xmrig | e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15a

Analysis

max time kernel
109s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2024 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
Size

1.7MB
MD5

f2171ee88d057d220847ec05150ff840
SHA1

0a6ed7f46f322015bf44f92bea21c1620198fa24
SHA256

e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15a
SHA512

089d4b9fbad097cd9880357a91fc229bf73063da34b7743a794d6dac4c0cff6615f958b7024b389d6d0e237752eefd2dd2dd687d12c655a4d6ab3ce9dd6a3da8
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XCejIODosTigQytWpq0IIWv3yO04a/fn55/kY:knw9oUUEEDlGUrMNcbiwdf594Q

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral2/memory/2740-386-0x00007FF612550000-0x00007FF612941000-memory.dmp	xmrig
behavioral2/memory/3928-388-0x00007FF78B200000-0x00007FF78B5F1000-memory.dmp	xmrig
behavioral2/memory/3140-389-0x00007FF7FAF90000-0x00007FF7FB381000-memory.dmp	xmrig
behavioral2/memory/1868-390-0x00007FF7F9900000-0x00007FF7F9CF1000-memory.dmp	xmrig
behavioral2/memory/1148-387-0x00007FF7E6EA0000-0x00007FF7E7291000-memory.dmp	xmrig
behavioral2/memory/1120-391-0x00007FF7BEBD0000-0x00007FF7BEFC1000-memory.dmp	xmrig
behavioral2/memory/3596-392-0x00007FF78F940000-0x00007FF78FD31000-memory.dmp	xmrig
behavioral2/memory/4800-395-0x00007FF6CF5E0000-0x00007FF6CF9D1000-memory.dmp	xmrig
behavioral2/memory/3040-394-0x00007FF72ECC0000-0x00007FF72F0B1000-memory.dmp	xmrig
behavioral2/memory/4400-393-0x00007FF66B080000-0x00007FF66B471000-memory.dmp	xmrig
behavioral2/memory/1452-396-0x00007FF672580000-0x00007FF672971000-memory.dmp	xmrig
behavioral2/memory/3812-403-0x00007FF7BDD90000-0x00007FF7BE181000-memory.dmp	xmrig
behavioral2/memory/1336-422-0x00007FF7B1780000-0x00007FF7B1B71000-memory.dmp	xmrig
behavioral2/memory/3464-432-0x00007FF6A6AD0000-0x00007FF6A6EC1000-memory.dmp	xmrig
behavioral2/memory/3208-437-0x00007FF6228F0000-0x00007FF622CE1000-memory.dmp	xmrig
behavioral2/memory/4924-417-0x00007FF754C70000-0x00007FF755061000-memory.dmp	xmrig
behavioral2/memory/3108-413-0x00007FF72EA80000-0x00007FF72EE71000-memory.dmp	xmrig
behavioral2/memory/4764-440-0x00007FF7CE9E0000-0x00007FF7CEDD1000-memory.dmp	xmrig
behavioral2/memory/2000-451-0x00007FF67E970000-0x00007FF67ED61000-memory.dmp	xmrig
behavioral2/memory/4136-460-0x00007FF6F2C60000-0x00007FF6F3051000-memory.dmp	xmrig
behavioral2/memory/976-456-0x00007FF7F9510000-0x00007FF7F9901000-memory.dmp	xmrig
behavioral2/memory/3260-1256-0x00007FF7A2C00000-0x00007FF7A2FF1000-memory.dmp	xmrig
behavioral2/memory/224-1373-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp	xmrig
behavioral2/memory/1756-1370-0x00007FF6DD8F0000-0x00007FF6DDCE1000-memory.dmp	xmrig
behavioral2/memory/312-1376-0x00007FF7E6E10000-0x00007FF7E7201000-memory.dmp	xmrig
behavioral2/memory/1756-2138-0x00007FF6DD8F0000-0x00007FF6DDCE1000-memory.dmp	xmrig
behavioral2/memory/224-2140-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp	xmrig
behavioral2/memory/2740-2143-0x00007FF612550000-0x00007FF612941000-memory.dmp	xmrig
behavioral2/memory/4136-2152-0x00007FF6F2C60000-0x00007FF6F3051000-memory.dmp	xmrig
behavioral2/memory/1868-2156-0x00007FF7F9900000-0x00007FF7F9CF1000-memory.dmp	xmrig
behavioral2/memory/3140-2154-0x00007FF7FAF90000-0x00007FF7FB381000-memory.dmp	xmrig
behavioral2/memory/1120-2158-0x00007FF7BEBD0000-0x00007FF7BEFC1000-memory.dmp	xmrig
behavioral2/memory/1148-2150-0x00007FF7E6EA0000-0x00007FF7E7291000-memory.dmp	xmrig
behavioral2/memory/312-2147-0x00007FF7E6E10000-0x00007FF7E7201000-memory.dmp	xmrig
behavioral2/memory/3928-2149-0x00007FF78B200000-0x00007FF78B5F1000-memory.dmp	xmrig
behavioral2/memory/976-2145-0x00007FF7F9510000-0x00007FF7F9901000-memory.dmp	xmrig
behavioral2/memory/3108-2187-0x00007FF72EA80000-0x00007FF72EE71000-memory.dmp	xmrig
behavioral2/memory/3464-2198-0x00007FF6A6AD0000-0x00007FF6A6EC1000-memory.dmp	xmrig
behavioral2/memory/3208-2203-0x00007FF6228F0000-0x00007FF622CE1000-memory.dmp	xmrig
behavioral2/memory/2000-2208-0x00007FF67E970000-0x00007FF67ED61000-memory.dmp	xmrig
behavioral2/memory/4764-2205-0x00007FF7CE9E0000-0x00007FF7CEDD1000-memory.dmp	xmrig
behavioral2/memory/1336-2201-0x00007FF7B1780000-0x00007FF7B1B71000-memory.dmp	xmrig
behavioral2/memory/3040-2199-0x00007FF72ECC0000-0x00007FF72F0B1000-memory.dmp	xmrig
behavioral2/memory/4924-2195-0x00007FF754C70000-0x00007FF755061000-memory.dmp	xmrig
behavioral2/memory/3812-2193-0x00007FF7BDD90000-0x00007FF7BE181000-memory.dmp	xmrig
behavioral2/memory/4400-2185-0x00007FF66B080000-0x00007FF66B471000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1756	FVWdBjn.exe
224	EtyQrjC.exe
976	ReXtlOk.exe
312	MaRkkTK.exe
4136	QhwVqIG.exe
2740	CFyiCGw.exe
1148	cgfAdin.exe
3928	qkPbMRY.exe
3140	cllutCN.exe
1868	blcMxUa.exe
1120	nSJmEzG.exe
3596	uXQfAAo.exe
4400	IBkIQDk.exe
3040	SEOkPTn.exe
4800	IjYuvfn.exe
1452	itKoVvS.exe
3812	GVCnCyP.exe
3108	qCFftFK.exe
4924	INyBbDi.exe
1336	pHOrEDB.exe
3464	zGyrZaK.exe
3208	igFEpGj.exe
4764	gZZxHzv.exe
2000	OlAmnIh.exe
2600	WASdPng.exe
1560	FPWPwbw.exe
4144	jcgUFQg.exe
3228	lMNLwYq.exe
4736	sjGWfot.exe
4632	GtIrqgS.exe
4464	MjYiQGK.exe
932	yVigamS.exe
1908	lfZQnSk.exe
4704	TLJYtha.exe
1604	bkRvaZM.exe
2768	XHWwnXj.exe
1996	VcCgKxM.exe
3160	nxKkHTC.exe
2304	wQqWucf.exe
5112	IDzOOkH.exe
3492	QrFZmBv.exe
832	JuoyTvl.exe
1700	GLpbojU.exe
2688	AYbAVBa.exe
2316	tfKTVGc.exe
808	WsnEyaF.exe
380	uoKLYPG.exe
1588	WQcLNdw.exe
64	YTkGwJO.exe
4348	ZVrickU.exe
3480	TIQTOAA.exe
684	HSSUguR.exe
628	zXduadx.exe
4572	NEIGysP.exe
1264	nMgnzQV.exe
4612	PxhXtkM.exe
4976	vPflzuC.exe
712	iarsyQr.exe
4720	AeMtYdi.exe
4236	AtddAhp.exe
4792	xehYJDu.exe
228	RkgSqNL.exe
5040	FZdrFSn.exe
2112	FCuLPvW.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\hfPqooh.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\BqZxUkD.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\jgMoJli.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\ezDCfqo.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\RPxdYUG.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\RmPcbFx.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\AYbAVBa.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\OnowqrV.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\HNrsUHf.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\VEyBkBd.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\gOIdYKQ.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\PdzUvsJ.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\umWuWJo.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\hMhDDwi.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\nXRgnWP.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\jcgUFQg.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\iFeeOVL.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\AlTmtbM.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\sFdKjyr.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\tFmNpWI.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\fLfOwFM.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\BPTNMxL.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\TEvdPyI.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\QhegWCM.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\lvqYfHj.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\EuLZbQB.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\Gzlmnyd.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\OKQLslu.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\PiGAgkZ.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\AIyxbTg.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\zlWRpmH.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\EkqKHTz.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\jjDVFzI.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\VUtzeKz.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\RaiSgKY.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\GRKzNEq.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\KxAPwCe.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\tsTotQw.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\orwKzei.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\ufTitxu.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\HDpItVL.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\VcCgKxM.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\RYfguen.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\SBSoUCX.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\YVpzfor.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\ghFfSBj.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\hnEufqt.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\XqxQDiL.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\jYjdQcp.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\GtIrqgS.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\VmaEKzK.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\SEGimBY.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\LBPDJbE.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\ZaFxjBK.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\tFHTjLf.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\qSandoI.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\OWtRqrX.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\SASXLPH.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\pHOrEDB.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\kTbvubS.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\pffveTv.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\xNVRXST.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\jGJneoe.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
File created	C:\Windows\System32\cdnzckw.exe	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3260-0-0x00007FF7A2C00000-0x00007FF7A2FF1000-memory.dmp	upx
behavioral2/files/0x0008000000023c87-4.dat	upx
behavioral2/files/0x0007000000023c8c-7.dat	upx
behavioral2/files/0x0007000000023c8b-10.dat	upx
behavioral2/memory/1756-9-0x00007FF6DD8F0000-0x00007FF6DDCE1000-memory.dmp	upx
behavioral2/files/0x0007000000023c91-43.dat	upx
behavioral2/files/0x0007000000023c93-56.dat	upx
behavioral2/files/0x0007000000023c95-66.dat	upx
behavioral2/files/0x0007000000023c96-71.dat	upx
behavioral2/files/0x0007000000023c99-80.dat	upx
behavioral2/files/0x0007000000023c9b-96.dat	upx
behavioral2/files/0x0007000000023c9d-106.dat	upx
behavioral2/files/0x0007000000023ca2-125.dat	upx
behavioral2/files/0x0007000000023ca4-135.dat	upx
behavioral2/files/0x0007000000023ca5-146.dat	upx
behavioral2/files/0x0007000000023ca8-161.dat	upx
behavioral2/memory/312-385-0x00007FF7E6E10000-0x00007FF7E7201000-memory.dmp	upx
behavioral2/memory/2740-386-0x00007FF612550000-0x00007FF612941000-memory.dmp	upx
behavioral2/memory/3928-388-0x00007FF78B200000-0x00007FF78B5F1000-memory.dmp	upx
behavioral2/memory/3140-389-0x00007FF7FAF90000-0x00007FF7FB381000-memory.dmp	upx
behavioral2/memory/1868-390-0x00007FF7F9900000-0x00007FF7F9CF1000-memory.dmp	upx
behavioral2/memory/1148-387-0x00007FF7E6EA0000-0x00007FF7E7291000-memory.dmp	upx
behavioral2/memory/1120-391-0x00007FF7BEBD0000-0x00007FF7BEFC1000-memory.dmp	upx
behavioral2/memory/3596-392-0x00007FF78F940000-0x00007FF78FD31000-memory.dmp	upx
behavioral2/memory/4800-395-0x00007FF6CF5E0000-0x00007FF6CF9D1000-memory.dmp	upx
behavioral2/memory/3040-394-0x00007FF72ECC0000-0x00007FF72F0B1000-memory.dmp	upx
behavioral2/memory/4400-393-0x00007FF66B080000-0x00007FF66B471000-memory.dmp	upx
behavioral2/memory/1452-396-0x00007FF672580000-0x00007FF672971000-memory.dmp	upx
behavioral2/memory/3812-403-0x00007FF7BDD90000-0x00007FF7BE181000-memory.dmp	upx
behavioral2/files/0x0007000000023caa-164.dat	upx
behavioral2/files/0x0007000000023ca9-159.dat	upx
behavioral2/files/0x0007000000023ca7-156.dat	upx
behavioral2/memory/1336-422-0x00007FF7B1780000-0x00007FF7B1B71000-memory.dmp	upx
behavioral2/memory/3464-432-0x00007FF6A6AD0000-0x00007FF6A6EC1000-memory.dmp	upx
behavioral2/memory/3208-437-0x00007FF6228F0000-0x00007FF622CE1000-memory.dmp	upx
behavioral2/memory/4924-417-0x00007FF754C70000-0x00007FF755061000-memory.dmp	upx
behavioral2/memory/3108-413-0x00007FF72EA80000-0x00007FF72EE71000-memory.dmp	upx
behavioral2/files/0x0007000000023ca6-151.dat	upx
behavioral2/memory/4764-440-0x00007FF7CE9E0000-0x00007FF7CEDD1000-memory.dmp	upx
behavioral2/memory/2000-451-0x00007FF67E970000-0x00007FF67ED61000-memory.dmp	upx
behavioral2/memory/4136-460-0x00007FF6F2C60000-0x00007FF6F3051000-memory.dmp	upx
behavioral2/memory/976-456-0x00007FF7F9510000-0x00007FF7F9901000-memory.dmp	upx
behavioral2/files/0x0007000000023ca3-134.dat	upx
behavioral2/files/0x0007000000023ca1-123.dat	upx
behavioral2/files/0x0007000000023ca0-121.dat	upx
behavioral2/files/0x0007000000023c9f-114.dat	upx
behavioral2/files/0x0007000000023c9e-108.dat	upx
behavioral2/files/0x0007000000023c9c-101.dat	upx
behavioral2/files/0x0007000000023c9a-91.dat	upx
behavioral2/files/0x0007000000023c98-78.dat	upx
behavioral2/files/0x0007000000023c97-76.dat	upx
behavioral2/files/0x0007000000023c94-61.dat	upx
behavioral2/files/0x0007000000023c92-51.dat	upx
behavioral2/files/0x0007000000023c90-38.dat	upx
behavioral2/files/0x0007000000023c8f-36.dat	upx
behavioral2/files/0x0007000000023c8e-28.dat	upx
behavioral2/files/0x0007000000023c8d-22.dat	upx
behavioral2/memory/224-21-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp	upx
behavioral2/memory/3260-1256-0x00007FF7A2C00000-0x00007FF7A2FF1000-memory.dmp	upx
behavioral2/memory/224-1373-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp	upx
behavioral2/memory/1756-1370-0x00007FF6DD8F0000-0x00007FF6DDCE1000-memory.dmp	upx
behavioral2/memory/312-1376-0x00007FF7E6E10000-0x00007FF7E7201000-memory.dmp	upx
behavioral2/memory/1756-2138-0x00007FF6DD8F0000-0x00007FF6DDCE1000-memory.dmp	upx
behavioral2/memory/224-2140-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp	upx

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13992	dwm.exe
Token: SeChangeNotifyPrivilege	13992	dwm.exe
Token: 33	13992	dwm.exe
Token: SeIncBasePriorityPrivilege	13992	dwm.exe
Token: SeCreateGlobalPrivilege	2476	dwm.exe
Token: SeChangeNotifyPrivilege	2476	dwm.exe
Token: 33	2476	dwm.exe
Token: SeIncBasePriorityPrivilege	2476	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 1756	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	85
PID 3260 wrote to memory of 1756	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	85
PID 3260 wrote to memory of 224	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	86
PID 3260 wrote to memory of 224	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	86
PID 3260 wrote to memory of 976	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	87
PID 3260 wrote to memory of 976	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	87
PID 3260 wrote to memory of 312	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	88
PID 3260 wrote to memory of 312	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	88
PID 3260 wrote to memory of 4136	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	89
PID 3260 wrote to memory of 4136	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	89
PID 3260 wrote to memory of 2740	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	90
PID 3260 wrote to memory of 2740	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	90
PID 3260 wrote to memory of 1148	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	91
PID 3260 wrote to memory of 1148	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	91
PID 3260 wrote to memory of 3928	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	92
PID 3260 wrote to memory of 3928	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	92
PID 3260 wrote to memory of 3140	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	93
PID 3260 wrote to memory of 3140	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	93
PID 3260 wrote to memory of 1868	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	94
PID 3260 wrote to memory of 1868	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	94
PID 3260 wrote to memory of 1120	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	95
PID 3260 wrote to memory of 1120	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	95
PID 3260 wrote to memory of 3596	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	96
PID 3260 wrote to memory of 3596	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	96
PID 3260 wrote to memory of 4400	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	97
PID 3260 wrote to memory of 4400	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	97
PID 3260 wrote to memory of 3040	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	98
PID 3260 wrote to memory of 3040	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	98
PID 3260 wrote to memory of 4800	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	99
PID 3260 wrote to memory of 4800	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	99
PID 3260 wrote to memory of 1452	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	100
PID 3260 wrote to memory of 1452	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	100
PID 3260 wrote to memory of 3812	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	101
PID 3260 wrote to memory of 3812	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	101
PID 3260 wrote to memory of 3108	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	102
PID 3260 wrote to memory of 3108	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	102
PID 3260 wrote to memory of 4924	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	103
PID 3260 wrote to memory of 4924	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	103
PID 3260 wrote to memory of 1336	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	104
PID 3260 wrote to memory of 1336	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	104
PID 3260 wrote to memory of 3464	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	105
PID 3260 wrote to memory of 3464	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	105
PID 3260 wrote to memory of 3208	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	106
PID 3260 wrote to memory of 3208	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	106
PID 3260 wrote to memory of 4764	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	107
PID 3260 wrote to memory of 4764	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	107
PID 3260 wrote to memory of 2000	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	108
PID 3260 wrote to memory of 2000	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	108
PID 3260 wrote to memory of 2600	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	109
PID 3260 wrote to memory of 2600	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	109
PID 3260 wrote to memory of 1560	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	110
PID 3260 wrote to memory of 1560	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	110
PID 3260 wrote to memory of 4144	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	111
PID 3260 wrote to memory of 4144	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	111
PID 3260 wrote to memory of 3228	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	112
PID 3260 wrote to memory of 3228	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	112
PID 3260 wrote to memory of 4736	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	113
PID 3260 wrote to memory of 4736	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	113
PID 3260 wrote to memory of 4632	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	114
PID 3260 wrote to memory of 4632	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	114
PID 3260 wrote to memory of 4464	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	115
PID 3260 wrote to memory of 4464	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	115
PID 3260 wrote to memory of 932	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	116
PID 3260 wrote to memory of 932	3260	e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe	116

C:\Users\Admin\AppData\Local\Temp\e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe
"C:\Users\Admin\AppData\Local\Temp\e79263c3a3c852899b75600aa9c4e2743ddaece52f62cf8e2ba1e89fed62f15aN.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Windows\System32\FVWdBjn.exe
  C:\Windows\System32\FVWdBjn.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System32\EtyQrjC.exe
  C:\Windows\System32\EtyQrjC.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System32\ReXtlOk.exe
  C:\Windows\System32\ReXtlOk.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System32\MaRkkTK.exe
  C:\Windows\System32\MaRkkTK.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System32\QhwVqIG.exe
  C:\Windows\System32\QhwVqIG.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System32\CFyiCGw.exe
  C:\Windows\System32\CFyiCGw.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System32\cgfAdin.exe
  C:\Windows\System32\cgfAdin.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System32\qkPbMRY.exe
  C:\Windows\System32\qkPbMRY.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System32\cllutCN.exe
  C:\Windows\System32\cllutCN.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System32\blcMxUa.exe
  C:\Windows\System32\blcMxUa.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System32\nSJmEzG.exe
  C:\Windows\System32\nSJmEzG.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System32\uXQfAAo.exe
  C:\Windows\System32\uXQfAAo.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System32\IBkIQDk.exe
  C:\Windows\System32\IBkIQDk.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System32\SEOkPTn.exe
  C:\Windows\System32\SEOkPTn.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System32\IjYuvfn.exe
  C:\Windows\System32\IjYuvfn.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System32\itKoVvS.exe
  C:\Windows\System32\itKoVvS.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System32\GVCnCyP.exe
  C:\Windows\System32\GVCnCyP.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System32\qCFftFK.exe
  C:\Windows\System32\qCFftFK.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System32\INyBbDi.exe
  C:\Windows\System32\INyBbDi.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System32\pHOrEDB.exe
  C:\Windows\System32\pHOrEDB.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System32\zGyrZaK.exe
  C:\Windows\System32\zGyrZaK.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System32\igFEpGj.exe
  C:\Windows\System32\igFEpGj.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System32\gZZxHzv.exe
  C:\Windows\System32\gZZxHzv.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System32\OlAmnIh.exe
  C:\Windows\System32\OlAmnIh.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System32\WASdPng.exe
  C:\Windows\System32\WASdPng.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System32\FPWPwbw.exe
  C:\Windows\System32\FPWPwbw.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System32\jcgUFQg.exe
  C:\Windows\System32\jcgUFQg.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System32\lMNLwYq.exe
  C:\Windows\System32\lMNLwYq.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System32\sjGWfot.exe
  C:\Windows\System32\sjGWfot.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System32\GtIrqgS.exe
  C:\Windows\System32\GtIrqgS.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System32\MjYiQGK.exe
  C:\Windows\System32\MjYiQGK.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System32\yVigamS.exe
  C:\Windows\System32\yVigamS.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System32\lfZQnSk.exe
  C:\Windows\System32\lfZQnSk.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System32\TLJYtha.exe
  C:\Windows\System32\TLJYtha.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System32\bkRvaZM.exe
  C:\Windows\System32\bkRvaZM.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System32\XHWwnXj.exe
  C:\Windows\System32\XHWwnXj.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System32\VcCgKxM.exe
  C:\Windows\System32\VcCgKxM.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System32\nxKkHTC.exe
  C:\Windows\System32\nxKkHTC.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System32\wQqWucf.exe
  C:\Windows\System32\wQqWucf.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System32\IDzOOkH.exe
  C:\Windows\System32\IDzOOkH.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System32\QrFZmBv.exe
  C:\Windows\System32\QrFZmBv.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System32\JuoyTvl.exe
  C:\Windows\System32\JuoyTvl.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System32\GLpbojU.exe
  C:\Windows\System32\GLpbojU.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System32\AYbAVBa.exe
  C:\Windows\System32\AYbAVBa.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System32\tfKTVGc.exe
  C:\Windows\System32\tfKTVGc.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System32\WsnEyaF.exe
  C:\Windows\System32\WsnEyaF.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System32\uoKLYPG.exe
  C:\Windows\System32\uoKLYPG.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System32\WQcLNdw.exe
  C:\Windows\System32\WQcLNdw.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System32\YTkGwJO.exe
  C:\Windows\System32\YTkGwJO.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System32\ZVrickU.exe
  C:\Windows\System32\ZVrickU.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System32\TIQTOAA.exe
  C:\Windows\System32\TIQTOAA.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System32\HSSUguR.exe
  C:\Windows\System32\HSSUguR.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System32\zXduadx.exe
  C:\Windows\System32\zXduadx.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System32\NEIGysP.exe
  C:\Windows\System32\NEIGysP.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System32\nMgnzQV.exe
  C:\Windows\System32\nMgnzQV.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System32\PxhXtkM.exe
  C:\Windows\System32\PxhXtkM.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System32\vPflzuC.exe
  C:\Windows\System32\vPflzuC.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System32\iarsyQr.exe
  C:\Windows\System32\iarsyQr.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System32\AeMtYdi.exe
  C:\Windows\System32\AeMtYdi.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System32\AtddAhp.exe
  C:\Windows\System32\AtddAhp.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System32\xehYJDu.exe
  C:\Windows\System32\xehYJDu.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System32\RkgSqNL.exe
  C:\Windows\System32\RkgSqNL.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System32\FZdrFSn.exe
  C:\Windows\System32\FZdrFSn.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System32\FCuLPvW.exe
  C:\Windows\System32\FCuLPvW.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System32\HXmEuDB.exe
  C:\Windows\System32\HXmEuDB.exe
  2⤵
  PID:4804
- C:\Windows\System32\zwWuzZe.exe
  C:\Windows\System32\zwWuzZe.exe
  2⤵
  PID:4056
- C:\Windows\System32\pfInTKH.exe
  C:\Windows\System32\pfInTKH.exe
  2⤵
  PID:5004
- C:\Windows\System32\cCIUzvx.exe
  C:\Windows\System32\cCIUzvx.exe
  2⤵
  PID:4952
- C:\Windows\System32\BHPkYXh.exe
  C:\Windows\System32\BHPkYXh.exe
  2⤵
  PID:2172
- C:\Windows\System32\hetDNTR.exe
  C:\Windows\System32\hetDNTR.exe
  2⤵
  PID:372
- C:\Windows\System32\ZgLhSbb.exe
  C:\Windows\System32\ZgLhSbb.exe
  2⤵
  PID:3616
- C:\Windows\System32\zSVlwgC.exe
  C:\Windows\System32\zSVlwgC.exe
  2⤵
  PID:3024
- C:\Windows\System32\HfdGpGC.exe
  C:\Windows\System32\HfdGpGC.exe
  2⤵
  PID:4452
- C:\Windows\System32\FYCvlDB.exe
  C:\Windows\System32\FYCvlDB.exe
  2⤵
  PID:388
- C:\Windows\System32\RRNNCVV.exe
  C:\Windows\System32\RRNNCVV.exe
  2⤵
  PID:400
- C:\Windows\System32\jJuGtCN.exe
  C:\Windows\System32\jJuGtCN.exe
  2⤵
  PID:4016
- C:\Windows\System32\HAwcpMP.exe
  C:\Windows\System32\HAwcpMP.exe
  2⤵
  PID:1312
- C:\Windows\System32\FwraPIN.exe
  C:\Windows\System32\FwraPIN.exe
  2⤵
  PID:4536
- C:\Windows\System32\BZFrIvU.exe
  C:\Windows\System32\BZFrIvU.exe
  2⤵
  PID:3184
- C:\Windows\System32\fnkFhDj.exe
  C:\Windows\System32\fnkFhDj.exe
  2⤵
  PID:2708
- C:\Windows\System32\WVNsFtf.exe
  C:\Windows\System32\WVNsFtf.exe
  2⤵
  PID:4260
- C:\Windows\System32\DkXghYP.exe
  C:\Windows\System32\DkXghYP.exe
  2⤵
  PID:4416
- C:\Windows\System32\IvwoLhn.exe
  C:\Windows\System32\IvwoLhn.exe
  2⤵
  PID:4356
- C:\Windows\System32\Kcjfjsc.exe
  C:\Windows\System32\Kcjfjsc.exe
  2⤵
  PID:1104
- C:\Windows\System32\BiukXcI.exe
  C:\Windows\System32\BiukXcI.exe
  2⤵
  PID:4592
- C:\Windows\System32\kTbvubS.exe
  C:\Windows\System32\kTbvubS.exe
  2⤵
  PID:5128
- C:\Windows\System32\NdqOqVG.exe
  C:\Windows\System32\NdqOqVG.exe
  2⤵
  PID:5152
- C:\Windows\System32\tXrWvnL.exe
  C:\Windows\System32\tXrWvnL.exe
  2⤵
  PID:5200
- C:\Windows\System32\VCqIJjn.exe
  C:\Windows\System32\VCqIJjn.exe
  2⤵
  PID:5220
- C:\Windows\System32\OCjVdzs.exe
  C:\Windows\System32\OCjVdzs.exe
  2⤵
  PID:5236
- C:\Windows\System32\oXPEvSp.exe
  C:\Windows\System32\oXPEvSp.exe
  2⤵
  PID:5264
- C:\Windows\System32\LRjxkeG.exe
  C:\Windows\System32\LRjxkeG.exe
  2⤵
  PID:5296
- C:\Windows\System32\EuLZbQB.exe
  C:\Windows\System32\EuLZbQB.exe
  2⤵
  PID:5324
- C:\Windows\System32\xkFhFlj.exe
  C:\Windows\System32\xkFhFlj.exe
  2⤵
  PID:5352
- C:\Windows\System32\HAJiPpd.exe
  C:\Windows\System32\HAJiPpd.exe
  2⤵
  PID:5380
- C:\Windows\System32\ghFfSBj.exe
  C:\Windows\System32\ghFfSBj.exe
  2⤵
  PID:5408
- C:\Windows\System32\zlWRpmH.exe
  C:\Windows\System32\zlWRpmH.exe
  2⤵
  PID:5436
- C:\Windows\System32\ITnKvpZ.exe
  C:\Windows\System32\ITnKvpZ.exe
  2⤵
  PID:5464
- C:\Windows\System32\Alwgreh.exe
  C:\Windows\System32\Alwgreh.exe
  2⤵
  PID:5492
- C:\Windows\System32\kXlGrkw.exe
  C:\Windows\System32\kXlGrkw.exe
  2⤵
  PID:5516
- C:\Windows\System32\JIcFZon.exe
  C:\Windows\System32\JIcFZon.exe
  2⤵
  PID:5548
- C:\Windows\System32\OpyMrRs.exe
  C:\Windows\System32\OpyMrRs.exe
  2⤵
  PID:5584
- C:\Windows\System32\HWRItUj.exe
  C:\Windows\System32\HWRItUj.exe
  2⤵
  PID:5604
- C:\Windows\System32\emCfPJz.exe
  C:\Windows\System32\emCfPJz.exe
  2⤵
  PID:5632
- C:\Windows\System32\FCbahYT.exe
  C:\Windows\System32\FCbahYT.exe
  2⤵
  PID:5672
- C:\Windows\System32\uMiqaid.exe
  C:\Windows\System32\uMiqaid.exe
  2⤵
  PID:5688
- C:\Windows\System32\UFQYlUl.exe
  C:\Windows\System32\UFQYlUl.exe
  2⤵
  PID:5712
- C:\Windows\System32\TfPMdtr.exe
  C:\Windows\System32\TfPMdtr.exe
  2⤵
  PID:6008
- C:\Windows\System32\lLXSMgS.exe
  C:\Windows\System32\lLXSMgS.exe
  2⤵
  PID:6052
- C:\Windows\System32\TKTzuRv.exe
  C:\Windows\System32\TKTzuRv.exe
  2⤵
  PID:6092
- C:\Windows\System32\zidumEo.exe
  C:\Windows\System32\zidumEo.exe
  2⤵
  PID:6112
- C:\Windows\System32\SBZhqcf.exe
  C:\Windows\System32\SBZhqcf.exe
  2⤵
  PID:6132
- C:\Windows\System32\BPTNMxL.exe
  C:\Windows\System32\BPTNMxL.exe
  2⤵
  PID:3712
- C:\Windows\System32\PTySWQb.exe
  C:\Windows\System32\PTySWQb.exe
  2⤵
  PID:2148
- C:\Windows\System32\cfihlHL.exe
  C:\Windows\System32\cfihlHL.exe
  2⤵
  PID:1600
- C:\Windows\System32\hfPqooh.exe
  C:\Windows\System32\hfPqooh.exe
  2⤵
  PID:4684
- C:\Windows\System32\lyAYEbc.exe
  C:\Windows\System32\lyAYEbc.exe
  2⤵
  PID:100
- C:\Windows\System32\TLvkPKn.exe
  C:\Windows\System32\TLvkPKn.exe
  2⤵
  PID:5164
- C:\Windows\System32\SqTPRls.exe
  C:\Windows\System32\SqTPRls.exe
  2⤵
  PID:5256
- C:\Windows\System32\fzOfrFh.exe
  C:\Windows\System32\fzOfrFh.exe
  2⤵
  PID:5416
- C:\Windows\System32\AiRoAyN.exe
  C:\Windows\System32\AiRoAyN.exe
  2⤵
  PID:5456
- C:\Windows\System32\CcLPiLr.exe
  C:\Windows\System32\CcLPiLr.exe
  2⤵
  PID:5504
- C:\Windows\System32\hMGJnQI.exe
  C:\Windows\System32\hMGJnQI.exe
  2⤵
  PID:5532
- C:\Windows\System32\sVSweSx.exe
  C:\Windows\System32\sVSweSx.exe
  2⤵
  PID:5556
- C:\Windows\System32\KhUWPdA.exe
  C:\Windows\System32\KhUWPdA.exe
  2⤵
  PID:5600
- C:\Windows\System32\qJQQwZb.exe
  C:\Windows\System32\qJQQwZb.exe
  2⤵
  PID:1288
- C:\Windows\System32\oGzlVKf.exe
  C:\Windows\System32\oGzlVKf.exe
  2⤵
  PID:5696
- C:\Windows\System32\SdHzDRn.exe
  C:\Windows\System32\SdHzDRn.exe
  2⤵
  PID:1512
- C:\Windows\System32\BEHfZAe.exe
  C:\Windows\System32\BEHfZAe.exe
  2⤵
  PID:5792
- C:\Windows\System32\lYwgrvQ.exe
  C:\Windows\System32\lYwgrvQ.exe
  2⤵
  PID:5944
- C:\Windows\System32\EydTBFi.exe
  C:\Windows\System32\EydTBFi.exe
  2⤵
  PID:1716
- C:\Windows\System32\BqZxUkD.exe
  C:\Windows\System32\BqZxUkD.exe
  2⤵
  PID:3096
- C:\Windows\System32\hnEufqt.exe
  C:\Windows\System32\hnEufqt.exe
  2⤵
  PID:5800
- C:\Windows\System32\dWJZyZs.exe
  C:\Windows\System32\dWJZyZs.exe
  2⤵
  PID:4476
- C:\Windows\System32\uUEHwKO.exe
  C:\Windows\System32\uUEHwKO.exe
  2⤵
  PID:5848
- C:\Windows\System32\TyRdfrC.exe
  C:\Windows\System32\TyRdfrC.exe
  2⤵
  PID:6004
- C:\Windows\System32\qoVvmUJ.exe
  C:\Windows\System32\qoVvmUJ.exe
  2⤵
  PID:5872
- C:\Windows\System32\NIzcghF.exe
  C:\Windows\System32\NIzcghF.exe
  2⤵
  PID:5888
- C:\Windows\System32\aKwQXWC.exe
  C:\Windows\System32\aKwQXWC.exe
  2⤵
  PID:5904
- C:\Windows\System32\AfOSkOG.exe
  C:\Windows\System32\AfOSkOG.exe
  2⤵
  PID:3368
- C:\Windows\System32\DFfbtkQ.exe
  C:\Windows\System32\DFfbtkQ.exe
  2⤵
  PID:6020
- C:\Windows\System32\ZHqNeua.exe
  C:\Windows\System32\ZHqNeua.exe
  2⤵
  PID:6072
- C:\Windows\System32\VfctXNX.exe
  C:\Windows\System32\VfctXNX.exe
  2⤵
  PID:1708
- C:\Windows\System32\aeBQSqG.exe
  C:\Windows\System32\aeBQSqG.exe
  2⤵
  PID:4100
- C:\Windows\System32\fxSZtue.exe
  C:\Windows\System32\fxSZtue.exe
  2⤵
  PID:5280
- C:\Windows\System32\yTDwlhF.exe
  C:\Windows\System32\yTDwlhF.exe
  2⤵
  PID:3472
- C:\Windows\System32\TLUVQBJ.exe
  C:\Windows\System32\TLUVQBJ.exe
  2⤵
  PID:3948
- C:\Windows\System32\slIIAcm.exe
  C:\Windows\System32\slIIAcm.exe
  2⤵
  PID:5540
- C:\Windows\System32\BhoDFeY.exe
  C:\Windows\System32\BhoDFeY.exe
  2⤵
  PID:5652
- C:\Windows\System32\iaegkhv.exe
  C:\Windows\System32\iaegkhv.exe
  2⤵
  PID:2840
- C:\Windows\System32\ehnLPgP.exe
  C:\Windows\System32\ehnLPgP.exe
  2⤵
  PID:4280
- C:\Windows\System32\eqtRKWH.exe
  C:\Windows\System32\eqtRKWH.exe
  2⤵
  PID:3068
- C:\Windows\System32\UPudhty.exe
  C:\Windows\System32\UPudhty.exe
  2⤵
  PID:4680
- C:\Windows\System32\RzDClmx.exe
  C:\Windows\System32\RzDClmx.exe
  2⤵
  PID:5968
- C:\Windows\System32\rQohqhT.exe
  C:\Windows\System32\rQohqhT.exe
  2⤵
  PID:1792
- C:\Windows\System32\gbDVSuB.exe
  C:\Windows\System32\gbDVSuB.exe
  2⤵
  PID:5924
- C:\Windows\System32\iGEKMcZ.exe
  C:\Windows\System32\iGEKMcZ.exe
  2⤵
  PID:5964
- C:\Windows\System32\pffveTv.exe
  C:\Windows\System32\pffveTv.exe
  2⤵
  PID:2628
- C:\Windows\System32\PZTirKW.exe
  C:\Windows\System32\PZTirKW.exe
  2⤵
  PID:5640
- C:\Windows\System32\ozisenR.exe
  C:\Windows\System32\ozisenR.exe
  2⤵
  PID:2376
- C:\Windows\System32\RuLWNIe.exe
  C:\Windows\System32\RuLWNIe.exe
  2⤵
  PID:5928
- C:\Windows\System32\vorvJBG.exe
  C:\Windows\System32\vorvJBG.exe
  2⤵
  PID:1300
- C:\Windows\System32\opnYXvL.exe
  C:\Windows\System32\opnYXvL.exe
  2⤵
  PID:2648
- C:\Windows\System32\oGmtGDE.exe
  C:\Windows\System32\oGmtGDE.exe
  2⤵
  PID:5972
- C:\Windows\System32\cLpQnig.exe
  C:\Windows\System32\cLpQnig.exe
  2⤵
  PID:6040
- C:\Windows\System32\hMistkF.exe
  C:\Windows\System32\hMistkF.exe
  2⤵
  PID:5512
- C:\Windows\System32\Gzlmnyd.exe
  C:\Windows\System32\Gzlmnyd.exe
  2⤵
  PID:5816
- C:\Windows\System32\iKUiZaR.exe
  C:\Windows\System32\iKUiZaR.exe
  2⤵
  PID:5980
- C:\Windows\System32\GRKzNEq.exe
  C:\Windows\System32\GRKzNEq.exe
  2⤵
  PID:6200
- C:\Windows\System32\SEnxyxB.exe
  C:\Windows\System32\SEnxyxB.exe
  2⤵
  PID:6216
- C:\Windows\System32\bQrIDVi.exe
  C:\Windows\System32\bQrIDVi.exe
  2⤵
  PID:6240
- C:\Windows\System32\avlVrof.exe
  C:\Windows\System32\avlVrof.exe
  2⤵
  PID:6276
- C:\Windows\System32\CNzgqiF.exe
  C:\Windows\System32\CNzgqiF.exe
  2⤵
  PID:6388
- C:\Windows\System32\VXMqjmI.exe
  C:\Windows\System32\VXMqjmI.exe
  2⤵
  PID:6444
- C:\Windows\System32\XEobqyN.exe
  C:\Windows\System32\XEobqyN.exe
  2⤵
  PID:6464
- C:\Windows\System32\EfyqPXC.exe
  C:\Windows\System32\EfyqPXC.exe
  2⤵
  PID:6484
- C:\Windows\System32\uvMwZLz.exe
  C:\Windows\System32\uvMwZLz.exe
  2⤵
  PID:6520
- C:\Windows\System32\IYUOMQU.exe
  C:\Windows\System32\IYUOMQU.exe
  2⤵
  PID:6540
- C:\Windows\System32\LAstslc.exe
  C:\Windows\System32\LAstslc.exe
  2⤵
  PID:6572
- C:\Windows\System32\SbpViAB.exe
  C:\Windows\System32\SbpViAB.exe
  2⤵
  PID:6600
- C:\Windows\System32\QTyBJZE.exe
  C:\Windows\System32\QTyBJZE.exe
  2⤵
  PID:6616
- C:\Windows\System32\ZVuTDkS.exe
  C:\Windows\System32\ZVuTDkS.exe
  2⤵
  PID:6640
- C:\Windows\System32\JTbxxTV.exe
  C:\Windows\System32\JTbxxTV.exe
  2⤵
  PID:6656
- C:\Windows\System32\hrmRtCn.exe
  C:\Windows\System32\hrmRtCn.exe
  2⤵
  PID:6700
- C:\Windows\System32\xNVRXST.exe
  C:\Windows\System32\xNVRXST.exe
  2⤵
  PID:6744
- C:\Windows\System32\ogviLXt.exe
  C:\Windows\System32\ogviLXt.exe
  2⤵
  PID:6764
- C:\Windows\System32\rwzkatH.exe
  C:\Windows\System32\rwzkatH.exe
  2⤵
  PID:6792
- C:\Windows\System32\zkTjTJs.exe
  C:\Windows\System32\zkTjTJs.exe
  2⤵
  PID:6824
- C:\Windows\System32\JSWSqzg.exe
  C:\Windows\System32\JSWSqzg.exe
  2⤵
  PID:6848
- C:\Windows\System32\AKdSwzP.exe
  C:\Windows\System32\AKdSwzP.exe
  2⤵
  PID:6868
- C:\Windows\System32\jGJneoe.exe
  C:\Windows\System32\jGJneoe.exe
  2⤵
  PID:6892
- C:\Windows\System32\BWYJbix.exe
  C:\Windows\System32\BWYJbix.exe
  2⤵
  PID:6908
- C:\Windows\System32\ntybiPO.exe
  C:\Windows\System32\ntybiPO.exe
  2⤵
  PID:6944
- C:\Windows\System32\RGOXnZL.exe
  C:\Windows\System32\RGOXnZL.exe
  2⤵
  PID:6968
- C:\Windows\System32\ByBzMDb.exe
  C:\Windows\System32\ByBzMDb.exe
  2⤵
  PID:7016
- C:\Windows\System32\OFqaAIV.exe
  C:\Windows\System32\OFqaAIV.exe
  2⤵
  PID:7044
- C:\Windows\System32\LMZPqpe.exe
  C:\Windows\System32\LMZPqpe.exe
  2⤵
  PID:7076
- C:\Windows\System32\stuktKf.exe
  C:\Windows\System32\stuktKf.exe
  2⤵
  PID:7092
- C:\Windows\System32\bffiRjc.exe
  C:\Windows\System32\bffiRjc.exe
  2⤵
  PID:7116
- C:\Windows\System32\QPZffZW.exe
  C:\Windows\System32\QPZffZW.exe
  2⤵
  PID:7132
- C:\Windows\System32\hZLtWLw.exe
  C:\Windows\System32\hZLtWLw.exe
  2⤵
  PID:6164
- C:\Windows\System32\kzMAEId.exe
  C:\Windows\System32\kzMAEId.exe
  2⤵
  PID:6236
- C:\Windows\System32\RIKZhHU.exe
  C:\Windows\System32\RIKZhHU.exe
  2⤵
  PID:6284
- C:\Windows\System32\aMizSHF.exe
  C:\Windows\System32\aMizSHF.exe
  2⤵
  PID:6152
- C:\Windows\System32\OnowqrV.exe
  C:\Windows\System32\OnowqrV.exe
  2⤵
  PID:6344
- C:\Windows\System32\QhNZyWr.exe
  C:\Windows\System32\QhNZyWr.exe
  2⤵
  PID:6176
- C:\Windows\System32\lwgjwQW.exe
  C:\Windows\System32\lwgjwQW.exe
  2⤵
  PID:6196
- C:\Windows\System32\AfQifsS.exe
  C:\Windows\System32\AfQifsS.exe
  2⤵
  PID:6424
- C:\Windows\System32\cdnzckw.exe
  C:\Windows\System32\cdnzckw.exe
  2⤵
  PID:6348
- C:\Windows\System32\Qhnftzw.exe
  C:\Windows\System32\Qhnftzw.exe
  2⤵
  PID:6452
- C:\Windows\System32\TZYZguE.exe
  C:\Windows\System32\TZYZguE.exe
  2⤵
  PID:6556
- C:\Windows\System32\JVjmSED.exe
  C:\Windows\System32\JVjmSED.exe
  2⤵
  PID:6636
- C:\Windows\System32\okJmWLY.exe
  C:\Windows\System32\okJmWLY.exe
  2⤵
  PID:6648
- C:\Windows\System32\UEiZNgj.exe
  C:\Windows\System32\UEiZNgj.exe
  2⤵
  PID:6720
- C:\Windows\System32\XwWpiJs.exe
  C:\Windows\System32\XwWpiJs.exe
  2⤵
  PID:6860
- C:\Windows\System32\tanaWsT.exe
  C:\Windows\System32\tanaWsT.exe
  2⤵
  PID:6900
- C:\Windows\System32\XUchwxr.exe
  C:\Windows\System32\XUchwxr.exe
  2⤵
  PID:7060
- C:\Windows\System32\iyyOSJb.exe
  C:\Windows\System32\iyyOSJb.exe
  2⤵
  PID:7124
- C:\Windows\System32\YTlypGT.exe
  C:\Windows\System32\YTlypGT.exe
  2⤵
  PID:7148
- C:\Windows\System32\ZknMWYk.exe
  C:\Windows\System32\ZknMWYk.exe
  2⤵
  PID:6288
- C:\Windows\System32\zDDWFnH.exe
  C:\Windows\System32\zDDWFnH.exe
  2⤵
  PID:6260
- C:\Windows\System32\kqXmJre.exe
  C:\Windows\System32\kqXmJre.exe
  2⤵
  PID:6492
- C:\Windows\System32\iFeeOVL.exe
  C:\Windows\System32\iFeeOVL.exe
  2⤵
  PID:6104
- C:\Windows\System32\eDngKUg.exe
  C:\Windows\System32\eDngKUg.exe
  2⤵
  PID:6456
- C:\Windows\System32\TCuIwEg.exe
  C:\Windows\System32\TCuIwEg.exe
  2⤵
  PID:6672
- C:\Windows\System32\cfmizwP.exe
  C:\Windows\System32\cfmizwP.exe
  2⤵
  PID:6836
- C:\Windows\System32\ymQvYzy.exe
  C:\Windows\System32\ymQvYzy.exe
  2⤵
  PID:6812
- C:\Windows\System32\hqstCXD.exe
  C:\Windows\System32\hqstCXD.exe
  2⤵
  PID:6916
- C:\Windows\System32\dfhOmdK.exe
  C:\Windows\System32\dfhOmdK.exe
  2⤵
  PID:7100
- C:\Windows\System32\NczlZNF.exe
  C:\Windows\System32\NczlZNF.exe
  2⤵
  PID:6252
- C:\Windows\System32\hYyhWWP.exe
  C:\Windows\System32\hYyhWWP.exe
  2⤵
  PID:7128
- C:\Windows\System32\VoJYzus.exe
  C:\Windows\System32\VoJYzus.exe
  2⤵
  PID:6756
- C:\Windows\System32\rIGxgKY.exe
  C:\Windows\System32\rIGxgKY.exe
  2⤵
  PID:6432
- C:\Windows\System32\rlrKGzi.exe
  C:\Windows\System32\rlrKGzi.exe
  2⤵
  PID:7180
- C:\Windows\System32\dtoCVuh.exe
  C:\Windows\System32\dtoCVuh.exe
  2⤵
  PID:7204
- C:\Windows\System32\CWMqkMX.exe
  C:\Windows\System32\CWMqkMX.exe
  2⤵
  PID:7224
- C:\Windows\System32\GUKhpgJ.exe
  C:\Windows\System32\GUKhpgJ.exe
  2⤵
  PID:7256
- C:\Windows\System32\DfJePMr.exe
  C:\Windows\System32\DfJePMr.exe
  2⤵
  PID:7280
- C:\Windows\System32\PFlfNCy.exe
  C:\Windows\System32\PFlfNCy.exe
  2⤵
  PID:7312
- C:\Windows\System32\dnhJMBO.exe
  C:\Windows\System32\dnhJMBO.exe
  2⤵
  PID:7332
- C:\Windows\System32\HbmZxqD.exe
  C:\Windows\System32\HbmZxqD.exe
  2⤵
  PID:7372
- C:\Windows\System32\GelLifC.exe
  C:\Windows\System32\GelLifC.exe
  2⤵
  PID:7388
- C:\Windows\System32\BKJVOsJ.exe
  C:\Windows\System32\BKJVOsJ.exe
  2⤵
  PID:7432
- C:\Windows\System32\MbhBGFQ.exe
  C:\Windows\System32\MbhBGFQ.exe
  2⤵
  PID:7452
- C:\Windows\System32\dpTJPWd.exe
  C:\Windows\System32\dpTJPWd.exe
  2⤵
  PID:7500
- C:\Windows\System32\DQjqZpX.exe
  C:\Windows\System32\DQjqZpX.exe
  2⤵
  PID:7532
- C:\Windows\System32\wMlrEja.exe
  C:\Windows\System32\wMlrEja.exe
  2⤵
  PID:7560
- C:\Windows\System32\ZMxZmaf.exe
  C:\Windows\System32\ZMxZmaf.exe
  2⤵
  PID:7584
- C:\Windows\System32\CwpaIRI.exe
  C:\Windows\System32\CwpaIRI.exe
  2⤵
  PID:7600
- C:\Windows\System32\gmWHsWo.exe
  C:\Windows\System32\gmWHsWo.exe
  2⤵
  PID:7620
- C:\Windows\System32\nBMetjP.exe
  C:\Windows\System32\nBMetjP.exe
  2⤵
  PID:7644
- C:\Windows\System32\DDPIqqa.exe
  C:\Windows\System32\DDPIqqa.exe
  2⤵
  PID:7672
- C:\Windows\System32\TRfVxJw.exe
  C:\Windows\System32\TRfVxJw.exe
  2⤵
  PID:7724
- C:\Windows\System32\SWjmSGZ.exe
  C:\Windows\System32\SWjmSGZ.exe
  2⤵
  PID:7752
- C:\Windows\System32\HyteiUs.exe
  C:\Windows\System32\HyteiUs.exe
  2⤵
  PID:7772
- C:\Windows\System32\mlxDXop.exe
  C:\Windows\System32\mlxDXop.exe
  2⤵
  PID:7820
- C:\Windows\System32\NZJbuDa.exe
  C:\Windows\System32\NZJbuDa.exe
  2⤵
  PID:7836
- C:\Windows\System32\TGPeXGn.exe
  C:\Windows\System32\TGPeXGn.exe
  2⤵
  PID:7856
- C:\Windows\System32\Dkgxzix.exe
  C:\Windows\System32\Dkgxzix.exe
  2⤵
  PID:7892
- C:\Windows\System32\jgMoJli.exe
  C:\Windows\System32\jgMoJli.exe
  2⤵
  PID:7920
- C:\Windows\System32\zTBucbQ.exe
  C:\Windows\System32\zTBucbQ.exe
  2⤵
  PID:7940
- C:\Windows\System32\rgsMesM.exe
  C:\Windows\System32\rgsMesM.exe
  2⤵
  PID:7960
- C:\Windows\System32\caPFfpq.exe
  C:\Windows\System32\caPFfpq.exe
  2⤵
  PID:7980
- C:\Windows\System32\oWQJvXQ.exe
  C:\Windows\System32\oWQJvXQ.exe
  2⤵
  PID:8008
- C:\Windows\System32\QuBLska.exe
  C:\Windows\System32\QuBLska.exe
  2⤵
  PID:8052
- C:\Windows\System32\wbgaoRj.exe
  C:\Windows\System32\wbgaoRj.exe
  2⤵
  PID:8080
- C:\Windows\System32\tkHMTvk.exe
  C:\Windows\System32\tkHMTvk.exe
  2⤵
  PID:8112
- C:\Windows\System32\HsnkdSQ.exe
  C:\Windows\System32\HsnkdSQ.exe
  2⤵
  PID:8132
- C:\Windows\System32\TnlsDTc.exe
  C:\Windows\System32\TnlsDTc.exe
  2⤵
  PID:8152
- C:\Windows\System32\cUFJtnS.exe
  C:\Windows\System32\cUFJtnS.exe
  2⤵
  PID:8180
- C:\Windows\System32\GxparFY.exe
  C:\Windows\System32\GxparFY.exe
  2⤵
  PID:7176
- C:\Windows\System32\HarXsmb.exe
  C:\Windows\System32\HarXsmb.exe
  2⤵
  PID:6516
- C:\Windows\System32\pYGalIJ.exe
  C:\Windows\System32\pYGalIJ.exe
  2⤵
  PID:7276
- C:\Windows\System32\PUystsg.exe
  C:\Windows\System32\PUystsg.exe
  2⤵
  PID:7292
- C:\Windows\System32\FwOMZWQ.exe
  C:\Windows\System32\FwOMZWQ.exe
  2⤵
  PID:7324
- C:\Windows\System32\HNrsUHf.exe
  C:\Windows\System32\HNrsUHf.exe
  2⤵
  PID:7416
- C:\Windows\System32\kquzssq.exe
  C:\Windows\System32\kquzssq.exe
  2⤵
  PID:7468
- C:\Windows\System32\reYOnOr.exe
  C:\Windows\System32\reYOnOr.exe
  2⤵
  PID:7652
- C:\Windows\System32\kPyXfoQ.exe
  C:\Windows\System32\kPyXfoQ.exe
  2⤵
  PID:7696
- C:\Windows\System32\eBTeCiB.exe
  C:\Windows\System32\eBTeCiB.exe
  2⤵
  PID:7804
- C:\Windows\System32\mkzjseQ.exe
  C:\Windows\System32\mkzjseQ.exe
  2⤵
  PID:7832
- C:\Windows\System32\FOdAbYO.exe
  C:\Windows\System32\FOdAbYO.exe
  2⤵
  PID:7904
- C:\Windows\System32\UXEBIgH.exe
  C:\Windows\System32\UXEBIgH.exe
  2⤵
  PID:7972
- C:\Windows\System32\TABBMvF.exe
  C:\Windows\System32\TABBMvF.exe
  2⤵
  PID:8004
- C:\Windows\System32\VmaEKzK.exe
  C:\Windows\System32\VmaEKzK.exe
  2⤵
  PID:8140
- C:\Windows\System32\soIFuhc.exe
  C:\Windows\System32\soIFuhc.exe
  2⤵
  PID:8176
- C:\Windows\System32\ZlHvftX.exe
  C:\Windows\System32\ZlHvftX.exe
  2⤵
  PID:6788
- C:\Windows\System32\SEGimBY.exe
  C:\Windows\System32\SEGimBY.exe
  2⤵
  PID:7340
- C:\Windows\System32\RCWjMJl.exe
  C:\Windows\System32\RCWjMJl.exe
  2⤵
  PID:7368
- C:\Windows\System32\LfBUdPG.exe
  C:\Windows\System32\LfBUdPG.exe
  2⤵
  PID:7544
- C:\Windows\System32\mtEExzn.exe
  C:\Windows\System32\mtEExzn.exe
  2⤵
  PID:7780
- C:\Windows\System32\WwPVlJp.exe
  C:\Windows\System32\WwPVlJp.exe
  2⤵
  PID:7936
- C:\Windows\System32\IFsbpbo.exe
  C:\Windows\System32\IFsbpbo.exe
  2⤵
  PID:8020
- C:\Windows\System32\IvWDPIY.exe
  C:\Windows\System32\IvWDPIY.exe
  2⤵
  PID:7380
- C:\Windows\System32\UBZNwfA.exe
  C:\Windows\System32\UBZNwfA.exe
  2⤵
  PID:6784
- C:\Windows\System32\xoJFoSc.exe
  C:\Windows\System32\xoJFoSc.exe
  2⤵
  PID:7864
- C:\Windows\System32\ZqQjZSW.exe
  C:\Windows\System32\ZqQjZSW.exe
  2⤵
  PID:7580
- C:\Windows\System32\fcSiyUN.exe
  C:\Windows\System32\fcSiyUN.exe
  2⤵
  PID:7948
- C:\Windows\System32\xUBnzCF.exe
  C:\Windows\System32\xUBnzCF.exe
  2⤵
  PID:8216
- C:\Windows\System32\CgQbSON.exe
  C:\Windows\System32\CgQbSON.exe
  2⤵
  PID:8244
- C:\Windows\System32\YgxMNZe.exe
  C:\Windows\System32\YgxMNZe.exe
  2⤵
  PID:8264
- C:\Windows\System32\wrkfdJe.exe
  C:\Windows\System32\wrkfdJe.exe
  2⤵
  PID:8292
- C:\Windows\System32\guyhFwd.exe
  C:\Windows\System32\guyhFwd.exe
  2⤵
  PID:8332
- C:\Windows\System32\LBPDJbE.exe
  C:\Windows\System32\LBPDJbE.exe
  2⤵
  PID:8380
- C:\Windows\System32\oGSaDyB.exe
  C:\Windows\System32\oGSaDyB.exe
  2⤵
  PID:8404
- C:\Windows\System32\XupkkCw.exe
  C:\Windows\System32\XupkkCw.exe
  2⤵
  PID:8424
- C:\Windows\System32\IjiLlKg.exe
  C:\Windows\System32\IjiLlKg.exe
  2⤵
  PID:8460
- C:\Windows\System32\irlKYkS.exe
  C:\Windows\System32\irlKYkS.exe
  2⤵
  PID:8480
- C:\Windows\System32\htTfBqn.exe
  C:\Windows\System32\htTfBqn.exe
  2⤵
  PID:8496
- C:\Windows\System32\GZFSorp.exe
  C:\Windows\System32\GZFSorp.exe
  2⤵
  PID:8528
- C:\Windows\System32\ztruoBN.exe
  C:\Windows\System32\ztruoBN.exe
  2⤵
  PID:8572
- C:\Windows\System32\fvPIgGX.exe
  C:\Windows\System32\fvPIgGX.exe
  2⤵
  PID:8604
- C:\Windows\System32\ACbgYJE.exe
  C:\Windows\System32\ACbgYJE.exe
  2⤵
  PID:8620
- C:\Windows\System32\KxkapAn.exe
  C:\Windows\System32\KxkapAn.exe
  2⤵
  PID:8640
- C:\Windows\System32\usXbgIc.exe
  C:\Windows\System32\usXbgIc.exe
  2⤵
  PID:8664
- C:\Windows\System32\OZLkjov.exe
  C:\Windows\System32\OZLkjov.exe
  2⤵
  PID:8688
- C:\Windows\System32\KxAPwCe.exe
  C:\Windows\System32\KxAPwCe.exe
  2⤵
  PID:8708
- C:\Windows\System32\HnGtGyP.exe
  C:\Windows\System32\HnGtGyP.exe
  2⤵
  PID:8736
- C:\Windows\System32\WSSmIVS.exe
  C:\Windows\System32\WSSmIVS.exe
  2⤵
  PID:8760
- C:\Windows\System32\ZpMmPZa.exe
  C:\Windows\System32\ZpMmPZa.exe
  2⤵
  PID:8796
- C:\Windows\System32\LVxojdo.exe
  C:\Windows\System32\LVxojdo.exe
  2⤵
  PID:8844
- C:\Windows\System32\rnTzTLs.exe
  C:\Windows\System32\rnTzTLs.exe
  2⤵
  PID:8872
- C:\Windows\System32\ssSZCPw.exe
  C:\Windows\System32\ssSZCPw.exe
  2⤵
  PID:8892
- C:\Windows\System32\jHIbBrZ.exe
  C:\Windows\System32\jHIbBrZ.exe
  2⤵
  PID:8908
- C:\Windows\System32\tUIofYz.exe
  C:\Windows\System32\tUIofYz.exe
  2⤵
  PID:8936
- C:\Windows\System32\vXbAVzR.exe
  C:\Windows\System32\vXbAVzR.exe
  2⤵
  PID:8964
- C:\Windows\System32\ahYBkdS.exe
  C:\Windows\System32\ahYBkdS.exe
  2⤵
  PID:8996
- C:\Windows\System32\ZCRUTdC.exe
  C:\Windows\System32\ZCRUTdC.exe
  2⤵
  PID:9032
- C:\Windows\System32\oqZacHr.exe
  C:\Windows\System32\oqZacHr.exe
  2⤵
  PID:9052
- C:\Windows\System32\HouYkDK.exe
  C:\Windows\System32\HouYkDK.exe
  2⤵
  PID:9088
- C:\Windows\System32\AlTmtbM.exe
  C:\Windows\System32\AlTmtbM.exe
  2⤵
  PID:9108
- C:\Windows\System32\Nxiivzu.exe
  C:\Windows\System32\Nxiivzu.exe
  2⤵
  PID:9148
- C:\Windows\System32\iAReNWU.exe
  C:\Windows\System32\iAReNWU.exe
  2⤵
  PID:9172
- C:\Windows\System32\oOLWKms.exe
  C:\Windows\System32\oOLWKms.exe
  2⤵
  PID:9212
- C:\Windows\System32\mqkmFPp.exe
  C:\Windows\System32\mqkmFPp.exe
  2⤵
  PID:8232
- C:\Windows\System32\dHlatoB.exe
  C:\Windows\System32\dHlatoB.exe
  2⤵
  PID:8272
- C:\Windows\System32\zPCxMtd.exe
  C:\Windows\System32\zPCxMtd.exe
  2⤵
  PID:8340
- C:\Windows\System32\ZsMYplW.exe
  C:\Windows\System32\ZsMYplW.exe
  2⤵
  PID:8416
- C:\Windows\System32\ilcdKGF.exe
  C:\Windows\System32\ilcdKGF.exe
  2⤵
  PID:8476
- C:\Windows\System32\BxcrDfr.exe
  C:\Windows\System32\BxcrDfr.exe
  2⤵
  PID:8488
- C:\Windows\System32\PVVKutk.exe
  C:\Windows\System32\PVVKutk.exe
  2⤵
  PID:8540
- C:\Windows\System32\VEyBkBd.exe
  C:\Windows\System32\VEyBkBd.exe
  2⤵
  PID:8612
- C:\Windows\System32\FhTeGZA.exe
  C:\Windows\System32\FhTeGZA.exe
  2⤵
  PID:8696
- C:\Windows\System32\VhDMiYM.exe
  C:\Windows\System32\VhDMiYM.exe
  2⤵
  PID:8756
- C:\Windows\System32\ShsRjBk.exe
  C:\Windows\System32\ShsRjBk.exe
  2⤵
  PID:8860
- C:\Windows\System32\GYiBEaz.exe
  C:\Windows\System32\GYiBEaz.exe
  2⤵
  PID:8900
- C:\Windows\System32\FRPjbxR.exe
  C:\Windows\System32\FRPjbxR.exe
  2⤵
  PID:9084
- C:\Windows\System32\JBUKQMW.exe
  C:\Windows\System32\JBUKQMW.exe
  2⤵
  PID:9104
- C:\Windows\System32\aPoJgNC.exe
  C:\Windows\System32\aPoJgNC.exe
  2⤵
  PID:9188
- C:\Windows\System32\MmNhelV.exe
  C:\Windows\System32\MmNhelV.exe
  2⤵
  PID:9196
- C:\Windows\System32\lZAVlbO.exe
  C:\Windows\System32\lZAVlbO.exe
  2⤵
  PID:8300
- C:\Windows\System32\MntPmuu.exe
  C:\Windows\System32\MntPmuu.exe
  2⤵
  PID:8436
- C:\Windows\System32\jGzGzsA.exe
  C:\Windows\System32\jGzGzsA.exe
  2⤵
  PID:8520
- C:\Windows\System32\oZnIAWG.exe
  C:\Windows\System32\oZnIAWG.exe
  2⤵
  PID:4988
- C:\Windows\System32\YVEAujQ.exe
  C:\Windows\System32\YVEAujQ.exe
  2⤵
  PID:8752
- C:\Windows\System32\vDHGFEm.exe
  C:\Windows\System32\vDHGFEm.exe
  2⤵
  PID:8944
- C:\Windows\System32\FMPygUI.exe
  C:\Windows\System32\FMPygUI.exe
  2⤵
  PID:9048
- C:\Windows\System32\clWtsBH.exe
  C:\Windows\System32\clWtsBH.exe
  2⤵
  PID:9164
- C:\Windows\System32\gOIdYKQ.exe
  C:\Windows\System32\gOIdYKQ.exe
  2⤵
  PID:8276
- C:\Windows\System32\kpVgnRx.exe
  C:\Windows\System32\kpVgnRx.exe
  2⤵
  PID:8600
- C:\Windows\System32\ScGOUne.exe
  C:\Windows\System32\ScGOUne.exe
  2⤵
  PID:9224
- C:\Windows\System32\kkkciVU.exe
  C:\Windows\System32\kkkciVU.exe
  2⤵
  PID:9256
- C:\Windows\System32\XUwOumR.exe
  C:\Windows\System32\XUwOumR.exe
  2⤵
  PID:9272
- C:\Windows\System32\ZaFxjBK.exe
  C:\Windows\System32\ZaFxjBK.exe
  2⤵
  PID:9300
- C:\Windows\System32\QPOaQlc.exe
  C:\Windows\System32\QPOaQlc.exe
  2⤵
  PID:9320
- C:\Windows\System32\CbksAvQ.exe
  C:\Windows\System32\CbksAvQ.exe
  2⤵
  PID:9344
- C:\Windows\System32\AuhbzDE.exe
  C:\Windows\System32\AuhbzDE.exe
  2⤵
  PID:9380
- C:\Windows\System32\IkRsyJy.exe
  C:\Windows\System32\IkRsyJy.exe
  2⤵
  PID:9400
- C:\Windows\System32\twivnID.exe
  C:\Windows\System32\twivnID.exe
  2⤵
  PID:9444
- C:\Windows\System32\hPRDrUw.exe
  C:\Windows\System32\hPRDrUw.exe
  2⤵
  PID:9480
- C:\Windows\System32\CMhnsjk.exe
  C:\Windows\System32\CMhnsjk.exe
  2⤵
  PID:9500
- C:\Windows\System32\UuSTwxr.exe
  C:\Windows\System32\UuSTwxr.exe
  2⤵
  PID:9524
- C:\Windows\System32\ybCczPi.exe
  C:\Windows\System32\ybCczPi.exe
  2⤵
  PID:9544
- C:\Windows\System32\dvYCyTZ.exe
  C:\Windows\System32\dvYCyTZ.exe
  2⤵
  PID:9584
- C:\Windows\System32\zdXFKgk.exe
  C:\Windows\System32\zdXFKgk.exe
  2⤵
  PID:9624
- C:\Windows\System32\DkcqGZs.exe
  C:\Windows\System32\DkcqGZs.exe
  2⤵
  PID:9648
- C:\Windows\System32\NUOetvf.exe
  C:\Windows\System32\NUOetvf.exe
  2⤵
  PID:9672
- C:\Windows\System32\KGZUKTY.exe
  C:\Windows\System32\KGZUKTY.exe
  2⤵
  PID:9688
- C:\Windows\System32\yFiSbNS.exe
  C:\Windows\System32\yFiSbNS.exe
  2⤵
  PID:9744
- C:\Windows\System32\qLYercT.exe
  C:\Windows\System32\qLYercT.exe
  2⤵
  PID:9768
- C:\Windows\System32\sOzvAKo.exe
  C:\Windows\System32\sOzvAKo.exe
  2⤵
  PID:9784
- C:\Windows\System32\ZyiCdwA.exe
  C:\Windows\System32\ZyiCdwA.exe
  2⤵
  PID:9820
- C:\Windows\System32\qGEisbO.exe
  C:\Windows\System32\qGEisbO.exe
  2⤵
  PID:9848
- C:\Windows\System32\PSGVblc.exe
  C:\Windows\System32\PSGVblc.exe
  2⤵
  PID:9868
- C:\Windows\System32\NprmTJK.exe
  C:\Windows\System32\NprmTJK.exe
  2⤵
  PID:9884
- C:\Windows\System32\tFHTjLf.exe
  C:\Windows\System32\tFHTjLf.exe
  2⤵
  PID:9900
- C:\Windows\System32\YRDcBlQ.exe
  C:\Windows\System32\YRDcBlQ.exe
  2⤵
  PID:9988
- C:\Windows\System32\dxZKefo.exe
  C:\Windows\System32\dxZKefo.exe
  2⤵
  PID:10004
- C:\Windows\System32\ZqqcGeA.exe
  C:\Windows\System32\ZqqcGeA.exe
  2⤵
  PID:10020
- C:\Windows\System32\PdzUvsJ.exe
  C:\Windows\System32\PdzUvsJ.exe
  2⤵
  PID:10040
- C:\Windows\System32\XDeSnjG.exe
  C:\Windows\System32\XDeSnjG.exe
  2⤵
  PID:10056
- C:\Windows\System32\FBerHOe.exe
  C:\Windows\System32\FBerHOe.exe
  2⤵
  PID:10084
- C:\Windows\System32\TSaliLr.exe
  C:\Windows\System32\TSaliLr.exe
  2⤵
  PID:10108
- C:\Windows\System32\nLMDQEz.exe
  C:\Windows\System32\nLMDQEz.exe
  2⤵
  PID:10156
- C:\Windows\System32\eUmHcTl.exe
  C:\Windows\System32\eUmHcTl.exe
  2⤵
  PID:10196
- C:\Windows\System32\btdJrpX.exe
  C:\Windows\System32\btdJrpX.exe
  2⤵
  PID:10216
- C:\Windows\System32\zTkPGgE.exe
  C:\Windows\System32\zTkPGgE.exe
  2⤵
  PID:10232
- C:\Windows\System32\cfdMxvO.exe
  C:\Windows\System32\cfdMxvO.exe
  2⤵
  PID:8888
- C:\Windows\System32\jOjHkfZ.exe
  C:\Windows\System32\jOjHkfZ.exe
  2⤵
  PID:8396
- C:\Windows\System32\lpmFzuk.exe
  C:\Windows\System32\lpmFzuk.exe
  2⤵
  PID:9328
- C:\Windows\System32\QubUdQg.exe
  C:\Windows\System32\QubUdQg.exe
  2⤵
  PID:9460
- C:\Windows\System32\kSpSaho.exe
  C:\Windows\System32\kSpSaho.exe
  2⤵
  PID:9492
- C:\Windows\System32\soJtzBv.exe
  C:\Windows\System32\soJtzBv.exe
  2⤵
  PID:9556
- C:\Windows\System32\fkGyIsa.exe
  C:\Windows\System32\fkGyIsa.exe
  2⤵
  PID:9596
- C:\Windows\System32\jtwQwVY.exe
  C:\Windows\System32\jtwQwVY.exe
  2⤵
  PID:9680
- C:\Windows\System32\AmaHvtH.exe
  C:\Windows\System32\AmaHvtH.exe
  2⤵
  PID:9776
- C:\Windows\System32\rLOqIbK.exe
  C:\Windows\System32\rLOqIbK.exe
  2⤵
  PID:9856
- C:\Windows\System32\umWuWJo.exe
  C:\Windows\System32\umWuWJo.exe
  2⤵
  PID:9896
- C:\Windows\System32\xQdfveP.exe
  C:\Windows\System32\xQdfveP.exe
  2⤵
  PID:9936
- C:\Windows\System32\tsTotQw.exe
  C:\Windows\System32\tsTotQw.exe
  2⤵
  PID:9984
- C:\Windows\System32\psNPXtD.exe
  C:\Windows\System32\psNPXtD.exe
  2⤵
  PID:10052
- C:\Windows\System32\fxwUiri.exe
  C:\Windows\System32\fxwUiri.exe
  2⤵
  PID:10104
- C:\Windows\System32\AStldUn.exe
  C:\Windows\System32\AStldUn.exe
  2⤵
  PID:10124
- C:\Windows\System32\orwKzei.exe
  C:\Windows\System32\orwKzei.exe
  2⤵
  PID:8088
- C:\Windows\System32\RwzoOyA.exe
  C:\Windows\System32\RwzoOyA.exe
  2⤵
  PID:9296
- C:\Windows\System32\MvzDeqg.exe
  C:\Windows\System32\MvzDeqg.exe
  2⤵
  PID:9412
- C:\Windows\System32\JSxOrcI.exe
  C:\Windows\System32\JSxOrcI.exe
  2⤵
  PID:9752
- C:\Windows\System32\jcTfOwz.exe
  C:\Windows\System32\jcTfOwz.exe
  2⤵
  PID:9828
- C:\Windows\System32\ErbqzuH.exe
  C:\Windows\System32\ErbqzuH.exe
  2⤵
  PID:10048
- C:\Windows\System32\YNZEQVT.exe
  C:\Windows\System32\YNZEQVT.exe
  2⤵
  PID:8988
- C:\Windows\System32\QtUgPJa.exe
  C:\Windows\System32\QtUgPJa.exe
  2⤵
  PID:9388
- C:\Windows\System32\EoLEqzY.exe
  C:\Windows\System32\EoLEqzY.exe
  2⤵
  PID:9924
- C:\Windows\System32\DutyGuX.exe
  C:\Windows\System32\DutyGuX.exe
  2⤵
  PID:10096
- C:\Windows\System32\hEPmlYo.exe
  C:\Windows\System32\hEPmlYo.exe
  2⤵
  PID:9632
- C:\Windows\System32\UOeixeu.exe
  C:\Windows\System32\UOeixeu.exe
  2⤵
  PID:10248
- C:\Windows\System32\syqNGCZ.exe
  C:\Windows\System32\syqNGCZ.exe
  2⤵
  PID:10268
- C:\Windows\System32\PSHwEuf.exe
  C:\Windows\System32\PSHwEuf.exe
  2⤵
  PID:10300
- C:\Windows\System32\RYfguen.exe
  C:\Windows\System32\RYfguen.exe
  2⤵
  PID:10336
- C:\Windows\System32\ezDCfqo.exe
  C:\Windows\System32\ezDCfqo.exe
  2⤵
  PID:10352
- C:\Windows\System32\EbWSeyN.exe
  C:\Windows\System32\EbWSeyN.exe
  2⤵
  PID:10372
- C:\Windows\System32\RPxdYUG.exe
  C:\Windows\System32\RPxdYUG.exe
  2⤵
  PID:10392
- C:\Windows\System32\TVCgsGe.exe
  C:\Windows\System32\TVCgsGe.exe
  2⤵
  PID:10440
- C:\Windows\System32\HXjxJUY.exe
  C:\Windows\System32\HXjxJUY.exe
  2⤵
  PID:10456
- C:\Windows\System32\KSnJpKO.exe
  C:\Windows\System32\KSnJpKO.exe
  2⤵
  PID:10480
- C:\Windows\System32\SEfmrsZ.exe
  C:\Windows\System32\SEfmrsZ.exe
  2⤵
  PID:10516
- C:\Windows\System32\idRBqcH.exe
  C:\Windows\System32\idRBqcH.exe
  2⤵
  PID:10576
- C:\Windows\System32\mWwfJDm.exe
  C:\Windows\System32\mWwfJDm.exe
  2⤵
  PID:10620
- C:\Windows\System32\rkUUuQs.exe
  C:\Windows\System32\rkUUuQs.exe
  2⤵
  PID:10636
- C:\Windows\System32\mJENvdm.exe
  C:\Windows\System32\mJENvdm.exe
  2⤵
  PID:10676
- C:\Windows\System32\afwfVIH.exe
  C:\Windows\System32\afwfVIH.exe
  2⤵
  PID:10696
- C:\Windows\System32\LNdhdmK.exe
  C:\Windows\System32\LNdhdmK.exe
  2⤵
  PID:10724
- C:\Windows\System32\QsZdDAu.exe
  C:\Windows\System32\QsZdDAu.exe
  2⤵
  PID:10740
- C:\Windows\System32\dXbXqVd.exe
  C:\Windows\System32\dXbXqVd.exe
  2⤵
  PID:10768
- C:\Windows\System32\CtLYkVe.exe
  C:\Windows\System32\CtLYkVe.exe
  2⤵
  PID:10796
- C:\Windows\System32\PaKufCc.exe
  C:\Windows\System32\PaKufCc.exe
  2⤵
  PID:10816
- C:\Windows\System32\fasTREk.exe
  C:\Windows\System32\fasTREk.exe
  2⤵
  PID:10832
- C:\Windows\System32\KxsfuYK.exe
  C:\Windows\System32\KxsfuYK.exe
  2⤵
  PID:10868
- C:\Windows\System32\OWIGoNP.exe
  C:\Windows\System32\OWIGoNP.exe
  2⤵
  PID:10884
- C:\Windows\System32\wAigQmG.exe
  C:\Windows\System32\wAigQmG.exe
  2⤵
  PID:10936
- C:\Windows\System32\OCtlYTi.exe
  C:\Windows\System32\OCtlYTi.exe
  2⤵
  PID:10968
- C:\Windows\System32\NjjKIuJ.exe
  C:\Windows\System32\NjjKIuJ.exe
  2⤵
  PID:10992
- C:\Windows\System32\WnHaiNu.exe
  C:\Windows\System32\WnHaiNu.exe
  2⤵
  PID:11012
- C:\Windows\System32\XqHvmvh.exe
  C:\Windows\System32\XqHvmvh.exe
  2⤵
  PID:11028
- C:\Windows\System32\GvImGbM.exe
  C:\Windows\System32\GvImGbM.exe
  2⤵
  PID:11044
- C:\Windows\System32\ltFXIiI.exe
  C:\Windows\System32\ltFXIiI.exe
  2⤵
  PID:11076
- C:\Windows\System32\LgHwfbP.exe
  C:\Windows\System32\LgHwfbP.exe
  2⤵
  PID:11092
- C:\Windows\System32\DxVRqtX.exe
  C:\Windows\System32\DxVRqtX.exe
  2⤵
  PID:11128
- C:\Windows\System32\mEZOUpc.exe
  C:\Windows\System32\mEZOUpc.exe
  2⤵
  PID:11176
- C:\Windows\System32\thoWKmM.exe
  C:\Windows\System32\thoWKmM.exe
  2⤵
  PID:11244
- C:\Windows\System32\FcWQsZX.exe
  C:\Windows\System32\FcWQsZX.exe
  2⤵
  PID:9732
- C:\Windows\System32\ikPnjmK.exe
  C:\Windows\System32\ikPnjmK.exe
  2⤵
  PID:10244
- C:\Windows\System32\ERhaahX.exe
  C:\Windows\System32\ERhaahX.exe
  2⤵
  PID:10320
- C:\Windows\System32\UCILKFV.exe
  C:\Windows\System32\UCILKFV.exe
  2⤵
  PID:10308
- C:\Windows\System32\DVvhgrw.exe
  C:\Windows\System32\DVvhgrw.exe
  2⤵
  PID:10384
- C:\Windows\System32\xgtVMtH.exe
  C:\Windows\System32\xgtVMtH.exe
  2⤵
  PID:10428
- C:\Windows\System32\Oyxzqhc.exe
  C:\Windows\System32\Oyxzqhc.exe
  2⤵
  PID:10540
- C:\Windows\System32\tEZnwQf.exe
  C:\Windows\System32\tEZnwQf.exe
  2⤵
  PID:10644
- C:\Windows\System32\mrJKLYD.exe
  C:\Windows\System32\mrJKLYD.exe
  2⤵
  PID:10684
- C:\Windows\System32\CniZChB.exe
  C:\Windows\System32\CniZChB.exe
  2⤵
  PID:10824
- C:\Windows\System32\ryGboAE.exe
  C:\Windows\System32\ryGboAE.exe
  2⤵
  PID:10812
- C:\Windows\System32\sFdKjyr.exe
  C:\Windows\System32\sFdKjyr.exe
  2⤵
  PID:10932
- C:\Windows\System32\mVgpaKJ.exe
  C:\Windows\System32\mVgpaKJ.exe
  2⤵
  PID:11004
- C:\Windows\System32\RovGacV.exe
  C:\Windows\System32\RovGacV.exe
  2⤵
  PID:11008
- C:\Windows\System32\fhHCjiz.exe
  C:\Windows\System32\fhHCjiz.exe
  2⤵
  PID:11108
- C:\Windows\System32\vpHeyhf.exe
  C:\Windows\System32\vpHeyhf.exe
  2⤵
  PID:10276
- C:\Windows\System32\NodSjXZ.exe
  C:\Windows\System32\NodSjXZ.exe
  2⤵
  PID:11252
- C:\Windows\System32\JqtfiCm.exe
  C:\Windows\System32\JqtfiCm.exe
  2⤵
  PID:10400
- C:\Windows\System32\wBoLfsR.exe
  C:\Windows\System32\wBoLfsR.exe
  2⤵
  PID:10488
- C:\Windows\System32\lvPDGTN.exe
  C:\Windows\System32\lvPDGTN.exe
  2⤵
  PID:10708
- C:\Windows\System32\TCslryc.exe
  C:\Windows\System32\TCslryc.exe
  2⤵
  PID:10736
- C:\Windows\System32\AdRLePy.exe
  C:\Windows\System32\AdRLePy.exe
  2⤵
  PID:10900
- C:\Windows\System32\BSnRNiZ.exe
  C:\Windows\System32\BSnRNiZ.exe
  2⤵
  PID:11000
- C:\Windows\System32\OKQLslu.exe
  C:\Windows\System32\OKQLslu.exe
  2⤵
  PID:11144
- C:\Windows\System32\BrDiJgO.exe
  C:\Windows\System32\BrDiJgO.exe
  2⤵
  PID:11224
- C:\Windows\System32\FAtQSKc.exe
  C:\Windows\System32\FAtQSKc.exe
  2⤵
  PID:10424
- C:\Windows\System32\zpIcbuR.exe
  C:\Windows\System32\zpIcbuR.exe
  2⤵
  PID:11172
- C:\Windows\System32\fReHmMh.exe
  C:\Windows\System32\fReHmMh.exe
  2⤵
  PID:10984
- C:\Windows\System32\sBVGTbL.exe
  C:\Windows\System32\sBVGTbL.exe
  2⤵
  PID:11272
- C:\Windows\System32\dzvTdjx.exe
  C:\Windows\System32\dzvTdjx.exe
  2⤵
  PID:11308
- C:\Windows\System32\KSHdzLn.exe
  C:\Windows\System32\KSHdzLn.exe
  2⤵
  PID:11340
- C:\Windows\System32\CaZVORj.exe
  C:\Windows\System32\CaZVORj.exe
  2⤵
  PID:11356
- C:\Windows\System32\NxykbVT.exe
  C:\Windows\System32\NxykbVT.exe
  2⤵
  PID:11376
- C:\Windows\System32\TEvdPyI.exe
  C:\Windows\System32\TEvdPyI.exe
  2⤵
  PID:11404
- C:\Windows\System32\iKMgPDO.exe
  C:\Windows\System32\iKMgPDO.exe
  2⤵
  PID:11448
- C:\Windows\System32\qSedCuf.exe
  C:\Windows\System32\qSedCuf.exe
  2⤵
  PID:11468
- C:\Windows\System32\gExSBLX.exe
  C:\Windows\System32\gExSBLX.exe
  2⤵
  PID:11500
- C:\Windows\System32\QhegWCM.exe
  C:\Windows\System32\QhegWCM.exe
  2⤵
  PID:11516
- C:\Windows\System32\Nzdtswc.exe
  C:\Windows\System32\Nzdtswc.exe
  2⤵
  PID:11544
- C:\Windows\System32\jltAGBn.exe
  C:\Windows\System32\jltAGBn.exe
  2⤵
  PID:11640
- C:\Windows\System32\hMhDDwi.exe
  C:\Windows\System32\hMhDDwi.exe
  2⤵
  PID:11680
- C:\Windows\System32\EHyhwbk.exe
  C:\Windows\System32\EHyhwbk.exe
  2⤵
  PID:11704
- C:\Windows\System32\GRpFJvy.exe
  C:\Windows\System32\GRpFJvy.exe
  2⤵
  PID:11720
- C:\Windows\System32\qsCCxvH.exe
  C:\Windows\System32\qsCCxvH.exe
  2⤵
  PID:11744
- C:\Windows\System32\CboefaL.exe
  C:\Windows\System32\CboefaL.exe
  2⤵
  PID:11776
- C:\Windows\System32\lvqYfHj.exe
  C:\Windows\System32\lvqYfHj.exe
  2⤵
  PID:11800
- C:\Windows\System32\lspQAGd.exe
  C:\Windows\System32\lspQAGd.exe
  2⤵
  PID:11840
- C:\Windows\System32\CPAUSVO.exe
  C:\Windows\System32\CPAUSVO.exe
  2⤵
  PID:11860
- C:\Windows\System32\ieGjrgN.exe
  C:\Windows\System32\ieGjrgN.exe
  2⤵
  PID:11908
- C:\Windows\System32\dXzgzOF.exe
  C:\Windows\System32\dXzgzOF.exe
  2⤵
  PID:11960
- C:\Windows\System32\SBSoUCX.exe
  C:\Windows\System32\SBSoUCX.exe
  2⤵
  PID:11976
- C:\Windows\System32\WbIsyOE.exe
  C:\Windows\System32\WbIsyOE.exe
  2⤵
  PID:11996
- C:\Windows\System32\HnwZARn.exe
  C:\Windows\System32\HnwZARn.exe
  2⤵
  PID:12020
- C:\Windows\System32\qrybcNa.exe
  C:\Windows\System32\qrybcNa.exe
  2⤵
  PID:12040
- C:\Windows\System32\MgzOEHf.exe
  C:\Windows\System32\MgzOEHf.exe
  2⤵
  PID:12068
- C:\Windows\System32\EkqKHTz.exe
  C:\Windows\System32\EkqKHTz.exe
  2⤵
  PID:12084
- C:\Windows\System32\LoCbQpD.exe
  C:\Windows\System32\LoCbQpD.exe
  2⤵
  PID:12120
- C:\Windows\System32\jjDVFzI.exe
  C:\Windows\System32\jjDVFzI.exe
  2⤵
  PID:12164
- C:\Windows\System32\ONvMMEf.exe
  C:\Windows\System32\ONvMMEf.exe
  2⤵
  PID:12184
- C:\Windows\System32\qylgjDS.exe
  C:\Windows\System32\qylgjDS.exe
  2⤵
  PID:12204
- C:\Windows\System32\PiGAgkZ.exe
  C:\Windows\System32\PiGAgkZ.exe
  2⤵
  PID:12224
- C:\Windows\System32\ngoyJsx.exe
  C:\Windows\System32\ngoyJsx.exe
  2⤵
  PID:12272
- C:\Windows\System32\HzdHJpS.exe
  C:\Windows\System32\HzdHJpS.exe
  2⤵
  PID:10588
- C:\Windows\System32\qIyoRdM.exe
  C:\Windows\System32\qIyoRdM.exe
  2⤵
  PID:11320
- C:\Windows\System32\TfYIAWu.exe
  C:\Windows\System32\TfYIAWu.exe
  2⤵
  PID:11444
- C:\Windows\System32\cGAtVIC.exe
  C:\Windows\System32\cGAtVIC.exe
  2⤵
  PID:11496
- C:\Windows\System32\AeCxxZD.exe
  C:\Windows\System32\AeCxxZD.exe
  2⤵
  PID:11560
- C:\Windows\System32\JWpRiYT.exe
  C:\Windows\System32\JWpRiYT.exe
  2⤵
  PID:11596
- C:\Windows\System32\vCiIyzF.exe
  C:\Windows\System32\vCiIyzF.exe
  2⤵
  PID:11648
- C:\Windows\System32\PywqWnY.exe
  C:\Windows\System32\PywqWnY.exe
  2⤵
  PID:11604
- C:\Windows\System32\qAkHLoF.exe
  C:\Windows\System32\qAkHLoF.exe
  2⤵
  PID:11660
- C:\Windows\System32\sWIACfc.exe
  C:\Windows\System32\sWIACfc.exe
  2⤵
  PID:11752
- C:\Windows\System32\QhlXtkc.exe
  C:\Windows\System32\QhlXtkc.exe
  2⤵
  PID:11792
- C:\Windows\System32\bDDUhIb.exe
  C:\Windows\System32\bDDUhIb.exe
  2⤵
  PID:11936
- C:\Windows\System32\aPwXvTU.exe
  C:\Windows\System32\aPwXvTU.exe
  2⤵
  PID:12032
- C:\Windows\System32\qSandoI.exe
  C:\Windows\System32\qSandoI.exe
  2⤵
  PID:11920
- C:\Windows\System32\XqxQDiL.exe
  C:\Windows\System32\XqxQDiL.exe
  2⤵
  PID:12176
- C:\Windows\System32\JLLazsC.exe
  C:\Windows\System32\JLLazsC.exe
  2⤵
  PID:12232
- C:\Windows\System32\akqHwDC.exe
  C:\Windows\System32\akqHwDC.exe
  2⤵
  PID:10876
- C:\Windows\System32\LMPoGBI.exe
  C:\Windows\System32\LMPoGBI.exe
  2⤵
  PID:11600
- C:\Windows\System32\bLDhBFf.exe
  C:\Windows\System32\bLDhBFf.exe
  2⤵
  PID:11772
- C:\Windows\System32\oMYQcEd.exe
  C:\Windows\System32\oMYQcEd.exe
  2⤵
  PID:11848
- C:\Windows\System32\sVeNwZA.exe
  C:\Windows\System32\sVeNwZA.exe
  2⤵
  PID:11868
- C:\Windows\System32\hiQjPKV.exe
  C:\Windows\System32\hiQjPKV.exe
  2⤵
  PID:11948
- C:\Windows\System32\PdAeUiE.exe
  C:\Windows\System32\PdAeUiE.exe
  2⤵
  PID:12052
- C:\Windows\System32\nXRgnWP.exe
  C:\Windows\System32\nXRgnWP.exe
  2⤵
  PID:12216
- C:\Windows\System32\AIyxbTg.exe
  C:\Windows\System32\AIyxbTg.exe
  2⤵
  PID:12256
- C:\Windows\System32\DURLFbr.exe
  C:\Windows\System32\DURLFbr.exe
  2⤵
  PID:11292
- C:\Windows\System32\jYjdQcp.exe
  C:\Windows\System32\jYjdQcp.exe
  2⤵
  PID:11456
- C:\Windows\System32\VUtzeKz.exe
  C:\Windows\System32\VUtzeKz.exe
  2⤵
  PID:11580
- C:\Windows\System32\XnskGDl.exe
  C:\Windows\System32\XnskGDl.exe
  2⤵
  PID:11148
- C:\Windows\System32\nAhuAov.exe
  C:\Windows\System32\nAhuAov.exe
  2⤵
  PID:11728
- C:\Windows\System32\BfCdNJk.exe
  C:\Windows\System32\BfCdNJk.exe
  2⤵
  PID:12196
- C:\Windows\System32\jUgUaFb.exe
  C:\Windows\System32\jUgUaFb.exe
  2⤵
  PID:11424
- C:\Windows\System32\unSTvDi.exe
  C:\Windows\System32\unSTvDi.exe
  2⤵
  PID:12312
- C:\Windows\System32\iPScNbj.exe
  C:\Windows\System32\iPScNbj.exe
  2⤵
  PID:12332
- C:\Windows\System32\CODgSpu.exe
  C:\Windows\System32\CODgSpu.exe
  2⤵
  PID:12408
- C:\Windows\System32\VrafqlO.exe
  C:\Windows\System32\VrafqlO.exe
  2⤵
  PID:12460
- C:\Windows\System32\FoHbpOJ.exe
  C:\Windows\System32\FoHbpOJ.exe
  2⤵
  PID:12548
- C:\Windows\System32\TqkZDDf.exe
  C:\Windows\System32\TqkZDDf.exe
  2⤵
  PID:12580
- C:\Windows\System32\vowmnMd.exe
  C:\Windows\System32\vowmnMd.exe
  2⤵
  PID:12596
- C:\Windows\System32\yCKnsdb.exe
  C:\Windows\System32\yCKnsdb.exe
  2⤵
  PID:12632
- C:\Windows\System32\mVqUbxn.exe
  C:\Windows\System32\mVqUbxn.exe
  2⤵
  PID:12676
- C:\Windows\System32\TPqMamS.exe
  C:\Windows\System32\TPqMamS.exe
  2⤵
  PID:12700
- C:\Windows\System32\jKmKilh.exe
  C:\Windows\System32\jKmKilh.exe
  2⤵
  PID:12732
- C:\Windows\System32\AqiuSir.exe
  C:\Windows\System32\AqiuSir.exe
  2⤵
  PID:12752
- C:\Windows\System32\RxEMVww.exe
  C:\Windows\System32\RxEMVww.exe
  2⤵
  PID:12768
- C:\Windows\System32\qPhvqfP.exe
  C:\Windows\System32\qPhvqfP.exe
  2⤵
  PID:12800
- C:\Windows\System32\JEyjllL.exe
  C:\Windows\System32\JEyjllL.exe
  2⤵
  PID:12828
- C:\Windows\System32\GbVFHOU.exe
  C:\Windows\System32\GbVFHOU.exe
  2⤵
  PID:12856
- C:\Windows\System32\reryGnG.exe
  C:\Windows\System32\reryGnG.exe
  2⤵
  PID:12876
- C:\Windows\System32\lZwTGFv.exe
  C:\Windows\System32\lZwTGFv.exe
  2⤵
  PID:12904
- C:\Windows\System32\ufTitxu.exe
  C:\Windows\System32\ufTitxu.exe
  2⤵
  PID:12944
- C:\Windows\System32\ZtsYeuP.exe
  C:\Windows\System32\ZtsYeuP.exe
  2⤵
  PID:13004
- C:\Windows\System32\UfCHJtN.exe
  C:\Windows\System32\UfCHJtN.exe
  2⤵
  PID:13020
- C:\Windows\System32\aGlCkRG.exe
  C:\Windows\System32\aGlCkRG.exe
  2⤵
  PID:13036
- C:\Windows\System32\nFccVgs.exe
  C:\Windows\System32\nFccVgs.exe
  2⤵
  PID:13056
- C:\Windows\System32\tdPyGaN.exe
  C:\Windows\System32\tdPyGaN.exe
  2⤵
  PID:13092
- C:\Windows\System32\tTLmxOY.exe
  C:\Windows\System32\tTLmxOY.exe
  2⤵
  PID:13116
- C:\Windows\System32\OWtRqrX.exe
  C:\Windows\System32\OWtRqrX.exe
  2⤵
  PID:13132
- C:\Windows\System32\hJqklmb.exe
  C:\Windows\System32\hJqklmb.exe
  2⤵
  PID:13156
- C:\Windows\System32\KKGaczs.exe
  C:\Windows\System32\KKGaczs.exe
  2⤵
  PID:13184
- C:\Windows\System32\qKDuwWY.exe
  C:\Windows\System32\qKDuwWY.exe
  2⤵
  PID:13200
- C:\Windows\System32\sHiPpGT.exe
  C:\Windows\System32\sHiPpGT.exe
  2⤵
  PID:13232
- C:\Windows\System32\hBIecAc.exe
  C:\Windows\System32\hBIecAc.exe
  2⤵
  PID:13260
- C:\Windows\System32\DPwjRlO.exe
  C:\Windows\System32\DPwjRlO.exe
  2⤵
  PID:13280
- C:\Windows\System32\qzxXRJu.exe
  C:\Windows\System32\qzxXRJu.exe
  2⤵
  PID:13300
- C:\Windows\System32\SjflbQc.exe
  C:\Windows\System32\SjflbQc.exe
  2⤵
  PID:11696
- C:\Windows\System32\RmPcbFx.exe
  C:\Windows\System32\RmPcbFx.exe
  2⤵
  PID:12380
- C:\Windows\System32\PeJiXOa.exe
  C:\Windows\System32\PeJiXOa.exe
  2⤵
  PID:12440
- C:\Windows\System32\IisIWiO.exe
  C:\Windows\System32\IisIWiO.exe
  2⤵
  PID:12512
- C:\Windows\System32\ONErDpt.exe
  C:\Windows\System32\ONErDpt.exe
  2⤵
  PID:12560
- C:\Windows\System32\VFtCAMQ.exe
  C:\Windows\System32\VFtCAMQ.exe
  2⤵
  PID:12696
- C:\Windows\System32\BDsEhPN.exe
  C:\Windows\System32\BDsEhPN.exe
  2⤵
  PID:12744
- C:\Windows\System32\VLHNXYD.exe
  C:\Windows\System32\VLHNXYD.exe
  2⤵
  PID:12792
- C:\Windows\System32\lReczBR.exe
  C:\Windows\System32\lReczBR.exe
  2⤵
  PID:12848
- C:\Windows\System32\eDCURfU.exe
  C:\Windows\System32\eDCURfU.exe
  2⤵
  PID:12936
- C:\Windows\System32\yFnyXDm.exe
  C:\Windows\System32\yFnyXDm.exe
  2⤵
  PID:13012
- C:\Windows\System32\tjXIRBj.exe
  C:\Windows\System32\tjXIRBj.exe
  2⤵
  PID:13064
- C:\Windows\System32\YPndBjc.exe
  C:\Windows\System32\YPndBjc.exe
  2⤵
  PID:13104
- C:\Windows\System32\zpNZDWH.exe
  C:\Windows\System32\zpNZDWH.exe
  2⤵
  PID:13208
- C:\Windows\System32\pFgHaNa.exe
  C:\Windows\System32\pFgHaNa.exe
  2⤵
  PID:2788
- C:\Windows\System32\QNgKuAv.exe
  C:\Windows\System32\QNgKuAv.exe
  2⤵
  PID:12324
- C:\Windows\System32\xxqERxe.exe
  C:\Windows\System32\xxqERxe.exe
  2⤵
  PID:13288
- C:\Windows\System32\diaxiYc.exe
  C:\Windows\System32\diaxiYc.exe
  2⤵
  PID:12532
- C:\Windows\System32\VPekGhS.exe
  C:\Windows\System32\VPekGhS.exe
  2⤵
  PID:12628
- C:\Windows\System32\hKcYUSS.exe
  C:\Windows\System32\hKcYUSS.exe
  2⤵
  PID:12776
- C:\Windows\System32\dsuvWXk.exe
  C:\Windows\System32\dsuvWXk.exe
  2⤵
  PID:12928
- C:\Windows\System32\encKYxi.exe
  C:\Windows\System32\encKYxi.exe
  2⤵
  PID:13052
- C:\Windows\System32\ViTKqgP.exe
  C:\Windows\System32\ViTKqgP.exe
  2⤵
  PID:13028
- C:\Windows\System32\CNZouQo.exe
  C:\Windows\System32\CNZouQo.exe
  2⤵
  PID:13196
- C:\Windows\System32\tOFJPqN.exe
  C:\Windows\System32\tOFJPqN.exe
  2⤵
  PID:13228
- C:\Windows\System32\AdvEVen.exe
  C:\Windows\System32\AdvEVen.exe
  2⤵
  PID:12988
- C:\Windows\System32\KygxBWP.exe
  C:\Windows\System32\KygxBWP.exe
  2⤵
  PID:13084
- C:\Windows\System32\QMkVyKM.exe
  C:\Windows\System32\QMkVyKM.exe
  2⤵
  PID:11584
- C:\Windows\System32\HDpItVL.exe
  C:\Windows\System32\HDpItVL.exe
  2⤵
  PID:12884
- C:\Windows\System32\UzmTozV.exe
  C:\Windows\System32\UzmTozV.exe
  2⤵
  PID:13276
- C:\Windows\System32\dVzBCZw.exe
  C:\Windows\System32\dVzBCZw.exe
  2⤵
  PID:13344
- C:\Windows\System32\AmdgYvm.exe
  C:\Windows\System32\AmdgYvm.exe
  2⤵
  PID:13372
- C:\Windows\System32\RaiSgKY.exe
  C:\Windows\System32\RaiSgKY.exe
  2⤵
  PID:13392
- C:\Windows\System32\KbUJvjf.exe
  C:\Windows\System32\KbUJvjf.exe
  2⤵
  PID:13408
- C:\Windows\System32\aMIXKht.exe
  C:\Windows\System32\aMIXKht.exe
  2⤵
  PID:13436
- C:\Windows\System32\vrgXtqg.exe
  C:\Windows\System32\vrgXtqg.exe
  2⤵
  PID:13460
- C:\Windows\System32\spgpaAi.exe
  C:\Windows\System32\spgpaAi.exe
  2⤵
  PID:13492
- C:\Windows\System32\UKDtxwQ.exe
  C:\Windows\System32\UKDtxwQ.exe
  2⤵
  PID:13508
- C:\Windows\System32\TAjjdGl.exe
  C:\Windows\System32\TAjjdGl.exe
  2⤵
  PID:13532

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13992

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\CFyiCGw.exe

Filesize
1.7MB

MD5
bb334253c863e51ce7a39eb3a68e7b50

SHA1
9dafaecfb6f75e1d522feccbf5f9ddc4311074d7

SHA256
30314de1bfff8ef2531f9871ee6e2bbc0d6d45ab35536a0b1d051c657aeb3062

SHA512
a15f70bbe38b261713ec93d20e05207125066646a6c26d763cb9a2366b62ded9b7e98bff01d964ce6fe4073ebf4bcf360213dcf7f489ead4ec5e285d718ff5d2

Download Submit
C:\Windows\System32\EtyQrjC.exe

Filesize
1.7MB

MD5
5d7dfd31b6b6f14f77784bb3ed6c7511

SHA1
c4deee381552bd86105c4d83cb14f5cacefee669

SHA256
1d38b8cd439413a5634cffb6c5b11e581ee9344359a1bab3728cb52b3ab2cffc

SHA512
7763e4918b08ea10ccd6c80489e23a9144fb078e4af996a32aafd66e169f2feb306f97417ed42f74fff0936b429ededd53ac7d9c0dcc380520cf4d89e1238c45

Download Submit
C:\Windows\System32\FPWPwbw.exe

Filesize
1.7MB

MD5
9e16e7a70c0b2d16af223e2cfd86a9e3

SHA1
ac9103ebdbf932fd0dbf1ed59c1c96c2c439da96

SHA256
5202ba86ec2a59818ef3a17616027fa5269fc3a691a25f215ee13d8ccef642e0

SHA512
d7a17ac3ee161a1e6d92269abba91726185d27d05310f1d343f057ebbdf16547e2e4dcfcd8ddee4dc299d80c6b00e1e2fca5b80fc631cfc6d2b5f047986ae2ed

Download Submit
C:\Windows\System32\FVWdBjn.exe

Filesize
1.7MB

MD5
24f7799b435e6e93e1b7b4c7653a8e53

SHA1
bd2410d173231cdbebd3552b835de34d7e213835

SHA256
fbd7ec77180577be66778ff2bef9fccc27f002d1347bb1131c801e6d1c578ebb

SHA512
a626c549aa45274a46afa96d6ab6965c45e61c4365a05c0638f498aedf62ccdb2fce6cb90f609ed9df343afb0ef7775a2ff404a0c66c568c0eabd6ee66974f9d

Download Submit
C:\Windows\System32\GVCnCyP.exe

Filesize
1.7MB

MD5
69315de02676afcaf9a175a51f1ba5cc

SHA1
076e0060fbf1eeb63cb0afbfb4e38e4a2dced679

SHA256
1cea181ddc5ac12d520a375b4f5b128db9739e57d84a024a767bb773c36a7a8b

SHA512
5f758083ed6a3b1fab304d58d874a35f308d6ff08dbfdc49cc772a874fa6b06ecc0c6a3f4d1eeee2686d43d060d5f3fc98713ce88c22494447f81f6e252f2a56

Download Submit
C:\Windows\System32\GtIrqgS.exe

Filesize
1.7MB

MD5
c975685f9ee9ba9e9288b83692a7be76

SHA1
f032678fd4240c23f2c35350954e31859524b5ff

SHA256
4228af80d275146b43e969bed13d764acd4b872766849b073241ca13c928455f

SHA512
b31957bba8070b7931bf652499730199fb892f1e2c7e34495967d414ce37a4a614702709b56cd6ef0c3c7aea032bc3b1e2bb565f47ed93f06234f51985752117

Download Submit
C:\Windows\System32\IBkIQDk.exe

Filesize
1.7MB

MD5
38cc4b48d9291f679971b8389b5a9174

SHA1
9c5ca68d1f2df2354f423a1a1e923f56ef58a280

SHA256
8beb704190f962761a9ad3ea48d3a0690c5e5a671b958d10325e2a497b673ea5

SHA512
37d3a6509719e34bddec5e1847a2b8f02d98fdf5f5e0713667e80492d717ed67ec2b536f00edc5190ae2efee7239131c0ae6d919eeedde09919620083604068e

Download Submit
C:\Windows\System32\INyBbDi.exe

Filesize
1.7MB

MD5
b02eecc321313a2beea47063bd8bd222

SHA1
320df8e919029186875e50dc6195d150c04313f7

SHA256
d16e188bd6fe5cee0948bb74c0a8dd5d8ecd9b8f17832713fe5d45d9c0c72cc3

SHA512
5d2c1d09abfe88da9c92df29c5f7dc06d9da51dca2b15d2c1916830ace3d850877b11623262cbf5fa79453e59fab38285cb3b0b0b1b2931347848fa8393b9298

Download Submit
C:\Windows\System32\IjYuvfn.exe

Filesize
1.7MB

MD5
c05bbcafc80b7297c98aa315a2fda5c3

SHA1
9c1ed5932af366607d8467f89d1e403874b1b897

SHA256
d816daa25ca558db50a78a34073e2652ca711d46381d208e2afa1f2975285ad6

SHA512
b816f7dcabd86c86847f5c2edddd6cd0a897234f84572757e6d94b39fb564131cea0d977ab3d0aae59dbbfef10a807e127db09a0978851ed3527fa57833b914e

Download Submit
C:\Windows\System32\MaRkkTK.exe

Filesize
1.7MB

MD5
c426dc0050f25ec5d5db2be0f11175e7

SHA1
701311c282eebd77532c839a102eca2fd4393847

SHA256
98202ac49499f33efa02d13070729fc2987d86e9de6a5b9a0a0bf2b81df0613d

SHA512
e2f99f3f88563c32b8c987fdf6f09a683009543289bc8f8b0a35b7f6660135d1e698696f1ada33317e237386edc0beec110d2e1df96030b415df4b110b609b99

Download Submit
C:\Windows\System32\MjYiQGK.exe

Filesize
1.7MB

MD5
39da37b95eb7acbc9ff16525c5738ea5

SHA1
3d1532497efb086126e4477fbf450b00577ca2f3

SHA256
21674b249bda890c76cd6eb3aaed45acf4331944bdecae74e814331d4ae7bb1a

SHA512
cf102d6b7da4da8fde5d83bd433829fb1f0aa6d5f7e8aef484f34b75ffc011fb738e637588b89f25248445866d3e9e1b4e069f8944eb005b0b93323c4e0272c8

Download Submit
C:\Windows\System32\OlAmnIh.exe

Filesize
1.7MB

MD5
112f61db0465f5da9e78e706e5d5dbb9

SHA1
0a6025f840900d1a976437218c85cf9e970872ce

SHA256
8979720e87114d287d9cba477acda0fe11acbb5423a703bc18b4920be80bcc0f

SHA512
3e9458fd2c70706dc3755a9859b7d8474846e06c9f75f4eef8b5860760a22aa75ce91b33d111f0e977991320906d31fe248342013906faab2236313b78fe5bfd

Download Submit
C:\Windows\System32\QhwVqIG.exe

Filesize
1.7MB

MD5
db2a4984e201154f220a152255aafced

SHA1
f82b4ad72f43f8d03568f0ce49915d21cb5cd5fd

SHA256
f102730d3bf7e555b7f08efa3190a55d57605d0b4df6dfa37fd5b260a8339bec

SHA512
50d96488e733b1f9cc83004e002cabe579c74bafb8183eab68f72486f0f8fcb45c326a4d5f88c985b516812d6b3221a034349ffd63e62bfc57cb8bdcf4048255

Download Submit
C:\Windows\System32\ReXtlOk.exe

Filesize
1.7MB

MD5
d94f631c1b823ba6d7a025199b105106

SHA1
2bfaef341303677e072b7f45ad5f25379eb701ae

SHA256
cd54a38bb053bad5f874b7e4d7df36e4d2e1043a946d6b4791784bc4ba38ec9d

SHA512
af29c2939d07880c2ee9f89a1c76a88c2cde964f8402cff3f4b86e44216fed889fc2185884ac345e42fc1d80ecc2dbcec06cfd30b41ce117e39e4670a4e5ae46

Download Submit
C:\Windows\System32\SEOkPTn.exe

Filesize
1.7MB

MD5
7cc6a0f3930fba881feb1d23020d776e

SHA1
c5044a7f446e36c9d9257eac075136ecc9f2a3fe

SHA256
9abd9c7680d88facb36229de29b18790890581aa010e5b904c368ddd67b3042c

SHA512
1e4f0b88a86104821f0990827f2b5863be7799a24e0a2c3452e0eb963989c0f749486ca491027ca16bf7a21bb856896e8f7544380124032f306ae16b2d56cb35

Download Submit
C:\Windows\System32\WASdPng.exe

Filesize
1.7MB

MD5
e2b60e073fd0a4576c0b4cf96b2c6c73

SHA1
a8ea6f643f9eff9d24bbe46c6dc0a67a3413824f

SHA256
adfda6b5dc821ff8ee4fcd778fd6c96dcef93e732814aa79c51caf6760da8719

SHA512
856a13d68fadb8c28bd43e91d17bab3802cad96446223d940f42b68039e7ff78b2259c91af21946cb7102018d301d07e0682ab8b6304b284dfbd189446bfc550

Download Submit
C:\Windows\System32\blcMxUa.exe

Filesize
1.7MB

MD5
8d3607b18da5bb0658ba0f49ae8a394e

SHA1
51ac57fc617dbd21321f78faec98d1f90790ea49

SHA256
f8f48b6c1459738b92b6fe28c4a183c4467466ea17f9d86d57db17bcf04ac3f8

SHA512
f3fcba08d65112c1d31eb70c1d274f27cc23c0ded04a65142059d52d47a1a46d7aa3535749b851da54568b9ff8b55a6d64d9252d6c0391ed9879803502f61752

Download Submit
C:\Windows\System32\cgfAdin.exe

Filesize
1.7MB

MD5
066c1170984213cb933e98ad5dd8270e

SHA1
3c3b2d24883b681c1d990e58151c47932e562465

SHA256
cf79f9765f9a45e9df8c17dde188ff04e421d44e3c78f12583cfa4d6e0b135d6

SHA512
9a1850a6a2a73c76fabf913889fc0a8582fca95a977153013d6259d1d8ace31643fa8690cf5a5185d2ab7461b5ee3c306311525cbc19cccdedab054efd92fc45

Download Submit
C:\Windows\System32\cllutCN.exe

Filesize
1.7MB

MD5
edfd1543e2d4ac499e5c5b87e47dc27a

SHA1
b29f6a98a29eb8a5ca54315827c7dcc18d5f37b2

SHA256
09d8ba611c88d4d6fd9a3c6e6df44b93684ad4b60a508e137ca7fa49423f9bbb

SHA512
c4e2ed0951b06536d8a80c169918baf5ad3c55920d99f5f9e431f73a2841301d9f6143d11ffd830efd1b6c408a672b4bd45b3a1239f95bbd8b1f9df3257d4db9

Download Submit
C:\Windows\System32\gZZxHzv.exe

Filesize
1.7MB

MD5
00eaebf28cbeed1a038f8def6dc20b09

SHA1
a09032ca01eab4c29a1876e1622e6b252926fca0

SHA256
ffcdea15d5519907f795785f23ab1269b6652e79f19e9cd0896dcea020c7c697

SHA512
182d3b0e30a6f96017e05ab69951b941243c2fa0d8c8586d17f8fb28fe9fcb089e16f00383575ee7a63ca89a9acccd9bd135d6c008ad328a8d080fe7c5f5d63e

Download Submit
C:\Windows\System32\igFEpGj.exe

Filesize
1.7MB

MD5
25d2cf46b104ad8ba655aa921979f169

SHA1
6faf1145c5f9bd43bbda4c0298e853c32d0f9dd8

SHA256
790fc70fd16df47cfb12a709efa727da6620042d48672be0168e0fdfb6457939

SHA512
3c9aaaf4bc487cec0120749f12e4ab75723608024dcf8ae716b11a5a00d1e57ac9198d2848eee788f54cbae9bbd47bba4d0d17a06a3ce77bba2f9f98680eadd4

Download Submit
C:\Windows\System32\itKoVvS.exe

Filesize
1.7MB

MD5
5e0c2cf74d42388566d993e0f61b9876

SHA1
7e3c500d237f4367c2ce13d321609612ace817e0

SHA256
87395bd2396d330084b503bd020a2da0451bc0dc8f75a2b3b8098fc0efd4b5ab

SHA512
8c41fff6af65efc2df67d480a062a8d84a8fecbc706264c9ea964e5d2bada7f915d88ec14090393db572efa661658c9f21857496ecc367719bc9a7559c16381e

Download Submit
C:\Windows\System32\jcgUFQg.exe

Filesize
1.7MB

MD5
31cb94964975094e80a5ab7241c89135

SHA1
cefe5f8e4bc168938e2c89b3fedc67bf5461691d

SHA256
0522d72ed74e2b10df5e4c5a194e7fe73597ab1604759a7c0ba59ec1b3de618b

SHA512
c13c8153e3f65ab31474cc537168ae4193f7951fa36964f2b633b34cedfe2a526a16a29671fa62202d497a11eb4441829180ea7ecc9e16cc5d85c68f4c550718

Download Submit
C:\Windows\System32\lMNLwYq.exe

Filesize
1.7MB

MD5
a6817a2f7c70471e6f012b12dfa8c0a0

SHA1
12aadf690205d95dbc481ef17eb9bcd544be42b4

SHA256
096fc5000d01145940606a042db35bca9a4424a138477ad2490f2d56ebfbd162

SHA512
f334c921f058ad6925c0520dde86f31fa119b19dda6fb89fab40383a75c4ae977cc81502408bc5d8e176f5cb8aca9b53237673135907f284399a4c06ea4580c9

Download Submit
C:\Windows\System32\lfZQnSk.exe

Filesize
1.7MB

MD5
eda3f0378e6f56f5c2e15527926b1e7b

SHA1
007a70ebd72bb2f1f1db12357b76dd3e63698b1a

SHA256
69baa0348d5aa44a479119fea5d422b30fb2715bcb04069d5e083fda1a0f3de1

SHA512
1022aa16b8ffcc426337cc36399d01ba1fb457eac93f36a52e84e0327f4fd018a2f293cada361cf1c662281468ca399d7dee1ca83fed96fedc73a52e418de806

Download Submit
C:\Windows\System32\nSJmEzG.exe

Filesize
1.7MB

MD5
a21ebd298639922d9abdd7d20cd958a5

SHA1
5dd5007f041624ae9faf7f8e22721bd874c99004

SHA256
7b98eb53bfad193c305e4b9f42bee2b4147646f5b899afb05eec39299be26940

SHA512
9c6703ad8f5de2e82015a60fc0db6619528753a43e03864cbe4ebd970df0c07e7845dfaf10c18b2ad68d403cfb42340531932e61652c4d1ac51973ba8551a273

Download Submit
C:\Windows\System32\pHOrEDB.exe

Filesize
1.7MB

MD5
a463338c3cf17c8553b6ef40ca9dcf88

SHA1
016b4aec25cb961cdd86313539a9689a0b82b248

SHA256
2d0fc8a9600d68d046e30c38497d3181c1ab19ae91f98cb25f275ad11ddea380

SHA512
beed0c5614d89ea4b9978b5d14fe31a96fe441fb44ded455d5320f8bf376a63e110da17fe3212197d269b6c75d25bec9d61ea4d7d616852d111d7d10eddc2885

Download Submit
C:\Windows\System32\qCFftFK.exe

Filesize
1.7MB

MD5
fedbaa986400dbba2b9b22dc53901d02

SHA1
33cabb0306c72ae8ccd6bb5cffbbb9d484e4ae6c

SHA256
1e643c792e865dfc1cd55f4f64c5fd31bb3c1e1f9bfd70df5a5272824796d2ec

SHA512
9f6e05da478c11c0a7d46bebd28a374c6202135209c5e642c74838d0c8ece15a9f493a68652edea6345e35350be552a40100eb889b3e3cfd52dfa1baf95daa4c

Download Submit
C:\Windows\System32\qkPbMRY.exe

Filesize
1.7MB

MD5
dc6bf36f1da862b264ada56b2c2f672a

SHA1
fa04e73e3f985ea1f7c0a22c46e8d7e4ba64a3fe

SHA256
27c6dc8ce9629392f458c5f652c7ea6b4d2dd50a5b3d7cab4f4330267aa6f6ea

SHA512
604119773a2614e8ae229473716e1986269be686ea6117e163b3c6490b8a22c634329ebe5b8eb94e17bb211655c0d7210a7ed9838b11a1ca5ca5cae5ac2f4ec0

Download Submit
C:\Windows\System32\sjGWfot.exe

Filesize
1.7MB

MD5
0ee2902ffea26221753379fccfb7ec01

SHA1
d1aa00cdf39310b88459e1b13ab449d33033ad14

SHA256
307447559e33f2ce7136770a12952db86a650511a119d42af3990f26e3e04d07

SHA512
b7cafa2a62cb4175c463512747d23dbd6c753fef83923fc7f8d454b90628a395b94ee3e10ad15b2d7aaeee40c56331b74e5a3acb33ffdbd3cf2192f7f4330db8

Download Submit
C:\Windows\System32\uXQfAAo.exe

Filesize
1.7MB

MD5
61b26d2f0c95fc52a4f29e9c57e077d6

SHA1
fd24724101fedb58c93fc9b8d941cd0dd6388492

SHA256
30dbc3c304acb8312a5f2e21a366281c64a5131c44e15a797f23b9891f648ed5

SHA512
83122a23e0970461775895838782b867b5b03e536fd7f289f97a096f7269d90d28b225e62a7e3cf5ef6efb2887d832333de1d4af6ca1443d74b38cab49ad295f

Download Submit
C:\Windows\System32\yVigamS.exe

Filesize
1.7MB

MD5
36cbbd02fb97c7d7e5141b7052f16eb5

SHA1
eb155d85d528a311deb9d3b3b5b02157e5c2c91f

SHA256
f92cfbd90802d4da70dbbc7a5e9023ef21e34497e3cc8d44ac113c36f62c3bb0

SHA512
ea655fa8c859f0ab7930c795535d15b8e50ec92f7e80fefc35d010a4651b188bd1a51d899e12857969ce77b091668438fee4994c7136eda4acee701101b54240

Download Submit
C:\Windows\System32\zGyrZaK.exe

Filesize
1.7MB

MD5
8441d5ab204a1669e4c4d114fc2d43f0

SHA1
a271ffa824d45b765d4684d7d84c6c39a5772ec5

SHA256
7a4018bbffaacb8650db878a11861283cf2843c525c9e3012c67ed8295c7f833

SHA512
a9bb3cc251f22ec15f5e3fe84e5e64e56851a0031bf22f673173a8be065f33fa1810465c338c6a2551e6235f75d2d9614bc2b077b7a0e46eb8f9ff49231bad0b

Download Submit
memory/224-1373-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp

Filesize
3.9MB

Download
memory/224-21-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp

Filesize
3.9MB

Download
memory/224-2140-0x00007FF6CAC70000-0x00007FF6CB061000-memory.dmp

Filesize
3.9MB

Download
memory/312-1376-0x00007FF7E6E10000-0x00007FF7E7201000-memory.dmp

Filesize
3.9MB

Download
memory/312-2147-0x00007FF7E6E10000-0x00007FF7E7201000-memory.dmp

Filesize
3.9MB

Download
memory/312-385-0x00007FF7E6E10000-0x00007FF7E7201000-memory.dmp

Filesize
3.9MB

Download
memory/976-456-0x00007FF7F9510000-0x00007FF7F9901000-memory.dmp

Filesize
3.9MB

Download
memory/976-2145-0x00007FF7F9510000-0x00007FF7F9901000-memory.dmp

Filesize
3.9MB

Download
memory/1120-2158-0x00007FF7BEBD0000-0x00007FF7BEFC1000-memory.dmp

Filesize
3.9MB

Download
memory/1120-391-0x00007FF7BEBD0000-0x00007FF7BEFC1000-memory.dmp

Filesize
3.9MB

Download
memory/1148-387-0x00007FF7E6EA0000-0x00007FF7E7291000-memory.dmp

Filesize
3.9MB

Download
memory/1148-2150-0x00007FF7E6EA0000-0x00007FF7E7291000-memory.dmp

Filesize
3.9MB

Download
memory/1336-422-0x00007FF7B1780000-0x00007FF7B1B71000-memory.dmp

Filesize
3.9MB

Download
memory/1336-2201-0x00007FF7B1780000-0x00007FF7B1B71000-memory.dmp

Filesize
3.9MB

Download
memory/1452-396-0x00007FF672580000-0x00007FF672971000-memory.dmp

Filesize
3.9MB

Download
memory/1756-2138-0x00007FF6DD8F0000-0x00007FF6DDCE1000-memory.dmp

Filesize
3.9MB

Download
memory/1756-9-0x00007FF6DD8F0000-0x00007FF6DDCE1000-memory.dmp

Filesize
3.9MB

Download
memory/1756-1370-0x00007FF6DD8F0000-0x00007FF6DDCE1000-memory.dmp

Filesize
3.9MB

Download
memory/1868-2156-0x00007FF7F9900000-0x00007FF7F9CF1000-memory.dmp

Filesize
3.9MB

Download
memory/1868-390-0x00007FF7F9900000-0x00007FF7F9CF1000-memory.dmp

Filesize
3.9MB

Download
memory/2000-451-0x00007FF67E970000-0x00007FF67ED61000-memory.dmp

Filesize
3.9MB

Download
memory/2000-2208-0x00007FF67E970000-0x00007FF67ED61000-memory.dmp

Filesize
3.9MB

Download
memory/2740-386-0x00007FF612550000-0x00007FF612941000-memory.dmp

Filesize
3.9MB

Download
memory/2740-2143-0x00007FF612550000-0x00007FF612941000-memory.dmp

Filesize
3.9MB

Download
memory/3040-2199-0x00007FF72ECC0000-0x00007FF72F0B1000-memory.dmp

Filesize
3.9MB

Download
memory/3040-394-0x00007FF72ECC0000-0x00007FF72F0B1000-memory.dmp

Filesize
3.9MB

Download
memory/3108-2187-0x00007FF72EA80000-0x00007FF72EE71000-memory.dmp

Filesize
3.9MB

Download
memory/3108-413-0x00007FF72EA80000-0x00007FF72EE71000-memory.dmp

Filesize
3.9MB

Download
memory/3140-389-0x00007FF7FAF90000-0x00007FF7FB381000-memory.dmp

Filesize
3.9MB

Download
memory/3140-2154-0x00007FF7FAF90000-0x00007FF7FB381000-memory.dmp

Filesize
3.9MB

Download
memory/3208-2203-0x00007FF6228F0000-0x00007FF622CE1000-memory.dmp

Filesize
3.9MB

Download
memory/3208-437-0x00007FF6228F0000-0x00007FF622CE1000-memory.dmp

Filesize
3.9MB

Download
memory/3260-0-0x00007FF7A2C00000-0x00007FF7A2FF1000-memory.dmp

Filesize
3.9MB

Download
memory/3260-1-0x000001A55A760000-0x000001A55A770000-memory.dmp

Filesize
64KB

Download
memory/3260-1256-0x00007FF7A2C00000-0x00007FF7A2FF1000-memory.dmp

Filesize
3.9MB

Download
memory/3464-432-0x00007FF6A6AD0000-0x00007FF6A6EC1000-memory.dmp

Filesize
3.9MB

Download
memory/3464-2198-0x00007FF6A6AD0000-0x00007FF6A6EC1000-memory.dmp

Filesize
3.9MB

Download
memory/3596-392-0x00007FF78F940000-0x00007FF78FD31000-memory.dmp

Filesize
3.9MB

Download
memory/3812-403-0x00007FF7BDD90000-0x00007FF7BE181000-memory.dmp

Filesize
3.9MB

Download
memory/3812-2193-0x00007FF7BDD90000-0x00007FF7BE181000-memory.dmp

Filesize
3.9MB

Download
memory/3928-2149-0x00007FF78B200000-0x00007FF78B5F1000-memory.dmp

Filesize
3.9MB

Download
memory/3928-388-0x00007FF78B200000-0x00007FF78B5F1000-memory.dmp

Filesize
3.9MB

Download
memory/4136-2152-0x00007FF6F2C60000-0x00007FF6F3051000-memory.dmp

Filesize
3.9MB

Download
memory/4136-460-0x00007FF6F2C60000-0x00007FF6F3051000-memory.dmp

Filesize
3.9MB

Download
memory/4400-393-0x00007FF66B080000-0x00007FF66B471000-memory.dmp

Filesize
3.9MB

Download
memory/4400-2185-0x00007FF66B080000-0x00007FF66B471000-memory.dmp

Filesize
3.9MB

Download
memory/4764-2205-0x00007FF7CE9E0000-0x00007FF7CEDD1000-memory.dmp

Filesize
3.9MB

Download
memory/4764-440-0x00007FF7CE9E0000-0x00007FF7CEDD1000-memory.dmp

Filesize
3.9MB

Download
memory/4800-395-0x00007FF6CF5E0000-0x00007FF6CF9D1000-memory.dmp

Filesize
3.9MB

Download
memory/4924-2195-0x00007FF754C70000-0x00007FF755061000-memory.dmp

Filesize
3.9MB

Download
memory/4924-417-0x00007FF754C70000-0x00007FF755061000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads