.exe
  2⤵
  PID:8424
- C:\Windows\System\zzOPrVA.exe
  C:\Windows\System\zzOPrVA.exe
  2⤵
  PID:8452
- C:\Windows\System\wpxipIo.exe
  C:\Windows\System\wpxipIo.exe
  2⤵
  PID:8496
- C:\Windows\System\mYpuWNh.exe
  C:\Windows\System\mYpuWNh.exe
  2⤵
  PID:8528
- C:\Windows\System\fXQaTgT.exe
  C:\Windows\System\fXQaTgT.exe
  2⤵
  PID:8564
- C:\Windows\System\rinXsiF.exe
  C:\Windows\System\rinXsiF.exe
  2⤵
  PID:8600
- C:\Windows\System\Egcwtii.exe
  C:\Windows\System\Egcwtii.exe
  2⤵
  PID:8636
- C:\Windows\System\RRKWjXB.exe
  C:\Windows\System\RRKWjXB.exe
  2⤵
  PID:8668
- C:\Windows\System\DOlSZfp.exe
  C:\Windows\System\DOlSZfp.exe
  2⤵
  PID:8696
- C:\Windows\System\BQBaIcn.exe
  C:\Windows\System\BQBaIcn.exe
  2⤵
  PID:8724
- C:\Windows\System\qmTgmGN.exe
  C:\Windows\System\qmTgmGN.exe
  2⤵
  PID:8752
- C:\Windows\System\eFnIeEI.exe
  C:\Windows\System\eFnIeEI.exe
  2⤵
  PID:8780
- C:\Windows\System\dqjpoPK.exe
  C:\Windows\System\dqjpoPK.exe
  2⤵
  PID:8808
- C:\Windows\System\CyeZfpn.exe
  C:\Windows\System\CyeZfpn.exe
  2⤵
  PID:8836
- C:\Windows\System\jqtLsPi.exe
  C:\Windows\System\jqtLsPi.exe
  2⤵
  PID:8864
- C:\Windows\System\WLvurOZ.exe
  C:\Windows\System\WLvurOZ.exe
  2⤵
  PID:8892
- C:\Windows\System\lnDNxHH.exe
  C:\Windows\System\lnDNxHH.exe
  2⤵
  PID:8916
- C:\Windows\System\QZWOSBS.exe
  C:\Windows\System\QZWOSBS.exe
  2⤵
  PID:8948
- C:\Windows\System\sKjTOSh.exe
  C:\Windows\System\sKjTOSh.exe
  2⤵
  PID:8980
- C:\Windows\System\Euiilng.exe
  C:\Windows\System\Euiilng.exe
  2⤵
  PID:9008
- C:\Windows\System\CBjKDwO.exe
  C:\Windows\System\CBjKDwO.exe
  2⤵
  PID:9036
- C:\Windows\System\fmVLyyj.exe
  C:\Windows\System\fmVLyyj.exe
  2⤵
  PID:9064
- C:\Windows\System\vtSLpsR.exe
  C:\Windows\System\vtSLpsR.exe
  2⤵
  PID:9100
- C:\Windows\System\WjTKRZQ.exe
  C:\Windows\System\WjTKRZQ.exe
  2⤵
  PID:9164
- C:\Windows\System\wNFrTNt.exe
  C:\Windows\System\wNFrTNt.exe
  2⤵
  PID:9184
- C:\Windows\System\RFxfFVS.exe
  C:\Windows\System\RFxfFVS.exe
  2⤵
  PID:9200
- C:\Windows\System\cWySkgS.exe
  C:\Windows\System\cWySkgS.exe
  2⤵
  PID:8236
- C:\Windows\System\WaTLhMO.exe
  C:\Windows\System\WaTLhMO.exe
  2⤵
  PID:8328
- C:\Windows\System\DXdRZdU.exe
  C:\Windows\System\DXdRZdU.exe
  2⤵
  PID:8404
- C:\Windows\System\TKeDLgQ.exe
  C:\Windows\System\TKeDLgQ.exe
  2⤵
  PID:8472
- C:\Windows\System\rUXJkTU.exe
  C:\Windows\System\rUXJkTU.exe
  2⤵
  PID:8480
- C:\Windows\System\WXSHEzZ.exe
  C:\Windows\System\WXSHEzZ.exe
  2⤵
  PID:8580
- C:\Windows\System\BILsbtm.exe
  C:\Windows\System\BILsbtm.exe
  2⤵
  PID:8632
- C:\Windows\System\TENzxgA.exe
  C:\Windows\System\TENzxgA.exe
  2⤵
  PID:8680
- C:\Windows\System\QuYREuv.exe
  C:\Windows\System\QuYREuv.exe
  2⤵
  PID:8764
- C:\Windows\System\GfSLcwC.exe
  C:\Windows\System\GfSLcwC.exe
  2⤵
  PID:8820
- C:\Windows\System\iGITSGE.exe
  C:\Windows\System\iGITSGE.exe
  2⤵
  PID:8860
- C:\Windows\System\skyWfos.exe
  C:\Windows\System\skyWfos.exe
  2⤵
  PID:8944
- C:\Windows\System\Pirtxjr.exe
  C:\Windows\System\Pirtxjr.exe
  2⤵
  PID:9004
- C:\Windows\System\NYBUyAD.exe
  C:\Windows\System\NYBUyAD.exe
  2⤵
  PID:9096
- C:\Windows\System\sNQCYiB.exe
  C:\Windows\System\sNQCYiB.exe
  2⤵
  PID:9180
- C:\Windows\System\lWbGTLK.exe
  C:\Windows\System\lWbGTLK.exe
  2⤵
  PID:8292
- C:\Windows\System\GLFcguE.exe
  C:\Windows\System\GLFcguE.exe
  2⤵
  PID:8416
- C:\Windows\System\NhnYWPY.exe
  C:\Windows\System\NhnYWPY.exe
  2⤵
  PID:8556
- C:\Windows\System\kIAdSud.exe
  C:\Windows\System\kIAdSud.exe
  2⤵
  PID:8656
- C:\Windows\System\eJBcPyi.exe
  C:\Windows\System\eJBcPyi.exe
  2⤵
  PID:8856
- C:\Windows\System\UYiePGY.exe
  C:\Windows\System\UYiePGY.exe
  2⤵
  PID:8972
- C:\Windows\System\QjvoETp.exe
  C:\Windows\System\QjvoETp.exe
  2⤵
  PID:9212
- C:\Windows\System\sdQbrQL.exe
  C:\Windows\System\sdQbrQL.exe
  2⤵
  PID:8400
- C:\Windows\System\efJKEjs.exe
  C:\Windows\System\efJKEjs.exe
  2⤵
  PID:8744
- C:\Windows\System\OyMZdGQ.exe
  C:\Windows\System\OyMZdGQ.exe
  2⤵
  PID:8356
- C:\Windows\System\TWPWaWD.exe
  C:\Windows\System\TWPWaWD.exe
  2⤵
  PID:9056
- C:\Windows\System\UNQpNCZ.exe
  C:\Windows\System\UNQpNCZ.exe
  2⤵
  PID:9228
- C:\Windows\System\gCMxzpf.exe
  C:\Windows\System\gCMxzpf.exe
  2⤵
  PID:9260
- C:\Windows\System\JeaxLBY.exe
  C:\Windows\System\JeaxLBY.exe
  2⤵
  PID:9284
- C:\Windows\System\HWHXbcF.exe
  C:\Windows\System\HWHXbcF.exe
  2⤵
  PID:9304
- C:\Windows\System\smersYM.exe
  C:\Windows\System\smersYM.exe
  2⤵
  PID:9340
- C:\Windows\System\PcifuLc.exe
  C:\Windows\System\PcifuLc.exe
  2⤵
  PID:9356
- C:\Windows\System\PKBWkAX.exe
  C:\Windows\System\PKBWkAX.exe
  2⤵
  PID:9392
- C:\Windows\System\VytFLlx.exe
  C:\Windows\System\VytFLlx.exe
  2⤵
  PID:9424
- C:\Windows\System\nhIljtZ.exe
  C:\Windows\System\nhIljtZ.exe
  2⤵
  PID:9440
- C:\Windows\System\xVxzJPI.exe
  C:\Windows\System\xVxzJPI.exe
  2⤵
  PID:9480
- C:\Windows\System\BtoiYcX.exe
  C:\Windows\System\BtoiYcX.exe
  2⤵
  PID:9532
- C:\Windows\System\XzKlHim.exe
  C:\Windows\System\XzKlHim.exe
  2⤵
  PID:9568
- C:\Windows\System\ilSjSPR.exe
  C:\Windows\System\ilSjSPR.exe
  2⤵
  PID:9600
- C:\Windows\System\wOeaTVe.exe
  C:\Windows\System\wOeaTVe.exe
  2⤵
  PID:9628
- C:\Windows\System\uUzKDKa.exe
  C:\Windows\System\uUzKDKa.exe
  2⤵
  PID:9672
- C:\Windows\System\QNCfLye.exe
  C:\Windows\System\QNCfLye.exe
  2⤵
  PID:9700
- C:\Windows\System\NfGYnMe.exe
  C:\Windows\System\NfGYnMe.exe
  2⤵
  PID:9716
- C:\Windows\System\rOxWNGY.exe
  C:\Windows\System\rOxWNGY.exe
  2⤵
  PID:9756
- C:\Windows\System\NcLXvvv.exe
  C:\Windows\System\NcLXvvv.exe
  2⤵
  PID:9784
- C:\Windows\System\nLXDFWv.exe
  C:\Windows\System\nLXDFWv.exe
  2⤵
  PID:9812
- C:\Windows\System\dVhUNGp.exe
  C:\Windows\System\dVhUNGp.exe
  2⤵
  PID:9840
- C:\Windows\System\ZwEHRny.exe
  C:\Windows\System\ZwEHRny.exe
  2⤵
  PID:9868
- C:\Windows\System\TkSWZCK.exe
  C:\Windows\System\TkSWZCK.exe
  2⤵
  PID:9896
- C:\Windows\System\AqkVXnL.exe
  C:\Windows\System\AqkVXnL.exe
  2⤵
  PID:9924
- C:\Windows\System\NeCyxhi.exe
  C:\Windows\System\NeCyxhi.exe
  2⤵
  PID:9960
- C:\Windows\System\ZIaUKSy.exe
  C:\Windows\System\ZIaUKSy.exe
  2⤵
  PID:9984
- C:\Windows\System\jMnADUg.exe
  C:\Windows\System\jMnADUg.exe
  2⤵
  PID:10036
- C:\Windows\System\kZbPGxk.exe
  C:\Windows\System\kZbPGxk.exe
  2⤵
  PID:10080
- C:\Windows\System\QJMHwrh.exe
  C:\Windows\System\QJMHwrh.exe
  2⤵
  PID:10108
- C:\Windows\System\pgonICl.exe
  C:\Windows\System\pgonICl.exe
  2⤵
  PID:10140
- C:\Windows\System\ImQBjNM.exe
  C:\Windows\System\ImQBjNM.exe
  2⤵
  PID:10160
- C:\Windows\System\dHXkcFQ.exe
  C:\Windows\System\dHXkcFQ.exe
  2⤵
  PID:10200
- C:\Windows\System\xmZiPBy.exe
  C:\Windows\System\xmZiPBy.exe
  2⤵
  PID:10220
- C:\Windows\System\nhheOiX.exe
  C:\Windows\System\nhheOiX.exe
  2⤵
  PID:9268
- C:\Windows\System\jIGungV.exe
  C:\Windows\System\jIGungV.exe
  2⤵
  PID:9332
- C:\Windows\System\yWwBsCO.exe
  C:\Windows\System\yWwBsCO.exe
  2⤵
  PID:9420
- C:\Windows\System\zpEjSeO.exe
  C:\Windows\System\zpEjSeO.exe
  2⤵
  PID:9472
- C:\Windows\System\HxyeDdM.exe
  C:\Windows\System\HxyeDdM.exe
  2⤵
  PID:9584
- C:\Windows\System\aUIpSDo.exe
  C:\Windows\System\aUIpSDo.exe
  2⤵
  PID:9620
- C:\Windows\System\wIveMNR.exe
  C:\Windows\System\wIveMNR.exe
  2⤵
  PID:9644
- C:\Windows\System\JxYMbFf.exe
  C:\Windows\System\JxYMbFf.exe
  2⤵
  PID:9684
- C:\Windows\System\lpYuIHr.exe
  C:\Windows\System\lpYuIHr.exe
  2⤵
  PID:9736
- C:\Windows\System\kfQRvKT.exe
  C:\Windows\System\kfQRvKT.exe
  2⤵
  PID:9828
- C:\Windows\System\AXwnFwk.exe
  C:\Windows\System\AXwnFwk.exe
  2⤵
  PID:9912
- C:\Windows\System\ZVNqSoj.exe
  C:\Windows\System\ZVNqSoj.exe
  2⤵
  PID:10008
- C:\Windows\System\OCLPwst.exe
  C:\Windows\System\OCLPwst.exe
  2⤵
  PID:10124
- C:\Windows\System\CETSCIb.exe
  C:\Windows\System\CETSCIb.exe
  2⤵
  PID:10232
- C:\Windows\System\IiKgjzY.exe
  C:\Windows\System\IiKgjzY.exe
  2⤵
  PID:9388
- C:\Windows\System\IcbynWl.exe
  C:\Windows\System\IcbynWl.exe
  2⤵
  PID:9556
- C:\Windows\System\SoWvndT.exe
  C:\Windows\System\SoWvndT.exe
  2⤵
  PID:9852
- C:\Windows\System\PhAutQL.exe
  C:\Windows\System\PhAutQL.exe
  2⤵
  PID:9800
- C:\Windows\System\uqoXkhp.exe
  C:\Windows\System\uqoXkhp.exe
  2⤵
  PID:10060
- C:\Windows\System\apszInq.exe
  C:\Windows\System\apszInq.exe
  2⤵
  PID:9140
- C:\Windows\System\UvSnFRG.exe
  C:\Windows\System\UvSnFRG.exe
  2⤵
  PID:9616
- C:\Windows\System\GyLOnad.exe
  C:\Windows\System\GyLOnad.exe
  2⤵
  PID:10032
- C:\Windows\System\hyDztPW.exe
  C:\Windows\System\hyDztPW.exe
  2⤵
  PID:9300
- C:\Windows\System\WFGAPRp.exe
  C:\Windows\System\WFGAPRp.exe
  2⤵
  PID:10256
- C:\Windows\System\VlqcwaL.exe
  C:\Windows\System\VlqcwaL.exe
  2⤵
  PID:10288
- C:\Windows\System\ovtTKVa.exe
  C:\Windows\System\ovtTKVa.exe
  2⤵
  PID:10328
- C:\Windows\System\LcNpwtK.exe
  C:\Windows\System\LcNpwtK.exe
  2⤵
  PID:10344
- C:\Windows\System\YvwaUZg.exe
  C:\Windows\System\YvwaUZg.exe
  2⤵
  PID:10380
- C:\Windows\System\gaFxlkB.exe
  C:\Windows\System\gaFxlkB.exe
  2⤵
  PID:10400
- C:\Windows\System\SQKkgIi.exe
  C:\Windows\System\SQKkgIi.exe
  2⤵
  PID:10416
- C:\Windows\System\XsVzVRJ.exe
  C:\Windows\System\XsVzVRJ.exe
  2⤵
  PID:10444
- C:\Windows\System\wYHdmiv.exe
  C:\Windows\System\wYHdmiv.exe
  2⤵
  PID:10480
- C:\Windows\System\CWrnSHP.exe
  C:\Windows\System\CWrnSHP.exe
  2⤵
  PID:10516
- C:\Windows\System\aUgaPRP.exe
  C:\Windows\System\aUgaPRP.exe
  2⤵
  PID:10540
- C:\Windows\System\VgHlCWG.exe
  C:\Windows\System\VgHlCWG.exe
  2⤵
  PID:10556
- C:\Windows\System\fLGbkLf.exe
  C:\Windows\System\fLGbkLf.exe
  2⤵
  PID:10588
- C:\Windows\System\sdCwldL.exe
  C:\Windows\System\sdCwldL.exe
  2⤵
  PID:10624
- C:\Windows\System\boGXaNp.exe
  C:\Windows\System\boGXaNp.exe
  2⤵
  PID:10656
- C:\Windows\System\YjbGdyn.exe
  C:\Windows\System\YjbGdyn.exe
  2⤵
  PID:10692
- C:\Windows\System\KSiLkvZ.exe
  C:\Windows\System\KSiLkvZ.exe
  2⤵
  PID:10720
- C:\Windows\System\LTfnYdt.exe
  C:\Windows\System\LTfnYdt.exe
  2⤵
  PID:10748
- C:\Windows\System\WGOCXRH.exe
  C:\Windows\System\WGOCXRH.exe
  2⤵
  PID:10768
- C:\Windows\System\ePFutzL.exe
  C:\Windows\System\ePFutzL.exe
  2⤵
  PID:10804
- C:\Windows\System\QFtqcWN.exe
  C:\Windows\System\QFtqcWN.exe
  2⤵
  PID:10832
- C:\Windows\System\cYusgZu.exe
  C:\Windows\System\cYusgZu.exe
  2⤵
  PID:10848
- C:\Windows\System\RUbVPzc.exe
  C:\Windows\System\RUbVPzc.exe
  2⤵
  PID:10876
- C:\Windows\System\ZdeMuUV.exe
  C:\Windows\System\ZdeMuUV.exe
  2⤵
  PID:10904
- C:\Windows\System\jAPoDnE.exe
  C:\Windows\System\jAPoDnE.exe
  2⤵
  PID:10936
- C:\Windows\System\vugWFBD.exe
  C:\Windows\System\vugWFBD.exe
  2⤵
  PID:10964
- C:\Windows\System\CbmSJVC.exe
  C:\Windows\System\CbmSJVC.exe
  2⤵
  PID:10996
- C:\Windows\System\GZFpzsC.exe
  C:\Windows\System\GZFpzsC.exe
  2⤵
  PID:11012
- C:\Windows\System\LmVBqdz.exe
  C:\Windows\System\LmVBqdz.exe
  2⤵
  PID:11036
- C:\Windows\System\nnDEzbu.exe
  C:\Windows\System\nnDEzbu.exe
  2⤵
  PID:11060
- C:\Windows\System\NsYLAcv.exe
  C:\Windows\System\NsYLAcv.exe
  2⤵
  PID:11084
- C:\Windows\System\dluhRPU.exe
  C:\Windows\System\dluhRPU.exe
  2⤵
  PID:11116
- C:\Windows\System\RPTcBiL.exe
  C:\Windows\System\RPTcBiL.exe
  2⤵
  PID:11152
- C:\Windows\System\tCsBktV.exe
  C:\Windows\System\tCsBktV.exe
  2⤵
  PID:11176
- C:\Windows\System\GcmCjRL.exe
  C:\Windows\System\GcmCjRL.exe
  2⤵
  PID:11200
- C:\Windows\System\ABuVrDc.exe
  C:\Windows\System\ABuVrDc.exe
  2⤵
  PID:11240
- C:\Windows\System\VquwkYt.exe
  C:\Windows\System\VquwkYt.exe
  2⤵
  PID:10276
- C:\Windows\System\yWWTrrZ.exe
  C:\Windows\System\yWWTrrZ.exe
  2⤵
  PID:10340
- C:\Windows\System\oeTdrKI.exe
  C:\Windows\System\oeTdrKI.exe
  2⤵
  PID:10396
- C:\Windows\System\BylNIvW.exe
  C:\Windows\System\BylNIvW.exe
  2⤵
  PID:10456
- C:\Windows\System\BLtzfFT.exe
  C:\Windows\System\BLtzfFT.exe
  2⤵
  PID:10500
- C:\Windows\System\QADPgtf.exe
  C:\Windows\System\QADPgtf.exe
  2⤵
  PID:10568
- C:\Windows\System\SRhxGpi.exe
  C:\Windows\System\SRhxGpi.exe
  2⤵
  PID:10668
- C:\Windows\System\DxMVGKz.exe
  C:\Windows\System\DxMVGKz.exe
  2⤵
  PID:9636
- C:\Windows\System\FsbLWXa.exe
  C:\Windows\System\FsbLWXa.exe
  2⤵
  PID:10896
- C:\Windows\System\kMWvflY.exe
  C:\Windows\System\kMWvflY.exe
  2⤵
  PID:10924
- C:\Windows\System\sCpqvpS.exe
  C:\Windows\System\sCpqvpS.exe
  2⤵
  PID:10952
- C:\Windows\System\tEvhBBH.exe
  C:\Windows\System\tEvhBBH.exe
  2⤵
  PID:11024
- C:\Windows\System\fzWdUoS.exe
  C:\Windows\System\fzWdUoS.exe
  2⤵
  PID:11004
- C:\Windows\System\wOnCgxZ.exe
  C:\Windows\System\wOnCgxZ.exe
  2⤵
  PID:11096
- C:\Windows\System\fJCJmZw.exe
  C:\Windows\System\fJCJmZw.exe
  2⤵
  PID:11144
- C:\Windows\System\fNQNUVs.exe
  C:\Windows\System\fNQNUVs.exe
  2⤵
  PID:11184
- C:\Windows\System\NIuzOFC.exe
  C:\Windows\System\NIuzOFC.exe
  2⤵
  PID:10252
- C:\Windows\System\cvxUzUA.exe
  C:\Windows\System\cvxUzUA.exe
  2⤵
  PID:10436
- C:\Windows\System\CqDmIQL.exe
  C:\Windows\System\CqDmIQL.exe
  2⤵
  PID:10620
- C:\Windows\System\wTLMKvo.exe
  C:\Windows\System\wTLMKvo.exe
  2⤵
  PID:10824
- C:\Windows\System\jgNTlIJ.exe
  C:\Windows\System\jgNTlIJ.exe
  2⤵
  PID:11080
- C:\Windows\System\WIVuWyq.exe
  C:\Windows\System\WIVuWyq.exe
  2⤵
  PID:11076
- C:\Windows\System\xTuzPGp.exe
  C:\Windows\System\xTuzPGp.exe
  2⤵
  PID:10336
- C:\Windows\System\bYWlRkY.exe
  C:\Windows\System\bYWlRkY.exe
  2⤵
  PID:10596
- C:\Windows\System\nDgkhIl.exe
  C:\Windows\System\nDgkhIl.exe
  2⤵
  PID:10652
- C:\Windows\System\GAeLwvD.exe
  C:\Windows\System\GAeLwvD.exe
  2⤵
  PID:10864
- C:\Windows\System\KWQVVui.exe
  C:\Windows\System\KWQVVui.exe
  2⤵
  PID:11280
- C:\Windows\System\HJPZizK.exe
  C:\Windows\System\HJPZizK.exe
  2⤵
  PID:11304
- C:\Windows\System\JeeaDQK.exe
  C:\Windows\System\JeeaDQK.exe
  2⤵
  PID:11336
- C:\Windows\System\WGhqEEk.exe
  C:\Windows\System\WGhqEEk.exe
  2⤵
  PID:11376
- C:\Windows\System\OMQsnZn.exe
  C:\Windows\System\OMQsnZn.exe
  2⤵
  PID:11404
- C:\Windows\System\gakYDmM.exe
  C:\Windows\System\gakYDmM.exe
  2⤵
  PID:11424
- C:\Windows\System\TXHdDWc.exe
  C:\Windows\System\TXHdDWc.exe
  2⤵
  PID:11456
- C:\Windows\System\azFLnGB.exe
  C:\Windows\System\azFLnGB.exe
  2⤵
  PID:11484
- C:\Windows\System\THvxRwA.exe
  C:\Windows\System\THvxRwA.exe
  2⤵
  PID:11516
- C:\Windows\System\CBPxqmY.exe
  C:\Windows\System\CBPxqmY.exe
  2⤵
  PID:11548
- C:\Windows\System\BrAvflC.exe
  C:\Windows\System\BrAvflC.exe
  2⤵
  PID:11568
- C:\Windows\System\yFsOIPA.exe
  C:\Windows\System\yFsOIPA.exe
  2⤵
  PID:11584
- C:\Windows\System\GEejViL.exe
  C:\Windows\System\GEejViL.exe
  2⤵
  PID:11620
- C:\Windows\System\FAGhQPI.exe
  C:\Windows\System\FAGhQPI.exe
  2⤵
  PID:11648
- C:\Windows\System\ljtyIfX.exe
  C:\Windows\System\ljtyIfX.exe
  2⤵
  PID:11688
- C:\Windows\System\hRyShUs.exe
  C:\Windows\System\hRyShUs.exe
  2⤵
  PID:11716
- C:\Windows\System\QfJXzwz.exe
  C:\Windows\System\QfJXzwz.exe
  2⤵
  PID:11740
- C:\Windows\System\aTNLQTU.exe
  C:\Windows\System\aTNLQTU.exe
  2⤵
  PID:11764
- C:\Windows\System\AVHrlrg.exe
  C:\Windows\System\AVHrlrg.exe
  2⤵
  PID:11800
- C:\Windows\System\ruAUNaV.exe
  C:\Windows\System\ruAUNaV.exe
  2⤵
  PID:11816
- C:\Windows\System\VhcWDrK.exe
  C:\Windows\System\VhcWDrK.exe
  2⤵
  PID:11848
- C:\Windows\System\lmWBSGR.exe
  C:\Windows\System\lmWBSGR.exe
  2⤵
  PID:11884
- C:\Windows\System\VbhVnHv.exe
  C:\Windows\System\VbhVnHv.exe
  2⤵
  PID:11912
- C:\Windows\System\sgGKBWw.exe
  C:\Windows\System\sgGKBWw.exe
  2⤵
  PID:11940
- C:\Windows\System\WdYlqiV.exe
  C:\Windows\System\WdYlqiV.exe
  2⤵
  PID:11968
- C:\Windows\System\BMncCCR.exe
  C:\Windows\System\BMncCCR.exe
  2⤵
  PID:11996
- C:\Windows\System\zKRiZNn.exe
  C:\Windows\System\zKRiZNn.exe
  2⤵
  PID:12024
- C:\Windows\System\xDhAsbK.exe
  C:\Windows\System\xDhAsbK.exe
  2⤵
  PID:12052
- C:\Windows\System\OsKldPv.exe
  C:\Windows\System\OsKldPv.exe
  2⤵
  PID:12084
- C:\Windows\System\ijCZbBE.exe
  C:\Windows\System\ijCZbBE.exe
  2⤵
  PID:12112
- C:\Windows\System\nFlJLtT.exe
  C:\Windows\System\nFlJLtT.exe
  2⤵
  PID:12128
- C:\Windows\System\JBacekJ.exe
  C:\Windows\System\JBacekJ.exe
  2⤵
  PID:12156
- C:\Windows\System\VYgtVlU.exe
  C:\Windows\System\VYgtVlU.exe
  2⤵
  PID:12188
- C:\Windows\System\prMmNbs.exe
  C:\Windows\System\prMmNbs.exe
  2⤵
  PID:12224
- C:\Windows\System\WgOUoaL.exe
  C:\Windows\System\WgOUoaL.exe
  2⤵
  PID:12240
- C:\Windows\System\zVEPibU.exe
  C:\Windows\System\zVEPibU.exe
  2⤵
  PID:12272
- C:\Windows\System\MfxisDx.exe
  C:\Windows\System\MfxisDx.exe
  2⤵
  PID:11288
- C:\Windows\System\lEnRkfc.exe
  C:\Windows\System\lEnRkfc.exe
  2⤵
  PID:11360
- C:\Windows\System\CJLldak.exe
  C:\Windows\System\CJLldak.exe
  2⤵
  PID:11436
- C:\Windows\System\RfoXLBU.exe
  C:\Windows\System\RfoXLBU.exe
  2⤵
  PID:11492
- C:\Windows\System\qKlWiqM.exe
  C:\Windows\System\qKlWiqM.exe
  2⤵
  PID:3920
- C:\Windows\System\nBHyWCy.exe
  C:\Windows\System\nBHyWCy.exe
  2⤵
  PID:11604
- C:\Windows\System\WZDahjI.exe
  C:\Windows\System\WZDahjI.exe
  2⤵
  PID:11636
- C:\Windows\System\WFTZqzc.exe
  C:\Windows\System\WFTZqzc.exe
  2⤵
  PID:11680
- C:\Windows\System\nNtfWqy.exe
  C:\Windows\System\nNtfWqy.exe
  2⤵
  PID:11748
- C:\Windows\System\WBdIjER.exe
  C:\Windows\System\WBdIjER.exe
  2⤵
  PID:11832
- C:\Windows\System\aJLyjpz.exe
  C:\Windows\System\aJLyjpz.exe
  2⤵
  PID:11872
- C:\Windows\System\kpSdTWK.exe
  C:\Windows\System\kpSdTWK.exe
  2⤵
  PID:11960
- C:\Windows\System\EFPogGk.exe
  C:\Windows\System\EFPogGk.exe
  2⤵
  PID:12016
- C:\Windows\System\dLTXmPP.exe
  C:\Windows\System\dLTXmPP.exe
  2⤵
  PID:12124
- C:\Windows\System\bpaEMJu.exe
  C:\Windows\System\bpaEMJu.exe
  2⤵
  PID:12196
- C:\Windows\System\hDdIrVU.exe
  C:\Windows\System\hDdIrVU.exe
  2⤵
  PID:12208
- C:\Windows\System\uyMNrdE.exe
  C:\Windows\System\uyMNrdE.exe
  2⤵
  PID:12280
- C:\Windows\System\XHHxjDM.exe
  C:\Windows\System\XHHxjDM.exe
  2⤵
  PID:11416
- C:\Windows\System\jSUrMhX.exe
  C:\Windows\System\jSUrMhX.exe
  2⤵
  PID:11556
- C:\Windows\System\hnjYzph.exe
  C:\Windows\System\hnjYzph.exe
  2⤵
  PID:11724
- C:\Windows\System\bFGSJaL.exe
  C:\Windows\System\bFGSJaL.exe
  2⤵
  PID:11868
- C:\Windows\System\kTAYPMq.exe
  C:\Windows\System\kTAYPMq.exe
  2⤵
  PID:12076
- C:\Windows\System\MfgdFFS.exe
  C:\Windows\System\MfgdFFS.exe
  2⤵
  PID:12212
- C:\Windows\System\eqeHZFx.exe
  C:\Windows\System\eqeHZFx.exe
  2⤵
  PID:11324
- C:\Windows\System\jIPnhct.exe
  C:\Windows\System\jIPnhct.exe
  2⤵
  PID:11708
- C:\Windows\System\dDiTtWS.exe
  C:\Windows\System\dDiTtWS.exe
  2⤵
  PID:12080
- C:\Windows\System\vYdsYju.exe
  C:\Windows\System\vYdsYju.exe
  2⤵
  PID:11256
- C:\Windows\System\nHxwEqb.exe
  C:\Windows\System\nHxwEqb.exe
  2⤵
  PID:12236
- C:\Windows\System\wKHCygI.exe
  C:\Windows\System\wKHCygI.exe
  2⤵
  PID:12304
- C:\Windows\System\NGHbMrp.exe
  C:\Windows\System\NGHbMrp.exe
  2⤵
  PID:12336
- C:\Windows\System\Bjlphdm.exe
  C:\Windows\System\Bjlphdm.exe
  2⤵
  PID:12368
- C:\Windows\System\AfWFPxV.exe
  C:\Windows\System\AfWFPxV.exe
  2⤵
  PID:12400
- C:\Windows\System\YUzdpVW.exe
  C:\Windows\System\YUzdpVW.exe
  2⤵
  PID:12428
- C:\Windows\System\hESZaWa.exe
  C:\Windows\System\hESZaWa.exe
  2⤵
  PID:12444
- C:\Windows\System\RBbPzAe.exe
  C:\Windows\System\RBbPzAe.exe
  2⤵
  PID:12476
- C:\Windows\System\TPVddgX.exe
  C:\Windows\System\TPVddgX.exe
  2⤵
  PID:12512
- C:\Windows\System\xGpziUe.exe
  C:\Windows\System\xGpziUe.exe
  2⤵
  PID:12540
- C:\Windows\System\MRxKwHB.exe
  C:\Windows\System\MRxKwHB.exe
  2⤵
  PID:12568
- C:\Windows\System\eHvjTHx.exe
  C:\Windows\System\eHvjTHx.exe
  2⤵
  PID:12596
- C:\Windows\System\aCbIepk.exe
  C:\Windows\System\aCbIepk.exe
  2⤵
  PID:12620
- C:\Windows\System\uMTDzUG.exe
  C:\Windows\System\uMTDzUG.exe
  2⤵
  PID:12640
- C:\Windows\System\mAmiZDa.exe
  C:\Windows\System\mAmiZDa.exe
  2⤵
  PID:12676
- C:\Windows\System\qWsSibe.exe
  C:\Windows\System\qWsSibe.exe
  2⤵
  PID:12696
- C:\Windows\System\lIjTGfX.exe
  C:\Windows\System\lIjTGfX.exe
  2⤵
  PID:12724
- C:\Windows\System\OGfgfmW.exe
  C:\Windows\System\OGfgfmW.exe
  2⤵
  PID:12740
- C:\Windows\System\kJrTcNv.exe
  C:\Windows\System\kJrTcNv.exe
  2⤵
  PID:12764
- C:\Windows\System\WMaUoBY.exe
  C:\Windows\System\WMaUoBY.exe
  2⤵
  PID:12780
- C:\Windows\System\YdOaqmW.exe
  C:\Windows\System\YdOaqmW.exe
  2⤵
  PID:12812
- C:\Windows\System\QnuhIJy.exe
  C:\Windows\System\QnuhIJy.exe
  2⤵
  PID:12832
- C:\Windows\System\uDOtyML.exe
  C:\Windows\System\uDOtyML.exe
  2⤵
  PID:12864
- C:\Windows\System\RxAXXQf.exe
  C:\Windows\System\RxAXXQf.exe
  2⤵
  PID:12908
- C:\Windows\System\ejSYYzk.exe
  C:\Windows\System\ejSYYzk.exe
  2⤵
  PID:12928
- C:\Windows\System\fWIydsn.exe
  C:\Windows\System\fWIydsn.exe
  2⤵
  PID:12952
- C:\Windows\System\QZUEbBY.exe
  C:\Windows\System\QZUEbBY.exe
  2⤵
  PID:12992
- C:\Windows\System\MQCFHtW.exe
  C:\Windows\System\MQCFHtW.exe
  2⤵
  PID:13024
- C:\Windows\System\gpdrmMu.exe
  C:\Windows\System\gpdrmMu.exe
  2⤵
  PID:13056
- C:\Windows\System\ecKLyhz.exe
  C:\Windows\System\ecKLyhz.exe
  2⤵
  PID:13096
- C:\Windows\System\fORvrUz.exe
  C:\Windows\System\fORvrUz.exe
  2⤵
  PID:13124
- C:\Windows\System\LsWdGZF.exe
  C:\Windows\System\LsWdGZF.exe
  2⤵
  PID:13152
- C:\Windows\System\GFOdPxO.exe
  C:\Windows\System\GFOdPxO.exe
  2⤵
  PID:13180
- C:\Windows\System\BYaQCUt.exe
  C:\Windows\System\BYaQCUt.exe
  2⤵
  PID:13216
- C:\Windows\System\UQLGFsl.exe
  C:\Windows\System\UQLGFsl.exe
  2⤵
  PID:13244
- C:\Windows\System\hLvCzUY.exe
  C:\Windows\System\hLvCzUY.exe
  2⤵
  PID:13272
- C:\Windows\System\Vguzffn.exe
  C:\Windows\System\Vguzffn.exe
  2⤵
  PID:13300
- C:\Windows\System\agcHGaF.exe
  C:\Windows\System\agcHGaF.exe
  2⤵
  PID:12320
- C:\Windows\System\nZGrkSr.exe
  C:\Windows\System\nZGrkSr.exe
  2⤵
  PID:12376
- C:\Windows\System\mTVhksx.exe
  C:\Windows\System\mTVhksx.exe
  2⤵
  PID:12424
- C:\Windows\System\jTTnlUB.exe
  C:\Windows\System\jTTnlUB.exe
  2⤵
  PID:12496
- C:\Windows\System\YgEBFBc.exe
  C:\Windows\System\YgEBFBc.exe
  2⤵
  PID:12536
- C:\Windows\System\ZdVDMlx.exe
  C:\Windows\System\ZdVDMlx.exe
  2⤵
  PID:12628
- C:\Windows\System\RnkDGwF.exe
  C:\Windows\System\RnkDGwF.exe
  2⤵
  PID:12688
- C:\Windows\System\WRBdnXs.exe
  C:\Windows\System\WRBdnXs.exe
  2⤵
  PID:12776
- C:\Windows\System\IANugIA.exe
  C:\Windows\System\IANugIA.exe
  2⤵
  PID:12760
- C:\Windows\System\lNIsYJW.exe
  C:\Windows\System\lNIsYJW.exe
  2⤵
  PID:12804
- C:\Windows\System\btaddkj.exe
  C:\Windows\System\btaddkj.exe
  2⤵
  PID:12896
- C:\Windows\System\wdnJJvm.exe
  C:\Windows\System\wdnJJvm.exe
  2⤵
  PID:12924
- C:\Windows\System\gtgEjhr.exe
  C:\Windows\System\gtgEjhr.exe
  2⤵
  PID:13012
- C:\Windows\System\MkTVxVV.exe
  C:\Windows\System\MkTVxVV.exe
  2⤵
  PID:13108
- C:\Windows\System\kMzknRp.exe
  C:\Windows\System\kMzknRp.exe
  2⤵
  PID:13188
- C:\Windows\System\mUoDCVc.exe
  C:\Windows\System\mUoDCVc.exe
  2⤵
  PID:13204
- C:\Windows\System\BBSIcWV.exe
  C:\Windows\System\BBSIcWV.exe
  2⤵
  PID:12356
- C:\Windows\System\pCnZANk.exe
  C:\Windows\System\pCnZANk.exe
  2⤵
  PID:12488
- C:\Windows\System\pvOgvHz.exe
  C:\Windows\System\pvOgvHz.exe
  2⤵
  PID:12580
- C:\Windows\System\VhZrhfs.exe
  C:\Windows\System\VhZrhfs.exe
  2⤵
  PID:12712
- C:\Windows\System\BkHtNjj.exe
  C:\Windows\System\BkHtNjj.exe
  2⤵
  PID:12888
- C:\Windows\System\WidkAeu.exe
  C:\Windows\System\WidkAeu.exe
  2⤵
  PID:13036
- C:\Windows\System\VIupgpf.exe
  C:\Windows\System\VIupgpf.exe
  2⤵
  PID:13200
- C:\Windows\System\IMIVvDk.exe
  C:\Windows\System\IMIVvDk.exe
  2⤵
  PID:12636
- C:\Windows\System\XTxrRfg.exe
  C:\Windows\System\XTxrRfg.exe
  2⤵
  PID:12716
- C:\Windows\System\FmwwYTl.exe
  C:\Windows\System\FmwwYTl.exe
  2⤵
  PID:13076
- C:\Windows\System\agtgztp.exe
  C:\Windows\System\agtgztp.exe
  2⤵
  PID:12420
- C:\Windows\System\cQlXZmV.exe
  C:\Windows\System\cQlXZmV.exe
  2⤵
  PID:4868
- C:\Windows\System\DTYYSRN.exe
  C:\Windows\System\DTYYSRN.exe
  2⤵
  PID:13352
- C:\Windows\System\aazRzBR.exe
  C:\Windows\System\aazRzBR.exe
  2⤵
  PID:13384
- C:\Windows\System\KeRZLor.exe
  C:\Windows\System\KeRZLor.exe
  2⤵
  PID:13412
- C:\Windows\System\OlpKldm.exe
  C:\Windows\System\OlpKldm.exe
  2⤵
  PID:13436
- C:\Windows\System\NLSJwSn.exe
  C:\Windows\System\NLSJwSn.exe
  2⤵
  PID:13460
- C:\Windows\System\IXqjnss.exe
  C:\Windows\System\IXqjnss.exe
  2⤵
  PID:13484
- C:\Windows\System\rfSOkDp.exe
  C:\Windows\System\rfSOkDp.exe
  2⤵
  PID:13516
- C:\Windows\System\nytGNfy.exe
  C:\Windows\System\nytGNfy.exe
  2⤵
  PID:13544
- C:\Windows\System\wZGPqdk.exe
  C:\Windows\System\wZGPqdk.exe
  2⤵
  PID:13560
- C:\Windows\System\ebXqLop.exe
  C:\Windows\System\ebXqLop.exe
  2⤵
  PID:13592
- C:\Windows\System\JgNJSfU.exe
  C:\Windows\System\JgNJSfU.exe
  2⤵
  PID:13632
- C:\Windows\System\YnYqunY.exe
  C:\Windows\System\YnYqunY.exe
  2⤵
  PID:13660
- C:\Windows\System\EVdvjWT.exe
  C:\Windows\System\EVdvjWT.exe
  2⤵
  PID:13700
- C:\Windows\System\QIxxttf.exe
  C:\Windows\System\QIxxttf.exe
  2⤵
  PID:13728
- C:\Windows\System\CzElVwv.exe
  C:\Windows\System\CzElVwv.exe
  2⤵
  PID:13756
- C:\Windows\System\sBDAkeo.exe
  C:\Windows\System\sBDAkeo.exe
  2⤵
  PID:13784
- C:\Windows\System\BiynCaM.exe
  C:\Windows\System\BiynCaM.exe
  2⤵
  PID:13812
- C:\Windows\System\gWeaeXg.exe
  C:\Windows\System\gWeaeXg.exe
  2⤵
  PID:13840
- C:\Windows\System\lDvPHjb.exe
  C:\Windows\System\lDvPHjb.exe
  2⤵
  PID:13868
- C:\Windows\System\XFjGqRg.exe
  C:\Windows\System\XFjGqRg.exe
  2⤵
  PID:13896
- C:\Windows\System\ZPMZiMd.exe
  C:\Windows\System\ZPMZiMd.exe
  2⤵
  PID:13924
- C:\Windows\System\EMXvhZx.exe
  C:\Windows\System\EMXvhZx.exe
  2⤵
  PID:13956
- C:\Windows\System\YFclYGJ.exe
  C:\Windows\System\YFclYGJ.exe
  2⤵
  PID:13984
- C:\Windows\System\EkzCtRa.exe
  C:\Windows\System\EkzCtRa.exe
  2⤵
  PID:14012
- C:\Windows\System\mcLebQO.exe
  C:\Windows\System\mcLebQO.exe
  2⤵
  PID:14048
- C:\Windows\System\yxxriZd.exe
  C:\Windows\System\yxxriZd.exe
  2⤵
  PID:14088
- C:\Windows\System\HvdKkcJ.exe
  C:\Windows\System\HvdKkcJ.exe
  2⤵
  PID:14104
- C:\Windows\System\UHHgPjR.exe
  C:\Windows\System\UHHgPjR.exe
  2⤵
  PID:14120
- C:\Windows\System\waaBUFM.exe
  C:\Windows\System\waaBUFM.exe
  2⤵
  PID:14136
- C:\Windows\System\JCGaGeG.exe
  C:\Windows\System\JCGaGeG.exe
  2⤵
  PID:14152
- C:\Windows\System\iZyFLux.exe
  C:\Windows\System\iZyFLux.exe
  2⤵
  PID:14168
- C:\Windows\System\ZUykgHd.exe
  C:\Windows\System\ZUykgHd.exe
  2⤵
  PID:14196
- C:\Windows\System\CpmWmWL.exe
  C:\Windows\System\CpmWmWL.exe
  2⤵
  PID:14212
- C:\Windows\System\eMNdfCJ.exe
  C:\Windows\System\eMNdfCJ.exe
  2⤵
  PID:14232
- C:\Windows\System\YliKIJx.exe
  C:\Windows\System\YliKIJx.exe
  2⤵
  PID:14248
- C:\Windows\System\csTtqzC.exe
  C:\Windows\System\csTtqzC.exe
  2⤵
  PID:14308
- C:\Windows\System\qVjnCJr.exe
  C:\Windows\System\qVjnCJr.exe
  2⤵
  PID:13368
- C:\Windows\System\KWXCbLk.exe
  C:\Windows\System\KWXCbLk.exe
  2⤵
  PID:12808
- C:\Windows\System\dwnZjHv.exe
  C:\Windows\System\dwnZjHv.exe
  2⤵
  PID:13528
- C:\Windows\System\ZFJHXLc.exe
  C:\Windows\System\ZFJHXLc.exe
  2⤵
  PID:13576
- C:\Windows\System\AmSmKao.exe
  C:\Windows\System\AmSmKao.exe
  2⤵
  PID:13676
- C:\Windows\System\CBDvYtS.exe
  C:\Windows\System\CBDvYtS.exe
  2⤵
  PID:13720
- C:\Windows\System\YuChTUy.exe
  C:\Windows\System\YuChTUy.exe
  2⤵
  PID:13748
- C:\Windows\System\SHRvPhk.exe
  C:\Windows\System\SHRvPhk.exe
  2⤵
  PID:13796
- C:\Windows\System\NttvuKI.exe
  C:\Windows\System\NttvuKI.exe
  2⤵
  PID:13852
- C:\Windows\System\iKCtkUs.exe
  C:\Windows\System\iKCtkUs.exe
  2⤵
  PID:13880
- C:\Windows\System\zkyUZLp.exe
  C:\Windows\System\zkyUZLp.exe
  2⤵
  PID:13952
- C:\Windows\System\iwDOYFt.exe
  C:\Windows\System\iwDOYFt.exe
  2⤵
  PID:2488
- C:\Windows\System\ONemCeR.exe
  C:\Windows\System\ONemCeR.exe
  2⤵
  PID:1952
- C:\Windows\System\CFnjNkx.exe
  C:\Windows\System\CFnjNkx.exe
  2⤵
  PID:5056
- C:\Windows\System\KwnlVzp.exe
  C:\Windows\System\KwnlVzp.exe
  2⤵
  PID:14144
- C:\Windows\System\ZyGEvin.exe
  C:\Windows\System\ZyGEvin.exe
  2⤵
  PID:14268
- C:\Windows\System\OzALvXp.exe
  C:\Windows\System\OzALvXp.exe
  2⤵
  PID:14244
- C:\Windows\System\LRachdM.exe
  C:\Windows\System\LRachdM.exe
  2⤵
  PID:13472
- C:\Windows\System\mWcYOxI.exe
  C:\Windows\System\mWcYOxI.exe
  2⤵
  PID:13552
- C:\Windows\System\YBEXsZS.exe
  C:\Windows\System\YBEXsZS.exe
  2⤵
  PID:13656
- C:\Windows\System\IMaFBfT.exe
  C:\Windows\System\IMaFBfT.exe
  2⤵
  PID:684
- C:\Windows\System\EfmDLwk.exe
  C:\Windows\System\EfmDLwk.exe
  2⤵
  PID:13804
- C:\Windows\System\kxGXzjk.exe
  C:\Windows\System\kxGXzjk.exe
  2⤵
  PID:14004
- C:\Windows\System\emhlnrg.exe
  C:\Windows\System\emhlnrg.exe
  2⤵
  PID:14116
- C:\Windows\System\bhTnprB.exe
  C:\Windows\System\bhTnprB.exe
  2⤵
  PID:1748
- C:\Windows\System\KeYaPSc.exe
  C:\Windows\System\KeYaPSc.exe
  2⤵
  PID:14240
- C:\Windows\System\xeOEkpK.exe
  C:\Windows\System\xeOEkpK.exe
  2⤵
  PID:13432
- C:\Windows\System\DBMDHKF.exe
  C:\Windows\System\DBMDHKF.exe
  2⤵
  PID:13744
- C:\Windows\System\bInUZUm.exe
  C:\Windows\System\bInUZUm.exe
  2⤵
  PID:3988
- C:\Windows\System\SNUvDvs.exe
  C:\Windows\System\SNUvDvs.exe
  2⤵
  PID:5032
- C:\Windows\System\cBjDNGU.exe
  C:\Windows\System\cBjDNGU.exe
  2⤵
  PID:14260
- C:\Windows\System\vbPcicn.exe
  C:\Windows\System\vbPcicn.exe
  2⤵
  PID:14064
- C:\Windows\System\BNxBUHG.exe
  C:\Windows\System\BNxBUHG.exe
  2⤵
  PID:14340
- C:\Windows\System\Pelbcpu.exe
  C:\Windows\System\Pelbcpu.exe
  2⤵
  PID:14376
- C:\Windows\System\TaOniqn.exe
  C:\Windows\System\TaOniqn.exe
  2⤵
  PID:14396
- C:\Windows\System\eTyIyfI.exe
  C:\Windows\System\eTyIyfI.exe
  2⤵
  PID:14416
- C:\Windows\System\RVkdVae.exe
  C:\Windows\System\RVkdVae.exe
  2⤵
  PID:14444
- C:\Windows\System\qEpavjT.exe
  C:\Windows\System\qEpavjT.exe
  2⤵
  PID:14468
- C:\Windows\System\htgEtmj.exe
  C:\Windows\System\htgEtmj.exe
  2⤵
  PID:14492
- C:\Windows\System\DRcvmrV.exe
  C:\Windows\System\DRcvmrV.exe
  2⤵
  PID:14528
- C:\Windows\System\yyjXopT.exe
  C:\Windows\System\yyjXopT.exe
  2⤵
  PID:14552
- C:\Windows\System\LexlQeh.exe
  C:\Windows\System\LexlQeh.exe
  2⤵
  PID:14584
- C:\Windows\System\hbgvdmy.exe
  C:\Windows\System\hbgvdmy.exe
  2⤵
  PID:14620
- C:\Windows\System\uVIQQXo.exe
  C:\Windows\System\uVIQQXo.exe
  2⤵
  PID:14652
- C:\Windows\System\uPcjgla.exe
  C:\Windows\System\uPcjgla.exe
  2⤵
  PID:14688
- C:\Windows\System\AtwWIDs.exe
  C:\Windows\System\AtwWIDs.exe
  2⤵
  PID:14716

C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
1⤵
PID:4828

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ABOBtoL.exe

Filesize
2.4MB

MD5
60be4e26ee5955a60a5cb2494add276d

SHA1
d817a067e5a244f920b114689f94f284c45ad1ee

SHA256
a48041fdd43d7d04fe4239343f918ad4fa0251a61e11d7f08c336be7074c131d

SHA512
9fae22de55bdf51add8246707f602dcb57220f8675362041eaa404b143f22bef1ab648f6883e1cfb9222b742409f87421e4974f6253d23ab09501778fa4ba5c1

Download Submit
C:\Windows\System\BQIBzrk.exe

Filesize
2.4MB

MD5
ac616f88706aa921baa85de30e3a9d2d

SHA1
c6b86ba4d3c67d9c9d4bad4dad04a910d85ca75f

SHA256
2bdd04dd6720b654f8d420c92b46cf96ff174b55de33b27bd6dce8628318730f

SHA512
4c5eafd904887f246b9dbb7f48abbdd489e9df7a3f9a66e718c5cee0f690f69ffcecfca368638eef4bbfa72c442151a8d362ac793d152b67779d41b21c941464

Download Submit
C:\Windows\System\DQYDfRy.exe

Filesize
2.4MB

MD5
e6b7bdd82a44259e6226d43106542805

SHA1
235dd831f1600b835278de90ea89d5cd5f0a599d

SHA256
dc35d46ddb9fd45ec6b21dd144b3aa677c0fd2128670ec35102584729627ef52

SHA512
6d5a0ca1d9c1d6f27ad92c7a62018a44ef57eaed577a81652587da91094b8fa8c5ae1370a2693b627a80467dcb9e6ff239edc73ea0bfd4ff8781bd4876a969cd

Download Submit
C:\Windows\System\EaDXjuq.exe

Filesize
2.4MB

MD5
f7a9b043c534d3be1dfbb5144116dc3c

SHA1
e58d0763b2c96cb8daaabf3144e1f07ea4e5b471

SHA256
4bf1507a785e7f9fb36c853b85cdff5fa77a8a9524ac16a19c3b76a2b51c65a6

SHA512
0578036fd9a5555c735093d32d45347cdc2d7a9c1c6c3497dbf37af0c06da2aa73e00f12c33e386d9b9f9c8208de4cf20e0d1d1bbcb2fe6dd1ce51c05399f6ff

Download Submit
C:\Windows\System\GkhnIkE.exe

Filesize
2.4MB

MD5
509846706efd08080ff1a36773288a21

SHA1
1148980445987a2121279277f39587511e77c90a

SHA256
d2c2c69297b76c28a697ab0bc9b99102b6cc98e0d6e49f60e8aa0137ad512b3a

SHA512
0c7755674d922ac052232cb175b12125432bc52e12d6a1636aa00c921b933ba23afbf9c3add2ea7df8bc0c4e3aa5b88546604561cfef32a2da8d1149dee91225

Download Submit
C:\Windows\System\HwFqHhT.exe

Filesize
2.4MB

MD5
ae6d2a027c889cfc77bc1a030d43e3bc

SHA1
5dbb1585fb3fd47c5b694dc256e02c25b9e6a573

SHA256
39e7b93513f50bed09ba63a6c3275145a6682f8b23ab566fd578b8a7b3de4a48

SHA512
5685f02ced7a62db4bb917f7cbce329336224547281acdabaa680ff92aea2cd9ac8513fc97804e213b3bebd5222ddeb72c675b0c913c391481da51de441ae9b7

Download Submit
C:\Windows\System\JScncFW.exe

Filesize
2.4MB

MD5
da53695c14654c27ac3fd62b435bd5ac

SHA1
3b67a9da8d4acfd98022217488d2b393107d9c14

SHA256
698519efa501382d2e2a34425b4e97924de189185b150fc25de04a1f69ad6a67

SHA512
22dbd39a68c274f03200a4b7e1ed0cc90c16971436a8896ddb87e3101ebed53c52875dbd13755494bbc713b5d62bb204f77b6dded3617665b1e05e3f4166db35

Download Submit
C:\Windows\System\JtzQTFX.exe

Filesize
2.4MB

MD5
10d9428322a982125d82c2ba2140a7fe

SHA1
d9c26aab224bfa4eeadbc63c22db30465115afb0

SHA256
a84ffff7988f517eb8d0c2c21a29e0f162b040dd40b4c462adc3496999a52ff2

SHA512
90c33b2066bebd7fa997eed92cec3ce588b375a862278a4771e733b6a02600b702e71eac8961a1ac8225120cbb88ced4e50db7167071477bf00c2a8412af7371

Download Submit
C:\Windows\System\KoNbVNh.exe

Filesize
2.4MB

MD5
fcb58ddf3fceecc409a67d4cfe751de5

SHA1
84328d015620f92ee455722c92e14aa903e76812

SHA256
c3026dbb5710a7a3d0f3a3ad5a244dedd448bd3a1e9657a31cb8f198d0b25d01

SHA512
948eb95af6ccb5bf284a9b736edda8fc2705becd28e99ffcfada69ed3f559fefb62544ef70f6d9824f540cc58a34539b09696324780950abcd480dd50e9a320d

Download Submit
C:\Windows\System\NziNyrf.exe

Filesize
2.4MB

MD5
c9b48cba2d31b646a3b0cec4989d4f6c

SHA1
a7536727537e076f6ce0651d6749eaaf42546d2c

SHA256
38ac10d9be563b5629e3e0edd2e247530b53dde33fa9e43d04c0b65cc0b593f5

SHA512
8430a5a00cfc3d13c35b37f53b72e2ff924cedd5cda1a181a401b955bd8187d71ceb26c6fab4fbb6d324c33b34bab9d2050d6d0db38bedae6a76bd0bc8fb3278

Download Submit
C:\Windows\System\OewxYqg.exe

Filesize
2.4MB

MD5
253f5a9c22a5c5e5a27866da5bffc4f1

SHA1
f8aa320059baa993d09de72666d198198de5e064

SHA256
7c01c97c6031d8579609dd62320b088d9666906d0237ade4dd872823baff6fa3

SHA512
943f8459e2e95324d745d12ccd1be2fceaee344b2aab5993809c3e358e63c820b310a2b3dd441595578b6fa04e692f5376afbcf5029be5bd5939c0706e807320

Download Submit
C:\Windows\System\PaoHATD.exe

Filesize
2.4MB

MD5
2a6d409e6e545ae599412bc5a81f0d50

SHA1
e39b12fe978db8b38bf40cd5d0daac657a1d49be

SHA256
2b25a8bb39d57694e96d53d362a093467228150a5bc39d208d504f94586ae0ae

SHA512
ca19fda4c1e2d229a4b316f16c88382b5b926018833ece5d3269c327557913915bc38ac3fc5ec5471c2098c893a244cb4c2a88a7776dc2e840cf2ce3587c31f0

Download Submit
C:\Windows\System\QNKGhTg.exe

Filesize
2.4MB

MD5
930960e78d0b5fe2721f2136c8545782

SHA1
1ad21a6ddd8c89fe9d329ddaa47194310521ada6

SHA256
a2a595335baf90730bae5d14556dbf1163d5fe7f0d7c62a8c0e483e38e0a000d

SHA512
8aae5ae3d0b4e6395136dc4471ceb83140c24f8820f43c708fe843353c351515943fefedcb189a9015df9983697519ed38817b36485d1e4316834450c5f24a80

Download Submit
C:\Windows\System\SnQqamD.exe

Filesize
2.4MB

MD5
8fefd4774407d31d37964b6933bc5bb1

SHA1
b6699827214f9e9e2b77acc6d58eb279d9c6bb97

SHA256
5bd60c2b5b12c97540a549ac515445f8c130d5e85e841b643760718144bf6b79

SHA512
b1f1b157db9f1c2831d1c7d4a54931594e7716d83c420580f419ed43cb1e48d0b1022b1c090a19002a8dc8c6038198d141b585a4d16367bd7288fa55e8e3ba52

Download Submit
C:\Windows\System\TgwwQxL.exe

Filesize
2.4MB

MD5
e8beb0c378c6d91e1c5fb7014f349fe0

SHA1
3ce88d350a30f00de3d34a28583f7ded7eeb8741

SHA256
c5c2b76ca20f29e31169f24f27277d712347ed366b70385f3dd965bb87cd355a

SHA512
76c65d4ff7fd1e8effc52b410d6be7b7ef110b271c20516e5f1b38102321360e475b47f1e4acaea0c52d98253cf66069478390936da96c8847be812656b7fa3b

Download Submit
C:\Windows\System\XxonuiY.exe

Filesize
2.4MB

MD5
a86899b72adee5d6dd5244847b365bde

SHA1
84b927a56c99493bfbd9166a7e2a9f25259a36ef

SHA256
028c10a735e9d2018eb5d249a53c754d3bac79ca987f70bdbb8c12c855b0d977

SHA512
9ab099a5f51a9607c45ded12a7482e5f8aaa7ad2b66ac671a687a63f1cda59765dd3c84fd6be846116a0c581c252e92ba9c6f4507d8b433da8f8e7565c263b39

Download Submit
C:\Windows\System\ZdRvOnx.exe

Filesize
2.4MB

MD5
c081efaf50c18b28df19b23a5f41fa79

SHA1
03874e591500f9797accb8f3ce8e65ef4eb31a68

SHA256
856f00e6933d6ac52df133f7d13c6cb8c55469b533abfbec45c4cd9940297cbc

SHA512
fb99095d34477047a26f4c4bc9f80d4dd06fed91c2e3b080cd930842309046a2ceb4cf3186edce1ac909bb1ea4636400b52b3239649075bf9fb95b034e2cb790

Download Submit
C:\Windows\System\aKUhpVa.exe

Filesize
2.4MB

MD5
5d70e67a077fe99c6ca4312d67638dde

SHA1
259dbaa30d84881ceaf14a2631d2623cc6e9fa2e

SHA256
b0abc9afff5e03014078bc3a7c4bf82e268ef16ec889eb63fdeb1d5540c918e1

SHA512
3846419b683af8efe884961215552c5b4083e2c8b480864df3269307a0c4e86730dd3351131c82f462ede76764d3df111aa1357a11ccc6dcdd0d44131f985df6

Download Submit
C:\Windows\System\cGTLuJP.exe

Filesize
2.4MB

MD5
8afb8f32619bb89c2a1a29975df5b88b

SHA1
ebfe1cb205b58e6683019672eab3bad501a7e8c4

SHA256
e13ff44dadf342dfe06465b75ffcee61260700b271571b4b17aedc33ec2d573a

SHA512
769a5e12bc2097b544d44d59eb172b2f14c3d01002dddf38fea2274bc219cb3c8951cd0d24c48e49b304adec15fe4adef4a874175709733ea579dfd6b415249a

Download Submit
C:\Windows\System\ctYzmcq.exe

Filesize
2.4MB

MD5
258c9e11722e052292adafed5dd4773d

SHA1
cae4d2cff3b982c564bb38d6fac33b8541270ea5

SHA256
375e8cb949488fabc407b11fa7ae0df845b4bf61c2708b660aa3e506580b31c4

SHA512
465f07c7c8b2629943560a34eab7657b29e9c885f8107dbc581b8fd89a0380c9fc36b516e33406ae0d85e75ffc86a025edc45c016d2f2a6494405d711116f5f0

Download Submit
C:\Windows\System\cvAunDm.exe

Filesize
2.4MB

MD5
64e68bb272caf81e27e8270986c22f13

SHA1
00669be173ead73f0160c15a4617398ad3f630f0

SHA256
e54338ae9b5572b4309a854433038762063c93b68cbef1810cdccd4117a810cc

SHA512
fc19f39e29b24531aa9fdf85f07a55623916490efaf39617dbec738ada2ec4687e0ed19a437538d9d509774e40fa8cf091d7988f828d8b5e28a0386e74cda282

Download Submit
C:\Windows\System\iDKGCZt.exe

Filesize
2.4MB

MD5
929b46454b789aade2a1748a8308ec45

SHA1
bd57eca1798d20afeef8a0050c59d23c4015186e

SHA256
1d7d4a07302fa4ce48313efb77e30f31d88ce64d9f6cdbac30b9590f87757093

SHA512
8ae74a50756586fb02c5ffe3024588199c29d542e202689fc0d0052f6f21cdd7c8269f8983ec78328c57632cc43ef3b248aec3af1ded9346bd5a91f370c40346

Download Submit
C:\Windows\System\jSbpfHV.exe

Filesize
2.4MB

MD5
ff576ceaf8a686e9afbcc24618667bae

SHA1
5d15f50fc12b7ae3758ec39db1996a61ebfc1056

SHA256
1ad5b1760024a0d461d58a0c51cee3e3ef920b1587bc3b3c2c3dd70e9c3c0eeb

SHA512
a534c833c095658de57f223d84443d1835b8573c86293b7d3ed0175e1e7d99322e1cb4029a52fea185e4eb074e01d6aac677a993708e098e8e61921e04104853

Download Submit
C:\Windows\System\okqptxd.exe

Filesize
2.4MB

MD5
6f03c7520be526098df1b0234ea71803

SHA1
cf76aec4be7886b02692c206048f01b92c196aba

SHA256
b4cc4041cff54d55e25ceddbf02ff7a91dea2913f2af6373347bdb7dc50ab17d

SHA512
b68d85b650a3a307eaa35d714b625580c619ad173f5571e4da8dcae6c69ab6f806ec7169bf3ca8aca5d26df0fc3a8cc1904f72151ba66eccd94c70ff52690976

Download Submit
C:\Windows\System\pulgFgp.exe

Filesize
2.4MB

MD5
4d519fe44f6ed9ecc7eff422e1231c4f

SHA1
2e6e0dd9f32c209082b4578eed1bf87a7a0289af

SHA256
48f0f6a3f57b12fec068753e05bed5fa63b365067473a9a77d09d17dcda1aba6

SHA512
79d0ceeade10152414dff5718ca05cd92bda93a2b8038dfc34dcf0e20c04f563eb5e0031a6157d94dd14d4c2d86fc7e584f53d5064407bb67588c868130e7524

Download Submit
C:\Windows\System\qxnAAwH.exe

Filesize
2.4MB

MD5
bdd06f34dd720b232f35b9d02b6e9908

SHA1
eb3f3c731d1d6eb847ceccb4685af5c00d4f7b9b

SHA256
7fe0502ea68306189afa714c2dca673d6dcd85e254072e03c267be308eebf901

SHA512
3e2b065ab878e717db7475a125d7661dfe6be0858816d900ca6a371b84394528ccd992f2b713be79b6037043ced93f014875eb33dd5acfbde5936f9fa37d9df6

Download Submit
C:\Windows\System\rKikQpY.exe

Filesize
2.4MB

MD5
658edfe6ae508e60fb69469864ed423e

SHA1
361826e637b4a59afa5b6471243e7777a28a11d6

SHA256
d3f85cec65b877c46417295ff5a17d67dcea02b7cf38b9b7e0568f3d5c5c4741

SHA512
8d583895cb90ac9ceead3858e26c6ead67026ddd6ad4db83e252627520882311f059164c62896c3a3424aaeca9848971ddf3b14fa5c3d312ff51603eeab73279

Download Submit
C:\Windows\System\rpWmFMU.exe

Filesize
2.4MB

MD5
b7a20beab983a2c16016813275be5f29

SHA1
13285a754c94e05eb289d6fa62606895c35888ab

SHA256
339fdeac438d48624a0e1f91083db569bbeb8ef974c7a5342a6f10c863f29c32

SHA512
30b9394a5f261a109359e204a9181be29b97a4d819dba8f422d560ebc5baccaeda58fe86d3f737c2f253060c10070d28cd2d0f657ea0af0457fd4751b29f4ac4

Download Submit
C:\Windows\System\stSkegb.exe

Filesize
2.4MB

MD5
decbef031f9471803057bb6d36543337

SHA1
649b9943f427abd12b2a550ec25a05bdacd22b6e

SHA256
d8f8ae7aaac472e4ea99d03b6516a8fe0a6c3e7f743e873e4366c688fc768ef8

SHA512
90baa71f463e2d99575016c4a5b77be80eed798bf03222490a75a94c452ab34a71b96d220e08cc1af78025a182bee9810e3a99b3d5b7ceb74c1010886b858ba1

Download Submit
C:\Windows\System\tkmkFUV.exe

Filesize
2.4MB

MD5
87e55cd0ae9e7efc59183f575fc270bb

SHA1
0c7ac5c9979feb8d0599a7f383ff46a1c78404f5

SHA256
950782837760fa84eb645fed4bab56b61732c516bb4049664ecbac57c852b8db

SHA512
7f5d9eae9e0266a028573bf5f0db83154f334b49b9e2d901cda31419198108b10fa2ab2f13a28e21942dd61d413f7ec131b813f2e3e6ada960355791784db74c

Download Submit
C:\Windows\System\uGpFkaP.exe

Filesize
2.4MB

MD5
abe8be11266cdbaaff3966323d78c68c

SHA1
6699a7b432fdfafcfa78e498d15a6d5656ac31f2

SHA256
b5d6e32c13342eeca715ccc71cb452f0eb78661df495758b92cd25f8eb4f59bf

SHA512
463cd3733124a7ee8387f4c7d98a11d52005cfe2361d767ade7f38ad78dc0c4f9919c2f824943c7163d4224c6d31ac524d4509bc55057071b6e941dac1718c80

Download Submit
C:\Windows\System\vmebbIO.exe

Filesize
2.4MB

MD5
8325f0a1a95207e93d6c3dfca0c260c1

SHA1
e59f6ffe4eb84a283adaab287daf3b90d5115ec4

SHA256
974206b7305968c5bb8030586da7a7543659abc532570fa42a476c249e36bd04

SHA512
32b770378485bfbab9889e3e38ecdca219d0a0a0ceb4111fd9add230206aef07e80c2731bfcb0d65a7dd974db6bd404ece13958378ee785bb324aab3e613c722

Download Submit
C:\Windows\System\wtrNVWT.exe

Filesize
2.4MB

MD5
e84c2d0c37353d35e09be53052d686a5

SHA1
0df3274c353de50d9b80b258007803844ac0747d

SHA256
1e42fc3e5d2a727a42d333b6101d906867dd4632d7b33670b65a739f9d1099fb

SHA512
25a4ec453b50d9e1347fd8ce2de1d8a2e557c81a28cfc98c6dddf20c49bf52bbada67207eb8b121ca7502919aa719c0302e165b4f9f2107aa4a88fce238f0134

Download Submit
C:\Windows\System\zBTAQQt.exe

Filesize
2.4MB

MD5
c667fb90406a1ac796725884371805eb

SHA1
346731faadc210aefd89fe5e6cf6b4e89d2f0d00

SHA256
91d2d3b38c609df30890faf18bbc371741a1a607726bdc1c35bb1c7d9ac6eec2

SHA512
66102707a8e88c3928440032f93e22cbd31a0c10842239a1265304b9f679dcaa05a6e31ddcc6afeb3ce441f44c9d7a2bab222a520dcd4dc22d8dec4947c9540c

Download Submit
memory/724-141-0x00007FF683340000-0x00007FF683694000-memory.dmp

Filesize
3.3MB

Download
memory/724-2108-0x00007FF683340000-0x00007FF683694000-memory.dmp

Filesize
3.3MB

Download
memory/880-204-0x00007FF71C3D0000-0x00007FF71C724000-memory.dmp

Filesize
3.3MB

Download
memory/880-2098-0x00007FF71C3D0000-0x00007FF71C724000-memory.dmp

Filesize
3.3MB

Download
memory/1224-205-0x00007FF7C0330000-0x00007FF7C0684000-memory.dmp

Filesize
3.3MB

Download
memory/1224-2100-0x00007FF7C0330000-0x00007FF7C0684000-memory.dmp

Filesize
3.3MB

Download
memory/1268-192-0x00007FF7BF7E0000-0x00007FF7BFB34000-memory.dmp

Filesize
3.3MB

Download
memory/1268-2110-0x00007FF7BF7E0000-0x00007FF7BFB34000-memory.dmp

Filesize
3.3MB

Download
memory/1300-2106-0x00007FF72FAC0000-0x00007FF72FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1300-164-0x00007FF72FAC0000-0x00007FF72FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1376-2116-0x00007FF744F60000-0x00007FF7452B4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-197-0x00007FF744F60000-0x00007FF7452B4000-memory.dmp

Filesize
3.3MB

Download
memory/1420-2107-0x00007FF73F8E0000-0x00007FF73FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1420-207-0x00007FF73F8E0000-0x00007FF73FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1988-203-0x00007FF6D0060000-0x00007FF6D03B4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-2096-0x00007FF6D0060000-0x00007FF6D03B4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-2103-0x00007FF609D80000-0x00007FF60A0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-105-0x00007FF609D80000-0x00007FF60A0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-201-0x00007FF7B3500000-0x00007FF7B3854000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2120-0x00007FF7B3500000-0x00007FF7B3854000-memory.dmp

Filesize
3.3MB

Download
memory/2136-1-0x000002064B5C0000-0x000002064B5D0000-memory.dmp

Filesize
64KB

Download
memory/2136-0-0x00007FF7834F0000-0x00007FF783844000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2089-0x00007FF7834F0000-0x00007FF783844000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2105-0x00007FF61D120000-0x00007FF61D474000-memory.dmp

Filesize
3.3MB

Download
memory/2340-140-0x00007FF61D120000-0x00007FF61D474000-memory.dmp

Filesize
3.3MB

Download
memory/2436-200-0x00007FF7063A0000-0x00007FF7066F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2122-0x00007FF7063A0000-0x00007FF7066F4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-76-0x00007FF6A1B20000-0x00007FF6A1E74000-memory.dmp

Filesize
3.3MB

Download
memory/2648-2102-0x00007FF6A1B20000-0x00007FF6A1E74000-memory.dmp

Filesize
3.3MB

Download
memory/2648-2091-0x00007FF6A1B20000-0x00007FF6A1E74000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2094-0x00007FF660A20000-0x00007FF660D74000-memory.dmp

Filesize
3.3MB

Download
memory/2736-11-0x00007FF660A20000-0x00007FF660D74000-memory.dmp

Filesize
3.3MB

Download
memory/2948-199-0x00007FF75E790000-0x00007FF75EAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2118-0x00007FF75E790000-0x00007FF75EAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3540-2111-0x00007FF6F7830000-0x00007FF6F7B84000-memory.dmp

Filesize
3.3MB

Download
memory/3540-170-0x00007FF6F7830000-0x00007FF6F7B84000-memory.dmp

Filesize
3.3MB

Download
memory/3884-40-0x00007FF745CA0000-0x00007FF745FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2093-0x00007FF745CA0000-0x00007FF745FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2099-0x00007FF745CA0000-0x00007FF745FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4308-208-0x00007FF713040000-0x00007FF713394000-memory.dmp

Filesize
3.3MB

Download
memory/4308-2112-0x00007FF713040000-0x00007FF713394000-memory.dmp

Filesize
3.3MB

Download
memory/4404-2095-0x00007FF712940000-0x00007FF712C94000-memory.dmp

Filesize
3.3MB

Download
memory/4404-2090-0x00007FF712940000-0x00007FF712C94000-memory.dmp

Filesize
3.3MB

Download
memory/4404-25-0x00007FF712940000-0x00007FF712C94000-memory.dmp

Filesize
3.3MB

Download
memory/4424-198-0x00007FF755DA0000-0x00007FF7560F4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2117-0x00007FF755DA0000-0x00007FF7560F4000-memory.dmp

Filesize
3.3MB

Download
memory/4552-123-0x00007FF7C43D0000-0x00007FF7C4724000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2104-0x00007FF7C43D0000-0x00007FF7C4724000-memory.dmp

Filesize
3.3MB

Download
memory/4608-209-0x00007FF61CB20000-0x00007FF61CE74000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2114-0x00007FF61CB20000-0x00007FF61CE74000-memory.dmp

Filesize
3.3MB

Download
memory/4704-2101-0x00007FF786E70000-0x00007FF7871C4000-memory.dmp

Filesize
3.3MB

Download
memory/4704-206-0x00007FF786E70000-0x00007FF7871C4000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2115-0x00007FF7F5390000-0x00007FF7F56E4000-memory.dmp

Filesize
3.3MB

Download
memory/4720-195-0x00007FF7F5390000-0x00007FF7F56E4000-memory.dmp

Filesize
3.3MB

Download
memory/4784-202-0x00007FF75EA60000-0x00007FF75EDB4000-memory.dmp

Filesize
3.3MB

Download
memory/4784-2121-0x00007FF75EA60000-0x00007FF75EDB4000-memory.dmp

Filesize
3.3MB

Download
memory/4936-191-0x00007FF75B360000-0x00007FF75B6B4000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2119-0x00007FF75B360000-0x00007FF75B6B4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-196-0x00007FF6A87E0000-0x00007FF6A8B34000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2113-0x00007FF6A87E0000-0x00007FF6A8B34000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2109-0x00007FF7E3770000-0x00007FF7E3AC4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-184-0x00007FF7E3770000-0x00007FF7E3AC4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-28-0x00007FF76F1C0000-0x00007FF76F514000-memory.dmp

Filesize
3.3MB

Download
memory/5076-2097-0x00007FF76F1C0000-0x00007FF76F514000-memory.dmp

Filesize
3.3MB

Download
memory/5076-2092-0x00007FF76F1C0000-0x00007FF76F514000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads