xmrig | 65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcf

Analysis

max time kernel
94s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
Size

1.9MB
MD5

aed26e5d6ecb8411abdbbce9d71c29d0
SHA1

f641103468335f210d9e1c2b5ba55faca2ecf373
SHA256

65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcf
SHA512

d4304fb1c0bb6895ed4caa835563a3ef1a3eb14ffac84267ab28509a1e9023890aa6b729ba5303731d81c8c6e6d43e1a7b4257c4f45a023d3a291c0bae1109f4
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQHxJ1U/QjT:oemTLkNdfE0pZrQN

Score

10^/10

xmrig miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/428-0-0x00007FF70FB40000-0x00007FF70FE94000-memory.dmp	xmrig
behavioral2/files/0x000900000002345c-5.dat	xmrig
behavioral2/files/0x000700000002346e-9.dat	xmrig
behavioral2/files/0x000700000002346f-7.dat	xmrig
behavioral2/memory/2760-8-0x00007FF691600000-0x00007FF691954000-memory.dmp	xmrig
behavioral2/files/0x0007000000023470-21.dat	xmrig
behavioral2/memory/3920-29-0x00007FF7DC600000-0x00007FF7DC954000-memory.dmp	xmrig
behavioral2/files/0x0007000000023471-35.dat	xmrig
behavioral2/files/0x0007000000023472-38.dat	xmrig
behavioral2/memory/3360-43-0x00007FF782280000-0x00007FF7825D4000-memory.dmp	xmrig
behavioral2/memory/4804-44-0x00007FF7BF210000-0x00007FF7BF564000-memory.dmp	xmrig
behavioral2/files/0x0007000000023473-41.dat	xmrig
behavioral2/memory/4620-40-0x00007FF7F2310000-0x00007FF7F2664000-memory.dmp	xmrig
behavioral2/memory/1724-31-0x00007FF6B94D0000-0x00007FF6B9824000-memory.dmp	xmrig
behavioral2/memory/4720-22-0x00007FF6D91C0000-0x00007FF6D9514000-memory.dmp	xmrig
behavioral2/files/0x0007000000023474-46.dat	xmrig
behavioral2/files/0x000b000000023464-54.dat	xmrig
behavioral2/files/0x0007000000023477-61.dat	xmrig
behavioral2/files/0x0007000000023476-62.dat	xmrig
behavioral2/memory/184-52-0x00007FF625BC0000-0x00007FF625F14000-memory.dmp	xmrig
behavioral2/memory/1196-66-0x00007FF77F850000-0x00007FF77FBA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023479-72.dat	xmrig
behavioral2/memory/2276-81-0x00007FF68E5B0000-0x00007FF68E904000-memory.dmp	xmrig
behavioral2/files/0x0007000000023478-83.dat	xmrig
behavioral2/files/0x000700000002347a-82.dat	xmrig
behavioral2/files/0x000700000002347d-96.dat	xmrig
behavioral2/files/0x000700000002347e-107.dat	xmrig
behavioral2/files/0x000700000002347f-109.dat	xmrig
behavioral2/files/0x0007000000023481-121.dat	xmrig
behavioral2/files/0x0007000000023483-132.dat	xmrig
behavioral2/files/0x0007000000023486-143.dat	xmrig
behavioral2/files/0x0007000000023488-157.dat	xmrig
behavioral2/files/0x000700000002348b-172.dat	xmrig
behavioral2/memory/1532-461-0x00007FF603F20000-0x00007FF604274000-memory.dmp	xmrig
behavioral2/memory/3124-465-0x00007FF6E76D0000-0x00007FF6E7A24000-memory.dmp	xmrig
behavioral2/memory/1608-473-0x00007FF63D4B0000-0x00007FF63D804000-memory.dmp	xmrig
behavioral2/memory/5084-477-0x00007FF7F1E80000-0x00007FF7F21D4000-memory.dmp	xmrig
behavioral2/memory/4888-482-0x00007FF69BDA0000-0x00007FF69C0F4000-memory.dmp	xmrig
behavioral2/memory/4284-480-0x00007FF723210000-0x00007FF723564000-memory.dmp	xmrig
behavioral2/memory/1256-478-0x00007FF7D5190000-0x00007FF7D54E4000-memory.dmp	xmrig
behavioral2/memory/644-474-0x00007FF6E3D30000-0x00007FF6E4084000-memory.dmp	xmrig
behavioral2/memory/1864-468-0x00007FF6781E0000-0x00007FF678534000-memory.dmp	xmrig
behavioral2/memory/4500-464-0x00007FF62E010000-0x00007FF62E364000-memory.dmp	xmrig
behavioral2/memory/1848-456-0x00007FF7A4010000-0x00007FF7A4364000-memory.dmp	xmrig
behavioral2/memory/4000-455-0x00007FF795FE0000-0x00007FF796334000-memory.dmp	xmrig
behavioral2/memory/1188-490-0x00007FF695830000-0x00007FF695B84000-memory.dmp	xmrig
behavioral2/memory/2060-493-0x00007FF75A270000-0x00007FF75A5C4000-memory.dmp	xmrig
behavioral2/memory/1576-497-0x00007FF601C60000-0x00007FF601FB4000-memory.dmp	xmrig
behavioral2/memory/4912-501-0x00007FF787FD0000-0x00007FF788324000-memory.dmp	xmrig
behavioral2/files/0x000700000002348d-176.dat	xmrig
behavioral2/files/0x000700000002348c-171.dat	xmrig
behavioral2/files/0x000700000002348a-167.dat	xmrig
behavioral2/files/0x0007000000023489-162.dat	xmrig
behavioral2/files/0x0007000000023487-152.dat	xmrig
behavioral2/files/0x0007000000023485-141.dat	xmrig
behavioral2/files/0x0007000000023484-137.dat	xmrig
behavioral2/files/0x0007000000023482-127.dat	xmrig
behavioral2/files/0x0007000000023480-114.dat	xmrig
behavioral2/files/0x000700000002347c-100.dat	xmrig
behavioral2/memory/1296-97-0x00007FF676F10000-0x00007FF677264000-memory.dmp	xmrig
behavioral2/files/0x000700000002347b-88.dat	xmrig
behavioral2/memory/5064-87-0x00007FF6E2010000-0x00007FF6E2364000-memory.dmp	xmrig
behavioral2/memory/4724-73-0x00007FF685490000-0x00007FF6857E4000-memory.dmp	xmrig
behavioral2/memory/428-879-0x00007FF70FB40000-0x00007FF70FE94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2760	NtcukqI.exe
4720	rpwhHGf.exe
4620	FjGukvB.exe
3920	deqEONL.exe
3360	ZTcHsmU.exe
1724	fkgIqmt.exe
4804	OLcWbMM.exe
184	XZXnNfX.exe
1196	VHlsxZk.exe
1296	hCVdlSp.exe
4724	dXGUBvq.exe
4000	JrtxRci.exe
2276	ZNHvDPJ.exe
1848	ChACdSq.exe
5064	WRaJrGO.exe
1576	jwsmJbY.exe
1532	fCEhbPm.exe
4912	SjJvosk.exe
4500	rtPEFaM.exe
3124	lvOGMJU.exe
1864	GOgfPeH.exe
1608	VgmSyDf.exe
644	UoamtzV.exe
5084	FXCiwvq.exe
1256	DpWroFk.exe
4284	ZEVUMSH.exe
4888	RqsCclC.exe
1188	tNzPioM.exe
2060	vZOmalM.exe
2264	IZWFRNN.exe
3752	layufft.exe
4424	XLUYiit.exe
648	pzDrFPw.exe
704	coffeVI.exe
1012	LRDEpYd.exe
1248	cSgqtSV.exe
2124	PSgSzjM.exe
3624	qfQeYJM.exe
3776	irXJSru.exe
4788	BVUQetv.exe
3840	rMjAUxZ.exe
3356	iJWEKaX.exe
3540	kogQttG.exe
1824	YOiyVfk.exe
2184	IpTBqcX.exe
756	saYefgl.exe
1592	mObxTqf.exe
3932	vLfuHPW.exe
1604	ihNwwuR.exe
2688	YQQvXBN.exe
220	LycWmvp.exe
5076	cgQblQS.exe
2888	aqMPKdR.exe
4036	OoaCYsS.exe
916	tJHcDkO.exe
4796	scCMMgd.exe
2092	PtnENpl.exe
4736	LuyXMka.exe
972	JrGGEAn.exe
2792	DRDyjDL.exe
2956	bjCXQxu.exe
376	XfQgqJV.exe
4672	fPlEItn.exe
1336	tCQhUNs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/428-0-0x00007FF70FB40000-0x00007FF70FE94000-memory.dmp	upx
behavioral2/files/0x000900000002345c-5.dat	upx
behavioral2/files/0x000700000002346e-9.dat	upx
behavioral2/files/0x000700000002346f-7.dat	upx
behavioral2/memory/2760-8-0x00007FF691600000-0x00007FF691954000-memory.dmp	upx
behavioral2/files/0x0007000000023470-21.dat	upx
behavioral2/memory/3920-29-0x00007FF7DC600000-0x00007FF7DC954000-memory.dmp	upx
behavioral2/files/0x0007000000023471-35.dat	upx
behavioral2/files/0x0007000000023472-38.dat	upx
behavioral2/memory/3360-43-0x00007FF782280000-0x00007FF7825D4000-memory.dmp	upx
behavioral2/memory/4804-44-0x00007FF7BF210000-0x00007FF7BF564000-memory.dmp	upx
behavioral2/files/0x0007000000023473-41.dat	upx
behavioral2/memory/4620-40-0x00007FF7F2310000-0x00007FF7F2664000-memory.dmp	upx
behavioral2/memory/1724-31-0x00007FF6B94D0000-0x00007FF6B9824000-memory.dmp	upx
behavioral2/memory/4720-22-0x00007FF6D91C0000-0x00007FF6D9514000-memory.dmp	upx
behavioral2/files/0x0007000000023474-46.dat	upx
behavioral2/files/0x000b000000023464-54.dat	upx
behavioral2/files/0x0007000000023477-61.dat	upx
behavioral2/files/0x0007000000023476-62.dat	upx
behavioral2/memory/184-52-0x00007FF625BC0000-0x00007FF625F14000-memory.dmp	upx
behavioral2/memory/1196-66-0x00007FF77F850000-0x00007FF77FBA4000-memory.dmp	upx
behavioral2/files/0x0007000000023479-72.dat	upx
behavioral2/memory/2276-81-0x00007FF68E5B0000-0x00007FF68E904000-memory.dmp	upx
behavioral2/files/0x0007000000023478-83.dat	upx
behavioral2/files/0x000700000002347a-82.dat	upx
behavioral2/files/0x000700000002347d-96.dat	upx
behavioral2/files/0x000700000002347e-107.dat	upx
behavioral2/files/0x000700000002347f-109.dat	upx
behavioral2/files/0x0007000000023481-121.dat	upx
behavioral2/files/0x0007000000023483-132.dat	upx
behavioral2/files/0x0007000000023486-143.dat	upx
behavioral2/files/0x0007000000023488-157.dat	upx
behavioral2/files/0x000700000002348b-172.dat	upx
behavioral2/memory/1532-461-0x00007FF603F20000-0x00007FF604274000-memory.dmp	upx
behavioral2/memory/3124-465-0x00007FF6E76D0000-0x00007FF6E7A24000-memory.dmp	upx
behavioral2/memory/1608-473-0x00007FF63D4B0000-0x00007FF63D804000-memory.dmp	upx
behavioral2/memory/5084-477-0x00007FF7F1E80000-0x00007FF7F21D4000-memory.dmp	upx
behavioral2/memory/4888-482-0x00007FF69BDA0000-0x00007FF69C0F4000-memory.dmp	upx
behavioral2/memory/4284-480-0x00007FF723210000-0x00007FF723564000-memory.dmp	upx
behavioral2/memory/1256-478-0x00007FF7D5190000-0x00007FF7D54E4000-memory.dmp	upx
behavioral2/memory/644-474-0x00007FF6E3D30000-0x00007FF6E4084000-memory.dmp	upx
behavioral2/memory/1864-468-0x00007FF6781E0000-0x00007FF678534000-memory.dmp	upx
behavioral2/memory/4500-464-0x00007FF62E010000-0x00007FF62E364000-memory.dmp	upx
behavioral2/memory/1848-456-0x00007FF7A4010000-0x00007FF7A4364000-memory.dmp	upx
behavioral2/memory/4000-455-0x00007FF795FE0000-0x00007FF796334000-memory.dmp	upx
behavioral2/memory/1188-490-0x00007FF695830000-0x00007FF695B84000-memory.dmp	upx
behavioral2/memory/2060-493-0x00007FF75A270000-0x00007FF75A5C4000-memory.dmp	upx
behavioral2/memory/1576-497-0x00007FF601C60000-0x00007FF601FB4000-memory.dmp	upx
behavioral2/memory/4912-501-0x00007FF787FD0000-0x00007FF788324000-memory.dmp	upx
behavioral2/files/0x000700000002348d-176.dat	upx
behavioral2/files/0x000700000002348c-171.dat	upx
behavioral2/files/0x000700000002348a-167.dat	upx
behavioral2/files/0x0007000000023489-162.dat	upx
behavioral2/files/0x0007000000023487-152.dat	upx
behavioral2/files/0x0007000000023485-141.dat	upx
behavioral2/files/0x0007000000023484-137.dat	upx
behavioral2/files/0x0007000000023482-127.dat	upx
behavioral2/files/0x0007000000023480-114.dat	upx
behavioral2/files/0x000700000002347c-100.dat	upx
behavioral2/memory/1296-97-0x00007FF676F10000-0x00007FF677264000-memory.dmp	upx
behavioral2/files/0x000700000002347b-88.dat	upx
behavioral2/memory/5064-87-0x00007FF6E2010000-0x00007FF6E2364000-memory.dmp	upx
behavioral2/memory/4724-73-0x00007FF685490000-0x00007FF6857E4000-memory.dmp	upx
behavioral2/memory/428-879-0x00007FF70FB40000-0x00007FF70FE94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FhvaBlK.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\qfhLMlo.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\LycWmvp.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\GSdyHSz.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\HlYapAr.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\nQJsKnO.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\XqUvycM.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\VXmfydr.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\cgQblQS.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\JRadlRz.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\UpRCQnm.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\vfotVrI.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\fkgIqmt.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\irXJSru.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\OYYudTH.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\BZJnFKH.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\OXBKaMb.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\THOHSVA.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\fzJTkef.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\alFtbCH.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\SjJvosk.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\WaELbGk.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\YVgWYzk.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\DQinUyX.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\WnRjMeJ.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\ylJzSnr.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\sUcIZif.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\bUshVHr.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\dnWvUDi.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\pViyBfk.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\qDOjKjY.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\sHcWjBH.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\cGwVQRy.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\rAJpSQa.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\SVpOfXU.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\OjkStBH.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\IdmJHJC.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\KoollQg.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\PAxprJx.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\ZntozdS.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\hBPxvnc.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\kThLpaN.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\rvyIlKv.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\iIpDIsB.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\SDTjJYZ.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\spxFcND.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\JRyZCoU.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\vSUqpXI.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\aqMPKdR.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\fRpmccP.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\avJdVCy.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\GovngPN.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\VZpzKjN.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\NWaHKaE.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\vZOmalM.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\QqAsuRA.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\rRQrVIP.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\VvQbxar.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\ZkYvoJK.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\RUCgMmt.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\ebTpvcc.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\tmBoePv.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\DqCAxsp.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
File created	C:\Windows\System\NHDTfrf.exe	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13716	dwm.exe
Token: SeChangeNotifyPrivilege	13716	dwm.exe
Token: 33	13716	dwm.exe
Token: SeIncBasePriorityPrivilege	13716	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 2760	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	83
PID 428 wrote to memory of 2760	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	83
PID 428 wrote to memory of 4720	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	84
PID 428 wrote to memory of 4720	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	84
PID 428 wrote to memory of 4620	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	85
PID 428 wrote to memory of 4620	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	85
PID 428 wrote to memory of 3920	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	86
PID 428 wrote to memory of 3920	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	86
PID 428 wrote to memory of 3360	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	87
PID 428 wrote to memory of 3360	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	87
PID 428 wrote to memory of 1724	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	88
PID 428 wrote to memory of 1724	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	88
PID 428 wrote to memory of 4804	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	89
PID 428 wrote to memory of 4804	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	89
PID 428 wrote to memory of 184	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	90
PID 428 wrote to memory of 184	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	90
PID 428 wrote to memory of 1196	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	91
PID 428 wrote to memory of 1196	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	91
PID 428 wrote to memory of 1296	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	92
PID 428 wrote to memory of 1296	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	92
PID 428 wrote to memory of 4724	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	93
PID 428 wrote to memory of 4724	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	93
PID 428 wrote to memory of 4000	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	94
PID 428 wrote to memory of 4000	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	94
PID 428 wrote to memory of 2276	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	95
PID 428 wrote to memory of 2276	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	95
PID 428 wrote to memory of 1848	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	96
PID 428 wrote to memory of 1848	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	96
PID 428 wrote to memory of 5064	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	97
PID 428 wrote to memory of 5064	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	97
PID 428 wrote to memory of 1576	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	98
PID 428 wrote to memory of 1576	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	98
PID 428 wrote to memory of 1532	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	99
PID 428 wrote to memory of 1532	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	99
PID 428 wrote to memory of 4912	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	100
PID 428 wrote to memory of 4912	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	100
PID 428 wrote to memory of 4500	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	101
PID 428 wrote to memory of 4500	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	101
PID 428 wrote to memory of 3124	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	102
PID 428 wrote to memory of 3124	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	102
PID 428 wrote to memory of 1864	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	103
PID 428 wrote to memory of 1864	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	103
PID 428 wrote to memory of 1608	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	104
PID 428 wrote to memory of 1608	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	104
PID 428 wrote to memory of 644	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	105
PID 428 wrote to memory of 644	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	105
PID 428 wrote to memory of 5084	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	106
PID 428 wrote to memory of 5084	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	106
PID 428 wrote to memory of 1256	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	107
PID 428 wrote to memory of 1256	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	107
PID 428 wrote to memory of 4284	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	108
PID 428 wrote to memory of 4284	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	108
PID 428 wrote to memory of 4888	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	109
PID 428 wrote to memory of 4888	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	109
PID 428 wrote to memory of 1188	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	110
PID 428 wrote to memory of 1188	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	110
PID 428 wrote to memory of 2060	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	111
PID 428 wrote to memory of 2060	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	111
PID 428 wrote to memory of 2264	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	112
PID 428 wrote to memory of 2264	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	112
PID 428 wrote to memory of 3752	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	113
PID 428 wrote to memory of 3752	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	113
PID 428 wrote to memory of 4424	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	114
PID 428 wrote to memory of 4424	428	65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe	114

C:\Users\Admin\AppData\Local\Temp\65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe
"C:\Users\Admin\AppData\Local\Temp\65814ba6262f7bb543c1ecdea63dd830c02d6cae44dcdfa80755db312bf2cbcfN.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:428
- C:\Windows\System\NtcukqI.exe
  C:\Windows\System\NtcukqI.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\rpwhHGf.exe
  C:\Windows\System\rpwhHGf.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\FjGukvB.exe
  C:\Windows\System\FjGukvB.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\deqEONL.exe
  C:\Windows\System\deqEONL.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\ZTcHsmU.exe
  C:\Windows\System\ZTcHsmU.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\fkgIqmt.exe
  C:\Windows\System\fkgIqmt.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\OLcWbMM.exe
  C:\Windows\System\OLcWbMM.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\XZXnNfX.exe
  C:\Windows\System\XZXnNfX.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\VHlsxZk.exe
  C:\Windows\System\VHlsxZk.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\hCVdlSp.exe
  C:\Windows\System\hCVdlSp.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\dXGUBvq.exe
  C:\Windows\System\dXGUBvq.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\JrtxRci.exe
  C:\Windows\System\JrtxRci.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\ZNHvDPJ.exe
  C:\Windows\System\ZNHvDPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\ChACdSq.exe
  C:\Windows\System\ChACdSq.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\WRaJrGO.exe
  C:\Windows\System\WRaJrGO.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\jwsmJbY.exe
  C:\Windows\System\jwsmJbY.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\fCEhbPm.exe
  C:\Windows\System\fCEhbPm.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\SjJvosk.exe
  C:\Windows\System\SjJvosk.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\rtPEFaM.exe
  C:\Windows\System\rtPEFaM.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\lvOGMJU.exe
  C:\Windows\System\lvOGMJU.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\GOgfPeH.exe
  C:\Windows\System\GOgfPeH.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\VgmSyDf.exe
  C:\Windows\System\VgmSyDf.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\UoamtzV.exe
  C:\Windows\System\UoamtzV.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\FXCiwvq.exe
  C:\Windows\System\FXCiwvq.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\DpWroFk.exe
  C:\Windows\System\DpWroFk.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\ZEVUMSH.exe
  C:\Windows\System\ZEVUMSH.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\RqsCclC.exe
  C:\Windows\System\RqsCclC.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\tNzPioM.exe
  C:\Windows\System\tNzPioM.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\vZOmalM.exe
  C:\Windows\System\vZOmalM.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\IZWFRNN.exe
  C:\Windows\System\IZWFRNN.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\layufft.exe
  C:\Windows\System\layufft.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\XLUYiit.exe
  C:\Windows\System\XLUYiit.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\pzDrFPw.exe
  C:\Windows\System\pzDrFPw.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\coffeVI.exe
  C:\Windows\System\coffeVI.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\LRDEpYd.exe
  C:\Windows\System\LRDEpYd.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\cSgqtSV.exe
  C:\Windows\System\cSgqtSV.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\PSgSzjM.exe
  C:\Windows\System\PSgSzjM.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\qfQeYJM.exe
  C:\Windows\System\qfQeYJM.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\irXJSru.exe
  C:\Windows\System\irXJSru.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\BVUQetv.exe
  C:\Windows\System\BVUQetv.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\rMjAUxZ.exe
  C:\Windows\System\rMjAUxZ.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\iJWEKaX.exe
  C:\Windows\System\iJWEKaX.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\kogQttG.exe
  C:\Windows\System\kogQttG.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\YOiyVfk.exe
  C:\Windows\System\YOiyVfk.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\IpTBqcX.exe
  C:\Windows\System\IpTBqcX.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\saYefgl.exe
  C:\Windows\System\saYefgl.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\mObxTqf.exe
  C:\Windows\System\mObxTqf.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\vLfuHPW.exe
  C:\Windows\System\vLfuHPW.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\ihNwwuR.exe
  C:\Windows\System\ihNwwuR.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\YQQvXBN.exe
  C:\Windows\System\YQQvXBN.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\LycWmvp.exe
  C:\Windows\System\LycWmvp.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\cgQblQS.exe
  C:\Windows\System\cgQblQS.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\aqMPKdR.exe
  C:\Windows\System\aqMPKdR.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\OoaCYsS.exe
  C:\Windows\System\OoaCYsS.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\tJHcDkO.exe
  C:\Windows\System\tJHcDkO.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\scCMMgd.exe
  C:\Windows\System\scCMMgd.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\PtnENpl.exe
  C:\Windows\System\PtnENpl.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\LuyXMka.exe
  C:\Windows\System\LuyXMka.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\JrGGEAn.exe
  C:\Windows\System\JrGGEAn.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\DRDyjDL.exe
  C:\Windows\System\DRDyjDL.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\bjCXQxu.exe
  C:\Windows\System\bjCXQxu.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\XfQgqJV.exe
  C:\Windows\System\XfQgqJV.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\fPlEItn.exe
  C:\Windows\System\fPlEItn.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\tCQhUNs.exe
  C:\Windows\System\tCQhUNs.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\HXhRgMH.exe
  C:\Windows\System\HXhRgMH.exe
  2⤵
  PID:3284
- C:\Windows\System\JzbeIVq.exe
  C:\Windows\System\JzbeIVq.exe
  2⤵
  PID:2376
- C:\Windows\System\YPgvpoB.exe
  C:\Windows\System\YPgvpoB.exe
  2⤵
  PID:2584
- C:\Windows\System\OcmlrSO.exe
  C:\Windows\System\OcmlrSO.exe
  2⤵
  PID:1432
- C:\Windows\System\fxKwcuw.exe
  C:\Windows\System\fxKwcuw.exe
  2⤵
  PID:1420
- C:\Windows\System\TEvJIkX.exe
  C:\Windows\System\TEvJIkX.exe
  2⤵
  PID:3536
- C:\Windows\System\XvhpPtw.exe
  C:\Windows\System\XvhpPtw.exe
  2⤵
  PID:1520
- C:\Windows\System\wOrYUUR.exe
  C:\Windows\System\wOrYUUR.exe
  2⤵
  PID:2428
- C:\Windows\System\zgBzbSG.exe
  C:\Windows\System\zgBzbSG.exe
  2⤵
  PID:1104
- C:\Windows\System\GdTBHyA.exe
  C:\Windows\System\GdTBHyA.exe
  2⤵
  PID:3524
- C:\Windows\System\oLFscVz.exe
  C:\Windows\System\oLFscVz.exe
  2⤵
  PID:3168
- C:\Windows\System\zYttSJN.exe
  C:\Windows\System\zYttSJN.exe
  2⤵
  PID:2168
- C:\Windows\System\mFQYZzW.exe
  C:\Windows\System\mFQYZzW.exe
  2⤵
  PID:1512
- C:\Windows\System\JKBdUrT.exe
  C:\Windows\System\JKBdUrT.exe
  2⤵
  PID:2644
- C:\Windows\System\ODhRItH.exe
  C:\Windows\System\ODhRItH.exe
  2⤵
  PID:4940
- C:\Windows\System\CKyXFbG.exe
  C:\Windows\System\CKyXFbG.exe
  2⤵
  PID:4812
- C:\Windows\System\xPgLWuN.exe
  C:\Windows\System\xPgLWuN.exe
  2⤵
  PID:3128
- C:\Windows\System\MyJRaHF.exe
  C:\Windows\System\MyJRaHF.exe
  2⤵
  PID:116
- C:\Windows\System\LIkRsRo.exe
  C:\Windows\System\LIkRsRo.exe
  2⤵
  PID:3996
- C:\Windows\System\DBDwHpm.exe
  C:\Windows\System\DBDwHpm.exe
  2⤵
  PID:4136
- C:\Windows\System\rMVsidE.exe
  C:\Windows\System\rMVsidE.exe
  2⤵
  PID:2036
- C:\Windows\System\sCuWvKq.exe
  C:\Windows\System\sCuWvKq.exe
  2⤵
  PID:1980
- C:\Windows\System\pMxqZSE.exe
  C:\Windows\System\pMxqZSE.exe
  2⤵
  PID:1688
- C:\Windows\System\dVKDvwZ.exe
  C:\Windows\System\dVKDvwZ.exe
  2⤵
  PID:4840
- C:\Windows\System\ZuiGbts.exe
  C:\Windows\System\ZuiGbts.exe
  2⤵
  PID:2568
- C:\Windows\System\WIpWzvQ.exe
  C:\Windows\System\WIpWzvQ.exe
  2⤵
  PID:2280
- C:\Windows\System\xsVcQjG.exe
  C:\Windows\System\xsVcQjG.exe
  2⤵
  PID:1536
- C:\Windows\System\XNgnTbK.exe
  C:\Windows\System\XNgnTbK.exe
  2⤵
  PID:2560
- C:\Windows\System\cGwVQRy.exe
  C:\Windows\System\cGwVQRy.exe
  2⤵
  PID:3144
- C:\Windows\System\HylkxVE.exe
  C:\Windows\System\HylkxVE.exe
  2⤵
  PID:4924
- C:\Windows\System\QCdVDPA.exe
  C:\Windows\System\QCdVDPA.exe
  2⤵
  PID:2120
- C:\Windows\System\JRadlRz.exe
  C:\Windows\System\JRadlRz.exe
  2⤵
  PID:2988
- C:\Windows\System\ERGGykW.exe
  C:\Windows\System\ERGGykW.exe
  2⤵
  PID:3544
- C:\Windows\System\USGJqxB.exe
  C:\Windows\System\USGJqxB.exe
  2⤵
  PID:5148
- C:\Windows\System\PllDFqO.exe
  C:\Windows\System\PllDFqO.exe
  2⤵
  PID:5176
- C:\Windows\System\NHDTfrf.exe
  C:\Windows\System\NHDTfrf.exe
  2⤵
  PID:5208
- C:\Windows\System\harVXLk.exe
  C:\Windows\System\harVXLk.exe
  2⤵
  PID:5236
- C:\Windows\System\yeSnvcT.exe
  C:\Windows\System\yeSnvcT.exe
  2⤵
  PID:5264
- C:\Windows\System\agiilmF.exe
  C:\Windows\System\agiilmF.exe
  2⤵
  PID:5292
- C:\Windows\System\HxvtQDC.exe
  C:\Windows\System\HxvtQDC.exe
  2⤵
  PID:5320
- C:\Windows\System\vaHNWlx.exe
  C:\Windows\System\vaHNWlx.exe
  2⤵
  PID:5348
- C:\Windows\System\NViHIaF.exe
  C:\Windows\System\NViHIaF.exe
  2⤵
  PID:5376
- C:\Windows\System\amUOdmy.exe
  C:\Windows\System\amUOdmy.exe
  2⤵
  PID:5404
- C:\Windows\System\cPagZCp.exe
  C:\Windows\System\cPagZCp.exe
  2⤵
  PID:5432
- C:\Windows\System\Dxckqll.exe
  C:\Windows\System\Dxckqll.exe
  2⤵
  PID:5456
- C:\Windows\System\ShjnOgb.exe
  C:\Windows\System\ShjnOgb.exe
  2⤵
  PID:5484
- C:\Windows\System\KrMptFx.exe
  C:\Windows\System\KrMptFx.exe
  2⤵
  PID:5516
- C:\Windows\System\NjPpjfn.exe
  C:\Windows\System\NjPpjfn.exe
  2⤵
  PID:5540
- C:\Windows\System\rhlChoM.exe
  C:\Windows\System\rhlChoM.exe
  2⤵
  PID:5568
- C:\Windows\System\bPkmzdn.exe
  C:\Windows\System\bPkmzdn.exe
  2⤵
  PID:5596
- C:\Windows\System\pNNHQrd.exe
  C:\Windows\System\pNNHQrd.exe
  2⤵
  PID:5628
- C:\Windows\System\WWwFlQs.exe
  C:\Windows\System\WWwFlQs.exe
  2⤵
  PID:5656
- C:\Windows\System\XOPPGvl.exe
  C:\Windows\System\XOPPGvl.exe
  2⤵
  PID:5684
- C:\Windows\System\OMsyHnF.exe
  C:\Windows\System\OMsyHnF.exe
  2⤵
  PID:5712
- C:\Windows\System\tiLJnti.exe
  C:\Windows\System\tiLJnti.exe
  2⤵
  PID:5740
- C:\Windows\System\eqCTeyO.exe
  C:\Windows\System\eqCTeyO.exe
  2⤵
  PID:5768
- C:\Windows\System\wrAQLnS.exe
  C:\Windows\System\wrAQLnS.exe
  2⤵
  PID:5792
- C:\Windows\System\DxcQMkq.exe
  C:\Windows\System\DxcQMkq.exe
  2⤵
  PID:5820
- C:\Windows\System\oDdDJCC.exe
  C:\Windows\System\oDdDJCC.exe
  2⤵
  PID:5848
- C:\Windows\System\vHJPEgC.exe
  C:\Windows\System\vHJPEgC.exe
  2⤵
  PID:5880
- C:\Windows\System\lQQWAed.exe
  C:\Windows\System\lQQWAed.exe
  2⤵
  PID:5904
- C:\Windows\System\ZRcZqPi.exe
  C:\Windows\System\ZRcZqPi.exe
  2⤵
  PID:5940
- C:\Windows\System\jSPbdld.exe
  C:\Windows\System\jSPbdld.exe
  2⤵
  PID:5976
- C:\Windows\System\WPUAsON.exe
  C:\Windows\System\WPUAsON.exe
  2⤵
  PID:2096
- C:\Windows\System\GjXAGhV.exe
  C:\Windows\System\GjXAGhV.exe
  2⤵
  PID:5164
- C:\Windows\System\ZBmZmrM.exe
  C:\Windows\System\ZBmZmrM.exe
  2⤵
  PID:5252
- C:\Windows\System\VPqObbn.exe
  C:\Windows\System\VPqObbn.exe
  2⤵
  PID:5308
- C:\Windows\System\LEHGiTd.exe
  C:\Windows\System\LEHGiTd.exe
  2⤵
  PID:5476
- C:\Windows\System\sGfOhRL.exe
  C:\Windows\System\sGfOhRL.exe
  2⤵
  PID:5508
- C:\Windows\System\UpRCQnm.exe
  C:\Windows\System\UpRCQnm.exe
  2⤵
  PID:5616
- C:\Windows\System\xKNIiKI.exe
  C:\Windows\System\xKNIiKI.exe
  2⤵
  PID:5648
- C:\Windows\System\EnadpvF.exe
  C:\Windows\System\EnadpvF.exe
  2⤵
  PID:5696
- C:\Windows\System\ejhVsYE.exe
  C:\Windows\System\ejhVsYE.exe
  2⤵
  PID:3844
- C:\Windows\System\lnCWCBI.exe
  C:\Windows\System\lnCWCBI.exe
  2⤵
  PID:5928
- C:\Windows\System\KDHMgxF.exe
  C:\Windows\System\KDHMgxF.exe
  2⤵
  PID:1368
- C:\Windows\System\OTSUqxt.exe
  C:\Windows\System\OTSUqxt.exe
  2⤵
  PID:6020
- C:\Windows\System\WaELbGk.exe
  C:\Windows\System\WaELbGk.exe
  2⤵
  PID:6052
- C:\Windows\System\hWQQChI.exe
  C:\Windows\System\hWQQChI.exe
  2⤵
  PID:6072
- C:\Windows\System\GWVZrsB.exe
  C:\Windows\System\GWVZrsB.exe
  2⤵
  PID:6092
- C:\Windows\System\UJodyhF.exe
  C:\Windows\System\UJodyhF.exe
  2⤵
  PID:6116
- C:\Windows\System\jCDVsMR.exe
  C:\Windows\System\jCDVsMR.exe
  2⤵
  PID:6140
- C:\Windows\System\kahRYYk.exe
  C:\Windows\System\kahRYYk.exe
  2⤵
  PID:520
- C:\Windows\System\mslzghB.exe
  C:\Windows\System\mslzghB.exe
  2⤵
  PID:2692
- C:\Windows\System\VSfCcVz.exe
  C:\Windows\System\VSfCcVz.exe
  2⤵
  PID:3244
- C:\Windows\System\yWyaROn.exe
  C:\Windows\System\yWyaROn.exe
  2⤵
  PID:1628
- C:\Windows\System\QKIxTWC.exe
  C:\Windows\System\QKIxTWC.exe
  2⤵
  PID:1784
- C:\Windows\System\LiqAExG.exe
  C:\Windows\System\LiqAExG.exe
  2⤵
  PID:4832
- C:\Windows\System\xvefIzH.exe
  C:\Windows\System\xvefIzH.exe
  2⤵
  PID:5532
- C:\Windows\System\YgVXdsr.exe
  C:\Windows\System\YgVXdsr.exe
  2⤵
  PID:3584
- C:\Windows\System\WBmdvSP.exe
  C:\Windows\System\WBmdvSP.exe
  2⤵
  PID:4312
- C:\Windows\System\PWtTOcb.exe
  C:\Windows\System\PWtTOcb.exe
  2⤵
  PID:2520
- C:\Windows\System\eHDScWD.exe
  C:\Windows\System\eHDScWD.exe
  2⤵
  PID:5784
- C:\Windows\System\rAJpSQa.exe
  C:\Windows\System\rAJpSQa.exe
  2⤵
  PID:5868
- C:\Windows\System\fRpmccP.exe
  C:\Windows\System\fRpmccP.exe
  2⤵
  PID:1704
- C:\Windows\System\nQJsKnO.exe
  C:\Windows\System\nQJsKnO.exe
  2⤵
  PID:6064
- C:\Windows\System\ZkYvoJK.exe
  C:\Windows\System\ZkYvoJK.exe
  2⤵
  PID:6108
- C:\Windows\System\bwbYNKo.exe
  C:\Windows\System\bwbYNKo.exe
  2⤵
  PID:5016
- C:\Windows\System\hIpgyLj.exe
  C:\Windows\System\hIpgyLj.exe
  2⤵
  PID:4304
- C:\Windows\System\iZnCZmA.exe
  C:\Windows\System\iZnCZmA.exe
  2⤵
  PID:4952
- C:\Windows\System\KWuHcUO.exe
  C:\Windows\System\KWuHcUO.exe
  2⤵
  PID:468
- C:\Windows\System\pilaQhx.exe
  C:\Windows\System\pilaQhx.exe
  2⤵
  PID:1992
- C:\Windows\System\jSKLMWJ.exe
  C:\Windows\System\jSKLMWJ.exe
  2⤵
  PID:4544
- C:\Windows\System\SYSDDIv.exe
  C:\Windows\System\SYSDDIv.exe
  2⤵
  PID:5956
- C:\Windows\System\keGIyjm.exe
  C:\Windows\System\keGIyjm.exe
  2⤵
  PID:3156
- C:\Windows\System\RPsMCYg.exe
  C:\Windows\System\RPsMCYg.exe
  2⤵
  PID:5968
- C:\Windows\System\oySefIF.exe
  C:\Windows\System\oySefIF.exe
  2⤵
  PID:5336
- C:\Windows\System\nkFeORQ.exe
  C:\Windows\System\nkFeORQ.exe
  2⤵
  PID:6172
- C:\Windows\System\NHdlIEv.exe
  C:\Windows\System\NHdlIEv.exe
  2⤵
  PID:6200
- C:\Windows\System\sKMXCNk.exe
  C:\Windows\System\sKMXCNk.exe
  2⤵
  PID:6228
- C:\Windows\System\EdOvrna.exe
  C:\Windows\System\EdOvrna.exe
  2⤵
  PID:6256
- C:\Windows\System\KZXJaoq.exe
  C:\Windows\System\KZXJaoq.exe
  2⤵
  PID:6284
- C:\Windows\System\eozdEAY.exe
  C:\Windows\System\eozdEAY.exe
  2⤵
  PID:6312
- C:\Windows\System\GyqXkSb.exe
  C:\Windows\System\GyqXkSb.exe
  2⤵
  PID:6340
- C:\Windows\System\NKEyTLz.exe
  C:\Windows\System\NKEyTLz.exe
  2⤵
  PID:6368
- C:\Windows\System\FcKSCcD.exe
  C:\Windows\System\FcKSCcD.exe
  2⤵
  PID:6396
- C:\Windows\System\AqDObUh.exe
  C:\Windows\System\AqDObUh.exe
  2⤵
  PID:6424
- C:\Windows\System\peWLaoO.exe
  C:\Windows\System\peWLaoO.exe
  2⤵
  PID:6452
- C:\Windows\System\yAAckqE.exe
  C:\Windows\System\yAAckqE.exe
  2⤵
  PID:6480
- C:\Windows\System\NtRtmWC.exe
  C:\Windows\System\NtRtmWC.exe
  2⤵
  PID:6508
- C:\Windows\System\iIKDcGA.exe
  C:\Windows\System\iIKDcGA.exe
  2⤵
  PID:6536
- C:\Windows\System\ODHzkBc.exe
  C:\Windows\System\ODHzkBc.exe
  2⤵
  PID:6564
- C:\Windows\System\aLCmgTk.exe
  C:\Windows\System\aLCmgTk.exe
  2⤵
  PID:6592
- C:\Windows\System\GfTAPZl.exe
  C:\Windows\System\GfTAPZl.exe
  2⤵
  PID:6620
- C:\Windows\System\xSNMDFd.exe
  C:\Windows\System\xSNMDFd.exe
  2⤵
  PID:6648
- C:\Windows\System\CCJDdlh.exe
  C:\Windows\System\CCJDdlh.exe
  2⤵
  PID:6676
- C:\Windows\System\vlRVIVu.exe
  C:\Windows\System\vlRVIVu.exe
  2⤵
  PID:6704
- C:\Windows\System\ijLdJxP.exe
  C:\Windows\System\ijLdJxP.exe
  2⤵
  PID:6732
- C:\Windows\System\KLHZEyT.exe
  C:\Windows\System\KLHZEyT.exe
  2⤵
  PID:6760
- C:\Windows\System\iqyifnT.exe
  C:\Windows\System\iqyifnT.exe
  2⤵
  PID:6788
- C:\Windows\System\UEdolya.exe
  C:\Windows\System\UEdolya.exe
  2⤵
  PID:6816
- C:\Windows\System\tEPauYO.exe
  C:\Windows\System\tEPauYO.exe
  2⤵
  PID:6844
- C:\Windows\System\cOpCIUz.exe
  C:\Windows\System\cOpCIUz.exe
  2⤵
  PID:6872
- C:\Windows\System\oALFiOL.exe
  C:\Windows\System\oALFiOL.exe
  2⤵
  PID:6900
- C:\Windows\System\htXhLNg.exe
  C:\Windows\System\htXhLNg.exe
  2⤵
  PID:6928
- C:\Windows\System\wOWuPuA.exe
  C:\Windows\System\wOWuPuA.exe
  2⤵
  PID:6956
- C:\Windows\System\eYhYpAm.exe
  C:\Windows\System\eYhYpAm.exe
  2⤵
  PID:6984
- C:\Windows\System\CFoGUqp.exe
  C:\Windows\System\CFoGUqp.exe
  2⤵
  PID:7012
- C:\Windows\System\OufYpSX.exe
  C:\Windows\System\OufYpSX.exe
  2⤵
  PID:7040
- C:\Windows\System\aTlSprl.exe
  C:\Windows\System\aTlSprl.exe
  2⤵
  PID:7068
- C:\Windows\System\eEFmAKj.exe
  C:\Windows\System\eEFmAKj.exe
  2⤵
  PID:7096
- C:\Windows\System\lSITBLU.exe
  C:\Windows\System\lSITBLU.exe
  2⤵
  PID:7124
- C:\Windows\System\mIJxjbs.exe
  C:\Windows\System\mIJxjbs.exe
  2⤵
  PID:7152
- C:\Windows\System\rEHIBHq.exe
  C:\Windows\System\rEHIBHq.exe
  2⤵
  PID:6080
- C:\Windows\System\YUObvqx.exe
  C:\Windows\System\YUObvqx.exe
  2⤵
  PID:6196
- C:\Windows\System\NvTJNrr.exe
  C:\Windows\System\NvTJNrr.exe
  2⤵
  PID:6252
- C:\Windows\System\SVpOfXU.exe
  C:\Windows\System\SVpOfXU.exe
  2⤵
  PID:6324
- C:\Windows\System\cDBPlcb.exe
  C:\Windows\System\cDBPlcb.exe
  2⤵
  PID:6364
- C:\Windows\System\UNUSAhA.exe
  C:\Windows\System\UNUSAhA.exe
  2⤵
  PID:6420
- C:\Windows\System\goCmqRj.exe
  C:\Windows\System\goCmqRj.exe
  2⤵
  PID:5704
- C:\Windows\System\wQbjWVl.exe
  C:\Windows\System\wQbjWVl.exe
  2⤵
  PID:6504
- C:\Windows\System\mqQaGsI.exe
  C:\Windows\System\mqQaGsI.exe
  2⤵
  PID:6612
- C:\Windows\System\KsKjYAG.exe
  C:\Windows\System\KsKjYAG.exe
  2⤵
  PID:6672
- C:\Windows\System\wVpIZEH.exe
  C:\Windows\System\wVpIZEH.exe
  2⤵
  PID:6724
- C:\Windows\System\YhldUkw.exe
  C:\Windows\System\YhldUkw.exe
  2⤵
  PID:6784
- C:\Windows\System\MMljQWZ.exe
  C:\Windows\System\MMljQWZ.exe
  2⤵
  PID:6884
- C:\Windows\System\CLDoLho.exe
  C:\Windows\System\CLDoLho.exe
  2⤵
  PID:6996
- C:\Windows\System\lmOTUMr.exe
  C:\Windows\System\lmOTUMr.exe
  2⤵
  PID:7064
- C:\Windows\System\QePMxAV.exe
  C:\Windows\System\QePMxAV.exe
  2⤵
  PID:3496
- C:\Windows\System\vYsVIjY.exe
  C:\Windows\System\vYsVIjY.exe
  2⤵
  PID:6304
- C:\Windows\System\Iaeaxsv.exe
  C:\Windows\System\Iaeaxsv.exe
  2⤵
  PID:6416
- C:\Windows\System\TtZegDi.exe
  C:\Windows\System\TtZegDi.exe
  2⤵
  PID:6588
- C:\Windows\System\CPggvQv.exe
  C:\Windows\System\CPggvQv.exe
  2⤵
  PID:6856
- C:\Windows\System\XqUvycM.exe
  C:\Windows\System\XqUvycM.exe
  2⤵
  PID:7120
- C:\Windows\System\scQyXNM.exe
  C:\Windows\System\scQyXNM.exe
  2⤵
  PID:5192
- C:\Windows\System\QqAsuRA.exe
  C:\Windows\System\QqAsuRA.exe
  2⤵
  PID:7052
- C:\Windows\System\Jpwedkn.exe
  C:\Windows\System\Jpwedkn.exe
  2⤵
  PID:7180
- C:\Windows\System\jJYKEbY.exe
  C:\Windows\System\jJYKEbY.exe
  2⤵
  PID:7208
- C:\Windows\System\kThLpaN.exe
  C:\Windows\System\kThLpaN.exe
  2⤵
  PID:7244
- C:\Windows\System\rRQrVIP.exe
  C:\Windows\System\rRQrVIP.exe
  2⤵
  PID:7276
- C:\Windows\System\lSOjjUC.exe
  C:\Windows\System\lSOjjUC.exe
  2⤵
  PID:7300
- C:\Windows\System\GSdyHSz.exe
  C:\Windows\System\GSdyHSz.exe
  2⤵
  PID:7340
- C:\Windows\System\bxRBtHT.exe
  C:\Windows\System\bxRBtHT.exe
  2⤵
  PID:7368
- C:\Windows\System\YHswLDs.exe
  C:\Windows\System\YHswLDs.exe
  2⤵
  PID:7384
- C:\Windows\System\jMgejjU.exe
  C:\Windows\System\jMgejjU.exe
  2⤵
  PID:7416
- C:\Windows\System\AWULREz.exe
  C:\Windows\System\AWULREz.exe
  2⤵
  PID:7444
- C:\Windows\System\KxePNPo.exe
  C:\Windows\System\KxePNPo.exe
  2⤵
  PID:7472
- C:\Windows\System\FqlLyle.exe
  C:\Windows\System\FqlLyle.exe
  2⤵
  PID:7512
- C:\Windows\System\RWYMUnM.exe
  C:\Windows\System\RWYMUnM.exe
  2⤵
  PID:7540
- C:\Windows\System\UciuNYu.exe
  C:\Windows\System\UciuNYu.exe
  2⤵
  PID:7564
- C:\Windows\System\UTCeVoC.exe
  C:\Windows\System\UTCeVoC.exe
  2⤵
  PID:7592
- C:\Windows\System\TCotGCd.exe
  C:\Windows\System\TCotGCd.exe
  2⤵
  PID:7628
- C:\Windows\System\LNSqMin.exe
  C:\Windows\System\LNSqMin.exe
  2⤵
  PID:7648
- C:\Windows\System\eSkwrzG.exe
  C:\Windows\System\eSkwrzG.exe
  2⤵
  PID:7672
- C:\Windows\System\tJaPkww.exe
  C:\Windows\System\tJaPkww.exe
  2⤵
  PID:7708
- C:\Windows\System\YVgWYzk.exe
  C:\Windows\System\YVgWYzk.exe
  2⤵
  PID:7732
- C:\Windows\System\MCbQBnY.exe
  C:\Windows\System\MCbQBnY.exe
  2⤵
  PID:7752
- C:\Windows\System\CPVrNXL.exe
  C:\Windows\System\CPVrNXL.exe
  2⤵
  PID:7784
- C:\Windows\System\rvyIlKv.exe
  C:\Windows\System\rvyIlKv.exe
  2⤵
  PID:7804
- C:\Windows\System\KAuRqnk.exe
  C:\Windows\System\KAuRqnk.exe
  2⤵
  PID:7844
- C:\Windows\System\iMYUcjm.exe
  C:\Windows\System\iMYUcjm.exe
  2⤵
  PID:7884
- C:\Windows\System\zGcrQBl.exe
  C:\Windows\System\zGcrQBl.exe
  2⤵
  PID:7900
- C:\Windows\System\kArjEYn.exe
  C:\Windows\System\kArjEYn.exe
  2⤵
  PID:7940
- C:\Windows\System\OGzDvsR.exe
  C:\Windows\System\OGzDvsR.exe
  2⤵
  PID:7968
- C:\Windows\System\SePpoMz.exe
  C:\Windows\System\SePpoMz.exe
  2⤵
  PID:7996
- C:\Windows\System\EsxLdDf.exe
  C:\Windows\System\EsxLdDf.exe
  2⤵
  PID:8024
- C:\Windows\System\DXFxhOs.exe
  C:\Windows\System\DXFxhOs.exe
  2⤵
  PID:8040
- C:\Windows\System\OjrFUFU.exe
  C:\Windows\System\OjrFUFU.exe
  2⤵
  PID:8068
- C:\Windows\System\LbPctEK.exe
  C:\Windows\System\LbPctEK.exe
  2⤵
  PID:8096
- C:\Windows\System\nZwbXDv.exe
  C:\Windows\System\nZwbXDv.exe
  2⤵
  PID:8112
- C:\Windows\System\TZzwLcC.exe
  C:\Windows\System\TZzwLcC.exe
  2⤵
  PID:8132
- C:\Windows\System\jMYyWku.exe
  C:\Windows\System\jMYyWku.exe
  2⤵
  PID:8156
- C:\Windows\System\vodLZOf.exe
  C:\Windows\System\vodLZOf.exe
  2⤵
  PID:8188
- C:\Windows\System\wbDhrjz.exe
  C:\Windows\System\wbDhrjz.exe
  2⤵
  PID:7328
- C:\Windows\System\WDeItzi.exe
  C:\Windows\System\WDeItzi.exe
  2⤵
  PID:7396
- C:\Windows\System\ePMMsqd.exe
  C:\Windows\System\ePMMsqd.exe
  2⤵
  PID:7464
- C:\Windows\System\vnfuWpk.exe
  C:\Windows\System\vnfuWpk.exe
  2⤵
  PID:7580
- C:\Windows\System\tHzmxCO.exe
  C:\Windows\System\tHzmxCO.exe
  2⤵
  PID:7620
- C:\Windows\System\XufnoYr.exe
  C:\Windows\System\XufnoYr.exe
  2⤵
  PID:7660
- C:\Windows\System\gOwNcly.exe
  C:\Windows\System\gOwNcly.exe
  2⤵
  PID:7740
- C:\Windows\System\kIEUOkm.exe
  C:\Windows\System\kIEUOkm.exe
  2⤵
  PID:7776
- C:\Windows\System\QOFHOEX.exe
  C:\Windows\System\QOFHOEX.exe
  2⤵
  PID:7828
- C:\Windows\System\LuiSqBJ.exe
  C:\Windows\System\LuiSqBJ.exe
  2⤵
  PID:7920
- C:\Windows\System\paOCfjR.exe
  C:\Windows\System\paOCfjR.exe
  2⤵
  PID:7992
- C:\Windows\System\FtHZXVP.exe
  C:\Windows\System\FtHZXVP.exe
  2⤵
  PID:8036
- C:\Windows\System\CIsWjbx.exe
  C:\Windows\System\CIsWjbx.exe
  2⤵
  PID:8084
- C:\Windows\System\LvBIqny.exe
  C:\Windows\System\LvBIqny.exe
  2⤵
  PID:8176
- C:\Windows\System\FkmsUAd.exe
  C:\Windows\System\FkmsUAd.exe
  2⤵
  PID:7296
- C:\Windows\System\NiVvRUy.exe
  C:\Windows\System\NiVvRUy.exe
  2⤵
  PID:7432
- C:\Windows\System\vPRAaPm.exe
  C:\Windows\System\vPRAaPm.exe
  2⤵
  PID:7704
- C:\Windows\System\nmhWMcY.exe
  C:\Windows\System\nmhWMcY.exe
  2⤵
  PID:7868
- C:\Windows\System\OQXhAee.exe
  C:\Windows\System\OQXhAee.exe
  2⤵
  PID:8008
- C:\Windows\System\yirgFIH.exe
  C:\Windows\System\yirgFIH.exe
  2⤵
  PID:8080
- C:\Windows\System\sesqcQm.exe
  C:\Windows\System\sesqcQm.exe
  2⤵
  PID:7716
- C:\Windows\System\OJreyRi.exe
  C:\Windows\System\OJreyRi.exe
  2⤵
  PID:8184
- C:\Windows\System\rlxqFFI.exe
  C:\Windows\System\rlxqFFI.exe
  2⤵
  PID:7824
- C:\Windows\System\pViyBfk.exe
  C:\Windows\System\pViyBfk.exe
  2⤵
  PID:8200
- C:\Windows\System\LOxQDAK.exe
  C:\Windows\System\LOxQDAK.exe
  2⤵
  PID:8228
- C:\Windows\System\HHrVlmd.exe
  C:\Windows\System\HHrVlmd.exe
  2⤵
  PID:8244
- C:\Windows\System\pGhWkLo.exe
  C:\Windows\System\pGhWkLo.exe
  2⤵
  PID:8272
- C:\Windows\System\vanAQzs.exe
  C:\Windows\System\vanAQzs.exe
  2⤵
  PID:8300
- C:\Windows\System\JdngLnR.exe
  C:\Windows\System\JdngLnR.exe
  2⤵
  PID:8324
- C:\Windows\System\GUDEFOd.exe
  C:\Windows\System\GUDEFOd.exe
  2⤵
  PID:8356
- C:\Windows\System\hyxAHwN.exe
  C:\Windows\System\hyxAHwN.exe
  2⤵
  PID:8384
- C:\Windows\System\YnVQcCJ.exe
  C:\Windows\System\YnVQcCJ.exe
  2⤵
  PID:8412
- C:\Windows\System\sUcIZif.exe
  C:\Windows\System\sUcIZif.exe
  2⤵
  PID:8440
- C:\Windows\System\WpCoByU.exe
  C:\Windows\System\WpCoByU.exe
  2⤵
  PID:8480
- C:\Windows\System\bUshVHr.exe
  C:\Windows\System\bUshVHr.exe
  2⤵
  PID:8496
- C:\Windows\System\SRbppLa.exe
  C:\Windows\System\SRbppLa.exe
  2⤵
  PID:8524
- C:\Windows\System\eZOBnTT.exe
  C:\Windows\System\eZOBnTT.exe
  2⤵
  PID:8552
- C:\Windows\System\MZZpzFh.exe
  C:\Windows\System\MZZpzFh.exe
  2⤵
  PID:8592
- C:\Windows\System\sERjPcY.exe
  C:\Windows\System\sERjPcY.exe
  2⤵
  PID:8620
- C:\Windows\System\zpOvWNf.exe
  C:\Windows\System\zpOvWNf.exe
  2⤵
  PID:8644
- C:\Windows\System\WfWzxGn.exe
  C:\Windows\System\WfWzxGn.exe
  2⤵
  PID:8676
- C:\Windows\System\vHslcgK.exe
  C:\Windows\System\vHslcgK.exe
  2⤵
  PID:8712
- C:\Windows\System\zSCEoTK.exe
  C:\Windows\System\zSCEoTK.exe
  2⤵
  PID:8728
- C:\Windows\System\YAyjDGV.exe
  C:\Windows\System\YAyjDGV.exe
  2⤵
  PID:8748
- C:\Windows\System\ABljbsl.exe
  C:\Windows\System\ABljbsl.exe
  2⤵
  PID:8784
- C:\Windows\System\zcNJfEx.exe
  C:\Windows\System\zcNJfEx.exe
  2⤵
  PID:8812
- C:\Windows\System\rZXfChx.exe
  C:\Windows\System\rZXfChx.exe
  2⤵
  PID:8832
- C:\Windows\System\MJBwHmR.exe
  C:\Windows\System\MJBwHmR.exe
  2⤵
  PID:8848
- C:\Windows\System\dnWvUDi.exe
  C:\Windows\System\dnWvUDi.exe
  2⤵
  PID:8872
- C:\Windows\System\lLpfKrq.exe
  C:\Windows\System\lLpfKrq.exe
  2⤵
  PID:8900
- C:\Windows\System\cSWsPSD.exe
  C:\Windows\System\cSWsPSD.exe
  2⤵
  PID:8928
- C:\Windows\System\usMKHJa.exe
  C:\Windows\System\usMKHJa.exe
  2⤵
  PID:8976
- C:\Windows\System\EYTDSGq.exe
  C:\Windows\System\EYTDSGq.exe
  2⤵
  PID:9032
- C:\Windows\System\hxiVNgE.exe
  C:\Windows\System\hxiVNgE.exe
  2⤵
  PID:9060
- C:\Windows\System\SByzJay.exe
  C:\Windows\System\SByzJay.exe
  2⤵
  PID:9088
- C:\Windows\System\iIpDIsB.exe
  C:\Windows\System\iIpDIsB.exe
  2⤵
  PID:9116
- C:\Windows\System\RhReNkZ.exe
  C:\Windows\System\RhReNkZ.exe
  2⤵
  PID:9144
- C:\Windows\System\aZfXUvS.exe
  C:\Windows\System\aZfXUvS.exe
  2⤵
  PID:9160
- C:\Windows\System\rRjvOec.exe
  C:\Windows\System\rRjvOec.exe
  2⤵
  PID:9188
- C:\Windows\System\hKBOtTL.exe
  C:\Windows\System\hKBOtTL.exe
  2⤵
  PID:7324
- C:\Windows\System\PiULxBy.exe
  C:\Windows\System\PiULxBy.exe
  2⤵
  PID:8240
- C:\Windows\System\meJCBBm.exe
  C:\Windows\System\meJCBBm.exe
  2⤵
  PID:8316
- C:\Windows\System\fmqhviC.exe
  C:\Windows\System\fmqhviC.exe
  2⤵
  PID:8344
- C:\Windows\System\qDOjKjY.exe
  C:\Windows\System\qDOjKjY.exe
  2⤵
  PID:8436
- C:\Windows\System\KkJZFej.exe
  C:\Windows\System\KkJZFej.exe
  2⤵
  PID:8512
- C:\Windows\System\PkQNwQg.exe
  C:\Windows\System\PkQNwQg.exe
  2⤵
  PID:8588
- C:\Windows\System\GovngPN.exe
  C:\Windows\System\GovngPN.exe
  2⤵
  PID:8664
- C:\Windows\System\ZBfmIjU.exe
  C:\Windows\System\ZBfmIjU.exe
  2⤵
  PID:8704
- C:\Windows\System\DloLwWa.exe
  C:\Windows\System\DloLwWa.exe
  2⤵
  PID:8736
- C:\Windows\System\IxUczdD.exe
  C:\Windows\System\IxUczdD.exe
  2⤵
  PID:8844
- C:\Windows\System\sXbAGEU.exe
  C:\Windows\System\sXbAGEU.exe
  2⤵
  PID:8912
- C:\Windows\System\QsnrHXS.exe
  C:\Windows\System\QsnrHXS.exe
  2⤵
  PID:9012
- C:\Windows\System\nWJFYHd.exe
  C:\Windows\System\nWJFYHd.exe
  2⤵
  PID:9048
- C:\Windows\System\ghvpXKx.exe
  C:\Windows\System\ghvpXKx.exe
  2⤵
  PID:9100
- C:\Windows\System\RUCgMmt.exe
  C:\Windows\System\RUCgMmt.exe
  2⤵
  PID:9156
- C:\Windows\System\bzatDsq.exe
  C:\Windows\System\bzatDsq.exe
  2⤵
  PID:8256
- C:\Windows\System\KERemiW.exe
  C:\Windows\System\KERemiW.exe
  2⤵
  PID:8404
- C:\Windows\System\SZcTgss.exe
  C:\Windows\System\SZcTgss.exe
  2⤵
  PID:8564
- C:\Windows\System\aVtbhQU.exe
  C:\Windows\System\aVtbhQU.exe
  2⤵
  PID:8724
- C:\Windows\System\YrQFzSy.exe
  C:\Windows\System\YrQFzSy.exe
  2⤵
  PID:8804
- C:\Windows\System\BZJnFKH.exe
  C:\Windows\System\BZJnFKH.exe
  2⤵
  PID:8972
- C:\Windows\System\nyhaQXM.exe
  C:\Windows\System\nyhaQXM.exe
  2⤵
  PID:8884
- C:\Windows\System\CeApcrT.exe
  C:\Windows\System\CeApcrT.exe
  2⤵
  PID:8472
- C:\Windows\System\sHskbws.exe
  C:\Windows\System\sHskbws.exe
  2⤵
  PID:8984
- C:\Windows\System\OXBKaMb.exe
  C:\Windows\System\OXBKaMb.exe
  2⤵
  PID:8236
- C:\Windows\System\KgzQjgO.exe
  C:\Windows\System\KgzQjgO.exe
  2⤵
  PID:8824
- C:\Windows\System\wSvCwPB.exe
  C:\Windows\System\wSvCwPB.exe
  2⤵
  PID:9268
- C:\Windows\System\Wkngrwr.exe
  C:\Windows\System\Wkngrwr.exe
  2⤵
  PID:9296
- C:\Windows\System\yzSvZjJ.exe
  C:\Windows\System\yzSvZjJ.exe
  2⤵
  PID:9328
- C:\Windows\System\GlDrCEm.exe
  C:\Windows\System\GlDrCEm.exe
  2⤵
  PID:9356
- C:\Windows\System\FXrarbC.exe
  C:\Windows\System\FXrarbC.exe
  2⤵
  PID:9380
- C:\Windows\System\GFfllCO.exe
  C:\Windows\System\GFfllCO.exe
  2⤵
  PID:9412
- C:\Windows\System\XTkydqS.exe
  C:\Windows\System\XTkydqS.exe
  2⤵
  PID:9428
- C:\Windows\System\fthSdhr.exe
  C:\Windows\System\fthSdhr.exe
  2⤵
  PID:9456
- C:\Windows\System\xorRXUE.exe
  C:\Windows\System\xorRXUE.exe
  2⤵
  PID:9492
- C:\Windows\System\PgUDJjp.exe
  C:\Windows\System\PgUDJjp.exe
  2⤵
  PID:9524
- C:\Windows\System\ZyYqHLd.exe
  C:\Windows\System\ZyYqHLd.exe
  2⤵
  PID:9552
- C:\Windows\System\BTBeAqv.exe
  C:\Windows\System\BTBeAqv.exe
  2⤵
  PID:9580
- C:\Windows\System\sdTEbFb.exe
  C:\Windows\System\sdTEbFb.exe
  2⤵
  PID:9608
- C:\Windows\System\XMsyyfP.exe
  C:\Windows\System\XMsyyfP.exe
  2⤵
  PID:9636
- C:\Windows\System\Aluhbqn.exe
  C:\Windows\System\Aluhbqn.exe
  2⤵
  PID:9652
- C:\Windows\System\xOclykj.exe
  C:\Windows\System\xOclykj.exe
  2⤵
  PID:9680
- C:\Windows\System\oYPdWHS.exe
  C:\Windows\System\oYPdWHS.exe
  2⤵
  PID:9720
- C:\Windows\System\hRdSEyL.exe
  C:\Windows\System\hRdSEyL.exe
  2⤵
  PID:9748
- C:\Windows\System\avJdVCy.exe
  C:\Windows\System\avJdVCy.exe
  2⤵
  PID:9776
- C:\Windows\System\gefMbta.exe
  C:\Windows\System\gefMbta.exe
  2⤵
  PID:9804
- C:\Windows\System\CjrpGth.exe
  C:\Windows\System\CjrpGth.exe
  2⤵
  PID:9832
- C:\Windows\System\GyfDwdL.exe
  C:\Windows\System\GyfDwdL.exe
  2⤵
  PID:9860
- C:\Windows\System\CSXAZVU.exe
  C:\Windows\System\CSXAZVU.exe
  2⤵
  PID:9876
- C:\Windows\System\caEsYOY.exe
  C:\Windows\System\caEsYOY.exe
  2⤵
  PID:9904
- C:\Windows\System\GzysyDh.exe
  C:\Windows\System\GzysyDh.exe
  2⤵
  PID:9944
- C:\Windows\System\DUVFNPI.exe
  C:\Windows\System\DUVFNPI.exe
  2⤵
  PID:9972
- C:\Windows\System\SggAThW.exe
  C:\Windows\System\SggAThW.exe
  2⤵
  PID:9988
- C:\Windows\System\xRKhKcf.exe
  C:\Windows\System\xRKhKcf.exe
  2⤵
  PID:10016
- C:\Windows\System\twrgFYF.exe
  C:\Windows\System\twrgFYF.exe
  2⤵
  PID:10056
- C:\Windows\System\aaGfBbZ.exe
  C:\Windows\System\aaGfBbZ.exe
  2⤵
  PID:10084
- C:\Windows\System\KHfreOv.exe
  C:\Windows\System\KHfreOv.exe
  2⤵
  PID:10112
- C:\Windows\System\QCgtLmb.exe
  C:\Windows\System\QCgtLmb.exe
  2⤵
  PID:10132
- C:\Windows\System\ERDmCAb.exe
  C:\Windows\System\ERDmCAb.exe
  2⤵
  PID:10152
- C:\Windows\System\pTKSVyF.exe
  C:\Windows\System\pTKSVyF.exe
  2⤵
  PID:10188
- C:\Windows\System\dNCNZgh.exe
  C:\Windows\System\dNCNZgh.exe
  2⤵
  PID:10208
- C:\Windows\System\lGXASkb.exe
  C:\Windows\System\lGXASkb.exe
  2⤵
  PID:10228
- C:\Windows\System\GXGlBxJ.exe
  C:\Windows\System\GXGlBxJ.exe
  2⤵
  PID:9228
- C:\Windows\System\sMhzwBY.exe
  C:\Windows\System\sMhzwBY.exe
  2⤵
  PID:9312
- C:\Windows\System\otOWWmZ.exe
  C:\Windows\System\otOWWmZ.exe
  2⤵
  PID:9388
- C:\Windows\System\UHXEnRN.exe
  C:\Windows\System\UHXEnRN.exe
  2⤵
  PID:9480
- C:\Windows\System\NhpsKka.exe
  C:\Windows\System\NhpsKka.exe
  2⤵
  PID:9568
- C:\Windows\System\TCftHas.exe
  C:\Windows\System\TCftHas.exe
  2⤵
  PID:9632
- C:\Windows\System\KIGPLuo.exe
  C:\Windows\System\KIGPLuo.exe
  2⤵
  PID:9700
- C:\Windows\System\YfcpmyG.exe
  C:\Windows\System\YfcpmyG.exe
  2⤵
  PID:9768
- C:\Windows\System\gWbmhCV.exe
  C:\Windows\System\gWbmhCV.exe
  2⤵
  PID:9824
- C:\Windows\System\gpBhAVH.exe
  C:\Windows\System\gpBhAVH.exe
  2⤵
  PID:9872
- C:\Windows\System\elaDeRy.exe
  C:\Windows\System\elaDeRy.exe
  2⤵
  PID:9900
- C:\Windows\System\NoUzqMN.exe
  C:\Windows\System\NoUzqMN.exe
  2⤵
  PID:9980
- C:\Windows\System\gyYGTzK.exe
  C:\Windows\System\gyYGTzK.exe
  2⤵
  PID:10068
- C:\Windows\System\CcxXDNn.exe
  C:\Windows\System\CcxXDNn.exe
  2⤵
  PID:10124
- C:\Windows\System\dmcjXst.exe
  C:\Windows\System\dmcjXst.exe
  2⤵
  PID:10224
- C:\Windows\System\kSwrjaZ.exe
  C:\Windows\System\kSwrjaZ.exe
  2⤵
  PID:9284
- C:\Windows\System\PLlrDkK.exe
  C:\Windows\System\PLlrDkK.exe
  2⤵
  PID:9440
- C:\Windows\System\VwGRSwr.exe
  C:\Windows\System\VwGRSwr.exe
  2⤵
  PID:9564
- C:\Windows\System\mrBlUZu.exe
  C:\Windows\System\mrBlUZu.exe
  2⤵
  PID:9696
- C:\Windows\System\EvjqnDE.exe
  C:\Windows\System\EvjqnDE.exe
  2⤵
  PID:9796
- C:\Windows\System\QdaJVYC.exe
  C:\Windows\System\QdaJVYC.exe
  2⤵
  PID:9892
- C:\Windows\System\zMeFGiE.exe
  C:\Windows\System\zMeFGiE.exe
  2⤵
  PID:10048
- C:\Windows\System\OYYudTH.exe
  C:\Windows\System\OYYudTH.exe
  2⤵
  PID:10220
- C:\Windows\System\ptqenWQ.exe
  C:\Windows\System\ptqenWQ.exe
  2⤵
  PID:9424
- C:\Windows\System\csDBYGt.exe
  C:\Windows\System\csDBYGt.exe
  2⤵
  PID:9964
- C:\Windows\System\SDTjJYZ.exe
  C:\Windows\System\SDTjJYZ.exe
  2⤵
  PID:9448
- C:\Windows\System\oJMtUZs.exe
  C:\Windows\System\oJMtUZs.exe
  2⤵
  PID:9644
- C:\Windows\System\xDIOhmL.exe
  C:\Windows\System\xDIOhmL.exe
  2⤵
  PID:10284
- C:\Windows\System\hCCgOFp.exe
  C:\Windows\System\hCCgOFp.exe
  2⤵
  PID:10328
- C:\Windows\System\LPBQePH.exe
  C:\Windows\System\LPBQePH.exe
  2⤵
  PID:10356
- C:\Windows\System\vImzoDG.exe
  C:\Windows\System\vImzoDG.exe
  2⤵
  PID:10372
- C:\Windows\System\SRSnFNf.exe
  C:\Windows\System\SRSnFNf.exe
  2⤵
  PID:10400
- C:\Windows\System\wXYfela.exe
  C:\Windows\System\wXYfela.exe
  2⤵
  PID:10420
- C:\Windows\System\pGmyxle.exe
  C:\Windows\System\pGmyxle.exe
  2⤵
  PID:10468
- C:\Windows\System\mXuTVNn.exe
  C:\Windows\System\mXuTVNn.exe
  2⤵
  PID:10484
- C:\Windows\System\uPfcWRS.exe
  C:\Windows\System\uPfcWRS.exe
  2⤵
  PID:10512
- C:\Windows\System\VhwRmMi.exe
  C:\Windows\System\VhwRmMi.exe
  2⤵
  PID:10540
- C:\Windows\System\DlefetH.exe
  C:\Windows\System\DlefetH.exe
  2⤵
  PID:10568
- C:\Windows\System\wdfWqrJ.exe
  C:\Windows\System\wdfWqrJ.exe
  2⤵
  PID:10596
- C:\Windows\System\RXyUyxD.exe
  C:\Windows\System\RXyUyxD.exe
  2⤵
  PID:10624
- C:\Windows\System\cqioFGJ.exe
  C:\Windows\System\cqioFGJ.exe
  2⤵
  PID:10652
- C:\Windows\System\zBenCPw.exe
  C:\Windows\System\zBenCPw.exe
  2⤵
  PID:10692
- C:\Windows\System\PQAZuef.exe
  C:\Windows\System\PQAZuef.exe
  2⤵
  PID:10708
- C:\Windows\System\wPmuNmj.exe
  C:\Windows\System\wPmuNmj.exe
  2⤵
  PID:10748
- C:\Windows\System\dnPDQCU.exe
  C:\Windows\System\dnPDQCU.exe
  2⤵
  PID:10764
- C:\Windows\System\RYffXcl.exe
  C:\Windows\System\RYffXcl.exe
  2⤵
  PID:10780
- C:\Windows\System\dvdQakm.exe
  C:\Windows\System\dvdQakm.exe
  2⤵
  PID:10800
- C:\Windows\System\RKAJgte.exe
  C:\Windows\System\RKAJgte.exe
  2⤵
  PID:10816
- C:\Windows\System\PboKcKx.exe
  C:\Windows\System\PboKcKx.exe
  2⤵
  PID:10840
- C:\Windows\System\hJSTkRZ.exe
  C:\Windows\System\hJSTkRZ.exe
  2⤵
  PID:10932
- C:\Windows\System\dubJCXi.exe
  C:\Windows\System\dubJCXi.exe
  2⤵
  PID:10960
- C:\Windows\System\DkCExmt.exe
  C:\Windows\System\DkCExmt.exe
  2⤵
  PID:10976
- C:\Windows\System\mLkHGFh.exe
  C:\Windows\System\mLkHGFh.exe
  2⤵
  PID:11004
- C:\Windows\System\ULeYEes.exe
  C:\Windows\System\ULeYEes.exe
  2⤵
  PID:11032
- C:\Windows\System\GwMyvpd.exe
  C:\Windows\System\GwMyvpd.exe
  2⤵
  PID:11060
- C:\Windows\System\lQsigph.exe
  C:\Windows\System\lQsigph.exe
  2⤵
  PID:11088
- C:\Windows\System\IuSxUgw.exe
  C:\Windows\System\IuSxUgw.exe
  2⤵
  PID:11128
- C:\Windows\System\THOHSVA.exe
  C:\Windows\System\THOHSVA.exe
  2⤵
  PID:11156
- C:\Windows\System\ItBZwHI.exe
  C:\Windows\System\ItBZwHI.exe
  2⤵
  PID:11172
- C:\Windows\System\vHCeFTT.exe
  C:\Windows\System\vHCeFTT.exe
  2⤵
  PID:11200
- C:\Windows\System\lIJhVWf.exe
  C:\Windows\System\lIJhVWf.exe
  2⤵
  PID:11240
- C:\Windows\System\fWvymuy.exe
  C:\Windows\System\fWvymuy.exe
  2⤵
  PID:11256
- C:\Windows\System\EaSuihT.exe
  C:\Windows\System\EaSuihT.exe
  2⤵
  PID:9240
- C:\Windows\System\yxwwXOk.exe
  C:\Windows\System\yxwwXOk.exe
  2⤵
  PID:10304
- C:\Windows\System\MyRJdij.exe
  C:\Windows\System\MyRJdij.exe
  2⤵
  PID:10348
- C:\Windows\System\MsGOhcV.exe
  C:\Windows\System\MsGOhcV.exe
  2⤵
  PID:10416
- C:\Windows\System\tmBoePv.exe
  C:\Windows\System\tmBoePv.exe
  2⤵
  PID:10532
- C:\Windows\System\VZpzKjN.exe
  C:\Windows\System\VZpzKjN.exe
  2⤵
  PID:10560
- C:\Windows\System\bHyplSu.exe
  C:\Windows\System\bHyplSu.exe
  2⤵
  PID:10608
- C:\Windows\System\TpfjpQV.exe
  C:\Windows\System\TpfjpQV.exe
  2⤵
  PID:10668
- C:\Windows\System\IdmJHJC.exe
  C:\Windows\System\IdmJHJC.exe
  2⤵
  PID:10720
- C:\Windows\System\CkmbXfL.exe
  C:\Windows\System\CkmbXfL.exe
  2⤵
  PID:10776
- C:\Windows\System\VTVOWIk.exe
  C:\Windows\System\VTVOWIk.exe
  2⤵
  PID:10924
- C:\Windows\System\HfcrTzC.exe
  C:\Windows\System\HfcrTzC.exe
  2⤵
  PID:10968
- C:\Windows\System\xHDnCNO.exe
  C:\Windows\System\xHDnCNO.exe
  2⤵
  PID:11044
- C:\Windows\System\XrIKFog.exe
  C:\Windows\System\XrIKFog.exe
  2⤵
  PID:11116
- C:\Windows\System\qrHreOj.exe
  C:\Windows\System\qrHreOj.exe
  2⤵
  PID:11148
- C:\Windows\System\LDXRBwG.exe
  C:\Windows\System\LDXRBwG.exe
  2⤵
  PID:11212
- C:\Windows\System\xuPjmTG.exe
  C:\Windows\System\xuPjmTG.exe
  2⤵
  PID:10196
- C:\Windows\System\aFAolrR.exe
  C:\Windows\System\aFAolrR.exe
  2⤵
  PID:10440
- C:\Windows\System\PlgauId.exe
  C:\Windows\System\PlgauId.exe
  2⤵
  PID:10504
- C:\Windows\System\IWzIvsF.exe
  C:\Windows\System\IWzIvsF.exe
  2⤵
  PID:10672
- C:\Windows\System\QbiTYZy.exe
  C:\Windows\System\QbiTYZy.exe
  2⤵
  PID:10988
- C:\Windows\System\MZhrWcW.exe
  C:\Windows\System\MZhrWcW.exe
  2⤵
  PID:11232
- C:\Windows\System\qCkicBj.exe
  C:\Windows\System\qCkicBj.exe
  2⤵
  PID:10536
- C:\Windows\System\HlYapAr.exe
  C:\Windows\System\HlYapAr.exe
  2⤵
  PID:11144
- C:\Windows\System\JmKXGqQ.exe
  C:\Windows\System\JmKXGqQ.exe
  2⤵
  PID:10908
- C:\Windows\System\zWRcQKj.exe
  C:\Windows\System\zWRcQKj.exe
  2⤵
  PID:11288
- C:\Windows\System\daHLqXR.exe
  C:\Windows\System\daHLqXR.exe
  2⤵
  PID:11316
- C:\Windows\System\ygspEQe.exe
  C:\Windows\System\ygspEQe.exe
  2⤵
  PID:11332
- C:\Windows\System\uCRnANk.exe
  C:\Windows\System\uCRnANk.exe
  2⤵
  PID:11364
- C:\Windows\System\aGkSYJH.exe
  C:\Windows\System\aGkSYJH.exe
  2⤵
  PID:11412
- C:\Windows\System\gEHirLu.exe
  C:\Windows\System\gEHirLu.exe
  2⤵
  PID:11448
- C:\Windows\System\BNywZIy.exe
  C:\Windows\System\BNywZIy.exe
  2⤵
  PID:11508
- C:\Windows\System\nZmwzKR.exe
  C:\Windows\System\nZmwzKR.exe
  2⤵
  PID:11552
- C:\Windows\System\HPRPTLc.exe
  C:\Windows\System\HPRPTLc.exe
  2⤵
  PID:11568
- C:\Windows\System\lsZhqBj.exe
  C:\Windows\System\lsZhqBj.exe
  2⤵
  PID:11592
- C:\Windows\System\JheNgwP.exe
  C:\Windows\System\JheNgwP.exe
  2⤵
  PID:11640
- C:\Windows\System\RtbKktD.exe
  C:\Windows\System\RtbKktD.exe
  2⤵
  PID:11684
- C:\Windows\System\ccwQYUv.exe
  C:\Windows\System\ccwQYUv.exe
  2⤵
  PID:11700
- C:\Windows\System\hAZUjFP.exe
  C:\Windows\System\hAZUjFP.exe
  2⤵
  PID:11724
- C:\Windows\System\nOhchyL.exe
  C:\Windows\System\nOhchyL.exe
  2⤵
  PID:11744
- C:\Windows\System\OMhPKEr.exe
  C:\Windows\System\OMhPKEr.exe
  2⤵
  PID:11796
- C:\Windows\System\RuwYuYW.exe
  C:\Windows\System\RuwYuYW.exe
  2⤵
  PID:11824
- C:\Windows\System\KoollQg.exe
  C:\Windows\System\KoollQg.exe
  2⤵
  PID:11840
- C:\Windows\System\tUyKxYc.exe
  C:\Windows\System\tUyKxYc.exe
  2⤵
  PID:11868
- C:\Windows\System\vFbkPWi.exe
  C:\Windows\System\vFbkPWi.exe
  2⤵
  PID:11896
- C:\Windows\System\SdkfpKB.exe
  C:\Windows\System\SdkfpKB.exe
  2⤵
  PID:11932
- C:\Windows\System\SnsXsdJ.exe
  C:\Windows\System\SnsXsdJ.exe
  2⤵
  PID:11952
- C:\Windows\System\PAxprJx.exe
  C:\Windows\System\PAxprJx.exe
  2⤵
  PID:11988
- C:\Windows\System\ebTpvcc.exe
  C:\Windows\System\ebTpvcc.exe
  2⤵
  PID:12024
- C:\Windows\System\rIiyzmW.exe
  C:\Windows\System\rIiyzmW.exe
  2⤵
  PID:12040
- C:\Windows\System\DgNMbZb.exe
  C:\Windows\System\DgNMbZb.exe
  2⤵
  PID:12056
- C:\Windows\System\MPyVqlC.exe
  C:\Windows\System\MPyVqlC.exe
  2⤵
  PID:12080
- C:\Windows\System\hcBcWMo.exe
  C:\Windows\System\hcBcWMo.exe
  2⤵
  PID:12108
- C:\Windows\System\sHcWjBH.exe
  C:\Windows\System\sHcWjBH.exe
  2⤵
  PID:12132
- C:\Windows\System\DlnKMjw.exe
  C:\Windows\System\DlnKMjw.exe
  2⤵
  PID:12180
- C:\Windows\System\QiyzXby.exe
  C:\Windows\System\QiyzXby.exe
  2⤵
  PID:12204
- C:\Windows\System\MNBZAXp.exe
  C:\Windows\System\MNBZAXp.exe
  2⤵
  PID:12260
- C:\Windows\System\pijWEzu.exe
  C:\Windows\System\pijWEzu.exe
  2⤵
  PID:12276
- C:\Windows\System\qhGTAmp.exe
  C:\Windows\System\qhGTAmp.exe
  2⤵
  PID:11300
- C:\Windows\System\FWrTtTC.exe
  C:\Windows\System\FWrTtTC.exe
  2⤵
  PID:11392
- C:\Windows\System\TsUDdkU.exe
  C:\Windows\System\TsUDdkU.exe
  2⤵
  PID:11484
- C:\Windows\System\nMUcIZu.exe
  C:\Windows\System\nMUcIZu.exe
  2⤵
  PID:11544
- C:\Windows\System\wREykoM.exe
  C:\Windows\System\wREykoM.exe
  2⤵
  PID:11608
- C:\Windows\System\ThwXMMh.exe
  C:\Windows\System\ThwXMMh.exe
  2⤵
  PID:11668
- C:\Windows\System\JHhnHFS.exe
  C:\Windows\System\JHhnHFS.exe
  2⤵
  PID:11732
- C:\Windows\System\qqyESAI.exe
  C:\Windows\System\qqyESAI.exe
  2⤵
  PID:11756
- C:\Windows\System\hQQJZiD.exe
  C:\Windows\System\hQQJZiD.exe
  2⤵
  PID:11856
- C:\Windows\System\NjtyOnR.exe
  C:\Windows\System\NjtyOnR.exe
  2⤵
  PID:11920
- C:\Windows\System\DxyisRd.exe
  C:\Windows\System\DxyisRd.exe
  2⤵
  PID:12008
- C:\Windows\System\MiuoqPn.exe
  C:\Windows\System\MiuoqPn.exe
  2⤵
  PID:12052
- C:\Windows\System\OfFuVIJ.exe
  C:\Windows\System\OfFuVIJ.exe
  2⤵
  PID:12120
- C:\Windows\System\mkPXMvX.exe
  C:\Windows\System\mkPXMvX.exe
  2⤵
  PID:12124
- C:\Windows\System\uyrBPdL.exe
  C:\Windows\System\uyrBPdL.exe
  2⤵
  PID:12156
- C:\Windows\System\VIdyitw.exe
  C:\Windows\System\VIdyitw.exe
  2⤵
  PID:12192
- C:\Windows\System\VwAoDjA.exe
  C:\Windows\System\VwAoDjA.exe
  2⤵
  PID:10280
- C:\Windows\System\SUkUVFI.exe
  C:\Windows\System\SUkUVFI.exe
  2⤵
  PID:9956
- C:\Windows\System\JTxhpBt.exe
  C:\Windows\System\JTxhpBt.exe
  2⤵
  PID:11808
- C:\Windows\System\JTMyVbc.exe
  C:\Windows\System\JTMyVbc.exe
  2⤵
  PID:12012
- C:\Windows\System\jHnTEdk.exe
  C:\Windows\System\jHnTEdk.exe
  2⤵
  PID:12216
- C:\Windows\System\rXNnOiq.exe
  C:\Windows\System\rXNnOiq.exe
  2⤵
  PID:11324
- C:\Windows\System\guVMSht.exe
  C:\Windows\System\guVMSht.exe
  2⤵
  PID:11820
- C:\Windows\System\EXloekE.exe
  C:\Windows\System\EXloekE.exe
  2⤵
  PID:12076
- C:\Windows\System\ncunNya.exe
  C:\Windows\System\ncunNya.exe
  2⤵
  PID:11488
- C:\Windows\System\kjieaMW.exe
  C:\Windows\System\kjieaMW.exe
  2⤵
  PID:12096
- C:\Windows\System\GKAUXgi.exe
  C:\Windows\System\GKAUXgi.exe
  2⤵
  PID:12348
- C:\Windows\System\DczZGgx.exe
  C:\Windows\System\DczZGgx.exe
  2⤵
  PID:12364
- C:\Windows\System\pdNHpxc.exe
  C:\Windows\System\pdNHpxc.exe
  2⤵
  PID:12392
- C:\Windows\System\LGGAYEU.exe
  C:\Windows\System\LGGAYEU.exe
  2⤵
  PID:12420
- C:\Windows\System\HtQZvrv.exe
  C:\Windows\System\HtQZvrv.exe
  2⤵
  PID:12448
- C:\Windows\System\qFKSMhu.exe
  C:\Windows\System\qFKSMhu.exe
  2⤵
  PID:12464
- C:\Windows\System\MdWOvGv.exe
  C:\Windows\System\MdWOvGv.exe
  2⤵
  PID:12492
- C:\Windows\System\WQOSvlu.exe
  C:\Windows\System\WQOSvlu.exe
  2⤵
  PID:12508
- C:\Windows\System\GwrxqSE.exe
  C:\Windows\System\GwrxqSE.exe
  2⤵
  PID:12560
- C:\Windows\System\qlPOPrE.exe
  C:\Windows\System\qlPOPrE.exe
  2⤵
  PID:12576
- C:\Windows\System\mAhbTNB.exe
  C:\Windows\System\mAhbTNB.exe
  2⤵
  PID:12592
- C:\Windows\System\zcCyhXh.exe
  C:\Windows\System\zcCyhXh.exe
  2⤵
  PID:12612
- C:\Windows\System\lGBrbTV.exe
  C:\Windows\System\lGBrbTV.exe
  2⤵
  PID:12644
- C:\Windows\System\QbziopA.exe
  C:\Windows\System\QbziopA.exe
  2⤵
  PID:12688
- C:\Windows\System\xINRfgC.exe
  C:\Windows\System\xINRfgC.exe
  2⤵
  PID:12716
- C:\Windows\System\qOvouPr.exe
  C:\Windows\System\qOvouPr.exe
  2⤵
  PID:12744
- C:\Windows\System\ZFBlewT.exe
  C:\Windows\System\ZFBlewT.exe
  2⤵
  PID:12772
- C:\Windows\System\pOhCKNB.exe
  C:\Windows\System\pOhCKNB.exe
  2⤵
  PID:12800
- C:\Windows\System\edFmfZc.exe
  C:\Windows\System\edFmfZc.exe
  2⤵
  PID:12828
- C:\Windows\System\NrmurRo.exe
  C:\Windows\System\NrmurRo.exe
  2⤵
  PID:12860
- C:\Windows\System\fCXpyka.exe
  C:\Windows\System\fCXpyka.exe
  2⤵
  PID:12896
- C:\Windows\System\iqkYkcl.exe
  C:\Windows\System\iqkYkcl.exe
  2⤵
  PID:12912
- C:\Windows\System\zNXPplt.exe
  C:\Windows\System\zNXPplt.exe
  2⤵
  PID:12952
- C:\Windows\System\zJrBuIJ.exe
  C:\Windows\System\zJrBuIJ.exe
  2⤵
  PID:12980
- C:\Windows\System\rRwOkGF.exe
  C:\Windows\System\rRwOkGF.exe
  2⤵
  PID:13008
- C:\Windows\System\feJOGUN.exe
  C:\Windows\System\feJOGUN.exe
  2⤵
  PID:13036
- C:\Windows\System\oiPDnwa.exe
  C:\Windows\System\oiPDnwa.exe
  2⤵
  PID:13064
- C:\Windows\System\QYnsrHi.exe
  C:\Windows\System\QYnsrHi.exe
  2⤵
  PID:13092
- C:\Windows\System\KjqmRiQ.exe
  C:\Windows\System\KjqmRiQ.exe
  2⤵
  PID:13120
- C:\Windows\System\tBKStbt.exe
  C:\Windows\System\tBKStbt.exe
  2⤵
  PID:13136
- C:\Windows\System\eZpsDeC.exe
  C:\Windows\System\eZpsDeC.exe
  2⤵
  PID:13176
- C:\Windows\System\orwKHyf.exe
  C:\Windows\System\orwKHyf.exe
  2⤵
  PID:13204
- C:\Windows\System\FDcPoSy.exe
  C:\Windows\System\FDcPoSy.exe
  2⤵
  PID:13232
- C:\Windows\System\NpegNRf.exe
  C:\Windows\System\NpegNRf.exe
  2⤵
  PID:13260
- C:\Windows\System\EScApaP.exe
  C:\Windows\System\EScApaP.exe
  2⤵
  PID:13288
- C:\Windows\System\bVOMwKW.exe
  C:\Windows\System\bVOMwKW.exe
  2⤵
  PID:11884
- C:\Windows\System\OWNSuHG.exe
  C:\Windows\System\OWNSuHG.exe
  2⤵
  PID:12336
- C:\Windows\System\CetJscn.exe
  C:\Windows\System\CetJscn.exe
  2⤵
  PID:12388
- C:\Windows\System\fzJTkef.exe
  C:\Windows\System\fzJTkef.exe
  2⤵
  PID:12460
- C:\Windows\System\LviNWCh.exe
  C:\Windows\System\LviNWCh.exe
  2⤵
  PID:12536
- C:\Windows\System\KWKAVZY.exe
  C:\Windows\System\KWKAVZY.exe
  2⤵
  PID:12572
- C:\Windows\System\rmlAQSy.exe
  C:\Windows\System\rmlAQSy.exe
  2⤵
  PID:12664
- C:\Windows\System\DQinUyX.exe
  C:\Windows\System\DQinUyX.exe
  2⤵
  PID:12700
- C:\Windows\System\qIQCqEK.exe
  C:\Windows\System\qIQCqEK.exe
  2⤵
  PID:12812
- C:\Windows\System\RkxemXn.exe
  C:\Windows\System\RkxemXn.exe
  2⤵
  PID:12892
- C:\Windows\System\YJbuEuA.exe
  C:\Windows\System\YJbuEuA.exe
  2⤵
  PID:12944
- C:\Windows\System\IHqnaTh.exe
  C:\Windows\System\IHqnaTh.exe
  2⤵
  PID:13004
- C:\Windows\System\GHdMwvl.exe
  C:\Windows\System\GHdMwvl.exe
  2⤵
  PID:13076
- C:\Windows\System\RKNWhjf.exe
  C:\Windows\System\RKNWhjf.exe
  2⤵
  PID:13132
- C:\Windows\System\msSCzdC.exe
  C:\Windows\System\msSCzdC.exe
  2⤵
  PID:13200
- C:\Windows\System\aVhRxTw.exe
  C:\Windows\System\aVhRxTw.exe
  2⤵
  PID:13248
- C:\Windows\System\LgHHnhL.exe
  C:\Windows\System\LgHHnhL.exe
  2⤵
  PID:13304
- C:\Windows\System\euvJPst.exe
  C:\Windows\System\euvJPst.exe
  2⤵
  PID:12444
- C:\Windows\System\EtWTAOF.exe
  C:\Windows\System\EtWTAOF.exe
  2⤵
  PID:12600
- C:\Windows\System\TGxzCde.exe
  C:\Windows\System\TGxzCde.exe
  2⤵
  PID:12708
- C:\Windows\System\bGvBuAW.exe
  C:\Windows\System\bGvBuAW.exe
  2⤵
  PID:12840
- C:\Windows\System\SSkHbtv.exe
  C:\Windows\System\SSkHbtv.exe
  2⤵
  PID:12996
- C:\Windows\System\pivQCYC.exe
  C:\Windows\System\pivQCYC.exe
  2⤵
  PID:13128
- C:\Windows\System\BkQjolZ.exe
  C:\Windows\System\BkQjolZ.exe
  2⤵
  PID:13276
- C:\Windows\System\mHGvZSc.exe
  C:\Windows\System\mHGvZSc.exe
  2⤵
  PID:12332
- C:\Windows\System\ZKkWqkt.exe
  C:\Windows\System\ZKkWqkt.exe
  2⤵
  PID:12868
- C:\Windows\System\SWMrygv.exe
  C:\Windows\System\SWMrygv.exe
  2⤵
  PID:12432
- C:\Windows\System\QyROhGA.exe
  C:\Windows\System\QyROhGA.exe
  2⤵
  PID:13104
- C:\Windows\System\MCrrJVr.exe
  C:\Windows\System\MCrrJVr.exe
  2⤵
  PID:13332
- C:\Windows\System\gncoJQO.exe
  C:\Windows\System\gncoJQO.exe
  2⤵
  PID:13360
- C:\Windows\System\ZntozdS.exe
  C:\Windows\System\ZntozdS.exe
  2⤵
  PID:13388
- C:\Windows\System\RDOqNSF.exe
  C:\Windows\System\RDOqNSF.exe
  2⤵
  PID:13404
- C:\Windows\System\VvQbxar.exe
  C:\Windows\System\VvQbxar.exe
  2⤵
  PID:13420
- C:\Windows\System\kAiYcvT.exe
  C:\Windows\System\kAiYcvT.exe
  2⤵
  PID:13472
- C:\Windows\System\uCIvnhI.exe
  C:\Windows\System\uCIvnhI.exe
  2⤵
  PID:13488
- C:\Windows\System\GLRCerC.exe
  C:\Windows\System\GLRCerC.exe
  2⤵
  PID:13512
- C:\Windows\System\CWRKkxS.exe
  C:\Windows\System\CWRKkxS.exe
  2⤵
  PID:13544
- C:\Windows\System\hBPxvnc.exe
  C:\Windows\System\hBPxvnc.exe
  2⤵
  PID:13572
- C:\Windows\System\RZOQjKf.exe
  C:\Windows\System\RZOQjKf.exe
  2⤵
  PID:13600
- C:\Windows\System\OixIpXx.exe
  C:\Windows\System\OixIpXx.exe
  2⤵
  PID:13640
- C:\Windows\System\jjqpqUj.exe
  C:\Windows\System\jjqpqUj.exe
  2⤵
  PID:13668
- C:\Windows\System\nbMyQSC.exe
  C:\Windows\System\nbMyQSC.exe
  2⤵
  PID:13684
- C:\Windows\System\ytegLfI.exe
  C:\Windows\System\ytegLfI.exe
  2⤵
  PID:13724
- C:\Windows\System\spxFcND.exe
  C:\Windows\System\spxFcND.exe
  2⤵
  PID:13740
- C:\Windows\System\neLGKiS.exe
  C:\Windows\System\neLGKiS.exe
  2⤵
  PID:13772
- C:\Windows\System\CYMfaIC.exe
  C:\Windows\System\CYMfaIC.exe
  2⤵
  PID:13796
- C:\Windows\System\wwhkJwN.exe
  C:\Windows\System\wwhkJwN.exe
  2⤵
  PID:13812
- C:\Windows\System\QQiXGmZ.exe
  C:\Windows\System\QQiXGmZ.exe
  2⤵
  PID:13848
- C:\Windows\System\KVESfRj.exe
  C:\Windows\System\KVESfRj.exe
  2⤵
  PID:13884
- C:\Windows\System\alFtbCH.exe
  C:\Windows\System\alFtbCH.exe
  2⤵
  PID:13908
- C:\Windows\System\ExGqSEf.exe
  C:\Windows\System\ExGqSEf.exe
  2⤵
  PID:13932
- C:\Windows\System\zPgLhzb.exe
  C:\Windows\System\zPgLhzb.exe
  2⤵
  PID:13960
- C:\Windows\System\CBXnhZg.exe
  C:\Windows\System\CBXnhZg.exe
  2⤵
  PID:13992
- C:\Windows\System\NWaHKaE.exe
  C:\Windows\System\NWaHKaE.exe
  2⤵
  PID:14032
- C:\Windows\System\WDeDvIi.exe
  C:\Windows\System\WDeDvIi.exe
  2⤵
  PID:14048
- C:\Windows\System\nqnmJHC.exe
  C:\Windows\System\nqnmJHC.exe
  2⤵
  PID:14068
- C:\Windows\System\IVMcwUN.exe
  C:\Windows\System\IVMcwUN.exe
  2⤵
  PID:14112
- C:\Windows\System\VLMRYXB.exe
  C:\Windows\System\VLMRYXB.exe
  2⤵
  PID:14132
- C:\Windows\System\AfPdCAT.exe
  C:\Windows\System\AfPdCAT.exe
  2⤵
  PID:14164
- C:\Windows\System\nRFZchr.exe
  C:\Windows\System\nRFZchr.exe
  2⤵
  PID:14200
- C:\Windows\System\QBsbryA.exe
  C:\Windows\System\QBsbryA.exe
  2⤵
  PID:14228
- C:\Windows\System\mJllJkP.exe
  C:\Windows\System\mJllJkP.exe
  2⤵
  PID:14256
- C:\Windows\System\QkHEwgJ.exe
  C:\Windows\System\QkHEwgJ.exe
  2⤵
  PID:14284
- C:\Windows\System\GZrxAsC.exe
  C:\Windows\System\GZrxAsC.exe
  2⤵
  PID:14332
- C:\Windows\System\odpFAIX.exe
  C:\Windows\System\odpFAIX.exe
  2⤵
  PID:13328
- C:\Windows\System\WnRjMeJ.exe
  C:\Windows\System\WnRjMeJ.exe
  2⤵
  PID:13416
- C:\Windows\System\YNUcmOb.exe
  C:\Windows\System\YNUcmOb.exe
  2⤵
  PID:13460
- C:\Windows\System\qKDzpUD.exe
  C:\Windows\System\qKDzpUD.exe
  2⤵
  PID:13532
- C:\Windows\System\KKnXjUW.exe
  C:\Windows\System\KKnXjUW.exe
  2⤵
  PID:13584
- C:\Windows\System\fmsEIOL.exe
  C:\Windows\System\fmsEIOL.exe
  2⤵
  PID:13656
- C:\Windows\System\FXOgsgX.exe
  C:\Windows\System\FXOgsgX.exe
  2⤵
  PID:13708
- C:\Windows\System\LhVGstL.exe
  C:\Windows\System\LhVGstL.exe
  2⤵
  PID:13764
- C:\Windows\System\vfotVrI.exe
  C:\Windows\System\vfotVrI.exe
  2⤵
  PID:13840
- C:\Windows\System\bdPOpfi.exe
  C:\Windows\System\bdPOpfi.exe
  2⤵
  PID:13920
- C:\Windows\System\GyVExIz.exe
  C:\Windows\System\GyVExIz.exe
  2⤵
  PID:13980
- C:\Windows\System\CewGAPQ.exe
  C:\Windows\System\CewGAPQ.exe
  2⤵
  PID:14076
- C:\Windows\System\zanpCmk.exe
  C:\Windows\System\zanpCmk.exe
  2⤵
  PID:14144
- C:\Windows\System\splGFsI.exe
  C:\Windows\System\splGFsI.exe
  2⤵
  PID:14220
- C:\Windows\System\zpqogdT.exe
  C:\Windows\System\zpqogdT.exe
  2⤵
  PID:14308
- C:\Windows\System\SpHUvif.exe
  C:\Windows\System\SpHUvif.exe
  2⤵
  PID:14320
- C:\Windows\System\XbytHxJ.exe
  C:\Windows\System\XbytHxJ.exe
  2⤵
  PID:13440
- C:\Windows\System\kDerYhE.exe
  C:\Windows\System\kDerYhE.exe
  2⤵
  PID:13560
- C:\Windows\System\MloLtIZ.exe
  C:\Windows\System\MloLtIZ.exe
  2⤵
  PID:13760
- C:\Windows\System\YnnHsUN.exe
  C:\Windows\System\YnnHsUN.exe
  2⤵
  PID:13780
- C:\Windows\System\oSbspqg.exe
  C:\Windows\System\oSbspqg.exe
  2⤵
  PID:14056
- C:\Windows\System\fSewrVm.exe
  C:\Windows\System\fSewrVm.exe
  2⤵
  PID:14196
- C:\Windows\System\nSSbPYG.exe
  C:\Windows\System\nSSbPYG.exe
  2⤵
  PID:14268
- C:\Windows\System\EQkpnAZ.exe
  C:\Windows\System\EQkpnAZ.exe
  2⤵
  PID:13556
- C:\Windows\System\fwXkook.exe
  C:\Windows\System\fwXkook.exe
  2⤵
  PID:14096
- C:\Windows\System\iOxZjOL.exe
  C:\Windows\System\iOxZjOL.exe
  2⤵
  PID:14312
- C:\Windows\System\uIoiQdZ.exe
  C:\Windows\System\uIoiQdZ.exe
  2⤵
  PID:14348
- C:\Windows\System\JRyZCoU.exe
  C:\Windows\System\JRyZCoU.exe
  2⤵
  PID:14368
- C:\Windows\System\VXmfydr.exe
  C:\Windows\System\VXmfydr.exe
  2⤵
  PID:14400
- C:\Windows\System\DqCAxsp.exe
  C:\Windows\System\DqCAxsp.exe
  2⤵
  PID:14432
- C:\Windows\System\JFWgMVY.exe
  C:\Windows\System\JFWgMVY.exe
  2⤵
  PID:14456
- C:\Windows\System\pfJlASq.exe
  C:\Windows\System\pfJlASq.exe
  2⤵
  PID:14480
- C:\Windows\System\ylJzSnr.exe
  C:\Windows\System\ylJzSnr.exe
  2⤵
  PID:14508
- C:\Windows\System\vXIMTEh.exe
  C:\Windows\System\vXIMTEh.exe
  2⤵
  PID:14532
- C:\Windows\System\OVkzcZb.exe
  C:\Windows\System\OVkzcZb.exe
  2⤵
  PID:14556
- C:\Windows\System\rCkPhWa.exe
  C:\Windows\System\rCkPhWa.exe
  2⤵
  PID:14588
- C:\Windows\System\fKDFfmt.exe
  C:\Windows\System\fKDFfmt.exe
  2⤵
  PID:14604
- C:\Windows\System\isxxfIv.exe
  C:\Windows\System\isxxfIv.exe
  2⤵
  PID:14640
- C:\Windows\System\ukFLUcT.exe
  C:\Windows\System\ukFLUcT.exe
  2⤵
  PID:14660
- C:\Windows\System\uOPXJyQ.exe
  C:\Windows\System\uOPXJyQ.exe
  2⤵
  PID:14696
- C:\Windows\System\Cbepnky.exe
  C:\Windows\System\Cbepnky.exe
  2⤵
  PID:14720
- C:\Windows\System\KovCdTC.exe
  C:\Windows\System\KovCdTC.exe
  2⤵
  PID:14760
- C:\Windows\System\AFzxNJL.exe
  C:\Windows\System\AFzxNJL.exe
  2⤵
  PID:14808
- C:\Windows\System\hqdLSLZ.exe
  C:\Windows\System\hqdLSLZ.exe
  2⤵
  PID:14824
- C:\Windows\System\NDnnMeC.exe
  C:\Windows\System\NDnnMeC.exe
  2⤵
  PID:14852
- C:\Windows\System\DIRBZgt.exe
  C:\Windows\System\DIRBZgt.exe
  2⤵
  PID:14876
- C:\Windows\System\GxljAeX.exe
  C:\Windows\System\GxljAeX.exe
  2⤵
  PID:14896
- C:\Windows\System\bxhozvd.exe
  C:\Windows\System\bxhozvd.exe
  2⤵
  PID:14928
- C:\Windows\System\BGlifcc.exe
  C:\Windows\System\BGlifcc.exe
  2⤵
  PID:14976
- C:\Windows\System\oUmhMOV.exe
  C:\Windows\System\oUmhMOV.exe
  2⤵
  PID:14992
- C:\Windows\System\qOFUBnV.exe
  C:\Windows\System\qOFUBnV.exe
  2⤵
  PID:15020
- C:\Windows\System\FsqTbsL.exe
  C:\Windows\System\FsqTbsL.exe
  2⤵
  PID:15048
- C:\Windows\System\ZSHAHNg.exe
  C:\Windows\System\ZSHAHNg.exe
  2⤵
  PID:15064
- C:\Windows\System\iOuMoyu.exe
  C:\Windows\System\iOuMoyu.exe
  2⤵
  PID:15080
- C:\Windows\System\IVfAoaU.exe
  C:\Windows\System\IVfAoaU.exe
  2⤵
  PID:15144
- C:\Windows\System\SdiQNHC.exe
  C:\Windows\System\SdiQNHC.exe
  2⤵
  PID:15160
- C:\Windows\System\ehUeWHB.exe
  C:\Windows\System\ehUeWHB.exe
  2⤵
  PID:15188
- C:\Windows\System\LHhEbdQ.exe
  C:\Windows\System\LHhEbdQ.exe
  2⤵
  PID:15220
- C:\Windows\System\nAuTaNN.exe
  C:\Windows\System\nAuTaNN.exe
  2⤵
  PID:15244
- C:\Windows\System\DWpKlbS.exe
  C:\Windows\System\DWpKlbS.exe
  2⤵
  PID:15284
- C:\Windows\System\eZBHNmo.exe
  C:\Windows\System\eZBHNmo.exe
  2⤵
  PID:15308
- C:\Windows\System\ExrWYtk.exe
  C:\Windows\System\ExrWYtk.exe
  2⤵
  PID:15328
- C:\Windows\System\prswwFo.exe
  C:\Windows\System\prswwFo.exe
  2⤵
  PID:14012
- C:\Windows\System\xxvleXI.exe
  C:\Windows\System\xxvleXI.exe
  2⤵
  PID:13636
- C:\Windows\System\YcooGTa.exe
  C:\Windows\System\YcooGTa.exe
  2⤵
  PID:14444
- C:\Windows\System\bFppava.exe
  C:\Windows\System\bFppava.exe
  2⤵
  PID:14572
- C:\Windows\System\ebaQSDS.exe
  C:\Windows\System\ebaQSDS.exe
  2⤵
  PID:14684

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ChACdSq.exe

Filesize
1.9MB

MD5
ff3df177b4f9cd948afb6ed3f483dd06

SHA1
671544f4b0cb264e771a76b901e483f205ea1eed

SHA256
73250e44c8e92cde8d139d5dd62d1b27ecf18ccd555cc97373e387a393411e4f

SHA512
382e6b4ef751fd2257fd0d57e03ae35763fce47273056b183796381acd38272a2a6250cb12c1d33cacbcff5f9bc2bb5a6e67615eaa588654849a7cb9c66432ae

Download Submit
C:\Windows\System\DpWroFk.exe

Filesize
1.9MB

MD5
2c410936e1f7bedac0826fcbb062fec8

SHA1
4ba525f29c3cd483ca00a949681aa354663d7bee

SHA256
601a8db88293d2d07cc1ee0b9ef89fb4a2fe21531d62ef6aa90c49c53f117282

SHA512
83dcbecd4dffa534425b43485a1f89d28b3519b5b5772043c87e985bf75bd3ad630a9533bd7d064b2488dcba955a4ff69f2da25c5de777dc41f165af0df23411

Download Submit
C:\Windows\System\FXCiwvq.exe

Filesize
1.9MB

MD5
1637e6b405782dbc440085d54ed44e38

SHA1
982e820974b96bd1b9b77a854451994d34d3d381

SHA256
1f3ede70038e5cb43bb2ccd87c740fdecab3b238b33c7e06855e702366506301

SHA512
53c1845b81cbb0b178050248e7f8bc823f91630b37fee45c179cc52399458aee5a758f9a70145befd200b56a06a7afb83699e06495ef10843d3e63fab70c7796

Download Submit
C:\Windows\System\FjGukvB.exe

Filesize
1.9MB

MD5
9213a438a86c1531ca48dd87076419ea

SHA1
5ca2ffafdb59e39bbee45d3780c05925b0f6de62

SHA256
524888fa7290e002b0ea7faa6fda9b798e9e0660dd0fe8e5aafacfea7c5d3732

SHA512
733f5b8b7fcbaab114292859dd32499855b8a0e20ce89d8a9e5c3964087e594b2a19b97532a2dec2bbd208c0cf580d8132dce235164363835639129b07d3e725

Download Submit
C:\Windows\System\GOgfPeH.exe

Filesize
1.9MB

MD5
b819f8b55c306a8fe5a6f6e69fa793e2

SHA1
148b8dd00d1a22981f9c0d629bc5e902b88d8780

SHA256
f93b11caf3766618d5bec72919032a597c95aa99f08572b335fe3c0f0e889da5

SHA512
13d4df35a2793cf0ab833529cad8b747a2c42d19352094da51c8dff0a420cce1abe07b5675b20821421bfa1e454e5b47235739e6989e6284ce199a698002f49d

Download Submit
C:\Windows\System\IZWFRNN.exe

Filesize
1.9MB

MD5
289da66384a723eeece04d53f8a380c5

SHA1
a1b8ddbd0d99812419d0716b69a6ba64ec7707c9

SHA256
56a9a76706f2a85ab83ee970953cf691754d0a024e50c400116faa351a509c57

SHA512
869bf8765142668158a978481c48a4b28319fb38bc4b3a489854c3fe063cb91b32565a077382a87579dbf2d62ad31fdcedf291560c4037f3aa025fa03e5ff947

Download Submit
C:\Windows\System\JrtxRci.exe

Filesize
1.9MB

MD5
cc3b9e60d7ebf17a9a73f47de71cf8e6

SHA1
ee65a853dd71ea29beab4cafd2f64d0792e1f418

SHA256
26074486d80d9ff6baeab25d4694528a3cc057733f172cc1edc7274c9b33c345

SHA512
b915cda31454fb4b50e3f588e3ca62c1e4378b8ca5bcbd2b51be430275cc311840c6996525245886a76141131daeac3b98d99a2a562647460901354c899f0d1e

Download Submit
C:\Windows\System\NtcukqI.exe

Filesize
1.9MB

MD5
f0ef28b6a48287df9e34769e3c1d29cf

SHA1
f48bede6e758ef4288f924d10cd8ce3be8e87ed8

SHA256
9ff547ee174c73f0d5f55b201cb72589f3818ef872cde553192e30e5147249dd

SHA512
a337ce5dc6c0796fd122c554cec48d91c57c6bc0c5da546bd2764d478bd905088790752251d7374b6f13509040d7607e3131610c294fa754cfb7cba8bef75027

Download Submit
C:\Windows\System\OLcWbMM.exe

Filesize
1.9MB

MD5
082e6a0850c1dfff3026c7b4d63ed466

SHA1
f6221e684baee586012484788fbc5b86e3e37897

SHA256
663472c42c36ff50c66b2d9ee2f3938af69210f83d665f6d39c118674b824238

SHA512
1421b917a41e31d471b1cd75442b8101a274284c58d143b3275075f294bb8b369c9999edd2ba7c85e5dad13962dea6bbb4a9fe307cb9fec20c9fa04a8558f112

Download Submit
C:\Windows\System\RqsCclC.exe

Filesize
1.9MB

MD5
ac38f982109d89faa82ce9a0d5e12139

SHA1
fef8ed043642d92b1fb926a9094243351a7d8b24

SHA256
56ca7f26d99a1ff2f8ca20f0b9b830d28ba1398b1a1b7227360ca82fe29f7686

SHA512
8183fbe3eeddf9d6efeec58318f7193d71a5ef1292a7412f493423ed0dc8c9568fd1ef98089198c8acef5e6236668edfc01187fe1c769fe6f0a1d3267703c4d6

Download Submit
C:\Windows\System\SjJvosk.exe

Filesize
1.9MB

MD5
7989aa2a51bbe1c9f44f09f2e05619f1

SHA1
2a7e0aa034bdcefedc56547a2cb6e8ca24168a80

SHA256
558abcdd96d820e15871aabe01daca5675e29666afa2a69061b1868c0f17b7ce

SHA512
3f214136b3b54254d24575018951ca185a991f89d47868911b93d72bb03afab11c285004b0547327993a244c03e1a06a30e1a46d6a9cb30c54446924ad870907

Download Submit
C:\Windows\System\UoamtzV.exe

Filesize
1.9MB

MD5
a881a8d0e23c7e4461329610d080ebd3

SHA1
046382b82a7f87115f81e36ce721c07141d0caa3

SHA256
b8838f386de5d63a7942695c52620d61e5b327f76202baf016d6f865f705dc03

SHA512
7744f037be137a3898d0166c5879096ec4045dd3aa665f951783e364a998dc624536aa90997b6c79eb82ecc9af546f57a39fd82864a5a5187332522b54dc9a39

Download Submit
C:\Windows\System\VHlsxZk.exe

Filesize
1.9MB

MD5
2963ff15a4fcb36289b030c21f91e6e8

SHA1
4277061a2ee7098a6bb88a56674e53165972d4da

SHA256
931836c5e25b796ae7ac4e06b33d66c1b4d691ad70a9f189a4f8457b4e21fe33

SHA512
c1d035f5585dd23eb5d778446794be17dd825f645de58aecad9750620831eefc286f2c8ae21429d57538fd2748dddc640ec5851417bfd2946db442b7ff44b815

Download Submit
C:\Windows\System\VgmSyDf.exe

Filesize
1.9MB

MD5
6de19b429b5bdaba371806d492703874

SHA1
0ef64a1e92c987304b1d63f1aaa0cc533942e3c3

SHA256
92eadb1a1407b547702337992df3f1f70fc4f0c059c85afce49d12e61faf95c1

SHA512
760998507fc905795399a1b2c50d346ab53378a903f7747c697231d8820e14f117cfeb29913ef517efe017b27746fd4c476a5143762b11b4d2c729ceb0206ced

Download Submit
C:\Windows\System\WRaJrGO.exe

Filesize
1.9MB

MD5
200e209614fe83721f1ea8709cf20e3c

SHA1
aea2c8c1a7ac8325f8963a1516d79f47eb500e37

SHA256
d4cd4514e4c7e23da536342f114f5ceeb51d057a23ec416daf3bed3b6070a5e6

SHA512
fabc882ca3a77c54752482a0d1d516955f7958103b52a84c584583e96ac1a096f2c4e56c5f7b6cad9bac4e69b76c65f5e58e24a99d1b632088096d95b2e519ec

Download Submit
C:\Windows\System\XLUYiit.exe

Filesize
1.9MB

MD5
4d3f032608c74cdbc04bbc048f3f6f94

SHA1
aebbec7d131cba255e99b329122944159f7e62af

SHA256
ac0acc1d49dca7fa92740999dd40118bd1d7049bfc6b58f03f98974b8df221f1

SHA512
a76545fea3b453cf029dc5d854f98390ce3ae68429665b262161124f3efe05e7db60ad0a1dfb8bbbc8a554fbfe2c4b0b864c5ef017892353b98a42ee13e714de

Download Submit
C:\Windows\System\XZXnNfX.exe

Filesize
1.9MB

MD5
5948bebaddb1145a12bd48141d6a61b6

SHA1
29033caa6feb8ede25af709f3833286765400d05

SHA256
732239c8236ef123ec58983c9f2dd357d4d5926279a50838ec009ad4d3f53021

SHA512
d91aab0db630663ea72fe4924e7a58cdff51470820c562344536405f3e6a93dcc71a8d211713ecbc8940c9bc4781e8c1e2fa9df8018b20864a235eb6432253e2

Download Submit
C:\Windows\System\ZEVUMSH.exe

Filesize
1.9MB

MD5
6d1f52fe69943da5bdadd8c4d9a6dd7a

SHA1
ad9ede4f15e63bff69d3a2c05f5612558c790390

SHA256
456fb663a290a37643bd46b3a176e18d84154ee44012c43c4efd332ce3f9ff76

SHA512
0c3abea9b28b4f988f59d5a26ff3b0bb26596ae2a06b15e10b63714669f3ae2c0b5469d311701f9d682aa607d91fc6a9af73fe0a293d3a83ef0bc167edefb9f9

Download Submit
C:\Windows\System\ZNHvDPJ.exe

Filesize
1.9MB

MD5
dd5af8eeab643e34d860a606b0196017

SHA1
d8029014c1086a098f78a18f1a70ecb1a6085806

SHA256
b7bfe994fd0b65352442f96b589b8fd02825349af4934b1b1fc9e5b8e2476e6e

SHA512
46b0f4241d630dc3fb484d9db55617923cb3f534a5d74ecc279f0967a070dc7cb99270c56a485b83d0760937bba397bf694a1ce46fe3c3e52046cc536c6580d6

Download Submit
C:\Windows\System\ZTcHsmU.exe

Filesize
1.9MB

MD5
7d0f6dda23a750cc5bf31ac965dff5a0

SHA1
40d08dd4dd14b5afc39ad60c00a2db6d92dc6c1a

SHA256
f622597fa855d22b655fa291727c325c0a76ac9c94ed59b0c30677e719f38258

SHA512
d8247ee0e561f0c7be7fe35302338609e6a164081cc70603776d47f99c2e057814b4e6d57d6dbaa30ed8ebce2308e59f45fc29fbd41d21ae667306dd8c09df86

Download Submit
C:\Windows\System\dXGUBvq.exe

Filesize
1.9MB

MD5
0845b01e399ed8d8c5be4849961657bf

SHA1
aa011bf68ba2afdcca53a560da8d668102248355

SHA256
490502f6bec6dda91dcb2eafcd4fa8e9333ca5557544caa3e31f295a8f7d1d24

SHA512
c5919bd32aa0528a61e4049ee4cd3c8e7c255f661248c8a4d6f8163929ef7340ab1482fdabe25fdd1770fb970af4219ae9725f0a512c853c86f798d854b3040a

Download Submit
C:\Windows\System\deqEONL.exe

Filesize
1.9MB

MD5
153f26e43d95b186375bd9bccbaab05c

SHA1
d903407d696b3fb71d52c1c41137dfcde037446d

SHA256
992702d17effc1223eab322e128a95283a88e77cc46da96eebc9b9c5dd1c91ba

SHA512
5029a07d5ca3a62bf0baf8ce4748e35580fffbbbb6d4f14806101feaae58e1fdc281c49137baf0d537bf6a820e72636df686c9f3ebf19b529f105a6bbba775f1

Download Submit
C:\Windows\System\fCEhbPm.exe

Filesize
1.9MB

MD5
2043471a467c9f251640c8265f10a96e

SHA1
6d00ab0e1ed5e862a483eea8d1d9686616a3f817

SHA256
06c493da7ba7700a37a23be651474e1158f5412adbb1c81ba7b6378e3926cac6

SHA512
4317a748e48bc8d75fc363527dfd1722b81835d86759c64a1e3dc2994d832c7c1011e4b4706b6e0c2f51de0c3bccea10fa1107c5d1021bcf9967aec52ad9c740

Download Submit
C:\Windows\System\fkgIqmt.exe

Filesize
1.9MB

MD5
7d79e72f8b2ddea6c4539ff9f5c25ef3

SHA1
42992c2d7bf72360b8f83e1d8d37a10b90e2255b

SHA256
4614bcd3433b96ff2bdaefc705507b9a76a4363ebf3e29fcefb45ef2e630c907

SHA512
32ccd9aac42e2426ea997ed6ac0574fae0bb575c060254cce3f61ffbcdef1feaa2cd5361005c28f1875c39f648d578b0cdc606bb835727070f3edd2c3bc3bb7c

Download Submit
C:\Windows\System\hCVdlSp.exe

Filesize
1.9MB

MD5
f977db48d567fe8df47ee7bd0b1feb51

SHA1
2454f0838058f5cce42088af2c694c1a597a051b

SHA256
5c48894dad68a9371ab485adf6266790259a3f37c4215e48a3b5de62bcea6177

SHA512
5803056a50c640c7078cea0ac8c56804d942e68db57b42ed3b63263b9b2cef28ed39157701652ced96fcf19433945f507257119f4b42244b3594bf437f8112da

Download Submit
C:\Windows\System\jwsmJbY.exe

Filesize
1.9MB

MD5
0aeb91f27e88d7060066e6f83a990994

SHA1
e3d502a3c5ef04e2610e40e959de64a05d133b1c

SHA256
7543003a07c6876069287dfb67e4ac5048fdca8972063f687dae67cd7972dc5c

SHA512
787c0a9106d911a1dcbc12caf1a3431562836d778310cae799c4eac949b36525337e356dff71f3e8a9262317d11dd5b37cafd2b0a66994c7027d6a398aa3d24b

Download Submit
C:\Windows\System\layufft.exe

Filesize
1.9MB

MD5
af9f38a32d266472aa9834eb4bb90aa1

SHA1
7a38259f672a30abd14cfef44e543fc01a472109

SHA256
fead992d27616c42ff59da1cf0c9cd4d60a8ad64a5fd7eb3f3911d7f40b2cd16

SHA512
f41b351f6e1f95323a5267dbe07be1db2ed0157d7a06c5094bca9a6abb914350ba9a72990ad6c805585f9a1d8b71dad39a6884eb63656f12c8a19e440356f614

Download Submit
C:\Windows\System\lvOGMJU.exe

Filesize
1.9MB

MD5
3ed040549e5e4eee5083af3123e4b130

SHA1
955c128c4e5610196e58d966ce7c05db9b1c4e84

SHA256
e24e2724f7977a8496633e8e5f1abf693632b591f33f01963fa604cd644ea27f

SHA512
f86bb8dd739d6cc86ed1883f071e32d4656b48130953da521ad38707bdf52473e903d5fb3bceae4dddd296fa0205121eda762c45d4fb739b4b460524ad4a8a77

Download Submit
C:\Windows\System\pzDrFPw.exe

Filesize
1.9MB

MD5
f6bdbe62c3e192cde046be6c11847e0f

SHA1
4ceb5ae4bffef3cc9fb2505726924a9f1ff3dc1c

SHA256
7c570837b64d9e5272fad22178007b329ed7fbfb84384d4de33005a94d9eb350

SHA512
2d08608fbf780b47d356a5131ffc71fbf07d2e3a5047c40c26cfd248a71ef9f988fd345de122c8989918f5a1885f68be2209fe5321fdbc9d5504a329261e4bde

Download Submit
C:\Windows\System\rpwhHGf.exe

Filesize
1.9MB

MD5
9efa6d8104dda49b7e038bc11c2a5b84

SHA1
5680ca9a32794afd9b526a5097dadf456c13f5a0

SHA256
8afdb5e9de1ca44f9310d2d2d7460426c216ea1c36e286489027dc036e582bb1

SHA512
520931728026adcaf7b282af728bf5779f03b56f8d99e60722e865b986b3eeba449f42dcd5ab380f49fb999256c323b67277bd907244cb724a79694f7a8aa81c

Download Submit
C:\Windows\System\rtPEFaM.exe

Filesize
1.9MB

MD5
20ac11694490a09f48733f53f9a8381b

SHA1
d8817d829292eede2fb28b32dfcd682568cfb590

SHA256
68ede277960ecb63913af4b32f05cf3f7a3c4b096ecdea27180a5b8b4e74052e

SHA512
5eafc4be829486b0d11b0985499f6c901271841751e89def82e09beecc5394eae89778a15a44d828ab5e5d3be695a4e0c879003b10ae7a2776ea764a0cdab0cc

Download Submit
C:\Windows\System\tNzPioM.exe

Filesize
1.9MB

MD5
768790f7affc6dcf3c466925307bd537

SHA1
cee82f144f80f5935b75c3f76c9a3d35503180e4

SHA256
fe859dfa40a3b66d4758ced96f93ea3d070caf14587a55a6d940456533b816bc

SHA512
2852eaf93c0073c90abfbaecf27dd5a55b212b323bb112383a7def7fb0221ae6bdc8699c5bdea1927f5b83dcefec63908e7b995eee4e716e398b23c0cfad5ab8

Download Submit
C:\Windows\System\vZOmalM.exe

Filesize
1.9MB

MD5
4222b5ecbdbeed2f959ea2f60b6ac4d2

SHA1
f7e5cddf2de09eb480f82d02204e605d26bb2db1

SHA256
d080a65ccb00c971163134e31299b446ab286683a036135617db0c00bc1ed768

SHA512
e7f25f6ebb021fde418cca52141bc44c005c8315b16888391fe173d2e59e7c2f104b1b87a13bbcdfece1d79bf845390752b688ce7773b026c310bce537aba251

Download Submit
memory/184-52-0x00007FF625BC0000-0x00007FF625F14000-memory.dmp

Filesize
3.3MB

Download
memory/184-1397-0x00007FF625BC0000-0x00007FF625F14000-memory.dmp

Filesize
3.3MB

Download
memory/184-2301-0x00007FF625BC0000-0x00007FF625F14000-memory.dmp

Filesize
3.3MB

Download
memory/428-1-0x0000019336400000-0x0000019336410000-memory.dmp

Filesize
64KB

Download
memory/428-879-0x00007FF70FB40000-0x00007FF70FE94000-memory.dmp

Filesize
3.3MB

Download
memory/428-0-0x00007FF70FB40000-0x00007FF70FE94000-memory.dmp

Filesize
3.3MB

Download
memory/644-2318-0x00007FF6E3D30000-0x00007FF6E4084000-memory.dmp

Filesize
3.3MB

Download
memory/644-474-0x00007FF6E3D30000-0x00007FF6E4084000-memory.dmp

Filesize
3.3MB

Download
memory/1188-2321-0x00007FF695830000-0x00007FF695B84000-memory.dmp

Filesize
3.3MB

Download
memory/1188-490-0x00007FF695830000-0x00007FF695B84000-memory.dmp

Filesize
3.3MB

Download
memory/1196-2302-0x00007FF77F850000-0x00007FF77FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1196-66-0x00007FF77F850000-0x00007FF77FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1256-478-0x00007FF7D5190000-0x00007FF7D54E4000-memory.dmp

Filesize
3.3MB

Download
memory/1256-2316-0x00007FF7D5190000-0x00007FF7D54E4000-memory.dmp

Filesize
3.3MB

Download
memory/1296-97-0x00007FF676F10000-0x00007FF677264000-memory.dmp

Filesize
3.3MB

Download
memory/1296-2304-0x00007FF676F10000-0x00007FF677264000-memory.dmp

Filesize
3.3MB

Download
memory/1532-2315-0x00007FF603F20000-0x00007FF604274000-memory.dmp

Filesize
3.3MB

Download
memory/1532-461-0x00007FF603F20000-0x00007FF604274000-memory.dmp

Filesize
3.3MB

Download
memory/1576-497-0x00007FF601C60000-0x00007FF601FB4000-memory.dmp

Filesize
3.3MB

Download
memory/1576-2314-0x00007FF601C60000-0x00007FF601FB4000-memory.dmp

Filesize
3.3MB

Download
memory/1608-2319-0x00007FF63D4B0000-0x00007FF63D804000-memory.dmp

Filesize
3.3MB

Download
memory/1608-473-0x00007FF63D4B0000-0x00007FF63D804000-memory.dmp

Filesize
3.3MB

Download
memory/1724-31-0x00007FF6B94D0000-0x00007FF6B9824000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2299-0x00007FF6B94D0000-0x00007FF6B9824000-memory.dmp

Filesize
3.3MB

Download
memory/1724-1039-0x00007FF6B94D0000-0x00007FF6B9824000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2305-0x00007FF7A4010000-0x00007FF7A4364000-memory.dmp

Filesize
3.3MB

Download
memory/1848-456-0x00007FF7A4010000-0x00007FF7A4364000-memory.dmp

Filesize
3.3MB

Download
memory/1864-468-0x00007FF6781E0000-0x00007FF678534000-memory.dmp

Filesize
3.3MB

Download
memory/1864-2309-0x00007FF6781E0000-0x00007FF678534000-memory.dmp

Filesize
3.3MB

Download
memory/2060-493-0x00007FF75A270000-0x00007FF75A5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-2322-0x00007FF75A270000-0x00007FF75A5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-81-0x00007FF68E5B0000-0x00007FF68E904000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2307-0x00007FF68E5B0000-0x00007FF68E904000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1404-0x00007FF68E5B0000-0x00007FF68E904000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2295-0x00007FF691600000-0x00007FF691954000-memory.dmp

Filesize
3.3MB

Download
memory/2760-8-0x00007FF691600000-0x00007FF691954000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1029-0x00007FF691600000-0x00007FF691954000-memory.dmp

Filesize
3.3MB

Download
memory/3124-2310-0x00007FF6E76D0000-0x00007FF6E7A24000-memory.dmp

Filesize
3.3MB

Download
memory/3124-465-0x00007FF6E76D0000-0x00007FF6E7A24000-memory.dmp

Filesize
3.3MB

Download
memory/3360-2300-0x00007FF782280000-0x00007FF7825D4000-memory.dmp

Filesize
3.3MB

Download
memory/3360-43-0x00007FF782280000-0x00007FF7825D4000-memory.dmp

Filesize
3.3MB

Download
memory/3920-2298-0x00007FF7DC600000-0x00007FF7DC954000-memory.dmp

Filesize
3.3MB

Download
memory/3920-29-0x00007FF7DC600000-0x00007FF7DC954000-memory.dmp

Filesize
3.3MB

Download
memory/3920-1036-0x00007FF7DC600000-0x00007FF7DC954000-memory.dmp

Filesize
3.3MB

Download
memory/4000-2306-0x00007FF795FE0000-0x00007FF796334000-memory.dmp

Filesize
3.3MB

Download
memory/4000-455-0x00007FF795FE0000-0x00007FF796334000-memory.dmp

Filesize
3.3MB

Download
memory/4284-2313-0x00007FF723210000-0x00007FF723564000-memory.dmp

Filesize
3.3MB

Download
memory/4284-480-0x00007FF723210000-0x00007FF723564000-memory.dmp

Filesize
3.3MB

Download
memory/4500-464-0x00007FF62E010000-0x00007FF62E364000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2311-0x00007FF62E010000-0x00007FF62E364000-memory.dmp

Filesize
3.3MB

Download
memory/4620-2296-0x00007FF7F2310000-0x00007FF7F2664000-memory.dmp

Filesize
3.3MB

Download
memory/4620-40-0x00007FF7F2310000-0x00007FF7F2664000-memory.dmp

Filesize
3.3MB

Download
memory/4720-22-0x00007FF6D91C0000-0x00007FF6D9514000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2294-0x00007FF6D91C0000-0x00007FF6D9514000-memory.dmp

Filesize
3.3MB

Download
memory/4724-2303-0x00007FF685490000-0x00007FF6857E4000-memory.dmp

Filesize
3.3MB

Download
memory/4724-73-0x00007FF685490000-0x00007FF6857E4000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2297-0x00007FF7BF210000-0x00007FF7BF564000-memory.dmp

Filesize
3.3MB

Download
memory/4804-44-0x00007FF7BF210000-0x00007FF7BF564000-memory.dmp

Filesize
3.3MB

Download
memory/4888-482-0x00007FF69BDA0000-0x00007FF69C0F4000-memory.dmp

Filesize
3.3MB

Download
memory/4888-2320-0x00007FF69BDA0000-0x00007FF69C0F4000-memory.dmp

Filesize
3.3MB

Download
memory/4912-2312-0x00007FF787FD0000-0x00007FF788324000-memory.dmp

Filesize
3.3MB

Download
memory/4912-501-0x00007FF787FD0000-0x00007FF788324000-memory.dmp

Filesize
3.3MB

Download
memory/5064-2308-0x00007FF6E2010000-0x00007FF6E2364000-memory.dmp

Filesize
3.3MB

Download
memory/5064-1515-0x00007FF6E2010000-0x00007FF6E2364000-memory.dmp

Filesize
3.3MB

Download
memory/5064-87-0x00007FF6E2010000-0x00007FF6E2364000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2317-0x00007FF7F1E80000-0x00007FF7F21D4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-477-0x00007FF7F1E80000-0x00007FF7F21D4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads