xmrig | 54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba

Analysis

max time kernel
143s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
Size

1.8MB
MD5

4da011d1c25c1053a9aaf4da7ef09686
SHA1

93f057fa8ac1ea9316f233c676706d6e60d5cf9d
SHA256

54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba
SHA512

d668091776f22f8bc5344a45904d9977167c5d2154286a4bac3be7150fde6073d8d2b2388bf73abdc79c37f6dfd7628c24d0aa89636ff757a2ba6b9d5fb0d823
SSDEEP

49152:ROdWCCi7/rahOYilJ51sr8FNI9rxzTpql:RWWBiba+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/2972-0-0x00007FF7DFEE0000-0x00007FF7E0231000-memory.dmp	UPX
behavioral2/files/0x000800000002341f-4.dat	UPX
behavioral2/memory/4608-8-0x00007FF739390000-0x00007FF7396E1000-memory.dmp	UPX
behavioral2/files/0x0007000000023423-11.dat	UPX
behavioral2/files/0x0007000000023425-20.dat	UPX
behavioral2/files/0x0007000000023427-27.dat	UPX
behavioral2/files/0x0007000000023428-46.dat	UPX
behavioral2/files/0x0007000000023429-52.dat	UPX
behavioral2/files/0x000700000002342a-60.dat	UPX
behavioral2/files/0x000700000002342c-68.dat	UPX
behavioral2/files/0x000700000002342e-78.dat	UPX
behavioral2/files/0x0007000000023434-100.dat	UPX
behavioral2/files/0x0007000000023437-123.dat	UPX
behavioral2/files/0x000700000002343b-135.dat	UPX
behavioral2/files/0x000700000002343c-148.dat	UPX
behavioral2/memory/4156-519-0x00007FF791F60000-0x00007FF7922B1000-memory.dmp	UPX
behavioral2/memory/3712-521-0x00007FF70B8A0000-0x00007FF70BBF1000-memory.dmp	UPX
behavioral2/memory/2892-520-0x00007FF719810000-0x00007FF719B61000-memory.dmp	UPX
behavioral2/files/0x0007000000023442-170.dat	UPX
behavioral2/files/0x0007000000023440-168.dat	UPX
behavioral2/files/0x0007000000023441-165.dat	UPX
behavioral2/files/0x000700000002343f-160.dat	UPX
behavioral2/files/0x000700000002343e-156.dat	UPX
behavioral2/files/0x000700000002343d-153.dat	UPX
behavioral2/files/0x000700000002343a-138.dat	UPX
behavioral2/files/0x0007000000023439-133.dat	UPX
behavioral2/files/0x0007000000023438-128.dat	UPX
behavioral2/files/0x0007000000023436-118.dat	UPX
behavioral2/files/0x0007000000023435-113.dat	UPX
behavioral2/files/0x0007000000023433-103.dat	UPX
behavioral2/files/0x0007000000023432-98.dat	UPX
behavioral2/files/0x0007000000023431-93.dat	UPX
behavioral2/files/0x0007000000023430-88.dat	UPX
behavioral2/files/0x000700000002342f-83.dat	UPX
behavioral2/files/0x000700000002342d-73.dat	UPX
behavioral2/files/0x000700000002342b-58.dat	UPX
behavioral2/memory/2096-45-0x00007FF6C58B0000-0x00007FF6C5C01000-memory.dmp	UPX
behavioral2/memory/2588-42-0x00007FF700FA0000-0x00007FF7012F1000-memory.dmp	UPX
behavioral2/files/0x0007000000023426-40.dat	UPX
behavioral2/memory/5116-34-0x00007FF683E00000-0x00007FF684151000-memory.dmp	UPX
behavioral2/memory/1372-33-0x00007FF70A4B0000-0x00007FF70A801000-memory.dmp	UPX
behavioral2/memory/4100-29-0x00007FF66FA00000-0x00007FF66FD51000-memory.dmp	UPX
behavioral2/files/0x0007000000023424-22.dat	UPX
behavioral2/memory/3068-17-0x00007FF65CAF0000-0x00007FF65CE41000-memory.dmp	UPX
behavioral2/memory/4956-522-0x00007FF733ED0000-0x00007FF734221000-memory.dmp	UPX
behavioral2/memory/4088-524-0x00007FF63CB30000-0x00007FF63CE81000-memory.dmp	UPX
behavioral2/memory/1764-523-0x00007FF754040000-0x00007FF754391000-memory.dmp	UPX
behavioral2/memory/2456-526-0x00007FF6024E0000-0x00007FF602831000-memory.dmp	UPX
behavioral2/memory/1876-527-0x00007FF7AE160000-0x00007FF7AE4B1000-memory.dmp	UPX
behavioral2/memory/3960-528-0x00007FF7CE330000-0x00007FF7CE681000-memory.dmp	UPX
behavioral2/memory/1940-525-0x00007FF62CB00000-0x00007FF62CE51000-memory.dmp	UPX
behavioral2/memory/1736-551-0x00007FF7A78E0000-0x00007FF7A7C31000-memory.dmp	UPX
behavioral2/memory/1440-556-0x00007FF6DE200000-0x00007FF6DE551000-memory.dmp	UPX
behavioral2/memory/3500-570-0x00007FF6D1CF0000-0x00007FF6D2041000-memory.dmp	UPX
behavioral2/memory/3220-569-0x00007FF601180000-0x00007FF6014D1000-memory.dmp	UPX
behavioral2/memory/1516-563-0x00007FF75D800000-0x00007FF75DB51000-memory.dmp	UPX
behavioral2/memory/1212-550-0x00007FF7FCCC0000-0x00007FF7FD011000-memory.dmp	UPX
behavioral2/memory/632-546-0x00007FF6A9810000-0x00007FF6A9B61000-memory.dmp	UPX
behavioral2/memory/3516-544-0x00007FF7C9FA0000-0x00007FF7CA2F1000-memory.dmp	UPX
behavioral2/memory/740-543-0x00007FF798440000-0x00007FF798791000-memory.dmp	UPX
behavioral2/memory/4492-537-0x00007FF7CD070000-0x00007FF7CD3C1000-memory.dmp	UPX
behavioral2/memory/4988-536-0x00007FF6AED60000-0x00007FF6AF0B1000-memory.dmp	UPX
behavioral2/memory/5084-533-0x00007FF6879E0000-0x00007FF687D31000-memory.dmp	UPX
behavioral2/memory/2972-2171-0x00007FF7DFEE0000-0x00007FF7E0231000-memory.dmp	UPX

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/3712-521-0x00007FF70B8A0000-0x00007FF70BBF1000-memory.dmp	xmrig
behavioral2/memory/2892-520-0x00007FF719810000-0x00007FF719B61000-memory.dmp	xmrig
behavioral2/memory/3068-17-0x00007FF65CAF0000-0x00007FF65CE41000-memory.dmp	xmrig
behavioral2/memory/4956-522-0x00007FF733ED0000-0x00007FF734221000-memory.dmp	xmrig
behavioral2/memory/4088-524-0x00007FF63CB30000-0x00007FF63CE81000-memory.dmp	xmrig
behavioral2/memory/1764-523-0x00007FF754040000-0x00007FF754391000-memory.dmp	xmrig
behavioral2/memory/2456-526-0x00007FF6024E0000-0x00007FF602831000-memory.dmp	xmrig
behavioral2/memory/1876-527-0x00007FF7AE160000-0x00007FF7AE4B1000-memory.dmp	xmrig
behavioral2/memory/3960-528-0x00007FF7CE330000-0x00007FF7CE681000-memory.dmp	xmrig
behavioral2/memory/1940-525-0x00007FF62CB00000-0x00007FF62CE51000-memory.dmp	xmrig
behavioral2/memory/1736-551-0x00007FF7A78E0000-0x00007FF7A7C31000-memory.dmp	xmrig
behavioral2/memory/1440-556-0x00007FF6DE200000-0x00007FF6DE551000-memory.dmp	xmrig
behavioral2/memory/3500-570-0x00007FF6D1CF0000-0x00007FF6D2041000-memory.dmp	xmrig
behavioral2/memory/3220-569-0x00007FF601180000-0x00007FF6014D1000-memory.dmp	xmrig
behavioral2/memory/1516-563-0x00007FF75D800000-0x00007FF75DB51000-memory.dmp	xmrig
behavioral2/memory/1212-550-0x00007FF7FCCC0000-0x00007FF7FD011000-memory.dmp	xmrig
behavioral2/memory/632-546-0x00007FF6A9810000-0x00007FF6A9B61000-memory.dmp	xmrig
behavioral2/memory/3516-544-0x00007FF7C9FA0000-0x00007FF7CA2F1000-memory.dmp	xmrig
behavioral2/memory/740-543-0x00007FF798440000-0x00007FF798791000-memory.dmp	xmrig
behavioral2/memory/4492-537-0x00007FF7CD070000-0x00007FF7CD3C1000-memory.dmp	xmrig
behavioral2/memory/4988-536-0x00007FF6AED60000-0x00007FF6AF0B1000-memory.dmp	xmrig
behavioral2/memory/5084-533-0x00007FF6879E0000-0x00007FF687D31000-memory.dmp	xmrig
behavioral2/memory/2972-2171-0x00007FF7DFEE0000-0x00007FF7E0231000-memory.dmp	xmrig
behavioral2/memory/4608-2211-0x00007FF739390000-0x00007FF7396E1000-memory.dmp	xmrig
behavioral2/memory/4100-2212-0x00007FF66FA00000-0x00007FF66FD51000-memory.dmp	xmrig
behavioral2/memory/2096-2241-0x00007FF6C58B0000-0x00007FF6C5C01000-memory.dmp	xmrig
behavioral2/memory/5116-2240-0x00007FF683E00000-0x00007FF684151000-memory.dmp	xmrig
behavioral2/memory/1372-2239-0x00007FF70A4B0000-0x00007FF70A801000-memory.dmp	xmrig
behavioral2/memory/4156-2243-0x00007FF791F60000-0x00007FF7922B1000-memory.dmp	xmrig
behavioral2/memory/2588-2242-0x00007FF700FA0000-0x00007FF7012F1000-memory.dmp	xmrig
behavioral2/memory/4608-2260-0x00007FF739390000-0x00007FF7396E1000-memory.dmp	xmrig
behavioral2/memory/3068-2262-0x00007FF65CAF0000-0x00007FF65CE41000-memory.dmp	xmrig
behavioral2/memory/4100-2264-0x00007FF66FA00000-0x00007FF66FD51000-memory.dmp	xmrig
behavioral2/memory/2588-2266-0x00007FF700FA0000-0x00007FF7012F1000-memory.dmp	xmrig
behavioral2/memory/1372-2270-0x00007FF70A4B0000-0x00007FF70A801000-memory.dmp	xmrig
behavioral2/memory/5116-2268-0x00007FF683E00000-0x00007FF684151000-memory.dmp	xmrig
behavioral2/memory/2096-2272-0x00007FF6C58B0000-0x00007FF6C5C01000-memory.dmp	xmrig
behavioral2/memory/4156-2274-0x00007FF791F60000-0x00007FF7922B1000-memory.dmp	xmrig
behavioral2/memory/3712-2276-0x00007FF70B8A0000-0x00007FF70BBF1000-memory.dmp	xmrig
behavioral2/memory/4088-2286-0x00007FF63CB30000-0x00007FF63CE81000-memory.dmp	xmrig
behavioral2/memory/1940-2288-0x00007FF62CB00000-0x00007FF62CE51000-memory.dmp	xmrig
behavioral2/memory/2456-2290-0x00007FF6024E0000-0x00007FF602831000-memory.dmp	xmrig
behavioral2/memory/1764-2284-0x00007FF754040000-0x00007FF754391000-memory.dmp	xmrig
behavioral2/memory/4956-2282-0x00007FF733ED0000-0x00007FF734221000-memory.dmp	xmrig
behavioral2/memory/3500-2280-0x00007FF6D1CF0000-0x00007FF6D2041000-memory.dmp	xmrig
behavioral2/memory/2892-2278-0x00007FF719810000-0x00007FF719B61000-memory.dmp	xmrig
behavioral2/memory/1876-2294-0x00007FF7AE160000-0x00007FF7AE4B1000-memory.dmp	xmrig
behavioral2/memory/3516-2298-0x00007FF7C9FA0000-0x00007FF7CA2F1000-memory.dmp	xmrig
behavioral2/memory/4492-2306-0x00007FF7CD070000-0x00007FF7CD3C1000-memory.dmp	xmrig
behavioral2/memory/1212-2308-0x00007FF7FCCC0000-0x00007FF7FD011000-memory.dmp	xmrig
behavioral2/memory/740-2304-0x00007FF798440000-0x00007FF798791000-memory.dmp	xmrig
behavioral2/memory/4988-2302-0x00007FF6AED60000-0x00007FF6AF0B1000-memory.dmp	xmrig
behavioral2/memory/632-2300-0x00007FF6A9810000-0x00007FF6A9B61000-memory.dmp	xmrig
behavioral2/memory/5084-2296-0x00007FF6879E0000-0x00007FF687D31000-memory.dmp	xmrig
behavioral2/memory/3960-2292-0x00007FF7CE330000-0x00007FF7CE681000-memory.dmp	xmrig
behavioral2/memory/1516-2322-0x00007FF75D800000-0x00007FF75DB51000-memory.dmp	xmrig
behavioral2/memory/3220-2315-0x00007FF601180000-0x00007FF6014D1000-memory.dmp	xmrig
behavioral2/memory/1736-2312-0x00007FF7A78E0000-0x00007FF7A7C31000-memory.dmp	xmrig
behavioral2/memory/1440-2311-0x00007FF6DE200000-0x00007FF6DE551000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4608	seGSVfN.exe
3068	eDmiXmA.exe
4100	EaSIdfH.exe
2588	bwtekBb.exe
1372	jtnQRCZ.exe
5116	fQSMqNk.exe
2096	FjliBBH.exe
4156	rzWbDsl.exe
3500	mKuusUk.exe
2892	zbMNANV.exe
3712	ebhJdEi.exe
4956	bjFvIaY.exe
1764	fOjKePc.exe
4088	RRZknaG.exe
1940	ebajciO.exe
2456	AttCqqv.exe
1876	QGBsPNU.exe
3960	OWLjNXn.exe
5084	LYAXptr.exe
4988	csnFtYH.exe
4492	bZrbzaq.exe
740	yxhKTWQ.exe
3516	UJJqNne.exe
632	apxuguF.exe
1212	YaSAOzL.exe
1736	yxLYPjU.exe
1440	pEPprfe.exe
1516	SIauFdB.exe
3220	tWygdsw.exe
4668	wwOVvXI.exe
5092	APeSWrM.exe
1620	cHZiiVL.exe
4544	APCrBZr.exe
3704	azFSLof.exe
5060	RqRtCgO.exe
748	LerbpJY.exe
1064	xJUUypg.exe
3980	zmhrPIc.exe
3616	PDTmSOp.exe
2164	yTtftzi.exe
3344	XTrvPEe.exe
1248	oIJTcQp.exe
1968	AvjFHmn.exe
2308	kuGfBuk.exe
4264	RpoglOB.exe
1068	Rqplqaz.exe
4420	yICvpWy.exe
2744	sbktefS.exe
4720	SmsdyjR.exe
1804	xbjSwTW.exe
1708	pekwIOU.exe
4108	CzuYqGq.exe
3736	KCCvXne.exe
4404	mykaiKM.exe
4408	GCWbYJY.exe
4220	FGERoMi.exe
4284	BAiOhGp.exe
3932	UbvnZYy.exe
1492	jsyXLKg.exe
3912	NpsRiIC.exe
5068	DiXdVpA.exe
2996	MZZCVoP.exe
884	VMxafgB.exe
4124	ZRqoBoU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2972-0-0x00007FF7DFEE0000-0x00007FF7E0231000-memory.dmp	upx
behavioral2/files/0x000800000002341f-4.dat	upx
behavioral2/memory/4608-8-0x00007FF739390000-0x00007FF7396E1000-memory.dmp	upx
behavioral2/files/0x0007000000023423-11.dat	upx
behavioral2/files/0x0007000000023425-20.dat	upx
behavioral2/files/0x0007000000023427-27.dat	upx
behavioral2/files/0x0007000000023428-46.dat	upx
behavioral2/files/0x0007000000023429-52.dat	upx
behavioral2/files/0x000700000002342a-60.dat	upx
behavioral2/files/0x000700000002342c-68.dat	upx
behavioral2/files/0x000700000002342e-78.dat	upx
behavioral2/files/0x0007000000023434-100.dat	upx
behavioral2/files/0x0007000000023437-123.dat	upx
behavioral2/files/0x000700000002343b-135.dat	upx
behavioral2/files/0x000700000002343c-148.dat	upx
behavioral2/memory/4156-519-0x00007FF791F60000-0x00007FF7922B1000-memory.dmp	upx
behavioral2/memory/3712-521-0x00007FF70B8A0000-0x00007FF70BBF1000-memory.dmp	upx
behavioral2/memory/2892-520-0x00007FF719810000-0x00007FF719B61000-memory.dmp	upx
behavioral2/files/0x0007000000023442-170.dat	upx
behavioral2/files/0x0007000000023440-168.dat	upx
behavioral2/files/0x0007000000023441-165.dat	upx
behavioral2/files/0x000700000002343f-160.dat	upx
behavioral2/files/0x000700000002343e-156.dat	upx
behavioral2/files/0x000700000002343d-153.dat	upx
behavioral2/files/0x000700000002343a-138.dat	upx
behavioral2/files/0x0007000000023439-133.dat	upx
behavioral2/files/0x0007000000023438-128.dat	upx
behavioral2/files/0x0007000000023436-118.dat	upx
behavioral2/files/0x0007000000023435-113.dat	upx
behavioral2/files/0x0007000000023433-103.dat	upx
behavioral2/files/0x0007000000023432-98.dat	upx
behavioral2/files/0x0007000000023431-93.dat	upx
behavioral2/files/0x0007000000023430-88.dat	upx
behavioral2/files/0x000700000002342f-83.dat	upx
behavioral2/files/0x000700000002342d-73.dat	upx
behavioral2/files/0x000700000002342b-58.dat	upx
behavioral2/memory/2096-45-0x00007FF6C58B0000-0x00007FF6C5C01000-memory.dmp	upx
behavioral2/memory/2588-42-0x00007FF700FA0000-0x00007FF7012F1000-memory.dmp	upx
behavioral2/files/0x0007000000023426-40.dat	upx
behavioral2/memory/5116-34-0x00007FF683E00000-0x00007FF684151000-memory.dmp	upx
behavioral2/memory/1372-33-0x00007FF70A4B0000-0x00007FF70A801000-memory.dmp	upx
behavioral2/memory/4100-29-0x00007FF66FA00000-0x00007FF66FD51000-memory.dmp	upx
behavioral2/files/0x0007000000023424-22.dat	upx
behavioral2/memory/3068-17-0x00007FF65CAF0000-0x00007FF65CE41000-memory.dmp	upx
behavioral2/memory/4956-522-0x00007FF733ED0000-0x00007FF734221000-memory.dmp	upx
behavioral2/memory/4088-524-0x00007FF63CB30000-0x00007FF63CE81000-memory.dmp	upx
behavioral2/memory/1764-523-0x00007FF754040000-0x00007FF754391000-memory.dmp	upx
behavioral2/memory/2456-526-0x00007FF6024E0000-0x00007FF602831000-memory.dmp	upx
behavioral2/memory/1876-527-0x00007FF7AE160000-0x00007FF7AE4B1000-memory.dmp	upx
behavioral2/memory/3960-528-0x00007FF7CE330000-0x00007FF7CE681000-memory.dmp	upx
behavioral2/memory/1940-525-0x00007FF62CB00000-0x00007FF62CE51000-memory.dmp	upx
behavioral2/memory/1736-551-0x00007FF7A78E0000-0x00007FF7A7C31000-memory.dmp	upx
behavioral2/memory/1440-556-0x00007FF6DE200000-0x00007FF6DE551000-memory.dmp	upx
behavioral2/memory/3500-570-0x00007FF6D1CF0000-0x00007FF6D2041000-memory.dmp	upx
behavioral2/memory/3220-569-0x00007FF601180000-0x00007FF6014D1000-memory.dmp	upx
behavioral2/memory/1516-563-0x00007FF75D800000-0x00007FF75DB51000-memory.dmp	upx
behavioral2/memory/1212-550-0x00007FF7FCCC0000-0x00007FF7FD011000-memory.dmp	upx
behavioral2/memory/632-546-0x00007FF6A9810000-0x00007FF6A9B61000-memory.dmp	upx
behavioral2/memory/3516-544-0x00007FF7C9FA0000-0x00007FF7CA2F1000-memory.dmp	upx
behavioral2/memory/740-543-0x00007FF798440000-0x00007FF798791000-memory.dmp	upx
behavioral2/memory/4492-537-0x00007FF7CD070000-0x00007FF7CD3C1000-memory.dmp	upx
behavioral2/memory/4988-536-0x00007FF6AED60000-0x00007FF6AF0B1000-memory.dmp	upx
behavioral2/memory/5084-533-0x00007FF6879E0000-0x00007FF687D31000-memory.dmp	upx
behavioral2/memory/2972-2171-0x00007FF7DFEE0000-0x00007FF7E0231000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yIiGlHa.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\NszDWio.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\WbeYVoM.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\fFJfyPy.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\CIfZWic.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\kOIHwJl.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\sItYbQi.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\oMRVNux.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\CpihVih.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\SmsdyjR.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\GGXqdja.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\dxceZgv.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\DQprtur.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\IJDOFZA.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\OOYobjT.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\rxGYfik.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\KgyxIrJ.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\KMtvrEF.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\qsBHhaY.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\eDmiXmA.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\jAFxFcO.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\SsZJYhI.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\NFVbGjy.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\BgwYPTG.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\oFfjrYl.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\kHdSOCH.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\MTEjLps.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\gwqfxcF.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\hUiNoNQ.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\ThMuBty.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\BAiOhGp.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\zZlnLoF.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\ZdnfvsI.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\hQtVeEy.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\IBLgIqa.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\pEJUYmQ.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\kMBCuVR.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\hpQgSTW.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\EuzhjqT.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\HZrXtlv.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\BWAnOcn.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\mGhhDjf.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\cHKvRJH.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\usjwqPv.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\ebhJdEi.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\AnhFrDU.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\raNIoMF.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\DsWdtvS.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\QrkVmWW.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\JQKJoWV.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\hhbuKMv.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\ohyqzQQ.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\rJapWiz.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\dttPguw.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\sDlrpwY.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\IaHUqLY.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\derurRk.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\viaiuvw.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\wtrtQUh.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\zDRqzaa.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\dzbWhyV.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\sNydLuQ.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\FgllFJJ.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
File created	C:\Windows\System\epobRMi.exe	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14184	dwm.exe
Token: SeChangeNotifyPrivilege	14184	dwm.exe
Token: 33	14184	dwm.exe
Token: SeIncBasePriorityPrivilege	14184	dwm.exe
Token: SeShutdownPrivilege	14184	dwm.exe
Token: SeCreatePagefilePrivilege	14184	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 4608	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	83
PID 2972 wrote to memory of 4608	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	83
PID 2972 wrote to memory of 3068	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	84
PID 2972 wrote to memory of 3068	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	84
PID 2972 wrote to memory of 4100	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	85
PID 2972 wrote to memory of 4100	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	85
PID 2972 wrote to memory of 2588	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	86
PID 2972 wrote to memory of 2588	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	86
PID 2972 wrote to memory of 1372	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	87
PID 2972 wrote to memory of 1372	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	87
PID 2972 wrote to memory of 5116	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	88
PID 2972 wrote to memory of 5116	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	88
PID 2972 wrote to memory of 2096	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	89
PID 2972 wrote to memory of 2096	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	89
PID 2972 wrote to memory of 4156	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	90
PID 2972 wrote to memory of 4156	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	90
PID 2972 wrote to memory of 2892	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	91
PID 2972 wrote to memory of 2892	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	91
PID 2972 wrote to memory of 3500	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	92
PID 2972 wrote to memory of 3500	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	92
PID 2972 wrote to memory of 3712	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	93
PID 2972 wrote to memory of 3712	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	93
PID 2972 wrote to memory of 4956	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	94
PID 2972 wrote to memory of 4956	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	94
PID 2972 wrote to memory of 1764	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	95
PID 2972 wrote to memory of 1764	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	95
PID 2972 wrote to memory of 4088	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	96
PID 2972 wrote to memory of 4088	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	96
PID 2972 wrote to memory of 1940	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	97
PID 2972 wrote to memory of 1940	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	97
PID 2972 wrote to memory of 2456	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	98
PID 2972 wrote to memory of 2456	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	98
PID 2972 wrote to memory of 1876	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	99
PID 2972 wrote to memory of 1876	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	99
PID 2972 wrote to memory of 3960	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	100
PID 2972 wrote to memory of 3960	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	100
PID 2972 wrote to memory of 5084	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	101
PID 2972 wrote to memory of 5084	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	101
PID 2972 wrote to memory of 4988	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	102
PID 2972 wrote to memory of 4988	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	102
PID 2972 wrote to memory of 4492	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	103
PID 2972 wrote to memory of 4492	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	103
PID 2972 wrote to memory of 740	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	104
PID 2972 wrote to memory of 740	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	104
PID 2972 wrote to memory of 3516	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	105
PID 2972 wrote to memory of 3516	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	105
PID 2972 wrote to memory of 632	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	106
PID 2972 wrote to memory of 632	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	106
PID 2972 wrote to memory of 1212	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	107
PID 2972 wrote to memory of 1212	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	107
PID 2972 wrote to memory of 1736	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	108
PID 2972 wrote to memory of 1736	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	108
PID 2972 wrote to memory of 1440	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	109
PID 2972 wrote to memory of 1440	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	109
PID 2972 wrote to memory of 1516	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	110
PID 2972 wrote to memory of 1516	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	110
PID 2972 wrote to memory of 3220	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	111
PID 2972 wrote to memory of 3220	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	111
PID 2972 wrote to memory of 4668	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	112
PID 2972 wrote to memory of 4668	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	112
PID 2972 wrote to memory of 5092	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	113
PID 2972 wrote to memory of 5092	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	113
PID 2972 wrote to memory of 1620	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	114
PID 2972 wrote to memory of 1620	2972	54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe	114

C:\Users\Admin\AppData\Local\Temp\54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe
"C:\Users\Admin\AppData\Local\Temp\54b73e1f3e85fb8b83c684e86d9b1f62be53f6adc95b2d78fcfcf0fda9e569ba.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\System\seGSVfN.exe
  C:\Windows\System\seGSVfN.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\eDmiXmA.exe
  C:\Windows\System\eDmiXmA.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\EaSIdfH.exe
  C:\Windows\System\EaSIdfH.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\bwtekBb.exe
  C:\Windows\System\bwtekBb.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\jtnQRCZ.exe
  C:\Windows\System\jtnQRCZ.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\fQSMqNk.exe
  C:\Windows\System\fQSMqNk.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\FjliBBH.exe
  C:\Windows\System\FjliBBH.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\rzWbDsl.exe
  C:\Windows\System\rzWbDsl.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\zbMNANV.exe
  C:\Windows\System\zbMNANV.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\mKuusUk.exe
  C:\Windows\System\mKuusUk.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\ebhJdEi.exe
  C:\Windows\System\ebhJdEi.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\bjFvIaY.exe
  C:\Windows\System\bjFvIaY.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\fOjKePc.exe
  C:\Windows\System\fOjKePc.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\RRZknaG.exe
  C:\Windows\System\RRZknaG.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\ebajciO.exe
  C:\Windows\System\ebajciO.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\AttCqqv.exe
  C:\Windows\System\AttCqqv.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\QGBsPNU.exe
  C:\Windows\System\QGBsPNU.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\OWLjNXn.exe
  C:\Windows\System\OWLjNXn.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\LYAXptr.exe
  C:\Windows\System\LYAXptr.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\csnFtYH.exe
  C:\Windows\System\csnFtYH.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\bZrbzaq.exe
  C:\Windows\System\bZrbzaq.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\yxhKTWQ.exe
  C:\Windows\System\yxhKTWQ.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\UJJqNne.exe
  C:\Windows\System\UJJqNne.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\apxuguF.exe
  C:\Windows\System\apxuguF.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\YaSAOzL.exe
  C:\Windows\System\YaSAOzL.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\yxLYPjU.exe
  C:\Windows\System\yxLYPjU.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\pEPprfe.exe
  C:\Windows\System\pEPprfe.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\SIauFdB.exe
  C:\Windows\System\SIauFdB.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\tWygdsw.exe
  C:\Windows\System\tWygdsw.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\wwOVvXI.exe
  C:\Windows\System\wwOVvXI.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\APeSWrM.exe
  C:\Windows\System\APeSWrM.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\cHZiiVL.exe
  C:\Windows\System\cHZiiVL.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\APCrBZr.exe
  C:\Windows\System\APCrBZr.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\azFSLof.exe
  C:\Windows\System\azFSLof.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\RqRtCgO.exe
  C:\Windows\System\RqRtCgO.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\LerbpJY.exe
  C:\Windows\System\LerbpJY.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\xJUUypg.exe
  C:\Windows\System\xJUUypg.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\zmhrPIc.exe
  C:\Windows\System\zmhrPIc.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\PDTmSOp.exe
  C:\Windows\System\PDTmSOp.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\yTtftzi.exe
  C:\Windows\System\yTtftzi.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\XTrvPEe.exe
  C:\Windows\System\XTrvPEe.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\oIJTcQp.exe
  C:\Windows\System\oIJTcQp.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\AvjFHmn.exe
  C:\Windows\System\AvjFHmn.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\kuGfBuk.exe
  C:\Windows\System\kuGfBuk.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\RpoglOB.exe
  C:\Windows\System\RpoglOB.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\Rqplqaz.exe
  C:\Windows\System\Rqplqaz.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\yICvpWy.exe
  C:\Windows\System\yICvpWy.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\sbktefS.exe
  C:\Windows\System\sbktefS.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\SmsdyjR.exe
  C:\Windows\System\SmsdyjR.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\xbjSwTW.exe
  C:\Windows\System\xbjSwTW.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\pekwIOU.exe
  C:\Windows\System\pekwIOU.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\CzuYqGq.exe
  C:\Windows\System\CzuYqGq.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\KCCvXne.exe
  C:\Windows\System\KCCvXne.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\mykaiKM.exe
  C:\Windows\System\mykaiKM.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\GCWbYJY.exe
  C:\Windows\System\GCWbYJY.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\FGERoMi.exe
  C:\Windows\System\FGERoMi.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\BAiOhGp.exe
  C:\Windows\System\BAiOhGp.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\UbvnZYy.exe
  C:\Windows\System\UbvnZYy.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\jsyXLKg.exe
  C:\Windows\System\jsyXLKg.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\NpsRiIC.exe
  C:\Windows\System\NpsRiIC.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\DiXdVpA.exe
  C:\Windows\System\DiXdVpA.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\MZZCVoP.exe
  C:\Windows\System\MZZCVoP.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\VMxafgB.exe
  C:\Windows\System\VMxafgB.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\ZRqoBoU.exe
  C:\Windows\System\ZRqoBoU.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\EELJJVG.exe
  C:\Windows\System\EELJJVG.exe
  2⤵
  PID:2536
- C:\Windows\System\WzGxFIc.exe
  C:\Windows\System\WzGxFIc.exe
  2⤵
  PID:4248
- C:\Windows\System\PGSjIvA.exe
  C:\Windows\System\PGSjIvA.exe
  2⤵
  PID:4728
- C:\Windows\System\bcKeeEG.exe
  C:\Windows\System\bcKeeEG.exe
  2⤵
  PID:4252
- C:\Windows\System\qAaMiqP.exe
  C:\Windows\System\qAaMiqP.exe
  2⤵
  PID:4808
- C:\Windows\System\plVcvrZ.exe
  C:\Windows\System\plVcvrZ.exe
  2⤵
  PID:4780
- C:\Windows\System\lINKLoY.exe
  C:\Windows\System\lINKLoY.exe
  2⤵
  PID:4028
- C:\Windows\System\HoXECfq.exe
  C:\Windows\System\HoXECfq.exe
  2⤵
  PID:3232
- C:\Windows\System\XwAVOkF.exe
  C:\Windows\System\XwAVOkF.exe
  2⤵
  PID:4652
- C:\Windows\System\TqfAZrx.exe
  C:\Windows\System\TqfAZrx.exe
  2⤵
  PID:2616
- C:\Windows\System\MmuHVWV.exe
  C:\Windows\System\MmuHVWV.exe
  2⤵
  PID:4528
- C:\Windows\System\TNEHxsw.exe
  C:\Windows\System\TNEHxsw.exe
  2⤵
  PID:1972
- C:\Windows\System\szOhAHb.exe
  C:\Windows\System\szOhAHb.exe
  2⤵
  PID:2312
- C:\Windows\System\BgwYPTG.exe
  C:\Windows\System\BgwYPTG.exe
  2⤵
  PID:4344
- C:\Windows\System\rwEuNbF.exe
  C:\Windows\System\rwEuNbF.exe
  2⤵
  PID:1976
- C:\Windows\System\KoVdocH.exe
  C:\Windows\System\KoVdocH.exe
  2⤵
  PID:1436
- C:\Windows\System\GGXqdja.exe
  C:\Windows\System\GGXqdja.exe
  2⤵
  PID:2092
- C:\Windows\System\vHyzhAe.exe
  C:\Windows\System\vHyzhAe.exe
  2⤵
  PID:2088
- C:\Windows\System\ZuAIHTF.exe
  C:\Windows\System\ZuAIHTF.exe
  2⤵
  PID:1432
- C:\Windows\System\iZIpyxX.exe
  C:\Windows\System\iZIpyxX.exe
  2⤵
  PID:2788
- C:\Windows\System\yzQHZQG.exe
  C:\Windows\System\yzQHZQG.exe
  2⤵
  PID:3292
- C:\Windows\System\lviJUEb.exe
  C:\Windows\System\lviJUEb.exe
  2⤵
  PID:3724
- C:\Windows\System\dxceZgv.exe
  C:\Windows\System\dxceZgv.exe
  2⤵
  PID:512
- C:\Windows\System\sDlrpwY.exe
  C:\Windows\System\sDlrpwY.exe
  2⤵
  PID:4804
- C:\Windows\System\eZNImbf.exe
  C:\Windows\System\eZNImbf.exe
  2⤵
  PID:1476
- C:\Windows\System\tPDIDyw.exe
  C:\Windows\System\tPDIDyw.exe
  2⤵
  PID:5144
- C:\Windows\System\hlfJZYd.exe
  C:\Windows\System\hlfJZYd.exe
  2⤵
  PID:5172
- C:\Windows\System\wtrtQUh.exe
  C:\Windows\System\wtrtQUh.exe
  2⤵
  PID:5200
- C:\Windows\System\HMcHgTd.exe
  C:\Windows\System\HMcHgTd.exe
  2⤵
  PID:5228
- C:\Windows\System\uNjEypT.exe
  C:\Windows\System\uNjEypT.exe
  2⤵
  PID:5256
- C:\Windows\System\dGmTUxG.exe
  C:\Windows\System\dGmTUxG.exe
  2⤵
  PID:5284
- C:\Windows\System\aWvxwtZ.exe
  C:\Windows\System\aWvxwtZ.exe
  2⤵
  PID:5308
- C:\Windows\System\QrkVmWW.exe
  C:\Windows\System\QrkVmWW.exe
  2⤵
  PID:5340
- C:\Windows\System\quYMjyD.exe
  C:\Windows\System\quYMjyD.exe
  2⤵
  PID:5368
- C:\Windows\System\FtPUKoM.exe
  C:\Windows\System\FtPUKoM.exe
  2⤵
  PID:5396
- C:\Windows\System\GgqGPyO.exe
  C:\Windows\System\GgqGPyO.exe
  2⤵
  PID:5424
- C:\Windows\System\elweqAH.exe
  C:\Windows\System\elweqAH.exe
  2⤵
  PID:5452
- C:\Windows\System\EpDuQZz.exe
  C:\Windows\System\EpDuQZz.exe
  2⤵
  PID:5480
- C:\Windows\System\NszDWio.exe
  C:\Windows\System\NszDWio.exe
  2⤵
  PID:5504
- C:\Windows\System\DMtjNra.exe
  C:\Windows\System\DMtjNra.exe
  2⤵
  PID:5532
- C:\Windows\System\AkHsDbn.exe
  C:\Windows\System\AkHsDbn.exe
  2⤵
  PID:5560
- C:\Windows\System\DRmHtRf.exe
  C:\Windows\System\DRmHtRf.exe
  2⤵
  PID:5588
- C:\Windows\System\orFYiSg.exe
  C:\Windows\System\orFYiSg.exe
  2⤵
  PID:5620
- C:\Windows\System\NMdsEhO.exe
  C:\Windows\System\NMdsEhO.exe
  2⤵
  PID:5648
- C:\Windows\System\uheycmn.exe
  C:\Windows\System\uheycmn.exe
  2⤵
  PID:5672
- C:\Windows\System\LgwNWoX.exe
  C:\Windows\System\LgwNWoX.exe
  2⤵
  PID:5700
- C:\Windows\System\mPxpjGM.exe
  C:\Windows\System\mPxpjGM.exe
  2⤵
  PID:5732
- C:\Windows\System\AnhFrDU.exe
  C:\Windows\System\AnhFrDU.exe
  2⤵
  PID:5760
- C:\Windows\System\rIpmZBP.exe
  C:\Windows\System\rIpmZBP.exe
  2⤵
  PID:5784
- C:\Windows\System\XfklhMZ.exe
  C:\Windows\System\XfklhMZ.exe
  2⤵
  PID:5812
- C:\Windows\System\nrvlMfG.exe
  C:\Windows\System\nrvlMfG.exe
  2⤵
  PID:5844
- C:\Windows\System\EZpCTiY.exe
  C:\Windows\System\EZpCTiY.exe
  2⤵
  PID:5868
- C:\Windows\System\bxLQYwI.exe
  C:\Windows\System\bxLQYwI.exe
  2⤵
  PID:5896
- C:\Windows\System\lvbfhTW.exe
  C:\Windows\System\lvbfhTW.exe
  2⤵
  PID:5924
- C:\Windows\System\NCwDLjt.exe
  C:\Windows\System\NCwDLjt.exe
  2⤵
  PID:5956
- C:\Windows\System\nfLeCbx.exe
  C:\Windows\System\nfLeCbx.exe
  2⤵
  PID:5984
- C:\Windows\System\wHIirql.exe
  C:\Windows\System\wHIirql.exe
  2⤵
  PID:6008
- C:\Windows\System\BmnhppQ.exe
  C:\Windows\System\BmnhppQ.exe
  2⤵
  PID:6036
- C:\Windows\System\RuvQJxZ.exe
  C:\Windows\System\RuvQJxZ.exe
  2⤵
  PID:6068
- C:\Windows\System\YzphfBz.exe
  C:\Windows\System\YzphfBz.exe
  2⤵
  PID:6096
- C:\Windows\System\qzggeAl.exe
  C:\Windows\System\qzggeAl.exe
  2⤵
  PID:6124
- C:\Windows\System\jSyaiIr.exe
  C:\Windows\System\jSyaiIr.exe
  2⤵
  PID:3504
- C:\Windows\System\iFzKlNt.exe
  C:\Windows\System\iFzKlNt.exe
  2⤵
  PID:1256
- C:\Windows\System\ZFoUnuH.exe
  C:\Windows\System\ZFoUnuH.exe
  2⤵
  PID:1640
- C:\Windows\System\EuzhjqT.exe
  C:\Windows\System\EuzhjqT.exe
  2⤵
  PID:2384
- C:\Windows\System\bBwuRaI.exe
  C:\Windows\System\bBwuRaI.exe
  2⤵
  PID:5128
- C:\Windows\System\asvEZIx.exe
  C:\Windows\System\asvEZIx.exe
  2⤵
  PID:5184
- C:\Windows\System\RgXbkUP.exe
  C:\Windows\System\RgXbkUP.exe
  2⤵
  PID:5240
- C:\Windows\System\uNWLWik.exe
  C:\Windows\System\uNWLWik.exe
  2⤵
  PID:5300
- C:\Windows\System\ClJtEKj.exe
  C:\Windows\System\ClJtEKj.exe
  2⤵
  PID:5380
- C:\Windows\System\DQprtur.exe
  C:\Windows\System\DQprtur.exe
  2⤵
  PID:5440
- C:\Windows\System\xUqATiB.exe
  C:\Windows\System\xUqATiB.exe
  2⤵
  PID:3028
- C:\Windows\System\lBsOhgn.exe
  C:\Windows\System\lBsOhgn.exe
  2⤵
  PID:5548
- C:\Windows\System\FREeOit.exe
  C:\Windows\System\FREeOit.exe
  2⤵
  PID:5604
- C:\Windows\System\fPIIjbI.exe
  C:\Windows\System\fPIIjbI.exe
  2⤵
  PID:5664
- C:\Windows\System\uImkyUn.exe
  C:\Windows\System\uImkyUn.exe
  2⤵
  PID:5720
- C:\Windows\System\tXHHwrB.exe
  C:\Windows\System\tXHHwrB.exe
  2⤵
  PID:5780
- C:\Windows\System\YSStFGD.exe
  C:\Windows\System\YSStFGD.exe
  2⤵
  PID:5836
- C:\Windows\System\XChrrna.exe
  C:\Windows\System\XChrrna.exe
  2⤵
  PID:5892
- C:\Windows\System\gtnWQqT.exe
  C:\Windows\System\gtnWQqT.exe
  2⤵
  PID:5948
- C:\Windows\System\OqpUDgC.exe
  C:\Windows\System\OqpUDgC.exe
  2⤵
  PID:6004
- C:\Windows\System\oautHJV.exe
  C:\Windows\System\oautHJV.exe
  2⤵
  PID:6084
- C:\Windows\System\AmlUksb.exe
  C:\Windows\System\AmlUksb.exe
  2⤵
  PID:6136
- C:\Windows\System\zZlnLoF.exe
  C:\Windows\System\zZlnLoF.exe
  2⤵
  PID:3640
- C:\Windows\System\KzlWNSV.exe
  C:\Windows\System\KzlWNSV.exe
  2⤵
  PID:1880
- C:\Windows\System\aCTUTYM.exe
  C:\Windows\System\aCTUTYM.exe
  2⤵
  PID:1760
- C:\Windows\System\OFfKxvG.exe
  C:\Windows\System\OFfKxvG.exe
  2⤵
  PID:2116
- C:\Windows\System\SjagEnD.exe
  C:\Windows\System\SjagEnD.exe
  2⤵
  PID:5696
- C:\Windows\System\WpQkXQE.exe
  C:\Windows\System\WpQkXQE.exe
  2⤵
  PID:3236
- C:\Windows\System\dPMAOlI.exe
  C:\Windows\System\dPMAOlI.exe
  2⤵
  PID:5860
- C:\Windows\System\SohgqSI.exe
  C:\Windows\System\SohgqSI.exe
  2⤵
  PID:5972
- C:\Windows\System\RDUuHtH.exe
  C:\Windows\System\RDUuHtH.exe
  2⤵
  PID:2420
- C:\Windows\System\iHvWSmi.exe
  C:\Windows\System\iHvWSmi.exe
  2⤵
  PID:6052
- C:\Windows\System\vrYhepE.exe
  C:\Windows\System\vrYhepE.exe
  2⤵
  PID:3060
- C:\Windows\System\KmtdntR.exe
  C:\Windows\System\KmtdntR.exe
  2⤵
  PID:5040
- C:\Windows\System\UmaWOhC.exe
  C:\Windows\System\UmaWOhC.exe
  2⤵
  PID:224
- C:\Windows\System\ffWDMFO.exe
  C:\Windows\System\ffWDMFO.exe
  2⤵
  PID:2524
- C:\Windows\System\fIZhFQz.exe
  C:\Windows\System\fIZhFQz.exe
  2⤵
  PID:4624
- C:\Windows\System\MCfRRlw.exe
  C:\Windows\System\MCfRRlw.exe
  2⤵
  PID:2392
- C:\Windows\System\ouBpSlK.exe
  C:\Windows\System\ouBpSlK.exe
  2⤵
  PID:2676
- C:\Windows\System\tnxjOWS.exe
  C:\Windows\System\tnxjOWS.exe
  2⤵
  PID:1328
- C:\Windows\System\oPYSBsM.exe
  C:\Windows\System\oPYSBsM.exe
  2⤵
  PID:5524
- C:\Windows\System\UxKtfYH.exe
  C:\Windows\System\UxKtfYH.exe
  2⤵
  PID:2540
- C:\Windows\System\cayjsGd.exe
  C:\Windows\System\cayjsGd.exe
  2⤵
  PID:2280
- C:\Windows\System\ApDqIde.exe
  C:\Windows\System\ApDqIde.exe
  2⤵
  PID:5332
- C:\Windows\System\vpByUmd.exe
  C:\Windows\System\vpByUmd.exe
  2⤵
  PID:4640
- C:\Windows\System\kOIHwJl.exe
  C:\Windows\System\kOIHwJl.exe
  2⤵
  PID:3608
- C:\Windows\System\SvXejJB.exe
  C:\Windows\System\SvXejJB.exe
  2⤵
  PID:3176
- C:\Windows\System\NkdcReR.exe
  C:\Windows\System\NkdcReR.exe
  2⤵
  PID:3756
- C:\Windows\System\XfKfKUW.exe
  C:\Windows\System\XfKfKUW.exe
  2⤵
  PID:5944
- C:\Windows\System\hnUcdxr.exe
  C:\Windows\System\hnUcdxr.exe
  2⤵
  PID:5468
- C:\Windows\System\VtksPPp.exe
  C:\Windows\System\VtksPPp.exe
  2⤵
  PID:6148
- C:\Windows\System\meAfslu.exe
  C:\Windows\System\meAfslu.exe
  2⤵
  PID:6184
- C:\Windows\System\IVvjERI.exe
  C:\Windows\System\IVvjERI.exe
  2⤵
  PID:6204
- C:\Windows\System\mrTJWhs.exe
  C:\Windows\System\mrTJWhs.exe
  2⤵
  PID:6228
- C:\Windows\System\ADsuZDw.exe
  C:\Windows\System\ADsuZDw.exe
  2⤵
  PID:6248
- C:\Windows\System\KuuZIgF.exe
  C:\Windows\System\KuuZIgF.exe
  2⤵
  PID:6312
- C:\Windows\System\xgWBvbl.exe
  C:\Windows\System\xgWBvbl.exe
  2⤵
  PID:6332
- C:\Windows\System\jCroWvM.exe
  C:\Windows\System\jCroWvM.exe
  2⤵
  PID:6356
- C:\Windows\System\mjuyLpr.exe
  C:\Windows\System\mjuyLpr.exe
  2⤵
  PID:6384
- C:\Windows\System\OrLreZb.exe
  C:\Windows\System\OrLreZb.exe
  2⤵
  PID:6412
- C:\Windows\System\zDRqzaa.exe
  C:\Windows\System\zDRqzaa.exe
  2⤵
  PID:6460
- C:\Windows\System\wWyVZNl.exe
  C:\Windows\System\wWyVZNl.exe
  2⤵
  PID:6476
- C:\Windows\System\WwOKdfi.exe
  C:\Windows\System\WwOKdfi.exe
  2⤵
  PID:6496
- C:\Windows\System\RSyCFza.exe
  C:\Windows\System\RSyCFza.exe
  2⤵
  PID:6524
- C:\Windows\System\hkKvBJF.exe
  C:\Windows\System\hkKvBJF.exe
  2⤵
  PID:6548
- C:\Windows\System\BbYLlYT.exe
  C:\Windows\System\BbYLlYT.exe
  2⤵
  PID:6576
- C:\Windows\System\qzIDMIu.exe
  C:\Windows\System\qzIDMIu.exe
  2⤵
  PID:6616
- C:\Windows\System\uRePBYT.exe
  C:\Windows\System\uRePBYT.exe
  2⤵
  PID:6636
- C:\Windows\System\PGAHYwj.exe
  C:\Windows\System\PGAHYwj.exe
  2⤵
  PID:6660
- C:\Windows\System\jAFxFcO.exe
  C:\Windows\System\jAFxFcO.exe
  2⤵
  PID:6680
- C:\Windows\System\GBflrCC.exe
  C:\Windows\System\GBflrCC.exe
  2⤵
  PID:6704
- C:\Windows\System\uYUWxLJ.exe
  C:\Windows\System\uYUWxLJ.exe
  2⤵
  PID:6724
- C:\Windows\System\emcAygX.exe
  C:\Windows\System\emcAygX.exe
  2⤵
  PID:6752
- C:\Windows\System\MKoCYxM.exe
  C:\Windows\System\MKoCYxM.exe
  2⤵
  PID:6780
- C:\Windows\System\ieuvvFp.exe
  C:\Windows\System\ieuvvFp.exe
  2⤵
  PID:6800
- C:\Windows\System\DiPIwev.exe
  C:\Windows\System\DiPIwev.exe
  2⤵
  PID:6824
- C:\Windows\System\XFMTIBM.exe
  C:\Windows\System\XFMTIBM.exe
  2⤵
  PID:6844
- C:\Windows\System\yLElokr.exe
  C:\Windows\System\yLElokr.exe
  2⤵
  PID:6864
- C:\Windows\System\kyXTQJX.exe
  C:\Windows\System\kyXTQJX.exe
  2⤵
  PID:6920
- C:\Windows\System\sItYbQi.exe
  C:\Windows\System\sItYbQi.exe
  2⤵
  PID:6940
- C:\Windows\System\SxrsHDK.exe
  C:\Windows\System\SxrsHDK.exe
  2⤵
  PID:6980
- C:\Windows\System\RcCQRUY.exe
  C:\Windows\System\RcCQRUY.exe
  2⤵
  PID:6996
- C:\Windows\System\bVbjHYu.exe
  C:\Windows\System\bVbjHYu.exe
  2⤵
  PID:7056
- C:\Windows\System\IaHUqLY.exe
  C:\Windows\System\IaHUqLY.exe
  2⤵
  PID:7084
- C:\Windows\System\rvYugqv.exe
  C:\Windows\System\rvYugqv.exe
  2⤵
  PID:7108
- C:\Windows\System\TlIIwqg.exe
  C:\Windows\System\TlIIwqg.exe
  2⤵
  PID:7128
- C:\Windows\System\PpVBJgI.exe
  C:\Windows\System\PpVBJgI.exe
  2⤵
  PID:7148
- C:\Windows\System\TyBlBFz.exe
  C:\Windows\System\TyBlBFz.exe
  2⤵
  PID:5036
- C:\Windows\System\KJQFqTO.exe
  C:\Windows\System\KJQFqTO.exe
  2⤵
  PID:6244
- C:\Windows\System\gBJEfwZ.exe
  C:\Windows\System\gBJEfwZ.exe
  2⤵
  PID:6292
- C:\Windows\System\mOIsyxp.exe
  C:\Windows\System\mOIsyxp.exe
  2⤵
  PID:6364
- C:\Windows\System\xpyCpUX.exe
  C:\Windows\System\xpyCpUX.exe
  2⤵
  PID:6376
- C:\Windows\System\ZdnfvsI.exe
  C:\Windows\System\ZdnfvsI.exe
  2⤵
  PID:6436
- C:\Windows\System\jBZzSze.exe
  C:\Windows\System\jBZzSze.exe
  2⤵
  PID:6532
- C:\Windows\System\kkJonND.exe
  C:\Windows\System\kkJonND.exe
  2⤵
  PID:6604
- C:\Windows\System\GdUoOlS.exe
  C:\Windows\System\GdUoOlS.exe
  2⤵
  PID:6644
- C:\Windows\System\uJpmKfa.exe
  C:\Windows\System\uJpmKfa.exe
  2⤵
  PID:6772
- C:\Windows\System\tKQNWLa.exe
  C:\Windows\System\tKQNWLa.exe
  2⤵
  PID:6872
- C:\Windows\System\HZrXtlv.exe
  C:\Windows\System\HZrXtlv.exe
  2⤵
  PID:6936
- C:\Windows\System\IrIUqyF.exe
  C:\Windows\System\IrIUqyF.exe
  2⤵
  PID:7016
- C:\Windows\System\IsDBVuq.exe
  C:\Windows\System\IsDBVuq.exe
  2⤵
  PID:6992
- C:\Windows\System\tFVhemB.exe
  C:\Windows\System\tFVhemB.exe
  2⤵
  PID:7012
- C:\Windows\System\EsDuJKD.exe
  C:\Windows\System\EsDuJKD.exe
  2⤵
  PID:7164
- C:\Windows\System\jPwogZZ.exe
  C:\Windows\System\jPwogZZ.exe
  2⤵
  PID:6224
- C:\Windows\System\vCFXXQb.exe
  C:\Windows\System\vCFXXQb.exe
  2⤵
  PID:6512
- C:\Windows\System\raNIoMF.exe
  C:\Windows\System\raNIoMF.exe
  2⤵
  PID:6744
- C:\Windows\System\PvNGhhc.exe
  C:\Windows\System\PvNGhhc.exe
  2⤵
  PID:6860
- C:\Windows\System\qCqZqQC.exe
  C:\Windows\System\qCqZqQC.exe
  2⤵
  PID:6976
- C:\Windows\System\wOBNqAP.exe
  C:\Windows\System\wOBNqAP.exe
  2⤵
  PID:7028
- C:\Windows\System\mOFlsAR.exe
  C:\Windows\System\mOFlsAR.exe
  2⤵
  PID:6540
- C:\Windows\System\VCIpsYW.exe
  C:\Windows\System\VCIpsYW.exe
  2⤵
  PID:6904
- C:\Windows\System\DsWdtvS.exe
  C:\Windows\System\DsWdtvS.exe
  2⤵
  PID:6896
- C:\Windows\System\yZnmGWx.exe
  C:\Windows\System\yZnmGWx.exe
  2⤵
  PID:6220
- C:\Windows\System\DbDYwZJ.exe
  C:\Windows\System\DbDYwZJ.exe
  2⤵
  PID:7212
- C:\Windows\System\epobRMi.exe
  C:\Windows\System\epobRMi.exe
  2⤵
  PID:7252
- C:\Windows\System\MpMhffG.exe
  C:\Windows\System\MpMhffG.exe
  2⤵
  PID:7272
- C:\Windows\System\nikgKuu.exe
  C:\Windows\System\nikgKuu.exe
  2⤵
  PID:7296
- C:\Windows\System\akhtfLx.exe
  C:\Windows\System\akhtfLx.exe
  2⤵
  PID:7336
- C:\Windows\System\zyKnkPe.exe
  C:\Windows\System\zyKnkPe.exe
  2⤵
  PID:7360
- C:\Windows\System\ZuiFDlp.exe
  C:\Windows\System\ZuiFDlp.exe
  2⤵
  PID:7376
- C:\Windows\System\FVhYPET.exe
  C:\Windows\System\FVhYPET.exe
  2⤵
  PID:7412
- C:\Windows\System\TqVmhVB.exe
  C:\Windows\System\TqVmhVB.exe
  2⤵
  PID:7428
- C:\Windows\System\FkUGCbN.exe
  C:\Windows\System\FkUGCbN.exe
  2⤵
  PID:7456
- C:\Windows\System\WARVauL.exe
  C:\Windows\System\WARVauL.exe
  2⤵
  PID:7480
- C:\Windows\System\iKdabkH.exe
  C:\Windows\System\iKdabkH.exe
  2⤵
  PID:7500
- C:\Windows\System\XYypBIx.exe
  C:\Windows\System\XYypBIx.exe
  2⤵
  PID:7524
- C:\Windows\System\XCWonnu.exe
  C:\Windows\System\XCWonnu.exe
  2⤵
  PID:7576
- C:\Windows\System\djBQjTa.exe
  C:\Windows\System\djBQjTa.exe
  2⤵
  PID:7616
- C:\Windows\System\mlPKbYY.exe
  C:\Windows\System\mlPKbYY.exe
  2⤵
  PID:7632
- C:\Windows\System\MZVBQlL.exe
  C:\Windows\System\MZVBQlL.exe
  2⤵
  PID:7672
- C:\Windows\System\jiaZTKl.exe
  C:\Windows\System\jiaZTKl.exe
  2⤵
  PID:7720
- C:\Windows\System\LvutsUY.exe
  C:\Windows\System\LvutsUY.exe
  2⤵
  PID:7740
- C:\Windows\System\pBxrCWS.exe
  C:\Windows\System\pBxrCWS.exe
  2⤵
  PID:7760
- C:\Windows\System\zahJcha.exe
  C:\Windows\System\zahJcha.exe
  2⤵
  PID:7784
- C:\Windows\System\ShnYTSC.exe
  C:\Windows\System\ShnYTSC.exe
  2⤵
  PID:7828
- C:\Windows\System\MZAISwJ.exe
  C:\Windows\System\MZAISwJ.exe
  2⤵
  PID:7852
- C:\Windows\System\kHOfdsF.exe
  C:\Windows\System\kHOfdsF.exe
  2⤵
  PID:7892
- C:\Windows\System\MDbBUOa.exe
  C:\Windows\System\MDbBUOa.exe
  2⤵
  PID:7912
- C:\Windows\System\ByASWdg.exe
  C:\Windows\System\ByASWdg.exe
  2⤵
  PID:7936
- C:\Windows\System\ODukEDQ.exe
  C:\Windows\System\ODukEDQ.exe
  2⤵
  PID:7976
- C:\Windows\System\yIhLutE.exe
  C:\Windows\System\yIhLutE.exe
  2⤵
  PID:7992
- C:\Windows\System\JQKJoWV.exe
  C:\Windows\System\JQKJoWV.exe
  2⤵
  PID:8008
- C:\Windows\System\cVhLSpx.exe
  C:\Windows\System\cVhLSpx.exe
  2⤵
  PID:8040
- C:\Windows\System\rANlYoE.exe
  C:\Windows\System\rANlYoE.exe
  2⤵
  PID:8068
- C:\Windows\System\OURXmCH.exe
  C:\Windows\System\OURXmCH.exe
  2⤵
  PID:8096
- C:\Windows\System\CuXKYTh.exe
  C:\Windows\System\CuXKYTh.exe
  2⤵
  PID:8140
- C:\Windows\System\COwDxal.exe
  C:\Windows\System\COwDxal.exe
  2⤵
  PID:8168
- C:\Windows\System\KHoNiQY.exe
  C:\Windows\System\KHoNiQY.exe
  2⤵
  PID:6716
- C:\Windows\System\ZCIvvTt.exe
  C:\Windows\System\ZCIvvTt.exe
  2⤵
  PID:7188
- C:\Windows\System\bNNbWcG.exe
  C:\Windows\System\bNNbWcG.exe
  2⤵
  PID:7288
- C:\Windows\System\VqJFsrk.exe
  C:\Windows\System\VqJFsrk.exe
  2⤵
  PID:7312
- C:\Windows\System\cSqeHAi.exe
  C:\Windows\System\cSqeHAi.exe
  2⤵
  PID:7420
- C:\Windows\System\BwtfePy.exe
  C:\Windows\System\BwtfePy.exe
  2⤵
  PID:7464
- C:\Windows\System\KVLjVjb.exe
  C:\Windows\System\KVLjVjb.exe
  2⤵
  PID:7492
- C:\Windows\System\BWAnOcn.exe
  C:\Windows\System\BWAnOcn.exe
  2⤵
  PID:7608
- C:\Windows\System\SiQdHyn.exe
  C:\Windows\System\SiQdHyn.exe
  2⤵
  PID:7656
- C:\Windows\System\yBIofov.exe
  C:\Windows\System\yBIofov.exe
  2⤵
  PID:7680
- C:\Windows\System\lsewwEk.exe
  C:\Windows\System\lsewwEk.exe
  2⤵
  PID:7732
- C:\Windows\System\KudboOQ.exe
  C:\Windows\System\KudboOQ.exe
  2⤵
  PID:7868
- C:\Windows\System\GhCOdpO.exe
  C:\Windows\System\GhCOdpO.exe
  2⤵
  PID:7956
- C:\Windows\System\cmRlboS.exe
  C:\Windows\System\cmRlboS.exe
  2⤵
  PID:8004
- C:\Windows\System\eGiCfzZ.exe
  C:\Windows\System\eGiCfzZ.exe
  2⤵
  PID:8080
- C:\Windows\System\uKWCcxU.exe
  C:\Windows\System\uKWCcxU.exe
  2⤵
  PID:8032
- C:\Windows\System\oMRVNux.exe
  C:\Windows\System\oMRVNux.exe
  2⤵
  PID:8164
- C:\Windows\System\aKbxcUx.exe
  C:\Windows\System\aKbxcUx.exe
  2⤵
  PID:8184
- C:\Windows\System\SqoxmWh.exe
  C:\Windows\System\SqoxmWh.exe
  2⤵
  PID:7248
- C:\Windows\System\vvpUJqy.exe
  C:\Windows\System\vvpUJqy.exe
  2⤵
  PID:7324
- C:\Windows\System\DJIzUjT.exe
  C:\Windows\System\DJIzUjT.exe
  2⤵
  PID:7768
- C:\Windows\System\NVVtGDg.exe
  C:\Windows\System\NVVtGDg.exe
  2⤵
  PID:7904
- C:\Windows\System\gLcoifY.exe
  C:\Windows\System\gLcoifY.exe
  2⤵
  PID:8064
- C:\Windows\System\pyxjpBz.exe
  C:\Windows\System\pyxjpBz.exe
  2⤵
  PID:7452
- C:\Windows\System\fDZNkec.exe
  C:\Windows\System\fDZNkec.exe
  2⤵
  PID:7264
- C:\Windows\System\derurRk.exe
  C:\Windows\System\derurRk.exe
  2⤵
  PID:7908
- C:\Windows\System\oFfjrYl.exe
  C:\Windows\System\oFfjrYl.exe
  2⤵
  PID:5008
- C:\Windows\System\SsZJYhI.exe
  C:\Windows\System\SsZJYhI.exe
  2⤵
  PID:8208
- C:\Windows\System\nfRdgfv.exe
  C:\Windows\System\nfRdgfv.exe
  2⤵
  PID:8240
- C:\Windows\System\vIYqnKr.exe
  C:\Windows\System\vIYqnKr.exe
  2⤵
  PID:8260
- C:\Windows\System\HHOVrTQ.exe
  C:\Windows\System\HHOVrTQ.exe
  2⤵
  PID:8312
- C:\Windows\System\fgGUKgb.exe
  C:\Windows\System\fgGUKgb.exe
  2⤵
  PID:8336
- C:\Windows\System\FfbZbXt.exe
  C:\Windows\System\FfbZbXt.exe
  2⤵
  PID:8368
- C:\Windows\System\yADovXo.exe
  C:\Windows\System\yADovXo.exe
  2⤵
  PID:8392
- C:\Windows\System\iEITrlC.exe
  C:\Windows\System\iEITrlC.exe
  2⤵
  PID:8412
- C:\Windows\System\xZsVHBm.exe
  C:\Windows\System\xZsVHBm.exe
  2⤵
  PID:8440
- C:\Windows\System\VLoYEOV.exe
  C:\Windows\System\VLoYEOV.exe
  2⤵
  PID:8464
- C:\Windows\System\jycNrgN.exe
  C:\Windows\System\jycNrgN.exe
  2⤵
  PID:8492
- C:\Windows\System\iKHCZZj.exe
  C:\Windows\System\iKHCZZj.exe
  2⤵
  PID:8536
- C:\Windows\System\pUDAXuv.exe
  C:\Windows\System\pUDAXuv.exe
  2⤵
  PID:8560
- C:\Windows\System\pADlLts.exe
  C:\Windows\System\pADlLts.exe
  2⤵
  PID:8580
- C:\Windows\System\NPHSXBY.exe
  C:\Windows\System\NPHSXBY.exe
  2⤵
  PID:8608
- C:\Windows\System\vgcQGwl.exe
  C:\Windows\System\vgcQGwl.exe
  2⤵
  PID:8632
- C:\Windows\System\qYCIueM.exe
  C:\Windows\System\qYCIueM.exe
  2⤵
  PID:8656
- C:\Windows\System\FePVbWa.exe
  C:\Windows\System\FePVbWa.exe
  2⤵
  PID:8676
- C:\Windows\System\BnjlLSR.exe
  C:\Windows\System\BnjlLSR.exe
  2⤵
  PID:8708
- C:\Windows\System\QDVMFcQ.exe
  C:\Windows\System\QDVMFcQ.exe
  2⤵
  PID:8732
- C:\Windows\System\RchGoNQ.exe
  C:\Windows\System\RchGoNQ.exe
  2⤵
  PID:8760
- C:\Windows\System\mGhhDjf.exe
  C:\Windows\System\mGhhDjf.exe
  2⤵
  PID:8812
- C:\Windows\System\XeYKDwB.exe
  C:\Windows\System\XeYKDwB.exe
  2⤵
  PID:8840
- C:\Windows\System\VGzwJOq.exe
  C:\Windows\System\VGzwJOq.exe
  2⤵
  PID:8860
- C:\Windows\System\YajpzNo.exe
  C:\Windows\System\YajpzNo.exe
  2⤵
  PID:8888
- C:\Windows\System\hQtVeEy.exe
  C:\Windows\System\hQtVeEy.exe
  2⤵
  PID:8912
- C:\Windows\System\pEJUYmQ.exe
  C:\Windows\System\pEJUYmQ.exe
  2⤵
  PID:8956
- C:\Windows\System\GASmoGa.exe
  C:\Windows\System\GASmoGa.exe
  2⤵
  PID:8980
- C:\Windows\System\MsXLjpb.exe
  C:\Windows\System\MsXLjpb.exe
  2⤵
  PID:8996
- C:\Windows\System\NpxIdVy.exe
  C:\Windows\System\NpxIdVy.exe
  2⤵
  PID:9040
- C:\Windows\System\thsiyMr.exe
  C:\Windows\System\thsiyMr.exe
  2⤵
  PID:9056
- C:\Windows\System\xUhneLa.exe
  C:\Windows\System\xUhneLa.exe
  2⤵
  PID:9072
- C:\Windows\System\TMWzyrU.exe
  C:\Windows\System\TMWzyrU.exe
  2⤵
  PID:9120
- C:\Windows\System\mZbYkRg.exe
  C:\Windows\System\mZbYkRg.exe
  2⤵
  PID:9140
- C:\Windows\System\pSeECzx.exe
  C:\Windows\System\pSeECzx.exe
  2⤵
  PID:9180
- C:\Windows\System\aEbOAVq.exe
  C:\Windows\System\aEbOAVq.exe
  2⤵
  PID:9200
- C:\Windows\System\uWTWJpv.exe
  C:\Windows\System\uWTWJpv.exe
  2⤵
  PID:7924
- C:\Windows\System\arlnbvF.exe
  C:\Windows\System\arlnbvF.exe
  2⤵
  PID:8216
- C:\Windows\System\lDxLtor.exe
  C:\Windows\System\lDxLtor.exe
  2⤵
  PID:8268
- C:\Windows\System\XQrNTOK.exe
  C:\Windows\System\XQrNTOK.exe
  2⤵
  PID:8424
- C:\Windows\System\COhdMof.exe
  C:\Windows\System\COhdMof.exe
  2⤵
  PID:8432
- C:\Windows\System\aJovvSY.exe
  C:\Windows\System\aJovvSY.exe
  2⤵
  PID:8508
- C:\Windows\System\jfFCWGI.exe
  C:\Windows\System\jfFCWGI.exe
  2⤵
  PID:8588
- C:\Windows\System\GOUrPMa.exe
  C:\Windows\System\GOUrPMa.exe
  2⤵
  PID:8672
- C:\Windows\System\CpihVih.exe
  C:\Windows\System\CpihVih.exe
  2⤵
  PID:8716
- C:\Windows\System\SWdpqDl.exe
  C:\Windows\System\SWdpqDl.exe
  2⤵
  PID:8776
- C:\Windows\System\QouFCPS.exe
  C:\Windows\System\QouFCPS.exe
  2⤵
  PID:8820
- C:\Windows\System\DpsMhut.exe
  C:\Windows\System\DpsMhut.exe
  2⤵
  PID:8852
- C:\Windows\System\nIRbxCv.exe
  C:\Windows\System\nIRbxCv.exe
  2⤵
  PID:8932
- C:\Windows\System\rfGCLMu.exe
  C:\Windows\System\rfGCLMu.exe
  2⤵
  PID:2712
- C:\Windows\System\pkNJdCk.exe
  C:\Windows\System\pkNJdCk.exe
  2⤵
  PID:2600
- C:\Windows\System\KKNAHNd.exe
  C:\Windows\System\KKNAHNd.exe
  2⤵
  PID:9068
- C:\Windows\System\KNONVBU.exe
  C:\Windows\System\KNONVBU.exe
  2⤵
  PID:9188
- C:\Windows\System\bkhvxIW.exe
  C:\Windows\System\bkhvxIW.exe
  2⤵
  PID:8220
- C:\Windows\System\FCpfGbz.exe
  C:\Windows\System\FCpfGbz.exe
  2⤵
  PID:8376
- C:\Windows\System\QmIMpLN.exe
  C:\Windows\System\QmIMpLN.exe
  2⤵
  PID:8528
- C:\Windows\System\FaefCPT.exe
  C:\Windows\System\FaefCPT.exe
  2⤵
  PID:8600
- C:\Windows\System\TxmVcGZ.exe
  C:\Windows\System\TxmVcGZ.exe
  2⤵
  PID:8688
- C:\Windows\System\ZgRRupm.exe
  C:\Windows\System\ZgRRupm.exe
  2⤵
  PID:8792
- C:\Windows\System\MtHRBjo.exe
  C:\Windows\System\MtHRBjo.exe
  2⤵
  PID:8928
- C:\Windows\System\BLwgUsK.exe
  C:\Windows\System\BLwgUsK.exe
  2⤵
  PID:9128
- C:\Windows\System\LEDSzJH.exe
  C:\Windows\System\LEDSzJH.exe
  2⤵
  PID:9156
- C:\Windows\System\jUfnGzx.exe
  C:\Windows\System\jUfnGzx.exe
  2⤵
  PID:8200
- C:\Windows\System\eWfjRwI.exe
  C:\Windows\System\eWfjRwI.exe
  2⤵
  PID:8740
- C:\Windows\System\mLeeSwQ.exe
  C:\Windows\System\mLeeSwQ.exe
  2⤵
  PID:8796
- C:\Windows\System\WbeYVoM.exe
  C:\Windows\System\WbeYVoM.exe
  2⤵
  PID:8308
- C:\Windows\System\EHJYxcy.exe
  C:\Windows\System\EHJYxcy.exe
  2⤵
  PID:9244
- C:\Windows\System\yLcPXIQ.exe
  C:\Windows\System\yLcPXIQ.exe
  2⤵
  PID:9272
- C:\Windows\System\qwOdKMT.exe
  C:\Windows\System\qwOdKMT.exe
  2⤵
  PID:9296
- C:\Windows\System\cKhVMNd.exe
  C:\Windows\System\cKhVMNd.exe
  2⤵
  PID:9316
- C:\Windows\System\eoboqJp.exe
  C:\Windows\System\eoboqJp.exe
  2⤵
  PID:9344
- C:\Windows\System\TmJQRfT.exe
  C:\Windows\System\TmJQRfT.exe
  2⤵
  PID:9464
- C:\Windows\System\ZTlJzRD.exe
  C:\Windows\System\ZTlJzRD.exe
  2⤵
  PID:9532
- C:\Windows\System\RTnyUqF.exe
  C:\Windows\System\RTnyUqF.exe
  2⤵
  PID:9552
- C:\Windows\System\svJqHRS.exe
  C:\Windows\System\svJqHRS.exe
  2⤵
  PID:9568
- C:\Windows\System\bXIKSHE.exe
  C:\Windows\System\bXIKSHE.exe
  2⤵
  PID:9584
- C:\Windows\System\GFfWPtR.exe
  C:\Windows\System\GFfWPtR.exe
  2⤵
  PID:9600
- C:\Windows\System\KYktEeL.exe
  C:\Windows\System\KYktEeL.exe
  2⤵
  PID:9616
- C:\Windows\System\JrqYlTx.exe
  C:\Windows\System\JrqYlTx.exe
  2⤵
  PID:9632
- C:\Windows\System\kqLiCkQ.exe
  C:\Windows\System\kqLiCkQ.exe
  2⤵
  PID:9648
- C:\Windows\System\weeEGeo.exe
  C:\Windows\System\weeEGeo.exe
  2⤵
  PID:9664
- C:\Windows\System\iTuZGiW.exe
  C:\Windows\System\iTuZGiW.exe
  2⤵
  PID:9680
- C:\Windows\System\jRfSqSv.exe
  C:\Windows\System\jRfSqSv.exe
  2⤵
  PID:9700
- C:\Windows\System\AtpVCtn.exe
  C:\Windows\System\AtpVCtn.exe
  2⤵
  PID:9740
- C:\Windows\System\ntfTJfi.exe
  C:\Windows\System\ntfTJfi.exe
  2⤵
  PID:9832
- C:\Windows\System\osPSDIn.exe
  C:\Windows\System\osPSDIn.exe
  2⤵
  PID:9856
- C:\Windows\System\ORsACbX.exe
  C:\Windows\System\ORsACbX.exe
  2⤵
  PID:9924
- C:\Windows\System\rtbfFnV.exe
  C:\Windows\System\rtbfFnV.exe
  2⤵
  PID:10000
- C:\Windows\System\tLKicuk.exe
  C:\Windows\System\tLKicuk.exe
  2⤵
  PID:10024
- C:\Windows\System\YJURVtl.exe
  C:\Windows\System\YJURVtl.exe
  2⤵
  PID:10064
- C:\Windows\System\sWraMqF.exe
  C:\Windows\System\sWraMqF.exe
  2⤵
  PID:10080
- C:\Windows\System\fhMAdEn.exe
  C:\Windows\System\fhMAdEn.exe
  2⤵
  PID:10104
- C:\Windows\System\wsYYLMx.exe
  C:\Windows\System\wsYYLMx.exe
  2⤵
  PID:10144
- C:\Windows\System\emPuCaf.exe
  C:\Windows\System\emPuCaf.exe
  2⤵
  PID:10168
- C:\Windows\System\OsApwkJ.exe
  C:\Windows\System\OsApwkJ.exe
  2⤵
  PID:10184
- C:\Windows\System\GSqpzJr.exe
  C:\Windows\System\GSqpzJr.exe
  2⤵
  PID:10204
- C:\Windows\System\sbqBNcp.exe
  C:\Windows\System\sbqBNcp.exe
  2⤵
  PID:9116
- C:\Windows\System\DJSrrVB.exe
  C:\Windows\System\DJSrrVB.exe
  2⤵
  PID:9324
- C:\Windows\System\vNSWKKF.exe
  C:\Windows\System\vNSWKKF.exe
  2⤵
  PID:9292
- C:\Windows\System\EqHzYlC.exe
  C:\Windows\System\EqHzYlC.exe
  2⤵
  PID:9444
- C:\Windows\System\PXTUIjN.exe
  C:\Windows\System\PXTUIjN.exe
  2⤵
  PID:9496
- C:\Windows\System\UcBCIEQ.exe
  C:\Windows\System\UcBCIEQ.exe
  2⤵
  PID:9520
- C:\Windows\System\pPQOCFU.exe
  C:\Windows\System\pPQOCFU.exe
  2⤵
  PID:9396
- C:\Windows\System\hhbuKMv.exe
  C:\Windows\System\hhbuKMv.exe
  2⤵
  PID:9492
- C:\Windows\System\SPYDMYT.exe
  C:\Windows\System\SPYDMYT.exe
  2⤵
  PID:9512
- C:\Windows\System\plhfSRy.exe
  C:\Windows\System\plhfSRy.exe
  2⤵
  PID:9432
- C:\Windows\System\DuFSLGb.exe
  C:\Windows\System\DuFSLGb.exe
  2⤵
  PID:9608
- C:\Windows\System\JSZgObX.exe
  C:\Windows\System\JSZgObX.exe
  2⤵
  PID:9656
- C:\Windows\System\ORtfHhe.exe
  C:\Windows\System\ORtfHhe.exe
  2⤵
  PID:9708
- C:\Windows\System\xqvqxdl.exe
  C:\Windows\System\xqvqxdl.exe
  2⤵
  PID:9880
- C:\Windows\System\iYmBbPs.exe
  C:\Windows\System\iYmBbPs.exe
  2⤵
  PID:9968
- C:\Windows\System\iAJMBsb.exe
  C:\Windows\System\iAJMBsb.exe
  2⤵
  PID:9852
- C:\Windows\System\OOYobjT.exe
  C:\Windows\System\OOYobjT.exe
  2⤵
  PID:9976
- C:\Windows\System\oAQBXcd.exe
  C:\Windows\System\oAQBXcd.exe
  2⤵
  PID:10020
- C:\Windows\System\kWwmrnv.exe
  C:\Windows\System\kWwmrnv.exe
  2⤵
  PID:10060
- C:\Windows\System\dyKTpxn.exe
  C:\Windows\System\dyKTpxn.exe
  2⤵
  PID:10124
- C:\Windows\System\rusrsaA.exe
  C:\Windows\System\rusrsaA.exe
  2⤵
  PID:9252
- C:\Windows\System\opuqFPV.exe
  C:\Windows\System\opuqFPV.exe
  2⤵
  PID:9372
- C:\Windows\System\oMshmlu.exe
  C:\Windows\System\oMshmlu.exe
  2⤵
  PID:9340
- C:\Windows\System\aTCdKQc.exe
  C:\Windows\System\aTCdKQc.exe
  2⤵
  PID:9720
- C:\Windows\System\pUDTDDG.exe
  C:\Windows\System\pUDTDDG.exe
  2⤵
  PID:9544
- C:\Windows\System\cHKvRJH.exe
  C:\Windows\System\cHKvRJH.exe
  2⤵
  PID:9640
- C:\Windows\System\wIRVyka.exe
  C:\Windows\System\wIRVyka.exe
  2⤵
  PID:9940
- C:\Windows\System\umNXMCn.exe
  C:\Windows\System\umNXMCn.exe
  2⤵
  PID:10056
- C:\Windows\System\Nmrgdoo.exe
  C:\Windows\System\Nmrgdoo.exe
  2⤵
  PID:9288
- C:\Windows\System\lGVAHfk.exe
  C:\Windows\System\lGVAHfk.exe
  2⤵
  PID:9508
- C:\Windows\System\lEwjwYx.exe
  C:\Windows\System\lEwjwYx.exe
  2⤵
  PID:9644
- C:\Windows\System\pdpidMn.exe
  C:\Windows\System\pdpidMn.exe
  2⤵
  PID:9916
- C:\Windows\System\FuqVsBC.exe
  C:\Windows\System\FuqVsBC.exe
  2⤵
  PID:912
- C:\Windows\System\PyEGBtI.exe
  C:\Windows\System\PyEGBtI.exe
  2⤵
  PID:10152
- C:\Windows\System\OKdunci.exe
  C:\Windows\System\OKdunci.exe
  2⤵
  PID:10244
- C:\Windows\System\bveuAnG.exe
  C:\Windows\System\bveuAnG.exe
  2⤵
  PID:10260
- C:\Windows\System\JjDQIlL.exe
  C:\Windows\System\JjDQIlL.exe
  2⤵
  PID:10280
- C:\Windows\System\ONQnxRq.exe
  C:\Windows\System\ONQnxRq.exe
  2⤵
  PID:10304
- C:\Windows\System\mvEGMKv.exe
  C:\Windows\System\mvEGMKv.exe
  2⤵
  PID:10332
- C:\Windows\System\ousxaRb.exe
  C:\Windows\System\ousxaRb.exe
  2⤵
  PID:10348
- C:\Windows\System\QaWhXYy.exe
  C:\Windows\System\QaWhXYy.exe
  2⤵
  PID:10400
- C:\Windows\System\uBoYiHZ.exe
  C:\Windows\System\uBoYiHZ.exe
  2⤵
  PID:10432
- C:\Windows\System\HAbNRlU.exe
  C:\Windows\System\HAbNRlU.exe
  2⤵
  PID:10452
- C:\Windows\System\HPRELnh.exe
  C:\Windows\System\HPRELnh.exe
  2⤵
  PID:10476
- C:\Windows\System\fFJfyPy.exe
  C:\Windows\System\fFJfyPy.exe
  2⤵
  PID:10492
- C:\Windows\System\qpNLSWP.exe
  C:\Windows\System\qpNLSWP.exe
  2⤵
  PID:10528
- C:\Windows\System\KcyyZAZ.exe
  C:\Windows\System\KcyyZAZ.exe
  2⤵
  PID:10548
- C:\Windows\System\qzInRfH.exe
  C:\Windows\System\qzInRfH.exe
  2⤵
  PID:10580
- C:\Windows\System\kMBCuVR.exe
  C:\Windows\System\kMBCuVR.exe
  2⤵
  PID:10600
- C:\Windows\System\gaCEXSZ.exe
  C:\Windows\System\gaCEXSZ.exe
  2⤵
  PID:10620
- C:\Windows\System\XjSLDbH.exe
  C:\Windows\System\XjSLDbH.exe
  2⤵
  PID:10668
- C:\Windows\System\KwlukAY.exe
  C:\Windows\System\KwlukAY.exe
  2⤵
  PID:10688
- C:\Windows\System\ajxiguE.exe
  C:\Windows\System\ajxiguE.exe
  2⤵
  PID:10712
- C:\Windows\System\wflwjnh.exe
  C:\Windows\System\wflwjnh.exe
  2⤵
  PID:10756
- C:\Windows\System\yuKmbdB.exe
  C:\Windows\System\yuKmbdB.exe
  2⤵
  PID:10792
- C:\Windows\System\tNAUjkR.exe
  C:\Windows\System\tNAUjkR.exe
  2⤵
  PID:10824
- C:\Windows\System\xHtxSAB.exe
  C:\Windows\System\xHtxSAB.exe
  2⤵
  PID:10844
- C:\Windows\System\vwwQieR.exe
  C:\Windows\System\vwwQieR.exe
  2⤵
  PID:10868
- C:\Windows\System\qbAVQtH.exe
  C:\Windows\System\qbAVQtH.exe
  2⤵
  PID:10896
- C:\Windows\System\XzSrDfy.exe
  C:\Windows\System\XzSrDfy.exe
  2⤵
  PID:10916
- C:\Windows\System\oGqjeUj.exe
  C:\Windows\System\oGqjeUj.exe
  2⤵
  PID:10944
- C:\Windows\System\BYZBwtw.exe
  C:\Windows\System\BYZBwtw.exe
  2⤵
  PID:10980
- C:\Windows\System\KtieKwH.exe
  C:\Windows\System\KtieKwH.exe
  2⤵
  PID:11020
- C:\Windows\System\UWkqnPk.exe
  C:\Windows\System\UWkqnPk.exe
  2⤵
  PID:11080
- C:\Windows\System\tmmEmaE.exe
  C:\Windows\System\tmmEmaE.exe
  2⤵
  PID:11112
- C:\Windows\System\sXfxcyp.exe
  C:\Windows\System\sXfxcyp.exe
  2⤵
  PID:11128
- C:\Windows\System\zVOpurS.exe
  C:\Windows\System\zVOpurS.exe
  2⤵
  PID:11148
- C:\Windows\System\EcjlJTX.exe
  C:\Windows\System\EcjlJTX.exe
  2⤵
  PID:11172
- C:\Windows\System\kHdSOCH.exe
  C:\Windows\System\kHdSOCH.exe
  2⤵
  PID:11192
- C:\Windows\System\iNZPxIg.exe
  C:\Windows\System\iNZPxIg.exe
  2⤵
  PID:11212
- C:\Windows\System\RZwgpvp.exe
  C:\Windows\System\RZwgpvp.exe
  2⤵
  PID:11248
- C:\Windows\System\KwsGoOb.exe
  C:\Windows\System\KwsGoOb.exe
  2⤵
  PID:10256
- C:\Windows\System\wQvuhFE.exe
  C:\Windows\System\wQvuhFE.exe
  2⤵
  PID:10300
- C:\Windows\System\MkiCsEr.exe
  C:\Windows\System\MkiCsEr.exe
  2⤵
  PID:10368
- C:\Windows\System\tmwgcpw.exe
  C:\Windows\System\tmwgcpw.exe
  2⤵
  PID:10424
- C:\Windows\System\SHWyqUS.exe
  C:\Windows\System\SHWyqUS.exe
  2⤵
  PID:10516
- C:\Windows\System\QkLfPAf.exe
  C:\Windows\System\QkLfPAf.exe
  2⤵
  PID:10484
- C:\Windows\System\WvrsJBi.exe
  C:\Windows\System\WvrsJBi.exe
  2⤵
  PID:10656
- C:\Windows\System\tHjdfbL.exe
  C:\Windows\System\tHjdfbL.exe
  2⤵
  PID:10680
- C:\Windows\System\iqPPHGj.exe
  C:\Windows\System\iqPPHGj.exe
  2⤵
  PID:10744
- C:\Windows\System\YojKSPp.exe
  C:\Windows\System\YojKSPp.exe
  2⤵
  PID:10812
- C:\Windows\System\uKnECsk.exe
  C:\Windows\System\uKnECsk.exe
  2⤵
  PID:10960
- C:\Windows\System\CsLFSmo.exe
  C:\Windows\System\CsLFSmo.exe
  2⤵
  PID:10988
- C:\Windows\System\CukPHvu.exe
  C:\Windows\System\CukPHvu.exe
  2⤵
  PID:11104
- C:\Windows\System\VCfgjDg.exe
  C:\Windows\System\VCfgjDg.exe
  2⤵
  PID:11100
- C:\Windows\System\UyqvmhO.exe
  C:\Windows\System\UyqvmhO.exe
  2⤵
  PID:11184
- C:\Windows\System\TMBelYf.exe
  C:\Windows\System\TMBelYf.exe
  2⤵
  PID:11232
- C:\Windows\System\lnWeqmz.exe
  C:\Windows\System\lnWeqmz.exe
  2⤵
  PID:10296
- C:\Windows\System\wnUctNd.exe
  C:\Windows\System\wnUctNd.exe
  2⤵
  PID:10412
- C:\Windows\System\lQDTKgc.exe
  C:\Windows\System\lQDTKgc.exe
  2⤵
  PID:10644
- C:\Windows\System\FzkfCFb.exe
  C:\Windows\System\FzkfCFb.exe
  2⤵
  PID:10556
- C:\Windows\System\vkijoPm.exe
  C:\Windows\System\vkijoPm.exe
  2⤵
  PID:10840
- C:\Windows\System\uEZYhwi.exe
  C:\Windows\System\uEZYhwi.exe
  2⤵
  PID:10936
- C:\Windows\System\mLPQDTD.exe
  C:\Windows\System\mLPQDTD.exe
  2⤵
  PID:11124
- C:\Windows\System\dzbWhyV.exe
  C:\Windows\System\dzbWhyV.exe
  2⤵
  PID:10544
- C:\Windows\System\BqYVADK.exe
  C:\Windows\System\BqYVADK.exe
  2⤵
  PID:10740
- C:\Windows\System\feyArlK.exe
  C:\Windows\System\feyArlK.exe
  2⤵
  PID:10908
- C:\Windows\System\MTEjLps.exe
  C:\Windows\System\MTEjLps.exe
  2⤵
  PID:11288
- C:\Windows\System\IZBSDjt.exe
  C:\Windows\System\IZBSDjt.exe
  2⤵
  PID:11316
- C:\Windows\System\ngvvJgi.exe
  C:\Windows\System\ngvvJgi.exe
  2⤵
  PID:11348
- C:\Windows\System\oQOXZaG.exe
  C:\Windows\System\oQOXZaG.exe
  2⤵
  PID:11376
- C:\Windows\System\HwuiDEB.exe
  C:\Windows\System\HwuiDEB.exe
  2⤵
  PID:11404
- C:\Windows\System\vAcMxYv.exe
  C:\Windows\System\vAcMxYv.exe
  2⤵
  PID:11432
- C:\Windows\System\TcwhNzX.exe
  C:\Windows\System\TcwhNzX.exe
  2⤵
  PID:11452
- C:\Windows\System\GhzyQIm.exe
  C:\Windows\System\GhzyQIm.exe
  2⤵
  PID:11480
- C:\Windows\System\DJzIsZo.exe
  C:\Windows\System\DJzIsZo.exe
  2⤵
  PID:11500
- C:\Windows\System\daopaPs.exe
  C:\Windows\System\daopaPs.exe
  2⤵
  PID:11580
- C:\Windows\System\ughHZqE.exe
  C:\Windows\System\ughHZqE.exe
  2⤵
  PID:11596
- C:\Windows\System\BXVPMKG.exe
  C:\Windows\System\BXVPMKG.exe
  2⤵
  PID:11616
- C:\Windows\System\NNGlQjh.exe
  C:\Windows\System\NNGlQjh.exe
  2⤵
  PID:11640
- C:\Windows\System\bkUmJmV.exe
  C:\Windows\System\bkUmJmV.exe
  2⤵
  PID:11664
- C:\Windows\System\PpnvvPK.exe
  C:\Windows\System\PpnvvPK.exe
  2⤵
  PID:11692
- C:\Windows\System\riYRzWw.exe
  C:\Windows\System\riYRzWw.exe
  2⤵
  PID:11712
- C:\Windows\System\OIkSoaU.exe
  C:\Windows\System\OIkSoaU.exe
  2⤵
  PID:11732
- C:\Windows\System\SVdaULN.exe
  C:\Windows\System\SVdaULN.exe
  2⤵
  PID:11760
- C:\Windows\System\PestCqK.exe
  C:\Windows\System\PestCqK.exe
  2⤵
  PID:11784
- C:\Windows\System\qLxxlkR.exe
  C:\Windows\System\qLxxlkR.exe
  2⤵
  PID:11804
- C:\Windows\System\QyrrpIR.exe
  C:\Windows\System\QyrrpIR.exe
  2⤵
  PID:11824
- C:\Windows\System\idyewEb.exe
  C:\Windows\System\idyewEb.exe
  2⤵
  PID:11844
- C:\Windows\System\BgKglRP.exe
  C:\Windows\System\BgKglRP.exe
  2⤵
  PID:11864
- C:\Windows\System\bwYZYRk.exe
  C:\Windows\System\bwYZYRk.exe
  2⤵
  PID:11920
- C:\Windows\System\viaiuvw.exe
  C:\Windows\System\viaiuvw.exe
  2⤵
  PID:11956
- C:\Windows\System\bclBptA.exe
  C:\Windows\System\bclBptA.exe
  2⤵
  PID:11980
- C:\Windows\System\BdbTlFT.exe
  C:\Windows\System\BdbTlFT.exe
  2⤵
  PID:12004
- C:\Windows\System\RrjqDcp.exe
  C:\Windows\System\RrjqDcp.exe
  2⤵
  PID:12024
- C:\Windows\System\sNydLuQ.exe
  C:\Windows\System\sNydLuQ.exe
  2⤵
  PID:12068
- C:\Windows\System\gwqfxcF.exe
  C:\Windows\System\gwqfxcF.exe
  2⤵
  PID:12096
- C:\Windows\System\qYNKhtp.exe
  C:\Windows\System\qYNKhtp.exe
  2⤵
  PID:12124
- C:\Windows\System\rxGYfik.exe
  C:\Windows\System\rxGYfik.exe
  2⤵
  PID:12148
- C:\Windows\System\ZLeeofd.exe
  C:\Windows\System\ZLeeofd.exe
  2⤵
  PID:12168
- C:\Windows\System\KgyxIrJ.exe
  C:\Windows\System\KgyxIrJ.exe
  2⤵
  PID:12184
- C:\Windows\System\EnyAjLd.exe
  C:\Windows\System\EnyAjLd.exe
  2⤵
  PID:12232
- C:\Windows\System\qxFmWwk.exe
  C:\Windows\System\qxFmWwk.exe
  2⤵
  PID:12252
- C:\Windows\System\JWFoglm.exe
  C:\Windows\System\JWFoglm.exe
  2⤵
  PID:10364
- C:\Windows\System\aIytjBR.exe
  C:\Windows\System\aIytjBR.exe
  2⤵
  PID:1420
- C:\Windows\System\RBXVFcu.exe
  C:\Windows\System\RBXVFcu.exe
  2⤵
  PID:11304
- C:\Windows\System\lddCiUv.exe
  C:\Windows\System\lddCiUv.exe
  2⤵
  PID:11420
- C:\Windows\System\QFCsJYk.exe
  C:\Windows\System\QFCsJYk.exe
  2⤵
  PID:11444
- C:\Windows\System\ndTKzSv.exe
  C:\Windows\System\ndTKzSv.exe
  2⤵
  PID:10772
- C:\Windows\System\WHPWeEC.exe
  C:\Windows\System\WHPWeEC.exe
  2⤵
  PID:11612
- C:\Windows\System\etJXWfw.exe
  C:\Windows\System\etJXWfw.exe
  2⤵
  PID:11680
- C:\Windows\System\uEYjCUV.exe
  C:\Windows\System\uEYjCUV.exe
  2⤵
  PID:11748
- C:\Windows\System\FUqTOfw.exe
  C:\Windows\System\FUqTOfw.exe
  2⤵
  PID:11796
- C:\Windows\System\qyChMgg.exe
  C:\Windows\System\qyChMgg.exe
  2⤵
  PID:11876
- C:\Windows\System\AiuiVlZ.exe
  C:\Windows\System\AiuiVlZ.exe
  2⤵
  PID:11812
- C:\Windows\System\ZPwhkIP.exe
  C:\Windows\System\ZPwhkIP.exe
  2⤵
  PID:11900
- C:\Windows\System\CzSgCvS.exe
  C:\Windows\System\CzSgCvS.exe
  2⤵
  PID:11996
- C:\Windows\System\aHdYukj.exe
  C:\Windows\System\aHdYukj.exe
  2⤵
  PID:12048
- C:\Windows\System\PnEMQvb.exe
  C:\Windows\System\PnEMQvb.exe
  2⤵
  PID:12140
- C:\Windows\System\bnFZPxY.exe
  C:\Windows\System\bnFZPxY.exe
  2⤵
  PID:12212
- C:\Windows\System\gGQqbqV.exe
  C:\Windows\System\gGQqbqV.exe
  2⤵
  PID:12264
- C:\Windows\System\Vgwegfi.exe
  C:\Windows\System\Vgwegfi.exe
  2⤵
  PID:11300
- C:\Windows\System\NSxaLFD.exe
  C:\Windows\System\NSxaLFD.exe
  2⤵
  PID:11440
- C:\Windows\System\fqaLZcp.exe
  C:\Windows\System\fqaLZcp.exe
  2⤵
  PID:11588
- C:\Windows\System\JLDNwtO.exe
  C:\Windows\System\JLDNwtO.exe
  2⤵
  PID:11704
- C:\Windows\System\CiIMtCI.exe
  C:\Windows\System\CiIMtCI.exe
  2⤵
  PID:11840
- C:\Windows\System\HzYiroL.exe
  C:\Windows\System\HzYiroL.exe
  2⤵
  PID:11912
- C:\Windows\System\qNIIspH.exe
  C:\Windows\System\qNIIspH.exe
  2⤵
  PID:12040
- C:\Windows\System\ATHQgwM.exe
  C:\Windows\System\ATHQgwM.exe
  2⤵
  PID:12248
- C:\Windows\System\WNBXGEc.exe
  C:\Windows\System\WNBXGEc.exe
  2⤵
  PID:11356
- C:\Windows\System\rJapWiz.exe
  C:\Windows\System\rJapWiz.exe
  2⤵
  PID:11280
- C:\Windows\System\Kmpkdun.exe
  C:\Windows\System\Kmpkdun.exe
  2⤵
  PID:11728
- C:\Windows\System\EcFaWvd.exe
  C:\Windows\System\EcFaWvd.exe
  2⤵
  PID:11972
- C:\Windows\System\KMEkfXk.exe
  C:\Windows\System\KMEkfXk.exe
  2⤵
  PID:12316
- C:\Windows\System\wHLpRmd.exe
  C:\Windows\System\wHLpRmd.exe
  2⤵
  PID:12336
- C:\Windows\System\OPrWeMO.exe
  C:\Windows\System\OPrWeMO.exe
  2⤵
  PID:12356
- C:\Windows\System\MnsUECY.exe
  C:\Windows\System\MnsUECY.exe
  2⤵
  PID:12384
- C:\Windows\System\pUeTbpO.exe
  C:\Windows\System\pUeTbpO.exe
  2⤵
  PID:12412
- C:\Windows\System\CIfZWic.exe
  C:\Windows\System\CIfZWic.exe
  2⤵
  PID:12440
- C:\Windows\System\NbHwTeT.exe
  C:\Windows\System\NbHwTeT.exe
  2⤵
  PID:12464
- C:\Windows\System\uvVGZPR.exe
  C:\Windows\System\uvVGZPR.exe
  2⤵
  PID:12488
- C:\Windows\System\vxqrImN.exe
  C:\Windows\System\vxqrImN.exe
  2⤵
  PID:12508
- C:\Windows\System\ATDeENv.exe
  C:\Windows\System\ATDeENv.exe
  2⤵
  PID:12528
- C:\Windows\System\WiuVzPB.exe
  C:\Windows\System\WiuVzPB.exe
  2⤵
  PID:12552
- C:\Windows\System\hqAymQI.exe
  C:\Windows\System\hqAymQI.exe
  2⤵
  PID:12588
- C:\Windows\System\mOzjrjc.exe
  C:\Windows\System\mOzjrjc.exe
  2⤵
  PID:12624
- C:\Windows\System\hUiNoNQ.exe
  C:\Windows\System\hUiNoNQ.exe
  2⤵
  PID:12656
- C:\Windows\System\pnkTrGW.exe
  C:\Windows\System\pnkTrGW.exe
  2⤵
  PID:12708
- C:\Windows\System\IMjWKFs.exe
  C:\Windows\System\IMjWKFs.exe
  2⤵
  PID:12744
- C:\Windows\System\eRbRBZe.exe
  C:\Windows\System\eRbRBZe.exe
  2⤵
  PID:12760
- C:\Windows\System\yGbTaLa.exe
  C:\Windows\System\yGbTaLa.exe
  2⤵
  PID:12780
- C:\Windows\System\NFVbGjy.exe
  C:\Windows\System\NFVbGjy.exe
  2⤵
  PID:12804
- C:\Windows\System\eXDhXDI.exe
  C:\Windows\System\eXDhXDI.exe
  2⤵
  PID:12824
- C:\Windows\System\BkXswvC.exe
  C:\Windows\System\BkXswvC.exe
  2⤵
  PID:12872
- C:\Windows\System\ohyqzQQ.exe
  C:\Windows\System\ohyqzQQ.exe
  2⤵
  PID:12892
- C:\Windows\System\vlOfcly.exe
  C:\Windows\System\vlOfcly.exe
  2⤵
  PID:12928
- C:\Windows\System\eqOnHcJ.exe
  C:\Windows\System\eqOnHcJ.exe
  2⤵
  PID:12944
- C:\Windows\System\qqYkcZR.exe
  C:\Windows\System\qqYkcZR.exe
  2⤵
  PID:12976
- C:\Windows\System\Dxdsbky.exe
  C:\Windows\System\Dxdsbky.exe
  2⤵
  PID:13008
- C:\Windows\System\VbwKihN.exe
  C:\Windows\System\VbwKihN.exe
  2⤵
  PID:13024
- C:\Windows\System\OmbuYsL.exe
  C:\Windows\System\OmbuYsL.exe
  2⤵
  PID:13048
- C:\Windows\System\FQWeyLF.exe
  C:\Windows\System\FQWeyLF.exe
  2⤵
  PID:13092
- C:\Windows\System\NRZKoJa.exe
  C:\Windows\System\NRZKoJa.exe
  2⤵
  PID:13120
- C:\Windows\System\zBKmWYE.exe
  C:\Windows\System\zBKmWYE.exe
  2⤵
  PID:13144
- C:\Windows\System\PzWaSge.exe
  C:\Windows\System\PzWaSge.exe
  2⤵
  PID:13168
- C:\Windows\System\upFkxhO.exe
  C:\Windows\System\upFkxhO.exe
  2⤵
  PID:13184
- C:\Windows\System\sJuxxvx.exe
  C:\Windows\System\sJuxxvx.exe
  2⤵
  PID:13204
- C:\Windows\System\sfwSPhy.exe
  C:\Windows\System\sfwSPhy.exe
  2⤵
  PID:13224
- C:\Windows\System\YmyRwCy.exe
  C:\Windows\System\YmyRwCy.exe
  2⤵
  PID:13264
- C:\Windows\System\sFcvAai.exe
  C:\Windows\System\sFcvAai.exe
  2⤵
  PID:12292
- C:\Windows\System\wufrQWU.exe
  C:\Windows\System\wufrQWU.exe
  2⤵
  PID:12364
- C:\Windows\System\IgzxIHk.exe
  C:\Windows\System\IgzxIHk.exe
  2⤵
  PID:12392
- C:\Windows\System\vNKyplj.exe
  C:\Windows\System\vNKyplj.exe
  2⤵
  PID:12448
- C:\Windows\System\EgbyvhL.exe
  C:\Windows\System\EgbyvhL.exe
  2⤵
  PID:12524
- C:\Windows\System\NcFxHOI.exe
  C:\Windows\System\NcFxHOI.exe
  2⤵
  PID:12548
- C:\Windows\System\ExMMfAi.exe
  C:\Windows\System\ExMMfAi.exe
  2⤵
  PID:12644
- C:\Windows\System\tbjEvvK.exe
  C:\Windows\System\tbjEvvK.exe
  2⤵
  PID:12752
- C:\Windows\System\PjvWDeE.exe
  C:\Windows\System\PjvWDeE.exe
  2⤵
  PID:12884
- C:\Windows\System\ThMuBty.exe
  C:\Windows\System\ThMuBty.exe
  2⤵
  PID:12912
- C:\Windows\System\ERXewIh.exe
  C:\Windows\System\ERXewIh.exe
  2⤵
  PID:12936
- C:\Windows\System\lhkQuef.exe
  C:\Windows\System\lhkQuef.exe
  2⤵
  PID:13020
- C:\Windows\System\BvirRCi.exe
  C:\Windows\System\BvirRCi.exe
  2⤵
  PID:13084
- C:\Windows\System\lrbwzQm.exe
  C:\Windows\System\lrbwzQm.exe
  2⤵
  PID:13132
- C:\Windows\System\wYBHWcQ.exe
  C:\Windows\System\wYBHWcQ.exe
  2⤵
  PID:13152
- C:\Windows\System\JjsxXJq.exe
  C:\Windows\System\JjsxXJq.exe
  2⤵
  PID:13216
- C:\Windows\System\tYvhZcA.exe
  C:\Windows\System\tYvhZcA.exe
  2⤵
  PID:13300
- C:\Windows\System\ZChOrXm.exe
  C:\Windows\System\ZChOrXm.exe
  2⤵
  PID:12376
- C:\Windows\System\qXHKbbl.exe
  C:\Windows\System\qXHKbbl.exe
  2⤵
  PID:12480
- C:\Windows\System\UWOhGKS.exe
  C:\Windows\System\UWOhGKS.exe
  2⤵
  PID:12680
- C:\Windows\System\JLhNabL.exe
  C:\Windows\System\JLhNabL.exe
  2⤵
  PID:12856
- C:\Windows\System\JdJjZII.exe
  C:\Windows\System\JdJjZII.exe
  2⤵
  PID:13076
- C:\Windows\System\oztSBFF.exe
  C:\Windows\System\oztSBFF.exe
  2⤵
  PID:13288
- C:\Windows\System\pJKtiGk.exe
  C:\Windows\System\pJKtiGk.exe
  2⤵
  PID:12076
- C:\Windows\System\XqEHSAS.exe
  C:\Windows\System\XqEHSAS.exe
  2⤵
  PID:12544
- C:\Windows\System\VoxzGKl.exe
  C:\Windows\System\VoxzGKl.exe
  2⤵
  PID:13036
- C:\Windows\System\ALMXcYi.exe
  C:\Windows\System\ALMXcYi.exe
  2⤵
  PID:12652
- C:\Windows\System\TQskeSK.exe
  C:\Windows\System\TQskeSK.exe
  2⤵
  PID:13332
- C:\Windows\System\fFRfFYb.exe
  C:\Windows\System\fFRfFYb.exe
  2⤵
  PID:13380
- C:\Windows\System\xYFGznU.exe
  C:\Windows\System\xYFGznU.exe
  2⤵
  PID:13408
- C:\Windows\System\QKYfhft.exe
  C:\Windows\System\QKYfhft.exe
  2⤵
  PID:13432
- C:\Windows\System\usjwqPv.exe
  C:\Windows\System\usjwqPv.exe
  2⤵
  PID:13452
- C:\Windows\System\xCVJwYp.exe
  C:\Windows\System\xCVJwYp.exe
  2⤵
  PID:13476
- C:\Windows\System\VjDtYPo.exe
  C:\Windows\System\VjDtYPo.exe
  2⤵
  PID:13500
- C:\Windows\System\UnRSGLF.exe
  C:\Windows\System\UnRSGLF.exe
  2⤵
  PID:13524
- C:\Windows\System\FNKUMZA.exe
  C:\Windows\System\FNKUMZA.exe
  2⤵
  PID:13548
- C:\Windows\System\fChUjhs.exe
  C:\Windows\System\fChUjhs.exe
  2⤵
  PID:13572
- C:\Windows\System\vpaoDBb.exe
  C:\Windows\System\vpaoDBb.exe
  2⤵
  PID:13612
- C:\Windows\System\uHmqOMf.exe
  C:\Windows\System\uHmqOMf.exe
  2⤵
  PID:13636
- C:\Windows\System\gmGBfWw.exe
  C:\Windows\System\gmGBfWw.exe
  2⤵
  PID:13664
- C:\Windows\System\RtFGCIK.exe
  C:\Windows\System\RtFGCIK.exe
  2⤵
  PID:13688
- C:\Windows\System\dLQyiqq.exe
  C:\Windows\System\dLQyiqq.exe
  2⤵
  PID:13728
- C:\Windows\System\dttPguw.exe
  C:\Windows\System\dttPguw.exe
  2⤵
  PID:13796
- C:\Windows\System\NatDEOt.exe
  C:\Windows\System\NatDEOt.exe
  2⤵
  PID:13816
- C:\Windows\System\gfNSZTL.exe
  C:\Windows\System\gfNSZTL.exe
  2⤵
  PID:13836
- C:\Windows\System\jWbjseH.exe
  C:\Windows\System\jWbjseH.exe
  2⤵
  PID:13864
- C:\Windows\System\aYyhZIV.exe
  C:\Windows\System\aYyhZIV.exe
  2⤵
  PID:13912
- C:\Windows\System\ouSEQGN.exe
  C:\Windows\System\ouSEQGN.exe
  2⤵
  PID:13932
- C:\Windows\System\tXpPXMY.exe
  C:\Windows\System\tXpPXMY.exe
  2⤵
  PID:13960
- C:\Windows\System\XfEYGZO.exe
  C:\Windows\System\XfEYGZO.exe
  2⤵
  PID:13980
- C:\Windows\System\QDHsFqd.exe
  C:\Windows\System\QDHsFqd.exe
  2⤵
  PID:14004
- C:\Windows\System\kMyFFgx.exe
  C:\Windows\System\kMyFFgx.exe
  2⤵
  PID:14028
- C:\Windows\System\KMtvrEF.exe
  C:\Windows\System\KMtvrEF.exe
  2⤵
  PID:14056
- C:\Windows\System\FaEthIv.exe
  C:\Windows\System\FaEthIv.exe
  2⤵
  PID:14100
- C:\Windows\System\sVkoeqA.exe
  C:\Windows\System\sVkoeqA.exe
  2⤵
  PID:14128
- C:\Windows\System\oNihhEc.exe
  C:\Windows\System\oNihhEc.exe
  2⤵
  PID:14156
- C:\Windows\System\IXmYBdl.exe
  C:\Windows\System\IXmYBdl.exe
  2⤵
  PID:14176
- C:\Windows\System\JgUkPyl.exe
  C:\Windows\System\JgUkPyl.exe
  2⤵
  PID:14204
- C:\Windows\System\KZcJDJH.exe
  C:\Windows\System\KZcJDJH.exe
  2⤵
  PID:14224
- C:\Windows\System\zPNAQcI.exe
  C:\Windows\System\zPNAQcI.exe
  2⤵
  PID:14244
- C:\Windows\System\mgXNDln.exe
  C:\Windows\System\mgXNDln.exe
  2⤵
  PID:14276
- C:\Windows\System\fHZsTCa.exe
  C:\Windows\System\fHZsTCa.exe
  2⤵
  PID:14316
- C:\Windows\System\JMvmOjf.exe
  C:\Windows\System\JMvmOjf.exe
  2⤵
  PID:13016
- C:\Windows\System\DCntXQp.exe
  C:\Windows\System\DCntXQp.exe
  2⤵
  PID:13320
- C:\Windows\System\YmOBSFl.exe
  C:\Windows\System\YmOBSFl.exe
  2⤵
  PID:13420
- C:\Windows\System\eLFOnef.exe
  C:\Windows\System\eLFOnef.exe
  2⤵
  PID:13464
- C:\Windows\System\JqexZyM.exe
  C:\Windows\System\JqexZyM.exe
  2⤵
  PID:13560
- C:\Windows\System\hksSVTp.exe
  C:\Windows\System\hksSVTp.exe
  2⤵
  PID:13656
- C:\Windows\System\qBCoBxn.exe
  C:\Windows\System\qBCoBxn.exe
  2⤵
  PID:13720
- C:\Windows\System\ktPnvFH.exe
  C:\Windows\System\ktPnvFH.exe
  2⤵
  PID:13712
- C:\Windows\System\uJrNBLA.exe
  C:\Windows\System\uJrNBLA.exe
  2⤵
  PID:13808
- C:\Windows\System\mEBBDrL.exe
  C:\Windows\System\mEBBDrL.exe
  2⤵
  PID:13928

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\APCrBZr.exe

Filesize
1.8MB

MD5
ac2537cce8a50a8a7c301cd2589e1013

SHA1
93e0586bba9af3745890d8819a618eb3fd94021d

SHA256
210fd72a2096855c6d8ccf50e27aed9b51b5971e385f7aa7fcae61a6d28e3f0e

SHA512
3f3201bd7a6a21c0ddf1b06674bf57343be454a9ef481559af324e41ece8e539cd6271cbae93993224ee38b0be620e84a5f8cc4a8a74824dec239deabd041157

Download Submit
C:\Windows\System\APeSWrM.exe

Filesize
1.8MB

MD5
11beeaf2abb816be255c78bf9da3d352

SHA1
b1a68af8e608d6a3d57d2df4ccb6ed54d4c8e7c4

SHA256
65b01f26dc0a93d6b17ca4e305d534685e2beb1e4e8fbc2d772ada243a3ef84c

SHA512
cad853e1cd7f5e3e350e9b7fdc696689a7785235a9c2779bf0b53eaee9b14bfac0eb71bfc96e16a8573828f1fbf655d9e6ad6755a33ebd411910fc267ac0b322

Download Submit
C:\Windows\System\AttCqqv.exe

Filesize
1.8MB

MD5
54e1cdf199ca1091e053a2108a8cc1e7

SHA1
a3cc6d4a4d96417cede348d7e225202500e6f4a8

SHA256
c63d2633a599e408dbeb9b007a7114838f4558804d27ca56eeeb2135064307de

SHA512
5c4c075dd99ce763aafa5505976cec135a78378e357aaea0abb245f46a055bc9a598b39badfee9cc25560f58f844cb68fdfe4488e565389beca14c82676b3bae

Download Submit
C:\Windows\System\EaSIdfH.exe

Filesize
1.8MB

MD5
c1a662c346bdb3711a24e42f447ec33d

SHA1
393df99177ac741c642df89a3e7026feebbc205d

SHA256
304882ed25b5ab59b2d925841404349bd3e1a3c056db9e2eaa5ba1d8ef51e91d

SHA512
d46d7116fc4bb087770d2060a7716460e42fe3a0df03d77d949927425f63307f2be3421f5c4910c8354c5aa0c566b5e18e82ccbc91b43a6bb29f8b62e4d7f017

Download Submit
C:\Windows\System\FjliBBH.exe

Filesize
1.8MB

MD5
39916e02f4ee724011d18a873db790d5

SHA1
326f22753c56d03c2eac46231272c1b4866ceae0

SHA256
7217daac1be7800d672440ad917be8538a9e1cc711c27a3e37fa3776678e5fd1

SHA512
8355b6a235b3180a99ca49442a12a9ba164ca456f5863af892bc8a5e4ed153c013051a34bb4719320606f111d30096b555245d60558dca75f0bd86a6f4e90091

Download Submit
C:\Windows\System\LYAXptr.exe

Filesize
1.8MB

MD5
9a0e6d6c615e59e4aa8dda08f4896627

SHA1
17b475a2d16dd2517f08fe2a44f980226d10bb6c

SHA256
055f2e1c6fae1b45c693f347f845cf228e837050683034d11fc5d1beda728c43

SHA512
97ad110fd7b307b9dcbb41295c5022f895bdf047a297becdff6852d31501c47b2089d3faabf5ad7784f71bb3541e582947404cb5f457b5fafc14f5144f1c016e

Download Submit
C:\Windows\System\OWLjNXn.exe

Filesize
1.8MB

MD5
ba8f9980041c6688b111e887ff5d50c5

SHA1
7372ecb4380d2b1e2fc0242c5f3f4c16ed80804f

SHA256
f3d6104b4ee37247b3c2c90547c60fe15167bf753a7710480848eb5daf3d32d8

SHA512
528d4bec9ed4d3210f539a214e9021214f2beae39714b0901a8613a6aefc8c3043ee5b74e90fb319ba0fd4e43b70c0d8a9f767124a9686d39bfc4a3c99862cef

Download Submit
C:\Windows\System\QGBsPNU.exe

Filesize
1.8MB

MD5
ccb0f4fd7e2342b4759d2739e1eb6b8a

SHA1
916017d8f10e1e075c6f76278a66fa233c66319b

SHA256
9cec21902448dcd1da7f402cfcc9d5eab203e0f8aa99a1f9d1368155b576a485

SHA512
3cfce1c6e05c522bb1a7a110015eb64ca00b1e213bc6b9a481275f2383ef15e34513c5233b46e0318df9c4388b1562784ca7cc466644fa9109b8dafbfbe177a5

Download Submit
C:\Windows\System\RRZknaG.exe

Filesize
1.8MB

MD5
15b0597e90985d3eb9272fa3fe018c28

SHA1
d63549df12c5b29dfafd865e51d52700af85b174

SHA256
64c3086fbcb008a929cc9d3cdd971df85267e5a621a3060e1e73f4817583d534

SHA512
e0da0fb353f0710e7bd43a5503a545768ffaac76efb5d20518e85987dc7a3c6a083235034381edb4e6ead7269bff82b69b1603521ae4c0164be8b7f6a2d2ddec

Download Submit
C:\Windows\System\SIauFdB.exe

Filesize
1.8MB

MD5
f11bf20ef0ba054b39fa23d2ad70f9d0

SHA1
fcb1e8584630688a77ae7324a8e7b1be1761a88b

SHA256
e2b2fd493e0e27897c1ec0ad16b9fd259e01b16007e64e4582c02ad427e2e4a2

SHA512
de628a2cf959d4d737ae5d7995bc80567b94e6dd121a82f831d68d9e6547c8bb4a4659bc2f74f8cc164c38e368763f176c19a23e6da39620703af158313b8c76

Download Submit
C:\Windows\System\UJJqNne.exe

Filesize
1.8MB

MD5
7020e2367de5a9ceffb9b0343189161d

SHA1
d1a12064bb647b721f7919267779b6780f5875d7

SHA256
a2967a40029f31cc5f1c4de8fea81aaddf63d209a281e6c63201b840187515e2

SHA512
c3b4d83f34dd8bd748dd0508c031a359778bd9e55d7866de278bb12e9e2bed39e1d86d4d90823178490da27c47277b7041fd39bb23a0346324c3ab26b4a03055

Download Submit
C:\Windows\System\YaSAOzL.exe

Filesize
1.8MB

MD5
40412b32f8a770c0d0171bcd13642a82

SHA1
f9f465deffe46343be8429e5ee2c9fe140a4be9c

SHA256
4aeb144c14b2a1505d8bb658cf9f93f4afe07aaa972d5b89d02f174191b5e91a

SHA512
f4797949ce8ef59e2d4c9f79beb4b09078a7d4db053ec0f1b010989114a3fafbc7fa6eaeb3b36aa3902854ac14c646f02b5d60cbad4bb13e52baffb7901a0d83

Download Submit
C:\Windows\System\apxuguF.exe

Filesize
1.8MB

MD5
9dd8dc5d774c4998cf3dabc912310959

SHA1
d253f21f5d6f6050a06d7a99a3ffbf866343c5a4

SHA256
0879055db769a4c639e6387d65cb5665f74afcdc9df31cfc8ed8361b591325b6

SHA512
ca809e52d90ad09c9d77081c4b52a5c78e6ccfdb8f4c2daba08e1880aefeae484caaab99b73bb417fcc4874b6cdab5e4c8a636527f64ea4a24146c6ad5216b45

Download Submit
C:\Windows\System\bZrbzaq.exe

Filesize
1.8MB

MD5
3fa279c1b2e79cdc9a497500620c0815

SHA1
94dd6a191e906200b020c4d32e7d1695468c703a

SHA256
b2910996e18a9a02ce49f7c99c88b4c8b12760a51adf4f549fd4016241c0dd57

SHA512
1136a58758f580b665a8aebdcb9016b35e28662e82a0b9ecb568f496620b82e574074b926c21c5284a2775d4023ce5b363f694e400e3fac305272ace91a40a5c

Download Submit
C:\Windows\System\bjFvIaY.exe

Filesize
1.8MB

MD5
dbd212d6e70c74376fd861e37e6692a8

SHA1
3c85151412ce8cae9ebe25747a6d42a39e1ac04c

SHA256
35bcc5e2c24b5836c02b44328f62a2642b195e0e4dba9311169c294acaa85c69

SHA512
11714a61e19e092cb71971daf6da03b0718c4807198dd4b7d79c19ae37011a75de804e8490081f64dfbffd7513ad3318326d66aeaffaa915eb1b197ef0440324

Download Submit
C:\Windows\System\bwtekBb.exe

Filesize
1.8MB

MD5
a4669dec451f620b63e5c4b99ba5392f

SHA1
f31479bf3797d0316a46c2da828e51cca6de7585

SHA256
5664c3d43981d4faa74da51432bd96e443b04d3465d84ac84f372e850bd921b8

SHA512
2a54b4f3b9d5683015a76940802f1bb46f85bdd69cccc2844ebbfc111afa0394d00c44cc2fb8e48e2fcbd5755afddc2fc82be38efbbde5467ae6a8d68b055c48

Download Submit
C:\Windows\System\cHZiiVL.exe

Filesize
1.8MB

MD5
5b2589ba915bee3a81b1342bc8234279

SHA1
ecef1d173f3f2d3d7eca3f1a28905bcd7c35852b

SHA256
5176bd9d125807cd082ec7984b6ee0b662fcec87dc5407b24d80571bcd212183

SHA512
09ee0f138b6caf3a7aebd502ff87b4db52e58917e147b0ae75d16494b09343fa55cb8b8d3fd4bd7abe5636edf830711a6a842d231350b8b69e452437b0ca9acf

Download Submit
C:\Windows\System\csnFtYH.exe

Filesize
1.8MB

MD5
45e70c189d50af2aeab5fe6eefbfd278

SHA1
3695267c2938855ee98bb98d78e97d6657b1a033

SHA256
a11c192e0abc1826458b00769abb967f5f8882da34e29503c40480fd7a8be056

SHA512
aa82bb97b69590854bc8a4b93b57501e754982418f14d86821881ceb101cd14206eba2c91e9746b32f6a4d95267e4cb3beab8253a82fe81d44113cc84a40d72f

Download Submit
C:\Windows\System\eDmiXmA.exe

Filesize
1.8MB

MD5
aa8058d46696d7251dc1ef2dbc3ba6ce

SHA1
04cac46b152d9ac2b29bfe38a847c60e3728c105

SHA256
6b06e0872cdddb1a47a4b84447c43ddd60c7ab7e81c711c32fc93c154ae0b0fa

SHA512
9b88cb836d066fc103a1d6a1d392b87f5b346c2fcd46fd83f670ddae110df03e5cfb96b12d9443c76cab2c794954b80b42068f1bd6cc6596c3f4c05806ce60e2

Download Submit
C:\Windows\System\ebajciO.exe

Filesize
1.8MB

MD5
c2640c6627bdc354a18b906561051ff6

SHA1
253dabeba11ab4f680b24897751ab56a95b87599

SHA256
a742460c289f3bc5001e9218f758bd8e4fda9466d07cb21358171f5584cfc938

SHA512
f5e2e24521dc204f8ca701adbc2339e8c625719cfcbc4d84d8e5076de4a82c7d747a27423bd3915535265f6e8b849a15d0148d5cf0449b0bb2b5663b860ab61c

Download Submit
C:\Windows\System\ebhJdEi.exe

Filesize
1.8MB

MD5
4aef01a4642aebb56065f09389f34083

SHA1
3b462e0d63626a441a307d967589055a0aa1db23

SHA256
47ec705b2fb6d4df6fd5ad5e8fb6fc15444615d669f566b73f110662c705f753

SHA512
5cae78d4b5468fdc2ebe398171f394cff0ae6a838026ad0af45a5bdeb4426667192c48acb40641e526bb36c56d33615da932bafe30e659e5430bf91527ab2c91

Download Submit
C:\Windows\System\fOjKePc.exe

Filesize
1.8MB

MD5
93bc160d7f3050a31e7f7c6895361181

SHA1
d08773417afaa67388984732c92e3684ebfacfd7

SHA256
7402a7f091c7b89113b9a0583a3309f723f70b231b1133b34aed4573b588a3c9

SHA512
73a95c9ab71bbfeaa9fc471adff20ce01e437ca2fd95dd1f765e25601a3a645886b8a71c69316d4470a381b9ce0fd056c6dd23f3f4e28e9813770e9a3b8fd03c

Download Submit
C:\Windows\System\fQSMqNk.exe

Filesize
1.8MB

MD5
d02a0233704ebaf27c36529966762260

SHA1
898bdba05b1ff706cc705bd433095e42718507b1

SHA256
9458e9692b58f9559bddf0c4f3f77c4759734d5c7dc2412e6df4503f0bc0a087

SHA512
f0adab3ceb27536552c004ca509cb3411a21a2dc65caeb3bd6ad8b470caf9156ca2259b387d82f210a5972d4d9c9feed73793e4741da78370cb86cdab6df06a7

Download Submit
C:\Windows\System\jtnQRCZ.exe

Filesize
1.8MB

MD5
2261dce3560168f2a23355d14ee407f4

SHA1
9f205a27d2231135849d0de3e12fe293ae6bb936

SHA256
31d61b11a31bff396120bd4728f6d19a7e0064535ca73f6644f1864444cce290

SHA512
c4facdb39d9018f3990e860c7bff6c4cf76fb9ab763c24d9bca308c7b8e58a673bf74586ec57746bf68ea7c795d75042e4bb80b94a204cc290ab88d33628b15d

Download Submit
C:\Windows\System\mKuusUk.exe

Filesize
1.8MB

MD5
591cf747ed08b4c63d2cd6cc9b5345ea

SHA1
859d316ac796ad401f050aebba7675c25eb619fa

SHA256
191e6e7fc96f93ccbd083004c9e34287bded413c8b358e5c485b5f6ba0819db8

SHA512
5d5de007b3549c604f0814954144011002e70724413eb251c35165b3fdef490d7bf0ec284f747140a21ac1020bbce86908991808f6662c731da1cf29a7556490

Download Submit
C:\Windows\System\pEPprfe.exe

Filesize
1.8MB

MD5
950337ae12b8733d4f04f5a4c103bee1

SHA1
2151e7c0c7291ae9177ee9b54fdcc0e50a5f8eaf

SHA256
3ceae2a835f5aeb229b603de5237fdd023b149786a349fd00431516b6284975e

SHA512
c8598127f06e693d04dcab3f14433bdd649a4dea63bbc463b2d2ec7bf50834f989ab9e3e828917ef3b3268bd15baaf84ea7292eab8fcc90768d1b8aa96782856

Download Submit
C:\Windows\System\rzWbDsl.exe

Filesize
1.8MB

MD5
3d235f551af4dace59fc3c8e794baaa0

SHA1
7091ef430957525995b41a05553b081a1fe3bdf7

SHA256
a01861bcbf7615006c4982c153481b486c60746bb5770e47870998579b88e044

SHA512
064b1aa70feaff6663d9b37a35e463360fc4e8ba59698ba6650272c4f64b57df1c9c22a038a41bbe23bd069c050cfcb100eddbe5a98f72d8ac21ebf054eb4c72

Download Submit
C:\Windows\System\seGSVfN.exe

Filesize
1.8MB

MD5
81ecad8dd1c8e0a31d025b539744bb17

SHA1
56416dbf179e2f72e5abd1d2e7ed0f55c20289c3

SHA256
c7acde54afbe092be6e1006b4a6e6fd1c190ce817d80b369b9eed12e502c11be

SHA512
1ae031e7ba03f40a4ac6ac931be096c613a8baaeb644f1e20e232a5d62d7e23c60191d9bbd58f73c212de13b40a6745f2ce9571f923eccd1519c3dfd074ec9d9

Download Submit
C:\Windows\System\tWygdsw.exe

Filesize
1.8MB

MD5
3a99385b6c40a69fee7b657a0f3da6e0

SHA1
c95bd08b518adeb52e6aab687fac8e058cc4dba4

SHA256
d39ceadd27bb330fe51c25eba6f0514ae6058aac2c5d5830feb6103e9673ae06

SHA512
128aeff329ff3378b41a44077ef9fb3afc4b5e56007ba8f1f93db26a53a82c8341ec077a28db11559ad70d016787346f5489f27113898ac0b59b9d29cc9436db

Download Submit
C:\Windows\System\wwOVvXI.exe

Filesize
1.8MB

MD5
bad9b836e79d7448e3286455b3efe0c4

SHA1
b67600afcc03254c5bd039412010ede889ec3eed

SHA256
234191377f161aa9fd8399e9f5f768443bf85e8c494512252cdc6e387207a396

SHA512
a1952ca84a4f90819fb9f41f9d4c0df4b7fec8175e95f7000e7e5049e97306c70f080f54ae8da3dc640494e45dfd2282c72683f6e5f8fc0c58927158f1a15307

Download Submit
C:\Windows\System\yxLYPjU.exe

Filesize
1.8MB

MD5
28844a873db1ca61cfdf2bd7dc54cc09

SHA1
cf138c19b4a908571bef1fbeed45f905565e8645

SHA256
c0dbc00a664fb33adc1a5ce107c7fa09509456560631f3485cbbef48dfb28ab7

SHA512
6a5f1e762ed5048896ae9a20c5ecc6446ba98b7a87b3600179edd6090b464120cb173caeb9fe9e458b72c60b51c1803b68fea10aa90d7527e6cd1e4051395969

Download Submit
C:\Windows\System\yxhKTWQ.exe

Filesize
1.8MB

MD5
0ef5637df9d833dbc70267fbae83ac59

SHA1
9acfaa9a01ca58aa4909c71c8bfc3b64c8729395

SHA256
594d6045d37f4923da06c7d0065ee9cf8917b7e3e51d85aae5f39c2ae6d50e59

SHA512
8b1981d6cc56cb852572f96d4a54e026a000c72467439214ab7bbfd71b9f7c638c3081a0bcf0ea8710a2485f80e3c3b1b41bb5343b7719ca6d57b97657facd73

Download Submit
C:\Windows\System\zbMNANV.exe

Filesize
1.8MB

MD5
57fb051727402d4fe139b31162c60d66

SHA1
1662d8e1adc14ae8491eb002e1bd26a6cb2e2914

SHA256
7e5c8ef4c296f00c3427943aa41da01030e82187b040e52b7e8ca4194c0c6c76

SHA512
bd356bef2b8844edf28267d87dad90d255f01a9c074c9d92d33c6b6ef11fbf4a82145e59403547110cb70c2040249fab699cd58a9ff8b9cdfd1013d067b6c2b5

Download Submit
memory/632-546-0x00007FF6A9810000-0x00007FF6A9B61000-memory.dmp

Filesize
3.3MB

Download
memory/632-2300-0x00007FF6A9810000-0x00007FF6A9B61000-memory.dmp

Filesize
3.3MB

Download
memory/740-543-0x00007FF798440000-0x00007FF798791000-memory.dmp

Filesize
3.3MB

Download
memory/740-2304-0x00007FF798440000-0x00007FF798791000-memory.dmp

Filesize
3.3MB

Download
memory/1212-550-0x00007FF7FCCC0000-0x00007FF7FD011000-memory.dmp

Filesize
3.3MB

Download
memory/1212-2308-0x00007FF7FCCC0000-0x00007FF7FD011000-memory.dmp

Filesize
3.3MB

Download
memory/1372-2270-0x00007FF70A4B0000-0x00007FF70A801000-memory.dmp

Filesize
3.3MB

Download
memory/1372-33-0x00007FF70A4B0000-0x00007FF70A801000-memory.dmp

Filesize
3.3MB

Download
memory/1372-2239-0x00007FF70A4B0000-0x00007FF70A801000-memory.dmp

Filesize
3.3MB

Download
memory/1440-2311-0x00007FF6DE200000-0x00007FF6DE551000-memory.dmp

Filesize
3.3MB

Download
memory/1440-556-0x00007FF6DE200000-0x00007FF6DE551000-memory.dmp

Filesize
3.3MB

Download
memory/1516-2322-0x00007FF75D800000-0x00007FF75DB51000-memory.dmp

Filesize
3.3MB

Download
memory/1516-563-0x00007FF75D800000-0x00007FF75DB51000-memory.dmp

Filesize
3.3MB

Download
memory/1736-551-0x00007FF7A78E0000-0x00007FF7A7C31000-memory.dmp

Filesize
3.3MB

Download
memory/1736-2312-0x00007FF7A78E0000-0x00007FF7A7C31000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2284-0x00007FF754040000-0x00007FF754391000-memory.dmp

Filesize
3.3MB

Download
memory/1764-523-0x00007FF754040000-0x00007FF754391000-memory.dmp

Filesize
3.3MB

Download
memory/1876-2294-0x00007FF7AE160000-0x00007FF7AE4B1000-memory.dmp

Filesize
3.3MB

Download
memory/1876-527-0x00007FF7AE160000-0x00007FF7AE4B1000-memory.dmp

Filesize
3.3MB

Download
memory/1940-525-0x00007FF62CB00000-0x00007FF62CE51000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2288-0x00007FF62CB00000-0x00007FF62CE51000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2241-0x00007FF6C58B0000-0x00007FF6C5C01000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2272-0x00007FF6C58B0000-0x00007FF6C5C01000-memory.dmp

Filesize
3.3MB

Download
memory/2096-45-0x00007FF6C58B0000-0x00007FF6C5C01000-memory.dmp

Filesize
3.3MB

Download
memory/2456-526-0x00007FF6024E0000-0x00007FF602831000-memory.dmp

Filesize
3.3MB

Download
memory/2456-2290-0x00007FF6024E0000-0x00007FF602831000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2266-0x00007FF700FA0000-0x00007FF7012F1000-memory.dmp

Filesize
3.3MB

Download
memory/2588-42-0x00007FF700FA0000-0x00007FF7012F1000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2242-0x00007FF700FA0000-0x00007FF7012F1000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2278-0x00007FF719810000-0x00007FF719B61000-memory.dmp

Filesize
3.3MB

Download
memory/2892-520-0x00007FF719810000-0x00007FF719B61000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1-0x00000164E7100000-0x00000164E7110000-memory.dmp

Filesize
64KB

Download
memory/2972-2171-0x00007FF7DFEE0000-0x00007FF7E0231000-memory.dmp

Filesize
3.3MB

Download
memory/2972-0-0x00007FF7DFEE0000-0x00007FF7E0231000-memory.dmp

Filesize
3.3MB

Download
memory/3068-17-0x00007FF65CAF0000-0x00007FF65CE41000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2262-0x00007FF65CAF0000-0x00007FF65CE41000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2315-0x00007FF601180000-0x00007FF6014D1000-memory.dmp

Filesize
3.3MB

Download
memory/3220-569-0x00007FF601180000-0x00007FF6014D1000-memory.dmp

Filesize
3.3MB

Download
memory/3500-570-0x00007FF6D1CF0000-0x00007FF6D2041000-memory.dmp

Filesize
3.3MB

Download
memory/3500-2280-0x00007FF6D1CF0000-0x00007FF6D2041000-memory.dmp

Filesize
3.3MB

Download
memory/3516-2298-0x00007FF7C9FA0000-0x00007FF7CA2F1000-memory.dmp

Filesize
3.3MB

Download
memory/3516-544-0x00007FF7C9FA0000-0x00007FF7CA2F1000-memory.dmp

Filesize
3.3MB

Download
memory/3712-521-0x00007FF70B8A0000-0x00007FF70BBF1000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2276-0x00007FF70B8A0000-0x00007FF70BBF1000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2292-0x00007FF7CE330000-0x00007FF7CE681000-memory.dmp

Filesize
3.3MB

Download
memory/3960-528-0x00007FF7CE330000-0x00007FF7CE681000-memory.dmp

Filesize
3.3MB

Download
memory/4088-2286-0x00007FF63CB30000-0x00007FF63CE81000-memory.dmp

Filesize
3.3MB

Download
memory/4088-524-0x00007FF63CB30000-0x00007FF63CE81000-memory.dmp

Filesize
3.3MB

Download
memory/4100-2264-0x00007FF66FA00000-0x00007FF66FD51000-memory.dmp

Filesize
3.3MB

Download
memory/4100-29-0x00007FF66FA00000-0x00007FF66FD51000-memory.dmp

Filesize
3.3MB

Download
memory/4100-2212-0x00007FF66FA00000-0x00007FF66FD51000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2274-0x00007FF791F60000-0x00007FF7922B1000-memory.dmp

Filesize
3.3MB

Download
memory/4156-519-0x00007FF791F60000-0x00007FF7922B1000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2243-0x00007FF791F60000-0x00007FF7922B1000-memory.dmp

Filesize
3.3MB

Download
memory/4492-537-0x00007FF7CD070000-0x00007FF7CD3C1000-memory.dmp

Filesize
3.3MB

Download
memory/4492-2306-0x00007FF7CD070000-0x00007FF7CD3C1000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2211-0x00007FF739390000-0x00007FF7396E1000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2260-0x00007FF739390000-0x00007FF7396E1000-memory.dmp

Filesize
3.3MB

Download
memory/4608-8-0x00007FF739390000-0x00007FF7396E1000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2282-0x00007FF733ED0000-0x00007FF734221000-memory.dmp

Filesize
3.3MB

Download
memory/4956-522-0x00007FF733ED0000-0x00007FF734221000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2302-0x00007FF6AED60000-0x00007FF6AF0B1000-memory.dmp

Filesize
3.3MB

Download
memory/4988-536-0x00007FF6AED60000-0x00007FF6AF0B1000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2296-0x00007FF6879E0000-0x00007FF687D31000-memory.dmp

Filesize
3.3MB

Download
memory/5084-533-0x00007FF6879E0000-0x00007FF687D31000-memory.dmp

Filesize
3.3MB

Download
memory/5116-34-0x00007FF683E00000-0x00007FF684151000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2268-0x00007FF683E00000-0x00007FF684151000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2240-0x00007FF683E00000-0x00007FF684151000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads