xmrig | d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd

Analysis

max time kernel
127s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
Size

1.3MB
MD5

1fad8fcf8208387b8a101198f4637c7e
SHA1

9ad1013025b906346eb45bbab04897f450ef99f1
SHA256

d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd
SHA512

3e89cdc6f9d817b2191cce423bc0c2112aa6c8c7b3b045c599367cdbbc48ec06b6e44b3f6eeaaa2097d7f1cb49c836ac681d449b02258663be9e8c877465d90e
SSDEEP

24576:RVIl/WDGCi7/qkat6zqxG2Z9mIhQvq8wd7D7Mp0b5jQanRn1u1kz:ROdWCCi7/raWMmSdtnWg

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/848-412-0x00007FF751980000-0x00007FF751CD1000-memory.dmp	xmrig
behavioral2/memory/5008-421-0x00007FF654B30000-0x00007FF654E81000-memory.dmp	xmrig
behavioral2/memory/4696-428-0x00007FF76DCA0000-0x00007FF76DFF1000-memory.dmp	xmrig
behavioral2/memory/3572-436-0x00007FF7DC3E0000-0x00007FF7DC731000-memory.dmp	xmrig
behavioral2/memory/3076-443-0x00007FF7AE700000-0x00007FF7AEA51000-memory.dmp	xmrig
behavioral2/memory/512-447-0x00007FF69D3F0000-0x00007FF69D741000-memory.dmp	xmrig
behavioral2/memory/412-477-0x00007FF78D0D0000-0x00007FF78D421000-memory.dmp	xmrig
behavioral2/memory/4224-483-0x00007FF62ABB0000-0x00007FF62AF01000-memory.dmp	xmrig
behavioral2/memory/4852-491-0x00007FF7A46D0000-0x00007FF7A4A21000-memory.dmp	xmrig
behavioral2/memory/2020-489-0x00007FF6105F0000-0x00007FF610941000-memory.dmp	xmrig
behavioral2/memory/732-481-0x00007FF702220000-0x00007FF702571000-memory.dmp	xmrig
behavioral2/memory/2796-476-0x00007FF727070000-0x00007FF7273C1000-memory.dmp	xmrig
behavioral2/memory/2208-473-0x00007FF6FC720000-0x00007FF6FCA71000-memory.dmp	xmrig
behavioral2/memory/4336-469-0x00007FF7E74F0000-0x00007FF7E7841000-memory.dmp	xmrig
behavioral2/memory/1544-457-0x00007FF708370000-0x00007FF7086C1000-memory.dmp	xmrig
behavioral2/memory/3388-454-0x00007FF6C6F30000-0x00007FF6C7281000-memory.dmp	xmrig
behavioral2/memory/772-452-0x00007FF7A3020000-0x00007FF7A3371000-memory.dmp	xmrig
behavioral2/memory/4264-439-0x00007FF606D70000-0x00007FF6070C1000-memory.dmp	xmrig
behavioral2/memory/4568-426-0x00007FF67DFC0000-0x00007FF67E311000-memory.dmp	xmrig
behavioral2/memory/1800-420-0x00007FF6C15F0000-0x00007FF6C1941000-memory.dmp	xmrig
behavioral2/memory/3020-37-0x00007FF698B70000-0x00007FF698EC1000-memory.dmp	xmrig
behavioral2/memory/2780-36-0x00007FF6FC630000-0x00007FF6FC981000-memory.dmp	xmrig
behavioral2/memory/4140-2171-0x00007FF71C570000-0x00007FF71C8C1000-memory.dmp	xmrig
behavioral2/memory/4832-2201-0x00007FF76AD70000-0x00007FF76B0C1000-memory.dmp	xmrig
behavioral2/memory/1624-2202-0x00007FF7996E0000-0x00007FF799A31000-memory.dmp	xmrig
behavioral2/memory/2828-2203-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp	xmrig
behavioral2/memory/744-2204-0x00007FF7B5390000-0x00007FF7B56E1000-memory.dmp	xmrig
behavioral2/memory/2016-2237-0x00007FF7E2880000-0x00007FF7E2BD1000-memory.dmp	xmrig
behavioral2/memory/4140-2247-0x00007FF71C570000-0x00007FF71C8C1000-memory.dmp	xmrig
behavioral2/memory/2780-2245-0x00007FF6FC630000-0x00007FF6FC981000-memory.dmp	xmrig
behavioral2/memory/3504-2243-0x00007FF6129F0000-0x00007FF612D41000-memory.dmp	xmrig
behavioral2/memory/1800-2249-0x00007FF6C15F0000-0x00007FF6C1941000-memory.dmp	xmrig
behavioral2/memory/2828-2261-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp	xmrig
behavioral2/memory/1624-2259-0x00007FF7996E0000-0x00007FF799A31000-memory.dmp	xmrig
behavioral2/memory/744-2257-0x00007FF7B5390000-0x00007FF7B56E1000-memory.dmp	xmrig
behavioral2/memory/4832-2255-0x00007FF76AD70000-0x00007FF76B0C1000-memory.dmp	xmrig
behavioral2/memory/3020-2253-0x00007FF698B70000-0x00007FF698EC1000-memory.dmp	xmrig
behavioral2/memory/2016-2251-0x00007FF7E2880000-0x00007FF7E2BD1000-memory.dmp	xmrig
behavioral2/memory/2208-2300-0x00007FF6FC720000-0x00007FF6FCA71000-memory.dmp	xmrig
behavioral2/memory/2796-2303-0x00007FF727070000-0x00007FF7273C1000-memory.dmp	xmrig
behavioral2/memory/412-2298-0x00007FF78D0D0000-0x00007FF78D421000-memory.dmp	xmrig
behavioral2/memory/732-2296-0x00007FF702220000-0x00007FF702571000-memory.dmp	xmrig
behavioral2/memory/5008-2294-0x00007FF654B30000-0x00007FF654E81000-memory.dmp	xmrig
behavioral2/memory/4224-2292-0x00007FF62ABB0000-0x00007FF62AF01000-memory.dmp	xmrig
behavioral2/memory/2020-2290-0x00007FF6105F0000-0x00007FF610941000-memory.dmp	xmrig
behavioral2/memory/4568-2285-0x00007FF67DFC0000-0x00007FF67E311000-memory.dmp	xmrig
behavioral2/memory/4696-2283-0x00007FF76DCA0000-0x00007FF76DFF1000-memory.dmp	xmrig
behavioral2/memory/4264-2279-0x00007FF606D70000-0x00007FF6070C1000-memory.dmp	xmrig
behavioral2/memory/3076-2277-0x00007FF7AE700000-0x00007FF7AEA51000-memory.dmp	xmrig
behavioral2/memory/512-2273-0x00007FF69D3F0000-0x00007FF69D741000-memory.dmp	xmrig
behavioral2/memory/3388-2269-0x00007FF6C6F30000-0x00007FF6C7281000-memory.dmp	xmrig
behavioral2/memory/848-2263-0x00007FF751980000-0x00007FF751CD1000-memory.dmp	xmrig
behavioral2/memory/3572-2281-0x00007FF7DC3E0000-0x00007FF7DC731000-memory.dmp	xmrig
behavioral2/memory/1544-2275-0x00007FF708370000-0x00007FF7086C1000-memory.dmp	xmrig
behavioral2/memory/772-2271-0x00007FF7A3020000-0x00007FF7A3371000-memory.dmp	xmrig
behavioral2/memory/4336-2267-0x00007FF7E74F0000-0x00007FF7E7841000-memory.dmp	xmrig
behavioral2/memory/4852-2265-0x00007FF7A46D0000-0x00007FF7A4A21000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3504	FRlHWpj.exe
2780	hoRVgCQ.exe
4140	vixLxkL.exe
3020	FYAUoTK.exe
4832	mqcCmEk.exe
1624	GDQctqe.exe
2828	HgHHolt.exe
2016	MtYjsrZ.exe
744	bWemRBi.exe
848	SqPujqd.exe
1800	waXesqm.exe
4852	ZEHVlyA.exe
5008	ZZUrTcz.exe
4568	DQNQwvc.exe
4696	fnrfNyY.exe
3572	KDGvtAP.exe
4264	OPpxdrQ.exe
3076	RVcPscj.exe
512	SqGfbFk.exe
772	TLKbHGo.exe
3388	biXgSZG.exe
1544	hbeczuV.exe
4336	VsQHQRQ.exe
2208	htpxCsb.exe
2796	IvueKvT.exe
412	RFNIgBZ.exe
732	oJOPLIv.exe
4224	qpsDtoL.exe
2020	vKfwFtA.exe
1540	RgBkQKk.exe
3884	NUFLNyv.exe
2156	MLOJpEW.exe
3736	EIcieWl.exe
2932	qvhfcNC.exe
4424	cpqlJzP.exe
2696	sRBgRgI.exe
4236	CLbJGTO.exe
3952	xUBRPfO.exe
4016	sWlMFnk.exe
844	LeGeunb.exe
2000	XRlSjDA.exe
5020	SRuPkGt.exe
2508	SQAsnDR.exe
3920	ShTRgyh.exe
2296	QNnupJS.exe
1932	wiGZqef.exe
3332	fhKSgiv.exe
3516	rtmqTZD.exe
4292	zuYLsiA.exe
4308	ojlSrsk.exe
1988	RAzUTZx.exe
4192	zjIsDuN.exe
320	DqujmmD.exe
4812	rMnIwiT.exe
3628	cXizvjo.exe
3212	tUHhEMm.exe
1948	DaXrlJq.exe
5064	dBbxjjt.exe
3400	ZMuHCNb.exe
2312	OBSpzCj.exe
1920	JNNgrZt.exe
1688	XyhVICN.exe
1212	wWghKws.exe
2984	GjOHbgQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/516-0-0x00007FF609370000-0x00007FF6096C1000-memory.dmp	upx
behavioral2/files/0x000900000002340c-5.dat	upx
behavioral2/files/0x000700000002346b-7.dat	upx
behavioral2/files/0x000700000002346c-13.dat	upx
behavioral2/memory/3504-14-0x00007FF6129F0000-0x00007FF612D41000-memory.dmp	upx
behavioral2/files/0x000700000002346d-23.dat	upx
behavioral2/files/0x000800000002346a-34.dat	upx
behavioral2/files/0x0007000000023470-53.dat	upx
behavioral2/files/0x0007000000023472-60.dat	upx
behavioral2/files/0x0007000000023474-75.dat	upx
behavioral2/files/0x0007000000023479-92.dat	upx
behavioral2/files/0x000700000002347b-102.dat	upx
behavioral2/files/0x000700000002347c-115.dat	upx
behavioral2/files/0x0007000000023482-137.dat	upx
behavioral2/files/0x0007000000023483-150.dat	upx
behavioral2/memory/848-412-0x00007FF751980000-0x00007FF751CD1000-memory.dmp	upx
behavioral2/files/0x0007000000023489-172.dat	upx
behavioral2/files/0x0007000000023487-170.dat	upx
behavioral2/files/0x0007000000023488-167.dat	upx
behavioral2/files/0x0007000000023486-165.dat	upx
behavioral2/files/0x0007000000023485-160.dat	upx
behavioral2/files/0x0007000000023484-155.dat	upx
behavioral2/files/0x0007000000023481-140.dat	upx
behavioral2/memory/5008-421-0x00007FF654B30000-0x00007FF654E81000-memory.dmp	upx
behavioral2/memory/4696-428-0x00007FF76DCA0000-0x00007FF76DFF1000-memory.dmp	upx
behavioral2/memory/3572-436-0x00007FF7DC3E0000-0x00007FF7DC731000-memory.dmp	upx
behavioral2/memory/3076-443-0x00007FF7AE700000-0x00007FF7AEA51000-memory.dmp	upx
behavioral2/memory/512-447-0x00007FF69D3F0000-0x00007FF69D741000-memory.dmp	upx
behavioral2/memory/412-477-0x00007FF78D0D0000-0x00007FF78D421000-memory.dmp	upx
behavioral2/memory/4224-483-0x00007FF62ABB0000-0x00007FF62AF01000-memory.dmp	upx
behavioral2/memory/4852-491-0x00007FF7A46D0000-0x00007FF7A4A21000-memory.dmp	upx
behavioral2/memory/2020-489-0x00007FF6105F0000-0x00007FF610941000-memory.dmp	upx
behavioral2/memory/732-481-0x00007FF702220000-0x00007FF702571000-memory.dmp	upx
behavioral2/memory/2796-476-0x00007FF727070000-0x00007FF7273C1000-memory.dmp	upx
behavioral2/memory/2208-473-0x00007FF6FC720000-0x00007FF6FCA71000-memory.dmp	upx
behavioral2/memory/4336-469-0x00007FF7E74F0000-0x00007FF7E7841000-memory.dmp	upx
behavioral2/memory/1544-457-0x00007FF708370000-0x00007FF7086C1000-memory.dmp	upx
behavioral2/memory/3388-454-0x00007FF6C6F30000-0x00007FF6C7281000-memory.dmp	upx
behavioral2/memory/772-452-0x00007FF7A3020000-0x00007FF7A3371000-memory.dmp	upx
behavioral2/memory/4264-439-0x00007FF606D70000-0x00007FF6070C1000-memory.dmp	upx
behavioral2/memory/4568-426-0x00007FF67DFC0000-0x00007FF67E311000-memory.dmp	upx
behavioral2/memory/1800-420-0x00007FF6C15F0000-0x00007FF6C1941000-memory.dmp	upx
behavioral2/files/0x0007000000023480-135.dat	upx
behavioral2/files/0x000700000002347f-130.dat	upx
behavioral2/files/0x000700000002347e-125.dat	upx
behavioral2/files/0x000700000002347d-120.dat	upx
behavioral2/files/0x000700000002347a-105.dat	upx
behavioral2/files/0x0007000000023478-95.dat	upx
behavioral2/files/0x0007000000023477-90.dat	upx
behavioral2/files/0x0007000000023476-85.dat	upx
behavioral2/files/0x0007000000023475-80.dat	upx
behavioral2/memory/744-66-0x00007FF7B5390000-0x00007FF7B56E1000-memory.dmp	upx
behavioral2/files/0x0007000000023473-63.dat	upx
behavioral2/memory/2016-57-0x00007FF7E2880000-0x00007FF7E2BD1000-memory.dmp	upx
behavioral2/files/0x0007000000023471-56.dat	upx
behavioral2/files/0x000700000002346f-50.dat	upx
behavioral2/files/0x000700000002346e-45.dat	upx
behavioral2/memory/2828-42-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp	upx
behavioral2/memory/1624-41-0x00007FF7996E0000-0x00007FF799A31000-memory.dmp	upx
behavioral2/memory/3020-37-0x00007FF698B70000-0x00007FF698EC1000-memory.dmp	upx
behavioral2/memory/2780-36-0x00007FF6FC630000-0x00007FF6FC981000-memory.dmp	upx
behavioral2/memory/4140-25-0x00007FF71C570000-0x00007FF71C8C1000-memory.dmp	upx
behavioral2/memory/4832-28-0x00007FF76AD70000-0x00007FF76B0C1000-memory.dmp	upx
behavioral2/memory/4140-2171-0x00007FF71C570000-0x00007FF71C8C1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nqrYxlc.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\Famgveq.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\VjiXYyi.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\rDvrWFX.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\wgVqDRb.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\XaSEjIY.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\kqlyvHe.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\iyeNAVL.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\xBxrzFC.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\wnznQnh.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\sBgGUFi.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\htpxCsb.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\ojlSrsk.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\NtPtyVi.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\HhxlIHd.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\ZCtSMHA.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\gZleuyq.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\QrIaMhr.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\IBLIWpS.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\ZMuHCNb.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\NAZhPDe.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\FngfFsD.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\WBJsgvH.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\TfQUQAg.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\PMKzpPG.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\UNYlxWB.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\gTGkbEj.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\BQUeOvG.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\nHbPyWw.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\XsjvqxY.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\qvhfcNC.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\wNpyFcT.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\hJysezX.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\kJrvSth.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\bZqOjXz.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\wWSeCMB.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\ysJYXll.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\JODVSRR.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\EccmsZu.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\gHhhUeW.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\VARTbzq.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\GgtaaCo.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\kRqHDCc.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\RPPMQsI.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\KnChVgt.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\ZwoFEPq.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\CISyNvK.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\fUpnUzl.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\wVzcSwE.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\jWMJIMV.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\dfPAUNE.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\HoMRKfD.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\oMaJVpD.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\hBbDHXc.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\ptMfFpn.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\FQqFRAS.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\ETeAaJM.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\Xpibryr.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\hSvGuCP.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\UYRcIjp.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\fewzuaq.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\ZyMjRJJ.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\VANcACx.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
File created	C:\Windows\System\nCdXuQn.exe	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14328	dwm.exe
Token: SeChangeNotifyPrivilege	14328	dwm.exe
Token: 33	14328	dwm.exe
Token: SeIncBasePriorityPrivilege	14328	dwm.exe
Token: SeShutdownPrivilege	14328	dwm.exe
Token: SeCreatePagefilePrivilege	14328	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 3504	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	85
PID 516 wrote to memory of 3504	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	85
PID 516 wrote to memory of 3020	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	86
PID 516 wrote to memory of 3020	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	86
PID 516 wrote to memory of 2780	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	87
PID 516 wrote to memory of 2780	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	87
PID 516 wrote to memory of 4140	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	88
PID 516 wrote to memory of 4140	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	88
PID 516 wrote to memory of 4832	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	89
PID 516 wrote to memory of 4832	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	89
PID 516 wrote to memory of 1624	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	90
PID 516 wrote to memory of 1624	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	90
PID 516 wrote to memory of 2828	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	91
PID 516 wrote to memory of 2828	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	91
PID 516 wrote to memory of 848	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	92
PID 516 wrote to memory of 848	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	92
PID 516 wrote to memory of 2016	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	93
PID 516 wrote to memory of 2016	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	93
PID 516 wrote to memory of 744	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	94
PID 516 wrote to memory of 744	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	94
PID 516 wrote to memory of 1800	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	95
PID 516 wrote to memory of 1800	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	95
PID 516 wrote to memory of 4852	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	96
PID 516 wrote to memory of 4852	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	96
PID 516 wrote to memory of 5008	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	97
PID 516 wrote to memory of 5008	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	97
PID 516 wrote to memory of 4568	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	98
PID 516 wrote to memory of 4568	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	98
PID 516 wrote to memory of 4696	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	99
PID 516 wrote to memory of 4696	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	99
PID 516 wrote to memory of 3572	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	100
PID 516 wrote to memory of 3572	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	100
PID 516 wrote to memory of 4264	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	101
PID 516 wrote to memory of 4264	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	101
PID 516 wrote to memory of 3076	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	102
PID 516 wrote to memory of 3076	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	102
PID 516 wrote to memory of 512	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	103
PID 516 wrote to memory of 512	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	103
PID 516 wrote to memory of 772	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	104
PID 516 wrote to memory of 772	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	104
PID 516 wrote to memory of 3388	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	105
PID 516 wrote to memory of 3388	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	105
PID 516 wrote to memory of 1544	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	106
PID 516 wrote to memory of 1544	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	106
PID 516 wrote to memory of 4336	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	107
PID 516 wrote to memory of 4336	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	107
PID 516 wrote to memory of 2208	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	108
PID 516 wrote to memory of 2208	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	108
PID 516 wrote to memory of 2796	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	109
PID 516 wrote to memory of 2796	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	109
PID 516 wrote to memory of 412	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	110
PID 516 wrote to memory of 412	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	110
PID 516 wrote to memory of 732	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	111
PID 516 wrote to memory of 732	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	111
PID 516 wrote to memory of 4224	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	112
PID 516 wrote to memory of 4224	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	112
PID 516 wrote to memory of 2020	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	113
PID 516 wrote to memory of 2020	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	113
PID 516 wrote to memory of 1540	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	114
PID 516 wrote to memory of 1540	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	114
PID 516 wrote to memory of 3884	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	115
PID 516 wrote to memory of 3884	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	115
PID 516 wrote to memory of 2156	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	116
PID 516 wrote to memory of 2156	516	d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe	116

C:\Users\Admin\AppData\Local\Temp\d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe
"C:\Users\Admin\AppData\Local\Temp\d06a4ab4a1b4e332d5008c6cabb0e8dfa60692733484652363dca0532c4ff6bd.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:516
- C:\Windows\System\FRlHWpj.exe
  C:\Windows\System\FRlHWpj.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\FYAUoTK.exe
  C:\Windows\System\FYAUoTK.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\hoRVgCQ.exe
  C:\Windows\System\hoRVgCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\vixLxkL.exe
  C:\Windows\System\vixLxkL.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\mqcCmEk.exe
  C:\Windows\System\mqcCmEk.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\GDQctqe.exe
  C:\Windows\System\GDQctqe.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\HgHHolt.exe
  C:\Windows\System\HgHHolt.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\SqPujqd.exe
  C:\Windows\System\SqPujqd.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\MtYjsrZ.exe
  C:\Windows\System\MtYjsrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\bWemRBi.exe
  C:\Windows\System\bWemRBi.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\waXesqm.exe
  C:\Windows\System\waXesqm.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\ZEHVlyA.exe
  C:\Windows\System\ZEHVlyA.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\ZZUrTcz.exe
  C:\Windows\System\ZZUrTcz.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\DQNQwvc.exe
  C:\Windows\System\DQNQwvc.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\fnrfNyY.exe
  C:\Windows\System\fnrfNyY.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\KDGvtAP.exe
  C:\Windows\System\KDGvtAP.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\OPpxdrQ.exe
  C:\Windows\System\OPpxdrQ.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\RVcPscj.exe
  C:\Windows\System\RVcPscj.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\SqGfbFk.exe
  C:\Windows\System\SqGfbFk.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\TLKbHGo.exe
  C:\Windows\System\TLKbHGo.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\biXgSZG.exe
  C:\Windows\System\biXgSZG.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\hbeczuV.exe
  C:\Windows\System\hbeczuV.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\VsQHQRQ.exe
  C:\Windows\System\VsQHQRQ.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\htpxCsb.exe
  C:\Windows\System\htpxCsb.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\IvueKvT.exe
  C:\Windows\System\IvueKvT.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\RFNIgBZ.exe
  C:\Windows\System\RFNIgBZ.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\oJOPLIv.exe
  C:\Windows\System\oJOPLIv.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\qpsDtoL.exe
  C:\Windows\System\qpsDtoL.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\vKfwFtA.exe
  C:\Windows\System\vKfwFtA.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\RgBkQKk.exe
  C:\Windows\System\RgBkQKk.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\NUFLNyv.exe
  C:\Windows\System\NUFLNyv.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\MLOJpEW.exe
  C:\Windows\System\MLOJpEW.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\EIcieWl.exe
  C:\Windows\System\EIcieWl.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\qvhfcNC.exe
  C:\Windows\System\qvhfcNC.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\cpqlJzP.exe
  C:\Windows\System\cpqlJzP.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\sRBgRgI.exe
  C:\Windows\System\sRBgRgI.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\CLbJGTO.exe
  C:\Windows\System\CLbJGTO.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\xUBRPfO.exe
  C:\Windows\System\xUBRPfO.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\sWlMFnk.exe
  C:\Windows\System\sWlMFnk.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\LeGeunb.exe
  C:\Windows\System\LeGeunb.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\XRlSjDA.exe
  C:\Windows\System\XRlSjDA.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\SRuPkGt.exe
  C:\Windows\System\SRuPkGt.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\SQAsnDR.exe
  C:\Windows\System\SQAsnDR.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\ShTRgyh.exe
  C:\Windows\System\ShTRgyh.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\QNnupJS.exe
  C:\Windows\System\QNnupJS.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\wiGZqef.exe
  C:\Windows\System\wiGZqef.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\fhKSgiv.exe
  C:\Windows\System\fhKSgiv.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\rtmqTZD.exe
  C:\Windows\System\rtmqTZD.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\zuYLsiA.exe
  C:\Windows\System\zuYLsiA.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\ojlSrsk.exe
  C:\Windows\System\ojlSrsk.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\RAzUTZx.exe
  C:\Windows\System\RAzUTZx.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\zjIsDuN.exe
  C:\Windows\System\zjIsDuN.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\DqujmmD.exe
  C:\Windows\System\DqujmmD.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\rMnIwiT.exe
  C:\Windows\System\rMnIwiT.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\cXizvjo.exe
  C:\Windows\System\cXizvjo.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\tUHhEMm.exe
  C:\Windows\System\tUHhEMm.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\DaXrlJq.exe
  C:\Windows\System\DaXrlJq.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\dBbxjjt.exe
  C:\Windows\System\dBbxjjt.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\ZMuHCNb.exe
  C:\Windows\System\ZMuHCNb.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\OBSpzCj.exe
  C:\Windows\System\OBSpzCj.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\JNNgrZt.exe
  C:\Windows\System\JNNgrZt.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\XyhVICN.exe
  C:\Windows\System\XyhVICN.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\wWghKws.exe
  C:\Windows\System\wWghKws.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\GjOHbgQ.exe
  C:\Windows\System\GjOHbgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\yjwchhJ.exe
  C:\Windows\System\yjwchhJ.exe
  2⤵
  PID:4980
- C:\Windows\System\OmxrHoi.exe
  C:\Windows\System\OmxrHoi.exe
  2⤵
  PID:3676
- C:\Windows\System\emaKcxE.exe
  C:\Windows\System\emaKcxE.exe
  2⤵
  PID:2852
- C:\Windows\System\GEXcwHg.exe
  C:\Windows\System\GEXcwHg.exe
  2⤵
  PID:4104
- C:\Windows\System\XLUVPaW.exe
  C:\Windows\System\XLUVPaW.exe
  2⤵
  PID:316
- C:\Windows\System\nRANXHI.exe
  C:\Windows\System\nRANXHI.exe
  2⤵
  PID:1928
- C:\Windows\System\fAxeJfU.exe
  C:\Windows\System\fAxeJfU.exe
  2⤵
  PID:3392
- C:\Windows\System\FQqFRAS.exe
  C:\Windows\System\FQqFRAS.exe
  2⤵
  PID:212
- C:\Windows\System\LYECKbH.exe
  C:\Windows\System\LYECKbH.exe
  2⤵
  PID:1060
- C:\Windows\System\ufYgzmY.exe
  C:\Windows\System\ufYgzmY.exe
  2⤵
  PID:5028
- C:\Windows\System\lrixNEi.exe
  C:\Windows\System\lrixNEi.exe
  2⤵
  PID:4848
- C:\Windows\System\YqEbxoy.exe
  C:\Windows\System\YqEbxoy.exe
  2⤵
  PID:2880
- C:\Windows\System\qoJjvZg.exe
  C:\Windows\System\qoJjvZg.exe
  2⤵
  PID:1332
- C:\Windows\System\RBeuwrN.exe
  C:\Windows\System\RBeuwrN.exe
  2⤵
  PID:2800
- C:\Windows\System\kqlyvHe.exe
  C:\Windows\System\kqlyvHe.exe
  2⤵
  PID:1076
- C:\Windows\System\InJjaOj.exe
  C:\Windows\System\InJjaOj.exe
  2⤵
  PID:4816
- C:\Windows\System\iICKYvF.exe
  C:\Windows\System\iICKYvF.exe
  2⤵
  PID:4964
- C:\Windows\System\VLNtPxy.exe
  C:\Windows\System\VLNtPxy.exe
  2⤵
  PID:1608
- C:\Windows\System\NCUZRJi.exe
  C:\Windows\System\NCUZRJi.exe
  2⤵
  PID:3012
- C:\Windows\System\rhZCkbW.exe
  C:\Windows\System\rhZCkbW.exe
  2⤵
  PID:1784
- C:\Windows\System\rapZauj.exe
  C:\Windows\System\rapZauj.exe
  2⤵
  PID:2308
- C:\Windows\System\ZrIhCzu.exe
  C:\Windows\System\ZrIhCzu.exe
  2⤵
  PID:5136
- C:\Windows\System\mzureNU.exe
  C:\Windows\System\mzureNU.exe
  2⤵
  PID:5172
- C:\Windows\System\kTTvxxQ.exe
  C:\Windows\System\kTTvxxQ.exe
  2⤵
  PID:5200
- C:\Windows\System\EhOSZwK.exe
  C:\Windows\System\EhOSZwK.exe
  2⤵
  PID:5224
- C:\Windows\System\CYnOgpo.exe
  C:\Windows\System\CYnOgpo.exe
  2⤵
  PID:5252
- C:\Windows\System\GgtaaCo.exe
  C:\Windows\System\GgtaaCo.exe
  2⤵
  PID:5280
- C:\Windows\System\VeSPJgq.exe
  C:\Windows\System\VeSPJgq.exe
  2⤵
  PID:5308
- C:\Windows\System\XBTLqwl.exe
  C:\Windows\System\XBTLqwl.exe
  2⤵
  PID:5336
- C:\Windows\System\fdVnNDW.exe
  C:\Windows\System\fdVnNDW.exe
  2⤵
  PID:5364
- C:\Windows\System\xAlGqCE.exe
  C:\Windows\System\xAlGqCE.exe
  2⤵
  PID:5396
- C:\Windows\System\ZWjfBUI.exe
  C:\Windows\System\ZWjfBUI.exe
  2⤵
  PID:5420
- C:\Windows\System\iYJCXMH.exe
  C:\Windows\System\iYJCXMH.exe
  2⤵
  PID:5448
- C:\Windows\System\BfXpmis.exe
  C:\Windows\System\BfXpmis.exe
  2⤵
  PID:5476
- C:\Windows\System\jFIsgFB.exe
  C:\Windows\System\jFIsgFB.exe
  2⤵
  PID:5500
- C:\Windows\System\kJrvSth.exe
  C:\Windows\System\kJrvSth.exe
  2⤵
  PID:5532
- C:\Windows\System\bZqOjXz.exe
  C:\Windows\System\bZqOjXz.exe
  2⤵
  PID:5560
- C:\Windows\System\OocAjSB.exe
  C:\Windows\System\OocAjSB.exe
  2⤵
  PID:5588
- C:\Windows\System\fewzuaq.exe
  C:\Windows\System\fewzuaq.exe
  2⤵
  PID:5616
- C:\Windows\System\frpFSUq.exe
  C:\Windows\System\frpFSUq.exe
  2⤵
  PID:5644
- C:\Windows\System\xMWtcMV.exe
  C:\Windows\System\xMWtcMV.exe
  2⤵
  PID:5672
- C:\Windows\System\GqaDnNL.exe
  C:\Windows\System\GqaDnNL.exe
  2⤵
  PID:5732
- C:\Windows\System\LthMlqJ.exe
  C:\Windows\System\LthMlqJ.exe
  2⤵
  PID:5752
- C:\Windows\System\InavLpt.exe
  C:\Windows\System\InavLpt.exe
  2⤵
  PID:5768
- C:\Windows\System\myhaAdh.exe
  C:\Windows\System\myhaAdh.exe
  2⤵
  PID:5792
- C:\Windows\System\FroTiLn.exe
  C:\Windows\System\FroTiLn.exe
  2⤵
  PID:5820
- C:\Windows\System\xqgTXtt.exe
  C:\Windows\System\xqgTXtt.exe
  2⤵
  PID:5840
- C:\Windows\System\YVDbIdi.exe
  C:\Windows\System\YVDbIdi.exe
  2⤵
  PID:5868
- C:\Windows\System\UkAXRVW.exe
  C:\Windows\System\UkAXRVW.exe
  2⤵
  PID:5896
- C:\Windows\System\HnBMdBN.exe
  C:\Windows\System\HnBMdBN.exe
  2⤵
  PID:5936
- C:\Windows\System\GqGtlVE.exe
  C:\Windows\System\GqGtlVE.exe
  2⤵
  PID:5956
- C:\Windows\System\IXKpZNP.exe
  C:\Windows\System\IXKpZNP.exe
  2⤵
  PID:5980
- C:\Windows\System\DabJacH.exe
  C:\Windows\System\DabJacH.exe
  2⤵
  PID:5996
- C:\Windows\System\INgXoyl.exe
  C:\Windows\System\INgXoyl.exe
  2⤵
  PID:6044
- C:\Windows\System\vGQHMbe.exe
  C:\Windows\System\vGQHMbe.exe
  2⤵
  PID:6064
- C:\Windows\System\CxxvlbA.exe
  C:\Windows\System\CxxvlbA.exe
  2⤵
  PID:6080
- C:\Windows\System\ifZTXeL.exe
  C:\Windows\System\ifZTXeL.exe
  2⤵
  PID:6100
- C:\Windows\System\RYvQbtQ.exe
  C:\Windows\System\RYvQbtQ.exe
  2⤵
  PID:1440
- C:\Windows\System\HLcrtVk.exe
  C:\Windows\System\HLcrtVk.exe
  2⤵
  PID:4996
- C:\Windows\System\MZowzmk.exe
  C:\Windows\System\MZowzmk.exe
  2⤵
  PID:1424
- C:\Windows\System\vDCSKnv.exe
  C:\Windows\System\vDCSKnv.exe
  2⤵
  PID:5128
- C:\Windows\System\wmmsUDt.exe
  C:\Windows\System\wmmsUDt.exe
  2⤵
  PID:5208
- C:\Windows\System\lsoWFsB.exe
  C:\Windows\System\lsoWFsB.exe
  2⤵
  PID:5272
- C:\Windows\System\qLdekxl.exe
  C:\Windows\System\qLdekxl.exe
  2⤵
  PID:5320
- C:\Windows\System\cxNCbHQ.exe
  C:\Windows\System\cxNCbHQ.exe
  2⤵
  PID:5376
- C:\Windows\System\WQvNsVN.exe
  C:\Windows\System\WQvNsVN.exe
  2⤵
  PID:5440
- C:\Windows\System\jMExuYo.exe
  C:\Windows\System\jMExuYo.exe
  2⤵
  PID:5492
- C:\Windows\System\LawpvDF.exe
  C:\Windows\System\LawpvDF.exe
  2⤵
  PID:5572
- C:\Windows\System\QBNXtwu.exe
  C:\Windows\System\QBNXtwu.exe
  2⤵
  PID:5604
- C:\Windows\System\lHWbxxf.exe
  C:\Windows\System\lHWbxxf.exe
  2⤵
  PID:5640
- C:\Windows\System\NUtCxjc.exe
  C:\Windows\System\NUtCxjc.exe
  2⤵
  PID:696
- C:\Windows\System\fkhLFgW.exe
  C:\Windows\System\fkhLFgW.exe
  2⤵
  PID:5808
- C:\Windows\System\XWHtHZW.exe
  C:\Windows\System\XWHtHZW.exe
  2⤵
  PID:1048
- C:\Windows\System\ZuihrSZ.exe
  C:\Windows\System\ZuihrSZ.exe
  2⤵
  PID:5928
- C:\Windows\System\SSeHgFW.exe
  C:\Windows\System\SSeHgFW.exe
  2⤵
  PID:2024
- C:\Windows\System\NAZhPDe.exe
  C:\Windows\System\NAZhPDe.exe
  2⤵
  PID:2304
- C:\Windows\System\yQjSQEM.exe
  C:\Windows\System\yQjSQEM.exe
  2⤵
  PID:368
- C:\Windows\System\VSRoook.exe
  C:\Windows\System\VSRoook.exe
  2⤵
  PID:6032
- C:\Windows\System\ikeZUQw.exe
  C:\Windows\System\ikeZUQw.exe
  2⤵
  PID:6112
- C:\Windows\System\AkYWkbF.exe
  C:\Windows\System\AkYWkbF.exe
  2⤵
  PID:3260
- C:\Windows\System\XfioWpP.exe
  C:\Windows\System\XfioWpP.exe
  2⤵
  PID:5192
- C:\Windows\System\FVKdhMR.exe
  C:\Windows\System\FVKdhMR.exe
  2⤵
  PID:5236
- C:\Windows\System\jYzImBv.exe
  C:\Windows\System\jYzImBv.exe
  2⤵
  PID:5352
- C:\Windows\System\djjBwtg.exe
  C:\Windows\System\djjBwtg.exe
  2⤵
  PID:2520
- C:\Windows\System\TDMczGa.exe
  C:\Windows\System\TDMczGa.exe
  2⤵
  PID:2336
- C:\Windows\System\aqkGjKE.exe
  C:\Windows\System\aqkGjKE.exe
  2⤵
  PID:6004
- C:\Windows\System\kRqHDCc.exe
  C:\Windows\System\kRqHDCc.exe
  2⤵
  PID:4640
- C:\Windows\System\jfRAJMv.exe
  C:\Windows\System\jfRAJMv.exe
  2⤵
  PID:5524
- C:\Windows\System\JehfvXZ.exe
  C:\Windows\System\JehfvXZ.exe
  2⤵
  PID:4552
- C:\Windows\System\WnlCdVC.exe
  C:\Windows\System\WnlCdVC.exe
  2⤵
  PID:3432
- C:\Windows\System\jLpvhqk.exe
  C:\Windows\System\jLpvhqk.exe
  2⤵
  PID:1892
- C:\Windows\System\yneiFQF.exe
  C:\Windows\System\yneiFQF.exe
  2⤵
  PID:1704
- C:\Windows\System\LpAFoGt.exe
  C:\Windows\System\LpAFoGt.exe
  2⤵
  PID:6076
- C:\Windows\System\jsAKBWU.exe
  C:\Windows\System\jsAKBWU.exe
  2⤵
  PID:1160
- C:\Windows\System\DYAlnQp.exe
  C:\Windows\System\DYAlnQp.exe
  2⤵
  PID:5464
- C:\Windows\System\IekPmDo.exe
  C:\Windows\System\IekPmDo.exe
  2⤵
  PID:3136
- C:\Windows\System\NbuBzUS.exe
  C:\Windows\System\NbuBzUS.exe
  2⤵
  PID:6008
- C:\Windows\System\zUNmtWs.exe
  C:\Windows\System\zUNmtWs.exe
  2⤵
  PID:5024
- C:\Windows\System\RvqWdvt.exe
  C:\Windows\System\RvqWdvt.exe
  2⤵
  PID:6024
- C:\Windows\System\NcTWSkn.exe
  C:\Windows\System\NcTWSkn.exe
  2⤵
  PID:1312
- C:\Windows\System\cvtQWXf.exe
  C:\Windows\System\cvtQWXf.exe
  2⤵
  PID:3836
- C:\Windows\System\tyVQybw.exe
  C:\Windows\System\tyVQybw.exe
  2⤵
  PID:5880
- C:\Windows\System\IhOKOmY.exe
  C:\Windows\System\IhOKOmY.exe
  2⤵
  PID:6152
- C:\Windows\System\wNpyFcT.exe
  C:\Windows\System\wNpyFcT.exe
  2⤵
  PID:6204
- C:\Windows\System\hSbRJaC.exe
  C:\Windows\System\hSbRJaC.exe
  2⤵
  PID:6224
- C:\Windows\System\otGRXik.exe
  C:\Windows\System\otGRXik.exe
  2⤵
  PID:6268
- C:\Windows\System\TkHaglo.exe
  C:\Windows\System\TkHaglo.exe
  2⤵
  PID:6288
- C:\Windows\System\zJkiJpn.exe
  C:\Windows\System\zJkiJpn.exe
  2⤵
  PID:6304
- C:\Windows\System\cVvoIhG.exe
  C:\Windows\System\cVvoIhG.exe
  2⤵
  PID:6332
- C:\Windows\System\svARRtQ.exe
  C:\Windows\System\svARRtQ.exe
  2⤵
  PID:6352
- C:\Windows\System\ARvACNz.exe
  C:\Windows\System\ARvACNz.exe
  2⤵
  PID:6372
- C:\Windows\System\xvQnLYr.exe
  C:\Windows\System\xvQnLYr.exe
  2⤵
  PID:6404
- C:\Windows\System\vtXyZmc.exe
  C:\Windows\System\vtXyZmc.exe
  2⤵
  PID:6464
- C:\Windows\System\hlXnJId.exe
  C:\Windows\System\hlXnJId.exe
  2⤵
  PID:6480
- C:\Windows\System\KWhrssj.exe
  C:\Windows\System\KWhrssj.exe
  2⤵
  PID:6536
- C:\Windows\System\LJLSLeO.exe
  C:\Windows\System\LJLSLeO.exe
  2⤵
  PID:6556
- C:\Windows\System\rUhFhmx.exe
  C:\Windows\System\rUhFhmx.exe
  2⤵
  PID:6572
- C:\Windows\System\iCAmDnv.exe
  C:\Windows\System\iCAmDnv.exe
  2⤵
  PID:6592
- C:\Windows\System\ETeAaJM.exe
  C:\Windows\System\ETeAaJM.exe
  2⤵
  PID:6608
- C:\Windows\System\yIXyMaF.exe
  C:\Windows\System\yIXyMaF.exe
  2⤵
  PID:6628
- C:\Windows\System\dIBwFac.exe
  C:\Windows\System\dIBwFac.exe
  2⤵
  PID:6652
- C:\Windows\System\UNYlxWB.exe
  C:\Windows\System\UNYlxWB.exe
  2⤵
  PID:6668
- C:\Windows\System\sMahGzP.exe
  C:\Windows\System\sMahGzP.exe
  2⤵
  PID:6696
- C:\Windows\System\sGWQOrN.exe
  C:\Windows\System\sGWQOrN.exe
  2⤵
  PID:6712
- C:\Windows\System\NujLPVX.exe
  C:\Windows\System\NujLPVX.exe
  2⤵
  PID:6760
- C:\Windows\System\biGDwex.exe
  C:\Windows\System\biGDwex.exe
  2⤵
  PID:6808
- C:\Windows\System\zNODIkb.exe
  C:\Windows\System\zNODIkb.exe
  2⤵
  PID:6824
- C:\Windows\System\JUovmOl.exe
  C:\Windows\System\JUovmOl.exe
  2⤵
  PID:6848
- C:\Windows\System\YWIzSZL.exe
  C:\Windows\System\YWIzSZL.exe
  2⤵
  PID:6876
- C:\Windows\System\OIugaJa.exe
  C:\Windows\System\OIugaJa.exe
  2⤵
  PID:6896
- C:\Windows\System\HMuViZJ.exe
  C:\Windows\System\HMuViZJ.exe
  2⤵
  PID:6916
- C:\Windows\System\tXsmFYv.exe
  C:\Windows\System\tXsmFYv.exe
  2⤵
  PID:6936
- C:\Windows\System\ZIzilpd.exe
  C:\Windows\System\ZIzilpd.exe
  2⤵
  PID:6980
- C:\Windows\System\gTGkbEj.exe
  C:\Windows\System\gTGkbEj.exe
  2⤵
  PID:7008
- C:\Windows\System\YKoRFcV.exe
  C:\Windows\System\YKoRFcV.exe
  2⤵
  PID:7028
- C:\Windows\System\KMBLiwE.exe
  C:\Windows\System\KMBLiwE.exe
  2⤵
  PID:7096
- C:\Windows\System\ugRYMLF.exe
  C:\Windows\System\ugRYMLF.exe
  2⤵
  PID:7120
- C:\Windows\System\IJJHMtB.exe
  C:\Windows\System\IJJHMtB.exe
  2⤵
  PID:7140
- C:\Windows\System\nxuysFg.exe
  C:\Windows\System\nxuysFg.exe
  2⤵
  PID:7160
- C:\Windows\System\XFYkysV.exe
  C:\Windows\System\XFYkysV.exe
  2⤵
  PID:6192
- C:\Windows\System\WhFXUbK.exe
  C:\Windows\System\WhFXUbK.exe
  2⤵
  PID:6260
- C:\Windows\System\myPSTCT.exe
  C:\Windows\System\myPSTCT.exe
  2⤵
  PID:6244
- C:\Windows\System\WBJsgvH.exe
  C:\Windows\System\WBJsgvH.exe
  2⤵
  PID:6312
- C:\Windows\System\lmDajzl.exe
  C:\Windows\System\lmDajzl.exe
  2⤵
  PID:6416
- C:\Windows\System\jWMJIMV.exe
  C:\Windows\System\jWMJIMV.exe
  2⤵
  PID:6472
- C:\Windows\System\tNssHXO.exe
  C:\Windows\System\tNssHXO.exe
  2⤵
  PID:6532
- C:\Windows\System\eerdEPD.exe
  C:\Windows\System\eerdEPD.exe
  2⤵
  PID:6568
- C:\Windows\System\dfPAUNE.exe
  C:\Windows\System\dfPAUNE.exe
  2⤵
  PID:6680
- C:\Windows\System\aVwxrFY.exe
  C:\Windows\System\aVwxrFY.exe
  2⤵
  PID:6816
- C:\Windows\System\OYUTVhL.exe
  C:\Windows\System\OYUTVhL.exe
  2⤵
  PID:3440
- C:\Windows\System\TfQUQAg.exe
  C:\Windows\System\TfQUQAg.exe
  2⤵
  PID:6944
- C:\Windows\System\psQKfyt.exe
  C:\Windows\System\psQKfyt.exe
  2⤵
  PID:6976
- C:\Windows\System\oOqrsCw.exe
  C:\Windows\System\oOqrsCw.exe
  2⤵
  PID:7044
- C:\Windows\System\lMEwgUa.exe
  C:\Windows\System\lMEwgUa.exe
  2⤵
  PID:7020
- C:\Windows\System\pUSybGe.exe
  C:\Windows\System\pUSybGe.exe
  2⤵
  PID:7104
- C:\Windows\System\dyEJMaZ.exe
  C:\Windows\System\dyEJMaZ.exe
  2⤵
  PID:7156
- C:\Windows\System\zLOIPIf.exe
  C:\Windows\System\zLOIPIf.exe
  2⤵
  PID:6220
- C:\Windows\System\tvpuxFQ.exe
  C:\Windows\System\tvpuxFQ.exe
  2⤵
  PID:6492
- C:\Windows\System\urSkfXP.exe
  C:\Windows\System\urSkfXP.exe
  2⤵
  PID:6564
- C:\Windows\System\IHyVFxb.exe
  C:\Windows\System\IHyVFxb.exe
  2⤵
  PID:6604
- C:\Windows\System\BmhxnxJ.exe
  C:\Windows\System\BmhxnxJ.exe
  2⤵
  PID:6756
- C:\Windows\System\lOMlbCa.exe
  C:\Windows\System\lOMlbCa.exe
  2⤵
  PID:6892
- C:\Windows\System\LVJizRo.exe
  C:\Windows\System\LVJizRo.exe
  2⤵
  PID:1772
- C:\Windows\System\wWSeCMB.exe
  C:\Windows\System\wWSeCMB.exe
  2⤵
  PID:6284
- C:\Windows\System\YmhtXJd.exe
  C:\Windows\System\YmhtXJd.exe
  2⤵
  PID:6528
- C:\Windows\System\OkpLSpo.exe
  C:\Windows\System\OkpLSpo.exe
  2⤵
  PID:7088
- C:\Windows\System\KLWWinb.exe
  C:\Windows\System\KLWWinb.exe
  2⤵
  PID:7024
- C:\Windows\System\wURFtff.exe
  C:\Windows\System\wURFtff.exe
  2⤵
  PID:7216
- C:\Windows\System\asqMyxo.exe
  C:\Windows\System\asqMyxo.exe
  2⤵
  PID:7232
- C:\Windows\System\XyAsqjD.exe
  C:\Windows\System\XyAsqjD.exe
  2⤵
  PID:7252
- C:\Windows\System\gUqfdmV.exe
  C:\Windows\System\gUqfdmV.exe
  2⤵
  PID:7272
- C:\Windows\System\wlgcMCx.exe
  C:\Windows\System\wlgcMCx.exe
  2⤵
  PID:7320
- C:\Windows\System\SZSUyzh.exe
  C:\Windows\System\SZSUyzh.exe
  2⤵
  PID:7340
- C:\Windows\System\wnznQnh.exe
  C:\Windows\System\wnznQnh.exe
  2⤵
  PID:7356
- C:\Windows\System\owKtYKW.exe
  C:\Windows\System\owKtYKW.exe
  2⤵
  PID:7384
- C:\Windows\System\dhSIMyH.exe
  C:\Windows\System\dhSIMyH.exe
  2⤵
  PID:7428
- C:\Windows\System\vqxygjC.exe
  C:\Windows\System\vqxygjC.exe
  2⤵
  PID:7444
- C:\Windows\System\LTNkbGD.exe
  C:\Windows\System\LTNkbGD.exe
  2⤵
  PID:7464
- C:\Windows\System\qPZjdaj.exe
  C:\Windows\System\qPZjdaj.exe
  2⤵
  PID:7488
- C:\Windows\System\kzijxgJ.exe
  C:\Windows\System\kzijxgJ.exe
  2⤵
  PID:7504
- C:\Windows\System\iHzIxWK.exe
  C:\Windows\System\iHzIxWK.exe
  2⤵
  PID:7544
- C:\Windows\System\ihjmPpe.exe
  C:\Windows\System\ihjmPpe.exe
  2⤵
  PID:7568
- C:\Windows\System\awCkqjL.exe
  C:\Windows\System\awCkqjL.exe
  2⤵
  PID:7588
- C:\Windows\System\KjHwlkI.exe
  C:\Windows\System\KjHwlkI.exe
  2⤵
  PID:7612
- C:\Windows\System\XUgMKeu.exe
  C:\Windows\System\XUgMKeu.exe
  2⤵
  PID:7636
- C:\Windows\System\ciCANzh.exe
  C:\Windows\System\ciCANzh.exe
  2⤵
  PID:7876
- C:\Windows\System\RtBlMtV.exe
  C:\Windows\System\RtBlMtV.exe
  2⤵
  PID:7892
- C:\Windows\System\VVOPSKQ.exe
  C:\Windows\System\VVOPSKQ.exe
  2⤵
  PID:7912
- C:\Windows\System\yyJmxuP.exe
  C:\Windows\System\yyJmxuP.exe
  2⤵
  PID:7928
- C:\Windows\System\LMRmsaj.exe
  C:\Windows\System\LMRmsaj.exe
  2⤵
  PID:7944
- C:\Windows\System\bOzlmRp.exe
  C:\Windows\System\bOzlmRp.exe
  2⤵
  PID:7964
- C:\Windows\System\IxIzOaL.exe
  C:\Windows\System\IxIzOaL.exe
  2⤵
  PID:7988
- C:\Windows\System\VWvJLxu.exe
  C:\Windows\System\VWvJLxu.exe
  2⤵
  PID:8012
- C:\Windows\System\OABGLMy.exe
  C:\Windows\System\OABGLMy.exe
  2⤵
  PID:8076
- C:\Windows\System\juJZTOS.exe
  C:\Windows\System\juJZTOS.exe
  2⤵
  PID:8096
- C:\Windows\System\BiqUzqu.exe
  C:\Windows\System\BiqUzqu.exe
  2⤵
  PID:8148
- C:\Windows\System\BkVYKKX.exe
  C:\Windows\System\BkVYKKX.exe
  2⤵
  PID:8180
- C:\Windows\System\iyeNAVL.exe
  C:\Windows\System\iyeNAVL.exe
  2⤵
  PID:6660
- C:\Windows\System\hQudFdO.exe
  C:\Windows\System\hQudFdO.exe
  2⤵
  PID:6772
- C:\Windows\System\EudWBni.exe
  C:\Windows\System\EudWBni.exe
  2⤵
  PID:7192
- C:\Windows\System\dBNwEeV.exe
  C:\Windows\System\dBNwEeV.exe
  2⤵
  PID:7264
- C:\Windows\System\aKRITMU.exe
  C:\Windows\System\aKRITMU.exe
  2⤵
  PID:7316
- C:\Windows\System\nqrYxlc.exe
  C:\Windows\System\nqrYxlc.exe
  2⤵
  PID:7364
- C:\Windows\System\LxuCXyO.exe
  C:\Windows\System\LxuCXyO.exe
  2⤵
  PID:7472
- C:\Windows\System\ZMEHABX.exe
  C:\Windows\System\ZMEHABX.exe
  2⤵
  PID:7520
- C:\Windows\System\NtPtyVi.exe
  C:\Windows\System\NtPtyVi.exe
  2⤵
  PID:7576
- C:\Windows\System\beSAlGu.exe
  C:\Windows\System\beSAlGu.exe
  2⤵
  PID:7660
- C:\Windows\System\BJARpHY.exe
  C:\Windows\System\BJARpHY.exe
  2⤵
  PID:7708
- C:\Windows\System\ToRfezY.exe
  C:\Windows\System\ToRfezY.exe
  2⤵
  PID:7736
- C:\Windows\System\pSagkNZ.exe
  C:\Windows\System\pSagkNZ.exe
  2⤵
  PID:7772
- C:\Windows\System\PhzxcMR.exe
  C:\Windows\System\PhzxcMR.exe
  2⤵
  PID:7792
- C:\Windows\System\CXJfEpL.exe
  C:\Windows\System\CXJfEpL.exe
  2⤵
  PID:7844
- C:\Windows\System\VANcACx.exe
  C:\Windows\System\VANcACx.exe
  2⤵
  PID:7908
- C:\Windows\System\qpelpGO.exe
  C:\Windows\System\qpelpGO.exe
  2⤵
  PID:7976
- C:\Windows\System\NfWFUHd.exe
  C:\Windows\System\NfWFUHd.exe
  2⤵
  PID:8008
- C:\Windows\System\XaPbKkq.exe
  C:\Windows\System\XaPbKkq.exe
  2⤵
  PID:7920
- C:\Windows\System\UyabuTt.exe
  C:\Windows\System\UyabuTt.exe
  2⤵
  PID:8032
- C:\Windows\System\gCoBsyi.exe
  C:\Windows\System\gCoBsyi.exe
  2⤵
  PID:8128
- C:\Windows\System\aerLWOT.exe
  C:\Windows\System\aerLWOT.exe
  2⤵
  PID:3804
- C:\Windows\System\NhWZPFF.exe
  C:\Windows\System\NhWZPFF.exe
  2⤵
  PID:6588
- C:\Windows\System\qCAWhFv.exe
  C:\Windows\System\qCAWhFv.exe
  2⤵
  PID:7416
- C:\Windows\System\QdtJtqn.exe
  C:\Windows\System\QdtJtqn.exe
  2⤵
  PID:7608
- C:\Windows\System\PFSkYXV.exe
  C:\Windows\System\PFSkYXV.exe
  2⤵
  PID:7788
- C:\Windows\System\naoheTJ.exe
  C:\Windows\System\naoheTJ.exe
  2⤵
  PID:7804
- C:\Windows\System\kPmcqPy.exe
  C:\Windows\System\kPmcqPy.exe
  2⤵
  PID:8004
- C:\Windows\System\yaEBeRQ.exe
  C:\Windows\System\yaEBeRQ.exe
  2⤵
  PID:8072
- C:\Windows\System\ZdwUDxS.exe
  C:\Windows\System\ZdwUDxS.exe
  2⤵
  PID:7248
- C:\Windows\System\RInhyYI.exe
  C:\Windows\System\RInhyYI.exe
  2⤵
  PID:7328
- C:\Windows\System\YjOIdPX.exe
  C:\Windows\System\YjOIdPX.exe
  2⤵
  PID:3652
- C:\Windows\System\kVYrgYg.exe
  C:\Windows\System\kVYrgYg.exe
  2⤵
  PID:7996
- C:\Windows\System\ZgdexCO.exe
  C:\Windows\System\ZgdexCO.exe
  2⤵
  PID:7312
- C:\Windows\System\ktlWnSx.exe
  C:\Windows\System\ktlWnSx.exe
  2⤵
  PID:7820
- C:\Windows\System\pUEDSlC.exe
  C:\Windows\System\pUEDSlC.exe
  2⤵
  PID:856
- C:\Windows\System\FfBmVPZ.exe
  C:\Windows\System\FfBmVPZ.exe
  2⤵
  PID:8220
- C:\Windows\System\HhxlIHd.exe
  C:\Windows\System\HhxlIHd.exe
  2⤵
  PID:8236
- C:\Windows\System\vUvrdAQ.exe
  C:\Windows\System\vUvrdAQ.exe
  2⤵
  PID:8256
- C:\Windows\System\nCdXuQn.exe
  C:\Windows\System\nCdXuQn.exe
  2⤵
  PID:8284
- C:\Windows\System\phpGfDD.exe
  C:\Windows\System\phpGfDD.exe
  2⤵
  PID:8300
- C:\Windows\System\WOfjSEW.exe
  C:\Windows\System\WOfjSEW.exe
  2⤵
  PID:8324
- C:\Windows\System\ZVxAKfp.exe
  C:\Windows\System\ZVxAKfp.exe
  2⤵
  PID:8344
- C:\Windows\System\RVpBoly.exe
  C:\Windows\System\RVpBoly.exe
  2⤵
  PID:8364
- C:\Windows\System\MHoHaIE.exe
  C:\Windows\System\MHoHaIE.exe
  2⤵
  PID:8408
- C:\Windows\System\FxWikHj.exe
  C:\Windows\System\FxWikHj.exe
  2⤵
  PID:8428
- C:\Windows\System\axocDrR.exe
  C:\Windows\System\axocDrR.exe
  2⤵
  PID:8448
- C:\Windows\System\Famgveq.exe
  C:\Windows\System\Famgveq.exe
  2⤵
  PID:8520
- C:\Windows\System\PoAplce.exe
  C:\Windows\System\PoAplce.exe
  2⤵
  PID:8536
- C:\Windows\System\HoMRKfD.exe
  C:\Windows\System\HoMRKfD.exe
  2⤵
  PID:8564
- C:\Windows\System\eQakTxm.exe
  C:\Windows\System\eQakTxm.exe
  2⤵
  PID:8588
- C:\Windows\System\mzNJbTg.exe
  C:\Windows\System\mzNJbTg.exe
  2⤵
  PID:8608
- C:\Windows\System\rsoayuw.exe
  C:\Windows\System\rsoayuw.exe
  2⤵
  PID:8648
- C:\Windows\System\KnQLApx.exe
  C:\Windows\System\KnQLApx.exe
  2⤵
  PID:8676
- C:\Windows\System\hvADURm.exe
  C:\Windows\System\hvADURm.exe
  2⤵
  PID:8692
- C:\Windows\System\fPcqJPs.exe
  C:\Windows\System\fPcqJPs.exe
  2⤵
  PID:8716
- C:\Windows\System\CJqyMoF.exe
  C:\Windows\System\CJqyMoF.exe
  2⤵
  PID:8748
- C:\Windows\System\VNrCwEE.exe
  C:\Windows\System\VNrCwEE.exe
  2⤵
  PID:8768
- C:\Windows\System\PoZgggd.exe
  C:\Windows\System\PoZgggd.exe
  2⤵
  PID:8820
- C:\Windows\System\oFHrklz.exe
  C:\Windows\System\oFHrklz.exe
  2⤵
  PID:8844
- C:\Windows\System\ZCtSMHA.exe
  C:\Windows\System\ZCtSMHA.exe
  2⤵
  PID:8868
- C:\Windows\System\ScJOeax.exe
  C:\Windows\System\ScJOeax.exe
  2⤵
  PID:8884
- C:\Windows\System\zVuJsql.exe
  C:\Windows\System\zVuJsql.exe
  2⤵
  PID:8904
- C:\Windows\System\BVQURlw.exe
  C:\Windows\System\BVQURlw.exe
  2⤵
  PID:8928
- C:\Windows\System\ppIbMSI.exe
  C:\Windows\System\ppIbMSI.exe
  2⤵
  PID:8964
- C:\Windows\System\joeRwYL.exe
  C:\Windows\System\joeRwYL.exe
  2⤵
  PID:9000
- C:\Windows\System\RpWaiJJ.exe
  C:\Windows\System\RpWaiJJ.exe
  2⤵
  PID:9024
- C:\Windows\System\bRMLAre.exe
  C:\Windows\System\bRMLAre.exe
  2⤵
  PID:9040
- C:\Windows\System\MYpzYJJ.exe
  C:\Windows\System\MYpzYJJ.exe
  2⤵
  PID:9060
- C:\Windows\System\WfZwlnj.exe
  C:\Windows\System\WfZwlnj.exe
  2⤵
  PID:9112
- C:\Windows\System\oMaJVpD.exe
  C:\Windows\System\oMaJVpD.exe
  2⤵
  PID:9136
- C:\Windows\System\EPYkXWz.exe
  C:\Windows\System\EPYkXWz.exe
  2⤵
  PID:9152
- C:\Windows\System\VjiXYyi.exe
  C:\Windows\System\VjiXYyi.exe
  2⤵
  PID:9176
- C:\Windows\System\WNfLxzq.exe
  C:\Windows\System\WNfLxzq.exe
  2⤵
  PID:8196
- C:\Windows\System\pdxGIlG.exe
  C:\Windows\System\pdxGIlG.exe
  2⤵
  PID:8272
- C:\Windows\System\apYVPkg.exe
  C:\Windows\System\apYVPkg.exe
  2⤵
  PID:8372
- C:\Windows\System\AlhqWWL.exe
  C:\Windows\System\AlhqWWL.exe
  2⤵
  PID:8388
- C:\Windows\System\ZyMjRJJ.exe
  C:\Windows\System\ZyMjRJJ.exe
  2⤵
  PID:8528
- C:\Windows\System\hBbDHXc.exe
  C:\Windows\System\hBbDHXc.exe
  2⤵
  PID:8556
- C:\Windows\System\EpqSGgk.exe
  C:\Windows\System\EpqSGgk.exe
  2⤵
  PID:8548
- C:\Windows\System\NmGHKUS.exe
  C:\Windows\System\NmGHKUS.exe
  2⤵
  PID:8644
- C:\Windows\System\wzKJUbT.exe
  C:\Windows\System\wzKJUbT.exe
  2⤵
  PID:8704
- C:\Windows\System\gtkqXJt.exe
  C:\Windows\System\gtkqXJt.exe
  2⤵
  PID:8740
- C:\Windows\System\ysJYXll.exe
  C:\Windows\System\ysJYXll.exe
  2⤵
  PID:8880
- C:\Windows\System\DtkjGXb.exe
  C:\Windows\System\DtkjGXb.exe
  2⤵
  PID:8900
- C:\Windows\System\yhcunUz.exe
  C:\Windows\System\yhcunUz.exe
  2⤵
  PID:8972
- C:\Windows\System\TzmFRVH.exe
  C:\Windows\System\TzmFRVH.exe
  2⤵
  PID:9052
- C:\Windows\System\NyPaHQW.exe
  C:\Windows\System\NyPaHQW.exe
  2⤵
  PID:9088
- C:\Windows\System\tiwcEkX.exe
  C:\Windows\System\tiwcEkX.exe
  2⤵
  PID:9208
- C:\Windows\System\NmFPjoo.exe
  C:\Windows\System\NmFPjoo.exe
  2⤵
  PID:8296
- C:\Windows\System\ehTzwjW.exe
  C:\Windows\System\ehTzwjW.exe
  2⤵
  PID:8512
- C:\Windows\System\IQqsJbu.exe
  C:\Windows\System\IQqsJbu.exe
  2⤵
  PID:8604
- C:\Windows\System\XGggWTs.exe
  C:\Windows\System\XGggWTs.exe
  2⤵
  PID:8580
- C:\Windows\System\iqAxZYa.exe
  C:\Windows\System\iqAxZYa.exe
  2⤵
  PID:8736
- C:\Windows\System\XUnUleg.exe
  C:\Windows\System\XUnUleg.exe
  2⤵
  PID:9012
- C:\Windows\System\zhPkxgW.exe
  C:\Windows\System\zhPkxgW.exe
  2⤵
  PID:7728
- C:\Windows\System\EBNKjIx.exe
  C:\Windows\System\EBNKjIx.exe
  2⤵
  PID:8308
- C:\Windows\System\PovxcRm.exe
  C:\Windows\System\PovxcRm.exe
  2⤵
  PID:8684
- C:\Windows\System\nCjtWje.exe
  C:\Windows\System\nCjtWje.exe
  2⤵
  PID:8996
- C:\Windows\System\VjwLueh.exe
  C:\Windows\System\VjwLueh.exe
  2⤵
  PID:9132
- C:\Windows\System\zBISjuF.exe
  C:\Windows\System\zBISjuF.exe
  2⤵
  PID:8816
- C:\Windows\System\zrleYLb.exe
  C:\Windows\System\zrleYLb.exe
  2⤵
  PID:9232
- C:\Windows\System\DvJBbPX.exe
  C:\Windows\System\DvJBbPX.exe
  2⤵
  PID:9260
- C:\Windows\System\kApPLpM.exe
  C:\Windows\System\kApPLpM.exe
  2⤵
  PID:9280
- C:\Windows\System\wTWktwp.exe
  C:\Windows\System\wTWktwp.exe
  2⤵
  PID:9300
- C:\Windows\System\qzKQgEy.exe
  C:\Windows\System\qzKQgEy.exe
  2⤵
  PID:9340
- C:\Windows\System\JSMSmzr.exe
  C:\Windows\System\JSMSmzr.exe
  2⤵
  PID:9384
- C:\Windows\System\owolrZe.exe
  C:\Windows\System\owolrZe.exe
  2⤵
  PID:9416
- C:\Windows\System\RYPRHsv.exe
  C:\Windows\System\RYPRHsv.exe
  2⤵
  PID:9436
- C:\Windows\System\tgLfsfR.exe
  C:\Windows\System\tgLfsfR.exe
  2⤵
  PID:9488
- C:\Windows\System\Nxpykci.exe
  C:\Windows\System\Nxpykci.exe
  2⤵
  PID:9532
- C:\Windows\System\bExuGAN.exe
  C:\Windows\System\bExuGAN.exe
  2⤵
  PID:9564
- C:\Windows\System\fygNkdC.exe
  C:\Windows\System\fygNkdC.exe
  2⤵
  PID:9580
- C:\Windows\System\Urpqqon.exe
  C:\Windows\System\Urpqqon.exe
  2⤵
  PID:9600
- C:\Windows\System\xlrCeiX.exe
  C:\Windows\System\xlrCeiX.exe
  2⤵
  PID:9624
- C:\Windows\System\ztdJUNo.exe
  C:\Windows\System\ztdJUNo.exe
  2⤵
  PID:9644
- C:\Windows\System\dUaZddp.exe
  C:\Windows\System\dUaZddp.exe
  2⤵
  PID:9676
- C:\Windows\System\iPYvWVd.exe
  C:\Windows\System\iPYvWVd.exe
  2⤵
  PID:9704
- C:\Windows\System\NkybSqO.exe
  C:\Windows\System\NkybSqO.exe
  2⤵
  PID:9736
- C:\Windows\System\cGTtnul.exe
  C:\Windows\System\cGTtnul.exe
  2⤵
  PID:9760
- C:\Windows\System\FqitzeL.exe
  C:\Windows\System\FqitzeL.exe
  2⤵
  PID:9780
- C:\Windows\System\kQRsGUr.exe
  C:\Windows\System\kQRsGUr.exe
  2⤵
  PID:9836
- C:\Windows\System\WQubHWM.exe
  C:\Windows\System\WQubHWM.exe
  2⤵
  PID:9856
- C:\Windows\System\JYfklnc.exe
  C:\Windows\System\JYfklnc.exe
  2⤵
  PID:9880
- C:\Windows\System\UpNMUwC.exe
  C:\Windows\System\UpNMUwC.exe
  2⤵
  PID:9916
- C:\Windows\System\lPWxTla.exe
  C:\Windows\System\lPWxTla.exe
  2⤵
  PID:9932
- C:\Windows\System\WXirpet.exe
  C:\Windows\System\WXirpet.exe
  2⤵
  PID:9952
- C:\Windows\System\ATzaWIn.exe
  C:\Windows\System\ATzaWIn.exe
  2⤵
  PID:10012
- C:\Windows\System\RiAlNlJ.exe
  C:\Windows\System\RiAlNlJ.exe
  2⤵
  PID:10044
- C:\Windows\System\kkxwnFO.exe
  C:\Windows\System\kkxwnFO.exe
  2⤵
  PID:10060
- C:\Windows\System\ydsIICQ.exe
  C:\Windows\System\ydsIICQ.exe
  2⤵
  PID:10084
- C:\Windows\System\GUizcZv.exe
  C:\Windows\System\GUizcZv.exe
  2⤵
  PID:10128
- C:\Windows\System\ZneMamF.exe
  C:\Windows\System\ZneMamF.exe
  2⤵
  PID:10152
- C:\Windows\System\JODVSRR.exe
  C:\Windows\System\JODVSRR.exe
  2⤵
  PID:10172
- C:\Windows\System\DixQOsp.exe
  C:\Windows\System\DixQOsp.exe
  2⤵
  PID:10196
- C:\Windows\System\WQoHbaR.exe
  C:\Windows\System\WQoHbaR.exe
  2⤵
  PID:10224
- C:\Windows\System\TQwxqDv.exe
  C:\Windows\System\TQwxqDv.exe
  2⤵
  PID:8732
- C:\Windows\System\TnOjUhP.exe
  C:\Windows\System\TnOjUhP.exe
  2⤵
  PID:8444
- C:\Windows\System\kSqxULr.exe
  C:\Windows\System\kSqxULr.exe
  2⤵
  PID:3820
- C:\Windows\System\mRbXIrQ.exe
  C:\Windows\System\mRbXIrQ.exe
  2⤵
  PID:9332
- C:\Windows\System\PUVHmGk.exe
  C:\Windows\System\PUVHmGk.exe
  2⤵
  PID:9456
- C:\Windows\System\hLKDYxV.exe
  C:\Windows\System\hLKDYxV.exe
  2⤵
  PID:9504
- C:\Windows\System\aTviqCx.exe
  C:\Windows\System\aTviqCx.exe
  2⤵
  PID:9556
- C:\Windows\System\OuntGAd.exe
  C:\Windows\System\OuntGAd.exe
  2⤵
  PID:9636
- C:\Windows\System\hJysezX.exe
  C:\Windows\System\hJysezX.exe
  2⤵
  PID:9692
- C:\Windows\System\sBgGUFi.exe
  C:\Windows\System\sBgGUFi.exe
  2⤵
  PID:9776
- C:\Windows\System\ptMfFpn.exe
  C:\Windows\System\ptMfFpn.exe
  2⤵
  PID:9800
- C:\Windows\System\pKOFLkn.exe
  C:\Windows\System\pKOFLkn.exe
  2⤵
  PID:9888
- C:\Windows\System\eppguko.exe
  C:\Windows\System\eppguko.exe
  2⤵
  PID:9948
- C:\Windows\System\yFTHFFC.exe
  C:\Windows\System\yFTHFFC.exe
  2⤵
  PID:10028
- C:\Windows\System\PEoozLQ.exe
  C:\Windows\System\PEoozLQ.exe
  2⤵
  PID:10076
- C:\Windows\System\IXDEkfg.exe
  C:\Windows\System\IXDEkfg.exe
  2⤵
  PID:9616
- C:\Windows\System\byVQHDU.exe
  C:\Windows\System\byVQHDU.exe
  2⤵
  PID:9848
- C:\Windows\System\ZDvnLKM.exe
  C:\Windows\System\ZDvnLKM.exe
  2⤵
  PID:9972
- C:\Windows\System\cqjkcCh.exe
  C:\Windows\System\cqjkcCh.exe
  2⤵
  PID:10112
- C:\Windows\System\lkxgsTo.exe
  C:\Windows\System\lkxgsTo.exe
  2⤵
  PID:10216
- C:\Windows\System\Esddswy.exe
  C:\Windows\System\Esddswy.exe
  2⤵
  PID:10144
- C:\Windows\System\fUpnUzl.exe
  C:\Windows\System\fUpnUzl.exe
  2⤵
  PID:9560
- C:\Windows\System\jAGIQGk.exe
  C:\Windows\System\jAGIQGk.exe
  2⤵
  PID:9228
- C:\Windows\System\rQhXKYl.exe
  C:\Windows\System\rQhXKYl.exe
  2⤵
  PID:10188
- C:\Windows\System\RYhKRhj.exe
  C:\Windows\System\RYhKRhj.exe
  2⤵
  PID:9684
- C:\Windows\System\awnNLmv.exe
  C:\Windows\System\awnNLmv.exe
  2⤵
  PID:9944
- C:\Windows\System\GMFLvMm.exe
  C:\Windows\System\GMFLvMm.exe
  2⤵
  PID:10148
- C:\Windows\System\TWvrFcZ.exe
  C:\Windows\System\TWvrFcZ.exe
  2⤵
  PID:9348
- C:\Windows\System\wVzcSwE.exe
  C:\Windows\System\wVzcSwE.exe
  2⤵
  PID:9476
- C:\Windows\System\ivyJaPg.exe
  C:\Windows\System\ivyJaPg.exe
  2⤵
  PID:10268
- C:\Windows\System\pxhwMMr.exe
  C:\Windows\System\pxhwMMr.exe
  2⤵
  PID:10308
- C:\Windows\System\kDOlupU.exe
  C:\Windows\System\kDOlupU.exe
  2⤵
  PID:10332
- C:\Windows\System\hAofHyA.exe
  C:\Windows\System\hAofHyA.exe
  2⤵
  PID:10376
- C:\Windows\System\gjlWVgr.exe
  C:\Windows\System\gjlWVgr.exe
  2⤵
  PID:10392
- C:\Windows\System\IEwOfqC.exe
  C:\Windows\System\IEwOfqC.exe
  2⤵
  PID:10420
- C:\Windows\System\hNNZVOq.exe
  C:\Windows\System\hNNZVOq.exe
  2⤵
  PID:10448
- C:\Windows\System\tRrEuwC.exe
  C:\Windows\System\tRrEuwC.exe
  2⤵
  PID:10468
- C:\Windows\System\LghqdeJ.exe
  C:\Windows\System\LghqdeJ.exe
  2⤵
  PID:10528
- C:\Windows\System\TgcbJBT.exe
  C:\Windows\System\TgcbJBT.exe
  2⤵
  PID:10544
- C:\Windows\System\pGdrriK.exe
  C:\Windows\System\pGdrriK.exe
  2⤵
  PID:10596
- C:\Windows\System\jjvFSCb.exe
  C:\Windows\System\jjvFSCb.exe
  2⤵
  PID:10632
- C:\Windows\System\Ydxzaqc.exe
  C:\Windows\System\Ydxzaqc.exe
  2⤵
  PID:10648
- C:\Windows\System\EccmsZu.exe
  C:\Windows\System\EccmsZu.exe
  2⤵
  PID:10676
- C:\Windows\System\FHYqIhP.exe
  C:\Windows\System\FHYqIhP.exe
  2⤵
  PID:10696
- C:\Windows\System\klqLxPd.exe
  C:\Windows\System\klqLxPd.exe
  2⤵
  PID:10720
- C:\Windows\System\STduNMq.exe
  C:\Windows\System\STduNMq.exe
  2⤵
  PID:10752
- C:\Windows\System\YttqUIe.exe
  C:\Windows\System\YttqUIe.exe
  2⤵
  PID:10776
- C:\Windows\System\EFPqeYw.exe
  C:\Windows\System\EFPqeYw.exe
  2⤵
  PID:10796
- C:\Windows\System\yBBZlpj.exe
  C:\Windows\System\yBBZlpj.exe
  2⤵
  PID:10816
- C:\Windows\System\lWOmDYr.exe
  C:\Windows\System\lWOmDYr.exe
  2⤵
  PID:10836
- C:\Windows\System\cNoNEXb.exe
  C:\Windows\System\cNoNEXb.exe
  2⤵
  PID:10864
- C:\Windows\System\gZleuyq.exe
  C:\Windows\System\gZleuyq.exe
  2⤵
  PID:10900
- C:\Windows\System\mtmQxhF.exe
  C:\Windows\System\mtmQxhF.exe
  2⤵
  PID:10956
- C:\Windows\System\UYrXdrn.exe
  C:\Windows\System\UYrXdrn.exe
  2⤵
  PID:10980
- C:\Windows\System\XNEgmcN.exe
  C:\Windows\System\XNEgmcN.exe
  2⤵
  PID:11012
- C:\Windows\System\HnACEhx.exe
  C:\Windows\System\HnACEhx.exe
  2⤵
  PID:11056
- C:\Windows\System\AnDncdv.exe
  C:\Windows\System\AnDncdv.exe
  2⤵
  PID:11080
- C:\Windows\System\VXKYNCJ.exe
  C:\Windows\System\VXKYNCJ.exe
  2⤵
  PID:11108
- C:\Windows\System\zKuNoiZ.exe
  C:\Windows\System\zKuNoiZ.exe
  2⤵
  PID:11128
- C:\Windows\System\HWuLXgV.exe
  C:\Windows\System\HWuLXgV.exe
  2⤵
  PID:11156
- C:\Windows\System\rDvrWFX.exe
  C:\Windows\System\rDvrWFX.exe
  2⤵
  PID:11176
- C:\Windows\System\oGStYRZ.exe
  C:\Windows\System\oGStYRZ.exe
  2⤵
  PID:11216
- C:\Windows\System\EvunPez.exe
  C:\Windows\System\EvunPez.exe
  2⤵
  PID:11240
- C:\Windows\System\VKRhVFW.exe
  C:\Windows\System\VKRhVFW.exe
  2⤵
  PID:11260
- C:\Windows\System\nBUQgeA.exe
  C:\Windows\System\nBUQgeA.exe
  2⤵
  PID:9172
- C:\Windows\System\hFjPLUg.exe
  C:\Windows\System\hFjPLUg.exe
  2⤵
  PID:10288
- C:\Windows\System\DpwCWEi.exe
  C:\Windows\System\DpwCWEi.exe
  2⤵
  PID:10264
- C:\Windows\System\ocEpUaZ.exe
  C:\Windows\System\ocEpUaZ.exe
  2⤵
  PID:10372
- C:\Windows\System\RIZefKA.exe
  C:\Windows\System\RIZefKA.exe
  2⤵
  PID:10408
- C:\Windows\System\yiYVIgH.exe
  C:\Windows\System\yiYVIgH.exe
  2⤵
  PID:10456
- C:\Windows\System\AsNicKy.exe
  C:\Windows\System\AsNicKy.exe
  2⤵
  PID:10516
- C:\Windows\System\MxarMbG.exe
  C:\Windows\System\MxarMbG.exe
  2⤵
  PID:1924
- C:\Windows\System\ucwiOfA.exe
  C:\Windows\System\ucwiOfA.exe
  2⤵
  PID:10672
- C:\Windows\System\TzRfHLp.exe
  C:\Windows\System\TzRfHLp.exe
  2⤵
  PID:10664
- C:\Windows\System\OaOmejM.exe
  C:\Windows\System\OaOmejM.exe
  2⤵
  PID:10712
- C:\Windows\System\XvuBfQR.exe
  C:\Windows\System\XvuBfQR.exe
  2⤵
  PID:10760
- C:\Windows\System\oXbGHnb.exe
  C:\Windows\System\oXbGHnb.exe
  2⤵
  PID:10832
- C:\Windows\System\KWOHVKH.exe
  C:\Windows\System\KWOHVKH.exe
  2⤵
  PID:10888
- C:\Windows\System\EQBoFZf.exe
  C:\Windows\System\EQBoFZf.exe
  2⤵
  PID:10880
- C:\Windows\System\idHIeRR.exe
  C:\Windows\System\idHIeRR.exe
  2⤵
  PID:11032
- C:\Windows\System\zxBruPO.exe
  C:\Windows\System\zxBruPO.exe
  2⤵
  PID:11104
- C:\Windows\System\rObXGqN.exe
  C:\Windows\System\rObXGqN.exe
  2⤵
  PID:11208
- C:\Windows\System\KrrOGlm.exe
  C:\Windows\System\KrrOGlm.exe
  2⤵
  PID:10280
- C:\Windows\System\MbjcmpG.exe
  C:\Windows\System\MbjcmpG.exe
  2⤵
  PID:10400
- C:\Windows\System\EaGVoAr.exe
  C:\Windows\System\EaGVoAr.exe
  2⤵
  PID:10564
- C:\Windows\System\cjKwBEX.exe
  C:\Windows\System\cjKwBEX.exe
  2⤵
  PID:10640
- C:\Windows\System\xankWmR.exe
  C:\Windows\System\xankWmR.exe
  2⤵
  PID:10588
- C:\Windows\System\BQnhxbW.exe
  C:\Windows\System\BQnhxbW.exe
  2⤵
  PID:10944
- C:\Windows\System\cPQargp.exe
  C:\Windows\System\cPQargp.exe
  2⤵
  PID:11164
- C:\Windows\System\nCudtEI.exe
  C:\Windows\System\nCudtEI.exe
  2⤵
  PID:11076
- C:\Windows\System\FknfSoQ.exe
  C:\Windows\System\FknfSoQ.exe
  2⤵
  PID:9324
- C:\Windows\System\TzcPgvF.exe
  C:\Windows\System\TzcPgvF.exe
  2⤵
  PID:10388
- C:\Windows\System\VlHpjdW.exe
  C:\Windows\System\VlHpjdW.exe
  2⤵
  PID:10688
- C:\Windows\System\tbjiBVc.exe
  C:\Windows\System\tbjiBVc.exe
  2⤵
  PID:11064
- C:\Windows\System\lCcLoNk.exe
  C:\Windows\System\lCcLoNk.exe
  2⤵
  PID:11268
- C:\Windows\System\gkPqHXm.exe
  C:\Windows\System\gkPqHXm.exe
  2⤵
  PID:11288
- C:\Windows\System\MoWlwOg.exe
  C:\Windows\System\MoWlwOg.exe
  2⤵
  PID:11308
- C:\Windows\System\TWBsaSl.exe
  C:\Windows\System\TWBsaSl.exe
  2⤵
  PID:11336
- C:\Windows\System\TXMsCEV.exe
  C:\Windows\System\TXMsCEV.exe
  2⤵
  PID:11360
- C:\Windows\System\zShBcTf.exe
  C:\Windows\System\zShBcTf.exe
  2⤵
  PID:11404
- C:\Windows\System\BQUeOvG.exe
  C:\Windows\System\BQUeOvG.exe
  2⤵
  PID:11420
- C:\Windows\System\ixzXRtp.exe
  C:\Windows\System\ixzXRtp.exe
  2⤵
  PID:11444
- C:\Windows\System\KnChVgt.exe
  C:\Windows\System\KnChVgt.exe
  2⤵
  PID:11468
- C:\Windows\System\DtupVDu.exe
  C:\Windows\System\DtupVDu.exe
  2⤵
  PID:11492
- C:\Windows\System\GTAtrBB.exe
  C:\Windows\System\GTAtrBB.exe
  2⤵
  PID:11508
- C:\Windows\System\hbAMNBV.exe
  C:\Windows\System\hbAMNBV.exe
  2⤵
  PID:11536
- C:\Windows\System\nASwHMQ.exe
  C:\Windows\System\nASwHMQ.exe
  2⤵
  PID:11552
- C:\Windows\System\VjBLEOA.exe
  C:\Windows\System\VjBLEOA.exe
  2⤵
  PID:11576
- C:\Windows\System\SPJmXEj.exe
  C:\Windows\System\SPJmXEj.exe
  2⤵
  PID:11640
- C:\Windows\System\Kpaiuqb.exe
  C:\Windows\System\Kpaiuqb.exe
  2⤵
  PID:11660
- C:\Windows\System\MRkmKXz.exe
  C:\Windows\System\MRkmKXz.exe
  2⤵
  PID:11684
- C:\Windows\System\cSjVLCG.exe
  C:\Windows\System\cSjVLCG.exe
  2⤵
  PID:11704
- C:\Windows\System\ZYqsEWW.exe
  C:\Windows\System\ZYqsEWW.exe
  2⤵
  PID:11768
- C:\Windows\System\UvuDsWM.exe
  C:\Windows\System\UvuDsWM.exe
  2⤵
  PID:11788
- C:\Windows\System\GwLBWYk.exe
  C:\Windows\System\GwLBWYk.exe
  2⤵
  PID:11880
- C:\Windows\System\fuqpuyg.exe
  C:\Windows\System\fuqpuyg.exe
  2⤵
  PID:11912
- C:\Windows\System\sfcHTEI.exe
  C:\Windows\System\sfcHTEI.exe
  2⤵
  PID:11936
- C:\Windows\System\mdQiZIm.exe
  C:\Windows\System\mdQiZIm.exe
  2⤵
  PID:11956
- C:\Windows\System\hlIyqjy.exe
  C:\Windows\System\hlIyqjy.exe
  2⤵
  PID:11976
- C:\Windows\System\eXUwcyt.exe
  C:\Windows\System\eXUwcyt.exe
  2⤵
  PID:11996
- C:\Windows\System\gHhhUeW.exe
  C:\Windows\System\gHhhUeW.exe
  2⤵
  PID:12024
- C:\Windows\System\hBylPwg.exe
  C:\Windows\System\hBylPwg.exe
  2⤵
  PID:12044
- C:\Windows\System\kQVIBtg.exe
  C:\Windows\System\kQVIBtg.exe
  2⤵
  PID:12068
- C:\Windows\System\tHhCCYs.exe
  C:\Windows\System\tHhCCYs.exe
  2⤵
  PID:12092
- C:\Windows\System\LwpRwEw.exe
  C:\Windows\System\LwpRwEw.exe
  2⤵
  PID:12152
- C:\Windows\System\fHNzghA.exe
  C:\Windows\System\fHNzghA.exe
  2⤵
  PID:12188
- C:\Windows\System\SceObIG.exe
  C:\Windows\System\SceObIG.exe
  2⤵
  PID:12220
- C:\Windows\System\iFPlUrd.exe
  C:\Windows\System\iFPlUrd.exe
  2⤵
  PID:12244
- C:\Windows\System\MIPzhiS.exe
  C:\Windows\System\MIPzhiS.exe
  2⤵
  PID:11256
- C:\Windows\System\JWnbuZK.exe
  C:\Windows\System\JWnbuZK.exe
  2⤵
  PID:10524
- C:\Windows\System\asztyQb.exe
  C:\Windows\System\asztyQb.exe
  2⤵
  PID:10624
- C:\Windows\System\vrfHYSi.exe
  C:\Windows\System\vrfHYSi.exe
  2⤵
  PID:11284
- C:\Windows\System\DCCWGcC.exe
  C:\Windows\System\DCCWGcC.exe
  2⤵
  PID:11356
- C:\Windows\System\iuTJzqz.exe
  C:\Windows\System\iuTJzqz.exe
  2⤵
  PID:11500
- C:\Windows\System\EQzCSvJ.exe
  C:\Windows\System\EQzCSvJ.exe
  2⤵
  PID:11476
- C:\Windows\System\SpxfzGN.exe
  C:\Windows\System\SpxfzGN.exe
  2⤵
  PID:11548
- C:\Windows\System\qhoMNUC.exe
  C:\Windows\System\qhoMNUC.exe
  2⤵
  PID:11460
- C:\Windows\System\mUBlODU.exe
  C:\Windows\System\mUBlODU.exe
  2⤵
  PID:11596
- C:\Windows\System\WlAfLef.exe
  C:\Windows\System\WlAfLef.exe
  2⤵
  PID:11696
- C:\Windows\System\FncGTlA.exe
  C:\Windows\System\FncGTlA.exe
  2⤵
  PID:11756
- C:\Windows\System\tZRbKON.exe
  C:\Windows\System\tZRbKON.exe
  2⤵
  PID:11824
- C:\Windows\System\dwxZrZe.exe
  C:\Windows\System\dwxZrZe.exe
  2⤵
  PID:11868
- C:\Windows\System\LHBMvkS.exe
  C:\Windows\System\LHBMvkS.exe
  2⤵
  PID:11952
- C:\Windows\System\UovmOig.exe
  C:\Windows\System\UovmOig.exe
  2⤵
  PID:12064
- C:\Windows\System\hzMvsQo.exe
  C:\Windows\System\hzMvsQo.exe
  2⤵
  PID:12136
- C:\Windows\System\ipybJOC.exe
  C:\Windows\System\ipybJOC.exe
  2⤵
  PID:12212
- C:\Windows\System\vaUHhbf.exe
  C:\Windows\System\vaUHhbf.exe
  2⤵
  PID:10828
- C:\Windows\System\hNrEIbM.exe
  C:\Windows\System\hNrEIbM.exe
  2⤵
  PID:11300
- C:\Windows\System\Eusyqrf.exe
  C:\Windows\System\Eusyqrf.exe
  2⤵
  PID:11388
- C:\Windows\System\QrIaMhr.exe
  C:\Windows\System\QrIaMhr.exe
  2⤵
  PID:11428
- C:\Windows\System\UoLjcPK.exe
  C:\Windows\System\UoLjcPK.exe
  2⤵
  PID:11668
- C:\Windows\System\IBLIWpS.exe
  C:\Windows\System\IBLIWpS.exe
  2⤵
  PID:12012
- C:\Windows\System\RYdmkXE.exe
  C:\Windows\System\RYdmkXE.exe
  2⤵
  PID:12180
- C:\Windows\System\psHKzDi.exe
  C:\Windows\System\psHKzDi.exe
  2⤵
  PID:12276
- C:\Windows\System\zVTwSWJ.exe
  C:\Windows\System\zVTwSWJ.exe
  2⤵
  PID:12280
- C:\Windows\System\IolWHsS.exe
  C:\Windows\System\IolWHsS.exe
  2⤵
  PID:11416
- C:\Windows\System\ODLTpCq.exe
  C:\Windows\System\ODLTpCq.exe
  2⤵
  PID:12240
- C:\Windows\System\bNlFuSW.exe
  C:\Windows\System\bNlFuSW.exe
  2⤵
  PID:10968
- C:\Windows\System\OeCKhUd.exe
  C:\Windows\System\OeCKhUd.exe
  2⤵
  PID:12308
- C:\Windows\System\gNdJplT.exe
  C:\Windows\System\gNdJplT.exe
  2⤵
  PID:12336
- C:\Windows\System\kbOUxKQ.exe
  C:\Windows\System\kbOUxKQ.exe
  2⤵
  PID:12352
- C:\Windows\System\wgVqDRb.exe
  C:\Windows\System\wgVqDRb.exe
  2⤵
  PID:12372
- C:\Windows\System\FnJknKa.exe
  C:\Windows\System\FnJknKa.exe
  2⤵
  PID:12408
- C:\Windows\System\YiwJVyp.exe
  C:\Windows\System\YiwJVyp.exe
  2⤵
  PID:12444
- C:\Windows\System\tlhOEVK.exe
  C:\Windows\System\tlhOEVK.exe
  2⤵
  PID:12464
- C:\Windows\System\skmuKuL.exe
  C:\Windows\System\skmuKuL.exe
  2⤵
  PID:12508
- C:\Windows\System\SYDDRHI.exe
  C:\Windows\System\SYDDRHI.exe
  2⤵
  PID:12532
- C:\Windows\System\whXSljo.exe
  C:\Windows\System\whXSljo.exe
  2⤵
  PID:12548
- C:\Windows\System\eGIBsxn.exe
  C:\Windows\System\eGIBsxn.exe
  2⤵
  PID:12604
- C:\Windows\System\LDtZYhH.exe
  C:\Windows\System\LDtZYhH.exe
  2⤵
  PID:12624
- C:\Windows\System\BVYUblp.exe
  C:\Windows\System\BVYUblp.exe
  2⤵
  PID:12644
- C:\Windows\System\nPxwQbZ.exe
  C:\Windows\System\nPxwQbZ.exe
  2⤵
  PID:12660
- C:\Windows\System\XaSEjIY.exe
  C:\Windows\System\XaSEjIY.exe
  2⤵
  PID:12692
- C:\Windows\System\ZwoFEPq.exe
  C:\Windows\System\ZwoFEPq.exe
  2⤵
  PID:12720
- C:\Windows\System\ZHFqbno.exe
  C:\Windows\System\ZHFqbno.exe
  2⤵
  PID:12740
- C:\Windows\System\cEofSLq.exe
  C:\Windows\System\cEofSLq.exe
  2⤵
  PID:12760
- C:\Windows\System\KquYiwr.exe
  C:\Windows\System\KquYiwr.exe
  2⤵
  PID:12792
- C:\Windows\System\ADYFEFx.exe
  C:\Windows\System\ADYFEFx.exe
  2⤵
  PID:12828
- C:\Windows\System\TTKKTbX.exe
  C:\Windows\System\TTKKTbX.exe
  2⤵
  PID:12848
- C:\Windows\System\xRNTikH.exe
  C:\Windows\System\xRNTikH.exe
  2⤵
  PID:12920
- C:\Windows\System\CZKzTLN.exe
  C:\Windows\System\CZKzTLN.exe
  2⤵
  PID:12936
- C:\Windows\System\MsiYiEr.exe
  C:\Windows\System\MsiYiEr.exe
  2⤵
  PID:12964
- C:\Windows\System\tQbAWLc.exe
  C:\Windows\System\tQbAWLc.exe
  2⤵
  PID:12996
- C:\Windows\System\EZawuqg.exe
  C:\Windows\System\EZawuqg.exe
  2⤵
  PID:13020
- C:\Windows\System\tWKDXgR.exe
  C:\Windows\System\tWKDXgR.exe
  2⤵
  PID:13036
- C:\Windows\System\qfRxVzM.exe
  C:\Windows\System\qfRxVzM.exe
  2⤵
  PID:13052
- C:\Windows\System\AHFMgsy.exe
  C:\Windows\System\AHFMgsy.exe
  2⤵
  PID:13072
- C:\Windows\System\uXDSIFH.exe
  C:\Windows\System\uXDSIFH.exe
  2⤵
  PID:13096
- C:\Windows\System\oGYcfiU.exe
  C:\Windows\System\oGYcfiU.exe
  2⤵
  PID:13128
- C:\Windows\System\pFVgiYC.exe
  C:\Windows\System\pFVgiYC.exe
  2⤵
  PID:13172
- C:\Windows\System\qfZtYjx.exe
  C:\Windows\System\qfZtYjx.exe
  2⤵
  PID:13196
- C:\Windows\System\kpRTVxP.exe
  C:\Windows\System\kpRTVxP.exe
  2⤵
  PID:13224
- C:\Windows\System\PvgGKDF.exe
  C:\Windows\System\PvgGKDF.exe
  2⤵
  PID:13264
- C:\Windows\System\PSqbcGk.exe
  C:\Windows\System\PSqbcGk.exe
  2⤵
  PID:13284
- C:\Windows\System\MhKakTY.exe
  C:\Windows\System\MhKakTY.exe
  2⤵
  PID:13308
- C:\Windows\System\oIRNcEU.exe
  C:\Windows\System\oIRNcEU.exe
  2⤵
  PID:12344
- C:\Windows\System\lUohzav.exe
  C:\Windows\System\lUohzav.exe
  2⤵
  PID:12320
- C:\Windows\System\mfKfijz.exe
  C:\Windows\System\mfKfijz.exe
  2⤵
  PID:12436
- C:\Windows\System\tzedYBr.exe
  C:\Windows\System\tzedYBr.exe
  2⤵
  PID:12460
- C:\Windows\System\HCUckvH.exe
  C:\Windows\System\HCUckvH.exe
  2⤵
  PID:12540
- C:\Windows\System\janOErk.exe
  C:\Windows\System\janOErk.exe
  2⤵
  PID:12568
- C:\Windows\System\kEPCdgd.exe
  C:\Windows\System\kEPCdgd.exe
  2⤵
  PID:12620
- C:\Windows\System\iATXLHl.exe
  C:\Windows\System\iATXLHl.exe
  2⤵
  PID:12716
- C:\Windows\System\OixHKov.exe
  C:\Windows\System\OixHKov.exe
  2⤵
  PID:12816
- C:\Windows\System\TRkmXMN.exe
  C:\Windows\System\TRkmXMN.exe
  2⤵
  PID:12844
- C:\Windows\System\QsGEOEt.exe
  C:\Windows\System\QsGEOEt.exe
  2⤵
  PID:12960
- C:\Windows\System\ThYVztW.exe
  C:\Windows\System\ThYVztW.exe
  2⤵
  PID:13016
- C:\Windows\System\VARTbzq.exe
  C:\Windows\System\VARTbzq.exe
  2⤵
  PID:13048
- C:\Windows\System\QpFjVqH.exe
  C:\Windows\System\QpFjVqH.exe
  2⤵
  PID:13088
- C:\Windows\System\bGrzzYL.exe
  C:\Windows\System\bGrzzYL.exe
  2⤵
  PID:13168
- C:\Windows\System\IiFiOMm.exe
  C:\Windows\System\IiFiOMm.exe
  2⤵
  PID:13256
- C:\Windows\System\caegODz.exe
  C:\Windows\System\caegODz.exe
  2⤵
  PID:13300
- C:\Windows\System\zPrmtJp.exe
  C:\Windows\System\zPrmtJp.exe
  2⤵
  PID:12456
- C:\Windows\System\bkXbMtK.exe
  C:\Windows\System\bkXbMtK.exe
  2⤵
  PID:12452
- C:\Windows\System\VtJnGuc.exe
  C:\Windows\System\VtJnGuc.exe
  2⤵
  PID:12752
- C:\Windows\System\KnKhgjE.exe
  C:\Windows\System\KnKhgjE.exe
  2⤵
  PID:12800
- C:\Windows\System\HBgSRYc.exe
  C:\Windows\System\HBgSRYc.exe
  2⤵
  PID:12840
- C:\Windows\System\FxXGQPY.exe
  C:\Windows\System\FxXGQPY.exe
  2⤵
  PID:13188
- C:\Windows\System\RPPMQsI.exe
  C:\Windows\System\RPPMQsI.exe
  2⤵
  PID:12304
- C:\Windows\System\vsrLRCU.exe
  C:\Windows\System\vsrLRCU.exe
  2⤵
  PID:12916
- C:\Windows\System\qCUTpNx.exe
  C:\Windows\System\qCUTpNx.exe
  2⤵
  PID:13124
- C:\Windows\System\RrfPlPH.exe
  C:\Windows\System\RrfPlPH.exe
  2⤵
  PID:13320
- C:\Windows\System\ApGVwoX.exe
  C:\Windows\System\ApGVwoX.exe
  2⤵
  PID:13344
- C:\Windows\System\HMImteW.exe
  C:\Windows\System\HMImteW.exe
  2⤵
  PID:13372
- C:\Windows\System\uddreYJ.exe
  C:\Windows\System\uddreYJ.exe
  2⤵
  PID:13400
- C:\Windows\System\SWfwTMS.exe
  C:\Windows\System\SWfwTMS.exe
  2⤵
  PID:13444
- C:\Windows\System\LkvXlzB.exe
  C:\Windows\System\LkvXlzB.exe
  2⤵
  PID:13472
- C:\Windows\System\lxOSjKv.exe
  C:\Windows\System\lxOSjKv.exe
  2⤵
  PID:13500
- C:\Windows\System\VGXMLWM.exe
  C:\Windows\System\VGXMLWM.exe
  2⤵
  PID:13524
- C:\Windows\System\NXCLQvb.exe
  C:\Windows\System\NXCLQvb.exe
  2⤵
  PID:13580
- C:\Windows\System\VdKBoYb.exe
  C:\Windows\System\VdKBoYb.exe
  2⤵
  PID:13604
- C:\Windows\System\hbtlDCl.exe
  C:\Windows\System\hbtlDCl.exe
  2⤵
  PID:13632
- C:\Windows\System\wJClVWe.exe
  C:\Windows\System\wJClVWe.exe
  2⤵
  PID:13652
- C:\Windows\System\EbdviCe.exe
  C:\Windows\System\EbdviCe.exe
  2⤵
  PID:13676
- C:\Windows\System\nHbPyWw.exe
  C:\Windows\System\nHbPyWw.exe
  2⤵
  PID:13696
- C:\Windows\System\StDxbKP.exe
  C:\Windows\System\StDxbKP.exe
  2⤵
  PID:13720
- C:\Windows\System\UOLwhIv.exe
  C:\Windows\System\UOLwhIv.exe
  2⤵
  PID:13744
- C:\Windows\System\IIHKwsr.exe
  C:\Windows\System\IIHKwsr.exe
  2⤵
  PID:13760
- C:\Windows\System\cphrkQS.exe
  C:\Windows\System\cphrkQS.exe
  2⤵
  PID:13800
- C:\Windows\System\fCKqGqV.exe
  C:\Windows\System\fCKqGqV.exe
  2⤵
  PID:13860
- C:\Windows\System\QfBInSU.exe
  C:\Windows\System\QfBInSU.exe
  2⤵
  PID:13884
- C:\Windows\System\ByNQcab.exe
  C:\Windows\System\ByNQcab.exe
  2⤵
  PID:13924
- C:\Windows\System\UEemQNC.exe
  C:\Windows\System\UEemQNC.exe
  2⤵
  PID:13940
- C:\Windows\System\YUHtxWq.exe
  C:\Windows\System\YUHtxWq.exe
  2⤵
  PID:13956
- C:\Windows\System\XZhKdZB.exe
  C:\Windows\System\XZhKdZB.exe
  2⤵
  PID:13988
- C:\Windows\System\yohUdcP.exe
  C:\Windows\System\yohUdcP.exe
  2⤵
  PID:14012
- C:\Windows\System\LDViZci.exe
  C:\Windows\System\LDViZci.exe
  2⤵
  PID:14044
- C:\Windows\System\mYAzNxS.exe
  C:\Windows\System\mYAzNxS.exe
  2⤵
  PID:14068
- C:\Windows\System\IQVxqrl.exe
  C:\Windows\System\IQVxqrl.exe
  2⤵
  PID:14088
- C:\Windows\System\dfedOgV.exe
  C:\Windows\System\dfedOgV.exe
  2⤵
  PID:14128
- C:\Windows\System\HQBftFj.exe
  C:\Windows\System\HQBftFj.exe
  2⤵
  PID:14152
- C:\Windows\System\LvvPmPr.exe
  C:\Windows\System\LvvPmPr.exe
  2⤵
  PID:14168
- C:\Windows\System\gFzaITS.exe
  C:\Windows\System\gFzaITS.exe
  2⤵
  PID:14200
- C:\Windows\System\fgWCyuy.exe
  C:\Windows\System\fgWCyuy.exe
  2⤵
  PID:14248
- C:\Windows\System\oSfYPDe.exe
  C:\Windows\System\oSfYPDe.exe
  2⤵
  PID:14268
- C:\Windows\System\VyEHsBs.exe
  C:\Windows\System\VyEHsBs.exe
  2⤵
  PID:14296
- C:\Windows\System\YdRZmVY.exe
  C:\Windows\System\YdRZmVY.exe
  2⤵
  PID:14320
- C:\Windows\System\OFobaAT.exe
  C:\Windows\System\OFobaAT.exe
  2⤵
  PID:12516
- C:\Windows\System\SrCefxy.exe
  C:\Windows\System\SrCefxy.exe
  2⤵
  PID:3860
- C:\Windows\System\Xpibryr.exe
  C:\Windows\System\Xpibryr.exe
  2⤵
  PID:13332
- C:\Windows\System\CISyNvK.exe
  C:\Windows\System\CISyNvK.exe
  2⤵
  PID:13392
- C:\Windows\System\GROToHU.exe
  C:\Windows\System\GROToHU.exe
  2⤵
  PID:13484
- C:\Windows\System\wOVGqUP.exe
  C:\Windows\System\wOVGqUP.exe
  2⤵
  PID:13540
- C:\Windows\System\EEUoTUP.exe
  C:\Windows\System\EEUoTUP.exe
  2⤵
  PID:13620
- C:\Windows\System\VuhVnyj.exe
  C:\Windows\System\VuhVnyj.exe
  2⤵
  PID:13668
- C:\Windows\System\bLUHXZe.exe
  C:\Windows\System\bLUHXZe.exe
  2⤵
  PID:13756
- C:\Windows\System\iJqosfS.exe
  C:\Windows\System\iJqosfS.exe
  2⤵
  PID:13792
- C:\Windows\System\YEFgpXj.exe
  C:\Windows\System\YEFgpXj.exe
  2⤵
  PID:13788
- C:\Windows\System\INnHBtk.exe
  C:\Windows\System\INnHBtk.exe
  2⤵
  PID:13904

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DQNQwvc.exe

Filesize
1.3MB

MD5
857761db8554428124ce6c5c15e5ad0b

SHA1
dfc8bc7c8b8bd828dae63d943429b0ea05854233

SHA256
6a828e6e1cadae944d9512e5a1ddcb9a5a936edf0bcc69dc5b799f31d2c10306

SHA512
a3f47645c2a9230dd700e5d2b974f9a54e833b77a32417c388eda05b3ba581abed5e67819221c431026a67a35bbac150556a3b91bec974300a8c14ed4fe7634b

Download Submit
C:\Windows\System\EIcieWl.exe

Filesize
1.3MB

MD5
9ffe6c0a0f4368ede85f87aac3b16f82

SHA1
2482bdce0ffb3582ad41b7048a7ee3899121988e

SHA256
5c4504e1ec5acec847a3324a87d309c6d2a9421eb8a1c32560162f8e39bbe6f0

SHA512
484e0ec3eb7feaeb9afffef1d4023f9af26516cd1a2064c7242614bf2d8eaf65c51e9dc2859311e177839c00ab9faf5f0769354ac3792beae1735523f12950f6

Download Submit
C:\Windows\System\FRlHWpj.exe

Filesize
1.3MB

MD5
2ab9be6e7e042be8e869e84730ad5f8f

SHA1
617b28a7aa028d226fffd192d6339cc7c641c4b4

SHA256
9d50c0aa3c92e600eb5c1fea4146b93b4c6af87a841a6cb62b163d2d038b0be8

SHA512
53a5de9898c920d7220e1f9db5fef29c8b64ab6e0af545a20f0de312351954ae3dd2e0bf7be912df4e425adb496121e633fff64efa6885ab50c2ddeb95304a18

Download Submit
C:\Windows\System\FYAUoTK.exe

Filesize
1.3MB

MD5
cf514ad3aa5ba3a0bf73307d621081a1

SHA1
7c490465c7ae672c2d6c7ada175c5ba1a5944aaa

SHA256
b83ea012c3a0a023ec18bf01ee57da38142f098039cff085d037744201e8149c

SHA512
bf45d89487cd1ffb1d92784a15d6fd8d61f5160575187d30fe421915dfc3dd47e7e1f67dbef954025dcbf58de540965420cc10937a234d961203a8bf3d9baf4f

Download Submit
C:\Windows\System\GDQctqe.exe

Filesize
1.3MB

MD5
8e7c456c7c1e26337a0e87b027a8a901

SHA1
0a88e15f4f42ad3cc45b11e1eb8c94149f02a6b0

SHA256
1a89fc7c9e13535f75aad1603edd37e0331add9d4818259a4a24b23fc5e10c88

SHA512
b01026b7bf3c81c3bd5ae5752232c775d7d1be532dd2207351024656e61f5bae0d7d29479e892a6f8bd51e02806bad0239e64d720a0591cfc37e678e25ed1c9c

Download Submit
C:\Windows\System\HgHHolt.exe

Filesize
1.3MB

MD5
3dea2b78dab5d6e138b467b0f0b17686

SHA1
a33603d90b9ee4fd1ec63078b984adb2e0179d23

SHA256
adc03116faa2888741cae5e59acc9333a2e88dadf6a0818d1aeb1c2d0548cb89

SHA512
1fdd26955b49333ee1d46dcbdbb638a80e6eb0f573d97060e0235a7068728ac216e6f5b27ec2ea71dad09fbf10dd2c7ad043bada9fe4b3f70f502c6544bba470

Download Submit
C:\Windows\System\IvueKvT.exe

Filesize
1.3MB

MD5
681cf48a36065e2330ae456eee3d4cf0

SHA1
ec5e99f396361e12481748b1fdea731b3ddebbd0

SHA256
e7b5634b6fc6dbc81b6c6e0bd996b784fb77a0da1864fe6f015d2137854bcbe4

SHA512
7cb48b87d8baaa8e4f955a0424cacf89614df06613588bd4cc434e243eede8ac100dc7b901844d97568ea5df9102f1fbdffc7c0a30bd65aa44daeec83a8599d0

Download Submit
C:\Windows\System\KDGvtAP.exe

Filesize
1.3MB

MD5
49f34a5faafe59fc0b0415d7196e7ebd

SHA1
06102e987eee9afb9a1e07739743be0220549f89

SHA256
021495eef4a095617a97a15115ee9211f77a7859b23b8c99567fef76e37e9cfc

SHA512
d265b52248db280d40bbe0d5eb561c8c989bb207cc587884763326cb9b383d23be72714642b54e6b3deacced7a1a2047c7026ee3a8a3ce47c0939a14f2dc570b

Download Submit
C:\Windows\System\MLOJpEW.exe

Filesize
1.3MB

MD5
52500e357db78dd33f3cc17e8c3c541c

SHA1
c18476a6d0446ad4b0621df882ed6bb7c15229ea

SHA256
635dde515183e5688954bb8aac2965e92f966329c84a66f54b54b170bbce0422

SHA512
bf571f12918790b79e7745fac100d6590671b30d7c6aa9dd672b9869802e2d940c3c7f23e9cf305243b49e48fe16155536b3efb6403d80e988718822a0ffb038

Download Submit
C:\Windows\System\MtYjsrZ.exe

Filesize
1.3MB

MD5
ebfbf1f9c34f58115cdc1856101d02cc

SHA1
cbb655b465147a4ebf09f66830cd40e6209f4816

SHA256
1cc71e4fe7ba8d11637b4cd324b76d42590511ff45bb8f9c80daac8a1edb5804

SHA512
bf50f8e2c37f145ca12269300e9b299325e5cb07a29ac3fe2d716abfd6b93c3ee5b588802aca5f4cd90beda7587fee88687fe5b90225bc294328c91da360df0e

Download Submit
C:\Windows\System\NUFLNyv.exe

Filesize
1.3MB

MD5
5f5577892c024b6a6a717c425fcb432a

SHA1
1f8935641d30aae599f2b0e02cc77045f88994f6

SHA256
6e1eeebab8a9b04bfb7912d709b6954afeb5e147e9f3c2f40a2c15c3205374a8

SHA512
3463239eede627fb86013d6f8970c65a3c55af25bd701c36816827c09bcb745cc826e1c80da76965c8924d83ace18765ce962ebfb430a5419c5da05e148a694c

Download Submit
C:\Windows\System\OPpxdrQ.exe

Filesize
1.3MB

MD5
90e2bc92e324a562e039345538ef5e04

SHA1
05ce3d8289caed322d3d02b899e0298e4f17c3ea

SHA256
05484ac3bfe8fa308fbe25fdb0c7b05c9648f526a461db29d85d38eb627ec934

SHA512
0070afb10c4952c17ae4b21fae0fd97beb63fb0f9501e5c4c778a9a10798e7248adeb908dc1a5b9713c7397834efe7a2c6e3c02b45fe6e175510e10d9a1fd82e

Download Submit
C:\Windows\System\RFNIgBZ.exe

Filesize
1.3MB

MD5
003025e944041c2e3ec160e00ab0aa41

SHA1
69f3f141da85fb0f73542160e03b153726584cca

SHA256
77ab6971c2e38bafe252a1626f38a653cd5084c703c4fcc09e0ff4a64ce4378a

SHA512
c1f887c4971c8ed512e6a7a2a44a8eef0dc8e83de4b52a99b74af4f03d1fa1f86098b0020f8d919e2770d51188f462a13e71ba2389e23250c00589ef8ea24b0e

Download Submit
C:\Windows\System\RVcPscj.exe

Filesize
1.3MB

MD5
e3cc7001acbeeedec5c3f7c25415252f

SHA1
2f15cc64da619bcfb8c0bb93b7848ada55fbcf5f

SHA256
629e8487d786f6453a4fba24319cd11815f98b1c98b6148982a4758f83453e27

SHA512
ba152adc89a5d27a313ba6246b40de984cc6542d3ff3ce3188ce6be2dd1820a43989ccfd719d0da205c8a10c7c0b1b6cca89db5cb9fef12deef3a1f3deb5516d

Download Submit
C:\Windows\System\RgBkQKk.exe

Filesize
1.3MB

MD5
7c09b4d0d0c8e75abca1d7fe061b58aa

SHA1
439b6ae2afbfd5267c299dbf483ba02ca71d5cd9

SHA256
d61ed7695c1ae0f5f15f52159f859c6a8223da459b971c671da3ed48e58bfdf5

SHA512
ddb5131d151674f9ad8b205f4efdad07124565be3d0d1d9c78d3d47cc30de35e5ca06b2f1d8f0558ae820ae60ef2f288b1b995bda95014393868fe6ba0af466a

Download Submit
C:\Windows\System\SqGfbFk.exe

Filesize
1.3MB

MD5
a2a96efee7cc9a78edcaf7e8db453239

SHA1
d50b7781e62f4def12ad0bdbd9f8503b98573348

SHA256
b4f5e99ca3f422d6ec7c2ca26627d53d10612b3e5ec6326dd3df0098ea67773a

SHA512
00d0caaf13378de2fd7fa69e92b7f360b79903ba43a41136afd6d529bb4195fd90c7cb89ba241ba6a6ae28bfbb91434bbf9c703c1dcbb954191d47e837144137

Download Submit
C:\Windows\System\SqPujqd.exe

Filesize
1.3MB

MD5
7bd1ccabb493f9f2787259d7d39d0d93

SHA1
34aa4ddf3fcc9acaf83e6706ce8fd8dabd9ce55e

SHA256
f02679203d7c661eea18d68dfe557d994fbfe462a852d7470d0adfab1cb3a68b

SHA512
521852a68b3fe27e11c7fe9d62be0d657326129e250b76d0ec0027526f76cac8e1bad85022e6305fcc7056f22232f4dd2f53c0d3267882987f4b432103345513

Download Submit
C:\Windows\System\TLKbHGo.exe

Filesize
1.3MB

MD5
3c5b8173c61d1f452dac10a09cac7a6c

SHA1
2015f86843e6cb3ad2f76a8e5eaf285cbe46843b

SHA256
737fa12db319f3c0a5e05fe9d31291d2114dbf11fe8e9d3809aa5088de5968ca

SHA512
3619b55673bc208cfd8887805551babf9dbb88181069c0115edb5b0fc6c64fd3cdaab24b248f3a86ac7493a348b972afb17a0f575a3b080404db7ef1df7839e7

Download Submit
C:\Windows\System\VsQHQRQ.exe

Filesize
1.3MB

MD5
bad746adbc7bceb55198b149e3335198

SHA1
a769a6be6882ec6ae15128bbed002305f199479f

SHA256
0d599c3c89760341cd2f1042c657a41295a5c6150a7118073ea2cf50734cbb65

SHA512
ba70c851c72c481a4947b19e2f3d8f4aba39f40708b4f6bd4af28573a3b41744d52230cf27dacd260c27a583189d5447aef630df550341dfcf723431f929133c

Download Submit
C:\Windows\System\ZEHVlyA.exe

Filesize
1.3MB

MD5
3d5786d23d45e5736c975d0d4f6572fa

SHA1
dcea19769787e6ecfb3b940962c8949bcac3952c

SHA256
6f1fc98e8dcad1427c269e98ca7afe7fc3c41b16cd59c90f5520f4ed2a4e9b4f

SHA512
885e1e6d614e6fad85220dcb5f7b6a8badf4123e5b0cb5494a13793ce1cf2fcab30adf4a55c56d42ac78d4442e2f9feb86dcbc99bea03bdfc248e3cd18e7ae38

Download Submit
C:\Windows\System\ZZUrTcz.exe

Filesize
1.3MB

MD5
0a639f2d4bef8793e42eb6cf8234ab73

SHA1
4b2c7f18c3b2504afe38e6ada7269293b333c108

SHA256
0fc9609800012ad05403615ac498fddb778bfab5bad8935d7e7f6928b56eeca9

SHA512
1e73abfa20c4bf3e5d92fd31f0fd664c21c563f18cbea0e6074c80be2159eb6ce96b94610c21b760b02803a9605bea49307df2127353fa0dbe375b7e4ee12100

Download Submit
C:\Windows\System\bWemRBi.exe

Filesize
1.3MB

MD5
e6d7d050fc2ab60809d7242b6a89890f

SHA1
585759c11211a5efc9838073d96a01e905aae9d3

SHA256
e434e5c6fc33bf6eb65a7862b81a6332e8c2d0b635cb59def88f3f82b678b56e

SHA512
cc1edd472dc89bd638fbc2007b27f0c790066be924695ed444317a7c0f2816a25dd4d5239e5a3000b5d5607b7c09bb8d6b3ab0eeb295300c631f173a2c06b095

Download Submit
C:\Windows\System\biXgSZG.exe

Filesize
1.3MB

MD5
846feb3511d8f0e9840a0466cb5f883d

SHA1
65bead5d5fd136d592e5370953fa00e1c6480a88

SHA256
7e03e55c3ee2502876e34e4044384ff2f9e7959e7b544d5987f90c1b031230ae

SHA512
a19c5dfb04af28a6219f25d4102cab9f3ba103d967445c490c4e110f2f18309a6160fdd987eef9e920057fcdfc2044eee58a9145e9bcac5bf7d54117cc5f1c7a

Download Submit
C:\Windows\System\fnrfNyY.exe

Filesize
1.3MB

MD5
98f4e9a2310a5e8056744a1817875b62

SHA1
e5fc7a150c575253c9e89cd7a97c59805297bf61

SHA256
09fada0ea500900d5d1d8bf181ee8da69bcd6142d3750c1696ed0cbe39fe5c47

SHA512
44f197f998c59cc380767d92bb7aac5c1d8a97669a2f39b9b4787c762ebb7cf96926bf620b769e2cdb29888f7da19721fb715141f12c2cb324805cf172d2b82b

Download Submit
C:\Windows\System\hbeczuV.exe

Filesize
1.3MB

MD5
e13471bf344fff9444b183cd995a7089

SHA1
320874443e5f3c374934c42f5078304e7f0a424a

SHA256
228d8ce50af3cce1a4802789c2a0e5a7c552bc95049ba574847d4d446246dbd7

SHA512
079ac14bd73cfb44b3304182c1dac193208b5bf82c72b468bbd042dbbb6b21a2d1f4b60eb583f2e90cda91b6ecee7512681caaadd389da83d9c830fa5e8f4596

Download Submit
C:\Windows\System\hoRVgCQ.exe

Filesize
1.3MB

MD5
8e8a31af353b05ae9ad5ab0144c43501

SHA1
2574af4ab31ded24b2f4e8dc558514a3e0c23ac4

SHA256
0c9e524872bc5784c6aa3af4b007eec451f790ec103e5a1f9cf91954abc064a1

SHA512
3cc7432cd89ed375ba714f8fa4a1bef2415ec3667c652cfb6daaea1ccf3978c32efe2f6ab6bc6a14747305acaa7253547d1f6c8f2b91f2316706d7d7158d6e21

Download Submit
C:\Windows\System\htpxCsb.exe

Filesize
1.3MB

MD5
505e1dc455c215ddac6112b6d398afb2

SHA1
c06c2f5a89a24900b48ea2e89f0dee08a6e542f8

SHA256
2576726dace6bbca4bb63bfe4a246fa8e4c0aec3aa2edf57236ff713664e12b7

SHA512
55fc7f694acbf4ac68076ec95f3185780e0472841206fb407b09b8b5f17a5c76b1435ffe769666f1a8a67dfdf7cc386ad81dacbfc9825b139855d98ef20707a9

Download Submit
C:\Windows\System\mqcCmEk.exe

Filesize
1.3MB

MD5
b7868b4731a8dba84ae2a2b5807b7a2b

SHA1
24599a852e59d5105dcb4206eec57b78cacd81b7

SHA256
61fa291fe89385d9910eaf7f5a205d3da1807b650841b88a2b1fe9a9171176bb

SHA512
816d11a728c79a168d87896591177b92b44fc7483a279825b6a645ab7331dd2d1d416bb4445cc107e8d5b7f9b7c5723d9f5a01f1e9f384221453754affa5c817

Download Submit
C:\Windows\System\oJOPLIv.exe

Filesize
1.3MB

MD5
af261b90ef5841370deba5f270bb3b24

SHA1
eb3c524cbfe818708b6e3f1408dca3314352b012

SHA256
915ba322cfc56c19494be81666ff0121b5162c91ea36dd57525fa92e792c9581

SHA512
8c041bcc240c37026943c1c3acd07ff48a9385ca2179e67a99382892e98320e6576a97a2d72559e9d254f15f93f68b63592ec3af9b8523f2c5fc2e911928fd53

Download Submit
C:\Windows\System\qpsDtoL.exe

Filesize
1.3MB

MD5
94022719bf6f8361e270191053b1dc6c

SHA1
94c083b67924c31a659bee3dc03fa759bbe2bc6f

SHA256
0c8f89d01abcb60d63d2fc265eaaf9cc02a526aeddeefdee07d0d480b35b2536

SHA512
32e9dc2e7e95efdc26361ae9e90c1f47c2ce218142fa1a55367d6c05858f15a675b756728e8c0fa5d329c93b905456c702b62891164576c21ec26784ca00c20f

Download Submit
C:\Windows\System\vKfwFtA.exe

Filesize
1.3MB

MD5
430b2c81fbf4324fe19167a308c8b3a2

SHA1
2e6a72eb62962fc0fc7d9e320892f26649d94b06

SHA256
77f89e0a7a77dafed1d99faa9d2d56d07598f8e4b8d3b100e5d427bb5f1cfc8f

SHA512
f8da9bdebfe19dc2e03d177b5820d80c7a5f93ea2f8d63a04a785be95651e48d590efab3a6f513fb061f68d313d28adecdf20d41ce4825de324d5d5440b8f7cb

Download Submit
C:\Windows\System\vixLxkL.exe

Filesize
1.3MB

MD5
28169c1b15325ed8af40711eeca1cd83

SHA1
8c5dbceaa592aa0a8e487fe3e7262b023d9e2b7b

SHA256
85fd4ea77633ef6c0f5ce753eb7244b64844486b1a1787f171bed5ec1cef643e

SHA512
0691ddccbaeccc2ee48662ec96efc03bdb0db03357b2d1f2c6f1a08ea2a3c0e619247318e40304d9a4ad4a4189d95716fc093b507ac8de2405b614253437ca4c

Download Submit
C:\Windows\System\waXesqm.exe

Filesize
1.3MB

MD5
8e332f23dd2a72994dd015cfedcc294a

SHA1
7d292770d84dff7f979f36561031867ebf8210fe

SHA256
9aeccc3e297e4ca44ea2c23798fe105e3894a826357f3b7fe63ca5bd6bab80f6

SHA512
95916d6a04f581eba15027c22424126839dfa097cd4a186db5d56957c6fcc7b6b5d2b575c9e90f9765f62d86e0bcd151bc9b305ea5b03fdcc39c1016290a5456

Download Submit
memory/412-477-0x00007FF78D0D0000-0x00007FF78D421000-memory.dmp

Filesize
3.3MB

Download
memory/412-2298-0x00007FF78D0D0000-0x00007FF78D421000-memory.dmp

Filesize
3.3MB

Download
memory/512-2273-0x00007FF69D3F0000-0x00007FF69D741000-memory.dmp

Filesize
3.3MB

Download
memory/512-447-0x00007FF69D3F0000-0x00007FF69D741000-memory.dmp

Filesize
3.3MB

Download
memory/516-1-0x000002A1E2860000-0x000002A1E2870000-memory.dmp

Filesize
64KB

Download
memory/516-0-0x00007FF609370000-0x00007FF6096C1000-memory.dmp

Filesize
3.3MB

Download
memory/732-2296-0x00007FF702220000-0x00007FF702571000-memory.dmp

Filesize
3.3MB

Download
memory/732-481-0x00007FF702220000-0x00007FF702571000-memory.dmp

Filesize
3.3MB

Download
memory/744-2204-0x00007FF7B5390000-0x00007FF7B56E1000-memory.dmp

Filesize
3.3MB

Download
memory/744-2257-0x00007FF7B5390000-0x00007FF7B56E1000-memory.dmp

Filesize
3.3MB

Download
memory/744-66-0x00007FF7B5390000-0x00007FF7B56E1000-memory.dmp

Filesize
3.3MB

Download
memory/772-2271-0x00007FF7A3020000-0x00007FF7A3371000-memory.dmp

Filesize
3.3MB

Download
memory/772-452-0x00007FF7A3020000-0x00007FF7A3371000-memory.dmp

Filesize
3.3MB

Download
memory/848-412-0x00007FF751980000-0x00007FF751CD1000-memory.dmp

Filesize
3.3MB

Download
memory/848-2263-0x00007FF751980000-0x00007FF751CD1000-memory.dmp

Filesize
3.3MB

Download
memory/1544-457-0x00007FF708370000-0x00007FF7086C1000-memory.dmp

Filesize
3.3MB

Download
memory/1544-2275-0x00007FF708370000-0x00007FF7086C1000-memory.dmp

Filesize
3.3MB

Download
memory/1624-2259-0x00007FF7996E0000-0x00007FF799A31000-memory.dmp

Filesize
3.3MB

Download
memory/1624-2202-0x00007FF7996E0000-0x00007FF799A31000-memory.dmp

Filesize
3.3MB

Download
memory/1624-41-0x00007FF7996E0000-0x00007FF799A31000-memory.dmp

Filesize
3.3MB

Download
memory/1800-420-0x00007FF6C15F0000-0x00007FF6C1941000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2249-0x00007FF6C15F0000-0x00007FF6C1941000-memory.dmp

Filesize
3.3MB

Download
memory/2016-57-0x00007FF7E2880000-0x00007FF7E2BD1000-memory.dmp

Filesize
3.3MB

Download
memory/2016-2251-0x00007FF7E2880000-0x00007FF7E2BD1000-memory.dmp

Filesize
3.3MB

Download
memory/2016-2237-0x00007FF7E2880000-0x00007FF7E2BD1000-memory.dmp

Filesize
3.3MB

Download
memory/2020-489-0x00007FF6105F0000-0x00007FF610941000-memory.dmp

Filesize
3.3MB

Download
memory/2020-2290-0x00007FF6105F0000-0x00007FF610941000-memory.dmp

Filesize
3.3MB

Download
memory/2208-2300-0x00007FF6FC720000-0x00007FF6FCA71000-memory.dmp

Filesize
3.3MB

Download
memory/2208-473-0x00007FF6FC720000-0x00007FF6FCA71000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2245-0x00007FF6FC630000-0x00007FF6FC981000-memory.dmp

Filesize
3.3MB

Download
memory/2780-36-0x00007FF6FC630000-0x00007FF6FC981000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2303-0x00007FF727070000-0x00007FF7273C1000-memory.dmp

Filesize
3.3MB

Download
memory/2796-476-0x00007FF727070000-0x00007FF7273C1000-memory.dmp

Filesize
3.3MB

Download
memory/2828-42-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2203-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2261-0x00007FF6FB710000-0x00007FF6FBA61000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2253-0x00007FF698B70000-0x00007FF698EC1000-memory.dmp

Filesize
3.3MB

Download
memory/3020-37-0x00007FF698B70000-0x00007FF698EC1000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2277-0x00007FF7AE700000-0x00007FF7AEA51000-memory.dmp

Filesize
3.3MB

Download
memory/3076-443-0x00007FF7AE700000-0x00007FF7AEA51000-memory.dmp

Filesize
3.3MB

Download
memory/3388-454-0x00007FF6C6F30000-0x00007FF6C7281000-memory.dmp

Filesize
3.3MB

Download
memory/3388-2269-0x00007FF6C6F30000-0x00007FF6C7281000-memory.dmp

Filesize
3.3MB

Download
memory/3504-2243-0x00007FF6129F0000-0x00007FF612D41000-memory.dmp

Filesize
3.3MB

Download
memory/3504-14-0x00007FF6129F0000-0x00007FF612D41000-memory.dmp

Filesize
3.3MB

Download
memory/3572-436-0x00007FF7DC3E0000-0x00007FF7DC731000-memory.dmp

Filesize
3.3MB

Download
memory/3572-2281-0x00007FF7DC3E0000-0x00007FF7DC731000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2171-0x00007FF71C570000-0x00007FF71C8C1000-memory.dmp

Filesize
3.3MB

Download
memory/4140-25-0x00007FF71C570000-0x00007FF71C8C1000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2247-0x00007FF71C570000-0x00007FF71C8C1000-memory.dmp

Filesize
3.3MB

Download
memory/4224-483-0x00007FF62ABB0000-0x00007FF62AF01000-memory.dmp

Filesize
3.3MB

Download
memory/4224-2292-0x00007FF62ABB0000-0x00007FF62AF01000-memory.dmp

Filesize
3.3MB

Download
memory/4264-439-0x00007FF606D70000-0x00007FF6070C1000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2279-0x00007FF606D70000-0x00007FF6070C1000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2267-0x00007FF7E74F0000-0x00007FF7E7841000-memory.dmp

Filesize
3.3MB

Download
memory/4336-469-0x00007FF7E74F0000-0x00007FF7E7841000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2285-0x00007FF67DFC0000-0x00007FF67E311000-memory.dmp

Filesize
3.3MB

Download
memory/4568-426-0x00007FF67DFC0000-0x00007FF67E311000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2283-0x00007FF76DCA0000-0x00007FF76DFF1000-memory.dmp

Filesize
3.3MB

Download
memory/4696-428-0x00007FF76DCA0000-0x00007FF76DFF1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-28-0x00007FF76AD70000-0x00007FF76B0C1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2201-0x00007FF76AD70000-0x00007FF76B0C1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2255-0x00007FF76AD70000-0x00007FF76B0C1000-memory.dmp

Filesize
3.3MB

Download
memory/4852-491-0x00007FF7A46D0000-0x00007FF7A4A21000-memory.dmp

Filesize
3.3MB

Download
memory/4852-2265-0x00007FF7A46D0000-0x00007FF7A4A21000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2294-0x00007FF654B30000-0x00007FF654E81000-memory.dmp

Filesize
3.3MB

Download
memory/5008-421-0x00007FF654B30000-0x00007FF654E81000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads