xmrig | 8237d7850fe20653829f655d4258cefb8b09826ab5ae29e811c8f9e2d455809e

Analysis

max time kernel
112s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3632c9d083a28e46306e5a450bc02b0N.exe
Size

3.8MB
MD5

c3632c9d083a28e46306e5a450bc02b0
SHA1

1bb3e382daf24284407a3853a5f76cd2b8f5dae8
SHA256

8237d7850fe20653829f655d4258cefb8b09826ab5ae29e811c8f9e2d455809e
SHA512

e0ee5b54b6b6fcf9ab2f18ccb8b9aaeedd207b379072c22176413739ae6a7eba9e6cacb9b1ddd2a29ea42466a7c2c2e112b0f50a095bbb69b7840a60876a8dc5
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2Sfcj7o:RWWBibf56utgpPFotBER/mQe

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/2912-48-0x00007FF676710000-0x00007FF676A61000-memory.dmp	xmrig
behavioral2/memory/2908-36-0x00007FF6C9B90000-0x00007FF6C9EE1000-memory.dmp	xmrig
behavioral2/memory/3068-117-0x00007FF7919D0000-0x00007FF791D21000-memory.dmp	xmrig
behavioral2/memory/2344-141-0x00007FF647390000-0x00007FF6476E1000-memory.dmp	xmrig
behavioral2/memory/3708-147-0x00007FF737530000-0x00007FF737881000-memory.dmp	xmrig
behavioral2/memory/5072-150-0x00007FF637400000-0x00007FF637751000-memory.dmp	xmrig
behavioral2/memory/4880-152-0x00007FF723A00000-0x00007FF723D51000-memory.dmp	xmrig
behavioral2/memory/1928-151-0x00007FF6E4930000-0x00007FF6E4C81000-memory.dmp	xmrig
behavioral2/memory/556-149-0x00007FF7DEFC0000-0x00007FF7DF311000-memory.dmp	xmrig
behavioral2/memory/2664-148-0x00007FF70DEA0000-0x00007FF70E1F1000-memory.dmp	xmrig
behavioral2/memory/1608-146-0x00007FF786060000-0x00007FF7863B1000-memory.dmp	xmrig
behavioral2/memory/2388-145-0x00007FF6FB7B0000-0x00007FF6FBB01000-memory.dmp	xmrig
behavioral2/memory/1760-144-0x00007FF7E0FF0000-0x00007FF7E1341000-memory.dmp	xmrig
behavioral2/memory/4780-143-0x00007FF7BBB40000-0x00007FF7BBE91000-memory.dmp	xmrig
behavioral2/memory/1260-142-0x00007FF664600000-0x00007FF664951000-memory.dmp	xmrig
behavioral2/memory/1160-140-0x00007FF6BC280000-0x00007FF6BC5D1000-memory.dmp	xmrig
behavioral2/memory/404-131-0x00007FF6C2690000-0x00007FF6C29E1000-memory.dmp	xmrig
behavioral2/memory/1588-127-0x00007FF7346C0000-0x00007FF734A11000-memory.dmp	xmrig
behavioral2/memory/3864-101-0x00007FF7C8810000-0x00007FF7C8B61000-memory.dmp	xmrig
behavioral2/memory/3060-91-0x00007FF622D60000-0x00007FF6230B1000-memory.dmp	xmrig
behavioral2/memory/1044-76-0x00007FF7F07B0000-0x00007FF7F0B01000-memory.dmp	xmrig
behavioral2/memory/3604-164-0x00007FF7EF890000-0x00007FF7EFBE1000-memory.dmp	xmrig
behavioral2/memory/1684-203-0x00007FF7C6B20000-0x00007FF7C6E71000-memory.dmp	xmrig
behavioral2/memory/2120-250-0x00007FF63E3C0000-0x00007FF63E711000-memory.dmp	xmrig
behavioral2/memory/4360-255-0x00007FF623E30000-0x00007FF624181000-memory.dmp	xmrig
behavioral2/memory/4192-264-0x00007FF660F90000-0x00007FF6612E1000-memory.dmp	xmrig
behavioral2/memory/4604-161-0x00007FF6AAD70000-0x00007FF6AB0C1000-memory.dmp	xmrig
behavioral2/memory/1044-169-0x00007FF7F07B0000-0x00007FF7F0B01000-memory.dmp	xmrig
behavioral2/memory/4044-168-0x00007FF761C50000-0x00007FF761FA1000-memory.dmp	xmrig
behavioral2/memory/4984-162-0x00007FF726210000-0x00007FF726561000-memory.dmp	xmrig
behavioral2/memory/3436-160-0x00007FF7383D0000-0x00007FF738721000-memory.dmp	xmrig
behavioral2/memory/2908-2276-0x00007FF6C9B90000-0x00007FF6C9EE1000-memory.dmp	xmrig
behavioral2/memory/4984-2278-0x00007FF726210000-0x00007FF726561000-memory.dmp	xmrig
behavioral2/memory/2912-2280-0x00007FF676710000-0x00007FF676A61000-memory.dmp	xmrig
behavioral2/memory/4044-2283-0x00007FF761C50000-0x00007FF761FA1000-memory.dmp	xmrig
behavioral2/memory/3060-2284-0x00007FF622D60000-0x00007FF6230B1000-memory.dmp	xmrig
behavioral2/memory/3604-2286-0x00007FF7EF890000-0x00007FF7EFBE1000-memory.dmp	xmrig
behavioral2/memory/3708-2288-0x00007FF737530000-0x00007FF737881000-memory.dmp	xmrig
behavioral2/memory/3864-2295-0x00007FF7C8810000-0x00007FF7C8B61000-memory.dmp	xmrig
behavioral2/memory/1044-2294-0x00007FF7F07B0000-0x00007FF7F0B01000-memory.dmp	xmrig
behavioral2/memory/5072-2297-0x00007FF637400000-0x00007FF637751000-memory.dmp	xmrig
behavioral2/memory/2664-2292-0x00007FF70DEA0000-0x00007FF70E1F1000-memory.dmp	xmrig
behavioral2/memory/3068-2299-0x00007FF7919D0000-0x00007FF791D21000-memory.dmp	xmrig
behavioral2/memory/556-2301-0x00007FF7DEFC0000-0x00007FF7DF311000-memory.dmp	xmrig
behavioral2/memory/404-2303-0x00007FF6C2690000-0x00007FF6C29E1000-memory.dmp	xmrig
behavioral2/memory/1160-2305-0x00007FF6BC280000-0x00007FF6BC5D1000-memory.dmp	xmrig
behavioral2/memory/2344-2310-0x00007FF647390000-0x00007FF6476E1000-memory.dmp	xmrig
behavioral2/memory/4880-2314-0x00007FF723A00000-0x00007FF723D51000-memory.dmp	xmrig
behavioral2/memory/1760-2319-0x00007FF7E0FF0000-0x00007FF7E1341000-memory.dmp	xmrig
behavioral2/memory/2388-2321-0x00007FF6FB7B0000-0x00007FF6FBB01000-memory.dmp	xmrig
behavioral2/memory/1608-2323-0x00007FF786060000-0x00007FF7863B1000-memory.dmp	xmrig
behavioral2/memory/4780-2317-0x00007FF7BBB40000-0x00007FF7BBE91000-memory.dmp	xmrig
behavioral2/memory/1260-2312-0x00007FF664600000-0x00007FF664951000-memory.dmp	xmrig
behavioral2/memory/1928-2308-0x00007FF6E4930000-0x00007FF6E4C81000-memory.dmp	xmrig
behavioral2/memory/1588-2315-0x00007FF7346C0000-0x00007FF734A11000-memory.dmp	xmrig
behavioral2/memory/1684-2426-0x00007FF7C6B20000-0x00007FF7C6E71000-memory.dmp	xmrig
behavioral2/memory/4192-2428-0x00007FF660F90000-0x00007FF6612E1000-memory.dmp	xmrig
behavioral2/memory/2120-2431-0x00007FF63E3C0000-0x00007FF63E711000-memory.dmp	xmrig
behavioral2/memory/4360-2436-0x00007FF623E30000-0x00007FF624181000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4604	QLRRVeO.exe
4984	RvEexwD.exe
2908	XnXxKLe.exe
3604	HJeJirQ.exe
2912	zSPmhzr.exe
3708	FyMeKBy.exe
2664	MezHzyF.exe
4044	vfLhIez.exe
1044	jCSmTrI.exe
3060	vsWLHCW.exe
556	HABzOwf.exe
3864	avNRpCL.exe
5072	xOqHWje.exe
3068	kxLcGgG.exe
1588	WSlBUmF.exe
404	iSoIuym.exe
1160	QpZBmIa.exe
2344	pNFYuZu.exe
1260	oMEGAiH.exe
1928	KjFJbof.exe
4880	WllToFo.exe
4780	HLeDSgf.exe
1760	hBTCvyU.exe
2388	JnUclxJ.exe
1608	eqAdqxy.exe
1684	yPGxdDy.exe
2120	GYfQnGh.exe
4360	vEOezoI.exe
4192	YefhDMk.exe
952	YJjwpHg.exe
1112	nKKZwlH.exe
4176	lSCaLOW.exe
688	lxAudgB.exe
3768	AZFzNRT.exe
3560	vXXpKaH.exe
3856	VtLKHIn.exe
4704	XVHtOnP.exe
4772	YubMMEo.exe
2528	jtabbNw.exe
4520	iTRaGGK.exe
1104	TOXwAhi.exe
3156	fwMfNKZ.exe
3640	eLHqwRB.exe
1680	HCppywv.exe
3100	DCzLSoN.exe
4344	jgeKKND.exe
2036	pYlpKVL.exe
4692	QgtWNfY.exe
212	hpihGfH.exe
5048	cFWbHNZ.exe
364	AZAALhD.exe
1600	mDfStGH.exe
4988	pCbcuBW.exe
4900	xNZEGCN.exe
3488	SOlSDwW.exe
2280	yGvgbkx.exe
1380	tSdNqYN.exe
924	pbhuUFb.exe
5108	SbUzyGp.exe
1688	vOfPeIN.exe
3096	HHKqgqW.exe
3924	COXYMTF.exe
2236	csqDlbs.exe
3720	NRSWDEK.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3436-0-0x00007FF7383D0000-0x00007FF738721000-memory.dmp	upx
behavioral2/files/0x0009000000023415-5.dat	upx
behavioral2/memory/4604-8-0x00007FF6AAD70000-0x00007FF6AB0C1000-memory.dmp	upx
behavioral2/files/0x000700000002347d-42.dat	upx
behavioral2/files/0x0007000000023483-66.dat	upx
behavioral2/files/0x0007000000023480-56.dat	upx
behavioral2/files/0x000700000002347e-60.dat	upx
behavioral2/memory/4044-58-0x00007FF761C50000-0x00007FF761FA1000-memory.dmp	upx
behavioral2/memory/2912-48-0x00007FF676710000-0x00007FF676A61000-memory.dmp	upx
behavioral2/files/0x0007000000023481-47.dat	upx
behavioral2/files/0x000700000002347f-45.dat	upx
behavioral2/memory/2908-36-0x00007FF6C9B90000-0x00007FF6C9EE1000-memory.dmp	upx
behavioral2/files/0x000700000002347c-28.dat	upx
behavioral2/files/0x000700000002347b-39.dat	upx
behavioral2/memory/3604-24-0x00007FF7EF890000-0x00007FF7EFBE1000-memory.dmp	upx
behavioral2/files/0x0007000000023479-26.dat	upx
behavioral2/files/0x0007000000023486-82.dat	upx
behavioral2/files/0x0007000000023488-106.dat	upx
behavioral2/memory/3068-117-0x00007FF7919D0000-0x00007FF791D21000-memory.dmp	upx
behavioral2/files/0x000700000002348c-132.dat	upx
behavioral2/memory/2344-141-0x00007FF647390000-0x00007FF6476E1000-memory.dmp	upx
behavioral2/memory/3708-147-0x00007FF737530000-0x00007FF737881000-memory.dmp	upx
behavioral2/memory/5072-150-0x00007FF637400000-0x00007FF637751000-memory.dmp	upx
behavioral2/memory/4880-152-0x00007FF723A00000-0x00007FF723D51000-memory.dmp	upx
behavioral2/memory/1928-151-0x00007FF6E4930000-0x00007FF6E4C81000-memory.dmp	upx
behavioral2/memory/556-149-0x00007FF7DEFC0000-0x00007FF7DF311000-memory.dmp	upx
behavioral2/memory/2664-148-0x00007FF70DEA0000-0x00007FF70E1F1000-memory.dmp	upx
behavioral2/memory/1608-146-0x00007FF786060000-0x00007FF7863B1000-memory.dmp	upx
behavioral2/memory/2388-145-0x00007FF6FB7B0000-0x00007FF6FBB01000-memory.dmp	upx
behavioral2/memory/1760-144-0x00007FF7E0FF0000-0x00007FF7E1341000-memory.dmp	upx
behavioral2/memory/4780-143-0x00007FF7BBB40000-0x00007FF7BBE91000-memory.dmp	upx
behavioral2/memory/1260-142-0x00007FF664600000-0x00007FF664951000-memory.dmp	upx
behavioral2/memory/1160-140-0x00007FF6BC280000-0x00007FF6BC5D1000-memory.dmp	upx
behavioral2/files/0x000700000002348f-138.dat	upx
behavioral2/files/0x000700000002348e-136.dat	upx
behavioral2/files/0x000700000002348d-134.dat	upx
behavioral2/memory/404-131-0x00007FF6C2690000-0x00007FF6C29E1000-memory.dmp	upx
behavioral2/files/0x0008000000023476-128.dat	upx
behavioral2/memory/1588-127-0x00007FF7346C0000-0x00007FF734A11000-memory.dmp	upx
behavioral2/files/0x000700000002348b-114.dat	upx
behavioral2/files/0x000700000002348a-109.dat	upx
behavioral2/files/0x0007000000023489-108.dat	upx
behavioral2/files/0x0007000000023487-104.dat	upx
behavioral2/memory/3864-101-0x00007FF7C8810000-0x00007FF7C8B61000-memory.dmp	upx
behavioral2/files/0x0007000000023482-94.dat	upx
behavioral2/files/0x0007000000023485-92.dat	upx
behavioral2/memory/3060-91-0x00007FF622D60000-0x00007FF6230B1000-memory.dmp	upx
behavioral2/memory/1044-76-0x00007FF7F07B0000-0x00007FF7F0B01000-memory.dmp	upx
behavioral2/files/0x0007000000023484-71.dat	upx
behavioral2/files/0x000700000002347a-18.dat	upx
behavioral2/memory/4984-13-0x00007FF726210000-0x00007FF726561000-memory.dmp	upx
behavioral2/memory/3604-164-0x00007FF7EF890000-0x00007FF7EFBE1000-memory.dmp	upx
behavioral2/files/0x0007000000023496-211.dat	upx
behavioral2/files/0x0007000000023495-209.dat	upx
behavioral2/memory/1684-203-0x00007FF7C6B20000-0x00007FF7C6E71000-memory.dmp	upx
behavioral2/memory/2120-250-0x00007FF63E3C0000-0x00007FF63E711000-memory.dmp	upx
behavioral2/memory/4360-255-0x00007FF623E30000-0x00007FF624181000-memory.dmp	upx
behavioral2/memory/4192-264-0x00007FF660F90000-0x00007FF6612E1000-memory.dmp	upx
behavioral2/files/0x000700000002349b-231.dat	upx
behavioral2/files/0x000700000002349a-222.dat	upx
behavioral2/files/0x0007000000023492-205.dat	upx
behavioral2/files/0x0007000000023499-215.dat	upx
behavioral2/files/0x0007000000023498-214.dat	upx
behavioral2/files/0x0007000000023493-188.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HdtPwsH.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\ByTHnxs.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\ZSGFvBZ.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\tannpvp.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\ihMMoXr.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\yfhVHRe.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\DNqgksR.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\GjkLlsH.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\gZkjGFR.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\HxaXRLi.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\ZHftDtT.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\DErZbZn.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\XnXxKLe.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\JnUclxJ.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\wsmAGdn.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\LFLJKAn.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\HTRTkzG.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\mnhGfCb.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\hUkDnLL.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\EgbNaBd.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\SDjqgvf.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\fhkHXqv.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\EBcfcIT.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\JEDcjLE.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\KcxoarA.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\gwDgonW.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\YhsSPra.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\blBKSVa.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\zlxfHGO.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\ciEAnbl.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\RhLCItA.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\mxmuuDX.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\aUztXzc.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\FlXzGSw.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\inWitLv.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\fphfNXN.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\yDeTwLa.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\WCeHlMd.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\CatIybs.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\ETQyqiZ.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\lWmsgwR.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\TsWDhjk.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\ayuEHKM.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\ZYfBkKg.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\nKGtajx.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\nKKZwlH.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\IIjIykF.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\EckZuZY.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\RSzoXim.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\HUbTKWx.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\GMmcggB.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\MaEiCGu.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\qbfTyEV.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\qTPhxLc.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\yluTgrZ.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\yOeHYOI.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\QeyMVoY.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\RycsHGm.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\BigeMbp.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\wWqCFKg.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\qqzLsyl.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\kEnIixO.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\saXHMac.exe	c3632c9d083a28e46306e5a450bc02b0N.exe
File created	C:\Windows\System\icejUTt.exe	c3632c9d083a28e46306e5a450bc02b0N.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15348	dwm.exe
Token: SeChangeNotifyPrivilege	15348	dwm.exe
Token: 33	15348	dwm.exe
Token: SeIncBasePriorityPrivilege	15348	dwm.exe
Token: SeCreateGlobalPrivilege	11800	dwm.exe
Token: SeChangeNotifyPrivilege	11800	dwm.exe
Token: 33	11800	dwm.exe
Token: SeIncBasePriorityPrivilege	11800	dwm.exe
Token: SeShutdownPrivilege	11800	dwm.exe
Token: SeCreatePagefilePrivilege	11800	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 4604	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	85
PID 3436 wrote to memory of 4604	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	85
PID 3436 wrote to memory of 4984	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	86
PID 3436 wrote to memory of 4984	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	86
PID 3436 wrote to memory of 2908	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	87
PID 3436 wrote to memory of 2908	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	87
PID 3436 wrote to memory of 3604	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	88
PID 3436 wrote to memory of 3604	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	88
PID 3436 wrote to memory of 2912	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	89
PID 3436 wrote to memory of 2912	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	89
PID 3436 wrote to memory of 3708	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	90
PID 3436 wrote to memory of 3708	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	90
PID 3436 wrote to memory of 2664	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	91
PID 3436 wrote to memory of 2664	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	91
PID 3436 wrote to memory of 4044	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	92
PID 3436 wrote to memory of 4044	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	92
PID 3436 wrote to memory of 1044	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	93
PID 3436 wrote to memory of 1044	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	93
PID 3436 wrote to memory of 3060	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	94
PID 3436 wrote to memory of 3060	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	94
PID 3436 wrote to memory of 3068	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	95
PID 3436 wrote to memory of 3068	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	95
PID 3436 wrote to memory of 556	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	96
PID 3436 wrote to memory of 556	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	96
PID 3436 wrote to memory of 3864	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	97
PID 3436 wrote to memory of 3864	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	97
PID 3436 wrote to memory of 5072	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	98
PID 3436 wrote to memory of 5072	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	98
PID 3436 wrote to memory of 1588	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	99
PID 3436 wrote to memory of 1588	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	99
PID 3436 wrote to memory of 404	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	100
PID 3436 wrote to memory of 404	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	100
PID 3436 wrote to memory of 1160	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	101
PID 3436 wrote to memory of 1160	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	101
PID 3436 wrote to memory of 2344	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	102
PID 3436 wrote to memory of 2344	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	102
PID 3436 wrote to memory of 1260	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	103
PID 3436 wrote to memory of 1260	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	103
PID 3436 wrote to memory of 1928	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	104
PID 3436 wrote to memory of 1928	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	104
PID 3436 wrote to memory of 4880	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	105
PID 3436 wrote to memory of 4880	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	105
PID 3436 wrote to memory of 4780	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	106
PID 3436 wrote to memory of 4780	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	106
PID 3436 wrote to memory of 1760	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	107
PID 3436 wrote to memory of 1760	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	107
PID 3436 wrote to memory of 2388	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	108
PID 3436 wrote to memory of 2388	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	108
PID 3436 wrote to memory of 1608	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	109
PID 3436 wrote to memory of 1608	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	109
PID 3436 wrote to memory of 1684	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	110
PID 3436 wrote to memory of 1684	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	110
PID 3436 wrote to memory of 2120	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	111
PID 3436 wrote to memory of 2120	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	111
PID 3436 wrote to memory of 4360	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	112
PID 3436 wrote to memory of 4360	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	112
PID 3436 wrote to memory of 4192	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	113
PID 3436 wrote to memory of 4192	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	113
PID 3436 wrote to memory of 952	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	114
PID 3436 wrote to memory of 952	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	114
PID 3436 wrote to memory of 1112	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	115
PID 3436 wrote to memory of 1112	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	115
PID 3436 wrote to memory of 3856	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	116
PID 3436 wrote to memory of 3856	3436	c3632c9d083a28e46306e5a450bc02b0N.exe	116

C:\Users\Admin\AppData\Local\Temp\c3632c9d083a28e46306e5a450bc02b0N.exe
"C:\Users\Admin\AppData\Local\Temp\c3632c9d083a28e46306e5a450bc02b0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Windows\System\QLRRVeO.exe
  C:\Windows\System\QLRRVeO.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\RvEexwD.exe
  C:\Windows\System\RvEexwD.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\XnXxKLe.exe
  C:\Windows\System\XnXxKLe.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\HJeJirQ.exe
  C:\Windows\System\HJeJirQ.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\zSPmhzr.exe
  C:\Windows\System\zSPmhzr.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\FyMeKBy.exe
  C:\Windows\System\FyMeKBy.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\MezHzyF.exe
  C:\Windows\System\MezHzyF.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\vfLhIez.exe
  C:\Windows\System\vfLhIez.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\jCSmTrI.exe
  C:\Windows\System\jCSmTrI.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\vsWLHCW.exe
  C:\Windows\System\vsWLHCW.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\kxLcGgG.exe
  C:\Windows\System\kxLcGgG.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\HABzOwf.exe
  C:\Windows\System\HABzOwf.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\avNRpCL.exe
  C:\Windows\System\avNRpCL.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\xOqHWje.exe
  C:\Windows\System\xOqHWje.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\WSlBUmF.exe
  C:\Windows\System\WSlBUmF.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\iSoIuym.exe
  C:\Windows\System\iSoIuym.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\QpZBmIa.exe
  C:\Windows\System\QpZBmIa.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\pNFYuZu.exe
  C:\Windows\System\pNFYuZu.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\oMEGAiH.exe
  C:\Windows\System\oMEGAiH.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\KjFJbof.exe
  C:\Windows\System\KjFJbof.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\WllToFo.exe
  C:\Windows\System\WllToFo.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\HLeDSgf.exe
  C:\Windows\System\HLeDSgf.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\hBTCvyU.exe
  C:\Windows\System\hBTCvyU.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\JnUclxJ.exe
  C:\Windows\System\JnUclxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\eqAdqxy.exe
  C:\Windows\System\eqAdqxy.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\yPGxdDy.exe
  C:\Windows\System\yPGxdDy.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\GYfQnGh.exe
  C:\Windows\System\GYfQnGh.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\vEOezoI.exe
  C:\Windows\System\vEOezoI.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\YefhDMk.exe
  C:\Windows\System\YefhDMk.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\YJjwpHg.exe
  C:\Windows\System\YJjwpHg.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\nKKZwlH.exe
  C:\Windows\System\nKKZwlH.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\VtLKHIn.exe
  C:\Windows\System\VtLKHIn.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\lSCaLOW.exe
  C:\Windows\System\lSCaLOW.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\lxAudgB.exe
  C:\Windows\System\lxAudgB.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\AZFzNRT.exe
  C:\Windows\System\AZFzNRT.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\vXXpKaH.exe
  C:\Windows\System\vXXpKaH.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\XVHtOnP.exe
  C:\Windows\System\XVHtOnP.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\YubMMEo.exe
  C:\Windows\System\YubMMEo.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\jtabbNw.exe
  C:\Windows\System\jtabbNw.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\iTRaGGK.exe
  C:\Windows\System\iTRaGGK.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\TOXwAhi.exe
  C:\Windows\System\TOXwAhi.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\fwMfNKZ.exe
  C:\Windows\System\fwMfNKZ.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\eLHqwRB.exe
  C:\Windows\System\eLHqwRB.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\HCppywv.exe
  C:\Windows\System\HCppywv.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\DCzLSoN.exe
  C:\Windows\System\DCzLSoN.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\jgeKKND.exe
  C:\Windows\System\jgeKKND.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\pYlpKVL.exe
  C:\Windows\System\pYlpKVL.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\QgtWNfY.exe
  C:\Windows\System\QgtWNfY.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\hpihGfH.exe
  C:\Windows\System\hpihGfH.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\cFWbHNZ.exe
  C:\Windows\System\cFWbHNZ.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\AZAALhD.exe
  C:\Windows\System\AZAALhD.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\mDfStGH.exe
  C:\Windows\System\mDfStGH.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\pCbcuBW.exe
  C:\Windows\System\pCbcuBW.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\xNZEGCN.exe
  C:\Windows\System\xNZEGCN.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\SOlSDwW.exe
  C:\Windows\System\SOlSDwW.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\yGvgbkx.exe
  C:\Windows\System\yGvgbkx.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\tSdNqYN.exe
  C:\Windows\System\tSdNqYN.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\pbhuUFb.exe
  C:\Windows\System\pbhuUFb.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\SbUzyGp.exe
  C:\Windows\System\SbUzyGp.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\vOfPeIN.exe
  C:\Windows\System\vOfPeIN.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\HHKqgqW.exe
  C:\Windows\System\HHKqgqW.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\csqDlbs.exe
  C:\Windows\System\csqDlbs.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\COXYMTF.exe
  C:\Windows\System\COXYMTF.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\NRSWDEK.exe
  C:\Windows\System\NRSWDEK.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\PAdGqNt.exe
  C:\Windows\System\PAdGqNt.exe
  2⤵
  PID:3544
- C:\Windows\System\fwqyOYF.exe
  C:\Windows\System\fwqyOYF.exe
  2⤵
  PID:4760
- C:\Windows\System\mlmQEQr.exe
  C:\Windows\System\mlmQEQr.exe
  2⤵
  PID:1384
- C:\Windows\System\QkqtOeb.exe
  C:\Windows\System\QkqtOeb.exe
  2⤵
  PID:3032
- C:\Windows\System\KhsSPDU.exe
  C:\Windows\System\KhsSPDU.exe
  2⤵
  PID:228
- C:\Windows\System\CCDFwGA.exe
  C:\Windows\System\CCDFwGA.exe
  2⤵
  PID:332
- C:\Windows\System\WmKuLZH.exe
  C:\Windows\System\WmKuLZH.exe
  2⤵
  PID:1040
- C:\Windows\System\gPQrPZS.exe
  C:\Windows\System\gPQrPZS.exe
  2⤵
  PID:4324
- C:\Windows\System\zjaTHWH.exe
  C:\Windows\System\zjaTHWH.exe
  2⤵
  PID:2260
- C:\Windows\System\diBnqkI.exe
  C:\Windows\System\diBnqkI.exe
  2⤵
  PID:1952
- C:\Windows\System\ETQyqiZ.exe
  C:\Windows\System\ETQyqiZ.exe
  2⤵
  PID:2876
- C:\Windows\System\WfuvrYj.exe
  C:\Windows\System\WfuvrYj.exe
  2⤵
  PID:3104
- C:\Windows\System\tannpvp.exe
  C:\Windows\System\tannpvp.exe
  2⤵
  PID:1436
- C:\Windows\System\qKQBbhv.exe
  C:\Windows\System\qKQBbhv.exe
  2⤵
  PID:4072
- C:\Windows\System\boeLCcF.exe
  C:\Windows\System\boeLCcF.exe
  2⤵
  PID:1652
- C:\Windows\System\OiEHSNx.exe
  C:\Windows\System\OiEHSNx.exe
  2⤵
  PID:2544
- C:\Windows\System\oGnuMNn.exe
  C:\Windows\System\oGnuMNn.exe
  2⤵
  PID:2700
- C:\Windows\System\FlXzGSw.exe
  C:\Windows\System\FlXzGSw.exe
  2⤵
  PID:1488
- C:\Windows\System\KqsvRGy.exe
  C:\Windows\System\KqsvRGy.exe
  2⤵
  PID:2956
- C:\Windows\System\tphEmBP.exe
  C:\Windows\System\tphEmBP.exe
  2⤵
  PID:2948
- C:\Windows\System\eikxLyX.exe
  C:\Windows\System\eikxLyX.exe
  2⤵
  PID:3092
- C:\Windows\System\NhrmZFw.exe
  C:\Windows\System\NhrmZFw.exe
  2⤵
  PID:2032
- C:\Windows\System\lPFPeRr.exe
  C:\Windows\System\lPFPeRr.exe
  2⤵
  PID:3236
- C:\Windows\System\rrfyqkb.exe
  C:\Windows\System\rrfyqkb.exe
  2⤵
  PID:2420
- C:\Windows\System\ocTQtBZ.exe
  C:\Windows\System\ocTQtBZ.exe
  2⤵
  PID:3160
- C:\Windows\System\jFZdbwJ.exe
  C:\Windows\System\jFZdbwJ.exe
  2⤵
  PID:3788
- C:\Windows\System\AlvKHnZ.exe
  C:\Windows\System\AlvKHnZ.exe
  2⤵
  PID:1936
- C:\Windows\System\EACIvQs.exe
  C:\Windows\System\EACIvQs.exe
  2⤵
  PID:1240
- C:\Windows\System\tHYnlTy.exe
  C:\Windows\System\tHYnlTy.exe
  2⤵
  PID:1080
- C:\Windows\System\QqpUIsx.exe
  C:\Windows\System\QqpUIsx.exe
  2⤵
  PID:472
- C:\Windows\System\phJDwSi.exe
  C:\Windows\System\phJDwSi.exe
  2⤵
  PID:2728
- C:\Windows\System\yKVbUvE.exe
  C:\Windows\System\yKVbUvE.exe
  2⤵
  PID:3772
- C:\Windows\System\UNZiddh.exe
  C:\Windows\System\UNZiddh.exe
  2⤵
  PID:5136
- C:\Windows\System\xWeLANo.exe
  C:\Windows\System\xWeLANo.exe
  2⤵
  PID:5164
- C:\Windows\System\MyoLUXV.exe
  C:\Windows\System\MyoLUXV.exe
  2⤵
  PID:5188
- C:\Windows\System\kleZbZF.exe
  C:\Windows\System\kleZbZF.exe
  2⤵
  PID:5216
- C:\Windows\System\RKSEDbb.exe
  C:\Windows\System\RKSEDbb.exe
  2⤵
  PID:5240
- C:\Windows\System\leNiQVx.exe
  C:\Windows\System\leNiQVx.exe
  2⤵
  PID:5276
- C:\Windows\System\rNagLyU.exe
  C:\Windows\System\rNagLyU.exe
  2⤵
  PID:5300
- C:\Windows\System\sTOVHVi.exe
  C:\Windows\System\sTOVHVi.exe
  2⤵
  PID:5328
- C:\Windows\System\hUkDnLL.exe
  C:\Windows\System\hUkDnLL.exe
  2⤵
  PID:5352
- C:\Windows\System\wYgNdYz.exe
  C:\Windows\System\wYgNdYz.exe
  2⤵
  PID:5384
- C:\Windows\System\hnqDVbz.exe
  C:\Windows\System\hnqDVbz.exe
  2⤵
  PID:5412
- C:\Windows\System\QKHnzeN.exe
  C:\Windows\System\QKHnzeN.exe
  2⤵
  PID:5436
- C:\Windows\System\HJpKsHk.exe
  C:\Windows\System\HJpKsHk.exe
  2⤵
  PID:5468
- C:\Windows\System\uUIBSMu.exe
  C:\Windows\System\uUIBSMu.exe
  2⤵
  PID:5504
- C:\Windows\System\HZtqVLX.exe
  C:\Windows\System\HZtqVLX.exe
  2⤵
  PID:5528
- C:\Windows\System\DqLbSMd.exe
  C:\Windows\System\DqLbSMd.exe
  2⤵
  PID:5552
- C:\Windows\System\VlIWykw.exe
  C:\Windows\System\VlIWykw.exe
  2⤵
  PID:5588
- C:\Windows\System\ZFHTQTX.exe
  C:\Windows\System\ZFHTQTX.exe
  2⤵
  PID:5628
- C:\Windows\System\TLglPSi.exe
  C:\Windows\System\TLglPSi.exe
  2⤵
  PID:5652
- C:\Windows\System\mkqgSnr.exe
  C:\Windows\System\mkqgSnr.exe
  2⤵
  PID:5676
- C:\Windows\System\UewOhVg.exe
  C:\Windows\System\UewOhVg.exe
  2⤵
  PID:5696
- C:\Windows\System\zuRuPzm.exe
  C:\Windows\System\zuRuPzm.exe
  2⤵
  PID:5744
- C:\Windows\System\QUExCJu.exe
  C:\Windows\System\QUExCJu.exe
  2⤵
  PID:5780
- C:\Windows\System\GVSaCZU.exe
  C:\Windows\System\GVSaCZU.exe
  2⤵
  PID:5800
- C:\Windows\System\ZBVxwym.exe
  C:\Windows\System\ZBVxwym.exe
  2⤵
  PID:5816
- C:\Windows\System\EQKRaNZ.exe
  C:\Windows\System\EQKRaNZ.exe
  2⤵
  PID:5832
- C:\Windows\System\YDuAWGw.exe
  C:\Windows\System\YDuAWGw.exe
  2⤵
  PID:5852
- C:\Windows\System\SnkXFTH.exe
  C:\Windows\System\SnkXFTH.exe
  2⤵
  PID:5888
- C:\Windows\System\pcHYQGd.exe
  C:\Windows\System\pcHYQGd.exe
  2⤵
  PID:5912
- C:\Windows\System\eDgbQXX.exe
  C:\Windows\System\eDgbQXX.exe
  2⤵
  PID:5940
- C:\Windows\System\UjNORYx.exe
  C:\Windows\System\UjNORYx.exe
  2⤵
  PID:5976
- C:\Windows\System\ahleJWm.exe
  C:\Windows\System\ahleJWm.exe
  2⤵
  PID:6008
- C:\Windows\System\inWitLv.exe
  C:\Windows\System\inWitLv.exe
  2⤵
  PID:6036
- C:\Windows\System\EZoPcih.exe
  C:\Windows\System\EZoPcih.exe
  2⤵
  PID:6056
- C:\Windows\System\DCMYCyi.exe
  C:\Windows\System\DCMYCyi.exe
  2⤵
  PID:6076
- C:\Windows\System\MWrtJCJ.exe
  C:\Windows\System\MWrtJCJ.exe
  2⤵
  PID:6104
- C:\Windows\System\cQpklaT.exe
  C:\Windows\System\cQpklaT.exe
  2⤵
  PID:6132
- C:\Windows\System\whsCIbt.exe
  C:\Windows\System\whsCIbt.exe
  2⤵
  PID:5156
- C:\Windows\System\IIjIykF.exe
  C:\Windows\System\IIjIykF.exe
  2⤵
  PID:5008
- C:\Windows\System\fPIKbxG.exe
  C:\Windows\System\fPIKbxG.exe
  2⤵
  PID:5268
- C:\Windows\System\YyQDSaW.exe
  C:\Windows\System\YyQDSaW.exe
  2⤵
  PID:5288
- C:\Windows\System\RdLbetd.exe
  C:\Windows\System\RdLbetd.exe
  2⤵
  PID:5404
- C:\Windows\System\uBBNkDe.exe
  C:\Windows\System\uBBNkDe.exe
  2⤵
  PID:5464
- C:\Windows\System\JQIeKhf.exe
  C:\Windows\System\JQIeKhf.exe
  2⤵
  PID:5516
- C:\Windows\System\fphfNXN.exe
  C:\Windows\System\fphfNXN.exe
  2⤵
  PID:5624
- C:\Windows\System\wMLSKTw.exe
  C:\Windows\System\wMLSKTw.exe
  2⤵
  PID:5668
- C:\Windows\System\coIXHKF.exe
  C:\Windows\System\coIXHKF.exe
  2⤵
  PID:880
- C:\Windows\System\phwTjdJ.exe
  C:\Windows\System\phwTjdJ.exe
  2⤵
  PID:2392
- C:\Windows\System\hGjfFrN.exe
  C:\Windows\System\hGjfFrN.exe
  2⤵
  PID:5796
- C:\Windows\System\PaMPyKr.exe
  C:\Windows\System\PaMPyKr.exe
  2⤵
  PID:5868
- C:\Windows\System\zxEATcj.exe
  C:\Windows\System\zxEATcj.exe
  2⤵
  PID:5900
- C:\Windows\System\FFzrMCO.exe
  C:\Windows\System\FFzrMCO.exe
  2⤵
  PID:5928
- C:\Windows\System\EgbNaBd.exe
  C:\Windows\System\EgbNaBd.exe
  2⤵
  PID:5992
- C:\Windows\System\sgKwAxM.exe
  C:\Windows\System\sgKwAxM.exe
  2⤵
  PID:6048
- C:\Windows\System\lWmsgwR.exe
  C:\Windows\System\lWmsgwR.exe
  2⤵
  PID:6112
- C:\Windows\System\BSWYMev.exe
  C:\Windows\System\BSWYMev.exe
  2⤵
  PID:1540
- C:\Windows\System\mpcJTdk.exe
  C:\Windows\System\mpcJTdk.exe
  2⤵
  PID:4284
- C:\Windows\System\GPfKaqC.exe
  C:\Windows\System\GPfKaqC.exe
  2⤵
  PID:5428
- C:\Windows\System\FMIZbmi.exe
  C:\Windows\System\FMIZbmi.exe
  2⤵
  PID:4040
- C:\Windows\System\iHFRVEQ.exe
  C:\Windows\System\iHFRVEQ.exe
  2⤵
  PID:5640
- C:\Windows\System\YBBJnEV.exe
  C:\Windows\System\YBBJnEV.exe
  2⤵
  PID:5792
- C:\Windows\System\MaEiCGu.exe
  C:\Windows\System\MaEiCGu.exe
  2⤵
  PID:4492
- C:\Windows\System\fpWgWvV.exe
  C:\Windows\System\fpWgWvV.exe
  2⤵
  PID:6084
- C:\Windows\System\FADdSQG.exe
  C:\Windows\System\FADdSQG.exe
  2⤵
  PID:5144
- C:\Windows\System\sXdBZAf.exe
  C:\Windows\System\sXdBZAf.exe
  2⤵
  PID:5520
- C:\Windows\System\LHUVxAQ.exe
  C:\Windows\System\LHUVxAQ.exe
  2⤵
  PID:3956
- C:\Windows\System\OTvwxWZ.exe
  C:\Windows\System\OTvwxWZ.exe
  2⤵
  PID:416
- C:\Windows\System\NeWZPlX.exe
  C:\Windows\System\NeWZPlX.exe
  2⤵
  PID:5808
- C:\Windows\System\OzJoicZ.exe
  C:\Windows\System\OzJoicZ.exe
  2⤵
  PID:6016
- C:\Windows\System\PQgvSbL.exe
  C:\Windows\System\PQgvSbL.exe
  2⤵
  PID:6160
- C:\Windows\System\kcAEifI.exe
  C:\Windows\System\kcAEifI.exe
  2⤵
  PID:6196
- C:\Windows\System\VEOdhDb.exe
  C:\Windows\System\VEOdhDb.exe
  2⤵
  PID:6224
- C:\Windows\System\wsmAGdn.exe
  C:\Windows\System\wsmAGdn.exe
  2⤵
  PID:6252
- C:\Windows\System\ockApTm.exe
  C:\Windows\System\ockApTm.exe
  2⤵
  PID:6280
- C:\Windows\System\rbsEnuL.exe
  C:\Windows\System\rbsEnuL.exe
  2⤵
  PID:6308
- C:\Windows\System\iImQONj.exe
  C:\Windows\System\iImQONj.exe
  2⤵
  PID:6336
- C:\Windows\System\jIXazvp.exe
  C:\Windows\System\jIXazvp.exe
  2⤵
  PID:6364
- C:\Windows\System\CLRDUcN.exe
  C:\Windows\System\CLRDUcN.exe
  2⤵
  PID:6400
- C:\Windows\System\EMvWvZn.exe
  C:\Windows\System\EMvWvZn.exe
  2⤵
  PID:6440
- C:\Windows\System\BfAGPUJ.exe
  C:\Windows\System\BfAGPUJ.exe
  2⤵
  PID:6476
- C:\Windows\System\CYyuQCZ.exe
  C:\Windows\System\CYyuQCZ.exe
  2⤵
  PID:6508
- C:\Windows\System\VicEzrX.exe
  C:\Windows\System\VicEzrX.exe
  2⤵
  PID:6544
- C:\Windows\System\leXfztL.exe
  C:\Windows\System\leXfztL.exe
  2⤵
  PID:6576
- C:\Windows\System\CXPuWsa.exe
  C:\Windows\System\CXPuWsa.exe
  2⤵
  PID:6596
- C:\Windows\System\KBJMRPt.exe
  C:\Windows\System\KBJMRPt.exe
  2⤵
  PID:6620
- C:\Windows\System\SobQHfu.exe
  C:\Windows\System\SobQHfu.exe
  2⤵
  PID:6648
- C:\Windows\System\zlxfHGO.exe
  C:\Windows\System\zlxfHGO.exe
  2⤵
  PID:6676
- C:\Windows\System\wxBxmQk.exe
  C:\Windows\System\wxBxmQk.exe
  2⤵
  PID:6704
- C:\Windows\System\irPcVor.exe
  C:\Windows\System\irPcVor.exe
  2⤵
  PID:6740
- C:\Windows\System\DsGIpnA.exe
  C:\Windows\System\DsGIpnA.exe
  2⤵
  PID:6760
- C:\Windows\System\AfoeLEE.exe
  C:\Windows\System\AfoeLEE.exe
  2⤵
  PID:6788
- C:\Windows\System\GvrBfdx.exe
  C:\Windows\System\GvrBfdx.exe
  2⤵
  PID:6812
- C:\Windows\System\aSjXRwZ.exe
  C:\Windows\System\aSjXRwZ.exe
  2⤵
  PID:6872
- C:\Windows\System\snQcNiN.exe
  C:\Windows\System\snQcNiN.exe
  2⤵
  PID:6904
- C:\Windows\System\HXZXZxU.exe
  C:\Windows\System\HXZXZxU.exe
  2⤵
  PID:6932
- C:\Windows\System\cQhzEOM.exe
  C:\Windows\System\cQhzEOM.exe
  2⤵
  PID:6960
- C:\Windows\System\aYllPyJ.exe
  C:\Windows\System\aYllPyJ.exe
  2⤵
  PID:6988
- C:\Windows\System\jiuBuCu.exe
  C:\Windows\System\jiuBuCu.exe
  2⤵
  PID:7008
- C:\Windows\System\SDjqgvf.exe
  C:\Windows\System\SDjqgvf.exe
  2⤵
  PID:7024
- C:\Windows\System\GZOMuaP.exe
  C:\Windows\System\GZOMuaP.exe
  2⤵
  PID:7052
- C:\Windows\System\kLSuPOc.exe
  C:\Windows\System\kLSuPOc.exe
  2⤵
  PID:7088
- C:\Windows\System\CuivUgW.exe
  C:\Windows\System\CuivUgW.exe
  2⤵
  PID:7112
- C:\Windows\System\rkZuYvT.exe
  C:\Windows\System\rkZuYvT.exe
  2⤵
  PID:7144
- C:\Windows\System\KYvbXfo.exe
  C:\Windows\System\KYvbXfo.exe
  2⤵
  PID:7164
- C:\Windows\System\ZbvWjeU.exe
  C:\Windows\System\ZbvWjeU.exe
  2⤵
  PID:6180
- C:\Windows\System\QnlBSbD.exe
  C:\Windows\System\QnlBSbD.exe
  2⤵
  PID:6264
- C:\Windows\System\PHRVWNR.exe
  C:\Windows\System\PHRVWNR.exe
  2⤵
  PID:6328
- C:\Windows\System\FzZBhuP.exe
  C:\Windows\System\FzZBhuP.exe
  2⤵
  PID:6412
- C:\Windows\System\DMWbWcb.exe
  C:\Windows\System\DMWbWcb.exe
  2⤵
  PID:6468
- C:\Windows\System\agtqoAA.exe
  C:\Windows\System\agtqoAA.exe
  2⤵
  PID:6536
- C:\Windows\System\TicXqIx.exe
  C:\Windows\System\TicXqIx.exe
  2⤵
  PID:6584
- C:\Windows\System\XMMcREv.exe
  C:\Windows\System\XMMcREv.exe
  2⤵
  PID:6636
- C:\Windows\System\RPZGFVO.exe
  C:\Windows\System\RPZGFVO.exe
  2⤵
  PID:6720
- C:\Windows\System\IiUpzDg.exe
  C:\Windows\System\IiUpzDg.exe
  2⤵
  PID:6808
- C:\Windows\System\qbfTyEV.exe
  C:\Windows\System\qbfTyEV.exe
  2⤵
  PID:6856
- C:\Windows\System\ZLeYVaB.exe
  C:\Windows\System\ZLeYVaB.exe
  2⤵
  PID:6924
- C:\Windows\System\dxVGyiU.exe
  C:\Windows\System\dxVGyiU.exe
  2⤵
  PID:7000
- C:\Windows\System\DmfGZZw.exe
  C:\Windows\System\DmfGZZw.exe
  2⤵
  PID:7108
- C:\Windows\System\iAfLMPi.exe
  C:\Windows\System\iAfLMPi.exe
  2⤵
  PID:7100
- C:\Windows\System\NuVceqk.exe
  C:\Windows\System\NuVceqk.exe
  2⤵
  PID:6236
- C:\Windows\System\qwjeHNi.exe
  C:\Windows\System\qwjeHNi.exe
  2⤵
  PID:6372
- C:\Windows\System\TChAFPc.exe
  C:\Windows\System\TChAFPc.exe
  2⤵
  PID:6560
- C:\Windows\System\BigeMbp.exe
  C:\Windows\System\BigeMbp.exe
  2⤵
  PID:6644
- C:\Windows\System\kvUuKds.exe
  C:\Windows\System\kvUuKds.exe
  2⤵
  PID:6824
- C:\Windows\System\GoJdmTu.exe
  C:\Windows\System\GoJdmTu.exe
  2⤵
  PID:6968
- C:\Windows\System\gXIMvYq.exe
  C:\Windows\System\gXIMvYq.exe
  2⤵
  PID:6172
- C:\Windows\System\jcRRXhE.exe
  C:\Windows\System\jcRRXhE.exe
  2⤵
  PID:6232
- C:\Windows\System\jtMNVbL.exe
  C:\Windows\System\jtMNVbL.exe
  2⤵
  PID:6632
- C:\Windows\System\gYDYFbV.exe
  C:\Windows\System\gYDYFbV.exe
  2⤵
  PID:7072
- C:\Windows\System\MMqAZdz.exe
  C:\Windows\System\MMqAZdz.exe
  2⤵
  PID:7172
- C:\Windows\System\bFRyWAj.exe
  C:\Windows\System\bFRyWAj.exe
  2⤵
  PID:7212
- C:\Windows\System\ecYHppR.exe
  C:\Windows\System\ecYHppR.exe
  2⤵
  PID:7236
- C:\Windows\System\acMuJcV.exe
  C:\Windows\System\acMuJcV.exe
  2⤵
  PID:7264
- C:\Windows\System\NMqjucs.exe
  C:\Windows\System\NMqjucs.exe
  2⤵
  PID:7292
- C:\Windows\System\FCfzfID.exe
  C:\Windows\System\FCfzfID.exe
  2⤵
  PID:7320
- C:\Windows\System\dYFWgvR.exe
  C:\Windows\System\dYFWgvR.exe
  2⤵
  PID:7352
- C:\Windows\System\jmSlufc.exe
  C:\Windows\System\jmSlufc.exe
  2⤵
  PID:7376
- C:\Windows\System\SBsJZBj.exe
  C:\Windows\System\SBsJZBj.exe
  2⤵
  PID:7412
- C:\Windows\System\PDaDlQo.exe
  C:\Windows\System\PDaDlQo.exe
  2⤵
  PID:7436
- C:\Windows\System\EcsEbno.exe
  C:\Windows\System\EcsEbno.exe
  2⤵
  PID:7460
- C:\Windows\System\YHwLayT.exe
  C:\Windows\System\YHwLayT.exe
  2⤵
  PID:7488
- C:\Windows\System\LFLJKAn.exe
  C:\Windows\System\LFLJKAn.exe
  2⤵
  PID:7524
- C:\Windows\System\ntOdogz.exe
  C:\Windows\System\ntOdogz.exe
  2⤵
  PID:7556
- C:\Windows\System\ikGuRhZ.exe
  C:\Windows\System\ikGuRhZ.exe
  2⤵
  PID:7588
- C:\Windows\System\vVTZJIm.exe
  C:\Windows\System\vVTZJIm.exe
  2⤵
  PID:7608
- C:\Windows\System\HuAqiKB.exe
  C:\Windows\System\HuAqiKB.exe
  2⤵
  PID:7640
- C:\Windows\System\iIWiQqO.exe
  C:\Windows\System\iIWiQqO.exe
  2⤵
  PID:7668
- C:\Windows\System\XYtQsdF.exe
  C:\Windows\System\XYtQsdF.exe
  2⤵
  PID:7720
- C:\Windows\System\qsdotnv.exe
  C:\Windows\System\qsdotnv.exe
  2⤵
  PID:7748
- C:\Windows\System\eZStVIO.exe
  C:\Windows\System\eZStVIO.exe
  2⤵
  PID:7804
- C:\Windows\System\GLAAHzN.exe
  C:\Windows\System\GLAAHzN.exe
  2⤵
  PID:7820
- C:\Windows\System\epLhLZj.exe
  C:\Windows\System\epLhLZj.exe
  2⤵
  PID:7852
- C:\Windows\System\wPPPUGP.exe
  C:\Windows\System\wPPPUGP.exe
  2⤵
  PID:7868
- C:\Windows\System\MRNZhHd.exe
  C:\Windows\System\MRNZhHd.exe
  2⤵
  PID:7896
- C:\Windows\System\nXWxUMK.exe
  C:\Windows\System\nXWxUMK.exe
  2⤵
  PID:7932
- C:\Windows\System\LFMrvEq.exe
  C:\Windows\System\LFMrvEq.exe
  2⤵
  PID:7960
- C:\Windows\System\tdDEXIX.exe
  C:\Windows\System\tdDEXIX.exe
  2⤵
  PID:7988
- C:\Windows\System\TqZbtWf.exe
  C:\Windows\System\TqZbtWf.exe
  2⤵
  PID:8012
- C:\Windows\System\TgOvzGq.exe
  C:\Windows\System\TgOvzGq.exe
  2⤵
  PID:8040
- C:\Windows\System\GTUdfoz.exe
  C:\Windows\System\GTUdfoz.exe
  2⤵
  PID:8072
- C:\Windows\System\ajCfLJb.exe
  C:\Windows\System\ajCfLJb.exe
  2⤵
  PID:8100
- C:\Windows\System\ZcXRKEe.exe
  C:\Windows\System\ZcXRKEe.exe
  2⤵
  PID:8116
- C:\Windows\System\pVJUcpF.exe
  C:\Windows\System\pVJUcpF.exe
  2⤵
  PID:8144
- C:\Windows\System\vPveGeh.exe
  C:\Windows\System\vPveGeh.exe
  2⤵
  PID:8168
- C:\Windows\System\XnKuipO.exe
  C:\Windows\System\XnKuipO.exe
  2⤵
  PID:7152
- C:\Windows\System\tSePWKj.exe
  C:\Windows\System\tSePWKj.exe
  2⤵
  PID:7228
- C:\Windows\System\uGVHtqU.exe
  C:\Windows\System\uGVHtqU.exe
  2⤵
  PID:7280
- C:\Windows\System\rZLEoov.exe
  C:\Windows\System\rZLEoov.exe
  2⤵
  PID:7396
- C:\Windows\System\PuXUjzq.exe
  C:\Windows\System\PuXUjzq.exe
  2⤵
  PID:7384
- C:\Windows\System\OyeMfsK.exe
  C:\Windows\System\OyeMfsK.exe
  2⤵
  PID:7484
- C:\Windows\System\WVJyAud.exe
  C:\Windows\System\WVJyAud.exe
  2⤵
  PID:7536
- C:\Windows\System\qUHiqeS.exe
  C:\Windows\System\qUHiqeS.exe
  2⤵
  PID:7624
- C:\Windows\System\ujrtgIy.exe
  C:\Windows\System\ujrtgIy.exe
  2⤵
  PID:7740
- C:\Windows\System\NyDVpqk.exe
  C:\Windows\System\NyDVpqk.exe
  2⤵
  PID:2720
- C:\Windows\System\lyGaYnp.exe
  C:\Windows\System\lyGaYnp.exe
  2⤵
  PID:7104
- C:\Windows\System\bcbLHML.exe
  C:\Windows\System\bcbLHML.exe
  2⤵
  PID:7860
- C:\Windows\System\PHElnzi.exe
  C:\Windows\System\PHElnzi.exe
  2⤵
  PID:7940
- C:\Windows\System\geZUsjT.exe
  C:\Windows\System\geZUsjT.exe
  2⤵
  PID:8008
- C:\Windows\System\wWqCFKg.exe
  C:\Windows\System\wWqCFKg.exe
  2⤵
  PID:8056
- C:\Windows\System\qTPhxLc.exe
  C:\Windows\System\qTPhxLc.exe
  2⤵
  PID:8132
- C:\Windows\System\ZCMgWpR.exe
  C:\Windows\System\ZCMgWpR.exe
  2⤵
  PID:7188
- C:\Windows\System\zlVLYOU.exe
  C:\Windows\System\zlVLYOU.exe
  2⤵
  PID:7428
- C:\Windows\System\gvPVnaD.exe
  C:\Windows\System\gvPVnaD.exe
  2⤵
  PID:7604
- C:\Windows\System\XSHNJpf.exe
  C:\Windows\System\XSHNJpf.exe
  2⤵
  PID:7660
- C:\Windows\System\eoXeqlU.exe
  C:\Windows\System\eoXeqlU.exe
  2⤵
  PID:7880
- C:\Windows\System\sRaDxzo.exe
  C:\Windows\System\sRaDxzo.exe
  2⤵
  PID:8124
- C:\Windows\System\ToTDiCO.exe
  C:\Windows\System\ToTDiCO.exe
  2⤵
  PID:7340
- C:\Windows\System\vCGVVez.exe
  C:\Windows\System\vCGVVez.exe
  2⤵
  PID:7864
- C:\Windows\System\juRuyUB.exe
  C:\Windows\System\juRuyUB.exe
  2⤵
  PID:8212
- C:\Windows\System\GzKteiO.exe
  C:\Windows\System\GzKteiO.exe
  2⤵
  PID:8240
- C:\Windows\System\ngNQLmK.exe
  C:\Windows\System\ngNQLmK.exe
  2⤵
  PID:8276
- C:\Windows\System\svBGBEE.exe
  C:\Windows\System\svBGBEE.exe
  2⤵
  PID:8304
- C:\Windows\System\duHRuqb.exe
  C:\Windows\System\duHRuqb.exe
  2⤵
  PID:8336
- C:\Windows\System\zKXgTMz.exe
  C:\Windows\System\zKXgTMz.exe
  2⤵
  PID:8360
- C:\Windows\System\barJLIq.exe
  C:\Windows\System\barJLIq.exe
  2⤵
  PID:8388
- C:\Windows\System\RVHgrpf.exe
  C:\Windows\System\RVHgrpf.exe
  2⤵
  PID:8420
- C:\Windows\System\YCOoAKq.exe
  C:\Windows\System\YCOoAKq.exe
  2⤵
  PID:8452
- C:\Windows\System\EPErGuM.exe
  C:\Windows\System\EPErGuM.exe
  2⤵
  PID:8484
- C:\Windows\System\qlctXtO.exe
  C:\Windows\System\qlctXtO.exe
  2⤵
  PID:8516
- C:\Windows\System\LxckvQy.exe
  C:\Windows\System\LxckvQy.exe
  2⤵
  PID:8540
- C:\Windows\System\TePoyRH.exe
  C:\Windows\System\TePoyRH.exe
  2⤵
  PID:8572
- C:\Windows\System\zeEyLwh.exe
  C:\Windows\System\zeEyLwh.exe
  2⤵
  PID:8592
- C:\Windows\System\tUEnwQz.exe
  C:\Windows\System\tUEnwQz.exe
  2⤵
  PID:8616
- C:\Windows\System\XOuvQmd.exe
  C:\Windows\System\XOuvQmd.exe
  2⤵
  PID:8644
- C:\Windows\System\FOFRWHD.exe
  C:\Windows\System\FOFRWHD.exe
  2⤵
  PID:8676
- C:\Windows\System\tUTppsd.exe
  C:\Windows\System\tUTppsd.exe
  2⤵
  PID:8704
- C:\Windows\System\WRGwjCO.exe
  C:\Windows\System\WRGwjCO.exe
  2⤵
  PID:8732
- C:\Windows\System\NyHHDBg.exe
  C:\Windows\System\NyHHDBg.exe
  2⤵
  PID:8768
- C:\Windows\System\FDhrIiH.exe
  C:\Windows\System\FDhrIiH.exe
  2⤵
  PID:8796
- C:\Windows\System\kedGtPg.exe
  C:\Windows\System\kedGtPg.exe
  2⤵
  PID:8828
- C:\Windows\System\JfhGyhz.exe
  C:\Windows\System\JfhGyhz.exe
  2⤵
  PID:8852
- C:\Windows\System\AMEMVOT.exe
  C:\Windows\System\AMEMVOT.exe
  2⤵
  PID:8904
- C:\Windows\System\FcJoedG.exe
  C:\Windows\System\FcJoedG.exe
  2⤵
  PID:8928
- C:\Windows\System\GQcmOgG.exe
  C:\Windows\System\GQcmOgG.exe
  2⤵
  PID:8956
- C:\Windows\System\GYIYucs.exe
  C:\Windows\System\GYIYucs.exe
  2⤵
  PID:8984
- C:\Windows\System\mZNLJYC.exe
  C:\Windows\System\mZNLJYC.exe
  2⤵
  PID:9020
- C:\Windows\System\GJkMiIy.exe
  C:\Windows\System\GJkMiIy.exe
  2⤵
  PID:9052
- C:\Windows\System\bagamac.exe
  C:\Windows\System\bagamac.exe
  2⤵
  PID:9084
- C:\Windows\System\IEYVOCV.exe
  C:\Windows\System\IEYVOCV.exe
  2⤵
  PID:9112
- C:\Windows\System\ksSYajz.exe
  C:\Windows\System\ksSYajz.exe
  2⤵
  PID:9140
- C:\Windows\System\TLrVNfH.exe
  C:\Windows\System\TLrVNfH.exe
  2⤵
  PID:9164
- C:\Windows\System\vHYlDSh.exe
  C:\Windows\System\vHYlDSh.exe
  2⤵
  PID:9184
- C:\Windows\System\zspScME.exe
  C:\Windows\System\zspScME.exe
  2⤵
  PID:9208
- C:\Windows\System\mrXoHYv.exe
  C:\Windows\System\mrXoHYv.exe
  2⤵
  PID:7348
- C:\Windows\System\bEVEOAs.exe
  C:\Windows\System\bEVEOAs.exe
  2⤵
  PID:8196
- C:\Windows\System\yFMVVwO.exe
  C:\Windows\System\yFMVVwO.exe
  2⤵
  PID:8284
- C:\Windows\System\qqzLsyl.exe
  C:\Windows\System\qqzLsyl.exe
  2⤵
  PID:8356
- C:\Windows\System\OrNrkWy.exe
  C:\Windows\System\OrNrkWy.exe
  2⤵
  PID:8440
- C:\Windows\System\xGSrWeW.exe
  C:\Windows\System\xGSrWeW.exe
  2⤵
  PID:8560
- C:\Windows\System\EDkWCUA.exe
  C:\Windows\System\EDkWCUA.exe
  2⤵
  PID:8504
- C:\Windows\System\WubnMZV.exe
  C:\Windows\System\WubnMZV.exe
  2⤵
  PID:8656
- C:\Windows\System\mKOrtnh.exe
  C:\Windows\System\mKOrtnh.exe
  2⤵
  PID:8744
- C:\Windows\System\BDuVqvQ.exe
  C:\Windows\System\BDuVqvQ.exe
  2⤵
  PID:8844
- C:\Windows\System\ihMMoXr.exe
  C:\Windows\System\ihMMoXr.exe
  2⤵
  PID:8880
- C:\Windows\System\IzMlrJv.exe
  C:\Windows\System\IzMlrJv.exe
  2⤵
  PID:8952
- C:\Windows\System\EDCTlXZ.exe
  C:\Windows\System\EDCTlXZ.exe
  2⤵
  PID:9012
- C:\Windows\System\wHIAaKz.exe
  C:\Windows\System\wHIAaKz.exe
  2⤵
  PID:9152
- C:\Windows\System\heUDkAE.exe
  C:\Windows\System\heUDkAE.exe
  2⤵
  PID:8428
- C:\Windows\System\ZhGMVBg.exe
  C:\Windows\System\ZhGMVBg.exe
  2⤵
  PID:8260
- C:\Windows\System\dHReSDo.exe
  C:\Windows\System\dHReSDo.exe
  2⤵
  PID:8252
- C:\Windows\System\BlpDYhL.exe
  C:\Windows\System\BlpDYhL.exe
  2⤵
  PID:8816
- C:\Windows\System\WHwUqBv.exe
  C:\Windows\System\WHwUqBv.exe
  2⤵
  PID:8688
- C:\Windows\System\tgkDajK.exe
  C:\Windows\System\tgkDajK.exe
  2⤵
  PID:8636
- C:\Windows\System\YCBFHcC.exe
  C:\Windows\System\YCBFHcC.exe
  2⤵
  PID:8972
- C:\Windows\System\LYNHrTX.exe
  C:\Windows\System\LYNHrTX.exe
  2⤵
  PID:9220
- C:\Windows\System\fTNePLr.exe
  C:\Windows\System\fTNePLr.exe
  2⤵
  PID:9236
- C:\Windows\System\WZkvdJI.exe
  C:\Windows\System\WZkvdJI.exe
  2⤵
  PID:9260
- C:\Windows\System\xGxDdtw.exe
  C:\Windows\System\xGxDdtw.exe
  2⤵
  PID:9336
- C:\Windows\System\yfhVHRe.exe
  C:\Windows\System\yfhVHRe.exe
  2⤵
  PID:9360
- C:\Windows\System\fMLjSQW.exe
  C:\Windows\System\fMLjSQW.exe
  2⤵
  PID:9380
- C:\Windows\System\nuXGhcc.exe
  C:\Windows\System\nuXGhcc.exe
  2⤵
  PID:9404
- C:\Windows\System\HTRTkzG.exe
  C:\Windows\System\HTRTkzG.exe
  2⤵
  PID:9424
- C:\Windows\System\eoQgukV.exe
  C:\Windows\System\eoQgukV.exe
  2⤵
  PID:9440
- C:\Windows\System\DNqgksR.exe
  C:\Windows\System\DNqgksR.exe
  2⤵
  PID:9456
- C:\Windows\System\rLHTeEA.exe
  C:\Windows\System\rLHTeEA.exe
  2⤵
  PID:9472
- C:\Windows\System\TsWDhjk.exe
  C:\Windows\System\TsWDhjk.exe
  2⤵
  PID:9488
- C:\Windows\System\iOIKXZw.exe
  C:\Windows\System\iOIKXZw.exe
  2⤵
  PID:9504
- C:\Windows\System\RDcNVhg.exe
  C:\Windows\System\RDcNVhg.exe
  2⤵
  PID:9520
- C:\Windows\System\ZEMZVKi.exe
  C:\Windows\System\ZEMZVKi.exe
  2⤵
  PID:9536
- C:\Windows\System\EckZuZY.exe
  C:\Windows\System\EckZuZY.exe
  2⤵
  PID:9552
- C:\Windows\System\JwTnEmc.exe
  C:\Windows\System\JwTnEmc.exe
  2⤵
  PID:9584
- C:\Windows\System\kbJZoYN.exe
  C:\Windows\System\kbJZoYN.exe
  2⤵
  PID:9608
- C:\Windows\System\VaGfpqZ.exe
  C:\Windows\System\VaGfpqZ.exe
  2⤵
  PID:9632
- C:\Windows\System\USjbHUc.exe
  C:\Windows\System\USjbHUc.exe
  2⤵
  PID:9660
- C:\Windows\System\UZHjEMX.exe
  C:\Windows\System\UZHjEMX.exe
  2⤵
  PID:9684
- C:\Windows\System\XbfRRiF.exe
  C:\Windows\System\XbfRRiF.exe
  2⤵
  PID:9716
- C:\Windows\System\Xgxozaw.exe
  C:\Windows\System\Xgxozaw.exe
  2⤵
  PID:9752
- C:\Windows\System\nTDhudW.exe
  C:\Windows\System\nTDhudW.exe
  2⤵
  PID:9776
- C:\Windows\System\sNVhPOp.exe
  C:\Windows\System\sNVhPOp.exe
  2⤵
  PID:9800
- C:\Windows\System\vtolEkO.exe
  C:\Windows\System\vtolEkO.exe
  2⤵
  PID:9832
- C:\Windows\System\SahtNER.exe
  C:\Windows\System\SahtNER.exe
  2⤵
  PID:9864
- C:\Windows\System\DMrNLjL.exe
  C:\Windows\System\DMrNLjL.exe
  2⤵
  PID:9900
- C:\Windows\System\gMpNuEL.exe
  C:\Windows\System\gMpNuEL.exe
  2⤵
  PID:9928
- C:\Windows\System\gjMudWh.exe
  C:\Windows\System\gjMudWh.exe
  2⤵
  PID:9980
- C:\Windows\System\DOAEYPF.exe
  C:\Windows\System\DOAEYPF.exe
  2⤵
  PID:10024
- C:\Windows\System\yluTgrZ.exe
  C:\Windows\System\yluTgrZ.exe
  2⤵
  PID:10048
- C:\Windows\System\PLNmXqn.exe
  C:\Windows\System\PLNmXqn.exe
  2⤵
  PID:10076
- C:\Windows\System\LlCBatJ.exe
  C:\Windows\System\LlCBatJ.exe
  2⤵
  PID:10096
- C:\Windows\System\PTyHrxn.exe
  C:\Windows\System\PTyHrxn.exe
  2⤵
  PID:10120
- C:\Windows\System\QpvZrWM.exe
  C:\Windows\System\QpvZrWM.exe
  2⤵
  PID:10152
- C:\Windows\System\VdKRHrG.exe
  C:\Windows\System\VdKRHrG.exe
  2⤵
  PID:10176
- C:\Windows\System\JGnFPyd.exe
  C:\Windows\System\JGnFPyd.exe
  2⤵
  PID:10208
- C:\Windows\System\cMNqprK.exe
  C:\Windows\System\cMNqprK.exe
  2⤵
  PID:10232
- C:\Windows\System\ayuEHKM.exe
  C:\Windows\System\ayuEHKM.exe
  2⤵
  PID:8840
- C:\Windows\System\MBqoPrU.exe
  C:\Windows\System\MBqoPrU.exe
  2⤵
  PID:9252
- C:\Windows\System\XiVLIGq.exe
  C:\Windows\System\XiVLIGq.exe
  2⤵
  PID:9068
- C:\Windows\System\EGCYYRG.exe
  C:\Windows\System\EGCYYRG.exe
  2⤵
  PID:9448
- C:\Windows\System\IDBcnCW.exe
  C:\Windows\System\IDBcnCW.exe
  2⤵
  PID:9316
- C:\Windows\System\BolYcTp.exe
  C:\Windows\System\BolYcTp.exe
  2⤵
  PID:8436
- C:\Windows\System\BLxLGTt.exe
  C:\Windows\System\BLxLGTt.exe
  2⤵
  PID:8792
- C:\Windows\System\lkMIgtm.exe
  C:\Windows\System\lkMIgtm.exe
  2⤵
  PID:9000
- C:\Windows\System\VBdPNqj.exe
  C:\Windows\System\VBdPNqj.exe
  2⤵
  PID:9412
- C:\Windows\System\tmOZrlA.exe
  C:\Windows\System\tmOZrlA.exe
  2⤵
  PID:9268
- C:\Windows\System\YavkqWM.exe
  C:\Windows\System\YavkqWM.exe
  2⤵
  PID:9620
- C:\Windows\System\ftOtGUu.exe
  C:\Windows\System\ftOtGUu.exe
  2⤵
  PID:9764
- C:\Windows\System\szQXEAX.exe
  C:\Windows\System\szQXEAX.exe
  2⤵
  PID:9496
- C:\Windows\System\kPqybbF.exe
  C:\Windows\System\kPqybbF.exe
  2⤵
  PID:9648
- C:\Windows\System\FwMZTLS.exe
  C:\Windows\System\FwMZTLS.exe
  2⤵
  PID:9956
- C:\Windows\System\RSzoXim.exe
  C:\Windows\System\RSzoXim.exe
  2⤵
  PID:10036
- C:\Windows\System\yZIzbkg.exe
  C:\Windows\System\yZIzbkg.exe
  2⤵
  PID:10084
- C:\Windows\System\sOscJGt.exe
  C:\Windows\System\sOscJGt.exe
  2⤵
  PID:10168
- C:\Windows\System\ZlyUmmj.exe
  C:\Windows\System\ZlyUmmj.exe
  2⤵
  PID:9768
- C:\Windows\System\xxXVkwH.exe
  C:\Windows\System\xxXVkwH.exe
  2⤵
  PID:10224
- C:\Windows\System\GjkLlsH.exe
  C:\Windows\System\GjkLlsH.exe
  2⤵
  PID:9036
- C:\Windows\System\UJAUTLT.exe
  C:\Windows\System\UJAUTLT.exe
  2⤵
  PID:8500
- C:\Windows\System\DPgJwlQ.exe
  C:\Windows\System\DPgJwlQ.exe
  2⤵
  PID:9244
- C:\Windows\System\sPvhadV.exe
  C:\Windows\System\sPvhadV.exe
  2⤵
  PID:9292
- C:\Windows\System\yOeHYOI.exe
  C:\Windows\System\yOeHYOI.exe
  2⤵
  PID:9372
- C:\Windows\System\kOjQZGX.exe
  C:\Windows\System\kOjQZGX.exe
  2⤵
  PID:9796
- C:\Windows\System\dDDZAgK.exe
  C:\Windows\System\dDDZAgK.exe
  2⤵
  PID:10196
- C:\Windows\System\BNSsalV.exe
  C:\Windows\System\BNSsalV.exe
  2⤵
  PID:10264
- C:\Windows\System\UyDehPG.exe
  C:\Windows\System\UyDehPG.exe
  2⤵
  PID:10280
- C:\Windows\System\TEsrTez.exe
  C:\Windows\System\TEsrTez.exe
  2⤵
  PID:10312
- C:\Windows\System\ciEAnbl.exe
  C:\Windows\System\ciEAnbl.exe
  2⤵
  PID:10348
- C:\Windows\System\LFWOTTk.exe
  C:\Windows\System\LFWOTTk.exe
  2⤵
  PID:10376
- C:\Windows\System\bWZFEIU.exe
  C:\Windows\System\bWZFEIU.exe
  2⤵
  PID:10408
- C:\Windows\System\ZrQXfpP.exe
  C:\Windows\System\ZrQXfpP.exe
  2⤵
  PID:10436
- C:\Windows\System\iRsDguM.exe
  C:\Windows\System\iRsDguM.exe
  2⤵
  PID:10460
- C:\Windows\System\kIDVGRu.exe
  C:\Windows\System\kIDVGRu.exe
  2⤵
  PID:10496
- C:\Windows\System\BCeahll.exe
  C:\Windows\System\BCeahll.exe
  2⤵
  PID:10528
- C:\Windows\System\cFLWuUt.exe
  C:\Windows\System\cFLWuUt.exe
  2⤵
  PID:10792
- C:\Windows\System\apMXYlz.exe
  C:\Windows\System\apMXYlz.exe
  2⤵
  PID:10808
- C:\Windows\System\iyBCMuN.exe
  C:\Windows\System\iyBCMuN.exe
  2⤵
  PID:10836
- C:\Windows\System\DdDxNhM.exe
  C:\Windows\System\DdDxNhM.exe
  2⤵
  PID:10872
- C:\Windows\System\lJNMlMx.exe
  C:\Windows\System\lJNMlMx.exe
  2⤵
  PID:10896
- C:\Windows\System\MpnfIGU.exe
  C:\Windows\System\MpnfIGU.exe
  2⤵
  PID:10920
- C:\Windows\System\guOPusD.exe
  C:\Windows\System\guOPusD.exe
  2⤵
  PID:10948
- C:\Windows\System\gvRPoSj.exe
  C:\Windows\System\gvRPoSj.exe
  2⤵
  PID:10980
- C:\Windows\System\xxMtlGq.exe
  C:\Windows\System\xxMtlGq.exe
  2⤵
  PID:11000
- C:\Windows\System\JgFkDin.exe
  C:\Windows\System\JgFkDin.exe
  2⤵
  PID:11028
- C:\Windows\System\zdyqTam.exe
  C:\Windows\System\zdyqTam.exe
  2⤵
  PID:11060
- C:\Windows\System\HdtPwsH.exe
  C:\Windows\System\HdtPwsH.exe
  2⤵
  PID:11088
- C:\Windows\System\JxZpkvo.exe
  C:\Windows\System\JxZpkvo.exe
  2⤵
  PID:11120
- C:\Windows\System\JlzIhUf.exe
  C:\Windows\System\JlzIhUf.exe
  2⤵
  PID:11152
- C:\Windows\System\aNhCCzA.exe
  C:\Windows\System\aNhCCzA.exe
  2⤵
  PID:11196
- C:\Windows\System\ABnUenR.exe
  C:\Windows\System\ABnUenR.exe
  2⤵
  PID:11212
- C:\Windows\System\XfCBvmK.exe
  C:\Windows\System\XfCBvmK.exe
  2⤵
  PID:11240
- C:\Windows\System\ecEXGvU.exe
  C:\Windows\System\ecEXGvU.exe
  2⤵
  PID:11260
- C:\Windows\System\IkOarGx.exe
  C:\Windows\System\IkOarGx.exe
  2⤵
  PID:9500
- C:\Windows\System\JVNGCIS.exe
  C:\Windows\System\JVNGCIS.exe
  2⤵
  PID:2780
- C:\Windows\System\HDgNNwy.exe
  C:\Windows\System\HDgNNwy.exe
  2⤵
  PID:10364
- C:\Windows\System\Aonrgij.exe
  C:\Windows\System\Aonrgij.exe
  2⤵
  PID:9960
- C:\Windows\System\AURFqXZ.exe
  C:\Windows\System\AURFqXZ.exe
  2⤵
  PID:10428
- C:\Windows\System\ppUpFRv.exe
  C:\Windows\System\ppUpFRv.exe
  2⤵
  PID:10488
- C:\Windows\System\NLfgShR.exe
  C:\Windows\System\NLfgShR.exe
  2⤵
  PID:10332
- C:\Windows\System\GXqFkkb.exe
  C:\Windows\System\GXqFkkb.exe
  2⤵
  PID:9284
- C:\Windows\System\TRFVwJl.exe
  C:\Windows\System\TRFVwJl.exe
  2⤵
  PID:10260
- C:\Windows\System\ByTHnxs.exe
  C:\Windows\System\ByTHnxs.exe
  2⤵
  PID:10628
- C:\Windows\System\kEhvraS.exe
  C:\Windows\System\kEhvraS.exe
  2⤵
  PID:10692
- C:\Windows\System\oLProWz.exe
  C:\Windows\System\oLProWz.exe
  2⤵
  PID:10784
- C:\Windows\System\xqBlGnQ.exe
  C:\Windows\System\xqBlGnQ.exe
  2⤵
  PID:10824
- C:\Windows\System\dnLugvu.exe
  C:\Windows\System\dnLugvu.exe
  2⤵
  PID:10884
- C:\Windows\System\nlnvNfS.exe
  C:\Windows\System\nlnvNfS.exe
  2⤵
  PID:10988
- C:\Windows\System\zRJuHfh.exe
  C:\Windows\System\zRJuHfh.exe
  2⤵
  PID:11048
- C:\Windows\System\jmJyxeO.exe
  C:\Windows\System\jmJyxeO.exe
  2⤵
  PID:11052
- C:\Windows\System\dlOOVHQ.exe
  C:\Windows\System\dlOOVHQ.exe
  2⤵
  PID:11136
- C:\Windows\System\Aadcwmf.exe
  C:\Windows\System\Aadcwmf.exe
  2⤵
  PID:11164
- C:\Windows\System\FUkFrUn.exe
  C:\Windows\System\FUkFrUn.exe
  2⤵
  PID:11252
- C:\Windows\System\INHjeMO.exe
  C:\Windows\System\INHjeMO.exe
  2⤵
  PID:9200
- C:\Windows\System\JEDcjLE.exe
  C:\Windows\System\JEDcjLE.exe
  2⤵
  PID:9544
- C:\Windows\System\UkEZDwO.exe
  C:\Windows\System\UkEZDwO.exe
  2⤵
  PID:10292
- C:\Windows\System\vvtzSmf.exe
  C:\Windows\System\vvtzSmf.exe
  2⤵
  PID:10520
- C:\Windows\System\wNGdUBj.exe
  C:\Windows\System\wNGdUBj.exe
  2⤵
  PID:9824
- C:\Windows\System\QsXZAJS.exe
  C:\Windows\System\QsXZAJS.exe
  2⤵
  PID:10616
- C:\Windows\System\PysdEky.exe
  C:\Windows\System\PysdEky.exe
  2⤵
  PID:10736
- C:\Windows\System\yNCoucG.exe
  C:\Windows\System\yNCoucG.exe
  2⤵
  PID:10964
- C:\Windows\System\houlSOJ.exe
  C:\Windows\System\houlSOJ.exe
  2⤵
  PID:11108
- C:\Windows\System\KnJBOPv.exe
  C:\Windows\System\KnJBOPv.exe
  2⤵
  PID:11224
- C:\Windows\System\AngoFRG.exe
  C:\Windows\System\AngoFRG.exe
  2⤵
  PID:560
- C:\Windows\System\PAjzXLA.exe
  C:\Windows\System\PAjzXLA.exe
  2⤵
  PID:10664
- C:\Windows\System\qaMAzep.exe
  C:\Windows\System\qaMAzep.exe
  2⤵
  PID:7468
- C:\Windows\System\RFXOjft.exe
  C:\Windows\System\RFXOjft.exe
  2⤵
  PID:3948
- C:\Windows\System\cTcZLkY.exe
  C:\Windows\System\cTcZLkY.exe
  2⤵
  PID:11296
- C:\Windows\System\SBeDvJN.exe
  C:\Windows\System\SBeDvJN.exe
  2⤵
  PID:11320
- C:\Windows\System\EPunpgl.exe
  C:\Windows\System\EPunpgl.exe
  2⤵
  PID:11356
- C:\Windows\System\vGcGmIG.exe
  C:\Windows\System\vGcGmIG.exe
  2⤵
  PID:11384
- C:\Windows\System\hHhoCaL.exe
  C:\Windows\System\hHhoCaL.exe
  2⤵
  PID:11416
- C:\Windows\System\gJEHJJu.exe
  C:\Windows\System\gJEHJJu.exe
  2⤵
  PID:11444
- C:\Windows\System\JEIfXtB.exe
  C:\Windows\System\JEIfXtB.exe
  2⤵
  PID:11468
- C:\Windows\System\AvgusNr.exe
  C:\Windows\System\AvgusNr.exe
  2⤵
  PID:11520
- C:\Windows\System\lNukRVC.exe
  C:\Windows\System\lNukRVC.exe
  2⤵
  PID:11560
- C:\Windows\System\FrfKkkD.exe
  C:\Windows\System\FrfKkkD.exe
  2⤵
  PID:11584
- C:\Windows\System\CboGuXv.exe
  C:\Windows\System\CboGuXv.exe
  2⤵
  PID:11628
- C:\Windows\System\SUGmrsk.exe
  C:\Windows\System\SUGmrsk.exe
  2⤵
  PID:11668
- C:\Windows\System\HVYpAzp.exe
  C:\Windows\System\HVYpAzp.exe
  2⤵
  PID:11696
- C:\Windows\System\JTgzDqo.exe
  C:\Windows\System\JTgzDqo.exe
  2⤵
  PID:11728
- C:\Windows\System\GMmcggB.exe
  C:\Windows\System\GMmcggB.exe
  2⤵
  PID:11760
- C:\Windows\System\HUbTKWx.exe
  C:\Windows\System\HUbTKWx.exe
  2⤵
  PID:11788
- C:\Windows\System\zzCKfwf.exe
  C:\Windows\System\zzCKfwf.exe
  2⤵
  PID:11820
- C:\Windows\System\ZiaEvko.exe
  C:\Windows\System\ZiaEvko.exe
  2⤵
  PID:11852
- C:\Windows\System\bbQnmZl.exe
  C:\Windows\System\bbQnmZl.exe
  2⤵
  PID:11884
- C:\Windows\System\qQLBRGh.exe
  C:\Windows\System\qQLBRGh.exe
  2⤵
  PID:11944
- C:\Windows\System\vQKaERk.exe
  C:\Windows\System\vQKaERk.exe
  2⤵
  PID:11968
- C:\Windows\System\SxjZiMC.exe
  C:\Windows\System\SxjZiMC.exe
  2⤵
  PID:12004
- C:\Windows\System\JFCVUMu.exe
  C:\Windows\System\JFCVUMu.exe
  2⤵
  PID:12036
- C:\Windows\System\cuxjArH.exe
  C:\Windows\System\cuxjArH.exe
  2⤵
  PID:12060
- C:\Windows\System\atdfqeV.exe
  C:\Windows\System\atdfqeV.exe
  2⤵
  PID:12088
- C:\Windows\System\pObKBQk.exe
  C:\Windows\System\pObKBQk.exe
  2⤵
  PID:12104
- C:\Windows\System\jHGeZiy.exe
  C:\Windows\System\jHGeZiy.exe
  2⤵
  PID:12120
- C:\Windows\System\LnPxbxU.exe
  C:\Windows\System\LnPxbxU.exe
  2⤵
  PID:12136
- C:\Windows\System\DhtJede.exe
  C:\Windows\System\DhtJede.exe
  2⤵
  PID:12164
- C:\Windows\System\jtrKgyE.exe
  C:\Windows\System\jtrKgyE.exe
  2⤵
  PID:12184
- C:\Windows\System\ffDyzsO.exe
  C:\Windows\System\ffDyzsO.exe
  2⤵
  PID:12216
- C:\Windows\System\wytzrGE.exe
  C:\Windows\System\wytzrGE.exe
  2⤵
  PID:12256
- C:\Windows\System\SvzZflm.exe
  C:\Windows\System\SvzZflm.exe
  2⤵
  PID:12284
- C:\Windows\System\mdBFVXO.exe
  C:\Windows\System\mdBFVXO.exe
  2⤵
  PID:9396
- C:\Windows\System\OLKPBEf.exe
  C:\Windows\System\OLKPBEf.exe
  2⤵
  PID:10536
- C:\Windows\System\dNNRlTL.exe
  C:\Windows\System\dNNRlTL.exe
  2⤵
  PID:11288
- C:\Windows\System\lvgfscf.exe
  C:\Windows\System\lvgfscf.exe
  2⤵
  PID:11412
- C:\Windows\System\qRcWDRu.exe
  C:\Windows\System\qRcWDRu.exe
  2⤵
  PID:11504
- C:\Windows\System\glGgQSx.exe
  C:\Windows\System\glGgQSx.exe
  2⤵
  PID:11568
- C:\Windows\System\UYOxKoE.exe
  C:\Windows\System\UYOxKoE.exe
  2⤵
  PID:11652
- C:\Windows\System\lOwkXKH.exe
  C:\Windows\System\lOwkXKH.exe
  2⤵
  PID:11676
- C:\Windows\System\FKXfvfQ.exe
  C:\Windows\System\FKXfvfQ.exe
  2⤵
  PID:11872
- C:\Windows\System\jcdeTBl.exe
  C:\Windows\System\jcdeTBl.exe
  2⤵
  PID:11928
- C:\Windows\System\ZOBkyWf.exe
  C:\Windows\System\ZOBkyWf.exe
  2⤵
  PID:11828
- C:\Windows\System\qNSWEWC.exe
  C:\Windows\System\qNSWEWC.exe
  2⤵
  PID:11992
- C:\Windows\System\XbhikSy.exe
  C:\Windows\System\XbhikSy.exe
  2⤵
  PID:11988
- C:\Windows\System\kwRNnSO.exe
  C:\Windows\System\kwRNnSO.exe
  2⤵
  PID:12132
- C:\Windows\System\ebVUTrQ.exe
  C:\Windows\System\ebVUTrQ.exe
  2⤵
  PID:12232
- C:\Windows\System\ySXYuNA.exe
  C:\Windows\System\ySXYuNA.exe
  2⤵
  PID:11316
- C:\Windows\System\eoiqcWj.exe
  C:\Windows\System\eoiqcWj.exe
  2⤵
  PID:11440
- C:\Windows\System\GcdNBLS.exe
  C:\Windows\System\GcdNBLS.exe
  2⤵
  PID:11148
- C:\Windows\System\dJwyucq.exe
  C:\Windows\System\dJwyucq.exe
  2⤵
  PID:976
- C:\Windows\System\kEnIixO.exe
  C:\Windows\System\kEnIixO.exe
  2⤵
  PID:11708
- C:\Windows\System\TqVyBUR.exe
  C:\Windows\System\TqVyBUR.exe
  2⤵
  PID:4264
- C:\Windows\System\KvwPtmq.exe
  C:\Windows\System\KvwPtmq.exe
  2⤵
  PID:12112
- C:\Windows\System\saXHMac.exe
  C:\Windows\System\saXHMac.exe
  2⤵
  PID:12116
- C:\Windows\System\VtbvMEH.exe
  C:\Windows\System\VtbvMEH.exe
  2⤵
  PID:12272
- C:\Windows\System\QUHwVjg.exe
  C:\Windows\System\QUHwVjg.exe
  2⤵
  PID:4036
- C:\Windows\System\vAScHxH.exe
  C:\Windows\System\vAScHxH.exe
  2⤵
  PID:11860
- C:\Windows\System\FrXUSUV.exe
  C:\Windows\System\FrXUSUV.exe
  2⤵
  PID:12044
- C:\Windows\System\QIFXGsN.exe
  C:\Windows\System\QIFXGsN.exe
  2⤵
  PID:12300
- C:\Windows\System\FlKyHnl.exe
  C:\Windows\System\FlKyHnl.exe
  2⤵
  PID:12316
- C:\Windows\System\rJSABVb.exe
  C:\Windows\System\rJSABVb.exe
  2⤵
  PID:12332
- C:\Windows\System\tdLfRdu.exe
  C:\Windows\System\tdLfRdu.exe
  2⤵
  PID:12356
- C:\Windows\System\ytwIWcA.exe
  C:\Windows\System\ytwIWcA.exe
  2⤵
  PID:12384
- C:\Windows\System\hmXoxyD.exe
  C:\Windows\System\hmXoxyD.exe
  2⤵
  PID:12408
- C:\Windows\System\EvceyUN.exe
  C:\Windows\System\EvceyUN.exe
  2⤵
  PID:12432
- C:\Windows\System\oucHcDH.exe
  C:\Windows\System\oucHcDH.exe
  2⤵
  PID:12468
- C:\Windows\System\vREtPXk.exe
  C:\Windows\System\vREtPXk.exe
  2⤵
  PID:12492
- C:\Windows\System\fZUzwps.exe
  C:\Windows\System\fZUzwps.exe
  2⤵
  PID:12524
- C:\Windows\System\ZSGFvBZ.exe
  C:\Windows\System\ZSGFvBZ.exe
  2⤵
  PID:12568
- C:\Windows\System\RCElaCg.exe
  C:\Windows\System\RCElaCg.exe
  2⤵
  PID:12604
- C:\Windows\System\UstdDub.exe
  C:\Windows\System\UstdDub.exe
  2⤵
  PID:12636
- C:\Windows\System\VDozNme.exe
  C:\Windows\System\VDozNme.exe
  2⤵
  PID:12664
- C:\Windows\System\RhLCItA.exe
  C:\Windows\System\RhLCItA.exe
  2⤵
  PID:12696
- C:\Windows\System\lupIZKw.exe
  C:\Windows\System\lupIZKw.exe
  2⤵
  PID:12724
- C:\Windows\System\icejUTt.exe
  C:\Windows\System\icejUTt.exe
  2⤵
  PID:12752
- C:\Windows\System\fhkHXqv.exe
  C:\Windows\System\fhkHXqv.exe
  2⤵
  PID:12784
- C:\Windows\System\oGSEQgS.exe
  C:\Windows\System\oGSEQgS.exe
  2⤵
  PID:12812
- C:\Windows\System\sRZJBmx.exe
  C:\Windows\System\sRZJBmx.exe
  2⤵
  PID:12840
- C:\Windows\System\sBmkZuu.exe
  C:\Windows\System\sBmkZuu.exe
  2⤵
  PID:12872
- C:\Windows\System\HBHXtyn.exe
  C:\Windows\System\HBHXtyn.exe
  2⤵
  PID:12904
- C:\Windows\System\Yzbtcrr.exe
  C:\Windows\System\Yzbtcrr.exe
  2⤵
  PID:12936
- C:\Windows\System\OipnCgX.exe
  C:\Windows\System\OipnCgX.exe
  2⤵
  PID:12964
- C:\Windows\System\mxmuuDX.exe
  C:\Windows\System\mxmuuDX.exe
  2⤵
  PID:12984
- C:\Windows\System\NClfKQv.exe
  C:\Windows\System\NClfKQv.exe
  2⤵
  PID:13004
- C:\Windows\System\XiCuJET.exe
  C:\Windows\System\XiCuJET.exe
  2⤵
  PID:13032
- C:\Windows\System\CpODjji.exe
  C:\Windows\System\CpODjji.exe
  2⤵
  PID:13060
- C:\Windows\System\dcIdYbA.exe
  C:\Windows\System\dcIdYbA.exe
  2⤵
  PID:13100
- C:\Windows\System\UapHjUU.exe
  C:\Windows\System\UapHjUU.exe
  2⤵
  PID:13124
- C:\Windows\System\lnhdrNY.exe
  C:\Windows\System\lnhdrNY.exe
  2⤵
  PID:13152
- C:\Windows\System\NpWWIxR.exe
  C:\Windows\System\NpWWIxR.exe
  2⤵
  PID:13176
- C:\Windows\System\bUdsErJ.exe
  C:\Windows\System\bUdsErJ.exe
  2⤵
  PID:13196
- C:\Windows\System\eqBiijW.exe
  C:\Windows\System\eqBiijW.exe
  2⤵
  PID:13216
- C:\Windows\System\FmILXoZ.exe
  C:\Windows\System\FmILXoZ.exe
  2⤵
  PID:13232
- C:\Windows\System\secoOHh.exe
  C:\Windows\System\secoOHh.exe
  2⤵
  PID:13248
- C:\Windows\System\gvNuLgA.exe
  C:\Windows\System\gvNuLgA.exe
  2⤵
  PID:13268
- C:\Windows\System\NwcawEA.exe
  C:\Windows\System\NwcawEA.exe
  2⤵
  PID:13284
- C:\Windows\System\AoRjiCR.exe
  C:\Windows\System\AoRjiCR.exe
  2⤵
  PID:13300
- C:\Windows\System\HxaXRLi.exe
  C:\Windows\System\HxaXRLi.exe
  2⤵
  PID:12176
- C:\Windows\System\BxAJFDR.exe
  C:\Windows\System\BxAJFDR.exe
  2⤵
  PID:12296
- C:\Windows\System\QeyMVoY.exe
  C:\Windows\System\QeyMVoY.exe
  2⤵
  PID:12344
- C:\Windows\System\QmWZxtn.exe
  C:\Windows\System\QmWZxtn.exe
  2⤵
  PID:11464
- C:\Windows\System\YtfLArH.exe
  C:\Windows\System\YtfLArH.exe
  2⤵
  PID:12456
- C:\Windows\System\SlmuzxR.exe
  C:\Windows\System\SlmuzxR.exe
  2⤵
  PID:12328
- C:\Windows\System\DLVyAvY.exe
  C:\Windows\System\DLVyAvY.exe
  2⤵
  PID:12556
- C:\Windows\System\GpKyOLO.exe
  C:\Windows\System\GpKyOLO.exe
  2⤵
  PID:12628
- C:\Windows\System\kDOUIiv.exe
  C:\Windows\System\kDOUIiv.exe
  2⤵
  PID:12624
- C:\Windows\System\eLDHJmK.exe
  C:\Windows\System\eLDHJmK.exe
  2⤵
  PID:12732
- C:\Windows\System\XlQnbOC.exe
  C:\Windows\System\XlQnbOC.exe
  2⤵
  PID:12856
- C:\Windows\System\Qehdxrl.exe
  C:\Windows\System\Qehdxrl.exe
  2⤵
  PID:12924
- C:\Windows\System\fHSSsYb.exe
  C:\Windows\System\fHSSsYb.exe
  2⤵
  PID:13040
- C:\Windows\System\WSaqkbe.exe
  C:\Windows\System\WSaqkbe.exe
  2⤵
  PID:12996
- C:\Windows\System\sOWdvMR.exe
  C:\Windows\System\sOWdvMR.exe
  2⤵
  PID:13016
- C:\Windows\System\NdtZvHF.exe
  C:\Windows\System\NdtZvHF.exe
  2⤵
  PID:13208
- C:\Windows\System\nKGtajx.exe
  C:\Windows\System\nKGtajx.exe
  2⤵
  PID:13120
- C:\Windows\System\JOoyzRi.exe
  C:\Windows\System\JOoyzRi.exe
  2⤵
  PID:12312
- C:\Windows\System\ZJFLVfM.exe
  C:\Windows\System\ZJFLVfM.exe
  2⤵
  PID:13276
- C:\Windows\System\zCiyqOW.exe
  C:\Windows\System\zCiyqOW.exe
  2⤵
  PID:12128
- C:\Windows\System\zSxpuMV.exe
  C:\Windows\System\zSxpuMV.exe
  2⤵
  PID:12684
- C:\Windows\System\dFmalfT.exe
  C:\Windows\System\dFmalfT.exe
  2⤵
  PID:13324
- C:\Windows\System\qZiqrNr.exe
  C:\Windows\System\qZiqrNr.exe
  2⤵
  PID:13340
- C:\Windows\System\xPYLmcV.exe
  C:\Windows\System\xPYLmcV.exe
  2⤵
  PID:13356
- C:\Windows\System\uvsgojk.exe
  C:\Windows\System\uvsgojk.exe
  2⤵
  PID:13372
- C:\Windows\System\UOBShvk.exe
  C:\Windows\System\UOBShvk.exe
  2⤵
  PID:13388
- C:\Windows\System\yGYyEtk.exe
  C:\Windows\System\yGYyEtk.exe
  2⤵
  PID:13408
- C:\Windows\System\iAfSAij.exe
  C:\Windows\System\iAfSAij.exe
  2⤵
  PID:13444
- C:\Windows\System\ZUQXqSb.exe
  C:\Windows\System\ZUQXqSb.exe
  2⤵
  PID:13460
- C:\Windows\System\TclDNGw.exe
  C:\Windows\System\TclDNGw.exe
  2⤵
  PID:13488
- C:\Windows\System\wAhNyXx.exe
  C:\Windows\System\wAhNyXx.exe
  2⤵
  PID:13516
- C:\Windows\System\VqgZrjQ.exe
  C:\Windows\System\VqgZrjQ.exe
  2⤵
  PID:13544
- C:\Windows\System\sKpaODu.exe
  C:\Windows\System\sKpaODu.exe
  2⤵
  PID:13584
- C:\Windows\System\aMokPQo.exe
  C:\Windows\System\aMokPQo.exe
  2⤵
  PID:13612
- C:\Windows\System\wAULjqk.exe
  C:\Windows\System\wAULjqk.exe
  2⤵
  PID:13636
- C:\Windows\System\IVAYAfB.exe
  C:\Windows\System\IVAYAfB.exe
  2⤵
  PID:13668
- C:\Windows\System\LURoLcO.exe
  C:\Windows\System\LURoLcO.exe
  2⤵
  PID:13692
- C:\Windows\System\yrfMSSK.exe
  C:\Windows\System\yrfMSSK.exe
  2⤵
  PID:13724
- C:\Windows\System\JGKTKVc.exe
  C:\Windows\System\JGKTKVc.exe
  2⤵
  PID:13756
- C:\Windows\System\EYrhZHV.exe
  C:\Windows\System\EYrhZHV.exe
  2⤵
  PID:13784
- C:\Windows\System\esAmPyC.exe
  C:\Windows\System\esAmPyC.exe
  2⤵
  PID:13804
- C:\Windows\System\yNhAXqR.exe
  C:\Windows\System\yNhAXqR.exe
  2⤵
  PID:13844
- C:\Windows\System\zDTRzkv.exe
  C:\Windows\System\zDTRzkv.exe
  2⤵
  PID:13872
- C:\Windows\System\MIeMMnd.exe
  C:\Windows\System\MIeMMnd.exe
  2⤵
  PID:13900
- C:\Windows\System\xYIOMXc.exe
  C:\Windows\System\xYIOMXc.exe
  2⤵
  PID:13924
- C:\Windows\System\rHOgzvo.exe
  C:\Windows\System\rHOgzvo.exe
  2⤵
  PID:13956
- C:\Windows\System\puuWSMe.exe
  C:\Windows\System\puuWSMe.exe
  2⤵
  PID:13984
- C:\Windows\System\hlMDJBg.exe
  C:\Windows\System\hlMDJBg.exe
  2⤵
  PID:14016
- C:\Windows\System\WriTNhA.exe
  C:\Windows\System\WriTNhA.exe
  2⤵
  PID:14048
- C:\Windows\System\lQUuGiF.exe
  C:\Windows\System\lQUuGiF.exe
  2⤵
  PID:14080
- C:\Windows\System\DXzqWPp.exe
  C:\Windows\System\DXzqWPp.exe
  2⤵
  PID:14104
- C:\Windows\System\yDeTwLa.exe
  C:\Windows\System\yDeTwLa.exe
  2⤵
  PID:14136
- C:\Windows\System\IpdxYOi.exe
  C:\Windows\System\IpdxYOi.exe
  2⤵
  PID:14164
- C:\Windows\System\aUztXzc.exe
  C:\Windows\System\aUztXzc.exe
  2⤵
  PID:14184
- C:\Windows\System\RcBzsZc.exe
  C:\Windows\System\RcBzsZc.exe
  2⤵
  PID:14216
- C:\Windows\System\DVmLDIB.exe
  C:\Windows\System\DVmLDIB.exe
  2⤵
  PID:14240
- C:\Windows\System\BUpFCfD.exe
  C:\Windows\System\BUpFCfD.exe
  2⤵
  PID:14276
- C:\Windows\System\wRMudaD.exe
  C:\Windows\System\wRMudaD.exe
  2⤵
  PID:14296
- C:\Windows\System\MrPrJCa.exe
  C:\Windows\System\MrPrJCa.exe
  2⤵
  PID:14324
- C:\Windows\System\hWVlYCa.exe
  C:\Windows\System\hWVlYCa.exe
  2⤵
  PID:4060
- C:\Windows\System\dYssYxV.exe
  C:\Windows\System\dYssYxV.exe
  2⤵
  PID:4572
- C:\Windows\System\kfnQfpc.exe
  C:\Windows\System\kfnQfpc.exe
  2⤵
  PID:13484
- C:\Windows\System\ZldBiiB.exe
  C:\Windows\System\ZldBiiB.exe
  2⤵
  PID:13508
- C:\Windows\System\LkZrtsC.exe
  C:\Windows\System\LkZrtsC.exe
  2⤵
  PID:13572
- C:\Windows\System\sSOSVly.exe
  C:\Windows\System\sSOSVly.exe
  2⤵
  PID:13540
- C:\Windows\System\vOxaUSX.exe
  C:\Windows\System\vOxaUSX.exe
  2⤵
  PID:13688
- C:\Windows\System\pjzcVdC.exe
  C:\Windows\System\pjzcVdC.exe
  2⤵
  PID:13828
- C:\Windows\System\WbhSymP.exe
  C:\Windows\System\WbhSymP.exe
  2⤵
  PID:13932
- C:\Windows\System\IHmDgTL.exe
  C:\Windows\System\IHmDgTL.exe
  2⤵
  PID:13952
- C:\Windows\System\ZYfBkKg.exe
  C:\Windows\System\ZYfBkKg.exe
  2⤵
  PID:13980
- C:\Windows\System\CXAsvoI.exe
  C:\Windows\System\CXAsvoI.exe
  2⤵
  PID:14012
- C:\Windows\System\JfZUthm.exe
  C:\Windows\System\JfZUthm.exe
  2⤵
  PID:14032
- C:\Windows\System\ZHftDtT.exe
  C:\Windows\System\ZHftDtT.exe
  2⤵
  PID:14124
- C:\Windows\System\CvZwuFy.exe
  C:\Windows\System\CvZwuFy.exe
  2⤵
  PID:14088
- C:\Windows\System\MnoJRtu.exe
  C:\Windows\System\MnoJRtu.exe
  2⤵
  PID:14152
- C:\Windows\System\iopGsDd.exe
  C:\Windows\System\iopGsDd.exe
  2⤵
  PID:14224
- C:\Windows\System\EBcfcIT.exe
  C:\Windows\System\EBcfcIT.exe
  2⤵
  PID:14264
- C:\Windows\System\RycsHGm.exe
  C:\Windows\System\RycsHGm.exe
  2⤵
  PID:14196
- C:\Windows\System\CmQIJmk.exe
  C:\Windows\System\CmQIJmk.exe
  2⤵
  PID:14312
- C:\Windows\System\wkLMnjs.exe
  C:\Windows\System\wkLMnjs.exe
  2⤵
  PID:13076
- C:\Windows\System\DErZbZn.exe
  C:\Windows\System\DErZbZn.exe
  2⤵
  PID:13348
- C:\Windows\System\qCGvTqq.exe
  C:\Windows\System\qCGvTqq.exe
  2⤵
  PID:13452
- C:\Windows\System\XAgsCcy.exe
  C:\Windows\System\XAgsCcy.exe
  2⤵
  PID:13740
- C:\Windows\System\KhPOZbY.exe
  C:\Windows\System\KhPOZbY.exe
  2⤵
  PID:13476
- C:\Windows\System\UMFpixe.exe
  C:\Windows\System\UMFpixe.exe
  2⤵
  PID:13380
- C:\Windows\System\AJJaObQ.exe
  C:\Windows\System\AJJaObQ.exe
  2⤵
  PID:13972
- C:\Windows\System\VojwLYQ.exe
  C:\Windows\System\VojwLYQ.exe
  2⤵
  PID:4904
- C:\Windows\System\nQkIoTK.exe
  C:\Windows\System\nQkIoTK.exe
  2⤵
  PID:13772
- C:\Windows\System\CXxNilC.exe
  C:\Windows\System\CXxNilC.exe
  2⤵
  PID:14208
- C:\Windows\System\qiWLbJH.exe
  C:\Windows\System\qiWLbJH.exe
  2⤵
  PID:13860
- C:\Windows\System\SKJOBDD.exe
  C:\Windows\System\SKJOBDD.exe
  2⤵
  PID:13472
- C:\Windows\System\KjBZFib.exe
  C:\Windows\System\KjBZFib.exe
  2⤵
  PID:14096
- C:\Windows\System\OMXSsGT.exe
  C:\Windows\System\OMXSsGT.exe
  2⤵
  PID:14524
- C:\Windows\System\ORxUXfm.exe
  C:\Windows\System\ORxUXfm.exe
  2⤵
  PID:14568
- C:\Windows\System\AWsYwIP.exe
  C:\Windows\System\AWsYwIP.exe
  2⤵
  PID:14584
- C:\Windows\System\ydvHwNC.exe
  C:\Windows\System\ydvHwNC.exe
  2⤵
  PID:14616
- C:\Windows\System\tsBdwwz.exe
  C:\Windows\System\tsBdwwz.exe
  2⤵
  PID:14648
- C:\Windows\System\otuAxmc.exe
  C:\Windows\System\otuAxmc.exe
  2⤵
  PID:14692
- C:\Windows\System\PNpZGmo.exe
  C:\Windows\System\PNpZGmo.exe
  2⤵
  PID:14812
- C:\Windows\System\gaQMjOX.exe
  C:\Windows\System\gaQMjOX.exe
  2⤵
  PID:14828
- C:\Windows\System\mjVQDrw.exe
  C:\Windows\System\mjVQDrw.exe
  2⤵
  PID:14980

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15348

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:11800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AZFzNRT.exe

Filesize
3.8MB

MD5
2399a0433bd6835d3face0cc4fc9d167

SHA1
ef58d70e3ff35248c25d5d045e367e6d8612b7bc

SHA256
379e88980a14c6d6469a26db2ef5b4b16f8d4a86e91eebf02162c9802e7915e1

SHA512
49fcdeffd0549ea5ec43c12d49139558b5f1bd7b1856c43f891066425455affcf577bf883eeb9a042d801a362389fd23d7393915f4ff5be4d8d94aa2e8ce98b1

Download Submit
C:\Windows\System\FyMeKBy.exe

Filesize
3.8MB

MD5
e5facdf382b36d5a5a489ebc467573c6

SHA1
af24d76e25dc879704200f4805e7c435396d929c

SHA256
ae65bbf12fce4acb45c81416513561c23c2e73a58b3217bb2014a40295b06644

SHA512
69df70bfe7e0c1e62d94ff91ea6df2311f6e1f68b33992212941e538b2cc4e5ddc4c198df43222c036bc84e3e6f3880eca2a2dc7c613473d35f144fe2b1626d2

Download Submit
C:\Windows\System\GYfQnGh.exe

Filesize
3.8MB

MD5
f9b92bff86f388af01c9687cd9c59ffe

SHA1
fdebbc2988ec80af99b132c9cb76348ade017c57

SHA256
9bc3d072126689c10bbf57360c46ad8cf0161f7fe86c304c3d4b20eea4a58f3e

SHA512
0ebb532af99e0768c393e3af79feeac3d0a369c86b2425e1cb39e74f83d277ff3b3a228fb0daaa5fc7a055b3d5eb793f093512d576de098e107f6deafbf2b7a8

Download Submit
C:\Windows\System\HABzOwf.exe

Filesize
3.8MB

MD5
54be7b7b13ced8d9fa890fbf2d39d089

SHA1
f8907ea55a5cf0d317cc7e9f3c0f5f9424570df7

SHA256
25c07cd58dc46d6dde569c812c475f6f4bb9e0db4dc84a66a125c68b794eaa66

SHA512
5a4d278f5ecfb17eb3a4d179ee7ce83f5f47d6cffa5640c34fa53e49e2ef93ee270de3b96ff02559566d7583546232bc9c8e8ef164fcd96387b79844657f032e

Download Submit
C:\Windows\System\HJeJirQ.exe

Filesize
3.8MB

MD5
7906bbf77b95fddfe0585f08f83d3bc7

SHA1
cf8fb718844893e79f458292837d9f49c16d183a

SHA256
9669c7705808fbb6a7b6756eb7aac770f4df87b99e5d136793a65c16e8b26988

SHA512
b2e7444ca218facd5ae74190c011b6c6dfc37352727967f62f9f86190f47ac843eb544a1300953fa67b039d961f68e8a345b3be36911871f32cbe30f8e05525b

Download Submit
C:\Windows\System\HLeDSgf.exe

Filesize
3.8MB

MD5
1f94a1f951b61b7c4904b259f3fc1865

SHA1
172ed20cd77447228838ae13d97afead4f910a10

SHA256
5c5500b06beadddc0e676811833f9c716f7aac04d71b85690dcb21a26c1a3507

SHA512
e7c01a178d607ea32bd5b16848150a4980953ff78cd57398217dd92621dc4851f7b9d31ffd18c33c6f9fc130ff6ad41923a86c7fb4af712d059a5c44f0b29c9c

Download Submit
C:\Windows\System\JnUclxJ.exe

Filesize
3.8MB

MD5
44f50ac0d03928436f1b63e4d76175e3

SHA1
7d6d593085db9ecc390ecb7256d3de4cf149af28

SHA256
bc929187936ae4e3d26de3deea1edc22d394b49cad2f935eca8ee61f36738aae

SHA512
75c707b91edf68bd4def636132809b1244c866c08f4aea4a975b586d2c33411d643156c3c14641006762d4908d9c7e3472d88c31e8a278b88ec68fae0355a170

Download Submit
C:\Windows\System\KjFJbof.exe

Filesize
3.8MB

MD5
6931acb46b163feeb2c35882c032239f

SHA1
21cab9c6d3e470a37da56801d2877b02bd22d7a5

SHA256
f3cc837ddaf1bcc4ef6aab8c7982afbfa24c83faa11d86af151a5384572d68d8

SHA512
9497944736e92d67cbc751574630b267ab4685e2605158a458a4dbe85d0db4c1c71fe1901d1ab5dde73233202e3d0f355858de4d3bb33f178cfda7f8fc49e40c

Download Submit
C:\Windows\System\MezHzyF.exe

Filesize
3.8MB

MD5
d13e2f49c8de7b072131384bba424d62

SHA1
3336ee736795cc47507063c5e906b3284330060b

SHA256
0c50863e6e891f7d218ab1e761befac51c21750fb2ad4612c2eb3d6be2faf969

SHA512
4629cb11448ad92d96fa2eabe4575af34e3dd9829ce4d899d5168295e851251f658a897e1dc432bfaac769b61179cdd43e14945274e1937f2dfeb244cc409fdd

Download Submit
C:\Windows\System\QLRRVeO.exe

Filesize
3.8MB

MD5
8d0f4b63c12ac3fd8b48199be3e9581f

SHA1
9c730339eb644592cbf502ed935c73c59eee47d8

SHA256
a65e10ae19a96308982728106cbc61ba975f196fc076c311a18e539415d47bf6

SHA512
d173d2e3fb8ffef09c8e372c1b4cdf6edd8494644f9e783063dfca85b4238a6398323a72812ffbb362d7e9fbf6d0e0f96517caeb502c567f965bfdde59a0d472

Download Submit
C:\Windows\System\QpZBmIa.exe

Filesize
3.8MB

MD5
ed05f06c8fa9506c31ccfdb3e6fd253f

SHA1
e18fe1796cb5408d5785ca599d22b14ffc7a7988

SHA256
4f227c8f9c115ebdd93403b87ae2e5932af75519866a123729bf88279cdfd866

SHA512
7c1c936935980c419c2714ff735ca2c1247a3acce60e331317195aded9a3070dabb182da25a2875ed96fa9b163cf8ea683d1de1cbd4e7c02d2debf78467d8d2f

Download Submit
C:\Windows\System\RvEexwD.exe

Filesize
3.8MB

MD5
10ff4ec97bdfec6f109cc97410dfcbc9

SHA1
f2758baf0f6effd7af2f4bdbcfccaffe717afbac

SHA256
53278f1a336b10af10d2db9c49a12939ba53d6b65962949d329a65bb35d21888

SHA512
e9fd724fa56f48073e12a0ed88c24ed1f8b089de563a9d60e05f2849eaf1925390da47d6eed36b1927efa59ab94ae039883fb7477eb86d94bc5bf8ec513460bd

Download Submit
C:\Windows\System\WSlBUmF.exe

Filesize
3.8MB

MD5
4687f1033825a7e41626495fcd38d9da

SHA1
756fdec91c4f77946724fc78727ae72dd598b0a2

SHA256
aeeea8d966192f4dea9b0e5e5566358f61ef5763a5d9b8639458293eb769ff95

SHA512
bd17bf0bf8ce1ce50bc134889081681684ea7e7fed821860f86c014e31cc4a440cee5d0d9270ea7598d3168ee853a05062ccc26bcd5a318850818db4cbccd131

Download Submit
C:\Windows\System\WllToFo.exe

Filesize
3.8MB

MD5
ed7f1e0fae44f5bdb7b08553811abd28

SHA1
20b3b5e4b4ceb742a41f1f7ca68acd3d200d0645

SHA256
ce8450319392051895c0ba17fb4804cc5312145ccc3f42e87bdc5e9d1251720c

SHA512
3ddefe40acbcce6f3df4024e41d50e4910385cbc1b82f957d764332740ddb6cc70c593532db696064d9b91f1fe0181e82846f8e750f1d937ea1de67277af418c

Download Submit
C:\Windows\System\XnXxKLe.exe

Filesize
3.8MB

MD5
0825f92baa5bcd8655312eb8ed6692b7

SHA1
36c15dab893a057f8a5166660fbf4d811a166993

SHA256
0cf6f732530592a105d04550f3297f1c3426d26f2fe72637a424f92bab6822f2

SHA512
29bc1f473870e25af4fec1e886bbd7ba1f1d4d4acd8419ea0eb0dca83c5efe73dc0f1eb0dde4e265dff0aa7607c46724f782ad2bc831f31e565b121dea974b73

Download Submit
C:\Windows\System\YJjwpHg.exe

Filesize
3.8MB

MD5
4af741211959172d5378969bc592661a

SHA1
652b2248b4a4b8a92ffa796bd6e01588a1cbdb84

SHA256
915cf8eff44c498bce30a7610084c0e3eab08acff202ad225742ab5207104850

SHA512
20044fbed0616f59d35d8d3e2a67a10b76903737831b8204525ac1823556d134539d5b0ccb2af2cf62919b568dc97d53f396f580d3f012c978823ff1fd8e105a

Download Submit
C:\Windows\System\YefhDMk.exe

Filesize
3.8MB

MD5
11bbbd879d7b65fcd12ee54872e3b398

SHA1
c25f83ac4d4cb1b88ecb2c17b5d3d8d041929e23

SHA256
6da3fa67186283c1027b4936d5c078d65c6a188429c52efd056ac4a98a5b180b

SHA512
d1924f1668a488dc4c6900ec9938cb2f7a10c6e383b522710f2ce91f9240bd70fb565d66c9c198cfc2fd4a30ac2bf2e931cc4ccd3ca428c8b3033d814e9c6fcc

Download Submit
C:\Windows\System\avNRpCL.exe

Filesize
3.8MB

MD5
f87466ebd4630c3e6041d45af8e24442

SHA1
2cae80081193ea75bf5ec069714f225690b13e42

SHA256
59c18f3346aaa99d8dd60b7729b632df4439fcfc763cad08dab1c422a55e5a9d

SHA512
eb86fa3bc6c66870fc2771141dfede19c15c33e42456075fcd2ccd99be40364ff7a281f4fae48168ff5e5c8a57c5c23609f57a1fe906d05f697ab5be97536fc5

Download Submit
C:\Windows\System\eqAdqxy.exe

Filesize
3.8MB

MD5
d14a74bf28e26779a955e3f8d3697ec8

SHA1
f8e9623f696b31f7555e2ccf584f79077bb15f38

SHA256
9cfda61e459d46c1c5b18c3e595d52b899a3ebb3d836d95ad2208be6a1cc7e4a

SHA512
2787c4c41bb29fe77b28023868d201dc10cbb1c36a515834509c82e7a89a04b069de4ad32fc6d1f6377247e5936bd3bbde81f152db6018b842e772fcf103207c

Download Submit
C:\Windows\System\hBTCvyU.exe

Filesize
3.8MB

MD5
7fc667068bf524c2ba7571ccade25669

SHA1
a57741fd373d8968364c2978e5b35c796af88f7a

SHA256
7633ec30b4ab94e849d046d9cc06945beff10c80c264e5a28885d7437c1e0e9e

SHA512
e19f0217d4511f063fd9c35d757ff4e592d318c68403c1d1d90d73f6a1021953616853c854971dafd120742f963f6640b9a09f9dcf7efbd4a6c5bc4af3fc0c19

Download Submit
C:\Windows\System\iSoIuym.exe

Filesize
3.8MB

MD5
4a605a784418155d7cda06540ef062ec

SHA1
87a926c1d0b8d3d2941ce7eda5305c00777f2d1e

SHA256
d8f98aff78b5507f133029c057bf5a1a60fde55a8b4f9dfa7f8819ec0e905595

SHA512
3540c83b8396dc5ab4c7ded3d4b526ad88d5843f8b335461e489859fb6eafc67954956ceaf0a5e50af7521fdd7c159b78105800f4f9f0dc24e0f89b97b6c3bf9

Download Submit
C:\Windows\System\jCSmTrI.exe

Filesize
3.8MB

MD5
7d9c418950f1f42b20a326bc9318f6bb

SHA1
3ee83cb93d0a8ec3d4d18d30d7ccded075758e7b

SHA256
fc8d9ba1268f535c50adbe1b4206b7050960066d7cd009ec194558329c5d6596

SHA512
e6bb6d97ce1d7e8de9fcefadafc16d3011c7c4c2f2a860448487de958072f617dc1735e24d642983f492bf117cbc85b28b391496aa1a0513b1c0d1d4cd7eb098

Download Submit
C:\Windows\System\kxLcGgG.exe

Filesize
3.8MB

MD5
6c5539dbca13ec4b83b3ffa0e9124184

SHA1
7f051d0fae9f0dee9b8997391095fd6cda5c357f

SHA256
385f670c54c5037a883676613e705c5085a0c8b488d3c2d121e7acfccd8c7a7c

SHA512
aa46d60b398ff4b0ad7b0bb250b39cde573391db72755b1f5add88c1e05991fcc6813b369daf625cabc74fb15f99d4b6071c1406a1b141ba6a43dd3f5c4f9bf2

Download Submit
C:\Windows\System\lSCaLOW.exe

Filesize
3.8MB

MD5
69e12a470b947dbc1014159560a6bf47

SHA1
bf13b4f2cf1e5335e9d8f81ea28c24d1b0a75773

SHA256
f9b215d98b93033e31762c95b018a311299b858c2c25a7926a1f1c06a37a8270

SHA512
ee54d76b5ee0031fa49ad4ca914e7729a55de3da0409b310893278aa2928399c2cf1981edf2be91546fbe2fda7dfda816ceb7735eac817886ea87d08d5e486ee

Download Submit
C:\Windows\System\lxAudgB.exe

Filesize
3.8MB

MD5
5e74baf8f00f15c51ba7f5ccfa705e41

SHA1
bd5273c4fe68ca02a3a3ed033fbe550603e4efca

SHA256
be050eb5498eb73e0380497fc68f987cfb23c7ebee32da0e5bdd87a3002b62cc

SHA512
ad6e98db14bbb5882922a9956c5e152f1ef12f06f9f790779bf94adc959562a0fddb9259f4d4f33902091b05580678078639a2b170572ba58b84be91662375f4

Download Submit
C:\Windows\System\nKKZwlH.exe

Filesize
3.8MB

MD5
f8f489079a9c6615a74962dc6feadbbb

SHA1
13f557269300cb7e39029bad660d7236e5f6c4a1

SHA256
4c94916850a5ffb6a1c794d91b3156e7f211aec90373ad37b31a72ddee4d697d

SHA512
be71b8ebc64149f996d1942fda26a4685e91e5c50c4f5025b03adeccb459324c4b02e05cc6c3397dc2a87f4daf46b5a4287b510357fabd4b5ef8d2a95ce0d665

Download Submit
C:\Windows\System\oMEGAiH.exe

Filesize
3.8MB

MD5
bb81981cb5f77ca2cf3bebc3b5759355

SHA1
affb630fc2434917432ef0c8bf4cb378513243c9

SHA256
e21f02cffb9eb1688253b3478239c0a7a88e28502794d34d4d3e6a81059c3aaf

SHA512
62e411f276b575a4f0ecc76d58970a0e0fc5881af8447aacefb1ce02211c0935f8e2bb34a7d1d227f28ba97899a6cdc302fa72bc4aeb8d49a2cc65a0a89220a4

Download Submit
C:\Windows\System\pNFYuZu.exe

Filesize
3.8MB

MD5
7c93fd27a8f1c6c212dd31c6cbae3cc1

SHA1
9c29b40c9751970ce13b7487becc1eab8b10d5f9

SHA256
bb658bfdac4f99321f3b180f051e4ce200229b21b4bc71faffe2570a390658ee

SHA512
068d04d4e0269b37d678f5f45d689ce5d1abf5d2a00cd0df0fb6ae9328280e63e8f73904d8a84f26756b00c801f4d05791a73e7f2d327fb3c33dfbbe6f9c0473

Download Submit
C:\Windows\System\vEOezoI.exe

Filesize
3.8MB

MD5
68e76961dffa0a8d61546c93e62322f9

SHA1
38338361d3af98aa81c1eded68d289bcb6011b40

SHA256
9f272eafddd9806b646df0e93396c145d8d28e3b1a3d416baf2691ee02a34bb4

SHA512
a63226f1a5c709e218808f719e518edbb9786312912cbdf4c16e870cac0c0f8d33f577bd5a6fa21ec1a314d610117bff19e4834f3b2ac3033b2e0fa4869a39bd

Download Submit
C:\Windows\System\vXXpKaH.exe

Filesize
3.8MB

MD5
12b70a7f648aeb15e25445f58e4c82c4

SHA1
44cab913be11a7357fcc892de9fa531107175d90

SHA256
2209749f777a77abd6ee3431e5ce766787a6a53df2a7fe7738c61dfd5b56095f

SHA512
ec4d75a0e02840c2a77d2c930604ec3e6a5cd39eb9ec77723ee6dd5ac3b2b9dd6e252b618926d39dda31659d52cac90720fb71a8c64e24253c19ed81d3fa39ce

Download Submit
C:\Windows\System\vfLhIez.exe

Filesize
3.8MB

MD5
5a08708416d281c3660a16cabc9c66e2

SHA1
8a9bd13b8da544d0ec4a779c076d45e4764041aa

SHA256
98c2d97df6ebf1ba86b66b78fcad1e2019a64921a6ece404d0c27bb7493c90c0

SHA512
3b08f69c0a331143bc8b39b8226437281520a55447ce82ae8f7b271b3a5e6de576215a0861ad076960b3a272380c7edff173643c0d6d8afc63bb505a219abc7a

Download Submit
C:\Windows\System\vsWLHCW.exe

Filesize
3.8MB

MD5
44803fd8827244cd344f6089fb5ecd05

SHA1
eec4b9d93fb1df6c28d91f1ac216a0a1b641dd5b

SHA256
690845947044a8693b371a71523bda0e48912dff5da04a40a8f64adf8c11cfa2

SHA512
8e69adad92b2151f5084f4ec1d99c416a9b38fe37e575cdbfc292ab5ed66336422b4e47c6eb2ef76f6276230e71ed5b9d71535a2b49458546157bc123af8d62e

Download Submit
C:\Windows\System\xOqHWje.exe

Filesize
3.8MB

MD5
9483db19b698aa246332793e67c62dc0

SHA1
42ce683723cec7201217d0c0eb43ff975c77b8f0

SHA256
c14abd6a581b914ba206f832b1cd0099d12b694fcd7b40832903171ce65243a9

SHA512
e931c66296361b2fac2835de8924c7df7edea363a695699ffc8e8775ab9848f986438b5094b890faaf79ff7ad133059a8143a8915ce5ced3e7948a91cf1d12e8

Download Submit
C:\Windows\System\yPGxdDy.exe

Filesize
3.8MB

MD5
1bf3056fca485e9c42c8258f3bc9cf2a

SHA1
bd4527033125bb4c45f92f8c1d5e22bdad57836e

SHA256
1842327a71420a891b4c31109ea76adeb2fa91e88ece740b1946cb4c3873a351

SHA512
cc004e15127ace5ee9683ecd25e19ed8cc322305e458c12e153e49bfd149270addbb0bac388b9cc3a0c9315438f1464d1bfc7f13c790b423ce86e7b5872710bb

Download Submit
C:\Windows\System\zSPmhzr.exe

Filesize
3.8MB

MD5
0d6015d6f3b43427e2afc0c577cb3752

SHA1
6013064b6348eb5352412901bbbf10f6c763405b

SHA256
18260a852ab7485d2a21c00e19e31652de1e710f860c3724e186e0d54b8a5982

SHA512
90f8060f0d1ad64817b26232629fec7364faab914744ca288c9d151177a09889a31cf148b2d850ee10c920c2f59334ec2d315196e6436f94b2a83d26e137edfc

Download Submit
memory/404-131-0x00007FF6C2690000-0x00007FF6C29E1000-memory.dmp

Filesize
3.3MB

Download
memory/404-2303-0x00007FF6C2690000-0x00007FF6C29E1000-memory.dmp

Filesize
3.3MB

Download
memory/556-2301-0x00007FF7DEFC0000-0x00007FF7DF311000-memory.dmp

Filesize
3.3MB

Download
memory/556-149-0x00007FF7DEFC0000-0x00007FF7DF311000-memory.dmp

Filesize
3.3MB

Download
memory/1044-2294-0x00007FF7F07B0000-0x00007FF7F0B01000-memory.dmp

Filesize
3.3MB

Download
memory/1044-169-0x00007FF7F07B0000-0x00007FF7F0B01000-memory.dmp

Filesize
3.3MB

Download
memory/1044-76-0x00007FF7F07B0000-0x00007FF7F0B01000-memory.dmp

Filesize
3.3MB

Download
memory/1160-2305-0x00007FF6BC280000-0x00007FF6BC5D1000-memory.dmp

Filesize
3.3MB

Download
memory/1160-140-0x00007FF6BC280000-0x00007FF6BC5D1000-memory.dmp

Filesize
3.3MB

Download
memory/1260-142-0x00007FF664600000-0x00007FF664951000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2312-0x00007FF664600000-0x00007FF664951000-memory.dmp

Filesize
3.3MB

Download
memory/1588-127-0x00007FF7346C0000-0x00007FF734A11000-memory.dmp

Filesize
3.3MB

Download
memory/1588-2315-0x00007FF7346C0000-0x00007FF734A11000-memory.dmp

Filesize
3.3MB

Download
memory/1608-146-0x00007FF786060000-0x00007FF7863B1000-memory.dmp

Filesize
3.3MB

Download
memory/1608-2323-0x00007FF786060000-0x00007FF7863B1000-memory.dmp

Filesize
3.3MB

Download
memory/1684-203-0x00007FF7C6B20000-0x00007FF7C6E71000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2426-0x00007FF7C6B20000-0x00007FF7C6E71000-memory.dmp

Filesize
3.3MB

Download
memory/1760-2319-0x00007FF7E0FF0000-0x00007FF7E1341000-memory.dmp

Filesize
3.3MB

Download
memory/1760-144-0x00007FF7E0FF0000-0x00007FF7E1341000-memory.dmp

Filesize
3.3MB

Download
memory/1928-151-0x00007FF6E4930000-0x00007FF6E4C81000-memory.dmp

Filesize
3.3MB

Download
memory/1928-2308-0x00007FF6E4930000-0x00007FF6E4C81000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2431-0x00007FF63E3C0000-0x00007FF63E711000-memory.dmp

Filesize
3.3MB

Download
memory/2120-250-0x00007FF63E3C0000-0x00007FF63E711000-memory.dmp

Filesize
3.3MB

Download
memory/2344-2310-0x00007FF647390000-0x00007FF6476E1000-memory.dmp

Filesize
3.3MB

Download
memory/2344-141-0x00007FF647390000-0x00007FF6476E1000-memory.dmp

Filesize
3.3MB

Download
memory/2388-145-0x00007FF6FB7B0000-0x00007FF6FBB01000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2321-0x00007FF6FB7B0000-0x00007FF6FBB01000-memory.dmp

Filesize
3.3MB

Download
memory/2664-148-0x00007FF70DEA0000-0x00007FF70E1F1000-memory.dmp

Filesize
3.3MB

Download
memory/2664-2292-0x00007FF70DEA0000-0x00007FF70E1F1000-memory.dmp

Filesize
3.3MB

Download
memory/2908-36-0x00007FF6C9B90000-0x00007FF6C9EE1000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2276-0x00007FF6C9B90000-0x00007FF6C9EE1000-memory.dmp

Filesize
3.3MB

Download
memory/2912-48-0x00007FF676710000-0x00007FF676A61000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2280-0x00007FF676710000-0x00007FF676A61000-memory.dmp

Filesize
3.3MB

Download
memory/3060-91-0x00007FF622D60000-0x00007FF6230B1000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2284-0x00007FF622D60000-0x00007FF6230B1000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2299-0x00007FF7919D0000-0x00007FF791D21000-memory.dmp

Filesize
3.3MB

Download
memory/3068-117-0x00007FF7919D0000-0x00007FF791D21000-memory.dmp

Filesize
3.3MB

Download
memory/3436-0-0x00007FF7383D0000-0x00007FF738721000-memory.dmp

Filesize
3.3MB

Download
memory/3436-1-0x00000210CFDC0000-0x00000210CFDD0000-memory.dmp

Filesize
64KB

Download
memory/3436-160-0x00007FF7383D0000-0x00007FF738721000-memory.dmp

Filesize
3.3MB

Download
memory/3604-164-0x00007FF7EF890000-0x00007FF7EFBE1000-memory.dmp

Filesize
3.3MB

Download
memory/3604-24-0x00007FF7EF890000-0x00007FF7EFBE1000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2286-0x00007FF7EF890000-0x00007FF7EFBE1000-memory.dmp

Filesize
3.3MB

Download
memory/3708-2288-0x00007FF737530000-0x00007FF737881000-memory.dmp

Filesize
3.3MB

Download
memory/3708-147-0x00007FF737530000-0x00007FF737881000-memory.dmp

Filesize
3.3MB

Download
memory/3864-2295-0x00007FF7C8810000-0x00007FF7C8B61000-memory.dmp

Filesize
3.3MB

Download
memory/3864-101-0x00007FF7C8810000-0x00007FF7C8B61000-memory.dmp

Filesize
3.3MB

Download
memory/4044-168-0x00007FF761C50000-0x00007FF761FA1000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2283-0x00007FF761C50000-0x00007FF761FA1000-memory.dmp

Filesize
3.3MB

Download
memory/4044-58-0x00007FF761C50000-0x00007FF761FA1000-memory.dmp

Filesize
3.3MB

Download
memory/4192-264-0x00007FF660F90000-0x00007FF6612E1000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2428-0x00007FF660F90000-0x00007FF6612E1000-memory.dmp

Filesize
3.3MB

Download
memory/4360-2436-0x00007FF623E30000-0x00007FF624181000-memory.dmp

Filesize
3.3MB

Download
memory/4360-255-0x00007FF623E30000-0x00007FF624181000-memory.dmp

Filesize
3.3MB

Download
memory/4604-161-0x00007FF6AAD70000-0x00007FF6AB0C1000-memory.dmp

Filesize
3.3MB

Download
memory/4604-8-0x00007FF6AAD70000-0x00007FF6AB0C1000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2317-0x00007FF7BBB40000-0x00007FF7BBE91000-memory.dmp

Filesize
3.3MB

Download
memory/4780-143-0x00007FF7BBB40000-0x00007FF7BBE91000-memory.dmp

Filesize
3.3MB

Download
memory/4880-2314-0x00007FF723A00000-0x00007FF723D51000-memory.dmp

Filesize
3.3MB

Download
memory/4880-152-0x00007FF723A00000-0x00007FF723D51000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2278-0x00007FF726210000-0x00007FF726561000-memory.dmp

Filesize
3.3MB

Download
memory/4984-162-0x00007FF726210000-0x00007FF726561000-memory.dmp

Filesize
3.3MB

Download
memory/4984-13-0x00007FF726210000-0x00007FF726561000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2297-0x00007FF637400000-0x00007FF637751000-memory.dmp

Filesize
3.3MB

Download
memory/5072-150-0x00007FF637400000-0x00007FF637751000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads