xmrig | ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f

Analysis

max time kernel
124s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
Size

1.0MB
MD5

8a41c0b79ec5b4921f7901220ef129a7
SHA1

0ca4e82005d0868ea83f8e5e300b250353de4344
SHA256

ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f
SHA512

7318e956f33ef9c92503deb2ab7a9f55506134239c6a870c3eea7ac301f6d63f29c74571f7b4a9b23ff33b332979a3058e06f4117b9dd8582a160a0a0f7287b2
SSDEEP

24576:JanwhSe11QSONCpGJCjETPl+Me7bPMS8Ykgc3y9Ntvl:knw9oUUEEDl+xTMS8Tg2UNtd

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/396-361-0x00007FF6F7210000-0x00007FF6F7601000-memory.dmp	xmrig
behavioral2/memory/2460-355-0x00007FF6C84C0000-0x00007FF6C88B1000-memory.dmp	xmrig
behavioral2/memory/4292-370-0x00007FF627310000-0x00007FF627701000-memory.dmp	xmrig
behavioral2/memory/4788-368-0x00007FF728F90000-0x00007FF729381000-memory.dmp	xmrig
behavioral2/memory/668-378-0x00007FF6658D0000-0x00007FF665CC1000-memory.dmp	xmrig
behavioral2/memory/4484-416-0x00007FF7272A0000-0x00007FF727691000-memory.dmp	xmrig
behavioral2/memory/336-434-0x00007FF62DC00000-0x00007FF62DFF1000-memory.dmp	xmrig
behavioral2/memory/3352-461-0x00007FF7DF9B0000-0x00007FF7DFDA1000-memory.dmp	xmrig
behavioral2/memory/4604-484-0x00007FF7D5DE0000-0x00007FF7D61D1000-memory.dmp	xmrig
behavioral2/memory/2744-487-0x00007FF65FA30000-0x00007FF65FE21000-memory.dmp	xmrig
behavioral2/memory/4736-503-0x00007FF60BA50000-0x00007FF60BE41000-memory.dmp	xmrig
behavioral2/memory/2880-505-0x00007FF6A5680000-0x00007FF6A5A71000-memory.dmp	xmrig
behavioral2/memory/2056-506-0x00007FF794D10000-0x00007FF795101000-memory.dmp	xmrig
behavioral2/memory/4520-507-0x00007FF7E96A0000-0x00007FF7E9A91000-memory.dmp	xmrig
behavioral2/memory/1572-501-0x00007FF762530000-0x00007FF762921000-memory.dmp	xmrig
behavioral2/memory/2748-483-0x00007FF61B300000-0x00007FF61B6F1000-memory.dmp	xmrig
behavioral2/memory/3484-449-0x00007FF7C77E0000-0x00007FF7C7BD1000-memory.dmp	xmrig
behavioral2/memory/3632-422-0x00007FF6D94A0000-0x00007FF6D9891000-memory.dmp	xmrig
behavioral2/memory/2660-419-0x00007FF74EA50000-0x00007FF74EE41000-memory.dmp	xmrig
behavioral2/memory/2164-418-0x00007FF609AC0000-0x00007FF609EB1000-memory.dmp	xmrig
behavioral2/memory/2840-1146-0x00007FF685A70000-0x00007FF685E61000-memory.dmp	xmrig
behavioral2/memory/5048-1291-0x00007FF6056E0000-0x00007FF605AD1000-memory.dmp	xmrig
behavioral2/memory/1012-1440-0x00007FF64DE10000-0x00007FF64E201000-memory.dmp	xmrig
behavioral2/memory/5108-1436-0x00007FF77DDB0000-0x00007FF77E1A1000-memory.dmp	xmrig
behavioral2/memory/1164-1544-0x00007FF74A800000-0x00007FF74ABF1000-memory.dmp	xmrig
behavioral2/memory/5048-2112-0x00007FF6056E0000-0x00007FF605AD1000-memory.dmp	xmrig
behavioral2/memory/5108-2114-0x00007FF77DDB0000-0x00007FF77E1A1000-memory.dmp	xmrig
behavioral2/memory/1012-2116-0x00007FF64DE10000-0x00007FF64E201000-memory.dmp	xmrig
behavioral2/memory/2460-2122-0x00007FF6C84C0000-0x00007FF6C88B1000-memory.dmp	xmrig
behavioral2/memory/4788-2126-0x00007FF728F90000-0x00007FF729381000-memory.dmp	xmrig
behavioral2/memory/4520-2124-0x00007FF7E96A0000-0x00007FF7E9A91000-memory.dmp	xmrig
behavioral2/memory/4292-2142-0x00007FF627310000-0x00007FF627701000-memory.dmp	xmrig
behavioral2/memory/3632-2166-0x00007FF6D94A0000-0x00007FF6D9891000-memory.dmp	xmrig
behavioral2/memory/3352-2172-0x00007FF7DF9B0000-0x00007FF7DFDA1000-memory.dmp	xmrig
behavioral2/memory/4604-2176-0x00007FF7D5DE0000-0x00007FF7D61D1000-memory.dmp	xmrig
behavioral2/memory/1572-2180-0x00007FF762530000-0x00007FF762921000-memory.dmp	xmrig
behavioral2/memory/4736-2184-0x00007FF60BA50000-0x00007FF60BE41000-memory.dmp	xmrig
behavioral2/memory/2880-2182-0x00007FF6A5680000-0x00007FF6A5A71000-memory.dmp	xmrig
behavioral2/memory/2744-2178-0x00007FF65FA30000-0x00007FF65FE21000-memory.dmp	xmrig
behavioral2/memory/2748-2174-0x00007FF61B300000-0x00007FF61B6F1000-memory.dmp	xmrig
behavioral2/memory/3484-2170-0x00007FF7C77E0000-0x00007FF7C7BD1000-memory.dmp	xmrig
behavioral2/memory/336-2168-0x00007FF62DC00000-0x00007FF62DFF1000-memory.dmp	xmrig
behavioral2/memory/2660-2164-0x00007FF74EA50000-0x00007FF74EE41000-memory.dmp	xmrig
behavioral2/memory/4484-2155-0x00007FF7272A0000-0x00007FF727691000-memory.dmp	xmrig
behavioral2/memory/2164-2162-0x00007FF609AC0000-0x00007FF609EB1000-memory.dmp	xmrig
behavioral2/memory/668-2139-0x00007FF6658D0000-0x00007FF665CC1000-memory.dmp	xmrig
behavioral2/memory/1164-2118-0x00007FF74A800000-0x00007FF74ABF1000-memory.dmp	xmrig
behavioral2/memory/396-2121-0x00007FF6F7210000-0x00007FF6F7601000-memory.dmp	xmrig
behavioral2/memory/2056-2213-0x00007FF794D10000-0x00007FF795101000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5048	UfxNxJG.exe
5108	aMYGZHY.exe
1012	ybpXinN.exe
1164	ESRmocJ.exe
4520	TbzuiVG.exe
2460	JQCUkte.exe
396	qPebaDy.exe
4788	HKwZxeK.exe
4292	iteaJoC.exe
668	gwRqvaB.exe
4484	YvmnMUv.exe
2164	AFwbLAW.exe
2660	EdivTEj.exe
3632	oRbVblF.exe
336	DOBAzOU.exe
3484	ITmsFKy.exe
3352	XJnaYMn.exe
2748	QwqfLRU.exe
4604	dvWmWCa.exe
2744	VOUWrNz.exe
1572	nsnJifm.exe
4736	vFJWjsf.exe
2880	BLasQNj.exe
2056	ItXBgBw.exe
2676	sHRnejV.exe
5036	tXheBLs.exe
4728	MPMqfls.exe
1780	fbBWiVo.exe
324	DnQjgtV.exe
3164	Dzgbrcw.exe
4808	djQtzYx.exe
4832	UGSYCEL.exe
3936	HAQyean.exe
4792	ZKeqAfP.exe
3500	nMVxEte.exe
920	uxmMXKH.exe
4956	LISYpfP.exe
4928	tOfWlbV.exe
4684	YwGSQwX.exe
4208	HLgcBPY.exe
1948	qNVZInN.exe
2564	lDSsjdt.exe
4304	kHXumVP.exe
4496	cXfVsdA.exe
856	ncltiBr.exe
2464	zZrpTtn.exe
4608	pTgQkMx.exe
2272	SpvqFMb.exe
3280	qUKWfmn.exe
2576	MukWMYU.exe
3132	hGLwKEV.exe
936	NbCTEYK.exe
544	jyuSEYl.exe
692	EoIrZLw.exe
312	vVySdnx.exe
452	UynkReb.exe
388	hmSjDQD.exe
3888	YRpdCJN.exe
3916	RyYzKpO.exe
2712	AwVNAdm.exe
3028	HyakmaK.exe
4964	yVnNnZn.exe
2320	QUjWmGI.exe
4596	ZbDBRJf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2840-0-0x00007FF685A70000-0x00007FF685E61000-memory.dmp	upx
behavioral2/files/0x000b00000002344c-4.dat	upx
behavioral2/memory/5048-7-0x00007FF6056E0000-0x00007FF605AD1000-memory.dmp	upx
behavioral2/files/0x0007000000023454-10.dat	upx
behavioral2/files/0x0007000000023455-11.dat	upx
behavioral2/memory/5108-12-0x00007FF77DDB0000-0x00007FF77E1A1000-memory.dmp	upx
behavioral2/files/0x0007000000023457-29.dat	upx
behavioral2/files/0x0007000000023458-34.dat	upx
behavioral2/files/0x0007000000023459-39.dat	upx
behavioral2/files/0x000700000002345c-54.dat	upx
behavioral2/files/0x000700000002345d-59.dat	upx
behavioral2/files/0x0007000000023461-82.dat	upx
behavioral2/files/0x0007000000023463-92.dat	upx
behavioral2/files/0x0007000000023468-114.dat	upx
behavioral2/files/0x000700000002346d-138.dat	upx
behavioral2/files/0x000700000002346f-149.dat	upx
behavioral2/memory/1164-349-0x00007FF74A800000-0x00007FF74ABF1000-memory.dmp	upx
behavioral2/memory/396-361-0x00007FF6F7210000-0x00007FF6F7601000-memory.dmp	upx
behavioral2/memory/2460-355-0x00007FF6C84C0000-0x00007FF6C88B1000-memory.dmp	upx
behavioral2/memory/4292-370-0x00007FF627310000-0x00007FF627701000-memory.dmp	upx
behavioral2/memory/4788-368-0x00007FF728F90000-0x00007FF729381000-memory.dmp	upx
behavioral2/memory/668-378-0x00007FF6658D0000-0x00007FF665CC1000-memory.dmp	upx
behavioral2/memory/4484-416-0x00007FF7272A0000-0x00007FF727691000-memory.dmp	upx
behavioral2/memory/336-434-0x00007FF62DC00000-0x00007FF62DFF1000-memory.dmp	upx
behavioral2/memory/3352-461-0x00007FF7DF9B0000-0x00007FF7DFDA1000-memory.dmp	upx
behavioral2/memory/4604-484-0x00007FF7D5DE0000-0x00007FF7D61D1000-memory.dmp	upx
behavioral2/memory/2744-487-0x00007FF65FA30000-0x00007FF65FE21000-memory.dmp	upx
behavioral2/memory/4736-503-0x00007FF60BA50000-0x00007FF60BE41000-memory.dmp	upx
behavioral2/memory/2880-505-0x00007FF6A5680000-0x00007FF6A5A71000-memory.dmp	upx
behavioral2/memory/2056-506-0x00007FF794D10000-0x00007FF795101000-memory.dmp	upx
behavioral2/memory/4520-507-0x00007FF7E96A0000-0x00007FF7E9A91000-memory.dmp	upx
behavioral2/memory/1572-501-0x00007FF762530000-0x00007FF762921000-memory.dmp	upx
behavioral2/memory/2748-483-0x00007FF61B300000-0x00007FF61B6F1000-memory.dmp	upx
behavioral2/memory/3484-449-0x00007FF7C77E0000-0x00007FF7C7BD1000-memory.dmp	upx
behavioral2/memory/3632-422-0x00007FF6D94A0000-0x00007FF6D9891000-memory.dmp	upx
behavioral2/memory/2660-419-0x00007FF74EA50000-0x00007FF74EE41000-memory.dmp	upx
behavioral2/memory/2164-418-0x00007FF609AC0000-0x00007FF609EB1000-memory.dmp	upx
behavioral2/files/0x0007000000023472-164.dat	upx
behavioral2/files/0x0007000000023471-159.dat	upx
behavioral2/files/0x0007000000023470-154.dat	upx
behavioral2/files/0x000700000002346e-144.dat	upx
behavioral2/files/0x000700000002346c-134.dat	upx
behavioral2/files/0x000700000002346b-129.dat	upx
behavioral2/files/0x000700000002346a-124.dat	upx
behavioral2/files/0x0007000000023469-119.dat	upx
behavioral2/files/0x0007000000023467-109.dat	upx
behavioral2/files/0x0007000000023466-104.dat	upx
behavioral2/files/0x0007000000023465-99.dat	upx
behavioral2/files/0x0007000000023464-94.dat	upx
behavioral2/files/0x0007000000023462-87.dat	upx
behavioral2/files/0x0007000000023460-74.dat	upx
behavioral2/files/0x000700000002345f-72.dat	upx
behavioral2/files/0x000700000002345e-64.dat	upx
behavioral2/files/0x000700000002345b-49.dat	upx
behavioral2/files/0x000700000002345a-44.dat	upx
behavioral2/files/0x0007000000023456-24.dat	upx
behavioral2/memory/1012-23-0x00007FF64DE10000-0x00007FF64E201000-memory.dmp	upx
behavioral2/memory/2840-1146-0x00007FF685A70000-0x00007FF685E61000-memory.dmp	upx
behavioral2/memory/5048-1291-0x00007FF6056E0000-0x00007FF605AD1000-memory.dmp	upx
behavioral2/memory/1012-1440-0x00007FF64DE10000-0x00007FF64E201000-memory.dmp	upx
behavioral2/memory/5108-1436-0x00007FF77DDB0000-0x00007FF77E1A1000-memory.dmp	upx
behavioral2/memory/1164-1544-0x00007FF74A800000-0x00007FF74ABF1000-memory.dmp	upx
behavioral2/memory/5048-2112-0x00007FF6056E0000-0x00007FF605AD1000-memory.dmp	upx
behavioral2/memory/5108-2114-0x00007FF77DDB0000-0x00007FF77E1A1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\cRsyTju.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\BUjdtFF.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\ATOACbR.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\uVInksk.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\oQJVdAn.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\RhCTkmG.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\GaFgVAx.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\sHRnejV.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\VskUSXH.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\kjpeUqU.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\VlNRKFZ.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\YEaQuPh.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\PhzsNhA.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\YwGSQwX.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\FEdhllA.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\idTwjDI.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\EvrYqww.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\YRpdCJN.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\MFfoHsx.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\NwhnUeT.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\BCizmhA.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\nsnJifm.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\JKBpXxe.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\mcMysHN.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\KzyMeUg.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\RFBislg.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\RwnRLav.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\SflnQil.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\iSKseyy.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\JopWAIc.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\lKzYnjv.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\dgaAMyF.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\XZBRXoD.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\Rxnuvvy.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\QggpWtJ.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\xUaMXWJ.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\ZdcuaTq.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\fSMInXx.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\MBFhyKe.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\IFxscte.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\rBoWuQj.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\oGDiRRz.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\EOMxyKt.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\WKCHJmF.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\HCRymya.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\TLkpPLQ.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\KHoZcGk.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\qPebaDy.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\GDwAgid.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\sVNUkhn.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\nxoniPO.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\kHXumVP.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\BSQVhlV.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\TVNQAGc.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\ADmRAHM.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\quiUrto.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\yGYErvj.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\PUFTeHm.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\QFuKyJa.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\qgnKFUS.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\qWcDqsH.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\XgSaYYV.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\VpmdSKS.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
File created	C:\Windows\System32\ftyhfFo.exe	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13484	dwm.exe
Token: SeChangeNotifyPrivilege	13484	dwm.exe
Token: 33	13484	dwm.exe
Token: SeIncBasePriorityPrivilege	13484	dwm.exe
Token: SeShutdownPrivilege	13484	dwm.exe
Token: SeCreatePagefilePrivilege	13484	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 5048	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	85
PID 2840 wrote to memory of 5048	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	85
PID 2840 wrote to memory of 5108	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	86
PID 2840 wrote to memory of 5108	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	86
PID 2840 wrote to memory of 1012	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	87
PID 2840 wrote to memory of 1012	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	87
PID 2840 wrote to memory of 1164	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	88
PID 2840 wrote to memory of 1164	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	88
PID 2840 wrote to memory of 4520	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	89
PID 2840 wrote to memory of 4520	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	89
PID 2840 wrote to memory of 2460	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	90
PID 2840 wrote to memory of 2460	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	90
PID 2840 wrote to memory of 396	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	91
PID 2840 wrote to memory of 396	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	91
PID 2840 wrote to memory of 4788	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	92
PID 2840 wrote to memory of 4788	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	92
PID 2840 wrote to memory of 4292	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	93
PID 2840 wrote to memory of 4292	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	93
PID 2840 wrote to memory of 668	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	94
PID 2840 wrote to memory of 668	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	94
PID 2840 wrote to memory of 4484	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	95
PID 2840 wrote to memory of 4484	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	95
PID 2840 wrote to memory of 2164	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	96
PID 2840 wrote to memory of 2164	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	96
PID 2840 wrote to memory of 2660	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	97
PID 2840 wrote to memory of 2660	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	97
PID 2840 wrote to memory of 3632	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	98
PID 2840 wrote to memory of 3632	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	98
PID 2840 wrote to memory of 336	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	99
PID 2840 wrote to memory of 336	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	99
PID 2840 wrote to memory of 3484	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	100
PID 2840 wrote to memory of 3484	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	100
PID 2840 wrote to memory of 3352	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	101
PID 2840 wrote to memory of 3352	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	101
PID 2840 wrote to memory of 2748	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	102
PID 2840 wrote to memory of 2748	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	102
PID 2840 wrote to memory of 4604	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	103
PID 2840 wrote to memory of 4604	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	103
PID 2840 wrote to memory of 2744	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	104
PID 2840 wrote to memory of 2744	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	104
PID 2840 wrote to memory of 1572	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	105
PID 2840 wrote to memory of 1572	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	105
PID 2840 wrote to memory of 4736	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	106
PID 2840 wrote to memory of 4736	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	106
PID 2840 wrote to memory of 2880	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	107
PID 2840 wrote to memory of 2880	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	107
PID 2840 wrote to memory of 2056	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	108
PID 2840 wrote to memory of 2056	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	108
PID 2840 wrote to memory of 2676	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	109
PID 2840 wrote to memory of 2676	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	109
PID 2840 wrote to memory of 5036	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	110
PID 2840 wrote to memory of 5036	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	110
PID 2840 wrote to memory of 4728	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	111
PID 2840 wrote to memory of 4728	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	111
PID 2840 wrote to memory of 1780	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	112
PID 2840 wrote to memory of 1780	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	112
PID 2840 wrote to memory of 324	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	113
PID 2840 wrote to memory of 324	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	113
PID 2840 wrote to memory of 3164	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	114
PID 2840 wrote to memory of 3164	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	114
PID 2840 wrote to memory of 4808	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	115
PID 2840 wrote to memory of 4808	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	115
PID 2840 wrote to memory of 4832	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	116
PID 2840 wrote to memory of 4832	2840	ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe	116

C:\Users\Admin\AppData\Local\Temp\ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe
"C:\Users\Admin\AppData\Local\Temp\ab2526c3112837669b1a4a23d5f88b0f9ada0cf72d9b9b4815552984a71c2e9f.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\System32\UfxNxJG.exe
  C:\Windows\System32\UfxNxJG.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System32\aMYGZHY.exe
  C:\Windows\System32\aMYGZHY.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System32\ybpXinN.exe
  C:\Windows\System32\ybpXinN.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System32\ESRmocJ.exe
  C:\Windows\System32\ESRmocJ.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System32\TbzuiVG.exe
  C:\Windows\System32\TbzuiVG.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System32\JQCUkte.exe
  C:\Windows\System32\JQCUkte.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System32\qPebaDy.exe
  C:\Windows\System32\qPebaDy.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System32\HKwZxeK.exe
  C:\Windows\System32\HKwZxeK.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System32\iteaJoC.exe
  C:\Windows\System32\iteaJoC.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System32\gwRqvaB.exe
  C:\Windows\System32\gwRqvaB.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System32\YvmnMUv.exe
  C:\Windows\System32\YvmnMUv.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System32\AFwbLAW.exe
  C:\Windows\System32\AFwbLAW.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System32\EdivTEj.exe
  C:\Windows\System32\EdivTEj.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System32\oRbVblF.exe
  C:\Windows\System32\oRbVblF.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System32\DOBAzOU.exe
  C:\Windows\System32\DOBAzOU.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System32\ITmsFKy.exe
  C:\Windows\System32\ITmsFKy.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System32\XJnaYMn.exe
  C:\Windows\System32\XJnaYMn.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System32\QwqfLRU.exe
  C:\Windows\System32\QwqfLRU.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System32\dvWmWCa.exe
  C:\Windows\System32\dvWmWCa.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System32\VOUWrNz.exe
  C:\Windows\System32\VOUWrNz.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System32\nsnJifm.exe
  C:\Windows\System32\nsnJifm.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System32\vFJWjsf.exe
  C:\Windows\System32\vFJWjsf.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System32\BLasQNj.exe
  C:\Windows\System32\BLasQNj.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System32\ItXBgBw.exe
  C:\Windows\System32\ItXBgBw.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System32\sHRnejV.exe
  C:\Windows\System32\sHRnejV.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System32\tXheBLs.exe
  C:\Windows\System32\tXheBLs.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System32\MPMqfls.exe
  C:\Windows\System32\MPMqfls.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System32\fbBWiVo.exe
  C:\Windows\System32\fbBWiVo.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System32\DnQjgtV.exe
  C:\Windows\System32\DnQjgtV.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System32\Dzgbrcw.exe
  C:\Windows\System32\Dzgbrcw.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System32\djQtzYx.exe
  C:\Windows\System32\djQtzYx.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System32\UGSYCEL.exe
  C:\Windows\System32\UGSYCEL.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System32\HAQyean.exe
  C:\Windows\System32\HAQyean.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System32\ZKeqAfP.exe
  C:\Windows\System32\ZKeqAfP.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System32\nMVxEte.exe
  C:\Windows\System32\nMVxEte.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System32\uxmMXKH.exe
  C:\Windows\System32\uxmMXKH.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System32\LISYpfP.exe
  C:\Windows\System32\LISYpfP.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System32\tOfWlbV.exe
  C:\Windows\System32\tOfWlbV.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System32\YwGSQwX.exe
  C:\Windows\System32\YwGSQwX.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System32\HLgcBPY.exe
  C:\Windows\System32\HLgcBPY.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System32\qNVZInN.exe
  C:\Windows\System32\qNVZInN.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System32\lDSsjdt.exe
  C:\Windows\System32\lDSsjdt.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System32\kHXumVP.exe
  C:\Windows\System32\kHXumVP.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System32\cXfVsdA.exe
  C:\Windows\System32\cXfVsdA.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System32\ncltiBr.exe
  C:\Windows\System32\ncltiBr.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System32\zZrpTtn.exe
  C:\Windows\System32\zZrpTtn.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System32\pTgQkMx.exe
  C:\Windows\System32\pTgQkMx.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System32\SpvqFMb.exe
  C:\Windows\System32\SpvqFMb.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System32\qUKWfmn.exe
  C:\Windows\System32\qUKWfmn.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System32\MukWMYU.exe
  C:\Windows\System32\MukWMYU.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System32\hGLwKEV.exe
  C:\Windows\System32\hGLwKEV.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System32\NbCTEYK.exe
  C:\Windows\System32\NbCTEYK.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System32\jyuSEYl.exe
  C:\Windows\System32\jyuSEYl.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System32\EoIrZLw.exe
  C:\Windows\System32\EoIrZLw.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System32\vVySdnx.exe
  C:\Windows\System32\vVySdnx.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System32\UynkReb.exe
  C:\Windows\System32\UynkReb.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System32\hmSjDQD.exe
  C:\Windows\System32\hmSjDQD.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System32\YRpdCJN.exe
  C:\Windows\System32\YRpdCJN.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System32\RyYzKpO.exe
  C:\Windows\System32\RyYzKpO.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System32\AwVNAdm.exe
  C:\Windows\System32\AwVNAdm.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System32\HyakmaK.exe
  C:\Windows\System32\HyakmaK.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System32\yVnNnZn.exe
  C:\Windows\System32\yVnNnZn.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System32\QUjWmGI.exe
  C:\Windows\System32\QUjWmGI.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System32\ZbDBRJf.exe
  C:\Windows\System32\ZbDBRJf.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System32\URxpTQX.exe
  C:\Windows\System32\URxpTQX.exe
  2⤵
  PID:4904
- C:\Windows\System32\nhwZcEx.exe
  C:\Windows\System32\nhwZcEx.exe
  2⤵
  PID:4544
- C:\Windows\System32\YjhzWOO.exe
  C:\Windows\System32\YjhzWOO.exe
  2⤵
  PID:4064
- C:\Windows\System32\DLUyGOc.exe
  C:\Windows\System32\DLUyGOc.exe
  2⤵
  PID:3544
- C:\Windows\System32\THatPpO.exe
  C:\Windows\System32\THatPpO.exe
  2⤵
  PID:3488
- C:\Windows\System32\kTTiFcK.exe
  C:\Windows\System32\kTTiFcK.exe
  2⤵
  PID:4348
- C:\Windows\System32\wSMykmO.exe
  C:\Windows\System32\wSMykmO.exe
  2⤵
  PID:4024
- C:\Windows\System32\AoyuCCE.exe
  C:\Windows\System32\AoyuCCE.exe
  2⤵
  PID:4888
- C:\Windows\System32\KVAfbEz.exe
  C:\Windows\System32\KVAfbEz.exe
  2⤵
  PID:5052
- C:\Windows\System32\eNGfbeN.exe
  C:\Windows\System32\eNGfbeN.exe
  2⤵
  PID:3388
- C:\Windows\System32\JkhYSOl.exe
  C:\Windows\System32\JkhYSOl.exe
  2⤵
  PID:1332
- C:\Windows\System32\dXDXrLc.exe
  C:\Windows\System32\dXDXrLc.exe
  2⤵
  PID:4716
- C:\Windows\System32\JoebiOn.exe
  C:\Windows\System32\JoebiOn.exe
  2⤵
  PID:5152
- C:\Windows\System32\PJergcd.exe
  C:\Windows\System32\PJergcd.exe
  2⤵
  PID:5180
- C:\Windows\System32\MJvuvpm.exe
  C:\Windows\System32\MJvuvpm.exe
  2⤵
  PID:5196
- C:\Windows\System32\sgwdbQt.exe
  C:\Windows\System32\sgwdbQt.exe
  2⤵
  PID:5228
- C:\Windows\System32\WwmNubA.exe
  C:\Windows\System32\WwmNubA.exe
  2⤵
  PID:5252
- C:\Windows\System32\qTiLyyV.exe
  C:\Windows\System32\qTiLyyV.exe
  2⤵
  PID:5292
- C:\Windows\System32\ShIRQge.exe
  C:\Windows\System32\ShIRQge.exe
  2⤵
  PID:5320
- C:\Windows\System32\tVUGPnp.exe
  C:\Windows\System32\tVUGPnp.exe
  2⤵
  PID:5344
- C:\Windows\System32\fSMInXx.exe
  C:\Windows\System32\fSMInXx.exe
  2⤵
  PID:5376
- C:\Windows\System32\CkmnhpT.exe
  C:\Windows\System32\CkmnhpT.exe
  2⤵
  PID:5400
- C:\Windows\System32\cQEXDMn.exe
  C:\Windows\System32\cQEXDMn.exe
  2⤵
  PID:5424
- C:\Windows\System32\MCVXarp.exe
  C:\Windows\System32\MCVXarp.exe
  2⤵
  PID:5448
- C:\Windows\System32\VskUSXH.exe
  C:\Windows\System32\VskUSXH.exe
  2⤵
  PID:5488
- C:\Windows\System32\EYLYbGd.exe
  C:\Windows\System32\EYLYbGd.exe
  2⤵
  PID:5512
- C:\Windows\System32\OALJbeD.exe
  C:\Windows\System32\OALJbeD.exe
  2⤵
  PID:5540
- C:\Windows\System32\YmjqnDT.exe
  C:\Windows\System32\YmjqnDT.exe
  2⤵
  PID:5564
- C:\Windows\System32\xZwPZFF.exe
  C:\Windows\System32\xZwPZFF.exe
  2⤵
  PID:5588
- C:\Windows\System32\vMklWXM.exe
  C:\Windows\System32\vMklWXM.exe
  2⤵
  PID:5856
- C:\Windows\System32\pepZkCC.exe
  C:\Windows\System32\pepZkCC.exe
  2⤵
  PID:5880
- C:\Windows\System32\ERGWwCW.exe
  C:\Windows\System32\ERGWwCW.exe
  2⤵
  PID:5896
- C:\Windows\System32\ohMFLlF.exe
  C:\Windows\System32\ohMFLlF.exe
  2⤵
  PID:5912
- C:\Windows\System32\NeQwrEj.exe
  C:\Windows\System32\NeQwrEj.exe
  2⤵
  PID:5936
- C:\Windows\System32\VFrhDUa.exe
  C:\Windows\System32\VFrhDUa.exe
  2⤵
  PID:5972
- C:\Windows\System32\uVInksk.exe
  C:\Windows\System32\uVInksk.exe
  2⤵
  PID:5996
- C:\Windows\System32\guUVotz.exe
  C:\Windows\System32\guUVotz.exe
  2⤵
  PID:6048
- C:\Windows\System32\aXhANqC.exe
  C:\Windows\System32\aXhANqC.exe
  2⤵
  PID:6084
- C:\Windows\System32\WXKqeBG.exe
  C:\Windows\System32\WXKqeBG.exe
  2⤵
  PID:6108
- C:\Windows\System32\qJIauUM.exe
  C:\Windows\System32\qJIauUM.exe
  2⤵
  PID:4100
- C:\Windows\System32\mlabrdp.exe
  C:\Windows\System32\mlabrdp.exe
  2⤵
  PID:4828
- C:\Windows\System32\oCqLYgN.exe
  C:\Windows\System32\oCqLYgN.exe
  2⤵
  PID:3052
- C:\Windows\System32\iOomJTZ.exe
  C:\Windows\System32\iOomJTZ.exe
  2⤵
  PID:1476
- C:\Windows\System32\wKoWlxV.exe
  C:\Windows\System32\wKoWlxV.exe
  2⤵
  PID:5128
- C:\Windows\System32\PLSBWsV.exe
  C:\Windows\System32\PLSBWsV.exe
  2⤵
  PID:1340
- C:\Windows\System32\qFAUWSi.exe
  C:\Windows\System32\qFAUWSi.exe
  2⤵
  PID:5208
- C:\Windows\System32\McGhcOU.exe
  C:\Windows\System32\McGhcOU.exe
  2⤵
  PID:5244
- C:\Windows\System32\TjxBpNA.exe
  C:\Windows\System32\TjxBpNA.exe
  2⤵
  PID:5280
- C:\Windows\System32\XVWLrfJ.exe
  C:\Windows\System32\XVWLrfJ.exe
  2⤵
  PID:5304
- C:\Windows\System32\cMFRrmk.exe
  C:\Windows\System32\cMFRrmk.exe
  2⤵
  PID:5328
- C:\Windows\System32\xbuDUXY.exe
  C:\Windows\System32\xbuDUXY.exe
  2⤵
  PID:5016
- C:\Windows\System32\vFaqHWR.exe
  C:\Windows\System32\vFaqHWR.exe
  2⤵
  PID:3764
- C:\Windows\System32\oprPDDp.exe
  C:\Windows\System32\oprPDDp.exe
  2⤵
  PID:5056
- C:\Windows\System32\cuRHSAm.exe
  C:\Windows\System32\cuRHSAm.exe
  2⤵
  PID:4048
- C:\Windows\System32\xWaWZIR.exe
  C:\Windows\System32\xWaWZIR.exe
  2⤵
  PID:5476
- C:\Windows\System32\sHibGAX.exe
  C:\Windows\System32\sHibGAX.exe
  2⤵
  PID:3780
- C:\Windows\System32\CUHNcmc.exe
  C:\Windows\System32\CUHNcmc.exe
  2⤵
  PID:1320
- C:\Windows\System32\QgOmWqn.exe
  C:\Windows\System32\QgOmWqn.exe
  2⤵
  PID:852
- C:\Windows\System32\UBiJoMF.exe
  C:\Windows\System32\UBiJoMF.exe
  2⤵
  PID:708
- C:\Windows\System32\RRRSfUs.exe
  C:\Windows\System32\RRRSfUs.exe
  2⤵
  PID:3024
- C:\Windows\System32\AwvNCyQ.exe
  C:\Windows\System32\AwvNCyQ.exe
  2⤵
  PID:4692
- C:\Windows\System32\tGtpbeX.exe
  C:\Windows\System32\tGtpbeX.exe
  2⤵
  PID:4440
- C:\Windows\System32\COdyWnn.exe
  C:\Windows\System32\COdyWnn.exe
  2⤵
  PID:4508
- C:\Windows\System32\KsDRleu.exe
  C:\Windows\System32\KsDRleu.exe
  2⤵
  PID:5676
- C:\Windows\System32\PUFTeHm.exe
  C:\Windows\System32\PUFTeHm.exe
  2⤵
  PID:5696
- C:\Windows\System32\uIPbWtb.exe
  C:\Windows\System32\uIPbWtb.exe
  2⤵
  PID:5728
- C:\Windows\System32\QXkfQuJ.exe
  C:\Windows\System32\QXkfQuJ.exe
  2⤵
  PID:5752
- C:\Windows\System32\gxXkOfz.exe
  C:\Windows\System32\gxXkOfz.exe
  2⤵
  PID:5772
- C:\Windows\System32\hiUItRu.exe
  C:\Windows\System32\hiUItRu.exe
  2⤵
  PID:5788
- C:\Windows\System32\SflnQil.exe
  C:\Windows\System32\SflnQil.exe
  2⤵
  PID:5804
- C:\Windows\System32\SOeTLVE.exe
  C:\Windows\System32\SOeTLVE.exe
  2⤵
  PID:5824
- C:\Windows\System32\qiqwTUC.exe
  C:\Windows\System32\qiqwTUC.exe
  2⤵
  PID:2192
- C:\Windows\System32\CeTmocT.exe
  C:\Windows\System32\CeTmocT.exe
  2⤵
  PID:5852
- C:\Windows\System32\CqyrqEh.exe
  C:\Windows\System32\CqyrqEh.exe
  2⤵
  PID:5888
- C:\Windows\System32\UJqyseQ.exe
  C:\Windows\System32\UJqyseQ.exe
  2⤵
  PID:1848
- C:\Windows\System32\dbyidMw.exe
  C:\Windows\System32\dbyidMw.exe
  2⤵
  PID:528
- C:\Windows\System32\xPtzlOz.exe
  C:\Windows\System32\xPtzlOz.exe
  2⤵
  PID:5236
- C:\Windows\System32\ZpOcvmD.exe
  C:\Windows\System32\ZpOcvmD.exe
  2⤵
  PID:1804
- C:\Windows\System32\sZWqObP.exe
  C:\Windows\System32\sZWqObP.exe
  2⤵
  PID:5352
- C:\Windows\System32\nRlWAvW.exe
  C:\Windows\System32\nRlWAvW.exe
  2⤵
  PID:2432
- C:\Windows\System32\Fvyuuwj.exe
  C:\Windows\System32\Fvyuuwj.exe
  2⤵
  PID:5868
- C:\Windows\System32\RClWdxj.exe
  C:\Windows\System32\RClWdxj.exe
  2⤵
  PID:4600
- C:\Windows\System32\pxtcanC.exe
  C:\Windows\System32\pxtcanC.exe
  2⤵
  PID:5496
- C:\Windows\System32\BSQVhlV.exe
  C:\Windows\System32\BSQVhlV.exe
  2⤵
  PID:1144
- C:\Windows\System32\ULBPAId.exe
  C:\Windows\System32\ULBPAId.exe
  2⤵
  PID:3032
- C:\Windows\System32\EcsiYit.exe
  C:\Windows\System32\EcsiYit.exe
  2⤵
  PID:5964
- C:\Windows\System32\rJbDDDe.exe
  C:\Windows\System32\rJbDDDe.exe
  2⤵
  PID:5836
- C:\Windows\System32\rKlCjNY.exe
  C:\Windows\System32\rKlCjNY.exe
  2⤵
  PID:5784
- C:\Windows\System32\xbfDISk.exe
  C:\Windows\System32\xbfDISk.exe
  2⤵
  PID:5672
- C:\Windows\System32\hhXvImL.exe
  C:\Windows\System32\hhXvImL.exe
  2⤵
  PID:5704
- C:\Windows\System32\TFBxmEP.exe
  C:\Windows\System32\TFBxmEP.exe
  2⤵
  PID:6124
- C:\Windows\System32\xjXQncU.exe
  C:\Windows\System32\xjXQncU.exe
  2⤵
  PID:6096
- C:\Windows\System32\VCSoFyt.exe
  C:\Windows\System32\VCSoFyt.exe
  2⤵
  PID:1404
- C:\Windows\System32\Oeflndg.exe
  C:\Windows\System32\Oeflndg.exe
  2⤵
  PID:4448
- C:\Windows\System32\xyrsjXi.exe
  C:\Windows\System32\xyrsjXi.exe
  2⤵
  PID:3264
- C:\Windows\System32\Gnqjxth.exe
  C:\Windows\System32\Gnqjxth.exe
  2⤵
  PID:4372
- C:\Windows\System32\pWlXBDe.exe
  C:\Windows\System32\pWlXBDe.exe
  2⤵
  PID:840
- C:\Windows\System32\rFsqFGr.exe
  C:\Windows\System32\rFsqFGr.exe
  2⤵
  PID:2696
- C:\Windows\System32\AozVyxW.exe
  C:\Windows\System32\AozVyxW.exe
  2⤵
  PID:5684
- C:\Windows\System32\mhgAmEM.exe
  C:\Windows\System32\mhgAmEM.exe
  2⤵
  PID:5948
- C:\Windows\System32\bmOKItE.exe
  C:\Windows\System32\bmOKItE.exe
  2⤵
  PID:6004
- C:\Windows\System32\aBgAjMO.exe
  C:\Windows\System32\aBgAjMO.exe
  2⤵
  PID:6040
- C:\Windows\System32\vErYeKf.exe
  C:\Windows\System32\vErYeKf.exe
  2⤵
  PID:4352
- C:\Windows\System32\PieDmiF.exe
  C:\Windows\System32\PieDmiF.exe
  2⤵
  PID:5460
- C:\Windows\System32\GDwAgid.exe
  C:\Windows\System32\GDwAgid.exe
  2⤵
  PID:5668
- C:\Windows\System32\QsBVBNt.exe
  C:\Windows\System32\QsBVBNt.exe
  2⤵
  PID:5044
- C:\Windows\System32\FEdhllA.exe
  C:\Windows\System32\FEdhllA.exe
  2⤵
  PID:5164
- C:\Windows\System32\QGxiMIJ.exe
  C:\Windows\System32\QGxiMIJ.exe
  2⤵
  PID:6192
- C:\Windows\System32\llTpQEX.exe
  C:\Windows\System32\llTpQEX.exe
  2⤵
  PID:6224
- C:\Windows\System32\gCGadyE.exe
  C:\Windows\System32\gCGadyE.exe
  2⤵
  PID:6244
- C:\Windows\System32\GjBYxcS.exe
  C:\Windows\System32\GjBYxcS.exe
  2⤵
  PID:6272
- C:\Windows\System32\TVNQAGc.exe
  C:\Windows\System32\TVNQAGc.exe
  2⤵
  PID:6292
- C:\Windows\System32\QnefywJ.exe
  C:\Windows\System32\QnefywJ.exe
  2⤵
  PID:6320
- C:\Windows\System32\aupNuxA.exe
  C:\Windows\System32\aupNuxA.exe
  2⤵
  PID:6372
- C:\Windows\System32\iPYmmaK.exe
  C:\Windows\System32\iPYmmaK.exe
  2⤵
  PID:6404
- C:\Windows\System32\oQnkwke.exe
  C:\Windows\System32\oQnkwke.exe
  2⤵
  PID:6424
- C:\Windows\System32\ePrYaWt.exe
  C:\Windows\System32\ePrYaWt.exe
  2⤵
  PID:6448
- C:\Windows\System32\lkitQJF.exe
  C:\Windows\System32\lkitQJF.exe
  2⤵
  PID:6472
- C:\Windows\System32\AInDqAT.exe
  C:\Windows\System32\AInDqAT.exe
  2⤵
  PID:6496
- C:\Windows\System32\Jvzxkbk.exe
  C:\Windows\System32\Jvzxkbk.exe
  2⤵
  PID:6516
- C:\Windows\System32\TLkpPLQ.exe
  C:\Windows\System32\TLkpPLQ.exe
  2⤵
  PID:6532
- C:\Windows\System32\qyKTZRh.exe
  C:\Windows\System32\qyKTZRh.exe
  2⤵
  PID:6552
- C:\Windows\System32\RDXnxRt.exe
  C:\Windows\System32\RDXnxRt.exe
  2⤵
  PID:6608
- C:\Windows\System32\NufRTrQ.exe
  C:\Windows\System32\NufRTrQ.exe
  2⤵
  PID:6664
- C:\Windows\System32\npPWdPa.exe
  C:\Windows\System32\npPWdPa.exe
  2⤵
  PID:6692
- C:\Windows\System32\EQHycae.exe
  C:\Windows\System32\EQHycae.exe
  2⤵
  PID:6748
- C:\Windows\System32\MFfoHsx.exe
  C:\Windows\System32\MFfoHsx.exe
  2⤵
  PID:6776
- C:\Windows\System32\cDaEMwS.exe
  C:\Windows\System32\cDaEMwS.exe
  2⤵
  PID:6796
- C:\Windows\System32\OgbYPos.exe
  C:\Windows\System32\OgbYPos.exe
  2⤵
  PID:6820
- C:\Windows\System32\enZiXrZ.exe
  C:\Windows\System32\enZiXrZ.exe
  2⤵
  PID:6876
- C:\Windows\System32\eulzPgY.exe
  C:\Windows\System32\eulzPgY.exe
  2⤵
  PID:6904
- C:\Windows\System32\idTwjDI.exe
  C:\Windows\System32\idTwjDI.exe
  2⤵
  PID:6924
- C:\Windows\System32\kgFHJPv.exe
  C:\Windows\System32\kgFHJPv.exe
  2⤵
  PID:6960
- C:\Windows\System32\RggylPX.exe
  C:\Windows\System32\RggylPX.exe
  2⤵
  PID:6984
- C:\Windows\System32\vvVKgHQ.exe
  C:\Windows\System32\vvVKgHQ.exe
  2⤵
  PID:7008
- C:\Windows\System32\xjqRsyF.exe
  C:\Windows\System32\xjqRsyF.exe
  2⤵
  PID:7048
- C:\Windows\System32\ycjwaTy.exe
  C:\Windows\System32\ycjwaTy.exe
  2⤵
  PID:7076
- C:\Windows\System32\PmUQhDm.exe
  C:\Windows\System32\PmUQhDm.exe
  2⤵
  PID:7100
- C:\Windows\System32\gMpEdAn.exe
  C:\Windows\System32\gMpEdAn.exe
  2⤵
  PID:7120
- C:\Windows\System32\YjlWJpv.exe
  C:\Windows\System32\YjlWJpv.exe
  2⤵
  PID:7148
- C:\Windows\System32\OgDTYXf.exe
  C:\Windows\System32\OgDTYXf.exe
  2⤵
  PID:900
- C:\Windows\System32\vvijwAV.exe
  C:\Windows\System32\vvijwAV.exe
  2⤵
  PID:3708
- C:\Windows\System32\kCBVxUy.exe
  C:\Windows\System32\kCBVxUy.exe
  2⤵
  PID:6216
- C:\Windows\System32\TYwAJzr.exe
  C:\Windows\System32\TYwAJzr.exe
  2⤵
  PID:6348
- C:\Windows\System32\kEKlvUk.exe
  C:\Windows\System32\kEKlvUk.exe
  2⤵
  PID:6388
- C:\Windows\System32\lLuSUIm.exe
  C:\Windows\System32\lLuSUIm.exe
  2⤵
  PID:6440
- C:\Windows\System32\tFczbID.exe
  C:\Windows\System32\tFczbID.exe
  2⤵
  PID:6460
- C:\Windows\System32\kjpeUqU.exe
  C:\Windows\System32\kjpeUqU.exe
  2⤵
  PID:6492
- C:\Windows\System32\HWUOVax.exe
  C:\Windows\System32\HWUOVax.exe
  2⤵
  PID:6564
- C:\Windows\System32\iSKseyy.exe
  C:\Windows\System32\iSKseyy.exe
  2⤵
  PID:6660
- C:\Windows\System32\xXySSMb.exe
  C:\Windows\System32\xXySSMb.exe
  2⤵
  PID:6816
- C:\Windows\System32\XuodxEL.exe
  C:\Windows\System32\XuodxEL.exe
  2⤵
  PID:6856
- C:\Windows\System32\uKPEsFH.exe
  C:\Windows\System32\uKPEsFH.exe
  2⤵
  PID:6912
- C:\Windows\System32\MwiGxTR.exe
  C:\Windows\System32\MwiGxTR.exe
  2⤵
  PID:6936
- C:\Windows\System32\oQJVdAn.exe
  C:\Windows\System32\oQJVdAn.exe
  2⤵
  PID:7068
- C:\Windows\System32\yxWAMJo.exe
  C:\Windows\System32\yxWAMJo.exe
  2⤵
  PID:7116
- C:\Windows\System32\CrEVgUV.exe
  C:\Windows\System32\CrEVgUV.exe
  2⤵
  PID:7140
- C:\Windows\System32\hRcUZvV.exe
  C:\Windows\System32\hRcUZvV.exe
  2⤵
  PID:6332
- C:\Windows\System32\NPChrmt.exe
  C:\Windows\System32\NPChrmt.exe
  2⤵
  PID:6400
- C:\Windows\System32\JkYImCu.exe
  C:\Windows\System32\JkYImCu.exe
  2⤵
  PID:6640
- C:\Windows\System32\pxzWlQF.exe
  C:\Windows\System32\pxzWlQF.exe
  2⤵
  PID:6708
- C:\Windows\System32\WjnxOpn.exe
  C:\Windows\System32\WjnxOpn.exe
  2⤵
  PID:6996
- C:\Windows\System32\ADmRAHM.exe
  C:\Windows\System32\ADmRAHM.exe
  2⤵
  PID:7020
- C:\Windows\System32\BjwLGUj.exe
  C:\Windows\System32\BjwLGUj.exe
  2⤵
  PID:7160
- C:\Windows\System32\fGVsyxp.exe
  C:\Windows\System32\fGVsyxp.exe
  2⤵
  PID:6420
- C:\Windows\System32\uNHeOVd.exe
  C:\Windows\System32\uNHeOVd.exe
  2⤵
  PID:6580
- C:\Windows\System32\sVNUkhn.exe
  C:\Windows\System32\sVNUkhn.exe
  2⤵
  PID:7208
- C:\Windows\System32\RHqBrkm.exe
  C:\Windows\System32\RHqBrkm.exe
  2⤵
  PID:7232
- C:\Windows\System32\FKdKXGG.exe
  C:\Windows\System32\FKdKXGG.exe
  2⤵
  PID:7248
- C:\Windows\System32\fGrMemL.exe
  C:\Windows\System32\fGrMemL.exe
  2⤵
  PID:7264
- C:\Windows\System32\adIxktc.exe
  C:\Windows\System32\adIxktc.exe
  2⤵
  PID:7280
- C:\Windows\System32\rrXHwnw.exe
  C:\Windows\System32\rrXHwnw.exe
  2⤵
  PID:7296
- C:\Windows\System32\JKBpXxe.exe
  C:\Windows\System32\JKBpXxe.exe
  2⤵
  PID:7312
- C:\Windows\System32\KxJSLdZ.exe
  C:\Windows\System32\KxJSLdZ.exe
  2⤵
  PID:7336
- C:\Windows\System32\nWRxnYa.exe
  C:\Windows\System32\nWRxnYa.exe
  2⤵
  PID:7444
- C:\Windows\System32\kKosfZK.exe
  C:\Windows\System32\kKosfZK.exe
  2⤵
  PID:7532
- C:\Windows\System32\FSfGGco.exe
  C:\Windows\System32\FSfGGco.exe
  2⤵
  PID:7548
- C:\Windows\System32\KHoZcGk.exe
  C:\Windows\System32\KHoZcGk.exe
  2⤵
  PID:7568
- C:\Windows\System32\JTVFnvS.exe
  C:\Windows\System32\JTVFnvS.exe
  2⤵
  PID:7608
- C:\Windows\System32\hgcjaMu.exe
  C:\Windows\System32\hgcjaMu.exe
  2⤵
  PID:7688
- C:\Windows\System32\dslKJbN.exe
  C:\Windows\System32\dslKJbN.exe
  2⤵
  PID:7708
- C:\Windows\System32\JopWAIc.exe
  C:\Windows\System32\JopWAIc.exe
  2⤵
  PID:7728
- C:\Windows\System32\KXIjVHL.exe
  C:\Windows\System32\KXIjVHL.exe
  2⤵
  PID:7756
- C:\Windows\System32\QOYYZPd.exe
  C:\Windows\System32\QOYYZPd.exe
  2⤵
  PID:7784
- C:\Windows\System32\DLSbDXf.exe
  C:\Windows\System32\DLSbDXf.exe
  2⤵
  PID:7800
- C:\Windows\System32\prkQncb.exe
  C:\Windows\System32\prkQncb.exe
  2⤵
  PID:7820
- C:\Windows\System32\UgjgejO.exe
  C:\Windows\System32\UgjgejO.exe
  2⤵
  PID:7844
- C:\Windows\System32\mIlCFBM.exe
  C:\Windows\System32\mIlCFBM.exe
  2⤵
  PID:7872
- C:\Windows\System32\rNdbFaJ.exe
  C:\Windows\System32\rNdbFaJ.exe
  2⤵
  PID:7900
- C:\Windows\System32\bkCOTUn.exe
  C:\Windows\System32\bkCOTUn.exe
  2⤵
  PID:7920
- C:\Windows\System32\FBiDurp.exe
  C:\Windows\System32\FBiDurp.exe
  2⤵
  PID:7936
- C:\Windows\System32\lKzYnjv.exe
  C:\Windows\System32\lKzYnjv.exe
  2⤵
  PID:7992
- C:\Windows\System32\kOdnuFw.exe
  C:\Windows\System32\kOdnuFw.exe
  2⤵
  PID:8068
- C:\Windows\System32\ItNdVvU.exe
  C:\Windows\System32\ItNdVvU.exe
  2⤵
  PID:8088
- C:\Windows\System32\qoJXdyr.exe
  C:\Windows\System32\qoJXdyr.exe
  2⤵
  PID:8112
- C:\Windows\System32\blnXlKo.exe
  C:\Windows\System32\blnXlKo.exe
  2⤵
  PID:8128
- C:\Windows\System32\VZMvGaZ.exe
  C:\Windows\System32\VZMvGaZ.exe
  2⤵
  PID:8152
- C:\Windows\System32\CywrzYf.exe
  C:\Windows\System32\CywrzYf.exe
  2⤵
  PID:8168
- C:\Windows\System32\oGtveIk.exe
  C:\Windows\System32\oGtveIk.exe
  2⤵
  PID:6900
- C:\Windows\System32\GeobkpY.exe
  C:\Windows\System32\GeobkpY.exe
  2⤵
  PID:5920
- C:\Windows\System32\FAToNYL.exe
  C:\Windows\System32\FAToNYL.exe
  2⤵
  PID:6488
- C:\Windows\System32\KdFNgbM.exe
  C:\Windows\System32\KdFNgbM.exe
  2⤵
  PID:7368
- C:\Windows\System32\iDbWmeH.exe
  C:\Windows\System32\iDbWmeH.exe
  2⤵
  PID:7292
- C:\Windows\System32\ohCRadV.exe
  C:\Windows\System32\ohCRadV.exe
  2⤵
  PID:7396
- C:\Windows\System32\UFDXyMU.exe
  C:\Windows\System32\UFDXyMU.exe
  2⤵
  PID:7348
- C:\Windows\System32\wSDwKIU.exe
  C:\Windows\System32\wSDwKIU.exe
  2⤵
  PID:7520
- C:\Windows\System32\TAFJnoo.exe
  C:\Windows\System32\TAFJnoo.exe
  2⤵
  PID:7544
- C:\Windows\System32\NPStGwd.exe
  C:\Windows\System32\NPStGwd.exe
  2⤵
  PID:7484
- C:\Windows\System32\aaLCirI.exe
  C:\Windows\System32\aaLCirI.exe
  2⤵
  PID:7580
- C:\Windows\System32\ofqpSxh.exe
  C:\Windows\System32\ofqpSxh.exe
  2⤵
  PID:7596
- C:\Windows\System32\jAmKUJp.exe
  C:\Windows\System32\jAmKUJp.exe
  2⤵
  PID:7656
- C:\Windows\System32\zuvkKWl.exe
  C:\Windows\System32\zuvkKWl.exe
  2⤵
  PID:7736
- C:\Windows\System32\QFuKyJa.exe
  C:\Windows\System32\QFuKyJa.exe
  2⤵
  PID:7780
- C:\Windows\System32\kwEMQOe.exe
  C:\Windows\System32\kwEMQOe.exe
  2⤵
  PID:7812
- C:\Windows\System32\qLmPBhH.exe
  C:\Windows\System32\qLmPBhH.exe
  2⤵
  PID:7964
- C:\Windows\System32\EduQulm.exe
  C:\Windows\System32\EduQulm.exe
  2⤵
  PID:7948
- C:\Windows\System32\KjrPFKt.exe
  C:\Windows\System32\KjrPFKt.exe
  2⤵
  PID:8024
- C:\Windows\System32\AfIxZNQ.exe
  C:\Windows\System32\AfIxZNQ.exe
  2⤵
  PID:8096
- C:\Windows\System32\wjchcEw.exe
  C:\Windows\System32\wjchcEw.exe
  2⤵
  PID:8148
- C:\Windows\System32\ysPLuNv.exe
  C:\Windows\System32\ysPLuNv.exe
  2⤵
  PID:6916
- C:\Windows\System32\NqvqrDH.exe
  C:\Windows\System32\NqvqrDH.exe
  2⤵
  PID:7420
- C:\Windows\System32\PlNMgTi.exe
  C:\Windows\System32\PlNMgTi.exe
  2⤵
  PID:7376
- C:\Windows\System32\paFwFRL.exe
  C:\Windows\System32\paFwFRL.exe
  2⤵
  PID:7472
- C:\Windows\System32\eNEGLzb.exe
  C:\Windows\System32\eNEGLzb.exe
  2⤵
  PID:7748
- C:\Windows\System32\NutASUv.exe
  C:\Windows\System32\NutASUv.exe
  2⤵
  PID:7796
- C:\Windows\System32\mIlEfxA.exe
  C:\Windows\System32\mIlEfxA.exe
  2⤵
  PID:7980
- C:\Windows\System32\bwXhCOG.exe
  C:\Windows\System32\bwXhCOG.exe
  2⤵
  PID:8104
- C:\Windows\System32\wKBcULo.exe
  C:\Windows\System32\wKBcULo.exe
  2⤵
  PID:8124
- C:\Windows\System32\ltkxZeL.exe
  C:\Windows\System32\ltkxZeL.exe
  2⤵
  PID:7672
- C:\Windows\System32\GZvakFf.exe
  C:\Windows\System32\GZvakFf.exe
  2⤵
  PID:8080
- C:\Windows\System32\ZsDrfoy.exe
  C:\Windows\System32\ZsDrfoy.exe
  2⤵
  PID:7588
- C:\Windows\System32\dqSfaUb.exe
  C:\Windows\System32\dqSfaUb.exe
  2⤵
  PID:7372
- C:\Windows\System32\cKQbgtf.exe
  C:\Windows\System32\cKQbgtf.exe
  2⤵
  PID:8224
- C:\Windows\System32\WynDyEt.exe
  C:\Windows\System32\WynDyEt.exe
  2⤵
  PID:8272
- C:\Windows\System32\hapFmOE.exe
  C:\Windows\System32\hapFmOE.exe
  2⤵
  PID:8292
- C:\Windows\System32\aZKXecd.exe
  C:\Windows\System32\aZKXecd.exe
  2⤵
  PID:8316
- C:\Windows\System32\qGLFBId.exe
  C:\Windows\System32\qGLFBId.exe
  2⤵
  PID:8340
- C:\Windows\System32\rIYwePM.exe
  C:\Windows\System32\rIYwePM.exe
  2⤵
  PID:8356
- C:\Windows\System32\EXxJAcC.exe
  C:\Windows\System32\EXxJAcC.exe
  2⤵
  PID:8376
- C:\Windows\System32\SaVguJA.exe
  C:\Windows\System32\SaVguJA.exe
  2⤵
  PID:8404
- C:\Windows\System32\dOsmcPW.exe
  C:\Windows\System32\dOsmcPW.exe
  2⤵
  PID:8420
- C:\Windows\System32\DLdEujC.exe
  C:\Windows\System32\DLdEujC.exe
  2⤵
  PID:8472
- C:\Windows\System32\GRYpEaK.exe
  C:\Windows\System32\GRYpEaK.exe
  2⤵
  PID:8488
- C:\Windows\System32\KRyFasR.exe
  C:\Windows\System32\KRyFasR.exe
  2⤵
  PID:8512
- C:\Windows\System32\ThmnXZq.exe
  C:\Windows\System32\ThmnXZq.exe
  2⤵
  PID:8544
- C:\Windows\System32\AFsNuDF.exe
  C:\Windows\System32\AFsNuDF.exe
  2⤵
  PID:8576
- C:\Windows\System32\TvbtOuf.exe
  C:\Windows\System32\TvbtOuf.exe
  2⤵
  PID:8596
- C:\Windows\System32\IRXLewX.exe
  C:\Windows\System32\IRXLewX.exe
  2⤵
  PID:8616
- C:\Windows\System32\OFtYJiw.exe
  C:\Windows\System32\OFtYJiw.exe
  2⤵
  PID:8672
- C:\Windows\System32\uThNWtm.exe
  C:\Windows\System32\uThNWtm.exe
  2⤵
  PID:8704
- C:\Windows\System32\EYtmWWP.exe
  C:\Windows\System32\EYtmWWP.exe
  2⤵
  PID:8736
- C:\Windows\System32\mcMysHN.exe
  C:\Windows\System32\mcMysHN.exe
  2⤵
  PID:8756
- C:\Windows\System32\dgaAMyF.exe
  C:\Windows\System32\dgaAMyF.exe
  2⤵
  PID:8780
- C:\Windows\System32\dlFzsKj.exe
  C:\Windows\System32\dlFzsKj.exe
  2⤵
  PID:8828
- C:\Windows\System32\fWGhLSY.exe
  C:\Windows\System32\fWGhLSY.exe
  2⤵
  PID:8852
- C:\Windows\System32\rkjHWDc.exe
  C:\Windows\System32\rkjHWDc.exe
  2⤵
  PID:8880
- C:\Windows\System32\isDjOFI.exe
  C:\Windows\System32\isDjOFI.exe
  2⤵
  PID:8904
- C:\Windows\System32\QSUTyIM.exe
  C:\Windows\System32\QSUTyIM.exe
  2⤵
  PID:8936
- C:\Windows\System32\vakPnBb.exe
  C:\Windows\System32\vakPnBb.exe
  2⤵
  PID:8964
- C:\Windows\System32\AOEvSFz.exe
  C:\Windows\System32\AOEvSFz.exe
  2⤵
  PID:8984
- C:\Windows\System32\wxJyGmA.exe
  C:\Windows\System32\wxJyGmA.exe
  2⤵
  PID:9000
- C:\Windows\System32\cRsyTju.exe
  C:\Windows\System32\cRsyTju.exe
  2⤵
  PID:9016
- C:\Windows\System32\wZlnSgh.exe
  C:\Windows\System32\wZlnSgh.exe
  2⤵
  PID:9040
- C:\Windows\System32\hNYpfyU.exe
  C:\Windows\System32\hNYpfyU.exe
  2⤵
  PID:9080
- C:\Windows\System32\roUFyxK.exe
  C:\Windows\System32\roUFyxK.exe
  2⤵
  PID:9132
- C:\Windows\System32\vDouysS.exe
  C:\Windows\System32\vDouysS.exe
  2⤵
  PID:9164
- C:\Windows\System32\mRUYCpv.exe
  C:\Windows\System32\mRUYCpv.exe
  2⤵
  PID:9184
- C:\Windows\System32\qgnKFUS.exe
  C:\Windows\System32\qgnKFUS.exe
  2⤵
  PID:9204
- C:\Windows\System32\IpSXovS.exe
  C:\Windows\System32\IpSXovS.exe
  2⤵
  PID:8204
- C:\Windows\System32\qWcDqsH.exe
  C:\Windows\System32\qWcDqsH.exe
  2⤵
  PID:8244
- C:\Windows\System32\KzyMeUg.exe
  C:\Windows\System32\KzyMeUg.exe
  2⤵
  PID:8312
- C:\Windows\System32\UYPHunn.exe
  C:\Windows\System32\UYPHunn.exe
  2⤵
  PID:8372
- C:\Windows\System32\MElBLSn.exe
  C:\Windows\System32\MElBLSn.exe
  2⤵
  PID:8416
- C:\Windows\System32\APMFkrw.exe
  C:\Windows\System32\APMFkrw.exe
  2⤵
  PID:8508
- C:\Windows\System32\SqqdZYn.exe
  C:\Windows\System32\SqqdZYn.exe
  2⤵
  PID:8540
- C:\Windows\System32\aqthghW.exe
  C:\Windows\System32\aqthghW.exe
  2⤵
  PID:8572
- C:\Windows\System32\ifWFGZb.exe
  C:\Windows\System32\ifWFGZb.exe
  2⤵
  PID:8668
- C:\Windows\System32\hXnpFsV.exe
  C:\Windows\System32\hXnpFsV.exe
  2⤵
  PID:8808
- C:\Windows\System32\cHSGztS.exe
  C:\Windows\System32\cHSGztS.exe
  2⤵
  PID:8848
- C:\Windows\System32\fWuXmHf.exe
  C:\Windows\System32\fWuXmHf.exe
  2⤵
  PID:8928
- C:\Windows\System32\tdcBjDd.exe
  C:\Windows\System32\tdcBjDd.exe
  2⤵
  PID:9028
- C:\Windows\System32\CdYUpgb.exe
  C:\Windows\System32\CdYUpgb.exe
  2⤵
  PID:9120
- C:\Windows\System32\EshtSmm.exe
  C:\Windows\System32\EshtSmm.exe
  2⤵
  PID:9196
- C:\Windows\System32\yswTPng.exe
  C:\Windows\System32\yswTPng.exe
  2⤵
  PID:9212
- C:\Windows\System32\uxGIGPB.exe
  C:\Windows\System32\uxGIGPB.exe
  2⤵
  PID:8368
- C:\Windows\System32\VHWDmnV.exe
  C:\Windows\System32\VHWDmnV.exe
  2⤵
  PID:2088
- C:\Windows\System32\QhhBMEH.exe
  C:\Windows\System32\QhhBMEH.exe
  2⤵
  PID:8564
- C:\Windows\System32\FskAvmQ.exe
  C:\Windows\System32\FskAvmQ.exe
  2⤵
  PID:8624
- C:\Windows\System32\dPUsNTb.exe
  C:\Windows\System32\dPUsNTb.exe
  2⤵
  PID:8732
- C:\Windows\System32\tFdXUyW.exe
  C:\Windows\System32\tFdXUyW.exe
  2⤵
  PID:8748
- C:\Windows\System32\yFjCrug.exe
  C:\Windows\System32\yFjCrug.exe
  2⤵
  PID:8280
- C:\Windows\System32\quiUrto.exe
  C:\Windows\System32\quiUrto.exe
  2⤵
  PID:8300
- C:\Windows\System32\ZmRbvBa.exe
  C:\Windows\System32\ZmRbvBa.exe
  2⤵
  PID:8868
- C:\Windows\System32\JXLsCUr.exe
  C:\Windows\System32\JXLsCUr.exe
  2⤵
  PID:9088
- C:\Windows\System32\NwhnUeT.exe
  C:\Windows\System32\NwhnUeT.exe
  2⤵
  PID:5312
- C:\Windows\System32\blrFqtq.exe
  C:\Windows\System32\blrFqtq.exe
  2⤵
  PID:9240
- C:\Windows\System32\bTziiAC.exe
  C:\Windows\System32\bTziiAC.exe
  2⤵
  PID:9260
- C:\Windows\System32\fyCmOkz.exe
  C:\Windows\System32\fyCmOkz.exe
  2⤵
  PID:9300
- C:\Windows\System32\ZRVJwUB.exe
  C:\Windows\System32\ZRVJwUB.exe
  2⤵
  PID:9340
- C:\Windows\System32\VlNRKFZ.exe
  C:\Windows\System32\VlNRKFZ.exe
  2⤵
  PID:9392
- C:\Windows\System32\lSzZnfF.exe
  C:\Windows\System32\lSzZnfF.exe
  2⤵
  PID:9408
- C:\Windows\System32\UFkFnoZ.exe
  C:\Windows\System32\UFkFnoZ.exe
  2⤵
  PID:9436
- C:\Windows\System32\NReCSTH.exe
  C:\Windows\System32\NReCSTH.exe
  2⤵
  PID:9452
- C:\Windows\System32\StBXAaX.exe
  C:\Windows\System32\StBXAaX.exe
  2⤵
  PID:9472
- C:\Windows\System32\QAukAJe.exe
  C:\Windows\System32\QAukAJe.exe
  2⤵
  PID:9516
- C:\Windows\System32\KLtYoOM.exe
  C:\Windows\System32\KLtYoOM.exe
  2⤵
  PID:9532
- C:\Windows\System32\sDhMUxO.exe
  C:\Windows\System32\sDhMUxO.exe
  2⤵
  PID:9552
- C:\Windows\System32\yXtZwSP.exe
  C:\Windows\System32\yXtZwSP.exe
  2⤵
  PID:9568
- C:\Windows\System32\mtaRBLY.exe
  C:\Windows\System32\mtaRBLY.exe
  2⤵
  PID:9600
- C:\Windows\System32\TPXRFxx.exe
  C:\Windows\System32\TPXRFxx.exe
  2⤵
  PID:9616
- C:\Windows\System32\MsxpUbZ.exe
  C:\Windows\System32\MsxpUbZ.exe
  2⤵
  PID:9644
- C:\Windows\System32\yeUaaWV.exe
  C:\Windows\System32\yeUaaWV.exe
  2⤵
  PID:9680
- C:\Windows\System32\ebAaAVI.exe
  C:\Windows\System32\ebAaAVI.exe
  2⤵
  PID:9704
- C:\Windows\System32\ZrIijfe.exe
  C:\Windows\System32\ZrIijfe.exe
  2⤵
  PID:9756
- C:\Windows\System32\CvdhvGZ.exe
  C:\Windows\System32\CvdhvGZ.exe
  2⤵
  PID:9796
- C:\Windows\System32\xVnPJPO.exe
  C:\Windows\System32\xVnPJPO.exe
  2⤵
  PID:9816
- C:\Windows\System32\seqBaSV.exe
  C:\Windows\System32\seqBaSV.exe
  2⤵
  PID:9836
- C:\Windows\System32\fjRjaPR.exe
  C:\Windows\System32\fjRjaPR.exe
  2⤵
  PID:9860
- C:\Windows\System32\fcyZxHt.exe
  C:\Windows\System32\fcyZxHt.exe
  2⤵
  PID:9904
- C:\Windows\System32\GNqPkUi.exe
  C:\Windows\System32\GNqPkUi.exe
  2⤵
  PID:9936
- C:\Windows\System32\XgSaYYV.exe
  C:\Windows\System32\XgSaYYV.exe
  2⤵
  PID:9952
- C:\Windows\System32\BOBemdU.exe
  C:\Windows\System32\BOBemdU.exe
  2⤵
  PID:9976
- C:\Windows\System32\dedgwqo.exe
  C:\Windows\System32\dedgwqo.exe
  2⤵
  PID:9996
- C:\Windows\System32\MpeqAGM.exe
  C:\Windows\System32\MpeqAGM.exe
  2⤵
  PID:10040
- C:\Windows\System32\sQCWyjj.exe
  C:\Windows\System32\sQCWyjj.exe
  2⤵
  PID:10060
- C:\Windows\System32\pdNAxeb.exe
  C:\Windows\System32\pdNAxeb.exe
  2⤵
  PID:10084
- C:\Windows\System32\oZioYUm.exe
  C:\Windows\System32\oZioYUm.exe
  2⤵
  PID:10100
- C:\Windows\System32\isjDfft.exe
  C:\Windows\System32\isjDfft.exe
  2⤵
  PID:10128
- C:\Windows\System32\yWiNxdp.exe
  C:\Windows\System32\yWiNxdp.exe
  2⤵
  PID:10168
- C:\Windows\System32\xUaMXWJ.exe
  C:\Windows\System32\xUaMXWJ.exe
  2⤵
  PID:8768
- C:\Windows\System32\HOIWOSs.exe
  C:\Windows\System32\HOIWOSs.exe
  2⤵
  PID:8720
- C:\Windows\System32\lsINuqN.exe
  C:\Windows\System32\lsINuqN.exe
  2⤵
  PID:9268
- C:\Windows\System32\GknjBnA.exe
  C:\Windows\System32\GknjBnA.exe
  2⤵
  PID:9280
- C:\Windows\System32\Wvqdkrs.exe
  C:\Windows\System32\Wvqdkrs.exe
  2⤵
  PID:9388
- C:\Windows\System32\hwjIDKD.exe
  C:\Windows\System32\hwjIDKD.exe
  2⤵
  PID:9400
- C:\Windows\System32\VpmdSKS.exe
  C:\Windows\System32\VpmdSKS.exe
  2⤵
  PID:9468
- C:\Windows\System32\pgbrtMR.exe
  C:\Windows\System32\pgbrtMR.exe
  2⤵
  PID:9564
- C:\Windows\System32\BCattmc.exe
  C:\Windows\System32\BCattmc.exe
  2⤵
  PID:9584
- C:\Windows\System32\cDJNZQG.exe
  C:\Windows\System32\cDJNZQG.exe
  2⤵
  PID:9672
- C:\Windows\System32\MvkIFjM.exe
  C:\Windows\System32\MvkIFjM.exe
  2⤵
  PID:9608
- C:\Windows\System32\OdRVpzm.exe
  C:\Windows\System32\OdRVpzm.exe
  2⤵
  PID:9828
- C:\Windows\System32\qcLVztC.exe
  C:\Windows\System32\qcLVztC.exe
  2⤵
  PID:9872
- C:\Windows\System32\Upfnmkz.exe
  C:\Windows\System32\Upfnmkz.exe
  2⤵
  PID:9868
- C:\Windows\System32\wHZGSuv.exe
  C:\Windows\System32\wHZGSuv.exe
  2⤵
  PID:9992
- C:\Windows\System32\IgWQnLM.exe
  C:\Windows\System32\IgWQnLM.exe
  2⤵
  PID:10076
- C:\Windows\System32\KhnvRhL.exe
  C:\Windows\System32\KhnvRhL.exe
  2⤵
  PID:10056
- C:\Windows\System32\DZtpMQw.exe
  C:\Windows\System32\DZtpMQw.exe
  2⤵
  PID:10160
- C:\Windows\System32\RFBislg.exe
  C:\Windows\System32\RFBislg.exe
  2⤵
  PID:9256
- C:\Windows\System32\EvPlkoT.exe
  C:\Windows\System32\EvPlkoT.exe
  2⤵
  PID:9544
- C:\Windows\System32\HNksJVL.exe
  C:\Windows\System32\HNksJVL.exe
  2⤵
  PID:9464
- C:\Windows\System32\mOBolFS.exe
  C:\Windows\System32\mOBolFS.exe
  2⤵
  PID:9592
- C:\Windows\System32\aHSubuO.exe
  C:\Windows\System32\aHSubuO.exe
  2⤵
  PID:9736
- C:\Windows\System32\pVzuGmG.exe
  C:\Windows\System32\pVzuGmG.exe
  2⤵
  PID:10008
- C:\Windows\System32\ZMcuUpc.exe
  C:\Windows\System32\ZMcuUpc.exe
  2⤵
  PID:10112
- C:\Windows\System32\IZiqMDr.exe
  C:\Windows\System32\IZiqMDr.exe
  2⤵
  PID:9356
- C:\Windows\System32\YXUlYKq.exe
  C:\Windows\System32\YXUlYKq.exe
  2⤵
  PID:9844
- C:\Windows\System32\avEccVR.exe
  C:\Windows\System32\avEccVR.exe
  2⤵
  PID:10052
- C:\Windows\System32\omgIbqa.exe
  C:\Windows\System32\omgIbqa.exe
  2⤵
  PID:9784
- C:\Windows\System32\xhtmejf.exe
  C:\Windows\System32\xhtmejf.exe
  2⤵
  PID:9948
- C:\Windows\System32\mmUXlrd.exe
  C:\Windows\System32\mmUXlrd.exe
  2⤵
  PID:10244
- C:\Windows\System32\ZZvzxGI.exe
  C:\Windows\System32\ZZvzxGI.exe
  2⤵
  PID:10260
- C:\Windows\System32\yATGStf.exe
  C:\Windows\System32\yATGStf.exe
  2⤵
  PID:10284
- C:\Windows\System32\rgoGWXS.exe
  C:\Windows\System32\rgoGWXS.exe
  2⤵
  PID:10320
- C:\Windows\System32\XZBRXoD.exe
  C:\Windows\System32\XZBRXoD.exe
  2⤵
  PID:10364
- C:\Windows\System32\qIiVEsW.exe
  C:\Windows\System32\qIiVEsW.exe
  2⤵
  PID:10404
- C:\Windows\System32\BeAfpFK.exe
  C:\Windows\System32\BeAfpFK.exe
  2⤵
  PID:10424
- C:\Windows\System32\mQseRhQ.exe
  C:\Windows\System32\mQseRhQ.exe
  2⤵
  PID:10448
- C:\Windows\System32\gYPvCsi.exe
  C:\Windows\System32\gYPvCsi.exe
  2⤵
  PID:10464
- C:\Windows\System32\EWltheo.exe
  C:\Windows\System32\EWltheo.exe
  2⤵
  PID:10524
- C:\Windows\System32\GxDQpVK.exe
  C:\Windows\System32\GxDQpVK.exe
  2⤵
  PID:10544
- C:\Windows\System32\knmzAlY.exe
  C:\Windows\System32\knmzAlY.exe
  2⤵
  PID:10564
- C:\Windows\System32\WHozzEf.exe
  C:\Windows\System32\WHozzEf.exe
  2⤵
  PID:10584
- C:\Windows\System32\CTImvnr.exe
  C:\Windows\System32\CTImvnr.exe
  2⤵
  PID:10604
- C:\Windows\System32\uyAwiiX.exe
  C:\Windows\System32\uyAwiiX.exe
  2⤵
  PID:10644
- C:\Windows\System32\hbNzIQN.exe
  C:\Windows\System32\hbNzIQN.exe
  2⤵
  PID:10664
- C:\Windows\System32\eyQRyyZ.exe
  C:\Windows\System32\eyQRyyZ.exe
  2⤵
  PID:10684
- C:\Windows\System32\dDgDZmm.exe
  C:\Windows\System32\dDgDZmm.exe
  2⤵
  PID:10708
- C:\Windows\System32\JFysduK.exe
  C:\Windows\System32\JFysduK.exe
  2⤵
  PID:10752
- C:\Windows\System32\pKJPWcU.exe
  C:\Windows\System32\pKJPWcU.exe
  2⤵
  PID:10768
- C:\Windows\System32\JrfLwSV.exe
  C:\Windows\System32\JrfLwSV.exe
  2⤵
  PID:10784
- C:\Windows\System32\FzAnogi.exe
  C:\Windows\System32\FzAnogi.exe
  2⤵
  PID:10800
- C:\Windows\System32\MqppCwW.exe
  C:\Windows\System32\MqppCwW.exe
  2⤵
  PID:10904
- C:\Windows\System32\wvrQhwB.exe
  C:\Windows\System32\wvrQhwB.exe
  2⤵
  PID:10928
- C:\Windows\System32\TBPPxuB.exe
  C:\Windows\System32\TBPPxuB.exe
  2⤵
  PID:10944
- C:\Windows\System32\RhCTkmG.exe
  C:\Windows\System32\RhCTkmG.exe
  2⤵
  PID:10980
- C:\Windows\System32\sNxxOcc.exe
  C:\Windows\System32\sNxxOcc.exe
  2⤵
  PID:11000
- C:\Windows\System32\GaFgVAx.exe
  C:\Windows\System32\GaFgVAx.exe
  2⤵
  PID:11032
- C:\Windows\System32\oxwqDDf.exe
  C:\Windows\System32\oxwqDDf.exe
  2⤵
  PID:11048
- C:\Windows\System32\yjFulxi.exe
  C:\Windows\System32\yjFulxi.exe
  2⤵
  PID:11072
- C:\Windows\System32\iyCPEwD.exe
  C:\Windows\System32\iyCPEwD.exe
  2⤵
  PID:11096
- C:\Windows\System32\QjQYjKV.exe
  C:\Windows\System32\QjQYjKV.exe
  2⤵
  PID:11116
- C:\Windows\System32\MBFhyKe.exe
  C:\Windows\System32\MBFhyKe.exe
  2⤵
  PID:11140
- C:\Windows\System32\gZkvSMa.exe
  C:\Windows\System32\gZkvSMa.exe
  2⤵
  PID:11180
- C:\Windows\System32\BUjdtFF.exe
  C:\Windows\System32\BUjdtFF.exe
  2⤵
  PID:11200
- C:\Windows\System32\WuukOXW.exe
  C:\Windows\System32\WuukOXW.exe
  2⤵
  PID:11220
- C:\Windows\System32\fVCaAvz.exe
  C:\Windows\System32\fVCaAvz.exe
  2⤵
  PID:11244
- C:\Windows\System32\CCTomkH.exe
  C:\Windows\System32\CCTomkH.exe
  2⤵
  PID:9236
- C:\Windows\System32\vuhEvJP.exe
  C:\Windows\System32\vuhEvJP.exe
  2⤵
  PID:10328
- C:\Windows\System32\rBdjZst.exe
  C:\Windows\System32\rBdjZst.exe
  2⤵
  PID:10416
- C:\Windows\System32\nxoniPO.exe
  C:\Windows\System32\nxoniPO.exe
  2⤵
  PID:10516
- C:\Windows\System32\rWqyZUB.exe
  C:\Windows\System32\rWqyZUB.exe
  2⤵
  PID:10580
- C:\Windows\System32\EcBlHGV.exe
  C:\Windows\System32\EcBlHGV.exe
  2⤵
  PID:10680
- C:\Windows\System32\ujDkRFO.exe
  C:\Windows\System32\ujDkRFO.exe
  2⤵
  PID:10720
- C:\Windows\System32\eBLybhO.exe
  C:\Windows\System32\eBLybhO.exe
  2⤵
  PID:10760
- C:\Windows\System32\bhPlNFQ.exe
  C:\Windows\System32\bhPlNFQ.exe
  2⤵
  PID:10820
- C:\Windows\System32\rVkrKWC.exe
  C:\Windows\System32\rVkrKWC.exe
  2⤵
  PID:10924
- C:\Windows\System32\RgVSHDj.exe
  C:\Windows\System32\RgVSHDj.exe
  2⤵
  PID:10952
- C:\Windows\System32\rXqRWiB.exe
  C:\Windows\System32\rXqRWiB.exe
  2⤵
  PID:10996
- C:\Windows\System32\LQMaJWa.exe
  C:\Windows\System32\LQMaJWa.exe
  2⤵
  PID:11084
- C:\Windows\System32\bNkXYrY.exe
  C:\Windows\System32\bNkXYrY.exe
  2⤵
  PID:11128
- C:\Windows\System32\rBoWuQj.exe
  C:\Windows\System32\rBoWuQj.exe
  2⤵
  PID:11164
- C:\Windows\System32\cgIawyi.exe
  C:\Windows\System32\cgIawyi.exe
  2⤵
  PID:11188
- C:\Windows\System32\AQWTmbG.exe
  C:\Windows\System32\AQWTmbG.exe
  2⤵
  PID:10460
- C:\Windows\System32\QdfPhTH.exe
  C:\Windows\System32\QdfPhTH.exe
  2⤵
  PID:10592
- C:\Windows\System32\kMeVIJr.exe
  C:\Windows\System32\kMeVIJr.exe
  2⤵
  PID:10732
- C:\Windows\System32\XESETix.exe
  C:\Windows\System32\XESETix.exe
  2⤵
  PID:10916
- C:\Windows\System32\ERPiQDA.exe
  C:\Windows\System32\ERPiQDA.exe
  2⤵
  PID:11064
- C:\Windows\System32\CDJNokn.exe
  C:\Windows\System32\CDJNokn.exe
  2⤵
  PID:9656
- C:\Windows\System32\DMXPlpr.exe
  C:\Windows\System32\DMXPlpr.exe
  2⤵
  PID:11252
- C:\Windows\System32\KGfJyKf.exe
  C:\Windows\System32\KGfJyKf.exe
  2⤵
  PID:11192
- C:\Windows\System32\trGCdqh.exe
  C:\Windows\System32\trGCdqh.exe
  2⤵
  PID:10352
- C:\Windows\System32\CaOrNbv.exe
  C:\Windows\System32\CaOrNbv.exe
  2⤵
  PID:11172
- C:\Windows\System32\IPwzzjh.exe
  C:\Windows\System32\IPwzzjh.exe
  2⤵
  PID:11288
- C:\Windows\System32\LnfqAXI.exe
  C:\Windows\System32\LnfqAXI.exe
  2⤵
  PID:11304
- C:\Windows\System32\OAsKqyM.exe
  C:\Windows\System32\OAsKqyM.exe
  2⤵
  PID:11324
- C:\Windows\System32\zObphnH.exe
  C:\Windows\System32\zObphnH.exe
  2⤵
  PID:11340
- C:\Windows\System32\LWFuYbI.exe
  C:\Windows\System32\LWFuYbI.exe
  2⤵
  PID:11364
- C:\Windows\System32\RrZnyzg.exe
  C:\Windows\System32\RrZnyzg.exe
  2⤵
  PID:11412
- C:\Windows\System32\oGDiRRz.exe
  C:\Windows\System32\oGDiRRz.exe
  2⤵
  PID:11432
- C:\Windows\System32\txhwhgZ.exe
  C:\Windows\System32\txhwhgZ.exe
  2⤵
  PID:11460
- C:\Windows\System32\ioGgKmP.exe
  C:\Windows\System32\ioGgKmP.exe
  2⤵
  PID:11480
- C:\Windows\System32\nBkjTbC.exe
  C:\Windows\System32\nBkjTbC.exe
  2⤵
  PID:11540
- C:\Windows\System32\KKoPrLG.exe
  C:\Windows\System32\KKoPrLG.exe
  2⤵
  PID:11560
- C:\Windows\System32\EOMxyKt.exe
  C:\Windows\System32\EOMxyKt.exe
  2⤵
  PID:11580
- C:\Windows\System32\eLVXQPF.exe
  C:\Windows\System32\eLVXQPF.exe
  2⤵
  PID:11596
- C:\Windows\System32\eLPbQlV.exe
  C:\Windows\System32\eLPbQlV.exe
  2⤵
  PID:11616
- C:\Windows\System32\IFxscte.exe
  C:\Windows\System32\IFxscte.exe
  2⤵
  PID:11632
- C:\Windows\System32\lSEhsKI.exe
  C:\Windows\System32\lSEhsKI.exe
  2⤵
  PID:11656
- C:\Windows\System32\xWVEOYo.exe
  C:\Windows\System32\xWVEOYo.exe
  2⤵
  PID:11720
- C:\Windows\System32\PCXlGSY.exe
  C:\Windows\System32\PCXlGSY.exe
  2⤵
  PID:11764
- C:\Windows\System32\bDFtECH.exe
  C:\Windows\System32\bDFtECH.exe
  2⤵
  PID:11792
- C:\Windows\System32\LDnJqGX.exe
  C:\Windows\System32\LDnJqGX.exe
  2⤵
  PID:11820
- C:\Windows\System32\ibntGiT.exe
  C:\Windows\System32\ibntGiT.exe
  2⤵
  PID:11836
- C:\Windows\System32\zlsFUBP.exe
  C:\Windows\System32\zlsFUBP.exe
  2⤵
  PID:11856
- C:\Windows\System32\kElACXn.exe
  C:\Windows\System32\kElACXn.exe
  2⤵
  PID:11916
- C:\Windows\System32\mSaxbTp.exe
  C:\Windows\System32\mSaxbTp.exe
  2⤵
  PID:11932
- C:\Windows\System32\IrckjEc.exe
  C:\Windows\System32\IrckjEc.exe
  2⤵
  PID:11960
- C:\Windows\System32\ecHjHGw.exe
  C:\Windows\System32\ecHjHGw.exe
  2⤵
  PID:11980
- C:\Windows\System32\izDSJXp.exe
  C:\Windows\System32\izDSJXp.exe
  2⤵
  PID:11996
- C:\Windows\System32\QzIlCQy.exe
  C:\Windows\System32\QzIlCQy.exe
  2⤵
  PID:12020
- C:\Windows\System32\wEYBxir.exe
  C:\Windows\System32\wEYBxir.exe
  2⤵
  PID:12076
- C:\Windows\System32\TqrFhyS.exe
  C:\Windows\System32\TqrFhyS.exe
  2⤵
  PID:12104
- C:\Windows\System32\iJCVwxj.exe
  C:\Windows\System32\iJCVwxj.exe
  2⤵
  PID:12120
- C:\Windows\System32\yhgwdpO.exe
  C:\Windows\System32\yhgwdpO.exe
  2⤵
  PID:12136
- C:\Windows\System32\nGuCMkn.exe
  C:\Windows\System32\nGuCMkn.exe
  2⤵
  PID:12152
- C:\Windows\System32\fppQgeQ.exe
  C:\Windows\System32\fppQgeQ.exe
  2⤵
  PID:12172
- C:\Windows\System32\RIbDwHi.exe
  C:\Windows\System32\RIbDwHi.exe
  2⤵
  PID:12188
- C:\Windows\System32\ajaaiml.exe
  C:\Windows\System32\ajaaiml.exe
  2⤵
  PID:12212
- C:\Windows\System32\WKCHJmF.exe
  C:\Windows\System32\WKCHJmF.exe
  2⤵
  PID:12268
- C:\Windows\System32\JLZdzMj.exe
  C:\Windows\System32\JLZdzMj.exe
  2⤵
  PID:11300
- C:\Windows\System32\TcqIrnT.exe
  C:\Windows\System32\TcqIrnT.exe
  2⤵
  PID:11336
- C:\Windows\System32\HdseMWm.exe
  C:\Windows\System32\HdseMWm.exe
  2⤵
  PID:11332
- C:\Windows\System32\FIMAZMN.exe
  C:\Windows\System32\FIMAZMN.exe
  2⤵
  PID:11424
- C:\Windows\System32\zUlRFZS.exe
  C:\Windows\System32\zUlRFZS.exe
  2⤵
  PID:11456
- C:\Windows\System32\HMCgXAg.exe
  C:\Windows\System32\HMCgXAg.exe
  2⤵
  PID:11552
- C:\Windows\System32\ZJAKXkP.exe
  C:\Windows\System32\ZJAKXkP.exe
  2⤵
  PID:11604
- C:\Windows\System32\LHTUkfe.exe
  C:\Windows\System32\LHTUkfe.exe
  2⤵
  PID:11608
- C:\Windows\System32\PsEhiVu.exe
  C:\Windows\System32\PsEhiVu.exe
  2⤵
  PID:11640
- C:\Windows\System32\msTwIho.exe
  C:\Windows\System32\msTwIho.exe
  2⤵
  PID:11864
- C:\Windows\System32\jIBbUec.exe
  C:\Windows\System32\jIBbUec.exe
  2⤵
  PID:11904
- C:\Windows\System32\pEEIdgh.exe
  C:\Windows\System32\pEEIdgh.exe
  2⤵
  PID:11948
- C:\Windows\System32\jaSEeTz.exe
  C:\Windows\System32\jaSEeTz.exe
  2⤵
  PID:11976
- C:\Windows\System32\KpvhlEG.exe
  C:\Windows\System32\KpvhlEG.exe
  2⤵
  PID:12064
- C:\Windows\System32\eRsKbVB.exe
  C:\Windows\System32\eRsKbVB.exe
  2⤵
  PID:12128
- C:\Windows\System32\ZsNSDVf.exe
  C:\Windows\System32\ZsNSDVf.exe
  2⤵
  PID:12184
- C:\Windows\System32\fTfZlTb.exe
  C:\Windows\System32\fTfZlTb.exe
  2⤵
  PID:12168
- C:\Windows\System32\dAxwcmu.exe
  C:\Windows\System32\dAxwcmu.exe
  2⤵
  PID:12256
- C:\Windows\System32\xJXITge.exe
  C:\Windows\System32\xJXITge.exe
  2⤵
  PID:11500
- C:\Windows\System32\yzUUAxz.exe
  C:\Windows\System32\yzUUAxz.exe
  2⤵
  PID:11664
- C:\Windows\System32\bRlSmtM.exe
  C:\Windows\System32\bRlSmtM.exe
  2⤵
  PID:11756
- C:\Windows\System32\GFcgQkE.exe
  C:\Windows\System32\GFcgQkE.exe
  2⤵
  PID:12084
- C:\Windows\System32\GFVIQxX.exe
  C:\Windows\System32\GFVIQxX.exe
  2⤵
  PID:12180
- C:\Windows\System32\YuPTiEj.exe
  C:\Windows\System32\YuPTiEj.exe
  2⤵
  PID:11316
- C:\Windows\System32\bVWnitv.exe
  C:\Windows\System32\bVWnitv.exe
  2⤵
  PID:12236
- C:\Windows\System32\xDbcuvu.exe
  C:\Windows\System32\xDbcuvu.exe
  2⤵
  PID:12196
- C:\Windows\System32\dzMoxkz.exe
  C:\Windows\System32\dzMoxkz.exe
  2⤵
  PID:12296
- C:\Windows\System32\bbdigaG.exe
  C:\Windows\System32\bbdigaG.exe
  2⤵
  PID:12312
- C:\Windows\System32\dbRwefF.exe
  C:\Windows\System32\dbRwefF.exe
  2⤵
  PID:12328
- C:\Windows\System32\QNBvxCf.exe
  C:\Windows\System32\QNBvxCf.exe
  2⤵
  PID:12348
- C:\Windows\System32\JXudsmz.exe
  C:\Windows\System32\JXudsmz.exe
  2⤵
  PID:12368
- C:\Windows\System32\MKdStgr.exe
  C:\Windows\System32\MKdStgr.exe
  2⤵
  PID:12408
- C:\Windows\System32\fmysTxY.exe
  C:\Windows\System32\fmysTxY.exe
  2⤵
  PID:12440
- C:\Windows\System32\gbfLNQh.exe
  C:\Windows\System32\gbfLNQh.exe
  2⤵
  PID:12456
- C:\Windows\System32\Rxnuvvy.exe
  C:\Windows\System32\Rxnuvvy.exe
  2⤵
  PID:12492
- C:\Windows\System32\ulBfhqM.exe
  C:\Windows\System32\ulBfhqM.exe
  2⤵
  PID:12544
- C:\Windows\System32\YusPUXC.exe
  C:\Windows\System32\YusPUXC.exe
  2⤵
  PID:12560
- C:\Windows\System32\tXsUkOe.exe
  C:\Windows\System32\tXsUkOe.exe
  2⤵
  PID:12592
- C:\Windows\System32\gzwZXwB.exe
  C:\Windows\System32\gzwZXwB.exe
  2⤵
  PID:12620
- C:\Windows\System32\pOqfPCo.exe
  C:\Windows\System32\pOqfPCo.exe
  2⤵
  PID:12636
- C:\Windows\System32\FdwWKNb.exe
  C:\Windows\System32\FdwWKNb.exe
  2⤵
  PID:12652
- C:\Windows\System32\Euoatvy.exe
  C:\Windows\System32\Euoatvy.exe
  2⤵
  PID:12672
- C:\Windows\System32\zIyYMlI.exe
  C:\Windows\System32\zIyYMlI.exe
  2⤵
  PID:12692
- C:\Windows\System32\lHmKFjy.exe
  C:\Windows\System32\lHmKFjy.exe
  2⤵
  PID:12708
- C:\Windows\System32\eFsYloZ.exe
  C:\Windows\System32\eFsYloZ.exe
  2⤵
  PID:12744
- C:\Windows\System32\KpuSYGX.exe
  C:\Windows\System32\KpuSYGX.exe
  2⤵
  PID:12844
- C:\Windows\System32\vTuDPoR.exe
  C:\Windows\System32\vTuDPoR.exe
  2⤵
  PID:12884
- C:\Windows\System32\BwkANSr.exe
  C:\Windows\System32\BwkANSr.exe
  2⤵
  PID:12904
- C:\Windows\System32\GCtguHz.exe
  C:\Windows\System32\GCtguHz.exe
  2⤵
  PID:12920
- C:\Windows\System32\oAxqgXu.exe
  C:\Windows\System32\oAxqgXu.exe
  2⤵
  PID:12952
- C:\Windows\System32\aHEbSpc.exe
  C:\Windows\System32\aHEbSpc.exe
  2⤵
  PID:12972
- C:\Windows\System32\oheyWDF.exe
  C:\Windows\System32\oheyWDF.exe
  2⤵
  PID:13000
- C:\Windows\System32\OrtHMOv.exe
  C:\Windows\System32\OrtHMOv.exe
  2⤵
  PID:13016
- C:\Windows\System32\eeoYnzH.exe
  C:\Windows\System32\eeoYnzH.exe
  2⤵
  PID:13040
- C:\Windows\System32\iAycGuA.exe
  C:\Windows\System32\iAycGuA.exe
  2⤵
  PID:13060
- C:\Windows\System32\HCRymya.exe
  C:\Windows\System32\HCRymya.exe
  2⤵
  PID:13116
- C:\Windows\System32\TwnmIhz.exe
  C:\Windows\System32\TwnmIhz.exe
  2⤵
  PID:13144
- C:\Windows\System32\ftyhfFo.exe
  C:\Windows\System32\ftyhfFo.exe
  2⤵
  PID:13160
- C:\Windows\System32\OgnUIlb.exe
  C:\Windows\System32\OgnUIlb.exe
  2⤵
  PID:13180
- C:\Windows\System32\aGBuDcD.exe
  C:\Windows\System32\aGBuDcD.exe
  2⤵
  PID:13208
- C:\Windows\System32\ZdcuaTq.exe
  C:\Windows\System32\ZdcuaTq.exe
  2⤵
  PID:13228
- C:\Windows\System32\CCWGHIA.exe
  C:\Windows\System32\CCWGHIA.exe
  2⤵
  PID:13288
- C:\Windows\System32\NuwInbO.exe
  C:\Windows\System32\NuwInbO.exe
  2⤵
  PID:13304
- C:\Windows\System32\EMOBUuA.exe
  C:\Windows\System32\EMOBUuA.exe
  2⤵
  PID:12344
- C:\Windows\System32\aTkXpry.exe
  C:\Windows\System32\aTkXpry.exe
  2⤵
  PID:12324
- C:\Windows\System32\RwnRLav.exe
  C:\Windows\System32\RwnRLav.exe
  2⤵
  PID:12396
- C:\Windows\System32\mNwZWeX.exe
  C:\Windows\System32\mNwZWeX.exe
  2⤵
  PID:12572
- C:\Windows\System32\HIrnSYs.exe
  C:\Windows\System32\HIrnSYs.exe
  2⤵
  PID:12648
- C:\Windows\System32\RScXYPH.exe
  C:\Windows\System32\RScXYPH.exe
  2⤵
  PID:12704
- C:\Windows\System32\ATOACbR.exe
  C:\Windows\System32\ATOACbR.exe
  2⤵
  PID:12776
- C:\Windows\System32\YVlywSx.exe
  C:\Windows\System32\YVlywSx.exe
  2⤵
  PID:12864
- C:\Windows\System32\lpKkLyf.exe
  C:\Windows\System32\lpKkLyf.exe
  2⤵
  PID:12912
- C:\Windows\System32\UMAewZo.exe
  C:\Windows\System32\UMAewZo.exe
  2⤵
  PID:12964
- C:\Windows\System32\nXCkSuM.exe
  C:\Windows\System32\nXCkSuM.exe
  2⤵
  PID:13024
- C:\Windows\System32\jgrRfJx.exe
  C:\Windows\System32\jgrRfJx.exe
  2⤵
  PID:13032
- C:\Windows\System32\xVbTdMK.exe
  C:\Windows\System32\xVbTdMK.exe
  2⤵
  PID:13244
- C:\Windows\System32\RFREdte.exe
  C:\Windows\System32\RFREdte.exe
  2⤵
  PID:13204
- C:\Windows\System32\YTrPiFR.exe
  C:\Windows\System32\YTrPiFR.exe
  2⤵
  PID:1724
- C:\Windows\System32\Gremudz.exe
  C:\Windows\System32\Gremudz.exe
  2⤵
  PID:4212
- C:\Windows\System32\MKdLIHj.exe
  C:\Windows\System32\MKdLIHj.exe
  2⤵
  PID:12320
- C:\Windows\System32\BMqCAOP.exe
  C:\Windows\System32\BMqCAOP.exe
  2⤵
  PID:12476
- C:\Windows\System32\AHeWdfi.exe
  C:\Windows\System32\AHeWdfi.exe
  2⤵
  PID:12684
- C:\Windows\System32\WLfvPgz.exe
  C:\Windows\System32\WLfvPgz.exe
  2⤵
  PID:12928
- C:\Windows\System32\szWuGvy.exe
  C:\Windows\System32\szWuGvy.exe
  2⤵
  PID:12980
- C:\Windows\System32\slbAlcQ.exe
  C:\Windows\System32\slbAlcQ.exe
  2⤵
  PID:13152
- C:\Windows\System32\JbWIqEP.exe
  C:\Windows\System32\JbWIqEP.exe
  2⤵
  PID:3504
- C:\Windows\System32\yGYErvj.exe
  C:\Windows\System32\yGYErvj.exe
  2⤵
  PID:3868
- C:\Windows\System32\KsGQalA.exe
  C:\Windows\System32\KsGQalA.exe
  2⤵
  PID:12616
- C:\Windows\System32\UWivsvR.exe
  C:\Windows\System32\UWivsvR.exe
  2⤵
  PID:12308
- C:\Windows\System32\vtTCPbn.exe
  C:\Windows\System32\vtTCPbn.exe
  2⤵
  PID:12632
- C:\Windows\System32\iVjqWDm.exe
  C:\Windows\System32\iVjqWDm.exe
  2⤵
  PID:12960
- C:\Windows\System32\uTifgsm.exe
  C:\Windows\System32\uTifgsm.exe
  2⤵
  PID:13356
- C:\Windows\System32\eepakZh.exe
  C:\Windows\System32\eepakZh.exe
  2⤵
  PID:13384
- C:\Windows\System32\BCizmhA.exe
  C:\Windows\System32\BCizmhA.exe
  2⤵
  PID:13412
- C:\Windows\System32\tnLgWeQ.exe
  C:\Windows\System32\tnLgWeQ.exe
  2⤵
  PID:13440
- C:\Windows\System32\HqEzWXm.exe
  C:\Windows\System32\HqEzWXm.exe
  2⤵
  PID:13464
- C:\Windows\System32\AuwmJeS.exe
  C:\Windows\System32\AuwmJeS.exe
  2⤵
  PID:13488
- C:\Windows\System32\SXejOME.exe
  C:\Windows\System32\SXejOME.exe
  2⤵
  PID:13504
- C:\Windows\System32\USVXSMS.exe
  C:\Windows\System32\USVXSMS.exe
  2⤵
  PID:13528
- C:\Windows\System32\dXhSdSh.exe
  C:\Windows\System32\dXhSdSh.exe
  2⤵
  PID:13556
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 13556 -s 244
    3⤵
    PID:14248
- C:\Windows\System32\PhzsNhA.exe
  C:\Windows\System32\PhzsNhA.exe
  2⤵
  PID:13572
- C:\Windows\System32\DZtvSJR.exe
  C:\Windows\System32\DZtvSJR.exe
  2⤵
  PID:13604
- C:\Windows\System32\JbmJvXO.exe
  C:\Windows\System32\JbmJvXO.exe
  2⤵
  PID:13624
- C:\Windows\System32\yIGnCtj.exe
  C:\Windows\System32\yIGnCtj.exe
  2⤵
  PID:13648
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 13648 -s 244
    3⤵
    PID:14264
- C:\Windows\System32\YslGuMi.exe
  C:\Windows\System32\YslGuMi.exe
  2⤵
  PID:13672
- C:\Windows\System32\kKwGiQq.exe
  C:\Windows\System32\kKwGiQq.exe
  2⤵
  PID:13752

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AFwbLAW.exe

Filesize
1.0MB

MD5
43bb624d804363740b28f0b6724630b6

SHA1
2a332afddd4f30348148d28030ce72989cbf8a1f

SHA256
e20159490eeeaf6f818b5ff12a00eec26642bf278ba69f9ff51b37b88d73e933

SHA512
e6f5fb516fba9547ac743d1f4cdb6845ff28acf4dcde79ea1d746475a35fed27e1a9ba56c2a7da2ba41ee2f4c52113e37e48f178337f8387aac882e467aa0fa1

Download Submit
C:\Windows\System32\BLasQNj.exe

Filesize
1.0MB

MD5
0d7712582de5972a58139ab44c4ff814

SHA1
8e8fad358767604aa2f6ef2b72d567a4840c2609

SHA256
64631198c9fdc8fb39156a285972ef5a8e476dea8ef106d83f52db1e3fda3fe2

SHA512
4c22acc303dc87789402ce0447bca63be5c12e3adba57deb98ee5f965b4a50d16d156306d9f7f8ebe44138084c5adf6bc9d5fa998fdd2e6563ef97ffe671ebfc

Download Submit
C:\Windows\System32\DOBAzOU.exe

Filesize
1.0MB

MD5
c0c5da71fea2b539bbe6c23b1f387fb3

SHA1
20874883ebd7ab66599928f58340ab5a6fa37279

SHA256
6036d45b32bf8a5d8289b25e58d87124383306523ef4d6d3f0973a2e7f9a2a34

SHA512
b5fc2757e08e7ba5b75fb96c2ab5ead44a20d583a23bc1ed0b270b80145430ab448e297bd2166c0133129183daa1cf314c9d4a0afbaf29b63e70ea1af612e00b

Download Submit
C:\Windows\System32\DnQjgtV.exe

Filesize
1.0MB

MD5
fd0dc19d0e731cd0d1490f3ae6ce01e9

SHA1
0b085148be81ab99c7c9c9fafe7c901ead333b42

SHA256
a6e3c0d76975ab3ee5e124deda1ec081013e7794055da2f6d0d009467c50e8bc

SHA512
b38538b4cb6602509af3c3d04017d0b9b78ea24d2a22af250551347aa334dc8c5ac13f367ad825a58d29563d8e4ad12d46d8c640ae9d86bc6faab98bf4d0b73f

Download Submit
C:\Windows\System32\Dzgbrcw.exe

Filesize
1.0MB

MD5
47e56371f912334408d174dfd8ee3099

SHA1
d4d7b1b072a61ee3fe57f25b9a969358ffcffa32

SHA256
781f1d4ca6bdc1caae68f789806d402c1a7508514f20d67639a975faee3371de

SHA512
c52e98a9b2e6aa1e81dd56a67ad0f561fbe0759d4df8f9ea53c9752239a8083613aa63ce4dd98b89f8da17556b9d93569d5301a7e8eaac62ebbdc6805bc25930

Download Submit
C:\Windows\System32\ESRmocJ.exe

Filesize
1.0MB

MD5
99f9a282039a80d828beffbcd5807679

SHA1
58b7b4a5588be07cc5fed1ae702ce8bc5498995d

SHA256
7bd437df75448eb05e576ea540f3cb54a73f8e5b7cbc1d75a307a5f46bb02652

SHA512
4ffaa498ca7f0731ccdf20fb9488893779c438216e7bf13021a0283380931142e23a36650a03d23c553ac62e15c92d5d634d907365fd7290d91e384b55cd55ea

Download Submit
C:\Windows\System32\EdivTEj.exe

Filesize
1.0MB

MD5
23e2dc6514802a3263b79878d65ddbc3

SHA1
e5323d7fdeeabd05ed0a53cd2b506258a0e90ae2

SHA256
a6ff7dc7e8f3b5a0485ed4116c04b937696903ca1975295e81882f7658c3463a

SHA512
53e6a428d85aa33c5c0efdb7480122e8bd85b461c694190dc27a209b90ace6508beb4724fbeffbc8671105c5fff69a86844a77c4fe27cc6fad1d117fd599e956

Download Submit
C:\Windows\System32\HKwZxeK.exe

Filesize
1.0MB

MD5
5fc19cdc0e8c1305253c602d00ae3c5e

SHA1
eafa6a1e4510126613e8efcdbd7a80939f137fa2

SHA256
942e19f6d3ff4644bef3cacc739390308111a3829a9178d3c222cce5736642d1

SHA512
84f3df1ccb260c2cd9aed4dc173bb6c3ab1e460aca225ee19be59cd9da3a79c05a22a53e4152005d1c17b86beef8d2a2026ad79e07f3ff69fb9098da0f3b4b30

Download Submit
C:\Windows\System32\ITmsFKy.exe

Filesize
1.0MB

MD5
4de43e73bddc8f80e990d1a316b3fd6e

SHA1
b9c5f45853bb0e53092f654ea807b0e00f3477dd

SHA256
ef60210aebdf5016733b8209917c745898e0be000d63ed9b7cea34acea68b03c

SHA512
270708af012c4c74e42d76e92466c73510df5c37f75beeec52ddc7ab6e15c1f9c7e4201843df2e81b88b377e1138c62aab3c2461a71bba5c96bebf46e5f92d8d

Download Submit
C:\Windows\System32\ItXBgBw.exe

Filesize
1.0MB

MD5
9d1fca31010ea7e7097822f1842afa08

SHA1
07ffa847b76eeb9df0a472229ecef855fc59d7cc

SHA256
2d10be6df7fa7abe71f4915b399b021c125c42f7b631724ec0d367388c47cc65

SHA512
192546e516f9d7e9e4434d12b23f6ba71d2619b48fe93242e4e62043602418b93ddd827d6c53eafea3b81bf4f6689f662128f3aec4463474f8e68b15d17f9326

Download Submit
C:\Windows\System32\JQCUkte.exe

Filesize
1.0MB

MD5
16c63290334bc5b442197ededed90a6e

SHA1
94853018a65ff839ae1062ca3e46f12f060fd800

SHA256
2fcd3ab5505f670311a1fe02b0f0bc630bf986c7f96f9121e85e936cba2bc867

SHA512
7a25c5b1cdd08a3cc6c5e1ed8b2a958bbb004c3008c4964750b2fe972439bb54e2489a240d6c68d6d353c3019e763382e7d59824ce620618f5ea166e8f61a1e0

Download Submit
C:\Windows\System32\MPMqfls.exe

Filesize
1.0MB

MD5
42988bfa3861aae4dc32d1e7d5dd61a7

SHA1
e6830ae64a7767ad7d4bf5a290242c236a761a9c

SHA256
c87253354ec2607ac837d4c54e65b3459fd0cfabc0cc64cdc97c005b40b63e29

SHA512
665f529030261b6f29de827d3c942b01ba4639ad6145a32dfc8b1b59d78c01ea0906ccb17cc56df864254978b30a38c594b5fc1c2f9d43b6b1bdad8515ec811d

Download Submit
C:\Windows\System32\QwqfLRU.exe

Filesize
1.0MB

MD5
1020c3ba19d4fd7f575a12ab930d0d29

SHA1
eafd027df653eb5273cb6b57e5779f36691df05d

SHA256
cebd0cc9c9f13c424f49ac618942b6fa0d3d12f13c720c7a93b32810fecac8ae

SHA512
6295d0844aea29ad99f78b655413b33d7402f7aa5fd71cde234bf6ee7e335d9104ae7bfc3723a0eb71ca61a576b44cb9a24c51670af233a5e87aeb548c690bf1

Download Submit
C:\Windows\System32\TbzuiVG.exe

Filesize
1.0MB

MD5
7834a9d6a082d98756be86bf7f872f6b

SHA1
be0a73db2ebe68528a28b797a588571a7d1f71d3

SHA256
5cf9123113cc9c336d1ac8e92ea69e9f1d45b41fe341221ee90facd26c37121c

SHA512
e5e3fe3d181364e5933164ab43ad34ad3936c2d8284560695c1f92fb4d9f2ed2f2908dc17f945fb7fcaf0a53450788a25ee11d49a04cf3df39efb9c08c1e3047

Download Submit
C:\Windows\System32\UGSYCEL.exe

Filesize
1.0MB

MD5
18f7d237e641d33fdcaff14c65692055

SHA1
2e4951b9eb87e14c72ccee0763ae8e3e4f924339

SHA256
76ed9c5e4e767f2bc02b2804ffdc6d6e8582182c6823de9d49a542001fd62e8c

SHA512
d4523f2d310991efb689a86653dc80c24c80735e5110e08917c85b3deace08d2b520309324d9eeddfaa75ef8de037f84b197487f1d448147221dbc3a63f0a16a

Download Submit
C:\Windows\System32\UfxNxJG.exe

Filesize
1.0MB

MD5
12797466644f7d1f8a7dde81784d498b

SHA1
d28908420b3a3a7935b70c9f2f625399cdfa4ff7

SHA256
11293082c942dc3bcc620c5bd9c8a7d65643719dc99fee53a3e13b97dc6eb196

SHA512
2565c14f655736df3fd44ff530282bf01a07058903c418a14229c81e71e1a6704d1a0937295a957d4253cf7364e3f353680199a0ea10e9c7f79827f5ba6e095e

Download Submit
C:\Windows\System32\VOUWrNz.exe

Filesize
1.0MB

MD5
83865e1b85f8c606b832bd3251e00c5c

SHA1
4450b73f608676d1ad30b18d11a81d5f69b2d533

SHA256
a0c43dfa9880598ffbb9e85c5950b5399a35acfe52101778d82e6a8bb088f8a4

SHA512
dd0196f8e4532c3070bb0ef34415cfb112b0a9d51c25f99b823988f013ff6c8667c87ae871328e7bb3fe4120beb73a3a79f325308ac7ff379ef4fab330ab6743

Download Submit
C:\Windows\System32\XJnaYMn.exe

Filesize
1.0MB

MD5
2efb919f6aa5b954d9c5ed20f4283455

SHA1
ea31731bf37dbffa4ae26afdd461c527e567251b

SHA256
35109c95ad0097de91dfa1794032f1c5c1bb9d546fb67041d2d66ea91ed3fec5

SHA512
82c0dacfceb06bf76450d851aa4638a9c37a9406170a72e70fc7f7dbfe50a7e696c021a263444f9d0740593f4df94402669eb4b88ab68f4b4e724dfc31f8cb1b

Download Submit
C:\Windows\System32\YvmnMUv.exe

Filesize
1.0MB

MD5
bd07eb5b5330c746ca2ce53400d1e229

SHA1
58f7ca8ba6f4019898bec5a58ed705677a3e78f8

SHA256
1b7a2af01148718e10dad03c549f0e475966e55f7c794d0b9451d52b56999306

SHA512
12e39ef772b07721a18b51198cde458f9e010fa0c3ab6e2c3fff13fcb596473c798c024ced4fa41cd05a9098eb413ed1ed3539e1a66714bb514b01b2ed8897a7

Download Submit
C:\Windows\System32\aMYGZHY.exe

Filesize
1.0MB

MD5
ac2cd22e71ef9fe6e5b71694ea33dfa3

SHA1
daa047cacb26fb1dd37131371aedb176ebc79014

SHA256
d5622d8d45ecaa75ec4a714b38c4a4f678393d5b581139fbad3f50643ca44f7d

SHA512
edda58f9b9e37c38110e7e532abfee77e0f715888ee78b8c5f1eecb65e78d5825ab4c2cd4436e136b0ba6699a6ae22dcc1d230f03baa26803bb6653ec1e41e5c

Download Submit
C:\Windows\System32\djQtzYx.exe

Filesize
1.0MB

MD5
bee922bc07ddff9c2943b05cd5479c70

SHA1
c8ee4ba750a50bd7a727614635a43ffeafeab980

SHA256
4e852146b882884ef0fc4a63bf9397b12e7a9333b173b44862cf41d108ae9388

SHA512
8862b1a6d546ca9ebe7cd46bef06ad0ccf54ca38866b5641dc7e4bb99260c5a0d0fe758d922c99819a5ec65fc4918fbd6fa6298198fedfa98fe2b94937d3b7ba

Download Submit
C:\Windows\System32\dvWmWCa.exe

Filesize
1.0MB

MD5
a6d0d464ed79defb19ac41b060dba7e2

SHA1
6a10a51c1407f6dc9ae1832350aa344362059e69

SHA256
1494181b2783315e7ba7df8fb6cd553356197cf75411ed8f197729b02d2cae64

SHA512
7d11d9a904279a581112d65b8ef6e72d0c94555f2b467fd236d966c21c23ea38210fe48a049b492a6054455ca798294ee935b08b691dcae37c21b999ce05f712

Download Submit
C:\Windows\System32\fbBWiVo.exe

Filesize
1.0MB

MD5
c91ef7d43216134a5e05d6fe634bbeb4

SHA1
d80233a1af288b95940774d94960be5d4465b7d5

SHA256
326ae7bb82145e299c9f4eda6473704a5da647de3de94111e12c4976c236c17e

SHA512
b2a21a0d0945981af9cf18d78b88db563d6af5159b4521485d2dbbe43f654f97ec3cc3a518f707269620cbc6d97cc9154a6a4ce2008d9342c5b229716aad4c24

Download Submit
C:\Windows\System32\gwRqvaB.exe

Filesize
1.0MB

MD5
d8c41df64e62995e2e64dc03255c9393

SHA1
258ee30f3046a921cc72cd2b0a3bc9f5b977f28f

SHA256
adde3d9135426c8fbdad73f98d740ee0385bd8873cc8bac0fa5921d37736ec3b

SHA512
c77ac2a09f95f8e02abcdfe7d0c9cf10c47c87b24ecebd7a4f1626bc83fa761f9d7c2e2fadd7368e191e36f163973dafd469fa84e05ff612b3834f0876ca2684

Download Submit
C:\Windows\System32\iteaJoC.exe

Filesize
1.0MB

MD5
849e8a93ca119d2f3e0ddb0ac2a29641

SHA1
f6c4ddd74d86ee284756fbda17cd93cbbe968d9b

SHA256
fba0130a5718634c733c8bc62bc6eafaf58555531ac6dbcc96d012c06fd9acef

SHA512
c8efc11bfcec66ae36c90b4e29d9b071966e92bd810b0441932f00811a08e2dfac2eb218bc287d8b544855f73c3fa494ba14fce62bc79369f3a642d9e4a02fe9

Download Submit
C:\Windows\System32\nsnJifm.exe

Filesize
1.0MB

MD5
5bf5c805c5dce7216cfaacc3b7df0e5d

SHA1
11a8eb8e94e75b4b3e8c8dee754c8f111aa8c334

SHA256
ffd0b5d3ee7a37e895edcc100d1a487cfe3e5a7a138ac09017485bfa62ce3985

SHA512
33a3a6ea5bef1b9a264cfdc04711179834f6728ee2d06cff13b206c44c67a1d910decfbdae47ba7d3182844d03dc3620d706e71f6302604dbbdc84170ca0c73d

Download Submit
C:\Windows\System32\oRbVblF.exe

Filesize
1.0MB

MD5
da8603ee398c4df562bd1164243a602d

SHA1
44f7ba448181b73ecd02b60cda307ca3f5afc2d3

SHA256
fd040c2b8566fe8ba9debcfe8839702eb4cb8bbd196bcff8113bbcda3eeaae5e

SHA512
66ea95a7e10ee69dda9d59b35bbc2c7dca2c08567ab3b2371cf7186975875d63919f2bd1aeaadcfbf1d125453d4ee383109557f4eabcccf60d84504e4dd96f00

Download Submit
C:\Windows\System32\qPebaDy.exe

Filesize
1.0MB

MD5
233d53d25d96a49e4b07145b7923940e

SHA1
e9bf0c10322c4a515060a1c153f5c0f952d98293

SHA256
3f45c9a210cb84237aadabe3385943c4eac29ecc240191a2de99a7c27ec40a59

SHA512
ec4db44bf455cc02bfd06710b22bd18412d3b2d85c25c0e390d5cf0611c37727da037ec5cba5820ff82ab274b38167b8902f0f39bc18e05ecc53f7271b3bb29a

Download Submit
C:\Windows\System32\sHRnejV.exe

Filesize
1.0MB

MD5
98e17e117f0f50ec901bf897cadcd91a

SHA1
5c2459efd523dce1e2664e55c930912007ff75aa

SHA256
334332dd504344d962995357769b524097c797db0efbd831de514c4e54e1ccc9

SHA512
d84283fe547acae65f323d1758f65fc8ff3d4ed8ef05ae43e73fae39353e9ad3eb30afdd6e0ac4661d725265bb2e0a199ca4df9da0a365cbf533747bc41e06f1

Download Submit
C:\Windows\System32\tXheBLs.exe

Filesize
1.0MB

MD5
7dba80580e45ac6a7cc93e0e9dec7a8a

SHA1
de155b1e74ce26c03c4777f5b2fd205e9454d3d9

SHA256
02bee44c3f0ed5f8e5fedd07a05a2187e669993e377803412924b0dd77b0f57e

SHA512
9a524a4236cb7e7bf7f0385550e3701c055919ce6e6c59c5636eb9a773376be937c1cdbd132caafa536ab635951ceb386bc378180cb2568aa480cb302f4b9eed

Download Submit
C:\Windows\System32\vFJWjsf.exe

Filesize
1.0MB

MD5
7bce25ca1e9c45c20802cbaf28da189a

SHA1
d48b89f236ae6ced03a97d1ecf41e267e159167f

SHA256
24d59dc58e9b323a0766465e32fdcf7b37e23ecaa998e1f89997ab52e3b500bf

SHA512
0d1f65f840a2e076df5dfbed50394a5c1274c4eb884be36fc596bca8c7bc99feff558b3bd6d49dab67649a43dfcf64fbd2d1fadca41ede4e4c84805273702b41

Download Submit
C:\Windows\System32\ybpXinN.exe

Filesize
1.0MB

MD5
1a4064121e3dc33f487ba9bdc3407685

SHA1
548c9193b2ef0ac0c8f87904139750a878c853d5

SHA256
b8f9dff77836e3829f5f67a85e5624b78a92a5af73fb0f71cc9c613ff1b92f2f

SHA512
6c294595c585de57643e04c102e3bea3085c13f107a9d8403155f005336e59d702b2742edcbd3dfb47ea4dc3be9c1357d1900aac235b4638595d6a27a1f66a53

Download Submit
memory/336-2168-0x00007FF62DC00000-0x00007FF62DFF1000-memory.dmp

Filesize
3.9MB

Download
memory/336-434-0x00007FF62DC00000-0x00007FF62DFF1000-memory.dmp

Filesize
3.9MB

Download
memory/396-361-0x00007FF6F7210000-0x00007FF6F7601000-memory.dmp

Filesize
3.9MB

Download
memory/396-2121-0x00007FF6F7210000-0x00007FF6F7601000-memory.dmp

Filesize
3.9MB

Download
memory/668-2139-0x00007FF6658D0000-0x00007FF665CC1000-memory.dmp

Filesize
3.9MB

Download
memory/668-378-0x00007FF6658D0000-0x00007FF665CC1000-memory.dmp

Filesize
3.9MB

Download
memory/1012-2116-0x00007FF64DE10000-0x00007FF64E201000-memory.dmp

Filesize
3.9MB

Download
memory/1012-1440-0x00007FF64DE10000-0x00007FF64E201000-memory.dmp

Filesize
3.9MB

Download
memory/1012-23-0x00007FF64DE10000-0x00007FF64E201000-memory.dmp

Filesize
3.9MB

Download
memory/1164-2118-0x00007FF74A800000-0x00007FF74ABF1000-memory.dmp

Filesize
3.9MB

Download
memory/1164-1544-0x00007FF74A800000-0x00007FF74ABF1000-memory.dmp

Filesize
3.9MB

Download
memory/1164-349-0x00007FF74A800000-0x00007FF74ABF1000-memory.dmp

Filesize
3.9MB

Download
memory/1572-501-0x00007FF762530000-0x00007FF762921000-memory.dmp

Filesize
3.9MB

Download
memory/1572-2180-0x00007FF762530000-0x00007FF762921000-memory.dmp

Filesize
3.9MB

Download
memory/2056-506-0x00007FF794D10000-0x00007FF795101000-memory.dmp

Filesize
3.9MB

Download
memory/2056-2213-0x00007FF794D10000-0x00007FF795101000-memory.dmp

Filesize
3.9MB

Download
memory/2164-2162-0x00007FF609AC0000-0x00007FF609EB1000-memory.dmp

Filesize
3.9MB

Download
memory/2164-418-0x00007FF609AC0000-0x00007FF609EB1000-memory.dmp

Filesize
3.9MB

Download
memory/2460-2122-0x00007FF6C84C0000-0x00007FF6C88B1000-memory.dmp

Filesize
3.9MB

Download
memory/2460-355-0x00007FF6C84C0000-0x00007FF6C88B1000-memory.dmp

Filesize
3.9MB

Download
memory/2660-2164-0x00007FF74EA50000-0x00007FF74EE41000-memory.dmp

Filesize
3.9MB

Download
memory/2660-419-0x00007FF74EA50000-0x00007FF74EE41000-memory.dmp

Filesize
3.9MB

Download
memory/2744-487-0x00007FF65FA30000-0x00007FF65FE21000-memory.dmp

Filesize
3.9MB

Download
memory/2744-2178-0x00007FF65FA30000-0x00007FF65FE21000-memory.dmp

Filesize
3.9MB

Download
memory/2748-2174-0x00007FF61B300000-0x00007FF61B6F1000-memory.dmp

Filesize
3.9MB

Download
memory/2748-483-0x00007FF61B300000-0x00007FF61B6F1000-memory.dmp

Filesize
3.9MB

Download
memory/2840-1-0x0000020D28090000-0x0000020D280A0000-memory.dmp

Filesize
64KB

Download
memory/2840-1146-0x00007FF685A70000-0x00007FF685E61000-memory.dmp

Filesize
3.9MB

Download
memory/2840-0-0x00007FF685A70000-0x00007FF685E61000-memory.dmp

Filesize
3.9MB

Download
memory/2880-505-0x00007FF6A5680000-0x00007FF6A5A71000-memory.dmp

Filesize
3.9MB

Download
memory/2880-2182-0x00007FF6A5680000-0x00007FF6A5A71000-memory.dmp

Filesize
3.9MB

Download
memory/3352-461-0x00007FF7DF9B0000-0x00007FF7DFDA1000-memory.dmp

Filesize
3.9MB

Download
memory/3352-2172-0x00007FF7DF9B0000-0x00007FF7DFDA1000-memory.dmp

Filesize
3.9MB

Download
memory/3484-2170-0x00007FF7C77E0000-0x00007FF7C7BD1000-memory.dmp

Filesize
3.9MB

Download
memory/3484-449-0x00007FF7C77E0000-0x00007FF7C7BD1000-memory.dmp

Filesize
3.9MB

Download
memory/3632-422-0x00007FF6D94A0000-0x00007FF6D9891000-memory.dmp

Filesize
3.9MB

Download
memory/3632-2166-0x00007FF6D94A0000-0x00007FF6D9891000-memory.dmp

Filesize
3.9MB

Download
memory/4292-370-0x00007FF627310000-0x00007FF627701000-memory.dmp

Filesize
3.9MB

Download
memory/4292-2142-0x00007FF627310000-0x00007FF627701000-memory.dmp

Filesize
3.9MB

Download
memory/4484-416-0x00007FF7272A0000-0x00007FF727691000-memory.dmp

Filesize
3.9MB

Download
memory/4484-2155-0x00007FF7272A0000-0x00007FF727691000-memory.dmp

Filesize
3.9MB

Download
memory/4520-507-0x00007FF7E96A0000-0x00007FF7E9A91000-memory.dmp

Filesize
3.9MB

Download
memory/4520-2124-0x00007FF7E96A0000-0x00007FF7E9A91000-memory.dmp

Filesize
3.9MB

Download
memory/4604-2176-0x00007FF7D5DE0000-0x00007FF7D61D1000-memory.dmp

Filesize
3.9MB

Download
memory/4604-484-0x00007FF7D5DE0000-0x00007FF7D61D1000-memory.dmp

Filesize
3.9MB

Download
memory/4736-2184-0x00007FF60BA50000-0x00007FF60BE41000-memory.dmp

Filesize
3.9MB

Download
memory/4736-503-0x00007FF60BA50000-0x00007FF60BE41000-memory.dmp

Filesize
3.9MB

Download
memory/4788-2126-0x00007FF728F90000-0x00007FF729381000-memory.dmp

Filesize
3.9MB

Download
memory/4788-368-0x00007FF728F90000-0x00007FF729381000-memory.dmp

Filesize
3.9MB

Download
memory/5048-1291-0x00007FF6056E0000-0x00007FF605AD1000-memory.dmp

Filesize
3.9MB

Download
memory/5048-2112-0x00007FF6056E0000-0x00007FF605AD1000-memory.dmp

Filesize
3.9MB

Download
memory/5048-7-0x00007FF6056E0000-0x00007FF605AD1000-memory.dmp

Filesize
3.9MB

Download
memory/5108-1436-0x00007FF77DDB0000-0x00007FF77E1A1000-memory.dmp

Filesize
3.9MB

Download
memory/5108-2114-0x00007FF77DDB0000-0x00007FF77E1A1000-memory.dmp

Filesize
3.9MB

Download
memory/5108-12-0x00007FF77DDB0000-0x00007FF77E1A1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads