xmrig | 049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2

Analysis

max time kernel
132s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
Size

2.5MB
MD5

ec2b2b3654c3d4e93a5de5bf48da7d54
SHA1

3bbef7cf51bae533cf2e2b91190eca9df5f52b8c
SHA256

049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2
SHA512

525fa5a0876af2e659e25e947651c6fa75129145c598fcd8d7ddc9f743a30e6debf3bc8a29932fc5188072a71e93ef4005a7d4c389563149873276455acbe4f2
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+A8JhP7dyk0y4iYGm:oemTLkNdfE0pZrq

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4396-0-0x00007FF780330000-0x00007FF780684000-memory.dmp	xmrig
behavioral2/files/0x000600000002324e-5.dat	xmrig
behavioral2/files/0x00070000000234c0-7.dat	xmrig
behavioral2/files/0x00070000000234c3-32.dat	xmrig
behavioral2/memory/4428-48-0x00007FF623BB0000-0x00007FF623F04000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c6-61.dat	xmrig
behavioral2/files/0x00070000000234cb-87.dat	xmrig
behavioral2/files/0x00070000000234ce-84.dat	xmrig
behavioral2/files/0x00070000000234cf-107.dat	xmrig
behavioral2/memory/3792-126-0x00007FF64B4C0000-0x00007FF64B814000-memory.dmp	xmrig
behavioral2/memory/2976-144-0x00007FF749DB0000-0x00007FF74A104000-memory.dmp	xmrig
behavioral2/memory/3656-151-0x00007FF66A030000-0x00007FF66A384000-memory.dmp	xmrig
behavioral2/files/0x00070000000234d8-174.dat	xmrig
behavioral2/files/0x00080000000234bd-193.dat	xmrig
behavioral2/memory/2092-197-0x00007FF64F400000-0x00007FF64F754000-memory.dmp	xmrig
behavioral2/memory/3684-196-0x00007FF6F8040000-0x00007FF6F8394000-memory.dmp	xmrig
behavioral2/memory/4416-195-0x00007FF658AA0000-0x00007FF658DF4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234dc-190.dat	xmrig
behavioral2/files/0x00070000000234db-187.dat	xmrig
behavioral2/files/0x00070000000234da-182.dat	xmrig
behavioral2/files/0x00070000000234d9-169.dat	xmrig
behavioral2/memory/4624-158-0x00007FF72DDE0000-0x00007FF72E134000-memory.dmp	xmrig
behavioral2/memory/2556-157-0x00007FF6CC130000-0x00007FF6CC484000-memory.dmp	xmrig
behavioral2/memory/3724-156-0x00007FF7DA0D0000-0x00007FF7DA424000-memory.dmp	xmrig
behavioral2/memory/1132-155-0x00007FF788590000-0x00007FF7888E4000-memory.dmp	xmrig
behavioral2/memory/696-154-0x00007FF7C6FE0000-0x00007FF7C7334000-memory.dmp	xmrig
behavioral2/memory/1332-153-0x00007FF75EDF0000-0x00007FF75F144000-memory.dmp	xmrig
behavioral2/memory/3044-152-0x00007FF75DC30000-0x00007FF75DF84000-memory.dmp	xmrig
behavioral2/memory/4872-150-0x00007FF6E4DE0000-0x00007FF6E5134000-memory.dmp	xmrig
behavioral2/memory/4504-149-0x00007FF64F690000-0x00007FF64F9E4000-memory.dmp	xmrig
behavioral2/memory/3196-148-0x00007FF6E4F80000-0x00007FF6E52D4000-memory.dmp	xmrig
behavioral2/memory/3336-147-0x00007FF63C690000-0x00007FF63C9E4000-memory.dmp	xmrig
behavioral2/memory/2336-146-0x00007FF789480000-0x00007FF7897D4000-memory.dmp	xmrig
behavioral2/memory/2848-145-0x00007FF759250000-0x00007FF7595A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234d7-142.dat	xmrig
behavioral2/files/0x00070000000234d6-140.dat	xmrig
behavioral2/files/0x00070000000234d5-138.dat	xmrig
behavioral2/memory/1464-137-0x00007FF754D90000-0x00007FF7550E4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234d4-135.dat	xmrig
behavioral2/files/0x00070000000234d3-133.dat	xmrig
behavioral2/files/0x00070000000234d1-131.dat	xmrig
behavioral2/files/0x00070000000234d0-129.dat	xmrig
behavioral2/files/0x00070000000234d2-124.dat	xmrig
behavioral2/memory/3120-119-0x00007FF6FF750000-0x00007FF6FFAA4000-memory.dmp	xmrig
behavioral2/memory/1528-103-0x00007FF6DADB0000-0x00007FF6DB104000-memory.dmp	xmrig
behavioral2/files/0x00070000000234cd-101.dat	xmrig
behavioral2/files/0x00070000000234cc-95.dat	xmrig
behavioral2/memory/4912-82-0x00007FF671DD0000-0x00007FF672124000-memory.dmp	xmrig
behavioral2/files/0x00070000000234ca-80.dat	xmrig
behavioral2/files/0x00070000000234c9-75.dat	xmrig
behavioral2/memory/1932-86-0x00007FF782760000-0x00007FF782AB4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c8-65.dat	xmrig
behavioral2/files/0x00070000000234c7-63.dat	xmrig
behavioral2/files/0x00070000000234c5-59.dat	xmrig
behavioral2/memory/3300-55-0x00007FF620A50000-0x00007FF620DA4000-memory.dmp	xmrig
behavioral2/memory/3232-44-0x00007FF68BC30000-0x00007FF68BF84000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c4-57.dat	xmrig
behavioral2/files/0x00070000000234c1-41.dat	xmrig
behavioral2/files/0x00070000000234c2-35.dat	xmrig
behavioral2/files/0x00080000000234bf-20.dat	xmrig
behavioral2/memory/804-18-0x00007FF7C6B60000-0x00007FF7C6EB4000-memory.dmp	xmrig
behavioral2/memory/2796-12-0x00007FF698EC0000-0x00007FF699214000-memory.dmp	xmrig
behavioral2/files/0x00070000000234e0-201.dat	xmrig
behavioral2/files/0x00070000000234dd-198.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2796	bNebJph.exe
804	ZSszsoB.exe
3656	nazxETb.exe
3232	tcsDeSZ.exe
3044	kCVaXwr.exe
4428	OKmLuOm.exe
3300	ltkETEj.exe
4912	CYUuPZD.exe
1332	yJjbszY.exe
1932	tDioOOp.exe
1528	HQZKNhF.exe
3120	xqBjKtX.exe
696	bQPQtjP.exe
1132	DrqPXjS.exe
3792	oLnBfqT.exe
3724	dGQnbWG.exe
1464	QLHbrQe.exe
2556	MyUTwOi.exe
2976	cZFrbis.exe
2848	iqCmFTy.exe
2336	QjADYYH.exe
3336	buYKGwM.exe
3196	lMwkWRN.exe
4624	pTajDSi.exe
4504	rMRSchu.exe
4872	RDQXPSJ.exe
4416	OZrOLTu.exe
3684	BaISTvP.exe
2092	ewyJhxa.exe
2868	VsdLeZJ.exe
5112	BJkhEwW.exe
3716	aSmaHqr.exe
1740	ijyLLkH.exe
1444	NzARnqv.exe
1676	Klmxvnx.exe
3892	TGgpxAm.exe
2824	jnBIXgL.exe
2996	MXTlvTN.exe
4932	GaUzHAN.exe
3424	IHxJHdi.exe
3664	oQeeQfm.exe
3440	DufUpkz.exe
3432	tacfhSy.exe
560	HyYPkaH.exe
2184	DsBrolX.exe
2204	XJHZqGh.exe
4568	urJucIw.exe
3528	nYaFplE.exe
4540	ZIByNgT.exe
4440	FcYunrV.exe
3880	JDNYMqB.exe
3020	TQKFtPQ.exe
1008	DijtItc.exe
2700	PeUMHWj.exe
452	xLDJIwP.exe
368	QcTfgJx.exe
2068	RGKZnjT.exe
1076	TfvDdlL.exe
1392	sgUTKkG.exe
4076	zdInAqi.exe
1400	KCcswik.exe
3176	fAdIizF.exe
4800	BYZpqsq.exe
4256	UADqBKB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4396-0-0x00007FF780330000-0x00007FF780684000-memory.dmp	upx
behavioral2/files/0x000600000002324e-5.dat	upx
behavioral2/files/0x00070000000234c0-7.dat	upx
behavioral2/files/0x00070000000234c3-32.dat	upx
behavioral2/memory/4428-48-0x00007FF623BB0000-0x00007FF623F04000-memory.dmp	upx
behavioral2/files/0x00070000000234c6-61.dat	upx
behavioral2/files/0x00070000000234cb-87.dat	upx
behavioral2/files/0x00070000000234ce-84.dat	upx
behavioral2/files/0x00070000000234cf-107.dat	upx
behavioral2/memory/3792-126-0x00007FF64B4C0000-0x00007FF64B814000-memory.dmp	upx
behavioral2/memory/2976-144-0x00007FF749DB0000-0x00007FF74A104000-memory.dmp	upx
behavioral2/memory/3656-151-0x00007FF66A030000-0x00007FF66A384000-memory.dmp	upx
behavioral2/files/0x00070000000234d8-174.dat	upx
behavioral2/files/0x00080000000234bd-193.dat	upx
behavioral2/memory/2092-197-0x00007FF64F400000-0x00007FF64F754000-memory.dmp	upx
behavioral2/memory/3684-196-0x00007FF6F8040000-0x00007FF6F8394000-memory.dmp	upx
behavioral2/memory/4416-195-0x00007FF658AA0000-0x00007FF658DF4000-memory.dmp	upx
behavioral2/files/0x00070000000234dc-190.dat	upx
behavioral2/files/0x00070000000234db-187.dat	upx
behavioral2/files/0x00070000000234da-182.dat	upx
behavioral2/files/0x00070000000234d9-169.dat	upx
behavioral2/memory/4624-158-0x00007FF72DDE0000-0x00007FF72E134000-memory.dmp	upx
behavioral2/memory/2556-157-0x00007FF6CC130000-0x00007FF6CC484000-memory.dmp	upx
behavioral2/memory/3724-156-0x00007FF7DA0D0000-0x00007FF7DA424000-memory.dmp	upx
behavioral2/memory/1132-155-0x00007FF788590000-0x00007FF7888E4000-memory.dmp	upx
behavioral2/memory/696-154-0x00007FF7C6FE0000-0x00007FF7C7334000-memory.dmp	upx
behavioral2/memory/1332-153-0x00007FF75EDF0000-0x00007FF75F144000-memory.dmp	upx
behavioral2/memory/3044-152-0x00007FF75DC30000-0x00007FF75DF84000-memory.dmp	upx
behavioral2/memory/4872-150-0x00007FF6E4DE0000-0x00007FF6E5134000-memory.dmp	upx
behavioral2/memory/4504-149-0x00007FF64F690000-0x00007FF64F9E4000-memory.dmp	upx
behavioral2/memory/3196-148-0x00007FF6E4F80000-0x00007FF6E52D4000-memory.dmp	upx
behavioral2/memory/3336-147-0x00007FF63C690000-0x00007FF63C9E4000-memory.dmp	upx
behavioral2/memory/2336-146-0x00007FF789480000-0x00007FF7897D4000-memory.dmp	upx
behavioral2/memory/2848-145-0x00007FF759250000-0x00007FF7595A4000-memory.dmp	upx
behavioral2/files/0x00070000000234d7-142.dat	upx
behavioral2/files/0x00070000000234d6-140.dat	upx
behavioral2/files/0x00070000000234d5-138.dat	upx
behavioral2/memory/1464-137-0x00007FF754D90000-0x00007FF7550E4000-memory.dmp	upx
behavioral2/files/0x00070000000234d4-135.dat	upx
behavioral2/files/0x00070000000234d3-133.dat	upx
behavioral2/files/0x00070000000234d1-131.dat	upx
behavioral2/files/0x00070000000234d0-129.dat	upx
behavioral2/files/0x00070000000234d2-124.dat	upx
behavioral2/memory/3120-119-0x00007FF6FF750000-0x00007FF6FFAA4000-memory.dmp	upx
behavioral2/memory/1528-103-0x00007FF6DADB0000-0x00007FF6DB104000-memory.dmp	upx
behavioral2/files/0x00070000000234cd-101.dat	upx
behavioral2/files/0x00070000000234cc-95.dat	upx
behavioral2/memory/4912-82-0x00007FF671DD0000-0x00007FF672124000-memory.dmp	upx
behavioral2/files/0x00070000000234ca-80.dat	upx
behavioral2/files/0x00070000000234c9-75.dat	upx
behavioral2/memory/1932-86-0x00007FF782760000-0x00007FF782AB4000-memory.dmp	upx
behavioral2/files/0x00070000000234c8-65.dat	upx
behavioral2/files/0x00070000000234c7-63.dat	upx
behavioral2/files/0x00070000000234c5-59.dat	upx
behavioral2/memory/3300-55-0x00007FF620A50000-0x00007FF620DA4000-memory.dmp	upx
behavioral2/memory/3232-44-0x00007FF68BC30000-0x00007FF68BF84000-memory.dmp	upx
behavioral2/files/0x00070000000234c4-57.dat	upx
behavioral2/files/0x00070000000234c1-41.dat	upx
behavioral2/files/0x00070000000234c2-35.dat	upx
behavioral2/files/0x00080000000234bf-20.dat	upx
behavioral2/memory/804-18-0x00007FF7C6B60000-0x00007FF7C6EB4000-memory.dmp	upx
behavioral2/memory/2796-12-0x00007FF698EC0000-0x00007FF699214000-memory.dmp	upx
behavioral2/files/0x00070000000234e0-201.dat	upx
behavioral2/files/0x00070000000234dd-198.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZIByNgT.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\XWNasrO.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\rvgQFug.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\NBfmOKt.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\EuahBTj.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\wAsKVIx.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\tcjgiAI.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\yybcqpi.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\VGybZUW.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\zNYCwVp.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\vQDTNtX.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\BDoaJpv.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\hcbYNZr.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\nWaBRxS.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\fPlRHiB.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\FQpTbDk.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\qvDxDiy.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\OMWNNzg.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\fAdIizF.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\lzzDcfG.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\LxisLhi.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\peNGNWb.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\oSaewOz.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\eperOsw.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\GDgbhDx.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\SlfWAlb.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\sDWmwvq.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\jTDBdYU.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\QsQiOlk.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\YYHhBUP.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\SVMyVOQ.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\ToFbTgM.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\mFouadO.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\BBgxBaN.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\uzMjOPG.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\ceNTCdY.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\eldSyWL.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\VBDzsRB.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\GIetXpA.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\qAmggHt.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\bQPQtjP.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\cDxcHdM.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\VavgkxU.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\illPZUs.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\CrRJIue.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\smieMBa.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\OdOmXPv.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\RFUpHHq.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\bSOMimm.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\GkFITGf.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\ZSszsoB.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\xZtWdsv.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\WBwrpwD.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\VfiEXMh.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\hKvEINv.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\MsNqAMK.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\RMJGGHE.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\BmzufFz.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\hRnlHPW.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\vWDHmDj.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\xUgoXTg.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\FvQbHlu.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\TCheBWG.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
File created	C:\Windows\System\OYacOyf.exe	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13532	dwm.exe
Token: SeChangeNotifyPrivilege	13532	dwm.exe
Token: 33	13532	dwm.exe
Token: SeIncBasePriorityPrivilege	13532	dwm.exe
Token: SeShutdownPrivilege	13532	dwm.exe
Token: SeCreatePagefilePrivilege	13532	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 2796	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	83
PID 4396 wrote to memory of 2796	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	83
PID 4396 wrote to memory of 804	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	84
PID 4396 wrote to memory of 804	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	84
PID 4396 wrote to memory of 3656	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	85
PID 4396 wrote to memory of 3656	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	85
PID 4396 wrote to memory of 3232	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	86
PID 4396 wrote to memory of 3232	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	86
PID 4396 wrote to memory of 3044	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	87
PID 4396 wrote to memory of 3044	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	87
PID 4396 wrote to memory of 4428	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	88
PID 4396 wrote to memory of 4428	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	88
PID 4396 wrote to memory of 3300	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	89
PID 4396 wrote to memory of 3300	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	89
PID 4396 wrote to memory of 4912	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	90
PID 4396 wrote to memory of 4912	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	90
PID 4396 wrote to memory of 1332	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	91
PID 4396 wrote to memory of 1332	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	91
PID 4396 wrote to memory of 1932	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	92
PID 4396 wrote to memory of 1932	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	92
PID 4396 wrote to memory of 1528	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	93
PID 4396 wrote to memory of 1528	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	93
PID 4396 wrote to memory of 3120	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	94
PID 4396 wrote to memory of 3120	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	94
PID 4396 wrote to memory of 696	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	95
PID 4396 wrote to memory of 696	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	95
PID 4396 wrote to memory of 1132	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	96
PID 4396 wrote to memory of 1132	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	96
PID 4396 wrote to memory of 3792	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	97
PID 4396 wrote to memory of 3792	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	97
PID 4396 wrote to memory of 3724	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	98
PID 4396 wrote to memory of 3724	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	98
PID 4396 wrote to memory of 1464	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	99
PID 4396 wrote to memory of 1464	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	99
PID 4396 wrote to memory of 2556	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	100
PID 4396 wrote to memory of 2556	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	100
PID 4396 wrote to memory of 2976	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	101
PID 4396 wrote to memory of 2976	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	101
PID 4396 wrote to memory of 2848	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	102
PID 4396 wrote to memory of 2848	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	102
PID 4396 wrote to memory of 2336	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	103
PID 4396 wrote to memory of 2336	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	103
PID 4396 wrote to memory of 3336	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	104
PID 4396 wrote to memory of 3336	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	104
PID 4396 wrote to memory of 3196	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	105
PID 4396 wrote to memory of 3196	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	105
PID 4396 wrote to memory of 4624	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	106
PID 4396 wrote to memory of 4624	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	106
PID 4396 wrote to memory of 4504	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	107
PID 4396 wrote to memory of 4504	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	107
PID 4396 wrote to memory of 4872	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	108
PID 4396 wrote to memory of 4872	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	108
PID 4396 wrote to memory of 4416	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	109
PID 4396 wrote to memory of 4416	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	109
PID 4396 wrote to memory of 3684	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	110
PID 4396 wrote to memory of 3684	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	110
PID 4396 wrote to memory of 2092	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	111
PID 4396 wrote to memory of 2092	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	111
PID 4396 wrote to memory of 2868	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	112
PID 4396 wrote to memory of 2868	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	112
PID 4396 wrote to memory of 5112	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	113
PID 4396 wrote to memory of 5112	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	113
PID 4396 wrote to memory of 3716	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	114
PID 4396 wrote to memory of 3716	4396	049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe	114

C:\Users\Admin\AppData\Local\Temp\049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe
"C:\Users\Admin\AppData\Local\Temp\049696b8946ea1ca474fa96c1f4e8d39eeb1ab72f5999d5ec04a17060d070eb2.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Windows\System\bNebJph.exe
  C:\Windows\System\bNebJph.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\ZSszsoB.exe
  C:\Windows\System\ZSszsoB.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\nazxETb.exe
  C:\Windows\System\nazxETb.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\tcsDeSZ.exe
  C:\Windows\System\tcsDeSZ.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\kCVaXwr.exe
  C:\Windows\System\kCVaXwr.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\OKmLuOm.exe
  C:\Windows\System\OKmLuOm.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\ltkETEj.exe
  C:\Windows\System\ltkETEj.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\CYUuPZD.exe
  C:\Windows\System\CYUuPZD.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\yJjbszY.exe
  C:\Windows\System\yJjbszY.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\tDioOOp.exe
  C:\Windows\System\tDioOOp.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\HQZKNhF.exe
  C:\Windows\System\HQZKNhF.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\xqBjKtX.exe
  C:\Windows\System\xqBjKtX.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\bQPQtjP.exe
  C:\Windows\System\bQPQtjP.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\DrqPXjS.exe
  C:\Windows\System\DrqPXjS.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\oLnBfqT.exe
  C:\Windows\System\oLnBfqT.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\dGQnbWG.exe
  C:\Windows\System\dGQnbWG.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\QLHbrQe.exe
  C:\Windows\System\QLHbrQe.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\MyUTwOi.exe
  C:\Windows\System\MyUTwOi.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\cZFrbis.exe
  C:\Windows\System\cZFrbis.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\iqCmFTy.exe
  C:\Windows\System\iqCmFTy.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\QjADYYH.exe
  C:\Windows\System\QjADYYH.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\buYKGwM.exe
  C:\Windows\System\buYKGwM.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\lMwkWRN.exe
  C:\Windows\System\lMwkWRN.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\pTajDSi.exe
  C:\Windows\System\pTajDSi.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\rMRSchu.exe
  C:\Windows\System\rMRSchu.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\RDQXPSJ.exe
  C:\Windows\System\RDQXPSJ.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\OZrOLTu.exe
  C:\Windows\System\OZrOLTu.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\BaISTvP.exe
  C:\Windows\System\BaISTvP.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\ewyJhxa.exe
  C:\Windows\System\ewyJhxa.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\VsdLeZJ.exe
  C:\Windows\System\VsdLeZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\BJkhEwW.exe
  C:\Windows\System\BJkhEwW.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\aSmaHqr.exe
  C:\Windows\System\aSmaHqr.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\ijyLLkH.exe
  C:\Windows\System\ijyLLkH.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\NzARnqv.exe
  C:\Windows\System\NzARnqv.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\Klmxvnx.exe
  C:\Windows\System\Klmxvnx.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\TGgpxAm.exe
  C:\Windows\System\TGgpxAm.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\jnBIXgL.exe
  C:\Windows\System\jnBIXgL.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\MXTlvTN.exe
  C:\Windows\System\MXTlvTN.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\GaUzHAN.exe
  C:\Windows\System\GaUzHAN.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\IHxJHdi.exe
  C:\Windows\System\IHxJHdi.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\oQeeQfm.exe
  C:\Windows\System\oQeeQfm.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\DufUpkz.exe
  C:\Windows\System\DufUpkz.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\tacfhSy.exe
  C:\Windows\System\tacfhSy.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\HyYPkaH.exe
  C:\Windows\System\HyYPkaH.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\DsBrolX.exe
  C:\Windows\System\DsBrolX.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\XJHZqGh.exe
  C:\Windows\System\XJHZqGh.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\urJucIw.exe
  C:\Windows\System\urJucIw.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\nYaFplE.exe
  C:\Windows\System\nYaFplE.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\ZIByNgT.exe
  C:\Windows\System\ZIByNgT.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\FcYunrV.exe
  C:\Windows\System\FcYunrV.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\JDNYMqB.exe
  C:\Windows\System\JDNYMqB.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\TQKFtPQ.exe
  C:\Windows\System\TQKFtPQ.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\DijtItc.exe
  C:\Windows\System\DijtItc.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\PeUMHWj.exe
  C:\Windows\System\PeUMHWj.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\xLDJIwP.exe
  C:\Windows\System\xLDJIwP.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\QcTfgJx.exe
  C:\Windows\System\QcTfgJx.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\RGKZnjT.exe
  C:\Windows\System\RGKZnjT.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\TfvDdlL.exe
  C:\Windows\System\TfvDdlL.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\sgUTKkG.exe
  C:\Windows\System\sgUTKkG.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\zdInAqi.exe
  C:\Windows\System\zdInAqi.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\KCcswik.exe
  C:\Windows\System\KCcswik.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\fAdIizF.exe
  C:\Windows\System\fAdIizF.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\BYZpqsq.exe
  C:\Windows\System\BYZpqsq.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\UADqBKB.exe
  C:\Windows\System\UADqBKB.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\VQfXPuR.exe
  C:\Windows\System\VQfXPuR.exe
  2⤵
  PID:4264
- C:\Windows\System\YEsgjER.exe
  C:\Windows\System\YEsgjER.exe
  2⤵
  PID:2292
- C:\Windows\System\RISSUGL.exe
  C:\Windows\System\RISSUGL.exe
  2⤵
  PID:3616
- C:\Windows\System\qLHLyNI.exe
  C:\Windows\System\qLHLyNI.exe
  2⤵
  PID:1120
- C:\Windows\System\yyhhLfB.exe
  C:\Windows\System\yyhhLfB.exe
  2⤵
  PID:312
- C:\Windows\System\OfrvmPY.exe
  C:\Windows\System\OfrvmPY.exe
  2⤵
  PID:3148
- C:\Windows\System\TKJGhym.exe
  C:\Windows\System\TKJGhym.exe
  2⤵
  PID:2576
- C:\Windows\System\fUNsCzC.exe
  C:\Windows\System\fUNsCzC.exe
  2⤵
  PID:3652
- C:\Windows\System\XWNasrO.exe
  C:\Windows\System\XWNasrO.exe
  2⤵
  PID:1484
- C:\Windows\System\aRtRejB.exe
  C:\Windows\System\aRtRejB.exe
  2⤵
  PID:3648
- C:\Windows\System\dyegdbt.exe
  C:\Windows\System\dyegdbt.exe
  2⤵
  PID:3668
- C:\Windows\System\cDxcHdM.exe
  C:\Windows\System\cDxcHdM.exe
  2⤵
  PID:3164
- C:\Windows\System\KrkvYfT.exe
  C:\Windows\System\KrkvYfT.exe
  2⤵
  PID:1868
- C:\Windows\System\owrBoiW.exe
  C:\Windows\System\owrBoiW.exe
  2⤵
  PID:1640
- C:\Windows\System\XrAJxFr.exe
  C:\Windows\System\XrAJxFr.exe
  2⤵
  PID:4180
- C:\Windows\System\okWkmBS.exe
  C:\Windows\System\okWkmBS.exe
  2⤵
  PID:3420
- C:\Windows\System\MfAIoOI.exe
  C:\Windows\System\MfAIoOI.exe
  2⤵
  PID:4560
- C:\Windows\System\rlermnS.exe
  C:\Windows\System\rlermnS.exe
  2⤵
  PID:4876
- C:\Windows\System\TagbTIP.exe
  C:\Windows\System\TagbTIP.exe
  2⤵
  PID:1796
- C:\Windows\System\yTPamIV.exe
  C:\Windows\System\yTPamIV.exe
  2⤵
  PID:2872
- C:\Windows\System\xiYexWB.exe
  C:\Windows\System\xiYexWB.exe
  2⤵
  PID:700
- C:\Windows\System\ljsgSlg.exe
  C:\Windows\System\ljsgSlg.exe
  2⤵
  PID:2844
- C:\Windows\System\Faegagc.exe
  C:\Windows\System\Faegagc.exe
  2⤵
  PID:4508
- C:\Windows\System\GrRotVE.exe
  C:\Windows\System\GrRotVE.exe
  2⤵
  PID:4332
- C:\Windows\System\amAYoDP.exe
  C:\Windows\System\amAYoDP.exe
  2⤵
  PID:2820
- C:\Windows\System\XKufSGL.exe
  C:\Windows\System\XKufSGL.exe
  2⤵
  PID:2880
- C:\Windows\System\txGyPPL.exe
  C:\Windows\System\txGyPPL.exe
  2⤵
  PID:1956
- C:\Windows\System\ycQOdZT.exe
  C:\Windows\System\ycQOdZT.exe
  2⤵
  PID:32
- C:\Windows\System\wFlyvqL.exe
  C:\Windows\System\wFlyvqL.exe
  2⤵
  PID:2600
- C:\Windows\System\VavgkxU.exe
  C:\Windows\System\VavgkxU.exe
  2⤵
  PID:1028
- C:\Windows\System\BFdtjXU.exe
  C:\Windows\System\BFdtjXU.exe
  2⤵
  PID:4468
- C:\Windows\System\wkINWJm.exe
  C:\Windows\System\wkINWJm.exe
  2⤵
  PID:1316
- C:\Windows\System\BdsbexU.exe
  C:\Windows\System\BdsbexU.exe
  2⤵
  PID:1540
- C:\Windows\System\GlugtCu.exe
  C:\Windows\System\GlugtCu.exe
  2⤵
  PID:3876
- C:\Windows\System\SjCnmqE.exe
  C:\Windows\System\SjCnmqE.exe
  2⤵
  PID:5132
- C:\Windows\System\RzQeuqL.exe
  C:\Windows\System\RzQeuqL.exe
  2⤵
  PID:5176
- C:\Windows\System\MsNqAMK.exe
  C:\Windows\System\MsNqAMK.exe
  2⤵
  PID:5200
- C:\Windows\System\dmlaUqp.exe
  C:\Windows\System\dmlaUqp.exe
  2⤵
  PID:5236
- C:\Windows\System\THooGfU.exe
  C:\Windows\System\THooGfU.exe
  2⤵
  PID:5256
- C:\Windows\System\WmECFfz.exe
  C:\Windows\System\WmECFfz.exe
  2⤵
  PID:5292
- C:\Windows\System\XhQojpA.exe
  C:\Windows\System\XhQojpA.exe
  2⤵
  PID:5328
- C:\Windows\System\kFmdWvo.exe
  C:\Windows\System\kFmdWvo.exe
  2⤵
  PID:5356
- C:\Windows\System\zagQaqX.exe
  C:\Windows\System\zagQaqX.exe
  2⤵
  PID:5392
- C:\Windows\System\RDfDYCI.exe
  C:\Windows\System\RDfDYCI.exe
  2⤵
  PID:5420
- C:\Windows\System\XTsAqSz.exe
  C:\Windows\System\XTsAqSz.exe
  2⤵
  PID:5452
- C:\Windows\System\LyXObWB.exe
  C:\Windows\System\LyXObWB.exe
  2⤵
  PID:5484
- C:\Windows\System\ZhjqwPy.exe
  C:\Windows\System\ZhjqwPy.exe
  2⤵
  PID:5516
- C:\Windows\System\KIniQik.exe
  C:\Windows\System\KIniQik.exe
  2⤵
  PID:5552
- C:\Windows\System\FSDsMmL.exe
  C:\Windows\System\FSDsMmL.exe
  2⤵
  PID:5572
- C:\Windows\System\uPUDYYB.exe
  C:\Windows\System\uPUDYYB.exe
  2⤵
  PID:5600
- C:\Windows\System\iLteesS.exe
  C:\Windows\System\iLteesS.exe
  2⤵
  PID:5640
- C:\Windows\System\QgklUsR.exe
  C:\Windows\System\QgklUsR.exe
  2⤵
  PID:5672
- C:\Windows\System\nLIZlla.exe
  C:\Windows\System\nLIZlla.exe
  2⤵
  PID:5704
- C:\Windows\System\htxGpKR.exe
  C:\Windows\System\htxGpKR.exe
  2⤵
  PID:5724
- C:\Windows\System\DFRUrlG.exe
  C:\Windows\System\DFRUrlG.exe
  2⤵
  PID:5760
- C:\Windows\System\enQlggX.exe
  C:\Windows\System\enQlggX.exe
  2⤵
  PID:5784
- C:\Windows\System\mAEaGas.exe
  C:\Windows\System\mAEaGas.exe
  2⤵
  PID:5800
- C:\Windows\System\xnlTZGW.exe
  C:\Windows\System\xnlTZGW.exe
  2⤵
  PID:5816
- C:\Windows\System\DmjnKHU.exe
  C:\Windows\System\DmjnKHU.exe
  2⤵
  PID:5832
- C:\Windows\System\rvAVZgW.exe
  C:\Windows\System\rvAVZgW.exe
  2⤵
  PID:5856
- C:\Windows\System\illPZUs.exe
  C:\Windows\System\illPZUs.exe
  2⤵
  PID:5880
- C:\Windows\System\dGCXTxE.exe
  C:\Windows\System\dGCXTxE.exe
  2⤵
  PID:5916
- C:\Windows\System\dCDKiOa.exe
  C:\Windows\System\dCDKiOa.exe
  2⤵
  PID:5936
- C:\Windows\System\KrNgxnS.exe
  C:\Windows\System\KrNgxnS.exe
  2⤵
  PID:5964
- C:\Windows\System\xxmcIHk.exe
  C:\Windows\System\xxmcIHk.exe
  2⤵
  PID:6016
- C:\Windows\System\XZxtLgv.exe
  C:\Windows\System\XZxtLgv.exe
  2⤵
  PID:6060
- C:\Windows\System\BBgxBaN.exe
  C:\Windows\System\BBgxBaN.exe
  2⤵
  PID:6096
- C:\Windows\System\gSYBdvf.exe
  C:\Windows\System\gSYBdvf.exe
  2⤵
  PID:6128
- C:\Windows\System\kpJPBpR.exe
  C:\Windows\System\kpJPBpR.exe
  2⤵
  PID:5160
- C:\Windows\System\cgVoWGb.exe
  C:\Windows\System\cgVoWGb.exe
  2⤵
  PID:5220
- C:\Windows\System\CrRJIue.exe
  C:\Windows\System\CrRJIue.exe
  2⤵
  PID:5280
- C:\Windows\System\CCGqsBe.exe
  C:\Windows\System\CCGqsBe.exe
  2⤵
  PID:5384
- C:\Windows\System\FnWbOzc.exe
  C:\Windows\System\FnWbOzc.exe
  2⤵
  PID:5460
- C:\Windows\System\KJIyHpA.exe
  C:\Windows\System\KJIyHpA.exe
  2⤵
  PID:5532
- C:\Windows\System\rUCRfBH.exe
  C:\Windows\System\rUCRfBH.exe
  2⤵
  PID:5564
- C:\Windows\System\EtvKDLd.exe
  C:\Windows\System\EtvKDLd.exe
  2⤵
  PID:5628
- C:\Windows\System\vaKKhsy.exe
  C:\Windows\System\vaKKhsy.exe
  2⤵
  PID:5692
- C:\Windows\System\rpTZlPq.exe
  C:\Windows\System\rpTZlPq.exe
  2⤵
  PID:5748
- C:\Windows\System\usDCzqf.exe
  C:\Windows\System\usDCzqf.exe
  2⤵
  PID:5872
- C:\Windows\System\zIvGRws.exe
  C:\Windows\System\zIvGRws.exe
  2⤵
  PID:5904
- C:\Windows\System\ZPLrNXJ.exe
  C:\Windows\System\ZPLrNXJ.exe
  2⤵
  PID:5948
- C:\Windows\System\KzYuFQd.exe
  C:\Windows\System\KzYuFQd.exe
  2⤵
  PID:6048
- C:\Windows\System\eGSzNrc.exe
  C:\Windows\System\eGSzNrc.exe
  2⤵
  PID:6120
- C:\Windows\System\IlVHbZI.exe
  C:\Windows\System\IlVHbZI.exe
  2⤵
  PID:5284
- C:\Windows\System\xpOaodk.exe
  C:\Windows\System\xpOaodk.exe
  2⤵
  PID:5436
- C:\Windows\System\flfqdpR.exe
  C:\Windows\System\flfqdpR.exe
  2⤵
  PID:5636
- C:\Windows\System\XxSisui.exe
  C:\Windows\System\XxSisui.exe
  2⤵
  PID:5444
- C:\Windows\System\pmccZAV.exe
  C:\Windows\System\pmccZAV.exe
  2⤵
  PID:5928
- C:\Windows\System\WpNHDgl.exe
  C:\Windows\System\WpNHDgl.exe
  2⤵
  PID:5992
- C:\Windows\System\ZMgbfaT.exe
  C:\Windows\System\ZMgbfaT.exe
  2⤵
  PID:5340
- C:\Windows\System\gsiaEHS.exe
  C:\Windows\System\gsiaEHS.exe
  2⤵
  PID:5680
- C:\Windows\System\wrDPpwj.exe
  C:\Windows\System\wrDPpwj.exe
  2⤵
  PID:6112
- C:\Windows\System\pMECWIC.exe
  C:\Windows\System\pMECWIC.exe
  2⤵
  PID:5780
- C:\Windows\System\OIPSVwY.exe
  C:\Windows\System\OIPSVwY.exe
  2⤵
  PID:5888
- C:\Windows\System\Jyjscpe.exe
  C:\Windows\System\Jyjscpe.exe
  2⤵
  PID:6172
- C:\Windows\System\iYanfEY.exe
  C:\Windows\System\iYanfEY.exe
  2⤵
  PID:6192
- C:\Windows\System\VkQVoAa.exe
  C:\Windows\System\VkQVoAa.exe
  2⤵
  PID:6208
- C:\Windows\System\zRUHnnv.exe
  C:\Windows\System\zRUHnnv.exe
  2⤵
  PID:6248
- C:\Windows\System\EreBZKR.exe
  C:\Windows\System\EreBZKR.exe
  2⤵
  PID:6276
- C:\Windows\System\ndDoCbI.exe
  C:\Windows\System\ndDoCbI.exe
  2⤵
  PID:6304
- C:\Windows\System\RMdIaaP.exe
  C:\Windows\System\RMdIaaP.exe
  2⤵
  PID:6340
- C:\Windows\System\XWEIeBx.exe
  C:\Windows\System\XWEIeBx.exe
  2⤵
  PID:6360
- C:\Windows\System\otXyfhw.exe
  C:\Windows\System\otXyfhw.exe
  2⤵
  PID:6380
- C:\Windows\System\vvXipla.exe
  C:\Windows\System\vvXipla.exe
  2⤵
  PID:6404
- C:\Windows\System\fuzMNtS.exe
  C:\Windows\System\fuzMNtS.exe
  2⤵
  PID:6444
- C:\Windows\System\IuUtPvD.exe
  C:\Windows\System\IuUtPvD.exe
  2⤵
  PID:6472
- C:\Windows\System\xsZZcvJ.exe
  C:\Windows\System\xsZZcvJ.exe
  2⤵
  PID:6500
- C:\Windows\System\PxhZDyh.exe
  C:\Windows\System\PxhZDyh.exe
  2⤵
  PID:6532
- C:\Windows\System\ykYlVjw.exe
  C:\Windows\System\ykYlVjw.exe
  2⤵
  PID:6556
- C:\Windows\System\MclBiMW.exe
  C:\Windows\System\MclBiMW.exe
  2⤵
  PID:6584
- C:\Windows\System\xUgoXTg.exe
  C:\Windows\System\xUgoXTg.exe
  2⤵
  PID:6612
- C:\Windows\System\YiNLIUH.exe
  C:\Windows\System\YiNLIUH.exe
  2⤵
  PID:6640
- C:\Windows\System\uFjrSya.exe
  C:\Windows\System\uFjrSya.exe
  2⤵
  PID:6668
- C:\Windows\System\CgUQxiX.exe
  C:\Windows\System\CgUQxiX.exe
  2⤵
  PID:6704
- C:\Windows\System\CmxHarm.exe
  C:\Windows\System\CmxHarm.exe
  2⤵
  PID:6724
- C:\Windows\System\uzMjOPG.exe
  C:\Windows\System\uzMjOPG.exe
  2⤵
  PID:6756
- C:\Windows\System\vPpkRLr.exe
  C:\Windows\System\vPpkRLr.exe
  2⤵
  PID:6776
- C:\Windows\System\INlRWtD.exe
  C:\Windows\System\INlRWtD.exe
  2⤵
  PID:6796
- C:\Windows\System\bgAFhIw.exe
  C:\Windows\System\bgAFhIw.exe
  2⤵
  PID:6856
- C:\Windows\System\PhtbqUD.exe
  C:\Windows\System\PhtbqUD.exe
  2⤵
  PID:6876
- C:\Windows\System\NjAQRZx.exe
  C:\Windows\System\NjAQRZx.exe
  2⤵
  PID:6904
- C:\Windows\System\SHrTWAe.exe
  C:\Windows\System\SHrTWAe.exe
  2⤵
  PID:6932
- C:\Windows\System\dujfDdY.exe
  C:\Windows\System\dujfDdY.exe
  2⤵
  PID:6960
- C:\Windows\System\nWaBRxS.exe
  C:\Windows\System\nWaBRxS.exe
  2⤵
  PID:6992
- C:\Windows\System\hgTZiKi.exe
  C:\Windows\System\hgTZiKi.exe
  2⤵
  PID:7016
- C:\Windows\System\lxJYoFX.exe
  C:\Windows\System\lxJYoFX.exe
  2⤵
  PID:7048
- C:\Windows\System\qJqhxwC.exe
  C:\Windows\System\qJqhxwC.exe
  2⤵
  PID:7072
- C:\Windows\System\QsQiOlk.exe
  C:\Windows\System\QsQiOlk.exe
  2⤵
  PID:7100
- C:\Windows\System\hWcXMSs.exe
  C:\Windows\System\hWcXMSs.exe
  2⤵
  PID:7128
- C:\Windows\System\NZhOtBP.exe
  C:\Windows\System\NZhOtBP.exe
  2⤵
  PID:7156
- C:\Windows\System\ZsilXeZ.exe
  C:\Windows\System\ZsilXeZ.exe
  2⤵
  PID:6184
- C:\Windows\System\XSwYyTa.exe
  C:\Windows\System\XSwYyTa.exe
  2⤵
  PID:6272
- C:\Windows\System\sSNZXJT.exe
  C:\Windows\System\sSNZXJT.exe
  2⤵
  PID:6324
- C:\Windows\System\eXyjUXl.exe
  C:\Windows\System\eXyjUXl.exe
  2⤵
  PID:6368
- C:\Windows\System\SZPupJR.exe
  C:\Windows\System\SZPupJR.exe
  2⤵
  PID:6432
- C:\Windows\System\RTXguYA.exe
  C:\Windows\System\RTXguYA.exe
  2⤵
  PID:6488
- C:\Windows\System\HhwdkFC.exe
  C:\Windows\System\HhwdkFC.exe
  2⤵
  PID:6568
- C:\Windows\System\GIjOyvc.exe
  C:\Windows\System\GIjOyvc.exe
  2⤵
  PID:6624
- C:\Windows\System\YYHhBUP.exe
  C:\Windows\System\YYHhBUP.exe
  2⤵
  PID:6688
- C:\Windows\System\xMzaukm.exe
  C:\Windows\System\xMzaukm.exe
  2⤵
  PID:6736
- C:\Windows\System\ozTojJT.exe
  C:\Windows\System\ozTojJT.exe
  2⤵
  PID:6784
- C:\Windows\System\nrwCAmn.exe
  C:\Windows\System\nrwCAmn.exe
  2⤵
  PID:6804
- C:\Windows\System\OJhYQOn.exe
  C:\Windows\System\OJhYQOn.exe
  2⤵
  PID:6924
- C:\Windows\System\pcxrKgU.exe
  C:\Windows\System\pcxrKgU.exe
  2⤵
  PID:6972
- C:\Windows\System\CFnvtLn.exe
  C:\Windows\System\CFnvtLn.exe
  2⤵
  PID:7064
- C:\Windows\System\PPbsMaG.exe
  C:\Windows\System\PPbsMaG.exe
  2⤵
  PID:7116
- C:\Windows\System\jwAyTiG.exe
  C:\Windows\System\jwAyTiG.exe
  2⤵
  PID:6268
- C:\Windows\System\uXWhWnb.exe
  C:\Windows\System\uXWhWnb.exe
  2⤵
  PID:3188
- C:\Windows\System\MKTlQRG.exe
  C:\Windows\System\MKTlQRG.exe
  2⤵
  PID:6552
- C:\Windows\System\HTHPffB.exe
  C:\Windows\System\HTHPffB.exe
  2⤵
  PID:6712
- C:\Windows\System\RMJGGHE.exe
  C:\Windows\System\RMJGGHE.exe
  2⤵
  PID:6956
- C:\Windows\System\UsTgVME.exe
  C:\Windows\System\UsTgVME.exe
  2⤵
  PID:7112
- C:\Windows\System\rAUQRsy.exe
  C:\Windows\System\rAUQRsy.exe
  2⤵
  PID:6744
- C:\Windows\System\RoimJek.exe
  C:\Windows\System\RoimJek.exe
  2⤵
  PID:6040
- C:\Windows\System\xZtWdsv.exe
  C:\Windows\System\xZtWdsv.exe
  2⤵
  PID:6888
- C:\Windows\System\ASsRdrn.exe
  C:\Windows\System\ASsRdrn.exe
  2⤵
  PID:6292
- C:\Windows\System\JKQbiOQ.exe
  C:\Windows\System\JKQbiOQ.exe
  2⤵
  PID:6516
- C:\Windows\System\UEJClpL.exe
  C:\Windows\System\UEJClpL.exe
  2⤵
  PID:7196
- C:\Windows\System\rvgQFug.exe
  C:\Windows\System\rvgQFug.exe
  2⤵
  PID:7228
- C:\Windows\System\THBRNcD.exe
  C:\Windows\System\THBRNcD.exe
  2⤵
  PID:7252
- C:\Windows\System\CLeBKjH.exe
  C:\Windows\System\CLeBKjH.exe
  2⤵
  PID:7280
- C:\Windows\System\KcGuosL.exe
  C:\Windows\System\KcGuosL.exe
  2⤵
  PID:7304
- C:\Windows\System\NBfmOKt.exe
  C:\Windows\System\NBfmOKt.exe
  2⤵
  PID:7336
- C:\Windows\System\rvHMNCl.exe
  C:\Windows\System\rvHMNCl.exe
  2⤵
  PID:7356
- C:\Windows\System\ZXdWlfi.exe
  C:\Windows\System\ZXdWlfi.exe
  2⤵
  PID:7384
- C:\Windows\System\WuuXWGa.exe
  C:\Windows\System\WuuXWGa.exe
  2⤵
  PID:7412
- C:\Windows\System\LAASIFb.exe
  C:\Windows\System\LAASIFb.exe
  2⤵
  PID:7448
- C:\Windows\System\IUihyhI.exe
  C:\Windows\System\IUihyhI.exe
  2⤵
  PID:7468
- C:\Windows\System\lpdtWJh.exe
  C:\Windows\System\lpdtWJh.exe
  2⤵
  PID:7492
- C:\Windows\System\jqUZyYp.exe
  C:\Windows\System\jqUZyYp.exe
  2⤵
  PID:7520
- C:\Windows\System\ZKpxrwq.exe
  C:\Windows\System\ZKpxrwq.exe
  2⤵
  PID:7544
- C:\Windows\System\bcokOUH.exe
  C:\Windows\System\bcokOUH.exe
  2⤵
  PID:7580
- C:\Windows\System\QZXlGAc.exe
  C:\Windows\System\QZXlGAc.exe
  2⤵
  PID:7604
- C:\Windows\System\OvWpBpu.exe
  C:\Windows\System\OvWpBpu.exe
  2⤵
  PID:7624
- C:\Windows\System\ubmTpTW.exe
  C:\Windows\System\ubmTpTW.exe
  2⤵
  PID:7660
- C:\Windows\System\uqKcZOc.exe
  C:\Windows\System\uqKcZOc.exe
  2⤵
  PID:7688
- C:\Windows\System\lRMZQNS.exe
  C:\Windows\System\lRMZQNS.exe
  2⤵
  PID:7716
- C:\Windows\System\FIYMjZz.exe
  C:\Windows\System\FIYMjZz.exe
  2⤵
  PID:7748
- C:\Windows\System\dzGlrXs.exe
  C:\Windows\System\dzGlrXs.exe
  2⤵
  PID:7784
- C:\Windows\System\FMSqXZP.exe
  C:\Windows\System\FMSqXZP.exe
  2⤵
  PID:7808
- C:\Windows\System\VGybZUW.exe
  C:\Windows\System\VGybZUW.exe
  2⤵
  PID:7836
- C:\Windows\System\waiWGbS.exe
  C:\Windows\System\waiWGbS.exe
  2⤵
  PID:7864
- C:\Windows\System\YgxDTiL.exe
  C:\Windows\System\YgxDTiL.exe
  2⤵
  PID:7892
- C:\Windows\System\XmyhNNd.exe
  C:\Windows\System\XmyhNNd.exe
  2⤵
  PID:7916
- C:\Windows\System\BOuvXen.exe
  C:\Windows\System\BOuvXen.exe
  2⤵
  PID:7944
- C:\Windows\System\GINWEDl.exe
  C:\Windows\System\GINWEDl.exe
  2⤵
  PID:7980
- C:\Windows\System\eVmSKlv.exe
  C:\Windows\System\eVmSKlv.exe
  2⤵
  PID:8012
- C:\Windows\System\Vuerkhb.exe
  C:\Windows\System\Vuerkhb.exe
  2⤵
  PID:8040
- C:\Windows\System\WBwrpwD.exe
  C:\Windows\System\WBwrpwD.exe
  2⤵
  PID:8068
- C:\Windows\System\ykCjzkm.exe
  C:\Windows\System\ykCjzkm.exe
  2⤵
  PID:8100
- C:\Windows\System\xUAinQj.exe
  C:\Windows\System\xUAinQj.exe
  2⤵
  PID:8128
- C:\Windows\System\MNKQMzt.exe
  C:\Windows\System\MNKQMzt.exe
  2⤵
  PID:8152
- C:\Windows\System\nwDkPTY.exe
  C:\Windows\System\nwDkPTY.exe
  2⤵
  PID:8168
- C:\Windows\System\yrxOzLu.exe
  C:\Windows\System\yrxOzLu.exe
  2⤵
  PID:6664
- C:\Windows\System\MGBEaaM.exe
  C:\Windows\System\MGBEaaM.exe
  2⤵
  PID:7248
- C:\Windows\System\fPlRHiB.exe
  C:\Windows\System\fPlRHiB.exe
  2⤵
  PID:7324
- C:\Windows\System\ceNTCdY.exe
  C:\Windows\System\ceNTCdY.exe
  2⤵
  PID:7352
- C:\Windows\System\OxdIuMw.exe
  C:\Windows\System\OxdIuMw.exe
  2⤵
  PID:7432
- C:\Windows\System\jwvRNrV.exe
  C:\Windows\System\jwvRNrV.exe
  2⤵
  PID:7508
- C:\Windows\System\PytCZkZ.exe
  C:\Windows\System\PytCZkZ.exe
  2⤵
  PID:7588
- C:\Windows\System\rsRJIJJ.exe
  C:\Windows\System\rsRJIJJ.exe
  2⤵
  PID:7612
- C:\Windows\System\ptayNuG.exe
  C:\Windows\System\ptayNuG.exe
  2⤵
  PID:7704
- C:\Windows\System\syUhhPt.exe
  C:\Windows\System\syUhhPt.exe
  2⤵
  PID:7772
- C:\Windows\System\THecwPH.exe
  C:\Windows\System\THecwPH.exe
  2⤵
  PID:7820
- C:\Windows\System\TiVeyPt.exe
  C:\Windows\System\TiVeyPt.exe
  2⤵
  PID:7876
- C:\Windows\System\UaPZWxH.exe
  C:\Windows\System\UaPZWxH.exe
  2⤵
  PID:7964
- C:\Windows\System\ciQIctQ.exe
  C:\Windows\System\ciQIctQ.exe
  2⤵
  PID:7996
- C:\Windows\System\nuiLvFW.exe
  C:\Windows\System\nuiLvFW.exe
  2⤵
  PID:8092
- C:\Windows\System\RuehLBV.exe
  C:\Windows\System\RuehLBV.exe
  2⤵
  PID:8160
- C:\Windows\System\capbFdJ.exe
  C:\Windows\System\capbFdJ.exe
  2⤵
  PID:7296
- C:\Windows\System\wkvRbyD.exe
  C:\Windows\System\wkvRbyD.exe
  2⤵
  PID:7420
- C:\Windows\System\CqOVJNW.exe
  C:\Windows\System\CqOVJNW.exe
  2⤵
  PID:7480
- C:\Windows\System\WGUfcVK.exe
  C:\Windows\System\WGUfcVK.exe
  2⤵
  PID:7596
- C:\Windows\System\kaKhhAG.exe
  C:\Windows\System\kaKhhAG.exe
  2⤵
  PID:7828
- C:\Windows\System\BkpPTGb.exe
  C:\Windows\System\BkpPTGb.exe
  2⤵
  PID:7976
- C:\Windows\System\SgnbzBx.exe
  C:\Windows\System\SgnbzBx.exe
  2⤵
  PID:8136
- C:\Windows\System\hHieCWk.exe
  C:\Windows\System\hHieCWk.exe
  2⤵
  PID:7208
- C:\Windows\System\gHYRDzY.exe
  C:\Windows\System\gHYRDzY.exe
  2⤵
  PID:7712
- C:\Windows\System\uKJtseb.exe
  C:\Windows\System\uKJtseb.exe
  2⤵
  PID:8060
- C:\Windows\System\cODOkAw.exe
  C:\Windows\System\cODOkAw.exe
  2⤵
  PID:7188
- C:\Windows\System\BmzufFz.exe
  C:\Windows\System\BmzufFz.exe
  2⤵
  PID:8196
- C:\Windows\System\nLVHUBC.exe
  C:\Windows\System\nLVHUBC.exe
  2⤵
  PID:8220
- C:\Windows\System\ytnBIua.exe
  C:\Windows\System\ytnBIua.exe
  2⤵
  PID:8240
- C:\Windows\System\zNYCwVp.exe
  C:\Windows\System\zNYCwVp.exe
  2⤵
  PID:8264
- C:\Windows\System\sfqeqAp.exe
  C:\Windows\System\sfqeqAp.exe
  2⤵
  PID:8296
- C:\Windows\System\lKJYlGo.exe
  C:\Windows\System\lKJYlGo.exe
  2⤵
  PID:8328
- C:\Windows\System\lzzDcfG.exe
  C:\Windows\System\lzzDcfG.exe
  2⤵
  PID:8360
- C:\Windows\System\smieMBa.exe
  C:\Windows\System\smieMBa.exe
  2⤵
  PID:8388
- C:\Windows\System\YoNsRKo.exe
  C:\Windows\System\YoNsRKo.exe
  2⤵
  PID:8420
- C:\Windows\System\SYSlNRn.exe
  C:\Windows\System\SYSlNRn.exe
  2⤵
  PID:8452
- C:\Windows\System\rfDkAwP.exe
  C:\Windows\System\rfDkAwP.exe
  2⤵
  PID:8476
- C:\Windows\System\YKCZQFH.exe
  C:\Windows\System\YKCZQFH.exe
  2⤵
  PID:8500
- C:\Windows\System\PHtIWjv.exe
  C:\Windows\System\PHtIWjv.exe
  2⤵
  PID:8524
- C:\Windows\System\OhXJqZY.exe
  C:\Windows\System\OhXJqZY.exe
  2⤵
  PID:8564
- C:\Windows\System\ANWBzKN.exe
  C:\Windows\System\ANWBzKN.exe
  2⤵
  PID:8580
- C:\Windows\System\HDKsbpc.exe
  C:\Windows\System\HDKsbpc.exe
  2⤵
  PID:8616
- C:\Windows\System\FUzorCK.exe
  C:\Windows\System\FUzorCK.exe
  2⤵
  PID:8636
- C:\Windows\System\OyETrBC.exe
  C:\Windows\System\OyETrBC.exe
  2⤵
  PID:8664
- C:\Windows\System\EHjMHxY.exe
  C:\Windows\System\EHjMHxY.exe
  2⤵
  PID:8680
- C:\Windows\System\TWcVUpr.exe
  C:\Windows\System\TWcVUpr.exe
  2⤵
  PID:8720
- C:\Windows\System\EVEjgqK.exe
  C:\Windows\System\EVEjgqK.exe
  2⤵
  PID:8760
- C:\Windows\System\YipULYp.exe
  C:\Windows\System\YipULYp.exe
  2⤵
  PID:8788
- C:\Windows\System\zjuVFzs.exe
  C:\Windows\System\zjuVFzs.exe
  2⤵
  PID:8816
- C:\Windows\System\RlKTTmc.exe
  C:\Windows\System\RlKTTmc.exe
  2⤵
  PID:8844
- C:\Windows\System\jvYdqnv.exe
  C:\Windows\System\jvYdqnv.exe
  2⤵
  PID:8860
- C:\Windows\System\SraxVPZ.exe
  C:\Windows\System\SraxVPZ.exe
  2⤵
  PID:8896
- C:\Windows\System\KsVHMLt.exe
  C:\Windows\System\KsVHMLt.exe
  2⤵
  PID:8936
- C:\Windows\System\PNUmpiJ.exe
  C:\Windows\System\PNUmpiJ.exe
  2⤵
  PID:8956
- C:\Windows\System\uaXEoZU.exe
  C:\Windows\System\uaXEoZU.exe
  2⤵
  PID:8972
- C:\Windows\System\hRnlHPW.exe
  C:\Windows\System\hRnlHPW.exe
  2⤵
  PID:9012
- C:\Windows\System\WXGtZxk.exe
  C:\Windows\System\WXGtZxk.exe
  2⤵
  PID:9040
- C:\Windows\System\wjEWXjX.exe
  C:\Windows\System\wjEWXjX.exe
  2⤵
  PID:9068
- C:\Windows\System\ngiJgcN.exe
  C:\Windows\System\ngiJgcN.exe
  2⤵
  PID:9096
- C:\Windows\System\TJNjGxu.exe
  C:\Windows\System\TJNjGxu.exe
  2⤵
  PID:9124
- C:\Windows\System\kJkxIvP.exe
  C:\Windows\System\kJkxIvP.exe
  2⤵
  PID:9144
- C:\Windows\System\sEpBkun.exe
  C:\Windows\System\sEpBkun.exe
  2⤵
  PID:9168
- C:\Windows\System\CKkixsg.exe
  C:\Windows\System\CKkixsg.exe
  2⤵
  PID:9196
- C:\Windows\System\CsCqnxi.exe
  C:\Windows\System\CsCqnxi.exe
  2⤵
  PID:7816
- C:\Windows\System\ifXbHEE.exe
  C:\Windows\System\ifXbHEE.exe
  2⤵
  PID:8292
- C:\Windows\System\FQpTbDk.exe
  C:\Windows\System\FQpTbDk.exe
  2⤵
  PID:8348
- C:\Windows\System\mZOUrCu.exe
  C:\Windows\System\mZOUrCu.exe
  2⤵
  PID:8408
- C:\Windows\System\OdOmXPv.exe
  C:\Windows\System\OdOmXPv.exe
  2⤵
  PID:8468
- C:\Windows\System\FANOErU.exe
  C:\Windows\System\FANOErU.exe
  2⤵
  PID:8512
- C:\Windows\System\lkazdQs.exe
  C:\Windows\System\lkazdQs.exe
  2⤵
  PID:8632
- C:\Windows\System\pXgXwJM.exe
  C:\Windows\System\pXgXwJM.exe
  2⤵
  PID:8672
- C:\Windows\System\eldSyWL.exe
  C:\Windows\System\eldSyWL.exe
  2⤵
  PID:8736
- C:\Windows\System\HbxBmAJ.exe
  C:\Windows\System\HbxBmAJ.exe
  2⤵
  PID:8804
- C:\Windows\System\fCPwppZ.exe
  C:\Windows\System\fCPwppZ.exe
  2⤵
  PID:8832
- C:\Windows\System\iBmkyea.exe
  C:\Windows\System\iBmkyea.exe
  2⤵
  PID:8872
- C:\Windows\System\CtNmkCQ.exe
  C:\Windows\System\CtNmkCQ.exe
  2⤵
  PID:8964
- C:\Windows\System\npOiLmw.exe
  C:\Windows\System\npOiLmw.exe
  2⤵
  PID:9028
- C:\Windows\System\PGEgKWG.exe
  C:\Windows\System\PGEgKWG.exe
  2⤵
  PID:9080
- C:\Windows\System\BNjgxKn.exe
  C:\Windows\System\BNjgxKn.exe
  2⤵
  PID:9152
- C:\Windows\System\kIssHla.exe
  C:\Windows\System\kIssHla.exe
  2⤵
  PID:8228
- C:\Windows\System\wEJsjWT.exe
  C:\Windows\System\wEJsjWT.exe
  2⤵
  PID:8436
- C:\Windows\System\GJnbPBt.exe
  C:\Windows\System\GJnbPBt.exe
  2⤵
  PID:8596
- C:\Windows\System\QAJlWmc.exe
  C:\Windows\System\QAJlWmc.exe
  2⤵
  PID:8772
- C:\Windows\System\ySGYOIj.exe
  C:\Windows\System\ySGYOIj.exe
  2⤵
  PID:8908
- C:\Windows\System\JBESAUC.exe
  C:\Windows\System\JBESAUC.exe
  2⤵
  PID:8984
- C:\Windows\System\DeOalTQ.exe
  C:\Windows\System\DeOalTQ.exe
  2⤵
  PID:9112
- C:\Windows\System\pgRizbN.exe
  C:\Windows\System\pgRizbN.exe
  2⤵
  PID:8308
- C:\Windows\System\LxisLhi.exe
  C:\Windows\System\LxisLhi.exe
  2⤵
  PID:8656
- C:\Windows\System\axNwVoN.exe
  C:\Windows\System\axNwVoN.exe
  2⤵
  PID:9060
- C:\Windows\System\aTlXKnk.exe
  C:\Windows\System\aTlXKnk.exe
  2⤵
  PID:8776
- C:\Windows\System\XhvKNdN.exe
  C:\Windows\System\XhvKNdN.exe
  2⤵
  PID:9228
- C:\Windows\System\rkLHScO.exe
  C:\Windows\System\rkLHScO.exe
  2⤵
  PID:9264
- C:\Windows\System\ibEYbcZ.exe
  C:\Windows\System\ibEYbcZ.exe
  2⤵
  PID:9288
- C:\Windows\System\KtCAgmE.exe
  C:\Windows\System\KtCAgmE.exe
  2⤵
  PID:9324
- C:\Windows\System\LENJurb.exe
  C:\Windows\System\LENJurb.exe
  2⤵
  PID:9340
- C:\Windows\System\aiElbJg.exe
  C:\Windows\System\aiElbJg.exe
  2⤵
  PID:9368
- C:\Windows\System\FvQbHlu.exe
  C:\Windows\System\FvQbHlu.exe
  2⤵
  PID:9392
- C:\Windows\System\iKfxZNT.exe
  C:\Windows\System\iKfxZNT.exe
  2⤵
  PID:9424
- C:\Windows\System\KciFOFf.exe
  C:\Windows\System\KciFOFf.exe
  2⤵
  PID:9448
- C:\Windows\System\bJwsbAT.exe
  C:\Windows\System\bJwsbAT.exe
  2⤵
  PID:9476
- C:\Windows\System\TrYnfNq.exe
  C:\Windows\System\TrYnfNq.exe
  2⤵
  PID:9504
- C:\Windows\System\mQtbedN.exe
  C:\Windows\System\mQtbedN.exe
  2⤵
  PID:9532
- C:\Windows\System\jfzQJXu.exe
  C:\Windows\System\jfzQJXu.exe
  2⤵
  PID:9552
- C:\Windows\System\vOOpInG.exe
  C:\Windows\System\vOOpInG.exe
  2⤵
  PID:9572
- C:\Windows\System\nkTNBQn.exe
  C:\Windows\System\nkTNBQn.exe
  2⤵
  PID:9612
- C:\Windows\System\RThKQwy.exe
  C:\Windows\System\RThKQwy.exe
  2⤵
  PID:9636
- C:\Windows\System\BpTgWdi.exe
  C:\Windows\System\BpTgWdi.exe
  2⤵
  PID:9652
- C:\Windows\System\vFpqgzn.exe
  C:\Windows\System\vFpqgzn.exe
  2⤵
  PID:9680
- C:\Windows\System\wcNzven.exe
  C:\Windows\System\wcNzven.exe
  2⤵
  PID:9708
- C:\Windows\System\fEKJzot.exe
  C:\Windows\System\fEKJzot.exe
  2⤵
  PID:9736
- C:\Windows\System\demgjbq.exe
  C:\Windows\System\demgjbq.exe
  2⤵
  PID:9764
- C:\Windows\System\VfiEXMh.exe
  C:\Windows\System\VfiEXMh.exe
  2⤵
  PID:9796
- C:\Windows\System\hKjSpIu.exe
  C:\Windows\System\hKjSpIu.exe
  2⤵
  PID:9820
- C:\Windows\System\OHAijRR.exe
  C:\Windows\System\OHAijRR.exe
  2⤵
  PID:9844
- C:\Windows\System\YipXlGC.exe
  C:\Windows\System\YipXlGC.exe
  2⤵
  PID:9872
- C:\Windows\System\clrWryk.exe
  C:\Windows\System\clrWryk.exe
  2⤵
  PID:9892
- C:\Windows\System\RRGpvCA.exe
  C:\Windows\System\RRGpvCA.exe
  2⤵
  PID:9924
- C:\Windows\System\ZTBbDQj.exe
  C:\Windows\System\ZTBbDQj.exe
  2⤵
  PID:9956
- C:\Windows\System\jPFXMkq.exe
  C:\Windows\System\jPFXMkq.exe
  2⤵
  PID:9984
- C:\Windows\System\TwGPMTh.exe
  C:\Windows\System\TwGPMTh.exe
  2⤵
  PID:10008
- C:\Windows\System\WHioGZG.exe
  C:\Windows\System\WHioGZG.exe
  2⤵
  PID:10028
- C:\Windows\System\IoZGccM.exe
  C:\Windows\System\IoZGccM.exe
  2⤵
  PID:10064
- C:\Windows\System\frrKRIa.exe
  C:\Windows\System\frrKRIa.exe
  2⤵
  PID:10096
- C:\Windows\System\ilaRwxB.exe
  C:\Windows\System\ilaRwxB.exe
  2⤵
  PID:10128
- C:\Windows\System\tlmBloo.exe
  C:\Windows\System\tlmBloo.exe
  2⤵
  PID:10168
- C:\Windows\System\SVMyVOQ.exe
  C:\Windows\System\SVMyVOQ.exe
  2⤵
  PID:10184
- C:\Windows\System\lpEhaKs.exe
  C:\Windows\System\lpEhaKs.exe
  2⤵
  PID:10216
- C:\Windows\System\JIaKAkx.exe
  C:\Windows\System\JIaKAkx.exe
  2⤵
  PID:7924
- C:\Windows\System\LmeRMez.exe
  C:\Windows\System\LmeRMez.exe
  2⤵
  PID:9272
- C:\Windows\System\vWDHmDj.exe
  C:\Windows\System\vWDHmDj.exe
  2⤵
  PID:9352
- C:\Windows\System\EuahBTj.exe
  C:\Windows\System\EuahBTj.exe
  2⤵
  PID:9408
- C:\Windows\System\cJNyfwF.exe
  C:\Windows\System\cJNyfwF.exe
  2⤵
  PID:9500
- C:\Windows\System\hApAnmY.exe
  C:\Windows\System\hApAnmY.exe
  2⤵
  PID:9520
- C:\Windows\System\FpsrXRM.exe
  C:\Windows\System\FpsrXRM.exe
  2⤵
  PID:9592
- C:\Windows\System\DHZiLje.exe
  C:\Windows\System\DHZiLje.exe
  2⤵
  PID:9648
- C:\Windows\System\bIdhwKB.exe
  C:\Windows\System\bIdhwKB.exe
  2⤵
  PID:9788
- C:\Windows\System\RnOtskb.exe
  C:\Windows\System\RnOtskb.exe
  2⤵
  PID:9776
- C:\Windows\System\buSZhOq.exe
  C:\Windows\System\buSZhOq.exe
  2⤵
  PID:9920
- C:\Windows\System\oucpXhV.exe
  C:\Windows\System\oucpXhV.exe
  2⤵
  PID:9940
- C:\Windows\System\RNJcIpg.exe
  C:\Windows\System\RNJcIpg.exe
  2⤵
  PID:10020
- C:\Windows\System\XMBaByd.exe
  C:\Windows\System\XMBaByd.exe
  2⤵
  PID:10104
- C:\Windows\System\qNufiLo.exe
  C:\Windows\System\qNufiLo.exe
  2⤵
  PID:10156
- C:\Windows\System\ScidaZJ.exe
  C:\Windows\System\ScidaZJ.exe
  2⤵
  PID:9240
- C:\Windows\System\LYCqCtB.exe
  C:\Windows\System\LYCqCtB.exe
  2⤵
  PID:9312
- C:\Windows\System\TBoCNvg.exe
  C:\Windows\System\TBoCNvg.exe
  2⤵
  PID:9468
- C:\Windows\System\UNKzAEx.exe
  C:\Windows\System\UNKzAEx.exe
  2⤵
  PID:9664
- C:\Windows\System\IBvDxDo.exe
  C:\Windows\System\IBvDxDo.exe
  2⤵
  PID:9868
- C:\Windows\System\peNGNWb.exe
  C:\Windows\System\peNGNWb.exe
  2⤵
  PID:9864
- C:\Windows\System\bCVOzVE.exe
  C:\Windows\System\bCVOzVE.exe
  2⤵
  PID:10016
- C:\Windows\System\zAukpZm.exe
  C:\Windows\System\zAukpZm.exe
  2⤵
  PID:10108
- C:\Windows\System\BFDgfnP.exe
  C:\Windows\System\BFDgfnP.exe
  2⤵
  PID:9380
- C:\Windows\System\RRZmEIH.exe
  C:\Windows\System\RRZmEIH.exe
  2⤵
  PID:9752
- C:\Windows\System\tmFmafo.exe
  C:\Windows\System\tmFmafo.exe
  2⤵
  PID:10080
- C:\Windows\System\MVAjvex.exe
  C:\Windows\System\MVAjvex.exe
  2⤵
  PID:9792
- C:\Windows\System\xOjVJhE.exe
  C:\Windows\System\xOjVJhE.exe
  2⤵
  PID:10252
- C:\Windows\System\VBDzsRB.exe
  C:\Windows\System\VBDzsRB.exe
  2⤵
  PID:10280
- C:\Windows\System\rqvNZkg.exe
  C:\Windows\System\rqvNZkg.exe
  2⤵
  PID:10316
- C:\Windows\System\YQVslku.exe
  C:\Windows\System\YQVslku.exe
  2⤵
  PID:10340
- C:\Windows\System\olmyptp.exe
  C:\Windows\System\olmyptp.exe
  2⤵
  PID:10364
- C:\Windows\System\HJqHyYa.exe
  C:\Windows\System\HJqHyYa.exe
  2⤵
  PID:10388
- C:\Windows\System\bRlXPjc.exe
  C:\Windows\System\bRlXPjc.exe
  2⤵
  PID:10428
- C:\Windows\System\NWlmWJp.exe
  C:\Windows\System\NWlmWJp.exe
  2⤵
  PID:10468
- C:\Windows\System\PruSwcZ.exe
  C:\Windows\System\PruSwcZ.exe
  2⤵
  PID:10496
- C:\Windows\System\lMplRsI.exe
  C:\Windows\System\lMplRsI.exe
  2⤵
  PID:10532
- C:\Windows\System\pnPINei.exe
  C:\Windows\System\pnPINei.exe
  2⤵
  PID:10564
- C:\Windows\System\IbRSvmd.exe
  C:\Windows\System\IbRSvmd.exe
  2⤵
  PID:10588
- C:\Windows\System\MvHeoPJ.exe
  C:\Windows\System\MvHeoPJ.exe
  2⤵
  PID:10624
- C:\Windows\System\bSOMimm.exe
  C:\Windows\System\bSOMimm.exe
  2⤵
  PID:10660
- C:\Windows\System\RFUpHHq.exe
  C:\Windows\System\RFUpHHq.exe
  2⤵
  PID:10700
- C:\Windows\System\EQHCoCz.exe
  C:\Windows\System\EQHCoCz.exe
  2⤵
  PID:10716
- C:\Windows\System\lafvJBA.exe
  C:\Windows\System\lafvJBA.exe
  2⤵
  PID:10740
- C:\Windows\System\sxAfEAU.exe
  C:\Windows\System\sxAfEAU.exe
  2⤵
  PID:10772
- C:\Windows\System\ERmvvxq.exe
  C:\Windows\System\ERmvvxq.exe
  2⤵
  PID:10800
- C:\Windows\System\iQwkLgE.exe
  C:\Windows\System\iQwkLgE.exe
  2⤵
  PID:10816
- C:\Windows\System\azLquJu.exe
  C:\Windows\System\azLquJu.exe
  2⤵
  PID:10852
- C:\Windows\System\yGGTtIn.exe
  C:\Windows\System\yGGTtIn.exe
  2⤵
  PID:10884
- C:\Windows\System\BDoaJpv.exe
  C:\Windows\System\BDoaJpv.exe
  2⤵
  PID:10912
- C:\Windows\System\ARpqhTv.exe
  C:\Windows\System\ARpqhTv.exe
  2⤵
  PID:10932
- C:\Windows\System\QVflQWP.exe
  C:\Windows\System\QVflQWP.exe
  2⤵
  PID:10964
- C:\Windows\System\cczEcMu.exe
  C:\Windows\System\cczEcMu.exe
  2⤵
  PID:10988
- C:\Windows\System\OjysWIf.exe
  C:\Windows\System\OjysWIf.exe
  2⤵
  PID:11016
- C:\Windows\System\jEbztOI.exe
  C:\Windows\System\jEbztOI.exe
  2⤵
  PID:11040
- C:\Windows\System\HMGAzpA.exe
  C:\Windows\System\HMGAzpA.exe
  2⤵
  PID:11068
- C:\Windows\System\IWAJZkv.exe
  C:\Windows\System\IWAJZkv.exe
  2⤵
  PID:11104
- C:\Windows\System\oSaewOz.exe
  C:\Windows\System\oSaewOz.exe
  2⤵
  PID:11124
- C:\Windows\System\ORXBdAw.exe
  C:\Windows\System\ORXBdAw.exe
  2⤵
  PID:11176
- C:\Windows\System\ToFbTgM.exe
  C:\Windows\System\ToFbTgM.exe
  2⤵
  PID:11204
- C:\Windows\System\abSNNot.exe
  C:\Windows\System\abSNNot.exe
  2⤵
  PID:11240
- C:\Windows\System\iLrGUUo.exe
  C:\Windows\System\iLrGUUo.exe
  2⤵
  PID:8836
- C:\Windows\System\wxDvmKP.exe
  C:\Windows\System\wxDvmKP.exe
  2⤵
  PID:10276
- C:\Windows\System\eperOsw.exe
  C:\Windows\System\eperOsw.exe
  2⤵
  PID:10456
- C:\Windows\System\wKfJOwi.exe
  C:\Windows\System\wKfJOwi.exe
  2⤵
  PID:10516
- C:\Windows\System\vcRrbAQ.exe
  C:\Windows\System\vcRrbAQ.exe
  2⤵
  PID:10556
- C:\Windows\System\vNPBxun.exe
  C:\Windows\System\vNPBxun.exe
  2⤵
  PID:10300
- C:\Windows\System\NuXagdp.exe
  C:\Windows\System\NuXagdp.exe
  2⤵
  PID:10644
- C:\Windows\System\jKvEisE.exe
  C:\Windows\System\jKvEisE.exe
  2⤵
  PID:10728
- C:\Windows\System\dZLHtcI.exe
  C:\Windows\System\dZLHtcI.exe
  2⤵
  PID:10788
- C:\Windows\System\EAlImGL.exe
  C:\Windows\System\EAlImGL.exe
  2⤵
  PID:10896
- C:\Windows\System\GDgbhDx.exe
  C:\Windows\System\GDgbhDx.exe
  2⤵
  PID:10880
- C:\Windows\System\fxgQzvq.exe
  C:\Windows\System\fxgQzvq.exe
  2⤵
  PID:10980
- C:\Windows\System\aGzkvSb.exe
  C:\Windows\System\aGzkvSb.exe
  2⤵
  PID:11048
- C:\Windows\System\FvCXxpA.exe
  C:\Windows\System\FvCXxpA.exe
  2⤵
  PID:11164
- C:\Windows\System\ZxaBdpH.exe
  C:\Windows\System\ZxaBdpH.exe
  2⤵
  PID:11196
- C:\Windows\System\ROXkAoR.exe
  C:\Windows\System\ROXkAoR.exe
  2⤵
  PID:10308
- C:\Windows\System\QHbnqNR.exe
  C:\Windows\System\QHbnqNR.exe
  2⤵
  PID:10356
- C:\Windows\System\RjwrTSl.exe
  C:\Windows\System\RjwrTSl.exe
  2⤵
  PID:10708
- C:\Windows\System\tUEsuPH.exe
  C:\Windows\System\tUEsuPH.exe
  2⤵
  PID:10828
- C:\Windows\System\RHtnfqq.exe
  C:\Windows\System\RHtnfqq.exe
  2⤵
  PID:3216
- C:\Windows\System\hKvEINv.exe
  C:\Windows\System\hKvEINv.exe
  2⤵
  PID:11092
- C:\Windows\System\DSPQAFQ.exe
  C:\Windows\System\DSPQAFQ.exe
  2⤵
  PID:11152
- C:\Windows\System\oVNFlxb.exe
  C:\Windows\System\oVNFlxb.exe
  2⤵
  PID:10524
- C:\Windows\System\presAzU.exe
  C:\Windows\System\presAzU.exe
  2⤵
  PID:11296
- C:\Windows\System\aITERsb.exe
  C:\Windows\System\aITERsb.exe
  2⤵
  PID:11324
- C:\Windows\System\SYtPOHB.exe
  C:\Windows\System\SYtPOHB.exe
  2⤵
  PID:11340
- C:\Windows\System\zejLRtB.exe
  C:\Windows\System\zejLRtB.exe
  2⤵
  PID:11360
- C:\Windows\System\WYXcazh.exe
  C:\Windows\System\WYXcazh.exe
  2⤵
  PID:11384
- C:\Windows\System\jmtMEvy.exe
  C:\Windows\System\jmtMEvy.exe
  2⤵
  PID:11412
- C:\Windows\System\Unxwbjm.exe
  C:\Windows\System\Unxwbjm.exe
  2⤵
  PID:11436
- C:\Windows\System\JLvPheS.exe
  C:\Windows\System\JLvPheS.exe
  2⤵
  PID:11460
- C:\Windows\System\bHGCkZd.exe
  C:\Windows\System\bHGCkZd.exe
  2⤵
  PID:11492
- C:\Windows\System\CGRUeru.exe
  C:\Windows\System\CGRUeru.exe
  2⤵
  PID:11512
- C:\Windows\System\KdQZUXi.exe
  C:\Windows\System\KdQZUXi.exe
  2⤵
  PID:11540
- C:\Windows\System\NbsYneL.exe
  C:\Windows\System\NbsYneL.exe
  2⤵
  PID:11564
- C:\Windows\System\jPNwnYJ.exe
  C:\Windows\System\jPNwnYJ.exe
  2⤵
  PID:11600
- C:\Windows\System\tSKnoyY.exe
  C:\Windows\System\tSKnoyY.exe
  2⤵
  PID:11624
- C:\Windows\System\JTuJOTW.exe
  C:\Windows\System\JTuJOTW.exe
  2⤵
  PID:11648
- C:\Windows\System\cUjSwYF.exe
  C:\Windows\System\cUjSwYF.exe
  2⤵
  PID:11680
- C:\Windows\System\lbrvCEl.exe
  C:\Windows\System\lbrvCEl.exe
  2⤵
  PID:11712
- C:\Windows\System\ZEBCmUK.exe
  C:\Windows\System\ZEBCmUK.exe
  2⤵
  PID:11732
- C:\Windows\System\ZydgskT.exe
  C:\Windows\System\ZydgskT.exe
  2⤵
  PID:11768
- C:\Windows\System\qINWxAQ.exe
  C:\Windows\System\qINWxAQ.exe
  2⤵
  PID:11800
- C:\Windows\System\fptCdBD.exe
  C:\Windows\System\fptCdBD.exe
  2⤵
  PID:11820
- C:\Windows\System\ehNrzjX.exe
  C:\Windows\System\ehNrzjX.exe
  2⤵
  PID:11848
- C:\Windows\System\EZPcDql.exe
  C:\Windows\System\EZPcDql.exe
  2⤵
  PID:11880
- C:\Windows\System\LIipiNt.exe
  C:\Windows\System\LIipiNt.exe
  2⤵
  PID:11904
- C:\Windows\System\XulSsIU.exe
  C:\Windows\System\XulSsIU.exe
  2⤵
  PID:11940
- C:\Windows\System\eTdRSLA.exe
  C:\Windows\System\eTdRSLA.exe
  2⤵
  PID:11968
- C:\Windows\System\wTKshpS.exe
  C:\Windows\System\wTKshpS.exe
  2⤵
  PID:11996
- C:\Windows\System\JxdJQPa.exe
  C:\Windows\System\JxdJQPa.exe
  2⤵
  PID:12024
- C:\Windows\System\SlfWAlb.exe
  C:\Windows\System\SlfWAlb.exe
  2⤵
  PID:12068
- C:\Windows\System\FTJpjPF.exe
  C:\Windows\System\FTJpjPF.exe
  2⤵
  PID:12100
- C:\Windows\System\ogXwXwc.exe
  C:\Windows\System\ogXwXwc.exe
  2⤵
  PID:12120
- C:\Windows\System\TCheBWG.exe
  C:\Windows\System\TCheBWG.exe
  2⤵
  PID:12152
- C:\Windows\System\FPhHtkN.exe
  C:\Windows\System\FPhHtkN.exe
  2⤵
  PID:12184
- C:\Windows\System\TNQJMBS.exe
  C:\Windows\System\TNQJMBS.exe
  2⤵
  PID:12216
- C:\Windows\System\kXJnkBC.exe
  C:\Windows\System\kXJnkBC.exe
  2⤵
  PID:12244
- C:\Windows\System\vmpqZAe.exe
  C:\Windows\System\vmpqZAe.exe
  2⤵
  PID:12276
- C:\Windows\System\VizHgxe.exe
  C:\Windows\System\VizHgxe.exe
  2⤵
  PID:10928
- C:\Windows\System\GDOYrUS.exe
  C:\Windows\System\GDOYrUS.exe
  2⤵
  PID:11304
- C:\Windows\System\wkPJJOZ.exe
  C:\Windows\System\wkPJJOZ.exe
  2⤵
  PID:11356
- C:\Windows\System\BXvneud.exe
  C:\Windows\System\BXvneud.exe
  2⤵
  PID:11352
- C:\Windows\System\TZLGxtZ.exe
  C:\Windows\System\TZLGxtZ.exe
  2⤵
  PID:11476
- C:\Windows\System\pttiTjx.exe
  C:\Windows\System\pttiTjx.exe
  2⤵
  PID:11532
- C:\Windows\System\RUqDZPs.exe
  C:\Windows\System\RUqDZPs.exe
  2⤵
  PID:11584
- C:\Windows\System\MZKOWIM.exe
  C:\Windows\System\MZKOWIM.exe
  2⤵
  PID:11616
- C:\Windows\System\dzUglwt.exe
  C:\Windows\System\dzUglwt.exe
  2⤵
  PID:11788
- C:\Windows\System\iYUsTjv.exe
  C:\Windows\System\iYUsTjv.exe
  2⤵
  PID:11748
- C:\Windows\System\gsFgenL.exe
  C:\Windows\System\gsFgenL.exe
  2⤵
  PID:11832
- C:\Windows\System\txIaUzG.exe
  C:\Windows\System\txIaUzG.exe
  2⤵
  PID:11860
- C:\Windows\System\nvWzELn.exe
  C:\Windows\System\nvWzELn.exe
  2⤵
  PID:11988
- C:\Windows\System\LewAJYU.exe
  C:\Windows\System\LewAJYU.exe
  2⤵
  PID:12084
- C:\Windows\System\nSPLNgY.exe
  C:\Windows\System\nSPLNgY.exe
  2⤵
  PID:12172
- C:\Windows\System\nMOGyKc.exe
  C:\Windows\System\nMOGyKc.exe
  2⤵
  PID:12224
- C:\Windows\System\vlgHnhd.exe
  C:\Windows\System\vlgHnhd.exe
  2⤵
  PID:12228
- C:\Windows\System\PfIzLAm.exe
  C:\Windows\System\PfIzLAm.exe
  2⤵
  PID:12268
- C:\Windows\System\LhiYbbi.exe
  C:\Windows\System\LhiYbbi.exe
  2⤵
  PID:11288
- C:\Windows\System\ZbomMFi.exe
  C:\Windows\System\ZbomMFi.exe
  2⤵
  PID:11372
- C:\Windows\System\PDTZzVW.exe
  C:\Windows\System\PDTZzVW.exe
  2⤵
  PID:11576
- C:\Windows\System\qvDxDiy.exe
  C:\Windows\System\qvDxDiy.exe
  2⤵
  PID:11688
- C:\Windows\System\LQeqhRn.exe
  C:\Windows\System\LQeqhRn.exe
  2⤵
  PID:11720
- C:\Windows\System\gwbFWId.exe
  C:\Windows\System\gwbFWId.exe
  2⤵
  PID:12020
- C:\Windows\System\PwgYUfu.exe
  C:\Windows\System\PwgYUfu.exe
  2⤵
  PID:10380
- C:\Windows\System\KdGaMjh.exe
  C:\Windows\System\KdGaMjh.exe
  2⤵
  PID:11396
- C:\Windows\System\bvTfLto.exe
  C:\Windows\System\bvTfLto.exe
  2⤵
  PID:11744
- C:\Windows\System\rDCuXon.exe
  C:\Windows\System\rDCuXon.exe
  2⤵
  PID:11932
- C:\Windows\System\ugZtCuC.exe
  C:\Windows\System\ugZtCuC.exe
  2⤵
  PID:12132
- C:\Windows\System\uSAgref.exe
  C:\Windows\System\uSAgref.exe
  2⤵
  PID:12296
- C:\Windows\System\AiBIAbn.exe
  C:\Windows\System\AiBIAbn.exe
  2⤵
  PID:12324
- C:\Windows\System\GkFITGf.exe
  C:\Windows\System\GkFITGf.exe
  2⤵
  PID:12348
- C:\Windows\System\paeNmep.exe
  C:\Windows\System\paeNmep.exe
  2⤵
  PID:12376
- C:\Windows\System\QRhGvrG.exe
  C:\Windows\System\QRhGvrG.exe
  2⤵
  PID:12404
- C:\Windows\System\lNRnWOv.exe
  C:\Windows\System\lNRnWOv.exe
  2⤵
  PID:12436
- C:\Windows\System\htnifHe.exe
  C:\Windows\System\htnifHe.exe
  2⤵
  PID:12464
- C:\Windows\System\fdmGwkZ.exe
  C:\Windows\System\fdmGwkZ.exe
  2⤵
  PID:12500
- C:\Windows\System\xKwICZt.exe
  C:\Windows\System\xKwICZt.exe
  2⤵
  PID:12524
- C:\Windows\System\ilMRTCs.exe
  C:\Windows\System\ilMRTCs.exe
  2⤵
  PID:12552
- C:\Windows\System\YShgAlG.exe
  C:\Windows\System\YShgAlG.exe
  2⤵
  PID:12588
- C:\Windows\System\ODIcFIv.exe
  C:\Windows\System\ODIcFIv.exe
  2⤵
  PID:12608
- C:\Windows\System\mSbnXNa.exe
  C:\Windows\System\mSbnXNa.exe
  2⤵
  PID:12636
- C:\Windows\System\OMWNNzg.exe
  C:\Windows\System\OMWNNzg.exe
  2⤵
  PID:12660
- C:\Windows\System\DUkmQtX.exe
  C:\Windows\System\DUkmQtX.exe
  2⤵
  PID:12688
- C:\Windows\System\JmAPRGe.exe
  C:\Windows\System\JmAPRGe.exe
  2⤵
  PID:12708
- C:\Windows\System\NWgmOau.exe
  C:\Windows\System\NWgmOau.exe
  2⤵
  PID:12732
- C:\Windows\System\lbNqSvf.exe
  C:\Windows\System\lbNqSvf.exe
  2⤵
  PID:12752
- C:\Windows\System\ptmbaRf.exe
  C:\Windows\System\ptmbaRf.exe
  2⤵
  PID:12776
- C:\Windows\System\ymdlSxD.exe
  C:\Windows\System\ymdlSxD.exe
  2⤵
  PID:12796
- C:\Windows\System\mXbGcvH.exe
  C:\Windows\System\mXbGcvH.exe
  2⤵
  PID:12820
- C:\Windows\System\KjZvJOP.exe
  C:\Windows\System\KjZvJOP.exe
  2⤵
  PID:12848
- C:\Windows\System\laXDIRH.exe
  C:\Windows\System\laXDIRH.exe
  2⤵
  PID:12872
- C:\Windows\System\HUkaSex.exe
  C:\Windows\System\HUkaSex.exe
  2⤵
  PID:12912
- C:\Windows\System\AduMwnT.exe
  C:\Windows\System\AduMwnT.exe
  2⤵
  PID:12936
- C:\Windows\System\BdwKQWp.exe
  C:\Windows\System\BdwKQWp.exe
  2⤵
  PID:12964
- C:\Windows\System\ZEZCQnL.exe
  C:\Windows\System\ZEZCQnL.exe
  2⤵
  PID:12988
- C:\Windows\System\BKgYErG.exe
  C:\Windows\System\BKgYErG.exe
  2⤵
  PID:13024
- C:\Windows\System\zByhBSC.exe
  C:\Windows\System\zByhBSC.exe
  2⤵
  PID:13048
- C:\Windows\System\xwsgUjK.exe
  C:\Windows\System\xwsgUjK.exe
  2⤵
  PID:13072
- C:\Windows\System\mtqbbzk.exe
  C:\Windows\System\mtqbbzk.exe
  2⤵
  PID:13100
- C:\Windows\System\GDllsnZ.exe
  C:\Windows\System\GDllsnZ.exe
  2⤵
  PID:13124
- C:\Windows\System\SswgxoJ.exe
  C:\Windows\System\SswgxoJ.exe
  2⤵
  PID:13148
- C:\Windows\System\AxXfxNr.exe
  C:\Windows\System\AxXfxNr.exe
  2⤵
  PID:13176
- C:\Windows\System\URaZneE.exe
  C:\Windows\System\URaZneE.exe
  2⤵
  PID:13192
- C:\Windows\System\shBsMDr.exe
  C:\Windows\System\shBsMDr.exe
  2⤵
  PID:13224
- C:\Windows\System\nrvhHff.exe
  C:\Windows\System\nrvhHff.exe
  2⤵
  PID:13260
- C:\Windows\System\sDWmwvq.exe
  C:\Windows\System\sDWmwvq.exe
  2⤵
  PID:12424
- C:\Windows\System\aNePXjw.exe
  C:\Windows\System\aNePXjw.exe
  2⤵
  PID:12488
- C:\Windows\System\uvPFAZB.exe
  C:\Windows\System\uvPFAZB.exe
  2⤵
  PID:12484
- C:\Windows\System\NLSbdge.exe
  C:\Windows\System\NLSbdge.exe
  2⤵
  PID:12652
- C:\Windows\System\FaJzBMf.exe
  C:\Windows\System\FaJzBMf.exe
  2⤵
  PID:12676
- C:\Windows\System\QCYfEzx.exe
  C:\Windows\System\QCYfEzx.exe
  2⤵
  PID:12720
- C:\Windows\System\OjtOZty.exe
  C:\Windows\System\OjtOZty.exe
  2⤵
  PID:12768
- C:\Windows\System\dUfeUXw.exe
  C:\Windows\System\dUfeUXw.exe
  2⤵
  PID:12860
- C:\Windows\System\dYxxbTa.exe
  C:\Windows\System\dYxxbTa.exe
  2⤵
  PID:12868
- C:\Windows\System\QeMqJWZ.exe
  C:\Windows\System\QeMqJWZ.exe
  2⤵
  PID:12932
- C:\Windows\System\gdsvFNv.exe
  C:\Windows\System\gdsvFNv.exe
  2⤵
  PID:13004
- C:\Windows\System\qUavVLQ.exe
  C:\Windows\System\qUavVLQ.exe
  2⤵
  PID:13116
- C:\Windows\System\UCVbarb.exe
  C:\Windows\System\UCVbarb.exe
  2⤵
  PID:13120
- C:\Windows\System\MmFmGwM.exe
  C:\Windows\System\MmFmGwM.exe
  2⤵
  PID:64
- C:\Windows\System\BwoFcvW.exe
  C:\Windows\System\BwoFcvW.exe
  2⤵
  PID:13168
- C:\Windows\System\jihNoeT.exe
  C:\Windows\System\jihNoeT.exe
  2⤵
  PID:13236
- C:\Windows\System\bLziVXI.exe
  C:\Windows\System\bLziVXI.exe
  2⤵
  PID:12452
- C:\Windows\System\cwCaBiU.exe
  C:\Windows\System\cwCaBiU.exe
  2⤵
  PID:4140
- C:\Windows\System\BFxVlcv.exe
  C:\Windows\System\BFxVlcv.exe
  2⤵
  PID:12516
- C:\Windows\System\dcBCiej.exe
  C:\Windows\System\dcBCiej.exe
  2⤵
  PID:12700
- C:\Windows\System\Hzcxdoo.exe
  C:\Windows\System\Hzcxdoo.exe
  2⤵
  PID:12884
- C:\Windows\System\kNEPMLg.exe
  C:\Windows\System\kNEPMLg.exe
  2⤵
  PID:13060
- C:\Windows\System\LELQGdL.exe
  C:\Windows\System\LELQGdL.exe
  2⤵
  PID:1348
- C:\Windows\System\SHVXJuY.exe
  C:\Windows\System\SHVXJuY.exe
  2⤵
  PID:13292
- C:\Windows\System\ktZzdAc.exe
  C:\Windows\System\ktZzdAc.exe
  2⤵
  PID:13248
- C:\Windows\System\wAsKVIx.exe
  C:\Windows\System\wAsKVIx.exe
  2⤵
  PID:12984
- C:\Windows\System\BeerbIn.exe
  C:\Windows\System\BeerbIn.exe
  2⤵
  PID:13132
- C:\Windows\System\XOzdUGm.exe
  C:\Windows\System\XOzdUGm.exe
  2⤵
  PID:12792
- C:\Windows\System\urZGDPW.exe
  C:\Windows\System\urZGDPW.exe
  2⤵
  PID:12832
- C:\Windows\System\CDlysRF.exe
  C:\Windows\System\CDlysRF.exe
  2⤵
  PID:13340
- C:\Windows\System\dOJOKHI.exe
  C:\Windows\System\dOJOKHI.exe
  2⤵
  PID:13380
- C:\Windows\System\tKKzQwt.exe
  C:\Windows\System\tKKzQwt.exe
  2⤵
  PID:13412
- C:\Windows\System\zozDBMM.exe
  C:\Windows\System\zozDBMM.exe
  2⤵
  PID:13440
- C:\Windows\System\kHTAuiY.exe
  C:\Windows\System\kHTAuiY.exe
  2⤵
  PID:13472
- C:\Windows\System\gYVLydx.exe
  C:\Windows\System\gYVLydx.exe
  2⤵
  PID:13492
- C:\Windows\System\tzmeuyQ.exe
  C:\Windows\System\tzmeuyQ.exe
  2⤵
  PID:13520
- C:\Windows\System\GEfAcyx.exe
  C:\Windows\System\GEfAcyx.exe
  2⤵
  PID:13544
- C:\Windows\System\kxUBQLw.exe
  C:\Windows\System\kxUBQLw.exe
  2⤵
  PID:13572
- C:\Windows\System\pWfpvub.exe
  C:\Windows\System\pWfpvub.exe
  2⤵
  PID:13600
- C:\Windows\System\mFouadO.exe
  C:\Windows\System\mFouadO.exe
  2⤵
  PID:13624
- C:\Windows\System\pOrrPOW.exe
  C:\Windows\System\pOrrPOW.exe
  2⤵
  PID:13656
- C:\Windows\System\iThCWHD.exe
  C:\Windows\System\iThCWHD.exe
  2⤵
  PID:13680
- C:\Windows\System\jjGsUzA.exe
  C:\Windows\System\jjGsUzA.exe
  2⤵
  PID:13712
- C:\Windows\System\OYacOyf.exe
  C:\Windows\System\OYacOyf.exe
  2⤵
  PID:13752
- C:\Windows\System\QTVbeSd.exe
  C:\Windows\System\QTVbeSd.exe
  2⤵
  PID:13768
- C:\Windows\System\dvcGuUW.exe
  C:\Windows\System\dvcGuUW.exe
  2⤵
  PID:13792
- C:\Windows\System\AyxXIix.exe
  C:\Windows\System\AyxXIix.exe
  2⤵
  PID:13820
- C:\Windows\System\VAskZch.exe
  C:\Windows\System\VAskZch.exe
  2⤵
  PID:13840
- C:\Windows\System\ExSwGbh.exe
  C:\Windows\System\ExSwGbh.exe
  2⤵
  PID:13860
- C:\Windows\System\eOPZnfA.exe
  C:\Windows\System\eOPZnfA.exe
  2⤵
  PID:13880
- C:\Windows\System\sKtUkDO.exe
  C:\Windows\System\sKtUkDO.exe
  2⤵
  PID:13916
- C:\Windows\System\AQpqZee.exe
  C:\Windows\System\AQpqZee.exe
  2⤵
  PID:13964
- C:\Windows\System\JBGdYEH.exe
  C:\Windows\System\JBGdYEH.exe
  2⤵
  PID:13984
- C:\Windows\System\ifEFUZP.exe
  C:\Windows\System\ifEFUZP.exe
  2⤵
  PID:14000
- C:\Windows\System\PtRudFa.exe
  C:\Windows\System\PtRudFa.exe
  2⤵
  PID:14076
- C:\Windows\System\lODEdRd.exe
  C:\Windows\System\lODEdRd.exe
  2⤵
  PID:14092
- C:\Windows\System\GIetXpA.exe
  C:\Windows\System\GIetXpA.exe
  2⤵
  PID:14120
- C:\Windows\System\jDYcCZP.exe
  C:\Windows\System\jDYcCZP.exe
  2⤵
  PID:14140
- C:\Windows\System\CrbcfAQ.exe
  C:\Windows\System\CrbcfAQ.exe
  2⤵
  PID:14168
- C:\Windows\System\hTGkqlE.exe
  C:\Windows\System\hTGkqlE.exe
  2⤵
  PID:14192
- C:\Windows\System\rlpmnRy.exe
  C:\Windows\System\rlpmnRy.exe
  2⤵
  PID:14208
- C:\Windows\System\zAxLDjG.exe
  C:\Windows\System\zAxLDjG.exe
  2⤵
  PID:14228
- C:\Windows\System\TKwxxmP.exe
  C:\Windows\System\TKwxxmP.exe
  2⤵
  PID:14260
- C:\Windows\System\vKfPkqm.exe
  C:\Windows\System\vKfPkqm.exe
  2⤵
  PID:14280
- C:\Windows\System\kSzFKuL.exe
  C:\Windows\System\kSzFKuL.exe
  2⤵
  PID:14312
- C:\Windows\System\biEjQep.exe
  C:\Windows\System\biEjQep.exe
  2⤵
  PID:13324
- C:\Windows\System\FfwBTfR.exe
  C:\Windows\System\FfwBTfR.exe
  2⤵
  PID:13372
- C:\Windows\System\iTgpuAL.exe
  C:\Windows\System\iTgpuAL.exe
  2⤵
  PID:13428
- C:\Windows\System\sWUaSOk.exe
  C:\Windows\System\sWUaSOk.exe
  2⤵
  PID:13500
- C:\Windows\System\EvwFGod.exe
  C:\Windows\System\EvwFGod.exe
  2⤵
  PID:13596
- C:\Windows\System\WFKcrex.exe
  C:\Windows\System\WFKcrex.exe
  2⤵
  PID:13668
- C:\Windows\System\OVyamIr.exe
  C:\Windows\System\OVyamIr.exe
  2⤵
  PID:13736
- C:\Windows\System\QoXMmma.exe
  C:\Windows\System\QoXMmma.exe
  2⤵
  PID:13832
- C:\Windows\System\mKJBnuW.exe
  C:\Windows\System\mKJBnuW.exe
  2⤵
  PID:13872
- C:\Windows\System\GQHqiFu.exe
  C:\Windows\System\GQHqiFu.exe
  2⤵
  PID:13904
- C:\Windows\System\eDzsEkh.exe
  C:\Windows\System\eDzsEkh.exe
  2⤵
  PID:13944
- C:\Windows\System\FtniIXp.exe
  C:\Windows\System\FtniIXp.exe
  2⤵
  PID:14064
- C:\Windows\System\vQDTNtX.exe
  C:\Windows\System\vQDTNtX.exe
  2⤵
  PID:14128

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BJkhEwW.exe

Filesize
2.5MB

MD5
73a22d631be0c67d34676483472d3223

SHA1
c7e64e368cfc51e7b3708ce4a80e7561baa93d92

SHA256
133783ebaea992c2b34d0921418c6553633f5437beae008ebe0fc965db365ce8

SHA512
643853cc2b51ae99a2b3099035d13ad34a4305775e4fa717e738c0619919ed54ff6966daf3beefe6baab6333e9e2dcabe100294d135ab8c17822e183848ee3b7

Download Submit
C:\Windows\System\BaISTvP.exe

Filesize
2.5MB

MD5
c51f5e9656e3c9acd6bc86a4aa4181fa

SHA1
c298c70ffa64cc696451cd60485cae6480d23fe3

SHA256
2dae1ec915df79f7d46d6fab4a2c29815df9900af579ef4edbe7c19cafd4f092

SHA512
073f2e5d1eaeb2dbb1577df8291e4ed9ac70a86d4647e8e87e4231a641035202b995df13ddf67ac232bd3fea7e435cd971fd024171c0aee70adc42cf96246703

Download Submit
C:\Windows\System\CYUuPZD.exe

Filesize
2.5MB

MD5
469c8a9b7f23f291de517a8b8541858e

SHA1
a6ff975d29b6c6e4bae8e36b9e054cb2d9799748

SHA256
da76b9381db5ba08aed57fe22989c6a37214f0339168b485eddd9f13ca903d35

SHA512
7a551ff2a4eb38fe9eb07ecb31733496806be07115ceb716695741bb5897469a2e6b811fef8a6b3e5d2096366783c1937eb4d119b2b8b6ad2913b4a9db396de3

Download Submit
C:\Windows\System\DrqPXjS.exe

Filesize
2.5MB

MD5
b250c808445ef400cfb728e326de637b

SHA1
873ac6be2d14e555ebfe1e70153a653519c47457

SHA256
060886982b368eb6e82e3a141f58cddde8b2b130919e01d5df3abfddda25472b

SHA512
234eb230c9e85794c1f60a100d15a19fc6f8c06a0cf48ef2a73dcb8ead67f9fc9a365b360200b1b0ffb4a4d19b388a2dc42eca82a5f0039a09e524579a86df48

Download Submit
C:\Windows\System\HQZKNhF.exe

Filesize
2.5MB

MD5
f2f110fc1d93b6e5554d2beb20232ce9

SHA1
d60805eba9315cf0a4bfa60e363387b7989ed625

SHA256
5b62fa917d76f17929c68f4df4f375ba5cd02addf14dbd328ed97b49a1841a7e

SHA512
85452e95a291ba5d955b032ad54d6a0f73e3ca069020ca17d56418d66e9803f0f42b457ca54111702193b344146e581b2bf2c76b92970f0c4ffffe0d9601eeb2

Download Submit
C:\Windows\System\Klmxvnx.exe

Filesize
2.5MB

MD5
d9204ab13d9a729e07e40ecd9b8db91e

SHA1
78cce88cfa38041ce8f0801289ccf2571c339425

SHA256
5c8ab57e9a406414a9d5ad339d17594679fe93735e03cb07699bfeb5cb920291

SHA512
6e794e3d87cb481607fb6200a52ae226519f5d838a12b2ab37e1efa5a1e8d6a638cef32bee3b94b9749af4fefb51e7ce40d4515577958862e255dda2e9e39643

Download Submit
C:\Windows\System\MyUTwOi.exe

Filesize
2.5MB

MD5
42d878755dafb45657e8a45a0aac6d98

SHA1
8a59b4020b31a1cfa3e026052b3338b7ba481902

SHA256
6607e890b4381983d6c24b668f2b237809c95fdc2648ec43157318ca1e7cb7cb

SHA512
9314ab4041e480d499ed263412c1456776f915a195c9ba780cfc5119ea6d6eb40557bb35e55b0da6e0d22a0b1281b38477f50b6cb546a445ef23f31598e15e74

Download Submit
C:\Windows\System\NzARnqv.exe

Filesize
2.5MB

MD5
6dbc19381de361aa1f322d53d9a077c0

SHA1
3547cac0c4ee2c07536c204d5cd51b74a3b2b27f

SHA256
9e9be10e38330247517bed1694c927a7878f723a1335b0f7b59b8e3e9f8c3cec

SHA512
40b078350a5bae331afd694188d2deee3e735f5511d715480779b41a61606851dd92adc87f3d0d40224d51cadd0a35cf9fc5bc317e797e451ada193cf9cbc892

Download Submit
C:\Windows\System\OKmLuOm.exe

Filesize
2.5MB

MD5
b16cb63d1be132d18949f78752c17b51

SHA1
64ccab0b8084b8152bcfb300c236222de1f3f6d7

SHA256
b7e64e04ce7a9b2db021cc3479e679bac5383d981faeeef8b019c8dbe34e0fae

SHA512
62de165b4fa1b8bca7f185327d5846ba33eabe31df9a21476b540e3228698ce90114f15ebff932bd94eff3ff83ae7bbb108baa2a8da457a46e82fd298b2b7f5a

Download Submit
C:\Windows\System\OZrOLTu.exe

Filesize
2.5MB

MD5
f20f00431c408ca62c79dfef22967f70

SHA1
a045c13c73ea3aaafa6f3b46ae8058800247e45e

SHA256
3e5eee9218484300a72ee47ee595ee3de5af4dc93cc9d17a506cb0d7c6c8c6b8

SHA512
9b43fb2ccc6d355bd2f0595b704425216a7e7e7708ba49530cfe7f55577bd4bf3399fec0be0c0694ffe9bf0602b22f4fb364196bf95e2823e3a05118a08f2a5c

Download Submit
C:\Windows\System\QLHbrQe.exe

Filesize
2.5MB

MD5
80e61057be7eb4216af5e6dc121b5ac7

SHA1
b4f04204a0045267702f5f688ac5f2205c3ed6ed

SHA256
039c95bd99a9e521d875efa1047185847053f7d5a18462abb45ca4ea6b2b7553

SHA512
f175dd8c6a703fae76b8da4c8a5033d3b88c963f1c88eeefdf3c96c875c810aa7da4ff379bca234c09235eef8b2fa11ff749c637bfa6fffe28b496d6582a2785

Download Submit
C:\Windows\System\QjADYYH.exe

Filesize
2.5MB

MD5
d70142e5aeab94e9b603df02f93f14f9

SHA1
ad449683eae490399508515a844cc42f8fca021d

SHA256
f4edaee28ea632db3e0b53cb2bffe00f0c4d883339670374ce64e852f7ea1196

SHA512
bce42ecc683ffae4e5fa7a9af68f353a37989fc9ef069f3ddd2fefe6627609cdf8c6fd87792896759526b63718bd9dbc21687c5ba752f9ef9b5c9c436ddd7c07

Download Submit
C:\Windows\System\RDQXPSJ.exe

Filesize
2.5MB

MD5
599f9f7a5405b9eab8d5f452bb128132

SHA1
2426f6935a6683e9a60a335cc6f8ea3a1fed7540

SHA256
1193f00da2d0188873d21fbf79f51f53f4e46adad7b10c8500984012e912baed

SHA512
74e430d3932001ef7e2368a8e7279d0ca947f7669eb83d194436cce9b8e6155be10dcb33f171321ce1ebded1a3cc2adbb24715e55954c458a232dab214f27fc3

Download Submit
C:\Windows\System\TGgpxAm.exe

Filesize
2.5MB

MD5
f6f60c50d05e162042b1acd06eef751d

SHA1
e93ef23a723ee8f928add18f6ebffa42f9fd46cc

SHA256
7a23142fb90bd5237511af28b7cea542af3e7b4f5e5dc14a41d3d3e7df0e001c

SHA512
44dfc8eddb82f220ca494a7edbf2ab35e646c5f079edb0ee8d5b1bdb9799fd40d0473b61d43f0a793a245f7cc98f5e92bca1282a1b2fa5ed5cc9e455eccfb214

Download Submit
C:\Windows\System\VsdLeZJ.exe

Filesize
2.5MB

MD5
9f7ada2d83033b75628983edf1ebfc70

SHA1
35ac3ef7575ca960ec67426c289996084751dd81

SHA256
1501f9bbce9b847d9a40096cd168d41b6ac56a0289acaf10f77d9c80cbf965b5

SHA512
ad19b4cb47784821d96525062b7f11b7b9d68bd741d86e355a27cdec8eb16b85cfeb2ca1a480be6d61886ef8ae2034617dc269c91364c37bfb59976e14532615

Download Submit
C:\Windows\System\ZSszsoB.exe

Filesize
2.5MB

MD5
302609a326e82453091f2b9466911713

SHA1
ddbd2053dff6663db576620a55fb7b35e08189b7

SHA256
347f8d355c4d4cb6bcecd1c26ed45985d49011c8e8e89eb1e601a74b80a0f31c

SHA512
0362b8a02a919eeab57af937348b9dcccdebdc1425ed9ecc0de8c8da6ad6c92853d28d92c807123c755143466759838be0e12f1b7e05e754f9653ca902f2a4be

Download Submit
C:\Windows\System\aSmaHqr.exe

Filesize
2.5MB

MD5
a12dc97c6a4d413f8e6a89e9859f24e5

SHA1
6890d824029e27b061b55336496420c0fca864ac

SHA256
022228e55e4df1a2de3e2f519f1469f2cc36935465db7fd62367d6b3a96efab0

SHA512
af3839bf21bfde33c06a706cfba1488c818cbd07700dd580d4c46c7b3f8ed492e38c01e8d3b2ec4c5d7025015c0e35c33b0b95c2fefc171faf15cfa5d227fd2d

Download Submit
C:\Windows\System\bNebJph.exe

Filesize
2.5MB

MD5
9377a1aa5c6b3195d772e48fef8b1c0a

SHA1
62b1374ac823ee10c4d794098a1243af1e5dc8fb

SHA256
d699a36ae15921a99d586c41c49beefd167a2219b0efc965017db1dbab84cd85

SHA512
4d526a0f913ac1b4f5d94958dd5030fc017018ab9f2e0f53b8a5a30fd0724a56fc8f38441b02ed42df579a31be417511d70c8d9f72b2c2b1f4e99b55956f1cb1

Download Submit
C:\Windows\System\bQPQtjP.exe

Filesize
2.5MB

MD5
05a57d404e53bb12451d1f8022fe2ce3

SHA1
feaea3e7f210db2344d9a5fe5d245f22a3f36ccd

SHA256
47a24f66294a70e6b889b3b853a9c2ea7b8077437f15abf74521908311171c10

SHA512
23fc987e3167f3fb61d944679f96e5edfb48a2f5e4bb948ffcb44107503dc2cf6d4688c079208b4a41520bc8b2ad4db1900ef0196ef6feec9e3fa837759849ae

Download Submit
C:\Windows\System\buYKGwM.exe

Filesize
2.5MB

MD5
f244d83ba2109f62a42f7d465dcdf243

SHA1
37dad3d81cf513b1a9e9cd686dbd4c4a013383c3

SHA256
399d4ae7ff617c9729b9fe6f38e86bcb4df3fc8e687e84207ef651351556115e

SHA512
e2cc00306b63668c7d4d88c5f4999463af3281d0e407f8d421f2c88545b5d79ee7808f9f78212a9e0418b144d60345bcc7376a2ecc6b6779fde82357204cb74e

Download Submit
C:\Windows\System\cZFrbis.exe

Filesize
2.5MB

MD5
0a75b2168e442764fd911732da43e7df

SHA1
f7033b53d771c35035d4e056b4567e4a2315fc2a

SHA256
5d5eb21ddba5acc48bcb6454dda4e43d941c11e0a7c66529599354821c54c39c

SHA512
0a31e4d857b5795d8c3fb6d5313bf5dcddd1dc38897c2b999fcb63011cb26721743403b73193bb94ef397fced86abc3c3a27bb2bb7e60f661d171d39287654bc

Download Submit
C:\Windows\System\dGQnbWG.exe

Filesize
2.5MB

MD5
5ce6da483657db4c5226b85fb82d23d2

SHA1
9e3e304b1c1c19551cea7e9d22cfc61d50c3abca

SHA256
cdef3f55170ce2cff7f0891f7fed52182320a382d2266e036e8f7c48632bac13

SHA512
d2ad5f91ba48192e10a0cae20f24a9052b15d5417c7261081414e5a9b6ac82870c9027000629f11c25d0d1c740aa3845413988b822c3e9f6eb9269ff19e826f2

Download Submit
C:\Windows\System\ewyJhxa.exe

Filesize
2.5MB

MD5
8bee2bb8137a7e74c663a0b5279d18d2

SHA1
7ae16b2e32c1d3a00dab74090da4ed38a57072b6

SHA256
59f32f7ca18bfe65633f76114d687daed2571b96b429aa91ec4d3d29a7e2d0b2

SHA512
7d81ab2e51ad5abc46ba972c5845fe482e00c219aca064660b662ac9d802127fd6b7cf65567d16f97602101c36bda01e16665c2be210ba297fb3bd1d19ead50e

Download Submit
C:\Windows\System\ijyLLkH.exe

Filesize
2.5MB

MD5
b0407def617a9136a38424cbd17d2fdb

SHA1
8f0b2af273715789a4ae1df6350e8deac0f02256

SHA256
785a302570207d91cf07a1eea709b4a3d1848a3ec73bd58fc163bdf86ce8ab54

SHA512
0c30f939c958e688574d69203e42ef0c2658ed7bf4e7f7464f8b795f724be05249d08fa0225e18bafa02fee1cefc7485e3d4e035c3e35ecddcbc4c0e78b3f096

Download Submit
C:\Windows\System\iqCmFTy.exe

Filesize
2.5MB

MD5
8e0f0a357aa35a28c8eb529af848af83

SHA1
7b9d7b2f19c1c26303fd64e0b2f82321b801d412

SHA256
ac20575f9aa4d1aa9e38960673b6ee816b4275fd8b0499a1272b62860d4b805c

SHA512
de2d70f9cdd2a81b08b44fbe96616fc94d4c9553a115e4f68a129428c8a9839754f7b3a9a18c4bec630692bc6a5113d83cf8bcaf5c55f28ed27065ca534114df

Download Submit
C:\Windows\System\kCVaXwr.exe

Filesize
2.5MB

MD5
bddb72777b40acec33a6e72e9e2d4a16

SHA1
ddba7cd3a18710a970c960e54ceefab946ffa13b

SHA256
2865dd87ee088252ddcbfc1afa4fc5b1e022b1a4f50fd1684809dc2248a14512

SHA512
e0590a737546653896a1e55aaf89579cb8bbb1230daea87a8ae29243a2fe84ac575bef2145543e5bfc24538f11174a1198ecf9cc027902bba27b9073884a0751

Download Submit
C:\Windows\System\lMwkWRN.exe

Filesize
2.5MB

MD5
86353018feefb868f5ba1949c851d916

SHA1
fabad5120b2f8654573d0ebafd78307ac2b1e3a2

SHA256
380c0693c686eb8acb9ba0ecdc04e2ef556f73e9129b07968d1db9063292ea36

SHA512
474aa6595dbc96c89430cd2228c12e13c3245f3244db06540684920a5a40399fdbe5e9676be454fa6a70f68202ed1c56daf858b1249cb3014472da97a5d6b449

Download Submit
C:\Windows\System\ltkETEj.exe

Filesize
2.5MB

MD5
8a230d3f43c09172ae2ecda24f8d1181

SHA1
6654741c52807ec1300f64f8290676dacee0dea1

SHA256
6fb08624ef936d151d523a194c3d7325e762fd267484199f44e6cc98fbbbd187

SHA512
99c845eaed6bc8fc3427b0fe4ff94a92b44ac0c432db07a758a6dc457c483f92170adc48a455ea462d24f9b44456543cc261389f0cac5fec99d4e3930a43b9c1

Download Submit
C:\Windows\System\nazxETb.exe

Filesize
2.5MB

MD5
183b1d4b5cd2193e95564d049685f5ed

SHA1
5b8cc6ffaee378798bc907d3ca2bc4498f863b42

SHA256
59749d39500be1fc2327534f44d717f19331ebca87b313304e33c80fa1f334d6

SHA512
366ceb6c6552b85a0a52ff207ee44ef21b6f97675be3ccee45bd01276c82e663f31bdeb77213da3ea4304e19157383309cfbaae69e2f4ba74fda7af7dcedb7cb

Download Submit
C:\Windows\System\oLnBfqT.exe

Filesize
2.5MB

MD5
9f7ec9aeb5b7351e6f8d79f6bfbc5c6b

SHA1
51086cd7dcb13b10ce62644ef488e768cd3d4815

SHA256
93276c60f8a85ee06a42ff2bdc1b4bc73909eb0daf59b53e13235ff15bc906e4

SHA512
18e17109f13a9d6a8a7da363037c8e3d42f2716ed9ffc9e4f8165c1bb59aee61fa4f65536a6f409da77479cb2b68e8c1c46f869ea1d438eed8188a7e3e9b8c08

Download Submit
C:\Windows\System\pTajDSi.exe

Filesize
2.5MB

MD5
bcbfc9e8a9bd21b58e0e56e4d9e83842

SHA1
b0fbccb1d54d537ad324a131a556e323999d6345

SHA256
d939a0e50736d43dc4565d9933d6696eca46ddebdb0673acaaeac8cd5ea5b6d3

SHA512
cda895bd24c2a655abcd2b242765e656aa64d5eaf38ecc978c6f201d46bd389fc2fd491b9830548b9a2776390e026c11ed6dc87de2e5dc0f4f91ba0f7b180091

Download Submit
C:\Windows\System\rMRSchu.exe

Filesize
2.5MB

MD5
25db30536330a18ebd0b2572059abb11

SHA1
8f8d96d1e28f8c6db6a589f7f021b605c6d0924a

SHA256
74f9c2abb59f87546984781d580db175e3fc41cbf54f47081e5be2cf4894936c

SHA512
39d1237ac9ff91f9e206f1c2d133ba09e6553839924a34a841c78bed71a5f9bd6f0d0d78c44e544c70a0739167fb60c478aa03c6f6c4f57666040bbba356e479

Download Submit
C:\Windows\System\tDioOOp.exe

Filesize
2.5MB

MD5
16b2ff3b671c0752c3d1690380b4424e

SHA1
0429ccd080b953a9175fd205f54739a1bbfc7802

SHA256
c42acaa5bdc47fc4b37525b275db65da8e8b32a7782af64e7ec25de13ba4c104

SHA512
916bae5098eb85fb8b67281718cbbcd9596de332dd719b3430cc085acb959a9b0fad10e7f589f2466e158764f4892abfbf6c53967ad9477f4a0ad5cb90762f0e

Download Submit
C:\Windows\System\tcsDeSZ.exe

Filesize
2.5MB

MD5
91f84fa43e68cdaf37d49bd038a1e9eb

SHA1
0539da6b1a28a9d2c63fb03c50fbf17d4111adce

SHA256
e33acb7b67cc913d72ec7333e13926a263e5301ea0a539b27a0c33b9e3361447

SHA512
b44ba4533f2477a939210caab1335968a9338364d64d4b754b9687f3df6408e884f8016da15ebca2613b98613d81158b95b48552c694f56700bd8f1ff5f4e91f

Download Submit
C:\Windows\System\xqBjKtX.exe

Filesize
2.5MB

MD5
e0f4cdc6c9af2ce26af222c96da23297

SHA1
5b459b44dc5e30d72a843b164a8afeb1c8ac9e35

SHA256
7e25263e0b6c3766864475b6a79ad73fd3a6ddd8a043a9e20ccd25056c2ce68e

SHA512
221d3e0f7490a81e80d59f8b265024d6278a21c815e6bf78411573ebb3ff4a52027f7efc30f5be567fbf8463e8e74d31c4ec487adf62ad4af43e974d4125674c

Download Submit
C:\Windows\System\yJjbszY.exe

Filesize
2.5MB

MD5
f01b1ef2d7a6b7b518cce5d039c90550

SHA1
85340b41e6fe5f09d7e1007f58198e311cd11065

SHA256
a3d7f0403577715e52d1aea9e3e5bfbaa9aaa362437db68db43f2fa03b9687e0

SHA512
bd88125ef7642f70c69bbac1919c9f8de4d8278af58fb3338e8b00947c750b5aedb3fe6f3024e30a1c49e7227ed3d669ec85b6325ca64d78a965ce358a2745d7

Download Submit
memory/696-2124-0x00007FF7C6FE0000-0x00007FF7C7334000-memory.dmp

Filesize
3.3MB

Download
memory/696-154-0x00007FF7C6FE0000-0x00007FF7C7334000-memory.dmp

Filesize
3.3MB

Download
memory/804-18-0x00007FF7C6B60000-0x00007FF7C6EB4000-memory.dmp

Filesize
3.3MB

Download
memory/804-2113-0x00007FF7C6B60000-0x00007FF7C6EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1132-155-0x00007FF788590000-0x00007FF7888E4000-memory.dmp

Filesize
3.3MB

Download
memory/1132-2129-0x00007FF788590000-0x00007FF7888E4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-153-0x00007FF75EDF0000-0x00007FF75F144000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2119-0x00007FF75EDF0000-0x00007FF75F144000-memory.dmp

Filesize
3.3MB

Download
memory/1464-137-0x00007FF754D90000-0x00007FF7550E4000-memory.dmp

Filesize
3.3MB

Download
memory/1464-2126-0x00007FF754D90000-0x00007FF7550E4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2117-0x00007FF6DADB0000-0x00007FF6DB104000-memory.dmp

Filesize
3.3MB

Download
memory/1528-103-0x00007FF6DADB0000-0x00007FF6DB104000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2118-0x00007FF782760000-0x00007FF782AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1932-86-0x00007FF782760000-0x00007FF782AB4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2142-0x00007FF64F400000-0x00007FF64F754000-memory.dmp

Filesize
3.3MB

Download
memory/2092-197-0x00007FF64F400000-0x00007FF64F754000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2140-0x00007FF64F400000-0x00007FF64F754000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2125-0x00007FF789480000-0x00007FF7897D4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-146-0x00007FF789480000-0x00007FF7897D4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-157-0x00007FF6CC130000-0x00007FF6CC484000-memory.dmp

Filesize
3.3MB

Download
memory/2556-2138-0x00007FF6CC130000-0x00007FF6CC484000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2112-0x00007FF698EC0000-0x00007FF699214000-memory.dmp

Filesize
3.3MB

Download
memory/2796-12-0x00007FF698EC0000-0x00007FF699214000-memory.dmp

Filesize
3.3MB

Download
memory/2848-145-0x00007FF759250000-0x00007FF7595A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2133-0x00007FF759250000-0x00007FF7595A4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-144-0x00007FF749DB0000-0x00007FF74A104000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2130-0x00007FF749DB0000-0x00007FF74A104000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2115-0x00007FF75DC30000-0x00007FF75DF84000-memory.dmp

Filesize
3.3MB

Download
memory/3044-152-0x00007FF75DC30000-0x00007FF75DF84000-memory.dmp

Filesize
3.3MB

Download
memory/3120-119-0x00007FF6FF750000-0x00007FF6FFAA4000-memory.dmp

Filesize
3.3MB

Download
memory/3120-2123-0x00007FF6FF750000-0x00007FF6FFAA4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2131-0x00007FF6E4F80000-0x00007FF6E52D4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-148-0x00007FF6E4F80000-0x00007FF6E52D4000-memory.dmp

Filesize
3.3MB

Download
memory/3232-2116-0x00007FF68BC30000-0x00007FF68BF84000-memory.dmp

Filesize
3.3MB

Download
memory/3232-44-0x00007FF68BC30000-0x00007FF68BF84000-memory.dmp

Filesize
3.3MB

Download
memory/3300-55-0x00007FF620A50000-0x00007FF620DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3300-2121-0x00007FF620A50000-0x00007FF620DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3336-147-0x00007FF63C690000-0x00007FF63C9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3336-2132-0x00007FF63C690000-0x00007FF63C9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3656-151-0x00007FF66A030000-0x00007FF66A384000-memory.dmp

Filesize
3.3MB

Download
memory/3656-2114-0x00007FF66A030000-0x00007FF66A384000-memory.dmp

Filesize
3.3MB

Download
memory/3684-2141-0x00007FF6F8040000-0x00007FF6F8394000-memory.dmp

Filesize
3.3MB

Download
memory/3684-2139-0x00007FF6F8040000-0x00007FF6F8394000-memory.dmp

Filesize
3.3MB

Download
memory/3684-196-0x00007FF6F8040000-0x00007FF6F8394000-memory.dmp

Filesize
3.3MB

Download
memory/3724-156-0x00007FF7DA0D0000-0x00007FF7DA424000-memory.dmp

Filesize
3.3MB

Download
memory/3724-2127-0x00007FF7DA0D0000-0x00007FF7DA424000-memory.dmp

Filesize
3.3MB

Download
memory/3792-126-0x00007FF64B4C0000-0x00007FF64B814000-memory.dmp

Filesize
3.3MB

Download
memory/3792-2128-0x00007FF64B4C0000-0x00007FF64B814000-memory.dmp

Filesize
3.3MB

Download
memory/4396-1-0x000001E655310000-0x000001E655320000-memory.dmp

Filesize
64KB

Download
memory/4396-0-0x00007FF780330000-0x00007FF780684000-memory.dmp

Filesize
3.3MB

Download
memory/4416-2137-0x00007FF658AA0000-0x00007FF658DF4000-memory.dmp

Filesize
3.3MB

Download
memory/4416-195-0x00007FF658AA0000-0x00007FF658DF4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2122-0x00007FF623BB0000-0x00007FF623F04000-memory.dmp

Filesize
3.3MB

Download
memory/4428-48-0x00007FF623BB0000-0x00007FF623F04000-memory.dmp

Filesize
3.3MB

Download
memory/4504-2135-0x00007FF64F690000-0x00007FF64F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4504-149-0x00007FF64F690000-0x00007FF64F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2136-0x00007FF72DDE0000-0x00007FF72E134000-memory.dmp

Filesize
3.3MB

Download
memory/4624-158-0x00007FF72DDE0000-0x00007FF72E134000-memory.dmp

Filesize
3.3MB

Download
memory/4872-2134-0x00007FF6E4DE0000-0x00007FF6E5134000-memory.dmp

Filesize
3.3MB

Download
memory/4872-150-0x00007FF6E4DE0000-0x00007FF6E5134000-memory.dmp

Filesize
3.3MB

Download
memory/4912-82-0x00007FF671DD0000-0x00007FF672124000-memory.dmp

Filesize
3.3MB

Download
memory/4912-2120-0x00007FF671DD0000-0x00007FF672124000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads