xmrig | c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
Size

3.0MB
MD5

ac988ec43339c125729bea87e732a697
SHA1

443bda0b6315a1faca8b2b361253202ef0527aee
SHA256

c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0
SHA512

f13f2be5fbb5c4788c76f337097ea5629a13781c35cf4397afeedd7f768c149aa1ff38bd2a25236d2010ae0a56e4857b2e244ce352f0f82431524a5e255b9ea2
SSDEEP

49152:w0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8DzJlR1dqo5LlGt:w0GnJMOWPClFdx6e0EALKWVTffZiPAcy

Score

10^/10

xmrig miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4136-0-0x00007FF6DBBB0000-0x00007FF6DBFA5000-memory.dmp	xmrig
behavioral2/files/0x0008000000023633-4.dat	xmrig
behavioral2/files/0x0007000000023634-12.dat	xmrig
behavioral2/memory/1908-10-0x00007FF6DB1E0000-0x00007FF6DB5D5000-memory.dmp	xmrig
behavioral2/memory/3504-14-0x00007FF6C3800000-0x00007FF6C3BF5000-memory.dmp	xmrig
behavioral2/files/0x0007000000023635-9.dat	xmrig
behavioral2/files/0x0007000000023636-19.dat	xmrig
behavioral2/files/0x000700000002363b-34.dat	xmrig
behavioral2/files/0x000700000002363c-37.dat	xmrig
behavioral2/files/0x0007000000023648-73.dat	xmrig
behavioral2/files/0x000700000002364a-79.dat	xmrig
behavioral2/files/0x0007000000023654-109.dat	xmrig
behavioral2/files/0x000700000002365a-127.dat	xmrig
behavioral2/memory/3148-797-0x00007FF632300000-0x00007FF6326F5000-memory.dmp	xmrig
behavioral2/memory/1096-805-0x00007FF658C80000-0x00007FF659075000-memory.dmp	xmrig
behavioral2/memory/448-808-0x00007FF6AE9E0000-0x00007FF6AEDD5000-memory.dmp	xmrig
behavioral2/memory/940-811-0x00007FF602DE0000-0x00007FF6031D5000-memory.dmp	xmrig
behavioral2/memory/1644-817-0x00007FF67B860000-0x00007FF67BC55000-memory.dmp	xmrig
behavioral2/memory/3364-820-0x00007FF791630000-0x00007FF791A25000-memory.dmp	xmrig
behavioral2/memory/2972-825-0x00007FF679EB0000-0x00007FF67A2A5000-memory.dmp	xmrig
behavioral2/memory/4844-827-0x00007FF65E290000-0x00007FF65E685000-memory.dmp	xmrig
behavioral2/memory/4008-828-0x00007FF6FB130000-0x00007FF6FB525000-memory.dmp	xmrig
behavioral2/memory/3952-826-0x00007FF719F00000-0x00007FF71A2F5000-memory.dmp	xmrig
behavioral2/memory/1232-824-0x00007FF7C95A0000-0x00007FF7C9995000-memory.dmp	xmrig
behavioral2/memory/3496-822-0x00007FF72D440000-0x00007FF72D835000-memory.dmp	xmrig
behavioral2/memory/1764-821-0x00007FF636D00000-0x00007FF6370F5000-memory.dmp	xmrig
behavioral2/memory/4764-818-0x00007FF78FDC0000-0x00007FF7901B5000-memory.dmp	xmrig
behavioral2/memory/2492-815-0x00007FF6F9930000-0x00007FF6F9D25000-memory.dmp	xmrig
behavioral2/memory/1680-814-0x00007FF70F000000-0x00007FF70F3F5000-memory.dmp	xmrig
behavioral2/memory/1268-812-0x00007FF7D4940000-0x00007FF7D4D35000-memory.dmp	xmrig
behavioral2/memory/3084-810-0x00007FF7510C0000-0x00007FF7514B5000-memory.dmp	xmrig
behavioral2/memory/812-804-0x00007FF6B8300000-0x00007FF6B86F5000-memory.dmp	xmrig
behavioral2/memory/1256-803-0x00007FF74A3E0000-0x00007FF74A7D5000-memory.dmp	xmrig
behavioral2/memory/3704-801-0x00007FF610660000-0x00007FF610A55000-memory.dmp	xmrig
behavioral2/memory/2680-800-0x00007FF6FC6A0000-0x00007FF6FCA95000-memory.dmp	xmrig
behavioral2/files/0x0007000000023670-193.dat	xmrig
behavioral2/files/0x000700000002366f-190.dat	xmrig
behavioral2/files/0x000700000002366e-187.dat	xmrig
behavioral2/files/0x000700000002366d-184.dat	xmrig
behavioral2/files/0x000700000002366c-181.dat	xmrig
behavioral2/files/0x000700000002366b-178.dat	xmrig
behavioral2/files/0x000700000002366a-175.dat	xmrig
behavioral2/files/0x0007000000023669-172.dat	xmrig
behavioral2/files/0x0007000000023668-169.dat	xmrig
behavioral2/files/0x0007000000023667-166.dat	xmrig
behavioral2/files/0x0007000000023666-163.dat	xmrig
behavioral2/files/0x0007000000023665-160.dat	xmrig
behavioral2/files/0x0007000000023664-157.dat	xmrig
behavioral2/files/0x0007000000023663-154.dat	xmrig
behavioral2/files/0x0007000000023662-151.dat	xmrig
behavioral2/files/0x0007000000023661-148.dat	xmrig
behavioral2/files/0x0007000000023660-145.dat	xmrig
behavioral2/files/0x000700000002365f-142.dat	xmrig
behavioral2/files/0x000700000002365e-139.dat	xmrig
behavioral2/files/0x000700000002365d-136.dat	xmrig
behavioral2/files/0x000700000002365c-133.dat	xmrig
behavioral2/files/0x000700000002365b-130.dat	xmrig
behavioral2/files/0x0007000000023659-124.dat	xmrig
behavioral2/files/0x0007000000023658-121.dat	xmrig
behavioral2/files/0x0007000000023657-118.dat	xmrig
behavioral2/files/0x0007000000023656-115.dat	xmrig
behavioral2/files/0x0007000000023655-112.dat	xmrig
behavioral2/files/0x0007000000023653-106.dat	xmrig
behavioral2/files/0x0007000000023652-103.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1908	uRPdutc.exe
3504	CqvNIga.exe
3148	lYYkXfj.exe
2680	enFsBal.exe
3704	LLIGkUQ.exe
1256	SKdPWkM.exe
812	iAIGuJt.exe
1096	YRfumpt.exe
448	XgsrMdm.exe
3084	hlRsUxr.exe
940	lxPRLmK.exe
1268	uiLqWEk.exe
1680	SIpIUyW.exe
2492	ehVgSBI.exe
1644	vUDNren.exe
4764	vYtBwIk.exe
3364	PwEdTsX.exe
1764	kNJSvLX.exe
3496	mpQeZEj.exe
1232	fhRwjjE.exe
2972	WIFDIcf.exe
3952	qQZskYB.exe
4844	wgyagra.exe
4008	MqEFRJr.exe
4904	apHfFez.exe
2132	WhhhVPU.exe
4360	aFCRVUf.exe
3108	EFnmzsZ.exe
3476	xLGiViY.exe
2312	LfZdvpN.exe
780	NtwfwmX.exe
4436	ysIfzOg.exe
4372	YnDBJFe.exe
2152	qwnOdgB.exe
892	wSPzuZy.exe
1452	QaVsZHS.exe
3192	ZGHZzxC.exe
2072	AgDGqAR.exe
1784	HyFHtFS.exe
2896	yQBxGuv.exe
4164	mpcWXQc.exe
4680	ATEFSjY.exe
2372	DLXFiRq.exe
4224	BgsGwBJ.exe
1976	VAQstMK.exe
1884	BdLuufd.exe
3660	vcrDlAf.exe
1460	msZmFTB.exe
1880	JPxJVNy.exe
4260	GcdxosK.exe
1704	cZtpxcO.exe
4968	wCTpaOi.exe
4644	aiYNCUl.exe
4912	NvZbyZW.exe
2080	udVWSXA.exe
4000	NDirafm.exe
3200	IXrClnh.exe
1276	WxXVVnX.exe
4300	sFOZGtK.exe
2272	WNxzpaC.exe
2808	ijlFJWv.exe
2804	jCObFrq.exe
3220	uGhVIdT.exe
2408	uvkJHEB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4136-0-0x00007FF6DBBB0000-0x00007FF6DBFA5000-memory.dmp	upx
behavioral2/files/0x0008000000023633-4.dat	upx
behavioral2/files/0x0007000000023634-12.dat	upx
behavioral2/memory/1908-10-0x00007FF6DB1E0000-0x00007FF6DB5D5000-memory.dmp	upx
behavioral2/memory/3504-14-0x00007FF6C3800000-0x00007FF6C3BF5000-memory.dmp	upx
behavioral2/files/0x0007000000023635-9.dat	upx
behavioral2/files/0x0007000000023636-19.dat	upx
behavioral2/files/0x000700000002363b-34.dat	upx
behavioral2/files/0x000700000002363c-37.dat	upx
behavioral2/files/0x0007000000023648-73.dat	upx
behavioral2/files/0x000700000002364a-79.dat	upx
behavioral2/files/0x0007000000023654-109.dat	upx
behavioral2/files/0x000700000002365a-127.dat	upx
behavioral2/memory/3148-797-0x00007FF632300000-0x00007FF6326F5000-memory.dmp	upx
behavioral2/memory/1096-805-0x00007FF658C80000-0x00007FF659075000-memory.dmp	upx
behavioral2/memory/448-808-0x00007FF6AE9E0000-0x00007FF6AEDD5000-memory.dmp	upx
behavioral2/memory/940-811-0x00007FF602DE0000-0x00007FF6031D5000-memory.dmp	upx
behavioral2/memory/1644-817-0x00007FF67B860000-0x00007FF67BC55000-memory.dmp	upx
behavioral2/memory/3364-820-0x00007FF791630000-0x00007FF791A25000-memory.dmp	upx
behavioral2/memory/2972-825-0x00007FF679EB0000-0x00007FF67A2A5000-memory.dmp	upx
behavioral2/memory/4844-827-0x00007FF65E290000-0x00007FF65E685000-memory.dmp	upx
behavioral2/memory/4008-828-0x00007FF6FB130000-0x00007FF6FB525000-memory.dmp	upx
behavioral2/memory/3952-826-0x00007FF719F00000-0x00007FF71A2F5000-memory.dmp	upx
behavioral2/memory/1232-824-0x00007FF7C95A0000-0x00007FF7C9995000-memory.dmp	upx
behavioral2/memory/3496-822-0x00007FF72D440000-0x00007FF72D835000-memory.dmp	upx
behavioral2/memory/1764-821-0x00007FF636D00000-0x00007FF6370F5000-memory.dmp	upx
behavioral2/memory/4764-818-0x00007FF78FDC0000-0x00007FF7901B5000-memory.dmp	upx
behavioral2/memory/2492-815-0x00007FF6F9930000-0x00007FF6F9D25000-memory.dmp	upx
behavioral2/memory/1680-814-0x00007FF70F000000-0x00007FF70F3F5000-memory.dmp	upx
behavioral2/memory/1268-812-0x00007FF7D4940000-0x00007FF7D4D35000-memory.dmp	upx
behavioral2/memory/3084-810-0x00007FF7510C0000-0x00007FF7514B5000-memory.dmp	upx
behavioral2/memory/812-804-0x00007FF6B8300000-0x00007FF6B86F5000-memory.dmp	upx
behavioral2/memory/1256-803-0x00007FF74A3E0000-0x00007FF74A7D5000-memory.dmp	upx
behavioral2/memory/3704-801-0x00007FF610660000-0x00007FF610A55000-memory.dmp	upx
behavioral2/memory/2680-800-0x00007FF6FC6A0000-0x00007FF6FCA95000-memory.dmp	upx
behavioral2/files/0x0007000000023670-193.dat	upx
behavioral2/files/0x000700000002366f-190.dat	upx
behavioral2/files/0x000700000002366e-187.dat	upx
behavioral2/files/0x000700000002366d-184.dat	upx
behavioral2/files/0x000700000002366c-181.dat	upx
behavioral2/files/0x000700000002366b-178.dat	upx
behavioral2/files/0x000700000002366a-175.dat	upx
behavioral2/files/0x0007000000023669-172.dat	upx
behavioral2/files/0x0007000000023668-169.dat	upx
behavioral2/files/0x0007000000023667-166.dat	upx
behavioral2/files/0x0007000000023666-163.dat	upx
behavioral2/files/0x0007000000023665-160.dat	upx
behavioral2/files/0x0007000000023664-157.dat	upx
behavioral2/files/0x0007000000023663-154.dat	upx
behavioral2/files/0x0007000000023662-151.dat	upx
behavioral2/files/0x0007000000023661-148.dat	upx
behavioral2/files/0x0007000000023660-145.dat	upx
behavioral2/files/0x000700000002365f-142.dat	upx
behavioral2/files/0x000700000002365e-139.dat	upx
behavioral2/files/0x000700000002365d-136.dat	upx
behavioral2/files/0x000700000002365c-133.dat	upx
behavioral2/files/0x000700000002365b-130.dat	upx
behavioral2/files/0x0007000000023659-124.dat	upx
behavioral2/files/0x0007000000023658-121.dat	upx
behavioral2/files/0x0007000000023657-118.dat	upx
behavioral2/files/0x0007000000023656-115.dat	upx
behavioral2/files/0x0007000000023655-112.dat	upx
behavioral2/files/0x0007000000023653-106.dat	upx
behavioral2/files/0x0007000000023652-103.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\EnqqwQT.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\iHYBlhq.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\aiYNCUl.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\zBgxuNp.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\tjaLuxX.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\ApzVbLB.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\UGNlxzS.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\ykcMNLy.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\ZRDNcoS.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\ssJgNZr.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\YzHEGBm.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\apHfFez.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\MziiUGN.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\uPGVIPy.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\lfGnplc.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\mdffLbx.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\OoHoHtO.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\fuzAyue.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\vIOKhYL.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\NkGlCTF.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\wYhyqay.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\BAykYwH.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\LBxAtac.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\iAIGuJt.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\vUDNren.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\qXStdzD.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\pwmRjYa.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\cKbIyeX.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\HsyOFBT.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\JvoEaFV.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\Nenaeyq.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\nxLlEDY.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\ExQFfik.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\ZPWdnrR.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\ZQRUNGJ.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\kPkxxSZ.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\udVWSXA.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\tzhWYNf.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\vrnnJEa.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\JOQUtIT.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\mgWNIWx.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\cszcbDV.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\EYxVOvX.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\KELFhWF.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\YunAhck.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\QQWOUJg.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\uzeUTaP.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\nIajkOu.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\LjiQShI.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\NlucWsX.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\LCOywio.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\nXEXKSH.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\IKyfNOC.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\nqQXxLu.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\AvCTdYK.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\GXKByEx.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\hZXiEdx.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\HZvWzZu.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\HEiyeLE.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\vILsHju.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\cyDizPE.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\jzjYTTI.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\lYYkXfj.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
File created	C:\Windows\System32\YRfumpt.exe	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3592	dwm.exe
Token: SeChangeNotifyPrivilege	3592	dwm.exe
Token: 33	3592	dwm.exe
Token: SeIncBasePriorityPrivilege	3592	dwm.exe
Token: SeShutdownPrivilege	3592	dwm.exe
Token: SeCreatePagefilePrivilege	3592	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 1908	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	91
PID 4136 wrote to memory of 1908	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	91
PID 4136 wrote to memory of 3504	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	92
PID 4136 wrote to memory of 3504	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	92
PID 4136 wrote to memory of 3148	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	93
PID 4136 wrote to memory of 3148	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	93
PID 4136 wrote to memory of 2680	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	94
PID 4136 wrote to memory of 2680	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	94
PID 4136 wrote to memory of 3704	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	95
PID 4136 wrote to memory of 3704	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	95
PID 4136 wrote to memory of 1256	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	96
PID 4136 wrote to memory of 1256	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	96
PID 4136 wrote to memory of 812	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	97
PID 4136 wrote to memory of 812	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	97
PID 4136 wrote to memory of 1096	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	98
PID 4136 wrote to memory of 1096	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	98
PID 4136 wrote to memory of 448	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	99
PID 4136 wrote to memory of 448	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	99
PID 4136 wrote to memory of 3084	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	100
PID 4136 wrote to memory of 3084	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	100
PID 4136 wrote to memory of 940	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	101
PID 4136 wrote to memory of 940	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	101
PID 4136 wrote to memory of 1268	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	102
PID 4136 wrote to memory of 1268	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	102
PID 4136 wrote to memory of 1680	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	103
PID 4136 wrote to memory of 1680	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	103
PID 4136 wrote to memory of 2492	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	104
PID 4136 wrote to memory of 2492	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	104
PID 4136 wrote to memory of 1644	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	105
PID 4136 wrote to memory of 1644	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	105
PID 4136 wrote to memory of 4764	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	106
PID 4136 wrote to memory of 4764	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	106
PID 4136 wrote to memory of 3364	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	107
PID 4136 wrote to memory of 3364	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	107
PID 4136 wrote to memory of 1764	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	108
PID 4136 wrote to memory of 1764	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	108
PID 4136 wrote to memory of 3496	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	109
PID 4136 wrote to memory of 3496	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	109
PID 4136 wrote to memory of 1232	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	110
PID 4136 wrote to memory of 1232	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	110
PID 4136 wrote to memory of 2972	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	111
PID 4136 wrote to memory of 2972	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	111
PID 4136 wrote to memory of 3952	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	112
PID 4136 wrote to memory of 3952	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	112
PID 4136 wrote to memory of 4844	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	113
PID 4136 wrote to memory of 4844	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	113
PID 4136 wrote to memory of 4008	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	114
PID 4136 wrote to memory of 4008	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	114
PID 4136 wrote to memory of 4904	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	115
PID 4136 wrote to memory of 4904	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	115
PID 4136 wrote to memory of 2132	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	116
PID 4136 wrote to memory of 2132	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	116
PID 4136 wrote to memory of 4360	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	117
PID 4136 wrote to memory of 4360	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	117
PID 4136 wrote to memory of 3108	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	118
PID 4136 wrote to memory of 3108	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	118
PID 4136 wrote to memory of 3476	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	119
PID 4136 wrote to memory of 3476	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	119
PID 4136 wrote to memory of 2312	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	120
PID 4136 wrote to memory of 2312	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	120
PID 4136 wrote to memory of 780	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	121
PID 4136 wrote to memory of 780	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	121
PID 4136 wrote to memory of 4436	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	122
PID 4136 wrote to memory of 4436	4136	c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe	122

C:\Users\Admin\AppData\Local\Temp\c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe
"C:\Users\Admin\AppData\Local\Temp\c3e9c2d1f289a4a42c627c1f51455f07ddb167a4d6008b9e5487ff7da94becc0.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Windows\System32\uRPdutc.exe
  C:\Windows\System32\uRPdutc.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System32\CqvNIga.exe
  C:\Windows\System32\CqvNIga.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System32\lYYkXfj.exe
  C:\Windows\System32\lYYkXfj.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System32\enFsBal.exe
  C:\Windows\System32\enFsBal.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System32\LLIGkUQ.exe
  C:\Windows\System32\LLIGkUQ.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System32\SKdPWkM.exe
  C:\Windows\System32\SKdPWkM.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System32\iAIGuJt.exe
  C:\Windows\System32\iAIGuJt.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System32\YRfumpt.exe
  C:\Windows\System32\YRfumpt.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System32\XgsrMdm.exe
  C:\Windows\System32\XgsrMdm.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System32\hlRsUxr.exe
  C:\Windows\System32\hlRsUxr.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System32\lxPRLmK.exe
  C:\Windows\System32\lxPRLmK.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System32\uiLqWEk.exe
  C:\Windows\System32\uiLqWEk.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System32\SIpIUyW.exe
  C:\Windows\System32\SIpIUyW.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System32\ehVgSBI.exe
  C:\Windows\System32\ehVgSBI.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System32\vUDNren.exe
  C:\Windows\System32\vUDNren.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System32\vYtBwIk.exe
  C:\Windows\System32\vYtBwIk.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System32\PwEdTsX.exe
  C:\Windows\System32\PwEdTsX.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System32\kNJSvLX.exe
  C:\Windows\System32\kNJSvLX.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System32\mpQeZEj.exe
  C:\Windows\System32\mpQeZEj.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System32\fhRwjjE.exe
  C:\Windows\System32\fhRwjjE.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System32\WIFDIcf.exe
  C:\Windows\System32\WIFDIcf.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System32\qQZskYB.exe
  C:\Windows\System32\qQZskYB.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System32\wgyagra.exe
  C:\Windows\System32\wgyagra.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System32\MqEFRJr.exe
  C:\Windows\System32\MqEFRJr.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System32\apHfFez.exe
  C:\Windows\System32\apHfFez.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System32\WhhhVPU.exe
  C:\Windows\System32\WhhhVPU.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System32\aFCRVUf.exe
  C:\Windows\System32\aFCRVUf.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System32\EFnmzsZ.exe
  C:\Windows\System32\EFnmzsZ.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System32\xLGiViY.exe
  C:\Windows\System32\xLGiViY.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System32\LfZdvpN.exe
  C:\Windows\System32\LfZdvpN.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System32\NtwfwmX.exe
  C:\Windows\System32\NtwfwmX.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System32\ysIfzOg.exe
  C:\Windows\System32\ysIfzOg.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System32\YnDBJFe.exe
  C:\Windows\System32\YnDBJFe.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System32\qwnOdgB.exe
  C:\Windows\System32\qwnOdgB.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System32\wSPzuZy.exe
  C:\Windows\System32\wSPzuZy.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System32\QaVsZHS.exe
  C:\Windows\System32\QaVsZHS.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System32\ZGHZzxC.exe
  C:\Windows\System32\ZGHZzxC.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System32\AgDGqAR.exe
  C:\Windows\System32\AgDGqAR.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System32\HyFHtFS.exe
  C:\Windows\System32\HyFHtFS.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System32\yQBxGuv.exe
  C:\Windows\System32\yQBxGuv.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System32\mpcWXQc.exe
  C:\Windows\System32\mpcWXQc.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System32\ATEFSjY.exe
  C:\Windows\System32\ATEFSjY.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System32\DLXFiRq.exe
  C:\Windows\System32\DLXFiRq.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System32\BgsGwBJ.exe
  C:\Windows\System32\BgsGwBJ.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System32\VAQstMK.exe
  C:\Windows\System32\VAQstMK.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System32\BdLuufd.exe
  C:\Windows\System32\BdLuufd.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System32\vcrDlAf.exe
  C:\Windows\System32\vcrDlAf.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System32\msZmFTB.exe
  C:\Windows\System32\msZmFTB.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System32\JPxJVNy.exe
  C:\Windows\System32\JPxJVNy.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System32\GcdxosK.exe
  C:\Windows\System32\GcdxosK.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System32\cZtpxcO.exe
  C:\Windows\System32\cZtpxcO.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System32\wCTpaOi.exe
  C:\Windows\System32\wCTpaOi.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System32\aiYNCUl.exe
  C:\Windows\System32\aiYNCUl.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System32\NvZbyZW.exe
  C:\Windows\System32\NvZbyZW.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System32\udVWSXA.exe
  C:\Windows\System32\udVWSXA.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System32\NDirafm.exe
  C:\Windows\System32\NDirafm.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System32\IXrClnh.exe
  C:\Windows\System32\IXrClnh.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System32\WxXVVnX.exe
  C:\Windows\System32\WxXVVnX.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System32\sFOZGtK.exe
  C:\Windows\System32\sFOZGtK.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System32\WNxzpaC.exe
  C:\Windows\System32\WNxzpaC.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System32\ijlFJWv.exe
  C:\Windows\System32\ijlFJWv.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System32\jCObFrq.exe
  C:\Windows\System32\jCObFrq.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System32\uGhVIdT.exe
  C:\Windows\System32\uGhVIdT.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System32\uvkJHEB.exe
  C:\Windows\System32\uvkJHEB.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System32\svSjmnq.exe
  C:\Windows\System32\svSjmnq.exe
  2⤵
  PID:5076
- C:\Windows\System32\zaAFLPc.exe
  C:\Windows\System32\zaAFLPc.exe
  2⤵
  PID:1604
- C:\Windows\System32\AgkdhGY.exe
  C:\Windows\System32\AgkdhGY.exe
  2⤵
  PID:4820
- C:\Windows\System32\GHpNRUA.exe
  C:\Windows\System32\GHpNRUA.exe
  2⤵
  PID:2032
- C:\Windows\System32\IIjBkAM.exe
  C:\Windows\System32\IIjBkAM.exe
  2⤵
  PID:860
- C:\Windows\System32\uxaesIr.exe
  C:\Windows\System32\uxaesIr.exe
  2⤵
  PID:2208
- C:\Windows\System32\FexqlAx.exe
  C:\Windows\System32\FexqlAx.exe
  2⤵
  PID:556
- C:\Windows\System32\IZjsBEc.exe
  C:\Windows\System32\IZjsBEc.exe
  2⤵
  PID:1108
- C:\Windows\System32\tCBXRgl.exe
  C:\Windows\System32\tCBXRgl.exe
  2⤵
  PID:4292
- C:\Windows\System32\faPdOxy.exe
  C:\Windows\System32\faPdOxy.exe
  2⤵
  PID:2928
- C:\Windows\System32\hMojIrK.exe
  C:\Windows\System32\hMojIrK.exe
  2⤵
  PID:4648
- C:\Windows\System32\aMgXCsH.exe
  C:\Windows\System32\aMgXCsH.exe
  2⤵
  PID:2996
- C:\Windows\System32\OycwCDK.exe
  C:\Windows\System32\OycwCDK.exe
  2⤵
  PID:2332
- C:\Windows\System32\AUSUklo.exe
  C:\Windows\System32\AUSUklo.exe
  2⤵
  PID:4116
- C:\Windows\System32\YAwxKoS.exe
  C:\Windows\System32\YAwxKoS.exe
  2⤵
  PID:2440
- C:\Windows\System32\mdffLbx.exe
  C:\Windows\System32\mdffLbx.exe
  2⤵
  PID:4124
- C:\Windows\System32\QqrtmHQ.exe
  C:\Windows\System32\QqrtmHQ.exe
  2⤵
  PID:736
- C:\Windows\System32\TpoZbLP.exe
  C:\Windows\System32\TpoZbLP.exe
  2⤵
  PID:2564
- C:\Windows\System32\uXRNHJv.exe
  C:\Windows\System32\uXRNHJv.exe
  2⤵
  PID:632
- C:\Windows\System32\KrrKceA.exe
  C:\Windows\System32\KrrKceA.exe
  2⤵
  PID:2772
- C:\Windows\System32\NIechEE.exe
  C:\Windows\System32\NIechEE.exe
  2⤵
  PID:4016
- C:\Windows\System32\JDOvAEr.exe
  C:\Windows\System32\JDOvAEr.exe
  2⤵
  PID:5032
- C:\Windows\System32\saASvvt.exe
  C:\Windows\System32\saASvvt.exe
  2⤵
  PID:4696
- C:\Windows\System32\LjiQShI.exe
  C:\Windows\System32\LjiQShI.exe
  2⤵
  PID:2056
- C:\Windows\System32\IMRfFiL.exe
  C:\Windows\System32\IMRfFiL.exe
  2⤵
  PID:4692
- C:\Windows\System32\rbfTsNl.exe
  C:\Windows\System32\rbfTsNl.exe
  2⤵
  PID:1840
- C:\Windows\System32\ZRDNcoS.exe
  C:\Windows\System32\ZRDNcoS.exe
  2⤵
  PID:4280
- C:\Windows\System32\RkWbzBp.exe
  C:\Windows\System32\RkWbzBp.exe
  2⤵
  PID:1548
- C:\Windows\System32\MlTFjoB.exe
  C:\Windows\System32\MlTFjoB.exe
  2⤵
  PID:1552
- C:\Windows\System32\ywYWUvU.exe
  C:\Windows\System32\ywYWUvU.exe
  2⤵
  PID:1280
- C:\Windows\System32\SRFypYF.exe
  C:\Windows\System32\SRFypYF.exe
  2⤵
  PID:3280
- C:\Windows\System32\TUMNuJN.exe
  C:\Windows\System32\TUMNuJN.exe
  2⤵
  PID:3616
- C:\Windows\System32\XWdvsWQ.exe
  C:\Windows\System32\XWdvsWQ.exe
  2⤵
  PID:4716
- C:\Windows\System32\CvnrlzT.exe
  C:\Windows\System32\CvnrlzT.exe
  2⤵
  PID:2352
- C:\Windows\System32\GhvtxDH.exe
  C:\Windows\System32\GhvtxDH.exe
  2⤵
  PID:3468
- C:\Windows\System32\rXshAUU.exe
  C:\Windows\System32\rXshAUU.exe
  2⤵
  PID:2508
- C:\Windows\System32\TMjDlDZ.exe
  C:\Windows\System32\TMjDlDZ.exe
  2⤵
  PID:4860
- C:\Windows\System32\KpPtHbL.exe
  C:\Windows\System32\KpPtHbL.exe
  2⤵
  PID:4804
- C:\Windows\System32\aPTSyVE.exe
  C:\Windows\System32\aPTSyVE.exe
  2⤵
  PID:756
- C:\Windows\System32\yPtZysT.exe
  C:\Windows\System32\yPtZysT.exe
  2⤵
  PID:5132
- C:\Windows\System32\zDCsxcl.exe
  C:\Windows\System32\zDCsxcl.exe
  2⤵
  PID:5148
- C:\Windows\System32\zBgxuNp.exe
  C:\Windows\System32\zBgxuNp.exe
  2⤵
  PID:5164
- C:\Windows\System32\AvCTdYK.exe
  C:\Windows\System32\AvCTdYK.exe
  2⤵
  PID:5180
- C:\Windows\System32\ByWlayq.exe
  C:\Windows\System32\ByWlayq.exe
  2⤵
  PID:5196
- C:\Windows\System32\RlZFTyW.exe
  C:\Windows\System32\RlZFTyW.exe
  2⤵
  PID:5212
- C:\Windows\System32\zAetpId.exe
  C:\Windows\System32\zAetpId.exe
  2⤵
  PID:5228
- C:\Windows\System32\OhCcjJN.exe
  C:\Windows\System32\OhCcjJN.exe
  2⤵
  PID:5244
- C:\Windows\System32\SFssKIJ.exe
  C:\Windows\System32\SFssKIJ.exe
  2⤵
  PID:5260
- C:\Windows\System32\Nenaeyq.exe
  C:\Windows\System32\Nenaeyq.exe
  2⤵
  PID:5276
- C:\Windows\System32\QvIiRgi.exe
  C:\Windows\System32\QvIiRgi.exe
  2⤵
  PID:5292
- C:\Windows\System32\gKCNHdj.exe
  C:\Windows\System32\gKCNHdj.exe
  2⤵
  PID:5308
- C:\Windows\System32\VdgAdpF.exe
  C:\Windows\System32\VdgAdpF.exe
  2⤵
  PID:5324
- C:\Windows\System32\pvmKNdk.exe
  C:\Windows\System32\pvmKNdk.exe
  2⤵
  PID:5340
- C:\Windows\System32\ykRyuVL.exe
  C:\Windows\System32\ykRyuVL.exe
  2⤵
  PID:5356
- C:\Windows\System32\ivTBvAF.exe
  C:\Windows\System32\ivTBvAF.exe
  2⤵
  PID:5372
- C:\Windows\System32\TOgXerL.exe
  C:\Windows\System32\TOgXerL.exe
  2⤵
  PID:5388
- C:\Windows\System32\GXKByEx.exe
  C:\Windows\System32\GXKByEx.exe
  2⤵
  PID:5404
- C:\Windows\System32\kMKyXnO.exe
  C:\Windows\System32\kMKyXnO.exe
  2⤵
  PID:5420
- C:\Windows\System32\BawgiiQ.exe
  C:\Windows\System32\BawgiiQ.exe
  2⤵
  PID:5436
- C:\Windows\System32\bPkmScn.exe
  C:\Windows\System32\bPkmScn.exe
  2⤵
  PID:5452
- C:\Windows\System32\MZBmAVg.exe
  C:\Windows\System32\MZBmAVg.exe
  2⤵
  PID:5468
- C:\Windows\System32\HGtygxj.exe
  C:\Windows\System32\HGtygxj.exe
  2⤵
  PID:5484
- C:\Windows\System32\dgghEnQ.exe
  C:\Windows\System32\dgghEnQ.exe
  2⤵
  PID:5500
- C:\Windows\System32\soRWkBN.exe
  C:\Windows\System32\soRWkBN.exe
  2⤵
  PID:5516
- C:\Windows\System32\WAKFMXn.exe
  C:\Windows\System32\WAKFMXn.exe
  2⤵
  PID:5532
- C:\Windows\System32\CzIMXCT.exe
  C:\Windows\System32\CzIMXCT.exe
  2⤵
  PID:5548
- C:\Windows\System32\mNcwIwC.exe
  C:\Windows\System32\mNcwIwC.exe
  2⤵
  PID:5564
- C:\Windows\System32\vimDkHq.exe
  C:\Windows\System32\vimDkHq.exe
  2⤵
  PID:5580
- C:\Windows\System32\buZSRAG.exe
  C:\Windows\System32\buZSRAG.exe
  2⤵
  PID:5596
- C:\Windows\System32\hZXiEdx.exe
  C:\Windows\System32\hZXiEdx.exe
  2⤵
  PID:5612
- C:\Windows\System32\tLzbPkj.exe
  C:\Windows\System32\tLzbPkj.exe
  2⤵
  PID:5628
- C:\Windows\System32\jTKSNTw.exe
  C:\Windows\System32\jTKSNTw.exe
  2⤵
  PID:5644
- C:\Windows\System32\KQDAYtU.exe
  C:\Windows\System32\KQDAYtU.exe
  2⤵
  PID:5660
- C:\Windows\System32\OoHoHtO.exe
  C:\Windows\System32\OoHoHtO.exe
  2⤵
  PID:5676
- C:\Windows\System32\QUZlYgM.exe
  C:\Windows\System32\QUZlYgM.exe
  2⤵
  PID:5692
- C:\Windows\System32\qKzIdGG.exe
  C:\Windows\System32\qKzIdGG.exe
  2⤵
  PID:5708
- C:\Windows\System32\xWJmkhK.exe
  C:\Windows\System32\xWJmkhK.exe
  2⤵
  PID:5724
- C:\Windows\System32\urxNwTC.exe
  C:\Windows\System32\urxNwTC.exe
  2⤵
  PID:5740
- C:\Windows\System32\VcRjHck.exe
  C:\Windows\System32\VcRjHck.exe
  2⤵
  PID:5756
- C:\Windows\System32\jThpiWP.exe
  C:\Windows\System32\jThpiWP.exe
  2⤵
  PID:5772
- C:\Windows\System32\ufQeqnQ.exe
  C:\Windows\System32\ufQeqnQ.exe
  2⤵
  PID:5788
- C:\Windows\System32\gvrgsXk.exe
  C:\Windows\System32\gvrgsXk.exe
  2⤵
  PID:5804
- C:\Windows\System32\MziiUGN.exe
  C:\Windows\System32\MziiUGN.exe
  2⤵
  PID:5820
- C:\Windows\System32\VYrVesP.exe
  C:\Windows\System32\VYrVesP.exe
  2⤵
  PID:5836
- C:\Windows\System32\BelceYR.exe
  C:\Windows\System32\BelceYR.exe
  2⤵
  PID:5852
- C:\Windows\System32\gexOfqU.exe
  C:\Windows\System32\gexOfqU.exe
  2⤵
  PID:5868
- C:\Windows\System32\QETfdRw.exe
  C:\Windows\System32\QETfdRw.exe
  2⤵
  PID:5884
- C:\Windows\System32\kpcZTAd.exe
  C:\Windows\System32\kpcZTAd.exe
  2⤵
  PID:5900
- C:\Windows\System32\bLFnAYZ.exe
  C:\Windows\System32\bLFnAYZ.exe
  2⤵
  PID:5916
- C:\Windows\System32\KnnHcHf.exe
  C:\Windows\System32\KnnHcHf.exe
  2⤵
  PID:5932
- C:\Windows\System32\nXEXKSH.exe
  C:\Windows\System32\nXEXKSH.exe
  2⤵
  PID:5948
- C:\Windows\System32\SOqxBEL.exe
  C:\Windows\System32\SOqxBEL.exe
  2⤵
  PID:5964
- C:\Windows\System32\chvPWba.exe
  C:\Windows\System32\chvPWba.exe
  2⤵
  PID:5980
- C:\Windows\System32\xDoroSW.exe
  C:\Windows\System32\xDoroSW.exe
  2⤵
  PID:5996
- C:\Windows\System32\TxXXxcZ.exe
  C:\Windows\System32\TxXXxcZ.exe
  2⤵
  PID:6012
- C:\Windows\System32\aWnhGQM.exe
  C:\Windows\System32\aWnhGQM.exe
  2⤵
  PID:6028
- C:\Windows\System32\HJHtqQR.exe
  C:\Windows\System32\HJHtqQR.exe
  2⤵
  PID:6044
- C:\Windows\System32\jrGbNFb.exe
  C:\Windows\System32\jrGbNFb.exe
  2⤵
  PID:6060
- C:\Windows\System32\HZvWzZu.exe
  C:\Windows\System32\HZvWzZu.exe
  2⤵
  PID:6076
- C:\Windows\System32\iUYXZyy.exe
  C:\Windows\System32\iUYXZyy.exe
  2⤵
  PID:6092
- C:\Windows\System32\nTPjAQR.exe
  C:\Windows\System32\nTPjAQR.exe
  2⤵
  PID:6108
- C:\Windows\System32\fGzZGbt.exe
  C:\Windows\System32\fGzZGbt.exe
  2⤵
  PID:6124
- C:\Windows\System32\podNpaI.exe
  C:\Windows\System32\podNpaI.exe
  2⤵
  PID:6140
- C:\Windows\System32\MTHPaPo.exe
  C:\Windows\System32\MTHPaPo.exe
  2⤵
  PID:5008
- C:\Windows\System32\FdErCGJ.exe
  C:\Windows\System32\FdErCGJ.exe
  2⤵
  PID:1368
- C:\Windows\System32\sUqbGvf.exe
  C:\Windows\System32\sUqbGvf.exe
  2⤵
  PID:4304
- C:\Windows\System32\HLswznW.exe
  C:\Windows\System32\HLswznW.exe
  2⤵
  PID:4496
- C:\Windows\System32\NjxdtsS.exe
  C:\Windows\System32\NjxdtsS.exe
  2⤵
  PID:1700
- C:\Windows\System32\qXStdzD.exe
  C:\Windows\System32\qXStdzD.exe
  2⤵
  PID:2448
- C:\Windows\System32\CvJlCfN.exe
  C:\Windows\System32\CvJlCfN.exe
  2⤵
  PID:528
- C:\Windows\System32\tbqpHoe.exe
  C:\Windows\System32\tbqpHoe.exe
  2⤵
  PID:2952
- C:\Windows\System32\AUbpAxu.exe
  C:\Windows\System32\AUbpAxu.exe
  2⤵
  PID:1584
- C:\Windows\System32\VdiHiVW.exe
  C:\Windows\System32\VdiHiVW.exe
  2⤵
  PID:5144
- C:\Windows\System32\ArWyNnX.exe
  C:\Windows\System32\ArWyNnX.exe
  2⤵
  PID:5176
- C:\Windows\System32\hRGrAuJ.exe
  C:\Windows\System32\hRGrAuJ.exe
  2⤵
  PID:5208
- C:\Windows\System32\OAmPTFI.exe
  C:\Windows\System32\OAmPTFI.exe
  2⤵
  PID:5240
- C:\Windows\System32\nxLlEDY.exe
  C:\Windows\System32\nxLlEDY.exe
  2⤵
  PID:5272
- C:\Windows\System32\IROazFQ.exe
  C:\Windows\System32\IROazFQ.exe
  2⤵
  PID:5300
- C:\Windows\System32\SBTcNnN.exe
  C:\Windows\System32\SBTcNnN.exe
  2⤵
  PID:5336
- C:\Windows\System32\jjVpnGB.exe
  C:\Windows\System32\jjVpnGB.exe
  2⤵
  PID:5368
- C:\Windows\System32\pZaXinV.exe
  C:\Windows\System32\pZaXinV.exe
  2⤵
  PID:5396
- C:\Windows\System32\xEFdFOz.exe
  C:\Windows\System32\xEFdFOz.exe
  2⤵
  PID:5428
- C:\Windows\System32\EcCtvvH.exe
  C:\Windows\System32\EcCtvvH.exe
  2⤵
  PID:5460
- C:\Windows\System32\AGgGeML.exe
  C:\Windows\System32\AGgGeML.exe
  2⤵
  PID:5492
- C:\Windows\System32\EYxVOvX.exe
  C:\Windows\System32\EYxVOvX.exe
  2⤵
  PID:5524
- C:\Windows\System32\KimmwNO.exe
  C:\Windows\System32\KimmwNO.exe
  2⤵
  PID:5556
- C:\Windows\System32\cxdyftU.exe
  C:\Windows\System32\cxdyftU.exe
  2⤵
  PID:5592
- C:\Windows\System32\EyCpiKS.exe
  C:\Windows\System32\EyCpiKS.exe
  2⤵
  PID:5620
- C:\Windows\System32\LFAsZMA.exe
  C:\Windows\System32\LFAsZMA.exe
  2⤵
  PID:5640
- C:\Windows\System32\remtaYQ.exe
  C:\Windows\System32\remtaYQ.exe
  2⤵
  PID:5672
- C:\Windows\System32\ScXyTSF.exe
  C:\Windows\System32\ScXyTSF.exe
  2⤵
  PID:5704
- C:\Windows\System32\EdZhogT.exe
  C:\Windows\System32\EdZhogT.exe
  2⤵
  PID:5736
- C:\Windows\System32\bWCKfjI.exe
  C:\Windows\System32\bWCKfjI.exe
  2⤵
  PID:5768
- C:\Windows\System32\tjaLuxX.exe
  C:\Windows\System32\tjaLuxX.exe
  2⤵
  PID:5800
- C:\Windows\System32\wXScnLV.exe
  C:\Windows\System32\wXScnLV.exe
  2⤵
  PID:5832
- C:\Windows\System32\QeUaBxG.exe
  C:\Windows\System32\QeUaBxG.exe
  2⤵
  PID:5860
- C:\Windows\System32\symxyDl.exe
  C:\Windows\System32\symxyDl.exe
  2⤵
  PID:5896
- C:\Windows\System32\QgrGVtz.exe
  C:\Windows\System32\QgrGVtz.exe
  2⤵
  PID:5924
- C:\Windows\System32\YpABdxb.exe
  C:\Windows\System32\YpABdxb.exe
  2⤵
  PID:5956
- C:\Windows\System32\SbKnGJk.exe
  C:\Windows\System32\SbKnGJk.exe
  2⤵
  PID:5988
- C:\Windows\System32\RglDmKY.exe
  C:\Windows\System32\RglDmKY.exe
  2⤵
  PID:6020
- C:\Windows\System32\pGJvayA.exe
  C:\Windows\System32\pGJvayA.exe
  2⤵
  PID:6052
- C:\Windows\System32\eXkcSJN.exe
  C:\Windows\System32\eXkcSJN.exe
  2⤵
  PID:6084
- C:\Windows\System32\napxCtm.exe
  C:\Windows\System32\napxCtm.exe
  2⤵
  PID:6116
- C:\Windows\System32\ssJgNZr.exe
  C:\Windows\System32\ssJgNZr.exe
  2⤵
  PID:232
- C:\Windows\System32\UKoNBSl.exe
  C:\Windows\System32\UKoNBSl.exe
  2⤵
  PID:1532
- C:\Windows\System32\FNKJujD.exe
  C:\Windows\System32\FNKJujD.exe
  2⤵
  PID:4948
- C:\Windows\System32\ApzVbLB.exe
  C:\Windows\System32\ApzVbLB.exe
  2⤵
  PID:3296
- C:\Windows\System32\XBIyjHw.exe
  C:\Windows\System32\XBIyjHw.exe
  2⤵
  PID:3828
- C:\Windows\System32\ExQFfik.exe
  C:\Windows\System32\ExQFfik.exe
  2⤵
  PID:5140
- C:\Windows\System32\wqLRVFt.exe
  C:\Windows\System32\wqLRVFt.exe
  2⤵
  PID:5192
- C:\Windows\System32\HooccXM.exe
  C:\Windows\System32\HooccXM.exe
  2⤵
  PID:5256
- C:\Windows\System32\typhBYq.exe
  C:\Windows\System32\typhBYq.exe
  2⤵
  PID:5316
- C:\Windows\System32\LAXBQUa.exe
  C:\Windows\System32\LAXBQUa.exe
  2⤵
  PID:5384
- C:\Windows\System32\HODHdJU.exe
  C:\Windows\System32\HODHdJU.exe
  2⤵
  PID:5448
- C:\Windows\System32\LBDrVtp.exe
  C:\Windows\System32\LBDrVtp.exe
  2⤵
  PID:5508
- C:\Windows\System32\vLWPlhJ.exe
  C:\Windows\System32\vLWPlhJ.exe
  2⤵
  PID:5572
- C:\Windows\System32\drZNRfI.exe
  C:\Windows\System32\drZNRfI.exe
  2⤵
  PID:5636
- C:\Windows\System32\IoqAmWF.exe
  C:\Windows\System32\IoqAmWF.exe
  2⤵
  PID:5688
- C:\Windows\System32\iJmTdzD.exe
  C:\Windows\System32\iJmTdzD.exe
  2⤵
  PID:5752
- C:\Windows\System32\fUjwhoJ.exe
  C:\Windows\System32\fUjwhoJ.exe
  2⤵
  PID:5828
- C:\Windows\System32\jVEiond.exe
  C:\Windows\System32\jVEiond.exe
  2⤵
  PID:5876
- C:\Windows\System32\OvlJqTR.exe
  C:\Windows\System32\OvlJqTR.exe
  2⤵
  PID:5944
- C:\Windows\System32\FhZGsVv.exe
  C:\Windows\System32\FhZGsVv.exe
  2⤵
  PID:6008
- C:\Windows\System32\tzhWYNf.exe
  C:\Windows\System32\tzhWYNf.exe
  2⤵
  PID:6068
- C:\Windows\System32\pblCLqC.exe
  C:\Windows\System32\pblCLqC.exe
  2⤵
  PID:6136
- C:\Windows\System32\tAJpGhL.exe
  C:\Windows\System32\tAJpGhL.exe
  2⤵
  PID:1900
- C:\Windows\System32\HtcJSpG.exe
  C:\Windows\System32\HtcJSpG.exe
  2⤵
  PID:4780
- C:\Windows\System32\SDMuglY.exe
  C:\Windows\System32\SDMuglY.exe
  2⤵
  PID:5172
- C:\Windows\System32\zQDQeQj.exe
  C:\Windows\System32\zQDQeQj.exe
  2⤵
  PID:5304
- C:\Windows\System32\pKNrSNA.exe
  C:\Windows\System32\pKNrSNA.exe
  2⤵
  PID:5412
- C:\Windows\System32\pwmRjYa.exe
  C:\Windows\System32\pwmRjYa.exe
  2⤵
  PID:5544
- C:\Windows\System32\xbiLzkZ.exe
  C:\Windows\System32\xbiLzkZ.exe
  2⤵
  PID:5656
- C:\Windows\System32\UJdlJvx.exe
  C:\Windows\System32\UJdlJvx.exe
  2⤵
  PID:5796
- C:\Windows\System32\IIsLhQP.exe
  C:\Windows\System32\IIsLhQP.exe
  2⤵
  PID:6156
- C:\Windows\System32\UZdQJaX.exe
  C:\Windows\System32\UZdQJaX.exe
  2⤵
  PID:6172
- C:\Windows\System32\wEKRISE.exe
  C:\Windows\System32\wEKRISE.exe
  2⤵
  PID:6188
- C:\Windows\System32\fuzAyue.exe
  C:\Windows\System32\fuzAyue.exe
  2⤵
  PID:6204
- C:\Windows\System32\oxdkyWw.exe
  C:\Windows\System32\oxdkyWw.exe
  2⤵
  PID:6220
- C:\Windows\System32\nTlPzzx.exe
  C:\Windows\System32\nTlPzzx.exe
  2⤵
  PID:6236
- C:\Windows\System32\KVfPPEC.exe
  C:\Windows\System32\KVfPPEC.exe
  2⤵
  PID:6252
- C:\Windows\System32\JKohPsw.exe
  C:\Windows\System32\JKohPsw.exe
  2⤵
  PID:6268
- C:\Windows\System32\yOwUubA.exe
  C:\Windows\System32\yOwUubA.exe
  2⤵
  PID:6284
- C:\Windows\System32\ldVOIYU.exe
  C:\Windows\System32\ldVOIYU.exe
  2⤵
  PID:6300
- C:\Windows\System32\csDXYsA.exe
  C:\Windows\System32\csDXYsA.exe
  2⤵
  PID:6316
- C:\Windows\System32\nqCzLhB.exe
  C:\Windows\System32\nqCzLhB.exe
  2⤵
  PID:6332
- C:\Windows\System32\NcLJsjy.exe
  C:\Windows\System32\NcLJsjy.exe
  2⤵
  PID:6348
- C:\Windows\System32\psaLTKG.exe
  C:\Windows\System32\psaLTKG.exe
  2⤵
  PID:6364
- C:\Windows\System32\OUYHxkO.exe
  C:\Windows\System32\OUYHxkO.exe
  2⤵
  PID:6380
- C:\Windows\System32\xhIefnl.exe
  C:\Windows\System32\xhIefnl.exe
  2⤵
  PID:6396
- C:\Windows\System32\PefTfKg.exe
  C:\Windows\System32\PefTfKg.exe
  2⤵
  PID:6412
- C:\Windows\System32\uaKXsqQ.exe
  C:\Windows\System32\uaKXsqQ.exe
  2⤵
  PID:6428
- C:\Windows\System32\hKCffzr.exe
  C:\Windows\System32\hKCffzr.exe
  2⤵
  PID:6444
- C:\Windows\System32\WDsNmiZ.exe
  C:\Windows\System32\WDsNmiZ.exe
  2⤵
  PID:6460
- C:\Windows\System32\fJljqPm.exe
  C:\Windows\System32\fJljqPm.exe
  2⤵
  PID:6476
- C:\Windows\System32\doUAmuQ.exe
  C:\Windows\System32\doUAmuQ.exe
  2⤵
  PID:6492
- C:\Windows\System32\OvGgYaI.exe
  C:\Windows\System32\OvGgYaI.exe
  2⤵
  PID:6508
- C:\Windows\System32\cKbIyeX.exe
  C:\Windows\System32\cKbIyeX.exe
  2⤵
  PID:6524
- C:\Windows\System32\zzenqmS.exe
  C:\Windows\System32\zzenqmS.exe
  2⤵
  PID:6540
- C:\Windows\System32\bbdMpeY.exe
  C:\Windows\System32\bbdMpeY.exe
  2⤵
  PID:6556
- C:\Windows\System32\JHSSJLG.exe
  C:\Windows\System32\JHSSJLG.exe
  2⤵
  PID:6572
- C:\Windows\System32\IBCefIt.exe
  C:\Windows\System32\IBCefIt.exe
  2⤵
  PID:6588
- C:\Windows\System32\SJvTGxT.exe
  C:\Windows\System32\SJvTGxT.exe
  2⤵
  PID:6604
- C:\Windows\System32\KELFhWF.exe
  C:\Windows\System32\KELFhWF.exe
  2⤵
  PID:6620
- C:\Windows\System32\naFGcOu.exe
  C:\Windows\System32\naFGcOu.exe
  2⤵
  PID:6636
- C:\Windows\System32\HEiyeLE.exe
  C:\Windows\System32\HEiyeLE.exe
  2⤵
  PID:6652
- C:\Windows\System32\LmkTDIp.exe
  C:\Windows\System32\LmkTDIp.exe
  2⤵
  PID:6668
- C:\Windows\System32\IUdLiYu.exe
  C:\Windows\System32\IUdLiYu.exe
  2⤵
  PID:6684
- C:\Windows\System32\eRArOge.exe
  C:\Windows\System32\eRArOge.exe
  2⤵
  PID:6700
- C:\Windows\System32\RfFgSBI.exe
  C:\Windows\System32\RfFgSBI.exe
  2⤵
  PID:6716
- C:\Windows\System32\vkUnEjO.exe
  C:\Windows\System32\vkUnEjO.exe
  2⤵
  PID:6732
- C:\Windows\System32\ruJpyIy.exe
  C:\Windows\System32\ruJpyIy.exe
  2⤵
  PID:6748
- C:\Windows\System32\MeyjwWs.exe
  C:\Windows\System32\MeyjwWs.exe
  2⤵
  PID:6764
- C:\Windows\System32\skkSGfn.exe
  C:\Windows\System32\skkSGfn.exe
  2⤵
  PID:6780
- C:\Windows\System32\NHJrGeG.exe
  C:\Windows\System32\NHJrGeG.exe
  2⤵
  PID:6796
- C:\Windows\System32\VRUalGw.exe
  C:\Windows\System32\VRUalGw.exe
  2⤵
  PID:6812
- C:\Windows\System32\QcjSQhb.exe
  C:\Windows\System32\QcjSQhb.exe
  2⤵
  PID:6828
- C:\Windows\System32\XLSKQNn.exe
  C:\Windows\System32\XLSKQNn.exe
  2⤵
  PID:6844
- C:\Windows\System32\FmtfEjq.exe
  C:\Windows\System32\FmtfEjq.exe
  2⤵
  PID:6860
- C:\Windows\System32\MKJSsnS.exe
  C:\Windows\System32\MKJSsnS.exe
  2⤵
  PID:6876
- C:\Windows\System32\QPVfQaR.exe
  C:\Windows\System32\QPVfQaR.exe
  2⤵
  PID:6892
- C:\Windows\System32\AGQMFpo.exe
  C:\Windows\System32\AGQMFpo.exe
  2⤵
  PID:6908
- C:\Windows\System32\xPatiNI.exe
  C:\Windows\System32\xPatiNI.exe
  2⤵
  PID:6924
- C:\Windows\System32\lZvIVhM.exe
  C:\Windows\System32\lZvIVhM.exe
  2⤵
  PID:6940
- C:\Windows\System32\bjIUvSw.exe
  C:\Windows\System32\bjIUvSw.exe
  2⤵
  PID:6956
- C:\Windows\System32\FMGbAxT.exe
  C:\Windows\System32\FMGbAxT.exe
  2⤵
  PID:6972
- C:\Windows\System32\vrnnJEa.exe
  C:\Windows\System32\vrnnJEa.exe
  2⤵
  PID:6988
- C:\Windows\System32\smPZyKv.exe
  C:\Windows\System32\smPZyKv.exe
  2⤵
  PID:7004
- C:\Windows\System32\xeLoHWJ.exe
  C:\Windows\System32\xeLoHWJ.exe
  2⤵
  PID:7020
- C:\Windows\System32\rnYsyNG.exe
  C:\Windows\System32\rnYsyNG.exe
  2⤵
  PID:7036
- C:\Windows\System32\gYqpWeS.exe
  C:\Windows\System32\gYqpWeS.exe
  2⤵
  PID:7052
- C:\Windows\System32\hxBoiep.exe
  C:\Windows\System32\hxBoiep.exe
  2⤵
  PID:7068
- C:\Windows\System32\ssVKVqG.exe
  C:\Windows\System32\ssVKVqG.exe
  2⤵
  PID:7084
- C:\Windows\System32\EPsQqxg.exe
  C:\Windows\System32\EPsQqxg.exe
  2⤵
  PID:7100
- C:\Windows\System32\UGNlxzS.exe
  C:\Windows\System32\UGNlxzS.exe
  2⤵
  PID:7116
- C:\Windows\System32\GxfbrWA.exe
  C:\Windows\System32\GxfbrWA.exe
  2⤵
  PID:7132
- C:\Windows\System32\rBSIBEI.exe
  C:\Windows\System32\rBSIBEI.exe
  2⤵
  PID:7148
- C:\Windows\System32\anHiyoL.exe
  C:\Windows\System32\anHiyoL.exe
  2⤵
  PID:7164
- C:\Windows\System32\HsyOFBT.exe
  C:\Windows\System32\HsyOFBT.exe
  2⤵
  PID:5908
- C:\Windows\System32\DDzmHqq.exe
  C:\Windows\System32\DDzmHqq.exe
  2⤵
  PID:6040
- C:\Windows\System32\UrnMsQW.exe
  C:\Windows\System32\UrnMsQW.exe
  2⤵
  PID:3152
- C:\Windows\System32\nFjFjld.exe
  C:\Windows\System32\nFjFjld.exe
  2⤵
  PID:5224
- C:\Windows\System32\iLTrBjQ.exe
  C:\Windows\System32\iLTrBjQ.exe
  2⤵
  PID:5364
- C:\Windows\System32\IKyfNOC.exe
  C:\Windows\System32\IKyfNOC.exe
  2⤵
  PID:5608
- C:\Windows\System32\AbrXqoA.exe
  C:\Windows\System32\AbrXqoA.exe
  2⤵
  PID:6152
- C:\Windows\System32\PKOedMX.exe
  C:\Windows\System32\PKOedMX.exe
  2⤵
  PID:6184
- C:\Windows\System32\LDmRNlv.exe
  C:\Windows\System32\LDmRNlv.exe
  2⤵
  PID:6216
- C:\Windows\System32\eNNqRTw.exe
  C:\Windows\System32\eNNqRTw.exe
  2⤵
  PID:6244
- C:\Windows\System32\qORDkOu.exe
  C:\Windows\System32\qORDkOu.exe
  2⤵
  PID:6276
- C:\Windows\System32\MiybdYE.exe
  C:\Windows\System32\MiybdYE.exe
  2⤵
  PID:6312
- C:\Windows\System32\wtDoNHT.exe
  C:\Windows\System32\wtDoNHT.exe
  2⤵
  PID:6344
- C:\Windows\System32\zJVcvVQ.exe
  C:\Windows\System32\zJVcvVQ.exe
  2⤵
  PID:6372
- C:\Windows\System32\mCajwiq.exe
  C:\Windows\System32\mCajwiq.exe
  2⤵
  PID:6408
- C:\Windows\System32\RgeLouD.exe
  C:\Windows\System32\RgeLouD.exe
  2⤵
  PID:6436
- C:\Windows\System32\iGSJGEy.exe
  C:\Windows\System32\iGSJGEy.exe
  2⤵
  PID:6468
- C:\Windows\System32\GDpwReD.exe
  C:\Windows\System32\GDpwReD.exe
  2⤵
  PID:6488
- C:\Windows\System32\jruzUwu.exe
  C:\Windows\System32\jruzUwu.exe
  2⤵
  PID:6520
- C:\Windows\System32\TlhomMA.exe
  C:\Windows\System32\TlhomMA.exe
  2⤵
  PID:6552
- C:\Windows\System32\vIOKhYL.exe
  C:\Windows\System32\vIOKhYL.exe
  2⤵
  PID:6584
- C:\Windows\System32\aelYrGb.exe
  C:\Windows\System32\aelYrGb.exe
  2⤵
  PID:6612
- C:\Windows\System32\IOlhRNB.exe
  C:\Windows\System32\IOlhRNB.exe
  2⤵
  PID:6644
- C:\Windows\System32\AowmAAP.exe
  C:\Windows\System32\AowmAAP.exe
  2⤵
  PID:6676
- C:\Windows\System32\jDbFaEe.exe
  C:\Windows\System32\jDbFaEe.exe
  2⤵
  PID:4836
- C:\Windows\System32\ItxRlUg.exe
  C:\Windows\System32\ItxRlUg.exe
  2⤵
  PID:6728
- C:\Windows\System32\HBwZPJG.exe
  C:\Windows\System32\HBwZPJG.exe
  2⤵
  PID:6760
- C:\Windows\System32\CwIKmXw.exe
  C:\Windows\System32\CwIKmXw.exe
  2⤵
  PID:6792
- C:\Windows\System32\zeVUfIp.exe
  C:\Windows\System32\zeVUfIp.exe
  2⤵
  PID:6820
- C:\Windows\System32\DwFxawl.exe
  C:\Windows\System32\DwFxawl.exe
  2⤵
  PID:6840
- C:\Windows\System32\EHsIqKa.exe
  C:\Windows\System32\EHsIqKa.exe
  2⤵
  PID:6868
- C:\Windows\System32\GOIFkqc.exe
  C:\Windows\System32\GOIFkqc.exe
  2⤵
  PID:6884
- C:\Windows\System32\EUKOvok.exe
  C:\Windows\System32\EUKOvok.exe
  2⤵
  PID:6920
- C:\Windows\System32\gSHoGqI.exe
  C:\Windows\System32\gSHoGqI.exe
  2⤵
  PID:6952
- C:\Windows\System32\oRICBdn.exe
  C:\Windows\System32\oRICBdn.exe
  2⤵
  PID:6984
- C:\Windows\System32\hdRiPHI.exe
  C:\Windows\System32\hdRiPHI.exe
  2⤵
  PID:7012
- C:\Windows\System32\YliQLfD.exe
  C:\Windows\System32\YliQLfD.exe
  2⤵
  PID:384
- C:\Windows\System32\SeUaPau.exe
  C:\Windows\System32\SeUaPau.exe
  2⤵
  PID:7060
- C:\Windows\System32\CIfTCcK.exe
  C:\Windows\System32\CIfTCcK.exe
  2⤵
  PID:7092
- C:\Windows\System32\YdKjDSK.exe
  C:\Windows\System32\YdKjDSK.exe
  2⤵
  PID:7128
- C:\Windows\System32\xbHuiBa.exe
  C:\Windows\System32\xbHuiBa.exe
  2⤵
  PID:7156
- C:\Windows\System32\wAXfeoR.exe
  C:\Windows\System32\wAXfeoR.exe
  2⤵
  PID:6036
- C:\Windows\System32\jyFFhUW.exe
  C:\Windows\System32\jyFFhUW.exe
  2⤵
  PID:5048
- C:\Windows\System32\JwjWRuk.exe
  C:\Windows\System32\JwjWRuk.exe
  2⤵
  PID:5352
- C:\Windows\System32\VNXsbcG.exe
  C:\Windows\System32\VNXsbcG.exe
  2⤵
  PID:5732
- C:\Windows\System32\BMBGobO.exe
  C:\Windows\System32\BMBGobO.exe
  2⤵
  PID:6180
- C:\Windows\System32\vILsHju.exe
  C:\Windows\System32\vILsHju.exe
  2⤵
  PID:6248
- C:\Windows\System32\gdDnfNk.exe
  C:\Windows\System32\gdDnfNk.exe
  2⤵
  PID:6308
- C:\Windows\System32\SpILcae.exe
  C:\Windows\System32\SpILcae.exe
  2⤵
  PID:3424
- C:\Windows\System32\ykcMNLy.exe
  C:\Windows\System32\ykcMNLy.exe
  2⤵
  PID:6392
- C:\Windows\System32\jBecCGO.exe
  C:\Windows\System32\jBecCGO.exe
  2⤵
  PID:6452
- C:\Windows\System32\aVSzgOi.exe
  C:\Windows\System32\aVSzgOi.exe
  2⤵
  PID:6504
- C:\Windows\System32\GoTTRpI.exe
  C:\Windows\System32\GoTTRpI.exe
  2⤵
  PID:3484
- C:\Windows\System32\TeGRVhi.exe
  C:\Windows\System32\TeGRVhi.exe
  2⤵
  PID:6600
- C:\Windows\System32\DmTUayx.exe
  C:\Windows\System32\DmTUayx.exe
  2⤵
  PID:6628
- C:\Windows\System32\YHbigrq.exe
  C:\Windows\System32\YHbigrq.exe
  2⤵
  PID:3904
- C:\Windows\System32\AQbKTML.exe
  C:\Windows\System32\AQbKTML.exe
  2⤵
  PID:6724
- C:\Windows\System32\Fiwbufh.exe
  C:\Windows\System32\Fiwbufh.exe
  2⤵
  PID:6772
- C:\Windows\System32\uRHKssc.exe
  C:\Windows\System32\uRHKssc.exe
  2⤵
  PID:4928
- C:\Windows\System32\fTQLOZx.exe
  C:\Windows\System32\fTQLOZx.exe
  2⤵
  PID:6948
- C:\Windows\System32\mUBtElC.exe
  C:\Windows\System32\mUBtElC.exe
  2⤵
  PID:1204
- C:\Windows\System32\GZOcpxG.exe
  C:\Windows\System32\GZOcpxG.exe
  2⤵
  PID:7108
- C:\Windows\System32\TIcTvIZ.exe
  C:\Windows\System32\TIcTvIZ.exe
  2⤵
  PID:2316
- C:\Windows\System32\FNCrNwQ.exe
  C:\Windows\System32\FNCrNwQ.exe
  2⤵
  PID:1960
- C:\Windows\System32\SJaKjQN.exe
  C:\Windows\System32\SJaKjQN.exe
  2⤵
  PID:608
- C:\Windows\System32\bjbfVuy.exe
  C:\Windows\System32\bjbfVuy.exe
  2⤵
  PID:1412
- C:\Windows\System32\NlucWsX.exe
  C:\Windows\System32\NlucWsX.exe
  2⤵
  PID:6696
- C:\Windows\System32\qfuEUTK.exe
  C:\Windows\System32\qfuEUTK.exe
  2⤵
  PID:1672
- C:\Windows\System32\RvFVXad.exe
  C:\Windows\System32\RvFVXad.exe
  2⤵
  PID:4428
- C:\Windows\System32\dMfQNkO.exe
  C:\Windows\System32\dMfQNkO.exe
  2⤵
  PID:4880
- C:\Windows\System32\caNWGBg.exe
  C:\Windows\System32\caNWGBg.exe
  2⤵
  PID:2112
- C:\Windows\System32\hefjNKV.exe
  C:\Windows\System32\hefjNKV.exe
  2⤵
  PID:6904
- C:\Windows\System32\AfFumVM.exe
  C:\Windows\System32\AfFumVM.exe
  2⤵
  PID:6916
- C:\Windows\System32\YzHEGBm.exe
  C:\Windows\System32\YzHEGBm.exe
  2⤵
  PID:1948
- C:\Windows\System32\JgQAnuv.exe
  C:\Windows\System32\JgQAnuv.exe
  2⤵
  PID:6200
- C:\Windows\System32\eXOifHM.exe
  C:\Windows\System32\eXOifHM.exe
  2⤵
  PID:440
- C:\Windows\System32\NkGlCTF.exe
  C:\Windows\System32\NkGlCTF.exe
  2⤵
  PID:4828
- C:\Windows\System32\IKFiglK.exe
  C:\Windows\System32\IKFiglK.exe
  2⤵
  PID:4864
- C:\Windows\System32\cyDizPE.exe
  C:\Windows\System32\cyDizPE.exe
  2⤵
  PID:6660
- C:\Windows\System32\ZPWdnrR.exe
  C:\Windows\System32\ZPWdnrR.exe
  2⤵
  PID:4416
- C:\Windows\System32\mCWwzfw.exe
  C:\Windows\System32\mCWwzfw.exe
  2⤵
  PID:4316
- C:\Windows\System32\oGDzjaQ.exe
  C:\Windows\System32\oGDzjaQ.exe
  2⤵
  PID:7064
- C:\Windows\System32\WeSXqiA.exe
  C:\Windows\System32\WeSXqiA.exe
  2⤵
  PID:7140
- C:\Windows\System32\CBxBOxg.exe
  C:\Windows\System32\CBxBOxg.exe
  2⤵
  PID:4728
- C:\Windows\System32\ycCMAxV.exe
  C:\Windows\System32\ycCMAxV.exe
  2⤵
  PID:6280
- C:\Windows\System32\bkjYBQi.exe
  C:\Windows\System32\bkjYBQi.exe
  2⤵
  PID:4884
- C:\Windows\System32\vXvhCXT.exe
  C:\Windows\System32\vXvhCXT.exe
  2⤵
  PID:4952
- C:\Windows\System32\ACuchxC.exe
  C:\Windows\System32\ACuchxC.exe
  2⤵
  PID:2188
- C:\Windows\System32\PCaBIHp.exe
  C:\Windows\System32\PCaBIHp.exe
  2⤵
  PID:2576
- C:\Windows\System32\LZMhxBE.exe
  C:\Windows\System32\LZMhxBE.exe
  2⤵
  PID:6756
- C:\Windows\System32\NxmzTcF.exe
  C:\Windows\System32\NxmzTcF.exe
  2⤵
  PID:7028
- C:\Windows\System32\DBynMxk.exe
  C:\Windows\System32\DBynMxk.exe
  2⤵
  PID:6484
- C:\Windows\System32\BAykYwH.exe
  C:\Windows\System32\BAykYwH.exe
  2⤵
  PID:3016
- C:\Windows\System32\DcQpRJQ.exe
  C:\Windows\System32\DcQpRJQ.exe
  2⤵
  PID:2984
- C:\Windows\System32\HxmBQyf.exe
  C:\Windows\System32\HxmBQyf.exe
  2⤵
  PID:1508
- C:\Windows\System32\MTwgZWX.exe
  C:\Windows\System32\MTwgZWX.exe
  2⤵
  PID:7048
- C:\Windows\System32\SOwdsKS.exe
  C:\Windows\System32\SOwdsKS.exe
  2⤵
  PID:4768
- C:\Windows\System32\ZPtseHG.exe
  C:\Windows\System32\ZPtseHG.exe
  2⤵
  PID:7016
- C:\Windows\System32\KdlWPcX.exe
  C:\Windows\System32\KdlWPcX.exe
  2⤵
  PID:8916
- C:\Windows\System32\WmcXExO.exe
  C:\Windows\System32\WmcXExO.exe
  2⤵
  PID:9012
- C:\Windows\System32\yfDnxzF.exe
  C:\Windows\System32\yfDnxzF.exe
  2⤵
  PID:8924
- C:\Windows\System32\NOsniSd.exe
  C:\Windows\System32\NOsniSd.exe
  2⤵
  PID:9164
- C:\Windows\System32\PprhTuw.exe
  C:\Windows\System32\PprhTuw.exe
  2⤵
  PID:10976
- C:\Windows\System32\IjdkOnD.exe
  C:\Windows\System32\IjdkOnD.exe
  2⤵
  PID:11252
- C:\Windows\System32\KAjpIiZ.exe
  C:\Windows\System32\KAjpIiZ.exe
  2⤵
  PID:10056
- C:\Windows\System32\WpZvzqL.exe
  C:\Windows\System32\WpZvzqL.exe
  2⤵
  PID:7500
- C:\Windows\System32\mMBokZN.exe
  C:\Windows\System32\mMBokZN.exe
  2⤵
  PID:7924
- C:\Windows\System32\seFAFir.exe
  C:\Windows\System32\seFAFir.exe
  2⤵
  PID:9404
- C:\Windows\System32\HlwlyOW.exe
  C:\Windows\System32\HlwlyOW.exe
  2⤵
  PID:9476
- C:\Windows\System32\XtxuPYF.exe
  C:\Windows\System32\XtxuPYF.exe
  2⤵
  PID:9544
- C:\Windows\System32\VWPJiQk.exe
  C:\Windows\System32\VWPJiQk.exe
  2⤵
  PID:10384
- C:\Windows\System32\LfEvHru.exe
  C:\Windows\System32\LfEvHru.exe
  2⤵
  PID:10700
- C:\Windows\System32\EnqqwQT.exe
  C:\Windows\System32\EnqqwQT.exe
  2⤵
  PID:10252
- C:\Windows\System32\ywbDNwF.exe
  C:\Windows\System32\ywbDNwF.exe
  2⤵
  PID:10352
- C:\Windows\System32\XzaRIDH.exe
  C:\Windows\System32\XzaRIDH.exe
  2⤵
  PID:10280
- C:\Windows\System32\scKJxPr.exe
  C:\Windows\System32\scKJxPr.exe
  2⤵
  PID:10268
- C:\Windows\System32\DTfigBn.exe
  C:\Windows\System32\DTfigBn.exe
  2⤵
  PID:10796
- C:\Windows\System32\eaCGXGA.exe
  C:\Windows\System32\eaCGXGA.exe
  2⤵
  PID:10416
- C:\Windows\System32\zznbKSJ.exe
  C:\Windows\System32\zznbKSJ.exe
  2⤵
  PID:10452
- C:\Windows\System32\OPsYfyE.exe
  C:\Windows\System32\OPsYfyE.exe
  2⤵
  PID:10484
- C:\Windows\System32\srmUCUk.exe
  C:\Windows\System32\srmUCUk.exe
  2⤵
  PID:10516
- C:\Windows\System32\QFnAuAe.exe
  C:\Windows\System32\QFnAuAe.exe
  2⤵
  PID:10532
- C:\Windows\System32\UtasgUE.exe
  C:\Windows\System32\UtasgUE.exe
  2⤵
  PID:10564
- C:\Windows\System32\AsjAPGw.exe
  C:\Windows\System32\AsjAPGw.exe
  2⤵
  PID:10592
- C:\Windows\System32\CPfxbyz.exe
  C:\Windows\System32\CPfxbyz.exe
  2⤵
  PID:10652
- C:\Windows\System32\qddbROn.exe
  C:\Windows\System32\qddbROn.exe
  2⤵
  PID:10692
- C:\Windows\System32\JhhplsO.exe
  C:\Windows\System32\JhhplsO.exe
  2⤵
  PID:10788
- C:\Windows\System32\UGetndh.exe
  C:\Windows\System32\UGetndh.exe
  2⤵
  PID:10992
- C:\Windows\System32\OMnGEFf.exe
  C:\Windows\System32\OMnGEFf.exe
  2⤵
  PID:11068
- C:\Windows\System32\uYuivlk.exe
  C:\Windows\System32\uYuivlk.exe
  2⤵
  PID:11200
- C:\Windows\System32\dCZITNX.exe
  C:\Windows\System32\dCZITNX.exe
  2⤵
  PID:9080
- C:\Windows\System32\LOVGNNg.exe
  C:\Windows\System32\LOVGNNg.exe
  2⤵
  PID:11260
- C:\Windows\System32\TkSqtqj.exe
  C:\Windows\System32\TkSqtqj.exe
  2⤵
  PID:7212
- C:\Windows\System32\qhmqjzJ.exe
  C:\Windows\System32\qhmqjzJ.exe
  2⤵
  PID:9316
- C:\Windows\System32\JTjshcR.exe
  C:\Windows\System32\JTjshcR.exe
  2⤵
  PID:9456
- C:\Windows\System32\vxMxTKO.exe
  C:\Windows\System32\vxMxTKO.exe
  2⤵
  PID:9748
- C:\Windows\System32\ZQRUNGJ.exe
  C:\Windows\System32\ZQRUNGJ.exe
  2⤵
  PID:10644
- C:\Windows\System32\tqNwESo.exe
  C:\Windows\System32\tqNwESo.exe
  2⤵
  PID:10288
- C:\Windows\System32\gFJxnDf.exe
  C:\Windows\System32\gFJxnDf.exe
  2⤵
  PID:10392
- C:\Windows\System32\TWYsmdp.exe
  C:\Windows\System32\TWYsmdp.exe
  2⤵
  PID:10476
- C:\Windows\System32\cpQhnKo.exe
  C:\Windows\System32\cpQhnKo.exe
  2⤵
  PID:10544
- C:\Windows\System32\ObKlkgG.exe
  C:\Windows\System32\ObKlkgG.exe
  2⤵
  PID:10636
- C:\Windows\System32\RAfofDv.exe
  C:\Windows\System32\RAfofDv.exe
  2⤵
  PID:7848
- C:\Windows\System32\oRDzgNR.exe
  C:\Windows\System32\oRDzgNR.exe
  2⤵
  PID:11192
- C:\Windows\System32\NSLDGlM.exe
  C:\Windows\System32\NSLDGlM.exe
  2⤵
  PID:9052
- C:\Windows\System32\kPkxxSZ.exe
  C:\Windows\System32\kPkxxSZ.exe
  2⤵
  PID:9180
- C:\Windows\System32\AiQNTKh.exe
  C:\Windows\System32\AiQNTKh.exe
  2⤵
  PID:9276
- C:\Windows\System32\nidNvGR.exe
  C:\Windows\System32\nidNvGR.exe
  2⤵
  PID:10300
- C:\Windows\System32\mRCoIFN.exe
  C:\Windows\System32\mRCoIFN.exe
  2⤵
  PID:10512
- C:\Windows\System32\ICBNWjQ.exe
  C:\Windows\System32\ICBNWjQ.exe
  2⤵
  PID:4808
- C:\Windows\System32\YqMTAhy.exe
  C:\Windows\System32\YqMTAhy.exe
  2⤵
  PID:9492
- C:\Windows\System32\QzSrzKo.exe
  C:\Windows\System32\QzSrzKo.exe
  2⤵
  PID:10668
- C:\Windows\System32\itFRpUI.exe
  C:\Windows\System32\itFRpUI.exe
  2⤵
  PID:8496
- C:\Windows\System32\srqbZJC.exe
  C:\Windows\System32\srqbZJC.exe
  2⤵
  PID:11272
- C:\Windows\System32\zNqnNhH.exe
  C:\Windows\System32\zNqnNhH.exe
  2⤵
  PID:11308
- C:\Windows\System32\RDWIvDq.exe
  C:\Windows\System32\RDWIvDq.exe
  2⤵
  PID:11336
- C:\Windows\System32\OEePhPC.exe
  C:\Windows\System32\OEePhPC.exe
  2⤵
  PID:11364
- C:\Windows\System32\wYhyqay.exe
  C:\Windows\System32\wYhyqay.exe
  2⤵
  PID:11380
- C:\Windows\System32\gtzlWqB.exe
  C:\Windows\System32\gtzlWqB.exe
  2⤵
  PID:11420
- C:\Windows\System32\XwQxLYZ.exe
  C:\Windows\System32\XwQxLYZ.exe
  2⤵
  PID:11448
- C:\Windows\System32\TEbyQOw.exe
  C:\Windows\System32\TEbyQOw.exe
  2⤵
  PID:11484
- C:\Windows\System32\BhqnKIu.exe
  C:\Windows\System32\BhqnKIu.exe
  2⤵
  PID:11512
- C:\Windows\System32\lhnCSUv.exe
  C:\Windows\System32\lhnCSUv.exe
  2⤵
  PID:11536
- C:\Windows\System32\SLCuxrE.exe
  C:\Windows\System32\SLCuxrE.exe
  2⤵
  PID:11572
- C:\Windows\System32\HnTtrGA.exe
  C:\Windows\System32\HnTtrGA.exe
  2⤵
  PID:11588
- C:\Windows\System32\sBNFXQI.exe
  C:\Windows\System32\sBNFXQI.exe
  2⤵
  PID:11608
- C:\Windows\System32\SOqqZAr.exe
  C:\Windows\System32\SOqqZAr.exe
  2⤵
  PID:11636
- C:\Windows\System32\EwYGfRo.exe
  C:\Windows\System32\EwYGfRo.exe
  2⤵
  PID:11680
- C:\Windows\System32\HjQCIsj.exe
  C:\Windows\System32\HjQCIsj.exe
  2⤵
  PID:11708
- C:\Windows\System32\uPGVIPy.exe
  C:\Windows\System32\uPGVIPy.exe
  2⤵
  PID:11748
- C:\Windows\System32\JFaQOvj.exe
  C:\Windows\System32\JFaQOvj.exe
  2⤵
  PID:11768
- C:\Windows\System32\OWVFKOf.exe
  C:\Windows\System32\OWVFKOf.exe
  2⤵
  PID:11804
- C:\Windows\System32\rKPUxLE.exe
  C:\Windows\System32\rKPUxLE.exe
  2⤵
  PID:11824
- C:\Windows\System32\EGqDkHT.exe
  C:\Windows\System32\EGqDkHT.exe
  2⤵
  PID:11860
- C:\Windows\System32\YunAhck.exe
  C:\Windows\System32\YunAhck.exe
  2⤵
  PID:11892
- C:\Windows\System32\LBxAtac.exe
  C:\Windows\System32\LBxAtac.exe
  2⤵
  PID:11924
- C:\Windows\System32\aRuaGUb.exe
  C:\Windows\System32\aRuaGUb.exe
  2⤵
  PID:11952
- C:\Windows\System32\TVywViB.exe
  C:\Windows\System32\TVywViB.exe
  2⤵
  PID:11980
- C:\Windows\System32\QQWOUJg.exe
  C:\Windows\System32\QQWOUJg.exe
  2⤵
  PID:12008
- C:\Windows\System32\YMFqFYY.exe
  C:\Windows\System32\YMFqFYY.exe
  2⤵
  PID:12036
- C:\Windows\System32\uzeUTaP.exe
  C:\Windows\System32\uzeUTaP.exe
  2⤵
  PID:12056
- C:\Windows\System32\pBATrcR.exe
  C:\Windows\System32\pBATrcR.exe
  2⤵
  PID:12092
- C:\Windows\System32\imypZan.exe
  C:\Windows\System32\imypZan.exe
  2⤵
  PID:12120
- C:\Windows\System32\paSEZPd.exe
  C:\Windows\System32\paSEZPd.exe
  2⤵
  PID:12140
- C:\Windows\System32\LCOywio.exe
  C:\Windows\System32\LCOywio.exe
  2⤵
  PID:12168
- C:\Windows\System32\AqBMyYJ.exe
  C:\Windows\System32\AqBMyYJ.exe
  2⤵
  PID:12208
- C:\Windows\System32\SZGSDKk.exe
  C:\Windows\System32\SZGSDKk.exe
  2⤵
  PID:12236
- C:\Windows\System32\UzsbDtA.exe
  C:\Windows\System32\UzsbDtA.exe
  2⤵
  PID:12264
- C:\Windows\System32\zMpCabZ.exe
  C:\Windows\System32\zMpCabZ.exe
  2⤵
  PID:12280
- C:\Windows\System32\HBuqQtr.exe
  C:\Windows\System32\HBuqQtr.exe
  2⤵
  PID:11296
- C:\Windows\System32\BYCmTvh.exe
  C:\Windows\System32\BYCmTvh.exe
  2⤵
  PID:11432
- C:\Windows\System32\jzjYTTI.exe
  C:\Windows\System32\jzjYTTI.exe
  2⤵
  PID:11552
- C:\Windows\System32\KYFqTQg.exe
  C:\Windows\System32\KYFqTQg.exe
  2⤵
  PID:11600
- C:\Windows\System32\bvtUtcy.exe
  C:\Windows\System32\bvtUtcy.exe
  2⤵
  PID:11596
- C:\Windows\System32\hUiktsP.exe
  C:\Windows\System32\hUiktsP.exe
  2⤵
  PID:11736
- C:\Windows\System32\uCSvDjT.exe
  C:\Windows\System32\uCSvDjT.exe
  2⤵
  PID:11792
- C:\Windows\System32\XTNtkRb.exe
  C:\Windows\System32\XTNtkRb.exe
  2⤵
  PID:11836
- C:\Windows\System32\ryBoHHH.exe
  C:\Windows\System32\ryBoHHH.exe
  2⤵
  PID:11920
- C:\Windows\System32\JOQUtIT.exe
  C:\Windows\System32\JOQUtIT.exe
  2⤵
  PID:11972
- C:\Windows\System32\JUeIrra.exe
  C:\Windows\System32\JUeIrra.exe
  2⤵
  PID:12044
- C:\Windows\System32\ZvjCOpw.exe
  C:\Windows\System32\ZvjCOpw.exe
  2⤵
  PID:12112
- C:\Windows\System32\APhIlUI.exe
  C:\Windows\System32\APhIlUI.exe
  2⤵
  PID:12152
- C:\Windows\System32\UimTxuz.exe
  C:\Windows\System32\UimTxuz.exe
  2⤵
  PID:12220
- C:\Windows\System32\uHCEYrv.exe
  C:\Windows\System32\uHCEYrv.exe
  2⤵
  PID:12272
- C:\Windows\System32\VHNfwcF.exe
  C:\Windows\System32\VHNfwcF.exe
  2⤵
  PID:11412
- C:\Windows\System32\XAIIWci.exe
  C:\Windows\System32\XAIIWci.exe
  2⤵
  PID:11628
- C:\Windows\System32\jzHEKfH.exe
  C:\Windows\System32\jzHEKfH.exe
  2⤵
  PID:11816
- C:\Windows\System32\IrSGPRc.exe
  C:\Windows\System32\IrSGPRc.exe
  2⤵
  PID:11912
- C:\Windows\System32\xaNjrgY.exe
  C:\Windows\System32\xaNjrgY.exe
  2⤵
  PID:11568
- C:\Windows\System32\WiphMkQ.exe
  C:\Windows\System32\WiphMkQ.exe
  2⤵
  PID:12256
- C:\Windows\System32\KdzuuoZ.exe
  C:\Windows\System32\KdzuuoZ.exe
  2⤵
  PID:11508
- C:\Windows\System32\zNDDPST.exe
  C:\Windows\System32\zNDDPST.exe
  2⤵
  PID:11820
- C:\Windows\System32\UZwDrVS.exe
  C:\Windows\System32\UZwDrVS.exe
  2⤵
  PID:12192
- C:\Windows\System32\SDtDtUo.exe
  C:\Windows\System32\SDtDtUo.exe
  2⤵
  PID:11756
- C:\Windows\System32\oSRQWqr.exe
  C:\Windows\System32\oSRQWqr.exe
  2⤵
  PID:12320
- C:\Windows\System32\gEqmgCR.exe
  C:\Windows\System32\gEqmgCR.exe
  2⤵
  PID:12348
- C:\Windows\System32\mgWNIWx.exe
  C:\Windows\System32\mgWNIWx.exe
  2⤵
  PID:12364
- C:\Windows\System32\fiEgaRt.exe
  C:\Windows\System32\fiEgaRt.exe
  2⤵
  PID:12404
- C:\Windows\System32\dNzTlHQ.exe
  C:\Windows\System32\dNzTlHQ.exe
  2⤵
  PID:12432
- C:\Windows\System32\lfGnplc.exe
  C:\Windows\System32\lfGnplc.exe
  2⤵
  PID:12452
- C:\Windows\System32\RSRoSFb.exe
  C:\Windows\System32\RSRoSFb.exe
  2⤵
  PID:12476
- C:\Windows\System32\wEaDySY.exe
  C:\Windows\System32\wEaDySY.exe
  2⤵
  PID:12504
- C:\Windows\System32\LyLHppE.exe
  C:\Windows\System32\LyLHppE.exe
  2⤵
  PID:12520
- C:\Windows\System32\mJhuQHi.exe
  C:\Windows\System32\mJhuQHi.exe
  2⤵
  PID:12540
- C:\Windows\System32\pZEvlzl.exe
  C:\Windows\System32\pZEvlzl.exe
  2⤵
  PID:12580
- C:\Windows\System32\PJGwylv.exe
  C:\Windows\System32\PJGwylv.exe
  2⤵
  PID:12616
- C:\Windows\System32\nIajkOu.exe
  C:\Windows\System32\nIajkOu.exe
  2⤵
  PID:12640
- C:\Windows\System32\grrpucD.exe
  C:\Windows\System32\grrpucD.exe
  2⤵
  PID:12692
- C:\Windows\System32\yJHyaVc.exe
  C:\Windows\System32\yJHyaVc.exe
  2⤵
  PID:12720
- C:\Windows\System32\cszcbDV.exe
  C:\Windows\System32\cszcbDV.exe
  2⤵
  PID:12748
- C:\Windows\System32\XyQWmJQ.exe
  C:\Windows\System32\XyQWmJQ.exe
  2⤵
  PID:12776
- C:\Windows\System32\ExpxqRA.exe
  C:\Windows\System32\ExpxqRA.exe
  2⤵
  PID:12796
- C:\Windows\System32\IfSWvTs.exe
  C:\Windows\System32\IfSWvTs.exe
  2⤵
  PID:12832
- C:\Windows\System32\AHCZicK.exe
  C:\Windows\System32\AHCZicK.exe
  2⤵
  PID:12860
- C:\Windows\System32\guQctTU.exe
  C:\Windows\System32\guQctTU.exe
  2⤵
  PID:12888
- C:\Windows\System32\ivAlGiT.exe
  C:\Windows\System32\ivAlGiT.exe
  2⤵
  PID:12916
- C:\Windows\System32\aRaCgbX.exe
  C:\Windows\System32\aRaCgbX.exe
  2⤵
  PID:12940
- C:\Windows\System32\aiJIuYA.exe
  C:\Windows\System32\aiJIuYA.exe
  2⤵
  PID:12972
- C:\Windows\System32\aweRVgM.exe
  C:\Windows\System32\aweRVgM.exe
  2⤵
  PID:13000
- C:\Windows\System32\nqwhJHV.exe
  C:\Windows\System32\nqwhJHV.exe
  2⤵
  PID:13028
- C:\Windows\System32\LiDuWuT.exe
  C:\Windows\System32\LiDuWuT.exe
  2⤵
  PID:13056
- C:\Windows\System32\CMIwlKO.exe
  C:\Windows\System32\CMIwlKO.exe
  2⤵
  PID:13092
- C:\Windows\System32\YJDpqOf.exe
  C:\Windows\System32\YJDpqOf.exe
  2⤵
  PID:13120
- C:\Windows\System32\rqTeRIn.exe
  C:\Windows\System32\rqTeRIn.exe
  2⤵
  PID:13152
- C:\Windows\System32\EyMAnNk.exe
  C:\Windows\System32\EyMAnNk.exe
  2⤵
  PID:13180
- C:\Windows\System32\pceZhDl.exe
  C:\Windows\System32\pceZhDl.exe
  2⤵
  PID:13228
- C:\Windows\System32\iHYBlhq.exe
  C:\Windows\System32\iHYBlhq.exe
  2⤵
  PID:13256
- C:\Windows\System32\PxWsoNu.exe
  C:\Windows\System32\PxWsoNu.exe
  2⤵
  PID:13284
- C:\Windows\System32\DwYRsRL.exe
  C:\Windows\System32\DwYRsRL.exe
  2⤵
  PID:11348
- C:\Windows\System32\ygmebgQ.exe
  C:\Windows\System32\ygmebgQ.exe
  2⤵
  PID:12332
- C:\Windows\System32\VBvEMtX.exe
  C:\Windows\System32\VBvEMtX.exe
  2⤵
  PID:12380
- C:\Windows\System32\xguCkpB.exe
  C:\Windows\System32\xguCkpB.exe
  2⤵
  PID:12464
- C:\Windows\System32\fnGbVfc.exe
  C:\Windows\System32\fnGbVfc.exe
  2⤵
  PID:12528
- C:\Windows\System32\oQgGgVy.exe
  C:\Windows\System32\oQgGgVy.exe
  2⤵
  PID:12564
- C:\Windows\System32\TwyuyuU.exe
  C:\Windows\System32\TwyuyuU.exe
  2⤵
  PID:12608
- C:\Windows\System32\GrVTMgv.exe
  C:\Windows\System32\GrVTMgv.exe
  2⤵
  PID:12636
- C:\Windows\System32\ZjoXjsB.exe
  C:\Windows\System32\ZjoXjsB.exe
  2⤵
  PID:12736
- C:\Windows\System32\SnbQDPF.exe
  C:\Windows\System32\SnbQDPF.exe
  2⤵
  PID:12856
- C:\Windows\System32\OpPWOBx.exe
  C:\Windows\System32\OpPWOBx.exe
  2⤵
  PID:12900
- C:\Windows\System32\DVrHcUT.exe
  C:\Windows\System32\DVrHcUT.exe
  2⤵
  PID:12964
- C:\Windows\System32\lQMzyvr.exe
  C:\Windows\System32\lQMzyvr.exe
  2⤵
  PID:13020
- C:\Windows\System32\RHeTuBU.exe
  C:\Windows\System32\RHeTuBU.exe
  2⤵
  PID:13076
- C:\Windows\System32\nqQXxLu.exe
  C:\Windows\System32\nqQXxLu.exe
  2⤵
  PID:13172
- C:\Windows\System32\ETGXVVu.exe
  C:\Windows\System32\ETGXVVu.exe
  2⤵
  PID:13252
- C:\Windows\System32\ybJBZKP.exe
  C:\Windows\System32\ybJBZKP.exe
  2⤵
  PID:13304
- C:\Windows\System32\RmJuHxl.exe
  C:\Windows\System32\RmJuHxl.exe
  2⤵
  PID:12340
- C:\Windows\System32\fHluCTF.exe
  C:\Windows\System32\fHluCTF.exe
  2⤵
  PID:12576
- C:\Windows\System32\fRHbjUT.exe
  C:\Windows\System32\fRHbjUT.exe
  2⤵
  PID:2844
- C:\Windows\System32\FTiEtrq.exe
  C:\Windows\System32\FTiEtrq.exe
  2⤵
  PID:12820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4416,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=3704 /prefetch:8
1⤵
PID:7000

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\ATEFSjY.exe

Filesize
3.0MB

MD5
4222b2a99760c2545a153d38b6783479

SHA1
79b0bccde217e5e7c010d58c3e083358fce189ea

SHA256
dca23cb1bc3dbaacf4a793376de9703d2d6b3f66508ee14818b3514c6020cf9b

SHA512
d89fd10dc1a60e0c313196d3bd6b859de9ab32438851c18e633e05eafb40bfc50cca0e26e7f205e68183a304255db0a87240250d5c62d8d22eb7df13678c7f05

Download Submit
C:\Windows\System32\AgDGqAR.exe

Filesize
3.0MB

MD5
bdc931fd1717a2488850a573fb1354be

SHA1
f980bb97196f7f209b4d55fc296c0f96ca3fa4f2

SHA256
dbe428e59abbfa5a8cb6d71eab14f3b6f43e3ad0ef7d190039789f38aa6f14b3

SHA512
6488589f156b09e68d155003e3c427f54102f1b795c8e2630c8b32237c2f449642bec48240c3ea41e60678157d1a7ecc4db84146acc980e0a4e0e4cc147deac3

Download Submit
C:\Windows\System32\BdLuufd.exe

Filesize
3.0MB

MD5
3b66dc201a0cdf5891e19558aaf9d41c

SHA1
4d7cc8745d49b02f378b63f4be769ab99addb28e

SHA256
f0021c145cc7b246088c1d77478945638637e5e7d377a0006ccfff2512c2e87f

SHA512
235f2737f01e5589bc1228a0e5983a866da1f1d5d497e8c62532714bf804f9cfcad329e2ff7ea6fe9405dab6e38da250ece40f4826e372f335a8f627802a4723

Download Submit
C:\Windows\System32\BgsGwBJ.exe

Filesize
3.0MB

MD5
2e6579c913e898c5b4433d09652ca0c8

SHA1
5ffec45afd3bf470fee4cf7beda279051fc3fddf

SHA256
87f0dfbd8bc7863c8bcb9bb1a1b84476d78df8066eb06078253fe07d1a50fc75

SHA512
7f2734867038f4431558097d9dbab0c64f6e1702d0b91d6a77b9c9d4874fb7106762122689ad25fe20c4c504909a0e5bf25c478cff0458d41f328c20fa1fd957

Download Submit
C:\Windows\System32\CqvNIga.exe

Filesize
3.0MB

MD5
3c5ae3a0fbd228bdf7b61b02e10a1aea

SHA1
d35ae62e2aaa52d107ecb56f02fc0a2edf07276a

SHA256
f7a19af508217d3428426e3ae5e135372ca300af1c2f73767ebd27c973288491

SHA512
df0a2353f3ffa5262dff0aa34639ad6b9aef5a5586674c4b396dd3f6c14e7314de012504d19b443366d76e9884151bce3c2dc8703e8b3ea5dd3bff8805c4aa5e

Download Submit
C:\Windows\System32\DLXFiRq.exe

Filesize
3.0MB

MD5
fd13f0e02e0cae69307b1dd7ec8f0d92

SHA1
56ed2c3c709cc9188a739a85842999d630c3ef5d

SHA256
66c2b0ef6b8eb8e78d4f2414762ffec65e9134a0fec09e2855d75dc7cae6e555

SHA512
6755953aba384a279f75221122a0436a2c477192b060658c54dfdc88f52a3e2f45d31da7f617f4ccedc6d5b2c7eb76e09ede9ef55db4fdb4559917005eea865c

Download Submit
C:\Windows\System32\EFnmzsZ.exe

Filesize
3.0MB

MD5
b807539d219937e4e58b7cd84b5be250

SHA1
7dcc0953ccc0b77f2530847a9e56ce5113e4cb41

SHA256
dd03a53252199d63c7b43f56c5d6cff7b9eb350e29ca99b5edbb984fa7649c8d

SHA512
bdf4f61372b3021f7e89f3c435afc07c105b71b15e724d1225607f1677e19889cd13a9be4d5dc9e3850efc67dd4b4f00d37da5dfcd367281c49f7b654be7529d

Download Submit
C:\Windows\System32\GcdxosK.exe

Filesize
3.0MB

MD5
41e7cb06a5086e4b111dc2aeb28b7dc8

SHA1
45d55a61b427d0f6ba7f607391618f2ccf4dacc2

SHA256
14c6bf5527cc3d4ac686f8334cc4236e780dfc586050e46a6f046a5222b07dd0

SHA512
78663a11a232bfb834bf401d2618e62d557c99a9860efa8ddd280786624ee4269e29700d550f0c6272f51a29a4edf4cf8a60276e6217916338e39b9594ff04c6

Download Submit
C:\Windows\System32\HyFHtFS.exe

Filesize
3.0MB

MD5
c7433db9d7f6f936f9b8810b6c54512e

SHA1
fd7bebe5a5dee55684b42039b36cc1361c791019

SHA256
4d0430981223ee51cb3fa33cd44468a31a82d77e6a769f873a4ed4c00114d7e7

SHA512
602b1e2db651cd8aacb50cddc983c441c6fef608a36db71bf194f6f5906ee2ab98fde331814a51865308b1dd428a842ea5d386bde603f9020ca7ed3a5151afb4

Download Submit
C:\Windows\System32\IXrClnh.exe

Filesize
3.0MB

MD5
3e03169a166358ff29914b5470ec40fe

SHA1
9df6feed8f2eb33da48d0cf6504223277fb487cc

SHA256
0221a10da8edaefd56321f050b3f9f6e895152e01422c0da6c4c646e22e9e084

SHA512
d46d4dc7022bacbb979e5c40dc9a0da06670fdbd72239326b750ac85a44d9b1f3da6e51a823ce31d647fe4842f6fd58b9ead35cc868168b8e7074c5b2707a2f5

Download Submit
C:\Windows\System32\JPxJVNy.exe

Filesize
3.0MB

MD5
0b2e1ffd58c946b26482d154fc2404c7

SHA1
bc8d23289cc5438499374c1cfe5a0fe6acac9c2a

SHA256
218dde2fa037fb772dd9ab23dbfeb7f46932e11fd36d2923d74272e99bbfa3c3

SHA512
9efce14888a673b99a8533494d5146c65c2080b67a82fab2962143dca70f4511b4bc8f9574cc113e652d90f2213cb677e28c024f9c1c4e76adf02b032022d71f

Download Submit
C:\Windows\System32\LLIGkUQ.exe

Filesize
3.0MB

MD5
3693c18fd14ea74b0baa2d3963f44aaa

SHA1
c4c272693abb9cf7698b4fdb04dd7eff3b06c00a

SHA256
c60093a3d9823eacd426516288253c2671b9b73ca5ba0a3fc6886acfce9cec58

SHA512
52f0b8bcf4fc4185d4c752968389810b490749e2f40e9682ba66fb64fb68584df6fb9bfd8350db9a6674f3e6890d0824e56263f601269692b1c7b119ca74b93d

Download Submit
C:\Windows\System32\LfZdvpN.exe

Filesize
3.0MB

MD5
a645794317c73c6f4062c190c82139de

SHA1
e63f76eb46a639a55597b15385b3f27110c03858

SHA256
15c7fa721a779c4ad8d1887529d4fde1904281162604f8d5f7edc9bbe91205d5

SHA512
66ee91949b7b517619a0eec98ddc7fb409d7505452ea4f5f3aa4f7acfa07299627389784590313616282cbf3f4ba6a4efcd8b7c22b1869b85962ba1557dadf35

Download Submit
C:\Windows\System32\MqEFRJr.exe

Filesize
3.0MB

MD5
bb46516d123d19702cd7381bbe2dd41c

SHA1
b5a7c1f542633f2cd04d8ee9c26327d679d6874c

SHA256
8cdd49894e98b9c324433a81bf1fceab84d093b3c7666ffbd76506cb93e6b2f9

SHA512
ab301d18f4aafcfe743ef55dce0c7969d798e6636a54e4a66bb97cae16d7f16da0fbecf27052502c5c0e7afecf07a982ef8dea1acfdf9372afef4922f29c4fa9

Download Submit
C:\Windows\System32\NDirafm.exe

Filesize
3.0MB

MD5
78eff0e4c8e9a6a269357cef9ad7e638

SHA1
0c1820eeb6cec2cd6bd6d407b234ded901cc6481

SHA256
97798b64b161d296350ceac1b488693f39bf112972db579605df84440b013ee2

SHA512
17241c1be6072562c7ec04827a7afd7f61d605ff6cd9564bdeaac31c12411413b49c3d91e9a8eecb57e7ddbcb3174af117c1bff80ac6c9c28e4b87bb93e4318e

Download Submit
C:\Windows\System32\NtwfwmX.exe

Filesize
3.0MB

MD5
66a3c6977d73ed155834022f6c00c14d

SHA1
f63c3df7d345a1a0908f17b67c15ee223a5ab1d8

SHA256
c0bcd77b88acc404333aab99d21197d5bb50dfc314f4de1fe5f37b80d6b6b720

SHA512
48187f87156cf1eebaaa17897beb2300430510710073de65dbdf949eb0d5fb9009192fd4a9dbaa4397db529f2edd020c55dfcda72674201c5278869a0fd00950

Download Submit
C:\Windows\System32\NvZbyZW.exe

Filesize
3.0MB

MD5
04f05d559635c00451641f7398bf849c

SHA1
c924db11a9619fe76bbc70d0a6f2a33d223ba7d4

SHA256
af6bd7c7221da72dffef17d29d63f204f92ba790f02510c3433a5483c23ab5f3

SHA512
fec0ab2ec449c1268c78d6b5368a3ce6f56b2ffd3594ff28192f5f40e3faa38cc7b2c6ce9bad5b842db6e1ead708ab866faebaa8b67e4835218541ba42764e66

Download Submit
C:\Windows\System32\PwEdTsX.exe

Filesize
3.0MB

MD5
6c7c059a33ff98c48ec424875c09eee9

SHA1
f20184c2d1e98ae32a8e92c9738e1acb8b3901bb

SHA256
4b9df31d6ffdbfff97e6478bce1dfd443f1585242d5534272ae0bcc2218bb415

SHA512
5328053fe0d692e131b58337cfab2c878b0622ca4a1dfaad1237151275b9ff75cfd6b801a7390db9af0178a74f0ded4df6fa82a3b01892cc3c693a2476d8ea19

Download Submit
C:\Windows\System32\QaVsZHS.exe

Filesize
3.0MB

MD5
2a46a1b88181c613acc93b3b036dddb5

SHA1
82570a6e92345d4da64d538d140bbe391de0a354

SHA256
49d0401c0ec066ab9fd782b88fcf2fdd81c979d75fa10b4519ad2e5fad122dac

SHA512
b5e4cbbdd1443f2e5047fb07231a32924ffce2122afc718a4aec88a7ae24ee55e378a3b07a117ac1ac4e415192187bbbd2c51375ba898681f500904a4fd340e0

Download Submit
C:\Windows\System32\SIpIUyW.exe

Filesize
3.0MB

MD5
76694edea15275769985a82eebca92dc

SHA1
a3f7d352af1d49310b416ce3882bc11e1d16515b

SHA256
fa088c76a81b74e5dbc0d8539e1369058be19971694cbd08fd502f1a81e8313e

SHA512
64c26422b9af2ada3ff8ee898b0687dbd39a3a68dc8a0a76f1b4cde3e8688780022afbcf70b2bf8ac52f0f6a207b79d9ba095e3069b3d9fe58e13aa991d0d219

Download Submit
C:\Windows\System32\SKdPWkM.exe

Filesize
3.0MB

MD5
4847abc41f85399799035628580d4150

SHA1
0d8c83b8053c950ad5893ecd007c01189cc3191c

SHA256
b5d0170c60d79581a530748ab046a9d41e4b2d209ad922c76e2bf22a6235919c

SHA512
f181f6d8d041c04a70f13a618064e581e6e04d16e3a44a99e633267ead3b9c0fa2292676b3859fb496ac6f8dce4a7e1f3a0335e1c26fbcc546e9eecc9c471f41

Download Submit
C:\Windows\System32\VAQstMK.exe

Filesize
3.0MB

MD5
91be251fe27f56d037ba93101e428f11

SHA1
eb5794731c6321ec72b01f85188b1e47afbe15e4

SHA256
f51ecbce4828004f09211ce890424869059416e79b5d3d06869add63233d539a

SHA512
fe3c5a81dd9e1618b8c3ef177350295105fa4f2324a850f8ceda68193c0ea43e0dd8e3b7a827ce0fa9204c363a825e0c72af64ca6800c185b541221c31caf029

Download Submit
C:\Windows\System32\WIFDIcf.exe

Filesize
3.0MB

MD5
d2c0af776d6ba3cd285e45770cbfd56b

SHA1
2b4f5872476e07aa486084c97aa5b4217cc56a0d

SHA256
026222ab34ce5d95ef58bf2073d54cad626e2f47a017af3e431508e02f89b95a

SHA512
02c1ebff071f87a97e7109d0a6d3adfd215a90009e20ce63880f8b8d3c5b7cd4b9acf5fd75d8194f5313475e8c3e398edd16897871c2ca378776e30c6db81072

Download Submit
C:\Windows\System32\WNxzpaC.exe

Filesize
3.0MB

MD5
1f73590806a632e4ee0c4059605cab0c

SHA1
4b8f93e14b5b269bd35cc32a3090ce805600bf25

SHA256
408492ffd6fc8868a24f4520b0f985e0336fd37521818f61f8075ad55afe3754

SHA512
5b445fa99bda7e3a068b0ee1ed1cb6a99b4eacd0268fbb79f3e31efa7f6763c2b8fe21cc5a0b114d2b7dd2297d203a6c92b5b18f03864c3176854773d49cab8e

Download Submit
C:\Windows\System32\WhhhVPU.exe

Filesize
3.0MB

MD5
c3b462ec66143b01e7dc86f878248293

SHA1
5dad4c2ffe98291d459e78296d4d07a543f4c0d2

SHA256
1288fa6997b6c03461932963227351f0eaf3c328037b0d22b574a0c845fb6447

SHA512
2f93b6330d58c1453aab6225127ac5e2ec524d1ceb8bc1b14f49f33e9200a55d3ba0c27fffaddf29b8eaa70dda669d29f0bce07458f2d40918498bfdee5221b8

Download Submit
C:\Windows\System32\WxXVVnX.exe

Filesize
3.0MB

MD5
67da9620207475267b01c6ebe9daa20c

SHA1
e3265bad59c7729c4d9f96b029914d6cc26b718f

SHA256
de3eace8ad2af5722b453f1fa4e68be92203f3e4ce5e3f09d23a1b353eadb43c

SHA512
51eab86cf98fd05ccc53f9de0f6112dc6345ffb0d06b10b752e666419bd9de992096df041de8b41eced2288a0773fba08f1781c8215cc14ac00b7910d8295a48

Download Submit
C:\Windows\System32\XgsrMdm.exe

Filesize
3.0MB

MD5
6ed8c7fd47a730d6d127be04f37462b6

SHA1
eca6ca5708d3cdb823d9d7bc8da6e56c6a87d0d7

SHA256
ba1c6d123b535cfd7d0565df75277f6c551d144a9fa4ea5753113ad6bb9dbd33

SHA512
c5f7c6bcfeb4cdb5af03c7b7facd56db0ec5b1d4e4ecb99d8cea9bb129cc3a5238287038b01343455ff68d0d5c1cede33820a9cc793ec8056e46d2bf1c497653

Download Submit
C:\Windows\System32\YRfumpt.exe

Filesize
3.0MB

MD5
0dc610a1581c658376d6c29f9853c721

SHA1
7b8fbcb49be14c9dcfc28a13622c87d2aebf6bbe

SHA256
cd32de0fee6696e3333012e97e22f085ac2e888b8e03d79228efe9476820d2d3

SHA512
d45f2ced3ce6a0269f6fed705855304723415222e285e4cd5592fe12b75ffa113c10de9c27c687308e6107f0b054cd1bbd585fe73ebf81c2a25da60dfc102d76

Download Submit
C:\Windows\System32\YnDBJFe.exe

Filesize
3.0MB

MD5
2a929f38a77cb8fddf243d2126c80da9

SHA1
05d04785ee13170dc05622671fa7214bcb7503bb

SHA256
dfe01e7e27419717ec18c2de544476c567950458df90739408d8cca3ca2403a2

SHA512
2192c8b775e2bc3bbe78b1b55ea26a08ba92a197b5c72b97601e483b4ecc60ae646fdfc27c178d3bcf580b8265af4f10aae9d3ff42cdd022a2fe79028e980469

Download Submit
C:\Windows\System32\ZGHZzxC.exe

Filesize
3.0MB

MD5
58b44746e6530b1febe8eff611dbda33

SHA1
89a16f92b0333a8675281bc18555827ad1cf7598

SHA256
0a1bb78d23e033b5cbd478a986acfb02e6a22d998fdb4af95f60da17daf84275

SHA512
6f66ffca04b68067cea5e73ae98830c039a149ebbde8e46fee3b8941fe1ac8aaaaad03a78eb13ecabd40e17bfdeaa2d13f73098e1d86327a736394e177be6ac0

Download Submit
C:\Windows\System32\aFCRVUf.exe

Filesize
3.0MB

MD5
d6fbdcbcda14a716223df74efe281f5b

SHA1
fdaa6caa321698b0032b470321adff74f82f5491

SHA256
bbc294086adc8ccafa53a6f19adfe828d40ef5addba658f1a9cb4be3ba906194

SHA512
4e5fe130f830727689d51d3f79a37bc78b6229f41d2f46d782d8876cf07225eb36a17d70ba92e279310d2276c756b258b197642d016dfbea723b27bc0e051052

Download Submit
C:\Windows\System32\aiYNCUl.exe

Filesize
3.0MB

MD5
abcff7b90da3d02a8109c931a4cbdef8

SHA1
84b935bcc848aed90659a170f4651d3ff62a28fe

SHA256
5db6f2621a1e4147dd9e3181124f4fdb080c71953ae68137e1c0733e77277a63

SHA512
b9afe3e803b23d354613a58906fba4f0dcb21fe37363bb3137eaf3c2d2e1b5f3a540c2b30f37b1a3daf1cc9eab7a5817a46e526a2b02fbaa770dbf1cb851ba10

Download Submit
C:\Windows\System32\apHfFez.exe

Filesize
3.0MB

MD5
09b526ad530c2074b7fedc8640a17ead

SHA1
18062c18cad8fa41c054b695aa7453e9f27e6330

SHA256
e0f4427d77e50f044fea6d2226d0a59a91ad6c5c36e9d84d8f587c1136bef363

SHA512
d91b6cf0f7ea4f5c41f4a3d39deef3294c11be5ec782e3533658c9e16dca1ce9430f721494c945dc5378c1761ab1560f6cc0db36d5cc22afa0772b2dedf939fb

Download Submit
C:\Windows\System32\cZtpxcO.exe

Filesize
3.0MB

MD5
0350dabdf6402691c21d201f186dbb07

SHA1
121acad7a2609683be6c372eb4c371273a08d8df

SHA256
aa9479cab37f60a01d3d8f230c835357ffe21ced15648dc5e58128d96f6e8601

SHA512
362e0432af7ce3880b4eda8b25bf9890d753830ed7eac6419dd90e5a8ea3fecbd21dd27992d034e200e06bcb4d4988906e5bd961e757c3c6313f79e84e05bb77

Download Submit
C:\Windows\System32\ehVgSBI.exe

Filesize
3.0MB

MD5
13003f2ea8edeacf7b74e3931917dd46

SHA1
24d6afb62cba42bb6ef9d716423ae88118a16aa1

SHA256
890e4dbb77fccd81fecdf9219a75aa08d1bcaceaf8c5d9ae9d6ca94f8005309a

SHA512
09c556aec53ca3cd46061f2ef0520900fa423f2d2c5de5877c66720be07fb78db0f8368c2074e953e6d511ff3e2e178f56e564dde136dc15cd326cb1b1834684

Download Submit
C:\Windows\System32\enFsBal.exe

Filesize
3.0MB

MD5
ce81e889ccf5943386d33c8f7e6b7d0c

SHA1
9816c805f4fba4e505d917ed8d880b7d3e88a38a

SHA256
8fa9e124a870fc5d5e67bf022d6794f472c5c8c2cc334f6d7ee5425d607fcdbc

SHA512
38ec31d03576999020906dbaae6098281b7f224f90692f746f2d7b34d04e93d702afa5b40e3b15d97fb537e1e5bacc1b599738063d93bccb534a6992f27d90d7

Download Submit
C:\Windows\System32\fhRwjjE.exe

Filesize
3.0MB

MD5
05d6996bb8bc2adc68a00cd0d2c24b29

SHA1
3f0233e4df031dd85fdb00e62e8cce48759fdefe

SHA256
59911876bed7f9363d1c0ab4076c09cb65c13e8f8a60c7c34246c3abf2a8a081

SHA512
8551d6ad99815d0ac45c374f97055d08fd7e32865055e3af8f584778e29b4fcae73215a230292784318911afb85a7cf442565f4fe424b660ab6978ba2195e303

Download Submit
C:\Windows\System32\hlRsUxr.exe

Filesize
3.0MB

MD5
81c2af02e743d74aea0468b13dfdb3c4

SHA1
89c3137a196761d185d1f6be17dc583afba372c0

SHA256
af7de613a2734101ac120c1d2b22c3b39b36e2e3ec4f5972c2f01e21813aaba6

SHA512
3783e31c7649f1fe7d336a4ba03d79336ad85d23ecf11a15d815310f5adc5ea0ca959296bd0aaaed83c54a5b156cc4cf37d9ed9693e4154c2579b0b31ac7f267

Download Submit
C:\Windows\System32\iAIGuJt.exe

Filesize
3.0MB

MD5
1b3adf7bceddd6f999dcf1100803293e

SHA1
64b5443221b03c4b20a073968ee1b53c7c157a37

SHA256
473279f8355b8eda806dc729aad8f669c643ee11f48336111711b84c45dca79d

SHA512
37759884fbe3511758e47edde2f8e06ef159590e208881f0a281c38d365def856831fb0b9f92a27fc51d3ecc1deb19f275f538a46f8c21236cdaa691dfb7e961

Download Submit
C:\Windows\System32\ijlFJWv.exe

Filesize
3.0MB

MD5
dbb283f7496ac8b2020a5c3a4c71d060

SHA1
386fdd06d83e8fc4bec14643f016660dc0eca8f3

SHA256
8a478a24177408b62198573813de33f080cfea2d039435f95df29c5c2c00b47a

SHA512
b8cc678fef8eb4098de6f759adbe8a1fe0700fcd8b87a880901f502da2a8113ae61d537cf69563fd046f40d8d97c101f9677f9d70947989aebb6ccc8aa899aca

Download Submit
C:\Windows\System32\jCObFrq.exe

Filesize
3.0MB

MD5
7f14eb1a914d61651333d6088e9160d2

SHA1
6767f594667ac029c0c792dbf87f05daad9fdd98

SHA256
1af4a1c2e0848374bac01e9d6b967c16469312f883a90fd87fc9c41fcd013c3e

SHA512
0a92d96ee574ee47ec654c55c2c7755c7f4c7e6e5f36b38ccd8d6cffcbdf58daac782c5e6732852fb65797e8864f6ada1a9b86000e581e46df49326ee37318bf

Download Submit
C:\Windows\System32\kNJSvLX.exe

Filesize
3.0MB

MD5
9acee6b42e3c4274b06549305c7f722c

SHA1
7aa6a2e02f00ad543e4345b60ce0e47bd5f613fa

SHA256
a50eebf8041b86f0239aa394c0d2a463fc747ae346471d65ca5eebb3bf775a7b

SHA512
c8bf2bf45cb0b661b52dbc391d2a31bc00f4e6d1aa38efdb9d3539993d2a1b07b7b7a831087ef1a99bec6072b22135bf827daf1b8c0fb0a22225d8ccce22cb11

Download Submit
C:\Windows\System32\lYYkXfj.exe

Filesize
3.0MB

MD5
15ee37dba14b2ab44cda4d0a84c059a2

SHA1
719965f838648e9b6efffc169403d007432f9d40

SHA256
d3acfa912b9b0c25c933ea0a4618d5e5575e65c7fc90d16ec949f8f90f44dcd1

SHA512
2f79bea9638c80c1cf2a46d06b4753580439b6fdaa96ad4bfe0f9c8c6b7a02349aafe95d13a376deafc2c088579be102939f7ca45845ceca9bff9ac7395b800d

Download Submit
C:\Windows\System32\lxPRLmK.exe

Filesize
3.0MB

MD5
f5ec1a231e2195932154f151cac1594f

SHA1
d1ab0707f146838ef8d6dd52d2c5f548a4ad34a4

SHA256
50d6364eb0a6343dd6936187665d6c685bd2908dd5ccfad7620835e0a151305d

SHA512
a751d6e967dbb338ff2aa3f4985aad66a5067a92b503db59ca41dacd22490df44d3ca414332a02eb85cc05aed5f68dc454f0f6dd514d532f09695f54fb08b6d9

Download Submit
C:\Windows\System32\mpQeZEj.exe

Filesize
3.0MB

MD5
67e8571cbaaeabe39c57119dc055ccfb

SHA1
e768f82e1101f9f214711aea07181669a851bbbf

SHA256
3bf5110b183d11f831df57b89434dd2b427e19b94bc0a2cce14577883b8acdf0

SHA512
5085f0fce1bea6c2ccab8278add5094e14276ec10f1cb6716f0322a454fb1c5b2f4db293891a4c09e4570b2e5f223e1b38a4f864e74c8ec51ad126b6cb986633

Download Submit
C:\Windows\System32\mpcWXQc.exe

Filesize
3.0MB

MD5
43fe8a52f3ee8dd531a9f9c6e7a474ed

SHA1
cd9624ec9c1aa3f3a2347692d680c22de229a9f7

SHA256
a8790dc4d985871dfeccce6d304c0d6970c22ee6ba4fe7131789c92ea3fe6861

SHA512
ca042eb97e16952bd3d9807d0dfb60f74507c8f333b691de6799ce78eae276e113a820883ee6a373bb82d5067653b088152a392401e079b3c8142170dba14857

Download Submit
C:\Windows\System32\msZmFTB.exe

Filesize
3.0MB

MD5
5dba23c35d2f7658ea1367970cb97f92

SHA1
92de0724dc78f08d9ec6eeb7334188d4c9800add

SHA256
010992e544c74a13f09f113f21de9512b9a0687eebd75c15a051a85de2547aac

SHA512
74e9b51e29be6661e5f718d8fa0d6b0a3db9146f6f362563e34dd25aaf5f4c3c804425cd4e6450056ce56cf023f46a7e5282c6b2cd86d09ef2837d5f9f5a29f7

Download Submit
C:\Windows\System32\qQZskYB.exe

Filesize
3.0MB

MD5
e24d1f38ccd2d9575cdb94521f9331e4

SHA1
e29f76f646712c9f075350eb3e7caddd246f7960

SHA256
24852ac272d64ae6480c09d90b6847ccdb6983d3b9af9370785a13431d3cd509

SHA512
c7444db5b92fb838d70a2f8309d2114888577a26c4ad8f8df467e90100d650b3f9f91ccde53f797e7ce1b9ace9cb86de3f77f214b9126aa26888b357aa7c49a0

Download Submit
C:\Windows\System32\qwnOdgB.exe

Filesize
3.0MB

MD5
dbabdd86f9a4089ac80347c0e37fb498

SHA1
64e64f587e15333f845b4d4842cc0bb2a34099cd

SHA256
5749f1fa56a8706b568e840102b5a786ccb84b42d6bbfc2eef9cae1b789abe41

SHA512
a2c3d4217132742aee320f3d470253b49db8ee53abf1d47b48368304685d5d4e63e776823fa37b5a7b8ef0e1d85d042a44ac769d4eb09492588b26a236ad2429

Download Submit
C:\Windows\System32\sFOZGtK.exe

Filesize
3.0MB

MD5
a5aac1d27a24e8cc771eda7230c25ff8

SHA1
a2822ecb55bea48a787512ab02cc09ab5407a912

SHA256
c4ce9d12b04b412ba6927623f2f3b36a438961a16602372a0369eb61b1185570

SHA512
5bff1820c6dbd174e5bb28f5724210027b0d57e54b7896715689bbb3a79fdb5451ba09fee3f1105c6cb5e1f5894c2e6fe1429149eb2428169e1c0c99f94a3ba0

Download Submit
C:\Windows\System32\uRPdutc.exe

Filesize
3.0MB

MD5
0a647688b4376b24d61258f01f4db701

SHA1
95cc4ac3550dc5023ffde092f6ff5f3ce9938487

SHA256
b09d47b1f634bd651313c85de07a33fc7c8c824013b2a3bf8a079ea66c3411cf

SHA512
a8233dad06763506eb4d60d09ac82a343b4d4383d3eabf588edc2aa7a82afdcd300f83c367cb45f33d70e94048109d83b7943d23811dd82ccb28092ae97a29d1

Download Submit
C:\Windows\System32\udVWSXA.exe

Filesize
3.0MB

MD5
8accbadc5745459fb37b16c601509193

SHA1
f63ade6a8ea3ca7b6dcde5fe0fcc6c935f0a7b4d

SHA256
26220051d0a4e437563eafec0cfbfeff5048cd5b4c60d52276a973bab5552482

SHA512
b0d001920f4b2a7241b0a41585648fb0c399a711dca7c46991898f60ceefc92a50c61c0655eaf62820f552dfb29ae53189057013557eab3a218d3df49bc64d46

Download Submit
C:\Windows\System32\uiLqWEk.exe

Filesize
3.0MB

MD5
96faa7d56480a15a27cf24805a085962

SHA1
7a2f9280cd73c07c60202ba2667033e40fcb7612

SHA256
23a437131d7d0dd5c63a28b38faa9a332eb6b06f7007322a54782f3d759cf9d5

SHA512
4f6ec898dcaed345dfb7d4bc5a4e999fecf7541b521db975103a4439c547e0cd15ee29c729095639b162f1c5ed4cebb0bd1c1e1437752cc2cca19b55cb10aa4f

Download Submit
C:\Windows\System32\vUDNren.exe

Filesize
3.0MB

MD5
e09891ccabf3d2e0d424a0c1a39cc6d9

SHA1
9c0454ee5d6d34653a936ec0bdbdb86cd11fc4f5

SHA256
9ed06d2dcddfadcd72dfc55007e5d5f923daa597e1b6de2dbea4cedcda546d0a

SHA512
ed7c7863c2a485aeb533a79c0330f8731ba5ce86f6223063459a17c13861eb2470871de51685a2830bf860326943e2dab6ebe1dc42ac3b026d5b2283713efd76

Download Submit
C:\Windows\System32\vYtBwIk.exe

Filesize
3.0MB

MD5
19c93ac6500d83671287e6a6696d1026

SHA1
bd9c1d9f5f8b2dad1460447b1f66cdf90262ee46

SHA256
1f567bf7b5081c20f369daeae5a264e66eec141c531bca1483f55181ff50dba2

SHA512
19e6669c88f46fa5fcc21afea83d6000a14f6ce00a769df790ff65ed7b10f935393890ea059f7d867aa91b102796db6ecf49c2d6f18d306cd0fecb65b995ce33

Download Submit
C:\Windows\System32\vcrDlAf.exe

Filesize
3.0MB

MD5
3cbc4c2b5aa992d6ae55286ef0f5c806

SHA1
e6785282d56bbbb24e3f1fbe822029c164b3de79

SHA256
9e1cc49535fcffdc11c0bc85f22d50a782469cc9f3d619935d5392ca820bda7b

SHA512
a54b1bf4f9fffdb1700d2a6d43bc5651bd53c0b9c7c2312a6bff62207b4efbcad361c4aee0537a4809957a0bf6f700e42100f866b7a2545ab75f169292c91814

Download Submit
C:\Windows\System32\wCTpaOi.exe

Filesize
3.0MB

MD5
3c6ff5140935ecf2449b42491812982e

SHA1
7caba0a2e723273c57ee9e92edc44e5de5ecff79

SHA256
a814408b350bd3d1ed92eca46e43ea7d0ab32dd87cef3a8cbfd7e81d32e16ccc

SHA512
682781c924cb33730f466982fdc673838e4fbd76c66127ef89e9087ffed842b02dccebda160690163a502cceb9473babb2f9a6d6cdadf996ab28f4bf7adedbd2

Download Submit
C:\Windows\System32\wSPzuZy.exe

Filesize
3.0MB

MD5
b6c0e1ebfe25567e643289b95e160a53

SHA1
efae73737ea9754ffadac5eed843cc431826c48f

SHA256
fe5f3dd76b9a0dd67f03b6f7c52d0f2eb50784509295e328026818512e7cb1fb

SHA512
d449e995e54c0c0190b6dbde2eaea6cb063d9d342418d2af8ad6ee62099725813b284910e667d1873af6b6242f6e954c76407df765d71a879d2924b7e0fdc46b

Download Submit
C:\Windows\System32\wgyagra.exe

Filesize
3.0MB

MD5
43a26ac1f74d7d5757fa6353c6dbc4ad

SHA1
4709d732b1230c588ba7f68f35b430ee40af0270

SHA256
c5bf3f0c780d3986a6dbd31cdb0d4f27346132e228809f54a3eddd28ed10fa83

SHA512
025b134787fa28b3b414892ea81aa0650f3c8f3fb000de3b73fac936f5254b7f13d14c4a22399b2fb31998543d2d17f67947b24c535c7e819e697e167a4042b0

Download Submit
C:\Windows\System32\xLGiViY.exe

Filesize
3.0MB

MD5
a4626f9a6da5280d75d548758a8769a3

SHA1
3fcb1c87428ed8afd7599ec160a9240f4b29f040

SHA256
c474c86983e93076521307e3f0ebea79f83a7ac4149c0624034248d50b0b3a80

SHA512
fbfdce060b09b685ec008110f265afb6c3babdc7dca30bb800179510c075114fbf4e2bc203134b988dd7d1d31f5fbb2a26f2da3f1dc6b6d87025d5dcbfbb3d5e

Download Submit
C:\Windows\System32\yQBxGuv.exe

Filesize
3.0MB

MD5
404250008c6979f3ff1df6ded96a8692

SHA1
6ffc2b71604c08943ef9dd7d58f4f81ea2122686

SHA256
226e7f7aaecf086f26c588a8b6fcd885e0404cc19d4a4b1544091c4c716f8d7e

SHA512
9ee31cb5d2b07875cf28634ec7c00d779b1118fba231f867c4da3e4f48d4eece81ae6d69ad71acfa1b7bf9460199710d83d5b7e10f3393d897cb7b4548f39b7a

Download Submit
C:\Windows\System32\ysIfzOg.exe

Filesize
3.0MB

MD5
42f082cf1f5509c6412ea8031bdb9800

SHA1
551fbd62d9fcbbbe990446019b2f157f7af5bdb5

SHA256
d06d9ff7949bde9f5e9c14d9f957934a6dfd39f9e84e1504ec951c71a5921fd0

SHA512
682d35f186d9128a2b388f89623726a5f3fb9160de50859e84bdaaf390c3cdeb348bee35503ab6f3a6a5fb191b5b44a6837429755bdc28ad709e3d015f03d44c

Download Submit
memory/448-1861-0x00007FF6AE9E0000-0x00007FF6AEDD5000-memory.dmp

Filesize
4.0MB

Download
memory/448-808-0x00007FF6AE9E0000-0x00007FF6AEDD5000-memory.dmp

Filesize
4.0MB

Download
memory/448-1882-0x00007FF6AE9E0000-0x00007FF6AEDD5000-memory.dmp

Filesize
4.0MB

Download
memory/812-1883-0x00007FF6B8300000-0x00007FF6B86F5000-memory.dmp

Filesize
4.0MB

Download
memory/812-1859-0x00007FF6B8300000-0x00007FF6B86F5000-memory.dmp

Filesize
4.0MB

Download
memory/812-804-0x00007FF6B8300000-0x00007FF6B86F5000-memory.dmp

Filesize
4.0MB

Download
memory/940-811-0x00007FF602DE0000-0x00007FF6031D5000-memory.dmp

Filesize
4.0MB

Download
memory/940-1863-0x00007FF602DE0000-0x00007FF6031D5000-memory.dmp

Filesize
4.0MB

Download
memory/940-1891-0x00007FF602DE0000-0x00007FF6031D5000-memory.dmp

Filesize
4.0MB

Download
memory/1096-1885-0x00007FF658C80000-0x00007FF659075000-memory.dmp

Filesize
4.0MB

Download
memory/1096-805-0x00007FF658C80000-0x00007FF659075000-memory.dmp

Filesize
4.0MB

Download
memory/1096-1860-0x00007FF658C80000-0x00007FF659075000-memory.dmp

Filesize
4.0MB

Download
memory/1232-1893-0x00007FF7C95A0000-0x00007FF7C9995000-memory.dmp

Filesize
4.0MB

Download
memory/1232-1872-0x00007FF7C95A0000-0x00007FF7C9995000-memory.dmp

Filesize
4.0MB

Download
memory/1232-824-0x00007FF7C95A0000-0x00007FF7C9995000-memory.dmp

Filesize
4.0MB

Download
memory/1256-803-0x00007FF74A3E0000-0x00007FF74A7D5000-memory.dmp

Filesize
4.0MB

Download
memory/1256-1858-0x00007FF74A3E0000-0x00007FF74A7D5000-memory.dmp

Filesize
4.0MB

Download
memory/1256-1888-0x00007FF74A3E0000-0x00007FF74A7D5000-memory.dmp

Filesize
4.0MB

Download
memory/1268-1887-0x00007FF7D4940000-0x00007FF7D4D35000-memory.dmp

Filesize
4.0MB

Download
memory/1268-812-0x00007FF7D4940000-0x00007FF7D4D35000-memory.dmp

Filesize
4.0MB

Download
memory/1268-1864-0x00007FF7D4940000-0x00007FF7D4D35000-memory.dmp

Filesize
4.0MB

Download
memory/1644-817-0x00007FF67B860000-0x00007FF67BC55000-memory.dmp

Filesize
4.0MB

Download
memory/1644-1879-0x00007FF67B860000-0x00007FF67BC55000-memory.dmp

Filesize
4.0MB

Download
memory/1644-1867-0x00007FF67B860000-0x00007FF67BC55000-memory.dmp

Filesize
4.0MB

Download
memory/1680-1881-0x00007FF70F000000-0x00007FF70F3F5000-memory.dmp

Filesize
4.0MB

Download
memory/1680-814-0x00007FF70F000000-0x00007FF70F3F5000-memory.dmp

Filesize
4.0MB

Download
memory/1680-1865-0x00007FF70F000000-0x00007FF70F3F5000-memory.dmp

Filesize
4.0MB

Download
memory/1764-1896-0x00007FF636D00000-0x00007FF6370F5000-memory.dmp

Filesize
4.0MB

Download
memory/1764-821-0x00007FF636D00000-0x00007FF6370F5000-memory.dmp

Filesize
4.0MB

Download
memory/1764-1870-0x00007FF636D00000-0x00007FF6370F5000-memory.dmp

Filesize
4.0MB

Download
memory/1908-1853-0x00007FF6DB1E0000-0x00007FF6DB5D5000-memory.dmp

Filesize
4.0MB

Download
memory/1908-1851-0x00007FF6DB1E0000-0x00007FF6DB5D5000-memory.dmp

Filesize
4.0MB

Download
memory/1908-10-0x00007FF6DB1E0000-0x00007FF6DB5D5000-memory.dmp

Filesize
4.0MB

Download
memory/2492-1892-0x00007FF6F9930000-0x00007FF6F9D25000-memory.dmp

Filesize
4.0MB

Download
memory/2492-815-0x00007FF6F9930000-0x00007FF6F9D25000-memory.dmp

Filesize
4.0MB

Download
memory/2492-1866-0x00007FF6F9930000-0x00007FF6F9D25000-memory.dmp

Filesize
4.0MB

Download
memory/2680-800-0x00007FF6FC6A0000-0x00007FF6FCA95000-memory.dmp

Filesize
4.0MB

Download
memory/2680-1856-0x00007FF6FC6A0000-0x00007FF6FCA95000-memory.dmp

Filesize
4.0MB

Download
memory/2680-1886-0x00007FF6FC6A0000-0x00007FF6FCA95000-memory.dmp

Filesize
4.0MB

Download
memory/2972-1873-0x00007FF679EB0000-0x00007FF67A2A5000-memory.dmp

Filesize
4.0MB

Download
memory/2972-825-0x00007FF679EB0000-0x00007FF67A2A5000-memory.dmp

Filesize
4.0MB

Download
memory/2972-1890-0x00007FF679EB0000-0x00007FF67A2A5000-memory.dmp

Filesize
4.0MB

Download
memory/3084-810-0x00007FF7510C0000-0x00007FF7514B5000-memory.dmp

Filesize
4.0MB

Download
memory/3084-1889-0x00007FF7510C0000-0x00007FF7514B5000-memory.dmp

Filesize
4.0MB

Download
memory/3084-1862-0x00007FF7510C0000-0x00007FF7514B5000-memory.dmp

Filesize
4.0MB

Download
memory/3148-797-0x00007FF632300000-0x00007FF6326F5000-memory.dmp

Filesize
4.0MB

Download
memory/3148-1877-0x00007FF632300000-0x00007FF6326F5000-memory.dmp

Filesize
4.0MB

Download
memory/3148-1855-0x00007FF632300000-0x00007FF6326F5000-memory.dmp

Filesize
4.0MB

Download
memory/3364-1880-0x00007FF791630000-0x00007FF791A25000-memory.dmp

Filesize
4.0MB

Download
memory/3364-820-0x00007FF791630000-0x00007FF791A25000-memory.dmp

Filesize
4.0MB

Download
memory/3364-1869-0x00007FF791630000-0x00007FF791A25000-memory.dmp

Filesize
4.0MB

Download
memory/3496-1871-0x00007FF72D440000-0x00007FF72D835000-memory.dmp

Filesize
4.0MB

Download
memory/3496-822-0x00007FF72D440000-0x00007FF72D835000-memory.dmp

Filesize
4.0MB

Download
memory/3496-1897-0x00007FF72D440000-0x00007FF72D835000-memory.dmp

Filesize
4.0MB

Download
memory/3504-1854-0x00007FF6C3800000-0x00007FF6C3BF5000-memory.dmp

Filesize
4.0MB

Download
memory/3504-14-0x00007FF6C3800000-0x00007FF6C3BF5000-memory.dmp

Filesize
4.0MB

Download
memory/3704-801-0x00007FF610660000-0x00007FF610A55000-memory.dmp

Filesize
4.0MB

Download
memory/3704-1857-0x00007FF610660000-0x00007FF610A55000-memory.dmp

Filesize
4.0MB

Download
memory/3704-1884-0x00007FF610660000-0x00007FF610A55000-memory.dmp

Filesize
4.0MB

Download
memory/3952-1874-0x00007FF719F00000-0x00007FF71A2F5000-memory.dmp

Filesize
4.0MB

Download
memory/3952-1898-0x00007FF719F00000-0x00007FF71A2F5000-memory.dmp

Filesize
4.0MB

Download
memory/3952-826-0x00007FF719F00000-0x00007FF71A2F5000-memory.dmp

Filesize
4.0MB

Download
memory/4008-828-0x00007FF6FB130000-0x00007FF6FB525000-memory.dmp

Filesize
4.0MB

Download
memory/4008-1895-0x00007FF6FB130000-0x00007FF6FB525000-memory.dmp

Filesize
4.0MB

Download
memory/4008-1876-0x00007FF6FB130000-0x00007FF6FB525000-memory.dmp

Filesize
4.0MB

Download
memory/4136-1-0x000001D109AE0000-0x000001D109AF0000-memory.dmp

Filesize
64KB

Download
memory/4136-0-0x00007FF6DBBB0000-0x00007FF6DBFA5000-memory.dmp

Filesize
4.0MB

Download
memory/4764-1878-0x00007FF78FDC0000-0x00007FF7901B5000-memory.dmp

Filesize
4.0MB

Download
memory/4764-1868-0x00007FF78FDC0000-0x00007FF7901B5000-memory.dmp

Filesize
4.0MB

Download
memory/4764-818-0x00007FF78FDC0000-0x00007FF7901B5000-memory.dmp

Filesize
4.0MB

Download
memory/4844-827-0x00007FF65E290000-0x00007FF65E685000-memory.dmp

Filesize
4.0MB

Download
memory/4844-1875-0x00007FF65E290000-0x00007FF65E685000-memory.dmp

Filesize
4.0MB

Download
memory/4844-1894-0x00007FF65E290000-0x00007FF65E685000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads