xmrig | 01254a51d70fde4f0fb14c69b24effd98efc235b2e4c293117631d81e5df8028

Analysis

max time kernel
134s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
Size

2.7MB
MD5

5cc673d6bfb1e54fc4d437b12f90e5c0
SHA1

8addebc8c6ceb50acf6d4ffd01cc5237062108bc
SHA256

01254a51d70fde4f0fb14c69b24effd98efc235b2e4c293117631d81e5df8028
SHA512

0a230448f54d57c41d7ef8f9df85fc60f467e6a1be0c1b4b2d8783a3e6e1cc58ac0cf7bfd2ce2fd8c2963a100617a58c9aa96d4623a8583a98d4b71565eb9c73
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmSdIc1lNpEdxAgl:BemTLkNdfE0pZrx

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2900-0-0x00007FF7588B0000-0x00007FF758C04000-memory.dmp	xmrig
behavioral2/files/0x0009000000023547-4.dat	xmrig
behavioral2/files/0x000700000002354f-10.dat	xmrig
behavioral2/files/0x000700000002354e-12.dat	xmrig
behavioral2/memory/2516-8-0x00007FF7F3DB0000-0x00007FF7F4104000-memory.dmp	xmrig
behavioral2/files/0x0007000000023551-36.dat	xmrig
behavioral2/files/0x0007000000023557-61.dat	xmrig
behavioral2/files/0x0007000000023556-65.dat	xmrig
behavioral2/memory/3564-73-0x00007FF64B900000-0x00007FF64BC54000-memory.dmp	xmrig
behavioral2/memory/1748-74-0x00007FF7F4D80000-0x00007FF7F50D4000-memory.dmp	xmrig
behavioral2/files/0x000800000002354b-71.dat	xmrig
behavioral2/memory/4644-70-0x00007FF798D50000-0x00007FF7990A4000-memory.dmp	xmrig
behavioral2/memory/3712-67-0x00007FF7D0D40000-0x00007FF7D1094000-memory.dmp	xmrig
behavioral2/files/0x0007000000023555-58.dat	xmrig
behavioral2/memory/1012-57-0x00007FF60DE20000-0x00007FF60E174000-memory.dmp	xmrig
behavioral2/memory/3412-56-0x00007FF63DA00000-0x00007FF63DD54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023554-52.dat	xmrig
behavioral2/memory/4928-50-0x00007FF6256B0000-0x00007FF625A04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023552-46.dat	xmrig
behavioral2/files/0x0007000000023553-41.dat	xmrig
behavioral2/memory/3292-40-0x00007FF75FA30000-0x00007FF75FD84000-memory.dmp	xmrig
behavioral2/memory/4432-34-0x00007FF6715A0000-0x00007FF6718F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023550-28.dat	xmrig
behavioral2/memory/2792-25-0x00007FF7A23E0000-0x00007FF7A2734000-memory.dmp	xmrig
behavioral2/memory/968-16-0x00007FF6D8620000-0x00007FF6D8974000-memory.dmp	xmrig
behavioral2/files/0x0007000000023559-103.dat	xmrig
behavioral2/files/0x000700000002355b-107.dat	xmrig
behavioral2/files/0x000700000002355d-113.dat	xmrig
behavioral2/files/0x0007000000023560-117.dat	xmrig
behavioral2/memory/1304-125-0x00007FF7E3890000-0x00007FF7E3BE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023561-131.dat	xmrig
behavioral2/files/0x0007000000023563-136.dat	xmrig
behavioral2/memory/3852-140-0x00007FF659C70000-0x00007FF659FC4000-memory.dmp	xmrig
behavioral2/memory/4268-142-0x00007FF7A8ED0000-0x00007FF7A9224000-memory.dmp	xmrig
behavioral2/memory/3380-144-0x00007FF65C7E0000-0x00007FF65CB34000-memory.dmp	xmrig
behavioral2/memory/2900-143-0x00007FF7588B0000-0x00007FF758C04000-memory.dmp	xmrig
behavioral2/memory/4196-141-0x00007FF73BBC0000-0x00007FF73BF14000-memory.dmp	xmrig
behavioral2/memory/4848-139-0x00007FF6CC830000-0x00007FF6CCB84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023562-137.dat	xmrig
behavioral2/memory/1248-135-0x00007FF73EEB0000-0x00007FF73F204000-memory.dmp	xmrig
behavioral2/memory/1128-130-0x00007FF6D3B50000-0x00007FF6D3EA4000-memory.dmp	xmrig
behavioral2/files/0x000700000002355f-116.dat	xmrig
behavioral2/files/0x000700000002355c-114.dat	xmrig
behavioral2/memory/3176-112-0x00007FF72E6A0000-0x00007FF72E9F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002355e-108.dat	xmrig
behavioral2/files/0x000700000002355a-105.dat	xmrig
behavioral2/memory/1716-101-0x00007FF6405F0000-0x00007FF640944000-memory.dmp	xmrig
behavioral2/memory/4712-93-0x00007FF7CFFA0000-0x00007FF7D02F4000-memory.dmp	xmrig
behavioral2/memory/3092-87-0x00007FF6EA0A0000-0x00007FF6EA3F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023558-86.dat	xmrig
behavioral2/files/0x0007000000023564-150.dat	xmrig
behavioral2/files/0x0007000000023567-154.dat	xmrig
behavioral2/files/0x0007000000023568-160.dat	xmrig
behavioral2/files/0x0007000000023569-166.dat	xmrig
behavioral2/memory/4464-167-0x00007FF7586A0000-0x00007FF7589F4000-memory.dmp	xmrig
behavioral2/memory/3212-173-0x00007FF789370000-0x00007FF7896C4000-memory.dmp	xmrig
behavioral2/memory/4432-177-0x00007FF6715A0000-0x00007FF6718F4000-memory.dmp	xmrig
behavioral2/memory/3292-179-0x00007FF75FA30000-0x00007FF75FD84000-memory.dmp	xmrig
behavioral2/files/0x000700000002356a-180.dat	xmrig
behavioral2/memory/5044-176-0x00007FF67B1F0000-0x00007FF67B544000-memory.dmp	xmrig
behavioral2/memory/4336-175-0x00007FF63F830000-0x00007FF63FB84000-memory.dmp	xmrig
behavioral2/memory/2792-174-0x00007FF7A23E0000-0x00007FF7A2734000-memory.dmp	xmrig
behavioral2/memory/4584-168-0x00007FF78B740000-0x00007FF78BA94000-memory.dmp	xmrig
behavioral2/memory/2516-156-0x00007FF7F3DB0000-0x00007FF7F4104000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2516	lgKZmIm.exe
968	nkfVEWV.exe
2792	fTFAsvz.exe
4432	yldGtdi.exe
4928	izdaEFS.exe
3292	JrygyoA.exe
3412	QVnwKVP.exe
4644	mCaZlOf.exe
1012	YibDqVv.exe
3712	LUMxoDU.exe
3564	gssPtOc.exe
1748	jVlJpON.exe
3092	IJQHvgY.exe
4712	ZZEbDnt.exe
1716	ckYiIyi.exe
1248	EXjDAFF.exe
4848	UgOSWiF.exe
3176	vsmqTYt.exe
1304	GIAYAnw.exe
1128	cUnQwmW.exe
3852	EpRnqTY.exe
4196	SEwhiRd.exe
4268	wREJMoY.exe
3380	KaWOgKq.exe
4464	Ckvoxfq.exe
4584	nhcCsAE.exe
3212	fKEsDJC.exe
4336	NEsLNsS.exe
5044	gjCkMQg.exe
3808	LboPCNr.exe
3732	QWIYxQW.exe
3448	SUgLCQm.exe
4816	caZDlrE.exe
5004	XOyqfoY.exe
3940	FfHeGvr.exe
4600	fsciAkZ.exe
736	xwhqPNv.exe
2368	NdHamem.exe
2408	iantwib.exe
3972	KYAKIDf.exe
3628	BRwaNVI.exe
3064	wOyfKuL.exe
4528	qdcJHVr.exe
1676	PGySxaz.exe
4512	uwZxuHr.exe
4752	vphEefC.exe
1776	ywmDEhj.exe
544	mcIjcOV.exe
4940	PolHOHc.exe
4376	JpysYSb.exe
5140	VoAjyRE.exe
5168	upaddhj.exe
5208	bvuFQXH.exe
5232	XTVHCmk.exe
5256	rSEtOXG.exe
5288	rchAGIB.exe
5312	rBybqWv.exe
5340	mTCdMSY.exe
5368	gbcsvuG.exe
5392	kLIUEwn.exe
5412	DNIaWeQ.exe
5452	zgGKCLN.exe
5480	XAiBxvR.exe
5500	IbykNUc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2900-0-0x00007FF7588B0000-0x00007FF758C04000-memory.dmp	upx
behavioral2/files/0x0009000000023547-4.dat	upx
behavioral2/files/0x000700000002354f-10.dat	upx
behavioral2/files/0x000700000002354e-12.dat	upx
behavioral2/memory/2516-8-0x00007FF7F3DB0000-0x00007FF7F4104000-memory.dmp	upx
behavioral2/files/0x0007000000023551-36.dat	upx
behavioral2/files/0x0007000000023557-61.dat	upx
behavioral2/files/0x0007000000023556-65.dat	upx
behavioral2/memory/3564-73-0x00007FF64B900000-0x00007FF64BC54000-memory.dmp	upx
behavioral2/memory/1748-74-0x00007FF7F4D80000-0x00007FF7F50D4000-memory.dmp	upx
behavioral2/files/0x000800000002354b-71.dat	upx
behavioral2/memory/4644-70-0x00007FF798D50000-0x00007FF7990A4000-memory.dmp	upx
behavioral2/memory/3712-67-0x00007FF7D0D40000-0x00007FF7D1094000-memory.dmp	upx
behavioral2/files/0x0007000000023555-58.dat	upx
behavioral2/memory/1012-57-0x00007FF60DE20000-0x00007FF60E174000-memory.dmp	upx
behavioral2/memory/3412-56-0x00007FF63DA00000-0x00007FF63DD54000-memory.dmp	upx
behavioral2/files/0x0007000000023554-52.dat	upx
behavioral2/memory/4928-50-0x00007FF6256B0000-0x00007FF625A04000-memory.dmp	upx
behavioral2/files/0x0007000000023552-46.dat	upx
behavioral2/files/0x0007000000023553-41.dat	upx
behavioral2/memory/3292-40-0x00007FF75FA30000-0x00007FF75FD84000-memory.dmp	upx
behavioral2/memory/4432-34-0x00007FF6715A0000-0x00007FF6718F4000-memory.dmp	upx
behavioral2/files/0x0007000000023550-28.dat	upx
behavioral2/memory/2792-25-0x00007FF7A23E0000-0x00007FF7A2734000-memory.dmp	upx
behavioral2/memory/968-16-0x00007FF6D8620000-0x00007FF6D8974000-memory.dmp	upx
behavioral2/files/0x0007000000023559-103.dat	upx
behavioral2/files/0x000700000002355b-107.dat	upx
behavioral2/files/0x000700000002355d-113.dat	upx
behavioral2/files/0x0007000000023560-117.dat	upx
behavioral2/memory/1304-125-0x00007FF7E3890000-0x00007FF7E3BE4000-memory.dmp	upx
behavioral2/files/0x0007000000023561-131.dat	upx
behavioral2/files/0x0007000000023563-136.dat	upx
behavioral2/memory/3852-140-0x00007FF659C70000-0x00007FF659FC4000-memory.dmp	upx
behavioral2/memory/4268-142-0x00007FF7A8ED0000-0x00007FF7A9224000-memory.dmp	upx
behavioral2/memory/3380-144-0x00007FF65C7E0000-0x00007FF65CB34000-memory.dmp	upx
behavioral2/memory/2900-143-0x00007FF7588B0000-0x00007FF758C04000-memory.dmp	upx
behavioral2/memory/4196-141-0x00007FF73BBC0000-0x00007FF73BF14000-memory.dmp	upx
behavioral2/memory/4848-139-0x00007FF6CC830000-0x00007FF6CCB84000-memory.dmp	upx
behavioral2/files/0x0007000000023562-137.dat	upx
behavioral2/memory/1248-135-0x00007FF73EEB0000-0x00007FF73F204000-memory.dmp	upx
behavioral2/memory/1128-130-0x00007FF6D3B50000-0x00007FF6D3EA4000-memory.dmp	upx
behavioral2/files/0x000700000002355f-116.dat	upx
behavioral2/files/0x000700000002355c-114.dat	upx
behavioral2/memory/3176-112-0x00007FF72E6A0000-0x00007FF72E9F4000-memory.dmp	upx
behavioral2/files/0x000700000002355e-108.dat	upx
behavioral2/files/0x000700000002355a-105.dat	upx
behavioral2/memory/1716-101-0x00007FF6405F0000-0x00007FF640944000-memory.dmp	upx
behavioral2/memory/4712-93-0x00007FF7CFFA0000-0x00007FF7D02F4000-memory.dmp	upx
behavioral2/memory/3092-87-0x00007FF6EA0A0000-0x00007FF6EA3F4000-memory.dmp	upx
behavioral2/files/0x0007000000023558-86.dat	upx
behavioral2/files/0x0007000000023564-150.dat	upx
behavioral2/files/0x0007000000023567-154.dat	upx
behavioral2/files/0x0007000000023568-160.dat	upx
behavioral2/files/0x0007000000023569-166.dat	upx
behavioral2/memory/4464-167-0x00007FF7586A0000-0x00007FF7589F4000-memory.dmp	upx
behavioral2/memory/3212-173-0x00007FF789370000-0x00007FF7896C4000-memory.dmp	upx
behavioral2/memory/4432-177-0x00007FF6715A0000-0x00007FF6718F4000-memory.dmp	upx
behavioral2/memory/3292-179-0x00007FF75FA30000-0x00007FF75FD84000-memory.dmp	upx
behavioral2/files/0x000700000002356a-180.dat	upx
behavioral2/memory/5044-176-0x00007FF67B1F0000-0x00007FF67B544000-memory.dmp	upx
behavioral2/memory/4336-175-0x00007FF63F830000-0x00007FF63FB84000-memory.dmp	upx
behavioral2/memory/2792-174-0x00007FF7A23E0000-0x00007FF7A2734000-memory.dmp	upx
behavioral2/memory/4584-168-0x00007FF78B740000-0x00007FF78BA94000-memory.dmp	upx
behavioral2/memory/2516-156-0x00007FF7F3DB0000-0x00007FF7F4104000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JhDtrIK.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\imXHioT.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\XMWGTlc.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\VMxJqYt.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\pWZXIFb.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\QFFgqmz.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZAYsHRg.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\KoxtRFa.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\aoOuivO.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\Ckvoxfq.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\kDnDNcV.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\SMVGLGM.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\wHUkdVO.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\HssqzVA.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\oHpKaqP.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\xVAXquO.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\gNLfUtc.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\SafcLko.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\vPrcpJU.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\suvrNrb.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\OymqYdy.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\QNasugV.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\QbrNrvl.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\aHTDSuI.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\vrJWDUm.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\JKapkjz.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\kLIUEwn.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\UMxawal.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\ljXGbAb.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\KYAKIDf.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\axWPoys.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\NCwtXiB.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\SsaTZOu.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\kMemjHl.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\BulBcyO.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\LUMxoDU.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\hnJEPJg.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\CboylKW.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\JSgsNMz.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\LHDCFEO.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\WAKmNuZ.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\WimFZKD.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\JsThwOZ.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\kxqackr.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\eitCDks.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\sfvthLF.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\iIeqOUX.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\IwIWgyJ.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\XHyeClo.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\JCtybMJ.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\HbhvEhZ.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\NrtJiDG.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\oXaBRRY.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\MwxTtJN.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\ebIxboH.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\WGBLLuo.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\fuqzclM.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\AFhHlgb.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\MUwKDrA.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\kGfHzso.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\jVlJpON.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\EpRnqTY.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\KfPutFS.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
File created	C:\Windows\System\zTBferp.exe	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1180	dwm.exe
Token: SeChangeNotifyPrivilege	1180	dwm.exe
Token: 33	1180	dwm.exe
Token: SeIncBasePriorityPrivilege	1180	dwm.exe
Token: SeShutdownPrivilege	1180	dwm.exe
Token: SeCreatePagefilePrivilege	1180	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2516	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	91
PID 2900 wrote to memory of 2516	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	91
PID 2900 wrote to memory of 968	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	92
PID 2900 wrote to memory of 968	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	92
PID 2900 wrote to memory of 2792	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	93
PID 2900 wrote to memory of 2792	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	93
PID 2900 wrote to memory of 4432	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	94
PID 2900 wrote to memory of 4432	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	94
PID 2900 wrote to memory of 4928	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	95
PID 2900 wrote to memory of 4928	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	95
PID 2900 wrote to memory of 3292	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	96
PID 2900 wrote to memory of 3292	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	96
PID 2900 wrote to memory of 3412	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	97
PID 2900 wrote to memory of 3412	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	97
PID 2900 wrote to memory of 4644	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	98
PID 2900 wrote to memory of 4644	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	98
PID 2900 wrote to memory of 1012	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	99
PID 2900 wrote to memory of 1012	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	99
PID 2900 wrote to memory of 3712	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	100
PID 2900 wrote to memory of 3712	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	100
PID 2900 wrote to memory of 3564	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	101
PID 2900 wrote to memory of 3564	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	101
PID 2900 wrote to memory of 1748	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	102
PID 2900 wrote to memory of 1748	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	102
PID 2900 wrote to memory of 3092	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	103
PID 2900 wrote to memory of 3092	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	103
PID 2900 wrote to memory of 4712	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	105
PID 2900 wrote to memory of 4712	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	105
PID 2900 wrote to memory of 1716	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	106
PID 2900 wrote to memory of 1716	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	106
PID 2900 wrote to memory of 1248	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	107
PID 2900 wrote to memory of 1248	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	107
PID 2900 wrote to memory of 3176	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	108
PID 2900 wrote to memory of 3176	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	108
PID 2900 wrote to memory of 4848	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	109
PID 2900 wrote to memory of 4848	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	109
PID 2900 wrote to memory of 1304	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	110
PID 2900 wrote to memory of 1304	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	110
PID 2900 wrote to memory of 1128	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	111
PID 2900 wrote to memory of 1128	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	111
PID 2900 wrote to memory of 3852	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	112
PID 2900 wrote to memory of 3852	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	112
PID 2900 wrote to memory of 4196	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	113
PID 2900 wrote to memory of 4196	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	113
PID 2900 wrote to memory of 4268	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	114
PID 2900 wrote to memory of 4268	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	114
PID 2900 wrote to memory of 3380	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	115
PID 2900 wrote to memory of 3380	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	115
PID 2900 wrote to memory of 4464	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	116
PID 2900 wrote to memory of 4464	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	116
PID 2900 wrote to memory of 4584	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	117
PID 2900 wrote to memory of 4584	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	117
PID 2900 wrote to memory of 3212	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	118
PID 2900 wrote to memory of 3212	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	118
PID 2900 wrote to memory of 4336	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	119
PID 2900 wrote to memory of 4336	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	119
PID 2900 wrote to memory of 5044	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	120
PID 2900 wrote to memory of 5044	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	120
PID 2900 wrote to memory of 3808	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	122
PID 2900 wrote to memory of 3808	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	122
PID 2900 wrote to memory of 3732	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	125
PID 2900 wrote to memory of 3732	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	125
PID 2900 wrote to memory of 3448	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	126
PID 2900 wrote to memory of 3448	2900	5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe	126

C:\Users\Admin\AppData\Local\Temp\5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5cc673d6bfb1e54fc4d437b12f90e5c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\System\lgKZmIm.exe
  C:\Windows\System\lgKZmIm.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\nkfVEWV.exe
  C:\Windows\System\nkfVEWV.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\fTFAsvz.exe
  C:\Windows\System\fTFAsvz.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\yldGtdi.exe
  C:\Windows\System\yldGtdi.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\izdaEFS.exe
  C:\Windows\System\izdaEFS.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\JrygyoA.exe
  C:\Windows\System\JrygyoA.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\QVnwKVP.exe
  C:\Windows\System\QVnwKVP.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\mCaZlOf.exe
  C:\Windows\System\mCaZlOf.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\YibDqVv.exe
  C:\Windows\System\YibDqVv.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\LUMxoDU.exe
  C:\Windows\System\LUMxoDU.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\gssPtOc.exe
  C:\Windows\System\gssPtOc.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\jVlJpON.exe
  C:\Windows\System\jVlJpON.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\IJQHvgY.exe
  C:\Windows\System\IJQHvgY.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\ZZEbDnt.exe
  C:\Windows\System\ZZEbDnt.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\ckYiIyi.exe
  C:\Windows\System\ckYiIyi.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\EXjDAFF.exe
  C:\Windows\System\EXjDAFF.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\vsmqTYt.exe
  C:\Windows\System\vsmqTYt.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\UgOSWiF.exe
  C:\Windows\System\UgOSWiF.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\GIAYAnw.exe
  C:\Windows\System\GIAYAnw.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\cUnQwmW.exe
  C:\Windows\System\cUnQwmW.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\EpRnqTY.exe
  C:\Windows\System\EpRnqTY.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\SEwhiRd.exe
  C:\Windows\System\SEwhiRd.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\wREJMoY.exe
  C:\Windows\System\wREJMoY.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\KaWOgKq.exe
  C:\Windows\System\KaWOgKq.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\Ckvoxfq.exe
  C:\Windows\System\Ckvoxfq.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\nhcCsAE.exe
  C:\Windows\System\nhcCsAE.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\fKEsDJC.exe
  C:\Windows\System\fKEsDJC.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\NEsLNsS.exe
  C:\Windows\System\NEsLNsS.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\gjCkMQg.exe
  C:\Windows\System\gjCkMQg.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\LboPCNr.exe
  C:\Windows\System\LboPCNr.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\QWIYxQW.exe
  C:\Windows\System\QWIYxQW.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\SUgLCQm.exe
  C:\Windows\System\SUgLCQm.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\caZDlrE.exe
  C:\Windows\System\caZDlrE.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\XOyqfoY.exe
  C:\Windows\System\XOyqfoY.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\FfHeGvr.exe
  C:\Windows\System\FfHeGvr.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\fsciAkZ.exe
  C:\Windows\System\fsciAkZ.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\xwhqPNv.exe
  C:\Windows\System\xwhqPNv.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\NdHamem.exe
  C:\Windows\System\NdHamem.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\iantwib.exe
  C:\Windows\System\iantwib.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\KYAKIDf.exe
  C:\Windows\System\KYAKIDf.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\BRwaNVI.exe
  C:\Windows\System\BRwaNVI.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\wOyfKuL.exe
  C:\Windows\System\wOyfKuL.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\qdcJHVr.exe
  C:\Windows\System\qdcJHVr.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\PGySxaz.exe
  C:\Windows\System\PGySxaz.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\uwZxuHr.exe
  C:\Windows\System\uwZxuHr.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\vphEefC.exe
  C:\Windows\System\vphEefC.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\ywmDEhj.exe
  C:\Windows\System\ywmDEhj.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\mcIjcOV.exe
  C:\Windows\System\mcIjcOV.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\PolHOHc.exe
  C:\Windows\System\PolHOHc.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\JpysYSb.exe
  C:\Windows\System\JpysYSb.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\VoAjyRE.exe
  C:\Windows\System\VoAjyRE.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\upaddhj.exe
  C:\Windows\System\upaddhj.exe
  2⤵
  - Executes dropped EXE
  PID:5168
- C:\Windows\System\bvuFQXH.exe
  C:\Windows\System\bvuFQXH.exe
  2⤵
  - Executes dropped EXE
  PID:5208
- C:\Windows\System\XTVHCmk.exe
  C:\Windows\System\XTVHCmk.exe
  2⤵
  - Executes dropped EXE
  PID:5232
- C:\Windows\System\rSEtOXG.exe
  C:\Windows\System\rSEtOXG.exe
  2⤵
  - Executes dropped EXE
  PID:5256
- C:\Windows\System\rchAGIB.exe
  C:\Windows\System\rchAGIB.exe
  2⤵
  - Executes dropped EXE
  PID:5288
- C:\Windows\System\rBybqWv.exe
  C:\Windows\System\rBybqWv.exe
  2⤵
  - Executes dropped EXE
  PID:5312
- C:\Windows\System\mTCdMSY.exe
  C:\Windows\System\mTCdMSY.exe
  2⤵
  - Executes dropped EXE
  PID:5340
- C:\Windows\System\gbcsvuG.exe
  C:\Windows\System\gbcsvuG.exe
  2⤵
  - Executes dropped EXE
  PID:5368
- C:\Windows\System\kLIUEwn.exe
  C:\Windows\System\kLIUEwn.exe
  2⤵
  - Executes dropped EXE
  PID:5392
- C:\Windows\System\DNIaWeQ.exe
  C:\Windows\System\DNIaWeQ.exe
  2⤵
  - Executes dropped EXE
  PID:5412
- C:\Windows\System\zgGKCLN.exe
  C:\Windows\System\zgGKCLN.exe
  2⤵
  - Executes dropped EXE
  PID:5452
- C:\Windows\System\XAiBxvR.exe
  C:\Windows\System\XAiBxvR.exe
  2⤵
  - Executes dropped EXE
  PID:5480
- C:\Windows\System\IbykNUc.exe
  C:\Windows\System\IbykNUc.exe
  2⤵
  - Executes dropped EXE
  PID:5500
- C:\Windows\System\WAKmNuZ.exe
  C:\Windows\System\WAKmNuZ.exe
  2⤵
  PID:5540
- C:\Windows\System\hokJSOJ.exe
  C:\Windows\System\hokJSOJ.exe
  2⤵
  PID:5564
- C:\Windows\System\EaUxHAt.exe
  C:\Windows\System\EaUxHAt.exe
  2⤵
  PID:5580
- C:\Windows\System\GSDnhmc.exe
  C:\Windows\System\GSDnhmc.exe
  2⤵
  PID:5608
- C:\Windows\System\tsAHmZd.exe
  C:\Windows\System\tsAHmZd.exe
  2⤵
  PID:5644
- C:\Windows\System\AfZNQRW.exe
  C:\Windows\System\AfZNQRW.exe
  2⤵
  PID:5672
- C:\Windows\System\trqTdvm.exe
  C:\Windows\System\trqTdvm.exe
  2⤵
  PID:5708
- C:\Windows\System\mhTTUeX.exe
  C:\Windows\System\mhTTUeX.exe
  2⤵
  PID:5736
- C:\Windows\System\apaDOBN.exe
  C:\Windows\System\apaDOBN.exe
  2⤵
  PID:5764
- C:\Windows\System\mpxYqKx.exe
  C:\Windows\System\mpxYqKx.exe
  2⤵
  PID:5796
- C:\Windows\System\hmvokQf.exe
  C:\Windows\System\hmvokQf.exe
  2⤵
  PID:5820
- C:\Windows\System\kygLamq.exe
  C:\Windows\System\kygLamq.exe
  2⤵
  PID:5848
- C:\Windows\System\yjmMQIT.exe
  C:\Windows\System\yjmMQIT.exe
  2⤵
  PID:5876
- C:\Windows\System\pXwnwYK.exe
  C:\Windows\System\pXwnwYK.exe
  2⤵
  PID:5904
- C:\Windows\System\MbzrWvG.exe
  C:\Windows\System\MbzrWvG.exe
  2⤵
  PID:5932
- C:\Windows\System\fzqitYc.exe
  C:\Windows\System\fzqitYc.exe
  2⤵
  PID:5964
- C:\Windows\System\sRIAcHk.exe
  C:\Windows\System\sRIAcHk.exe
  2⤵
  PID:5996
- C:\Windows\System\NoLoBIw.exe
  C:\Windows\System\NoLoBIw.exe
  2⤵
  PID:6024
- C:\Windows\System\LnuZiTD.exe
  C:\Windows\System\LnuZiTD.exe
  2⤵
  PID:6048
- C:\Windows\System\KkRtUmi.exe
  C:\Windows\System\KkRtUmi.exe
  2⤵
  PID:6080
- C:\Windows\System\RWQtLVt.exe
  C:\Windows\System\RWQtLVt.exe
  2⤵
  PID:6104
- C:\Windows\System\ZZpQeaM.exe
  C:\Windows\System\ZZpQeaM.exe
  2⤵
  PID:6136
- C:\Windows\System\lcGzWQB.exe
  C:\Windows\System\lcGzWQB.exe
  2⤵
  PID:5176
- C:\Windows\System\NHYjETG.exe
  C:\Windows\System\NHYjETG.exe
  2⤵
  PID:5244
- C:\Windows\System\FpVjoIb.exe
  C:\Windows\System\FpVjoIb.exe
  2⤵
  PID:5300
- C:\Windows\System\JsThwOZ.exe
  C:\Windows\System\JsThwOZ.exe
  2⤵
  PID:5356
- C:\Windows\System\oaslMiZ.exe
  C:\Windows\System\oaslMiZ.exe
  2⤵
  PID:5424
- C:\Windows\System\vPrcpJU.exe
  C:\Windows\System\vPrcpJU.exe
  2⤵
  PID:5488
- C:\Windows\System\xiUnmmd.exe
  C:\Windows\System\xiUnmmd.exe
  2⤵
  PID:5548
- C:\Windows\System\gXsxLsB.exe
  C:\Windows\System\gXsxLsB.exe
  2⤵
  PID:5624
- C:\Windows\System\kSJaZOk.exe
  C:\Windows\System\kSJaZOk.exe
  2⤵
  PID:5680
- C:\Windows\System\iIeqOUX.exe
  C:\Windows\System\iIeqOUX.exe
  2⤵
  PID:5748
- C:\Windows\System\OlIZnZB.exe
  C:\Windows\System\OlIZnZB.exe
  2⤵
  PID:5816
- C:\Windows\System\sOVYFxY.exe
  C:\Windows\System\sOVYFxY.exe
  2⤵
  PID:5864
- C:\Windows\System\JyFlohl.exe
  C:\Windows\System\JyFlohl.exe
  2⤵
  PID:5944
- C:\Windows\System\gkvBLtu.exe
  C:\Windows\System\gkvBLtu.exe
  2⤵
  PID:6016
- C:\Windows\System\hnJEPJg.exe
  C:\Windows\System\hnJEPJg.exe
  2⤵
  PID:6088
- C:\Windows\System\ilAsCfD.exe
  C:\Windows\System\ilAsCfD.exe
  2⤵
  PID:5132
- C:\Windows\System\NmZQzSf.exe
  C:\Windows\System\NmZQzSf.exe
  2⤵
  PID:5336
- C:\Windows\System\JAkAbEH.exe
  C:\Windows\System\JAkAbEH.exe
  2⤵
  PID:5588
- C:\Windows\System\TaPehCj.exe
  C:\Windows\System\TaPehCj.exe
  2⤵
  PID:5776
- C:\Windows\System\rxQjmEv.exe
  C:\Windows\System\rxQjmEv.exe
  2⤵
  PID:5896
- C:\Windows\System\IRcwwWw.exe
  C:\Windows\System\IRcwwWw.exe
  2⤵
  PID:6044
- C:\Windows\System\QNasugV.exe
  C:\Windows\System\QNasugV.exe
  2⤵
  PID:5404
- C:\Windows\System\QHiBGVB.exe
  C:\Windows\System\QHiBGVB.exe
  2⤵
  PID:5728
- C:\Windows\System\axWPoys.exe
  C:\Windows\System\axWPoys.exe
  2⤵
  PID:6116
- C:\Windows\System\XrQWEfb.exe
  C:\Windows\System\XrQWEfb.exe
  2⤵
  PID:6040
- C:\Windows\System\qngWDEL.exe
  C:\Windows\System\qngWDEL.exe
  2⤵
  PID:5688
- C:\Windows\System\WoWEZCS.exe
  C:\Windows\System\WoWEZCS.exe
  2⤵
  PID:6168
- C:\Windows\System\cGyAPgC.exe
  C:\Windows\System\cGyAPgC.exe
  2⤵
  PID:6200
- C:\Windows\System\lHlqXfv.exe
  C:\Windows\System\lHlqXfv.exe
  2⤵
  PID:6232
- C:\Windows\System\iIWQMli.exe
  C:\Windows\System\iIWQMli.exe
  2⤵
  PID:6264
- C:\Windows\System\JiGErkm.exe
  C:\Windows\System\JiGErkm.exe
  2⤵
  PID:6296
- C:\Windows\System\svwHUEp.exe
  C:\Windows\System\svwHUEp.exe
  2⤵
  PID:6324
- C:\Windows\System\vravNWr.exe
  C:\Windows\System\vravNWr.exe
  2⤵
  PID:6340
- C:\Windows\System\JZGsGbl.exe
  C:\Windows\System\JZGsGbl.exe
  2⤵
  PID:6372
- C:\Windows\System\xrsWapQ.exe
  C:\Windows\System\xrsWapQ.exe
  2⤵
  PID:6404
- C:\Windows\System\dQZpejv.exe
  C:\Windows\System\dQZpejv.exe
  2⤵
  PID:6428
- C:\Windows\System\CmNSCSf.exe
  C:\Windows\System\CmNSCSf.exe
  2⤵
  PID:6452
- C:\Windows\System\iXjJtIW.exe
  C:\Windows\System\iXjJtIW.exe
  2⤵
  PID:6492
- C:\Windows\System\idSgHyG.exe
  C:\Windows\System\idSgHyG.exe
  2⤵
  PID:6520
- C:\Windows\System\fJqUPkA.exe
  C:\Windows\System\fJqUPkA.exe
  2⤵
  PID:6544
- C:\Windows\System\EcBpjJe.exe
  C:\Windows\System\EcBpjJe.exe
  2⤵
  PID:6564
- C:\Windows\System\NVVhbTQ.exe
  C:\Windows\System\NVVhbTQ.exe
  2⤵
  PID:6596
- C:\Windows\System\KfPutFS.exe
  C:\Windows\System\KfPutFS.exe
  2⤵
  PID:6632
- C:\Windows\System\YELBjkt.exe
  C:\Windows\System\YELBjkt.exe
  2⤵
  PID:6652
- C:\Windows\System\PWmDhnf.exe
  C:\Windows\System\PWmDhnf.exe
  2⤵
  PID:6672
- C:\Windows\System\iZlfmrj.exe
  C:\Windows\System\iZlfmrj.exe
  2⤵
  PID:6712
- C:\Windows\System\mBlJXho.exe
  C:\Windows\System\mBlJXho.exe
  2⤵
  PID:6760
- C:\Windows\System\SaEdqSm.exe
  C:\Windows\System\SaEdqSm.exe
  2⤵
  PID:6784
- C:\Windows\System\sjIuFNr.exe
  C:\Windows\System\sjIuFNr.exe
  2⤵
  PID:6808
- C:\Windows\System\gheAzQk.exe
  C:\Windows\System\gheAzQk.exe
  2⤵
  PID:6840
- C:\Windows\System\YPezWZm.exe
  C:\Windows\System\YPezWZm.exe
  2⤵
  PID:6868
- C:\Windows\System\ebIxboH.exe
  C:\Windows\System\ebIxboH.exe
  2⤵
  PID:6896
- C:\Windows\System\IsYkWUa.exe
  C:\Windows\System\IsYkWUa.exe
  2⤵
  PID:6924
- C:\Windows\System\NCwtXiB.exe
  C:\Windows\System\NCwtXiB.exe
  2⤵
  PID:6948
- C:\Windows\System\KOGfUbK.exe
  C:\Windows\System\KOGfUbK.exe
  2⤵
  PID:6980
- C:\Windows\System\DMRJXBe.exe
  C:\Windows\System\DMRJXBe.exe
  2⤵
  PID:7008
- C:\Windows\System\fQDQtFF.exe
  C:\Windows\System\fQDQtFF.exe
  2⤵
  PID:7024
- C:\Windows\System\PsaBFVc.exe
  C:\Windows\System\PsaBFVc.exe
  2⤵
  PID:7064
- C:\Windows\System\MQbGKrV.exe
  C:\Windows\System\MQbGKrV.exe
  2⤵
  PID:7096
- C:\Windows\System\imXHioT.exe
  C:\Windows\System\imXHioT.exe
  2⤵
  PID:7124
- C:\Windows\System\ypqDnOq.exe
  C:\Windows\System\ypqDnOq.exe
  2⤵
  PID:7140
- C:\Windows\System\jeyxOCE.exe
  C:\Windows\System\jeyxOCE.exe
  2⤵
  PID:6164
- C:\Windows\System\LfxhEUO.exe
  C:\Windows\System\LfxhEUO.exe
  2⤵
  PID:6228
- C:\Windows\System\XMWGTlc.exe
  C:\Windows\System\XMWGTlc.exe
  2⤵
  PID:6332
- C:\Windows\System\RbrRWkT.exe
  C:\Windows\System\RbrRWkT.exe
  2⤵
  PID:6420
- C:\Windows\System\VUPODPi.exe
  C:\Windows\System\VUPODPi.exe
  2⤵
  PID:6440
- C:\Windows\System\IwIWgyJ.exe
  C:\Windows\System\IwIWgyJ.exe
  2⤵
  PID:6532
- C:\Windows\System\gkzdrvy.exe
  C:\Windows\System\gkzdrvy.exe
  2⤵
  PID:6580
- C:\Windows\System\SyzcsRg.exe
  C:\Windows\System\SyzcsRg.exe
  2⤵
  PID:6660
- C:\Windows\System\VMxJqYt.exe
  C:\Windows\System\VMxJqYt.exe
  2⤵
  PID:6380
- C:\Windows\System\DqBlWnj.exe
  C:\Windows\System\DqBlWnj.exe
  2⤵
  PID:6816
- C:\Windows\System\TyInxnq.exe
  C:\Windows\System\TyInxnq.exe
  2⤵
  PID:6856
- C:\Windows\System\ilqdWZv.exe
  C:\Windows\System\ilqdWZv.exe
  2⤵
  PID:6908
- C:\Windows\System\fWyYqGZ.exe
  C:\Windows\System\fWyYqGZ.exe
  2⤵
  PID:6968
- C:\Windows\System\kDnDNcV.exe
  C:\Windows\System\kDnDNcV.exe
  2⤵
  PID:7056
- C:\Windows\System\yWPsFxF.exe
  C:\Windows\System\yWPsFxF.exe
  2⤵
  PID:7120
- C:\Windows\System\CyaGOWU.exe
  C:\Windows\System\CyaGOWU.exe
  2⤵
  PID:6196
- C:\Windows\System\xrnLzmY.exe
  C:\Windows\System\xrnLzmY.exe
  2⤵
  PID:6444
- C:\Windows\System\qSMzmwK.exe
  C:\Windows\System\qSMzmwK.exe
  2⤵
  PID:6644
- C:\Windows\System\WPyyghC.exe
  C:\Windows\System\WPyyghC.exe
  2⤵
  PID:6776
- C:\Windows\System\cMgTonl.exe
  C:\Windows\System\cMgTonl.exe
  2⤵
  PID:6920
- C:\Windows\System\axajxIU.exe
  C:\Windows\System\axajxIU.exe
  2⤵
  PID:7136
- C:\Windows\System\pRfxOoR.exe
  C:\Windows\System\pRfxOoR.exe
  2⤵
  PID:6588
- C:\Windows\System\gFQJRKy.exe
  C:\Windows\System\gFQJRKy.exe
  2⤵
  PID:6880
- C:\Windows\System\giWADiV.exe
  C:\Windows\System\giWADiV.exe
  2⤵
  PID:6284
- C:\Windows\System\ImiCZrt.exe
  C:\Windows\System\ImiCZrt.exe
  2⤵
  PID:7176
- C:\Windows\System\SKNmluU.exe
  C:\Windows\System\SKNmluU.exe
  2⤵
  PID:7200
- C:\Windows\System\JzHyQmA.exe
  C:\Windows\System\JzHyQmA.exe
  2⤵
  PID:7224
- C:\Windows\System\skRAdJp.exe
  C:\Windows\System\skRAdJp.exe
  2⤵
  PID:7256
- C:\Windows\System\XSibUQw.exe
  C:\Windows\System\XSibUQw.exe
  2⤵
  PID:7284
- C:\Windows\System\PuHAuGi.exe
  C:\Windows\System\PuHAuGi.exe
  2⤵
  PID:7312
- C:\Windows\System\UMxawal.exe
  C:\Windows\System\UMxawal.exe
  2⤵
  PID:7344
- C:\Windows\System\iuIEgkO.exe
  C:\Windows\System\iuIEgkO.exe
  2⤵
  PID:7368
- C:\Windows\System\xFSmUaX.exe
  C:\Windows\System\xFSmUaX.exe
  2⤵
  PID:7396
- C:\Windows\System\bxwBmDh.exe
  C:\Windows\System\bxwBmDh.exe
  2⤵
  PID:7424
- C:\Windows\System\fyjHknh.exe
  C:\Windows\System\fyjHknh.exe
  2⤵
  PID:7460
- C:\Windows\System\XLLMhBH.exe
  C:\Windows\System\XLLMhBH.exe
  2⤵
  PID:7488
- C:\Windows\System\fPwqNYA.exe
  C:\Windows\System\fPwqNYA.exe
  2⤵
  PID:7512
- C:\Windows\System\jcrNSWg.exe
  C:\Windows\System\jcrNSWg.exe
  2⤵
  PID:7540
- C:\Windows\System\oOzeirP.exe
  C:\Windows\System\oOzeirP.exe
  2⤵
  PID:7572
- C:\Windows\System\QZhxHtM.exe
  C:\Windows\System\QZhxHtM.exe
  2⤵
  PID:7588
- C:\Windows\System\DamCesA.exe
  C:\Windows\System\DamCesA.exe
  2⤵
  PID:7624
- C:\Windows\System\zlVgbwc.exe
  C:\Windows\System\zlVgbwc.exe
  2⤵
  PID:7660
- C:\Windows\System\KdieCGC.exe
  C:\Windows\System\KdieCGC.exe
  2⤵
  PID:7692
- C:\Windows\System\EhMNPdk.exe
  C:\Windows\System\EhMNPdk.exe
  2⤵
  PID:7720
- C:\Windows\System\XNynEwb.exe
  C:\Windows\System\XNynEwb.exe
  2⤵
  PID:7752
- C:\Windows\System\lsYiKop.exe
  C:\Windows\System\lsYiKop.exe
  2⤵
  PID:7784
- C:\Windows\System\sRQEDeu.exe
  C:\Windows\System\sRQEDeu.exe
  2⤵
  PID:7836
- C:\Windows\System\eqRuTZu.exe
  C:\Windows\System\eqRuTZu.exe
  2⤵
  PID:7880
- C:\Windows\System\kPGApdx.exe
  C:\Windows\System\kPGApdx.exe
  2⤵
  PID:7912
- C:\Windows\System\nuFJXaI.exe
  C:\Windows\System\nuFJXaI.exe
  2⤵
  PID:7940
- C:\Windows\System\MPABqgV.exe
  C:\Windows\System\MPABqgV.exe
  2⤵
  PID:7968
- C:\Windows\System\mbDMeMi.exe
  C:\Windows\System\mbDMeMi.exe
  2⤵
  PID:7996
- C:\Windows\System\zqUSsRI.exe
  C:\Windows\System\zqUSsRI.exe
  2⤵
  PID:8024
- C:\Windows\System\ZvGCYpV.exe
  C:\Windows\System\ZvGCYpV.exe
  2⤵
  PID:8052
- C:\Windows\System\rhpvDJx.exe
  C:\Windows\System\rhpvDJx.exe
  2⤵
  PID:8080
- C:\Windows\System\QbrNrvl.exe
  C:\Windows\System\QbrNrvl.exe
  2⤵
  PID:8108
- C:\Windows\System\BdkPufG.exe
  C:\Windows\System\BdkPufG.exe
  2⤵
  PID:8128
- C:\Windows\System\LSkDHNV.exe
  C:\Windows\System\LSkDHNV.exe
  2⤵
  PID:8160
- C:\Windows\System\tDeYfkr.exe
  C:\Windows\System\tDeYfkr.exe
  2⤵
  PID:8188
- C:\Windows\System\ZhqsZEG.exe
  C:\Windows\System\ZhqsZEG.exe
  2⤵
  PID:7248
- C:\Windows\System\pWZXIFb.exe
  C:\Windows\System\pWZXIFb.exe
  2⤵
  PID:7280
- C:\Windows\System\DuawavB.exe
  C:\Windows\System\DuawavB.exe
  2⤵
  PID:7336
- C:\Windows\System\FMksveP.exe
  C:\Windows\System\FMksveP.exe
  2⤵
  PID:7380
- C:\Windows\System\iNMTvki.exe
  C:\Windows\System\iNMTvki.exe
  2⤵
  PID:7420
- C:\Windows\System\DeoCxjs.exe
  C:\Windows\System\DeoCxjs.exe
  2⤵
  PID:7480
- C:\Windows\System\ttETwfj.exe
  C:\Windows\System\ttETwfj.exe
  2⤵
  PID:7532
- C:\Windows\System\suvrNrb.exe
  C:\Windows\System\suvrNrb.exe
  2⤵
  PID:7704
- C:\Windows\System\oHpKaqP.exe
  C:\Windows\System\oHpKaqP.exe
  2⤵
  PID:7768
- C:\Windows\System\OWRLquJ.exe
  C:\Windows\System\OWRLquJ.exe
  2⤵
  PID:7868
- C:\Windows\System\BemsNpp.exe
  C:\Windows\System\BemsNpp.exe
  2⤵
  PID:7952
- C:\Windows\System\hIWbdmA.exe
  C:\Windows\System\hIWbdmA.exe
  2⤵
  PID:8044
- C:\Windows\System\NAbZbLj.exe
  C:\Windows\System\NAbZbLj.exe
  2⤵
  PID:8104
- C:\Windows\System\NUsdpXo.exe
  C:\Windows\System\NUsdpXo.exe
  2⤵
  PID:7268
- C:\Windows\System\inHcCrh.exe
  C:\Windows\System\inHcCrh.exe
  2⤵
  PID:8184
- C:\Windows\System\CTQVYYt.exe
  C:\Windows\System\CTQVYYt.exe
  2⤵
  PID:7468
- C:\Windows\System\cywrlhB.exe
  C:\Windows\System\cywrlhB.exe
  2⤵
  PID:7580
- C:\Windows\System\CboylKW.exe
  C:\Windows\System\CboylKW.exe
  2⤵
  PID:7764
- C:\Windows\System\VMuFtAj.exe
  C:\Windows\System\VMuFtAj.exe
  2⤵
  PID:7276
- C:\Windows\System\sfvthLF.exe
  C:\Windows\System\sfvthLF.exe
  2⤵
  PID:7632
- C:\Windows\System\sXkMXJu.exe
  C:\Windows\System\sXkMXJu.exe
  2⤵
  PID:7672
- C:\Windows\System\KozJMBh.exe
  C:\Windows\System\KozJMBh.exe
  2⤵
  PID:7648
- C:\Windows\System\wuIUMBb.exe
  C:\Windows\System\wuIUMBb.exe
  2⤵
  PID:7584
- C:\Windows\System\AbrQKbH.exe
  C:\Windows\System\AbrQKbH.exe
  2⤵
  PID:8216
- C:\Windows\System\qMCJdFd.exe
  C:\Windows\System\qMCJdFd.exe
  2⤵
  PID:8236
- C:\Windows\System\rmegGSB.exe
  C:\Windows\System\rmegGSB.exe
  2⤵
  PID:8256
- C:\Windows\System\VmmNFTR.exe
  C:\Windows\System\VmmNFTR.exe
  2⤵
  PID:8280
- C:\Windows\System\JCGEvue.exe
  C:\Windows\System\JCGEvue.exe
  2⤵
  PID:8332
- C:\Windows\System\QEuyioa.exe
  C:\Windows\System\QEuyioa.exe
  2⤵
  PID:8352
- C:\Windows\System\jiunImL.exe
  C:\Windows\System\jiunImL.exe
  2⤵
  PID:8384
- C:\Windows\System\GKeigdb.exe
  C:\Windows\System\GKeigdb.exe
  2⤵
  PID:8408
- C:\Windows\System\usoQcmq.exe
  C:\Windows\System\usoQcmq.exe
  2⤵
  PID:8440
- C:\Windows\System\njOOAQl.exe
  C:\Windows\System\njOOAQl.exe
  2⤵
  PID:8476
- C:\Windows\System\lShRNsG.exe
  C:\Windows\System\lShRNsG.exe
  2⤵
  PID:8504
- C:\Windows\System\jIQHQvB.exe
  C:\Windows\System\jIQHQvB.exe
  2⤵
  PID:8520
- C:\Windows\System\FOxOoGR.exe
  C:\Windows\System\FOxOoGR.exe
  2⤵
  PID:8544
- C:\Windows\System\QGFmoXR.exe
  C:\Windows\System\QGFmoXR.exe
  2⤵
  PID:8564
- C:\Windows\System\ndxYNPf.exe
  C:\Windows\System\ndxYNPf.exe
  2⤵
  PID:8620
- C:\Windows\System\KyQDvhw.exe
  C:\Windows\System\KyQDvhw.exe
  2⤵
  PID:8640
- C:\Windows\System\mkSLRen.exe
  C:\Windows\System\mkSLRen.exe
  2⤵
  PID:8680
- C:\Windows\System\FphqGUc.exe
  C:\Windows\System\FphqGUc.exe
  2⤵
  PID:8704
- C:\Windows\System\zpNVmcs.exe
  C:\Windows\System\zpNVmcs.exe
  2⤵
  PID:8736
- C:\Windows\System\dnCTcXp.exe
  C:\Windows\System\dnCTcXp.exe
  2⤵
  PID:8760
- C:\Windows\System\RJXMGhL.exe
  C:\Windows\System\RJXMGhL.exe
  2⤵
  PID:8788
- C:\Windows\System\EUPbXut.exe
  C:\Windows\System\EUPbXut.exe
  2⤵
  PID:8812
- C:\Windows\System\HzZWhCo.exe
  C:\Windows\System\HzZWhCo.exe
  2⤵
  PID:8844
- C:\Windows\System\FizCWte.exe
  C:\Windows\System\FizCWte.exe
  2⤵
  PID:8868
- C:\Windows\System\YXyjewi.exe
  C:\Windows\System\YXyjewi.exe
  2⤵
  PID:8900
- C:\Windows\System\XqYRsNp.exe
  C:\Windows\System\XqYRsNp.exe
  2⤵
  PID:8920
- C:\Windows\System\eBRKNgf.exe
  C:\Windows\System\eBRKNgf.exe
  2⤵
  PID:8960
- C:\Windows\System\bshFAoi.exe
  C:\Windows\System\bshFAoi.exe
  2⤵
  PID:8976
- C:\Windows\System\yaXgKFC.exe
  C:\Windows\System\yaXgKFC.exe
  2⤵
  PID:9016
- C:\Windows\System\nTPgsCc.exe
  C:\Windows\System\nTPgsCc.exe
  2⤵
  PID:9044
- C:\Windows\System\ikAokgx.exe
  C:\Windows\System\ikAokgx.exe
  2⤵
  PID:9060
- C:\Windows\System\GViHDbb.exe
  C:\Windows\System\GViHDbb.exe
  2⤵
  PID:9088
- C:\Windows\System\QrroTCl.exe
  C:\Windows\System\QrroTCl.exe
  2⤵
  PID:9128
- C:\Windows\System\kxqackr.exe
  C:\Windows\System\kxqackr.exe
  2⤵
  PID:9156
- C:\Windows\System\vYrJJhp.exe
  C:\Windows\System\vYrJJhp.exe
  2⤵
  PID:9184
- C:\Windows\System\BulBcyO.exe
  C:\Windows\System\BulBcyO.exe
  2⤵
  PID:7364
- C:\Windows\System\poELHgK.exe
  C:\Windows\System\poELHgK.exe
  2⤵
  PID:8208
- C:\Windows\System\NTwILlo.exe
  C:\Windows\System\NTwILlo.exe
  2⤵
  PID:8296
- C:\Windows\System\reMAaUG.exe
  C:\Windows\System\reMAaUG.exe
  2⤵
  PID:8320
- C:\Windows\System\JqsyZmw.exe
  C:\Windows\System\JqsyZmw.exe
  2⤵
  PID:8428
- C:\Windows\System\TxjKHuC.exe
  C:\Windows\System\TxjKHuC.exe
  2⤵
  PID:8432
- C:\Windows\System\WgKomzN.exe
  C:\Windows\System\WgKomzN.exe
  2⤵
  PID:8516
- C:\Windows\System\vgGWWkz.exe
  C:\Windows\System\vgGWWkz.exe
  2⤵
  PID:8608
- C:\Windows\System\trtFWEW.exe
  C:\Windows\System\trtFWEW.exe
  2⤵
  PID:8636
- C:\Windows\System\UOMLjQK.exe
  C:\Windows\System\UOMLjQK.exe
  2⤵
  PID:8696
- C:\Windows\System\yZEFiUF.exe
  C:\Windows\System\yZEFiUF.exe
  2⤵
  PID:8756
- C:\Windows\System\juCZRxm.exe
  C:\Windows\System\juCZRxm.exe
  2⤵
  PID:8896
- C:\Windows\System\WjliLwF.exe
  C:\Windows\System\WjliLwF.exe
  2⤵
  PID:8916
- C:\Windows\System\pDcdoXU.exe
  C:\Windows\System\pDcdoXU.exe
  2⤵
  PID:8996
- C:\Windows\System\CHXXzEO.exe
  C:\Windows\System\CHXXzEO.exe
  2⤵
  PID:9072
- C:\Windows\System\NxZVzXp.exe
  C:\Windows\System\NxZVzXp.exe
  2⤵
  PID:9148
- C:\Windows\System\eitCDks.exe
  C:\Windows\System\eitCDks.exe
  2⤵
  PID:9208
- C:\Windows\System\iVieaYi.exe
  C:\Windows\System\iVieaYi.exe
  2⤵
  PID:8264
- C:\Windows\System\ZyazFXa.exe
  C:\Windows\System\ZyazFXa.exe
  2⤵
  PID:8488
- C:\Windows\System\NTgtAKA.exe
  C:\Windows\System\NTgtAKA.exe
  2⤵
  PID:8496
- C:\Windows\System\LoscZFn.exe
  C:\Windows\System\LoscZFn.exe
  2⤵
  PID:8808
- C:\Windows\System\AvYGYkO.exe
  C:\Windows\System\AvYGYkO.exe
  2⤵
  PID:8856
- C:\Windows\System\dlNFcJo.exe
  C:\Windows\System\dlNFcJo.exe
  2⤵
  PID:9052
- C:\Windows\System\WGBLLuo.exe
  C:\Windows\System\WGBLLuo.exe
  2⤵
  PID:8124
- C:\Windows\System\AbFWSAo.exe
  C:\Windows\System\AbFWSAo.exe
  2⤵
  PID:9120
- C:\Windows\System\gZKEowe.exe
  C:\Windows\System\gZKEowe.exe
  2⤵
  PID:8268
- C:\Windows\System\roxwvHQ.exe
  C:\Windows\System\roxwvHQ.exe
  2⤵
  PID:8512
- C:\Windows\System\FsfLmbc.exe
  C:\Windows\System\FsfLmbc.exe
  2⤵
  PID:8732
- C:\Windows\System\QDTPYlk.exe
  C:\Windows\System\QDTPYlk.exe
  2⤵
  PID:9116
- C:\Windows\System\zvsRmBK.exe
  C:\Windows\System\zvsRmBK.exe
  2⤵
  PID:8328
- C:\Windows\System\bopPArj.exe
  C:\Windows\System\bopPArj.exe
  2⤵
  PID:8224
- C:\Windows\System\GUNqaHy.exe
  C:\Windows\System\GUNqaHy.exe
  2⤵
  PID:9232
- C:\Windows\System\cWmEBTQ.exe
  C:\Windows\System\cWmEBTQ.exe
  2⤵
  PID:9272
- C:\Windows\System\UHStoEK.exe
  C:\Windows\System\UHStoEK.exe
  2⤵
  PID:9296
- C:\Windows\System\pGhWwRX.exe
  C:\Windows\System\pGhWwRX.exe
  2⤵
  PID:9316
- C:\Windows\System\OVCcFVv.exe
  C:\Windows\System\OVCcFVv.exe
  2⤵
  PID:9364
- C:\Windows\System\GmhHtfC.exe
  C:\Windows\System\GmhHtfC.exe
  2⤵
  PID:9428
- C:\Windows\System\jnBKRfP.exe
  C:\Windows\System\jnBKRfP.exe
  2⤵
  PID:9448
- C:\Windows\System\GOAsPbD.exe
  C:\Windows\System\GOAsPbD.exe
  2⤵
  PID:9464
- C:\Windows\System\oXzllaH.exe
  C:\Windows\System\oXzllaH.exe
  2⤵
  PID:9496
- C:\Windows\System\vrJWDUm.exe
  C:\Windows\System\vrJWDUm.exe
  2⤵
  PID:9532
- C:\Windows\System\zlcrIww.exe
  C:\Windows\System\zlcrIww.exe
  2⤵
  PID:9564
- C:\Windows\System\kCRXHkF.exe
  C:\Windows\System\kCRXHkF.exe
  2⤵
  PID:9592
- C:\Windows\System\QYlGMlM.exe
  C:\Windows\System\QYlGMlM.exe
  2⤵
  PID:9616
- C:\Windows\System\fuqzclM.exe
  C:\Windows\System\fuqzclM.exe
  2⤵
  PID:9636
- C:\Windows\System\MAtyHib.exe
  C:\Windows\System\MAtyHib.exe
  2⤵
  PID:9664
- C:\Windows\System\LivSMgQ.exe
  C:\Windows\System\LivSMgQ.exe
  2⤵
  PID:9692
- C:\Windows\System\MUwKDrA.exe
  C:\Windows\System\MUwKDrA.exe
  2⤵
  PID:9728
- C:\Windows\System\NNtdnAN.exe
  C:\Windows\System\NNtdnAN.exe
  2⤵
  PID:9760
- C:\Windows\System\jwkRNbe.exe
  C:\Windows\System\jwkRNbe.exe
  2⤵
  PID:9784
- C:\Windows\System\JgyevGK.exe
  C:\Windows\System\JgyevGK.exe
  2⤵
  PID:9828
- C:\Windows\System\yIUeVsG.exe
  C:\Windows\System\yIUeVsG.exe
  2⤵
  PID:9852
- C:\Windows\System\IECONcE.exe
  C:\Windows\System\IECONcE.exe
  2⤵
  PID:9888
- C:\Windows\System\qwekikc.exe
  C:\Windows\System\qwekikc.exe
  2⤵
  PID:9928
- C:\Windows\System\KVkpeNr.exe
  C:\Windows\System\KVkpeNr.exe
  2⤵
  PID:9976
- C:\Windows\System\eOjIETu.exe
  C:\Windows\System\eOjIETu.exe
  2⤵
  PID:9996
- C:\Windows\System\RqyAokl.exe
  C:\Windows\System\RqyAokl.exe
  2⤵
  PID:10024
- C:\Windows\System\AIsmtTb.exe
  C:\Windows\System\AIsmtTb.exe
  2⤵
  PID:10052
- C:\Windows\System\EZHHbNT.exe
  C:\Windows\System\EZHHbNT.exe
  2⤵
  PID:10080
- C:\Windows\System\TLSzFHS.exe
  C:\Windows\System\TLSzFHS.exe
  2⤵
  PID:10096
- C:\Windows\System\SsaTZOu.exe
  C:\Windows\System\SsaTZOu.exe
  2⤵
  PID:10132
- C:\Windows\System\MCePmFL.exe
  C:\Windows\System\MCePmFL.exe
  2⤵
  PID:10152
- C:\Windows\System\oRFQsdK.exe
  C:\Windows\System\oRFQsdK.exe
  2⤵
  PID:10204
- C:\Windows\System\cWsPlry.exe
  C:\Windows\System\cWsPlry.exe
  2⤵
  PID:10224
- C:\Windows\System\EoZwQQx.exe
  C:\Windows\System\EoZwQQx.exe
  2⤵
  PID:8940
- C:\Windows\System\RHBFZKA.exe
  C:\Windows\System\RHBFZKA.exe
  2⤵
  PID:9244
- C:\Windows\System\vjjYzRv.exe
  C:\Windows\System\vjjYzRv.exe
  2⤵
  PID:9304
- C:\Windows\System\pqREUiL.exe
  C:\Windows\System\pqREUiL.exe
  2⤵
  PID:9444
- C:\Windows\System\hqiBWNn.exe
  C:\Windows\System\hqiBWNn.exe
  2⤵
  PID:9548
- C:\Windows\System\bytkCmk.exe
  C:\Windows\System\bytkCmk.exe
  2⤵
  PID:9632
- C:\Windows\System\uZpjsCG.exe
  C:\Windows\System\uZpjsCG.exe
  2⤵
  PID:9712
- C:\Windows\System\XfprENL.exe
  C:\Windows\System\XfprENL.exe
  2⤵
  PID:9748
- C:\Windows\System\CiIKAaa.exe
  C:\Windows\System\CiIKAaa.exe
  2⤵
  PID:9884
- C:\Windows\System\pKeXHIm.exe
  C:\Windows\System\pKeXHIm.exe
  2⤵
  PID:9940
- C:\Windows\System\kGXcxXN.exe
  C:\Windows\System\kGXcxXN.exe
  2⤵
  PID:10036
- C:\Windows\System\VfkVinX.exe
  C:\Windows\System\VfkVinX.exe
  2⤵
  PID:10116
- C:\Windows\System\zTUGaES.exe
  C:\Windows\System\zTUGaES.exe
  2⤵
  PID:4360
- C:\Windows\System\wGSmxjT.exe
  C:\Windows\System\wGSmxjT.exe
  2⤵
  PID:7908
- C:\Windows\System\QFFgqmz.exe
  C:\Windows\System\QFFgqmz.exe
  2⤵
  PID:9456
- C:\Windows\System\YAzwUzp.exe
  C:\Windows\System\YAzwUzp.exe
  2⤵
  PID:9544
- C:\Windows\System\SGAQbUl.exe
  C:\Windows\System\SGAQbUl.exe
  2⤵
  PID:9684
- C:\Windows\System\tyxXmpA.exe
  C:\Windows\System\tyxXmpA.exe
  2⤵
  PID:416
- C:\Windows\System\DUDfGCN.exe
  C:\Windows\System\DUDfGCN.exe
  2⤵
  PID:9964
- C:\Windows\System\PlrBoyP.exe
  C:\Windows\System\PlrBoyP.exe
  2⤵
  PID:10212
- C:\Windows\System\Meaqzqt.exe
  C:\Windows\System\Meaqzqt.exe
  2⤵
  PID:2004
- C:\Windows\System\FlIWxKJ.exe
  C:\Windows\System\FlIWxKJ.exe
  2⤵
  PID:2568
- C:\Windows\System\FzPWJam.exe
  C:\Windows\System\FzPWJam.exe
  2⤵
  PID:9356
- C:\Windows\System\rRjpEwi.exe
  C:\Windows\System\rRjpEwi.exe
  2⤵
  PID:9672
- C:\Windows\System\HdUXrQi.exe
  C:\Windows\System\HdUXrQi.exe
  2⤵
  PID:3860
- C:\Windows\System\FfKpOcu.exe
  C:\Windows\System\FfKpOcu.exe
  2⤵
  PID:2076
- C:\Windows\System\vKMifoL.exe
  C:\Windows\System\vKMifoL.exe
  2⤵
  PID:2768
- C:\Windows\System\HSLQxvN.exe
  C:\Windows\System\HSLQxvN.exe
  2⤵
  PID:9820
- C:\Windows\System\wowHFPa.exe
  C:\Windows\System\wowHFPa.exe
  2⤵
  PID:1596
- C:\Windows\System\sZiCvlg.exe
  C:\Windows\System\sZiCvlg.exe
  2⤵
  PID:2960
- C:\Windows\System\vVElAtT.exe
  C:\Windows\System\vVElAtT.exe
  2⤵
  PID:10260
- C:\Windows\System\eWRGZmP.exe
  C:\Windows\System\eWRGZmP.exe
  2⤵
  PID:10288
- C:\Windows\System\TpKGpzQ.exe
  C:\Windows\System\TpKGpzQ.exe
  2⤵
  PID:10304
- C:\Windows\System\oVZvgte.exe
  C:\Windows\System\oVZvgte.exe
  2⤵
  PID:10332
- C:\Windows\System\IApPktM.exe
  C:\Windows\System\IApPktM.exe
  2⤵
  PID:10360
- C:\Windows\System\HGXlnWi.exe
  C:\Windows\System\HGXlnWi.exe
  2⤵
  PID:10392
- C:\Windows\System\IHWBqDO.exe
  C:\Windows\System\IHWBqDO.exe
  2⤵
  PID:10420
- C:\Windows\System\PSacsJh.exe
  C:\Windows\System\PSacsJh.exe
  2⤵
  PID:10448
- C:\Windows\System\gHmtMoz.exe
  C:\Windows\System\gHmtMoz.exe
  2⤵
  PID:10472
- C:\Windows\System\kcDbIuN.exe
  C:\Windows\System\kcDbIuN.exe
  2⤵
  PID:10496
- C:\Windows\System\mmOlrmA.exe
  C:\Windows\System\mmOlrmA.exe
  2⤵
  PID:10520
- C:\Windows\System\SMVGLGM.exe
  C:\Windows\System\SMVGLGM.exe
  2⤵
  PID:10536
- C:\Windows\System\oXaBRRY.exe
  C:\Windows\System\oXaBRRY.exe
  2⤵
  PID:10576
- C:\Windows\System\YZRLDUD.exe
  C:\Windows\System\YZRLDUD.exe
  2⤵
  PID:10632
- C:\Windows\System\JsPkEIX.exe
  C:\Windows\System\JsPkEIX.exe
  2⤵
  PID:10660
- C:\Windows\System\JmlBqiV.exe
  C:\Windows\System\JmlBqiV.exe
  2⤵
  PID:10688
- C:\Windows\System\MxBbrNm.exe
  C:\Windows\System\MxBbrNm.exe
  2⤵
  PID:10716
- C:\Windows\System\KkFwQwo.exe
  C:\Windows\System\KkFwQwo.exe
  2⤵
  PID:10744
- C:\Windows\System\gVIazvb.exe
  C:\Windows\System\gVIazvb.exe
  2⤵
  PID:10760
- C:\Windows\System\bAQqOOy.exe
  C:\Windows\System\bAQqOOy.exe
  2⤵
  PID:10792
- C:\Windows\System\zhEiacr.exe
  C:\Windows\System\zhEiacr.exe
  2⤵
  PID:10824
- C:\Windows\System\QSImquS.exe
  C:\Windows\System\QSImquS.exe
  2⤵
  PID:10860
- C:\Windows\System\ESgfyqv.exe
  C:\Windows\System\ESgfyqv.exe
  2⤵
  PID:10888
- C:\Windows\System\iMuFsbo.exe
  C:\Windows\System\iMuFsbo.exe
  2⤵
  PID:10912
- C:\Windows\System\DmrkBLU.exe
  C:\Windows\System\DmrkBLU.exe
  2⤵
  PID:10940
- C:\Windows\System\PXibXYi.exe
  C:\Windows\System\PXibXYi.exe
  2⤵
  PID:10968
- C:\Windows\System\ZvnvwRC.exe
  C:\Windows\System\ZvnvwRC.exe
  2⤵
  PID:10988
- C:\Windows\System\ErnNaow.exe
  C:\Windows\System\ErnNaow.exe
  2⤵
  PID:11024
- C:\Windows\System\zTBferp.exe
  C:\Windows\System\zTBferp.exe
  2⤵
  PID:11060
- C:\Windows\System\KFUyXfb.exe
  C:\Windows\System\KFUyXfb.exe
  2⤵
  PID:11088
- C:\Windows\System\PfsQXwy.exe
  C:\Windows\System\PfsQXwy.exe
  2⤵
  PID:11116
- C:\Windows\System\mPSWVlk.exe
  C:\Windows\System\mPSWVlk.exe
  2⤵
  PID:11140
- C:\Windows\System\EAAVgCH.exe
  C:\Windows\System\EAAVgCH.exe
  2⤵
  PID:11160
- C:\Windows\System\qYcRgUn.exe
  C:\Windows\System\qYcRgUn.exe
  2⤵
  PID:11188
- C:\Windows\System\qctGhWH.exe
  C:\Windows\System\qctGhWH.exe
  2⤵
  PID:11216
- C:\Windows\System\ZDJMfqG.exe
  C:\Windows\System\ZDJMfqG.exe
  2⤵
  PID:11244
- C:\Windows\System\CgRmBsW.exe
  C:\Windows\System\CgRmBsW.exe
  2⤵
  PID:10248
- C:\Windows\System\WcFdelP.exe
  C:\Windows\System\WcFdelP.exe
  2⤵
  PID:10300
- C:\Windows\System\dUubeza.exe
  C:\Windows\System\dUubeza.exe
  2⤵
  PID:10356
- C:\Windows\System\WimFZKD.exe
  C:\Windows\System\WimFZKD.exe
  2⤵
  PID:10508
- C:\Windows\System\aOhewXO.exe
  C:\Windows\System\aOhewXO.exe
  2⤵
  PID:10564
- C:\Windows\System\fuuxQdL.exe
  C:\Windows\System\fuuxQdL.exe
  2⤵
  PID:10652
- C:\Windows\System\GTsrKgk.exe
  C:\Windows\System\GTsrKgk.exe
  2⤵
  PID:10704
- C:\Windows\System\DpmAxuS.exe
  C:\Windows\System\DpmAxuS.exe
  2⤵
  PID:10752
- C:\Windows\System\XDHpSRU.exe
  C:\Windows\System\XDHpSRU.exe
  2⤵
  PID:4744
- C:\Windows\System\XceEACt.exe
  C:\Windows\System\XceEACt.exe
  2⤵
  PID:10920
- C:\Windows\System\RGqRfmA.exe
  C:\Windows\System\RGqRfmA.exe
  2⤵
  PID:10984
- C:\Windows\System\HcLGmwQ.exe
  C:\Windows\System\HcLGmwQ.exe
  2⤵
  PID:11052
- C:\Windows\System\omHcKOh.exe
  C:\Windows\System\omHcKOh.exe
  2⤵
  PID:11108
- C:\Windows\System\ZofKrVp.exe
  C:\Windows\System\ZofKrVp.exe
  2⤵
  PID:11136
- C:\Windows\System\sfjRkcA.exe
  C:\Windows\System\sfjRkcA.exe
  2⤵
  PID:11228
- C:\Windows\System\xdCeGEe.exe
  C:\Windows\System\xdCeGEe.exe
  2⤵
  PID:10348
- C:\Windows\System\dLawKcd.exe
  C:\Windows\System\dLawKcd.exe
  2⤵
  PID:10480
- C:\Windows\System\RxOwGfU.exe
  C:\Windows\System\RxOwGfU.exe
  2⤵
  PID:10616
- C:\Windows\System\DVnWIts.exe
  C:\Windows\System\DVnWIts.exe
  2⤵
  PID:10700
- C:\Windows\System\xugPUAe.exe
  C:\Windows\System\xugPUAe.exe
  2⤵
  PID:10960
- C:\Windows\System\sctPuwO.exe
  C:\Windows\System\sctPuwO.exe
  2⤵
  PID:11072
- C:\Windows\System\lUIpVIM.exe
  C:\Windows\System\lUIpVIM.exe
  2⤵
  PID:11152
- C:\Windows\System\xVAXquO.exe
  C:\Windows\System\xVAXquO.exe
  2⤵
  PID:10436
- C:\Windows\System\Aagbzmn.exe
  C:\Windows\System\Aagbzmn.exe
  2⤵
  PID:10680
- C:\Windows\System\cMlplHl.exe
  C:\Windows\System\cMlplHl.exe
  2⤵
  PID:11008
- C:\Windows\System\pDbdKXY.exe
  C:\Windows\System\pDbdKXY.exe
  2⤵
  PID:10884
- C:\Windows\System\WSDtYgT.exe
  C:\Windows\System\WSDtYgT.exe
  2⤵
  PID:11276
- C:\Windows\System\gNLfUtc.exe
  C:\Windows\System\gNLfUtc.exe
  2⤵
  PID:11324
- C:\Windows\System\TKHqpNq.exe
  C:\Windows\System\TKHqpNq.exe
  2⤵
  PID:11352
- C:\Windows\System\qRcYcUM.exe
  C:\Windows\System\qRcYcUM.exe
  2⤵
  PID:11376
- C:\Windows\System\kHyYLTa.exe
  C:\Windows\System\kHyYLTa.exe
  2⤵
  PID:11396
- C:\Windows\System\FTJjTRy.exe
  C:\Windows\System\FTJjTRy.exe
  2⤵
  PID:11432
- C:\Windows\System\UkQutXm.exe
  C:\Windows\System\UkQutXm.exe
  2⤵
  PID:11456
- C:\Windows\System\AhfNxne.exe
  C:\Windows\System\AhfNxne.exe
  2⤵
  PID:11480
- C:\Windows\System\vRGiieR.exe
  C:\Windows\System\vRGiieR.exe
  2⤵
  PID:11508
- C:\Windows\System\aislcfS.exe
  C:\Windows\System\aislcfS.exe
  2⤵
  PID:11540
- C:\Windows\System\FmEaaMC.exe
  C:\Windows\System\FmEaaMC.exe
  2⤵
  PID:11568
- C:\Windows\System\RiFaahT.exe
  C:\Windows\System\RiFaahT.exe
  2⤵
  PID:11596
- C:\Windows\System\PfAThct.exe
  C:\Windows\System\PfAThct.exe
  2⤵
  PID:11632
- C:\Windows\System\PJkiJio.exe
  C:\Windows\System\PJkiJio.exe
  2⤵
  PID:11668
- C:\Windows\System\axSFisc.exe
  C:\Windows\System\axSFisc.exe
  2⤵
  PID:11704
- C:\Windows\System\PRykkrp.exe
  C:\Windows\System\PRykkrp.exe
  2⤵
  PID:11732
- C:\Windows\System\PiNwTCL.exe
  C:\Windows\System\PiNwTCL.exe
  2⤵
  PID:11752
- C:\Windows\System\ZktHGUN.exe
  C:\Windows\System\ZktHGUN.exe
  2⤵
  PID:11776
- C:\Windows\System\cfvnjLa.exe
  C:\Windows\System\cfvnjLa.exe
  2⤵
  PID:11816
- C:\Windows\System\Zkgwfko.exe
  C:\Windows\System\Zkgwfko.exe
  2⤵
  PID:11844
- C:\Windows\System\nwjDoJr.exe
  C:\Windows\System\nwjDoJr.exe
  2⤵
  PID:11872
- C:\Windows\System\DICiPRD.exe
  C:\Windows\System\DICiPRD.exe
  2⤵
  PID:11888
- C:\Windows\System\yPYBYBV.exe
  C:\Windows\System\yPYBYBV.exe
  2⤵
  PID:11928
- C:\Windows\System\yQjJExU.exe
  C:\Windows\System\yQjJExU.exe
  2⤵
  PID:11944
- C:\Windows\System\dVcBLTB.exe
  C:\Windows\System\dVcBLTB.exe
  2⤵
  PID:11984
- C:\Windows\System\SzbBjsq.exe
  C:\Windows\System\SzbBjsq.exe
  2⤵
  PID:12012
- C:\Windows\System\sKTbhFD.exe
  C:\Windows\System\sKTbhFD.exe
  2⤵
  PID:12040
- C:\Windows\System\KtADFYi.exe
  C:\Windows\System\KtADFYi.exe
  2⤵
  PID:12068
- C:\Windows\System\NrtJiDG.exe
  C:\Windows\System\NrtJiDG.exe
  2⤵
  PID:12096
- C:\Windows\System\JCtybMJ.exe
  C:\Windows\System\JCtybMJ.exe
  2⤵
  PID:12124
- C:\Windows\System\TWVpcgE.exe
  C:\Windows\System\TWVpcgE.exe
  2⤵
  PID:12152
- C:\Windows\System\VhGtCvp.exe
  C:\Windows\System\VhGtCvp.exe
  2⤵
  PID:12168
- C:\Windows\System\JvgSzsy.exe
  C:\Windows\System\JvgSzsy.exe
  2⤵
  PID:12208
- C:\Windows\System\EvuYdlf.exe
  C:\Windows\System\EvuYdlf.exe
  2⤵
  PID:12228
- C:\Windows\System\PKPGKvH.exe
  C:\Windows\System\PKPGKvH.exe
  2⤵
  PID:12264
- C:\Windows\System\eEauaHx.exe
  C:\Windows\System\eEauaHx.exe
  2⤵
  PID:11204
- C:\Windows\System\vSpUEtO.exe
  C:\Windows\System\vSpUEtO.exe
  2⤵
  PID:11300
- C:\Windows\System\nIOdQew.exe
  C:\Windows\System\nIOdQew.exe
  2⤵
  PID:11372
- C:\Windows\System\iKBejia.exe
  C:\Windows\System\iKBejia.exe
  2⤵
  PID:11404
- C:\Windows\System\rxJVBwM.exe
  C:\Windows\System\rxJVBwM.exe
  2⤵
  PID:11476
- C:\Windows\System\vOZiZzS.exe
  C:\Windows\System\vOZiZzS.exe
  2⤵
  PID:11580
- C:\Windows\System\BwHXJKF.exe
  C:\Windows\System\BwHXJKF.exe
  2⤵
  PID:11656
- C:\Windows\System\YkxpgwL.exe
  C:\Windows\System\YkxpgwL.exe
  2⤵
  PID:11796
- C:\Windows\System\teRdQXH.exe
  C:\Windows\System\teRdQXH.exe
  2⤵
  PID:11864
- C:\Windows\System\SIHzmLk.exe
  C:\Windows\System\SIHzmLk.exe
  2⤵
  PID:11920
- C:\Windows\System\CGAcCvO.exe
  C:\Windows\System\CGAcCvO.exe
  2⤵
  PID:11980
- C:\Windows\System\EFuAnhU.exe
  C:\Windows\System\EFuAnhU.exe
  2⤵
  PID:12092
- C:\Windows\System\UfYLzKW.exe
  C:\Windows\System\UfYLzKW.exe
  2⤵
  PID:12136
- C:\Windows\System\ILZxojl.exe
  C:\Windows\System\ILZxojl.exe
  2⤵
  PID:9688
- C:\Windows\System\kNpLxRL.exe
  C:\Windows\System\kNpLxRL.exe
  2⤵
  PID:10456
- C:\Windows\System\UJRgrtm.exe
  C:\Windows\System\UJRgrtm.exe
  2⤵
  PID:12192
- C:\Windows\System\GMxsaTG.exe
  C:\Windows\System\GMxsaTG.exe
  2⤵
  PID:11272
- C:\Windows\System\SIKSlax.exe
  C:\Windows\System\SIKSlax.exe
  2⤵
  PID:11452
- C:\Windows\System\SjhaYuU.exe
  C:\Windows\System\SjhaYuU.exe
  2⤵
  PID:11364
- C:\Windows\System\RbDDiwY.exe
  C:\Windows\System\RbDDiwY.exe
  2⤵
  PID:11772
- C:\Windows\System\yDOXtVs.exe
  C:\Windows\System\yDOXtVs.exe
  2⤵
  PID:11976
- C:\Windows\System\DMiwUPK.exe
  C:\Windows\System\DMiwUPK.exe
  2⤵
  PID:12108
- C:\Windows\System\AWlDjbl.exe
  C:\Windows\System\AWlDjbl.exe
  2⤵
  PID:12180
- C:\Windows\System\rwDPlic.exe
  C:\Windows\System\rwDPlic.exe
  2⤵
  PID:11392
- C:\Windows\System\sVPOYzS.exe
  C:\Windows\System\sVPOYzS.exe
  2⤵
  PID:11616
- C:\Windows\System\nAvYfUR.exe
  C:\Windows\System\nAvYfUR.exe
  2⤵
  PID:11836
- C:\Windows\System\veJWXrY.exe
  C:\Windows\System\veJWXrY.exe
  2⤵
  PID:12220
- C:\Windows\System\HssqzVA.exe
  C:\Windows\System\HssqzVA.exe
  2⤵
  PID:11592
- C:\Windows\System\RDrmvcF.exe
  C:\Windows\System\RDrmvcF.exe
  2⤵
  PID:12248
- C:\Windows\System\sQUsunp.exe
  C:\Windows\System\sQUsunp.exe
  2⤵
  PID:12292
- C:\Windows\System\fBxrbJV.exe
  C:\Windows\System\fBxrbJV.exe
  2⤵
  PID:12328
- C:\Windows\System\ddrzLBK.exe
  C:\Windows\System\ddrzLBK.exe
  2⤵
  PID:12356
- C:\Windows\System\MUlXBdd.exe
  C:\Windows\System\MUlXBdd.exe
  2⤵
  PID:12380
- C:\Windows\System\VDTeutr.exe
  C:\Windows\System\VDTeutr.exe
  2⤵
  PID:12400
- C:\Windows\System\bekNRMu.exe
  C:\Windows\System\bekNRMu.exe
  2⤵
  PID:12416
- C:\Windows\System\ZUoGIYj.exe
  C:\Windows\System\ZUoGIYj.exe
  2⤵
  PID:12444
- C:\Windows\System\foUllcF.exe
  C:\Windows\System\foUllcF.exe
  2⤵
  PID:12468
- C:\Windows\System\jTLfdAd.exe
  C:\Windows\System\jTLfdAd.exe
  2⤵
  PID:12512
- C:\Windows\System\cuViJOl.exe
  C:\Windows\System\cuViJOl.exe
  2⤵
  PID:12540
- C:\Windows\System\dQKuxWO.exe
  C:\Windows\System\dQKuxWO.exe
  2⤵
  PID:12600
- C:\Windows\System\ngCOzPd.exe
  C:\Windows\System\ngCOzPd.exe
  2⤵
  PID:12616
- C:\Windows\System\gGlRrwM.exe
  C:\Windows\System\gGlRrwM.exe
  2⤵
  PID:12644
- C:\Windows\System\kJtxqcI.exe
  C:\Windows\System\kJtxqcI.exe
  2⤵
  PID:12672
- C:\Windows\System\RPzSaxc.exe
  C:\Windows\System\RPzSaxc.exe
  2⤵
  PID:12688
- C:\Windows\System\RPqBCfZ.exe
  C:\Windows\System\RPqBCfZ.exe
  2⤵
  PID:12720
- C:\Windows\System\HAGYlqz.exe
  C:\Windows\System\HAGYlqz.exe
  2⤵
  PID:12748
- C:\Windows\System\kTdZrZX.exe
  C:\Windows\System\kTdZrZX.exe
  2⤵
  PID:12788
- C:\Windows\System\MgRbNJA.exe
  C:\Windows\System\MgRbNJA.exe
  2⤵
  PID:12816
- C:\Windows\System\ZEmOtKR.exe
  C:\Windows\System\ZEmOtKR.exe
  2⤵
  PID:12844
- C:\Windows\System\IGGAbFd.exe
  C:\Windows\System\IGGAbFd.exe
  2⤵
  PID:12872
- C:\Windows\System\omSzYmz.exe
  C:\Windows\System\omSzYmz.exe
  2⤵
  PID:12900
- C:\Windows\System\OlHQsFG.exe
  C:\Windows\System\OlHQsFG.exe
  2⤵
  PID:12916
- C:\Windows\System\SQDXHlU.exe
  C:\Windows\System\SQDXHlU.exe
  2⤵
  PID:12936
- C:\Windows\System\Lxiizqj.exe
  C:\Windows\System\Lxiizqj.exe
  2⤵
  PID:12968
- C:\Windows\System\xcXZrZi.exe
  C:\Windows\System\xcXZrZi.exe
  2⤵
  PID:13004
- C:\Windows\System\EhHleTY.exe
  C:\Windows\System\EhHleTY.exe
  2⤵
  PID:13032
- C:\Windows\System\yEEZmWG.exe
  C:\Windows\System\yEEZmWG.exe
  2⤵
  PID:13060
- C:\Windows\System\rZmfFVz.exe
  C:\Windows\System\rZmfFVz.exe
  2⤵
  PID:13100
- C:\Windows\System\yCRcPia.exe
  C:\Windows\System\yCRcPia.exe
  2⤵
  PID:13128
- C:\Windows\System\klvdJrn.exe
  C:\Windows\System\klvdJrn.exe
  2⤵
  PID:13156
- C:\Windows\System\UshwKQR.exe
  C:\Windows\System\UshwKQR.exe
  2⤵
  PID:13184
- C:\Windows\System\kMemjHl.exe
  C:\Windows\System\kMemjHl.exe
  2⤵
  PID:13212
- C:\Windows\System\peKGbCP.exe
  C:\Windows\System\peKGbCP.exe
  2⤵
  PID:13240
- C:\Windows\System\VuivhWQ.exe
  C:\Windows\System\VuivhWQ.exe
  2⤵
  PID:13256
- C:\Windows\System\mLZEDtG.exe
  C:\Windows\System\mLZEDtG.exe
  2⤵
  PID:13296
- C:\Windows\System\TIOCHtE.exe
  C:\Windows\System\TIOCHtE.exe
  2⤵
  PID:12316
- C:\Windows\System\ytGfUDP.exe
  C:\Windows\System\ytGfUDP.exe
  2⤵
  PID:12392
- C:\Windows\System\IUebXim.exe
  C:\Windows\System\IUebXim.exe
  2⤵
  PID:12452
- C:\Windows\System\CpWVico.exe
  C:\Windows\System\CpWVico.exe
  2⤵
  PID:12500
- C:\Windows\System\hERegCN.exe
  C:\Windows\System\hERegCN.exe
  2⤵
  PID:12588
- C:\Windows\System\qIZzWXd.exe
  C:\Windows\System\qIZzWXd.exe
  2⤵
  PID:12632
- C:\Windows\System\uqRzGZX.exe
  C:\Windows\System\uqRzGZX.exe
  2⤵
  PID:12680
- C:\Windows\System\QzKmbRj.exe
  C:\Windows\System\QzKmbRj.exe
  2⤵
  PID:12764
- C:\Windows\System\ofLbzaq.exe
  C:\Windows\System\ofLbzaq.exe
  2⤵
  PID:12832
- C:\Windows\System\WzABvru.exe
  C:\Windows\System\WzABvru.exe
  2⤵
  PID:12908
- C:\Windows\System\ZbPwDAI.exe
  C:\Windows\System\ZbPwDAI.exe
  2⤵
  PID:13020
- C:\Windows\System\EZDBcSd.exe
  C:\Windows\System\EZDBcSd.exe
  2⤵
  PID:13048
- C:\Windows\System\xYbizCn.exe
  C:\Windows\System\xYbizCn.exe
  2⤵
  PID:13116
- C:\Windows\System\NUnHhrl.exe
  C:\Windows\System\NUnHhrl.exe
  2⤵
  PID:13176
- C:\Windows\System\rzzDdeG.exe
  C:\Windows\System\rzzDdeG.exe
  2⤵
  PID:13236
- C:\Windows\System\ZhhdwyC.exe
  C:\Windows\System\ZhhdwyC.exe
  2⤵
  PID:12596
- C:\Windows\System\MniqUrU.exe
  C:\Windows\System\MniqUrU.exe
  2⤵
  PID:12428
- C:\Windows\System\cfekeGu.exe
  C:\Windows\System\cfekeGu.exe
  2⤵
  PID:12496
- C:\Windows\System\JMrIknw.exe
  C:\Windows\System\JMrIknw.exe
  2⤵
  PID:12668
- C:\Windows\System\iVVGsjp.exe
  C:\Windows\System\iVVGsjp.exe
  2⤵
  PID:12884
- C:\Windows\System\DLkHbgZ.exe
  C:\Windows\System\DLkHbgZ.exe
  2⤵
  PID:12964
- C:\Windows\System\bodSoSu.exe
  C:\Windows\System\bodSoSu.exe
  2⤵
  PID:13096
- C:\Windows\System\gmZEVcA.exe
  C:\Windows\System\gmZEVcA.exe
  2⤵
  PID:13284
- C:\Windows\System\UKPpbBA.exe
  C:\Windows\System\UKPpbBA.exe
  2⤵
  PID:12408
- C:\Windows\System\bSLrAKV.exe
  C:\Windows\System\bSLrAKV.exe
  2⤵
  PID:13088
- C:\Windows\System\XuYgGaR.exe
  C:\Windows\System\XuYgGaR.exe
  2⤵
  PID:12412
- C:\Windows\System\uDmhTKz.exe
  C:\Windows\System\uDmhTKz.exe
  2⤵
  PID:12320
- C:\Windows\System\pJjaOVk.exe
  C:\Windows\System\pJjaOVk.exe
  2⤵
  PID:12732
- C:\Windows\System\svzRXSb.exe
  C:\Windows\System\svzRXSb.exe
  2⤵
  PID:13332
- C:\Windows\System\meffnjJ.exe
  C:\Windows\System\meffnjJ.exe
  2⤵
  PID:13360
- C:\Windows\System\zvqfOtR.exe
  C:\Windows\System\zvqfOtR.exe
  2⤵
  PID:13388
- C:\Windows\System\kBMgiov.exe
  C:\Windows\System\kBMgiov.exe
  2⤵
  PID:13416
- C:\Windows\System\JKnQyLO.exe
  C:\Windows\System\JKnQyLO.exe
  2⤵
  PID:13444
- C:\Windows\System\eNIobRS.exe
  C:\Windows\System\eNIobRS.exe
  2⤵
  PID:13472
- C:\Windows\System\LsvIukt.exe
  C:\Windows\System\LsvIukt.exe
  2⤵
  PID:13500
- C:\Windows\System\CVIkmPS.exe
  C:\Windows\System\CVIkmPS.exe
  2⤵
  PID:13528
- C:\Windows\System\kGfHzso.exe
  C:\Windows\System\kGfHzso.exe
  2⤵
  PID:13556
- C:\Windows\System\NDXWPip.exe
  C:\Windows\System\NDXWPip.exe
  2⤵
  PID:13584
- C:\Windows\System\oJIntkl.exe
  C:\Windows\System\oJIntkl.exe
  2⤵
  PID:13612
- C:\Windows\System\LbwNnwn.exe
  C:\Windows\System\LbwNnwn.exe
  2⤵
  PID:13628
- C:\Windows\System\IBLnPLG.exe
  C:\Windows\System\IBLnPLG.exe
  2⤵
  PID:13660
- C:\Windows\System\XzsIGZk.exe
  C:\Windows\System\XzsIGZk.exe
  2⤵
  PID:13696
- C:\Windows\System\Myvpqtg.exe
  C:\Windows\System\Myvpqtg.exe
  2⤵
  PID:13724
- C:\Windows\System\bICJlrz.exe
  C:\Windows\System\bICJlrz.exe
  2⤵
  PID:13748
- C:\Windows\System\gswTaZv.exe
  C:\Windows\System\gswTaZv.exe
  2⤵
  PID:13776
- C:\Windows\System\jWETCQo.exe
  C:\Windows\System\jWETCQo.exe
  2⤵
  PID:13796
- C:\Windows\System\GXAOvYs.exe
  C:\Windows\System\GXAOvYs.exe
  2⤵
  PID:13824
- C:\Windows\System\riVZrLd.exe
  C:\Windows\System\riVZrLd.exe
  2⤵
  PID:13840
- C:\Windows\System\xOORupZ.exe
  C:\Windows\System\xOORupZ.exe
  2⤵
  PID:13892
- C:\Windows\System\bHJePuT.exe
  C:\Windows\System\bHJePuT.exe
  2⤵
  PID:13916
- C:\Windows\System\PfbCdHM.exe
  C:\Windows\System\PfbCdHM.exe
  2⤵
  PID:13948
- C:\Windows\System\OymqYdy.exe
  C:\Windows\System\OymqYdy.exe
  2⤵
  PID:13976
- C:\Windows\System\fhablYm.exe
  C:\Windows\System\fhablYm.exe
  2⤵
  PID:14004
- C:\Windows\System\bvEQFbV.exe
  C:\Windows\System\bvEQFbV.exe
  2⤵
  PID:14032
- C:\Windows\System\HzUnxWr.exe
  C:\Windows\System\HzUnxWr.exe
  2⤵
  PID:14060
- C:\Windows\System\mrOhqrq.exe
  C:\Windows\System\mrOhqrq.exe
  2⤵
  PID:14088
- C:\Windows\System\JSgsNMz.exe
  C:\Windows\System\JSgsNMz.exe
  2⤵
  PID:14116
- C:\Windows\System\NvmZqrv.exe
  C:\Windows\System\NvmZqrv.exe
  2⤵
  PID:14144
- C:\Windows\System\aBnSpBy.exe
  C:\Windows\System\aBnSpBy.exe
  2⤵
  PID:14172
- C:\Windows\System\BqfeDaL.exe
  C:\Windows\System\BqfeDaL.exe
  2⤵
  PID:14200
- C:\Windows\System\oGiQOoZ.exe
  C:\Windows\System\oGiQOoZ.exe
  2⤵
  PID:14228
- C:\Windows\System\lHqEBLC.exe
  C:\Windows\System\lHqEBLC.exe
  2⤵
  PID:14256
- C:\Windows\System\mtSvIdE.exe
  C:\Windows\System\mtSvIdE.exe
  2⤵
  PID:14276
- C:\Windows\System\ksrMvKT.exe
  C:\Windows\System\ksrMvKT.exe
  2⤵
  PID:14312
- C:\Windows\System\nsCXEdc.exe
  C:\Windows\System\nsCXEdc.exe
  2⤵
  PID:13328
- C:\Windows\System\abgAfwR.exe
  C:\Windows\System\abgAfwR.exe
  2⤵
  PID:13404
- C:\Windows\System\GDquXFZ.exe
  C:\Windows\System\GDquXFZ.exe
  2⤵
  PID:13460
- C:\Windows\System\IPHILcK.exe
  C:\Windows\System\IPHILcK.exe
  2⤵
  PID:13524
- C:\Windows\System\VcoRJHF.exe
  C:\Windows\System\VcoRJHF.exe
  2⤵
  PID:13596
- C:\Windows\System\brTQdln.exe
  C:\Windows\System\brTQdln.exe
  2⤵
  PID:13648
- C:\Windows\System\nCxRsgo.exe
  C:\Windows\System\nCxRsgo.exe
  2⤵
  PID:13716
- C:\Windows\System\MgOmFwr.exe
  C:\Windows\System\MgOmFwr.exe
  2⤵
  PID:13772
- C:\Windows\System\aoOuivO.exe
  C:\Windows\System\aoOuivO.exe
  2⤵
  PID:13836
- C:\Windows\System\zpyLLeu.exe
  C:\Windows\System\zpyLLeu.exe
  2⤵
  PID:13912
- C:\Windows\System\XHyeClo.exe
  C:\Windows\System\XHyeClo.exe
  2⤵
  PID:13988
- C:\Windows\System\jtprFja.exe
  C:\Windows\System\jtprFja.exe
  2⤵
  PID:14048
- C:\Windows\System\SdPGudZ.exe
  C:\Windows\System\SdPGudZ.exe
  2⤵
  PID:12528
- C:\Windows\System\luhSuWc.exe
  C:\Windows\System\luhSuWc.exe
  2⤵
  PID:14156
- C:\Windows\System\FAqGsHH.exe
  C:\Windows\System\FAqGsHH.exe
  2⤵
  PID:14196
- C:\Windows\System\VHQfVJu.exe
  C:\Windows\System\VHQfVJu.exe
  2⤵
  PID:14264
- C:\Windows\System\URBnsal.exe
  C:\Windows\System\URBnsal.exe
  2⤵
  PID:13380
- C:\Windows\System\DjCMnBd.exe
  C:\Windows\System\DjCMnBd.exe
  2⤵
  PID:13456
- C:\Windows\System\DFQWGNw.exe
  C:\Windows\System\DFQWGNw.exe
  2⤵
  PID:13644
- C:\Windows\System\BkdcxZo.exe
  C:\Windows\System\BkdcxZo.exe
  2⤵
  PID:13756
- C:\Windows\System\BIXjyfD.exe
  C:\Windows\System\BIXjyfD.exe
  2⤵
  PID:13944
- C:\Windows\System\spqOSmy.exe
  C:\Windows\System\spqOSmy.exe
  2⤵
  PID:14072
- C:\Windows\System\RTrgucW.exe
  C:\Windows\System\RTrgucW.exe
  2⤵
  PID:14184
- C:\Windows\System\FfuiUWC.exe
  C:\Windows\System\FfuiUWC.exe
  2⤵
  PID:13428
- C:\Windows\System\WeWLCqE.exe
  C:\Windows\System\WeWLCqE.exe
  2⤵
  PID:13888
- C:\Windows\System\BrxvRYW.exe
  C:\Windows\System\BrxvRYW.exe
  2⤵
  PID:14168
- C:\Windows\System\rAlVLpe.exe
  C:\Windows\System\rAlVLpe.exe
  2⤵
  PID:13436
- C:\Windows\System\IyEOWDm.exe
  C:\Windows\System\IyEOWDm.exe
  2⤵
  PID:14344
- C:\Windows\System\hfQoISV.exe
  C:\Windows\System\hfQoISV.exe
  2⤵
  PID:14368
- C:\Windows\System\wfJWRUf.exe
  C:\Windows\System\wfJWRUf.exe
  2⤵
  PID:14392
- C:\Windows\System\orCvXXS.exe
  C:\Windows\System\orCvXXS.exe
  2⤵
  PID:14408
- C:\Windows\System\cGobiOs.exe
  C:\Windows\System\cGobiOs.exe
  2⤵
  PID:14444
- C:\Windows\System\kvftERW.exe
  C:\Windows\System\kvftERW.exe
  2⤵
  PID:14476
- C:\Windows\System\TavJzwj.exe
  C:\Windows\System\TavJzwj.exe
  2⤵
  PID:14496
- C:\Windows\System\KtUYvKj.exe
  C:\Windows\System\KtUYvKj.exe
  2⤵
  PID:14532
- C:\Windows\System\MwxTtJN.exe
  C:\Windows\System\MwxTtJN.exe
  2⤵
  PID:14560
- C:\Windows\System\POhYEnA.exe
  C:\Windows\System\POhYEnA.exe
  2⤵
  PID:14584
- C:\Windows\System\ZwFjOac.exe
  C:\Windows\System\ZwFjOac.exe
  2⤵
  PID:14608
- C:\Windows\System\acCCvuC.exe
  C:\Windows\System\acCCvuC.exe
  2⤵
  PID:14644
- C:\Windows\System\XjMxTzW.exe
  C:\Windows\System\XjMxTzW.exe
  2⤵
  PID:14676
- C:\Windows\System\gWtAMIF.exe
  C:\Windows\System\gWtAMIF.exe
  2⤵
  PID:14704
- C:\Windows\System\TFCaZJY.exe
  C:\Windows\System\TFCaZJY.exe
  2⤵
  PID:14728
- C:\Windows\System\RGJGkAo.exe
  C:\Windows\System\RGJGkAo.exe
  2⤵
  PID:14744
- C:\Windows\System\vsXxBBL.exe
  C:\Windows\System\vsXxBBL.exe
  2⤵
  PID:14784
- C:\Windows\System\nYFTLGf.exe
  C:\Windows\System\nYFTLGf.exe
  2⤵
  PID:14800
- C:\Windows\System\UDhwNDC.exe
  C:\Windows\System\UDhwNDC.exe
  2⤵
  PID:14832
- C:\Windows\System\chOtLfm.exe
  C:\Windows\System\chOtLfm.exe
  2⤵
  PID:14868
- C:\Windows\System\lUuOLni.exe
  C:\Windows\System\lUuOLni.exe
  2⤵
  PID:14900
- C:\Windows\System\RJZtzOA.exe
  C:\Windows\System\RJZtzOA.exe
  2⤵
  PID:14932
- C:\Windows\System\rWRytcA.exe
  C:\Windows\System\rWRytcA.exe
  2⤵
  PID:14964
- C:\Windows\System\hzedMku.exe
  C:\Windows\System\hzedMku.exe
  2⤵
  PID:14984
- C:\Windows\System\tLqcxqH.exe
  C:\Windows\System\tLqcxqH.exe
  2⤵
  PID:15012
- C:\Windows\System\zVhDzlF.exe
  C:\Windows\System\zVhDzlF.exe
  2⤵
  PID:15028
- C:\Windows\System\oZBLvhh.exe
  C:\Windows\System\oZBLvhh.exe
  2⤵
  PID:15068
- C:\Windows\System\RDcpoeU.exe
  C:\Windows\System\RDcpoeU.exe
  2⤵
  PID:15088
- C:\Windows\System\EXybtTL.exe
  C:\Windows\System\EXybtTL.exe
  2⤵
  PID:15112
- C:\Windows\System\SGiixzl.exe
  C:\Windows\System\SGiixzl.exe
  2⤵
  PID:15144
- C:\Windows\System\ikmPMKM.exe
  C:\Windows\System\ikmPMKM.exe
  2⤵
  PID:15184
- C:\Windows\System\BWSepNl.exe
  C:\Windows\System\BWSepNl.exe
  2⤵
  PID:15216
- C:\Windows\System\deiAaQg.exe
  C:\Windows\System\deiAaQg.exe
  2⤵
  PID:15248
- C:\Windows\System\qoRUIgR.exe
  C:\Windows\System\qoRUIgR.exe
  2⤵
  PID:15268
- C:\Windows\System\RjaJZtI.exe
  C:\Windows\System\RjaJZtI.exe
  2⤵
  PID:15292
- C:\Windows\System\LHxXZcS.exe
  C:\Windows\System\LHxXZcS.exe
  2⤵
  PID:15320
- C:\Windows\System\LdzdPpB.exe
  C:\Windows\System\LdzdPpB.exe
  2⤵
  PID:15348
- C:\Windows\System\drrkWyC.exe
  C:\Windows\System\drrkWyC.exe
  2⤵
  PID:14136
- C:\Windows\System\rGXFhnU.exe
  C:\Windows\System\rGXFhnU.exe
  2⤵
  PID:14376
- C:\Windows\System\evgvynt.exe
  C:\Windows\System\evgvynt.exe
  2⤵
  PID:4612
- C:\Windows\System\yIkTSyK.exe
  C:\Windows\System\yIkTSyK.exe
  2⤵
  PID:14428
- C:\Windows\System\msVZict.exe
  C:\Windows\System\msVZict.exe
  2⤵
  PID:14484
- C:\Windows\System\nRFTJcv.exe
  C:\Windows\System\nRFTJcv.exe
  2⤵
  PID:14548
- C:\Windows\System\LFKSYzo.exe
  C:\Windows\System\LFKSYzo.exe
  2⤵
  PID:14636
- C:\Windows\System\VuXSafz.exe
  C:\Windows\System\VuXSafz.exe
  2⤵
  PID:14716
- C:\Windows\System\WpCVFjV.exe
  C:\Windows\System\WpCVFjV.exe
  2⤵
  PID:14816
- C:\Windows\System\eTXkJXe.exe
  C:\Windows\System\eTXkJXe.exe
  2⤵
  PID:14824
- C:\Windows\System\jvrdcqQ.exe
  C:\Windows\System\jvrdcqQ.exe
  2⤵
  PID:14912
- C:\Windows\System\JEEhIgV.exe
  C:\Windows\System\JEEhIgV.exe
  2⤵
  PID:14996
- C:\Windows\System\lnlCQxH.exe
  C:\Windows\System\lnlCQxH.exe
  2⤵
  PID:15044
- C:\Windows\System\oWDlsty.exe
  C:\Windows\System\oWDlsty.exe
  2⤵
  PID:15096
- C:\Windows\System\aXlBQdG.exe
  C:\Windows\System\aXlBQdG.exe
  2⤵
  PID:15176
- C:\Windows\System\alEvtuT.exe
  C:\Windows\System\alEvtuT.exe
  2⤵
  PID:15236
- C:\Windows\System\FkDlUIO.exe
  C:\Windows\System\FkDlUIO.exe
  2⤵
  PID:15240
- C:\Windows\System\LHDCFEO.exe
  C:\Windows\System\LHDCFEO.exe
  2⤵
  PID:15300
- C:\Windows\System\ixxciZD.exe
  C:\Windows\System\ixxciZD.exe
  2⤵
  PID:4396
- C:\Windows\System\aHTDSuI.exe
  C:\Windows\System\aHTDSuI.exe
  2⤵
  PID:14508
- C:\Windows\System\DWEBgkL.exe
  C:\Windows\System\DWEBgkL.exe
  2⤵
  PID:14856
- C:\Windows\System\ZUwQSGj.exe
  C:\Windows\System\ZUwQSGj.exe
  2⤵
  PID:15152
- C:\Windows\System\oPoFxVy.exe
  C:\Windows\System\oPoFxVy.exe
  2⤵
  PID:14596
- C:\Windows\System\hNarNho.exe
  C:\Windows\System\hNarNho.exe
  2⤵
  PID:14812
- C:\Windows\System\qydkobP.exe
  C:\Windows\System\qydkobP.exe
  2⤵
  PID:14024
- C:\Windows\System\YylCgNc.exe
  C:\Windows\System\YylCgNc.exe
  2⤵
  PID:212
- C:\Windows\System\dXPgbxN.exe
  C:\Windows\System\dXPgbxN.exe
  2⤵
  PID:4660
- C:\Windows\System\GcycFbT.exe
  C:\Windows\System\GcycFbT.exe
  2⤵
  PID:14768
- C:\Windows\System\wmJEDeH.exe
  C:\Windows\System\wmJEDeH.exe
  2⤵
  PID:14860
- C:\Windows\System\QPpMYRb.exe
  C:\Windows\System\QPpMYRb.exe
  2⤵
  PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4612,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:8
1⤵
PID:4520

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\Ckvoxfq.exe

Filesize
2.7MB

MD5
71e2c4f595919fe550185a952e39fd2d

SHA1
94e7012cab0891619129f0ff5a3af771c81d2249

SHA256
ef782606e4dcf1a32c26f124a6d9fe25015863f8571cc82c393a47d4f089a314

SHA512
6a4d009ea7b7dc34dd984b3947efd995c84e32938e120fef686fb032cb4c1eb79e80165cac4787699360a2f8c78d1f522de4a054a88cfbf5d8fd466d5366ecb1

Download Submit
C:\Windows\System\EXjDAFF.exe

Filesize
2.7MB

MD5
8eaec727d7eae4f1b00f072fd300487d

SHA1
93e12663175b447afe052a44fe9074a4bb685648

SHA256
ec61e9c5e21d8fa2d52bc3ea216ec1bf6affa288855d85e80dc620f7a4e27105

SHA512
688701976d468f7b145cabf813c61e00b7464b4559acab3b56ac5572f0d3e759e9a37eee64e65fd6abe23e6c49d72622aea2988f492f70b53d7ff5d160815964

Download Submit
C:\Windows\System\EpRnqTY.exe

Filesize
2.7MB

MD5
e6d91dee1992d3ea603cbb7cc9a5eeca

SHA1
5430fc6076e8c5f9c739e1a16b933b47df64621d

SHA256
08601f93f5f67a32d414fe27dc7b3567d6dc55ff5b98d343dd97851d8d670e19

SHA512
b048a17f3e3b22b861ec72fc3dfe64ef7eaebf6d6e20ae4e1a74d81850c5ea67dd07a73008997b03cbf1768669ab23bd27bad04bc7b8163aa6f43614494f5b41

Download Submit
C:\Windows\System\GIAYAnw.exe

Filesize
2.7MB

MD5
3582a8f5727c2f47ddef241bafe97b28

SHA1
eb85cbe596db42375eb0058ceb10b8f256a79ca5

SHA256
9452ef208b95f11c1982441ee61a4f9a03331e0960155a64d365566a67fcd75b

SHA512
435527780015618124a018a9dc202c5d0ca5a3747790bb9aab711a64d037e37c45c9d974ceee4b0d8eb097b9d88eb950ee29f9c23f9e8f63df1e4ab01065d029

Download Submit
C:\Windows\System\IJQHvgY.exe

Filesize
2.7MB

MD5
a02627088b177f5e0e4d2a4de8129224

SHA1
88634e16c33320285d51cb91c83d053be75edb8e

SHA256
1c1b9d43bbaa70745e30691719d8178893e194f1321e87dbb94572d8b2c9cdb5

SHA512
ae52ef218caf53c702a1fe52be6c0daf67a8c528113d9d1753a026e43560d1ff5caaac8af9645cb3fd41584bd2d99f3578df5786f928ede03a884ccb8f11babb

Download Submit
C:\Windows\System\JrygyoA.exe

Filesize
2.7MB

MD5
40859d2c87d642b4917980e0f5370b56

SHA1
b37ecfb48b4482335caae327ba0a0e398024f9be

SHA256
e899ae7f8293983d1bee717cca3d16d2820eafd791758301a681fdc9fe9d4abe

SHA512
88307d14511599606ddf5ff744938afd9540e6f4b679ebab654a2d3e0e589539c81ccc56be34006e7a892b1e6a6513826fb9d3119e1856299c62e73047ee007e

Download Submit
C:\Windows\System\KaWOgKq.exe

Filesize
2.7MB

MD5
3da62637bc027f18247f3caaa2d254fd

SHA1
06a9c164d66c78144c3e641e2595d521946a7413

SHA256
51b86fd5509daab3b2522111ad98843410931c203a987fa82d3b90a91dd540d4

SHA512
3dc223490a2a4f916bf43b672308e193710e21b5d0f315ce8b180fe86883697fb790c2ca41a7563cbfd3f387d6cc68953cab3734fc276cd5665920f67697ffe5

Download Submit
C:\Windows\System\LUMxoDU.exe

Filesize
2.7MB

MD5
e038bddfeaf6f6f1ebbcfa1277072a63

SHA1
72eb5de8b8c95f37d31eb466a60037109cf74404

SHA256
8c72e3b5cee8c683b0db7e2b259286cbb2795320eb4f255b10a7fb8afb703731

SHA512
a9d794381bde23fa9133a8f0f2da40986869f035374f09ca61a6afaa5b167c736cba7abef93618a44714091e111a78c235c088a596244601c205d7e64a3449b1

Download Submit
C:\Windows\System\LboPCNr.exe

Filesize
2.7MB

MD5
692fa35e8eacf99d5f037d8c6ddb1e7b

SHA1
07e321abeabea50e6af52d64ca044bb7046a30a2

SHA256
2edb7c530076a85112c4e8262014dddfc775754a8353a1f9bceb5c55a1f8fb26

SHA512
9b7ac89ad51acf742943449108b595e481e275b256e0bdb3950bcf5c1d741834914d5006c14c8ebba7dfe15ec9e4bdf82508f6c6f4d4c3307b34da8bd0134f9e

Download Submit
C:\Windows\System\NEsLNsS.exe

Filesize
2.7MB

MD5
1b3c9f0714fbac7aa9f210b328cd3873

SHA1
52c4f16d3fa5caeac4789c95c3bf78dbb84a5ad9

SHA256
468f6210135f7ee3b25acb8f13a25cfe932c22540dd384a15b7e56455b341145

SHA512
a6e94c88cde2a4d0f98b101eb71779052f38b624f2a47e8f3f8b6822b205600f38a6fb528d116758a86a1248ff963d629284455cb9f6abfba46d9926b9a832e4

Download Submit
C:\Windows\System\QVnwKVP.exe

Filesize
2.7MB

MD5
8ccfd30e3944c5921ddf40950c809c20

SHA1
33db1bee88b8ea43672697e92bc232042ffac2f0

SHA256
3066840c98f408d907c1ddbc82ad906f809994022facab6a5a242541488fcda6

SHA512
2239187cb172166af32543f82e430e411821552f98b9b3e7978ec6c97ac7ee0b98abd236e50757f22e4e4c7543f359500ec67a4a602ecf4f929ed57902ec2ce3

Download Submit
C:\Windows\System\QWIYxQW.exe

Filesize
2.7MB

MD5
cd2d65b0d1cc00a4fe3259c780815f69

SHA1
aade5be5fc8480c24c1458ec3f8adc394e1667cb

SHA256
ae7a1f37a009437e56170972c5a7e9778921ea977e8b0e8ebb0f6effef9ad765

SHA512
bdcdabc10cc240ebace8927f6c998adc7464178b07c5d2b469719ea6b61c57ae7dea5717f74c062155ca1e546748cd2d26be9b83681a18ae4f6163f14d150a2e

Download Submit
C:\Windows\System\SEwhiRd.exe

Filesize
2.7MB

MD5
5c016cb55dd9c12802c7aebeee904c64

SHA1
1c42069f741a4ece7155830d27da24d0371cb449

SHA256
a36107e77895b2e1593dd96bf6560f5a5cafa43607d082e9cab76aae5a2a5fbc

SHA512
6294b3fc51d801c15be3c620a09935a4d5eea0f2866faa23598b7c0dc9c5aedaa2e781079d6d06e648c1870978630b22f1409b9d99ea71e5c8741db4537627ee

Download Submit
C:\Windows\System\SUgLCQm.exe

Filesize
2.7MB

MD5
780f8c9e205477400e9523b65d94e3b2

SHA1
cc1383ac35c4038a0b622b04346307c403473716

SHA256
8bb64465dbf4e7e29a5e44be1fd75e3d644fc300dea9ed7e7eeffc5e048167b7

SHA512
cb9c256c96d2ecdb05480066c81cc7b52557641bed5080fb11ff3fa6a90929818b3e0264e8366daec5f1e02b60b3d63c4fb8c51e5fabc1982b9eeac019fda1fe

Download Submit
C:\Windows\System\UgOSWiF.exe

Filesize
2.7MB

MD5
6b801477a52faa813cd2ce83a418e72b

SHA1
a169736063b9d731e47fc4ed67304ae96d5798c8

SHA256
ab07254244ea20b9ac17377cb8ec4375f97e5be3c3f7d33cbb19eb698bcbc5c2

SHA512
1cd8349bd17e36306c8db3c98dd6ceca1be6ce335b966a64024158ba49ad8b863f7d059d7435e2ff48072e4c81b879777b19ec668fea231528abf442dcebfeed

Download Submit
C:\Windows\System\YibDqVv.exe

Filesize
2.7MB

MD5
8d0ff5fd47dd2d81fa70d340ee361765

SHA1
84cb945ae3c4822bfcebbf218e499b8460d66d17

SHA256
0335af8c39e4b25d6009eec086e803caffb74c9de1f4f217782bb6df34627cfa

SHA512
7b405c079d673d8683b02fb75295a92268c5d109229bb21328e4439b4e90051fa8d0b9d01288d6c8424fca3042a4f54871f8582c2f55cb409e3ddc885421c7c3

Download Submit
C:\Windows\System\ZZEbDnt.exe

Filesize
2.7MB

MD5
b7e5dc0af024a2b6d639d24f21d1198d

SHA1
9cd4a670e6ca7aebedc2b8c5b9098774fc33062e

SHA256
e1b782fd7ee6f13d47e5d770d1d5e864aecdf090d86907815ee1c379a481855c

SHA512
df484884d7ec25a2f7a8832325a4d0e28dc8008b0b10a2cab7746b68ad4fd7479b0ec710f1a1576a33ebde2278d83a9e1be7e3084bb9baf159f010fca815e4d2

Download Submit
C:\Windows\System\cUnQwmW.exe

Filesize
2.7MB

MD5
0cb2d9dc48cef51606b77e84f1abdeba

SHA1
1dc53ec5d5da9d99c42c7aaf7b9b03f0e9795d2b

SHA256
cda71a3871ab18346c66889039f21489f2f6ff4504aeffe23dbe3e7122261510

SHA512
be28eaa2d221093d9a366a9cf12c899b611351dea495a004414e89c25f514db4bdb5ce4075552805255826009dbd7a9bd27d9927dbd72e2b5d5faded7e699dc8

Download Submit
C:\Windows\System\caZDlrE.exe

Filesize
2.7MB

MD5
0956994424551e24931924596c128a2a

SHA1
03184af2dab34a056513254c2a8db702fc59baaa

SHA256
2d7318f31459261eb93f13466a7669085536a424f43cb732571b92af547bc6c8

SHA512
72b3e9f3d424bd5799f0e4d9bdd4e07bd182ca3253035d3526b36a28dbc7ec2074fb2129d0937b9c18918dce57870c9bb57e65a506e4494471774d2604f5db66

Download Submit
C:\Windows\System\ckYiIyi.exe

Filesize
2.7MB

MD5
9693a0bb84cfd77a8d335175c998a174

SHA1
ae3d3aa27d0a94b534a0435f291d48c7eb856cbd

SHA256
4146320e8175e4971c015dabb059a7b10ad351b364444c128ad8f4875094d6bb

SHA512
a55c37d781b780441cd88721c390889deb762acb6f2f5e856f60e844cfe6e95fb528254b56104e9219ffe3498f28eff14c32de94105f44d002a53b60c5b35aba

Download Submit
C:\Windows\System\fKEsDJC.exe

Filesize
2.7MB

MD5
d94ee6b084e445696282f378a832c34c

SHA1
566751d711258a6e8f4cfe1dc80860c8fa1fca32

SHA256
4a61e71a93eaad8931d7121c143f7ac412953abbf1e078bd7224c7411f9e61dc

SHA512
bc5557dd76c9092af5da3dd947eaf2caf7d36a39107d2d31e8394e783dfa1ba916319ce1a7ae2c0cd5df7ba4be2cd55010ca965ac25993e34ce46baeafa60a6d

Download Submit
C:\Windows\System\fTFAsvz.exe

Filesize
2.7MB

MD5
f12755e867371fe0a219198a47d770ba

SHA1
bf317e519c05f8243ae407d9b162aeaf648610c2

SHA256
d06129c3fc57baba3246b75c9a99129f90fa503c878ece17120badb00c98278e

SHA512
ca6915fee4ad32be91f2a804056dec339a2837b37d4c581f3416b6127bcff456c7d0d06a0e24d4588302d611ca939610938d5d1faba82160dd16b84939eb197f

Download Submit
C:\Windows\System\gjCkMQg.exe

Filesize
2.7MB

MD5
bcd62cd15c3772421189fb3d40f290c0

SHA1
a9665a827c4567d895e386a981b2d1cbf77520b2

SHA256
c476ce174b2db9e60c2351947ab55575db35eb74619eb32519d3a8e7a9fd76f7

SHA512
1376c477960308129c846658f4e4db1426c46ee9f3e850dfaf03786ee125fc2424446898555b286f759ca1343a8f159ba513771f52e1ecbe798f81b2f03ec715

Download Submit
C:\Windows\System\gssPtOc.exe

Filesize
2.7MB

MD5
bd8cca1e156124636dabe339d14dc821

SHA1
57346edcc4ca773b0f5d84d07654ca4155dce6a8

SHA256
9ed7a1ea93ad143af6cca2b77bb1dbde3062bbfa6a6d6b19e17f57fdc7bff127

SHA512
5adbd16c374b1ceaae57fb981d327846f346d6ee08e0117440fed9065b362b33287c1a4dd9481782b91e2d7c9db80603341ccea93e1c3de0283ec3b281747796

Download Submit
C:\Windows\System\izdaEFS.exe

Filesize
2.7MB

MD5
1366d9089e849d49d5770e5b56bafe1d

SHA1
7d7337c6d966df63d9c8be0f972c161a8dfa3ede

SHA256
746ba9b25c3d46a390cd24677c2b3d710824970b07dfebbd1aae3e8993e0b0f1

SHA512
aa0b3d5f69e469b4814d44edfbf497485f05271c2b1d07c44c3ea3f495258be4714489cca0f8135729a31807e9b3955e4eae3675879652014e26dc4d1dfb5a2a

Download Submit
C:\Windows\System\jVlJpON.exe

Filesize
2.7MB

MD5
f2cdbe8ec5670087e908004c7f7c72a4

SHA1
5e8146fe5147b9ce7ba29c9cecc1fb48f09ddc1c

SHA256
21393d0ae57a3416afddc230195799acbd95729f62b39589ada61643bda213b8

SHA512
96fd6cda556677de9427be204f7b64824f138a2f392ab058d2338062df608c6259d3caf4019d81f1845fce9853b580d2b0a35286dc90126769a93dbd536ea2c7

Download Submit
C:\Windows\System\lgKZmIm.exe

Filesize
2.7MB

MD5
a338d9fef78a6a98961bfa6ef3ea8847

SHA1
99485d92a285da546dec1df07e1e738bf7e238c8

SHA256
7b087acbe8d54c5c871e0bb622791ad5c79e106fae5b17150de7dccf2f225de7

SHA512
bda78aa6968ebb2efa0fd0fa4e72dd610bcc768814efea00847aadc206d475cdf8ea3f1c0d54813948c9a468cb5f526af83791d38e336d0d552a5d92eccf6ea2

Download Submit
C:\Windows\System\mCaZlOf.exe

Filesize
2.7MB

MD5
9b2fd2eb44080e9a0e4640777b579d1d

SHA1
052874af3afaee23a08c98efd62c972570bfe8b1

SHA256
48ae7db7cfa528459fb04462cdf6c7191baac2d766ee97a5debd9475db46e8eb

SHA512
f4626ce3c13647f61a575bf4cc7f5d473022b437c7033eba83a939098c4acde603eaa52288d4e4d19599b2625c684a5a4700c98859376f6708f774b9152f182e

Download Submit
C:\Windows\System\nhcCsAE.exe

Filesize
2.7MB

MD5
e65e70aa54dd114b9114aa2ccf9e815e

SHA1
f87f97d22f771c876bbd9e8da895c4ea3d557fee

SHA256
4552fe0d16a92adaf82f0823d8eb77c064845cf2666476a512dc82bc6f85caa0

SHA512
2b54a57d3de60ac01e1610bf2fd905d5fea25d737358a09c8db46bd8620ab11f18545ef817802a52784e87d02aef168f5616d37a370fc39b1b6de43043a51bd1

Download Submit
C:\Windows\System\nkfVEWV.exe

Filesize
2.7MB

MD5
8f234df232b1367c72fb0c5f08592b7b

SHA1
ae0bbda0baaa246892457576803a5011ed083ff8

SHA256
511900552872176c7f916181afb49ac95a344c21366627bd813d3148e83d0dfd

SHA512
3e8d8af51a22c0cf2817f7df3422100eb72972d5b720ac5192a2b8b13cefd3ed6abb17b3e32ca13d58328213fab13eb0d357c1b5b4559f1e5e9dd15bf1591e24

Download Submit
C:\Windows\System\vsmqTYt.exe

Filesize
2.7MB

MD5
1a4531361a67ec10a2b4ff384532d508

SHA1
63ba84ce5fce0af24e22f66a0baa25c05f9edf6a

SHA256
d5bffd3c3d95d717e6694c297ebca236b3f959113ef8a2929fb6f7dabc33ef3f

SHA512
1eb70fa57c7e5701db8e7dd0a83d9cf59138566cb7200bc4c3572c30387a9c4e22299eda695545074ee9c92128b1c4006461d3611da7b0b234b6975ec30ca2a7

Download Submit
C:\Windows\System\wREJMoY.exe

Filesize
2.7MB

MD5
011e0e5854b414480ca8db8b018b4f02

SHA1
a6fe2c48d599a67a7780c9b82ccc260ba259a6c5

SHA256
5084c2b2b9940e657055ecd10babc0a3c3dc0d756fd4091e926e27c6058a82b1

SHA512
150cc8044e9db2b28d15fc97b17d980807712fa89b4c0458a3829ec6abd06b9bb338685697cd0d5560882aee177205fbb58687b45cfc98996cbe76585a99ff90

Download Submit
C:\Windows\System\yldGtdi.exe

Filesize
2.7MB

MD5
f9658433f76387c7eacdb96aa25c6746

SHA1
1c93a85069d27565656cf138a5caf52ca7d5dd17

SHA256
5bb37f329dc3ce8521c083aa8813a88b222b83c870163bbb7dc915ec30d996b0

SHA512
3b801e83f358b51b02f3d6b4221c5e0f5534b1c53389fc02e4aaa0f3c86f00698945d80ac2e454c311a9a1110fc360bdea1650b1ad384d26d8186aeb28def3a7

Download Submit
memory/968-16-0x00007FF6D8620000-0x00007FF6D8974000-memory.dmp

Filesize
3.3MB

Download
memory/968-2190-0x00007FF6D8620000-0x00007FF6D8974000-memory.dmp

Filesize
3.3MB

Download
memory/1012-2239-0x00007FF60DE20000-0x00007FF60E174000-memory.dmp

Filesize
3.3MB

Download
memory/1012-57-0x00007FF60DE20000-0x00007FF60E174000-memory.dmp

Filesize
3.3MB

Download
memory/1012-455-0x00007FF60DE20000-0x00007FF60E174000-memory.dmp

Filesize
3.3MB

Download
memory/1128-2334-0x00007FF6D3B50000-0x00007FF6D3EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1128-130-0x00007FF6D3B50000-0x00007FF6D3EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2337-0x00007FF73EEB0000-0x00007FF73F204000-memory.dmp

Filesize
3.3MB

Download
memory/1248-135-0x00007FF73EEB0000-0x00007FF73F204000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2336-0x00007FF7E3890000-0x00007FF7E3BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-125-0x00007FF7E3890000-0x00007FF7E3BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1471-0x00007FF6405F0000-0x00007FF640944000-memory.dmp

Filesize
3.3MB

Download
memory/1716-101-0x00007FF6405F0000-0x00007FF640944000-memory.dmp

Filesize
3.3MB

Download
memory/1716-2332-0x00007FF6405F0000-0x00007FF640944000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2252-0x00007FF7F4D80000-0x00007FF7F50D4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-74-0x00007FF7F4D80000-0x00007FF7F50D4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-8-0x00007FF7F3DB0000-0x00007FF7F4104000-memory.dmp

Filesize
3.3MB

Download
memory/2516-156-0x00007FF7F3DB0000-0x00007FF7F4104000-memory.dmp

Filesize
3.3MB

Download
memory/2792-25-0x00007FF7A23E0000-0x00007FF7A2734000-memory.dmp

Filesize
3.3MB

Download
memory/2792-174-0x00007FF7A23E0000-0x00007FF7A2734000-memory.dmp

Filesize
3.3MB

Download
memory/2900-0-0x00007FF7588B0000-0x00007FF758C04000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1-0x000002D0DCD10000-0x000002D0DCD20000-memory.dmp

Filesize
64KB

Download
memory/2900-143-0x00007FF7588B0000-0x00007FF758C04000-memory.dmp

Filesize
3.3MB

Download
memory/3092-2331-0x00007FF6EA0A0000-0x00007FF6EA3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3092-87-0x00007FF6EA0A0000-0x00007FF6EA3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3092-1081-0x00007FF6EA0A0000-0x00007FF6EA3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2340-0x00007FF72E6A0000-0x00007FF72E9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3176-112-0x00007FF72E6A0000-0x00007FF72E9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3176-1474-0x00007FF72E6A0000-0x00007FF72E9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3212-173-0x00007FF789370000-0x00007FF7896C4000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2346-0x00007FF789370000-0x00007FF7896C4000-memory.dmp

Filesize
3.3MB

Download
memory/3292-179-0x00007FF75FA30000-0x00007FF75FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3292-40-0x00007FF75FA30000-0x00007FF75FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3292-2229-0x00007FF75FA30000-0x00007FF75FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3380-144-0x00007FF65C7E0000-0x00007FF65CB34000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2329-0x00007FF65C7E0000-0x00007FF65CB34000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2342-0x00007FF65C7E0000-0x00007FF65CB34000-memory.dmp

Filesize
3.3MB

Download
memory/3412-2224-0x00007FF63DA00000-0x00007FF63DD54000-memory.dmp

Filesize
3.3MB

Download
memory/3412-56-0x00007FF63DA00000-0x00007FF63DD54000-memory.dmp

Filesize
3.3MB

Download
memory/3564-73-0x00007FF64B900000-0x00007FF64BC54000-memory.dmp

Filesize
3.3MB

Download
memory/3564-2245-0x00007FF64B900000-0x00007FF64BC54000-memory.dmp

Filesize
3.3MB

Download
memory/3712-67-0x00007FF7D0D40000-0x00007FF7D1094000-memory.dmp

Filesize
3.3MB

Download
memory/3712-457-0x00007FF7D0D40000-0x00007FF7D1094000-memory.dmp

Filesize
3.3MB

Download
memory/3852-140-0x00007FF659C70000-0x00007FF659FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2335-0x00007FF659C70000-0x00007FF659FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4196-2338-0x00007FF73BBC0000-0x00007FF73BF14000-memory.dmp

Filesize
3.3MB

Download
memory/4196-141-0x00007FF73BBC0000-0x00007FF73BF14000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2341-0x00007FF7A8ED0000-0x00007FF7A9224000-memory.dmp

Filesize
3.3MB

Download
memory/4268-142-0x00007FF7A8ED0000-0x00007FF7A9224000-memory.dmp

Filesize
3.3MB

Download
memory/4336-175-0x00007FF63F830000-0x00007FF63FB84000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2330-0x00007FF63F830000-0x00007FF63FB84000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2348-0x00007FF63F830000-0x00007FF63FB84000-memory.dmp

Filesize
3.3MB

Download
memory/4432-2212-0x00007FF6715A0000-0x00007FF6718F4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-34-0x00007FF6715A0000-0x00007FF6718F4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-177-0x00007FF6715A0000-0x00007FF6718F4000-memory.dmp

Filesize
3.3MB

Download
memory/4464-2344-0x00007FF7586A0000-0x00007FF7589F4000-memory.dmp

Filesize
3.3MB

Download
memory/4464-167-0x00007FF7586A0000-0x00007FF7589F4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2345-0x00007FF78B740000-0x00007FF78BA94000-memory.dmp

Filesize
3.3MB

Download
memory/4584-168-0x00007FF78B740000-0x00007FF78BA94000-memory.dmp

Filesize
3.3MB

Download
memory/4644-2232-0x00007FF798D50000-0x00007FF7990A4000-memory.dmp

Filesize
3.3MB

Download
memory/4644-70-0x00007FF798D50000-0x00007FF7990A4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-2333-0x00007FF7CFFA0000-0x00007FF7D02F4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-93-0x00007FF7CFFA0000-0x00007FF7D02F4000-memory.dmp

Filesize
3.3MB

Download
memory/4712-1469-0x00007FF7CFFA0000-0x00007FF7D02F4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2339-0x00007FF6CC830000-0x00007FF6CCB84000-memory.dmp

Filesize
3.3MB

Download
memory/4848-139-0x00007FF6CC830000-0x00007FF6CCB84000-memory.dmp

Filesize
3.3MB

Download
memory/4928-50-0x00007FF6256B0000-0x00007FF625A04000-memory.dmp

Filesize
3.3MB

Download
memory/5044-2343-0x00007FF67B1F0000-0x00007FF67B544000-memory.dmp

Filesize
3.3MB

Download
memory/5044-2347-0x00007FF67B1F0000-0x00007FF67B544000-memory.dmp

Filesize
3.3MB

Download
memory/5044-176-0x00007FF67B1F0000-0x00007FF67B544000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads