xmrig | d3f5743329c8f97f23303a57be2bab98489b2f7c1c37ca984f6d6b1d8afb2d7f

Analysis

max time kernel
110s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2024, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6087041e58ba9263a1f4b62001a62110N.exe
Size

1.6MB
MD5

6087041e58ba9263a1f4b62001a62110
SHA1

4a5c55e158d949f59f769e43ac279b639671d35b
SHA256

d3f5743329c8f97f23303a57be2bab98489b2f7c1c37ca984f6d6b1d8afb2d7f
SHA512

13f2dda8d2cae2086b83b596c07e31992b20f8924962190e80f78b9e93710ddbe1df8aca245398b7e9570bd6a0eb84f455d313e9e00fda365efbc89818e1353a
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlOqzJO0L0+EYPcfgV/4zuq/lw4244PNJ+SZ7tR7lW9:knw9oUUEEDlOuJvhV/yl14P9ny

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral2/memory/2604-36-0x00007FF6042E0000-0x00007FF6046D1000-memory.dmp	xmrig
behavioral2/memory/748-405-0x00007FF7B10C0000-0x00007FF7B14B1000-memory.dmp	xmrig
behavioral2/memory/3448-39-0x00007FF7388C0000-0x00007FF738CB1000-memory.dmp	xmrig
behavioral2/memory/3924-406-0x00007FF6960E0000-0x00007FF6964D1000-memory.dmp	xmrig
behavioral2/memory/2480-407-0x00007FF7AABA0000-0x00007FF7AAF91000-memory.dmp	xmrig
behavioral2/memory/4672-24-0x00007FF728B10000-0x00007FF728F01000-memory.dmp	xmrig
behavioral2/memory/4316-21-0x00007FF6D5B90000-0x00007FF6D5F81000-memory.dmp	xmrig
behavioral2/memory/2052-408-0x00007FF7AD710000-0x00007FF7ADB01000-memory.dmp	xmrig
behavioral2/memory/3192-417-0x00007FF648F70000-0x00007FF649361000-memory.dmp	xmrig
behavioral2/memory/3348-413-0x00007FF683D50000-0x00007FF684141000-memory.dmp	xmrig
behavioral2/memory/3776-430-0x00007FF6CF970000-0x00007FF6CFD61000-memory.dmp	xmrig
behavioral2/memory/1360-444-0x00007FF7E6F30000-0x00007FF7E7321000-memory.dmp	xmrig
behavioral2/memory/1056-447-0x00007FF707240000-0x00007FF707631000-memory.dmp	xmrig
behavioral2/memory/3160-450-0x00007FF687240000-0x00007FF687631000-memory.dmp	xmrig
behavioral2/memory/3544-454-0x00007FF652780000-0x00007FF652B71000-memory.dmp	xmrig
behavioral2/memory/4192-461-0x00007FF6695E0000-0x00007FF6699D1000-memory.dmp	xmrig
behavioral2/memory/3552-476-0x00007FF685100000-0x00007FF6854F1000-memory.dmp	xmrig
behavioral2/memory/3864-464-0x00007FF6D8C60000-0x00007FF6D9051000-memory.dmp	xmrig
behavioral2/memory/2516-485-0x00007FF76A710000-0x00007FF76AB01000-memory.dmp	xmrig
behavioral2/memory/3476-496-0x00007FF635E40000-0x00007FF636231000-memory.dmp	xmrig
behavioral2/memory/2988-498-0x00007FF67B570000-0x00007FF67B961000-memory.dmp	xmrig
behavioral2/memory/3804-1998-0x00007FF628B00000-0x00007FF628EF1000-memory.dmp	xmrig
behavioral2/memory/8-1999-0x00007FF60FE10000-0x00007FF610201000-memory.dmp	xmrig
behavioral2/memory/4316-2001-0x00007FF6D5B90000-0x00007FF6D5F81000-memory.dmp	xmrig
behavioral2/memory/2604-2003-0x00007FF6042E0000-0x00007FF6046D1000-memory.dmp	xmrig
behavioral2/memory/4672-2005-0x00007FF728B10000-0x00007FF728F01000-memory.dmp	xmrig
behavioral2/memory/3448-2007-0x00007FF7388C0000-0x00007FF738CB1000-memory.dmp	xmrig
behavioral2/memory/3804-2009-0x00007FF628B00000-0x00007FF628EF1000-memory.dmp	xmrig
behavioral2/memory/3924-2018-0x00007FF6960E0000-0x00007FF6964D1000-memory.dmp	xmrig
behavioral2/memory/3192-2026-0x00007FF648F70000-0x00007FF649361000-memory.dmp	xmrig
behavioral2/memory/1360-2030-0x00007FF7E6F30000-0x00007FF7E7321000-memory.dmp	xmrig
behavioral2/memory/1056-2032-0x00007FF707240000-0x00007FF707631000-memory.dmp	xmrig
behavioral2/memory/3776-2028-0x00007FF6CF970000-0x00007FF6CFD61000-memory.dmp	xmrig
behavioral2/memory/3348-2024-0x00007FF683D50000-0x00007FF684141000-memory.dmp	xmrig
behavioral2/memory/2480-2022-0x00007FF7AABA0000-0x00007FF7AAF91000-memory.dmp	xmrig
behavioral2/memory/2052-2020-0x00007FF7AD710000-0x00007FF7ADB01000-memory.dmp	xmrig
behavioral2/memory/8-2016-0x00007FF60FE10000-0x00007FF610201000-memory.dmp	xmrig
behavioral2/memory/884-2014-0x00007FF6F0210000-0x00007FF6F0601000-memory.dmp	xmrig
behavioral2/memory/748-2012-0x00007FF7B10C0000-0x00007FF7B14B1000-memory.dmp	xmrig
behavioral2/memory/3864-2107-0x00007FF6D8C60000-0x00007FF6D9051000-memory.dmp	xmrig
behavioral2/memory/2988-2106-0x00007FF67B570000-0x00007FF67B961000-memory.dmp	xmrig
behavioral2/memory/3160-2102-0x00007FF687240000-0x00007FF687631000-memory.dmp	xmrig
behavioral2/memory/3476-2083-0x00007FF635E40000-0x00007FF636231000-memory.dmp	xmrig
behavioral2/memory/3552-2074-0x00007FF685100000-0x00007FF6854F1000-memory.dmp	xmrig
behavioral2/memory/2516-2062-0x00007FF76A710000-0x00007FF76AB01000-memory.dmp	xmrig
behavioral2/memory/3544-2104-0x00007FF652780000-0x00007FF652B71000-memory.dmp	xmrig
behavioral2/memory/4192-2087-0x00007FF6695E0000-0x00007FF6699D1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4316	hBrXDcL.exe
2604	CsEZvXC.exe
4672	WuipUgQ.exe
3804	joDlmEq.exe
3448	JrKPezU.exe
8	hiAqHnX.exe
884	BVNSLEj.exe
748	xevkCdZ.exe
3924	mBTfaCZ.exe
2480	NcWNxmf.exe
2052	TzaYVdc.exe
3348	AoCekBo.exe
3192	QkpUheK.exe
3776	qbiuiRe.exe
1360	CLGvJPg.exe
1056	axjbtfU.exe
3160	dIVnVlO.exe
3544	tQFOTft.exe
4192	nEQIGrD.exe
3864	fjCdshy.exe
3552	ZuzDyEn.exe
2516	aZPZxlQ.exe
3476	KAjLgAn.exe
2988	CvmCyVK.exe
2040	jiJBwQo.exe
4504	FNrGNAH.exe
4260	zBMrYSJ.exe
5096	ieAuOOb.exe
536	djskQma.exe
2176	tSSXlmT.exe
4556	zFLpiCx.exe
4532	beRUBxK.exe
4640	IICMRlG.exe
1612	UDypMRY.exe
1852	iNCxVKg.exe
2096	xlAuZdV.exe
1812	XxjwqoD.exe
1828	oslAoyx.exe
2168	RDaDTgH.exe
3772	yWQEWUR.exe
1276	zAxvodC.exe
864	nZCypGx.exe
1264	SgOxKGQ.exe
4676	zCEATxG.exe
2768	ZjOLlgH.exe
5012	jJnOwKX.exe
4116	BXYJTMk.exe
1664	opELRdx.exe
1620	UMNsXeU.exe
4244	IHiTYOt.exe
3140	IxwTpZp.exe
2204	WqeDdTV.exe
3268	AgRkHkW.exe
2696	EYJiSVp.exe
2484	RnYMrhU.exe
636	ooubOwf.exe
2716	INtnKqV.exe
4916	rEiXqej.exe
3008	WpwIaYE.exe
4248	BrEABpu.exe
1220	Kipxczx.exe
2116	pRPHmba.exe
4252	jyqbsqc.exe
868	FCoCICH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4480-0-0x00007FF67C030000-0x00007FF67C421000-memory.dmp	upx
behavioral2/files/0x0009000000023499-5.dat	upx
behavioral2/files/0x00070000000234f6-14.dat	upx
behavioral2/files/0x00070000000234f7-13.dat	upx
behavioral2/files/0x00070000000234f8-16.dat	upx
behavioral2/files/0x00070000000234f9-25.dat	upx
behavioral2/memory/3804-32-0x00007FF628B00000-0x00007FF628EF1000-memory.dmp	upx
behavioral2/memory/2604-36-0x00007FF6042E0000-0x00007FF6046D1000-memory.dmp	upx
behavioral2/files/0x00070000000234fb-40.dat	upx
behavioral2/files/0x00070000000234fc-44.dat	upx
behavioral2/files/0x00070000000234fe-55.dat	upx
behavioral2/files/0x00070000000234ff-60.dat	upx
behavioral2/files/0x0007000000023503-86.dat	upx
behavioral2/files/0x0007000000023508-111.dat	upx
behavioral2/files/0x000700000002350b-120.dat	upx
behavioral2/files/0x0007000000023511-156.dat	upx
behavioral2/memory/748-405-0x00007FF7B10C0000-0x00007FF7B14B1000-memory.dmp	upx
behavioral2/files/0x0007000000023514-168.dat	upx
behavioral2/files/0x0007000000023513-166.dat	upx
behavioral2/files/0x0007000000023512-161.dat	upx
behavioral2/files/0x0007000000023510-148.dat	upx
behavioral2/files/0x000700000002350f-144.dat	upx
behavioral2/files/0x000700000002350e-138.dat	upx
behavioral2/files/0x000700000002350d-133.dat	upx
behavioral2/files/0x000700000002350c-131.dat	upx
behavioral2/files/0x000700000002350a-118.dat	upx
behavioral2/files/0x0007000000023509-116.dat	upx
behavioral2/files/0x0007000000023507-106.dat	upx
behavioral2/files/0x0007000000023506-98.dat	upx
behavioral2/files/0x0007000000023505-96.dat	upx
behavioral2/files/0x0007000000023504-88.dat	upx
behavioral2/files/0x0007000000023502-78.dat	upx
behavioral2/files/0x0007000000023501-73.dat	upx
behavioral2/files/0x0007000000023500-68.dat	upx
behavioral2/files/0x00070000000234fd-53.dat	upx
behavioral2/memory/884-43-0x00007FF6F0210000-0x00007FF6F0601000-memory.dmp	upx
behavioral2/memory/3448-39-0x00007FF7388C0000-0x00007FF738CB1000-memory.dmp	upx
behavioral2/memory/8-34-0x00007FF60FE10000-0x00007FF610201000-memory.dmp	upx
behavioral2/files/0x00070000000234fa-35.dat	upx
behavioral2/memory/3924-406-0x00007FF6960E0000-0x00007FF6964D1000-memory.dmp	upx
behavioral2/memory/2480-407-0x00007FF7AABA0000-0x00007FF7AAF91000-memory.dmp	upx
behavioral2/memory/4672-24-0x00007FF728B10000-0x00007FF728F01000-memory.dmp	upx
behavioral2/memory/4316-21-0x00007FF6D5B90000-0x00007FF6D5F81000-memory.dmp	upx
behavioral2/memory/2052-408-0x00007FF7AD710000-0x00007FF7ADB01000-memory.dmp	upx
behavioral2/memory/3192-417-0x00007FF648F70000-0x00007FF649361000-memory.dmp	upx
behavioral2/memory/3348-413-0x00007FF683D50000-0x00007FF684141000-memory.dmp	upx
behavioral2/memory/3776-430-0x00007FF6CF970000-0x00007FF6CFD61000-memory.dmp	upx
behavioral2/memory/1360-444-0x00007FF7E6F30000-0x00007FF7E7321000-memory.dmp	upx
behavioral2/memory/1056-447-0x00007FF707240000-0x00007FF707631000-memory.dmp	upx
behavioral2/memory/3160-450-0x00007FF687240000-0x00007FF687631000-memory.dmp	upx
behavioral2/memory/3544-454-0x00007FF652780000-0x00007FF652B71000-memory.dmp	upx
behavioral2/memory/4192-461-0x00007FF6695E0000-0x00007FF6699D1000-memory.dmp	upx
behavioral2/memory/3552-476-0x00007FF685100000-0x00007FF6854F1000-memory.dmp	upx
behavioral2/memory/3864-464-0x00007FF6D8C60000-0x00007FF6D9051000-memory.dmp	upx
behavioral2/memory/2516-485-0x00007FF76A710000-0x00007FF76AB01000-memory.dmp	upx
behavioral2/memory/3476-496-0x00007FF635E40000-0x00007FF636231000-memory.dmp	upx
behavioral2/memory/2988-498-0x00007FF67B570000-0x00007FF67B961000-memory.dmp	upx
behavioral2/memory/3804-1998-0x00007FF628B00000-0x00007FF628EF1000-memory.dmp	upx
behavioral2/memory/8-1999-0x00007FF60FE10000-0x00007FF610201000-memory.dmp	upx
behavioral2/memory/4316-2001-0x00007FF6D5B90000-0x00007FF6D5F81000-memory.dmp	upx
behavioral2/memory/2604-2003-0x00007FF6042E0000-0x00007FF6046D1000-memory.dmp	upx
behavioral2/memory/4672-2005-0x00007FF728B10000-0x00007FF728F01000-memory.dmp	upx
behavioral2/memory/3448-2007-0x00007FF7388C0000-0x00007FF738CB1000-memory.dmp	upx
behavioral2/memory/3804-2009-0x00007FF628B00000-0x00007FF628EF1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\rpetTWV.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\vkBdgFe.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\MIqoNou.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\rAZmWrr.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\rbNAmzN.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\uqfQnck.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\VIpjUnr.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\uMeeceA.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\vAKynZZ.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\mLAlHHw.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\ZuAHFnM.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\jiJBwQo.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\BXYJTMk.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\EaWQxkC.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\CvnSuOh.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\IUlyxpy.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\yoJpfrE.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\DhaaIcp.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\hfHFLJM.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\uBIoerL.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\VcTanRw.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\zbCwddo.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\OAtIauI.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\yGjGwuq.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\NcWNxmf.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\xlAuZdV.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\stiCiaE.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\zuCeCen.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\QSoTFGh.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\OgawFUc.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\LktZuYI.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\OxMWJai.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\DPMKzih.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\EHHDxVK.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\IHCIyMo.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\nZRSdsq.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\AgRkHkW.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\DkPnDsE.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\OvGHGpo.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\xUwkVSK.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\AKEYlfw.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\zFLpiCx.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\KjJryyw.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\XhfcDYq.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\fnhAMbz.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\acwjoXj.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\vbvjDjz.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\hTiShPB.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\LtMPkbo.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\FLnpNmx.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\DxZHCKk.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\VcalldM.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\dOKwDOg.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\fArOHyv.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\dGymChv.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\FCoCICH.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\PqSAGfS.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\pOWtlwW.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\oCsLSep.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\PlIJvpA.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\TFWfaXB.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\BrEABpu.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\bDoqIOQ.exe	6087041e58ba9263a1f4b62001a62110N.exe
File created	C:\Windows\System32\vxjGOgO.exe	6087041e58ba9263a1f4b62001a62110N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	468	dwm.exe
Token: SeChangeNotifyPrivilege	468	dwm.exe
Token: 33	468	dwm.exe
Token: SeIncBasePriorityPrivilege	468	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 4316	4480	6087041e58ba9263a1f4b62001a62110N.exe	85
PID 4480 wrote to memory of 4316	4480	6087041e58ba9263a1f4b62001a62110N.exe	85
PID 4480 wrote to memory of 2604	4480	6087041e58ba9263a1f4b62001a62110N.exe	86
PID 4480 wrote to memory of 2604	4480	6087041e58ba9263a1f4b62001a62110N.exe	86
PID 4480 wrote to memory of 4672	4480	6087041e58ba9263a1f4b62001a62110N.exe	87
PID 4480 wrote to memory of 4672	4480	6087041e58ba9263a1f4b62001a62110N.exe	87
PID 4480 wrote to memory of 3804	4480	6087041e58ba9263a1f4b62001a62110N.exe	88
PID 4480 wrote to memory of 3804	4480	6087041e58ba9263a1f4b62001a62110N.exe	88
PID 4480 wrote to memory of 3448	4480	6087041e58ba9263a1f4b62001a62110N.exe	89
PID 4480 wrote to memory of 3448	4480	6087041e58ba9263a1f4b62001a62110N.exe	89
PID 4480 wrote to memory of 8	4480	6087041e58ba9263a1f4b62001a62110N.exe	90
PID 4480 wrote to memory of 8	4480	6087041e58ba9263a1f4b62001a62110N.exe	90
PID 4480 wrote to memory of 884	4480	6087041e58ba9263a1f4b62001a62110N.exe	91
PID 4480 wrote to memory of 884	4480	6087041e58ba9263a1f4b62001a62110N.exe	91
PID 4480 wrote to memory of 748	4480	6087041e58ba9263a1f4b62001a62110N.exe	92
PID 4480 wrote to memory of 748	4480	6087041e58ba9263a1f4b62001a62110N.exe	92
PID 4480 wrote to memory of 3924	4480	6087041e58ba9263a1f4b62001a62110N.exe	93
PID 4480 wrote to memory of 3924	4480	6087041e58ba9263a1f4b62001a62110N.exe	93
PID 4480 wrote to memory of 2480	4480	6087041e58ba9263a1f4b62001a62110N.exe	94
PID 4480 wrote to memory of 2480	4480	6087041e58ba9263a1f4b62001a62110N.exe	94
PID 4480 wrote to memory of 2052	4480	6087041e58ba9263a1f4b62001a62110N.exe	95
PID 4480 wrote to memory of 2052	4480	6087041e58ba9263a1f4b62001a62110N.exe	95
PID 4480 wrote to memory of 3348	4480	6087041e58ba9263a1f4b62001a62110N.exe	96
PID 4480 wrote to memory of 3348	4480	6087041e58ba9263a1f4b62001a62110N.exe	96
PID 4480 wrote to memory of 3192	4480	6087041e58ba9263a1f4b62001a62110N.exe	97
PID 4480 wrote to memory of 3192	4480	6087041e58ba9263a1f4b62001a62110N.exe	97
PID 4480 wrote to memory of 3776	4480	6087041e58ba9263a1f4b62001a62110N.exe	98
PID 4480 wrote to memory of 3776	4480	6087041e58ba9263a1f4b62001a62110N.exe	98
PID 4480 wrote to memory of 1360	4480	6087041e58ba9263a1f4b62001a62110N.exe	99
PID 4480 wrote to memory of 1360	4480	6087041e58ba9263a1f4b62001a62110N.exe	99
PID 4480 wrote to memory of 1056	4480	6087041e58ba9263a1f4b62001a62110N.exe	100
PID 4480 wrote to memory of 1056	4480	6087041e58ba9263a1f4b62001a62110N.exe	100
PID 4480 wrote to memory of 3160	4480	6087041e58ba9263a1f4b62001a62110N.exe	101
PID 4480 wrote to memory of 3160	4480	6087041e58ba9263a1f4b62001a62110N.exe	101
PID 4480 wrote to memory of 3544	4480	6087041e58ba9263a1f4b62001a62110N.exe	102
PID 4480 wrote to memory of 3544	4480	6087041e58ba9263a1f4b62001a62110N.exe	102
PID 4480 wrote to memory of 4192	4480	6087041e58ba9263a1f4b62001a62110N.exe	103
PID 4480 wrote to memory of 4192	4480	6087041e58ba9263a1f4b62001a62110N.exe	103
PID 4480 wrote to memory of 3864	4480	6087041e58ba9263a1f4b62001a62110N.exe	104
PID 4480 wrote to memory of 3864	4480	6087041e58ba9263a1f4b62001a62110N.exe	104
PID 4480 wrote to memory of 3552	4480	6087041e58ba9263a1f4b62001a62110N.exe	105
PID 4480 wrote to memory of 3552	4480	6087041e58ba9263a1f4b62001a62110N.exe	105
PID 4480 wrote to memory of 2516	4480	6087041e58ba9263a1f4b62001a62110N.exe	106
PID 4480 wrote to memory of 2516	4480	6087041e58ba9263a1f4b62001a62110N.exe	106
PID 4480 wrote to memory of 3476	4480	6087041e58ba9263a1f4b62001a62110N.exe	107
PID 4480 wrote to memory of 3476	4480	6087041e58ba9263a1f4b62001a62110N.exe	107
PID 4480 wrote to memory of 2988	4480	6087041e58ba9263a1f4b62001a62110N.exe	108
PID 4480 wrote to memory of 2988	4480	6087041e58ba9263a1f4b62001a62110N.exe	108
PID 4480 wrote to memory of 2040	4480	6087041e58ba9263a1f4b62001a62110N.exe	109
PID 4480 wrote to memory of 2040	4480	6087041e58ba9263a1f4b62001a62110N.exe	109
PID 4480 wrote to memory of 4504	4480	6087041e58ba9263a1f4b62001a62110N.exe	110
PID 4480 wrote to memory of 4504	4480	6087041e58ba9263a1f4b62001a62110N.exe	110
PID 4480 wrote to memory of 4260	4480	6087041e58ba9263a1f4b62001a62110N.exe	111
PID 4480 wrote to memory of 4260	4480	6087041e58ba9263a1f4b62001a62110N.exe	111
PID 4480 wrote to memory of 5096	4480	6087041e58ba9263a1f4b62001a62110N.exe	112
PID 4480 wrote to memory of 5096	4480	6087041e58ba9263a1f4b62001a62110N.exe	112
PID 4480 wrote to memory of 536	4480	6087041e58ba9263a1f4b62001a62110N.exe	113
PID 4480 wrote to memory of 536	4480	6087041e58ba9263a1f4b62001a62110N.exe	113
PID 4480 wrote to memory of 2176	4480	6087041e58ba9263a1f4b62001a62110N.exe	114
PID 4480 wrote to memory of 2176	4480	6087041e58ba9263a1f4b62001a62110N.exe	114
PID 4480 wrote to memory of 4556	4480	6087041e58ba9263a1f4b62001a62110N.exe	115
PID 4480 wrote to memory of 4556	4480	6087041e58ba9263a1f4b62001a62110N.exe	115
PID 4480 wrote to memory of 4532	4480	6087041e58ba9263a1f4b62001a62110N.exe	116
PID 4480 wrote to memory of 4532	4480	6087041e58ba9263a1f4b62001a62110N.exe	116

C:\Users\Admin\AppData\Local\Temp\6087041e58ba9263a1f4b62001a62110N.exe
"C:\Users\Admin\AppData\Local\Temp\6087041e58ba9263a1f4b62001a62110N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Windows\System32\hBrXDcL.exe
  C:\Windows\System32\hBrXDcL.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System32\CsEZvXC.exe
  C:\Windows\System32\CsEZvXC.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System32\WuipUgQ.exe
  C:\Windows\System32\WuipUgQ.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System32\joDlmEq.exe
  C:\Windows\System32\joDlmEq.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System32\JrKPezU.exe
  C:\Windows\System32\JrKPezU.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System32\hiAqHnX.exe
  C:\Windows\System32\hiAqHnX.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System32\BVNSLEj.exe
  C:\Windows\System32\BVNSLEj.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System32\xevkCdZ.exe
  C:\Windows\System32\xevkCdZ.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System32\mBTfaCZ.exe
  C:\Windows\System32\mBTfaCZ.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System32\NcWNxmf.exe
  C:\Windows\System32\NcWNxmf.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System32\TzaYVdc.exe
  C:\Windows\System32\TzaYVdc.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System32\AoCekBo.exe
  C:\Windows\System32\AoCekBo.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System32\QkpUheK.exe
  C:\Windows\System32\QkpUheK.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System32\qbiuiRe.exe
  C:\Windows\System32\qbiuiRe.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System32\CLGvJPg.exe
  C:\Windows\System32\CLGvJPg.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System32\axjbtfU.exe
  C:\Windows\System32\axjbtfU.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System32\dIVnVlO.exe
  C:\Windows\System32\dIVnVlO.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System32\tQFOTft.exe
  C:\Windows\System32\tQFOTft.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System32\nEQIGrD.exe
  C:\Windows\System32\nEQIGrD.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System32\fjCdshy.exe
  C:\Windows\System32\fjCdshy.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System32\ZuzDyEn.exe
  C:\Windows\System32\ZuzDyEn.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System32\aZPZxlQ.exe
  C:\Windows\System32\aZPZxlQ.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System32\KAjLgAn.exe
  C:\Windows\System32\KAjLgAn.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System32\CvmCyVK.exe
  C:\Windows\System32\CvmCyVK.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System32\jiJBwQo.exe
  C:\Windows\System32\jiJBwQo.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System32\FNrGNAH.exe
  C:\Windows\System32\FNrGNAH.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System32\zBMrYSJ.exe
  C:\Windows\System32\zBMrYSJ.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System32\ieAuOOb.exe
  C:\Windows\System32\ieAuOOb.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System32\djskQma.exe
  C:\Windows\System32\djskQma.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System32\tSSXlmT.exe
  C:\Windows\System32\tSSXlmT.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System32\zFLpiCx.exe
  C:\Windows\System32\zFLpiCx.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System32\beRUBxK.exe
  C:\Windows\System32\beRUBxK.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System32\IICMRlG.exe
  C:\Windows\System32\IICMRlG.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System32\UDypMRY.exe
  C:\Windows\System32\UDypMRY.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System32\iNCxVKg.exe
  C:\Windows\System32\iNCxVKg.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System32\xlAuZdV.exe
  C:\Windows\System32\xlAuZdV.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System32\XxjwqoD.exe
  C:\Windows\System32\XxjwqoD.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System32\oslAoyx.exe
  C:\Windows\System32\oslAoyx.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System32\RDaDTgH.exe
  C:\Windows\System32\RDaDTgH.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System32\yWQEWUR.exe
  C:\Windows\System32\yWQEWUR.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System32\zAxvodC.exe
  C:\Windows\System32\zAxvodC.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System32\nZCypGx.exe
  C:\Windows\System32\nZCypGx.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System32\SgOxKGQ.exe
  C:\Windows\System32\SgOxKGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System32\zCEATxG.exe
  C:\Windows\System32\zCEATxG.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System32\ZjOLlgH.exe
  C:\Windows\System32\ZjOLlgH.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System32\jJnOwKX.exe
  C:\Windows\System32\jJnOwKX.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System32\BXYJTMk.exe
  C:\Windows\System32\BXYJTMk.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System32\opELRdx.exe
  C:\Windows\System32\opELRdx.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System32\UMNsXeU.exe
  C:\Windows\System32\UMNsXeU.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System32\IHiTYOt.exe
  C:\Windows\System32\IHiTYOt.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System32\IxwTpZp.exe
  C:\Windows\System32\IxwTpZp.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System32\WqeDdTV.exe
  C:\Windows\System32\WqeDdTV.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System32\AgRkHkW.exe
  C:\Windows\System32\AgRkHkW.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System32\EYJiSVp.exe
  C:\Windows\System32\EYJiSVp.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System32\RnYMrhU.exe
  C:\Windows\System32\RnYMrhU.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System32\ooubOwf.exe
  C:\Windows\System32\ooubOwf.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System32\INtnKqV.exe
  C:\Windows\System32\INtnKqV.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System32\rEiXqej.exe
  C:\Windows\System32\rEiXqej.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System32\WpwIaYE.exe
  C:\Windows\System32\WpwIaYE.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System32\BrEABpu.exe
  C:\Windows\System32\BrEABpu.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System32\Kipxczx.exe
  C:\Windows\System32\Kipxczx.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System32\pRPHmba.exe
  C:\Windows\System32\pRPHmba.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System32\jyqbsqc.exe
  C:\Windows\System32\jyqbsqc.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System32\FCoCICH.exe
  C:\Windows\System32\FCoCICH.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System32\YBVmAoN.exe
  C:\Windows\System32\YBVmAoN.exe
  2⤵
  PID:2136
- C:\Windows\System32\zwTUKYn.exe
  C:\Windows\System32\zwTUKYn.exe
  2⤵
  PID:4288
- C:\Windows\System32\jSedcUc.exe
  C:\Windows\System32\jSedcUc.exe
  2⤵
  PID:4904
- C:\Windows\System32\wxlEmLX.exe
  C:\Windows\System32\wxlEmLX.exe
  2⤵
  PID:3608
- C:\Windows\System32\FMOPWcu.exe
  C:\Windows\System32\FMOPWcu.exe
  2⤵
  PID:3352
- C:\Windows\System32\rAZmWrr.exe
  C:\Windows\System32\rAZmWrr.exe
  2⤵
  PID:2212
- C:\Windows\System32\JaGsEFm.exe
  C:\Windows\System32\JaGsEFm.exe
  2⤵
  PID:4944
- C:\Windows\System32\SVrpilX.exe
  C:\Windows\System32\SVrpilX.exe
  2⤵
  PID:4052
- C:\Windows\System32\UeMEXjo.exe
  C:\Windows\System32\UeMEXjo.exe
  2⤵
  PID:4484
- C:\Windows\System32\uoKIYQU.exe
  C:\Windows\System32\uoKIYQU.exe
  2⤵
  PID:5048
- C:\Windows\System32\VrRsHhp.exe
  C:\Windows\System32\VrRsHhp.exe
  2⤵
  PID:4580
- C:\Windows\System32\aupHGVH.exe
  C:\Windows\System32\aupHGVH.exe
  2⤵
  PID:4724
- C:\Windows\System32\AAjmaCo.exe
  C:\Windows\System32\AAjmaCo.exe
  2⤵
  PID:3764
- C:\Windows\System32\WuhovZO.exe
  C:\Windows\System32\WuhovZO.exe
  2⤵
  PID:1516
- C:\Windows\System32\DfIukXG.exe
  C:\Windows\System32\DfIukXG.exe
  2⤵
  PID:2632
- C:\Windows\System32\DjDpIgc.exe
  C:\Windows\System32\DjDpIgc.exe
  2⤵
  PID:3920
- C:\Windows\System32\uszAAzl.exe
  C:\Windows\System32\uszAAzl.exe
  2⤵
  PID:4276
- C:\Windows\System32\lGFKJCo.exe
  C:\Windows\System32\lGFKJCo.exe
  2⤵
  PID:4108
- C:\Windows\System32\jYLTDVa.exe
  C:\Windows\System32\jYLTDVa.exe
  2⤵
  PID:2352
- C:\Windows\System32\zBoodgu.exe
  C:\Windows\System32\zBoodgu.exe
  2⤵
  PID:3656
- C:\Windows\System32\qQsmXlW.exe
  C:\Windows\System32\qQsmXlW.exe
  2⤵
  PID:3356
- C:\Windows\System32\VnladfR.exe
  C:\Windows\System32\VnladfR.exe
  2⤵
  PID:3076
- C:\Windows\System32\xBeoUln.exe
  C:\Windows\System32\xBeoUln.exe
  2⤵
  PID:3044
- C:\Windows\System32\SBvPwqN.exe
  C:\Windows\System32\SBvPwqN.exe
  2⤵
  PID:976
- C:\Windows\System32\EtIKMMB.exe
  C:\Windows\System32\EtIKMMB.exe
  2⤵
  PID:3548
- C:\Windows\System32\AspXHfS.exe
  C:\Windows\System32\AspXHfS.exe
  2⤵
  PID:5136
- C:\Windows\System32\jIlluzE.exe
  C:\Windows\System32\jIlluzE.exe
  2⤵
  PID:5164
- C:\Windows\System32\eJRviNZ.exe
  C:\Windows\System32\eJRviNZ.exe
  2⤵
  PID:5188
- C:\Windows\System32\rJgPjXy.exe
  C:\Windows\System32\rJgPjXy.exe
  2⤵
  PID:5220
- C:\Windows\System32\YObvalp.exe
  C:\Windows\System32\YObvalp.exe
  2⤵
  PID:5248
- C:\Windows\System32\qlSeacM.exe
  C:\Windows\System32\qlSeacM.exe
  2⤵
  PID:5276
- C:\Windows\System32\stiCiaE.exe
  C:\Windows\System32\stiCiaE.exe
  2⤵
  PID:5308
- C:\Windows\System32\MqTJMMk.exe
  C:\Windows\System32\MqTJMMk.exe
  2⤵
  PID:5332
- C:\Windows\System32\DFRjuHS.exe
  C:\Windows\System32\DFRjuHS.exe
  2⤵
  PID:5360
- C:\Windows\System32\onmVARt.exe
  C:\Windows\System32\onmVARt.exe
  2⤵
  PID:5388
- C:\Windows\System32\DjabfuK.exe
  C:\Windows\System32\DjabfuK.exe
  2⤵
  PID:5416
- C:\Windows\System32\LLtsyPp.exe
  C:\Windows\System32\LLtsyPp.exe
  2⤵
  PID:5444
- C:\Windows\System32\eQlNtcp.exe
  C:\Windows\System32\eQlNtcp.exe
  2⤵
  PID:5496
- C:\Windows\System32\svgxEWw.exe
  C:\Windows\System32\svgxEWw.exe
  2⤵
  PID:5512
- C:\Windows\System32\tUwAdkk.exe
  C:\Windows\System32\tUwAdkk.exe
  2⤵
  PID:5528
- C:\Windows\System32\oNYAZXH.exe
  C:\Windows\System32\oNYAZXH.exe
  2⤵
  PID:5556
- C:\Windows\System32\QSoTFGh.exe
  C:\Windows\System32\QSoTFGh.exe
  2⤵
  PID:5584
- C:\Windows\System32\rZDicCA.exe
  C:\Windows\System32\rZDicCA.exe
  2⤵
  PID:5612
- C:\Windows\System32\MUZesRY.exe
  C:\Windows\System32\MUZesRY.exe
  2⤵
  PID:5640
- C:\Windows\System32\vaIpwMf.exe
  C:\Windows\System32\vaIpwMf.exe
  2⤵
  PID:5668
- C:\Windows\System32\SPgMxmh.exe
  C:\Windows\System32\SPgMxmh.exe
  2⤵
  PID:5696
- C:\Windows\System32\XwKVDKe.exe
  C:\Windows\System32\XwKVDKe.exe
  2⤵
  PID:5724
- C:\Windows\System32\QDvvNUh.exe
  C:\Windows\System32\QDvvNUh.exe
  2⤵
  PID:5824
- C:\Windows\System32\VlvjYfE.exe
  C:\Windows\System32\VlvjYfE.exe
  2⤵
  PID:5844
- C:\Windows\System32\hTiShPB.exe
  C:\Windows\System32\hTiShPB.exe
  2⤵
  PID:5872
- C:\Windows\System32\KHcNdrC.exe
  C:\Windows\System32\KHcNdrC.exe
  2⤵
  PID:5888
- C:\Windows\System32\vOXZjZF.exe
  C:\Windows\System32\vOXZjZF.exe
  2⤵
  PID:5908
- C:\Windows\System32\JKUAVDs.exe
  C:\Windows\System32\JKUAVDs.exe
  2⤵
  PID:5928
- C:\Windows\System32\ogyugVr.exe
  C:\Windows\System32\ogyugVr.exe
  2⤵
  PID:5944
- C:\Windows\System32\iMslzmE.exe
  C:\Windows\System32\iMslzmE.exe
  2⤵
  PID:5960
- C:\Windows\System32\dYLTvkU.exe
  C:\Windows\System32\dYLTvkU.exe
  2⤵
  PID:6064
- C:\Windows\System32\rbNAmzN.exe
  C:\Windows\System32\rbNAmzN.exe
  2⤵
  PID:6080
- C:\Windows\System32\WdLFBrB.exe
  C:\Windows\System32\WdLFBrB.exe
  2⤵
  PID:6112
- C:\Windows\System32\ehbbYTT.exe
  C:\Windows\System32\ehbbYTT.exe
  2⤵
  PID:3200
- C:\Windows\System32\EaWQxkC.exe
  C:\Windows\System32\EaWQxkC.exe
  2⤵
  PID:4364
- C:\Windows\System32\WnMqJAi.exe
  C:\Windows\System32\WnMqJAi.exe
  2⤵
  PID:5036
- C:\Windows\System32\WZBLSOz.exe
  C:\Windows\System32\WZBLSOz.exe
  2⤵
  PID:2400
- C:\Windows\System32\qfkCCvc.exe
  C:\Windows\System32\qfkCCvc.exe
  2⤵
  PID:5172
- C:\Windows\System32\zJDctZI.exe
  C:\Windows\System32\zJDctZI.exe
  2⤵
  PID:5212
- C:\Windows\System32\ExBqRNz.exe
  C:\Windows\System32\ExBqRNz.exe
  2⤵
  PID:1372
- C:\Windows\System32\oICyXdC.exe
  C:\Windows\System32\oICyXdC.exe
  2⤵
  PID:1568
- C:\Windows\System32\PqSAGfS.exe
  C:\Windows\System32\PqSAGfS.exe
  2⤵
  PID:5328
- C:\Windows\System32\iVzjanY.exe
  C:\Windows\System32\iVzjanY.exe
  2⤵
  PID:5344
- C:\Windows\System32\RWnMfAP.exe
  C:\Windows\System32\RWnMfAP.exe
  2⤵
  PID:5040
- C:\Windows\System32\WKJCMbH.exe
  C:\Windows\System32\WKJCMbH.exe
  2⤵
  PID:228
- C:\Windows\System32\CyhGFXu.exe
  C:\Windows\System32\CyhGFXu.exe
  2⤵
  PID:5436
- C:\Windows\System32\fGHIvck.exe
  C:\Windows\System32\fGHIvck.exe
  2⤵
  PID:5464
- C:\Windows\System32\gboektk.exe
  C:\Windows\System32\gboektk.exe
  2⤵
  PID:5456
- C:\Windows\System32\nKvutEr.exe
  C:\Windows\System32\nKvutEr.exe
  2⤵
  PID:5520
- C:\Windows\System32\SAgnufE.exe
  C:\Windows\System32\SAgnufE.exe
  2⤵
  PID:5564
- C:\Windows\System32\hfHFLJM.exe
  C:\Windows\System32\hfHFLJM.exe
  2⤵
  PID:3068
- C:\Windows\System32\wlhCHxu.exe
  C:\Windows\System32\wlhCHxu.exe
  2⤵
  PID:5596
- C:\Windows\System32\IRbdUVu.exe
  C:\Windows\System32\IRbdUVu.exe
  2⤵
  PID:5648
- C:\Windows\System32\emxkqBt.exe
  C:\Windows\System32\emxkqBt.exe
  2⤵
  PID:2328
- C:\Windows\System32\bScRZxc.exe
  C:\Windows\System32\bScRZxc.exe
  2⤵
  PID:5676
- C:\Windows\System32\TbRhPfZ.exe
  C:\Windows\System32\TbRhPfZ.exe
  2⤵
  PID:4624
- C:\Windows\System32\DFVMEDd.exe
  C:\Windows\System32\DFVMEDd.exe
  2⤵
  PID:5920
- C:\Windows\System32\jFfZJrM.exe
  C:\Windows\System32\jFfZJrM.exe
  2⤵
  PID:6008
- C:\Windows\System32\xfwUQcK.exe
  C:\Windows\System32\xfwUQcK.exe
  2⤵
  PID:6052
- C:\Windows\System32\KjJryyw.exe
  C:\Windows\System32\KjJryyw.exe
  2⤵
  PID:6124
- C:\Windows\System32\dReciGi.exe
  C:\Windows\System32\dReciGi.exe
  2⤵
  PID:3436
- C:\Windows\System32\JujJMWV.exe
  C:\Windows\System32\JujJMWV.exe
  2⤵
  PID:5144
- C:\Windows\System32\tsUXYOP.exe
  C:\Windows\System32\tsUXYOP.exe
  2⤵
  PID:5352
- C:\Windows\System32\iXhvziP.exe
  C:\Windows\System32\iXhvziP.exe
  2⤵
  PID:5228
- C:\Windows\System32\gxIWESQ.exe
  C:\Windows\System32\gxIWESQ.exe
  2⤵
  PID:5408
- C:\Windows\System32\vMfFwXC.exe
  C:\Windows\System32\vMfFwXC.exe
  2⤵
  PID:5576
- C:\Windows\System32\kvZraVn.exe
  C:\Windows\System32\kvZraVn.exe
  2⤵
  PID:5732
- C:\Windows\System32\EdAPzLR.exe
  C:\Windows\System32\EdAPzLR.exe
  2⤵
  PID:4616
- C:\Windows\System32\wtrsGgc.exe
  C:\Windows\System32\wtrsGgc.exe
  2⤵
  PID:5832
- C:\Windows\System32\DkPnDsE.exe
  C:\Windows\System32\DkPnDsE.exe
  2⤵
  PID:1884
- C:\Windows\System32\VtjmhOY.exe
  C:\Windows\System32\VtjmhOY.exe
  2⤵
  PID:3768
- C:\Windows\System32\JSzPDoD.exe
  C:\Windows\System32\JSzPDoD.exe
  2⤵
  PID:6072
- C:\Windows\System32\uBIoerL.exe
  C:\Windows\System32\uBIoerL.exe
  2⤵
  PID:5632
- C:\Windows\System32\yzPjZIx.exe
  C:\Windows\System32\yzPjZIx.exe
  2⤵
  PID:5428
- C:\Windows\System32\eZLRhFr.exe
  C:\Windows\System32\eZLRhFr.exe
  2⤵
  PID:3916
- C:\Windows\System32\mlhPhNd.exe
  C:\Windows\System32\mlhPhNd.exe
  2⤵
  PID:5680
- C:\Windows\System32\OfoDpPR.exe
  C:\Windows\System32\OfoDpPR.exe
  2⤵
  PID:5852
- C:\Windows\System32\kuBTVFW.exe
  C:\Windows\System32\kuBTVFW.exe
  2⤵
  PID:5996
- C:\Windows\System32\oLBpdaK.exe
  C:\Windows\System32\oLBpdaK.exe
  2⤵
  PID:216
- C:\Windows\System32\KOMCBaO.exe
  C:\Windows\System32\KOMCBaO.exe
  2⤵
  PID:5476
- C:\Windows\System32\sIvNLEv.exe
  C:\Windows\System32\sIvNLEv.exe
  2⤵
  PID:1924
- C:\Windows\System32\kShukyv.exe
  C:\Windows\System32\kShukyv.exe
  2⤵
  PID:6148
- C:\Windows\System32\GUIbxWz.exe
  C:\Windows\System32\GUIbxWz.exe
  2⤵
  PID:6188
- C:\Windows\System32\BNrEIPB.exe
  C:\Windows\System32\BNrEIPB.exe
  2⤵
  PID:6208
- C:\Windows\System32\rujpSKU.exe
  C:\Windows\System32\rujpSKU.exe
  2⤵
  PID:6228
- C:\Windows\System32\DxWiwul.exe
  C:\Windows\System32\DxWiwul.exe
  2⤵
  PID:6244
- C:\Windows\System32\UiiULTw.exe
  C:\Windows\System32\UiiULTw.exe
  2⤵
  PID:6264
- C:\Windows\System32\smESdlk.exe
  C:\Windows\System32\smESdlk.exe
  2⤵
  PID:6288
- C:\Windows\System32\FNrjPEr.exe
  C:\Windows\System32\FNrjPEr.exe
  2⤵
  PID:6336
- C:\Windows\System32\IScKKIZ.exe
  C:\Windows\System32\IScKKIZ.exe
  2⤵
  PID:6372
- C:\Windows\System32\mVeydbO.exe
  C:\Windows\System32\mVeydbO.exe
  2⤵
  PID:6400
- C:\Windows\System32\NyPzFxR.exe
  C:\Windows\System32\NyPzFxR.exe
  2⤵
  PID:6428
- C:\Windows\System32\tvetmWU.exe
  C:\Windows\System32\tvetmWU.exe
  2⤵
  PID:6480
- C:\Windows\System32\VcTanRw.exe
  C:\Windows\System32\VcTanRw.exe
  2⤵
  PID:6496
- C:\Windows\System32\xldJqrf.exe
  C:\Windows\System32\xldJqrf.exe
  2⤵
  PID:6524
- C:\Windows\System32\gcYRFJV.exe
  C:\Windows\System32\gcYRFJV.exe
  2⤵
  PID:6544
- C:\Windows\System32\qGktyLu.exe
  C:\Windows\System32\qGktyLu.exe
  2⤵
  PID:6576
- C:\Windows\System32\uqfQnck.exe
  C:\Windows\System32\uqfQnck.exe
  2⤵
  PID:6608
- C:\Windows\System32\RzbVFse.exe
  C:\Windows\System32\RzbVFse.exe
  2⤵
  PID:6632
- C:\Windows\System32\uFlKQbi.exe
  C:\Windows\System32\uFlKQbi.exe
  2⤵
  PID:6672
- C:\Windows\System32\xMSIBCQ.exe
  C:\Windows\System32\xMSIBCQ.exe
  2⤵
  PID:6704
- C:\Windows\System32\gklsMpk.exe
  C:\Windows\System32\gklsMpk.exe
  2⤵
  PID:6720
- C:\Windows\System32\wCORIrU.exe
  C:\Windows\System32\wCORIrU.exe
  2⤵
  PID:6740
- C:\Windows\System32\SLwNaUu.exe
  C:\Windows\System32\SLwNaUu.exe
  2⤵
  PID:6764
- C:\Windows\System32\QqWpiRw.exe
  C:\Windows\System32\QqWpiRw.exe
  2⤵
  PID:6784
- C:\Windows\System32\qwTdlhX.exe
  C:\Windows\System32\qwTdlhX.exe
  2⤵
  PID:6804
- C:\Windows\System32\msbbtIj.exe
  C:\Windows\System32\msbbtIj.exe
  2⤵
  PID:6836
- C:\Windows\System32\oVFQqcv.exe
  C:\Windows\System32\oVFQqcv.exe
  2⤵
  PID:6876
- C:\Windows\System32\zboFShg.exe
  C:\Windows\System32\zboFShg.exe
  2⤵
  PID:6908
- C:\Windows\System32\CgDgtnm.exe
  C:\Windows\System32\CgDgtnm.exe
  2⤵
  PID:6964
- C:\Windows\System32\YjgcaqD.exe
  C:\Windows\System32\YjgcaqD.exe
  2⤵
  PID:6984
- C:\Windows\System32\OgawFUc.exe
  C:\Windows\System32\OgawFUc.exe
  2⤵
  PID:7000
- C:\Windows\System32\PYwFssh.exe
  C:\Windows\System32\PYwFssh.exe
  2⤵
  PID:7032
- C:\Windows\System32\ricrPwa.exe
  C:\Windows\System32\ricrPwa.exe
  2⤵
  PID:7052
- C:\Windows\System32\mrcazPV.exe
  C:\Windows\System32\mrcazPV.exe
  2⤵
  PID:7076
- C:\Windows\System32\DbVJTwZ.exe
  C:\Windows\System32\DbVJTwZ.exe
  2⤵
  PID:7100
- C:\Windows\System32\XykLJCP.exe
  C:\Windows\System32\XykLJCP.exe
  2⤵
  PID:7128
- C:\Windows\System32\LtMPkbo.exe
  C:\Windows\System32\LtMPkbo.exe
  2⤵
  PID:7152
- C:\Windows\System32\ndKTIVa.exe
  C:\Windows\System32\ndKTIVa.exe
  2⤵
  PID:5000
- C:\Windows\System32\PqorSHd.exe
  C:\Windows\System32\PqorSHd.exe
  2⤵
  PID:6236
- C:\Windows\System32\iZqopsV.exe
  C:\Windows\System32\iZqopsV.exe
  2⤵
  PID:6272
- C:\Windows\System32\zjLQhMV.exe
  C:\Windows\System32\zjLQhMV.exe
  2⤵
  PID:6312
- C:\Windows\System32\xsujsKX.exe
  C:\Windows\System32\xsujsKX.exe
  2⤵
  PID:6380
- C:\Windows\System32\OvGHGpo.exe
  C:\Windows\System32\OvGHGpo.exe
  2⤵
  PID:6444
- C:\Windows\System32\PylGuyU.exe
  C:\Windows\System32\PylGuyU.exe
  2⤵
  PID:6552
- C:\Windows\System32\qhnSrlD.exe
  C:\Windows\System32\qhnSrlD.exe
  2⤵
  PID:6628
- C:\Windows\System32\zbCwddo.exe
  C:\Windows\System32\zbCwddo.exe
  2⤵
  PID:6700
- C:\Windows\System32\uUlcbwq.exe
  C:\Windows\System32\uUlcbwq.exe
  2⤵
  PID:6736
- C:\Windows\System32\XbTjicQ.exe
  C:\Windows\System32\XbTjicQ.exe
  2⤵
  PID:6780
- C:\Windows\System32\TmpnJmn.exe
  C:\Windows\System32\TmpnJmn.exe
  2⤵
  PID:6792
- C:\Windows\System32\LkPcymT.exe
  C:\Windows\System32\LkPcymT.exe
  2⤵
  PID:6944
- C:\Windows\System32\OxMWJai.exe
  C:\Windows\System32\OxMWJai.exe
  2⤵
  PID:6996
- C:\Windows\System32\dstoNRv.exe
  C:\Windows\System32\dstoNRv.exe
  2⤵
  PID:7028
- C:\Windows\System32\xKXbnMd.exe
  C:\Windows\System32\xKXbnMd.exe
  2⤵
  PID:7008
- C:\Windows\System32\ejJjIOf.exe
  C:\Windows\System32\ejJjIOf.exe
  2⤵
  PID:7060
- C:\Windows\System32\cuaYmdq.exe
  C:\Windows\System32\cuaYmdq.exe
  2⤵
  PID:6224
- C:\Windows\System32\UFxabuz.exe
  C:\Windows\System32\UFxabuz.exe
  2⤵
  PID:6220
- C:\Windows\System32\LXYLztH.exe
  C:\Windows\System32\LXYLztH.exe
  2⤵
  PID:6396
- C:\Windows\System32\beCeSIW.exe
  C:\Windows\System32\beCeSIW.exe
  2⤵
  PID:6640
- C:\Windows\System32\ppUMMCs.exe
  C:\Windows\System32\ppUMMCs.exe
  2⤵
  PID:6716
- C:\Windows\System32\AqedhHv.exe
  C:\Windows\System32\AqedhHv.exe
  2⤵
  PID:6980
- C:\Windows\System32\WsZZBRc.exe
  C:\Windows\System32\WsZZBRc.exe
  2⤵
  PID:7012
- C:\Windows\System32\vHeJLoq.exe
  C:\Windows\System32\vHeJLoq.exe
  2⤵
  PID:7088
- C:\Windows\System32\vxskiNg.exe
  C:\Windows\System32\vxskiNg.exe
  2⤵
  PID:5972
- C:\Windows\System32\MPvyyVg.exe
  C:\Windows\System32\MPvyyVg.exe
  2⤵
  PID:6796
- C:\Windows\System32\xxDbepx.exe
  C:\Windows\System32\xxDbepx.exe
  2⤵
  PID:7200
- C:\Windows\System32\mAuRKwq.exe
  C:\Windows\System32\mAuRKwq.exe
  2⤵
  PID:7228
- C:\Windows\System32\ySPtjIK.exe
  C:\Windows\System32\ySPtjIK.exe
  2⤵
  PID:7252
- C:\Windows\System32\tLtXWYQ.exe
  C:\Windows\System32\tLtXWYQ.exe
  2⤵
  PID:7276
- C:\Windows\System32\xpcLvHN.exe
  C:\Windows\System32\xpcLvHN.exe
  2⤵
  PID:7304
- C:\Windows\System32\wLuvOIK.exe
  C:\Windows\System32\wLuvOIK.exe
  2⤵
  PID:7328
- C:\Windows\System32\gaTiVdE.exe
  C:\Windows\System32\gaTiVdE.exe
  2⤵
  PID:7344
- C:\Windows\System32\VYEmHZN.exe
  C:\Windows\System32\VYEmHZN.exe
  2⤵
  PID:7376
- C:\Windows\System32\BDcgVBb.exe
  C:\Windows\System32\BDcgVBb.exe
  2⤵
  PID:7400
- C:\Windows\System32\KgQXqPv.exe
  C:\Windows\System32\KgQXqPv.exe
  2⤵
  PID:7424
- C:\Windows\System32\NzjLyKd.exe
  C:\Windows\System32\NzjLyKd.exe
  2⤵
  PID:7444
- C:\Windows\System32\wRZhEQH.exe
  C:\Windows\System32\wRZhEQH.exe
  2⤵
  PID:7472
- C:\Windows\System32\RvsLmAY.exe
  C:\Windows\System32\RvsLmAY.exe
  2⤵
  PID:7524
- C:\Windows\System32\CvnSuOh.exe
  C:\Windows\System32\CvnSuOh.exe
  2⤵
  PID:7556
- C:\Windows\System32\DhFDskS.exe
  C:\Windows\System32\DhFDskS.exe
  2⤵
  PID:7576
- C:\Windows\System32\dJaXlHO.exe
  C:\Windows\System32\dJaXlHO.exe
  2⤵
  PID:7600
- C:\Windows\System32\eQYrFhQ.exe
  C:\Windows\System32\eQYrFhQ.exe
  2⤵
  PID:7624
- C:\Windows\System32\fgbFsJM.exe
  C:\Windows\System32\fgbFsJM.exe
  2⤵
  PID:7656
- C:\Windows\System32\ZNysxah.exe
  C:\Windows\System32\ZNysxah.exe
  2⤵
  PID:7676
- C:\Windows\System32\pOWtlwW.exe
  C:\Windows\System32\pOWtlwW.exe
  2⤵
  PID:7704
- C:\Windows\System32\aHIzuxh.exe
  C:\Windows\System32\aHIzuxh.exe
  2⤵
  PID:7752
- C:\Windows\System32\MIqoNou.exe
  C:\Windows\System32\MIqoNou.exe
  2⤵
  PID:7780
- C:\Windows\System32\qlqoCLO.exe
  C:\Windows\System32\qlqoCLO.exe
  2⤵
  PID:7804
- C:\Windows\System32\ZJrPGnV.exe
  C:\Windows\System32\ZJrPGnV.exe
  2⤵
  PID:7824
- C:\Windows\System32\tPtcLOL.exe
  C:\Windows\System32\tPtcLOL.exe
  2⤵
  PID:7840
- C:\Windows\System32\ISpSEmV.exe
  C:\Windows\System32\ISpSEmV.exe
  2⤵
  PID:7884
- C:\Windows\System32\XFLSbfl.exe
  C:\Windows\System32\XFLSbfl.exe
  2⤵
  PID:7908
- C:\Windows\System32\VXVJsrp.exe
  C:\Windows\System32\VXVJsrp.exe
  2⤵
  PID:7972
- C:\Windows\System32\iSECtXa.exe
  C:\Windows\System32\iSECtXa.exe
  2⤵
  PID:8000
- C:\Windows\System32\keyfnDQ.exe
  C:\Windows\System32\keyfnDQ.exe
  2⤵
  PID:8016
- C:\Windows\System32\FnrLldh.exe
  C:\Windows\System32\FnrLldh.exe
  2⤵
  PID:8048
- C:\Windows\System32\PMibAnp.exe
  C:\Windows\System32\PMibAnp.exe
  2⤵
  PID:8096
- C:\Windows\System32\TJxGCJP.exe
  C:\Windows\System32\TJxGCJP.exe
  2⤵
  PID:8128
- C:\Windows\System32\hzvgMZu.exe
  C:\Windows\System32\hzvgMZu.exe
  2⤵
  PID:8148
- C:\Windows\System32\ejhxgRY.exe
  C:\Windows\System32\ejhxgRY.exe
  2⤵
  PID:8184
- C:\Windows\System32\wzvBJRF.exe
  C:\Windows\System32\wzvBJRF.exe
  2⤵
  PID:7176
- C:\Windows\System32\xSCmKPU.exe
  C:\Windows\System32\xSCmKPU.exe
  2⤵
  PID:7220
- C:\Windows\System32\nfAkcwj.exe
  C:\Windows\System32\nfAkcwj.exe
  2⤵
  PID:7264
- C:\Windows\System32\MjvwgNG.exe
  C:\Windows\System32\MjvwgNG.exe
  2⤵
  PID:7324
- C:\Windows\System32\MeUaUnr.exe
  C:\Windows\System32\MeUaUnr.exe
  2⤵
  PID:7392
- C:\Windows\System32\uWUCLbw.exe
  C:\Windows\System32\uWUCLbw.exe
  2⤵
  PID:7512
- C:\Windows\System32\GwwjLQh.exe
  C:\Windows\System32\GwwjLQh.exe
  2⤵
  PID:7592
- C:\Windows\System32\iNpgIPL.exe
  C:\Windows\System32\iNpgIPL.exe
  2⤵
  PID:7568
- C:\Windows\System32\nqbIRyj.exe
  C:\Windows\System32\nqbIRyj.exe
  2⤵
  PID:7668
- C:\Windows\System32\iAlXWdW.exe
  C:\Windows\System32\iAlXWdW.exe
  2⤵
  PID:7776
- C:\Windows\System32\VIpjUnr.exe
  C:\Windows\System32\VIpjUnr.exe
  2⤵
  PID:7836
- C:\Windows\System32\nInFRgF.exe
  C:\Windows\System32\nInFRgF.exe
  2⤵
  PID:7892
- C:\Windows\System32\qavyFYb.exe
  C:\Windows\System32\qavyFYb.exe
  2⤵
  PID:7956
- C:\Windows\System32\GQUvXVe.exe
  C:\Windows\System32\GQUvXVe.exe
  2⤵
  PID:8036
- C:\Windows\System32\gAMpFfC.exe
  C:\Windows\System32\gAMpFfC.exe
  2⤵
  PID:8076
- C:\Windows\System32\zfVjIUW.exe
  C:\Windows\System32\zfVjIUW.exe
  2⤵
  PID:8120
- C:\Windows\System32\FRiJMzf.exe
  C:\Windows\System32\FRiJMzf.exe
  2⤵
  PID:8180
- C:\Windows\System32\VsNUKKi.exe
  C:\Windows\System32\VsNUKKi.exe
  2⤵
  PID:7292
- C:\Windows\System32\ONPnGBM.exe
  C:\Windows\System32\ONPnGBM.exe
  2⤵
  PID:7480
- C:\Windows\System32\UiTVcbe.exe
  C:\Windows\System32\UiTVcbe.exe
  2⤵
  PID:7612
- C:\Windows\System32\mPpfutV.exe
  C:\Windows\System32\mPpfutV.exe
  2⤵
  PID:7636
- C:\Windows\System32\gMaxnqE.exe
  C:\Windows\System32\gMaxnqE.exe
  2⤵
  PID:7796
- C:\Windows\System32\GGkkfVJ.exe
  C:\Windows\System32\GGkkfVJ.exe
  2⤵
  PID:8032
- C:\Windows\System32\QhZTOym.exe
  C:\Windows\System32\QhZTOym.exe
  2⤵
  PID:7172
- C:\Windows\System32\DnDXAok.exe
  C:\Windows\System32\DnDXAok.exe
  2⤵
  PID:8140
- C:\Windows\System32\OGTzByH.exe
  C:\Windows\System32\OGTzByH.exe
  2⤵
  PID:7664
- C:\Windows\System32\JgIjupl.exe
  C:\Windows\System32\JgIjupl.exe
  2⤵
  PID:7820
- C:\Windows\System32\dwGPdPw.exe
  C:\Windows\System32\dwGPdPw.exe
  2⤵
  PID:7240
- C:\Windows\System32\wEvlnuQ.exe
  C:\Windows\System32\wEvlnuQ.exe
  2⤵
  PID:8228
- C:\Windows\System32\ZROzSsR.exe
  C:\Windows\System32\ZROzSsR.exe
  2⤵
  PID:8252
- C:\Windows\System32\LXXvazm.exe
  C:\Windows\System32\LXXvazm.exe
  2⤵
  PID:8276
- C:\Windows\System32\LEnpuVW.exe
  C:\Windows\System32\LEnpuVW.exe
  2⤵
  PID:8316
- C:\Windows\System32\oDiJusQ.exe
  C:\Windows\System32\oDiJusQ.exe
  2⤵
  PID:8344
- C:\Windows\System32\YEtILFt.exe
  C:\Windows\System32\YEtILFt.exe
  2⤵
  PID:8368
- C:\Windows\System32\XUjFbEi.exe
  C:\Windows\System32\XUjFbEi.exe
  2⤵
  PID:8388
- C:\Windows\System32\KFcFNtl.exe
  C:\Windows\System32\KFcFNtl.exe
  2⤵
  PID:8468
- C:\Windows\System32\hMSTIUA.exe
  C:\Windows\System32\hMSTIUA.exe
  2⤵
  PID:8492
- C:\Windows\System32\mxutJIk.exe
  C:\Windows\System32\mxutJIk.exe
  2⤵
  PID:8520
- C:\Windows\System32\spNFrVl.exe
  C:\Windows\System32\spNFrVl.exe
  2⤵
  PID:8540
- C:\Windows\System32\ldUuNGH.exe
  C:\Windows\System32\ldUuNGH.exe
  2⤵
  PID:8556
- C:\Windows\System32\tHKllwW.exe
  C:\Windows\System32\tHKllwW.exe
  2⤵
  PID:8592
- C:\Windows\System32\TREswIR.exe
  C:\Windows\System32\TREswIR.exe
  2⤵
  PID:8624
- C:\Windows\System32\ybWskrO.exe
  C:\Windows\System32\ybWskrO.exe
  2⤵
  PID:8648
- C:\Windows\System32\fMBAbIr.exe
  C:\Windows\System32\fMBAbIr.exe
  2⤵
  PID:8672
- C:\Windows\System32\TgAAptg.exe
  C:\Windows\System32\TgAAptg.exe
  2⤵
  PID:8700
- C:\Windows\System32\xbhMvpL.exe
  C:\Windows\System32\xbhMvpL.exe
  2⤵
  PID:8732
- C:\Windows\System32\zAtOXga.exe
  C:\Windows\System32\zAtOXga.exe
  2⤵
  PID:8756
- C:\Windows\System32\XhfcDYq.exe
  C:\Windows\System32\XhfcDYq.exe
  2⤵
  PID:8796
- C:\Windows\System32\bDoqIOQ.exe
  C:\Windows\System32\bDoqIOQ.exe
  2⤵
  PID:8816
- C:\Windows\System32\TqyaXNv.exe
  C:\Windows\System32\TqyaXNv.exe
  2⤵
  PID:8844
- C:\Windows\System32\NrfdPoy.exe
  C:\Windows\System32\NrfdPoy.exe
  2⤵
  PID:8860
- C:\Windows\System32\nlLUukS.exe
  C:\Windows\System32\nlLUukS.exe
  2⤵
  PID:8908
- C:\Windows\System32\AdcjkNJ.exe
  C:\Windows\System32\AdcjkNJ.exe
  2⤵
  PID:8940
- C:\Windows\System32\AXYhBiJ.exe
  C:\Windows\System32\AXYhBiJ.exe
  2⤵
  PID:8964
- C:\Windows\System32\TAfuvaV.exe
  C:\Windows\System32\TAfuvaV.exe
  2⤵
  PID:9020
- C:\Windows\System32\JKSupty.exe
  C:\Windows\System32\JKSupty.exe
  2⤵
  PID:9060
- C:\Windows\System32\hmReJjf.exe
  C:\Windows\System32\hmReJjf.exe
  2⤵
  PID:9112
- C:\Windows\System32\tfEwFNU.exe
  C:\Windows\System32\tfEwFNU.exe
  2⤵
  PID:9140
- C:\Windows\System32\IiUoxoN.exe
  C:\Windows\System32\IiUoxoN.exe
  2⤵
  PID:9160
- C:\Windows\System32\uVuFAyv.exe
  C:\Windows\System32\uVuFAyv.exe
  2⤵
  PID:8220
- C:\Windows\System32\DxZHCKk.exe
  C:\Windows\System32\DxZHCKk.exe
  2⤵
  PID:8288
- C:\Windows\System32\PRqTGFK.exe
  C:\Windows\System32\PRqTGFK.exe
  2⤵
  PID:8336
- C:\Windows\System32\xhRSctc.exe
  C:\Windows\System32\xhRSctc.exe
  2⤵
  PID:8436
- C:\Windows\System32\dbxoWZl.exe
  C:\Windows\System32\dbxoWZl.exe
  2⤵
  PID:8532
- C:\Windows\System32\CfVqRpI.exe
  C:\Windows\System32\CfVqRpI.exe
  2⤵
  PID:7864
- C:\Windows\System32\xDqlXfZ.exe
  C:\Windows\System32\xDqlXfZ.exe
  2⤵
  PID:8616
- C:\Windows\System32\OVzKuSq.exe
  C:\Windows\System32\OVzKuSq.exe
  2⤵
  PID:8636
- C:\Windows\System32\SAchycn.exe
  C:\Windows\System32\SAchycn.exe
  2⤵
  PID:8708
- C:\Windows\System32\uMeeceA.exe
  C:\Windows\System32\uMeeceA.exe
  2⤵
  PID:8744
- C:\Windows\System32\pzummSq.exe
  C:\Windows\System32\pzummSq.exe
  2⤵
  PID:8836
- C:\Windows\System32\VrkiBkg.exe
  C:\Windows\System32\VrkiBkg.exe
  2⤵
  PID:8876
- C:\Windows\System32\lPggQJs.exe
  C:\Windows\System32\lPggQJs.exe
  2⤵
  PID:9004
- C:\Windows\System32\hdbqUhO.exe
  C:\Windows\System32\hdbqUhO.exe
  2⤵
  PID:8956
- C:\Windows\System32\WquIFGu.exe
  C:\Windows\System32\WquIFGu.exe
  2⤵
  PID:9032
- C:\Windows\System32\HWMtVYd.exe
  C:\Windows\System32\HWMtVYd.exe
  2⤵
  PID:9096
- C:\Windows\System32\inJqEFJ.exe
  C:\Windows\System32\inJqEFJ.exe
  2⤵
  PID:9092
- C:\Windows\System32\grwcmEF.exe
  C:\Windows\System32\grwcmEF.exe
  2⤵
  PID:9168
- C:\Windows\System32\dEzGySU.exe
  C:\Windows\System32\dEzGySU.exe
  2⤵
  PID:7832
- C:\Windows\System32\nPLWILf.exe
  C:\Windows\System32\nPLWILf.exe
  2⤵
  PID:8236
- C:\Windows\System32\nSTPBlR.exe
  C:\Windows\System32\nSTPBlR.exe
  2⤵
  PID:8324
- C:\Windows\System32\iqpKnKo.exe
  C:\Windows\System32\iqpKnKo.exe
  2⤵
  PID:8484
- C:\Windows\System32\qUGRdxQ.exe
  C:\Windows\System32\qUGRdxQ.exe
  2⤵
  PID:8692
- C:\Windows\System32\jceJRDU.exe
  C:\Windows\System32\jceJRDU.exe
  2⤵
  PID:4332
- C:\Windows\System32\uciTSef.exe
  C:\Windows\System32\uciTSef.exe
  2⤵
  PID:8972
- C:\Windows\System32\AJDefqF.exe
  C:\Windows\System32\AJDefqF.exe
  2⤵
  PID:9008
- C:\Windows\System32\JrRNxxv.exe
  C:\Windows\System32\JrRNxxv.exe
  2⤵
  PID:9100
- C:\Windows\System32\yoJpfrE.exe
  C:\Windows\System32\yoJpfrE.exe
  2⤵
  PID:8452
- C:\Windows\System32\SnOUhye.exe
  C:\Windows\System32\SnOUhye.exe
  2⤵
  PID:1992
- C:\Windows\System32\IguFrLv.exe
  C:\Windows\System32\IguFrLv.exe
  2⤵
  PID:8892
- C:\Windows\System32\XOzioYr.exe
  C:\Windows\System32\XOzioYr.exe
  2⤵
  PID:8460
- C:\Windows\System32\WfirIZr.exe
  C:\Windows\System32\WfirIZr.exe
  2⤵
  PID:7260
- C:\Windows\System32\MibthpP.exe
  C:\Windows\System32\MibthpP.exe
  2⤵
  PID:9240
- C:\Windows\System32\HhUmWii.exe
  C:\Windows\System32\HhUmWii.exe
  2⤵
  PID:9268
- C:\Windows\System32\ZytxXhr.exe
  C:\Windows\System32\ZytxXhr.exe
  2⤵
  PID:9288
- C:\Windows\System32\OZSNdra.exe
  C:\Windows\System32\OZSNdra.exe
  2⤵
  PID:9316
- C:\Windows\System32\jcUPAxc.exe
  C:\Windows\System32\jcUPAxc.exe
  2⤵
  PID:9340
- C:\Windows\System32\uSRSmwl.exe
  C:\Windows\System32\uSRSmwl.exe
  2⤵
  PID:9360
- C:\Windows\System32\NnRNSkO.exe
  C:\Windows\System32\NnRNSkO.exe
  2⤵
  PID:9392
- C:\Windows\System32\irQsqMo.exe
  C:\Windows\System32\irQsqMo.exe
  2⤵
  PID:9432
- C:\Windows\System32\xflRlrT.exe
  C:\Windows\System32\xflRlrT.exe
  2⤵
  PID:9468
- C:\Windows\System32\hspLnWv.exe
  C:\Windows\System32\hspLnWv.exe
  2⤵
  PID:9496
- C:\Windows\System32\aUIAvuD.exe
  C:\Windows\System32\aUIAvuD.exe
  2⤵
  PID:9516
- C:\Windows\System32\wCYzHPY.exe
  C:\Windows\System32\wCYzHPY.exe
  2⤵
  PID:9544
- C:\Windows\System32\UQpyZxk.exe
  C:\Windows\System32\UQpyZxk.exe
  2⤵
  PID:9568
- C:\Windows\System32\fLCKCAd.exe
  C:\Windows\System32\fLCKCAd.exe
  2⤵
  PID:9604
- C:\Windows\System32\HymijSn.exe
  C:\Windows\System32\HymijSn.exe
  2⤵
  PID:9640
- C:\Windows\System32\BvuhwAB.exe
  C:\Windows\System32\BvuhwAB.exe
  2⤵
  PID:9668
- C:\Windows\System32\FLnpNmx.exe
  C:\Windows\System32\FLnpNmx.exe
  2⤵
  PID:9688
- C:\Windows\System32\BxXyzmp.exe
  C:\Windows\System32\BxXyzmp.exe
  2⤵
  PID:9704
- C:\Windows\System32\wLGgokQ.exe
  C:\Windows\System32\wLGgokQ.exe
  2⤵
  PID:9728
- C:\Windows\System32\xXqPaXU.exe
  C:\Windows\System32\xXqPaXU.exe
  2⤵
  PID:9748
- C:\Windows\System32\SqhmPsi.exe
  C:\Windows\System32\SqhmPsi.exe
  2⤵
  PID:9788
- C:\Windows\System32\zLVaPiv.exe
  C:\Windows\System32\zLVaPiv.exe
  2⤵
  PID:9824
- C:\Windows\System32\JkquwGh.exe
  C:\Windows\System32\JkquwGh.exe
  2⤵
  PID:9844
- C:\Windows\System32\APxgIMS.exe
  C:\Windows\System32\APxgIMS.exe
  2⤵
  PID:9880
- C:\Windows\System32\axlfaub.exe
  C:\Windows\System32\axlfaub.exe
  2⤵
  PID:9904
- C:\Windows\System32\Queprnv.exe
  C:\Windows\System32\Queprnv.exe
  2⤵
  PID:9928
- C:\Windows\System32\LgTxuhO.exe
  C:\Windows\System32\LgTxuhO.exe
  2⤵
  PID:9984
- C:\Windows\System32\IkzKJWh.exe
  C:\Windows\System32\IkzKJWh.exe
  2⤵
  PID:10012
- C:\Windows\System32\fQJgdiG.exe
  C:\Windows\System32\fQJgdiG.exe
  2⤵
  PID:10040
- C:\Windows\System32\vxjGOgO.exe
  C:\Windows\System32\vxjGOgO.exe
  2⤵
  PID:10064
- C:\Windows\System32\BHWnskW.exe
  C:\Windows\System32\BHWnskW.exe
  2⤵
  PID:10080
- C:\Windows\System32\cLLUJXc.exe
  C:\Windows\System32\cLLUJXc.exe
  2⤵
  PID:10100
- C:\Windows\System32\QLQTHhl.exe
  C:\Windows\System32\QLQTHhl.exe
  2⤵
  PID:10120
- C:\Windows\System32\CzYlNvC.exe
  C:\Windows\System32\CzYlNvC.exe
  2⤵
  PID:10144
- C:\Windows\System32\HzcZEYQ.exe
  C:\Windows\System32\HzcZEYQ.exe
  2⤵
  PID:10192
- C:\Windows\System32\XDRwnej.exe
  C:\Windows\System32\XDRwnej.exe
  2⤵
  PID:10216
- C:\Windows\System32\nBjRTZk.exe
  C:\Windows\System32\nBjRTZk.exe
  2⤵
  PID:8428
- C:\Windows\System32\zmqcVFv.exe
  C:\Windows\System32\zmqcVFv.exe
  2⤵
  PID:9296
- C:\Windows\System32\LrOosNm.exe
  C:\Windows\System32\LrOosNm.exe
  2⤵
  PID:9388
- C:\Windows\System32\dEDrJzE.exe
  C:\Windows\System32\dEDrJzE.exe
  2⤵
  PID:9456
- C:\Windows\System32\DvPTfIV.exe
  C:\Windows\System32\DvPTfIV.exe
  2⤵
  PID:9508
- C:\Windows\System32\LktZuYI.exe
  C:\Windows\System32\LktZuYI.exe
  2⤵
  PID:9504
- C:\Windows\System32\bIcQHkS.exe
  C:\Windows\System32\bIcQHkS.exe
  2⤵
  PID:9584
- C:\Windows\System32\tWqCHZP.exe
  C:\Windows\System32\tWqCHZP.exe
  2⤵
  PID:9636
- C:\Windows\System32\sXvNVKl.exe
  C:\Windows\System32\sXvNVKl.exe
  2⤵
  PID:9700
- C:\Windows\System32\Ejiozku.exe
  C:\Windows\System32\Ejiozku.exe
  2⤵
  PID:9760
- C:\Windows\System32\hbSOLYq.exe
  C:\Windows\System32\hbSOLYq.exe
  2⤵
  PID:9796
- C:\Windows\System32\pGMxkYe.exe
  C:\Windows\System32\pGMxkYe.exe
  2⤵
  PID:9912
- C:\Windows\System32\vJEcKXZ.exe
  C:\Windows\System32\vJEcKXZ.exe
  2⤵
  PID:9956
- C:\Windows\System32\KIlLhPB.exe
  C:\Windows\System32\KIlLhPB.exe
  2⤵
  PID:10024
- C:\Windows\System32\QZTigfx.exe
  C:\Windows\System32\QZTigfx.exe
  2⤵
  PID:10092
- C:\Windows\System32\zmBLqvT.exe
  C:\Windows\System32\zmBLqvT.exe
  2⤵
  PID:10180
- C:\Windows\System32\PGpoYmu.exe
  C:\Windows\System32\PGpoYmu.exe
  2⤵
  PID:10232
- C:\Windows\System32\oCsLSep.exe
  C:\Windows\System32\oCsLSep.exe
  2⤵
  PID:9276
- C:\Windows\System32\xESfIBK.exe
  C:\Windows\System32\xESfIBK.exe
  2⤵
  PID:9372
- C:\Windows\System32\WFGCOPf.exe
  C:\Windows\System32\WFGCOPf.exe
  2⤵
  PID:9444
- C:\Windows\System32\uZEdvjU.exe
  C:\Windows\System32\uZEdvjU.exe
  2⤵
  PID:9676
- C:\Windows\System32\RFdXZbt.exe
  C:\Windows\System32\RFdXZbt.exe
  2⤵
  PID:9820
- C:\Windows\System32\RncsIcx.exe
  C:\Windows\System32\RncsIcx.exe
  2⤵
  PID:9920
- C:\Windows\System32\UvgHIWR.exe
  C:\Windows\System32\UvgHIWR.exe
  2⤵
  PID:10172
- C:\Windows\System32\gCcztsN.exe
  C:\Windows\System32\gCcztsN.exe
  2⤵
  PID:10236
- C:\Windows\System32\OsUjWue.exe
  C:\Windows\System32\OsUjWue.exe
  2⤵
  PID:4656
- C:\Windows\System32\uGfoLwH.exe
  C:\Windows\System32\uGfoLwH.exe
  2⤵
  PID:10076
- C:\Windows\System32\cCNtGcn.exe
  C:\Windows\System32\cCNtGcn.exe
  2⤵
  PID:10288
- C:\Windows\System32\VvSwsAM.exe
  C:\Windows\System32\VvSwsAM.exe
  2⤵
  PID:10316
- C:\Windows\System32\KMZlmNv.exe
  C:\Windows\System32\KMZlmNv.exe
  2⤵
  PID:10344
- C:\Windows\System32\VcalldM.exe
  C:\Windows\System32\VcalldM.exe
  2⤵
  PID:10372
- C:\Windows\System32\PCIPNZj.exe
  C:\Windows\System32\PCIPNZj.exe
  2⤵
  PID:10400
- C:\Windows\System32\vAKynZZ.exe
  C:\Windows\System32\vAKynZZ.exe
  2⤵
  PID:10424
- C:\Windows\System32\RZDxSpO.exe
  C:\Windows\System32\RZDxSpO.exe
  2⤵
  PID:10444
- C:\Windows\System32\bIwiJdk.exe
  C:\Windows\System32\bIwiJdk.exe
  2⤵
  PID:10464
- C:\Windows\System32\tniyqnO.exe
  C:\Windows\System32\tniyqnO.exe
  2⤵
  PID:10488
- C:\Windows\System32\PgcdQBx.exe
  C:\Windows\System32\PgcdQBx.exe
  2⤵
  PID:10516
- C:\Windows\System32\ITQdEQc.exe
  C:\Windows\System32\ITQdEQc.exe
  2⤵
  PID:10536
- C:\Windows\System32\zsSFvwB.exe
  C:\Windows\System32\zsSFvwB.exe
  2⤵
  PID:10572
- C:\Windows\System32\dOKwDOg.exe
  C:\Windows\System32\dOKwDOg.exe
  2⤵
  PID:10624
- C:\Windows\System32\nMTpjjX.exe
  C:\Windows\System32\nMTpjjX.exe
  2⤵
  PID:10652
- C:\Windows\System32\DPMKzih.exe
  C:\Windows\System32\DPMKzih.exe
  2⤵
  PID:10672
- C:\Windows\System32\EHHDxVK.exe
  C:\Windows\System32\EHHDxVK.exe
  2⤵
  PID:10696
- C:\Windows\System32\dFiUlgn.exe
  C:\Windows\System32\dFiUlgn.exe
  2⤵
  PID:10740
- C:\Windows\System32\FVobTVM.exe
  C:\Windows\System32\FVobTVM.exe
  2⤵
  PID:10764
- C:\Windows\System32\DbnHrHh.exe
  C:\Windows\System32\DbnHrHh.exe
  2⤵
  PID:10780
- C:\Windows\System32\aVRBGOA.exe
  C:\Windows\System32\aVRBGOA.exe
  2⤵
  PID:10804
- C:\Windows\System32\gFOQcYk.exe
  C:\Windows\System32\gFOQcYk.exe
  2⤵
  PID:10832
- C:\Windows\System32\ApAncEJ.exe
  C:\Windows\System32\ApAncEJ.exe
  2⤵
  PID:10852
- C:\Windows\System32\taFUdSe.exe
  C:\Windows\System32\taFUdSe.exe
  2⤵
  PID:10904
- C:\Windows\System32\xWZVxxD.exe
  C:\Windows\System32\xWZVxxD.exe
  2⤵
  PID:10940
- C:\Windows\System32\okTSdeM.exe
  C:\Windows\System32\okTSdeM.exe
  2⤵
  PID:10980
- C:\Windows\System32\PMjPVNJ.exe
  C:\Windows\System32\PMjPVNJ.exe
  2⤵
  PID:11000
- C:\Windows\System32\zNgFYLz.exe
  C:\Windows\System32\zNgFYLz.exe
  2⤵
  PID:11016
- C:\Windows\System32\BzuWwzt.exe
  C:\Windows\System32\BzuWwzt.exe
  2⤵
  PID:11040
- C:\Windows\System32\DUZRPUN.exe
  C:\Windows\System32\DUZRPUN.exe
  2⤵
  PID:11064
- C:\Windows\System32\hAdxSaI.exe
  C:\Windows\System32\hAdxSaI.exe
  2⤵
  PID:11096
- C:\Windows\System32\imUCOyW.exe
  C:\Windows\System32\imUCOyW.exe
  2⤵
  PID:11120
- C:\Windows\System32\nnCZzoo.exe
  C:\Windows\System32\nnCZzoo.exe
  2⤵
  PID:11144
- C:\Windows\System32\rpetTWV.exe
  C:\Windows\System32\rpetTWV.exe
  2⤵
  PID:11160
- C:\Windows\System32\gfleKtg.exe
  C:\Windows\System32\gfleKtg.exe
  2⤵
  PID:11204
- C:\Windows\System32\EfkBuDu.exe
  C:\Windows\System32\EfkBuDu.exe
  2⤵
  PID:11220
- C:\Windows\System32\myymfqE.exe
  C:\Windows\System32\myymfqE.exe
  2⤵
  PID:11244
- C:\Windows\System32\jcpaqUe.exe
  C:\Windows\System32\jcpaqUe.exe
  2⤵
  PID:10256
- C:\Windows\System32\BURsNoG.exe
  C:\Windows\System32\BURsNoG.exe
  2⤵
  PID:10056
- C:\Windows\System32\sEtjsff.exe
  C:\Windows\System32\sEtjsff.exe
  2⤵
  PID:10300
- C:\Windows\System32\WebkFgY.exe
  C:\Windows\System32\WebkFgY.exe
  2⤵
  PID:10360
- C:\Windows\System32\jIruOjt.exe
  C:\Windows\System32\jIruOjt.exe
  2⤵
  PID:10440
- C:\Windows\System32\pypZAeQ.exe
  C:\Windows\System32\pypZAeQ.exe
  2⤵
  PID:10528
- C:\Windows\System32\IUlyxpy.exe
  C:\Windows\System32\IUlyxpy.exe
  2⤵
  PID:10660
- C:\Windows\System32\BLzQipm.exe
  C:\Windows\System32\BLzQipm.exe
  2⤵
  PID:10724
- C:\Windows\System32\bbXOhHf.exe
  C:\Windows\System32\bbXOhHf.exe
  2⤵
  PID:10840
- C:\Windows\System32\LAgVgmz.exe
  C:\Windows\System32\LAgVgmz.exe
  2⤵
  PID:10848
- C:\Windows\System32\pEoHJMP.exe
  C:\Windows\System32\pEoHJMP.exe
  2⤵
  PID:10876
- C:\Windows\System32\dnoLVby.exe
  C:\Windows\System32\dnoLVby.exe
  2⤵
  PID:10992
- C:\Windows\System32\quJKYwJ.exe
  C:\Windows\System32\quJKYwJ.exe
  2⤵
  PID:11056
- C:\Windows\System32\yXyBUui.exe
  C:\Windows\System32\yXyBUui.exe
  2⤵
  PID:11156
- C:\Windows\System32\QDztxyA.exe
  C:\Windows\System32\QDztxyA.exe
  2⤵
  PID:11252
- C:\Windows\System32\mLAlHHw.exe
  C:\Windows\System32\mLAlHHw.exe
  2⤵
  PID:11228
- C:\Windows\System32\hfSUoMx.exe
  C:\Windows\System32\hfSUoMx.exe
  2⤵
  PID:10460
- C:\Windows\System32\nXYboFW.exe
  C:\Windows\System32\nXYboFW.exe
  2⤵
  PID:10304
- C:\Windows\System32\INwIkrj.exe
  C:\Windows\System32\INwIkrj.exe
  2⤵
  PID:10640
- C:\Windows\System32\deAwHqx.exe
  C:\Windows\System32\deAwHqx.exe
  2⤵
  PID:10800
- C:\Windows\System32\Rbvclgo.exe
  C:\Windows\System32\Rbvclgo.exe
  2⤵
  PID:11080
- C:\Windows\System32\XyJnsUq.exe
  C:\Windows\System32\XyJnsUq.exe
  2⤵
  PID:10752
- C:\Windows\System32\SGIjJbz.exe
  C:\Windows\System32\SGIjJbz.exe
  2⤵
  PID:11280
- C:\Windows\System32\xUwkVSK.exe
  C:\Windows\System32\xUwkVSK.exe
  2⤵
  PID:11296
- C:\Windows\System32\XIqlTDS.exe
  C:\Windows\System32\XIqlTDS.exe
  2⤵
  PID:11312
- C:\Windows\System32\NaWVkWm.exe
  C:\Windows\System32\NaWVkWm.exe
  2⤵
  PID:11328
- C:\Windows\System32\HTwKUPW.exe
  C:\Windows\System32\HTwKUPW.exe
  2⤵
  PID:11344
- C:\Windows\System32\jtRLWUU.exe
  C:\Windows\System32\jtRLWUU.exe
  2⤵
  PID:11360
- C:\Windows\System32\FfZCXmS.exe
  C:\Windows\System32\FfZCXmS.exe
  2⤵
  PID:11376
- C:\Windows\System32\MjsKrsZ.exe
  C:\Windows\System32\MjsKrsZ.exe
  2⤵
  PID:11408
- C:\Windows\System32\JgvqUXf.exe
  C:\Windows\System32\JgvqUXf.exe
  2⤵
  PID:11424
- C:\Windows\System32\wHmnqxY.exe
  C:\Windows\System32\wHmnqxY.exe
  2⤵
  PID:11452
- C:\Windows\System32\OXAdQsx.exe
  C:\Windows\System32\OXAdQsx.exe
  2⤵
  PID:11548
- C:\Windows\System32\XFcscPB.exe
  C:\Windows\System32\XFcscPB.exe
  2⤵
  PID:11608
- C:\Windows\System32\NXXDVsA.exe
  C:\Windows\System32\NXXDVsA.exe
  2⤵
  PID:11648
- C:\Windows\System32\vIdEDSy.exe
  C:\Windows\System32\vIdEDSy.exe
  2⤵
  PID:11664
- C:\Windows\System32\bgxCAdS.exe
  C:\Windows\System32\bgxCAdS.exe
  2⤵
  PID:11688
- C:\Windows\System32\ZwlEnRQ.exe
  C:\Windows\System32\ZwlEnRQ.exe
  2⤵
  PID:11716
- C:\Windows\System32\nywgmEL.exe
  C:\Windows\System32\nywgmEL.exe
  2⤵
  PID:11752
- C:\Windows\System32\iRhIwJZ.exe
  C:\Windows\System32\iRhIwJZ.exe
  2⤵
  PID:11776
- C:\Windows\System32\gFPWfzc.exe
  C:\Windows\System32\gFPWfzc.exe
  2⤵
  PID:11792
- C:\Windows\System32\JpNCHVh.exe
  C:\Windows\System32\JpNCHVh.exe
  2⤵
  PID:11820
- C:\Windows\System32\laxeXpy.exe
  C:\Windows\System32\laxeXpy.exe
  2⤵
  PID:11836
- C:\Windows\System32\bnbNmgV.exe
  C:\Windows\System32\bnbNmgV.exe
  2⤵
  PID:11856
- C:\Windows\System32\oIbBkro.exe
  C:\Windows\System32\oIbBkro.exe
  2⤵
  PID:11876
- C:\Windows\System32\KqcYFYs.exe
  C:\Windows\System32\KqcYFYs.exe
  2⤵
  PID:11896
- C:\Windows\System32\Zereobz.exe
  C:\Windows\System32\Zereobz.exe
  2⤵
  PID:11932
- C:\Windows\System32\gnoJKci.exe
  C:\Windows\System32\gnoJKci.exe
  2⤵
  PID:11952
- C:\Windows\System32\FOMFyGs.exe
  C:\Windows\System32\FOMFyGs.exe
  2⤵
  PID:11976
- C:\Windows\System32\dxPtoYm.exe
  C:\Windows\System32\dxPtoYm.exe
  2⤵
  PID:11996
- C:\Windows\System32\khrlfkP.exe
  C:\Windows\System32\khrlfkP.exe
  2⤵
  PID:12044
- C:\Windows\System32\SeTIBlT.exe
  C:\Windows\System32\SeTIBlT.exe
  2⤵
  PID:12088
- C:\Windows\System32\LGxZYoM.exe
  C:\Windows\System32\LGxZYoM.exe
  2⤵
  PID:12132
- C:\Windows\System32\BWPTAtn.exe
  C:\Windows\System32\BWPTAtn.exe
  2⤵
  PID:12164
- C:\Windows\System32\OYsLvSz.exe
  C:\Windows\System32\OYsLvSz.exe
  2⤵
  PID:12180
- C:\Windows\System32\WazeUBw.exe
  C:\Windows\System32\WazeUBw.exe
  2⤵
  PID:12212
- C:\Windows\System32\PjqFBLS.exe
  C:\Windows\System32\PjqFBLS.exe
  2⤵
  PID:12236
- C:\Windows\System32\KcGbRdZ.exe
  C:\Windows\System32\KcGbRdZ.exe
  2⤵
  PID:12276
- C:\Windows\System32\jHQrrZW.exe
  C:\Windows\System32\jHQrrZW.exe
  2⤵
  PID:11052
- C:\Windows\System32\OVacZpD.exe
  C:\Windows\System32\OVacZpD.exe
  2⤵
  PID:11276
- C:\Windows\System32\yUmMagR.exe
  C:\Windows\System32\yUmMagR.exe
  2⤵
  PID:11008
- C:\Windows\System32\VnQIFSo.exe
  C:\Windows\System32\VnQIFSo.exe
  2⤵
  PID:10472
- C:\Windows\System32\rvwQFbx.exe
  C:\Windows\System32\rvwQFbx.exe
  2⤵
  PID:10860
- C:\Windows\System32\ZlRyETQ.exe
  C:\Windows\System32\ZlRyETQ.exe
  2⤵
  PID:11372
- C:\Windows\System32\ssyYZfa.exe
  C:\Windows\System32\ssyYZfa.exe
  2⤵
  PID:11368
- C:\Windows\System32\CEjkUyL.exe
  C:\Windows\System32\CEjkUyL.exe
  2⤵
  PID:11436
- C:\Windows\System32\kpvJHmr.exe
  C:\Windows\System32\kpvJHmr.exe
  2⤵
  PID:11524
- C:\Windows\System32\XwInlwD.exe
  C:\Windows\System32\XwInlwD.exe
  2⤵
  PID:11632
- C:\Windows\System32\ZuAHFnM.exe
  C:\Windows\System32\ZuAHFnM.exe
  2⤵
  PID:11740
- C:\Windows\System32\AAOvRgH.exe
  C:\Windows\System32\AAOvRgH.exe
  2⤵
  PID:11784
- C:\Windows\System32\lKVECZj.exe
  C:\Windows\System32\lKVECZj.exe
  2⤵
  PID:11852
- C:\Windows\System32\zuCeCen.exe
  C:\Windows\System32\zuCeCen.exe
  2⤵
  PID:11904
- C:\Windows\System32\fArOHyv.exe
  C:\Windows\System32\fArOHyv.exe
  2⤵
  PID:11888
- C:\Windows\System32\puoDUVR.exe
  C:\Windows\System32\puoDUVR.exe
  2⤵
  PID:12028
- C:\Windows\System32\PlIJvpA.exe
  C:\Windows\System32\PlIJvpA.exe
  2⤵
  PID:12084
- C:\Windows\System32\rWxtmsE.exe
  C:\Windows\System32\rWxtmsE.exe
  2⤵
  PID:12152
- C:\Windows\System32\mvaidef.exe
  C:\Windows\System32\mvaidef.exe
  2⤵
  PID:12224
- C:\Windows\System32\BLfzVLw.exe
  C:\Windows\System32\BLfzVLw.exe
  2⤵
  PID:12264
- C:\Windows\System32\hyupInC.exe
  C:\Windows\System32\hyupInC.exe
  2⤵
  PID:10792
- C:\Windows\System32\IaRJTdG.exe
  C:\Windows\System32\IaRJTdG.exe
  2⤵
  PID:11320
- C:\Windows\System32\toKdyOP.exe
  C:\Windows\System32\toKdyOP.exe
  2⤵
  PID:11388
- C:\Windows\System32\eGspOYN.exe
  C:\Windows\System32\eGspOYN.exe
  2⤵
  PID:11480
- C:\Windows\System32\KzgJSZh.exe
  C:\Windows\System32\KzgJSZh.exe
  2⤵
  PID:3612
- C:\Windows\System32\YwFCJpN.exe
  C:\Windows\System32\YwFCJpN.exe
  2⤵
  PID:11556
- C:\Windows\System32\AKEYlfw.exe
  C:\Windows\System32\AKEYlfw.exe
  2⤵
  PID:11772
- C:\Windows\System32\uuNJBbQ.exe
  C:\Windows\System32\uuNJBbQ.exe
  2⤵
  PID:11872
- C:\Windows\System32\CIbAaSn.exe
  C:\Windows\System32\CIbAaSn.exe
  2⤵
  PID:12100
- C:\Windows\System32\ZuxXPTa.exe
  C:\Windows\System32\ZuxXPTa.exe
  2⤵
  PID:11304
- C:\Windows\System32\wwjHjMT.exe
  C:\Windows\System32\wwjHjMT.exe
  2⤵
  PID:844
- C:\Windows\System32\fnhAMbz.exe
  C:\Windows\System32\fnhAMbz.exe
  2⤵
  PID:5064
- C:\Windows\System32\UVrsuhC.exe
  C:\Windows\System32\UVrsuhC.exe
  2⤵
  PID:11828
- C:\Windows\System32\NTNBAeq.exe
  C:\Windows\System32\NTNBAeq.exe
  2⤵
  PID:11180
- C:\Windows\System32\lwVUdnr.exe
  C:\Windows\System32\lwVUdnr.exe
  2⤵
  PID:12012
- C:\Windows\System32\gfNlJWP.exe
  C:\Windows\System32\gfNlJWP.exe
  2⤵
  PID:12304
- C:\Windows\System32\DhaaIcp.exe
  C:\Windows\System32\DhaaIcp.exe
  2⤵
  PID:12328
- C:\Windows\System32\acwjoXj.exe
  C:\Windows\System32\acwjoXj.exe
  2⤵
  PID:12360
- C:\Windows\System32\aWbruff.exe
  C:\Windows\System32\aWbruff.exe
  2⤵
  PID:12396
- C:\Windows\System32\OsvUmEb.exe
  C:\Windows\System32\OsvUmEb.exe
  2⤵
  PID:12440
- C:\Windows\System32\kLeFXnb.exe
  C:\Windows\System32\kLeFXnb.exe
  2⤵
  PID:12460
- C:\Windows\System32\Jgwxdhl.exe
  C:\Windows\System32\Jgwxdhl.exe
  2⤵
  PID:12484
- C:\Windows\System32\ligMISg.exe
  C:\Windows\System32\ligMISg.exe
  2⤵
  PID:12504
- C:\Windows\System32\OAtIauI.exe
  C:\Windows\System32\OAtIauI.exe
  2⤵
  PID:12528
- C:\Windows\System32\tGoiucG.exe
  C:\Windows\System32\tGoiucG.exe
  2⤵
  PID:12548
- C:\Windows\System32\eLBtHwM.exe
  C:\Windows\System32\eLBtHwM.exe
  2⤵
  PID:12564
- C:\Windows\System32\IHCIyMo.exe
  C:\Windows\System32\IHCIyMo.exe
  2⤵
  PID:12600
- C:\Windows\System32\vkBdgFe.exe
  C:\Windows\System32\vkBdgFe.exe
  2⤵
  PID:12616
- C:\Windows\System32\IsFfLdQ.exe
  C:\Windows\System32\IsFfLdQ.exe
  2⤵
  PID:12664
- C:\Windows\System32\oRJnfhc.exe
  C:\Windows\System32\oRJnfhc.exe
  2⤵
  PID:12696
- C:\Windows\System32\CwFgoJb.exe
  C:\Windows\System32\CwFgoJb.exe
  2⤵
  PID:12736
- C:\Windows\System32\dGymChv.exe
  C:\Windows\System32\dGymChv.exe
  2⤵
  PID:12768
- C:\Windows\System32\aPgyLCk.exe
  C:\Windows\System32\aPgyLCk.exe
  2⤵
  PID:12792
- C:\Windows\System32\qDrurYv.exe
  C:\Windows\System32\qDrurYv.exe
  2⤵
  PID:12808
- C:\Windows\System32\HqkbMVU.exe
  C:\Windows\System32\HqkbMVU.exe
  2⤵
  PID:12828
- C:\Windows\System32\yGjGwuq.exe
  C:\Windows\System32\yGjGwuq.exe
  2⤵
  PID:12856
- C:\Windows\System32\AOLasnD.exe
  C:\Windows\System32\AOLasnD.exe
  2⤵
  PID:12876
- C:\Windows\System32\xVLoRmf.exe
  C:\Windows\System32\xVLoRmf.exe
  2⤵
  PID:12900
- C:\Windows\System32\SVBOFFM.exe
  C:\Windows\System32\SVBOFFM.exe
  2⤵
  PID:12924
- C:\Windows\System32\kwqzmmm.exe
  C:\Windows\System32\kwqzmmm.exe
  2⤵
  PID:12984
- C:\Windows\System32\QFfwTFx.exe
  C:\Windows\System32\QFfwTFx.exe
  2⤵
  PID:13016
- C:\Windows\System32\MOokVdQ.exe
  C:\Windows\System32\MOokVdQ.exe
  2⤵
  PID:13032
- C:\Windows\System32\JQWeiWs.exe
  C:\Windows\System32\JQWeiWs.exe
  2⤵
  PID:13076
- C:\Windows\System32\HKPQivs.exe
  C:\Windows\System32\HKPQivs.exe
  2⤵
  PID:13104
- C:\Windows\System32\eXuPKtG.exe
  C:\Windows\System32\eXuPKtG.exe
  2⤵
  PID:13128
- C:\Windows\System32\vbvjDjz.exe
  C:\Windows\System32\vbvjDjz.exe
  2⤵
  PID:13160
- C:\Windows\System32\kUPaPRQ.exe
  C:\Windows\System32\kUPaPRQ.exe
  2⤵
  PID:13180
- C:\Windows\System32\dyqTbMY.exe
  C:\Windows\System32\dyqTbMY.exe
  2⤵
  PID:13220
- C:\Windows\System32\RoNUxBy.exe
  C:\Windows\System32\RoNUxBy.exe
  2⤵
  PID:13252
- C:\Windows\System32\EuJrvXd.exe
  C:\Windows\System32\EuJrvXd.exe
  2⤵
  PID:13280

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AoCekBo.exe

Filesize
1.6MB

MD5
61140667fddad63ccb3a340d137a8348

SHA1
66b10b4a06b95c3102e04a1a03ba1c270f44613a

SHA256
c3dfa5d856a8e3b145fd4a156dc240ceb9c34f1e00f0331e37fdc6ac259ae037

SHA512
72f858f7e1d4b238b64741d0fa3f62c9132996357a095dc2eefe90eabe82b78d98da1ca246d9422accc980660f3756278debd9d072abfd970c68eac10cf3d72b

Download Submit
C:\Windows\System32\BVNSLEj.exe

Filesize
1.6MB

MD5
eaf17e0b5dc007fc2a1649cf508e4511

SHA1
720646aac91179b55c8bfa03487047e2cc2b7fb1

SHA256
76d649aa200faa6258943cdd6bc4e350bc0039bd2089f8b7d48a50c2042d289a

SHA512
05f08a92b15178396bf165d529c424ce08e39ede3a2202dd08ff94ce42d521a4dd2476d72f5b1d02f85848c4fec704e2b2cec2e3e5ed89d1c86a29686c1bc591

Download Submit
C:\Windows\System32\CLGvJPg.exe

Filesize
1.6MB

MD5
431b2ff1ec7ed3ed9924a1f4412f74cf

SHA1
76aa6731935fe2fce9c236e708ad92863c1884f6

SHA256
e9f8982b060d4ab35af4d18434f96174d5cafea14362b236a2056b99571e7901

SHA512
867d0f72ff2649aed8b6a6055c5129b51a406d81bb8068b7f281d6476554842e9518c65d9710389debf2e930b56e7071ebc2a716e5f9a026128bf01f06ef4663

Download Submit
C:\Windows\System32\CsEZvXC.exe

Filesize
1.6MB

MD5
2b064e4e7ae1bab9e0c54156d23f577e

SHA1
484877fd6082461bf01fd5c241f65f8497f4cd32

SHA256
b41f2a1cb3df685a84e012337befdfdf1da4f1d745aba13ebdc25856613c34ce

SHA512
ce2df1e46bae53aa9f68e1fb41319c8e836a45efa29ec42cf86eecba4c27c836a3e187181a0af496c5a2a94244975b419b9b258a366237e484c5a00f969e5089

Download Submit
C:\Windows\System32\CvmCyVK.exe

Filesize
1.6MB

MD5
a7ee4a8a23aed61771d32b2d56897623

SHA1
81ce87067ffd3c31391afb1fb21f1552881f6dd6

SHA256
f8b1a4983888db844dd596f94d78030761a82411f32804c5e3aeb3b9cc9526fb

SHA512
07f1a74d24a1e4f63acb4ee84efe9b8afe433da78ed609ce6cfa7688e50af3ac1c6c924a214ab64b6f4195585c83707e96fdb34ac29951bef1ba9cbbdf358ffe

Download Submit
C:\Windows\System32\FNrGNAH.exe

Filesize
1.6MB

MD5
ac4d961fa3d4cc8942bf1f26dc39c850

SHA1
3d67ec2cf0a87ea48f7cc22aaabdb1cffcad83d8

SHA256
b52fc15fd5cd019923d23ac03cddaa9b1ae6ea8543da779da680ba83ec6eeef9

SHA512
1a24af438e9961d1b91a87bdf56a8d850d13769fcc2e039d906be8fde77cfdf9e66eef6c690950ebced5b2c6e4ba1c890ce19dc33ec55496c6f544cec7e6f161

Download Submit
C:\Windows\System32\JrKPezU.exe

Filesize
1.6MB

MD5
fa0210591a3a3f634b6bbf48428a666c

SHA1
55b5526e367cbf89dc6ad91938fd0e30e98a7d5b

SHA256
53d8559b9fe469a0f909b7699ed91bef43a3552c3bba4156fccfb388d1ee8ef9

SHA512
e3805caafa6c110fdfb5b184dabfd582afebc65e24592619d6853f1141b99568546c43508f6480a86581a0b6b28f96a4192f674d24b4b9967497fa100caf2408

Download Submit
C:\Windows\System32\KAjLgAn.exe

Filesize
1.6MB

MD5
957acdabcede7dbbdaad410a82511d97

SHA1
359a7641beb08a4115810577cacf57b10fab2d3e

SHA256
f7bcfbdd6640ce55aad6d3e54560809f2d8edaabe51f8349da479248257a846a

SHA512
096dad386530530ab0a6341f7bf3fc27c67ee2246342ca884443c8551e9581c2c211bbd7beac0f540088c33e92ac0d0359cb1a524de19f7d47fdbcd5d3d6b947

Download Submit
C:\Windows\System32\NcWNxmf.exe

Filesize
1.6MB

MD5
981d6844486775c2d91e7af556f5ee5e

SHA1
5efa8f83cc5e49d845a9e5bbc3c71414f6936969

SHA256
bc498f0fa9a74104afac74a43abe7e18cb4616da682dd7c64c4c148687129d31

SHA512
d3d24e43134894c3af1ccb8ab5be71a0cf3aeb05114e3bba710a6d78d02cef97752065964783a05d49441f927cd476d6c728ca19f760a84e710a537f25f7d36a

Download Submit
C:\Windows\System32\QkpUheK.exe

Filesize
1.6MB

MD5
b6c4bcff09c7e1d8d8cb4c04baaa98a2

SHA1
13f106f127e84d93406aab9dbc30b3c244a5740b

SHA256
c0decdf19be517f23b75a773c231da5a59b32ce6e060a7525605784936321c56

SHA512
803df395f5abfe08b38f58cbef8bba19b01a444c34b667f8c0eca0bb7490b4360383c12d1f2e8d5318958408ac672524d2d03f06829222410121c50ce49663cd

Download Submit
C:\Windows\System32\TzaYVdc.exe

Filesize
1.6MB

MD5
98f8282eaf2821eb0dc48caf7026ee45

SHA1
e0a0d816f7fe0d525ed4a4118620475355668b71

SHA256
98031d45d8e950a33780793f6ba50193307e1a4a8c61f8be9d6c74caac079bfa

SHA512
56c001b1d64746fb6223cb48f7d6fd396f7ae0909318c57790f177fd1a6d63fe6cf3cd335fd8e446b3a8d24daf2310d79ae3374d213152ace5e43e4c582b1925

Download Submit
C:\Windows\System32\WuipUgQ.exe

Filesize
1.6MB

MD5
f7cc7d1b6d9a5c040c615d8363d87e0c

SHA1
5de241476d7e89a62695a5e78517bf84cecebbd9

SHA256
42d9103fbdb6ffd4b843f5ed70b04902c78a102fb6b1fad4e3e2845a8d3baa58

SHA512
0a5cae66d94f2e874e688652d84d696b63e681329c02f9c98ff6a2b2e6468abdff05aeb3360d487913f5f6241990ce49b64d9f94e05b9315cd9c06d4842f65ce

Download Submit
C:\Windows\System32\ZuzDyEn.exe

Filesize
1.6MB

MD5
1efa6b513917675a76a77032ed6ffb09

SHA1
1a270683941ceadec6d23547ff01c5a29883ed40

SHA256
908ec5e995af88952f22fd569051ad310ccaa8ac4d53e469176bcdb9240ca05c

SHA512
96fb6dec01fc7a2d28f4a3380caa4b4d85cc7d4536ca98228f2bfc7402500900758c5cee16fb697b7602adae316fa434e1a88c6ee0dfb7973c9dd9f8794d4769

Download Submit
C:\Windows\System32\aZPZxlQ.exe

Filesize
1.6MB

MD5
6ae2eb6b0586b4fc7daedb9e1871d5a0

SHA1
efc3a57bd3f1ffed8b1ce7ef1f9bfc596cb7868f

SHA256
952ccc7022b637b670fb5f896e4a98ea9c14d4447659e45e45c3569c7328eebd

SHA512
dc92d021f8d9419680b608cb36bb8d177724b9f3b86c2df53f46a4a2d573c9e97df796082097d40fd2b6724eee265b9d81ba70ccf5989d1fb06dffe3eb285ccf

Download Submit
C:\Windows\System32\axjbtfU.exe

Filesize
1.6MB

MD5
18d929f8a0aeb006172834a2c9cc30df

SHA1
d83f05848b670c5bd95a522ac8d5b6df0b48c8de

SHA256
4314f4d9ad8e6b0c7c05c6c1cf0e3eb7c686f25c691079f90b392a1983b186e5

SHA512
4a95ea8adc0f5a8def170f02e1ffc3c2b27fff302fe02b7ad9ca3773691325e79d50c8e2a059ebaf2862750f67b88bb4bc70c465e5efe8cff9f693d7dfdf4552

Download Submit
C:\Windows\System32\beRUBxK.exe

Filesize
1.6MB

MD5
27179032b4fc027a4f53cbe52e5e31da

SHA1
0cc68321ea0c94ef6846bed0fdfabcd688e274eb

SHA256
02816def213dba51ad1babc87be93ab9b0830903722162877f79a09710a7f0e3

SHA512
ff8dde6edf5f787d586d90f379df0b4ccf2a16b2e0bb228046a1663b8b89949a865dff8dfab71bc4520ed43616863aab215a2c40efa5d04923bd46f5aa5ab597

Download Submit
C:\Windows\System32\dIVnVlO.exe

Filesize
1.6MB

MD5
51ce1a3c0f876d3b512ac4feaf6dc220

SHA1
1267807f0f26eddd27665f69ca08ecb85ed66c2e

SHA256
27a2e1c6b0b325f7833d4e1579c901da1246f53219c2ac2578dcac4a6a802d3b

SHA512
a10c2885387e72648fdaddfb690cbb1f930cdea0c1db6a7a82760e4fc7447db28fbe331ebdd33d424b5d8c1c182fd44fd96d42a616129e7d15feaa0a3a0615f6

Download Submit
C:\Windows\System32\djskQma.exe

Filesize
1.6MB

MD5
ac0df0e38ca8d4c1bf29bd949d1ad9ea

SHA1
d87e7af5c18f59d97a723c1957692120cc06d36a

SHA256
f36415324571c9fd9aa0682e4a42b60844f2171d88b8d3a3ab057c323bcff6f1

SHA512
0b5e21357993479fd49bda6af9b64f19309e48841e2257358422deb868e24665a3445cbe1d1d9db9762bd56a632e86a33796885c511de1f9befcf88fd3f15e30

Download Submit
C:\Windows\System32\fjCdshy.exe

Filesize
1.6MB

MD5
318164cf9856b421342cc9a9bec14752

SHA1
3c913604b6933a89b7470776ec58c548ef3c3ebb

SHA256
66b3d0e74cb04458c86c3fef846339abaecd8a360f1271a1dc93570b2a3bd470

SHA512
aca298ef81e536cbb584128799d280e5a61f6dbeea1c86afaec22555977a118bed96cf266ac1d31711e603b0f89b489e04f9b5f827c33a712792c21e0fea556e

Download Submit
C:\Windows\System32\hBrXDcL.exe

Filesize
1.6MB

MD5
c29773d0af86db0ee3fab3dfd9782364

SHA1
b5dc395efd7023c1225a2e5296f2bb224f19552c

SHA256
ecd40f54d52c8e21965f10298e7eae1618590204a5d5e7c677998e02d5d2ded2

SHA512
0bb982ae5244475f71541654d2064319129ecb7ea827d49999726d6fa177f82882d546d525c7bd0b30d499f5fcf670ddc9093c2579b561d3236f1e22f8919a1a

Download Submit
C:\Windows\System32\hiAqHnX.exe

Filesize
1.6MB

MD5
013bbdb836e7d081b5e6eff62792f718

SHA1
05968b45fb6c68b8f26882c41098365d59ea610a

SHA256
f1f5481316b98e95bcc94f8622a75d7c4757bd3df9bcebe8f1c4787c2cb560b2

SHA512
7e63de8c86b97f7471730f390a181e7f5b93970f360015cf89d7ebaa171eff239c08c0696dc5fce23720d39b7e85ad66a6872be3c14878acb6ceda414f444a9e

Download Submit
C:\Windows\System32\ieAuOOb.exe

Filesize
1.6MB

MD5
cc4dcc19e9d276fc3539a3f94fea1f19

SHA1
e003283536f89c72512f0000501a5b1542f741f5

SHA256
73a97696fa8081382fb01db11594fe875e362da854879fdcc097c91f75cade84

SHA512
93451468fade0a0917908a90364e8b1861a783bb85086c8db7edfb5eb6f7dd5cc97f4d62d9f1dfe791e4404c836c84a8d6fff608d1e34b4be2ca1aa1ff1bd102

Download Submit
C:\Windows\System32\jiJBwQo.exe

Filesize
1.6MB

MD5
731765e732788402e6743d26ad0e84e6

SHA1
d720765f19260d23da40876992aa72f4d9be2202

SHA256
cff951f66330359b32141155e145c697d493b92d3bf308eb82ec5a08bcf3d09b

SHA512
abc90d67ca4ca13f5e2769395d37aff95d7f338e3983817c035e16091afed322d0880baa0791b457e380e25dedcfd5b2525219b3c6b2871923db418f48026c1b

Download Submit
C:\Windows\System32\joDlmEq.exe

Filesize
1.6MB

MD5
ddafb6247d6f89e09d641e8d06c55edb

SHA1
8188c19654453a3613cd720ebeb0145b252c7b02

SHA256
c09c236bdb18303b7f93aed2a27738d02f8edf0b4e9913dab84432625f266ccb

SHA512
1bdda65f9b41c0a6d680c1134fcf73d43d4e108324f52266f4e16fd70c8b7d76059d4d94cba02342f70a04671c6d5b8aae1e385546e88acb7998c6c81081e250

Download Submit
C:\Windows\System32\mBTfaCZ.exe

Filesize
1.6MB

MD5
bff1a94219be1e558f9aad1b3f509f4e

SHA1
56b5bd045e38f207e20c03ab79f0052d1c6d22b9

SHA256
e0f291d03af144f8d1c4b789cb94a3af6b330c7b6cbfd2e0ac50cfb365f81962

SHA512
ef1a32d77b3dc09d9461ec61715feeb4d1badb0ea70ead65578b04fdc366faa97fbd4a77fb53cd078814a68297e2304555807d5405568df093ce00e797a19a6b

Download Submit
C:\Windows\System32\nEQIGrD.exe

Filesize
1.6MB

MD5
8379c1f68209ec8a655d1a6dae689139

SHA1
7c0a787365057b38b360f7e23fd1e7f8602d2ab9

SHA256
13dd9887d8d95c1289d687084f5789b5d209ac89b89d6d7d50b10f4e9087b193

SHA512
f9cf62b64e7018880f9838d447b9359b76cc9d500e732fe258e215076ba6d574acb1cb9bb7af17ac2d1d57982487ec14c3ccbe83074913783d78aaa372619686

Download Submit
C:\Windows\System32\qbiuiRe.exe

Filesize
1.6MB

MD5
566139fd3157d69276a9422cf1a51e52

SHA1
8de7e7eef82203900b6640739ad57d2fd291ad3f

SHA256
aaa111058da9111ce8b02abab7f399ebe0621cb0ca42d30003919f4745e33fee

SHA512
f3eab14fbe6e1b33d37a549b31c0c9d008e40ef971e76033736cd343b693db6c2623c4063b8d75fc6ef2030f412d409ce57c1be6ae49f10b070fba4588f02b2f

Download Submit
C:\Windows\System32\tQFOTft.exe

Filesize
1.6MB

MD5
c4431b7ab13afc905d0bb4b1ef747fb3

SHA1
985a8ebc1afcf12e167eb955e545a618f7c20aa9

SHA256
5ebe3caa59bb78761d8ab474dd64fbc6177488cd69496061121a92673587ef0b

SHA512
63d38fe4a0931f613a960b4081626ce74cb4aacb4db82eaba6b463855c6035760bb66d74694c806accae744a0e432f6fbb9e92488f8160f998d22a5bb5b5ca8b

Download Submit
C:\Windows\System32\tSSXlmT.exe

Filesize
1.6MB

MD5
f1f6662fb60a2496a7b4dc3650116a0a

SHA1
1933c02feb63197c2bd0b7521d2d52f8e87bb73e

SHA256
04fa84f55f9bce031125daf76ec47dada3afa3255cab91b03675d23e555ae6bd

SHA512
c38229a70484e895069a9225bc33cabc58fdd8e1379e0d593d5b33e8f45f6b432040695c2bc81f64925d37c38b77dee42403ca8fa4428021331773fb0a35ba11

Download Submit
C:\Windows\System32\xevkCdZ.exe

Filesize
1.6MB

MD5
e040abb9fe3e2cad817417f41a46b385

SHA1
1d425a717d1b011bf99e627abda3c953ca6cf3b6

SHA256
7da5a123ec3630f1a329739a3251a4c590f98693b225ac7e6daed408119f35c0

SHA512
4b2ab8650deb1b3c6b51ad3d309933de10e513467a136d2cf369026ccb818a0d33065c888b16bcfe35484d4e879fe9851110bfe82c9d77671eb385b0f88b2ec5

Download Submit
C:\Windows\System32\zBMrYSJ.exe

Filesize
1.6MB

MD5
9949ab8aa808d5b0700fc590683ced85

SHA1
ec8805d435327c1d8bf0e2a382760ac613675e05

SHA256
f32e196a6572ec501c79a36af8d8a82cd45c17c1a753d391ca093eac351649a1

SHA512
5a66dc8f2bbf4b9909e737189b8864b6fc33261e98251e441df8a0b1974f1fd7ed3d356f19b4bc042be3aaa587955078b7e394f5333f88be69899053b73db328

Download Submit
C:\Windows\System32\zFLpiCx.exe

Filesize
1.6MB

MD5
7e17fa275017a168ae73e023c5aa93f6

SHA1
15d606402e9da57e926a79c68270d7c20614a40f

SHA256
66128cae8414200d97f7815e8de916a48182918e2fa130d1d0de7fa08006d394

SHA512
3cd3a9af0eb70f22b1bc86be8cb862bc8386e3a4f9d3bca6a096f748df572f8c458e3b6844b98fe29e748dab2d61cb4ed83fb3f21adb010b5b18bab1faf6669e

Download Submit
memory/8-2016-0x00007FF60FE10000-0x00007FF610201000-memory.dmp

Filesize
3.9MB

Download
memory/8-34-0x00007FF60FE10000-0x00007FF610201000-memory.dmp

Filesize
3.9MB

Download
memory/8-1999-0x00007FF60FE10000-0x00007FF610201000-memory.dmp

Filesize
3.9MB

Download
memory/748-405-0x00007FF7B10C0000-0x00007FF7B14B1000-memory.dmp

Filesize
3.9MB

Download
memory/748-2012-0x00007FF7B10C0000-0x00007FF7B14B1000-memory.dmp

Filesize
3.9MB

Download
memory/884-2014-0x00007FF6F0210000-0x00007FF6F0601000-memory.dmp

Filesize
3.9MB

Download
memory/884-43-0x00007FF6F0210000-0x00007FF6F0601000-memory.dmp

Filesize
3.9MB

Download
memory/1056-447-0x00007FF707240000-0x00007FF707631000-memory.dmp

Filesize
3.9MB

Download
memory/1056-2032-0x00007FF707240000-0x00007FF707631000-memory.dmp

Filesize
3.9MB

Download
memory/1360-444-0x00007FF7E6F30000-0x00007FF7E7321000-memory.dmp

Filesize
3.9MB

Download
memory/1360-2030-0x00007FF7E6F30000-0x00007FF7E7321000-memory.dmp

Filesize
3.9MB

Download
memory/2052-408-0x00007FF7AD710000-0x00007FF7ADB01000-memory.dmp

Filesize
3.9MB

Download
memory/2052-2020-0x00007FF7AD710000-0x00007FF7ADB01000-memory.dmp

Filesize
3.9MB

Download
memory/2480-407-0x00007FF7AABA0000-0x00007FF7AAF91000-memory.dmp

Filesize
3.9MB

Download
memory/2480-2022-0x00007FF7AABA0000-0x00007FF7AAF91000-memory.dmp

Filesize
3.9MB

Download
memory/2516-485-0x00007FF76A710000-0x00007FF76AB01000-memory.dmp

Filesize
3.9MB

Download
memory/2516-2062-0x00007FF76A710000-0x00007FF76AB01000-memory.dmp

Filesize
3.9MB

Download
memory/2604-36-0x00007FF6042E0000-0x00007FF6046D1000-memory.dmp

Filesize
3.9MB

Download
memory/2604-2003-0x00007FF6042E0000-0x00007FF6046D1000-memory.dmp

Filesize
3.9MB

Download
memory/2988-498-0x00007FF67B570000-0x00007FF67B961000-memory.dmp

Filesize
3.9MB

Download
memory/2988-2106-0x00007FF67B570000-0x00007FF67B961000-memory.dmp

Filesize
3.9MB

Download
memory/3160-2102-0x00007FF687240000-0x00007FF687631000-memory.dmp

Filesize
3.9MB

Download
memory/3160-450-0x00007FF687240000-0x00007FF687631000-memory.dmp

Filesize
3.9MB

Download
memory/3192-2026-0x00007FF648F70000-0x00007FF649361000-memory.dmp

Filesize
3.9MB

Download
memory/3192-417-0x00007FF648F70000-0x00007FF649361000-memory.dmp

Filesize
3.9MB

Download
memory/3348-2024-0x00007FF683D50000-0x00007FF684141000-memory.dmp

Filesize
3.9MB

Download
memory/3348-413-0x00007FF683D50000-0x00007FF684141000-memory.dmp

Filesize
3.9MB

Download
memory/3448-2007-0x00007FF7388C0000-0x00007FF738CB1000-memory.dmp

Filesize
3.9MB

Download
memory/3448-39-0x00007FF7388C0000-0x00007FF738CB1000-memory.dmp

Filesize
3.9MB

Download
memory/3476-2083-0x00007FF635E40000-0x00007FF636231000-memory.dmp

Filesize
3.9MB

Download
memory/3476-496-0x00007FF635E40000-0x00007FF636231000-memory.dmp

Filesize
3.9MB

Download
memory/3544-2104-0x00007FF652780000-0x00007FF652B71000-memory.dmp

Filesize
3.9MB

Download
memory/3544-454-0x00007FF652780000-0x00007FF652B71000-memory.dmp

Filesize
3.9MB

Download
memory/3552-2074-0x00007FF685100000-0x00007FF6854F1000-memory.dmp

Filesize
3.9MB

Download
memory/3552-476-0x00007FF685100000-0x00007FF6854F1000-memory.dmp

Filesize
3.9MB

Download
memory/3776-430-0x00007FF6CF970000-0x00007FF6CFD61000-memory.dmp

Filesize
3.9MB

Download
memory/3776-2028-0x00007FF6CF970000-0x00007FF6CFD61000-memory.dmp

Filesize
3.9MB

Download
memory/3804-2009-0x00007FF628B00000-0x00007FF628EF1000-memory.dmp

Filesize
3.9MB

Download
memory/3804-32-0x00007FF628B00000-0x00007FF628EF1000-memory.dmp

Filesize
3.9MB

Download
memory/3804-1998-0x00007FF628B00000-0x00007FF628EF1000-memory.dmp

Filesize
3.9MB

Download
memory/3864-464-0x00007FF6D8C60000-0x00007FF6D9051000-memory.dmp

Filesize
3.9MB

Download
memory/3864-2107-0x00007FF6D8C60000-0x00007FF6D9051000-memory.dmp

Filesize
3.9MB

Download
memory/3924-406-0x00007FF6960E0000-0x00007FF6964D1000-memory.dmp

Filesize
3.9MB

Download
memory/3924-2018-0x00007FF6960E0000-0x00007FF6964D1000-memory.dmp

Filesize
3.9MB

Download
memory/4192-2087-0x00007FF6695E0000-0x00007FF6699D1000-memory.dmp

Filesize
3.9MB

Download
memory/4192-461-0x00007FF6695E0000-0x00007FF6699D1000-memory.dmp

Filesize
3.9MB

Download
memory/4316-2001-0x00007FF6D5B90000-0x00007FF6D5F81000-memory.dmp

Filesize
3.9MB

Download
memory/4316-21-0x00007FF6D5B90000-0x00007FF6D5F81000-memory.dmp

Filesize
3.9MB

Download
memory/4480-1-0x000001C515370000-0x000001C515380000-memory.dmp

Filesize
64KB

Download
memory/4480-0-0x00007FF67C030000-0x00007FF67C421000-memory.dmp

Filesize
3.9MB

Download
memory/4672-24-0x00007FF728B10000-0x00007FF728F01000-memory.dmp

Filesize
3.9MB

Download
memory/4672-2005-0x00007FF728B10000-0x00007FF728F01000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads