xmrig | b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c

Analysis

max time kernel
110s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2024, 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
Size

2.1MB
MD5

229c8aa042556a2f58d8d46214210c0f
SHA1

d788e963cc515ec215cc915c024783a563d9f392
SHA256

b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c
SHA512

517ef9bb3932d8ad9bcc567969f3dfae77e6d5abb2da4624a5526aeda85a7cb70124dd07e80b094df6c10506c331df15b0378a59fad60cbaf0361bb032b3ee11
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIlMmSdbbUGsVOutxL4:oemTLkNdfE0pZr2

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2072-0-0x00007FF792990000-0x00007FF792CE4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c6b-4.dat	xmrig
behavioral2/files/0x0007000000023c6c-9.dat	xmrig
behavioral2/files/0x0007000000023c6d-15.dat	xmrig
behavioral2/memory/4936-10-0x00007FF6E6F60000-0x00007FF6E72B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c71-30.dat	xmrig
behavioral2/files/0x0007000000023c73-39.dat	xmrig
behavioral2/memory/3492-52-0x00007FF7F0BD0000-0x00007FF7F0F24000-memory.dmp	xmrig
behavioral2/memory/1912-61-0x00007FF6A6140000-0x00007FF6A6494000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c78-72.dat	xmrig
behavioral2/files/0x0007000000023c79-84.dat	xmrig
behavioral2/files/0x0007000000023c7e-109.dat	xmrig
behavioral2/files/0x0007000000023c81-123.dat	xmrig
behavioral2/files/0x0007000000023c87-155.dat	xmrig
behavioral2/memory/5028-181-0x00007FF7FDE10000-0x00007FF7FE164000-memory.dmp	xmrig
behavioral2/memory/3484-196-0x00007FF68D9B0000-0x00007FF68DD04000-memory.dmp	xmrig
behavioral2/memory/3664-202-0x00007FF71C210000-0x00007FF71C564000-memory.dmp	xmrig
behavioral2/memory/1944-207-0x00007FF670A00000-0x00007FF670D54000-memory.dmp	xmrig
behavioral2/memory/1548-212-0x00007FF6FBA10000-0x00007FF6FBD64000-memory.dmp	xmrig
behavioral2/memory/244-211-0x00007FF7D87A0000-0x00007FF7D8AF4000-memory.dmp	xmrig
behavioral2/memory/3284-210-0x00007FF761E80000-0x00007FF7621D4000-memory.dmp	xmrig
behavioral2/memory/2740-209-0x00007FF786A50000-0x00007FF786DA4000-memory.dmp	xmrig
behavioral2/memory/4112-208-0x00007FF6F9410000-0x00007FF6F9764000-memory.dmp	xmrig
behavioral2/memory/4060-206-0x00007FF636570000-0x00007FF6368C4000-memory.dmp	xmrig
behavioral2/memory/2336-205-0x00007FF654410000-0x00007FF654764000-memory.dmp	xmrig
behavioral2/memory/1832-204-0x00007FF6AC0F0000-0x00007FF6AC444000-memory.dmp	xmrig
behavioral2/memory/3988-203-0x00007FF77C550000-0x00007FF77C8A4000-memory.dmp	xmrig
behavioral2/memory/2636-201-0x00007FF7377B0000-0x00007FF737B04000-memory.dmp	xmrig
behavioral2/memory/984-200-0x00007FF6C0BB0000-0x00007FF6C0F04000-memory.dmp	xmrig
behavioral2/memory/3232-199-0x00007FF60BF70000-0x00007FF60C2C4000-memory.dmp	xmrig
behavioral2/memory/3348-198-0x00007FF68F870000-0x00007FF68FBC4000-memory.dmp	xmrig
behavioral2/memory/2788-197-0x00007FF762010000-0x00007FF762364000-memory.dmp	xmrig
behavioral2/memory/3296-192-0x00007FF6B6FC0000-0x00007FF6B7314000-memory.dmp	xmrig
behavioral2/memory/2016-191-0x00007FF7CD740000-0x00007FF7CDA94000-memory.dmp	xmrig
behavioral2/memory/4332-180-0x00007FF78D290000-0x00007FF78D5E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8f-179.dat	xmrig
behavioral2/files/0x0007000000023c85-177.dat	xmrig
behavioral2/files/0x0007000000023c8e-176.dat	xmrig
behavioral2/files/0x0007000000023c8d-175.dat	xmrig
behavioral2/files/0x0007000000023c8c-174.dat	xmrig
behavioral2/files/0x0007000000023c8b-173.dat	xmrig
behavioral2/files/0x0007000000023c8a-172.dat	xmrig
behavioral2/files/0x0007000000023c84-170.dat	xmrig
behavioral2/files/0x0007000000023c83-163.dat	xmrig
behavioral2/files/0x0007000000023c89-161.dat	xmrig
behavioral2/files/0x0007000000023c88-160.dat	xmrig
behavioral2/files/0x0007000000023c86-152.dat	xmrig
behavioral2/files/0x0007000000023c82-148.dat	xmrig
behavioral2/files/0x0007000000023c80-126.dat	xmrig
behavioral2/files/0x0007000000023c7f-117.dat	xmrig
behavioral2/files/0x0007000000023c7d-107.dat	xmrig
behavioral2/files/0x0007000000023c7c-105.dat	xmrig
behavioral2/files/0x0007000000023c7b-103.dat	xmrig
behavioral2/files/0x0007000000023c7a-101.dat	xmrig
behavioral2/files/0x0007000000023c77-97.dat	xmrig
behavioral2/memory/648-87-0x00007FF61D770000-0x00007FF61DAC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c76-78.dat	xmrig
behavioral2/memory/5056-73-0x00007FF603770000-0x00007FF603AC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c75-69.dat	xmrig
behavioral2/files/0x0007000000023c74-67.dat	xmrig
behavioral2/memory/4924-64-0x00007FF72D5E0000-0x00007FF72D934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c72-58.dat	xmrig
behavioral2/files/0x0007000000023c6f-54.dat	xmrig
behavioral2/files/0x0007000000023c6e-46.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4936	Odzwxro.exe
2760	voqPsyY.exe
4060	xeYXxtu.exe
2076	QRhFbpN.exe
3492	DWRGHQi.exe
1944	FfrbxWo.exe
1912	azizlxF.exe
4112	sjRSenF.exe
4924	Dpajate.exe
5056	gKstGnd.exe
648	VWwiiDH.exe
2740	HPLIVuq.exe
3284	jRZFOUS.exe
4332	jHyyfni.exe
244	ADHkjWn.exe
1548	vqZNNIb.exe
5028	eBIqjXj.exe
2016	GeNqIPp.exe
3296	szDCQmf.exe
3484	tcqEPPV.exe
2788	YbqMtyO.exe
3348	UyOmpqX.exe
3232	inyNtFQ.exe
984	qwwWpOA.exe
2636	hqFkTXe.exe
3664	WHYVchP.exe
3988	dGZDzLW.exe
1832	dMfcPwW.exe
2336	BUfdSYy.exe
4468	ULqTHRB.exe
1772	adUAXOh.exe
4996	bBhIWOF.exe
2820	COVJIhG.exe
1620	hyLFNMc.exe
2192	JIqjIfV.exe
2944	GdlLNjP.exe
2736	IYmHRms.exe
444	dAnyDKx.exe
4236	xwgWNfN.exe
1868	dFBGDsP.exe
2544	ydkSbdw.exe
756	jbRJVmZ.exe
2928	HZZETPE.exe
1836	kiiuEoq.exe
4340	vYuruGi.exe
3732	RuvJzvl.exe
100	RBgbWho.exe
4688	fGcwNIU.exe
4972	numucxy.exe
232	AHjoLMU.exe
1996	avWbuMQ.exe
4556	KsdUiqm.exe
688	LwTFCUS.exe
4756	bBGLDDo.exe
4192	tJpsRiB.exe
3176	bTQcVDn.exe
3512	QxVorZv.exe
2324	zRfTIIn.exe
4764	uuYvRXr.exe
400	zAvdNhR.exe
3532	CyNvjaT.exe
1360	YvXmvVx.exe
1876	AekBmqL.exe
1948	iHYCsbr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2072-0-0x00007FF792990000-0x00007FF792CE4000-memory.dmp	upx
behavioral2/files/0x0008000000023c6b-4.dat	upx
behavioral2/files/0x0007000000023c6c-9.dat	upx
behavioral2/files/0x0007000000023c6d-15.dat	upx
behavioral2/memory/4936-10-0x00007FF6E6F60000-0x00007FF6E72B4000-memory.dmp	upx
behavioral2/files/0x0007000000023c71-30.dat	upx
behavioral2/files/0x0007000000023c73-39.dat	upx
behavioral2/memory/3492-52-0x00007FF7F0BD0000-0x00007FF7F0F24000-memory.dmp	upx
behavioral2/memory/1912-61-0x00007FF6A6140000-0x00007FF6A6494000-memory.dmp	upx
behavioral2/files/0x0007000000023c78-72.dat	upx
behavioral2/files/0x0007000000023c79-84.dat	upx
behavioral2/files/0x0007000000023c7e-109.dat	upx
behavioral2/files/0x0007000000023c81-123.dat	upx
behavioral2/files/0x0007000000023c87-155.dat	upx
behavioral2/memory/5028-181-0x00007FF7FDE10000-0x00007FF7FE164000-memory.dmp	upx
behavioral2/memory/3484-196-0x00007FF68D9B0000-0x00007FF68DD04000-memory.dmp	upx
behavioral2/memory/3664-202-0x00007FF71C210000-0x00007FF71C564000-memory.dmp	upx
behavioral2/memory/1944-207-0x00007FF670A00000-0x00007FF670D54000-memory.dmp	upx
behavioral2/memory/1548-212-0x00007FF6FBA10000-0x00007FF6FBD64000-memory.dmp	upx
behavioral2/memory/244-211-0x00007FF7D87A0000-0x00007FF7D8AF4000-memory.dmp	upx
behavioral2/memory/3284-210-0x00007FF761E80000-0x00007FF7621D4000-memory.dmp	upx
behavioral2/memory/2740-209-0x00007FF786A50000-0x00007FF786DA4000-memory.dmp	upx
behavioral2/memory/4112-208-0x00007FF6F9410000-0x00007FF6F9764000-memory.dmp	upx
behavioral2/memory/4060-206-0x00007FF636570000-0x00007FF6368C4000-memory.dmp	upx
behavioral2/memory/2336-205-0x00007FF654410000-0x00007FF654764000-memory.dmp	upx
behavioral2/memory/1832-204-0x00007FF6AC0F0000-0x00007FF6AC444000-memory.dmp	upx
behavioral2/memory/3988-203-0x00007FF77C550000-0x00007FF77C8A4000-memory.dmp	upx
behavioral2/memory/2636-201-0x00007FF7377B0000-0x00007FF737B04000-memory.dmp	upx
behavioral2/memory/984-200-0x00007FF6C0BB0000-0x00007FF6C0F04000-memory.dmp	upx
behavioral2/memory/3232-199-0x00007FF60BF70000-0x00007FF60C2C4000-memory.dmp	upx
behavioral2/memory/3348-198-0x00007FF68F870000-0x00007FF68FBC4000-memory.dmp	upx
behavioral2/memory/2788-197-0x00007FF762010000-0x00007FF762364000-memory.dmp	upx
behavioral2/memory/3296-192-0x00007FF6B6FC0000-0x00007FF6B7314000-memory.dmp	upx
behavioral2/memory/2016-191-0x00007FF7CD740000-0x00007FF7CDA94000-memory.dmp	upx
behavioral2/memory/4332-180-0x00007FF78D290000-0x00007FF78D5E4000-memory.dmp	upx
behavioral2/files/0x0007000000023c8f-179.dat	upx
behavioral2/files/0x0007000000023c85-177.dat	upx
behavioral2/files/0x0007000000023c8e-176.dat	upx
behavioral2/files/0x0007000000023c8d-175.dat	upx
behavioral2/files/0x0007000000023c8c-174.dat	upx
behavioral2/files/0x0007000000023c8b-173.dat	upx
behavioral2/files/0x0007000000023c8a-172.dat	upx
behavioral2/files/0x0007000000023c84-170.dat	upx
behavioral2/files/0x0007000000023c83-163.dat	upx
behavioral2/files/0x0007000000023c89-161.dat	upx
behavioral2/files/0x0007000000023c88-160.dat	upx
behavioral2/files/0x0007000000023c86-152.dat	upx
behavioral2/files/0x0007000000023c82-148.dat	upx
behavioral2/files/0x0007000000023c80-126.dat	upx
behavioral2/files/0x0007000000023c7f-117.dat	upx
behavioral2/files/0x0007000000023c7d-107.dat	upx
behavioral2/files/0x0007000000023c7c-105.dat	upx
behavioral2/files/0x0007000000023c7b-103.dat	upx
behavioral2/files/0x0007000000023c7a-101.dat	upx
behavioral2/files/0x0007000000023c77-97.dat	upx
behavioral2/memory/648-87-0x00007FF61D770000-0x00007FF61DAC4000-memory.dmp	upx
behavioral2/files/0x0007000000023c76-78.dat	upx
behavioral2/memory/5056-73-0x00007FF603770000-0x00007FF603AC4000-memory.dmp	upx
behavioral2/files/0x0007000000023c75-69.dat	upx
behavioral2/files/0x0007000000023c74-67.dat	upx
behavioral2/memory/4924-64-0x00007FF72D5E0000-0x00007FF72D934000-memory.dmp	upx
behavioral2/files/0x0007000000023c72-58.dat	upx
behavioral2/files/0x0007000000023c6f-54.dat	upx
behavioral2/files/0x0007000000023c6e-46.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KeTvwSN.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\hFrgeqh.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\kdEbiIQ.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\znPaTlb.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\vyGXeMm.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\XPgUiqt.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\GeNqIPp.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\qrtewbj.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\raTCRNH.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\KrzjJyt.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\wBPVhmn.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\znlAlNq.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\vLwSHtZ.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\SSLWIPZ.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\zRSdSAz.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\DThcuXV.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\JLGeGYz.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\TOJLtYQ.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\naBGdEF.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\jqzpvdu.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\WKtmGqC.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\VPeBOiw.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\zfcyNEZ.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\AHjoLMU.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\rzBvVbc.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\svwddaj.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\oitHsbk.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\MfJGfLa.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\THKpVJs.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\qNcrvYK.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\QYLsoQw.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\viULTZC.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\lZwMcPl.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\atUIhOE.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\jepukcV.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\xqBlbZI.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\vfpywUR.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\sjTShVm.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\CgygINk.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\OmasxQo.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\OcddvEl.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\OVBYveI.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\gQriqEG.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\MwbEkON.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\jHyyfni.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\BGCADhK.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\AKjMehS.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\EJZDFbN.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\lYSHxog.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\RmVNEjY.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\yUrnuzH.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\SbTtBvz.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\wnGzzun.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\ALVWZfU.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\HTObYSr.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\hQLFghA.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\UyywXaQ.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\wigyaTu.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\EfPwxLo.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\GLMggip.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\qisJQUN.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\nuMmqtd.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\HsznxKy.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
File created	C:\Windows\System\xdeIlTf.exe	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14552	dwm.exe
Token: SeChangeNotifyPrivilege	14552	dwm.exe
Token: 33	14552	dwm.exe
Token: SeIncBasePriorityPrivilege	14552	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 4936	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	84
PID 2072 wrote to memory of 4936	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	84
PID 2072 wrote to memory of 2760	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	85
PID 2072 wrote to memory of 2760	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	85
PID 2072 wrote to memory of 4060	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	86
PID 2072 wrote to memory of 4060	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	86
PID 2072 wrote to memory of 3492	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	87
PID 2072 wrote to memory of 3492	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	87
PID 2072 wrote to memory of 2076	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	88
PID 2072 wrote to memory of 2076	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	88
PID 2072 wrote to memory of 1944	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	89
PID 2072 wrote to memory of 1944	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	89
PID 2072 wrote to memory of 1912	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	90
PID 2072 wrote to memory of 1912	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	90
PID 2072 wrote to memory of 4112	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	91
PID 2072 wrote to memory of 4112	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	91
PID 2072 wrote to memory of 4924	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	92
PID 2072 wrote to memory of 4924	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	92
PID 2072 wrote to memory of 5056	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	93
PID 2072 wrote to memory of 5056	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	93
PID 2072 wrote to memory of 648	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	94
PID 2072 wrote to memory of 648	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	94
PID 2072 wrote to memory of 2740	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	95
PID 2072 wrote to memory of 2740	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	95
PID 2072 wrote to memory of 3284	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	96
PID 2072 wrote to memory of 3284	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	96
PID 2072 wrote to memory of 4332	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	97
PID 2072 wrote to memory of 4332	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	97
PID 2072 wrote to memory of 244	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	98
PID 2072 wrote to memory of 244	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	98
PID 2072 wrote to memory of 1548	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	99
PID 2072 wrote to memory of 1548	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	99
PID 2072 wrote to memory of 5028	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	100
PID 2072 wrote to memory of 5028	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	100
PID 2072 wrote to memory of 2016	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	101
PID 2072 wrote to memory of 2016	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	101
PID 2072 wrote to memory of 3296	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	102
PID 2072 wrote to memory of 3296	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	102
PID 2072 wrote to memory of 3484	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	103
PID 2072 wrote to memory of 3484	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	103
PID 2072 wrote to memory of 2788	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	104
PID 2072 wrote to memory of 2788	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	104
PID 2072 wrote to memory of 3348	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	105
PID 2072 wrote to memory of 3348	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	105
PID 2072 wrote to memory of 3232	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	106
PID 2072 wrote to memory of 3232	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	106
PID 2072 wrote to memory of 984	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	107
PID 2072 wrote to memory of 984	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	107
PID 2072 wrote to memory of 2636	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	108
PID 2072 wrote to memory of 2636	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	108
PID 2072 wrote to memory of 3664	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	109
PID 2072 wrote to memory of 3664	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	109
PID 2072 wrote to memory of 3988	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	110
PID 2072 wrote to memory of 3988	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	110
PID 2072 wrote to memory of 1832	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	111
PID 2072 wrote to memory of 1832	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	111
PID 2072 wrote to memory of 2336	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	112
PID 2072 wrote to memory of 2336	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	112
PID 2072 wrote to memory of 4468	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	113
PID 2072 wrote to memory of 4468	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	113
PID 2072 wrote to memory of 1772	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	114
PID 2072 wrote to memory of 1772	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	114
PID 2072 wrote to memory of 4996	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	115
PID 2072 wrote to memory of 4996	2072	b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe	115

C:\Users\Admin\AppData\Local\Temp\b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe
"C:\Users\Admin\AppData\Local\Temp\b65f5b1dec5f297785b46fc5690a58b32c8d42a91c0caf2a40da3eb171e2065c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\System\Odzwxro.exe
  C:\Windows\System\Odzwxro.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\voqPsyY.exe
  C:\Windows\System\voqPsyY.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\xeYXxtu.exe
  C:\Windows\System\xeYXxtu.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\DWRGHQi.exe
  C:\Windows\System\DWRGHQi.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\QRhFbpN.exe
  C:\Windows\System\QRhFbpN.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\FfrbxWo.exe
  C:\Windows\System\FfrbxWo.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\azizlxF.exe
  C:\Windows\System\azizlxF.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\sjRSenF.exe
  C:\Windows\System\sjRSenF.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\Dpajate.exe
  C:\Windows\System\Dpajate.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\gKstGnd.exe
  C:\Windows\System\gKstGnd.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\VWwiiDH.exe
  C:\Windows\System\VWwiiDH.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\HPLIVuq.exe
  C:\Windows\System\HPLIVuq.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\jRZFOUS.exe
  C:\Windows\System\jRZFOUS.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\jHyyfni.exe
  C:\Windows\System\jHyyfni.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\ADHkjWn.exe
  C:\Windows\System\ADHkjWn.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System\vqZNNIb.exe
  C:\Windows\System\vqZNNIb.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\eBIqjXj.exe
  C:\Windows\System\eBIqjXj.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\GeNqIPp.exe
  C:\Windows\System\GeNqIPp.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\szDCQmf.exe
  C:\Windows\System\szDCQmf.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\tcqEPPV.exe
  C:\Windows\System\tcqEPPV.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\YbqMtyO.exe
  C:\Windows\System\YbqMtyO.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\UyOmpqX.exe
  C:\Windows\System\UyOmpqX.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\inyNtFQ.exe
  C:\Windows\System\inyNtFQ.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\qwwWpOA.exe
  C:\Windows\System\qwwWpOA.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\hqFkTXe.exe
  C:\Windows\System\hqFkTXe.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\WHYVchP.exe
  C:\Windows\System\WHYVchP.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\dGZDzLW.exe
  C:\Windows\System\dGZDzLW.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\dMfcPwW.exe
  C:\Windows\System\dMfcPwW.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\BUfdSYy.exe
  C:\Windows\System\BUfdSYy.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\ULqTHRB.exe
  C:\Windows\System\ULqTHRB.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\adUAXOh.exe
  C:\Windows\System\adUAXOh.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\bBhIWOF.exe
  C:\Windows\System\bBhIWOF.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\COVJIhG.exe
  C:\Windows\System\COVJIhG.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\hyLFNMc.exe
  C:\Windows\System\hyLFNMc.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\JIqjIfV.exe
  C:\Windows\System\JIqjIfV.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\GdlLNjP.exe
  C:\Windows\System\GdlLNjP.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\IYmHRms.exe
  C:\Windows\System\IYmHRms.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\dAnyDKx.exe
  C:\Windows\System\dAnyDKx.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\xwgWNfN.exe
  C:\Windows\System\xwgWNfN.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\dFBGDsP.exe
  C:\Windows\System\dFBGDsP.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\ydkSbdw.exe
  C:\Windows\System\ydkSbdw.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\jbRJVmZ.exe
  C:\Windows\System\jbRJVmZ.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\HZZETPE.exe
  C:\Windows\System\HZZETPE.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\vYuruGi.exe
  C:\Windows\System\vYuruGi.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\kiiuEoq.exe
  C:\Windows\System\kiiuEoq.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\RuvJzvl.exe
  C:\Windows\System\RuvJzvl.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\RBgbWho.exe
  C:\Windows\System\RBgbWho.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\fGcwNIU.exe
  C:\Windows\System\fGcwNIU.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\KsdUiqm.exe
  C:\Windows\System\KsdUiqm.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\numucxy.exe
  C:\Windows\System\numucxy.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\AHjoLMU.exe
  C:\Windows\System\AHjoLMU.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\avWbuMQ.exe
  C:\Windows\System\avWbuMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\LwTFCUS.exe
  C:\Windows\System\LwTFCUS.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\bBGLDDo.exe
  C:\Windows\System\bBGLDDo.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\tJpsRiB.exe
  C:\Windows\System\tJpsRiB.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\bTQcVDn.exe
  C:\Windows\System\bTQcVDn.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\QxVorZv.exe
  C:\Windows\System\QxVorZv.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\zRfTIIn.exe
  C:\Windows\System\zRfTIIn.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\uuYvRXr.exe
  C:\Windows\System\uuYvRXr.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\zAvdNhR.exe
  C:\Windows\System\zAvdNhR.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\CyNvjaT.exe
  C:\Windows\System\CyNvjaT.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\YvXmvVx.exe
  C:\Windows\System\YvXmvVx.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\AekBmqL.exe
  C:\Windows\System\AekBmqL.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\iHYCsbr.exe
  C:\Windows\System\iHYCsbr.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\fMeNQFj.exe
  C:\Windows\System\fMeNQFj.exe
  2⤵
  PID:2500
- C:\Windows\System\HIPXVDk.exe
  C:\Windows\System\HIPXVDk.exe
  2⤵
  PID:4316
- C:\Windows\System\BlXzFQQ.exe
  C:\Windows\System\BlXzFQQ.exe
  2⤵
  PID:2764
- C:\Windows\System\vcUHIpb.exe
  C:\Windows\System\vcUHIpb.exe
  2⤵
  PID:2584
- C:\Windows\System\jZIAFmT.exe
  C:\Windows\System\jZIAFmT.exe
  2⤵
  PID:2936
- C:\Windows\System\KrcSadA.exe
  C:\Windows\System\KrcSadA.exe
  2⤵
  PID:3992
- C:\Windows\System\pqyxIDS.exe
  C:\Windows\System\pqyxIDS.exe
  2⤵
  PID:4104
- C:\Windows\System\pYBgNgP.exe
  C:\Windows\System\pYBgNgP.exe
  2⤵
  PID:1096
- C:\Windows\System\tZYJCZF.exe
  C:\Windows\System\tZYJCZF.exe
  2⤵
  PID:868
- C:\Windows\System\bQZyAKv.exe
  C:\Windows\System\bQZyAKv.exe
  2⤵
  PID:4364
- C:\Windows\System\FGnZBVJ.exe
  C:\Windows\System\FGnZBVJ.exe
  2⤵
  PID:388
- C:\Windows\System\oTzYNfy.exe
  C:\Windows\System\oTzYNfy.exe
  2⤵
  PID:4824
- C:\Windows\System\pNbLOPC.exe
  C:\Windows\System\pNbLOPC.exe
  2⤵
  PID:4384
- C:\Windows\System\jcgSTHE.exe
  C:\Windows\System\jcgSTHE.exe
  2⤵
  PID:3228
- C:\Windows\System\VInxQcN.exe
  C:\Windows\System\VInxQcN.exe
  2⤵
  PID:3560
- C:\Windows\System\RWSQthf.exe
  C:\Windows\System\RWSQthf.exe
  2⤵
  PID:768
- C:\Windows\System\aktXnhB.exe
  C:\Windows\System\aktXnhB.exe
  2⤵
  PID:4124
- C:\Windows\System\faNvlwT.exe
  C:\Windows\System\faNvlwT.exe
  2⤵
  PID:1652
- C:\Windows\System\bYApGoE.exe
  C:\Windows\System\bYApGoE.exe
  2⤵
  PID:1784
- C:\Windows\System\KHHMveY.exe
  C:\Windows\System\KHHMveY.exe
  2⤵
  PID:3264
- C:\Windows\System\nGYACrs.exe
  C:\Windows\System\nGYACrs.exe
  2⤵
  PID:1552
- C:\Windows\System\viULTZC.exe
  C:\Windows\System\viULTZC.exe
  2⤵
  PID:4188
- C:\Windows\System\YPFobkN.exe
  C:\Windows\System\YPFobkN.exe
  2⤵
  PID:4592
- C:\Windows\System\Mdgdgzc.exe
  C:\Windows\System\Mdgdgzc.exe
  2⤵
  PID:4804
- C:\Windows\System\DGYzVVV.exe
  C:\Windows\System\DGYzVVV.exe
  2⤵
  PID:4680
- C:\Windows\System\oCdcVlP.exe
  C:\Windows\System\oCdcVlP.exe
  2⤵
  PID:2496
- C:\Windows\System\rywRejz.exe
  C:\Windows\System\rywRejz.exe
  2⤵
  PID:2724
- C:\Windows\System\lQJqhKT.exe
  C:\Windows\System\lQJqhKT.exe
  2⤵
  PID:3932
- C:\Windows\System\BoEAurw.exe
  C:\Windows\System\BoEAurw.exe
  2⤵
  PID:1864
- C:\Windows\System\kcmsiPE.exe
  C:\Windows\System\kcmsiPE.exe
  2⤵
  PID:4976
- C:\Windows\System\jqBWqYL.exe
  C:\Windows\System\jqBWqYL.exe
  2⤵
  PID:1424
- C:\Windows\System\ZkQDRay.exe
  C:\Windows\System\ZkQDRay.exe
  2⤵
  PID:5140
- C:\Windows\System\TGkJsNK.exe
  C:\Windows\System\TGkJsNK.exe
  2⤵
  PID:5164
- C:\Windows\System\BgxRgRm.exe
  C:\Windows\System\BgxRgRm.exe
  2⤵
  PID:5200
- C:\Windows\System\VZGsBqM.exe
  C:\Windows\System\VZGsBqM.exe
  2⤵
  PID:5220
- C:\Windows\System\SwPwymR.exe
  C:\Windows\System\SwPwymR.exe
  2⤵
  PID:5248
- C:\Windows\System\OcddvEl.exe
  C:\Windows\System\OcddvEl.exe
  2⤵
  PID:5276
- C:\Windows\System\cOwaNTm.exe
  C:\Windows\System\cOwaNTm.exe
  2⤵
  PID:5304
- C:\Windows\System\JuHyjRo.exe
  C:\Windows\System\JuHyjRo.exe
  2⤵
  PID:5340
- C:\Windows\System\iFaksIu.exe
  C:\Windows\System\iFaksIu.exe
  2⤵
  PID:5368
- C:\Windows\System\qswlJGR.exe
  C:\Windows\System\qswlJGR.exe
  2⤵
  PID:5400
- C:\Windows\System\pCIkOWG.exe
  C:\Windows\System\pCIkOWG.exe
  2⤵
  PID:5436
- C:\Windows\System\hRCaNmm.exe
  C:\Windows\System\hRCaNmm.exe
  2⤵
  PID:5456
- C:\Windows\System\KHwYUPR.exe
  C:\Windows\System\KHwYUPR.exe
  2⤵
  PID:5492
- C:\Windows\System\vsZgGik.exe
  C:\Windows\System\vsZgGik.exe
  2⤵
  PID:5524
- C:\Windows\System\fpjDCYb.exe
  C:\Windows\System\fpjDCYb.exe
  2⤵
  PID:5560
- C:\Windows\System\CIYYwhC.exe
  C:\Windows\System\CIYYwhC.exe
  2⤵
  PID:5576
- C:\Windows\System\EmERlig.exe
  C:\Windows\System\EmERlig.exe
  2⤵
  PID:5608
- C:\Windows\System\OAepauS.exe
  C:\Windows\System\OAepauS.exe
  2⤵
  PID:5632
- C:\Windows\System\tksHDmf.exe
  C:\Windows\System\tksHDmf.exe
  2⤵
  PID:5652
- C:\Windows\System\AmBNSGM.exe
  C:\Windows\System\AmBNSGM.exe
  2⤵
  PID:5688
- C:\Windows\System\icPfyRY.exe
  C:\Windows\System\icPfyRY.exe
  2⤵
  PID:5720
- C:\Windows\System\tIckCyw.exe
  C:\Windows\System\tIckCyw.exe
  2⤵
  PID:5756
- C:\Windows\System\GHIIuQF.exe
  C:\Windows\System\GHIIuQF.exe
  2⤵
  PID:5772
- C:\Windows\System\FglqhFZ.exe
  C:\Windows\System\FglqhFZ.exe
  2⤵
  PID:5812
- C:\Windows\System\tKtXuHB.exe
  C:\Windows\System\tKtXuHB.exe
  2⤵
  PID:5840
- C:\Windows\System\HxXZDfZ.exe
  C:\Windows\System\HxXZDfZ.exe
  2⤵
  PID:5868
- C:\Windows\System\QFTRlBj.exe
  C:\Windows\System\QFTRlBj.exe
  2⤵
  PID:5884
- C:\Windows\System\SPGoQUU.exe
  C:\Windows\System\SPGoQUU.exe
  2⤵
  PID:5912
- C:\Windows\System\dAkwmEI.exe
  C:\Windows\System\dAkwmEI.exe
  2⤵
  PID:5944
- C:\Windows\System\WswLtNc.exe
  C:\Windows\System\WswLtNc.exe
  2⤵
  PID:5984
- C:\Windows\System\qrtewbj.exe
  C:\Windows\System\qrtewbj.exe
  2⤵
  PID:6012
- C:\Windows\System\wtqfZWh.exe
  C:\Windows\System\wtqfZWh.exe
  2⤵
  PID:6040
- C:\Windows\System\fiyHrNw.exe
  C:\Windows\System\fiyHrNw.exe
  2⤵
  PID:6056
- C:\Windows\System\gemRMsI.exe
  C:\Windows\System\gemRMsI.exe
  2⤵
  PID:6072
- C:\Windows\System\fwOgyeF.exe
  C:\Windows\System\fwOgyeF.exe
  2⤵
  PID:6088
- C:\Windows\System\aphlEHG.exe
  C:\Windows\System\aphlEHG.exe
  2⤵
  PID:6112
- C:\Windows\System\WYbIJSe.exe
  C:\Windows\System\WYbIJSe.exe
  2⤵
  PID:6140
- C:\Windows\System\kuaiyiU.exe
  C:\Windows\System\kuaiyiU.exe
  2⤵
  PID:2912
- C:\Windows\System\FzQFUoW.exe
  C:\Windows\System\FzQFUoW.exe
  2⤵
  PID:5188
- C:\Windows\System\WPaKEVM.exe
  C:\Windows\System\WPaKEVM.exe
  2⤵
  PID:5244
- C:\Windows\System\GCDbXnB.exe
  C:\Windows\System\GCDbXnB.exe
  2⤵
  PID:5324
- C:\Windows\System\GbhmWjt.exe
  C:\Windows\System\GbhmWjt.exe
  2⤵
  PID:5412
- C:\Windows\System\UjbgkqQ.exe
  C:\Windows\System\UjbgkqQ.exe
  2⤵
  PID:5420
- C:\Windows\System\pKPeTWb.exe
  C:\Windows\System\pKPeTWb.exe
  2⤵
  PID:5512
- C:\Windows\System\gtcHXtl.exe
  C:\Windows\System\gtcHXtl.exe
  2⤵
  PID:5604
- C:\Windows\System\ZNqKlpD.exe
  C:\Windows\System\ZNqKlpD.exe
  2⤵
  PID:5640
- C:\Windows\System\qDKBRAt.exe
  C:\Windows\System\qDKBRAt.exe
  2⤵
  PID:5708
- C:\Windows\System\qAEZvTR.exe
  C:\Windows\System\qAEZvTR.exe
  2⤵
  PID:5796
- C:\Windows\System\wOZwIhv.exe
  C:\Windows\System\wOZwIhv.exe
  2⤵
  PID:5860
- C:\Windows\System\pFVgoka.exe
  C:\Windows\System\pFVgoka.exe
  2⤵
  PID:5932
- C:\Windows\System\lfXiqNp.exe
  C:\Windows\System\lfXiqNp.exe
  2⤵
  PID:6004
- C:\Windows\System\ryTDGpO.exe
  C:\Windows\System\ryTDGpO.exe
  2⤵
  PID:6032
- C:\Windows\System\OVBYveI.exe
  C:\Windows\System\OVBYveI.exe
  2⤵
  PID:6132
- C:\Windows\System\wigyaTu.exe
  C:\Windows\System\wigyaTu.exe
  2⤵
  PID:5240
- C:\Windows\System\VBZTbwM.exe
  C:\Windows\System\VBZTbwM.exe
  2⤵
  PID:5380
- C:\Windows\System\ldLQJzY.exe
  C:\Windows\System\ldLQJzY.exe
  2⤵
  PID:5588
- C:\Windows\System\STJmOXQ.exe
  C:\Windows\System\STJmOXQ.exe
  2⤵
  PID:5680
- C:\Windows\System\EtImUPH.exe
  C:\Windows\System\EtImUPH.exe
  2⤵
  PID:5768
- C:\Windows\System\jiblKAY.exe
  C:\Windows\System\jiblKAY.exe
  2⤵
  PID:6128
- C:\Windows\System\CDxExKc.exe
  C:\Windows\System\CDxExKc.exe
  2⤵
  PID:6084
- C:\Windows\System\wHQfxhR.exe
  C:\Windows\System\wHQfxhR.exe
  2⤵
  PID:6048
- C:\Windows\System\ZZMYAtL.exe
  C:\Windows\System\ZZMYAtL.exe
  2⤵
  PID:5748
- C:\Windows\System\YQCqGJt.exe
  C:\Windows\System\YQCqGJt.exe
  2⤵
  PID:5628
- C:\Windows\System\mKbzlry.exe
  C:\Windows\System\mKbzlry.exe
  2⤵
  PID:6148
- C:\Windows\System\wnGzzun.exe
  C:\Windows\System\wnGzzun.exe
  2⤵
  PID:6176
- C:\Windows\System\GtopwtB.exe
  C:\Windows\System\GtopwtB.exe
  2⤵
  PID:6204
- C:\Windows\System\aXNTewJ.exe
  C:\Windows\System\aXNTewJ.exe
  2⤵
  PID:6236
- C:\Windows\System\rzBvVbc.exe
  C:\Windows\System\rzBvVbc.exe
  2⤵
  PID:6272
- C:\Windows\System\NqGckaC.exe
  C:\Windows\System\NqGckaC.exe
  2⤵
  PID:6308
- C:\Windows\System\piRhLOe.exe
  C:\Windows\System\piRhLOe.exe
  2⤵
  PID:6328
- C:\Windows\System\XHtpAsN.exe
  C:\Windows\System\XHtpAsN.exe
  2⤵
  PID:6348
- C:\Windows\System\QDNxlbZ.exe
  C:\Windows\System\QDNxlbZ.exe
  2⤵
  PID:6372
- C:\Windows\System\EldAIvS.exe
  C:\Windows\System\EldAIvS.exe
  2⤵
  PID:6412
- C:\Windows\System\lZwMcPl.exe
  C:\Windows\System\lZwMcPl.exe
  2⤵
  PID:6428
- C:\Windows\System\INdmWUv.exe
  C:\Windows\System\INdmWUv.exe
  2⤵
  PID:6468
- C:\Windows\System\tdWKeEQ.exe
  C:\Windows\System\tdWKeEQ.exe
  2⤵
  PID:6484
- C:\Windows\System\DEHlsJa.exe
  C:\Windows\System\DEHlsJa.exe
  2⤵
  PID:6516
- C:\Windows\System\zeycqby.exe
  C:\Windows\System\zeycqby.exe
  2⤵
  PID:6540
- C:\Windows\System\IgjEaJS.exe
  C:\Windows\System\IgjEaJS.exe
  2⤵
  PID:6560
- C:\Windows\System\aRZNbOD.exe
  C:\Windows\System\aRZNbOD.exe
  2⤵
  PID:6584
- C:\Windows\System\BmScYAZ.exe
  C:\Windows\System\BmScYAZ.exe
  2⤵
  PID:6612
- C:\Windows\System\QPSugLr.exe
  C:\Windows\System\QPSugLr.exe
  2⤵
  PID:6648
- C:\Windows\System\raTCRNH.exe
  C:\Windows\System\raTCRNH.exe
  2⤵
  PID:6668
- C:\Windows\System\hPOfYmA.exe
  C:\Windows\System\hPOfYmA.exe
  2⤵
  PID:6704
- C:\Windows\System\aLNbnzl.exe
  C:\Windows\System\aLNbnzl.exe
  2⤵
  PID:6736
- C:\Windows\System\dUchhDG.exe
  C:\Windows\System\dUchhDG.exe
  2⤵
  PID:6776
- C:\Windows\System\LExryhz.exe
  C:\Windows\System\LExryhz.exe
  2⤵
  PID:6800
- C:\Windows\System\QNSPaJO.exe
  C:\Windows\System\QNSPaJO.exe
  2⤵
  PID:6820
- C:\Windows\System\svwddaj.exe
  C:\Windows\System\svwddaj.exe
  2⤵
  PID:6852
- C:\Windows\System\ivRmoOK.exe
  C:\Windows\System\ivRmoOK.exe
  2⤵
  PID:6876
- C:\Windows\System\ZWlZqhc.exe
  C:\Windows\System\ZWlZqhc.exe
  2⤵
  PID:6896
- C:\Windows\System\gQriqEG.exe
  C:\Windows\System\gQriqEG.exe
  2⤵
  PID:6928
- C:\Windows\System\amJvQTi.exe
  C:\Windows\System\amJvQTi.exe
  2⤵
  PID:6956
- C:\Windows\System\fDsEhmY.exe
  C:\Windows\System\fDsEhmY.exe
  2⤵
  PID:6988
- C:\Windows\System\mezNrxI.exe
  C:\Windows\System\mezNrxI.exe
  2⤵
  PID:7024
- C:\Windows\System\XtAEOMu.exe
  C:\Windows\System\XtAEOMu.exe
  2⤵
  PID:7044
- C:\Windows\System\dWTDROu.exe
  C:\Windows\System\dWTDROu.exe
  2⤵
  PID:7068
- C:\Windows\System\DuiJRTQ.exe
  C:\Windows\System\DuiJRTQ.exe
  2⤵
  PID:7100
- C:\Windows\System\pljGuhV.exe
  C:\Windows\System\pljGuhV.exe
  2⤵
  PID:7120
- C:\Windows\System\EJQpOnw.exe
  C:\Windows\System\EJQpOnw.exe
  2⤵
  PID:7156
- C:\Windows\System\tHyQHYT.exe
  C:\Windows\System\tHyQHYT.exe
  2⤵
  PID:5396
- C:\Windows\System\BXysuAJ.exe
  C:\Windows\System\BXysuAJ.exe
  2⤵
  PID:6256
- C:\Windows\System\bhtUPYi.exe
  C:\Windows\System\bhtUPYi.exe
  2⤵
  PID:6320
- C:\Windows\System\nfLjOXE.exe
  C:\Windows\System\nfLjOXE.exe
  2⤵
  PID:6360
- C:\Windows\System\YobrhJD.exe
  C:\Windows\System\YobrhJD.exe
  2⤵
  PID:6396
- C:\Windows\System\jknDAso.exe
  C:\Windows\System\jknDAso.exe
  2⤵
  PID:6496
- C:\Windows\System\mnjwnmR.exe
  C:\Windows\System\mnjwnmR.exe
  2⤵
  PID:6556
- C:\Windows\System\XOKdsdl.exe
  C:\Windows\System\XOKdsdl.exe
  2⤵
  PID:6632
- C:\Windows\System\naBGdEF.exe
  C:\Windows\System\naBGdEF.exe
  2⤵
  PID:6696
- C:\Windows\System\BukSPFX.exe
  C:\Windows\System\BukSPFX.exe
  2⤵
  PID:6756
- C:\Windows\System\dFMMAGb.exe
  C:\Windows\System\dFMMAGb.exe
  2⤵
  PID:6848
- C:\Windows\System\iTEeePL.exe
  C:\Windows\System\iTEeePL.exe
  2⤵
  PID:6940
- C:\Windows\System\czmGHfI.exe
  C:\Windows\System\czmGHfI.exe
  2⤵
  PID:6968
- C:\Windows\System\rZqBrLZ.exe
  C:\Windows\System\rZqBrLZ.exe
  2⤵
  PID:7020
- C:\Windows\System\HcIlpEE.exe
  C:\Windows\System\HcIlpEE.exe
  2⤵
  PID:7112
- C:\Windows\System\BIEWiVQ.exe
  C:\Windows\System\BIEWiVQ.exe
  2⤵
  PID:7144
- C:\Windows\System\tmUzpeP.exe
  C:\Windows\System\tmUzpeP.exe
  2⤵
  PID:6220
- C:\Windows\System\KXrhwFt.exe
  C:\Windows\System\KXrhwFt.exe
  2⤵
  PID:6384
- C:\Windows\System\mbTafYg.exe
  C:\Windows\System\mbTafYg.exe
  2⤵
  PID:6596
- C:\Windows\System\aJqnRXl.exe
  C:\Windows\System\aJqnRXl.exe
  2⤵
  PID:6700
- C:\Windows\System\uiFYfJE.exe
  C:\Windows\System\uiFYfJE.exe
  2⤵
  PID:6796
- C:\Windows\System\BOUBvCW.exe
  C:\Windows\System\BOUBvCW.exe
  2⤵
  PID:7064
- C:\Windows\System\fHELbNA.exe
  C:\Windows\System\fHELbNA.exe
  2⤵
  PID:6064
- C:\Windows\System\bdAZfnh.exe
  C:\Windows\System\bdAZfnh.exe
  2⤵
  PID:6548
- C:\Windows\System\vZnwpFO.exe
  C:\Windows\System\vZnwpFO.exe
  2⤵
  PID:6816
- C:\Windows\System\jalzCqt.exe
  C:\Windows\System\jalzCqt.exe
  2⤵
  PID:7152
- C:\Windows\System\uLifjoY.exe
  C:\Windows\System\uLifjoY.exe
  2⤵
  PID:7184
- C:\Windows\System\ZQhZuXY.exe
  C:\Windows\System\ZQhZuXY.exe
  2⤵
  PID:7212
- C:\Windows\System\FfeRwgc.exe
  C:\Windows\System\FfeRwgc.exe
  2⤵
  PID:7240
- C:\Windows\System\lvzRmHJ.exe
  C:\Windows\System\lvzRmHJ.exe
  2⤵
  PID:7268
- C:\Windows\System\gufCEJr.exe
  C:\Windows\System\gufCEJr.exe
  2⤵
  PID:7288
- C:\Windows\System\WeWjFzl.exe
  C:\Windows\System\WeWjFzl.exe
  2⤵
  PID:7312
- C:\Windows\System\iKeIjKI.exe
  C:\Windows\System\iKeIjKI.exe
  2⤵
  PID:7340
- C:\Windows\System\lnwTHlM.exe
  C:\Windows\System\lnwTHlM.exe
  2⤵
  PID:7356
- C:\Windows\System\JqKfHWK.exe
  C:\Windows\System\JqKfHWK.exe
  2⤵
  PID:7388
- C:\Windows\System\XegcxGJ.exe
  C:\Windows\System\XegcxGJ.exe
  2⤵
  PID:7424
- C:\Windows\System\zRSdSAz.exe
  C:\Windows\System\zRSdSAz.exe
  2⤵
  PID:7452
- C:\Windows\System\DOQHAqb.exe
  C:\Windows\System\DOQHAqb.exe
  2⤵
  PID:7484
- C:\Windows\System\tNRYQAt.exe
  C:\Windows\System\tNRYQAt.exe
  2⤵
  PID:7524
- C:\Windows\System\VuQTfxG.exe
  C:\Windows\System\VuQTfxG.exe
  2⤵
  PID:7556
- C:\Windows\System\vRSmJMJ.exe
  C:\Windows\System\vRSmJMJ.exe
  2⤵
  PID:7576
- C:\Windows\System\QNZhKCV.exe
  C:\Windows\System\QNZhKCV.exe
  2⤵
  PID:7604
- C:\Windows\System\QNPdzPc.exe
  C:\Windows\System\QNPdzPc.exe
  2⤵
  PID:7636
- C:\Windows\System\eZOFMYe.exe
  C:\Windows\System\eZOFMYe.exe
  2⤵
  PID:7660
- C:\Windows\System\gLSlSPJ.exe
  C:\Windows\System\gLSlSPJ.exe
  2⤵
  PID:7688
- C:\Windows\System\aITGTsH.exe
  C:\Windows\System\aITGTsH.exe
  2⤵
  PID:7716
- C:\Windows\System\iShjWoA.exe
  C:\Windows\System\iShjWoA.exe
  2⤵
  PID:7736
- C:\Windows\System\vHoHlRM.exe
  C:\Windows\System\vHoHlRM.exe
  2⤵
  PID:7768
- C:\Windows\System\QFUWdOV.exe
  C:\Windows\System\QFUWdOV.exe
  2⤵
  PID:7800
- C:\Windows\System\xVlvDfZ.exe
  C:\Windows\System\xVlvDfZ.exe
  2⤵
  PID:7828
- C:\Windows\System\EnfXbwo.exe
  C:\Windows\System\EnfXbwo.exe
  2⤵
  PID:7864
- C:\Windows\System\nxqoYRP.exe
  C:\Windows\System\nxqoYRP.exe
  2⤵
  PID:7888
- C:\Windows\System\AIVQIoJ.exe
  C:\Windows\System\AIVQIoJ.exe
  2⤵
  PID:7920
- C:\Windows\System\QUOfShA.exe
  C:\Windows\System\QUOfShA.exe
  2⤵
  PID:7940
- C:\Windows\System\ALVWZfU.exe
  C:\Windows\System\ALVWZfU.exe
  2⤵
  PID:7968
- C:\Windows\System\jKNBbSr.exe
  C:\Windows\System\jKNBbSr.exe
  2⤵
  PID:7992
- C:\Windows\System\jjCCwzC.exe
  C:\Windows\System\jjCCwzC.exe
  2⤵
  PID:8012
- C:\Windows\System\KeTvwSN.exe
  C:\Windows\System\KeTvwSN.exe
  2⤵
  PID:8032
- C:\Windows\System\CclDSQe.exe
  C:\Windows\System\CclDSQe.exe
  2⤵
  PID:8064
- C:\Windows\System\NdFVniQ.exe
  C:\Windows\System\NdFVniQ.exe
  2⤵
  PID:8100
- C:\Windows\System\UuCHlRT.exe
  C:\Windows\System\UuCHlRT.exe
  2⤵
  PID:8136
- C:\Windows\System\ehpsvWF.exe
  C:\Windows\System\ehpsvWF.exe
  2⤵
  PID:8176
- C:\Windows\System\biOTIxm.exe
  C:\Windows\System\biOTIxm.exe
  2⤵
  PID:6892
- C:\Windows\System\baeerjS.exe
  C:\Windows\System\baeerjS.exe
  2⤵
  PID:7172
- C:\Windows\System\GoBgPjD.exe
  C:\Windows\System\GoBgPjD.exe
  2⤵
  PID:7232
- C:\Windows\System\AOExpNz.exe
  C:\Windows\System\AOExpNz.exe
  2⤵
  PID:7308
- C:\Windows\System\hieGwgF.exe
  C:\Windows\System\hieGwgF.exe
  2⤵
  PID:7328
- C:\Windows\System\rGLgYnX.exe
  C:\Windows\System\rGLgYnX.exe
  2⤵
  PID:7440
- C:\Windows\System\cvaCZFN.exe
  C:\Windows\System\cvaCZFN.exe
  2⤵
  PID:7516
- C:\Windows\System\DThcuXV.exe
  C:\Windows\System\DThcuXV.exe
  2⤵
  PID:7592
- C:\Windows\System\JLGeGYz.exe
  C:\Windows\System\JLGeGYz.exe
  2⤵
  PID:7632
- C:\Windows\System\qsDhgXc.exe
  C:\Windows\System\qsDhgXc.exe
  2⤵
  PID:7732
- C:\Windows\System\dlGNQTD.exe
  C:\Windows\System\dlGNQTD.exe
  2⤵
  PID:7784
- C:\Windows\System\LcYNYbk.exe
  C:\Windows\System\LcYNYbk.exe
  2⤵
  PID:7856
- C:\Windows\System\LNjTrIg.exe
  C:\Windows\System\LNjTrIg.exe
  2⤵
  PID:7908
- C:\Windows\System\lgZGzvL.exe
  C:\Windows\System\lgZGzvL.exe
  2⤵
  PID:7956
- C:\Windows\System\qUGlQcI.exe
  C:\Windows\System\qUGlQcI.exe
  2⤵
  PID:8052
- C:\Windows\System\JkydivG.exe
  C:\Windows\System\JkydivG.exe
  2⤵
  PID:8044
- C:\Windows\System\bRqXQdb.exe
  C:\Windows\System\bRqXQdb.exe
  2⤵
  PID:8120
- C:\Windows\System\zPIOlDH.exe
  C:\Windows\System\zPIOlDH.exe
  2⤵
  PID:6748
- C:\Windows\System\vJKOsTc.exe
  C:\Windows\System\vJKOsTc.exe
  2⤵
  PID:7196
- C:\Windows\System\BAfCiJb.exe
  C:\Windows\System\BAfCiJb.exe
  2⤵
  PID:7372
- C:\Windows\System\CctatQR.exe
  C:\Windows\System\CctatQR.exe
  2⤵
  PID:7532
- C:\Windows\System\SdMZtXQ.exe
  C:\Windows\System\SdMZtXQ.exe
  2⤵
  PID:7684
- C:\Windows\System\DRLwnWo.exe
  C:\Windows\System\DRLwnWo.exe
  2⤵
  PID:7844
- C:\Windows\System\sLogIuo.exe
  C:\Windows\System\sLogIuo.exe
  2⤵
  PID:7980
- C:\Windows\System\kRcYuUY.exe
  C:\Windows\System\kRcYuUY.exe
  2⤵
  PID:8160
- C:\Windows\System\cEJfAaP.exe
  C:\Windows\System\cEJfAaP.exe
  2⤵
  PID:7540
- C:\Windows\System\ZxmBnFh.exe
  C:\Windows\System\ZxmBnFh.exe
  2⤵
  PID:7756
- C:\Windows\System\mbhqDpA.exe
  C:\Windows\System\mbhqDpA.exe
  2⤵
  PID:7264
- C:\Windows\System\fAnPRHl.exe
  C:\Windows\System\fAnPRHl.exe
  2⤵
  PID:8204
- C:\Windows\System\bFGZgrX.exe
  C:\Windows\System\bFGZgrX.exe
  2⤵
  PID:8224
- C:\Windows\System\WQMxoly.exe
  C:\Windows\System\WQMxoly.exe
  2⤵
  PID:8264
- C:\Windows\System\kLfwtxw.exe
  C:\Windows\System\kLfwtxw.exe
  2⤵
  PID:8284
- C:\Windows\System\jOTHwNC.exe
  C:\Windows\System\jOTHwNC.exe
  2⤵
  PID:8320
- C:\Windows\System\BJdpTet.exe
  C:\Windows\System\BJdpTet.exe
  2⤵
  PID:8340
- C:\Windows\System\XtdETvc.exe
  C:\Windows\System\XtdETvc.exe
  2⤵
  PID:8368
- C:\Windows\System\zWZKVYx.exe
  C:\Windows\System\zWZKVYx.exe
  2⤵
  PID:8396
- C:\Windows\System\GQflcpF.exe
  C:\Windows\System\GQflcpF.exe
  2⤵
  PID:8432
- C:\Windows\System\QwSniyz.exe
  C:\Windows\System\QwSniyz.exe
  2⤵
  PID:8452
- C:\Windows\System\fPCdIIL.exe
  C:\Windows\System\fPCdIIL.exe
  2⤵
  PID:8480
- C:\Windows\System\dswapEr.exe
  C:\Windows\System\dswapEr.exe
  2⤵
  PID:8508
- C:\Windows\System\TqrNbcO.exe
  C:\Windows\System\TqrNbcO.exe
  2⤵
  PID:8540
- C:\Windows\System\nUUmfgx.exe
  C:\Windows\System\nUUmfgx.exe
  2⤵
  PID:8568
- C:\Windows\System\HQJDfbP.exe
  C:\Windows\System\HQJDfbP.exe
  2⤵
  PID:8600
- C:\Windows\System\axOVJYY.exe
  C:\Windows\System\axOVJYY.exe
  2⤵
  PID:8620
- C:\Windows\System\AlzxtqU.exe
  C:\Windows\System\AlzxtqU.exe
  2⤵
  PID:8648
- C:\Windows\System\EfPwxLo.exe
  C:\Windows\System\EfPwxLo.exe
  2⤵
  PID:8676
- C:\Windows\System\ENpPHeS.exe
  C:\Windows\System\ENpPHeS.exe
  2⤵
  PID:8704
- C:\Windows\System\fcACLDi.exe
  C:\Windows\System\fcACLDi.exe
  2⤵
  PID:8732
- C:\Windows\System\nuMmqtd.exe
  C:\Windows\System\nuMmqtd.exe
  2⤵
  PID:8760
- C:\Windows\System\atUIhOE.exe
  C:\Windows\System\atUIhOE.exe
  2⤵
  PID:8780
- C:\Windows\System\apGMlhP.exe
  C:\Windows\System\apGMlhP.exe
  2⤵
  PID:8804
- C:\Windows\System\bbZKJdT.exe
  C:\Windows\System\bbZKJdT.exe
  2⤵
  PID:8832
- C:\Windows\System\wtuOVmz.exe
  C:\Windows\System\wtuOVmz.exe
  2⤵
  PID:8872
- C:\Windows\System\MwbEkON.exe
  C:\Windows\System\MwbEkON.exe
  2⤵
  PID:8896
- C:\Windows\System\ptMwlYQ.exe
  C:\Windows\System\ptMwlYQ.exe
  2⤵
  PID:8920
- C:\Windows\System\pbJDCJt.exe
  C:\Windows\System\pbJDCJt.exe
  2⤵
  PID:8952
- C:\Windows\System\cdzZEkV.exe
  C:\Windows\System\cdzZEkV.exe
  2⤵
  PID:8984
- C:\Windows\System\TZlfsTl.exe
  C:\Windows\System\TZlfsTl.exe
  2⤵
  PID:9012
- C:\Windows\System\umjcgXM.exe
  C:\Windows\System\umjcgXM.exe
  2⤵
  PID:9040
- C:\Windows\System\linEHRO.exe
  C:\Windows\System\linEHRO.exe
  2⤵
  PID:9068
- C:\Windows\System\xlvKvYm.exe
  C:\Windows\System\xlvKvYm.exe
  2⤵
  PID:9108
- C:\Windows\System\LPLCWod.exe
  C:\Windows\System\LPLCWod.exe
  2⤵
  PID:9136
- C:\Windows\System\sXbedXN.exe
  C:\Windows\System\sXbedXN.exe
  2⤵
  PID:9164
- C:\Windows\System\HnVrPrJ.exe
  C:\Windows\System\HnVrPrJ.exe
  2⤵
  PID:9184
- C:\Windows\System\LEPQihn.exe
  C:\Windows\System\LEPQihn.exe
  2⤵
  PID:9208
- C:\Windows\System\QzixvBY.exe
  C:\Windows\System\QzixvBY.exe
  2⤵
  PID:7284
- C:\Windows\System\iEQAMSI.exe
  C:\Windows\System\iEQAMSI.exe
  2⤵
  PID:8240
- C:\Windows\System\IQATzxQ.exe
  C:\Windows\System\IQATzxQ.exe
  2⤵
  PID:8336
- C:\Windows\System\uJgwlZp.exe
  C:\Windows\System\uJgwlZp.exe
  2⤵
  PID:8388
- C:\Windows\System\CrMwwfo.exe
  C:\Windows\System\CrMwwfo.exe
  2⤵
  PID:8492
- C:\Windows\System\wnCiQID.exe
  C:\Windows\System\wnCiQID.exe
  2⤵
  PID:8576
- C:\Windows\System\hFrgeqh.exe
  C:\Windows\System\hFrgeqh.exe
  2⤵
  PID:8632
- C:\Windows\System\twHBDMA.exe
  C:\Windows\System\twHBDMA.exe
  2⤵
  PID:8696
- C:\Windows\System\fuWHfUe.exe
  C:\Windows\System\fuWHfUe.exe
  2⤵
  PID:8744
- C:\Windows\System\GrzvluU.exe
  C:\Windows\System\GrzvluU.exe
  2⤵
  PID:8860
- C:\Windows\System\uqOVhoV.exe
  C:\Windows\System\uqOVhoV.exe
  2⤵
  PID:8880
- C:\Windows\System\jYxhAPf.exe
  C:\Windows\System\jYxhAPf.exe
  2⤵
  PID:8904
- C:\Windows\System\LESZloR.exe
  C:\Windows\System\LESZloR.exe
  2⤵
  PID:8996
- C:\Windows\System\EKXiBAp.exe
  C:\Windows\System\EKXiBAp.exe
  2⤵
  PID:9088
- C:\Windows\System\JlDtDzZ.exe
  C:\Windows\System\JlDtDzZ.exe
  2⤵
  PID:9148
- C:\Windows\System\sjTShVm.exe
  C:\Windows\System\sjTShVm.exe
  2⤵
  PID:9172
- C:\Windows\System\DDxobDp.exe
  C:\Windows\System\DDxobDp.exe
  2⤵
  PID:8308
- C:\Windows\System\IewAUID.exe
  C:\Windows\System\IewAUID.exe
  2⤵
  PID:8360
- C:\Windows\System\BGCADhK.exe
  C:\Windows\System\BGCADhK.exe
  2⤵
  PID:8380
- C:\Windows\System\GLMggip.exe
  C:\Windows\System\GLMggip.exe
  2⤵
  PID:8536
- C:\Windows\System\FGnALsF.exe
  C:\Windows\System\FGnALsF.exe
  2⤵
  PID:8724
- C:\Windows\System\VRTxiqc.exe
  C:\Windows\System\VRTxiqc.exe
  2⤵
  PID:8776
- C:\Windows\System\fpcKPST.exe
  C:\Windows\System\fpcKPST.exe
  2⤵
  PID:8968
- C:\Windows\System\bDZBcvJ.exe
  C:\Windows\System\bDZBcvJ.exe
  2⤵
  PID:9200
- C:\Windows\System\vflXQZo.exe
  C:\Windows\System\vflXQZo.exe
  2⤵
  PID:8496
- C:\Windows\System\KoBhyWK.exe
  C:\Windows\System\KoBhyWK.exe
  2⤵
  PID:8820
- C:\Windows\System\mSKYUbj.exe
  C:\Windows\System\mSKYUbj.exe
  2⤵
  PID:9228
- C:\Windows\System\YvzHkfB.exe
  C:\Windows\System\YvzHkfB.exe
  2⤵
  PID:9252
- C:\Windows\System\UskaEYF.exe
  C:\Windows\System\UskaEYF.exe
  2⤵
  PID:9296
- C:\Windows\System\RlIyoQn.exe
  C:\Windows\System\RlIyoQn.exe
  2⤵
  PID:9320
- C:\Windows\System\NqrjRLk.exe
  C:\Windows\System\NqrjRLk.exe
  2⤵
  PID:9352
- C:\Windows\System\jepukcV.exe
  C:\Windows\System\jepukcV.exe
  2⤵
  PID:9396
- C:\Windows\System\mtqZpbB.exe
  C:\Windows\System\mtqZpbB.exe
  2⤵
  PID:9416
- C:\Windows\System\POIIspH.exe
  C:\Windows\System\POIIspH.exe
  2⤵
  PID:9436
- C:\Windows\System\NVVnfVD.exe
  C:\Windows\System\NVVnfVD.exe
  2⤵
  PID:9460
- C:\Windows\System\jdIXGEn.exe
  C:\Windows\System\jdIXGEn.exe
  2⤵
  PID:9500
- C:\Windows\System\ZYtdAGO.exe
  C:\Windows\System\ZYtdAGO.exe
  2⤵
  PID:9520
- C:\Windows\System\wBPVhmn.exe
  C:\Windows\System\wBPVhmn.exe
  2⤵
  PID:9556
- C:\Windows\System\VyMgIoh.exe
  C:\Windows\System\VyMgIoh.exe
  2⤵
  PID:9580
- C:\Windows\System\JzWzwCg.exe
  C:\Windows\System\JzWzwCg.exe
  2⤵
  PID:9612
- C:\Windows\System\OOWveeT.exe
  C:\Windows\System\OOWveeT.exe
  2⤵
  PID:9628
- C:\Windows\System\ipQvufK.exe
  C:\Windows\System\ipQvufK.exe
  2⤵
  PID:9668
- C:\Windows\System\ZiVWnMf.exe
  C:\Windows\System\ZiVWnMf.exe
  2⤵
  PID:9696
- C:\Windows\System\GfoFthq.exe
  C:\Windows\System\GfoFthq.exe
  2⤵
  PID:9728
- C:\Windows\System\iZMInWP.exe
  C:\Windows\System\iZMInWP.exe
  2⤵
  PID:9756
- C:\Windows\System\VjhDbne.exe
  C:\Windows\System\VjhDbne.exe
  2⤵
  PID:9780
- C:\Windows\System\fblmNpG.exe
  C:\Windows\System\fblmNpG.exe
  2⤵
  PID:9804
- C:\Windows\System\siOGBgS.exe
  C:\Windows\System\siOGBgS.exe
  2⤵
  PID:9828
- C:\Windows\System\KrzjJyt.exe
  C:\Windows\System\KrzjJyt.exe
  2⤵
  PID:9848
- C:\Windows\System\LMknZxj.exe
  C:\Windows\System\LMknZxj.exe
  2⤵
  PID:9868
- C:\Windows\System\pFLAuhu.exe
  C:\Windows\System\pFLAuhu.exe
  2⤵
  PID:9884
- C:\Windows\System\fBoBoqA.exe
  C:\Windows\System\fBoBoqA.exe
  2⤵
  PID:9904
- C:\Windows\System\gdowonp.exe
  C:\Windows\System\gdowonp.exe
  2⤵
  PID:9924
- C:\Windows\System\ITZyaHS.exe
  C:\Windows\System\ITZyaHS.exe
  2⤵
  PID:9944
- C:\Windows\System\xhnzuSX.exe
  C:\Windows\System\xhnzuSX.exe
  2⤵
  PID:9968
- C:\Windows\System\BDIxekd.exe
  C:\Windows\System\BDIxekd.exe
  2⤵
  PID:9984
- C:\Windows\System\gEcqkrK.exe
  C:\Windows\System\gEcqkrK.exe
  2⤵
  PID:10008
- C:\Windows\System\UZgeJAY.exe
  C:\Windows\System\UZgeJAY.exe
  2⤵
  PID:10040
- C:\Windows\System\imCOByH.exe
  C:\Windows\System\imCOByH.exe
  2⤵
  PID:10068
- C:\Windows\System\YkqogAp.exe
  C:\Windows\System\YkqogAp.exe
  2⤵
  PID:10096
- C:\Windows\System\DsqOmnY.exe
  C:\Windows\System\DsqOmnY.exe
  2⤵
  PID:10124
- C:\Windows\System\qBuiEzu.exe
  C:\Windows\System\qBuiEzu.exe
  2⤵
  PID:10148
- C:\Windows\System\MfJGfLa.exe
  C:\Windows\System\MfJGfLa.exe
  2⤵
  PID:10180
- C:\Windows\System\QHWwgPI.exe
  C:\Windows\System\QHWwgPI.exe
  2⤵
  PID:10196
- C:\Windows\System\FGUxmGj.exe
  C:\Windows\System\FGUxmGj.exe
  2⤵
  PID:10232
- C:\Windows\System\WLAnmak.exe
  C:\Windows\System\WLAnmak.exe
  2⤵
  PID:9152
- C:\Windows\System\ZsPTdre.exe
  C:\Windows\System\ZsPTdre.exe
  2⤵
  PID:9092
- C:\Windows\System\JwFyQXb.exe
  C:\Windows\System\JwFyQXb.exe
  2⤵
  PID:9332
- C:\Windows\System\ErZUAbb.exe
  C:\Windows\System\ErZUAbb.exe
  2⤵
  PID:9380
- C:\Windows\System\CrpEjKK.exe
  C:\Windows\System\CrpEjKK.exe
  2⤵
  PID:9424
- C:\Windows\System\zuBYDqe.exe
  C:\Windows\System\zuBYDqe.exe
  2⤵
  PID:9448
- C:\Windows\System\DmqqQAu.exe
  C:\Windows\System\DmqqQAu.exe
  2⤵
  PID:9540
- C:\Windows\System\QkjGejF.exe
  C:\Windows\System\QkjGejF.exe
  2⤵
  PID:9596
- C:\Windows\System\aEctnHS.exe
  C:\Windows\System\aEctnHS.exe
  2⤵
  PID:9640
- C:\Windows\System\htHTwUm.exe
  C:\Windows\System\htHTwUm.exe
  2⤵
  PID:9712
- C:\Windows\System\bKQzmDY.exe
  C:\Windows\System\bKQzmDY.exe
  2⤵
  PID:9816
- C:\Windows\System\lyrQItp.exe
  C:\Windows\System\lyrQItp.exe
  2⤵
  PID:9932
- C:\Windows\System\IBPtBue.exe
  C:\Windows\System\IBPtBue.exe
  2⤵
  PID:10016
- C:\Windows\System\FtcZxgf.exe
  C:\Windows\System\FtcZxgf.exe
  2⤵
  PID:10084
- C:\Windows\System\bGCXCQh.exe
  C:\Windows\System\bGCXCQh.exe
  2⤵
  PID:10192
- C:\Windows\System\nbNQcPH.exe
  C:\Windows\System\nbNQcPH.exe
  2⤵
  PID:10220
- C:\Windows\System\NHXvlaU.exe
  C:\Windows\System\NHXvlaU.exe
  2⤵
  PID:9284
- C:\Windows\System\bNTggqt.exe
  C:\Windows\System\bNTggqt.exe
  2⤵
  PID:10164
- C:\Windows\System\koSnzjf.exe
  C:\Windows\System\koSnzjf.exe
  2⤵
  PID:8448
- C:\Windows\System\DrqRCuB.exe
  C:\Windows\System\DrqRCuB.exe
  2⤵
  PID:9372
- C:\Windows\System\khdgpsR.exe
  C:\Windows\System\khdgpsR.exe
  2⤵
  PID:10020
- C:\Windows\System\ErIQOXd.exe
  C:\Windows\System\ErIQOXd.exe
  2⤵
  PID:10092
- C:\Windows\System\aJklqcW.exe
  C:\Windows\System\aJklqcW.exe
  2⤵
  PID:9836
- C:\Windows\System\aOOxvCu.exe
  C:\Windows\System\aOOxvCu.exe
  2⤵
  PID:9472
- C:\Windows\System\ehspObx.exe
  C:\Windows\System\ehspObx.exe
  2⤵
  PID:10048
- C:\Windows\System\TkSzvLi.exe
  C:\Windows\System\TkSzvLi.exe
  2⤵
  PID:10252
- C:\Windows\System\QWYLswW.exe
  C:\Windows\System\QWYLswW.exe
  2⤵
  PID:10288
- C:\Windows\System\oKfyQKF.exe
  C:\Windows\System\oKfyQKF.exe
  2⤵
  PID:10312
- C:\Windows\System\hreJSad.exe
  C:\Windows\System\hreJSad.exe
  2⤵
  PID:10352
- C:\Windows\System\hHHJWrf.exe
  C:\Windows\System\hHHJWrf.exe
  2⤵
  PID:10380
- C:\Windows\System\BzCCGmI.exe
  C:\Windows\System\BzCCGmI.exe
  2⤵
  PID:10400
- C:\Windows\System\sFJSWvy.exe
  C:\Windows\System\sFJSWvy.exe
  2⤵
  PID:10436
- C:\Windows\System\vykXfjI.exe
  C:\Windows\System\vykXfjI.exe
  2⤵
  PID:10472
- C:\Windows\System\JdaeIYt.exe
  C:\Windows\System\JdaeIYt.exe
  2⤵
  PID:10504
- C:\Windows\System\GdaNasH.exe
  C:\Windows\System\GdaNasH.exe
  2⤵
  PID:10532
- C:\Windows\System\pAojnzI.exe
  C:\Windows\System\pAojnzI.exe
  2⤵
  PID:10548
- C:\Windows\System\efzghbo.exe
  C:\Windows\System\efzghbo.exe
  2⤵
  PID:10564
- C:\Windows\System\AmwJzou.exe
  C:\Windows\System\AmwJzou.exe
  2⤵
  PID:10596
- C:\Windows\System\dNgbsWG.exe
  C:\Windows\System\dNgbsWG.exe
  2⤵
  PID:10628
- C:\Windows\System\CpKdnHy.exe
  C:\Windows\System\CpKdnHy.exe
  2⤵
  PID:10644
- C:\Windows\System\TtbfjIs.exe
  C:\Windows\System\TtbfjIs.exe
  2⤵
  PID:10660
- C:\Windows\System\mTjwcUG.exe
  C:\Windows\System\mTjwcUG.exe
  2⤵
  PID:10680
- C:\Windows\System\DYBJNhm.exe
  C:\Windows\System\DYBJNhm.exe
  2⤵
  PID:10696
- C:\Windows\System\DgJLDZM.exe
  C:\Windows\System\DgJLDZM.exe
  2⤵
  PID:10720
- C:\Windows\System\LKIMyWT.exe
  C:\Windows\System\LKIMyWT.exe
  2⤵
  PID:10744
- C:\Windows\System\qoehnNo.exe
  C:\Windows\System\qoehnNo.exe
  2⤵
  PID:10772
- C:\Windows\System\HTObYSr.exe
  C:\Windows\System\HTObYSr.exe
  2⤵
  PID:10804
- C:\Windows\System\PpHQgRZ.exe
  C:\Windows\System\PpHQgRZ.exe
  2⤵
  PID:10824
- C:\Windows\System\jqzpvdu.exe
  C:\Windows\System\jqzpvdu.exe
  2⤵
  PID:10840
- C:\Windows\System\NUjDlod.exe
  C:\Windows\System\NUjDlod.exe
  2⤵
  PID:10876
- C:\Windows\System\NEijFeH.exe
  C:\Windows\System\NEijFeH.exe
  2⤵
  PID:10892
- C:\Windows\System\chJQatY.exe
  C:\Windows\System\chJQatY.exe
  2⤵
  PID:10912
- C:\Windows\System\UioGOxw.exe
  C:\Windows\System\UioGOxw.exe
  2⤵
  PID:10956
- C:\Windows\System\oitHsbk.exe
  C:\Windows\System\oitHsbk.exe
  2⤵
  PID:10976
- C:\Windows\System\vSKjvui.exe
  C:\Windows\System\vSKjvui.exe
  2⤵
  PID:11000
- C:\Windows\System\WEouuVc.exe
  C:\Windows\System\WEouuVc.exe
  2⤵
  PID:11016
- C:\Windows\System\mdxAMiC.exe
  C:\Windows\System\mdxAMiC.exe
  2⤵
  PID:11040
- C:\Windows\System\TIDqqyg.exe
  C:\Windows\System\TIDqqyg.exe
  2⤵
  PID:11056
- C:\Windows\System\dhBpTZN.exe
  C:\Windows\System\dhBpTZN.exe
  2⤵
  PID:11076
- C:\Windows\System\nPsmvTF.exe
  C:\Windows\System\nPsmvTF.exe
  2⤵
  PID:11104
- C:\Windows\System\kDTQqDI.exe
  C:\Windows\System\kDTQqDI.exe
  2⤵
  PID:11140
- C:\Windows\System\suJEJRm.exe
  C:\Windows\System\suJEJRm.exe
  2⤵
  PID:11160
- C:\Windows\System\qisJQUN.exe
  C:\Windows\System\qisJQUN.exe
  2⤵
  PID:11188
- C:\Windows\System\QogHwxx.exe
  C:\Windows\System\QogHwxx.exe
  2⤵
  PID:11208
- C:\Windows\System\lYjuMXm.exe
  C:\Windows\System\lYjuMXm.exe
  2⤵
  PID:11224
- C:\Windows\System\DwPIJMk.exe
  C:\Windows\System\DwPIJMk.exe
  2⤵
  PID:11252
- C:\Windows\System\osGjwlA.exe
  C:\Windows\System\osGjwlA.exe
  2⤵
  PID:9976
- C:\Windows\System\iqOoCcU.exe
  C:\Windows\System\iqOoCcU.exe
  2⤵
  PID:10304
- C:\Windows\System\JUaHdug.exe
  C:\Windows\System\JUaHdug.exe
  2⤵
  PID:10284
- C:\Windows\System\ABQPJep.exe
  C:\Windows\System\ABQPJep.exe
  2⤵
  PID:10428
- C:\Windows\System\hQLFghA.exe
  C:\Windows\System\hQLFghA.exe
  2⤵
  PID:10324
- C:\Windows\System\ePqnbhg.exe
  C:\Windows\System\ePqnbhg.exe
  2⤵
  PID:10540
- C:\Windows\System\ZcpHqQD.exe
  C:\Windows\System\ZcpHqQD.exe
  2⤵
  PID:10496
- C:\Windows\System\DotmnjH.exe
  C:\Windows\System\DotmnjH.exe
  2⤵
  PID:10704
- C:\Windows\System\GCGYFXf.exe
  C:\Windows\System\GCGYFXf.exe
  2⤵
  PID:10692
- C:\Windows\System\ZXxjAXU.exe
  C:\Windows\System\ZXxjAXU.exe
  2⤵
  PID:10612
- C:\Windows\System\wARdXDu.exe
  C:\Windows\System\wARdXDu.exe
  2⤵
  PID:10932
- C:\Windows\System\jDFggOK.exe
  C:\Windows\System\jDFggOK.exe
  2⤵
  PID:10972
- C:\Windows\System\mCbyWqY.exe
  C:\Windows\System\mCbyWqY.exe
  2⤵
  PID:11036
- C:\Windows\System\twSeEJu.exe
  C:\Windows\System\twSeEJu.exe
  2⤵
  PID:10900
- C:\Windows\System\oWBUjNr.exe
  C:\Windows\System\oWBUjNr.exe
  2⤵
  PID:11200
- C:\Windows\System\xEiSLLr.exe
  C:\Windows\System\xEiSLLr.exe
  2⤵
  PID:11092
- C:\Windows\System\SxwdgWM.exe
  C:\Windows\System\SxwdgWM.exe
  2⤵
  PID:11028
- C:\Windows\System\syxPSMa.exe
  C:\Windows\System\syxPSMa.exe
  2⤵
  PID:11132
- C:\Windows\System\QqJdmFx.exe
  C:\Windows\System\QqJdmFx.exe
  2⤵
  PID:10368
- C:\Windows\System\tLddGRN.exe
  C:\Windows\System\tLddGRN.exe
  2⤵
  PID:10852
- C:\Windows\System\HFmpifr.exe
  C:\Windows\System\HFmpifr.exe
  2⤵
  PID:10364
- C:\Windows\System\THKpVJs.exe
  C:\Windows\System\THKpVJs.exe
  2⤵
  PID:11148
- C:\Windows\System\BNLADhS.exe
  C:\Windows\System\BNLADhS.exe
  2⤵
  PID:10904
- C:\Windows\System\esAoZCl.exe
  C:\Windows\System\esAoZCl.exe
  2⤵
  PID:11268
- C:\Windows\System\XeQWCVG.exe
  C:\Windows\System\XeQWCVG.exe
  2⤵
  PID:11300
- C:\Windows\System\cHVKVAb.exe
  C:\Windows\System\cHVKVAb.exe
  2⤵
  PID:11320
- C:\Windows\System\edWKomr.exe
  C:\Windows\System\edWKomr.exe
  2⤵
  PID:11344
- C:\Windows\System\pHDXImg.exe
  C:\Windows\System\pHDXImg.exe
  2⤵
  PID:11368
- C:\Windows\System\XZEkMij.exe
  C:\Windows\System\XZEkMij.exe
  2⤵
  PID:11400
- C:\Windows\System\LbqZeyu.exe
  C:\Windows\System\LbqZeyu.exe
  2⤵
  PID:11428
- C:\Windows\System\ZRbVKKS.exe
  C:\Windows\System\ZRbVKKS.exe
  2⤵
  PID:11464
- C:\Windows\System\FlRCYaT.exe
  C:\Windows\System\FlRCYaT.exe
  2⤵
  PID:11492
- C:\Windows\System\xffOCFE.exe
  C:\Windows\System\xffOCFE.exe
  2⤵
  PID:11628
- C:\Windows\System\kdLgIYo.exe
  C:\Windows\System\kdLgIYo.exe
  2⤵
  PID:11660
- C:\Windows\System\eHpchbo.exe
  C:\Windows\System\eHpchbo.exe
  2⤵
  PID:11684
- C:\Windows\System\fpAPEhU.exe
  C:\Windows\System\fpAPEhU.exe
  2⤵
  PID:11708
- C:\Windows\System\GDcoHpA.exe
  C:\Windows\System\GDcoHpA.exe
  2⤵
  PID:11728
- C:\Windows\System\bcoBxGV.exe
  C:\Windows\System\bcoBxGV.exe
  2⤵
  PID:11752
- C:\Windows\System\EEvGkZQ.exe
  C:\Windows\System\EEvGkZQ.exe
  2⤵
  PID:11780
- C:\Windows\System\rAGIwFJ.exe
  C:\Windows\System\rAGIwFJ.exe
  2⤵
  PID:11796
- C:\Windows\System\AnRsLNA.exe
  C:\Windows\System\AnRsLNA.exe
  2⤵
  PID:11816
- C:\Windows\System\TrWBkSo.exe
  C:\Windows\System\TrWBkSo.exe
  2⤵
  PID:11836
- C:\Windows\System\TOJLtYQ.exe
  C:\Windows\System\TOJLtYQ.exe
  2⤵
  PID:11852
- C:\Windows\System\EYnoTBF.exe
  C:\Windows\System\EYnoTBF.exe
  2⤵
  PID:11884
- C:\Windows\System\PNEPebQ.exe
  C:\Windows\System\PNEPebQ.exe
  2⤵
  PID:11916
- C:\Windows\System\SRqOhOu.exe
  C:\Windows\System\SRqOhOu.exe
  2⤵
  PID:11948
- C:\Windows\System\WKtmGqC.exe
  C:\Windows\System\WKtmGqC.exe
  2⤵
  PID:11980
- C:\Windows\System\qcxfQGI.exe
  C:\Windows\System\qcxfQGI.exe
  2⤵
  PID:12012
- C:\Windows\System\bCRpGXN.exe
  C:\Windows\System\bCRpGXN.exe
  2⤵
  PID:12052
- C:\Windows\System\mrqXEMg.exe
  C:\Windows\System\mrqXEMg.exe
  2⤵
  PID:12076
- C:\Windows\System\UhdkNtD.exe
  C:\Windows\System\UhdkNtD.exe
  2⤵
  PID:12108
- C:\Windows\System\jZrGjFj.exe
  C:\Windows\System\jZrGjFj.exe
  2⤵
  PID:12136
- C:\Windows\System\KuPHrff.exe
  C:\Windows\System\KuPHrff.exe
  2⤵
  PID:12156
- C:\Windows\System\pdjsIii.exe
  C:\Windows\System\pdjsIii.exe
  2⤵
  PID:12188
- C:\Windows\System\HJDBUtC.exe
  C:\Windows\System\HJDBUtC.exe
  2⤵
  PID:12220
- C:\Windows\System\KNqIyUZ.exe
  C:\Windows\System\KNqIyUZ.exe
  2⤵
  PID:12252
- C:\Windows\System\dBjynTM.exe
  C:\Windows\System\dBjynTM.exe
  2⤵
  PID:12280
- C:\Windows\System\KFeVJYc.exe
  C:\Windows\System\KFeVJYc.exe
  2⤵
  PID:11196
- C:\Windows\System\wNnXThG.exe
  C:\Windows\System\wNnXThG.exe
  2⤵
  PID:11116
- C:\Windows\System\HnNSkPM.exe
  C:\Windows\System\HnNSkPM.exe
  2⤵
  PID:11288
- C:\Windows\System\Nqzcfbq.exe
  C:\Windows\System\Nqzcfbq.exe
  2⤵
  PID:11312
- C:\Windows\System\vYyXiTY.exe
  C:\Windows\System\vYyXiTY.exe
  2⤵
  PID:11380
- C:\Windows\System\PovYNEF.exe
  C:\Windows\System\PovYNEF.exe
  2⤵
  PID:11420
- C:\Windows\System\vclXxrm.exe
  C:\Windows\System\vclXxrm.exe
  2⤵
  PID:10004
- C:\Windows\System\KUIUEcP.exe
  C:\Windows\System\KUIUEcP.exe
  2⤵
  PID:11452
- C:\Windows\System\ijXTBeH.exe
  C:\Windows\System\ijXTBeH.exe
  2⤵
  PID:11764
- C:\Windows\System\VCwYStD.exe
  C:\Windows\System\VCwYStD.exe
  2⤵
  PID:11848
- C:\Windows\System\wQSvgnf.exe
  C:\Windows\System\wQSvgnf.exe
  2⤵
  PID:11832
- C:\Windows\System\hvCNnGu.exe
  C:\Windows\System\hvCNnGu.exe
  2⤵
  PID:11808
- C:\Windows\System\WTXqcyq.exe
  C:\Windows\System\WTXqcyq.exe
  2⤵
  PID:11880
- C:\Windows\System\AKjMehS.exe
  C:\Windows\System\AKjMehS.exe
  2⤵
  PID:12096
- C:\Windows\System\lYSHxog.exe
  C:\Windows\System\lYSHxog.exe
  2⤵
  PID:10820
- C:\Windows\System\hJldizp.exe
  C:\Windows\System\hJldizp.exe
  2⤵
  PID:12216
- C:\Windows\System\VPeBOiw.exe
  C:\Windows\System\VPeBOiw.exe
  2⤵
  PID:12184
- C:\Windows\System\ukpnFaH.exe
  C:\Windows\System\ukpnFaH.exe
  2⤵
  PID:11308
- C:\Windows\System\RVLnUkI.exe
  C:\Windows\System\RVLnUkI.exe
  2⤵
  PID:11744
- C:\Windows\System\SyqepOL.exe
  C:\Windows\System\SyqepOL.exe
  2⤵
  PID:11656
- C:\Windows\System\ACaZDNZ.exe
  C:\Windows\System\ACaZDNZ.exe
  2⤵
  PID:11680
- C:\Windows\System\vLwSHtZ.exe
  C:\Windows\System\vLwSHtZ.exe
  2⤵
  PID:12088
- C:\Windows\System\BUbtBqy.exe
  C:\Windows\System\BUbtBqy.exe
  2⤵
  PID:12268
- C:\Windows\System\fwrnfZC.exe
  C:\Windows\System\fwrnfZC.exe
  2⤵
  PID:11220
- C:\Windows\System\cYcAXbe.exe
  C:\Windows\System\cYcAXbe.exe
  2⤵
  PID:9708
- C:\Windows\System\tYEfbBC.exe
  C:\Windows\System\tYEfbBC.exe
  2⤵
  PID:11184
- C:\Windows\System\hSlycnf.exe
  C:\Windows\System\hSlycnf.exe
  2⤵
  PID:12328
- C:\Windows\System\hJFMaVo.exe
  C:\Windows\System\hJFMaVo.exe
  2⤵
  PID:12352
- C:\Windows\System\tzgmXHC.exe
  C:\Windows\System\tzgmXHC.exe
  2⤵
  PID:12380
- C:\Windows\System\fEbDBIG.exe
  C:\Windows\System\fEbDBIG.exe
  2⤵
  PID:12416
- C:\Windows\System\tIwinsQ.exe
  C:\Windows\System\tIwinsQ.exe
  2⤵
  PID:12448
- C:\Windows\System\RmVNEjY.exe
  C:\Windows\System\RmVNEjY.exe
  2⤵
  PID:12476
- C:\Windows\System\WPzJEHb.exe
  C:\Windows\System\WPzJEHb.exe
  2⤵
  PID:12516
- C:\Windows\System\AEhcltd.exe
  C:\Windows\System\AEhcltd.exe
  2⤵
  PID:12540
- C:\Windows\System\nKntLHr.exe
  C:\Windows\System\nKntLHr.exe
  2⤵
  PID:12560
- C:\Windows\System\znlAlNq.exe
  C:\Windows\System\znlAlNq.exe
  2⤵
  PID:12588
- C:\Windows\System\EcRBpHD.exe
  C:\Windows\System\EcRBpHD.exe
  2⤵
  PID:12624
- C:\Windows\System\eajDzNz.exe
  C:\Windows\System\eajDzNz.exe
  2⤵
  PID:12656
- C:\Windows\System\jazzknd.exe
  C:\Windows\System\jazzknd.exe
  2⤵
  PID:12684
- C:\Windows\System\mjdiXuE.exe
  C:\Windows\System\mjdiXuE.exe
  2⤵
  PID:12712
- C:\Windows\System\iSmxdqz.exe
  C:\Windows\System\iSmxdqz.exe
  2⤵
  PID:12728
- C:\Windows\System\aeFWHNh.exe
  C:\Windows\System\aeFWHNh.exe
  2⤵
  PID:12756
- C:\Windows\System\FutLKKx.exe
  C:\Windows\System\FutLKKx.exe
  2⤵
  PID:12788
- C:\Windows\System\cuzPenG.exe
  C:\Windows\System\cuzPenG.exe
  2⤵
  PID:12824
- C:\Windows\System\Nokypks.exe
  C:\Windows\System\Nokypks.exe
  2⤵
  PID:12852
- C:\Windows\System\kNuVXDK.exe
  C:\Windows\System\kNuVXDK.exe
  2⤵
  PID:12868
- C:\Windows\System\qDUOkCo.exe
  C:\Windows\System\qDUOkCo.exe
  2⤵
  PID:12896
- C:\Windows\System\weuziKR.exe
  C:\Windows\System\weuziKR.exe
  2⤵
  PID:12928
- C:\Windows\System\yIsLqLe.exe
  C:\Windows\System\yIsLqLe.exe
  2⤵
  PID:12952
- C:\Windows\System\XaoIaFd.exe
  C:\Windows\System\XaoIaFd.exe
  2⤵
  PID:12980
- C:\Windows\System\OeATTBz.exe
  C:\Windows\System\OeATTBz.exe
  2⤵
  PID:13008
- C:\Windows\System\McsoKmB.exe
  C:\Windows\System\McsoKmB.exe
  2⤵
  PID:13036
- C:\Windows\System\lADuKme.exe
  C:\Windows\System\lADuKme.exe
  2⤵
  PID:13064
- C:\Windows\System\kdEbiIQ.exe
  C:\Windows\System\kdEbiIQ.exe
  2⤵
  PID:13092
- C:\Windows\System\wcFJKjf.exe
  C:\Windows\System\wcFJKjf.exe
  2⤵
  PID:13124
- C:\Windows\System\HevLNsk.exe
  C:\Windows\System\HevLNsk.exe
  2⤵
  PID:13152
- C:\Windows\System\YQnCMvf.exe
  C:\Windows\System\YQnCMvf.exe
  2⤵
  PID:13176
- C:\Windows\System\upZHfYK.exe
  C:\Windows\System\upZHfYK.exe
  2⤵
  PID:13204
- C:\Windows\System\QzKhPvI.exe
  C:\Windows\System\QzKhPvI.exe
  2⤵
  PID:13232
- C:\Windows\System\zOikLGo.exe
  C:\Windows\System\zOikLGo.exe
  2⤵
  PID:13260
- C:\Windows\System\qyoENFc.exe
  C:\Windows\System\qyoENFc.exe
  2⤵
  PID:13288
- C:\Windows\System\zfcyNEZ.exe
  C:\Windows\System\zfcyNEZ.exe
  2⤵
  PID:12152
- C:\Windows\System\ukrLdtT.exe
  C:\Windows\System\ukrLdtT.exe
  2⤵
  PID:11872
- C:\Windows\System\NMSHkll.exe
  C:\Windows\System\NMSHkll.exe
  2⤵
  PID:11932
- C:\Windows\System\MShYchZ.exe
  C:\Windows\System\MShYchZ.exe
  2⤵
  PID:12368
- C:\Windows\System\wdwgQVI.exe
  C:\Windows\System\wdwgQVI.exe
  2⤵
  PID:12460
- C:\Windows\System\pbCwHmZ.exe
  C:\Windows\System\pbCwHmZ.exe
  2⤵
  PID:12556
- C:\Windows\System\WzZkmuw.exe
  C:\Windows\System\WzZkmuw.exe
  2⤵
  PID:12604
- C:\Windows\System\MQLMzTr.exe
  C:\Windows\System\MQLMzTr.exe
  2⤵
  PID:12680
- C:\Windows\System\ALPOCKf.exe
  C:\Windows\System\ALPOCKf.exe
  2⤵
  PID:12720
- C:\Windows\System\nWqTMmg.exe
  C:\Windows\System\nWqTMmg.exe
  2⤵
  PID:12768
- C:\Windows\System\YKapacA.exe
  C:\Windows\System\YKapacA.exe
  2⤵
  PID:12860
- C:\Windows\System\ezMylZM.exe
  C:\Windows\System\ezMylZM.exe
  2⤵
  PID:12924
- C:\Windows\System\uYNSeHu.exe
  C:\Windows\System\uYNSeHu.exe
  2⤵
  PID:13020
- C:\Windows\System\swxVMNm.exe
  C:\Windows\System\swxVMNm.exe
  2⤵
  PID:13080
- C:\Windows\System\tuPXFBU.exe
  C:\Windows\System\tuPXFBU.exe
  2⤵
  PID:13140
- C:\Windows\System\LvDGUxK.exe
  C:\Windows\System\LvDGUxK.exe
  2⤵
  PID:13192
- C:\Windows\System\ZCsFfzr.exe
  C:\Windows\System\ZCsFfzr.exe
  2⤵
  PID:13276
- C:\Windows\System\cwMhNnS.exe
  C:\Windows\System\cwMhNnS.exe
  2⤵
  PID:13300
- C:\Windows\System\aKwSjNI.exe
  C:\Windows\System\aKwSjNI.exe
  2⤵
  PID:12364
- C:\Windows\System\cZTrExz.exe
  C:\Windows\System\cZTrExz.exe
  2⤵
  PID:12584
- C:\Windows\System\pALGjlU.exe
  C:\Windows\System\pALGjlU.exe
  2⤵
  PID:12704
- C:\Windows\System\aUUBtzv.exe
  C:\Windows\System\aUUBtzv.exe
  2⤵
  PID:12752
- C:\Windows\System\MrTUAxu.exe
  C:\Windows\System\MrTUAxu.exe
  2⤵
  PID:12944
- C:\Windows\System\koEBedj.exe
  C:\Windows\System\koEBedj.exe
  2⤵
  PID:13104
- C:\Windows\System\xwXXDpI.exe
  C:\Windows\System\xwXXDpI.exe
  2⤵
  PID:13272
- C:\Windows\System\RoCerIW.exe
  C:\Windows\System\RoCerIW.exe
  2⤵
  PID:12444
- C:\Windows\System\fNqsWly.exe
  C:\Windows\System\fNqsWly.exe
  2⤵
  PID:12336
- C:\Windows\System\TADFOfH.exe
  C:\Windows\System\TADFOfH.exe
  2⤵
  PID:13224
- C:\Windows\System\XCYHffP.exe
  C:\Windows\System\XCYHffP.exe
  2⤵
  PID:12648
- C:\Windows\System\gneDCqL.exe
  C:\Windows\System\gneDCqL.exe
  2⤵
  PID:13056
- C:\Windows\System\Exzkhyp.exe
  C:\Windows\System\Exzkhyp.exe
  2⤵
  PID:13316
- C:\Windows\System\glosDgQ.exe
  C:\Windows\System\glosDgQ.exe
  2⤵
  PID:13336
- C:\Windows\System\dtOOVDr.exe
  C:\Windows\System\dtOOVDr.exe
  2⤵
  PID:13372
- C:\Windows\System\uxeacAE.exe
  C:\Windows\System\uxeacAE.exe
  2⤵
  PID:13400
- C:\Windows\System\CgygINk.exe
  C:\Windows\System\CgygINk.exe
  2⤵
  PID:13420
- C:\Windows\System\DRmwQuG.exe
  C:\Windows\System\DRmwQuG.exe
  2⤵
  PID:13448
- C:\Windows\System\kUFwUPT.exe
  C:\Windows\System\kUFwUPT.exe
  2⤵
  PID:13492
- C:\Windows\System\JrISgwE.exe
  C:\Windows\System\JrISgwE.exe
  2⤵
  PID:13528
- C:\Windows\System\sakBZKm.exe
  C:\Windows\System\sakBZKm.exe
  2⤵
  PID:13544
- C:\Windows\System\tjrvPbI.exe
  C:\Windows\System\tjrvPbI.exe
  2⤵
  PID:13572
- C:\Windows\System\PqvZFyC.exe
  C:\Windows\System\PqvZFyC.exe
  2⤵
  PID:13608
- C:\Windows\System\yUrnuzH.exe
  C:\Windows\System\yUrnuzH.exe
  2⤵
  PID:13628
- C:\Windows\System\vyGXeMm.exe
  C:\Windows\System\vyGXeMm.exe
  2⤵
  PID:13656
- C:\Windows\System\fVFuIRj.exe
  C:\Windows\System\fVFuIRj.exe
  2⤵
  PID:13672
- C:\Windows\System\gbPVpSm.exe
  C:\Windows\System\gbPVpSm.exe
  2⤵
  PID:13700
- C:\Windows\System\OmasxQo.exe
  C:\Windows\System\OmasxQo.exe
  2⤵
  PID:13724
- C:\Windows\System\ECHcwEY.exe
  C:\Windows\System\ECHcwEY.exe
  2⤵
  PID:13756
- C:\Windows\System\YpzFAcf.exe
  C:\Windows\System\YpzFAcf.exe
  2⤵
  PID:13780
- C:\Windows\System\jBeECyW.exe
  C:\Windows\System\jBeECyW.exe
  2⤵
  PID:13804
- C:\Windows\System\WKDFCJE.exe
  C:\Windows\System\WKDFCJE.exe
  2⤵
  PID:13836
- C:\Windows\System\fTDGyoX.exe
  C:\Windows\System\fTDGyoX.exe
  2⤵
  PID:13916
- C:\Windows\System\JLZNBUl.exe
  C:\Windows\System\JLZNBUl.exe
  2⤵
  PID:13936
- C:\Windows\System\BPZCrxG.exe
  C:\Windows\System\BPZCrxG.exe
  2⤵
  PID:13964
- C:\Windows\System\SLStFjg.exe
  C:\Windows\System\SLStFjg.exe
  2⤵
  PID:13980
- C:\Windows\System\yXLWWID.exe
  C:\Windows\System\yXLWWID.exe
  2⤵
  PID:14008
- C:\Windows\System\WpmbuRf.exe
  C:\Windows\System\WpmbuRf.exe
  2⤵
  PID:14036
- C:\Windows\System\tLTAbSV.exe
  C:\Windows\System\tLTAbSV.exe
  2⤵
  PID:14064
- C:\Windows\System\MJXhbKy.exe
  C:\Windows\System\MJXhbKy.exe
  2⤵
  PID:14096
- C:\Windows\System\SdqIBmx.exe
  C:\Windows\System\SdqIBmx.exe
  2⤵
  PID:14120
- C:\Windows\System\NYAYxnM.exe
  C:\Windows\System\NYAYxnM.exe
  2⤵
  PID:14148
- C:\Windows\System\pOqklKB.exe
  C:\Windows\System\pOqklKB.exe
  2⤵
  PID:14176
- C:\Windows\System\xkFvAOM.exe
  C:\Windows\System\xkFvAOM.exe
  2⤵
  PID:14196
- C:\Windows\System\sbSbVgm.exe
  C:\Windows\System\sbSbVgm.exe
  2⤵
  PID:14220
- C:\Windows\System\nULOZrC.exe
  C:\Windows\System\nULOZrC.exe
  2⤵
  PID:14244
- C:\Windows\System\KDqzqLV.exe
  C:\Windows\System\KDqzqLV.exe
  2⤵
  PID:14280
- C:\Windows\System\nfiTnFU.exe
  C:\Windows\System\nfiTnFU.exe
  2⤵
  PID:14316
- C:\Windows\System\HChcfcU.exe
  C:\Windows\System\HChcfcU.exe
  2⤵
  PID:13324
- C:\Windows\System\BBHnAWY.exe
  C:\Windows\System\BBHnAWY.exe
  2⤵
  PID:13368
- C:\Windows\System\qNcrvYK.exe
  C:\Windows\System\qNcrvYK.exe
  2⤵
  PID:13412
- C:\Windows\System\aGuZNVb.exe
  C:\Windows\System\aGuZNVb.exe
  2⤵
  PID:13500
- C:\Windows\System\HslOPmh.exe
  C:\Windows\System\HslOPmh.exe
  2⤵
  PID:13540
- C:\Windows\System\SxdzyjG.exe
  C:\Windows\System\SxdzyjG.exe
  2⤵
  PID:13584
- C:\Windows\System\QYLsoQw.exe
  C:\Windows\System\QYLsoQw.exe
  2⤵
  PID:13688
- C:\Windows\System\JQhWqKG.exe
  C:\Windows\System\JQhWqKG.exe
  2⤵
  PID:13720
- C:\Windows\System\AaTJSEH.exe
  C:\Windows\System\AaTJSEH.exe
  2⤵
  PID:13788
- C:\Windows\System\gBOcSIT.exe
  C:\Windows\System\gBOcSIT.exe
  2⤵
  PID:13796
- C:\Windows\System\kvpCZbx.exe
  C:\Windows\System\kvpCZbx.exe
  2⤵
  PID:13892
- C:\Windows\System\SXPMefc.exe
  C:\Windows\System\SXPMefc.exe
  2⤵
  PID:13948
- C:\Windows\System\HaGWCry.exe
  C:\Windows\System\HaGWCry.exe
  2⤵
  PID:13992
- C:\Windows\System\lYsYTzZ.exe
  C:\Windows\System\lYsYTzZ.exe
  2⤵
  PID:14104
- C:\Windows\System\mWqtpaK.exe
  C:\Windows\System\mWqtpaK.exe
  2⤵
  PID:14168
- C:\Windows\System\AuFZmmz.exe
  C:\Windows\System\AuFZmmz.exe
  2⤵
  PID:14232
- C:\Windows\System\SqjyJHO.exe
  C:\Windows\System\SqjyJHO.exe
  2⤵
  PID:13244
- C:\Windows\System\xqBlbZI.exe
  C:\Windows\System\xqBlbZI.exe
  2⤵
  PID:13360
- C:\Windows\System\hFbXfVC.exe
  C:\Windows\System\hFbXfVC.exe
  2⤵
  PID:13472
- C:\Windows\System\yDhTDbt.exe
  C:\Windows\System\yDhTDbt.exe
  2⤵
  PID:13600
- C:\Windows\System\HsznxKy.exe
  C:\Windows\System\HsznxKy.exe
  2⤵
  PID:13736
- C:\Windows\System\KvwcnWO.exe
  C:\Windows\System\KvwcnWO.exe
  2⤵
  PID:13928
- C:\Windows\System\CuiXtNy.exe
  C:\Windows\System\CuiXtNy.exe
  2⤵
  PID:14060
- C:\Windows\System\XFjxQsd.exe
  C:\Windows\System\XFjxQsd.exe
  2⤵
  PID:14212
- C:\Windows\System\yWlNqVR.exe
  C:\Windows\System\yWlNqVR.exe
  2⤵
  PID:14256
- C:\Windows\System\SbTtBvz.exe
  C:\Windows\System\SbTtBvz.exe
  2⤵
  PID:13792
- C:\Windows\System\LxfZqMA.exe
  C:\Windows\System\LxfZqMA.exe
  2⤵
  PID:12708
- C:\Windows\System\Snrnaty.exe
  C:\Windows\System\Snrnaty.exe
  2⤵
  PID:14356
- C:\Windows\System\objqDVe.exe
  C:\Windows\System\objqDVe.exe
  2⤵
  PID:14376
- C:\Windows\System\wbWxTcq.exe
  C:\Windows\System\wbWxTcq.exe
  2⤵
  PID:14404
- C:\Windows\System\xdeIlTf.exe
  C:\Windows\System\xdeIlTf.exe
  2⤵
  PID:14428
- C:\Windows\System\rCnLAzP.exe
  C:\Windows\System\rCnLAzP.exe
  2⤵
  PID:14456
- C:\Windows\System\GFXydxG.exe
  C:\Windows\System\GFXydxG.exe
  2⤵
  PID:14484
- C:\Windows\System\cdUWVCK.exe
  C:\Windows\System\cdUWVCK.exe
  2⤵
  PID:14512
- C:\Windows\System\IcQScgx.exe
  C:\Windows\System\IcQScgx.exe
  2⤵
  PID:14540
- C:\Windows\System\yvMntKs.exe
  C:\Windows\System\yvMntKs.exe
  2⤵
  PID:14576
- C:\Windows\System\GNlgkOJ.exe
  C:\Windows\System\GNlgkOJ.exe
  2⤵
  PID:14604
- C:\Windows\System\fCizcmZ.exe
  C:\Windows\System\fCizcmZ.exe
  2⤵
  PID:14644
- C:\Windows\System\qADXsOn.exe
  C:\Windows\System\qADXsOn.exe
  2⤵
  PID:14668
- C:\Windows\System\GuFELRx.exe
  C:\Windows\System\GuFELRx.exe
  2⤵
  PID:14696
- C:\Windows\System\rsgfCme.exe
  C:\Windows\System\rsgfCme.exe
  2⤵
  PID:14728
- C:\Windows\System\vfpywUR.exe
  C:\Windows\System\vfpywUR.exe
  2⤵
  PID:14764
- C:\Windows\System\bsfaZNn.exe
  C:\Windows\System\bsfaZNn.exe
  2⤵
  PID:14788
- C:\Windows\System\CdyUxuY.exe
  C:\Windows\System\CdyUxuY.exe
  2⤵
  PID:14812
- C:\Windows\System\Qqdutvi.exe
  C:\Windows\System\Qqdutvi.exe
  2⤵
  PID:14836
- C:\Windows\System\gavyLkm.exe
  C:\Windows\System\gavyLkm.exe
  2⤵
  PID:14856
- C:\Windows\System\SkFGzNI.exe
  C:\Windows\System\SkFGzNI.exe
  2⤵
  PID:14880
- C:\Windows\System\ThheACn.exe
  C:\Windows\System\ThheACn.exe
  2⤵
  PID:14896
- C:\Windows\System\xKogTKU.exe
  C:\Windows\System\xKogTKU.exe
  2⤵
  PID:14924
- C:\Windows\System\qqHXFyr.exe
  C:\Windows\System\qqHXFyr.exe
  2⤵
  PID:14948
- C:\Windows\System\LcMqzzH.exe
  C:\Windows\System\LcMqzzH.exe
  2⤵
  PID:14980
- C:\Windows\System\mHLHcYv.exe
  C:\Windows\System\mHLHcYv.exe
  2⤵
  PID:15000
- C:\Windows\System\SCvKJhM.exe
  C:\Windows\System\SCvKJhM.exe
  2⤵
  PID:15028
- C:\Windows\System\QObKVqE.exe
  C:\Windows\System\QObKVqE.exe
  2⤵
  PID:15060
- C:\Windows\System\uvOlFhY.exe
  C:\Windows\System\uvOlFhY.exe
  2⤵
  PID:15080
- C:\Windows\System\kCnGcYd.exe
  C:\Windows\System\kCnGcYd.exe
  2⤵
  PID:15108
- C:\Windows\System\BLFBWFB.exe
  C:\Windows\System\BLFBWFB.exe
  2⤵
  PID:15128
- C:\Windows\System\FOWrTzv.exe
  C:\Windows\System\FOWrTzv.exe
  2⤵
  PID:15156
- C:\Windows\System\ZHuONCc.exe
  C:\Windows\System\ZHuONCc.exe
  2⤵
  PID:15188
- C:\Windows\System\tKevpYd.exe
  C:\Windows\System\tKevpYd.exe
  2⤵
  PID:15340
- C:\Windows\System\DMjugXS.exe
  C:\Windows\System\DMjugXS.exe
  2⤵
  PID:15356

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ADHkjWn.exe

Filesize
2.1MB

MD5
1840de8f3dff749a84817116e52e80f6

SHA1
87e2f348123120695e31fc7d0504e2f2fb2d3763

SHA256
db709c6723834c23824b7e1dd419700b4d3ffadad040fdb53acc20cdad488540

SHA512
dcfe14dfa15b60b0e89c928aebaa2e4bb0fd63498bf915ea434db364c25438fce0d1835d693bda80da7dca81fbf00584666b5eba2b39a570c739b6faf3017065

Download Submit
C:\Windows\System\BUfdSYy.exe

Filesize
2.2MB

MD5
4de3c5d060423e25e920c3f19611fdc9

SHA1
0330a5eb751afaa38e58936499269a8963a5ad4f

SHA256
5317c85814b4b7959cdf54e7277c381dfa44b38a2e6dac4c08b83cd0632a11a9

SHA512
48f38020addd4be2a05045aedbc8c85491ead523dbc80cef81a0aebc2ca487d07a204f1659411805116434b672d772874c47995dd43ba21229d858434dae3ab2

Download Submit
C:\Windows\System\COVJIhG.exe

Filesize
2.2MB

MD5
0aadbc13f52475c4f5615b7fa2614b25

SHA1
61af7feedefb2be9304ad873fd3b2f02fe76b7e9

SHA256
1ec1141d8dedb78e59fb7e028d39c0fdf4509fc0bad0afeb734a480a9604a5f9

SHA512
4ff4a916c19fccbd1a77e361d4425173f083689707ffda015a336e5494c9ff4b11824b2cfb9c87a5dea9e211013fc1c0b1b13ec9f3c232d0e6a64962838f5dd2

Download Submit
C:\Windows\System\DWRGHQi.exe

Filesize
2.1MB

MD5
33634f4e8ba5da44481fbf8acf5288c1

SHA1
07f8182a8e0430a83a70ff9ed5c5367cd7cb9316

SHA256
6c44daaa8e552b2985cb857fa2bd07afe4b08a0240ef562541f6732ad8032562

SHA512
1aede5f5d476c33a298d16155369bdd875b7bd96bc7eb1a569aaa7fa956ad3d9c896e7e1f47e6205cc891a3579461e29dfecc8db0456cb356297cfa8cd697ea5

Download Submit
C:\Windows\System\Dpajate.exe

Filesize
2.1MB

MD5
fedb5e3e1da664d0020c5a6974a3e812

SHA1
04130bc3514f23c68f8baadef65c7bcff2827ea4

SHA256
07ee8388e209a1bae089b3b01e7a797a714c1839f32645f98de02c76b584bec9

SHA512
7b0f3a19acf5aecd9d3732cdecce4039a8eb8bc111b4449a5d086f3a537b415e1e3bb15e1b7859d8dee20040e462ca0bf7146627636422cf9a3be7a1f5db8cda

Download Submit
C:\Windows\System\FfrbxWo.exe

Filesize
2.1MB

MD5
062f2435cd7336f3fca5d494821e6d9e

SHA1
dcf83f60780f66a971ca03d93444c4c3f3026cad

SHA256
7d60e98d88643790e4348d38a0121ffad6a67c0ce24f01896f7cfae9ce60a37a

SHA512
bf75f502dfdc85fbdc1c715e6cb69fa50f8079cca42789a03c1efbb4a78dc2ae7e1d9ea78735d6d2f5728a5d631c707932d83a63658206c49af5c8e353927aaf

Download Submit
C:\Windows\System\GdlLNjP.exe

Filesize
2.2MB

MD5
0dd2377078060d2260de85945a82f20b

SHA1
14215a34c717f3d5786be3d4e5d8aa146d256116

SHA256
894234e2045a96462608bcfe9dfae24a317335386cfead68d5d82f219ad34b6b

SHA512
5903157698000902c1bf2c7cca1dab4ba2df670c58475bb79ee5a77baed7dd9a0a21304d382ce0cc164c3888dc46c8d5356a76ff45a933c371181ef7e0975928

Download Submit
C:\Windows\System\GeNqIPp.exe

Filesize
2.1MB

MD5
802ebf053497ca1209aaf751ec95e565

SHA1
5393cfaeb70d9f341b378fda96efd751c6156349

SHA256
349369ef594ca5f8d8f1d24e2502c81fbf32580b82d51650aa83e9911919da87

SHA512
1d47d0c64c268bc9e80b988d98f2964bdb078bac54b59f76c60572aa6f25e287ab68cfb025ff45d0da9c357b7f95bc19d93c134b8248f68e0eefef63563ad80f

Download Submit
C:\Windows\System\HPLIVuq.exe

Filesize
2.1MB

MD5
79d70bff35de2a548c5b0a4b6af18d44

SHA1
01776315c9cce824271d6bed41aed8645eda2b97

SHA256
a06e9cf1040e2782855391a561a4853da40e2a9e5cf04ef33430c8860732860c

SHA512
e1012415a0830039fb3f5313b5c4ab041fb3412fe3b2d77f72ab57f4df4cba06ea2afbaae07cd3ebad6b0c3f444621c8d6ec88a50605a9e3673832d8fda57a60

Download Submit
C:\Windows\System\IYmHRms.exe

Filesize
2.2MB

MD5
08965f5ad13a4ce8910807cf43fdf5d9

SHA1
882c4935d422ebf3ae55fed13329f810290027a6

SHA256
d016f4ecac3e61435c538383d02bf0083c3e2ea6b6e2b07a36c84bf9aa65af8e

SHA512
51a9c139ee7c50b1240cf2e061aef70d978458d8d5be72888421f9c49cd2b17737a2e7783caac3ebcfeae166819212eb711267612228b0acf1da6c9e6fbf8cd0

Download Submit
C:\Windows\System\JIqjIfV.exe

Filesize
2.2MB

MD5
f156dfd3d2f8c703f4f0d58818f69774

SHA1
9a1930b4549c692c8dfb5be1cc3eb0efb10b7f30

SHA256
7bdb727fb2958e5b873c2ea244dc4b401da67ff640bb0f2258b97e1b108b150a

SHA512
5ab5300f42bfbb7a1559636c367c069065d7594b91d1b962e1b5e6360924847e70907e7848657268665c4ca242a3201e41116800ba900f98ac2a76d867cc23aa

Download Submit
C:\Windows\System\Odzwxro.exe

Filesize
2.1MB

MD5
ac4febfd7f0edd7b11477144924a4eec

SHA1
633e4e2f575eaaeca5c9014d18da93dfcb721c09

SHA256
7bb3c849b96e16593327a0edff81ebdf31019782d3654d1cda22bd5dffdf5db8

SHA512
6ffef7d2eddb177ba0d3d3b5291c296787d0a90760b276eccbc444287966b14b853ee15df25b7aa10a762c1ed70fe91062c73d096695eb4eeaf6a53459f404be

Download Submit
C:\Windows\System\QRhFbpN.exe

Filesize
2.1MB

MD5
eab54ce13ec145ce5874466284dd5dd7

SHA1
f797e904c4d723da5e8e0745edd56b5879912cdd

SHA256
dc00d8740a429cc201129ee2cbf26acea9886c08b18b92c4e9c82a09d3053ddd

SHA512
094cff24c1056dc70a4e524441b93c62afbe74d3e95b4a6d3c882437127272229487f8635fd1654a08b08a18ae1d8a154481e9f9d6594e58fe34129cd943b957

Download Submit
C:\Windows\System\ULqTHRB.exe

Filesize
2.2MB

MD5
54561f2ce3b121e6619ace5ad4c5783b

SHA1
9054b8c34a93ecdb07aa75933f46f59d375ddf32

SHA256
6f5e8e552dfc877418d9aeb81432a6eded937af2b3cec9ad3e30912192462997

SHA512
0b6e2bf1db5a25f07569be0628ee121dc0622ef9892325c80de0b582a16b5685d6d551cda12fdad2f7dd4c18d068c314e698106a65649b64e4ed09716861e09d

Download Submit
C:\Windows\System\UyOmpqX.exe

Filesize
2.2MB

MD5
28caffe1c614ae0a4c870c271261b277

SHA1
4ae90dcbb193574dd1946b091df69c2f45734e12

SHA256
ef72326c7eb40914f3434a2789d4fed7b7ba441c1c46d1c23c82d54426c95317

SHA512
3fa61a6906a97df857302cc321e0cf241a7359dd2b603dc0b2baa405439573c909a6cd1b2a16f82da7dbb5bbb472d15f9738d5e0d9dff656323f429bb7cbe1ca

Download Submit
C:\Windows\System\VWwiiDH.exe

Filesize
2.1MB

MD5
94ca3352562d003aba83feeccb926f29

SHA1
3aa9107c4511bfb0f8fcb59b8df8358588b374bc

SHA256
1d428ee9974bb3baaf4ecbbd25d2ffab1da40727be2670220a0fc8922dfd2149

SHA512
5ab3a624bb87b774bc7992eb22a5c32a662f29b93f6533edf9c717f3b12aab8a92a27aa218377fd144771f1c4d76e4c0815a9e35b5d861f126983db91a4248da

Download Submit
C:\Windows\System\WHYVchP.exe

Filesize
2.2MB

MD5
065a1e9ddebe820f08ed79e260c2558e

SHA1
4c0f723c7034c816e869968c7f07121dd39c7cf0

SHA256
352089644ecd9e2c72222c7b46955f884c625b64abe55c06586b266c3076f333

SHA512
9968edbfe3cb7779259d38bf14767a08d0b1c9490a842bc0fd27a37574e57fe59ac81922e9d3cc4a1c6030c946f5f001b7c5dd0998b984623f8d1b36ef476275

Download Submit
C:\Windows\System\YbqMtyO.exe

Filesize
2.2MB

MD5
ec0f7331cde79fe26b763c781e0eb610

SHA1
53b35b6179d87c9b02bdce19be8b09b581f1a1ca

SHA256
d883fa8687bbd3170c433e10f9fa3957e751faf90166d4819011eaa1c414c983

SHA512
e12c66f0fadc61ae9a549c4f67222c4b8ca152be2d54c0ca15f8214486f1801ec44bf28c77a2b982633762135815c5b55d3a681760f745b369d9d8d7ec7a7306

Download Submit
C:\Windows\System\adUAXOh.exe

Filesize
2.2MB

MD5
a4717ca3826e76e5c52ab8609645fd55

SHA1
fb9e1474d4292ae34b327f1cbef779c525d0a1bf

SHA256
deb22217bf5082f594fd2c2f287a6088beecada89aeea1e9660b1b2505478175

SHA512
6c12bb0bc8b68593334b2f1bdf8bed7d28df7ab7b9ed2bec4dd12c70cf7dba60c81717d5540d5225788aa480c50f90b2823f7e04d4ec1107984f31d438bf58c9

Download Submit
C:\Windows\System\azizlxF.exe

Filesize
2.1MB

MD5
f263c9de148f18df2a5cd0204ba0db18

SHA1
fcf92a03d5dd3b8834f64c31a734372da30dc71c

SHA256
828f9d6d5c46bd366fd8e60d71bca49f4cd5526b5dfd616409731f24604d0973

SHA512
0204b93867b0301c27d71836a42437b97915c5af698c42294f1f5092ad68c5b45a21e0188d59fd5de3bfec15b1b8a160c8a534b4233e34713ba69a8d4e3dcb73

Download Submit
C:\Windows\System\bBhIWOF.exe

Filesize
2.2MB

MD5
981d67e49862be9e7b242d328757ffa6

SHA1
4c3935d424029279272035899c57fe3af569122f

SHA256
e1e8f6b125fcb17bc79fe0c00caf066c47be8bf3efd15a92be5c4d6ef2e2e26f

SHA512
e10f94e606ea7405b473e6b33c309f1614f2e691f91dc6483a3be69badcf3e785958cf2a4c5280a0ca96ba7f27dd352ce50ebc4c97f3af68c9832fe7a17141a5

Download Submit
C:\Windows\System\dGZDzLW.exe

Filesize
2.2MB

MD5
195f2ff509b261e055d416c8022ac542

SHA1
89da1fa09f2a5326778b368d31155d2f60d14555

SHA256
f1b1a2d299a9fda9bd2aa4c2fb1eea16b306fb5d9c7855f13014856beac34a03

SHA512
701d98fc1becd9a00ff590738681ef509d4fa9d213ac5457733946860b9e8e636504947a8de859533fb5ee94eb4315a22cf2e8c22e03b287b05d344b7ba883b1

Download Submit
C:\Windows\System\dMfcPwW.exe

Filesize
2.2MB

MD5
fcadb467994e0d59363c3a681f0e847e

SHA1
277314865e3993620b0faa15732ff9399799ec6b

SHA256
7d707daedbcb438262940226439d72234e57dd457838dd52d36a1f338f41f2c8

SHA512
4943b65b9f2e4ef4e26ebaa2b3f5ca1ba76a4a6bf15614dbd8afddf3fa3e77732e2b9642efe93aeba3ec938a23f95d68f74428a24fcbbb58bbacd33a28af709b

Download Submit
C:\Windows\System\eBIqjXj.exe

Filesize
2.1MB

MD5
e3276008a49f6aa8cce2ef90314e111d

SHA1
d3e68238a62f935f8a584bd9fbe7101121f954f5

SHA256
600ea680055fbb2bf29685058ec1453ad3234c3514bb2fcd66d40bafcc073e84

SHA512
7a296965cc21b919b1eb55408d6200e65fbac4448bec09a20868c497db2f245c9057d8aea60867f4ec646084289a281f37ab9ebcfee58aea1d40ac23871549ef

Download Submit
C:\Windows\System\gKstGnd.exe

Filesize
2.1MB

MD5
8c7fea38325f1123158708a21db87e97

SHA1
28d515a173d327f8f2ff29e0812337b8837cf1c8

SHA256
3d4efdfffde2489e4e57cfa79659bde32771ea11c14d7335df277b63d0f8d797

SHA512
605f55ccc9ba02148399a27370d16692465f68964b90fa8c459fa4bfe52d79ee996d8f2c55b1229866664087d34972aa93ed9b60a24b608408645c1aa0c8d1a4

Download Submit
C:\Windows\System\hqFkTXe.exe

Filesize
2.2MB

MD5
3422240eaa58a289c725c4b518a16b1f

SHA1
e10a0e7b9e8449fc2347b1342f9897b1b1d06c3e

SHA256
7bcaa3b10055e614c9354585408ea4c9a317dea0336c31f3dbda95bdf4d19d4b

SHA512
6e4e696d7f6913cf59e67110e9cb31de5a4ac9f287407f7e5095224215d25370f65a07e5e932e6c0ea6072c651f8e15eb3b5d030b5c2cbf38981e27674705f64

Download Submit
C:\Windows\System\hyLFNMc.exe

Filesize
2.2MB

MD5
c81042cbfc0d84e71414a7217376cf97

SHA1
ff52b82e31ad52437a234e3e94d8c2449ec9a69a

SHA256
9194af3aa4ca3674e988a7b2612ff96544c2ba093db59910ab5f830946ee7cd1

SHA512
cc53396389e27c5798d0b13ef8018c63bf9ceb276df85c34ae71eafc8e143e7caf9e8eeab9bc5669df1a823e452cb0eb184fa42688185d36e5842b1399982c13

Download Submit
C:\Windows\System\inyNtFQ.exe

Filesize
2.2MB

MD5
eb20db82a6fa3a7d3abb5b8896ec5318

SHA1
07335ba3969c65fc54edf11d96230459d8aa8c47

SHA256
8cb6542cf2c7a95c6e5a3d5d2ae8796cbf0b272da258def12952611a26ca87d8

SHA512
bd25e17056295c7d10f2e962d51bdf67780752393a162c73b164f9aa6a1d60f9005b01afedd1f13cd9f546876ae655be41b0a8f1d973f999552248540ec8a536

Download Submit
C:\Windows\System\jHyyfni.exe

Filesize
2.1MB

MD5
2b87f85852886c7a202058bd14505e62

SHA1
c7371233e1c98a9909216dc216298e43311a2956

SHA256
b1db5d0b2f805caca9609ac6998d799fde04d267ca0f72ed7b73332615b86e10

SHA512
3dc6fbce29bf508aa1f234f5c3ffe6d3c91dc25e0f625f2e4070c9c032984a38b1ed22c69fa4172ceb1430cdf344375a926f50118feacfb7b6b8da1bd8f1a946

Download Submit
C:\Windows\System\jRZFOUS.exe

Filesize
2.1MB

MD5
ee69046b6f99f9f578b53d212a0af31f

SHA1
9331205311f2c04ffd9bc6525b51c589588a3617

SHA256
43c4a3b889a14b59d32f7e194efce682b069c80fcb71883caaff98db336bae94

SHA512
52974bda7b928aef3b7649af88a53e459a52f4d067629dfc336d0d8a8cd6ec3a2f3991b8a5cfaf55d626bf0b086a64fcec86bc1ed0529725b9f9489b86cd793e

Download Submit
C:\Windows\System\qwwWpOA.exe

Filesize
2.2MB

MD5
1a8b690674fb18c8f53e2bf20517961d

SHA1
fa9ffdd4bfb1ca66e20ccb0ab7ab7f3e79bc93ed

SHA256
c18dea72c284a881b22cf550e9769eff70c3e56ccd9912506ed88b23d41a0c0b

SHA512
6a050890629cbc734239995d36f740550103111a1394230ea898d678b25a06fad24663b40c6ed04038f984436e2ff9a3a207493fa5147d836520a7dbe0359d05

Download Submit
C:\Windows\System\sjRSenF.exe

Filesize
2.1MB

MD5
0e7b76d6b788693bd333e184fd1ce5c9

SHA1
48c5783053b9f8e687d27652a91391b07ad89fe7

SHA256
8496593fe4f7daafb427be864a4ed9a0c57e058de302bdccb7604c87186092d1

SHA512
1fb49ac14f520bc187d66a0a73afdfde1daac6ef001e773a4cd4b2325a9c4da182046087554177ab6a2f5ebceedf792e5917ecb6eb072b3c05b18aa7a79420fe

Download Submit
C:\Windows\System\szDCQmf.exe

Filesize
2.1MB

MD5
e23e578b0cb2e00555f4c2b938aedced

SHA1
b89d82ca739fbdcb22c5571ebf25acdc11a19a99

SHA256
c078d1d9f02d2b16de6382384b1a77a3ad1040e804cfc4b7a38da321fcace6f1

SHA512
950b3811f8c35f9c9b40638de735e2954230c686f108c2667a0f81f042d0c87a63dfc7e655088a9f564dba6efe1fdc51f74c0840c2b45e145b0c59c4512e1351

Download Submit
C:\Windows\System\tcqEPPV.exe

Filesize
2.2MB

MD5
1b66b77f3a6250dcb4a03f22def04d04

SHA1
10ad7c133d7d0d743e31c6e24940c156037fe505

SHA256
bdceccd43e6aa32682ecfa44b0f28ac234c2a6a2d7d70fa2a13e6c78990177b2

SHA512
0170c00081f64cb8875dbcd6b0ab3f2cad7f103d68403943d5c910f5e6edcb4a7358f8f6c0112fbffa82a8d682946e99f1620d163153c54016c3f09c7673a872

Download Submit
C:\Windows\System\voqPsyY.exe

Filesize
2.1MB

MD5
d24896a53ed803ae94486f3f41d2d1ec

SHA1
95ef8f491aeb4eed32abaf2712b904d0c4ee184c

SHA256
d908dcc8b7e40ccf2ccab3fccd72d0f04b47c0bb675460300b237ce036691924

SHA512
135d485d4e4350c764f34d482dbeac00dda67971520e3738b15e435feab0054bdbc0ed1d8082a542caf757ba2aa33ec35881a7b6bc93c34e11d0bb855655df0c

Download Submit
C:\Windows\System\vqZNNIb.exe

Filesize
2.1MB

MD5
192d3562a80a1f0ffb8db0a9ad9ab573

SHA1
b01cf7b82d87d7626cca968c56fa2138c524cadd

SHA256
3892bbfba7604a688c2310c55bd8f1e3a8bb79c4875bb6c2442dd6535fb23cf8

SHA512
55a8c7501572e93184221a988ca64f19f1a4acc721ee6024c42cc1fbed66d3453af1274f645f66314a3034352700a7231329860f93c126526def4e875265cb28

Download Submit
C:\Windows\System\xeYXxtu.exe

Filesize
2.1MB

MD5
23730fc3cd6ad0a8a6bac2192b3a8caf

SHA1
d13dc34b3637c74c2f7b3f5af2d311f5c6a1a418

SHA256
ac98ce2145048bad29128e4db1a9014fae2616da0b61a8a875fae2af635603e0

SHA512
890ee8dd8ef7e16f1d2961ab55352aa35ca7eb69443a0cf658024170e5e7ba29d5a4b6a71abec80ebe6cee17c6b849cf6bb811e08f2002276f6e14674017ac1f

Download Submit
memory/244-2332-0x00007FF7D87A0000-0x00007FF7D8AF4000-memory.dmp

Filesize
3.3MB

Download
memory/244-211-0x00007FF7D87A0000-0x00007FF7D8AF4000-memory.dmp

Filesize
3.3MB

Download
memory/648-2336-0x00007FF61D770000-0x00007FF61DAC4000-memory.dmp

Filesize
3.3MB

Download
memory/648-87-0x00007FF61D770000-0x00007FF61DAC4000-memory.dmp

Filesize
3.3MB

Download
memory/984-2343-0x00007FF6C0BB0000-0x00007FF6C0F04000-memory.dmp

Filesize
3.3MB

Download
memory/984-200-0x00007FF6C0BB0000-0x00007FF6C0F04000-memory.dmp

Filesize
3.3MB

Download
memory/1548-2331-0x00007FF6FBA10000-0x00007FF6FBD64000-memory.dmp

Filesize
3.3MB

Download
memory/1548-212-0x00007FF6FBA10000-0x00007FF6FBD64000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2349-0x00007FF6AC0F0000-0x00007FF6AC444000-memory.dmp

Filesize
3.3MB

Download
memory/1832-204-0x00007FF6AC0F0000-0x00007FF6AC444000-memory.dmp

Filesize
3.3MB

Download
memory/1912-61-0x00007FF6A6140000-0x00007FF6A6494000-memory.dmp

Filesize
3.3MB

Download
memory/1912-2323-0x00007FF6A6140000-0x00007FF6A6494000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2321-0x00007FF670A00000-0x00007FF670D54000-memory.dmp

Filesize
3.3MB

Download
memory/1944-207-0x00007FF670A00000-0x00007FF670D54000-memory.dmp

Filesize
3.3MB

Download
memory/2016-2339-0x00007FF7CD740000-0x00007FF7CDA94000-memory.dmp

Filesize
3.3MB

Download
memory/2016-191-0x00007FF7CD740000-0x00007FF7CDA94000-memory.dmp

Filesize
3.3MB

Download
memory/2072-0-0x00007FF792990000-0x00007FF792CE4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-1056-0x00007FF792990000-0x00007FF792CE4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-1-0x0000017A2F590000-0x0000017A2F5A0000-memory.dmp

Filesize
64KB

Download
memory/2076-2327-0x00007FF754CF0000-0x00007FF755044000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1201-0x00007FF754CF0000-0x00007FF755044000-memory.dmp

Filesize
3.3MB

Download
memory/2076-34-0x00007FF754CF0000-0x00007FF755044000-memory.dmp

Filesize
3.3MB

Download
memory/2336-205-0x00007FF654410000-0x00007FF654764000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2348-0x00007FF654410000-0x00007FF654764000-memory.dmp

Filesize
3.3MB

Download
memory/2636-201-0x00007FF7377B0000-0x00007FF737B04000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2341-0x00007FF7377B0000-0x00007FF737B04000-memory.dmp

Filesize
3.3MB

Download
memory/2740-209-0x00007FF786A50000-0x00007FF786DA4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2334-0x00007FF786A50000-0x00007FF786DA4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1199-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-23-0x00007FF6D43A0000-0x00007FF6D46F4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-197-0x00007FF762010000-0x00007FF762364000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2340-0x00007FF762010000-0x00007FF762364000-memory.dmp

Filesize
3.3MB

Download
memory/3232-199-0x00007FF60BF70000-0x00007FF60C2C4000-memory.dmp

Filesize
3.3MB

Download
memory/3232-2344-0x00007FF60BF70000-0x00007FF60C2C4000-memory.dmp

Filesize
3.3MB

Download
memory/3284-210-0x00007FF761E80000-0x00007FF7621D4000-memory.dmp

Filesize
3.3MB

Download
memory/3284-2333-0x00007FF761E80000-0x00007FF7621D4000-memory.dmp

Filesize
3.3MB

Download
memory/3296-2329-0x00007FF6B6FC0000-0x00007FF6B7314000-memory.dmp

Filesize
3.3MB

Download
memory/3296-192-0x00007FF6B6FC0000-0x00007FF6B7314000-memory.dmp

Filesize
3.3MB

Download
memory/3348-198-0x00007FF68F870000-0x00007FF68FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3348-2346-0x00007FF68F870000-0x00007FF68FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3484-2328-0x00007FF68D9B0000-0x00007FF68DD04000-memory.dmp

Filesize
3.3MB

Download
memory/3484-196-0x00007FF68D9B0000-0x00007FF68DD04000-memory.dmp

Filesize
3.3MB

Download
memory/3492-1209-0x00007FF7F0BD0000-0x00007FF7F0F24000-memory.dmp

Filesize
3.3MB

Download
memory/3492-2326-0x00007FF7F0BD0000-0x00007FF7F0F24000-memory.dmp

Filesize
3.3MB

Download
memory/3492-52-0x00007FF7F0BD0000-0x00007FF7F0F24000-memory.dmp

Filesize
3.3MB

Download
memory/3664-202-0x00007FF71C210000-0x00007FF71C564000-memory.dmp

Filesize
3.3MB

Download
memory/3664-2342-0x00007FF71C210000-0x00007FF71C564000-memory.dmp

Filesize
3.3MB

Download
memory/3988-2347-0x00007FF77C550000-0x00007FF77C8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3988-203-0x00007FF77C550000-0x00007FF77C8A4000-memory.dmp

Filesize
3.3MB

Download
memory/4060-2322-0x00007FF636570000-0x00007FF6368C4000-memory.dmp

Filesize
3.3MB

Download
memory/4060-206-0x00007FF636570000-0x00007FF6368C4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-208-0x00007FF6F9410000-0x00007FF6F9764000-memory.dmp

Filesize
3.3MB

Download
memory/4112-2345-0x00007FF6F9410000-0x00007FF6F9764000-memory.dmp

Filesize
3.3MB

Download
memory/4332-180-0x00007FF78D290000-0x00007FF78D5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-2338-0x00007FF78D290000-0x00007FF78D5E4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-1212-0x00007FF72D5E0000-0x00007FF72D934000-memory.dmp

Filesize
3.3MB

Download
memory/4924-64-0x00007FF72D5E0000-0x00007FF72D934000-memory.dmp

Filesize
3.3MB

Download
memory/4924-2335-0x00007FF72D5E0000-0x00007FF72D934000-memory.dmp

Filesize
3.3MB

Download
memory/4936-10-0x00007FF6E6F60000-0x00007FF6E72B4000-memory.dmp

Filesize
3.3MB

Download
memory/4936-1062-0x00007FF6E6F60000-0x00007FF6E72B4000-memory.dmp

Filesize
3.3MB

Download
memory/5028-2330-0x00007FF7FDE10000-0x00007FF7FE164000-memory.dmp

Filesize
3.3MB

Download
memory/5028-181-0x00007FF7FDE10000-0x00007FF7FE164000-memory.dmp

Filesize
3.3MB

Download
memory/5056-2337-0x00007FF603770000-0x00007FF603AC4000-memory.dmp

Filesize
3.3MB

Download
memory/5056-73-0x00007FF603770000-0x00007FF603AC4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads