xmrig | c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
Size

2.0MB
MD5

62602f8cda6c1bcefdc15c9c00b5e7a7
SHA1

83b59e6ce2226c336ad9c8cbc9f331583287cc48
SHA256

c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c
SHA512

2192315d60007f417990371e1a53700aa71fed8624cec947af726af43719da05a4a7e52186b9572e90c22a031a0ee25f79bfc9a379de0a7816f6c7523ee9a22f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGJLuIaRNT0XPK:BemTLkNdfE0pZrj

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3564-0-0x00007FF735000000-0x00007FF735354000-memory.dmp	UPX
behavioral2/files/0x0007000000023305-5.dat	UPX
behavioral2/memory/4848-15-0x00007FF7E7EA0000-0x00007FF7E81F4000-memory.dmp	UPX
behavioral2/files/0x000700000002349c-42.dat	UPX
behavioral2/files/0x00070000000234a2-68.dat	UPX
behavioral2/memory/4212-91-0x00007FF6EAC20000-0x00007FF6EAF74000-memory.dmp	UPX
behavioral2/memory/5112-108-0x00007FF6C95F0000-0x00007FF6C9944000-memory.dmp	UPX
behavioral2/memory/4256-138-0x00007FF678D80000-0x00007FF6790D4000-memory.dmp	UPX
behavioral2/files/0x00070000000234ae-158.dat	UPX
behavioral2/memory/1700-173-0x00007FF7CD250000-0x00007FF7CD5A4000-memory.dmp	UPX
behavioral2/memory/3592-180-0x00007FF65C6C0000-0x00007FF65CA14000-memory.dmp	UPX
behavioral2/memory/3452-186-0x00007FF703F80000-0x00007FF7042D4000-memory.dmp	UPX
behavioral2/memory/2108-185-0x00007FF752520000-0x00007FF752874000-memory.dmp	UPX
behavioral2/memory/3996-184-0x00007FF653AE0000-0x00007FF653E34000-memory.dmp	UPX
behavioral2/memory/1908-183-0x00007FF710710000-0x00007FF710A64000-memory.dmp	UPX
behavioral2/memory/1636-182-0x00007FF70C6E0000-0x00007FF70CA34000-memory.dmp	UPX
behavioral2/memory/4576-181-0x00007FF661320000-0x00007FF661674000-memory.dmp	UPX
behavioral2/memory/748-179-0x00007FF612870000-0x00007FF612BC4000-memory.dmp	UPX
behavioral2/memory/2536-178-0x00007FF6F7E60000-0x00007FF6F81B4000-memory.dmp	UPX
behavioral2/memory/2344-177-0x00007FF734FB0000-0x00007FF735304000-memory.dmp	UPX
behavioral2/memory/4952-176-0x00007FF7CAB00000-0x00007FF7CAE54000-memory.dmp	UPX
behavioral2/memory/2748-175-0x00007FF7CA8E0000-0x00007FF7CAC34000-memory.dmp	UPX
behavioral2/memory/5052-174-0x00007FF728870000-0x00007FF728BC4000-memory.dmp	UPX
behavioral2/memory/1840-172-0x00007FF782140000-0x00007FF782494000-memory.dmp	UPX
behavioral2/files/0x00070000000234b3-170.dat	UPX
behavioral2/files/0x00070000000234b2-168.dat	UPX
behavioral2/files/0x00070000000234b1-166.dat	UPX
behavioral2/files/0x00070000000234b0-164.dat	UPX
behavioral2/memory/2396-163-0x00007FF602FC0000-0x00007FF603314000-memory.dmp	UPX
behavioral2/memory/4820-162-0x00007FF6C1620000-0x00007FF6C1974000-memory.dmp	UPX
behavioral2/files/0x00070000000234af-160.dat	UPX
behavioral2/files/0x00070000000234ad-156.dat	UPX
behavioral2/memory/3764-155-0x00007FF7A1A90000-0x00007FF7A1DE4000-memory.dmp	UPX
behavioral2/files/0x00070000000234aa-153.dat	UPX
behavioral2/files/0x00070000000234a4-151.dat	UPX
behavioral2/files/0x00070000000234a6-146.dat	UPX
behavioral2/files/0x00070000000234ac-140.dat	UPX
behavioral2/memory/436-139-0x00007FF66B0A0000-0x00007FF66B3F4000-memory.dmp	UPX
behavioral2/files/0x00070000000234ab-135.dat	UPX
behavioral2/files/0x00070000000234a9-134.dat	UPX
behavioral2/files/0x00070000000234a8-120.dat	UPX
behavioral2/files/0x00070000000234a7-119.dat	UPX
behavioral2/files/0x00070000000234a0-116.dat	UPX
behavioral2/memory/4536-113-0x00007FF72A170000-0x00007FF72A4C4000-memory.dmp	UPX
behavioral2/files/0x000700000002349f-107.dat	UPX
behavioral2/files/0x00070000000234a5-106.dat	UPX
behavioral2/files/0x000700000002349e-101.dat	UPX
behavioral2/files/0x00070000000234a3-100.dat	UPX
behavioral2/files/0x00070000000234a1-95.dat	UPX
behavioral2/files/0x000700000002349b-94.dat	UPX
behavioral2/memory/2992-92-0x00007FF60F140000-0x00007FF60F494000-memory.dmp	UPX
behavioral2/files/0x000700000002349d-87.dat	UPX
behavioral2/memory/2868-81-0x00007FF76E210000-0x00007FF76E564000-memory.dmp	UPX
behavioral2/files/0x000700000002349a-76.dat	UPX
behavioral2/files/0x0007000000023499-61.dat	UPX
behavioral2/files/0x0007000000023496-59.dat	UPX
behavioral2/memory/2964-52-0x00007FF68A030000-0x00007FF68A384000-memory.dmp	UPX
behavioral2/memory/4896-46-0x00007FF6C9400000-0x00007FF6C9754000-memory.dmp	UPX
behavioral2/files/0x0007000000023497-51.dat	UPX
behavioral2/memory/4376-27-0x00007FF633DA0000-0x00007FF6340F4000-memory.dmp	UPX
behavioral2/files/0x0007000000023498-35.dat	UPX
behavioral2/files/0x0008000000023493-188.dat	UPX
behavioral2/memory/4896-2278-0x00007FF6C9400000-0x00007FF6C9754000-memory.dmp	UPX
behavioral2/memory/5112-2281-0x00007FF6C95F0000-0x00007FF6C9944000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3564-0-0x00007FF735000000-0x00007FF735354000-memory.dmp	xmrig
behavioral2/files/0x0007000000023305-5.dat	xmrig
behavioral2/memory/4848-15-0x00007FF7E7EA0000-0x00007FF7E81F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002349c-42.dat	xmrig
behavioral2/files/0x00070000000234a2-68.dat	xmrig
behavioral2/memory/4212-91-0x00007FF6EAC20000-0x00007FF6EAF74000-memory.dmp	xmrig
behavioral2/memory/5112-108-0x00007FF6C95F0000-0x00007FF6C9944000-memory.dmp	xmrig
behavioral2/memory/4256-138-0x00007FF678D80000-0x00007FF6790D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234ae-158.dat	xmrig
behavioral2/memory/1700-173-0x00007FF7CD250000-0x00007FF7CD5A4000-memory.dmp	xmrig
behavioral2/memory/3592-180-0x00007FF65C6C0000-0x00007FF65CA14000-memory.dmp	xmrig
behavioral2/memory/3452-186-0x00007FF703F80000-0x00007FF7042D4000-memory.dmp	xmrig
behavioral2/memory/2108-185-0x00007FF752520000-0x00007FF752874000-memory.dmp	xmrig
behavioral2/memory/3996-184-0x00007FF653AE0000-0x00007FF653E34000-memory.dmp	xmrig
behavioral2/memory/1908-183-0x00007FF710710000-0x00007FF710A64000-memory.dmp	xmrig
behavioral2/memory/1636-182-0x00007FF70C6E0000-0x00007FF70CA34000-memory.dmp	xmrig
behavioral2/memory/4576-181-0x00007FF661320000-0x00007FF661674000-memory.dmp	xmrig
behavioral2/memory/748-179-0x00007FF612870000-0x00007FF612BC4000-memory.dmp	xmrig
behavioral2/memory/2536-178-0x00007FF6F7E60000-0x00007FF6F81B4000-memory.dmp	xmrig
behavioral2/memory/2344-177-0x00007FF734FB0000-0x00007FF735304000-memory.dmp	xmrig
behavioral2/memory/4952-176-0x00007FF7CAB00000-0x00007FF7CAE54000-memory.dmp	xmrig
behavioral2/memory/2748-175-0x00007FF7CA8E0000-0x00007FF7CAC34000-memory.dmp	xmrig
behavioral2/memory/5052-174-0x00007FF728870000-0x00007FF728BC4000-memory.dmp	xmrig
behavioral2/memory/1840-172-0x00007FF782140000-0x00007FF782494000-memory.dmp	xmrig
behavioral2/files/0x00070000000234b3-170.dat	xmrig
behavioral2/files/0x00070000000234b2-168.dat	xmrig
behavioral2/files/0x00070000000234b1-166.dat	xmrig
behavioral2/files/0x00070000000234b0-164.dat	xmrig
behavioral2/memory/2396-163-0x00007FF602FC0000-0x00007FF603314000-memory.dmp	xmrig
behavioral2/memory/4820-162-0x00007FF6C1620000-0x00007FF6C1974000-memory.dmp	xmrig
behavioral2/files/0x00070000000234af-160.dat	xmrig
behavioral2/files/0x00070000000234ad-156.dat	xmrig
behavioral2/memory/3764-155-0x00007FF7A1A90000-0x00007FF7A1DE4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234aa-153.dat	xmrig
behavioral2/files/0x00070000000234a4-151.dat	xmrig
behavioral2/files/0x00070000000234a6-146.dat	xmrig
behavioral2/files/0x00070000000234ac-140.dat	xmrig
behavioral2/memory/436-139-0x00007FF66B0A0000-0x00007FF66B3F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234ab-135.dat	xmrig
behavioral2/files/0x00070000000234a9-134.dat	xmrig
behavioral2/files/0x00070000000234a8-120.dat	xmrig
behavioral2/files/0x00070000000234a7-119.dat	xmrig
behavioral2/files/0x00070000000234a0-116.dat	xmrig
behavioral2/memory/4536-113-0x00007FF72A170000-0x00007FF72A4C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002349f-107.dat	xmrig
behavioral2/files/0x00070000000234a5-106.dat	xmrig
behavioral2/files/0x000700000002349e-101.dat	xmrig
behavioral2/files/0x00070000000234a3-100.dat	xmrig
behavioral2/files/0x00070000000234a1-95.dat	xmrig
behavioral2/files/0x000700000002349b-94.dat	xmrig
behavioral2/memory/2992-92-0x00007FF60F140000-0x00007FF60F494000-memory.dmp	xmrig
behavioral2/files/0x000700000002349d-87.dat	xmrig
behavioral2/memory/2868-81-0x00007FF76E210000-0x00007FF76E564000-memory.dmp	xmrig
behavioral2/files/0x000700000002349a-76.dat	xmrig
behavioral2/files/0x0007000000023499-61.dat	xmrig
behavioral2/files/0x0007000000023496-59.dat	xmrig
behavioral2/memory/2964-52-0x00007FF68A030000-0x00007FF68A384000-memory.dmp	xmrig
behavioral2/memory/4896-46-0x00007FF6C9400000-0x00007FF6C9754000-memory.dmp	xmrig
behavioral2/files/0x0007000000023497-51.dat	xmrig
behavioral2/memory/4376-27-0x00007FF633DA0000-0x00007FF6340F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023498-35.dat	xmrig
behavioral2/files/0x0008000000023493-188.dat	xmrig
behavioral2/memory/4896-2278-0x00007FF6C9400000-0x00007FF6C9754000-memory.dmp	xmrig
behavioral2/memory/5112-2281-0x00007FF6C95F0000-0x00007FF6C9944000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4848	Ugvtmqp.exe
4376	ecMCjqi.exe
3592	nwENPWy.exe
4896	JpGRtXp.exe
2964	lBwlHlg.exe
4576	eciKhZc.exe
2868	mDNMoQx.exe
4212	aVVhWuU.exe
2992	GffUkeW.exe
1636	wWeXrlI.exe
5112	IbbBgik.exe
4536	wptrFJI.exe
4256	HMPPjhZ.exe
436	keGBUFr.exe
3764	vXoNJcm.exe
4820	WUpyKeF.exe
2396	gSFwLcN.exe
1908	WeRwXnM.exe
1840	mehpgtI.exe
1700	bRmAmEg.exe
5052	YRszRcD.exe
2748	ZRjJzMX.exe
3996	DBLcfAI.exe
4952	TFQyEnB.exe
2108	PgalUPF.exe
2344	TjCSgCV.exe
2536	fDUPZks.exe
3452	VUkaAWR.exe
748	UGRBtZk.exe
3492	ImrwJFU.exe
3540	yqvvgbw.exe
1888	QTjtRSO.exe
3080	QidbKoL.exe
4468	OctFTzA.exe
4208	GOmUVUl.exe
3608	GppdVAp.exe
3480	XTfHOvj.exe
3668	UbbwDbs.exe
1596	JLDrVgf.exe
4540	rOUIVFN.exe
2776	oanyPWd.exe
1800	OhZzLQM.exe
4140	dDxzRRh.exe
4356	SgJKFhd.exe
4448	LmAWOeN.exe
4064	uVibIjp.exe
2636	vBtKeRz.exe
2484	yZpueMM.exe
1072	rvIKbYg.exe
468	sPujWqD.exe
4856	XJEDAlV.exe
4424	PGSWJGj.exe
3320	mDmdhet.exe
2308	ZyptEEg.exe
4560	PGjttlL.exe
844	BBRochR.exe
376	zRSYGuD.exe
3200	hAbjWZN.exe
1208	bnuOrAS.exe
4240	RoGsgJh.exe
1424	UhtClBV.exe
2996	AHgmnIB.exe
4720	pTLHfuK.exe
3068	gMjJjIQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3564-0-0x00007FF735000000-0x00007FF735354000-memory.dmp	upx
behavioral2/files/0x0007000000023305-5.dat	upx
behavioral2/memory/4848-15-0x00007FF7E7EA0000-0x00007FF7E81F4000-memory.dmp	upx
behavioral2/files/0x000700000002349c-42.dat	upx
behavioral2/files/0x00070000000234a2-68.dat	upx
behavioral2/memory/4212-91-0x00007FF6EAC20000-0x00007FF6EAF74000-memory.dmp	upx
behavioral2/memory/5112-108-0x00007FF6C95F0000-0x00007FF6C9944000-memory.dmp	upx
behavioral2/memory/4256-138-0x00007FF678D80000-0x00007FF6790D4000-memory.dmp	upx
behavioral2/files/0x00070000000234ae-158.dat	upx
behavioral2/memory/1700-173-0x00007FF7CD250000-0x00007FF7CD5A4000-memory.dmp	upx
behavioral2/memory/3592-180-0x00007FF65C6C0000-0x00007FF65CA14000-memory.dmp	upx
behavioral2/memory/3452-186-0x00007FF703F80000-0x00007FF7042D4000-memory.dmp	upx
behavioral2/memory/2108-185-0x00007FF752520000-0x00007FF752874000-memory.dmp	upx
behavioral2/memory/3996-184-0x00007FF653AE0000-0x00007FF653E34000-memory.dmp	upx
behavioral2/memory/1908-183-0x00007FF710710000-0x00007FF710A64000-memory.dmp	upx
behavioral2/memory/1636-182-0x00007FF70C6E0000-0x00007FF70CA34000-memory.dmp	upx
behavioral2/memory/4576-181-0x00007FF661320000-0x00007FF661674000-memory.dmp	upx
behavioral2/memory/748-179-0x00007FF612870000-0x00007FF612BC4000-memory.dmp	upx
behavioral2/memory/2536-178-0x00007FF6F7E60000-0x00007FF6F81B4000-memory.dmp	upx
behavioral2/memory/2344-177-0x00007FF734FB0000-0x00007FF735304000-memory.dmp	upx
behavioral2/memory/4952-176-0x00007FF7CAB00000-0x00007FF7CAE54000-memory.dmp	upx
behavioral2/memory/2748-175-0x00007FF7CA8E0000-0x00007FF7CAC34000-memory.dmp	upx
behavioral2/memory/5052-174-0x00007FF728870000-0x00007FF728BC4000-memory.dmp	upx
behavioral2/memory/1840-172-0x00007FF782140000-0x00007FF782494000-memory.dmp	upx
behavioral2/files/0x00070000000234b3-170.dat	upx
behavioral2/files/0x00070000000234b2-168.dat	upx
behavioral2/files/0x00070000000234b1-166.dat	upx
behavioral2/files/0x00070000000234b0-164.dat	upx
behavioral2/memory/2396-163-0x00007FF602FC0000-0x00007FF603314000-memory.dmp	upx
behavioral2/memory/4820-162-0x00007FF6C1620000-0x00007FF6C1974000-memory.dmp	upx
behavioral2/files/0x00070000000234af-160.dat	upx
behavioral2/files/0x00070000000234ad-156.dat	upx
behavioral2/memory/3764-155-0x00007FF7A1A90000-0x00007FF7A1DE4000-memory.dmp	upx
behavioral2/files/0x00070000000234aa-153.dat	upx
behavioral2/files/0x00070000000234a4-151.dat	upx
behavioral2/files/0x00070000000234a6-146.dat	upx
behavioral2/files/0x00070000000234ac-140.dat	upx
behavioral2/memory/436-139-0x00007FF66B0A0000-0x00007FF66B3F4000-memory.dmp	upx
behavioral2/files/0x00070000000234ab-135.dat	upx
behavioral2/files/0x00070000000234a9-134.dat	upx
behavioral2/files/0x00070000000234a8-120.dat	upx
behavioral2/files/0x00070000000234a7-119.dat	upx
behavioral2/files/0x00070000000234a0-116.dat	upx
behavioral2/memory/4536-113-0x00007FF72A170000-0x00007FF72A4C4000-memory.dmp	upx
behavioral2/files/0x000700000002349f-107.dat	upx
behavioral2/files/0x00070000000234a5-106.dat	upx
behavioral2/files/0x000700000002349e-101.dat	upx
behavioral2/files/0x00070000000234a3-100.dat	upx
behavioral2/files/0x00070000000234a1-95.dat	upx
behavioral2/files/0x000700000002349b-94.dat	upx
behavioral2/memory/2992-92-0x00007FF60F140000-0x00007FF60F494000-memory.dmp	upx
behavioral2/files/0x000700000002349d-87.dat	upx
behavioral2/memory/2868-81-0x00007FF76E210000-0x00007FF76E564000-memory.dmp	upx
behavioral2/files/0x000700000002349a-76.dat	upx
behavioral2/files/0x0007000000023499-61.dat	upx
behavioral2/files/0x0007000000023496-59.dat	upx
behavioral2/memory/2964-52-0x00007FF68A030000-0x00007FF68A384000-memory.dmp	upx
behavioral2/memory/4896-46-0x00007FF6C9400000-0x00007FF6C9754000-memory.dmp	upx
behavioral2/files/0x0007000000023497-51.dat	upx
behavioral2/memory/4376-27-0x00007FF633DA0000-0x00007FF6340F4000-memory.dmp	upx
behavioral2/files/0x0007000000023498-35.dat	upx
behavioral2/files/0x0008000000023493-188.dat	upx
behavioral2/memory/4896-2278-0x00007FF6C9400000-0x00007FF6C9754000-memory.dmp	upx
behavioral2/memory/5112-2281-0x00007FF6C95F0000-0x00007FF6C9944000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pWiRQrt.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\QpbRNqb.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\citnmwf.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\qFoYlho.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\aiqiFso.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\wqvJrSI.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\abrazaw.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\kScfKGp.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\gCKVPDH.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\xPBycBO.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\ntWJzAB.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\MaIJMlK.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\SWqjRUr.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\bVkRrer.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\ENLZBeH.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\DuviHYc.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\GnTkZHw.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\KncWdui.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\GihvOeb.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\CzFDDzT.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\gtvdUtu.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\NYumSvg.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\XiPSxNy.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\rLJTTYw.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\UbbVaxA.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\YoBldru.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\UMibpWl.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\DerMEgi.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\nqXaKkl.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\eHObMis.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\KRQnguj.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\dcYVTQS.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\kRpwHkD.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\ioVqDvP.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\wHhYLij.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\fgaQABG.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\mDNMoQx.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\sfpvGcn.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\qWDHJYg.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\rfdLpfp.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\FwGSobP.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\iMmyXac.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\nmSUTuO.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\Kxkiyoo.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\pjHUnsQ.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\TGaYVgh.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\toBeUZT.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\nLixDGx.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\DHgeyYm.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\ipicNLZ.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\UUleJMb.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\mKiAHzj.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\eciKhZc.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\YRszRcD.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\pMEEAhf.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\xNgGryp.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\jVfCYkn.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\AQEOdaZ.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\qzCHBZc.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\RSTCMvb.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\GhuGgUa.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\hMfOhZg.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\GYYQOuS.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
File created	C:\Windows\System\qQPNgwq.exe	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13732	dwm.exe
Token: SeChangeNotifyPrivilege	13732	dwm.exe
Token: 33	13732	dwm.exe
Token: SeIncBasePriorityPrivilege	13732	dwm.exe
Token: SeShutdownPrivilege	13732	dwm.exe
Token: SeCreatePagefilePrivilege	13732	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 4848	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	83
PID 3564 wrote to memory of 4848	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	83
PID 3564 wrote to memory of 4376	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	84
PID 3564 wrote to memory of 4376	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	84
PID 3564 wrote to memory of 3592	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	85
PID 3564 wrote to memory of 3592	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	85
PID 3564 wrote to memory of 4896	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	86
PID 3564 wrote to memory of 4896	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	86
PID 3564 wrote to memory of 2964	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	87
PID 3564 wrote to memory of 2964	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	87
PID 3564 wrote to memory of 4576	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	88
PID 3564 wrote to memory of 4576	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	88
PID 3564 wrote to memory of 2868	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	89
PID 3564 wrote to memory of 2868	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	89
PID 3564 wrote to memory of 4212	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	90
PID 3564 wrote to memory of 4212	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	90
PID 3564 wrote to memory of 2992	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	91
PID 3564 wrote to memory of 2992	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	91
PID 3564 wrote to memory of 3764	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	92
PID 3564 wrote to memory of 3764	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	92
PID 3564 wrote to memory of 1636	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	93
PID 3564 wrote to memory of 1636	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	93
PID 3564 wrote to memory of 5112	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	94
PID 3564 wrote to memory of 5112	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	94
PID 3564 wrote to memory of 4536	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	95
PID 3564 wrote to memory of 4536	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	95
PID 3564 wrote to memory of 4256	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	96
PID 3564 wrote to memory of 4256	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	96
PID 3564 wrote to memory of 436	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	97
PID 3564 wrote to memory of 436	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	97
PID 3564 wrote to memory of 4820	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	98
PID 3564 wrote to memory of 4820	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	98
PID 3564 wrote to memory of 2396	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	99
PID 3564 wrote to memory of 2396	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	99
PID 3564 wrote to memory of 4952	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	100
PID 3564 wrote to memory of 4952	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	100
PID 3564 wrote to memory of 1908	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	101
PID 3564 wrote to memory of 1908	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	101
PID 3564 wrote to memory of 1840	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	102
PID 3564 wrote to memory of 1840	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	102
PID 3564 wrote to memory of 1700	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	103
PID 3564 wrote to memory of 1700	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	103
PID 3564 wrote to memory of 5052	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	104
PID 3564 wrote to memory of 5052	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	104
PID 3564 wrote to memory of 2748	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	105
PID 3564 wrote to memory of 2748	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	105
PID 3564 wrote to memory of 3996	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	106
PID 3564 wrote to memory of 3996	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	106
PID 3564 wrote to memory of 2108	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	107
PID 3564 wrote to memory of 2108	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	107
PID 3564 wrote to memory of 2344	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	108
PID 3564 wrote to memory of 2344	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	108
PID 3564 wrote to memory of 2536	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	109
PID 3564 wrote to memory of 2536	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	109
PID 3564 wrote to memory of 3452	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	110
PID 3564 wrote to memory of 3452	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	110
PID 3564 wrote to memory of 748	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	111
PID 3564 wrote to memory of 748	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	111
PID 3564 wrote to memory of 3492	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	112
PID 3564 wrote to memory of 3492	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	112
PID 3564 wrote to memory of 3540	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	113
PID 3564 wrote to memory of 3540	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	113
PID 3564 wrote to memory of 1888	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	114
PID 3564 wrote to memory of 1888	3564	c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe	114

C:\Users\Admin\AppData\Local\Temp\c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe
"C:\Users\Admin\AppData\Local\Temp\c3c91702101e1f1f62ed722b7abcd69578cf2bab803b500caed857f1a9178f5c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Windows\System\Ugvtmqp.exe
  C:\Windows\System\Ugvtmqp.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\ecMCjqi.exe
  C:\Windows\System\ecMCjqi.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\nwENPWy.exe
  C:\Windows\System\nwENPWy.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\JpGRtXp.exe
  C:\Windows\System\JpGRtXp.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\lBwlHlg.exe
  C:\Windows\System\lBwlHlg.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\eciKhZc.exe
  C:\Windows\System\eciKhZc.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\mDNMoQx.exe
  C:\Windows\System\mDNMoQx.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\aVVhWuU.exe
  C:\Windows\System\aVVhWuU.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\GffUkeW.exe
  C:\Windows\System\GffUkeW.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\vXoNJcm.exe
  C:\Windows\System\vXoNJcm.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\wWeXrlI.exe
  C:\Windows\System\wWeXrlI.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\IbbBgik.exe
  C:\Windows\System\IbbBgik.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\wptrFJI.exe
  C:\Windows\System\wptrFJI.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\HMPPjhZ.exe
  C:\Windows\System\HMPPjhZ.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\keGBUFr.exe
  C:\Windows\System\keGBUFr.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\WUpyKeF.exe
  C:\Windows\System\WUpyKeF.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\gSFwLcN.exe
  C:\Windows\System\gSFwLcN.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\TFQyEnB.exe
  C:\Windows\System\TFQyEnB.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\WeRwXnM.exe
  C:\Windows\System\WeRwXnM.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\mehpgtI.exe
  C:\Windows\System\mehpgtI.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\bRmAmEg.exe
  C:\Windows\System\bRmAmEg.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\YRszRcD.exe
  C:\Windows\System\YRszRcD.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\ZRjJzMX.exe
  C:\Windows\System\ZRjJzMX.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\DBLcfAI.exe
  C:\Windows\System\DBLcfAI.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\PgalUPF.exe
  C:\Windows\System\PgalUPF.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\TjCSgCV.exe
  C:\Windows\System\TjCSgCV.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\fDUPZks.exe
  C:\Windows\System\fDUPZks.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\VUkaAWR.exe
  C:\Windows\System\VUkaAWR.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\UGRBtZk.exe
  C:\Windows\System\UGRBtZk.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\ImrwJFU.exe
  C:\Windows\System\ImrwJFU.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\yqvvgbw.exe
  C:\Windows\System\yqvvgbw.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\QTjtRSO.exe
  C:\Windows\System\QTjtRSO.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\QidbKoL.exe
  C:\Windows\System\QidbKoL.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\OctFTzA.exe
  C:\Windows\System\OctFTzA.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\GOmUVUl.exe
  C:\Windows\System\GOmUVUl.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\GppdVAp.exe
  C:\Windows\System\GppdVAp.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\XTfHOvj.exe
  C:\Windows\System\XTfHOvj.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\UbbwDbs.exe
  C:\Windows\System\UbbwDbs.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\JLDrVgf.exe
  C:\Windows\System\JLDrVgf.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\rOUIVFN.exe
  C:\Windows\System\rOUIVFN.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\oanyPWd.exe
  C:\Windows\System\oanyPWd.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\OhZzLQM.exe
  C:\Windows\System\OhZzLQM.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\dDxzRRh.exe
  C:\Windows\System\dDxzRRh.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\SgJKFhd.exe
  C:\Windows\System\SgJKFhd.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\LmAWOeN.exe
  C:\Windows\System\LmAWOeN.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\uVibIjp.exe
  C:\Windows\System\uVibIjp.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\vBtKeRz.exe
  C:\Windows\System\vBtKeRz.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\yZpueMM.exe
  C:\Windows\System\yZpueMM.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\rvIKbYg.exe
  C:\Windows\System\rvIKbYg.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\sPujWqD.exe
  C:\Windows\System\sPujWqD.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\XJEDAlV.exe
  C:\Windows\System\XJEDAlV.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\PGSWJGj.exe
  C:\Windows\System\PGSWJGj.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\mDmdhet.exe
  C:\Windows\System\mDmdhet.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\ZyptEEg.exe
  C:\Windows\System\ZyptEEg.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\PGjttlL.exe
  C:\Windows\System\PGjttlL.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\BBRochR.exe
  C:\Windows\System\BBRochR.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\zRSYGuD.exe
  C:\Windows\System\zRSYGuD.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\hAbjWZN.exe
  C:\Windows\System\hAbjWZN.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\bnuOrAS.exe
  C:\Windows\System\bnuOrAS.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\RoGsgJh.exe
  C:\Windows\System\RoGsgJh.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\UhtClBV.exe
  C:\Windows\System\UhtClBV.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\AHgmnIB.exe
  C:\Windows\System\AHgmnIB.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\pTLHfuK.exe
  C:\Windows\System\pTLHfuK.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\gMjJjIQ.exe
  C:\Windows\System\gMjJjIQ.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\DuviHYc.exe
  C:\Windows\System\DuviHYc.exe
  2⤵
  PID:2240
- C:\Windows\System\YuZUUjG.exe
  C:\Windows\System\YuZUUjG.exe
  2⤵
  PID:5020
- C:\Windows\System\znLpfZe.exe
  C:\Windows\System\znLpfZe.exe
  2⤵
  PID:348
- C:\Windows\System\OHkNeHg.exe
  C:\Windows\System\OHkNeHg.exe
  2⤵
  PID:2832
- C:\Windows\System\HZkcIWp.exe
  C:\Windows\System\HZkcIWp.exe
  2⤵
  PID:2692
- C:\Windows\System\RcPvjTC.exe
  C:\Windows\System\RcPvjTC.exe
  2⤵
  PID:2704
- C:\Windows\System\mswlrpn.exe
  C:\Windows\System\mswlrpn.exe
  2⤵
  PID:3412
- C:\Windows\System\lESVeHl.exe
  C:\Windows\System\lESVeHl.exe
  2⤵
  PID:4388
- C:\Windows\System\rfkCxGH.exe
  C:\Windows\System\rfkCxGH.exe
  2⤵
  PID:3904
- C:\Windows\System\EzesWAr.exe
  C:\Windows\System\EzesWAr.exe
  2⤵
  PID:1352
- C:\Windows\System\CFpYzLh.exe
  C:\Windows\System\CFpYzLh.exe
  2⤵
  PID:3228
- C:\Windows\System\DdmrPac.exe
  C:\Windows\System\DdmrPac.exe
  2⤵
  PID:3856
- C:\Windows\System\ospCkRr.exe
  C:\Windows\System\ospCkRr.exe
  2⤵
  PID:1544
- C:\Windows\System\ThdgAcc.exe
  C:\Windows\System\ThdgAcc.exe
  2⤵
  PID:1220
- C:\Windows\System\YbStEak.exe
  C:\Windows\System\YbStEak.exe
  2⤵
  PID:3432
- C:\Windows\System\WWstkpQ.exe
  C:\Windows\System\WWstkpQ.exe
  2⤵
  PID:4608
- C:\Windows\System\rLJTTYw.exe
  C:\Windows\System\rLJTTYw.exe
  2⤵
  PID:3484
- C:\Windows\System\wKIDKjb.exe
  C:\Windows\System\wKIDKjb.exe
  2⤵
  PID:3684
- C:\Windows\System\HzUIjYo.exe
  C:\Windows\System\HzUIjYo.exe
  2⤵
  PID:1628
- C:\Windows\System\GtuNGOl.exe
  C:\Windows\System\GtuNGOl.exe
  2⤵
  PID:3756
- C:\Windows\System\kHRgrkR.exe
  C:\Windows\System\kHRgrkR.exe
  2⤵
  PID:464
- C:\Windows\System\jjRVXoN.exe
  C:\Windows\System\jjRVXoN.exe
  2⤵
  PID:2680
- C:\Windows\System\aFwwGEO.exe
  C:\Windows\System\aFwwGEO.exe
  2⤵
  PID:1100
- C:\Windows\System\FXHKNUj.exe
  C:\Windows\System\FXHKNUj.exe
  2⤵
  PID:3076
- C:\Windows\System\pDVHpjO.exe
  C:\Windows\System\pDVHpjO.exe
  2⤵
  PID:3988
- C:\Windows\System\cjRYfKB.exe
  C:\Windows\System\cjRYfKB.exe
  2⤵
  PID:1944
- C:\Windows\System\KqzvvQr.exe
  C:\Windows\System\KqzvvQr.exe
  2⤵
  PID:2264
- C:\Windows\System\aNJbvmu.exe
  C:\Windows\System\aNJbvmu.exe
  2⤵
  PID:2880
- C:\Windows\System\PggSWNS.exe
  C:\Windows\System\PggSWNS.exe
  2⤵
  PID:2828
- C:\Windows\System\menHasb.exe
  C:\Windows\System\menHasb.exe
  2⤵
  PID:3000
- C:\Windows\System\mdnMvzV.exe
  C:\Windows\System\mdnMvzV.exe
  2⤵
  PID:2916
- C:\Windows\System\GWZNkny.exe
  C:\Windows\System\GWZNkny.exe
  2⤵
  PID:1684
- C:\Windows\System\qHgOfBH.exe
  C:\Windows\System\qHgOfBH.exe
  2⤵
  PID:2220
- C:\Windows\System\ByvpAJa.exe
  C:\Windows\System\ByvpAJa.exe
  2⤵
  PID:4732
- C:\Windows\System\qCRXeMT.exe
  C:\Windows\System\qCRXeMT.exe
  2⤵
  PID:3020
- C:\Windows\System\GODOpoy.exe
  C:\Windows\System\GODOpoy.exe
  2⤵
  PID:4276
- C:\Windows\System\TtKiVPz.exe
  C:\Windows\System\TtKiVPz.exe
  2⤵
  PID:3940
- C:\Windows\System\qOnWuRv.exe
  C:\Windows\System\qOnWuRv.exe
  2⤵
  PID:2260
- C:\Windows\System\JksSDfM.exe
  C:\Windows\System\JksSDfM.exe
  2⤵
  PID:5124
- C:\Windows\System\rqNKCer.exe
  C:\Windows\System\rqNKCer.exe
  2⤵
  PID:5152
- C:\Windows\System\KXyYqst.exe
  C:\Windows\System\KXyYqst.exe
  2⤵
  PID:5180
- C:\Windows\System\GvSOrfF.exe
  C:\Windows\System\GvSOrfF.exe
  2⤵
  PID:5208
- C:\Windows\System\NIHVorx.exe
  C:\Windows\System\NIHVorx.exe
  2⤵
  PID:5236
- C:\Windows\System\WWyUyLh.exe
  C:\Windows\System\WWyUyLh.exe
  2⤵
  PID:5252
- C:\Windows\System\zQBLzXb.exe
  C:\Windows\System\zQBLzXb.exe
  2⤵
  PID:5284
- C:\Windows\System\gzlzToi.exe
  C:\Windows\System\gzlzToi.exe
  2⤵
  PID:5320
- C:\Windows\System\qAkzaSG.exe
  C:\Windows\System\qAkzaSG.exe
  2⤵
  PID:5336
- C:\Windows\System\RRfmghv.exe
  C:\Windows\System\RRfmghv.exe
  2⤵
  PID:5356
- C:\Windows\System\hKsGotD.exe
  C:\Windows\System\hKsGotD.exe
  2⤵
  PID:5384
- C:\Windows\System\BonicYr.exe
  C:\Windows\System\BonicYr.exe
  2⤵
  PID:5420
- C:\Windows\System\bZoJUSb.exe
  C:\Windows\System\bZoJUSb.exe
  2⤵
  PID:5444
- C:\Windows\System\abrazaw.exe
  C:\Windows\System\abrazaw.exe
  2⤵
  PID:5472
- C:\Windows\System\UXjpZtT.exe
  C:\Windows\System\UXjpZtT.exe
  2⤵
  PID:5520
- C:\Windows\System\MjyUikv.exe
  C:\Windows\System\MjyUikv.exe
  2⤵
  PID:5540
- C:\Windows\System\ZCqQGvs.exe
  C:\Windows\System\ZCqQGvs.exe
  2⤵
  PID:5568
- C:\Windows\System\nLixDGx.exe
  C:\Windows\System\nLixDGx.exe
  2⤵
  PID:5596
- C:\Windows\System\etnRtIj.exe
  C:\Windows\System\etnRtIj.exe
  2⤵
  PID:5628
- C:\Windows\System\FjEJUUV.exe
  C:\Windows\System\FjEJUUV.exe
  2⤵
  PID:5656
- C:\Windows\System\YAkHlKp.exe
  C:\Windows\System\YAkHlKp.exe
  2⤵
  PID:5688
- C:\Windows\System\TlxcpKN.exe
  C:\Windows\System\TlxcpKN.exe
  2⤵
  PID:5720
- C:\Windows\System\LvsqXJV.exe
  C:\Windows\System\LvsqXJV.exe
  2⤵
  PID:5748
- C:\Windows\System\rQFReMf.exe
  C:\Windows\System\rQFReMf.exe
  2⤵
  PID:5776
- C:\Windows\System\AUTaGmj.exe
  C:\Windows\System\AUTaGmj.exe
  2⤵
  PID:5804
- C:\Windows\System\QBEWZMw.exe
  C:\Windows\System\QBEWZMw.exe
  2⤵
  PID:5832
- C:\Windows\System\EhdyNpx.exe
  C:\Windows\System\EhdyNpx.exe
  2⤵
  PID:5860
- C:\Windows\System\nAzvyVu.exe
  C:\Windows\System\nAzvyVu.exe
  2⤵
  PID:5892
- C:\Windows\System\DqCORpq.exe
  C:\Windows\System\DqCORpq.exe
  2⤵
  PID:5920
- C:\Windows\System\meVvqrB.exe
  C:\Windows\System\meVvqrB.exe
  2⤵
  PID:5948
- C:\Windows\System\xJtjSVJ.exe
  C:\Windows\System\xJtjSVJ.exe
  2⤵
  PID:5972
- C:\Windows\System\XVqauEG.exe
  C:\Windows\System\XVqauEG.exe
  2⤵
  PID:5988
- C:\Windows\System\bSPAPtD.exe
  C:\Windows\System\bSPAPtD.exe
  2⤵
  PID:6020
- C:\Windows\System\AQEOdaZ.exe
  C:\Windows\System\AQEOdaZ.exe
  2⤵
  PID:6056
- C:\Windows\System\SQtvCJF.exe
  C:\Windows\System\SQtvCJF.exe
  2⤵
  PID:6092
- C:\Windows\System\aXaiNxQ.exe
  C:\Windows\System\aXaiNxQ.exe
  2⤵
  PID:6108
- C:\Windows\System\xEdaJXE.exe
  C:\Windows\System\xEdaJXE.exe
  2⤵
  PID:6128
- C:\Windows\System\sUpBTxK.exe
  C:\Windows\System\sUpBTxK.exe
  2⤵
  PID:4340
- C:\Windows\System\YbiuaPP.exe
  C:\Windows\System\YbiuaPP.exe
  2⤵
  PID:5176
- C:\Windows\System\ZLBkFSg.exe
  C:\Windows\System\ZLBkFSg.exe
  2⤵
  PID:5248
- C:\Windows\System\FtAUdmX.exe
  C:\Windows\System\FtAUdmX.exe
  2⤵
  PID:5260
- C:\Windows\System\OCFtItj.exe
  C:\Windows\System\OCFtItj.exe
  2⤵
  PID:5348
- C:\Windows\System\pMEEAhf.exe
  C:\Windows\System\pMEEAhf.exe
  2⤵
  PID:5456
- C:\Windows\System\GDVQmNd.exe
  C:\Windows\System\GDVQmNd.exe
  2⤵
  PID:5556
- C:\Windows\System\AzhlMNc.exe
  C:\Windows\System\AzhlMNc.exe
  2⤵
  PID:5640
- C:\Windows\System\UoZzcqz.exe
  C:\Windows\System\UoZzcqz.exe
  2⤵
  PID:5684
- C:\Windows\System\opEoGFa.exe
  C:\Windows\System\opEoGFa.exe
  2⤵
  PID:5740
- C:\Windows\System\lbdmpMY.exe
  C:\Windows\System\lbdmpMY.exe
  2⤵
  PID:5824
- C:\Windows\System\ZKhxahy.exe
  C:\Windows\System\ZKhxahy.exe
  2⤵
  PID:5876
- C:\Windows\System\fOEQNGg.exe
  C:\Windows\System\fOEQNGg.exe
  2⤵
  PID:5964
- C:\Windows\System\eQLCuek.exe
  C:\Windows\System\eQLCuek.exe
  2⤵
  PID:6040
- C:\Windows\System\WLIGZfp.exe
  C:\Windows\System\WLIGZfp.exe
  2⤵
  PID:1752
- C:\Windows\System\dRPBQAy.exe
  C:\Windows\System\dRPBQAy.exe
  2⤵
  PID:5172
- C:\Windows\System\QLCvyNA.exe
  C:\Windows\System\QLCvyNA.exe
  2⤵
  PID:5148
- C:\Windows\System\ylFYiuX.exe
  C:\Windows\System\ylFYiuX.exe
  2⤵
  PID:5280
- C:\Windows\System\mTdNDSM.exe
  C:\Windows\System\mTdNDSM.exe
  2⤵
  PID:5344
- C:\Windows\System\YFSJnzL.exe
  C:\Windows\System\YFSJnzL.exe
  2⤵
  PID:5436
- C:\Windows\System\AFAmpit.exe
  C:\Windows\System\AFAmpit.exe
  2⤵
  PID:5528
- C:\Windows\System\GdmzVWM.exe
  C:\Windows\System\GdmzVWM.exe
  2⤵
  PID:5664
- C:\Windows\System\rPafkcr.exe
  C:\Windows\System\rPafkcr.exe
  2⤵
  PID:5816
- C:\Windows\System\modahZF.exe
  C:\Windows\System\modahZF.exe
  2⤵
  PID:6084
- C:\Windows\System\tQDROzT.exe
  C:\Windows\System\tQDROzT.exe
  2⤵
  PID:5428
- C:\Windows\System\kielDNj.exe
  C:\Windows\System\kielDNj.exe
  2⤵
  PID:5580
- C:\Windows\System\jeeilSY.exe
  C:\Windows\System\jeeilSY.exe
  2⤵
  PID:5916
- C:\Windows\System\QDwFAhu.exe
  C:\Windows\System\QDwFAhu.exe
  2⤵
  PID:6136
- C:\Windows\System\ydvlxFJ.exe
  C:\Windows\System\ydvlxFJ.exe
  2⤵
  PID:6156
- C:\Windows\System\vRIYNJx.exe
  C:\Windows\System\vRIYNJx.exe
  2⤵
  PID:6184
- C:\Windows\System\mlspFSl.exe
  C:\Windows\System\mlspFSl.exe
  2⤵
  PID:6216
- C:\Windows\System\GpNwJCI.exe
  C:\Windows\System\GpNwJCI.exe
  2⤵
  PID:6244
- C:\Windows\System\IKmxkwZ.exe
  C:\Windows\System\IKmxkwZ.exe
  2⤵
  PID:6280
- C:\Windows\System\DDORpaj.exe
  C:\Windows\System\DDORpaj.exe
  2⤵
  PID:6308
- C:\Windows\System\nqXaKkl.exe
  C:\Windows\System\nqXaKkl.exe
  2⤵
  PID:6344
- C:\Windows\System\aBubnWR.exe
  C:\Windows\System\aBubnWR.exe
  2⤵
  PID:6364
- C:\Windows\System\nLCCHtk.exe
  C:\Windows\System\nLCCHtk.exe
  2⤵
  PID:6388
- C:\Windows\System\SqGAwBE.exe
  C:\Windows\System\SqGAwBE.exe
  2⤵
  PID:6408
- C:\Windows\System\DVluhSK.exe
  C:\Windows\System\DVluhSK.exe
  2⤵
  PID:6440
- C:\Windows\System\QJtAXlw.exe
  C:\Windows\System\QJtAXlw.exe
  2⤵
  PID:6464
- C:\Windows\System\reKFtHP.exe
  C:\Windows\System\reKFtHP.exe
  2⤵
  PID:6488
- C:\Windows\System\eigWElb.exe
  C:\Windows\System\eigWElb.exe
  2⤵
  PID:6512
- C:\Windows\System\tyOCQMS.exe
  C:\Windows\System\tyOCQMS.exe
  2⤵
  PID:6540
- C:\Windows\System\Jsgxgda.exe
  C:\Windows\System\Jsgxgda.exe
  2⤵
  PID:6572
- C:\Windows\System\WpnlkAl.exe
  C:\Windows\System\WpnlkAl.exe
  2⤵
  PID:6596
- C:\Windows\System\IzTMwNk.exe
  C:\Windows\System\IzTMwNk.exe
  2⤵
  PID:6636
- C:\Windows\System\Vsqjxsk.exe
  C:\Windows\System\Vsqjxsk.exe
  2⤵
  PID:6672
- C:\Windows\System\QpbRNqb.exe
  C:\Windows\System\QpbRNqb.exe
  2⤵
  PID:6700
- C:\Windows\System\GYPcHTl.exe
  C:\Windows\System\GYPcHTl.exe
  2⤵
  PID:6732
- C:\Windows\System\ioVqDvP.exe
  C:\Windows\System\ioVqDvP.exe
  2⤵
  PID:6756
- C:\Windows\System\svlymRq.exe
  C:\Windows\System\svlymRq.exe
  2⤵
  PID:6776
- C:\Windows\System\FLuEWpG.exe
  C:\Windows\System\FLuEWpG.exe
  2⤵
  PID:6800
- C:\Windows\System\NqxnRlq.exe
  C:\Windows\System\NqxnRlq.exe
  2⤵
  PID:6816
- C:\Windows\System\nmSUTuO.exe
  C:\Windows\System\nmSUTuO.exe
  2⤵
  PID:6832
- C:\Windows\System\KdabymB.exe
  C:\Windows\System\KdabymB.exe
  2⤵
  PID:6872
- C:\Windows\System\XtWfSHU.exe
  C:\Windows\System\XtWfSHU.exe
  2⤵
  PID:6900
- C:\Windows\System\zPBEDmn.exe
  C:\Windows\System\zPBEDmn.exe
  2⤵
  PID:6928
- C:\Windows\System\PtbjLWo.exe
  C:\Windows\System\PtbjLWo.exe
  2⤵
  PID:6976
- C:\Windows\System\GoRvNBb.exe
  C:\Windows\System\GoRvNBb.exe
  2⤵
  PID:7004
- C:\Windows\System\LZRpqNr.exe
  C:\Windows\System\LZRpqNr.exe
  2⤵
  PID:7036
- C:\Windows\System\YSTrBWI.exe
  C:\Windows\System\YSTrBWI.exe
  2⤵
  PID:7064
- C:\Windows\System\rjszvUc.exe
  C:\Windows\System\rjszvUc.exe
  2⤵
  PID:7100
- C:\Windows\System\MnaGSXv.exe
  C:\Windows\System\MnaGSXv.exe
  2⤵
  PID:7132
- C:\Windows\System\YnLRBdv.exe
  C:\Windows\System\YnLRBdv.exe
  2⤵
  PID:7160
- C:\Windows\System\TAPBeQt.exe
  C:\Windows\System\TAPBeQt.exe
  2⤵
  PID:6004
- C:\Windows\System\wtEqtjR.exe
  C:\Windows\System\wtEqtjR.exe
  2⤵
  PID:6264
- C:\Windows\System\SrRqeIl.exe
  C:\Windows\System\SrRqeIl.exe
  2⤵
  PID:2232
- C:\Windows\System\RYmJpyj.exe
  C:\Windows\System\RYmJpyj.exe
  2⤵
  PID:6340
- C:\Windows\System\yLitHnE.exe
  C:\Windows\System\yLitHnE.exe
  2⤵
  PID:816
- C:\Windows\System\toSwJgc.exe
  C:\Windows\System\toSwJgc.exe
  2⤵
  PID:6384
- C:\Windows\System\kvACvMK.exe
  C:\Windows\System\kvACvMK.exe
  2⤵
  PID:6428
- C:\Windows\System\dyujgFW.exe
  C:\Windows\System\dyujgFW.exe
  2⤵
  PID:6484
- C:\Windows\System\QCsDJDv.exe
  C:\Windows\System\QCsDJDv.exe
  2⤵
  PID:6480
- C:\Windows\System\wqgqXgm.exe
  C:\Windows\System\wqgqXgm.exe
  2⤵
  PID:6532
- C:\Windows\System\lYhdXYB.exe
  C:\Windows\System\lYhdXYB.exe
  2⤵
  PID:6684
- C:\Windows\System\CJciBVq.exe
  C:\Windows\System\CJciBVq.exe
  2⤵
  PID:6720
- C:\Windows\System\SPeQjJF.exe
  C:\Windows\System\SPeQjJF.exe
  2⤵
  PID:6764
- C:\Windows\System\tetdDVE.exe
  C:\Windows\System\tetdDVE.exe
  2⤵
  PID:6896
- C:\Windows\System\cCxsESn.exe
  C:\Windows\System\cCxsESn.exe
  2⤵
  PID:6940
- C:\Windows\System\PjtTnqr.exe
  C:\Windows\System\PjtTnqr.exe
  2⤵
  PID:7012
- C:\Windows\System\xHJeycn.exe
  C:\Windows\System\xHJeycn.exe
  2⤵
  PID:7096
- C:\Windows\System\BSOOXND.exe
  C:\Windows\System\BSOOXND.exe
  2⤵
  PID:6152
- C:\Windows\System\IHTCBsy.exe
  C:\Windows\System\IHTCBsy.exe
  2⤵
  PID:6212
- C:\Windows\System\wHhYLij.exe
  C:\Windows\System\wHhYLij.exe
  2⤵
  PID:6360
- C:\Windows\System\OvMAUSz.exe
  C:\Windows\System\OvMAUSz.exe
  2⤵
  PID:6500
- C:\Windows\System\gRfSDjH.exe
  C:\Windows\System\gRfSDjH.exe
  2⤵
  PID:6588
- C:\Windows\System\WJeVFhY.exe
  C:\Windows\System\WJeVFhY.exe
  2⤵
  PID:6620
- C:\Windows\System\WnmBOHh.exe
  C:\Windows\System\WnmBOHh.exe
  2⤵
  PID:6712
- C:\Windows\System\RMzYnKV.exe
  C:\Windows\System\RMzYnKV.exe
  2⤵
  PID:6744
- C:\Windows\System\gwytaky.exe
  C:\Windows\System\gwytaky.exe
  2⤵
  PID:7124
- C:\Windows\System\tHQlIyV.exe
  C:\Windows\System\tHQlIyV.exe
  2⤵
  PID:6252
- C:\Windows\System\MMYOaLF.exe
  C:\Windows\System\MMYOaLF.exe
  2⤵
  PID:6436
- C:\Windows\System\KsSQDKm.exe
  C:\Windows\System\KsSQDKm.exe
  2⤵
  PID:6912
- C:\Windows\System\hBpXMGr.exe
  C:\Windows\System\hBpXMGr.exe
  2⤵
  PID:6988
- C:\Windows\System\KDIlpAs.exe
  C:\Windows\System\KDIlpAs.exe
  2⤵
  PID:7184
- C:\Windows\System\zlJjdeW.exe
  C:\Windows\System\zlJjdeW.exe
  2⤵
  PID:7224
- C:\Windows\System\AbGoVxG.exe
  C:\Windows\System\AbGoVxG.exe
  2⤵
  PID:7244
- C:\Windows\System\LBpUaeb.exe
  C:\Windows\System\LBpUaeb.exe
  2⤵
  PID:7272
- C:\Windows\System\hXQvNYJ.exe
  C:\Windows\System\hXQvNYJ.exe
  2⤵
  PID:7300
- C:\Windows\System\FjwKYue.exe
  C:\Windows\System\FjwKYue.exe
  2⤵
  PID:7324
- C:\Windows\System\hiCDNGV.exe
  C:\Windows\System\hiCDNGV.exe
  2⤵
  PID:7360
- C:\Windows\System\tpIaNol.exe
  C:\Windows\System\tpIaNol.exe
  2⤵
  PID:7384
- C:\Windows\System\hZwqwjE.exe
  C:\Windows\System\hZwqwjE.exe
  2⤵
  PID:7408
- C:\Windows\System\dokwYNw.exe
  C:\Windows\System\dokwYNw.exe
  2⤵
  PID:7444
- C:\Windows\System\GihvOeb.exe
  C:\Windows\System\GihvOeb.exe
  2⤵
  PID:7472
- C:\Windows\System\FBbLEOS.exe
  C:\Windows\System\FBbLEOS.exe
  2⤵
  PID:7500
- C:\Windows\System\citnmwf.exe
  C:\Windows\System\citnmwf.exe
  2⤵
  PID:7532
- C:\Windows\System\ncBsFPm.exe
  C:\Windows\System\ncBsFPm.exe
  2⤵
  PID:7560
- C:\Windows\System\gnuLHNX.exe
  C:\Windows\System\gnuLHNX.exe
  2⤵
  PID:7604
- C:\Windows\System\waWOTWV.exe
  C:\Windows\System\waWOTWV.exe
  2⤵
  PID:7640
- C:\Windows\System\VuyijWy.exe
  C:\Windows\System\VuyijWy.exe
  2⤵
  PID:7676
- C:\Windows\System\llnbWHp.exe
  C:\Windows\System\llnbWHp.exe
  2⤵
  PID:7712
- C:\Windows\System\cRwCowL.exe
  C:\Windows\System\cRwCowL.exe
  2⤵
  PID:7740
- C:\Windows\System\BJfqVHJ.exe
  C:\Windows\System\BJfqVHJ.exe
  2⤵
  PID:7792
- C:\Windows\System\jLciJku.exe
  C:\Windows\System\jLciJku.exe
  2⤵
  PID:7824
- C:\Windows\System\sYMEKoy.exe
  C:\Windows\System\sYMEKoy.exe
  2⤵
  PID:7856
- C:\Windows\System\JKEpPds.exe
  C:\Windows\System\JKEpPds.exe
  2⤵
  PID:7884
- C:\Windows\System\sVvdlat.exe
  C:\Windows\System\sVvdlat.exe
  2⤵
  PID:7912
- C:\Windows\System\saXrFDj.exe
  C:\Windows\System\saXrFDj.exe
  2⤵
  PID:7940
- C:\Windows\System\vXgVYSW.exe
  C:\Windows\System\vXgVYSW.exe
  2⤵
  PID:7968
- C:\Windows\System\nypcUlu.exe
  C:\Windows\System\nypcUlu.exe
  2⤵
  PID:8000
- C:\Windows\System\iELsCUL.exe
  C:\Windows\System\iELsCUL.exe
  2⤵
  PID:8028
- C:\Windows\System\ckTTIup.exe
  C:\Windows\System\ckTTIup.exe
  2⤵
  PID:8056
- C:\Windows\System\wqpWKtV.exe
  C:\Windows\System\wqpWKtV.exe
  2⤵
  PID:8084
- C:\Windows\System\HBOUkjy.exe
  C:\Windows\System\HBOUkjy.exe
  2⤵
  PID:8112
- C:\Windows\System\TQzCkzc.exe
  C:\Windows\System\TQzCkzc.exe
  2⤵
  PID:8140
- C:\Windows\System\qGQelkC.exe
  C:\Windows\System\qGQelkC.exe
  2⤵
  PID:8156
- C:\Windows\System\XNdRghB.exe
  C:\Windows\System\XNdRghB.exe
  2⤵
  PID:6564
- C:\Windows\System\kScfKGp.exe
  C:\Windows\System\kScfKGp.exe
  2⤵
  PID:7180
- C:\Windows\System\oXHHrUC.exe
  C:\Windows\System\oXHHrUC.exe
  2⤵
  PID:7212
- C:\Windows\System\gIMTvKQ.exe
  C:\Windows\System\gIMTvKQ.exe
  2⤵
  PID:7236
- C:\Windows\System\ndTpuqg.exe
  C:\Windows\System\ndTpuqg.exe
  2⤵
  PID:7312
- C:\Windows\System\rXFuIzU.exe
  C:\Windows\System\rXFuIzU.exe
  2⤵
  PID:7440
- C:\Windows\System\DRUuewK.exe
  C:\Windows\System\DRUuewK.exe
  2⤵
  PID:7420
- C:\Windows\System\mbsMAiJ.exe
  C:\Windows\System\mbsMAiJ.exe
  2⤵
  PID:7496
- C:\Windows\System\yOxFOyI.exe
  C:\Windows\System\yOxFOyI.exe
  2⤵
  PID:2712
- C:\Windows\System\mdCGrSn.exe
  C:\Windows\System\mdCGrSn.exe
  2⤵
  PID:7664
- C:\Windows\System\RPinqsJ.exe
  C:\Windows\System\RPinqsJ.exe
  2⤵
  PID:7656
- C:\Windows\System\cXLHlEG.exe
  C:\Windows\System\cXLHlEG.exe
  2⤵
  PID:7736
- C:\Windows\System\RemxBQA.exe
  C:\Windows\System\RemxBQA.exe
  2⤵
  PID:7812
- C:\Windows\System\pBNXjOq.exe
  C:\Windows\System\pBNXjOq.exe
  2⤵
  PID:7848
- C:\Windows\System\auNegUI.exe
  C:\Windows\System\auNegUI.exe
  2⤵
  PID:7924
- C:\Windows\System\umXwGzt.exe
  C:\Windows\System\umXwGzt.exe
  2⤵
  PID:7964
- C:\Windows\System\mRgJAKI.exe
  C:\Windows\System\mRgJAKI.exe
  2⤵
  PID:8020
- C:\Windows\System\fpkDWiL.exe
  C:\Windows\System\fpkDWiL.exe
  2⤵
  PID:8080
- C:\Windows\System\hXgWORe.exe
  C:\Windows\System\hXgWORe.exe
  2⤵
  PID:8136
- C:\Windows\System\MIsCCWQ.exe
  C:\Windows\System\MIsCCWQ.exe
  2⤵
  PID:7176
- C:\Windows\System\fDWRHkb.exe
  C:\Windows\System\fDWRHkb.exe
  2⤵
  PID:7340
- C:\Windows\System\xVFqtos.exe
  C:\Windows\System\xVFqtos.exe
  2⤵
  PID:7464
- C:\Windows\System\giXkNPq.exe
  C:\Windows\System\giXkNPq.exe
  2⤵
  PID:7528
- C:\Windows\System\FRejNAb.exe
  C:\Windows\System\FRejNAb.exe
  2⤵
  PID:7700
- C:\Windows\System\Kxkiyoo.exe
  C:\Windows\System\Kxkiyoo.exe
  2⤵
  PID:7908
- C:\Windows\System\YNihoRt.exe
  C:\Windows\System\YNihoRt.exe
  2⤵
  PID:8012
- C:\Windows\System\EMsqEBz.exe
  C:\Windows\System\EMsqEBz.exe
  2⤵
  PID:8124
- C:\Windows\System\OrlWbfg.exe
  C:\Windows\System\OrlWbfg.exe
  2⤵
  PID:7172
- C:\Windows\System\vWSNPQO.exe
  C:\Windows\System\vWSNPQO.exe
  2⤵
  PID:7624
- C:\Windows\System\lCLUzJS.exe
  C:\Windows\System\lCLUzJS.exe
  2⤵
  PID:7768
- C:\Windows\System\puJZYTi.exe
  C:\Windows\System\puJZYTi.exe
  2⤵
  PID:8196
- C:\Windows\System\asAhHHy.exe
  C:\Windows\System\asAhHHy.exe
  2⤵
  PID:8224
- C:\Windows\System\sZOiutg.exe
  C:\Windows\System\sZOiutg.exe
  2⤵
  PID:8256
- C:\Windows\System\aWcivht.exe
  C:\Windows\System\aWcivht.exe
  2⤵
  PID:8288
- C:\Windows\System\USJDlAO.exe
  C:\Windows\System\USJDlAO.exe
  2⤵
  PID:8316
- C:\Windows\System\llVrcTu.exe
  C:\Windows\System\llVrcTu.exe
  2⤵
  PID:8344
- C:\Windows\System\KXUjxmT.exe
  C:\Windows\System\KXUjxmT.exe
  2⤵
  PID:8372
- C:\Windows\System\wcIcoox.exe
  C:\Windows\System\wcIcoox.exe
  2⤵
  PID:8400
- C:\Windows\System\mQNFKEY.exe
  C:\Windows\System\mQNFKEY.exe
  2⤵
  PID:8424
- C:\Windows\System\ThgOFxx.exe
  C:\Windows\System\ThgOFxx.exe
  2⤵
  PID:8464
- C:\Windows\System\KTnBLjD.exe
  C:\Windows\System\KTnBLjD.exe
  2⤵
  PID:8492
- C:\Windows\System\vEqUgew.exe
  C:\Windows\System\vEqUgew.exe
  2⤵
  PID:8524
- C:\Windows\System\QAUZSqN.exe
  C:\Windows\System\QAUZSqN.exe
  2⤵
  PID:8552
- C:\Windows\System\hYjuAbt.exe
  C:\Windows\System\hYjuAbt.exe
  2⤵
  PID:8584
- C:\Windows\System\QadDPEC.exe
  C:\Windows\System\QadDPEC.exe
  2⤵
  PID:8608
- C:\Windows\System\jsCNwDR.exe
  C:\Windows\System\jsCNwDR.exe
  2⤵
  PID:8644
- C:\Windows\System\STcaDPc.exe
  C:\Windows\System\STcaDPc.exe
  2⤵
  PID:8672
- C:\Windows\System\drGWANX.exe
  C:\Windows\System\drGWANX.exe
  2⤵
  PID:8704
- C:\Windows\System\GhAuWNt.exe
  C:\Windows\System\GhAuWNt.exe
  2⤵
  PID:8732
- C:\Windows\System\DHgeyYm.exe
  C:\Windows\System\DHgeyYm.exe
  2⤵
  PID:8756
- C:\Windows\System\gJOImEJ.exe
  C:\Windows\System\gJOImEJ.exe
  2⤵
  PID:8788
- C:\Windows\System\QVWJIUs.exe
  C:\Windows\System\QVWJIUs.exe
  2⤵
  PID:8820
- C:\Windows\System\xfJDubP.exe
  C:\Windows\System\xfJDubP.exe
  2⤵
  PID:8844
- C:\Windows\System\Zybnfyp.exe
  C:\Windows\System\Zybnfyp.exe
  2⤵
  PID:8860
- C:\Windows\System\MFCIPTt.exe
  C:\Windows\System\MFCIPTt.exe
  2⤵
  PID:8880
- C:\Windows\System\zTQYiHM.exe
  C:\Windows\System\zTQYiHM.exe
  2⤵
  PID:8912
- C:\Windows\System\bJuAYMf.exe
  C:\Windows\System\bJuAYMf.exe
  2⤵
  PID:8932
- C:\Windows\System\AinaFvi.exe
  C:\Windows\System\AinaFvi.exe
  2⤵
  PID:8960
- C:\Windows\System\sirJGIs.exe
  C:\Windows\System\sirJGIs.exe
  2⤵
  PID:8980
- C:\Windows\System\czoSjCZ.exe
  C:\Windows\System\czoSjCZ.exe
  2⤵
  PID:9004
- C:\Windows\System\UxhxugA.exe
  C:\Windows\System\UxhxugA.exe
  2⤵
  PID:9028
- C:\Windows\System\rrITMjo.exe
  C:\Windows\System\rrITMjo.exe
  2⤵
  PID:9048
- C:\Windows\System\ECdziCS.exe
  C:\Windows\System\ECdziCS.exe
  2⤵
  PID:9076
- C:\Windows\System\EBrHiVw.exe
  C:\Windows\System\EBrHiVw.exe
  2⤵
  PID:9100
- C:\Windows\System\BKUFIam.exe
  C:\Windows\System\BKUFIam.exe
  2⤵
  PID:9128
- C:\Windows\System\jSkBqZC.exe
  C:\Windows\System\jSkBqZC.exe
  2⤵
  PID:9156
- C:\Windows\System\xEIMfyH.exe
  C:\Windows\System\xEIMfyH.exe
  2⤵
  PID:9184
- C:\Windows\System\FwGSobP.exe
  C:\Windows\System\FwGSobP.exe
  2⤵
  PID:9212
- C:\Windows\System\jsfkfGq.exe
  C:\Windows\System\jsfkfGq.exe
  2⤵
  PID:7728
- C:\Windows\System\zvVYmwc.exe
  C:\Windows\System\zvVYmwc.exe
  2⤵
  PID:8212
- C:\Windows\System\OkUPzbS.exe
  C:\Windows\System\OkUPzbS.exe
  2⤵
  PID:8304
- C:\Windows\System\EyoUyEc.exe
  C:\Windows\System\EyoUyEc.exe
  2⤵
  PID:8388
- C:\Windows\System\DNFEOwM.exe
  C:\Windows\System\DNFEOwM.exe
  2⤵
  PID:8516
- C:\Windows\System\yqcshKA.exe
  C:\Windows\System\yqcshKA.exe
  2⤵
  PID:8540
- C:\Windows\System\NURmgLf.exe
  C:\Windows\System\NURmgLf.exe
  2⤵
  PID:8572
- C:\Windows\System\UMRPPHt.exe
  C:\Windows\System\UMRPPHt.exe
  2⤵
  PID:8668
- C:\Windows\System\nEgKJXw.exe
  C:\Windows\System\nEgKJXw.exe
  2⤵
  PID:8748
- C:\Windows\System\LaRgRtp.exe
  C:\Windows\System\LaRgRtp.exe
  2⤵
  PID:8812
- C:\Windows\System\NEJqiaK.exe
  C:\Windows\System\NEJqiaK.exe
  2⤵
  PID:8928
- C:\Windows\System\NAzcSdp.exe
  C:\Windows\System\NAzcSdp.exe
  2⤵
  PID:8956
- C:\Windows\System\pjHUnsQ.exe
  C:\Windows\System\pjHUnsQ.exe
  2⤵
  PID:9020
- C:\Windows\System\MoCvFwg.exe
  C:\Windows\System\MoCvFwg.exe
  2⤵
  PID:8992
- C:\Windows\System\wjklonY.exe
  C:\Windows\System\wjklonY.exe
  2⤵
  PID:9152
- C:\Windows\System\ferUDzE.exe
  C:\Windows\System\ferUDzE.exe
  2⤵
  PID:9124
- C:\Windows\System\jUXpvrs.exe
  C:\Windows\System\jUXpvrs.exe
  2⤵
  PID:8176
- C:\Windows\System\HXfhsgR.exe
  C:\Windows\System\HXfhsgR.exe
  2⤵
  PID:8360
- C:\Windows\System\TeSRXfW.exe
  C:\Windows\System\TeSRXfW.exe
  2⤵
  PID:8444
- C:\Windows\System\gOVDfAO.exe
  C:\Windows\System\gOVDfAO.exe
  2⤵
  PID:8724
- C:\Windows\System\CPjzHSn.exe
  C:\Windows\System\CPjzHSn.exe
  2⤵
  PID:8596
- C:\Windows\System\xIEgFrq.exe
  C:\Windows\System\xIEgFrq.exe
  2⤵
  PID:8852
- C:\Windows\System\JlPkonk.exe
  C:\Windows\System\JlPkonk.exe
  2⤵
  PID:8972
- C:\Windows\System\NYumSvg.exe
  C:\Windows\System\NYumSvg.exe
  2⤵
  PID:9036
- C:\Windows\System\oljIFxj.exe
  C:\Windows\System\oljIFxj.exe
  2⤵
  PID:8276
- C:\Windows\System\JkAYQZZ.exe
  C:\Windows\System\JkAYQZZ.exe
  2⤵
  PID:8564
- C:\Windows\System\IFpaTTV.exe
  C:\Windows\System\IFpaTTV.exe
  2⤵
  PID:8380
- C:\Windows\System\awaWjID.exe
  C:\Windows\System\awaWjID.exe
  2⤵
  PID:9240
- C:\Windows\System\RcQnyRh.exe
  C:\Windows\System\RcQnyRh.exe
  2⤵
  PID:9260
- C:\Windows\System\qzCHBZc.exe
  C:\Windows\System\qzCHBZc.exe
  2⤵
  PID:9292
- C:\Windows\System\AwNfubE.exe
  C:\Windows\System\AwNfubE.exe
  2⤵
  PID:9312
- C:\Windows\System\KtMqQGs.exe
  C:\Windows\System\KtMqQGs.exe
  2⤵
  PID:9340
- C:\Windows\System\ZhEDONG.exe
  C:\Windows\System\ZhEDONG.exe
  2⤵
  PID:9368
- C:\Windows\System\axGGyAw.exe
  C:\Windows\System\axGGyAw.exe
  2⤵
  PID:9396
- C:\Windows\System\NuVUsSw.exe
  C:\Windows\System\NuVUsSw.exe
  2⤵
  PID:9424
- C:\Windows\System\tkVgBRK.exe
  C:\Windows\System\tkVgBRK.exe
  2⤵
  PID:9452
- C:\Windows\System\wiPuMyV.exe
  C:\Windows\System\wiPuMyV.exe
  2⤵
  PID:9488
- C:\Windows\System\vPnzDZq.exe
  C:\Windows\System\vPnzDZq.exe
  2⤵
  PID:9512
- C:\Windows\System\GqFYPbi.exe
  C:\Windows\System\GqFYPbi.exe
  2⤵
  PID:9548
- C:\Windows\System\wvoMWyk.exe
  C:\Windows\System\wvoMWyk.exe
  2⤵
  PID:9572
- C:\Windows\System\qFoYlho.exe
  C:\Windows\System\qFoYlho.exe
  2⤵
  PID:9600
- C:\Windows\System\uJzcXGe.exe
  C:\Windows\System\uJzcXGe.exe
  2⤵
  PID:9616
- C:\Windows\System\iBhxWrV.exe
  C:\Windows\System\iBhxWrV.exe
  2⤵
  PID:9640
- C:\Windows\System\ZjQyXXv.exe
  C:\Windows\System\ZjQyXXv.exe
  2⤵
  PID:9660
- C:\Windows\System\DYONASo.exe
  C:\Windows\System\DYONASo.exe
  2⤵
  PID:9684
- C:\Windows\System\RHIJsIW.exe
  C:\Windows\System\RHIJsIW.exe
  2⤵
  PID:9716
- C:\Windows\System\gpaSkXF.exe
  C:\Windows\System\gpaSkXF.exe
  2⤵
  PID:9756
- C:\Windows\System\IILSYTa.exe
  C:\Windows\System\IILSYTa.exe
  2⤵
  PID:9784
- C:\Windows\System\hvhYiVR.exe
  C:\Windows\System\hvhYiVR.exe
  2⤵
  PID:9804
- C:\Windows\System\qRwClIl.exe
  C:\Windows\System\qRwClIl.exe
  2⤵
  PID:9836
- C:\Windows\System\hrFmlyW.exe
  C:\Windows\System\hrFmlyW.exe
  2⤵
  PID:9872
- C:\Windows\System\mnPCEEx.exe
  C:\Windows\System\mnPCEEx.exe
  2⤵
  PID:9900
- C:\Windows\System\HPWrzyf.exe
  C:\Windows\System\HPWrzyf.exe
  2⤵
  PID:9928
- C:\Windows\System\AsNjyFk.exe
  C:\Windows\System\AsNjyFk.exe
  2⤵
  PID:9960
- C:\Windows\System\vhpDKNI.exe
  C:\Windows\System\vhpDKNI.exe
  2⤵
  PID:9980
- C:\Windows\System\JCkDqtt.exe
  C:\Windows\System\JCkDqtt.exe
  2⤵
  PID:9996
- C:\Windows\System\iOwienU.exe
  C:\Windows\System\iOwienU.exe
  2⤵
  PID:10020
- C:\Windows\System\XRCZDEo.exe
  C:\Windows\System\XRCZDEo.exe
  2⤵
  PID:10048
- C:\Windows\System\EOuKXIs.exe
  C:\Windows\System\EOuKXIs.exe
  2⤵
  PID:10072
- C:\Windows\System\LjTAxhR.exe
  C:\Windows\System\LjTAxhR.exe
  2⤵
  PID:10096
- C:\Windows\System\RwRdbxu.exe
  C:\Windows\System\RwRdbxu.exe
  2⤵
  PID:10124
- C:\Windows\System\ocLoRiU.exe
  C:\Windows\System\ocLoRiU.exe
  2⤵
  PID:10152
- C:\Windows\System\tVJutPK.exe
  C:\Windows\System\tVJutPK.exe
  2⤵
  PID:10176
- C:\Windows\System\oQjkyEE.exe
  C:\Windows\System\oQjkyEE.exe
  2⤵
  PID:10216
- C:\Windows\System\hNeNxJy.exe
  C:\Windows\System\hNeNxJy.exe
  2⤵
  PID:4320
- C:\Windows\System\AniSHDT.exe
  C:\Windows\System\AniSHDT.exe
  2⤵
  PID:9232
- C:\Windows\System\lQIDMSe.exe
  C:\Windows\System\lQIDMSe.exe
  2⤵
  PID:9304
- C:\Windows\System\OeCHiFK.exe
  C:\Windows\System\OeCHiFK.exe
  2⤵
  PID:3528
- C:\Windows\System\oDSTIkQ.exe
  C:\Windows\System\oDSTIkQ.exe
  2⤵
  PID:9352
- C:\Windows\System\dgUpwVz.exe
  C:\Windows\System\dgUpwVz.exe
  2⤵
  PID:9504
- C:\Windows\System\WEQlTmU.exe
  C:\Windows\System\WEQlTmU.exe
  2⤵
  PID:9460
- C:\Windows\System\eOOOFNw.exe
  C:\Windows\System\eOOOFNw.exe
  2⤵
  PID:9544
- C:\Windows\System\SwZfUuY.exe
  C:\Windows\System\SwZfUuY.exe
  2⤵
  PID:9612
- C:\Windows\System\yyHBiCf.exe
  C:\Windows\System\yyHBiCf.exe
  2⤵
  PID:9748
- C:\Windows\System\qbMMXgF.exe
  C:\Windows\System\qbMMXgF.exe
  2⤵
  PID:9672
- C:\Windows\System\LPTgTJx.exe
  C:\Windows\System\LPTgTJx.exe
  2⤵
  PID:9796
- C:\Windows\System\AUAYkTf.exe
  C:\Windows\System\AUAYkTf.exe
  2⤵
  PID:9948
- C:\Windows\System\DxzdVKf.exe
  C:\Windows\System\DxzdVKf.exe
  2⤵
  PID:9816
- C:\Windows\System\DvhNTXN.exe
  C:\Windows\System\DvhNTXN.exe
  2⤵
  PID:10164
- C:\Windows\System\TGaYVgh.exe
  C:\Windows\System\TGaYVgh.exe
  2⤵
  PID:10192
- C:\Windows\System\ODHEXVL.exe
  C:\Windows\System\ODHEXVL.exe
  2⤵
  PID:9196
- C:\Windows\System\mpaQOFI.exe
  C:\Windows\System\mpaQOFI.exe
  2⤵
  PID:10116
- C:\Windows\System\zmUIBnI.exe
  C:\Windows\System\zmUIBnI.exe
  2⤵
  PID:9328
- C:\Windows\System\veMynCI.exe
  C:\Windows\System\veMynCI.exe
  2⤵
  PID:9440
- C:\Windows\System\ugHQDpE.exe
  C:\Windows\System\ugHQDpE.exe
  2⤵
  PID:9404
- C:\Windows\System\Tppuqds.exe
  C:\Windows\System\Tppuqds.exe
  2⤵
  PID:9708
- C:\Windows\System\ylPyeEw.exe
  C:\Windows\System\ylPyeEw.exe
  2⤵
  PID:9988
- C:\Windows\System\CXJJdqA.exe
  C:\Windows\System\CXJJdqA.exe
  2⤵
  PID:9972
- C:\Windows\System\LnsQfyS.exe
  C:\Windows\System\LnsQfyS.exe
  2⤵
  PID:10068
- C:\Windows\System\RSTCMvb.exe
  C:\Windows\System\RSTCMvb.exe
  2⤵
  PID:9384
- C:\Windows\System\oGXJDzy.exe
  C:\Windows\System\oGXJDzy.exe
  2⤵
  PID:9528
- C:\Windows\System\jxQUVSU.exe
  C:\Windows\System\jxQUVSU.exe
  2⤵
  PID:4472
- C:\Windows\System\SQXgbCo.exe
  C:\Windows\System\SQXgbCo.exe
  2⤵
  PID:9536
- C:\Windows\System\BxfubpB.exe
  C:\Windows\System\BxfubpB.exe
  2⤵
  PID:10256
- C:\Windows\System\dQTXJoJ.exe
  C:\Windows\System\dQTXJoJ.exe
  2⤵
  PID:10280
- C:\Windows\System\SerPXtb.exe
  C:\Windows\System\SerPXtb.exe
  2⤵
  PID:10304
- C:\Windows\System\iUqJLYG.exe
  C:\Windows\System\iUqJLYG.exe
  2⤵
  PID:10320
- C:\Windows\System\JHSsKqP.exe
  C:\Windows\System\JHSsKqP.exe
  2⤵
  PID:10348
- C:\Windows\System\yhwJRhl.exe
  C:\Windows\System\yhwJRhl.exe
  2⤵
  PID:10384
- C:\Windows\System\TXIayWu.exe
  C:\Windows\System\TXIayWu.exe
  2⤵
  PID:10408
- C:\Windows\System\NoZYnbe.exe
  C:\Windows\System\NoZYnbe.exe
  2⤵
  PID:10428
- C:\Windows\System\Adzhxgh.exe
  C:\Windows\System\Adzhxgh.exe
  2⤵
  PID:10452
- C:\Windows\System\RsTDdpT.exe
  C:\Windows\System\RsTDdpT.exe
  2⤵
  PID:10476
- C:\Windows\System\estAlsw.exe
  C:\Windows\System\estAlsw.exe
  2⤵
  PID:10516
- C:\Windows\System\rmqvHGT.exe
  C:\Windows\System\rmqvHGT.exe
  2⤵
  PID:10532
- C:\Windows\System\dOVzVPJ.exe
  C:\Windows\System\dOVzVPJ.exe
  2⤵
  PID:10556
- C:\Windows\System\kRRnKfi.exe
  C:\Windows\System\kRRnKfi.exe
  2⤵
  PID:10592
- C:\Windows\System\GLnPIFS.exe
  C:\Windows\System\GLnPIFS.exe
  2⤵
  PID:10620
- C:\Windows\System\gPOBFQn.exe
  C:\Windows\System\gPOBFQn.exe
  2⤵
  PID:10640
- C:\Windows\System\RZyPuLr.exe
  C:\Windows\System\RZyPuLr.exe
  2⤵
  PID:10672
- C:\Windows\System\jBsIdTw.exe
  C:\Windows\System\jBsIdTw.exe
  2⤵
  PID:10704
- C:\Windows\System\phkyDRq.exe
  C:\Windows\System\phkyDRq.exe
  2⤵
  PID:10724
- C:\Windows\System\acRISHg.exe
  C:\Windows\System\acRISHg.exe
  2⤵
  PID:10756
- C:\Windows\System\LBSGmQM.exe
  C:\Windows\System\LBSGmQM.exe
  2⤵
  PID:10776
- C:\Windows\System\ZHDXIqc.exe
  C:\Windows\System\ZHDXIqc.exe
  2⤵
  PID:10816
- C:\Windows\System\GnTkZHw.exe
  C:\Windows\System\GnTkZHw.exe
  2⤵
  PID:10844
- C:\Windows\System\QMHLMLC.exe
  C:\Windows\System\QMHLMLC.exe
  2⤵
  PID:10868
- C:\Windows\System\CMRKAne.exe
  C:\Windows\System\CMRKAne.exe
  2⤵
  PID:10896
- C:\Windows\System\ifjFTAc.exe
  C:\Windows\System\ifjFTAc.exe
  2⤵
  PID:10928
- C:\Windows\System\FUDjWZG.exe
  C:\Windows\System\FUDjWZG.exe
  2⤵
  PID:10956
- C:\Windows\System\CEiaKBd.exe
  C:\Windows\System\CEiaKBd.exe
  2⤵
  PID:10976
- C:\Windows\System\fahFUuk.exe
  C:\Windows\System\fahFUuk.exe
  2⤵
  PID:11000
- C:\Windows\System\tYyVtlk.exe
  C:\Windows\System\tYyVtlk.exe
  2⤵
  PID:11036
- C:\Windows\System\xNgGryp.exe
  C:\Windows\System\xNgGryp.exe
  2⤵
  PID:11068
- C:\Windows\System\EsLSrhO.exe
  C:\Windows\System\EsLSrhO.exe
  2⤵
  PID:11100
- C:\Windows\System\sfpvGcn.exe
  C:\Windows\System\sfpvGcn.exe
  2⤵
  PID:11124
- C:\Windows\System\CuwllJp.exe
  C:\Windows\System\CuwllJp.exe
  2⤵
  PID:11140
- C:\Windows\System\RnEVEhC.exe
  C:\Windows\System\RnEVEhC.exe
  2⤵
  PID:11164
- C:\Windows\System\lzEpOja.exe
  C:\Windows\System\lzEpOja.exe
  2⤵
  PID:11192
- C:\Windows\System\BmlJekI.exe
  C:\Windows\System\BmlJekI.exe
  2⤵
  PID:11228
- C:\Windows\System\xuuFaIL.exe
  C:\Windows\System\xuuFaIL.exe
  2⤵
  PID:11252
- C:\Windows\System\wcdUlHU.exe
  C:\Windows\System\wcdUlHU.exe
  2⤵
  PID:4336
- C:\Windows\System\KRQnguj.exe
  C:\Windows\System\KRQnguj.exe
  2⤵
  PID:9888
- C:\Windows\System\pwMMSTr.exe
  C:\Windows\System\pwMMSTr.exe
  2⤵
  PID:9180
- C:\Windows\System\jIRUhgQ.exe
  C:\Windows\System\jIRUhgQ.exe
  2⤵
  PID:10312
- C:\Windows\System\zCiwwTZ.exe
  C:\Windows\System\zCiwwTZ.exe
  2⤵
  PID:10272
- C:\Windows\System\YZJRIEZ.exe
  C:\Windows\System\YZJRIEZ.exe
  2⤵
  PID:10424
- C:\Windows\System\JrBPwct.exe
  C:\Windows\System\JrBPwct.exe
  2⤵
  PID:10468
- C:\Windows\System\ZUJRxiZ.exe
  C:\Windows\System\ZUJRxiZ.exe
  2⤵
  PID:10512
- C:\Windows\System\CBUVffU.exe
  C:\Windows\System\CBUVffU.exe
  2⤵
  PID:10580
- C:\Windows\System\ntWJzAB.exe
  C:\Windows\System\ntWJzAB.exe
  2⤵
  PID:10692
- C:\Windows\System\MTzjZLK.exe
  C:\Windows\System\MTzjZLK.exe
  2⤵
  PID:10916
- C:\Windows\System\vfjiFYy.exe
  C:\Windows\System\vfjiFYy.exe
  2⤵
  PID:10944
- C:\Windows\System\qogIvor.exe
  C:\Windows\System\qogIvor.exe
  2⤵
  PID:10888
- C:\Windows\System\iPGBDqP.exe
  C:\Windows\System\iPGBDqP.exe
  2⤵
  PID:11096
- C:\Windows\System\NCLodkb.exe
  C:\Windows\System\NCLodkb.exe
  2⤵
  PID:11152
- C:\Windows\System\eVaWAGr.exe
  C:\Windows\System\eVaWAGr.exe
  2⤵
  PID:11048
- C:\Windows\System\KGknpCZ.exe
  C:\Windows\System\KGknpCZ.exe
  2⤵
  PID:11008
- C:\Windows\System\jdFjpzx.exe
  C:\Windows\System\jdFjpzx.exe
  2⤵
  PID:11084
- C:\Windows\System\YAhzbfX.exe
  C:\Windows\System\YAhzbfX.exe
  2⤵
  PID:10056
- C:\Windows\System\DhhlTNP.exe
  C:\Windows\System\DhhlTNP.exe
  2⤵
  PID:10340
- C:\Windows\System\RzYaZlO.exe
  C:\Windows\System\RzYaZlO.exe
  2⤵
  PID:10668
- C:\Windows\System\gWjwNKZ.exe
  C:\Windows\System\gWjwNKZ.exe
  2⤵
  PID:10588
- C:\Windows\System\pXjnCio.exe
  C:\Windows\System\pXjnCio.exe
  2⤵
  PID:10380
- C:\Windows\System\HkhSyCB.exe
  C:\Windows\System\HkhSyCB.exe
  2⤵
  PID:11292
- C:\Windows\System\DVsKSyU.exe
  C:\Windows\System\DVsKSyU.exe
  2⤵
  PID:11312
- C:\Windows\System\HmEhrCv.exe
  C:\Windows\System\HmEhrCv.exe
  2⤵
  PID:11352
- C:\Windows\System\FRTMhgH.exe
  C:\Windows\System\FRTMhgH.exe
  2⤵
  PID:11372
- C:\Windows\System\ZRvgCPF.exe
  C:\Windows\System\ZRvgCPF.exe
  2⤵
  PID:11404
- C:\Windows\System\BqJjrIk.exe
  C:\Windows\System\BqJjrIk.exe
  2⤵
  PID:11432
- C:\Windows\System\tlAihDj.exe
  C:\Windows\System\tlAihDj.exe
  2⤵
  PID:11448
- C:\Windows\System\AUHHMFI.exe
  C:\Windows\System\AUHHMFI.exe
  2⤵
  PID:11472
- C:\Windows\System\tySpezz.exe
  C:\Windows\System\tySpezz.exe
  2⤵
  PID:11500
- C:\Windows\System\FWjpedY.exe
  C:\Windows\System\FWjpedY.exe
  2⤵
  PID:11524
- C:\Windows\System\jeQiwSP.exe
  C:\Windows\System\jeQiwSP.exe
  2⤵
  PID:11540
- C:\Windows\System\wnKlzON.exe
  C:\Windows\System\wnKlzON.exe
  2⤵
  PID:11564
- C:\Windows\System\kyrfWyb.exe
  C:\Windows\System\kyrfWyb.exe
  2⤵
  PID:11592
- C:\Windows\System\NLgjLyu.exe
  C:\Windows\System\NLgjLyu.exe
  2⤵
  PID:11624
- C:\Windows\System\VgItdKf.exe
  C:\Windows\System\VgItdKf.exe
  2⤵
  PID:11656
- C:\Windows\System\cqofcmc.exe
  C:\Windows\System\cqofcmc.exe
  2⤵
  PID:11676
- C:\Windows\System\cbxThCI.exe
  C:\Windows\System\cbxThCI.exe
  2⤵
  PID:11708
- C:\Windows\System\yXTUfuR.exe
  C:\Windows\System\yXTUfuR.exe
  2⤵
  PID:11736
- C:\Windows\System\qumuDzM.exe
  C:\Windows\System\qumuDzM.exe
  2⤵
  PID:11756
- C:\Windows\System\rQUkEep.exe
  C:\Windows\System\rQUkEep.exe
  2⤵
  PID:11776
- C:\Windows\System\rYmwcSO.exe
  C:\Windows\System\rYmwcSO.exe
  2⤵
  PID:11800
- C:\Windows\System\dcYVTQS.exe
  C:\Windows\System\dcYVTQS.exe
  2⤵
  PID:11832
- C:\Windows\System\ecLPfwQ.exe
  C:\Windows\System\ecLPfwQ.exe
  2⤵
  PID:11852
- C:\Windows\System\Irxawee.exe
  C:\Windows\System\Irxawee.exe
  2⤵
  PID:11868
- C:\Windows\System\TYomuBw.exe
  C:\Windows\System\TYomuBw.exe
  2⤵
  PID:11896
- C:\Windows\System\lqonwfD.exe
  C:\Windows\System\lqonwfD.exe
  2⤵
  PID:11928
- C:\Windows\System\YxpYuRF.exe
  C:\Windows\System\YxpYuRF.exe
  2⤵
  PID:11948
- C:\Windows\System\CBRcpsy.exe
  C:\Windows\System\CBRcpsy.exe
  2⤵
  PID:11964
- C:\Windows\System\xYnYaIH.exe
  C:\Windows\System\xYnYaIH.exe
  2⤵
  PID:11996
- C:\Windows\System\AXZONER.exe
  C:\Windows\System\AXZONER.exe
  2⤵
  PID:12024
- C:\Windows\System\VQbRKvD.exe
  C:\Windows\System\VQbRKvD.exe
  2⤵
  PID:12056
- C:\Windows\System\vrulfnH.exe
  C:\Windows\System\vrulfnH.exe
  2⤵
  PID:12084
- C:\Windows\System\Nfptnzp.exe
  C:\Windows\System\Nfptnzp.exe
  2⤵
  PID:12112
- C:\Windows\System\UbbVaxA.exe
  C:\Windows\System\UbbVaxA.exe
  2⤵
  PID:12140
- C:\Windows\System\zlyoeDg.exe
  C:\Windows\System\zlyoeDg.exe
  2⤵
  PID:12164
- C:\Windows\System\JzXkCBo.exe
  C:\Windows\System\JzXkCBo.exe
  2⤵
  PID:12184
- C:\Windows\System\feYxUcL.exe
  C:\Windows\System\feYxUcL.exe
  2⤵
  PID:12208
- C:\Windows\System\sXXMppZ.exe
  C:\Windows\System\sXXMppZ.exe
  2⤵
  PID:12240
- C:\Windows\System\DPuLDaE.exe
  C:\Windows\System\DPuLDaE.exe
  2⤵
  PID:12264
- C:\Windows\System\OwYQzeR.exe
  C:\Windows\System\OwYQzeR.exe
  2⤵
  PID:10836
- C:\Windows\System\jRUOPae.exe
  C:\Windows\System\jRUOPae.exe
  2⤵
  PID:10400
- C:\Windows\System\inSxJfg.exe
  C:\Windows\System\inSxJfg.exe
  2⤵
  PID:10992
- C:\Windows\System\TLvArCl.exe
  C:\Windows\System\TLvArCl.exe
  2⤵
  PID:10656
- C:\Windows\System\wKShclc.exe
  C:\Windows\System\wKShclc.exe
  2⤵
  PID:11344
- C:\Windows\System\kbgUhrg.exe
  C:\Windows\System\kbgUhrg.exe
  2⤵
  PID:10652
- C:\Windows\System\yjlkWpH.exe
  C:\Windows\System\yjlkWpH.exe
  2⤵
  PID:10744
- C:\Windows\System\QlgfRyA.exe
  C:\Windows\System\QlgfRyA.exe
  2⤵
  PID:11400
- C:\Windows\System\tTlFhDp.exe
  C:\Windows\System\tTlFhDp.exe
  2⤵
  PID:11572
- C:\Windows\System\iaSczTG.exe
  C:\Windows\System\iaSczTG.exe
  2⤵
  PID:11444
- C:\Windows\System\cGjbWCq.exe
  C:\Windows\System\cGjbWCq.exe
  2⤵
  PID:11300
- C:\Windows\System\LhByMCy.exe
  C:\Windows\System\LhByMCy.exe
  2⤵
  PID:11620
- C:\Windows\System\HkSqmgn.exe
  C:\Windows\System\HkSqmgn.exe
  2⤵
  PID:11944
- C:\Windows\System\HKqwNbx.exe
  C:\Windows\System\HKqwNbx.exe
  2⤵
  PID:12048
- C:\Windows\System\iwGZgUr.exe
  C:\Windows\System\iwGZgUr.exe
  2⤵
  PID:11644
- C:\Windows\System\dJgVIYc.exe
  C:\Windows\System\dJgVIYc.exe
  2⤵
  PID:11672
- C:\Windows\System\cOZhbdl.exe
  C:\Windows\System\cOZhbdl.exe
  2⤵
  PID:11904
- C:\Windows\System\jtWzmZH.exe
  C:\Windows\System\jtWzmZH.exe
  2⤵
  PID:11728
- C:\Windows\System\ipicNLZ.exe
  C:\Windows\System\ipicNLZ.exe
  2⤵
  PID:11748
- C:\Windows\System\MqnSZiJ.exe
  C:\Windows\System\MqnSZiJ.exe
  2⤵
  PID:12020
- C:\Windows\System\UUleJMb.exe
  C:\Windows\System\UUleJMb.exe
  2⤵
  PID:10628
- C:\Windows\System\woHkpVS.exe
  C:\Windows\System\woHkpVS.exe
  2⤵
  PID:10684
- C:\Windows\System\GhuGgUa.exe
  C:\Windows\System\GhuGgUa.exe
  2⤵
  PID:11636
- C:\Windows\System\YKaiTKu.exe
  C:\Windows\System\YKaiTKu.exe
  2⤵
  PID:12012
- C:\Windows\System\KYMKDXJ.exe
  C:\Windows\System\KYMKDXJ.exe
  2⤵
  PID:12092
- C:\Windows\System\IEuaCCU.exe
  C:\Windows\System\IEuaCCU.exe
  2⤵
  PID:11088
- C:\Windows\System\YoBldru.exe
  C:\Windows\System\YoBldru.exe
  2⤵
  PID:12068
- C:\Windows\System\UxxUtaN.exe
  C:\Windows\System\UxxUtaN.exe
  2⤵
  PID:11892
- C:\Windows\System\IiKgzDO.exe
  C:\Windows\System\IiKgzDO.exe
  2⤵
  PID:12296
- C:\Windows\System\GRzaavN.exe
  C:\Windows\System\GRzaavN.exe
  2⤵
  PID:12320
- C:\Windows\System\BCuyzad.exe
  C:\Windows\System\BCuyzad.exe
  2⤵
  PID:12348
- C:\Windows\System\WnFuKtd.exe
  C:\Windows\System\WnFuKtd.exe
  2⤵
  PID:12380
- C:\Windows\System\HksHYqR.exe
  C:\Windows\System\HksHYqR.exe
  2⤵
  PID:12400
- C:\Windows\System\SgkHQJK.exe
  C:\Windows\System\SgkHQJK.exe
  2⤵
  PID:12436
- C:\Windows\System\MoQILJi.exe
  C:\Windows\System\MoQILJi.exe
  2⤵
  PID:12464
- C:\Windows\System\YwshEaf.exe
  C:\Windows\System\YwshEaf.exe
  2⤵
  PID:12484
- C:\Windows\System\NEgwOcr.exe
  C:\Windows\System\NEgwOcr.exe
  2⤵
  PID:12528
- C:\Windows\System\rPsYFHm.exe
  C:\Windows\System\rPsYFHm.exe
  2⤵
  PID:12552
- C:\Windows\System\vbbRGgA.exe
  C:\Windows\System\vbbRGgA.exe
  2⤵
  PID:12572
- C:\Windows\System\mkcCbOs.exe
  C:\Windows\System\mkcCbOs.exe
  2⤵
  PID:12596
- C:\Windows\System\zxoUObL.exe
  C:\Windows\System\zxoUObL.exe
  2⤵
  PID:12628
- C:\Windows\System\DuvuBhY.exe
  C:\Windows\System\DuvuBhY.exe
  2⤵
  PID:12844
- C:\Windows\System\nrAqMoW.exe
  C:\Windows\System\nrAqMoW.exe
  2⤵
  PID:12868
- C:\Windows\System\DQkTnBV.exe
  C:\Windows\System\DQkTnBV.exe
  2⤵
  PID:12908
- C:\Windows\System\TlBXCVA.exe
  C:\Windows\System\TlBXCVA.exe
  2⤵
  PID:12932
- C:\Windows\System\nnuPkxb.exe
  C:\Windows\System\nnuPkxb.exe
  2⤵
  PID:12960
- C:\Windows\System\iMmyXac.exe
  C:\Windows\System\iMmyXac.exe
  2⤵
  PID:13004
- C:\Windows\System\MkRMbtt.exe
  C:\Windows\System\MkRMbtt.exe
  2⤵
  PID:13036
- C:\Windows\System\NOZfpdn.exe
  C:\Windows\System\NOZfpdn.exe
  2⤵
  PID:13064
- C:\Windows\System\TzwMpIU.exe
  C:\Windows\System\TzwMpIU.exe
  2⤵
  PID:13092
- C:\Windows\System\gKOSGFU.exe
  C:\Windows\System\gKOSGFU.exe
  2⤵
  PID:13124
- C:\Windows\System\VdUNjJO.exe
  C:\Windows\System\VdUNjJO.exe
  2⤵
  PID:13160
- C:\Windows\System\cksZCRO.exe
  C:\Windows\System\cksZCRO.exe
  2⤵
  PID:13200
- C:\Windows\System\ARIUHjk.exe
  C:\Windows\System\ARIUHjk.exe
  2⤵
  PID:13220
- C:\Windows\System\UMibpWl.exe
  C:\Windows\System\UMibpWl.exe
  2⤵
  PID:13248
- C:\Windows\System\pVQmeJa.exe
  C:\Windows\System\pVQmeJa.exe
  2⤵
  PID:13280
- C:\Windows\System\cEXOgMx.exe
  C:\Windows\System\cEXOgMx.exe
  2⤵
  PID:13304
- C:\Windows\System\fLLFMbW.exe
  C:\Windows\System\fLLFMbW.exe
  2⤵
  PID:11132
- C:\Windows\System\fgaQABG.exe
  C:\Windows\System\fgaQABG.exe
  2⤵
  PID:12284
- C:\Windows\System\nxSPbni.exe
  C:\Windows\System\nxSPbni.exe
  2⤵
  PID:12128
- C:\Windows\System\BurEylt.exe
  C:\Windows\System\BurEylt.exe
  2⤵
  PID:11492
- C:\Windows\System\ACIpoBA.exe
  C:\Windows\System\ACIpoBA.exe
  2⤵
  PID:12292
- C:\Windows\System\SYmeTBd.exe
  C:\Windows\System\SYmeTBd.exe
  2⤵
  PID:11984
- C:\Windows\System\boakpYW.exe
  C:\Windows\System\boakpYW.exe
  2⤵
  PID:12364
- C:\Windows\System\nnYkOOa.exe
  C:\Windows\System\nnYkOOa.exe
  2⤵
  PID:12456
- C:\Windows\System\bPNWxEq.exe
  C:\Windows\System\bPNWxEq.exe
  2⤵
  PID:12984
- C:\Windows\System\VFvKIgo.exe
  C:\Windows\System\VFvKIgo.exe
  2⤵
  PID:13048
- C:\Windows\System\RQkOTPL.exe
  C:\Windows\System\RQkOTPL.exe
  2⤵
  PID:12876
- C:\Windows\System\odUqnXy.exe
  C:\Windows\System\odUqnXy.exe
  2⤵
  PID:12920
- C:\Windows\System\tmHJXHW.exe
  C:\Windows\System\tmHJXHW.exe
  2⤵
  PID:13140
- C:\Windows\System\qbjXlzS.exe
  C:\Windows\System\qbjXlzS.exe
  2⤵
  PID:13000
- C:\Windows\System\NhePxAX.exe
  C:\Windows\System\NhePxAX.exe
  2⤵
  PID:12100
- C:\Windows\System\seOIYYB.exe
  C:\Windows\System\seOIYYB.exe
  2⤵
  PID:13272
- C:\Windows\System\qWDHJYg.exe
  C:\Windows\System\qWDHJYg.exe
  2⤵
  PID:12236
- C:\Windows\System\Xwneyjv.exe
  C:\Windows\System\Xwneyjv.exe
  2⤵
  PID:10812
- C:\Windows\System\yaazkmu.exe
  C:\Windows\System\yaazkmu.exe
  2⤵
  PID:12664
- C:\Windows\System\gdVlGVB.exe
  C:\Windows\System\gdVlGVB.exe
  2⤵
  PID:12340
- C:\Windows\System\XhqWroE.exe
  C:\Windows\System\XhqWroE.exe
  2⤵
  PID:12676
- C:\Windows\System\VVaaCwD.exe
  C:\Windows\System\VVaaCwD.exe
  2⤵
  PID:12800
- C:\Windows\System\uZmEoMO.exe
  C:\Windows\System\uZmEoMO.exe
  2⤵
  PID:13120
- C:\Windows\System\zKbuPnN.exe
  C:\Windows\System\zKbuPnN.exe
  2⤵
  PID:13084
- C:\Windows\System\aiqiFso.exe
  C:\Windows\System\aiqiFso.exe
  2⤵
  PID:12972
- C:\Windows\System\FAQSHRw.exe
  C:\Windows\System\FAQSHRw.exe
  2⤵
  PID:13016
- C:\Windows\System\wqvJrSI.exe
  C:\Windows\System\wqvJrSI.exe
  2⤵
  PID:13292
- C:\Windows\System\ZFjMuYE.exe
  C:\Windows\System\ZFjMuYE.exe
  2⤵
  PID:12692
- C:\Windows\System\ZfWMlOr.exe
  C:\Windows\System\ZfWMlOr.exe
  2⤵
  PID:12040
- C:\Windows\System\BYvJMmK.exe
  C:\Windows\System\BYvJMmK.exe
  2⤵
  PID:13052
- C:\Windows\System\VcwbaZM.exe
  C:\Windows\System\VcwbaZM.exe
  2⤵
  PID:13332
- C:\Windows\System\aQqxFOI.exe
  C:\Windows\System\aQqxFOI.exe
  2⤵
  PID:13356
- C:\Windows\System\rxCFGMQ.exe
  C:\Windows\System\rxCFGMQ.exe
  2⤵
  PID:13380
- C:\Windows\System\sXjhhvY.exe
  C:\Windows\System\sXjhhvY.exe
  2⤵
  PID:13404
- C:\Windows\System\ynUCRJG.exe
  C:\Windows\System\ynUCRJG.exe
  2⤵
  PID:13428
- C:\Windows\System\lVYryNO.exe
  C:\Windows\System\lVYryNO.exe
  2⤵
  PID:13452
- C:\Windows\System\XBscbZr.exe
  C:\Windows\System\XBscbZr.exe
  2⤵
  PID:13476
- C:\Windows\System\PxKTrfs.exe
  C:\Windows\System\PxKTrfs.exe
  2⤵
  PID:13500
- C:\Windows\System\mMVQkWA.exe
  C:\Windows\System\mMVQkWA.exe
  2⤵
  PID:13528
- C:\Windows\System\KsccaZY.exe
  C:\Windows\System\KsccaZY.exe
  2⤵
  PID:13548
- C:\Windows\System\GYYQOuS.exe
  C:\Windows\System\GYYQOuS.exe
  2⤵
  PID:13576
- C:\Windows\System\mKiAHzj.exe
  C:\Windows\System\mKiAHzj.exe
  2⤵
  PID:13600
- C:\Windows\System\mRUJxcN.exe
  C:\Windows\System\mRUJxcN.exe
  2⤵
  PID:13620
- C:\Windows\System\lCpOgSt.exe
  C:\Windows\System\lCpOgSt.exe
  2⤵
  PID:13644
- C:\Windows\System\SQlBaXs.exe
  C:\Windows\System\SQlBaXs.exe
  2⤵
  PID:13672
- C:\Windows\System\blJFkNU.exe
  C:\Windows\System\blJFkNU.exe
  2⤵
  PID:13692
- C:\Windows\System\hBMdqta.exe
  C:\Windows\System\hBMdqta.exe
  2⤵
  PID:13724
- C:\Windows\System\nZexadw.exe
  C:\Windows\System\nZexadw.exe
  2⤵
  PID:13744
- C:\Windows\System\rfdLpfp.exe
  C:\Windows\System\rfdLpfp.exe
  2⤵
  PID:13764
- C:\Windows\System\gCKVPDH.exe
  C:\Windows\System\gCKVPDH.exe
  2⤵
  PID:13784
- C:\Windows\System\lujdSwZ.exe
  C:\Windows\System\lujdSwZ.exe
  2⤵
  PID:13804
- C:\Windows\System\WQlwRDd.exe
  C:\Windows\System\WQlwRDd.exe
  2⤵
  PID:13832
- C:\Windows\System\HOeMrfQ.exe
  C:\Windows\System\HOeMrfQ.exe
  2⤵
  PID:13852
- C:\Windows\System\uWMKHXL.exe
  C:\Windows\System\uWMKHXL.exe
  2⤵
  PID:13876
- C:\Windows\System\MDOAIKw.exe
  C:\Windows\System\MDOAIKw.exe
  2⤵
  PID:13900
- C:\Windows\System\GwrtwSs.exe
  C:\Windows\System\GwrtwSs.exe
  2⤵
  PID:13924
- C:\Windows\System\xTwRzyK.exe
  C:\Windows\System\xTwRzyK.exe
  2⤵
  PID:13968
- C:\Windows\System\EclaRoV.exe
  C:\Windows\System\EclaRoV.exe
  2⤵
  PID:13988
- C:\Windows\System\utQnCGS.exe
  C:\Windows\System\utQnCGS.exe
  2⤵
  PID:14032
- C:\Windows\System\ZMuwMys.exe
  C:\Windows\System\ZMuwMys.exe
  2⤵
  PID:14064
- C:\Windows\System\jCyErvd.exe
  C:\Windows\System\jCyErvd.exe
  2⤵
  PID:14084
- C:\Windows\System\uuHblQp.exe
  C:\Windows\System\uuHblQp.exe
  2⤵
  PID:14124
- C:\Windows\System\zsXXWHT.exe
  C:\Windows\System\zsXXWHT.exe
  2⤵
  PID:14148
- C:\Windows\System\EQyTUoW.exe
  C:\Windows\System\EQyTUoW.exe
  2⤵
  PID:14168
- C:\Windows\System\bGpjCwN.exe
  C:\Windows\System\bGpjCwN.exe
  2⤵
  PID:14192
- C:\Windows\System\dBfoYng.exe
  C:\Windows\System\dBfoYng.exe
  2⤵
  PID:14216
- C:\Windows\System\iFDSCke.exe
  C:\Windows\System\iFDSCke.exe
  2⤵
  PID:14240
- C:\Windows\System\bqryaak.exe
  C:\Windows\System\bqryaak.exe
  2⤵
  PID:14264
- C:\Windows\System\FFyVzIA.exe
  C:\Windows\System\FFyVzIA.exe
  2⤵
  PID:14284
- C:\Windows\System\pozKVwK.exe
  C:\Windows\System\pozKVwK.exe
  2⤵
  PID:14304
- C:\Windows\System\CTakixG.exe
  C:\Windows\System\CTakixG.exe
  2⤵
  PID:14328
- C:\Windows\System\UJSFUzl.exe
  C:\Windows\System\UJSFUzl.exe
  2⤵
  PID:13320
- C:\Windows\System\mVFsTRD.exe
  C:\Windows\System\mVFsTRD.exe
  2⤵
  PID:12272
- C:\Windows\System\jHBkJHW.exe
  C:\Windows\System\jHBkJHW.exe
  2⤵
  PID:13416
- C:\Windows\System\DRtQKKf.exe
  C:\Windows\System\DRtQKKf.exe
  2⤵
  PID:13448
- C:\Windows\System\TUoRBir.exe
  C:\Windows\System\TUoRBir.exe
  2⤵
  PID:14156
- C:\Windows\System\kRpwHkD.exe
  C:\Windows\System\kRpwHkD.exe
  2⤵
  PID:12604
- C:\Windows\System\eHObMis.exe
  C:\Windows\System\eHObMis.exe
  2⤵
  PID:13496
- C:\Windows\System\GnDZAnq.exe
  C:\Windows\System\GnDZAnq.exe
  2⤵
  PID:13844

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DBLcfAI.exe

Filesize
2.0MB

MD5
72ff1a22dc10ebf6c91847a31190f216

SHA1
6378197dcf5ceb625942d929fbc5a697f8dd8abe

SHA256
6a09d0d6fdf3cc008ea1adf473f5fcc250f30672b119552cadbfb63c504f9dd3

SHA512
01faefce087012e673b135422834b3ac7dbc19057b66514e2eab276dd29cde45970750785268506862051fb1afd3528cd852fb12795ed055e19b4a19230b2cb9

Download Submit
C:\Windows\System\GffUkeW.exe

Filesize
2.0MB

MD5
8480fd7e735479bf398c4f96a2e68e13

SHA1
a423f0916d0c0d769a60fe681759f9ddfd0af7d5

SHA256
3db5f855e0cbdc3ab2ac6f701a4e7fc56b40b523d8b66fd0d9e444afa39f088b

SHA512
1e0fd6ad8450b8bbc72f25ae3286083cab32afc3086b1fca6ad9a4ef8a4f8780c82445230ba3614728da9c43ebf2e8749f2409e6bd0647dbf4b61c032fc17dc8

Download Submit
C:\Windows\System\HMPPjhZ.exe

Filesize
2.0MB

MD5
0a9291d3fff573165c907b53de141a6b

SHA1
71eb7c41a92900b65f0a1e77c86c930d101b4cb2

SHA256
227b6e57b7603f2e6297a08cac86c15daa3d61a3d9e238abcccf3b1f00e011a0

SHA512
5fad9dda055f585bdbcf5158e27eae829cc4ec8ed950e32d617c4b749931ff12425e03d5b3a92d60a1a0b083d3f16d8babe16219b3f3ca59b31042f1ded4bb3c

Download Submit
C:\Windows\System\IbbBgik.exe

Filesize
2.0MB

MD5
20c6bc4acc836f31dd7b8520b933ec6f

SHA1
b4fb575f75df63850aec98b8ecfa69148b664c11

SHA256
768045ccc780238f27889411c01a2323b1b4c020ad22818c823a59458794eb62

SHA512
552c72c2e722926e4d3b849aa4396fd2477600da6f6f50fd8729c746a8fe4e1563d2ef8eee6f64c4291d521d09ebb53b973bb183c0e05bc0f45a544adac1acae

Download Submit
C:\Windows\System\ImrwJFU.exe

Filesize
2.0MB

MD5
d76af4298aaf89005db98d08e772e37a

SHA1
f3a967169c41e3c2163bdf9c60179b0570e5ad9d

SHA256
32f930655bd16a2614ae6283596e7e7918f6d5bd1e8c4bdbd81b4e1f903f5eee

SHA512
225260964d1dd579322edd10bae4f8063ca1cf4d3db4c9e3af8eaba7f1a194372d8a43df44d7546be62bb70bac37c0788a930ddbe66e5199b70dd1584851177f

Download Submit
C:\Windows\System\JpGRtXp.exe

Filesize
2.0MB

MD5
4c5589293b322afcfb57281a68f27794

SHA1
4c530c8902d9581c6d8902f23388dc728122dad9

SHA256
6e1c8b7953c8a496b6293641f8593058f1f61a6c9852efd348d9c4337e607bf9

SHA512
50c17b33d32c221818af37863852e973575337020ebc1e9498655f945316fc172360ab36629dd9158418cf2c0df94c5c1747f592a394663aa339d6e0996728d8

Download Submit
C:\Windows\System\PgalUPF.exe

Filesize
2.0MB

MD5
7d13a08876aefc688a6286a65a177390

SHA1
75e7966f1ff1280af79c82d1b87f2fbcc713e335

SHA256
41b59ee2ee0c68fcc668bf78baa72b49ab446084e9874b8a4af1a781a7a8c591

SHA512
8b433662c5bbfab72d7aaf01daecbb42a2b2137a7291186d99d8bb1e3b3590bd2d7fd512e13fcab0803cc70a2f6f853377d60acfa8b2c4fd31b2f8418947e933

Download Submit
C:\Windows\System\QTjtRSO.exe

Filesize
2.0MB

MD5
99ca8ef1a7d87dcff4deb8726d06e808

SHA1
f37bcf1e762d14a23a2ce747bbb232c2984a8d69

SHA256
3d2a88a8a1ed946635d378a33bc6d3d8b798c852b09cafccf155e3a9dd0a86f2

SHA512
556058f42a9c12798e05ca2e3d94777deb3b4397e3cefd98e5e6ecf64b1c2df687257524f115adcc3fc73d5bddde8590f0f7bc6f1c70b8dfb8701b72eea9b3bb

Download Submit
C:\Windows\System\TFQyEnB.exe

Filesize
2.0MB

MD5
3623de26c5f98aff3ca08b8ba3f0a096

SHA1
bdbd1124909021785eff4efb4d23146dbe65e48c

SHA256
2d63e79c5f36d2b8682b1b8eb038afa4abc8c09928bd1e4f04e7e7f5ab2f5a1e

SHA512
294200e20f12a018b1fe6e92ce852fa10a935e2574608848123370799857ce3b5b2cf1a90f3d7a9775e314533a0ab39d0558b8c519705242f7eb11240f38a10e

Download Submit
C:\Windows\System\TjCSgCV.exe

Filesize
2.0MB

MD5
9b9567f099d6dbd4f53a3d1aac8a67b5

SHA1
4452d1b37625cc9bb29f8cf651a5c2bc5a5ad003

SHA256
47605f6cc170a572125132908f96ca54b44bf29fe986b382545ed1c888e10c2a

SHA512
318e59d958ffb6599b2d2415ee392e0a450d97c6d7e124e967db0315902bca8d14785e6804ad8b3e73a20434cc7a94aeba7beac4cef8c684f2f7d5cba9d36f3d

Download Submit
C:\Windows\System\UGRBtZk.exe

Filesize
2.0MB

MD5
d9991a548df089f5f18c417258dffe58

SHA1
59c93dfa132d698a80d2466fb97b36363e15fafb

SHA256
c160bde4d8a67f77f14d36dd3db57513fb9138348f6d3d52e6bcd7b3b0066d91

SHA512
5d23be878e3506f51d14437149815ebe8f2527a43a0a9ac00e9bfa3b716c354e96a2bf7afcefa1accb2053b1b8a7e7c29b884172404d6f23aaaae5cfb6d0bd8f

Download Submit
C:\Windows\System\Ugvtmqp.exe

Filesize
2.0MB

MD5
a1aa9e37d0ba2baaabe83545f38a2b25

SHA1
074b622f4421bd88d5cb86d4f9a20255f07cd120

SHA256
3731fe7ab32869e32b0c40716c9e2eb4bd23861dab7279764692ae0449b9bbff

SHA512
dfd04400b243b509773786e55dcd840a0bfce65621af9df8b07b7707a20a973fb2253e3ec8a9c7764cfa182b5db3bdeb36387319d6bbaf454432e1b2f7710ecd

Download Submit
C:\Windows\System\VUkaAWR.exe

Filesize
2.0MB

MD5
42577a94aafc8ce49148dc16a23b8a06

SHA1
fe7bb1da8adf352e700a25aa60ac6659cddfe58b

SHA256
bcf4cf2478ca59d3861434f45ab8769a907ed971703ea26d86fbd1b8351d12c0

SHA512
c6fdfe7a8d0d4c6ed441561d2135d8ffdf8c46e287ab349718566d485ddd2173e4dcc614f3f386dbe8fdeac22f13d4d4f4659050fe7dff064b0e7256d0478708

Download Submit
C:\Windows\System\WUpyKeF.exe

Filesize
2.0MB

MD5
fc0e5a278e43930b51d0412c0a4ecbc9

SHA1
d953344bf9d421268c4bf0f346d14bc1c0d36085

SHA256
c9005af7c83ac5824d16c37fa51e35a9cdba6d1638d4682d1cb2714628a2ba68

SHA512
f75d01ba9f44112baedf0dbffc02be13982fd0fdfe6c63e5562980231f65abfa5397dbf6259a2de22bdfa955b6c86c0a6463eaa112576533c446cbaa4bf933c7

Download Submit
C:\Windows\System\WeRwXnM.exe

Filesize
2.0MB

MD5
6652a03cd585db2d4e27e585d2f786a1

SHA1
ba268f8bf91f10b00f7807fceba7211422f06b9f

SHA256
bbefab55a06cad11693a3a228acf1fc35bca09edfb47ead36113df9a30e18a47

SHA512
9e894272a498d9cc25b67fd50ef4685f486b33231625d5a7e61785e07a7fa66b68ba6486d836f4129513e8d7e19796f255a94bedf35338764fafa4636d81c52c

Download Submit
C:\Windows\System\YRszRcD.exe

Filesize
2.0MB

MD5
ce05ab0cad9daa2578793c331f14c6ba

SHA1
9bfd03642212fed2ba5bbb2c6424cd724f4c2a15

SHA256
e3900fcd73295713bb87fe61f94231b44408818b282e082bf57dae9d2ea7497f

SHA512
4031c2645d5c147aa8ebbecdb90c186cbe898c794d5e7b38f015779b52232d2eb3dbd12ca27f467bd9ac2d4f847e61a107b1712138de8d9317186365873911d4

Download Submit
C:\Windows\System\ZRjJzMX.exe

Filesize
2.0MB

MD5
62277ea5f4971c9f18d21136e15a729c

SHA1
5a131c71c1f2917cbbffb899649bdc8f0d87cdb5

SHA256
91b47af0391953687b9ff6d06be7dcefe11794002913a08b52e2f7a5adacb315

SHA512
794636a05d982a2fe8b4cbf9bbfee75f2cd832f9aa4517740c011f232295ed2a815f5b1f02ac712718bce2fee8299a6793359515433ca9e00e28ab7cdd784201

Download Submit
C:\Windows\System\aVVhWuU.exe

Filesize
2.0MB

MD5
aaa2f53e4e9ac3139109a7a61e47a409

SHA1
336ccd1b3b0f81ca16388fc794779e44b468c34f

SHA256
de7ab5b7cb7e86bf98bfc7ad06b69292f446cf60b10c61d5bc903d56b836dd0e

SHA512
87b322f6a0be6faa0db38f39fba2bb39c7ea0f91399042159a86aa7a518c2c6330c4685f7d350ff8daa5ba888983b6ff9960222389ecca4245fad49a7290d9f3

Download Submit
C:\Windows\System\bRmAmEg.exe

Filesize
2.0MB

MD5
eab22f726de27d80f2eff5509727685c

SHA1
a192be8740177eda36fcc3451b70c9243907a084

SHA256
82a7768e0a4c9894559302d0b8ed98433bcac2a518d2d8f4d8f5251daa29376d

SHA512
93146ea495564899a0ca09616de1792aad9ae0bf4edf733aab6485ec93f87999f128ef00a514f2282af2b42ddf48ddb45ff32f80b2b48b70f6a6403345f4c686

Download Submit
C:\Windows\System\ecMCjqi.exe

Filesize
2.0MB

MD5
dfe5c821542643270bd6cd74b90a9df6

SHA1
7c140d078f12f07b127a9487edd84451d4ddd41e

SHA256
395c28145b1c46e7ab526ca6f6bc6d4fcda8181ff6c800c35d79f7c449c40a31

SHA512
8aa0c9c33069e772c84af03bcdaafdd2ffde2d1a98f9cb9e3b8f625a7ea8a4b67093489a56a7f2411bd67d587a8a4502f20da5a6d97c449e0c16ecb66bf7e588

Download Submit
C:\Windows\System\eciKhZc.exe

Filesize
2.0MB

MD5
c002bcf800beeb7e472831f59b303083

SHA1
ab22b57ae34a2c77889e06b8c4c567a1e4cd3443

SHA256
ccf7826dbd00230632cc6b6479b3784a826d39369d68c0a8246b9e3218f04405

SHA512
aaba5c2bbfef5134dccbb6ba38fb89f9984da5d1463bfab0a5a0fda4c85e4f7944f35faa8693a45d630f95e920f3beaca057402aff8507e8649239a431f779e6

Download Submit
C:\Windows\System\fDUPZks.exe

Filesize
2.0MB

MD5
f8372349977b2aad3e4376aa6e5842dc

SHA1
f9c15867ab734a0cb194c53f9a9994103a13c86a

SHA256
3882e7aae74fe0c6d115aade773dbd260830b3e6a681a6b23bb59501c78bc486

SHA512
e049fa8d81230b52d03a792b166aa8ac56949bcc0a9015b5cc3a0145382281e7ce83f9e63e332ae3dae74a61d7d06b29c9bdd7116e4f438baff1a152b52dad04

Download Submit
C:\Windows\System\gSFwLcN.exe

Filesize
2.0MB

MD5
a64e9dc73ed6427dd388618130ab483c

SHA1
a4caa1ea951fb27cdcaae9c4d348e6a4d81e0c29

SHA256
2eafa23d58c5528d9e47db49c1f4b496ab1653de493c12e0a20c7445950ee957

SHA512
8358e041bc4eca42abaf3c4fd162effe9630914556d740037adbcec51dd040cfaef72bcd602fdc95a0342ebdc7d6a1f25c64d7a2be7b999937b4eb07e714f92c

Download Submit
C:\Windows\System\keGBUFr.exe

Filesize
2.0MB

MD5
ab7512142f89c98e2394ba0bc05a62f3

SHA1
5f9300064879b7062b61bea7dacbf5e2c790bdd9

SHA256
feeb5d56cfbf1309ca5ca0a517ef1de303fcef50a7b303be0b81914c25f970bd

SHA512
21415555f7a5098419299de64e12a32f5beb854911f9a9d5615939761bbd1432c879e1a7a45a95b9e4badb47265d8353ae276321c404cd924e92621d678ba5f0

Download Submit
C:\Windows\System\lBwlHlg.exe

Filesize
2.0MB

MD5
85d10e102fb777a7670c857e4a50a901

SHA1
4f99670125bda7f795bb78d3af6405c410a37d88

SHA256
206846b85089a51cd6e03364dc0acfab5d989596f2f28e41f3ee7bb458a0d3e5

SHA512
74c91dc054dcda31e5cf6cfe5137be6a3a473953e2ad3c98f65134cc4609d84c935b7061dee91bd74c47928b6eae362d0c9efb5062635ea0806dda509d869c5c

Download Submit
C:\Windows\System\mDNMoQx.exe

Filesize
2.0MB

MD5
c174d4090e355e22957a65ee8d5f6ae0

SHA1
7e0fff71156cad3e7d8141df82d7445cc6518615

SHA256
46a8e3b9114ebdfeac733c3ef84fa4a7b5264ebf26e210de2746fb6030689a4f

SHA512
4f015e3be31c22085ebaddd0d2d7a16f87c74f33ef5099ec4714982c0f573c22db3ca05513d9448643ba801034db742753f4ef54fd9161a9b0ce2a8cf49725ce

Download Submit
C:\Windows\System\mehpgtI.exe

Filesize
2.0MB

MD5
81a8eaa2491f9597046674f68c130d0c

SHA1
e1d30a4321c26ebaef92c945bf6844aba0722986

SHA256
35acaf0c729926f548bf02b9513f81194560f2ccba2517774c29be770d787d16

SHA512
4476a5c4bf87f027223221c12ef55106f9299e767d06655ba148dc0a4322ef84149a3cc4029ee623b88414f0c6aa96465e2073549d8f342d270e8d27dd940965

Download Submit
C:\Windows\System\nwENPWy.exe

Filesize
2.0MB

MD5
0b305c101b8eedca91b7624b889c68ee

SHA1
3800abaeef15d5dee92f4918346d24aac85100b6

SHA256
b0646ebf72386b982d1ce9bf050033e962a7b96284393b45eda50c862863d640

SHA512
46c9a715f4c2f6715a57e7a07f734a59ce1a26effcd9d6e2bb2021b20b7b68af768f55e72e2577750ab6bd07ff4e207e41ea24597016de79a800941cf1877826

Download Submit
C:\Windows\System\vXoNJcm.exe

Filesize
2.0MB

MD5
731e87c826fe29f0d21c25542a202d16

SHA1
992841709086966a08a0996027bc6150cb42e04e

SHA256
c662266b5b311abbe1df3a24d4652209346caaaf429d5199f2e0ccc19a9ee80b

SHA512
63082dd3c018231d34d61febcd6b617c06871986d297512f88614de3c06e4d9f03b2a2e126901ebd333bcd6bccdd075fe46dc45314ec1b1a268432868d93e958

Download Submit
C:\Windows\System\wWeXrlI.exe

Filesize
2.0MB

MD5
47a5cb4e7eb0ff39734e7af6756c1779

SHA1
1f089f58709c972b3c1fe9ad2fa417f702551de7

SHA256
caf23db04b5994ac5abccd6d8da9e3c6cb6ad80f63064b889a370bb253c26c4e

SHA512
d9d05af79c22d71de2440ac715a99407fc727cb8377be55e7e7190184bb3a837d5bb64ceab05446a7916f52a4378dda3ab6ebfa669c73101741a3e4e9d48398b

Download Submit
C:\Windows\System\wptrFJI.exe

Filesize
2.0MB

MD5
7b60a812b9014a2b7e8a76dabb84be15

SHA1
f7f571f08a105f649826022c4e50a66ef3283b65

SHA256
b944df136a88f3dd841d2a8b1b59921c3b2833c7b76286f59fc917f81edaa83b

SHA512
512e4ec062a16f61b5807ee41f6c44e92ea5e9ab4d2251dc146bfa4dd680bf0cb211de93f3c4d008dbe013d602026d891b4b634cc092d3a150bafa183e3e3e50

Download Submit
C:\Windows\System\yqvvgbw.exe

Filesize
2.0MB

MD5
53a02d8bb4c20bf4db9f4e705082cbfb

SHA1
d6d7fae4366e759c38b8bcac7378e5f4b5dc8954

SHA256
9a8cfb84068473750a3d3062ae9a7b69559c7a01723bbe604f6d8f9dc7921b1a

SHA512
9ae920b2b2217e38230573e0ee3460e0e5c458a30a9bae5347f0a45fa57b5c02096155391abc4600d3cc85b631624690e9df018c76a43c8e4bffdf9af0cef6ee

Download Submit
memory/436-2289-0x00007FF66B0A0000-0x00007FF66B3F4000-memory.dmp

Filesize
3.3MB

Download
memory/436-139-0x00007FF66B0A0000-0x00007FF66B3F4000-memory.dmp

Filesize
3.3MB

Download
memory/748-179-0x00007FF612870000-0x00007FF612BC4000-memory.dmp

Filesize
3.3MB

Download
memory/748-2310-0x00007FF612870000-0x00007FF612BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-182-0x00007FF70C6E0000-0x00007FF70CA34000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2295-0x00007FF70C6E0000-0x00007FF70CA34000-memory.dmp

Filesize
3.3MB

Download
memory/1700-173-0x00007FF7CD250000-0x00007FF7CD5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1700-2304-0x00007FF7CD250000-0x00007FF7CD5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1840-172-0x00007FF782140000-0x00007FF782494000-memory.dmp

Filesize
3.3MB

Download
memory/1840-2296-0x00007FF782140000-0x00007FF782494000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2303-0x00007FF710710000-0x00007FF710A64000-memory.dmp

Filesize
3.3MB

Download
memory/1908-183-0x00007FF710710000-0x00007FF710A64000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2311-0x00007FF752520000-0x00007FF752874000-memory.dmp

Filesize
3.3MB

Download
memory/2108-185-0x00007FF752520000-0x00007FF752874000-memory.dmp

Filesize
3.3MB

Download
memory/2344-2309-0x00007FF734FB0000-0x00007FF735304000-memory.dmp

Filesize
3.3MB

Download
memory/2344-177-0x00007FF734FB0000-0x00007FF735304000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2294-0x00007FF602FC0000-0x00007FF603314000-memory.dmp

Filesize
3.3MB

Download
memory/2396-163-0x00007FF602FC0000-0x00007FF603314000-memory.dmp

Filesize
3.3MB

Download
memory/2536-178-0x00007FF6F7E60000-0x00007FF6F81B4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2308-0x00007FF6F7E60000-0x00007FF6F81B4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-175-0x00007FF7CA8E0000-0x00007FF7CAC34000-memory.dmp

Filesize
3.3MB

Download
memory/2748-2293-0x00007FF7CA8E0000-0x00007FF7CAC34000-memory.dmp

Filesize
3.3MB

Download
memory/2868-2279-0x00007FF76E210000-0x00007FF76E564000-memory.dmp

Filesize
3.3MB

Download
memory/2868-81-0x00007FF76E210000-0x00007FF76E564000-memory.dmp

Filesize
3.3MB

Download
memory/2868-2292-0x00007FF76E210000-0x00007FF76E564000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2286-0x00007FF68A030000-0x00007FF68A384000-memory.dmp

Filesize
3.3MB

Download
memory/2964-52-0x00007FF68A030000-0x00007FF68A384000-memory.dmp

Filesize
3.3MB

Download
memory/2992-92-0x00007FF60F140000-0x00007FF60F494000-memory.dmp

Filesize
3.3MB

Download
memory/2992-2290-0x00007FF60F140000-0x00007FF60F494000-memory.dmp

Filesize
3.3MB

Download
memory/3452-186-0x00007FF703F80000-0x00007FF7042D4000-memory.dmp

Filesize
3.3MB

Download
memory/3452-2307-0x00007FF703F80000-0x00007FF7042D4000-memory.dmp

Filesize
3.3MB

Download
memory/3564-1-0x000002596F900000-0x000002596F910000-memory.dmp

Filesize
64KB

Download
memory/3564-0-0x00007FF735000000-0x00007FF735354000-memory.dmp

Filesize
3.3MB

Download
memory/3592-180-0x00007FF65C6C0000-0x00007FF65CA14000-memory.dmp

Filesize
3.3MB

Download
memory/3592-2288-0x00007FF65C6C0000-0x00007FF65CA14000-memory.dmp

Filesize
3.3MB

Download
memory/3764-155-0x00007FF7A1A90000-0x00007FF7A1DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3764-2291-0x00007FF7A1A90000-0x00007FF7A1DE4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-2302-0x00007FF653AE0000-0x00007FF653E34000-memory.dmp

Filesize
3.3MB

Download
memory/3996-184-0x00007FF653AE0000-0x00007FF653E34000-memory.dmp

Filesize
3.3MB

Download
memory/4212-2297-0x00007FF6EAC20000-0x00007FF6EAF74000-memory.dmp

Filesize
3.3MB

Download
memory/4212-2280-0x00007FF6EAC20000-0x00007FF6EAF74000-memory.dmp

Filesize
3.3MB

Download
memory/4212-91-0x00007FF6EAC20000-0x00007FF6EAF74000-memory.dmp

Filesize
3.3MB

Download
memory/4256-138-0x00007FF678D80000-0x00007FF6790D4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2299-0x00007FF678D80000-0x00007FF6790D4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2282-0x00007FF678D80000-0x00007FF6790D4000-memory.dmp

Filesize
3.3MB

Download
memory/4376-2285-0x00007FF633DA0000-0x00007FF6340F4000-memory.dmp

Filesize
3.3MB

Download
memory/4376-2277-0x00007FF633DA0000-0x00007FF6340F4000-memory.dmp

Filesize
3.3MB

Download
memory/4376-27-0x00007FF633DA0000-0x00007FF6340F4000-memory.dmp

Filesize
3.3MB

Download
memory/4536-113-0x00007FF72A170000-0x00007FF72A4C4000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2298-0x00007FF72A170000-0x00007FF72A4C4000-memory.dmp

Filesize
3.3MB

Download
memory/4576-2287-0x00007FF661320000-0x00007FF661674000-memory.dmp

Filesize
3.3MB

Download
memory/4576-181-0x00007FF661320000-0x00007FF661674000-memory.dmp

Filesize
3.3MB

Download
memory/4820-2305-0x00007FF6C1620000-0x00007FF6C1974000-memory.dmp

Filesize
3.3MB

Download
memory/4820-162-0x00007FF6C1620000-0x00007FF6C1974000-memory.dmp

Filesize
3.3MB

Download
memory/4848-15-0x00007FF7E7EA0000-0x00007FF7E81F4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2283-0x00007FF7E7EA0000-0x00007FF7E81F4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2284-0x00007FF6C9400000-0x00007FF6C9754000-memory.dmp

Filesize
3.3MB

Download
memory/4896-46-0x00007FF6C9400000-0x00007FF6C9754000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2278-0x00007FF6C9400000-0x00007FF6C9754000-memory.dmp

Filesize
3.3MB

Download
memory/4952-176-0x00007FF7CAB00000-0x00007FF7CAE54000-memory.dmp

Filesize
3.3MB

Download
memory/4952-2300-0x00007FF7CAB00000-0x00007FF7CAE54000-memory.dmp

Filesize
3.3MB

Download
memory/5052-2306-0x00007FF728870000-0x00007FF728BC4000-memory.dmp

Filesize
3.3MB

Download
memory/5052-174-0x00007FF728870000-0x00007FF728BC4000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2301-0x00007FF6C95F0000-0x00007FF6C9944000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2281-0x00007FF6C95F0000-0x00007FF6C9944000-memory.dmp

Filesize
3.3MB

Download
memory/5112-108-0x00007FF6C95F0000-0x00007FF6C9944000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads