kpot | 45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124

Analysis

max time kernel
129s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
Size

2.2MB
MD5

0f895da0884e67bd3ba20c455ef315b4
SHA1

f0a54a80147c7932629a541be44b69bb456005e8
SHA256

45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124
SHA512

55d93ce5f7971d41682d4e59dc54ffbee0da7e544e932718592394de68cfdcc9eda813c6959342efe27f8487a7ec6b36f015f18ef8d440df0d46d61cc3b3362c
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6S/Fppa5GeP3w:BemTLkNdfE0pZrw8

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 36 IoCs

resource	yara_rule
behavioral2/files/0x0009000000023520-5.dat	family_kpot
behavioral2/files/0x0007000000023528-8.dat	family_kpot
behavioral2/files/0x0008000000023527-15.dat	family_kpot
behavioral2/files/0x000700000002352a-19.dat	family_kpot
behavioral2/files/0x000700000002352c-41.dat	family_kpot
behavioral2/files/0x0007000000023530-54.dat	family_kpot
behavioral2/files/0x0007000000023536-83.dat	family_kpot
behavioral2/files/0x0007000000023535-80.dat	family_kpot
behavioral2/files/0x000700000002352e-73.dat	family_kpot
behavioral2/files/0x0007000000023534-70.dat	family_kpot
behavioral2/files/0x000700000002352f-77.dat	family_kpot
behavioral2/files/0x0007000000023532-63.dat	family_kpot
behavioral2/files/0x0007000000023531-56.dat	family_kpot
behavioral2/files/0x0007000000023529-51.dat	family_kpot
behavioral2/files/0x000700000002352d-43.dat	family_kpot
behavioral2/files/0x000700000002352b-30.dat	family_kpot
behavioral2/files/0x0007000000023539-103.dat	family_kpot
behavioral2/files/0x0007000000023538-98.dat	family_kpot
behavioral2/files/0x0007000000023537-90.dat	family_kpot
behavioral2/files/0x0007000000023533-89.dat	family_kpot
behavioral2/files/0x0007000000023544-145.dat	family_kpot
behavioral2/files/0x0007000000023540-174.dat	family_kpot
behavioral2/files/0x0007000000023548-190.dat	family_kpot
behavioral2/files/0x0009000000023521-188.dat	family_kpot
behavioral2/files/0x0007000000023547-183.dat	family_kpot
behavioral2/files/0x000700000002353f-172.dat	family_kpot
behavioral2/files/0x000700000002353e-166.dat	family_kpot
behavioral2/files/0x0007000000023546-164.dat	family_kpot
behavioral2/files/0x000700000002353d-161.dat	family_kpot
behavioral2/files/0x0007000000023545-156.dat	family_kpot
behavioral2/files/0x000700000002353c-153.dat	family_kpot
behavioral2/files/0x0007000000023543-142.dat	family_kpot
behavioral2/files/0x0007000000023542-141.dat	family_kpot
behavioral2/files/0x000700000002353a-139.dat	family_kpot
behavioral2/files/0x000700000002353b-149.dat	family_kpot
behavioral2/files/0x0007000000023541-122.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3496-0-0x00007FF629300000-0x00007FF629654000-memory.dmp	UPX
behavioral2/files/0x0009000000023520-5.dat	UPX
behavioral2/files/0x0007000000023528-8.dat	UPX
behavioral2/files/0x0008000000023527-15.dat	UPX
behavioral2/files/0x000700000002352a-19.dat	UPX
behavioral2/files/0x000700000002352c-41.dat	UPX
behavioral2/files/0x0007000000023530-54.dat	UPX
behavioral2/files/0x0007000000023536-83.dat	UPX
behavioral2/files/0x0007000000023535-80.dat	UPX
behavioral2/memory/1148-79-0x00007FF79AC60000-0x00007FF79AFB4000-memory.dmp	UPX
behavioral2/files/0x000700000002352e-73.dat	UPX
behavioral2/files/0x0007000000023534-70.dat	UPX
behavioral2/files/0x000700000002352f-77.dat	UPX
behavioral2/files/0x0007000000023532-63.dat	UPX
behavioral2/memory/3092-59-0x00007FF6B4F80000-0x00007FF6B52D4000-memory.dmp	UPX
behavioral2/files/0x0007000000023531-56.dat	UPX
behavioral2/files/0x0007000000023529-51.dat	UPX
behavioral2/memory/1940-47-0x00007FF6FC670000-0x00007FF6FC9C4000-memory.dmp	UPX
behavioral2/files/0x000700000002352d-43.dat	UPX
behavioral2/files/0x000700000002352b-30.dat	UPX
behavioral2/memory/2904-110-0x00007FF6888E0000-0x00007FF688C34000-memory.dmp	UPX
behavioral2/memory/4180-108-0x00007FF6EFF80000-0x00007FF6F02D4000-memory.dmp	UPX
behavioral2/files/0x0007000000023539-103.dat	UPX
behavioral2/files/0x0007000000023538-98.dat	UPX
behavioral2/files/0x0007000000023537-90.dat	UPX
behavioral2/files/0x0007000000023533-89.dat	UPX
behavioral2/memory/2428-27-0x00007FF7617D0000-0x00007FF761B24000-memory.dmp	UPX
behavioral2/memory/3596-14-0x00007FF6ECB10000-0x00007FF6ECE64000-memory.dmp	UPX
behavioral2/files/0x0007000000023544-145.dat	UPX
behavioral2/files/0x0007000000023540-174.dat	UPX
behavioral2/memory/3944-196-0x00007FF735A60000-0x00007FF735DB4000-memory.dmp	UPX
behavioral2/memory/2524-213-0x00007FF6DA0A0000-0x00007FF6DA3F4000-memory.dmp	UPX
behavioral2/memory/2360-222-0x00007FF6403F0000-0x00007FF640744000-memory.dmp	UPX
behavioral2/memory/2992-226-0x00007FF707AC0000-0x00007FF707E14000-memory.dmp	UPX
behavioral2/memory/948-225-0x00007FF760600000-0x00007FF760954000-memory.dmp	UPX
behavioral2/memory/1724-224-0x00007FF6E0880000-0x00007FF6E0BD4000-memory.dmp	UPX
behavioral2/memory/4012-223-0x00007FF65D890000-0x00007FF65DBE4000-memory.dmp	UPX
behavioral2/memory/4376-221-0x00007FF6F88D0000-0x00007FF6F8C24000-memory.dmp	UPX
behavioral2/memory/3532-220-0x00007FF77BC90000-0x00007FF77BFE4000-memory.dmp	UPX
behavioral2/memory/1852-219-0x00007FF65BC70000-0x00007FF65BFC4000-memory.dmp	UPX
behavioral2/memory/3464-218-0x00007FF7C3550000-0x00007FF7C38A4000-memory.dmp	UPX
behavioral2/memory/4196-217-0x00007FF713C30000-0x00007FF713F84000-memory.dmp	UPX
behavioral2/memory/3708-216-0x00007FF694360000-0x00007FF6946B4000-memory.dmp	UPX
behavioral2/memory/2704-215-0x00007FF73C5F0000-0x00007FF73C944000-memory.dmp	UPX
behavioral2/memory/4932-214-0x00007FF65B560000-0x00007FF65B8B4000-memory.dmp	UPX
behavioral2/memory/1112-209-0x00007FF7BB5B0000-0x00007FF7BB904000-memory.dmp	UPX
behavioral2/memory/1364-208-0x00007FF7EB3D0000-0x00007FF7EB724000-memory.dmp	UPX
behavioral2/memory/4284-203-0x00007FF78F5A0000-0x00007FF78F8F4000-memory.dmp	UPX
behavioral2/memory/1020-195-0x00007FF735C70000-0x00007FF735FC4000-memory.dmp	UPX
behavioral2/files/0x0007000000023548-190.dat	UPX
behavioral2/files/0x0009000000023521-188.dat	UPX
behavioral2/files/0x0007000000023547-183.dat	UPX
behavioral2/files/0x000700000002353f-172.dat	UPX
behavioral2/files/0x000700000002353e-166.dat	UPX
behavioral2/files/0x0007000000023546-164.dat	UPX
behavioral2/files/0x000700000002353d-161.dat	UPX
behavioral2/files/0x0007000000023545-156.dat	UPX
behavioral2/files/0x000700000002353c-153.dat	UPX
behavioral2/memory/3576-144-0x00007FF7F2910000-0x00007FF7F2C64000-memory.dmp	UPX
behavioral2/memory/4616-143-0x00007FF758950000-0x00007FF758CA4000-memory.dmp	UPX
behavioral2/files/0x0007000000023543-142.dat	UPX
behavioral2/files/0x0007000000023542-141.dat	UPX
behavioral2/files/0x000700000002353a-139.dat	UPX
behavioral2/files/0x000700000002353b-149.dat	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3496-0-0x00007FF629300000-0x00007FF629654000-memory.dmp	xmrig
behavioral2/files/0x0009000000023520-5.dat	xmrig
behavioral2/files/0x0007000000023528-8.dat	xmrig
behavioral2/files/0x0008000000023527-15.dat	xmrig
behavioral2/files/0x000700000002352a-19.dat	xmrig
behavioral2/files/0x000700000002352c-41.dat	xmrig
behavioral2/files/0x0007000000023530-54.dat	xmrig
behavioral2/files/0x0007000000023536-83.dat	xmrig
behavioral2/files/0x0007000000023535-80.dat	xmrig
behavioral2/memory/1148-79-0x00007FF79AC60000-0x00007FF79AFB4000-memory.dmp	xmrig
behavioral2/files/0x000700000002352e-73.dat	xmrig
behavioral2/files/0x0007000000023534-70.dat	xmrig
behavioral2/files/0x000700000002352f-77.dat	xmrig
behavioral2/files/0x0007000000023532-63.dat	xmrig
behavioral2/memory/3092-59-0x00007FF6B4F80000-0x00007FF6B52D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023531-56.dat	xmrig
behavioral2/files/0x0007000000023529-51.dat	xmrig
behavioral2/memory/1940-47-0x00007FF6FC670000-0x00007FF6FC9C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002352d-43.dat	xmrig
behavioral2/files/0x000700000002352b-30.dat	xmrig
behavioral2/memory/2904-110-0x00007FF6888E0000-0x00007FF688C34000-memory.dmp	xmrig
behavioral2/memory/4180-108-0x00007FF6EFF80000-0x00007FF6F02D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023539-103.dat	xmrig
behavioral2/files/0x0007000000023538-98.dat	xmrig
behavioral2/files/0x0007000000023537-90.dat	xmrig
behavioral2/files/0x0007000000023533-89.dat	xmrig
behavioral2/memory/2428-27-0x00007FF7617D0000-0x00007FF761B24000-memory.dmp	xmrig
behavioral2/memory/3596-14-0x00007FF6ECB10000-0x00007FF6ECE64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023544-145.dat	xmrig
behavioral2/files/0x0007000000023540-174.dat	xmrig
behavioral2/memory/3944-196-0x00007FF735A60000-0x00007FF735DB4000-memory.dmp	xmrig
behavioral2/memory/2524-213-0x00007FF6DA0A0000-0x00007FF6DA3F4000-memory.dmp	xmrig
behavioral2/memory/2360-222-0x00007FF6403F0000-0x00007FF640744000-memory.dmp	xmrig
behavioral2/memory/2992-226-0x00007FF707AC0000-0x00007FF707E14000-memory.dmp	xmrig
behavioral2/memory/948-225-0x00007FF760600000-0x00007FF760954000-memory.dmp	xmrig
behavioral2/memory/1724-224-0x00007FF6E0880000-0x00007FF6E0BD4000-memory.dmp	xmrig
behavioral2/memory/4012-223-0x00007FF65D890000-0x00007FF65DBE4000-memory.dmp	xmrig
behavioral2/memory/4376-221-0x00007FF6F88D0000-0x00007FF6F8C24000-memory.dmp	xmrig
behavioral2/memory/3532-220-0x00007FF77BC90000-0x00007FF77BFE4000-memory.dmp	xmrig
behavioral2/memory/1852-219-0x00007FF65BC70000-0x00007FF65BFC4000-memory.dmp	xmrig
behavioral2/memory/3464-218-0x00007FF7C3550000-0x00007FF7C38A4000-memory.dmp	xmrig
behavioral2/memory/4196-217-0x00007FF713C30000-0x00007FF713F84000-memory.dmp	xmrig
behavioral2/memory/3708-216-0x00007FF694360000-0x00007FF6946B4000-memory.dmp	xmrig
behavioral2/memory/2704-215-0x00007FF73C5F0000-0x00007FF73C944000-memory.dmp	xmrig
behavioral2/memory/4932-214-0x00007FF65B560000-0x00007FF65B8B4000-memory.dmp	xmrig
behavioral2/memory/1112-209-0x00007FF7BB5B0000-0x00007FF7BB904000-memory.dmp	xmrig
behavioral2/memory/1364-208-0x00007FF7EB3D0000-0x00007FF7EB724000-memory.dmp	xmrig
behavioral2/memory/4284-203-0x00007FF78F5A0000-0x00007FF78F8F4000-memory.dmp	xmrig
behavioral2/memory/1020-195-0x00007FF735C70000-0x00007FF735FC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023548-190.dat	xmrig
behavioral2/files/0x0009000000023521-188.dat	xmrig
behavioral2/files/0x0007000000023547-183.dat	xmrig
behavioral2/files/0x000700000002353f-172.dat	xmrig
behavioral2/files/0x000700000002353e-166.dat	xmrig
behavioral2/files/0x0007000000023546-164.dat	xmrig
behavioral2/files/0x000700000002353d-161.dat	xmrig
behavioral2/files/0x0007000000023545-156.dat	xmrig
behavioral2/files/0x000700000002353c-153.dat	xmrig
behavioral2/memory/3576-144-0x00007FF7F2910000-0x00007FF7F2C64000-memory.dmp	xmrig
behavioral2/memory/4616-143-0x00007FF758950000-0x00007FF758CA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023543-142.dat	xmrig
behavioral2/files/0x0007000000023542-141.dat	xmrig
behavioral2/files/0x000700000002353a-139.dat	xmrig
behavioral2/files/0x000700000002353b-149.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3596	TJfaVqX.exe
2428	QrTRBye.exe
1940	ogomGkp.exe
3092	OOCBjQX.exe
1148	uDblkde.exe
4376	YBmZxvz.exe
4180	TabgbwQ.exe
2904	elhpsDx.exe
2360	qmnfVNl.exe
2800	idVTaJd.exe
4616	dMTAkhk.exe
4012	MieIGBI.exe
3576	dgACeHL.exe
1020	GsAqGLo.exe
3944	eKDGQKK.exe
1724	CdfVCaM.exe
4284	oXdEybW.exe
1364	MeAbKLD.exe
1112	JfqQpzD.exe
2524	bwIQDQM.exe
948	VXjsbvR.exe
4932	CXROZZt.exe
2704	ebwUxCo.exe
3708	nkNslpP.exe
4196	bGqEmjS.exe
3464	IgNLSOA.exe
1852	DYLKkEw.exe
2992	JjicGrN.exe
3532	AaBNVhM.exe
1848	gqQaGHP.exe
4272	KoeiXvO.exe
4924	bdZtvEo.exe
3460	TFtXCse.exe
3028	mhKhFPV.exe
1376	gQEJFXm.exe
3908	IXrYwVy.exe
4440	JTRstAQ.exe
2452	GwylHWW.exe
1956	PUlcuvt.exe
884	XODGcZn.exe
2112	pywyEdv.exe
3012	AyaQLNZ.exe
3572	IOUmUeI.exe
1484	aTPFKSj.exe
1120	qpLaMTH.exe
4820	pxyhiFa.exe
736	hIINAKj.exe
4336	HKKytHT.exe
1056	HHCUYPo.exe
3336	KkAwEpm.exe
2316	WHYJIIW.exe
3832	UbKatse.exe
4368	CbfMwEV.exe
4432	AVAPxmA.exe
3612	tDqZPbl.exe
3432	bAWQoRL.exe
1420	qNESPkP.exe
4452	ikXYWvE.exe
2840	jXKzXbY.exe
2192	TzsEAjh.exe
3128	lbxKCbI.exe
2132	JjJiAFu.exe
5032	vHuXFdB.exe
1060	FkmnEpQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3496-0-0x00007FF629300000-0x00007FF629654000-memory.dmp	upx
behavioral2/files/0x0009000000023520-5.dat	upx
behavioral2/files/0x0007000000023528-8.dat	upx
behavioral2/files/0x0008000000023527-15.dat	upx
behavioral2/files/0x000700000002352a-19.dat	upx
behavioral2/files/0x000700000002352c-41.dat	upx
behavioral2/files/0x0007000000023530-54.dat	upx
behavioral2/files/0x0007000000023536-83.dat	upx
behavioral2/files/0x0007000000023535-80.dat	upx
behavioral2/memory/1148-79-0x00007FF79AC60000-0x00007FF79AFB4000-memory.dmp	upx
behavioral2/files/0x000700000002352e-73.dat	upx
behavioral2/files/0x0007000000023534-70.dat	upx
behavioral2/files/0x000700000002352f-77.dat	upx
behavioral2/files/0x0007000000023532-63.dat	upx
behavioral2/memory/3092-59-0x00007FF6B4F80000-0x00007FF6B52D4000-memory.dmp	upx
behavioral2/files/0x0007000000023531-56.dat	upx
behavioral2/files/0x0007000000023529-51.dat	upx
behavioral2/memory/1940-47-0x00007FF6FC670000-0x00007FF6FC9C4000-memory.dmp	upx
behavioral2/files/0x000700000002352d-43.dat	upx
behavioral2/files/0x000700000002352b-30.dat	upx
behavioral2/memory/2904-110-0x00007FF6888E0000-0x00007FF688C34000-memory.dmp	upx
behavioral2/memory/4180-108-0x00007FF6EFF80000-0x00007FF6F02D4000-memory.dmp	upx
behavioral2/files/0x0007000000023539-103.dat	upx
behavioral2/files/0x0007000000023538-98.dat	upx
behavioral2/files/0x0007000000023537-90.dat	upx
behavioral2/files/0x0007000000023533-89.dat	upx
behavioral2/memory/2428-27-0x00007FF7617D0000-0x00007FF761B24000-memory.dmp	upx
behavioral2/memory/3596-14-0x00007FF6ECB10000-0x00007FF6ECE64000-memory.dmp	upx
behavioral2/files/0x0007000000023544-145.dat	upx
behavioral2/files/0x0007000000023540-174.dat	upx
behavioral2/memory/3944-196-0x00007FF735A60000-0x00007FF735DB4000-memory.dmp	upx
behavioral2/memory/2524-213-0x00007FF6DA0A0000-0x00007FF6DA3F4000-memory.dmp	upx
behavioral2/memory/2360-222-0x00007FF6403F0000-0x00007FF640744000-memory.dmp	upx
behavioral2/memory/2992-226-0x00007FF707AC0000-0x00007FF707E14000-memory.dmp	upx
behavioral2/memory/948-225-0x00007FF760600000-0x00007FF760954000-memory.dmp	upx
behavioral2/memory/1724-224-0x00007FF6E0880000-0x00007FF6E0BD4000-memory.dmp	upx
behavioral2/memory/4012-223-0x00007FF65D890000-0x00007FF65DBE4000-memory.dmp	upx
behavioral2/memory/4376-221-0x00007FF6F88D0000-0x00007FF6F8C24000-memory.dmp	upx
behavioral2/memory/3532-220-0x00007FF77BC90000-0x00007FF77BFE4000-memory.dmp	upx
behavioral2/memory/1852-219-0x00007FF65BC70000-0x00007FF65BFC4000-memory.dmp	upx
behavioral2/memory/3464-218-0x00007FF7C3550000-0x00007FF7C38A4000-memory.dmp	upx
behavioral2/memory/4196-217-0x00007FF713C30000-0x00007FF713F84000-memory.dmp	upx
behavioral2/memory/3708-216-0x00007FF694360000-0x00007FF6946B4000-memory.dmp	upx
behavioral2/memory/2704-215-0x00007FF73C5F0000-0x00007FF73C944000-memory.dmp	upx
behavioral2/memory/4932-214-0x00007FF65B560000-0x00007FF65B8B4000-memory.dmp	upx
behavioral2/memory/1112-209-0x00007FF7BB5B0000-0x00007FF7BB904000-memory.dmp	upx
behavioral2/memory/1364-208-0x00007FF7EB3D0000-0x00007FF7EB724000-memory.dmp	upx
behavioral2/memory/4284-203-0x00007FF78F5A0000-0x00007FF78F8F4000-memory.dmp	upx
behavioral2/memory/1020-195-0x00007FF735C70000-0x00007FF735FC4000-memory.dmp	upx
behavioral2/files/0x0007000000023548-190.dat	upx
behavioral2/files/0x0009000000023521-188.dat	upx
behavioral2/files/0x0007000000023547-183.dat	upx
behavioral2/files/0x000700000002353f-172.dat	upx
behavioral2/files/0x000700000002353e-166.dat	upx
behavioral2/files/0x0007000000023546-164.dat	upx
behavioral2/files/0x000700000002353d-161.dat	upx
behavioral2/files/0x0007000000023545-156.dat	upx
behavioral2/files/0x000700000002353c-153.dat	upx
behavioral2/memory/3576-144-0x00007FF7F2910000-0x00007FF7F2C64000-memory.dmp	upx
behavioral2/memory/4616-143-0x00007FF758950000-0x00007FF758CA4000-memory.dmp	upx
behavioral2/files/0x0007000000023543-142.dat	upx
behavioral2/files/0x0007000000023542-141.dat	upx
behavioral2/files/0x000700000002353a-139.dat	upx
behavioral2/files/0x000700000002353b-149.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LCrEHvv.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\dMqPEyv.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\WKogxOB.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\TLeFHAQ.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\rzTkzSE.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\ETlgjcn.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\sTjtMiv.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\UypqtHS.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\pywyEdv.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\LsghiEj.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\fDFBttg.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\YKiTFOi.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\aZVnGSF.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\QiGncER.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\EEsENjD.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\UrbGAhd.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\uDFDNOG.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\hZPrvWQ.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\prpOZsJ.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\hRrkjtC.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\JdFzAjI.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\rngkkrM.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\CTYTUxH.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\emJzyDw.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\ULECELW.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\eKDGQKK.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\YnexhzY.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\qLHrkmp.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\vfgZBej.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\MLfzTUp.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\WemfJew.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\BolGvle.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\dCHKifl.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\acXMPyS.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\YKNIhtK.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\ztLWigi.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\fGmHDxf.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\RjlocGS.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\xxyZyfY.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\goxbdCY.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\ikXYWvE.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\vRJKDCR.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\MPIrSdx.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\LdpGjRT.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\HpmqxBt.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\CTAHhOi.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\KApSNhi.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\CMCfavs.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\efYEhNr.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\NanImht.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\FYHDuKJ.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\PKcbdvc.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\lEyOsdJ.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\elhpsDx.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\KqPFyFU.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\qsYLMAT.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\pURFtVo.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\KOHrDli.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\JCNMYbr.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\jGyUcYP.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\iEozjhV.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\XZXumPJ.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\stsMeVf.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
File created	C:\Windows\System\ZOrCmsh.exe	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14132	dwm.exe
Token: SeChangeNotifyPrivilege	14132	dwm.exe
Token: 33	14132	dwm.exe
Token: SeIncBasePriorityPrivilege	14132	dwm.exe
Token: SeShutdownPrivilege	14132	dwm.exe
Token: SeCreatePagefilePrivilege	14132	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 3596	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	82
PID 3496 wrote to memory of 3596	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	82
PID 3496 wrote to memory of 2428	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	83
PID 3496 wrote to memory of 2428	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	83
PID 3496 wrote to memory of 1940	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	84
PID 3496 wrote to memory of 1940	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	84
PID 3496 wrote to memory of 1148	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	85
PID 3496 wrote to memory of 1148	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	85
PID 3496 wrote to memory of 3092	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	86
PID 3496 wrote to memory of 3092	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	86
PID 3496 wrote to memory of 4376	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	87
PID 3496 wrote to memory of 4376	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	87
PID 3496 wrote to memory of 4180	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	88
PID 3496 wrote to memory of 4180	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	88
PID 3496 wrote to memory of 2904	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	89
PID 3496 wrote to memory of 2904	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	89
PID 3496 wrote to memory of 4012	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	90
PID 3496 wrote to memory of 4012	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	90
PID 3496 wrote to memory of 2360	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	91
PID 3496 wrote to memory of 2360	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	91
PID 3496 wrote to memory of 2800	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	92
PID 3496 wrote to memory of 2800	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	92
PID 3496 wrote to memory of 4616	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	93
PID 3496 wrote to memory of 4616	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	93
PID 3496 wrote to memory of 3576	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	94
PID 3496 wrote to memory of 3576	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	94
PID 3496 wrote to memory of 4284	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	95
PID 3496 wrote to memory of 4284	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	95
PID 3496 wrote to memory of 1020	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	96
PID 3496 wrote to memory of 1020	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	96
PID 3496 wrote to memory of 3944	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	97
PID 3496 wrote to memory of 3944	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	97
PID 3496 wrote to memory of 1724	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	98
PID 3496 wrote to memory of 1724	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	98
PID 3496 wrote to memory of 1364	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	99
PID 3496 wrote to memory of 1364	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	99
PID 3496 wrote to memory of 1112	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	100
PID 3496 wrote to memory of 1112	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	100
PID 3496 wrote to memory of 2524	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	101
PID 3496 wrote to memory of 2524	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	101
PID 3496 wrote to memory of 2992	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	102
PID 3496 wrote to memory of 2992	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	102
PID 3496 wrote to memory of 948	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	103
PID 3496 wrote to memory of 948	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	103
PID 3496 wrote to memory of 4932	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	104
PID 3496 wrote to memory of 4932	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	104
PID 3496 wrote to memory of 2704	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	105
PID 3496 wrote to memory of 2704	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	105
PID 3496 wrote to memory of 3708	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	106
PID 3496 wrote to memory of 3708	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	106
PID 3496 wrote to memory of 4196	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	107
PID 3496 wrote to memory of 4196	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	107
PID 3496 wrote to memory of 3464	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	108
PID 3496 wrote to memory of 3464	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	108
PID 3496 wrote to memory of 1852	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	109
PID 3496 wrote to memory of 1852	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	109
PID 3496 wrote to memory of 3532	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	110
PID 3496 wrote to memory of 3532	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	110
PID 3496 wrote to memory of 1848	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	111
PID 3496 wrote to memory of 1848	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	111
PID 3496 wrote to memory of 4272	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	112
PID 3496 wrote to memory of 4272	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	112
PID 3496 wrote to memory of 4924	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	113
PID 3496 wrote to memory of 4924	3496	45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe	113

C:\Users\Admin\AppData\Local\Temp\45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe
"C:\Users\Admin\AppData\Local\Temp\45b52d6f2bb450136c79b715e702117407929c186affc75a0f76e8b841a74124.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Windows\System\TJfaVqX.exe
  C:\Windows\System\TJfaVqX.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\QrTRBye.exe
  C:\Windows\System\QrTRBye.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ogomGkp.exe
  C:\Windows\System\ogomGkp.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\uDblkde.exe
  C:\Windows\System\uDblkde.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\OOCBjQX.exe
  C:\Windows\System\OOCBjQX.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\YBmZxvz.exe
  C:\Windows\System\YBmZxvz.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\TabgbwQ.exe
  C:\Windows\System\TabgbwQ.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\elhpsDx.exe
  C:\Windows\System\elhpsDx.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\MieIGBI.exe
  C:\Windows\System\MieIGBI.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\qmnfVNl.exe
  C:\Windows\System\qmnfVNl.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\idVTaJd.exe
  C:\Windows\System\idVTaJd.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\dMTAkhk.exe
  C:\Windows\System\dMTAkhk.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\dgACeHL.exe
  C:\Windows\System\dgACeHL.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\oXdEybW.exe
  C:\Windows\System\oXdEybW.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\GsAqGLo.exe
  C:\Windows\System\GsAqGLo.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\eKDGQKK.exe
  C:\Windows\System\eKDGQKK.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\CdfVCaM.exe
  C:\Windows\System\CdfVCaM.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\MeAbKLD.exe
  C:\Windows\System\MeAbKLD.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\JfqQpzD.exe
  C:\Windows\System\JfqQpzD.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\bwIQDQM.exe
  C:\Windows\System\bwIQDQM.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\JjicGrN.exe
  C:\Windows\System\JjicGrN.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\VXjsbvR.exe
  C:\Windows\System\VXjsbvR.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\CXROZZt.exe
  C:\Windows\System\CXROZZt.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\ebwUxCo.exe
  C:\Windows\System\ebwUxCo.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\nkNslpP.exe
  C:\Windows\System\nkNslpP.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\bGqEmjS.exe
  C:\Windows\System\bGqEmjS.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\IgNLSOA.exe
  C:\Windows\System\IgNLSOA.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\DYLKkEw.exe
  C:\Windows\System\DYLKkEw.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\AaBNVhM.exe
  C:\Windows\System\AaBNVhM.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\gqQaGHP.exe
  C:\Windows\System\gqQaGHP.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\KoeiXvO.exe
  C:\Windows\System\KoeiXvO.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\bdZtvEo.exe
  C:\Windows\System\bdZtvEo.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\TFtXCse.exe
  C:\Windows\System\TFtXCse.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\mhKhFPV.exe
  C:\Windows\System\mhKhFPV.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\gQEJFXm.exe
  C:\Windows\System\gQEJFXm.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\IXrYwVy.exe
  C:\Windows\System\IXrYwVy.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\JTRstAQ.exe
  C:\Windows\System\JTRstAQ.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\GwylHWW.exe
  C:\Windows\System\GwylHWW.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\PUlcuvt.exe
  C:\Windows\System\PUlcuvt.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\XODGcZn.exe
  C:\Windows\System\XODGcZn.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\pywyEdv.exe
  C:\Windows\System\pywyEdv.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\AyaQLNZ.exe
  C:\Windows\System\AyaQLNZ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\IOUmUeI.exe
  C:\Windows\System\IOUmUeI.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\aTPFKSj.exe
  C:\Windows\System\aTPFKSj.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\qpLaMTH.exe
  C:\Windows\System\qpLaMTH.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\pxyhiFa.exe
  C:\Windows\System\pxyhiFa.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\hIINAKj.exe
  C:\Windows\System\hIINAKj.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\HKKytHT.exe
  C:\Windows\System\HKKytHT.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\HHCUYPo.exe
  C:\Windows\System\HHCUYPo.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\KkAwEpm.exe
  C:\Windows\System\KkAwEpm.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\WHYJIIW.exe
  C:\Windows\System\WHYJIIW.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\UbKatse.exe
  C:\Windows\System\UbKatse.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\CbfMwEV.exe
  C:\Windows\System\CbfMwEV.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\AVAPxmA.exe
  C:\Windows\System\AVAPxmA.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\tDqZPbl.exe
  C:\Windows\System\tDqZPbl.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\bAWQoRL.exe
  C:\Windows\System\bAWQoRL.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\qNESPkP.exe
  C:\Windows\System\qNESPkP.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\ikXYWvE.exe
  C:\Windows\System\ikXYWvE.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\jXKzXbY.exe
  C:\Windows\System\jXKzXbY.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\TzsEAjh.exe
  C:\Windows\System\TzsEAjh.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\lbxKCbI.exe
  C:\Windows\System\lbxKCbI.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\JjJiAFu.exe
  C:\Windows\System\JjJiAFu.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\vHuXFdB.exe
  C:\Windows\System\vHuXFdB.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\FkmnEpQ.exe
  C:\Windows\System\FkmnEpQ.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\TymqZXw.exe
  C:\Windows\System\TymqZXw.exe
  2⤵
  PID:4228
- C:\Windows\System\NjYurue.exe
  C:\Windows\System\NjYurue.exe
  2⤵
  PID:4208
- C:\Windows\System\Rkiziuu.exe
  C:\Windows\System\Rkiziuu.exe
  2⤵
  PID:1448
- C:\Windows\System\PkCZepN.exe
  C:\Windows\System\PkCZepN.exe
  2⤵
  PID:2228
- C:\Windows\System\QHubsyw.exe
  C:\Windows\System\QHubsyw.exe
  2⤵
  PID:2168
- C:\Windows\System\ggJwpqz.exe
  C:\Windows\System\ggJwpqz.exe
  2⤵
  PID:624
- C:\Windows\System\GXcoOgj.exe
  C:\Windows\System\GXcoOgj.exe
  2⤵
  PID:688
- C:\Windows\System\IyVesPa.exe
  C:\Windows\System\IyVesPa.exe
  2⤵
  PID:4744
- C:\Windows\System\ctJnQou.exe
  C:\Windows\System\ctJnQou.exe
  2⤵
  PID:3744
- C:\Windows\System\BolGvle.exe
  C:\Windows\System\BolGvle.exe
  2⤵
  PID:4860
- C:\Windows\System\bblabSA.exe
  C:\Windows\System\bblabSA.exe
  2⤵
  PID:1324
- C:\Windows\System\HOsnNrg.exe
  C:\Windows\System\HOsnNrg.exe
  2⤵
  PID:2136
- C:\Windows\System\NStJHvV.exe
  C:\Windows\System\NStJHvV.exe
  2⤵
  PID:2352
- C:\Windows\System\XHHGzId.exe
  C:\Windows\System\XHHGzId.exe
  2⤵
  PID:1516
- C:\Windows\System\nHcANnC.exe
  C:\Windows\System\nHcANnC.exe
  2⤵
  PID:2696
- C:\Windows\System\VgIUIAc.exe
  C:\Windows\System\VgIUIAc.exe
  2⤵
  PID:3912
- C:\Windows\System\HlMUcQM.exe
  C:\Windows\System\HlMUcQM.exe
  2⤵
  PID:5084
- C:\Windows\System\LsghiEj.exe
  C:\Windows\System\LsghiEj.exe
  2⤵
  PID:4856
- C:\Windows\System\viGgRnC.exe
  C:\Windows\System\viGgRnC.exe
  2⤵
  PID:4976
- C:\Windows\System\beMlqLk.exe
  C:\Windows\System\beMlqLk.exe
  2⤵
  PID:1124
- C:\Windows\System\dVLHVIV.exe
  C:\Windows\System\dVLHVIV.exe
  2⤵
  PID:1184
- C:\Windows\System\LidDFIE.exe
  C:\Windows\System\LidDFIE.exe
  2⤵
  PID:4536
- C:\Windows\System\PXuLzrA.exe
  C:\Windows\System\PXuLzrA.exe
  2⤵
  PID:628
- C:\Windows\System\OCMwcit.exe
  C:\Windows\System\OCMwcit.exe
  2⤵
  PID:1644
- C:\Windows\System\JbQrJeN.exe
  C:\Windows\System\JbQrJeN.exe
  2⤵
  PID:4936
- C:\Windows\System\hjIJHMp.exe
  C:\Windows\System\hjIJHMp.exe
  2⤵
  PID:2792
- C:\Windows\System\kUKRHYP.exe
  C:\Windows\System\kUKRHYP.exe
  2⤵
  PID:1628
- C:\Windows\System\YacxtQh.exe
  C:\Windows\System\YacxtQh.exe
  2⤵
  PID:5096
- C:\Windows\System\HCJeRha.exe
  C:\Windows\System\HCJeRha.exe
  2⤵
  PID:5100
- C:\Windows\System\yiyjqjD.exe
  C:\Windows\System\yiyjqjD.exe
  2⤵
  PID:4320
- C:\Windows\System\cPRPYxX.exe
  C:\Windows\System\cPRPYxX.exe
  2⤵
  PID:5092
- C:\Windows\System\bjkoAYl.exe
  C:\Windows\System\bjkoAYl.exe
  2⤵
  PID:2960
- C:\Windows\System\AmIzMyQ.exe
  C:\Windows\System\AmIzMyQ.exe
  2⤵
  PID:1988
- C:\Windows\System\eignOtn.exe
  C:\Windows\System\eignOtn.exe
  2⤵
  PID:3332
- C:\Windows\System\YRrDQLo.exe
  C:\Windows\System\YRrDQLo.exe
  2⤵
  PID:860
- C:\Windows\System\icyodCC.exe
  C:\Windows\System\icyodCC.exe
  2⤵
  PID:1200
- C:\Windows\System\IzcOLGZ.exe
  C:\Windows\System\IzcOLGZ.exe
  2⤵
  PID:4964
- C:\Windows\System\zLVJFaC.exe
  C:\Windows\System\zLVJFaC.exe
  2⤵
  PID:2028
- C:\Windows\System\RScylhv.exe
  C:\Windows\System\RScylhv.exe
  2⤵
  PID:4592
- C:\Windows\System\ExcmbTf.exe
  C:\Windows\System\ExcmbTf.exe
  2⤵
  PID:936
- C:\Windows\System\EvVHeLT.exe
  C:\Windows\System\EvVHeLT.exe
  2⤵
  PID:4340
- C:\Windows\System\oMXCJZn.exe
  C:\Windows\System\oMXCJZn.exe
  2⤵
  PID:5128
- C:\Windows\System\VHLpKzf.exe
  C:\Windows\System\VHLpKzf.exe
  2⤵
  PID:5156
- C:\Windows\System\XipKVvD.exe
  C:\Windows\System\XipKVvD.exe
  2⤵
  PID:5188
- C:\Windows\System\eINmwdX.exe
  C:\Windows\System\eINmwdX.exe
  2⤵
  PID:5224
- C:\Windows\System\WTGtPVE.exe
  C:\Windows\System\WTGtPVE.exe
  2⤵
  PID:5252
- C:\Windows\System\XTkTBzR.exe
  C:\Windows\System\XTkTBzR.exe
  2⤵
  PID:5280
- C:\Windows\System\WbZcNos.exe
  C:\Windows\System\WbZcNos.exe
  2⤵
  PID:5308
- C:\Windows\System\awDgsqp.exe
  C:\Windows\System\awDgsqp.exe
  2⤵
  PID:5340
- C:\Windows\System\vHVYjjR.exe
  C:\Windows\System\vHVYjjR.exe
  2⤵
  PID:5364
- C:\Windows\System\GAIbjWb.exe
  C:\Windows\System\GAIbjWb.exe
  2⤵
  PID:5392
- C:\Windows\System\CZlLGof.exe
  C:\Windows\System\CZlLGof.exe
  2⤵
  PID:5420
- C:\Windows\System\yAcTMVo.exe
  C:\Windows\System\yAcTMVo.exe
  2⤵
  PID:5452
- C:\Windows\System\HTJClQg.exe
  C:\Windows\System\HTJClQg.exe
  2⤵
  PID:5476
- C:\Windows\System\qeFsthT.exe
  C:\Windows\System\qeFsthT.exe
  2⤵
  PID:5508
- C:\Windows\System\iIndRzC.exe
  C:\Windows\System\iIndRzC.exe
  2⤵
  PID:5536
- C:\Windows\System\nBNEQcs.exe
  C:\Windows\System\nBNEQcs.exe
  2⤵
  PID:5552
- C:\Windows\System\Eljucwj.exe
  C:\Windows\System\Eljucwj.exe
  2⤵
  PID:5584
- C:\Windows\System\jbOJCOv.exe
  C:\Windows\System\jbOJCOv.exe
  2⤵
  PID:5616
- C:\Windows\System\yLyJhTR.exe
  C:\Windows\System\yLyJhTR.exe
  2⤵
  PID:5648
- C:\Windows\System\fDFBttg.exe
  C:\Windows\System\fDFBttg.exe
  2⤵
  PID:5676
- C:\Windows\System\qxAqAYR.exe
  C:\Windows\System\qxAqAYR.exe
  2⤵
  PID:5704
- C:\Windows\System\StVgAoz.exe
  C:\Windows\System\StVgAoz.exe
  2⤵
  PID:5732
- C:\Windows\System\KqPFyFU.exe
  C:\Windows\System\KqPFyFU.exe
  2⤵
  PID:5760
- C:\Windows\System\ZnEmNlv.exe
  C:\Windows\System\ZnEmNlv.exe
  2⤵
  PID:5780
- C:\Windows\System\fWHtSLz.exe
  C:\Windows\System\fWHtSLz.exe
  2⤵
  PID:5804
- C:\Windows\System\TiGAkYS.exe
  C:\Windows\System\TiGAkYS.exe
  2⤵
  PID:5832
- C:\Windows\System\yykOKLF.exe
  C:\Windows\System\yykOKLF.exe
  2⤵
  PID:5848
- C:\Windows\System\rmnIbMM.exe
  C:\Windows\System\rmnIbMM.exe
  2⤵
  PID:5876
- C:\Windows\System\bMjUGTA.exe
  C:\Windows\System\bMjUGTA.exe
  2⤵
  PID:5908
- C:\Windows\System\jDFRNqY.exe
  C:\Windows\System\jDFRNqY.exe
  2⤵
  PID:5944
- C:\Windows\System\DOUfurs.exe
  C:\Windows\System\DOUfurs.exe
  2⤵
  PID:5976
- C:\Windows\System\OrQrmtB.exe
  C:\Windows\System\OrQrmtB.exe
  2⤵
  PID:6004
- C:\Windows\System\stsMeVf.exe
  C:\Windows\System\stsMeVf.exe
  2⤵
  PID:6028
- C:\Windows\System\EDbMjPH.exe
  C:\Windows\System\EDbMjPH.exe
  2⤵
  PID:6056
- C:\Windows\System\bogGEra.exe
  C:\Windows\System\bogGEra.exe
  2⤵
  PID:6088
- C:\Windows\System\LCrEHvv.exe
  C:\Windows\System\LCrEHvv.exe
  2⤵
  PID:6116
- C:\Windows\System\wHAQpLu.exe
  C:\Windows\System\wHAQpLu.exe
  2⤵
  PID:2056
- C:\Windows\System\lDoqgud.exe
  C:\Windows\System\lDoqgud.exe
  2⤵
  PID:5200
- C:\Windows\System\RMalCVx.exe
  C:\Windows\System\RMalCVx.exe
  2⤵
  PID:5264
- C:\Windows\System\LqqMvUW.exe
  C:\Windows\System\LqqMvUW.exe
  2⤵
  PID:5328
- C:\Windows\System\HQjegUs.exe
  C:\Windows\System\HQjegUs.exe
  2⤵
  PID:5384
- C:\Windows\System\tcbMMzY.exe
  C:\Windows\System\tcbMMzY.exe
  2⤵
  PID:5444
- C:\Windows\System\qQTzdYi.exe
  C:\Windows\System\qQTzdYi.exe
  2⤵
  PID:5532
- C:\Windows\System\tVPAOVw.exe
  C:\Windows\System\tVPAOVw.exe
  2⤵
  PID:5568
- C:\Windows\System\PhGywvk.exe
  C:\Windows\System\PhGywvk.exe
  2⤵
  PID:5660
- C:\Windows\System\PfPQBUN.exe
  C:\Windows\System\PfPQBUN.exe
  2⤵
  PID:5724
- C:\Windows\System\uDFDNOG.exe
  C:\Windows\System\uDFDNOG.exe
  2⤵
  PID:5796
- C:\Windows\System\hZPrvWQ.exe
  C:\Windows\System\hZPrvWQ.exe
  2⤵
  PID:5868
- C:\Windows\System\vCUSedT.exe
  C:\Windows\System\vCUSedT.exe
  2⤵
  PID:5892
- C:\Windows\System\JLVajfP.exe
  C:\Windows\System\JLVajfP.exe
  2⤵
  PID:5972
- C:\Windows\System\TUEJjjk.exe
  C:\Windows\System\TUEJjjk.exe
  2⤵
  PID:6048
- C:\Windows\System\WUGGUSL.exe
  C:\Windows\System\WUGGUSL.exe
  2⤵
  PID:6124
- C:\Windows\System\RiLaWIo.exe
  C:\Windows\System\RiLaWIo.exe
  2⤵
  PID:5244
- C:\Windows\System\FaroBhO.exe
  C:\Windows\System\FaroBhO.exe
  2⤵
  PID:5320
- C:\Windows\System\Mnkewpi.exe
  C:\Windows\System\Mnkewpi.exe
  2⤵
  PID:5472
- C:\Windows\System\rzTkzSE.exe
  C:\Windows\System\rzTkzSE.exe
  2⤵
  PID:5716
- C:\Windows\System\uagUFHZ.exe
  C:\Windows\System\uagUFHZ.exe
  2⤵
  PID:5864
- C:\Windows\System\cYgRRvT.exe
  C:\Windows\System\cYgRRvT.exe
  2⤵
  PID:5988
- C:\Windows\System\ftAFLAL.exe
  C:\Windows\System\ftAFLAL.exe
  2⤵
  PID:6140
- C:\Windows\System\DxACAgV.exe
  C:\Windows\System\DxACAgV.exe
  2⤵
  PID:5768
- C:\Windows\System\HbDqsBA.exe
  C:\Windows\System\HbDqsBA.exe
  2⤵
  PID:6072
- C:\Windows\System\ZdTKlSK.exe
  C:\Windows\System\ZdTKlSK.exe
  2⤵
  PID:5928
- C:\Windows\System\hufMlhu.exe
  C:\Windows\System\hufMlhu.exe
  2⤵
  PID:6152
- C:\Windows\System\prpOZsJ.exe
  C:\Windows\System\prpOZsJ.exe
  2⤵
  PID:6172
- C:\Windows\System\jQJUmls.exe
  C:\Windows\System\jQJUmls.exe
  2⤵
  PID:6196
- C:\Windows\System\biMXXRR.exe
  C:\Windows\System\biMXXRR.exe
  2⤵
  PID:6232
- C:\Windows\System\zCrIAaX.exe
  C:\Windows\System\zCrIAaX.exe
  2⤵
  PID:6260
- C:\Windows\System\RFwKsES.exe
  C:\Windows\System\RFwKsES.exe
  2⤵
  PID:6292
- C:\Windows\System\HhSvxzT.exe
  C:\Windows\System\HhSvxzT.exe
  2⤵
  PID:6320
- C:\Windows\System\zzLGSnd.exe
  C:\Windows\System\zzLGSnd.exe
  2⤵
  PID:6336
- C:\Windows\System\CqCxJqq.exe
  C:\Windows\System\CqCxJqq.exe
  2⤵
  PID:6360
- C:\Windows\System\bkNoBow.exe
  C:\Windows\System\bkNoBow.exe
  2⤵
  PID:6376
- C:\Windows\System\yDUnpWn.exe
  C:\Windows\System\yDUnpWn.exe
  2⤵
  PID:6396
- C:\Windows\System\HnDMVMn.exe
  C:\Windows\System\HnDMVMn.exe
  2⤵
  PID:6428
- C:\Windows\System\eXASAHZ.exe
  C:\Windows\System\eXASAHZ.exe
  2⤵
  PID:6464
- C:\Windows\System\iXaEiyn.exe
  C:\Windows\System\iXaEiyn.exe
  2⤵
  PID:6484
- C:\Windows\System\ZOrCmsh.exe
  C:\Windows\System\ZOrCmsh.exe
  2⤵
  PID:6520
- C:\Windows\System\qsYLMAT.exe
  C:\Windows\System\qsYLMAT.exe
  2⤵
  PID:6560
- C:\Windows\System\xDupaRV.exe
  C:\Windows\System\xDupaRV.exe
  2⤵
  PID:6584
- C:\Windows\System\TmGPCji.exe
  C:\Windows\System\TmGPCji.exe
  2⤵
  PID:6616
- C:\Windows\System\jvmWJFQ.exe
  C:\Windows\System\jvmWJFQ.exe
  2⤵
  PID:6644
- C:\Windows\System\EgXiCcf.exe
  C:\Windows\System\EgXiCcf.exe
  2⤵
  PID:6672
- C:\Windows\System\pPwQTsS.exe
  C:\Windows\System\pPwQTsS.exe
  2⤵
  PID:6708
- C:\Windows\System\ZuYqvoT.exe
  C:\Windows\System\ZuYqvoT.exe
  2⤵
  PID:6728
- C:\Windows\System\NzkkRch.exe
  C:\Windows\System\NzkkRch.exe
  2⤵
  PID:6748
- C:\Windows\System\oMPLktq.exe
  C:\Windows\System\oMPLktq.exe
  2⤵
  PID:6776
- C:\Windows\System\HRHbveR.exe
  C:\Windows\System\HRHbveR.exe
  2⤵
  PID:6800
- C:\Windows\System\OljgziH.exe
  C:\Windows\System\OljgziH.exe
  2⤵
  PID:6848
- C:\Windows\System\dGzXxPn.exe
  C:\Windows\System\dGzXxPn.exe
  2⤵
  PID:6876
- C:\Windows\System\CTAHhOi.exe
  C:\Windows\System\CTAHhOi.exe
  2⤵
  PID:6900
- C:\Windows\System\ZXqQJfT.exe
  C:\Windows\System\ZXqQJfT.exe
  2⤵
  PID:6920
- C:\Windows\System\fIGUBCw.exe
  C:\Windows\System\fIGUBCw.exe
  2⤵
  PID:6944
- C:\Windows\System\YgpezzX.exe
  C:\Windows\System\YgpezzX.exe
  2⤵
  PID:6976
- C:\Windows\System\XAerhSq.exe
  C:\Windows\System\XAerhSq.exe
  2⤵
  PID:7016
- C:\Windows\System\KcfcTjJ.exe
  C:\Windows\System\KcfcTjJ.exe
  2⤵
  PID:7044
- C:\Windows\System\SaCoRkx.exe
  C:\Windows\System\SaCoRkx.exe
  2⤵
  PID:7068
- C:\Windows\System\pURFtVo.exe
  C:\Windows\System\pURFtVo.exe
  2⤵
  PID:7096
- C:\Windows\System\qxTWVQl.exe
  C:\Windows\System\qxTWVQl.exe
  2⤵
  PID:7124
- C:\Windows\System\WqDzrJq.exe
  C:\Windows\System\WqDzrJq.exe
  2⤵
  PID:7144
- C:\Windows\System\lJLRWMM.exe
  C:\Windows\System\lJLRWMM.exe
  2⤵
  PID:5564
- C:\Windows\System\UPOYvkM.exe
  C:\Windows\System\UPOYvkM.exe
  2⤵
  PID:6240
- C:\Windows\System\zjfNEmi.exe
  C:\Windows\System\zjfNEmi.exe
  2⤵
  PID:6280
- C:\Windows\System\WqSWuDq.exe
  C:\Windows\System\WqSWuDq.exe
  2⤵
  PID:6368
- C:\Windows\System\eerVGuG.exe
  C:\Windows\System\eerVGuG.exe
  2⤵
  PID:6440
- C:\Windows\System\DmyGZwj.exe
  C:\Windows\System\DmyGZwj.exe
  2⤵
  PID:6512
- C:\Windows\System\UkKvmby.exe
  C:\Windows\System\UkKvmby.exe
  2⤵
  PID:6532
- C:\Windows\System\EfaSdEp.exe
  C:\Windows\System\EfaSdEp.exe
  2⤵
  PID:6628
- C:\Windows\System\qWstaqX.exe
  C:\Windows\System\qWstaqX.exe
  2⤵
  PID:6716
- C:\Windows\System\qLfjAsy.exe
  C:\Windows\System\qLfjAsy.exe
  2⤵
  PID:6772
- C:\Windows\System\KMUGZmQ.exe
  C:\Windows\System\KMUGZmQ.exe
  2⤵
  PID:6808
- C:\Windows\System\sXUxtST.exe
  C:\Windows\System\sXUxtST.exe
  2⤵
  PID:6896
- C:\Windows\System\tkhghsq.exe
  C:\Windows\System\tkhghsq.exe
  2⤵
  PID:6940
- C:\Windows\System\rPRqAnY.exe
  C:\Windows\System\rPRqAnY.exe
  2⤵
  PID:7008
- C:\Windows\System\KApSNhi.exe
  C:\Windows\System\KApSNhi.exe
  2⤵
  PID:7112
- C:\Windows\System\VKnWpbQ.exe
  C:\Windows\System\VKnWpbQ.exe
  2⤵
  PID:7164
- C:\Windows\System\GDNNNWU.exe
  C:\Windows\System\GDNNNWU.exe
  2⤵
  PID:6160
- C:\Windows\System\EmJuwUP.exe
  C:\Windows\System\EmJuwUP.exe
  2⤵
  PID:6332
- C:\Windows\System\YVVrTXq.exe
  C:\Windows\System\YVVrTXq.exe
  2⤵
  PID:6548
- C:\Windows\System\KOHrDli.exe
  C:\Windows\System\KOHrDli.exe
  2⤵
  PID:6700
- C:\Windows\System\SRVuPDJ.exe
  C:\Windows\System\SRVuPDJ.exe
  2⤵
  PID:6916
- C:\Windows\System\Sblsqev.exe
  C:\Windows\System\Sblsqev.exe
  2⤵
  PID:7052
- C:\Windows\System\dCHKifl.exe
  C:\Windows\System\dCHKifl.exe
  2⤵
  PID:6252
- C:\Windows\System\naKAthN.exe
  C:\Windows\System\naKAthN.exe
  2⤵
  PID:6756
- C:\Windows\System\vRJKDCR.exe
  C:\Windows\System\vRJKDCR.exe
  2⤵
  PID:6984
- C:\Windows\System\ajhocKE.exe
  C:\Windows\System\ajhocKE.exe
  2⤵
  PID:6456
- C:\Windows\System\tHiyaaL.exe
  C:\Windows\System\tHiyaaL.exe
  2⤵
  PID:6328
- C:\Windows\System\mFEqpXA.exe
  C:\Windows\System\mFEqpXA.exe
  2⤵
  PID:7184
- C:\Windows\System\tECZoWp.exe
  C:\Windows\System\tECZoWp.exe
  2⤵
  PID:7212
- C:\Windows\System\kysEGhQ.exe
  C:\Windows\System\kysEGhQ.exe
  2⤵
  PID:7240
- C:\Windows\System\dzHYXCT.exe
  C:\Windows\System\dzHYXCT.exe
  2⤵
  PID:7268
- C:\Windows\System\NyoXXPq.exe
  C:\Windows\System\NyoXXPq.exe
  2⤵
  PID:7296
- C:\Windows\System\WlYVOiN.exe
  C:\Windows\System\WlYVOiN.exe
  2⤵
  PID:7324
- C:\Windows\System\OHhlPfM.exe
  C:\Windows\System\OHhlPfM.exe
  2⤵
  PID:7352
- C:\Windows\System\iraiVgX.exe
  C:\Windows\System\iraiVgX.exe
  2⤵
  PID:7380
- C:\Windows\System\rHFATTr.exe
  C:\Windows\System\rHFATTr.exe
  2⤵
  PID:7408
- C:\Windows\System\DsmqPbt.exe
  C:\Windows\System\DsmqPbt.exe
  2⤵
  PID:7436
- C:\Windows\System\keBcNAF.exe
  C:\Windows\System\keBcNAF.exe
  2⤵
  PID:7464
- C:\Windows\System\wHPhizD.exe
  C:\Windows\System\wHPhizD.exe
  2⤵
  PID:7504
- C:\Windows\System\xanqmXp.exe
  C:\Windows\System\xanqmXp.exe
  2⤵
  PID:7524
- C:\Windows\System\gniobjC.exe
  C:\Windows\System\gniobjC.exe
  2⤵
  PID:7560
- C:\Windows\System\ZdTssmw.exe
  C:\Windows\System\ZdTssmw.exe
  2⤵
  PID:7588
- C:\Windows\System\DnTUkSM.exe
  C:\Windows\System\DnTUkSM.exe
  2⤵
  PID:7620
- C:\Windows\System\YnexhzY.exe
  C:\Windows\System\YnexhzY.exe
  2⤵
  PID:7648
- C:\Windows\System\qriPpgi.exe
  C:\Windows\System\qriPpgi.exe
  2⤵
  PID:7672
- C:\Windows\System\joeZUqi.exe
  C:\Windows\System\joeZUqi.exe
  2⤵
  PID:7700
- C:\Windows\System\OYOpKKm.exe
  C:\Windows\System\OYOpKKm.exe
  2⤵
  PID:7732
- C:\Windows\System\WrBnyIV.exe
  C:\Windows\System\WrBnyIV.exe
  2⤵
  PID:7760
- C:\Windows\System\jfgXQWm.exe
  C:\Windows\System\jfgXQWm.exe
  2⤵
  PID:7780
- C:\Windows\System\TWbeTvS.exe
  C:\Windows\System\TWbeTvS.exe
  2⤵
  PID:7808
- C:\Windows\System\Mjlewtb.exe
  C:\Windows\System\Mjlewtb.exe
  2⤵
  PID:7844
- C:\Windows\System\VOAfzig.exe
  C:\Windows\System\VOAfzig.exe
  2⤵
  PID:7868
- C:\Windows\System\WutPYdp.exe
  C:\Windows\System\WutPYdp.exe
  2⤵
  PID:7892
- C:\Windows\System\AIFxmsj.exe
  C:\Windows\System\AIFxmsj.exe
  2⤵
  PID:7932
- C:\Windows\System\KFURkYi.exe
  C:\Windows\System\KFURkYi.exe
  2⤵
  PID:7960
- C:\Windows\System\NcnHupy.exe
  C:\Windows\System\NcnHupy.exe
  2⤵
  PID:7988
- C:\Windows\System\wXufKsX.exe
  C:\Windows\System\wXufKsX.exe
  2⤵
  PID:8016
- C:\Windows\System\kwnYFdz.exe
  C:\Windows\System\kwnYFdz.exe
  2⤵
  PID:8044
- C:\Windows\System\KcaiSoe.exe
  C:\Windows\System\KcaiSoe.exe
  2⤵
  PID:8068
- C:\Windows\System\CsJjnAR.exe
  C:\Windows\System\CsJjnAR.exe
  2⤵
  PID:8092
- C:\Windows\System\CtcSJtg.exe
  C:\Windows\System\CtcSJtg.exe
  2⤵
  PID:8128
- C:\Windows\System\hBvVWeI.exe
  C:\Windows\System\hBvVWeI.exe
  2⤵
  PID:8156
- C:\Windows\System\tNUyCKP.exe
  C:\Windows\System\tNUyCKP.exe
  2⤵
  PID:8184
- C:\Windows\System\QEPdvxL.exe
  C:\Windows\System\QEPdvxL.exe
  2⤵
  PID:7208
- C:\Windows\System\oBwpngF.exe
  C:\Windows\System\oBwpngF.exe
  2⤵
  PID:7288
- C:\Windows\System\mTzpSzo.exe
  C:\Windows\System\mTzpSzo.exe
  2⤵
  PID:7348
- C:\Windows\System\TPRqdVk.exe
  C:\Windows\System\TPRqdVk.exe
  2⤵
  PID:7392
- C:\Windows\System\rODdSkH.exe
  C:\Windows\System\rODdSkH.exe
  2⤵
  PID:7476
- C:\Windows\System\zXkTqOs.exe
  C:\Windows\System\zXkTqOs.exe
  2⤵
  PID:7536
- C:\Windows\System\xSItBRn.exe
  C:\Windows\System\xSItBRn.exe
  2⤵
  PID:7612
- C:\Windows\System\nujpCro.exe
  C:\Windows\System\nujpCro.exe
  2⤵
  PID:7680
- C:\Windows\System\hZEWaFC.exe
  C:\Windows\System\hZEWaFC.exe
  2⤵
  PID:7716
- C:\Windows\System\nqbJUUR.exe
  C:\Windows\System\nqbJUUR.exe
  2⤵
  PID:7776
- C:\Windows\System\bSQJMDK.exe
  C:\Windows\System\bSQJMDK.exe
  2⤵
  PID:7836
- C:\Windows\System\nlUKxTM.exe
  C:\Windows\System\nlUKxTM.exe
  2⤵
  PID:7904
- C:\Windows\System\uIFqHbD.exe
  C:\Windows\System\uIFqHbD.exe
  2⤵
  PID:7956
- C:\Windows\System\jPDPgsc.exe
  C:\Windows\System\jPDPgsc.exe
  2⤵
  PID:8012
- C:\Windows\System\TnYlZAN.exe
  C:\Windows\System\TnYlZAN.exe
  2⤵
  PID:8084
- C:\Windows\System\gWbCdEh.exe
  C:\Windows\System\gWbCdEh.exe
  2⤵
  PID:8168
- C:\Windows\System\JgeEoiy.exe
  C:\Windows\System\JgeEoiy.exe
  2⤵
  PID:7308
- C:\Windows\System\DZWfdrR.exe
  C:\Windows\System\DZWfdrR.exe
  2⤵
  PID:7424
- C:\Windows\System\dKlMWij.exe
  C:\Windows\System\dKlMWij.exe
  2⤵
  PID:7580
- C:\Windows\System\CMCfavs.exe
  C:\Windows\System\CMCfavs.exe
  2⤵
  PID:7748
- C:\Windows\System\wiazzyR.exe
  C:\Windows\System\wiazzyR.exe
  2⤵
  PID:7916
- C:\Windows\System\XyyWrPX.exe
  C:\Windows\System\XyyWrPX.exe
  2⤵
  PID:8000
- C:\Windows\System\MPIrSdx.exe
  C:\Windows\System\MPIrSdx.exe
  2⤵
  PID:7204
- C:\Windows\System\TRrWUcq.exe
  C:\Windows\System\TRrWUcq.exe
  2⤵
  PID:7396
- C:\Windows\System\ZQbjsAi.exe
  C:\Windows\System\ZQbjsAi.exe
  2⤵
  PID:8008
- C:\Windows\System\YEZpxEI.exe
  C:\Windows\System\YEZpxEI.exe
  2⤵
  PID:7756
- C:\Windows\System\fPKDUYl.exe
  C:\Windows\System\fPKDUYl.exe
  2⤵
  PID:8140
- C:\Windows\System\XOkoPLi.exe
  C:\Windows\System\XOkoPLi.exe
  2⤵
  PID:8216
- C:\Windows\System\UOWLIaz.exe
  C:\Windows\System\UOWLIaz.exe
  2⤵
  PID:8240
- C:\Windows\System\AlySwme.exe
  C:\Windows\System\AlySwme.exe
  2⤵
  PID:8264
- C:\Windows\System\ByCYsOQ.exe
  C:\Windows\System\ByCYsOQ.exe
  2⤵
  PID:8284
- C:\Windows\System\wPrkpMp.exe
  C:\Windows\System\wPrkpMp.exe
  2⤵
  PID:8312
- C:\Windows\System\PTFUbae.exe
  C:\Windows\System\PTFUbae.exe
  2⤵
  PID:8352
- C:\Windows\System\DiKLCFP.exe
  C:\Windows\System\DiKLCFP.exe
  2⤵
  PID:8384
- C:\Windows\System\YSzoyFb.exe
  C:\Windows\System\YSzoyFb.exe
  2⤵
  PID:8412
- C:\Windows\System\nHIXYUe.exe
  C:\Windows\System\nHIXYUe.exe
  2⤵
  PID:8428
- C:\Windows\System\lGpLHBH.exe
  C:\Windows\System\lGpLHBH.exe
  2⤵
  PID:8460
- C:\Windows\System\yVisFUr.exe
  C:\Windows\System\yVisFUr.exe
  2⤵
  PID:8488
- C:\Windows\System\gvPlUXK.exe
  C:\Windows\System\gvPlUXK.exe
  2⤵
  PID:8508
- C:\Windows\System\qWQtldO.exe
  C:\Windows\System\qWQtldO.exe
  2⤵
  PID:8544
- C:\Windows\System\bARTRKz.exe
  C:\Windows\System\bARTRKz.exe
  2⤵
  PID:8572
- C:\Windows\System\ZOoYrkE.exe
  C:\Windows\System\ZOoYrkE.exe
  2⤵
  PID:8608
- C:\Windows\System\kwoGDvd.exe
  C:\Windows\System\kwoGDvd.exe
  2⤵
  PID:8632
- C:\Windows\System\EiFPQOT.exe
  C:\Windows\System\EiFPQOT.exe
  2⤵
  PID:8656
- C:\Windows\System\luTLHWi.exe
  C:\Windows\System\luTLHWi.exe
  2⤵
  PID:8676
- C:\Windows\System\vsOgAHQ.exe
  C:\Windows\System\vsOgAHQ.exe
  2⤵
  PID:8712
- C:\Windows\System\rSHYGIT.exe
  C:\Windows\System\rSHYGIT.exe
  2⤵
  PID:8728
- C:\Windows\System\QqTEgJw.exe
  C:\Windows\System\QqTEgJw.exe
  2⤵
  PID:8760
- C:\Windows\System\iLOIRBu.exe
  C:\Windows\System\iLOIRBu.exe
  2⤵
  PID:8804
- C:\Windows\System\CShivFR.exe
  C:\Windows\System\CShivFR.exe
  2⤵
  PID:8828
- C:\Windows\System\vUtGlId.exe
  C:\Windows\System\vUtGlId.exe
  2⤵
  PID:8864
- C:\Windows\System\YKiTFOi.exe
  C:\Windows\System\YKiTFOi.exe
  2⤵
  PID:8896
- C:\Windows\System\AOObhPo.exe
  C:\Windows\System\AOObhPo.exe
  2⤵
  PID:8916
- C:\Windows\System\wAGvnGU.exe
  C:\Windows\System\wAGvnGU.exe
  2⤵
  PID:8940
- C:\Windows\System\IdpdVBG.exe
  C:\Windows\System\IdpdVBG.exe
  2⤵
  PID:8960
- C:\Windows\System\aZVnGSF.exe
  C:\Windows\System\aZVnGSF.exe
  2⤵
  PID:8984
- C:\Windows\System\hegjXdD.exe
  C:\Windows\System\hegjXdD.exe
  2⤵
  PID:9012
- C:\Windows\System\hcIGNPz.exe
  C:\Windows\System\hcIGNPz.exe
  2⤵
  PID:9048
- C:\Windows\System\bswkwEt.exe
  C:\Windows\System\bswkwEt.exe
  2⤵
  PID:9080
- C:\Windows\System\PNHHDtn.exe
  C:\Windows\System\PNHHDtn.exe
  2⤵
  PID:9112
- C:\Windows\System\OqgdBgR.exe
  C:\Windows\System\OqgdBgR.exe
  2⤵
  PID:9140
- C:\Windows\System\PUiRyZg.exe
  C:\Windows\System\PUiRyZg.exe
  2⤵
  PID:9176
- C:\Windows\System\XwPwSuY.exe
  C:\Windows\System\XwPwSuY.exe
  2⤵
  PID:9204
- C:\Windows\System\UAriJQZ.exe
  C:\Windows\System\UAriJQZ.exe
  2⤵
  PID:8200
- C:\Windows\System\JCNMYbr.exe
  C:\Windows\System\JCNMYbr.exe
  2⤵
  PID:8252
- C:\Windows\System\fwvhDdh.exe
  C:\Windows\System\fwvhDdh.exe
  2⤵
  PID:8296
- C:\Windows\System\rHnHZsC.exe
  C:\Windows\System\rHnHZsC.exe
  2⤵
  PID:8344
- C:\Windows\System\ivXEmyk.exe
  C:\Windows\System\ivXEmyk.exe
  2⤵
  PID:8424
- C:\Windows\System\dMqPEyv.exe
  C:\Windows\System\dMqPEyv.exe
  2⤵
  PID:8536
- C:\Windows\System\jzkuPdS.exe
  C:\Windows\System\jzkuPdS.exe
  2⤵
  PID:8580
- C:\Windows\System\acXMPyS.exe
  C:\Windows\System\acXMPyS.exe
  2⤵
  PID:8628
- C:\Windows\System\QiGncER.exe
  C:\Windows\System\QiGncER.exe
  2⤵
  PID:8696
- C:\Windows\System\EzqrLFI.exe
  C:\Windows\System\EzqrLFI.exe
  2⤵
  PID:8784
- C:\Windows\System\KIDYJZz.exe
  C:\Windows\System\KIDYJZz.exe
  2⤵
  PID:8852
- C:\Windows\System\XhQIZQA.exe
  C:\Windows\System\XhQIZQA.exe
  2⤵
  PID:8932
- C:\Windows\System\jycyxim.exe
  C:\Windows\System\jycyxim.exe
  2⤵
  PID:8968
- C:\Windows\System\sEQaoDj.exe
  C:\Windows\System\sEQaoDj.exe
  2⤵
  PID:9036
- C:\Windows\System\TKRfsSx.exe
  C:\Windows\System\TKRfsSx.exe
  2⤵
  PID:9108
- C:\Windows\System\LFIvouq.exe
  C:\Windows\System\LFIvouq.exe
  2⤵
  PID:9200
- C:\Windows\System\mnSwRag.exe
  C:\Windows\System\mnSwRag.exe
  2⤵
  PID:8328
- C:\Windows\System\YeNbEGp.exe
  C:\Windows\System\YeNbEGp.exe
  2⤵
  PID:8440
- C:\Windows\System\FtxUwop.exe
  C:\Windows\System\FtxUwop.exe
  2⤵
  PID:7796
- C:\Windows\System\hDiScaR.exe
  C:\Windows\System\hDiScaR.exe
  2⤵
  PID:8664
- C:\Windows\System\efYEhNr.exe
  C:\Windows\System\efYEhNr.exe
  2⤵
  PID:8816
- C:\Windows\System\vxEWDDM.exe
  C:\Windows\System\vxEWDDM.exe
  2⤵
  PID:9044
- C:\Windows\System\KMoOExQ.exe
  C:\Windows\System\KMoOExQ.exe
  2⤵
  PID:9160
- C:\Windows\System\CEIVZAe.exe
  C:\Windows\System\CEIVZAe.exe
  2⤵
  PID:8280
- C:\Windows\System\xXxBuUv.exe
  C:\Windows\System\xXxBuUv.exe
  2⤵
  PID:8644
- C:\Windows\System\ZJsMXGL.exe
  C:\Windows\System\ZJsMXGL.exe
  2⤵
  PID:8996
- C:\Windows\System\RwFLWHn.exe
  C:\Windows\System\RwFLWHn.exe
  2⤵
  PID:8400
- C:\Windows\System\DzrfVdE.exe
  C:\Windows\System\DzrfVdE.exe
  2⤵
  PID:9224
- C:\Windows\System\XtyHUmK.exe
  C:\Windows\System\XtyHUmK.exe
  2⤵
  PID:9252
- C:\Windows\System\HVOPWEp.exe
  C:\Windows\System\HVOPWEp.exe
  2⤵
  PID:9280
- C:\Windows\System\JSNsdRp.exe
  C:\Windows\System\JSNsdRp.exe
  2⤵
  PID:9316
- C:\Windows\System\fcdvBeE.exe
  C:\Windows\System\fcdvBeE.exe
  2⤵
  PID:9344
- C:\Windows\System\UYlLaNm.exe
  C:\Windows\System\UYlLaNm.exe
  2⤵
  PID:9372
- C:\Windows\System\yTaNgXo.exe
  C:\Windows\System\yTaNgXo.exe
  2⤵
  PID:9396
- C:\Windows\System\YuOkWAi.exe
  C:\Windows\System\YuOkWAi.exe
  2⤵
  PID:9416
- C:\Windows\System\wkGJiBv.exe
  C:\Windows\System\wkGJiBv.exe
  2⤵
  PID:9448
- C:\Windows\System\TLKdfae.exe
  C:\Windows\System\TLKdfae.exe
  2⤵
  PID:9488
- C:\Windows\System\HTzFvPr.exe
  C:\Windows\System\HTzFvPr.exe
  2⤵
  PID:9512
- C:\Windows\System\jGyUcYP.exe
  C:\Windows\System\jGyUcYP.exe
  2⤵
  PID:9552
- C:\Windows\System\onzpmur.exe
  C:\Windows\System\onzpmur.exe
  2⤵
  PID:9568
- C:\Windows\System\orrAfzB.exe
  C:\Windows\System\orrAfzB.exe
  2⤵
  PID:9588
- C:\Windows\System\XfvhFea.exe
  C:\Windows\System\XfvhFea.exe
  2⤵
  PID:9620
- C:\Windows\System\cQnvZqa.exe
  C:\Windows\System\cQnvZqa.exe
  2⤵
  PID:9652
- C:\Windows\System\NngRmRL.exe
  C:\Windows\System\NngRmRL.exe
  2⤵
  PID:9672
- C:\Windows\System\nBrOxMI.exe
  C:\Windows\System\nBrOxMI.exe
  2⤵
  PID:9700
- C:\Windows\System\RLOVfEo.exe
  C:\Windows\System\RLOVfEo.exe
  2⤵
  PID:9732
- C:\Windows\System\PNlGQQf.exe
  C:\Windows\System\PNlGQQf.exe
  2⤵
  PID:9756
- C:\Windows\System\MvPZzVw.exe
  C:\Windows\System\MvPZzVw.exe
  2⤵
  PID:9776
- C:\Windows\System\PehysEX.exe
  C:\Windows\System\PehysEX.exe
  2⤵
  PID:9804
- C:\Windows\System\sgvatZk.exe
  C:\Windows\System\sgvatZk.exe
  2⤵
  PID:9832
- C:\Windows\System\GPEBhsn.exe
  C:\Windows\System\GPEBhsn.exe
  2⤵
  PID:9860
- C:\Windows\System\GGnDYDi.exe
  C:\Windows\System\GGnDYDi.exe
  2⤵
  PID:9900
- C:\Windows\System\hRrkjtC.exe
  C:\Windows\System\hRrkjtC.exe
  2⤵
  PID:9924
- C:\Windows\System\zArmmgD.exe
  C:\Windows\System\zArmmgD.exe
  2⤵
  PID:9984
- C:\Windows\System\NanImht.exe
  C:\Windows\System\NanImht.exe
  2⤵
  PID:10016
- C:\Windows\System\MgGxHVl.exe
  C:\Windows\System\MgGxHVl.exe
  2⤵
  PID:10044
- C:\Windows\System\qojTrtE.exe
  C:\Windows\System\qojTrtE.exe
  2⤵
  PID:10064
- C:\Windows\System\jnlIpHm.exe
  C:\Windows\System\jnlIpHm.exe
  2⤵
  PID:10092
- C:\Windows\System\iEozjhV.exe
  C:\Windows\System\iEozjhV.exe
  2⤵
  PID:10116
- C:\Windows\System\sQFBzWZ.exe
  C:\Windows\System\sQFBzWZ.exe
  2⤵
  PID:10152
- C:\Windows\System\DuakeXv.exe
  C:\Windows\System\DuakeXv.exe
  2⤵
  PID:10180
- C:\Windows\System\zSxLelZ.exe
  C:\Windows\System\zSxLelZ.exe
  2⤵
  PID:10208
- C:\Windows\System\QvXaijZ.exe
  C:\Windows\System\QvXaijZ.exe
  2⤵
  PID:10224
- C:\Windows\System\JdFzAjI.exe
  C:\Windows\System\JdFzAjI.exe
  2⤵
  PID:9072
- C:\Windows\System\UlcYsti.exe
  C:\Windows\System\UlcYsti.exe
  2⤵
  PID:9268
- C:\Windows\System\EEsENjD.exe
  C:\Windows\System\EEsENjD.exe
  2⤵
  PID:9360
- C:\Windows\System\rIATmqR.exe
  C:\Windows\System\rIATmqR.exe
  2⤵
  PID:9480
- C:\Windows\System\XALSBYl.exe
  C:\Windows\System\XALSBYl.exe
  2⤵
  PID:9504
- C:\Windows\System\TnVHMdJ.exe
  C:\Windows\System\TnVHMdJ.exe
  2⤵
  PID:9604
- C:\Windows\System\bIDlQIv.exe
  C:\Windows\System\bIDlQIv.exe
  2⤵
  PID:9640
- C:\Windows\System\KgkrEJz.exe
  C:\Windows\System\KgkrEJz.exe
  2⤵
  PID:9720
- C:\Windows\System\dYHVETl.exe
  C:\Windows\System\dYHVETl.exe
  2⤵
  PID:9728
- C:\Windows\System\IcGjCYe.exe
  C:\Windows\System\IcGjCYe.exe
  2⤵
  PID:9824
- C:\Windows\System\hSwKRHc.exe
  C:\Windows\System\hSwKRHc.exe
  2⤵
  PID:9908
- C:\Windows\System\ogeLpbN.exe
  C:\Windows\System\ogeLpbN.exe
  2⤵
  PID:9944
- C:\Windows\System\KpoUSQT.exe
  C:\Windows\System\KpoUSQT.exe
  2⤵
  PID:10032
- C:\Windows\System\VHEoqbm.exe
  C:\Windows\System\VHEoqbm.exe
  2⤵
  PID:10124
- C:\Windows\System\guoNIgX.exe
  C:\Windows\System\guoNIgX.exe
  2⤵
  PID:10140
- C:\Windows\System\uVKzIKH.exe
  C:\Windows\System\uVKzIKH.exe
  2⤵
  PID:10192
- C:\Windows\System\dNugabr.exe
  C:\Windows\System\dNugabr.exe
  2⤵
  PID:8560
- C:\Windows\System\dXzyKBi.exe
  C:\Windows\System\dXzyKBi.exe
  2⤵
  PID:9364
- C:\Windows\System\GwrkQNC.exe
  C:\Windows\System\GwrkQNC.exe
  2⤵
  PID:9632
- C:\Windows\System\zPdZtQt.exe
  C:\Windows\System\zPdZtQt.exe
  2⤵
  PID:9668
- C:\Windows\System\TLeFHAQ.exe
  C:\Windows\System\TLeFHAQ.exe
  2⤵
  PID:9888
- C:\Windows\System\JqYKRyc.exe
  C:\Windows\System\JqYKRyc.exe
  2⤵
  PID:9916
- C:\Windows\System\HyrRhbv.exe
  C:\Windows\System\HyrRhbv.exe
  2⤵
  PID:10076
- C:\Windows\System\YKNIhtK.exe
  C:\Windows\System\YKNIhtK.exe
  2⤵
  PID:9500
- C:\Windows\System\sUiuPmC.exe
  C:\Windows\System\sUiuPmC.exe
  2⤵
  PID:9788
- C:\Windows\System\cWwDGJs.exe
  C:\Windows\System\cWwDGJs.exe
  2⤵
  PID:9404
- C:\Windows\System\FjweLJL.exe
  C:\Windows\System\FjweLJL.exe
  2⤵
  PID:9576
- C:\Windows\System\vjwUxlG.exe
  C:\Windows\System\vjwUxlG.exe
  2⤵
  PID:10248
- C:\Windows\System\NHoJSAZ.exe
  C:\Windows\System\NHoJSAZ.exe
  2⤵
  PID:10284
- C:\Windows\System\OAPnvIc.exe
  C:\Windows\System\OAPnvIc.exe
  2⤵
  PID:10320
- C:\Windows\System\mCriufS.exe
  C:\Windows\System\mCriufS.exe
  2⤵
  PID:10348
- C:\Windows\System\lfUbCyl.exe
  C:\Windows\System\lfUbCyl.exe
  2⤵
  PID:10364
- C:\Windows\System\BchhBTD.exe
  C:\Windows\System\BchhBTD.exe
  2⤵
  PID:10404
- C:\Windows\System\IoMpmjH.exe
  C:\Windows\System\IoMpmjH.exe
  2⤵
  PID:10420
- C:\Windows\System\NviMVng.exe
  C:\Windows\System\NviMVng.exe
  2⤵
  PID:10456
- C:\Windows\System\rngkkrM.exe
  C:\Windows\System\rngkkrM.exe
  2⤵
  PID:10488
- C:\Windows\System\rXcjiQx.exe
  C:\Windows\System\rXcjiQx.exe
  2⤵
  PID:10516
- C:\Windows\System\aLEVHyF.exe
  C:\Windows\System\aLEVHyF.exe
  2⤵
  PID:10548
- C:\Windows\System\FTWHcVL.exe
  C:\Windows\System\FTWHcVL.exe
  2⤵
  PID:10576
- C:\Windows\System\rzWdsmM.exe
  C:\Windows\System\rzWdsmM.exe
  2⤵
  PID:10608
- C:\Windows\System\hUwcOdc.exe
  C:\Windows\System\hUwcOdc.exe
  2⤵
  PID:10636
- C:\Windows\System\HTQyQWI.exe
  C:\Windows\System\HTQyQWI.exe
  2⤵
  PID:10668
- C:\Windows\System\ehRwZxX.exe
  C:\Windows\System\ehRwZxX.exe
  2⤵
  PID:10696
- C:\Windows\System\TzAxWIc.exe
  C:\Windows\System\TzAxWIc.exe
  2⤵
  PID:10712
- C:\Windows\System\WSLyBCj.exe
  C:\Windows\System\WSLyBCj.exe
  2⤵
  PID:10748
- C:\Windows\System\NAkCawS.exe
  C:\Windows\System\NAkCawS.exe
  2⤵
  PID:10768
- C:\Windows\System\XZXumPJ.exe
  C:\Windows\System\XZXumPJ.exe
  2⤵
  PID:10800
- C:\Windows\System\tWISUfg.exe
  C:\Windows\System\tWISUfg.exe
  2⤵
  PID:10836
- C:\Windows\System\hWweWXc.exe
  C:\Windows\System\hWweWXc.exe
  2⤵
  PID:10860
- C:\Windows\System\GtdrfXx.exe
  C:\Windows\System\GtdrfXx.exe
  2⤵
  PID:10876
- C:\Windows\System\dMjFerc.exe
  C:\Windows\System\dMjFerc.exe
  2⤵
  PID:10900
- C:\Windows\System\TehPpeV.exe
  C:\Windows\System\TehPpeV.exe
  2⤵
  PID:10936
- C:\Windows\System\gddhfsU.exe
  C:\Windows\System\gddhfsU.exe
  2⤵
  PID:10968
- C:\Windows\System\alwjBzw.exe
  C:\Windows\System\alwjBzw.exe
  2⤵
  PID:10996
- C:\Windows\System\XgoERNe.exe
  C:\Windows\System\XgoERNe.exe
  2⤵
  PID:11024
- C:\Windows\System\REAuCKU.exe
  C:\Windows\System\REAuCKU.exe
  2⤵
  PID:11056
- C:\Windows\System\JFFMQyb.exe
  C:\Windows\System\JFFMQyb.exe
  2⤵
  PID:11076
- C:\Windows\System\TRvzCML.exe
  C:\Windows\System\TRvzCML.exe
  2⤵
  PID:11100
- C:\Windows\System\fVmaPHS.exe
  C:\Windows\System\fVmaPHS.exe
  2⤵
  PID:11132
- C:\Windows\System\YylUQMs.exe
  C:\Windows\System\YylUQMs.exe
  2⤵
  PID:11148
- C:\Windows\System\ToZbnSC.exe
  C:\Windows\System\ToZbnSC.exe
  2⤵
  PID:11192
- C:\Windows\System\tDBzMMj.exe
  C:\Windows\System\tDBzMMj.exe
  2⤵
  PID:11212
- C:\Windows\System\hpXrSis.exe
  C:\Windows\System\hpXrSis.exe
  2⤵
  PID:11248
- C:\Windows\System\TuUQYKJ.exe
  C:\Windows\System\TuUQYKJ.exe
  2⤵
  PID:10244
- C:\Windows\System\UdcERAL.exe
  C:\Windows\System\UdcERAL.exe
  2⤵
  PID:10268
- C:\Windows\System\lHWitDH.exe
  C:\Windows\System\lHWitDH.exe
  2⤵
  PID:10388
- C:\Windows\System\VjyRCaF.exe
  C:\Windows\System\VjyRCaF.exe
  2⤵
  PID:10464
- C:\Windows\System\YnCZPTF.exe
  C:\Windows\System\YnCZPTF.exe
  2⤵
  PID:10528
- C:\Windows\System\FYHDuKJ.exe
  C:\Windows\System\FYHDuKJ.exe
  2⤵
  PID:10600
- C:\Windows\System\zYDjeWd.exe
  C:\Windows\System\zYDjeWd.exe
  2⤵
  PID:10664
- C:\Windows\System\ajNajmL.exe
  C:\Windows\System\ajNajmL.exe
  2⤵
  PID:10756
- C:\Windows\System\bhMgekV.exe
  C:\Windows\System\bhMgekV.exe
  2⤵
  PID:10828
- C:\Windows\System\kHquAcj.exe
  C:\Windows\System\kHquAcj.exe
  2⤵
  PID:10872
- C:\Windows\System\KczneNr.exe
  C:\Windows\System\KczneNr.exe
  2⤵
  PID:10896
- C:\Windows\System\WFtqYne.exe
  C:\Windows\System\WFtqYne.exe
  2⤵
  PID:10924
- C:\Windows\System\ETlgjcn.exe
  C:\Windows\System\ETlgjcn.exe
  2⤵
  PID:11004
- C:\Windows\System\YIPZceg.exe
  C:\Windows\System\YIPZceg.exe
  2⤵
  PID:11092
- C:\Windows\System\aMDjoOP.exe
  C:\Windows\System\aMDjoOP.exe
  2⤵
  PID:11176
- C:\Windows\System\gqtfmJm.exe
  C:\Windows\System\gqtfmJm.exe
  2⤵
  PID:11228
- C:\Windows\System\QUbNtAW.exe
  C:\Windows\System\QUbNtAW.exe
  2⤵
  PID:10332
- C:\Windows\System\uyeIHVL.exe
  C:\Windows\System\uyeIHVL.exe
  2⤵
  PID:10504
- C:\Windows\System\xgKyfQr.exe
  C:\Windows\System\xgKyfQr.exe
  2⤵
  PID:10644
- C:\Windows\System\qHhhNGh.exe
  C:\Windows\System\qHhhNGh.exe
  2⤵
  PID:10780
- C:\Windows\System\KsCwRFx.exe
  C:\Windows\System\KsCwRFx.exe
  2⤵
  PID:10912
- C:\Windows\System\gQxOjIW.exe
  C:\Windows\System\gQxOjIW.exe
  2⤵
  PID:11140
- C:\Windows\System\zFpCatP.exe
  C:\Windows\System\zFpCatP.exe
  2⤵
  PID:11260
- C:\Windows\System\ztLWigi.exe
  C:\Windows\System\ztLWigi.exe
  2⤵
  PID:10624
- C:\Windows\System\NslnncF.exe
  C:\Windows\System\NslnncF.exe
  2⤵
  PID:11124
- C:\Windows\System\fGmHDxf.exe
  C:\Windows\System\fGmHDxf.exe
  2⤵
  PID:10304
- C:\Windows\System\kItYgJN.exe
  C:\Windows\System\kItYgJN.exe
  2⤵
  PID:11112
- C:\Windows\System\eNNpEmE.exe
  C:\Windows\System\eNNpEmE.exe
  2⤵
  PID:11288
- C:\Windows\System\eEEcvgc.exe
  C:\Windows\System\eEEcvgc.exe
  2⤵
  PID:11324
- C:\Windows\System\qAZXVNv.exe
  C:\Windows\System\qAZXVNv.exe
  2⤵
  PID:11348
- C:\Windows\System\sLsYaPU.exe
  C:\Windows\System\sLsYaPU.exe
  2⤵
  PID:11368
- C:\Windows\System\KmjkpBf.exe
  C:\Windows\System\KmjkpBf.exe
  2⤵
  PID:11396
- C:\Windows\System\LwzvotL.exe
  C:\Windows\System\LwzvotL.exe
  2⤵
  PID:11416
- C:\Windows\System\Mrzqncu.exe
  C:\Windows\System\Mrzqncu.exe
  2⤵
  PID:11436
- C:\Windows\System\tmpXYpU.exe
  C:\Windows\System\tmpXYpU.exe
  2⤵
  PID:11472
- C:\Windows\System\ikCIDMV.exe
  C:\Windows\System\ikCIDMV.exe
  2⤵
  PID:11504
- C:\Windows\System\qLHrkmp.exe
  C:\Windows\System\qLHrkmp.exe
  2⤵
  PID:11536
- C:\Windows\System\NRhODxB.exe
  C:\Windows\System\NRhODxB.exe
  2⤵
  PID:11572
- C:\Windows\System\DMxZksV.exe
  C:\Windows\System\DMxZksV.exe
  2⤵
  PID:11604
- C:\Windows\System\tcDTNnG.exe
  C:\Windows\System\tcDTNnG.exe
  2⤵
  PID:11624
- C:\Windows\System\igujkNv.exe
  C:\Windows\System\igujkNv.exe
  2⤵
  PID:11648
- C:\Windows\System\qAoyVMo.exe
  C:\Windows\System\qAoyVMo.exe
  2⤵
  PID:11672
- C:\Windows\System\nQrfbRG.exe
  C:\Windows\System\nQrfbRG.exe
  2⤵
  PID:11704
- C:\Windows\System\sYGkeCC.exe
  C:\Windows\System\sYGkeCC.exe
  2⤵
  PID:11732
- C:\Windows\System\HYSaStl.exe
  C:\Windows\System\HYSaStl.exe
  2⤵
  PID:11760
- C:\Windows\System\ImDEuoR.exe
  C:\Windows\System\ImDEuoR.exe
  2⤵
  PID:11788
- C:\Windows\System\RjlocGS.exe
  C:\Windows\System\RjlocGS.exe
  2⤵
  PID:11820
- C:\Windows\System\huSiEue.exe
  C:\Windows\System\huSiEue.exe
  2⤵
  PID:11844
- C:\Windows\System\CbHqZEG.exe
  C:\Windows\System\CbHqZEG.exe
  2⤵
  PID:11872
- C:\Windows\System\cDeqMBU.exe
  C:\Windows\System\cDeqMBU.exe
  2⤵
  PID:11904
- C:\Windows\System\mZCPFqq.exe
  C:\Windows\System\mZCPFqq.exe
  2⤵
  PID:11932
- C:\Windows\System\xxfZPvy.exe
  C:\Windows\System\xxfZPvy.exe
  2⤵
  PID:11968
- C:\Windows\System\oMgsEyG.exe
  C:\Windows\System\oMgsEyG.exe
  2⤵
  PID:11996
- C:\Windows\System\YArkTns.exe
  C:\Windows\System\YArkTns.exe
  2⤵
  PID:12016
- C:\Windows\System\ZYYbIrr.exe
  C:\Windows\System\ZYYbIrr.exe
  2⤵
  PID:12048
- C:\Windows\System\LygtESc.exe
  C:\Windows\System\LygtESc.exe
  2⤵
  PID:12084
- C:\Windows\System\LKoSCOp.exe
  C:\Windows\System\LKoSCOp.exe
  2⤵
  PID:12116
- C:\Windows\System\Lwhygot.exe
  C:\Windows\System\Lwhygot.exe
  2⤵
  PID:12136
- C:\Windows\System\lsluMyd.exe
  C:\Windows\System\lsluMyd.exe
  2⤵
  PID:12164
- C:\Windows\System\GPeaSqg.exe
  C:\Windows\System\GPeaSqg.exe
  2⤵
  PID:12184
- C:\Windows\System\viAMbLG.exe
  C:\Windows\System\viAMbLG.exe
  2⤵
  PID:12208
- C:\Windows\System\KpeCPJR.exe
  C:\Windows\System\KpeCPJR.exe
  2⤵
  PID:12232
- C:\Windows\System\mIYTTyi.exe
  C:\Windows\System\mIYTTyi.exe
  2⤵
  PID:12248
- C:\Windows\System\DlnPQGb.exe
  C:\Windows\System\DlnPQGb.exe
  2⤵
  PID:10532
- C:\Windows\System\NlZKWMW.exe
  C:\Windows\System\NlZKWMW.exe
  2⤵
  PID:11320
- C:\Windows\System\nWNZUoi.exe
  C:\Windows\System\nWNZUoi.exe
  2⤵
  PID:11380
- C:\Windows\System\KwSrUtP.exe
  C:\Windows\System\KwSrUtP.exe
  2⤵
  PID:11384
- C:\Windows\System\WKogxOB.exe
  C:\Windows\System\WKogxOB.exe
  2⤵
  PID:3700
- C:\Windows\System\tUCuDsI.exe
  C:\Windows\System\tUCuDsI.exe
  2⤵
  PID:11496
- C:\Windows\System\WlikvxA.exe
  C:\Windows\System\WlikvxA.exe
  2⤵
  PID:11568
- C:\Windows\System\mAkcFhK.exe
  C:\Windows\System\mAkcFhK.exe
  2⤵
  PID:11644
- C:\Windows\System\SnhOBAK.exe
  C:\Windows\System\SnhOBAK.exe
  2⤵
  PID:11724
- C:\Windows\System\rGvHpNV.exe
  C:\Windows\System\rGvHpNV.exe
  2⤵
  PID:11800
- C:\Windows\System\LPGSixJ.exe
  C:\Windows\System\LPGSixJ.exe
  2⤵
  PID:11856
- C:\Windows\System\UPLxoGz.exe
  C:\Windows\System\UPLxoGz.exe
  2⤵
  PID:11960
- C:\Windows\System\UAqyzNB.exe
  C:\Windows\System\UAqyzNB.exe
  2⤵
  PID:12028
- C:\Windows\System\sTjtMiv.exe
  C:\Windows\System\sTjtMiv.exe
  2⤵
  PID:12068
- C:\Windows\System\kEKjade.exe
  C:\Windows\System\kEKjade.exe
  2⤵
  PID:12128
- C:\Windows\System\OBODrna.exe
  C:\Windows\System\OBODrna.exe
  2⤵
  PID:12192
- C:\Windows\System\IkhZjmN.exe
  C:\Windows\System\IkhZjmN.exe
  2⤵
  PID:12256
- C:\Windows\System\srLcCYo.exe
  C:\Windows\System\srLcCYo.exe
  2⤵
  PID:1976
- C:\Windows\System\piUUOPj.exe
  C:\Windows\System\piUUOPj.exe
  2⤵
  PID:11284
- C:\Windows\System\dTSqKDx.exe
  C:\Windows\System\dTSqKDx.exe
  2⤵
  PID:11696
- C:\Windows\System\dWDQPle.exe
  C:\Windows\System\dWDQPle.exe
  2⤵
  PID:11812
- C:\Windows\System\VOxnEvA.exe
  C:\Windows\System\VOxnEvA.exe
  2⤵
  PID:11924
- C:\Windows\System\AINgUGk.exe
  C:\Windows\System\AINgUGk.exe
  2⤵
  PID:12044
- C:\Windows\System\LdpGjRT.exe
  C:\Windows\System\LdpGjRT.exe
  2⤵
  PID:12264
- C:\Windows\System\ESuvWew.exe
  C:\Windows\System\ESuvWew.exe
  2⤵
  PID:11548
- C:\Windows\System\BqlXqoW.exe
  C:\Windows\System\BqlXqoW.exe
  2⤵
  PID:11640
- C:\Windows\System\TSrSeFP.exe
  C:\Windows\System\TSrSeFP.exe
  2⤵
  PID:11920
- C:\Windows\System\wYYMVap.exe
  C:\Windows\System\wYYMVap.exe
  2⤵
  PID:11464
- C:\Windows\System\vfgZBej.exe
  C:\Windows\System\vfgZBej.exe
  2⤵
  PID:12308
- C:\Windows\System\xXKzMTq.exe
  C:\Windows\System\xXKzMTq.exe
  2⤵
  PID:12344
- C:\Windows\System\asBzjRa.exe
  C:\Windows\System\asBzjRa.exe
  2⤵
  PID:12384
- C:\Windows\System\cKZmNlx.exe
  C:\Windows\System\cKZmNlx.exe
  2⤵
  PID:12400
- C:\Windows\System\LrXBvww.exe
  C:\Windows\System\LrXBvww.exe
  2⤵
  PID:12424
- C:\Windows\System\oiFNnRT.exe
  C:\Windows\System\oiFNnRT.exe
  2⤵
  PID:12444
- C:\Windows\System\UrbGAhd.exe
  C:\Windows\System\UrbGAhd.exe
  2⤵
  PID:12472
- C:\Windows\System\PKcbdvc.exe
  C:\Windows\System\PKcbdvc.exe
  2⤵
  PID:12500
- C:\Windows\System\lYitCsX.exe
  C:\Windows\System\lYitCsX.exe
  2⤵
  PID:12524
- C:\Windows\System\ZtLqztu.exe
  C:\Windows\System\ZtLqztu.exe
  2⤵
  PID:12552
- C:\Windows\System\BkyaRni.exe
  C:\Windows\System\BkyaRni.exe
  2⤵
  PID:12572
- C:\Windows\System\DIirNpr.exe
  C:\Windows\System\DIirNpr.exe
  2⤵
  PID:12592
- C:\Windows\System\lEyOsdJ.exe
  C:\Windows\System\lEyOsdJ.exe
  2⤵
  PID:12620
- C:\Windows\System\TdtfVfM.exe
  C:\Windows\System\TdtfVfM.exe
  2⤵
  PID:12648
- C:\Windows\System\ghAgqnw.exe
  C:\Windows\System\ghAgqnw.exe
  2⤵
  PID:12676
- C:\Windows\System\PIrXFYA.exe
  C:\Windows\System\PIrXFYA.exe
  2⤵
  PID:12712
- C:\Windows\System\sHeFnBW.exe
  C:\Windows\System\sHeFnBW.exe
  2⤵
  PID:12752
- C:\Windows\System\vnyygHu.exe
  C:\Windows\System\vnyygHu.exe
  2⤵
  PID:12780
- C:\Windows\System\WxNDWtw.exe
  C:\Windows\System\WxNDWtw.exe
  2⤵
  PID:12812
- C:\Windows\System\tyemjOo.exe
  C:\Windows\System\tyemjOo.exe
  2⤵
  PID:12848
- C:\Windows\System\gCCFEIj.exe
  C:\Windows\System\gCCFEIj.exe
  2⤵
  PID:12876
- C:\Windows\System\KZdonoq.exe
  C:\Windows\System\KZdonoq.exe
  2⤵
  PID:12912
- C:\Windows\System\ayepVDb.exe
  C:\Windows\System\ayepVDb.exe
  2⤵
  PID:12940
- C:\Windows\System\XXNrmJf.exe
  C:\Windows\System\XXNrmJf.exe
  2⤵
  PID:12972
- C:\Windows\System\HpmqxBt.exe
  C:\Windows\System\HpmqxBt.exe
  2⤵
  PID:12996
- C:\Windows\System\lDgtmlv.exe
  C:\Windows\System\lDgtmlv.exe
  2⤵
  PID:13020
- C:\Windows\System\zqwMgMy.exe
  C:\Windows\System\zqwMgMy.exe
  2⤵
  PID:13044
- C:\Windows\System\GQIwQgt.exe
  C:\Windows\System\GQIwQgt.exe
  2⤵
  PID:13068
- C:\Windows\System\cmFZEDa.exe
  C:\Windows\System\cmFZEDa.exe
  2⤵
  PID:13096
- C:\Windows\System\fwMSXfz.exe
  C:\Windows\System\fwMSXfz.exe
  2⤵
  PID:13136
- C:\Windows\System\NhPDehz.exe
  C:\Windows\System\NhPDehz.exe
  2⤵
  PID:13164
- C:\Windows\System\MhJERNH.exe
  C:\Windows\System\MhJERNH.exe
  2⤵
  PID:13192
- C:\Windows\System\UNBmqHc.exe
  C:\Windows\System\UNBmqHc.exe
  2⤵
  PID:13220
- C:\Windows\System\LgtDxeE.exe
  C:\Windows\System\LgtDxeE.exe
  2⤵
  PID:13260
- C:\Windows\System\rdNWglO.exe
  C:\Windows\System\rdNWglO.exe
  2⤵
  PID:13288
- C:\Windows\System\mWXcTrC.exe
  C:\Windows\System\mWXcTrC.exe
  2⤵
  PID:12100
- C:\Windows\System\iYwaJjK.exe
  C:\Windows\System\iYwaJjK.exe
  2⤵
  PID:12324
- C:\Windows\System\ZlpiJMo.exe
  C:\Windows\System\ZlpiJMo.exe
  2⤵
  PID:12352
- C:\Windows\System\jmYRqtA.exe
  C:\Windows\System\jmYRqtA.exe
  2⤵
  PID:12416
- C:\Windows\System\czDPOLr.exe
  C:\Windows\System\czDPOLr.exe
  2⤵
  PID:12460
- C:\Windows\System\VQNzoFf.exe
  C:\Windows\System\VQNzoFf.exe
  2⤵
  PID:12568
- C:\Windows\System\jDDeJFD.exe
  C:\Windows\System\jDDeJFD.exe
  2⤵
  PID:12580
- C:\Windows\System\quNaVDU.exe
  C:\Windows\System\quNaVDU.exe
  2⤵
  PID:12700
- C:\Windows\System\DhJuBaI.exe
  C:\Windows\System\DhJuBaI.exe
  2⤵
  PID:12776
- C:\Windows\System\Gumdeqd.exe
  C:\Windows\System\Gumdeqd.exe
  2⤵
  PID:12832
- C:\Windows\System\tvebkMe.exe
  C:\Windows\System\tvebkMe.exe
  2⤵
  PID:12936
- C:\Windows\System\guzJTKL.exe
  C:\Windows\System\guzJTKL.exe
  2⤵
  PID:12960
- C:\Windows\System\WTXTNLX.exe
  C:\Windows\System\WTXTNLX.exe
  2⤵
  PID:13008
- C:\Windows\System\efjAXJe.exe
  C:\Windows\System\efjAXJe.exe
  2⤵
  PID:13060
- C:\Windows\System\paWsjEs.exe
  C:\Windows\System\paWsjEs.exe
  2⤵
  PID:13120
- C:\Windows\System\OjZaaXO.exe
  C:\Windows\System\OjZaaXO.exe
  2⤵
  PID:13188
- C:\Windows\System\FygQCuy.exe
  C:\Windows\System\FygQCuy.exe
  2⤵
  PID:13280
- C:\Windows\System\pYuOCWY.exe
  C:\Windows\System\pYuOCWY.exe
  2⤵
  PID:12332
- C:\Windows\System\bbERwvD.exe
  C:\Windows\System\bbERwvD.exe
  2⤵
  PID:12536
- C:\Windows\System\oBTiwFa.exe
  C:\Windows\System\oBTiwFa.exe
  2⤵
  PID:12688
- C:\Windows\System\yxoNweC.exe
  C:\Windows\System\yxoNweC.exe
  2⤵
  PID:12888
- C:\Windows\System\HUgYNqL.exe
  C:\Windows\System\HUgYNqL.exe
  2⤵
  PID:12984
- C:\Windows\System\lTqdhYL.exe
  C:\Windows\System\lTqdhYL.exe
  2⤵
  PID:13084
- C:\Windows\System\KtgKtqp.exe
  C:\Windows\System\KtgKtqp.exe
  2⤵
  PID:13240
- C:\Windows\System\mJAIRkx.exe
  C:\Windows\System\mJAIRkx.exe
  2⤵
  PID:12396
- C:\Windows\System\tFuboPa.exe
  C:\Windows\System\tFuboPa.exe
  2⤵
  PID:12904
- C:\Windows\System\LEBopvp.exe
  C:\Windows\System\LEBopvp.exe
  2⤵
  PID:12548
- C:\Windows\System\wgCBHwS.exe
  C:\Windows\System\wgCBHwS.exe
  2⤵
  PID:13056
- C:\Windows\System\JiwwBDw.exe
  C:\Windows\System\JiwwBDw.exe
  2⤵
  PID:3996
- C:\Windows\System\OlIODUT.exe
  C:\Windows\System\OlIODUT.exe
  2⤵
  PID:13088
- C:\Windows\System\dEJObmH.exe
  C:\Windows\System\dEJObmH.exe
  2⤵
  PID:13324
- C:\Windows\System\odsvLmA.exe
  C:\Windows\System\odsvLmA.exe
  2⤵
  PID:13352
- C:\Windows\System\rmuSthg.exe
  C:\Windows\System\rmuSthg.exe
  2⤵
  PID:13380
- C:\Windows\System\kfiujTB.exe
  C:\Windows\System\kfiujTB.exe
  2⤵
  PID:13400
- C:\Windows\System\onzvGhY.exe
  C:\Windows\System\onzvGhY.exe
  2⤵
  PID:13440
- C:\Windows\System\MawpkSr.exe
  C:\Windows\System\MawpkSr.exe
  2⤵
  PID:13464
- C:\Windows\System\Bgcrkxk.exe
  C:\Windows\System\Bgcrkxk.exe
  2⤵
  PID:13480
- C:\Windows\System\nhBDxxk.exe
  C:\Windows\System\nhBDxxk.exe
  2⤵
  PID:13512
- C:\Windows\System\RhCvJcb.exe
  C:\Windows\System\RhCvJcb.exe
  2⤵
  PID:13536
- C:\Windows\System\MLfzTUp.exe
  C:\Windows\System\MLfzTUp.exe
  2⤵
  PID:13608
- C:\Windows\System\qBDCQna.exe
  C:\Windows\System\qBDCQna.exe
  2⤵
  PID:13628
- C:\Windows\System\xxyZyfY.exe
  C:\Windows\System\xxyZyfY.exe
  2⤵
  PID:13644
- C:\Windows\System\POszybC.exe
  C:\Windows\System\POszybC.exe
  2⤵
  PID:13664
- C:\Windows\System\TVzUuqH.exe
  C:\Windows\System\TVzUuqH.exe
  2⤵
  PID:13700
- C:\Windows\System\YxNOeTG.exe
  C:\Windows\System\YxNOeTG.exe
  2⤵
  PID:13728
- C:\Windows\System\HivQdjI.exe
  C:\Windows\System\HivQdjI.exe
  2⤵
  PID:13744
- C:\Windows\System\gdQpBpK.exe
  C:\Windows\System\gdQpBpK.exe
  2⤵
  PID:13776
- C:\Windows\System\BxsfAAM.exe
  C:\Windows\System\BxsfAAM.exe
  2⤵
  PID:13812
- C:\Windows\System\WmOKOMT.exe
  C:\Windows\System\WmOKOMT.exe
  2⤵
  PID:13844
- C:\Windows\System\vDoDvsL.exe
  C:\Windows\System\vDoDvsL.exe
  2⤵
  PID:13868
- C:\Windows\System\gGffhdU.exe
  C:\Windows\System\gGffhdU.exe
  2⤵
  PID:13900
- C:\Windows\System\CTYTUxH.exe
  C:\Windows\System\CTYTUxH.exe
  2⤵
  PID:13920
- C:\Windows\System\IEiFlIM.exe
  C:\Windows\System\IEiFlIM.exe
  2⤵
  PID:13952
- C:\Windows\System\wSRoHVW.exe
  C:\Windows\System\wSRoHVW.exe
  2⤵
  PID:13968
- C:\Windows\System\IZVcLQw.exe
  C:\Windows\System\IZVcLQw.exe
  2⤵
  PID:14008
- C:\Windows\System\MxwmxsB.exe
  C:\Windows\System\MxwmxsB.exe
  2⤵
  PID:14036
- C:\Windows\System\vrDuAcL.exe
  C:\Windows\System\vrDuAcL.exe
  2⤵
  PID:14076
- C:\Windows\System\iYoFgMf.exe
  C:\Windows\System\iYoFgMf.exe
  2⤵
  PID:14104
- C:\Windows\System\TWEAVDO.exe
  C:\Windows\System\TWEAVDO.exe
  2⤵
  PID:14120
- C:\Windows\System\owrbeWU.exe
  C:\Windows\System\owrbeWU.exe
  2⤵
  PID:14148
- C:\Windows\System\rYChgMA.exe
  C:\Windows\System\rYChgMA.exe
  2⤵
  PID:14168
- C:\Windows\System\dDYsWJt.exe
  C:\Windows\System\dDYsWJt.exe
  2⤵
  PID:14192
- C:\Windows\System\rAvpeRB.exe
  C:\Windows\System\rAvpeRB.exe
  2⤵
  PID:14220
- C:\Windows\System\emJzyDw.exe
  C:\Windows\System\emJzyDw.exe
  2⤵
  PID:14256
- C:\Windows\System\kPBKUSv.exe
  C:\Windows\System\kPBKUSv.exe
  2⤵
  PID:14288
- C:\Windows\System\uJTIckk.exe
  C:\Windows\System\uJTIckk.exe
  2⤵
  PID:14316
- C:\Windows\System\goxbdCY.exe
  C:\Windows\System\goxbdCY.exe
  2⤵
  PID:4828
- C:\Windows\System\cQsgbzO.exe
  C:\Windows\System\cQsgbzO.exe
  2⤵
  PID:13348
- C:\Windows\System\yIqPnCz.exe
  C:\Windows\System\yIqPnCz.exe
  2⤵
  PID:13448
- C:\Windows\System\SPawTNq.exe
  C:\Windows\System\SPawTNq.exe
  2⤵
  PID:13508
- C:\Windows\System\JQuhCOy.exe
  C:\Windows\System\JQuhCOy.exe
  2⤵
  PID:13548
- C:\Windows\System\ULECELW.exe
  C:\Windows\System\ULECELW.exe
  2⤵
  PID:1716
- C:\Windows\System\DNJSZmk.exe
  C:\Windows\System\DNJSZmk.exe
  2⤵
  PID:13624
- C:\Windows\System\nvNzNIP.exe
  C:\Windows\System\nvNzNIP.exe
  2⤵
  PID:13672
- C:\Windows\System\mxhPEhi.exe
  C:\Windows\System\mxhPEhi.exe
  2⤵
  PID:13740
- C:\Windows\System\BWerecE.exe
  C:\Windows\System\BWerecE.exe
  2⤵
  PID:13828
- C:\Windows\System\CuSYpAO.exe
  C:\Windows\System\CuSYpAO.exe
  2⤵
  PID:13864
- C:\Windows\System\maTfjbZ.exe
  C:\Windows\System\maTfjbZ.exe
  2⤵
  PID:13940

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AaBNVhM.exe

Filesize
2.2MB

MD5
3eff5fad153dab1835b73a685c1aa14e

SHA1
cba9dca9776426cb25290e7219b5f651b409f9b9

SHA256
a5bde878d0296cd8e4067bf58e70099d995ac39c64c5ee27216be97a4857f5ea

SHA512
3b5c2935a67153838b0c8b7bad58d1441cf23035a25c8bb416d9b9bac24ca76c246b3ced5b102ddc594ed4b3684c7c93247a595e7464f99d9740e9f55cee70b8

Download Submit
C:\Windows\System\CXROZZt.exe

Filesize
2.2MB

MD5
427d995b2ae60c63d3ba28c2131f4969

SHA1
0d11afd51056280a2d0ecb08bfdcad7e4a99abd0

SHA256
614a430aee50f14b7ccc83bcef3da8c7b379002ca31327e4026fbfcd98f0e86b

SHA512
7947e39bf421f7d6d0395c8cdfb7da91e5bf6025cd761ee1e148c87fccff8109b657ce0a2cb7b3c5583a85baf99aa3241cf1aae9ef4fdf5070a515ed957345b4

Download Submit
C:\Windows\System\CdfVCaM.exe

Filesize
2.2MB

MD5
af8e684b2bb0ce203217a36710fa95ea

SHA1
62016751e8e064fab6890a8c29f5bd2c24115281

SHA256
0298ee7ad8422dda9bc0f23454b49976bf78cde054db15cee69c92aca66c856c

SHA512
fac42388acf5ae0cfefc08e8f8e3dc7f7c491ff3b7011bf262c3b06064d59aa8922b36370fe6ad831194d6fa209a1b9008ed8870e84b4768c8c7953f5363717b

Download Submit
C:\Windows\System\DYLKkEw.exe

Filesize
2.2MB

MD5
328a4b05025272407e68d9619444b387

SHA1
4983a31c5e3d92e6875040a750dbf1f222e58d60

SHA256
5c9a895de3bd80b8805cb3de31d78c3d68b598e6dbd5807374c7204f0bc312d1

SHA512
f00461ddabb09330b76a879c307e90e8b6252162d8da7641da4eed9b6f387a566c29c40b1ffb4950fe4fd53ec2ed8c842c533d6c7d232dc49685bc2064dbca4b

Download Submit
C:\Windows\System\GsAqGLo.exe

Filesize
2.2MB

MD5
0ea71dbacc03ba2a97a80d0097f2c259

SHA1
98379ce32a0dd0619d6a51462103acbfb8780a44

SHA256
aa5a83c61de540c70b80403b7e50d278a64aa2c3eb28c351f924a040b6e8990a

SHA512
77e7b2ba7776b3740d9ad13df2391db048b2dbcc2d5151d56a8d237671e69480d3a7c249ac174cc9fc357ce398aec1add00ff6f1a0d2e4795f2ed18586c343ab

Download Submit
C:\Windows\System\IXrYwVy.exe

Filesize
2.2MB

MD5
4873e536acb269db10ab4d662eba2447

SHA1
c1fe7b799b2ca2c78234a292bcce0f77b05a373e

SHA256
2e4ec3eb5ae3fc179a2de9de139a0e840a8c4f0967d1163a4c9807574607bc4b

SHA512
16cac922ed5821b52814fa9c5985cb5f99897529af0e901a0e92a8fae3bdcf2dffb5c00e3695869a78cb89ef7b09d699a8784b291b7523a6e33658b5c1835464

Download Submit
C:\Windows\System\IgNLSOA.exe

Filesize
2.2MB

MD5
57daffd3ea13b426c96126c22d96adf6

SHA1
061757a683475fe38945166e5685bd6cba463c65

SHA256
b1ca7cc1a9f6c54cdb82ea197d9124457a9a07a09cc4ed8229599fabe9188862

SHA512
65823a83b1ab35ca86e68237a60b3cbd0edd6b09acaded7ed02083c018012b53a13b8d3989d538a14316b170a2a28b21f42d55f4d7d8d8c30edf9d4facc7b847

Download Submit
C:\Windows\System\JfqQpzD.exe

Filesize
2.2MB

MD5
0dd0be94b6bfb5e2340f9c17da165d66

SHA1
7b1f8e0ce7cf5c4d368d4bcc6ef01e15f1d648ce

SHA256
49ca87e9a0dd558b4ccdb7454f80bccb89416fef3c0f371362fc7cba12d7c6c8

SHA512
036b473ce48c71937c1513039a412c0f8b392775fe44487794b04c056264e680f9130b4e6a31074d9821247d37f1522d1820c4a7e634250820f05945d20830b1

Download Submit
C:\Windows\System\JjicGrN.exe

Filesize
2.2MB

MD5
e0d9fad8aad08419d7e6f52e2d3dfcfa

SHA1
6cb7ac2590f628464a81384461b69b8b4a9ecaeb

SHA256
25693df12f3310fe47732fb2a3fd2562642524506a0a049225ff805f796ff9cb

SHA512
9e9cb2a0333ea7f60675d92e9bf83485483436ffcf90cbf1d829af395590f5be47f6ec796bd8161ae7335029d071f205ab5bd1180c8df63c0886ad963ea81ee5

Download Submit
C:\Windows\System\KoeiXvO.exe

Filesize
2.2MB

MD5
3eb2b759f1c9eb22507834a36525ba62

SHA1
5895b5f03d53ccb7b93bc516aa819d546ef7eaf3

SHA256
8bc613f9c1585906e660a6a8668754c0c89f865721dce41e41a6cce01e1d24f5

SHA512
6ef745b5455c7128a4d51faab423a4b87c944dc7a21cc71aab8baff6847e28daaaf4c4e370b900684dc195a42f75f4cfe9a7acf3a453f53f354ac4c170359344

Download Submit
C:\Windows\System\MeAbKLD.exe

Filesize
2.2MB

MD5
7eb0723b4b451e1b50887055e13ada6b

SHA1
1f26e37bf565f80fb1970e057afc31e971a7e886

SHA256
3a5c7ef2f07c087fe451447c220bbb5c6a2f34fe4ab3207a713424ca1c68b132

SHA512
ef142f2e20d76b8f0ee60f1353c4b98747510f09b9478f9161425a8c2c0015e62941631d1a0aee852249748b529f4171aea9974d916e3f38bb2d11d4492a99d5

Download Submit
C:\Windows\System\MieIGBI.exe

Filesize
2.2MB

MD5
7e6ed32f90752ecdda5608a21ea6f5d7

SHA1
9bc1398b84dc17b8aebe2cfb0246158be5afd470

SHA256
1c4ebbd81d312ac3e7eee325321e5ba909e5a24acf3e13d5f5fc39887a4d331a

SHA512
b6ac7a82dd8691bfa4b9454732b89b83c5b4c84d2ed6056eb39ab65ced901300f967024eff29520b16255f08edfd2e3e1d5d863aba469d7e2a9776167f843d2c

Download Submit
C:\Windows\System\OOCBjQX.exe

Filesize
2.2MB

MD5
fa9f04253e7f73f422b79749345ad11f

SHA1
1aa8beff102cfde11818d527922f5df63d061744

SHA256
a9e9e495bd3252b5349e4391864087f385ed9cfe084e6857950cafc047ad6b92

SHA512
3be9d8cea3d712e7c24e9851bc66d391e8dae6e4de668f4828503a0ecdd462706342e29d01569ec2b760544531738f69e0d50a0eba832eafe4e591c70d82ec25

Download Submit
C:\Windows\System\QrTRBye.exe

Filesize
2.2MB

MD5
6415a56ca42344b609a8a44f328e8a2d

SHA1
8e9904df8ee4c2b99c733550936bba530dfde2ae

SHA256
35a347cad3eff2c5bff25ce4f8c36510858dbdd5a25afa63f4e598618e57fb96

SHA512
98f17ce9b8066b435ce37e864dffea108ae7b7f5290b14fd9559621b62d53043b7160b9c256830bf6b948d72281597a0663911051553ddc1b9a16edf623d062a

Download Submit
C:\Windows\System\TFtXCse.exe

Filesize
2.2MB

MD5
99e4d49de4845153a9a015f7db363394

SHA1
f780e4afa8f60d8b043c0179d700d66382dbda39

SHA256
b519afe55214d5b8738891562aabccf91f074f70258d65fde2a9aa941b2787c3

SHA512
84374486d614fc04e7369a96f444b8ee53136bff5acb4c76868b197b1a7b03d1107690fedaeb087ec6496f946cbfb8f13684ac100395f9554886d53372dc5797

Download Submit
C:\Windows\System\TJfaVqX.exe

Filesize
2.2MB

MD5
ecbe4cd009cd5cfe306fb10ac6fa8ea9

SHA1
86760801b63f4121f4d9371cbaaf736415640e19

SHA256
4a919c6e4eb00c7bc1bdf42bd3d37a2af592ffa8b46b8dbcafea0824c8fd01f2

SHA512
1b7fd893237a0aad88f4c8b2b2cceb20339d80982929946f11b471c2d5141fd67a89d26a3811d0ecbb8473e89123bb4615410751e74f6187b9b3371c6bd92797

Download Submit
C:\Windows\System\TabgbwQ.exe

Filesize
2.2MB

MD5
a91916bd2d94d9b5165ec5129476968b

SHA1
70fb9d65f78f900603475b60ee298636740ee3e2

SHA256
377909591a607aedd64abaf7ecee10ed117c4d22f80872841939c5b765820088

SHA512
41e8cadb168d291593f3825e4819c3af76f4af16c78d11edd0c045a326b06dcfa8d94c87222ae79e2340b9dc77ab9931291d7b6378f7b02d37f58c8c666dd7df

Download Submit
C:\Windows\System\VXjsbvR.exe

Filesize
2.2MB

MD5
9ee28ef7382a1f5f10522099fdb3b81f

SHA1
402c7b255a5720eaa680919b5cc663b69a3d3792

SHA256
6ad649ce27fe341e3b1bf24af2015fbbd02d36f7d71f02a95a27e7249b0794a8

SHA512
78cd1611831fa8afbcd3860b91a7caa055307b95a5b50723f9e19a28bf7eb100758fcd8716f3aff670fe27380c09abcc56c61169460d50f0a616a165300200f5

Download Submit
C:\Windows\System\YBmZxvz.exe

Filesize
2.2MB

MD5
eb61b4c0616a71d00d423fd21626efde

SHA1
cf8d9b13d2f0746e5d50e23897111bc38eb1d858

SHA256
386c1ac31bd9276f92708e1f6a19ba201558cac1e522fc89f620b323a6541862

SHA512
c174e993a49001c7dc1100c4c9dc8469024ca39d38239ace6b24b5a0f3693189e5fee594ab23d30a6c04724bed0f9c936cc00d2138a4d43aaa17745929728fc1

Download Submit
C:\Windows\System\bGqEmjS.exe

Filesize
2.2MB

MD5
c254f614880f6fa5adb4e4c640d4c30e

SHA1
9872687dd81df58e4a0469316f385a3a1868f8fa

SHA256
70d7430d506397f80027cedb0c3aea8bea144ddb75b567b789c7832af0e133ab

SHA512
004774b566c2b86178c473e67bbf1093af001660c495605e4349417c134849e28d864f8fadc28a35dac90f0c7f3faf596782baa6d1f346441d1c156e40250758

Download Submit
C:\Windows\System\bdZtvEo.exe

Filesize
2.2MB

MD5
05dfb0965f66d191750e381c3caa4d69

SHA1
59d07e3d589aeaab4f32e410c12586ee0595c642

SHA256
3fd6b1253452ba45bc508b3721cd156bb2a0c952376c252f58dd1c1c2007bf7d

SHA512
8775da9f16ff739a0ef7da244d4aa0cf983f35f624927add6ef8ae2391012c976d81897d71ad95392ec14da1e949d5b87d50154f2b2e6e1f555981d783e88210

Download Submit
C:\Windows\System\bwIQDQM.exe

Filesize
2.2MB

MD5
d5eeba3d90769e7818b7c5056489f936

SHA1
7357eb45a23120bc66638fee3e83272a2ec7bdd7

SHA256
7d1e0921b40a6635049098b1f706331c91e831057ecdb95b5083e3f4a0dd3ccd

SHA512
0cf73c98552007228a15c425a5d14ba091e7a440a1a66c4b005d0c307b7f01404e335f2fef0f0813f431b189b4678e7aaf69e6d39353c358f21499eb69b9d122

Download Submit
C:\Windows\System\dMTAkhk.exe

Filesize
2.2MB

MD5
8d9e148ef2aee5fb224d82efe6f64b5e

SHA1
41b4b4f8d66f64e6eba6a78be48e953810c0ef42

SHA256
9fae8860b4732380466648f8a87b66534d8326fcf77eef98da559be0d3e12554

SHA512
0f082149b8495f8b92e8eb90318ccbb8f4eda61211604cf50b4da8d4f35dc2330f7e0751d4398d9f8a56eb09972c822dfb813febbe144c5b3c2d456fd301286a

Download Submit
C:\Windows\System\dgACeHL.exe

Filesize
2.2MB

MD5
c25d5cc3203f2be9f9e5faee0c3de6e2

SHA1
727585457beaa839c1845b14e4cba3a237d51763

SHA256
4c97d53ae7eae5c2469478c12f4837e098d2d03099a04cca10423581144b3cfd

SHA512
980e8d7926c4cb194b8a1de57f832af525a33dad735f6871bbf1f85422449995db782643054a07d014d046b254a446758a02a60a36c970de65ac4b264c30940d

Download Submit
C:\Windows\System\eKDGQKK.exe

Filesize
2.2MB

MD5
9f7ee607787e6976700c6b7d6a2d0f40

SHA1
c892c4754a1aafe2015d09479d247284d76565db

SHA256
b333ee5a6681ec5f3357a7970c8a500c800554be8d386d7cf6462fbb92f770a3

SHA512
c67adc8ff4efc4ac44e5c17d8dbab0f16b417a7b207c5e3e4879e14b19f5072046c02fc8cf28f2ec2df4d222e24d3d20d3716863ec1dd2f1ae0988edf3d8394b

Download Submit
C:\Windows\System\ebwUxCo.exe

Filesize
2.2MB

MD5
9a3c6d6fa036b024e26b70d315136c00

SHA1
e11d34abe5c6ffbee340489598777853fe12539b

SHA256
736b6d7d8caae93e6c1daf885a6e1e757d0658a808f8a22a3e115f7742a1307d

SHA512
f94127da02604aac9c46005d9995f85bcc985a9ede321e5793bc9d4e7d270052eb2a5158be96df69c023742c72ad14f0548c3c8e9a900ac82108b0def0b30cfc

Download Submit
C:\Windows\System\elhpsDx.exe

Filesize
2.2MB

MD5
40a6968bf71ed3fc46b50b8d274f8c81

SHA1
35350e6d99521b51618bdbd56dd92605b7e9a1be

SHA256
89745864d2183eb6a5a8241a9d4297b9b1e8a871e001aa13645ed490f0bd9b19

SHA512
8bc98901d425fffc2f3a277c50633387ffa3092b03fb0d945c530d9b5b7e2bd9dada0dc6506f4bbf7c5f32b1d32797fac8931cb676940cefb125b2670f822846

Download Submit
C:\Windows\System\gQEJFXm.exe

Filesize
2.2MB

MD5
2aefa5310e184c1de20ed99e5f53f72a

SHA1
e713a8dbdb667906755c5d990d9a0178d67e87cf

SHA256
aa16e8ef66282c93c1a906924bccbd39a6d3cd67748dca73965f53ea78db32fd

SHA512
908364a357ce5535bd64a3ee9115eb53f99b6eca646506d9bc34d32a280d16e04254f9b51d91208b7114f5db9bfb4b1b61069f90fc9bd95b8047bca4f1e7bb3e

Download Submit
C:\Windows\System\gqQaGHP.exe

Filesize
2.2MB

MD5
cf89a2ea6019e7648e8c82381a0ac737

SHA1
695f7e0b31a45fedae35e10e46117936a6fd1a25

SHA256
ddf78ac8ff8be1d037386ae7e22c12d80d893b8ec3a4ea7122db73e465564a57

SHA512
1c116f20b64be3fd68b02f3604244973076eb6e6661bf6c57627da6c3801031f7647ff445a45c780ffd000c3ff71dce780d88a32e9fca87381c6d92066f61606

Download Submit
C:\Windows\System\idVTaJd.exe

Filesize
2.2MB

MD5
8dbd632d798bc780ccc0c323b33842e6

SHA1
bfae95fbd05c5551300e36fa0c9e081e3f328237

SHA256
55152c451507e4598dc8a13db7c46f89789fd8f8b7fd1a7fab7844b69f67bf26

SHA512
95d4693a82ebc1a5d58620896bd8960d06ecd3d16fd371fc4465057a6976476f60a183e2824e566f33c951c53776cd63db0c667516ad67a9b5162e811d9680f9

Download Submit
C:\Windows\System\mhKhFPV.exe

Filesize
2.2MB

MD5
001d480dd80e2f4786ca3b8a5c6fbf3f

SHA1
d216671fb1cbf26aa3cc85526df3f5bb58f6ed49

SHA256
c8e3e1810322ba4607c78cf1176ee0f21516dd8dc9a7fe3f155adefd6cabfbd6

SHA512
d278a41096b94fc69aa17511213114ed3b65b0ea515ac311692fc9535c17957f62bff4bfcbb583878f7d97926fd0b365fce742e65a596b78e7c52278fc46f784

Download Submit
C:\Windows\System\nkNslpP.exe

Filesize
2.2MB

MD5
1fff49b42c0c3e5590bc57d400e2ff6e

SHA1
57817da36220ba9f0badc0200ae72eb314175689

SHA256
cdd636e627712988cac6a9b05c673a24406c4caa6089e4b969bdb536e67f6de4

SHA512
1bd7adf6e76ef354d024b4abe2c2a8794b8b4b2751fcd9108c225453cf7e9725766acd9f14e1ef2594baaa15f8ad8b87190b4a4f67d6247f2060b8f1059de08d

Download Submit
C:\Windows\System\oXdEybW.exe

Filesize
2.2MB

MD5
132002a12196451935e74606794d21a1

SHA1
9b656ca6173805e12a74b8bd522a09b92ecbe2fd

SHA256
3bbd9c68449ac9e9b84b5be928f53fa6aee67f304dd623b04d2b2a82459cbcca

SHA512
b5e01c74a839be564fe4c997aa2492430f4c2a5b06c304832f1d4ebc40a974698d310f5f5fc7e495eb86a0454c2d6aa7bb12f47ab6cc7a60ef45260e71f04e5b

Download Submit
C:\Windows\System\ogomGkp.exe

Filesize
2.2MB

MD5
8432587563cf50bc48bd4db8327a723c

SHA1
09b5913f82a3dce2b074e22b7e045982b1e391d6

SHA256
36d597cbc5b9463b974236c12f9e3fa10e42d65a93e9d3c6bfaccceb848e120b

SHA512
42b4d9e621f2d5934b29fac762fbc63d7ad2642158ce437f18d41f02e7468b90320d2bc2f6435bc87c611dbe96548fac03e0996c21e5c3a4ba688079e8be1233

Download Submit
C:\Windows\System\qmnfVNl.exe

Filesize
2.2MB

MD5
02ddc31349770afb22da273000cfd405

SHA1
b076bcc61b4fabd0ca4f5fc5966c6171834bcd6f

SHA256
4e9cbb3c4b1906785c0f634b2ba21a1e845fd622622a627424a64233f4645dd9

SHA512
09c9f1f49c178a4b12a1a888d8e6da06600acafb26862c0d3c43d7e5ec155b45cf695ab733275c6000e13b04a78479487cccb9e194a8b7a43e90a8105889cb7e

Download Submit
C:\Windows\System\uDblkde.exe

Filesize
2.2MB

MD5
adcfa1827b4d7b7eb12218b2fb3da70f

SHA1
1127d30ab7938f30140729e6aaddefb08e340821

SHA256
8218249a614fe8302ae29d7c8b100550a47e458c052bebe695ce9368a9fb98d8

SHA512
ac4d0bb76d9579d9e38ea909aee7736253213dc89d132f8373d6e1b8bc8bcd2681131ed56fba33b7e1530ededc7ad1c67a7c798ce768af249c680955ea3db971

Download Submit
memory/948-225-0x00007FF760600000-0x00007FF760954000-memory.dmp

Filesize
3.3MB

Download
memory/948-2127-0x00007FF760600000-0x00007FF760954000-memory.dmp

Filesize
3.3MB

Download
memory/1020-2116-0x00007FF735C70000-0x00007FF735FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-195-0x00007FF735C70000-0x00007FF735FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1112-2112-0x00007FF7BB5B0000-0x00007FF7BB904000-memory.dmp

Filesize
3.3MB

Download
memory/1112-209-0x00007FF7BB5B0000-0x00007FF7BB904000-memory.dmp

Filesize
3.3MB

Download
memory/1148-79-0x00007FF79AC60000-0x00007FF79AFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2107-0x00007FF79AC60000-0x00007FF79AFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-208-0x00007FF7EB3D0000-0x00007FF7EB724000-memory.dmp

Filesize
3.3MB

Download
memory/1364-2115-0x00007FF7EB3D0000-0x00007FF7EB724000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2119-0x00007FF6E0880000-0x00007FF6E0BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-224-0x00007FF6E0880000-0x00007FF6E0BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-219-0x00007FF65BC70000-0x00007FF65BFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-2128-0x00007FF65BC70000-0x00007FF65BFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2106-0x00007FF6FC670000-0x00007FF6FC9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-47-0x00007FF6FC670000-0x00007FF6FC9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2100-0x00007FF6FC670000-0x00007FF6FC9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-222-0x00007FF6403F0000-0x00007FF640744000-memory.dmp

Filesize
3.3MB

Download
memory/2360-2109-0x00007FF6403F0000-0x00007FF640744000-memory.dmp

Filesize
3.3MB

Download
memory/2428-2105-0x00007FF7617D0000-0x00007FF761B24000-memory.dmp

Filesize
3.3MB

Download
memory/2428-2101-0x00007FF7617D0000-0x00007FF761B24000-memory.dmp

Filesize
3.3MB

Download
memory/2428-27-0x00007FF7617D0000-0x00007FF761B24000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2122-0x00007FF6DA0A0000-0x00007FF6DA3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-213-0x00007FF6DA0A0000-0x00007FF6DA3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-215-0x00007FF73C5F0000-0x00007FF73C944000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2121-0x00007FF73C5F0000-0x00007FF73C944000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2118-0x00007FF60CF20000-0x00007FF60D274000-memory.dmp

Filesize
3.3MB

Download
memory/2800-127-0x00007FF60CF20000-0x00007FF60D274000-memory.dmp

Filesize
3.3MB

Download
memory/2904-110-0x00007FF6888E0000-0x00007FF688C34000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2110-0x00007FF6888E0000-0x00007FF688C34000-memory.dmp

Filesize
3.3MB

Download
memory/2992-2125-0x00007FF707AC0000-0x00007FF707E14000-memory.dmp

Filesize
3.3MB

Download
memory/2992-226-0x00007FF707AC0000-0x00007FF707E14000-memory.dmp

Filesize
3.3MB

Download
memory/3092-59-0x00007FF6B4F80000-0x00007FF6B52D4000-memory.dmp

Filesize
3.3MB

Download
memory/3092-2103-0x00007FF6B4F80000-0x00007FF6B52D4000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2124-0x00007FF7C3550000-0x00007FF7C38A4000-memory.dmp

Filesize
3.3MB

Download
memory/3464-218-0x00007FF7C3550000-0x00007FF7C38A4000-memory.dmp

Filesize
3.3MB

Download
memory/3496-2099-0x00007FF629300000-0x00007FF629654000-memory.dmp

Filesize
3.3MB

Download
memory/3496-1-0x0000029ACB2E0000-0x0000029ACB2F0000-memory.dmp

Filesize
64KB

Download
memory/3496-0-0x00007FF629300000-0x00007FF629654000-memory.dmp

Filesize
3.3MB

Download
memory/3532-2130-0x00007FF77BC90000-0x00007FF77BFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3532-220-0x00007FF77BC90000-0x00007FF77BFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3576-144-0x00007FF7F2910000-0x00007FF7F2C64000-memory.dmp

Filesize
3.3MB

Download
memory/3576-2114-0x00007FF7F2910000-0x00007FF7F2C64000-memory.dmp

Filesize
3.3MB

Download
memory/3596-2102-0x00007FF6ECB10000-0x00007FF6ECE64000-memory.dmp

Filesize
3.3MB

Download
memory/3596-14-0x00007FF6ECB10000-0x00007FF6ECE64000-memory.dmp

Filesize
3.3MB

Download
memory/3708-2123-0x00007FF694360000-0x00007FF6946B4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-216-0x00007FF694360000-0x00007FF6946B4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-2117-0x00007FF735A60000-0x00007FF735DB4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-196-0x00007FF735A60000-0x00007FF735DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4012-2111-0x00007FF65D890000-0x00007FF65DBE4000-memory.dmp

Filesize
3.3MB

Download
memory/4012-223-0x00007FF65D890000-0x00007FF65DBE4000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2108-0x00007FF6EFF80000-0x00007FF6F02D4000-memory.dmp

Filesize
3.3MB

Download
memory/4180-108-0x00007FF6EFF80000-0x00007FF6F02D4000-memory.dmp

Filesize
3.3MB

Download
memory/4196-2129-0x00007FF713C30000-0x00007FF713F84000-memory.dmp

Filesize
3.3MB

Download
memory/4196-217-0x00007FF713C30000-0x00007FF713F84000-memory.dmp

Filesize
3.3MB

Download
memory/4284-2126-0x00007FF78F5A0000-0x00007FF78F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/4284-203-0x00007FF78F5A0000-0x00007FF78F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/4376-221-0x00007FF6F88D0000-0x00007FF6F8C24000-memory.dmp

Filesize
3.3MB

Download
memory/4376-2104-0x00007FF6F88D0000-0x00007FF6F8C24000-memory.dmp

Filesize
3.3MB

Download
memory/4616-143-0x00007FF758950000-0x00007FF758CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4616-2113-0x00007FF758950000-0x00007FF758CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4932-2120-0x00007FF65B560000-0x00007FF65B8B4000-memory.dmp

Filesize
3.3MB

Download
memory/4932-214-0x00007FF65B560000-0x00007FF65B8B4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads