xmrig | 2ec1a8b857a9628db3248bb5f699b6a5ef6c5367fb65b97e922def73cdbe19dc

Analysis

max time kernel
124s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
Size

2.6MB
MD5

8a5774715ae5bc5cf3f3659ef5278730
SHA1

b06c8c917544b1fab8380893ba3f0da08b4d25c5
SHA256

2ec1a8b857a9628db3248bb5f699b6a5ef6c5367fb65b97e922def73cdbe19dc
SHA512

f4b284d76779c96736f6686f8e0cb1fea614a79a42e935dbdeafca96868dd3f1eb10ae376eea2fdf3a780e68d13716ee93747481b85869d16fb28fb2101b94e5
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmSd5wjTBU81lYHApm:BemTLkNdfE0pZra

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5348-0-0x00007FF75B930000-0x00007FF75BC84000-memory.dmp	xmrig
behavioral2/files/0x00080000000233ff-6.dat	xmrig
behavioral2/files/0x0007000000023403-11.dat	xmrig
behavioral2/files/0x0007000000023404-16.dat	xmrig
behavioral2/files/0x0007000000023406-28.dat	xmrig
behavioral2/files/0x0007000000023408-40.dat	xmrig
behavioral2/files/0x0007000000023409-44.dat	xmrig
behavioral2/files/0x000700000002340b-57.dat	xmrig
behavioral2/files/0x000700000002340c-63.dat	xmrig
behavioral2/memory/432-65-0x00007FF7C5360000-0x00007FF7C56B4000-memory.dmp	xmrig
behavioral2/memory/5776-66-0x00007FF7EE290000-0x00007FF7EE5E4000-memory.dmp	xmrig
behavioral2/memory/3568-64-0x00007FF69E2C0000-0x00007FF69E614000-memory.dmp	xmrig
behavioral2/memory/4224-62-0x00007FF75D2E0000-0x00007FF75D634000-memory.dmp	xmrig
behavioral2/memory/5140-59-0x00007FF69F5F0000-0x00007FF69F944000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-55.dat	xmrig
behavioral2/files/0x000700000002340d-71.dat	xmrig
behavioral2/files/0x0007000000023412-96.dat	xmrig
behavioral2/memory/2152-110-0x00007FF77F140000-0x00007FF77F494000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-118.dat	xmrig
behavioral2/memory/3848-130-0x00007FF67C580000-0x00007FF67C8D4000-memory.dmp	xmrig
behavioral2/memory/2228-138-0x00007FF74E4E0000-0x00007FF74E834000-memory.dmp	xmrig
behavioral2/memory/5348-146-0x00007FF75B930000-0x00007FF75BC84000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-153.dat	xmrig
behavioral2/files/0x0007000000023419-151.dat	xmrig
behavioral2/files/0x0007000000023418-149.dat	xmrig
behavioral2/memory/456-148-0x00007FF7D7DC0000-0x00007FF7D8114000-memory.dmp	xmrig
behavioral2/memory/5648-147-0x00007FF6F1AD0000-0x00007FF6F1E24000-memory.dmp	xmrig
behavioral2/memory/2116-145-0x00007FF72D630000-0x00007FF72D984000-memory.dmp	xmrig
behavioral2/memory/2104-144-0x00007FF686B80000-0x00007FF686ED4000-memory.dmp	xmrig
behavioral2/memory/3272-132-0x00007FF6F18F0000-0x00007FF6F1C44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023417-131.dat	xmrig
behavioral2/memory/4956-127-0x00007FF7A67D0000-0x00007FF7A6B24000-memory.dmp	xmrig
behavioral2/memory/6064-123-0x00007FF7675F0000-0x00007FF767944000-memory.dmp	xmrig
behavioral2/memory/3580-122-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-120.dat	xmrig
behavioral2/files/0x0007000000023415-116.dat	xmrig
behavioral2/memory/4736-115-0x00007FF6D5DD0000-0x00007FF6D6124000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-114.dat	xmrig
behavioral2/memory/5232-111-0x00007FF639140000-0x00007FF639494000-memory.dmp	xmrig
behavioral2/memory/5532-109-0x00007FF642580000-0x00007FF6428D4000-memory.dmp	xmrig
behavioral2/memory/4652-104-0x00007FF622F90000-0x00007FF6232E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-92.dat	xmrig
behavioral2/files/0x000700000002340f-90.dat	xmrig
behavioral2/files/0x0007000000023410-88.dat	xmrig
behavioral2/files/0x0008000000023400-86.dat	xmrig
behavioral2/memory/3260-52-0x00007FF7F9CD0000-0x00007FF7FA024000-memory.dmp	xmrig
behavioral2/memory/4196-48-0x00007FF657F10000-0x00007FF658264000-memory.dmp	xmrig
behavioral2/files/0x0007000000023407-38.dat	xmrig
behavioral2/memory/2572-31-0x00007FF71F840000-0x00007FF71FB94000-memory.dmp	xmrig
behavioral2/memory/4132-22-0x00007FF66F3F0000-0x00007FF66F744000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-157.dat	xmrig
behavioral2/memory/5700-166-0x00007FF7CDD20000-0x00007FF7CE074000-memory.dmp	xmrig
behavioral2/memory/4132-175-0x00007FF66F3F0000-0x00007FF66F744000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-182.dat	xmrig
behavioral2/files/0x0007000000023422-192.dat	xmrig
behavioral2/files/0x0007000000023423-196.dat	xmrig
behavioral2/files/0x000700000002341e-193.dat	xmrig
behavioral2/files/0x000700000002341d-189.dat	xmrig
behavioral2/files/0x0007000000023424-199.dat	xmrig
behavioral2/memory/372-188-0x00007FF6C60E0000-0x00007FF6C6434000-memory.dmp	xmrig
behavioral2/memory/3024-183-0x00007FF7A8E90000-0x00007FF7A91E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-181.dat	xmrig
behavioral2/files/0x000700000002341f-180.dat	xmrig
behavioral2/memory/2864-173-0x00007FF772790000-0x00007FF772AE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
456	hydUvdl.exe
3560	EyVyXLf.exe
4132	xvgsigV.exe
2572	eywWIff.exe
4196	SRsGLqP.exe
432	LiqbVJu.exe
3260	MDaCmjy.exe
5140	kIdGpuP.exe
4224	PpEpNMn.exe
3568	SKGqbut.exe
5776	mPtNxFu.exe
4652	uRMnfqX.exe
4956	BBCAzYv.exe
5532	sNILGaS.exe
2152	lkbwoGn.exe
5232	SDdrkoo.exe
4736	zusdjAX.exe
3848	nQJVtzN.exe
3580	lSmHPux.exe
6064	NMUTSxU.exe
3272	ctnNGgk.exe
2228	eTVKBVy.exe
5648	GztbGeD.exe
2104	CoOgnKo.exe
2116	ZrXnyIP.exe
5700	pGtgqGN.exe
2864	TWzJePP.exe
3024	cdnuHcI.exe
372	ZfWiLWB.exe
3800	iggqtqQ.exe
3328	XYJRnIL.exe
2692	ZmWTKjd.exe
5580	oSVeYJM.exe
4720	huxJCKI.exe
3136	xBilHit.exe
4148	ukxeDlr.exe
1288	gGJDJIY.exe
5124	wjXXJvB.exe
3004	KzzLnYt.exe
3120	tZSmvCC.exe
3556	KugqTuz.exe
4564	LwwhQzi.exe
2624	ftoWhPR.exe
3452	rysNsUE.exe
1220	vmjGfXA.exe
5088	KsYcjaz.exe
1804	EsTFIXc.exe
4400	xMyVZne.exe
876	IzTOqnO.exe
3508	VkqegUh.exe
1604	XQirVvw.exe
4608	YcOaAcN.exe
5456	zQlGIGB.exe
5600	hxpYbDC.exe
3528	qXqllZm.exe
2892	ZoIsdQA.exe
2940	mhdfsfV.exe
5424	uASOqZe.exe
5292	EsoFFzy.exe
2444	DHVnbqT.exe
4468	QNHDzKQ.exe
2368	CzVzLmZ.exe
6040	ucgRfxN.exe
4512	tBHVUvB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5348-0-0x00007FF75B930000-0x00007FF75BC84000-memory.dmp	upx
behavioral2/files/0x00080000000233ff-6.dat	upx
behavioral2/files/0x0007000000023403-11.dat	upx
behavioral2/files/0x0007000000023404-16.dat	upx
behavioral2/files/0x0007000000023406-28.dat	upx
behavioral2/files/0x0007000000023408-40.dat	upx
behavioral2/files/0x0007000000023409-44.dat	upx
behavioral2/files/0x000700000002340b-57.dat	upx
behavioral2/files/0x000700000002340c-63.dat	upx
behavioral2/memory/432-65-0x00007FF7C5360000-0x00007FF7C56B4000-memory.dmp	upx
behavioral2/memory/5776-66-0x00007FF7EE290000-0x00007FF7EE5E4000-memory.dmp	upx
behavioral2/memory/3568-64-0x00007FF69E2C0000-0x00007FF69E614000-memory.dmp	upx
behavioral2/memory/4224-62-0x00007FF75D2E0000-0x00007FF75D634000-memory.dmp	upx
behavioral2/memory/5140-59-0x00007FF69F5F0000-0x00007FF69F944000-memory.dmp	upx
behavioral2/files/0x000700000002340a-55.dat	upx
behavioral2/files/0x000700000002340d-71.dat	upx
behavioral2/files/0x0007000000023412-96.dat	upx
behavioral2/memory/2152-110-0x00007FF77F140000-0x00007FF77F494000-memory.dmp	upx
behavioral2/files/0x0007000000023416-118.dat	upx
behavioral2/memory/3848-130-0x00007FF67C580000-0x00007FF67C8D4000-memory.dmp	upx
behavioral2/memory/2228-138-0x00007FF74E4E0000-0x00007FF74E834000-memory.dmp	upx
behavioral2/memory/5348-146-0x00007FF75B930000-0x00007FF75BC84000-memory.dmp	upx
behavioral2/files/0x000700000002341a-153.dat	upx
behavioral2/files/0x0007000000023419-151.dat	upx
behavioral2/files/0x0007000000023418-149.dat	upx
behavioral2/memory/456-148-0x00007FF7D7DC0000-0x00007FF7D8114000-memory.dmp	upx
behavioral2/memory/5648-147-0x00007FF6F1AD0000-0x00007FF6F1E24000-memory.dmp	upx
behavioral2/memory/2116-145-0x00007FF72D630000-0x00007FF72D984000-memory.dmp	upx
behavioral2/memory/2104-144-0x00007FF686B80000-0x00007FF686ED4000-memory.dmp	upx
behavioral2/memory/3272-132-0x00007FF6F18F0000-0x00007FF6F1C44000-memory.dmp	upx
behavioral2/files/0x0007000000023417-131.dat	upx
behavioral2/memory/4956-127-0x00007FF7A67D0000-0x00007FF7A6B24000-memory.dmp	upx
behavioral2/memory/6064-123-0x00007FF7675F0000-0x00007FF767944000-memory.dmp	upx
behavioral2/memory/3580-122-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp	upx
behavioral2/files/0x0007000000023414-120.dat	upx
behavioral2/files/0x0007000000023415-116.dat	upx
behavioral2/memory/4736-115-0x00007FF6D5DD0000-0x00007FF6D6124000-memory.dmp	upx
behavioral2/files/0x0007000000023413-114.dat	upx
behavioral2/memory/5232-111-0x00007FF639140000-0x00007FF639494000-memory.dmp	upx
behavioral2/memory/5532-109-0x00007FF642580000-0x00007FF6428D4000-memory.dmp	upx
behavioral2/memory/4652-104-0x00007FF622F90000-0x00007FF6232E4000-memory.dmp	upx
behavioral2/files/0x0007000000023411-92.dat	upx
behavioral2/files/0x000700000002340f-90.dat	upx
behavioral2/files/0x0007000000023410-88.dat	upx
behavioral2/files/0x0008000000023400-86.dat	upx
behavioral2/memory/3260-52-0x00007FF7F9CD0000-0x00007FF7FA024000-memory.dmp	upx
behavioral2/memory/4196-48-0x00007FF657F10000-0x00007FF658264000-memory.dmp	upx
behavioral2/files/0x0007000000023407-38.dat	upx
behavioral2/memory/2572-31-0x00007FF71F840000-0x00007FF71FB94000-memory.dmp	upx
behavioral2/memory/4132-22-0x00007FF66F3F0000-0x00007FF66F744000-memory.dmp	upx
behavioral2/files/0x000700000002341b-157.dat	upx
behavioral2/memory/5700-166-0x00007FF7CDD20000-0x00007FF7CE074000-memory.dmp	upx
behavioral2/memory/4132-175-0x00007FF66F3F0000-0x00007FF66F744000-memory.dmp	upx
behavioral2/files/0x0007000000023421-182.dat	upx
behavioral2/files/0x0007000000023422-192.dat	upx
behavioral2/files/0x0007000000023423-196.dat	upx
behavioral2/files/0x000700000002341e-193.dat	upx
behavioral2/files/0x000700000002341d-189.dat	upx
behavioral2/files/0x0007000000023424-199.dat	upx
behavioral2/memory/372-188-0x00007FF6C60E0000-0x00007FF6C6434000-memory.dmp	upx
behavioral2/memory/3024-183-0x00007FF7A8E90000-0x00007FF7A91E4000-memory.dmp	upx
behavioral2/files/0x0007000000023420-181.dat	upx
behavioral2/files/0x000700000002341f-180.dat	upx
behavioral2/memory/2864-173-0x00007FF772790000-0x00007FF772AE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jLysTqT.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\WtekMiK.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\voXuqrM.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\XYJRnIL.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\njlYhUB.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\urFWWKQ.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\ofjnpMS.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\zCFTXVK.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\dkLsMlz.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\EjszpRJ.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\yXAZrMy.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\mGWIMex.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\oSJBURi.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\PSpYUHX.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\FPwDDur.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\lkbwoGn.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\zrYfVjX.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\JlbVxvt.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\qsjEogq.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\NixwJTH.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\EiTxNFO.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\xptuKXA.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\QUESUDY.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\xKpyLJK.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\JZTPATn.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\meugVGK.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\tNCHlbC.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\CzkGHoZ.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\vzFonxH.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\RmPNNLh.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\eYMZoNP.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\tZSmvCC.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\BdtQgYL.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\gSIjHms.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\NTFGdHs.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\uASOqZe.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\FvuCaOR.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\FrEBhjO.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\iKTZqzs.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\LwwhQzi.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\EsoFFzy.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\VQUvnHE.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\IxYGwfl.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\BospDWb.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\npgNxcf.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\sngmVHm.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\wAPpToF.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\IzTOqnO.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\gjGnLpt.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\NNUfiRT.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\vlVcpOQ.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\xfTszyj.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\SIOFnYK.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\bAogxWj.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\SDdrkoo.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\qXqllZm.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\qvXTFeG.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\SNzssWw.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\UxDsIhB.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\RldXFSn.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\zzlXycm.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\SLnIGYt.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\MdHmRWA.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
File created	C:\Windows\System\FHIoFZs.exe	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14440	dwm.exe
Token: SeChangeNotifyPrivilege	14440	dwm.exe
Token: 33	14440	dwm.exe
Token: SeIncBasePriorityPrivilege	14440	dwm.exe
Token: SeShutdownPrivilege	14440	dwm.exe
Token: SeCreatePagefilePrivilege	14440	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5348 wrote to memory of 456	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	83
PID 5348 wrote to memory of 456	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	83
PID 5348 wrote to memory of 3560	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	84
PID 5348 wrote to memory of 3560	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	84
PID 5348 wrote to memory of 4132	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	85
PID 5348 wrote to memory of 4132	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	85
PID 5348 wrote to memory of 2572	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	86
PID 5348 wrote to memory of 2572	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	86
PID 5348 wrote to memory of 4196	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	87
PID 5348 wrote to memory of 4196	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	87
PID 5348 wrote to memory of 432	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	88
PID 5348 wrote to memory of 432	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	88
PID 5348 wrote to memory of 3260	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	89
PID 5348 wrote to memory of 3260	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	89
PID 5348 wrote to memory of 5140	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	90
PID 5348 wrote to memory of 5140	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	90
PID 5348 wrote to memory of 4224	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	91
PID 5348 wrote to memory of 4224	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	91
PID 5348 wrote to memory of 3568	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	92
PID 5348 wrote to memory of 3568	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	92
PID 5348 wrote to memory of 5776	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	93
PID 5348 wrote to memory of 5776	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	93
PID 5348 wrote to memory of 4652	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	94
PID 5348 wrote to memory of 4652	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	94
PID 5348 wrote to memory of 2152	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	95
PID 5348 wrote to memory of 2152	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	95
PID 5348 wrote to memory of 4956	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	96
PID 5348 wrote to memory of 4956	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	96
PID 5348 wrote to memory of 5532	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	97
PID 5348 wrote to memory of 5532	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	97
PID 5348 wrote to memory of 5232	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	98
PID 5348 wrote to memory of 5232	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	98
PID 5348 wrote to memory of 4736	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	99
PID 5348 wrote to memory of 4736	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	99
PID 5348 wrote to memory of 3848	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	100
PID 5348 wrote to memory of 3848	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	100
PID 5348 wrote to memory of 3580	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	101
PID 5348 wrote to memory of 3580	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	101
PID 5348 wrote to memory of 6064	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	102
PID 5348 wrote to memory of 6064	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	102
PID 5348 wrote to memory of 3272	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	103
PID 5348 wrote to memory of 3272	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	103
PID 5348 wrote to memory of 2228	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	104
PID 5348 wrote to memory of 2228	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	104
PID 5348 wrote to memory of 5648	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	105
PID 5348 wrote to memory of 5648	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	105
PID 5348 wrote to memory of 2104	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	106
PID 5348 wrote to memory of 2104	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	106
PID 5348 wrote to memory of 2116	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	107
PID 5348 wrote to memory of 2116	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	107
PID 5348 wrote to memory of 5700	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	108
PID 5348 wrote to memory of 5700	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	108
PID 5348 wrote to memory of 2864	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	111
PID 5348 wrote to memory of 2864	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	111
PID 5348 wrote to memory of 3024	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	112
PID 5348 wrote to memory of 3024	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	112
PID 5348 wrote to memory of 372	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	113
PID 5348 wrote to memory of 372	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	113
PID 5348 wrote to memory of 3800	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	114
PID 5348 wrote to memory of 3800	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	114
PID 5348 wrote to memory of 3328	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	115
PID 5348 wrote to memory of 3328	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	115
PID 5348 wrote to memory of 2692	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	116
PID 5348 wrote to memory of 2692	5348	8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8a5774715ae5bc5cf3f3659ef5278730_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5348
- C:\Windows\System\hydUvdl.exe
  C:\Windows\System\hydUvdl.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\EyVyXLf.exe
  C:\Windows\System\EyVyXLf.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\xvgsigV.exe
  C:\Windows\System\xvgsigV.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\eywWIff.exe
  C:\Windows\System\eywWIff.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\SRsGLqP.exe
  C:\Windows\System\SRsGLqP.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\LiqbVJu.exe
  C:\Windows\System\LiqbVJu.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\MDaCmjy.exe
  C:\Windows\System\MDaCmjy.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\kIdGpuP.exe
  C:\Windows\System\kIdGpuP.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\PpEpNMn.exe
  C:\Windows\System\PpEpNMn.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\SKGqbut.exe
  C:\Windows\System\SKGqbut.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\mPtNxFu.exe
  C:\Windows\System\mPtNxFu.exe
  2⤵
  - Executes dropped EXE
  PID:5776
- C:\Windows\System\uRMnfqX.exe
  C:\Windows\System\uRMnfqX.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\lkbwoGn.exe
  C:\Windows\System\lkbwoGn.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\BBCAzYv.exe
  C:\Windows\System\BBCAzYv.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\sNILGaS.exe
  C:\Windows\System\sNILGaS.exe
  2⤵
  - Executes dropped EXE
  PID:5532
- C:\Windows\System\SDdrkoo.exe
  C:\Windows\System\SDdrkoo.exe
  2⤵
  - Executes dropped EXE
  PID:5232
- C:\Windows\System\zusdjAX.exe
  C:\Windows\System\zusdjAX.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\nQJVtzN.exe
  C:\Windows\System\nQJVtzN.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\lSmHPux.exe
  C:\Windows\System\lSmHPux.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\NMUTSxU.exe
  C:\Windows\System\NMUTSxU.exe
  2⤵
  - Executes dropped EXE
  PID:6064
- C:\Windows\System\ctnNGgk.exe
  C:\Windows\System\ctnNGgk.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\eTVKBVy.exe
  C:\Windows\System\eTVKBVy.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\GztbGeD.exe
  C:\Windows\System\GztbGeD.exe
  2⤵
  - Executes dropped EXE
  PID:5648
- C:\Windows\System\CoOgnKo.exe
  C:\Windows\System\CoOgnKo.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ZrXnyIP.exe
  C:\Windows\System\ZrXnyIP.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\pGtgqGN.exe
  C:\Windows\System\pGtgqGN.exe
  2⤵
  - Executes dropped EXE
  PID:5700
- C:\Windows\System\TWzJePP.exe
  C:\Windows\System\TWzJePP.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\cdnuHcI.exe
  C:\Windows\System\cdnuHcI.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ZfWiLWB.exe
  C:\Windows\System\ZfWiLWB.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\iggqtqQ.exe
  C:\Windows\System\iggqtqQ.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\XYJRnIL.exe
  C:\Windows\System\XYJRnIL.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\ZmWTKjd.exe
  C:\Windows\System\ZmWTKjd.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\oSVeYJM.exe
  C:\Windows\System\oSVeYJM.exe
  2⤵
  - Executes dropped EXE
  PID:5580
- C:\Windows\System\huxJCKI.exe
  C:\Windows\System\huxJCKI.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\xBilHit.exe
  C:\Windows\System\xBilHit.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\ukxeDlr.exe
  C:\Windows\System\ukxeDlr.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\gGJDJIY.exe
  C:\Windows\System\gGJDJIY.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\wjXXJvB.exe
  C:\Windows\System\wjXXJvB.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System\KzzLnYt.exe
  C:\Windows\System\KzzLnYt.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\tZSmvCC.exe
  C:\Windows\System\tZSmvCC.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\KugqTuz.exe
  C:\Windows\System\KugqTuz.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\LwwhQzi.exe
  C:\Windows\System\LwwhQzi.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\ftoWhPR.exe
  C:\Windows\System\ftoWhPR.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\rysNsUE.exe
  C:\Windows\System\rysNsUE.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\vmjGfXA.exe
  C:\Windows\System\vmjGfXA.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\KsYcjaz.exe
  C:\Windows\System\KsYcjaz.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\EsTFIXc.exe
  C:\Windows\System\EsTFIXc.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\xMyVZne.exe
  C:\Windows\System\xMyVZne.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\IzTOqnO.exe
  C:\Windows\System\IzTOqnO.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\VkqegUh.exe
  C:\Windows\System\VkqegUh.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\XQirVvw.exe
  C:\Windows\System\XQirVvw.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\YcOaAcN.exe
  C:\Windows\System\YcOaAcN.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\zQlGIGB.exe
  C:\Windows\System\zQlGIGB.exe
  2⤵
  - Executes dropped EXE
  PID:5456
- C:\Windows\System\hxpYbDC.exe
  C:\Windows\System\hxpYbDC.exe
  2⤵
  - Executes dropped EXE
  PID:5600
- C:\Windows\System\qXqllZm.exe
  C:\Windows\System\qXqllZm.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\ZoIsdQA.exe
  C:\Windows\System\ZoIsdQA.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\mhdfsfV.exe
  C:\Windows\System\mhdfsfV.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\uASOqZe.exe
  C:\Windows\System\uASOqZe.exe
  2⤵
  - Executes dropped EXE
  PID:5424
- C:\Windows\System\EsoFFzy.exe
  C:\Windows\System\EsoFFzy.exe
  2⤵
  - Executes dropped EXE
  PID:5292
- C:\Windows\System\DHVnbqT.exe
  C:\Windows\System\DHVnbqT.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\QNHDzKQ.exe
  C:\Windows\System\QNHDzKQ.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\CzVzLmZ.exe
  C:\Windows\System\CzVzLmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\ucgRfxN.exe
  C:\Windows\System\ucgRfxN.exe
  2⤵
  - Executes dropped EXE
  PID:6040
- C:\Windows\System\tBHVUvB.exe
  C:\Windows\System\tBHVUvB.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\YFUqldp.exe
  C:\Windows\System\YFUqldp.exe
  2⤵
  PID:5380
- C:\Windows\System\uSQVGPq.exe
  C:\Windows\System\uSQVGPq.exe
  2⤵
  PID:4416
- C:\Windows\System\IITzuKK.exe
  C:\Windows\System\IITzuKK.exe
  2⤵
  PID:3596
- C:\Windows\System\PaRcHHO.exe
  C:\Windows\System\PaRcHHO.exe
  2⤵
  PID:3020
- C:\Windows\System\FYQhoOE.exe
  C:\Windows\System\FYQhoOE.exe
  2⤵
  PID:4756
- C:\Windows\System\GYsBNpW.exe
  C:\Windows\System\GYsBNpW.exe
  2⤵
  PID:3012
- C:\Windows\System\MmKoigF.exe
  C:\Windows\System\MmKoigF.exe
  2⤵
  PID:5624
- C:\Windows\System\hUSjBow.exe
  C:\Windows\System\hUSjBow.exe
  2⤵
  PID:1788
- C:\Windows\System\cotptqy.exe
  C:\Windows\System\cotptqy.exe
  2⤵
  PID:4904
- C:\Windows\System\ebNrkuZ.exe
  C:\Windows\System\ebNrkuZ.exe
  2⤵
  PID:4016
- C:\Windows\System\vjnrylX.exe
  C:\Windows\System\vjnrylX.exe
  2⤵
  PID:4056
- C:\Windows\System\VurcwhR.exe
  C:\Windows\System\VurcwhR.exe
  2⤵
  PID:5004
- C:\Windows\System\MdZpNie.exe
  C:\Windows\System\MdZpNie.exe
  2⤵
  PID:1720
- C:\Windows\System\pdynANR.exe
  C:\Windows\System\pdynANR.exe
  2⤵
  PID:1964
- C:\Windows\System\cBAFZaN.exe
  C:\Windows\System\cBAFZaN.exe
  2⤵
  PID:1808
- C:\Windows\System\qDXGmpy.exe
  C:\Windows\System\qDXGmpy.exe
  2⤵
  PID:3648
- C:\Windows\System\kWHOiKp.exe
  C:\Windows\System\kWHOiKp.exe
  2⤵
  PID:1600
- C:\Windows\System\RaYrbdW.exe
  C:\Windows\System\RaYrbdW.exe
  2⤵
  PID:2336
- C:\Windows\System\HexrwAK.exe
  C:\Windows\System\HexrwAK.exe
  2⤵
  PID:4404
- C:\Windows\System\Sqklctf.exe
  C:\Windows\System\Sqklctf.exe
  2⤵
  PID:5316
- C:\Windows\System\bNhlhuB.exe
  C:\Windows\System\bNhlhuB.exe
  2⤵
  PID:3232
- C:\Windows\System\fGTGPXh.exe
  C:\Windows\System\fGTGPXh.exe
  2⤵
  PID:4992
- C:\Windows\System\JsztbJN.exe
  C:\Windows\System\JsztbJN.exe
  2⤵
  PID:860
- C:\Windows\System\zVPxWLK.exe
  C:\Windows\System\zVPxWLK.exe
  2⤵
  PID:1908
- C:\Windows\System\GbJfUpt.exe
  C:\Windows\System\GbJfUpt.exe
  2⤵
  PID:3944
- C:\Windows\System\SCodPtj.exe
  C:\Windows\System\SCodPtj.exe
  2⤵
  PID:1756
- C:\Windows\System\OUkjDmf.exe
  C:\Windows\System\OUkjDmf.exe
  2⤵
  PID:5616
- C:\Windows\System\vjcaByV.exe
  C:\Windows\System\vjcaByV.exe
  2⤵
  PID:2720
- C:\Windows\System\lmnLzNy.exe
  C:\Windows\System\lmnLzNy.exe
  2⤵
  PID:3712
- C:\Windows\System\OWJloau.exe
  C:\Windows\System\OWJloau.exe
  2⤵
  PID:4244
- C:\Windows\System\CxGWTyh.exe
  C:\Windows\System\CxGWTyh.exe
  2⤵
  PID:5496
- C:\Windows\System\lzeYDyw.exe
  C:\Windows\System\lzeYDyw.exe
  2⤵
  PID:2800
- C:\Windows\System\tNezCzU.exe
  C:\Windows\System\tNezCzU.exe
  2⤵
  PID:3348
- C:\Windows\System\HrZnRhx.exe
  C:\Windows\System\HrZnRhx.exe
  2⤵
  PID:3756
- C:\Windows\System\ALJDPvH.exe
  C:\Windows\System\ALJDPvH.exe
  2⤵
  PID:5796
- C:\Windows\System\NwBzCLy.exe
  C:\Windows\System\NwBzCLy.exe
  2⤵
  PID:1472
- C:\Windows\System\Iknzlhb.exe
  C:\Windows\System\Iknzlhb.exe
  2⤵
  PID:4168
- C:\Windows\System\JRpghEh.exe
  C:\Windows\System\JRpghEh.exe
  2⤵
  PID:5400
- C:\Windows\System\zQAqDIF.exe
  C:\Windows\System\zQAqDIF.exe
  2⤵
  PID:2244
- C:\Windows\System\yWTUHuk.exe
  C:\Windows\System\yWTUHuk.exe
  2⤵
  PID:4860
- C:\Windows\System\oDaTJrI.exe
  C:\Windows\System\oDaTJrI.exe
  2⤵
  PID:1892
- C:\Windows\System\JsZIfbJ.exe
  C:\Windows\System\JsZIfbJ.exe
  2⤵
  PID:5536
- C:\Windows\System\KAfKonx.exe
  C:\Windows\System\KAfKonx.exe
  2⤵
  PID:5212
- C:\Windows\System\zFcbqGf.exe
  C:\Windows\System\zFcbqGf.exe
  2⤵
  PID:3652
- C:\Windows\System\KZRPxKl.exe
  C:\Windows\System\KZRPxKl.exe
  2⤵
  PID:816
- C:\Windows\System\vnQJiJD.exe
  C:\Windows\System\vnQJiJD.exe
  2⤵
  PID:2660
- C:\Windows\System\UISFzon.exe
  C:\Windows\System\UISFzon.exe
  2⤵
  PID:2416
- C:\Windows\System\rwDuHZo.exe
  C:\Windows\System\rwDuHZo.exe
  2⤵
  PID:3176
- C:\Windows\System\vIJtMPM.exe
  C:\Windows\System\vIJtMPM.exe
  2⤵
  PID:1856
- C:\Windows\System\vzFonxH.exe
  C:\Windows\System\vzFonxH.exe
  2⤵
  PID:3464
- C:\Windows\System\dCJarEK.exe
  C:\Windows\System\dCJarEK.exe
  2⤵
  PID:5488
- C:\Windows\System\EjszpRJ.exe
  C:\Windows\System\EjszpRJ.exe
  2⤵
  PID:1516
- C:\Windows\System\njlYhUB.exe
  C:\Windows\System\njlYhUB.exe
  2⤵
  PID:3084
- C:\Windows\System\tUnQoCV.exe
  C:\Windows\System\tUnQoCV.exe
  2⤵
  PID:1212
- C:\Windows\System\aewzbvT.exe
  C:\Windows\System\aewzbvT.exe
  2⤵
  PID:1128
- C:\Windows\System\WuQDpHf.exe
  C:\Windows\System\WuQDpHf.exe
  2⤵
  PID:5360
- C:\Windows\System\XcEzXry.exe
  C:\Windows\System\XcEzXry.exe
  2⤵
  PID:1180
- C:\Windows\System\tkTVBlU.exe
  C:\Windows\System\tkTVBlU.exe
  2⤵
  PID:4744
- C:\Windows\System\RmPNNLh.exe
  C:\Windows\System\RmPNNLh.exe
  2⤵
  PID:4136
- C:\Windows\System\tcDYcIO.exe
  C:\Windows\System\tcDYcIO.exe
  2⤵
  PID:4880
- C:\Windows\System\IBYLAXe.exe
  C:\Windows\System\IBYLAXe.exe
  2⤵
  PID:5392
- C:\Windows\System\WAzzwNl.exe
  C:\Windows\System\WAzzwNl.exe
  2⤵
  PID:2240
- C:\Windows\System\XuPIDMo.exe
  C:\Windows\System\XuPIDMo.exe
  2⤵
  PID:4988
- C:\Windows\System\TVKXbmD.exe
  C:\Windows\System\TVKXbmD.exe
  2⤵
  PID:2176
- C:\Windows\System\vJRWqcs.exe
  C:\Windows\System\vJRWqcs.exe
  2⤵
  PID:2284
- C:\Windows\System\bgAfjQY.exe
  C:\Windows\System\bgAfjQY.exe
  2⤵
  PID:1208
- C:\Windows\System\HzVFTdJ.exe
  C:\Windows\System\HzVFTdJ.exe
  2⤵
  PID:5716
- C:\Windows\System\ZuhjpGs.exe
  C:\Windows\System\ZuhjpGs.exe
  2⤵
  PID:3640
- C:\Windows\System\ilcXuvy.exe
  C:\Windows\System\ilcXuvy.exe
  2⤵
  PID:5328
- C:\Windows\System\FKNNdMa.exe
  C:\Windows\System\FKNNdMa.exe
  2⤵
  PID:3060
- C:\Windows\System\ZZpQMvz.exe
  C:\Windows\System\ZZpQMvz.exe
  2⤵
  PID:532
- C:\Windows\System\gCoAlHu.exe
  C:\Windows\System\gCoAlHu.exe
  2⤵
  PID:1448
- C:\Windows\System\yLQLtaZ.exe
  C:\Windows\System\yLQLtaZ.exe
  2⤵
  PID:5780
- C:\Windows\System\tnUwFTj.exe
  C:\Windows\System\tnUwFTj.exe
  2⤵
  PID:3720
- C:\Windows\System\nZMGcui.exe
  C:\Windows\System\nZMGcui.exe
  2⤵
  PID:4984
- C:\Windows\System\JDESMTO.exe
  C:\Windows\System\JDESMTO.exe
  2⤵
  PID:3132
- C:\Windows\System\PBTmHLk.exe
  C:\Windows\System\PBTmHLk.exe
  2⤵
  PID:2376
- C:\Windows\System\HGLABQf.exe
  C:\Windows\System\HGLABQf.exe
  2⤵
  PID:4784
- C:\Windows\System\CxOVIlJ.exe
  C:\Windows\System\CxOVIlJ.exe
  2⤵
  PID:5116
- C:\Windows\System\xaFoGcP.exe
  C:\Windows\System\xaFoGcP.exe
  2⤵
  PID:5196
- C:\Windows\System\OPBgEyA.exe
  C:\Windows\System\OPBgEyA.exe
  2⤵
  PID:1776
- C:\Windows\System\rKyQvox.exe
  C:\Windows\System\rKyQvox.exe
  2⤵
  PID:6156
- C:\Windows\System\dttWGQQ.exe
  C:\Windows\System\dttWGQQ.exe
  2⤵
  PID:6200
- C:\Windows\System\wNSAhEL.exe
  C:\Windows\System\wNSAhEL.exe
  2⤵
  PID:6244
- C:\Windows\System\UnrhxkA.exe
  C:\Windows\System\UnrhxkA.exe
  2⤵
  PID:6288
- C:\Windows\System\NNlZfXo.exe
  C:\Windows\System\NNlZfXo.exe
  2⤵
  PID:6320
- C:\Windows\System\JZTPATn.exe
  C:\Windows\System\JZTPATn.exe
  2⤵
  PID:6340
- C:\Windows\System\kIrsyIC.exe
  C:\Windows\System\kIrsyIC.exe
  2⤵
  PID:6368
- C:\Windows\System\IZaoFgw.exe
  C:\Windows\System\IZaoFgw.exe
  2⤵
  PID:6388
- C:\Windows\System\fdzVdAA.exe
  C:\Windows\System\fdzVdAA.exe
  2⤵
  PID:6424
- C:\Windows\System\oJBRJeg.exe
  C:\Windows\System\oJBRJeg.exe
  2⤵
  PID:6452
- C:\Windows\System\aKywTjL.exe
  C:\Windows\System\aKywTjL.exe
  2⤵
  PID:6476
- C:\Windows\System\UzkyoQV.exe
  C:\Windows\System\UzkyoQV.exe
  2⤵
  PID:6516
- C:\Windows\System\XRMBLrc.exe
  C:\Windows\System\XRMBLrc.exe
  2⤵
  PID:6544
- C:\Windows\System\OLlDHLA.exe
  C:\Windows\System\OLlDHLA.exe
  2⤵
  PID:6588
- C:\Windows\System\AjKYZyB.exe
  C:\Windows\System\AjKYZyB.exe
  2⤵
  PID:6628
- C:\Windows\System\nNSefnT.exe
  C:\Windows\System\nNSefnT.exe
  2⤵
  PID:6656
- C:\Windows\System\HXZhiIn.exe
  C:\Windows\System\HXZhiIn.exe
  2⤵
  PID:6684
- C:\Windows\System\aAwxJpP.exe
  C:\Windows\System\aAwxJpP.exe
  2⤵
  PID:6712
- C:\Windows\System\eUUxITN.exe
  C:\Windows\System\eUUxITN.exe
  2⤵
  PID:6740
- C:\Windows\System\vVRvViw.exe
  C:\Windows\System\vVRvViw.exe
  2⤵
  PID:6768
- C:\Windows\System\vLojhEJ.exe
  C:\Windows\System\vLojhEJ.exe
  2⤵
  PID:6796
- C:\Windows\System\IuAKffx.exe
  C:\Windows\System\IuAKffx.exe
  2⤵
  PID:6828
- C:\Windows\System\BdtQgYL.exe
  C:\Windows\System\BdtQgYL.exe
  2⤵
  PID:6852
- C:\Windows\System\fMyxWnJ.exe
  C:\Windows\System\fMyxWnJ.exe
  2⤵
  PID:6880
- C:\Windows\System\eoeXHwS.exe
  C:\Windows\System\eoeXHwS.exe
  2⤵
  PID:6912
- C:\Windows\System\fWyilEz.exe
  C:\Windows\System\fWyilEz.exe
  2⤵
  PID:6944
- C:\Windows\System\MsaCocT.exe
  C:\Windows\System\MsaCocT.exe
  2⤵
  PID:6968
- C:\Windows\System\ctfMDOH.exe
  C:\Windows\System\ctfMDOH.exe
  2⤵
  PID:7004
- C:\Windows\System\NCPaJgL.exe
  C:\Windows\System\NCPaJgL.exe
  2⤵
  PID:7024
- C:\Windows\System\oFIrxNr.exe
  C:\Windows\System\oFIrxNr.exe
  2⤵
  PID:7052
- C:\Windows\System\UyvShAL.exe
  C:\Windows\System\UyvShAL.exe
  2⤵
  PID:7080
- C:\Windows\System\HRuaCJr.exe
  C:\Windows\System\HRuaCJr.exe
  2⤵
  PID:7120
- C:\Windows\System\BospDWb.exe
  C:\Windows\System\BospDWb.exe
  2⤵
  PID:7148
- C:\Windows\System\GqRamKJ.exe
  C:\Windows\System\GqRamKJ.exe
  2⤵
  PID:5388
- C:\Windows\System\QqeJeVB.exe
  C:\Windows\System\QqeJeVB.exe
  2⤵
  PID:6208
- C:\Windows\System\SUVGAKH.exe
  C:\Windows\System\SUVGAKH.exe
  2⤵
  PID:6296
- C:\Windows\System\NATxkbY.exe
  C:\Windows\System\NATxkbY.exe
  2⤵
  PID:6336
- C:\Windows\System\TWpSVlD.exe
  C:\Windows\System\TWpSVlD.exe
  2⤵
  PID:6416
- C:\Windows\System\KzxnmmA.exe
  C:\Windows\System\KzxnmmA.exe
  2⤵
  PID:6468
- C:\Windows\System\tQulyBL.exe
  C:\Windows\System\tQulyBL.exe
  2⤵
  PID:6564
- C:\Windows\System\QeIjFQv.exe
  C:\Windows\System\QeIjFQv.exe
  2⤵
  PID:6624
- C:\Windows\System\AGzFRPV.exe
  C:\Windows\System\AGzFRPV.exe
  2⤵
  PID:6732
- C:\Windows\System\mdCfjXW.exe
  C:\Windows\System\mdCfjXW.exe
  2⤵
  PID:6792
- C:\Windows\System\HohuhAy.exe
  C:\Windows\System\HohuhAy.exe
  2⤵
  PID:6864
- C:\Windows\System\sdDAIeJ.exe
  C:\Windows\System\sdDAIeJ.exe
  2⤵
  PID:6932
- C:\Windows\System\aERMCGS.exe
  C:\Windows\System\aERMCGS.exe
  2⤵
  PID:6992
- C:\Windows\System\gUYKoGT.exe
  C:\Windows\System\gUYKoGT.exe
  2⤵
  PID:7048
- C:\Windows\System\gSIjHms.exe
  C:\Windows\System\gSIjHms.exe
  2⤵
  PID:7136
- C:\Windows\System\zWkdsZb.exe
  C:\Windows\System\zWkdsZb.exe
  2⤵
  PID:6152
- C:\Windows\System\spgjRBO.exe
  C:\Windows\System\spgjRBO.exe
  2⤵
  PID:6360
- C:\Windows\System\wmzUWUL.exe
  C:\Windows\System\wmzUWUL.exe
  2⤵
  PID:6536
- C:\Windows\System\npgNxcf.exe
  C:\Windows\System\npgNxcf.exe
  2⤵
  PID:6724
- C:\Windows\System\OlcvQVu.exe
  C:\Windows\System\OlcvQVu.exe
  2⤵
  PID:6892
- C:\Windows\System\XVdVSZB.exe
  C:\Windows\System\XVdVSZB.exe
  2⤵
  PID:6988
- C:\Windows\System\fWNMvHf.exe
  C:\Windows\System\fWNMvHf.exe
  2⤵
  PID:6268
- C:\Windows\System\GfRuPFI.exe
  C:\Windows\System\GfRuPFI.exe
  2⤵
  PID:3308
- C:\Windows\System\LKnIUYf.exe
  C:\Windows\System\LKnIUYf.exe
  2⤵
  PID:6960
- C:\Windows\System\CaGjrTr.exe
  C:\Windows\System\CaGjrTr.exe
  2⤵
  PID:7132
- C:\Windows\System\LobnjkY.exe
  C:\Windows\System\LobnjkY.exe
  2⤵
  PID:7172
- C:\Windows\System\wnlXuJT.exe
  C:\Windows\System\wnlXuJT.exe
  2⤵
  PID:7208
- C:\Windows\System\qvXTFeG.exe
  C:\Windows\System\qvXTFeG.exe
  2⤵
  PID:7240
- C:\Windows\System\lPnRlPI.exe
  C:\Windows\System\lPnRlPI.exe
  2⤵
  PID:7268
- C:\Windows\System\YAEvzPp.exe
  C:\Windows\System\YAEvzPp.exe
  2⤵
  PID:7296
- C:\Windows\System\txQcxZn.exe
  C:\Windows\System\txQcxZn.exe
  2⤵
  PID:7324
- C:\Windows\System\YdptrbC.exe
  C:\Windows\System\YdptrbC.exe
  2⤵
  PID:7356
- C:\Windows\System\VaNlqst.exe
  C:\Windows\System\VaNlqst.exe
  2⤵
  PID:7380
- C:\Windows\System\khySFBf.exe
  C:\Windows\System\khySFBf.exe
  2⤵
  PID:7396
- C:\Windows\System\BgilXap.exe
  C:\Windows\System\BgilXap.exe
  2⤵
  PID:7440
- C:\Windows\System\cxIxjKv.exe
  C:\Windows\System\cxIxjKv.exe
  2⤵
  PID:7464
- C:\Windows\System\ToBUjMu.exe
  C:\Windows\System\ToBUjMu.exe
  2⤵
  PID:7496
- C:\Windows\System\gXwwXqg.exe
  C:\Windows\System\gXwwXqg.exe
  2⤵
  PID:7520
- C:\Windows\System\jbEzhKP.exe
  C:\Windows\System\jbEzhKP.exe
  2⤵
  PID:7552
- C:\Windows\System\bXqlgtK.exe
  C:\Windows\System\bXqlgtK.exe
  2⤵
  PID:7588
- C:\Windows\System\hJbLBmk.exe
  C:\Windows\System\hJbLBmk.exe
  2⤵
  PID:7608
- C:\Windows\System\HOLMnyA.exe
  C:\Windows\System\HOLMnyA.exe
  2⤵
  PID:7624
- C:\Windows\System\zTRaXYu.exe
  C:\Windows\System\zTRaXYu.exe
  2⤵
  PID:7652
- C:\Windows\System\RIVblEv.exe
  C:\Windows\System\RIVblEv.exe
  2⤵
  PID:7680
- C:\Windows\System\zdWbhmn.exe
  C:\Windows\System\zdWbhmn.exe
  2⤵
  PID:7720
- C:\Windows\System\SNzssWw.exe
  C:\Windows\System\SNzssWw.exe
  2⤵
  PID:7752
- C:\Windows\System\CqkSySf.exe
  C:\Windows\System\CqkSySf.exe
  2⤵
  PID:7776
- C:\Windows\System\DhVXkPY.exe
  C:\Windows\System\DhVXkPY.exe
  2⤵
  PID:7828
- C:\Windows\System\PbXHgHB.exe
  C:\Windows\System\PbXHgHB.exe
  2⤵
  PID:7856
- C:\Windows\System\vlVcpOQ.exe
  C:\Windows\System\vlVcpOQ.exe
  2⤵
  PID:7880
- C:\Windows\System\WZgPHTg.exe
  C:\Windows\System\WZgPHTg.exe
  2⤵
  PID:7908
- C:\Windows\System\iXqvLXl.exe
  C:\Windows\System\iXqvLXl.exe
  2⤵
  PID:7936
- C:\Windows\System\nwlACoC.exe
  C:\Windows\System\nwlACoC.exe
  2⤵
  PID:7952
- C:\Windows\System\sPWlXmp.exe
  C:\Windows\System\sPWlXmp.exe
  2⤵
  PID:7988
- C:\Windows\System\PqMBKdO.exe
  C:\Windows\System\PqMBKdO.exe
  2⤵
  PID:8024
- C:\Windows\System\JqLxEyl.exe
  C:\Windows\System\JqLxEyl.exe
  2⤵
  PID:8048
- C:\Windows\System\kCGGiiH.exe
  C:\Windows\System\kCGGiiH.exe
  2⤵
  PID:8064
- C:\Windows\System\Kjujsgm.exe
  C:\Windows\System\Kjujsgm.exe
  2⤵
  PID:8100
- C:\Windows\System\BVtEXNU.exe
  C:\Windows\System\BVtEXNU.exe
  2⤵
  PID:8140
- C:\Windows\System\UdYCWVb.exe
  C:\Windows\System\UdYCWVb.exe
  2⤵
  PID:8160
- C:\Windows\System\iXbXDfm.exe
  C:\Windows\System\iXbXDfm.exe
  2⤵
  PID:8188
- C:\Windows\System\trPyQDl.exe
  C:\Windows\System\trPyQDl.exe
  2⤵
  PID:7224
- C:\Windows\System\ljAprhC.exe
  C:\Windows\System\ljAprhC.exe
  2⤵
  PID:7260
- C:\Windows\System\hBTWkgh.exe
  C:\Windows\System\hBTWkgh.exe
  2⤵
  PID:7364
- C:\Windows\System\OlVAqcv.exe
  C:\Windows\System\OlVAqcv.exe
  2⤵
  PID:7420
- C:\Windows\System\CSVdtsx.exe
  C:\Windows\System\CSVdtsx.exe
  2⤵
  PID:7484
- C:\Windows\System\oNZHooz.exe
  C:\Windows\System\oNZHooz.exe
  2⤵
  PID:7548
- C:\Windows\System\jZWALXL.exe
  C:\Windows\System\jZWALXL.exe
  2⤵
  PID:7620
- C:\Windows\System\JGAoqZr.exe
  C:\Windows\System\JGAoqZr.exe
  2⤵
  PID:7672
- C:\Windows\System\dTKWjWY.exe
  C:\Windows\System\dTKWjWY.exe
  2⤵
  PID:7744
- C:\Windows\System\kkpFwmM.exe
  C:\Windows\System\kkpFwmM.exe
  2⤵
  PID:7808
- C:\Windows\System\hfZJfFV.exe
  C:\Windows\System\hfZJfFV.exe
  2⤵
  PID:7900
- C:\Windows\System\TNyMrDc.exe
  C:\Windows\System\TNyMrDc.exe
  2⤵
  PID:7932
- C:\Windows\System\HfsjVSi.exe
  C:\Windows\System\HfsjVSi.exe
  2⤵
  PID:8012
- C:\Windows\System\AlGZYGg.exe
  C:\Windows\System\AlGZYGg.exe
  2⤵
  PID:8084
- C:\Windows\System\KjBHwZh.exe
  C:\Windows\System\KjBHwZh.exe
  2⤵
  PID:8152
- C:\Windows\System\ajlCcLp.exe
  C:\Windows\System\ajlCcLp.exe
  2⤵
  PID:8180
- C:\Windows\System\AGXwFml.exe
  C:\Windows\System\AGXwFml.exe
  2⤵
  PID:7236
- C:\Windows\System\urFWWKQ.exe
  C:\Windows\System\urFWWKQ.exe
  2⤵
  PID:7376
- C:\Windows\System\SmwjHTZ.exe
  C:\Windows\System\SmwjHTZ.exe
  2⤵
  PID:7476
- C:\Windows\System\JyPhcmJ.exe
  C:\Windows\System\JyPhcmJ.exe
  2⤵
  PID:7740
- C:\Windows\System\sIWujkO.exe
  C:\Windows\System\sIWujkO.exe
  2⤵
  PID:7872
- C:\Windows\System\XwAuNGt.exe
  C:\Windows\System\XwAuNGt.exe
  2⤵
  PID:7984
- C:\Windows\System\QMYCKhe.exe
  C:\Windows\System\QMYCKhe.exe
  2⤵
  PID:8176
- C:\Windows\System\fiMryak.exe
  C:\Windows\System\fiMryak.exe
  2⤵
  PID:7868
- C:\Windows\System\iWXlSfN.exe
  C:\Windows\System\iWXlSfN.exe
  2⤵
  PID:7964
- C:\Windows\System\zrYfVjX.exe
  C:\Windows\System\zrYfVjX.exe
  2⤵
  PID:8196
- C:\Windows\System\Ikqckud.exe
  C:\Windows\System\Ikqckud.exe
  2⤵
  PID:8228
- C:\Windows\System\UivNfhO.exe
  C:\Windows\System\UivNfhO.exe
  2⤵
  PID:8248
- C:\Windows\System\BWoIFDi.exe
  C:\Windows\System\BWoIFDi.exe
  2⤵
  PID:8288
- C:\Windows\System\dkfDirp.exe
  C:\Windows\System\dkfDirp.exe
  2⤵
  PID:8308
- C:\Windows\System\RpZrgmg.exe
  C:\Windows\System\RpZrgmg.exe
  2⤵
  PID:8336
- C:\Windows\System\dxlsOXI.exe
  C:\Windows\System\dxlsOXI.exe
  2⤵
  PID:8356
- C:\Windows\System\GsKMFeO.exe
  C:\Windows\System\GsKMFeO.exe
  2⤵
  PID:8392
- C:\Windows\System\JbilOLR.exe
  C:\Windows\System\JbilOLR.exe
  2⤵
  PID:8420
- C:\Windows\System\sngmVHm.exe
  C:\Windows\System\sngmVHm.exe
  2⤵
  PID:8456
- C:\Windows\System\ArZkmEP.exe
  C:\Windows\System\ArZkmEP.exe
  2⤵
  PID:8484
- C:\Windows\System\syZQstb.exe
  C:\Windows\System\syZQstb.exe
  2⤵
  PID:8508
- C:\Windows\System\FHIoFZs.exe
  C:\Windows\System\FHIoFZs.exe
  2⤵
  PID:8544
- C:\Windows\System\hmBWhjy.exe
  C:\Windows\System\hmBWhjy.exe
  2⤵
  PID:8580
- C:\Windows\System\lepKJvY.exe
  C:\Windows\System\lepKJvY.exe
  2⤵
  PID:8616
- C:\Windows\System\ardHCsE.exe
  C:\Windows\System\ardHCsE.exe
  2⤵
  PID:8648
- C:\Windows\System\HJxjNKu.exe
  C:\Windows\System\HJxjNKu.exe
  2⤵
  PID:8692
- C:\Windows\System\KztZkGD.exe
  C:\Windows\System\KztZkGD.exe
  2⤵
  PID:8728
- C:\Windows\System\JnBIJLF.exe
  C:\Windows\System\JnBIJLF.exe
  2⤵
  PID:8768
- C:\Windows\System\NKiJLwm.exe
  C:\Windows\System\NKiJLwm.exe
  2⤵
  PID:8796
- C:\Windows\System\ABORKYR.exe
  C:\Windows\System\ABORKYR.exe
  2⤵
  PID:8824
- C:\Windows\System\MkUjFLF.exe
  C:\Windows\System\MkUjFLF.exe
  2⤵
  PID:8860
- C:\Windows\System\yYpkzQN.exe
  C:\Windows\System\yYpkzQN.exe
  2⤵
  PID:8900
- C:\Windows\System\cyXIoHG.exe
  C:\Windows\System\cyXIoHG.exe
  2⤵
  PID:8932
- C:\Windows\System\uHlcJbn.exe
  C:\Windows\System\uHlcJbn.exe
  2⤵
  PID:8968
- C:\Windows\System\yiBlLAr.exe
  C:\Windows\System\yiBlLAr.exe
  2⤵
  PID:8996
- C:\Windows\System\fFqJAOB.exe
  C:\Windows\System\fFqJAOB.exe
  2⤵
  PID:9032
- C:\Windows\System\CObtRfv.exe
  C:\Windows\System\CObtRfv.exe
  2⤵
  PID:9060
- C:\Windows\System\Hzeahha.exe
  C:\Windows\System\Hzeahha.exe
  2⤵
  PID:9104
- C:\Windows\System\PuKhQYB.exe
  C:\Windows\System\PuKhQYB.exe
  2⤵
  PID:9132
- C:\Windows\System\HTxrlUi.exe
  C:\Windows\System\HTxrlUi.exe
  2⤵
  PID:9156
- C:\Windows\System\dLMJCod.exe
  C:\Windows\System\dLMJCod.exe
  2⤵
  PID:9188
- C:\Windows\System\oFQPViX.exe
  C:\Windows\System\oFQPViX.exe
  2⤵
  PID:7408
- C:\Windows\System\kzdCPUr.exe
  C:\Windows\System\kzdCPUr.exe
  2⤵
  PID:8244
- C:\Windows\System\UZeRlsh.exe
  C:\Windows\System\UZeRlsh.exe
  2⤵
  PID:8316
- C:\Windows\System\ZgYigOa.exe
  C:\Windows\System\ZgYigOa.exe
  2⤵
  PID:8304
- C:\Windows\System\xfTszyj.exe
  C:\Windows\System\xfTszyj.exe
  2⤵
  PID:8352
- C:\Windows\System\xaWnzZY.exe
  C:\Windows\System\xaWnzZY.exe
  2⤵
  PID:8428
- C:\Windows\System\BZhwXNC.exe
  C:\Windows\System\BZhwXNC.exe
  2⤵
  PID:8464
- C:\Windows\System\MLkmVPR.exe
  C:\Windows\System\MLkmVPR.exe
  2⤵
  PID:8528
- C:\Windows\System\YydNicZ.exe
  C:\Windows\System\YydNicZ.exe
  2⤵
  PID:8604
- C:\Windows\System\FvuCaOR.exe
  C:\Windows\System\FvuCaOR.exe
  2⤵
  PID:8724
- C:\Windows\System\lzBTHvb.exe
  C:\Windows\System\lzBTHvb.exe
  2⤵
  PID:8808
- C:\Windows\System\RHyfMht.exe
  C:\Windows\System\RHyfMht.exe
  2⤵
  PID:8876
- C:\Windows\System\iTigdwe.exe
  C:\Windows\System\iTigdwe.exe
  2⤵
  PID:9004
- C:\Windows\System\meugVGK.exe
  C:\Windows\System\meugVGK.exe
  2⤵
  PID:9116
- C:\Windows\System\kDKOafE.exe
  C:\Windows\System\kDKOafE.exe
  2⤵
  PID:9172
- C:\Windows\System\wFudKvJ.exe
  C:\Windows\System\wFudKvJ.exe
  2⤵
  PID:7928
- C:\Windows\System\phnitiZ.exe
  C:\Windows\System\phnitiZ.exe
  2⤵
  PID:8412
- C:\Windows\System\uCqOmqd.exe
  C:\Windows\System\uCqOmqd.exe
  2⤵
  PID:8516
- C:\Windows\System\gjGnLpt.exe
  C:\Windows\System\gjGnLpt.exe
  2⤵
  PID:8852
- C:\Windows\System\ZuIFCnm.exe
  C:\Windows\System\ZuIFCnm.exe
  2⤵
  PID:8924
- C:\Windows\System\xtrkodU.exe
  C:\Windows\System\xtrkodU.exe
  2⤵
  PID:7716
- C:\Windows\System\KlCrSMi.exe
  C:\Windows\System\KlCrSMi.exe
  2⤵
  PID:8372
- C:\Windows\System\nyIGtWc.exe
  C:\Windows\System\nyIGtWc.exe
  2⤵
  PID:9020
- C:\Windows\System\rSlpgjW.exe
  C:\Windows\System\rSlpgjW.exe
  2⤵
  PID:7280
- C:\Windows\System\tkgXZNs.exe
  C:\Windows\System\tkgXZNs.exe
  2⤵
  PID:9084
- C:\Windows\System\dUcMCCh.exe
  C:\Windows\System\dUcMCCh.exe
  2⤵
  PID:9240
- C:\Windows\System\tNCHlbC.exe
  C:\Windows\System\tNCHlbC.exe
  2⤵
  PID:9268
- C:\Windows\System\BZsqqTV.exe
  C:\Windows\System\BZsqqTV.exe
  2⤵
  PID:9308
- C:\Windows\System\mdRbvFW.exe
  C:\Windows\System\mdRbvFW.exe
  2⤵
  PID:9324
- C:\Windows\System\bhbDjjq.exe
  C:\Windows\System\bhbDjjq.exe
  2⤵
  PID:9364
- C:\Windows\System\HHBDeVa.exe
  C:\Windows\System\HHBDeVa.exe
  2⤵
  PID:9392
- C:\Windows\System\LMpQfQy.exe
  C:\Windows\System\LMpQfQy.exe
  2⤵
  PID:9408
- C:\Windows\System\xARyhvu.exe
  C:\Windows\System\xARyhvu.exe
  2⤵
  PID:9440
- C:\Windows\System\JEmkVQa.exe
  C:\Windows\System\JEmkVQa.exe
  2⤵
  PID:9476
- C:\Windows\System\SkpWpzE.exe
  C:\Windows\System\SkpWpzE.exe
  2⤵
  PID:9492
- C:\Windows\System\BNvwCVk.exe
  C:\Windows\System\BNvwCVk.exe
  2⤵
  PID:9532
- C:\Windows\System\EzVDvax.exe
  C:\Windows\System\EzVDvax.exe
  2⤵
  PID:9560
- C:\Windows\System\OrlVWdO.exe
  C:\Windows\System\OrlVWdO.exe
  2⤵
  PID:9588
- C:\Windows\System\XPKsuKQ.exe
  C:\Windows\System\XPKsuKQ.exe
  2⤵
  PID:9616
- C:\Windows\System\PPtaAiF.exe
  C:\Windows\System\PPtaAiF.exe
  2⤵
  PID:9640
- C:\Windows\System\uGWsVEs.exe
  C:\Windows\System\uGWsVEs.exe
  2⤵
  PID:9660
- C:\Windows\System\HffWEkX.exe
  C:\Windows\System\HffWEkX.exe
  2⤵
  PID:9688
- C:\Windows\System\PhVygZE.exe
  C:\Windows\System\PhVygZE.exe
  2⤵
  PID:9728
- C:\Windows\System\qvBhujD.exe
  C:\Windows\System\qvBhujD.exe
  2⤵
  PID:9756
- C:\Windows\System\PRiPldR.exe
  C:\Windows\System\PRiPldR.exe
  2⤵
  PID:9784
- C:\Windows\System\yXAZrMy.exe
  C:\Windows\System\yXAZrMy.exe
  2⤵
  PID:9804
- C:\Windows\System\FaXhfRX.exe
  C:\Windows\System\FaXhfRX.exe
  2⤵
  PID:9840
- C:\Windows\System\kbepZre.exe
  C:\Windows\System\kbepZre.exe
  2⤵
  PID:9868
- C:\Windows\System\YEgZPhW.exe
  C:\Windows\System\YEgZPhW.exe
  2⤵
  PID:9896
- C:\Windows\System\FZEplPa.exe
  C:\Windows\System\FZEplPa.exe
  2⤵
  PID:9912
- C:\Windows\System\wAPpToF.exe
  C:\Windows\System\wAPpToF.exe
  2⤵
  PID:9940
- C:\Windows\System\YfHgSgc.exe
  C:\Windows\System\YfHgSgc.exe
  2⤵
  PID:9968
- C:\Windows\System\hnIYmxq.exe
  C:\Windows\System\hnIYmxq.exe
  2⤵
  PID:9992
- C:\Windows\System\MhWMtAc.exe
  C:\Windows\System\MhWMtAc.exe
  2⤵
  PID:10016
- C:\Windows\System\hgCajgg.exe
  C:\Windows\System\hgCajgg.exe
  2⤵
  PID:10044
- C:\Windows\System\dmQfawl.exe
  C:\Windows\System\dmQfawl.exe
  2⤵
  PID:10080
- C:\Windows\System\oinvgbL.exe
  C:\Windows\System\oinvgbL.exe
  2⤵
  PID:10104
- C:\Windows\System\IWdSsRY.exe
  C:\Windows\System\IWdSsRY.exe
  2⤵
  PID:10132
- C:\Windows\System\ClBaFJQ.exe
  C:\Windows\System\ClBaFJQ.exe
  2⤵
  PID:10172
- C:\Windows\System\mhAEYTS.exe
  C:\Windows\System\mhAEYTS.exe
  2⤵
  PID:10200
- C:\Windows\System\QvRhZku.exe
  C:\Windows\System\QvRhZku.exe
  2⤵
  PID:10216
- C:\Windows\System\FrEBhjO.exe
  C:\Windows\System\FrEBhjO.exe
  2⤵
  PID:9236
- C:\Windows\System\gPLISOT.exe
  C:\Windows\System\gPLISOT.exe
  2⤵
  PID:9292
- C:\Windows\System\auuoTbb.exe
  C:\Windows\System\auuoTbb.exe
  2⤵
  PID:9376
- C:\Windows\System\bMHrjeg.exe
  C:\Windows\System\bMHrjeg.exe
  2⤵
  PID:9428
- C:\Windows\System\yyuEzyi.exe
  C:\Windows\System\yyuEzyi.exe
  2⤵
  PID:9524
- C:\Windows\System\HraYBKq.exe
  C:\Windows\System\HraYBKq.exe
  2⤵
  PID:9580
- C:\Windows\System\VdxCDHW.exe
  C:\Windows\System\VdxCDHW.exe
  2⤵
  PID:9652
- C:\Windows\System\EMRXBnv.exe
  C:\Windows\System\EMRXBnv.exe
  2⤵
  PID:9720
- C:\Windows\System\iKTZqzs.exe
  C:\Windows\System\iKTZqzs.exe
  2⤵
  PID:9772
- C:\Windows\System\Ysdzepa.exe
  C:\Windows\System\Ysdzepa.exe
  2⤵
  PID:9852
- C:\Windows\System\WRldCMz.exe
  C:\Windows\System\WRldCMz.exe
  2⤵
  PID:9908
- C:\Windows\System\vNYztCA.exe
  C:\Windows\System\vNYztCA.exe
  2⤵
  PID:9984
- C:\Windows\System\LNRqmtL.exe
  C:\Windows\System\LNRqmtL.exe
  2⤵
  PID:10000
- C:\Windows\System\TjFhanx.exe
  C:\Windows\System\TjFhanx.exe
  2⤵
  PID:10076
- C:\Windows\System\dIhqmgR.exe
  C:\Windows\System\dIhqmgR.exe
  2⤵
  PID:10164
- C:\Windows\System\SIOFnYK.exe
  C:\Windows\System\SIOFnYK.exe
  2⤵
  PID:10228
- C:\Windows\System\CzkGHoZ.exe
  C:\Windows\System\CzkGHoZ.exe
  2⤵
  PID:9344
- C:\Windows\System\QNtzldt.exe
  C:\Windows\System\QNtzldt.exe
  2⤵
  PID:9488
- C:\Windows\System\lOvYeMw.exe
  C:\Windows\System\lOvYeMw.exe
  2⤵
  PID:9632
- C:\Windows\System\brXRlUD.exe
  C:\Windows\System\brXRlUD.exe
  2⤵
  PID:9776
- C:\Windows\System\OEUgyMr.exe
  C:\Windows\System\OEUgyMr.exe
  2⤵
  PID:9880
- C:\Windows\System\pPSyrqc.exe
  C:\Windows\System\pPSyrqc.exe
  2⤵
  PID:10040
- C:\Windows\System\QNOhvbu.exe
  C:\Windows\System\QNOhvbu.exe
  2⤵
  PID:10152
- C:\Windows\System\VbMHFJf.exe
  C:\Windows\System\VbMHFJf.exe
  2⤵
  PID:9556
- C:\Windows\System\zsMdENf.exe
  C:\Windows\System\zsMdENf.exe
  2⤵
  PID:9712
- C:\Windows\System\ZCEYhMz.exe
  C:\Windows\System\ZCEYhMz.exe
  2⤵
  PID:10072
- C:\Windows\System\JloeAlo.exe
  C:\Windows\System\JloeAlo.exe
  2⤵
  PID:9904
- C:\Windows\System\lbqZCes.exe
  C:\Windows\System\lbqZCes.exe
  2⤵
  PID:8344
- C:\Windows\System\WdItbNT.exe
  C:\Windows\System\WdItbNT.exe
  2⤵
  PID:10268
- C:\Windows\System\MvxwTcm.exe
  C:\Windows\System\MvxwTcm.exe
  2⤵
  PID:10292
- C:\Windows\System\UgkIREF.exe
  C:\Windows\System\UgkIREF.exe
  2⤵
  PID:10328
- C:\Windows\System\MNKwJQB.exe
  C:\Windows\System\MNKwJQB.exe
  2⤵
  PID:10348
- C:\Windows\System\vhUBbMb.exe
  C:\Windows\System\vhUBbMb.exe
  2⤵
  PID:10372
- C:\Windows\System\JlbVxvt.exe
  C:\Windows\System\JlbVxvt.exe
  2⤵
  PID:10404
- C:\Windows\System\TYXAUmZ.exe
  C:\Windows\System\TYXAUmZ.exe
  2⤵
  PID:10420
- C:\Windows\System\jaZapaG.exe
  C:\Windows\System\jaZapaG.exe
  2⤵
  PID:10460
- C:\Windows\System\UKNfPfg.exe
  C:\Windows\System\UKNfPfg.exe
  2⤵
  PID:10496
- C:\Windows\System\GxfXvmX.exe
  C:\Windows\System\GxfXvmX.exe
  2⤵
  PID:10528
- C:\Windows\System\mMNNaZa.exe
  C:\Windows\System\mMNNaZa.exe
  2⤵
  PID:10556
- C:\Windows\System\nRvKRWj.exe
  C:\Windows\System\nRvKRWj.exe
  2⤵
  PID:10584
- C:\Windows\System\pnnMjXZ.exe
  C:\Windows\System\pnnMjXZ.exe
  2⤵
  PID:10612
- C:\Windows\System\NTFGdHs.exe
  C:\Windows\System\NTFGdHs.exe
  2⤵
  PID:10640
- C:\Windows\System\PVgLQzm.exe
  C:\Windows\System\PVgLQzm.exe
  2⤵
  PID:10692
- C:\Windows\System\kiMlLXg.exe
  C:\Windows\System\kiMlLXg.exe
  2⤵
  PID:10720
- C:\Windows\System\VOLmkKa.exe
  C:\Windows\System\VOLmkKa.exe
  2⤵
  PID:10748
- C:\Windows\System\RzJMbbH.exe
  C:\Windows\System\RzJMbbH.exe
  2⤵
  PID:10776
- C:\Windows\System\wwbbcsb.exe
  C:\Windows\System\wwbbcsb.exe
  2⤵
  PID:10792
- C:\Windows\System\tOZuFhN.exe
  C:\Windows\System\tOZuFhN.exe
  2⤵
  PID:10832
- C:\Windows\System\wRuCQSl.exe
  C:\Windows\System\wRuCQSl.exe
  2⤵
  PID:10860
- C:\Windows\System\GyfbHSe.exe
  C:\Windows\System\GyfbHSe.exe
  2⤵
  PID:10888
- C:\Windows\System\qtrsaLj.exe
  C:\Windows\System\qtrsaLj.exe
  2⤵
  PID:10916
- C:\Windows\System\icNxJzR.exe
  C:\Windows\System\icNxJzR.exe
  2⤵
  PID:10936
- C:\Windows\System\KPsosNv.exe
  C:\Windows\System\KPsosNv.exe
  2⤵
  PID:10972
- C:\Windows\System\rzxiyPv.exe
  C:\Windows\System\rzxiyPv.exe
  2⤵
  PID:11000
- C:\Windows\System\EUeoADS.exe
  C:\Windows\System\EUeoADS.exe
  2⤵
  PID:11016
- C:\Windows\System\EGdaIPO.exe
  C:\Windows\System\EGdaIPO.exe
  2⤵
  PID:11044
- C:\Windows\System\GOpTwJO.exe
  C:\Windows\System\GOpTwJO.exe
  2⤵
  PID:11072
- C:\Windows\System\OgaeXIH.exe
  C:\Windows\System\OgaeXIH.exe
  2⤵
  PID:11112
- C:\Windows\System\ckpKYuL.exe
  C:\Windows\System\ckpKYuL.exe
  2⤵
  PID:11140
- C:\Windows\System\bAogxWj.exe
  C:\Windows\System\bAogxWj.exe
  2⤵
  PID:11168
- C:\Windows\System\RldXFSn.exe
  C:\Windows\System\RldXFSn.exe
  2⤵
  PID:11196
- C:\Windows\System\hVMTvVY.exe
  C:\Windows\System\hVMTvVY.exe
  2⤵
  PID:11216
- C:\Windows\System\vnztOCd.exe
  C:\Windows\System\vnztOCd.exe
  2⤵
  PID:11240
- C:\Windows\System\EjbsGsU.exe
  C:\Windows\System\EjbsGsU.exe
  2⤵
  PID:10264
- C:\Windows\System\jMkCBGi.exe
  C:\Windows\System\jMkCBGi.exe
  2⤵
  PID:10320
- C:\Windows\System\yzLXesw.exe
  C:\Windows\System\yzLXesw.exe
  2⤵
  PID:10396
- C:\Windows\System\asUndjj.exe
  C:\Windows\System\asUndjj.exe
  2⤵
  PID:10416
- C:\Windows\System\qsjEogq.exe
  C:\Windows\System\qsjEogq.exe
  2⤵
  PID:10520
- C:\Windows\System\PYgNXSk.exe
  C:\Windows\System\PYgNXSk.exe
  2⤵
  PID:10580
- C:\Windows\System\pLKGOiw.exe
  C:\Windows\System\pLKGOiw.exe
  2⤵
  PID:10656
- C:\Windows\System\OfLsdfG.exe
  C:\Windows\System\OfLsdfG.exe
  2⤵
  PID:10688
- C:\Windows\System\enkjglu.exe
  C:\Windows\System\enkjglu.exe
  2⤵
  PID:10732
- C:\Windows\System\xISVVAx.exe
  C:\Windows\System\xISVVAx.exe
  2⤵
  PID:10812
- C:\Windows\System\ZTDIdYW.exe
  C:\Windows\System\ZTDIdYW.exe
  2⤵
  PID:10908
- C:\Windows\System\YiiMJpX.exe
  C:\Windows\System\YiiMJpX.exe
  2⤵
  PID:10956
- C:\Windows\System\gpleLXD.exe
  C:\Windows\System\gpleLXD.exe
  2⤵
  PID:11032
- C:\Windows\System\pxUyqlM.exe
  C:\Windows\System\pxUyqlM.exe
  2⤵
  PID:11092
- C:\Windows\System\kdtGdLF.exe
  C:\Windows\System\kdtGdLF.exe
  2⤵
  PID:11160
- C:\Windows\System\yKfznXO.exe
  C:\Windows\System\yKfznXO.exe
  2⤵
  PID:11212
- C:\Windows\System\KknWLpd.exe
  C:\Windows\System\KknWLpd.exe
  2⤵
  PID:9448
- C:\Windows\System\zCxKTwN.exe
  C:\Windows\System\zCxKTwN.exe
  2⤵
  PID:4876
- C:\Windows\System\mnGhzdK.exe
  C:\Windows\System\mnGhzdK.exe
  2⤵
  PID:10632
- C:\Windows\System\SlFKLeq.exe
  C:\Windows\System\SlFKLeq.exe
  2⤵
  PID:10716
- C:\Windows\System\NpZVsVE.exe
  C:\Windows\System\NpZVsVE.exe
  2⤵
  PID:10852
- C:\Windows\System\NBtcHjT.exe
  C:\Windows\System\NBtcHjT.exe
  2⤵
  PID:11028
- C:\Windows\System\lKexoNJ.exe
  C:\Windows\System\lKexoNJ.exe
  2⤵
  PID:11184
- C:\Windows\System\tJmyjSe.exe
  C:\Windows\System\tJmyjSe.exe
  2⤵
  PID:10304
- C:\Windows\System\FYyFfRn.exe
  C:\Windows\System\FYyFfRn.exe
  2⤵
  PID:10664
- C:\Windows\System\lklhAYn.exe
  C:\Windows\System\lklhAYn.exe
  2⤵
  PID:11252
- C:\Windows\System\ofjnpMS.exe
  C:\Windows\System\ofjnpMS.exe
  2⤵
  PID:11084
- C:\Windows\System\KSnbJjF.exe
  C:\Windows\System\KSnbJjF.exe
  2⤵
  PID:11276
- C:\Windows\System\eOpNPPg.exe
  C:\Windows\System\eOpNPPg.exe
  2⤵
  PID:11308
- C:\Windows\System\bxMuBxv.exe
  C:\Windows\System\bxMuBxv.exe
  2⤵
  PID:11336
- C:\Windows\System\OjdkNTX.exe
  C:\Windows\System\OjdkNTX.exe
  2⤵
  PID:11364
- C:\Windows\System\LjirLws.exe
  C:\Windows\System\LjirLws.exe
  2⤵
  PID:11380
- C:\Windows\System\akuItIq.exe
  C:\Windows\System\akuItIq.exe
  2⤵
  PID:11420
- C:\Windows\System\dHrtqEj.exe
  C:\Windows\System\dHrtqEj.exe
  2⤵
  PID:11440
- C:\Windows\System\jIgRPgU.exe
  C:\Windows\System\jIgRPgU.exe
  2⤵
  PID:11480
- C:\Windows\System\zzlXycm.exe
  C:\Windows\System\zzlXycm.exe
  2⤵
  PID:11504
- C:\Windows\System\YQuYooB.exe
  C:\Windows\System\YQuYooB.exe
  2⤵
  PID:11536
- C:\Windows\System\ToZtjrZ.exe
  C:\Windows\System\ToZtjrZ.exe
  2⤵
  PID:11564
- C:\Windows\System\SJFfbCx.exe
  C:\Windows\System\SJFfbCx.exe
  2⤵
  PID:11592
- C:\Windows\System\DAsEmsY.exe
  C:\Windows\System\DAsEmsY.exe
  2⤵
  PID:11620
- C:\Windows\System\BqadFSr.exe
  C:\Windows\System\BqadFSr.exe
  2⤵
  PID:11640
- C:\Windows\System\YGntAbQ.exe
  C:\Windows\System\YGntAbQ.exe
  2⤵
  PID:11676
- C:\Windows\System\pimGHHA.exe
  C:\Windows\System\pimGHHA.exe
  2⤵
  PID:11704
- C:\Windows\System\aRbsWxp.exe
  C:\Windows\System\aRbsWxp.exe
  2⤵
  PID:11732
- C:\Windows\System\AyIPFtb.exe
  C:\Windows\System\AyIPFtb.exe
  2⤵
  PID:11760
- C:\Windows\System\nXCZZLQ.exe
  C:\Windows\System\nXCZZLQ.exe
  2⤵
  PID:11776
- C:\Windows\System\hrFxLSc.exe
  C:\Windows\System\hrFxLSc.exe
  2⤵
  PID:11808
- C:\Windows\System\Irkmwos.exe
  C:\Windows\System\Irkmwos.exe
  2⤵
  PID:11832
- C:\Windows\System\SlMoveO.exe
  C:\Windows\System\SlMoveO.exe
  2⤵
  PID:11848
- C:\Windows\System\YEGBAkB.exe
  C:\Windows\System\YEGBAkB.exe
  2⤵
  PID:11864
- C:\Windows\System\kiqmrll.exe
  C:\Windows\System\kiqmrll.exe
  2⤵
  PID:11884
- C:\Windows\System\iasSrPZ.exe
  C:\Windows\System\iasSrPZ.exe
  2⤵
  PID:11908
- C:\Windows\System\ZpoqizR.exe
  C:\Windows\System\ZpoqizR.exe
  2⤵
  PID:11928
- C:\Windows\System\vbjCfEi.exe
  C:\Windows\System\vbjCfEi.exe
  2⤵
  PID:11952
- C:\Windows\System\QpTKeJL.exe
  C:\Windows\System\QpTKeJL.exe
  2⤵
  PID:11988
- C:\Windows\System\FGrOKFA.exe
  C:\Windows\System\FGrOKFA.exe
  2⤵
  PID:12092
- C:\Windows\System\TBqEjlX.exe
  C:\Windows\System\TBqEjlX.exe
  2⤵
  PID:12116
- C:\Windows\System\kIjjTQR.exe
  C:\Windows\System\kIjjTQR.exe
  2⤵
  PID:12144
- C:\Windows\System\ctrkedj.exe
  C:\Windows\System\ctrkedj.exe
  2⤵
  PID:12160
- C:\Windows\System\TVGVope.exe
  C:\Windows\System\TVGVope.exe
  2⤵
  PID:12176
- C:\Windows\System\GbGbdEf.exe
  C:\Windows\System\GbGbdEf.exe
  2⤵
  PID:12200
- C:\Windows\System\lOufDsM.exe
  C:\Windows\System\lOufDsM.exe
  2⤵
  PID:12232
- C:\Windows\System\CqLLiGf.exe
  C:\Windows\System\CqLLiGf.exe
  2⤵
  PID:12268
- C:\Windows\System\tzUHjDF.exe
  C:\Windows\System\tzUHjDF.exe
  2⤵
  PID:11272
- C:\Windows\System\iYWOwEQ.exe
  C:\Windows\System\iYWOwEQ.exe
  2⤵
  PID:11372
- C:\Windows\System\raqlwrH.exe
  C:\Windows\System\raqlwrH.exe
  2⤵
  PID:11464
- C:\Windows\System\xkFrGgZ.exe
  C:\Windows\System\xkFrGgZ.exe
  2⤵
  PID:11524
- C:\Windows\System\tdCqUEd.exe
  C:\Windows\System\tdCqUEd.exe
  2⤵
  PID:11576
- C:\Windows\System\zJmmJxX.exe
  C:\Windows\System\zJmmJxX.exe
  2⤵
  PID:11636
- C:\Windows\System\QJhdlij.exe
  C:\Windows\System\QJhdlij.exe
  2⤵
  PID:11700
- C:\Windows\System\mGWIMex.exe
  C:\Windows\System\mGWIMex.exe
  2⤵
  PID:11752
- C:\Windows\System\NNUfiRT.exe
  C:\Windows\System\NNUfiRT.exe
  2⤵
  PID:11844
- C:\Windows\System\EtStQQU.exe
  C:\Windows\System\EtStQQU.exe
  2⤵
  PID:11840
- C:\Windows\System\JGYDTDK.exe
  C:\Windows\System\JGYDTDK.exe
  2⤵
  PID:11872
- C:\Windows\System\XjfWPNC.exe
  C:\Windows\System\XjfWPNC.exe
  2⤵
  PID:12080
- C:\Windows\System\oRjGZnR.exe
  C:\Windows\System\oRjGZnR.exe
  2⤵
  PID:1532
- C:\Windows\System\GdgwAqD.exe
  C:\Windows\System\GdgwAqD.exe
  2⤵
  PID:12212
- C:\Windows\System\eYMZoNP.exe
  C:\Windows\System\eYMZoNP.exe
  2⤵
  PID:12196
- C:\Windows\System\VXCgmgb.exe
  C:\Windows\System\VXCgmgb.exe
  2⤵
  PID:12252
- C:\Windows\System\ZBTVTsu.exe
  C:\Windows\System\ZBTVTsu.exe
  2⤵
  PID:12260
- C:\Windows\System\kzYuXiZ.exe
  C:\Windows\System\kzYuXiZ.exe
  2⤵
  PID:11392
- C:\Windows\System\xxYzXis.exe
  C:\Windows\System\xxYzXis.exe
  2⤵
  PID:11496
- C:\Windows\System\wWWtQnf.exe
  C:\Windows\System\wWWtQnf.exe
  2⤵
  PID:11688
- C:\Windows\System\yrisyxO.exe
  C:\Windows\System\yrisyxO.exe
  2⤵
  PID:11860
- C:\Windows\System\NsFfKhS.exe
  C:\Windows\System\NsFfKhS.exe
  2⤵
  PID:11972
- C:\Windows\System\zkzVReN.exe
  C:\Windows\System\zkzVReN.exe
  2⤵
  PID:12192
- C:\Windows\System\YPCTTIc.exe
  C:\Windows\System\YPCTTIc.exe
  2⤵
  PID:12152
- C:\Windows\System\TxkZZbC.exe
  C:\Windows\System\TxkZZbC.exe
  2⤵
  PID:11408
- C:\Windows\System\XYHjKxm.exe
  C:\Windows\System\XYHjKxm.exe
  2⤵
  PID:12136
- C:\Windows\System\QUESUDY.exe
  C:\Windows\System\QUESUDY.exe
  2⤵
  PID:4448
- C:\Windows\System\ZsXbjfp.exe
  C:\Windows\System\ZsXbjfp.exe
  2⤵
  PID:2164
- C:\Windows\System\jLysTqT.exe
  C:\Windows\System\jLysTqT.exe
  2⤵
  PID:3792
- C:\Windows\System\QVTzrxF.exe
  C:\Windows\System\QVTzrxF.exe
  2⤵
  PID:11528
- C:\Windows\System\fDBmMtF.exe
  C:\Windows\System\fDBmMtF.exe
  2⤵
  PID:12316
- C:\Windows\System\vSUUVqr.exe
  C:\Windows\System\vSUUVqr.exe
  2⤵
  PID:12340
- C:\Windows\System\IzSwgLs.exe
  C:\Windows\System\IzSwgLs.exe
  2⤵
  PID:12376
- C:\Windows\System\yJXgpwN.exe
  C:\Windows\System\yJXgpwN.exe
  2⤵
  PID:12404
- C:\Windows\System\TVRbFWs.exe
  C:\Windows\System\TVRbFWs.exe
  2⤵
  PID:12436
- C:\Windows\System\jrkqIfv.exe
  C:\Windows\System\jrkqIfv.exe
  2⤵
  PID:12464
- C:\Windows\System\NJgZira.exe
  C:\Windows\System\NJgZira.exe
  2⤵
  PID:12488
- C:\Windows\System\ZnyXeIF.exe
  C:\Windows\System\ZnyXeIF.exe
  2⤵
  PID:12520
- C:\Windows\System\lIFovbL.exe
  C:\Windows\System\lIFovbL.exe
  2⤵
  PID:12548
- C:\Windows\System\ljLrLuU.exe
  C:\Windows\System\ljLrLuU.exe
  2⤵
  PID:12580
- C:\Windows\System\WtekMiK.exe
  C:\Windows\System\WtekMiK.exe
  2⤵
  PID:12608
- C:\Windows\System\ydgstXN.exe
  C:\Windows\System\ydgstXN.exe
  2⤵
  PID:12640
- C:\Windows\System\obFQHav.exe
  C:\Windows\System\obFQHav.exe
  2⤵
  PID:12672
- C:\Windows\System\NLNfUqp.exe
  C:\Windows\System\NLNfUqp.exe
  2⤵
  PID:12704
- C:\Windows\System\EoysgDK.exe
  C:\Windows\System\EoysgDK.exe
  2⤵
  PID:12732
- C:\Windows\System\InSXGhe.exe
  C:\Windows\System\InSXGhe.exe
  2⤵
  PID:12760
- C:\Windows\System\HbZtDyw.exe
  C:\Windows\System\HbZtDyw.exe
  2⤵
  PID:12776
- C:\Windows\System\NuWSkxI.exe
  C:\Windows\System\NuWSkxI.exe
  2⤵
  PID:12800
- C:\Windows\System\ViXQMeI.exe
  C:\Windows\System\ViXQMeI.exe
  2⤵
  PID:12820
- C:\Windows\System\bLvSiEW.exe
  C:\Windows\System\bLvSiEW.exe
  2⤵
  PID:12836
- C:\Windows\System\dXTJnAI.exe
  C:\Windows\System\dXTJnAI.exe
  2⤵
  PID:12860
- C:\Windows\System\voXuqrM.exe
  C:\Windows\System\voXuqrM.exe
  2⤵
  PID:12884
- C:\Windows\System\tlJbCQe.exe
  C:\Windows\System\tlJbCQe.exe
  2⤵
  PID:12924
- C:\Windows\System\qCtlpKk.exe
  C:\Windows\System\qCtlpKk.exe
  2⤵
  PID:12952
- C:\Windows\System\iBDZgQL.exe
  C:\Windows\System\iBDZgQL.exe
  2⤵
  PID:12992
- C:\Windows\System\xKpyLJK.exe
  C:\Windows\System\xKpyLJK.exe
  2⤵
  PID:13020
- C:\Windows\System\rZaWuKP.exe
  C:\Windows\System\rZaWuKP.exe
  2⤵
  PID:13064
- C:\Windows\System\dpUNLkr.exe
  C:\Windows\System\dpUNLkr.exe
  2⤵
  PID:13096
- C:\Windows\System\sXPBcpc.exe
  C:\Windows\System\sXPBcpc.exe
  2⤵
  PID:13132
- C:\Windows\System\HbfQcuy.exe
  C:\Windows\System\HbfQcuy.exe
  2⤵
  PID:13152
- C:\Windows\System\JwTrUgA.exe
  C:\Windows\System\JwTrUgA.exe
  2⤵
  PID:13180
- C:\Windows\System\frHEloA.exe
  C:\Windows\System\frHEloA.exe
  2⤵
  PID:13208
- C:\Windows\System\glinDPD.exe
  C:\Windows\System\glinDPD.exe
  2⤵
  PID:13240
- C:\Windows\System\njvrWTg.exe
  C:\Windows\System\njvrWTg.exe
  2⤵
  PID:13268
- C:\Windows\System\MvMKorA.exe
  C:\Windows\System\MvMKorA.exe
  2⤵
  PID:13292
- C:\Windows\System\oRFUUhy.exe
  C:\Windows\System\oRFUUhy.exe
  2⤵
  PID:12312
- C:\Windows\System\EQfepqr.exe
  C:\Windows\System\EQfepqr.exe
  2⤵
  PID:12384
- C:\Windows\System\pNBJZqu.exe
  C:\Windows\System\pNBJZqu.exe
  2⤵
  PID:12432
- C:\Windows\System\HIlFkJt.exe
  C:\Windows\System\HIlFkJt.exe
  2⤵
  PID:12476
- C:\Windows\System\ZmjLQhN.exe
  C:\Windows\System\ZmjLQhN.exe
  2⤵
  PID:12532
- C:\Windows\System\DQrxsSt.exe
  C:\Windows\System\DQrxsSt.exe
  2⤵
  PID:12576
- C:\Windows\System\GreCUev.exe
  C:\Windows\System\GreCUev.exe
  2⤵
  PID:12660
- C:\Windows\System\YcLNeLH.exe
  C:\Windows\System\YcLNeLH.exe
  2⤵
  PID:12724
- C:\Windows\System\NixwJTH.exe
  C:\Windows\System\NixwJTH.exe
  2⤵
  PID:12796
- C:\Windows\System\iNbPwyv.exe
  C:\Windows\System\iNbPwyv.exe
  2⤵
  PID:12828
- C:\Windows\System\nIduoVf.exe
  C:\Windows\System\nIduoVf.exe
  2⤵
  PID:12900
- C:\Windows\System\EgwFCxx.exe
  C:\Windows\System\EgwFCxx.exe
  2⤵
  PID:12940
- C:\Windows\System\hWJSdDW.exe
  C:\Windows\System\hWJSdDW.exe
  2⤵
  PID:13008
- C:\Windows\System\GdzQrSL.exe
  C:\Windows\System\GdzQrSL.exe
  2⤵
  PID:13080
- C:\Windows\System\kDupXxD.exe
  C:\Windows\System\kDupXxD.exe
  2⤵
  PID:528
- C:\Windows\System\IsxFTvj.exe
  C:\Windows\System\IsxFTvj.exe
  2⤵
  PID:13200
- C:\Windows\System\mAZVJEs.exe
  C:\Windows\System\mAZVJEs.exe
  2⤵
  PID:13284
- C:\Windows\System\EAhuGbk.exe
  C:\Windows\System\EAhuGbk.exe
  2⤵
  PID:3908
- C:\Windows\System\MCgOJMQ.exe
  C:\Windows\System\MCgOJMQ.exe
  2⤵
  PID:12504
- C:\Windows\System\ZsPVBMD.exe
  C:\Windows\System\ZsPVBMD.exe
  2⤵
  PID:12652
- C:\Windows\System\mXvrcns.exe
  C:\Windows\System\mXvrcns.exe
  2⤵
  PID:12768
- C:\Windows\System\kOJNQGl.exe
  C:\Windows\System\kOJNQGl.exe
  2⤵
  PID:12968
- C:\Windows\System\SLnIGYt.exe
  C:\Windows\System\SLnIGYt.exe
  2⤵
  PID:13116
- C:\Windows\System\eiEFLie.exe
  C:\Windows\System\eiEFLie.exe
  2⤵
  PID:13260
- C:\Windows\System\ASNMDCv.exe
  C:\Windows\System\ASNMDCv.exe
  2⤵
  PID:12168
- C:\Windows\System\sVIlDnh.exe
  C:\Windows\System\sVIlDnh.exe
  2⤵
  PID:5728
- C:\Windows\System\uKSKJFR.exe
  C:\Windows\System\uKSKJFR.exe
  2⤵
  PID:13176
- C:\Windows\System\WJNkLug.exe
  C:\Windows\System\WJNkLug.exe
  2⤵
  PID:13308
- C:\Windows\System\XmSOizd.exe
  C:\Windows\System\XmSOizd.exe
  2⤵
  PID:12872
- C:\Windows\System\hgtGUiN.exe
  C:\Windows\System\hgtGUiN.exe
  2⤵
  PID:13316
- C:\Windows\System\XkwMaNd.exe
  C:\Windows\System\XkwMaNd.exe
  2⤵
  PID:13344
- C:\Windows\System\hXtGUEH.exe
  C:\Windows\System\hXtGUEH.exe
  2⤵
  PID:13384
- C:\Windows\System\ClIsnhS.exe
  C:\Windows\System\ClIsnhS.exe
  2⤵
  PID:13412
- C:\Windows\System\LskWKDh.exe
  C:\Windows\System\LskWKDh.exe
  2⤵
  PID:13432
- C:\Windows\System\oSJBURi.exe
  C:\Windows\System\oSJBURi.exe
  2⤵
  PID:13464
- C:\Windows\System\npqQrCL.exe
  C:\Windows\System\npqQrCL.exe
  2⤵
  PID:13488
- C:\Windows\System\zfkQrDw.exe
  C:\Windows\System\zfkQrDw.exe
  2⤵
  PID:13516
- C:\Windows\System\umouwEA.exe
  C:\Windows\System\umouwEA.exe
  2⤵
  PID:13544
- C:\Windows\System\ffSWBze.exe
  C:\Windows\System\ffSWBze.exe
  2⤵
  PID:13576
- C:\Windows\System\mKSaGnx.exe
  C:\Windows\System\mKSaGnx.exe
  2⤵
  PID:13608
- C:\Windows\System\nnDCbEB.exe
  C:\Windows\System\nnDCbEB.exe
  2⤵
  PID:13636
- C:\Windows\System\OUdoiLG.exe
  C:\Windows\System\OUdoiLG.exe
  2⤵
  PID:13664
- C:\Windows\System\bgXtxjl.exe
  C:\Windows\System\bgXtxjl.exe
  2⤵
  PID:13692
- C:\Windows\System\xhlIAiG.exe
  C:\Windows\System\xhlIAiG.exe
  2⤵
  PID:13720
- C:\Windows\System\egCxpoO.exe
  C:\Windows\System\egCxpoO.exe
  2⤵
  PID:13748
- C:\Windows\System\zCFTXVK.exe
  C:\Windows\System\zCFTXVK.exe
  2⤵
  PID:13776
- C:\Windows\System\YbCnDhF.exe
  C:\Windows\System\YbCnDhF.exe
  2⤵
  PID:13796
- C:\Windows\System\nxsWznN.exe
  C:\Windows\System\nxsWznN.exe
  2⤵
  PID:13832
- C:\Windows\System\uXigimM.exe
  C:\Windows\System\uXigimM.exe
  2⤵
  PID:13860
- C:\Windows\System\TPvHemA.exe
  C:\Windows\System\TPvHemA.exe
  2⤵
  PID:13888
- C:\Windows\System\PSpYUHX.exe
  C:\Windows\System\PSpYUHX.exe
  2⤵
  PID:13916
- C:\Windows\System\ALLkeSZ.exe
  C:\Windows\System\ALLkeSZ.exe
  2⤵
  PID:13932
- C:\Windows\System\DIgJMsc.exe
  C:\Windows\System\DIgJMsc.exe
  2⤵
  PID:13960
- C:\Windows\System\pjHaiAn.exe
  C:\Windows\System\pjHaiAn.exe
  2⤵
  PID:13988
- C:\Windows\System\EiTxNFO.exe
  C:\Windows\System\EiTxNFO.exe
  2⤵
  PID:14016
- C:\Windows\System\GgHPiNV.exe
  C:\Windows\System\GgHPiNV.exe
  2⤵
  PID:14048
- C:\Windows\System\KxOmsEB.exe
  C:\Windows\System\KxOmsEB.exe
  2⤵
  PID:14072
- C:\Windows\System\tKFlQFj.exe
  C:\Windows\System\tKFlQFj.exe
  2⤵
  PID:14100
- C:\Windows\System\bxxdNZh.exe
  C:\Windows\System\bxxdNZh.exe
  2⤵
  PID:14128
- C:\Windows\System\SeoNGoY.exe
  C:\Windows\System\SeoNGoY.exe
  2⤵
  PID:14156
- C:\Windows\System\RcKtnqA.exe
  C:\Windows\System\RcKtnqA.exe
  2⤵
  PID:14196
- C:\Windows\System\DUrLMOU.exe
  C:\Windows\System\DUrLMOU.exe
  2⤵
  PID:14228
- C:\Windows\System\vaaLMBL.exe
  C:\Windows\System\vaaLMBL.exe
  2⤵
  PID:14256
- C:\Windows\System\IoNoQmU.exe
  C:\Windows\System\IoNoQmU.exe
  2⤵
  PID:14284
- C:\Windows\System\KEYFUGa.exe
  C:\Windows\System\KEYFUGa.exe
  2⤵
  PID:14312
- C:\Windows\System\HnFYDBQ.exe
  C:\Windows\System\HnFYDBQ.exe
  2⤵
  PID:13332
- C:\Windows\System\bnLpyjD.exe
  C:\Windows\System\bnLpyjD.exe
  2⤵
  PID:13368
- C:\Windows\System\QBTDxOP.exe
  C:\Windows\System\QBTDxOP.exe
  2⤵
  PID:13420
- C:\Windows\System\AMFpbfb.exe
  C:\Windows\System\AMFpbfb.exe
  2⤵
  PID:13484
- C:\Windows\System\iWRNgfp.exe
  C:\Windows\System\iWRNgfp.exe
  2⤵
  PID:13532
- C:\Windows\System\OjvPcgU.exe
  C:\Windows\System\OjvPcgU.exe
  2⤵
  PID:13600
- C:\Windows\System\pXgndyD.exe
  C:\Windows\System\pXgndyD.exe
  2⤵
  PID:13688
- C:\Windows\System\clEyfGQ.exe
  C:\Windows\System\clEyfGQ.exe
  2⤵
  PID:13764
- C:\Windows\System\kQMYZSA.exe
  C:\Windows\System\kQMYZSA.exe
  2⤵
  PID:13828
- C:\Windows\System\LWdEzgD.exe
  C:\Windows\System\LWdEzgD.exe
  2⤵
  PID:4556
- C:\Windows\System\rwNOMQw.exe
  C:\Windows\System\rwNOMQw.exe
  2⤵
  PID:13880
- C:\Windows\System\OAlLsMO.exe
  C:\Windows\System\OAlLsMO.exe
  2⤵
  PID:13928
- C:\Windows\System\plXOfQm.exe
  C:\Windows\System\plXOfQm.exe
  2⤵
  PID:14000
- C:\Windows\System\vtfVCDJ.exe
  C:\Windows\System\vtfVCDJ.exe
  2⤵
  PID:14028
- C:\Windows\System\ZkUrpaI.exe
  C:\Windows\System\ZkUrpaI.exe
  2⤵
  PID:14112
- C:\Windows\System\TUepPeJ.exe
  C:\Windows\System\TUepPeJ.exe
  2⤵
  PID:14184
- C:\Windows\System\VQUvnHE.exe
  C:\Windows\System\VQUvnHE.exe
  2⤵
  PID:14244
- C:\Windows\System\lyoJAkh.exe
  C:\Windows\System\lyoJAkh.exe
  2⤵
  PID:14308
- C:\Windows\System\vfNuyEj.exe
  C:\Windows\System\vfNuyEj.exe
  2⤵
  PID:3236
- C:\Windows\System\ojscgQt.exe
  C:\Windows\System\ojscgQt.exe
  2⤵
  PID:13496
- C:\Windows\System\JPLNoeQ.exe
  C:\Windows\System\JPLNoeQ.exe
  2⤵
  PID:13632
- C:\Windows\System\DmbuXwA.exe
  C:\Windows\System\DmbuXwA.exe
  2⤵
  PID:13784
- C:\Windows\System\dkLsMlz.exe
  C:\Windows\System\dkLsMlz.exe
  2⤵
  PID:13856
- C:\Windows\System\pbPZwQy.exe
  C:\Windows\System\pbPZwQy.exe
  2⤵
  PID:14036
- C:\Windows\System\mObtBfK.exe
  C:\Windows\System\mObtBfK.exe
  2⤵
  PID:14148
- C:\Windows\System\JVTyNFA.exe
  C:\Windows\System\JVTyNFA.exe
  2⤵
  PID:14324
- C:\Windows\System\FPwDDur.exe
  C:\Windows\System\FPwDDur.exe
  2⤵
  PID:13512
- C:\Windows\System\AGcHEDq.exe
  C:\Windows\System\AGcHEDq.exe
  2⤵
  PID:13844
- C:\Windows\System\bkiZxwk.exe
  C:\Windows\System\bkiZxwk.exe
  2⤵
  PID:14224
- C:\Windows\System\vsXcIFZ.exe
  C:\Windows\System\vsXcIFZ.exe
  2⤵
  PID:13704
- C:\Windows\System\AgRGTIf.exe
  C:\Windows\System\AgRGTIf.exe
  2⤵
  PID:14268
- C:\Windows\System\AjtPyjW.exe
  C:\Windows\System\AjtPyjW.exe
  2⤵
  PID:968
- C:\Windows\System\gDKbfvi.exe
  C:\Windows\System\gDKbfvi.exe
  2⤵
  PID:740
- C:\Windows\System\uzEhPtd.exe
  C:\Windows\System\uzEhPtd.exe
  2⤵
  PID:14372
- C:\Windows\System\EsZqRKS.exe
  C:\Windows\System\EsZqRKS.exe
  2⤵
  PID:14396
- C:\Windows\System\ufsHkVs.exe
  C:\Windows\System\ufsHkVs.exe
  2⤵
  PID:14428
- C:\Windows\System\WnsXLNn.exe
  C:\Windows\System\WnsXLNn.exe
  2⤵
  PID:14444
- C:\Windows\System\YHIBYQq.exe
  C:\Windows\System\YHIBYQq.exe
  2⤵
  PID:14476
- C:\Windows\System\oEkdnuz.exe
  C:\Windows\System\oEkdnuz.exe
  2⤵
  PID:14504
- C:\Windows\System\OPWQGKA.exe
  C:\Windows\System\OPWQGKA.exe
  2⤵
  PID:14528
- C:\Windows\System\IxYGwfl.exe
  C:\Windows\System\IxYGwfl.exe
  2⤵
  PID:14568
- C:\Windows\System\eCSyAnB.exe
  C:\Windows\System\eCSyAnB.exe
  2⤵
  PID:14588
- C:\Windows\System\GVkIklj.exe
  C:\Windows\System\GVkIklj.exe
  2⤵
  PID:14612
- C:\Windows\System\BCxEwaV.exe
  C:\Windows\System\BCxEwaV.exe
  2⤵
  PID:14664
- C:\Windows\System\STlCzVW.exe
  C:\Windows\System\STlCzVW.exe
  2⤵
  PID:14680
- C:\Windows\System\nPrLSxk.exe
  C:\Windows\System\nPrLSxk.exe
  2⤵
  PID:14708
- C:\Windows\System\qVrDJvi.exe
  C:\Windows\System\qVrDJvi.exe
  2⤵
  PID:14740
- C:\Windows\System\EuJtXdE.exe
  C:\Windows\System\EuJtXdE.exe
  2⤵
  PID:14764
- C:\Windows\System\SwJifrY.exe
  C:\Windows\System\SwJifrY.exe
  2⤵
  PID:14784
- C:\Windows\System\IcmghKq.exe
  C:\Windows\System\IcmghKq.exe
  2⤵
  PID:14828
- C:\Windows\System\JgJlTUe.exe
  C:\Windows\System\JgJlTUe.exe
  2⤵
  PID:14856
- C:\Windows\System\qGeYvEI.exe
  C:\Windows\System\qGeYvEI.exe
  2⤵
  PID:14872
- C:\Windows\System\bOrkxUQ.exe
  C:\Windows\System\bOrkxUQ.exe
  2⤵
  PID:14896
- C:\Windows\System\LEONYyM.exe
  C:\Windows\System\LEONYyM.exe
  2⤵
  PID:14924
- C:\Windows\System\rQDyQaI.exe
  C:\Windows\System\rQDyQaI.exe
  2⤵
  PID:14944
- C:\Windows\System\KXgTCER.exe
  C:\Windows\System\KXgTCER.exe
  2⤵
  PID:14960
- C:\Windows\System\LeVWQQS.exe
  C:\Windows\System\LeVWQQS.exe
  2⤵
  PID:14992
- C:\Windows\System\IAsoFSl.exe
  C:\Windows\System\IAsoFSl.exe
  2⤵
  PID:15032
- C:\Windows\System\nDqTpsS.exe
  C:\Windows\System\nDqTpsS.exe
  2⤵
  PID:15068
- C:\Windows\System\AJHRRQB.exe
  C:\Windows\System\AJHRRQB.exe
  2⤵
  PID:15108
- C:\Windows\System\MdHmRWA.exe
  C:\Windows\System\MdHmRWA.exe
  2⤵
  PID:15136
- C:\Windows\System\KruGfPc.exe
  C:\Windows\System\KruGfPc.exe
  2⤵
  PID:15156
- C:\Windows\System\xptuKXA.exe
  C:\Windows\System\xptuKXA.exe
  2⤵
  PID:15180
- C:\Windows\System\mifyycp.exe
  C:\Windows\System\mifyycp.exe
  2⤵
  PID:15208
- C:\Windows\System\yjewnxR.exe
  C:\Windows\System\yjewnxR.exe
  2⤵
  PID:15232
- C:\Windows\System\FugSnzQ.exe
  C:\Windows\System\FugSnzQ.exe
  2⤵
  PID:15276
- C:\Windows\System\ZqeYkxE.exe
  C:\Windows\System\ZqeYkxE.exe
  2⤵
  PID:15296
- C:\Windows\System\krOopkp.exe
  C:\Windows\System\krOopkp.exe
  2⤵
  PID:15332

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BBCAzYv.exe

Filesize
2.6MB

MD5
aad0cfc7c47e69e094b358a032aa94cd

SHA1
2ddaf996a3c2dc7ca044348c68db0db4e39bf36e

SHA256
bac00b88f7098964c6d9a0639fe2e1f5a631eddc92fc92b623747183923fe201

SHA512
a3c38881ebb905eef4c25101d38767ecb38fca442bedddf6abe09dd167f003494f103f13a77b1d6130f71d4361fc30e127e5c45231411602fcf10a3577da455c

Download Submit
C:\Windows\System\CoOgnKo.exe

Filesize
2.6MB

MD5
d0798c677bb319a316918fcb06399a71

SHA1
f6d60b5f099c8815d243ed6813f63c8ce102e7af

SHA256
84243981dde7406eee8dc4360d389b026d540799492e5e6250ef65647d3753d0

SHA512
001005963c7654a8e8805bd89513223f755a6771e34c929c7a3b801eca3a8ab3913f10f3d7af9063a613a96640e3c29dca0ce5e7ae1001f7b02bb811c9ee1dbd

Download Submit
C:\Windows\System\EyVyXLf.exe

Filesize
2.6MB

MD5
28388fd65a4fe385364f529d951b1c73

SHA1
0051d3a603239c147da4138bfc797dbf0eaf4cd8

SHA256
f66fcf92a9c0e27f5525ec6dab6f724e8a34331c07ad5247916c2c6080dff5b0

SHA512
9620d21a0f14e68b6646ec9905824032463bccf589dd6dc3135cfb8aaef2e002bc64fde4fcaaac3f21d53b9aeedfa3eb27d780476244f41137f92defadc4bc88

Download Submit
C:\Windows\System\GztbGeD.exe

Filesize
2.6MB

MD5
a0231f6b74a13529aeee05c59b54cacb

SHA1
8061c771a0248f876f735e7a6f48a7377f0fe3ee

SHA256
af74a32ce7f62444be80bfb0100cc3b036a051e8a3f848439ab317e34faf3a0e

SHA512
8cf45e3616b4bfec66d28d3398b2427063ddfe476f672f6ac55432b848699fb103133f395ac29bf6f26b642a4eabbf8968a722c7c50b5e1d520df9ebcb9d9037

Download Submit
C:\Windows\System\LiqbVJu.exe

Filesize
2.6MB

MD5
df8cf189b0a8464663c501fc2f45dea6

SHA1
8f9def56cc98cc757dc09c3e20fcdc8144f0e67a

SHA256
bc31e0d088f4f0a135b023730b49078e89305141ce74d67133e1eb1733a65443

SHA512
4c5b6a4daa1705ca4b9f99c69338fb5ef71119b7992462ce0dfbc71b24196ca9730999c2c2c2f125149026a570ec877d719d4433bfc570076955349b37be2f49

Download Submit
C:\Windows\System\MDaCmjy.exe

Filesize
2.6MB

MD5
06ea5c6e435765720619cb3905a49132

SHA1
bdbbfd05fda56b048c374d5f26377a558062d5f3

SHA256
5375e27683effcfdaa64ec1408fe19375373f593c9581cf688bdb03ed8e126db

SHA512
8325006fc19341d0617f650884ebc702c7508404090921e5f7e61bf7295d9ae7b97ec38f749fcf78c2c82b96147432f1901089ae2097ec1bb2c48e8b666cc634

Download Submit
C:\Windows\System\NMUTSxU.exe

Filesize
2.6MB

MD5
5e48a02e4385cba3062f36a3c5304624

SHA1
f56d443e70c7a2f96cae978688ca541351de4a46

SHA256
3d75c2f04445187a5b3886335ed598ca4138e6dae17836aa0bd3d663bc60cab6

SHA512
f38bc977932a522fa8f237bf5a97fab43a8d22c83e98b5186a9eeeecbd6c463be903b1db536a414712fd9b6db5d82429de9fe9d4d89ad88c6c239926075a4c30

Download Submit
C:\Windows\System\PpEpNMn.exe

Filesize
2.6MB

MD5
b580538906f2af7521da50465cc8524d

SHA1
3602b44342c184e7e9956c1c59ae1686aa6028e6

SHA256
e321eaf6c723a74885edc6992152780b10471978b317fbcbc7d34b4fbadcd39c

SHA512
9fdbcbe4deef9824972e0cf73bde93a2d097b4c16b37c6cac554974ef1d577d9c1b2eb1934af17ea4bc802da67a60d6b3e2adff8bfb9518c8d1e03c3318b371a

Download Submit
C:\Windows\System\SDdrkoo.exe

Filesize
2.6MB

MD5
9fc76cfb36c1d398a33660fc60f4560f

SHA1
ff28ee35a8e3e99ebce19ef700d8445aec72553d

SHA256
1a944e550f46bafb1c01be185d13411aea2adf0b3657c51751bf409384530ed7

SHA512
b187a9d5aeab2750511db2840a1c5295be3276783262678c2515cfa67d84cca484553cff1b0f32093759ebb69fb5d04e21313229ce9b1f37e06747a0ea4e004a

Download Submit
C:\Windows\System\SKGqbut.exe

Filesize
2.6MB

MD5
2a4b251d36a88ae46dc8fffb6328a858

SHA1
38e01103d03f8faba963d0cd360f18781abddbc1

SHA256
2de05bacb77a9b6b2f5548c98ec9005c442da9a1ef3af0ba23bf43fa7a5337da

SHA512
087cc302e8752a5d83851ad13558ffcee4cbe03c2c1581c11675374a74556b7d2f48b31cfe36edfe09e9c36b02c0809d79345cfcb0a5d118fd36126df3310836

Download Submit
C:\Windows\System\SRsGLqP.exe

Filesize
2.6MB

MD5
b9b465ff9494d5de4004ee789c5133c0

SHA1
4219ca31365f5459c0388ce15d95983caab8e97a

SHA256
c7c9fddb388b2c3e324e43a34061b855fbf4c9742242d03a78ab05d0f5772a1b

SHA512
3dcf3920171727638b3829e9ec50235669c6d3f6e018d3c729db41eb3740b33713b85e866cff8ef570d3885de19b75ced8821fd8f6a461ebaf3e21f3019f6f1e

Download Submit
C:\Windows\System\TWzJePP.exe

Filesize
2.6MB

MD5
e8722a042a0174e67291c11bbd26571a

SHA1
72269a2ac31097ec0161ad0bfb1d6f11131e831f

SHA256
097b43c5e92e3b71d39bc1638bdbc77fb7aa12decb2b505fa05bbd71d7487caf

SHA512
717a31ead0208a32a0effe61fbfa0a7a5b60f5968a3c9a777878a4ede6d733dbbe56ef38d5303fa66053cffc336d6641a0e3f69b5cd80d42ead4f1daaa3917c2

Download Submit
C:\Windows\System\XYJRnIL.exe

Filesize
2.6MB

MD5
32a593729822092b1a6adae36707de1d

SHA1
9681dd048a4da5ef71851e1d1f00c57294ff999a

SHA256
a777ec0d5682e9fa6a47352cd5e5021f6d8bc35e5046a4ecf455fb26dcd72375

SHA512
ce09a42dd38a90e040cb85a762d967a67faea28d8d8c7db0e2ff361673237db50b95c1f9482f8e5b7777c382eb77efde8a47049ed4167f57ef83fad8b44eee4b

Download Submit
C:\Windows\System\ZfWiLWB.exe

Filesize
2.6MB

MD5
3e838ff2520212a2ad372102f918b0b5

SHA1
2fb639dc0ceafd699190303ac7f57f546f03aa46

SHA256
f294dfb9b5b97b08ed4d007a0ccddda57390f7c2150e36abc1359ae5af0b0130

SHA512
8b0bad8455d304849e51d517d437f0a2d32144dd8339f4a27980a40ec4bdc11df1fca8331df1530057193d42a742e670eb88b1224b3b4a6ed5345f91e5ff5fba

Download Submit
C:\Windows\System\ZmWTKjd.exe

Filesize
2.6MB

MD5
ea385b63f1c1b1460ffc81a6a6b6d6e6

SHA1
f1f0bfab24411c87a8c7bd8aa96ed9452835e472

SHA256
0b2b2063ecd129331e7279ac59aac8422070d10b59120050501bdab5ad91fbd1

SHA512
b4da94e3d6647f579a86b9a8c2c0f6110a6128ee4b9490109a98a1e90a074e03c8e951447699035494f7882e6a905b6122338a80d19dfe0dc0456c42aeef3d74

Download Submit
C:\Windows\System\ZrXnyIP.exe

Filesize
2.6MB

MD5
358ad2467795795821c2c1134c981929

SHA1
e98d59172ccdad6584c8c7cf150b07d743319be6

SHA256
8e2ceff4e7767d3035f7ba429a2094f644d9a2d709218e2910bb9a435eb9abe2

SHA512
7393f2a29b98e82d7782a8f774b66dc1829b93642b2dab6caa21deff0eab9a902bfb39360d847be82a0560245fe439c8eae689ef7c4351bfd0ba901022d3a5bb

Download Submit
C:\Windows\System\cdnuHcI.exe

Filesize
2.6MB

MD5
e8c82cda9471e6fe9f3c2c753fb8cf4c

SHA1
8a31fe6ed15e8e51ec35754968d878c8a537246f

SHA256
b8b18b42032680d08f889e34413f48d477df2630189ae3ca94e95b6cc90615ed

SHA512
bb5ad4b402cdc864b68f7a31126c535e44426f6012c3e2f081ad0f03c7451d0ce83ba79c9dcaac8ef9eeb2c342f232966f629a10825aa243a6e1ecb208e8c91c

Download Submit
C:\Windows\System\ctnNGgk.exe

Filesize
2.6MB

MD5
ca038d160dc2c75f50edfd68983187c9

SHA1
d5d353beaf14af7bcde6974f8abef9be3a3a8449

SHA256
7368228810ede308f23c55ab29a2d076522667530f6716f31b43d5237ed61013

SHA512
e13525745d4aa93050001589c69009ad1512797a6fa5659d23fedfb4aacf4f9236a0b8daa4145904dd1c344dcfd28babe1fcd00b1501a59a7ed3161df8d979f8

Download Submit
C:\Windows\System\eTVKBVy.exe

Filesize
2.6MB

MD5
4d30c797b5c82980447783770dab2434

SHA1
9f80e73c6331ff68c32fdbd6c79213e582c974a2

SHA256
fe6d1e3b89445a71a0155e93fa4a5ad6b734e212033c6f4a48f40029249bdf55

SHA512
f11ad688b20dec70a07336424dcc58ad30ead423a4bc958d2f8a45a4c851a036dc01ffde77658e3cfbd83d7d47fc2d2079cf409b4f55586bea9f182101d3eab3

Download Submit
C:\Windows\System\eywWIff.exe

Filesize
2.6MB

MD5
1dd2fbf73cb70a6641141fff8316b86d

SHA1
9db2397fbccf9f2dfb8733990d584afb9c8bdd6d

SHA256
f4f0ace71a41ffa4527521ce53219330df57be5e22ce9a3b19be67cf1b3b51a5

SHA512
aa8ad4f9daf9996b8e9dc277ac179fe28e7e7feff67b19bc8d94ccda036d0deec832de3954df3f7dcf25b42951c31965b0f54040c1c2caae8575797359421271

Download Submit
C:\Windows\System\huxJCKI.exe

Filesize
2.6MB

MD5
0b3a70b0e04f92ed197742dabb1e9227

SHA1
1a350788ce0ea4635fb4c3884c31f1a5861d97ec

SHA256
693c4943abe1332cf12e34188351996e6f035f65515b31f1c57e0565866397f5

SHA512
0b659cbe82b1ff8512480e6dabe7702dcbb1c0b7fc0bbda363ac9370b073eca227f510324f64abbfe3331603830a94d8b83ab397d96d078d5c2b336eb54aa237

Download Submit
C:\Windows\System\hydUvdl.exe

Filesize
2.6MB

MD5
a45b61dbd6a7971f883bf126d5c58156

SHA1
bcb99dfcf3a6e9fcb9a09739e310fb8f551b8ae3

SHA256
886192837ec64c6218bb298f53e68a4c63b2a5c9d5bafdbd1efab8437a01e658

SHA512
b0b3ade1e1338d30ad3bf4abea8c213ea867c96c375ee7510189b5d5f54cff867910dc4019f9d97d5b11870a506468161c4b307674f8707b50b992e81483080b

Download Submit
C:\Windows\System\iggqtqQ.exe

Filesize
2.6MB

MD5
9fb83a5b39ba7a825fe6ec167196c5e2

SHA1
ea70bb3bbb8bf06daebfb249e6fe9f49d7d95d66

SHA256
949caade13d318fac51f8bdfff51911a2f5af954c5315d160f32892826593dbe

SHA512
3b9081b2b3bc1f451d857319309928199038f28174f7b1e6ac3ca66851f64332b1467702148005ebfd9859f7f6aa1bd2521022f1e7159dcab37a9a4db65459c5

Download Submit
C:\Windows\System\kIdGpuP.exe

Filesize
2.6MB

MD5
6107256e5db097791ed98bc8999f7ba8

SHA1
7841ecd6a1240d88c7d3750e3abe4b07edfe2f19

SHA256
0b2bb452446dd47b07407775aa2036ceb5275d88c2123a3fe7978ff6c67250cf

SHA512
1b263842a52208eafb8e0056deb848863bf46c227936ea16403da2774ad15c8e656e5b6cb8dd9449cda4f418d015ad277e7bceb6dd61ec8ba0c3dda8d3ac8182

Download Submit
C:\Windows\System\lSmHPux.exe

Filesize
2.6MB

MD5
9e82db86e6b2f697b9d40d3cd6c8aa7d

SHA1
968a10582717c54cd101cf7b45452c888f4a9f6f

SHA256
7f6f42d1cf98538061f21c3e0d1d5aab67a2f8265e7b8023e7932d70535226a0

SHA512
519c084deec95fc41564943d237737953a0746c03c4af2e3ca4f4040a56713622acff4f6df85e11e77aa62cff1e67984029466204e519819da4fbf7cfdbe2ae1

Download Submit
C:\Windows\System\lkbwoGn.exe

Filesize
2.6MB

MD5
70862e0f0b28d6ce7f4e41e6d13e91b7

SHA1
f216d23a9b7cbae4b9b8e6e15b0c50b5aea2908b

SHA256
dbd75fab7c98f08b0133c955c7428dd880d38f7752429def708d30afcbd03cf1

SHA512
93d14ca85c8167cad7397f0e63663c18b100b4ee68d6b345788d0f90cc2ddbdd01d06efe42868cf28da65e4f02b479e2a52355e5040db81b1bc2a3519c18c19b

Download Submit
C:\Windows\System\mPtNxFu.exe

Filesize
2.6MB

MD5
e1a205354a6f2b23d2739347bfcdbaa2

SHA1
776aaca5d484eb661944543324e27da83c6b6f51

SHA256
4c87bd3ee530d9caf15b2a62d2da5e09ada0ef85608d1db21fb5923f37b83e96

SHA512
dfaf51d900dae2625ec1df6ec25a62c006c772e2cd32cabca3549dbc770ea2c36784a4188f49da434eb56bce0e1b0660b258b577758c1c24f01478a1db517868

Download Submit
C:\Windows\System\nQJVtzN.exe

Filesize
2.6MB

MD5
cc99078503eab3fa2f265efea314f8df

SHA1
b194ec5a9dfbd817af94b19b66226cd64fffb149

SHA256
8f7469915cbdc0148bbe17271d068e4105c6891bf6de6eccb1b6991edf3ec0fc

SHA512
862d91236666765f036c7f429fc4e3436f1bf43efb3a480b7da813eec1730fe456a00bcacdd849df87e73adfa9ab8317bdb81de4047c5334278a35ddf792fdb2

Download Submit
C:\Windows\System\oSVeYJM.exe

Filesize
2.6MB

MD5
53ce749c8d64c48d56278d2fff8d3905

SHA1
1b1a5c8841b36a1802223d8eb60000fe97193ee6

SHA256
b599a00b0585117c6f5af1cb5609acceb4024fe8012c05715e9d63611f50362f

SHA512
40298d64de26312da7b8dda21f4d0c2d932561a96699eba50f36773305df91b55586d72cddf47c1e4bc02c7db2036ee431e4858cc9046ba53608caf012f8d3e9

Download Submit
C:\Windows\System\pGtgqGN.exe

Filesize
2.6MB

MD5
bcb6c59b275ab9f5113731aa9ece19ce

SHA1
5d271b4f3ff80aaa5a387f2c42988c2239ee470e

SHA256
befbe9e0f0ffa409f72884ca34b34e7812be8e883e699e641850695392bd6fd6

SHA512
0f7b17655f0d80f57427c0d0c513df3d2616137ed4e199f8e5bcb4a29b34fe6bea63dae86fb1bbe39dcc3dad3f538b8b41e582e8fabdc5ae7c026dfb2ca5d1b1

Download Submit
C:\Windows\System\sNILGaS.exe

Filesize
2.6MB

MD5
126835b9f0ad831c8eb74db801b47747

SHA1
b4cba8f125bf002ddb643eb2ab8ae74f251870ed

SHA256
fd19710af6f796ee950cae4c7e185f645c905cbffa4ada733b5bd1d899a848c4

SHA512
9be942ceb874f7a1734b066c863f9403cb78012da68082946b556eb1050e6ce8bcc53e9d11aac07c67202fd405c060ffa4f39e4ac2484b5331fbfe3ba1fa607e

Download Submit
C:\Windows\System\uRMnfqX.exe

Filesize
2.6MB

MD5
bdf7a95b1e852c8985aeef1d14e35a52

SHA1
ebd585e2e95904d7efa1b3852e4f486f4cfe7505

SHA256
536c37890249745537989a04e565a0c0b9685fd251e2ddbdba1f9dee663e6910

SHA512
1463b3d35e375b0d8117650860f0e23b13f0d8b75841a5e0cf40cb82d0e4da6554e666fcfc972d9e1c6947fef64ca2dff87cbac7a2bed16c7b99a00e50073549

Download Submit
C:\Windows\System\xBilHit.exe

Filesize
2.6MB

MD5
708324c41be31f4d98fedf55fa653a32

SHA1
002db5a847dfdd2ed8a21a2be0c754b3adf70a60

SHA256
3a672657772cdcc8733855912386dfb5f48e1d5abfa713fdbc5e8ad19d118779

SHA512
1955fc436794991efcd39275f702ee47c8ffeb24e47b36ee06e11538e28b345a5ba045347be76bd01b1e6c4278a8b844d1dfd1fbf982d957e337375f6d3eafdf

Download Submit
C:\Windows\System\xvgsigV.exe

Filesize
2.6MB

MD5
023473b979f23ba61da091c17ef95d86

SHA1
305a225bda1c884b51488a4ca46bfb308c7cb30b

SHA256
ea28f384f0a401b0a8b5366c6f9080c3b560686fe1f0c90dd08925545573f779

SHA512
5238551e42eec09de60782b339eb3bbec9d5ee5045b60f4205619dfe7ae5fa2e39825a9e21bd6498ccb44db33b7377ca780212d73d6b2d3d7492ccfd9fbd611f

Download Submit
C:\Windows\System\zusdjAX.exe

Filesize
2.6MB

MD5
7b28d7a300265f0137af6db918d9d001

SHA1
e4e8452966e4987a0d561315259413e60a2a9ed1

SHA256
bf97f8c4e2b3198303b124f0995a8bb19a0fb7725112dec3ba4647f2b2916be8

SHA512
a53c15d90ff2cefa1b2e52463049c1921eedfafd9cc8a9a5c463166d85e8aaf18efc04d605387365ef2361dcca9fdef89c293b9d08272ffe1351fb53507dbfb5

Download Submit
memory/372-2216-0x00007FF6C60E0000-0x00007FF6C6434000-memory.dmp

Filesize
3.3MB

Download
memory/372-188-0x00007FF6C60E0000-0x00007FF6C6434000-memory.dmp

Filesize
3.3MB

Download
memory/372-2187-0x00007FF6C60E0000-0x00007FF6C6434000-memory.dmp

Filesize
3.3MB

Download
memory/432-65-0x00007FF7C5360000-0x00007FF7C56B4000-memory.dmp

Filesize
3.3MB

Download
memory/432-2192-0x00007FF7C5360000-0x00007FF7C56B4000-memory.dmp

Filesize
3.3MB

Download
memory/456-2189-0x00007FF7D7DC0000-0x00007FF7D8114000-memory.dmp

Filesize
3.3MB

Download
memory/456-148-0x00007FF7D7DC0000-0x00007FF7D8114000-memory.dmp

Filesize
3.3MB

Download
memory/456-10-0x00007FF7D7DC0000-0x00007FF7D8114000-memory.dmp

Filesize
3.3MB

Download
memory/2104-144-0x00007FF686B80000-0x00007FF686ED4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2182-0x00007FF686B80000-0x00007FF686ED4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2212-0x00007FF686B80000-0x00007FF686ED4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-145-0x00007FF72D630000-0x00007FF72D984000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2210-0x00007FF72D630000-0x00007FF72D984000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2183-0x00007FF72D630000-0x00007FF72D984000-memory.dmp

Filesize
3.3MB

Download
memory/2152-2202-0x00007FF77F140000-0x00007FF77F494000-memory.dmp

Filesize
3.3MB

Download
memory/2152-110-0x00007FF77F140000-0x00007FF77F494000-memory.dmp

Filesize
3.3MB

Download
memory/2228-138-0x00007FF74E4E0000-0x00007FF74E834000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2181-0x00007FF74E4E0000-0x00007FF74E834000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2209-0x00007FF74E4E0000-0x00007FF74E834000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2190-0x00007FF71F840000-0x00007FF71FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2572-31-0x00007FF71F840000-0x00007FF71FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2864-2213-0x00007FF772790000-0x00007FF772AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-173-0x00007FF772790000-0x00007FF772AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2186-0x00007FF7A8E90000-0x00007FF7A91E4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-183-0x00007FF7A8E90000-0x00007FF7A91E4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2215-0x00007FF7A8E90000-0x00007FF7A91E4000-memory.dmp

Filesize
3.3MB

Download
memory/3260-2193-0x00007FF7F9CD0000-0x00007FF7FA024000-memory.dmp

Filesize
3.3MB

Download
memory/3260-52-0x00007FF7F9CD0000-0x00007FF7FA024000-memory.dmp

Filesize
3.3MB

Download
memory/3272-132-0x00007FF6F18F0000-0x00007FF6F1C44000-memory.dmp

Filesize
3.3MB

Download
memory/3272-2207-0x00007FF6F18F0000-0x00007FF6F1C44000-memory.dmp

Filesize
3.3MB

Download
memory/3560-17-0x00007FF657910000-0x00007FF657C64000-memory.dmp

Filesize
3.3MB

Download
memory/3560-2188-0x00007FF657910000-0x00007FF657C64000-memory.dmp

Filesize
3.3MB

Download
memory/3568-64-0x00007FF69E2C0000-0x00007FF69E614000-memory.dmp

Filesize
3.3MB

Download
memory/3568-2197-0x00007FF69E2C0000-0x00007FF69E614000-memory.dmp

Filesize
3.3MB

Download
memory/3580-2206-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp

Filesize
3.3MB

Download
memory/3580-1297-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp

Filesize
3.3MB

Download
memory/3580-122-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp

Filesize
3.3MB

Download
memory/3848-2205-0x00007FF67C580000-0x00007FF67C8D4000-memory.dmp

Filesize
3.3MB

Download
memory/3848-130-0x00007FF67C580000-0x00007FF67C8D4000-memory.dmp

Filesize
3.3MB

Download
memory/4132-22-0x00007FF66F3F0000-0x00007FF66F744000-memory.dmp

Filesize
3.3MB

Download
memory/4132-175-0x00007FF66F3F0000-0x00007FF66F744000-memory.dmp

Filesize
3.3MB

Download
memory/4132-2191-0x00007FF66F3F0000-0x00007FF66F744000-memory.dmp

Filesize
3.3MB

Download
memory/4196-48-0x00007FF657F10000-0x00007FF658264000-memory.dmp

Filesize
3.3MB

Download
memory/4196-2194-0x00007FF657F10000-0x00007FF658264000-memory.dmp

Filesize
3.3MB

Download
memory/4196-526-0x00007FF657F10000-0x00007FF658264000-memory.dmp

Filesize
3.3MB

Download
memory/4224-62-0x00007FF75D2E0000-0x00007FF75D634000-memory.dmp

Filesize
3.3MB

Download
memory/4224-2196-0x00007FF75D2E0000-0x00007FF75D634000-memory.dmp

Filesize
3.3MB

Download
memory/4652-104-0x00007FF622F90000-0x00007FF6232E4000-memory.dmp

Filesize
3.3MB

Download
memory/4652-2200-0x00007FF622F90000-0x00007FF6232E4000-memory.dmp

Filesize
3.3MB

Download
memory/4652-1296-0x00007FF622F90000-0x00007FF6232E4000-memory.dmp

Filesize
3.3MB

Download
memory/4736-2204-0x00007FF6D5DD0000-0x00007FF6D6124000-memory.dmp

Filesize
3.3MB

Download
memory/4736-115-0x00007FF6D5DD0000-0x00007FF6D6124000-memory.dmp

Filesize
3.3MB

Download
memory/4956-127-0x00007FF7A67D0000-0x00007FF7A6B24000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2199-0x00007FF7A67D0000-0x00007FF7A6B24000-memory.dmp

Filesize
3.3MB

Download
memory/5140-862-0x00007FF69F5F0000-0x00007FF69F944000-memory.dmp

Filesize
3.3MB

Download
memory/5140-59-0x00007FF69F5F0000-0x00007FF69F944000-memory.dmp

Filesize
3.3MB

Download
memory/5140-2195-0x00007FF69F5F0000-0x00007FF69F944000-memory.dmp

Filesize
3.3MB

Download
memory/5232-2201-0x00007FF639140000-0x00007FF639494000-memory.dmp

Filesize
3.3MB

Download
memory/5232-111-0x00007FF639140000-0x00007FF639494000-memory.dmp

Filesize
3.3MB

Download
memory/5348-146-0x00007FF75B930000-0x00007FF75BC84000-memory.dmp

Filesize
3.3MB

Download
memory/5348-1-0x00000233342B0000-0x00000233342C0000-memory.dmp

Filesize
64KB

Download
memory/5348-0-0x00007FF75B930000-0x00007FF75BC84000-memory.dmp

Filesize
3.3MB

Download
memory/5532-2203-0x00007FF642580000-0x00007FF6428D4000-memory.dmp

Filesize
3.3MB

Download
memory/5532-109-0x00007FF642580000-0x00007FF6428D4000-memory.dmp

Filesize
3.3MB

Download
memory/5648-2184-0x00007FF6F1AD0000-0x00007FF6F1E24000-memory.dmp

Filesize
3.3MB

Download
memory/5648-147-0x00007FF6F1AD0000-0x00007FF6F1E24000-memory.dmp

Filesize
3.3MB

Download
memory/5648-2211-0x00007FF6F1AD0000-0x00007FF6F1E24000-memory.dmp

Filesize
3.3MB

Download
memory/5700-2185-0x00007FF7CDD20000-0x00007FF7CE074000-memory.dmp

Filesize
3.3MB

Download
memory/5700-166-0x00007FF7CDD20000-0x00007FF7CE074000-memory.dmp

Filesize
3.3MB

Download
memory/5700-2214-0x00007FF7CDD20000-0x00007FF7CE074000-memory.dmp

Filesize
3.3MB

Download
memory/5776-1295-0x00007FF7EE290000-0x00007FF7EE5E4000-memory.dmp

Filesize
3.3MB

Download
memory/5776-2198-0x00007FF7EE290000-0x00007FF7EE5E4000-memory.dmp

Filesize
3.3MB

Download
memory/5776-66-0x00007FF7EE290000-0x00007FF7EE5E4000-memory.dmp

Filesize
3.3MB

Download
memory/6064-2208-0x00007FF7675F0000-0x00007FF767944000-memory.dmp

Filesize
3.3MB

Download
memory/6064-123-0x00007FF7675F0000-0x00007FF767944000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads