xmrig | 069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282

Analysis

max time kernel
135s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
Size

1.7MB
MD5

19423dbdbf27fbb3887ddfe6a1a1bee6
SHA1

715d0b4b86067da7bff0884422dc063decd54455
SHA256

069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282
SHA512

3b41ae1fc68bcd2ec4cb089105e8721085af0fc93b58a16e276e5111a48d668b61a231a72f9249cee8d61d8b18690b057e07d048a0c7d1571938a2708f0dec2f
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlOqzJO0L0+Eqq31vkMOexG4GOlwQYnsak/7t1k1jEG:knw9oUUEEDlOuJUJGFQg2twi9c

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 60 IoCs

resource	yara_rule
behavioral2/memory/3904-0-0x00007FF60E4F0000-0x00007FF60E8E1000-memory.dmp	UPX
behavioral2/files/0x000800000002344d-6.dat	UPX
behavioral2/files/0x0007000000023451-12.dat	UPX
behavioral2/files/0x0007000000023454-22.dat	UPX
behavioral2/files/0x0007000000023455-31.dat	UPX
behavioral2/files/0x0007000000023453-37.dat	UPX
behavioral2/files/0x0007000000023456-46.dat	UPX
behavioral2/files/0x0007000000023457-51.dat	UPX
behavioral2/files/0x0007000000023459-58.dat	UPX
behavioral2/files/0x000700000002345a-62.dat	UPX
behavioral2/memory/4004-67-0x00007FF6C32C0000-0x00007FF6C36B1000-memory.dmp	UPX
behavioral2/files/0x000700000002345c-76.dat	UPX
behavioral2/files/0x000700000002345d-81.dat	UPX
behavioral2/files/0x000700000002345e-91.dat	UPX
behavioral2/files/0x0007000000023460-100.dat	UPX
behavioral2/files/0x0007000000023462-110.dat	UPX
behavioral2/files/0x0007000000023463-117.dat	UPX
behavioral2/files/0x0007000000023464-120.dat	UPX
behavioral2/files/0x000800000002344e-126.dat	UPX
behavioral2/files/0x0007000000023469-154.dat	UPX
behavioral2/files/0x000700000002346e-179.dat	UPX
behavioral2/memory/2696-252-0x00007FF7823E0000-0x00007FF7827D1000-memory.dmp	UPX
behavioral2/memory/4736-292-0x00007FF777170000-0x00007FF777561000-memory.dmp	UPX
behavioral2/memory/4508-1865-0x00007FF75FB00000-0x00007FF75FEF1000-memory.dmp	UPX
behavioral2/memory/1232-1409-0x00007FF6B82E0000-0x00007FF6B86D1000-memory.dmp	UPX
behavioral2/memory/3136-2017-0x00007FF790930000-0x00007FF790D21000-memory.dmp	UPX
behavioral2/memory/2104-2016-0x00007FF73B0C0000-0x00007FF73B4B1000-memory.dmp	UPX
behavioral2/memory/2576-240-0x00007FF62FF00000-0x00007FF6302F1000-memory.dmp	UPX
behavioral2/files/0x000700000002346d-174.dat	UPX
behavioral2/files/0x000700000002346d-172.dat	UPX
behavioral2/files/0x000700000002346c-167.dat	UPX
behavioral2/files/0x000700000002346b-164.dat	UPX
behavioral2/files/0x000700000002346a-159.dat	UPX
behavioral2/files/0x0007000000023468-150.dat	UPX
behavioral2/files/0x0007000000023467-141.dat	UPX
behavioral2/memory/220-136-0x00007FF6C8740000-0x00007FF6C8B31000-memory.dmp	UPX
behavioral2/files/0x0007000000023466-134.dat	UPX
behavioral2/files/0x0007000000023465-130.dat	UPX
behavioral2/files/0x0007000000023464-116.dat	UPX
behavioral2/files/0x0007000000023461-105.dat	UPX
behavioral2/files/0x0007000000023460-98.dat	UPX
behavioral2/files/0x000700000002345f-93.dat	UPX
behavioral2/files/0x000700000002345b-73.dat	UPX
behavioral2/memory/2028-70-0x00007FF6C7C80000-0x00007FF6C8071000-memory.dmp	UPX
behavioral2/memory/1684-60-0x00007FF6F0670000-0x00007FF6F0A61000-memory.dmp	UPX
behavioral2/files/0x000700000002345a-64.dat	UPX
behavioral2/files/0x0007000000023456-32.dat	UPX
behavioral2/files/0x0007000000023452-15.dat	UPX
behavioral2/memory/4004-2067-0x00007FF6C32C0000-0x00007FF6C36B1000-memory.dmp	UPX
behavioral2/memory/2028-2069-0x00007FF6C7C80000-0x00007FF6C8071000-memory.dmp	UPX
behavioral2/memory/660-2077-0x00007FF7B0190000-0x00007FF7B0581000-memory.dmp	UPX
behavioral2/memory/220-2081-0x00007FF6C8740000-0x00007FF6C8B31000-memory.dmp	UPX
behavioral2/memory/3136-2075-0x00007FF790930000-0x00007FF790D21000-memory.dmp	UPX
behavioral2/memory/384-2089-0x00007FF7B0B80000-0x00007FF7B0F71000-memory.dmp	UPX
behavioral2/memory/2272-2095-0x00007FF74B870000-0x00007FF74BC61000-memory.dmp	UPX
behavioral2/memory/404-2097-0x00007FF66EAB0000-0x00007FF66EEA1000-memory.dmp	UPX
behavioral2/memory/4816-2087-0x00007FF6D5BE0000-0x00007FF6D5FD1000-memory.dmp	UPX
behavioral2/memory/1232-2057-0x00007FF6B82E0000-0x00007FF6B86D1000-memory.dmp	UPX
behavioral2/memory/688-2055-0x00007FF727290000-0x00007FF727681000-memory.dmp	UPX
behavioral2/memory/3416-2053-0x00007FF7B95D0000-0x00007FF7B99C1000-memory.dmp	UPX

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/4004-67-0x00007FF6C32C0000-0x00007FF6C36B1000-memory.dmp	xmrig
behavioral2/memory/3396-132-0x00007FF6C1EF0000-0x00007FF6C22E1000-memory.dmp	xmrig
behavioral2/memory/616-138-0x00007FF6121E0000-0x00007FF6125D1000-memory.dmp	xmrig
behavioral2/memory/2272-254-0x00007FF74B870000-0x00007FF74BC61000-memory.dmp	xmrig
behavioral2/memory/404-257-0x00007FF66EAB0000-0x00007FF66EEA1000-memory.dmp	xmrig
behavioral2/memory/2696-252-0x00007FF7823E0000-0x00007FF7827D1000-memory.dmp	xmrig
behavioral2/memory/384-243-0x00007FF7B0B80000-0x00007FF7B0F71000-memory.dmp	xmrig
behavioral2/memory/1528-267-0x00007FF65EA60000-0x00007FF65EE51000-memory.dmp	xmrig
behavioral2/memory/4736-292-0x00007FF777170000-0x00007FF777561000-memory.dmp	xmrig
behavioral2/memory/1684-1876-0x00007FF6F0670000-0x00007FF6F0A61000-memory.dmp	xmrig
behavioral2/memory/4508-1865-0x00007FF75FB00000-0x00007FF75FEF1000-memory.dmp	xmrig
behavioral2/memory/4176-1983-0x00007FF68F020000-0x00007FF68F411000-memory.dmp	xmrig
behavioral2/memory/1232-1409-0x00007FF6B82E0000-0x00007FF6B86D1000-memory.dmp	xmrig
behavioral2/memory/3416-1406-0x00007FF7B95D0000-0x00007FF7B99C1000-memory.dmp	xmrig
behavioral2/memory/3136-2017-0x00007FF790930000-0x00007FF790D21000-memory.dmp	xmrig
behavioral2/memory/2104-2016-0x00007FF73B0C0000-0x00007FF73B4B1000-memory.dmp	xmrig
behavioral2/memory/688-273-0x00007FF727290000-0x00007FF727681000-memory.dmp	xmrig
behavioral2/memory/4944-270-0x00007FF6C17E0000-0x00007FF6C1BD1000-memory.dmp	xmrig
behavioral2/memory/3904-263-0x00007FF60E4F0000-0x00007FF60E8E1000-memory.dmp	xmrig
behavioral2/memory/2576-240-0x00007FF62FF00000-0x00007FF6302F1000-memory.dmp	xmrig
behavioral2/memory/4816-143-0x00007FF6D5BE0000-0x00007FF6D5FD1000-memory.dmp	xmrig
behavioral2/memory/220-136-0x00007FF6C8740000-0x00007FF6C8B31000-memory.dmp	xmrig
behavioral2/memory/660-86-0x00007FF7B0190000-0x00007FF7B0581000-memory.dmp	xmrig
behavioral2/memory/2028-70-0x00007FF6C7C80000-0x00007FF6C8071000-memory.dmp	xmrig
behavioral2/memory/1528-10-0x00007FF65EA60000-0x00007FF65EE51000-memory.dmp	xmrig
behavioral2/memory/1528-2051-0x00007FF65EA60000-0x00007FF65EE51000-memory.dmp	xmrig
behavioral2/memory/4004-2067-0x00007FF6C32C0000-0x00007FF6C36B1000-memory.dmp	xmrig
behavioral2/memory/2028-2069-0x00007FF6C7C80000-0x00007FF6C8071000-memory.dmp	xmrig
behavioral2/memory/1328-2071-0x00007FF78AF30000-0x00007FF78B321000-memory.dmp	xmrig
behavioral2/memory/660-2077-0x00007FF7B0190000-0x00007FF7B0581000-memory.dmp	xmrig
behavioral2/memory/220-2081-0x00007FF6C8740000-0x00007FF6C8B31000-memory.dmp	xmrig
behavioral2/memory/616-2083-0x00007FF6121E0000-0x00007FF6125D1000-memory.dmp	xmrig
behavioral2/memory/3396-2079-0x00007FF6C1EF0000-0x00007FF6C22E1000-memory.dmp	xmrig
behavioral2/memory/3136-2075-0x00007FF790930000-0x00007FF790D21000-memory.dmp	xmrig
behavioral2/memory/384-2089-0x00007FF7B0B80000-0x00007FF7B0F71000-memory.dmp	xmrig
behavioral2/memory/4736-2091-0x00007FF777170000-0x00007FF777561000-memory.dmp	xmrig
behavioral2/memory/2272-2095-0x00007FF74B870000-0x00007FF74BC61000-memory.dmp	xmrig
behavioral2/memory/2696-2093-0x00007FF7823E0000-0x00007FF7827D1000-memory.dmp	xmrig
behavioral2/memory/404-2097-0x00007FF66EAB0000-0x00007FF66EEA1000-memory.dmp	xmrig
behavioral2/memory/2576-2085-0x00007FF62FF00000-0x00007FF6302F1000-memory.dmp	xmrig
behavioral2/memory/4816-2087-0x00007FF6D5BE0000-0x00007FF6D5FD1000-memory.dmp	xmrig
behavioral2/memory/2104-2073-0x00007FF73B0C0000-0x00007FF73B4B1000-memory.dmp	xmrig
behavioral2/memory/1684-2065-0x00007FF6F0670000-0x00007FF6F0A61000-memory.dmp	xmrig
behavioral2/memory/4176-2063-0x00007FF68F020000-0x00007FF68F411000-memory.dmp	xmrig
behavioral2/memory/4508-2061-0x00007FF75FB00000-0x00007FF75FEF1000-memory.dmp	xmrig
behavioral2/memory/4944-2059-0x00007FF6C17E0000-0x00007FF6C1BD1000-memory.dmp	xmrig
behavioral2/memory/1232-2057-0x00007FF6B82E0000-0x00007FF6B86D1000-memory.dmp	xmrig
behavioral2/memory/688-2055-0x00007FF727290000-0x00007FF727681000-memory.dmp	xmrig
behavioral2/memory/3416-2053-0x00007FF7B95D0000-0x00007FF7B99C1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1528	wNJJsuc.exe
3416	SblfBLN.exe
688	utXAVgw.exe
1232	FSxLGIx.exe
4944	XhGlTEp.exe
4508	KMPqzZr.exe
4176	YRnvkRF.exe
1684	lXrNNxq.exe
4004	gQOsyWn.exe
2028	pbMzCFb.exe
1328	aJvDNRG.exe
2104	qslIhge.exe
3136	nyguTxa.exe
660	kNIjFTI.exe
3396	ZjqiKfB.exe
220	InRZBGC.exe
616	hZHaAQn.exe
4816	hFhROmv.exe
2576	OoeNGAc.exe
384	DkZXtEF.exe
4736	ttWvRnV.exe
2696	WmvgwQQ.exe
2272	KdVQgeb.exe
404	CFlgbYm.exe
4788	DDlHxjE.exe
4896	jNWSzGf.exe
572	tORcQyc.exe
1680	jxsjuFB.exe
2844	JFJgpmE.exe
2788	EOaybKA.exe
3112	NWzLBso.exe
4232	HzJAhuF.exe
5012	zeaTVSi.exe
848	lvSnKTj.exe
5080	rSqESgj.exe
3456	xYolxxK.exe
4720	MeKfSnX.exe
3804	uGvFtmS.exe
3940	kttSRKY.exe
2916	hzAUoBH.exe
4844	kYzzZMg.exe
1320	ydomMjB.exe
3392	mQGtAre.exe
4384	SPBaesI.exe
2912	CcBEkVv.exe
4952	VTOSDVg.exe
3120	YZNQPgJ.exe
532	bHTbrlN.exe
4444	eDzUbUK.exe
1432	iGHyMpx.exe
408	bpIexDH.exe
1164	xjvijhd.exe
4852	phJFbgU.exe
3808	jkejgdM.exe
4504	mWsLVvC.exe
2116	zMnvHTC.exe
4900	FuRkWru.exe
3156	WtggQZt.exe
1704	fHGluRB.exe
2312	Fuvnyzp.exe
3304	SiwsMQE.exe
1612	VxRtmVj.exe
4936	pkpRrIM.exe
4536	dhrWGIR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3904-0-0x00007FF60E4F0000-0x00007FF60E8E1000-memory.dmp	upx
behavioral2/files/0x000800000002344d-6.dat	upx
behavioral2/files/0x0007000000023451-12.dat	upx
behavioral2/files/0x0007000000023454-22.dat	upx
behavioral2/files/0x0007000000023455-31.dat	upx
behavioral2/files/0x0007000000023453-37.dat	upx
behavioral2/files/0x0007000000023456-46.dat	upx
behavioral2/files/0x0007000000023457-51.dat	upx
behavioral2/memory/4176-49-0x00007FF68F020000-0x00007FF68F411000-memory.dmp	upx
behavioral2/files/0x0007000000023459-58.dat	upx
behavioral2/files/0x000700000002345a-62.dat	upx
behavioral2/memory/4004-67-0x00007FF6C32C0000-0x00007FF6C36B1000-memory.dmp	upx
behavioral2/files/0x000700000002345c-76.dat	upx
behavioral2/files/0x000700000002345d-81.dat	upx
behavioral2/files/0x000700000002345e-91.dat	upx
behavioral2/files/0x0007000000023460-100.dat	upx
behavioral2/files/0x0007000000023462-110.dat	upx
behavioral2/files/0x0007000000023463-117.dat	upx
behavioral2/files/0x0007000000023464-120.dat	upx
behavioral2/files/0x000800000002344e-126.dat	upx
behavioral2/memory/3396-132-0x00007FF6C1EF0000-0x00007FF6C22E1000-memory.dmp	upx
behavioral2/memory/616-138-0x00007FF6121E0000-0x00007FF6125D1000-memory.dmp	upx
behavioral2/files/0x0007000000023469-154.dat	upx
behavioral2/files/0x000700000002346e-179.dat	upx
behavioral2/memory/2272-254-0x00007FF74B870000-0x00007FF74BC61000-memory.dmp	upx
behavioral2/memory/404-257-0x00007FF66EAB0000-0x00007FF66EEA1000-memory.dmp	upx
behavioral2/memory/2696-252-0x00007FF7823E0000-0x00007FF7827D1000-memory.dmp	upx
behavioral2/memory/384-243-0x00007FF7B0B80000-0x00007FF7B0F71000-memory.dmp	upx
behavioral2/memory/1528-267-0x00007FF65EA60000-0x00007FF65EE51000-memory.dmp	upx
behavioral2/memory/4736-292-0x00007FF777170000-0x00007FF777561000-memory.dmp	upx
behavioral2/memory/1684-1876-0x00007FF6F0670000-0x00007FF6F0A61000-memory.dmp	upx
behavioral2/memory/4508-1865-0x00007FF75FB00000-0x00007FF75FEF1000-memory.dmp	upx
behavioral2/memory/4176-1983-0x00007FF68F020000-0x00007FF68F411000-memory.dmp	upx
behavioral2/memory/1232-1409-0x00007FF6B82E0000-0x00007FF6B86D1000-memory.dmp	upx
behavioral2/memory/3416-1406-0x00007FF7B95D0000-0x00007FF7B99C1000-memory.dmp	upx
behavioral2/memory/3136-2017-0x00007FF790930000-0x00007FF790D21000-memory.dmp	upx
behavioral2/memory/2104-2016-0x00007FF73B0C0000-0x00007FF73B4B1000-memory.dmp	upx
behavioral2/memory/688-273-0x00007FF727290000-0x00007FF727681000-memory.dmp	upx
behavioral2/memory/4944-270-0x00007FF6C17E0000-0x00007FF6C1BD1000-memory.dmp	upx
behavioral2/memory/3904-263-0x00007FF60E4F0000-0x00007FF60E8E1000-memory.dmp	upx
behavioral2/memory/2576-240-0x00007FF62FF00000-0x00007FF6302F1000-memory.dmp	upx
behavioral2/files/0x000700000002346d-174.dat	upx
behavioral2/files/0x000700000002346d-172.dat	upx
behavioral2/files/0x000700000002346c-167.dat	upx
behavioral2/files/0x000700000002346b-164.dat	upx
behavioral2/files/0x000700000002346a-159.dat	upx
behavioral2/files/0x0007000000023468-150.dat	upx
behavioral2/memory/4816-143-0x00007FF6D5BE0000-0x00007FF6D5FD1000-memory.dmp	upx
behavioral2/files/0x0007000000023467-141.dat	upx
behavioral2/memory/220-136-0x00007FF6C8740000-0x00007FF6C8B31000-memory.dmp	upx
behavioral2/files/0x0007000000023466-134.dat	upx
behavioral2/files/0x0007000000023465-130.dat	upx
behavioral2/files/0x0007000000023464-116.dat	upx
behavioral2/files/0x0007000000023461-105.dat	upx
behavioral2/files/0x0007000000023460-98.dat	upx
behavioral2/files/0x000700000002345f-93.dat	upx
behavioral2/memory/660-86-0x00007FF7B0190000-0x00007FF7B0581000-memory.dmp	upx
behavioral2/memory/3136-85-0x00007FF790930000-0x00007FF790D21000-memory.dmp	upx
behavioral2/memory/2104-75-0x00007FF73B0C0000-0x00007FF73B4B1000-memory.dmp	upx
behavioral2/memory/1328-71-0x00007FF78AF30000-0x00007FF78B321000-memory.dmp	upx
behavioral2/files/0x000700000002345b-73.dat	upx
behavioral2/memory/2028-70-0x00007FF6C7C80000-0x00007FF6C8071000-memory.dmp	upx
behavioral2/memory/1684-60-0x00007FF6F0670000-0x00007FF6F0A61000-memory.dmp	upx
behavioral2/files/0x000700000002345a-64.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\uGvFtmS.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\bfbaIHp.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\yTONrPh.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\InRZBGC.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\USHNtiZ.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\jzLGEYc.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\HJkHJUL.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\bQhmxrx.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\hQAfdLa.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\iHLFOYR.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\hEMSlIg.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\xvBmLxZ.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\nuSCSvh.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\VTOSDVg.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\snoFTKH.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\BUIJgQN.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\QTaHlnr.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\tqLhnQG.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\XhGlTEp.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\iznDAjq.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\MjDWDNJ.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\LTynYRw.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\HNYyoml.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\McUaiqt.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\JHASgms.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\jegQbPA.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\OVeLqIi.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\FUUDqur.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\NilOGNh.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\mpQnnGu.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\OFAOLRc.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\PLykOfp.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\UkOuNMp.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\fdAjbpm.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\hFbPIjm.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\duBSaGj.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\lrimVWf.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\FMXhpJd.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\EopORlF.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\cTGhqUx.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\VJvKcrK.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\JfgTxZb.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\bHTbrlN.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\WQGyMYd.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\CmoKcPO.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\VxzWNrW.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\jtbQMHx.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\MEtniPl.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\juuAlHS.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\tDolrCe.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\WtggQZt.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\JkJLVqV.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\cZrRvCx.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\qjMTbqH.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\eVRWOgw.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\PwLtVtk.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\knZGYzp.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\hgtsnfY.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\EsBADjc.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\JWsGATa.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\LPpVVHa.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\cpXLUBq.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\HNNZKMW.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
File created	C:\Windows\System32\qhyzluB.exe	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13892	dwm.exe
Token: SeChangeNotifyPrivilege	13892	dwm.exe
Token: 33	13892	dwm.exe
Token: SeIncBasePriorityPrivilege	13892	dwm.exe
Token: SeShutdownPrivilege	13892	dwm.exe
Token: SeCreatePagefilePrivilege	13892	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 1528	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	85
PID 3904 wrote to memory of 1528	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	85
PID 3904 wrote to memory of 3416	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	86
PID 3904 wrote to memory of 3416	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	86
PID 3904 wrote to memory of 688	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	87
PID 3904 wrote to memory of 688	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	87
PID 3904 wrote to memory of 1232	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	88
PID 3904 wrote to memory of 1232	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	88
PID 3904 wrote to memory of 4944	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	89
PID 3904 wrote to memory of 4944	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	89
PID 3904 wrote to memory of 4508	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	90
PID 3904 wrote to memory of 4508	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	90
PID 3904 wrote to memory of 4176	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	91
PID 3904 wrote to memory of 4176	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	91
PID 3904 wrote to memory of 1684	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	92
PID 3904 wrote to memory of 1684	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	92
PID 3904 wrote to memory of 4004	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	93
PID 3904 wrote to memory of 4004	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	93
PID 3904 wrote to memory of 2028	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	94
PID 3904 wrote to memory of 2028	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	94
PID 3904 wrote to memory of 1328	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	95
PID 3904 wrote to memory of 1328	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	95
PID 3904 wrote to memory of 2104	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	96
PID 3904 wrote to memory of 2104	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	96
PID 3904 wrote to memory of 3136	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	97
PID 3904 wrote to memory of 3136	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	97
PID 3904 wrote to memory of 660	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	98
PID 3904 wrote to memory of 660	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	98
PID 3904 wrote to memory of 3396	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	99
PID 3904 wrote to memory of 3396	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	99
PID 3904 wrote to memory of 220	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	100
PID 3904 wrote to memory of 220	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	100
PID 3904 wrote to memory of 616	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	101
PID 3904 wrote to memory of 616	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	101
PID 3904 wrote to memory of 4816	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	102
PID 3904 wrote to memory of 4816	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	102
PID 3904 wrote to memory of 2576	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	103
PID 3904 wrote to memory of 2576	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	103
PID 3904 wrote to memory of 384	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	104
PID 3904 wrote to memory of 384	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	104
PID 3904 wrote to memory of 4736	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	105
PID 3904 wrote to memory of 4736	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	105
PID 3904 wrote to memory of 2696	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	106
PID 3904 wrote to memory of 2696	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	106
PID 3904 wrote to memory of 2272	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	107
PID 3904 wrote to memory of 2272	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	107
PID 3904 wrote to memory of 404	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	108
PID 3904 wrote to memory of 404	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	108
PID 3904 wrote to memory of 4788	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	109
PID 3904 wrote to memory of 4788	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	109
PID 3904 wrote to memory of 4896	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	110
PID 3904 wrote to memory of 4896	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	110
PID 3904 wrote to memory of 572	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	111
PID 3904 wrote to memory of 572	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	111
PID 3904 wrote to memory of 1680	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	112
PID 3904 wrote to memory of 1680	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	112
PID 3904 wrote to memory of 2844	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	113
PID 3904 wrote to memory of 2844	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	113
PID 3904 wrote to memory of 2788	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	114
PID 3904 wrote to memory of 2788	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	114
PID 3904 wrote to memory of 3112	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	115
PID 3904 wrote to memory of 3112	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	115
PID 3904 wrote to memory of 4232	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	116
PID 3904 wrote to memory of 4232	3904	069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe	116

C:\Users\Admin\AppData\Local\Temp\069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe
"C:\Users\Admin\AppData\Local\Temp\069f037c2d3d55d064ab4cf213ee787982a1a46897cc3b6b60f2f08851fbf282.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Windows\System32\wNJJsuc.exe
  C:\Windows\System32\wNJJsuc.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System32\SblfBLN.exe
  C:\Windows\System32\SblfBLN.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System32\utXAVgw.exe
  C:\Windows\System32\utXAVgw.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System32\FSxLGIx.exe
  C:\Windows\System32\FSxLGIx.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System32\XhGlTEp.exe
  C:\Windows\System32\XhGlTEp.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System32\KMPqzZr.exe
  C:\Windows\System32\KMPqzZr.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System32\YRnvkRF.exe
  C:\Windows\System32\YRnvkRF.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System32\lXrNNxq.exe
  C:\Windows\System32\lXrNNxq.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System32\gQOsyWn.exe
  C:\Windows\System32\gQOsyWn.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System32\pbMzCFb.exe
  C:\Windows\System32\pbMzCFb.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System32\aJvDNRG.exe
  C:\Windows\System32\aJvDNRG.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System32\qslIhge.exe
  C:\Windows\System32\qslIhge.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System32\nyguTxa.exe
  C:\Windows\System32\nyguTxa.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System32\kNIjFTI.exe
  C:\Windows\System32\kNIjFTI.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System32\ZjqiKfB.exe
  C:\Windows\System32\ZjqiKfB.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System32\InRZBGC.exe
  C:\Windows\System32\InRZBGC.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System32\hZHaAQn.exe
  C:\Windows\System32\hZHaAQn.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System32\hFhROmv.exe
  C:\Windows\System32\hFhROmv.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System32\OoeNGAc.exe
  C:\Windows\System32\OoeNGAc.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System32\DkZXtEF.exe
  C:\Windows\System32\DkZXtEF.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System32\ttWvRnV.exe
  C:\Windows\System32\ttWvRnV.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System32\WmvgwQQ.exe
  C:\Windows\System32\WmvgwQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System32\KdVQgeb.exe
  C:\Windows\System32\KdVQgeb.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System32\CFlgbYm.exe
  C:\Windows\System32\CFlgbYm.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System32\DDlHxjE.exe
  C:\Windows\System32\DDlHxjE.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System32\jNWSzGf.exe
  C:\Windows\System32\jNWSzGf.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System32\tORcQyc.exe
  C:\Windows\System32\tORcQyc.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System32\jxsjuFB.exe
  C:\Windows\System32\jxsjuFB.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System32\JFJgpmE.exe
  C:\Windows\System32\JFJgpmE.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System32\EOaybKA.exe
  C:\Windows\System32\EOaybKA.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System32\NWzLBso.exe
  C:\Windows\System32\NWzLBso.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System32\HzJAhuF.exe
  C:\Windows\System32\HzJAhuF.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System32\zeaTVSi.exe
  C:\Windows\System32\zeaTVSi.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System32\lvSnKTj.exe
  C:\Windows\System32\lvSnKTj.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System32\rSqESgj.exe
  C:\Windows\System32\rSqESgj.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System32\xYolxxK.exe
  C:\Windows\System32\xYolxxK.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System32\MeKfSnX.exe
  C:\Windows\System32\MeKfSnX.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System32\uGvFtmS.exe
  C:\Windows\System32\uGvFtmS.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System32\kttSRKY.exe
  C:\Windows\System32\kttSRKY.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System32\hzAUoBH.exe
  C:\Windows\System32\hzAUoBH.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System32\kYzzZMg.exe
  C:\Windows\System32\kYzzZMg.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System32\ydomMjB.exe
  C:\Windows\System32\ydomMjB.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System32\mQGtAre.exe
  C:\Windows\System32\mQGtAre.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System32\SPBaesI.exe
  C:\Windows\System32\SPBaesI.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System32\CcBEkVv.exe
  C:\Windows\System32\CcBEkVv.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System32\VTOSDVg.exe
  C:\Windows\System32\VTOSDVg.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\YZNQPgJ.exe
  C:\Windows\System32\YZNQPgJ.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System32\bHTbrlN.exe
  C:\Windows\System32\bHTbrlN.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System32\eDzUbUK.exe
  C:\Windows\System32\eDzUbUK.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System32\iGHyMpx.exe
  C:\Windows\System32\iGHyMpx.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System32\bpIexDH.exe
  C:\Windows\System32\bpIexDH.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System32\xjvijhd.exe
  C:\Windows\System32\xjvijhd.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System32\phJFbgU.exe
  C:\Windows\System32\phJFbgU.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System32\jkejgdM.exe
  C:\Windows\System32\jkejgdM.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System32\mWsLVvC.exe
  C:\Windows\System32\mWsLVvC.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System32\zMnvHTC.exe
  C:\Windows\System32\zMnvHTC.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System32\FuRkWru.exe
  C:\Windows\System32\FuRkWru.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System32\WtggQZt.exe
  C:\Windows\System32\WtggQZt.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System32\fHGluRB.exe
  C:\Windows\System32\fHGluRB.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System32\Fuvnyzp.exe
  C:\Windows\System32\Fuvnyzp.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System32\SiwsMQE.exe
  C:\Windows\System32\SiwsMQE.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System32\VxRtmVj.exe
  C:\Windows\System32\VxRtmVj.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System32\pkpRrIM.exe
  C:\Windows\System32\pkpRrIM.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System32\dhrWGIR.exe
  C:\Windows\System32\dhrWGIR.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System32\jYimqHw.exe
  C:\Windows\System32\jYimqHw.exe
  2⤵
  PID:5000
- C:\Windows\System32\AIXSuqk.exe
  C:\Windows\System32\AIXSuqk.exe
  2⤵
  PID:4284
- C:\Windows\System32\trouTWy.exe
  C:\Windows\System32\trouTWy.exe
  2⤵
  PID:3040
- C:\Windows\System32\hENnxfj.exe
  C:\Windows\System32\hENnxfj.exe
  2⤵
  PID:3556
- C:\Windows\System32\kiorpAA.exe
  C:\Windows\System32\kiorpAA.exe
  2⤵
  PID:5088
- C:\Windows\System32\NCecwgz.exe
  C:\Windows\System32\NCecwgz.exe
  2⤵
  PID:4748
- C:\Windows\System32\oxoZQmV.exe
  C:\Windows\System32\oxoZQmV.exe
  2⤵
  PID:3148
- C:\Windows\System32\qhyzluB.exe
  C:\Windows\System32\qhyzluB.exe
  2⤵
  PID:2296
- C:\Windows\System32\wQbjuTt.exe
  C:\Windows\System32\wQbjuTt.exe
  2⤵
  PID:1072
- C:\Windows\System32\UNwdYkM.exe
  C:\Windows\System32\UNwdYkM.exe
  2⤵
  PID:4932
- C:\Windows\System32\oGkUCKa.exe
  C:\Windows\System32\oGkUCKa.exe
  2⤵
  PID:116
- C:\Windows\System32\xrnnGWh.exe
  C:\Windows\System32\xrnnGWh.exe
  2⤵
  PID:428
- C:\Windows\System32\uaNpqbX.exe
  C:\Windows\System32\uaNpqbX.exe
  2⤵
  PID:4972
- C:\Windows\System32\TTjrrZP.exe
  C:\Windows\System32\TTjrrZP.exe
  2⤵
  PID:2536
- C:\Windows\System32\wShMZSB.exe
  C:\Windows\System32\wShMZSB.exe
  2⤵
  PID:3852
- C:\Windows\System32\OXqwOQx.exe
  C:\Windows\System32\OXqwOQx.exe
  2⤵
  PID:2768
- C:\Windows\System32\snoFTKH.exe
  C:\Windows\System32\snoFTKH.exe
  2⤵
  PID:5084
- C:\Windows\System32\gwHvseD.exe
  C:\Windows\System32\gwHvseD.exe
  2⤵
  PID:2476
- C:\Windows\System32\VlqjjPg.exe
  C:\Windows\System32\VlqjjPg.exe
  2⤵
  PID:4468
- C:\Windows\System32\GzCqbha.exe
  C:\Windows\System32\GzCqbha.exe
  2⤵
  PID:1448
- C:\Windows\System32\aDsnnqo.exe
  C:\Windows\System32\aDsnnqo.exe
  2⤵
  PID:4700
- C:\Windows\System32\qPysmVN.exe
  C:\Windows\System32\qPysmVN.exe
  2⤵
  PID:1572
- C:\Windows\System32\vFHceBE.exe
  C:\Windows\System32\vFHceBE.exe
  2⤵
  PID:4472
- C:\Windows\System32\Fgslsdu.exe
  C:\Windows\System32\Fgslsdu.exe
  2⤵
  PID:1884
- C:\Windows\System32\BvvVfjP.exe
  C:\Windows\System32\BvvVfjP.exe
  2⤵
  PID:5140
- C:\Windows\System32\oNAZMCp.exe
  C:\Windows\System32\oNAZMCp.exe
  2⤵
  PID:5156
- C:\Windows\System32\heXhEAq.exe
  C:\Windows\System32\heXhEAq.exe
  2⤵
  PID:5204
- C:\Windows\System32\TnqkSKh.exe
  C:\Windows\System32\TnqkSKh.exe
  2⤵
  PID:5224
- C:\Windows\System32\tmbIKDR.exe
  C:\Windows\System32\tmbIKDR.exe
  2⤵
  PID:5268
- C:\Windows\System32\EsBADjc.exe
  C:\Windows\System32\EsBADjc.exe
  2⤵
  PID:5296
- C:\Windows\System32\oUKjZQI.exe
  C:\Windows\System32\oUKjZQI.exe
  2⤵
  PID:5320
- C:\Windows\System32\iTOiyzE.exe
  C:\Windows\System32\iTOiyzE.exe
  2⤵
  PID:5348
- C:\Windows\System32\BUIJgQN.exe
  C:\Windows\System32\BUIJgQN.exe
  2⤵
  PID:5368
- C:\Windows\System32\LxKDUwh.exe
  C:\Windows\System32\LxKDUwh.exe
  2⤵
  PID:5388
- C:\Windows\System32\PsRGJHI.exe
  C:\Windows\System32\PsRGJHI.exe
  2⤵
  PID:5408
- C:\Windows\System32\oKZSAYU.exe
  C:\Windows\System32\oKZSAYU.exe
  2⤵
  PID:5432
- C:\Windows\System32\jKEoHPM.exe
  C:\Windows\System32\jKEoHPM.exe
  2⤵
  PID:5448
- C:\Windows\System32\MQTADuU.exe
  C:\Windows\System32\MQTADuU.exe
  2⤵
  PID:5492
- C:\Windows\System32\hjhzaek.exe
  C:\Windows\System32\hjhzaek.exe
  2⤵
  PID:5544
- C:\Windows\System32\CaNHAAc.exe
  C:\Windows\System32\CaNHAAc.exe
  2⤵
  PID:5564
- C:\Windows\System32\FqkJTvD.exe
  C:\Windows\System32\FqkJTvD.exe
  2⤵
  PID:5584
- C:\Windows\System32\DVVbupL.exe
  C:\Windows\System32\DVVbupL.exe
  2⤵
  PID:5604
- C:\Windows\System32\iEcswrM.exe
  C:\Windows\System32\iEcswrM.exe
  2⤵
  PID:5620
- C:\Windows\System32\yrGSmQI.exe
  C:\Windows\System32\yrGSmQI.exe
  2⤵
  PID:5704
- C:\Windows\System32\RlxxsAT.exe
  C:\Windows\System32\RlxxsAT.exe
  2⤵
  PID:5724
- C:\Windows\System32\duAkLmO.exe
  C:\Windows\System32\duAkLmO.exe
  2⤵
  PID:5744
- C:\Windows\System32\KsKWecH.exe
  C:\Windows\System32\KsKWecH.exe
  2⤵
  PID:5764
- C:\Windows\System32\PpNZKHN.exe
  C:\Windows\System32\PpNZKHN.exe
  2⤵
  PID:5792
- C:\Windows\System32\YQRvOLc.exe
  C:\Windows\System32\YQRvOLc.exe
  2⤵
  PID:5808
- C:\Windows\System32\UtXJPik.exe
  C:\Windows\System32\UtXJPik.exe
  2⤵
  PID:5844
- C:\Windows\System32\VTdicor.exe
  C:\Windows\System32\VTdicor.exe
  2⤵
  PID:5900
- C:\Windows\System32\HKmJlHd.exe
  C:\Windows\System32\HKmJlHd.exe
  2⤵
  PID:5932
- C:\Windows\System32\PGnJcLs.exe
  C:\Windows\System32\PGnJcLs.exe
  2⤵
  PID:5956
- C:\Windows\System32\pBOPSKj.exe
  C:\Windows\System32\pBOPSKj.exe
  2⤵
  PID:5980
- C:\Windows\System32\dcJKkxz.exe
  C:\Windows\System32\dcJKkxz.exe
  2⤵
  PID:5996
- C:\Windows\System32\KwFKhVN.exe
  C:\Windows\System32\KwFKhVN.exe
  2⤵
  PID:6012
- C:\Windows\System32\XUrQaun.exe
  C:\Windows\System32\XUrQaun.exe
  2⤵
  PID:6032
- C:\Windows\System32\JsaSEcA.exe
  C:\Windows\System32\JsaSEcA.exe
  2⤵
  PID:6048
- C:\Windows\System32\teBtIeI.exe
  C:\Windows\System32\teBtIeI.exe
  2⤵
  PID:6072
- C:\Windows\System32\OGZCXGy.exe
  C:\Windows\System32\OGZCXGy.exe
  2⤵
  PID:6088
- C:\Windows\System32\atcoqTg.exe
  C:\Windows\System32\atcoqTg.exe
  2⤵
  PID:6108
- C:\Windows\System32\ewLVfMr.exe
  C:\Windows\System32\ewLVfMr.exe
  2⤵
  PID:5136
- C:\Windows\System32\rKJprNv.exe
  C:\Windows\System32\rKJprNv.exe
  2⤵
  PID:4172
- C:\Windows\System32\pswjRgx.exe
  C:\Windows\System32\pswjRgx.exe
  2⤵
  PID:3168
- C:\Windows\System32\zeyfpdg.exe
  C:\Windows\System32\zeyfpdg.exe
  2⤵
  PID:3344
- C:\Windows\System32\GrNKNty.exe
  C:\Windows\System32\GrNKNty.exe
  2⤵
  PID:5216
- C:\Windows\System32\AquFHTe.exe
  C:\Windows\System32\AquFHTe.exe
  2⤵
  PID:5344
- C:\Windows\System32\HljYsqT.exe
  C:\Windows\System32\HljYsqT.exe
  2⤵
  PID:5404
- C:\Windows\System32\YBPPYfS.exe
  C:\Windows\System32\YBPPYfS.exe
  2⤵
  PID:5400
- C:\Windows\System32\SfDXBsF.exe
  C:\Windows\System32\SfDXBsF.exe
  2⤵
  PID:5500
- C:\Windows\System32\JNrPMgd.exe
  C:\Windows\System32\JNrPMgd.exe
  2⤵
  PID:5580
- C:\Windows\System32\UkebeKC.exe
  C:\Windows\System32\UkebeKC.exe
  2⤵
  PID:4648
- C:\Windows\System32\CDcvBlJ.exe
  C:\Windows\System32\CDcvBlJ.exe
  2⤵
  PID:5672
- C:\Windows\System32\rvxNRaO.exe
  C:\Windows\System32\rvxNRaO.exe
  2⤵
  PID:916
- C:\Windows\System32\uxqyZGt.exe
  C:\Windows\System32\uxqyZGt.exe
  2⤵
  PID:5776
- C:\Windows\System32\xIPxQdB.exe
  C:\Windows\System32\xIPxQdB.exe
  2⤵
  PID:5856
- C:\Windows\System32\QcsPPkS.exe
  C:\Windows\System32\QcsPPkS.exe
  2⤵
  PID:5908
- C:\Windows\System32\QxkvsYi.exe
  C:\Windows\System32\QxkvsYi.exe
  2⤵
  PID:5964
- C:\Windows\System32\hFbPIjm.exe
  C:\Windows\System32\hFbPIjm.exe
  2⤵
  PID:4480
- C:\Windows\System32\JAQBoFj.exe
  C:\Windows\System32\JAQBoFj.exe
  2⤵
  PID:1808
- C:\Windows\System32\FofXSiL.exe
  C:\Windows\System32\FofXSiL.exe
  2⤵
  PID:4060
- C:\Windows\System32\nIZPlMG.exe
  C:\Windows\System32\nIZPlMG.exe
  2⤵
  PID:5152
- C:\Windows\System32\zvBBTyD.exe
  C:\Windows\System32\zvBBTyD.exe
  2⤵
  PID:5420
- C:\Windows\System32\SEuiRMQ.exe
  C:\Windows\System32\SEuiRMQ.exe
  2⤵
  PID:5464
- C:\Windows\System32\KqGpuTN.exe
  C:\Windows\System32\KqGpuTN.exe
  2⤵
  PID:4136
- C:\Windows\System32\PDzIIqq.exe
  C:\Windows\System32\PDzIIqq.exe
  2⤵
  PID:2376
- C:\Windows\System32\mNHgcKV.exe
  C:\Windows\System32\mNHgcKV.exe
  2⤵
  PID:5736
- C:\Windows\System32\fQIJyxH.exe
  C:\Windows\System32\fQIJyxH.exe
  2⤵
  PID:1720
- C:\Windows\System32\EigikPc.exe
  C:\Windows\System32\EigikPc.exe
  2⤵
  PID:5920
- C:\Windows\System32\xaCBvxR.exe
  C:\Windows\System32\xaCBvxR.exe
  2⤵
  PID:3660
- C:\Windows\System32\tbWstJX.exe
  C:\Windows\System32\tbWstJX.exe
  2⤵
  PID:3560
- C:\Windows\System32\NhvVRDK.exe
  C:\Windows\System32\NhvVRDK.exe
  2⤵
  PID:6080
- C:\Windows\System32\YRBxMIx.exe
  C:\Windows\System32\YRBxMIx.exe
  2⤵
  PID:6096
- C:\Windows\System32\qRTeKxE.exe
  C:\Windows\System32\qRTeKxE.exe
  2⤵
  PID:5644
- C:\Windows\System32\VaHuByl.exe
  C:\Windows\System32\VaHuByl.exe
  2⤵
  PID:5840
- C:\Windows\System32\kwbGsnZ.exe
  C:\Windows\System32\kwbGsnZ.exe
  2⤵
  PID:5864
- C:\Windows\System32\duBSaGj.exe
  C:\Windows\System32\duBSaGj.exe
  2⤵
  PID:3232
- C:\Windows\System32\BIDVAUi.exe
  C:\Windows\System32\BIDVAUi.exe
  2⤵
  PID:6152
- C:\Windows\System32\GAdbhRT.exe
  C:\Windows\System32\GAdbhRT.exe
  2⤵
  PID:6168
- C:\Windows\System32\BqIHLoN.exe
  C:\Windows\System32\BqIHLoN.exe
  2⤵
  PID:6208
- C:\Windows\System32\NDwXFpP.exe
  C:\Windows\System32\NDwXFpP.exe
  2⤵
  PID:6248
- C:\Windows\System32\khmfMSo.exe
  C:\Windows\System32\khmfMSo.exe
  2⤵
  PID:6264
- C:\Windows\System32\gcHTIOI.exe
  C:\Windows\System32\gcHTIOI.exe
  2⤵
  PID:6312
- C:\Windows\System32\jGAEWhp.exe
  C:\Windows\System32\jGAEWhp.exe
  2⤵
  PID:6332
- C:\Windows\System32\ILzyUIu.exe
  C:\Windows\System32\ILzyUIu.exe
  2⤵
  PID:6368
- C:\Windows\System32\QTaHlnr.exe
  C:\Windows\System32\QTaHlnr.exe
  2⤵
  PID:6388
- C:\Windows\System32\mOOuybE.exe
  C:\Windows\System32\mOOuybE.exe
  2⤵
  PID:6436
- C:\Windows\System32\vWuLZWg.exe
  C:\Windows\System32\vWuLZWg.exe
  2⤵
  PID:6460
- C:\Windows\System32\PTGwqXJ.exe
  C:\Windows\System32\PTGwqXJ.exe
  2⤵
  PID:6480
- C:\Windows\System32\DtAGiAu.exe
  C:\Windows\System32\DtAGiAu.exe
  2⤵
  PID:6500
- C:\Windows\System32\RaZhwJX.exe
  C:\Windows\System32\RaZhwJX.exe
  2⤵
  PID:6536
- C:\Windows\System32\zZYVDDc.exe
  C:\Windows\System32\zZYVDDc.exe
  2⤵
  PID:6576
- C:\Windows\System32\MZGxpLr.exe
  C:\Windows\System32\MZGxpLr.exe
  2⤵
  PID:6608
- C:\Windows\System32\HNYyoml.exe
  C:\Windows\System32\HNYyoml.exe
  2⤵
  PID:6628
- C:\Windows\System32\DKfEggZ.exe
  C:\Windows\System32\DKfEggZ.exe
  2⤵
  PID:6696
- C:\Windows\System32\qnvdrqF.exe
  C:\Windows\System32\qnvdrqF.exe
  2⤵
  PID:6724
- C:\Windows\System32\CHFeegH.exe
  C:\Windows\System32\CHFeegH.exe
  2⤵
  PID:6748
- C:\Windows\System32\lExnwsD.exe
  C:\Windows\System32\lExnwsD.exe
  2⤵
  PID:6788
- C:\Windows\System32\QpEssEQ.exe
  C:\Windows\System32\QpEssEQ.exe
  2⤵
  PID:6812
- C:\Windows\System32\sBHPorO.exe
  C:\Windows\System32\sBHPorO.exe
  2⤵
  PID:6832
- C:\Windows\System32\TtTwNNL.exe
  C:\Windows\System32\TtTwNNL.exe
  2⤵
  PID:6872
- C:\Windows\System32\gLkulLJ.exe
  C:\Windows\System32\gLkulLJ.exe
  2⤵
  PID:6904
- C:\Windows\System32\aZQPsPC.exe
  C:\Windows\System32\aZQPsPC.exe
  2⤵
  PID:6924
- C:\Windows\System32\VBBskCn.exe
  C:\Windows\System32\VBBskCn.exe
  2⤵
  PID:6956
- C:\Windows\System32\pgYWlSI.exe
  C:\Windows\System32\pgYWlSI.exe
  2⤵
  PID:6992
- C:\Windows\System32\RbQqYhD.exe
  C:\Windows\System32\RbQqYhD.exe
  2⤵
  PID:7012
- C:\Windows\System32\XToMyIm.exe
  C:\Windows\System32\XToMyIm.exe
  2⤵
  PID:7044
- C:\Windows\System32\NoRSvsQ.exe
  C:\Windows\System32\NoRSvsQ.exe
  2⤵
  PID:7064
- C:\Windows\System32\SccZWop.exe
  C:\Windows\System32\SccZWop.exe
  2⤵
  PID:7084
- C:\Windows\System32\fywpmGy.exe
  C:\Windows\System32\fywpmGy.exe
  2⤵
  PID:7104
- C:\Windows\System32\zasXsbV.exe
  C:\Windows\System32\zasXsbV.exe
  2⤵
  PID:7148
- C:\Windows\System32\HRIdOmX.exe
  C:\Windows\System32\HRIdOmX.exe
  2⤵
  PID:2392
- C:\Windows\System32\FcKNVJu.exe
  C:\Windows\System32\FcKNVJu.exe
  2⤵
  PID:6192
- C:\Windows\System32\QEcKmda.exe
  C:\Windows\System32\QEcKmda.exe
  2⤵
  PID:6236
- C:\Windows\System32\oUFGbQR.exe
  C:\Windows\System32\oUFGbQR.exe
  2⤵
  PID:6348
- C:\Windows\System32\BdayZxe.exe
  C:\Windows\System32\BdayZxe.exe
  2⤵
  PID:6416
- C:\Windows\System32\NOCnMxl.exe
  C:\Windows\System32\NOCnMxl.exe
  2⤵
  PID:6448
- C:\Windows\System32\mnPQLoE.exe
  C:\Windows\System32\mnPQLoE.exe
  2⤵
  PID:6524
- C:\Windows\System32\kdlPSdi.exe
  C:\Windows\System32\kdlPSdi.exe
  2⤵
  PID:6552
- C:\Windows\System32\HxaMxCV.exe
  C:\Windows\System32\HxaMxCV.exe
  2⤵
  PID:6588
- C:\Windows\System32\GCvrCIQ.exe
  C:\Windows\System32\GCvrCIQ.exe
  2⤵
  PID:6620
- C:\Windows\System32\aNoPdBJ.exe
  C:\Windows\System32\aNoPdBJ.exe
  2⤵
  PID:6760
- C:\Windows\System32\LbUFGBU.exe
  C:\Windows\System32\LbUFGBU.exe
  2⤵
  PID:6856
- C:\Windows\System32\aPfhLxj.exe
  C:\Windows\System32\aPfhLxj.exe
  2⤵
  PID:6964
- C:\Windows\System32\ghlmhmw.exe
  C:\Windows\System32\ghlmhmw.exe
  2⤵
  PID:6972
- C:\Windows\System32\BZcibFD.exe
  C:\Windows\System32\BZcibFD.exe
  2⤵
  PID:7056
- C:\Windows\System32\pniQoQY.exe
  C:\Windows\System32\pniQoQY.exe
  2⤵
  PID:7096
- C:\Windows\System32\cxpCSPy.exe
  C:\Windows\System32\cxpCSPy.exe
  2⤵
  PID:1644
- C:\Windows\System32\GacGYIN.exe
  C:\Windows\System32\GacGYIN.exe
  2⤵
  PID:6296
- C:\Windows\System32\dCfIigI.exe
  C:\Windows\System32\dCfIigI.exe
  2⤵
  PID:6404
- C:\Windows\System32\DLlJdbj.exe
  C:\Windows\System32\DLlJdbj.exe
  2⤵
  PID:6476
- C:\Windows\System32\laZXGAE.exe
  C:\Windows\System32\laZXGAE.exe
  2⤵
  PID:6688
- C:\Windows\System32\dgUYhJV.exe
  C:\Windows\System32\dgUYhJV.exe
  2⤵
  PID:6824
- C:\Windows\System32\hgtsnfY.exe
  C:\Windows\System32\hgtsnfY.exe
  2⤵
  PID:7080
- C:\Windows\System32\ElmZste.exe
  C:\Windows\System32\ElmZste.exe
  2⤵
  PID:6056
- C:\Windows\System32\BlnFsCc.exe
  C:\Windows\System32\BlnFsCc.exe
  2⤵
  PID:6564
- C:\Windows\System32\LddUFQc.exe
  C:\Windows\System32\LddUFQc.exe
  2⤵
  PID:6988
- C:\Windows\System32\maTQJAx.exe
  C:\Windows\System32\maTQJAx.exe
  2⤵
  PID:7100
- C:\Windows\System32\oLrqkhL.exe
  C:\Windows\System32\oLrqkhL.exe
  2⤵
  PID:6260
- C:\Windows\System32\OvZftCd.exe
  C:\Windows\System32\OvZftCd.exe
  2⤵
  PID:7176
- C:\Windows\System32\WXhEben.exe
  C:\Windows\System32\WXhEben.exe
  2⤵
  PID:7196
- C:\Windows\System32\KQUNtcm.exe
  C:\Windows\System32\KQUNtcm.exe
  2⤵
  PID:7228
- C:\Windows\System32\wMumQPm.exe
  C:\Windows\System32\wMumQPm.exe
  2⤵
  PID:7264
- C:\Windows\System32\wCioZpw.exe
  C:\Windows\System32\wCioZpw.exe
  2⤵
  PID:7296
- C:\Windows\System32\jtbQMHx.exe
  C:\Windows\System32\jtbQMHx.exe
  2⤵
  PID:7332
- C:\Windows\System32\RtUaAkE.exe
  C:\Windows\System32\RtUaAkE.exe
  2⤵
  PID:7356
- C:\Windows\System32\AcFAdsx.exe
  C:\Windows\System32\AcFAdsx.exe
  2⤵
  PID:7380
- C:\Windows\System32\IyWEBag.exe
  C:\Windows\System32\IyWEBag.exe
  2⤵
  PID:7396
- C:\Windows\System32\UTpIFTz.exe
  C:\Windows\System32\UTpIFTz.exe
  2⤵
  PID:7416
- C:\Windows\System32\cZQgycV.exe
  C:\Windows\System32\cZQgycV.exe
  2⤵
  PID:7436
- C:\Windows\System32\Rglytxn.exe
  C:\Windows\System32\Rglytxn.exe
  2⤵
  PID:7464
- C:\Windows\System32\yJQwANB.exe
  C:\Windows\System32\yJQwANB.exe
  2⤵
  PID:7516
- C:\Windows\System32\hKLVekD.exe
  C:\Windows\System32\hKLVekD.exe
  2⤵
  PID:7548
- C:\Windows\System32\moTAlHp.exe
  C:\Windows\System32\moTAlHp.exe
  2⤵
  PID:7572
- C:\Windows\System32\OkLkWrO.exe
  C:\Windows\System32\OkLkWrO.exe
  2⤵
  PID:7592
- C:\Windows\System32\iqDXdbG.exe
  C:\Windows\System32\iqDXdbG.exe
  2⤵
  PID:7608
- C:\Windows\System32\CQpQTQP.exe
  C:\Windows\System32\CQpQTQP.exe
  2⤵
  PID:7636
- C:\Windows\System32\ZOZGPpx.exe
  C:\Windows\System32\ZOZGPpx.exe
  2⤵
  PID:7680
- C:\Windows\System32\keyUSwa.exe
  C:\Windows\System32\keyUSwa.exe
  2⤵
  PID:7696
- C:\Windows\System32\vcfKkPp.exe
  C:\Windows\System32\vcfKkPp.exe
  2⤵
  PID:7724
- C:\Windows\System32\ceAlSwA.exe
  C:\Windows\System32\ceAlSwA.exe
  2⤵
  PID:7744
- C:\Windows\System32\TzqzafD.exe
  C:\Windows\System32\TzqzafD.exe
  2⤵
  PID:7796
- C:\Windows\System32\OVeLqIi.exe
  C:\Windows\System32\OVeLqIi.exe
  2⤵
  PID:7840
- C:\Windows\System32\ODWVRXO.exe
  C:\Windows\System32\ODWVRXO.exe
  2⤵
  PID:7864
- C:\Windows\System32\NYyYgBJ.exe
  C:\Windows\System32\NYyYgBJ.exe
  2⤵
  PID:7888
- C:\Windows\System32\uoPYlsC.exe
  C:\Windows\System32\uoPYlsC.exe
  2⤵
  PID:7912
- C:\Windows\System32\vCcHmeG.exe
  C:\Windows\System32\vCcHmeG.exe
  2⤵
  PID:7928
- C:\Windows\System32\FQILNjp.exe
  C:\Windows\System32\FQILNjp.exe
  2⤵
  PID:7960
- C:\Windows\System32\AUWPCrR.exe
  C:\Windows\System32\AUWPCrR.exe
  2⤵
  PID:7976
- C:\Windows\System32\hpsiZSI.exe
  C:\Windows\System32\hpsiZSI.exe
  2⤵
  PID:8020
- C:\Windows\System32\IwRcBbC.exe
  C:\Windows\System32\IwRcBbC.exe
  2⤵
  PID:8064
- C:\Windows\System32\RVLzaKt.exe
  C:\Windows\System32\RVLzaKt.exe
  2⤵
  PID:8088
- C:\Windows\System32\WYBTIMT.exe
  C:\Windows\System32\WYBTIMT.exe
  2⤵
  PID:8112
- C:\Windows\System32\cPnCcLp.exe
  C:\Windows\System32\cPnCcLp.exe
  2⤵
  PID:8128
- C:\Windows\System32\Krvjoam.exe
  C:\Windows\System32\Krvjoam.exe
  2⤵
  PID:8160
- C:\Windows\System32\kBwvoYY.exe
  C:\Windows\System32\kBwvoYY.exe
  2⤵
  PID:3280
- C:\Windows\System32\BNrVfGR.exe
  C:\Windows\System32\BNrVfGR.exe
  2⤵
  PID:7216
- C:\Windows\System32\IPTtywN.exe
  C:\Windows\System32\IPTtywN.exe
  2⤵
  PID:7272
- C:\Windows\System32\peqMVkP.exe
  C:\Windows\System32\peqMVkP.exe
  2⤵
  PID:7352
- C:\Windows\System32\KubatUs.exe
  C:\Windows\System32\KubatUs.exe
  2⤵
  PID:7392
- C:\Windows\System32\CYQbXaN.exe
  C:\Windows\System32\CYQbXaN.exe
  2⤵
  PID:7444
- C:\Windows\System32\kMxIykA.exe
  C:\Windows\System32\kMxIykA.exe
  2⤵
  PID:7452
- C:\Windows\System32\JWsGATa.exe
  C:\Windows\System32\JWsGATa.exe
  2⤵
  PID:7604
- C:\Windows\System32\vlUzdHa.exe
  C:\Windows\System32\vlUzdHa.exe
  2⤵
  PID:7624
- C:\Windows\System32\IyqlqUp.exe
  C:\Windows\System32\IyqlqUp.exe
  2⤵
  PID:7628
- C:\Windows\System32\qhCLJHW.exe
  C:\Windows\System32\qhCLJHW.exe
  2⤵
  PID:7740
- C:\Windows\System32\zcPMEbe.exe
  C:\Windows\System32\zcPMEbe.exe
  2⤵
  PID:7780
- C:\Windows\System32\MubuxNG.exe
  C:\Windows\System32\MubuxNG.exe
  2⤵
  PID:7896
- C:\Windows\System32\FIykPUK.exe
  C:\Windows\System32\FIykPUK.exe
  2⤵
  PID:7920
- C:\Windows\System32\bSYPmqC.exe
  C:\Windows\System32\bSYPmqC.exe
  2⤵
  PID:4032
- C:\Windows\System32\iHLFOYR.exe
  C:\Windows\System32\iHLFOYR.exe
  2⤵
  PID:7988
- C:\Windows\System32\QaOrLYN.exe
  C:\Windows\System32\QaOrLYN.exe
  2⤵
  PID:8072
- C:\Windows\System32\CHUcPYw.exe
  C:\Windows\System32\CHUcPYw.exe
  2⤵
  PID:8144
- C:\Windows\System32\yEucLkr.exe
  C:\Windows\System32\yEucLkr.exe
  2⤵
  PID:8180
- C:\Windows\System32\NVXetyG.exe
  C:\Windows\System32\NVXetyG.exe
  2⤵
  PID:7252
- C:\Windows\System32\npSbYKv.exe
  C:\Windows\System32\npSbYKv.exe
  2⤵
  PID:7412
- C:\Windows\System32\nqCWlgO.exe
  C:\Windows\System32\nqCWlgO.exe
  2⤵
  PID:7652
- C:\Windows\System32\xfQqtUi.exe
  C:\Windows\System32\xfQqtUi.exe
  2⤵
  PID:3644
- C:\Windows\System32\TsqhNTL.exe
  C:\Windows\System32\TsqhNTL.exe
  2⤵
  PID:7808
- C:\Windows\System32\aVFiPxa.exe
  C:\Windows\System32\aVFiPxa.exe
  2⤵
  PID:7924
- C:\Windows\System32\KOEuevl.exe
  C:\Windows\System32\KOEuevl.exe
  2⤵
  PID:8048
- C:\Windows\System32\rdSbLka.exe
  C:\Windows\System32\rdSbLka.exe
  2⤵
  PID:8120
- C:\Windows\System32\AniCrZR.exe
  C:\Windows\System32\AniCrZR.exe
  2⤵
  PID:6916
- C:\Windows\System32\ruwjiYg.exe
  C:\Windows\System32\ruwjiYg.exe
  2⤵
  PID:7756
- C:\Windows\System32\Rfrqczv.exe
  C:\Windows\System32\Rfrqczv.exe
  2⤵
  PID:7908
- C:\Windows\System32\PaSzgKk.exe
  C:\Windows\System32\PaSzgKk.exe
  2⤵
  PID:8212
- C:\Windows\System32\PGDGozW.exe
  C:\Windows\System32\PGDGozW.exe
  2⤵
  PID:8240
- C:\Windows\System32\EtXdHfX.exe
  C:\Windows\System32\EtXdHfX.exe
  2⤵
  PID:8264
- C:\Windows\System32\ZsgjBwB.exe
  C:\Windows\System32\ZsgjBwB.exe
  2⤵
  PID:8300
- C:\Windows\System32\EcANILt.exe
  C:\Windows\System32\EcANILt.exe
  2⤵
  PID:8324
- C:\Windows\System32\dYVstfu.exe
  C:\Windows\System32\dYVstfu.exe
  2⤵
  PID:8348
- C:\Windows\System32\NJSdTGu.exe
  C:\Windows\System32\NJSdTGu.exe
  2⤵
  PID:8372
- C:\Windows\System32\lrimVWf.exe
  C:\Windows\System32\lrimVWf.exe
  2⤵
  PID:8404
- C:\Windows\System32\MpeMokT.exe
  C:\Windows\System32\MpeMokT.exe
  2⤵
  PID:8424
- C:\Windows\System32\IQNoank.exe
  C:\Windows\System32\IQNoank.exe
  2⤵
  PID:8480
- C:\Windows\System32\XWldyle.exe
  C:\Windows\System32\XWldyle.exe
  2⤵
  PID:8532
- C:\Windows\System32\KSBgfBL.exe
  C:\Windows\System32\KSBgfBL.exe
  2⤵
  PID:8548
- C:\Windows\System32\OJpHbUC.exe
  C:\Windows\System32\OJpHbUC.exe
  2⤵
  PID:8572
- C:\Windows\System32\NsLvIOb.exe
  C:\Windows\System32\NsLvIOb.exe
  2⤵
  PID:8596
- C:\Windows\System32\CUqguyz.exe
  C:\Windows\System32\CUqguyz.exe
  2⤵
  PID:8616
- C:\Windows\System32\BHXLleP.exe
  C:\Windows\System32\BHXLleP.exe
  2⤵
  PID:8644
- C:\Windows\System32\zRvEIQQ.exe
  C:\Windows\System32\zRvEIQQ.exe
  2⤵
  PID:8668
- C:\Windows\System32\ZntGRCN.exe
  C:\Windows\System32\ZntGRCN.exe
  2⤵
  PID:8712
- C:\Windows\System32\Wvdasku.exe
  C:\Windows\System32\Wvdasku.exe
  2⤵
  PID:8748
- C:\Windows\System32\hBwrAQo.exe
  C:\Windows\System32\hBwrAQo.exe
  2⤵
  PID:8768
- C:\Windows\System32\iNWnTfg.exe
  C:\Windows\System32\iNWnTfg.exe
  2⤵
  PID:8792
- C:\Windows\System32\FMXhpJd.exe
  C:\Windows\System32\FMXhpJd.exe
  2⤵
  PID:8836
- C:\Windows\System32\vTJSUDU.exe
  C:\Windows\System32\vTJSUDU.exe
  2⤵
  PID:8856
- C:\Windows\System32\kLfwmnD.exe
  C:\Windows\System32\kLfwmnD.exe
  2⤵
  PID:8880
- C:\Windows\System32\ouLYShZ.exe
  C:\Windows\System32\ouLYShZ.exe
  2⤵
  PID:8904
- C:\Windows\System32\EopORlF.exe
  C:\Windows\System32\EopORlF.exe
  2⤵
  PID:8924
- C:\Windows\System32\bppKJNX.exe
  C:\Windows\System32\bppKJNX.exe
  2⤵
  PID:8948
- C:\Windows\System32\yuwZRkG.exe
  C:\Windows\System32\yuwZRkG.exe
  2⤵
  PID:8992
- C:\Windows\System32\AyyqFFy.exe
  C:\Windows\System32\AyyqFFy.exe
  2⤵
  PID:9028
- C:\Windows\System32\TzWoQkv.exe
  C:\Windows\System32\TzWoQkv.exe
  2⤵
  PID:9056
- C:\Windows\System32\cTGhqUx.exe
  C:\Windows\System32\cTGhqUx.exe
  2⤵
  PID:9076
- C:\Windows\System32\fsIgNON.exe
  C:\Windows\System32\fsIgNON.exe
  2⤵
  PID:9096
- C:\Windows\System32\VJvKcrK.exe
  C:\Windows\System32\VJvKcrK.exe
  2⤵
  PID:9124
- C:\Windows\System32\YNjRAIC.exe
  C:\Windows\System32\YNjRAIC.exe
  2⤵
  PID:9164
- C:\Windows\System32\PLykOfp.exe
  C:\Windows\System32\PLykOfp.exe
  2⤵
  PID:9196
- C:\Windows\System32\Azfvzfj.exe
  C:\Windows\System32\Azfvzfj.exe
  2⤵
  PID:8004
- C:\Windows\System32\mCQESDU.exe
  C:\Windows\System32\mCQESDU.exe
  2⤵
  PID:8220
- C:\Windows\System32\ADFbkCl.exe
  C:\Windows\System32\ADFbkCl.exe
  2⤵
  PID:8320
- C:\Windows\System32\ORxxHNh.exe
  C:\Windows\System32\ORxxHNh.exe
  2⤵
  PID:8420
- C:\Windows\System32\hQAfdLa.exe
  C:\Windows\System32\hQAfdLa.exe
  2⤵
  PID:8468
- C:\Windows\System32\CrwPMQW.exe
  C:\Windows\System32\CrwPMQW.exe
  2⤵
  PID:8500
- C:\Windows\System32\KdUroot.exe
  C:\Windows\System32\KdUroot.exe
  2⤵
  PID:8584
- C:\Windows\System32\ZUsSCeg.exe
  C:\Windows\System32\ZUsSCeg.exe
  2⤵
  PID:8664
- C:\Windows\System32\dzKFQuY.exe
  C:\Windows\System32\dzKFQuY.exe
  2⤵
  PID:8700
- C:\Windows\System32\nQvkGeb.exe
  C:\Windows\System32\nQvkGeb.exe
  2⤵
  PID:2800
- C:\Windows\System32\MEtniPl.exe
  C:\Windows\System32\MEtniPl.exe
  2⤵
  PID:8900
- C:\Windows\System32\pbXZcIU.exe
  C:\Windows\System32\pbXZcIU.exe
  2⤵
  PID:4400
- C:\Windows\System32\beRbhaB.exe
  C:\Windows\System32\beRbhaB.exe
  2⤵
  PID:8912
- C:\Windows\System32\UqgVYSg.exe
  C:\Windows\System32\UqgVYSg.exe
  2⤵
  PID:9036
- C:\Windows\System32\DNFcvcf.exe
  C:\Windows\System32\DNFcvcf.exe
  2⤵
  PID:9088
- C:\Windows\System32\RZBfwmd.exe
  C:\Windows\System32\RZBfwmd.exe
  2⤵
  PID:1460
- C:\Windows\System32\mxsJTrV.exe
  C:\Windows\System32\mxsJTrV.exe
  2⤵
  PID:9156
- C:\Windows\System32\IGPAAlq.exe
  C:\Windows\System32\IGPAAlq.exe
  2⤵
  PID:9188
- C:\Windows\System32\BifuFCB.exe
  C:\Windows\System32\BifuFCB.exe
  2⤵
  PID:8252
- C:\Windows\System32\gBMxQXN.exe
  C:\Windows\System32\gBMxQXN.exe
  2⤵
  PID:8384
- C:\Windows\System32\nuvwxgd.exe
  C:\Windows\System32\nuvwxgd.exe
  2⤵
  PID:8452
- C:\Windows\System32\RsEptki.exe
  C:\Windows\System32\RsEptki.exe
  2⤵
  PID:8556
- C:\Windows\System32\GRjiDCM.exe
  C:\Windows\System32\GRjiDCM.exe
  2⤵
  PID:8776
- C:\Windows\System32\JkJLVqV.exe
  C:\Windows\System32\JkJLVqV.exe
  2⤵
  PID:8732
- C:\Windows\System32\McUaiqt.exe
  C:\Windows\System32\McUaiqt.exe
  2⤵
  PID:8832
- C:\Windows\System32\eoAldxw.exe
  C:\Windows\System32\eoAldxw.exe
  2⤵
  PID:5020
- C:\Windows\System32\eSoOJyk.exe
  C:\Windows\System32\eSoOJyk.exe
  2⤵
  PID:1376
- C:\Windows\System32\gzHdWWR.exe
  C:\Windows\System32\gzHdWWR.exe
  2⤵
  PID:8316
- C:\Windows\System32\JfgTxZb.exe
  C:\Windows\System32\JfgTxZb.exe
  2⤵
  PID:9120
- C:\Windows\System32\LMUrpDV.exe
  C:\Windows\System32\LMUrpDV.exe
  2⤵
  PID:7512
- C:\Windows\System32\RlBNlzC.exe
  C:\Windows\System32\RlBNlzC.exe
  2⤵
  PID:9236
- C:\Windows\System32\iznDAjq.exe
  C:\Windows\System32\iznDAjq.exe
  2⤵
  PID:9264
- C:\Windows\System32\qVhoUzw.exe
  C:\Windows\System32\qVhoUzw.exe
  2⤵
  PID:9292
- C:\Windows\System32\kKrUAbW.exe
  C:\Windows\System32\kKrUAbW.exe
  2⤵
  PID:9320
- C:\Windows\System32\MHPRhrx.exe
  C:\Windows\System32\MHPRhrx.exe
  2⤵
  PID:9344
- C:\Windows\System32\RkexKly.exe
  C:\Windows\System32\RkexKly.exe
  2⤵
  PID:9388
- C:\Windows\System32\JxWsZud.exe
  C:\Windows\System32\JxWsZud.exe
  2⤵
  PID:9408
- C:\Windows\System32\oWOiEXf.exe
  C:\Windows\System32\oWOiEXf.exe
  2⤵
  PID:9432
- C:\Windows\System32\zBFwhgE.exe
  C:\Windows\System32\zBFwhgE.exe
  2⤵
  PID:9448
- C:\Windows\System32\JHASgms.exe
  C:\Windows\System32\JHASgms.exe
  2⤵
  PID:9480
- C:\Windows\System32\PMjZaxF.exe
  C:\Windows\System32\PMjZaxF.exe
  2⤵
  PID:9500
- C:\Windows\System32\VRtJVdT.exe
  C:\Windows\System32\VRtJVdT.exe
  2⤵
  PID:9544
- C:\Windows\System32\ZIXGBXE.exe
  C:\Windows\System32\ZIXGBXE.exe
  2⤵
  PID:9580
- C:\Windows\System32\MjDWDNJ.exe
  C:\Windows\System32\MjDWDNJ.exe
  2⤵
  PID:9604
- C:\Windows\System32\OFAOLRc.exe
  C:\Windows\System32\OFAOLRc.exe
  2⤵
  PID:9628
- C:\Windows\System32\EBWwqxW.exe
  C:\Windows\System32\EBWwqxW.exe
  2⤵
  PID:9648
- C:\Windows\System32\ixlPWvH.exe
  C:\Windows\System32\ixlPWvH.exe
  2⤵
  PID:9664
- C:\Windows\System32\uueWhjQ.exe
  C:\Windows\System32\uueWhjQ.exe
  2⤵
  PID:9688
- C:\Windows\System32\juMPbSz.exe
  C:\Windows\System32\juMPbSz.exe
  2⤵
  PID:9732
- C:\Windows\System32\LekLLdF.exe
  C:\Windows\System32\LekLLdF.exe
  2⤵
  PID:9752
- C:\Windows\System32\uPSwXow.exe
  C:\Windows\System32\uPSwXow.exe
  2⤵
  PID:9792
- C:\Windows\System32\kzeKQKV.exe
  C:\Windows\System32\kzeKQKV.exe
  2⤵
  PID:9824
- C:\Windows\System32\tGYEQRZ.exe
  C:\Windows\System32\tGYEQRZ.exe
  2⤵
  PID:9848
- C:\Windows\System32\phDXMVy.exe
  C:\Windows\System32\phDXMVy.exe
  2⤵
  PID:9872
- C:\Windows\System32\NnOWGer.exe
  C:\Windows\System32\NnOWGer.exe
  2⤵
  PID:9904
- C:\Windows\System32\TtZahNH.exe
  C:\Windows\System32\TtZahNH.exe
  2⤵
  PID:9924
- C:\Windows\System32\UkOuNMp.exe
  C:\Windows\System32\UkOuNMp.exe
  2⤵
  PID:9956
- C:\Windows\System32\TuXrJUE.exe
  C:\Windows\System32\TuXrJUE.exe
  2⤵
  PID:9976
- C:\Windows\System32\ACQkeNY.exe
  C:\Windows\System32\ACQkeNY.exe
  2⤵
  PID:10008
- C:\Windows\System32\LTynYRw.exe
  C:\Windows\System32\LTynYRw.exe
  2⤵
  PID:10028
- C:\Windows\System32\bzTGmAA.exe
  C:\Windows\System32\bzTGmAA.exe
  2⤵
  PID:10072
- C:\Windows\System32\FUUDqur.exe
  C:\Windows\System32\FUUDqur.exe
  2⤵
  PID:10100
- C:\Windows\System32\VZLxTdR.exe
  C:\Windows\System32\VZLxTdR.exe
  2⤵
  PID:10116
- C:\Windows\System32\gtypbDf.exe
  C:\Windows\System32\gtypbDf.exe
  2⤵
  PID:10148
- C:\Windows\System32\fWpHZib.exe
  C:\Windows\System32\fWpHZib.exe
  2⤵
  PID:10188
- C:\Windows\System32\twoUCwo.exe
  C:\Windows\System32\twoUCwo.exe
  2⤵
  PID:10216
- C:\Windows\System32\IbvuOAz.exe
  C:\Windows\System32\IbvuOAz.exe
  2⤵
  PID:10236
- C:\Windows\System32\qFfJrqx.exe
  C:\Windows\System32\qFfJrqx.exe
  2⤵
  PID:9308
- C:\Windows\System32\NwHbPeI.exe
  C:\Windows\System32\NwHbPeI.exe
  2⤵
  PID:9372
- C:\Windows\System32\jegQbPA.exe
  C:\Windows\System32\jegQbPA.exe
  2⤵
  PID:9404
- C:\Windows\System32\mQYydNu.exe
  C:\Windows\System32\mQYydNu.exe
  2⤵
  PID:9496
- C:\Windows\System32\sLadiKa.exe
  C:\Windows\System32\sLadiKa.exe
  2⤵
  PID:9556
- C:\Windows\System32\itDzcsm.exe
  C:\Windows\System32\itDzcsm.exe
  2⤵
  PID:9616
- C:\Windows\System32\LKbUNOQ.exe
  C:\Windows\System32\LKbUNOQ.exe
  2⤵
  PID:9680
- C:\Windows\System32\HAByvcE.exe
  C:\Windows\System32\HAByvcE.exe
  2⤵
  PID:9760
- C:\Windows\System32\VQXHwdU.exe
  C:\Windows\System32\VQXHwdU.exe
  2⤵
  PID:9812
- C:\Windows\System32\asPiTeE.exe
  C:\Windows\System32\asPiTeE.exe
  2⤵
  PID:9844
- C:\Windows\System32\NilOGNh.exe
  C:\Windows\System32\NilOGNh.exe
  2⤵
  PID:9948
- C:\Windows\System32\bfbaIHp.exe
  C:\Windows\System32\bfbaIHp.exe
  2⤵
  PID:10000
- C:\Windows\System32\cjUvkVF.exe
  C:\Windows\System32\cjUvkVF.exe
  2⤵
  PID:10096
- C:\Windows\System32\loEEZNx.exe
  C:\Windows\System32\loEEZNx.exe
  2⤵
  PID:10112
- C:\Windows\System32\juuAlHS.exe
  C:\Windows\System32\juuAlHS.exe
  2⤵
  PID:10180
- C:\Windows\System32\XWVnRHQ.exe
  C:\Windows\System32\XWVnRHQ.exe
  2⤵
  PID:9336
- C:\Windows\System32\FyWtFvZ.exe
  C:\Windows\System32\FyWtFvZ.exe
  2⤵
  PID:9384
- C:\Windows\System32\ZCWztKM.exe
  C:\Windows\System32\ZCWztKM.exe
  2⤵
  PID:2644
- C:\Windows\System32\sFBejAx.exe
  C:\Windows\System32\sFBejAx.exe
  2⤵
  PID:9640
- C:\Windows\System32\ofpOvLX.exe
  C:\Windows\System32\ofpOvLX.exe
  2⤵
  PID:440
- C:\Windows\System32\RqdRLYI.exe
  C:\Windows\System32\RqdRLYI.exe
  2⤵
  PID:10156
- C:\Windows\System32\KLhHLDT.exe
  C:\Windows\System32\KLhHLDT.exe
  2⤵
  PID:10136
- C:\Windows\System32\zGYIHjP.exe
  C:\Windows\System32\zGYIHjP.exe
  2⤵
  PID:9332
- C:\Windows\System32\RcwuDlj.exe
  C:\Windows\System32\RcwuDlj.exe
  2⤵
  PID:9748
- C:\Windows\System32\cZrRvCx.exe
  C:\Windows\System32\cZrRvCx.exe
  2⤵
  PID:10040
- C:\Windows\System32\PZgxKMQ.exe
  C:\Windows\System32\PZgxKMQ.exe
  2⤵
  PID:10232
- C:\Windows\System32\bwLyroU.exe
  C:\Windows\System32\bwLyroU.exe
  2⤵
  PID:10252
- C:\Windows\System32\OhciJaQ.exe
  C:\Windows\System32\OhciJaQ.exe
  2⤵
  PID:10272
- C:\Windows\System32\JEZkJvL.exe
  C:\Windows\System32\JEZkJvL.exe
  2⤵
  PID:10292
- C:\Windows\System32\HXDgdiF.exe
  C:\Windows\System32\HXDgdiF.exe
  2⤵
  PID:10356
- C:\Windows\System32\yscLAUY.exe
  C:\Windows\System32\yscLAUY.exe
  2⤵
  PID:10380
- C:\Windows\System32\hEMSlIg.exe
  C:\Windows\System32\hEMSlIg.exe
  2⤵
  PID:10420
- C:\Windows\System32\NYiSGzh.exe
  C:\Windows\System32\NYiSGzh.exe
  2⤵
  PID:10452
- C:\Windows\System32\eyMLBUn.exe
  C:\Windows\System32\eyMLBUn.exe
  2⤵
  PID:10504
- C:\Windows\System32\XQquuqJ.exe
  C:\Windows\System32\XQquuqJ.exe
  2⤵
  PID:10524
- C:\Windows\System32\hjSKxEb.exe
  C:\Windows\System32\hjSKxEb.exe
  2⤵
  PID:10664
- C:\Windows\System32\xTODOMT.exe
  C:\Windows\System32\xTODOMT.exe
  2⤵
  PID:10708
- C:\Windows\System32\MqSEKUe.exe
  C:\Windows\System32\MqSEKUe.exe
  2⤵
  PID:10760
- C:\Windows\System32\hpQkLch.exe
  C:\Windows\System32\hpQkLch.exe
  2⤵
  PID:10784
- C:\Windows\System32\LTEFGsS.exe
  C:\Windows\System32\LTEFGsS.exe
  2⤵
  PID:10808
- C:\Windows\System32\fHsXLqL.exe
  C:\Windows\System32\fHsXLqL.exe
  2⤵
  PID:10828
- C:\Windows\System32\USHNtiZ.exe
  C:\Windows\System32\USHNtiZ.exe
  2⤵
  PID:10872
- C:\Windows\System32\BplJxFC.exe
  C:\Windows\System32\BplJxFC.exe
  2⤵
  PID:10896
- C:\Windows\System32\nIuiFAw.exe
  C:\Windows\System32\nIuiFAw.exe
  2⤵
  PID:10924
- C:\Windows\System32\wACzJuL.exe
  C:\Windows\System32\wACzJuL.exe
  2⤵
  PID:10948
- C:\Windows\System32\wgBJIwk.exe
  C:\Windows\System32\wgBJIwk.exe
  2⤵
  PID:10980
- C:\Windows\System32\pytXELX.exe
  C:\Windows\System32\pytXELX.exe
  2⤵
  PID:11012
- C:\Windows\System32\sIMDgjs.exe
  C:\Windows\System32\sIMDgjs.exe
  2⤵
  PID:11032
- C:\Windows\System32\BNWbyYF.exe
  C:\Windows\System32\BNWbyYF.exe
  2⤵
  PID:11064
- C:\Windows\System32\zjegVlk.exe
  C:\Windows\System32\zjegVlk.exe
  2⤵
  PID:11092
- C:\Windows\System32\WpgjoUz.exe
  C:\Windows\System32\WpgjoUz.exe
  2⤵
  PID:11116
- C:\Windows\System32\FPENRDH.exe
  C:\Windows\System32\FPENRDH.exe
  2⤵
  PID:11144
- C:\Windows\System32\ExwJpdq.exe
  C:\Windows\System32\ExwJpdq.exe
  2⤵
  PID:11172
- C:\Windows\System32\NwqhzHL.exe
  C:\Windows\System32\NwqhzHL.exe
  2⤵
  PID:11196
- C:\Windows\System32\peHHkdv.exe
  C:\Windows\System32\peHHkdv.exe
  2⤵
  PID:11220
- C:\Windows\System32\GIussYS.exe
  C:\Windows\System32\GIussYS.exe
  2⤵
  PID:11248
- C:\Windows\System32\pHCKMld.exe
  C:\Windows\System32\pHCKMld.exe
  2⤵
  PID:9724
- C:\Windows\System32\stXxygI.exe
  C:\Windows\System32\stXxygI.exe
  2⤵
  PID:10260
- C:\Windows\System32\poRjJtV.exe
  C:\Windows\System32\poRjJtV.exe
  2⤵
  PID:10328
- C:\Windows\System32\fdAjbpm.exe
  C:\Windows\System32\fdAjbpm.exe
  2⤵
  PID:10392
- C:\Windows\System32\mWWzEQu.exe
  C:\Windows\System32\mWWzEQu.exe
  2⤵
  PID:10496
- C:\Windows\System32\CyPiQBK.exe
  C:\Windows\System32\CyPiQBK.exe
  2⤵
  PID:10576
- C:\Windows\System32\yRnXZVA.exe
  C:\Windows\System32\yRnXZVA.exe
  2⤵
  PID:10676
- C:\Windows\System32\tqLhnQG.exe
  C:\Windows\System32\tqLhnQG.exe
  2⤵
  PID:10572
- C:\Windows\System32\RimswKH.exe
  C:\Windows\System32\RimswKH.exe
  2⤵
  PID:10600
- C:\Windows\System32\nbAjQOS.exe
  C:\Windows\System32\nbAjQOS.exe
  2⤵
  PID:10636
- C:\Windows\System32\AWsfrtw.exe
  C:\Windows\System32\AWsfrtw.exe
  2⤵
  PID:10656
- C:\Windows\System32\uQNbcwm.exe
  C:\Windows\System32\uQNbcwm.exe
  2⤵
  PID:10684
- C:\Windows\System32\sowRtiF.exe
  C:\Windows\System32\sowRtiF.exe
  2⤵
  PID:10836
- C:\Windows\System32\KQoUhQC.exe
  C:\Windows\System32\KQoUhQC.exe
  2⤵
  PID:10880
- C:\Windows\System32\LPpVVHa.exe
  C:\Windows\System32\LPpVVHa.exe
  2⤵
  PID:10932
- C:\Windows\System32\cGMegro.exe
  C:\Windows\System32\cGMegro.exe
  2⤵
  PID:10976
- C:\Windows\System32\qjMTbqH.exe
  C:\Windows\System32\qjMTbqH.exe
  2⤵
  PID:11136
- C:\Windows\System32\cRXxsLH.exe
  C:\Windows\System32\cRXxsLH.exe
  2⤵
  PID:11160
- C:\Windows\System32\yTONrPh.exe
  C:\Windows\System32\yTONrPh.exe
  2⤵
  PID:11204
- C:\Windows\System32\UPmCoNl.exe
  C:\Windows\System32\UPmCoNl.exe
  2⤵
  PID:9744
- C:\Windows\System32\lNpUHat.exe
  C:\Windows\System32\lNpUHat.exe
  2⤵
  PID:10020
- C:\Windows\System32\jNpRVHA.exe
  C:\Windows\System32\jNpRVHA.exe
  2⤵
  PID:10596
- C:\Windows\System32\FydlRWW.exe
  C:\Windows\System32\FydlRWW.exe
  2⤵
  PID:10552
- C:\Windows\System32\eJusJdl.exe
  C:\Windows\System32\eJusJdl.exe
  2⤵
  PID:10628
- C:\Windows\System32\tsJzvjQ.exe
  C:\Windows\System32\tsJzvjQ.exe
  2⤵
  PID:10728
- C:\Windows\System32\whcxxQf.exe
  C:\Windows\System32\whcxxQf.exe
  2⤵
  PID:11000
- C:\Windows\System32\TcieVHH.exe
  C:\Windows\System32\TcieVHH.exe
  2⤵
  PID:10904
- C:\Windows\System32\mpjgojU.exe
  C:\Windows\System32\mpjgojU.exe
  2⤵
  PID:11216
- C:\Windows\System32\jzLGEYc.exe
  C:\Windows\System32\jzLGEYc.exe
  2⤵
  PID:10568
- C:\Windows\System32\jLrfijU.exe
  C:\Windows\System32\jLrfijU.exe
  2⤵
  PID:10700
- C:\Windows\System32\luHGtPW.exe
  C:\Windows\System32\luHGtPW.exe
  2⤵
  PID:11028
- C:\Windows\System32\XZzLpMw.exe
  C:\Windows\System32\XZzLpMw.exe
  2⤵
  PID:11132
- C:\Windows\System32\YIvMtew.exe
  C:\Windows\System32\YIvMtew.exe
  2⤵
  PID:10472
- C:\Windows\System32\LaWEOUO.exe
  C:\Windows\System32\LaWEOUO.exe
  2⤵
  PID:11276
- C:\Windows\System32\bYzSzYS.exe
  C:\Windows\System32\bYzSzYS.exe
  2⤵
  PID:11304
- C:\Windows\System32\PWvGhcY.exe
  C:\Windows\System32\PWvGhcY.exe
  2⤵
  PID:11328
- C:\Windows\System32\eVRWOgw.exe
  C:\Windows\System32\eVRWOgw.exe
  2⤵
  PID:11348
- C:\Windows\System32\MRxdnJe.exe
  C:\Windows\System32\MRxdnJe.exe
  2⤵
  PID:11368
- C:\Windows\System32\CEwnPDj.exe
  C:\Windows\System32\CEwnPDj.exe
  2⤵
  PID:11392
- C:\Windows\System32\kpovwjj.exe
  C:\Windows\System32\kpovwjj.exe
  2⤵
  PID:11412
- C:\Windows\System32\ARbKEVn.exe
  C:\Windows\System32\ARbKEVn.exe
  2⤵
  PID:11436
- C:\Windows\System32\lHkFMqe.exe
  C:\Windows\System32\lHkFMqe.exe
  2⤵
  PID:11452
- C:\Windows\System32\avqUqnu.exe
  C:\Windows\System32\avqUqnu.exe
  2⤵
  PID:11520
- C:\Windows\System32\fmnqfXk.exe
  C:\Windows\System32\fmnqfXk.exe
  2⤵
  PID:11552
- C:\Windows\System32\KuDxfUe.exe
  C:\Windows\System32\KuDxfUe.exe
  2⤵
  PID:11576
- C:\Windows\System32\UKiSdnC.exe
  C:\Windows\System32\UKiSdnC.exe
  2⤵
  PID:11620
- C:\Windows\System32\KLeHoDX.exe
  C:\Windows\System32\KLeHoDX.exe
  2⤵
  PID:11656
- C:\Windows\System32\KtNYDLM.exe
  C:\Windows\System32\KtNYDLM.exe
  2⤵
  PID:11676
- C:\Windows\System32\toVasCn.exe
  C:\Windows\System32\toVasCn.exe
  2⤵
  PID:11708
- C:\Windows\System32\UDtgybX.exe
  C:\Windows\System32\UDtgybX.exe
  2⤵
  PID:11732
- C:\Windows\System32\xvBmLxZ.exe
  C:\Windows\System32\xvBmLxZ.exe
  2⤵
  PID:11760
- C:\Windows\System32\rFzqlsj.exe
  C:\Windows\System32\rFzqlsj.exe
  2⤵
  PID:11788
- C:\Windows\System32\AZoLkbW.exe
  C:\Windows\System32\AZoLkbW.exe
  2⤵
  PID:11804
- C:\Windows\System32\QPeNjRw.exe
  C:\Windows\System32\QPeNjRw.exe
  2⤵
  PID:11840
- C:\Windows\System32\tKVcgTe.exe
  C:\Windows\System32\tKVcgTe.exe
  2⤵
  PID:11896
- C:\Windows\System32\EZYeuQp.exe
  C:\Windows\System32\EZYeuQp.exe
  2⤵
  PID:11920
- C:\Windows\System32\dvAqhNX.exe
  C:\Windows\System32\dvAqhNX.exe
  2⤵
  PID:11964
- C:\Windows\System32\rfwJLiE.exe
  C:\Windows\System32\rfwJLiE.exe
  2⤵
  PID:11988
- C:\Windows\System32\LuaamDF.exe
  C:\Windows\System32\LuaamDF.exe
  2⤵
  PID:12044
- C:\Windows\System32\VxzWNrW.exe
  C:\Windows\System32\VxzWNrW.exe
  2⤵
  PID:12068
- C:\Windows\System32\PcFgcjr.exe
  C:\Windows\System32\PcFgcjr.exe
  2⤵
  PID:12116
- C:\Windows\System32\jllePVX.exe
  C:\Windows\System32\jllePVX.exe
  2⤵
  PID:12144
- C:\Windows\System32\EYZocLn.exe
  C:\Windows\System32\EYZocLn.exe
  2⤵
  PID:12160
- C:\Windows\System32\qUqhdck.exe
  C:\Windows\System32\qUqhdck.exe
  2⤵
  PID:12212
- C:\Windows\System32\vxvLKJJ.exe
  C:\Windows\System32\vxvLKJJ.exe
  2⤵
  PID:12232
- C:\Windows\System32\OaPneFA.exe
  C:\Windows\System32\OaPneFA.exe
  2⤵
  PID:12256
- C:\Windows\System32\MlXQVmP.exe
  C:\Windows\System32\MlXQVmP.exe
  2⤵
  PID:12276
- C:\Windows\System32\oHhzUdG.exe
  C:\Windows\System32\oHhzUdG.exe
  2⤵
  PID:11296
- C:\Windows\System32\WKUZQql.exe
  C:\Windows\System32\WKUZQql.exe
  2⤵
  PID:11344
- C:\Windows\System32\oYOyJec.exe
  C:\Windows\System32\oYOyJec.exe
  2⤵
  PID:11404
- C:\Windows\System32\dpgWAEp.exe
  C:\Windows\System32\dpgWAEp.exe
  2⤵
  PID:11488
- C:\Windows\System32\pljwgVC.exe
  C:\Windows\System32\pljwgVC.exe
  2⤵
  PID:11600
- C:\Windows\System32\gEadfRA.exe
  C:\Windows\System32\gEadfRA.exe
  2⤵
  PID:11716
- C:\Windows\System32\GKUYFHt.exe
  C:\Windows\System32\GKUYFHt.exe
  2⤵
  PID:11812
- C:\Windows\System32\xcBsdKy.exe
  C:\Windows\System32\xcBsdKy.exe
  2⤵
  PID:11940
- C:\Windows\System32\ieXqhvc.exe
  C:\Windows\System32\ieXqhvc.exe
  2⤵
  PID:12024
- C:\Windows\System32\fIoswkp.exe
  C:\Windows\System32\fIoswkp.exe
  2⤵
  PID:12172
- C:\Windows\System32\WQGyMYd.exe
  C:\Windows\System32\WQGyMYd.exe
  2⤵
  PID:12192
- C:\Windows\System32\aXWSgJh.exe
  C:\Windows\System32\aXWSgJh.exe
  2⤵
  PID:12268
- C:\Windows\System32\ewOxcGp.exe
  C:\Windows\System32\ewOxcGp.exe
  2⤵
  PID:11268
- C:\Windows\System32\xvqlySQ.exe
  C:\Windows\System32\xvqlySQ.exe
  2⤵
  PID:11560
- C:\Windows\System32\PwLtVtk.exe
  C:\Windows\System32\PwLtVtk.exe
  2⤵
  PID:11664
- C:\Windows\System32\GWUaFoz.exe
  C:\Windows\System32\GWUaFoz.exe
  2⤵
  PID:11952
- C:\Windows\System32\sgZEpPT.exe
  C:\Windows\System32\sgZEpPT.exe
  2⤵
  PID:12084
- C:\Windows\System32\jpAFHzT.exe
  C:\Windows\System32\jpAFHzT.exe
  2⤵
  PID:11420
- C:\Windows\System32\qSvsiPd.exe
  C:\Windows\System32\qSvsiPd.exe
  2⤵
  PID:12056
- C:\Windows\System32\EtKZVyb.exe
  C:\Windows\System32\EtKZVyb.exe
  2⤵
  PID:12184
- C:\Windows\System32\aHGNwYG.exe
  C:\Windows\System32\aHGNwYG.exe
  2⤵
  PID:12308
- C:\Windows\System32\pXNcQNK.exe
  C:\Windows\System32\pXNcQNK.exe
  2⤵
  PID:12336
- C:\Windows\System32\hbpbQjP.exe
  C:\Windows\System32\hbpbQjP.exe
  2⤵
  PID:12360
- C:\Windows\System32\isUXCIT.exe
  C:\Windows\System32\isUXCIT.exe
  2⤵
  PID:12376
- C:\Windows\System32\IZizHeg.exe
  C:\Windows\System32\IZizHeg.exe
  2⤵
  PID:12404
- C:\Windows\System32\rnQkxIV.exe
  C:\Windows\System32\rnQkxIV.exe
  2⤵
  PID:12432
- C:\Windows\System32\QxBxiPo.exe
  C:\Windows\System32\QxBxiPo.exe
  2⤵
  PID:12452
- C:\Windows\System32\pmtJaPO.exe
  C:\Windows\System32\pmtJaPO.exe
  2⤵
  PID:12496
- C:\Windows\System32\lhcbSFI.exe
  C:\Windows\System32\lhcbSFI.exe
  2⤵
  PID:12516
- C:\Windows\System32\cAssuJN.exe
  C:\Windows\System32\cAssuJN.exe
  2⤵
  PID:12556
- C:\Windows\System32\Afnmmpd.exe
  C:\Windows\System32\Afnmmpd.exe
  2⤵
  PID:12620
- C:\Windows\System32\emLpcjT.exe
  C:\Windows\System32\emLpcjT.exe
  2⤵
  PID:12640
- C:\Windows\System32\IQCnAFY.exe
  C:\Windows\System32\IQCnAFY.exe
  2⤵
  PID:12668
- C:\Windows\System32\lYILyHJ.exe
  C:\Windows\System32\lYILyHJ.exe
  2⤵
  PID:12684
- C:\Windows\System32\QVctHyc.exe
  C:\Windows\System32\QVctHyc.exe
  2⤵
  PID:12708
- C:\Windows\System32\jkbCJSO.exe
  C:\Windows\System32\jkbCJSO.exe
  2⤵
  PID:12724
- C:\Windows\System32\UlvUbKT.exe
  C:\Windows\System32\UlvUbKT.exe
  2⤵
  PID:12768
- C:\Windows\System32\DgJIwhz.exe
  C:\Windows\System32\DgJIwhz.exe
  2⤵
  PID:12788
- C:\Windows\System32\tbgoXOt.exe
  C:\Windows\System32\tbgoXOt.exe
  2⤵
  PID:12820
- C:\Windows\System32\oLfwjMi.exe
  C:\Windows\System32\oLfwjMi.exe
  2⤵
  PID:12844
- C:\Windows\System32\MmVQOBo.exe
  C:\Windows\System32\MmVQOBo.exe
  2⤵
  PID:12876
- C:\Windows\System32\qQKesEq.exe
  C:\Windows\System32\qQKesEq.exe
  2⤵
  PID:12892
- C:\Windows\System32\AKKuEgE.exe
  C:\Windows\System32\AKKuEgE.exe
  2⤵
  PID:12912
- C:\Windows\System32\axmyxoa.exe
  C:\Windows\System32\axmyxoa.exe
  2⤵
  PID:12936
- C:\Windows\System32\TuswPrr.exe
  C:\Windows\System32\TuswPrr.exe
  2⤵
  PID:12956
- C:\Windows\System32\HDnjyGa.exe
  C:\Windows\System32\HDnjyGa.exe
  2⤵
  PID:12988
- C:\Windows\System32\quhHOma.exe
  C:\Windows\System32\quhHOma.exe
  2⤵
  PID:13044
- C:\Windows\System32\pelkqYK.exe
  C:\Windows\System32\pelkqYK.exe
  2⤵
  PID:13096
- C:\Windows\System32\WyVJfbR.exe
  C:\Windows\System32\WyVJfbR.exe
  2⤵
  PID:13120
- C:\Windows\System32\RthszVd.exe
  C:\Windows\System32\RthszVd.exe
  2⤵
  PID:13144
- C:\Windows\System32\UDofnNb.exe
  C:\Windows\System32\UDofnNb.exe
  2⤵
  PID:13172
- C:\Windows\System32\nArYTTx.exe
  C:\Windows\System32\nArYTTx.exe
  2⤵
  PID:13196
- C:\Windows\System32\hZLGfBi.exe
  C:\Windows\System32\hZLGfBi.exe
  2⤵
  PID:13220
- C:\Windows\System32\Rrekqlc.exe
  C:\Windows\System32\Rrekqlc.exe
  2⤵
  PID:13248
- C:\Windows\System32\tPIxrEh.exe
  C:\Windows\System32\tPIxrEh.exe
  2⤵
  PID:13272
- C:\Windows\System32\HJkHJUL.exe
  C:\Windows\System32\HJkHJUL.exe
  2⤵
  PID:13300
- C:\Windows\System32\AnuJraL.exe
  C:\Windows\System32\AnuJraL.exe
  2⤵
  PID:11768
- C:\Windows\System32\UeZQTKg.exe
  C:\Windows\System32\UeZQTKg.exe
  2⤵
  PID:12392
- C:\Windows\System32\DXqFoWH.exe
  C:\Windows\System32\DXqFoWH.exe
  2⤵
  PID:12460
- C:\Windows\System32\ESKVSGH.exe
  C:\Windows\System32\ESKVSGH.exe
  2⤵
  PID:12536
- C:\Windows\System32\sYhpnJr.exe
  C:\Windows\System32\sYhpnJr.exe
  2⤵
  PID:12604
- C:\Windows\System32\ELwXlLP.exe
  C:\Windows\System32\ELwXlLP.exe
  2⤵
  PID:12660
- C:\Windows\System32\WmhBdzJ.exe
  C:\Windows\System32\WmhBdzJ.exe
  2⤵
  PID:12680
- C:\Windows\System32\PzmEEnn.exe
  C:\Windows\System32\PzmEEnn.exe
  2⤵
  PID:12756
- C:\Windows\System32\ICXiUUZ.exe
  C:\Windows\System32\ICXiUUZ.exe
  2⤵
  PID:12828
- C:\Windows\System32\cgoKctt.exe
  C:\Windows\System32\cgoKctt.exe
  2⤵
  PID:12900
- C:\Windows\System32\zqNRUDQ.exe
  C:\Windows\System32\zqNRUDQ.exe
  2⤵
  PID:12944
- C:\Windows\System32\BYUiXoe.exe
  C:\Windows\System32\BYUiXoe.exe
  2⤵
  PID:13004
- C:\Windows\System32\KiwjZvu.exe
  C:\Windows\System32\KiwjZvu.exe
  2⤵
  PID:13032
- C:\Windows\System32\zTCofac.exe
  C:\Windows\System32\zTCofac.exe
  2⤵
  PID:13184
- C:\Windows\System32\PHbgquh.exe
  C:\Windows\System32\PHbgquh.exe
  2⤵
  PID:13288
- C:\Windows\System32\lXSntOv.exe
  C:\Windows\System32\lXSntOv.exe
  2⤵
  PID:13308
- C:\Windows\System32\xZuobFJ.exe
  C:\Windows\System32\xZuobFJ.exe
  2⤵
  PID:12384
- C:\Windows\System32\bkCcvUN.exe
  C:\Windows\System32\bkCcvUN.exe
  2⤵
  PID:12476
- C:\Windows\System32\CdFPdDT.exe
  C:\Windows\System32\CdFPdDT.exe
  2⤵
  PID:12736
- C:\Windows\System32\yGZfLEM.exe
  C:\Windows\System32\yGZfLEM.exe
  2⤵
  PID:12920
- C:\Windows\System32\qByNIuC.exe
  C:\Windows\System32\qByNIuC.exe
  2⤵
  PID:13056
- C:\Windows\System32\BopNYBk.exe
  C:\Windows\System32\BopNYBk.exe
  2⤵
  PID:13136
- C:\Windows\System32\jPwgBsx.exe
  C:\Windows\System32\jPwgBsx.exe
  2⤵
  PID:13264
- C:\Windows\System32\GZfaJEv.exe
  C:\Windows\System32\GZfaJEv.exe
  2⤵
  PID:12512
- C:\Windows\System32\vWurozY.exe
  C:\Windows\System32\vWurozY.exe
  2⤵
  PID:4088
- C:\Windows\System32\bZXaaWJ.exe
  C:\Windows\System32\bZXaaWJ.exe
  2⤵
  PID:12968
- C:\Windows\System32\UNCNxrR.exe
  C:\Windows\System32\UNCNxrR.exe
  2⤵
  PID:13268
- C:\Windows\System32\knZGYzp.exe
  C:\Windows\System32\knZGYzp.exe
  2⤵
  PID:12420

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\CFlgbYm.exe

Filesize
1.7MB

MD5
6b313235a33ed73898f30aeab9871109

SHA1
f1e4c6fbfe52ef9b437e9bd6b9b2aaa8bff2f698

SHA256
d3452c846129257b637aa0150774546b8d55d51ffe07095277113300bb1a77c8

SHA512
caf421558830820fc2f23ae0bae4547acca7c1b33b735d497ed9f106581ad3dbe547b04be4aa3bb3b78e5a8116274aae8bdd75edc32e508f7fb420b1375ebe75

Download Submit
C:\Windows\System32\DDlHxjE.exe

Filesize
1.7MB

MD5
666cd70fff5ab684061b11947abea220

SHA1
77eeb9a0cd036cfa43fe3794d89ba0f284d3b6b5

SHA256
9d669ea37b8d0e53299c33ab7f8655e78f89be0db6201272b34eef866b7329d5

SHA512
5794d01613bc2c0b42fc70883591c57934af752ad2b6286fbc5855ca69026037c540e47c767d53935987d4eb62b8677e40541123d824495109256fee98f8bcf8

Download Submit
C:\Windows\System32\DkZXtEF.exe

Filesize
1.7MB

MD5
f10377b879990c2565dce8e24ea2ce82

SHA1
bd032a4fc78ddfc89c8d5dd4d3a51743ed1233b1

SHA256
9eba84a1a551597cf54eecb27cfe9615f26494b245fa1601ce4a914db56b4ef2

SHA512
122fc8978b118123e64805b97f2cad5a3459d8cf585712c2cfccdd6ecd5bcdd9ea3983d560f1704a1d4c1fb328bd0fa5cdd1705d416e11e398772bc87ad558e2

Download Submit
C:\Windows\System32\EOaybKA.exe

Filesize
1.7MB

MD5
3f1944be9e2d249a28cad19ecdbabd9f

SHA1
3b9b72b62f45988c6f81431352af31792a67d70a

SHA256
cdf445f7ddac20550060e8aa825e81592ce4114f3a51da1a0720a0d7e2478f4e

SHA512
c04ae0a97c623043d6d58b0a3221895d4d263f04d76f2e5b0be3461927faa03af7659541c0a68bffdd3a81b2be552e2e7af3a34650946565bf57a518fe74ed49

Download Submit
C:\Windows\System32\FSxLGIx.exe

Filesize
1.7MB

MD5
5c1a95db37e829055650f9bbdaa28863

SHA1
d8d898d963fddca604c96c6a910d039b159c6664

SHA256
8730b4bbccb60f560a33a693ae6025e0a9242d56c47fe32d25aecd6a4666fba5

SHA512
cb43dcca44cab9c85fd917f28411d062ab8f75cf9d21d655e09fcfa0d626639aaa7d48bac468d468543a8ac5ca8a98d86ea86e2725f2056b864263959001d34a

Download Submit
C:\Windows\System32\HzJAhuF.exe

Filesize
1.7MB

MD5
a93a79bba5dce5d5eee1da233eda4dae

SHA1
88b2d5e5e8d45bf86c8ec0d07dde468dfb71d8fe

SHA256
f55ed32d75dd4dc4228a67e4c16fb99552f7b36be58146dbaa1618468d22807b

SHA512
b056c2032d9f159f55482ec0b6135bf0dde6995a05c6c64287f2d5d5b12660da367681863811415e6f01ffd7567377272324bd0f3301db5d3f6cd64a4f15c525

Download Submit
C:\Windows\System32\InRZBGC.exe

Filesize
1.7MB

MD5
c211939aff665f4ec5e7e29251e6ad15

SHA1
d99f8066fa1b41656064ce743ad2294380b5b63b

SHA256
bbf813cfdb2814de3736e38b891c1c970f3c82636c99a6e96b2fe4c8d074f9f7

SHA512
45776c7153001223c5306cf641feef9f096b80e1c5e62b1a4ab95c5b33c00727a89b3e59c693cefb016eab1afd6c25014920acdfa8ea260efc0613ac8186aa49

Download Submit
C:\Windows\System32\JFJgpmE.exe

Filesize
1.7MB

MD5
664e6b18d61d0c98f7c8beedf8730b06

SHA1
31d1d3891a92ea2fe77668daffd32cf24e750793

SHA256
386e0cee9fa179dad1d4e2d93b94f18f417a85cbf9b719ad013553fbcac972f2

SHA512
ec84809a6c9722d171e98efad67d5b662b4e4d76b5279f11b269c9cbce2b09913b54c91015b45e03e7678f170edd98ba38992631b73a18be3611780135f74711

Download Submit
C:\Windows\System32\KMPqzZr.exe

Filesize
1.7MB

MD5
05e9c265172e06093e1db3dd013c7c3c

SHA1
71c7fdefc19d5041ec6169ed5984a04efcd03931

SHA256
0575904c8e621bb17e63d99d022409638c2d7404f3a6f780643a8fa75fcb80ff

SHA512
b38bdf2a3ef324d0f818b73fddba800d116a5c4bc6f06820f4a33a6dccfc6ccefb481c26a022abeeeeadeff66d687cc7bcc04fb8ae7823befbcd56e42ed86b65

Download Submit
C:\Windows\System32\KdVQgeb.exe

Filesize
1.7MB

MD5
7b6538512327d8ac5413cb7c0c47c29a

SHA1
ad276cd1db389a4bf8b5f3aa60787e11b3849159

SHA256
490d206dc67a55415ad3631d15212bbd968dfa702941dc34d785c0a45043ad69

SHA512
a3c5c42e64afe106976f471bb3933292a25abf34e1e9c77d5e7ce4da763131f9a04b2a240a8452a17c22d1ea6b0ddf05a877a5f0efd54a26d95192a47e4f66a5

Download Submit
C:\Windows\System32\NWzLBso.exe

Filesize
1.4MB

MD5
aabcc96f5ad1b7b1b21d8a3132027034

SHA1
b71ab9e73f92a0f26a8a4c23c20d0e834bb918d4

SHA256
a53566613a053888927285cc42762ae5e29cd0eea2a2285c8aff932d30a02b78

SHA512
5b9df630f9e4fdc5a031b8ea6ddcbdc19d61195d75cc3cc0bce2799fe1f6682778292c59328b6c18273e74abbf3de0a916109a60f2866b6ae1cc71c6b719c3b5

Download Submit
C:\Windows\System32\NWzLBso.exe

Filesize
1.7MB

MD5
0d65e23c0d409ddf4def73bda0e0f9f5

SHA1
4284a39f8db7829c287338a6424c1e9725b97fd1

SHA256
1e5ff3a743b6af2dbd17f25eca2f71c6955b9d70562bec0cd427164bba97e6a2

SHA512
def97f57e9d41e944614340b2f261d43e347d6055e5d3253b12fccfca0e8ba0700bad114e6e15370d246a096f16dd58b54f1e60fb3024177a24701f7f9ee4a61

Download Submit
C:\Windows\System32\OoeNGAc.exe

Filesize
1.7MB

MD5
9ff09e012ddf761bed55e16d48258008

SHA1
4be0e160815adcad8f5056a666bd59e6932e11f0

SHA256
ad82c418e01ba47a233865a2f1737e1876e44a9915518f86b2f91d8528256983

SHA512
da2cdcc7477ce2bb81a95634c1fd8a77b3f1c33c72418f14f5c84c07c700fcca99a25edfd84c28a9cc0ecb47164eec738a5104cd30dda07b4be6d65593fe1833

Download Submit
C:\Windows\System32\SblfBLN.exe

Filesize
1.7MB

MD5
6f5938e5afcd295a9f5c76862ec8eeb3

SHA1
e744d31e14d5e0f42569adb62f31a8b9fd342335

SHA256
9c2a4db229759f49269205dca29b98f24eb6945a77161a1aba20b7eea1b10413

SHA512
2b591d3d9f16afdaaf07d7d3ee13faafd0f4e388554b32edfac4b72bb4d022beaa1bcab7f39d4da419e50d834f4b61d1efc7d72738dfa026d7404ae5df09b8e7

Download Submit
C:\Windows\System32\WmvgwQQ.exe

Filesize
1.7MB

MD5
6c80125cf724303fb17b79ddb665fa31

SHA1
b5e879b89498b67544dfc8087e0e1891058d251f

SHA256
bc83036db9726fb721cc74179fe133c7ac8b345db90a18d7c114fbe966f29865

SHA512
09c6ae9b4649b902af703311cbcef6a61af9af8f1ca90ac95cb0bae42fe4d50dac8a2d7a4ee835de1ccbac7248f553d932a0b141348ebcc8fe416f37719ccb43

Download Submit
C:\Windows\System32\XhGlTEp.exe

Filesize
1.7MB

MD5
8464e05bdd9af14230f08fc51ee93cfe

SHA1
74d33ee14cabbd704d53822a5ba7a346d91adecf

SHA256
4dfa1aa1905df850f00e4a8655defc7bef8dbb42d8f37a1e4f8f7fd107bda707

SHA512
3110b00309c4c06091f3dc490d9427f399cd9eb0172ff6d50ab3722799ccd9563256d9a17ffdecb3db54cb9b6a1679dc1d54e2827c60e125c76409a011ebc64d

Download Submit
C:\Windows\System32\YRnvkRF.exe

Filesize
1.7MB

MD5
ee8dd86e1d135d823d51aa42192aba27

SHA1
e0ef9dc26f8da12c365522026b1062c7a147e1eb

SHA256
857ef7a37b31272a66dde4efdbb8107d4c4267602dbe93f23d4aee34df9f3693

SHA512
50b6c147f3f8f09b44416065b4670d17a65c7e90551fd5806416008a2022b2f0588b866f965b1a8d519fe2eb56e49ce51929d3ebead3f2afe383a7da01967871

Download Submit
C:\Windows\System32\YRnvkRF.exe

Filesize
1.3MB

MD5
72489226455ab44ff59f2b509559fc2b

SHA1
453f1d4f5c6cf8ca1b75e47c24a4403328772eb1

SHA256
d970fdc442b63212e185dd216be6b3b552d4e12cea8686cf3295f858ad8fdf37

SHA512
c596a35b25a86e0b2022d6e229502fedcbea34fb1fa262dcdcf8a5db6321a6329a7ea94c767f1923c23e57c8128a58aa760e4d069401b6ddd00538dc6c6e57ea

Download Submit
C:\Windows\System32\ZjqiKfB.exe

Filesize
1.7MB

MD5
b691c6401a9b13ddea6f4e50a7fd5ea6

SHA1
c785c5fb610b0c579206af58d5cffec79aa1f007

SHA256
6206a6b2ca311ef17458ea1acadfc03fb688406cb1552dd2190b06b2b7ca5b38

SHA512
a3628d8928a4fb826bab9f69d2b25a251cdaebb169f22c967850b4bc0769bd5f1f10174ba15ee8bcc19538b75af082c8aed7e8169a56c53b7204b372fd2259b7

Download Submit
C:\Windows\System32\aJvDNRG.exe

Filesize
1.2MB

MD5
f51ac2aba46582f9eaaa9723dd94b2d2

SHA1
22bc68b002bd9a055dffe888e9a1063412e53e01

SHA256
fd18fd112ea063c4752d02364672cf23932279fb5cc07ce9313cda3a9d537b22

SHA512
898ed4b47d0edb48f21b9675e141e8c8f55d8a5695d543231a7f91d745b6099c0eebb2b1a460b4f0dac92e452eb88bdcb579379295d2fcfd02fe6e3fe9eb4c1b

Download Submit
C:\Windows\System32\aJvDNRG.exe

Filesize
1.7MB

MD5
6a2e45f50f1d06d791c1687a761a5a05

SHA1
830de1491b628eef3f05c28d696f698a6c5c1168

SHA256
a26a59fb0a11677317d52ee3d3017b8845cd0e62041cfa1b07bb08282c203f4c

SHA512
435acc5d6699f1e8fbf9b42b8142454efe55cc6e7ced636230680993df7becd5ac979c5de68df4bb0bb538ddccce935edc33178fed0629f3af0371fda162da1f

Download Submit
C:\Windows\System32\hFhROmv.exe

Filesize
1.7MB

MD5
4ecb00ee572d3d7013c90b68847636cd

SHA1
a6d0b2b9faa49f124a18e6a2c5bafcfc01f07f3b

SHA256
88c24d6d358f0c04659d58219543b091d27d1f478d16667ebebcc5c12dd353e6

SHA512
beef27ab992439ef32822ace5d37e0f94be4e6c752cd5a33a25369cc93d59fff6b108ec9c0910c857e011ebfd483e5fd0f88eaad77c0d69f6e11b4116acc6d6b

Download Submit
C:\Windows\System32\hZHaAQn.exe

Filesize
1.7MB

MD5
dfe71535d2f1a860cfd0d401487232dc

SHA1
141a191dbcb9bfa274a992714918c4a278301a50

SHA256
949d101d4a8b6670965bde67d6f4f0d69f0da41b0ea8884248b318349ca6944f

SHA512
b00cdd303dc7c52cb46a8df5084538c488179d78decae3f88b463375eac18b535e438f1b093d983abffc106593a67a30871c52659fa5c2e7439949290cf0e918

Download Submit
C:\Windows\System32\hZHaAQn.exe

Filesize
1.1MB

MD5
a344e565563ef1248fb43c8b4fca3a24

SHA1
a3962cd0a1160927d3e9911fb339aa4cc4337c80

SHA256
2d3ea42278c86b3669c4912d5065c8c1558d44d352973403ab45d56291c31f6b

SHA512
19de0499f188048bd31e0c4dc315d468da082f5ed835fa306c8b3249e3a15bcf82feada7d0a399bce80bfb04a5a5a0540fb0769eb26fb3331313fbb97315e037

Download Submit
C:\Windows\System32\jNWSzGf.exe

Filesize
1.7MB

MD5
676b7120b1372bea19a1cb1d23135204

SHA1
80bf7ba5acdb742707253281fbce2d6e83280f99

SHA256
318cbb646fac13dde4861cdfdb695206e332dc7ad3adf316beca2f720ae6078a

SHA512
72af1933e169b8a23674417812224c76fdea56cdcf4095f9b4fa35365f785de835af421fc6393df1bd510ef1497377948c481772e9e2fb0fb747a9365032f220

Download Submit
C:\Windows\System32\jxsjuFB.exe

Filesize
1.7MB

MD5
5245fe6fa3ada8abdf26ce87f72a9c70

SHA1
2d06a71cad502e1a1c3a91103bdeb1a460ae3f05

SHA256
08bc00997b105f5631298c06e1c123418813f52ffc5c482e9c240fd559aa30bb

SHA512
e22a465bbc5239508e8f6d4dc582825f0ea283b59836afb45c7b261344e0ef1f6074831e1991d0ff2871a5ae8dc1670935ca6977796e9a2a28631aaa1f4688d5

Download Submit
C:\Windows\System32\kNIjFTI.exe

Filesize
1.7MB

MD5
46b9fcf3d90cecf730a6ab5d563a4676

SHA1
a7ccfcc99c29a064149923ad0f7432212d4cf99a

SHA256
b16b9c8df21f012db442c37ba57010dc474cef8b83b2487d3ba99aafdda6fcc5

SHA512
365455d9d828f10a058c614c2089f1f6375f2d1b5f0669c019db635fa5c32d3d5ba6e2d857ec37426382fdaea9843f543fcc7fb98694fdc7d9ba0afa914c757b

Download Submit
C:\Windows\System32\lXrNNxq.exe

Filesize
1.7MB

MD5
229a912428e5713e3fb75671f990d771

SHA1
9110b811f5884c81914e47aa585b4ec26fbc48b4

SHA256
65a306154e197a569d328d65e62fa56b3d98ec04e3b1fe1019d71e0b74b5c180

SHA512
1afedae2f04feb22a26fd02a43be8ac18f8585141dcb19290f2076348521bdd58190feafeac3663d63e18d497dcc4d4290ce53f690b4ed19822630c5483da3bf

Download Submit
C:\Windows\System32\nyguTxa.exe

Filesize
1.7MB

MD5
c2d84e00663a16a3619681a3d660f119

SHA1
b1e6dd7cfbfe94df72f5e98372b2f154f2720cd0

SHA256
69e78de3204612f07692dd8496c363630dded5edfccc0501d896ae883d954ce9

SHA512
1db788eb547f22dad289cf103f05f2875f3de29dc5870b002680422122b36c2f063e6c2aeb3c38af4001dbd399b3d71a189482b120e6291801d1326b5a33e1dd

Download Submit
C:\Windows\System32\pbMzCFb.exe

Filesize
1.7MB

MD5
faa85a90d8077c68636148d6a8b2550c

SHA1
911296b66de241d545fc9020174660c265bbc2a0

SHA256
7b707b50df25204bdfd0f758fe1d93a7693823b7f1f8c534a3e326f4f42ae2d8

SHA512
6f268826ec0e29ec55fbf2939d10af036ab522f71ed2f4f17d51e5e8c027e375174c8c9245726dbad6a33af34e614e0aca803b9e096491ba990e677b5070aefe

Download Submit
C:\Windows\System32\qslIhge.exe

Filesize
1.7MB

MD5
52f4cd8a9a2fa58dc2cf73e2c6a75a1b

SHA1
b0d18b2fe8da80511b180e3487bb6d22c90fcac9

SHA256
4aa955dd097d776d571afac131db2b973e0a2f2648b0a9514996bca8ecb3eea1

SHA512
99fac77d2d7bf03d559cfe3e4421622b66daab9bd773bad1b3341473f4f35099c99350a260b2679249034373fe539bd82f2084cb73ed0b21072a8cb70c365a33

Download Submit
C:\Windows\System32\tORcQyc.exe

Filesize
1.7MB

MD5
4d0dffcd3bd6a1eda6d225bf04cc99c7

SHA1
b3c6f87c8013e39bd97ca3a662649d8b1d9e49a8

SHA256
5d5e8b2f210ca3825000039ede470a13ca884e0546ff7c268350ddc355f35f9e

SHA512
2e98ae52329d15dec66b10e775c859a04724794aa5246970f51e1761fcefbc373213578f5efece334e29529d370dd810ebffdc8f05366578abe18b937b05583d

Download Submit
C:\Windows\System32\ttWvRnV.exe

Filesize
1.7MB

MD5
f5dc0e5698796d8f28d30bb4dbe4a437

SHA1
a523ac3c3da5926ff55be3829fc78f871979a9fb

SHA256
0a957b52e1234ddae56c2209392a87f6512031c4dcf48486fb55ffb0240f69dc

SHA512
e4a819e14138c54171b9c969ca427ea1621dcbd133bd0e69f5b69937f14f91766c4998c358b0668dfb8d81213b536a12c1bb314680833d11bb11278a0e16ea9a

Download Submit
C:\Windows\System32\ttWvRnV.exe

Filesize
1.2MB

MD5
b01920413d0ff28ae0ce61a2594a5891

SHA1
428fdde06ea2431150b1bdbd2a1961352b8a8578

SHA256
d0b3921c7405587cefaf05d7c2fdf0d4ef4bb819ac556b74df7a8b54bdaa6fa6

SHA512
2042e021d29e52e4cb6064bbb7f8e0b8b5da5c234a4f375f915bc4763871258f3c56658f20223a75c63c0a3a9d5754775ce13a93daa71a617596efe4066d2c50

Download Submit
C:\Windows\System32\utXAVgw.exe

Filesize
1.7MB

MD5
d948b8a2e6012413fa3de5b79203523b

SHA1
63246dfe35813149032d5b3d28e9528e8cb89ca9

SHA256
ffc20b366c7812003994571f83b7b096b27b3308f212eeb5fbe0cec0badd4048

SHA512
27151aee63b0fe7a86d0d4a38ec2314b7caa6526b5c75ff4018e29f9925c68fd91643f7b1865beed9b15fc93f0121084e53c3d3f75e3d9fc50ac407a286d1de4

Download Submit
C:\Windows\System32\wNJJsuc.exe

Filesize
1.7MB

MD5
18ae5e61c0266e710437f4fa2237b7d8

SHA1
923699ebf4e0b607e40f9a4c12f260d3b3c69930

SHA256
08b4928007c02e44a18d8a93d3fa61f67e86a257fc440d56a59208ce5075c3a7

SHA512
fda7fec9b3ca628f777d41f0c7d7775a1d1b39a4a593165b8309a6bec416218ded733ce180650b496df08f38212b203de14edfd90467dd67968b0f30dc3cd740

Download Submit
memory/220-136-0x00007FF6C8740000-0x00007FF6C8B31000-memory.dmp

Filesize
3.9MB

Download
memory/220-2081-0x00007FF6C8740000-0x00007FF6C8B31000-memory.dmp

Filesize
3.9MB

Download
memory/384-243-0x00007FF7B0B80000-0x00007FF7B0F71000-memory.dmp

Filesize
3.9MB

Download
memory/384-2089-0x00007FF7B0B80000-0x00007FF7B0F71000-memory.dmp

Filesize
3.9MB

Download
memory/404-257-0x00007FF66EAB0000-0x00007FF66EEA1000-memory.dmp

Filesize
3.9MB

Download
memory/404-2097-0x00007FF66EAB0000-0x00007FF66EEA1000-memory.dmp

Filesize
3.9MB

Download
memory/616-138-0x00007FF6121E0000-0x00007FF6125D1000-memory.dmp

Filesize
3.9MB

Download
memory/616-2083-0x00007FF6121E0000-0x00007FF6125D1000-memory.dmp

Filesize
3.9MB

Download
memory/660-2077-0x00007FF7B0190000-0x00007FF7B0581000-memory.dmp

Filesize
3.9MB

Download
memory/660-86-0x00007FF7B0190000-0x00007FF7B0581000-memory.dmp

Filesize
3.9MB

Download
memory/688-273-0x00007FF727290000-0x00007FF727681000-memory.dmp

Filesize
3.9MB

Download
memory/688-2055-0x00007FF727290000-0x00007FF727681000-memory.dmp

Filesize
3.9MB

Download
memory/688-24-0x00007FF727290000-0x00007FF727681000-memory.dmp

Filesize
3.9MB

Download
memory/1232-2057-0x00007FF6B82E0000-0x00007FF6B86D1000-memory.dmp

Filesize
3.9MB

Download
memory/1232-42-0x00007FF6B82E0000-0x00007FF6B86D1000-memory.dmp

Filesize
3.9MB

Download
memory/1232-1409-0x00007FF6B82E0000-0x00007FF6B86D1000-memory.dmp

Filesize
3.9MB

Download
memory/1328-71-0x00007FF78AF30000-0x00007FF78B321000-memory.dmp

Filesize
3.9MB

Download
memory/1328-2071-0x00007FF78AF30000-0x00007FF78B321000-memory.dmp

Filesize
3.9MB

Download
memory/1528-2051-0x00007FF65EA60000-0x00007FF65EE51000-memory.dmp

Filesize
3.9MB

Download
memory/1528-267-0x00007FF65EA60000-0x00007FF65EE51000-memory.dmp

Filesize
3.9MB

Download
memory/1528-10-0x00007FF65EA60000-0x00007FF65EE51000-memory.dmp

Filesize
3.9MB

Download
memory/1684-2065-0x00007FF6F0670000-0x00007FF6F0A61000-memory.dmp

Filesize
3.9MB

Download
memory/1684-60-0x00007FF6F0670000-0x00007FF6F0A61000-memory.dmp

Filesize
3.9MB

Download
memory/1684-1876-0x00007FF6F0670000-0x00007FF6F0A61000-memory.dmp

Filesize
3.9MB

Download
memory/2028-2069-0x00007FF6C7C80000-0x00007FF6C8071000-memory.dmp

Filesize
3.9MB

Download
memory/2028-70-0x00007FF6C7C80000-0x00007FF6C8071000-memory.dmp

Filesize
3.9MB

Download
memory/2104-2016-0x00007FF73B0C0000-0x00007FF73B4B1000-memory.dmp

Filesize
3.9MB

Download
memory/2104-75-0x00007FF73B0C0000-0x00007FF73B4B1000-memory.dmp

Filesize
3.9MB

Download
memory/2104-2073-0x00007FF73B0C0000-0x00007FF73B4B1000-memory.dmp

Filesize
3.9MB

Download
memory/2272-254-0x00007FF74B870000-0x00007FF74BC61000-memory.dmp

Filesize
3.9MB

Download
memory/2272-2095-0x00007FF74B870000-0x00007FF74BC61000-memory.dmp

Filesize
3.9MB

Download
memory/2576-2085-0x00007FF62FF00000-0x00007FF6302F1000-memory.dmp

Filesize
3.9MB

Download
memory/2576-240-0x00007FF62FF00000-0x00007FF6302F1000-memory.dmp

Filesize
3.9MB

Download
memory/2696-252-0x00007FF7823E0000-0x00007FF7827D1000-memory.dmp

Filesize
3.9MB

Download
memory/2696-2093-0x00007FF7823E0000-0x00007FF7827D1000-memory.dmp

Filesize
3.9MB

Download
memory/3136-2017-0x00007FF790930000-0x00007FF790D21000-memory.dmp

Filesize
3.9MB

Download
memory/3136-85-0x00007FF790930000-0x00007FF790D21000-memory.dmp

Filesize
3.9MB

Download
memory/3136-2075-0x00007FF790930000-0x00007FF790D21000-memory.dmp

Filesize
3.9MB

Download
memory/3396-132-0x00007FF6C1EF0000-0x00007FF6C22E1000-memory.dmp

Filesize
3.9MB

Download
memory/3396-2079-0x00007FF6C1EF0000-0x00007FF6C22E1000-memory.dmp

Filesize
3.9MB

Download
memory/3416-2053-0x00007FF7B95D0000-0x00007FF7B99C1000-memory.dmp

Filesize
3.9MB

Download
memory/3416-1406-0x00007FF7B95D0000-0x00007FF7B99C1000-memory.dmp

Filesize
3.9MB

Download
memory/3416-18-0x00007FF7B95D0000-0x00007FF7B99C1000-memory.dmp

Filesize
3.9MB

Download
memory/3904-1-0x000001A97EA80000-0x000001A97EA90000-memory.dmp

Filesize
64KB

Download
memory/3904-0-0x00007FF60E4F0000-0x00007FF60E8E1000-memory.dmp

Filesize
3.9MB

Download
memory/3904-263-0x00007FF60E4F0000-0x00007FF60E8E1000-memory.dmp

Filesize
3.9MB

Download
memory/4004-67-0x00007FF6C32C0000-0x00007FF6C36B1000-memory.dmp

Filesize
3.9MB

Download
memory/4004-2067-0x00007FF6C32C0000-0x00007FF6C36B1000-memory.dmp

Filesize
3.9MB

Download
memory/4176-1983-0x00007FF68F020000-0x00007FF68F411000-memory.dmp

Filesize
3.9MB

Download
memory/4176-2063-0x00007FF68F020000-0x00007FF68F411000-memory.dmp

Filesize
3.9MB

Download
memory/4176-49-0x00007FF68F020000-0x00007FF68F411000-memory.dmp

Filesize
3.9MB

Download
memory/4508-2061-0x00007FF75FB00000-0x00007FF75FEF1000-memory.dmp

Filesize
3.9MB

Download
memory/4508-45-0x00007FF75FB00000-0x00007FF75FEF1000-memory.dmp

Filesize
3.9MB

Download
memory/4508-1865-0x00007FF75FB00000-0x00007FF75FEF1000-memory.dmp

Filesize
3.9MB

Download
memory/4736-2091-0x00007FF777170000-0x00007FF777561000-memory.dmp

Filesize
3.9MB

Download
memory/4736-292-0x00007FF777170000-0x00007FF777561000-memory.dmp

Filesize
3.9MB

Download
memory/4816-2087-0x00007FF6D5BE0000-0x00007FF6D5FD1000-memory.dmp

Filesize
3.9MB

Download
memory/4816-143-0x00007FF6D5BE0000-0x00007FF6D5FD1000-memory.dmp

Filesize
3.9MB

Download
memory/4944-270-0x00007FF6C17E0000-0x00007FF6C1BD1000-memory.dmp

Filesize
3.9MB

Download
memory/4944-28-0x00007FF6C17E0000-0x00007FF6C1BD1000-memory.dmp

Filesize
3.9MB

Download
memory/4944-2059-0x00007FF6C17E0000-0x00007FF6C1BD1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads