xmrig | 118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
Size

1.5MB
MD5

718ef617711b4973a30a723819d39fde
SHA1

3855ff028e0c92a1e790aed4b5a6db3d6c9007f1
SHA256

118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8
SHA512

e857495c0df7b96db900cde7b0d6807f215430c0d4aa254f5e73f37a562d9ef96abbd781c701aa52d5508e384a3f134338676816b17a3e0e3cba6e99c307c997
SSDEEP

24576:RVIl/WDGCi7/qkatuBF672l6i2Ncb2ygupgrnACAmZ/NwFC31G3AcMxA7DX+qtrj:ROdWCCi7/raU56uL3pgrCEdM/Gta3

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4276-0-0x00007FF63CED0000-0x00007FF63D221000-memory.dmp	UPX
behavioral2/files/0x000600000002327b-4.dat	UPX
behavioral2/files/0x0007000000023419-8.dat	UPX
behavioral2/files/0x0008000000023418-10.dat	UPX
behavioral2/memory/3764-13-0x00007FF68D930000-0x00007FF68DC81000-memory.dmp	UPX
behavioral2/files/0x000700000002341a-19.dat	UPX
behavioral2/files/0x000700000002341b-21.dat	UPX
behavioral2/memory/4148-24-0x00007FF7FB4A0000-0x00007FF7FB7F1000-memory.dmp	UPX
behavioral2/memory/3712-29-0x00007FF752190000-0x00007FF7524E1000-memory.dmp	UPX
behavioral2/files/0x000700000002341d-35.dat	UPX
behavioral2/files/0x000700000002341c-42.dat	UPX
behavioral2/memory/4412-61-0x00007FF76A810000-0x00007FF76AB61000-memory.dmp	UPX
behavioral2/files/0x0007000000023423-67.dat	UPX
behavioral2/memory/4956-69-0x00007FF7B45E0000-0x00007FF7B4931000-memory.dmp	UPX
behavioral2/files/0x0007000000023421-75.dat	UPX
behavioral2/memory/532-82-0x00007FF6E6520000-0x00007FF6E6871000-memory.dmp	UPX
behavioral2/files/0x0007000000023425-90.dat	UPX
behavioral2/files/0x0007000000023428-102.dat	UPX
behavioral2/files/0x0007000000023429-115.dat	UPX
behavioral2/files/0x000700000002342c-130.dat	UPX
behavioral2/files/0x0007000000023432-160.dat	UPX
behavioral2/memory/5036-481-0x00007FF615090000-0x00007FF6153E1000-memory.dmp	UPX
behavioral2/memory/1512-482-0x00007FF7BB5D0000-0x00007FF7BB921000-memory.dmp	UPX
behavioral2/memory/4792-491-0x00007FF6ED590000-0x00007FF6ED8E1000-memory.dmp	UPX
behavioral2/memory/4204-518-0x00007FF76F910000-0x00007FF76FC61000-memory.dmp	UPX
behavioral2/memory/3792-526-0x00007FF655480000-0x00007FF6557D1000-memory.dmp	UPX
behavioral2/memory/3520-532-0x00007FF7F5C50000-0x00007FF7F5FA1000-memory.dmp	UPX
behavioral2/memory/1580-540-0x00007FF6117D0000-0x00007FF611B21000-memory.dmp	UPX
behavioral2/memory/1848-546-0x00007FF735C90000-0x00007FF735FE1000-memory.dmp	UPX
behavioral2/memory/2944-523-0x00007FF7258D0000-0x00007FF725C21000-memory.dmp	UPX
behavioral2/memory/4324-519-0x00007FF6DCB70000-0x00007FF6DCEC1000-memory.dmp	UPX
behavioral2/memory/3640-510-0x00007FF702A00000-0x00007FF702D51000-memory.dmp	UPX
behavioral2/memory/2348-502-0x00007FF6FF610000-0x00007FF6FF961000-memory.dmp	UPX
behavioral2/memory/2884-497-0x00007FF7761D0000-0x00007FF776521000-memory.dmp	UPX
behavioral2/memory/2292-490-0x00007FF670730000-0x00007FF670A81000-memory.dmp	UPX
behavioral2/memory/4684-486-0x00007FF72F060000-0x00007FF72F3B1000-memory.dmp	UPX
behavioral2/files/0x0007000000023437-177.dat	UPX
behavioral2/files/0x0007000000023435-175.dat	UPX
behavioral2/files/0x0007000000023436-172.dat	UPX
behavioral2/files/0x0007000000023434-170.dat	UPX
behavioral2/files/0x0007000000023433-165.dat	UPX
behavioral2/files/0x0007000000023431-155.dat	UPX
behavioral2/files/0x0007000000023430-151.dat	UPX
behavioral2/files/0x000700000002342f-145.dat	UPX
behavioral2/files/0x000700000002342e-140.dat	UPX
behavioral2/files/0x000700000002342d-135.dat	UPX
behavioral2/files/0x000700000002342b-125.dat	UPX
behavioral2/files/0x000700000002342a-120.dat	UPX
behavioral2/files/0x0007000000023427-105.dat	UPX
behavioral2/files/0x0007000000023426-97.dat	UPX
behavioral2/files/0x0007000000023424-86.dat	UPX
behavioral2/memory/4656-83-0x00007FF6A7D90000-0x00007FF6A80E1000-memory.dmp	UPX
behavioral2/files/0x0007000000023422-81.dat	UPX
behavioral2/memory/1664-77-0x00007FF6C0010000-0x00007FF6C0361000-memory.dmp	UPX
behavioral2/memory/3600-72-0x00007FF604770000-0x00007FF604AC1000-memory.dmp	UPX
behavioral2/memory/2036-71-0x00007FF650B20000-0x00007FF650E71000-memory.dmp	UPX
behavioral2/memory/1084-68-0x00007FF7FA2C0000-0x00007FF7FA611000-memory.dmp	UPX
behavioral2/files/0x000700000002341f-64.dat	UPX
behavioral2/memory/60-62-0x00007FF734820000-0x00007FF734B71000-memory.dmp	UPX
behavioral2/files/0x0007000000023420-57.dat	UPX
behavioral2/memory/2676-55-0x00007FF6D1220000-0x00007FF6D1571000-memory.dmp	UPX
behavioral2/files/0x000700000002341e-50.dat	UPX
behavioral2/memory/1328-45-0x00007FF7AD9B0000-0x00007FF7ADD01000-memory.dmp	UPX
behavioral2/memory/4148-2204-0x00007FF7FB4A0000-0x00007FF7FB7F1000-memory.dmp	UPX

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral2/memory/3764-13-0x00007FF68D930000-0x00007FF68DC81000-memory.dmp	xmrig
behavioral2/memory/4148-24-0x00007FF7FB4A0000-0x00007FF7FB7F1000-memory.dmp	xmrig
behavioral2/memory/4412-61-0x00007FF76A810000-0x00007FF76AB61000-memory.dmp	xmrig
behavioral2/memory/4956-69-0x00007FF7B45E0000-0x00007FF7B4931000-memory.dmp	xmrig
behavioral2/memory/5036-481-0x00007FF615090000-0x00007FF6153E1000-memory.dmp	xmrig
behavioral2/memory/1512-482-0x00007FF7BB5D0000-0x00007FF7BB921000-memory.dmp	xmrig
behavioral2/memory/4792-491-0x00007FF6ED590000-0x00007FF6ED8E1000-memory.dmp	xmrig
behavioral2/memory/4204-518-0x00007FF76F910000-0x00007FF76FC61000-memory.dmp	xmrig
behavioral2/memory/3792-526-0x00007FF655480000-0x00007FF6557D1000-memory.dmp	xmrig
behavioral2/memory/3520-532-0x00007FF7F5C50000-0x00007FF7F5FA1000-memory.dmp	xmrig
behavioral2/memory/1580-540-0x00007FF6117D0000-0x00007FF611B21000-memory.dmp	xmrig
behavioral2/memory/1848-546-0x00007FF735C90000-0x00007FF735FE1000-memory.dmp	xmrig
behavioral2/memory/2944-523-0x00007FF7258D0000-0x00007FF725C21000-memory.dmp	xmrig
behavioral2/memory/4324-519-0x00007FF6DCB70000-0x00007FF6DCEC1000-memory.dmp	xmrig
behavioral2/memory/3640-510-0x00007FF702A00000-0x00007FF702D51000-memory.dmp	xmrig
behavioral2/memory/2348-502-0x00007FF6FF610000-0x00007FF6FF961000-memory.dmp	xmrig
behavioral2/memory/2884-497-0x00007FF7761D0000-0x00007FF776521000-memory.dmp	xmrig
behavioral2/memory/2292-490-0x00007FF670730000-0x00007FF670A81000-memory.dmp	xmrig
behavioral2/memory/4684-486-0x00007FF72F060000-0x00007FF72F3B1000-memory.dmp	xmrig
behavioral2/memory/2036-71-0x00007FF650B20000-0x00007FF650E71000-memory.dmp	xmrig
behavioral2/memory/1084-68-0x00007FF7FA2C0000-0x00007FF7FA611000-memory.dmp	xmrig
behavioral2/memory/2676-55-0x00007FF6D1220000-0x00007FF6D1571000-memory.dmp	xmrig
behavioral2/memory/4148-2204-0x00007FF7FB4A0000-0x00007FF7FB7F1000-memory.dmp	xmrig
behavioral2/memory/4276-2205-0x00007FF63CED0000-0x00007FF63D221000-memory.dmp	xmrig
behavioral2/memory/1328-2206-0x00007FF7AD9B0000-0x00007FF7ADD01000-memory.dmp	xmrig
behavioral2/memory/3712-2207-0x00007FF752190000-0x00007FF7524E1000-memory.dmp	xmrig
behavioral2/memory/60-2208-0x00007FF734820000-0x00007FF734B71000-memory.dmp	xmrig
behavioral2/memory/3600-2209-0x00007FF604770000-0x00007FF604AC1000-memory.dmp	xmrig
behavioral2/memory/1664-2210-0x00007FF6C0010000-0x00007FF6C0361000-memory.dmp	xmrig
behavioral2/memory/532-2211-0x00007FF6E6520000-0x00007FF6E6871000-memory.dmp	xmrig
behavioral2/memory/4656-2246-0x00007FF6A7D90000-0x00007FF6A80E1000-memory.dmp	xmrig
behavioral2/memory/3764-2250-0x00007FF68D930000-0x00007FF68DC81000-memory.dmp	xmrig
behavioral2/memory/4148-2252-0x00007FF7FB4A0000-0x00007FF7FB7F1000-memory.dmp	xmrig
behavioral2/memory/3712-2258-0x00007FF752190000-0x00007FF7524E1000-memory.dmp	xmrig
behavioral2/memory/1328-2256-0x00007FF7AD9B0000-0x00007FF7ADD01000-memory.dmp	xmrig
behavioral2/memory/2676-2260-0x00007FF6D1220000-0x00007FF6D1571000-memory.dmp	xmrig
behavioral2/memory/1084-2254-0x00007FF7FA2C0000-0x00007FF7FA611000-memory.dmp	xmrig
behavioral2/memory/4956-2264-0x00007FF7B45E0000-0x00007FF7B4931000-memory.dmp	xmrig
behavioral2/memory/4412-2263-0x00007FF76A810000-0x00007FF76AB61000-memory.dmp	xmrig
behavioral2/memory/2036-2266-0x00007FF650B20000-0x00007FF650E71000-memory.dmp	xmrig
behavioral2/memory/3600-2270-0x00007FF604770000-0x00007FF604AC1000-memory.dmp	xmrig
behavioral2/memory/60-2272-0x00007FF734820000-0x00007FF734B71000-memory.dmp	xmrig
behavioral2/memory/1664-2268-0x00007FF6C0010000-0x00007FF6C0361000-memory.dmp	xmrig
behavioral2/memory/4656-2274-0x00007FF6A7D90000-0x00007FF6A80E1000-memory.dmp	xmrig
behavioral2/memory/1512-2290-0x00007FF7BB5D0000-0x00007FF7BB921000-memory.dmp	xmrig
behavioral2/memory/2292-2284-0x00007FF670730000-0x00007FF670A81000-memory.dmp	xmrig
behavioral2/memory/532-2282-0x00007FF6E6520000-0x00007FF6E6871000-memory.dmp	xmrig
behavioral2/memory/4684-2280-0x00007FF72F060000-0x00007FF72F3B1000-memory.dmp	xmrig
behavioral2/memory/5036-2278-0x00007FF615090000-0x00007FF6153E1000-memory.dmp	xmrig
behavioral2/memory/2884-2276-0x00007FF7761D0000-0x00007FF776521000-memory.dmp	xmrig
behavioral2/memory/3640-2294-0x00007FF702A00000-0x00007FF702D51000-memory.dmp	xmrig
behavioral2/memory/1848-2306-0x00007FF735C90000-0x00007FF735FE1000-memory.dmp	xmrig
behavioral2/memory/3520-2302-0x00007FF7F5C50000-0x00007FF7F5FA1000-memory.dmp	xmrig
behavioral2/memory/4204-2300-0x00007FF76F910000-0x00007FF76FC61000-memory.dmp	xmrig
behavioral2/memory/4324-2298-0x00007FF6DCB70000-0x00007FF6DCEC1000-memory.dmp	xmrig
behavioral2/memory/1580-2304-0x00007FF6117D0000-0x00007FF611B21000-memory.dmp	xmrig
behavioral2/memory/2944-2296-0x00007FF7258D0000-0x00007FF725C21000-memory.dmp	xmrig
behavioral2/memory/3792-2293-0x00007FF655480000-0x00007FF6557D1000-memory.dmp	xmrig
behavioral2/memory/4792-2288-0x00007FF6ED590000-0x00007FF6ED8E1000-memory.dmp	xmrig
behavioral2/memory/2348-2286-0x00007FF6FF610000-0x00007FF6FF961000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3764	JtFSSUr.exe
4148	KGTdKsH.exe
1084	eTBWcog.exe
3712	cGeegvB.exe
1328	eQQhNKS.exe
4956	fiuIIbK.exe
2676	uxEJToc.exe
4412	mryVObP.exe
60	sAZtZqc.exe
2036	aAEPtmP.exe
3600	GgjiVew.exe
532	kYAtQwe.exe
1664	jDXUNoS.exe
4656	xRrFEoL.exe
5036	oclgeRP.exe
1512	BPKyJrD.exe
4684	YHpRbZf.exe
2292	avaMcXl.exe
4792	zyHoXeh.exe
2884	NEkAIdC.exe
2348	RnKkjYL.exe
3640	NhNOcnL.exe
4204	IXRMFzu.exe
4324	OwcUyLF.exe
2944	LdUrKQW.exe
3792	mnhuAZp.exe
3520	sZQngxU.exe
1580	IeGjlAS.exe
1848	nboYHOo.exe
3336	QksLGAs.exe
2384	EGEWuWN.exe
4764	qtfLVpq.exe
1144	MEOCTFi.exe
4528	CkMqUxW.exe
4564	OeTEpFU.exe
4512	jkOogHl.exe
2704	AXeRCyz.exe
3468	jubhvzN.exe
2732	UwwAfpN.exe
1652	GFCtPTl.exe
3032	DrVnetH.exe
1220	RLtQNCc.exe
2128	XWgfwiw.exe
3508	IsHAUYR.exe
3240	vqusmXf.exe
3928	UffwzfW.exe
184	IBbnAmu.exe
604	QFSriSP.exe
2688	bmXBTcs.exe
364	mXuyEYz.exe
800	oNljwsZ.exe
4296	qHCEFYy.exe
4428	hCSdeGD.exe
2192	QaEfjdw.exe
928	bHPuFkX.exe
3540	mkadjHX.exe
2600	IFwlowe.exe
2332	MJbDoPo.exe
4208	XmapBGX.exe
3744	HyoPnqS.exe
1184	qXaMnBg.exe
1472	McqdRny.exe
1396	UPfFbgn.exe
1600	juwCEGJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4276-0-0x00007FF63CED0000-0x00007FF63D221000-memory.dmp	upx
behavioral2/files/0x000600000002327b-4.dat	upx
behavioral2/files/0x0007000000023419-8.dat	upx
behavioral2/files/0x0008000000023418-10.dat	upx
behavioral2/memory/3764-13-0x00007FF68D930000-0x00007FF68DC81000-memory.dmp	upx
behavioral2/files/0x000700000002341a-19.dat	upx
behavioral2/files/0x000700000002341b-21.dat	upx
behavioral2/memory/4148-24-0x00007FF7FB4A0000-0x00007FF7FB7F1000-memory.dmp	upx
behavioral2/memory/3712-29-0x00007FF752190000-0x00007FF7524E1000-memory.dmp	upx
behavioral2/files/0x000700000002341d-35.dat	upx
behavioral2/files/0x000700000002341c-42.dat	upx
behavioral2/memory/4412-61-0x00007FF76A810000-0x00007FF76AB61000-memory.dmp	upx
behavioral2/files/0x0007000000023423-67.dat	upx
behavioral2/memory/4956-69-0x00007FF7B45E0000-0x00007FF7B4931000-memory.dmp	upx
behavioral2/files/0x0007000000023421-75.dat	upx
behavioral2/memory/532-82-0x00007FF6E6520000-0x00007FF6E6871000-memory.dmp	upx
behavioral2/files/0x0007000000023425-90.dat	upx
behavioral2/files/0x0007000000023428-102.dat	upx
behavioral2/files/0x0007000000023429-115.dat	upx
behavioral2/files/0x000700000002342c-130.dat	upx
behavioral2/files/0x0007000000023432-160.dat	upx
behavioral2/memory/5036-481-0x00007FF615090000-0x00007FF6153E1000-memory.dmp	upx
behavioral2/memory/1512-482-0x00007FF7BB5D0000-0x00007FF7BB921000-memory.dmp	upx
behavioral2/memory/4792-491-0x00007FF6ED590000-0x00007FF6ED8E1000-memory.dmp	upx
behavioral2/memory/4204-518-0x00007FF76F910000-0x00007FF76FC61000-memory.dmp	upx
behavioral2/memory/3792-526-0x00007FF655480000-0x00007FF6557D1000-memory.dmp	upx
behavioral2/memory/3520-532-0x00007FF7F5C50000-0x00007FF7F5FA1000-memory.dmp	upx
behavioral2/memory/1580-540-0x00007FF6117D0000-0x00007FF611B21000-memory.dmp	upx
behavioral2/memory/1848-546-0x00007FF735C90000-0x00007FF735FE1000-memory.dmp	upx
behavioral2/memory/2944-523-0x00007FF7258D0000-0x00007FF725C21000-memory.dmp	upx
behavioral2/memory/4324-519-0x00007FF6DCB70000-0x00007FF6DCEC1000-memory.dmp	upx
behavioral2/memory/3640-510-0x00007FF702A00000-0x00007FF702D51000-memory.dmp	upx
behavioral2/memory/2348-502-0x00007FF6FF610000-0x00007FF6FF961000-memory.dmp	upx
behavioral2/memory/2884-497-0x00007FF7761D0000-0x00007FF776521000-memory.dmp	upx
behavioral2/memory/2292-490-0x00007FF670730000-0x00007FF670A81000-memory.dmp	upx
behavioral2/memory/4684-486-0x00007FF72F060000-0x00007FF72F3B1000-memory.dmp	upx
behavioral2/files/0x0007000000023437-177.dat	upx
behavioral2/files/0x0007000000023435-175.dat	upx
behavioral2/files/0x0007000000023436-172.dat	upx
behavioral2/files/0x0007000000023434-170.dat	upx
behavioral2/files/0x0007000000023433-165.dat	upx
behavioral2/files/0x0007000000023431-155.dat	upx
behavioral2/files/0x0007000000023430-151.dat	upx
behavioral2/files/0x000700000002342f-145.dat	upx
behavioral2/files/0x000700000002342e-140.dat	upx
behavioral2/files/0x000700000002342d-135.dat	upx
behavioral2/files/0x000700000002342b-125.dat	upx
behavioral2/files/0x000700000002342a-120.dat	upx
behavioral2/files/0x0007000000023427-105.dat	upx
behavioral2/files/0x0007000000023426-97.dat	upx
behavioral2/files/0x0007000000023424-86.dat	upx
behavioral2/memory/4656-83-0x00007FF6A7D90000-0x00007FF6A80E1000-memory.dmp	upx
behavioral2/files/0x0007000000023422-81.dat	upx
behavioral2/memory/1664-77-0x00007FF6C0010000-0x00007FF6C0361000-memory.dmp	upx
behavioral2/memory/3600-72-0x00007FF604770000-0x00007FF604AC1000-memory.dmp	upx
behavioral2/memory/2036-71-0x00007FF650B20000-0x00007FF650E71000-memory.dmp	upx
behavioral2/memory/1084-68-0x00007FF7FA2C0000-0x00007FF7FA611000-memory.dmp	upx
behavioral2/files/0x000700000002341f-64.dat	upx
behavioral2/memory/60-62-0x00007FF734820000-0x00007FF734B71000-memory.dmp	upx
behavioral2/files/0x0007000000023420-57.dat	upx
behavioral2/memory/2676-55-0x00007FF6D1220000-0x00007FF6D1571000-memory.dmp	upx
behavioral2/files/0x000700000002341e-50.dat	upx
behavioral2/memory/1328-45-0x00007FF7AD9B0000-0x00007FF7ADD01000-memory.dmp	upx
behavioral2/memory/4148-2204-0x00007FF7FB4A0000-0x00007FF7FB7F1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GYWXkrQ.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\jzBRhiq.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\AMNBdqV.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\IlpPmTb.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\NXbUaOo.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\GLHOrFn.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\etQQIMc.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\IQErMPi.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\PJkfsxm.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\cBJjQPK.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\MUPbNBA.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\xLmPiGN.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\okuPxWB.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\sAZtZqc.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\jDXUNoS.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\qtMVmbY.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\sjteplT.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\ZdWjcjP.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\SxfxmmD.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\cZEwgNp.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\OowyVzX.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\XYniZKO.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\LppoiHn.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\UicNxna.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\jLpvFYz.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\LQMpbWH.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\QvfSmZK.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\AWtYFoV.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\nPXvjwW.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\cepIhoZ.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\ZqRZqDE.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\HGOcANM.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\TOmoaEQ.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\HfsxXdz.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\HAisQNY.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\ceMxVMF.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\NPxSbwA.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\nlDueOD.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\omMDQgI.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\DflbTAa.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\dbtqvEk.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\QVlKqeE.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\LfWiMNx.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\wRXbkfv.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\oMCXnfr.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\iGzUudw.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\olvmNZt.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\VCTWRam.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\wYLYjeZ.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\cpVZBNU.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\AZhdKiN.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\pJsUvAY.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\SGAJARo.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\mficwPu.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\NhNOcnL.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\vnwbrXi.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\CBZSlOz.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\dDYMEMM.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\SyFJMCj.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\JhiuUNc.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\zmMQGqC.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\HbdxrMV.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\qKSoJYg.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
File created	C:\Windows\System\MiWAAZH.exe	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13620	dwm.exe
Token: SeChangeNotifyPrivilege	13620	dwm.exe
Token: 33	13620	dwm.exe
Token: SeIncBasePriorityPrivilege	13620	dwm.exe
Token: SeShutdownPrivilege	13620	dwm.exe
Token: SeCreatePagefilePrivilege	13620	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 3764	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	83
PID 4276 wrote to memory of 3764	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	83
PID 4276 wrote to memory of 4148	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	84
PID 4276 wrote to memory of 4148	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	84
PID 4276 wrote to memory of 1084	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	85
PID 4276 wrote to memory of 1084	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	85
PID 4276 wrote to memory of 3712	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	86
PID 4276 wrote to memory of 3712	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	86
PID 4276 wrote to memory of 1328	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	87
PID 4276 wrote to memory of 1328	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	87
PID 4276 wrote to memory of 4956	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	88
PID 4276 wrote to memory of 4956	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	88
PID 4276 wrote to memory of 2676	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	89
PID 4276 wrote to memory of 2676	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	89
PID 4276 wrote to memory of 4412	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	90
PID 4276 wrote to memory of 4412	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	90
PID 4276 wrote to memory of 60	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	91
PID 4276 wrote to memory of 60	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	91
PID 4276 wrote to memory of 2036	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	92
PID 4276 wrote to memory of 2036	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	92
PID 4276 wrote to memory of 3600	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	93
PID 4276 wrote to memory of 3600	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	93
PID 4276 wrote to memory of 532	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	94
PID 4276 wrote to memory of 532	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	94
PID 4276 wrote to memory of 1664	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	95
PID 4276 wrote to memory of 1664	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	95
PID 4276 wrote to memory of 4656	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	96
PID 4276 wrote to memory of 4656	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	96
PID 4276 wrote to memory of 5036	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	97
PID 4276 wrote to memory of 5036	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	97
PID 4276 wrote to memory of 1512	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	98
PID 4276 wrote to memory of 1512	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	98
PID 4276 wrote to memory of 4684	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	99
PID 4276 wrote to memory of 4684	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	99
PID 4276 wrote to memory of 2292	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	100
PID 4276 wrote to memory of 2292	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	100
PID 4276 wrote to memory of 4792	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	101
PID 4276 wrote to memory of 4792	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	101
PID 4276 wrote to memory of 2884	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	102
PID 4276 wrote to memory of 2884	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	102
PID 4276 wrote to memory of 2348	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	103
PID 4276 wrote to memory of 2348	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	103
PID 4276 wrote to memory of 3640	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	104
PID 4276 wrote to memory of 3640	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	104
PID 4276 wrote to memory of 4204	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	105
PID 4276 wrote to memory of 4204	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	105
PID 4276 wrote to memory of 4324	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	106
PID 4276 wrote to memory of 4324	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	106
PID 4276 wrote to memory of 2944	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	107
PID 4276 wrote to memory of 2944	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	107
PID 4276 wrote to memory of 3792	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	108
PID 4276 wrote to memory of 3792	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	108
PID 4276 wrote to memory of 3520	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	109
PID 4276 wrote to memory of 3520	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	109
PID 4276 wrote to memory of 1580	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	110
PID 4276 wrote to memory of 1580	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	110
PID 4276 wrote to memory of 1848	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	111
PID 4276 wrote to memory of 1848	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	111
PID 4276 wrote to memory of 3336	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	112
PID 4276 wrote to memory of 3336	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	112
PID 4276 wrote to memory of 2384	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	113
PID 4276 wrote to memory of 2384	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	113
PID 4276 wrote to memory of 4764	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	114
PID 4276 wrote to memory of 4764	4276	118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe	114

C:\Users\Admin\AppData\Local\Temp\118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe
"C:\Users\Admin\AppData\Local\Temp\118e3818e146337d9ab108855bed7f041da2891ecaa2dce02866677b8078a4c8.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Windows\System\JtFSSUr.exe
  C:\Windows\System\JtFSSUr.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\KGTdKsH.exe
  C:\Windows\System\KGTdKsH.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\eTBWcog.exe
  C:\Windows\System\eTBWcog.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\cGeegvB.exe
  C:\Windows\System\cGeegvB.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\eQQhNKS.exe
  C:\Windows\System\eQQhNKS.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\fiuIIbK.exe
  C:\Windows\System\fiuIIbK.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\uxEJToc.exe
  C:\Windows\System\uxEJToc.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\mryVObP.exe
  C:\Windows\System\mryVObP.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\sAZtZqc.exe
  C:\Windows\System\sAZtZqc.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\aAEPtmP.exe
  C:\Windows\System\aAEPtmP.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\GgjiVew.exe
  C:\Windows\System\GgjiVew.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\kYAtQwe.exe
  C:\Windows\System\kYAtQwe.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\jDXUNoS.exe
  C:\Windows\System\jDXUNoS.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\xRrFEoL.exe
  C:\Windows\System\xRrFEoL.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\oclgeRP.exe
  C:\Windows\System\oclgeRP.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\BPKyJrD.exe
  C:\Windows\System\BPKyJrD.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\YHpRbZf.exe
  C:\Windows\System\YHpRbZf.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\avaMcXl.exe
  C:\Windows\System\avaMcXl.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\zyHoXeh.exe
  C:\Windows\System\zyHoXeh.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\NEkAIdC.exe
  C:\Windows\System\NEkAIdC.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\RnKkjYL.exe
  C:\Windows\System\RnKkjYL.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\NhNOcnL.exe
  C:\Windows\System\NhNOcnL.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\IXRMFzu.exe
  C:\Windows\System\IXRMFzu.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\OwcUyLF.exe
  C:\Windows\System\OwcUyLF.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\LdUrKQW.exe
  C:\Windows\System\LdUrKQW.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\mnhuAZp.exe
  C:\Windows\System\mnhuAZp.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\sZQngxU.exe
  C:\Windows\System\sZQngxU.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\IeGjlAS.exe
  C:\Windows\System\IeGjlAS.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\nboYHOo.exe
  C:\Windows\System\nboYHOo.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\QksLGAs.exe
  C:\Windows\System\QksLGAs.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\EGEWuWN.exe
  C:\Windows\System\EGEWuWN.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\qtfLVpq.exe
  C:\Windows\System\qtfLVpq.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\MEOCTFi.exe
  C:\Windows\System\MEOCTFi.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\CkMqUxW.exe
  C:\Windows\System\CkMqUxW.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\OeTEpFU.exe
  C:\Windows\System\OeTEpFU.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\jkOogHl.exe
  C:\Windows\System\jkOogHl.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\AXeRCyz.exe
  C:\Windows\System\AXeRCyz.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\jubhvzN.exe
  C:\Windows\System\jubhvzN.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\UwwAfpN.exe
  C:\Windows\System\UwwAfpN.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\GFCtPTl.exe
  C:\Windows\System\GFCtPTl.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\DrVnetH.exe
  C:\Windows\System\DrVnetH.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\RLtQNCc.exe
  C:\Windows\System\RLtQNCc.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\XWgfwiw.exe
  C:\Windows\System\XWgfwiw.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\IsHAUYR.exe
  C:\Windows\System\IsHAUYR.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\vqusmXf.exe
  C:\Windows\System\vqusmXf.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\UffwzfW.exe
  C:\Windows\System\UffwzfW.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\IBbnAmu.exe
  C:\Windows\System\IBbnAmu.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\QFSriSP.exe
  C:\Windows\System\QFSriSP.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\bmXBTcs.exe
  C:\Windows\System\bmXBTcs.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\mXuyEYz.exe
  C:\Windows\System\mXuyEYz.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\oNljwsZ.exe
  C:\Windows\System\oNljwsZ.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\qHCEFYy.exe
  C:\Windows\System\qHCEFYy.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\hCSdeGD.exe
  C:\Windows\System\hCSdeGD.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\QaEfjdw.exe
  C:\Windows\System\QaEfjdw.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\bHPuFkX.exe
  C:\Windows\System\bHPuFkX.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\mkadjHX.exe
  C:\Windows\System\mkadjHX.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\IFwlowe.exe
  C:\Windows\System\IFwlowe.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\MJbDoPo.exe
  C:\Windows\System\MJbDoPo.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\XmapBGX.exe
  C:\Windows\System\XmapBGX.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\HyoPnqS.exe
  C:\Windows\System\HyoPnqS.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\qXaMnBg.exe
  C:\Windows\System\qXaMnBg.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\McqdRny.exe
  C:\Windows\System\McqdRny.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\UPfFbgn.exe
  C:\Windows\System\UPfFbgn.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\juwCEGJ.exe
  C:\Windows\System\juwCEGJ.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\oMCXnfr.exe
  C:\Windows\System\oMCXnfr.exe
  2⤵
  PID:3312
- C:\Windows\System\WzzFVig.exe
  C:\Windows\System\WzzFVig.exe
  2⤵
  PID:3100
- C:\Windows\System\DaHnIoH.exe
  C:\Windows\System\DaHnIoH.exe
  2⤵
  PID:4488
- C:\Windows\System\EadIgFH.exe
  C:\Windows\System\EadIgFH.exe
  2⤵
  PID:1784
- C:\Windows\System\khlaELG.exe
  C:\Windows\System\khlaELG.exe
  2⤵
  PID:2976
- C:\Windows\System\jjADKAj.exe
  C:\Windows\System\jjADKAj.exe
  2⤵
  PID:4256
- C:\Windows\System\iGzUudw.exe
  C:\Windows\System\iGzUudw.exe
  2⤵
  PID:2464
- C:\Windows\System\dilSNCu.exe
  C:\Windows\System\dilSNCu.exe
  2⤵
  PID:2616
- C:\Windows\System\wMKWDxC.exe
  C:\Windows\System\wMKWDxC.exe
  2⤵
  PID:3296
- C:\Windows\System\ismXXxT.exe
  C:\Windows\System\ismXXxT.exe
  2⤵
  PID:4672
- C:\Windows\System\zhpxlSV.exe
  C:\Windows\System\zhpxlSV.exe
  2⤵
  PID:3208
- C:\Windows\System\ALEpbjJ.exe
  C:\Windows\System\ALEpbjJ.exe
  2⤵
  PID:4304
- C:\Windows\System\LxHeGcz.exe
  C:\Windows\System\LxHeGcz.exe
  2⤵
  PID:3784
- C:\Windows\System\JbIyeIw.exe
  C:\Windows\System\JbIyeIw.exe
  2⤵
  PID:2180
- C:\Windows\System\UgWCDBd.exe
  C:\Windows\System\UgWCDBd.exe
  2⤵
  PID:1952
- C:\Windows\System\LZMbBnZ.exe
  C:\Windows\System\LZMbBnZ.exe
  2⤵
  PID:1936
- C:\Windows\System\ZjusNia.exe
  C:\Windows\System\ZjusNia.exe
  2⤵
  PID:4896
- C:\Windows\System\XRhUdXz.exe
  C:\Windows\System\XRhUdXz.exe
  2⤵
  PID:1616
- C:\Windows\System\zNOOhmX.exe
  C:\Windows\System\zNOOhmX.exe
  2⤵
  PID:2240
- C:\Windows\System\qgSfLeJ.exe
  C:\Windows\System\qgSfLeJ.exe
  2⤵
  PID:4900
- C:\Windows\System\utVKdOA.exe
  C:\Windows\System\utVKdOA.exe
  2⤵
  PID:2252
- C:\Windows\System\XkMbshe.exe
  C:\Windows\System\XkMbshe.exe
  2⤵
  PID:3652
- C:\Windows\System\YNlCujG.exe
  C:\Windows\System\YNlCujG.exe
  2⤵
  PID:3184
- C:\Windows\System\aMyMVVC.exe
  C:\Windows\System\aMyMVVC.exe
  2⤵
  PID:5148
- C:\Windows\System\KLqftNX.exe
  C:\Windows\System\KLqftNX.exe
  2⤵
  PID:5172
- C:\Windows\System\QrqeWpf.exe
  C:\Windows\System\QrqeWpf.exe
  2⤵
  PID:5196
- C:\Windows\System\HEGpYAM.exe
  C:\Windows\System\HEGpYAM.exe
  2⤵
  PID:5228
- C:\Windows\System\UniKTlZ.exe
  C:\Windows\System\UniKTlZ.exe
  2⤵
  PID:5256
- C:\Windows\System\IKUQHcz.exe
  C:\Windows\System\IKUQHcz.exe
  2⤵
  PID:5284
- C:\Windows\System\LkLIaGJ.exe
  C:\Windows\System\LkLIaGJ.exe
  2⤵
  PID:5312
- C:\Windows\System\lcJZwvT.exe
  C:\Windows\System\lcJZwvT.exe
  2⤵
  PID:5340
- C:\Windows\System\HbSOEzt.exe
  C:\Windows\System\HbSOEzt.exe
  2⤵
  PID:5368
- C:\Windows\System\hnNSwdW.exe
  C:\Windows\System\hnNSwdW.exe
  2⤵
  PID:5396
- C:\Windows\System\OPpnjBY.exe
  C:\Windows\System\OPpnjBY.exe
  2⤵
  PID:5424
- C:\Windows\System\XvdlWAI.exe
  C:\Windows\System\XvdlWAI.exe
  2⤵
  PID:5460
- C:\Windows\System\CosaTrz.exe
  C:\Windows\System\CosaTrz.exe
  2⤵
  PID:5480
- C:\Windows\System\DflbTAa.exe
  C:\Windows\System\DflbTAa.exe
  2⤵
  PID:5508
- C:\Windows\System\hhRHulG.exe
  C:\Windows\System\hhRHulG.exe
  2⤵
  PID:5536
- C:\Windows\System\BrsYXyH.exe
  C:\Windows\System\BrsYXyH.exe
  2⤵
  PID:5564
- C:\Windows\System\eKNigIZ.exe
  C:\Windows\System\eKNigIZ.exe
  2⤵
  PID:5592
- C:\Windows\System\revFpeT.exe
  C:\Windows\System\revFpeT.exe
  2⤵
  PID:5616
- C:\Windows\System\TfNaRbX.exe
  C:\Windows\System\TfNaRbX.exe
  2⤵
  PID:5648
- C:\Windows\System\tScojOU.exe
  C:\Windows\System\tScojOU.exe
  2⤵
  PID:5676
- C:\Windows\System\NZrNpqq.exe
  C:\Windows\System\NZrNpqq.exe
  2⤵
  PID:5704
- C:\Windows\System\TImhjBR.exe
  C:\Windows\System\TImhjBR.exe
  2⤵
  PID:5732
- C:\Windows\System\cwJbbet.exe
  C:\Windows\System\cwJbbet.exe
  2⤵
  PID:5756
- C:\Windows\System\CRCHdWN.exe
  C:\Windows\System\CRCHdWN.exe
  2⤵
  PID:5784
- C:\Windows\System\KKJlNfN.exe
  C:\Windows\System\KKJlNfN.exe
  2⤵
  PID:5812
- C:\Windows\System\qajfEmY.exe
  C:\Windows\System\qajfEmY.exe
  2⤵
  PID:5844
- C:\Windows\System\vblpzKW.exe
  C:\Windows\System\vblpzKW.exe
  2⤵
  PID:5872
- C:\Windows\System\jVfFnHw.exe
  C:\Windows\System\jVfFnHw.exe
  2⤵
  PID:5900
- C:\Windows\System\tqbyLLZ.exe
  C:\Windows\System\tqbyLLZ.exe
  2⤵
  PID:5928
- C:\Windows\System\QvfSmZK.exe
  C:\Windows\System\QvfSmZK.exe
  2⤵
  PID:5956
- C:\Windows\System\lJlrKYE.exe
  C:\Windows\System\lJlrKYE.exe
  2⤵
  PID:5984
- C:\Windows\System\zpkNnAI.exe
  C:\Windows\System\zpkNnAI.exe
  2⤵
  PID:6012
- C:\Windows\System\qtMVmbY.exe
  C:\Windows\System\qtMVmbY.exe
  2⤵
  PID:6040
- C:\Windows\System\olvmNZt.exe
  C:\Windows\System\olvmNZt.exe
  2⤵
  PID:6064
- C:\Windows\System\XYniZKO.exe
  C:\Windows\System\XYniZKO.exe
  2⤵
  PID:6092
- C:\Windows\System\rkKtrZS.exe
  C:\Windows\System\rkKtrZS.exe
  2⤵
  PID:6124
- C:\Windows\System\IlpPmTb.exe
  C:\Windows\System\IlpPmTb.exe
  2⤵
  PID:2404
- C:\Windows\System\HAisQNY.exe
  C:\Windows\System\HAisQNY.exe
  2⤵
  PID:4088
- C:\Windows\System\XDKvOUJ.exe
  C:\Windows\System\XDKvOUJ.exe
  2⤵
  PID:1356
- C:\Windows\System\MATPUmx.exe
  C:\Windows\System\MATPUmx.exe
  2⤵
  PID:4336
- C:\Windows\System\OkCfNgc.exe
  C:\Windows\System\OkCfNgc.exe
  2⤵
  PID:3228
- C:\Windows\System\MLEqIEX.exe
  C:\Windows\System\MLEqIEX.exe
  2⤵
  PID:5136
- C:\Windows\System\ufclUlk.exe
  C:\Windows\System\ufclUlk.exe
  2⤵
  PID:5188
- C:\Windows\System\vRFMSdU.exe
  C:\Windows\System\vRFMSdU.exe
  2⤵
  PID:5244
- C:\Windows\System\ezrUDNR.exe
  C:\Windows\System\ezrUDNR.exe
  2⤵
  PID:5304
- C:\Windows\System\JhiuUNc.exe
  C:\Windows\System\JhiuUNc.exe
  2⤵
  PID:1764
- C:\Windows\System\sihggvf.exe
  C:\Windows\System\sihggvf.exe
  2⤵
  PID:5416
- C:\Windows\System\kvDNwOr.exe
  C:\Windows\System\kvDNwOr.exe
  2⤵
  PID:5492
- C:\Windows\System\gsQraFO.exe
  C:\Windows\System\gsQraFO.exe
  2⤵
  PID:5604
- C:\Windows\System\EZstPqL.exe
  C:\Windows\System\EZstPqL.exe
  2⤵
  PID:5668
- C:\Windows\System\NXbUaOo.exe
  C:\Windows\System\NXbUaOo.exe
  2⤵
  PID:5724
- C:\Windows\System\LYAQySc.exe
  C:\Windows\System\LYAQySc.exe
  2⤵
  PID:5772
- C:\Windows\System\jLRiihc.exe
  C:\Windows\System\jLRiihc.exe
  2⤵
  PID:5860
- C:\Windows\System\HBIWYkX.exe
  C:\Windows\System\HBIWYkX.exe
  2⤵
  PID:5940
- C:\Windows\System\SiXCkaB.exe
  C:\Windows\System\SiXCkaB.exe
  2⤵
  PID:5972
- C:\Windows\System\sNIUQqs.exe
  C:\Windows\System\sNIUQqs.exe
  2⤵
  PID:6024
- C:\Windows\System\rdxfXUW.exe
  C:\Windows\System\rdxfXUW.exe
  2⤵
  PID:6052
- C:\Windows\System\vYShaVl.exe
  C:\Windows\System\vYShaVl.exe
  2⤵
  PID:2540
- C:\Windows\System\vrtqcQU.exe
  C:\Windows\System\vrtqcQU.exe
  2⤵
  PID:6112
- C:\Windows\System\WnlQQMs.exe
  C:\Windows\System\WnlQQMs.exe
  2⤵
  PID:3204
- C:\Windows\System\MLCHNio.exe
  C:\Windows\System\MLCHNio.exe
  2⤵
  PID:1176
- C:\Windows\System\XKUMDiS.exe
  C:\Windows\System\XKUMDiS.exe
  2⤵
  PID:3548
- C:\Windows\System\GkdqXWG.exe
  C:\Windows\System\GkdqXWG.exe
  2⤵
  PID:3960
- C:\Windows\System\NVLTSmd.exe
  C:\Windows\System\NVLTSmd.exe
  2⤵
  PID:1364
- C:\Windows\System\ZLbANqI.exe
  C:\Windows\System\ZLbANqI.exe
  2⤵
  PID:5216
- C:\Windows\System\miKJsYZ.exe
  C:\Windows\System\miKJsYZ.exe
  2⤵
  PID:1188
- C:\Windows\System\hhEOpwY.exe
  C:\Windows\System\hhEOpwY.exe
  2⤵
  PID:5332
- C:\Windows\System\AWtYFoV.exe
  C:\Windows\System\AWtYFoV.exe
  2⤵
  PID:4316
- C:\Windows\System\tktPjdc.exe
  C:\Windows\System\tktPjdc.exe
  2⤵
  PID:5748
- C:\Windows\System\UQnYRSf.exe
  C:\Windows\System\UQnYRSf.exe
  2⤵
  PID:5996
- C:\Windows\System\LdQLhja.exe
  C:\Windows\System\LdQLhja.exe
  2⤵
  PID:2264
- C:\Windows\System\UBcyFWp.exe
  C:\Windows\System\UBcyFWp.exe
  2⤵
  PID:4752
- C:\Windows\System\fBiNoVG.exe
  C:\Windows\System\fBiNoVG.exe
  2⤵
  PID:4736
- C:\Windows\System\nPXvjwW.exe
  C:\Windows\System\nPXvjwW.exe
  2⤵
  PID:452
- C:\Windows\System\pIdefmA.exe
  C:\Windows\System\pIdefmA.exe
  2⤵
  PID:1876
- C:\Windows\System\zrLtcQC.exe
  C:\Windows\System\zrLtcQC.exe
  2⤵
  PID:4876
- C:\Windows\System\OxZNigx.exe
  C:\Windows\System\OxZNigx.exe
  2⤵
  PID:5272
- C:\Windows\System\RqblGrf.exe
  C:\Windows\System\RqblGrf.exe
  2⤵
  PID:5408
- C:\Windows\System\VHsmXWf.exe
  C:\Windows\System\VHsmXWf.exe
  2⤵
  PID:1124
- C:\Windows\System\HetmzZE.exe
  C:\Windows\System\HetmzZE.exe
  2⤵
  PID:3192
- C:\Windows\System\gMHrdqX.exe
  C:\Windows\System\gMHrdqX.exe
  2⤵
  PID:2468
- C:\Windows\System\cByITva.exe
  C:\Windows\System\cByITva.exe
  2⤵
  PID:404
- C:\Windows\System\ciJMiog.exe
  C:\Windows\System\ciJMiog.exe
  2⤵
  PID:3484
- C:\Windows\System\LppoiHn.exe
  C:\Windows\System\LppoiHn.exe
  2⤵
  PID:5912
- C:\Windows\System\gTpIZHT.exe
  C:\Windows\System\gTpIZHT.exe
  2⤵
  PID:5080
- C:\Windows\System\aWDimgR.exe
  C:\Windows\System\aWDimgR.exe
  2⤵
  PID:528
- C:\Windows\System\qJSDFnM.exe
  C:\Windows\System\qJSDFnM.exe
  2⤵
  PID:5968
- C:\Windows\System\qyoBApj.exe
  C:\Windows\System\qyoBApj.exe
  2⤵
  PID:3340
- C:\Windows\System\cepIhoZ.exe
  C:\Windows\System\cepIhoZ.exe
  2⤵
  PID:4928
- C:\Windows\System\rHRHpan.exe
  C:\Windows\System\rHRHpan.exe
  2⤵
  PID:5716
- C:\Windows\System\qthIiRI.exe
  C:\Windows\System\qthIiRI.exe
  2⤵
  PID:1480
- C:\Windows\System\iUOHejK.exe
  C:\Windows\System\iUOHejK.exe
  2⤵
  PID:6204
- C:\Windows\System\WKLNcRk.exe
  C:\Windows\System\WKLNcRk.exe
  2⤵
  PID:6256
- C:\Windows\System\jXMNfFo.exe
  C:\Windows\System\jXMNfFo.exe
  2⤵
  PID:6272
- C:\Windows\System\zFVFpbs.exe
  C:\Windows\System\zFVFpbs.exe
  2⤵
  PID:6296
- C:\Windows\System\VCTWRam.exe
  C:\Windows\System\VCTWRam.exe
  2⤵
  PID:6316
- C:\Windows\System\ZqRZqDE.exe
  C:\Windows\System\ZqRZqDE.exe
  2⤵
  PID:6336
- C:\Windows\System\ceMxVMF.exe
  C:\Windows\System\ceMxVMF.exe
  2⤵
  PID:6356
- C:\Windows\System\qNLkjqB.exe
  C:\Windows\System\qNLkjqB.exe
  2⤵
  PID:6380
- C:\Windows\System\uyjuzBP.exe
  C:\Windows\System\uyjuzBP.exe
  2⤵
  PID:6404
- C:\Windows\System\WtRxQmo.exe
  C:\Windows\System\WtRxQmo.exe
  2⤵
  PID:6424
- C:\Windows\System\TPpYCWi.exe
  C:\Windows\System\TPpYCWi.exe
  2⤵
  PID:6472
- C:\Windows\System\IKYzTMI.exe
  C:\Windows\System\IKYzTMI.exe
  2⤵
  PID:6504
- C:\Windows\System\OTBHxbK.exe
  C:\Windows\System\OTBHxbK.exe
  2⤵
  PID:6524
- C:\Windows\System\rxDksaM.exe
  C:\Windows\System\rxDksaM.exe
  2⤵
  PID:6552
- C:\Windows\System\NPxSbwA.exe
  C:\Windows\System\NPxSbwA.exe
  2⤵
  PID:6576
- C:\Windows\System\QVIRJsV.exe
  C:\Windows\System\QVIRJsV.exe
  2⤵
  PID:6592
- C:\Windows\System\CtbJNrE.exe
  C:\Windows\System\CtbJNrE.exe
  2⤵
  PID:6616
- C:\Windows\System\sAXiZEM.exe
  C:\Windows\System\sAXiZEM.exe
  2⤵
  PID:6636
- C:\Windows\System\ZLKtJEJ.exe
  C:\Windows\System\ZLKtJEJ.exe
  2⤵
  PID:6684
- C:\Windows\System\zNPeOuw.exe
  C:\Windows\System\zNPeOuw.exe
  2⤵
  PID:6700
- C:\Windows\System\zJaHJdL.exe
  C:\Windows\System\zJaHJdL.exe
  2⤵
  PID:6736
- C:\Windows\System\KwTnkRV.exe
  C:\Windows\System\KwTnkRV.exe
  2⤵
  PID:6760
- C:\Windows\System\WiZtbJJ.exe
  C:\Windows\System\WiZtbJJ.exe
  2⤵
  PID:6804
- C:\Windows\System\UpdfKPw.exe
  C:\Windows\System\UpdfKPw.exe
  2⤵
  PID:6824
- C:\Windows\System\hezKXDN.exe
  C:\Windows\System\hezKXDN.exe
  2⤵
  PID:6876
- C:\Windows\System\yLwNQZP.exe
  C:\Windows\System\yLwNQZP.exe
  2⤵
  PID:6904
- C:\Windows\System\BLIDLdI.exe
  C:\Windows\System\BLIDLdI.exe
  2⤵
  PID:6928
- C:\Windows\System\cBJjQPK.exe
  C:\Windows\System\cBJjQPK.exe
  2⤵
  PID:6952
- C:\Windows\System\WmVdDjT.exe
  C:\Windows\System\WmVdDjT.exe
  2⤵
  PID:6972
- C:\Windows\System\ONnoGqh.exe
  C:\Windows\System\ONnoGqh.exe
  2⤵
  PID:6992
- C:\Windows\System\qxLoSTB.exe
  C:\Windows\System\qxLoSTB.exe
  2⤵
  PID:7012
- C:\Windows\System\DHhtcWb.exe
  C:\Windows\System\DHhtcWb.exe
  2⤵
  PID:7044
- C:\Windows\System\UQQZgSP.exe
  C:\Windows\System\UQQZgSP.exe
  2⤵
  PID:7128
- C:\Windows\System\jkJeKhY.exe
  C:\Windows\System\jkJeKhY.exe
  2⤵
  PID:7148
- C:\Windows\System\nlDueOD.exe
  C:\Windows\System\nlDueOD.exe
  2⤵
  PID:7164
- C:\Windows\System\XIYvYWq.exe
  C:\Windows\System\XIYvYWq.exe
  2⤵
  PID:3780
- C:\Windows\System\DpcYhsN.exe
  C:\Windows\System\DpcYhsN.exe
  2⤵
  PID:6200
- C:\Windows\System\ElNPelY.exe
  C:\Windows\System\ElNPelY.exe
  2⤵
  PID:6308
- C:\Windows\System\rWhFlrm.exe
  C:\Windows\System\rWhFlrm.exe
  2⤵
  PID:6364
- C:\Windows\System\iFyaRNe.exe
  C:\Windows\System\iFyaRNe.exe
  2⤵
  PID:6416
- C:\Windows\System\BncKbct.exe
  C:\Windows\System\BncKbct.exe
  2⤵
  PID:6452
- C:\Windows\System\QqymfkP.exe
  C:\Windows\System\QqymfkP.exe
  2⤵
  PID:6568
- C:\Windows\System\bMzbHZS.exe
  C:\Windows\System\bMzbHZS.exe
  2⤵
  PID:6560
- C:\Windows\System\hKnbjyD.exe
  C:\Windows\System\hKnbjyD.exe
  2⤵
  PID:6756
- C:\Windows\System\MMBdBZS.exe
  C:\Windows\System\MMBdBZS.exe
  2⤵
  PID:6732
- C:\Windows\System\KNmjdnS.exe
  C:\Windows\System\KNmjdnS.exe
  2⤵
  PID:6800
- C:\Windows\System\PXLDvxr.exe
  C:\Windows\System\PXLDvxr.exe
  2⤵
  PID:6900
- C:\Windows\System\DrOWxoX.exe
  C:\Windows\System\DrOWxoX.exe
  2⤵
  PID:6936
- C:\Windows\System\ZJBSocu.exe
  C:\Windows\System\ZJBSocu.exe
  2⤵
  PID:7008
- C:\Windows\System\MzQFnZk.exe
  C:\Windows\System\MzQFnZk.exe
  2⤵
  PID:7136
- C:\Windows\System\rAKXOGK.exe
  C:\Windows\System\rAKXOGK.exe
  2⤵
  PID:7124
- C:\Windows\System\ybpHcKU.exe
  C:\Windows\System\ybpHcKU.exe
  2⤵
  PID:6288
- C:\Windows\System\rrxRCYm.exe
  C:\Windows\System\rrxRCYm.exe
  2⤵
  PID:6412
- C:\Windows\System\JGCYLMP.exe
  C:\Windows\System\JGCYLMP.exe
  2⤵
  PID:6516
- C:\Windows\System\KAoNYKu.exe
  C:\Windows\System\KAoNYKu.exe
  2⤵
  PID:6696
- C:\Windows\System\sjteplT.exe
  C:\Windows\System\sjteplT.exe
  2⤵
  PID:6960
- C:\Windows\System\LiaYuYz.exe
  C:\Windows\System\LiaYuYz.exe
  2⤵
  PID:6912
- C:\Windows\System\gJicNWY.exe
  C:\Windows\System\gJicNWY.exe
  2⤵
  PID:6392
- C:\Windows\System\kOEqacr.exe
  C:\Windows\System\kOEqacr.exe
  2⤵
  PID:6600
- C:\Windows\System\hOgFHzn.exe
  C:\Windows\System\hOgFHzn.exe
  2⤵
  PID:6796
- C:\Windows\System\qwQYnDm.exe
  C:\Windows\System\qwQYnDm.exe
  2⤵
  PID:7076
- C:\Windows\System\NhheqeD.exe
  C:\Windows\System\NhheqeD.exe
  2⤵
  PID:6820
- C:\Windows\System\QMCMRdq.exe
  C:\Windows\System\QMCMRdq.exe
  2⤵
  PID:7068
- C:\Windows\System\ZuJirFE.exe
  C:\Windows\System\ZuJirFE.exe
  2⤵
  PID:7192
- C:\Windows\System\nOpAnDm.exe
  C:\Windows\System\nOpAnDm.exe
  2⤵
  PID:7212
- C:\Windows\System\frseNRT.exe
  C:\Windows\System\frseNRT.exe
  2⤵
  PID:7240
- C:\Windows\System\cpVZBNU.exe
  C:\Windows\System\cpVZBNU.exe
  2⤵
  PID:7304
- C:\Windows\System\eZvMaIc.exe
  C:\Windows\System\eZvMaIc.exe
  2⤵
  PID:7336
- C:\Windows\System\vJFFpnr.exe
  C:\Windows\System\vJFFpnr.exe
  2⤵
  PID:7368
- C:\Windows\System\DdcMUAt.exe
  C:\Windows\System\DdcMUAt.exe
  2⤵
  PID:7384
- C:\Windows\System\mYQRAtt.exe
  C:\Windows\System\mYQRAtt.exe
  2⤵
  PID:7412
- C:\Windows\System\Ahfxebq.exe
  C:\Windows\System\Ahfxebq.exe
  2⤵
  PID:7432
- C:\Windows\System\oekyPpV.exe
  C:\Windows\System\oekyPpV.exe
  2⤵
  PID:7456
- C:\Windows\System\VhDxdEV.exe
  C:\Windows\System\VhDxdEV.exe
  2⤵
  PID:7504
- C:\Windows\System\ewlrZIJ.exe
  C:\Windows\System\ewlrZIJ.exe
  2⤵
  PID:7528
- C:\Windows\System\misguHk.exe
  C:\Windows\System\misguHk.exe
  2⤵
  PID:7544
- C:\Windows\System\IRFNkDI.exe
  C:\Windows\System\IRFNkDI.exe
  2⤵
  PID:7568
- C:\Windows\System\QERojVD.exe
  C:\Windows\System\QERojVD.exe
  2⤵
  PID:7612
- C:\Windows\System\TrkoCzE.exe
  C:\Windows\System\TrkoCzE.exe
  2⤵
  PID:7644
- C:\Windows\System\RuFIXQJ.exe
  C:\Windows\System\RuFIXQJ.exe
  2⤵
  PID:7660
- C:\Windows\System\hVZJFmZ.exe
  C:\Windows\System\hVZJFmZ.exe
  2⤵
  PID:7676
- C:\Windows\System\gCFuGCK.exe
  C:\Windows\System\gCFuGCK.exe
  2⤵
  PID:7724
- C:\Windows\System\slHVoHv.exe
  C:\Windows\System\slHVoHv.exe
  2⤵
  PID:7740
- C:\Windows\System\mYUOWGh.exe
  C:\Windows\System\mYUOWGh.exe
  2⤵
  PID:7764
- C:\Windows\System\jjrfRKC.exe
  C:\Windows\System\jjrfRKC.exe
  2⤵
  PID:7808
- C:\Windows\System\SLuMPaS.exe
  C:\Windows\System\SLuMPaS.exe
  2⤵
  PID:7832
- C:\Windows\System\JkIjmof.exe
  C:\Windows\System\JkIjmof.exe
  2⤵
  PID:7848
- C:\Windows\System\ZSDPvta.exe
  C:\Windows\System\ZSDPvta.exe
  2⤵
  PID:7868
- C:\Windows\System\TuKsKhw.exe
  C:\Windows\System\TuKsKhw.exe
  2⤵
  PID:7896
- C:\Windows\System\SrGSUcO.exe
  C:\Windows\System\SrGSUcO.exe
  2⤵
  PID:7924
- C:\Windows\System\LVtbjHP.exe
  C:\Windows\System\LVtbjHP.exe
  2⤵
  PID:7952
- C:\Windows\System\XBweXGb.exe
  C:\Windows\System\XBweXGb.exe
  2⤵
  PID:7972
- C:\Windows\System\pYQDhme.exe
  C:\Windows\System\pYQDhme.exe
  2⤵
  PID:8000
- C:\Windows\System\JWJjRAu.exe
  C:\Windows\System\JWJjRAu.exe
  2⤵
  PID:8020
- C:\Windows\System\WeScCPE.exe
  C:\Windows\System\WeScCPE.exe
  2⤵
  PID:8040
- C:\Windows\System\tVsntUY.exe
  C:\Windows\System\tVsntUY.exe
  2⤵
  PID:8084
- C:\Windows\System\pvvaaUk.exe
  C:\Windows\System\pvvaaUk.exe
  2⤵
  PID:8104
- C:\Windows\System\XdNKWjP.exe
  C:\Windows\System\XdNKWjP.exe
  2⤵
  PID:8140
- C:\Windows\System\KXavPSW.exe
  C:\Windows\System\KXavPSW.exe
  2⤵
  PID:8164
- C:\Windows\System\klVNFlm.exe
  C:\Windows\System\klVNFlm.exe
  2⤵
  PID:7184
- C:\Windows\System\yqSEDEB.exe
  C:\Windows\System\yqSEDEB.exe
  2⤵
  PID:7332
- C:\Windows\System\SWAewcz.exe
  C:\Windows\System\SWAewcz.exe
  2⤵
  PID:7408
- C:\Windows\System\ZaZmOHc.exe
  C:\Windows\System\ZaZmOHc.exe
  2⤵
  PID:7440
- C:\Windows\System\xkAlrez.exe
  C:\Windows\System\xkAlrez.exe
  2⤵
  PID:7496
- C:\Windows\System\EqTkzRH.exe
  C:\Windows\System\EqTkzRH.exe
  2⤵
  PID:7556
- C:\Windows\System\nFhqRmu.exe
  C:\Windows\System\nFhqRmu.exe
  2⤵
  PID:7596
- C:\Windows\System\GLHOrFn.exe
  C:\Windows\System\GLHOrFn.exe
  2⤵
  PID:7696
- C:\Windows\System\DocygMJ.exe
  C:\Windows\System\DocygMJ.exe
  2⤵
  PID:7712
- C:\Windows\System\NzRyYlQ.exe
  C:\Windows\System\NzRyYlQ.exe
  2⤵
  PID:7780
- C:\Windows\System\VjGdvPT.exe
  C:\Windows\System\VjGdvPT.exe
  2⤵
  PID:7816
- C:\Windows\System\foVXhNH.exe
  C:\Windows\System\foVXhNH.exe
  2⤵
  PID:7964
- C:\Windows\System\kWvNrSf.exe
  C:\Windows\System\kWvNrSf.exe
  2⤵
  PID:8028
- C:\Windows\System\zGPCMkR.exe
  C:\Windows\System\zGPCMkR.exe
  2⤵
  PID:8080
- C:\Windows\System\epdbsoS.exe
  C:\Windows\System\epdbsoS.exe
  2⤵
  PID:8132
- C:\Windows\System\sJWYvhc.exe
  C:\Windows\System\sJWYvhc.exe
  2⤵
  PID:8152
- C:\Windows\System\HPxCccF.exe
  C:\Windows\System\HPxCccF.exe
  2⤵
  PID:7268
- C:\Windows\System\fXDiYRg.exe
  C:\Windows\System\fXDiYRg.exe
  2⤵
  PID:7472
- C:\Windows\System\iKGonHJ.exe
  C:\Windows\System\iKGonHJ.exe
  2⤵
  PID:7636
- C:\Windows\System\qcsUEju.exe
  C:\Windows\System\qcsUEju.exe
  2⤵
  PID:7708
- C:\Windows\System\brdDpfo.exe
  C:\Windows\System\brdDpfo.exe
  2⤵
  PID:7892
- C:\Windows\System\XOzoMid.exe
  C:\Windows\System\XOzoMid.exe
  2⤵
  PID:8100
- C:\Windows\System\hEEZbAJ.exe
  C:\Windows\System\hEEZbAJ.exe
  2⤵
  PID:7380
- C:\Windows\System\OIZqiIU.exe
  C:\Windows\System\OIZqiIU.exe
  2⤵
  PID:7640
- C:\Windows\System\opptYWK.exe
  C:\Windows\System\opptYWK.exe
  2⤵
  PID:7932
- C:\Windows\System\DiJxxkh.exe
  C:\Windows\System\DiJxxkh.exe
  2⤵
  PID:8032
- C:\Windows\System\titUAEX.exe
  C:\Windows\System\titUAEX.exe
  2⤵
  PID:7536
- C:\Windows\System\TfAwAvi.exe
  C:\Windows\System\TfAwAvi.exe
  2⤵
  PID:8208
- C:\Windows\System\fqgscOm.exe
  C:\Windows\System\fqgscOm.exe
  2⤵
  PID:8272
- C:\Windows\System\IydtNgw.exe
  C:\Windows\System\IydtNgw.exe
  2⤵
  PID:8308
- C:\Windows\System\mMcxhXL.exe
  C:\Windows\System\mMcxhXL.exe
  2⤵
  PID:8328
- C:\Windows\System\sKqQgGS.exe
  C:\Windows\System\sKqQgGS.exe
  2⤵
  PID:8344
- C:\Windows\System\GSchDgs.exe
  C:\Windows\System\GSchDgs.exe
  2⤵
  PID:8372
- C:\Windows\System\XAsVhvB.exe
  C:\Windows\System\XAsVhvB.exe
  2⤵
  PID:8396
- C:\Windows\System\wHSfjhF.exe
  C:\Windows\System\wHSfjhF.exe
  2⤵
  PID:8452
- C:\Windows\System\EmxvSdd.exe
  C:\Windows\System\EmxvSdd.exe
  2⤵
  PID:8476
- C:\Windows\System\FLneawe.exe
  C:\Windows\System\FLneawe.exe
  2⤵
  PID:8492
- C:\Windows\System\aoJJVDS.exe
  C:\Windows\System\aoJJVDS.exe
  2⤵
  PID:8512
- C:\Windows\System\VyHSmZy.exe
  C:\Windows\System\VyHSmZy.exe
  2⤵
  PID:8564
- C:\Windows\System\oQRCdOj.exe
  C:\Windows\System\oQRCdOj.exe
  2⤵
  PID:8588
- C:\Windows\System\BmGzJdX.exe
  C:\Windows\System\BmGzJdX.exe
  2⤵
  PID:8608
- C:\Windows\System\ctAMjZi.exe
  C:\Windows\System\ctAMjZi.exe
  2⤵
  PID:8636
- C:\Windows\System\sOPLcJr.exe
  C:\Windows\System\sOPLcJr.exe
  2⤵
  PID:8652
- C:\Windows\System\GFdgjEV.exe
  C:\Windows\System\GFdgjEV.exe
  2⤵
  PID:8676
- C:\Windows\System\GSWrqZO.exe
  C:\Windows\System\GSWrqZO.exe
  2⤵
  PID:8716
- C:\Windows\System\ibbFqxV.exe
  C:\Windows\System\ibbFqxV.exe
  2⤵
  PID:8744
- C:\Windows\System\dgVTCWk.exe
  C:\Windows\System\dgVTCWk.exe
  2⤵
  PID:8760
- C:\Windows\System\OwVIjzs.exe
  C:\Windows\System\OwVIjzs.exe
  2⤵
  PID:8780
- C:\Windows\System\OlaPdaW.exe
  C:\Windows\System\OlaPdaW.exe
  2⤵
  PID:8804
- C:\Windows\System\kXylVXC.exe
  C:\Windows\System\kXylVXC.exe
  2⤵
  PID:8828
- C:\Windows\System\GsJgjAl.exe
  C:\Windows\System\GsJgjAl.exe
  2⤵
  PID:8844
- C:\Windows\System\pyVLEMc.exe
  C:\Windows\System\pyVLEMc.exe
  2⤵
  PID:8864
- C:\Windows\System\mFWSyAa.exe
  C:\Windows\System\mFWSyAa.exe
  2⤵
  PID:8892
- C:\Windows\System\tmxVeTy.exe
  C:\Windows\System\tmxVeTy.exe
  2⤵
  PID:8944
- C:\Windows\System\zZKhNxx.exe
  C:\Windows\System\zZKhNxx.exe
  2⤵
  PID:8984
- C:\Windows\System\YUijoZR.exe
  C:\Windows\System\YUijoZR.exe
  2⤵
  PID:9008
- C:\Windows\System\EZyyyIR.exe
  C:\Windows\System\EZyyyIR.exe
  2⤵
  PID:9028
- C:\Windows\System\pWVmfQJ.exe
  C:\Windows\System\pWVmfQJ.exe
  2⤵
  PID:9064
- C:\Windows\System\fPfjyHp.exe
  C:\Windows\System\fPfjyHp.exe
  2⤵
  PID:9092
- C:\Windows\System\bhcaQOU.exe
  C:\Windows\System\bhcaQOU.exe
  2⤵
  PID:9116
- C:\Windows\System\myopUPv.exe
  C:\Windows\System\myopUPv.exe
  2⤵
  PID:9152
- C:\Windows\System\ZdWjcjP.exe
  C:\Windows\System\ZdWjcjP.exe
  2⤵
  PID:9172
- C:\Windows\System\kaUTJbW.exe
  C:\Windows\System\kaUTJbW.exe
  2⤵
  PID:9192
- C:\Windows\System\EHJYVbv.exe
  C:\Windows\System\EHJYVbv.exe
  2⤵
  PID:8012
- C:\Windows\System\zmMQGqC.exe
  C:\Windows\System\zmMQGqC.exe
  2⤵
  PID:8236
- C:\Windows\System\GDOBUrY.exe
  C:\Windows\System\GDOBUrY.exe
  2⤵
  PID:8264
- C:\Windows\System\qpGFEfU.exe
  C:\Windows\System\qpGFEfU.exe
  2⤵
  PID:8336
- C:\Windows\System\UicNxna.exe
  C:\Windows\System\UicNxna.exe
  2⤵
  PID:8384
- C:\Windows\System\MSqIODp.exe
  C:\Windows\System\MSqIODp.exe
  2⤵
  PID:8444
- C:\Windows\System\rsGVLef.exe
  C:\Windows\System\rsGVLef.exe
  2⤵
  PID:8700
- C:\Windows\System\YJqMrCF.exe
  C:\Windows\System\YJqMrCF.exe
  2⤵
  PID:8728
- C:\Windows\System\YNzxTmm.exe
  C:\Windows\System\YNzxTmm.exe
  2⤵
  PID:8816
- C:\Windows\System\fDDJEZa.exe
  C:\Windows\System\fDDJEZa.exe
  2⤵
  PID:8856
- C:\Windows\System\wPCsahe.exe
  C:\Windows\System\wPCsahe.exe
  2⤵
  PID:8888
- C:\Windows\System\ecuCunj.exe
  C:\Windows\System\ecuCunj.exe
  2⤵
  PID:8924
- C:\Windows\System\VpNCaLk.exe
  C:\Windows\System\VpNCaLk.exe
  2⤵
  PID:9036
- C:\Windows\System\EOwrHlS.exe
  C:\Windows\System\EOwrHlS.exe
  2⤵
  PID:9016
- C:\Windows\System\AZhdKiN.exe
  C:\Windows\System\AZhdKiN.exe
  2⤵
  PID:9080
- C:\Windows\System\mgUjMKN.exe
  C:\Windows\System\mgUjMKN.exe
  2⤵
  PID:8228
- C:\Windows\System\EUJNtCT.exe
  C:\Windows\System\EUJNtCT.exe
  2⤵
  PID:8464
- C:\Windows\System\eLfiWFa.exe
  C:\Windows\System\eLfiWFa.exe
  2⤵
  PID:8300
- C:\Windows\System\ZxDolcO.exe
  C:\Windows\System\ZxDolcO.exe
  2⤵
  PID:8540
- C:\Windows\System\hxZfvTZ.exe
  C:\Windows\System\hxZfvTZ.exe
  2⤵
  PID:8756
- C:\Windows\System\CdSwcji.exe
  C:\Windows\System\CdSwcji.exe
  2⤵
  PID:8792
- C:\Windows\System\SVVQyKL.exe
  C:\Windows\System\SVVQyKL.exe
  2⤵
  PID:8932
- C:\Windows\System\VNITepW.exe
  C:\Windows\System\VNITepW.exe
  2⤵
  PID:9128
- C:\Windows\System\msdZpRa.exe
  C:\Windows\System\msdZpRa.exe
  2⤵
  PID:9168
- C:\Windows\System\mdiRUcK.exe
  C:\Windows\System\mdiRUcK.exe
  2⤵
  PID:9020
- C:\Windows\System\ZYQmcYe.exe
  C:\Windows\System\ZYQmcYe.exe
  2⤵
  PID:8752
- C:\Windows\System\etpDmXB.exe
  C:\Windows\System\etpDmXB.exe
  2⤵
  PID:9000
- C:\Windows\System\RqpZonV.exe
  C:\Windows\System\RqpZonV.exe
  2⤵
  PID:9244
- C:\Windows\System\LVdUSra.exe
  C:\Windows\System\LVdUSra.exe
  2⤵
  PID:9268
- C:\Windows\System\ElQaHnr.exe
  C:\Windows\System\ElQaHnr.exe
  2⤵
  PID:9288
- C:\Windows\System\sGEhQaI.exe
  C:\Windows\System\sGEhQaI.exe
  2⤵
  PID:9316
- C:\Windows\System\iGedrda.exe
  C:\Windows\System\iGedrda.exe
  2⤵
  PID:9372
- C:\Windows\System\QmPbxnO.exe
  C:\Windows\System\QmPbxnO.exe
  2⤵
  PID:9392
- C:\Windows\System\jQirGSI.exe
  C:\Windows\System\jQirGSI.exe
  2⤵
  PID:9420
- C:\Windows\System\wXJnwJn.exe
  C:\Windows\System\wXJnwJn.exe
  2⤵
  PID:9440
- C:\Windows\System\UnYxbrT.exe
  C:\Windows\System\UnYxbrT.exe
  2⤵
  PID:9468
- C:\Windows\System\UFVnLwp.exe
  C:\Windows\System\UFVnLwp.exe
  2⤵
  PID:9492
- C:\Windows\System\dQXLzOk.exe
  C:\Windows\System\dQXLzOk.exe
  2⤵
  PID:9512
- C:\Windows\System\qJaUosu.exe
  C:\Windows\System\qJaUosu.exe
  2⤵
  PID:9532
- C:\Windows\System\OcyYdAX.exe
  C:\Windows\System\OcyYdAX.exe
  2⤵
  PID:9588
- C:\Windows\System\JrtYqBP.exe
  C:\Windows\System\JrtYqBP.exe
  2⤵
  PID:9708
- C:\Windows\System\ZrWYzBO.exe
  C:\Windows\System\ZrWYzBO.exe
  2⤵
  PID:9724
- C:\Windows\System\BFAlZWN.exe
  C:\Windows\System\BFAlZWN.exe
  2⤵
  PID:9740
- C:\Windows\System\LexOxBm.exe
  C:\Windows\System\LexOxBm.exe
  2⤵
  PID:9756
- C:\Windows\System\uCAZYAC.exe
  C:\Windows\System\uCAZYAC.exe
  2⤵
  PID:9772
- C:\Windows\System\egjemmm.exe
  C:\Windows\System\egjemmm.exe
  2⤵
  PID:9788
- C:\Windows\System\LIKcMIu.exe
  C:\Windows\System\LIKcMIu.exe
  2⤵
  PID:9804
- C:\Windows\System\EzfpaRz.exe
  C:\Windows\System\EzfpaRz.exe
  2⤵
  PID:9820
- C:\Windows\System\krmyMAW.exe
  C:\Windows\System\krmyMAW.exe
  2⤵
  PID:9836
- C:\Windows\System\cyLywUT.exe
  C:\Windows\System\cyLywUT.exe
  2⤵
  PID:9852
- C:\Windows\System\OeLsHtO.exe
  C:\Windows\System\OeLsHtO.exe
  2⤵
  PID:9868
- C:\Windows\System\WwVDQKP.exe
  C:\Windows\System\WwVDQKP.exe
  2⤵
  PID:9884
- C:\Windows\System\aJIQlYP.exe
  C:\Windows\System\aJIQlYP.exe
  2⤵
  PID:9900
- C:\Windows\System\KDwFpbV.exe
  C:\Windows\System\KDwFpbV.exe
  2⤵
  PID:9916
- C:\Windows\System\xbYOLOa.exe
  C:\Windows\System\xbYOLOa.exe
  2⤵
  PID:9932
- C:\Windows\System\KyfRIpk.exe
  C:\Windows\System\KyfRIpk.exe
  2⤵
  PID:9948
- C:\Windows\System\QrnaLMU.exe
  C:\Windows\System\QrnaLMU.exe
  2⤵
  PID:9972
- C:\Windows\System\drawXBW.exe
  C:\Windows\System\drawXBW.exe
  2⤵
  PID:9996
- C:\Windows\System\etQQIMc.exe
  C:\Windows\System\etQQIMc.exe
  2⤵
  PID:10012
- C:\Windows\System\rSxSsOH.exe
  C:\Windows\System\rSxSsOH.exe
  2⤵
  PID:10136
- C:\Windows\System\SYXCGzQ.exe
  C:\Windows\System\SYXCGzQ.exe
  2⤵
  PID:10160
- C:\Windows\System\HqMezek.exe
  C:\Windows\System\HqMezek.exe
  2⤵
  PID:9260
- C:\Windows\System\IxSbwTo.exe
  C:\Windows\System\IxSbwTo.exe
  2⤵
  PID:9336
- C:\Windows\System\PkxSbFi.exe
  C:\Windows\System\PkxSbFi.exe
  2⤵
  PID:9408
- C:\Windows\System\ZeIEwhq.exe
  C:\Windows\System\ZeIEwhq.exe
  2⤵
  PID:9540
- C:\Windows\System\bURWliu.exe
  C:\Windows\System\bURWliu.exe
  2⤵
  PID:9732
- C:\Windows\System\cZZAktE.exe
  C:\Windows\System\cZZAktE.exe
  2⤵
  PID:9960
- C:\Windows\System\GOYUcPS.exe
  C:\Windows\System\GOYUcPS.exe
  2⤵
  PID:9612
- C:\Windows\System\VcsqMVo.exe
  C:\Windows\System\VcsqMVo.exe
  2⤵
  PID:9796
- C:\Windows\System\dStHtda.exe
  C:\Windows\System\dStHtda.exe
  2⤵
  PID:9648
- C:\Windows\System\pgpewsl.exe
  C:\Windows\System\pgpewsl.exe
  2⤵
  PID:9876
- C:\Windows\System\ahCLAlZ.exe
  C:\Windows\System\ahCLAlZ.exe
  2⤵
  PID:9908
- C:\Windows\System\UZXTBPb.exe
  C:\Windows\System\UZXTBPb.exe
  2⤵
  PID:9684
- C:\Windows\System\omMDQgI.exe
  C:\Windows\System\omMDQgI.exe
  2⤵
  PID:9736
- C:\Windows\System\HjansfB.exe
  C:\Windows\System\HjansfB.exe
  2⤵
  PID:9912
- C:\Windows\System\TEGvazF.exe
  C:\Windows\System\TEGvazF.exe
  2⤵
  PID:10208
- C:\Windows\System\ocfOedN.exe
  C:\Windows\System\ocfOedN.exe
  2⤵
  PID:8392
- C:\Windows\System\PaFuXNX.exe
  C:\Windows\System\PaFuXNX.exe
  2⤵
  PID:10216
- C:\Windows\System\JrIdlgw.exe
  C:\Windows\System\JrIdlgw.exe
  2⤵
  PID:9200
- C:\Windows\System\LPWpfCb.exe
  C:\Windows\System\LPWpfCb.exe
  2⤵
  PID:3272
- C:\Windows\System\qustwrR.exe
  C:\Windows\System\qustwrR.exe
  2⤵
  PID:9704
- C:\Windows\System\LkHMUMr.exe
  C:\Windows\System\LkHMUMr.exe
  2⤵
  PID:9944
- C:\Windows\System\oDlpVGI.exe
  C:\Windows\System\oDlpVGI.exe
  2⤵
  PID:9860
- C:\Windows\System\cSIrVTL.exe
  C:\Windows\System\cSIrVTL.exe
  2⤵
  PID:10116
- C:\Windows\System\ozSiaSW.exe
  C:\Windows\System\ozSiaSW.exe
  2⤵
  PID:10096
- C:\Windows\System\HGOcANM.exe
  C:\Windows\System\HGOcANM.exe
  2⤵
  PID:9360
- C:\Windows\System\PexmOYZ.exe
  C:\Windows\System\PexmOYZ.exe
  2⤵
  PID:9660
- C:\Windows\System\KwYiRoM.exe
  C:\Windows\System\KwYiRoM.exe
  2⤵
  PID:8380
- C:\Windows\System\yBrtwBL.exe
  C:\Windows\System\yBrtwBL.exe
  2⤵
  PID:10064
- C:\Windows\System\HbdxrMV.exe
  C:\Windows\System\HbdxrMV.exe
  2⤵
  PID:9596
- C:\Windows\System\yIYPnpk.exe
  C:\Windows\System\yIYPnpk.exe
  2⤵
  PID:10244
- C:\Windows\System\HQVCsfW.exe
  C:\Windows\System\HQVCsfW.exe
  2⤵
  PID:10264
- C:\Windows\System\Qcffbym.exe
  C:\Windows\System\Qcffbym.exe
  2⤵
  PID:10288
- C:\Windows\System\MqQrfAJ.exe
  C:\Windows\System\MqQrfAJ.exe
  2⤵
  PID:10308
- C:\Windows\System\vfbtckG.exe
  C:\Windows\System\vfbtckG.exe
  2⤵
  PID:10332
- C:\Windows\System\bxKLdpq.exe
  C:\Windows\System\bxKLdpq.exe
  2⤵
  PID:10352
- C:\Windows\System\bEcZmpA.exe
  C:\Windows\System\bEcZmpA.exe
  2⤵
  PID:10412
- C:\Windows\System\qKSoJYg.exe
  C:\Windows\System\qKSoJYg.exe
  2⤵
  PID:10460
- C:\Windows\System\uUtrCet.exe
  C:\Windows\System\uUtrCet.exe
  2⤵
  PID:10508
- C:\Windows\System\MiWAAZH.exe
  C:\Windows\System\MiWAAZH.exe
  2⤵
  PID:10540
- C:\Windows\System\NlKYouh.exe
  C:\Windows\System\NlKYouh.exe
  2⤵
  PID:10560
- C:\Windows\System\MUPbNBA.exe
  C:\Windows\System\MUPbNBA.exe
  2⤵
  PID:10580
- C:\Windows\System\SlbTEzL.exe
  C:\Windows\System\SlbTEzL.exe
  2⤵
  PID:10624
- C:\Windows\System\YSaBAaN.exe
  C:\Windows\System\YSaBAaN.exe
  2⤵
  PID:10652
- C:\Windows\System\ShhycAu.exe
  C:\Windows\System\ShhycAu.exe
  2⤵
  PID:10672
- C:\Windows\System\WFJukHq.exe
  C:\Windows\System\WFJukHq.exe
  2⤵
  PID:10692
- C:\Windows\System\bZzzetj.exe
  C:\Windows\System\bZzzetj.exe
  2⤵
  PID:10720
- C:\Windows\System\NhXxMmn.exe
  C:\Windows\System\NhXxMmn.exe
  2⤵
  PID:10744
- C:\Windows\System\DtdUoaD.exe
  C:\Windows\System\DtdUoaD.exe
  2⤵
  PID:10764
- C:\Windows\System\pJsUvAY.exe
  C:\Windows\System\pJsUvAY.exe
  2⤵
  PID:10788
- C:\Windows\System\WnwvEoa.exe
  C:\Windows\System\WnwvEoa.exe
  2⤵
  PID:10812
- C:\Windows\System\jHIGMrC.exe
  C:\Windows\System\jHIGMrC.exe
  2⤵
  PID:10836
- C:\Windows\System\EIfBZJf.exe
  C:\Windows\System\EIfBZJf.exe
  2⤵
  PID:10864
- C:\Windows\System\WzCflRh.exe
  C:\Windows\System\WzCflRh.exe
  2⤵
  PID:10916
- C:\Windows\System\pzOpZfm.exe
  C:\Windows\System\pzOpZfm.exe
  2⤵
  PID:10956
- C:\Windows\System\EbMeGUi.exe
  C:\Windows\System\EbMeGUi.exe
  2⤵
  PID:10984
- C:\Windows\System\YhpTJSd.exe
  C:\Windows\System\YhpTJSd.exe
  2⤵
  PID:11012
- C:\Windows\System\xLmPiGN.exe
  C:\Windows\System\xLmPiGN.exe
  2⤵
  PID:11036
- C:\Windows\System\AYzPGCr.exe
  C:\Windows\System\AYzPGCr.exe
  2⤵
  PID:11060
- C:\Windows\System\iRjveQI.exe
  C:\Windows\System\iRjveQI.exe
  2⤵
  PID:11088
- C:\Windows\System\bIUZecS.exe
  C:\Windows\System\bIUZecS.exe
  2⤵
  PID:11116
- C:\Windows\System\clckUUw.exe
  C:\Windows\System\clckUUw.exe
  2⤵
  PID:11136
- C:\Windows\System\MhRjzrP.exe
  C:\Windows\System\MhRjzrP.exe
  2⤵
  PID:11160
- C:\Windows\System\jcHZcuK.exe
  C:\Windows\System\jcHZcuK.exe
  2⤵
  PID:11200
- C:\Windows\System\KDdPCQA.exe
  C:\Windows\System\KDdPCQA.exe
  2⤵
  PID:11220
- C:\Windows\System\LFNPHCI.exe
  C:\Windows\System\LFNPHCI.exe
  2⤵
  PID:11244
- C:\Windows\System\XYJDsPH.exe
  C:\Windows\System\XYJDsPH.exe
  2⤵
  PID:10044
- C:\Windows\System\ufkXxyy.exe
  C:\Windows\System\ufkXxyy.exe
  2⤵
  PID:9664
- C:\Windows\System\dQgVovQ.exe
  C:\Windows\System\dQgVovQ.exe
  2⤵
  PID:10272
- C:\Windows\System\svBtHwS.exe
  C:\Windows\System\svBtHwS.exe
  2⤵
  PID:10376
- C:\Windows\System\zkSUkdV.exe
  C:\Windows\System\zkSUkdV.exe
  2⤵
  PID:10388
- C:\Windows\System\pPzOqcP.exe
  C:\Windows\System\pPzOqcP.exe
  2⤵
  PID:10488
- C:\Windows\System\KiDYWKy.exe
  C:\Windows\System\KiDYWKy.exe
  2⤵
  PID:10556
- C:\Windows\System\mBvdegB.exe
  C:\Windows\System\mBvdegB.exe
  2⤵
  PID:10644
- C:\Windows\System\vnwbrXi.exe
  C:\Windows\System\vnwbrXi.exe
  2⤵
  PID:10688
- C:\Windows\System\pdvxgmo.exe
  C:\Windows\System\pdvxgmo.exe
  2⤵
  PID:10752
- C:\Windows\System\wjzVgVL.exe
  C:\Windows\System\wjzVgVL.exe
  2⤵
  PID:10856
- C:\Windows\System\FeEGail.exe
  C:\Windows\System\FeEGail.exe
  2⤵
  PID:10844
- C:\Windows\System\IILxQYH.exe
  C:\Windows\System\IILxQYH.exe
  2⤵
  PID:10936
- C:\Windows\System\ifCMcUZ.exe
  C:\Windows\System\ifCMcUZ.exe
  2⤵
  PID:10952
- C:\Windows\System\EWDzaFG.exe
  C:\Windows\System\EWDzaFG.exe
  2⤵
  PID:11004
- C:\Windows\System\aAiANti.exe
  C:\Windows\System\aAiANti.exe
  2⤵
  PID:11068
- C:\Windows\System\okuPxWB.exe
  C:\Windows\System\okuPxWB.exe
  2⤵
  PID:11104
- C:\Windows\System\UrhgFha.exe
  C:\Windows\System\UrhgFha.exe
  2⤵
  PID:9928
- C:\Windows\System\haIloMB.exe
  C:\Windows\System\haIloMB.exe
  2⤵
  PID:10344
- C:\Windows\System\ECZHueQ.exe
  C:\Windows\System\ECZHueQ.exe
  2⤵
  PID:9328
- C:\Windows\System\LyZmojW.exe
  C:\Windows\System\LyZmojW.exe
  2⤵
  PID:10772
- C:\Windows\System\SGAJARo.exe
  C:\Windows\System\SGAJARo.exe
  2⤵
  PID:10948
- C:\Windows\System\bttWsIu.exe
  C:\Windows\System\bttWsIu.exe
  2⤵
  PID:10996
- C:\Windows\System\YyuMHds.exe
  C:\Windows\System\YyuMHds.exe
  2⤵
  PID:10548
- C:\Windows\System\UlKVzwd.exe
  C:\Windows\System\UlKVzwd.exe
  2⤵
  PID:11212
- C:\Windows\System\etxERWR.exe
  C:\Windows\System\etxERWR.exe
  2⤵
  PID:10620
- C:\Windows\System\IQErMPi.exe
  C:\Windows\System\IQErMPi.exe
  2⤵
  PID:11096
- C:\Windows\System\mfgNFyh.exe
  C:\Windows\System\mfgNFyh.exe
  2⤵
  PID:10684
- C:\Windows\System\qwAFuRL.exe
  C:\Windows\System\qwAFuRL.exe
  2⤵
  PID:11280
- C:\Windows\System\optvGjo.exe
  C:\Windows\System\optvGjo.exe
  2⤵
  PID:11300
- C:\Windows\System\WsQbncO.exe
  C:\Windows\System\WsQbncO.exe
  2⤵
  PID:11356
- C:\Windows\System\nudQsbV.exe
  C:\Windows\System\nudQsbV.exe
  2⤵
  PID:11376
- C:\Windows\System\hwTRFKO.exe
  C:\Windows\System\hwTRFKO.exe
  2⤵
  PID:11396
- C:\Windows\System\tQMuqnW.exe
  C:\Windows\System\tQMuqnW.exe
  2⤵
  PID:11416
- C:\Windows\System\BFqfFMt.exe
  C:\Windows\System\BFqfFMt.exe
  2⤵
  PID:11456
- C:\Windows\System\BZxqrDV.exe
  C:\Windows\System\BZxqrDV.exe
  2⤵
  PID:11480
- C:\Windows\System\tNDAbBv.exe
  C:\Windows\System\tNDAbBv.exe
  2⤵
  PID:11500
- C:\Windows\System\esRdqUB.exe
  C:\Windows\System\esRdqUB.exe
  2⤵
  PID:11532
- C:\Windows\System\PtGDXiN.exe
  C:\Windows\System\PtGDXiN.exe
  2⤵
  PID:11568
- C:\Windows\System\jCUAhwa.exe
  C:\Windows\System\jCUAhwa.exe
  2⤵
  PID:11584
- C:\Windows\System\orMqdSK.exe
  C:\Windows\System\orMqdSK.exe
  2⤵
  PID:11620
- C:\Windows\System\cltDZzC.exe
  C:\Windows\System\cltDZzC.exe
  2⤵
  PID:11636
- C:\Windows\System\JlVAIMe.exe
  C:\Windows\System\JlVAIMe.exe
  2⤵
  PID:11656
- C:\Windows\System\FfNakBK.exe
  C:\Windows\System\FfNakBK.exe
  2⤵
  PID:11700
- C:\Windows\System\ueQbKXF.exe
  C:\Windows\System\ueQbKXF.exe
  2⤵
  PID:11720
- C:\Windows\System\mficwPu.exe
  C:\Windows\System\mficwPu.exe
  2⤵
  PID:11756
- C:\Windows\System\eQFsXbE.exe
  C:\Windows\System\eQFsXbE.exe
  2⤵
  PID:11788
- C:\Windows\System\XcNJFTM.exe
  C:\Windows\System\XcNJFTM.exe
  2⤵
  PID:11816
- C:\Windows\System\ZxDyERw.exe
  C:\Windows\System\ZxDyERw.exe
  2⤵
  PID:11864
- C:\Windows\System\XTOnuvw.exe
  C:\Windows\System\XTOnuvw.exe
  2⤵
  PID:11896
- C:\Windows\System\wPZDgjq.exe
  C:\Windows\System\wPZDgjq.exe
  2⤵
  PID:11916
- C:\Windows\System\SpXJqMK.exe
  C:\Windows\System\SpXJqMK.exe
  2⤵
  PID:11940
- C:\Windows\System\OgDganO.exe
  C:\Windows\System\OgDganO.exe
  2⤵
  PID:11960
- C:\Windows\System\dQcFVYQ.exe
  C:\Windows\System\dQcFVYQ.exe
  2⤵
  PID:11988
- C:\Windows\System\YpgHYTn.exe
  C:\Windows\System\YpgHYTn.exe
  2⤵
  PID:12016
- C:\Windows\System\jOhZYbA.exe
  C:\Windows\System\jOhZYbA.exe
  2⤵
  PID:12036
- C:\Windows\System\jbCThSv.exe
  C:\Windows\System\jbCThSv.exe
  2⤵
  PID:12060
- C:\Windows\System\SAlajtT.exe
  C:\Windows\System\SAlajtT.exe
  2⤵
  PID:12088
- C:\Windows\System\REqcXga.exe
  C:\Windows\System\REqcXga.exe
  2⤵
  PID:12112
- C:\Windows\System\TvwJQmV.exe
  C:\Windows\System\TvwJQmV.exe
  2⤵
  PID:12152
- C:\Windows\System\caIbmZP.exe
  C:\Windows\System\caIbmZP.exe
  2⤵
  PID:12200
- C:\Windows\System\GYWXkrQ.exe
  C:\Windows\System\GYWXkrQ.exe
  2⤵
  PID:12220
- C:\Windows\System\yYNGmSc.exe
  C:\Windows\System\yYNGmSc.exe
  2⤵
  PID:12244
- C:\Windows\System\JaFctHl.exe
  C:\Windows\System\JaFctHl.exe
  2⤵
  PID:12276
- C:\Windows\System\YiZjGYs.exe
  C:\Windows\System\YiZjGYs.exe
  2⤵
  PID:10804
- C:\Windows\System\jzBRhiq.exe
  C:\Windows\System\jzBRhiq.exe
  2⤵
  PID:11296
- C:\Windows\System\VcPIxHL.exe
  C:\Windows\System\VcPIxHL.exe
  2⤵
  PID:11368
- C:\Windows\System\yGeaVpD.exe
  C:\Windows\System\yGeaVpD.exe
  2⤵
  PID:11432
- C:\Windows\System\aPxeKMh.exe
  C:\Windows\System\aPxeKMh.exe
  2⤵
  PID:11512
- C:\Windows\System\PuRvwSu.exe
  C:\Windows\System\PuRvwSu.exe
  2⤵
  PID:11516
- C:\Windows\System\tUwArZp.exe
  C:\Windows\System\tUwArZp.exe
  2⤵
  PID:11564
- C:\Windows\System\ejifcou.exe
  C:\Windows\System\ejifcou.exe
  2⤵
  PID:11668
- C:\Windows\System\DtAHbnQ.exe
  C:\Windows\System\DtAHbnQ.exe
  2⤵
  PID:11688
- C:\Windows\System\VrrLzOU.exe
  C:\Windows\System\VrrLzOU.exe
  2⤵
  PID:11804
- C:\Windows\System\PZTjoXc.exe
  C:\Windows\System\PZTjoXc.exe
  2⤵
  PID:11892
- C:\Windows\System\EzGecLD.exe
  C:\Windows\System\EzGecLD.exe
  2⤵
  PID:11976
- C:\Windows\System\pxzoMfu.exe
  C:\Windows\System\pxzoMfu.exe
  2⤵
  PID:12032
- C:\Windows\System\pgWUyur.exe
  C:\Windows\System\pgWUyur.exe
  2⤵
  PID:12144
- C:\Windows\System\NOKXlPv.exe
  C:\Windows\System\NOKXlPv.exe
  2⤵
  PID:12208
- C:\Windows\System\jVrVMaL.exe
  C:\Windows\System\jVrVMaL.exe
  2⤵
  PID:12268
- C:\Windows\System\SXteGJc.exe
  C:\Windows\System\SXteGJc.exe
  2⤵
  PID:12284
- C:\Windows\System\TkbQHmd.exe
  C:\Windows\System\TkbQHmd.exe
  2⤵
  PID:11444
- C:\Windows\System\SxfxmmD.exe
  C:\Windows\System\SxfxmmD.exe
  2⤵
  PID:11580
- C:\Windows\System\mhNIqvO.exe
  C:\Windows\System\mhNIqvO.exe
  2⤵
  PID:11616
- C:\Windows\System\wFMWSnQ.exe
  C:\Windows\System\wFMWSnQ.exe
  2⤵
  PID:11768
- C:\Windows\System\PlcQECS.exe
  C:\Windows\System\PlcQECS.exe
  2⤵
  PID:11928
- C:\Windows\System\jLpvFYz.exe
  C:\Windows\System\jLpvFYz.exe
  2⤵
  PID:12096
- C:\Windows\System\wYLYjeZ.exe
  C:\Windows\System\wYLYjeZ.exe
  2⤵
  PID:12216
- C:\Windows\System\wUgbpgc.exe
  C:\Windows\System\wUgbpgc.exe
  2⤵
  PID:11540
- C:\Windows\System\rCMUEHX.exe
  C:\Windows\System\rCMUEHX.exe
  2⤵
  PID:11488
- C:\Windows\System\CBZSlOz.exe
  C:\Windows\System\CBZSlOz.exe
  2⤵
  PID:12028
- C:\Windows\System\XgxnDTN.exe
  C:\Windows\System\XgxnDTN.exe
  2⤵
  PID:11780
- C:\Windows\System\cJyYtwv.exe
  C:\Windows\System\cJyYtwv.exe
  2⤵
  PID:12316
- C:\Windows\System\ZVtjlgp.exe
  C:\Windows\System\ZVtjlgp.exe
  2⤵
  PID:12344
- C:\Windows\System\ChPtnEq.exe
  C:\Windows\System\ChPtnEq.exe
  2⤵
  PID:12376
- C:\Windows\System\lsBsauY.exe
  C:\Windows\System\lsBsauY.exe
  2⤵
  PID:12400
- C:\Windows\System\CKbcMmF.exe
  C:\Windows\System\CKbcMmF.exe
  2⤵
  PID:12440
- C:\Windows\System\UQgHGcW.exe
  C:\Windows\System\UQgHGcW.exe
  2⤵
  PID:12476
- C:\Windows\System\FlfBJXj.exe
  C:\Windows\System\FlfBJXj.exe
  2⤵
  PID:12492
- C:\Windows\System\qlxtAyl.exe
  C:\Windows\System\qlxtAyl.exe
  2⤵
  PID:12516
- C:\Windows\System\SWPjjDZ.exe
  C:\Windows\System\SWPjjDZ.exe
  2⤵
  PID:12544
- C:\Windows\System\MAcPBMR.exe
  C:\Windows\System\MAcPBMR.exe
  2⤵
  PID:12568
- C:\Windows\System\zSkgOot.exe
  C:\Windows\System\zSkgOot.exe
  2⤵
  PID:12588
- C:\Windows\System\AzMzNYq.exe
  C:\Windows\System\AzMzNYq.exe
  2⤵
  PID:12644
- C:\Windows\System\KQGITlk.exe
  C:\Windows\System\KQGITlk.exe
  2⤵
  PID:12668
- C:\Windows\System\QVlKqeE.exe
  C:\Windows\System\QVlKqeE.exe
  2⤵
  PID:12688
- C:\Windows\System\UIqtFFE.exe
  C:\Windows\System\UIqtFFE.exe
  2⤵
  PID:12712
- C:\Windows\System\cKkzzpF.exe
  C:\Windows\System\cKkzzpF.exe
  2⤵
  PID:12736
- C:\Windows\System\aIXZuUw.exe
  C:\Windows\System\aIXZuUw.exe
  2⤵
  PID:12764
- C:\Windows\System\DscaBNb.exe
  C:\Windows\System\DscaBNb.exe
  2⤵
  PID:12788
- C:\Windows\System\ZIqyCvJ.exe
  C:\Windows\System\ZIqyCvJ.exe
  2⤵
  PID:12808
- C:\Windows\System\EebHxme.exe
  C:\Windows\System\EebHxme.exe
  2⤵
  PID:12852
- C:\Windows\System\XChYevQ.exe
  C:\Windows\System\XChYevQ.exe
  2⤵
  PID:12888
- C:\Windows\System\ZQzXbWb.exe
  C:\Windows\System\ZQzXbWb.exe
  2⤵
  PID:12904
- C:\Windows\System\CyrAceb.exe
  C:\Windows\System\CyrAceb.exe
  2⤵
  PID:12920
- C:\Windows\System\HselKqA.exe
  C:\Windows\System\HselKqA.exe
  2⤵
  PID:12988
- C:\Windows\System\ruDMKOz.exe
  C:\Windows\System\ruDMKOz.exe
  2⤵
  PID:13012
- C:\Windows\System\eszbygb.exe
  C:\Windows\System\eszbygb.exe
  2⤵
  PID:13044
- C:\Windows\System\oeKhyCB.exe
  C:\Windows\System\oeKhyCB.exe
  2⤵
  PID:13060
- C:\Windows\System\NwreCEY.exe
  C:\Windows\System\NwreCEY.exe
  2⤵
  PID:13080
- C:\Windows\System\wkyLmLZ.exe
  C:\Windows\System\wkyLmLZ.exe
  2⤵
  PID:13108
- C:\Windows\System\IgVLQhT.exe
  C:\Windows\System\IgVLQhT.exe
  2⤵
  PID:13124
- C:\Windows\System\LSfmVVM.exe
  C:\Windows\System\LSfmVVM.exe
  2⤵
  PID:13152
- C:\Windows\System\YGuIXPv.exe
  C:\Windows\System\YGuIXPv.exe
  2⤵
  PID:13172
- C:\Windows\System\sPmhkZD.exe
  C:\Windows\System\sPmhkZD.exe
  2⤵
  PID:13208
- C:\Windows\System\wrUxVYX.exe
  C:\Windows\System\wrUxVYX.exe
  2⤵
  PID:13232
- C:\Windows\System\sMrnhEE.exe
  C:\Windows\System\sMrnhEE.exe
  2⤵
  PID:13252
- C:\Windows\System\ztlkMAh.exe
  C:\Windows\System\ztlkMAh.exe
  2⤵
  PID:13280
- C:\Windows\System\xuNCles.exe
  C:\Windows\System\xuNCles.exe
  2⤵
  PID:13300
- C:\Windows\System\lLMNxhC.exe
  C:\Windows\System\lLMNxhC.exe
  2⤵
  PID:12300
- C:\Windows\System\bDLQnGk.exe
  C:\Windows\System\bDLQnGk.exe
  2⤵
  PID:12420
- C:\Windows\System\RGGQhxs.exe
  C:\Windows\System\RGGQhxs.exe
  2⤵
  PID:12508
- C:\Windows\System\LfWiMNx.exe
  C:\Windows\System\LfWiMNx.exe
  2⤵
  PID:12600
- C:\Windows\System\dDYMEMM.exe
  C:\Windows\System\dDYMEMM.exe
  2⤵
  PID:12636
- C:\Windows\System\FnnFPPb.exe
  C:\Windows\System\FnnFPPb.exe
  2⤵
  PID:12684
- C:\Windows\System\RPYAPcZ.exe
  C:\Windows\System\RPYAPcZ.exe
  2⤵
  PID:12760
- C:\Windows\System\iVnnPPx.exe
  C:\Windows\System\iVnnPPx.exe
  2⤵
  PID:12824
- C:\Windows\System\iFEYtwY.exe
  C:\Windows\System\iFEYtwY.exe
  2⤵
  PID:12836
- C:\Windows\System\itwoJiY.exe
  C:\Windows\System\itwoJiY.exe
  2⤵
  PID:12944
- C:\Windows\System\AMNBdqV.exe
  C:\Windows\System\AMNBdqV.exe
  2⤵
  PID:12956
- C:\Windows\System\EnFITtM.exe
  C:\Windows\System\EnFITtM.exe
  2⤵
  PID:13032
- C:\Windows\System\jbvEORb.exe
  C:\Windows\System\jbvEORb.exe
  2⤵
  PID:13200
- C:\Windows\System\TOmoaEQ.exe
  C:\Windows\System\TOmoaEQ.exe
  2⤵
  PID:13308
- C:\Windows\System\oopeYvi.exe
  C:\Windows\System\oopeYvi.exe
  2⤵
  PID:13296
- C:\Windows\System\cZEwgNp.exe
  C:\Windows\System\cZEwgNp.exe
  2⤵
  PID:12304
- C:\Windows\System\DhfPbuA.exe
  C:\Windows\System\DhfPbuA.exe
  2⤵
  PID:12396
- C:\Windows\System\KGHUQRn.exe
  C:\Windows\System\KGHUQRn.exe
  2⤵
  PID:12536
- C:\Windows\System\KYrTdaj.exe
  C:\Windows\System\KYrTdaj.exe
  2⤵
  PID:12584
- C:\Windows\System\PJkfsxm.exe
  C:\Windows\System\PJkfsxm.exe
  2⤵
  PID:12676
- C:\Windows\System\DOfepIT.exe
  C:\Windows\System\DOfepIT.exe
  2⤵
  PID:12748
- C:\Windows\System\QvrmxiT.exe
  C:\Windows\System\QvrmxiT.exe
  2⤵
  PID:12960
- C:\Windows\System\rJfUpnx.exe
  C:\Windows\System\rJfUpnx.exe
  2⤵
  PID:3472
- C:\Windows\System\TtRRQCd.exe
  C:\Windows\System\TtRRQCd.exe
  2⤵
  PID:13224
- C:\Windows\System\epJeOSx.exe
  C:\Windows\System\epJeOSx.exe
  2⤵
  PID:12372
- C:\Windows\System\bsrooVO.exe
  C:\Windows\System\bsrooVO.exe
  2⤵
  PID:11292
- C:\Windows\System\AtMLTTx.exe
  C:\Windows\System\AtMLTTx.exe
  2⤵
  PID:12896
- C:\Windows\System\rOrdSSC.exe
  C:\Windows\System\rOrdSSC.exe
  2⤵
  PID:13272
- C:\Windows\System\dbGPROf.exe
  C:\Windows\System\dbGPROf.exe
  2⤵
  PID:12576
- C:\Windows\System\mycUuXa.exe
  C:\Windows\System\mycUuXa.exe
  2⤵
  PID:13340
- C:\Windows\System\fRVgeNN.exe
  C:\Windows\System\fRVgeNN.exe
  2⤵
  PID:13364
- C:\Windows\System\awvzryh.exe
  C:\Windows\System\awvzryh.exe
  2⤵
  PID:13388
- C:\Windows\System\oQCeRUi.exe
  C:\Windows\System\oQCeRUi.exe
  2⤵
  PID:13408
- C:\Windows\System\KnBmRDY.exe
  C:\Windows\System\KnBmRDY.exe
  2⤵
  PID:13452
- C:\Windows\System\fJYmMHK.exe
  C:\Windows\System\fJYmMHK.exe
  2⤵
  PID:13480
- C:\Windows\System\fchDqgo.exe
  C:\Windows\System\fchDqgo.exe
  2⤵
  PID:13496
- C:\Windows\System\lvHwtVL.exe
  C:\Windows\System\lvHwtVL.exe
  2⤵
  PID:13532
- C:\Windows\System\PccuLeS.exe
  C:\Windows\System\PccuLeS.exe
  2⤵
  PID:13552
- C:\Windows\System\dbtqvEk.exe
  C:\Windows\System\dbtqvEk.exe
  2⤵
  PID:13608
- C:\Windows\System\LQMpbWH.exe
  C:\Windows\System\LQMpbWH.exe
  2⤵
  PID:13636
- C:\Windows\System\iZsQGMu.exe
  C:\Windows\System\iZsQGMu.exe
  2⤵
  PID:13660
- C:\Windows\System\NVqiyaF.exe
  C:\Windows\System\NVqiyaF.exe
  2⤵
  PID:13680
- C:\Windows\System\pqROBjR.exe
  C:\Windows\System\pqROBjR.exe
  2⤵
  PID:13704
- C:\Windows\System\zHUtYXD.exe
  C:\Windows\System\zHUtYXD.exe
  2⤵
  PID:13748
- C:\Windows\System\iHjogUa.exe
  C:\Windows\System\iHjogUa.exe
  2⤵
  PID:13776
- C:\Windows\System\ewmefaq.exe
  C:\Windows\System\ewmefaq.exe
  2⤵
  PID:13800
- C:\Windows\System\YzskxlS.exe
  C:\Windows\System\YzskxlS.exe
  2⤵
  PID:13816
- C:\Windows\System\oJouNtW.exe
  C:\Windows\System\oJouNtW.exe
  2⤵
  PID:13836
- C:\Windows\System\zuScPjW.exe
  C:\Windows\System\zuScPjW.exe
  2⤵
  PID:13860
- C:\Windows\System\wXgVFRu.exe
  C:\Windows\System\wXgVFRu.exe
  2⤵
  PID:13892
- C:\Windows\System\prsuZbZ.exe
  C:\Windows\System\prsuZbZ.exe
  2⤵
  PID:13920
- C:\Windows\System\OowyVzX.exe
  C:\Windows\System\OowyVzX.exe
  2⤵
  PID:13948
- C:\Windows\System\VLHNggZ.exe
  C:\Windows\System\VLHNggZ.exe
  2⤵
  PID:13968
- C:\Windows\System\eMalMwY.exe
  C:\Windows\System\eMalMwY.exe
  2⤵
  PID:14024
- C:\Windows\System\FcukWBb.exe
  C:\Windows\System\FcukWBb.exe
  2⤵
  PID:14044
- C:\Windows\System\BtKPTsV.exe
  C:\Windows\System\BtKPTsV.exe
  2⤵
  PID:14076
- C:\Windows\System\XkMyQvL.exe
  C:\Windows\System\XkMyQvL.exe
  2⤵
  PID:14120
- C:\Windows\System\TXtgkmU.exe
  C:\Windows\System\TXtgkmU.exe
  2⤵
  PID:14144
- C:\Windows\System\ayeMxSR.exe
  C:\Windows\System\ayeMxSR.exe
  2⤵
  PID:14172
- C:\Windows\System\KYJVqwK.exe
  C:\Windows\System\KYJVqwK.exe
  2⤵
  PID:14192
- C:\Windows\System\ilbHUWx.exe
  C:\Windows\System\ilbHUWx.exe
  2⤵
  PID:14232
- C:\Windows\System\XaTpEMc.exe
  C:\Windows\System\XaTpEMc.exe
  2⤵
  PID:14252
- C:\Windows\System\goScAGH.exe
  C:\Windows\System\goScAGH.exe
  2⤵
  PID:14276
- C:\Windows\System\hVxFJIC.exe
  C:\Windows\System\hVxFJIC.exe
  2⤵
  PID:14296
- C:\Windows\System\ssNbYCq.exe
  C:\Windows\System\ssNbYCq.exe
  2⤵
  PID:14332
- C:\Windows\System\ldjbveQ.exe
  C:\Windows\System\ldjbveQ.exe
  2⤵
  PID:13332
- C:\Windows\System\dfcIZTM.exe
  C:\Windows\System\dfcIZTM.exe
  2⤵
  PID:13384
- C:\Windows\System\FDZHtZK.exe
  C:\Windows\System\FDZHtZK.exe
  2⤵
  PID:13416
- C:\Windows\System\BkPtZXb.exe
  C:\Windows\System\BkPtZXb.exe
  2⤵
  PID:13524
- C:\Windows\System\FTIQqoe.exe
  C:\Windows\System\FTIQqoe.exe
  2⤵
  PID:13520
- C:\Windows\System\nCrRYJO.exe
  C:\Windows\System\nCrRYJO.exe
  2⤵
  PID:13628
- C:\Windows\System\VkHrVvL.exe
  C:\Windows\System\VkHrVvL.exe
  2⤵
  PID:13652

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BPKyJrD.exe

Filesize
1.5MB

MD5
7f4139843ed06fb3ddde185ac9f137bb

SHA1
336175841eacfce17a547969a325c1d52403ff6f

SHA256
e674d14901c5237b0228d6a65f8da0f66c975c3d95ea6b8008504d4d49b865e8

SHA512
3aef3213fc510fb3de8ab010bb042c26ff2fc57c9be00dd219ac0759c037431fe81211d13f325fe71a45f47b3c8dd9a8025ea3bc576ad616c8d0384a37625ab3

Download Submit
C:\Windows\System\EGEWuWN.exe

Filesize
1.5MB

MD5
6cd61e64360ab3513068538140d961d2

SHA1
7ce1f6eadb473e3ce98277a998a0fc505c5072e9

SHA256
9324db14362195c1b16c495d9370220da1cb032742eec13bdc0d5064721dfdc0

SHA512
8eec9f9ebc164c2ae4555e962547f1d5b8fb0b3cd77aed72f628129fcfb0059cab974e8e25bb0ffe72a49e381b8a8408afd1dd0f31cc2182cc97c95e7b73f6e9

Download Submit
C:\Windows\System\GgjiVew.exe

Filesize
1.5MB

MD5
81ca7c79c4ee403428553f395ee378f3

SHA1
16ff879981ae6f40fd4c8ffd92d1e7221ef31017

SHA256
6760a0829fdd4a82185a8fa2006e39e24d20607b54df5b9ed89ee9a6975b0762

SHA512
fd25108d223f9fe2a65f07500f9225e87571a29ed528a01ca66fb5c14c3709fbbced70bbec024535801e67fa12dbf1cdb52cb2a7d67a65411b9a05f86ea7c1ca

Download Submit
C:\Windows\System\IXRMFzu.exe

Filesize
1.5MB

MD5
025acf4cd4e74042978a3c5c8ce1a6b1

SHA1
02ab0391129f9ed63a73a9d0409e2b5dc4d6f749

SHA256
d27e0980683cd90df751083acd29d2213d2fb3fdb6f21ededa53ad3353d3c2c0

SHA512
94df700bb651483ef4b92bb52975331f3d091489ca32ed7de411fa065ec0efe3d2706df3ef28a57962638218b4e8cb29808e12e6c36526a88c5866e447f9b7fd

Download Submit
C:\Windows\System\IeGjlAS.exe

Filesize
1.5MB

MD5
88ff7b999b5ff401c98684350e161b75

SHA1
2f55f3ce75a97099808a701fbfafb39d8e206b65

SHA256
2d57fa4ea6868528bb1da27ba4293c07b0a8ffbcb4b612e5af1998c593044707

SHA512
53ac5fd8a37cf7e5634acb71fc8f1520ab6b7a2a616d292fe5de96790d3e35fb500578236c84b7b1ac52a3bbaf201832038fcd545de715c77c1a99f4fc7b1be2

Download Submit
C:\Windows\System\JtFSSUr.exe

Filesize
1.5MB

MD5
210a61d7005bf3c52ca3314b24748fb2

SHA1
bfcf676cc936450760ce5c2432d02015ff9aa633

SHA256
0aca91f45c7a83390f0a05d8e0ee2e2de7da6c97162707ec27ef87de89b23850

SHA512
6606ee872c8a9276d8c77832bf3668647bb6ce32434c032cc57a73bb01d0b98c114538ef996b00795ebcebdf17a21bc204b070f9daef158d330dc14c92f1ab39

Download Submit
C:\Windows\System\KGTdKsH.exe

Filesize
1.5MB

MD5
46c7259bef6cb7440095b41abdb4a2f8

SHA1
b4f74dc81562ac7e3e58976700932f6a0ca9dd45

SHA256
f2e9ee50f692fce223d148acbf4b1617eb25c926c172f4a021b3d1df6b68c5e1

SHA512
fe7aac8d2c0852cbafc263d6c799c54d85d23c3b594680d5a48420090b4f673e61b5af6877a73e742c12c2c23b40aef262eb0a7aa8d5bdd46202a909a7995cb0

Download Submit
C:\Windows\System\LdUrKQW.exe

Filesize
1.5MB

MD5
2106bb5d441f531579be25fc9dc988fb

SHA1
afc4ba666402380b8df83196b5ab9619304fcec9

SHA256
a57fac42c4479977c57ac0c17bfbb2ccf7accb403fdf55a668ba7b2118fd6918

SHA512
f28f3de940cd78e9a6256477895162b2e535de3849035d926f0200b425da0d791b33ebf891c0e6da1f4d073210af0a6b5d7b6a44a44a12f0eb2480aa2b95ff23

Download Submit
C:\Windows\System\MEOCTFi.exe

Filesize
1.5MB

MD5
fe763b0e6ba055822002058c99eeca3c

SHA1
a4f5811d753adb9390a2b3bf010f0384e2d5a287

SHA256
b7b81f94d4f48e364b9c749bcdc5efb735957288efa2b01651662dc9e55778fc

SHA512
a854f8f27b5720b0cbd626512dff382df3a5496e2246cd650d92e146b23c01a43d52b4d03829a7f89f267db7dc0b17c390e9b4830153b0b035a368fb2bc5f20f

Download Submit
C:\Windows\System\NEkAIdC.exe

Filesize
1.5MB

MD5
5c331f784357d158882989e453c21898

SHA1
6c1e044ea1f79b672855a15fa6630049476b9483

SHA256
9868a492b111c24dc0b573fbfd6a6b03b52e5cebf68d15fae9aad8f884b44e52

SHA512
ae04beed2bf860de4891ba97b6db06c1e9e8c6f4895199ecda5c5e0dde2fd228ddddeddeee28b9a6182499993f7ae5783bf6e13308adc4ac0df2571c0909ac54

Download Submit
C:\Windows\System\NhNOcnL.exe

Filesize
1.5MB

MD5
f58fd2012c90c9d73f6189b32b2f5442

SHA1
21b7106c2e262c3feaca8ddfa8809c4368df6143

SHA256
14444fd1de422de36c110d06190f2156435c385ec0d5899cf8360a78e8993b12

SHA512
5206db919f2674fe2eac148f53cf4b8c7394ea73b910ec9c11f68d7147a4f9169392f8ec04bc46774b507165da8c199cf9324a6ab674780e989dc0c04d3e274b

Download Submit
C:\Windows\System\OwcUyLF.exe

Filesize
1.5MB

MD5
3782ea586fdd3440f8b28a30c563ea80

SHA1
a7707316a1f350cdf4b601603f31e2ea24783017

SHA256
a1fbe3c8c119ac3a02c491c15ab630e7b3e96fe6bd9982a05d96d0d79b95555e

SHA512
873a6100ab07640a9482da974b115babe6ed8985607d447882fab257915a6a52de091e18ea6df178ca3977803d2b819605eeb71a1921d5af09e294e89f35b0f8

Download Submit
C:\Windows\System\QksLGAs.exe

Filesize
1.5MB

MD5
a9d2f98cd97dfc591204dc7b7aec8c35

SHA1
7c62b496368487a2d014b3ee436a0b613f6aca1f

SHA256
1c5d7f78ecf4bf54d383282e581ead4718196c6b36fc70eccdcb309d969b9848

SHA512
6fe1a171d2f8f595ebf5b383c7be4d45042d3b97db73459c956d7039794486930019c5ddc8814df7ea8fa20c8d48a5f5d31b159a2de30927f201a6d10c623cb3

Download Submit
C:\Windows\System\RnKkjYL.exe

Filesize
1.5MB

MD5
89696ee96e2e7cbd3ae62155c53d2294

SHA1
0068dc0f4523bd5213700a387618f90558a45767

SHA256
8294c3bf03b610d1397c21e9d6e7dd3b446910b71e9dc1a5aef5e9aeb193bb62

SHA512
f771947c48e2838e2ad06b8b10530f19465a2566865e862779181241eb39a8ae97255e347a990c725481ec372ca50c5e6140a86ce1939cd484e5b35547b285e5

Download Submit
C:\Windows\System\YHpRbZf.exe

Filesize
1.5MB

MD5
3db448ba3901572d036d9f2ad7d44da0

SHA1
883d8830447d29e0164fad55c2e411969a177748

SHA256
2d9fb904afd8f503b84fb40110d798a5df76eb8db6a5961723b81ccb19abc627

SHA512
6e705cc308d80f7b76e19953d1ac5e418684a3a3b4e298a538aab13c5202b7d07473e0816bd281c5c4b27cf781f0970705ff2ca89b6280a5cb39690298d993ce

Download Submit
C:\Windows\System\aAEPtmP.exe

Filesize
1.5MB

MD5
138d45564548aeb76a5b4b2db9b66e50

SHA1
682b949c755adbfc80d04447d9176b04628c1bea

SHA256
c251d0781c388fbb6275dd42c5a86f00f9b335b5ffd1db508a4bce7b377e8854

SHA512
ccdcf75dd31fef118b0aeec6fd149adadecac2e7eaa84db91082f22da74ec4c1620396efe86d2d0ae3dbf90c291d1143ab6296b18c833e013ceacd2b356e52f6

Download Submit
C:\Windows\System\avaMcXl.exe

Filesize
1.5MB

MD5
463cb0d067e82f85ca1c94b3e7030c0a

SHA1
006f2b7abcea38d4f1a2697945aec148e4fb631a

SHA256
1e61d78902159416627ed75071f68d2e9997050b6997a00bf4217589033dfba2

SHA512
8445eeaf51bd21ad9f65fdf37e28e229a4ca61b6895e9ac355f501ecc0c4fd51476b1fa8d631c29b297b8f7ccb090511fd4c9453a1ee6979c5eea8264ed9432a

Download Submit
C:\Windows\System\cGeegvB.exe

Filesize
1.5MB

MD5
c55294dd7081e877e03dec6d7ad57b34

SHA1
1726c2293dc19aaa2482bf12939b4b74a81ca0b0

SHA256
76388e2b82786fc52b4f65c6ad259e4ca23d92f6cc344e5db08549b2832313d1

SHA512
e8219b5a0fa03d79d28683fe11840d6b4f0f7020c09f0b08d2b14f3986b742af924168559b199b91fb11b3ef3fb8e8d3230f70d127b3eca0b99bc3682d9a711d

Download Submit
C:\Windows\System\eQQhNKS.exe

Filesize
1.5MB

MD5
26335134243093991a09ee98b091f92e

SHA1
47118da93a8d9556e679f37577ffc44c6352acc5

SHA256
f189715633b6cf4a281842ccf88ee829d7be07d4616f35b636ece2176a7ff710

SHA512
b4525ad368cf6ed361cf76a0673b1420edf048680f2b187a7662839d753d657306a508a5dfefecd91540c2568be37234954df82fdb7439dbcf483f49e6558e65

Download Submit
C:\Windows\System\eTBWcog.exe

Filesize
1.5MB

MD5
24e5b6ca34155b82c7c663e7f24af3d2

SHA1
77463c20d48ab34cb13c710f9f487ef81f970c32

SHA256
da787f0b0bfd0cb8767c8ddbf73a3de777be89c6bc09833dd9c000681876d6cf

SHA512
d6b5a22e1302b7f1598042b3039b1e716809abc4fddb0d0dc57fcd8bfd67483d2da5f4efc52fda084040b28ed94b29326298873186f8d0c93925210aee4e4205

Download Submit
C:\Windows\System\fiuIIbK.exe

Filesize
1.5MB

MD5
268762e9587fad67533d3e6bb887f52c

SHA1
c97eff6dcd0ed03450f49b0b89b80ed3fa77dd29

SHA256
716992c66f5ef69048a58a25319394effd41957329534159f153eacc6e305e75

SHA512
df7bfd49d52a65fb941baaca3eec746c6946c97b270116d62f1bf2d241c1acd102f717454d0567c33ffd6bf7701126c5c04fbdc3b5439f3a5c4d3b51e7221b9e

Download Submit
C:\Windows\System\jDXUNoS.exe

Filesize
1.5MB

MD5
90f8569a06f5b2df4a4b5b5cb5bad2c0

SHA1
d09d069de0d93b453ac6a9be7c461e2f2f1cd60b

SHA256
6e144128e07fa5e77770578a9f28c43f4cdd246137d533d98e1278b220c59b2b

SHA512
d451487da5ffa98aeb9779fa927f10179e7e09b0fb1c98264311e612d21a2c7b7c4d313ae44c818146a87d5ac3b32eb3893446da84a9a470b7dc08b35af50a15

Download Submit
C:\Windows\System\kYAtQwe.exe

Filesize
1.5MB

MD5
3b21af8bba23eaaa01b386a52472d8dd

SHA1
13298257935f2be42cc07ccc4251b9985afe4585

SHA256
2b54ab4e8c7d130b5e07782d0fda4cc82931ce5cb5438bf8664df985e89179a8

SHA512
915b164a5f17c3d41bbcec980628fe8700d7b409a0d709f56fee12487649e992e8a4a67d4c03df8f4751e245b2793b5978196dd7d29ec382dd413561469458b9

Download Submit
C:\Windows\System\mnhuAZp.exe

Filesize
1.5MB

MD5
150cb5374cb06985b371bf2190cdf259

SHA1
f86258128a6e60ddea7c3e40090c2289e1b6f375

SHA256
82fd3c2ff15af8b3d996fc0cb99b568e0f9fa03dc19a84aba9664868cb8c49d6

SHA512
7f1b637adf4be879842e30f8faca255fbe1bbdd2d58fc553de9635d64b90587031da148757cdbba5d2254d688a78d3ace40954b7e62033f0db4bed5c7a6a1293

Download Submit
C:\Windows\System\mryVObP.exe

Filesize
1.5MB

MD5
9855fd73f1ba62040c706e7841757ef0

SHA1
5c1d4109a5d228608ea0c3bd8dcb37ffe7c22ba9

SHA256
fb0f3e56d170a157764785bd159c055c1456239a7f73aa4d0501f1e87d12fbce

SHA512
a797f4b8916a81f09a9189e94d4c1dec02a7211d0f6408454d89d8caf40b434fda64add14c35d9a48a2f37a249cad7c4bd57ec297857ce0c2ffcdf6a2b15edfb

Download Submit
C:\Windows\System\nboYHOo.exe

Filesize
1.5MB

MD5
bcb9ad634649888bfe69ece57efd1630

SHA1
5fb71d37b6d100d060f75b550fefc49cf0cc744b

SHA256
97220f0832e6df815c9a89c91092537b3b8cdf0979a9cbc1cba94d8fbae8f018

SHA512
825f13f3e7cd88a8037b089728bac21b7dc1e9a38a72b9183248bf1379a6fbb905955d2c01ae8012eb369521b5549391363397c1120fc421b42c6f921d670c02

Download Submit
C:\Windows\System\oclgeRP.exe

Filesize
1.5MB

MD5
cb188b4a309472789f8d89c03a52738e

SHA1
cd338bf14c01ff1d9795fad75b85d41dad31e458

SHA256
da105d72da3f4056bc4ba9bb9878e49086f4b4d020f58e265c876c7a8d74803d

SHA512
e27dfa5bc63d0791287088149076db0c74c58b80db4687119b5538b7e3f4a560813aec2771ff4a70845ea42f7df047bb7fef449e66f81672df27402683916e9b

Download Submit
C:\Windows\System\qtfLVpq.exe

Filesize
1.5MB

MD5
9a423274b1a1cded9c0410ac011b2f5b

SHA1
a388f0955c2096dd00804dca4b05cc116667d158

SHA256
00c32641fea97b0cac70581cbed3d643c3de5d02c15ed4caa0a5890f20417236

SHA512
8239ebd5e9e2ad59e05736373f2a83511f9b82072ff35303d25095c6f2fce4bd2cd014c4bd3dab8ada5583ec9cbd744d7b396354ef28246a5d34f79908f5cea1

Download Submit
C:\Windows\System\sAZtZqc.exe

Filesize
1.5MB

MD5
2bd94f57b9b3d80dac8d03ecf2f05502

SHA1
11908b8b33877e7f36612d414a0ed818037df32e

SHA256
28e83140a3b825401d496651c5fb2a6b680a089a6af4d5111a398e3f1eb68c87

SHA512
64cb2e70b44f39ba7ead31ac3f93e5ac1e05220eb907a7f971c9d5a5137b9190846020d57df6a045b00fb2d4df672d2912a659f5f71bd0d26eb85350da564962

Download Submit
C:\Windows\System\sZQngxU.exe

Filesize
1.5MB

MD5
69a060788c91b6b3610f6aacfc1bdbc2

SHA1
85b9e7993e3a7edd681a19b581849a79767a4ce7

SHA256
cb2720e0f6e4d374ac124b7d3ec3c5114fa1e8e77bbd1e044e65730584b20b05

SHA512
4f0c134c817a7808294b66097050a24e7f1d64ecc78e044bf14976a5d6d687b84b963fea184143a522b556b79a9495a9a8a01c6569c0ad200076dbdc58b0ae86

Download Submit
C:\Windows\System\uxEJToc.exe

Filesize
1.5MB

MD5
bed556778353ceaebbfeceac6232217c

SHA1
35139e93c5d2e91df6a74704aca36f72b950100c

SHA256
b6aa5e3404badf2a1c61ae06ca770717430de22044acf3ed440e2725762d5b24

SHA512
779b7cedc46bd0819ef4086f01c58a8592eb080a2deb73e39fe1135ca596cef5562151f3cb524e50e7112760023eff8a1e0cd16705be794452989520b1cf123a

Download Submit
C:\Windows\System\xRrFEoL.exe

Filesize
1.5MB

MD5
9c564defb5cbadba90c49691c7e89c41

SHA1
7ec639e4365ba0bb6052334490e263f8d8c9f650

SHA256
f124449f59803264cd50d95f166381f1a54e5833479d3cbe5899eaa60e77049e

SHA512
36b63bb2d37ea53e75a4cccbe106f5043356fdc8c116925dac9a52e1da66148cb8c709c0b474129901ab11e16c6bc63b8e9dc044a278f3077434ccaef0a2eb07

Download Submit
C:\Windows\System\zyHoXeh.exe

Filesize
1.5MB

MD5
1c343cfa434ae95493d0b69c5fb641be

SHA1
fdb6472fb8c9fe49a102ab8649f9a44277a3ba63

SHA256
b2a4acee44cea607af522bff7bf9f5f5639e1aa9b6d145d0f05616037738ce7c

SHA512
6baab52a61305e39614c48d8271a58d7c0f0521d1ab8b052fe341bd7a352bd0cb2505299f87a76217ec5e0ea0d97ae87b67099a34bc8ff1e7a2c8822b09982da

Download Submit
memory/60-2272-0x00007FF734820000-0x00007FF734B71000-memory.dmp

Filesize
3.3MB

Download
memory/60-62-0x00007FF734820000-0x00007FF734B71000-memory.dmp

Filesize
3.3MB

Download
memory/60-2208-0x00007FF734820000-0x00007FF734B71000-memory.dmp

Filesize
3.3MB

Download
memory/532-2282-0x00007FF6E6520000-0x00007FF6E6871000-memory.dmp

Filesize
3.3MB

Download
memory/532-2211-0x00007FF6E6520000-0x00007FF6E6871000-memory.dmp

Filesize
3.3MB

Download
memory/532-82-0x00007FF6E6520000-0x00007FF6E6871000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2254-0x00007FF7FA2C0000-0x00007FF7FA611000-memory.dmp

Filesize
3.3MB

Download
memory/1084-68-0x00007FF7FA2C0000-0x00007FF7FA611000-memory.dmp

Filesize
3.3MB

Download
memory/1328-45-0x00007FF7AD9B0000-0x00007FF7ADD01000-memory.dmp

Filesize
3.3MB

Download
memory/1328-2206-0x00007FF7AD9B0000-0x00007FF7ADD01000-memory.dmp

Filesize
3.3MB

Download
memory/1328-2256-0x00007FF7AD9B0000-0x00007FF7ADD01000-memory.dmp

Filesize
3.3MB

Download
memory/1512-2290-0x00007FF7BB5D0000-0x00007FF7BB921000-memory.dmp

Filesize
3.3MB

Download
memory/1512-482-0x00007FF7BB5D0000-0x00007FF7BB921000-memory.dmp

Filesize
3.3MB

Download
memory/1580-540-0x00007FF6117D0000-0x00007FF611B21000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2304-0x00007FF6117D0000-0x00007FF611B21000-memory.dmp

Filesize
3.3MB

Download
memory/1664-77-0x00007FF6C0010000-0x00007FF6C0361000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2268-0x00007FF6C0010000-0x00007FF6C0361000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2210-0x00007FF6C0010000-0x00007FF6C0361000-memory.dmp

Filesize
3.3MB

Download
memory/1848-546-0x00007FF735C90000-0x00007FF735FE1000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2306-0x00007FF735C90000-0x00007FF735FE1000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2266-0x00007FF650B20000-0x00007FF650E71000-memory.dmp

Filesize
3.3MB

Download
memory/2036-71-0x00007FF650B20000-0x00007FF650E71000-memory.dmp

Filesize
3.3MB

Download
memory/2292-490-0x00007FF670730000-0x00007FF670A81000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2284-0x00007FF670730000-0x00007FF670A81000-memory.dmp

Filesize
3.3MB

Download
memory/2348-502-0x00007FF6FF610000-0x00007FF6FF961000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2286-0x00007FF6FF610000-0x00007FF6FF961000-memory.dmp

Filesize
3.3MB

Download
memory/2676-55-0x00007FF6D1220000-0x00007FF6D1571000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2260-0x00007FF6D1220000-0x00007FF6D1571000-memory.dmp

Filesize
3.3MB

Download
memory/2884-497-0x00007FF7761D0000-0x00007FF776521000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2276-0x00007FF7761D0000-0x00007FF776521000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2296-0x00007FF7258D0000-0x00007FF725C21000-memory.dmp

Filesize
3.3MB

Download
memory/2944-523-0x00007FF7258D0000-0x00007FF725C21000-memory.dmp

Filesize
3.3MB

Download
memory/3520-532-0x00007FF7F5C50000-0x00007FF7F5FA1000-memory.dmp

Filesize
3.3MB

Download
memory/3520-2302-0x00007FF7F5C50000-0x00007FF7F5FA1000-memory.dmp

Filesize
3.3MB

Download
memory/3600-72-0x00007FF604770000-0x00007FF604AC1000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2270-0x00007FF604770000-0x00007FF604AC1000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2209-0x00007FF604770000-0x00007FF604AC1000-memory.dmp

Filesize
3.3MB

Download
memory/3640-2294-0x00007FF702A00000-0x00007FF702D51000-memory.dmp

Filesize
3.3MB

Download
memory/3640-510-0x00007FF702A00000-0x00007FF702D51000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2258-0x00007FF752190000-0x00007FF7524E1000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2207-0x00007FF752190000-0x00007FF7524E1000-memory.dmp

Filesize
3.3MB

Download
memory/3712-29-0x00007FF752190000-0x00007FF7524E1000-memory.dmp

Filesize
3.3MB

Download
memory/3764-13-0x00007FF68D930000-0x00007FF68DC81000-memory.dmp

Filesize
3.3MB

Download
memory/3764-2250-0x00007FF68D930000-0x00007FF68DC81000-memory.dmp

Filesize
3.3MB

Download
memory/3792-526-0x00007FF655480000-0x00007FF6557D1000-memory.dmp

Filesize
3.3MB

Download
memory/3792-2293-0x00007FF655480000-0x00007FF6557D1000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2252-0x00007FF7FB4A0000-0x00007FF7FB7F1000-memory.dmp

Filesize
3.3MB

Download
memory/4148-24-0x00007FF7FB4A0000-0x00007FF7FB7F1000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2204-0x00007FF7FB4A0000-0x00007FF7FB7F1000-memory.dmp

Filesize
3.3MB

Download
memory/4204-518-0x00007FF76F910000-0x00007FF76FC61000-memory.dmp

Filesize
3.3MB

Download
memory/4204-2300-0x00007FF76F910000-0x00007FF76FC61000-memory.dmp

Filesize
3.3MB

Download
memory/4276-1-0x00000230AA950000-0x00000230AA960000-memory.dmp

Filesize
64KB

Download
memory/4276-0-0x00007FF63CED0000-0x00007FF63D221000-memory.dmp

Filesize
3.3MB

Download
memory/4276-2205-0x00007FF63CED0000-0x00007FF63D221000-memory.dmp

Filesize
3.3MB

Download
memory/4324-519-0x00007FF6DCB70000-0x00007FF6DCEC1000-memory.dmp

Filesize
3.3MB

Download
memory/4324-2298-0x00007FF6DCB70000-0x00007FF6DCEC1000-memory.dmp

Filesize
3.3MB

Download
memory/4412-2263-0x00007FF76A810000-0x00007FF76AB61000-memory.dmp

Filesize
3.3MB

Download
memory/4412-61-0x00007FF76A810000-0x00007FF76AB61000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2246-0x00007FF6A7D90000-0x00007FF6A80E1000-memory.dmp

Filesize
3.3MB

Download
memory/4656-83-0x00007FF6A7D90000-0x00007FF6A80E1000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2274-0x00007FF6A7D90000-0x00007FF6A80E1000-memory.dmp

Filesize
3.3MB

Download
memory/4684-2280-0x00007FF72F060000-0x00007FF72F3B1000-memory.dmp

Filesize
3.3MB

Download
memory/4684-486-0x00007FF72F060000-0x00007FF72F3B1000-memory.dmp

Filesize
3.3MB

Download
memory/4792-491-0x00007FF6ED590000-0x00007FF6ED8E1000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2288-0x00007FF6ED590000-0x00007FF6ED8E1000-memory.dmp

Filesize
3.3MB

Download
memory/4956-69-0x00007FF7B45E0000-0x00007FF7B4931000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2264-0x00007FF7B45E0000-0x00007FF7B4931000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2278-0x00007FF615090000-0x00007FF6153E1000-memory.dmp

Filesize
3.3MB

Download
memory/5036-481-0x00007FF615090000-0x00007FF6153E1000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads