xmrig | fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2024, 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
Size

1.6MB
MD5

5e3ee0eae799c9536eb2505cfb3d758e
SHA1

c999e2c8eda09338cbbe970dc13399d492724e1b
SHA256

fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801
SHA512

9ba7db775bf9cb12b39d42ab93c78a9cd8aa1de3f8949b78263c54e436934d08407bfc0ea11419e006b64d743acef2262a7e402f123f97294ce57fcc2f4fc100
SSDEEP

24576:RVIl/WDGCi7/qkat62wT83PzKeLukbyUVWCPSuwNYWPxvyuEtrE60lmNgmlpF7cc:ROdWCCi7/ra+GJLuIaRNGQ3aBVoDnA

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/840-466-0x00007FF751CD0000-0x00007FF752021000-memory.dmp	xmrig
behavioral2/memory/3988-478-0x00007FF6422B0000-0x00007FF642601000-memory.dmp	xmrig
behavioral2/memory/1128-487-0x00007FF6631E0000-0x00007FF663531000-memory.dmp	xmrig
behavioral2/memory/3688-498-0x00007FF7F5AB0000-0x00007FF7F5E01000-memory.dmp	xmrig
behavioral2/memory/4696-525-0x00007FF613FB0000-0x00007FF614301000-memory.dmp	xmrig
behavioral2/memory/3444-517-0x00007FF7FB780000-0x00007FF7FBAD1000-memory.dmp	xmrig
behavioral2/memory/1240-512-0x00007FF7C1E50000-0x00007FF7C21A1000-memory.dmp	xmrig
behavioral2/memory/1464-511-0x00007FF66DBF0000-0x00007FF66DF41000-memory.dmp	xmrig
behavioral2/memory/4216-507-0x00007FF7B74E0000-0x00007FF7B7831000-memory.dmp	xmrig
behavioral2/memory/4764-505-0x00007FF785370000-0x00007FF7856C1000-memory.dmp	xmrig
behavioral2/memory/3820-492-0x00007FF72F550000-0x00007FF72F8A1000-memory.dmp	xmrig
behavioral2/memory/1856-490-0x00007FF7173D0000-0x00007FF717721000-memory.dmp	xmrig
behavioral2/memory/2744-486-0x00007FF7DECA0000-0x00007FF7DEFF1000-memory.dmp	xmrig
behavioral2/memory/4616-475-0x00007FF777460000-0x00007FF7777B1000-memory.dmp	xmrig
behavioral2/memory/1644-470-0x00007FF65DDD0000-0x00007FF65E121000-memory.dmp	xmrig
behavioral2/memory/4612-467-0x00007FF725590000-0x00007FF7258E1000-memory.dmp	xmrig
behavioral2/memory/2820-458-0x00007FF6F9440000-0x00007FF6F9791000-memory.dmp	xmrig
behavioral2/memory/1136-82-0x00007FF62C9B0000-0x00007FF62CD01000-memory.dmp	xmrig
behavioral2/memory/3032-71-0x00007FF776C70000-0x00007FF776FC1000-memory.dmp	xmrig
behavioral2/memory/536-39-0x00007FF7588A0000-0x00007FF758BF1000-memory.dmp	xmrig
behavioral2/memory/2212-1191-0x00007FF7B23E0000-0x00007FF7B2731000-memory.dmp	xmrig
behavioral2/memory/2028-1326-0x00007FF745670000-0x00007FF7459C1000-memory.dmp	xmrig
behavioral2/memory/3996-1323-0x00007FF76D040000-0x00007FF76D391000-memory.dmp	xmrig
behavioral2/memory/5064-1329-0x00007FF62EEE0000-0x00007FF62F231000-memory.dmp	xmrig
behavioral2/memory/3480-1321-0x00007FF7DF000000-0x00007FF7DF351000-memory.dmp	xmrig
behavioral2/memory/1776-1434-0x00007FF7D3790000-0x00007FF7D3AE1000-memory.dmp	xmrig
behavioral2/memory/3032-1430-0x00007FF776C70000-0x00007FF776FC1000-memory.dmp	xmrig
behavioral2/memory/3668-1429-0x00007FF78B390000-0x00007FF78B6E1000-memory.dmp	xmrig
behavioral2/memory/1072-1419-0x00007FF76F890000-0x00007FF76FBE1000-memory.dmp	xmrig
behavioral2/memory/2128-1547-0x00007FF774870000-0x00007FF774BC1000-memory.dmp	xmrig
behavioral2/memory/2976-1549-0x00007FF631380000-0x00007FF6316D1000-memory.dmp	xmrig
behavioral2/memory/3996-2401-0x00007FF76D040000-0x00007FF76D391000-memory.dmp	xmrig
behavioral2/memory/536-2403-0x00007FF7588A0000-0x00007FF758BF1000-memory.dmp	xmrig
behavioral2/memory/3480-2399-0x00007FF7DF000000-0x00007FF7DF351000-memory.dmp	xmrig
behavioral2/memory/2028-2407-0x00007FF745670000-0x00007FF7459C1000-memory.dmp	xmrig
behavioral2/memory/1136-2415-0x00007FF62C9B0000-0x00007FF62CD01000-memory.dmp	xmrig
behavioral2/memory/3668-2417-0x00007FF78B390000-0x00007FF78B6E1000-memory.dmp	xmrig
behavioral2/memory/2128-2413-0x00007FF774870000-0x00007FF774BC1000-memory.dmp	xmrig
behavioral2/memory/1072-2411-0x00007FF76F890000-0x00007FF76FBE1000-memory.dmp	xmrig
behavioral2/memory/3032-2409-0x00007FF776C70000-0x00007FF776FC1000-memory.dmp	xmrig
behavioral2/memory/5064-2405-0x00007FF62EEE0000-0x00007FF62F231000-memory.dmp	xmrig
behavioral2/memory/4612-2431-0x00007FF725590000-0x00007FF7258E1000-memory.dmp	xmrig
behavioral2/memory/1776-2429-0x00007FF7D3790000-0x00007FF7D3AE1000-memory.dmp	xmrig
behavioral2/memory/2976-2427-0x00007FF631380000-0x00007FF6316D1000-memory.dmp	xmrig
behavioral2/memory/840-2425-0x00007FF751CD0000-0x00007FF752021000-memory.dmp	xmrig
behavioral2/memory/1644-2423-0x00007FF65DDD0000-0x00007FF65E121000-memory.dmp	xmrig
behavioral2/memory/4696-2421-0x00007FF613FB0000-0x00007FF614301000-memory.dmp	xmrig
behavioral2/memory/2820-2419-0x00007FF6F9440000-0x00007FF6F9791000-memory.dmp	xmrig
behavioral2/memory/1240-2471-0x00007FF7C1E50000-0x00007FF7C21A1000-memory.dmp	xmrig
behavioral2/memory/3820-2482-0x00007FF72F550000-0x00007FF72F8A1000-memory.dmp	xmrig
behavioral2/memory/3688-2480-0x00007FF7F5AB0000-0x00007FF7F5E01000-memory.dmp	xmrig
behavioral2/memory/4764-2477-0x00007FF785370000-0x00007FF7856C1000-memory.dmp	xmrig
behavioral2/memory/1464-2475-0x00007FF66DBF0000-0x00007FF66DF41000-memory.dmp	xmrig
behavioral2/memory/4216-2473-0x00007FF7B74E0000-0x00007FF7B7831000-memory.dmp	xmrig
behavioral2/memory/2744-2463-0x00007FF7DECA0000-0x00007FF7DEFF1000-memory.dmp	xmrig
behavioral2/memory/4616-2449-0x00007FF777460000-0x00007FF7777B1000-memory.dmp	xmrig
behavioral2/memory/3988-2443-0x00007FF6422B0000-0x00007FF642601000-memory.dmp	xmrig
behavioral2/memory/1128-2461-0x00007FF6631E0000-0x00007FF663531000-memory.dmp	xmrig
behavioral2/memory/3444-2495-0x00007FF7FB780000-0x00007FF7FBAD1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3480	herGkZT.exe
3996	iRgQxdU.exe
536	RsYZNvu.exe
2028	qjMgEfH.exe
5064	zaCgDJx.exe
2128	ntKaEKb.exe
1072	fCLamwj.exe
1136	mhBhhzZ.exe
3668	HhxdacA.exe
3032	PELMhkK.exe
2820	jDOixUu.exe
2976	McZGQDS.exe
840	TglRblH.exe
1776	DmWiIox.exe
4612	RiGTOjp.exe
4696	lMdWpZS.exe
1644	KZVdreZ.exe
4616	qupvjJB.exe
3988	eBCDHms.exe
2744	EHFqtcI.exe
1128	gKWmuSX.exe
1856	dRiYHQw.exe
3820	WheBIxK.exe
3688	uxvXmtW.exe
4764	CWpXRiz.exe
4216	LKtdWcy.exe
1464	wyXyUou.exe
1240	vufMpPC.exe
3444	GZRHARI.exe
4420	JhnlETn.exe
680	acXUoxB.exe
2368	ufPdwsD.exe
2276	Ixejpre.exe
2528	Njedcuo.exe
1192	MkHwKBp.exe
3284	CHjuMoM.exe
1772	ZfcUYbx.exe
1992	QdzQdVR.exe
3304	ssVKEuf.exe
2208	eteTXoe.exe
2980	dqkAuyA.exe
532	QOpJVcp.exe
2828	hVhhwHD.exe
4348	tEDOUBH.exe
1740	MipRzYA.exe
4984	ffQnHUo.exe
8	zBEidyx.exe
2832	uCoFmMX.exe
3508	TUErvzd.exe
3664	bjHRzzz.exe
4520	nkHkGFe.exe
3504	McwWgUn.exe
3384	smgVrzF.exe
3728	kejSmCI.exe
5116	yhdsBPn.exe
1592	QkleuzF.exe
1580	NMDjGjH.exe
4588	tifrdNz.exe
640	TPiuuPl.exe
1956	gLEVCbb.exe
1656	clSIdhH.exe
4796	rIRVygA.exe
2000	LjPAevJ.exe
2312	glmKFxl.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2212-0-0x00007FF7B23E0000-0x00007FF7B2731000-memory.dmp	upx
behavioral2/files/0x000c000000023b4f-4.dat	upx
behavioral2/files/0x000a000000023b54-7.dat	upx
behavioral2/files/0x000a000000023b53-18.dat	upx
behavioral2/files/0x000a000000023b57-28.dat	upx
behavioral2/files/0x0031000000023b5b-50.dat	upx
behavioral2/memory/1072-53-0x00007FF76F890000-0x00007FF76FBE1000-memory.dmp	upx
behavioral2/memory/3668-67-0x00007FF78B390000-0x00007FF78B6E1000-memory.dmp	upx
behavioral2/files/0x0031000000023b5c-78.dat	upx
behavioral2/files/0x000a000000023b5e-84.dat	upx
behavioral2/files/0x000a000000023b60-91.dat	upx
behavioral2/files/0x000a000000023b62-103.dat	upx
behavioral2/files/0x000a000000023b6a-135.dat	upx
behavioral2/files/0x000a000000023b6d-158.dat	upx
behavioral2/memory/840-466-0x00007FF751CD0000-0x00007FF752021000-memory.dmp	upx
behavioral2/memory/3988-478-0x00007FF6422B0000-0x00007FF642601000-memory.dmp	upx
behavioral2/memory/1128-487-0x00007FF6631E0000-0x00007FF663531000-memory.dmp	upx
behavioral2/memory/3688-498-0x00007FF7F5AB0000-0x00007FF7F5E01000-memory.dmp	upx
behavioral2/memory/4696-525-0x00007FF613FB0000-0x00007FF614301000-memory.dmp	upx
behavioral2/memory/3444-517-0x00007FF7FB780000-0x00007FF7FBAD1000-memory.dmp	upx
behavioral2/memory/1240-512-0x00007FF7C1E50000-0x00007FF7C21A1000-memory.dmp	upx
behavioral2/memory/1464-511-0x00007FF66DBF0000-0x00007FF66DF41000-memory.dmp	upx
behavioral2/memory/4216-507-0x00007FF7B74E0000-0x00007FF7B7831000-memory.dmp	upx
behavioral2/memory/4764-505-0x00007FF785370000-0x00007FF7856C1000-memory.dmp	upx
behavioral2/memory/3820-492-0x00007FF72F550000-0x00007FF72F8A1000-memory.dmp	upx
behavioral2/memory/1856-490-0x00007FF7173D0000-0x00007FF717721000-memory.dmp	upx
behavioral2/memory/2744-486-0x00007FF7DECA0000-0x00007FF7DEFF1000-memory.dmp	upx
behavioral2/memory/4616-475-0x00007FF777460000-0x00007FF7777B1000-memory.dmp	upx
behavioral2/memory/1644-470-0x00007FF65DDD0000-0x00007FF65E121000-memory.dmp	upx
behavioral2/memory/4612-467-0x00007FF725590000-0x00007FF7258E1000-memory.dmp	upx
behavioral2/memory/2820-458-0x00007FF6F9440000-0x00007FF6F9791000-memory.dmp	upx
behavioral2/files/0x000a000000023b72-175.dat	upx
behavioral2/files/0x000a000000023b70-173.dat	upx
behavioral2/files/0x000a000000023b71-170.dat	upx
behavioral2/files/0x000a000000023b6f-168.dat	upx
behavioral2/files/0x000a000000023b6e-163.dat	upx
behavioral2/files/0x000a000000023b6c-153.dat	upx
behavioral2/files/0x000a000000023b6b-148.dat	upx
behavioral2/files/0x000a000000023b69-138.dat	upx
behavioral2/files/0x000a000000023b68-133.dat	upx
behavioral2/files/0x000a000000023b67-128.dat	upx
behavioral2/files/0x000a000000023b66-123.dat	upx
behavioral2/files/0x000a000000023b65-118.dat	upx
behavioral2/files/0x000a000000023b64-113.dat	upx
behavioral2/files/0x000a000000023b63-108.dat	upx
behavioral2/files/0x000a000000023b61-98.dat	upx
behavioral2/files/0x000a000000023b5f-86.dat	upx
behavioral2/memory/1136-82-0x00007FF62C9B0000-0x00007FF62CD01000-memory.dmp	upx
behavioral2/memory/1776-81-0x00007FF7D3790000-0x00007FF7D3AE1000-memory.dmp	upx
behavioral2/files/0x0031000000023b5d-80.dat	upx
behavioral2/memory/2976-76-0x00007FF631380000-0x00007FF6316D1000-memory.dmp	upx
behavioral2/memory/3032-71-0x00007FF776C70000-0x00007FF776FC1000-memory.dmp	upx
behavioral2/files/0x000a000000023b5a-62.dat	upx
behavioral2/files/0x000a000000023b58-45.dat	upx
behavioral2/files/0x000a000000023b59-51.dat	upx
behavioral2/memory/2128-41-0x00007FF774870000-0x00007FF774BC1000-memory.dmp	upx
behavioral2/memory/536-39-0x00007FF7588A0000-0x00007FF758BF1000-memory.dmp	upx
behavioral2/files/0x000a000000023b56-38.dat	upx
behavioral2/memory/5064-36-0x00007FF62EEE0000-0x00007FF62F231000-memory.dmp	upx
behavioral2/files/0x000a000000023b55-35.dat	upx
behavioral2/memory/2028-29-0x00007FF745670000-0x00007FF7459C1000-memory.dmp	upx
behavioral2/memory/3996-15-0x00007FF76D040000-0x00007FF76D391000-memory.dmp	upx
behavioral2/memory/3480-8-0x00007FF7DF000000-0x00007FF7DF351000-memory.dmp	upx
behavioral2/memory/2212-1191-0x00007FF7B23E0000-0x00007FF7B2731000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BrcVyyw.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\qcaxhPA.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\mZzoNVm.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\oLeUbMj.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\nKTnBrE.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\vKpkvOu.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\WFTxFXO.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\oQuQFTS.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\dqHokXt.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\RsYZNvu.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\hVhhwHD.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\SjSPxfb.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\GmuNUaZ.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\jfPgdxF.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\mgrUCAY.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\gZqNzUD.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\PWGFHFG.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\vrMMrlU.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\ZjXiAhd.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\BCAewDH.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\tPPHhcy.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\oCJIhIX.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\tBJyqLP.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\nKoKtqh.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\uWtkPXm.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\ldRzngI.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\sbRHeNv.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\OlKhJgn.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\oQfVHZE.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\vCFnbJQ.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\eMBPPLG.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\qPzDZBp.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\gOZJKKG.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\JSAYgnd.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\pYGTqxj.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\uaJYYAy.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\dRiYHQw.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\YpEhDqE.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\eiyVIEl.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\QEBQzsQ.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\rrGNcOd.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\ANQJOdi.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\mkKXNRT.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\kXhnrsW.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\eIlLYkf.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\LdbEPth.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\eXjRrXH.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\PYsolJf.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\BowsAFW.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\UzPYBWq.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\sNyXVUd.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\OQwBACG.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\ZVpPNhE.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\wduJPbm.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\apIToTX.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\CPssSEH.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\YNMAfRj.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\ItmNQph.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\cTFXLBn.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\ozpLcom.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\aGauISd.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\ncLjzdF.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\SnvzMWn.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
File created	C:\Windows\System\BbPMZCO.exe	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14732	dwm.exe
Token: SeChangeNotifyPrivilege	14732	dwm.exe
Token: 33	14732	dwm.exe
Token: SeIncBasePriorityPrivilege	14732	dwm.exe
Token: SeShutdownPrivilege	14732	dwm.exe
Token: SeCreatePagefilePrivilege	14732	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 3480	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	85
PID 2212 wrote to memory of 3480	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	85
PID 2212 wrote to memory of 3996	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	86
PID 2212 wrote to memory of 3996	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	86
PID 2212 wrote to memory of 536	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	87
PID 2212 wrote to memory of 536	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	87
PID 2212 wrote to memory of 2028	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	88
PID 2212 wrote to memory of 2028	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	88
PID 2212 wrote to memory of 5064	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	89
PID 2212 wrote to memory of 5064	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	89
PID 2212 wrote to memory of 2128	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	90
PID 2212 wrote to memory of 2128	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	90
PID 2212 wrote to memory of 1072	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	91
PID 2212 wrote to memory of 1072	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	91
PID 2212 wrote to memory of 1136	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	92
PID 2212 wrote to memory of 1136	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	92
PID 2212 wrote to memory of 3668	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	93
PID 2212 wrote to memory of 3668	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	93
PID 2212 wrote to memory of 3032	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	94
PID 2212 wrote to memory of 3032	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	94
PID 2212 wrote to memory of 2820	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	95
PID 2212 wrote to memory of 2820	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	95
PID 2212 wrote to memory of 2976	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	96
PID 2212 wrote to memory of 2976	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	96
PID 2212 wrote to memory of 840	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	97
PID 2212 wrote to memory of 840	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	97
PID 2212 wrote to memory of 1776	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	98
PID 2212 wrote to memory of 1776	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	98
PID 2212 wrote to memory of 4612	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	99
PID 2212 wrote to memory of 4612	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	99
PID 2212 wrote to memory of 4696	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	100
PID 2212 wrote to memory of 4696	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	100
PID 2212 wrote to memory of 1644	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	101
PID 2212 wrote to memory of 1644	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	101
PID 2212 wrote to memory of 4616	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	102
PID 2212 wrote to memory of 4616	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	102
PID 2212 wrote to memory of 3988	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	103
PID 2212 wrote to memory of 3988	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	103
PID 2212 wrote to memory of 2744	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	104
PID 2212 wrote to memory of 2744	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	104
PID 2212 wrote to memory of 1128	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	105
PID 2212 wrote to memory of 1128	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	105
PID 2212 wrote to memory of 1856	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	106
PID 2212 wrote to memory of 1856	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	106
PID 2212 wrote to memory of 3820	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	107
PID 2212 wrote to memory of 3820	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	107
PID 2212 wrote to memory of 3688	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	108
PID 2212 wrote to memory of 3688	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	108
PID 2212 wrote to memory of 4764	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	109
PID 2212 wrote to memory of 4764	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	109
PID 2212 wrote to memory of 4216	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	110
PID 2212 wrote to memory of 4216	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	110
PID 2212 wrote to memory of 1464	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	111
PID 2212 wrote to memory of 1464	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	111
PID 2212 wrote to memory of 1240	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	112
PID 2212 wrote to memory of 1240	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	112
PID 2212 wrote to memory of 3444	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	113
PID 2212 wrote to memory of 3444	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	113
PID 2212 wrote to memory of 4420	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	114
PID 2212 wrote to memory of 4420	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	114
PID 2212 wrote to memory of 680	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	115
PID 2212 wrote to memory of 680	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	115
PID 2212 wrote to memory of 2368	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	116
PID 2212 wrote to memory of 2368	2212	fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe	116

C:\Users\Admin\AppData\Local\Temp\fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe
"C:\Users\Admin\AppData\Local\Temp\fe55c4e2e02725dd140d32f3616a6e841eef11dadc3fd7fcc15e6549a4416801.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\System\herGkZT.exe
  C:\Windows\System\herGkZT.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\iRgQxdU.exe
  C:\Windows\System\iRgQxdU.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\RsYZNvu.exe
  C:\Windows\System\RsYZNvu.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\qjMgEfH.exe
  C:\Windows\System\qjMgEfH.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\zaCgDJx.exe
  C:\Windows\System\zaCgDJx.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\ntKaEKb.exe
  C:\Windows\System\ntKaEKb.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\fCLamwj.exe
  C:\Windows\System\fCLamwj.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\mhBhhzZ.exe
  C:\Windows\System\mhBhhzZ.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\HhxdacA.exe
  C:\Windows\System\HhxdacA.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\PELMhkK.exe
  C:\Windows\System\PELMhkK.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\jDOixUu.exe
  C:\Windows\System\jDOixUu.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\McZGQDS.exe
  C:\Windows\System\McZGQDS.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\TglRblH.exe
  C:\Windows\System\TglRblH.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\DmWiIox.exe
  C:\Windows\System\DmWiIox.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\RiGTOjp.exe
  C:\Windows\System\RiGTOjp.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\lMdWpZS.exe
  C:\Windows\System\lMdWpZS.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\KZVdreZ.exe
  C:\Windows\System\KZVdreZ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\qupvjJB.exe
  C:\Windows\System\qupvjJB.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\eBCDHms.exe
  C:\Windows\System\eBCDHms.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\EHFqtcI.exe
  C:\Windows\System\EHFqtcI.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\gKWmuSX.exe
  C:\Windows\System\gKWmuSX.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\dRiYHQw.exe
  C:\Windows\System\dRiYHQw.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\WheBIxK.exe
  C:\Windows\System\WheBIxK.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\uxvXmtW.exe
  C:\Windows\System\uxvXmtW.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\CWpXRiz.exe
  C:\Windows\System\CWpXRiz.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\LKtdWcy.exe
  C:\Windows\System\LKtdWcy.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\wyXyUou.exe
  C:\Windows\System\wyXyUou.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\vufMpPC.exe
  C:\Windows\System\vufMpPC.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\GZRHARI.exe
  C:\Windows\System\GZRHARI.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\JhnlETn.exe
  C:\Windows\System\JhnlETn.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\acXUoxB.exe
  C:\Windows\System\acXUoxB.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\ufPdwsD.exe
  C:\Windows\System\ufPdwsD.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\Ixejpre.exe
  C:\Windows\System\Ixejpre.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\Njedcuo.exe
  C:\Windows\System\Njedcuo.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\MkHwKBp.exe
  C:\Windows\System\MkHwKBp.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\CHjuMoM.exe
  C:\Windows\System\CHjuMoM.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\ZfcUYbx.exe
  C:\Windows\System\ZfcUYbx.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\QdzQdVR.exe
  C:\Windows\System\QdzQdVR.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\ssVKEuf.exe
  C:\Windows\System\ssVKEuf.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\eteTXoe.exe
  C:\Windows\System\eteTXoe.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\dqkAuyA.exe
  C:\Windows\System\dqkAuyA.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\QOpJVcp.exe
  C:\Windows\System\QOpJVcp.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\hVhhwHD.exe
  C:\Windows\System\hVhhwHD.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\tEDOUBH.exe
  C:\Windows\System\tEDOUBH.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\MipRzYA.exe
  C:\Windows\System\MipRzYA.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\ffQnHUo.exe
  C:\Windows\System\ffQnHUo.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\zBEidyx.exe
  C:\Windows\System\zBEidyx.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\uCoFmMX.exe
  C:\Windows\System\uCoFmMX.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\TUErvzd.exe
  C:\Windows\System\TUErvzd.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\bjHRzzz.exe
  C:\Windows\System\bjHRzzz.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\nkHkGFe.exe
  C:\Windows\System\nkHkGFe.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\McwWgUn.exe
  C:\Windows\System\McwWgUn.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\smgVrzF.exe
  C:\Windows\System\smgVrzF.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\kejSmCI.exe
  C:\Windows\System\kejSmCI.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\yhdsBPn.exe
  C:\Windows\System\yhdsBPn.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\QkleuzF.exe
  C:\Windows\System\QkleuzF.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\NMDjGjH.exe
  C:\Windows\System\NMDjGjH.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\tifrdNz.exe
  C:\Windows\System\tifrdNz.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\TPiuuPl.exe
  C:\Windows\System\TPiuuPl.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\gLEVCbb.exe
  C:\Windows\System\gLEVCbb.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\clSIdhH.exe
  C:\Windows\System\clSIdhH.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\rIRVygA.exe
  C:\Windows\System\rIRVygA.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\LjPAevJ.exe
  C:\Windows\System\LjPAevJ.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\glmKFxl.exe
  C:\Windows\System\glmKFxl.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\JgVSULM.exe
  C:\Windows\System\JgVSULM.exe
  2⤵
  PID:1972
- C:\Windows\System\ALmpOWd.exe
  C:\Windows\System\ALmpOWd.exe
  2⤵
  PID:2372
- C:\Windows\System\MaxeTlN.exe
  C:\Windows\System\MaxeTlN.exe
  2⤵
  PID:2728
- C:\Windows\System\dcuDdqk.exe
  C:\Windows\System\dcuDdqk.exe
  2⤵
  PID:4996
- C:\Windows\System\TzUSmGt.exe
  C:\Windows\System\TzUSmGt.exe
  2⤵
  PID:5100
- C:\Windows\System\GfxkfuW.exe
  C:\Windows\System\GfxkfuW.exe
  2⤵
  PID:1052
- C:\Windows\System\fiXQnEp.exe
  C:\Windows\System\fiXQnEp.exe
  2⤵
  PID:4856
- C:\Windows\System\NVRmjOy.exe
  C:\Windows\System\NVRmjOy.exe
  2⤵
  PID:4496
- C:\Windows\System\rdlWlHN.exe
  C:\Windows\System\rdlWlHN.exe
  2⤵
  PID:3920
- C:\Windows\System\EewWBvU.exe
  C:\Windows\System\EewWBvU.exe
  2⤵
  PID:2784
- C:\Windows\System\rrGNcOd.exe
  C:\Windows\System\rrGNcOd.exe
  2⤵
  PID:3960
- C:\Windows\System\eMBPPLG.exe
  C:\Windows\System\eMBPPLG.exe
  2⤵
  PID:3488
- C:\Windows\System\dalwDNm.exe
  C:\Windows\System\dalwDNm.exe
  2⤵
  PID:4188
- C:\Windows\System\FCWXYnv.exe
  C:\Windows\System\FCWXYnv.exe
  2⤵
  PID:4356
- C:\Windows\System\SefaHsZ.exe
  C:\Windows\System\SefaHsZ.exe
  2⤵
  PID:4604
- C:\Windows\System\hzjLfqu.exe
  C:\Windows\System\hzjLfqu.exe
  2⤵
  PID:3152
- C:\Windows\System\ZNxtZjq.exe
  C:\Windows\System\ZNxtZjq.exe
  2⤵
  PID:2280
- C:\Windows\System\qPzDZBp.exe
  C:\Windows\System\qPzDZBp.exe
  2⤵
  PID:2776
- C:\Windows\System\AcoSHdD.exe
  C:\Windows\System\AcoSHdD.exe
  2⤵
  PID:1752
- C:\Windows\System\EwKfqvP.exe
  C:\Windows\System\EwKfqvP.exe
  2⤵
  PID:2332
- C:\Windows\System\SgOPAel.exe
  C:\Windows\System\SgOPAel.exe
  2⤵
  PID:4524
- C:\Windows\System\geORYbE.exe
  C:\Windows\System\geORYbE.exe
  2⤵
  PID:5124
- C:\Windows\System\RYRvDYN.exe
  C:\Windows\System\RYRvDYN.exe
  2⤵
  PID:5148
- C:\Windows\System\DUvjMgi.exe
  C:\Windows\System\DUvjMgi.exe
  2⤵
  PID:5176
- C:\Windows\System\aRMwHEx.exe
  C:\Windows\System\aRMwHEx.exe
  2⤵
  PID:5204
- C:\Windows\System\XHQLDoc.exe
  C:\Windows\System\XHQLDoc.exe
  2⤵
  PID:5232
- C:\Windows\System\nKoKtqh.exe
  C:\Windows\System\nKoKtqh.exe
  2⤵
  PID:5264
- C:\Windows\System\dFOKTWA.exe
  C:\Windows\System\dFOKTWA.exe
  2⤵
  PID:5288
- C:\Windows\System\ZxcCjgO.exe
  C:\Windows\System\ZxcCjgO.exe
  2⤵
  PID:5320
- C:\Windows\System\DMCukRT.exe
  C:\Windows\System\DMCukRT.exe
  2⤵
  PID:5344
- C:\Windows\System\yOdTEWF.exe
  C:\Windows\System\yOdTEWF.exe
  2⤵
  PID:5368
- C:\Windows\System\eEYhRno.exe
  C:\Windows\System\eEYhRno.exe
  2⤵
  PID:5400
- C:\Windows\System\IdBUjFt.exe
  C:\Windows\System\IdBUjFt.exe
  2⤵
  PID:5428
- C:\Windows\System\RwNTggk.exe
  C:\Windows\System\RwNTggk.exe
  2⤵
  PID:5456
- C:\Windows\System\oKBLKvz.exe
  C:\Windows\System\oKBLKvz.exe
  2⤵
  PID:5484
- C:\Windows\System\eiCKjRn.exe
  C:\Windows\System\eiCKjRn.exe
  2⤵
  PID:5512
- C:\Windows\System\pBWhLDO.exe
  C:\Windows\System\pBWhLDO.exe
  2⤵
  PID:5540
- C:\Windows\System\IrXeOUr.exe
  C:\Windows\System\IrXeOUr.exe
  2⤵
  PID:5568
- C:\Windows\System\rdZONyx.exe
  C:\Windows\System\rdZONyx.exe
  2⤵
  PID:5616
- C:\Windows\System\jkVVYwS.exe
  C:\Windows\System\jkVVYwS.exe
  2⤵
  PID:5636
- C:\Windows\System\jCojJWR.exe
  C:\Windows\System\jCojJWR.exe
  2⤵
  PID:5664
- C:\Windows\System\xhLuFJJ.exe
  C:\Windows\System\xhLuFJJ.exe
  2⤵
  PID:5680
- C:\Windows\System\NqdErvg.exe
  C:\Windows\System\NqdErvg.exe
  2⤵
  PID:5708
- C:\Windows\System\dEmmOmb.exe
  C:\Windows\System\dEmmOmb.exe
  2⤵
  PID:5732
- C:\Windows\System\DjfqJwS.exe
  C:\Windows\System\DjfqJwS.exe
  2⤵
  PID:5760
- C:\Windows\System\fXHGLIK.exe
  C:\Windows\System\fXHGLIK.exe
  2⤵
  PID:5788
- C:\Windows\System\xnODoSn.exe
  C:\Windows\System\xnODoSn.exe
  2⤵
  PID:5816
- C:\Windows\System\hbepovX.exe
  C:\Windows\System\hbepovX.exe
  2⤵
  PID:5844
- C:\Windows\System\XuNXujY.exe
  C:\Windows\System\XuNXujY.exe
  2⤵
  PID:5872
- C:\Windows\System\ZjDzoDe.exe
  C:\Windows\System\ZjDzoDe.exe
  2⤵
  PID:5900
- C:\Windows\System\THjNhdI.exe
  C:\Windows\System\THjNhdI.exe
  2⤵
  PID:5928
- C:\Windows\System\lPfUTyQ.exe
  C:\Windows\System\lPfUTyQ.exe
  2⤵
  PID:5960
- C:\Windows\System\BCtpCZb.exe
  C:\Windows\System\BCtpCZb.exe
  2⤵
  PID:5984
- C:\Windows\System\sRYQlAx.exe
  C:\Windows\System\sRYQlAx.exe
  2⤵
  PID:6012
- C:\Windows\System\cxjtEff.exe
  C:\Windows\System\cxjtEff.exe
  2⤵
  PID:6040
- C:\Windows\System\TdgoyuE.exe
  C:\Windows\System\TdgoyuE.exe
  2⤵
  PID:6072
- C:\Windows\System\kXJXXip.exe
  C:\Windows\System\kXJXXip.exe
  2⤵
  PID:6096
- C:\Windows\System\wduJPbm.exe
  C:\Windows\System\wduJPbm.exe
  2⤵
  PID:6124
- C:\Windows\System\iIDezTZ.exe
  C:\Windows\System\iIDezTZ.exe
  2⤵
  PID:1512
- C:\Windows\System\pSBuXsU.exe
  C:\Windows\System\pSBuXsU.exe
  2⤵
  PID:3940
- C:\Windows\System\lcYBHkV.exe
  C:\Windows\System\lcYBHkV.exe
  2⤵
  PID:4788
- C:\Windows\System\gnnlZgY.exe
  C:\Windows\System\gnnlZgY.exe
  2⤵
  PID:2328
- C:\Windows\System\YzfAnWo.exe
  C:\Windows\System\YzfAnWo.exe
  2⤵
  PID:2024
- C:\Windows\System\kvbBSzf.exe
  C:\Windows\System\kvbBSzf.exe
  2⤵
  PID:5280
- C:\Windows\System\iHlIbwG.exe
  C:\Windows\System\iHlIbwG.exe
  2⤵
  PID:1964
- C:\Windows\System\ikkddDE.exe
  C:\Windows\System\ikkddDE.exe
  2⤵
  PID:5384
- C:\Windows\System\pYRXdzy.exe
  C:\Windows\System\pYRXdzy.exe
  2⤵
  PID:5420
- C:\Windows\System\VFmcROl.exe
  C:\Windows\System\VFmcROl.exe
  2⤵
  PID:5500
- C:\Windows\System\rfSnqow.exe
  C:\Windows\System\rfSnqow.exe
  2⤵
  PID:5560
- C:\Windows\System\bjGXRhm.exe
  C:\Windows\System\bjGXRhm.exe
  2⤵
  PID:4708
- C:\Windows\System\UTqibGU.exe
  C:\Windows\System\UTqibGU.exe
  2⤵
  PID:5632
- C:\Windows\System\TvlGCOp.exe
  C:\Windows\System\TvlGCOp.exe
  2⤵
  PID:2160
- C:\Windows\System\zaAsyUR.exe
  C:\Windows\System\zaAsyUR.exe
  2⤵
  PID:5756
- C:\Windows\System\ArNflfw.exe
  C:\Windows\System\ArNflfw.exe
  2⤵
  PID:5888
- C:\Windows\System\jSuUIUT.exe
  C:\Windows\System\jSuUIUT.exe
  2⤵
  PID:5924
- C:\Windows\System\NQredFX.exe
  C:\Windows\System\NQredFX.exe
  2⤵
  PID:5948
- C:\Windows\System\uyhfLOw.exe
  C:\Windows\System\uyhfLOw.exe
  2⤵
  PID:6000
- C:\Windows\System\cOFFwIy.exe
  C:\Windows\System\cOFFwIy.exe
  2⤵
  PID:6028
- C:\Windows\System\EDnPAwW.exe
  C:\Windows\System\EDnPAwW.exe
  2⤵
  PID:6064
- C:\Windows\System\ntdXFMw.exe
  C:\Windows\System\ntdXFMw.exe
  2⤵
  PID:6120
- C:\Windows\System\OmDWCbD.exe
  C:\Windows\System\OmDWCbD.exe
  2⤵
  PID:4000
- C:\Windows\System\GygDsKT.exe
  C:\Windows\System\GygDsKT.exe
  2⤵
  PID:3332
- C:\Windows\System\RWHpcdx.exe
  C:\Windows\System\RWHpcdx.exe
  2⤵
  PID:4988
- C:\Windows\System\KpGBWIq.exe
  C:\Windows\System\KpGBWIq.exe
  2⤵
  PID:5216
- C:\Windows\System\OmrXgiF.exe
  C:\Windows\System\OmrXgiF.exe
  2⤵
  PID:2732
- C:\Windows\System\UExHEMU.exe
  C:\Windows\System\UExHEMU.exe
  2⤵
  PID:5272
- C:\Windows\System\CYumaZd.exe
  C:\Windows\System\CYumaZd.exe
  2⤵
  PID:2872
- C:\Windows\System\PFkHYTQ.exe
  C:\Windows\System\PFkHYTQ.exe
  2⤵
  PID:5600
- C:\Windows\System\DxZXjpr.exe
  C:\Windows\System\DxZXjpr.exe
  2⤵
  PID:5532
- C:\Windows\System\qcaxhPA.exe
  C:\Windows\System\qcaxhPA.exe
  2⤵
  PID:3528
- C:\Windows\System\aFltekv.exe
  C:\Windows\System\aFltekv.exe
  2⤵
  PID:2924
- C:\Windows\System\kxLlZUV.exe
  C:\Windows\System\kxLlZUV.exe
  2⤵
  PID:868
- C:\Windows\System\UwQZAhn.exe
  C:\Windows\System\UwQZAhn.exe
  2⤵
  PID:4404
- C:\Windows\System\eXjRrXH.exe
  C:\Windows\System\eXjRrXH.exe
  2⤵
  PID:2268
- C:\Windows\System\rdaIGoa.exe
  C:\Windows\System\rdaIGoa.exe
  2⤵
  PID:2704
- C:\Windows\System\pzoIKvH.exe
  C:\Windows\System\pzoIKvH.exe
  2⤵
  PID:412
- C:\Windows\System\miWfbFJ.exe
  C:\Windows\System\miWfbFJ.exe
  2⤵
  PID:4368
- C:\Windows\System\kcBBFpC.exe
  C:\Windows\System\kcBBFpC.exe
  2⤵
  PID:2756
- C:\Windows\System\Hngtcaj.exe
  C:\Windows\System\Hngtcaj.exe
  2⤵
  PID:3568
- C:\Windows\System\mZzoNVm.exe
  C:\Windows\System\mZzoNVm.exe
  2⤵
  PID:4044
- C:\Windows\System\VGTXoHB.exe
  C:\Windows\System\VGTXoHB.exe
  2⤵
  PID:4084
- C:\Windows\System\JBpqNOh.exe
  C:\Windows\System\JBpqNOh.exe
  2⤵
  PID:6212
- C:\Windows\System\OiOYNiQ.exe
  C:\Windows\System\OiOYNiQ.exe
  2⤵
  PID:6264
- C:\Windows\System\LajLFos.exe
  C:\Windows\System\LajLFos.exe
  2⤵
  PID:6320
- C:\Windows\System\KzekydC.exe
  C:\Windows\System\KzekydC.exe
  2⤵
  PID:6336
- C:\Windows\System\Rjojmna.exe
  C:\Windows\System\Rjojmna.exe
  2⤵
  PID:6352
- C:\Windows\System\FehyUHP.exe
  C:\Windows\System\FehyUHP.exe
  2⤵
  PID:6368
- C:\Windows\System\nRPskNE.exe
  C:\Windows\System\nRPskNE.exe
  2⤵
  PID:6384
- C:\Windows\System\ZiNPYBL.exe
  C:\Windows\System\ZiNPYBL.exe
  2⤵
  PID:6400
- C:\Windows\System\RLQcnrV.exe
  C:\Windows\System\RLQcnrV.exe
  2⤵
  PID:6416
- C:\Windows\System\DKihnCV.exe
  C:\Windows\System\DKihnCV.exe
  2⤵
  PID:6460
- C:\Windows\System\jGbmXQq.exe
  C:\Windows\System\jGbmXQq.exe
  2⤵
  PID:6500
- C:\Windows\System\AtEhQaD.exe
  C:\Windows\System\AtEhQaD.exe
  2⤵
  PID:6540
- C:\Windows\System\WRnxpAP.exe
  C:\Windows\System\WRnxpAP.exe
  2⤵
  PID:6600
- C:\Windows\System\CwIxoVF.exe
  C:\Windows\System\CwIxoVF.exe
  2⤵
  PID:6640
- C:\Windows\System\DuUbgjN.exe
  C:\Windows\System\DuUbgjN.exe
  2⤵
  PID:6684
- C:\Windows\System\dQFayfI.exe
  C:\Windows\System\dQFayfI.exe
  2⤵
  PID:6708
- C:\Windows\System\wNgrzUv.exe
  C:\Windows\System\wNgrzUv.exe
  2⤵
  PID:6728
- C:\Windows\System\EtHXDKz.exe
  C:\Windows\System\EtHXDKz.exe
  2⤵
  PID:6748
- C:\Windows\System\IOOqkyN.exe
  C:\Windows\System\IOOqkyN.exe
  2⤵
  PID:6776
- C:\Windows\System\njpELNH.exe
  C:\Windows\System\njpELNH.exe
  2⤵
  PID:6796
- C:\Windows\System\bTwvRdG.exe
  C:\Windows\System\bTwvRdG.exe
  2⤵
  PID:6832
- C:\Windows\System\AcodtcH.exe
  C:\Windows\System\AcodtcH.exe
  2⤵
  PID:6848
- C:\Windows\System\TeJUkbO.exe
  C:\Windows\System\TeJUkbO.exe
  2⤵
  PID:6880
- C:\Windows\System\lvSReRQ.exe
  C:\Windows\System\lvSReRQ.exe
  2⤵
  PID:6904
- C:\Windows\System\OrriQGc.exe
  C:\Windows\System\OrriQGc.exe
  2⤵
  PID:6924
- C:\Windows\System\aYFGTQH.exe
  C:\Windows\System\aYFGTQH.exe
  2⤵
  PID:6956
- C:\Windows\System\PYsolJf.exe
  C:\Windows\System\PYsolJf.exe
  2⤵
  PID:7016
- C:\Windows\System\pKIkJwX.exe
  C:\Windows\System\pKIkJwX.exe
  2⤵
  PID:7036
- C:\Windows\System\fnWlhBO.exe
  C:\Windows\System\fnWlhBO.exe
  2⤵
  PID:7060
- C:\Windows\System\KcqXdui.exe
  C:\Windows\System\KcqXdui.exe
  2⤵
  PID:7080
- C:\Windows\System\abILBya.exe
  C:\Windows\System\abILBya.exe
  2⤵
  PID:7100
- C:\Windows\System\iRTMYfI.exe
  C:\Windows\System\iRTMYfI.exe
  2⤵
  PID:7124
- C:\Windows\System\RTgzfmq.exe
  C:\Windows\System\RTgzfmq.exe
  2⤵
  PID:7148
- C:\Windows\System\poebiWP.exe
  C:\Windows\System\poebiWP.exe
  2⤵
  PID:7164
- C:\Windows\System\VsiaKnH.exe
  C:\Windows\System\VsiaKnH.exe
  2⤵
  PID:1284
- C:\Windows\System\xfVoLsv.exe
  C:\Windows\System\xfVoLsv.exe
  2⤵
  PID:2040
- C:\Windows\System\gurPrPi.exe
  C:\Windows\System\gurPrPi.exe
  2⤵
  PID:5452
- C:\Windows\System\SjSPxfb.exe
  C:\Windows\System\SjSPxfb.exe
  2⤵
  PID:6160
- C:\Windows\System\xJDDjOP.exe
  C:\Windows\System\xJDDjOP.exe
  2⤵
  PID:6192
- C:\Windows\System\SNFVVvs.exe
  C:\Windows\System\SNFVVvs.exe
  2⤵
  PID:6256
- C:\Windows\System\kbNuDdZ.exe
  C:\Windows\System\kbNuDdZ.exe
  2⤵
  PID:6304
- C:\Windows\System\PUsSgfO.exe
  C:\Windows\System\PUsSgfO.exe
  2⤵
  PID:6456
- C:\Windows\System\BlOHJvr.exe
  C:\Windows\System\BlOHJvr.exe
  2⤵
  PID:6516
- C:\Windows\System\bYPxOds.exe
  C:\Windows\System\bYPxOds.exe
  2⤵
  PID:5304
- C:\Windows\System\AcmvYrH.exe
  C:\Windows\System\AcmvYrH.exe
  2⤵
  PID:2292
- C:\Windows\System\yKePyhp.exe
  C:\Windows\System\yKePyhp.exe
  2⤵
  PID:6620
- C:\Windows\System\gPgFNIh.exe
  C:\Windows\System\gPgFNIh.exe
  2⤵
  PID:5584
- C:\Windows\System\apIToTX.exe
  C:\Windows\System\apIToTX.exe
  2⤵
  PID:5780
- C:\Windows\System\RStDUMQ.exe
  C:\Windows\System\RStDUMQ.exe
  2⤵
  PID:6680
- C:\Windows\System\UoZrJaV.exe
  C:\Windows\System\UoZrJaV.exe
  2⤵
  PID:6716
- C:\Windows\System\KoYPAXj.exe
  C:\Windows\System\KoYPAXj.exe
  2⤵
  PID:6872
- C:\Windows\System\JltzPJp.exe
  C:\Windows\System\JltzPJp.exe
  2⤵
  PID:6916
- C:\Windows\System\ozpLcom.exe
  C:\Windows\System\ozpLcom.exe
  2⤵
  PID:6900
- C:\Windows\System\MOehIDS.exe
  C:\Windows\System\MOehIDS.exe
  2⤵
  PID:7000
- C:\Windows\System\ZVVqtdL.exe
  C:\Windows\System\ZVVqtdL.exe
  2⤵
  PID:3700
- C:\Windows\System\lhUHqFl.exe
  C:\Windows\System\lhUHqFl.exe
  2⤵
  PID:5476
- C:\Windows\System\TfqplPn.exe
  C:\Windows\System\TfqplPn.exe
  2⤵
  PID:5784
- C:\Windows\System\yMsyoFC.exe
  C:\Windows\System\yMsyoFC.exe
  2⤵
  PID:6568
- C:\Windows\System\UidLJYA.exe
  C:\Windows\System\UidLJYA.exe
  2⤵
  PID:5812
- C:\Windows\System\NQefLkk.exe
  C:\Windows\System\NQefLkk.exe
  2⤵
  PID:2284
- C:\Windows\System\SzlvXQX.exe
  C:\Windows\System\SzlvXQX.exe
  2⤵
  PID:6788
- C:\Windows\System\CGXXqJi.exe
  C:\Windows\System\CGXXqJi.exe
  2⤵
  PID:6840
- C:\Windows\System\cxGAikp.exe
  C:\Windows\System\cxGAikp.exe
  2⤵
  PID:7012
- C:\Windows\System\rVhEKgH.exe
  C:\Windows\System\rVhEKgH.exe
  2⤵
  PID:6952
- C:\Windows\System\fPhzwHn.exe
  C:\Windows\System\fPhzwHn.exe
  2⤵
  PID:6240
- C:\Windows\System\GDuLjsb.exe
  C:\Windows\System\GDuLjsb.exe
  2⤵
  PID:6316
- C:\Windows\System\GmuNUaZ.exe
  C:\Windows\System\GmuNUaZ.exe
  2⤵
  PID:5524
- C:\Windows\System\jRSvCmP.exe
  C:\Windows\System\jRSvCmP.exe
  2⤵
  PID:6724
- C:\Windows\System\ogmwcKJ.exe
  C:\Windows\System\ogmwcKJ.exe
  2⤵
  PID:7180
- C:\Windows\System\DZxhdZD.exe
  C:\Windows\System\DZxhdZD.exe
  2⤵
  PID:7204
- C:\Windows\System\ZubztEJ.exe
  C:\Windows\System\ZubztEJ.exe
  2⤵
  PID:7224
- C:\Windows\System\zYvHRHi.exe
  C:\Windows\System\zYvHRHi.exe
  2⤵
  PID:7260
- C:\Windows\System\PJQTWRg.exe
  C:\Windows\System\PJQTWRg.exe
  2⤵
  PID:7316
- C:\Windows\System\rZcwAQk.exe
  C:\Windows\System\rZcwAQk.exe
  2⤵
  PID:7364
- C:\Windows\System\QEpFvtL.exe
  C:\Windows\System\QEpFvtL.exe
  2⤵
  PID:7392
- C:\Windows\System\TBIhSYz.exe
  C:\Windows\System\TBIhSYz.exe
  2⤵
  PID:7412
- C:\Windows\System\aiHasGK.exe
  C:\Windows\System\aiHasGK.exe
  2⤵
  PID:7436
- C:\Windows\System\BANJxVk.exe
  C:\Windows\System\BANJxVk.exe
  2⤵
  PID:7460
- C:\Windows\System\STfstOi.exe
  C:\Windows\System\STfstOi.exe
  2⤵
  PID:7476
- C:\Windows\System\UNaJXuT.exe
  C:\Windows\System\UNaJXuT.exe
  2⤵
  PID:7492
- C:\Windows\System\uWtkPXm.exe
  C:\Windows\System\uWtkPXm.exe
  2⤵
  PID:7512
- C:\Windows\System\gBxWwMD.exe
  C:\Windows\System\gBxWwMD.exe
  2⤵
  PID:7568
- C:\Windows\System\FVFXLCA.exe
  C:\Windows\System\FVFXLCA.exe
  2⤵
  PID:7592
- C:\Windows\System\sosLWpl.exe
  C:\Windows\System\sosLWpl.exe
  2⤵
  PID:7620
- C:\Windows\System\tTTYpUp.exe
  C:\Windows\System\tTTYpUp.exe
  2⤵
  PID:7668
- C:\Windows\System\VndIcJL.exe
  C:\Windows\System\VndIcJL.exe
  2⤵
  PID:7684
- C:\Windows\System\GWzEcVw.exe
  C:\Windows\System\GWzEcVw.exe
  2⤵
  PID:7708
- C:\Windows\System\EPwZjmG.exe
  C:\Windows\System\EPwZjmG.exe
  2⤵
  PID:7732
- C:\Windows\System\JgpKRXg.exe
  C:\Windows\System\JgpKRXg.exe
  2⤵
  PID:7780
- C:\Windows\System\hKNpSpV.exe
  C:\Windows\System\hKNpSpV.exe
  2⤵
  PID:7824
- C:\Windows\System\pgxDUAm.exe
  C:\Windows\System\pgxDUAm.exe
  2⤵
  PID:7872
- C:\Windows\System\MKkheWg.exe
  C:\Windows\System\MKkheWg.exe
  2⤵
  PID:7900
- C:\Windows\System\LhAUCIJ.exe
  C:\Windows\System\LhAUCIJ.exe
  2⤵
  PID:7932
- C:\Windows\System\imHnuqv.exe
  C:\Windows\System\imHnuqv.exe
  2⤵
  PID:7948
- C:\Windows\System\ldRzngI.exe
  C:\Windows\System\ldRzngI.exe
  2⤵
  PID:7972
- C:\Windows\System\gOZJKKG.exe
  C:\Windows\System\gOZJKKG.exe
  2⤵
  PID:8000
- C:\Windows\System\oEqGXdr.exe
  C:\Windows\System\oEqGXdr.exe
  2⤵
  PID:8016
- C:\Windows\System\IOxBZJK.exe
  C:\Windows\System\IOxBZJK.exe
  2⤵
  PID:8040
- C:\Windows\System\GgDtbUW.exe
  C:\Windows\System\GgDtbUW.exe
  2⤵
  PID:8056
- C:\Windows\System\YpEhDqE.exe
  C:\Windows\System\YpEhDqE.exe
  2⤵
  PID:8076
- C:\Windows\System\OctsWsj.exe
  C:\Windows\System\OctsWsj.exe
  2⤵
  PID:8116
- C:\Windows\System\sgmFQXN.exe
  C:\Windows\System\sgmFQXN.exe
  2⤵
  PID:8156
- C:\Windows\System\zfOtkaQ.exe
  C:\Windows\System\zfOtkaQ.exe
  2⤵
  PID:8180
- C:\Windows\System\BqVfgNq.exe
  C:\Windows\System\BqVfgNq.exe
  2⤵
  PID:3004
- C:\Windows\System\SZcXuTE.exe
  C:\Windows\System\SZcXuTE.exe
  2⤵
  PID:5752
- C:\Windows\System\fGnzvof.exe
  C:\Windows\System\fGnzvof.exe
  2⤵
  PID:7200
- C:\Windows\System\GRMneSh.exe
  C:\Windows\System\GRMneSh.exe
  2⤵
  PID:7312
- C:\Windows\System\eOFJVCy.exe
  C:\Windows\System\eOFJVCy.exe
  2⤵
  PID:7452
- C:\Windows\System\SggTtNZ.exe
  C:\Windows\System\SggTtNZ.exe
  2⤵
  PID:7424
- C:\Windows\System\iudBtKv.exe
  C:\Windows\System\iudBtKv.exe
  2⤵
  PID:7600
- C:\Windows\System\wCEjMvR.exe
  C:\Windows\System\wCEjMvR.exe
  2⤵
  PID:7580
- C:\Windows\System\QURrKBP.exe
  C:\Windows\System\QURrKBP.exe
  2⤵
  PID:7656
- C:\Windows\System\zBsNaqY.exe
  C:\Windows\System\zBsNaqY.exe
  2⤵
  PID:7788
- C:\Windows\System\jhvlisp.exe
  C:\Windows\System\jhvlisp.exe
  2⤵
  PID:7804
- C:\Windows\System\pTRmevx.exe
  C:\Windows\System\pTRmevx.exe
  2⤵
  PID:7868
- C:\Windows\System\IOKxGDv.exe
  C:\Windows\System\IOKxGDv.exe
  2⤵
  PID:7940
- C:\Windows\System\BowsAFW.exe
  C:\Windows\System\BowsAFW.exe
  2⤵
  PID:7988
- C:\Windows\System\dufsYbf.exe
  C:\Windows\System\dufsYbf.exe
  2⤵
  PID:8068
- C:\Windows\System\eiyVIEl.exe
  C:\Windows\System\eiyVIEl.exe
  2⤵
  PID:8104
- C:\Windows\System\KVVlVHK.exe
  C:\Windows\System\KVVlVHK.exe
  2⤵
  PID:6936
- C:\Windows\System\IMPUedH.exe
  C:\Windows\System\IMPUedH.exe
  2⤵
  PID:7220
- C:\Windows\System\FoFKBxr.exe
  C:\Windows\System\FoFKBxr.exe
  2⤵
  PID:7428
- C:\Windows\System\NyGJpZk.exe
  C:\Windows\System\NyGJpZk.exe
  2⤵
  PID:7552
- C:\Windows\System\NCrZuCs.exe
  C:\Windows\System\NCrZuCs.exe
  2⤵
  PID:7716
- C:\Windows\System\MAxEzjV.exe
  C:\Windows\System\MAxEzjV.exe
  2⤵
  PID:7864
- C:\Windows\System\bMStSxq.exe
  C:\Windows\System\bMStSxq.exe
  2⤵
  PID:8072
- C:\Windows\System\jyYpyRZ.exe
  C:\Windows\System\jyYpyRZ.exe
  2⤵
  PID:8164
- C:\Windows\System\UzPYBWq.exe
  C:\Windows\System\UzPYBWq.exe
  2⤵
  PID:7372
- C:\Windows\System\XOHOfaF.exe
  C:\Windows\System\XOHOfaF.exe
  2⤵
  PID:7704
- C:\Windows\System\nZwsREi.exe
  C:\Windows\System\nZwsREi.exe
  2⤵
  PID:7236
- C:\Windows\System\YNpiEnH.exe
  C:\Windows\System\YNpiEnH.exe
  2⤵
  PID:7584
- C:\Windows\System\YvkLCdg.exe
  C:\Windows\System\YvkLCdg.exe
  2⤵
  PID:1716
- C:\Windows\System\ODYQkNL.exe
  C:\Windows\System\ODYQkNL.exe
  2⤵
  PID:8196
- C:\Windows\System\ZXBDQSW.exe
  C:\Windows\System\ZXBDQSW.exe
  2⤵
  PID:8216
- C:\Windows\System\VIwNKhx.exe
  C:\Windows\System\VIwNKhx.exe
  2⤵
  PID:8260
- C:\Windows\System\LhCWean.exe
  C:\Windows\System\LhCWean.exe
  2⤵
  PID:8280
- C:\Windows\System\jXZHDhz.exe
  C:\Windows\System\jXZHDhz.exe
  2⤵
  PID:8296
- C:\Windows\System\QdhKBUX.exe
  C:\Windows\System\QdhKBUX.exe
  2⤵
  PID:8312
- C:\Windows\System\hITRdCC.exe
  C:\Windows\System\hITRdCC.exe
  2⤵
  PID:8336
- C:\Windows\System\KacSHUe.exe
  C:\Windows\System\KacSHUe.exe
  2⤵
  PID:8364
- C:\Windows\System\FuvEgcH.exe
  C:\Windows\System\FuvEgcH.exe
  2⤵
  PID:8416
- C:\Windows\System\eHiNLyV.exe
  C:\Windows\System\eHiNLyV.exe
  2⤵
  PID:8436
- C:\Windows\System\qAAWNAk.exe
  C:\Windows\System\qAAWNAk.exe
  2⤵
  PID:8464
- C:\Windows\System\mVDdZqA.exe
  C:\Windows\System\mVDdZqA.exe
  2⤵
  PID:8568
- C:\Windows\System\NjtynpY.exe
  C:\Windows\System\NjtynpY.exe
  2⤵
  PID:8584
- C:\Windows\System\eHSAJQT.exe
  C:\Windows\System\eHSAJQT.exe
  2⤵
  PID:8640
- C:\Windows\System\JSAYgnd.exe
  C:\Windows\System\JSAYgnd.exe
  2⤵
  PID:8656
- C:\Windows\System\JdQsVBz.exe
  C:\Windows\System\JdQsVBz.exe
  2⤵
  PID:8672
- C:\Windows\System\duGZlbj.exe
  C:\Windows\System\duGZlbj.exe
  2⤵
  PID:8692
- C:\Windows\System\OEKrcrG.exe
  C:\Windows\System\OEKrcrG.exe
  2⤵
  PID:8712
- C:\Windows\System\qPzxfye.exe
  C:\Windows\System\qPzxfye.exe
  2⤵
  PID:8732
- C:\Windows\System\rHqpNDl.exe
  C:\Windows\System\rHqpNDl.exe
  2⤵
  PID:8784
- C:\Windows\System\hxxLObI.exe
  C:\Windows\System\hxxLObI.exe
  2⤵
  PID:8808
- C:\Windows\System\hAKJoso.exe
  C:\Windows\System\hAKJoso.exe
  2⤵
  PID:8824
- C:\Windows\System\ieCRVgG.exe
  C:\Windows\System\ieCRVgG.exe
  2⤵
  PID:8944
- C:\Windows\System\NbHvjby.exe
  C:\Windows\System\NbHvjby.exe
  2⤵
  PID:8984
- C:\Windows\System\mtOrkHL.exe
  C:\Windows\System\mtOrkHL.exe
  2⤵
  PID:9008
- C:\Windows\System\xXMWYeH.exe
  C:\Windows\System\xXMWYeH.exe
  2⤵
  PID:9028
- C:\Windows\System\cAfplgJ.exe
  C:\Windows\System\cAfplgJ.exe
  2⤵
  PID:9052
- C:\Windows\System\VKjVCyn.exe
  C:\Windows\System\VKjVCyn.exe
  2⤵
  PID:9072
- C:\Windows\System\IpJCPsn.exe
  C:\Windows\System\IpJCPsn.exe
  2⤵
  PID:9092
- C:\Windows\System\wJqoCPB.exe
  C:\Windows\System\wJqoCPB.exe
  2⤵
  PID:9116
- C:\Windows\System\RaEIKmk.exe
  C:\Windows\System\RaEIKmk.exe
  2⤵
  PID:9160
- C:\Windows\System\kHhZyXR.exe
  C:\Windows\System\kHhZyXR.exe
  2⤵
  PID:9192
- C:\Windows\System\AkvXaOd.exe
  C:\Windows\System\AkvXaOd.exe
  2⤵
  PID:8224
- C:\Windows\System\yKmCPXN.exe
  C:\Windows\System\yKmCPXN.exe
  2⤵
  PID:8272
- C:\Windows\System\tlWlbUR.exe
  C:\Windows\System\tlWlbUR.exe
  2⤵
  PID:8388
- C:\Windows\System\LqdtMwa.exe
  C:\Windows\System\LqdtMwa.exe
  2⤵
  PID:8448
- C:\Windows\System\kfcvbBv.exe
  C:\Windows\System\kfcvbBv.exe
  2⤵
  PID:8308
- C:\Windows\System\dUtRVgA.exe
  C:\Windows\System\dUtRVgA.exe
  2⤵
  PID:8488
- C:\Windows\System\aGauISd.exe
  C:\Windows\System\aGauISd.exe
  2⤵
  PID:8500
- C:\Windows\System\yhdfLCb.exe
  C:\Windows\System\yhdfLCb.exe
  2⤵
  PID:8516
- C:\Windows\System\TjCOjPV.exe
  C:\Windows\System\TjCOjPV.exe
  2⤵
  PID:8624
- C:\Windows\System\VHQeyHT.exe
  C:\Windows\System\VHQeyHT.exe
  2⤵
  PID:8576
- C:\Windows\System\tJqStso.exe
  C:\Windows\System\tJqStso.exe
  2⤵
  PID:8636
- C:\Windows\System\iVeCxrR.exe
  C:\Windows\System\iVeCxrR.exe
  2⤵
  PID:8684
- C:\Windows\System\mRBcvXV.exe
  C:\Windows\System\mRBcvXV.exe
  2⤵
  PID:8792
- C:\Windows\System\cvOdOup.exe
  C:\Windows\System\cvOdOup.exe
  2⤵
  PID:8752
- C:\Windows\System\SIKtZVN.exe
  C:\Windows\System\SIKtZVN.exe
  2⤵
  PID:8876
- C:\Windows\System\YAqwsIu.exe
  C:\Windows\System\YAqwsIu.exe
  2⤵
  PID:8976
- C:\Windows\System\yMyJhnM.exe
  C:\Windows\System\yMyJhnM.exe
  2⤵
  PID:8996
- C:\Windows\System\RMlqlbP.exe
  C:\Windows\System\RMlqlbP.exe
  2⤵
  PID:9084
- C:\Windows\System\BnlFrOa.exe
  C:\Windows\System\BnlFrOa.exe
  2⤵
  PID:9136
- C:\Windows\System\uEFaJUQ.exe
  C:\Windows\System\uEFaJUQ.exe
  2⤵
  PID:9112
- C:\Windows\System\TiKjWmn.exe
  C:\Windows\System\TiKjWmn.exe
  2⤵
  PID:9212
- C:\Windows\System\udgDZog.exe
  C:\Windows\System\udgDZog.exe
  2⤵
  PID:8332
- C:\Windows\System\GmHvbnB.exe
  C:\Windows\System\GmHvbnB.exe
  2⤵
  PID:8384
- C:\Windows\System\ylrAUWj.exe
  C:\Windows\System\ylrAUWj.exe
  2⤵
  PID:8580
- C:\Windows\System\wghhEeS.exe
  C:\Windows\System\wghhEeS.exe
  2⤵
  PID:1484
- C:\Windows\System\EUJaSSt.exe
  C:\Windows\System\EUJaSSt.exe
  2⤵
  PID:8728
- C:\Windows\System\jfPgdxF.exe
  C:\Windows\System\jfPgdxF.exe
  2⤵
  PID:8940
- C:\Windows\System\RANktkQ.exe
  C:\Windows\System\RANktkQ.exe
  2⤵
  PID:9016
- C:\Windows\System\rKjLssI.exe
  C:\Windows\System\rKjLssI.exe
  2⤵
  PID:9080
- C:\Windows\System\KsEqXrR.exe
  C:\Windows\System\KsEqXrR.exe
  2⤵
  PID:8412
- C:\Windows\System\dPcLtaM.exe
  C:\Windows\System\dPcLtaM.exe
  2⤵
  PID:8532
- C:\Windows\System\zCcVNkC.exe
  C:\Windows\System\zCcVNkC.exe
  2⤵
  PID:8852
- C:\Windows\System\fpifQVv.exe
  C:\Windows\System\fpifQVv.exe
  2⤵
  PID:9100
- C:\Windows\System\KTlkMVI.exe
  C:\Windows\System\KTlkMVI.exe
  2⤵
  PID:8564
- C:\Windows\System\WHQnNAa.exe
  C:\Windows\System\WHQnNAa.exe
  2⤵
  PID:9228
- C:\Windows\System\rZYKkVO.exe
  C:\Windows\System\rZYKkVO.exe
  2⤵
  PID:9252
- C:\Windows\System\oFpxQUS.exe
  C:\Windows\System\oFpxQUS.exe
  2⤵
  PID:9272
- C:\Windows\System\KijQNfK.exe
  C:\Windows\System\KijQNfK.exe
  2⤵
  PID:9300
- C:\Windows\System\oLeUbMj.exe
  C:\Windows\System\oLeUbMj.exe
  2⤵
  PID:9320
- C:\Windows\System\afppLLa.exe
  C:\Windows\System\afppLLa.exe
  2⤵
  PID:9352
- C:\Windows\System\PdDphzW.exe
  C:\Windows\System\PdDphzW.exe
  2⤵
  PID:9372
- C:\Windows\System\mgrUCAY.exe
  C:\Windows\System\mgrUCAY.exe
  2⤵
  PID:9416
- C:\Windows\System\rdfDEde.exe
  C:\Windows\System\rdfDEde.exe
  2⤵
  PID:9436
- C:\Windows\System\MUowYzg.exe
  C:\Windows\System\MUowYzg.exe
  2⤵
  PID:9456
- C:\Windows\System\dhHPCZG.exe
  C:\Windows\System\dhHPCZG.exe
  2⤵
  PID:9476
- C:\Windows\System\xZMrdPb.exe
  C:\Windows\System\xZMrdPb.exe
  2⤵
  PID:9500
- C:\Windows\System\QKnNdkA.exe
  C:\Windows\System\QKnNdkA.exe
  2⤵
  PID:9516
- C:\Windows\System\ATHSqTS.exe
  C:\Windows\System\ATHSqTS.exe
  2⤵
  PID:9536
- C:\Windows\System\hDlWHkO.exe
  C:\Windows\System\hDlWHkO.exe
  2⤵
  PID:9560
- C:\Windows\System\BjTdhuq.exe
  C:\Windows\System\BjTdhuq.exe
  2⤵
  PID:9612
- C:\Windows\System\bJJFRRr.exe
  C:\Windows\System\bJJFRRr.exe
  2⤵
  PID:9632
- C:\Windows\System\QlhcTCv.exe
  C:\Windows\System\QlhcTCv.exe
  2⤵
  PID:9652
- C:\Windows\System\qWzJFSg.exe
  C:\Windows\System\qWzJFSg.exe
  2⤵
  PID:9688
- C:\Windows\System\OHvYaez.exe
  C:\Windows\System\OHvYaez.exe
  2⤵
  PID:9732
- C:\Windows\System\ybvrTUh.exe
  C:\Windows\System\ybvrTUh.exe
  2⤵
  PID:9764
- C:\Windows\System\aQnALnM.exe
  C:\Windows\System\aQnALnM.exe
  2⤵
  PID:9784
- C:\Windows\System\AsMuvDC.exe
  C:\Windows\System\AsMuvDC.exe
  2⤵
  PID:9808
- C:\Windows\System\TbRZXXA.exe
  C:\Windows\System\TbRZXXA.exe
  2⤵
  PID:9828
- C:\Windows\System\dUkRKsr.exe
  C:\Windows\System\dUkRKsr.exe
  2⤵
  PID:9852
- C:\Windows\System\hMqluzy.exe
  C:\Windows\System\hMqluzy.exe
  2⤵
  PID:9880
- C:\Windows\System\pYGTqxj.exe
  C:\Windows\System\pYGTqxj.exe
  2⤵
  PID:9904
- C:\Windows\System\Jcpqfgo.exe
  C:\Windows\System\Jcpqfgo.exe
  2⤵
  PID:9924
- C:\Windows\System\sbRHeNv.exe
  C:\Windows\System\sbRHeNv.exe
  2⤵
  PID:9980
- C:\Windows\System\xCgRVrL.exe
  C:\Windows\System\xCgRVrL.exe
  2⤵
  PID:10028
- C:\Windows\System\hAxffgK.exe
  C:\Windows\System\hAxffgK.exe
  2⤵
  PID:10056
- C:\Windows\System\OoSswkb.exe
  C:\Windows\System\OoSswkb.exe
  2⤵
  PID:10076
- C:\Windows\System\YohjWJy.exe
  C:\Windows\System\YohjWJy.exe
  2⤵
  PID:10100
- C:\Windows\System\kReCFMw.exe
  C:\Windows\System\kReCFMw.exe
  2⤵
  PID:10148
- C:\Windows\System\QWbYXha.exe
  C:\Windows\System\QWbYXha.exe
  2⤵
  PID:10176
- C:\Windows\System\bXoVrWZ.exe
  C:\Windows\System\bXoVrWZ.exe
  2⤵
  PID:10196
- C:\Windows\System\djtpbCH.exe
  C:\Windows\System\djtpbCH.exe
  2⤵
  PID:10228
- C:\Windows\System\rAjvhcJ.exe
  C:\Windows\System\rAjvhcJ.exe
  2⤵
  PID:9268
- C:\Windows\System\jtFMvqT.exe
  C:\Windows\System\jtFMvqT.exe
  2⤵
  PID:9408
- C:\Windows\System\ncLjzdF.exe
  C:\Windows\System\ncLjzdF.exe
  2⤵
  PID:9452
- C:\Windows\System\jgCnNoU.exe
  C:\Windows\System\jgCnNoU.exe
  2⤵
  PID:9548
- C:\Windows\System\bZbFdmF.exe
  C:\Windows\System\bZbFdmF.exe
  2⤵
  PID:9552
- C:\Windows\System\XVXhUzB.exe
  C:\Windows\System\XVXhUzB.exe
  2⤵
  PID:9696
- C:\Windows\System\JRAvyiB.exe
  C:\Windows\System\JRAvyiB.exe
  2⤵
  PID:9744
- C:\Windows\System\PzrMFuo.exe
  C:\Windows\System\PzrMFuo.exe
  2⤵
  PID:9776
- C:\Windows\System\GWExhvo.exe
  C:\Windows\System\GWExhvo.exe
  2⤵
  PID:9800
- C:\Windows\System\JjitzZg.exe
  C:\Windows\System\JjitzZg.exe
  2⤵
  PID:9888
- C:\Windows\System\oZmYLMp.exe
  C:\Windows\System\oZmYLMp.exe
  2⤵
  PID:10024
- C:\Windows\System\JhHfZCg.exe
  C:\Windows\System\JhHfZCg.exe
  2⤵
  PID:10052
- C:\Windows\System\BtqHHXh.exe
  C:\Windows\System\BtqHHXh.exe
  2⤵
  PID:10092
- C:\Windows\System\jwARNKX.exe
  C:\Windows\System\jwARNKX.exe
  2⤵
  PID:10204
- C:\Windows\System\cChaoFx.exe
  C:\Windows\System\cChaoFx.exe
  2⤵
  PID:9248
- C:\Windows\System\mExddWt.exe
  C:\Windows\System\mExddWt.exe
  2⤵
  PID:9472
- C:\Windows\System\xZxZOpP.exe
  C:\Windows\System\xZxZOpP.exe
  2⤵
  PID:1800
- C:\Windows\System\YWmCpOx.exe
  C:\Windows\System\YWmCpOx.exe
  2⤵
  PID:9524
- C:\Windows\System\cUkroXR.exe
  C:\Windows\System\cUkroXR.exe
  2⤵
  PID:9860
- C:\Windows\System\UVJALQs.exe
  C:\Windows\System\UVJALQs.exe
  2⤵
  PID:8428
- C:\Windows\System\pYQIyPM.exe
  C:\Windows\System\pYQIyPM.exe
  2⤵
  PID:10036
- C:\Windows\System\FquqQkm.exe
  C:\Windows\System\FquqQkm.exe
  2⤵
  PID:10136
- C:\Windows\System\WcmOTRV.exe
  C:\Windows\System\WcmOTRV.exe
  2⤵
  PID:10216
- C:\Windows\System\iPXPTAS.exe
  C:\Windows\System\iPXPTAS.exe
  2⤵
  PID:9296
- C:\Windows\System\HRCRPlX.exe
  C:\Windows\System\HRCRPlX.exe
  2⤵
  PID:9724
- C:\Windows\System\MdYbKOc.exe
  C:\Windows\System\MdYbKOc.exe
  2⤵
  PID:5088
- C:\Windows\System\OlKhJgn.exe
  C:\Windows\System\OlKhJgn.exe
  2⤵
  PID:10156
- C:\Windows\System\IyCcPWz.exe
  C:\Windows\System\IyCcPWz.exe
  2⤵
  PID:1428
- C:\Windows\System\mHLdElQ.exe
  C:\Windows\System\mHLdElQ.exe
  2⤵
  PID:10268
- C:\Windows\System\CAbtwVx.exe
  C:\Windows\System\CAbtwVx.exe
  2⤵
  PID:10292
- C:\Windows\System\BrIlgBd.exe
  C:\Windows\System\BrIlgBd.exe
  2⤵
  PID:10308
- C:\Windows\System\ThEmvLi.exe
  C:\Windows\System\ThEmvLi.exe
  2⤵
  PID:10344
- C:\Windows\System\ANQJOdi.exe
  C:\Windows\System\ANQJOdi.exe
  2⤵
  PID:10360
- C:\Windows\System\VmnljWc.exe
  C:\Windows\System\VmnljWc.exe
  2⤵
  PID:10392
- C:\Windows\System\WMMvqON.exe
  C:\Windows\System\WMMvqON.exe
  2⤵
  PID:10420
- C:\Windows\System\CPssSEH.exe
  C:\Windows\System\CPssSEH.exe
  2⤵
  PID:10460
- C:\Windows\System\MJaulYd.exe
  C:\Windows\System\MJaulYd.exe
  2⤵
  PID:10484
- C:\Windows\System\FQvcJkd.exe
  C:\Windows\System\FQvcJkd.exe
  2⤵
  PID:10520
- C:\Windows\System\tPhPIgH.exe
  C:\Windows\System\tPhPIgH.exe
  2⤵
  PID:10544
- C:\Windows\System\adOpHXF.exe
  C:\Windows\System\adOpHXF.exe
  2⤵
  PID:10568
- C:\Windows\System\kFISjIw.exe
  C:\Windows\System\kFISjIw.exe
  2⤵
  PID:10592
- C:\Windows\System\RMkeeMz.exe
  C:\Windows\System\RMkeeMz.exe
  2⤵
  PID:10612
- C:\Windows\System\kuxjQdh.exe
  C:\Windows\System\kuxjQdh.exe
  2⤵
  PID:10644
- C:\Windows\System\WMFFKva.exe
  C:\Windows\System\WMFFKva.exe
  2⤵
  PID:10660
- C:\Windows\System\dBjbXlf.exe
  C:\Windows\System\dBjbXlf.exe
  2⤵
  PID:10684
- C:\Windows\System\hxImYrM.exe
  C:\Windows\System\hxImYrM.exe
  2⤵
  PID:10704
- C:\Windows\System\MGVYjiG.exe
  C:\Windows\System\MGVYjiG.exe
  2⤵
  PID:10768
- C:\Windows\System\BOgpVxF.exe
  C:\Windows\System\BOgpVxF.exe
  2⤵
  PID:10792
- C:\Windows\System\puCuhNl.exe
  C:\Windows\System\puCuhNl.exe
  2⤵
  PID:10852
- C:\Windows\System\tiKZvYs.exe
  C:\Windows\System\tiKZvYs.exe
  2⤵
  PID:10872
- C:\Windows\System\ZSOcUxc.exe
  C:\Windows\System\ZSOcUxc.exe
  2⤵
  PID:10900
- C:\Windows\System\OMiyJOh.exe
  C:\Windows\System\OMiyJOh.exe
  2⤵
  PID:10920
- C:\Windows\System\IgsVokr.exe
  C:\Windows\System\IgsVokr.exe
  2⤵
  PID:10948
- C:\Windows\System\PCymsNM.exe
  C:\Windows\System\PCymsNM.exe
  2⤵
  PID:10968
- C:\Windows\System\PUCNHLP.exe
  C:\Windows\System\PUCNHLP.exe
  2⤵
  PID:10988
- C:\Windows\System\SmyRKwF.exe
  C:\Windows\System\SmyRKwF.exe
  2⤵
  PID:11012
- C:\Windows\System\DKakitQ.exe
  C:\Windows\System\DKakitQ.exe
  2⤵
  PID:11028
- C:\Windows\System\cBXuZfx.exe
  C:\Windows\System\cBXuZfx.exe
  2⤵
  PID:11048
- C:\Windows\System\aEDNtdT.exe
  C:\Windows\System\aEDNtdT.exe
  2⤵
  PID:11072
- C:\Windows\System\JIeKAUP.exe
  C:\Windows\System\JIeKAUP.exe
  2⤵
  PID:11104
- C:\Windows\System\BOOfzUp.exe
  C:\Windows\System\BOOfzUp.exe
  2⤵
  PID:11128
- C:\Windows\System\AVkKnQZ.exe
  C:\Windows\System\AVkKnQZ.exe
  2⤵
  PID:11148
- C:\Windows\System\bGaSXoe.exe
  C:\Windows\System\bGaSXoe.exe
  2⤵
  PID:11172
- C:\Windows\System\vCLzLHY.exe
  C:\Windows\System\vCLzLHY.exe
  2⤵
  PID:11196
- C:\Windows\System\dQcYNdn.exe
  C:\Windows\System\dQcYNdn.exe
  2⤵
  PID:11252
- C:\Windows\System\GaPrwqI.exe
  C:\Windows\System\GaPrwqI.exe
  2⤵
  PID:9896
- C:\Windows\System\oPGomMx.exe
  C:\Windows\System\oPGomMx.exe
  2⤵
  PID:10332
- C:\Windows\System\OFwOBDY.exe
  C:\Windows\System\OFwOBDY.exe
  2⤵
  PID:10404
- C:\Windows\System\TPwAytr.exe
  C:\Windows\System\TPwAytr.exe
  2⤵
  PID:10552
- C:\Windows\System\kSUEAty.exe
  C:\Windows\System\kSUEAty.exe
  2⤵
  PID:10516
- C:\Windows\System\kwkGEJi.exe
  C:\Windows\System\kwkGEJi.exe
  2⤵
  PID:10584
- C:\Windows\System\LxAimpA.exe
  C:\Windows\System\LxAimpA.exe
  2⤵
  PID:10604
- C:\Windows\System\EdQUJVH.exe
  C:\Windows\System\EdQUJVH.exe
  2⤵
  PID:10740
- C:\Windows\System\kxpxfYb.exe
  C:\Windows\System\kxpxfYb.exe
  2⤵
  PID:10732
- C:\Windows\System\ipcGGqY.exe
  C:\Windows\System\ipcGGqY.exe
  2⤵
  PID:10884
- C:\Windows\System\mkKXNRT.exe
  C:\Windows\System\mkKXNRT.exe
  2⤵
  PID:10864
- C:\Windows\System\TNGchKA.exe
  C:\Windows\System\TNGchKA.exe
  2⤵
  PID:11044
- C:\Windows\System\oKTorMf.exe
  C:\Windows\System\oKTorMf.exe
  2⤵
  PID:11204
- C:\Windows\System\vYRXWxS.exe
  C:\Windows\System\vYRXWxS.exe
  2⤵
  PID:11116
- C:\Windows\System\ZNCCUlD.exe
  C:\Windows\System\ZNCCUlD.exe
  2⤵
  PID:9528
- C:\Windows\System\MFAIKTX.exe
  C:\Windows\System\MFAIKTX.exe
  2⤵
  PID:10508
- C:\Windows\System\DXCqIrq.exe
  C:\Windows\System\DXCqIrq.exe
  2⤵
  PID:10328
- C:\Windows\System\zZrwDhk.exe
  C:\Windows\System\zZrwDhk.exe
  2⤵
  PID:10540
- C:\Windows\System\nEVuBFw.exe
  C:\Windows\System\nEVuBFw.exe
  2⤵
  PID:10964
- C:\Windows\System\bOSzwOq.exe
  C:\Windows\System\bOSzwOq.exe
  2⤵
  PID:10828
- C:\Windows\System\QLuWUDN.exe
  C:\Windows\System\QLuWUDN.exe
  2⤵
  PID:10944
- C:\Windows\System\vAiEGBM.exe
  C:\Windows\System\vAiEGBM.exe
  2⤵
  PID:11120
- C:\Windows\System\lNqHrIf.exe
  C:\Windows\System\lNqHrIf.exe
  2⤵
  PID:10472
- C:\Windows\System\rtHCAYl.exe
  C:\Windows\System\rtHCAYl.exe
  2⤵
  PID:10452
- C:\Windows\System\HsaJNzM.exe
  C:\Windows\System\HsaJNzM.exe
  2⤵
  PID:10116
- C:\Windows\System\RrCScIY.exe
  C:\Windows\System\RrCScIY.exe
  2⤵
  PID:11332
- C:\Windows\System\vGNSxfI.exe
  C:\Windows\System\vGNSxfI.exe
  2⤵
  PID:11364
- C:\Windows\System\czFPJRH.exe
  C:\Windows\System\czFPJRH.exe
  2⤵
  PID:11392
- C:\Windows\System\uoTjItV.exe
  C:\Windows\System\uoTjItV.exe
  2⤵
  PID:11420
- C:\Windows\System\FJnriik.exe
  C:\Windows\System\FJnriik.exe
  2⤵
  PID:11460
- C:\Windows\System\MRuBbew.exe
  C:\Windows\System\MRuBbew.exe
  2⤵
  PID:11488
- C:\Windows\System\LbmgIxR.exe
  C:\Windows\System\LbmgIxR.exe
  2⤵
  PID:11512
- C:\Windows\System\phgteWT.exe
  C:\Windows\System\phgteWT.exe
  2⤵
  PID:11528
- C:\Windows\System\NOxVvmZ.exe
  C:\Windows\System\NOxVvmZ.exe
  2⤵
  PID:11556
- C:\Windows\System\ZWXwnuR.exe
  C:\Windows\System\ZWXwnuR.exe
  2⤵
  PID:11588
- C:\Windows\System\oQfVHZE.exe
  C:\Windows\System\oQfVHZE.exe
  2⤵
  PID:11616
- C:\Windows\System\UzhMWSz.exe
  C:\Windows\System\UzhMWSz.exe
  2⤵
  PID:11644
- C:\Windows\System\yvMFaso.exe
  C:\Windows\System\yvMFaso.exe
  2⤵
  PID:11684
- C:\Windows\System\UzBxvBo.exe
  C:\Windows\System\UzBxvBo.exe
  2⤵
  PID:11708
- C:\Windows\System\ttrITfr.exe
  C:\Windows\System\ttrITfr.exe
  2⤵
  PID:11736
- C:\Windows\System\LKLGyeH.exe
  C:\Windows\System\LKLGyeH.exe
  2⤵
  PID:11752
- C:\Windows\System\iTulLpS.exe
  C:\Windows\System\iTulLpS.exe
  2⤵
  PID:11772
- C:\Windows\System\FDgAKfA.exe
  C:\Windows\System\FDgAKfA.exe
  2⤵
  PID:11792
- C:\Windows\System\ZRWqwcN.exe
  C:\Windows\System\ZRWqwcN.exe
  2⤵
  PID:11812
- C:\Windows\System\QgCQqbE.exe
  C:\Windows\System\QgCQqbE.exe
  2⤵
  PID:11844
- C:\Windows\System\EmVRfll.exe
  C:\Windows\System\EmVRfll.exe
  2⤵
  PID:11868
- C:\Windows\System\gwyKtew.exe
  C:\Windows\System\gwyKtew.exe
  2⤵
  PID:11884
- C:\Windows\System\RRbRnSD.exe
  C:\Windows\System\RRbRnSD.exe
  2⤵
  PID:11900
- C:\Windows\System\FiFzpVM.exe
  C:\Windows\System\FiFzpVM.exe
  2⤵
  PID:11916
- C:\Windows\System\tzMOBzC.exe
  C:\Windows\System\tzMOBzC.exe
  2⤵
  PID:11988
- C:\Windows\System\xlLZMSv.exe
  C:\Windows\System\xlLZMSv.exe
  2⤵
  PID:12012
- C:\Windows\System\zIKcPqq.exe
  C:\Windows\System\zIKcPqq.exe
  2⤵
  PID:12040
- C:\Windows\System\nKTnBrE.exe
  C:\Windows\System\nKTnBrE.exe
  2⤵
  PID:12064
- C:\Windows\System\roqFiYb.exe
  C:\Windows\System\roqFiYb.exe
  2⤵
  PID:12088
- C:\Windows\System\zwrHQYp.exe
  C:\Windows\System\zwrHQYp.exe
  2⤵
  PID:12112
- C:\Windows\System\vKpkvOu.exe
  C:\Windows\System\vKpkvOu.exe
  2⤵
  PID:12136
- C:\Windows\System\EWthQWO.exe
  C:\Windows\System\EWthQWO.exe
  2⤵
  PID:12156
- C:\Windows\System\AeYFEzu.exe
  C:\Windows\System\AeYFEzu.exe
  2⤵
  PID:12216
- C:\Windows\System\bcBrJuo.exe
  C:\Windows\System\bcBrJuo.exe
  2⤵
  PID:12236
- C:\Windows\System\EiTPmQf.exe
  C:\Windows\System\EiTPmQf.exe
  2⤵
  PID:12256
- C:\Windows\System\yRTnqtZ.exe
  C:\Windows\System\yRTnqtZ.exe
  2⤵
  PID:11008
- C:\Windows\System\IbWlfDv.exe
  C:\Windows\System\IbWlfDv.exe
  2⤵
  PID:11276
- C:\Windows\System\YcaKMlm.exe
  C:\Windows\System\YcaKMlm.exe
  2⤵
  PID:11356
- C:\Windows\System\sNyXVUd.exe
  C:\Windows\System\sNyXVUd.exe
  2⤵
  PID:10780
- C:\Windows\System\wdahZia.exe
  C:\Windows\System\wdahZia.exe
  2⤵
  PID:11468
- C:\Windows\System\QhKUlnv.exe
  C:\Windows\System\QhKUlnv.exe
  2⤵
  PID:11552
- C:\Windows\System\WqdOMMM.exe
  C:\Windows\System\WqdOMMM.exe
  2⤵
  PID:11600
- C:\Windows\System\CoeuMFg.exe
  C:\Windows\System\CoeuMFg.exe
  2⤵
  PID:11640
- C:\Windows\System\rHcUPie.exe
  C:\Windows\System\rHcUPie.exe
  2⤵
  PID:11672
- C:\Windows\System\LzxDSSu.exe
  C:\Windows\System\LzxDSSu.exe
  2⤵
  PID:11724
- C:\Windows\System\uaJYYAy.exe
  C:\Windows\System\uaJYYAy.exe
  2⤵
  PID:11892
- C:\Windows\System\UcOBAVV.exe
  C:\Windows\System\UcOBAVV.exe
  2⤵
  PID:11952
- C:\Windows\System\mtchgAH.exe
  C:\Windows\System\mtchgAH.exe
  2⤵
  PID:12128
- C:\Windows\System\HrVkqUK.exe
  C:\Windows\System\HrVkqUK.exe
  2⤵
  PID:12168
- C:\Windows\System\EvDoZjV.exe
  C:\Windows\System\EvDoZjV.exe
  2⤵
  PID:12124
- C:\Windows\System\BMvEVax.exe
  C:\Windows\System\BMvEVax.exe
  2⤵
  PID:12104
- C:\Windows\System\GWtRFFU.exe
  C:\Windows\System\GWtRFFU.exe
  2⤵
  PID:10756
- C:\Windows\System\jySqATP.exe
  C:\Windows\System\jySqATP.exe
  2⤵
  PID:11432
- C:\Windows\System\HIPzpdz.exe
  C:\Windows\System\HIPzpdz.exe
  2⤵
  PID:11380
- C:\Windows\System\haPxlbL.exe
  C:\Windows\System\haPxlbL.exe
  2⤵
  PID:11476
- C:\Windows\System\ZjXiAhd.exe
  C:\Windows\System\ZjXiAhd.exe
  2⤵
  PID:11744
- C:\Windows\System\JmzwfHN.exe
  C:\Windows\System\JmzwfHN.exe
  2⤵
  PID:11864
- C:\Windows\System\OLLmldM.exe
  C:\Windows\System\OLLmldM.exe
  2⤵
  PID:12056
- C:\Windows\System\dCtSszS.exe
  C:\Windows\System\dCtSszS.exe
  2⤵
  PID:12152
- C:\Windows\System\clVXeQP.exe
  C:\Windows\System\clVXeQP.exe
  2⤵
  PID:11452
- C:\Windows\System\kolDJsf.exe
  C:\Windows\System\kolDJsf.exe
  2⤵
  PID:12072
- C:\Windows\System\kXhnrsW.exe
  C:\Windows\System\kXhnrsW.exe
  2⤵
  PID:11096
- C:\Windows\System\JCRRsTn.exe
  C:\Windows\System\JCRRsTn.exe
  2⤵
  PID:12020
- C:\Windows\System\eyUQQta.exe
  C:\Windows\System\eyUQQta.exe
  2⤵
  PID:12292
- C:\Windows\System\DPLmDAo.exe
  C:\Windows\System\DPLmDAo.exe
  2⤵
  PID:12316
- C:\Windows\System\QaLpyje.exe
  C:\Windows\System\QaLpyje.exe
  2⤵
  PID:12340
- C:\Windows\System\BykCDmd.exe
  C:\Windows\System\BykCDmd.exe
  2⤵
  PID:12372
- C:\Windows\System\aVVWSYU.exe
  C:\Windows\System\aVVWSYU.exe
  2⤵
  PID:12392
- C:\Windows\System\DAbnDVH.exe
  C:\Windows\System\DAbnDVH.exe
  2⤵
  PID:12412
- C:\Windows\System\JINGJej.exe
  C:\Windows\System\JINGJej.exe
  2⤵
  PID:12440
- C:\Windows\System\jGFDxwZ.exe
  C:\Windows\System\jGFDxwZ.exe
  2⤵
  PID:12464
- C:\Windows\System\dEAJKrB.exe
  C:\Windows\System\dEAJKrB.exe
  2⤵
  PID:12484
- C:\Windows\System\KnTvppW.exe
  C:\Windows\System\KnTvppW.exe
  2⤵
  PID:12512
- C:\Windows\System\iFlBzej.exe
  C:\Windows\System\iFlBzej.exe
  2⤵
  PID:12532
- C:\Windows\System\ufxzlMO.exe
  C:\Windows\System\ufxzlMO.exe
  2⤵
  PID:12552
- C:\Windows\System\HvBpWWe.exe
  C:\Windows\System\HvBpWWe.exe
  2⤵
  PID:12596
- C:\Windows\System\IKhZfHY.exe
  C:\Windows\System\IKhZfHY.exe
  2⤵
  PID:12632
- C:\Windows\System\orYJIxi.exe
  C:\Windows\System\orYJIxi.exe
  2⤵
  PID:12656
- C:\Windows\System\YAsHtxK.exe
  C:\Windows\System\YAsHtxK.exe
  2⤵
  PID:12676
- C:\Windows\System\YAnRfoA.exe
  C:\Windows\System\YAnRfoA.exe
  2⤵
  PID:12744
- C:\Windows\System\bGsGAqt.exe
  C:\Windows\System\bGsGAqt.exe
  2⤵
  PID:12764
- C:\Windows\System\CuYsqOG.exe
  C:\Windows\System\CuYsqOG.exe
  2⤵
  PID:12784
- C:\Windows\System\vDlMach.exe
  C:\Windows\System\vDlMach.exe
  2⤵
  PID:12832
- C:\Windows\System\VzTLbJR.exe
  C:\Windows\System\VzTLbJR.exe
  2⤵
  PID:12860
- C:\Windows\System\EbfYBXR.exe
  C:\Windows\System\EbfYBXR.exe
  2⤵
  PID:12880
- C:\Windows\System\dpLvWdx.exe
  C:\Windows\System\dpLvWdx.exe
  2⤵
  PID:12920
- C:\Windows\System\KkyGspx.exe
  C:\Windows\System\KkyGspx.exe
  2⤵
  PID:12944
- C:\Windows\System\JZrQzzq.exe
  C:\Windows\System\JZrQzzq.exe
  2⤵
  PID:12964
- C:\Windows\System\JqZgsyO.exe
  C:\Windows\System\JqZgsyO.exe
  2⤵
  PID:12988
- C:\Windows\System\pOGBTBR.exe
  C:\Windows\System\pOGBTBR.exe
  2⤵
  PID:13020
- C:\Windows\System\gGdzHUj.exe
  C:\Windows\System\gGdzHUj.exe
  2⤵
  PID:13040
- C:\Windows\System\bdvmNwx.exe
  C:\Windows\System\bdvmNwx.exe
  2⤵
  PID:13072
- C:\Windows\System\nFrDYJm.exe
  C:\Windows\System\nFrDYJm.exe
  2⤵
  PID:13100
- C:\Windows\System\YNMAfRj.exe
  C:\Windows\System\YNMAfRj.exe
  2⤵
  PID:13124
- C:\Windows\System\fTbdyCE.exe
  C:\Windows\System\fTbdyCE.exe
  2⤵
  PID:13148
- C:\Windows\System\KJQXxDh.exe
  C:\Windows\System\KJQXxDh.exe
  2⤵
  PID:13168
- C:\Windows\System\OQwBACG.exe
  C:\Windows\System\OQwBACG.exe
  2⤵
  PID:13184
- C:\Windows\System\eFqpOzZ.exe
  C:\Windows\System\eFqpOzZ.exe
  2⤵
  PID:13216
- C:\Windows\System\XtkLyKw.exe
  C:\Windows\System\XtkLyKw.exe
  2⤵
  PID:13240
- C:\Windows\System\FqNAQFk.exe
  C:\Windows\System\FqNAQFk.exe
  2⤵
  PID:13264
- C:\Windows\System\uIYZRmp.exe
  C:\Windows\System\uIYZRmp.exe
  2⤵
  PID:13300
- C:\Windows\System\UQszOvD.exe
  C:\Windows\System\UQszOvD.exe
  2⤵
  PID:12332
- C:\Windows\System\FSfAcHP.exe
  C:\Windows\System\FSfAcHP.exe
  2⤵
  PID:12428
- C:\Windows\System\BCAewDH.exe
  C:\Windows\System\BCAewDH.exe
  2⤵
  PID:12608
- C:\Windows\System\MxJsCnI.exe
  C:\Windows\System\MxJsCnI.exe
  2⤵
  PID:12568
- C:\Windows\System\nEXwSII.exe
  C:\Windows\System\nEXwSII.exe
  2⤵
  PID:12628
- C:\Windows\System\BcnLrCr.exe
  C:\Windows\System\BcnLrCr.exe
  2⤵
  PID:12648
- C:\Windows\System\LltyNSX.exe
  C:\Windows\System\LltyNSX.exe
  2⤵
  PID:12736
- C:\Windows\System\wMtivCT.exe
  C:\Windows\System\wMtivCT.exe
  2⤵
  PID:12804
- C:\Windows\System\gZqNzUD.exe
  C:\Windows\System\gZqNzUD.exe
  2⤵
  PID:12936
- C:\Windows\System\lJGHbhI.exe
  C:\Windows\System\lJGHbhI.exe
  2⤵
  PID:12960
- C:\Windows\System\LXrEZMK.exe
  C:\Windows\System\LXrEZMK.exe
  2⤵
  PID:13004
- C:\Windows\System\QQXdnrO.exe
  C:\Windows\System\QQXdnrO.exe
  2⤵
  PID:13160
- C:\Windows\System\PXHDAEL.exe
  C:\Windows\System\PXHDAEL.exe
  2⤵
  PID:13156
- C:\Windows\System\VBgYZLA.exe
  C:\Windows\System\VBgYZLA.exe
  2⤵
  PID:13228
- C:\Windows\System\ZVpPNhE.exe
  C:\Windows\System\ZVpPNhE.exe
  2⤵
  PID:13292
- C:\Windows\System\QRGCYkx.exe
  C:\Windows\System\QRGCYkx.exe
  2⤵
  PID:12456
- C:\Windows\System\YqFwmFJ.exe
  C:\Windows\System\YqFwmFJ.exe
  2⤵
  PID:12548
- C:\Windows\System\SnvzMWn.exe
  C:\Windows\System\SnvzMWn.exe
  2⤵
  PID:12668
- C:\Windows\System\WFTxFXO.exe
  C:\Windows\System\WFTxFXO.exe
  2⤵
  PID:12712
- C:\Windows\System\GdawYDM.exe
  C:\Windows\System\GdawYDM.exe
  2⤵
  PID:12900
- C:\Windows\System\vHnbpzg.exe
  C:\Windows\System\vHnbpzg.exe
  2⤵
  PID:13032
- C:\Windows\System\aSHtcTY.exe
  C:\Windows\System\aSHtcTY.exe
  2⤵
  PID:13132
- C:\Windows\System\pLJeERm.exe
  C:\Windows\System\pLJeERm.exe
  2⤵
  PID:12472
- C:\Windows\System\wmdUyyb.exe
  C:\Windows\System\wmdUyyb.exe
  2⤵
  PID:13080
- C:\Windows\System\OnoeJlf.exe
  C:\Windows\System\OnoeJlf.exe
  2⤵
  PID:12528
- C:\Windows\System\wjeJbsN.exe
  C:\Windows\System\wjeJbsN.exe
  2⤵
  PID:13324
- C:\Windows\System\rKbCZvv.exe
  C:\Windows\System\rKbCZvv.exe
  2⤵
  PID:13344
- C:\Windows\System\BFEGgJZ.exe
  C:\Windows\System\BFEGgJZ.exe
  2⤵
  PID:13368
- C:\Windows\System\RcDmZFr.exe
  C:\Windows\System\RcDmZFr.exe
  2⤵
  PID:13388
- C:\Windows\System\RErPuDA.exe
  C:\Windows\System\RErPuDA.exe
  2⤵
  PID:13452
- C:\Windows\System\vCFnbJQ.exe
  C:\Windows\System\vCFnbJQ.exe
  2⤵
  PID:13472
- C:\Windows\System\prywjqj.exe
  C:\Windows\System\prywjqj.exe
  2⤵
  PID:13516
- C:\Windows\System\dqHokXt.exe
  C:\Windows\System\dqHokXt.exe
  2⤵
  PID:13548
- C:\Windows\System\nCnFRZG.exe
  C:\Windows\System\nCnFRZG.exe
  2⤵
  PID:13564
- C:\Windows\System\QEBQzsQ.exe
  C:\Windows\System\QEBQzsQ.exe
  2⤵
  PID:13596
- C:\Windows\System\jrIRJye.exe
  C:\Windows\System\jrIRJye.exe
  2⤵
  PID:13624
- C:\Windows\System\YRsYDVy.exe
  C:\Windows\System\YRsYDVy.exe
  2⤵
  PID:13648
- C:\Windows\System\oQuQFTS.exe
  C:\Windows\System\oQuQFTS.exe
  2⤵
  PID:13676
- C:\Windows\System\nbfbedZ.exe
  C:\Windows\System\nbfbedZ.exe
  2⤵
  PID:13696
- C:\Windows\System\zLIqgsd.exe
  C:\Windows\System\zLIqgsd.exe
  2⤵
  PID:13716
- C:\Windows\System\sdMkeBB.exe
  C:\Windows\System\sdMkeBB.exe
  2⤵
  PID:13748
- C:\Windows\System\LdbEPth.exe
  C:\Windows\System\LdbEPth.exe
  2⤵
  PID:13768
- C:\Windows\System\ZAKoCmU.exe
  C:\Windows\System\ZAKoCmU.exe
  2⤵
  PID:13804
- C:\Windows\System\XkmHWTu.exe
  C:\Windows\System\XkmHWTu.exe
  2⤵
  PID:13832
- C:\Windows\System\MzbVlEc.exe
  C:\Windows\System\MzbVlEc.exe
  2⤵
  PID:13860
- C:\Windows\System\RLsRKpv.exe
  C:\Windows\System\RLsRKpv.exe
  2⤵
  PID:13888
- C:\Windows\System\nUigrKa.exe
  C:\Windows\System\nUigrKa.exe
  2⤵
  PID:13920
- C:\Windows\System\moolLHc.exe
  C:\Windows\System\moolLHc.exe
  2⤵
  PID:13948
- C:\Windows\System\qsJjNvU.exe
  C:\Windows\System\qsJjNvU.exe
  2⤵
  PID:13976
- C:\Windows\System\BUYFMzI.exe
  C:\Windows\System\BUYFMzI.exe
  2⤵
  PID:13992
- C:\Windows\System\wDOlvxH.exe
  C:\Windows\System\wDOlvxH.exe
  2⤵
  PID:14020
- C:\Windows\System\opHabhY.exe
  C:\Windows\System\opHabhY.exe
  2⤵
  PID:14076
- C:\Windows\System\mkozwbD.exe
  C:\Windows\System\mkozwbD.exe
  2⤵
  PID:14100
- C:\Windows\System\NCHFwwu.exe
  C:\Windows\System\NCHFwwu.exe
  2⤵
  PID:14140
- C:\Windows\System\palqYPG.exe
  C:\Windows\System\palqYPG.exe
  2⤵
  PID:14168
- C:\Windows\System\tPPHhcy.exe
  C:\Windows\System\tPPHhcy.exe
  2⤵
  PID:14200
- C:\Windows\System\fouFbyX.exe
  C:\Windows\System\fouFbyX.exe
  2⤵
  PID:14224
- C:\Windows\System\lhvxBYG.exe
  C:\Windows\System\lhvxBYG.exe
  2⤵
  PID:14248
- C:\Windows\System\HeOJOrq.exe
  C:\Windows\System\HeOJOrq.exe
  2⤵
  PID:14268
- C:\Windows\System\PbtNRhZ.exe
  C:\Windows\System\PbtNRhZ.exe
  2⤵
  PID:14288
- C:\Windows\System\uONltPf.exe
  C:\Windows\System\uONltPf.exe
  2⤵
  PID:14320
- C:\Windows\System\EqhvMUH.exe
  C:\Windows\System\EqhvMUH.exe
  2⤵
  PID:11628
- C:\Windows\System\BYcodsM.exe
  C:\Windows\System\BYcodsM.exe
  2⤵
  PID:13320
- C:\Windows\System\FhYEvnm.exe
  C:\Windows\System\FhYEvnm.exe
  2⤵
  PID:13432
- C:\Windows\System\gPDlCWt.exe
  C:\Windows\System\gPDlCWt.exe
  2⤵
  PID:13448
- C:\Windows\System\awFCGzF.exe
  C:\Windows\System\awFCGzF.exe
  2⤵
  PID:13688
- C:\Windows\System\WaXHgNt.exe
  C:\Windows\System\WaXHgNt.exe
  2⤵
  PID:13744
- C:\Windows\System\eIlLYkf.exe
  C:\Windows\System\eIlLYkf.exe
  2⤵
  PID:13780
- C:\Windows\System\lSkUHGs.exe
  C:\Windows\System\lSkUHGs.exe
  2⤵
  PID:13792
- C:\Windows\System\iepFHXD.exe
  C:\Windows\System\iepFHXD.exe
  2⤵
  PID:13820
- C:\Windows\System\MYABCYs.exe
  C:\Windows\System\MYABCYs.exe
  2⤵
  PID:13852
- C:\Windows\System\GwsOLdT.exe
  C:\Windows\System\GwsOLdT.exe
  2⤵
  PID:13936
- C:\Windows\System\JHUOToq.exe
  C:\Windows\System\JHUOToq.exe
  2⤵
  PID:13944
- C:\Windows\System\nRgOUCj.exe
  C:\Windows\System\nRgOUCj.exe
  2⤵
  PID:1960
- C:\Windows\System\PFfvIJb.exe
  C:\Windows\System\PFfvIJb.exe
  2⤵
  PID:13968
- C:\Windows\System\MEViNqY.exe
  C:\Windows\System\MEViNqY.exe
  2⤵
  PID:14016
- C:\Windows\System\nwlTyju.exe
  C:\Windows\System\nwlTyju.exe
  2⤵
  PID:14052
- C:\Windows\System\hNxkPwO.exe
  C:\Windows\System\hNxkPwO.exe
  2⤵
  PID:13056
- C:\Windows\System\FqOjJvx.exe
  C:\Windows\System\FqOjJvx.exe
  2⤵
  PID:14116
- C:\Windows\System\WdvvIci.exe
  C:\Windows\System\WdvvIci.exe
  2⤵
  PID:14212
- C:\Windows\System\EmzkBDt.exe
  C:\Windows\System\EmzkBDt.exe
  2⤵
  PID:14256
- C:\Windows\System\tBJyqLP.exe
  C:\Windows\System\tBJyqLP.exe
  2⤵
  PID:13288
- C:\Windows\System\mWQMEKJ.exe
  C:\Windows\System\mWQMEKJ.exe
  2⤵
  PID:13620
- C:\Windows\System\CienyGl.exe
  C:\Windows\System\CienyGl.exe
  2⤵
  PID:13664
- C:\Windows\System\sDpKAkl.exe
  C:\Windows\System\sDpKAkl.exe
  2⤵
  PID:13508
- C:\Windows\System\LkifOVg.exe
  C:\Windows\System\LkifOVg.exe
  2⤵
  PID:1852
- C:\Windows\System\nmUnJzp.exe
  C:\Windows\System\nmUnJzp.exe
  2⤵
  PID:14012
- C:\Windows\System\MMkPfyT.exe
  C:\Windows\System\MMkPfyT.exe
  2⤵
  PID:14180
- C:\Windows\System\LCExPee.exe
  C:\Windows\System\LCExPee.exe
  2⤵
  PID:13428
- C:\Windows\System\VpVzBDb.exe
  C:\Windows\System\VpVzBDb.exe
  2⤵
  PID:13736
- C:\Windows\System\MddYkOd.exe
  C:\Windows\System\MddYkOd.exe
  2⤵
  PID:14356
- C:\Windows\System\heRGdTt.exe
  C:\Windows\System\heRGdTt.exe
  2⤵
  PID:14388
- C:\Windows\System\ItmNQph.exe
  C:\Windows\System\ItmNQph.exe
  2⤵
  PID:14412
- C:\Windows\System\MlmhOOa.exe
  C:\Windows\System\MlmhOOa.exe
  2⤵
  PID:14428
- C:\Windows\System\GUQFAFw.exe
  C:\Windows\System\GUQFAFw.exe
  2⤵
  PID:14492
- C:\Windows\System\dSozObW.exe
  C:\Windows\System\dSozObW.exe
  2⤵
  PID:14584
- C:\Windows\System\sCihUoE.exe
  C:\Windows\System\sCihUoE.exe
  2⤵
  PID:14616
- C:\Windows\System\eefoNNi.exe
  C:\Windows\System\eefoNNi.exe
  2⤵
  PID:14648
- C:\Windows\System\WQinWuO.exe
  C:\Windows\System\WQinWuO.exe
  2⤵
  PID:14680
- C:\Windows\System\IZivNij.exe
  C:\Windows\System\IZivNij.exe
  2⤵
  PID:14712
- C:\Windows\System\DuSoCDU.exe
  C:\Windows\System\DuSoCDU.exe
  2⤵
  PID:14736
- C:\Windows\System\BrcVyyw.exe
  C:\Windows\System\BrcVyyw.exe
  2⤵
  PID:14764
- C:\Windows\System\pwkYwOg.exe
  C:\Windows\System\pwkYwOg.exe
  2⤵
  PID:14784
- C:\Windows\System\AkhJHAC.exe
  C:\Windows\System\AkhJHAC.exe
  2⤵
  PID:14820
- C:\Windows\System\HDPXRZj.exe
  C:\Windows\System\HDPXRZj.exe
  2⤵
  PID:14856
- C:\Windows\System\fiFWBcA.exe
  C:\Windows\System\fiFWBcA.exe
  2⤵
  PID:14888
- C:\Windows\System\ACinZli.exe
  C:\Windows\System\ACinZli.exe
  2⤵
  PID:14912
- C:\Windows\System\GhwgJEN.exe
  C:\Windows\System\GhwgJEN.exe
  2⤵
  PID:14952
- C:\Windows\System\qIctmYD.exe
  C:\Windows\System\qIctmYD.exe
  2⤵
  PID:14976
- C:\Windows\System\XSbnKmL.exe
  C:\Windows\System\XSbnKmL.exe
  2⤵
  PID:14992
- C:\Windows\System\htTTvtq.exe
  C:\Windows\System\htTTvtq.exe
  2⤵
  PID:15024
- C:\Windows\System\DAmPIts.exe
  C:\Windows\System\DAmPIts.exe
  2⤵
  PID:15120
- C:\Windows\System\lqeSjGQ.exe
  C:\Windows\System\lqeSjGQ.exe
  2⤵
  PID:15136
- C:\Windows\System\WOdRlVU.exe
  C:\Windows\System\WOdRlVU.exe
  2⤵
  PID:15152
- C:\Windows\System\BjGAsSk.exe
  C:\Windows\System\BjGAsSk.exe
  2⤵
  PID:15172
- C:\Windows\System\zEWenaW.exe
  C:\Windows\System\zEWenaW.exe
  2⤵
  PID:15196

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CWpXRiz.exe

Filesize
1.6MB

MD5
7d739bd9b4105dcf975440a43b62c717

SHA1
e329c51290ece32b65635040b93cd1d5f277b482

SHA256
0f9f5ad4218306c07d452688ecebe6b5d944310cd837e11eb237859407904b6a

SHA512
e88c534918abc7800e3726ed02b5ad18b7925e814bdaefab333f42360d02756725ae0fbe863dcc4978f73fa1a3edbb23ac233332dc1c942009df2ed5e73d9876

Download Submit
C:\Windows\System\DmWiIox.exe

Filesize
1.6MB

MD5
5d4a5b48a900528f7375a64efd9ba4e8

SHA1
5b4d6e0315d7042c8c747be88275e31fbf67a58b

SHA256
b01eb077c3994a4abb80f5a28d42b3090fc9e25b5b3d64ad228050f2499f294f

SHA512
4b7e71682f5925e0a12974db6f94413b1f20ef6bd18e335330a0a0747b031c70417a67727f1b65abcc4e62e6ffc403251d5f7a91e83721fd7a5a01de759a6461

Download Submit
C:\Windows\System\EHFqtcI.exe

Filesize
1.6MB

MD5
a3a7082f7c76849542ce8fe634a247cf

SHA1
3b3c498d0de1f180cfb5285095ba58ecf3cff92f

SHA256
da2e8992c991dad31d3ea5949fa2c49c3406717313e8e5f6c37b2fc2fa8e7501

SHA512
0a57b45605e0fba269f65a3aaba58777e1d7b96d833e4e5543ac4ceb66889f104b43678ca7fee7f966ab61ef45d765f60178a54ed40d32e862724216301e3851

Download Submit
C:\Windows\System\GZRHARI.exe

Filesize
1.6MB

MD5
71d0729c902d8350894589dddf711d5d

SHA1
a612b25813e8beb043679a7a0e5703d864b8f79c

SHA256
3a8b9984c226a816575eacf591dad7b8cfb0c6050adbd95d057465c526485653

SHA512
9976531cd2573eac0ecc4ed30174188db0dd3819141f7523a988c34332356408d0f0f8ce9e931bf9597762182915243d8c21e51faeb1bd2c6dbfa56ea685ab4b

Download Submit
C:\Windows\System\HhxdacA.exe

Filesize
1.6MB

MD5
0234d997fee4d0542b1e721cb0381ce1

SHA1
1d883e512cb7d19e6792658305a71bb7213c9760

SHA256
872134ee75d8f7082c4841c1d0ed7ec8e8a2714470b0355385f4c411b1c8ade9

SHA512
db39fd875299b6ebf73f59840c29cc0347159947619aae6bbe3084a9d6f17a4a78dcfa6d51bd3a771f2af6cf622b08e1670c450b4a3a579bf8d2ce01ceefd5d0

Download Submit
C:\Windows\System\Ixejpre.exe

Filesize
1.6MB

MD5
a79322182deb36d38e046fd9a0bed70c

SHA1
06fffdcab851d510952ec49ec3589a20e52041ee

SHA256
7c2d48eb891d155bf8e66c68b0525286e913e6ea3aaef9b6df3fbb83d9ebdde4

SHA512
740a9de354f21057ba8ba72591d334a369c98b2dea28c4e1e9cc689c9235e27c51f14d76acfd3f3b34561e40a58aff95795b276d0247923f62a437d35c783c51

Download Submit
C:\Windows\System\JhnlETn.exe

Filesize
1.6MB

MD5
55e49c15cac760a7e68e4bdb4cea4e5e

SHA1
59a6aad5f1c2aeaadae44b36731ee0ccff7ac2b9

SHA256
530773654f9c646ae47292c24e71da058689ce3d7970cf0b3eee69b23d19fd41

SHA512
61eb0b51a8ef0da8cafdc5bf66d7050a359aca00a486d480caa56934a3edc85b6d7a298ade8fd1a683cd9452a35e420b914ccca651ab60be0d2896f0f4de3e00

Download Submit
C:\Windows\System\KZVdreZ.exe

Filesize
1.6MB

MD5
912346b981af59019a149ca5fcea2dbb

SHA1
eba32d5c6b6ba22bead3854d85b5d4c6fe234de8

SHA256
349ba9e734ed433bb76e0368221f2c59e8a4199eb6dcd6ac7ed67dc26c3d1e1a

SHA512
47791b4f2cacf32d73113b634fff9a91afa1ff14987189340124cb06575ab2ccba20dd6c515bd703cb716ed16318c0ab6ed0ab193824f58ecd8f9060b8cc9db8

Download Submit
C:\Windows\System\LKtdWcy.exe

Filesize
1.6MB

MD5
daa6a79fe1eb0d9a9df3ee76d420b8e6

SHA1
663f8d28e5802753797dabdf78fd0dbc6543fb0a

SHA256
ddf74294ea105018bf44f12e1c4011039f5dd4f110367953bd078c0469621349

SHA512
fc028cc8575a1e9dc79c1c892c97d275aaae257154ff1c25ed876656874a03759d8dda4aab935b74dee4fbfa87dc4e2f90a3c1f50562ecd9edc9fc3851c2b6c5

Download Submit
C:\Windows\System\McZGQDS.exe

Filesize
1.6MB

MD5
ff1adbadeae82a0d936dfe591e53511e

SHA1
202254245224a308e258b235f6d0d9a2703c9cbb

SHA256
17d8b4694b7a3ea86bc539f7bfa634b130df662130e959a395f8c0fc815b0a9b

SHA512
4aa1a461ad4d5970c7beb0aa25c7c920d1a8bc909ab2a5d7aa1fa4bc0967de4f199fa57c356a1f505413473981989e5a7d280821c34c2daad49d02f65ef3e1c6

Download Submit
C:\Windows\System\PELMhkK.exe

Filesize
1.6MB

MD5
aed561baff6dbb9cb89fb3fafb758ff2

SHA1
35e49a0c7a572f416d92e0bbbe6d58c6d913cf59

SHA256
633f1acbff082c3f4b9d33b325e735a171f47abca41cf4a5e2fb1d51290bc4b2

SHA512
d2db6b48f9532c5857574cba863aa641a9189e1954e409d71100276c5e214f1a1e99ed39b8304d01bb9ee522dbd99e4a017edf4d473d335c8d8b2e1890be3def

Download Submit
C:\Windows\System\RiGTOjp.exe

Filesize
1.6MB

MD5
09e5210a231e70f39b216e0d44d146a2

SHA1
85810d07b8e1cfbd05fcf69000c9586fe6cb6930

SHA256
9e735d63a85b82a449642a443d78d508807eabbc05e028c24b95b09915f42d28

SHA512
8b6adb71ef322c3114ef2cdab8838b7c2d3b578f0dabcc9ee4294328652e80252d7d55fd70a6d529cd984d48909290a068373d1cd5d1b3cffeb8e01ba1afb77c

Download Submit
C:\Windows\System\RsYZNvu.exe

Filesize
1.6MB

MD5
93dcc1494cfc931d56ee12c9c2cd4ea6

SHA1
e2485742fc9a811fae62d454b64163b4b1805490

SHA256
2ff5a9ea04f3d04a491a798c28390b4c25a57cb1fdc56b886b352a524b230499

SHA512
107f3c76e04ea54a6e31b55321161dae9b7c764436cb333b1e00bbaddd560169dff2f5b0fc94189cb8efb8646e390421586d577ba24d6bd882b3a5d16d06f1a6

Download Submit
C:\Windows\System\TglRblH.exe

Filesize
1.6MB

MD5
dea8ce525ffb509c250f5701d4e8ac56

SHA1
00ff5d51d57c8401d0e20cfbbf53040f9d171c8d

SHA256
080ebb8db4afb06911d316f5bdbb4b8f62f525ae8f4d3211181d442072a31773

SHA512
337078d9bba92ba7a3cc20fd5195e3d5ade6432d51e559b91b73bf87e5d0cb0447befccbd15e6d174c1ee95e32ef42048812f978e60d90d16f17136e90db344e

Download Submit
C:\Windows\System\WheBIxK.exe

Filesize
1.6MB

MD5
e3b641b5bd81b4874ea53c06e84ad85a

SHA1
c3548347846780389807543edfa06bf83f28bfe3

SHA256
7a16952c1eeb9606839e80ef04a21953608732638ff485ee62db94ff59ecaa98

SHA512
f034014a7832f5abd902f4f7bec20bb4ca36952523cc5350347f763eb66a2b531f1b53daf7b8fd5a709d661462c74328a61bd326eeab22b08bc54c340fbb6f2c

Download Submit
C:\Windows\System\acXUoxB.exe

Filesize
1.6MB

MD5
bb4a35e50b5f1c3eb05e0985bb88a6e1

SHA1
c956cb4db723fda5c2b0059a9f78ff60c28bef8c

SHA256
6213d3aff6ed0acd4c107f9fb88422092246a200c3be13c27f3cd86974e6278b

SHA512
bb2125253b1bc15656d5464b11d2ee08081bb45e377bd3714f4905d46197126ebf90c6beeea37c262452675d507763ec09957038e7b53981a7483e3f01e95b1b

Download Submit
C:\Windows\System\dRiYHQw.exe

Filesize
1.6MB

MD5
ebe9b4ae8bd29d550f39c031b9323707

SHA1
43d8f168252a75e6cd7781a11b4b35500a98a596

SHA256
0c395a5fddab016200612fea61a3e5038469f9c1722cbf5a3f0b06ecb9597f0c

SHA512
0f86a09c62ed02acd3e4a7506730d9cd91733cb8c3e33e7fd61669f471ba19b7b566e5eff673c794fb1c4a11caa115bba3c700566d1b60f0952e69d01f5b445e

Download Submit
C:\Windows\System\eBCDHms.exe

Filesize
1.6MB

MD5
e25108b316c3c26bc697d0be942759d4

SHA1
0534980f6d22a568b962a906a49a6d741649d48f

SHA256
a64ceba57e3308d0f3849b75fb95818271befa9f1224c163a6473e7ad7fb3a5a

SHA512
4170cc3c80209b314e838e3052b66b5e2c5a25de3cf2806854dd0443b5c26576a4604f9febeeaa10ff187e6f3e52437532d29e4237118b89693223da1cc2ab62

Download Submit
C:\Windows\System\fCLamwj.exe

Filesize
1.6MB

MD5
14ce2a35447311d2ca5b556f3b0b52df

SHA1
082217b032dbd2d10956cd0a7ec3f4387356aaea

SHA256
bf6c6831fbf65a90c8d9f53bef3781e476aeb15c230726d62f5d77e13daec603

SHA512
f7dec8cd4e6cd8d85af2b90da6ec34ac8c4af7837ea0940f0078adaf7643729f76cd4f96f1e9908c94dd14484191b78f4966e2c391013ce7b77b42913bb7b339

Download Submit
C:\Windows\System\gKWmuSX.exe

Filesize
1.6MB

MD5
75d4016b0649160207a1f0cb8538739d

SHA1
681a599f7e61705f76bf61314ce256c00f785bdf

SHA256
241391dba6005e7c15e1c61ddf832102fa2bf3bc3302ff656f000e769f2a4423

SHA512
ff2414ca56302bc441e8b0eafe182296026e010579558666bbc31ee539fc2327783e4b4a0f724f46c185edb0a9298a7ad00f095a8f9f8ed293ecc8dc19d06545

Download Submit
C:\Windows\System\herGkZT.exe

Filesize
1.6MB

MD5
771a897403747cbf432b6730a964aaba

SHA1
c45b5a3454c6c8e24bd81d9331e95f670d47bc66

SHA256
48b986cdf8563326592f1545f823eb11b2115a348faa1444f063b8744399ed9a

SHA512
713493a4ca4a234cb9c9a705c86118ad4602381998361cb42c6eb2007dd35d452dca4e2069aaf5f123b8c8bdfe7536e62760e42cd7d1ecc273e11f7c17c4b4d3

Download Submit
C:\Windows\System\iRgQxdU.exe

Filesize
1.6MB

MD5
ea676b28248a31b6ef2f71af96e19ce4

SHA1
ca971dcaf978575ed85f78ce0a8be8b6620f09b2

SHA256
905180b294dcb9ac7f04613f8e7beb71643046f795153b0840c7c09acb55845a

SHA512
c361427288b746005679734d1023fbec2ab1a22747e11e2570e74cc36ef92dc43b3834c3162144407d230ba084772eec01214c87968726301a001ff61edb6232

Download Submit
C:\Windows\System\jDOixUu.exe

Filesize
1.6MB

MD5
aa012db8e97b32736215657ded63f75c

SHA1
2a7b620a195eb7e78426aa7127970a51f0e78feb

SHA256
9c8c5723077441f02aa432d0f21a6eedfbc8e3fee4604973e2c7cbd2f307b3e2

SHA512
629e2f6adb9b1db9661d83aa5ef29a03f3b74529297fc4e23a6fed0bcfc100cb9e54c973d57b5e6a7754a5719249bf8706854c871abf7a2f74d628aea4cba429

Download Submit
C:\Windows\System\lMdWpZS.exe

Filesize
1.6MB

MD5
07ce8a46d20fdcf03e8a26954aa7d022

SHA1
91a5b32bd20deb72b1d8355e15ca6af7d8d7c5ae

SHA256
20edf71f428544e166b4fb45fae4733824b8634e3b53b4c504b6b1b244580e24

SHA512
943d8bdd7e82544cc7ba2ddff9c27f739cb82a443216bf456373bceb9584d9e9bdaaa17fa4cc3ea0e1de032eaa2d10e29ad0d560d858c5c0f62d69226ab86d2b

Download Submit
C:\Windows\System\mhBhhzZ.exe

Filesize
1.6MB

MD5
5e942930869a65ea27c306a69f426382

SHA1
24d5a6d5d320205a5ba47113e013530c7d6ac177

SHA256
e6003817c63cab065f9391325fe7d2b5b72d31a4246b1695655fb320ccd0cdb5

SHA512
b35af741f3edd05692937ab7c23090356fe2c915c86467716ce77a397e74d85941a049a7f6cd30a8d612573510e97d5ec99e981431612ea9ea356a96044d7ef1

Download Submit
C:\Windows\System\ntKaEKb.exe

Filesize
1.6MB

MD5
26365ef7a67b19e07cafae3fa1d57f27

SHA1
d659a0ca231bcd059251c24dc5f91dd3fee8bcc5

SHA256
fc638787f8f74f66a2f5b6a34e81e6ee5071d7d1fd7822a41b50870ccce94d92

SHA512
8479424cb1631cb1f92919919184d2bd1bf0d0c8708008f32fd0d7a43781999be7f63f2eb381e41eeba1966946a3fa8df549ebba1642b93022bd5dd44e5dc259

Download Submit
C:\Windows\System\qjMgEfH.exe

Filesize
1.6MB

MD5
9add4e16d9bda61c55c20d54ad38ab85

SHA1
ed96e6368d8dda32fe995e11b46ada0b62073ffd

SHA256
ef4da8c8cdc27cddb0381ba8dbd151202072ca81fa144e420064c72c03a7dd06

SHA512
fb55677d6ec1c3c24c4c13e67b8d1a4b16b48198b547f16779b1e0e1a02391084b44a8679425e9f4270a4a76f547ca95535c766a0d1c76e751e7510b7a50079a

Download Submit
C:\Windows\System\qupvjJB.exe

Filesize
1.6MB

MD5
b2f5468e496f612dc1992d5420d2971f

SHA1
d3c25c98e8cc0b59a9c5a5ad1b2eef44467ffced

SHA256
328987ba45bca875375e075e0533443a1997cbc0d7a5c403afe83a67a2723b90

SHA512
6080d19e8bb04749be2af7137c2e4485340cd3cd33d44300b8a00e9ac49c2523ad7fddac2e67fd8f99d24db748932058a518777174dd1b35e21829ed4653964d

Download Submit
C:\Windows\System\ufPdwsD.exe

Filesize
1.6MB

MD5
145917b60c7791ba9ac28a3abb0be1ab

SHA1
7cbb84d4f72b06925b221742b74d9992955b8ba5

SHA256
5faf11c4a7b051d7e2efe0071fbffc55badffcf2f2f6f509decb3926a71ab4ff

SHA512
4fd3209ccc537862c03880a24b7868ddfae41d2f63a180b8450fc7df18f8fb888b2944b0ed97e1d934a6264c1b7128fa45c283b1a56d6ef9389326e531cd7d97

Download Submit
C:\Windows\System\uxvXmtW.exe

Filesize
1.6MB

MD5
f131ceb46db8020c208c4e9e446d26a3

SHA1
98ad532ab167d051d7d7bbb0596e2a355f2d995f

SHA256
fb9c40bbed31f3cc5ca653b29dc97e5a7f1c930b92841fb9bc633adcb0f36656

SHA512
05639c5bf6313142da977d11441a48db7ab28f681bcaecd5d7f21f9ffe8aa7dad2a75be003effde437908ecfae2dea5c9bc3007781c5376f132d0ea8d8132172

Download Submit
C:\Windows\System\vufMpPC.exe

Filesize
1.6MB

MD5
b46bceb5f4cf0d2aaed791b388cc1ecd

SHA1
65d5aa57e252342349a0152d8681ba14710a6920

SHA256
1e3e0a81373b861c0578715c91c18bd19972ad42c07a8c7fd376e771779cba73

SHA512
5b039c99dc81098f55723ac6e9426a2b9a28cc65633a1250c81a2035b1337da4e5208513213d8630c9631a2f4d319904faa70461fd525e4d8f85303236634937

Download Submit
C:\Windows\System\wyXyUou.exe

Filesize
1.6MB

MD5
8e01e437e0f2275b3d0e3a31088be3fb

SHA1
8e0eac621f9103b649ab009225dd264770ecd404

SHA256
753bb29cdf5fd962e73160f18303733dcf2e6562d8fef9cadd4ee2bbddd8c3f3

SHA512
6ef75dbe07442e21c579418711cf27030a19f6cd8c49fed6a933de0794e40ab25487a4c2ffe73b125e5ba55a04518609f4210e532f941b4afba752b271a0c775

Download Submit
C:\Windows\System\zaCgDJx.exe

Filesize
1.6MB

MD5
a1ab7fe2a3ab5a11b8a37a774a41f097

SHA1
1e57886c632a9f7397a8665cfea2e627831306af

SHA256
f7e0ad7fde6773276e6cfea05d9100d3b4603c61bdc52e125bc7859d1f42e263

SHA512
a1e3c9068aebb359f083514fe5aae7a4d09676d9e25839582f01a66a5540c5157ed73ffcc07dc6c7b421689840e18ee442a9f78b6653689f372cc16be2050b03

Download Submit
memory/536-2403-0x00007FF7588A0000-0x00007FF758BF1000-memory.dmp

Filesize
3.3MB

Download
memory/536-39-0x00007FF7588A0000-0x00007FF758BF1000-memory.dmp

Filesize
3.3MB

Download
memory/840-2425-0x00007FF751CD0000-0x00007FF752021000-memory.dmp

Filesize
3.3MB

Download
memory/840-466-0x00007FF751CD0000-0x00007FF752021000-memory.dmp

Filesize
3.3MB

Download
memory/1072-2411-0x00007FF76F890000-0x00007FF76FBE1000-memory.dmp

Filesize
3.3MB

Download
memory/1072-53-0x00007FF76F890000-0x00007FF76FBE1000-memory.dmp

Filesize
3.3MB

Download
memory/1072-1419-0x00007FF76F890000-0x00007FF76FBE1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-487-0x00007FF6631E0000-0x00007FF663531000-memory.dmp

Filesize
3.3MB

Download
memory/1128-2461-0x00007FF6631E0000-0x00007FF663531000-memory.dmp

Filesize
3.3MB

Download
memory/1136-82-0x00007FF62C9B0000-0x00007FF62CD01000-memory.dmp

Filesize
3.3MB

Download
memory/1136-2415-0x00007FF62C9B0000-0x00007FF62CD01000-memory.dmp

Filesize
3.3MB

Download
memory/1240-2471-0x00007FF7C1E50000-0x00007FF7C21A1000-memory.dmp

Filesize
3.3MB

Download
memory/1240-512-0x00007FF7C1E50000-0x00007FF7C21A1000-memory.dmp

Filesize
3.3MB

Download
memory/1464-2475-0x00007FF66DBF0000-0x00007FF66DF41000-memory.dmp

Filesize
3.3MB

Download
memory/1464-511-0x00007FF66DBF0000-0x00007FF66DF41000-memory.dmp

Filesize
3.3MB

Download
memory/1644-2423-0x00007FF65DDD0000-0x00007FF65E121000-memory.dmp

Filesize
3.3MB

Download
memory/1644-470-0x00007FF65DDD0000-0x00007FF65E121000-memory.dmp

Filesize
3.3MB

Download
memory/1776-81-0x00007FF7D3790000-0x00007FF7D3AE1000-memory.dmp

Filesize
3.3MB

Download
memory/1776-1434-0x00007FF7D3790000-0x00007FF7D3AE1000-memory.dmp

Filesize
3.3MB

Download
memory/1776-2429-0x00007FF7D3790000-0x00007FF7D3AE1000-memory.dmp

Filesize
3.3MB

Download
memory/1856-490-0x00007FF7173D0000-0x00007FF717721000-memory.dmp

Filesize
3.3MB

Download
memory/2028-2407-0x00007FF745670000-0x00007FF7459C1000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1326-0x00007FF745670000-0x00007FF7459C1000-memory.dmp

Filesize
3.3MB

Download
memory/2028-29-0x00007FF745670000-0x00007FF7459C1000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2413-0x00007FF774870000-0x00007FF774BC1000-memory.dmp

Filesize
3.3MB

Download
memory/2128-41-0x00007FF774870000-0x00007FF774BC1000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1547-0x00007FF774870000-0x00007FF774BC1000-memory.dmp

Filesize
3.3MB

Download
memory/2212-0-0x00007FF7B23E0000-0x00007FF7B2731000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1191-0x00007FF7B23E0000-0x00007FF7B2731000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1-0x00000258FFA30000-0x00000258FFA40000-memory.dmp

Filesize
64KB

Download
memory/2744-2463-0x00007FF7DECA0000-0x00007FF7DEFF1000-memory.dmp

Filesize
3.3MB

Download
memory/2744-486-0x00007FF7DECA0000-0x00007FF7DEFF1000-memory.dmp

Filesize
3.3MB

Download
memory/2820-458-0x00007FF6F9440000-0x00007FF6F9791000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2419-0x00007FF6F9440000-0x00007FF6F9791000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1549-0x00007FF631380000-0x00007FF6316D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2427-0x00007FF631380000-0x00007FF6316D1000-memory.dmp

Filesize
3.3MB

Download
memory/2976-76-0x00007FF631380000-0x00007FF6316D1000-memory.dmp

Filesize
3.3MB

Download
memory/3032-71-0x00007FF776C70000-0x00007FF776FC1000-memory.dmp

Filesize
3.3MB

Download
memory/3032-1430-0x00007FF776C70000-0x00007FF776FC1000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2409-0x00007FF776C70000-0x00007FF776FC1000-memory.dmp

Filesize
3.3MB

Download
memory/3444-2495-0x00007FF7FB780000-0x00007FF7FBAD1000-memory.dmp

Filesize
3.3MB

Download
memory/3444-517-0x00007FF7FB780000-0x00007FF7FBAD1000-memory.dmp

Filesize
3.3MB

Download
memory/3480-8-0x00007FF7DF000000-0x00007FF7DF351000-memory.dmp

Filesize
3.3MB

Download
memory/3480-1321-0x00007FF7DF000000-0x00007FF7DF351000-memory.dmp

Filesize
3.3MB

Download
memory/3480-2399-0x00007FF7DF000000-0x00007FF7DF351000-memory.dmp

Filesize
3.3MB

Download
memory/3668-67-0x00007FF78B390000-0x00007FF78B6E1000-memory.dmp

Filesize
3.3MB

Download
memory/3668-1429-0x00007FF78B390000-0x00007FF78B6E1000-memory.dmp

Filesize
3.3MB

Download
memory/3668-2417-0x00007FF78B390000-0x00007FF78B6E1000-memory.dmp

Filesize
3.3MB

Download
memory/3688-498-0x00007FF7F5AB0000-0x00007FF7F5E01000-memory.dmp

Filesize
3.3MB

Download
memory/3688-2480-0x00007FF7F5AB0000-0x00007FF7F5E01000-memory.dmp

Filesize
3.3MB

Download
memory/3820-492-0x00007FF72F550000-0x00007FF72F8A1000-memory.dmp

Filesize
3.3MB

Download
memory/3820-2482-0x00007FF72F550000-0x00007FF72F8A1000-memory.dmp

Filesize
3.3MB

Download
memory/3988-478-0x00007FF6422B0000-0x00007FF642601000-memory.dmp

Filesize
3.3MB

Download
memory/3988-2443-0x00007FF6422B0000-0x00007FF642601000-memory.dmp

Filesize
3.3MB

Download
memory/3996-15-0x00007FF76D040000-0x00007FF76D391000-memory.dmp

Filesize
3.3MB

Download
memory/3996-1323-0x00007FF76D040000-0x00007FF76D391000-memory.dmp

Filesize
3.3MB

Download
memory/3996-2401-0x00007FF76D040000-0x00007FF76D391000-memory.dmp

Filesize
3.3MB

Download
memory/4216-507-0x00007FF7B74E0000-0x00007FF7B7831000-memory.dmp

Filesize
3.3MB

Download
memory/4216-2473-0x00007FF7B74E0000-0x00007FF7B7831000-memory.dmp

Filesize
3.3MB

Download
memory/4612-2431-0x00007FF725590000-0x00007FF7258E1000-memory.dmp

Filesize
3.3MB

Download
memory/4612-467-0x00007FF725590000-0x00007FF7258E1000-memory.dmp

Filesize
3.3MB

Download
memory/4616-475-0x00007FF777460000-0x00007FF7777B1000-memory.dmp

Filesize
3.3MB

Download
memory/4616-2449-0x00007FF777460000-0x00007FF7777B1000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2421-0x00007FF613FB0000-0x00007FF614301000-memory.dmp

Filesize
3.3MB

Download
memory/4696-525-0x00007FF613FB0000-0x00007FF614301000-memory.dmp

Filesize
3.3MB

Download
memory/4764-505-0x00007FF785370000-0x00007FF7856C1000-memory.dmp

Filesize
3.3MB

Download
memory/4764-2477-0x00007FF785370000-0x00007FF7856C1000-memory.dmp

Filesize
3.3MB

Download
memory/5064-36-0x00007FF62EEE0000-0x00007FF62F231000-memory.dmp

Filesize
3.3MB

Download
memory/5064-2405-0x00007FF62EEE0000-0x00007FF62F231000-memory.dmp

Filesize
3.3MB

Download
memory/5064-1329-0x00007FF62EEE0000-0x00007FF62F231000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads