xmrig | 16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c

Analysis

max time kernel
133s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 19:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
Size

2.0MB
MD5

d93215f2ed0a3129550eb366f60c6bc6
SHA1

014fbc7f3fc229403b0bd1fbe37f784bb381dc79
SHA256

16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c
SHA512

a42259d2e7bf1e18ef47f018c223e4a0e5e6d98a89adb07f6306bbbe5baea9059fa55f64a553a53c57e37812e58c6dc0cfd678ddc2a9c0a488c70f955f9b48bb
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQW/zaZToFH2+:oemTLkNdfE0pZrQI

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/2384-0-0x00007FF75FAD0000-0x00007FF75FE24000-memory.dmp	UPX
behavioral2/files/0x00080000000235b0-4.dat	UPX
behavioral2/files/0x00070000000235b5-7.dat	UPX
behavioral2/files/0x00070000000235b4-15.dat	UPX
behavioral2/files/0x00070000000235b7-24.dat	UPX
behavioral2/files/0x00070000000235b6-21.dat	UPX
behavioral2/memory/4632-11-0x00007FF608BE0000-0x00007FF608F34000-memory.dmp	UPX
behavioral2/memory/928-55-0x00007FF7EBBD0000-0x00007FF7EBF24000-memory.dmp	UPX
behavioral2/files/0x00070000000235b9-38.dat	UPX
behavioral2/files/0x00070000000235bc-47.dat	UPX
behavioral2/memory/4320-32-0x00007FF7818B0000-0x00007FF781C04000-memory.dmp	UPX
behavioral2/files/0x00070000000235b8-29.dat	UPX
behavioral2/files/0x00070000000235ba-41.dat	UPX
behavioral2/files/0x00070000000235cc-118.dat	UPX
behavioral2/files/0x00070000000235cb-117.dat	UPX
behavioral2/files/0x00070000000235d8-188.dat	UPX
behavioral2/memory/2680-217-0x00007FF7DEE10000-0x00007FF7DF164000-memory.dmp	UPX
behavioral2/memory/4192-235-0x00007FF765620000-0x00007FF765974000-memory.dmp	UPX
behavioral2/memory/4260-264-0x00007FF7449F0000-0x00007FF744D44000-memory.dmp	UPX
behavioral2/memory/4936-270-0x00007FF7EAAE0000-0x00007FF7EAE34000-memory.dmp	UPX
behavioral2/memory/1408-276-0x00007FF7A8060000-0x00007FF7A83B4000-memory.dmp	UPX
behavioral2/memory/4116-280-0x00007FF662050000-0x00007FF6623A4000-memory.dmp	UPX
behavioral2/memory/1108-279-0x00007FF64E090000-0x00007FF64E3E4000-memory.dmp	UPX
behavioral2/memory/4020-278-0x00007FF71E170000-0x00007FF71E4C4000-memory.dmp	UPX
behavioral2/memory/2380-277-0x00007FF6D0D70000-0x00007FF6D10C4000-memory.dmp	UPX
behavioral2/memory/1928-275-0x00007FF7198C0000-0x00007FF719C14000-memory.dmp	UPX
behavioral2/memory/3240-274-0x00007FF663C00000-0x00007FF663F54000-memory.dmp	UPX
behavioral2/memory/2532-273-0x00007FF67E410000-0x00007FF67E764000-memory.dmp	UPX
behavioral2/memory/4328-272-0x00007FF788190000-0x00007FF7884E4000-memory.dmp	UPX
behavioral2/memory/5024-271-0x00007FF6F7060000-0x00007FF6F73B4000-memory.dmp	UPX
behavioral2/memory/3304-269-0x00007FF7102F0000-0x00007FF710644000-memory.dmp	UPX
behavioral2/memory/1580-268-0x00007FF7DDEF0000-0x00007FF7DE244000-memory.dmp	UPX
behavioral2/memory/400-267-0x00007FF638A20000-0x00007FF638D74000-memory.dmp	UPX
behavioral2/memory/2156-266-0x00007FF7B2800000-0x00007FF7B2B54000-memory.dmp	UPX
behavioral2/memory/3604-265-0x00007FF647A10000-0x00007FF647D64000-memory.dmp	UPX
behavioral2/memory/676-263-0x00007FF67EB70000-0x00007FF67EEC4000-memory.dmp	UPX
behavioral2/memory/3892-256-0x00007FF638C60000-0x00007FF638FB4000-memory.dmp	UPX
behavioral2/memory/1772-247-0x00007FF69B680000-0x00007FF69B9D4000-memory.dmp	UPX
behavioral2/memory/2576-212-0x00007FF63F360000-0x00007FF63F6B4000-memory.dmp	UPX
behavioral2/files/0x00070000000235c9-185.dat	UPX
behavioral2/memory/1784-175-0x00007FF768530000-0x00007FF768884000-memory.dmp	UPX
behavioral2/files/0x00080000000235b1-173.dat	UPX
behavioral2/files/0x00070000000235d6-172.dat	UPX
behavioral2/files/0x00070000000235c6-169.dat	UPX
behavioral2/files/0x00070000000235d5-165.dat	UPX
behavioral2/files/0x00070000000235d4-164.dat	UPX
behavioral2/files/0x00070000000235c5-161.dat	UPX
behavioral2/files/0x00070000000235cd-159.dat	UPX
behavioral2/files/0x00070000000235c3-149.dat	UPX
behavioral2/files/0x00070000000235c0-144.dat	UPX
behavioral2/files/0x00070000000235bd-143.dat	UPX
behavioral2/files/0x00070000000235d7-183.dat	UPX
behavioral2/files/0x00070000000235c8-178.dat	UPX
behavioral2/files/0x00070000000235d1-138.dat	UPX
behavioral2/files/0x00070000000235c7-134.dat	UPX
behavioral2/memory/3960-133-0x00007FF794B80000-0x00007FF794ED4000-memory.dmp	UPX
behavioral2/files/0x00070000000235bb-132.dat	UPX
behavioral2/files/0x00070000000235d0-130.dat	UPX
behavioral2/files/0x00070000000235cf-129.dat	UPX
behavioral2/files/0x00070000000235ce-128.dat	UPX
behavioral2/files/0x00070000000235be-122.dat	UPX
behavioral2/files/0x00070000000235d3-158.dat	UPX
behavioral2/files/0x00070000000235c2-115.dat	UPX
behavioral2/files/0x00070000000235d2-140.dat	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2384-0-0x00007FF75FAD0000-0x00007FF75FE24000-memory.dmp	xmrig
behavioral2/files/0x00080000000235b0-4.dat	xmrig
behavioral2/files/0x00070000000235b5-7.dat	xmrig
behavioral2/files/0x00070000000235b4-15.dat	xmrig
behavioral2/files/0x00070000000235b7-24.dat	xmrig
behavioral2/files/0x00070000000235b6-21.dat	xmrig
behavioral2/memory/4632-11-0x00007FF608BE0000-0x00007FF608F34000-memory.dmp	xmrig
behavioral2/memory/928-55-0x00007FF7EBBD0000-0x00007FF7EBF24000-memory.dmp	xmrig
behavioral2/files/0x00070000000235b9-38.dat	xmrig
behavioral2/files/0x00070000000235bc-47.dat	xmrig
behavioral2/memory/4320-32-0x00007FF7818B0000-0x00007FF781C04000-memory.dmp	xmrig
behavioral2/files/0x00070000000235b8-29.dat	xmrig
behavioral2/files/0x00070000000235ba-41.dat	xmrig
behavioral2/files/0x00070000000235cc-118.dat	xmrig
behavioral2/files/0x00070000000235cb-117.dat	xmrig
behavioral2/files/0x00070000000235d8-188.dat	xmrig
behavioral2/memory/2680-217-0x00007FF7DEE10000-0x00007FF7DF164000-memory.dmp	xmrig
behavioral2/memory/4192-235-0x00007FF765620000-0x00007FF765974000-memory.dmp	xmrig
behavioral2/memory/4260-264-0x00007FF7449F0000-0x00007FF744D44000-memory.dmp	xmrig
behavioral2/memory/4936-270-0x00007FF7EAAE0000-0x00007FF7EAE34000-memory.dmp	xmrig
behavioral2/memory/1408-276-0x00007FF7A8060000-0x00007FF7A83B4000-memory.dmp	xmrig
behavioral2/memory/4116-280-0x00007FF662050000-0x00007FF6623A4000-memory.dmp	xmrig
behavioral2/memory/1108-279-0x00007FF64E090000-0x00007FF64E3E4000-memory.dmp	xmrig
behavioral2/memory/4020-278-0x00007FF71E170000-0x00007FF71E4C4000-memory.dmp	xmrig
behavioral2/memory/2380-277-0x00007FF6D0D70000-0x00007FF6D10C4000-memory.dmp	xmrig
behavioral2/memory/1928-275-0x00007FF7198C0000-0x00007FF719C14000-memory.dmp	xmrig
behavioral2/memory/3240-274-0x00007FF663C00000-0x00007FF663F54000-memory.dmp	xmrig
behavioral2/memory/2532-273-0x00007FF67E410000-0x00007FF67E764000-memory.dmp	xmrig
behavioral2/memory/4328-272-0x00007FF788190000-0x00007FF7884E4000-memory.dmp	xmrig
behavioral2/memory/5024-271-0x00007FF6F7060000-0x00007FF6F73B4000-memory.dmp	xmrig
behavioral2/memory/3304-269-0x00007FF7102F0000-0x00007FF710644000-memory.dmp	xmrig
behavioral2/memory/1580-268-0x00007FF7DDEF0000-0x00007FF7DE244000-memory.dmp	xmrig
behavioral2/memory/400-267-0x00007FF638A20000-0x00007FF638D74000-memory.dmp	xmrig
behavioral2/memory/2156-266-0x00007FF7B2800000-0x00007FF7B2B54000-memory.dmp	xmrig
behavioral2/memory/3604-265-0x00007FF647A10000-0x00007FF647D64000-memory.dmp	xmrig
behavioral2/memory/676-263-0x00007FF67EB70000-0x00007FF67EEC4000-memory.dmp	xmrig
behavioral2/memory/3892-256-0x00007FF638C60000-0x00007FF638FB4000-memory.dmp	xmrig
behavioral2/memory/1772-247-0x00007FF69B680000-0x00007FF69B9D4000-memory.dmp	xmrig
behavioral2/memory/2576-212-0x00007FF63F360000-0x00007FF63F6B4000-memory.dmp	xmrig
behavioral2/files/0x00070000000235c9-185.dat	xmrig
behavioral2/memory/1784-175-0x00007FF768530000-0x00007FF768884000-memory.dmp	xmrig
behavioral2/files/0x00080000000235b1-173.dat	xmrig
behavioral2/files/0x00070000000235d6-172.dat	xmrig
behavioral2/files/0x00070000000235c6-169.dat	xmrig
behavioral2/files/0x00070000000235d5-165.dat	xmrig
behavioral2/files/0x00070000000235d4-164.dat	xmrig
behavioral2/files/0x00070000000235c5-161.dat	xmrig
behavioral2/files/0x00070000000235cd-159.dat	xmrig
behavioral2/files/0x00070000000235c3-149.dat	xmrig
behavioral2/files/0x00070000000235c0-144.dat	xmrig
behavioral2/files/0x00070000000235bd-143.dat	xmrig
behavioral2/files/0x00070000000235d7-183.dat	xmrig
behavioral2/files/0x00070000000235c8-178.dat	xmrig
behavioral2/files/0x00070000000235d1-138.dat	xmrig
behavioral2/files/0x00070000000235c7-134.dat	xmrig
behavioral2/memory/3960-133-0x00007FF794B80000-0x00007FF794ED4000-memory.dmp	xmrig
behavioral2/files/0x00070000000235bb-132.dat	xmrig
behavioral2/files/0x00070000000235d0-130.dat	xmrig
behavioral2/files/0x00070000000235cf-129.dat	xmrig
behavioral2/files/0x00070000000235ce-128.dat	xmrig
behavioral2/files/0x00070000000235be-122.dat	xmrig
behavioral2/files/0x00070000000235d3-158.dat	xmrig
behavioral2/files/0x00070000000235c2-115.dat	xmrig
behavioral2/files/0x00070000000235d2-140.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4632	hLcvDfQ.exe
4320	lqSAkeM.exe
928	AgzEwmH.exe
1300	PYFdhHE.exe
2380	aEHLVkj.exe
3960	vGpsYrk.exe
4020	TVCQlFk.exe
1784	PfAnMWx.exe
2576	rqTWsGF.exe
1108	cCBrcTi.exe
2680	hdRZexM.exe
4192	zgzENLD.exe
1772	MREpSfe.exe
3892	vSeQPRm.exe
676	IqZKUZF.exe
4260	DxCrPMe.exe
3604	nUdDijx.exe
2156	XButSkc.exe
400	tJKPcRZ.exe
1580	nSeZpwq.exe
4116	nSyFsgT.exe
3304	EzTLOtd.exe
4936	ARIhaAq.exe
5024	CHkZXlp.exe
4328	NQCSMnf.exe
2532	ZNCGcyM.exe
3240	AEClnCz.exe
1928	BbTWsFz.exe
1408	GPsLyPm.exe
1096	VjkVYaQ.exe
880	jKHQMUK.exe
468	WmVSVoB.exe
4004	HctBEdU.exe
1388	gObLEhJ.exe
1664	ocxSoQs.exe
1272	wLZKPac.exe
1060	KGfyrhT.exe
2496	xtLzQNH.exe
1668	QoJyuNs.exe
1620	JFSfcrP.exe
1696	lGNFDhU.exe
1844	ffVRuYk.exe
4440	LeHFHkq.exe
4880	ylXidjb.exe
1076	WckLjye.exe
3232	KbYWBTs.exe
2132	mUqiLQp.exe
1824	JwwzgcL.exe
4520	esGsYvq.exe
3792	WqLSnnR.exe
2000	RYemoTV.exe
4068	jsoSPuo.exe
2552	FxPUqre.exe
5140	pNzVcRF.exe
5156	gUwJwiI.exe
5176	TSeHJdN.exe
5200	EOJGDUk.exe
3308	PYxgyNO.exe
5220	nRiqwjI.exe
5248	lejkTsG.exe
5268	JdTeHbO.exe
5292	hVFegUy.exe
5820	sOlTgtw.exe
5836	oHTHbZs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2384-0-0x00007FF75FAD0000-0x00007FF75FE24000-memory.dmp	upx
behavioral2/files/0x00080000000235b0-4.dat	upx
behavioral2/files/0x00070000000235b5-7.dat	upx
behavioral2/files/0x00070000000235b4-15.dat	upx
behavioral2/files/0x00070000000235b7-24.dat	upx
behavioral2/files/0x00070000000235b6-21.dat	upx
behavioral2/memory/4632-11-0x00007FF608BE0000-0x00007FF608F34000-memory.dmp	upx
behavioral2/memory/928-55-0x00007FF7EBBD0000-0x00007FF7EBF24000-memory.dmp	upx
behavioral2/files/0x00070000000235b9-38.dat	upx
behavioral2/files/0x00070000000235bc-47.dat	upx
behavioral2/memory/4320-32-0x00007FF7818B0000-0x00007FF781C04000-memory.dmp	upx
behavioral2/files/0x00070000000235b8-29.dat	upx
behavioral2/files/0x00070000000235ba-41.dat	upx
behavioral2/files/0x00070000000235cc-118.dat	upx
behavioral2/files/0x00070000000235cb-117.dat	upx
behavioral2/files/0x00070000000235d8-188.dat	upx
behavioral2/memory/2680-217-0x00007FF7DEE10000-0x00007FF7DF164000-memory.dmp	upx
behavioral2/memory/4192-235-0x00007FF765620000-0x00007FF765974000-memory.dmp	upx
behavioral2/memory/4260-264-0x00007FF7449F0000-0x00007FF744D44000-memory.dmp	upx
behavioral2/memory/4936-270-0x00007FF7EAAE0000-0x00007FF7EAE34000-memory.dmp	upx
behavioral2/memory/1408-276-0x00007FF7A8060000-0x00007FF7A83B4000-memory.dmp	upx
behavioral2/memory/4116-280-0x00007FF662050000-0x00007FF6623A4000-memory.dmp	upx
behavioral2/memory/1108-279-0x00007FF64E090000-0x00007FF64E3E4000-memory.dmp	upx
behavioral2/memory/4020-278-0x00007FF71E170000-0x00007FF71E4C4000-memory.dmp	upx
behavioral2/memory/2380-277-0x00007FF6D0D70000-0x00007FF6D10C4000-memory.dmp	upx
behavioral2/memory/1928-275-0x00007FF7198C0000-0x00007FF719C14000-memory.dmp	upx
behavioral2/memory/3240-274-0x00007FF663C00000-0x00007FF663F54000-memory.dmp	upx
behavioral2/memory/2532-273-0x00007FF67E410000-0x00007FF67E764000-memory.dmp	upx
behavioral2/memory/4328-272-0x00007FF788190000-0x00007FF7884E4000-memory.dmp	upx
behavioral2/memory/5024-271-0x00007FF6F7060000-0x00007FF6F73B4000-memory.dmp	upx
behavioral2/memory/3304-269-0x00007FF7102F0000-0x00007FF710644000-memory.dmp	upx
behavioral2/memory/1580-268-0x00007FF7DDEF0000-0x00007FF7DE244000-memory.dmp	upx
behavioral2/memory/400-267-0x00007FF638A20000-0x00007FF638D74000-memory.dmp	upx
behavioral2/memory/2156-266-0x00007FF7B2800000-0x00007FF7B2B54000-memory.dmp	upx
behavioral2/memory/3604-265-0x00007FF647A10000-0x00007FF647D64000-memory.dmp	upx
behavioral2/memory/676-263-0x00007FF67EB70000-0x00007FF67EEC4000-memory.dmp	upx
behavioral2/memory/3892-256-0x00007FF638C60000-0x00007FF638FB4000-memory.dmp	upx
behavioral2/memory/1772-247-0x00007FF69B680000-0x00007FF69B9D4000-memory.dmp	upx
behavioral2/memory/2576-212-0x00007FF63F360000-0x00007FF63F6B4000-memory.dmp	upx
behavioral2/files/0x00070000000235c9-185.dat	upx
behavioral2/memory/1784-175-0x00007FF768530000-0x00007FF768884000-memory.dmp	upx
behavioral2/files/0x00080000000235b1-173.dat	upx
behavioral2/files/0x00070000000235d6-172.dat	upx
behavioral2/files/0x00070000000235c6-169.dat	upx
behavioral2/files/0x00070000000235d5-165.dat	upx
behavioral2/files/0x00070000000235d4-164.dat	upx
behavioral2/files/0x00070000000235c5-161.dat	upx
behavioral2/files/0x00070000000235cd-159.dat	upx
behavioral2/files/0x00070000000235c3-149.dat	upx
behavioral2/files/0x00070000000235c0-144.dat	upx
behavioral2/files/0x00070000000235bd-143.dat	upx
behavioral2/files/0x00070000000235d7-183.dat	upx
behavioral2/files/0x00070000000235c8-178.dat	upx
behavioral2/files/0x00070000000235d1-138.dat	upx
behavioral2/files/0x00070000000235c7-134.dat	upx
behavioral2/memory/3960-133-0x00007FF794B80000-0x00007FF794ED4000-memory.dmp	upx
behavioral2/files/0x00070000000235bb-132.dat	upx
behavioral2/files/0x00070000000235d0-130.dat	upx
behavioral2/files/0x00070000000235cf-129.dat	upx
behavioral2/files/0x00070000000235ce-128.dat	upx
behavioral2/files/0x00070000000235be-122.dat	upx
behavioral2/files/0x00070000000235d3-158.dat	upx
behavioral2/files/0x00070000000235c2-115.dat	upx
behavioral2/files/0x00070000000235d2-140.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tiKuZHa.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\LHhYLwT.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\GZIGPum.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\oJIORtc.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\BqTpLTJ.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\qegMqfk.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\AzEYyVh.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\ryBdirl.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\VfPcPek.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\gEmWzty.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\lglTqaz.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\pWaBzAX.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\dCpNPsV.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\PuYPaxa.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\fclliZI.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\tvZEVKg.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\elUpOJT.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\gYMuvSb.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\hVqwEfj.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\DbIfDrA.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\YACkKCI.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\febmxoR.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\yYqnwfW.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\ieFdoao.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\IGKCLKl.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\gObLEhJ.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\KGfyrhT.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\DpxkXeB.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\eCStYKq.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\HKSQiqY.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\hMxGYBy.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\HRbRMBZ.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\ITrKBEW.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\uXyyuOI.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\mDTELeW.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\NKxyLpz.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\waQbDtN.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\tnIsIYr.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\pvbOuFZ.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\mMrWzSF.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\gFOJPSm.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\hdRZexM.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\mUqiLQp.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\IXIbtLm.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\xItGcbM.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\wZCMXuj.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\ZEsYHdd.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\aWPUTNd.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\iRWiKnD.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\xNLdFDa.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\fHxXmOd.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\ODAjveY.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\rCluEWf.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\SwicFGY.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\TISokZM.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\kxrxoDr.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\kiQHRnR.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\hadQrll.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\HTzleRR.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\wTGRqPf.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\hLcvDfQ.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\DslcbwT.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\GWAbLVs.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
File created	C:\Windows\System\OytjvkS.exe	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14412	dwm.exe
Token: SeChangeNotifyPrivilege	14412	dwm.exe
Token: 33	14412	dwm.exe
Token: SeIncBasePriorityPrivilege	14412	dwm.exe
Token: SeShutdownPrivilege	14412	dwm.exe
Token: SeCreatePagefilePrivilege	14412	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 4632	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	91
PID 2384 wrote to memory of 4632	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	91
PID 2384 wrote to memory of 4320	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	92
PID 2384 wrote to memory of 4320	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	92
PID 2384 wrote to memory of 928	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	93
PID 2384 wrote to memory of 928	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	93
PID 2384 wrote to memory of 1300	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	94
PID 2384 wrote to memory of 1300	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	94
PID 2384 wrote to memory of 2380	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	95
PID 2384 wrote to memory of 2380	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	95
PID 2384 wrote to memory of 3960	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	96
PID 2384 wrote to memory of 3960	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	96
PID 2384 wrote to memory of 4020	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	97
PID 2384 wrote to memory of 4020	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	97
PID 2384 wrote to memory of 1784	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	98
PID 2384 wrote to memory of 1784	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	98
PID 2384 wrote to memory of 4192	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	99
PID 2384 wrote to memory of 4192	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	99
PID 2384 wrote to memory of 2576	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	100
PID 2384 wrote to memory of 2576	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	100
PID 2384 wrote to memory of 1772	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	101
PID 2384 wrote to memory of 1772	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	101
PID 2384 wrote to memory of 1108	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	102
PID 2384 wrote to memory of 1108	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	102
PID 2384 wrote to memory of 2680	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	103
PID 2384 wrote to memory of 2680	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	103
PID 2384 wrote to memory of 3892	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	104
PID 2384 wrote to memory of 3892	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	104
PID 2384 wrote to memory of 676	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	105
PID 2384 wrote to memory of 676	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	105
PID 2384 wrote to memory of 4260	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	106
PID 2384 wrote to memory of 4260	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	106
PID 2384 wrote to memory of 3604	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	107
PID 2384 wrote to memory of 3604	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	107
PID 2384 wrote to memory of 2156	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	108
PID 2384 wrote to memory of 2156	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	108
PID 2384 wrote to memory of 400	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	109
PID 2384 wrote to memory of 400	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	109
PID 2384 wrote to memory of 1580	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	110
PID 2384 wrote to memory of 1580	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	110
PID 2384 wrote to memory of 4116	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	111
PID 2384 wrote to memory of 4116	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	111
PID 2384 wrote to memory of 3304	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	112
PID 2384 wrote to memory of 3304	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	112
PID 2384 wrote to memory of 4936	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	113
PID 2384 wrote to memory of 4936	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	113
PID 2384 wrote to memory of 5024	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	114
PID 2384 wrote to memory of 5024	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	114
PID 2384 wrote to memory of 4328	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	115
PID 2384 wrote to memory of 4328	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	115
PID 2384 wrote to memory of 2532	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	116
PID 2384 wrote to memory of 2532	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	116
PID 2384 wrote to memory of 3240	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	117
PID 2384 wrote to memory of 3240	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	117
PID 2384 wrote to memory of 1928	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	118
PID 2384 wrote to memory of 1928	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	118
PID 2384 wrote to memory of 1408	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	119
PID 2384 wrote to memory of 1408	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	119
PID 2384 wrote to memory of 1096	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	120
PID 2384 wrote to memory of 1096	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	120
PID 2384 wrote to memory of 880	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	121
PID 2384 wrote to memory of 880	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	121
PID 2384 wrote to memory of 468	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	122
PID 2384 wrote to memory of 468	2384	16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe	122

C:\Users\Admin\AppData\Local\Temp\16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe
"C:\Users\Admin\AppData\Local\Temp\16dfd67c767438cb46fa06022db47f1acafa10a8efd0ebc26b8962cfb846f54c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\System\hLcvDfQ.exe
  C:\Windows\System\hLcvDfQ.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\lqSAkeM.exe
  C:\Windows\System\lqSAkeM.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\AgzEwmH.exe
  C:\Windows\System\AgzEwmH.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\PYFdhHE.exe
  C:\Windows\System\PYFdhHE.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\aEHLVkj.exe
  C:\Windows\System\aEHLVkj.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\vGpsYrk.exe
  C:\Windows\System\vGpsYrk.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\TVCQlFk.exe
  C:\Windows\System\TVCQlFk.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\PfAnMWx.exe
  C:\Windows\System\PfAnMWx.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\zgzENLD.exe
  C:\Windows\System\zgzENLD.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\rqTWsGF.exe
  C:\Windows\System\rqTWsGF.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\MREpSfe.exe
  C:\Windows\System\MREpSfe.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\cCBrcTi.exe
  C:\Windows\System\cCBrcTi.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\hdRZexM.exe
  C:\Windows\System\hdRZexM.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\vSeQPRm.exe
  C:\Windows\System\vSeQPRm.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\IqZKUZF.exe
  C:\Windows\System\IqZKUZF.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\DxCrPMe.exe
  C:\Windows\System\DxCrPMe.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\nUdDijx.exe
  C:\Windows\System\nUdDijx.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\XButSkc.exe
  C:\Windows\System\XButSkc.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\tJKPcRZ.exe
  C:\Windows\System\tJKPcRZ.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\nSeZpwq.exe
  C:\Windows\System\nSeZpwq.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\nSyFsgT.exe
  C:\Windows\System\nSyFsgT.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\EzTLOtd.exe
  C:\Windows\System\EzTLOtd.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\ARIhaAq.exe
  C:\Windows\System\ARIhaAq.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\CHkZXlp.exe
  C:\Windows\System\CHkZXlp.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\NQCSMnf.exe
  C:\Windows\System\NQCSMnf.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\ZNCGcyM.exe
  C:\Windows\System\ZNCGcyM.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\AEClnCz.exe
  C:\Windows\System\AEClnCz.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\BbTWsFz.exe
  C:\Windows\System\BbTWsFz.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\GPsLyPm.exe
  C:\Windows\System\GPsLyPm.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\VjkVYaQ.exe
  C:\Windows\System\VjkVYaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\jKHQMUK.exe
  C:\Windows\System\jKHQMUK.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\WmVSVoB.exe
  C:\Windows\System\WmVSVoB.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\HctBEdU.exe
  C:\Windows\System\HctBEdU.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\gObLEhJ.exe
  C:\Windows\System\gObLEhJ.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\ocxSoQs.exe
  C:\Windows\System\ocxSoQs.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\wLZKPac.exe
  C:\Windows\System\wLZKPac.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\KGfyrhT.exe
  C:\Windows\System\KGfyrhT.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\xtLzQNH.exe
  C:\Windows\System\xtLzQNH.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\QoJyuNs.exe
  C:\Windows\System\QoJyuNs.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\JFSfcrP.exe
  C:\Windows\System\JFSfcrP.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\lGNFDhU.exe
  C:\Windows\System\lGNFDhU.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\ffVRuYk.exe
  C:\Windows\System\ffVRuYk.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\LeHFHkq.exe
  C:\Windows\System\LeHFHkq.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\ylXidjb.exe
  C:\Windows\System\ylXidjb.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\PYxgyNO.exe
  C:\Windows\System\PYxgyNO.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\WckLjye.exe
  C:\Windows\System\WckLjye.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\KbYWBTs.exe
  C:\Windows\System\KbYWBTs.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\mUqiLQp.exe
  C:\Windows\System\mUqiLQp.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\JwwzgcL.exe
  C:\Windows\System\JwwzgcL.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\esGsYvq.exe
  C:\Windows\System\esGsYvq.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\WqLSnnR.exe
  C:\Windows\System\WqLSnnR.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\RYemoTV.exe
  C:\Windows\System\RYemoTV.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\jsoSPuo.exe
  C:\Windows\System\jsoSPuo.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\FxPUqre.exe
  C:\Windows\System\FxPUqre.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\pNzVcRF.exe
  C:\Windows\System\pNzVcRF.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\gUwJwiI.exe
  C:\Windows\System\gUwJwiI.exe
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Windows\System\TSeHJdN.exe
  C:\Windows\System\TSeHJdN.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\EOJGDUk.exe
  C:\Windows\System\EOJGDUk.exe
  2⤵
  - Executes dropped EXE
  PID:5200
- C:\Windows\System\nRiqwjI.exe
  C:\Windows\System\nRiqwjI.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System\lejkTsG.exe
  C:\Windows\System\lejkTsG.exe
  2⤵
  - Executes dropped EXE
  PID:5248
- C:\Windows\System\JdTeHbO.exe
  C:\Windows\System\JdTeHbO.exe
  2⤵
  - Executes dropped EXE
  PID:5268
- C:\Windows\System\hVFegUy.exe
  C:\Windows\System\hVFegUy.exe
  2⤵
  - Executes dropped EXE
  PID:5292
- C:\Windows\System\sOlTgtw.exe
  C:\Windows\System\sOlTgtw.exe
  2⤵
  - Executes dropped EXE
  PID:5820
- C:\Windows\System\oHTHbZs.exe
  C:\Windows\System\oHTHbZs.exe
  2⤵
  - Executes dropped EXE
  PID:5836
- C:\Windows\System\FERdCil.exe
  C:\Windows\System\FERdCil.exe
  2⤵
  PID:5856
- C:\Windows\System\oNzAFkV.exe
  C:\Windows\System\oNzAFkV.exe
  2⤵
  PID:5884
- C:\Windows\System\JYUpRec.exe
  C:\Windows\System\JYUpRec.exe
  2⤵
  PID:5920
- C:\Windows\System\dwkmZkZ.exe
  C:\Windows\System\dwkmZkZ.exe
  2⤵
  PID:5940
- C:\Windows\System\OOUCDWj.exe
  C:\Windows\System\OOUCDWj.exe
  2⤵
  PID:5976
- C:\Windows\System\aqrrlvX.exe
  C:\Windows\System\aqrrlvX.exe
  2⤵
  PID:6008
- C:\Windows\System\kMjZUut.exe
  C:\Windows\System\kMjZUut.exe
  2⤵
  PID:6032
- C:\Windows\System\GIMPBZv.exe
  C:\Windows\System\GIMPBZv.exe
  2⤵
  PID:6052
- C:\Windows\System\WALukIf.exe
  C:\Windows\System\WALukIf.exe
  2⤵
  PID:6076
- C:\Windows\System\JYfsmDE.exe
  C:\Windows\System\JYfsmDE.exe
  2⤵
  PID:6112
- C:\Windows\System\fKPOHca.exe
  C:\Windows\System\fKPOHca.exe
  2⤵
  PID:4608
- C:\Windows\System\XnPuPER.exe
  C:\Windows\System\XnPuPER.exe
  2⤵
  PID:3720
- C:\Windows\System\DigQTGE.exe
  C:\Windows\System\DigQTGE.exe
  2⤵
  PID:1996
- C:\Windows\System\WlPDqbM.exe
  C:\Windows\System\WlPDqbM.exe
  2⤵
  PID:332
- C:\Windows\System\lpMahjH.exe
  C:\Windows\System\lpMahjH.exe
  2⤵
  PID:2092
- C:\Windows\System\CFlZNyA.exe
  C:\Windows\System\CFlZNyA.exe
  2⤵
  PID:4468
- C:\Windows\System\UFxEBKN.exe
  C:\Windows\System\UFxEBKN.exe
  2⤵
  PID:1980
- C:\Windows\System\hVqwEfj.exe
  C:\Windows\System\hVqwEfj.exe
  2⤵
  PID:3608
- C:\Windows\System\XkPicnC.exe
  C:\Windows\System\XkPicnC.exe
  2⤵
  PID:4444
- C:\Windows\System\fgjjmbs.exe
  C:\Windows\System\fgjjmbs.exe
  2⤵
  PID:1512
- C:\Windows\System\hbNTyZL.exe
  C:\Windows\System\hbNTyZL.exe
  2⤵
  PID:404
- C:\Windows\System\vAJxpBn.exe
  C:\Windows\System\vAJxpBn.exe
  2⤵
  PID:5152
- C:\Windows\System\zYbfIDb.exe
  C:\Windows\System\zYbfIDb.exe
  2⤵
  PID:5260
- C:\Windows\System\gdGYFqM.exe
  C:\Windows\System\gdGYFqM.exe
  2⤵
  PID:5328
- C:\Windows\System\cJkofaL.exe
  C:\Windows\System\cJkofaL.exe
  2⤵
  PID:5428
- C:\Windows\System\bpaEMxG.exe
  C:\Windows\System\bpaEMxG.exe
  2⤵
  PID:5560
- C:\Windows\System\beVjtod.exe
  C:\Windows\System\beVjtod.exe
  2⤵
  PID:5636
- C:\Windows\System\VtDxusi.exe
  C:\Windows\System\VtDxusi.exe
  2⤵
  PID:3628
- C:\Windows\System\PQiSDRs.exe
  C:\Windows\System\PQiSDRs.exe
  2⤵
  PID:3992
- C:\Windows\System\emGYyBF.exe
  C:\Windows\System\emGYyBF.exe
  2⤵
  PID:4232
- C:\Windows\System\YNDLDSz.exe
  C:\Windows\System\YNDLDSz.exe
  2⤵
  PID:2308
- C:\Windows\System\TSeqkdL.exe
  C:\Windows\System\TSeqkdL.exe
  2⤵
  PID:1776
- C:\Windows\System\ODAjveY.exe
  C:\Windows\System\ODAjveY.exe
  2⤵
  PID:3824
- C:\Windows\System\akULmrf.exe
  C:\Windows\System\akULmrf.exe
  2⤵
  PID:3040
- C:\Windows\System\gnxoRUe.exe
  C:\Windows\System\gnxoRUe.exe
  2⤵
  PID:540
- C:\Windows\System\MdeAmis.exe
  C:\Windows\System\MdeAmis.exe
  2⤵
  PID:2612
- C:\Windows\System\bUuByxm.exe
  C:\Windows\System\bUuByxm.exe
  2⤵
  PID:5164
- C:\Windows\System\CPjugwB.exe
  C:\Windows\System\CPjugwB.exe
  2⤵
  PID:5596
- C:\Windows\System\WasWSWr.exe
  C:\Windows\System\WasWSWr.exe
  2⤵
  PID:5724
- C:\Windows\System\DBNHsOR.exe
  C:\Windows\System\DBNHsOR.exe
  2⤵
  PID:5768
- C:\Windows\System\LiJtzgN.exe
  C:\Windows\System\LiJtzgN.exe
  2⤵
  PID:2676
- C:\Windows\System\qGzWqjC.exe
  C:\Windows\System\qGzWqjC.exe
  2⤵
  PID:60
- C:\Windows\System\noARqyB.exe
  C:\Windows\System\noARqyB.exe
  2⤵
  PID:5816
- C:\Windows\System\BiWztVk.exe
  C:\Windows\System\BiWztVk.exe
  2⤵
  PID:5848
- C:\Windows\System\QffUnGT.exe
  C:\Windows\System\QffUnGT.exe
  2⤵
  PID:5952
- C:\Windows\System\yGNlTUB.exe
  C:\Windows\System\yGNlTUB.exe
  2⤵
  PID:6016
- C:\Windows\System\tECSAwS.exe
  C:\Windows\System\tECSAwS.exe
  2⤵
  PID:6104
- C:\Windows\System\eVQnosx.exe
  C:\Windows\System\eVQnosx.exe
  2⤵
  PID:4528
- C:\Windows\System\TPsQNyi.exe
  C:\Windows\System\TPsQNyi.exe
  2⤵
  PID:3460
- C:\Windows\System\rrFkyeG.exe
  C:\Windows\System\rrFkyeG.exe
  2⤵
  PID:4908
- C:\Windows\System\rPMuTVq.exe
  C:\Windows\System\rPMuTVq.exe
  2⤵
  PID:1828
- C:\Windows\System\rYFJgJa.exe
  C:\Windows\System\rYFJgJa.exe
  2⤵
  PID:5184
- C:\Windows\System\qtkweVa.exe
  C:\Windows\System\qtkweVa.exe
  2⤵
  PID:5396
- C:\Windows\System\OrQPgWk.exe
  C:\Windows\System\OrQPgWk.exe
  2⤵
  PID:5604
- C:\Windows\System\coLBcRU.exe
  C:\Windows\System\coLBcRU.exe
  2⤵
  PID:416
- C:\Windows\System\pVGNGps.exe
  C:\Windows\System\pVGNGps.exe
  2⤵
  PID:1280
- C:\Windows\System\zvkbBFu.exe
  C:\Windows\System\zvkbBFu.exe
  2⤵
  PID:4616
- C:\Windows\System\vPmoIVo.exe
  C:\Windows\System\vPmoIVo.exe
  2⤵
  PID:3440
- C:\Windows\System\TQbjwzQ.exe
  C:\Windows\System\TQbjwzQ.exe
  2⤵
  PID:5716
- C:\Windows\System\NjvSfYm.exe
  C:\Windows\System\NjvSfYm.exe
  2⤵
  PID:5748
- C:\Windows\System\oJIORtc.exe
  C:\Windows\System\oJIORtc.exe
  2⤵
  PID:4720
- C:\Windows\System\BskoTpZ.exe
  C:\Windows\System\BskoTpZ.exe
  2⤵
  PID:6024
- C:\Windows\System\TLEqyDB.exe
  C:\Windows\System\TLEqyDB.exe
  2⤵
  PID:6068
- C:\Windows\System\SLOHbpZ.exe
  C:\Windows\System\SLOHbpZ.exe
  2⤵
  PID:2976
- C:\Windows\System\ptKHtqg.exe
  C:\Windows\System\ptKHtqg.exe
  2⤵
  PID:5236
- C:\Windows\System\uXyyuOI.exe
  C:\Windows\System\uXyyuOI.exe
  2⤵
  PID:5620
- C:\Windows\System\ACPRelz.exe
  C:\Windows\System\ACPRelz.exe
  2⤵
  PID:544
- C:\Windows\System\zkYwQLl.exe
  C:\Windows\System\zkYwQLl.exe
  2⤵
  PID:5740
- C:\Windows\System\tkYExLg.exe
  C:\Windows\System\tkYExLg.exe
  2⤵
  PID:5828
- C:\Windows\System\tKuMsge.exe
  C:\Windows\System\tKuMsge.exe
  2⤵
  PID:6064
- C:\Windows\System\WiioJty.exe
  C:\Windows\System\WiioJty.exe
  2⤵
  PID:5532
- C:\Windows\System\jfuNKMG.exe
  C:\Windows\System\jfuNKMG.exe
  2⤵
  PID:1812
- C:\Windows\System\sjwQRoZ.exe
  C:\Windows\System\sjwQRoZ.exe
  2⤵
  PID:1412
- C:\Windows\System\iBaQrQd.exe
  C:\Windows\System\iBaQrQd.exe
  2⤵
  PID:1952
- C:\Windows\System\EUFuYrn.exe
  C:\Windows\System\EUFuYrn.exe
  2⤵
  PID:6168
- C:\Windows\System\CzqSjzs.exe
  C:\Windows\System\CzqSjzs.exe
  2⤵
  PID:6200
- C:\Windows\System\bUtSvTe.exe
  C:\Windows\System\bUtSvTe.exe
  2⤵
  PID:6228
- C:\Windows\System\CqgCuuY.exe
  C:\Windows\System\CqgCuuY.exe
  2⤵
  PID:6256
- C:\Windows\System\vYJvXuR.exe
  C:\Windows\System\vYJvXuR.exe
  2⤵
  PID:6292
- C:\Windows\System\kOtxEbj.exe
  C:\Windows\System\kOtxEbj.exe
  2⤵
  PID:6320
- C:\Windows\System\gOjJxfX.exe
  C:\Windows\System\gOjJxfX.exe
  2⤵
  PID:6340
- C:\Windows\System\tSMeaOH.exe
  C:\Windows\System\tSMeaOH.exe
  2⤵
  PID:6356
- C:\Windows\System\iggrIxs.exe
  C:\Windows\System\iggrIxs.exe
  2⤵
  PID:6376
- C:\Windows\System\PmhqBUc.exe
  C:\Windows\System\PmhqBUc.exe
  2⤵
  PID:6400
- C:\Windows\System\NVbQQSI.exe
  C:\Windows\System\NVbQQSI.exe
  2⤵
  PID:6420
- C:\Windows\System\uMgBGoV.exe
  C:\Windows\System\uMgBGoV.exe
  2⤵
  PID:6436
- C:\Windows\System\xPHWdvn.exe
  C:\Windows\System\xPHWdvn.exe
  2⤵
  PID:6460
- C:\Windows\System\TAbeTZw.exe
  C:\Windows\System\TAbeTZw.exe
  2⤵
  PID:6480
- C:\Windows\System\DyuzMuB.exe
  C:\Windows\System\DyuzMuB.exe
  2⤵
  PID:6496
- C:\Windows\System\HjMaUwu.exe
  C:\Windows\System\HjMaUwu.exe
  2⤵
  PID:6524
- C:\Windows\System\QyLrsKg.exe
  C:\Windows\System\QyLrsKg.exe
  2⤵
  PID:6552
- C:\Windows\System\lqLRKcR.exe
  C:\Windows\System\lqLRKcR.exe
  2⤵
  PID:6572
- C:\Windows\System\dzOzVfr.exe
  C:\Windows\System\dzOzVfr.exe
  2⤵
  PID:6608
- C:\Windows\System\TZhICWe.exe
  C:\Windows\System\TZhICWe.exe
  2⤵
  PID:6640
- C:\Windows\System\RjAvziw.exe
  C:\Windows\System\RjAvziw.exe
  2⤵
  PID:6672
- C:\Windows\System\RuPBiPe.exe
  C:\Windows\System\RuPBiPe.exe
  2⤵
  PID:6712
- C:\Windows\System\AGolYOv.exe
  C:\Windows\System\AGolYOv.exe
  2⤵
  PID:6728
- C:\Windows\System\noPTzEy.exe
  C:\Windows\System\noPTzEy.exe
  2⤵
  PID:6752
- C:\Windows\System\CHsZObl.exe
  C:\Windows\System\CHsZObl.exe
  2⤵
  PID:6788
- C:\Windows\System\YONufPX.exe
  C:\Windows\System\YONufPX.exe
  2⤵
  PID:6832
- C:\Windows\System\nDbWGkV.exe
  C:\Windows\System\nDbWGkV.exe
  2⤵
  PID:6876
- C:\Windows\System\XVljZwA.exe
  C:\Windows\System\XVljZwA.exe
  2⤵
  PID:6920
- C:\Windows\System\oTrLtid.exe
  C:\Windows\System\oTrLtid.exe
  2⤵
  PID:6952
- C:\Windows\System\LznnNgl.exe
  C:\Windows\System\LznnNgl.exe
  2⤵
  PID:6980
- C:\Windows\System\lVPiJUV.exe
  C:\Windows\System\lVPiJUV.exe
  2⤵
  PID:7016
- C:\Windows\System\UDPWuSa.exe
  C:\Windows\System\UDPWuSa.exe
  2⤵
  PID:7052
- C:\Windows\System\aaXBxEg.exe
  C:\Windows\System\aaXBxEg.exe
  2⤵
  PID:7080
- C:\Windows\System\NdhpTpo.exe
  C:\Windows\System\NdhpTpo.exe
  2⤵
  PID:7104
- C:\Windows\System\zBBODzx.exe
  C:\Windows\System\zBBODzx.exe
  2⤵
  PID:7140
- C:\Windows\System\OfUrIJT.exe
  C:\Windows\System\OfUrIJT.exe
  2⤵
  PID:7164
- C:\Windows\System\BlBnhCr.exe
  C:\Windows\System\BlBnhCr.exe
  2⤵
  PID:6004
- C:\Windows\System\IXIbtLm.exe
  C:\Windows\System\IXIbtLm.exe
  2⤵
  PID:6188
- C:\Windows\System\CSkapVI.exe
  C:\Windows\System\CSkapVI.exe
  2⤵
  PID:6244
- C:\Windows\System\arrYJwC.exe
  C:\Windows\System\arrYJwC.exe
  2⤵
  PID:6276
- C:\Windows\System\BqTpLTJ.exe
  C:\Windows\System\BqTpLTJ.exe
  2⤵
  PID:6332
- C:\Windows\System\ZkaYuxG.exe
  C:\Windows\System\ZkaYuxG.exe
  2⤵
  PID:6416
- C:\Windows\System\jJEYGsG.exe
  C:\Windows\System\jJEYGsG.exe
  2⤵
  PID:6456
- C:\Windows\System\jRebInt.exe
  C:\Windows\System\jRebInt.exe
  2⤵
  PID:6560
- C:\Windows\System\mabepeu.exe
  C:\Windows\System\mabepeu.exe
  2⤵
  PID:6708
- C:\Windows\System\TXrpMJl.exe
  C:\Windows\System\TXrpMJl.exe
  2⤵
  PID:6620
- C:\Windows\System\mDTELeW.exe
  C:\Windows\System\mDTELeW.exe
  2⤵
  PID:6748
- C:\Windows\System\UdPpSBK.exe
  C:\Windows\System\UdPpSBK.exe
  2⤵
  PID:6772
- C:\Windows\System\hUyjdCZ.exe
  C:\Windows\System\hUyjdCZ.exe
  2⤵
  PID:6900
- C:\Windows\System\FYQUIpa.exe
  C:\Windows\System\FYQUIpa.exe
  2⤵
  PID:6868
- C:\Windows\System\qegMqfk.exe
  C:\Windows\System\qegMqfk.exe
  2⤵
  PID:6948
- C:\Windows\System\SPAalGT.exe
  C:\Windows\System\SPAalGT.exe
  2⤵
  PID:7032
- C:\Windows\System\KXPyeVl.exe
  C:\Windows\System\KXPyeVl.exe
  2⤵
  PID:7124
- C:\Windows\System\aNVlQcS.exe
  C:\Windows\System\aNVlQcS.exe
  2⤵
  PID:5932
- C:\Windows\System\qKNmZMX.exe
  C:\Windows\System\qKNmZMX.exe
  2⤵
  PID:6336
- C:\Windows\System\NRhOcfc.exe
  C:\Windows\System\NRhOcfc.exe
  2⤵
  PID:6512
- C:\Windows\System\BFeQXgT.exe
  C:\Windows\System\BFeQXgT.exe
  2⤵
  PID:6592
- C:\Windows\System\xItGcbM.exe
  C:\Windows\System\xItGcbM.exe
  2⤵
  PID:6912
- C:\Windows\System\JRTZfAu.exe
  C:\Windows\System\JRTZfAu.exe
  2⤵
  PID:6940
- C:\Windows\System\YyvZIEf.exe
  C:\Windows\System\YyvZIEf.exe
  2⤵
  PID:7076
- C:\Windows\System\Hzirdhm.exe
  C:\Windows\System\Hzirdhm.exe
  2⤵
  PID:6364
- C:\Windows\System\eMcCbbi.exe
  C:\Windows\System\eMcCbbi.exe
  2⤵
  PID:6220
- C:\Windows\System\yXTbMgL.exe
  C:\Windows\System\yXTbMgL.exe
  2⤵
  PID:6584
- C:\Windows\System\IKYkJts.exe
  C:\Windows\System\IKYkJts.exe
  2⤵
  PID:7160
- C:\Windows\System\sYKBVTY.exe
  C:\Windows\System\sYKBVTY.exe
  2⤵
  PID:7196
- C:\Windows\System\dKfyqUh.exe
  C:\Windows\System\dKfyqUh.exe
  2⤵
  PID:7232
- C:\Windows\System\tgqhYrV.exe
  C:\Windows\System\tgqhYrV.exe
  2⤵
  PID:7260
- C:\Windows\System\GQwKJEg.exe
  C:\Windows\System\GQwKJEg.exe
  2⤵
  PID:7296
- C:\Windows\System\IizgHzG.exe
  C:\Windows\System\IizgHzG.exe
  2⤵
  PID:7332
- C:\Windows\System\zRPkaQP.exe
  C:\Windows\System\zRPkaQP.exe
  2⤵
  PID:7360
- C:\Windows\System\VGCzABJ.exe
  C:\Windows\System\VGCzABJ.exe
  2⤵
  PID:7400
- C:\Windows\System\jlKmNkw.exe
  C:\Windows\System\jlKmNkw.exe
  2⤵
  PID:7420
- C:\Windows\System\MqrLFHM.exe
  C:\Windows\System\MqrLFHM.exe
  2⤵
  PID:7444
- C:\Windows\System\zvkiefE.exe
  C:\Windows\System\zvkiefE.exe
  2⤵
  PID:7472
- C:\Windows\System\QNEXeXO.exe
  C:\Windows\System\QNEXeXO.exe
  2⤵
  PID:7504
- C:\Windows\System\JAlJxrJ.exe
  C:\Windows\System\JAlJxrJ.exe
  2⤵
  PID:7548
- C:\Windows\System\kaQdAhL.exe
  C:\Windows\System\kaQdAhL.exe
  2⤵
  PID:7572
- C:\Windows\System\VFQyVJu.exe
  C:\Windows\System\VFQyVJu.exe
  2⤵
  PID:7596
- C:\Windows\System\PCqKGxH.exe
  C:\Windows\System\PCqKGxH.exe
  2⤵
  PID:7648
- C:\Windows\System\ROiinue.exe
  C:\Windows\System\ROiinue.exe
  2⤵
  PID:7668
- C:\Windows\System\DbIfDrA.exe
  C:\Windows\System\DbIfDrA.exe
  2⤵
  PID:7704
- C:\Windows\System\NGxlZLK.exe
  C:\Windows\System\NGxlZLK.exe
  2⤵
  PID:7732
- C:\Windows\System\qHyGmpX.exe
  C:\Windows\System\qHyGmpX.exe
  2⤵
  PID:7760
- C:\Windows\System\QvtlIZR.exe
  C:\Windows\System\QvtlIZR.exe
  2⤵
  PID:7788
- C:\Windows\System\HaqwWsn.exe
  C:\Windows\System\HaqwWsn.exe
  2⤵
  PID:7812
- C:\Windows\System\iRbjxYy.exe
  C:\Windows\System\iRbjxYy.exe
  2⤵
  PID:7828
- C:\Windows\System\DpxkXeB.exe
  C:\Windows\System\DpxkXeB.exe
  2⤵
  PID:7860
- C:\Windows\System\RKORsCO.exe
  C:\Windows\System\RKORsCO.exe
  2⤵
  PID:7892
- C:\Windows\System\eCStYKq.exe
  C:\Windows\System\eCStYKq.exe
  2⤵
  PID:7920
- C:\Windows\System\Icwlvqm.exe
  C:\Windows\System\Icwlvqm.exe
  2⤵
  PID:7948
- C:\Windows\System\whwuWfe.exe
  C:\Windows\System\whwuWfe.exe
  2⤵
  PID:7980
- C:\Windows\System\lWcIFGF.exe
  C:\Windows\System\lWcIFGF.exe
  2⤵
  PID:8008
- C:\Windows\System\ZxvgxLz.exe
  C:\Windows\System\ZxvgxLz.exe
  2⤵
  PID:8040
- C:\Windows\System\JaAxqvB.exe
  C:\Windows\System\JaAxqvB.exe
  2⤵
  PID:8072
- C:\Windows\System\YACkKCI.exe
  C:\Windows\System\YACkKCI.exe
  2⤵
  PID:8104
- C:\Windows\System\XaLZVsD.exe
  C:\Windows\System\XaLZVsD.exe
  2⤵
  PID:8140
- C:\Windows\System\HjSCgVo.exe
  C:\Windows\System\HjSCgVo.exe
  2⤵
  PID:8164
- C:\Windows\System\wZCMXuj.exe
  C:\Windows\System\wZCMXuj.exe
  2⤵
  PID:8184
- C:\Windows\System\MDRrAQV.exe
  C:\Windows\System\MDRrAQV.exe
  2⤵
  PID:7192
- C:\Windows\System\GdsZYLg.exe
  C:\Windows\System\GdsZYLg.exe
  2⤵
  PID:7292
- C:\Windows\System\spNFpaY.exe
  C:\Windows\System\spNFpaY.exe
  2⤵
  PID:7280
- C:\Windows\System\ZjwxBmR.exe
  C:\Windows\System\ZjwxBmR.exe
  2⤵
  PID:7428
- C:\Windows\System\VUporKx.exe
  C:\Windows\System\VUporKx.exe
  2⤵
  PID:7464
- C:\Windows\System\YlVFDOU.exe
  C:\Windows\System\YlVFDOU.exe
  2⤵
  PID:7556
- C:\Windows\System\CmaSEBh.exe
  C:\Windows\System\CmaSEBh.exe
  2⤵
  PID:7620
- C:\Windows\System\DXQEmWJ.exe
  C:\Windows\System\DXQEmWJ.exe
  2⤵
  PID:7748
- C:\Windows\System\aNWLqTX.exe
  C:\Windows\System\aNWLqTX.exe
  2⤵
  PID:7824
- C:\Windows\System\VvpLqZt.exe
  C:\Windows\System\VvpLqZt.exe
  2⤵
  PID:7876
- C:\Windows\System\dVhrVIP.exe
  C:\Windows\System\dVhrVIP.exe
  2⤵
  PID:7956
- C:\Windows\System\wnviGIn.exe
  C:\Windows\System\wnviGIn.exe
  2⤵
  PID:8004
- C:\Windows\System\pvbOuFZ.exe
  C:\Windows\System\pvbOuFZ.exe
  2⤵
  PID:8092
- C:\Windows\System\DNSIsyJ.exe
  C:\Windows\System\DNSIsyJ.exe
  2⤵
  PID:8124
- C:\Windows\System\RuRCCGE.exe
  C:\Windows\System\RuRCCGE.exe
  2⤵
  PID:6964
- C:\Windows\System\xMSekER.exe
  C:\Windows\System\xMSekER.exe
  2⤵
  PID:7348
- C:\Windows\System\KBnxwsB.exe
  C:\Windows\System\KBnxwsB.exe
  2⤵
  PID:7372
- C:\Windows\System\sRBZcKU.exe
  C:\Windows\System\sRBZcKU.exe
  2⤵
  PID:7588
- C:\Windows\System\GHkXkuI.exe
  C:\Windows\System\GHkXkuI.exe
  2⤵
  PID:7848
- C:\Windows\System\kAWWdTJ.exe
  C:\Windows\System\kAWWdTJ.exe
  2⤵
  PID:7840
- C:\Windows\System\PeERbgN.exe
  C:\Windows\System\PeERbgN.exe
  2⤵
  PID:8180
- C:\Windows\System\febmxoR.exe
  C:\Windows\System\febmxoR.exe
  2⤵
  PID:7412
- C:\Windows\System\kKIBkTA.exe
  C:\Windows\System\kKIBkTA.exe
  2⤵
  PID:7852
- C:\Windows\System\nbrRvtK.exe
  C:\Windows\System\nbrRvtK.exe
  2⤵
  PID:7320
- C:\Windows\System\gDehlAp.exe
  C:\Windows\System\gDehlAp.exe
  2⤵
  PID:8208
- C:\Windows\System\oikOjsM.exe
  C:\Windows\System\oikOjsM.exe
  2⤵
  PID:8236
- C:\Windows\System\VYLfiTc.exe
  C:\Windows\System\VYLfiTc.exe
  2⤵
  PID:8276
- C:\Windows\System\PSgpYJL.exe
  C:\Windows\System\PSgpYJL.exe
  2⤵
  PID:8292
- C:\Windows\System\dmmPdfE.exe
  C:\Windows\System\dmmPdfE.exe
  2⤵
  PID:8320
- C:\Windows\System\NKxyLpz.exe
  C:\Windows\System\NKxyLpz.exe
  2⤵
  PID:8352
- C:\Windows\System\aljmuuj.exe
  C:\Windows\System\aljmuuj.exe
  2⤵
  PID:8392
- C:\Windows\System\BWEHjyS.exe
  C:\Windows\System\BWEHjyS.exe
  2⤵
  PID:8412
- C:\Windows\System\FGuUNAR.exe
  C:\Windows\System\FGuUNAR.exe
  2⤵
  PID:8428
- C:\Windows\System\qxAfSrj.exe
  C:\Windows\System\qxAfSrj.exe
  2⤵
  PID:8444
- C:\Windows\System\mQZqqSl.exe
  C:\Windows\System\mQZqqSl.exe
  2⤵
  PID:8468
- C:\Windows\System\xCgWRJw.exe
  C:\Windows\System\xCgWRJw.exe
  2⤵
  PID:8492
- C:\Windows\System\OOKJthd.exe
  C:\Windows\System\OOKJthd.exe
  2⤵
  PID:8516
- C:\Windows\System\jmXZbae.exe
  C:\Windows\System\jmXZbae.exe
  2⤵
  PID:8540
- C:\Windows\System\kJyKZJg.exe
  C:\Windows\System\kJyKZJg.exe
  2⤵
  PID:8556
- C:\Windows\System\fMxaxnX.exe
  C:\Windows\System\fMxaxnX.exe
  2⤵
  PID:8576
- C:\Windows\System\ImAeYHd.exe
  C:\Windows\System\ImAeYHd.exe
  2⤵
  PID:8596
- C:\Windows\System\NzXyTtp.exe
  C:\Windows\System\NzXyTtp.exe
  2⤵
  PID:8620
- C:\Windows\System\voyVZsN.exe
  C:\Windows\System\voyVZsN.exe
  2⤵
  PID:8672
- C:\Windows\System\kAfBTMY.exe
  C:\Windows\System\kAfBTMY.exe
  2⤵
  PID:8700
- C:\Windows\System\KCnODpI.exe
  C:\Windows\System\KCnODpI.exe
  2⤵
  PID:8724
- C:\Windows\System\dDDIPwI.exe
  C:\Windows\System\dDDIPwI.exe
  2⤵
  PID:8752
- C:\Windows\System\BBsYKFp.exe
  C:\Windows\System\BBsYKFp.exe
  2⤵
  PID:8784
- C:\Windows\System\VOYehiv.exe
  C:\Windows\System\VOYehiv.exe
  2⤵
  PID:8812
- C:\Windows\System\BlAlkus.exe
  C:\Windows\System\BlAlkus.exe
  2⤵
  PID:8844
- C:\Windows\System\JVbGslQ.exe
  C:\Windows\System\JVbGslQ.exe
  2⤵
  PID:8868
- C:\Windows\System\UjNVHXe.exe
  C:\Windows\System\UjNVHXe.exe
  2⤵
  PID:8892
- C:\Windows\System\aVarYxz.exe
  C:\Windows\System\aVarYxz.exe
  2⤵
  PID:8920
- C:\Windows\System\ubPgtxy.exe
  C:\Windows\System\ubPgtxy.exe
  2⤵
  PID:8952
- C:\Windows\System\qFjNaSn.exe
  C:\Windows\System\qFjNaSn.exe
  2⤵
  PID:8988
- C:\Windows\System\AJLXBMf.exe
  C:\Windows\System\AJLXBMf.exe
  2⤵
  PID:9020
- C:\Windows\System\MRVgkXf.exe
  C:\Windows\System\MRVgkXf.exe
  2⤵
  PID:9060
- C:\Windows\System\sXUhqNj.exe
  C:\Windows\System\sXUhqNj.exe
  2⤵
  PID:9092
- C:\Windows\System\mMrWzSF.exe
  C:\Windows\System\mMrWzSF.exe
  2⤵
  PID:9132
- C:\Windows\System\rCluEWf.exe
  C:\Windows\System\rCluEWf.exe
  2⤵
  PID:9156
- C:\Windows\System\RHoysNb.exe
  C:\Windows\System\RHoysNb.exe
  2⤵
  PID:9180
- C:\Windows\System\WXWGQJj.exe
  C:\Windows\System\WXWGQJj.exe
  2⤵
  PID:9204
- C:\Windows\System\pmGOliY.exe
  C:\Windows\System\pmGOliY.exe
  2⤵
  PID:7624
- C:\Windows\System\RBkbvyC.exe
  C:\Windows\System\RBkbvyC.exe
  2⤵
  PID:8248
- C:\Windows\System\nEtndJW.exe
  C:\Windows\System\nEtndJW.exe
  2⤵
  PID:8312
- C:\Windows\System\AQZrhkt.exe
  C:\Windows\System\AQZrhkt.exe
  2⤵
  PID:8368
- C:\Windows\System\yhQUerF.exe
  C:\Windows\System\yhQUerF.exe
  2⤵
  PID:8552
- C:\Windows\System\UkvDiEL.exe
  C:\Windows\System\UkvDiEL.exe
  2⤵
  PID:8640
- C:\Windows\System\LlfWOZM.exe
  C:\Windows\System\LlfWOZM.exe
  2⤵
  PID:8536
- C:\Windows\System\waQbDtN.exe
  C:\Windows\System\waQbDtN.exe
  2⤵
  PID:8588
- C:\Windows\System\XhdZqsO.exe
  C:\Windows\System\XhdZqsO.exe
  2⤵
  PID:8760
- C:\Windows\System\NNtmIqx.exe
  C:\Windows\System\NNtmIqx.exe
  2⤵
  PID:8832
- C:\Windows\System\xOHwcNM.exe
  C:\Windows\System\xOHwcNM.exe
  2⤵
  PID:8780
- C:\Windows\System\AzEYyVh.exe
  C:\Windows\System\AzEYyVh.exe
  2⤵
  PID:8880
- C:\Windows\System\KMVYbRg.exe
  C:\Windows\System\KMVYbRg.exe
  2⤵
  PID:9080
- C:\Windows\System\AvUqkUX.exe
  C:\Windows\System\AvUqkUX.exe
  2⤵
  PID:9072
- C:\Windows\System\yYqnwfW.exe
  C:\Windows\System\yYqnwfW.exe
  2⤵
  PID:9168
- C:\Windows\System\VnVsIGz.exe
  C:\Windows\System\VnVsIGz.exe
  2⤵
  PID:8020
- C:\Windows\System\gPJaeZJ.exe
  C:\Windows\System\gPJaeZJ.exe
  2⤵
  PID:8260
- C:\Windows\System\vRzHchs.exe
  C:\Windows\System\vRzHchs.exe
  2⤵
  PID:8584
- C:\Windows\System\mICqFRH.exe
  C:\Windows\System\mICqFRH.exe
  2⤵
  PID:8636
- C:\Windows\System\caRNepK.exe
  C:\Windows\System\caRNepK.exe
  2⤵
  PID:8768
- C:\Windows\System\xPLQZLg.exe
  C:\Windows\System\xPLQZLg.exe
  2⤵
  PID:8856
- C:\Windows\System\OrJdwwq.exe
  C:\Windows\System\OrJdwwq.exe
  2⤵
  PID:9012
- C:\Windows\System\MdbCGJZ.exe
  C:\Windows\System\MdbCGJZ.exe
  2⤵
  PID:9028
- C:\Windows\System\QORpslG.exe
  C:\Windows\System\QORpslG.exe
  2⤵
  PID:8204
- C:\Windows\System\DslcbwT.exe
  C:\Windows\System\DslcbwT.exe
  2⤵
  PID:8404
- C:\Windows\System\JoxYmFe.exe
  C:\Windows\System\JoxYmFe.exe
  2⤵
  PID:8480
- C:\Windows\System\pWaBzAX.exe
  C:\Windows\System\pWaBzAX.exe
  2⤵
  PID:9004
- C:\Windows\System\hOLXjoF.exe
  C:\Windows\System\hOLXjoF.exe
  2⤵
  PID:8972
- C:\Windows\System\HZqgYfo.exe
  C:\Windows\System\HZqgYfo.exe
  2⤵
  PID:9244
- C:\Windows\System\fdhfeLi.exe
  C:\Windows\System\fdhfeLi.exe
  2⤵
  PID:9288
- C:\Windows\System\GukTxit.exe
  C:\Windows\System\GukTxit.exe
  2⤵
  PID:9316
- C:\Windows\System\rwrbNnU.exe
  C:\Windows\System\rwrbNnU.exe
  2⤵
  PID:9352
- C:\Windows\System\gHNydYL.exe
  C:\Windows\System\gHNydYL.exe
  2⤵
  PID:9376
- C:\Windows\System\qMyaPpf.exe
  C:\Windows\System\qMyaPpf.exe
  2⤵
  PID:9404
- C:\Windows\System\YtXcLOG.exe
  C:\Windows\System\YtXcLOG.exe
  2⤵
  PID:9428
- C:\Windows\System\oZhFRXu.exe
  C:\Windows\System\oZhFRXu.exe
  2⤵
  PID:9472
- C:\Windows\System\HuZdhPl.exe
  C:\Windows\System\HuZdhPl.exe
  2⤵
  PID:9508
- C:\Windows\System\ryBdirl.exe
  C:\Windows\System\ryBdirl.exe
  2⤵
  PID:9536
- C:\Windows\System\NAdKIqW.exe
  C:\Windows\System\NAdKIqW.exe
  2⤵
  PID:9580
- C:\Windows\System\HmPRgjh.exe
  C:\Windows\System\HmPRgjh.exe
  2⤵
  PID:9604
- C:\Windows\System\aNXfejt.exe
  C:\Windows\System\aNXfejt.exe
  2⤵
  PID:9640
- C:\Windows\System\JWfrRyV.exe
  C:\Windows\System\JWfrRyV.exe
  2⤵
  PID:9672
- C:\Windows\System\AJWvCJp.exe
  C:\Windows\System\AJWvCJp.exe
  2⤵
  PID:9692
- C:\Windows\System\KBHiKHi.exe
  C:\Windows\System\KBHiKHi.exe
  2⤵
  PID:9716
- C:\Windows\System\IKVryfr.exe
  C:\Windows\System\IKVryfr.exe
  2⤵
  PID:9748
- C:\Windows\System\WxSFEJT.exe
  C:\Windows\System\WxSFEJT.exe
  2⤵
  PID:9784
- C:\Windows\System\uEaLVyU.exe
  C:\Windows\System\uEaLVyU.exe
  2⤵
  PID:9820
- C:\Windows\System\WqdLeSr.exe
  C:\Windows\System\WqdLeSr.exe
  2⤵
  PID:9840
- C:\Windows\System\wdPJTKm.exe
  C:\Windows\System\wdPJTKm.exe
  2⤵
  PID:9868
- C:\Windows\System\QqwBOhY.exe
  C:\Windows\System\QqwBOhY.exe
  2⤵
  PID:9896
- C:\Windows\System\KiIcMzi.exe
  C:\Windows\System\KiIcMzi.exe
  2⤵
  PID:9936
- C:\Windows\System\uQiJuSb.exe
  C:\Windows\System\uQiJuSb.exe
  2⤵
  PID:9960
- C:\Windows\System\GTxfDfW.exe
  C:\Windows\System\GTxfDfW.exe
  2⤵
  PID:9984
- C:\Windows\System\ChFnXAM.exe
  C:\Windows\System\ChFnXAM.exe
  2⤵
  PID:10008
- C:\Windows\System\PjpGblC.exe
  C:\Windows\System\PjpGblC.exe
  2⤵
  PID:10036
- C:\Windows\System\JBOgohv.exe
  C:\Windows\System\JBOgohv.exe
  2⤵
  PID:10060
- C:\Windows\System\hOIJMLC.exe
  C:\Windows\System\hOIJMLC.exe
  2⤵
  PID:10084
- C:\Windows\System\ongQPOm.exe
  C:\Windows\System\ongQPOm.exe
  2⤵
  PID:10104
- C:\Windows\System\NtzcARA.exe
  C:\Windows\System\NtzcARA.exe
  2⤵
  PID:10132
- C:\Windows\System\WMzPefG.exe
  C:\Windows\System\WMzPefG.exe
  2⤵
  PID:10168
- C:\Windows\System\csoBvrc.exe
  C:\Windows\System\csoBvrc.exe
  2⤵
  PID:10188
- C:\Windows\System\tSvtEGO.exe
  C:\Windows\System\tSvtEGO.exe
  2⤵
  PID:10208
- C:\Windows\System\LCwNxWa.exe
  C:\Windows\System\LCwNxWa.exe
  2⤵
  PID:8284
- C:\Windows\System\VxQwEyF.exe
  C:\Windows\System\VxQwEyF.exe
  2⤵
  PID:8688
- C:\Windows\System\JkvaBsb.exe
  C:\Windows\System\JkvaBsb.exe
  2⤵
  PID:9324
- C:\Windows\System\yNVKiHQ.exe
  C:\Windows\System\yNVKiHQ.exe
  2⤵
  PID:9308
- C:\Windows\System\vPQPNif.exe
  C:\Windows\System\vPQPNif.exe
  2⤵
  PID:9372
- C:\Windows\System\ltPuKDP.exe
  C:\Windows\System\ltPuKDP.exe
  2⤵
  PID:9460
- C:\Windows\System\vGaYSgA.exe
  C:\Windows\System\vGaYSgA.exe
  2⤵
  PID:9592
- C:\Windows\System\QkVOmvC.exe
  C:\Windows\System\QkVOmvC.exe
  2⤵
  PID:9664
- C:\Windows\System\MYFtHbh.exe
  C:\Windows\System\MYFtHbh.exe
  2⤵
  PID:9732
- C:\Windows\System\TQUmZSs.exe
  C:\Windows\System\TQUmZSs.exe
  2⤵
  PID:9772
- C:\Windows\System\MygQsxO.exe
  C:\Windows\System\MygQsxO.exe
  2⤵
  PID:9836
- C:\Windows\System\OcCNBHX.exe
  C:\Windows\System\OcCNBHX.exe
  2⤵
  PID:9880
- C:\Windows\System\XUDNYil.exe
  C:\Windows\System\XUDNYil.exe
  2⤵
  PID:9932
- C:\Windows\System\LjdMuDo.exe
  C:\Windows\System\LjdMuDo.exe
  2⤵
  PID:10004
- C:\Windows\System\MBLONjy.exe
  C:\Windows\System\MBLONjy.exe
  2⤵
  PID:10128
- C:\Windows\System\zoUUoKq.exe
  C:\Windows\System\zoUUoKq.exe
  2⤵
  PID:10156
- C:\Windows\System\fXUOiqO.exe
  C:\Windows\System\fXUOiqO.exe
  2⤵
  PID:10196
- C:\Windows\System\tGnbYZV.exe
  C:\Windows\System\tGnbYZV.exe
  2⤵
  PID:9312
- C:\Windows\System\waiqEJv.exe
  C:\Windows\System\waiqEJv.exe
  2⤵
  PID:9396
- C:\Windows\System\wLrTBzF.exe
  C:\Windows\System\wLrTBzF.exe
  2⤵
  PID:9520
- C:\Windows\System\igaBlbs.exe
  C:\Windows\System\igaBlbs.exe
  2⤵
  PID:9496
- C:\Windows\System\YAnLEmN.exe
  C:\Windows\System\YAnLEmN.exe
  2⤵
  PID:9764
- C:\Windows\System\SwicFGY.exe
  C:\Windows\System\SwicFGY.exe
  2⤵
  PID:9916
- C:\Windows\System\BScfqkH.exe
  C:\Windows\System\BScfqkH.exe
  2⤵
  PID:9980
- C:\Windows\System\yfDkTMq.exe
  C:\Windows\System\yfDkTMq.exe
  2⤵
  PID:10112
- C:\Windows\System\dmXuuAO.exe
  C:\Windows\System\dmXuuAO.exe
  2⤵
  PID:10228
- C:\Windows\System\EwpAFlK.exe
  C:\Windows\System\EwpAFlK.exe
  2⤵
  PID:9552
- C:\Windows\System\dMpHLvu.exe
  C:\Windows\System\dMpHLvu.exe
  2⤵
  PID:9364
- C:\Windows\System\ncjFmxz.exe
  C:\Windows\System\ncjFmxz.exe
  2⤵
  PID:9336
- C:\Windows\System\AsgEtgG.exe
  C:\Windows\System\AsgEtgG.exe
  2⤵
  PID:9268
- C:\Windows\System\brCvrfr.exe
  C:\Windows\System\brCvrfr.exe
  2⤵
  PID:10268
- C:\Windows\System\teMIwQT.exe
  C:\Windows\System\teMIwQT.exe
  2⤵
  PID:10308
- C:\Windows\System\TEDIHoR.exe
  C:\Windows\System\TEDIHoR.exe
  2⤵
  PID:10332
- C:\Windows\System\GHloqBQ.exe
  C:\Windows\System\GHloqBQ.exe
  2⤵
  PID:10360
- C:\Windows\System\dCpNPsV.exe
  C:\Windows\System\dCpNPsV.exe
  2⤵
  PID:10392
- C:\Windows\System\PQZUhsc.exe
  C:\Windows\System\PQZUhsc.exe
  2⤵
  PID:10412
- C:\Windows\System\YPbKUgd.exe
  C:\Windows\System\YPbKUgd.exe
  2⤵
  PID:10440
- C:\Windows\System\cGbBinU.exe
  C:\Windows\System\cGbBinU.exe
  2⤵
  PID:10464
- C:\Windows\System\PuYPaxa.exe
  C:\Windows\System\PuYPaxa.exe
  2⤵
  PID:10496
- C:\Windows\System\hjbklZn.exe
  C:\Windows\System\hjbklZn.exe
  2⤵
  PID:10524
- C:\Windows\System\WQcgYGN.exe
  C:\Windows\System\WQcgYGN.exe
  2⤵
  PID:10556
- C:\Windows\System\cuRcxCU.exe
  C:\Windows\System\cuRcxCU.exe
  2⤵
  PID:10592
- C:\Windows\System\SturNkF.exe
  C:\Windows\System\SturNkF.exe
  2⤵
  PID:10620
- C:\Windows\System\JAEbuCM.exe
  C:\Windows\System\JAEbuCM.exe
  2⤵
  PID:10652
- C:\Windows\System\EVpwOwy.exe
  C:\Windows\System\EVpwOwy.exe
  2⤵
  PID:10684
- C:\Windows\System\jWNeIfL.exe
  C:\Windows\System\jWNeIfL.exe
  2⤵
  PID:10712
- C:\Windows\System\sQVZgMx.exe
  C:\Windows\System\sQVZgMx.exe
  2⤵
  PID:10740
- C:\Windows\System\BXyuyLs.exe
  C:\Windows\System\BXyuyLs.exe
  2⤵
  PID:10768
- C:\Windows\System\GWAbLVs.exe
  C:\Windows\System\GWAbLVs.exe
  2⤵
  PID:10796
- C:\Windows\System\atEYXxq.exe
  C:\Windows\System\atEYXxq.exe
  2⤵
  PID:10832
- C:\Windows\System\gxCdjPu.exe
  C:\Windows\System\gxCdjPu.exe
  2⤵
  PID:10868
- C:\Windows\System\eQeAlGr.exe
  C:\Windows\System\eQeAlGr.exe
  2⤵
  PID:10888
- C:\Windows\System\jahqlaF.exe
  C:\Windows\System\jahqlaF.exe
  2⤵
  PID:10928
- C:\Windows\System\xavdgzW.exe
  C:\Windows\System\xavdgzW.exe
  2⤵
  PID:10952
- C:\Windows\System\kIJmULj.exe
  C:\Windows\System\kIJmULj.exe
  2⤵
  PID:10972
- C:\Windows\System\wKmNkDd.exe
  C:\Windows\System\wKmNkDd.exe
  2⤵
  PID:11016
- C:\Windows\System\CiWLCVd.exe
  C:\Windows\System\CiWLCVd.exe
  2⤵
  PID:11036
- C:\Windows\System\oabZaGb.exe
  C:\Windows\System\oabZaGb.exe
  2⤵
  PID:11068
- C:\Windows\System\WJsXGGW.exe
  C:\Windows\System\WJsXGGW.exe
  2⤵
  PID:11096
- C:\Windows\System\zaUcQjm.exe
  C:\Windows\System\zaUcQjm.exe
  2⤵
  PID:11136
- C:\Windows\System\ppycORs.exe
  C:\Windows\System\ppycORs.exe
  2⤵
  PID:11164
- C:\Windows\System\OytjvkS.exe
  C:\Windows\System\OytjvkS.exe
  2⤵
  PID:11192
- C:\Windows\System\pdrctGP.exe
  C:\Windows\System\pdrctGP.exe
  2⤵
  PID:11224
- C:\Windows\System\nHDgjgt.exe
  C:\Windows\System\nHDgjgt.exe
  2⤵
  PID:11248
- C:\Windows\System\niKrWDC.exe
  C:\Windows\System\niKrWDC.exe
  2⤵
  PID:10180
- C:\Windows\System\EPaojQV.exe
  C:\Windows\System\EPaojQV.exe
  2⤵
  PID:10288
- C:\Windows\System\zkgsdVD.exe
  C:\Windows\System\zkgsdVD.exe
  2⤵
  PID:10388
- C:\Windows\System\xqGkufo.exe
  C:\Windows\System\xqGkufo.exe
  2⤵
  PID:10352
- C:\Windows\System\fdIDjkT.exe
  C:\Windows\System\fdIDjkT.exe
  2⤵
  PID:10448
- C:\Windows\System\BNdbPqa.exe
  C:\Windows\System\BNdbPqa.exe
  2⤵
  PID:10568
- C:\Windows\System\HSVNIfP.exe
  C:\Windows\System\HSVNIfP.exe
  2⤵
  PID:10676
- C:\Windows\System\bblysgr.exe
  C:\Windows\System\bblysgr.exe
  2⤵
  PID:10732
- C:\Windows\System\nZmXtlf.exe
  C:\Windows\System\nZmXtlf.exe
  2⤵
  PID:10704
- C:\Windows\System\CFknhEz.exe
  C:\Windows\System\CFknhEz.exe
  2⤵
  PID:10728
- C:\Windows\System\EJjOXaX.exe
  C:\Windows\System\EJjOXaX.exe
  2⤵
  PID:10788
- C:\Windows\System\tiKuZHa.exe
  C:\Windows\System\tiKuZHa.exe
  2⤵
  PID:10856
- C:\Windows\System\qPsvXIm.exe
  C:\Windows\System\qPsvXIm.exe
  2⤵
  PID:10948
- C:\Windows\System\NhJfvcI.exe
  C:\Windows\System\NhJfvcI.exe
  2⤵
  PID:11024
- C:\Windows\System\tFFUmCY.exe
  C:\Windows\System\tFFUmCY.exe
  2⤵
  PID:11092
- C:\Windows\System\WRVsWlA.exe
  C:\Windows\System\WRVsWlA.exe
  2⤵
  PID:11148
- C:\Windows\System\KQxHJEX.exe
  C:\Windows\System\KQxHJEX.exe
  2⤵
  PID:11180
- C:\Windows\System\xNbiXNJ.exe
  C:\Windows\System\xNbiXNJ.exe
  2⤵
  PID:11232
- C:\Windows\System\dbbFSYl.exe
  C:\Windows\System\dbbFSYl.exe
  2⤵
  PID:10340
- C:\Windows\System\elUpOJT.exe
  C:\Windows\System\elUpOJT.exe
  2⤵
  PID:4612
- C:\Windows\System\TDYeXew.exe
  C:\Windows\System\TDYeXew.exe
  2⤵
  PID:10432
- C:\Windows\System\eAnYmCN.exe
  C:\Windows\System\eAnYmCN.exe
  2⤵
  PID:10660
- C:\Windows\System\gFOJPSm.exe
  C:\Windows\System\gFOJPSm.exe
  2⤵
  PID:10752
- C:\Windows\System\JFYVvpc.exe
  C:\Windows\System\JFYVvpc.exe
  2⤵
  PID:10992
- C:\Windows\System\TISokZM.exe
  C:\Windows\System\TISokZM.exe
  2⤵
  PID:9572
- C:\Windows\System\ipuLDIJ.exe
  C:\Windows\System\ipuLDIJ.exe
  2⤵
  PID:10276
- C:\Windows\System\htQDTEe.exe
  C:\Windows\System\htQDTEe.exe
  2⤵
  PID:11156
- C:\Windows\System\KuwsJoa.exe
  C:\Windows\System\KuwsJoa.exe
  2⤵
  PID:10548
- C:\Windows\System\mOQynwj.exe
  C:\Windows\System\mOQynwj.exe
  2⤵
  PID:10380
- C:\Windows\System\hvPLbjR.exe
  C:\Windows\System\hvPLbjR.exe
  2⤵
  PID:11284
- C:\Windows\System\TpbzpJZ.exe
  C:\Windows\System\TpbzpJZ.exe
  2⤵
  PID:11312
- C:\Windows\System\TGEhsTj.exe
  C:\Windows\System\TGEhsTj.exe
  2⤵
  PID:11336
- C:\Windows\System\LXhfQlt.exe
  C:\Windows\System\LXhfQlt.exe
  2⤵
  PID:11372
- C:\Windows\System\pwsuSEa.exe
  C:\Windows\System\pwsuSEa.exe
  2⤵
  PID:11400
- C:\Windows\System\cuPLNPL.exe
  C:\Windows\System\cuPLNPL.exe
  2⤵
  PID:11432
- C:\Windows\System\cvvlCOb.exe
  C:\Windows\System\cvvlCOb.exe
  2⤵
  PID:11460
- C:\Windows\System\odIdjHb.exe
  C:\Windows\System\odIdjHb.exe
  2⤵
  PID:11492
- C:\Windows\System\rcZYAOM.exe
  C:\Windows\System\rcZYAOM.exe
  2⤵
  PID:11516
- C:\Windows\System\wqPqFFX.exe
  C:\Windows\System\wqPqFFX.exe
  2⤵
  PID:11540
- C:\Windows\System\jLlQatQ.exe
  C:\Windows\System\jLlQatQ.exe
  2⤵
  PID:11572
- C:\Windows\System\CiHWrVG.exe
  C:\Windows\System\CiHWrVG.exe
  2⤵
  PID:11604
- C:\Windows\System\pRBJYXi.exe
  C:\Windows\System\pRBJYXi.exe
  2⤵
  PID:11640
- C:\Windows\System\ZXAqsFz.exe
  C:\Windows\System\ZXAqsFz.exe
  2⤵
  PID:11660
- C:\Windows\System\gYMuvSb.exe
  C:\Windows\System\gYMuvSb.exe
  2⤵
  PID:11692
- C:\Windows\System\dBpuDqi.exe
  C:\Windows\System\dBpuDqi.exe
  2⤵
  PID:11716
- C:\Windows\System\akLEfqu.exe
  C:\Windows\System\akLEfqu.exe
  2⤵
  PID:11744
- C:\Windows\System\YvqoUSS.exe
  C:\Windows\System\YvqoUSS.exe
  2⤵
  PID:11776
- C:\Windows\System\sQswVIo.exe
  C:\Windows\System\sQswVIo.exe
  2⤵
  PID:11796
- C:\Windows\System\cmAiaXW.exe
  C:\Windows\System\cmAiaXW.exe
  2⤵
  PID:11820
- C:\Windows\System\usAGmmd.exe
  C:\Windows\System\usAGmmd.exe
  2⤵
  PID:11840
- C:\Windows\System\LHhYLwT.exe
  C:\Windows\System\LHhYLwT.exe
  2⤵
  PID:11864
- C:\Windows\System\NbEqJKY.exe
  C:\Windows\System\NbEqJKY.exe
  2⤵
  PID:11888
- C:\Windows\System\kxrxoDr.exe
  C:\Windows\System\kxrxoDr.exe
  2⤵
  PID:11916
- C:\Windows\System\WwbDCrv.exe
  C:\Windows\System\WwbDCrv.exe
  2⤵
  PID:11944
- C:\Windows\System\xJqVaAv.exe
  C:\Windows\System\xJqVaAv.exe
  2⤵
  PID:11972
- C:\Windows\System\mmlsrbl.exe
  C:\Windows\System\mmlsrbl.exe
  2⤵
  PID:12008
- C:\Windows\System\grqTCxy.exe
  C:\Windows\System\grqTCxy.exe
  2⤵
  PID:12028
- C:\Windows\System\LnBPhap.exe
  C:\Windows\System\LnBPhap.exe
  2⤵
  PID:12060
- C:\Windows\System\NNHnUOH.exe
  C:\Windows\System\NNHnUOH.exe
  2⤵
  PID:12084
- C:\Windows\System\AyOuCpb.exe
  C:\Windows\System\AyOuCpb.exe
  2⤵
  PID:12116
- C:\Windows\System\ypatSav.exe
  C:\Windows\System\ypatSav.exe
  2⤵
  PID:12140
- C:\Windows\System\tqqBvFn.exe
  C:\Windows\System\tqqBvFn.exe
  2⤵
  PID:12176
- C:\Windows\System\fNuktfZ.exe
  C:\Windows\System\fNuktfZ.exe
  2⤵
  PID:12204
- C:\Windows\System\tnIsIYr.exe
  C:\Windows\System\tnIsIYr.exe
  2⤵
  PID:12236
- C:\Windows\System\KgQwgkH.exe
  C:\Windows\System\KgQwgkH.exe
  2⤵
  PID:12276
- C:\Windows\System\TpmkIRp.exe
  C:\Windows\System\TpmkIRp.exe
  2⤵
  PID:10252
- C:\Windows\System\DJplCVJ.exe
  C:\Windows\System\DJplCVJ.exe
  2⤵
  PID:11236
- C:\Windows\System\mxRQtPx.exe
  C:\Windows\System\mxRQtPx.exe
  2⤵
  PID:11300
- C:\Windows\System\GfSgEon.exe
  C:\Windows\System\GfSgEon.exe
  2⤵
  PID:11392
- C:\Windows\System\TCGrkhO.exe
  C:\Windows\System\TCGrkhO.exe
  2⤵
  PID:11528
- C:\Windows\System\sWhChDh.exe
  C:\Windows\System\sWhChDh.exe
  2⤵
  PID:11488
- C:\Windows\System\bNuWMDA.exe
  C:\Windows\System\bNuWMDA.exe
  2⤵
  PID:11596
- C:\Windows\System\YPykyDG.exe
  C:\Windows\System\YPykyDG.exe
  2⤵
  PID:11672
- C:\Windows\System\dyGzTvE.exe
  C:\Windows\System\dyGzTvE.exe
  2⤵
  PID:11700
- C:\Windows\System\pupCyax.exe
  C:\Windows\System\pupCyax.exe
  2⤵
  PID:11784
- C:\Windows\System\iRWiKnD.exe
  C:\Windows\System\iRWiKnD.exe
  2⤵
  PID:11768
- C:\Windows\System\AYHlHwm.exe
  C:\Windows\System\AYHlHwm.exe
  2⤵
  PID:11940
- C:\Windows\System\ZEsYHdd.exe
  C:\Windows\System\ZEsYHdd.exe
  2⤵
  PID:11912
- C:\Windows\System\Dtgblbk.exe
  C:\Windows\System\Dtgblbk.exe
  2⤵
  PID:12052
- C:\Windows\System\tmbwfWG.exe
  C:\Windows\System\tmbwfWG.exe
  2⤵
  PID:12168
- C:\Windows\System\jzdUzZS.exe
  C:\Windows\System\jzdUzZS.exe
  2⤵
  PID:12152
- C:\Windows\System\hYQOvCx.exe
  C:\Windows\System\hYQOvCx.exe
  2⤵
  PID:12200
- C:\Windows\System\RtHTkGM.exe
  C:\Windows\System\RtHTkGM.exe
  2⤵
  PID:11280
- C:\Windows\System\LuHSMXe.exe
  C:\Windows\System\LuHSMXe.exe
  2⤵
  PID:11424
- C:\Windows\System\EqvDzIA.exe
  C:\Windows\System\EqvDzIA.exe
  2⤵
  PID:11676
- C:\Windows\System\KeXzAiL.exe
  C:\Windows\System\KeXzAiL.exe
  2⤵
  PID:11760
- C:\Windows\System\JOwerko.exe
  C:\Windows\System\JOwerko.exe
  2⤵
  PID:11736
- C:\Windows\System\BXxZhMc.exe
  C:\Windows\System\BXxZhMc.exe
  2⤵
  PID:11876
- C:\Windows\System\xRIUizP.exe
  C:\Windows\System\xRIUizP.exe
  2⤵
  PID:11908
- C:\Windows\System\XkyBqOv.exe
  C:\Windows\System\XkyBqOv.exe
  2⤵
  PID:10944
- C:\Windows\System\vQbRNcb.exe
  C:\Windows\System\vQbRNcb.exe
  2⤵
  PID:10912
- C:\Windows\System\aiGPDJz.exe
  C:\Windows\System\aiGPDJz.exe
  2⤵
  PID:12220
- C:\Windows\System\cLfHyAt.exe
  C:\Windows\System\cLfHyAt.exe
  2⤵
  PID:12004
- C:\Windows\System\lDmpmuc.exe
  C:\Windows\System\lDmpmuc.exe
  2⤵
  PID:11816
- C:\Windows\System\DXYncoG.exe
  C:\Windows\System\DXYncoG.exe
  2⤵
  PID:12316
- C:\Windows\System\JROTuLb.exe
  C:\Windows\System\JROTuLb.exe
  2⤵
  PID:12340
- C:\Windows\System\gHelilD.exe
  C:\Windows\System\gHelilD.exe
  2⤵
  PID:12372
- C:\Windows\System\kKIkEhz.exe
  C:\Windows\System\kKIkEhz.exe
  2⤵
  PID:12388
- C:\Windows\System\RMFTzFf.exe
  C:\Windows\System\RMFTzFf.exe
  2⤵
  PID:12424
- C:\Windows\System\ijMNILu.exe
  C:\Windows\System\ijMNILu.exe
  2⤵
  PID:12452
- C:\Windows\System\nTCcpwA.exe
  C:\Windows\System\nTCcpwA.exe
  2⤵
  PID:12488
- C:\Windows\System\AopFFsc.exe
  C:\Windows\System\AopFFsc.exe
  2⤵
  PID:12512
- C:\Windows\System\sGUBbea.exe
  C:\Windows\System\sGUBbea.exe
  2⤵
  PID:12540
- C:\Windows\System\RkIoFms.exe
  C:\Windows\System\RkIoFms.exe
  2⤵
  PID:12560
- C:\Windows\System\QtRyOVX.exe
  C:\Windows\System\QtRyOVX.exe
  2⤵
  PID:12584
- C:\Windows\System\ODRGtdH.exe
  C:\Windows\System\ODRGtdH.exe
  2⤵
  PID:12632
- C:\Windows\System\tONzrBO.exe
  C:\Windows\System\tONzrBO.exe
  2⤵
  PID:12664
- C:\Windows\System\cGHzEGk.exe
  C:\Windows\System\cGHzEGk.exe
  2⤵
  PID:12680
- C:\Windows\System\dQKhjEd.exe
  C:\Windows\System\dQKhjEd.exe
  2⤵
  PID:12696
- C:\Windows\System\vwYgVtu.exe
  C:\Windows\System\vwYgVtu.exe
  2⤵
  PID:12732
- C:\Windows\System\UYILBqO.exe
  C:\Windows\System\UYILBqO.exe
  2⤵
  PID:12760
- C:\Windows\System\XEOGbVL.exe
  C:\Windows\System\XEOGbVL.exe
  2⤵
  PID:12796
- C:\Windows\System\APMMFQl.exe
  C:\Windows\System\APMMFQl.exe
  2⤵
  PID:12828
- C:\Windows\System\qKuUoxC.exe
  C:\Windows\System\qKuUoxC.exe
  2⤵
  PID:12848
- C:\Windows\System\jWKlgsZ.exe
  C:\Windows\System\jWKlgsZ.exe
  2⤵
  PID:12876
- C:\Windows\System\fpcKIJh.exe
  C:\Windows\System\fpcKIJh.exe
  2⤵
  PID:12892
- C:\Windows\System\szboVtI.exe
  C:\Windows\System\szboVtI.exe
  2⤵
  PID:12920
- C:\Windows\System\CZjIgeR.exe
  C:\Windows\System\CZjIgeR.exe
  2⤵
  PID:12952
- C:\Windows\System\DJgQjne.exe
  C:\Windows\System\DJgQjne.exe
  2⤵
  PID:12988
- C:\Windows\System\MbIURgY.exe
  C:\Windows\System\MbIURgY.exe
  2⤵
  PID:13012
- C:\Windows\System\ziOKpcM.exe
  C:\Windows\System\ziOKpcM.exe
  2⤵
  PID:13036
- C:\Windows\System\KXTVDqX.exe
  C:\Windows\System\KXTVDqX.exe
  2⤵
  PID:13064
- C:\Windows\System\aTFamlw.exe
  C:\Windows\System\aTFamlw.exe
  2⤵
  PID:13088
- C:\Windows\System\qgEHYpl.exe
  C:\Windows\System\qgEHYpl.exe
  2⤵
  PID:13112
- C:\Windows\System\SVfjsKh.exe
  C:\Windows\System\SVfjsKh.exe
  2⤵
  PID:13140
- C:\Windows\System\prjHoyR.exe
  C:\Windows\System\prjHoyR.exe
  2⤵
  PID:13164
- C:\Windows\System\VBCYcJm.exe
  C:\Windows\System\VBCYcJm.exe
  2⤵
  PID:13192
- C:\Windows\System\QOqAzhL.exe
  C:\Windows\System\QOqAzhL.exe
  2⤵
  PID:13216
- C:\Windows\System\PQdzSBl.exe
  C:\Windows\System\PQdzSBl.exe
  2⤵
  PID:13244
- C:\Windows\System\aiSwbqo.exe
  C:\Windows\System\aiSwbqo.exe
  2⤵
  PID:13276
- C:\Windows\System\NzQJWef.exe
  C:\Windows\System\NzQJWef.exe
  2⤵
  PID:13300
- C:\Windows\System\uOgrVmv.exe
  C:\Windows\System\uOgrVmv.exe
  2⤵
  PID:11936
- C:\Windows\System\GZIGPum.exe
  C:\Windows\System\GZIGPum.exe
  2⤵
  PID:12352
- C:\Windows\System\vZONSsH.exe
  C:\Windows\System\vZONSsH.exe
  2⤵
  PID:12408
- C:\Windows\System\lVzLfuC.exe
  C:\Windows\System\lVzLfuC.exe
  2⤵
  PID:12460
- C:\Windows\System\zrovibM.exe
  C:\Windows\System\zrovibM.exe
  2⤵
  PID:12620
- C:\Windows\System\fLqTjkG.exe
  C:\Windows\System\fLqTjkG.exe
  2⤵
  PID:12656
- C:\Windows\System\oqRlfpx.exe
  C:\Windows\System\oqRlfpx.exe
  2⤵
  PID:12720
- C:\Windows\System\FUyByeQ.exe
  C:\Windows\System\FUyByeQ.exe
  2⤵
  PID:12784
- C:\Windows\System\ZVpFfzc.exe
  C:\Windows\System\ZVpFfzc.exe
  2⤵
  PID:12824
- C:\Windows\System\HKSQiqY.exe
  C:\Windows\System\HKSQiqY.exe
  2⤵
  PID:12936
- C:\Windows\System\TVmkYOA.exe
  C:\Windows\System\TVmkYOA.exe
  2⤵
  PID:12976
- C:\Windows\System\plZPiKI.exe
  C:\Windows\System\plZPiKI.exe
  2⤵
  PID:13052
- C:\Windows\System\lOWsxZa.exe
  C:\Windows\System\lOWsxZa.exe
  2⤵
  PID:13108
- C:\Windows\System\qjtbyPx.exe
  C:\Windows\System\qjtbyPx.exe
  2⤵
  PID:13124
- C:\Windows\System\lueHhtk.exe
  C:\Windows\System\lueHhtk.exe
  2⤵
  PID:13284
- C:\Windows\System\PCOQeRJ.exe
  C:\Windows\System\PCOQeRJ.exe
  2⤵
  PID:11752
- C:\Windows\System\GoJxOYC.exe
  C:\Windows\System\GoJxOYC.exe
  2⤵
  PID:13288
- C:\Windows\System\xNLdFDa.exe
  C:\Windows\System\xNLdFDa.exe
  2⤵
  PID:12608
- C:\Windows\System\hhOBflt.exe
  C:\Windows\System\hhOBflt.exe
  2⤵
  PID:12572
- C:\Windows\System\vGWoVYB.exe
  C:\Windows\System\vGWoVYB.exe
  2⤵
  PID:12740
- C:\Windows\System\FhrtCIi.exe
  C:\Windows\System\FhrtCIi.exe
  2⤵
  PID:12904
- C:\Windows\System\mxZiHAg.exe
  C:\Windows\System\mxZiHAg.exe
  2⤵
  PID:12964
- C:\Windows\System\MKkHLyx.exe
  C:\Windows\System\MKkHLyx.exe
  2⤵
  PID:13148
- C:\Windows\System\XBBqLfm.exe
  C:\Windows\System\XBBqLfm.exe
  2⤵
  PID:12400
- C:\Windows\System\gbcZhye.exe
  C:\Windows\System\gbcZhye.exe
  2⤵
  PID:12364
- C:\Windows\System\rNThDKX.exe
  C:\Windows\System\rNThDKX.exe
  2⤵
  PID:13336
- C:\Windows\System\iNAGUJV.exe
  C:\Windows\System\iNAGUJV.exe
  2⤵
  PID:13360
- C:\Windows\System\rVXLtVP.exe
  C:\Windows\System\rVXLtVP.exe
  2⤵
  PID:13376
- C:\Windows\System\wNgWadh.exe
  C:\Windows\System\wNgWadh.exe
  2⤵
  PID:13400
- C:\Windows\System\YSjmHGK.exe
  C:\Windows\System\YSjmHGK.exe
  2⤵
  PID:13428
- C:\Windows\System\vjxzYQg.exe
  C:\Windows\System\vjxzYQg.exe
  2⤵
  PID:13456
- C:\Windows\System\Yvmyybk.exe
  C:\Windows\System\Yvmyybk.exe
  2⤵
  PID:13488
- C:\Windows\System\yUgzlFP.exe
  C:\Windows\System\yUgzlFP.exe
  2⤵
  PID:13520
- C:\Windows\System\LRtUJCI.exe
  C:\Windows\System\LRtUJCI.exe
  2⤵
  PID:13552
- C:\Windows\System\PGVIWzW.exe
  C:\Windows\System\PGVIWzW.exe
  2⤵
  PID:13588
- C:\Windows\System\hRKhidk.exe
  C:\Windows\System\hRKhidk.exe
  2⤵
  PID:13616
- C:\Windows\System\fclliZI.exe
  C:\Windows\System\fclliZI.exe
  2⤵
  PID:13644
- C:\Windows\System\pGatGQS.exe
  C:\Windows\System\pGatGQS.exe
  2⤵
  PID:13676
- C:\Windows\System\PqjYRJL.exe
  C:\Windows\System\PqjYRJL.exe
  2⤵
  PID:13700
- C:\Windows\System\knirGBV.exe
  C:\Windows\System\knirGBV.exe
  2⤵
  PID:13724
- C:\Windows\System\qCGXFiy.exe
  C:\Windows\System\qCGXFiy.exe
  2⤵
  PID:13752
- C:\Windows\System\qQQwURE.exe
  C:\Windows\System\qQQwURE.exe
  2⤵
  PID:13776
- C:\Windows\System\RibgcAj.exe
  C:\Windows\System\RibgcAj.exe
  2⤵
  PID:13804
- C:\Windows\System\kOXbVwl.exe
  C:\Windows\System\kOXbVwl.exe
  2⤵
  PID:13836
- C:\Windows\System\CkKJuBt.exe
  C:\Windows\System\CkKJuBt.exe
  2⤵
  PID:13864
- C:\Windows\System\aWPUTNd.exe
  C:\Windows\System\aWPUTNd.exe
  2⤵
  PID:13880
- C:\Windows\System\WIMjvtu.exe
  C:\Windows\System\WIMjvtu.exe
  2⤵
  PID:13904
- C:\Windows\System\aXPIgYw.exe
  C:\Windows\System\aXPIgYw.exe
  2⤵
  PID:13920
- C:\Windows\System\PYAFEgc.exe
  C:\Windows\System\PYAFEgc.exe
  2⤵
  PID:13956
- C:\Windows\System\BmHhsVk.exe
  C:\Windows\System\BmHhsVk.exe
  2⤵
  PID:13972
- C:\Windows\System\bvpzLGs.exe
  C:\Windows\System\bvpzLGs.exe
  2⤵
  PID:13988
- C:\Windows\System\lNjwKfQ.exe
  C:\Windows\System\lNjwKfQ.exe
  2⤵
  PID:14020
- C:\Windows\System\undgtYu.exe
  C:\Windows\System\undgtYu.exe
  2⤵
  PID:14036
- C:\Windows\System\lmZjZDP.exe
  C:\Windows\System\lmZjZDP.exe
  2⤵
  PID:14060
- C:\Windows\System\qsPkLxs.exe
  C:\Windows\System\qsPkLxs.exe
  2⤵
  PID:14084
- C:\Windows\System\JyuMAQP.exe
  C:\Windows\System\JyuMAQP.exe
  2⤵
  PID:14112
- C:\Windows\System\XIRSOmA.exe
  C:\Windows\System\XIRSOmA.exe
  2⤵
  PID:14136
- C:\Windows\System\nMVqsaa.exe
  C:\Windows\System\nMVqsaa.exe
  2⤵
  PID:14168
- C:\Windows\System\MqCrIfA.exe
  C:\Windows\System\MqCrIfA.exe
  2⤵
  PID:14188
- C:\Windows\System\fgAVIxp.exe
  C:\Windows\System\fgAVIxp.exe
  2⤵
  PID:14220
- C:\Windows\System\SxhxNUP.exe
  C:\Windows\System\SxhxNUP.exe
  2⤵
  PID:14248
- C:\Windows\System\FNRRvJZ.exe
  C:\Windows\System\FNRRvJZ.exe
  2⤵
  PID:14276
- C:\Windows\System\FrEJcSD.exe
  C:\Windows\System\FrEJcSD.exe
  2⤵
  PID:14296
- C:\Windows\System\SoanSiK.exe
  C:\Windows\System\SoanSiK.exe
  2⤵
  PID:14328
- C:\Windows\System\ncNUley.exe
  C:\Windows\System\ncNUley.exe
  2⤵
  PID:12712
- C:\Windows\System\nikkLVI.exe
  C:\Windows\System\nikkLVI.exe
  2⤵
  PID:13076
- C:\Windows\System\xGVqTml.exe
  C:\Windows\System\xGVqTml.exe
  2⤵
  PID:12420
- C:\Windows\System\hMxGYBy.exe
  C:\Windows\System\hMxGYBy.exe
  2⤵
  PID:13348
- C:\Windows\System\AlLMOBz.exe
  C:\Windows\System\AlLMOBz.exe
  2⤵
  PID:13444
- C:\Windows\System\VVcFFcH.exe
  C:\Windows\System\VVcFFcH.exe
  2⤵
  PID:13468
- C:\Windows\System\QqtzSPt.exe
  C:\Windows\System\QqtzSPt.exe
  2⤵
  PID:13628
- C:\Windows\System\nQuWdex.exe
  C:\Windows\System\nQuWdex.exe
  2⤵
  PID:13672
- C:\Windows\System\vcyuoXT.exe
  C:\Windows\System\vcyuoXT.exe
  2⤵
  PID:13684
- C:\Windows\System\mCHYLBW.exe
  C:\Windows\System\mCHYLBW.exe
  2⤵
  PID:13784
- C:\Windows\System\rznrBqL.exe
  C:\Windows\System\rznrBqL.exe
  2⤵
  PID:13760
- C:\Windows\System\nAzDFOm.exe
  C:\Windows\System\nAzDFOm.exe
  2⤵
  PID:5852
- C:\Windows\System\cyrqCBK.exe
  C:\Windows\System\cyrqCBK.exe
  2⤵
  PID:13948
- C:\Windows\System\jEYQJIK.exe
  C:\Windows\System\jEYQJIK.exe
  2⤵
  PID:4060
- C:\Windows\System\VQhsKqm.exe
  C:\Windows\System\VQhsKqm.exe
  2⤵
  PID:14056
- C:\Windows\System\OLMnNzD.exe
  C:\Windows\System\OLMnNzD.exe
  2⤵
  PID:14000
- C:\Windows\System\nEqcDBX.exe
  C:\Windows\System\nEqcDBX.exe
  2⤵
  PID:14176
- C:\Windows\System\KHwniTo.exe
  C:\Windows\System\KHwniTo.exe
  2⤵
  PID:14240
- C:\Windows\System\tKQKpwE.exe
  C:\Windows\System\tKQKpwE.exe
  2⤵
  PID:14272
- C:\Windows\System\ZyGiNNc.exe
  C:\Windows\System\ZyGiNNc.exe
  2⤵
  PID:14228
- C:\Windows\System\SvvJhXc.exe
  C:\Windows\System\SvvJhXc.exe
  2⤵
  PID:14316
- C:\Windows\System\FKNWNYd.exe
  C:\Windows\System\FKNWNYd.exe
  2⤵
  PID:13512
- C:\Windows\System\WIKPWnl.exe
  C:\Windows\System\WIKPWnl.exe
  2⤵
  PID:13472
- C:\Windows\System\VPhFplp.exe
  C:\Windows\System\VPhFplp.exe
  2⤵
  PID:13564
- C:\Windows\System\PjPphcA.exe
  C:\Windows\System\PjPphcA.exe
  2⤵
  PID:13396
- C:\Windows\System\EuwMPCb.exe
  C:\Windows\System\EuwMPCb.exe
  2⤵
  PID:13236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1424,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
1⤵
PID:2052

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AEClnCz.exe

Filesize
2.0MB

MD5
6a6da31224d4c6cfc5e1f40d3ba4e8ac

SHA1
c4c171813c6a270fc210ad998da418ce374b2531

SHA256
659a1f5231dee1218ec3b09ed56000dc3febda962f3dd646a18d19ba35c1d355

SHA512
9f24163c89b1ff73ee7615eaa8a6770c0b4fc0ec94bc12fe9a993f56c65beb371c1d0c1a78358b36a94a7cbc68efea6109d9e0782f1bf7aed461361d6df37da1

Download Submit
C:\Windows\System\ARIhaAq.exe

Filesize
2.0MB

MD5
afcf4f93d884a5130d50b66a7e180e19

SHA1
ed2373c5cfbc4000ad989842d92577356ed68916

SHA256
18ed68e6c192234576cf3c1bf7a4733f59865ce347de37e6f4dd8387a1fcdfb7

SHA512
8a4cf3cc7e588f6bc643da542e72c4496ee62a6c136d76b44951063bc5df519a20f6b42bb009796ce0700ad758b4e5a5afea8b18db53cfe9ce4a22d9c61881ec

Download Submit
C:\Windows\System\AgzEwmH.exe

Filesize
2.0MB

MD5
b13fe5a8b35284ebd487294f966cb90b

SHA1
d73e32a62c88431cc62ed0c75ec064c21009e026

SHA256
f85ca5e71ddc7ddf7ecec58a2dcd642bb6a03f4bbb4ea93636b5a05bc0a5d33e

SHA512
5f460e32699077721353af8f73c9140bbd107b83112dd8e9553f60d8e3aab095c8395bfb1216b31c6048c8653c385edc26869b5621494bbb0876b4f1a824e447

Download Submit
C:\Windows\System\BbTWsFz.exe

Filesize
2.0MB

MD5
55fe9314ef86137375865a67e538a513

SHA1
5732ec87dc83195a6aa4d8b879c798597c8f2985

SHA256
7f49db562ccfdd70834307b10c580458d9ed55c321c3ff1ee6270c1e1f4ce9b7

SHA512
4236a9283362653965e4b222b36a6418133d55b09ba4ac199d430eaea9b37ef6bcbaacec9438024e9e78558b750a1c69717615f0c564de8a24d233d8216fa5b5

Download Submit
C:\Windows\System\CHkZXlp.exe

Filesize
2.0MB

MD5
3b36607b8637c7b1a4c5abb0eb7eed12

SHA1
e40d636ec3fb24e5a3b426ba76de932404b5a1a4

SHA256
42911e80283c9c85b7bc1df219b62199228f198dda569725233910144987c23e

SHA512
2f784864bcd35bc1e111ea194ba88b3ecc3b9f47e3974706003040323f933fa16184d520db9b50c28fe008c16612183e6b5a24662e433c7c87c63a9c26fdca9f

Download Submit
C:\Windows\System\DxCrPMe.exe

Filesize
2.0MB

MD5
80cdcf65492fddd59de51ebed5211637

SHA1
06acb483ecc06d82b488744be36f7d1fc5fcc567

SHA256
fc752b0595df0392a23f2da4158feda28f0619e78940e45ca56e92af516b86aa

SHA512
9ffee6567937d31fe22fbe9e0bbe8d42b6cc080359217bdaf4e3952b970679f26d159c259924a2a28b6ee7e971985eaeb8943d432ee649bc839497a928ed2bd2

Download Submit
C:\Windows\System\EzTLOtd.exe

Filesize
2.0MB

MD5
0d0593107e40a4015cd63db79e8296cc

SHA1
f7013248fd5e772164c112074eb96173e981c947

SHA256
ddffb8844720048b0565e5e86b69f38d10e3b01a296df6a81d336e2d4b780fec

SHA512
a71c94a360a452c3cffc0f02af4f7db9eed5056a1862ea7bce7cbacb2ca994667b1807c9fdd04916c5e3d42c6730f43ca543ad3d96937c53b8be3067fd9271a5

Download Submit
C:\Windows\System\GPsLyPm.exe

Filesize
2.0MB

MD5
b523c4de943b2e123a68974036f63b23

SHA1
726be5eb6e3e7c8177498cb9381b6cdb3b88d2ef

SHA256
f71695f60a87652ebe94497d9587493e3e54bff17fc4f091f354aab2c2ce02fd

SHA512
134eaf44f2e073b00564b351bb62b4b0f26dfbf0b5d35de2be9fad30a7a0121df6c10989331061de16bc0b3f025db33219950df55ad34ad494d1700d82783723

Download Submit
C:\Windows\System\HctBEdU.exe

Filesize
2.0MB

MD5
4df2c9ef869d7c63849b7f5a39e670b3

SHA1
e01c1b5bcf960ea91aa3cb0b40f30223c86765a3

SHA256
3c0f90b602e420e5ded3819f4d1595bcfb9e4ca021f6cc81da828905452d7ce5

SHA512
2af3ab67c277fe61de35a542a356cd559aad4cbe1d657cc16ee4fb2999ac77df5b3093621780d50c1d80609b8ff63bc4b0dd1f21d293f0ca80f7061d34e15c57

Download Submit
C:\Windows\System\IqZKUZF.exe

Filesize
2.0MB

MD5
54f97a4f14f487f0fa2e7943ca111020

SHA1
7e875ec727fd426bc305e97c26e8eeef6b6966f1

SHA256
d2a9dc1670190191786e6040b243f918c75c0bc92b9b84b89633812eb48a1722

SHA512
54528daa9aacd0ff181adee7b9fb3e89239f5859e94bd68bab631984bd7a52f72ca0192844657c0454f0fcc71f44ac827a12838c50751e9e55f183db8e3c266c

Download Submit
C:\Windows\System\KGfyrhT.exe

Filesize
2.0MB

MD5
1b9c571973b151ed202d3888b3376fea

SHA1
2f065e597e0bb7a0a571bcfab6e7d78a520d640b

SHA256
5476d34b8fb6b87844343370fba90546c80613c42effe15bd666f1e1c3ece150

SHA512
2b5fbd1dbd992b4f1df6270fbbd8d0115fcc1a5f0eab8bdc8b9a5b1f2f3bd3417abe9d8c8448013c52d77e9f46963d41c89d0dea106f1cc421acb6705708fe8b

Download Submit
C:\Windows\System\MREpSfe.exe

Filesize
2.0MB

MD5
6ae79abf67668d70a92f28e364b58fe7

SHA1
5b14df84aa2b609ff4c0578ac697de85d4dc7082

SHA256
e21ba40f9fe4bdf918e5147b0a362d32d4e3a2463152798f0dc387ecfe2d91a9

SHA512
5bb127309f80ae2285c7b7602c84e0c0dd705bc7357f507bbf4e0e12a8221c5c8331dc49dff58bd84e5f0a4d6335e9817612180c5cef164544232970fd8fc7c7

Download Submit
C:\Windows\System\NQCSMnf.exe

Filesize
2.0MB

MD5
39d816ccf900877f37b14684c9105b1f

SHA1
363f99d88ab3a7f535f60c561a25c4beb0dab3a4

SHA256
679d075acaba3202fd3eac704123e7605c7ea7ba8191b08b2f50427a16337b4f

SHA512
103d1c832ddf26313a3362a691ff8c09b4fbbfd489c7e2a0241010deb17130e2f29ae17ec8a34f96f654e8954047da791d232a67f20361ffb7e922f211fa623f

Download Submit
C:\Windows\System\PYFdhHE.exe

Filesize
2.0MB

MD5
018de8182bd4f02b80e8044705b4d019

SHA1
854b529a88d0189cb9792c7f2e5c3ea43bcce9cd

SHA256
9b5909f5e66849e0cc7ee0f16f10b39ee19e17a8496898e0bca6ffd03ea718dc

SHA512
7782fc50c3c9c375b6d5b7ad4798ad9f82aeae311c2c29b9d54b3e1f2d6d23bb739354f8f08807b46a60dd081c80ce8f07921a1ddaf32e1df13a92bff811d7da

Download Submit
C:\Windows\System\PfAnMWx.exe

Filesize
2.0MB

MD5
95d9bac14d00d1ed2aaf58604bd68c4f

SHA1
abf1ed8682a6aa6479e403057b24bfff3c8cbd19

SHA256
11f705c3cb250c1e054c8fc706f0d4f6926a2f0f33fba3a5a6b415dbe5a8f464

SHA512
f4915030a7ec2fd2769f07b0ce13625152ec96db4120169688db8c804c1b8907b5a6df896c66dd5cdbe25095ceec2292318e4b3cde2f37a704390bc1e9593bbb

Download Submit
C:\Windows\System\QoJyuNs.exe

Filesize
2.0MB

MD5
fe9c9269991d4f67f6ba65838c6dbcc8

SHA1
7fc4d119e3fde565ad8961812ef8faf6737026d1

SHA256
ff05f2df108d889a6f24e2fb07ddd541b68dbd973f53dfd994d7edd224994742

SHA512
8bcb0b6a9928d69acd3b0f2019efe323a19b0d7be42494153653ab0e31980f40daf4534e1dbca62af017874747265a5bcb3c705377d03f69c8991d3d259ed4e4

Download Submit
C:\Windows\System\TVCQlFk.exe

Filesize
2.0MB

MD5
63a97e8755e8aee0f9c9fad6fb46ce5f

SHA1
6e675a9f5b4bfbaafd62065f4da16c86e9568d72

SHA256
4959a85de3f0d1965754ddd4b44c09acabaccdb883753cfb83239bb49c4ab309

SHA512
422c370b1322500d8f65abca49ccb0628e829573e4b96a7548b5179fdc9b6fdff25ab18568d23a3201610962e0e4553d0bae8f83baec9c0ee129afd2aa02c473

Download Submit
C:\Windows\System\VjkVYaQ.exe

Filesize
2.0MB

MD5
2e72484ac49da2df770ad598ce85be3e

SHA1
df6c8c3aee9f13dac9daaa5c0b2287ef313343cc

SHA256
74a966d91c822f99ace9cec0463b4bbf9b2b54838d272940e56d881415efe6ed

SHA512
9370378f2a0f37c60c4d33450261776fb1bf5560e010f1267f94d035c2b021721891ad09d9902ff74a71420d47b987ecfcea8331b240e27ed10d7fa3fe7a676f

Download Submit
C:\Windows\System\WmVSVoB.exe

Filesize
2.0MB

MD5
93390fa8f957b5632e7afa637b33c073

SHA1
cff2c2b56906a10012a77805ca58b4f8ba772fe2

SHA256
02419ab6c2362517b076988cb24b6727c562db8bcda2788dd09b1654200392f9

SHA512
191b74ec7808273d683dc367ddd39ff439e5a1cfeac456054f60d28664c81789b6cc989e13db1a3fc78bd16ae9b2f1f63a70390e6d7d95fa2ef37f6315f2fdf7

Download Submit
C:\Windows\System\XButSkc.exe

Filesize
2.0MB

MD5
861ae1c99c24769d42fae7650bcd8f55

SHA1
1454929ddfeaca62aacdfdc3dba57ad3fcb85026

SHA256
b4a459b89ec1b7ff20751bd8c8b4f4655cc362a9922cbca7ba89339a9c4eb51f

SHA512
1b71ff03d40538bd71b021e47f57f94bb489525d13da44d8761e969e07d4eda4a64ff3ab8e64262fca868d34ea3bf13964442707f77653b7c9b1abd52c02d77a

Download Submit
C:\Windows\System\ZNCGcyM.exe

Filesize
2.0MB

MD5
660c67090cd16bce8736b89d866494d5

SHA1
25d8eef393a378cb91a65f5ffa4954515037446e

SHA256
6c1a4bf448d2de2ae9e3b22f0ace2f658734c90b64a36eba64be599b6d420ae0

SHA512
0d1aebfed86cd7f61afa5c565159cf0e5ef9dd5c6cbdf0bc330e561dbbd0c846d202dab793a82b42c62f91234d48910858069073944fe8ac62329a580220b5b8

Download Submit
C:\Windows\System\aEHLVkj.exe

Filesize
2.0MB

MD5
cd7e192c4e9091033ab5c8e0bba9ea91

SHA1
2fb57c820bc0315581577d924bb71f591e36c56d

SHA256
db86b074f2d893b745cf9b628ce9561cc4225a2015dcf0e1b6bf3869a7e8c7cb

SHA512
f994804fbe48642772c66821b03b74480e3ee8f0dcb6b3a170f82538765eea3500edb042bd2b094b95d232bf990bb881570261cdf0f763ebea7936ac1ec17652

Download Submit
C:\Windows\System\cCBrcTi.exe

Filesize
2.0MB

MD5
90de49d21a52de7d8f26c9b31371f173

SHA1
a9f13e4ae306f0afbe28bdb3280c4fc2e03748b9

SHA256
0d9a0427bceda9ecd662a42a6d6df1a442db98c00ae5c8fb2255c3074da39ad2

SHA512
bd7c83a8ea586e4f4047aff60b731becb70f9cefabe648e54269f038bf797f05e8ab2cc3562615661f2d248ab8d47e78e832f85a893f368c7648f11030f6b8bf

Download Submit
C:\Windows\System\gObLEhJ.exe

Filesize
2.0MB

MD5
6a4a88e2171fb782ebb67a8723670b38

SHA1
f124d6b4943c25d456fc67936cbc08c6e4645d26

SHA256
32960b4ee28e104f81142317558772441fa3e11fab307184d5a697bcf8187530

SHA512
668c188672cb136bc56337b7bd876065449ccac9814763b5c1dfcbea8000b228a847bf61f222dccc74cb2ddd9b2be8b3f91d1dabccac7da6d7fecac018382b0b

Download Submit
C:\Windows\System\hLcvDfQ.exe

Filesize
2.0MB

MD5
c21b5ef315ea1cb25bd21098dea7589c

SHA1
09e05c00fc38493b2c4793918bbb7d3c47869b6e

SHA256
6dcf6e406a02b7bf444e443f044c0822a7afaa9022b5ecfc0b8a8577450c4bf1

SHA512
b9838f1cc1c64f4f23bd507cddaaa141c459da93bc4368c5421e24bd91cfea6017777d145676f7ebc7254f2b3c09906e16fd6efed5ab53b4c68531e4acd0ce0d

Download Submit
C:\Windows\System\hdRZexM.exe

Filesize
2.0MB

MD5
cda5b8e98a871a83f64732210df15984

SHA1
0b3168b8d5591cafe332f4bf2ea87b8d9e10fdbc

SHA256
7ba9089f297e8338ba85c4f0b7df5cd266016e3b9572b784b7a04f17fcf386c0

SHA512
9dab2fb786544ea327ab6279bac7a18cafaefa02845a7e38065eaf1f99dcf5921a4854a31d68fe48f62fbbbd98a98d9087c922de0a5042d08543121b2411cf84

Download Submit
C:\Windows\System\jKHQMUK.exe

Filesize
2.0MB

MD5
43757f1f42102175fd2afe36dd07106c

SHA1
d02f8d40c7eb7a8cf5ef4e162a89a28e1ca2690b

SHA256
cef0a4c544c1990430f4e1bc648249be1fc824bcf0ad68e69373eac6b4cde276

SHA512
3e6b1327edd97334741834113fa42c5bb7da718577a8d4b33279d05dabad6e65153ea9a09e4646808466b9e8f19a55c3f5833c68744fbce24a30e9292e388ec2

Download Submit
C:\Windows\System\lqSAkeM.exe

Filesize
2.0MB

MD5
a7da57894fc0154a0c4f9bac9b62a65b

SHA1
a0fbe943e28449ac5377929f2723e29632bdc71a

SHA256
d320ea4c2de6b2af19a6ee6d4274f4cea45969876bedd7821ab3c47fd96d02d8

SHA512
b0d3babcd91b7c8109b904034688818a63b7358c7bc70fc7681d5a4b77210f9c34c1611bf30ef815c9619667cbaa8f11757a3f83b210fc3ec5324d219bf2bf94

Download Submit
C:\Windows\System\nSeZpwq.exe

Filesize
2.0MB

MD5
8e0adf7b4196ff69e9d20b9bdef98c99

SHA1
6762a105ce876ad1221d64c1476985c5ec30d325

SHA256
2033d0f60c5bdba5629aa1f618117286c78d6d23f0be32557866c9975bc2a5bf

SHA512
42a9ce7e0413bd3ebc4cf529136c466e4249688ef001865b5785faaa89f8c04ea54663c76478a0e676ba7d2ce10be342239868cfe7fa2b11ed1f2225411ff343

Download Submit
C:\Windows\System\nSyFsgT.exe

Filesize
2.0MB

MD5
4b9eb62764eaf83e51759b83dd9e662f

SHA1
6af326e7d706f83ac90df42713eda58bad6ea378

SHA256
d8459ed3b48a76e03b42de5fec8bfcc1ffdc91fb55d37bde60c4e81cb6568e38

SHA512
27beb00eb6a97a4bc7f2b07c092cea2005dfa9a971f1036dee0670375d762c06c60a6667dbc1e829ec4eaed8cd6776084f34eeee9fede77f83b4f4dd3ba08b87

Download Submit
C:\Windows\System\nUdDijx.exe

Filesize
2.0MB

MD5
ffa880719762a506f5f4023d61fdde3d

SHA1
6e38ea293b65cc05ab167ae316fb0743e2f86178

SHA256
b2e00bfc7d95d0580cb401a789c20681a8795e0b8e28926ce8c247f6edabbd98

SHA512
11d1a797d64b4d893b7636f4ac932f5d60b19b13df4039956ddcacebfc6d00d10782c32d7db38b33a9ef58c854612fd1fa4a4c19a4c5dd5d340a651cf0c995e1

Download Submit
C:\Windows\System\ocxSoQs.exe

Filesize
2.0MB

MD5
9ed1d118f34386bef9a70831a0140364

SHA1
b14810ece472ab901ee6d8deea72beb88cd135a2

SHA256
b3a477edaa08f4be0620d0fa06791aaf090921db5de542f090218129d5785d75

SHA512
73344bbd72883b7babbee71332faac5c39e7b9ec0c6d09a40fc40a7ad7b410e354efb27f4cdb30d499c9a937238c55f9e6b5cbd798006dd281ecda0299d3f3cd

Download Submit
C:\Windows\System\rqTWsGF.exe

Filesize
2.0MB

MD5
596078da38d67c11512eef6ffaf6868f

SHA1
1d2d993a5de0f58e5f5439bd28aa4daa06d8b999

SHA256
d083b49f91f2025898447c3d66d4596fae2d00666f2962a65c5997fd7c897607

SHA512
0572bf7b968002f4bfd6cf1306cacd8663658e73779858c938cf00cbcb117526fd6dbfbb9e34271f207947f9ae64510c7359e5e4d970f339acfa20eb858ada22

Download Submit
C:\Windows\System\tJKPcRZ.exe

Filesize
2.0MB

MD5
540cfd46001e19f80c40a2c757e59912

SHA1
616e56b629341da4ca4fc3ad6f2c3abb469b843a

SHA256
24e15b99789a064f3132355cd65c60ea1068dad96aa305111a6082030614c9a2

SHA512
6a405dfcb73fcfad6632cc88602074b2ab9dd80985a6d1368cf03ec0f57a763f6bcf49e66885ba7d4f5043c7a33947706de868eb3c7effa7b15edf9b553647ef

Download Submit
C:\Windows\System\vGpsYrk.exe

Filesize
2.0MB

MD5
4f6427a213957c924aa1bd57cdd947d9

SHA1
0c51b25607561538366f3d02751a7a2127037e23

SHA256
b8da0ab006a8d80b2bbba0dda1afdf8fd53a362184db4827768aef7ab81e890b

SHA512
f8cf4aa7b40f03cad3e9ab3cea2e45549cfac6dd75a8b02ae924b2d91a905ab81aa58a27460d18dbeb7c63800c37e22c88d7ef1ca3e47450ffdb15ecbc04090c

Download Submit
C:\Windows\System\vSeQPRm.exe

Filesize
2.0MB

MD5
98d0eaf42cf72969139c746909c731a8

SHA1
9c6ea3363c78bdcdcf4fb1036d1b3f7359526a8e

SHA256
d8687bfde0efef5986c96a7a3869d993cf3a2c57c367cf7a40bc3798c6b0c94f

SHA512
ed31d1a8abfa0c506faf4be141285afa3f9d14cec0a4bfec3a8fa708f98c77c8014eec709067fe841465d21fa442323b34b55cc93841313ae2b5f5db5ba50148

Download Submit
C:\Windows\System\wLZKPac.exe

Filesize
2.0MB

MD5
c2d0cd96287cdb962dfe693f3cddcd01

SHA1
9bd2e0479310d9955a81a273f235b8dded92ce7a

SHA256
7c1c23abeb6ef38a55714c45b69a8254a3a04826d54bd3f942936681e98e729f

SHA512
d46e28683aed293d1eba651ae00a052d2994d86f57fa1fc9af1530cdf22f67637b975542a31785a6c9fca9a8440fad89ac64c2535ada10191a7783508ce7fc80

Download Submit
C:\Windows\System\xtLzQNH.exe

Filesize
2.0MB

MD5
cd8c81f7d5bbe70e60877f006d68e0ba

SHA1
7402615f25a6a252f152bf8d6e76325ffdcd0acd

SHA256
a70f94747e2b6f39076abf6190afd0f784dda4d1b87f761356afa472b4cef1d6

SHA512
4f3ef02b1cbac9312010091ec7e46e276fde41b77294d720add59e7221da17881c39f7f46a388e426a076175b7b31f59442c0cc6d3ae1e1b36f3aa133af4f926

Download Submit
C:\Windows\System\zgzENLD.exe

Filesize
2.0MB

MD5
28fc2ed70ddaba5824940f0c84feb09d

SHA1
b4cf14747d11584b30b3c30ad3992c76097a6216

SHA256
9f005c0d96a3decdbf53da5e8fd90f4beb75c0a8528ca9f9eeb6b617b0327cc3

SHA512
7d449207388a7ec38da86dc4c3e89e44a10a4eb2660dc824da458bb5d48f7f2be708f4c73365e32fa94f302ab88fda730843d4cc7323fbbedac00cb19467b4f5

Download Submit
memory/400-267-0x00007FF638A20000-0x00007FF638D74000-memory.dmp

Filesize
3.3MB

Download
memory/400-2159-0x00007FF638A20000-0x00007FF638D74000-memory.dmp

Filesize
3.3MB

Download
memory/676-263-0x00007FF67EB70000-0x00007FF67EEC4000-memory.dmp

Filesize
3.3MB

Download
memory/676-2147-0x00007FF67EB70000-0x00007FF67EEC4000-memory.dmp

Filesize
3.3MB

Download
memory/928-2140-0x00007FF7EBBD0000-0x00007FF7EBF24000-memory.dmp

Filesize
3.3MB

Download
memory/928-55-0x00007FF7EBBD0000-0x00007FF7EBF24000-memory.dmp

Filesize
3.3MB

Download
memory/1108-2157-0x00007FF64E090000-0x00007FF64E3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1108-279-0x00007FF64E090000-0x00007FF64E3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1300-2148-0x00007FF7E9D10000-0x00007FF7EA064000-memory.dmp

Filesize
3.3MB

Download
memory/1300-100-0x00007FF7E9D10000-0x00007FF7EA064000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2162-0x00007FF7A8060000-0x00007FF7A83B4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-276-0x00007FF7A8060000-0x00007FF7A83B4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-268-0x00007FF7DDEF0000-0x00007FF7DE244000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2156-0x00007FF7DDEF0000-0x00007FF7DE244000-memory.dmp

Filesize
3.3MB

Download
memory/1772-2153-0x00007FF69B680000-0x00007FF69B9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-247-0x00007FF69B680000-0x00007FF69B9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1784-2154-0x00007FF768530000-0x00007FF768884000-memory.dmp

Filesize
3.3MB

Download
memory/1784-175-0x00007FF768530000-0x00007FF768884000-memory.dmp

Filesize
3.3MB

Download
memory/1928-275-0x00007FF7198C0000-0x00007FF719C14000-memory.dmp

Filesize
3.3MB

Download
memory/1928-2163-0x00007FF7198C0000-0x00007FF719C14000-memory.dmp

Filesize
3.3MB

Download
memory/2156-2158-0x00007FF7B2800000-0x00007FF7B2B54000-memory.dmp

Filesize
3.3MB

Download
memory/2156-266-0x00007FF7B2800000-0x00007FF7B2B54000-memory.dmp

Filesize
3.3MB

Download
memory/2380-277-0x00007FF6D0D70000-0x00007FF6D10C4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2142-0x00007FF6D0D70000-0x00007FF6D10C4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-0-0x00007FF75FAD0000-0x00007FF75FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1-0x000001EF9B0F0000-0x000001EF9B100000-memory.dmp

Filesize
64KB

Download
memory/2532-273-0x00007FF67E410000-0x00007FF67E764000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2161-0x00007FF67E410000-0x00007FF67E764000-memory.dmp

Filesize
3.3MB

Download
memory/2576-212-0x00007FF63F360000-0x00007FF63F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2145-0x00007FF63F360000-0x00007FF63F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-217-0x00007FF7DEE10000-0x00007FF7DF164000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2144-0x00007FF7DEE10000-0x00007FF7DF164000-memory.dmp

Filesize
3.3MB

Download
memory/3240-274-0x00007FF663C00000-0x00007FF663F54000-memory.dmp

Filesize
3.3MB

Download
memory/3240-2167-0x00007FF663C00000-0x00007FF663F54000-memory.dmp

Filesize
3.3MB

Download
memory/3304-269-0x00007FF7102F0000-0x00007FF710644000-memory.dmp

Filesize
3.3MB

Download
memory/3304-2165-0x00007FF7102F0000-0x00007FF710644000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2150-0x00007FF647A10000-0x00007FF647D64000-memory.dmp

Filesize
3.3MB

Download
memory/3604-265-0x00007FF647A10000-0x00007FF647D64000-memory.dmp

Filesize
3.3MB

Download
memory/3892-2152-0x00007FF638C60000-0x00007FF638FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3892-256-0x00007FF638C60000-0x00007FF638FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3960-133-0x00007FF794B80000-0x00007FF794ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2143-0x00007FF794B80000-0x00007FF794ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4020-2146-0x00007FF71E170000-0x00007FF71E4C4000-memory.dmp

Filesize
3.3MB

Download
memory/4020-278-0x00007FF71E170000-0x00007FF71E4C4000-memory.dmp

Filesize
3.3MB

Download
memory/4116-280-0x00007FF662050000-0x00007FF6623A4000-memory.dmp

Filesize
3.3MB

Download
memory/4116-2164-0x00007FF662050000-0x00007FF6623A4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-235-0x00007FF765620000-0x00007FF765974000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2155-0x00007FF765620000-0x00007FF765974000-memory.dmp

Filesize
3.3MB

Download
memory/4260-2149-0x00007FF7449F0000-0x00007FF744D44000-memory.dmp

Filesize
3.3MB

Download
memory/4260-264-0x00007FF7449F0000-0x00007FF744D44000-memory.dmp

Filesize
3.3MB

Download
memory/4320-2138-0x00007FF7818B0000-0x00007FF781C04000-memory.dmp

Filesize
3.3MB

Download
memory/4320-32-0x00007FF7818B0000-0x00007FF781C04000-memory.dmp

Filesize
3.3MB

Download
memory/4320-2141-0x00007FF7818B0000-0x00007FF781C04000-memory.dmp

Filesize
3.3MB

Download
memory/4328-272-0x00007FF788190000-0x00007FF7884E4000-memory.dmp

Filesize
3.3MB

Download
memory/4328-2151-0x00007FF788190000-0x00007FF7884E4000-memory.dmp

Filesize
3.3MB

Download
memory/4632-2139-0x00007FF608BE0000-0x00007FF608F34000-memory.dmp

Filesize
3.3MB

Download
memory/4632-2137-0x00007FF608BE0000-0x00007FF608F34000-memory.dmp

Filesize
3.3MB

Download
memory/4632-11-0x00007FF608BE0000-0x00007FF608F34000-memory.dmp

Filesize
3.3MB

Download
memory/4936-270-0x00007FF7EAAE0000-0x00007FF7EAE34000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2166-0x00007FF7EAAE0000-0x00007FF7EAE34000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2160-0x00007FF6F7060000-0x00007FF6F73B4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-271-0x00007FF6F7060000-0x00007FF6F73B4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads