xmrig | f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf

Analysis

max time kernel
131s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
Size

1.5MB
MD5

fc47c45d6b7ceb368f5fb57c629124ef
SHA1

098d15d665ff6d91b24736b6b6161e6f8c2528cd
SHA256

f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf
SHA512

a404d254ca3215f700e83a25f7c7864c8efee75c7c34b3a5f74a05c7ceafe2cfe44d3cf197b7433e8752715efec437bd86b1653e1d4107b0581832e48bbdf1a7
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727vrNaT/QoZo6TOZmkTox2AUQpx6h6OfGyQfEYb2t/:ROdWCCi7/rahW/zaZTqWQdpQ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral2/memory/3964-21-0x00007FF7176B0000-0x00007FF717A01000-memory.dmp	xmrig
behavioral2/memory/3704-48-0x00007FF62D6D0000-0x00007FF62DA21000-memory.dmp	xmrig
behavioral2/memory/5020-449-0x00007FF78EF90000-0x00007FF78F2E1000-memory.dmp	xmrig
behavioral2/memory/1320-451-0x00007FF6B6FF0000-0x00007FF6B7341000-memory.dmp	xmrig
behavioral2/memory/2100-450-0x00007FF6B4A70000-0x00007FF6B4DC1000-memory.dmp	xmrig
behavioral2/memory/5104-457-0x00007FF6EB7D0000-0x00007FF6EBB21000-memory.dmp	xmrig
behavioral2/memory/4436-477-0x00007FF674990000-0x00007FF674CE1000-memory.dmp	xmrig
behavioral2/memory/4980-475-0x00007FF67C6C0000-0x00007FF67CA11000-memory.dmp	xmrig
behavioral2/memory/4608-465-0x00007FF6AA940000-0x00007FF6AAC91000-memory.dmp	xmrig
behavioral2/memory/2236-466-0x00007FF72D420000-0x00007FF72D771000-memory.dmp	xmrig
behavioral2/memory/4760-461-0x00007FF7787D0000-0x00007FF778B21000-memory.dmp	xmrig
behavioral2/memory/3552-55-0x00007FF685E40000-0x00007FF686191000-memory.dmp	xmrig
behavioral2/memory/4352-49-0x00007FF780A10000-0x00007FF780D61000-memory.dmp	xmrig
behavioral2/memory/2776-46-0x00007FF6EFC30000-0x00007FF6EFF81000-memory.dmp	xmrig
behavioral2/memory/192-31-0x00007FF78B5C0000-0x00007FF78B911000-memory.dmp	xmrig
behavioral2/memory/4388-488-0x00007FF698550000-0x00007FF6988A1000-memory.dmp	xmrig
behavioral2/memory/3780-485-0x00007FF6B3460000-0x00007FF6B37B1000-memory.dmp	xmrig
behavioral2/memory/4240-499-0x00007FF70A5D0000-0x00007FF70A921000-memory.dmp	xmrig
behavioral2/memory/4852-500-0x00007FF6943F0000-0x00007FF694741000-memory.dmp	xmrig
behavioral2/memory/1792-506-0x00007FF6EF8B0000-0x00007FF6EFC01000-memory.dmp	xmrig
behavioral2/memory/1756-520-0x00007FF6DF1B0000-0x00007FF6DF501000-memory.dmp	xmrig
behavioral2/memory/1636-541-0x00007FF76E8B0000-0x00007FF76EC01000-memory.dmp	xmrig
behavioral2/memory/2992-507-0x00007FF667930000-0x00007FF667C81000-memory.dmp	xmrig
behavioral2/memory/1660-548-0x00007FF7014A0000-0x00007FF7017F1000-memory.dmp	xmrig
behavioral2/memory/3220-495-0x00007FF62B4B0000-0x00007FF62B801000-memory.dmp	xmrig
behavioral2/memory/2420-494-0x00007FF689620000-0x00007FF689971000-memory.dmp	xmrig
behavioral2/memory/3064-2129-0x00007FF7E71A0000-0x00007FF7E74F1000-memory.dmp	xmrig
behavioral2/memory/1828-2164-0x00007FF6AE6E0000-0x00007FF6AEA31000-memory.dmp	xmrig
behavioral2/memory/192-2166-0x00007FF78B5C0000-0x00007FF78B911000-memory.dmp	xmrig
behavioral2/memory/3964-2165-0x00007FF7176B0000-0x00007FF717A01000-memory.dmp	xmrig
behavioral2/memory/3396-2199-0x00007FF61C3E0000-0x00007FF61C731000-memory.dmp	xmrig
behavioral2/memory/2728-2200-0x00007FF646A70000-0x00007FF646DC1000-memory.dmp	xmrig
behavioral2/memory/1828-2213-0x00007FF6AE6E0000-0x00007FF6AEA31000-memory.dmp	xmrig
behavioral2/memory/3964-2215-0x00007FF7176B0000-0x00007FF717A01000-memory.dmp	xmrig
behavioral2/memory/3704-2217-0x00007FF62D6D0000-0x00007FF62DA21000-memory.dmp	xmrig
behavioral2/memory/192-2221-0x00007FF78B5C0000-0x00007FF78B911000-memory.dmp	xmrig
behavioral2/memory/2776-2219-0x00007FF6EFC30000-0x00007FF6EFF81000-memory.dmp	xmrig
behavioral2/memory/3552-2225-0x00007FF685E40000-0x00007FF686191000-memory.dmp	xmrig
behavioral2/memory/2728-2233-0x00007FF646A70000-0x00007FF646DC1000-memory.dmp	xmrig
behavioral2/memory/3396-2231-0x00007FF61C3E0000-0x00007FF61C731000-memory.dmp	xmrig
behavioral2/memory/1660-2229-0x00007FF7014A0000-0x00007FF7017F1000-memory.dmp	xmrig
behavioral2/memory/5020-2227-0x00007FF78EF90000-0x00007FF78F2E1000-memory.dmp	xmrig
behavioral2/memory/4352-2223-0x00007FF780A10000-0x00007FF780D61000-memory.dmp	xmrig
behavioral2/memory/2100-2235-0x00007FF6B4A70000-0x00007FF6B4DC1000-memory.dmp	xmrig
behavioral2/memory/1320-2237-0x00007FF6B6FF0000-0x00007FF6B7341000-memory.dmp	xmrig
behavioral2/memory/5104-2243-0x00007FF6EB7D0000-0x00007FF6EBB21000-memory.dmp	xmrig
behavioral2/memory/2236-2245-0x00007FF72D420000-0x00007FF72D771000-memory.dmp	xmrig
behavioral2/memory/4760-2241-0x00007FF7787D0000-0x00007FF778B21000-memory.dmp	xmrig
behavioral2/memory/4608-2239-0x00007FF6AA940000-0x00007FF6AAC91000-memory.dmp	xmrig
behavioral2/memory/3780-2268-0x00007FF6B3460000-0x00007FF6B37B1000-memory.dmp	xmrig
behavioral2/memory/4388-2272-0x00007FF698550000-0x00007FF6988A1000-memory.dmp	xmrig
behavioral2/memory/2420-2269-0x00007FF689620000-0x00007FF689971000-memory.dmp	xmrig
behavioral2/memory/4852-2265-0x00007FF6943F0000-0x00007FF694741000-memory.dmp	xmrig
behavioral2/memory/4240-2263-0x00007FF70A5D0000-0x00007FF70A921000-memory.dmp	xmrig
behavioral2/memory/1792-2259-0x00007FF6EF8B0000-0x00007FF6EFC01000-memory.dmp	xmrig
behavioral2/memory/2992-2258-0x00007FF667930000-0x00007FF667C81000-memory.dmp	xmrig
behavioral2/memory/1756-2257-0x00007FF6DF1B0000-0x00007FF6DF501000-memory.dmp	xmrig
behavioral2/memory/1636-2276-0x00007FF76E8B0000-0x00007FF76EC01000-memory.dmp	xmrig
behavioral2/memory/3220-2261-0x00007FF62B4B0000-0x00007FF62B801000-memory.dmp	xmrig
behavioral2/memory/4436-2249-0x00007FF674990000-0x00007FF674CE1000-memory.dmp	xmrig
behavioral2/memory/4980-2248-0x00007FF67C6C0000-0x00007FF67CA11000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1828	jKXQIys.exe
3964	STmyTFs.exe
2776	MfTkbBj.exe
192	xWkERTM.exe
3704	oiXwuFH.exe
3552	NQxSRdT.exe
4352	hCmIdWF.exe
3396	XONpeUk.exe
2728	yNaXEJj.exe
1660	XhjnTkv.exe
5020	NjVIVtZ.exe
2100	BOdQLcw.exe
1320	IYaMSNh.exe
5104	GeUmnXR.exe
4760	dbMCgBV.exe
4608	TIHujXv.exe
2236	aPhrXCC.exe
4980	lPObzYI.exe
4436	JONGPea.exe
3780	kChbzPJ.exe
4388	MEPoDtv.exe
2420	LrhWQko.exe
3220	OIqEAIi.exe
4240	oiEGpLR.exe
4852	DsUnXCY.exe
1792	dLajiMi.exe
2992	cuSPxDM.exe
1756	lBUilTm.exe
1636	RMEqxMa.exe
4940	UsMTWDd.exe
3268	JBSLHSo.exe
2580	zIXbinQ.exe
3380	mZFrsLv.exe
1520	NdhwNSN.exe
3392	AyDEHSi.exe
4224	HTWaGqE.exe
2892	ANAXaBS.exe
3200	WoqbzWT.exe
3404	jJmjhRY.exe
3752	TvhAjDE.exe
4800	vksZqzK.exe
4100	bEScdRx.exe
4504	KchHunu.exe
5068	PhxyHen.exe
3284	NzBJZzA.exe
4744	CzpkTee.exe
4672	MbOnMfj.exe
3532	bhvbhNl.exe
2212	XYmObwA.exe
1248	giUHNUj.exe
4248	BjjMUAS.exe
2340	hgevFIm.exe
2584	ZuPwuuW.exe
4176	iWBfDiM.exe
1772	WYlutvC.exe
4824	BwopJWu.exe
4468	gmUWwSC.exe
2668	wgHBCBP.exe
4380	YlYfJGc.exe
4104	rHiAQDA.exe
3468	DozGUen.exe
4560	tCIbLuT.exe
1360	ZRjkvOa.exe
3332	UfIVUqM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3064-0-0x00007FF7E71A0000-0x00007FF7E74F1000-memory.dmp	upx
behavioral2/files/0x000800000002336e-5.dat	upx
behavioral2/files/0x0007000000023556-8.dat	upx
behavioral2/memory/3964-21-0x00007FF7176B0000-0x00007FF717A01000-memory.dmp	upx
behavioral2/files/0x0007000000023558-27.dat	upx
behavioral2/files/0x000700000002355a-38.dat	upx
behavioral2/memory/3704-48-0x00007FF62D6D0000-0x00007FF62DA21000-memory.dmp	upx
behavioral2/files/0x000700000002355f-64.dat	upx
behavioral2/files/0x0007000000023561-84.dat	upx
behavioral2/files/0x0007000000023563-94.dat	upx
behavioral2/files/0x000700000002356b-126.dat	upx
behavioral2/files/0x000700000002356d-136.dat	upx
behavioral2/files/0x000700000002356e-149.dat	upx
behavioral2/files/0x0007000000023572-161.dat	upx
behavioral2/memory/2728-431-0x00007FF646A70000-0x00007FF646DC1000-memory.dmp	upx
behavioral2/memory/5020-449-0x00007FF78EF90000-0x00007FF78F2E1000-memory.dmp	upx
behavioral2/files/0x0007000000023574-171.dat	upx
behavioral2/files/0x0007000000023573-166.dat	upx
behavioral2/files/0x0007000000023571-164.dat	upx
behavioral2/files/0x0007000000023570-159.dat	upx
behavioral2/files/0x000700000002356f-154.dat	upx
behavioral2/files/0x000700000002356c-139.dat	upx
behavioral2/files/0x000700000002356a-129.dat	upx
behavioral2/files/0x0007000000023569-124.dat	upx
behavioral2/files/0x0007000000023568-119.dat	upx
behavioral2/files/0x0007000000023567-114.dat	upx
behavioral2/files/0x0007000000023566-109.dat	upx
behavioral2/files/0x0007000000023565-104.dat	upx
behavioral2/files/0x0007000000023564-99.dat	upx
behavioral2/memory/1320-451-0x00007FF6B6FF0000-0x00007FF6B7341000-memory.dmp	upx
behavioral2/memory/2100-450-0x00007FF6B4A70000-0x00007FF6B4DC1000-memory.dmp	upx
behavioral2/files/0x0007000000023562-89.dat	upx
behavioral2/files/0x0007000000023560-79.dat	upx
behavioral2/memory/5104-457-0x00007FF6EB7D0000-0x00007FF6EBB21000-memory.dmp	upx
behavioral2/memory/4436-477-0x00007FF674990000-0x00007FF674CE1000-memory.dmp	upx
behavioral2/memory/4980-475-0x00007FF67C6C0000-0x00007FF67CA11000-memory.dmp	upx
behavioral2/memory/4608-465-0x00007FF6AA940000-0x00007FF6AAC91000-memory.dmp	upx
behavioral2/memory/2236-466-0x00007FF72D420000-0x00007FF72D771000-memory.dmp	upx
behavioral2/memory/4760-461-0x00007FF7787D0000-0x00007FF778B21000-memory.dmp	upx
behavioral2/files/0x000700000002355e-67.dat	upx
behavioral2/files/0x000700000002355d-65.dat	upx
behavioral2/files/0x000700000002355c-56.dat	upx
behavioral2/memory/3552-55-0x00007FF685E40000-0x00007FF686191000-memory.dmp	upx
behavioral2/memory/3396-53-0x00007FF61C3E0000-0x00007FF61C731000-memory.dmp	upx
behavioral2/memory/4352-49-0x00007FF780A10000-0x00007FF780D61000-memory.dmp	upx
behavioral2/memory/2776-46-0x00007FF6EFC30000-0x00007FF6EFF81000-memory.dmp	upx
behavioral2/files/0x000700000002355b-50.dat	upx
behavioral2/files/0x0007000000023559-33.dat	upx
behavioral2/memory/192-31-0x00007FF78B5C0000-0x00007FF78B911000-memory.dmp	upx
behavioral2/files/0x0008000000023554-25.dat	upx
behavioral2/files/0x0007000000023557-20.dat	upx
behavioral2/memory/1828-14-0x00007FF6AE6E0000-0x00007FF6AEA31000-memory.dmp	upx
behavioral2/memory/4388-488-0x00007FF698550000-0x00007FF6988A1000-memory.dmp	upx
behavioral2/memory/3780-485-0x00007FF6B3460000-0x00007FF6B37B1000-memory.dmp	upx
behavioral2/memory/4240-499-0x00007FF70A5D0000-0x00007FF70A921000-memory.dmp	upx
behavioral2/memory/4852-500-0x00007FF6943F0000-0x00007FF694741000-memory.dmp	upx
behavioral2/memory/1792-506-0x00007FF6EF8B0000-0x00007FF6EFC01000-memory.dmp	upx
behavioral2/memory/1756-520-0x00007FF6DF1B0000-0x00007FF6DF501000-memory.dmp	upx
behavioral2/memory/1636-541-0x00007FF76E8B0000-0x00007FF76EC01000-memory.dmp	upx
behavioral2/memory/2992-507-0x00007FF667930000-0x00007FF667C81000-memory.dmp	upx
behavioral2/memory/1660-548-0x00007FF7014A0000-0x00007FF7017F1000-memory.dmp	upx
behavioral2/memory/3220-495-0x00007FF62B4B0000-0x00007FF62B801000-memory.dmp	upx
behavioral2/memory/2420-494-0x00007FF689620000-0x00007FF689971000-memory.dmp	upx
behavioral2/memory/3064-2129-0x00007FF7E71A0000-0x00007FF7E74F1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OftlAnN.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\gTTHXAt.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\jJmjhRY.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\wNJcjpK.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\nBprXep.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\cWWgWiU.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\VvpfrJq.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\ugfHyjk.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\CzpkTee.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\xGfGCCE.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\aZBbPmw.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\obgryki.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\zdPCczv.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\QVJtoRR.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\tWDLgKa.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\FpRkVNz.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\jSlQYgI.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\HKbjAlc.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\OdFQXKs.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\cKeqYLf.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\BEiLgGb.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\XGXLGNu.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\NQxSRdT.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\rHiAQDA.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\RYXSJvQ.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\YwCuhJU.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\gkxeYiH.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\xZKQTOy.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\tMsjcOc.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\EpcxoLF.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\MAsALpp.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\COSBriX.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\weqJErZ.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\GykwTXI.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\uOvdXFb.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\MbuUsua.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\rkOJMKN.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\DdYbPIr.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\airOMLU.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\EXSMIJO.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\hvLbpfF.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\xyspNJM.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\gzpAuBs.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\VWQPkAb.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\BBqzold.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\UebZieg.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\pZnGERa.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\RVMyptT.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\oiXwuFH.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\hCmIdWF.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\cXQiMMy.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\nnFIHQL.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\bxGDoRH.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\BUdAbYg.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\Eskagtp.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\bhvbhNl.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\PbziwBM.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\OnVWVXv.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\WMdfZmh.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\KHOBfgv.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\ztagihi.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\frGqCMm.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\ayCORAr.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
File created	C:\Windows\System\dcRfhnq.exe	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14424	dwm.exe
Token: SeChangeNotifyPrivilege	14424	dwm.exe
Token: 33	14424	dwm.exe
Token: SeIncBasePriorityPrivilege	14424	dwm.exe
Token: SeShutdownPrivilege	14424	dwm.exe
Token: SeCreatePagefilePrivilege	14424	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 1828	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	83
PID 3064 wrote to memory of 1828	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	83
PID 3064 wrote to memory of 2776	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	84
PID 3064 wrote to memory of 2776	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	84
PID 3064 wrote to memory of 3964	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	85
PID 3064 wrote to memory of 3964	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	85
PID 3064 wrote to memory of 192	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	86
PID 3064 wrote to memory of 192	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	86
PID 3064 wrote to memory of 3704	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	87
PID 3064 wrote to memory of 3704	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	87
PID 3064 wrote to memory of 3552	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	88
PID 3064 wrote to memory of 3552	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	88
PID 3064 wrote to memory of 4352	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	89
PID 3064 wrote to memory of 4352	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	89
PID 3064 wrote to memory of 3396	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	90
PID 3064 wrote to memory of 3396	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	90
PID 3064 wrote to memory of 2728	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	91
PID 3064 wrote to memory of 2728	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	91
PID 3064 wrote to memory of 1660	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	92
PID 3064 wrote to memory of 1660	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	92
PID 3064 wrote to memory of 5020	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	93
PID 3064 wrote to memory of 5020	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	93
PID 3064 wrote to memory of 2100	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	94
PID 3064 wrote to memory of 2100	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	94
PID 3064 wrote to memory of 1320	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	95
PID 3064 wrote to memory of 1320	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	95
PID 3064 wrote to memory of 5104	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	96
PID 3064 wrote to memory of 5104	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	96
PID 3064 wrote to memory of 4760	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	97
PID 3064 wrote to memory of 4760	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	97
PID 3064 wrote to memory of 4608	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	98
PID 3064 wrote to memory of 4608	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	98
PID 3064 wrote to memory of 2236	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	99
PID 3064 wrote to memory of 2236	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	99
PID 3064 wrote to memory of 4980	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	100
PID 3064 wrote to memory of 4980	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	100
PID 3064 wrote to memory of 4436	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	101
PID 3064 wrote to memory of 4436	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	101
PID 3064 wrote to memory of 3780	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	102
PID 3064 wrote to memory of 3780	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	102
PID 3064 wrote to memory of 4388	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	103
PID 3064 wrote to memory of 4388	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	103
PID 3064 wrote to memory of 2420	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	104
PID 3064 wrote to memory of 2420	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	104
PID 3064 wrote to memory of 3220	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	105
PID 3064 wrote to memory of 3220	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	105
PID 3064 wrote to memory of 4240	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	106
PID 3064 wrote to memory of 4240	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	106
PID 3064 wrote to memory of 4852	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	107
PID 3064 wrote to memory of 4852	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	107
PID 3064 wrote to memory of 1792	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	108
PID 3064 wrote to memory of 1792	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	108
PID 3064 wrote to memory of 2992	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	109
PID 3064 wrote to memory of 2992	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	109
PID 3064 wrote to memory of 1756	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	110
PID 3064 wrote to memory of 1756	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	110
PID 3064 wrote to memory of 1636	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	111
PID 3064 wrote to memory of 1636	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	111
PID 3064 wrote to memory of 4940	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	112
PID 3064 wrote to memory of 4940	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	112
PID 3064 wrote to memory of 3268	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	113
PID 3064 wrote to memory of 3268	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	113
PID 3064 wrote to memory of 2580	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	114
PID 3064 wrote to memory of 2580	3064	f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe	114

C:\Users\Admin\AppData\Local\Temp\f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe
"C:\Users\Admin\AppData\Local\Temp\f29d48283a2dde76f31353aaf400a40f1ed7385ee9445f8236eda4ef08bb60bf.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\System\jKXQIys.exe
  C:\Windows\System\jKXQIys.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\MfTkbBj.exe
  C:\Windows\System\MfTkbBj.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\STmyTFs.exe
  C:\Windows\System\STmyTFs.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\xWkERTM.exe
  C:\Windows\System\xWkERTM.exe
  2⤵
  - Executes dropped EXE
  PID:192
- C:\Windows\System\oiXwuFH.exe
  C:\Windows\System\oiXwuFH.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\NQxSRdT.exe
  C:\Windows\System\NQxSRdT.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\hCmIdWF.exe
  C:\Windows\System\hCmIdWF.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\XONpeUk.exe
  C:\Windows\System\XONpeUk.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\yNaXEJj.exe
  C:\Windows\System\yNaXEJj.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\XhjnTkv.exe
  C:\Windows\System\XhjnTkv.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\NjVIVtZ.exe
  C:\Windows\System\NjVIVtZ.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\BOdQLcw.exe
  C:\Windows\System\BOdQLcw.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\IYaMSNh.exe
  C:\Windows\System\IYaMSNh.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\GeUmnXR.exe
  C:\Windows\System\GeUmnXR.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\dbMCgBV.exe
  C:\Windows\System\dbMCgBV.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\TIHujXv.exe
  C:\Windows\System\TIHujXv.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\aPhrXCC.exe
  C:\Windows\System\aPhrXCC.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\lPObzYI.exe
  C:\Windows\System\lPObzYI.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\JONGPea.exe
  C:\Windows\System\JONGPea.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\kChbzPJ.exe
  C:\Windows\System\kChbzPJ.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\MEPoDtv.exe
  C:\Windows\System\MEPoDtv.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\LrhWQko.exe
  C:\Windows\System\LrhWQko.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\OIqEAIi.exe
  C:\Windows\System\OIqEAIi.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\oiEGpLR.exe
  C:\Windows\System\oiEGpLR.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\DsUnXCY.exe
  C:\Windows\System\DsUnXCY.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\dLajiMi.exe
  C:\Windows\System\dLajiMi.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\cuSPxDM.exe
  C:\Windows\System\cuSPxDM.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\lBUilTm.exe
  C:\Windows\System\lBUilTm.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\RMEqxMa.exe
  C:\Windows\System\RMEqxMa.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\UsMTWDd.exe
  C:\Windows\System\UsMTWDd.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\JBSLHSo.exe
  C:\Windows\System\JBSLHSo.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\zIXbinQ.exe
  C:\Windows\System\zIXbinQ.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\mZFrsLv.exe
  C:\Windows\System\mZFrsLv.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\NdhwNSN.exe
  C:\Windows\System\NdhwNSN.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\AyDEHSi.exe
  C:\Windows\System\AyDEHSi.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\HTWaGqE.exe
  C:\Windows\System\HTWaGqE.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\ANAXaBS.exe
  C:\Windows\System\ANAXaBS.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\WoqbzWT.exe
  C:\Windows\System\WoqbzWT.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\jJmjhRY.exe
  C:\Windows\System\jJmjhRY.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\TvhAjDE.exe
  C:\Windows\System\TvhAjDE.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\vksZqzK.exe
  C:\Windows\System\vksZqzK.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\bEScdRx.exe
  C:\Windows\System\bEScdRx.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\KchHunu.exe
  C:\Windows\System\KchHunu.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\PhxyHen.exe
  C:\Windows\System\PhxyHen.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\NzBJZzA.exe
  C:\Windows\System\NzBJZzA.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\CzpkTee.exe
  C:\Windows\System\CzpkTee.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\MbOnMfj.exe
  C:\Windows\System\MbOnMfj.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\bhvbhNl.exe
  C:\Windows\System\bhvbhNl.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\XYmObwA.exe
  C:\Windows\System\XYmObwA.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\giUHNUj.exe
  C:\Windows\System\giUHNUj.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\BjjMUAS.exe
  C:\Windows\System\BjjMUAS.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\hgevFIm.exe
  C:\Windows\System\hgevFIm.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\ZuPwuuW.exe
  C:\Windows\System\ZuPwuuW.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\iWBfDiM.exe
  C:\Windows\System\iWBfDiM.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\WYlutvC.exe
  C:\Windows\System\WYlutvC.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\BwopJWu.exe
  C:\Windows\System\BwopJWu.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\gmUWwSC.exe
  C:\Windows\System\gmUWwSC.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\wgHBCBP.exe
  C:\Windows\System\wgHBCBP.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\YlYfJGc.exe
  C:\Windows\System\YlYfJGc.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\rHiAQDA.exe
  C:\Windows\System\rHiAQDA.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\DozGUen.exe
  C:\Windows\System\DozGUen.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\tCIbLuT.exe
  C:\Windows\System\tCIbLuT.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\ZRjkvOa.exe
  C:\Windows\System\ZRjkvOa.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\UfIVUqM.exe
  C:\Windows\System\UfIVUqM.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\tTFLmgC.exe
  C:\Windows\System\tTFLmgC.exe
  2⤵
  PID:3040
- C:\Windows\System\eKcMIzn.exe
  C:\Windows\System\eKcMIzn.exe
  2⤵
  PID:2072
- C:\Windows\System\tMsjcOc.exe
  C:\Windows\System\tMsjcOc.exe
  2⤵
  PID:1700
- C:\Windows\System\esSNlpR.exe
  C:\Windows\System\esSNlpR.exe
  2⤵
  PID:3480
- C:\Windows\System\CntWuAX.exe
  C:\Windows\System\CntWuAX.exe
  2⤵
  PID:4596
- C:\Windows\System\bzdMIfx.exe
  C:\Windows\System\bzdMIfx.exe
  2⤵
  PID:4888
- C:\Windows\System\xGfGCCE.exe
  C:\Windows\System\xGfGCCE.exe
  2⤵
  PID:3696
- C:\Windows\System\MBwtiFN.exe
  C:\Windows\System\MBwtiFN.exe
  2⤵
  PID:4820
- C:\Windows\System\CeiFDyf.exe
  C:\Windows\System\CeiFDyf.exe
  2⤵
  PID:2440
- C:\Windows\System\TQKbCHw.exe
  C:\Windows\System\TQKbCHw.exe
  2⤵
  PID:4412
- C:\Windows\System\NIuqfpR.exe
  C:\Windows\System\NIuqfpR.exe
  2⤵
  PID:4584
- C:\Windows\System\oKzCEXv.exe
  C:\Windows\System\oKzCEXv.exe
  2⤵
  PID:5028
- C:\Windows\System\OVRGmlL.exe
  C:\Windows\System\OVRGmlL.exe
  2⤵
  PID:1664
- C:\Windows\System\ioCMiDl.exe
  C:\Windows\System\ioCMiDl.exe
  2⤵
  PID:2432
- C:\Windows\System\FBMasaE.exe
  C:\Windows\System\FBMasaE.exe
  2⤵
  PID:3640
- C:\Windows\System\nmKZNBt.exe
  C:\Windows\System\nmKZNBt.exe
  2⤵
  PID:3436
- C:\Windows\System\ujvTAVZ.exe
  C:\Windows\System\ujvTAVZ.exe
  2⤵
  PID:1480
- C:\Windows\System\nLpSzDA.exe
  C:\Windows\System\nLpSzDA.exe
  2⤵
  PID:1776
- C:\Windows\System\airOMLU.exe
  C:\Windows\System\airOMLU.exe
  2⤵
  PID:2836
- C:\Windows\System\NKEUlPC.exe
  C:\Windows\System\NKEUlPC.exe
  2⤵
  PID:5140
- C:\Windows\System\FwFWsQi.exe
  C:\Windows\System\FwFWsQi.exe
  2⤵
  PID:5168
- C:\Windows\System\DqVPKaE.exe
  C:\Windows\System\DqVPKaE.exe
  2⤵
  PID:5196
- C:\Windows\System\MBoVyeI.exe
  C:\Windows\System\MBoVyeI.exe
  2⤵
  PID:5224
- C:\Windows\System\wNJcjpK.exe
  C:\Windows\System\wNJcjpK.exe
  2⤵
  PID:5248
- C:\Windows\System\NXdkixX.exe
  C:\Windows\System\NXdkixX.exe
  2⤵
  PID:5276
- C:\Windows\System\tTYGDVb.exe
  C:\Windows\System\tTYGDVb.exe
  2⤵
  PID:5304
- C:\Windows\System\JBBQXKR.exe
  C:\Windows\System\JBBQXKR.exe
  2⤵
  PID:5332
- C:\Windows\System\eqfvLvw.exe
  C:\Windows\System\eqfvLvw.exe
  2⤵
  PID:5360
- C:\Windows\System\XWhhWOR.exe
  C:\Windows\System\XWhhWOR.exe
  2⤵
  PID:5388
- C:\Windows\System\OvuLqIA.exe
  C:\Windows\System\OvuLqIA.exe
  2⤵
  PID:5416
- C:\Windows\System\ScXdbtK.exe
  C:\Windows\System\ScXdbtK.exe
  2⤵
  PID:5444
- C:\Windows\System\uZITqNu.exe
  C:\Windows\System\uZITqNu.exe
  2⤵
  PID:5476
- C:\Windows\System\pwlKXdS.exe
  C:\Windows\System\pwlKXdS.exe
  2⤵
  PID:5500
- C:\Windows\System\RYXSJvQ.exe
  C:\Windows\System\RYXSJvQ.exe
  2⤵
  PID:5528
- C:\Windows\System\JmHnLzB.exe
  C:\Windows\System\JmHnLzB.exe
  2⤵
  PID:5556
- C:\Windows\System\NogUDkL.exe
  C:\Windows\System\NogUDkL.exe
  2⤵
  PID:5584
- C:\Windows\System\FveRDeu.exe
  C:\Windows\System\FveRDeu.exe
  2⤵
  PID:5612
- C:\Windows\System\JQcXHzU.exe
  C:\Windows\System\JQcXHzU.exe
  2⤵
  PID:5640
- C:\Windows\System\hBGJRGj.exe
  C:\Windows\System\hBGJRGj.exe
  2⤵
  PID:5668
- C:\Windows\System\mFOVhhT.exe
  C:\Windows\System\mFOVhhT.exe
  2⤵
  PID:5696
- C:\Windows\System\mRAqZaO.exe
  C:\Windows\System\mRAqZaO.exe
  2⤵
  PID:5724
- C:\Windows\System\mERAwmj.exe
  C:\Windows\System\mERAwmj.exe
  2⤵
  PID:5752
- C:\Windows\System\ObqdEue.exe
  C:\Windows\System\ObqdEue.exe
  2⤵
  PID:5780
- C:\Windows\System\UVXnDar.exe
  C:\Windows\System\UVXnDar.exe
  2⤵
  PID:5812
- C:\Windows\System\VfScXMi.exe
  C:\Windows\System\VfScXMi.exe
  2⤵
  PID:5840
- C:\Windows\System\IFWkxEy.exe
  C:\Windows\System\IFWkxEy.exe
  2⤵
  PID:5868
- C:\Windows\System\ZUMzpQN.exe
  C:\Windows\System\ZUMzpQN.exe
  2⤵
  PID:5896
- C:\Windows\System\PbziwBM.exe
  C:\Windows\System\PbziwBM.exe
  2⤵
  PID:5924
- C:\Windows\System\jYVbWXt.exe
  C:\Windows\System\jYVbWXt.exe
  2⤵
  PID:5952
- C:\Windows\System\fikoLnv.exe
  C:\Windows\System\fikoLnv.exe
  2⤵
  PID:5976
- C:\Windows\System\HKbjAlc.exe
  C:\Windows\System\HKbjAlc.exe
  2⤵
  PID:6008
- C:\Windows\System\KSWQgsx.exe
  C:\Windows\System\KSWQgsx.exe
  2⤵
  PID:6032
- C:\Windows\System\hwuaUHT.exe
  C:\Windows\System\hwuaUHT.exe
  2⤵
  PID:6060
- C:\Windows\System\KHOBfgv.exe
  C:\Windows\System\KHOBfgv.exe
  2⤵
  PID:6092
- C:\Windows\System\XdutiWk.exe
  C:\Windows\System\XdutiWk.exe
  2⤵
  PID:6120
- C:\Windows\System\DmQoacS.exe
  C:\Windows\System\DmQoacS.exe
  2⤵
  PID:3004
- C:\Windows\System\VZcZXft.exe
  C:\Windows\System\VZcZXft.exe
  2⤵
  PID:2572
- C:\Windows\System\AtVItcm.exe
  C:\Windows\System\AtVItcm.exe
  2⤵
  PID:4428
- C:\Windows\System\xhfYDri.exe
  C:\Windows\System\xhfYDri.exe
  2⤵
  PID:2116
- C:\Windows\System\vlQjRJi.exe
  C:\Windows\System\vlQjRJi.exe
  2⤵
  PID:5180
- C:\Windows\System\DBuQMkQ.exe
  C:\Windows\System\DBuQMkQ.exe
  2⤵
  PID:5216
- C:\Windows\System\mORyHtG.exe
  C:\Windows\System\mORyHtG.exe
  2⤵
  PID:5268
- C:\Windows\System\HeFCBjK.exe
  C:\Windows\System\HeFCBjK.exe
  2⤵
  PID:5296
- C:\Windows\System\GtsxkOe.exe
  C:\Windows\System\GtsxkOe.exe
  2⤵
  PID:3868
- C:\Windows\System\gECbmdn.exe
  C:\Windows\System\gECbmdn.exe
  2⤵
  PID:5552
- C:\Windows\System\DZoVjEB.exe
  C:\Windows\System\DZoVjEB.exe
  2⤵
  PID:5608
- C:\Windows\System\cHugTRK.exe
  C:\Windows\System\cHugTRK.exe
  2⤵
  PID:5664
- C:\Windows\System\cvZYIiK.exe
  C:\Windows\System\cvZYIiK.exe
  2⤵
  PID:5712
- C:\Windows\System\LyHPjQB.exe
  C:\Windows\System\LyHPjQB.exe
  2⤵
  PID:5744
- C:\Windows\System\XlYROvI.exe
  C:\Windows\System\XlYROvI.exe
  2⤵
  PID:5824
- C:\Windows\System\JGiLmRL.exe
  C:\Windows\System\JGiLmRL.exe
  2⤵
  PID:5860
- C:\Windows\System\UmnsEbf.exe
  C:\Windows\System\UmnsEbf.exe
  2⤵
  PID:5884
- C:\Windows\System\csVwOCr.exe
  C:\Windows\System\csVwOCr.exe
  2⤵
  PID:4012
- C:\Windows\System\GlKPBiG.exe
  C:\Windows\System\GlKPBiG.exe
  2⤵
  PID:4828
- C:\Windows\System\dIygWCy.exe
  C:\Windows\System\dIygWCy.exe
  2⤵
  PID:5972
- C:\Windows\System\cXQiMMy.exe
  C:\Windows\System\cXQiMMy.exe
  2⤵
  PID:6052
- C:\Windows\System\zAwUKzg.exe
  C:\Windows\System\zAwUKzg.exe
  2⤵
  PID:3036
- C:\Windows\System\zixrAdB.exe
  C:\Windows\System\zixrAdB.exe
  2⤵
  PID:3944
- C:\Windows\System\WEvUAng.exe
  C:\Windows\System\WEvUAng.exe
  2⤵
  PID:1872
- C:\Windows\System\ShyMhfB.exe
  C:\Windows\System\ShyMhfB.exe
  2⤵
  PID:552
- C:\Windows\System\iZAVULs.exe
  C:\Windows\System\iZAVULs.exe
  2⤵
  PID:2988
- C:\Windows\System\cuHIHKX.exe
  C:\Windows\System\cuHIHKX.exe
  2⤵
  PID:400
- C:\Windows\System\uUZjMdl.exe
  C:\Windows\System\uUZjMdl.exe
  2⤵
  PID:5492
- C:\Windows\System\OnVWVXv.exe
  C:\Windows\System\OnVWVXv.exe
  2⤵
  PID:1476
- C:\Windows\System\tPsQGMn.exe
  C:\Windows\System\tPsQGMn.exe
  2⤵
  PID:5636
- C:\Windows\System\EpcxoLF.exe
  C:\Windows\System\EpcxoLF.exe
  2⤵
  PID:5684
- C:\Windows\System\risfGnq.exe
  C:\Windows\System\risfGnq.exe
  2⤵
  PID:5944
- C:\Windows\System\MDnVfwx.exe
  C:\Windows\System\MDnVfwx.exe
  2⤵
  PID:3352
- C:\Windows\System\VqQBtTO.exe
  C:\Windows\System\VqQBtTO.exe
  2⤵
  PID:6104
- C:\Windows\System\AimZmiP.exe
  C:\Windows\System\AimZmiP.exe
  2⤵
  PID:5264
- C:\Windows\System\xyspNJM.exe
  C:\Windows\System\xyspNJM.exe
  2⤵
  PID:5440
- C:\Windows\System\FUpVwuf.exe
  C:\Windows\System\FUpVwuf.exe
  2⤵
  PID:5660
- C:\Windows\System\kNehVsy.exe
  C:\Windows\System\kNehVsy.exe
  2⤵
  PID:6080
- C:\Windows\System\VTewdIY.exe
  C:\Windows\System\VTewdIY.exe
  2⤵
  PID:2712
- C:\Windows\System\gzpAuBs.exe
  C:\Windows\System\gzpAuBs.exe
  2⤵
  PID:2288
- C:\Windows\System\wslCrTx.exe
  C:\Windows\System\wslCrTx.exe
  2⤵
  PID:796
- C:\Windows\System\wwbrJBN.exe
  C:\Windows\System\wwbrJBN.exe
  2⤵
  PID:5604
- C:\Windows\System\ztagihi.exe
  C:\Windows\System\ztagihi.exe
  2⤵
  PID:5800
- C:\Windows\System\ZNHeFeG.exe
  C:\Windows\System\ZNHeFeG.exe
  2⤵
  PID:6000
- C:\Windows\System\sNlowAS.exe
  C:\Windows\System\sNlowAS.exe
  2⤵
  PID:5796
- C:\Windows\System\qUMKgMR.exe
  C:\Windows\System\qUMKgMR.exe
  2⤵
  PID:1720
- C:\Windows\System\BKEcvLF.exe
  C:\Windows\System\BKEcvLF.exe
  2⤵
  PID:6188
- C:\Windows\System\VNUccbS.exe
  C:\Windows\System\VNUccbS.exe
  2⤵
  PID:6248
- C:\Windows\System\IZAaZzR.exe
  C:\Windows\System\IZAaZzR.exe
  2⤵
  PID:6284
- C:\Windows\System\CcVYWbm.exe
  C:\Windows\System\CcVYWbm.exe
  2⤵
  PID:6308
- C:\Windows\System\tPIAwPy.exe
  C:\Windows\System\tPIAwPy.exe
  2⤵
  PID:6324
- C:\Windows\System\BBqzold.exe
  C:\Windows\System\BBqzold.exe
  2⤵
  PID:6340
- C:\Windows\System\nPCpjNO.exe
  C:\Windows\System\nPCpjNO.exe
  2⤵
  PID:6360
- C:\Windows\System\cBgIGWZ.exe
  C:\Windows\System\cBgIGWZ.exe
  2⤵
  PID:6384
- C:\Windows\System\XkUizfX.exe
  C:\Windows\System\XkUizfX.exe
  2⤵
  PID:6404
- C:\Windows\System\qCUSGbT.exe
  C:\Windows\System\qCUSGbT.exe
  2⤵
  PID:6420
- C:\Windows\System\icrsYqu.exe
  C:\Windows\System\icrsYqu.exe
  2⤵
  PID:6464
- C:\Windows\System\orPFwwy.exe
  C:\Windows\System\orPFwwy.exe
  2⤵
  PID:6492
- C:\Windows\System\lotILWh.exe
  C:\Windows\System\lotILWh.exe
  2⤵
  PID:6540
- C:\Windows\System\NLvtmWv.exe
  C:\Windows\System\NLvtmWv.exe
  2⤵
  PID:6560
- C:\Windows\System\cRsnvfY.exe
  C:\Windows\System\cRsnvfY.exe
  2⤵
  PID:6584
- C:\Windows\System\MAsALpp.exe
  C:\Windows\System\MAsALpp.exe
  2⤵
  PID:6604
- C:\Windows\System\sISDWsy.exe
  C:\Windows\System\sISDWsy.exe
  2⤵
  PID:6628
- C:\Windows\System\IPZzCgK.exe
  C:\Windows\System\IPZzCgK.exe
  2⤵
  PID:6648
- C:\Windows\System\AkvvobI.exe
  C:\Windows\System\AkvvobI.exe
  2⤵
  PID:6672
- C:\Windows\System\QJhqRyo.exe
  C:\Windows\System\QJhqRyo.exe
  2⤵
  PID:6692
- C:\Windows\System\PuHnEPD.exe
  C:\Windows\System\PuHnEPD.exe
  2⤵
  PID:6716
- C:\Windows\System\NsLYisG.exe
  C:\Windows\System\NsLYisG.exe
  2⤵
  PID:6776
- C:\Windows\System\cUccWJN.exe
  C:\Windows\System\cUccWJN.exe
  2⤵
  PID:6824
- C:\Windows\System\hwJlNfU.exe
  C:\Windows\System\hwJlNfU.exe
  2⤵
  PID:6844
- C:\Windows\System\wmoWxKl.exe
  C:\Windows\System\wmoWxKl.exe
  2⤵
  PID:6876
- C:\Windows\System\yoUKOrW.exe
  C:\Windows\System\yoUKOrW.exe
  2⤵
  PID:6904
- C:\Windows\System\kSdQOvL.exe
  C:\Windows\System\kSdQOvL.exe
  2⤵
  PID:6924
- C:\Windows\System\FWBEKVQ.exe
  C:\Windows\System\FWBEKVQ.exe
  2⤵
  PID:6968
- C:\Windows\System\PWlhiLy.exe
  C:\Windows\System\PWlhiLy.exe
  2⤵
  PID:6988
- C:\Windows\System\tFgoTvC.exe
  C:\Windows\System\tFgoTvC.exe
  2⤵
  PID:7036
- C:\Windows\System\UebZieg.exe
  C:\Windows\System\UebZieg.exe
  2⤵
  PID:7052
- C:\Windows\System\LYVQpcl.exe
  C:\Windows\System\LYVQpcl.exe
  2⤵
  PID:7072
- C:\Windows\System\PhlLTGS.exe
  C:\Windows\System\PhlLTGS.exe
  2⤵
  PID:7108
- C:\Windows\System\LHIMFzm.exe
  C:\Windows\System\LHIMFzm.exe
  2⤵
  PID:7128
- C:\Windows\System\YOXzWlA.exe
  C:\Windows\System\YOXzWlA.exe
  2⤵
  PID:3060
- C:\Windows\System\unNRzJn.exe
  C:\Windows\System\unNRzJn.exe
  2⤵
  PID:6152
- C:\Windows\System\fRRDGKX.exe
  C:\Windows\System\fRRDGKX.exe
  2⤵
  PID:6200
- C:\Windows\System\frGqCMm.exe
  C:\Windows\System\frGqCMm.exe
  2⤵
  PID:6256
- C:\Windows\System\pFCMksS.exe
  C:\Windows\System\pFCMksS.exe
  2⤵
  PID:6280
- C:\Windows\System\fucFYtS.exe
  C:\Windows\System\fucFYtS.exe
  2⤵
  PID:6416
- C:\Windows\System\dufrCuW.exe
  C:\Windows\System\dufrCuW.exe
  2⤵
  PID:6456
- C:\Windows\System\hsUPexk.exe
  C:\Windows\System\hsUPexk.exe
  2⤵
  PID:6536
- C:\Windows\System\dIReueL.exe
  C:\Windows\System\dIReueL.exe
  2⤵
  PID:6592
- C:\Windows\System\YbqcIvI.exe
  C:\Windows\System\YbqcIvI.exe
  2⤵
  PID:6664
- C:\Windows\System\YwCuhJU.exe
  C:\Windows\System\YwCuhJU.exe
  2⤵
  PID:6708
- C:\Windows\System\FIrPcGv.exe
  C:\Windows\System\FIrPcGv.exe
  2⤵
  PID:6816
- C:\Windows\System\NckOtVA.exe
  C:\Windows\System\NckOtVA.exe
  2⤵
  PID:6840
- C:\Windows\System\kpneusD.exe
  C:\Windows\System\kpneusD.exe
  2⤵
  PID:6936
- C:\Windows\System\OwVEEjK.exe
  C:\Windows\System\OwVEEjK.exe
  2⤵
  PID:7100
- C:\Windows\System\vsiMaOk.exe
  C:\Windows\System\vsiMaOk.exe
  2⤵
  PID:7092
- C:\Windows\System\PEwmHvi.exe
  C:\Windows\System\PEwmHvi.exe
  2⤵
  PID:6184
- C:\Windows\System\iaJZfnt.exe
  C:\Windows\System\iaJZfnt.exe
  2⤵
  PID:6240
- C:\Windows\System\roFkCsx.exe
  C:\Windows\System\roFkCsx.exe
  2⤵
  PID:6352
- C:\Windows\System\cPkJBdZ.exe
  C:\Windows\System\cPkJBdZ.exe
  2⤵
  PID:6428
- C:\Windows\System\crQlMEJ.exe
  C:\Windows\System\crQlMEJ.exe
  2⤵
  PID:6792
- C:\Windows\System\QcLgFoR.exe
  C:\Windows\System\QcLgFoR.exe
  2⤵
  PID:6860
- C:\Windows\System\WTsbvbb.exe
  C:\Windows\System\WTsbvbb.exe
  2⤵
  PID:7140
- C:\Windows\System\EXSMIJO.exe
  C:\Windows\System\EXSMIJO.exe
  2⤵
  PID:1684
- C:\Windows\System\tSNGdjj.exe
  C:\Windows\System\tSNGdjj.exe
  2⤵
  PID:6620
- C:\Windows\System\ZkrGqgN.exe
  C:\Windows\System\ZkrGqgN.exe
  2⤵
  PID:7124
- C:\Windows\System\dWQaEUt.exe
  C:\Windows\System\dWQaEUt.exe
  2⤵
  PID:7188
- C:\Windows\System\sGDAfRm.exe
  C:\Windows\System\sGDAfRm.exe
  2⤵
  PID:7204
- C:\Windows\System\YqvFPXW.exe
  C:\Windows\System\YqvFPXW.exe
  2⤵
  PID:7244
- C:\Windows\System\VrSCLHm.exe
  C:\Windows\System\VrSCLHm.exe
  2⤵
  PID:7264
- C:\Windows\System\mrabZZJ.exe
  C:\Windows\System\mrabZZJ.exe
  2⤵
  PID:7292
- C:\Windows\System\dHBwXuy.exe
  C:\Windows\System\dHBwXuy.exe
  2⤵
  PID:7316
- C:\Windows\System\EBRTClF.exe
  C:\Windows\System\EBRTClF.exe
  2⤵
  PID:7336
- C:\Windows\System\nnFIHQL.exe
  C:\Windows\System\nnFIHQL.exe
  2⤵
  PID:7356
- C:\Windows\System\KQLoRRc.exe
  C:\Windows\System\KQLoRRc.exe
  2⤵
  PID:7396
- C:\Windows\System\HtykpFC.exe
  C:\Windows\System\HtykpFC.exe
  2⤵
  PID:7428
- C:\Windows\System\vFwiymu.exe
  C:\Windows\System\vFwiymu.exe
  2⤵
  PID:7456
- C:\Windows\System\dqJqWYz.exe
  C:\Windows\System\dqJqWYz.exe
  2⤵
  PID:7476
- C:\Windows\System\gkxeYiH.exe
  C:\Windows\System\gkxeYiH.exe
  2⤵
  PID:7500
- C:\Windows\System\FkmSPdZ.exe
  C:\Windows\System\FkmSPdZ.exe
  2⤵
  PID:7528
- C:\Windows\System\jIuqREJ.exe
  C:\Windows\System\jIuqREJ.exe
  2⤵
  PID:7556
- C:\Windows\System\SQOZFEg.exe
  C:\Windows\System\SQOZFEg.exe
  2⤵
  PID:7584
- C:\Windows\System\nBprXep.exe
  C:\Windows\System\nBprXep.exe
  2⤵
  PID:7632
- C:\Windows\System\iTrzZNx.exe
  C:\Windows\System\iTrzZNx.exe
  2⤵
  PID:7652
- C:\Windows\System\QdIAgYb.exe
  C:\Windows\System\QdIAgYb.exe
  2⤵
  PID:7672
- C:\Windows\System\PXTqzsO.exe
  C:\Windows\System\PXTqzsO.exe
  2⤵
  PID:7704
- C:\Windows\System\mCIkcTo.exe
  C:\Windows\System\mCIkcTo.exe
  2⤵
  PID:7756
- C:\Windows\System\rWyeBpg.exe
  C:\Windows\System\rWyeBpg.exe
  2⤵
  PID:7776
- C:\Windows\System\FUXmILY.exe
  C:\Windows\System\FUXmILY.exe
  2⤵
  PID:7792
- C:\Windows\System\TNGsPMf.exe
  C:\Windows\System\TNGsPMf.exe
  2⤵
  PID:7808
- C:\Windows\System\VhmFwMq.exe
  C:\Windows\System\VhmFwMq.exe
  2⤵
  PID:7828
- C:\Windows\System\cWWgWiU.exe
  C:\Windows\System\cWWgWiU.exe
  2⤵
  PID:7868
- C:\Windows\System\GHLLZUX.exe
  C:\Windows\System\GHLLZUX.exe
  2⤵
  PID:7892
- C:\Windows\System\bWIJjWW.exe
  C:\Windows\System\bWIJjWW.exe
  2⤵
  PID:7916
- C:\Windows\System\PLZIDeZ.exe
  C:\Windows\System\PLZIDeZ.exe
  2⤵
  PID:7932
- C:\Windows\System\uiunSKK.exe
  C:\Windows\System\uiunSKK.exe
  2⤵
  PID:7968
- C:\Windows\System\NpiXEly.exe
  C:\Windows\System\NpiXEly.exe
  2⤵
  PID:8004
- C:\Windows\System\epuMhDa.exe
  C:\Windows\System\epuMhDa.exe
  2⤵
  PID:8048
- C:\Windows\System\OdFQXKs.exe
  C:\Windows\System\OdFQXKs.exe
  2⤵
  PID:8072
- C:\Windows\System\iazEIfI.exe
  C:\Windows\System\iazEIfI.exe
  2⤵
  PID:8092
- C:\Windows\System\QKbPvQp.exe
  C:\Windows\System\QKbPvQp.exe
  2⤵
  PID:8120
- C:\Windows\System\Cdrsdpf.exe
  C:\Windows\System\Cdrsdpf.exe
  2⤵
  PID:8140
- C:\Windows\System\lVFbXcB.exe
  C:\Windows\System\lVFbXcB.exe
  2⤵
  PID:8176
- C:\Windows\System\ClAMfop.exe
  C:\Windows\System\ClAMfop.exe
  2⤵
  PID:6316
- C:\Windows\System\iZaiysT.exe
  C:\Windows\System\iZaiysT.exe
  2⤵
  PID:7184
- C:\Windows\System\GykwTXI.exe
  C:\Windows\System\GykwTXI.exe
  2⤵
  PID:7228
- C:\Windows\System\gsQyfqN.exe
  C:\Windows\System\gsQyfqN.exe
  2⤵
  PID:7260
- C:\Windows\System\dlrToqM.exe
  C:\Windows\System\dlrToqM.exe
  2⤵
  PID:7368
- C:\Windows\System\cvznibC.exe
  C:\Windows\System\cvznibC.exe
  2⤵
  PID:7408
- C:\Windows\System\LajVyHT.exe
  C:\Windows\System\LajVyHT.exe
  2⤵
  PID:7640
- C:\Windows\System\AiHODKD.exe
  C:\Windows\System\AiHODKD.exe
  2⤵
  PID:7620
- C:\Windows\System\kpUAgXc.exe
  C:\Windows\System\kpUAgXc.exe
  2⤵
  PID:7788
- C:\Windows\System\yNdQUuj.exe
  C:\Windows\System\yNdQUuj.exe
  2⤵
  PID:7784
- C:\Windows\System\ChboGmj.exe
  C:\Windows\System\ChboGmj.exe
  2⤵
  PID:7800
- C:\Windows\System\jEgTZRD.exe
  C:\Windows\System\jEgTZRD.exe
  2⤵
  PID:7844
- C:\Windows\System\HcGDBlw.exe
  C:\Windows\System\HcGDBlw.exe
  2⤵
  PID:7908
- C:\Windows\System\FXpkAKi.exe
  C:\Windows\System\FXpkAKi.exe
  2⤵
  PID:7980
- C:\Windows\System\yCKTSxd.exe
  C:\Windows\System\yCKTSxd.exe
  2⤵
  PID:8028
- C:\Windows\System\pZnGERa.exe
  C:\Windows\System\pZnGERa.exe
  2⤵
  PID:8100
- C:\Windows\System\grWapRm.exe
  C:\Windows\System\grWapRm.exe
  2⤵
  PID:7024
- C:\Windows\System\xjmjtPe.exe
  C:\Windows\System\xjmjtPe.exe
  2⤵
  PID:7284
- C:\Windows\System\kiQusnp.exe
  C:\Windows\System\kiQusnp.exe
  2⤵
  PID:7448
- C:\Windows\System\BMDWvGq.exe
  C:\Windows\System\BMDWvGq.exe
  2⤵
  PID:7612
- C:\Windows\System\nSjdBlo.exe
  C:\Windows\System\nSjdBlo.exe
  2⤵
  PID:7816
- C:\Windows\System\VSZmDEM.exe
  C:\Windows\System\VSZmDEM.exe
  2⤵
  PID:7840
- C:\Windows\System\PVEKVPy.exe
  C:\Windows\System\PVEKVPy.exe
  2⤵
  PID:8084
- C:\Windows\System\LsgEdQb.exe
  C:\Windows\System\LsgEdQb.exe
  2⤵
  PID:8080
- C:\Windows\System\hoFzyvk.exe
  C:\Windows\System\hoFzyvk.exe
  2⤵
  PID:8020
- C:\Windows\System\enqcYmL.exe
  C:\Windows\System\enqcYmL.exe
  2⤵
  PID:7864
- C:\Windows\System\fxBKGas.exe
  C:\Windows\System\fxBKGas.exe
  2⤵
  PID:8168
- C:\Windows\System\mlDjErX.exe
  C:\Windows\System\mlDjErX.exe
  2⤵
  PID:8208
- C:\Windows\System\uOvdXFb.exe
  C:\Windows\System\uOvdXFb.exe
  2⤵
  PID:8248
- C:\Windows\System\BVMMyAd.exe
  C:\Windows\System\BVMMyAd.exe
  2⤵
  PID:8288
- C:\Windows\System\gyISXyi.exe
  C:\Windows\System\gyISXyi.exe
  2⤵
  PID:8312
- C:\Windows\System\EayErqC.exe
  C:\Windows\System\EayErqC.exe
  2⤵
  PID:8328
- C:\Windows\System\bxMDoEp.exe
  C:\Windows\System\bxMDoEp.exe
  2⤵
  PID:8348
- C:\Windows\System\gjjsgAi.exe
  C:\Windows\System\gjjsgAi.exe
  2⤵
  PID:8364
- C:\Windows\System\GSyNnuz.exe
  C:\Windows\System\GSyNnuz.exe
  2⤵
  PID:8388
- C:\Windows\System\rkrHIUH.exe
  C:\Windows\System\rkrHIUH.exe
  2⤵
  PID:8408
- C:\Windows\System\NvTVzOA.exe
  C:\Windows\System\NvTVzOA.exe
  2⤵
  PID:8428
- C:\Windows\System\EHIvAaB.exe
  C:\Windows\System\EHIvAaB.exe
  2⤵
  PID:8456
- C:\Windows\System\CuWdDPG.exe
  C:\Windows\System\CuWdDPG.exe
  2⤵
  PID:8504
- C:\Windows\System\agAPUmo.exe
  C:\Windows\System\agAPUmo.exe
  2⤵
  PID:8524
- C:\Windows\System\JjykCmX.exe
  C:\Windows\System\JjykCmX.exe
  2⤵
  PID:8580
- C:\Windows\System\MbuUsua.exe
  C:\Windows\System\MbuUsua.exe
  2⤵
  PID:8624
- C:\Windows\System\tBoaVKt.exe
  C:\Windows\System\tBoaVKt.exe
  2⤵
  PID:8648
- C:\Windows\System\cxmPdaD.exe
  C:\Windows\System\cxmPdaD.exe
  2⤵
  PID:8664
- C:\Windows\System\aGXddEB.exe
  C:\Windows\System\aGXddEB.exe
  2⤵
  PID:8684
- C:\Windows\System\MJvKZdD.exe
  C:\Windows\System\MJvKZdD.exe
  2⤵
  PID:8704
- C:\Windows\System\UVfHUjo.exe
  C:\Windows\System\UVfHUjo.exe
  2⤵
  PID:8732
- C:\Windows\System\SVzadEn.exe
  C:\Windows\System\SVzadEn.exe
  2⤵
  PID:8792
- C:\Windows\System\bxGDoRH.exe
  C:\Windows\System\bxGDoRH.exe
  2⤵
  PID:8820
- C:\Windows\System\IyCAUzH.exe
  C:\Windows\System\IyCAUzH.exe
  2⤵
  PID:8840
- C:\Windows\System\kFsoAIv.exe
  C:\Windows\System\kFsoAIv.exe
  2⤵
  PID:8860
- C:\Windows\System\aSsfmMT.exe
  C:\Windows\System\aSsfmMT.exe
  2⤵
  PID:8880
- C:\Windows\System\immcTlc.exe
  C:\Windows\System\immcTlc.exe
  2⤵
  PID:8924
- C:\Windows\System\tWDLgKa.exe
  C:\Windows\System\tWDLgKa.exe
  2⤵
  PID:8944
- C:\Windows\System\AeLqjbP.exe
  C:\Windows\System\AeLqjbP.exe
  2⤵
  PID:8968
- C:\Windows\System\rEIjQpl.exe
  C:\Windows\System\rEIjQpl.exe
  2⤵
  PID:8984
- C:\Windows\System\fRWbdQa.exe
  C:\Windows\System\fRWbdQa.exe
  2⤵
  PID:9008
- C:\Windows\System\AsvGETj.exe
  C:\Windows\System\AsvGETj.exe
  2⤵
  PID:9028
- C:\Windows\System\EIGUeEH.exe
  C:\Windows\System\EIGUeEH.exe
  2⤵
  PID:9048
- C:\Windows\System\kYaXFlp.exe
  C:\Windows\System\kYaXFlp.exe
  2⤵
  PID:9148
- C:\Windows\System\BCJjCvN.exe
  C:\Windows\System\BCJjCvN.exe
  2⤵
  PID:9164
- C:\Windows\System\GqlePEC.exe
  C:\Windows\System\GqlePEC.exe
  2⤵
  PID:9180
- C:\Windows\System\oRtQRKv.exe
  C:\Windows\System\oRtQRKv.exe
  2⤵
  PID:9196
- C:\Windows\System\EGGtqYA.exe
  C:\Windows\System\EGGtqYA.exe
  2⤵
  PID:7748
- C:\Windows\System\OftlAnN.exe
  C:\Windows\System\OftlAnN.exe
  2⤵
  PID:8196
- C:\Windows\System\byKIanw.exe
  C:\Windows\System\byKIanw.exe
  2⤵
  PID:8236
- C:\Windows\System\DqMcvjE.exe
  C:\Windows\System\DqMcvjE.exe
  2⤵
  PID:8320
- C:\Windows\System\QVQlSHO.exe
  C:\Windows\System\QVQlSHO.exe
  2⤵
  PID:8396
- C:\Windows\System\yYPLaFc.exe
  C:\Windows\System\yYPLaFc.exe
  2⤵
  PID:8448
- C:\Windows\System\LmiozoV.exe
  C:\Windows\System\LmiozoV.exe
  2⤵
  PID:8520
- C:\Windows\System\xNehiHt.exe
  C:\Windows\System\xNehiHt.exe
  2⤵
  PID:8544
- C:\Windows\System\tOwyScH.exe
  C:\Windows\System\tOwyScH.exe
  2⤵
  PID:8640
- C:\Windows\System\YeNONfg.exe
  C:\Windows\System\YeNONfg.exe
  2⤵
  PID:8680
- C:\Windows\System\Pxdhvyy.exe
  C:\Windows\System\Pxdhvyy.exe
  2⤵
  PID:8780
- C:\Windows\System\uZurcMH.exe
  C:\Windows\System\uZurcMH.exe
  2⤵
  PID:8876
- C:\Windows\System\JrvtBit.exe
  C:\Windows\System\JrvtBit.exe
  2⤵
  PID:8904
- C:\Windows\System\lCciXUH.exe
  C:\Windows\System\lCciXUH.exe
  2⤵
  PID:8956
- C:\Windows\System\OBRTGFf.exe
  C:\Windows\System\OBRTGFf.exe
  2⤵
  PID:8976
- C:\Windows\System\jNFgcbo.exe
  C:\Windows\System\jNFgcbo.exe
  2⤵
  PID:9056
- C:\Windows\System\VOwkPWn.exe
  C:\Windows\System\VOwkPWn.exe
  2⤵
  PID:1028
- C:\Windows\System\XuVhnJF.exe
  C:\Windows\System\XuVhnJF.exe
  2⤵
  PID:9172
- C:\Windows\System\ShkjwQn.exe
  C:\Windows\System\ShkjwQn.exe
  2⤵
  PID:7772
- C:\Windows\System\jPpdRkg.exe
  C:\Windows\System\jPpdRkg.exe
  2⤵
  PID:8228
- C:\Windows\System\KPaQBto.exe
  C:\Windows\System\KPaQBto.exe
  2⤵
  PID:8484
- C:\Windows\System\AvfNrCN.exe
  C:\Windows\System\AvfNrCN.exe
  2⤵
  PID:8436
- C:\Windows\System\bSlGZPn.exe
  C:\Windows\System\bSlGZPn.exe
  2⤵
  PID:8576
- C:\Windows\System\NFCInQp.exe
  C:\Windows\System\NFCInQp.exe
  2⤵
  PID:8900
- C:\Windows\System\ayCORAr.exe
  C:\Windows\System\ayCORAr.exe
  2⤵
  PID:8416
- C:\Windows\System\WldvyUO.exe
  C:\Windows\System\WldvyUO.exe
  2⤵
  PID:9188
- C:\Windows\System\hvLbpfF.exe
  C:\Windows\System\hvLbpfF.exe
  2⤵
  PID:8916
- C:\Windows\System\OaxEWOE.exe
  C:\Windows\System\OaxEWOE.exe
  2⤵
  PID:8268
- C:\Windows\System\uSKwEjv.exe
  C:\Windows\System\uSKwEjv.exe
  2⤵
  PID:9240
- C:\Windows\System\PtQmbxC.exe
  C:\Windows\System\PtQmbxC.exe
  2⤵
  PID:9264
- C:\Windows\System\nDfFMIF.exe
  C:\Windows\System\nDfFMIF.exe
  2⤵
  PID:9312
- C:\Windows\System\eieuAZz.exe
  C:\Windows\System\eieuAZz.exe
  2⤵
  PID:9332
- C:\Windows\System\YRkWneH.exe
  C:\Windows\System\YRkWneH.exe
  2⤵
  PID:9348
- C:\Windows\System\xfhfhsw.exe
  C:\Windows\System\xfhfhsw.exe
  2⤵
  PID:9368
- C:\Windows\System\DPFEMEK.exe
  C:\Windows\System\DPFEMEK.exe
  2⤵
  PID:9392
- C:\Windows\System\lOuUOQb.exe
  C:\Windows\System\lOuUOQb.exe
  2⤵
  PID:9412
- C:\Windows\System\afHBDXd.exe
  C:\Windows\System\afHBDXd.exe
  2⤵
  PID:9440
- C:\Windows\System\RkEdGXp.exe
  C:\Windows\System\RkEdGXp.exe
  2⤵
  PID:9460
- C:\Windows\System\SSeDZdJ.exe
  C:\Windows\System\SSeDZdJ.exe
  2⤵
  PID:9480
- C:\Windows\System\mMYzqfE.exe
  C:\Windows\System\mMYzqfE.exe
  2⤵
  PID:9564
- C:\Windows\System\tVdqUKx.exe
  C:\Windows\System\tVdqUKx.exe
  2⤵
  PID:9588
- C:\Windows\System\KmsDwCZ.exe
  C:\Windows\System\KmsDwCZ.exe
  2⤵
  PID:9612
- C:\Windows\System\dAqBEgO.exe
  C:\Windows\System\dAqBEgO.exe
  2⤵
  PID:9628
- C:\Windows\System\xuoNILf.exe
  C:\Windows\System\xuoNILf.exe
  2⤵
  PID:9648
- C:\Windows\System\nvDBULs.exe
  C:\Windows\System\nvDBULs.exe
  2⤵
  PID:9676
- C:\Windows\System\lvcWqzT.exe
  C:\Windows\System\lvcWqzT.exe
  2⤵
  PID:9732
- C:\Windows\System\aqvusTO.exe
  C:\Windows\System\aqvusTO.exe
  2⤵
  PID:9748
- C:\Windows\System\NFiHuLt.exe
  C:\Windows\System\NFiHuLt.exe
  2⤵
  PID:9792
- C:\Windows\System\fYBhqAC.exe
  C:\Windows\System\fYBhqAC.exe
  2⤵
  PID:9820
- C:\Windows\System\EoHRtLt.exe
  C:\Windows\System\EoHRtLt.exe
  2⤵
  PID:9840
- C:\Windows\System\HkOKSYH.exe
  C:\Windows\System\HkOKSYH.exe
  2⤵
  PID:9880
- C:\Windows\System\CzMFHPS.exe
  C:\Windows\System\CzMFHPS.exe
  2⤵
  PID:9900
- C:\Windows\System\PfTFZyf.exe
  C:\Windows\System\PfTFZyf.exe
  2⤵
  PID:9920
- C:\Windows\System\LtuvmIr.exe
  C:\Windows\System\LtuvmIr.exe
  2⤵
  PID:9944
- C:\Windows\System\lDqhmyh.exe
  C:\Windows\System\lDqhmyh.exe
  2⤵
  PID:9972
- C:\Windows\System\PVDSjvF.exe
  C:\Windows\System\PVDSjvF.exe
  2⤵
  PID:10020
- C:\Windows\System\QiecASQ.exe
  C:\Windows\System\QiecASQ.exe
  2⤵
  PID:10048
- C:\Windows\System\qUMnTIP.exe
  C:\Windows\System\qUMnTIP.exe
  2⤵
  PID:10068
- C:\Windows\System\HAMkxKS.exe
  C:\Windows\System\HAMkxKS.exe
  2⤵
  PID:10100
- C:\Windows\System\gTTHXAt.exe
  C:\Windows\System\gTTHXAt.exe
  2⤵
  PID:10132
- C:\Windows\System\SgPOsRI.exe
  C:\Windows\System\SgPOsRI.exe
  2⤵
  PID:10156
- C:\Windows\System\cMDSeEH.exe
  C:\Windows\System\cMDSeEH.exe
  2⤵
  PID:10208
- C:\Windows\System\BUdAbYg.exe
  C:\Windows\System\BUdAbYg.exe
  2⤵
  PID:9328
- C:\Windows\System\GbLsOQB.exe
  C:\Windows\System\GbLsOQB.exe
  2⤵
  PID:9380
- C:\Windows\System\YzBccfb.exe
  C:\Windows\System\YzBccfb.exe
  2⤵
  PID:9408
- C:\Windows\System\kSpMUcQ.exe
  C:\Windows\System\kSpMUcQ.exe
  2⤵
  PID:9424
- C:\Windows\System\cKeqYLf.exe
  C:\Windows\System\cKeqYLf.exe
  2⤵
  PID:9472
- C:\Windows\System\dnveNdt.exe
  C:\Windows\System\dnveNdt.exe
  2⤵
  PID:9512
- C:\Windows\System\olngewJ.exe
  C:\Windows\System\olngewJ.exe
  2⤵
  PID:9600
- C:\Windows\System\erwEuUC.exe
  C:\Windows\System\erwEuUC.exe
  2⤵
  PID:9624
- C:\Windows\System\cNTKgoJ.exe
  C:\Windows\System\cNTKgoJ.exe
  2⤵
  PID:9620
- C:\Windows\System\DDSFzby.exe
  C:\Windows\System\DDSFzby.exe
  2⤵
  PID:9684
- C:\Windows\System\irgndZA.exe
  C:\Windows\System\irgndZA.exe
  2⤵
  PID:9756
- C:\Windows\System\mrYPEOF.exe
  C:\Windows\System\mrYPEOF.exe
  2⤵
  PID:9784
- C:\Windows\System\iANrrDO.exe
  C:\Windows\System\iANrrDO.exe
  2⤵
  PID:9804
- C:\Windows\System\fpffFMH.exe
  C:\Windows\System\fpffFMH.exe
  2⤵
  PID:9836
- C:\Windows\System\KhyBuXE.exe
  C:\Windows\System\KhyBuXE.exe
  2⤵
  PID:9896
- C:\Windows\System\VDGNXwo.exe
  C:\Windows\System\VDGNXwo.exe
  2⤵
  PID:10192
- C:\Windows\System\EFyUrvB.exe
  C:\Windows\System\EFyUrvB.exe
  2⤵
  PID:10128
- C:\Windows\System\nrUFLNW.exe
  C:\Windows\System\nrUFLNW.exe
  2⤵
  PID:9780
- C:\Windows\System\KvXNlVQ.exe
  C:\Windows\System\KvXNlVQ.exe
  2⤵
  PID:10204
- C:\Windows\System\WedeIVH.exe
  C:\Windows\System\WedeIVH.exe
  2⤵
  PID:9192
- C:\Windows\System\DGqjcFr.exe
  C:\Windows\System\DGqjcFr.exe
  2⤵
  PID:9256
- C:\Windows\System\PRYFMJg.exe
  C:\Windows\System\PRYFMJg.exe
  2⤵
  PID:9580
- C:\Windows\System\qZUtExo.exe
  C:\Windows\System\qZUtExo.exe
  2⤵
  PID:9668
- C:\Windows\System\tUSIaYd.exe
  C:\Windows\System\tUSIaYd.exe
  2⤵
  PID:9260
- C:\Windows\System\CzqaGNF.exe
  C:\Windows\System\CzqaGNF.exe
  2⤵
  PID:9304
- C:\Windows\System\LbfmXdu.exe
  C:\Windows\System\LbfmXdu.exe
  2⤵
  PID:8548
- C:\Windows\System\iQrKdTa.exe
  C:\Windows\System\iQrKdTa.exe
  2⤵
  PID:10172
- C:\Windows\System\ZPcUmTA.exe
  C:\Windows\System\ZPcUmTA.exe
  2⤵
  PID:8400
- C:\Windows\System\nZYhioB.exe
  C:\Windows\System\nZYhioB.exe
  2⤵
  PID:10256
- C:\Windows\System\akjzAlI.exe
  C:\Windows\System\akjzAlI.exe
  2⤵
  PID:10284
- C:\Windows\System\RiZZSIZ.exe
  C:\Windows\System\RiZZSIZ.exe
  2⤵
  PID:10304
- C:\Windows\System\QaIfBWo.exe
  C:\Windows\System\QaIfBWo.exe
  2⤵
  PID:10332
- C:\Windows\System\OvAXtjs.exe
  C:\Windows\System\OvAXtjs.exe
  2⤵
  PID:10356
- C:\Windows\System\bWkmiKG.exe
  C:\Windows\System\bWkmiKG.exe
  2⤵
  PID:10388
- C:\Windows\System\MMpOPYg.exe
  C:\Windows\System\MMpOPYg.exe
  2⤵
  PID:10408
- C:\Windows\System\tGkEdDg.exe
  C:\Windows\System\tGkEdDg.exe
  2⤵
  PID:10436
- C:\Windows\System\RiGrAdM.exe
  C:\Windows\System\RiGrAdM.exe
  2⤵
  PID:10456
- C:\Windows\System\ijQlkkc.exe
  C:\Windows\System\ijQlkkc.exe
  2⤵
  PID:10472
- C:\Windows\System\NkuIUvB.exe
  C:\Windows\System\NkuIUvB.exe
  2⤵
  PID:10488
- C:\Windows\System\NggOiBs.exe
  C:\Windows\System\NggOiBs.exe
  2⤵
  PID:10560
- C:\Windows\System\payYZut.exe
  C:\Windows\System\payYZut.exe
  2⤵
  PID:10588
- C:\Windows\System\CtZlBDk.exe
  C:\Windows\System\CtZlBDk.exe
  2⤵
  PID:10608
- C:\Windows\System\ZWsaScO.exe
  C:\Windows\System\ZWsaScO.exe
  2⤵
  PID:10628
- C:\Windows\System\EKdkqYL.exe
  C:\Windows\System\EKdkqYL.exe
  2⤵
  PID:10684
- C:\Windows\System\AEjKkIj.exe
  C:\Windows\System\AEjKkIj.exe
  2⤵
  PID:10708
- C:\Windows\System\vUaKyCl.exe
  C:\Windows\System\vUaKyCl.exe
  2⤵
  PID:10732
- C:\Windows\System\SQowYle.exe
  C:\Windows\System\SQowYle.exe
  2⤵
  PID:10752
- C:\Windows\System\vTAjQfj.exe
  C:\Windows\System\vTAjQfj.exe
  2⤵
  PID:10788
- C:\Windows\System\kUWsHgi.exe
  C:\Windows\System\kUWsHgi.exe
  2⤵
  PID:10816
- C:\Windows\System\BINkWYM.exe
  C:\Windows\System\BINkWYM.exe
  2⤵
  PID:10832
- C:\Windows\System\dcRfhnq.exe
  C:\Windows\System\dcRfhnq.exe
  2⤵
  PID:10852
- C:\Windows\System\aZHZWTo.exe
  C:\Windows\System\aZHZWTo.exe
  2⤵
  PID:10868
- C:\Windows\System\lPqcgqS.exe
  C:\Windows\System\lPqcgqS.exe
  2⤵
  PID:10888
- C:\Windows\System\IBmoGJC.exe
  C:\Windows\System\IBmoGJC.exe
  2⤵
  PID:10912
- C:\Windows\System\aOeaxAw.exe
  C:\Windows\System\aOeaxAw.exe
  2⤵
  PID:10956
- C:\Windows\System\rfxCxQv.exe
  C:\Windows\System\rfxCxQv.exe
  2⤵
  PID:10976
- C:\Windows\System\fwupXVo.exe
  C:\Windows\System\fwupXVo.exe
  2⤵
  PID:10996
- C:\Windows\System\mPaJtVl.exe
  C:\Windows\System\mPaJtVl.exe
  2⤵
  PID:11028
- C:\Windows\System\aZBbPmw.exe
  C:\Windows\System\aZBbPmw.exe
  2⤵
  PID:11060
- C:\Windows\System\xgoysOr.exe
  C:\Windows\System\xgoysOr.exe
  2⤵
  PID:11080
- C:\Windows\System\dMdKPZT.exe
  C:\Windows\System\dMdKPZT.exe
  2⤵
  PID:11136
- C:\Windows\System\BEiLgGb.exe
  C:\Windows\System\BEiLgGb.exe
  2⤵
  PID:11164
- C:\Windows\System\TYghdWp.exe
  C:\Windows\System\TYghdWp.exe
  2⤵
  PID:11204
- C:\Windows\System\GIqpiZY.exe
  C:\Windows\System\GIqpiZY.exe
  2⤵
  PID:11232
- C:\Windows\System\hlXrpea.exe
  C:\Windows\System\hlXrpea.exe
  2⤵
  PID:11256
- C:\Windows\System\izCnJDe.exe
  C:\Windows\System\izCnJDe.exe
  2⤵
  PID:9236
- C:\Windows\System\BpfsdUb.exe
  C:\Windows\System\BpfsdUb.exe
  2⤵
  PID:10276
- C:\Windows\System\aNLgoMQ.exe
  C:\Windows\System\aNLgoMQ.exe
  2⤵
  PID:10312
- C:\Windows\System\TcCwLAs.exe
  C:\Windows\System\TcCwLAs.exe
  2⤵
  PID:10400
- C:\Windows\System\IsoiXfV.exe
  C:\Windows\System\IsoiXfV.exe
  2⤵
  PID:10448
- C:\Windows\System\Cgvefim.exe
  C:\Windows\System\Cgvefim.exe
  2⤵
  PID:10596
- C:\Windows\System\lIVrDcm.exe
  C:\Windows\System\lIVrDcm.exe
  2⤵
  PID:10700
- C:\Windows\System\qhKKDrF.exe
  C:\Windows\System\qhKKDrF.exe
  2⤵
  PID:10724
- C:\Windows\System\TTCJdTN.exe
  C:\Windows\System\TTCJdTN.exe
  2⤵
  PID:10768
- C:\Windows\System\VRbKvop.exe
  C:\Windows\System\VRbKvop.exe
  2⤵
  PID:10828
- C:\Windows\System\NqmgULt.exe
  C:\Windows\System\NqmgULt.exe
  2⤵
  PID:10772
- C:\Windows\System\JBOzgNl.exe
  C:\Windows\System\JBOzgNl.exe
  2⤵
  PID:10880
- C:\Windows\System\JROMtvn.exe
  C:\Windows\System\JROMtvn.exe
  2⤵
  PID:10908
- C:\Windows\System\LptaFVm.exe
  C:\Windows\System\LptaFVm.exe
  2⤵
  PID:11020
- C:\Windows\System\lGBkkxH.exe
  C:\Windows\System\lGBkkxH.exe
  2⤵
  PID:11132
- C:\Windows\System\zsCaQcT.exe
  C:\Windows\System\zsCaQcT.exe
  2⤵
  PID:10244
- C:\Windows\System\SvIJLgu.exe
  C:\Windows\System\SvIJLgu.exe
  2⤵
  PID:9916
- C:\Windows\System\ddEzibi.exe
  C:\Windows\System\ddEzibi.exe
  2⤵
  PID:9704
- C:\Windows\System\rnwVEeq.exe
  C:\Windows\System\rnwVEeq.exe
  2⤵
  PID:10580
- C:\Windows\System\CRYCBjk.exe
  C:\Windows\System\CRYCBjk.exe
  2⤵
  PID:10600
- C:\Windows\System\NbOnHrU.exe
  C:\Windows\System\NbOnHrU.exe
  2⤵
  PID:11036
- C:\Windows\System\dtbeBlT.exe
  C:\Windows\System\dtbeBlT.exe
  2⤵
  PID:10904
- C:\Windows\System\dSSHKSP.exe
  C:\Windows\System\dSSHKSP.exe
  2⤵
  PID:11212
- C:\Windows\System\qUutnFA.exe
  C:\Windows\System\qUutnFA.exe
  2⤵
  PID:10444
- C:\Windows\System\nsRfjjm.exe
  C:\Windows\System\nsRfjjm.exe
  2⤵
  PID:10604
- C:\Windows\System\qfmoAMu.exe
  C:\Windows\System\qfmoAMu.exe
  2⤵
  PID:10896
- C:\Windows\System\FpRkVNz.exe
  C:\Windows\System\FpRkVNz.exe
  2⤵
  PID:10324
- C:\Windows\System\NyGqBCr.exe
  C:\Windows\System\NyGqBCr.exe
  2⤵
  PID:10692
- C:\Windows\System\jXwUKTM.exe
  C:\Windows\System\jXwUKTM.exe
  2⤵
  PID:11224
- C:\Windows\System\LxQxpxR.exe
  C:\Windows\System\LxQxpxR.exe
  2⤵
  PID:11300
- C:\Windows\System\jSlQYgI.exe
  C:\Windows\System\jSlQYgI.exe
  2⤵
  PID:11336
- C:\Windows\System\bvEztoQ.exe
  C:\Windows\System\bvEztoQ.exe
  2⤵
  PID:11356
- C:\Windows\System\nwPVhfk.exe
  C:\Windows\System\nwPVhfk.exe
  2⤵
  PID:11384
- C:\Windows\System\uVUbeku.exe
  C:\Windows\System\uVUbeku.exe
  2⤵
  PID:11436
- C:\Windows\System\mWpnERs.exe
  C:\Windows\System\mWpnERs.exe
  2⤵
  PID:11460
- C:\Windows\System\WMdfZmh.exe
  C:\Windows\System\WMdfZmh.exe
  2⤵
  PID:11484
- C:\Windows\System\LdwQuSZ.exe
  C:\Windows\System\LdwQuSZ.exe
  2⤵
  PID:11508
- C:\Windows\System\ncaOlHL.exe
  C:\Windows\System\ncaOlHL.exe
  2⤵
  PID:11528
- C:\Windows\System\fLJZzfO.exe
  C:\Windows\System\fLJZzfO.exe
  2⤵
  PID:11560
- C:\Windows\System\CHITMOF.exe
  C:\Windows\System\CHITMOF.exe
  2⤵
  PID:11580
- C:\Windows\System\ElPGSQi.exe
  C:\Windows\System\ElPGSQi.exe
  2⤵
  PID:11604
- C:\Windows\System\OIpMkZH.exe
  C:\Windows\System\OIpMkZH.exe
  2⤵
  PID:11620
- C:\Windows\System\obgryki.exe
  C:\Windows\System\obgryki.exe
  2⤵
  PID:11672
- C:\Windows\System\SKjHiPb.exe
  C:\Windows\System\SKjHiPb.exe
  2⤵
  PID:11700
- C:\Windows\System\BTGZkxL.exe
  C:\Windows\System\BTGZkxL.exe
  2⤵
  PID:11724
- C:\Windows\System\gbRSVrf.exe
  C:\Windows\System\gbRSVrf.exe
  2⤵
  PID:11744
- C:\Windows\System\wSNzTcV.exe
  C:\Windows\System\wSNzTcV.exe
  2⤵
  PID:11768
- C:\Windows\System\sOXLloO.exe
  C:\Windows\System\sOXLloO.exe
  2⤵
  PID:11796
- C:\Windows\System\MuVkexx.exe
  C:\Windows\System\MuVkexx.exe
  2⤵
  PID:11816
- C:\Windows\System\Eskagtp.exe
  C:\Windows\System\Eskagtp.exe
  2⤵
  PID:11852
- C:\Windows\System\VikXyiO.exe
  C:\Windows\System\VikXyiO.exe
  2⤵
  PID:11912
- C:\Windows\System\aGCdgcG.exe
  C:\Windows\System\aGCdgcG.exe
  2⤵
  PID:11952
- C:\Windows\System\cUfFAxR.exe
  C:\Windows\System\cUfFAxR.exe
  2⤵
  PID:11968
- C:\Windows\System\ZnVzBiI.exe
  C:\Windows\System\ZnVzBiI.exe
  2⤵
  PID:12008
- C:\Windows\System\LrZRKly.exe
  C:\Windows\System\LrZRKly.exe
  2⤵
  PID:12032
- C:\Windows\System\etliTqz.exe
  C:\Windows\System\etliTqz.exe
  2⤵
  PID:12052
- C:\Windows\System\UHiRsHs.exe
  C:\Windows\System\UHiRsHs.exe
  2⤵
  PID:12072
- C:\Windows\System\iMLsOIk.exe
  C:\Windows\System\iMLsOIk.exe
  2⤵
  PID:12096
- C:\Windows\System\aZCONcQ.exe
  C:\Windows\System\aZCONcQ.exe
  2⤵
  PID:12116
- C:\Windows\System\GWKnixW.exe
  C:\Windows\System\GWKnixW.exe
  2⤵
  PID:12144
- C:\Windows\System\zRkpHDV.exe
  C:\Windows\System\zRkpHDV.exe
  2⤵
  PID:12200
- C:\Windows\System\eCxXCUk.exe
  C:\Windows\System\eCxXCUk.exe
  2⤵
  PID:12220
- C:\Windows\System\vDtXgvz.exe
  C:\Windows\System\vDtXgvz.exe
  2⤵
  PID:12244
- C:\Windows\System\ucLnTmg.exe
  C:\Windows\System\ucLnTmg.exe
  2⤵
  PID:12268
- C:\Windows\System\GPsaBKg.exe
  C:\Windows\System\GPsaBKg.exe
  2⤵
  PID:10300
- C:\Windows\System\vobzmMq.exe
  C:\Windows\System\vobzmMq.exe
  2⤵
  PID:11324
- C:\Windows\System\NdYqqjM.exe
  C:\Windows\System\NdYqqjM.exe
  2⤵
  PID:11376
- C:\Windows\System\COSBriX.exe
  C:\Windows\System\COSBriX.exe
  2⤵
  PID:11452
- C:\Windows\System\cazvQSu.exe
  C:\Windows\System\cazvQSu.exe
  2⤵
  PID:11524
- C:\Windows\System\HhroWpl.exe
  C:\Windows\System\HhroWpl.exe
  2⤵
  PID:11576
- C:\Windows\System\fcmnNdY.exe
  C:\Windows\System\fcmnNdY.exe
  2⤵
  PID:11616
- C:\Windows\System\diYfGAl.exe
  C:\Windows\System\diYfGAl.exe
  2⤵
  PID:11764
- C:\Windows\System\buVwcIi.exe
  C:\Windows\System\buVwcIi.exe
  2⤵
  PID:11836
- C:\Windows\System\cUrroyu.exe
  C:\Windows\System\cUrroyu.exe
  2⤵
  PID:11828
- C:\Windows\System\NpeISXC.exe
  C:\Windows\System\NpeISXC.exe
  2⤵
  PID:11908
- C:\Windows\System\zkCQTrK.exe
  C:\Windows\System\zkCQTrK.exe
  2⤵
  PID:11928
- C:\Windows\System\EGPPwsP.exe
  C:\Windows\System\EGPPwsP.exe
  2⤵
  PID:12048
- C:\Windows\System\KYshAUd.exe
  C:\Windows\System\KYshAUd.exe
  2⤵
  PID:12112
- C:\Windows\System\IAsGVCU.exe
  C:\Windows\System\IAsGVCU.exe
  2⤵
  PID:12172
- C:\Windows\System\rlMerbY.exe
  C:\Windows\System\rlMerbY.exe
  2⤵
  PID:12240
- C:\Windows\System\xKzBsLU.exe
  C:\Windows\System\xKzBsLU.exe
  2⤵
  PID:12260
- C:\Windows\System\YUIrmgf.exe
  C:\Windows\System\YUIrmgf.exe
  2⤵
  PID:11404
- C:\Windows\System\QQMBLrF.exe
  C:\Windows\System\QQMBLrF.exe
  2⤵
  PID:11648
- C:\Windows\System\VTCRAxs.exe
  C:\Windows\System\VTCRAxs.exe
  2⤵
  PID:11708
- C:\Windows\System\DmufMJr.exe
  C:\Windows\System\DmufMJr.exe
  2⤵
  PID:11936
- C:\Windows\System\LUabqec.exe
  C:\Windows\System\LUabqec.exe
  2⤵
  PID:12040
- C:\Windows\System\EoWFfRG.exe
  C:\Windows\System\EoWFfRG.exe
  2⤵
  PID:12084
- C:\Windows\System\jawpqAc.exe
  C:\Windows\System\jawpqAc.exe
  2⤵
  PID:12124
- C:\Windows\System\HnXpQJU.exe
  C:\Windows\System\HnXpQJU.exe
  2⤵
  PID:11348
- C:\Windows\System\oXKLmcj.exe
  C:\Windows\System\oXKLmcj.exe
  2⤵
  PID:11780
- C:\Windows\System\KoZsfqZ.exe
  C:\Windows\System\KoZsfqZ.exe
  2⤵
  PID:11904
- C:\Windows\System\SpjgIcn.exe
  C:\Windows\System\SpjgIcn.exe
  2⤵
  PID:12304
- C:\Windows\System\qqPWHvE.exe
  C:\Windows\System\qqPWHvE.exe
  2⤵
  PID:12332
- C:\Windows\System\ZTDdlHn.exe
  C:\Windows\System\ZTDdlHn.exe
  2⤵
  PID:12400
- C:\Windows\System\GdaEwWF.exe
  C:\Windows\System\GdaEwWF.exe
  2⤵
  PID:12424
- C:\Windows\System\wEJMcsk.exe
  C:\Windows\System\wEJMcsk.exe
  2⤵
  PID:12448
- C:\Windows\System\LEFwVwn.exe
  C:\Windows\System\LEFwVwn.exe
  2⤵
  PID:12472
- C:\Windows\System\VWQPkAb.exe
  C:\Windows\System\VWQPkAb.exe
  2⤵
  PID:12496
- C:\Windows\System\ALsASJA.exe
  C:\Windows\System\ALsASJA.exe
  2⤵
  PID:12552
- C:\Windows\System\zdPCczv.exe
  C:\Windows\System\zdPCczv.exe
  2⤵
  PID:12572
- C:\Windows\System\CbKMiLu.exe
  C:\Windows\System\CbKMiLu.exe
  2⤵
  PID:12600
- C:\Windows\System\gjCnYss.exe
  C:\Windows\System\gjCnYss.exe
  2⤵
  PID:12620
- C:\Windows\System\lcuhSOV.exe
  C:\Windows\System\lcuhSOV.exe
  2⤵
  PID:12640
- C:\Windows\System\zEhnigN.exe
  C:\Windows\System\zEhnigN.exe
  2⤵
  PID:12688
- C:\Windows\System\VvpfrJq.exe
  C:\Windows\System\VvpfrJq.exe
  2⤵
  PID:12728
- C:\Windows\System\ErcUwVo.exe
  C:\Windows\System\ErcUwVo.exe
  2⤵
  PID:12760
- C:\Windows\System\ocwjuwI.exe
  C:\Windows\System\ocwjuwI.exe
  2⤵
  PID:12780
- C:\Windows\System\IfjLZIJ.exe
  C:\Windows\System\IfjLZIJ.exe
  2⤵
  PID:12804
- C:\Windows\System\RDcZgtN.exe
  C:\Windows\System\RDcZgtN.exe
  2⤵
  PID:12824
- C:\Windows\System\xZKQTOy.exe
  C:\Windows\System\xZKQTOy.exe
  2⤵
  PID:12868
- C:\Windows\System\JHyPrFl.exe
  C:\Windows\System\JHyPrFl.exe
  2⤵
  PID:12892
- C:\Windows\System\NRWAaPO.exe
  C:\Windows\System\NRWAaPO.exe
  2⤵
  PID:12908
- C:\Windows\System\CaoDAmU.exe
  C:\Windows\System\CaoDAmU.exe
  2⤵
  PID:12932
- C:\Windows\System\AVoSOxE.exe
  C:\Windows\System\AVoSOxE.exe
  2⤵
  PID:12964
- C:\Windows\System\lbMyAkd.exe
  C:\Windows\System\lbMyAkd.exe
  2⤵
  PID:12984
- C:\Windows\System\CjiGxPZ.exe
  C:\Windows\System\CjiGxPZ.exe
  2⤵
  PID:13012
- C:\Windows\System\pbqQKMJ.exe
  C:\Windows\System\pbqQKMJ.exe
  2⤵
  PID:13064
- C:\Windows\System\DrorQWK.exe
  C:\Windows\System\DrorQWK.exe
  2⤵
  PID:13088
- C:\Windows\System\VKhDriX.exe
  C:\Windows\System\VKhDriX.exe
  2⤵
  PID:13128
- C:\Windows\System\FneRyiu.exe
  C:\Windows\System\FneRyiu.exe
  2⤵
  PID:13152
- C:\Windows\System\GOunsZJ.exe
  C:\Windows\System\GOunsZJ.exe
  2⤵
  PID:13180
- C:\Windows\System\eQDWHGt.exe
  C:\Windows\System\eQDWHGt.exe
  2⤵
  PID:13196
- C:\Windows\System\jfOzMso.exe
  C:\Windows\System\jfOzMso.exe
  2⤵
  PID:13212
- C:\Windows\System\fzosTCv.exe
  C:\Windows\System\fzosTCv.exe
  2⤵
  PID:13232
- C:\Windows\System\tSQsNWv.exe
  C:\Windows\System\tSQsNWv.exe
  2⤵
  PID:13248
- C:\Windows\System\hfuEEOZ.exe
  C:\Windows\System\hfuEEOZ.exe
  2⤵
  PID:13264
- C:\Windows\System\oJAtydf.exe
  C:\Windows\System\oJAtydf.exe
  2⤵
  PID:13280
- C:\Windows\System\wXNmQli.exe
  C:\Windows\System\wXNmQli.exe
  2⤵
  PID:11476
- C:\Windows\System\hJbZmGx.exe
  C:\Windows\System\hJbZmGx.exe
  2⤵
  PID:12328
- C:\Windows\System\nDRvlPx.exe
  C:\Windows\System\nDRvlPx.exe
  2⤵
  PID:12376
- C:\Windows\System\qeCKsxQ.exe
  C:\Windows\System\qeCKsxQ.exe
  2⤵
  PID:12464
- C:\Windows\System\EpeSAcB.exe
  C:\Windows\System\EpeSAcB.exe
  2⤵
  PID:12544
- C:\Windows\System\NMRmcxD.exe
  C:\Windows\System\NMRmcxD.exe
  2⤵
  PID:12568
- C:\Windows\System\oBTNFZC.exe
  C:\Windows\System\oBTNFZC.exe
  2⤵
  PID:12612
- C:\Windows\System\hTjeEWI.exe
  C:\Windows\System\hTjeEWI.exe
  2⤵
  PID:12712
- C:\Windows\System\hLLLsDq.exe
  C:\Windows\System\hLLLsDq.exe
  2⤵
  PID:12724
- C:\Windows\System\KkVTceq.exe
  C:\Windows\System\KkVTceq.exe
  2⤵
  PID:12776
- C:\Windows\System\tzpBIjv.exe
  C:\Windows\System\tzpBIjv.exe
  2⤵
  PID:12860
- C:\Windows\System\WsPJreO.exe
  C:\Windows\System\WsPJreO.exe
  2⤵
  PID:12924
- C:\Windows\System\IPTUSih.exe
  C:\Windows\System\IPTUSih.exe
  2⤵
  PID:13080
- C:\Windows\System\AkGASIj.exe
  C:\Windows\System\AkGASIj.exe
  2⤵
  PID:13208
- C:\Windows\System\VhEFdvr.exe
  C:\Windows\System\VhEFdvr.exe
  2⤵
  PID:13192
- C:\Windows\System\qobgwjY.exe
  C:\Windows\System\qobgwjY.exe
  2⤵
  PID:13308
- C:\Windows\System\xicsdlq.exe
  C:\Windows\System\xicsdlq.exe
  2⤵
  PID:12440
- C:\Windows\System\TETYqfR.exe
  C:\Windows\System\TETYqfR.exe
  2⤵
  PID:12296
- C:\Windows\System\pvZAunN.exe
  C:\Windows\System\pvZAunN.exe
  2⤵
  PID:12564
- C:\Windows\System\vWHoeWs.exe
  C:\Windows\System\vWHoeWs.exe
  2⤵
  PID:12708
- C:\Windows\System\ybEsfdm.exe
  C:\Windows\System\ybEsfdm.exe
  2⤵
  PID:12748
- C:\Windows\System\HanwZhH.exe
  C:\Windows\System\HanwZhH.exe
  2⤵
  PID:12980
- C:\Windows\System\ExtzJwW.exe
  C:\Windows\System\ExtzJwW.exe
  2⤵
  PID:12972
- C:\Windows\System\mEXXyIQ.exe
  C:\Windows\System\mEXXyIQ.exe
  2⤵
  PID:13076
- C:\Windows\System\RVMyptT.exe
  C:\Windows\System\RVMyptT.exe
  2⤵
  PID:12492
- C:\Windows\System\xuRVfYH.exe
  C:\Windows\System\xuRVfYH.exe
  2⤵
  PID:12672
- C:\Windows\System\zTxQzyn.exe
  C:\Windows\System\zTxQzyn.exe
  2⤵
  PID:13108
- C:\Windows\System\JkKHMNk.exe
  C:\Windows\System\JkKHMNk.exe
  2⤵
  PID:13276
- C:\Windows\System\JLdVljS.exe
  C:\Windows\System\JLdVljS.exe
  2⤵
  PID:3044
- C:\Windows\System\NKfTiSU.exe
  C:\Windows\System\NKfTiSU.exe
  2⤵
  PID:13316
- C:\Windows\System\JvmZihL.exe
  C:\Windows\System\JvmZihL.exe
  2⤵
  PID:13336
- C:\Windows\System\IyzYtxB.exe
  C:\Windows\System\IyzYtxB.exe
  2⤵
  PID:13364
- C:\Windows\System\HBEjmCY.exe
  C:\Windows\System\HBEjmCY.exe
  2⤵
  PID:13388
- C:\Windows\System\VcgWCbh.exe
  C:\Windows\System\VcgWCbh.exe
  2⤵
  PID:13408
- C:\Windows\System\tzTfVqd.exe
  C:\Windows\System\tzTfVqd.exe
  2⤵
  PID:13424
- C:\Windows\System\LoJDPgQ.exe
  C:\Windows\System\LoJDPgQ.exe
  2⤵
  PID:13448
- C:\Windows\System\qkNcUGY.exe
  C:\Windows\System\qkNcUGY.exe
  2⤵
  PID:13468
- C:\Windows\System\eSKZWbv.exe
  C:\Windows\System\eSKZWbv.exe
  2⤵
  PID:13492
- C:\Windows\System\QYqpcya.exe
  C:\Windows\System\QYqpcya.exe
  2⤵
  PID:13560
- C:\Windows\System\WscEKqy.exe
  C:\Windows\System\WscEKqy.exe
  2⤵
  PID:13580
- C:\Windows\System\OZnRkJu.exe
  C:\Windows\System\OZnRkJu.exe
  2⤵
  PID:13628
- C:\Windows\System\ugfHyjk.exe
  C:\Windows\System\ugfHyjk.exe
  2⤵
  PID:13648
- C:\Windows\System\weqJErZ.exe
  C:\Windows\System\weqJErZ.exe
  2⤵
  PID:13672
- C:\Windows\System\quzRhBT.exe
  C:\Windows\System\quzRhBT.exe
  2⤵
  PID:13696
- C:\Windows\System\sTwPxtx.exe
  C:\Windows\System\sTwPxtx.exe
  2⤵
  PID:13712
- C:\Windows\System\qnQiYBj.exe
  C:\Windows\System\qnQiYBj.exe
  2⤵
  PID:13776
- C:\Windows\System\WGYVmem.exe
  C:\Windows\System\WGYVmem.exe
  2⤵
  PID:13796
- C:\Windows\System\UffHFDs.exe
  C:\Windows\System\UffHFDs.exe
  2⤵
  PID:13820
- C:\Windows\System\ndTqeUe.exe
  C:\Windows\System\ndTqeUe.exe
  2⤵
  PID:13836
- C:\Windows\System\TxwLqBq.exe
  C:\Windows\System\TxwLqBq.exe
  2⤵
  PID:13880
- C:\Windows\System\pzGIvTM.exe
  C:\Windows\System\pzGIvTM.exe
  2⤵
  PID:13920
- C:\Windows\System\bdObuJk.exe
  C:\Windows\System\bdObuJk.exe
  2⤵
  PID:13948
- C:\Windows\System\hvfTjbS.exe
  C:\Windows\System\hvfTjbS.exe
  2⤵
  PID:13972
- C:\Windows\System\MjXomhp.exe
  C:\Windows\System\MjXomhp.exe
  2⤵
  PID:13988
- C:\Windows\System\IOLvHNW.exe
  C:\Windows\System\IOLvHNW.exe
  2⤵
  PID:14008
- C:\Windows\System\vXeJqcO.exe
  C:\Windows\System\vXeJqcO.exe
  2⤵
  PID:14032
- C:\Windows\System\qmlVkBe.exe
  C:\Windows\System\qmlVkBe.exe
  2⤵
  PID:14060
- C:\Windows\System\aTOGhUM.exe
  C:\Windows\System\aTOGhUM.exe
  2⤵
  PID:14076
- C:\Windows\System\QVJtoRR.exe
  C:\Windows\System\QVJtoRR.exe
  2⤵
  PID:14136
- C:\Windows\System\upErrCt.exe
  C:\Windows\System\upErrCt.exe
  2⤵
  PID:14152
- C:\Windows\System\aOeNoTD.exe
  C:\Windows\System\aOeNoTD.exe
  2⤵
  PID:14204
- C:\Windows\System\WlVJfgK.exe
  C:\Windows\System\WlVJfgK.exe
  2⤵
  PID:14232
- C:\Windows\System\HukaAIp.exe
  C:\Windows\System\HukaAIp.exe
  2⤵
  PID:14256
- C:\Windows\System\XGXLGNu.exe
  C:\Windows\System\XGXLGNu.exe
  2⤵
  PID:14276
- C:\Windows\System\bCGucXc.exe
  C:\Windows\System\bCGucXc.exe
  2⤵
  PID:14292
- C:\Windows\System\fxWvkCA.exe
  C:\Windows\System\fxWvkCA.exe
  2⤵
  PID:14320
- C:\Windows\System\PnZgsYl.exe
  C:\Windows\System\PnZgsYl.exe
  2⤵
  PID:13260
- C:\Windows\System\gDKrxtI.exe
  C:\Windows\System\gDKrxtI.exe
  2⤵
  PID:13332
- C:\Windows\System\ZkLuuyk.exe
  C:\Windows\System\ZkLuuyk.exe
  2⤵
  PID:13444
- C:\Windows\System\ULYCbmY.exe
  C:\Windows\System\ULYCbmY.exe
  2⤵
  PID:13488
- C:\Windows\System\cPbeVBW.exe
  C:\Windows\System\cPbeVBW.exe
  2⤵
  PID:13512
- C:\Windows\System\pcINAcX.exe
  C:\Windows\System\pcINAcX.exe
  2⤵
  PID:13540
- C:\Windows\System\WtJXRmm.exe
  C:\Windows\System\WtJXRmm.exe
  2⤵
  PID:13664
- C:\Windows\System\AMZZGsr.exe
  C:\Windows\System\AMZZGsr.exe
  2⤵
  PID:13764
- C:\Windows\System\PWWBMzt.exe
  C:\Windows\System\PWWBMzt.exe
  2⤵
  PID:13852
- C:\Windows\System\oALkzHP.exe
  C:\Windows\System\oALkzHP.exe
  2⤵
  PID:13900
- C:\Windows\System\UULPTiq.exe
  C:\Windows\System\UULPTiq.exe
  2⤵
  PID:13944
- C:\Windows\System\GSrTDDD.exe
  C:\Windows\System\GSrTDDD.exe
  2⤵
  PID:14096
- C:\Windows\System\fRjEnjv.exe
  C:\Windows\System\fRjEnjv.exe
  2⤵
  PID:14124
- C:\Windows\System\rkOJMKN.exe
  C:\Windows\System\rkOJMKN.exe
  2⤵
  PID:14200
- C:\Windows\System\zACLDVp.exe
  C:\Windows\System\zACLDVp.exe
  2⤵
  PID:14252
- C:\Windows\System\DsLPVcn.exe
  C:\Windows\System\DsLPVcn.exe
  2⤵
  PID:14312
- C:\Windows\System\PfsPYha.exe
  C:\Windows\System\PfsPYha.exe
  2⤵
  PID:1336
- C:\Windows\System\DdYbPIr.exe
  C:\Windows\System\DdYbPIr.exe
  2⤵
  PID:13372
- C:\Windows\System\jKiuQQq.exe
  C:\Windows\System\jKiuQQq.exe
  2⤵
  PID:13460
- C:\Windows\System\cGXPNgD.exe
  C:\Windows\System\cGXPNgD.exe
  2⤵
  PID:13808
- C:\Windows\System\JSADBqr.exe
  C:\Windows\System\JSADBqr.exe
  2⤵
  PID:13792
- C:\Windows\System\PDHFdhI.exe
  C:\Windows\System\PDHFdhI.exe
  2⤵
  PID:14004

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BOdQLcw.exe

Filesize
1.5MB

MD5
30f6c78014865c3139e0e19da24ea687

SHA1
53a25fb4cd6815675ea5b5ede9299e997e5bb6d7

SHA256
6c9259f98b89a1b84d9ee9a51351e18f16b1d90ff061687d9a426fbd290024d6

SHA512
eca7d243ebb2afb25e2ffaf583e8fa365050164f40814ea4ba19fe0e5022a43ec57dbc28d1e03027c7123168fc717316aa6deace90c3b38d68c104676b572716

Download Submit
C:\Windows\System\DsUnXCY.exe

Filesize
1.5MB

MD5
412b460ce1c28a87344233c4d06d4f50

SHA1
c56d7d1df0cbe95f099f2c66a70fee2df0db1dbf

SHA256
2bc7d44c1b350393981a76a1824fbee33c464fee21e7cee635283c00ae8a8393

SHA512
e19a44615f421e479ce5a1b994417b70181d9331b32d2dd8184cc0f548f70f497f2138ea83d6384ccdfbbe05f48d8743d54d47dd91efcc1a1a5c2774b9c35fc5

Download Submit
C:\Windows\System\GeUmnXR.exe

Filesize
1.5MB

MD5
2e2ba8511b96cb5db0d825c6812cf53a

SHA1
7d67af34fc79501c8b041e5c790f4f660aee27e0

SHA256
73a0aac36a62d266ee155d78c8de20cad8244e6fd5f6b5bb1d7090042d01a735

SHA512
ce0940885386eb8f324e920ce6dcdae274f9764825099a629494aab4a21d7e699d6c625d178cf40528a470ab4f091f7145ee9ac4f2a937966497c7f7e9da417a

Download Submit
C:\Windows\System\IYaMSNh.exe

Filesize
1.5MB

MD5
694187ede1fee689a4f983e5e42f822c

SHA1
d89d3a2ee7c328e752ef554f66ce6221fa0d6c11

SHA256
396c32424576c52452217cce820de8e057b7dfb3eb48ec3b6a31e755b603ad52

SHA512
a2079605f854538d9e823ae8ad7f8a08531b17fc741399544074f74e6d4c2548447043613be87916645be03b69771f0aabc608b50760f8101a526504ac63f0f8

Download Submit
C:\Windows\System\JBSLHSo.exe

Filesize
1.5MB

MD5
46bf549f1dae90d8b6afb1980858659b

SHA1
7532fb18bbf9810af1741146e77c4fbb5e300bc2

SHA256
0f359e344a57984c686a698ae941e9594bc33ac01a3546e61bf07072def3e9f6

SHA512
07fc40b0a937d4b5cfe23376d9f300b85068bf9acb8880899d1d44ee17f633be406c447aff36e8381db35f775f3ec5d96f63b77bb5f465dcb5820039d7b6dd81

Download Submit
C:\Windows\System\JONGPea.exe

Filesize
1.5MB

MD5
96e87d029ee5f535a7291aa9b002e982

SHA1
e30cff796ffb44667d8bd8b6d40fc0ca28203423

SHA256
f2f2792cfc1284d59402eacd94c5120c12b9d3b4018f528bc424b981adc17db4

SHA512
4f48b691447f7cab1d92827e902985644040a34e1f82f2bdd140e52094771d8fab70a308cd4f52b9e7c45362b9f8b328a28a1bc52210ee4d5cb45ccc507cdf1b

Download Submit
C:\Windows\System\LrhWQko.exe

Filesize
1.5MB

MD5
b7903fa421104c9ff5d7b34581fc0b0a

SHA1
80998259f4a4ea165fbfa2e849cc0e4a4428cbc7

SHA256
216c7e161f89704dba44cd92de86811d8a872e56705dc99c866cf7724d01cdb4

SHA512
3c519ef0a0011afaa7292cbb888390dac8088eddb39aedd93a4ee44c3d666ebb55b5e0f214de5fa27aac74b7c908d04c5f34e10493b375f1b2a0367da3618bc2

Download Submit
C:\Windows\System\MEPoDtv.exe

Filesize
1.5MB

MD5
86388fe4967da5ad16cf7c877e8f1550

SHA1
57adce6ba5938d02d4baaf9f3646d14dd2d80856

SHA256
f1b7d05676d7abbee1b4e8d9f596816ee9925fc93a3cd31c2f14de143dccc2a5

SHA512
2666834d4edce5c954f4b613e24092daa01f2cdb40cab7ac0bd37833fd253ec238359f5ad6a743595ad77d9e8cbcc7e1bebf71bee27fd30b1fff71c27cf31d2f

Download Submit
C:\Windows\System\MfTkbBj.exe

Filesize
1.5MB

MD5
1e1966026e400692d4a323dbe1a05da2

SHA1
6b5d3af20bfede1a808e9291f6b4c3154d5fcd13

SHA256
f12088aa5842338d9f7d0d466abb56fc635ed7c8a9ed6c112213f704b388cfbc

SHA512
fee1846c1bf1f7352b955a7b039f44a167e1c67a29096d8a0170378cbe69b7c5501e0118897d8b54a9ccc301042fff7eb6cf21f21d60c6cab0ca930ddee88e7f

Download Submit
C:\Windows\System\NQxSRdT.exe

Filesize
1.5MB

MD5
3bc9645f80596c78afde8def1b7e1eca

SHA1
909bedd074f293d4dfe162667c862318e1ca6f21

SHA256
ee706194bd27329a20b66ca112b602a1c24c9cac57842c0198be3f36395fe0c7

SHA512
cf70d704cf18f6b47c1ea2c76220bc0516d19e8d8a81a0e78b77473529a3a302fbeeed524f0415a5a9c2b20df912f1fdde8927a25a079cbafd83cb7384dc0453

Download Submit
C:\Windows\System\NjVIVtZ.exe

Filesize
1.5MB

MD5
4fc0bea2b7f52807a2985798b42e567f

SHA1
563dcf72b878cd7c923ba0c375c8cdd9b6f1c247

SHA256
f40e841935a668fd81d83952464e6317189ec675c4fef56caa336793acb8e07e

SHA512
4ae248dfcbfd35513c2b05f4fd7ad28784d707a001df3223f5cbedfc26efc230a65234490aa39598d76962177b49afacce2bdbb3f53e550090bc5f08db511f62

Download Submit
C:\Windows\System\OIqEAIi.exe

Filesize
1.5MB

MD5
e9e3403fc6b4a89e3ed2c8528d868074

SHA1
9ee38266c58b7e51eff2321fb37a1985e89d866a

SHA256
ee6a0bc1979f8312eca3704bcaf28b5a92d947b8d8f6e11efb26f03c3f4551b3

SHA512
10ea40b3dafaf9a3a060b30220a7ac554ea4548b009708ad2a67400e410b197c0971c7a8b3b56e3b0b9bfb0d35e505b7ac6e66aec93f98047dcf73e4d84c537d

Download Submit
C:\Windows\System\RMEqxMa.exe

Filesize
1.5MB

MD5
d681a9c95287a9f65278bcce3e9b6639

SHA1
4cae981bbd995f5b6c926b04bdc00ad22da2acf6

SHA256
a4f32b63da46dd07416dac0c22320492df90beb258211297c9d9225159e9334b

SHA512
b6ab75aeaf1a5247e009b2d85ca83c20b86752b91beb1f83031bcd89ca80edd69372be99aba77b64ce72db867db989d6a0b1dd00afedd7643311f66dc5abb1cc

Download Submit
C:\Windows\System\STmyTFs.exe

Filesize
1.5MB

MD5
7d814c62e3cb071395482feeab0ea237

SHA1
6c1464434a9100605fa386e12063015b505adc85

SHA256
0500979304e3bf13b93075a737bdbb90deefb0eec3590ac7766360a9915670e4

SHA512
c728c5371d54a3288aadf17c27ac6763b9ff41a89ded3915054b3a586575ddcc036058cf1ad2ef7c250cfdb6963e3039f8bdc4a4fb6a1cca35d11c8fdfb26654

Download Submit
C:\Windows\System\TIHujXv.exe

Filesize
1.5MB

MD5
0acea9ada02b48971b96ea24a97e28c9

SHA1
50056fdd56027349ebb81791bdbe235975e5f820

SHA256
e62872571a76a1ed7c5570fc641cd12c3514a0136125ef8507340eb2638f92af

SHA512
4daf1b1fa64100d74e5038dfcfcb764dcd4bcb373540413fdf2937cae35024b177b571d39a31c4af530d967aa76061b8aedf726badb80f031a9499d79ac8efc8

Download Submit
C:\Windows\System\UsMTWDd.exe

Filesize
1.5MB

MD5
4210f9886ed2d1dbb0f5fa4646be305f

SHA1
0574caf0597293fa2f87283acd81581dbc970e37

SHA256
ec98eb30e2976a649a0e4a514bc5031587e3c7850c4469b24835d94c5933ba37

SHA512
bbec2f4a9b3689bc3d002470ceb4544483928b48c2c95b0ed68edc960202000d1410dd9a2cb41f097e3b7aa20cb2baaad9c988863df5a191c885a1ec278a1611

Download Submit
C:\Windows\System\XONpeUk.exe

Filesize
1.5MB

MD5
7ee243ee7f18222a3c97a50871242c78

SHA1
73b5204313fa430bdb38fa334f5735fb3ffcb281

SHA256
69f0acfaad3938e1dfc1b91420bfd9d047d3c4f199eca13f39ab0792751378f6

SHA512
80202cb579a86d36036a9488b206fe39beb720f78440884300b412b80c5a9eabc2be7021bddb3f111f4053e19461a0724d9e8ce227672585ee4c5839a3c8a9a3

Download Submit
C:\Windows\System\XhjnTkv.exe

Filesize
1.5MB

MD5
439a1bd848d71c3ebc8e1de643c555fc

SHA1
4693d25b9abdc962b3db8884f44742c73a62f0fc

SHA256
c1bc4f10185b8389b0ec7ba3164481de5a213eb17dbedcc7bda9fccaf583d3f2

SHA512
a52a591c48278439c89678ec26e3b55cedc377e98bd6d75e3f9db765078a1b15cd8a57f3817e14ce14faa657e13f79cf652f00bcace2171419b050d254c16094

Download Submit
C:\Windows\System\aPhrXCC.exe

Filesize
1.5MB

MD5
4a69f62b5128b3a2aab6ea94ee242cd1

SHA1
fc5143b116156155127115be209de91c195cf562

SHA256
251034e4221d3eb8a86c2fe02f72e89cbc7292798718840ce38112e0867f9b8f

SHA512
4fc2d88c6800a066be2d3cd1ebd539694a499c5d8af73b51b8515e7345d013a76c440859fd1fddaf312c84697fbdbd51b4e08e8f79bbad34343d5707c25c087b

Download Submit
C:\Windows\System\cuSPxDM.exe

Filesize
1.5MB

MD5
d7f2befa49df1be254ace0e99842dee7

SHA1
05c125f3306e33cfc37d8aa83f7ad91fbe703b3b

SHA256
6fc33072c76600a5c5d11bb0931da075a45b0537102e48bd63acfe4a4672f7b5

SHA512
8bf3ef35367debfec1263e285eddfca8a16c70b5b883b9612606570e39881f6cac45917a38cbd11c95542e2ec6e7ec6e05064747238af2ac64dcb674ab5a2d9b

Download Submit
C:\Windows\System\dLajiMi.exe

Filesize
1.5MB

MD5
f7f493b383fc67a9c5917e3208ba695e

SHA1
03fd42b164546b68829561e5c3498813f5496a89

SHA256
f2f73121ac89511fa34b663fdc0c92f364d7bfc9a3837ec5a88081f6804c54bd

SHA512
48fb3d68cd2cae05678bf17820165c6dc112ab9455f7580c19a6ecb0f5b70515d20bc8ede3a510588ba68855ee20b1d789e4ecbbfc93ab1bec09425e6bc4b5e0

Download Submit
C:\Windows\System\dbMCgBV.exe

Filesize
1.5MB

MD5
5890b24683cc611383accecfa694a76e

SHA1
d504a6f0b6c2a348c59e388cceb8cdfe261daec7

SHA256
1f8b932e757fd5b87fe00f53440b166d51912e7c71b1396225b5da78e0472cdf

SHA512
de77830cddb41b604847676ea28a79c2b53c964bf9a928e49a8c032b75359c39d86959fa0dc45201cc8a0b13a2fe10a5a4cf95a284ba96fae1387d32a45d827e

Download Submit
C:\Windows\System\hCmIdWF.exe

Filesize
1.5MB

MD5
0773051d6c00b1ab3c8174906f4278dc

SHA1
87f119c50b38636582845ee51c7365a867e154ab

SHA256
33713c42a13184411b23cd0d77f7b272e9005fe2c9e23f32df14fd6f6a99a448

SHA512
fa8b4f2b4e6ed26ac0639dfd018636fb7c1c82f1b12237816180cfd4435f1876c815ff54c94b90b7c6d844458909ac286cfcf70253d914fe530c3afa8a2ea088

Download Submit
C:\Windows\System\jKXQIys.exe

Filesize
1.5MB

MD5
f282eab2b044bab4195ea9b74c8ec372

SHA1
bbc2d251915241cd5550baaa4139ed3c29a93629

SHA256
e9c78872f80807146084124f5efde44b459e32e91f10f9ed3e03aa38d7ac5cb9

SHA512
8051eaa9e2eb9d82d6efd9153fb8ccd2b6034c1cfe453b310d2cbf06cfc0bf993e4b5f2d46fcf58ad53a34f643211978dd085a5df3e6c872d3a0d885e317ebe6

Download Submit
C:\Windows\System\kChbzPJ.exe

Filesize
1.5MB

MD5
b606a77f125aec2280849bb6142dd521

SHA1
5f78ef14bddf9f35636b0c040becfaac3e6c3746

SHA256
b09fcee35111fb738531e3b6e194f297601a3513b4b062bcb7a1e1bf8ac57f94

SHA512
ddf82f47ab7fa729b1c6c4337da0247c69928b870c46c82df8f7ee5e4a7e7faee5660673a43899d81e45aa6903d47979ebfaa1ce58c000f497bec8ad305653cc

Download Submit
C:\Windows\System\lBUilTm.exe

Filesize
1.5MB

MD5
80e2f5083be25a92655f7b63b00759b1

SHA1
7368d167864b471b242c7e48578631801de6419f

SHA256
d429a0fea2e00e361372ec393d9797cfaa4365890c41f06a0b3e2a216f7cad77

SHA512
0cee9fe6ce58728d85ae6c4e70e55c8e222b992dd551adec433c293259d965bc15156826cfc50f90e69f3d8d0a7b4a4b6f708b6f0abe13b18d6117ed1222c808

Download Submit
C:\Windows\System\lPObzYI.exe

Filesize
1.5MB

MD5
11b56138bab63d978b61113cc3e6dc71

SHA1
3f806c9e18cdd43e26b71712dcd15d2398a5ed33

SHA256
40070134f6af115a9fcde53ce8e92c31e2d59fdc551a46b645d8699fd77b8d25

SHA512
903a2c261526a45dbb6b0bc2b85dbee24595d91099b609fd61c7f36f4a89ab3e0cdb4c066b5cbdf5767900d2b3bc9d3d3baf3b3597bbd4b5c2f3af3d7654b6db

Download Submit
C:\Windows\System\mZFrsLv.exe

Filesize
1.5MB

MD5
372cb51298ae673511dbc4f600589346

SHA1
e75dedf520e08062f7df4684534a6affdcfc16f6

SHA256
7661edf5868a37cfa904d7c46c84d5fbfe3df42059b166d61afe9cbffb85d791

SHA512
799de76f822f6f191957ed084fb1fa66dc0633e0783c5ee046da28992742fbfd88c5d1c350f343524f4d1fd02f3266b085b310bcb2ba9eb7fa1c1bf72df80218

Download Submit
C:\Windows\System\oiEGpLR.exe

Filesize
1.5MB

MD5
9120dd7777eec74df869cd64935f942e

SHA1
f9424454bf54884b7502b37ea3a9a8c22d97cc99

SHA256
c1e57acd83ecab578587b6fd25640d3ff453601e2824942822bb862b0f769e4c

SHA512
4b98ac1a5f260f7b720695086ec7ff7c93dc235e89161c7a69c3558fd0c37f52231d6a232e3b7243ef3c9bd2ddb45904d28687d9a194992c43916de8a076172e

Download Submit
C:\Windows\System\oiXwuFH.exe

Filesize
1.5MB

MD5
376ff86022dced69cd47d3284f0a8672

SHA1
4a2aab6216e10cf326f75bc7648a67e141691465

SHA256
5e6930edbbfa5d2a8ef2b99dbeeb349af1acf0eb59a4e1555d48c742c10b336c

SHA512
1a47666cd2e7ab53e5485109828ffbed9fb3bafceee76acfc053d3eafde1fcd18677a4b363d9d55b44ac2d39a63e49964cff1d2b2a340e46a075966c7d4f8602

Download Submit
C:\Windows\System\xWkERTM.exe

Filesize
1.5MB

MD5
c1be8bdb27aae92533039f9eabfb1075

SHA1
e91a24b9c373c45c7a64d51f0d452c2cd886dc94

SHA256
dfef8a97cc93160478f658feccabd3c137ab72e21f28c6851d0ae76f5b49fffc

SHA512
a04e54a55a86db9102b1717eadc3f5f7b6c4fe25928e371c6507627a6403e3621b3f2cc476c5cfa201ff8a9e0b7a2fe44ebdec8f7d05a46197f397a7b791a2d4

Download Submit
C:\Windows\System\yNaXEJj.exe

Filesize
1.5MB

MD5
a3fea2ae9117f34223be2665a6b571c2

SHA1
42246913e1e227632b560cf54ec6615eee10960c

SHA256
24cb5a42de90bbfed28e6eac63d83cf2464f3195e18d88108d018a8b895e9c11

SHA512
50f2fc31d8a6fec42436bd0c5a50cb1338f599db5331fd03269916becfff1fb99f3916ffa4e40743228ab5f09591e5cb9c0ecbfb50fb0bc552f9d58e86b3858b

Download Submit
C:\Windows\System\zIXbinQ.exe

Filesize
1.5MB

MD5
d91c380aa543b06680c2b83fd12c2806

SHA1
ca2c33db1713b77b968b508cfa17c08ff89231f8

SHA256
272e5c49b8c2724fa82dca8ef091f51c2e797b5f6075d7a5d0d4eebe002fb2ba

SHA512
673b0946ff93650abe2c40f38e3b4f3e351bcb0edbe1a4bc0b3cbfc40445fb48051f5afc512367b8fb8b26c142fdf8d8fb18eb7779fd54ecfd7b756ba3f5c009

Download Submit
memory/192-31-0x00007FF78B5C0000-0x00007FF78B911000-memory.dmp

Filesize
3.3MB

Download
memory/192-2221-0x00007FF78B5C0000-0x00007FF78B911000-memory.dmp

Filesize
3.3MB

Download
memory/192-2166-0x00007FF78B5C0000-0x00007FF78B911000-memory.dmp

Filesize
3.3MB

Download
memory/1320-2237-0x00007FF6B6FF0000-0x00007FF6B7341000-memory.dmp

Filesize
3.3MB

Download
memory/1320-451-0x00007FF6B6FF0000-0x00007FF6B7341000-memory.dmp

Filesize
3.3MB

Download
memory/1636-541-0x00007FF76E8B0000-0x00007FF76EC01000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2276-0x00007FF76E8B0000-0x00007FF76EC01000-memory.dmp

Filesize
3.3MB

Download
memory/1660-548-0x00007FF7014A0000-0x00007FF7017F1000-memory.dmp

Filesize
3.3MB

Download
memory/1660-2229-0x00007FF7014A0000-0x00007FF7017F1000-memory.dmp

Filesize
3.3MB

Download
memory/1756-520-0x00007FF6DF1B0000-0x00007FF6DF501000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2257-0x00007FF6DF1B0000-0x00007FF6DF501000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2259-0x00007FF6EF8B0000-0x00007FF6EFC01000-memory.dmp

Filesize
3.3MB

Download
memory/1792-506-0x00007FF6EF8B0000-0x00007FF6EFC01000-memory.dmp

Filesize
3.3MB

Download
memory/1828-2213-0x00007FF6AE6E0000-0x00007FF6AEA31000-memory.dmp

Filesize
3.3MB

Download
memory/1828-2164-0x00007FF6AE6E0000-0x00007FF6AEA31000-memory.dmp

Filesize
3.3MB

Download
memory/1828-14-0x00007FF6AE6E0000-0x00007FF6AEA31000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2235-0x00007FF6B4A70000-0x00007FF6B4DC1000-memory.dmp

Filesize
3.3MB

Download
memory/2100-450-0x00007FF6B4A70000-0x00007FF6B4DC1000-memory.dmp

Filesize
3.3MB

Download
memory/2236-466-0x00007FF72D420000-0x00007FF72D771000-memory.dmp

Filesize
3.3MB

Download
memory/2236-2245-0x00007FF72D420000-0x00007FF72D771000-memory.dmp

Filesize
3.3MB

Download
memory/2420-494-0x00007FF689620000-0x00007FF689971000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2269-0x00007FF689620000-0x00007FF689971000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2233-0x00007FF646A70000-0x00007FF646DC1000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2200-0x00007FF646A70000-0x00007FF646DC1000-memory.dmp

Filesize
3.3MB

Download
memory/2728-431-0x00007FF646A70000-0x00007FF646DC1000-memory.dmp

Filesize
3.3MB

Download
memory/2776-46-0x00007FF6EFC30000-0x00007FF6EFF81000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2219-0x00007FF6EFC30000-0x00007FF6EFF81000-memory.dmp

Filesize
3.3MB

Download
memory/2992-2258-0x00007FF667930000-0x00007FF667C81000-memory.dmp

Filesize
3.3MB

Download
memory/2992-507-0x00007FF667930000-0x00007FF667C81000-memory.dmp

Filesize
3.3MB

Download
memory/3064-1-0x000002115EED0000-0x000002115EEE0000-memory.dmp

Filesize
64KB

Download
memory/3064-0-0x00007FF7E71A0000-0x00007FF7E74F1000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2129-0x00007FF7E71A0000-0x00007FF7E74F1000-memory.dmp

Filesize
3.3MB

Download
memory/3220-495-0x00007FF62B4B0000-0x00007FF62B801000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2261-0x00007FF62B4B0000-0x00007FF62B801000-memory.dmp

Filesize
3.3MB

Download
memory/3396-53-0x00007FF61C3E0000-0x00007FF61C731000-memory.dmp

Filesize
3.3MB

Download
memory/3396-2231-0x00007FF61C3E0000-0x00007FF61C731000-memory.dmp

Filesize
3.3MB

Download
memory/3396-2199-0x00007FF61C3E0000-0x00007FF61C731000-memory.dmp

Filesize
3.3MB

Download
memory/3552-2225-0x00007FF685E40000-0x00007FF686191000-memory.dmp

Filesize
3.3MB

Download
memory/3552-55-0x00007FF685E40000-0x00007FF686191000-memory.dmp

Filesize
3.3MB

Download
memory/3704-2217-0x00007FF62D6D0000-0x00007FF62DA21000-memory.dmp

Filesize
3.3MB

Download
memory/3704-48-0x00007FF62D6D0000-0x00007FF62DA21000-memory.dmp

Filesize
3.3MB

Download
memory/3780-485-0x00007FF6B3460000-0x00007FF6B37B1000-memory.dmp

Filesize
3.3MB

Download
memory/3780-2268-0x00007FF6B3460000-0x00007FF6B37B1000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2215-0x00007FF7176B0000-0x00007FF717A01000-memory.dmp

Filesize
3.3MB

Download
memory/3964-21-0x00007FF7176B0000-0x00007FF717A01000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2165-0x00007FF7176B0000-0x00007FF717A01000-memory.dmp

Filesize
3.3MB

Download
memory/4240-499-0x00007FF70A5D0000-0x00007FF70A921000-memory.dmp

Filesize
3.3MB

Download
memory/4240-2263-0x00007FF70A5D0000-0x00007FF70A921000-memory.dmp

Filesize
3.3MB

Download
memory/4352-49-0x00007FF780A10000-0x00007FF780D61000-memory.dmp

Filesize
3.3MB

Download
memory/4352-2223-0x00007FF780A10000-0x00007FF780D61000-memory.dmp

Filesize
3.3MB

Download
memory/4388-2272-0x00007FF698550000-0x00007FF6988A1000-memory.dmp

Filesize
3.3MB

Download
memory/4388-488-0x00007FF698550000-0x00007FF6988A1000-memory.dmp

Filesize
3.3MB

Download
memory/4436-2249-0x00007FF674990000-0x00007FF674CE1000-memory.dmp

Filesize
3.3MB

Download
memory/4436-477-0x00007FF674990000-0x00007FF674CE1000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2239-0x00007FF6AA940000-0x00007FF6AAC91000-memory.dmp

Filesize
3.3MB

Download
memory/4608-465-0x00007FF6AA940000-0x00007FF6AAC91000-memory.dmp

Filesize
3.3MB

Download
memory/4760-2241-0x00007FF7787D0000-0x00007FF778B21000-memory.dmp

Filesize
3.3MB

Download
memory/4760-461-0x00007FF7787D0000-0x00007FF778B21000-memory.dmp

Filesize
3.3MB

Download
memory/4852-2265-0x00007FF6943F0000-0x00007FF694741000-memory.dmp

Filesize
3.3MB

Download
memory/4852-500-0x00007FF6943F0000-0x00007FF694741000-memory.dmp

Filesize
3.3MB

Download
memory/4980-475-0x00007FF67C6C0000-0x00007FF67CA11000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2248-0x00007FF67C6C0000-0x00007FF67CA11000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2227-0x00007FF78EF90000-0x00007FF78F2E1000-memory.dmp

Filesize
3.3MB

Download
memory/5020-449-0x00007FF78EF90000-0x00007FF78F2E1000-memory.dmp

Filesize
3.3MB

Download
memory/5104-457-0x00007FF6EB7D0000-0x00007FF6EBB21000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2243-0x00007FF6EB7D0000-0x00007FF6EBB21000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads