xmrig | c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1

Analysis

max time kernel
112s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2024 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
Size

2.1MB
MD5

4e963c990d3f11a4b9aa87afd7436772
SHA1

325158590a9ae732b809af4cedd9fb31ae4098cd
SHA256

c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1
SHA512

da81a02914d4e46587ea9055f58c24b0f983ef791bc58ac59873138a6bb821a749c78bad63044666e096ffd362c9316c0a152fae0243d679fcb8c7c596e3ff3a
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIlMmSdbbUGsVOutxLQ:oemTLkNdfE0pZrO

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/452-0-0x00007FF610050000-0x00007FF6103A4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023bad-6.dat	xmrig
behavioral2/files/0x0007000000023ca2-9.dat	xmrig
behavioral2/files/0x0008000000023ca1-13.dat	xmrig
behavioral2/memory/4820-12-0x00007FF6B6950000-0x00007FF6B6CA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca3-17.dat	xmrig
behavioral2/memory/3348-23-0x00007FF66EEB0000-0x00007FF66F204000-memory.dmp	xmrig
behavioral2/memory/2024-24-0x00007FF6ED630000-0x00007FF6ED984000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca4-29.dat	xmrig
behavioral2/files/0x0007000000023ca5-38.dat	xmrig
behavioral2/files/0x0007000000023ca6-43.dat	xmrig
behavioral2/files/0x0007000000023cab-68.dat	xmrig
behavioral2/files/0x0007000000023cad-78.dat	xmrig
behavioral2/files/0x0007000000023cb1-100.dat	xmrig
behavioral2/files/0x0007000000023cb4-115.dat	xmrig
behavioral2/files/0x0007000000023cb9-132.dat	xmrig
behavioral2/files/0x0007000000023cbb-150.dat	xmrig
behavioral2/memory/8-692-0x00007FF622780000-0x00007FF622AD4000-memory.dmp	xmrig
behavioral2/memory/3312-693-0x00007FF639800000-0x00007FF639B54000-memory.dmp	xmrig
behavioral2/memory/4712-694-0x00007FF75ABB0000-0x00007FF75AF04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023cc0-167.dat	xmrig
behavioral2/files/0x0007000000023cbe-165.dat	xmrig
behavioral2/files/0x0007000000023cbf-162.dat	xmrig
behavioral2/files/0x0007000000023cbd-160.dat	xmrig
behavioral2/files/0x0007000000023cbc-155.dat	xmrig
behavioral2/files/0x0007000000023cba-145.dat	xmrig
behavioral2/files/0x0007000000023cb8-135.dat	xmrig
behavioral2/files/0x0007000000023cb7-130.dat	xmrig
behavioral2/files/0x0007000000023cb6-125.dat	xmrig
behavioral2/files/0x0007000000023cb5-120.dat	xmrig
behavioral2/files/0x0007000000023cb3-110.dat	xmrig
behavioral2/files/0x0007000000023cb2-105.dat	xmrig
behavioral2/files/0x0007000000023cb0-93.dat	xmrig
behavioral2/files/0x0007000000023caf-87.dat	xmrig
behavioral2/files/0x0007000000023cae-83.dat	xmrig
behavioral2/files/0x0007000000023cac-73.dat	xmrig
behavioral2/files/0x0007000000023caa-63.dat	xmrig
behavioral2/files/0x0007000000023ca9-58.dat	xmrig
behavioral2/files/0x0007000000023ca8-53.dat	xmrig
behavioral2/files/0x0007000000023ca7-48.dat	xmrig
behavioral2/memory/3420-19-0x00007FF63F220000-0x00007FF63F574000-memory.dmp	xmrig
behavioral2/memory/4964-695-0x00007FF68A220000-0x00007FF68A574000-memory.dmp	xmrig
behavioral2/memory/2144-697-0x00007FF6798A0000-0x00007FF679BF4000-memory.dmp	xmrig
behavioral2/memory/3680-696-0x00007FF79F5F0000-0x00007FF79F944000-memory.dmp	xmrig
behavioral2/memory/32-698-0x00007FF64CB70000-0x00007FF64CEC4000-memory.dmp	xmrig
behavioral2/memory/2836-699-0x00007FF6017C0000-0x00007FF601B14000-memory.dmp	xmrig
behavioral2/memory/4732-700-0x00007FF6A24E0000-0x00007FF6A2834000-memory.dmp	xmrig
behavioral2/memory/1104-713-0x00007FF656110000-0x00007FF656464000-memory.dmp	xmrig
behavioral2/memory/536-712-0x00007FF770410000-0x00007FF770764000-memory.dmp	xmrig
behavioral2/memory/4944-734-0x00007FF63C4D0000-0x00007FF63C824000-memory.dmp	xmrig
behavioral2/memory/1384-749-0x00007FF757580000-0x00007FF7578D4000-memory.dmp	xmrig
behavioral2/memory/1084-751-0x00007FF750290000-0x00007FF7505E4000-memory.dmp	xmrig
behavioral2/memory/2156-728-0x00007FF7944E0000-0x00007FF794834000-memory.dmp	xmrig
behavioral2/memory/1672-769-0x00007FF612D20000-0x00007FF613074000-memory.dmp	xmrig
behavioral2/memory/4772-772-0x00007FF72E450000-0x00007FF72E7A4000-memory.dmp	xmrig
behavioral2/memory/3720-775-0x00007FF711510000-0x00007FF711864000-memory.dmp	xmrig
behavioral2/memory/4884-782-0x00007FF7DFC80000-0x00007FF7DFFD4000-memory.dmp	xmrig
behavioral2/memory/2604-779-0x00007FF7A4FA0000-0x00007FF7A52F4000-memory.dmp	xmrig
behavioral2/memory/4288-822-0x00007FF7C5230000-0x00007FF7C5584000-memory.dmp	xmrig
behavioral2/memory/2448-764-0x00007FF6E4190000-0x00007FF6E44E4000-memory.dmp	xmrig
behavioral2/memory/4988-725-0x00007FF719920000-0x00007FF719C74000-memory.dmp	xmrig
behavioral2/memory/4536-724-0x00007FF746F00000-0x00007FF747254000-memory.dmp	xmrig
behavioral2/memory/1048-717-0x00007FF793DB0000-0x00007FF794104000-memory.dmp	xmrig
behavioral2/memory/452-1305-0x00007FF610050000-0x00007FF6103A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4820	fxFggWF.exe
3420	leawqoU.exe
3348	DMjDCSj.exe
2024	rJbSInZ.exe
8	iqrtKqW.exe
4288	gVIwBoQ.exe
3312	RgUQBSg.exe
4712	ktHFmEp.exe
4964	lGMWXqj.exe
3680	gdelTiW.exe
2144	hmCKreE.exe
32	MEnVxeB.exe
2836	CKbQyxx.exe
4732	VKVVnpO.exe
536	BTsEEYa.exe
1104	BMOnKRH.exe
1048	dKsLhIY.exe
4536	RQXljXr.exe
4988	TvYtpSg.exe
2156	DbBirbx.exe
4944	JOkqxHu.exe
1384	padSFGi.exe
1084	SEleXmX.exe
2448	HogpJZL.exe
1672	guzhtER.exe
4772	VDiThDz.exe
3720	yQEcihq.exe
2604	gStqxMF.exe
4884	vTtcGaI.exe
4084	ViWVtPe.exe
312	UhcBsfj.exe
4600	eWAaGgy.exe
4348	WaViLec.exe
928	yeuXcOz.exe
1028	fiSXrzF.exe
2052	CFgaKpF.exe
3484	NjpAaCb.exe
1908	FVMTNCx.exe
5056	PuqjzXh.exe
4160	NKUdvqQ.exe
4632	DBxwHpB.exe
3948	jccecCq.exe
2916	rhrDovO.exe
1288	mUosBhe.exe
64	SRppwJV.exe
1740	AZDJgEF.exe
1872	ftzFtHz.exe
3740	OABNAsm.exe
4272	ESFZfim.exe
2056	xKVkDkm.exe
5080	jgELmEy.exe
5004	LMAkpQk.exe
4408	TiEHjFb.exe
4260	uBDlAOG.exe
2440	VkxgAXv.exe
2920	AHHpQbi.exe
1016	sxYfLFr.exe
1848	tNEIvnF.exe
2344	GZlGtia.exe
4112	gnmWwen.exe
880	KQdxjDf.exe
416	oTWQnvQ.exe
4492	zDketPi.exe
3040	lxseyJA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/452-0-0x00007FF610050000-0x00007FF6103A4000-memory.dmp	upx
behavioral2/files/0x000c000000023bad-6.dat	upx
behavioral2/files/0x0007000000023ca2-9.dat	upx
behavioral2/files/0x0008000000023ca1-13.dat	upx
behavioral2/memory/4820-12-0x00007FF6B6950000-0x00007FF6B6CA4000-memory.dmp	upx
behavioral2/files/0x0007000000023ca3-17.dat	upx
behavioral2/memory/3348-23-0x00007FF66EEB0000-0x00007FF66F204000-memory.dmp	upx
behavioral2/memory/2024-24-0x00007FF6ED630000-0x00007FF6ED984000-memory.dmp	upx
behavioral2/files/0x0007000000023ca4-29.dat	upx
behavioral2/files/0x0007000000023ca5-38.dat	upx
behavioral2/files/0x0007000000023ca6-43.dat	upx
behavioral2/files/0x0007000000023cab-68.dat	upx
behavioral2/files/0x0007000000023cad-78.dat	upx
behavioral2/files/0x0007000000023cb1-100.dat	upx
behavioral2/files/0x0007000000023cb4-115.dat	upx
behavioral2/files/0x0007000000023cb9-132.dat	upx
behavioral2/files/0x0007000000023cbb-150.dat	upx
behavioral2/memory/8-692-0x00007FF622780000-0x00007FF622AD4000-memory.dmp	upx
behavioral2/memory/3312-693-0x00007FF639800000-0x00007FF639B54000-memory.dmp	upx
behavioral2/memory/4712-694-0x00007FF75ABB0000-0x00007FF75AF04000-memory.dmp	upx
behavioral2/files/0x0007000000023cc0-167.dat	upx
behavioral2/files/0x0007000000023cbe-165.dat	upx
behavioral2/files/0x0007000000023cbf-162.dat	upx
behavioral2/files/0x0007000000023cbd-160.dat	upx
behavioral2/files/0x0007000000023cbc-155.dat	upx
behavioral2/files/0x0007000000023cba-145.dat	upx
behavioral2/files/0x0007000000023cb8-135.dat	upx
behavioral2/files/0x0007000000023cb7-130.dat	upx
behavioral2/files/0x0007000000023cb6-125.dat	upx
behavioral2/files/0x0007000000023cb5-120.dat	upx
behavioral2/files/0x0007000000023cb3-110.dat	upx
behavioral2/files/0x0007000000023cb2-105.dat	upx
behavioral2/files/0x0007000000023cb0-93.dat	upx
behavioral2/files/0x0007000000023caf-87.dat	upx
behavioral2/files/0x0007000000023cae-83.dat	upx
behavioral2/files/0x0007000000023cac-73.dat	upx
behavioral2/files/0x0007000000023caa-63.dat	upx
behavioral2/files/0x0007000000023ca9-58.dat	upx
behavioral2/files/0x0007000000023ca8-53.dat	upx
behavioral2/files/0x0007000000023ca7-48.dat	upx
behavioral2/memory/3420-19-0x00007FF63F220000-0x00007FF63F574000-memory.dmp	upx
behavioral2/memory/4964-695-0x00007FF68A220000-0x00007FF68A574000-memory.dmp	upx
behavioral2/memory/2144-697-0x00007FF6798A0000-0x00007FF679BF4000-memory.dmp	upx
behavioral2/memory/3680-696-0x00007FF79F5F0000-0x00007FF79F944000-memory.dmp	upx
behavioral2/memory/32-698-0x00007FF64CB70000-0x00007FF64CEC4000-memory.dmp	upx
behavioral2/memory/2836-699-0x00007FF6017C0000-0x00007FF601B14000-memory.dmp	upx
behavioral2/memory/4732-700-0x00007FF6A24E0000-0x00007FF6A2834000-memory.dmp	upx
behavioral2/memory/1104-713-0x00007FF656110000-0x00007FF656464000-memory.dmp	upx
behavioral2/memory/536-712-0x00007FF770410000-0x00007FF770764000-memory.dmp	upx
behavioral2/memory/4944-734-0x00007FF63C4D0000-0x00007FF63C824000-memory.dmp	upx
behavioral2/memory/1384-749-0x00007FF757580000-0x00007FF7578D4000-memory.dmp	upx
behavioral2/memory/1084-751-0x00007FF750290000-0x00007FF7505E4000-memory.dmp	upx
behavioral2/memory/2156-728-0x00007FF7944E0000-0x00007FF794834000-memory.dmp	upx
behavioral2/memory/1672-769-0x00007FF612D20000-0x00007FF613074000-memory.dmp	upx
behavioral2/memory/4772-772-0x00007FF72E450000-0x00007FF72E7A4000-memory.dmp	upx
behavioral2/memory/3720-775-0x00007FF711510000-0x00007FF711864000-memory.dmp	upx
behavioral2/memory/4884-782-0x00007FF7DFC80000-0x00007FF7DFFD4000-memory.dmp	upx
behavioral2/memory/2604-779-0x00007FF7A4FA0000-0x00007FF7A52F4000-memory.dmp	upx
behavioral2/memory/4288-822-0x00007FF7C5230000-0x00007FF7C5584000-memory.dmp	upx
behavioral2/memory/2448-764-0x00007FF6E4190000-0x00007FF6E44E4000-memory.dmp	upx
behavioral2/memory/4988-725-0x00007FF719920000-0x00007FF719C74000-memory.dmp	upx
behavioral2/memory/4536-724-0x00007FF746F00000-0x00007FF747254000-memory.dmp	upx
behavioral2/memory/1048-717-0x00007FF793DB0000-0x00007FF794104000-memory.dmp	upx
behavioral2/memory/452-1305-0x00007FF610050000-0x00007FF6103A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ftkHDaW.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\CLxuzEe.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\vWNnRSF.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\HmvnzKA.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\bmRQxGa.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\HUShBwt.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\nrLlLBL.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\qgqxKbQ.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\vUtNrul.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\AXBLeBo.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\jNrIxEN.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\YgSmqMa.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\hGFjoFC.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\HogpJZL.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\ViWVtPe.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\tNEIvnF.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\fdcyAhi.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\PGtjxvX.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\YXEwefr.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\gdelTiW.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\etwkNFJ.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\TixUMKY.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\xgwFYWb.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\PHcVaFa.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\xxyoJkJ.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\YpozaMq.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\XAKeugG.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\kXhTizp.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\YpxEprF.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\EGhcHxs.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\WVjxgjY.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\EihdOnR.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\wERjpbo.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\grAkuaI.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\DNHbmmo.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\lxseyJA.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\jyxHyOu.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\qITaeWK.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\MYqbPzz.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\FVMTNCx.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\VYsDLDO.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\TmUApZU.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\EJlQylW.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\sDNurUS.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\jHlbuoD.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\nUajCtl.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\KYTwrjE.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\zKelPNK.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\cMsyWXT.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\wRMTxEq.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\yYJAMRE.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\fyvtDyi.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\sSPHjGd.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\jpcwtcQ.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\zWnxiks.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\hoTqnPB.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\aORGjKV.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\YzzToNR.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\tbkTgxH.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\yczmblV.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\GnyClgk.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\SsKYcjn.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\UjIvFAu.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
File created	C:\Windows\System\DCJnXdr.exe	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14984	dwm.exe
Token: SeChangeNotifyPrivilege	14984	dwm.exe
Token: 33	14984	dwm.exe
Token: SeIncBasePriorityPrivilege	14984	dwm.exe
Token: SeShutdownPrivilege	14984	dwm.exe
Token: SeCreatePagefilePrivilege	14984	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 4820	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	84
PID 452 wrote to memory of 4820	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	84
PID 452 wrote to memory of 3420	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	85
PID 452 wrote to memory of 3420	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	85
PID 452 wrote to memory of 3348	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	86
PID 452 wrote to memory of 3348	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	86
PID 452 wrote to memory of 2024	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	87
PID 452 wrote to memory of 2024	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	87
PID 452 wrote to memory of 8	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	88
PID 452 wrote to memory of 8	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	88
PID 452 wrote to memory of 4288	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	89
PID 452 wrote to memory of 4288	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	89
PID 452 wrote to memory of 3312	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	90
PID 452 wrote to memory of 3312	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	90
PID 452 wrote to memory of 4712	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	91
PID 452 wrote to memory of 4712	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	91
PID 452 wrote to memory of 4964	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	92
PID 452 wrote to memory of 4964	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	92
PID 452 wrote to memory of 3680	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	93
PID 452 wrote to memory of 3680	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	93
PID 452 wrote to memory of 2144	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	94
PID 452 wrote to memory of 2144	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	94
PID 452 wrote to memory of 32	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	95
PID 452 wrote to memory of 32	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	95
PID 452 wrote to memory of 2836	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	96
PID 452 wrote to memory of 2836	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	96
PID 452 wrote to memory of 4732	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	97
PID 452 wrote to memory of 4732	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	97
PID 452 wrote to memory of 536	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	98
PID 452 wrote to memory of 536	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	98
PID 452 wrote to memory of 1104	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	99
PID 452 wrote to memory of 1104	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	99
PID 452 wrote to memory of 1048	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	100
PID 452 wrote to memory of 1048	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	100
PID 452 wrote to memory of 4536	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	101
PID 452 wrote to memory of 4536	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	101
PID 452 wrote to memory of 4988	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	102
PID 452 wrote to memory of 4988	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	102
PID 452 wrote to memory of 2156	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	103
PID 452 wrote to memory of 2156	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	103
PID 452 wrote to memory of 4944	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	104
PID 452 wrote to memory of 4944	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	104
PID 452 wrote to memory of 1384	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	105
PID 452 wrote to memory of 1384	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	105
PID 452 wrote to memory of 1084	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	106
PID 452 wrote to memory of 1084	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	106
PID 452 wrote to memory of 2448	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	107
PID 452 wrote to memory of 2448	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	107
PID 452 wrote to memory of 1672	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	108
PID 452 wrote to memory of 1672	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	108
PID 452 wrote to memory of 4772	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	109
PID 452 wrote to memory of 4772	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	109
PID 452 wrote to memory of 3720	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	110
PID 452 wrote to memory of 3720	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	110
PID 452 wrote to memory of 2604	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	111
PID 452 wrote to memory of 2604	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	111
PID 452 wrote to memory of 4884	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	112
PID 452 wrote to memory of 4884	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	112
PID 452 wrote to memory of 4084	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	113
PID 452 wrote to memory of 4084	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	113
PID 452 wrote to memory of 312	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	114
PID 452 wrote to memory of 312	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	114
PID 452 wrote to memory of 4600	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	115
PID 452 wrote to memory of 4600	452	c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe	115

C:\Users\Admin\AppData\Local\Temp\c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe
"C:\Users\Admin\AppData\Local\Temp\c76363d8a0c6804eba526f3a8dd8d4a800579e7e38594332d83dbd0ed076e2b1.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\System\fxFggWF.exe
  C:\Windows\System\fxFggWF.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\leawqoU.exe
  C:\Windows\System\leawqoU.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\DMjDCSj.exe
  C:\Windows\System\DMjDCSj.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\rJbSInZ.exe
  C:\Windows\System\rJbSInZ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\iqrtKqW.exe
  C:\Windows\System\iqrtKqW.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\gVIwBoQ.exe
  C:\Windows\System\gVIwBoQ.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\RgUQBSg.exe
  C:\Windows\System\RgUQBSg.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\ktHFmEp.exe
  C:\Windows\System\ktHFmEp.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\lGMWXqj.exe
  C:\Windows\System\lGMWXqj.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\gdelTiW.exe
  C:\Windows\System\gdelTiW.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\hmCKreE.exe
  C:\Windows\System\hmCKreE.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\MEnVxeB.exe
  C:\Windows\System\MEnVxeB.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\CKbQyxx.exe
  C:\Windows\System\CKbQyxx.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\VKVVnpO.exe
  C:\Windows\System\VKVVnpO.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\BTsEEYa.exe
  C:\Windows\System\BTsEEYa.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\BMOnKRH.exe
  C:\Windows\System\BMOnKRH.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\dKsLhIY.exe
  C:\Windows\System\dKsLhIY.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\RQXljXr.exe
  C:\Windows\System\RQXljXr.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\TvYtpSg.exe
  C:\Windows\System\TvYtpSg.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\DbBirbx.exe
  C:\Windows\System\DbBirbx.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\JOkqxHu.exe
  C:\Windows\System\JOkqxHu.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\padSFGi.exe
  C:\Windows\System\padSFGi.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\SEleXmX.exe
  C:\Windows\System\SEleXmX.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\HogpJZL.exe
  C:\Windows\System\HogpJZL.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\guzhtER.exe
  C:\Windows\System\guzhtER.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\VDiThDz.exe
  C:\Windows\System\VDiThDz.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\yQEcihq.exe
  C:\Windows\System\yQEcihq.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\gStqxMF.exe
  C:\Windows\System\gStqxMF.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\vTtcGaI.exe
  C:\Windows\System\vTtcGaI.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\ViWVtPe.exe
  C:\Windows\System\ViWVtPe.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\UhcBsfj.exe
  C:\Windows\System\UhcBsfj.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\eWAaGgy.exe
  C:\Windows\System\eWAaGgy.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\WaViLec.exe
  C:\Windows\System\WaViLec.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\yeuXcOz.exe
  C:\Windows\System\yeuXcOz.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\fiSXrzF.exe
  C:\Windows\System\fiSXrzF.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\CFgaKpF.exe
  C:\Windows\System\CFgaKpF.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\NjpAaCb.exe
  C:\Windows\System\NjpAaCb.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\FVMTNCx.exe
  C:\Windows\System\FVMTNCx.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\PuqjzXh.exe
  C:\Windows\System\PuqjzXh.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\NKUdvqQ.exe
  C:\Windows\System\NKUdvqQ.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\DBxwHpB.exe
  C:\Windows\System\DBxwHpB.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\jccecCq.exe
  C:\Windows\System\jccecCq.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\rhrDovO.exe
  C:\Windows\System\rhrDovO.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\mUosBhe.exe
  C:\Windows\System\mUosBhe.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\SRppwJV.exe
  C:\Windows\System\SRppwJV.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\AZDJgEF.exe
  C:\Windows\System\AZDJgEF.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\ftzFtHz.exe
  C:\Windows\System\ftzFtHz.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\OABNAsm.exe
  C:\Windows\System\OABNAsm.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\ESFZfim.exe
  C:\Windows\System\ESFZfim.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\xKVkDkm.exe
  C:\Windows\System\xKVkDkm.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\jgELmEy.exe
  C:\Windows\System\jgELmEy.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\LMAkpQk.exe
  C:\Windows\System\LMAkpQk.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\TiEHjFb.exe
  C:\Windows\System\TiEHjFb.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\uBDlAOG.exe
  C:\Windows\System\uBDlAOG.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\VkxgAXv.exe
  C:\Windows\System\VkxgAXv.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\AHHpQbi.exe
  C:\Windows\System\AHHpQbi.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\sxYfLFr.exe
  C:\Windows\System\sxYfLFr.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\tNEIvnF.exe
  C:\Windows\System\tNEIvnF.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\GZlGtia.exe
  C:\Windows\System\GZlGtia.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\gnmWwen.exe
  C:\Windows\System\gnmWwen.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\KQdxjDf.exe
  C:\Windows\System\KQdxjDf.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\oTWQnvQ.exe
  C:\Windows\System\oTWQnvQ.exe
  2⤵
  - Executes dropped EXE
  PID:416
- C:\Windows\System\zDketPi.exe
  C:\Windows\System\zDketPi.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\lxseyJA.exe
  C:\Windows\System\lxseyJA.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\rnEGZep.exe
  C:\Windows\System\rnEGZep.exe
  2⤵
  PID:2928
- C:\Windows\System\DeLvIAn.exe
  C:\Windows\System\DeLvIAn.exe
  2⤵
  PID:3688
- C:\Windows\System\DskpbFj.exe
  C:\Windows\System\DskpbFj.exe
  2⤵
  PID:4504
- C:\Windows\System\WqcsEkz.exe
  C:\Windows\System\WqcsEkz.exe
  2⤵
  PID:4832
- C:\Windows\System\nYgjTLB.exe
  C:\Windows\System\nYgjTLB.exe
  2⤵
  PID:3196
- C:\Windows\System\LNwslVp.exe
  C:\Windows\System\LNwslVp.exe
  2⤵
  PID:2508
- C:\Windows\System\qLobvfr.exe
  C:\Windows\System\qLobvfr.exe
  2⤵
  PID:4556
- C:\Windows\System\AvdoAXt.exe
  C:\Windows\System\AvdoAXt.exe
  2⤵
  PID:2484
- C:\Windows\System\KxbkUtN.exe
  C:\Windows\System\KxbkUtN.exe
  2⤵
  PID:3056
- C:\Windows\System\iJgJUsw.exe
  C:\Windows\System\iJgJUsw.exe
  2⤵
  PID:2892
- C:\Windows\System\MHQOHUL.exe
  C:\Windows\System\MHQOHUL.exe
  2⤵
  PID:3620
- C:\Windows\System\DHYgpof.exe
  C:\Windows\System\DHYgpof.exe
  2⤵
  PID:2948
- C:\Windows\System\yRsUdjd.exe
  C:\Windows\System\yRsUdjd.exe
  2⤵
  PID:3144
- C:\Windows\System\VlVUbsD.exe
  C:\Windows\System\VlVUbsD.exe
  2⤵
  PID:4028
- C:\Windows\System\VFKEYQN.exe
  C:\Windows\System\VFKEYQN.exe
  2⤵
  PID:3892
- C:\Windows\System\nJDGhiz.exe
  C:\Windows\System\nJDGhiz.exe
  2⤵
  PID:772
- C:\Windows\System\DNHbmmo.exe
  C:\Windows\System\DNHbmmo.exe
  2⤵
  PID:3192
- C:\Windows\System\LKPPkdo.exe
  C:\Windows\System\LKPPkdo.exe
  2⤵
  PID:3548
- C:\Windows\System\FbzUjps.exe
  C:\Windows\System\FbzUjps.exe
  2⤵
  PID:1688
- C:\Windows\System\qTIpSTv.exe
  C:\Windows\System\qTIpSTv.exe
  2⤵
  PID:1208
- C:\Windows\System\yNEiIZu.exe
  C:\Windows\System\yNEiIZu.exe
  2⤵
  PID:1772
- C:\Windows\System\fyCYCAW.exe
  C:\Windows\System\fyCYCAW.exe
  2⤵
  PID:2504
- C:\Windows\System\PBeoTyG.exe
  C:\Windows\System\PBeoTyG.exe
  2⤵
  PID:5136
- C:\Windows\System\kXhTizp.exe
  C:\Windows\System\kXhTizp.exe
  2⤵
  PID:5164
- C:\Windows\System\RDvdwyz.exe
  C:\Windows\System\RDvdwyz.exe
  2⤵
  PID:5192
- C:\Windows\System\JKMmvkH.exe
  C:\Windows\System\JKMmvkH.exe
  2⤵
  PID:5220
- C:\Windows\System\rXyADKT.exe
  C:\Windows\System\rXyADKT.exe
  2⤵
  PID:5248
- C:\Windows\System\zUrVfNb.exe
  C:\Windows\System\zUrVfNb.exe
  2⤵
  PID:5276
- C:\Windows\System\MEhakvl.exe
  C:\Windows\System\MEhakvl.exe
  2⤵
  PID:5304
- C:\Windows\System\IInDvlj.exe
  C:\Windows\System\IInDvlj.exe
  2⤵
  PID:5332
- C:\Windows\System\bBPEZQI.exe
  C:\Windows\System\bBPEZQI.exe
  2⤵
  PID:5360
- C:\Windows\System\PMeznOm.exe
  C:\Windows\System\PMeznOm.exe
  2⤵
  PID:5388
- C:\Windows\System\hoTqnPB.exe
  C:\Windows\System\hoTqnPB.exe
  2⤵
  PID:5416
- C:\Windows\System\PEyazsM.exe
  C:\Windows\System\PEyazsM.exe
  2⤵
  PID:5444
- C:\Windows\System\CfoZNEb.exe
  C:\Windows\System\CfoZNEb.exe
  2⤵
  PID:5472
- C:\Windows\System\jiAESve.exe
  C:\Windows\System\jiAESve.exe
  2⤵
  PID:5500
- C:\Windows\System\YpxEprF.exe
  C:\Windows\System\YpxEprF.exe
  2⤵
  PID:5528
- C:\Windows\System\Dhkydom.exe
  C:\Windows\System\Dhkydom.exe
  2⤵
  PID:5556
- C:\Windows\System\Rvneece.exe
  C:\Windows\System\Rvneece.exe
  2⤵
  PID:5584
- C:\Windows\System\xxyoJkJ.exe
  C:\Windows\System\xxyoJkJ.exe
  2⤵
  PID:5612
- C:\Windows\System\USpSqPd.exe
  C:\Windows\System\USpSqPd.exe
  2⤵
  PID:5640
- C:\Windows\System\WQYbfEb.exe
  C:\Windows\System\WQYbfEb.exe
  2⤵
  PID:5668
- C:\Windows\System\gtDlfxH.exe
  C:\Windows\System\gtDlfxH.exe
  2⤵
  PID:5696
- C:\Windows\System\ROqFnWO.exe
  C:\Windows\System\ROqFnWO.exe
  2⤵
  PID:5724
- C:\Windows\System\iZOADXq.exe
  C:\Windows\System\iZOADXq.exe
  2⤵
  PID:5748
- C:\Windows\System\ILsRNio.exe
  C:\Windows\System\ILsRNio.exe
  2⤵
  PID:5780
- C:\Windows\System\agYoBPW.exe
  C:\Windows\System\agYoBPW.exe
  2⤵
  PID:5808
- C:\Windows\System\psAahul.exe
  C:\Windows\System\psAahul.exe
  2⤵
  PID:5836
- C:\Windows\System\JlbvAcC.exe
  C:\Windows\System\JlbvAcC.exe
  2⤵
  PID:5864
- C:\Windows\System\jiVCpVM.exe
  C:\Windows\System\jiVCpVM.exe
  2⤵
  PID:5892
- C:\Windows\System\VJOClps.exe
  C:\Windows\System\VJOClps.exe
  2⤵
  PID:5920
- C:\Windows\System\xgOaIZr.exe
  C:\Windows\System\xgOaIZr.exe
  2⤵
  PID:5948
- C:\Windows\System\BpGBIvt.exe
  C:\Windows\System\BpGBIvt.exe
  2⤵
  PID:5976
- C:\Windows\System\iWLCNJy.exe
  C:\Windows\System\iWLCNJy.exe
  2⤵
  PID:6004
- C:\Windows\System\aIsOdjk.exe
  C:\Windows\System\aIsOdjk.exe
  2⤵
  PID:6032
- C:\Windows\System\IsFbaLg.exe
  C:\Windows\System\IsFbaLg.exe
  2⤵
  PID:6060
- C:\Windows\System\VdRIHzs.exe
  C:\Windows\System\VdRIHzs.exe
  2⤵
  PID:6092
- C:\Windows\System\WvcxDEF.exe
  C:\Windows\System\WvcxDEF.exe
  2⤵
  PID:6120
- C:\Windows\System\VUGcUQG.exe
  C:\Windows\System\VUGcUQG.exe
  2⤵
  PID:4864
- C:\Windows\System\brNCPuD.exe
  C:\Windows\System\brNCPuD.exe
  2⤵
  PID:3152
- C:\Windows\System\vWNnRSF.exe
  C:\Windows\System\vWNnRSF.exe
  2⤵
  PID:1108
- C:\Windows\System\DokTVAE.exe
  C:\Windows\System\DokTVAE.exe
  2⤵
  PID:4444
- C:\Windows\System\UueXRyo.exe
  C:\Windows\System\UueXRyo.exe
  2⤵
  PID:916
- C:\Windows\System\YOBxJsg.exe
  C:\Windows\System\YOBxJsg.exe
  2⤵
  PID:1760
- C:\Windows\System\kyNolVa.exe
  C:\Windows\System\kyNolVa.exe
  2⤵
  PID:5156
- C:\Windows\System\wqAKfVd.exe
  C:\Windows\System\wqAKfVd.exe
  2⤵
  PID:5232
- C:\Windows\System\pqqzyIK.exe
  C:\Windows\System\pqqzyIK.exe
  2⤵
  PID:5292
- C:\Windows\System\yTzkDLk.exe
  C:\Windows\System\yTzkDLk.exe
  2⤵
  PID:5352
- C:\Windows\System\UhOGNkh.exe
  C:\Windows\System\UhOGNkh.exe
  2⤵
  PID:5428
- C:\Windows\System\stzFAwq.exe
  C:\Windows\System\stzFAwq.exe
  2⤵
  PID:5492
- C:\Windows\System\AWWrPoC.exe
  C:\Windows\System\AWWrPoC.exe
  2⤵
  PID:5548
- C:\Windows\System\XrTDHgA.exe
  C:\Windows\System\XrTDHgA.exe
  2⤵
  PID:5624
- C:\Windows\System\hxQKUTQ.exe
  C:\Windows\System\hxQKUTQ.exe
  2⤵
  PID:5684
- C:\Windows\System\TweUaCI.exe
  C:\Windows\System\TweUaCI.exe
  2⤵
  PID:5744
- C:\Windows\System\KKySIbL.exe
  C:\Windows\System\KKySIbL.exe
  2⤵
  PID:5820
- C:\Windows\System\soXOcIG.exe
  C:\Windows\System\soXOcIG.exe
  2⤵
  PID:5880
- C:\Windows\System\pOBbQnD.exe
  C:\Windows\System\pOBbQnD.exe
  2⤵
  PID:5940
- C:\Windows\System\leHYZOU.exe
  C:\Windows\System\leHYZOU.exe
  2⤵
  PID:6016
- C:\Windows\System\egXKHOH.exe
  C:\Windows\System\egXKHOH.exe
  2⤵
  PID:6080
- C:\Windows\System\vlEklIZ.exe
  C:\Windows\System\vlEklIZ.exe
  2⤵
  PID:6140
- C:\Windows\System\XYJwPWE.exe
  C:\Windows\System\XYJwPWE.exe
  2⤵
  PID:4716
- C:\Windows\System\JfjBiQz.exe
  C:\Windows\System\JfjBiQz.exe
  2⤵
  PID:3004
- C:\Windows\System\HtdjTNG.exe
  C:\Windows\System\HtdjTNG.exe
  2⤵
  PID:5204
- C:\Windows\System\vICpwuS.exe
  C:\Windows\System\vICpwuS.exe
  2⤵
  PID:5344
- C:\Windows\System\qibPkbT.exe
  C:\Windows\System\qibPkbT.exe
  2⤵
  PID:5488
- C:\Windows\System\VYigOpf.exe
  C:\Windows\System\VYigOpf.exe
  2⤵
  PID:5652
- C:\Windows\System\oPurNyd.exe
  C:\Windows\System\oPurNyd.exe
  2⤵
  PID:5796
- C:\Windows\System\otmsghI.exe
  C:\Windows\System\otmsghI.exe
  2⤵
  PID:5932
- C:\Windows\System\mpmjivp.exe
  C:\Windows\System\mpmjivp.exe
  2⤵
  PID:6152
- C:\Windows\System\TkCxtJy.exe
  C:\Windows\System\TkCxtJy.exe
  2⤵
  PID:6180
- C:\Windows\System\rWkzIQz.exe
  C:\Windows\System\rWkzIQz.exe
  2⤵
  PID:6208
- C:\Windows\System\uWXCYQq.exe
  C:\Windows\System\uWXCYQq.exe
  2⤵
  PID:6236
- C:\Windows\System\EGhcHxs.exe
  C:\Windows\System\EGhcHxs.exe
  2⤵
  PID:6264
- C:\Windows\System\LjjHfOB.exe
  C:\Windows\System\LjjHfOB.exe
  2⤵
  PID:6292
- C:\Windows\System\qYQMkUF.exe
  C:\Windows\System\qYQMkUF.exe
  2⤵
  PID:6320
- C:\Windows\System\cINndNJ.exe
  C:\Windows\System\cINndNJ.exe
  2⤵
  PID:6348
- C:\Windows\System\NTTkrPe.exe
  C:\Windows\System\NTTkrPe.exe
  2⤵
  PID:6376
- C:\Windows\System\ARLcGTf.exe
  C:\Windows\System\ARLcGTf.exe
  2⤵
  PID:6404
- C:\Windows\System\hGFjoFC.exe
  C:\Windows\System\hGFjoFC.exe
  2⤵
  PID:6432
- C:\Windows\System\WoqalEI.exe
  C:\Windows\System\WoqalEI.exe
  2⤵
  PID:6460
- C:\Windows\System\etwkNFJ.exe
  C:\Windows\System\etwkNFJ.exe
  2⤵
  PID:6488
- C:\Windows\System\WOayUlD.exe
  C:\Windows\System\WOayUlD.exe
  2⤵
  PID:6516
- C:\Windows\System\gZLHQUD.exe
  C:\Windows\System\gZLHQUD.exe
  2⤵
  PID:6544
- C:\Windows\System\XXMqBTg.exe
  C:\Windows\System\XXMqBTg.exe
  2⤵
  PID:6572
- C:\Windows\System\XVLdsFV.exe
  C:\Windows\System\XVLdsFV.exe
  2⤵
  PID:6600
- C:\Windows\System\gOYsITj.exe
  C:\Windows\System\gOYsITj.exe
  2⤵
  PID:6632
- C:\Windows\System\kvXfzgT.exe
  C:\Windows\System\kvXfzgT.exe
  2⤵
  PID:6656
- C:\Windows\System\CBenHSm.exe
  C:\Windows\System\CBenHSm.exe
  2⤵
  PID:6684
- C:\Windows\System\ALPXrdN.exe
  C:\Windows\System\ALPXrdN.exe
  2⤵
  PID:6712
- C:\Windows\System\gKqydgT.exe
  C:\Windows\System\gKqydgT.exe
  2⤵
  PID:6740
- C:\Windows\System\aPXgnLE.exe
  C:\Windows\System\aPXgnLE.exe
  2⤵
  PID:6764
- C:\Windows\System\vnPCYkO.exe
  C:\Windows\System\vnPCYkO.exe
  2⤵
  PID:6796
- C:\Windows\System\odckwOK.exe
  C:\Windows\System\odckwOK.exe
  2⤵
  PID:6824
- C:\Windows\System\gUBgoqE.exe
  C:\Windows\System\gUBgoqE.exe
  2⤵
  PID:6852
- C:\Windows\System\mkdRpvL.exe
  C:\Windows\System\mkdRpvL.exe
  2⤵
  PID:6880
- C:\Windows\System\AJrpuOl.exe
  C:\Windows\System\AJrpuOl.exe
  2⤵
  PID:6908
- C:\Windows\System\rmjTnCO.exe
  C:\Windows\System\rmjTnCO.exe
  2⤵
  PID:6936
- C:\Windows\System\sEmJNUv.exe
  C:\Windows\System\sEmJNUv.exe
  2⤵
  PID:6964
- C:\Windows\System\ZQhSJuB.exe
  C:\Windows\System\ZQhSJuB.exe
  2⤵
  PID:6992
- C:\Windows\System\HnSUxkh.exe
  C:\Windows\System\HnSUxkh.exe
  2⤵
  PID:7020
- C:\Windows\System\UBFrLTU.exe
  C:\Windows\System\UBFrLTU.exe
  2⤵
  PID:7048
- C:\Windows\System\fdJeUiv.exe
  C:\Windows\System\fdJeUiv.exe
  2⤵
  PID:7076
- C:\Windows\System\XxWOMWl.exe
  C:\Windows\System\XxWOMWl.exe
  2⤵
  PID:7104
- C:\Windows\System\MPScREX.exe
  C:\Windows\System\MPScREX.exe
  2⤵
  PID:7132
- C:\Windows\System\eWpNNfa.exe
  C:\Windows\System\eWpNNfa.exe
  2⤵
  PID:7160
- C:\Windows\System\ndcTrgT.exe
  C:\Windows\System\ndcTrgT.exe
  2⤵
  PID:6132
- C:\Windows\System\yfhmUHV.exe
  C:\Windows\System\yfhmUHV.exe
  2⤵
  PID:4564
- C:\Windows\System\eVrPObS.exe
  C:\Windows\System\eVrPObS.exe
  2⤵
  PID:5320
- C:\Windows\System\nBBpAqf.exe
  C:\Windows\System\nBBpAqf.exe
  2⤵
  PID:5712
- C:\Windows\System\vUtNrul.exe
  C:\Windows\System\vUtNrul.exe
  2⤵
  PID:5992
- C:\Windows\System\rjLNFAb.exe
  C:\Windows\System\rjLNFAb.exe
  2⤵
  PID:6196
- C:\Windows\System\nxVCqZu.exe
  C:\Windows\System\nxVCqZu.exe
  2⤵
  PID:6256
- C:\Windows\System\LpTgwWo.exe
  C:\Windows\System\LpTgwWo.exe
  2⤵
  PID:6332
- C:\Windows\System\VKkcPKT.exe
  C:\Windows\System\VKkcPKT.exe
  2⤵
  PID:6388
- C:\Windows\System\UKOcbrZ.exe
  C:\Windows\System\UKOcbrZ.exe
  2⤵
  PID:6448
- C:\Windows\System\ZipJfNk.exe
  C:\Windows\System\ZipJfNk.exe
  2⤵
  PID:6508
- C:\Windows\System\oVzbIoO.exe
  C:\Windows\System\oVzbIoO.exe
  2⤵
  PID:6584
- C:\Windows\System\jyxHyOu.exe
  C:\Windows\System\jyxHyOu.exe
  2⤵
  PID:6648
- C:\Windows\System\AIRRHuS.exe
  C:\Windows\System\AIRRHuS.exe
  2⤵
  PID:6700
- C:\Windows\System\RBPtevw.exe
  C:\Windows\System\RBPtevw.exe
  2⤵
  PID:2964
- C:\Windows\System\ziPJtzX.exe
  C:\Windows\System\ziPJtzX.exe
  2⤵
  PID:6808
- C:\Windows\System\yvDufna.exe
  C:\Windows\System\yvDufna.exe
  2⤵
  PID:6864
- C:\Windows\System\NshuJvt.exe
  C:\Windows\System\NshuJvt.exe
  2⤵
  PID:6924
- C:\Windows\System\jrJaeat.exe
  C:\Windows\System\jrJaeat.exe
  2⤵
  PID:6980
- C:\Windows\System\QkVnnNk.exe
  C:\Windows\System\QkVnnNk.exe
  2⤵
  PID:7032
- C:\Windows\System\JjnKuzw.exe
  C:\Windows\System\JjnKuzw.exe
  2⤵
  PID:340
- C:\Windows\System\fdcyAhi.exe
  C:\Windows\System\fdcyAhi.exe
  2⤵
  PID:1520
- C:\Windows\System\MlSEFcQ.exe
  C:\Windows\System\MlSEFcQ.exe
  2⤵
  PID:5912
- C:\Windows\System\lLLOZya.exe
  C:\Windows\System\lLLOZya.exe
  2⤵
  PID:4576
- C:\Windows\System\FCzxZtL.exe
  C:\Windows\System\FCzxZtL.exe
  2⤵
  PID:4860
- C:\Windows\System\LFocfHM.exe
  C:\Windows\System\LFocfHM.exe
  2⤵
  PID:6476
- C:\Windows\System\HiUmYYi.exe
  C:\Windows\System\HiUmYYi.exe
  2⤵
  PID:6536
- C:\Windows\System\dYDLrzU.exe
  C:\Windows\System\dYDLrzU.exe
  2⤵
  PID:5084
- C:\Windows\System\hBAwRvj.exe
  C:\Windows\System\hBAwRvj.exe
  2⤵
  PID:5000
- C:\Windows\System\HmvnzKA.exe
  C:\Windows\System\HmvnzKA.exe
  2⤵
  PID:1440
- C:\Windows\System\TixUMKY.exe
  C:\Windows\System\TixUMKY.exe
  2⤵
  PID:6892
- C:\Windows\System\noJhHDq.exe
  C:\Windows\System\noJhHDq.exe
  2⤵
  PID:3556
- C:\Windows\System\YaIYShC.exe
  C:\Windows\System\YaIYShC.exe
  2⤵
  PID:4848
- C:\Windows\System\fNLyfKz.exe
  C:\Windows\System\fNLyfKz.exe
  2⤵
  PID:7124
- C:\Windows\System\nflkUtC.exe
  C:\Windows\System\nflkUtC.exe
  2⤵
  PID:3728
- C:\Windows\System\iLKXBdL.exe
  C:\Windows\System\iLKXBdL.exe
  2⤵
  PID:3584
- C:\Windows\System\TEAvfKP.exe
  C:\Windows\System\TEAvfKP.exe
  2⤵
  PID:116
- C:\Windows\System\WVjxgjY.exe
  C:\Windows\System\WVjxgjY.exe
  2⤵
  PID:6420
- C:\Windows\System\eSjjLjh.exe
  C:\Windows\System\eSjjLjh.exe
  2⤵
  PID:4808
- C:\Windows\System\HwYUXvv.exe
  C:\Windows\System\HwYUXvv.exe
  2⤵
  PID:4560
- C:\Windows\System\WfmgSQt.exe
  C:\Windows\System\WfmgSQt.exe
  2⤵
  PID:3188
- C:\Windows\System\kTcaJSQ.exe
  C:\Windows\System\kTcaJSQ.exe
  2⤵
  PID:3148
- C:\Windows\System\BArxVCO.exe
  C:\Windows\System\BArxVCO.exe
  2⤵
  PID:3676
- C:\Windows\System\fLMnwpe.exe
  C:\Windows\System\fLMnwpe.exe
  2⤵
  PID:6788
- C:\Windows\System\aXAkGaM.exe
  C:\Windows\System\aXAkGaM.exe
  2⤵
  PID:2096
- C:\Windows\System\HlPAUgF.exe
  C:\Windows\System\HlPAUgF.exe
  2⤵
  PID:7148
- C:\Windows\System\loAXPsn.exe
  C:\Windows\System\loAXPsn.exe
  2⤵
  PID:7184
- C:\Windows\System\SYwtNDp.exe
  C:\Windows\System\SYwtNDp.exe
  2⤵
  PID:7208
- C:\Windows\System\OuLZZAb.exe
  C:\Windows\System\OuLZZAb.exe
  2⤵
  PID:7236
- C:\Windows\System\fLkvwtP.exe
  C:\Windows\System\fLkvwtP.exe
  2⤵
  PID:7264
- C:\Windows\System\YcyODXG.exe
  C:\Windows\System\YcyODXG.exe
  2⤵
  PID:7292
- C:\Windows\System\fuPxwCO.exe
  C:\Windows\System\fuPxwCO.exe
  2⤵
  PID:7320
- C:\Windows\System\YZJlUjv.exe
  C:\Windows\System\YZJlUjv.exe
  2⤵
  PID:7352
- C:\Windows\System\uePXLZY.exe
  C:\Windows\System\uePXLZY.exe
  2⤵
  PID:7376
- C:\Windows\System\InmGLJo.exe
  C:\Windows\System\InmGLJo.exe
  2⤵
  PID:7420
- C:\Windows\System\QtBdHZs.exe
  C:\Windows\System\QtBdHZs.exe
  2⤵
  PID:7560
- C:\Windows\System\GWKZvBD.exe
  C:\Windows\System\GWKZvBD.exe
  2⤵
  PID:7684
- C:\Windows\System\EAcshDS.exe
  C:\Windows\System\EAcshDS.exe
  2⤵
  PID:7700
- C:\Windows\System\uODZVSU.exe
  C:\Windows\System\uODZVSU.exe
  2⤵
  PID:7716
- C:\Windows\System\Lyjglio.exe
  C:\Windows\System\Lyjglio.exe
  2⤵
  PID:7756
- C:\Windows\System\mgtaTNq.exe
  C:\Windows\System\mgtaTNq.exe
  2⤵
  PID:7784
- C:\Windows\System\jlKvVlt.exe
  C:\Windows\System\jlKvVlt.exe
  2⤵
  PID:7800
- C:\Windows\System\hNBvXFA.exe
  C:\Windows\System\hNBvXFA.exe
  2⤵
  PID:7828
- C:\Windows\System\RIyWxvw.exe
  C:\Windows\System\RIyWxvw.exe
  2⤵
  PID:7876
- C:\Windows\System\xyXdcHT.exe
  C:\Windows\System\xyXdcHT.exe
  2⤵
  PID:7912
- C:\Windows\System\RovHmSj.exe
  C:\Windows\System\RovHmSj.exe
  2⤵
  PID:7940
- C:\Windows\System\nYQlkzy.exe
  C:\Windows\System\nYQlkzy.exe
  2⤵
  PID:7972
- C:\Windows\System\nUajCtl.exe
  C:\Windows\System\nUajCtl.exe
  2⤵
  PID:8000
- C:\Windows\System\uRGjxUr.exe
  C:\Windows\System\uRGjxUr.exe
  2⤵
  PID:8028
- C:\Windows\System\orZiiMu.exe
  C:\Windows\System\orZiiMu.exe
  2⤵
  PID:8048
- C:\Windows\System\xgwFYWb.exe
  C:\Windows\System\xgwFYWb.exe
  2⤵
  PID:8084
- C:\Windows\System\KnNhUMJ.exe
  C:\Windows\System\KnNhUMJ.exe
  2⤵
  PID:8100
- C:\Windows\System\YETZVzg.exe
  C:\Windows\System\YETZVzg.exe
  2⤵
  PID:8136
- C:\Windows\System\AXBLeBo.exe
  C:\Windows\System\AXBLeBo.exe
  2⤵
  PID:8156
- C:\Windows\System\GIYAIPi.exe
  C:\Windows\System\GIYAIPi.exe
  2⤵
  PID:6956
- C:\Windows\System\MyJFaHc.exe
  C:\Windows\System\MyJFaHc.exe
  2⤵
  PID:7196
- C:\Windows\System\OqPFitb.exe
  C:\Windows\System\OqPFitb.exe
  2⤵
  PID:7228
- C:\Windows\System\AxzMSGX.exe
  C:\Windows\System\AxzMSGX.exe
  2⤵
  PID:7260
- C:\Windows\System\YOCarhK.exe
  C:\Windows\System\YOCarhK.exe
  2⤵
  PID:7316
- C:\Windows\System\FAsPnol.exe
  C:\Windows\System\FAsPnol.exe
  2⤵
  PID:7392
- C:\Windows\System\dZtWver.exe
  C:\Windows\System\dZtWver.exe
  2⤵
  PID:7568
- C:\Windows\System\cgVPSaM.exe
  C:\Windows\System\cgVPSaM.exe
  2⤵
  PID:6696
- C:\Windows\System\GoSkQZc.exe
  C:\Windows\System\GoSkQZc.exe
  2⤵
  PID:2900
- C:\Windows\System\FxbHuSk.exe
  C:\Windows\System\FxbHuSk.exe
  2⤵
  PID:7752
- C:\Windows\System\xOHPKLM.exe
  C:\Windows\System\xOHPKLM.exe
  2⤵
  PID:7844
- C:\Windows\System\XFjUWll.exe
  C:\Windows\System\XFjUWll.exe
  2⤵
  PID:7868
- C:\Windows\System\ffUbmwL.exe
  C:\Windows\System\ffUbmwL.exe
  2⤵
  PID:7608
- C:\Windows\System\gyuWcGQ.exe
  C:\Windows\System\gyuWcGQ.exe
  2⤵
  PID:7636
- C:\Windows\System\SsKYcjn.exe
  C:\Windows\System\SsKYcjn.exe
  2⤵
  PID:7988
- C:\Windows\System\fYUDHoP.exe
  C:\Windows\System\fYUDHoP.exe
  2⤵
  PID:8036
- C:\Windows\System\tSdbYcm.exe
  C:\Windows\System\tSdbYcm.exe
  2⤵
  PID:8112
- C:\Windows\System\JfipXde.exe
  C:\Windows\System\JfipXde.exe
  2⤵
  PID:8180
- C:\Windows\System\qITaeWK.exe
  C:\Windows\System\qITaeWK.exe
  2⤵
  PID:7256
- C:\Windows\System\NyFVbJY.exe
  C:\Windows\System\NyFVbJY.exe
  2⤵
  PID:7372
- C:\Windows\System\FZqVPyi.exe
  C:\Windows\System\FZqVPyi.exe
  2⤵
  PID:1844
- C:\Windows\System\ZgKOgyZ.exe
  C:\Windows\System\ZgKOgyZ.exe
  2⤵
  PID:7776
- C:\Windows\System\KKEPtXo.exe
  C:\Windows\System\KKEPtXo.exe
  2⤵
  PID:2760
- C:\Windows\System\ZSkWdvg.exe
  C:\Windows\System\ZSkWdvg.exe
  2⤵
  PID:7968
- C:\Windows\System\mIELBFV.exe
  C:\Windows\System\mIELBFV.exe
  2⤵
  PID:8096
- C:\Windows\System\geSArek.exe
  C:\Windows\System\geSArek.exe
  2⤵
  PID:776
- C:\Windows\System\NGmNpzO.exe
  C:\Windows\System\NGmNpzO.exe
  2⤵
  PID:7588
- C:\Windows\System\CJNGWGk.exe
  C:\Windows\System\CJNGWGk.exe
  2⤵
  PID:7904
- C:\Windows\System\OxFZYVT.exe
  C:\Windows\System\OxFZYVT.exe
  2⤵
  PID:7592
- C:\Windows\System\ISfzpuL.exe
  C:\Windows\System\ISfzpuL.exe
  2⤵
  PID:7768
- C:\Windows\System\ftkHDaW.exe
  C:\Windows\System\ftkHDaW.exe
  2⤵
  PID:8228
- C:\Windows\System\tOUaqDZ.exe
  C:\Windows\System\tOUaqDZ.exe
  2⤵
  PID:8256
- C:\Windows\System\aORGjKV.exe
  C:\Windows\System\aORGjKV.exe
  2⤵
  PID:8284
- C:\Windows\System\creNEQq.exe
  C:\Windows\System\creNEQq.exe
  2⤵
  PID:8312
- C:\Windows\System\yLRYyGj.exe
  C:\Windows\System\yLRYyGj.exe
  2⤵
  PID:8340
- C:\Windows\System\NhUJGgl.exe
  C:\Windows\System\NhUJGgl.exe
  2⤵
  PID:8368
- C:\Windows\System\QQUdOlr.exe
  C:\Windows\System\QQUdOlr.exe
  2⤵
  PID:8384
- C:\Windows\System\bUGLTCV.exe
  C:\Windows\System\bUGLTCV.exe
  2⤵
  PID:8404
- C:\Windows\System\eaSZbiT.exe
  C:\Windows\System\eaSZbiT.exe
  2⤵
  PID:8440
- C:\Windows\System\xnkjBtt.exe
  C:\Windows\System\xnkjBtt.exe
  2⤵
  PID:8464
- C:\Windows\System\RIqVsyH.exe
  C:\Windows\System\RIqVsyH.exe
  2⤵
  PID:8492
- C:\Windows\System\PHcVaFa.exe
  C:\Windows\System\PHcVaFa.exe
  2⤵
  PID:8540
- C:\Windows\System\QlWOFSX.exe
  C:\Windows\System\QlWOFSX.exe
  2⤵
  PID:8568
- C:\Windows\System\qKSBNIA.exe
  C:\Windows\System\qKSBNIA.exe
  2⤵
  PID:8584
- C:\Windows\System\BRjYPKz.exe
  C:\Windows\System\BRjYPKz.exe
  2⤵
  PID:8612
- C:\Windows\System\wIjWQhh.exe
  C:\Windows\System\wIjWQhh.exe
  2⤵
  PID:8652
- C:\Windows\System\pBAnBJT.exe
  C:\Windows\System\pBAnBJT.exe
  2⤵
  PID:8680
- C:\Windows\System\cltcrqM.exe
  C:\Windows\System\cltcrqM.exe
  2⤵
  PID:8708
- C:\Windows\System\DydCmMN.exe
  C:\Windows\System\DydCmMN.exe
  2⤵
  PID:8736
- C:\Windows\System\LHfebTx.exe
  C:\Windows\System\LHfebTx.exe
  2⤵
  PID:8764
- C:\Windows\System\IPaOiAQ.exe
  C:\Windows\System\IPaOiAQ.exe
  2⤵
  PID:8792
- C:\Windows\System\fMbzYAs.exe
  C:\Windows\System\fMbzYAs.exe
  2⤵
  PID:8820
- C:\Windows\System\TbLcQZc.exe
  C:\Windows\System\TbLcQZc.exe
  2⤵
  PID:8848
- C:\Windows\System\TmCDXcF.exe
  C:\Windows\System\TmCDXcF.exe
  2⤵
  PID:8872
- C:\Windows\System\ztzZccm.exe
  C:\Windows\System\ztzZccm.exe
  2⤵
  PID:8896
- C:\Windows\System\OpTVQNI.exe
  C:\Windows\System\OpTVQNI.exe
  2⤵
  PID:8924
- C:\Windows\System\YsFujjM.exe
  C:\Windows\System\YsFujjM.exe
  2⤵
  PID:8960
- C:\Windows\System\DBiLEQu.exe
  C:\Windows\System\DBiLEQu.exe
  2⤵
  PID:8988
- C:\Windows\System\cAbgTrn.exe
  C:\Windows\System\cAbgTrn.exe
  2⤵
  PID:9016
- C:\Windows\System\ExfrslD.exe
  C:\Windows\System\ExfrslD.exe
  2⤵
  PID:9044
- C:\Windows\System\tLaiMxV.exe
  C:\Windows\System\tLaiMxV.exe
  2⤵
  PID:9072
- C:\Windows\System\koLWlcI.exe
  C:\Windows\System\koLWlcI.exe
  2⤵
  PID:9108
- C:\Windows\System\kGQvJyS.exe
  C:\Windows\System\kGQvJyS.exe
  2⤵
  PID:9136
- C:\Windows\System\yYJAMRE.exe
  C:\Windows\System\yYJAMRE.exe
  2⤵
  PID:9172
- C:\Windows\System\royZzlr.exe
  C:\Windows\System\royZzlr.exe
  2⤵
  PID:9188
- C:\Windows\System\CUFUsdP.exe
  C:\Windows\System\CUFUsdP.exe
  2⤵
  PID:7548
- C:\Windows\System\sRCLwOd.exe
  C:\Windows\System\sRCLwOd.exe
  2⤵
  PID:8268
- C:\Windows\System\QoSbjqa.exe
  C:\Windows\System\QoSbjqa.exe
  2⤵
  PID:8352
- C:\Windows\System\sUzgbNB.exe
  C:\Windows\System\sUzgbNB.exe
  2⤵
  PID:8424
- C:\Windows\System\dVSxOud.exe
  C:\Windows\System\dVSxOud.exe
  2⤵
  PID:8516
- C:\Windows\System\dAZzHYd.exe
  C:\Windows\System\dAZzHYd.exe
  2⤵
  PID:8552
- C:\Windows\System\pcoWiAz.exe
  C:\Windows\System\pcoWiAz.exe
  2⤵
  PID:8604
- C:\Windows\System\gPQuvVc.exe
  C:\Windows\System\gPQuvVc.exe
  2⤵
  PID:8676
- C:\Windows\System\YHbtAiE.exe
  C:\Windows\System\YHbtAiE.exe
  2⤵
  PID:8748
- C:\Windows\System\wDQsAYh.exe
  C:\Windows\System\wDQsAYh.exe
  2⤵
  PID:8812
- C:\Windows\System\OvCulXG.exe
  C:\Windows\System\OvCulXG.exe
  2⤵
  PID:8904
- C:\Windows\System\WNcJRPi.exe
  C:\Windows\System\WNcJRPi.exe
  2⤵
  PID:8956
- C:\Windows\System\RjeZXOn.exe
  C:\Windows\System\RjeZXOn.exe
  2⤵
  PID:9036
- C:\Windows\System\gkMRVoU.exe
  C:\Windows\System\gkMRVoU.exe
  2⤵
  PID:9120
- C:\Windows\System\MYqbPzz.exe
  C:\Windows\System\MYqbPzz.exe
  2⤵
  PID:9184
- C:\Windows\System\WfffeRs.exe
  C:\Windows\System\WfffeRs.exe
  2⤵
  PID:8208
- C:\Windows\System\yLjMShl.exe
  C:\Windows\System\yLjMShl.exe
  2⤵
  PID:8380
- C:\Windows\System\OVpgkWb.exe
  C:\Windows\System\OVpgkWb.exe
  2⤵
  PID:8576
- C:\Windows\System\GoswABR.exe
  C:\Windows\System\GoswABR.exe
  2⤵
  PID:8788
- C:\Windows\System\oCVuZZF.exe
  C:\Windows\System\oCVuZZF.exe
  2⤵
  PID:8944
- C:\Windows\System\GSjTOuT.exe
  C:\Windows\System\GSjTOuT.exe
  2⤵
  PID:9168
- C:\Windows\System\lLtAWcO.exe
  C:\Windows\System\lLtAWcO.exe
  2⤵
  PID:8332
- C:\Windows\System\kkPfyHG.exe
  C:\Windows\System\kkPfyHG.exe
  2⤵
  PID:8844
- C:\Windows\System\gAvPyme.exe
  C:\Windows\System\gAvPyme.exe
  2⤵
  PID:8644
- C:\Windows\System\EDZrkGu.exe
  C:\Windows\System\EDZrkGu.exe
  2⤵
  PID:9208
- C:\Windows\System\fLTuvXL.exe
  C:\Windows\System\fLTuvXL.exe
  2⤵
  PID:9240
- C:\Windows\System\KhDqAeH.exe
  C:\Windows\System\KhDqAeH.exe
  2⤵
  PID:9268
- C:\Windows\System\kNClMml.exe
  C:\Windows\System\kNClMml.exe
  2⤵
  PID:9296
- C:\Windows\System\bSnattN.exe
  C:\Windows\System\bSnattN.exe
  2⤵
  PID:9324
- C:\Windows\System\FLMJLfn.exe
  C:\Windows\System\FLMJLfn.exe
  2⤵
  PID:9352
- C:\Windows\System\PGtjxvX.exe
  C:\Windows\System\PGtjxvX.exe
  2⤵
  PID:9380
- C:\Windows\System\OckcCjT.exe
  C:\Windows\System\OckcCjT.exe
  2⤵
  PID:9408
- C:\Windows\System\KLPuURj.exe
  C:\Windows\System\KLPuURj.exe
  2⤵
  PID:9436
- C:\Windows\System\KVZsijh.exe
  C:\Windows\System\KVZsijh.exe
  2⤵
  PID:9464
- C:\Windows\System\eXVVdBP.exe
  C:\Windows\System\eXVVdBP.exe
  2⤵
  PID:9492
- C:\Windows\System\MUiIABg.exe
  C:\Windows\System\MUiIABg.exe
  2⤵
  PID:9520
- C:\Windows\System\fyvtDyi.exe
  C:\Windows\System\fyvtDyi.exe
  2⤵
  PID:9548
- C:\Windows\System\GDvDMUu.exe
  C:\Windows\System\GDvDMUu.exe
  2⤵
  PID:9576
- C:\Windows\System\IoxIpxo.exe
  C:\Windows\System\IoxIpxo.exe
  2⤵
  PID:9592
- C:\Windows\System\ADdRGun.exe
  C:\Windows\System\ADdRGun.exe
  2⤵
  PID:9620
- C:\Windows\System\BFrZEeS.exe
  C:\Windows\System\BFrZEeS.exe
  2⤵
  PID:9660
- C:\Windows\System\mjCmnpG.exe
  C:\Windows\System\mjCmnpG.exe
  2⤵
  PID:9704
- C:\Windows\System\optfhsy.exe
  C:\Windows\System\optfhsy.exe
  2⤵
  PID:9732
- C:\Windows\System\DUWsCiW.exe
  C:\Windows\System\DUWsCiW.exe
  2⤵
  PID:9760
- C:\Windows\System\nBtXaOY.exe
  C:\Windows\System\nBtXaOY.exe
  2⤵
  PID:9792
- C:\Windows\System\SJVuGbo.exe
  C:\Windows\System\SJVuGbo.exe
  2⤵
  PID:9824
- C:\Windows\System\WjoVgJt.exe
  C:\Windows\System\WjoVgJt.exe
  2⤵
  PID:9848
- C:\Windows\System\YdrCUTQ.exe
  C:\Windows\System\YdrCUTQ.exe
  2⤵
  PID:9884
- C:\Windows\System\thRiwjB.exe
  C:\Windows\System\thRiwjB.exe
  2⤵
  PID:9924
- C:\Windows\System\KUmCrkJ.exe
  C:\Windows\System\KUmCrkJ.exe
  2⤵
  PID:9956
- C:\Windows\System\mlcAzck.exe
  C:\Windows\System\mlcAzck.exe
  2⤵
  PID:9984
- C:\Windows\System\DFfbHvB.exe
  C:\Windows\System\DFfbHvB.exe
  2⤵
  PID:10040
- C:\Windows\System\PmTvqOk.exe
  C:\Windows\System\PmTvqOk.exe
  2⤵
  PID:10072
- C:\Windows\System\fAmTPEO.exe
  C:\Windows\System\fAmTPEO.exe
  2⤵
  PID:10100
- C:\Windows\System\HzipcJe.exe
  C:\Windows\System\HzipcJe.exe
  2⤵
  PID:10140
- C:\Windows\System\DQHsDpo.exe
  C:\Windows\System\DQHsDpo.exe
  2⤵
  PID:10196
- C:\Windows\System\ROfcYxX.exe
  C:\Windows\System\ROfcYxX.exe
  2⤵
  PID:10236
- C:\Windows\System\ZWJuayB.exe
  C:\Windows\System\ZWJuayB.exe
  2⤵
  PID:9284
- C:\Windows\System\QydkPvu.exe
  C:\Windows\System\QydkPvu.exe
  2⤵
  PID:9372
- C:\Windows\System\ZnFBAfT.exe
  C:\Windows\System\ZnFBAfT.exe
  2⤵
  PID:9452
- C:\Windows\System\RYdLnfB.exe
  C:\Windows\System\RYdLnfB.exe
  2⤵
  PID:9512
- C:\Windows\System\UlnbNgP.exe
  C:\Windows\System\UlnbNgP.exe
  2⤵
  PID:9560
- C:\Windows\System\FacPdkv.exe
  C:\Windows\System\FacPdkv.exe
  2⤵
  PID:9648
- C:\Windows\System\ibxrqUl.exe
  C:\Windows\System\ibxrqUl.exe
  2⤵
  PID:9700
- C:\Windows\System\pCuqsmu.exe
  C:\Windows\System\pCuqsmu.exe
  2⤵
  PID:9780
- C:\Windows\System\RnUcHHC.exe
  C:\Windows\System\RnUcHHC.exe
  2⤵
  PID:9840
- C:\Windows\System\TWhJJnI.exe
  C:\Windows\System\TWhJJnI.exe
  2⤵
  PID:9876
- C:\Windows\System\VbrgPAc.exe
  C:\Windows\System\VbrgPAc.exe
  2⤵
  PID:9996
- C:\Windows\System\RJrryQj.exe
  C:\Windows\System\RJrryQj.exe
  2⤵
  PID:10084
- C:\Windows\System\xnbSOVf.exe
  C:\Windows\System\xnbSOVf.exe
  2⤵
  PID:10232
- C:\Windows\System\uKxexAa.exe
  C:\Windows\System\uKxexAa.exe
  2⤵
  PID:9428
- C:\Windows\System\FllXApH.exe
  C:\Windows\System\FllXApH.exe
  2⤵
  PID:9608
- C:\Windows\System\dthtWxh.exe
  C:\Windows\System\dthtWxh.exe
  2⤵
  PID:9772
- C:\Windows\System\WfgYmlt.exe
  C:\Windows\System\WfgYmlt.exe
  2⤵
  PID:9948
- C:\Windows\System\EzlHJMA.exe
  C:\Windows\System\EzlHJMA.exe
  2⤵
  PID:10036
- C:\Windows\System\LIGUgJR.exe
  C:\Windows\System\LIGUgJR.exe
  2⤵
  PID:9616
- C:\Windows\System\iLePfbV.exe
  C:\Windows\System\iLePfbV.exe
  2⤵
  PID:9812
- C:\Windows\System\rMQLCQQ.exe
  C:\Windows\System\rMQLCQQ.exe
  2⤵
  PID:9940
- C:\Windows\System\CoiVmIS.exe
  C:\Windows\System\CoiVmIS.exe
  2⤵
  PID:10268
- C:\Windows\System\uoRQxGs.exe
  C:\Windows\System\uoRQxGs.exe
  2⤵
  PID:10292
- C:\Windows\System\QnCwtUz.exe
  C:\Windows\System\QnCwtUz.exe
  2⤵
  PID:10316
- C:\Windows\System\pigFDya.exe
  C:\Windows\System\pigFDya.exe
  2⤵
  PID:10368
- C:\Windows\System\nEPyeRd.exe
  C:\Windows\System\nEPyeRd.exe
  2⤵
  PID:10396
- C:\Windows\System\wSteuWg.exe
  C:\Windows\System\wSteuWg.exe
  2⤵
  PID:10420
- C:\Windows\System\uMLrOyL.exe
  C:\Windows\System\uMLrOyL.exe
  2⤵
  PID:10448
- C:\Windows\System\NoRaLLH.exe
  C:\Windows\System\NoRaLLH.exe
  2⤵
  PID:10480
- C:\Windows\System\QygiOBM.exe
  C:\Windows\System\QygiOBM.exe
  2⤵
  PID:10508
- C:\Windows\System\RbDxtbJ.exe
  C:\Windows\System\RbDxtbJ.exe
  2⤵
  PID:10524
- C:\Windows\System\EsivwML.exe
  C:\Windows\System\EsivwML.exe
  2⤵
  PID:10576
- C:\Windows\System\AyMnPdH.exe
  C:\Windows\System\AyMnPdH.exe
  2⤵
  PID:10596
- C:\Windows\System\VnRfnSf.exe
  C:\Windows\System\VnRfnSf.exe
  2⤵
  PID:10620
- C:\Windows\System\jlUukNj.exe
  C:\Windows\System\jlUukNj.exe
  2⤵
  PID:10660
- C:\Windows\System\WFzlixR.exe
  C:\Windows\System\WFzlixR.exe
  2⤵
  PID:10688
- C:\Windows\System\NeGfTKF.exe
  C:\Windows\System\NeGfTKF.exe
  2⤵
  PID:10704
- C:\Windows\System\LGVeARV.exe
  C:\Windows\System\LGVeARV.exe
  2⤵
  PID:10744
- C:\Windows\System\tMLxqsH.exe
  C:\Windows\System\tMLxqsH.exe
  2⤵
  PID:10768
- C:\Windows\System\GriwiVv.exe
  C:\Windows\System\GriwiVv.exe
  2⤵
  PID:10800
- C:\Windows\System\lOKDXQR.exe
  C:\Windows\System\lOKDXQR.exe
  2⤵
  PID:10836
- C:\Windows\System\bpehiaU.exe
  C:\Windows\System\bpehiaU.exe
  2⤵
  PID:10864
- C:\Windows\System\CdilVXh.exe
  C:\Windows\System\CdilVXh.exe
  2⤵
  PID:10892
- C:\Windows\System\yHxiwaJ.exe
  C:\Windows\System\yHxiwaJ.exe
  2⤵
  PID:10920
- C:\Windows\System\jgHbxAe.exe
  C:\Windows\System\jgHbxAe.exe
  2⤵
  PID:10948
- C:\Windows\System\IhVHQbX.exe
  C:\Windows\System\IhVHQbX.exe
  2⤵
  PID:10964
- C:\Windows\System\TEtgNrs.exe
  C:\Windows\System\TEtgNrs.exe
  2⤵
  PID:11004
- C:\Windows\System\UjFslaT.exe
  C:\Windows\System\UjFslaT.exe
  2⤵
  PID:11032
- C:\Windows\System\XAKeugG.exe
  C:\Windows\System\XAKeugG.exe
  2⤵
  PID:11048
- C:\Windows\System\afYIVkq.exe
  C:\Windows\System\afYIVkq.exe
  2⤵
  PID:11076
- C:\Windows\System\ujbawJx.exe
  C:\Windows\System\ujbawJx.exe
  2⤵
  PID:11116
- C:\Windows\System\GsbLdLk.exe
  C:\Windows\System\GsbLdLk.exe
  2⤵
  PID:11144
- C:\Windows\System\kFscDkN.exe
  C:\Windows\System\kFscDkN.exe
  2⤵
  PID:11160
- C:\Windows\System\lJZXVOn.exe
  C:\Windows\System\lJZXVOn.exe
  2⤵
  PID:11200
- C:\Windows\System\gnsjwmh.exe
  C:\Windows\System\gnsjwmh.exe
  2⤵
  PID:11228
- C:\Windows\System\HIGjgua.exe
  C:\Windows\System\HIGjgua.exe
  2⤵
  PID:11260
- C:\Windows\System\uDDtIQn.exe
  C:\Windows\System\uDDtIQn.exe
  2⤵
  PID:10188
- C:\Windows\System\ldNAYsf.exe
  C:\Windows\System\ldNAYsf.exe
  2⤵
  PID:10332
- C:\Windows\System\YpozaMq.exe
  C:\Windows\System\YpozaMq.exe
  2⤵
  PID:10384
- C:\Windows\System\bAUbKVE.exe
  C:\Windows\System\bAUbKVE.exe
  2⤵
  PID:10468
- C:\Windows\System\vLXOOWW.exe
  C:\Windows\System\vLXOOWW.exe
  2⤵
  PID:10516
- C:\Windows\System\amKLIZY.exe
  C:\Windows\System\amKLIZY.exe
  2⤵
  PID:10612
- C:\Windows\System\uussECu.exe
  C:\Windows\System\uussECu.exe
  2⤵
  PID:10676
- C:\Windows\System\YzzToNR.exe
  C:\Windows\System\YzzToNR.exe
  2⤵
  PID:10728
- C:\Windows\System\CzervNx.exe
  C:\Windows\System\CzervNx.exe
  2⤵
  PID:10832
- C:\Windows\System\aFPUHpM.exe
  C:\Windows\System\aFPUHpM.exe
  2⤵
  PID:10856
- C:\Windows\System\bUblHvt.exe
  C:\Windows\System\bUblHvt.exe
  2⤵
  PID:10932
- C:\Windows\System\RqPryoF.exe
  C:\Windows\System\RqPryoF.exe
  2⤵
  PID:11000
- C:\Windows\System\nggJkJJ.exe
  C:\Windows\System\nggJkJJ.exe
  2⤵
  PID:11060
- C:\Windows\System\FVNfqin.exe
  C:\Windows\System\FVNfqin.exe
  2⤵
  PID:11132
- C:\Windows\System\VYsDLDO.exe
  C:\Windows\System\VYsDLDO.exe
  2⤵
  PID:11212
- C:\Windows\System\RZiNoZA.exe
  C:\Windows\System\RZiNoZA.exe
  2⤵
  PID:10032
- C:\Windows\System\mfTmTUN.exe
  C:\Windows\System\mfTmTUN.exe
  2⤵
  PID:10428
- C:\Windows\System\tbkTgxH.exe
  C:\Windows\System\tbkTgxH.exe
  2⤵
  PID:10540
- C:\Windows\System\PWcuKuL.exe
  C:\Windows\System\PWcuKuL.exe
  2⤵
  PID:10616
- C:\Windows\System\kzpojmY.exe
  C:\Windows\System\kzpojmY.exe
  2⤵
  PID:10796
- C:\Windows\System\vOjqQYB.exe
  C:\Windows\System\vOjqQYB.exe
  2⤵
  PID:11028
- C:\Windows\System\FHbYczs.exe
  C:\Windows\System\FHbYczs.exe
  2⤵
  PID:11040
- C:\Windows\System\yWHnVuM.exe
  C:\Windows\System\yWHnVuM.exe
  2⤵
  PID:11244
- C:\Windows\System\qbCqWuJ.exe
  C:\Windows\System\qbCqWuJ.exe
  2⤵
  PID:10680
- C:\Windows\System\rdhUWHf.exe
  C:\Windows\System\rdhUWHf.exe
  2⤵
  PID:10356
- C:\Windows\System\FakEynB.exe
  C:\Windows\System\FakEynB.exe
  2⤵
  PID:11108
- C:\Windows\System\VUmMidU.exe
  C:\Windows\System\VUmMidU.exe
  2⤵
  PID:10752
- C:\Windows\System\GyCmZxF.exe
  C:\Windows\System\GyCmZxF.exe
  2⤵
  PID:11288
- C:\Windows\System\EMOjBKR.exe
  C:\Windows\System\EMOjBKR.exe
  2⤵
  PID:11304
- C:\Windows\System\FAFUQtW.exe
  C:\Windows\System\FAFUQtW.exe
  2⤵
  PID:11332
- C:\Windows\System\FHufZsD.exe
  C:\Windows\System\FHufZsD.exe
  2⤵
  PID:11372
- C:\Windows\System\zsYraWu.exe
  C:\Windows\System\zsYraWu.exe
  2⤵
  PID:11400
- C:\Windows\System\TsPOjXn.exe
  C:\Windows\System\TsPOjXn.exe
  2⤵
  PID:11428
- C:\Windows\System\zXuYVOn.exe
  C:\Windows\System\zXuYVOn.exe
  2⤵
  PID:11444
- C:\Windows\System\OIQTnPf.exe
  C:\Windows\System\OIQTnPf.exe
  2⤵
  PID:11484
- C:\Windows\System\azsLWLZ.exe
  C:\Windows\System\azsLWLZ.exe
  2⤵
  PID:11512
- C:\Windows\System\mujKXtl.exe
  C:\Windows\System\mujKXtl.exe
  2⤵
  PID:11528
- C:\Windows\System\ZxrOhCq.exe
  C:\Windows\System\ZxrOhCq.exe
  2⤵
  PID:11568
- C:\Windows\System\VgmoFRq.exe
  C:\Windows\System\VgmoFRq.exe
  2⤵
  PID:11596
- C:\Windows\System\OGYZjZV.exe
  C:\Windows\System\OGYZjZV.exe
  2⤵
  PID:11616
- C:\Windows\System\HsqIxfY.exe
  C:\Windows\System\HsqIxfY.exe
  2⤵
  PID:11640
- C:\Windows\System\HsDvIGF.exe
  C:\Windows\System\HsDvIGF.exe
  2⤵
  PID:11680
- C:\Windows\System\EihdOnR.exe
  C:\Windows\System\EihdOnR.exe
  2⤵
  PID:11696
- C:\Windows\System\XGbbUCY.exe
  C:\Windows\System\XGbbUCY.exe
  2⤵
  PID:11736
- C:\Windows\System\hyGEZgf.exe
  C:\Windows\System\hyGEZgf.exe
  2⤵
  PID:11752
- C:\Windows\System\TnDvSWi.exe
  C:\Windows\System\TnDvSWi.exe
  2⤵
  PID:11772
- C:\Windows\System\vTJGTSs.exe
  C:\Windows\System\vTJGTSs.exe
  2⤵
  PID:11800
- C:\Windows\System\KYTwrjE.exe
  C:\Windows\System\KYTwrjE.exe
  2⤵
  PID:11852
- C:\Windows\System\HKnqqKW.exe
  C:\Windows\System\HKnqqKW.exe
  2⤵
  PID:11868
- C:\Windows\System\KULtbYO.exe
  C:\Windows\System\KULtbYO.exe
  2⤵
  PID:11920
- C:\Windows\System\UjIvFAu.exe
  C:\Windows\System\UjIvFAu.exe
  2⤵
  PID:11952
- C:\Windows\System\FTrfpDW.exe
  C:\Windows\System\FTrfpDW.exe
  2⤵
  PID:12004
- C:\Windows\System\yuQYpqK.exe
  C:\Windows\System\yuQYpqK.exe
  2⤵
  PID:12032
- C:\Windows\System\aojcWPe.exe
  C:\Windows\System\aojcWPe.exe
  2⤵
  PID:12060
- C:\Windows\System\ZQAeNQE.exe
  C:\Windows\System\ZQAeNQE.exe
  2⤵
  PID:12092
- C:\Windows\System\TmUApZU.exe
  C:\Windows\System\TmUApZU.exe
  2⤵
  PID:12120
- C:\Windows\System\cAjqrUh.exe
  C:\Windows\System\cAjqrUh.exe
  2⤵
  PID:12148
- C:\Windows\System\mkEFbZA.exe
  C:\Windows\System\mkEFbZA.exe
  2⤵
  PID:12176
- C:\Windows\System\jXftxzY.exe
  C:\Windows\System\jXftxzY.exe
  2⤵
  PID:12216
- C:\Windows\System\vutzVRT.exe
  C:\Windows\System\vutzVRT.exe
  2⤵
  PID:12232
- C:\Windows\System\LyteyLB.exe
  C:\Windows\System\LyteyLB.exe
  2⤵
  PID:12272
- C:\Windows\System\cQhcghl.exe
  C:\Windows\System\cQhcghl.exe
  2⤵
  PID:11276
- C:\Windows\System\zAaKgyR.exe
  C:\Windows\System\zAaKgyR.exe
  2⤵
  PID:11352
- C:\Windows\System\LcECXnL.exe
  C:\Windows\System\LcECXnL.exe
  2⤵
  PID:11416
- C:\Windows\System\StwwjBf.exe
  C:\Windows\System\StwwjBf.exe
  2⤵
  PID:11476
- C:\Windows\System\GrWXOJM.exe
  C:\Windows\System\GrWXOJM.exe
  2⤵
  PID:11540
- C:\Windows\System\mJAZYTb.exe
  C:\Windows\System\mJAZYTb.exe
  2⤵
  PID:11628
- C:\Windows\System\SxxfLYz.exe
  C:\Windows\System\SxxfLYz.exe
  2⤵
  PID:11632
- C:\Windows\System\VrWGjbu.exe
  C:\Windows\System\VrWGjbu.exe
  2⤵
  PID:11732
- C:\Windows\System\JBsWTvO.exe
  C:\Windows\System\JBsWTvO.exe
  2⤵
  PID:11788
- C:\Windows\System\zKelPNK.exe
  C:\Windows\System\zKelPNK.exe
  2⤵
  PID:11884
- C:\Windows\System\EJhonjS.exe
  C:\Windows\System\EJhonjS.exe
  2⤵
  PID:11900
- C:\Windows\System\dCYDtaz.exe
  C:\Windows\System\dCYDtaz.exe
  2⤵
  PID:12020
- C:\Windows\System\jPlcgMb.exe
  C:\Windows\System\jPlcgMb.exe
  2⤵
  PID:12084
- C:\Windows\System\qJnjlLX.exe
  C:\Windows\System\qJnjlLX.exe
  2⤵
  PID:12160
- C:\Windows\System\ACVPDxC.exe
  C:\Windows\System\ACVPDxC.exe
  2⤵
  PID:12208
- C:\Windows\System\GwwUWEL.exe
  C:\Windows\System\GwwUWEL.exe
  2⤵
  PID:12264
- C:\Windows\System\ewAYFyL.exe
  C:\Windows\System\ewAYFyL.exe
  2⤵
  PID:11320
- C:\Windows\System\jNrIxEN.exe
  C:\Windows\System\jNrIxEN.exe
  2⤵
  PID:11524
- C:\Windows\System\qtEljXn.exe
  C:\Windows\System\qtEljXn.exe
  2⤵
  PID:11604
- C:\Windows\System\lGGyoOq.exe
  C:\Windows\System\lGGyoOq.exe
  2⤵
  PID:11864
- C:\Windows\System\uijYczt.exe
  C:\Windows\System\uijYczt.exe
  2⤵
  PID:12016
- C:\Windows\System\GublbmK.exe
  C:\Windows\System\GublbmK.exe
  2⤵
  PID:12192
- C:\Windows\System\WMzEqqe.exe
  C:\Windows\System\WMzEqqe.exe
  2⤵
  PID:11436
- C:\Windows\System\CnCAKqT.exe
  C:\Windows\System\CnCAKqT.exe
  2⤵
  PID:12308
- C:\Windows\System\piAwJFs.exe
  C:\Windows\System\piAwJFs.exe
  2⤵
  PID:12360
- C:\Windows\System\ZRxUgsO.exe
  C:\Windows\System\ZRxUgsO.exe
  2⤵
  PID:12396
- C:\Windows\System\UHQxBCS.exe
  C:\Windows\System\UHQxBCS.exe
  2⤵
  PID:12424
- C:\Windows\System\DCJnXdr.exe
  C:\Windows\System\DCJnXdr.exe
  2⤵
  PID:12456
- C:\Windows\System\xQzNtGw.exe
  C:\Windows\System\xQzNtGw.exe
  2⤵
  PID:12492
- C:\Windows\System\IQluzXv.exe
  C:\Windows\System\IQluzXv.exe
  2⤵
  PID:12560
- C:\Windows\System\BcqoYjT.exe
  C:\Windows\System\BcqoYjT.exe
  2⤵
  PID:12584
- C:\Windows\System\dNadEnO.exe
  C:\Windows\System\dNadEnO.exe
  2⤵
  PID:12616
- C:\Windows\System\iuRZhHm.exe
  C:\Windows\System\iuRZhHm.exe
  2⤵
  PID:12644
- C:\Windows\System\AFsXuWH.exe
  C:\Windows\System\AFsXuWH.exe
  2⤵
  PID:12672
- C:\Windows\System\DmbnzrR.exe
  C:\Windows\System\DmbnzrR.exe
  2⤵
  PID:12688
- C:\Windows\System\MWWjNov.exe
  C:\Windows\System\MWWjNov.exe
  2⤵
  PID:12728
- C:\Windows\System\mpNplHX.exe
  C:\Windows\System\mpNplHX.exe
  2⤵
  PID:12748
- C:\Windows\System\seVdOie.exe
  C:\Windows\System\seVdOie.exe
  2⤵
  PID:12772
- C:\Windows\System\Valjgsh.exe
  C:\Windows\System\Valjgsh.exe
  2⤵
  PID:12788
- C:\Windows\System\IgHjKiw.exe
  C:\Windows\System\IgHjKiw.exe
  2⤵
  PID:12816
- C:\Windows\System\DBBYAtE.exe
  C:\Windows\System\DBBYAtE.exe
  2⤵
  PID:12860
- C:\Windows\System\YgSmqMa.exe
  C:\Windows\System\YgSmqMa.exe
  2⤵
  PID:12892
- C:\Windows\System\EJlQylW.exe
  C:\Windows\System\EJlQylW.exe
  2⤵
  PID:12920
- C:\Windows\System\eJIsvKr.exe
  C:\Windows\System\eJIsvKr.exe
  2⤵
  PID:12960
- C:\Windows\System\cnVGioO.exe
  C:\Windows\System\cnVGioO.exe
  2⤵
  PID:12996
- C:\Windows\System\VQACQnj.exe
  C:\Windows\System\VQACQnj.exe
  2⤵
  PID:13012
- C:\Windows\System\QaAJLrg.exe
  C:\Windows\System\QaAJLrg.exe
  2⤵
  PID:13040
- C:\Windows\System\TyxBLJd.exe
  C:\Windows\System\TyxBLJd.exe
  2⤵
  PID:13068
- C:\Windows\System\hUjuPBM.exe
  C:\Windows\System\hUjuPBM.exe
  2⤵
  PID:13108
- C:\Windows\System\UBwOOQM.exe
  C:\Windows\System\UBwOOQM.exe
  2⤵
  PID:13124
- C:\Windows\System\MSmpHEJ.exe
  C:\Windows\System\MSmpHEJ.exe
  2⤵
  PID:13140
- C:\Windows\System\EMQltZi.exe
  C:\Windows\System\EMQltZi.exe
  2⤵
  PID:13156
- C:\Windows\System\hDgsurP.exe
  C:\Windows\System\hDgsurP.exe
  2⤵
  PID:13184
- C:\Windows\System\Udlzkkn.exe
  C:\Windows\System\Udlzkkn.exe
  2⤵
  PID:13212
- C:\Windows\System\iRJQsxm.exe
  C:\Windows\System\iRJQsxm.exe
  2⤵
  PID:13244
- C:\Windows\System\ZpYTzbG.exe
  C:\Windows\System\ZpYTzbG.exe
  2⤵
  PID:13264
- C:\Windows\System\sSPHjGd.exe
  C:\Windows\System\sSPHjGd.exe
  2⤵
  PID:13284
- C:\Windows\System\CbYQCea.exe
  C:\Windows\System\CbYQCea.exe
  2⤵
  PID:11784
- C:\Windows\System\IySuMmg.exe
  C:\Windows\System\IySuMmg.exe
  2⤵
  PID:11016
- C:\Windows\System\gGkBkNy.exe
  C:\Windows\System\gGkBkNy.exe
  2⤵
  PID:12324
- C:\Windows\System\GjvVSSo.exe
  C:\Windows\System\GjvVSSo.exe
  2⤵
  PID:12344
- C:\Windows\System\cMsyWXT.exe
  C:\Windows\System\cMsyWXT.exe
  2⤵
  PID:12388
- C:\Windows\System\AHjrmLk.exe
  C:\Windows\System\AHjrmLk.exe
  2⤵
  PID:12544
- C:\Windows\System\fTsLQeu.exe
  C:\Windows\System\fTsLQeu.exe
  2⤵
  PID:12580
- C:\Windows\System\lEapvXr.exe
  C:\Windows\System\lEapvXr.exe
  2⤵
  PID:12636
- C:\Windows\System\hXQumjG.exe
  C:\Windows\System\hXQumjG.exe
  2⤵
  PID:12724
- C:\Windows\System\wERjpbo.exe
  C:\Windows\System\wERjpbo.exe
  2⤵
  PID:12464
- C:\Windows\System\NaVHnrm.exe
  C:\Windows\System\NaVHnrm.exe
  2⤵
  PID:12912
- C:\Windows\System\SgzGYnb.exe
  C:\Windows\System\SgzGYnb.exe
  2⤵
  PID:12988
- C:\Windows\System\BZuEFxc.exe
  C:\Windows\System\BZuEFxc.exe
  2⤵
  PID:13064
- C:\Windows\System\lJKHlMp.exe
  C:\Windows\System\lJKHlMp.exe
  2⤵
  PID:12852
- C:\Windows\System\sUjtwDW.exe
  C:\Windows\System\sUjtwDW.exe
  2⤵
  PID:13172
- C:\Windows\System\iplDQoI.exe
  C:\Windows\System\iplDQoI.exe
  2⤵
  PID:13232
- C:\Windows\System\kNoZeMd.exe
  C:\Windows\System\kNoZeMd.exe
  2⤵
  PID:13272
- C:\Windows\System\ZQtuZgY.exe
  C:\Windows\System\ZQtuZgY.exe
  2⤵
  PID:11388
- C:\Windows\System\AsyALjM.exe
  C:\Windows\System\AsyALjM.exe
  2⤵
  PID:12516
- C:\Windows\System\sgTHawF.exe
  C:\Windows\System\sgTHawF.exe
  2⤵
  PID:12680
- C:\Windows\System\CLxuzEe.exe
  C:\Windows\System\CLxuzEe.exe
  2⤵
  PID:12844
- C:\Windows\System\XGnTYCK.exe
  C:\Windows\System\XGnTYCK.exe
  2⤵
  PID:12968
- C:\Windows\System\WhJdPWJ.exe
  C:\Windows\System\WhJdPWJ.exe
  2⤵
  PID:13056
- C:\Windows\System\QwVIQBb.exe
  C:\Windows\System\QwVIQBb.exe
  2⤵
  PID:13296
- C:\Windows\System\wjCoLUm.exe
  C:\Windows\System\wjCoLUm.exe
  2⤵
  PID:12140
- C:\Windows\System\wRMTxEq.exe
  C:\Windows\System\wRMTxEq.exe
  2⤵
  PID:12872
- C:\Windows\System\MTdPCdF.exe
  C:\Windows\System\MTdPCdF.exe
  2⤵
  PID:12980
- C:\Windows\System\KYSxhmk.exe
  C:\Windows\System\KYSxhmk.exe
  2⤵
  PID:13152
- C:\Windows\System\uHhyEJp.exe
  C:\Windows\System\uHhyEJp.exe
  2⤵
  PID:12656
- C:\Windows\System\TLldJqz.exe
  C:\Windows\System\TLldJqz.exe
  2⤵
  PID:13324
- C:\Windows\System\PcaUiKZ.exe
  C:\Windows\System\PcaUiKZ.exe
  2⤵
  PID:13372
- C:\Windows\System\ytXZyyH.exe
  C:\Windows\System\ytXZyyH.exe
  2⤵
  PID:13400
- C:\Windows\System\EfTnsiU.exe
  C:\Windows\System\EfTnsiU.exe
  2⤵
  PID:13428
- C:\Windows\System\ATZSMtb.exe
  C:\Windows\System\ATZSMtb.exe
  2⤵
  PID:13456
- C:\Windows\System\OVezVAJ.exe
  C:\Windows\System\OVezVAJ.exe
  2⤵
  PID:13484
- C:\Windows\System\xcLFwqN.exe
  C:\Windows\System\xcLFwqN.exe
  2⤵
  PID:13512
- C:\Windows\System\YhhubpL.exe
  C:\Windows\System\YhhubpL.exe
  2⤵
  PID:13560
- C:\Windows\System\nwfJcGP.exe
  C:\Windows\System\nwfJcGP.exe
  2⤵
  PID:13596
- C:\Windows\System\YXEwefr.exe
  C:\Windows\System\YXEwefr.exe
  2⤵
  PID:13628
- C:\Windows\System\rcQUKdK.exe
  C:\Windows\System\rcQUKdK.exe
  2⤵
  PID:13680
- C:\Windows\System\WWnCoBG.exe
  C:\Windows\System\WWnCoBG.exe
  2⤵
  PID:13724
- C:\Windows\System\ZwpUziY.exe
  C:\Windows\System\ZwpUziY.exe
  2⤵
  PID:13752
- C:\Windows\System\ZSVnruQ.exe
  C:\Windows\System\ZSVnruQ.exe
  2⤵
  PID:13772
- C:\Windows\System\IugeHFJ.exe
  C:\Windows\System\IugeHFJ.exe
  2⤵
  PID:13816
- C:\Windows\System\wxwuVfp.exe
  C:\Windows\System\wxwuVfp.exe
  2⤵
  PID:13860
- C:\Windows\System\WPaKLbr.exe
  C:\Windows\System\WPaKLbr.exe
  2⤵
  PID:13892
- C:\Windows\System\UrJCIhq.exe
  C:\Windows\System\UrJCIhq.exe
  2⤵
  PID:13924
- C:\Windows\System\qpUYdry.exe
  C:\Windows\System\qpUYdry.exe
  2⤵
  PID:13960
- C:\Windows\System\CmOsErU.exe
  C:\Windows\System\CmOsErU.exe
  2⤵
  PID:13980
- C:\Windows\System\AYlVfTk.exe
  C:\Windows\System\AYlVfTk.exe
  2⤵
  PID:14020
- C:\Windows\System\ZEqlqZR.exe
  C:\Windows\System\ZEqlqZR.exe
  2⤵
  PID:14036
- C:\Windows\System\AJAWRGB.exe
  C:\Windows\System\AJAWRGB.exe
  2⤵
  PID:14060
- C:\Windows\System\bmRQxGa.exe
  C:\Windows\System\bmRQxGa.exe
  2⤵
  PID:14116
- C:\Windows\System\YtQavBr.exe
  C:\Windows\System\YtQavBr.exe
  2⤵
  PID:14160
- C:\Windows\System\yHhFIcL.exe
  C:\Windows\System\yHhFIcL.exe
  2⤵
  PID:14192
- C:\Windows\System\sDNurUS.exe
  C:\Windows\System\sDNurUS.exe
  2⤵
  PID:14224
- C:\Windows\System\RxgWdAO.exe
  C:\Windows\System\RxgWdAO.exe
  2⤵
  PID:14248
- C:\Windows\System\GBrAbMe.exe
  C:\Windows\System\GBrAbMe.exe
  2⤵
  PID:14284
- C:\Windows\System\EhxXCsR.exe
  C:\Windows\System\EhxXCsR.exe
  2⤵
  PID:14308
- C:\Windows\System\vodPaiR.exe
  C:\Windows\System\vodPaiR.exe
  2⤵
  PID:14328
- C:\Windows\System\VADVbOM.exe
  C:\Windows\System\VADVbOM.exe
  2⤵
  PID:13352
- C:\Windows\System\jeHcoPc.exe
  C:\Windows\System\jeHcoPc.exe
  2⤵
  PID:13384
- C:\Windows\System\ekpMhXn.exe
  C:\Windows\System\ekpMhXn.exe
  2⤵
  PID:13452
- C:\Windows\System\UihTbck.exe
  C:\Windows\System\UihTbck.exe
  2⤵
  PID:13532
- C:\Windows\System\ycMKhEe.exe
  C:\Windows\System\ycMKhEe.exe
  2⤵
  PID:13644
- C:\Windows\System\WiJpqSF.exe
  C:\Windows\System\WiJpqSF.exe
  2⤵
  PID:13736
- C:\Windows\System\rThwDvt.exe
  C:\Windows\System\rThwDvt.exe
  2⤵
  PID:13568
- C:\Windows\System\Jgyteha.exe
  C:\Windows\System\Jgyteha.exe
  2⤵
  PID:13084
- C:\Windows\System\btgBheX.exe
  C:\Windows\System\btgBheX.exe
  2⤵
  PID:13652
- C:\Windows\System\ImlmBKw.exe
  C:\Windows\System\ImlmBKw.exe
  2⤵
  PID:14008
- C:\Windows\System\sZVBuGH.exe
  C:\Windows\System\sZVBuGH.exe
  2⤵
  PID:14072
- C:\Windows\System\HUShBwt.exe
  C:\Windows\System\HUShBwt.exe
  2⤵
  PID:14180
- C:\Windows\System\CpHwFcy.exe
  C:\Windows\System\CpHwFcy.exe
  2⤵
  PID:14212
- C:\Windows\System\yczmblV.exe
  C:\Windows\System\yczmblV.exe
  2⤵
  PID:14276
- C:\Windows\System\XiCJIle.exe
  C:\Windows\System\XiCJIle.exe
  2⤵
  PID:12720
- C:\Windows\System\qkYBViN.exe
  C:\Windows\System\qkYBViN.exe
  2⤵
  PID:13412
- C:\Windows\System\pOaFRSt.exe
  C:\Windows\System\pOaFRSt.exe
  2⤵
  PID:13496
- C:\Windows\System\esrmRsM.exe
  C:\Windows\System\esrmRsM.exe
  2⤵
  PID:13812
- C:\Windows\System\gKGFzSq.exe
  C:\Windows\System\gKGFzSq.exe
  2⤵
  PID:13656
- C:\Windows\System\cCMeZzT.exe
  C:\Windows\System\cCMeZzT.exe
  2⤵
  PID:14100
- C:\Windows\System\gHecTTO.exe
  C:\Windows\System\gHecTTO.exe
  2⤵
  PID:14260
- C:\Windows\System\QQUWuHK.exe
  C:\Windows\System\QQUWuHK.exe
  2⤵
  PID:13440
- C:\Windows\System\pZsnTMm.exe
  C:\Windows\System\pZsnTMm.exe
  2⤵
  PID:13992
- C:\Windows\System\wbyixcZ.exe
  C:\Windows\System\wbyixcZ.exe
  2⤵
  PID:14264
- C:\Windows\System\flpTzZI.exe
  C:\Windows\System\flpTzZI.exe
  2⤵
  PID:14088
- C:\Windows\System\YsCqXFE.exe
  C:\Windows\System\YsCqXFE.exe
  2⤵
  PID:13388
- C:\Windows\System\bGRDQKn.exe
  C:\Windows\System\bGRDQKn.exe
  2⤵
  PID:14364
- C:\Windows\System\cswlJOn.exe
  C:\Windows\System\cswlJOn.exe
  2⤵
  PID:14404
- C:\Windows\System\oRhoTyR.exe
  C:\Windows\System\oRhoTyR.exe
  2⤵
  PID:14420
- C:\Windows\System\jFijKnq.exe
  C:\Windows\System\jFijKnq.exe
  2⤵
  PID:14444
- C:\Windows\System\mQQfWRS.exe
  C:\Windows\System\mQQfWRS.exe
  2⤵
  PID:14476
- C:\Windows\System\SEhmTSq.exe
  C:\Windows\System\SEhmTSq.exe
  2⤵
  PID:14508
- C:\Windows\System\wIFkIyU.exe
  C:\Windows\System\wIFkIyU.exe
  2⤵
  PID:14540
- C:\Windows\System\PxXNWWJ.exe
  C:\Windows\System\PxXNWWJ.exe
  2⤵
  PID:14556
- C:\Windows\System\AZhqdRr.exe
  C:\Windows\System\AZhqdRr.exe
  2⤵
  PID:14588
- C:\Windows\System\FlpkOFy.exe
  C:\Windows\System\FlpkOFy.exe
  2⤵
  PID:14620
- C:\Windows\System\tnZbdVr.exe
  C:\Windows\System\tnZbdVr.exe
  2⤵
  PID:14652
- C:\Windows\System\grAkuaI.exe
  C:\Windows\System\grAkuaI.exe
  2⤵
  PID:14692
- C:\Windows\System\RwflhIl.exe
  C:\Windows\System\RwflhIl.exe
  2⤵
  PID:14720
- C:\Windows\System\PfGBlqV.exe
  C:\Windows\System\PfGBlqV.exe
  2⤵
  PID:14748
- C:\Windows\System\RTUYaRC.exe
  C:\Windows\System\RTUYaRC.exe
  2⤵
  PID:14772
- C:\Windows\System\ZiDuxJW.exe
  C:\Windows\System\ZiDuxJW.exe
  2⤵
  PID:14796
- C:\Windows\System\DSIZzVo.exe
  C:\Windows\System\DSIZzVo.exe
  2⤵
  PID:14820
- C:\Windows\System\qaAoZtG.exe
  C:\Windows\System\qaAoZtG.exe
  2⤵
  PID:14860
- C:\Windows\System\rFVprsa.exe
  C:\Windows\System\rFVprsa.exe
  2⤵
  PID:14888
- C:\Windows\System\jHlbuoD.exe
  C:\Windows\System\jHlbuoD.exe
  2⤵
  PID:14916
- C:\Windows\System\Elwfndc.exe
  C:\Windows\System\Elwfndc.exe
  2⤵
  PID:14944
- C:\Windows\System\NxjvhsN.exe
  C:\Windows\System\NxjvhsN.exe
  2⤵
  PID:14972
- C:\Windows\System\cAtUDbg.exe
  C:\Windows\System\cAtUDbg.exe
  2⤵
  PID:15000
- C:\Windows\System\nrLlLBL.exe
  C:\Windows\System\nrLlLBL.exe
  2⤵
  PID:15028
- C:\Windows\System\sPRnRqU.exe
  C:\Windows\System\sPRnRqU.exe
  2⤵
  PID:15044
- C:\Windows\System\bKqxmQZ.exe
  C:\Windows\System\bKqxmQZ.exe
  2⤵
  PID:15072
- C:\Windows\System\gUeJLXf.exe
  C:\Windows\System\gUeJLXf.exe
  2⤵
  PID:15108
- C:\Windows\System\RMCIgoK.exe
  C:\Windows\System\RMCIgoK.exe
  2⤵
  PID:15140
- C:\Windows\System\GeXYbhh.exe
  C:\Windows\System\GeXYbhh.exe
  2⤵
  PID:15156
- C:\Windows\System\HymsFkd.exe
  C:\Windows\System\HymsFkd.exe
  2⤵
  PID:15184
- C:\Windows\System\jpcwtcQ.exe
  C:\Windows\System\jpcwtcQ.exe
  2⤵
  PID:15212
- C:\Windows\System\XmEbAMg.exe
  C:\Windows\System\XmEbAMg.exe
  2⤵
  PID:15228
- C:\Windows\System\OxAOUCB.exe
  C:\Windows\System\OxAOUCB.exe
  2⤵
  PID:15268
- C:\Windows\System\YpdkuAg.exe
  C:\Windows\System\YpdkuAg.exe
  2⤵
  PID:15292
- C:\Windows\System\MIveGPT.exe
  C:\Windows\System\MIveGPT.exe
  2⤵
  PID:15312
- C:\Windows\System\qgqxKbQ.exe
  C:\Windows\System\qgqxKbQ.exe
  2⤵
  PID:13936
- C:\Windows\System\MQeJoYR.exe
  C:\Windows\System\MQeJoYR.exe
  2⤵
  PID:14388
- C:\Windows\System\fIOqyKa.exe
  C:\Windows\System\fIOqyKa.exe
  2⤵
  PID:14464
- C:\Windows\System\LgQAAqF.exe
  C:\Windows\System\LgQAAqF.exe
  2⤵
  PID:14500
- C:\Windows\System\KVJjeSc.exe
  C:\Windows\System\KVJjeSc.exe
  2⤵
  PID:14548
- C:\Windows\System\kExaOZL.exe
  C:\Windows\System\kExaOZL.exe
  2⤵
  PID:14664
- C:\Windows\System\dOuleUI.exe
  C:\Windows\System\dOuleUI.exe
  2⤵
  PID:14736

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BMOnKRH.exe

Filesize
2.1MB

MD5
52878c1f1aff4b796f4899313d302c20

SHA1
51e5ccb59f5778b75059fe63b5b1a14653e25f8f

SHA256
4b30819d33a5ca34e08c3507aa06e989cfd4a2e4306d6157ea2ec0b558c9ab72

SHA512
8facf4bbff772fcd314154ea8de58fe75503242b14e97e40580d68da6be542ba75956e3cd467bdae6f4503f7590c4fb5e424e1be869e80713a5332d2cce7b889

Download Submit
C:\Windows\System\BTsEEYa.exe

Filesize
2.1MB

MD5
f01fcac6215bc6e937272dd2e3aac884

SHA1
9cae9471236cc1a38a8202604782e06f384e641b

SHA256
e04520ce7db9045c642825d8a4357f0007699e6f82da7f8f4ed5ec75029acfe8

SHA512
d864979a6ce196f21f0a5dd0e6ba5a76b1eaa841dbabb918ae94cad51ca8afb3c50b40ed59be285391cf9a7da8c3a6ab0089efb5e5e6dd756b777ce3081b6155

Download Submit
C:\Windows\System\CKbQyxx.exe

Filesize
2.1MB

MD5
31707e4f1a863fd09d8edf4f469b89a6

SHA1
84deb60f73f0f66a6287d64df3d048d27577dbc1

SHA256
01bdca80785d4d2ca9d5a28218cb309e5797fe59eb7cae359400b2a98e79b547

SHA512
60e8b2e91e4c9e6f7a3a3a796d8dedf72e076369bc3b7272be47783a6b7b8017b50a25cc2d84c2b49140770dcc6ef8b6db32cea307da4e3f72d17929264bf2c5

Download Submit
C:\Windows\System\DMjDCSj.exe

Filesize
2.1MB

MD5
0ec05566381f9b90f9b171c645656384

SHA1
aba16b8f47e81ea3767257d4245a5ee101124d85

SHA256
c23c056a8cb3263a7a0d2e438b06115a361a056c7eed7f3b4705c870da413c2f

SHA512
f1bdbc5d420fcb93d9d01692a399ba419c4f8dee3906a3966f93228efc25b759ff939b9e034a42f67b7ed15207f0ea333f602e994a103362fe9a8120a4bf1f83

Download Submit
C:\Windows\System\DbBirbx.exe

Filesize
2.1MB

MD5
a3cba2e4634df9508fadf150325b1286

SHA1
3433a9b4e1bdad461a90a62a0bdb064a821b956a

SHA256
a49ce0fc4c99d937d2ddaea02ae565fa2630cb67896fab6e8cadee88c0c786a0

SHA512
1d79a188358cf444996be19a4fdec2f94df7ae5762cc2e057f347860a563693889c3e6d1346493573ff4acd7c4ee0c8650bde0edf37140de8a5cf4d0a7d481ed

Download Submit
C:\Windows\System\HogpJZL.exe

Filesize
2.1MB

MD5
37689d590b33ea954e5241eadc8feb19

SHA1
a894ea3ac01f0a4ed640cc740b5165f82207bdb5

SHA256
dcb5a25536a6abee8f3098227e9b51804c8b7fca70915a3e5843bb8ea0fcb19b

SHA512
5dcf1afedabe4168aa1ac59289c1bd1f5e3f2bc137143835cb427b5ca9532ea777a591cace3d72c1751df31303058350ca686c916fa37305d488a149a9e92d26

Download Submit
C:\Windows\System\JOkqxHu.exe

Filesize
2.1MB

MD5
90e727e06fbf8ed277fbfdcc5c5f372c

SHA1
b04c683d901d0fb49a49aded77a717b4c5abd4e9

SHA256
07d83e21933a810cee6c4d7c377b60c969f86284e624cb8b8603a4adc05f7028

SHA512
c8f97976ee75e219ee114d1de059051a9f7f49c83aac3ae041f7567a420fa66baee327097a97285b1bdf237f6151560eff988f47252c1761aad32cab695e8e3d

Download Submit
C:\Windows\System\MEnVxeB.exe

Filesize
2.1MB

MD5
2de4bbc4a9fff90badb98ccc965c0707

SHA1
29592773df308a9ee5da2f7ba6b0c7d12e2152a0

SHA256
a616dd3bcb1f1b3512b73d541a5bb20a6d3a867b06bebad2b1b625b6a893204c

SHA512
bbfb85a7742d1f4ac11d450aa4cbf12115c4001dc3494efb3ce1254345391933ffb917e9777edd724810645a701bdc9c9241afbea0436ec6297bb183373ea0a2

Download Submit
C:\Windows\System\RQXljXr.exe

Filesize
2.1MB

MD5
a09d3a47441fe07fac0ca8dadaa281d2

SHA1
38241b6da64aaaebb36f70c182fed35d02cdbdf9

SHA256
d7a58b8297db9ea24649bf5cfbf16887e3ab62cdd0fdcb6b51eb5508e9bd3334

SHA512
0cde83c4427deb805f15826f328d3dec6afb4dfb580fdbb401567840ef93b88960618909b38cec6a4496133592036969022ea3ea9f3f777ebb12c6e7f66db758

Download Submit
C:\Windows\System\RgUQBSg.exe

Filesize
2.1MB

MD5
1fb5993d8f640f1d2fdb0da84b7fee57

SHA1
84f68500e1d76b24bcecf4a253e6bb5a84ccbd25

SHA256
26e032dc8539ad8267e81bf4cb5bf29a9d6f837bd6d17933afdd7bea19c184de

SHA512
afb4744897039ad1912e98177e28fc824ef9b27f4aa338166afc1c745fcb31ec9ac3450485f5c2d17267c21844fa123b03430ed9ecfb9b636f7a8695eac68ff7

Download Submit
C:\Windows\System\SEleXmX.exe

Filesize
2.1MB

MD5
6d8d516eb123c494e29fe151b8c4a46d

SHA1
b2ec0824acf14d2b6002faa98586ef632029e43f

SHA256
0ff344e18abc6f88224a44629cc10844f4948ecb7c5d116cbf7982df9c38fd2d

SHA512
85a50fab6c4843f86796c17e1278f92a9efbcf7636c56a7ecb475533eb8b40977477b6c5b6232672d47fea1f3511c1122552a5338fd2cadbff9068bef1fe44c2

Download Submit
C:\Windows\System\TvYtpSg.exe

Filesize
2.1MB

MD5
d7087003cd66ed08925c41da058a9678

SHA1
c2e497da49f4ae1712dc030c5225d858aa45e265

SHA256
e5a3a904ec1fad6fd4dc9d84acb8a77380efee2fa68d2ccb26f3de6ef9a92429

SHA512
97b180f68634e1a7fdb4692aeb55d196a184b6eda15eb7f6a570674253a10e23462ff304c3e516f10d7797b427dbe5d7dabd85dd58cb992e70676766bd088e7c

Download Submit
C:\Windows\System\UhcBsfj.exe

Filesize
2.1MB

MD5
fcefe6e724e21fdcb4a879e05fd95f80

SHA1
2c041ea2df519b79176557ec71a865dc631c7788

SHA256
176303e2c8d0dde21965a619fad88874cc676737039d4ec2c64009c90374d3dc

SHA512
484bcb2240729d4dee12865126a4e82a6825d340bad6d50c89147b57fde17a4c1eafb02bc61a8cc959d663dad059babfed7f255f04c0551c0aa11a52fdcb8486

Download Submit
C:\Windows\System\VDiThDz.exe

Filesize
2.1MB

MD5
31f5af4b1de9be4bbc060a454a0b1535

SHA1
c820564ec07e7a66a17012053401cc46e57057b2

SHA256
00ea53620fa5200cbdf6842874d7b8353873a367de638a7e39bbf046db111011

SHA512
04358dda0352ed9d98804b2d5a9d70e4749641ec8005430017d822681031daf47efffa20c3f2ea528c16bfb1af31db6c8378132bf32320833ff7cdaf189fe97f

Download Submit
C:\Windows\System\VKVVnpO.exe

Filesize
2.1MB

MD5
8bd6fc7ec52c423f9853ad3fa0a8105f

SHA1
2a32b9cbab01a92db96766737f45b7c673949734

SHA256
8e69956e31a7948fb4fa9265bd52db514ae4b798104e774682da2181238561ab

SHA512
c6a5b860fa4f0f3f8ad365ab88278870771857d4256742e94de4f24dc84d1c6a23832329c5f41357b5861b7f5b8cb950a751f9209603b9dbf601e25e0b073bca

Download Submit
C:\Windows\System\ViWVtPe.exe

Filesize
2.1MB

MD5
b3fb6362ea92cadf16ee9d47b8944e04

SHA1
cdfc25e796d7b67be19f39c5f1e6fca32dd30bd8

SHA256
f7fd73a1f784888ef8bfab37022892143327f68952b5d9e0bedbcbdf002b59b8

SHA512
2670eee93ad25a99f6bcf4d307a7b4d30b39adcdfc0c4515d63ad270849654da8ad47cf75e527e325b64b9b1b77db6a67eb43a51c2cd60acdfcba1cd6920b6d5

Download Submit
C:\Windows\System\WaViLec.exe

Filesize
2.1MB

MD5
3e3073fe8e12a0cf9e039c07d8c931fb

SHA1
988a0a7628c3eb586675d4729db491b45165622b

SHA256
8c75775912fe6fe085d8c430098f4e3b6b7edcfaadb4a414c43617809345d41b

SHA512
aee3ee4d02662adc0fd9d2c4fdbd118ef3f0f17e3322b45a5b9e1949af3930c187e7eb6d0c02aa70716956f123eb66c68ba2aa1a821044743c2bc49baa898b74

Download Submit
C:\Windows\System\dKsLhIY.exe

Filesize
2.1MB

MD5
8121ec63cf2b90decc83d351e94d4eb0

SHA1
1ac53286e8a58cc91506b020a95c85a263ecfa0e

SHA256
e20aa7cbaf41aae0f25ef1d40ec2e1ccb9396ce4ab184c83c93282066e70e6d8

SHA512
5548911f323fc75b453965fa68256b15b66f78eb10b5db79a4a9c29c975c54a38ddb6754da9c52c6c57b93bd152bd93d41f4391706135b4a18fd005c9907d6fc

Download Submit
C:\Windows\System\eWAaGgy.exe

Filesize
2.1MB

MD5
750a02405633135545526371df79e2f2

SHA1
ede349484e00ab39b20d13d9ff8202c360e4741b

SHA256
016ae13425e419691c89f82db07118f41c3837d821d0d2809be01d085dea410a

SHA512
83456a59189d17ba0f6584db92ed8e19936d6ef7e2bbd0a268433a45459c1cd64ec908bbe9b1aed6b1812948f7c02603b947243bf6b83c64651542808342de01

Download Submit
C:\Windows\System\fxFggWF.exe

Filesize
2.1MB

MD5
e93ff7659f52b61bcba4a68a774151a6

SHA1
b3b6b44f4c633cd2a1da822852aeb12b8fbb9b29

SHA256
cf05d7716512e3b6078a5080764e0e0de896bcbfb0ab69f429849cc0cb8fa050

SHA512
696551cafca6053d244eccf22166da5cab34e0d476224bca706f9da1cb5b18cfd500807e76c9d13468788558e5254f81c6502d21a74ad9676e23617ae2e8e085

Download Submit
C:\Windows\System\gStqxMF.exe

Filesize
2.1MB

MD5
3caad7e983c50461eec370ddc0d5a97d

SHA1
1971870abc7acd1d514666dccd66b5b9010f3230

SHA256
757b8e56a94a9e874fa2ac2f480440b50ce6bb963a75579584cc4eaaf4deceb8

SHA512
868495a92d19c774e508ce0e7ca58efc9f5d2d240362cec5c07bae76c2562350ee79e36121685f3652850e24d1a7bda129bd68f56e27bb68730978676742ad9a

Download Submit
C:\Windows\System\gVIwBoQ.exe

Filesize
2.1MB

MD5
df591a4d13cca03dc2a3a97004414805

SHA1
17e0b11b0f2d6245680cffd8cc0c6b44d7f04866

SHA256
57f759ac2da8b5aab5a7ad6bbf382d5edcd80529ef443ab007254f5d7b5be67e

SHA512
51018bb1deebb95a270cfa0750ff09191a8bca65860e3731a91d01836bd828943423c2d45bd79119c9718823586ec71c16d319bf8630e5b12a05a070daec7ab9

Download Submit
C:\Windows\System\gdelTiW.exe

Filesize
2.1MB

MD5
dac16f82bad97a9450af20d5a851e4bf

SHA1
c1bb42bb4efe05afd5f3c00da0cc5e8689270127

SHA256
278d1f8b9806ee244291c8a438737a345189365abac1201cd1607822a6d2215e

SHA512
67cb9316d0447ef3a5e974700298278e1c00e513faaa3139f403215c7109a02b8e9f46e92dedbf7b1542e3b85956436e759aae402ee26a2eb3ccee49bfa33250

Download Submit
C:\Windows\System\guzhtER.exe

Filesize
2.1MB

MD5
ac25002c2d088339f1fedd2a2a6f88c3

SHA1
267acf9ecbcd2d6738779bfde5c9b65e1f2bed06

SHA256
164e2ce98ec6238289fd69c9baec0e05edb005c3166ce1ccf24d89931e5dd10d

SHA512
2e3d956f4effd65f3e71c0d1b1e740294768553c5327a6e5bfba1870ed80b80496e4475513a9a2f33dc4f28cb3e547488a32bc64e3b3a50f2ce29452815021e2

Download Submit
C:\Windows\System\hmCKreE.exe

Filesize
2.1MB

MD5
655b9c427cc26a4e896ad2d209cbae3e

SHA1
2648292d099cf177d5a4f0e7df62deef05336550

SHA256
cbdd91b974eead0b9249fac6ae959ce3bd337f980e1ff1f0ccdc3872b0b7d7af

SHA512
11d742432ae06eee9402c254f0774b3be902565828c88e70a73999d809861722ddf6334306005e2ce2ce1db9bdac52a0c60e2b2dd9fd589a129646440f64232b

Download Submit
C:\Windows\System\iqrtKqW.exe

Filesize
2.1MB

MD5
ecd9f936540790ba972d266a4aa07d94

SHA1
1f0571db809033e365426aa684f2afa5866b9385

SHA256
379a97567062d47a30488df96d0e23a5c261d6aba9ffc0877bb149ae0bb628f6

SHA512
a3f9271b404ccb72a31e33705ca825b1503e27d21ba395b3fa442b50e30b1ade56406305057d7116508e36183df0ef7c6da0c278626b6c964444263aff14b525

Download Submit
C:\Windows\System\ktHFmEp.exe

Filesize
2.1MB

MD5
2645201f3948827d6905bfe31dbb9c85

SHA1
4be41bd854cb9fa33cceada0b59e38dca852e71d

SHA256
03bdf4874694a0b6c078a63be170607954b48cd0bc67fa4077d1100d68016b47

SHA512
4b3ca055515d3ed46d31554470fd6dcdf09062e6e76c988255ce8f8666a3c690026c2fed546f69a8a28b5321ed6246a480aabf8945182470dd4c4270cda13a6e

Download Submit
C:\Windows\System\lGMWXqj.exe

Filesize
2.1MB

MD5
9551ea5f64dad38edcdf972a9a048b21

SHA1
4b0b61cfd16435484ac67db84beb3701b28a1905

SHA256
f2ef5d6de5e4952f5e135e4aa7f9a0e3db57054f495a42c7d9c7c8f1ed33143b

SHA512
0b7504e9c2c75b510e0cfd0b21b2aa56e8a81708ecf8550ff26babbfb06ee2e8234930e39c0709ee73bed7d3abeb0f89eef95acea2d7e861b4fbd87068b06414

Download Submit
C:\Windows\System\leawqoU.exe

Filesize
2.1MB

MD5
901de8cc07ea5830d72b590697615362

SHA1
0a97d3625de1bb16cec7b1b7e623534a10983db9

SHA256
163794ada07973086168a5b6a0cfb546c2d43543a2e27b94d9ab552a9e1435d9

SHA512
979deada765284cb3fff54c18a14b94aec59d3ce455f37f9cbacbe2e3a6227a4fa849b043c86e5967227fe97d2bce20f7fea90a1aa17328a8ca0068d3d1d5054

Download Submit
C:\Windows\System\padSFGi.exe

Filesize
2.1MB

MD5
1d2d597b4d6a82bdddab434903396f3f

SHA1
e92d6e3c99197e5e239cf38052af6a067e5878f3

SHA256
57fb25cbaeb7b8c95903e19f039c586776cdeee01178962483dd14b7232ac655

SHA512
f30d9587506f1e3fd807da1fe40f4e8926f7fa1c136455f8282b1215051d7c98b8f6f653a0823d8e23f8aa2f0e286b65ebf6fad0a9a1b17672383a898862b0c0

Download Submit
C:\Windows\System\rJbSInZ.exe

Filesize
2.1MB

MD5
70cc97cc03c689cbceda3e695f71e535

SHA1
81c227a9d63eb57822e634153679f8cfa8d5a2ad

SHA256
4078b97bf8ce0f8a05938e17a855084a1638a05e9415591b041c363789a49bef

SHA512
d7ed2d43b584083592d8a7e2fe734effe54dbbc92f2286a2533cef6dd43277337a7981e2aeb0636a887d3d68e5abde6c0cd305976c05a9d85eb93a588abf527f

Download Submit
C:\Windows\System\vTtcGaI.exe

Filesize
2.1MB

MD5
f9de6f8c7e06bd299530d2796742193e

SHA1
f98a6e7e30102ed2bc28c4e7fb219282043bb550

SHA256
04c336a98c37c4ac85d604ac59beca8140c81f3a38d5421317e93df11bf04f27

SHA512
92d749d0938adb1558791f65f8bf40b9bc31391f105656ec49ce46f6c6575baa6053e8d1032deb925ef55d145001f3a8f14876d17a9d751d986148ddf2f9f877

Download Submit
C:\Windows\System\yQEcihq.exe

Filesize
2.1MB

MD5
104bc588f201e4f9eead746358e4766d

SHA1
4e34dcf7635c6ba45873cd359a3062a095722264

SHA256
098aae4a95e4b60b6b267e6ede7228dd0f0462c92b4b632273f5eef9d64541c0

SHA512
7ee2dfbd5879a253e8803fc02a7da2e951b85449bc4a4f4b85093b0e04d87d72b1888f21c66585cc421be6503627dfe88879584dfc21566d39066429e6795db0

Download Submit
memory/8-692-0x00007FF622780000-0x00007FF622AD4000-memory.dmp

Filesize
3.3MB

Download
memory/8-2207-0x00007FF622780000-0x00007FF622AD4000-memory.dmp

Filesize
3.3MB

Download
memory/8-1666-0x00007FF622780000-0x00007FF622AD4000-memory.dmp

Filesize
3.3MB

Download
memory/32-698-0x00007FF64CB70000-0x00007FF64CEC4000-memory.dmp

Filesize
3.3MB

Download
memory/32-2216-0x00007FF64CB70000-0x00007FF64CEC4000-memory.dmp

Filesize
3.3MB

Download
memory/452-0-0x00007FF610050000-0x00007FF6103A4000-memory.dmp

Filesize
3.3MB

Download
memory/452-1-0x00000192AB440000-0x00000192AB450000-memory.dmp

Filesize
64KB

Download
memory/452-1305-0x00007FF610050000-0x00007FF6103A4000-memory.dmp

Filesize
3.3MB

Download
memory/536-2213-0x00007FF770410000-0x00007FF770764000-memory.dmp

Filesize
3.3MB

Download
memory/536-712-0x00007FF770410000-0x00007FF770764000-memory.dmp

Filesize
3.3MB

Download
memory/1048-2222-0x00007FF793DB0000-0x00007FF794104000-memory.dmp

Filesize
3.3MB

Download
memory/1048-717-0x00007FF793DB0000-0x00007FF794104000-memory.dmp

Filesize
3.3MB

Download
memory/1084-751-0x00007FF750290000-0x00007FF7505E4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2220-0x00007FF750290000-0x00007FF7505E4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-713-0x00007FF656110000-0x00007FF656464000-memory.dmp

Filesize
3.3MB

Download
memory/1104-2218-0x00007FF656110000-0x00007FF656464000-memory.dmp

Filesize
3.3MB

Download
memory/1384-749-0x00007FF757580000-0x00007FF7578D4000-memory.dmp

Filesize
3.3MB

Download
memory/1384-2219-0x00007FF757580000-0x00007FF7578D4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-769-0x00007FF612D20000-0x00007FF613074000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2227-0x00007FF612D20000-0x00007FF613074000-memory.dmp

Filesize
3.3MB

Download
memory/2024-24-0x00007FF6ED630000-0x00007FF6ED984000-memory.dmp

Filesize
3.3MB

Download
memory/2024-1658-0x00007FF6ED630000-0x00007FF6ED984000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2206-0x00007FF6ED630000-0x00007FF6ED984000-memory.dmp

Filesize
3.3MB

Download
memory/2144-697-0x00007FF6798A0000-0x00007FF679BF4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-2217-0x00007FF6798A0000-0x00007FF679BF4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-728-0x00007FF7944E0000-0x00007FF794834000-memory.dmp

Filesize
3.3MB

Download
memory/2156-2221-0x00007FF7944E0000-0x00007FF794834000-memory.dmp

Filesize
3.3MB

Download
memory/2448-764-0x00007FF6E4190000-0x00007FF6E44E4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2224-0x00007FF6E4190000-0x00007FF6E44E4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-779-0x00007FF7A4FA0000-0x00007FF7A52F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2230-0x00007FF7A4FA0000-0x00007FF7A52F4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2215-0x00007FF6017C0000-0x00007FF601B14000-memory.dmp

Filesize
3.3MB

Download
memory/2836-699-0x00007FF6017C0000-0x00007FF601B14000-memory.dmp

Filesize
3.3MB

Download
memory/3312-693-0x00007FF639800000-0x00007FF639B54000-memory.dmp

Filesize
3.3MB

Download
memory/3312-2208-0x00007FF639800000-0x00007FF639B54000-memory.dmp

Filesize
3.3MB

Download
memory/3348-2205-0x00007FF66EEB0000-0x00007FF66F204000-memory.dmp

Filesize
3.3MB

Download
memory/3348-1551-0x00007FF66EEB0000-0x00007FF66F204000-memory.dmp

Filesize
3.3MB

Download
memory/3348-23-0x00007FF66EEB0000-0x00007FF66F204000-memory.dmp

Filesize
3.3MB

Download
memory/3420-1422-0x00007FF63F220000-0x00007FF63F574000-memory.dmp

Filesize
3.3MB

Download
memory/3420-19-0x00007FF63F220000-0x00007FF63F574000-memory.dmp

Filesize
3.3MB

Download
memory/3420-2204-0x00007FF63F220000-0x00007FF63F574000-memory.dmp

Filesize
3.3MB

Download
memory/3680-2211-0x00007FF79F5F0000-0x00007FF79F944000-memory.dmp

Filesize
3.3MB

Download
memory/3680-696-0x00007FF79F5F0000-0x00007FF79F944000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2229-0x00007FF711510000-0x00007FF711864000-memory.dmp

Filesize
3.3MB

Download
memory/3720-775-0x00007FF711510000-0x00007FF711864000-memory.dmp

Filesize
3.3MB

Download
memory/4288-822-0x00007FF7C5230000-0x00007FF7C5584000-memory.dmp

Filesize
3.3MB

Download
memory/4288-2209-0x00007FF7C5230000-0x00007FF7C5584000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2223-0x00007FF746F00000-0x00007FF747254000-memory.dmp

Filesize
3.3MB

Download
memory/4536-724-0x00007FF746F00000-0x00007FF747254000-memory.dmp

Filesize
3.3MB

Download
memory/4712-694-0x00007FF75ABB0000-0x00007FF75AF04000-memory.dmp

Filesize
3.3MB

Download
memory/4712-2212-0x00007FF75ABB0000-0x00007FF75AF04000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2214-0x00007FF6A24E0000-0x00007FF6A2834000-memory.dmp

Filesize
3.3MB

Download
memory/4732-700-0x00007FF6A24E0000-0x00007FF6A2834000-memory.dmp

Filesize
3.3MB

Download
memory/4772-2228-0x00007FF72E450000-0x00007FF72E7A4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-772-0x00007FF72E450000-0x00007FF72E7A4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-2203-0x00007FF6B6950000-0x00007FF6B6CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-12-0x00007FF6B6950000-0x00007FF6B6CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2231-0x00007FF7DFC80000-0x00007FF7DFFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-782-0x00007FF7DFC80000-0x00007FF7DFFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-734-0x00007FF63C4D0000-0x00007FF63C824000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2226-0x00007FF63C4D0000-0x00007FF63C824000-memory.dmp

Filesize
3.3MB

Download
memory/4964-695-0x00007FF68A220000-0x00007FF68A574000-memory.dmp

Filesize
3.3MB

Download
memory/4964-2210-0x00007FF68A220000-0x00007FF68A574000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2225-0x00007FF719920000-0x00007FF719C74000-memory.dmp

Filesize
3.3MB

Download
memory/4988-725-0x00007FF719920000-0x00007FF719C74000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads