kpot | 55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 23:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
Size

2.2MB
MD5

330de6fffa43e980980f3e89f1a03cb8
SHA1

2cbc2080fcc988f3c1a795e5430af4ff754b2f44
SHA256

55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369
SHA512

0a34c0013bac512ceb4a2f789a09bfad4dd642b9378dd2fbe8ee6f4abb8a9fe3e50fc8b739b7d251168058aea41dbae5f7639ae1bedce34b36a353215164ae2a
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6S/Fppa5GePd:BemTLkNdfE0pZrw5

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 35 IoCs

resource	yara_rule
behavioral2/files/0x0008000000023444-5.dat	family_kpot
behavioral2/files/0x0007000000023449-7.dat	family_kpot
behavioral2/files/0x0007000000023448-17.dat	family_kpot
behavioral2/files/0x000700000002344b-38.dat	family_kpot
behavioral2/files/0x000700000002344d-35.dat	family_kpot
behavioral2/files/0x0007000000023453-66.dat	family_kpot
behavioral2/files/0x0007000000023456-105.dat	family_kpot
behavioral2/files/0x000700000002345f-143.dat	family_kpot
behavioral2/files/0x0007000000023462-171.dat	family_kpot
behavioral2/files/0x0007000000023468-199.dat	family_kpot
behavioral2/files/0x0007000000023469-204.dat	family_kpot
behavioral2/files/0x0007000000023463-192.dat	family_kpot
behavioral2/files/0x0007000000023467-190.dat	family_kpot
behavioral2/files/0x0007000000023466-185.dat	family_kpot
behavioral2/files/0x0007000000023465-184.dat	family_kpot
behavioral2/files/0x0007000000023464-181.dat	family_kpot
behavioral2/files/0x0007000000023461-148.dat	family_kpot
behavioral2/files/0x0007000000023460-146.dat	family_kpot
behavioral2/files/0x000700000002345a-141.dat	family_kpot
behavioral2/files/0x000700000002345e-139.dat	family_kpot
behavioral2/files/0x0007000000023459-137.dat	family_kpot
behavioral2/files/0x000700000002345d-135.dat	family_kpot
behavioral2/files/0x000700000002345c-133.dat	family_kpot
behavioral2/files/0x000700000002345b-131.dat	family_kpot
behavioral2/files/0x0007000000023458-127.dat	family_kpot
behavioral2/files/0x0007000000023457-120.dat	family_kpot
behavioral2/files/0x0007000000023455-95.dat	family_kpot
behavioral2/files/0x0007000000023454-94.dat	family_kpot
behavioral2/files/0x0007000000023452-84.dat	family_kpot
behavioral2/files/0x0007000000023451-82.dat	family_kpot
behavioral2/files/0x0007000000023450-71.dat	family_kpot
behavioral2/files/0x000700000002344e-59.dat	family_kpot
behavioral2/files/0x000700000002344f-54.dat	family_kpot
behavioral2/files/0x000700000002344c-43.dat	family_kpot
behavioral2/files/0x000700000002344a-30.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4648-0-0x00007FF773770000-0x00007FF773AC4000-memory.dmp	UPX
behavioral2/files/0x0008000000023444-5.dat	UPX
behavioral2/files/0x0007000000023449-7.dat	UPX
behavioral2/files/0x0007000000023448-17.dat	UPX
behavioral2/files/0x000700000002344b-38.dat	UPX
behavioral2/memory/1612-36-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp	UPX
behavioral2/files/0x000700000002344d-35.dat	UPX
behavioral2/memory/2776-55-0x00007FF7965E0000-0x00007FF796934000-memory.dmp	UPX
behavioral2/files/0x0007000000023453-66.dat	UPX
behavioral2/files/0x0007000000023456-105.dat	UPX
behavioral2/memory/3900-124-0x00007FF6CB7E0000-0x00007FF6CBB34000-memory.dmp	UPX
behavioral2/files/0x000700000002345f-143.dat	UPX
behavioral2/memory/2516-152-0x00007FF79DC70000-0x00007FF79DFC4000-memory.dmp	UPX
behavioral2/memory/1936-157-0x00007FF7F6100000-0x00007FF7F6454000-memory.dmp	UPX
behavioral2/files/0x0007000000023462-171.dat	UPX
behavioral2/files/0x0007000000023468-199.dat	UPX
behavioral2/files/0x0007000000023469-204.dat	UPX
behavioral2/memory/3164-255-0x00007FF68DFA0000-0x00007FF68E2F4000-memory.dmp	UPX
behavioral2/memory/2972-254-0x00007FF6A6090000-0x00007FF6A63E4000-memory.dmp	UPX
behavioral2/files/0x0007000000023463-192.dat	UPX
behavioral2/files/0x0007000000023467-190.dat	UPX
behavioral2/files/0x0007000000023466-185.dat	UPX
behavioral2/files/0x0007000000023465-184.dat	UPX
behavioral2/files/0x0007000000023464-181.dat	UPX
behavioral2/memory/4596-164-0x00007FF7ED580000-0x00007FF7ED8D4000-memory.dmp	UPX
behavioral2/memory/4332-163-0x00007FF77DB30000-0x00007FF77DE84000-memory.dmp	UPX
behavioral2/memory/4312-162-0x00007FF701D60000-0x00007FF7020B4000-memory.dmp	UPX
behavioral2/memory/1676-161-0x00007FF766CC0000-0x00007FF767014000-memory.dmp	UPX
behavioral2/memory/4500-160-0x00007FF707360000-0x00007FF7076B4000-memory.dmp	UPX
behavioral2/memory/824-159-0x00007FF604B40000-0x00007FF604E94000-memory.dmp	UPX
behavioral2/memory/4752-158-0x00007FF659320000-0x00007FF659674000-memory.dmp	UPX
behavioral2/memory/2024-156-0x00007FF7D9BE0000-0x00007FF7D9F34000-memory.dmp	UPX
behavioral2/memory/4824-155-0x00007FF65C9A0000-0x00007FF65CCF4000-memory.dmp	UPX
behavioral2/memory/4468-154-0x00007FF64AB80000-0x00007FF64AED4000-memory.dmp	UPX
behavioral2/memory/4396-153-0x00007FF778520000-0x00007FF778874000-memory.dmp	UPX
behavioral2/memory/1488-151-0x00007FF666680000-0x00007FF6669D4000-memory.dmp	UPX
behavioral2/memory/3480-150-0x00007FF6A23A0000-0x00007FF6A26F4000-memory.dmp	UPX
behavioral2/files/0x0007000000023461-148.dat	UPX
behavioral2/files/0x0007000000023460-146.dat	UPX
behavioral2/memory/1664-145-0x00007FF7BFA80000-0x00007FF7BFDD4000-memory.dmp	UPX
behavioral2/files/0x000700000002345a-141.dat	UPX
behavioral2/files/0x000700000002345e-139.dat	UPX
behavioral2/files/0x0007000000023459-137.dat	UPX
behavioral2/files/0x000700000002345d-135.dat	UPX
behavioral2/files/0x000700000002345c-133.dat	UPX
behavioral2/files/0x000700000002345b-131.dat	UPX
behavioral2/memory/4104-130-0x00007FF7DF0C0000-0x00007FF7DF414000-memory.dmp	UPX
behavioral2/memory/4916-129-0x00007FF7CE340000-0x00007FF7CE694000-memory.dmp	UPX
behavioral2/files/0x0007000000023458-127.dat	UPX
behavioral2/files/0x0007000000023457-120.dat	UPX
behavioral2/memory/1784-104-0x00007FF7CC730000-0x00007FF7CCA84000-memory.dmp	UPX
behavioral2/files/0x0007000000023455-95.dat	UPX
behavioral2/files/0x0007000000023454-94.dat	UPX
behavioral2/files/0x0007000000023452-84.dat	UPX
behavioral2/files/0x0007000000023451-82.dat	UPX
behavioral2/memory/1724-81-0x00007FF66CB40000-0x00007FF66CE94000-memory.dmp	UPX
behavioral2/memory/4440-80-0x00007FF69B440000-0x00007FF69B794000-memory.dmp	UPX
behavioral2/files/0x0007000000023450-71.dat	UPX
behavioral2/memory/3104-69-0x00007FF64DDD0000-0x00007FF64E124000-memory.dmp	UPX
behavioral2/files/0x000700000002344e-59.dat	UPX
behavioral2/files/0x000700000002344f-54.dat	UPX
behavioral2/files/0x000700000002344c-43.dat	UPX
behavioral2/files/0x000700000002344a-30.dat	UPX
behavioral2/memory/1124-25-0x00007FF6A7F00000-0x00007FF6A8254000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4648-0-0x00007FF773770000-0x00007FF773AC4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023444-5.dat	xmrig
behavioral2/files/0x0007000000023449-7.dat	xmrig
behavioral2/files/0x0007000000023448-17.dat	xmrig
behavioral2/files/0x000700000002344b-38.dat	xmrig
behavioral2/memory/1612-36-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp	xmrig
behavioral2/files/0x000700000002344d-35.dat	xmrig
behavioral2/memory/2776-55-0x00007FF7965E0000-0x00007FF796934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023453-66.dat	xmrig
behavioral2/files/0x0007000000023456-105.dat	xmrig
behavioral2/memory/3900-124-0x00007FF6CB7E0000-0x00007FF6CBB34000-memory.dmp	xmrig
behavioral2/files/0x000700000002345f-143.dat	xmrig
behavioral2/memory/2516-152-0x00007FF79DC70000-0x00007FF79DFC4000-memory.dmp	xmrig
behavioral2/memory/1936-157-0x00007FF7F6100000-0x00007FF7F6454000-memory.dmp	xmrig
behavioral2/files/0x0007000000023462-171.dat	xmrig
behavioral2/files/0x0007000000023468-199.dat	xmrig
behavioral2/files/0x0007000000023469-204.dat	xmrig
behavioral2/memory/3164-255-0x00007FF68DFA0000-0x00007FF68E2F4000-memory.dmp	xmrig
behavioral2/memory/2972-254-0x00007FF6A6090000-0x00007FF6A63E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023463-192.dat	xmrig
behavioral2/files/0x0007000000023467-190.dat	xmrig
behavioral2/files/0x0007000000023466-185.dat	xmrig
behavioral2/files/0x0007000000023465-184.dat	xmrig
behavioral2/files/0x0007000000023464-181.dat	xmrig
behavioral2/memory/4596-164-0x00007FF7ED580000-0x00007FF7ED8D4000-memory.dmp	xmrig
behavioral2/memory/4332-163-0x00007FF77DB30000-0x00007FF77DE84000-memory.dmp	xmrig
behavioral2/memory/4312-162-0x00007FF701D60000-0x00007FF7020B4000-memory.dmp	xmrig
behavioral2/memory/1676-161-0x00007FF766CC0000-0x00007FF767014000-memory.dmp	xmrig
behavioral2/memory/4500-160-0x00007FF707360000-0x00007FF7076B4000-memory.dmp	xmrig
behavioral2/memory/824-159-0x00007FF604B40000-0x00007FF604E94000-memory.dmp	xmrig
behavioral2/memory/4752-158-0x00007FF659320000-0x00007FF659674000-memory.dmp	xmrig
behavioral2/memory/2024-156-0x00007FF7D9BE0000-0x00007FF7D9F34000-memory.dmp	xmrig
behavioral2/memory/4824-155-0x00007FF65C9A0000-0x00007FF65CCF4000-memory.dmp	xmrig
behavioral2/memory/4468-154-0x00007FF64AB80000-0x00007FF64AED4000-memory.dmp	xmrig
behavioral2/memory/4396-153-0x00007FF778520000-0x00007FF778874000-memory.dmp	xmrig
behavioral2/memory/1488-151-0x00007FF666680000-0x00007FF6669D4000-memory.dmp	xmrig
behavioral2/memory/3480-150-0x00007FF6A23A0000-0x00007FF6A26F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023461-148.dat	xmrig
behavioral2/files/0x0007000000023460-146.dat	xmrig
behavioral2/memory/1664-145-0x00007FF7BFA80000-0x00007FF7BFDD4000-memory.dmp	xmrig
behavioral2/files/0x000700000002345a-141.dat	xmrig
behavioral2/files/0x000700000002345e-139.dat	xmrig
behavioral2/files/0x0007000000023459-137.dat	xmrig
behavioral2/files/0x000700000002345d-135.dat	xmrig
behavioral2/files/0x000700000002345c-133.dat	xmrig
behavioral2/files/0x000700000002345b-131.dat	xmrig
behavioral2/memory/4104-130-0x00007FF7DF0C0000-0x00007FF7DF414000-memory.dmp	xmrig
behavioral2/memory/4916-129-0x00007FF7CE340000-0x00007FF7CE694000-memory.dmp	xmrig
behavioral2/files/0x0007000000023458-127.dat	xmrig
behavioral2/files/0x0007000000023457-120.dat	xmrig
behavioral2/memory/1784-104-0x00007FF7CC730000-0x00007FF7CCA84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023455-95.dat	xmrig
behavioral2/files/0x0007000000023454-94.dat	xmrig
behavioral2/files/0x0007000000023452-84.dat	xmrig
behavioral2/files/0x0007000000023451-82.dat	xmrig
behavioral2/memory/1724-81-0x00007FF66CB40000-0x00007FF66CE94000-memory.dmp	xmrig
behavioral2/memory/4440-80-0x00007FF69B440000-0x00007FF69B794000-memory.dmp	xmrig
behavioral2/files/0x0007000000023450-71.dat	xmrig
behavioral2/memory/3104-69-0x00007FF64DDD0000-0x00007FF64E124000-memory.dmp	xmrig
behavioral2/files/0x000700000002344e-59.dat	xmrig
behavioral2/files/0x000700000002344f-54.dat	xmrig
behavioral2/files/0x000700000002344c-43.dat	xmrig
behavioral2/files/0x000700000002344a-30.dat	xmrig
behavioral2/memory/1124-25-0x00007FF6A7F00000-0x00007FF6A8254000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2256	YEgVzMl.exe
1124	qcWSeZX.exe
1936	xtbArUI.exe
1612	Knxcams.exe
2776	nywvSzH.exe
4752	royDngN.exe
3104	rlwBjcs.exe
824	MvrFOOY.exe
4440	TVSrNOM.exe
1724	XxtpKJb.exe
4500	oCXcnNp.exe
1784	OAGapKR.exe
3900	GQOVhIn.exe
1676	VtjAJGD.exe
4916	CVtihcH.exe
4104	krIIMJy.exe
1664	ZZrXRbk.exe
4312	ENSOpVN.exe
3480	YHsCWdJ.exe
4332	nztHFoW.exe
1488	hLoNbUL.exe
2516	jBbJAMG.exe
4396	moufWnV.exe
4468	QTPQeSm.exe
4824	burtIsr.exe
4596	BBIiFOJ.exe
2024	yIvdmlT.exe
2972	JiFhLTJ.exe
3164	DqYdflB.exe
3640	GakCeUi.exe
4944	tywmlks.exe
1316	tGXNthY.exe
2332	aRJJyEW.exe
3816	iMoaBXs.exe
2040	CCDDJGq.exe
3852	EqBgAUl.exe
3452	khoLDHZ.exe
1876	zEQKGwq.exe
3032	vZAVmyV.exe
4768	PZVJKLO.exe
4932	oWOpYJE.exe
3992	ZBmDfqf.exe
2636	qYathvm.exe
4476	AfPaPVB.exe
3944	ZfKRGCs.exe
3448	xWsfQRJ.exe
2488	ilAlNrB.exe
644	SyjriKJ.exe
744	WZIsyPM.exe
1964	ZaMysxi.exe
5032	XRJWtVQ.exe
4620	qhzypRQ.exe
4964	LSWWPNN.exe
5112	EtOhPMr.exe
2604	MESzEip.exe
5068	coNSuIX.exe
4352	erqRNqD.exe
1256	mQqzLSa.exe
2080	NxGNYXd.exe
3436	nLWBqMm.exe
4968	jCMmnxq.exe
3632	DafyhXa.exe
2028	MgcKCzO.exe
676	GEALPTM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4648-0-0x00007FF773770000-0x00007FF773AC4000-memory.dmp	upx
behavioral2/files/0x0008000000023444-5.dat	upx
behavioral2/files/0x0007000000023449-7.dat	upx
behavioral2/files/0x0007000000023448-17.dat	upx
behavioral2/files/0x000700000002344b-38.dat	upx
behavioral2/memory/1612-36-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp	upx
behavioral2/files/0x000700000002344d-35.dat	upx
behavioral2/memory/2776-55-0x00007FF7965E0000-0x00007FF796934000-memory.dmp	upx
behavioral2/files/0x0007000000023453-66.dat	upx
behavioral2/files/0x0007000000023456-105.dat	upx
behavioral2/memory/3900-124-0x00007FF6CB7E0000-0x00007FF6CBB34000-memory.dmp	upx
behavioral2/files/0x000700000002345f-143.dat	upx
behavioral2/memory/2516-152-0x00007FF79DC70000-0x00007FF79DFC4000-memory.dmp	upx
behavioral2/memory/1936-157-0x00007FF7F6100000-0x00007FF7F6454000-memory.dmp	upx
behavioral2/files/0x0007000000023462-171.dat	upx
behavioral2/files/0x0007000000023468-199.dat	upx
behavioral2/files/0x0007000000023469-204.dat	upx
behavioral2/memory/3164-255-0x00007FF68DFA0000-0x00007FF68E2F4000-memory.dmp	upx
behavioral2/memory/2972-254-0x00007FF6A6090000-0x00007FF6A63E4000-memory.dmp	upx
behavioral2/files/0x0007000000023463-192.dat	upx
behavioral2/files/0x0007000000023467-190.dat	upx
behavioral2/files/0x0007000000023466-185.dat	upx
behavioral2/files/0x0007000000023465-184.dat	upx
behavioral2/files/0x0007000000023464-181.dat	upx
behavioral2/memory/4596-164-0x00007FF7ED580000-0x00007FF7ED8D4000-memory.dmp	upx
behavioral2/memory/4332-163-0x00007FF77DB30000-0x00007FF77DE84000-memory.dmp	upx
behavioral2/memory/4312-162-0x00007FF701D60000-0x00007FF7020B4000-memory.dmp	upx
behavioral2/memory/1676-161-0x00007FF766CC0000-0x00007FF767014000-memory.dmp	upx
behavioral2/memory/4500-160-0x00007FF707360000-0x00007FF7076B4000-memory.dmp	upx
behavioral2/memory/824-159-0x00007FF604B40000-0x00007FF604E94000-memory.dmp	upx
behavioral2/memory/4752-158-0x00007FF659320000-0x00007FF659674000-memory.dmp	upx
behavioral2/memory/2024-156-0x00007FF7D9BE0000-0x00007FF7D9F34000-memory.dmp	upx
behavioral2/memory/4824-155-0x00007FF65C9A0000-0x00007FF65CCF4000-memory.dmp	upx
behavioral2/memory/4468-154-0x00007FF64AB80000-0x00007FF64AED4000-memory.dmp	upx
behavioral2/memory/4396-153-0x00007FF778520000-0x00007FF778874000-memory.dmp	upx
behavioral2/memory/1488-151-0x00007FF666680000-0x00007FF6669D4000-memory.dmp	upx
behavioral2/memory/3480-150-0x00007FF6A23A0000-0x00007FF6A26F4000-memory.dmp	upx
behavioral2/files/0x0007000000023461-148.dat	upx
behavioral2/files/0x0007000000023460-146.dat	upx
behavioral2/memory/1664-145-0x00007FF7BFA80000-0x00007FF7BFDD4000-memory.dmp	upx
behavioral2/files/0x000700000002345a-141.dat	upx
behavioral2/files/0x000700000002345e-139.dat	upx
behavioral2/files/0x0007000000023459-137.dat	upx
behavioral2/files/0x000700000002345d-135.dat	upx
behavioral2/files/0x000700000002345c-133.dat	upx
behavioral2/files/0x000700000002345b-131.dat	upx
behavioral2/memory/4104-130-0x00007FF7DF0C0000-0x00007FF7DF414000-memory.dmp	upx
behavioral2/memory/4916-129-0x00007FF7CE340000-0x00007FF7CE694000-memory.dmp	upx
behavioral2/files/0x0007000000023458-127.dat	upx
behavioral2/files/0x0007000000023457-120.dat	upx
behavioral2/memory/1784-104-0x00007FF7CC730000-0x00007FF7CCA84000-memory.dmp	upx
behavioral2/files/0x0007000000023455-95.dat	upx
behavioral2/files/0x0007000000023454-94.dat	upx
behavioral2/files/0x0007000000023452-84.dat	upx
behavioral2/files/0x0007000000023451-82.dat	upx
behavioral2/memory/1724-81-0x00007FF66CB40000-0x00007FF66CE94000-memory.dmp	upx
behavioral2/memory/4440-80-0x00007FF69B440000-0x00007FF69B794000-memory.dmp	upx
behavioral2/files/0x0007000000023450-71.dat	upx
behavioral2/memory/3104-69-0x00007FF64DDD0000-0x00007FF64E124000-memory.dmp	upx
behavioral2/files/0x000700000002344e-59.dat	upx
behavioral2/files/0x000700000002344f-54.dat	upx
behavioral2/files/0x000700000002344c-43.dat	upx
behavioral2/files/0x000700000002344a-30.dat	upx
behavioral2/memory/1124-25-0x00007FF6A7F00000-0x00007FF6A8254000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JUTUpOk.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\OUZAzJp.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\BcDrFSF.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\OcrtMBr.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\keKwNnZ.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\ghNbftJ.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\UTXBFev.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\KAAoVle.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\TJDeZYV.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\mAVZuop.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\ioXfRkX.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\LWhjsPH.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\jVgNWmx.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\TUzAEuw.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\nocVPhO.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\qcWSeZX.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\VZQIxWa.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\aIbtyMf.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\ONPLknj.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\pmXMCPF.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\MUVLLpm.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\QTfTPcb.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\LSWWPNN.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\MgcKCzO.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\kxvIGZr.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\hegweNl.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\rrMoBxJ.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\GpZUeSU.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\MySgYIb.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\qGwIkFk.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\yBcUOTL.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\oGakZLo.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\kdKurVk.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\vOyYJDK.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\rhroxWy.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\CFsSUIU.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\BwxRYkH.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\dDoUSna.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\EUyVPYy.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\aRJJyEW.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\FOPbYSq.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\AvRVOvH.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\JMyHkKT.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\LgFLmCL.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\wYPpzcS.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\oNUDaXP.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\HOTtTcw.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\fJvWtdk.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\LgSGMTn.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\jNNmjtc.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\hNythoy.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\KSlDvAT.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\cakoiVV.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\zCqXFPL.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\VzWfmmv.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\nztHFoW.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\frJlAwV.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\suYutlO.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\DbdBzkv.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\uxsJSex.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\SMLBZbt.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\bpknUAu.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\QTMDVJp.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
File created	C:\Windows\System\ftgDRDn.exe	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13928	dwm.exe
Token: SeChangeNotifyPrivilege	13928	dwm.exe
Token: 33	13928	dwm.exe
Token: SeIncBasePriorityPrivilege	13928	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 2256	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	83
PID 4648 wrote to memory of 2256	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	83
PID 4648 wrote to memory of 1124	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	84
PID 4648 wrote to memory of 1124	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	84
PID 4648 wrote to memory of 1936	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	85
PID 4648 wrote to memory of 1936	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	85
PID 4648 wrote to memory of 1612	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	86
PID 4648 wrote to memory of 1612	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	86
PID 4648 wrote to memory of 2776	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	87
PID 4648 wrote to memory of 2776	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	87
PID 4648 wrote to memory of 4752	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	88
PID 4648 wrote to memory of 4752	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	88
PID 4648 wrote to memory of 3104	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	89
PID 4648 wrote to memory of 3104	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	89
PID 4648 wrote to memory of 4440	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	90
PID 4648 wrote to memory of 4440	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	90
PID 4648 wrote to memory of 824	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	91
PID 4648 wrote to memory of 824	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	91
PID 4648 wrote to memory of 1724	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	92
PID 4648 wrote to memory of 1724	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	92
PID 4648 wrote to memory of 4500	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	93
PID 4648 wrote to memory of 4500	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	93
PID 4648 wrote to memory of 1784	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	94
PID 4648 wrote to memory of 1784	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	94
PID 4648 wrote to memory of 3900	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	95
PID 4648 wrote to memory of 3900	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	95
PID 4648 wrote to memory of 1676	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	96
PID 4648 wrote to memory of 1676	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	96
PID 4648 wrote to memory of 4916	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	97
PID 4648 wrote to memory of 4916	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	97
PID 4648 wrote to memory of 4104	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	98
PID 4648 wrote to memory of 4104	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	98
PID 4648 wrote to memory of 1664	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	99
PID 4648 wrote to memory of 1664	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	99
PID 4648 wrote to memory of 4312	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	100
PID 4648 wrote to memory of 4312	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	100
PID 4648 wrote to memory of 3480	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	101
PID 4648 wrote to memory of 3480	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	101
PID 4648 wrote to memory of 4468	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	102
PID 4648 wrote to memory of 4468	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	102
PID 4648 wrote to memory of 4332	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	103
PID 4648 wrote to memory of 4332	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	103
PID 4648 wrote to memory of 1488	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	104
PID 4648 wrote to memory of 1488	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	104
PID 4648 wrote to memory of 2516	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	105
PID 4648 wrote to memory of 2516	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	105
PID 4648 wrote to memory of 4396	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	106
PID 4648 wrote to memory of 4396	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	106
PID 4648 wrote to memory of 4824	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	107
PID 4648 wrote to memory of 4824	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	107
PID 4648 wrote to memory of 4596	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	108
PID 4648 wrote to memory of 4596	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	108
PID 4648 wrote to memory of 2024	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	109
PID 4648 wrote to memory of 2024	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	109
PID 4648 wrote to memory of 2972	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	110
PID 4648 wrote to memory of 2972	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	110
PID 4648 wrote to memory of 3164	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	111
PID 4648 wrote to memory of 3164	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	111
PID 4648 wrote to memory of 3640	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	112
PID 4648 wrote to memory of 3640	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	112
PID 4648 wrote to memory of 4944	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	113
PID 4648 wrote to memory of 4944	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	113
PID 4648 wrote to memory of 1316	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	114
PID 4648 wrote to memory of 1316	4648	55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe	114

C:\Users\Admin\AppData\Local\Temp\55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe
"C:\Users\Admin\AppData\Local\Temp\55eaabbb16b2ba31a643f392782ea6ed3c3e41acd917155a18879076c61d6369.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Windows\System\YEgVzMl.exe
  C:\Windows\System\YEgVzMl.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\qcWSeZX.exe
  C:\Windows\System\qcWSeZX.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\xtbArUI.exe
  C:\Windows\System\xtbArUI.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\Knxcams.exe
  C:\Windows\System\Knxcams.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\nywvSzH.exe
  C:\Windows\System\nywvSzH.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\royDngN.exe
  C:\Windows\System\royDngN.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\rlwBjcs.exe
  C:\Windows\System\rlwBjcs.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\TVSrNOM.exe
  C:\Windows\System\TVSrNOM.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\MvrFOOY.exe
  C:\Windows\System\MvrFOOY.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\XxtpKJb.exe
  C:\Windows\System\XxtpKJb.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\oCXcnNp.exe
  C:\Windows\System\oCXcnNp.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\OAGapKR.exe
  C:\Windows\System\OAGapKR.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\GQOVhIn.exe
  C:\Windows\System\GQOVhIn.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\VtjAJGD.exe
  C:\Windows\System\VtjAJGD.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\CVtihcH.exe
  C:\Windows\System\CVtihcH.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\krIIMJy.exe
  C:\Windows\System\krIIMJy.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\ZZrXRbk.exe
  C:\Windows\System\ZZrXRbk.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ENSOpVN.exe
  C:\Windows\System\ENSOpVN.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\YHsCWdJ.exe
  C:\Windows\System\YHsCWdJ.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\QTPQeSm.exe
  C:\Windows\System\QTPQeSm.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\nztHFoW.exe
  C:\Windows\System\nztHFoW.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\hLoNbUL.exe
  C:\Windows\System\hLoNbUL.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\jBbJAMG.exe
  C:\Windows\System\jBbJAMG.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\moufWnV.exe
  C:\Windows\System\moufWnV.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\burtIsr.exe
  C:\Windows\System\burtIsr.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\BBIiFOJ.exe
  C:\Windows\System\BBIiFOJ.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\yIvdmlT.exe
  C:\Windows\System\yIvdmlT.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\JiFhLTJ.exe
  C:\Windows\System\JiFhLTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\DqYdflB.exe
  C:\Windows\System\DqYdflB.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\GakCeUi.exe
  C:\Windows\System\GakCeUi.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\tywmlks.exe
  C:\Windows\System\tywmlks.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\tGXNthY.exe
  C:\Windows\System\tGXNthY.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\aRJJyEW.exe
  C:\Windows\System\aRJJyEW.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\iMoaBXs.exe
  C:\Windows\System\iMoaBXs.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\CCDDJGq.exe
  C:\Windows\System\CCDDJGq.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\EqBgAUl.exe
  C:\Windows\System\EqBgAUl.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\khoLDHZ.exe
  C:\Windows\System\khoLDHZ.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\zEQKGwq.exe
  C:\Windows\System\zEQKGwq.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\vZAVmyV.exe
  C:\Windows\System\vZAVmyV.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\PZVJKLO.exe
  C:\Windows\System\PZVJKLO.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\oWOpYJE.exe
  C:\Windows\System\oWOpYJE.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\ZBmDfqf.exe
  C:\Windows\System\ZBmDfqf.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\qYathvm.exe
  C:\Windows\System\qYathvm.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\AfPaPVB.exe
  C:\Windows\System\AfPaPVB.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\ZfKRGCs.exe
  C:\Windows\System\ZfKRGCs.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\xWsfQRJ.exe
  C:\Windows\System\xWsfQRJ.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\ilAlNrB.exe
  C:\Windows\System\ilAlNrB.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\SyjriKJ.exe
  C:\Windows\System\SyjriKJ.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\WZIsyPM.exe
  C:\Windows\System\WZIsyPM.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\ZaMysxi.exe
  C:\Windows\System\ZaMysxi.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\XRJWtVQ.exe
  C:\Windows\System\XRJWtVQ.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\qhzypRQ.exe
  C:\Windows\System\qhzypRQ.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\LSWWPNN.exe
  C:\Windows\System\LSWWPNN.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\EtOhPMr.exe
  C:\Windows\System\EtOhPMr.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\MESzEip.exe
  C:\Windows\System\MESzEip.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\coNSuIX.exe
  C:\Windows\System\coNSuIX.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\erqRNqD.exe
  C:\Windows\System\erqRNqD.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\mQqzLSa.exe
  C:\Windows\System\mQqzLSa.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\NxGNYXd.exe
  C:\Windows\System\NxGNYXd.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\nLWBqMm.exe
  C:\Windows\System\nLWBqMm.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\jCMmnxq.exe
  C:\Windows\System\jCMmnxq.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\DafyhXa.exe
  C:\Windows\System\DafyhXa.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\MgcKCzO.exe
  C:\Windows\System\MgcKCzO.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\GEALPTM.exe
  C:\Windows\System\GEALPTM.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\vdvkFtL.exe
  C:\Windows\System\vdvkFtL.exe
  2⤵
  PID:3324
- C:\Windows\System\FOPbYSq.exe
  C:\Windows\System\FOPbYSq.exe
  2⤵
  PID:4508
- C:\Windows\System\WsEqgUx.exe
  C:\Windows\System\WsEqgUx.exe
  2⤵
  PID:1596
- C:\Windows\System\GOiGBCb.exe
  C:\Windows\System\GOiGBCb.exe
  2⤵
  PID:536
- C:\Windows\System\UEMiHlb.exe
  C:\Windows\System\UEMiHlb.exe
  2⤵
  PID:4804
- C:\Windows\System\COjvcxT.exe
  C:\Windows\System\COjvcxT.exe
  2⤵
  PID:4668
- C:\Windows\System\mGkEopG.exe
  C:\Windows\System\mGkEopG.exe
  2⤵
  PID:3096
- C:\Windows\System\ioXfRkX.exe
  C:\Windows\System\ioXfRkX.exe
  2⤵
  PID:4956
- C:\Windows\System\MBSdXKW.exe
  C:\Windows\System\MBSdXKW.exe
  2⤵
  PID:2912
- C:\Windows\System\RnNLOKu.exe
  C:\Windows\System\RnNLOKu.exe
  2⤵
  PID:3680
- C:\Windows\System\OzRKyYg.exe
  C:\Windows\System\OzRKyYg.exe
  2⤵
  PID:4076
- C:\Windows\System\wYPpzcS.exe
  C:\Windows\System\wYPpzcS.exe
  2⤵
  PID:2164
- C:\Windows\System\bMfHDwj.exe
  C:\Windows\System\bMfHDwj.exe
  2⤵
  PID:1304
- C:\Windows\System\AXyJgRY.exe
  C:\Windows\System\AXyJgRY.exe
  2⤵
  PID:4912
- C:\Windows\System\nFbxTNy.exe
  C:\Windows\System\nFbxTNy.exe
  2⤵
  PID:1560
- C:\Windows\System\hScYAgN.exe
  C:\Windows\System\hScYAgN.exe
  2⤵
  PID:5136
- C:\Windows\System\oCUpcnQ.exe
  C:\Windows\System\oCUpcnQ.exe
  2⤵
  PID:5152
- C:\Windows\System\UuRCsue.exe
  C:\Windows\System\UuRCsue.exe
  2⤵
  PID:5168
- C:\Windows\System\IeJcWem.exe
  C:\Windows\System\IeJcWem.exe
  2⤵
  PID:5184
- C:\Windows\System\iYekjHx.exe
  C:\Windows\System\iYekjHx.exe
  2⤵
  PID:5200
- C:\Windows\System\gWubiun.exe
  C:\Windows\System\gWubiun.exe
  2⤵
  PID:5216
- C:\Windows\System\ZsjFJjb.exe
  C:\Windows\System\ZsjFJjb.exe
  2⤵
  PID:5232
- C:\Windows\System\myWtbTG.exe
  C:\Windows\System\myWtbTG.exe
  2⤵
  PID:5248
- C:\Windows\System\BxRimFi.exe
  C:\Windows\System\BxRimFi.exe
  2⤵
  PID:5264
- C:\Windows\System\LWhjsPH.exe
  C:\Windows\System\LWhjsPH.exe
  2⤵
  PID:5280
- C:\Windows\System\ROrQzkD.exe
  C:\Windows\System\ROrQzkD.exe
  2⤵
  PID:5296
- C:\Windows\System\exMDIOx.exe
  C:\Windows\System\exMDIOx.exe
  2⤵
  PID:5312
- C:\Windows\System\pHAZPAF.exe
  C:\Windows\System\pHAZPAF.exe
  2⤵
  PID:5328
- C:\Windows\System\sAPmmmI.exe
  C:\Windows\System\sAPmmmI.exe
  2⤵
  PID:5344
- C:\Windows\System\qAqUmOu.exe
  C:\Windows\System\qAqUmOu.exe
  2⤵
  PID:5604
- C:\Windows\System\fhcEAkt.exe
  C:\Windows\System\fhcEAkt.exe
  2⤵
  PID:5620
- C:\Windows\System\meoiVEU.exe
  C:\Windows\System\meoiVEU.exe
  2⤵
  PID:5636
- C:\Windows\System\frJlAwV.exe
  C:\Windows\System\frJlAwV.exe
  2⤵
  PID:5652
- C:\Windows\System\INvevzW.exe
  C:\Windows\System\INvevzW.exe
  2⤵
  PID:5668
- C:\Windows\System\vjlTKlF.exe
  C:\Windows\System\vjlTKlF.exe
  2⤵
  PID:5684
- C:\Windows\System\nSXAtuf.exe
  C:\Windows\System\nSXAtuf.exe
  2⤵
  PID:5704
- C:\Windows\System\uDAyaKe.exe
  C:\Windows\System\uDAyaKe.exe
  2⤵
  PID:5728
- C:\Windows\System\tumMKXu.exe
  C:\Windows\System\tumMKXu.exe
  2⤵
  PID:5744
- C:\Windows\System\WFjYdbG.exe
  C:\Windows\System\WFjYdbG.exe
  2⤵
  PID:5776
- C:\Windows\System\uasVJEI.exe
  C:\Windows\System\uasVJEI.exe
  2⤵
  PID:5820
- C:\Windows\System\wwkZrqp.exe
  C:\Windows\System\wwkZrqp.exe
  2⤵
  PID:5852
- C:\Windows\System\FvCFxkD.exe
  C:\Windows\System\FvCFxkD.exe
  2⤵
  PID:5892
- C:\Windows\System\lGcIzXR.exe
  C:\Windows\System\lGcIzXR.exe
  2⤵
  PID:5916
- C:\Windows\System\HizKjoq.exe
  C:\Windows\System\HizKjoq.exe
  2⤵
  PID:5940
- C:\Windows\System\YJQLlyU.exe
  C:\Windows\System\YJQLlyU.exe
  2⤵
  PID:5976
- C:\Windows\System\UYGvIzJ.exe
  C:\Windows\System\UYGvIzJ.exe
  2⤵
  PID:6000
- C:\Windows\System\qKvBDSy.exe
  C:\Windows\System\qKvBDSy.exe
  2⤵
  PID:6036
- C:\Windows\System\NBDjIPU.exe
  C:\Windows\System\NBDjIPU.exe
  2⤵
  PID:6084
- C:\Windows\System\HzeUMNi.exe
  C:\Windows\System\HzeUMNi.exe
  2⤵
  PID:6128
- C:\Windows\System\IpUsbhC.exe
  C:\Windows\System\IpUsbhC.exe
  2⤵
  PID:1100
- C:\Windows\System\HOrnRGM.exe
  C:\Windows\System\HOrnRGM.exe
  2⤵
  PID:1480
- C:\Windows\System\PLUACYh.exe
  C:\Windows\System\PLUACYh.exe
  2⤵
  PID:4092
- C:\Windows\System\JdQrbTk.exe
  C:\Windows\System\JdQrbTk.exe
  2⤵
  PID:1344
- C:\Windows\System\KnaOcdl.exe
  C:\Windows\System\KnaOcdl.exe
  2⤵
  PID:4624
- C:\Windows\System\AEYagGR.exe
  C:\Windows\System\AEYagGR.exe
  2⤵
  PID:3612
- C:\Windows\System\iDegauf.exe
  C:\Windows\System\iDegauf.exe
  2⤵
  PID:4504
- C:\Windows\System\ThSStZf.exe
  C:\Windows\System\ThSStZf.exe
  2⤵
  PID:5148
- C:\Windows\System\jJJNrFt.exe
  C:\Windows\System\jJJNrFt.exe
  2⤵
  PID:5208
- C:\Windows\System\vKDXAcz.exe
  C:\Windows\System\vKDXAcz.exe
  2⤵
  PID:5260
- C:\Windows\System\juUZYWK.exe
  C:\Windows\System\juUZYWK.exe
  2⤵
  PID:5320
- C:\Windows\System\ztkxrtU.exe
  C:\Windows\System\ztkxrtU.exe
  2⤵
  PID:5380
- C:\Windows\System\DsQviJS.exe
  C:\Windows\System\DsQviJS.exe
  2⤵
  PID:5424
- C:\Windows\System\kNMydtp.exe
  C:\Windows\System\kNMydtp.exe
  2⤵
  PID:2564
- C:\Windows\System\ZUMgKDp.exe
  C:\Windows\System\ZUMgKDp.exe
  2⤵
  PID:2600
- C:\Windows\System\iQYaOvB.exe
  C:\Windows\System\iQYaOvB.exe
  2⤵
  PID:3224
- C:\Windows\System\vtfWzJT.exe
  C:\Windows\System\vtfWzJT.exe
  2⤵
  PID:4040
- C:\Windows\System\vfoCpJD.exe
  C:\Windows\System\vfoCpJD.exe
  2⤵
  PID:2148
- C:\Windows\System\LUIoinn.exe
  C:\Windows\System\LUIoinn.exe
  2⤵
  PID:2568
- C:\Windows\System\DqkDwBV.exe
  C:\Windows\System\DqkDwBV.exe
  2⤵
  PID:5056
- C:\Windows\System\ShaPXvl.exe
  C:\Windows\System\ShaPXvl.exe
  2⤵
  PID:3796
- C:\Windows\System\dRueoNb.exe
  C:\Windows\System\dRueoNb.exe
  2⤵
  PID:3444
- C:\Windows\System\nXbZkFE.exe
  C:\Windows\System\nXbZkFE.exe
  2⤵
  PID:3956
- C:\Windows\System\MyjtwzL.exe
  C:\Windows\System\MyjtwzL.exe
  2⤵
  PID:2360
- C:\Windows\System\FtVSGRy.exe
  C:\Windows\System\FtVSGRy.exe
  2⤵
  PID:636
- C:\Windows\System\LpHCGpD.exe
  C:\Windows\System\LpHCGpD.exe
  2⤵
  PID:1680
- C:\Windows\System\vOyYJDK.exe
  C:\Windows\System\vOyYJDK.exe
  2⤵
  PID:1504
- C:\Windows\System\yHrnnDe.exe
  C:\Windows\System\yHrnnDe.exe
  2⤵
  PID:3940
- C:\Windows\System\kzntVgg.exe
  C:\Windows\System\kzntVgg.exe
  2⤵
  PID:1624
- C:\Windows\System\dQiPEat.exe
  C:\Windows\System\dQiPEat.exe
  2⤵
  PID:5052
- C:\Windows\System\VZQIxWa.exe
  C:\Windows\System\VZQIxWa.exe
  2⤵
  PID:5644
- C:\Windows\System\PQGnBSn.exe
  C:\Windows\System\PQGnBSn.exe
  2⤵
  PID:5792
- C:\Windows\System\SvPCIKh.exe
  C:\Windows\System\SvPCIKh.exe
  2⤵
  PID:5876
- C:\Windows\System\fRhgmyJ.exe
  C:\Windows\System\fRhgmyJ.exe
  2⤵
  PID:5908
- C:\Windows\System\JvEsiEg.exe
  C:\Windows\System\JvEsiEg.exe
  2⤵
  PID:5984
- C:\Windows\System\fpbNsmG.exe
  C:\Windows\System\fpbNsmG.exe
  2⤵
  PID:6108
- C:\Windows\System\tTnQNCj.exe
  C:\Windows\System\tTnQNCj.exe
  2⤵
  PID:2544
- C:\Windows\System\rhroxWy.exe
  C:\Windows\System\rhroxWy.exe
  2⤵
  PID:460
- C:\Windows\System\DuwPXau.exe
  C:\Windows\System\DuwPXau.exe
  2⤵
  PID:2204
- C:\Windows\System\gfLbJzH.exe
  C:\Windows\System\gfLbJzH.exe
  2⤵
  PID:5244
- C:\Windows\System\vLWKhRT.exe
  C:\Windows\System\vLWKhRT.exe
  2⤵
  PID:5440
- C:\Windows\System\wNkquMM.exe
  C:\Windows\System\wNkquMM.exe
  2⤵
  PID:4976
- C:\Windows\System\JRWJmax.exe
  C:\Windows\System\JRWJmax.exe
  2⤵
  PID:4424
- C:\Windows\System\YNRwTyU.exe
  C:\Windows\System\YNRwTyU.exe
  2⤵
  PID:4892
- C:\Windows\System\vNdcBQu.exe
  C:\Windows\System\vNdcBQu.exe
  2⤵
  PID:1932
- C:\Windows\System\pjlepjK.exe
  C:\Windows\System\pjlepjK.exe
  2⤵
  PID:3656
- C:\Windows\System\GmVbCpK.exe
  C:\Windows\System\GmVbCpK.exe
  2⤵
  PID:380
- C:\Windows\System\IwXlUPR.exe
  C:\Windows\System\IwXlUPR.exe
  2⤵
  PID:5836
- C:\Windows\System\JaJXWhJ.exe
  C:\Windows\System\JaJXWhJ.exe
  2⤵
  PID:5716
- C:\Windows\System\GsIBTJf.exe
  C:\Windows\System\GsIBTJf.exe
  2⤵
  PID:6032
- C:\Windows\System\uYhDepM.exe
  C:\Windows\System\uYhDepM.exe
  2⤵
  PID:6136
- C:\Windows\System\TFMnuXd.exe
  C:\Windows\System\TFMnuXd.exe
  2⤵
  PID:3704
- C:\Windows\System\HPSlJze.exe
  C:\Windows\System\HPSlJze.exe
  2⤵
  PID:5228
- C:\Windows\System\qLYiqPj.exe
  C:\Windows\System\qLYiqPj.exe
  2⤵
  PID:3936
- C:\Windows\System\OfqZaXg.exe
  C:\Windows\System\OfqZaXg.exe
  2⤵
  PID:1224
- C:\Windows\System\AADYJmy.exe
  C:\Windows\System\AADYJmy.exe
  2⤵
  PID:5304
- C:\Windows\System\icyVgAE.exe
  C:\Windows\System\icyVgAE.exe
  2⤵
  PID:5012
- C:\Windows\System\wQBUZBG.exe
  C:\Windows\System\wQBUZBG.exe
  2⤵
  PID:6024
- C:\Windows\System\uLxUSTX.exe
  C:\Windows\System\uLxUSTX.exe
  2⤵
  PID:5932
- C:\Windows\System\vKuVYwB.exe
  C:\Windows\System\vKuVYwB.exe
  2⤵
  PID:6172
- C:\Windows\System\EjaLnKS.exe
  C:\Windows\System\EjaLnKS.exe
  2⤵
  PID:6212
- C:\Windows\System\mBoxrxX.exe
  C:\Windows\System\mBoxrxX.exe
  2⤵
  PID:6260
- C:\Windows\System\KgTLXSZ.exe
  C:\Windows\System\KgTLXSZ.exe
  2⤵
  PID:6288
- C:\Windows\System\MzZrZHT.exe
  C:\Windows\System\MzZrZHT.exe
  2⤵
  PID:6324
- C:\Windows\System\SkobMQY.exe
  C:\Windows\System\SkobMQY.exe
  2⤵
  PID:6364
- C:\Windows\System\douBqlq.exe
  C:\Windows\System\douBqlq.exe
  2⤵
  PID:6388
- C:\Windows\System\QXGtxbu.exe
  C:\Windows\System\QXGtxbu.exe
  2⤵
  PID:6420
- C:\Windows\System\BYktbMY.exe
  C:\Windows\System\BYktbMY.exe
  2⤵
  PID:6448
- C:\Windows\System\NHHDzan.exe
  C:\Windows\System\NHHDzan.exe
  2⤵
  PID:6476
- C:\Windows\System\NiTRvBB.exe
  C:\Windows\System\NiTRvBB.exe
  2⤵
  PID:6516
- C:\Windows\System\EOCDgqS.exe
  C:\Windows\System\EOCDgqS.exe
  2⤵
  PID:6544
- C:\Windows\System\QWsCwlj.exe
  C:\Windows\System\QWsCwlj.exe
  2⤵
  PID:6572
- C:\Windows\System\yNIQjXN.exe
  C:\Windows\System\yNIQjXN.exe
  2⤵
  PID:6588
- C:\Windows\System\HLjTQMf.exe
  C:\Windows\System\HLjTQMf.exe
  2⤵
  PID:6628
- C:\Windows\System\LkhMRcN.exe
  C:\Windows\System\LkhMRcN.exe
  2⤵
  PID:6644
- C:\Windows\System\CFsSUIU.exe
  C:\Windows\System\CFsSUIU.exe
  2⤵
  PID:6684
- C:\Windows\System\lXuMTLF.exe
  C:\Windows\System\lXuMTLF.exe
  2⤵
  PID:6712
- C:\Windows\System\dcOdOeA.exe
  C:\Windows\System\dcOdOeA.exe
  2⤵
  PID:6748
- C:\Windows\System\eUVeZhU.exe
  C:\Windows\System\eUVeZhU.exe
  2⤵
  PID:6772
- C:\Windows\System\GmGPmhO.exe
  C:\Windows\System\GmGPmhO.exe
  2⤵
  PID:6792
- C:\Windows\System\jVgNWmx.exe
  C:\Windows\System\jVgNWmx.exe
  2⤵
  PID:6816
- C:\Windows\System\ezQmONf.exe
  C:\Windows\System\ezQmONf.exe
  2⤵
  PID:6856
- C:\Windows\System\AHXBdIS.exe
  C:\Windows\System\AHXBdIS.exe
  2⤵
  PID:6888
- C:\Windows\System\dMcEunw.exe
  C:\Windows\System\dMcEunw.exe
  2⤵
  PID:6928
- C:\Windows\System\HPSRJAT.exe
  C:\Windows\System\HPSRJAT.exe
  2⤵
  PID:6952
- C:\Windows\System\ZyuLnek.exe
  C:\Windows\System\ZyuLnek.exe
  2⤵
  PID:6992
- C:\Windows\System\LycABTr.exe
  C:\Windows\System\LycABTr.exe
  2⤵
  PID:7032
- C:\Windows\System\MlYvKDk.exe
  C:\Windows\System\MlYvKDk.exe
  2⤵
  PID:7056
- C:\Windows\System\cOxePjg.exe
  C:\Windows\System\cOxePjg.exe
  2⤵
  PID:7084
- C:\Windows\System\HGgKbgp.exe
  C:\Windows\System\HGgKbgp.exe
  2⤵
  PID:7100
- C:\Windows\System\biPmZbf.exe
  C:\Windows\System\biPmZbf.exe
  2⤵
  PID:7116
- C:\Windows\System\rLHMaMK.exe
  C:\Windows\System\rLHMaMK.exe
  2⤵
  PID:7156
- C:\Windows\System\keKwNnZ.exe
  C:\Windows\System\keKwNnZ.exe
  2⤵
  PID:6224
- C:\Windows\System\cQnosbk.exe
  C:\Windows\System\cQnosbk.exe
  2⤵
  PID:6304
- C:\Windows\System\QtPlqaI.exe
  C:\Windows\System\QtPlqaI.exe
  2⤵
  PID:6356
- C:\Windows\System\TdGICSW.exe
  C:\Windows\System\TdGICSW.exe
  2⤵
  PID:6468
- C:\Windows\System\DIpkJzW.exe
  C:\Windows\System\DIpkJzW.exe
  2⤵
  PID:5904
- C:\Windows\System\RNxgrAZ.exe
  C:\Windows\System\RNxgrAZ.exe
  2⤵
  PID:6496
- C:\Windows\System\oIrehhX.exe
  C:\Windows\System\oIrehhX.exe
  2⤵
  PID:5948
- C:\Windows\System\oNUDaXP.exe
  C:\Windows\System\oNUDaXP.exe
  2⤵
  PID:6600
- C:\Windows\System\WgJyLuC.exe
  C:\Windows\System\WgJyLuC.exe
  2⤵
  PID:6708
- C:\Windows\System\EnxGtaC.exe
  C:\Windows\System\EnxGtaC.exe
  2⤵
  PID:6784
- C:\Windows\System\EzCQcdn.exe
  C:\Windows\System\EzCQcdn.exe
  2⤵
  PID:6828
- C:\Windows\System\uGMuFGr.exe
  C:\Windows\System\uGMuFGr.exe
  2⤵
  PID:6876
- C:\Windows\System\EERasfs.exe
  C:\Windows\System\EERasfs.exe
  2⤵
  PID:6980
- C:\Windows\System\GaAWsUR.exe
  C:\Windows\System\GaAWsUR.exe
  2⤵
  PID:7040
- C:\Windows\System\SSNPcBs.exe
  C:\Windows\System\SSNPcBs.exe
  2⤵
  PID:7080
- C:\Windows\System\OLbPkLv.exe
  C:\Windows\System\OLbPkLv.exe
  2⤵
  PID:6168
- C:\Windows\System\IcywbCh.exe
  C:\Windows\System\IcywbCh.exe
  2⤵
  PID:6508
- C:\Windows\System\EbHTimf.exe
  C:\Windows\System\EbHTimf.exe
  2⤵
  PID:6376
- C:\Windows\System\EHdyboF.exe
  C:\Windows\System\EHdyboF.exe
  2⤵
  PID:6672
- C:\Windows\System\maibPHo.exe
  C:\Windows\System\maibPHo.exe
  2⤵
  PID:2692
- C:\Windows\System\osjoKaS.exe
  C:\Windows\System\osjoKaS.exe
  2⤵
  PID:6944
- C:\Windows\System\taikZIN.exe
  C:\Windows\System\taikZIN.exe
  2⤵
  PID:6332
- C:\Windows\System\KMqxgcV.exe
  C:\Windows\System\KMqxgcV.exe
  2⤵
  PID:3332
- C:\Windows\System\WQwtyet.exe
  C:\Windows\System\WQwtyet.exe
  2⤵
  PID:6812
- C:\Windows\System\uiflmax.exe
  C:\Windows\System\uiflmax.exe
  2⤵
  PID:6348
- C:\Windows\System\yLnyyYY.exe
  C:\Windows\System\yLnyyYY.exe
  2⤵
  PID:6204
- C:\Windows\System\qswzyQV.exe
  C:\Windows\System\qswzyQV.exe
  2⤵
  PID:7184
- C:\Windows\System\pOsaATr.exe
  C:\Windows\System\pOsaATr.exe
  2⤵
  PID:7200
- C:\Windows\System\TySSDKr.exe
  C:\Windows\System\TySSDKr.exe
  2⤵
  PID:7236
- C:\Windows\System\hByFMdI.exe
  C:\Windows\System\hByFMdI.exe
  2⤵
  PID:7268
- C:\Windows\System\arMRLKG.exe
  C:\Windows\System\arMRLKG.exe
  2⤵
  PID:7296
- C:\Windows\System\EsEgVcY.exe
  C:\Windows\System\EsEgVcY.exe
  2⤵
  PID:7324
- C:\Windows\System\FwYiIei.exe
  C:\Windows\System\FwYiIei.exe
  2⤵
  PID:7348
- C:\Windows\System\DnyDqYY.exe
  C:\Windows\System\DnyDqYY.exe
  2⤵
  PID:7368
- C:\Windows\System\SXqxLHk.exe
  C:\Windows\System\SXqxLHk.exe
  2⤵
  PID:7392
- C:\Windows\System\DUiFQVM.exe
  C:\Windows\System\DUiFQVM.exe
  2⤵
  PID:7412
- C:\Windows\System\KPUslhn.exe
  C:\Windows\System\KPUslhn.exe
  2⤵
  PID:7428
- C:\Windows\System\KBHsDaV.exe
  C:\Windows\System\KBHsDaV.exe
  2⤵
  PID:7444
- C:\Windows\System\GZapqWj.exe
  C:\Windows\System\GZapqWj.exe
  2⤵
  PID:7472
- C:\Windows\System\krZYvHR.exe
  C:\Windows\System\krZYvHR.exe
  2⤵
  PID:7512
- C:\Windows\System\cOlPFEQ.exe
  C:\Windows\System\cOlPFEQ.exe
  2⤵
  PID:7548
- C:\Windows\System\XzkrxBZ.exe
  C:\Windows\System\XzkrxBZ.exe
  2⤵
  PID:7576
- C:\Windows\System\gxKLlfd.exe
  C:\Windows\System\gxKLlfd.exe
  2⤵
  PID:7604
- C:\Windows\System\aIbtyMf.exe
  C:\Windows\System\aIbtyMf.exe
  2⤵
  PID:7636
- C:\Windows\System\oGakZLo.exe
  C:\Windows\System\oGakZLo.exe
  2⤵
  PID:7668
- C:\Windows\System\BcDrFSF.exe
  C:\Windows\System\BcDrFSF.exe
  2⤵
  PID:7704
- C:\Windows\System\hAGesPg.exe
  C:\Windows\System\hAGesPg.exe
  2⤵
  PID:7744
- C:\Windows\System\ssYnqcZ.exe
  C:\Windows\System\ssYnqcZ.exe
  2⤵
  PID:7772
- C:\Windows\System\KpCDCpA.exe
  C:\Windows\System\KpCDCpA.exe
  2⤵
  PID:7800
- C:\Windows\System\qhZTJrS.exe
  C:\Windows\System\qhZTJrS.exe
  2⤵
  PID:7828
- C:\Windows\System\dtFakSM.exe
  C:\Windows\System\dtFakSM.exe
  2⤵
  PID:7856
- C:\Windows\System\ONPLknj.exe
  C:\Windows\System\ONPLknj.exe
  2⤵
  PID:7884
- C:\Windows\System\NEHhOxI.exe
  C:\Windows\System\NEHhOxI.exe
  2⤵
  PID:7912
- C:\Windows\System\jmIDZKx.exe
  C:\Windows\System\jmIDZKx.exe
  2⤵
  PID:7940
- C:\Windows\System\SsVEDBc.exe
  C:\Windows\System\SsVEDBc.exe
  2⤵
  PID:7968
- C:\Windows\System\azfbNwW.exe
  C:\Windows\System\azfbNwW.exe
  2⤵
  PID:7996
- C:\Windows\System\sPgjmhw.exe
  C:\Windows\System\sPgjmhw.exe
  2⤵
  PID:8024
- C:\Windows\System\BRDAcmE.exe
  C:\Windows\System\BRDAcmE.exe
  2⤵
  PID:8052
- C:\Windows\System\GqbNqzj.exe
  C:\Windows\System\GqbNqzj.exe
  2⤵
  PID:8080
- C:\Windows\System\VKsRjEw.exe
  C:\Windows\System\VKsRjEw.exe
  2⤵
  PID:8104
- C:\Windows\System\GIZkQKg.exe
  C:\Windows\System\GIZkQKg.exe
  2⤵
  PID:8136
- C:\Windows\System\VQBEsVA.exe
  C:\Windows\System\VQBEsVA.exe
  2⤵
  PID:8164
- C:\Windows\System\LppjsWm.exe
  C:\Windows\System\LppjsWm.exe
  2⤵
  PID:8184
- C:\Windows\System\wyiavPz.exe
  C:\Windows\System\wyiavPz.exe
  2⤵
  PID:7196
- C:\Windows\System\tqDHoKN.exe
  C:\Windows\System\tqDHoKN.exe
  2⤵
  PID:7280
- C:\Windows\System\HDywSNe.exe
  C:\Windows\System\HDywSNe.exe
  2⤵
  PID:7336
- C:\Windows\System\ZwqUwEX.exe
  C:\Windows\System\ZwqUwEX.exe
  2⤵
  PID:7384
- C:\Windows\System\PUIYxyZ.exe
  C:\Windows\System\PUIYxyZ.exe
  2⤵
  PID:7532
- C:\Windows\System\mOWzGjc.exe
  C:\Windows\System\mOWzGjc.exe
  2⤵
  PID:7564
- C:\Windows\System\VxNyZAg.exe
  C:\Windows\System\VxNyZAg.exe
  2⤵
  PID:7620
- C:\Windows\System\JnUUNia.exe
  C:\Windows\System\JnUUNia.exe
  2⤵
  PID:7700
- C:\Windows\System\NIMTtbC.exe
  C:\Windows\System\NIMTtbC.exe
  2⤵
  PID:7784
- C:\Windows\System\rrMoBxJ.exe
  C:\Windows\System\rrMoBxJ.exe
  2⤵
  PID:7824
- C:\Windows\System\NaVXUml.exe
  C:\Windows\System\NaVXUml.exe
  2⤵
  PID:7896
- C:\Windows\System\zoDizKW.exe
  C:\Windows\System\zoDizKW.exe
  2⤵
  PID:7932
- C:\Windows\System\goaFICm.exe
  C:\Windows\System\goaFICm.exe
  2⤵
  PID:7980
- C:\Windows\System\rtjGogf.exe
  C:\Windows\System\rtjGogf.exe
  2⤵
  PID:8064
- C:\Windows\System\lbwXQHb.exe
  C:\Windows\System\lbwXQHb.exe
  2⤵
  PID:8128
- C:\Windows\System\TtNRAPK.exe
  C:\Windows\System\TtNRAPK.exe
  2⤵
  PID:7176
- C:\Windows\System\ftgDRDn.exe
  C:\Windows\System\ftgDRDn.exe
  2⤵
  PID:7308
- C:\Windows\System\HwJrfoH.exe
  C:\Windows\System\HwJrfoH.exe
  2⤵
  PID:7404
- C:\Windows\System\rlguJKT.exe
  C:\Windows\System\rlguJKT.exe
  2⤵
  PID:7628
- C:\Windows\System\ZXZORGj.exe
  C:\Windows\System\ZXZORGj.exe
  2⤵
  PID:7664
- C:\Windows\System\hPfNhXK.exe
  C:\Windows\System\hPfNhXK.exe
  2⤵
  PID:7816
- C:\Windows\System\KBssToM.exe
  C:\Windows\System\KBssToM.exe
  2⤵
  PID:7960
- C:\Windows\System\GozIgkS.exe
  C:\Windows\System\GozIgkS.exe
  2⤵
  PID:8048
- C:\Windows\System\ivAGGbp.exe
  C:\Windows\System\ivAGGbp.exe
  2⤵
  PID:7244
- C:\Windows\System\VaHsnYz.exe
  C:\Windows\System\VaHsnYz.exe
  2⤵
  PID:7492
- C:\Windows\System\heSUyuo.exe
  C:\Windows\System\heSUyuo.exe
  2⤵
  PID:7812
- C:\Windows\System\fJvWtdk.exe
  C:\Windows\System\fJvWtdk.exe
  2⤵
  PID:8100
- C:\Windows\System\YCmCIMo.exe
  C:\Windows\System\YCmCIMo.exe
  2⤵
  PID:8156
- C:\Windows\System\qOmMDzP.exe
  C:\Windows\System\qOmMDzP.exe
  2⤵
  PID:8036
- C:\Windows\System\GpZUeSU.exe
  C:\Windows\System\GpZUeSU.exe
  2⤵
  PID:8220
- C:\Windows\System\UvXbPXQ.exe
  C:\Windows\System\UvXbPXQ.exe
  2⤵
  PID:8248
- C:\Windows\System\HwJyDhy.exe
  C:\Windows\System\HwJyDhy.exe
  2⤵
  PID:8264
- C:\Windows\System\LqZJNeU.exe
  C:\Windows\System\LqZJNeU.exe
  2⤵
  PID:8288
- C:\Windows\System\CffzkVp.exe
  C:\Windows\System\CffzkVp.exe
  2⤵
  PID:8316
- C:\Windows\System\pHVtQQz.exe
  C:\Windows\System\pHVtQQz.exe
  2⤵
  PID:8348
- C:\Windows\System\VLplbuF.exe
  C:\Windows\System\VLplbuF.exe
  2⤵
  PID:8372
- C:\Windows\System\JNUfKnR.exe
  C:\Windows\System\JNUfKnR.exe
  2⤵
  PID:8404
- C:\Windows\System\sPIdmXE.exe
  C:\Windows\System\sPIdmXE.exe
  2⤵
  PID:8444
- C:\Windows\System\mvVEVxS.exe
  C:\Windows\System\mvVEVxS.exe
  2⤵
  PID:8472
- C:\Windows\System\kxvIGZr.exe
  C:\Windows\System\kxvIGZr.exe
  2⤵
  PID:8492
- C:\Windows\System\iXRxckd.exe
  C:\Windows\System\iXRxckd.exe
  2⤵
  PID:8520
- C:\Windows\System\zaBCOxZ.exe
  C:\Windows\System\zaBCOxZ.exe
  2⤵
  PID:8556
- C:\Windows\System\wtLjRxs.exe
  C:\Windows\System\wtLjRxs.exe
  2⤵
  PID:8572
- C:\Windows\System\HQCMYjj.exe
  C:\Windows\System\HQCMYjj.exe
  2⤵
  PID:8612
- C:\Windows\System\pNAHCYG.exe
  C:\Windows\System\pNAHCYG.exe
  2⤵
  PID:8640
- C:\Windows\System\FEURWUD.exe
  C:\Windows\System\FEURWUD.exe
  2⤵
  PID:8668
- C:\Windows\System\KArNbpE.exe
  C:\Windows\System\KArNbpE.exe
  2⤵
  PID:8696
- C:\Windows\System\CWqISpb.exe
  C:\Windows\System\CWqISpb.exe
  2⤵
  PID:8712
- C:\Windows\System\gonaMjs.exe
  C:\Windows\System\gonaMjs.exe
  2⤵
  PID:8740
- C:\Windows\System\VRwWEDr.exe
  C:\Windows\System\VRwWEDr.exe
  2⤵
  PID:8780
- C:\Windows\System\UYSEUtY.exe
  C:\Windows\System\UYSEUtY.exe
  2⤵
  PID:8808
- C:\Windows\System\gFZqhsK.exe
  C:\Windows\System\gFZqhsK.exe
  2⤵
  PID:8824
- C:\Windows\System\PjUOJdP.exe
  C:\Windows\System\PjUOJdP.exe
  2⤵
  PID:8856
- C:\Windows\System\HniXbae.exe
  C:\Windows\System\HniXbae.exe
  2⤵
  PID:8880
- C:\Windows\System\AijCIWA.exe
  C:\Windows\System\AijCIWA.exe
  2⤵
  PID:8920
- C:\Windows\System\tYovwCO.exe
  C:\Windows\System\tYovwCO.exe
  2⤵
  PID:8936
- C:\Windows\System\dpuSwLo.exe
  C:\Windows\System\dpuSwLo.exe
  2⤵
  PID:8952
- C:\Windows\System\mpMUhzR.exe
  C:\Windows\System\mpMUhzR.exe
  2⤵
  PID:8996
- C:\Windows\System\CGiDMrs.exe
  C:\Windows\System\CGiDMrs.exe
  2⤵
  PID:9032
- C:\Windows\System\vJneXeN.exe
  C:\Windows\System\vJneXeN.exe
  2⤵
  PID:9060
- C:\Windows\System\jNNmjtc.exe
  C:\Windows\System\jNNmjtc.exe
  2⤵
  PID:9088
- C:\Windows\System\XXIyOLJ.exe
  C:\Windows\System\XXIyOLJ.exe
  2⤵
  PID:9120
- C:\Windows\System\GiFXxgB.exe
  C:\Windows\System\GiFXxgB.exe
  2⤵
  PID:9136
- C:\Windows\System\wllTRdy.exe
  C:\Windows\System\wllTRdy.exe
  2⤵
  PID:9160
- C:\Windows\System\KeRNkoa.exe
  C:\Windows\System\KeRNkoa.exe
  2⤵
  PID:9184
- C:\Windows\System\jMhMJqk.exe
  C:\Windows\System\jMhMJqk.exe
  2⤵
  PID:7924
- C:\Windows\System\PXPPTSU.exe
  C:\Windows\System\PXPPTSU.exe
  2⤵
  PID:8272
- C:\Windows\System\tQRIPwh.exe
  C:\Windows\System\tQRIPwh.exe
  2⤵
  PID:8340
- C:\Windows\System\BBTbuav.exe
  C:\Windows\System\BBTbuav.exe
  2⤵
  PID:8388
- C:\Windows\System\YzgCQVA.exe
  C:\Windows\System\YzgCQVA.exe
  2⤵
  PID:8436
- C:\Windows\System\oggNzXb.exe
  C:\Windows\System\oggNzXb.exe
  2⤵
  PID:8488
- C:\Windows\System\JsOMxnM.exe
  C:\Windows\System\JsOMxnM.exe
  2⤵
  PID:8540
- C:\Windows\System\sMIwcOu.exe
  C:\Windows\System\sMIwcOu.exe
  2⤵
  PID:8636
- C:\Windows\System\dppshdI.exe
  C:\Windows\System\dppshdI.exe
  2⤵
  PID:8704
- C:\Windows\System\UMyniiw.exe
  C:\Windows\System\UMyniiw.exe
  2⤵
  PID:8800
- C:\Windows\System\yhRSZda.exe
  C:\Windows\System\yhRSZda.exe
  2⤵
  PID:8840
- C:\Windows\System\fDVGmix.exe
  C:\Windows\System\fDVGmix.exe
  2⤵
  PID:8872
- C:\Windows\System\BudksXw.exe
  C:\Windows\System\BudksXw.exe
  2⤵
  PID:8948
- C:\Windows\System\UQQpkAE.exe
  C:\Windows\System\UQQpkAE.exe
  2⤵
  PID:9004
- C:\Windows\System\CyImDBx.exe
  C:\Windows\System\CyImDBx.exe
  2⤵
  PID:9104
- C:\Windows\System\fiBooQQ.exe
  C:\Windows\System\fiBooQQ.exe
  2⤵
  PID:9156
- C:\Windows\System\FTCmLqO.exe
  C:\Windows\System\FTCmLqO.exe
  2⤵
  PID:8244
- C:\Windows\System\bJZFeJG.exe
  C:\Windows\System\bJZFeJG.exe
  2⤵
  PID:8368
- C:\Windows\System\JEsvkJB.exe
  C:\Windows\System\JEsvkJB.exe
  2⤵
  PID:8508
- C:\Windows\System\QluqJjR.exe
  C:\Windows\System\QluqJjR.exe
  2⤵
  PID:8688
- C:\Windows\System\bzyUwQY.exe
  C:\Windows\System\bzyUwQY.exe
  2⤵
  PID:8736
- C:\Windows\System\JRItjDA.exe
  C:\Windows\System\JRItjDA.exe
  2⤵
  PID:8932
- C:\Windows\System\DDAPSCx.exe
  C:\Windows\System\DDAPSCx.exe
  2⤵
  PID:9116
- C:\Windows\System\hNythoy.exe
  C:\Windows\System\hNythoy.exe
  2⤵
  PID:8328
- C:\Windows\System\JxueNRi.exe
  C:\Windows\System\JxueNRi.exe
  2⤵
  PID:1844
- C:\Windows\System\INBiiao.exe
  C:\Windows\System\INBiiao.exe
  2⤵
  PID:8752
- C:\Windows\System\BDflyVd.exe
  C:\Windows\System\BDflyVd.exe
  2⤵
  PID:9056
- C:\Windows\System\MIqMosj.exe
  C:\Windows\System\MIqMosj.exe
  2⤵
  PID:900
- C:\Windows\System\Mvobbtu.exe
  C:\Windows\System\Mvobbtu.exe
  2⤵
  PID:8728
- C:\Windows\System\yVHzPUa.exe
  C:\Windows\System\yVHzPUa.exe
  2⤵
  PID:9224
- C:\Windows\System\oMQJOdp.exe
  C:\Windows\System\oMQJOdp.exe
  2⤵
  PID:9252
- C:\Windows\System\Ffuzjie.exe
  C:\Windows\System\Ffuzjie.exe
  2⤵
  PID:9280
- C:\Windows\System\AJEQrox.exe
  C:\Windows\System\AJEQrox.exe
  2⤵
  PID:9308
- C:\Windows\System\LgSGMTn.exe
  C:\Windows\System\LgSGMTn.exe
  2⤵
  PID:9336
- C:\Windows\System\yzzxkLL.exe
  C:\Windows\System\yzzxkLL.exe
  2⤵
  PID:9364
- C:\Windows\System\lHcDbpF.exe
  C:\Windows\System\lHcDbpF.exe
  2⤵
  PID:9392
- C:\Windows\System\KqDPEEb.exe
  C:\Windows\System\KqDPEEb.exe
  2⤵
  PID:9420
- C:\Windows\System\QVKxPyI.exe
  C:\Windows\System\QVKxPyI.exe
  2⤵
  PID:9436
- C:\Windows\System\vjfmFgP.exe
  C:\Windows\System\vjfmFgP.exe
  2⤵
  PID:9460
- C:\Windows\System\emAuyni.exe
  C:\Windows\System\emAuyni.exe
  2⤵
  PID:9492
- C:\Windows\System\QBzUFDh.exe
  C:\Windows\System\QBzUFDh.exe
  2⤵
  PID:9524
- C:\Windows\System\DebLgJP.exe
  C:\Windows\System\DebLgJP.exe
  2⤵
  PID:9560
- C:\Windows\System\UwdaPmS.exe
  C:\Windows\System\UwdaPmS.exe
  2⤵
  PID:9588
- C:\Windows\System\sbOcRIB.exe
  C:\Windows\System\sbOcRIB.exe
  2⤵
  PID:9616
- C:\Windows\System\olqjhgx.exe
  C:\Windows\System\olqjhgx.exe
  2⤵
  PID:9632
- C:\Windows\System\OyecxvF.exe
  C:\Windows\System\OyecxvF.exe
  2⤵
  PID:9648
- C:\Windows\System\pmXMCPF.exe
  C:\Windows\System\pmXMCPF.exe
  2⤵
  PID:9676
- C:\Windows\System\zkGyqzo.exe
  C:\Windows\System\zkGyqzo.exe
  2⤵
  PID:9716
- C:\Windows\System\MzTDQCR.exe
  C:\Windows\System\MzTDQCR.exe
  2⤵
  PID:9736
- C:\Windows\System\GxdlVPa.exe
  C:\Windows\System\GxdlVPa.exe
  2⤵
  PID:9768
- C:\Windows\System\hegweNl.exe
  C:\Windows\System\hegweNl.exe
  2⤵
  PID:9804
- C:\Windows\System\FGoIgHX.exe
  C:\Windows\System\FGoIgHX.exe
  2⤵
  PID:9832
- C:\Windows\System\zftCQOZ.exe
  C:\Windows\System\zftCQOZ.exe
  2⤵
  PID:9860
- C:\Windows\System\mqSNDIJ.exe
  C:\Windows\System\mqSNDIJ.exe
  2⤵
  PID:9896
- C:\Windows\System\IqAdUzM.exe
  C:\Windows\System\IqAdUzM.exe
  2⤵
  PID:9924
- C:\Windows\System\zItvEPF.exe
  C:\Windows\System\zItvEPF.exe
  2⤵
  PID:9956
- C:\Windows\System\ghNbftJ.exe
  C:\Windows\System\ghNbftJ.exe
  2⤵
  PID:9984
- C:\Windows\System\oNnSbYQ.exe
  C:\Windows\System\oNnSbYQ.exe
  2⤵
  PID:10012
- C:\Windows\System\HkKgWXY.exe
  C:\Windows\System\HkKgWXY.exe
  2⤵
  PID:10040
- C:\Windows\System\yqUuaKU.exe
  C:\Windows\System\yqUuaKU.exe
  2⤵
  PID:10068
- C:\Windows\System\atmydvo.exe
  C:\Windows\System\atmydvo.exe
  2⤵
  PID:10084
- C:\Windows\System\JMyHkKT.exe
  C:\Windows\System\JMyHkKT.exe
  2⤵
  PID:10116
- C:\Windows\System\SISeZJx.exe
  C:\Windows\System\SISeZJx.exe
  2⤵
  PID:10152
- C:\Windows\System\EWExCLP.exe
  C:\Windows\System\EWExCLP.exe
  2⤵
  PID:10180
- C:\Windows\System\pVMZyZf.exe
  C:\Windows\System\pVMZyZf.exe
  2⤵
  PID:10208
- C:\Windows\System\IKtJHch.exe
  C:\Windows\System\IKtJHch.exe
  2⤵
  PID:10236
- C:\Windows\System\wIDEiic.exe
  C:\Windows\System\wIDEiic.exe
  2⤵
  PID:9264
- C:\Windows\System\uxsJSex.exe
  C:\Windows\System\uxsJSex.exe
  2⤵
  PID:9332
- C:\Windows\System\JlgrbhN.exe
  C:\Windows\System\JlgrbhN.exe
  2⤵
  PID:9376
- C:\Windows\System\SMLBZbt.exe
  C:\Windows\System\SMLBZbt.exe
  2⤵
  PID:9480
- C:\Windows\System\HbGAHIa.exe
  C:\Windows\System\HbGAHIa.exe
  2⤵
  PID:9508
- C:\Windows\System\VHridac.exe
  C:\Windows\System\VHridac.exe
  2⤵
  PID:9572
- C:\Windows\System\khskjVC.exe
  C:\Windows\System\khskjVC.exe
  2⤵
  PID:9624
- C:\Windows\System\LgFLmCL.exe
  C:\Windows\System\LgFLmCL.exe
  2⤵
  PID:9660
- C:\Windows\System\ibOHpGE.exe
  C:\Windows\System\ibOHpGE.exe
  2⤵
  PID:9748
- C:\Windows\System\vRWryqQ.exe
  C:\Windows\System\vRWryqQ.exe
  2⤵
  PID:9844
- C:\Windows\System\SoPLxoC.exe
  C:\Windows\System\SoPLxoC.exe
  2⤵
  PID:9912
- C:\Windows\System\dZXMwHZ.exe
  C:\Windows\System\dZXMwHZ.exe
  2⤵
  PID:9952
- C:\Windows\System\AtHqpAn.exe
  C:\Windows\System\AtHqpAn.exe
  2⤵
  PID:376
- C:\Windows\System\ZgejTMP.exe
  C:\Windows\System\ZgejTMP.exe
  2⤵
  PID:10080
- C:\Windows\System\RBELklc.exe
  C:\Windows\System\RBELklc.exe
  2⤵
  PID:10140
- C:\Windows\System\MUVLLpm.exe
  C:\Windows\System\MUVLLpm.exe
  2⤵
  PID:10220
- C:\Windows\System\fFAdrba.exe
  C:\Windows\System\fFAdrba.exe
  2⤵
  PID:9304
- C:\Windows\System\cKuynsC.exe
  C:\Windows\System\cKuynsC.exe
  2⤵
  PID:9380
- C:\Windows\System\iwiVJzK.exe
  C:\Windows\System\iwiVJzK.exe
  2⤵
  PID:9552
- C:\Windows\System\fjxjfEA.exe
  C:\Windows\System\fjxjfEA.exe
  2⤵
  PID:9688
- C:\Windows\System\BGhWZJR.exe
  C:\Windows\System\BGhWZJR.exe
  2⤵
  PID:9820
- C:\Windows\System\EDEqbJL.exe
  C:\Windows\System\EDEqbJL.exe
  2⤵
  PID:10024
- C:\Windows\System\KPgvCJN.exe
  C:\Windows\System\KPgvCJN.exe
  2⤵
  PID:10176
- C:\Windows\System\KHAcWfg.exe
  C:\Windows\System\KHAcWfg.exe
  2⤵
  PID:9236
- C:\Windows\System\wVsmkNn.exe
  C:\Windows\System\wVsmkNn.exe
  2⤵
  PID:9504
- C:\Windows\System\LAkQgNb.exe
  C:\Windows\System\LAkQgNb.exe
  2⤵
  PID:9940
- C:\Windows\System\kVSzAVx.exe
  C:\Windows\System\kVSzAVx.exe
  2⤵
  PID:9096
- C:\Windows\System\ffrHsiF.exe
  C:\Windows\System\ffrHsiF.exe
  2⤵
  PID:3460
- C:\Windows\System\CuAgjcI.exe
  C:\Windows\System\CuAgjcI.exe
  2⤵
  PID:10260
- C:\Windows\System\CFrJhEi.exe
  C:\Windows\System\CFrJhEi.exe
  2⤵
  PID:10288
- C:\Windows\System\rRCAcgX.exe
  C:\Windows\System\rRCAcgX.exe
  2⤵
  PID:10304
- C:\Windows\System\uwdRvjO.exe
  C:\Windows\System\uwdRvjO.exe
  2⤵
  PID:10332
- C:\Windows\System\aPlKluL.exe
  C:\Windows\System\aPlKluL.exe
  2⤵
  PID:10364
- C:\Windows\System\JvuPrnl.exe
  C:\Windows\System\JvuPrnl.exe
  2⤵
  PID:10388
- C:\Windows\System\KSlDvAT.exe
  C:\Windows\System\KSlDvAT.exe
  2⤵
  PID:10408
- C:\Windows\System\pzHwuqc.exe
  C:\Windows\System\pzHwuqc.exe
  2⤵
  PID:10428
- C:\Windows\System\bzzXyjr.exe
  C:\Windows\System\bzzXyjr.exe
  2⤵
  PID:10456
- C:\Windows\System\BSsRYZo.exe
  C:\Windows\System\BSsRYZo.exe
  2⤵
  PID:10488
- C:\Windows\System\dhjtbll.exe
  C:\Windows\System\dhjtbll.exe
  2⤵
  PID:10516
- C:\Windows\System\KVNmNRh.exe
  C:\Windows\System\KVNmNRh.exe
  2⤵
  PID:10556
- C:\Windows\System\crjJfiv.exe
  C:\Windows\System\crjJfiv.exe
  2⤵
  PID:10584
- C:\Windows\System\YweUycP.exe
  C:\Windows\System\YweUycP.exe
  2⤵
  PID:10612
- C:\Windows\System\banHQTE.exe
  C:\Windows\System\banHQTE.exe
  2⤵
  PID:10640
- C:\Windows\System\dPpkMTY.exe
  C:\Windows\System\dPpkMTY.exe
  2⤵
  PID:10672
- C:\Windows\System\IElItqb.exe
  C:\Windows\System\IElItqb.exe
  2⤵
  PID:10708
- C:\Windows\System\owcXRya.exe
  C:\Windows\System\owcXRya.exe
  2⤵
  PID:10736
- C:\Windows\System\UzoErgH.exe
  C:\Windows\System\UzoErgH.exe
  2⤵
  PID:10764
- C:\Windows\System\hFFtIEf.exe
  C:\Windows\System\hFFtIEf.exe
  2⤵
  PID:10792
- C:\Windows\System\cXvqLoG.exe
  C:\Windows\System\cXvqLoG.exe
  2⤵
  PID:10820
- C:\Windows\System\XchCShr.exe
  C:\Windows\System\XchCShr.exe
  2⤵
  PID:10836
- C:\Windows\System\hCMCiMV.exe
  C:\Windows\System\hCMCiMV.exe
  2⤵
  PID:10864
- C:\Windows\System\kuVaHUo.exe
  C:\Windows\System\kuVaHUo.exe
  2⤵
  PID:10892
- C:\Windows\System\IpqqiVq.exe
  C:\Windows\System\IpqqiVq.exe
  2⤵
  PID:10924
- C:\Windows\System\UTXBFev.exe
  C:\Windows\System\UTXBFev.exe
  2⤵
  PID:10952
- C:\Windows\System\vvIysbx.exe
  C:\Windows\System\vvIysbx.exe
  2⤵
  PID:10988
- C:\Windows\System\uvNwIpz.exe
  C:\Windows\System\uvNwIpz.exe
  2⤵
  PID:11020
- C:\Windows\System\KAAoVle.exe
  C:\Windows\System\KAAoVle.exe
  2⤵
  PID:11048
- C:\Windows\System\xWpxvfs.exe
  C:\Windows\System\xWpxvfs.exe
  2⤵
  PID:11064
- C:\Windows\System\nHwnwYx.exe
  C:\Windows\System\nHwnwYx.exe
  2⤵
  PID:11092
- C:\Windows\System\jPtAXRn.exe
  C:\Windows\System\jPtAXRn.exe
  2⤵
  PID:11128
- C:\Windows\System\AtVwIUD.exe
  C:\Windows\System\AtVwIUD.exe
  2⤵
  PID:11160
- C:\Windows\System\YCmPYtJ.exe
  C:\Windows\System\YCmPYtJ.exe
  2⤵
  PID:11188
- C:\Windows\System\kwCUItW.exe
  C:\Windows\System\kwCUItW.exe
  2⤵
  PID:11208
- C:\Windows\System\ZzMCVeK.exe
  C:\Windows\System\ZzMCVeK.exe
  2⤵
  PID:11232
- C:\Windows\System\xvNChKQ.exe
  C:\Windows\System\xvNChKQ.exe
  2⤵
  PID:11260
- C:\Windows\System\huaWpLD.exe
  C:\Windows\System\huaWpLD.exe
  2⤵
  PID:10296
- C:\Windows\System\oydyuPA.exe
  C:\Windows\System\oydyuPA.exe
  2⤵
  PID:10372
- C:\Windows\System\CwpyZyA.exe
  C:\Windows\System\CwpyZyA.exe
  2⤵
  PID:10424
- C:\Windows\System\hoDbYJT.exe
  C:\Windows\System\hoDbYJT.exe
  2⤵
  PID:10480
- C:\Windows\System\WHGKFMP.exe
  C:\Windows\System\WHGKFMP.exe
  2⤵
  PID:9764
- C:\Windows\System\jWwntco.exe
  C:\Windows\System\jWwntco.exe
  2⤵
  PID:10572
- C:\Windows\System\OCOlhiJ.exe
  C:\Windows\System\OCOlhiJ.exe
  2⤵
  PID:10668
- C:\Windows\System\BhaUFBT.exe
  C:\Windows\System\BhaUFBT.exe
  2⤵
  PID:10756
- C:\Windows\System\LxtTJeq.exe
  C:\Windows\System\LxtTJeq.exe
  2⤵
  PID:10880
- C:\Windows\System\ilgLKfq.exe
  C:\Windows\System\ilgLKfq.exe
  2⤵
  PID:10904
- C:\Windows\System\tqtRRst.exe
  C:\Windows\System\tqtRRst.exe
  2⤵
  PID:10984
- C:\Windows\System\ILBldmg.exe
  C:\Windows\System\ILBldmg.exe
  2⤵
  PID:11040
- C:\Windows\System\umOXCKk.exe
  C:\Windows\System\umOXCKk.exe
  2⤵
  PID:11088
- C:\Windows\System\NwAjcwh.exe
  C:\Windows\System\NwAjcwh.exe
  2⤵
  PID:11172
- C:\Windows\System\FAOpOpZ.exe
  C:\Windows\System\FAOpOpZ.exe
  2⤵
  PID:11244
- C:\Windows\System\cBKAvns.exe
  C:\Windows\System\cBKAvns.exe
  2⤵
  PID:10300
- C:\Windows\System\lJAhxUA.exe
  C:\Windows\System\lJAhxUA.exe
  2⤵
  PID:10404
- C:\Windows\System\MuDHkMC.exe
  C:\Windows\System\MuDHkMC.exe
  2⤵
  PID:10600
- C:\Windows\System\MltbkfJ.exe
  C:\Windows\System\MltbkfJ.exe
  2⤵
  PID:10748
- C:\Windows\System\DLgNGpE.exe
  C:\Windows\System\DLgNGpE.exe
  2⤵
  PID:10848
- C:\Windows\System\CKalexe.exe
  C:\Windows\System\CKalexe.exe
  2⤵
  PID:11016
- C:\Windows\System\sSkIuVy.exe
  C:\Windows\System\sSkIuVy.exe
  2⤵
  PID:11136
- C:\Windows\System\BwxRYkH.exe
  C:\Windows\System\BwxRYkH.exe
  2⤵
  PID:10352
- C:\Windows\System\KqoAnzj.exe
  C:\Windows\System\KqoAnzj.exe
  2⤵
  PID:10628
- C:\Windows\System\SzLOjGC.exe
  C:\Windows\System\SzLOjGC.exe
  2⤵
  PID:10512
- C:\Windows\System\rAYctIP.exe
  C:\Windows\System\rAYctIP.exe
  2⤵
  PID:10660
- C:\Windows\System\uCTVVfu.exe
  C:\Windows\System\uCTVVfu.exe
  2⤵
  PID:11216
- C:\Windows\System\syeKHgr.exe
  C:\Windows\System\syeKHgr.exe
  2⤵
  PID:11284
- C:\Windows\System\OcrtMBr.exe
  C:\Windows\System\OcrtMBr.exe
  2⤵
  PID:11312
- C:\Windows\System\WmqwYEC.exe
  C:\Windows\System\WmqwYEC.exe
  2⤵
  PID:11344
- C:\Windows\System\FGyUpnN.exe
  C:\Windows\System\FGyUpnN.exe
  2⤵
  PID:11380
- C:\Windows\System\dKfpTTM.exe
  C:\Windows\System\dKfpTTM.exe
  2⤵
  PID:11408
- C:\Windows\System\OBBCFxM.exe
  C:\Windows\System\OBBCFxM.exe
  2⤵
  PID:11436
- C:\Windows\System\cakoiVV.exe
  C:\Windows\System\cakoiVV.exe
  2⤵
  PID:11464
- C:\Windows\System\slPzaPu.exe
  C:\Windows\System\slPzaPu.exe
  2⤵
  PID:11480
- C:\Windows\System\IeaEmPO.exe
  C:\Windows\System\IeaEmPO.exe
  2⤵
  PID:11508
- C:\Windows\System\HOTtTcw.exe
  C:\Windows\System\HOTtTcw.exe
  2⤵
  PID:11536
- C:\Windows\System\OYchAfh.exe
  C:\Windows\System\OYchAfh.exe
  2⤵
  PID:11576
- C:\Windows\System\CSkQhVL.exe
  C:\Windows\System\CSkQhVL.exe
  2⤵
  PID:11604
- C:\Windows\System\XrKRXsh.exe
  C:\Windows\System\XrKRXsh.exe
  2⤵
  PID:11632
- C:\Windows\System\FHkUOoB.exe
  C:\Windows\System\FHkUOoB.exe
  2⤵
  PID:11660
- C:\Windows\System\rAEvUHZ.exe
  C:\Windows\System\rAEvUHZ.exe
  2⤵
  PID:11676
- C:\Windows\System\aooVoVU.exe
  C:\Windows\System\aooVoVU.exe
  2⤵
  PID:11716
- C:\Windows\System\kdKurVk.exe
  C:\Windows\System\kdKurVk.exe
  2⤵
  PID:11732
- C:\Windows\System\dISBtvy.exe
  C:\Windows\System\dISBtvy.exe
  2⤵
  PID:11760
- C:\Windows\System\YCqkhXk.exe
  C:\Windows\System\YCqkhXk.exe
  2⤵
  PID:11780
- C:\Windows\System\ZOrHCan.exe
  C:\Windows\System\ZOrHCan.exe
  2⤵
  PID:11816
- C:\Windows\System\CsuWSZR.exe
  C:\Windows\System\CsuWSZR.exe
  2⤵
  PID:11836
- C:\Windows\System\uYnWnIa.exe
  C:\Windows\System\uYnWnIa.exe
  2⤵
  PID:11868
- C:\Windows\System\zCqXFPL.exe
  C:\Windows\System\zCqXFPL.exe
  2⤵
  PID:11900
- C:\Windows\System\QujYseA.exe
  C:\Windows\System\QujYseA.exe
  2⤵
  PID:11932
- C:\Windows\System\VzWfmmv.exe
  C:\Windows\System\VzWfmmv.exe
  2⤵
  PID:11960
- C:\Windows\System\XulkuXS.exe
  C:\Windows\System\XulkuXS.exe
  2⤵
  PID:11988
- C:\Windows\System\HDscLVx.exe
  C:\Windows\System\HDscLVx.exe
  2⤵
  PID:12016
- C:\Windows\System\ZCFQkCK.exe
  C:\Windows\System\ZCFQkCK.exe
  2⤵
  PID:12032
- C:\Windows\System\TUzAEuw.exe
  C:\Windows\System\TUzAEuw.exe
  2⤵
  PID:12060
- C:\Windows\System\QTfTPcb.exe
  C:\Windows\System\QTfTPcb.exe
  2⤵
  PID:12096
- C:\Windows\System\MySgYIb.exe
  C:\Windows\System\MySgYIb.exe
  2⤵
  PID:12112
- C:\Windows\System\URpamvV.exe
  C:\Windows\System\URpamvV.exe
  2⤵
  PID:12140
- C:\Windows\System\DcGBpgq.exe
  C:\Windows\System\DcGBpgq.exe
  2⤵
  PID:12160
- C:\Windows\System\bqAdDwp.exe
  C:\Windows\System\bqAdDwp.exe
  2⤵
  PID:12176
- C:\Windows\System\whszpgo.exe
  C:\Windows\System\whszpgo.exe
  2⤵
  PID:12204
- C:\Windows\System\zWWrOgX.exe
  C:\Windows\System\zWWrOgX.exe
  2⤵
  PID:12244
- C:\Windows\System\BYmZGle.exe
  C:\Windows\System\BYmZGle.exe
  2⤵
  PID:12268
- C:\Windows\System\EBSjezc.exe
  C:\Windows\System\EBSjezc.exe
  2⤵
  PID:11268
- C:\Windows\System\egdVtYd.exe
  C:\Windows\System\egdVtYd.exe
  2⤵
  PID:11332
- C:\Windows\System\JUTUpOk.exe
  C:\Windows\System\JUTUpOk.exe
  2⤵
  PID:11420
- C:\Windows\System\wUShrvo.exe
  C:\Windows\System\wUShrvo.exe
  2⤵
  PID:11476
- C:\Windows\System\YXRWzZY.exe
  C:\Windows\System\YXRWzZY.exe
  2⤵
  PID:11564
- C:\Windows\System\PWuVwIF.exe
  C:\Windows\System\PWuVwIF.exe
  2⤵
  PID:11628
- C:\Windows\System\uGoTqun.exe
  C:\Windows\System\uGoTqun.exe
  2⤵
  PID:11688
- C:\Windows\System\bCOfKXE.exe
  C:\Windows\System\bCOfKXE.exe
  2⤵
  PID:11748
- C:\Windows\System\MLGWOSc.exe
  C:\Windows\System\MLGWOSc.exe
  2⤵
  PID:11768
- C:\Windows\System\PrNAYVI.exe
  C:\Windows\System\PrNAYVI.exe
  2⤵
  PID:11892
- C:\Windows\System\HkoWbvm.exe
  C:\Windows\System\HkoWbvm.exe
  2⤵
  PID:11920
- C:\Windows\System\YSgfUVJ.exe
  C:\Windows\System\YSgfUVJ.exe
  2⤵
  PID:12004
- C:\Windows\System\xlmTyOr.exe
  C:\Windows\System\xlmTyOr.exe
  2⤵
  PID:12084
- C:\Windows\System\qRRjzuH.exe
  C:\Windows\System\qRRjzuH.exe
  2⤵
  PID:12152
- C:\Windows\System\LHtxXJL.exe
  C:\Windows\System\LHtxXJL.exe
  2⤵
  PID:12256
- C:\Windows\System\LjNgXFH.exe
  C:\Windows\System\LjNgXFH.exe
  2⤵
  PID:11372
- C:\Windows\System\KebPtcB.exe
  C:\Windows\System\KebPtcB.exe
  2⤵
  PID:11496
- C:\Windows\System\tczbOyb.exe
  C:\Windows\System\tczbOyb.exe
  2⤵
  PID:11548
- C:\Windows\System\okVHlEI.exe
  C:\Windows\System\okVHlEI.exe
  2⤵
  PID:11776
- C:\Windows\System\mOcfawn.exe
  C:\Windows\System\mOcfawn.exe
  2⤵
  PID:11956
- C:\Windows\System\vtkQZXv.exe
  C:\Windows\System\vtkQZXv.exe
  2⤵
  PID:12044
- C:\Windows\System\aPRkwNI.exe
  C:\Windows\System\aPRkwNI.exe
  2⤵
  PID:12260
- C:\Windows\System\suYutlO.exe
  C:\Windows\System\suYutlO.exe
  2⤵
  PID:11600
- C:\Windows\System\CgAUTjN.exe
  C:\Windows\System\CgAUTjN.exe
  2⤵
  PID:11884
- C:\Windows\System\ezooQQN.exe
  C:\Windows\System\ezooQQN.exe
  2⤵
  PID:11460
- C:\Windows\System\pqGDAVa.exe
  C:\Windows\System\pqGDAVa.exe
  2⤵
  PID:11852
- C:\Windows\System\ocCMfxE.exe
  C:\Windows\System\ocCMfxE.exe
  2⤵
  PID:12308
- C:\Windows\System\YgtLWUN.exe
  C:\Windows\System\YgtLWUN.exe
  2⤵
  PID:12324
- C:\Windows\System\sODmDni.exe
  C:\Windows\System\sODmDni.exe
  2⤵
  PID:12352
- C:\Windows\System\quEKHrw.exe
  C:\Windows\System\quEKHrw.exe
  2⤵
  PID:12380
- C:\Windows\System\xaAGlLM.exe
  C:\Windows\System\xaAGlLM.exe
  2⤵
  PID:12408
- C:\Windows\System\CjUgePL.exe
  C:\Windows\System\CjUgePL.exe
  2⤵
  PID:12436
- C:\Windows\System\PmqoRQX.exe
  C:\Windows\System\PmqoRQX.exe
  2⤵
  PID:12464
- C:\Windows\System\xhdRacQ.exe
  C:\Windows\System\xhdRacQ.exe
  2⤵
  PID:12500
- C:\Windows\System\LrHkqPC.exe
  C:\Windows\System\LrHkqPC.exe
  2⤵
  PID:12528
- C:\Windows\System\JWiDNyl.exe
  C:\Windows\System\JWiDNyl.exe
  2⤵
  PID:12548
- C:\Windows\System\LqhCDGK.exe
  C:\Windows\System\LqhCDGK.exe
  2⤵
  PID:12576
- C:\Windows\System\opKtHpA.exe
  C:\Windows\System\opKtHpA.exe
  2⤵
  PID:12604
- C:\Windows\System\jZJCoxV.exe
  C:\Windows\System\jZJCoxV.exe
  2⤵
  PID:12632
- C:\Windows\System\IzYrINh.exe
  C:\Windows\System\IzYrINh.exe
  2⤵
  PID:12660
- C:\Windows\System\ywvChwP.exe
  C:\Windows\System\ywvChwP.exe
  2⤵
  PID:12680
- C:\Windows\System\WdRJgRr.exe
  C:\Windows\System\WdRJgRr.exe
  2⤵
  PID:12728
- C:\Windows\System\FGiPwBC.exe
  C:\Windows\System\FGiPwBC.exe
  2⤵
  PID:12756
- C:\Windows\System\QbYgvoV.exe
  C:\Windows\System\QbYgvoV.exe
  2⤵
  PID:12788
- C:\Windows\System\vMItyqz.exe
  C:\Windows\System\vMItyqz.exe
  2⤵
  PID:12816
- C:\Windows\System\ByDnJKZ.exe
  C:\Windows\System\ByDnJKZ.exe
  2⤵
  PID:12832
- C:\Windows\System\xOzxjQs.exe
  C:\Windows\System\xOzxjQs.exe
  2⤵
  PID:12872
- C:\Windows\System\bpknUAu.exe
  C:\Windows\System\bpknUAu.exe
  2⤵
  PID:12892
- C:\Windows\System\NqQmuSN.exe
  C:\Windows\System\NqQmuSN.exe
  2⤵
  PID:12920
- C:\Windows\System\bqMxYNH.exe
  C:\Windows\System\bqMxYNH.exe
  2⤵
  PID:12948
- C:\Windows\System\TONThCu.exe
  C:\Windows\System\TONThCu.exe
  2⤵
  PID:12964
- C:\Windows\System\ejzKqMc.exe
  C:\Windows\System\ejzKqMc.exe
  2⤵
  PID:12980
- C:\Windows\System\llSZoGX.exe
  C:\Windows\System\llSZoGX.exe
  2⤵
  PID:13016
- C:\Windows\System\DqiCJbY.exe
  C:\Windows\System\DqiCJbY.exe
  2⤵
  PID:13036
- C:\Windows\System\povMWAh.exe
  C:\Windows\System\povMWAh.exe
  2⤵
  PID:13060
- C:\Windows\System\bYlmoht.exe
  C:\Windows\System\bYlmoht.exe
  2⤵
  PID:13088
- C:\Windows\System\NDyJtVV.exe
  C:\Windows\System\NDyJtVV.exe
  2⤵
  PID:13116
- C:\Windows\System\fZEXwaf.exe
  C:\Windows\System\fZEXwaf.exe
  2⤵
  PID:13144
- C:\Windows\System\nbkGzvA.exe
  C:\Windows\System\nbkGzvA.exe
  2⤵
  PID:13180
- C:\Windows\System\ypwSBsA.exe
  C:\Windows\System\ypwSBsA.exe
  2⤵
  PID:13212
- C:\Windows\System\wGCtHif.exe
  C:\Windows\System\wGCtHif.exe
  2⤵
  PID:13232
- C:\Windows\System\QEtlFAy.exe
  C:\Windows\System\QEtlFAy.exe
  2⤵
  PID:13264
- C:\Windows\System\VrhvuCf.exe
  C:\Windows\System\VrhvuCf.exe
  2⤵
  PID:13288
- C:\Windows\System\nocVPhO.exe
  C:\Windows\System\nocVPhO.exe
  2⤵
  PID:12292
- C:\Windows\System\bPEWyYR.exe
  C:\Windows\System\bPEWyYR.exe
  2⤵
  PID:12368
- C:\Windows\System\bOVNaqz.exe
  C:\Windows\System\bOVNaqz.exe
  2⤵
  PID:12420
- C:\Windows\System\aFVfdpC.exe
  C:\Windows\System\aFVfdpC.exe
  2⤵
  PID:12488
- C:\Windows\System\TJDeZYV.exe
  C:\Windows\System\TJDeZYV.exe
  2⤵
  PID:12592
- C:\Windows\System\GHDMRnH.exe
  C:\Windows\System\GHDMRnH.exe
  2⤵
  PID:12644
- C:\Windows\System\rYFKzVz.exe
  C:\Windows\System\rYFKzVz.exe
  2⤵
  PID:12700
- C:\Windows\System\ncocGyt.exe
  C:\Windows\System\ncocGyt.exe
  2⤵
  PID:12768
- C:\Windows\System\kUOPDST.exe
  C:\Windows\System\kUOPDST.exe
  2⤵
  PID:12828
- C:\Windows\System\dDoUSna.exe
  C:\Windows\System\dDoUSna.exe
  2⤵
  PID:12904
- C:\Windows\System\sEpCXon.exe
  C:\Windows\System\sEpCXon.exe
  2⤵
  PID:12960
- C:\Windows\System\sZSBhcc.exe
  C:\Windows\System\sZSBhcc.exe
  2⤵
  PID:13032
- C:\Windows\System\kQJIWMm.exe
  C:\Windows\System\kQJIWMm.exe
  2⤵
  PID:13108
- C:\Windows\System\DbdBzkv.exe
  C:\Windows\System\DbdBzkv.exe
  2⤵
  PID:13156
- C:\Windows\System\rVYJRJD.exe
  C:\Windows\System\rVYJRJD.exe
  2⤵
  PID:13284
- C:\Windows\System\OUZAzJp.exe
  C:\Windows\System\OUZAzJp.exe
  2⤵
  PID:13304
- C:\Windows\System\uEbmtZw.exe
  C:\Windows\System\uEbmtZw.exe
  2⤵
  PID:12492
- C:\Windows\System\QlQUYhC.exe
  C:\Windows\System\QlQUYhC.exe
  2⤵
  PID:12560
- C:\Windows\System\QimcaPF.exe
  C:\Windows\System\QimcaPF.exe
  2⤵
  PID:12676
- C:\Windows\System\eqNFGXZ.exe
  C:\Windows\System\eqNFGXZ.exe
  2⤵
  PID:12992
- C:\Windows\System\BXfstAF.exe
  C:\Windows\System\BXfstAF.exe
  2⤵
  PID:13004
- C:\Windows\System\mAVZuop.exe
  C:\Windows\System\mAVZuop.exe
  2⤵
  PID:13260
- C:\Windows\System\QTMDVJp.exe
  C:\Windows\System\QTMDVJp.exe
  2⤵
  PID:12392
- C:\Windows\System\cDYBJyY.exe
  C:\Windows\System\cDYBJyY.exe
  2⤵
  PID:12740
- C:\Windows\System\qGwIkFk.exe
  C:\Windows\System\qGwIkFk.exe
  2⤵
  PID:13052
- C:\Windows\System\fmihTdz.exe
  C:\Windows\System\fmihTdz.exe
  2⤵
  PID:12852
- C:\Windows\System\FBvKKEG.exe
  C:\Windows\System\FBvKKEG.exe
  2⤵
  PID:12976
- C:\Windows\System\lPFYOOA.exe
  C:\Windows\System\lPFYOOA.exe
  2⤵
  PID:13340
- C:\Windows\System\jozHHwq.exe
  C:\Windows\System\jozHHwq.exe
  2⤵
  PID:13368
- C:\Windows\System\EUyVPYy.exe
  C:\Windows\System\EUyVPYy.exe
  2⤵
  PID:13396
- C:\Windows\System\WwrHkTi.exe
  C:\Windows\System\WwrHkTi.exe
  2⤵
  PID:13424
- C:\Windows\System\eNIIYjO.exe
  C:\Windows\System\eNIIYjO.exe
  2⤵
  PID:13452
- C:\Windows\System\OfhtBgE.exe
  C:\Windows\System\OfhtBgE.exe
  2⤵
  PID:13480
- C:\Windows\System\tZYFhHS.exe
  C:\Windows\System\tZYFhHS.exe
  2⤵
  PID:13508
- C:\Windows\System\hRfgnOB.exe
  C:\Windows\System\hRfgnOB.exe
  2⤵
  PID:13536
- C:\Windows\System\DteSzVX.exe
  C:\Windows\System\DteSzVX.exe
  2⤵
  PID:13552
- C:\Windows\System\GxfKOKD.exe
  C:\Windows\System\GxfKOKD.exe
  2⤵
  PID:13580
- C:\Windows\System\SGrIPVS.exe
  C:\Windows\System\SGrIPVS.exe
  2⤵
  PID:13620
- C:\Windows\System\ngzXFvn.exe
  C:\Windows\System\ngzXFvn.exe
  2⤵
  PID:13648
- C:\Windows\System\wmcmBdC.exe
  C:\Windows\System\wmcmBdC.exe
  2⤵
  PID:13676
- C:\Windows\System\AvRVOvH.exe
  C:\Windows\System\AvRVOvH.exe
  2⤵
  PID:13692
- C:\Windows\System\fjYwGJo.exe
  C:\Windows\System\fjYwGJo.exe
  2⤵
  PID:13724
- C:\Windows\System\UTRwhyH.exe
  C:\Windows\System\UTRwhyH.exe
  2⤵
  PID:13760
- C:\Windows\System\krnqosZ.exe
  C:\Windows\System\krnqosZ.exe
  2⤵
  PID:13776
- C:\Windows\System\JEbtWba.exe
  C:\Windows\System\JEbtWba.exe
  2⤵
  PID:13792
- C:\Windows\System\JtJtPbW.exe
  C:\Windows\System\JtJtPbW.exe
  2⤵
  PID:13860
- C:\Windows\System\blcVIVq.exe
  C:\Windows\System\blcVIVq.exe
  2⤵
  PID:13876
- C:\Windows\System\WMUiPak.exe
  C:\Windows\System\WMUiPak.exe
  2⤵
  PID:13904
- C:\Windows\System\nGidUVQ.exe
  C:\Windows\System\nGidUVQ.exe
  2⤵
  PID:13932
- C:\Windows\System\lqpZgBf.exe
  C:\Windows\System\lqpZgBf.exe
  2⤵
  PID:13960
- C:\Windows\System\ZKFIQhB.exe
  C:\Windows\System\ZKFIQhB.exe
  2⤵
  PID:13988
- C:\Windows\System\AbyjssZ.exe
  C:\Windows\System\AbyjssZ.exe
  2⤵
  PID:14016
- C:\Windows\System\QdiNfBM.exe
  C:\Windows\System\QdiNfBM.exe
  2⤵
  PID:14044
- C:\Windows\System\hsLSOjG.exe
  C:\Windows\System\hsLSOjG.exe
  2⤵
  PID:14060
- C:\Windows\System\USKCVFb.exe
  C:\Windows\System\USKCVFb.exe
  2⤵
  PID:14088
- C:\Windows\System\dUOAnxj.exe
  C:\Windows\System\dUOAnxj.exe
  2⤵
  PID:14120
- C:\Windows\System\KEuppyb.exe
  C:\Windows\System\KEuppyb.exe
  2⤵
  PID:14144
- C:\Windows\System\RoQRyLD.exe
  C:\Windows\System\RoQRyLD.exe
  2⤵
  PID:14172
- C:\Windows\System\APtQyiA.exe
  C:\Windows\System\APtQyiA.exe
  2⤵
  PID:14200
- C:\Windows\System\dKSaEgR.exe
  C:\Windows\System\dKSaEgR.exe
  2⤵
  PID:14228
- C:\Windows\System\jksKnsB.exe
  C:\Windows\System\jksKnsB.exe
  2⤵
  PID:14256
- C:\Windows\System\gnnSDxi.exe
  C:\Windows\System\gnnSDxi.exe
  2⤵
  PID:14284
- C:\Windows\System\FtXKYoI.exe
  C:\Windows\System\FtXKYoI.exe
  2⤵
  PID:14312
- C:\Windows\System\IXlqIwD.exe
  C:\Windows\System\IXlqIwD.exe
  2⤵
  PID:13352
- C:\Windows\System\QkUHgIY.exe
  C:\Windows\System\QkUHgIY.exe
  2⤵
  PID:13412
- C:\Windows\System\EDXFpwR.exe
  C:\Windows\System\EDXFpwR.exe
  2⤵
  PID:13448
- C:\Windows\System\mkwXnTf.exe
  C:\Windows\System\mkwXnTf.exe
  2⤵
  PID:13520

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BBIiFOJ.exe

Filesize
2.2MB

MD5
a06cc85560258c5c7d1a0c7ebdd163cb

SHA1
42cd371fc06528bbd4738d77bdf58053772cd364

SHA256
617b1019c49a7933709fbb0b79925f0d97f9d429900e5df5be5f9e7f206870cd

SHA512
fcc038ff346bea688d86c4973fd70647ecb0d14423d2a3e9545bf8a4f3f1f20e00e3b2e407b8c4f87bdd30ae1d24cbed914271bc51424a91472e73f57d67771d

Download Submit
C:\Windows\System\CCDDJGq.exe

Filesize
2.2MB

MD5
2cfdeb25aeeb5fc1a3247e13f180957a

SHA1
8a57364077616f5b5b255ca45e2879f63414f1f8

SHA256
76647fe60b650d5c9460c5adbcfeae03e3e1a6350bd1711248e8f051b9dcbf66

SHA512
d61bf6d3068e662b7656e586844e9986fbfbc19eec09faa615572b63b8e28b80ae1734d5682ce82eeaebedcbe458042ecbf73a9d33993019fa016ee3d03edc9a

Download Submit
C:\Windows\System\CVtihcH.exe

Filesize
2.2MB

MD5
ac0c9f6bba1d0b2a4c806a9ba7648246

SHA1
19fa9dc7ebb7e905278d1fe15f62ad21d3dad78b

SHA256
674492d8d6050b327fdaa92ae8a858501ede97e4f147b52d0dceefd295b76691

SHA512
bb037bd09e99982c59652648152aac567c2d20b3ce010c5bdca1c265ca91cc69cbfd36e19e3cd0d7d8937455ece0ac139d2571f3f6578443dafef1d8a353af60

Download Submit
C:\Windows\System\DqYdflB.exe

Filesize
2.2MB

MD5
f42d10dccb2ed17d8efa786a4b219f19

SHA1
ebf5859e23d7a80ebcaa13ee4bf90eb5bc55af61

SHA256
d265e73ac87fc615ca9a3fd66e3557481a42f25210b20bd0a6abd0eb8180d4b1

SHA512
70352c400327fa9b59aa3aa735bfffbe26b872453e7fc069686094220256017edb60c5c208e3ea8ee146ff87583a5f1115dc1d5761df0c57306e1ebbc1b04d09

Download Submit
C:\Windows\System\ENSOpVN.exe

Filesize
2.2MB

MD5
8b408c4b8e04a7edfcc5a4f81b749c6e

SHA1
fb2f5bcdfdaf353b4d93a839131aace1c50fdd02

SHA256
5bb0f1694453fe68afe23aa74905ef9d590a1ff84d0eb7124c9d431b769a2cf0

SHA512
f1517260bcc16ae0f18c7b6189831042d429bab106279fa15a822e6eff256b07705dc41621554f82296a93027e9f9b7efd2f7af76d1d6f2dae73c4b2e5d04941

Download Submit
C:\Windows\System\GQOVhIn.exe

Filesize
2.2MB

MD5
e6b8de3e7b209c40533755b3c178e6ef

SHA1
760f1493aea6e1b5cd69fe375a1d44d59e8c6239

SHA256
1e088ec359da2fb87f054db1e8730b291868449d9cf8ae2fd9c83f8bb2cd2606

SHA512
d097137631ad2fa32d99e762c50a554294fd69ad439482f584306d32102ce436371b40106aead01d0538290fe892987ace25ed213a89c2f0698e705d01bbd59f

Download Submit
C:\Windows\System\GakCeUi.exe

Filesize
2.2MB

MD5
9c2467be6e5d5b35ae569bd0afc0b659

SHA1
6754b49f12300ed5d6ec38da636fea7934b56c0c

SHA256
b2048c704ed5a8dc806341fd290d1d8f4085e482d8976c44c64277cbee1bbaac

SHA512
a03e8b21b3f683f8b246cd3d51492ef228efed33c5c506908a00d2ce679f4c61428c8caddf11c6ab6e3b0f3bab50505fa6d944b98dc02ad22821ec031472c4fc

Download Submit
C:\Windows\System\JiFhLTJ.exe

Filesize
2.2MB

MD5
e77d902f5476d647e79e450a5af6b2d6

SHA1
0e8147a1d18e8e365ea2827e140459b2c075b909

SHA256
de778b1e7c0458e2fa396fe62dd84f8e8c10673ff7a0e63c6589f5e27035534d

SHA512
2ff4231f63d4bb44f992cfb4b21a00f2baebf35dd67908fccd4a78b7bf378d214c3d3bc85b9869629795b267a456ddef4202a19d550bb4efefcd2acc58d6de5b

Download Submit
C:\Windows\System\Knxcams.exe

Filesize
2.2MB

MD5
2fb0772abeaa142b25cb7719181f0e2d

SHA1
cc388aa3115a5412924689cec29a4789539c63f3

SHA256
d5b4dbe433e9b1235648afe3b80c02bc6b25b4f87972ce4178d2fe75489f29e1

SHA512
5a581044853ede6df3dc5de4d04f5b1d71be22db738436fd285e2d586c35127839433aedd8daeebc9dd93eda4a4e73a8199d30e746e8ea99291753b6d7edefbe

Download Submit
C:\Windows\System\MvrFOOY.exe

Filesize
2.2MB

MD5
53671fba4ca15d619ace266db6e03fed

SHA1
8d45861de521295e7fb86cddb5b1f3e9df7229b0

SHA256
8727f50c1d485f188cd73c8ed9d5badd6926ae99068ffc27ca9f5e66ca9da296

SHA512
f4ff7f533bb9e2616ccc7cb80e2dd28c0a7211d4cbfc3e40fd8b67b018994eb8706a623605dbbb3b712b13d376b28732275e554e7f4096ee5856565557c8f68a

Download Submit
C:\Windows\System\OAGapKR.exe

Filesize
2.2MB

MD5
2aab11d2249a131cd7e8929545602b46

SHA1
420be0ec07f4bd97b2ebe6b8ec55b26a4a3aa64c

SHA256
0a1d20bf52a7e286fa4fb963cc9da6584723b56849ecc772221ab53e1f6ac897

SHA512
cf3caacb56c8c233c050134b3dce92e405cb3c4946af8de68b4ce08af3d41a783e72660a7a25ee474b3592f5d43aeb6bfc435f7bf26e45956a3749db8df6e9a7

Download Submit
C:\Windows\System\QTPQeSm.exe

Filesize
2.2MB

MD5
895377b3563bf0cf66e6045d98c8ca7f

SHA1
84e8cfaa5b3c6096503a0020d870962d22dce2af

SHA256
38ba3a4d418a6e534764ea5c0b7331f9a53844aa199d7c45bb14a51fb968f00a

SHA512
0e9a56b5176eb1bb99e10db3fbb2c1b0b9bfce418845cf5dcdd7f2691b23c38021ef997c6c095bb34185f0be34811fb816008f90fa5dff3fa0e88807b89cd989

Download Submit
C:\Windows\System\TVSrNOM.exe

Filesize
2.2MB

MD5
5164712382c79886c669131d59f3c029

SHA1
894b49f3a076b91397fcbfa74139eb5e1f27b657

SHA256
dedd0a6032d1e71f12066867e9d4ea30985ae0fc79a5b7365c7cf07a4ba9853f

SHA512
eddeb189bcbaaa685805b8c1b2fb85d3ca1e62f2fd5895d13473321aed0175213ace341c9bc98adb866e5cd5e7c9c3828ba9218f7725d84ea57c7aaeba9e4afb

Download Submit
C:\Windows\System\VtjAJGD.exe

Filesize
2.2MB

MD5
043958884ddb7bfa5c5709953f46d4e7

SHA1
6e58269b028fe36f84bbca84adc8c15de40532f7

SHA256
47904a0f515213c05f84372feb9dc57d08f1f0fcd7a1ede9b549c02ce13044cd

SHA512
54d386c93a924f2e34b718c01870f7acdc9d16e21c546784ee499e921ba0b2c957de92ed49f1ccebe5ae16402e508025c926dd0f1f00f749804b16c2324d9b60

Download Submit
C:\Windows\System\XxtpKJb.exe

Filesize
2.2MB

MD5
c7176757ce2c25564827dde1cc272cbc

SHA1
70d7735d7f1d7a6c0e6fe7e24df8fc5a849ca63e

SHA256
9ba5c3dfff76837e3112de179b4dbcb830566ce5082243c8da2afac492386a9f

SHA512
5406ed1bff99783f15a2bf6f7cdd71de745a5c42b9af05ecf729ed35e2aa58e42ef383b221f964c388c0b5ca2170de6b223d52a120d20d67b59f7abd297905b7

Download Submit
C:\Windows\System\YEgVzMl.exe

Filesize
2.2MB

MD5
ab4bde965ded4296dd6778bd3f2c2923

SHA1
92f7b8214770286e66b64ced824ba51254396a69

SHA256
8a93013f5f8f305f4a60ae45c4e7f486123d7c925882a65ac1da8d35776b6510

SHA512
fdecafc6d0e174980f0436863a26e51375f8ddff817e985fb1c3305c72e45f5c5fbef20e46de1e6bedd6ed1c35b1be4f067f36a4741b314258827ba6e1d02419

Download Submit
C:\Windows\System\YHsCWdJ.exe

Filesize
2.2MB

MD5
1ba00d39640aa7a740073dd96d434ff0

SHA1
7c9c9890f4060bf326a60af17e74c92e92504d60

SHA256
e40768ed146bca198ece4669fb62af6c988b0a466d2fb9d421ebb95e3633de4d

SHA512
3c2bb61813820d4c1960f55b2bf3dda6258cc1b21a01c7bc72131b6db109e37099afc223d5bdb9ea3243bd0b62295330e8c61e056a9862c07a345a612c783b01

Download Submit
C:\Windows\System\ZZrXRbk.exe

Filesize
2.2MB

MD5
99b577cad9535cdbe01003881faf1601

SHA1
ae53bb181ca4d72c55502ff66cfbb5b4cb682bef

SHA256
0df703899665a9f1d9a1f15cd21963f231ee380de02d3c698c25baf8c3e48bdf

SHA512
ae49c673d39274b9e851192c108717a22aa739cfbd9bdf44f4f7774a19a45d7d21f07b16f5c27adc89193e4981535a30a6ed58c060dd4afecfcb342282eb45a8

Download Submit
C:\Windows\System\aRJJyEW.exe

Filesize
2.2MB

MD5
33c60f39072e92c78320158171a7f891

SHA1
06ac90ac1411d25b1fd5669c05b9d5ddafe70829

SHA256
12a0999087fc06f1798be009e8b8d23623e9ca6a080f352c3fa3be3698091620

SHA512
0ced081919b6399458523fd68471a00371f82450a7732ade606fbc700bc23dc49d4436b45ff796ad8059ec7f7aeac0571e8097dbb36ab9d64950a0face761e96

Download Submit
C:\Windows\System\burtIsr.exe

Filesize
2.2MB

MD5
af82fdec46e54d10442461e2367530b9

SHA1
ea92766f2bc28ab1479f3496ccf26772b015b716

SHA256
690bb912909578b49dd604f27b5c8e7898edaefe16b30f0ebf622f96405e09b1

SHA512
0d2baa8f0fef60d9a677d8332fd300b8660da54cd05d287204ad9b6d4d8f98010150920af52a7c6c3bfee7d839e9ae01bd082045f9586a9ddbf8cae12d377bd7

Download Submit
C:\Windows\System\hLoNbUL.exe

Filesize
2.2MB

MD5
b58d849a0e139622c22060fc524f4a12

SHA1
379088cee7d2e74147909d83d104ac61615a836f

SHA256
c5a97a18ebdf41dd8fed8cd20ac345850838029b4fc9362fb1349a120ee760ae

SHA512
723243295ee870e2058f937ed6886800427eb9b811cb52509959f2f37b6cb6c6b43bec60ca75861de48b60724c78ea39414d756444a3b3fb282d6218a9b79e1e

Download Submit
C:\Windows\System\iMoaBXs.exe

Filesize
2.2MB

MD5
5330909253cad1974cdff003e2b6616a

SHA1
e40ef23fc42d54399a9ceafc8c809f9a618c06f6

SHA256
796af1199a62418d121c17706c5cee108a74045186ad7ea6d76b4a50940a3125

SHA512
9983054fdf4ee6d184770016aaee7d1ecb92c6da2fec651ce33f84a6840b5704180875e39cdc510fe748efe6231f8ade7e63926c897996c8a41a50989410cc7c

Download Submit
C:\Windows\System\jBbJAMG.exe

Filesize
2.2MB

MD5
37d6499123cce471126b5f00b255073a

SHA1
7c625f9d8aed010e9e166d7819ebeb0dd90b9daf

SHA256
3f54303d7f4356fd4df5ca59b3ebf233d10afbc18f15d179a859b89766c294aa

SHA512
ff4b44526b80812d89bdf9273623438e61cb65228ec3d18cca4813feafd0bcb0116f9a297abbf5479abd38865b29ca776ff78aecb44c518923bb6036025e27a3

Download Submit
C:\Windows\System\krIIMJy.exe

Filesize
2.2MB

MD5
412ac08cd8b82009a67e9eda611f8ffc

SHA1
fd98d9a155834fe53b43e04992f83f8a1cab0164

SHA256
65f535ea60fbd7d490aaa1321b0151f637176fab948e156117b3bbaabb6d3d52

SHA512
2ecc8c96d4ff27b05fe3b88e25f6496a826d829e34f126659438619a11a6f535027cb08b443bf4cad00579c85fb46edb09ace5cee7dcad849bfcd53a6d0cd01e

Download Submit
C:\Windows\System\moufWnV.exe

Filesize
2.2MB

MD5
81912e9989d22c6898f43b29d82ceec4

SHA1
f3ab70fd780a0114d14beaf4b4e55624d52b2ca1

SHA256
0fb3956e99bbe2bb3e904f296a1f2cfe5aaa0428de3cd3d4170fc1014cc8cf2e

SHA512
533f15c2634b993c5871e35a716eec71077b56705cb3e4b5c4902cc2656a99677b12d23d49633c3fca8288eae9da5a3af5e7102f3d6bd43841c72960981bce75

Download Submit
C:\Windows\System\nywvSzH.exe

Filesize
2.2MB

MD5
006118a5e45fca1549df1a06956aa905

SHA1
cfee9dd11a83eed1883c6137ef3c489a63c58907

SHA256
e4e1ea9d962ebd6ff519681d58e1345352303987d25cc29d3bbb00c95d516938

SHA512
cc1d044ec8f11c632090498864bd37ce5a10a9587233052915a6044761b174c5a4b4e10b3d7d3106c3636879b9b667f847b2f67d9fe352108416017df5f53a1a

Download Submit
C:\Windows\System\nztHFoW.exe

Filesize
2.2MB

MD5
140ac5028f21f5a3e3a7f788554b38a6

SHA1
3bee933f9a88dd156e60888109684943abb8f541

SHA256
26cf6a6db6c091589f7a5defbea333d1de83cb516bd87e933795f382e65553b0

SHA512
9fd3c5902ebaa749944d9b661309e9eda442366a75cfb3b1e34484b9357f9c2492c525c880b452d02b0452b8b7e765a7ef21a82caa565d84e3b45f28fbd684eb

Download Submit
C:\Windows\System\oCXcnNp.exe

Filesize
2.2MB

MD5
c11253b758d3f6e2b29c85d952fc7ec2

SHA1
60e938bb882d06e8b5e8d9b3fc78c740a1141a10

SHA256
1b903ebf969cb292b8086a9cc71963ac507d0e261652c73127c8d063aea5238f

SHA512
9a82586048de7a4367bdf952089896adfd69aed59907a43efeb592eb748e75fb46a34c4022a452adb4debf62dfe65dd10761489de1f94a6c99e81f28c18d7bd4

Download Submit
C:\Windows\System\qcWSeZX.exe

Filesize
2.2MB

MD5
a21c644cf953ae9a4ffb8d79174e70a8

SHA1
1a97030d4490a036c0469d08058d271802289b49

SHA256
d06fe7279f203aede4c7fadc331aaf0e75b53d5964f4335f17d4fd966dbaa620

SHA512
4e5f384e2fc0717e6867f2e6dd0636cdcb83446d044f2d79c2bc80a2b170dcab6582c3e0e3f18497dd2e963cd684056ea627d19d03b73cb6732237976a95a5b2

Download Submit
C:\Windows\System\rlwBjcs.exe

Filesize
2.2MB

MD5
1e5b383386da6e27107a68325e717282

SHA1
d18b1fe22a9d2dd76c5a564d0cec4d6fdc8c28a9

SHA256
1d3bfbc76a7bb8b77a47ea0a0bf98ad59219b24d77b8dfe6b5e14204234662c5

SHA512
0b103814dc21f3bcb475e7e593205ff0aedc7286704b30660d90d77d2b9b84816708692f98b58f7a38906d6e86bb3ec04b712a4751eef4ba50d0af949c586d21

Download Submit
C:\Windows\System\royDngN.exe

Filesize
2.2MB

MD5
20eb885e589877217aa3aa58be8e3de5

SHA1
33fe4a487bc0aa9298455297741b716436b8caa8

SHA256
b4de6cd76cb6131a21ef97f4d8dfe0d43b6b7b4479911a1161484a0fd1ade274

SHA512
e3f05c9b0f91b038ccd96d8f64f4ffb2174c3b3fd18c9febf79cda25495a206155df5118a7f745c1aa733a690799ad794d0996c299642a503159142c71aa17af

Download Submit
C:\Windows\System\tGXNthY.exe

Filesize
2.2MB

MD5
f19e7fa8424be2742db2983b01006092

SHA1
32c30fffa8d326e9ea0733bb5549c1beaced86cd

SHA256
61c4ab291004b06032920d40457fbd91078fa2719a55c6214341a47a106b950b

SHA512
ad3d685cd0830a9077cfbc0206588b8514a28fefed9254fa799291e49209b42cfd394085bf5ed91e944950d9f6d9d2b91eccdfc763487136383c0437ced2611d

Download Submit
C:\Windows\System\tywmlks.exe

Filesize
2.2MB

MD5
e079a63e129059a3c89678999c25cae5

SHA1
9b1a4bba9ca0c55b1242431012d0c826f5d5ce9f

SHA256
f7e3db4b0b9567d08ac9b0368ebf705c3f74440f09d81b2774eee722b99e30c3

SHA512
ccf36be27fb6ce96c36be935ed2c90236194da297532468a01fdeef44d307b6107714b391272b2186506744c431ebdaf58b1f5d082380b2f534e1884bc84b2cc

Download Submit
C:\Windows\System\xtbArUI.exe

Filesize
2.2MB

MD5
0e32e6c5ea68048ec622e91193a6e8f5

SHA1
275fd5039ac8dba7df1b044e9c97111937f98955

SHA256
e9e4b4b0cc4e7453ac78dfe7a2ca802888ce2fda245d7cfa2e482c4acc5293b5

SHA512
3671059dec808a8ea43bdcdec615c1043032c73db89fe747c84f4dec51e63299efadbd5bef0d74c3de4d351c7315a4c1e2a61df72fd8fa0247e2f1969d045a1d

Download Submit
C:\Windows\System\yIvdmlT.exe

Filesize
2.2MB

MD5
69e518e6693afbdc8793bb41085e2853

SHA1
7274823a8dca27a6adaf61d87360088c145d2290

SHA256
18fe3a76c3b375fe27c3b5207b02966520dee0af283af85201544fedb1772ce1

SHA512
0c02b5192870d8e6323fb9af38dd9639f853bdd4dd28c5e0b948d3b6cecb0b6b9b5705854f22c68531ee46800cf9d870f8c2739af4a14cd1f5435e47b8a79e1d

Download Submit
memory/824-159-0x00007FF604B40000-0x00007FF604E94000-memory.dmp

Filesize
3.3MB

Download
memory/824-2105-0x00007FF604B40000-0x00007FF604E94000-memory.dmp

Filesize
3.3MB

Download
memory/1124-2097-0x00007FF6A7F00000-0x00007FF6A8254000-memory.dmp

Filesize
3.3MB

Download
memory/1124-2092-0x00007FF6A7F00000-0x00007FF6A8254000-memory.dmp

Filesize
3.3MB

Download
memory/1124-25-0x00007FF6A7F00000-0x00007FF6A8254000-memory.dmp

Filesize
3.3MB

Download
memory/1488-151-0x00007FF666680000-0x00007FF6669D4000-memory.dmp

Filesize
3.3MB

Download
memory/1488-2115-0x00007FF666680000-0x00007FF6669D4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2099-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp

Filesize
3.3MB

Download
memory/1612-36-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2093-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp

Filesize
3.3MB

Download
memory/1664-145-0x00007FF7BFA80000-0x00007FF7BFDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2112-0x00007FF7BFA80000-0x00007FF7BFDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-2109-0x00007FF766CC0000-0x00007FF767014000-memory.dmp

Filesize
3.3MB

Download
memory/1676-161-0x00007FF766CC0000-0x00007FF767014000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2106-0x00007FF66CB40000-0x00007FF66CE94000-memory.dmp

Filesize
3.3MB

Download
memory/1724-81-0x00007FF66CB40000-0x00007FF66CE94000-memory.dmp

Filesize
3.3MB

Download
memory/1784-2108-0x00007FF7CC730000-0x00007FF7CCA84000-memory.dmp

Filesize
3.3MB

Download
memory/1784-104-0x00007FF7CC730000-0x00007FF7CCA84000-memory.dmp

Filesize
3.3MB

Download
memory/1936-2098-0x00007FF7F6100000-0x00007FF7F6454000-memory.dmp

Filesize
3.3MB

Download
memory/1936-157-0x00007FF7F6100000-0x00007FF7F6454000-memory.dmp

Filesize
3.3MB

Download
memory/2024-156-0x00007FF7D9BE0000-0x00007FF7D9F34000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2114-0x00007FF7D9BE0000-0x00007FF7D9F34000-memory.dmp

Filesize
3.3MB

Download
memory/2256-2096-0x00007FF6B8B30000-0x00007FF6B8E84000-memory.dmp

Filesize
3.3MB

Download
memory/2256-13-0x00007FF6B8B30000-0x00007FF6B8E84000-memory.dmp

Filesize
3.3MB

Download
memory/2516-2116-0x00007FF79DC70000-0x00007FF79DFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-152-0x00007FF79DC70000-0x00007FF79DFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2094-0x00007FF7965E0000-0x00007FF796934000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2101-0x00007FF7965E0000-0x00007FF796934000-memory.dmp

Filesize
3.3MB

Download
memory/2776-55-0x00007FF7965E0000-0x00007FF796934000-memory.dmp

Filesize
3.3MB

Download
memory/2972-254-0x00007FF6A6090000-0x00007FF6A63E4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2123-0x00007FF6A6090000-0x00007FF6A63E4000-memory.dmp

Filesize
3.3MB

Download
memory/3104-69-0x00007FF64DDD0000-0x00007FF64E124000-memory.dmp

Filesize
3.3MB

Download
memory/3104-2100-0x00007FF64DDD0000-0x00007FF64E124000-memory.dmp

Filesize
3.3MB

Download
memory/3164-255-0x00007FF68DFA0000-0x00007FF68E2F4000-memory.dmp

Filesize
3.3MB

Download
memory/3164-2124-0x00007FF68DFA0000-0x00007FF68E2F4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-2118-0x00007FF6A23A0000-0x00007FF6A26F4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-150-0x00007FF6A23A0000-0x00007FF6A26F4000-memory.dmp

Filesize
3.3MB

Download
memory/3900-2103-0x00007FF6CB7E0000-0x00007FF6CBB34000-memory.dmp

Filesize
3.3MB

Download
memory/3900-124-0x00007FF6CB7E0000-0x00007FF6CBB34000-memory.dmp

Filesize
3.3MB

Download
memory/4104-2110-0x00007FF7DF0C0000-0x00007FF7DF414000-memory.dmp

Filesize
3.3MB

Download
memory/4104-130-0x00007FF7DF0C0000-0x00007FF7DF414000-memory.dmp

Filesize
3.3MB

Download
memory/4312-162-0x00007FF701D60000-0x00007FF7020B4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-2120-0x00007FF701D60000-0x00007FF7020B4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-163-0x00007FF77DB30000-0x00007FF77DE84000-memory.dmp

Filesize
3.3MB

Download
memory/4332-2119-0x00007FF77DB30000-0x00007FF77DE84000-memory.dmp

Filesize
3.3MB

Download
memory/4396-153-0x00007FF778520000-0x00007FF778874000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2121-0x00007FF778520000-0x00007FF778874000-memory.dmp

Filesize
3.3MB

Download
memory/4440-2095-0x00007FF69B440000-0x00007FF69B794000-memory.dmp

Filesize
3.3MB

Download
memory/4440-2104-0x00007FF69B440000-0x00007FF69B794000-memory.dmp

Filesize
3.3MB

Download
memory/4440-80-0x00007FF69B440000-0x00007FF69B794000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2122-0x00007FF64AB80000-0x00007FF64AED4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-154-0x00007FF64AB80000-0x00007FF64AED4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2107-0x00007FF707360000-0x00007FF7076B4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-160-0x00007FF707360000-0x00007FF7076B4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2113-0x00007FF7ED580000-0x00007FF7ED8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-164-0x00007FF7ED580000-0x00007FF7ED8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4648-1-0x0000027778F00000-0x0000027778F10000-memory.dmp

Filesize
64KB

Download
memory/4648-0-0x00007FF773770000-0x00007FF773AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4752-158-0x00007FF659320000-0x00007FF659674000-memory.dmp

Filesize
3.3MB

Download
memory/4752-2102-0x00007FF659320000-0x00007FF659674000-memory.dmp

Filesize
3.3MB

Download
memory/4824-2117-0x00007FF65C9A0000-0x00007FF65CCF4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-155-0x00007FF65C9A0000-0x00007FF65CCF4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2111-0x00007FF7CE340000-0x00007FF7CE694000-memory.dmp

Filesize
3.3MB

Download
memory/4916-129-0x00007FF7CE340000-0x00007FF7CE694000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads