xmrig | 3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90

Analysis

max time kernel
134s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 21:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
Size

2.0MB
MD5

caf723a8ddcda117c28f171cfda0b60f
SHA1

05416ff0c03747a78fd72df2597947907e6abd58
SHA256

3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90
SHA512

61dca9fae9635aa428dffafc94a1b34817e31272b533578c1ea7e2379e91a719a299c6e02463c75e3e974d32e1f4698ce773c89b8481d927b70909e8f91d850c
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQF3OioF5qdhW:BemTLkNdfE0pZrQ8

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4872-0-0x00007FF7A7270000-0x00007FF7A75C4000-memory.dmp	UPX
behavioral2/files/0x000800000002341f-5.dat	UPX
behavioral2/files/0x0007000000023424-9.dat	UPX
behavioral2/files/0x0007000000023426-29.dat	UPX
behavioral2/files/0x0007000000023428-41.dat	UPX
behavioral2/files/0x000700000002342b-55.dat	UPX
behavioral2/files/0x000700000002342c-60.dat	UPX
behavioral2/files/0x000700000002342f-81.dat	UPX
behavioral2/files/0x0007000000023431-91.dat	UPX
behavioral2/files/0x0007000000023433-101.dat	UPX
behavioral2/files/0x0007000000023437-121.dat	UPX
behavioral2/files/0x000700000002343c-146.dat	UPX
behavioral2/memory/3936-484-0x00007FF670D50000-0x00007FF6710A4000-memory.dmp	UPX
behavioral2/files/0x0007000000023442-170.dat	UPX
behavioral2/files/0x0007000000023440-166.dat	UPX
behavioral2/files/0x0007000000023441-165.dat	UPX
behavioral2/files/0x000700000002343f-161.dat	UPX
behavioral2/files/0x000700000002343e-156.dat	UPX
behavioral2/files/0x000700000002343d-151.dat	UPX
behavioral2/files/0x000700000002343b-141.dat	UPX
behavioral2/files/0x000700000002343a-135.dat	UPX
behavioral2/files/0x0007000000023439-131.dat	UPX
behavioral2/files/0x0007000000023438-126.dat	UPX
behavioral2/files/0x0007000000023436-116.dat	UPX
behavioral2/files/0x0007000000023435-110.dat	UPX
behavioral2/files/0x0007000000023434-106.dat	UPX
behavioral2/files/0x0007000000023432-96.dat	UPX
behavioral2/files/0x0007000000023430-86.dat	UPX
behavioral2/files/0x000700000002342e-78.dat	UPX
behavioral2/files/0x000700000002342d-73.dat	UPX
behavioral2/files/0x000700000002342a-58.dat	UPX
behavioral2/files/0x0007000000023429-50.dat	UPX
behavioral2/memory/1800-42-0x00007FF661760000-0x00007FF661AB4000-memory.dmp	UPX
behavioral2/memory/2848-39-0x00007FF6C4DC0000-0x00007FF6C5114000-memory.dmp	UPX
behavioral2/memory/2032-38-0x00007FF7EC320000-0x00007FF7EC674000-memory.dmp	UPX
behavioral2/memory/3308-35-0x00007FF6624E0000-0x00007FF662834000-memory.dmp	UPX
behavioral2/files/0x0007000000023427-33.dat	UPX
behavioral2/memory/4196-31-0x00007FF6300D0000-0x00007FF630424000-memory.dmp	UPX
behavioral2/memory/844-27-0x00007FF68DB40000-0x00007FF68DE94000-memory.dmp	UPX
behavioral2/files/0x0007000000023425-25.dat	UPX
behavioral2/memory/3632-14-0x00007FF600650000-0x00007FF6009A4000-memory.dmp	UPX
behavioral2/files/0x0007000000023423-13.dat	UPX
behavioral2/memory/2016-485-0x00007FF66EC50000-0x00007FF66EFA4000-memory.dmp	UPX
behavioral2/memory/1936-487-0x00007FF706380000-0x00007FF7066D4000-memory.dmp	UPX
behavioral2/memory/2208-486-0x00007FF784A80000-0x00007FF784DD4000-memory.dmp	UPX
behavioral2/memory/5088-523-0x00007FF7EDD90000-0x00007FF7EE0E4000-memory.dmp	UPX
behavioral2/memory/5084-518-0x00007FF676A50000-0x00007FF676DA4000-memory.dmp	UPX
behavioral2/memory/3032-514-0x00007FF696E90000-0x00007FF6971E4000-memory.dmp	UPX
behavioral2/memory/2372-507-0x00007FF7FA800000-0x00007FF7FAB54000-memory.dmp	UPX
behavioral2/memory/3612-499-0x00007FF7F3F70000-0x00007FF7F42C4000-memory.dmp	UPX
behavioral2/memory/3148-596-0x00007FF681670000-0x00007FF6819C4000-memory.dmp	UPX
behavioral2/memory/2932-604-0x00007FF67CCF0000-0x00007FF67D044000-memory.dmp	UPX
behavioral2/memory/2988-611-0x00007FF65E3A0000-0x00007FF65E6F4000-memory.dmp	UPX
behavioral2/memory/2228-614-0x00007FF7F09C0000-0x00007FF7F0D14000-memory.dmp	UPX
behavioral2/memory/208-608-0x00007FF7F5FE0000-0x00007FF7F6334000-memory.dmp	UPX
behavioral2/memory/4768-599-0x00007FF63A050000-0x00007FF63A3A4000-memory.dmp	UPX
behavioral2/memory/1496-621-0x00007FF6B9590000-0x00007FF6B98E4000-memory.dmp	UPX
behavioral2/memory/4564-622-0x00007FF7439B0000-0x00007FF743D04000-memory.dmp	UPX
behavioral2/memory/980-620-0x00007FF635A90000-0x00007FF635DE4000-memory.dmp	UPX
behavioral2/memory/1924-554-0x00007FF7F3D50000-0x00007FF7F40A4000-memory.dmp	UPX
behavioral2/memory/3468-552-0x00007FF7B65E0000-0x00007FF7B6934000-memory.dmp	UPX
behavioral2/memory/2264-544-0x00007FF7DC0F0000-0x00007FF7DC444000-memory.dmp	UPX
behavioral2/memory/5068-537-0x00007FF7693C0000-0x00007FF769714000-memory.dmp	UPX
behavioral2/memory/4872-2138-0x00007FF7A7270000-0x00007FF7A75C4000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4872-0-0x00007FF7A7270000-0x00007FF7A75C4000-memory.dmp	xmrig
behavioral2/files/0x000800000002341f-5.dat	xmrig
behavioral2/files/0x0007000000023424-9.dat	xmrig
behavioral2/files/0x0007000000023426-29.dat	xmrig
behavioral2/files/0x0007000000023428-41.dat	xmrig
behavioral2/files/0x000700000002342b-55.dat	xmrig
behavioral2/files/0x000700000002342c-60.dat	xmrig
behavioral2/files/0x000700000002342f-81.dat	xmrig
behavioral2/files/0x0007000000023431-91.dat	xmrig
behavioral2/files/0x0007000000023433-101.dat	xmrig
behavioral2/files/0x0007000000023437-121.dat	xmrig
behavioral2/files/0x000700000002343c-146.dat	xmrig
behavioral2/memory/3936-484-0x00007FF670D50000-0x00007FF6710A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023442-170.dat	xmrig
behavioral2/files/0x0007000000023440-166.dat	xmrig
behavioral2/files/0x0007000000023441-165.dat	xmrig
behavioral2/files/0x000700000002343f-161.dat	xmrig
behavioral2/files/0x000700000002343e-156.dat	xmrig
behavioral2/files/0x000700000002343d-151.dat	xmrig
behavioral2/files/0x000700000002343b-141.dat	xmrig
behavioral2/files/0x000700000002343a-135.dat	xmrig
behavioral2/files/0x0007000000023439-131.dat	xmrig
behavioral2/files/0x0007000000023438-126.dat	xmrig
behavioral2/files/0x0007000000023436-116.dat	xmrig
behavioral2/files/0x0007000000023435-110.dat	xmrig
behavioral2/files/0x0007000000023434-106.dat	xmrig
behavioral2/files/0x0007000000023432-96.dat	xmrig
behavioral2/files/0x0007000000023430-86.dat	xmrig
behavioral2/files/0x000700000002342e-78.dat	xmrig
behavioral2/files/0x000700000002342d-73.dat	xmrig
behavioral2/files/0x000700000002342a-58.dat	xmrig
behavioral2/files/0x0007000000023429-50.dat	xmrig
behavioral2/memory/1800-42-0x00007FF661760000-0x00007FF661AB4000-memory.dmp	xmrig
behavioral2/memory/2848-39-0x00007FF6C4DC0000-0x00007FF6C5114000-memory.dmp	xmrig
behavioral2/memory/2032-38-0x00007FF7EC320000-0x00007FF7EC674000-memory.dmp	xmrig
behavioral2/memory/3308-35-0x00007FF6624E0000-0x00007FF662834000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-33.dat	xmrig
behavioral2/memory/4196-31-0x00007FF6300D0000-0x00007FF630424000-memory.dmp	xmrig
behavioral2/memory/844-27-0x00007FF68DB40000-0x00007FF68DE94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023425-25.dat	xmrig
behavioral2/memory/3632-14-0x00007FF600650000-0x00007FF6009A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-13.dat	xmrig
behavioral2/memory/2016-485-0x00007FF66EC50000-0x00007FF66EFA4000-memory.dmp	xmrig
behavioral2/memory/1936-487-0x00007FF706380000-0x00007FF7066D4000-memory.dmp	xmrig
behavioral2/memory/2208-486-0x00007FF784A80000-0x00007FF784DD4000-memory.dmp	xmrig
behavioral2/memory/5088-523-0x00007FF7EDD90000-0x00007FF7EE0E4000-memory.dmp	xmrig
behavioral2/memory/5084-518-0x00007FF676A50000-0x00007FF676DA4000-memory.dmp	xmrig
behavioral2/memory/3032-514-0x00007FF696E90000-0x00007FF6971E4000-memory.dmp	xmrig
behavioral2/memory/2372-507-0x00007FF7FA800000-0x00007FF7FAB54000-memory.dmp	xmrig
behavioral2/memory/3612-499-0x00007FF7F3F70000-0x00007FF7F42C4000-memory.dmp	xmrig
behavioral2/memory/3148-596-0x00007FF681670000-0x00007FF6819C4000-memory.dmp	xmrig
behavioral2/memory/2932-604-0x00007FF67CCF0000-0x00007FF67D044000-memory.dmp	xmrig
behavioral2/memory/2988-611-0x00007FF65E3A0000-0x00007FF65E6F4000-memory.dmp	xmrig
behavioral2/memory/2228-614-0x00007FF7F09C0000-0x00007FF7F0D14000-memory.dmp	xmrig
behavioral2/memory/208-608-0x00007FF7F5FE0000-0x00007FF7F6334000-memory.dmp	xmrig
behavioral2/memory/4768-599-0x00007FF63A050000-0x00007FF63A3A4000-memory.dmp	xmrig
behavioral2/memory/1496-621-0x00007FF6B9590000-0x00007FF6B98E4000-memory.dmp	xmrig
behavioral2/memory/4564-622-0x00007FF7439B0000-0x00007FF743D04000-memory.dmp	xmrig
behavioral2/memory/980-620-0x00007FF635A90000-0x00007FF635DE4000-memory.dmp	xmrig
behavioral2/memory/1924-554-0x00007FF7F3D50000-0x00007FF7F40A4000-memory.dmp	xmrig
behavioral2/memory/3468-552-0x00007FF7B65E0000-0x00007FF7B6934000-memory.dmp	xmrig
behavioral2/memory/2264-544-0x00007FF7DC0F0000-0x00007FF7DC444000-memory.dmp	xmrig
behavioral2/memory/5068-537-0x00007FF7693C0000-0x00007FF769714000-memory.dmp	xmrig
behavioral2/memory/4872-2138-0x00007FF7A7270000-0x00007FF7A75C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3632	SnzgfOi.exe
844	moqwmLY.exe
2032	KuIXWRy.exe
4196	SXPJlTz.exe
3308	PjqrzZG.exe
2848	UxLwPnI.exe
1800	YKtmkaV.exe
3936	olahRjC.exe
2016	ZioxDLs.exe
2208	kRwtojl.exe
1936	UeJSUGZ.exe
3612	ZHiYIPH.exe
2372	mlsBVCB.exe
3032	tSBnofO.exe
5084	yhCXuSt.exe
5088	UyPxIzR.exe
5068	KFpwXmo.exe
2264	yFHJoVs.exe
3468	OApxgcV.exe
1924	HLzokVT.exe
3148	OpuudqZ.exe
4768	pocCKPE.exe
2932	DQpoGyP.exe
208	jIakmqI.exe
2988	WYbOAVi.exe
2228	BMZnsbO.exe
980	ttlpscq.exe
1496	qjxaRzf.exe
4564	TnwEFUK.exe
3124	FkGGLnw.exe
4568	PeVArMs.exe
1152	oLblbOw.exe
3788	ljlhVGF.exe
1772	HaLFHlJ.exe
3904	tgYhzEg.exe
452	FtPeAud.exe
1148	UDZRwAS.exe
1476	XPIHNlS.exe
3428	daRYOdQ.exe
2824	skrwiUg.exe
4032	ieOnjUz.exe
4352	vTiuymr.exe
3900	ERnqltV.exe
4616	REuHIjD.exe
4892	unkJAON.exe
216	dxKtYsd.exe
1384	HdPwgzP.exe
1472	eyPPGNy.exe
3464	fgaasRN.exe
4344	ahDRpdz.exe
4472	JCVrrXj.exe
3888	IhcCrQt.exe
1080	gCrEaxf.exe
1540	SulZPgN.exe
2904	qdRZjWh.exe
3392	mCaWTKA.exe
2296	WiUllGc.exe
5036	JmxDlRp.exe
4008	Drhscvf.exe
920	hfwKCOk.exe
3196	aUXiFIg.exe
2128	oknOfpv.exe
2592	qNqFEEx.exe
2044	VvJTYhv.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4872-0-0x00007FF7A7270000-0x00007FF7A75C4000-memory.dmp	upx
behavioral2/files/0x000800000002341f-5.dat	upx
behavioral2/files/0x0007000000023424-9.dat	upx
behavioral2/files/0x0007000000023426-29.dat	upx
behavioral2/files/0x0007000000023428-41.dat	upx
behavioral2/files/0x000700000002342b-55.dat	upx
behavioral2/files/0x000700000002342c-60.dat	upx
behavioral2/files/0x000700000002342f-81.dat	upx
behavioral2/files/0x0007000000023431-91.dat	upx
behavioral2/files/0x0007000000023433-101.dat	upx
behavioral2/files/0x0007000000023437-121.dat	upx
behavioral2/files/0x000700000002343c-146.dat	upx
behavioral2/memory/3936-484-0x00007FF670D50000-0x00007FF6710A4000-memory.dmp	upx
behavioral2/files/0x0007000000023442-170.dat	upx
behavioral2/files/0x0007000000023440-166.dat	upx
behavioral2/files/0x0007000000023441-165.dat	upx
behavioral2/files/0x000700000002343f-161.dat	upx
behavioral2/files/0x000700000002343e-156.dat	upx
behavioral2/files/0x000700000002343d-151.dat	upx
behavioral2/files/0x000700000002343b-141.dat	upx
behavioral2/files/0x000700000002343a-135.dat	upx
behavioral2/files/0x0007000000023439-131.dat	upx
behavioral2/files/0x0007000000023438-126.dat	upx
behavioral2/files/0x0007000000023436-116.dat	upx
behavioral2/files/0x0007000000023435-110.dat	upx
behavioral2/files/0x0007000000023434-106.dat	upx
behavioral2/files/0x0007000000023432-96.dat	upx
behavioral2/files/0x0007000000023430-86.dat	upx
behavioral2/files/0x000700000002342e-78.dat	upx
behavioral2/files/0x000700000002342d-73.dat	upx
behavioral2/files/0x000700000002342a-58.dat	upx
behavioral2/files/0x0007000000023429-50.dat	upx
behavioral2/memory/1800-42-0x00007FF661760000-0x00007FF661AB4000-memory.dmp	upx
behavioral2/memory/2848-39-0x00007FF6C4DC0000-0x00007FF6C5114000-memory.dmp	upx
behavioral2/memory/2032-38-0x00007FF7EC320000-0x00007FF7EC674000-memory.dmp	upx
behavioral2/memory/3308-35-0x00007FF6624E0000-0x00007FF662834000-memory.dmp	upx
behavioral2/files/0x0007000000023427-33.dat	upx
behavioral2/memory/4196-31-0x00007FF6300D0000-0x00007FF630424000-memory.dmp	upx
behavioral2/memory/844-27-0x00007FF68DB40000-0x00007FF68DE94000-memory.dmp	upx
behavioral2/files/0x0007000000023425-25.dat	upx
behavioral2/memory/3632-14-0x00007FF600650000-0x00007FF6009A4000-memory.dmp	upx
behavioral2/files/0x0007000000023423-13.dat	upx
behavioral2/memory/2016-485-0x00007FF66EC50000-0x00007FF66EFA4000-memory.dmp	upx
behavioral2/memory/1936-487-0x00007FF706380000-0x00007FF7066D4000-memory.dmp	upx
behavioral2/memory/2208-486-0x00007FF784A80000-0x00007FF784DD4000-memory.dmp	upx
behavioral2/memory/5088-523-0x00007FF7EDD90000-0x00007FF7EE0E4000-memory.dmp	upx
behavioral2/memory/5084-518-0x00007FF676A50000-0x00007FF676DA4000-memory.dmp	upx
behavioral2/memory/3032-514-0x00007FF696E90000-0x00007FF6971E4000-memory.dmp	upx
behavioral2/memory/2372-507-0x00007FF7FA800000-0x00007FF7FAB54000-memory.dmp	upx
behavioral2/memory/3612-499-0x00007FF7F3F70000-0x00007FF7F42C4000-memory.dmp	upx
behavioral2/memory/3148-596-0x00007FF681670000-0x00007FF6819C4000-memory.dmp	upx
behavioral2/memory/2932-604-0x00007FF67CCF0000-0x00007FF67D044000-memory.dmp	upx
behavioral2/memory/2988-611-0x00007FF65E3A0000-0x00007FF65E6F4000-memory.dmp	upx
behavioral2/memory/2228-614-0x00007FF7F09C0000-0x00007FF7F0D14000-memory.dmp	upx
behavioral2/memory/208-608-0x00007FF7F5FE0000-0x00007FF7F6334000-memory.dmp	upx
behavioral2/memory/4768-599-0x00007FF63A050000-0x00007FF63A3A4000-memory.dmp	upx
behavioral2/memory/1496-621-0x00007FF6B9590000-0x00007FF6B98E4000-memory.dmp	upx
behavioral2/memory/4564-622-0x00007FF7439B0000-0x00007FF743D04000-memory.dmp	upx
behavioral2/memory/980-620-0x00007FF635A90000-0x00007FF635DE4000-memory.dmp	upx
behavioral2/memory/1924-554-0x00007FF7F3D50000-0x00007FF7F40A4000-memory.dmp	upx
behavioral2/memory/3468-552-0x00007FF7B65E0000-0x00007FF7B6934000-memory.dmp	upx
behavioral2/memory/2264-544-0x00007FF7DC0F0000-0x00007FF7DC444000-memory.dmp	upx
behavioral2/memory/5068-537-0x00007FF7693C0000-0x00007FF769714000-memory.dmp	upx
behavioral2/memory/4872-2138-0x00007FF7A7270000-0x00007FF7A75C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jiFQFwI.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\YKtmkaV.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\oYRDDzJ.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\TKZaodg.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\oBlkSPj.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\qCAXMHw.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\bVeyqpl.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\OrhsPAo.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\tgYhzEg.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\iLeDFTS.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\dyxakvb.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\bxFMPPD.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\TkaGEfv.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\hbuYTZy.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\zQomxJg.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\FNHmDTw.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\vFWyAIo.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\bgWTkoo.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\IooSgoA.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\XtvBYyA.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\KRtYTsl.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\RcGpHWc.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\eKCcSeP.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\HCgBnBh.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\pxOuXDM.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\NKbdZrU.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\AklcnQo.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\aUXiFIg.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\pxwBNpq.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\IFXlzNm.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\vChwBgy.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\mNhFjVP.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\oaAzYJU.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\ytOhjRo.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\VbeHSxO.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\XlQkvbB.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\laIEoDW.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\lamKbuZ.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\vQhqzgM.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\fajlDKc.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\eeKWOiy.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\ezwxQzY.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\DkrUrlN.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\MPsQepD.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\UxLwPnI.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\sWIHmqB.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\kHjgXIo.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\IbrpwCA.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\bLIkWoS.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\aLVVAJS.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\WztVnBk.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\mURuGUy.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\iNNdAcF.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\LJDPWMW.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\aQgesKk.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\RoNUEdG.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\nFDhdeH.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\qSjKmQs.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\qnkUksD.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\DQKicOZ.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\moqwmLY.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\xNipbEF.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\VDCcFkr.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
File created	C:\Windows\System\VvbmCDJ.exe	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14220	dwm.exe
Token: SeChangeNotifyPrivilege	14220	dwm.exe
Token: 33	14220	dwm.exe
Token: SeIncBasePriorityPrivilege	14220	dwm.exe
Token: SeShutdownPrivilege	14220	dwm.exe
Token: SeCreatePagefilePrivilege	14220	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 3632	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	84
PID 4872 wrote to memory of 3632	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	84
PID 4872 wrote to memory of 844	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	85
PID 4872 wrote to memory of 844	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	85
PID 4872 wrote to memory of 2032	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	86
PID 4872 wrote to memory of 2032	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	86
PID 4872 wrote to memory of 4196	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	87
PID 4872 wrote to memory of 4196	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	87
PID 4872 wrote to memory of 3308	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	88
PID 4872 wrote to memory of 3308	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	88
PID 4872 wrote to memory of 2848	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	89
PID 4872 wrote to memory of 2848	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	89
PID 4872 wrote to memory of 1800	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	90
PID 4872 wrote to memory of 1800	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	90
PID 4872 wrote to memory of 3936	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	91
PID 4872 wrote to memory of 3936	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	91
PID 4872 wrote to memory of 2016	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	92
PID 4872 wrote to memory of 2016	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	92
PID 4872 wrote to memory of 2208	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	93
PID 4872 wrote to memory of 2208	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	93
PID 4872 wrote to memory of 1936	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	94
PID 4872 wrote to memory of 1936	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	94
PID 4872 wrote to memory of 3612	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	95
PID 4872 wrote to memory of 3612	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	95
PID 4872 wrote to memory of 2372	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	96
PID 4872 wrote to memory of 2372	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	96
PID 4872 wrote to memory of 3032	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	97
PID 4872 wrote to memory of 3032	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	97
PID 4872 wrote to memory of 5084	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	98
PID 4872 wrote to memory of 5084	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	98
PID 4872 wrote to memory of 5088	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	99
PID 4872 wrote to memory of 5088	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	99
PID 4872 wrote to memory of 5068	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	100
PID 4872 wrote to memory of 5068	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	100
PID 4872 wrote to memory of 2264	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	101
PID 4872 wrote to memory of 2264	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	101
PID 4872 wrote to memory of 3468	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	102
PID 4872 wrote to memory of 3468	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	102
PID 4872 wrote to memory of 1924	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	103
PID 4872 wrote to memory of 1924	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	103
PID 4872 wrote to memory of 3148	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	104
PID 4872 wrote to memory of 3148	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	104
PID 4872 wrote to memory of 4768	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	105
PID 4872 wrote to memory of 4768	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	105
PID 4872 wrote to memory of 2932	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	106
PID 4872 wrote to memory of 2932	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	106
PID 4872 wrote to memory of 208	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	107
PID 4872 wrote to memory of 208	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	107
PID 4872 wrote to memory of 2988	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	108
PID 4872 wrote to memory of 2988	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	108
PID 4872 wrote to memory of 2228	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	109
PID 4872 wrote to memory of 2228	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	109
PID 4872 wrote to memory of 980	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	110
PID 4872 wrote to memory of 980	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	110
PID 4872 wrote to memory of 1496	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	111
PID 4872 wrote to memory of 1496	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	111
PID 4872 wrote to memory of 4564	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	112
PID 4872 wrote to memory of 4564	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	112
PID 4872 wrote to memory of 3124	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	113
PID 4872 wrote to memory of 3124	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	113
PID 4872 wrote to memory of 4568	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	114
PID 4872 wrote to memory of 4568	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	114
PID 4872 wrote to memory of 1152	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	115
PID 4872 wrote to memory of 1152	4872	3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe	115

C:\Users\Admin\AppData\Local\Temp\3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe
"C:\Users\Admin\AppData\Local\Temp\3606e73ad651869926d0e58d958d30c99782f6d7d7b3e0ec0bf93efd3cc07f90.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Windows\System\SnzgfOi.exe
  C:\Windows\System\SnzgfOi.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\moqwmLY.exe
  C:\Windows\System\moqwmLY.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\KuIXWRy.exe
  C:\Windows\System\KuIXWRy.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\SXPJlTz.exe
  C:\Windows\System\SXPJlTz.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\PjqrzZG.exe
  C:\Windows\System\PjqrzZG.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\UxLwPnI.exe
  C:\Windows\System\UxLwPnI.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\YKtmkaV.exe
  C:\Windows\System\YKtmkaV.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\olahRjC.exe
  C:\Windows\System\olahRjC.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\ZioxDLs.exe
  C:\Windows\System\ZioxDLs.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\kRwtojl.exe
  C:\Windows\System\kRwtojl.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\UeJSUGZ.exe
  C:\Windows\System\UeJSUGZ.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\ZHiYIPH.exe
  C:\Windows\System\ZHiYIPH.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\mlsBVCB.exe
  C:\Windows\System\mlsBVCB.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\tSBnofO.exe
  C:\Windows\System\tSBnofO.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\yhCXuSt.exe
  C:\Windows\System\yhCXuSt.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\UyPxIzR.exe
  C:\Windows\System\UyPxIzR.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\KFpwXmo.exe
  C:\Windows\System\KFpwXmo.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\yFHJoVs.exe
  C:\Windows\System\yFHJoVs.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\OApxgcV.exe
  C:\Windows\System\OApxgcV.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\HLzokVT.exe
  C:\Windows\System\HLzokVT.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\OpuudqZ.exe
  C:\Windows\System\OpuudqZ.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\pocCKPE.exe
  C:\Windows\System\pocCKPE.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\DQpoGyP.exe
  C:\Windows\System\DQpoGyP.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\jIakmqI.exe
  C:\Windows\System\jIakmqI.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\WYbOAVi.exe
  C:\Windows\System\WYbOAVi.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\BMZnsbO.exe
  C:\Windows\System\BMZnsbO.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ttlpscq.exe
  C:\Windows\System\ttlpscq.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\qjxaRzf.exe
  C:\Windows\System\qjxaRzf.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\TnwEFUK.exe
  C:\Windows\System\TnwEFUK.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\FkGGLnw.exe
  C:\Windows\System\FkGGLnw.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\PeVArMs.exe
  C:\Windows\System\PeVArMs.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\oLblbOw.exe
  C:\Windows\System\oLblbOw.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\ljlhVGF.exe
  C:\Windows\System\ljlhVGF.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\HaLFHlJ.exe
  C:\Windows\System\HaLFHlJ.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\tgYhzEg.exe
  C:\Windows\System\tgYhzEg.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\FtPeAud.exe
  C:\Windows\System\FtPeAud.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\UDZRwAS.exe
  C:\Windows\System\UDZRwAS.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\XPIHNlS.exe
  C:\Windows\System\XPIHNlS.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\daRYOdQ.exe
  C:\Windows\System\daRYOdQ.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\skrwiUg.exe
  C:\Windows\System\skrwiUg.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\ieOnjUz.exe
  C:\Windows\System\ieOnjUz.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\vTiuymr.exe
  C:\Windows\System\vTiuymr.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\ERnqltV.exe
  C:\Windows\System\ERnqltV.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\REuHIjD.exe
  C:\Windows\System\REuHIjD.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\unkJAON.exe
  C:\Windows\System\unkJAON.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\dxKtYsd.exe
  C:\Windows\System\dxKtYsd.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\HdPwgzP.exe
  C:\Windows\System\HdPwgzP.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\eyPPGNy.exe
  C:\Windows\System\eyPPGNy.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\fgaasRN.exe
  C:\Windows\System\fgaasRN.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\ahDRpdz.exe
  C:\Windows\System\ahDRpdz.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\JCVrrXj.exe
  C:\Windows\System\JCVrrXj.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\IhcCrQt.exe
  C:\Windows\System\IhcCrQt.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\gCrEaxf.exe
  C:\Windows\System\gCrEaxf.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\SulZPgN.exe
  C:\Windows\System\SulZPgN.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\qdRZjWh.exe
  C:\Windows\System\qdRZjWh.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\mCaWTKA.exe
  C:\Windows\System\mCaWTKA.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\WiUllGc.exe
  C:\Windows\System\WiUllGc.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\JmxDlRp.exe
  C:\Windows\System\JmxDlRp.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\Drhscvf.exe
  C:\Windows\System\Drhscvf.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\hfwKCOk.exe
  C:\Windows\System\hfwKCOk.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\aUXiFIg.exe
  C:\Windows\System\aUXiFIg.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\oknOfpv.exe
  C:\Windows\System\oknOfpv.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\qNqFEEx.exe
  C:\Windows\System\qNqFEEx.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\VvJTYhv.exe
  C:\Windows\System\VvJTYhv.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\ITocNOC.exe
  C:\Windows\System\ITocNOC.exe
  2⤵
  PID:3472
- C:\Windows\System\zuTwaKP.exe
  C:\Windows\System\zuTwaKP.exe
  2⤵
  PID:4624
- C:\Windows\System\MxDJeuo.exe
  C:\Windows\System\MxDJeuo.exe
  2⤵
  PID:4496
- C:\Windows\System\ACrxdUK.exe
  C:\Windows\System\ACrxdUK.exe
  2⤵
  PID:3364
- C:\Windows\System\CaHURxL.exe
  C:\Windows\System\CaHURxL.exe
  2⤵
  PID:2956
- C:\Windows\System\rVKAbjc.exe
  C:\Windows\System\rVKAbjc.exe
  2⤵
  PID:2556
- C:\Windows\System\WSUXWBd.exe
  C:\Windows\System\WSUXWBd.exe
  2⤵
  PID:1564
- C:\Windows\System\qnYMGiW.exe
  C:\Windows\System\qnYMGiW.exe
  2⤵
  PID:1520
- C:\Windows\System\AkNYzdc.exe
  C:\Windows\System\AkNYzdc.exe
  2⤵
  PID:3516
- C:\Windows\System\DiQlndU.exe
  C:\Windows\System\DiQlndU.exe
  2⤵
  PID:2820
- C:\Windows\System\uhfaDve.exe
  C:\Windows\System\uhfaDve.exe
  2⤵
  PID:2660
- C:\Windows\System\nyiDFZu.exe
  C:\Windows\System\nyiDFZu.exe
  2⤵
  PID:2980
- C:\Windows\System\lTHnZyz.exe
  C:\Windows\System\lTHnZyz.exe
  2⤵
  PID:4016
- C:\Windows\System\scgREVx.exe
  C:\Windows\System\scgREVx.exe
  2⤵
  PID:4104
- C:\Windows\System\aeHEnVG.exe
  C:\Windows\System\aeHEnVG.exe
  2⤵
  PID:4680
- C:\Windows\System\gyLXGkB.exe
  C:\Windows\System\gyLXGkB.exe
  2⤵
  PID:720
- C:\Windows\System\OUXzlWQ.exe
  C:\Windows\System\OUXzlWQ.exe
  2⤵
  PID:1448
- C:\Windows\System\bLIkWoS.exe
  C:\Windows\System\bLIkWoS.exe
  2⤵
  PID:4788
- C:\Windows\System\ZtKtxfQ.exe
  C:\Windows\System\ZtKtxfQ.exe
  2⤵
  PID:2116
- C:\Windows\System\gkoMqUM.exe
  C:\Windows\System\gkoMqUM.exe
  2⤵
  PID:5144
- C:\Windows\System\PXtlpdk.exe
  C:\Windows\System\PXtlpdk.exe
  2⤵
  PID:5172
- C:\Windows\System\ewFISis.exe
  C:\Windows\System\ewFISis.exe
  2⤵
  PID:5204
- C:\Windows\System\HVnVECM.exe
  C:\Windows\System\HVnVECM.exe
  2⤵
  PID:5232
- C:\Windows\System\gCZhZti.exe
  C:\Windows\System\gCZhZti.exe
  2⤵
  PID:5256
- C:\Windows\System\jOfZdRk.exe
  C:\Windows\System\jOfZdRk.exe
  2⤵
  PID:5284
- C:\Windows\System\QJXUaaI.exe
  C:\Windows\System\QJXUaaI.exe
  2⤵
  PID:5312
- C:\Windows\System\YxpyPCe.exe
  C:\Windows\System\YxpyPCe.exe
  2⤵
  PID:5344
- C:\Windows\System\aLVVAJS.exe
  C:\Windows\System\aLVVAJS.exe
  2⤵
  PID:5368
- C:\Windows\System\axfcvsn.exe
  C:\Windows\System\axfcvsn.exe
  2⤵
  PID:5396
- C:\Windows\System\meIDkCM.exe
  C:\Windows\System\meIDkCM.exe
  2⤵
  PID:5424
- C:\Windows\System\laIEoDW.exe
  C:\Windows\System\laIEoDW.exe
  2⤵
  PID:5456
- C:\Windows\System\YSmtieW.exe
  C:\Windows\System\YSmtieW.exe
  2⤵
  PID:5488
- C:\Windows\System\QEjJBkD.exe
  C:\Windows\System\QEjJBkD.exe
  2⤵
  PID:5512
- C:\Windows\System\iyCdumc.exe
  C:\Windows\System\iyCdumc.exe
  2⤵
  PID:5540
- C:\Windows\System\NJdMTTe.exe
  C:\Windows\System\NJdMTTe.exe
  2⤵
  PID:5568
- C:\Windows\System\kSZuetf.exe
  C:\Windows\System\kSZuetf.exe
  2⤵
  PID:5592
- C:\Windows\System\aGCgbNU.exe
  C:\Windows\System\aGCgbNU.exe
  2⤵
  PID:5620
- C:\Windows\System\oYRDDzJ.exe
  C:\Windows\System\oYRDDzJ.exe
  2⤵
  PID:5648
- C:\Windows\System\DBgTfgg.exe
  C:\Windows\System\DBgTfgg.exe
  2⤵
  PID:5676
- C:\Windows\System\ETYLmBr.exe
  C:\Windows\System\ETYLmBr.exe
  2⤵
  PID:5704
- C:\Windows\System\MDLjDLs.exe
  C:\Windows\System\MDLjDLs.exe
  2⤵
  PID:5732
- C:\Windows\System\aMHEuUb.exe
  C:\Windows\System\aMHEuUb.exe
  2⤵
  PID:5760
- C:\Windows\System\ycBUqXL.exe
  C:\Windows\System\ycBUqXL.exe
  2⤵
  PID:5788
- C:\Windows\System\ySKcpNS.exe
  C:\Windows\System\ySKcpNS.exe
  2⤵
  PID:5816
- C:\Windows\System\bWdHHcL.exe
  C:\Windows\System\bWdHHcL.exe
  2⤵
  PID:5844
- C:\Windows\System\zCQPIZt.exe
  C:\Windows\System\zCQPIZt.exe
  2⤵
  PID:5872
- C:\Windows\System\hbuYTZy.exe
  C:\Windows\System\hbuYTZy.exe
  2⤵
  PID:5900
- C:\Windows\System\mevnIfz.exe
  C:\Windows\System\mevnIfz.exe
  2⤵
  PID:5928
- C:\Windows\System\gBeYIHo.exe
  C:\Windows\System\gBeYIHo.exe
  2⤵
  PID:5964
- C:\Windows\System\NyKQyQN.exe
  C:\Windows\System\NyKQyQN.exe
  2⤵
  PID:5988
- C:\Windows\System\yNYzjRp.exe
  C:\Windows\System\yNYzjRp.exe
  2⤵
  PID:6016
- C:\Windows\System\bPKerdd.exe
  C:\Windows\System\bPKerdd.exe
  2⤵
  PID:6044
- C:\Windows\System\CnAZPVb.exe
  C:\Windows\System\CnAZPVb.exe
  2⤵
  PID:6068
- C:\Windows\System\oeknZZE.exe
  C:\Windows\System\oeknZZE.exe
  2⤵
  PID:6100
- C:\Windows\System\GNfzdWy.exe
  C:\Windows\System\GNfzdWy.exe
  2⤵
  PID:6128
- C:\Windows\System\ZRLPNMG.exe
  C:\Windows\System\ZRLPNMG.exe
  2⤵
  PID:5044
- C:\Windows\System\PcDxmqi.exe
  C:\Windows\System\PcDxmqi.exe
  2⤵
  PID:4604
- C:\Windows\System\RzDuIto.exe
  C:\Windows\System\RzDuIto.exe
  2⤵
  PID:4948
- C:\Windows\System\undDMmp.exe
  C:\Windows\System\undDMmp.exe
  2⤵
  PID:4368
- C:\Windows\System\linmJhd.exe
  C:\Windows\System\linmJhd.exe
  2⤵
  PID:5168
- C:\Windows\System\zLgPimN.exe
  C:\Windows\System\zLgPimN.exe
  2⤵
  PID:5220
- C:\Windows\System\sZUREAg.exe
  C:\Windows\System\sZUREAg.exe
  2⤵
  PID:5276
- C:\Windows\System\xqjVvZl.exe
  C:\Windows\System\xqjVvZl.exe
  2⤵
  PID:5336
- C:\Windows\System\pipdcCO.exe
  C:\Windows\System\pipdcCO.exe
  2⤵
  PID:5384
- C:\Windows\System\loUgLOY.exe
  C:\Windows\System\loUgLOY.exe
  2⤵
  PID:5420
- C:\Windows\System\cMNsEWV.exe
  C:\Windows\System\cMNsEWV.exe
  2⤵
  PID:5496
- C:\Windows\System\FQDRBkB.exe
  C:\Windows\System\FQDRBkB.exe
  2⤵
  PID:5556
- C:\Windows\System\IcrwZhC.exe
  C:\Windows\System\IcrwZhC.exe
  2⤵
  PID:5612
- C:\Windows\System\xYctqLT.exe
  C:\Windows\System\xYctqLT.exe
  2⤵
  PID:5668
- C:\Windows\System\sWIHmqB.exe
  C:\Windows\System\sWIHmqB.exe
  2⤵
  PID:5728
- C:\Windows\System\OljvzwN.exe
  C:\Windows\System\OljvzwN.exe
  2⤵
  PID:5804
- C:\Windows\System\HMgOlWY.exe
  C:\Windows\System\HMgOlWY.exe
  2⤵
  PID:5840
- C:\Windows\System\xNipbEF.exe
  C:\Windows\System\xNipbEF.exe
  2⤵
  PID:4636
- C:\Windows\System\uCemAEV.exe
  C:\Windows\System\uCemAEV.exe
  2⤵
  PID:5960
- C:\Windows\System\kkCnIeq.exe
  C:\Windows\System\kkCnIeq.exe
  2⤵
  PID:6064
- C:\Windows\System\zQutDyx.exe
  C:\Windows\System\zQutDyx.exe
  2⤵
  PID:3484
- C:\Windows\System\UJjlvXU.exe
  C:\Windows\System\UJjlvXU.exe
  2⤵
  PID:2012
- C:\Windows\System\wbiQQKt.exe
  C:\Windows\System\wbiQQKt.exe
  2⤵
  PID:4380
- C:\Windows\System\BcEIklk.exe
  C:\Windows\System\BcEIklk.exe
  2⤵
  PID:5304
- C:\Windows\System\RxQWqjI.exe
  C:\Windows\System\RxQWqjI.exe
  2⤵
  PID:2404
- C:\Windows\System\QlYJsuO.exe
  C:\Windows\System\QlYJsuO.exe
  2⤵
  PID:5472
- C:\Windows\System\YlOkCZv.exe
  C:\Windows\System\YlOkCZv.exe
  2⤵
  PID:1356
- C:\Windows\System\AmESscC.exe
  C:\Windows\System\AmESscC.exe
  2⤵
  PID:5588
- C:\Windows\System\EeTUNvX.exe
  C:\Windows\System\EeTUNvX.exe
  2⤵
  PID:5664
- C:\Windows\System\ZQiMXCp.exe
  C:\Windows\System\ZQiMXCp.exe
  2⤵
  PID:5724
- C:\Windows\System\whRyxGC.exe
  C:\Windows\System\whRyxGC.exe
  2⤵
  PID:400
- C:\Windows\System\SwgkGeN.exe
  C:\Windows\System\SwgkGeN.exe
  2⤵
  PID:4084
- C:\Windows\System\GfsXPmQ.exe
  C:\Windows\System\GfsXPmQ.exe
  2⤵
  PID:2896
- C:\Windows\System\mXnuyky.exe
  C:\Windows\System\mXnuyky.exe
  2⤵
  PID:1676
- C:\Windows\System\EPOtKbR.exe
  C:\Windows\System\EPOtKbR.exe
  2⤵
  PID:2684
- C:\Windows\System\UpdzHnK.exe
  C:\Windows\System\UpdzHnK.exe
  2⤵
  PID:4460
- C:\Windows\System\NpbHecT.exe
  C:\Windows\System\NpbHecT.exe
  2⤵
  PID:4668
- C:\Windows\System\VezWUSj.exe
  C:\Windows\System\VezWUSj.exe
  2⤵
  PID:4240
- C:\Windows\System\aRQLlcK.exe
  C:\Windows\System\aRQLlcK.exe
  2⤵
  PID:4456
- C:\Windows\System\KknLlbY.exe
  C:\Windows\System\KknLlbY.exe
  2⤵
  PID:1604
- C:\Windows\System\wsGiLxb.exe
  C:\Windows\System\wsGiLxb.exe
  2⤵
  PID:4664
- C:\Windows\System\mrFYxSv.exe
  C:\Windows\System\mrFYxSv.exe
  2⤵
  PID:6180
- C:\Windows\System\lamKbuZ.exe
  C:\Windows\System\lamKbuZ.exe
  2⤵
  PID:6220
- C:\Windows\System\kSLnZFD.exe
  C:\Windows\System\kSLnZFD.exe
  2⤵
  PID:6240
- C:\Windows\System\JQCDMkZ.exe
  C:\Windows\System\JQCDMkZ.exe
  2⤵
  PID:6268
- C:\Windows\System\hAtUZnq.exe
  C:\Windows\System\hAtUZnq.exe
  2⤵
  PID:6296
- C:\Windows\System\qftNAEN.exe
  C:\Windows\System\qftNAEN.exe
  2⤵
  PID:6320
- C:\Windows\System\mCRABGB.exe
  C:\Windows\System\mCRABGB.exe
  2⤵
  PID:6352
- C:\Windows\System\zaaGcYe.exe
  C:\Windows\System\zaaGcYe.exe
  2⤵
  PID:6380
- C:\Windows\System\jSKWTtu.exe
  C:\Windows\System\jSKWTtu.exe
  2⤵
  PID:6404
- C:\Windows\System\RoNUEdG.exe
  C:\Windows\System\RoNUEdG.exe
  2⤵
  PID:6432
- C:\Windows\System\hzpswbN.exe
  C:\Windows\System\hzpswbN.exe
  2⤵
  PID:6460
- C:\Windows\System\VOqbGyK.exe
  C:\Windows\System\VOqbGyK.exe
  2⤵
  PID:6492
- C:\Windows\System\EycRkwA.exe
  C:\Windows\System\EycRkwA.exe
  2⤵
  PID:6512
- C:\Windows\System\TAmIhmR.exe
  C:\Windows\System\TAmIhmR.exe
  2⤵
  PID:6540
- C:\Windows\System\suRwWqn.exe
  C:\Windows\System\suRwWqn.exe
  2⤵
  PID:6584
- C:\Windows\System\TFBEVnU.exe
  C:\Windows\System\TFBEVnU.exe
  2⤵
  PID:6624
- C:\Windows\System\TKZaodg.exe
  C:\Windows\System\TKZaodg.exe
  2⤵
  PID:6704
- C:\Windows\System\klDsyfF.exe
  C:\Windows\System\klDsyfF.exe
  2⤵
  PID:6740
- C:\Windows\System\jzZcZEb.exe
  C:\Windows\System\jzZcZEb.exe
  2⤵
  PID:6768
- C:\Windows\System\XenRPOG.exe
  C:\Windows\System\XenRPOG.exe
  2⤵
  PID:6788
- C:\Windows\System\Ykhrafq.exe
  C:\Windows\System\Ykhrafq.exe
  2⤵
  PID:6812
- C:\Windows\System\QAhUqfE.exe
  C:\Windows\System\QAhUqfE.exe
  2⤵
  PID:6840
- C:\Windows\System\YKvMTph.exe
  C:\Windows\System\YKvMTph.exe
  2⤵
  PID:6876
- C:\Windows\System\hsBCqXH.exe
  C:\Windows\System\hsBCqXH.exe
  2⤵
  PID:6900
- C:\Windows\System\dzKrHFh.exe
  C:\Windows\System\dzKrHFh.exe
  2⤵
  PID:6928
- C:\Windows\System\JdXZpXD.exe
  C:\Windows\System\JdXZpXD.exe
  2⤵
  PID:6964
- C:\Windows\System\iLeDFTS.exe
  C:\Windows\System\iLeDFTS.exe
  2⤵
  PID:6984
- C:\Windows\System\HithznC.exe
  C:\Windows\System\HithznC.exe
  2⤵
  PID:7012
- C:\Windows\System\MCzphyB.exe
  C:\Windows\System\MCzphyB.exe
  2⤵
  PID:7048
- C:\Windows\System\jXAxtJC.exe
  C:\Windows\System\jXAxtJC.exe
  2⤵
  PID:7080
- C:\Windows\System\GVXGari.exe
  C:\Windows\System\GVXGari.exe
  2⤵
  PID:7108
- C:\Windows\System\xcuMOBZ.exe
  C:\Windows\System\xcuMOBZ.exe
  2⤵
  PID:7136
- C:\Windows\System\vfLKaxW.exe
  C:\Windows\System\vfLKaxW.exe
  2⤵
  PID:7156
- C:\Windows\System\RyXCfIL.exe
  C:\Windows\System\RyXCfIL.exe
  2⤵
  PID:6344
- C:\Windows\System\mfPoioi.exe
  C:\Windows\System\mfPoioi.exe
  2⤵
  PID:6284
- C:\Windows\System\irupymc.exe
  C:\Windows\System\irupymc.exe
  2⤵
  PID:6204
- C:\Windows\System\EiHLMGi.exe
  C:\Windows\System\EiHLMGi.exe
  2⤵
  PID:6152
- C:\Windows\System\YGioxxw.exe
  C:\Windows\System\YGioxxw.exe
  2⤵
  PID:2164
- C:\Windows\System\tAwhoCz.exe
  C:\Windows\System\tAwhoCz.exe
  2⤵
  PID:3152
- C:\Windows\System\ERxujEq.exe
  C:\Windows\System\ERxujEq.exe
  2⤵
  PID:6428
- C:\Windows\System\UONxfCj.exe
  C:\Windows\System\UONxfCj.exe
  2⤵
  PID:6452
- C:\Windows\System\hiwkyNx.exe
  C:\Windows\System\hiwkyNx.exe
  2⤵
  PID:6568
- C:\Windows\System\vLiBgeh.exe
  C:\Windows\System\vLiBgeh.exe
  2⤵
  PID:6668
- C:\Windows\System\GelWQXe.exe
  C:\Windows\System\GelWQXe.exe
  2⤵
  PID:4516
- C:\Windows\System\HWggftB.exe
  C:\Windows\System\HWggftB.exe
  2⤵
  PID:5308
- C:\Windows\System\zUnjRiq.exe
  C:\Windows\System\zUnjRiq.exe
  2⤵
  PID:6488
- C:\Windows\System\aAczhcE.exe
  C:\Windows\System\aAczhcE.exe
  2⤵
  PID:6712
- C:\Windows\System\GFqJzzr.exe
  C:\Windows\System\GFqJzzr.exe
  2⤵
  PID:6764
- C:\Windows\System\kcZCiVs.exe
  C:\Windows\System\kcZCiVs.exe
  2⤵
  PID:6836
- C:\Windows\System\hiJVdnP.exe
  C:\Windows\System\hiJVdnP.exe
  2⤵
  PID:6852
- C:\Windows\System\YuTjaGb.exe
  C:\Windows\System\YuTjaGb.exe
  2⤵
  PID:6916
- C:\Windows\System\OXSFbeO.exe
  C:\Windows\System\OXSFbeO.exe
  2⤵
  PID:6996
- C:\Windows\System\zlFhjMm.exe
  C:\Windows\System\zlFhjMm.exe
  2⤵
  PID:7072
- C:\Windows\System\tgsCAkM.exe
  C:\Windows\System\tgsCAkM.exe
  2⤵
  PID:7124
- C:\Windows\System\zQomxJg.exe
  C:\Windows\System\zQomxJg.exe
  2⤵
  PID:6252
- C:\Windows\System\vQhqzgM.exe
  C:\Windows\System\vQhqzgM.exe
  2⤵
  PID:3796
- C:\Windows\System\ElhaDjd.exe
  C:\Windows\System\ElhaDjd.exe
  2⤵
  PID:1948
- C:\Windows\System\gEifRSx.exe
  C:\Windows\System\gEifRSx.exe
  2⤵
  PID:6616
- C:\Windows\System\EFjlesF.exe
  C:\Windows\System\EFjlesF.exe
  2⤵
  PID:1592
- C:\Windows\System\iIdfhJx.exe
  C:\Windows\System\iIdfhJx.exe
  2⤵
  PID:6640
- C:\Windows\System\wfNMepf.exe
  C:\Windows\System\wfNMepf.exe
  2⤵
  PID:6888
- C:\Windows\System\HCgBnBh.exe
  C:\Windows\System\HCgBnBh.exe
  2⤵
  PID:6980
- C:\Windows\System\sAFImRU.exe
  C:\Windows\System\sAFImRU.exe
  2⤵
  PID:7128
- C:\Windows\System\kGsTuAH.exe
  C:\Windows\System\kGsTuAH.exe
  2⤵
  PID:6552
- C:\Windows\System\VThZZLY.exe
  C:\Windows\System\VThZZLY.exe
  2⤵
  PID:6648
- C:\Windows\System\JtgXaOG.exe
  C:\Windows\System\JtgXaOG.exe
  2⤵
  PID:7040
- C:\Windows\System\nDLIEPb.exe
  C:\Windows\System\nDLIEPb.exe
  2⤵
  PID:5252
- C:\Windows\System\wcyMCvp.exe
  C:\Windows\System\wcyMCvp.exe
  2⤵
  PID:6976
- C:\Windows\System\wuIkELu.exe
  C:\Windows\System\wuIkELu.exe
  2⤵
  PID:7180
- C:\Windows\System\qLMJuRu.exe
  C:\Windows\System\qLMJuRu.exe
  2⤵
  PID:7208
- C:\Windows\System\nYCPesD.exe
  C:\Windows\System\nYCPesD.exe
  2⤵
  PID:7228
- C:\Windows\System\PNBGkdn.exe
  C:\Windows\System\PNBGkdn.exe
  2⤵
  PID:7264
- C:\Windows\System\FCtfDDQ.exe
  C:\Windows\System\FCtfDDQ.exe
  2⤵
  PID:7292
- C:\Windows\System\AAofgaT.exe
  C:\Windows\System\AAofgaT.exe
  2⤵
  PID:7332
- C:\Windows\System\fhSsUIu.exe
  C:\Windows\System\fhSsUIu.exe
  2⤵
  PID:7360
- C:\Windows\System\mYUJsDE.exe
  C:\Windows\System\mYUJsDE.exe
  2⤵
  PID:7384
- C:\Windows\System\ZFIBjWk.exe
  C:\Windows\System\ZFIBjWk.exe
  2⤵
  PID:7416
- C:\Windows\System\ZvmUtDH.exe
  C:\Windows\System\ZvmUtDH.exe
  2⤵
  PID:7452
- C:\Windows\System\KTqJqfN.exe
  C:\Windows\System\KTqJqfN.exe
  2⤵
  PID:7480
- C:\Windows\System\IooSgoA.exe
  C:\Windows\System\IooSgoA.exe
  2⤵
  PID:7500
- C:\Windows\System\gSDKlqS.exe
  C:\Windows\System\gSDKlqS.exe
  2⤵
  PID:7528
- C:\Windows\System\YBwJzFc.exe
  C:\Windows\System\YBwJzFc.exe
  2⤵
  PID:7548
- C:\Windows\System\tKOpmJX.exe
  C:\Windows\System\tKOpmJX.exe
  2⤵
  PID:7572
- C:\Windows\System\GvrWEyA.exe
  C:\Windows\System\GvrWEyA.exe
  2⤵
  PID:7604
- C:\Windows\System\qxMhniN.exe
  C:\Windows\System\qxMhniN.exe
  2⤵
  PID:7640
- C:\Windows\System\qwWnwrC.exe
  C:\Windows\System\qwWnwrC.exe
  2⤵
  PID:7660
- C:\Windows\System\DVbjacc.exe
  C:\Windows\System\DVbjacc.exe
  2⤵
  PID:7688
- C:\Windows\System\hrZZpJH.exe
  C:\Windows\System\hrZZpJH.exe
  2⤵
  PID:7716
- C:\Windows\System\KUgURAJ.exe
  C:\Windows\System\KUgURAJ.exe
  2⤵
  PID:7748
- C:\Windows\System\uCHhZqM.exe
  C:\Windows\System\uCHhZqM.exe
  2⤵
  PID:7788
- C:\Windows\System\VyIXdKS.exe
  C:\Windows\System\VyIXdKS.exe
  2⤵
  PID:7828
- C:\Windows\System\aBLjeQV.exe
  C:\Windows\System\aBLjeQV.exe
  2⤵
  PID:7856
- C:\Windows\System\hFvfvQc.exe
  C:\Windows\System\hFvfvQc.exe
  2⤵
  PID:7884
- C:\Windows\System\LbgBOvV.exe
  C:\Windows\System\LbgBOvV.exe
  2⤵
  PID:7912
- C:\Windows\System\aZXjlHJ.exe
  C:\Windows\System\aZXjlHJ.exe
  2⤵
  PID:7940
- C:\Windows\System\YSEYSGr.exe
  C:\Windows\System\YSEYSGr.exe
  2⤵
  PID:7956
- C:\Windows\System\ggcqIoF.exe
  C:\Windows\System\ggcqIoF.exe
  2⤵
  PID:7972
- C:\Windows\System\HrLDtwX.exe
  C:\Windows\System\HrLDtwX.exe
  2⤵
  PID:8000
- C:\Windows\System\fRhZdWp.exe
  C:\Windows\System\fRhZdWp.exe
  2⤵
  PID:8028
- C:\Windows\System\zjgIKqK.exe
  C:\Windows\System\zjgIKqK.exe
  2⤵
  PID:8056
- C:\Windows\System\bzDWhbE.exe
  C:\Windows\System\bzDWhbE.exe
  2⤵
  PID:8084
- C:\Windows\System\VDCcFkr.exe
  C:\Windows\System\VDCcFkr.exe
  2⤵
  PID:8128
- C:\Windows\System\NCQGeER.exe
  C:\Windows\System\NCQGeER.exe
  2⤵
  PID:8160
- C:\Windows\System\aSCCSPH.exe
  C:\Windows\System\aSCCSPH.exe
  2⤵
  PID:8180
- C:\Windows\System\lmsIXce.exe
  C:\Windows\System\lmsIXce.exe
  2⤵
  PID:7224
- C:\Windows\System\MmsurkB.exe
  C:\Windows\System\MmsurkB.exe
  2⤵
  PID:7276
- C:\Windows\System\KeAEFQT.exe
  C:\Windows\System\KeAEFQT.exe
  2⤵
  PID:7352
- C:\Windows\System\SLjFyss.exe
  C:\Windows\System\SLjFyss.exe
  2⤵
  PID:7380
- C:\Windows\System\uSDbJZd.exe
  C:\Windows\System\uSDbJZd.exe
  2⤵
  PID:7464
- C:\Windows\System\ASLspTB.exe
  C:\Windows\System\ASLspTB.exe
  2⤵
  PID:7492
- C:\Windows\System\BeHoTaI.exe
  C:\Windows\System\BeHoTaI.exe
  2⤵
  PID:7596
- C:\Windows\System\WztVnBk.exe
  C:\Windows\System\WztVnBk.exe
  2⤵
  PID:7656
- C:\Windows\System\WcVFxcI.exe
  C:\Windows\System\WcVFxcI.exe
  2⤵
  PID:7740
- C:\Windows\System\LYpeJXK.exe
  C:\Windows\System\LYpeJXK.exe
  2⤵
  PID:7784
- C:\Windows\System\nmzgZKk.exe
  C:\Windows\System\nmzgZKk.exe
  2⤵
  PID:7820
- C:\Windows\System\tIUaZEv.exe
  C:\Windows\System\tIUaZEv.exe
  2⤵
  PID:7900
- C:\Windows\System\pxwBNpq.exe
  C:\Windows\System\pxwBNpq.exe
  2⤵
  PID:7948
- C:\Windows\System\wsPMQbk.exe
  C:\Windows\System\wsPMQbk.exe
  2⤵
  PID:7984
- C:\Windows\System\CmgDXgY.exe
  C:\Windows\System\CmgDXgY.exe
  2⤵
  PID:8100
- C:\Windows\System\BNvlxMs.exe
  C:\Windows\System\BNvlxMs.exe
  2⤵
  PID:8124
- C:\Windows\System\LFGYgGu.exe
  C:\Windows\System\LFGYgGu.exe
  2⤵
  PID:7200
- C:\Windows\System\VBDNFic.exe
  C:\Windows\System\VBDNFic.exe
  2⤵
  PID:6736
- C:\Windows\System\vgVITUH.exe
  C:\Windows\System\vgVITUH.exe
  2⤵
  PID:7584
- C:\Windows\System\pxOuXDM.exe
  C:\Windows\System\pxOuXDM.exe
  2⤵
  PID:7708
- C:\Windows\System\XAvyHtd.exe
  C:\Windows\System\XAvyHtd.exe
  2⤵
  PID:7844
- C:\Windows\System\XtvBYyA.exe
  C:\Windows\System\XtvBYyA.exe
  2⤵
  PID:8136
- C:\Windows\System\UpmvHgd.exe
  C:\Windows\System\UpmvHgd.exe
  2⤵
  PID:7312
- C:\Windows\System\HsiNnyP.exe
  C:\Windows\System\HsiNnyP.exe
  2⤵
  PID:7256
- C:\Windows\System\fABZasW.exe
  C:\Windows\System\fABZasW.exe
  2⤵
  PID:7816
- C:\Windows\System\IIiifRm.exe
  C:\Windows\System\IIiifRm.exe
  2⤵
  PID:7520
- C:\Windows\System\fHHQvAy.exe
  C:\Windows\System\fHHQvAy.exe
  2⤵
  PID:8204
- C:\Windows\System\yBaflFu.exe
  C:\Windows\System\yBaflFu.exe
  2⤵
  PID:8220
- C:\Windows\System\nLdRCFu.exe
  C:\Windows\System\nLdRCFu.exe
  2⤵
  PID:8260
- C:\Windows\System\dJaFLJk.exe
  C:\Windows\System\dJaFLJk.exe
  2⤵
  PID:8280
- C:\Windows\System\HwmyomW.exe
  C:\Windows\System\HwmyomW.exe
  2⤵
  PID:8304
- C:\Windows\System\qbJKjTT.exe
  C:\Windows\System\qbJKjTT.exe
  2⤵
  PID:8324
- C:\Windows\System\qscPwsU.exe
  C:\Windows\System\qscPwsU.exe
  2⤵
  PID:8372
- C:\Windows\System\oUsIKiE.exe
  C:\Windows\System\oUsIKiE.exe
  2⤵
  PID:8388
- C:\Windows\System\WYoMHvl.exe
  C:\Windows\System\WYoMHvl.exe
  2⤵
  PID:8416
- C:\Windows\System\qTSieXy.exe
  C:\Windows\System\qTSieXy.exe
  2⤵
  PID:8444
- C:\Windows\System\yvlEwpP.exe
  C:\Windows\System\yvlEwpP.exe
  2⤵
  PID:8472
- C:\Windows\System\ptOaxLu.exe
  C:\Windows\System\ptOaxLu.exe
  2⤵
  PID:8504
- C:\Windows\System\OSvidzc.exe
  C:\Windows\System\OSvidzc.exe
  2⤵
  PID:8524
- C:\Windows\System\RfHAtbT.exe
  C:\Windows\System\RfHAtbT.exe
  2⤵
  PID:8544
- C:\Windows\System\njJZZvs.exe
  C:\Windows\System\njJZZvs.exe
  2⤵
  PID:8580
- C:\Windows\System\DrjmXAf.exe
  C:\Windows\System\DrjmXAf.exe
  2⤵
  PID:8604
- C:\Windows\System\qUpvgkv.exe
  C:\Windows\System\qUpvgkv.exe
  2⤵
  PID:8640
- C:\Windows\System\fmvhIHD.exe
  C:\Windows\System\fmvhIHD.exe
  2⤵
  PID:8660
- C:\Windows\System\AJANarS.exe
  C:\Windows\System\AJANarS.exe
  2⤵
  PID:8704
- C:\Windows\System\KxCdRIY.exe
  C:\Windows\System\KxCdRIY.exe
  2⤵
  PID:8740
- C:\Windows\System\lKGNtTZ.exe
  C:\Windows\System\lKGNtTZ.exe
  2⤵
  PID:8768
- C:\Windows\System\oBlkSPj.exe
  C:\Windows\System\oBlkSPj.exe
  2⤵
  PID:8784
- C:\Windows\System\sTAMeue.exe
  C:\Windows\System\sTAMeue.exe
  2⤵
  PID:8824
- C:\Windows\System\KWpSGHp.exe
  C:\Windows\System\KWpSGHp.exe
  2⤵
  PID:8844
- C:\Windows\System\VSHsXqW.exe
  C:\Windows\System\VSHsXqW.exe
  2⤵
  PID:8872
- C:\Windows\System\corbZGA.exe
  C:\Windows\System\corbZGA.exe
  2⤵
  PID:8896
- C:\Windows\System\mURuGUy.exe
  C:\Windows\System\mURuGUy.exe
  2⤵
  PID:8912
- C:\Windows\System\WJifUkG.exe
  C:\Windows\System\WJifUkG.exe
  2⤵
  PID:8940
- C:\Windows\System\zjNCZMo.exe
  C:\Windows\System\zjNCZMo.exe
  2⤵
  PID:8968
- C:\Windows\System\krfMlgs.exe
  C:\Windows\System\krfMlgs.exe
  2⤵
  PID:9020
- C:\Windows\System\mbaiLvu.exe
  C:\Windows\System\mbaiLvu.exe
  2⤵
  PID:9036
- C:\Windows\System\YsAOFRy.exe
  C:\Windows\System\YsAOFRy.exe
  2⤵
  PID:9072
- C:\Windows\System\FrtSORA.exe
  C:\Windows\System\FrtSORA.exe
  2⤵
  PID:9092
- C:\Windows\System\ZhZTjWW.exe
  C:\Windows\System\ZhZTjWW.exe
  2⤵
  PID:9120
- C:\Windows\System\mhElzJF.exe
  C:\Windows\System\mhElzJF.exe
  2⤵
  PID:9148
- C:\Windows\System\RtiPpCU.exe
  C:\Windows\System\RtiPpCU.exe
  2⤵
  PID:9188
- C:\Windows\System\oNseTel.exe
  C:\Windows\System\oNseTel.exe
  2⤵
  PID:8156
- C:\Windows\System\wSRXPgf.exe
  C:\Windows\System\wSRXPgf.exe
  2⤵
  PID:8200
- C:\Windows\System\ciNRkRj.exe
  C:\Windows\System\ciNRkRj.exe
  2⤵
  PID:8240
- C:\Windows\System\LWJpSET.exe
  C:\Windows\System\LWJpSET.exe
  2⤵
  PID:8364
- C:\Windows\System\UMWaZEM.exe
  C:\Windows\System\UMWaZEM.exe
  2⤵
  PID:8408
- C:\Windows\System\JxILsQH.exe
  C:\Windows\System\JxILsQH.exe
  2⤵
  PID:8484
- C:\Windows\System\dLqDlPI.exe
  C:\Windows\System\dLqDlPI.exe
  2⤵
  PID:8468
- C:\Windows\System\nSGnSjA.exe
  C:\Windows\System\nSGnSjA.exe
  2⤵
  PID:8572
- C:\Windows\System\CmaTkhS.exe
  C:\Windows\System\CmaTkhS.exe
  2⤵
  PID:8684
- C:\Windows\System\XuWKlhN.exe
  C:\Windows\System\XuWKlhN.exe
  2⤵
  PID:8756
- C:\Windows\System\WqsbTSV.exe
  C:\Windows\System\WqsbTSV.exe
  2⤵
  PID:8776
- C:\Windows\System\gAeHgZQ.exe
  C:\Windows\System\gAeHgZQ.exe
  2⤵
  PID:8852
- C:\Windows\System\PGZDLcL.exe
  C:\Windows\System\PGZDLcL.exe
  2⤵
  PID:8888
- C:\Windows\System\boklwGB.exe
  C:\Windows\System\boklwGB.exe
  2⤵
  PID:8948
- C:\Windows\System\PxsbZDh.exe
  C:\Windows\System\PxsbZDh.exe
  2⤵
  PID:9032
- C:\Windows\System\lusuQRp.exe
  C:\Windows\System\lusuQRp.exe
  2⤵
  PID:9136
- C:\Windows\System\DJqGOip.exe
  C:\Windows\System\DJqGOip.exe
  2⤵
  PID:3564
- C:\Windows\System\nFDhdeH.exe
  C:\Windows\System\nFDhdeH.exe
  2⤵
  PID:9184
- C:\Windows\System\BGLlSok.exe
  C:\Windows\System\BGLlSok.exe
  2⤵
  PID:7176
- C:\Windows\System\RKFEkXL.exe
  C:\Windows\System\RKFEkXL.exe
  2⤵
  PID:8356
- C:\Windows\System\HvBjOFc.exe
  C:\Windows\System\HvBjOFc.exe
  2⤵
  PID:8432
- C:\Windows\System\ijezqEU.exe
  C:\Windows\System\ijezqEU.exe
  2⤵
  PID:8556
- C:\Windows\System\KQraygD.exe
  C:\Windows\System\KQraygD.exe
  2⤵
  PID:8892
- C:\Windows\System\MeFNGzp.exe
  C:\Windows\System\MeFNGzp.exe
  2⤵
  PID:9088
- C:\Windows\System\PgKGpqz.exe
  C:\Windows\System\PgKGpqz.exe
  2⤵
  PID:9208
- C:\Windows\System\sJGcLxt.exe
  C:\Windows\System\sJGcLxt.exe
  2⤵
  PID:4328
- C:\Windows\System\fAncHkR.exe
  C:\Windows\System\fAncHkR.exe
  2⤵
  PID:8880
- C:\Windows\System\IjyEatt.exe
  C:\Windows\System\IjyEatt.exe
  2⤵
  PID:9004
- C:\Windows\System\aaluPOg.exe
  C:\Windows\System\aaluPOg.exe
  2⤵
  PID:8452
- C:\Windows\System\lgJIrfY.exe
  C:\Windows\System\lgJIrfY.exe
  2⤵
  PID:9112
- C:\Windows\System\OwOOSsx.exe
  C:\Windows\System\OwOOSsx.exe
  2⤵
  PID:9224
- C:\Windows\System\SInOdyD.exe
  C:\Windows\System\SInOdyD.exe
  2⤵
  PID:9248
- C:\Windows\System\ECCvNDu.exe
  C:\Windows\System\ECCvNDu.exe
  2⤵
  PID:9280
- C:\Windows\System\ONvPnrL.exe
  C:\Windows\System\ONvPnrL.exe
  2⤵
  PID:9296
- C:\Windows\System\MQJmEWl.exe
  C:\Windows\System\MQJmEWl.exe
  2⤵
  PID:9324
- C:\Windows\System\HQCNqrh.exe
  C:\Windows\System\HQCNqrh.exe
  2⤵
  PID:9348
- C:\Windows\System\FNHmDTw.exe
  C:\Windows\System\FNHmDTw.exe
  2⤵
  PID:9412
- C:\Windows\System\bUvFczB.exe
  C:\Windows\System\bUvFczB.exe
  2⤵
  PID:9444
- C:\Windows\System\IFXlzNm.exe
  C:\Windows\System\IFXlzNm.exe
  2⤵
  PID:9472
- C:\Windows\System\roNzSTD.exe
  C:\Windows\System\roNzSTD.exe
  2⤵
  PID:9496
- C:\Windows\System\UaXpYHJ.exe
  C:\Windows\System\UaXpYHJ.exe
  2⤵
  PID:9532
- C:\Windows\System\GVAnYjS.exe
  C:\Windows\System\GVAnYjS.exe
  2⤵
  PID:9548
- C:\Windows\System\UGRWyjT.exe
  C:\Windows\System\UGRWyjT.exe
  2⤵
  PID:9588
- C:\Windows\System\LWLYIoJ.exe
  C:\Windows\System\LWLYIoJ.exe
  2⤵
  PID:9604
- C:\Windows\System\AtxaNxe.exe
  C:\Windows\System\AtxaNxe.exe
  2⤵
  PID:9620
- C:\Windows\System\CuNYFmI.exe
  C:\Windows\System\CuNYFmI.exe
  2⤵
  PID:9636
- C:\Windows\System\iVpYvCP.exe
  C:\Windows\System\iVpYvCP.exe
  2⤵
  PID:9660
- C:\Windows\System\MshCzQE.exe
  C:\Windows\System\MshCzQE.exe
  2⤵
  PID:9708
- C:\Windows\System\VcsqXZG.exe
  C:\Windows\System\VcsqXZG.exe
  2⤵
  PID:9728
- C:\Windows\System\wXrQxEJ.exe
  C:\Windows\System\wXrQxEJ.exe
  2⤵
  PID:9760
- C:\Windows\System\RLNfrMk.exe
  C:\Windows\System\RLNfrMk.exe
  2⤵
  PID:9796
- C:\Windows\System\KTLTyCN.exe
  C:\Windows\System\KTLTyCN.exe
  2⤵
  PID:9828
- C:\Windows\System\RMXJMgV.exe
  C:\Windows\System\RMXJMgV.exe
  2⤵
  PID:9856
- C:\Windows\System\keLCIeZ.exe
  C:\Windows\System\keLCIeZ.exe
  2⤵
  PID:9872
- C:\Windows\System\wunRIdX.exe
  C:\Windows\System\wunRIdX.exe
  2⤵
  PID:9908
- C:\Windows\System\DkwLVpz.exe
  C:\Windows\System\DkwLVpz.exe
  2⤵
  PID:9952
- C:\Windows\System\THrnUcp.exe
  C:\Windows\System\THrnUcp.exe
  2⤵
  PID:9980
- C:\Windows\System\pUXVlAk.exe
  C:\Windows\System\pUXVlAk.exe
  2⤵
  PID:9996
- C:\Windows\System\jLSAeBY.exe
  C:\Windows\System\jLSAeBY.exe
  2⤵
  PID:10024
- C:\Windows\System\KgqhkEZ.exe
  C:\Windows\System\KgqhkEZ.exe
  2⤵
  PID:10052
- C:\Windows\System\vQlIhia.exe
  C:\Windows\System\vQlIhia.exe
  2⤵
  PID:10092
- C:\Windows\System\SFxgzau.exe
  C:\Windows\System\SFxgzau.exe
  2⤵
  PID:10120
- C:\Windows\System\ZVuBsdN.exe
  C:\Windows\System\ZVuBsdN.exe
  2⤵
  PID:10148
- C:\Windows\System\vChwBgy.exe
  C:\Windows\System\vChwBgy.exe
  2⤵
  PID:10168
- C:\Windows\System\UVHIlDa.exe
  C:\Windows\System\UVHIlDa.exe
  2⤵
  PID:10204
- C:\Windows\System\uONsnjW.exe
  C:\Windows\System\uONsnjW.exe
  2⤵
  PID:10232
- C:\Windows\System\FZyJcWo.exe
  C:\Windows\System\FZyJcWo.exe
  2⤵
  PID:9264
- C:\Windows\System\HZPkwCp.exe
  C:\Windows\System\HZPkwCp.exe
  2⤵
  PID:9244
- C:\Windows\System\jFWGLhB.exe
  C:\Windows\System\jFWGLhB.exe
  2⤵
  PID:9312
- C:\Windows\System\xNNwmsL.exe
  C:\Windows\System\xNNwmsL.exe
  2⤵
  PID:1432
- C:\Windows\System\pzbobPa.exe
  C:\Windows\System\pzbobPa.exe
  2⤵
  PID:9392
- C:\Windows\System\dItWWGx.exe
  C:\Windows\System\dItWWGx.exe
  2⤵
  PID:9460
- C:\Windows\System\VvbmCDJ.exe
  C:\Windows\System\VvbmCDJ.exe
  2⤵
  PID:9600
- C:\Windows\System\hsPzZqJ.exe
  C:\Windows\System\hsPzZqJ.exe
  2⤵
  PID:9652
- C:\Windows\System\kqWoWAj.exe
  C:\Windows\System\kqWoWAj.exe
  2⤵
  PID:9684
- C:\Windows\System\iNNdAcF.exe
  C:\Windows\System\iNNdAcF.exe
  2⤵
  PID:9744
- C:\Windows\System\exTVvja.exe
  C:\Windows\System\exTVvja.exe
  2⤵
  PID:9848
- C:\Windows\System\oFsWjHo.exe
  C:\Windows\System\oFsWjHo.exe
  2⤵
  PID:9900
- C:\Windows\System\ZpClUyT.exe
  C:\Windows\System\ZpClUyT.exe
  2⤵
  PID:9964
- C:\Windows\System\dyxakvb.exe
  C:\Windows\System\dyxakvb.exe
  2⤵
  PID:10048
- C:\Windows\System\aisQNgM.exe
  C:\Windows\System\aisQNgM.exe
  2⤵
  PID:10116
- C:\Windows\System\FUzCvpJ.exe
  C:\Windows\System\FUzCvpJ.exe
  2⤵
  PID:10188
- C:\Windows\System\lVOZrGn.exe
  C:\Windows\System\lVOZrGn.exe
  2⤵
  PID:10228
- C:\Windows\System\qCAXMHw.exe
  C:\Windows\System\qCAXMHw.exe
  2⤵
  PID:9336
- C:\Windows\System\vFWyAIo.exe
  C:\Windows\System\vFWyAIo.exe
  2⤵
  PID:9520
- C:\Windows\System\JfFgBNW.exe
  C:\Windows\System\JfFgBNW.exe
  2⤵
  PID:9564
- C:\Windows\System\eQwJSIz.exe
  C:\Windows\System\eQwJSIz.exe
  2⤵
  PID:9784
- C:\Windows\System\YYyDPUD.exe
  C:\Windows\System\YYyDPUD.exe
  2⤵
  PID:9892
- C:\Windows\System\Icpfecy.exe
  C:\Windows\System\Icpfecy.exe
  2⤵
  PID:9992
- C:\Windows\System\keqbRtf.exe
  C:\Windows\System\keqbRtf.exe
  2⤵
  PID:10176
- C:\Windows\System\YUdJwUd.exe
  C:\Windows\System\YUdJwUd.exe
  2⤵
  PID:9492
- C:\Windows\System\LpOofHv.exe
  C:\Windows\System\LpOofHv.exe
  2⤵
  PID:9816
- C:\Windows\System\OlAgNqF.exe
  C:\Windows\System\OlAgNqF.exe
  2⤵
  PID:10008
- C:\Windows\System\DpCFqwf.exe
  C:\Windows\System\DpCFqwf.exe
  2⤵
  PID:10200
- C:\Windows\System\mNhFjVP.exe
  C:\Windows\System\mNhFjVP.exe
  2⤵
  PID:9948
- C:\Windows\System\cdbzTxL.exe
  C:\Windows\System\cdbzTxL.exe
  2⤵
  PID:9272
- C:\Windows\System\wycifQo.exe
  C:\Windows\System\wycifQo.exe
  2⤵
  PID:10248
- C:\Windows\System\CjBRGJy.exe
  C:\Windows\System\CjBRGJy.exe
  2⤵
  PID:10288
- C:\Windows\System\ctFnJeM.exe
  C:\Windows\System\ctFnJeM.exe
  2⤵
  PID:10320
- C:\Windows\System\zLMHoGU.exe
  C:\Windows\System\zLMHoGU.exe
  2⤵
  PID:10344
- C:\Windows\System\UbXsmWC.exe
  C:\Windows\System\UbXsmWC.exe
  2⤵
  PID:10360
- C:\Windows\System\XXHHuvG.exe
  C:\Windows\System\XXHHuvG.exe
  2⤵
  PID:10380
- C:\Windows\System\pbiGVwj.exe
  C:\Windows\System\pbiGVwj.exe
  2⤵
  PID:10408
- C:\Windows\System\kcTLLGA.exe
  C:\Windows\System\kcTLLGA.exe
  2⤵
  PID:10436
- C:\Windows\System\MoWycDG.exe
  C:\Windows\System\MoWycDG.exe
  2⤵
  PID:10476
- C:\Windows\System\vPSqRtz.exe
  C:\Windows\System\vPSqRtz.exe
  2⤵
  PID:10504
- C:\Windows\System\fyxuTDs.exe
  C:\Windows\System\fyxuTDs.exe
  2⤵
  PID:10532
- C:\Windows\System\uYIzgie.exe
  C:\Windows\System\uYIzgie.exe
  2⤵
  PID:10556
- C:\Windows\System\SKWdQrV.exe
  C:\Windows\System\SKWdQrV.exe
  2⤵
  PID:10588
- C:\Windows\System\bgKdJax.exe
  C:\Windows\System\bgKdJax.exe
  2⤵
  PID:10604
- C:\Windows\System\MxjtHye.exe
  C:\Windows\System\MxjtHye.exe
  2⤵
  PID:10644
- C:\Windows\System\YwHJhLk.exe
  C:\Windows\System\YwHJhLk.exe
  2⤵
  PID:10684
- C:\Windows\System\UQtVyXB.exe
  C:\Windows\System\UQtVyXB.exe
  2⤵
  PID:10700
- C:\Windows\System\MxyJemT.exe
  C:\Windows\System\MxyJemT.exe
  2⤵
  PID:10728
- C:\Windows\System\ARsTFSL.exe
  C:\Windows\System\ARsTFSL.exe
  2⤵
  PID:10756
- C:\Windows\System\fajlDKc.exe
  C:\Windows\System\fajlDKc.exe
  2⤵
  PID:10784
- C:\Windows\System\JbdfKgj.exe
  C:\Windows\System\JbdfKgj.exe
  2⤵
  PID:10828
- C:\Windows\System\bxFMPPD.exe
  C:\Windows\System\bxFMPPD.exe
  2⤵
  PID:10844
- C:\Windows\System\xDSeUEr.exe
  C:\Windows\System\xDSeUEr.exe
  2⤵
  PID:10872
- C:\Windows\System\xdYbblS.exe
  C:\Windows\System\xdYbblS.exe
  2⤵
  PID:10892
- C:\Windows\System\RQUsQba.exe
  C:\Windows\System\RQUsQba.exe
  2⤵
  PID:10928
- C:\Windows\System\BdknQZf.exe
  C:\Windows\System\BdknQZf.exe
  2⤵
  PID:10956
- C:\Windows\System\CZdgonC.exe
  C:\Windows\System\CZdgonC.exe
  2⤵
  PID:10984
- C:\Windows\System\IduZghX.exe
  C:\Windows\System\IduZghX.exe
  2⤵
  PID:11012
- C:\Windows\System\thmKqpP.exe
  C:\Windows\System\thmKqpP.exe
  2⤵
  PID:11052
- C:\Windows\System\oaAzYJU.exe
  C:\Windows\System\oaAzYJU.exe
  2⤵
  PID:11068
- C:\Windows\System\MyORDDR.exe
  C:\Windows\System\MyORDDR.exe
  2⤵
  PID:11096
- C:\Windows\System\bHDsJNV.exe
  C:\Windows\System\bHDsJNV.exe
  2⤵
  PID:11120
- C:\Windows\System\TbVxjwk.exe
  C:\Windows\System\TbVxjwk.exe
  2⤵
  PID:11152
- C:\Windows\System\ExvepoF.exe
  C:\Windows\System\ExvepoF.exe
  2⤵
  PID:11180
- C:\Windows\System\dBqkRLn.exe
  C:\Windows\System\dBqkRLn.exe
  2⤵
  PID:11208
- C:\Windows\System\Goigvqq.exe
  C:\Windows\System\Goigvqq.exe
  2⤵
  PID:11248
- C:\Windows\System\qSjKmQs.exe
  C:\Windows\System\qSjKmQs.exe
  2⤵
  PID:10280
- C:\Windows\System\caAHILI.exe
  C:\Windows\System\caAHILI.exe
  2⤵
  PID:10304
- C:\Windows\System\JasBEUf.exe
  C:\Windows\System\JasBEUf.exe
  2⤵
  PID:10356
- C:\Windows\System\UrOffyz.exe
  C:\Windows\System\UrOffyz.exe
  2⤵
  PID:10376
- C:\Windows\System\ixgjrox.exe
  C:\Windows\System\ixgjrox.exe
  2⤵
  PID:10488
- C:\Windows\System\ytOhjRo.exe
  C:\Windows\System\ytOhjRo.exe
  2⤵
  PID:10524
- C:\Windows\System\lbPnpae.exe
  C:\Windows\System\lbPnpae.exe
  2⤵
  PID:10600
- C:\Windows\System\spIQrVu.exe
  C:\Windows\System\spIQrVu.exe
  2⤵
  PID:10632
- C:\Windows\System\qEHlcEP.exe
  C:\Windows\System\qEHlcEP.exe
  2⤵
  PID:10780
- C:\Windows\System\CoDPZRc.exe
  C:\Windows\System\CoDPZRc.exe
  2⤵
  PID:10820
- C:\Windows\System\YAAgMjg.exe
  C:\Windows\System\YAAgMjg.exe
  2⤵
  PID:10916
- C:\Windows\System\qnkUksD.exe
  C:\Windows\System\qnkUksD.exe
  2⤵
  PID:10904
- C:\Windows\System\btApgqz.exe
  C:\Windows\System\btApgqz.exe
  2⤵
  PID:11048
- C:\Windows\System\DQpfLiq.exe
  C:\Windows\System\DQpfLiq.exe
  2⤵
  PID:11080
- C:\Windows\System\HOBPZzr.exe
  C:\Windows\System\HOBPZzr.exe
  2⤵
  PID:11168
- C:\Windows\System\KRtYTsl.exe
  C:\Windows\System\KRtYTsl.exe
  2⤵
  PID:11244
- C:\Windows\System\TogXLAA.exe
  C:\Windows\System\TogXLAA.exe
  2⤵
  PID:10336
- C:\Windows\System\aJPKshs.exe
  C:\Windows\System\aJPKshs.exe
  2⤵
  PID:10468
- C:\Windows\System\aYKKxVL.exe
  C:\Windows\System\aYKKxVL.exe
  2⤵
  PID:10540
- C:\Windows\System\CcvXtQS.exe
  C:\Windows\System\CcvXtQS.exe
  2⤵
  PID:10696
- C:\Windows\System\aGziYVy.exe
  C:\Windows\System\aGziYVy.exe
  2⤵
  PID:10860
- C:\Windows\System\wyQnssE.exe
  C:\Windows\System\wyQnssE.exe
  2⤵
  PID:11136
- C:\Windows\System\wLaNkIb.exe
  C:\Windows\System\wLaNkIb.exe
  2⤵
  PID:11204
- C:\Windows\System\fLgkCqQ.exe
  C:\Windows\System\fLgkCqQ.exe
  2⤵
  PID:10420
- C:\Windows\System\OMYzdLe.exe
  C:\Windows\System\OMYzdLe.exe
  2⤵
  PID:10880
- C:\Windows\System\nPjkFJk.exe
  C:\Windows\System\nPjkFJk.exe
  2⤵
  PID:11260
- C:\Windows\System\plljQPo.exe
  C:\Windows\System\plljQPo.exe
  2⤵
  PID:11088
- C:\Windows\System\xoHChBB.exe
  C:\Windows\System\xoHChBB.exe
  2⤵
  PID:10840
- C:\Windows\System\qPZkxxX.exe
  C:\Windows\System\qPZkxxX.exe
  2⤵
  PID:11300
- C:\Windows\System\igBzncU.exe
  C:\Windows\System\igBzncU.exe
  2⤵
  PID:11320
- C:\Windows\System\TcJTlXr.exe
  C:\Windows\System\TcJTlXr.exe
  2⤵
  PID:11344
- C:\Windows\System\WRwBASq.exe
  C:\Windows\System\WRwBASq.exe
  2⤵
  PID:11388
- C:\Windows\System\voMqHBj.exe
  C:\Windows\System\voMqHBj.exe
  2⤵
  PID:11416
- C:\Windows\System\QHycsGE.exe
  C:\Windows\System\QHycsGE.exe
  2⤵
  PID:11432
- C:\Windows\System\bgWTkoo.exe
  C:\Windows\System\bgWTkoo.exe
  2⤵
  PID:11452
- C:\Windows\System\yqgZXRy.exe
  C:\Windows\System\yqgZXRy.exe
  2⤵
  PID:11484
- C:\Windows\System\nbobAmd.exe
  C:\Windows\System\nbobAmd.exe
  2⤵
  PID:11516
- C:\Windows\System\ZkdiglH.exe
  C:\Windows\System\ZkdiglH.exe
  2⤵
  PID:11536
- C:\Windows\System\dgTAUTt.exe
  C:\Windows\System\dgTAUTt.exe
  2⤵
  PID:11572
- C:\Windows\System\eeKWOiy.exe
  C:\Windows\System\eeKWOiy.exe
  2⤵
  PID:11588
- C:\Windows\System\wbpxpTq.exe
  C:\Windows\System\wbpxpTq.exe
  2⤵
  PID:11616
- C:\Windows\System\fkvIStY.exe
  C:\Windows\System\fkvIStY.exe
  2⤵
  PID:11652
- C:\Windows\System\TcKuQgN.exe
  C:\Windows\System\TcKuQgN.exe
  2⤵
  PID:11680
- C:\Windows\System\PaYPzuy.exe
  C:\Windows\System\PaYPzuy.exe
  2⤵
  PID:11712
- C:\Windows\System\cJFXBhh.exe
  C:\Windows\System\cJFXBhh.exe
  2⤵
  PID:11740
- C:\Windows\System\kyuqdVT.exe
  C:\Windows\System\kyuqdVT.exe
  2⤵
  PID:11756
- C:\Windows\System\JgKnPfk.exe
  C:\Windows\System\JgKnPfk.exe
  2⤵
  PID:11772
- C:\Windows\System\DCoTfUG.exe
  C:\Windows\System\DCoTfUG.exe
  2⤵
  PID:11824
- C:\Windows\System\dpfeORz.exe
  C:\Windows\System\dpfeORz.exe
  2⤵
  PID:11860
- C:\Windows\System\HVzkCfS.exe
  C:\Windows\System\HVzkCfS.exe
  2⤵
  PID:11880
- C:\Windows\System\LJjmKwX.exe
  C:\Windows\System\LJjmKwX.exe
  2⤵
  PID:11908
- C:\Windows\System\SwstNVp.exe
  C:\Windows\System\SwstNVp.exe
  2⤵
  PID:11932
- C:\Windows\System\VDoDIyB.exe
  C:\Windows\System\VDoDIyB.exe
  2⤵
  PID:11960
- C:\Windows\System\FiLlVId.exe
  C:\Windows\System\FiLlVId.exe
  2⤵
  PID:11980
- C:\Windows\System\LIYffUu.exe
  C:\Windows\System\LIYffUu.exe
  2⤵
  PID:12008
- C:\Windows\System\OUGRCvP.exe
  C:\Windows\System\OUGRCvP.exe
  2⤵
  PID:12060
- C:\Windows\System\PuRNelL.exe
  C:\Windows\System\PuRNelL.exe
  2⤵
  PID:12088
- C:\Windows\System\hBzadIX.exe
  C:\Windows\System\hBzadIX.exe
  2⤵
  PID:12104
- C:\Windows\System\gueTsCb.exe
  C:\Windows\System\gueTsCb.exe
  2⤵
  PID:12132
- C:\Windows\System\hTIilHV.exe
  C:\Windows\System\hTIilHV.exe
  2⤵
  PID:12148
- C:\Windows\System\IDmoVcP.exe
  C:\Windows\System\IDmoVcP.exe
  2⤵
  PID:12172
- C:\Windows\System\uEVYYGK.exe
  C:\Windows\System\uEVYYGK.exe
  2⤵
  PID:12200
- C:\Windows\System\OfptyXH.exe
  C:\Windows\System\OfptyXH.exe
  2⤵
  PID:12248
- C:\Windows\System\iCOBIrq.exe
  C:\Windows\System\iCOBIrq.exe
  2⤵
  PID:12272
- C:\Windows\System\mvcDQdP.exe
  C:\Windows\System\mvcDQdP.exe
  2⤵
  PID:3800
- C:\Windows\System\JFbxmuW.exe
  C:\Windows\System\JFbxmuW.exe
  2⤵
  PID:11312
- C:\Windows\System\YVHHyTb.exe
  C:\Windows\System\YVHHyTb.exe
  2⤵
  PID:11384
- C:\Windows\System\SkLygEm.exe
  C:\Windows\System\SkLygEm.exe
  2⤵
  PID:11508
- C:\Windows\System\GKXqVpy.exe
  C:\Windows\System\GKXqVpy.exe
  2⤵
  PID:11504
- C:\Windows\System\PztTYxO.exe
  C:\Windows\System\PztTYxO.exe
  2⤵
  PID:11580
- C:\Windows\System\IBnlYgK.exe
  C:\Windows\System\IBnlYgK.exe
  2⤵
  PID:11640
- C:\Windows\System\WshAAgK.exe
  C:\Windows\System\WshAAgK.exe
  2⤵
  PID:11708
- C:\Windows\System\ezwxQzY.exe
  C:\Windows\System\ezwxQzY.exe
  2⤵
  PID:11752
- C:\Windows\System\OMGJoJR.exe
  C:\Windows\System\OMGJoJR.exe
  2⤵
  PID:11852
- C:\Windows\System\uXEfvCp.exe
  C:\Windows\System\uXEfvCp.exe
  2⤵
  PID:11900
- C:\Windows\System\maPhwZz.exe
  C:\Windows\System\maPhwZz.exe
  2⤵
  PID:11972
- C:\Windows\System\bhMwrbH.exe
  C:\Windows\System\bhMwrbH.exe
  2⤵
  PID:12032
- C:\Windows\System\hnLMVUi.exe
  C:\Windows\System\hnLMVUi.exe
  2⤵
  PID:12120
- C:\Windows\System\LMbsXhc.exe
  C:\Windows\System\LMbsXhc.exe
  2⤵
  PID:12156
- C:\Windows\System\rxGAAaR.exe
  C:\Windows\System\rxGAAaR.exe
  2⤵
  PID:11364
- C:\Windows\System\ItfQwCe.exe
  C:\Windows\System\ItfQwCe.exe
  2⤵
  PID:11532
- C:\Windows\System\FMhcHZs.exe
  C:\Windows\System\FMhcHZs.exe
  2⤵
  PID:11604
- C:\Windows\System\BzNrvQa.exe
  C:\Windows\System\BzNrvQa.exe
  2⤵
  PID:11808
- C:\Windows\System\iNeKLob.exe
  C:\Windows\System\iNeKLob.exe
  2⤵
  PID:12000
- C:\Windows\System\HyltyWM.exe
  C:\Windows\System\HyltyWM.exe
  2⤵
  PID:12116
- C:\Windows\System\QXvQuTj.exe
  C:\Windows\System\QXvQuTj.exe
  2⤵
  PID:12232
- C:\Windows\System\CPGTevV.exe
  C:\Windows\System\CPGTevV.exe
  2⤵
  PID:11480
- C:\Windows\System\HsTtQjh.exe
  C:\Windows\System\HsTtQjh.exe
  2⤵
  PID:12300
- C:\Windows\System\mfxWsKG.exe
  C:\Windows\System\mfxWsKG.exe
  2⤵
  PID:12328
- C:\Windows\System\BbjJoSh.exe
  C:\Windows\System\BbjJoSh.exe
  2⤵
  PID:12356
- C:\Windows\System\dhKvuLs.exe
  C:\Windows\System\dhKvuLs.exe
  2⤵
  PID:12384
- C:\Windows\System\AklcnQo.exe
  C:\Windows\System\AklcnQo.exe
  2⤵
  PID:12412
- C:\Windows\System\qlWNfxG.exe
  C:\Windows\System\qlWNfxG.exe
  2⤵
  PID:12440
- C:\Windows\System\bVeyqpl.exe
  C:\Windows\System\bVeyqpl.exe
  2⤵
  PID:12468
- C:\Windows\System\DtLKKfj.exe
  C:\Windows\System\DtLKKfj.exe
  2⤵
  PID:12484
- C:\Windows\System\OrhsPAo.exe
  C:\Windows\System\OrhsPAo.exe
  2⤵
  PID:12512
- C:\Windows\System\uRXtWnQ.exe
  C:\Windows\System\uRXtWnQ.exe
  2⤵
  PID:12528
- C:\Windows\System\MBgzOhf.exe
  C:\Windows\System\MBgzOhf.exe
  2⤵
  PID:12544
- C:\Windows\System\htfqyxk.exe
  C:\Windows\System\htfqyxk.exe
  2⤵
  PID:12600
- C:\Windows\System\TSIuIQG.exe
  C:\Windows\System\TSIuIQG.exe
  2⤵
  PID:12628
- C:\Windows\System\DcNZgBM.exe
  C:\Windows\System\DcNZgBM.exe
  2⤵
  PID:12652
- C:\Windows\System\mRSPqGP.exe
  C:\Windows\System\mRSPqGP.exe
  2⤵
  PID:12672
- C:\Windows\System\RzlxpeM.exe
  C:\Windows\System\RzlxpeM.exe
  2⤵
  PID:12708
- C:\Windows\System\CXtWSkF.exe
  C:\Windows\System\CXtWSkF.exe
  2⤵
  PID:12748
- C:\Windows\System\evgZIAa.exe
  C:\Windows\System\evgZIAa.exe
  2⤵
  PID:12776
- C:\Windows\System\spTmfHv.exe
  C:\Windows\System\spTmfHv.exe
  2⤵
  PID:12804
- C:\Windows\System\KPGjIQT.exe
  C:\Windows\System\KPGjIQT.exe
  2⤵
  PID:12824
- C:\Windows\System\PmJTONh.exe
  C:\Windows\System\PmJTONh.exe
  2⤵
  PID:12860
- C:\Windows\System\vshsMGG.exe
  C:\Windows\System\vshsMGG.exe
  2⤵
  PID:12888
- C:\Windows\System\tHfkXHP.exe
  C:\Windows\System\tHfkXHP.exe
  2⤵
  PID:12912
- C:\Windows\System\UNbdFoy.exe
  C:\Windows\System\UNbdFoy.exe
  2⤵
  PID:12940
- C:\Windows\System\ohqTdrk.exe
  C:\Windows\System\ohqTdrk.exe
  2⤵
  PID:12968
- C:\Windows\System\GmrVBQD.exe
  C:\Windows\System\GmrVBQD.exe
  2⤵
  PID:13008
- C:\Windows\System\pHAThjy.exe
  C:\Windows\System\pHAThjy.exe
  2⤵
  PID:13024
- C:\Windows\System\ZGdkiWK.exe
  C:\Windows\System\ZGdkiWK.exe
  2⤵
  PID:13064
- C:\Windows\System\tgDljoO.exe
  C:\Windows\System\tgDljoO.exe
  2⤵
  PID:13092
- C:\Windows\System\DkrUrlN.exe
  C:\Windows\System\DkrUrlN.exe
  2⤵
  PID:13120
- C:\Windows\System\SiuIgtj.exe
  C:\Windows\System\SiuIgtj.exe
  2⤵
  PID:13136
- C:\Windows\System\SZJhXpM.exe
  C:\Windows\System\SZJhXpM.exe
  2⤵
  PID:13164
- C:\Windows\System\IMUSXTX.exe
  C:\Windows\System\IMUSXTX.exe
  2⤵
  PID:13184
- C:\Windows\System\FCoZzTa.exe
  C:\Windows\System\FCoZzTa.exe
  2⤵
  PID:13228
- C:\Windows\System\ICkyGTr.exe
  C:\Windows\System\ICkyGTr.exe
  2⤵
  PID:13272
- C:\Windows\System\XlQkvbB.exe
  C:\Windows\System\XlQkvbB.exe
  2⤵
  PID:13304
- C:\Windows\System\VsIXpvm.exe
  C:\Windows\System\VsIXpvm.exe
  2⤵
  PID:11556
- C:\Windows\System\nByfXsM.exe
  C:\Windows\System\nByfXsM.exe
  2⤵
  PID:12316
- C:\Windows\System\MPsQepD.exe
  C:\Windows\System\MPsQepD.exe
  2⤵
  PID:12408
- C:\Windows\System\ySfpffQ.exe
  C:\Windows\System\ySfpffQ.exe
  2⤵
  PID:12460
- C:\Windows\System\SkUOICN.exe
  C:\Windows\System\SkUOICN.exe
  2⤵
  PID:12496
- C:\Windows\System\xYjBQTF.exe
  C:\Windows\System\xYjBQTF.exe
  2⤵
  PID:12612
- C:\Windows\System\cKctAli.exe
  C:\Windows\System\cKctAli.exe
  2⤵
  PID:12640
- C:\Windows\System\kgDOLfO.exe
  C:\Windows\System\kgDOLfO.exe
  2⤵
  PID:12728
- C:\Windows\System\lbPIxXW.exe
  C:\Windows\System\lbPIxXW.exe
  2⤵
  PID:12768
- C:\Windows\System\DfakzaI.exe
  C:\Windows\System\DfakzaI.exe
  2⤵
  PID:12852
- C:\Windows\System\ZfeqODr.exe
  C:\Windows\System\ZfeqODr.exe
  2⤵
  PID:12908
- C:\Windows\System\YOyJrxk.exe
  C:\Windows\System\YOyJrxk.exe
  2⤵
  PID:12992
- C:\Windows\System\kHjgXIo.exe
  C:\Windows\System\kHjgXIo.exe
  2⤵
  PID:13080
- C:\Windows\System\SZFiqjc.exe
  C:\Windows\System\SZFiqjc.exe
  2⤵
  PID:13104
- C:\Windows\System\pLDLriL.exe
  C:\Windows\System\pLDLriL.exe
  2⤵
  PID:13172
- C:\Windows\System\teJPDqQ.exe
  C:\Windows\System\teJPDqQ.exe
  2⤵
  PID:4740
- C:\Windows\System\HzRNwGU.exe
  C:\Windows\System\HzRNwGU.exe
  2⤵
  PID:12368
- C:\Windows\System\MTLeCod.exe
  C:\Windows\System\MTLeCod.exe
  2⤵
  PID:12464
- C:\Windows\System\LJDPWMW.exe
  C:\Windows\System\LJDPWMW.exe
  2⤵
  PID:12624
- C:\Windows\System\hEQnxJS.exe
  C:\Windows\System\hEQnxJS.exe
  2⤵
  PID:12796
- C:\Windows\System\IoRKbyT.exe
  C:\Windows\System\IoRKbyT.exe
  2⤵
  PID:12928
- C:\Windows\System\IbrpwCA.exe
  C:\Windows\System\IbrpwCA.exe
  2⤵
  PID:13108
- C:\Windows\System\bBNkThZ.exe
  C:\Windows\System\bBNkThZ.exe
  2⤵
  PID:13296
- C:\Windows\System\FGhBaNk.exe
  C:\Windows\System\FGhBaNk.exe
  2⤵
  PID:12668
- C:\Windows\System\sQBIFnU.exe
  C:\Windows\System\sQBIFnU.exe
  2⤵
  PID:13148
- C:\Windows\System\iPBJYLG.exe
  C:\Windows\System\iPBJYLG.exe
  2⤵
  PID:12764
- C:\Windows\System\pirhuZm.exe
  C:\Windows\System\pirhuZm.exe
  2⤵
  PID:13340
- C:\Windows\System\TVJBjOJ.exe
  C:\Windows\System\TVJBjOJ.exe
  2⤵
  PID:13368
- C:\Windows\System\rmHqHOU.exe
  C:\Windows\System\rmHqHOU.exe
  2⤵
  PID:13384
- C:\Windows\System\qprOQuo.exe
  C:\Windows\System\qprOQuo.exe
  2⤵
  PID:13412
- C:\Windows\System\RcGpHWc.exe
  C:\Windows\System\RcGpHWc.exe
  2⤵
  PID:13452
- C:\Windows\System\cQInqRj.exe
  C:\Windows\System\cQInqRj.exe
  2⤵
  PID:13488
- C:\Windows\System\OuDASaD.exe
  C:\Windows\System\OuDASaD.exe
  2⤵
  PID:13536
- C:\Windows\System\klSxZZj.exe
  C:\Windows\System\klSxZZj.exe
  2⤵
  PID:13568
- C:\Windows\System\jSIdzrV.exe
  C:\Windows\System\jSIdzrV.exe
  2⤵
  PID:13608
- C:\Windows\System\OXxzPeV.exe
  C:\Windows\System\OXxzPeV.exe
  2⤵
  PID:13624
- C:\Windows\System\WZPcQEg.exe
  C:\Windows\System\WZPcQEg.exe
  2⤵
  PID:13656
- C:\Windows\System\CVaVTeP.exe
  C:\Windows\System\CVaVTeP.exe
  2⤵
  PID:13680
- C:\Windows\System\yAVswrL.exe
  C:\Windows\System\yAVswrL.exe
  2⤵
  PID:13708
- C:\Windows\System\XaypWwn.exe
  C:\Windows\System\XaypWwn.exe
  2⤵
  PID:13728
- C:\Windows\System\FPnNtue.exe
  C:\Windows\System\FPnNtue.exe
  2⤵
  PID:13768
- C:\Windows\System\CvGncYx.exe
  C:\Windows\System\CvGncYx.exe
  2⤵
  PID:13812
- C:\Windows\System\gmvotxO.exe
  C:\Windows\System\gmvotxO.exe
  2⤵
  PID:13836
- C:\Windows\System\udKpOpU.exe
  C:\Windows\System\udKpOpU.exe
  2⤵
  PID:13856
- C:\Windows\System\TkaGEfv.exe
  C:\Windows\System\TkaGEfv.exe
  2⤵
  PID:13888
- C:\Windows\System\QTELJfW.exe
  C:\Windows\System\QTELJfW.exe
  2⤵
  PID:13916
- C:\Windows\System\IgWPkts.exe
  C:\Windows\System\IgWPkts.exe
  2⤵
  PID:13956
- C:\Windows\System\slIhaZg.exe
  C:\Windows\System\slIhaZg.exe
  2⤵
  PID:13988
- C:\Windows\System\ioEmoQx.exe
  C:\Windows\System\ioEmoQx.exe
  2⤵
  PID:14028
- C:\Windows\System\zlHrAzk.exe
  C:\Windows\System\zlHrAzk.exe
  2⤵
  PID:14064
- C:\Windows\System\VbeHSxO.exe
  C:\Windows\System\VbeHSxO.exe
  2⤵
  PID:14088
- C:\Windows\System\ZoMOHBN.exe
  C:\Windows\System\ZoMOHBN.exe
  2⤵
  PID:14132
- C:\Windows\System\RYmaekY.exe
  C:\Windows\System\RYmaekY.exe
  2⤵
  PID:14160
- C:\Windows\System\CrkFGon.exe
  C:\Windows\System\CrkFGon.exe
  2⤵
  PID:14188
- C:\Windows\System\aPogEaT.exe
  C:\Windows\System\aPogEaT.exe
  2⤵
  PID:14204
- C:\Windows\System\juLKBCb.exe
  C:\Windows\System\juLKBCb.exe
  2⤵
  PID:14228
- C:\Windows\System\jiFQFwI.exe
  C:\Windows\System\jiFQFwI.exe
  2⤵
  PID:14284
- C:\Windows\System\XmJQLEu.exe
  C:\Windows\System\XmJQLEu.exe
  2⤵
  PID:14312
- C:\Windows\System\ypHHtfX.exe
  C:\Windows\System\ypHHtfX.exe
  2⤵
  PID:13360
- C:\Windows\System\kLmWemG.exe
  C:\Windows\System\kLmWemG.exe
  2⤵
  PID:13376
- C:\Windows\System\CTCwCFi.exe
  C:\Windows\System\CTCwCFi.exe
  2⤵
  PID:13404
- C:\Windows\System\LeVJPmY.exe
  C:\Windows\System\LeVJPmY.exe
  2⤵
  PID:4304
- C:\Windows\System\lAtKnNg.exe
  C:\Windows\System\lAtKnNg.exe
  2⤵
  PID:13544
- C:\Windows\System\TlirByu.exe
  C:\Windows\System\TlirByu.exe
  2⤵
  PID:13636
- C:\Windows\System\nfTbpgA.exe
  C:\Windows\System\nfTbpgA.exe
  2⤵
  PID:13696
- C:\Windows\System\cMNvmwV.exe
  C:\Windows\System\cMNvmwV.exe
  2⤵
  PID:13800
- C:\Windows\System\bBFjCqG.exe
  C:\Windows\System\bBFjCqG.exe
  2⤵
  PID:13864
- C:\Windows\System\czxLsmy.exe
  C:\Windows\System\czxLsmy.exe
  2⤵
  PID:13932
- C:\Windows\System\eKCcSeP.exe
  C:\Windows\System\eKCcSeP.exe
  2⤵
  PID:13972
- C:\Windows\System\IwoDXTe.exe
  C:\Windows\System\IwoDXTe.exe
  2⤵
  PID:14016
- C:\Windows\System\Vglwyve.exe
  C:\Windows\System\Vglwyve.exe
  2⤵
  PID:14156
- C:\Windows\System\YLghyph.exe
  C:\Windows\System\YLghyph.exe
  2⤵
  PID:14216
- C:\Windows\System\jXOVWNf.exe
  C:\Windows\System\jXOVWNf.exe
  2⤵
  PID:14276
- C:\Windows\System\nvEpRmf.exe
  C:\Windows\System\nvEpRmf.exe
  2⤵
  PID:13356
- C:\Windows\System\TsgqHLT.exe
  C:\Windows\System\TsgqHLT.exe
  2⤵
  PID:13352
- C:\Windows\System\DwFQuRq.exe
  C:\Windows\System\DwFQuRq.exe
  2⤵
  PID:13548
- C:\Windows\System\qmiZImy.exe
  C:\Windows\System\qmiZImy.exe
  2⤵
  PID:13880

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BMZnsbO.exe

Filesize
2.0MB

MD5
42c28ddc11a581c982cf65554b022229

SHA1
a42ad3ccea669eb5bab6cda7765f47b15710ae69

SHA256
0379eef7ab709edf2c4d5bddd9866462d49b431e0133220a5092f410533acb7b

SHA512
ef5e28d0a92ad24b7512d55ca436303213d98af6bb362d93a90380dc9d4b0089821128da2dac349a2d3323ef91fdd90d4995dcbe6f8c02d8d268740959f47f8d

Download Submit
C:\Windows\System\DQpoGyP.exe

Filesize
2.0MB

MD5
03e3ed023fe29fe4c637537916ba9e0b

SHA1
532ae3cefff5875131692d29db2873b7d7fdfbe3

SHA256
054b2301ba9407594c6616a2bd3e4c168ca4328deec0fec23c3206f30157a6bd

SHA512
0e11ba54062a86161603b5f15f0144062ededf005392558589e56669439c9c38d61fc571d743c23665fee0a52b52355a30c14a362af464e018b8195438bbd153

Download Submit
C:\Windows\System\FkGGLnw.exe

Filesize
2.0MB

MD5
069696218d37de25e5ba6b56ee845f31

SHA1
0de6b4f08cd4c4ae2fa5c6115788e576b26c88c5

SHA256
3351f3064b88cc02fc7e78941a5c52e645a76340404aa3170707cd63c5080d97

SHA512
2dd393ee1164c3ea3e279a2a2888558a54c28696c1f18f9b5380d0757b6e20a44a3103d0efd9cecb22097d9e8ff3d892bd7cbd94fd5984a198f89b574a6f7d22

Download Submit
C:\Windows\System\HLzokVT.exe

Filesize
2.0MB

MD5
ee7a69e6d219403cef99d716bee86d97

SHA1
b2291bf497981d0171e8b132f153b4ea60d1401c

SHA256
83d3accac6fdb4580ff92036b03b02f95015238e31e6da07b73495ed8fa1ce4a

SHA512
dacce2058efd7673280eef1689a27f284418aedc0afb0be5198a366ab2bae5a166df31334d9bea37ba258beb862083bc17e85ff271edfced5daf1b41148b4ae0

Download Submit
C:\Windows\System\KFpwXmo.exe

Filesize
2.0MB

MD5
b6d973774f4856230eb98744383969be

SHA1
ba6301363e0c843a716d653463f4e153e4729c99

SHA256
cec65a8a213a1b289d609add247e5898919aa8276ac32f91048dd4df696a3803

SHA512
86961d4f098b1cf57c45253d9ad7984a700260e8f196bd866e86d063245189c2b4e6bcc8bc3c1a5e56009ab7e4c4c70da0565f01f7386672dab52c501315b336

Download Submit
C:\Windows\System\KuIXWRy.exe

Filesize
2.0MB

MD5
9e5f9b8cac70074ed8dbb304f631e010

SHA1
5387afcc59648d2751355b6fb5a84e16b78466c7

SHA256
cf04304edabdb68fac5b0018af3a5d1e64eb359b032d94a8294eff047f615871

SHA512
4c6dffaa1a5da5d5b127d325fe9d2de3fd8faf4127cb03852a9062bbe637a0d5f88a83225d3b79ade5098d3aab41ba865237673c7794ef6ed616b90dc92874b3

Download Submit
C:\Windows\System\OApxgcV.exe

Filesize
2.0MB

MD5
7510becd7b9247b5e3de1a9d214df7b0

SHA1
f3dbedfd20f47741cec39b245764f08118d3b40e

SHA256
703bf279b00493b5b2df49e9e104fe680cb6f199133072bc2c5b0f1259f6f444

SHA512
427b54209239e4f73cf5ec190df8dda53ae959ebbc9506ac35734924ce4346533af11c8ec374cb640c80b9628f8e829bf08ba245dda4a0fe2fea118227bb2cdb

Download Submit
C:\Windows\System\OpuudqZ.exe

Filesize
2.0MB

MD5
b40de2d3e4c98d9507f1ee2b7264d308

SHA1
1a45c77dc0d79f8b3d1c54b1728dae3fdbb566ff

SHA256
61d6bedcfb0f126903a3c816e85b1ffbb54cee80418d4a6d87ced5808af32260

SHA512
6cbfb1a0da5796ea9c94487b60fa093fd054f7305cb12e4b5c03bca0f868019f45ee648799231c2aa32c2add639039a6fce4c5f194a6eade83629c5ff87bfc88

Download Submit
C:\Windows\System\PeVArMs.exe

Filesize
2.0MB

MD5
59ae39bc43302605a271b1b686650f3a

SHA1
77fd4e416c731605b63346c8b61f49fb4ec05d59

SHA256
eac978093a8de38cca8848b62f0ad6502a0a9c4ec866170068d1d64f0ce62bbd

SHA512
051ab397b09f63c29e829e4ecd518763fe5111cd013079a7acada882dd25a78d1a1ef6aa254534c59c380b54237a4d8aa2bafec0042d3843d7b9cc4e81e4f688

Download Submit
C:\Windows\System\PjqrzZG.exe

Filesize
2.0MB

MD5
917244065d06104613860efc3aeac9a5

SHA1
c659f0e09b47a8e3e7cba3a07580b344f589b7ae

SHA256
3acdf86cc59b0a0156d19388871ab9b1e1edf24203288645aa2ac2c2f027d82e

SHA512
ea113aa83e6e033abcabe459d9f1d0cb58dac81b04c38535a4bf6d6d42a5ca1a0c87109f45e4ef40d3ed5ff4b91a820744d3ed856595a377b25da72ea1f47d58

Download Submit
C:\Windows\System\SXPJlTz.exe

Filesize
2.0MB

MD5
d9440e02346559875ebed9287dd1c459

SHA1
3d7e255b9110e5fcf1a31bce50fee77a776bb009

SHA256
5c5c4f37d8629c479dc0fa52e5cba647c74b86a422a5c3fac875b5900c3593b0

SHA512
62a6be43a43363bafdcb52293facc94780165257525cf51b78bfd113ae043b41499b87cb33d4070b08844f63c4e8678c98566eba70d6b647cbd5caf73d203dbf

Download Submit
C:\Windows\System\SnzgfOi.exe

Filesize
2.0MB

MD5
b3177643a1046fd889375582890a870b

SHA1
e0cc716edf0219050d35b63d8762687e98e9566c

SHA256
0ed2648e1b986434b4bdf986d2dbc9ed24897b17a9aa976d7d2ea741257e7351

SHA512
3d65ff72406b741b9a9335dbbd6213a3ee643ca482e207f66005fdba3f58e55c69edb3dab05dac998cc7c9530b08174db51edc1e4b8eb339f64c8581260813a2

Download Submit
C:\Windows\System\TnwEFUK.exe

Filesize
2.0MB

MD5
c03ddc561e8011a30fb1182b0e985af6

SHA1
935263b7f2ffc6db7523c386a698f3721dd81b79

SHA256
956f36bbf52dffe660a98ca72aae0105ad742077322659fac6ea16e0f26fa445

SHA512
8d277d7ee85c73f56f33d1da36d709f7cec964bda87db03ceed2d7c0a8348a48cdc66af749f3697819b9ff147072fa4a3575b8d488475d25df97c758839d8726

Download Submit
C:\Windows\System\UeJSUGZ.exe

Filesize
2.0MB

MD5
24ee3d3c636f8ece18ff25ec749550f8

SHA1
753545c16af34d80ac5d1757939b8a15bea58d3e

SHA256
bcb4b25a1f3b9c2d1a84a739342e2747e5583de83b975c757c70de3349ad6527

SHA512
d96366e2a14d4a7c6b06e4b03b1bf6bef012a6bfe7965885d90532a59a737140864b5e58ae742d0619937f7796c346a9bb2b750e5499e3fc7385913702d0b5a5

Download Submit
C:\Windows\System\UxLwPnI.exe

Filesize
2.0MB

MD5
5eb8c00cbf6522ace8eeb1c66bf86dd1

SHA1
ca7761effaf78c76460465ad7563782c84651402

SHA256
485de749bed9a7ba667a4c56e3c7cf98bf35798ea204e81bef331fe9539ed976

SHA512
f6c39928d6885068c8ecb75fa56e8f407599965e504f5b50523282360791f2b5d9372c7585134b716c46f0a3134ffec9d5d4a54008af139dbf41c40a2df9f096

Download Submit
C:\Windows\System\UyPxIzR.exe

Filesize
2.0MB

MD5
f34e5fde252c6e0bb590cc7130903f54

SHA1
e30837f88bd21a26e01a39fed9b9eef4f63b9d3e

SHA256
562bc2f304603067bc8ae62e4f409104efec2b83e8b4e2adb448a7b9110b2523

SHA512
77cfd3a601f5bc8e2b89fdd64053a4875b25f921ad023357367f225ff8c3d171efa341c8a2fd7c675d0dd84a6b47b82f810a2f4a4deda29e6fb728eff5be187d

Download Submit
C:\Windows\System\WYbOAVi.exe

Filesize
2.0MB

MD5
0db20e42f937e807a0f9b4d16d0a135e

SHA1
065d4989a750b5ba84ec0955f83335a616d42994

SHA256
c462eb6239079c85914aa20ee709e50290afa902ebb2c38fb1cfc9ee53a1e9c1

SHA512
2c0c5c4cd1ef44c786bb63691e42aa4f7aecf5791d990bf7536f3e637187b206cd6feffa8d95ee21f546cafa3cad49c809b165cd077e83f895d96eedf4b9f850

Download Submit
C:\Windows\System\YKtmkaV.exe

Filesize
2.0MB

MD5
1d9978c36a5012a2c2f7ad16939fa246

SHA1
4d961ed05984d5c4e41387bd2c0107c7c7a7e9d2

SHA256
a17d88ff60c11c791cb8681ed2ab9296702268b79a83be48fcd84bb67b429dc6

SHA512
ccb5f25ade286d4e1eb17129452fe2e1e28272b26a24ed74c18ea7e4ddfb9a2fe6172151649f91853d68c1657909b57ff8466c6562753fa06a6f4b52d27c7280

Download Submit
C:\Windows\System\ZHiYIPH.exe

Filesize
2.0MB

MD5
ff7b1105f19d0499ffa7a8cb0731e2df

SHA1
ab6bdfffd7f5e5fe5217e9ab12e3702203869ef7

SHA256
ee8cd8c14bbda9645a47b73251ef84fd1d65d2904d5f5f6b265b9d06495b474e

SHA512
7108f48719d11689ba2ebb400f02e41135c7d7c9aa9998fe9ee01921a295e6b4031f4e26d7715ef26ee4c91001342aad4d948818f7ed85b76ae6295a0ca5cadd

Download Submit
C:\Windows\System\ZioxDLs.exe

Filesize
2.0MB

MD5
ebceac74c181003e0dd94a0474f55097

SHA1
0b2d616c8e30d3d8c37974a38388c51d4ceff151

SHA256
5d527fc57b697f925a9817deb27ba1e9f933780a2d3432b8fc856bc762b05a3a

SHA512
654088449aaff9f822d50c7701e9e7044fa3e75e2aef41e9d24a6723302289276da59a04c9c1d336d94b58fd45dbe902caa056193756531b0983e905bb6d6789

Download Submit
C:\Windows\System\jIakmqI.exe

Filesize
2.0MB

MD5
6ccefff0a5fda93d6769ab20ba55f7b1

SHA1
eaa430f8bbcb0ec9fad6ab31a0511564e0394397

SHA256
f5d11251d9bc684091c0f73bcc16fef4fe42c56673f7797ddeaf85a5ce39dccd

SHA512
2991e2595f4eff61b5928b4b4a6d8666006bfb19cb9aaba6c4a5d925baa6802279eb7ca02ded41e0041c2c033f0751612cd62ad9832e6df73de5b0e9196d82cb

Download Submit
C:\Windows\System\kRwtojl.exe

Filesize
2.0MB

MD5
839c49826ffcc9bcf04d9eb63f1d9fe1

SHA1
14d59efd79a92b43c15211f148d48f7f4211d00c

SHA256
7060c3e6b265570ef2313911355df71f799601759d256799b86129275cfdbf26

SHA512
1a4f70830a2452c01c173a6e9ad34fcdb28c90342281b3688980895b7118262da8eeb8b42ea2c3383a876fe2131014338336a0b4c5f2e0f9277e835353a2cb4a

Download Submit
C:\Windows\System\ljlhVGF.exe

Filesize
2.0MB

MD5
e4bb7b942cd1e9780f714a082aa8424f

SHA1
8ff6ff5db1ecece36d8576d71a2e69ce6b64b041

SHA256
89e5d80fb2fcfc8922ce18506b5e4ca2467a5b3bf7d08ba40661ba996de417a7

SHA512
25b5ceed98b0df7e02e6bbcdbb1c44480e5cc3cac9aebb17d67af6b75af4a7be76d6d42c608eb0b2ba23886c03cde898df67635b5386f8e0da69c49af5ed3ed7

Download Submit
C:\Windows\System\mlsBVCB.exe

Filesize
2.0MB

MD5
65fc4c7d87b7afdf98ce042580a2faa6

SHA1
a9adea0d91e35b27944d4c3ab96196ebf693ab51

SHA256
948b7df54d6e2d445078503a406e76c5e679836a9bbc61d53410ab33aedebb23

SHA512
7ee10755aeb671c34036c89752886b0fd52dddff42f4fde49e2ea854ee4016ad6f00305f32817fb7534dbafbdd536aad4133b932cf2c24abf149177f0be61ba3

Download Submit
C:\Windows\System\moqwmLY.exe

Filesize
2.0MB

MD5
be201daf9b3a645348d1542d96a517cd

SHA1
19febb439adb1d6d613efabea8d7edf6c7ff9da9

SHA256
a5d3ddf91aa38b0381fa1e0b6fe14fbeb0a2ac12c82f4465221cf096ef6c0bb9

SHA512
2c39ae78836c4e5d7283abb6c905b0a34392eeb6e2f0de2d91f0f655bf1b4d37abd13915a690bb421006b38e6ef7c36ef18a09f94dd851a178423c86753d99e3

Download Submit
C:\Windows\System\oLblbOw.exe

Filesize
2.0MB

MD5
0501cfcc70bcbc2bb8755be2b4d0c23a

SHA1
a477ec5a23bc67d77e44f5dbc3ddd19e951df0e4

SHA256
982087a1c4aa4c1827536156f841ce4fe4aaa2e71c33a621565d7f7fb2892496

SHA512
5a0293e63f4a198ea7bb0ab030d6de168a9f0e4b8e0302c2043b7019c2b48ac1591cac4ee692b582a34133c06bee128799603e3fb462e95cda37ea4f2a24fd69

Download Submit
C:\Windows\System\olahRjC.exe

Filesize
2.0MB

MD5
edcdfb6293cdf49561b6363d9ac67f6d

SHA1
3377ead97c6d3dd9a4ac6d7b40d037e013c9028d

SHA256
62feac6ad405bb48954e688b71087f22a670bbbb5501f85aceb90adb0b70ed0b

SHA512
3a95b6850c391baa68bfbba378b441d1c335cc6b55a630837ac7594ee38c55f34c8db2b7d264354e82d730dc16d8b481ce3c3a0a880209408974233ffafd83a7

Download Submit
C:\Windows\System\pocCKPE.exe

Filesize
2.0MB

MD5
20f7c2432e4159388510ea922fa67c1f

SHA1
8d0b14f7ce8f9a1904dc259fa8c3f24f820b746f

SHA256
a7e6eb54c589a42eb3825d2a430201d578059eda1b65e02b947d406011405663

SHA512
8a288e30e9a1d2bc0eeecd19cc00817c8405d4c6095a7d3bfa2aff9f803c5e9083a9eccb71e8fec0b3b786d96a9691fa8f2bbab6116f1e59f36e6016e7b635a5

Download Submit
C:\Windows\System\qjxaRzf.exe

Filesize
2.0MB

MD5
abadf01c71ce117accf192c45796369f

SHA1
525395d52fd09a7f1c288046524ed482d6438735

SHA256
ec4fb6f3d9b8957d1ce77c758bb57a58c792316593c10663d3da24d9ccaede7e

SHA512
489289d4874628ce714fc7d1466b9b1a16c48db97844302812f9820e1dce1a622bcd292b52de66f9631d63133585a9ae85b0f4e5fe098b129fcd952a8825c90f

Download Submit
C:\Windows\System\tSBnofO.exe

Filesize
2.0MB

MD5
78c31791ea3893c468386036a4b87f48

SHA1
d0af04d639a36aa9f5fd5c93ff28c54d41b2ee16

SHA256
9dc3e2a3f28c48585c7af4ca3e452afeaea502dcc802aa33d2efe25f1a1284e8

SHA512
c8f54a311075878f0995f0ee80c8c645cbdee657a8e253bf2cf40cd9d8bc00dafeb8669bb4e3ede5a4fbfeeaccd2fab0be28efd26b850b1b1e90e8cf75b8ca8f

Download Submit
C:\Windows\System\ttlpscq.exe

Filesize
2.0MB

MD5
b437a3bb74bfee291e9a289b6d03d222

SHA1
e9d2f2dbc15f0aa1e376fa8649e805968c5570bb

SHA256
8d36a33457e5c3e4d8ab59eaff939f12fa94d69d85de30f136a434c4d1caac23

SHA512
6ce41c00353b5fe7416e4cc3b36b260cc707c57a3adb054c0006343051e762778b9ad2ec9c3e6950e811e07c30296e0101d9f4452d6e1b90443683502c8174fc

Download Submit
C:\Windows\System\yFHJoVs.exe

Filesize
2.0MB

MD5
c25be97ab88a03b609543bbfe0da743b

SHA1
a4f8d478eedbd0c97deec1e5f24b2b2430734782

SHA256
71b767d6ba521113a1b0f27619d45137174c7528c37020d18ebd8ea220a92432

SHA512
ee09fa77cbf604ab7efb5d54935628c5e6623d508c6ab4cda28c4f3a50e4ed8f08a7fc8ef96236914c51263f64bebf866948ddf24f094ae6c2f29ea6387ba438

Download Submit
C:\Windows\System\yhCXuSt.exe

Filesize
2.0MB

MD5
d3433cd87c206d528cd3b3dc00dcd85a

SHA1
15a800ce80b9b66679cf8230e5f34aad3c5b1fb6

SHA256
32f41880131da0766ae5bd2830797ea0ce6bbbb96e42b2f1cbf4e41fb4852c81

SHA512
0e15fbdb944def4f026aedb55a2f6b0240cd0b633733e34f7e74887e27632dc147f7f72c7d2f45163e95a3289aeb06d8a5d8cbdf4456636a59a51a4d0f1d9eda

Download Submit
memory/208-608-0x00007FF7F5FE0000-0x00007FF7F6334000-memory.dmp

Filesize
3.3MB

Download
memory/208-2162-0x00007FF7F5FE0000-0x00007FF7F6334000-memory.dmp

Filesize
3.3MB

Download
memory/844-2143-0x00007FF68DB40000-0x00007FF68DE94000-memory.dmp

Filesize
3.3MB

Download
memory/844-2139-0x00007FF68DB40000-0x00007FF68DE94000-memory.dmp

Filesize
3.3MB

Download
memory/844-27-0x00007FF68DB40000-0x00007FF68DE94000-memory.dmp

Filesize
3.3MB

Download
memory/980-620-0x00007FF635A90000-0x00007FF635DE4000-memory.dmp

Filesize
3.3MB

Download
memory/980-2164-0x00007FF635A90000-0x00007FF635DE4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2165-0x00007FF6B9590000-0x00007FF6B98E4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-621-0x00007FF6B9590000-0x00007FF6B98E4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2147-0x00007FF661760000-0x00007FF661AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2141-0x00007FF661760000-0x00007FF661AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-42-0x00007FF661760000-0x00007FF661AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-2169-0x00007FF7F3D50000-0x00007FF7F40A4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-554-0x00007FF7F3D50000-0x00007FF7F40A4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-487-0x00007FF706380000-0x00007FF7066D4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-2153-0x00007FF706380000-0x00007FF7066D4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-485-0x00007FF66EC50000-0x00007FF66EFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-2149-0x00007FF66EC50000-0x00007FF66EFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-38-0x00007FF7EC320000-0x00007FF7EC674000-memory.dmp

Filesize
3.3MB

Download
memory/2032-2144-0x00007FF7EC320000-0x00007FF7EC674000-memory.dmp

Filesize
3.3MB

Download
memory/2208-2150-0x00007FF784A80000-0x00007FF784DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-486-0x00007FF784A80000-0x00007FF784DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-614-0x00007FF7F09C0000-0x00007FF7F0D14000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2160-0x00007FF7F09C0000-0x00007FF7F0D14000-memory.dmp

Filesize
3.3MB

Download
memory/2264-2156-0x00007FF7DC0F0000-0x00007FF7DC444000-memory.dmp

Filesize
3.3MB

Download
memory/2264-544-0x00007FF7DC0F0000-0x00007FF7DC444000-memory.dmp

Filesize
3.3MB

Download
memory/2372-507-0x00007FF7FA800000-0x00007FF7FAB54000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2154-0x00007FF7FA800000-0x00007FF7FAB54000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2148-0x00007FF6C4DC0000-0x00007FF6C5114000-memory.dmp

Filesize
3.3MB

Download
memory/2848-39-0x00007FF6C4DC0000-0x00007FF6C5114000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2161-0x00007FF67CCF0000-0x00007FF67D044000-memory.dmp

Filesize
3.3MB

Download
memory/2932-604-0x00007FF67CCF0000-0x00007FF67D044000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2168-0x00007FF65E3A0000-0x00007FF65E6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-611-0x00007FF65E3A0000-0x00007FF65E6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2167-0x00007FF696E90000-0x00007FF6971E4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-514-0x00007FF696E90000-0x00007FF6971E4000-memory.dmp

Filesize
3.3MB

Download
memory/3148-596-0x00007FF681670000-0x00007FF6819C4000-memory.dmp

Filesize
3.3MB

Download
memory/3148-2163-0x00007FF681670000-0x00007FF6819C4000-memory.dmp

Filesize
3.3MB

Download
memory/3308-2146-0x00007FF6624E0000-0x00007FF662834000-memory.dmp

Filesize
3.3MB

Download
memory/3308-2140-0x00007FF6624E0000-0x00007FF662834000-memory.dmp

Filesize
3.3MB

Download
memory/3308-35-0x00007FF6624E0000-0x00007FF662834000-memory.dmp

Filesize
3.3MB

Download
memory/3468-552-0x00007FF7B65E0000-0x00007FF7B6934000-memory.dmp

Filesize
3.3MB

Download
memory/3468-2170-0x00007FF7B65E0000-0x00007FF7B6934000-memory.dmp

Filesize
3.3MB

Download
memory/3612-2152-0x00007FF7F3F70000-0x00007FF7F42C4000-memory.dmp

Filesize
3.3MB

Download
memory/3612-499-0x00007FF7F3F70000-0x00007FF7F42C4000-memory.dmp

Filesize
3.3MB

Download
memory/3632-2142-0x00007FF600650000-0x00007FF6009A4000-memory.dmp

Filesize
3.3MB

Download
memory/3632-14-0x00007FF600650000-0x00007FF6009A4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-484-0x00007FF670D50000-0x00007FF6710A4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-2151-0x00007FF670D50000-0x00007FF6710A4000-memory.dmp

Filesize
3.3MB

Download
memory/4196-2145-0x00007FF6300D0000-0x00007FF630424000-memory.dmp

Filesize
3.3MB

Download
memory/4196-31-0x00007FF6300D0000-0x00007FF630424000-memory.dmp

Filesize
3.3MB

Download
memory/4564-622-0x00007FF7439B0000-0x00007FF743D04000-memory.dmp

Filesize
3.3MB

Download
memory/4564-2166-0x00007FF7439B0000-0x00007FF743D04000-memory.dmp

Filesize
3.3MB

Download
memory/4768-599-0x00007FF63A050000-0x00007FF63A3A4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-2155-0x00007FF63A050000-0x00007FF63A3A4000-memory.dmp

Filesize
3.3MB

Download
memory/4872-0-0x00007FF7A7270000-0x00007FF7A75C4000-memory.dmp

Filesize
3.3MB

Download
memory/4872-2138-0x00007FF7A7270000-0x00007FF7A75C4000-memory.dmp

Filesize
3.3MB

Download
memory/4872-1-0x000001630E020000-0x000001630E030000-memory.dmp

Filesize
64KB

Download
memory/5068-537-0x00007FF7693C0000-0x00007FF769714000-memory.dmp

Filesize
3.3MB

Download
memory/5068-2157-0x00007FF7693C0000-0x00007FF769714000-memory.dmp

Filesize
3.3MB

Download
memory/5084-518-0x00007FF676A50000-0x00007FF676DA4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2159-0x00007FF676A50000-0x00007FF676DA4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-523-0x00007FF7EDD90000-0x00007FF7EE0E4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-2158-0x00007FF7EDD90000-0x00007FF7EE0E4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads