xmrig | f48ebf22d4ce25356db6e6ab02ac81826afa45a3c946085612d186e470d60d5f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 03:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
Size

1.4MB
MD5

9cf03c42171d15220d5553e1460a0280
SHA1

28b988d99ee502238b2392220122c898cc1a2103
SHA256

f48ebf22d4ce25356db6e6ab02ac81826afa45a3c946085612d186e470d60d5f
SHA512

ab0040cf03ee281b7c63ef0134ebd0e77c0d0e5743aba78f583d594dbb5046dd9d94420840c5e250cbdacfb333daf63b336eb4fa4e14f5235e479c254da75128
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv32wTlvck3AWsu4Jseu/l:BezaTF8FcNkNdfE0pZ9ozt4wIXxeHNsv

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4264-0-0x00007FF689070000-0x00007FF6893C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-8.dat	xmrig
behavioral2/files/0x000900000002341b-6.dat	xmrig
behavioral2/files/0x0007000000023434-31.dat	xmrig
behavioral2/files/0x0007000000023440-67.dat	xmrig
behavioral2/memory/880-54-0x00007FF707A70000-0x00007FF707DC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023436-71.dat	xmrig
behavioral2/memory/1376-44-0x00007FF64EF50000-0x00007FF64F2A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023439-42.dat	xmrig
behavioral2/files/0x0007000000023438-40.dat	xmrig
behavioral2/files/0x0007000000023437-37.dat	xmrig
behavioral2/files/0x000700000002343b-58.dat	xmrig
behavioral2/files/0x000700000002343a-50.dat	xmrig
behavioral2/files/0x0007000000023432-24.dat	xmrig
behavioral2/memory/64-19-0x00007FF698360000-0x00007FF6986B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-34.dat	xmrig
behavioral2/files/0x000700000002344e-157.dat	xmrig
behavioral2/files/0x0007000000023455-192.dat	xmrig
behavioral2/memory/4940-227-0x00007FF68CCD0000-0x00007FF68D024000-memory.dmp	xmrig
behavioral2/memory/4884-266-0x00007FF742800000-0x00007FF742B54000-memory.dmp	xmrig
behavioral2/memory/1552-279-0x00007FF6986D0000-0x00007FF698A24000-memory.dmp	xmrig
behavioral2/memory/2248-288-0x00007FF70CA70000-0x00007FF70CDC4000-memory.dmp	xmrig
behavioral2/memory/2512-293-0x00007FF641D20000-0x00007FF642074000-memory.dmp	xmrig
behavioral2/memory/1240-296-0x00007FF6FCB40000-0x00007FF6FCE94000-memory.dmp	xmrig
behavioral2/memory/4796-295-0x00007FF60DB30000-0x00007FF60DE84000-memory.dmp	xmrig
behavioral2/memory/4016-294-0x00007FF671A60000-0x00007FF671DB4000-memory.dmp	xmrig
behavioral2/memory/1668-292-0x00007FF73EF70000-0x00007FF73F2C4000-memory.dmp	xmrig
behavioral2/memory/2708-291-0x00007FF70A4D0000-0x00007FF70A824000-memory.dmp	xmrig
behavioral2/memory/540-290-0x00007FF698A80000-0x00007FF698DD4000-memory.dmp	xmrig
behavioral2/memory/2008-289-0x00007FF661440000-0x00007FF661794000-memory.dmp	xmrig
behavioral2/memory/5104-287-0x00007FF6870E0000-0x00007FF687434000-memory.dmp	xmrig
behavioral2/memory/2308-286-0x00007FF735F50000-0x00007FF7362A4000-memory.dmp	xmrig
behavioral2/memory/4208-285-0x00007FF70A3D0000-0x00007FF70A724000-memory.dmp	xmrig
behavioral2/memory/1972-280-0x00007FF7F44E0000-0x00007FF7F4834000-memory.dmp	xmrig
behavioral2/memory/3624-277-0x00007FF75AB70000-0x00007FF75AEC4000-memory.dmp	xmrig
behavioral2/memory/4360-265-0x00007FF6E6060000-0x00007FF6E63B4000-memory.dmp	xmrig
behavioral2/memory/4548-248-0x00007FF7858F0000-0x00007FF785C44000-memory.dmp	xmrig
behavioral2/memory/2560-200-0x00007FF77C490000-0x00007FF77C7E4000-memory.dmp	xmrig
behavioral2/memory/4748-197-0x00007FF6A2600000-0x00007FF6A2954000-memory.dmp	xmrig
behavioral2/files/0x000700000002344d-191.dat	xmrig
behavioral2/files/0x0007000000023454-188.dat	xmrig
behavioral2/files/0x0007000000023446-186.dat	xmrig
behavioral2/files/0x0007000000023453-181.dat	xmrig
behavioral2/files/0x0007000000023441-178.dat	xmrig
behavioral2/files/0x0007000000023452-176.dat	xmrig
behavioral2/files/0x0007000000023451-173.dat	xmrig
behavioral2/files/0x0007000000023444-170.dat	xmrig
behavioral2/files/0x0007000000023450-166.dat	xmrig
behavioral2/files/0x000700000002344f-163.dat	xmrig
behavioral2/files/0x0007000000023443-160.dat	xmrig
behavioral2/memory/4844-154-0x00007FF738AE0000-0x00007FF738E34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023447-146.dat	xmrig
behavioral2/files/0x000700000002344c-137.dat	xmrig
behavioral2/files/0x000700000002344b-136.dat	xmrig
behavioral2/files/0x000700000002344a-134.dat	xmrig
behavioral2/files/0x0007000000023449-131.dat	xmrig
behavioral2/files/0x000a000000023426-129.dat	xmrig
behavioral2/memory/3656-120-0x00007FF726020000-0x00007FF726374000-memory.dmp	xmrig
behavioral2/files/0x0007000000023445-115.dat	xmrig
behavioral2/files/0x000700000002343f-110.dat	xmrig
behavioral2/files/0x0007000000023442-109.dat	xmrig
behavioral2/memory/1424-106-0x00007FF6A86F0000-0x00007FF6A8A44000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-102.dat	xmrig
behavioral2/files/0x000700000002343d-95.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
64	njVnCdk.exe
540	GjOAPLk.exe
1376	HYoOPHQ.exe
2708	FdCcswQ.exe
880	vOAIpbm.exe
4232	KoPiLYw.exe
3736	gelYitg.exe
1424	apODHFQ.exe
3656	TTpqsQu.exe
1668	QXlRoqK.exe
2512	UIxJvWR.exe
4844	kKClHoT.exe
4748	TNQeYEE.exe
2560	IEzPdIT.exe
4940	MneKCYa.exe
4548	CIBcvQM.exe
4360	vOTkTkD.exe
4016	efjcQfY.exe
4884	OIoddph.exe
3624	PJqRkNJ.exe
4796	xKNRZHP.exe
1552	ZDaCgua.exe
1972	bZPflGH.exe
1240	MRbpyLS.exe
4208	iVzWfqh.exe
2308	SOUtYsf.exe
5104	HQQyicW.exe
2248	kOajSRy.exe
2008	zelPQwA.exe
4168	rkxQFgb.exe
804	nHsxGfO.exe
4620	XwDWXxz.exe
1604	pXxPFcM.exe
4852	cTcOfYe.exe
4420	vHrrbnD.exe
884	SNiopLM.exe
3896	bjAHEOy.exe
4488	MixpTkp.exe
3632	XrIZPOs.exe
1792	lOKUOcH.exe
1568	xLqRYYz.exe
2060	zzXWFGz.exe
1780	fHjTBHX.exe
3676	FFluOGk.exe
3596	oIAPGcX.exe
3996	GpEzFUt.exe
2116	pVuVdHq.exe
1364	ymSbsby.exe
2888	aylONSe.exe
3016	XtRBmWO.exe
2012	DxKwrws.exe
4032	VoKdQGV.exe
3524	rYjRraX.exe
4460	VunkrIB.exe
2412	rhZZamo.exe
2328	GhjBcdm.exe
2032	OYUHmaV.exe
3116	hCyoCsA.exe
4424	TxCbDfm.exe
1196	TeFlYHf.exe
1336	dAPEXxZ.exe
4780	GYllbgY.exe
228	mZBwgNR.exe
2296	BUKSHXg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4264-0-0x00007FF689070000-0x00007FF6893C4000-memory.dmp	upx
behavioral2/files/0x0007000000023433-8.dat	upx
behavioral2/files/0x000900000002341b-6.dat	upx
behavioral2/files/0x0007000000023434-31.dat	upx
behavioral2/files/0x0007000000023440-67.dat	upx
behavioral2/memory/880-54-0x00007FF707A70000-0x00007FF707DC4000-memory.dmp	upx
behavioral2/files/0x0007000000023436-71.dat	upx
behavioral2/memory/1376-44-0x00007FF64EF50000-0x00007FF64F2A4000-memory.dmp	upx
behavioral2/files/0x0007000000023439-42.dat	upx
behavioral2/files/0x0007000000023438-40.dat	upx
behavioral2/files/0x0007000000023437-37.dat	upx
behavioral2/files/0x000700000002343b-58.dat	upx
behavioral2/files/0x000700000002343a-50.dat	upx
behavioral2/files/0x0007000000023432-24.dat	upx
behavioral2/memory/64-19-0x00007FF698360000-0x00007FF6986B4000-memory.dmp	upx
behavioral2/files/0x0007000000023435-34.dat	upx
behavioral2/files/0x000700000002344e-157.dat	upx
behavioral2/files/0x0007000000023455-192.dat	upx
behavioral2/memory/4940-227-0x00007FF68CCD0000-0x00007FF68D024000-memory.dmp	upx
behavioral2/memory/4884-266-0x00007FF742800000-0x00007FF742B54000-memory.dmp	upx
behavioral2/memory/1552-279-0x00007FF6986D0000-0x00007FF698A24000-memory.dmp	upx
behavioral2/memory/2248-288-0x00007FF70CA70000-0x00007FF70CDC4000-memory.dmp	upx
behavioral2/memory/2512-293-0x00007FF641D20000-0x00007FF642074000-memory.dmp	upx
behavioral2/memory/1240-296-0x00007FF6FCB40000-0x00007FF6FCE94000-memory.dmp	upx
behavioral2/memory/4796-295-0x00007FF60DB30000-0x00007FF60DE84000-memory.dmp	upx
behavioral2/memory/4016-294-0x00007FF671A60000-0x00007FF671DB4000-memory.dmp	upx
behavioral2/memory/1668-292-0x00007FF73EF70000-0x00007FF73F2C4000-memory.dmp	upx
behavioral2/memory/2708-291-0x00007FF70A4D0000-0x00007FF70A824000-memory.dmp	upx
behavioral2/memory/540-290-0x00007FF698A80000-0x00007FF698DD4000-memory.dmp	upx
behavioral2/memory/2008-289-0x00007FF661440000-0x00007FF661794000-memory.dmp	upx
behavioral2/memory/5104-287-0x00007FF6870E0000-0x00007FF687434000-memory.dmp	upx
behavioral2/memory/2308-286-0x00007FF735F50000-0x00007FF7362A4000-memory.dmp	upx
behavioral2/memory/4208-285-0x00007FF70A3D0000-0x00007FF70A724000-memory.dmp	upx
behavioral2/memory/1972-280-0x00007FF7F44E0000-0x00007FF7F4834000-memory.dmp	upx
behavioral2/memory/3624-277-0x00007FF75AB70000-0x00007FF75AEC4000-memory.dmp	upx
behavioral2/memory/4360-265-0x00007FF6E6060000-0x00007FF6E63B4000-memory.dmp	upx
behavioral2/memory/4548-248-0x00007FF7858F0000-0x00007FF785C44000-memory.dmp	upx
behavioral2/memory/2560-200-0x00007FF77C490000-0x00007FF77C7E4000-memory.dmp	upx
behavioral2/memory/4748-197-0x00007FF6A2600000-0x00007FF6A2954000-memory.dmp	upx
behavioral2/files/0x000700000002344d-191.dat	upx
behavioral2/files/0x0007000000023454-188.dat	upx
behavioral2/files/0x0007000000023446-186.dat	upx
behavioral2/files/0x0007000000023453-181.dat	upx
behavioral2/files/0x0007000000023441-178.dat	upx
behavioral2/files/0x0007000000023452-176.dat	upx
behavioral2/files/0x0007000000023451-173.dat	upx
behavioral2/files/0x0007000000023444-170.dat	upx
behavioral2/files/0x0007000000023450-166.dat	upx
behavioral2/files/0x000700000002344f-163.dat	upx
behavioral2/files/0x0007000000023443-160.dat	upx
behavioral2/memory/4844-154-0x00007FF738AE0000-0x00007FF738E34000-memory.dmp	upx
behavioral2/files/0x0007000000023447-146.dat	upx
behavioral2/files/0x000700000002344c-137.dat	upx
behavioral2/files/0x000700000002344b-136.dat	upx
behavioral2/files/0x000700000002344a-134.dat	upx
behavioral2/files/0x0007000000023449-131.dat	upx
behavioral2/files/0x000a000000023426-129.dat	upx
behavioral2/memory/3656-120-0x00007FF726020000-0x00007FF726374000-memory.dmp	upx
behavioral2/files/0x0007000000023445-115.dat	upx
behavioral2/files/0x000700000002343f-110.dat	upx
behavioral2/files/0x0007000000023442-109.dat	upx
behavioral2/memory/1424-106-0x00007FF6A86F0000-0x00007FF6A8A44000-memory.dmp	upx
behavioral2/files/0x000700000002343e-102.dat	upx
behavioral2/files/0x000700000002343d-95.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nYnUdxF.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\dPRYChk.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\XwDWXxz.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\fHjTBHX.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\MvkdHfP.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\itoZXPg.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\AwOTOty.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\mnVFQzn.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\TmQftnL.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\dXslhEv.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\LUBqOYf.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\FKiephK.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\lmtCvAR.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\SNiopLM.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\CzNBgON.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\MvufkXe.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\rNXFNuj.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\iPnLsCy.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\rRKKNOa.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\UrnYfZr.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\cfYhLsA.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\wzhggdY.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\ZAbsZzI.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\AOiHYyy.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\AFUOAPI.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\yeBdIcS.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\YtvBTXr.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\zelPQwA.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\hbkBFnc.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\gsyVyPY.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\aEuipBN.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\KnmYlOz.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\TWhNcet.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\kJVgzsC.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\IFKyNvm.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\dCmxSlX.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\saKZsYV.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\nYvcryg.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\RhkBsBj.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\TxCbDfm.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\HpUxufD.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\upNimDR.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\vMhMrtl.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\XjKdABW.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\zKfSwCO.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\SXkCmFn.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\YFdyRDi.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\lvTIPSF.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\CxNzQLc.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\bFyJBrK.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\vSfzUNi.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\zZLdtfB.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\IPIGLiH.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\ueykBHh.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\KnsYOdI.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\NwOFiCA.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\SowMYqx.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\VPYFaEv.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\CWYlIGe.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\LOuZlbh.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\HotWKWI.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\XbZTxot.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\rMmQcOF.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
File created	C:\Windows\System\wNRoBTB.exe	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13976	dwm.exe
Token: SeChangeNotifyPrivilege	13976	dwm.exe
Token: 33	13976	dwm.exe
Token: SeIncBasePriorityPrivilege	13976	dwm.exe
Token: SeShutdownPrivilege	13976	dwm.exe
Token: SeCreatePagefilePrivilege	13976	dwm.exe
Token: SeShutdownPrivilege	13976	dwm.exe
Token: SeCreatePagefilePrivilege	13976	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 64	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	83
PID 4264 wrote to memory of 64	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	83
PID 4264 wrote to memory of 1376	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	84
PID 4264 wrote to memory of 1376	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	84
PID 4264 wrote to memory of 540	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	85
PID 4264 wrote to memory of 540	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	85
PID 4264 wrote to memory of 2708	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	86
PID 4264 wrote to memory of 2708	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	86
PID 4264 wrote to memory of 880	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	87
PID 4264 wrote to memory of 880	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	87
PID 4264 wrote to memory of 4232	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	88
PID 4264 wrote to memory of 4232	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	88
PID 4264 wrote to memory of 3736	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	89
PID 4264 wrote to memory of 3736	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	89
PID 4264 wrote to memory of 1424	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	90
PID 4264 wrote to memory of 1424	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	90
PID 4264 wrote to memory of 3656	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	91
PID 4264 wrote to memory of 3656	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	91
PID 4264 wrote to memory of 1668	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	92
PID 4264 wrote to memory of 1668	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	92
PID 4264 wrote to memory of 2512	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	93
PID 4264 wrote to memory of 2512	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	93
PID 4264 wrote to memory of 4844	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	94
PID 4264 wrote to memory of 4844	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	94
PID 4264 wrote to memory of 4748	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	95
PID 4264 wrote to memory of 4748	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	95
PID 4264 wrote to memory of 2560	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	96
PID 4264 wrote to memory of 2560	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	96
PID 4264 wrote to memory of 4940	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	97
PID 4264 wrote to memory of 4940	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	97
PID 4264 wrote to memory of 4548	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	98
PID 4264 wrote to memory of 4548	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	98
PID 4264 wrote to memory of 4360	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	99
PID 4264 wrote to memory of 4360	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	99
PID 4264 wrote to memory of 4016	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	100
PID 4264 wrote to memory of 4016	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	100
PID 4264 wrote to memory of 4884	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	101
PID 4264 wrote to memory of 4884	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	101
PID 4264 wrote to memory of 3624	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	102
PID 4264 wrote to memory of 3624	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	102
PID 4264 wrote to memory of 4796	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	103
PID 4264 wrote to memory of 4796	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	103
PID 4264 wrote to memory of 1552	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	104
PID 4264 wrote to memory of 1552	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	104
PID 4264 wrote to memory of 1972	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	105
PID 4264 wrote to memory of 1972	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	105
PID 4264 wrote to memory of 1240	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	106
PID 4264 wrote to memory of 1240	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	106
PID 4264 wrote to memory of 4208	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	107
PID 4264 wrote to memory of 4208	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	107
PID 4264 wrote to memory of 2308	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	108
PID 4264 wrote to memory of 2308	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	108
PID 4264 wrote to memory of 5104	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	109
PID 4264 wrote to memory of 5104	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	109
PID 4264 wrote to memory of 2248	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	110
PID 4264 wrote to memory of 2248	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	110
PID 4264 wrote to memory of 2008	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	111
PID 4264 wrote to memory of 2008	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	111
PID 4264 wrote to memory of 4168	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	112
PID 4264 wrote to memory of 4168	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	112
PID 4264 wrote to memory of 804	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	113
PID 4264 wrote to memory of 804	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	113
PID 4264 wrote to memory of 4620	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	114
PID 4264 wrote to memory of 4620	4264	9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9cf03c42171d15220d5553e1460a0280_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Windows\System\njVnCdk.exe
  C:\Windows\System\njVnCdk.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\HYoOPHQ.exe
  C:\Windows\System\HYoOPHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\GjOAPLk.exe
  C:\Windows\System\GjOAPLk.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\FdCcswQ.exe
  C:\Windows\System\FdCcswQ.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\vOAIpbm.exe
  C:\Windows\System\vOAIpbm.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\KoPiLYw.exe
  C:\Windows\System\KoPiLYw.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\gelYitg.exe
  C:\Windows\System\gelYitg.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\apODHFQ.exe
  C:\Windows\System\apODHFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\TTpqsQu.exe
  C:\Windows\System\TTpqsQu.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\QXlRoqK.exe
  C:\Windows\System\QXlRoqK.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\UIxJvWR.exe
  C:\Windows\System\UIxJvWR.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\kKClHoT.exe
  C:\Windows\System\kKClHoT.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\TNQeYEE.exe
  C:\Windows\System\TNQeYEE.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\IEzPdIT.exe
  C:\Windows\System\IEzPdIT.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\MneKCYa.exe
  C:\Windows\System\MneKCYa.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\CIBcvQM.exe
  C:\Windows\System\CIBcvQM.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\vOTkTkD.exe
  C:\Windows\System\vOTkTkD.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\efjcQfY.exe
  C:\Windows\System\efjcQfY.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\OIoddph.exe
  C:\Windows\System\OIoddph.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\PJqRkNJ.exe
  C:\Windows\System\PJqRkNJ.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\xKNRZHP.exe
  C:\Windows\System\xKNRZHP.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\ZDaCgua.exe
  C:\Windows\System\ZDaCgua.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\bZPflGH.exe
  C:\Windows\System\bZPflGH.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\MRbpyLS.exe
  C:\Windows\System\MRbpyLS.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\iVzWfqh.exe
  C:\Windows\System\iVzWfqh.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\SOUtYsf.exe
  C:\Windows\System\SOUtYsf.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\HQQyicW.exe
  C:\Windows\System\HQQyicW.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\kOajSRy.exe
  C:\Windows\System\kOajSRy.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\zelPQwA.exe
  C:\Windows\System\zelPQwA.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\rkxQFgb.exe
  C:\Windows\System\rkxQFgb.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\nHsxGfO.exe
  C:\Windows\System\nHsxGfO.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\XwDWXxz.exe
  C:\Windows\System\XwDWXxz.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\pXxPFcM.exe
  C:\Windows\System\pXxPFcM.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\cTcOfYe.exe
  C:\Windows\System\cTcOfYe.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\vHrrbnD.exe
  C:\Windows\System\vHrrbnD.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\SNiopLM.exe
  C:\Windows\System\SNiopLM.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\bjAHEOy.exe
  C:\Windows\System\bjAHEOy.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\MixpTkp.exe
  C:\Windows\System\MixpTkp.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\XrIZPOs.exe
  C:\Windows\System\XrIZPOs.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\XtRBmWO.exe
  C:\Windows\System\XtRBmWO.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\lOKUOcH.exe
  C:\Windows\System\lOKUOcH.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\xLqRYYz.exe
  C:\Windows\System\xLqRYYz.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\zzXWFGz.exe
  C:\Windows\System\zzXWFGz.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\fHjTBHX.exe
  C:\Windows\System\fHjTBHX.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\FFluOGk.exe
  C:\Windows\System\FFluOGk.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\oIAPGcX.exe
  C:\Windows\System\oIAPGcX.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\GpEzFUt.exe
  C:\Windows\System\GpEzFUt.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\pVuVdHq.exe
  C:\Windows\System\pVuVdHq.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\ymSbsby.exe
  C:\Windows\System\ymSbsby.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\aylONSe.exe
  C:\Windows\System\aylONSe.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\DxKwrws.exe
  C:\Windows\System\DxKwrws.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\VoKdQGV.exe
  C:\Windows\System\VoKdQGV.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\BUKSHXg.exe
  C:\Windows\System\BUKSHXg.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\rYjRraX.exe
  C:\Windows\System\rYjRraX.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\VunkrIB.exe
  C:\Windows\System\VunkrIB.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\rhZZamo.exe
  C:\Windows\System\rhZZamo.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\GhjBcdm.exe
  C:\Windows\System\GhjBcdm.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\OYUHmaV.exe
  C:\Windows\System\OYUHmaV.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\hCyoCsA.exe
  C:\Windows\System\hCyoCsA.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\TxCbDfm.exe
  C:\Windows\System\TxCbDfm.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\TeFlYHf.exe
  C:\Windows\System\TeFlYHf.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\dAPEXxZ.exe
  C:\Windows\System\dAPEXxZ.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\GYllbgY.exe
  C:\Windows\System\GYllbgY.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\mZBwgNR.exe
  C:\Windows\System\mZBwgNR.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\YfMXhpI.exe
  C:\Windows\System\YfMXhpI.exe
  2⤵
  PID:1308
- C:\Windows\System\EoGAxZh.exe
  C:\Windows\System\EoGAxZh.exe
  2⤵
  PID:1704
- C:\Windows\System\XAMIqYW.exe
  C:\Windows\System\XAMIqYW.exe
  2⤵
  PID:1520
- C:\Windows\System\UvhXUwf.exe
  C:\Windows\System\UvhXUwf.exe
  2⤵
  PID:1544
- C:\Windows\System\cWjQSkx.exe
  C:\Windows\System\cWjQSkx.exe
  2⤵
  PID:1068
- C:\Windows\System\fAmctha.exe
  C:\Windows\System\fAmctha.exe
  2⤵
  PID:2380
- C:\Windows\System\DfhZxEW.exe
  C:\Windows\System\DfhZxEW.exe
  2⤵
  PID:400
- C:\Windows\System\UsWbliO.exe
  C:\Windows\System\UsWbliO.exe
  2⤵
  PID:2640
- C:\Windows\System\KtTyAeZ.exe
  C:\Windows\System\KtTyAeZ.exe
  2⤵
  PID:4900
- C:\Windows\System\tyyhEsW.exe
  C:\Windows\System\tyyhEsW.exe
  2⤵
  PID:4392
- C:\Windows\System\XSLHhWT.exe
  C:\Windows\System\XSLHhWT.exe
  2⤵
  PID:1476
- C:\Windows\System\fyxAljn.exe
  C:\Windows\System\fyxAljn.exe
  2⤵
  PID:2768
- C:\Windows\System\RvmYcAX.exe
  C:\Windows\System\RvmYcAX.exe
  2⤵
  PID:464
- C:\Windows\System\jEoYaLr.exe
  C:\Windows\System\jEoYaLr.exe
  2⤵
  PID:4468
- C:\Windows\System\fAWhwMy.exe
  C:\Windows\System\fAWhwMy.exe
  2⤵
  PID:4228
- C:\Windows\System\zIoFPrx.exe
  C:\Windows\System\zIoFPrx.exe
  2⤵
  PID:4928
- C:\Windows\System\IuBAZyn.exe
  C:\Windows\System\IuBAZyn.exe
  2⤵
  PID:4436
- C:\Windows\System\TppIKqp.exe
  C:\Windows\System\TppIKqp.exe
  2⤵
  PID:4352
- C:\Windows\System\ExAWdxx.exe
  C:\Windows\System\ExAWdxx.exe
  2⤵
  PID:4328
- C:\Windows\System\nFzGFaD.exe
  C:\Windows\System\nFzGFaD.exe
  2⤵
  PID:2336
- C:\Windows\System\pIrXNQu.exe
  C:\Windows\System\pIrXNQu.exe
  2⤵
  PID:4788
- C:\Windows\System\pbtJpZd.exe
  C:\Windows\System\pbtJpZd.exe
  2⤵
  PID:4644
- C:\Windows\System\eDbRdQD.exe
  C:\Windows\System\eDbRdQD.exe
  2⤵
  PID:640
- C:\Windows\System\wbnssFN.exe
  C:\Windows\System\wbnssFN.exe
  2⤵
  PID:3180
- C:\Windows\System\mcubHsm.exe
  C:\Windows\System\mcubHsm.exe
  2⤵
  PID:4800
- C:\Windows\System\UgbtycJ.exe
  C:\Windows\System\UgbtycJ.exe
  2⤵
  PID:4508
- C:\Windows\System\zvMopOm.exe
  C:\Windows\System\zvMopOm.exe
  2⤵
  PID:1868
- C:\Windows\System\iTSPXwT.exe
  C:\Windows\System\iTSPXwT.exe
  2⤵
  PID:3336
- C:\Windows\System\IKTvIRo.exe
  C:\Windows\System\IKTvIRo.exe
  2⤵
  PID:3076
- C:\Windows\System\dqDmnbp.exe
  C:\Windows\System\dqDmnbp.exe
  2⤵
  PID:2548
- C:\Windows\System\mggQWVy.exe
  C:\Windows\System\mggQWVy.exe
  2⤵
  PID:2088
- C:\Windows\System\OJVkioD.exe
  C:\Windows\System\OJVkioD.exe
  2⤵
  PID:392
- C:\Windows\System\ilBSUDj.exe
  C:\Windows\System\ilBSUDj.exe
  2⤵
  PID:1752
- C:\Windows\System\eqAfOKv.exe
  C:\Windows\System\eqAfOKv.exe
  2⤵
  PID:4908
- C:\Windows\System\tSoWDMU.exe
  C:\Windows\System\tSoWDMU.exe
  2⤵
  PID:3232
- C:\Windows\System\IFKyNvm.exe
  C:\Windows\System\IFKyNvm.exe
  2⤵
  PID:2144
- C:\Windows\System\nYAFduf.exe
  C:\Windows\System\nYAFduf.exe
  2⤵
  PID:728
- C:\Windows\System\AoWqRwj.exe
  C:\Windows\System\AoWqRwj.exe
  2⤵
  PID:5036
- C:\Windows\System\EMzbBin.exe
  C:\Windows\System\EMzbBin.exe
  2⤵
  PID:3636
- C:\Windows\System\FPgNFkA.exe
  C:\Windows\System\FPgNFkA.exe
  2⤵
  PID:3204
- C:\Windows\System\WUfkUXz.exe
  C:\Windows\System\WUfkUXz.exe
  2⤵
  PID:5132
- C:\Windows\System\VvPHQcZ.exe
  C:\Windows\System\VvPHQcZ.exe
  2⤵
  PID:5148
- C:\Windows\System\pbiizZO.exe
  C:\Windows\System\pbiizZO.exe
  2⤵
  PID:5164
- C:\Windows\System\jntOFMQ.exe
  C:\Windows\System\jntOFMQ.exe
  2⤵
  PID:5184
- C:\Windows\System\AOiHYyy.exe
  C:\Windows\System\AOiHYyy.exe
  2⤵
  PID:5204
- C:\Windows\System\gksxqEM.exe
  C:\Windows\System\gksxqEM.exe
  2⤵
  PID:5220
- C:\Windows\System\pfyBzHb.exe
  C:\Windows\System\pfyBzHb.exe
  2⤵
  PID:5240
- C:\Windows\System\NmtfMUI.exe
  C:\Windows\System\NmtfMUI.exe
  2⤵
  PID:5256
- C:\Windows\System\FoSiSsy.exe
  C:\Windows\System\FoSiSsy.exe
  2⤵
  PID:5284
- C:\Windows\System\zzrhAEj.exe
  C:\Windows\System\zzrhAEj.exe
  2⤵
  PID:5332
- C:\Windows\System\OZwUNQU.exe
  C:\Windows\System\OZwUNQU.exe
  2⤵
  PID:5364
- C:\Windows\System\ADoFJCK.exe
  C:\Windows\System\ADoFJCK.exe
  2⤵
  PID:5388
- C:\Windows\System\vutOKqt.exe
  C:\Windows\System\vutOKqt.exe
  2⤵
  PID:5424
- C:\Windows\System\euMecoo.exe
  C:\Windows\System\euMecoo.exe
  2⤵
  PID:5448
- C:\Windows\System\uYEvJzG.exe
  C:\Windows\System\uYEvJzG.exe
  2⤵
  PID:5476
- C:\Windows\System\UaMIxMy.exe
  C:\Windows\System\UaMIxMy.exe
  2⤵
  PID:5508
- C:\Windows\System\SoKjGkE.exe
  C:\Windows\System\SoKjGkE.exe
  2⤵
  PID:5532
- C:\Windows\System\mwXkPoE.exe
  C:\Windows\System\mwXkPoE.exe
  2⤵
  PID:5568
- C:\Windows\System\PuuDNZl.exe
  C:\Windows\System\PuuDNZl.exe
  2⤵
  PID:5604
- C:\Windows\System\jlRYPbU.exe
  C:\Windows\System\jlRYPbU.exe
  2⤵
  PID:5636
- C:\Windows\System\lFHWZoT.exe
  C:\Windows\System\lFHWZoT.exe
  2⤵
  PID:5668
- C:\Windows\System\BxxjThQ.exe
  C:\Windows\System\BxxjThQ.exe
  2⤵
  PID:5700
- C:\Windows\System\oDbvYxD.exe
  C:\Windows\System\oDbvYxD.exe
  2⤵
  PID:5728
- C:\Windows\System\DzEcCeo.exe
  C:\Windows\System\DzEcCeo.exe
  2⤵
  PID:5748
- C:\Windows\System\hnqARaa.exe
  C:\Windows\System\hnqARaa.exe
  2⤵
  PID:5772
- C:\Windows\System\OiOYmPd.exe
  C:\Windows\System\OiOYmPd.exe
  2⤵
  PID:5804
- C:\Windows\System\RirDPMW.exe
  C:\Windows\System\RirDPMW.exe
  2⤵
  PID:5824
- C:\Windows\System\KmvIwXo.exe
  C:\Windows\System\KmvIwXo.exe
  2⤵
  PID:5860
- C:\Windows\System\iATQxOM.exe
  C:\Windows\System\iATQxOM.exe
  2⤵
  PID:5896
- C:\Windows\System\HDpIIYu.exe
  C:\Windows\System\HDpIIYu.exe
  2⤵
  PID:5920
- C:\Windows\System\iwcTBtK.exe
  C:\Windows\System\iwcTBtK.exe
  2⤵
  PID:5952
- C:\Windows\System\mprGifb.exe
  C:\Windows\System\mprGifb.exe
  2⤵
  PID:5968
- C:\Windows\System\tmEPMzq.exe
  C:\Windows\System\tmEPMzq.exe
  2⤵
  PID:5996
- C:\Windows\System\DbREoeN.exe
  C:\Windows\System\DbREoeN.exe
  2⤵
  PID:6032
- C:\Windows\System\rzXtbOh.exe
  C:\Windows\System\rzXtbOh.exe
  2⤵
  PID:6060
- C:\Windows\System\EKonblg.exe
  C:\Windows\System\EKonblg.exe
  2⤵
  PID:6092
- C:\Windows\System\USahvsx.exe
  C:\Windows\System\USahvsx.exe
  2⤵
  PID:6116
- C:\Windows\System\scIOIEd.exe
  C:\Windows\System\scIOIEd.exe
  2⤵
  PID:4888
- C:\Windows\System\ugWRKtj.exe
  C:\Windows\System\ugWRKtj.exe
  2⤵
  PID:5180
- C:\Windows\System\RyjYumt.exe
  C:\Windows\System\RyjYumt.exe
  2⤵
  PID:5124
- C:\Windows\System\CWYlIGe.exe
  C:\Windows\System\CWYlIGe.exe
  2⤵
  PID:5280
- C:\Windows\System\YtlPOdK.exe
  C:\Windows\System\YtlPOdK.exe
  2⤵
  PID:5272
- C:\Windows\System\UoGGMZd.exe
  C:\Windows\System\UoGGMZd.exe
  2⤵
  PID:5384
- C:\Windows\System\pNLxGKi.exe
  C:\Windows\System\pNLxGKi.exe
  2⤵
  PID:5344
- C:\Windows\System\lvTIPSF.exe
  C:\Windows\System\lvTIPSF.exe
  2⤵
  PID:5516
- C:\Windows\System\jSsNrHZ.exe
  C:\Windows\System\jSsNrHZ.exe
  2⤵
  PID:5540
- C:\Windows\System\UhUFZNx.exe
  C:\Windows\System\UhUFZNx.exe
  2⤵
  PID:5584
- C:\Windows\System\mnVFQzn.exe
  C:\Windows\System\mnVFQzn.exe
  2⤵
  PID:5720
- C:\Windows\System\cfYhLsA.exe
  C:\Windows\System\cfYhLsA.exe
  2⤵
  PID:5768
- C:\Windows\System\ywbMxES.exe
  C:\Windows\System\ywbMxES.exe
  2⤵
  PID:5888
- C:\Windows\System\jvJmjVq.exe
  C:\Windows\System\jvJmjVq.exe
  2⤵
  PID:5948
- C:\Windows\System\fklJigm.exe
  C:\Windows\System\fklJigm.exe
  2⤵
  PID:5876
- C:\Windows\System\KIsIamP.exe
  C:\Windows\System\KIsIamP.exe
  2⤵
  PID:6088
- C:\Windows\System\JTgepkh.exe
  C:\Windows\System\JTgepkh.exe
  2⤵
  PID:6140
- C:\Windows\System\vRgJUun.exe
  C:\Windows\System\vRgJUun.exe
  2⤵
  PID:1852
- C:\Windows\System\adcVTEH.exe
  C:\Windows\System\adcVTEH.exe
  2⤵
  PID:6108
- C:\Windows\System\trWlQLo.exe
  C:\Windows\System\trWlQLo.exe
  2⤵
  PID:5268
- C:\Windows\System\cjPPAIL.exe
  C:\Windows\System\cjPPAIL.exe
  2⤵
  PID:5320
- C:\Windows\System\fgCNGcd.exe
  C:\Windows\System\fgCNGcd.exe
  2⤵
  PID:5736
- C:\Windows\System\VhmFtpe.exe
  C:\Windows\System\VhmFtpe.exe
  2⤵
  PID:5820
- C:\Windows\System\zjpTQVQ.exe
  C:\Windows\System\zjpTQVQ.exe
  2⤵
  PID:6100
- C:\Windows\System\QJGAQey.exe
  C:\Windows\System\QJGAQey.exe
  2⤵
  PID:5984
- C:\Windows\System\wtPRrgM.exe
  C:\Windows\System\wtPRrgM.exe
  2⤵
  PID:3528
- C:\Windows\System\fLcrLFZ.exe
  C:\Windows\System\fLcrLFZ.exe
  2⤵
  PID:5156
- C:\Windows\System\upIOuhp.exe
  C:\Windows\System\upIOuhp.exe
  2⤵
  PID:5660
- C:\Windows\System\BxTwfYi.exe
  C:\Windows\System\BxTwfYi.exe
  2⤵
  PID:5248
- C:\Windows\System\DFyFETa.exe
  C:\Windows\System\DFyFETa.exe
  2⤵
  PID:6168
- C:\Windows\System\pKUfdmS.exe
  C:\Windows\System\pKUfdmS.exe
  2⤵
  PID:6196
- C:\Windows\System\fExMEWV.exe
  C:\Windows\System\fExMEWV.exe
  2⤵
  PID:6228
- C:\Windows\System\uIVESur.exe
  C:\Windows\System\uIVESur.exe
  2⤵
  PID:6244
- C:\Windows\System\TmQftnL.exe
  C:\Windows\System\TmQftnL.exe
  2⤵
  PID:6276
- C:\Windows\System\BlywLZi.exe
  C:\Windows\System\BlywLZi.exe
  2⤵
  PID:6308
- C:\Windows\System\XqmtNPX.exe
  C:\Windows\System\XqmtNPX.exe
  2⤵
  PID:6340
- C:\Windows\System\IbWcRPs.exe
  C:\Windows\System\IbWcRPs.exe
  2⤵
  PID:6364
- C:\Windows\System\RHFbhnj.exe
  C:\Windows\System\RHFbhnj.exe
  2⤵
  PID:6380
- C:\Windows\System\OVDmTdI.exe
  C:\Windows\System\OVDmTdI.exe
  2⤵
  PID:6404
- C:\Windows\System\CzNBgON.exe
  C:\Windows\System\CzNBgON.exe
  2⤵
  PID:6432
- C:\Windows\System\UssJLxU.exe
  C:\Windows\System\UssJLxU.exe
  2⤵
  PID:6460
- C:\Windows\System\leovgBs.exe
  C:\Windows\System\leovgBs.exe
  2⤵
  PID:6488
- C:\Windows\System\ddthKjQ.exe
  C:\Windows\System\ddthKjQ.exe
  2⤵
  PID:6520
- C:\Windows\System\VjIGlhH.exe
  C:\Windows\System\VjIGlhH.exe
  2⤵
  PID:6544
- C:\Windows\System\HpUxufD.exe
  C:\Windows\System\HpUxufD.exe
  2⤵
  PID:6576
- C:\Windows\System\FXsnmRT.exe
  C:\Windows\System\FXsnmRT.exe
  2⤵
  PID:6592
- C:\Windows\System\lCRWvls.exe
  C:\Windows\System\lCRWvls.exe
  2⤵
  PID:6620
- C:\Windows\System\cCahdNy.exe
  C:\Windows\System\cCahdNy.exe
  2⤵
  PID:6644
- C:\Windows\System\TnyLkTc.exe
  C:\Windows\System\TnyLkTc.exe
  2⤵
  PID:6672
- C:\Windows\System\UCViKYr.exe
  C:\Windows\System\UCViKYr.exe
  2⤵
  PID:6700
- C:\Windows\System\SjkjDcR.exe
  C:\Windows\System\SjkjDcR.exe
  2⤵
  PID:6724
- C:\Windows\System\bTgKBeJ.exe
  C:\Windows\System\bTgKBeJ.exe
  2⤵
  PID:6764
- C:\Windows\System\ManjJZN.exe
  C:\Windows\System\ManjJZN.exe
  2⤵
  PID:6788
- C:\Windows\System\wTsdblT.exe
  C:\Windows\System\wTsdblT.exe
  2⤵
  PID:6816
- C:\Windows\System\WEtNhMj.exe
  C:\Windows\System\WEtNhMj.exe
  2⤵
  PID:6844
- C:\Windows\System\polqwfC.exe
  C:\Windows\System\polqwfC.exe
  2⤵
  PID:6864
- C:\Windows\System\mfzcTNk.exe
  C:\Windows\System\mfzcTNk.exe
  2⤵
  PID:6888
- C:\Windows\System\btLaCkU.exe
  C:\Windows\System\btLaCkU.exe
  2⤵
  PID:6920
- C:\Windows\System\wNicBVo.exe
  C:\Windows\System\wNicBVo.exe
  2⤵
  PID:6952
- C:\Windows\System\JktJceY.exe
  C:\Windows\System\JktJceY.exe
  2⤵
  PID:6976
- C:\Windows\System\mKdDxQs.exe
  C:\Windows\System\mKdDxQs.exe
  2⤵
  PID:7008
- C:\Windows\System\UTIuDnq.exe
  C:\Windows\System\UTIuDnq.exe
  2⤵
  PID:7048
- C:\Windows\System\YFOQZwv.exe
  C:\Windows\System\YFOQZwv.exe
  2⤵
  PID:7072
- C:\Windows\System\QQnhoIg.exe
  C:\Windows\System\QQnhoIg.exe
  2⤵
  PID:7108
- C:\Windows\System\rlMmzvJ.exe
  C:\Windows\System\rlMmzvJ.exe
  2⤵
  PID:7140
- C:\Windows\System\XhGGdVh.exe
  C:\Windows\System\XhGGdVh.exe
  2⤵
  PID:5404
- C:\Windows\System\YOxbHpE.exe
  C:\Windows\System\YOxbHpE.exe
  2⤵
  PID:5664
- C:\Windows\System\wGuHPUx.exe
  C:\Windows\System\wGuHPUx.exe
  2⤵
  PID:6224
- C:\Windows\System\lAnZhYz.exe
  C:\Windows\System\lAnZhYz.exe
  2⤵
  PID:6348
- C:\Windows\System\rtxpqMk.exe
  C:\Windows\System\rtxpqMk.exe
  2⤵
  PID:6372
- C:\Windows\System\WynBMLD.exe
  C:\Windows\System\WynBMLD.exe
  2⤵
  PID:6444
- C:\Windows\System\OBwhsDj.exe
  C:\Windows\System\OBwhsDj.exe
  2⤵
  PID:6532
- C:\Windows\System\taWyaaL.exe
  C:\Windows\System\taWyaaL.exe
  2⤵
  PID:6604
- C:\Windows\System\pPkJxTA.exe
  C:\Windows\System\pPkJxTA.exe
  2⤵
  PID:6688
- C:\Windows\System\jpIyLCF.exe
  C:\Windows\System\jpIyLCF.exe
  2⤵
  PID:6748
- C:\Windows\System\ISiwMTw.exe
  C:\Windows\System\ISiwMTw.exe
  2⤵
  PID:6660
- C:\Windows\System\dLwDggX.exe
  C:\Windows\System\dLwDggX.exe
  2⤵
  PID:6720
- C:\Windows\System\HWfKkPh.exe
  C:\Windows\System\HWfKkPh.exe
  2⤵
  PID:6948
- C:\Windows\System\CkcjUPS.exe
  C:\Windows\System\CkcjUPS.exe
  2⤵
  PID:6836
- C:\Windows\System\xQVDnvW.exe
  C:\Windows\System\xQVDnvW.exe
  2⤵
  PID:6904
- C:\Windows\System\NpJngGy.exe
  C:\Windows\System\NpJngGy.exe
  2⤵
  PID:7068
- C:\Windows\System\XGkiqka.exe
  C:\Windows\System\XGkiqka.exe
  2⤵
  PID:7032
- C:\Windows\System\TqGmovP.exe
  C:\Windows\System\TqGmovP.exe
  2⤵
  PID:5904
- C:\Windows\System\rRKKNOa.exe
  C:\Windows\System\rRKKNOa.exe
  2⤵
  PID:6356
- C:\Windows\System\zKfSwCO.exe
  C:\Windows\System\zKfSwCO.exe
  2⤵
  PID:6468
- C:\Windows\System\yvZrDVZ.exe
  C:\Windows\System\yvZrDVZ.exe
  2⤵
  PID:6636
- C:\Windows\System\dCmxSlX.exe
  C:\Windows\System\dCmxSlX.exe
  2⤵
  PID:6896
- C:\Windows\System\cFQPCQE.exe
  C:\Windows\System\cFQPCQE.exe
  2⤵
  PID:7044
- C:\Windows\System\ZXugIiS.exe
  C:\Windows\System\ZXugIiS.exe
  2⤵
  PID:6156
- C:\Windows\System\zeBdKcn.exe
  C:\Windows\System\zeBdKcn.exe
  2⤵
  PID:7156
- C:\Windows\System\SCSxgPO.exe
  C:\Windows\System\SCSxgPO.exe
  2⤵
  PID:6400
- C:\Windows\System\ofhMBZg.exe
  C:\Windows\System\ofhMBZg.exe
  2⤵
  PID:7192
- C:\Windows\System\eREAYMv.exe
  C:\Windows\System\eREAYMv.exe
  2⤵
  PID:7216
- C:\Windows\System\mpcLnmd.exe
  C:\Windows\System\mpcLnmd.exe
  2⤵
  PID:7252
- C:\Windows\System\fyakeSq.exe
  C:\Windows\System\fyakeSq.exe
  2⤵
  PID:7276
- C:\Windows\System\DBpgbCO.exe
  C:\Windows\System\DBpgbCO.exe
  2⤵
  PID:7300
- C:\Windows\System\Xpggjvk.exe
  C:\Windows\System\Xpggjvk.exe
  2⤵
  PID:7320
- C:\Windows\System\jxRfUGl.exe
  C:\Windows\System\jxRfUGl.exe
  2⤵
  PID:7344
- C:\Windows\System\OKhRHWg.exe
  C:\Windows\System\OKhRHWg.exe
  2⤵
  PID:7368
- C:\Windows\System\cMKSpgd.exe
  C:\Windows\System\cMKSpgd.exe
  2⤵
  PID:7400
- C:\Windows\System\KlSCNyk.exe
  C:\Windows\System\KlSCNyk.exe
  2⤵
  PID:7424
- C:\Windows\System\pfDiYvO.exe
  C:\Windows\System\pfDiYvO.exe
  2⤵
  PID:7448
- C:\Windows\System\eAIlZxU.exe
  C:\Windows\System\eAIlZxU.exe
  2⤵
  PID:7476
- C:\Windows\System\VKYPoNF.exe
  C:\Windows\System\VKYPoNF.exe
  2⤵
  PID:7520
- C:\Windows\System\NlkwFch.exe
  C:\Windows\System\NlkwFch.exe
  2⤵
  PID:7540
- C:\Windows\System\zsYkTIA.exe
  C:\Windows\System\zsYkTIA.exe
  2⤵
  PID:7568
- C:\Windows\System\ISvhvZa.exe
  C:\Windows\System\ISvhvZa.exe
  2⤵
  PID:7600
- C:\Windows\System\LqBdoVz.exe
  C:\Windows\System\LqBdoVz.exe
  2⤵
  PID:7632
- C:\Windows\System\QBblIlK.exe
  C:\Windows\System\QBblIlK.exe
  2⤵
  PID:7664
- C:\Windows\System\gLXhSiX.exe
  C:\Windows\System\gLXhSiX.exe
  2⤵
  PID:7692
- C:\Windows\System\afYsRpR.exe
  C:\Windows\System\afYsRpR.exe
  2⤵
  PID:7728
- C:\Windows\System\ThOMHbl.exe
  C:\Windows\System\ThOMHbl.exe
  2⤵
  PID:7748
- C:\Windows\System\bYOBNLW.exe
  C:\Windows\System\bYOBNLW.exe
  2⤵
  PID:7788
- C:\Windows\System\gRaOgyd.exe
  C:\Windows\System\gRaOgyd.exe
  2⤵
  PID:7820
- C:\Windows\System\NmqVCFr.exe
  C:\Windows\System\NmqVCFr.exe
  2⤵
  PID:7836
- C:\Windows\System\xfKpuwe.exe
  C:\Windows\System\xfKpuwe.exe
  2⤵
  PID:7864
- C:\Windows\System\LAqaDjo.exe
  C:\Windows\System\LAqaDjo.exe
  2⤵
  PID:7880
- C:\Windows\System\TNqmaGz.exe
  C:\Windows\System\TNqmaGz.exe
  2⤵
  PID:7900
- C:\Windows\System\JPeUSrT.exe
  C:\Windows\System\JPeUSrT.exe
  2⤵
  PID:7920
- C:\Windows\System\BqxEpdE.exe
  C:\Windows\System\BqxEpdE.exe
  2⤵
  PID:7952
- C:\Windows\System\TntyLlk.exe
  C:\Windows\System\TntyLlk.exe
  2⤵
  PID:7976
- C:\Windows\System\TWOnXdI.exe
  C:\Windows\System\TWOnXdI.exe
  2⤵
  PID:8012
- C:\Windows\System\cjbNHrt.exe
  C:\Windows\System\cjbNHrt.exe
  2⤵
  PID:8048
- C:\Windows\System\lSJslaQ.exe
  C:\Windows\System\lSJslaQ.exe
  2⤵
  PID:8080
- C:\Windows\System\yTbRiKq.exe
  C:\Windows\System\yTbRiKq.exe
  2⤵
  PID:8112
- C:\Windows\System\FErOtni.exe
  C:\Windows\System\FErOtni.exe
  2⤵
  PID:8136
- C:\Windows\System\CBIqlSA.exe
  C:\Windows\System\CBIqlSA.exe
  2⤵
  PID:8156
- C:\Windows\System\EoGNQAJ.exe
  C:\Windows\System\EoGNQAJ.exe
  2⤵
  PID:8180
- C:\Windows\System\KtIzide.exe
  C:\Windows\System\KtIzide.exe
  2⤵
  PID:6908
- C:\Windows\System\XmmlALe.exe
  C:\Windows\System\XmmlALe.exe
  2⤵
  PID:7148
- C:\Windows\System\zMkJvxo.exe
  C:\Windows\System\zMkJvxo.exe
  2⤵
  PID:7288
- C:\Windows\System\sbwfPoD.exe
  C:\Windows\System\sbwfPoD.exe
  2⤵
  PID:7308
- C:\Windows\System\AZjiTnv.exe
  C:\Windows\System\AZjiTnv.exe
  2⤵
  PID:7392
- C:\Windows\System\kNWjiEL.exe
  C:\Windows\System\kNWjiEL.exe
  2⤵
  PID:7464
- C:\Windows\System\GHqWLfC.exe
  C:\Windows\System\GHqWLfC.exe
  2⤵
  PID:7444
- C:\Windows\System\DtbwklB.exe
  C:\Windows\System\DtbwklB.exe
  2⤵
  PID:7576
- C:\Windows\System\MiogZkT.exe
  C:\Windows\System\MiogZkT.exe
  2⤵
  PID:7708
- C:\Windows\System\UtPjbMd.exe
  C:\Windows\System\UtPjbMd.exe
  2⤵
  PID:7784
- C:\Windows\System\WxyexMH.exe
  C:\Windows\System\WxyexMH.exe
  2⤵
  PID:7860
- C:\Windows\System\zZLdtfB.exe
  C:\Windows\System\zZLdtfB.exe
  2⤵
  PID:7760
- C:\Windows\System\pMMwddT.exe
  C:\Windows\System\pMMwddT.exe
  2⤵
  PID:7960
- C:\Windows\System\IPIGLiH.exe
  C:\Windows\System\IPIGLiH.exe
  2⤵
  PID:7964
- C:\Windows\System\RZHuktw.exe
  C:\Windows\System\RZHuktw.exe
  2⤵
  PID:8076
- C:\Windows\System\wadNPgt.exe
  C:\Windows\System\wadNPgt.exe
  2⤵
  PID:8064
- C:\Windows\System\DGWZLjl.exe
  C:\Windows\System\DGWZLjl.exe
  2⤵
  PID:8168
- C:\Windows\System\ybzVshf.exe
  C:\Windows\System\ybzVshf.exe
  2⤵
  PID:8172
- C:\Windows\System\QGIleua.exe
  C:\Windows\System\QGIleua.exe
  2⤵
  PID:7384
- C:\Windows\System\ckpMKjG.exe
  C:\Windows\System\ckpMKjG.exe
  2⤵
  PID:7472
- C:\Windows\System\ObNAEkh.exe
  C:\Windows\System\ObNAEkh.exe
  2⤵
  PID:7532
- C:\Windows\System\ylLEXqt.exe
  C:\Windows\System\ylLEXqt.exe
  2⤵
  PID:7564
- C:\Windows\System\nvCOInG.exe
  C:\Windows\System\nvCOInG.exe
  2⤵
  PID:7940
- C:\Windows\System\OooSGUU.exe
  C:\Windows\System\OooSGUU.exe
  2⤵
  PID:7968
- C:\Windows\System\ChyQgdU.exe
  C:\Windows\System\ChyQgdU.exe
  2⤵
  PID:7296
- C:\Windows\System\QowyRCf.exe
  C:\Windows\System\QowyRCf.exe
  2⤵
  PID:8176
- C:\Windows\System\GXmJjsi.exe
  C:\Windows\System\GXmJjsi.exe
  2⤵
  PID:8200
- C:\Windows\System\pFtgpfF.exe
  C:\Windows\System\pFtgpfF.exe
  2⤵
  PID:8224
- C:\Windows\System\UrnYfZr.exe
  C:\Windows\System\UrnYfZr.exe
  2⤵
  PID:8252
- C:\Windows\System\dXslhEv.exe
  C:\Windows\System\dXslhEv.exe
  2⤵
  PID:8284
- C:\Windows\System\qmnbYdQ.exe
  C:\Windows\System\qmnbYdQ.exe
  2⤵
  PID:8316
- C:\Windows\System\UInDseM.exe
  C:\Windows\System\UInDseM.exe
  2⤵
  PID:8336
- C:\Windows\System\nOoxxtO.exe
  C:\Windows\System\nOoxxtO.exe
  2⤵
  PID:8360
- C:\Windows\System\SUXIMYY.exe
  C:\Windows\System\SUXIMYY.exe
  2⤵
  PID:8396
- C:\Windows\System\TJJMnwF.exe
  C:\Windows\System\TJJMnwF.exe
  2⤵
  PID:8424
- C:\Windows\System\MKycREC.exe
  C:\Windows\System\MKycREC.exe
  2⤵
  PID:8460
- C:\Windows\System\hAgDgNQ.exe
  C:\Windows\System\hAgDgNQ.exe
  2⤵
  PID:8500
- C:\Windows\System\ueykBHh.exe
  C:\Windows\System\ueykBHh.exe
  2⤵
  PID:8536
- C:\Windows\System\RiiwYYK.exe
  C:\Windows\System\RiiwYYK.exe
  2⤵
  PID:8568
- C:\Windows\System\dvXUrNt.exe
  C:\Windows\System\dvXUrNt.exe
  2⤵
  PID:8604
- C:\Windows\System\MPgJBRb.exe
  C:\Windows\System\MPgJBRb.exe
  2⤵
  PID:8648
- C:\Windows\System\szDyGKC.exe
  C:\Windows\System\szDyGKC.exe
  2⤵
  PID:8668
- C:\Windows\System\WNvpBcD.exe
  C:\Windows\System\WNvpBcD.exe
  2⤵
  PID:8700
- C:\Windows\System\oVeyTax.exe
  C:\Windows\System\oVeyTax.exe
  2⤵
  PID:8716
- C:\Windows\System\afncEvo.exe
  C:\Windows\System\afncEvo.exe
  2⤵
  PID:8744
- C:\Windows\System\AFUOAPI.exe
  C:\Windows\System\AFUOAPI.exe
  2⤵
  PID:8772
- C:\Windows\System\SYmwCrA.exe
  C:\Windows\System\SYmwCrA.exe
  2⤵
  PID:8800
- C:\Windows\System\OTRyEAX.exe
  C:\Windows\System\OTRyEAX.exe
  2⤵
  PID:8828
- C:\Windows\System\DWDTTYm.exe
  C:\Windows\System\DWDTTYm.exe
  2⤵
  PID:8856
- C:\Windows\System\hobbXRl.exe
  C:\Windows\System\hobbXRl.exe
  2⤵
  PID:8884
- C:\Windows\System\AfRSEzI.exe
  C:\Windows\System\AfRSEzI.exe
  2⤵
  PID:8920
- C:\Windows\System\hLDWoMh.exe
  C:\Windows\System\hLDWoMh.exe
  2⤵
  PID:8948
- C:\Windows\System\vQjAHVP.exe
  C:\Windows\System\vQjAHVP.exe
  2⤵
  PID:8968
- C:\Windows\System\DiKLjbu.exe
  C:\Windows\System\DiKLjbu.exe
  2⤵
  PID:8992
- C:\Windows\System\PmkIssx.exe
  C:\Windows\System\PmkIssx.exe
  2⤵
  PID:9024
- C:\Windows\System\hLOZASm.exe
  C:\Windows\System\hLOZASm.exe
  2⤵
  PID:9056
- C:\Windows\System\rDqlkCh.exe
  C:\Windows\System\rDqlkCh.exe
  2⤵
  PID:9084
- C:\Windows\System\RTYwxsp.exe
  C:\Windows\System\RTYwxsp.exe
  2⤵
  PID:9104
- C:\Windows\System\saKZsYV.exe
  C:\Windows\System\saKZsYV.exe
  2⤵
  PID:9128
- C:\Windows\System\vwdUrlm.exe
  C:\Windows\System\vwdUrlm.exe
  2⤵
  PID:9160
- C:\Windows\System\emzmVtJ.exe
  C:\Windows\System\emzmVtJ.exe
  2⤵
  PID:9180
- C:\Windows\System\aDbZvsn.exe
  C:\Windows\System\aDbZvsn.exe
  2⤵
  PID:9204
- C:\Windows\System\LVxeJtW.exe
  C:\Windows\System\LVxeJtW.exe
  2⤵
  PID:7084
- C:\Windows\System\NWbjLYH.exe
  C:\Windows\System\NWbjLYH.exe
  2⤵
  PID:8220
- C:\Windows\System\fCjZKUx.exe
  C:\Windows\System\fCjZKUx.exe
  2⤵
  PID:7772
- C:\Windows\System\yrZUgTk.exe
  C:\Windows\System\yrZUgTk.exe
  2⤵
  PID:8408
- C:\Windows\System\LUBqOYf.exe
  C:\Windows\System\LUBqOYf.exe
  2⤵
  PID:8264
- C:\Windows\System\fbdDsLq.exe
  C:\Windows\System\fbdDsLq.exe
  2⤵
  PID:8480
- C:\Windows\System\PDgfDab.exe
  C:\Windows\System\PDgfDab.exe
  2⤵
  PID:8344
- C:\Windows\System\ZuEIBQt.exe
  C:\Windows\System\ZuEIBQt.exe
  2⤵
  PID:8452
- C:\Windows\System\QvuwOgP.exe
  C:\Windows\System\QvuwOgP.exe
  2⤵
  PID:8524
- C:\Windows\System\ersDOyy.exe
  C:\Windows\System\ersDOyy.exe
  2⤵
  PID:8580
- C:\Windows\System\LSVbFQd.exe
  C:\Windows\System\LSVbFQd.exe
  2⤵
  PID:8636
- C:\Windows\System\eEnqRCb.exe
  C:\Windows\System\eEnqRCb.exe
  2⤵
  PID:8760
- C:\Windows\System\hbkBFnc.exe
  C:\Windows\System\hbkBFnc.exe
  2⤵
  PID:8808
- C:\Windows\System\toQaPpc.exe
  C:\Windows\System\toQaPpc.exe
  2⤵
  PID:8848
- C:\Windows\System\xmptxxQ.exe
  C:\Windows\System\xmptxxQ.exe
  2⤵
  PID:8960
- C:\Windows\System\SaxhpgJ.exe
  C:\Windows\System\SaxhpgJ.exe
  2⤵
  PID:9048
- C:\Windows\System\RSJvYkU.exe
  C:\Windows\System\RSJvYkU.exe
  2⤵
  PID:8988
- C:\Windows\System\ofSieKT.exe
  C:\Windows\System\ofSieKT.exe
  2⤵
  PID:7688
- C:\Windows\System\rMmQcOF.exe
  C:\Windows\System\rMmQcOF.exe
  2⤵
  PID:9168
- C:\Windows\System\XIuJwbV.exe
  C:\Windows\System\XIuJwbV.exe
  2⤵
  PID:7248
- C:\Windows\System\SowMYqx.exe
  C:\Windows\System\SowMYqx.exe
  2⤵
  PID:8280
- C:\Windows\System\zWEnQKD.exe
  C:\Windows\System\zWEnQKD.exe
  2⤵
  PID:8620
- C:\Windows\System\irYBNCo.exe
  C:\Windows\System\irYBNCo.exe
  2⤵
  PID:8484
- C:\Windows\System\OZJIRTI.exe
  C:\Windows\System\OZJIRTI.exe
  2⤵
  PID:8896
- C:\Windows\System\wntMDDL.exe
  C:\Windows\System\wntMDDL.exe
  2⤵
  PID:9012
- C:\Windows\System\wimhBoH.exe
  C:\Windows\System\wimhBoH.exe
  2⤵
  PID:9124
- C:\Windows\System\JflWlRw.exe
  C:\Windows\System\JflWlRw.exe
  2⤵
  PID:9228
- C:\Windows\System\fZSExqp.exe
  C:\Windows\System\fZSExqp.exe
  2⤵
  PID:9256
- C:\Windows\System\KhjtlOO.exe
  C:\Windows\System\KhjtlOO.exe
  2⤵
  PID:9276
- C:\Windows\System\kwVVRDL.exe
  C:\Windows\System\kwVVRDL.exe
  2⤵
  PID:9308
- C:\Windows\System\mcXSeNb.exe
  C:\Windows\System\mcXSeNb.exe
  2⤵
  PID:9332
- C:\Windows\System\JMdaqjR.exe
  C:\Windows\System\JMdaqjR.exe
  2⤵
  PID:9352
- C:\Windows\System\diVXGmb.exe
  C:\Windows\System\diVXGmb.exe
  2⤵
  PID:9380
- C:\Windows\System\RFyVMPR.exe
  C:\Windows\System\RFyVMPR.exe
  2⤵
  PID:9404
- C:\Windows\System\RfboXSK.exe
  C:\Windows\System\RfboXSK.exe
  2⤵
  PID:9440
- C:\Windows\System\wwrmtLN.exe
  C:\Windows\System\wwrmtLN.exe
  2⤵
  PID:9464
- C:\Windows\System\FKiephK.exe
  C:\Windows\System\FKiephK.exe
  2⤵
  PID:9500
- C:\Windows\System\ipxICNo.exe
  C:\Windows\System\ipxICNo.exe
  2⤵
  PID:9524
- C:\Windows\System\QKwXOps.exe
  C:\Windows\System\QKwXOps.exe
  2⤵
  PID:9556
- C:\Windows\System\siLMRHs.exe
  C:\Windows\System\siLMRHs.exe
  2⤵
  PID:9580
- C:\Windows\System\bVeRcNN.exe
  C:\Windows\System\bVeRcNN.exe
  2⤵
  PID:9608
- C:\Windows\System\dKdtxlY.exe
  C:\Windows\System\dKdtxlY.exe
  2⤵
  PID:9636
- C:\Windows\System\SdPjFQY.exe
  C:\Windows\System\SdPjFQY.exe
  2⤵
  PID:9668
- C:\Windows\System\TJCaipl.exe
  C:\Windows\System\TJCaipl.exe
  2⤵
  PID:9692
- C:\Windows\System\GbRvrjQ.exe
  C:\Windows\System\GbRvrjQ.exe
  2⤵
  PID:9724
- C:\Windows\System\nYLUYpB.exe
  C:\Windows\System\nYLUYpB.exe
  2⤵
  PID:9752
- C:\Windows\System\FbhmHKS.exe
  C:\Windows\System\FbhmHKS.exe
  2⤵
  PID:9776
- C:\Windows\System\YBjuWjA.exe
  C:\Windows\System\YBjuWjA.exe
  2⤵
  PID:9804
- C:\Windows\System\QlUZFzl.exe
  C:\Windows\System\QlUZFzl.exe
  2⤵
  PID:9832
- C:\Windows\System\vywTQCx.exe
  C:\Windows\System\vywTQCx.exe
  2⤵
  PID:9856
- C:\Windows\System\AovLdtb.exe
  C:\Windows\System\AovLdtb.exe
  2⤵
  PID:9892
- C:\Windows\System\qnAZfHe.exe
  C:\Windows\System\qnAZfHe.exe
  2⤵
  PID:9920
- C:\Windows\System\NNynBkd.exe
  C:\Windows\System\NNynBkd.exe
  2⤵
  PID:9940
- C:\Windows\System\QUUjOyp.exe
  C:\Windows\System\QUUjOyp.exe
  2⤵
  PID:9972
- C:\Windows\System\DDNYaTm.exe
  C:\Windows\System\DDNYaTm.exe
  2⤵
  PID:10004
- C:\Windows\System\HpUyLou.exe
  C:\Windows\System\HpUyLou.exe
  2⤵
  PID:10028
- C:\Windows\System\XUllnMF.exe
  C:\Windows\System\XUllnMF.exe
  2⤵
  PID:10064
- C:\Windows\System\ZNlpLcz.exe
  C:\Windows\System\ZNlpLcz.exe
  2⤵
  PID:10088
- C:\Windows\System\xXvxJuj.exe
  C:\Windows\System\xXvxJuj.exe
  2⤵
  PID:10112
- C:\Windows\System\ihOzrBP.exe
  C:\Windows\System\ihOzrBP.exe
  2⤵
  PID:10140
- C:\Windows\System\sEulbaJ.exe
  C:\Windows\System\sEulbaJ.exe
  2⤵
  PID:10168
- C:\Windows\System\wDFOOuR.exe
  C:\Windows\System\wDFOOuR.exe
  2⤵
  PID:10184
- C:\Windows\System\igIpurS.exe
  C:\Windows\System\igIpurS.exe
  2⤵
  PID:10204
- C:\Windows\System\JdNvvtr.exe
  C:\Windows\System\JdNvvtr.exe
  2⤵
  PID:10224
- C:\Windows\System\LVGWlbi.exe
  C:\Windows\System\LVGWlbi.exe
  2⤵
  PID:8880
- C:\Windows\System\XytdURj.exe
  C:\Windows\System\XytdURj.exe
  2⤵
  PID:9240
- C:\Windows\System\OPGQrme.exe
  C:\Windows\System\OPGQrme.exe
  2⤵
  PID:8328
- C:\Windows\System\rNXFNuj.exe
  C:\Windows\System\rNXFNuj.exe
  2⤵
  PID:9320
- C:\Windows\System\LXsKjQJ.exe
  C:\Windows\System\LXsKjQJ.exe
  2⤵
  PID:9072
- C:\Windows\System\kcClFTP.exe
  C:\Windows\System\kcClFTP.exe
  2⤵
  PID:9304
- C:\Windows\System\GkCihtf.exe
  C:\Windows\System\GkCihtf.exe
  2⤵
  PID:9416
- C:\Windows\System\OFcMyAk.exe
  C:\Windows\System\OFcMyAk.exe
  2⤵
  PID:9508
- C:\Windows\System\NoQniAg.exe
  C:\Windows\System\NoQniAg.exe
  2⤵
  PID:9448
- C:\Windows\System\QHahzwj.exe
  C:\Windows\System\QHahzwj.exe
  2⤵
  PID:9568
- C:\Windows\System\MaSgBDM.exe
  C:\Windows\System\MaSgBDM.exe
  2⤵
  PID:9628
- C:\Windows\System\raVynPL.exe
  C:\Windows\System\raVynPL.exe
  2⤵
  PID:9624
- C:\Windows\System\dzhXkWx.exe
  C:\Windows\System\dzhXkWx.exe
  2⤵
  PID:9720
- C:\Windows\System\pnBRyex.exe
  C:\Windows\System\pnBRyex.exe
  2⤵
  PID:9812
- C:\Windows\System\arvEnir.exe
  C:\Windows\System\arvEnir.exe
  2⤵
  PID:9840
- C:\Windows\System\RTxXaTj.exe
  C:\Windows\System\RTxXaTj.exe
  2⤵
  PID:10012
- C:\Windows\System\lDfoFdS.exe
  C:\Windows\System\lDfoFdS.exe
  2⤵
  PID:10148
- C:\Windows\System\pGIXOLV.exe
  C:\Windows\System\pGIXOLV.exe
  2⤵
  PID:10108
- C:\Windows\System\uqaccTv.exe
  C:\Windows\System\uqaccTv.exe
  2⤵
  PID:10160
- C:\Windows\System\KJFSQMh.exe
  C:\Windows\System\KJFSQMh.exe
  2⤵
  PID:8388
- C:\Windows\System\koOuDxD.exe
  C:\Windows\System\koOuDxD.exe
  2⤵
  PID:10212
- C:\Windows\System\xlPDaHa.exe
  C:\Windows\System\xlPDaHa.exe
  2⤵
  PID:10236
- C:\Windows\System\LsxdKsD.exe
  C:\Windows\System\LsxdKsD.exe
  2⤵
  PID:9368
- C:\Windows\System\fXSnjAv.exe
  C:\Windows\System\fXSnjAv.exe
  2⤵
  PID:9112
- C:\Windows\System\HEjQGGG.exe
  C:\Windows\System\HEjQGGG.exe
  2⤵
  PID:7652
- C:\Windows\System\PJSymnW.exe
  C:\Windows\System\PJSymnW.exe
  2⤵
  PID:9604
- C:\Windows\System\DRMEvsC.exe
  C:\Windows\System\DRMEvsC.exe
  2⤵
  PID:9788
- C:\Windows\System\KnsYOdI.exe
  C:\Windows\System\KnsYOdI.exe
  2⤵
  PID:9996
- C:\Windows\System\HmqQlAC.exe
  C:\Windows\System\HmqQlAC.exe
  2⤵
  PID:10256
- C:\Windows\System\GmlXOZT.exe
  C:\Windows\System\GmlXOZT.exe
  2⤵
  PID:10280
- C:\Windows\System\FaBkDyr.exe
  C:\Windows\System\FaBkDyr.exe
  2⤵
  PID:10324
- C:\Windows\System\CeYRlyz.exe
  C:\Windows\System\CeYRlyz.exe
  2⤵
  PID:10364
- C:\Windows\System\azVEpJA.exe
  C:\Windows\System\azVEpJA.exe
  2⤵
  PID:10388
- C:\Windows\System\jInfbDi.exe
  C:\Windows\System\jInfbDi.exe
  2⤵
  PID:10424
- C:\Windows\System\iLxLCsX.exe
  C:\Windows\System\iLxLCsX.exe
  2⤵
  PID:10448
- C:\Windows\System\VPYFaEv.exe
  C:\Windows\System\VPYFaEv.exe
  2⤵
  PID:10464
- C:\Windows\System\gyRUNre.exe
  C:\Windows\System\gyRUNre.exe
  2⤵
  PID:10480
- C:\Windows\System\mHsQExL.exe
  C:\Windows\System\mHsQExL.exe
  2⤵
  PID:10504
- C:\Windows\System\oqOmmob.exe
  C:\Windows\System\oqOmmob.exe
  2⤵
  PID:10536
- C:\Windows\System\uJaYUXa.exe
  C:\Windows\System\uJaYUXa.exe
  2⤵
  PID:10564
- C:\Windows\System\PYfrUMa.exe
  C:\Windows\System\PYfrUMa.exe
  2⤵
  PID:10732
- C:\Windows\System\XXMsJoH.exe
  C:\Windows\System\XXMsJoH.exe
  2⤵
  PID:10752
- C:\Windows\System\iMeaGRh.exe
  C:\Windows\System\iMeaGRh.exe
  2⤵
  PID:10772
- C:\Windows\System\FwdmbDS.exe
  C:\Windows\System\FwdmbDS.exe
  2⤵
  PID:10792
- C:\Windows\System\ySgJLCl.exe
  C:\Windows\System\ySgJLCl.exe
  2⤵
  PID:10812
- C:\Windows\System\ZMIgJLz.exe
  C:\Windows\System\ZMIgJLz.exe
  2⤵
  PID:10828
- C:\Windows\System\IFwQBMD.exe
  C:\Windows\System\IFwQBMD.exe
  2⤵
  PID:10848
- C:\Windows\System\lrraaYI.exe
  C:\Windows\System\lrraaYI.exe
  2⤵
  PID:10864
- C:\Windows\System\QGSboCj.exe
  C:\Windows\System\QGSboCj.exe
  2⤵
  PID:10896
- C:\Windows\System\EweDeLH.exe
  C:\Windows\System\EweDeLH.exe
  2⤵
  PID:10912
- C:\Windows\System\hmGgRPe.exe
  C:\Windows\System\hmGgRPe.exe
  2⤵
  PID:10936
- C:\Windows\System\BbYdXnh.exe
  C:\Windows\System\BbYdXnh.exe
  2⤵
  PID:10952
- C:\Windows\System\FulmUal.exe
  C:\Windows\System\FulmUal.exe
  2⤵
  PID:10980
- C:\Windows\System\ZUJuBan.exe
  C:\Windows\System\ZUJuBan.exe
  2⤵
  PID:11004
- C:\Windows\System\wzhggdY.exe
  C:\Windows\System\wzhggdY.exe
  2⤵
  PID:11032
- C:\Windows\System\AmbVxlo.exe
  C:\Windows\System\AmbVxlo.exe
  2⤵
  PID:11056
- C:\Windows\System\ODJbWdS.exe
  C:\Windows\System\ODJbWdS.exe
  2⤵
  PID:11080
- C:\Windows\System\bCNUwSY.exe
  C:\Windows\System\bCNUwSY.exe
  2⤵
  PID:11120
- C:\Windows\System\KTUOjwY.exe
  C:\Windows\System\KTUOjwY.exe
  2⤵
  PID:11140
- C:\Windows\System\SfAbaFT.exe
  C:\Windows\System\SfAbaFT.exe
  2⤵
  PID:11168
- C:\Windows\System\pMPHZcF.exe
  C:\Windows\System\pMPHZcF.exe
  2⤵
  PID:11204
- C:\Windows\System\HpEclqy.exe
  C:\Windows\System\HpEclqy.exe
  2⤵
  PID:11224
- C:\Windows\System\YfjZbKo.exe
  C:\Windows\System\YfjZbKo.exe
  2⤵
  PID:11260
- C:\Windows\System\gMFEZGG.exe
  C:\Windows\System\gMFEZGG.exe
  2⤵
  PID:9744
- C:\Windows\System\uajTqnc.exe
  C:\Windows\System\uajTqnc.exe
  2⤵
  PID:10076
- C:\Windows\System\FgBqQic.exe
  C:\Windows\System\FgBqQic.exe
  2⤵
  PID:10248
- C:\Windows\System\oMpsklw.exe
  C:\Windows\System\oMpsklw.exe
  2⤵
  PID:9656
- C:\Windows\System\iamnqOh.exe
  C:\Windows\System\iamnqOh.exe
  2⤵
  PID:10272
- C:\Windows\System\MvkdHfP.exe
  C:\Windows\System\MvkdHfP.exe
  2⤵
  PID:9600
- C:\Windows\System\IAGETKR.exe
  C:\Windows\System\IAGETKR.exe
  2⤵
  PID:10376
- C:\Windows\System\uwqFnta.exe
  C:\Windows\System\uwqFnta.exe
  2⤵
  PID:10460
- C:\Windows\System\BzKgXEx.exe
  C:\Windows\System\BzKgXEx.exe
  2⤵
  PID:10672
- C:\Windows\System\RVTTSKU.exe
  C:\Windows\System\RVTTSKU.exe
  2⤵
  PID:3152
- C:\Windows\System\EtGanyg.exe
  C:\Windows\System\EtGanyg.exe
  2⤵
  PID:10456
- C:\Windows\System\UyzNWHd.exe
  C:\Windows\System\UyzNWHd.exe
  2⤵
  PID:10860
- C:\Windows\System\ahsXiyF.exe
  C:\Windows\System\ahsXiyF.exe
  2⤵
  PID:10924
- C:\Windows\System\xKfhNxx.exe
  C:\Windows\System\xKfhNxx.exe
  2⤵
  PID:10964
- C:\Windows\System\UmVJpZD.exe
  C:\Windows\System\UmVJpZD.exe
  2⤵
  PID:11040
- C:\Windows\System\PTjLIqj.exe
  C:\Windows\System\PTjLIqj.exe
  2⤵
  PID:10932
- C:\Windows\System\UqaYVyt.exe
  C:\Windows\System\UqaYVyt.exe
  2⤵
  PID:10856
- C:\Windows\System\zplHqlh.exe
  C:\Windows\System\zplHqlh.exe
  2⤵
  PID:11236
- C:\Windows\System\aOdaqtS.exe
  C:\Windows\System\aOdaqtS.exe
  2⤵
  PID:8588
- C:\Windows\System\IopaujX.exe
  C:\Windows\System\IopaujX.exe
  2⤵
  PID:9520
- C:\Windows\System\FPzfgjT.exe
  C:\Windows\System\FPzfgjT.exe
  2⤵
  PID:9592
- C:\Windows\System\AGSTqhh.exe
  C:\Windows\System\AGSTqhh.exe
  2⤵
  PID:10688
- C:\Windows\System\KnmYlOz.exe
  C:\Windows\System\KnmYlOz.exe
  2⤵
  PID:2108
- C:\Windows\System\skgBVTZ.exe
  C:\Windows\System\skgBVTZ.exe
  2⤵
  PID:10560
- C:\Windows\System\YzExaqW.exe
  C:\Windows\System\YzExaqW.exe
  2⤵
  PID:10876
- C:\Windows\System\xNahleK.exe
  C:\Windows\System\xNahleK.exe
  2⤵
  PID:10628
- C:\Windows\System\DrnfTbx.exe
  C:\Windows\System\DrnfTbx.exe
  2⤵
  PID:11156
- C:\Windows\System\nYnUdxF.exe
  C:\Windows\System\nYnUdxF.exe
  2⤵
  PID:11284
- C:\Windows\System\vMhMrtl.exe
  C:\Windows\System\vMhMrtl.exe
  2⤵
  PID:11308
- C:\Windows\System\ApmKxCR.exe
  C:\Windows\System\ApmKxCR.exe
  2⤵
  PID:11336
- C:\Windows\System\zYMWjhJ.exe
  C:\Windows\System\zYMWjhJ.exe
  2⤵
  PID:11360
- C:\Windows\System\JndAezq.exe
  C:\Windows\System\JndAezq.exe
  2⤵
  PID:11388
- C:\Windows\System\fPgorxg.exe
  C:\Windows\System\fPgorxg.exe
  2⤵
  PID:11412
- C:\Windows\System\irqKRqD.exe
  C:\Windows\System\irqKRqD.exe
  2⤵
  PID:11440
- C:\Windows\System\FxuHoUS.exe
  C:\Windows\System\FxuHoUS.exe
  2⤵
  PID:11468
- C:\Windows\System\xpYwCta.exe
  C:\Windows\System\xpYwCta.exe
  2⤵
  PID:11492
- C:\Windows\System\YyUhfgD.exe
  C:\Windows\System\YyUhfgD.exe
  2⤵
  PID:11520
- C:\Windows\System\XjKdABW.exe
  C:\Windows\System\XjKdABW.exe
  2⤵
  PID:11552
- C:\Windows\System\NuSlCnw.exe
  C:\Windows\System\NuSlCnw.exe
  2⤵
  PID:11584
- C:\Windows\System\dMlkkIC.exe
  C:\Windows\System\dMlkkIC.exe
  2⤵
  PID:11612
- C:\Windows\System\oRvfSsD.exe
  C:\Windows\System\oRvfSsD.exe
  2⤵
  PID:11640
- C:\Windows\System\WzLtJNk.exe
  C:\Windows\System\WzLtJNk.exe
  2⤵
  PID:11664
- C:\Windows\System\IeUXQoe.exe
  C:\Windows\System\IeUXQoe.exe
  2⤵
  PID:11696
- C:\Windows\System\lmtCvAR.exe
  C:\Windows\System\lmtCvAR.exe
  2⤵
  PID:11724
- C:\Windows\System\qCLERfU.exe
  C:\Windows\System\qCLERfU.exe
  2⤵
  PID:11756
- C:\Windows\System\OjVySBR.exe
  C:\Windows\System\OjVySBR.exe
  2⤵
  PID:11772
- C:\Windows\System\tLsEKnu.exe
  C:\Windows\System\tLsEKnu.exe
  2⤵
  PID:11804
- C:\Windows\System\wNRoBTB.exe
  C:\Windows\System\wNRoBTB.exe
  2⤵
  PID:11828
- C:\Windows\System\yTlpIVT.exe
  C:\Windows\System\yTlpIVT.exe
  2⤵
  PID:11848
- C:\Windows\System\EvYnsyD.exe
  C:\Windows\System\EvYnsyD.exe
  2⤵
  PID:11876
- C:\Windows\System\lctOvlU.exe
  C:\Windows\System\lctOvlU.exe
  2⤵
  PID:11892
- C:\Windows\System\kodWcbK.exe
  C:\Windows\System\kodWcbK.exe
  2⤵
  PID:11916
- C:\Windows\System\OuYlgpB.exe
  C:\Windows\System\OuYlgpB.exe
  2⤵
  PID:11944
- C:\Windows\System\jJtVOEx.exe
  C:\Windows\System\jJtVOEx.exe
  2⤵
  PID:11972
- C:\Windows\System\RNhJkQf.exe
  C:\Windows\System\RNhJkQf.exe
  2⤵
  PID:12004
- C:\Windows\System\OKPrwYe.exe
  C:\Windows\System\OKPrwYe.exe
  2⤵
  PID:12028
- C:\Windows\System\CBkPmyT.exe
  C:\Windows\System\CBkPmyT.exe
  2⤵
  PID:12052
- C:\Windows\System\bfdWehh.exe
  C:\Windows\System\bfdWehh.exe
  2⤵
  PID:12076
- C:\Windows\System\Ylbnvco.exe
  C:\Windows\System\Ylbnvco.exe
  2⤵
  PID:12104
- C:\Windows\System\yLRhxcF.exe
  C:\Windows\System\yLRhxcF.exe
  2⤵
  PID:12128
- C:\Windows\System\QwxwOmB.exe
  C:\Windows\System\QwxwOmB.exe
  2⤵
  PID:12156
- C:\Windows\System\XOXZteA.exe
  C:\Windows\System\XOXZteA.exe
  2⤵
  PID:12184
- C:\Windows\System\ZAbsZzI.exe
  C:\Windows\System\ZAbsZzI.exe
  2⤵
  PID:12216
- C:\Windows\System\mRnvqNB.exe
  C:\Windows\System\mRnvqNB.exe
  2⤵
  PID:12244
- C:\Windows\System\DGuZyvh.exe
  C:\Windows\System\DGuZyvh.exe
  2⤵
  PID:12268
- C:\Windows\System\TKPqUFf.exe
  C:\Windows\System\TKPqUFf.exe
  2⤵
  PID:11048
- C:\Windows\System\fwqejCk.exe
  C:\Windows\System\fwqejCk.exe
  2⤵
  PID:10840
- C:\Windows\System\BBbheXs.exe
  C:\Windows\System\BBbheXs.exe
  2⤵
  PID:4312
- C:\Windows\System\RkDtspg.exe
  C:\Windows\System\RkDtspg.exe
  2⤵
  PID:11132
- C:\Windows\System\OClDejB.exe
  C:\Windows\System\OClDejB.exe
  2⤵
  PID:11272
- C:\Windows\System\HRyIVnZ.exe
  C:\Windows\System\HRyIVnZ.exe
  2⤵
  PID:11356
- C:\Windows\System\HVMbrEl.exe
  C:\Windows\System\HVMbrEl.exe
  2⤵
  PID:11268
- C:\Windows\System\ofZbRFT.exe
  C:\Windows\System\ofZbRFT.exe
  2⤵
  PID:11304
- C:\Windows\System\TWhNcet.exe
  C:\Windows\System\TWhNcet.exe
  2⤵
  PID:11600
- C:\Windows\System\YxDOBAd.exe
  C:\Windows\System\YxDOBAd.exe
  2⤵
  PID:11608
- C:\Windows\System\GXzsMRr.exe
  C:\Windows\System\GXzsMRr.exe
  2⤵
  PID:11744
- C:\Windows\System\gsyVyPY.exe
  C:\Windows\System\gsyVyPY.exe
  2⤵
  PID:11656
- C:\Windows\System\yPfNVIp.exe
  C:\Windows\System\yPfNVIp.exe
  2⤵
  PID:11820
- C:\Windows\System\eOhNBaH.exe
  C:\Windows\System\eOhNBaH.exe
  2⤵
  PID:11784
- C:\Windows\System\RQFVrne.exe
  C:\Windows\System\RQFVrne.exe
  2⤵
  PID:11912
- C:\Windows\System\svVIPZS.exe
  C:\Windows\System\svVIPZS.exe
  2⤵
  PID:11764
- C:\Windows\System\AyavgWB.exe
  C:\Windows\System\AyavgWB.exe
  2⤵
  PID:12120
- C:\Windows\System\khbloPf.exe
  C:\Windows\System\khbloPf.exe
  2⤵
  PID:12168
- C:\Windows\System\ZekEUUg.exe
  C:\Windows\System\ZekEUUg.exe
  2⤵
  PID:12208
- C:\Windows\System\OExrJIi.exe
  C:\Windows\System\OExrJIi.exe
  2⤵
  PID:12096
- C:\Windows\System\bifzHRT.exe
  C:\Windows\System\bifzHRT.exe
  2⤵
  PID:10576
- C:\Windows\System\FecGRQG.exe
  C:\Windows\System\FecGRQG.exe
  2⤵
  PID:12204
- C:\Windows\System\adQQOFG.exe
  C:\Windows\System\adQQOFG.exe
  2⤵
  PID:12236
- C:\Windows\System\OxACZPw.exe
  C:\Windows\System\OxACZPw.exe
  2⤵
  PID:12140
- C:\Windows\System\SXkCmFn.exe
  C:\Windows\System\SXkCmFn.exe
  2⤵
  PID:12256
- C:\Windows\System\XTuLhLb.exe
  C:\Windows\System\XTuLhLb.exe
  2⤵
  PID:11816
- C:\Windows\System\yeBdIcS.exe
  C:\Windows\System\yeBdIcS.exe
  2⤵
  PID:9876
- C:\Windows\System\umGuNgI.exe
  C:\Windows\System\umGuNgI.exe
  2⤵
  PID:11956
- C:\Windows\System\GukIyks.exe
  C:\Windows\System\GukIyks.exe
  2⤵
  PID:12212
- C:\Windows\System\GTDmhbo.exe
  C:\Windows\System\GTDmhbo.exe
  2⤵
  PID:11216
- C:\Windows\System\NGWMVgJ.exe
  C:\Windows\System\NGWMVgJ.exe
  2⤵
  PID:12280
- C:\Windows\System\BmTKfkp.exe
  C:\Windows\System\BmTKfkp.exe
  2⤵
  PID:12296
- C:\Windows\System\QHalVpz.exe
  C:\Windows\System\QHalVpz.exe
  2⤵
  PID:12320
- C:\Windows\System\ApeiYJO.exe
  C:\Windows\System\ApeiYJO.exe
  2⤵
  PID:12352
- C:\Windows\System\DqqiqUD.exe
  C:\Windows\System\DqqiqUD.exe
  2⤵
  PID:12372
- C:\Windows\System\piMvONd.exe
  C:\Windows\System\piMvONd.exe
  2⤵
  PID:12400
- C:\Windows\System\TnNZiPC.exe
  C:\Windows\System\TnNZiPC.exe
  2⤵
  PID:12424
- C:\Windows\System\vBEMBHX.exe
  C:\Windows\System\vBEMBHX.exe
  2⤵
  PID:12444
- C:\Windows\System\upNimDR.exe
  C:\Windows\System\upNimDR.exe
  2⤵
  PID:12484
- C:\Windows\System\nkFeeoA.exe
  C:\Windows\System\nkFeeoA.exe
  2⤵
  PID:12512
- C:\Windows\System\rDjGKEM.exe
  C:\Windows\System\rDjGKEM.exe
  2⤵
  PID:12540
- C:\Windows\System\TbfwRNE.exe
  C:\Windows\System\TbfwRNE.exe
  2⤵
  PID:12568
- C:\Windows\System\zcbzhqu.exe
  C:\Windows\System\zcbzhqu.exe
  2⤵
  PID:12592
- C:\Windows\System\JptDXVs.exe
  C:\Windows\System\JptDXVs.exe
  2⤵
  PID:12612
- C:\Windows\System\ofTWXQV.exe
  C:\Windows\System\ofTWXQV.exe
  2⤵
  PID:12644
- C:\Windows\System\sTzVQBH.exe
  C:\Windows\System\sTzVQBH.exe
  2⤵
  PID:12668
- C:\Windows\System\ILQvcKZ.exe
  C:\Windows\System\ILQvcKZ.exe
  2⤵
  PID:12700
- C:\Windows\System\YFdyRDi.exe
  C:\Windows\System\YFdyRDi.exe
  2⤵
  PID:12740
- C:\Windows\System\eNVzMdA.exe
  C:\Windows\System\eNVzMdA.exe
  2⤵
  PID:12764
- C:\Windows\System\nGaQSbV.exe
  C:\Windows\System\nGaQSbV.exe
  2⤵
  PID:12792
- C:\Windows\System\OuchdGI.exe
  C:\Windows\System\OuchdGI.exe
  2⤵
  PID:12824
- C:\Windows\System\TeEzRNf.exe
  C:\Windows\System\TeEzRNf.exe
  2⤵
  PID:12852
- C:\Windows\System\BHLmyKk.exe
  C:\Windows\System\BHLmyKk.exe
  2⤵
  PID:12876
- C:\Windows\System\XyVuUZw.exe
  C:\Windows\System\XyVuUZw.exe
  2⤵
  PID:12896
- C:\Windows\System\IbOevzP.exe
  C:\Windows\System\IbOevzP.exe
  2⤵
  PID:12928
- C:\Windows\System\hzDYWIR.exe
  C:\Windows\System\hzDYWIR.exe
  2⤵
  PID:12952
- C:\Windows\System\zetmLep.exe
  C:\Windows\System\zetmLep.exe
  2⤵
  PID:12984
- C:\Windows\System\DmXwhSA.exe
  C:\Windows\System\DmXwhSA.exe
  2⤵
  PID:13016
- C:\Windows\System\kMZcBRZ.exe
  C:\Windows\System\kMZcBRZ.exe
  2⤵
  PID:13044
- C:\Windows\System\VGOuKWp.exe
  C:\Windows\System\VGOuKWp.exe
  2⤵
  PID:13068
- C:\Windows\System\iufywhW.exe
  C:\Windows\System\iufywhW.exe
  2⤵
  PID:13092
- C:\Windows\System\yCaYBmc.exe
  C:\Windows\System\yCaYBmc.exe
  2⤵
  PID:13116
- C:\Windows\System\kJVgzsC.exe
  C:\Windows\System\kJVgzsC.exe
  2⤵
  PID:13148
- C:\Windows\System\wiVoyYw.exe
  C:\Windows\System\wiVoyYw.exe
  2⤵
  PID:13168
- C:\Windows\System\OrfmbJY.exe
  C:\Windows\System\OrfmbJY.exe
  2⤵
  PID:13196
- C:\Windows\System\nzepkHQ.exe
  C:\Windows\System\nzepkHQ.exe
  2⤵
  PID:13212
- C:\Windows\System\UmYzJrK.exe
  C:\Windows\System\UmYzJrK.exe
  2⤵
  PID:13236
- C:\Windows\System\WVVJHVs.exe
  C:\Windows\System\WVVJHVs.exe
  2⤵
  PID:13260
- C:\Windows\System\AKFxvjL.exe
  C:\Windows\System\AKFxvjL.exe
  2⤵
  PID:13288
- C:\Windows\System\EiqZpqb.exe
  C:\Windows\System\EiqZpqb.exe
  2⤵
  PID:13304
- C:\Windows\System\EgsgJYH.exe
  C:\Windows\System\EgsgJYH.exe
  2⤵
  PID:11376
- C:\Windows\System\HhaMXtE.exe
  C:\Windows\System\HhaMXtE.exe
  2⤵
  PID:11908
- C:\Windows\System\jEqHxJo.exe
  C:\Windows\System\jEqHxJo.exe
  2⤵
  PID:12344
- C:\Windows\System\JIeJSqt.exe
  C:\Windows\System\JIeJSqt.exe
  2⤵
  PID:12412
- C:\Windows\System\LjXbmaD.exe
  C:\Windows\System\LjXbmaD.exe
  2⤵
  PID:11328
- C:\Windows\System\FLAhbmR.exe
  C:\Windows\System\FLAhbmR.exe
  2⤵
  PID:11580
- C:\Windows\System\kxwFQQt.exe
  C:\Windows\System\kxwFQQt.exe
  2⤵
  PID:12384
- C:\Windows\System\eKwHJBx.exe
  C:\Windows\System\eKwHJBx.exe
  2⤵
  PID:12024
- C:\Windows\System\orxKacw.exe
  C:\Windows\System\orxKacw.exe
  2⤵
  PID:12116
- C:\Windows\System\AKtELZb.exe
  C:\Windows\System\AKtELZb.exe
  2⤵
  PID:12532
- C:\Windows\System\nYvcryg.exe
  C:\Windows\System\nYvcryg.exe
  2⤵
  PID:12804
- C:\Windows\System\jOijJhI.exe
  C:\Windows\System\jOijJhI.exe
  2⤵
  PID:12440
- C:\Windows\System\ooPMKAf.exe
  C:\Windows\System\ooPMKAf.exe
  2⤵
  PID:12920
- C:\Windows\System\xCKfXDX.exe
  C:\Windows\System\xCKfXDX.exe
  2⤵
  PID:12684
- C:\Windows\System\UEqODBg.exe
  C:\Windows\System\UEqODBg.exe
  2⤵
  PID:12552
- C:\Windows\System\bFyJBrK.exe
  C:\Windows\System\bFyJBrK.exe
  2⤵
  PID:12784
- C:\Windows\System\xZSdLMI.exe
  C:\Windows\System\xZSdLMI.exe
  2⤵
  PID:13108
- C:\Windows\System\NahvagO.exe
  C:\Windows\System\NahvagO.exe
  2⤵
  PID:13156
- C:\Windows\System\qABtPur.exe
  C:\Windows\System\qABtPur.exe
  2⤵
  PID:12748
- C:\Windows\System\opiOfch.exe
  C:\Windows\System\opiOfch.exe
  2⤵
  PID:13280
- C:\Windows\System\oVzHDps.exe
  C:\Windows\System\oVzHDps.exe
  2⤵
  PID:13056
- C:\Windows\System\UkDIMgs.exe
  C:\Windows\System\UkDIMgs.exe
  2⤵
  PID:13088
- C:\Windows\System\JqUUzrn.exe
  C:\Windows\System\JqUUzrn.exe
  2⤵
  PID:13204
- C:\Windows\System\ECVDIMV.exe
  C:\Windows\System\ECVDIMV.exe
  2⤵
  PID:11904
- C:\Windows\System\KLdbdJj.exe
  C:\Windows\System\KLdbdJj.exe
  2⤵
  PID:11348
- C:\Windows\System\feCvaHG.exe
  C:\Windows\System\feCvaHG.exe
  2⤵
  PID:12472
- C:\Windows\System\NwOFiCA.exe
  C:\Windows\System\NwOFiCA.exe
  2⤵
  PID:12820
- C:\Windows\System\AqcVPmC.exe
  C:\Windows\System\AqcVPmC.exe
  2⤵
  PID:3160
- C:\Windows\System\ULDpjxx.exe
  C:\Windows\System\ULDpjxx.exe
  2⤵
  PID:13336
- C:\Windows\System\aentRJU.exe
  C:\Windows\System\aentRJU.exe
  2⤵
  PID:13364
- C:\Windows\System\sVpErlB.exe
  C:\Windows\System\sVpErlB.exe
  2⤵
  PID:13392
- C:\Windows\System\UAKEUNn.exe
  C:\Windows\System\UAKEUNn.exe
  2⤵
  PID:13416
- C:\Windows\System\zfkGmbv.exe
  C:\Windows\System\zfkGmbv.exe
  2⤵
  PID:13444
- C:\Windows\System\PplTERh.exe
  C:\Windows\System\PplTERh.exe
  2⤵
  PID:13468
- C:\Windows\System\vSfzUNi.exe
  C:\Windows\System\vSfzUNi.exe
  2⤵
  PID:13500
- C:\Windows\System\yvTphZq.exe
  C:\Windows\System\yvTphZq.exe
  2⤵
  PID:13516
- C:\Windows\System\PDopIVF.exe
  C:\Windows\System\PDopIVF.exe
  2⤵
  PID:13540
- C:\Windows\System\jEibuuu.exe
  C:\Windows\System\jEibuuu.exe
  2⤵
  PID:13556
- C:\Windows\System\itoZXPg.exe
  C:\Windows\System\itoZXPg.exe
  2⤵
  PID:13580
- C:\Windows\System\xLzEzVV.exe
  C:\Windows\System\xLzEzVV.exe
  2⤵
  PID:13600
- C:\Windows\System\xcoeVpG.exe
  C:\Windows\System\xcoeVpG.exe
  2⤵
  PID:13624
- C:\Windows\System\XiKLxEw.exe
  C:\Windows\System\XiKLxEw.exe
  2⤵
  PID:13648
- C:\Windows\System\yLpZhSo.exe
  C:\Windows\System\yLpZhSo.exe
  2⤵
  PID:13688
- C:\Windows\System\uikOlhR.exe
  C:\Windows\System\uikOlhR.exe
  2⤵
  PID:13720
- C:\Windows\System\qZnVyeY.exe
  C:\Windows\System\qZnVyeY.exe
  2⤵
  PID:13760
- C:\Windows\System\yabGvTb.exe
  C:\Windows\System\yabGvTb.exe
  2⤵
  PID:13780
- C:\Windows\System\IGjTtEf.exe
  C:\Windows\System\IGjTtEf.exe
  2⤵
  PID:13804
- C:\Windows\System\pLZAdzP.exe
  C:\Windows\System\pLZAdzP.exe
  2⤵
  PID:13832
- C:\Windows\System\DqmjtJw.exe
  C:\Windows\System\DqmjtJw.exe
  2⤵
  PID:13860
- C:\Windows\System\AeLgcZH.exe
  C:\Windows\System\AeLgcZH.exe
  2⤵
  PID:13888
- C:\Windows\System\algPoCb.exe
  C:\Windows\System\algPoCb.exe
  2⤵
  PID:14032
- C:\Windows\System\iVUxyUs.exe
  C:\Windows\System\iVUxyUs.exe
  2⤵
  PID:14048
- C:\Windows\System\ZtgtQSm.exe
  C:\Windows\System\ZtgtQSm.exe
  2⤵
  PID:14072
- C:\Windows\System\EAyNzgK.exe
  C:\Windows\System\EAyNzgK.exe
  2⤵
  PID:14092
- C:\Windows\System\FxWGObB.exe
  C:\Windows\System\FxWGObB.exe
  2⤵
  PID:14108
- C:\Windows\System\VRYuGYW.exe
  C:\Windows\System\VRYuGYW.exe
  2⤵
  PID:14168
- C:\Windows\System\HztlPnO.exe
  C:\Windows\System\HztlPnO.exe
  2⤵
  PID:14196
- C:\Windows\System\wwCTgKb.exe
  C:\Windows\System\wwCTgKb.exe
  2⤵
  PID:14212
- C:\Windows\System\NvvSuMH.exe
  C:\Windows\System\NvvSuMH.exe
  2⤵
  PID:14236
- C:\Windows\System\HzKXAEP.exe
  C:\Windows\System\HzKXAEP.exe
  2⤵
  PID:14256
- C:\Windows\System\TQaDMtx.exe
  C:\Windows\System\TQaDMtx.exe
  2⤵
  PID:14280
- C:\Windows\System\BTCqCIy.exe
  C:\Windows\System\BTCqCIy.exe
  2⤵
  PID:14328
- C:\Windows\System\TRWJygk.exe
  C:\Windows\System\TRWJygk.exe
  2⤵
  PID:13036
- C:\Windows\System\MvufkXe.exe
  C:\Windows\System\MvufkXe.exe
  2⤵
  PID:13104
- C:\Windows\System\qCpoyMN.exe
  C:\Windows\System\qCpoyMN.exe
  2⤵
  PID:11244
- C:\Windows\System\DFVhDmQ.exe
  C:\Windows\System\DFVhDmQ.exe
  2⤵
  PID:3192
- C:\Windows\System\npILUtd.exe
  C:\Windows\System\npILUtd.exe
  2⤵
  PID:12724
- C:\Windows\System\GNrsxYw.exe
  C:\Windows\System\GNrsxYw.exe
  2⤵
  PID:13140
- C:\Windows\System\rAfgdAE.exe
  C:\Windows\System\rAfgdAE.exe
  2⤵
  PID:11992
- C:\Windows\System\EKtJEYk.exe
  C:\Windows\System\EKtJEYk.exe
  2⤵
  PID:12916
- C:\Windows\System\CCrTpnA.exe
  C:\Windows\System\CCrTpnA.exe
  2⤵
  PID:13356
- C:\Windows\System\xlTTWuI.exe
  C:\Windows\System\xlTTWuI.exe
  2⤵
  PID:13708
- C:\Windows\System\HBCDqFC.exe
  C:\Windows\System\HBCDqFC.exe
  2⤵
  PID:13752
- C:\Windows\System\lcTeqob.exe
  C:\Windows\System\lcTeqob.exe
  2⤵
  PID:13800
- C:\Windows\System\tdjaCIw.exe
  C:\Windows\System\tdjaCIw.exe
  2⤵
  PID:13848
- C:\Windows\System\LOuZlbh.exe
  C:\Windows\System\LOuZlbh.exe
  2⤵
  PID:13576
- C:\Windows\System\UxOlCNL.exe
  C:\Windows\System\UxOlCNL.exe
  2⤵
  PID:14252
- C:\Windows\System\PoeNPQS.exe
  C:\Windows\System\PoeNPQS.exe
  2⤵
  PID:13372
- C:\Windows\System\bfqYSKS.exe
  C:\Windows\System\bfqYSKS.exe
  2⤵
  PID:13440
- C:\Windows\System\KkMtpXh.exe
  C:\Windows\System\KkMtpXh.exe
  2⤵
  PID:13384
- C:\Windows\System\pQeEJUH.exe
  C:\Windows\System\pQeEJUH.exe
  2⤵
  PID:13776
- C:\Windows\System\PuhIOZW.exe
  C:\Windows\System\PuhIOZW.exe
  2⤵
  PID:13676
- C:\Windows\System\HlPvHyq.exe
  C:\Windows\System\HlPvHyq.exe
  2⤵
  PID:14100
- C:\Windows\System\ITHKzit.exe
  C:\Windows\System\ITHKzit.exe
  2⤵
  PID:12832
- C:\Windows\System\UDEGeUc.exe
  C:\Windows\System\UDEGeUc.exe
  2⤵
  PID:12608
- C:\Windows\System\iPnLsCy.exe
  C:\Windows\System\iPnLsCy.exe
  2⤵
  PID:14288

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CIBcvQM.exe

Filesize
1.4MB

MD5
bc51d3763d13e34fdd3f0d3586972ef9

SHA1
a6c5e25148627d1d9d2ea072811c20d921a929be

SHA256
766f0b64f79433e7ac4f9f015c8eede16a03c9e82d105508a5011d98ef9bd9c5

SHA512
89fe588df94df04308963a4906ee63b847268b8d4b04f77a07839cca58e4375232c161f6fe50e8b5425791f3fef1df05dc1900f06fdf6a8c920f5193ab69c32f

Download Submit
C:\Windows\System\FdCcswQ.exe

Filesize
1.4MB

MD5
d067ed62457b72bef7bc08f59f56e104

SHA1
2cd7f9b2d12a61bd246538037ccbe5a02040067f

SHA256
71a342f0a858a82cedd7fd63a912f36a8bd3a1e02e1f19b4e82d0eba2109ea69

SHA512
9b84800a28386af48ad833ca177f93c7dfe68be07508aa4311e035e06cd87cd55029ea0007038dbc0bf402f0465270b04bb238b3f9e790ee1140f719a0470e09

Download Submit
C:\Windows\System\GjOAPLk.exe

Filesize
1.4MB

MD5
fcbcb1b1561f3450be9bad5e96fe84bc

SHA1
c4b6c7146dfbb92dec6cd45425b51aab872a62df

SHA256
8f1b0f6f53f784cc7ed0dcb77778853c50fa3b93398bb398cc1f03b57efe98bc

SHA512
2de3193c012e7ca868377a8c6c59d411a40b3c37bdb68511737b91831d60e1238e55b4f09da1c9213ed92f408f3ce4f656e638a3cb07a89652ceb44c699945f0

Download Submit
C:\Windows\System\HQQyicW.exe

Filesize
1.4MB

MD5
4d597a05d7e82d6434bf0ad81da64bda

SHA1
8c02385e04b3b4a87910dc3482494c1274773809

SHA256
198b82c0f42a75a86e4d52b751be1f276d5ed34ac31361db46c79c7dd3607374

SHA512
1065098dd5d47acf25390ae7df27eeb6e5368c51496220db33917bda53ac332b4fa56d4b916e3e4f45b550823a189a25ecad443bae9e6f135f2eceb64b46b2f5

Download Submit
C:\Windows\System\HYoOPHQ.exe

Filesize
1.4MB

MD5
154e546e377774ec2473360549957297

SHA1
ecb0930da27d3dd85c505e87c747ce05b940076d

SHA256
33434305edbd3472b2dd9798a25cb1e7ed240c79912b936da254f1d1e918622d

SHA512
47f04d2ec8d4ae428a134989906fae69f4360ef3c4493a0ab762a109c89dbc6703c01245b2fd00fc7b6a61407c0cdaf05f5f846d6f8276bf1b5d6ee934221733

Download Submit
C:\Windows\System\IEzPdIT.exe

Filesize
1.4MB

MD5
029c51449eaf34e139d68e641ff1965d

SHA1
3c8479fd22579ff4ea114bceabdb7ca80ba7bcb7

SHA256
b1245cbfef5861d62447e980475c36a5cd33fd32b57eac9c98a3089e422a392b

SHA512
c196da04e1981ec921f302722ac062400a6721ebc805d71063cd6305b983eda951c460690fd235863642da87a65a4ece90cf3af356c3e356adf0320dfff1eeea

Download Submit
C:\Windows\System\KoPiLYw.exe

Filesize
1.4MB

MD5
a9994747e7863a95892f8eeb2470f359

SHA1
48e84c5aafb98510b3076cc6b8b7de1559e37770

SHA256
ec4d4c6e2e7b54e6602746d613daaaf03f2cad12e268a4cb4ce28e8e2eb91b1a

SHA512
08521d9c6dc0d73519511eb5ea14d660afb7f562a6db4d187ca37d26d02f66c345e7f8d7fdf7a6f541d072afb96ad2c070678dbef7093f6ef300778cdf52c69e

Download Submit
C:\Windows\System\MRbpyLS.exe

Filesize
1.4MB

MD5
f4088b8fccf179d0521c8eb6aa3385b7

SHA1
0749f6dd501f8b74e53ef6e5bbccbc81cd1569bd

SHA256
304de340b174057fbc9e10280885ddfda063d1d82cdda4dd8f54cb45d96c4d78

SHA512
93296ccac4061a18378af24dd10bc2342d284fca44de3c9c741f90b7b5d413e6b279a2f9930a407d4486df06fd3407f5da0244d4142d892df3c17807bd784cf2

Download Submit
C:\Windows\System\MixpTkp.exe

Filesize
1.4MB

MD5
a89e4ccff4642e98630946efd1d501d0

SHA1
43150286374e3160943c720f414ad94a12cd98fb

SHA256
2d5dd12227833bc4c7da70a313d9f8002e8ca3d9996e8fb5063009628342c375

SHA512
4ba407c6da0ab60e073844451ad7e4ee65bfa726ae1b88cfb2b157387ee67fd4dfa67da02ecf562dfdcb9d4ddebf9806af948f3e01c4cdb4a5e3b755dfd2176d

Download Submit
C:\Windows\System\MneKCYa.exe

Filesize
1.4MB

MD5
3619b22232905b0713874bf33056d3fe

SHA1
1223f043f1fc219814f0f20c32ad1b2e1f2dc075

SHA256
ef9fda750e17b49e99aebe402e404face17bed5c2e97468381d52b12d80d0691

SHA512
d1ed7662f6bc107bb34772868e8e71a70dfc8c53eaa188581df2a3b942b68747093aa70da6e861f5cb43ad9ca82ea9bf14deff02c0317fcd9a39eca657ed9484

Download Submit
C:\Windows\System\OIoddph.exe

Filesize
1.4MB

MD5
7b2184fd6239341ebc9362a9797676ae

SHA1
fd9c8cf05798eb8f40a563f44b48d66e49cede57

SHA256
125ebf35c60a72cf9f28b1e305de7e6171c0e29dbfa7119f59e6b3601c868af6

SHA512
cbb4b5f4c7f3bd208ab613558ad8eddab4c79c3512ab9ffb906edbd05762ab53b2aec2e07d020bc3bdaa09f04800fcdc6a571de41f971cfe318724f7f2eab030

Download Submit
C:\Windows\System\PJqRkNJ.exe

Filesize
1.4MB

MD5
96729cbdc8216a4dd19e422a957b6cc0

SHA1
81b4bba6b58f2e64c70448abf6463e76ac395c9c

SHA256
eae7e7be0d046168f948559fd9a5a2f1d05175fa04230f36b613d050d4bd4301

SHA512
142afc973e82e9867b41f2dfcdd69c56203df93944a898eb710badf8d166d291ea3fb5ee619e35e638f57a69932b8079f78036a9379ba5a0fc014a61e91d3cd0

Download Submit
C:\Windows\System\QXlRoqK.exe

Filesize
1.4MB

MD5
be88c945278570254072f8d03bb5beac

SHA1
2ccb9fd6a7093ee794d543a19323af66d714a4f9

SHA256
ce549d2b9de2d728c2d0805beed5f92a07b2aed64098cea4f41c9f1f7bdf92ec

SHA512
875abe2b7b569b796dbd4a6ee4a65e2a8619553b7cf72ccb4050881c33d1d2181fd7c51e5958fe5d5527c27967f602bd8291e774e324e928b7cf6398bd40bcc4

Download Submit
C:\Windows\System\SNiopLM.exe

Filesize
1.4MB

MD5
2586130c3784e650d800a4b1aa2104bd

SHA1
3591b2c82595bd4463827995cd252e2503ea61af

SHA256
ed2e68ba5cefc23b0e29b401d940222b69bb759e1186011ce4a15f9faf975aaa

SHA512
baf9bf1d72099e3100c626b7417953b08165fb1859b9d88c69d83471517927f8b4728b1c331da9f039e26d4ed436ca6db4080b3fe2983fed26bfedb5934bd0dd

Download Submit
C:\Windows\System\SOUtYsf.exe

Filesize
1.4MB

MD5
62a042af6fb4f1cbc3147a297c399dbb

SHA1
ff8c819f15c3d3af8e6c2c32684409be3ddca319

SHA256
c397d9d3636f16af99f0d25a6138514477b0b928aa8c5ef22486398b8a090ce3

SHA512
efa75d73aa72ab01170c594151f143063788f3f2cfe0e9e33f15b9a75e40d74a69be559b435bc92a4ee7788cf663a967dfe54b45d80899ccf363f534c09746ab

Download Submit
C:\Windows\System\TNQeYEE.exe

Filesize
1.4MB

MD5
728e9fc80955a8476075731a7cad3336

SHA1
f40e3ae23babfbd6a12daef400c79bcef76663ab

SHA256
fc3d451f1d022958eea4da0bbb484e46e1231b707b7f3dc7bd603754496dbee2

SHA512
3d4440ebcf08a815001e4e4a995a18deb68d59a6a2b538e1f42dd5e9b98ea3d685efd70045c7a9ffe75d66a3dfd5b156178d084ef2db22aad6ba34af008929d3

Download Submit
C:\Windows\System\TTpqsQu.exe

Filesize
1.4MB

MD5
1274152642b15b466888e47eefa69f03

SHA1
874ee94eb65820ef7000667c40d1dd5705ab99b0

SHA256
22794e8d0460b9165b83fddc629e7166237b8e78f06c2b41ee3dc35d49fb665d

SHA512
602a2512609b0f89cc26b3f1043279ba15dae0e5255c51bc6807a6a32343d9a56e8c098f927664cf62be1c9854157c3f1d7ca3753a7f2cf03f712bd38f043159

Download Submit
C:\Windows\System\UIxJvWR.exe

Filesize
1.4MB

MD5
28c2a92f40c7afc229803628fdd8a8f0

SHA1
74282e502d6e41d6a0041f4239aa36c47b571934

SHA256
480ed7527efad9d8470869c76d142ad91ae428ebb5086c2270593a0c39b6460e

SHA512
9c1e4e6de71db4d2b0810bb414c3f2d047cd8ba7b6970be6f99be6baf93fd3a8750f70a6fbc905303ffe673371024ad4a8e0996cff2f7f6beb38a2375055ad99

Download Submit
C:\Windows\System\XwDWXxz.exe

Filesize
1.4MB

MD5
ae6e11dd4d2fa0442d6d4d21141e3c3a

SHA1
4bc7eb20b27c5b2012aa9998e04544a5f4c18940

SHA256
72fa9315ae952e023b8b1bcd4c97fb7fe099becbe7709a3aed3280fa6ae29889

SHA512
ec472946cdd7bcf84e621ddefb48c3e4385e0228df04e9f1e16e14ec0b94517ae0ebaee4c9aff094440320c74e68ce7ad0aa45195a58c2286e989f1a0ec627a4

Download Submit
C:\Windows\System\ZDaCgua.exe

Filesize
1.4MB

MD5
073ac7acc00ab3517534efc00d0efc25

SHA1
5c1fe340950a41ef9af8c10015c20b80f8636d10

SHA256
bb6e7cd58db8359ff63eb2a3e334fca905ad36fec1ff86550f56737ec9136257

SHA512
2ab73c1aabf270fc2f158dd50cfd5fb8dc5c23ee6a7922448a9d2d61696e2b2e9a0e6ae626f95762b1691440ac945970751f84e216382550ed229dc1063af2fc

Download Submit
C:\Windows\System\apODHFQ.exe

Filesize
1.4MB

MD5
482e4fd08680662897277d86c25f2a6d

SHA1
79cd34a05bdcdb943b234654cadc2bf6f00fd845

SHA256
1fa81f5f3071349c6ab829e99bee3b68c57354bc5bd2730df7ba22a9fb16b445

SHA512
830922ffe61967940bf06fe82c9876f1d56545cd10711a42e4c748469c3e9d18d278eb504d0e549f26f8e78f619d8db2cdb5d7c7e4e2a25c9bb44ecf0da34416

Download Submit
C:\Windows\System\bZPflGH.exe

Filesize
1.4MB

MD5
e53d88e917ba6bbb5476c5505cae6d6c

SHA1
90b5da22620ffdcbe5b0945011afb74a11e6bc8b

SHA256
7717fa121e493dfaf7c7cc4cfecac7870ae7b8141881b7e38b546e8ee82252d1

SHA512
19248ace4dc23ad41513a1faa2a26676dfd2911b89ba1f5363c8b0316b0ad5805c9cf7f13285b376f2f4eef57b3eacbf2d8bbf76cec73245232d65c0f910e321

Download Submit
C:\Windows\System\bjAHEOy.exe

Filesize
1.4MB

MD5
890dd8ea3e52c1ac2b8faaf315557d51

SHA1
72f62581745f7cb091e263ec59ab43aa7a05e70f

SHA256
e1265b117f653ecf1109610dea425f5ad89a33211f79f917c4f07a4320e2f508

SHA512
571547ac338c812e2975a45600c72654a0291fb2b961778732cf041ffcd67c4fb88fe4c4c569f96aa7f648d73c81467177b6c1b7ee8f28d272ffdd509c7d9658

Download Submit
C:\Windows\System\cTcOfYe.exe

Filesize
1.4MB

MD5
812b4ddb88342f6f4673dd07b9cc6c14

SHA1
e8d0412e3b945e2b4e33d14462046fc38d972daa

SHA256
7146e62e5dbe914c493ae6159e3e29c8bd5d49cf252d9d5b204da09748290bc4

SHA512
39c13300f9efd643295d2992e85f193e3dcde1223662d032d5ccc0e04527999ae8e89e42ebb85b574157760faac069d32ec52bd610f681d8d7e718c7a4659a4e

Download Submit
C:\Windows\System\efjcQfY.exe

Filesize
1.4MB

MD5
8b27c60768181d3b0c4230f14c7c3c4d

SHA1
ef4f3bc5e3226906bd4758f9a8a80095e86929fd

SHA256
ddea3df070652bad237f819ab5a40e07f7807ed75e4950589a02407e466e0ec0

SHA512
0173b5a15900c42bab1329f33f325cdaf017b1257521b157ab1fd76c8974930330d853fc6f599bc62dcebadc604af05aa13e3556425a74c8aa453863af118384

Download Submit
C:\Windows\System\gelYitg.exe

Filesize
1.4MB

MD5
c16e902c858a985060a643a763f37920

SHA1
fbf91045aadcede303e08edcb2d3c18f201b0847

SHA256
38042b3741aecf69ccaa3a7824a2b71cdcb7140de1d2f19e571dfe73fcd9b161

SHA512
b3bb1735834673848536432cf4e0e2f4d13dae9b3d29977cc62442787867c17bacc4833b8002bc9feb13a6a36925f4ce244335c115bebddd604496aa42531c88

Download Submit
C:\Windows\System\iVzWfqh.exe

Filesize
1.4MB

MD5
14468d0959feafec1f11b9093264587c

SHA1
2d59208f117aca3f879bcc124c13046c56091b75

SHA256
f1c75ae140a64ab4cd1e2492076fa5bb8cf16c9cad02ffd2747c6f5b70a3e660

SHA512
16853410e1ec31193e78752d1a2d580ef122fca2e9501795d6d59cf624a52438f95c0b2224fa78ea61ef80e5d0464f055cf733dc8a4f01416436091f1568dc00

Download Submit
C:\Windows\System\kKClHoT.exe

Filesize
1.4MB

MD5
b4221a3ff51510743c972128c5e39100

SHA1
35b3382456fdd16669094976c44f20d5cdc3010a

SHA256
e5862704b8da276fa9ed461b14294721f14cff84319316cb2a69697164d9aa6f

SHA512
73d6cb52aa914516fe519a0c88be005b30ffac130118ad0ec3db3e2fb1c96f44d5e3f3afcf7e93d60839ccf4583751a1779efc56536cbd38df0c08730e52b78a

Download Submit
C:\Windows\System\kOajSRy.exe

Filesize
1.4MB

MD5
e43c253acb9d9b6781a9e5b5b5625348

SHA1
1c0f08c3319f3afaf031cf46598a0e68f4e1d602

SHA256
02ce8976a69de81e6165693389a6f147be48064545e6792b6644a174634107ae

SHA512
2c0e19fc5df4cd6f86e27480481daf63747c05db9e3c756d3514863cb72437ec172f9a4e99df5a3fe94c88586bcf9480ef63961f2abfada7ee75831a7522d1e0

Download Submit
C:\Windows\System\nHsxGfO.exe

Filesize
1.4MB

MD5
4be1a31ffda5be01afc4a3f800c8f957

SHA1
366b19e188d802e0888c245b532443b8b4f00227

SHA256
85e7cc0898c12d137b5b58f8a52593eaecd2f3ae96c4ec20c673e5aab8b98a03

SHA512
18bb6861425873573675bd133387d1d654d0c6361e87bc4f100815c0d384cf2b6aa3065f3424c6e96166090c437768ea3226bf53c6201a46ec7ce50f0ce13c52

Download Submit
C:\Windows\System\njVnCdk.exe

Filesize
1.4MB

MD5
d616d312c41172222ace98f93395cf08

SHA1
509240a9c316952b9d5d54ac5e15a8d0bd73011c

SHA256
6598962f3bc11a9ed7780e93ad5c30946f080a99efdcde6c8c36a2a2c0efbddb

SHA512
ebdf039813109894756c2bcceaa6ff1762fc5c3178a69b7dd6e3d3bf323a13a3d280636b48a4a1e2961dd383e57c33a5513a6e13c232ba7aa57f44f44f179c3b

Download Submit
C:\Windows\System\pXxPFcM.exe

Filesize
1.4MB

MD5
30387b90c9cc16deed0a0aba78014dd0

SHA1
8408f3ab85227fad53daa66a753b5be9293dd732

SHA256
40d1f4be4dfbd1630931e3b1b1fedde09c9662534b776510da9470af2859ac4d

SHA512
a70bac50a1443bf169ead2030606d5c1142733e93ae07928fe2df7f0717944cf46940f392127628128c2b444a07e0ed95272e235d024b067e10b1a8d348e8fc9

Download Submit
C:\Windows\System\rkxQFgb.exe

Filesize
1.4MB

MD5
fa0ad01f37c5b18339a97fd26797aba3

SHA1
322120078d066e1cf5fdde72e3d9ee2d88c1a0bc

SHA256
03dc7350d0d43719deae06508c0180be628839f37a0da7191811171398ee758b

SHA512
992b4aaf8af47275606d8b7f9b4eaba2bc50dd6f9c1544630bce0a8fe95b2fc9b9b8c3f5c3c7c194958993a92109bb54ba39a59ce2ab5d1093c1e5b7c2d82e1e

Download Submit
C:\Windows\System\vHrrbnD.exe

Filesize
1.4MB

MD5
74f32f6690228a5493c32439f310ebb9

SHA1
e643bdf1eced4ec409d8d28d31a64f3cd89acba7

SHA256
679211bfaaa1c73d603a386ad16a6d00da52ec8be03f08e84fd4119f51b024eb

SHA512
9d85f99bcfff6a96fbf2f0833b660e14afb8f3334bc4ecab35d964a49c8efb7551f8b8c21500e1668a47922e010caf0b706497aac1697178f322aa1210a3f202

Download Submit
C:\Windows\System\vOAIpbm.exe

Filesize
1.4MB

MD5
bf65020bb78b308dc8a20aa862e2ccec

SHA1
014b67b10a05b196cf933def0e8078c4b802ba55

SHA256
f69811bb066d43fa56349bf139d905c2ece8665aa9de85c9a9a75397f5e4014d

SHA512
1225a425169c4e0d0ba54e8ff6bd945fb10cab21a799e49787c3dd9d40b2250ddd558f2ae4a6f12b877c2c04f9e36c612a28311b0555a9af3ac624afccde1261

Download Submit
C:\Windows\System\vOTkTkD.exe

Filesize
1.4MB

MD5
1f6af4dfd7e8173a54f814668e98c0ad

SHA1
7edf943e0d303aecf447a720f317bdcdd9889b21

SHA256
889c2487c1aafa1c62278bc95957fdf71dcf5c8c02cc8e16a0457b2b20e520ae

SHA512
c3d129aced3078aa1134193ca3126f5180d427c36f398c25d5dc8f5a158106bf84a55e9fcafa2ef988de449f1775ab80d1f1f926f94e529713ec14a1ecdd5086

Download Submit
C:\Windows\System\xKNRZHP.exe

Filesize
1.4MB

MD5
f65d8f92455b501b7bc039235187e346

SHA1
a550d60476cec686125fdb0bdca1a3d82e8b26f2

SHA256
b377a03d38715de0797ee141ce7fc634e2d24704b59640e26eeac18f48e772a1

SHA512
2d8dafc6c9ee47783c1969463e65d00a68db08e4c51f0212bc5ba0da445123cb0e8e2d7f46b04228fd66c5af96cbbefe980186703e9cc3ccaa16b6aed5a9c002

Download Submit
C:\Windows\System\zelPQwA.exe

Filesize
1.4MB

MD5
e2c346f5781c76fff1ac158414512373

SHA1
2eff27abfbf2e3cea35ab9d5fcae4773e572a899

SHA256
87eac4c9ba41537f5e9713bd8e29f4f0814f88737462b93587bcb46103574818

SHA512
bd246c72afe1f674cb0c56633a835764f72b898f87a8cba984ba57130f0cbedeed23dd44c2c41289abf626a95ded2180de3961e4f0217bfeaec7d19ca40b4bdf

Download Submit
memory/64-2244-0x00007FF698360000-0x00007FF6986B4000-memory.dmp

Filesize
3.3MB

Download
memory/64-19-0x00007FF698360000-0x00007FF6986B4000-memory.dmp

Filesize
3.3MB

Download
memory/540-2245-0x00007FF698A80000-0x00007FF698DD4000-memory.dmp

Filesize
3.3MB

Download
memory/540-290-0x00007FF698A80000-0x00007FF698DD4000-memory.dmp

Filesize
3.3MB

Download
memory/880-54-0x00007FF707A70000-0x00007FF707DC4000-memory.dmp

Filesize
3.3MB

Download
memory/880-2241-0x00007FF707A70000-0x00007FF707DC4000-memory.dmp

Filesize
3.3MB

Download
memory/880-2248-0x00007FF707A70000-0x00007FF707DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1240-296-0x00007FF6FCB40000-0x00007FF6FCE94000-memory.dmp

Filesize
3.3MB

Download
memory/1240-2266-0x00007FF6FCB40000-0x00007FF6FCE94000-memory.dmp

Filesize
3.3MB

Download
memory/1376-44-0x00007FF64EF50000-0x00007FF64F2A4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-2240-0x00007FF64EF50000-0x00007FF64F2A4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-2246-0x00007FF64EF50000-0x00007FF64F2A4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2251-0x00007FF6A86F0000-0x00007FF6A8A44000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2243-0x00007FF6A86F0000-0x00007FF6A8A44000-memory.dmp

Filesize
3.3MB

Download
memory/1424-106-0x00007FF6A86F0000-0x00007FF6A8A44000-memory.dmp

Filesize
3.3MB

Download
memory/1552-279-0x00007FF6986D0000-0x00007FF698A24000-memory.dmp

Filesize
3.3MB

Download
memory/1552-2263-0x00007FF6986D0000-0x00007FF698A24000-memory.dmp

Filesize
3.3MB

Download
memory/1668-292-0x00007FF73EF70000-0x00007FF73F2C4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-2260-0x00007FF73EF70000-0x00007FF73F2C4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-280-0x00007FF7F44E0000-0x00007FF7F4834000-memory.dmp

Filesize
3.3MB

Download
memory/1972-2259-0x00007FF7F44E0000-0x00007FF7F4834000-memory.dmp

Filesize
3.3MB

Download
memory/2008-289-0x00007FF661440000-0x00007FF661794000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2269-0x00007FF661440000-0x00007FF661794000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2271-0x00007FF70CA70000-0x00007FF70CDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-288-0x00007FF70CA70000-0x00007FF70CDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-286-0x00007FF735F50000-0x00007FF7362A4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2268-0x00007FF735F50000-0x00007FF7362A4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2255-0x00007FF641D20000-0x00007FF642074000-memory.dmp

Filesize
3.3MB

Download
memory/2512-293-0x00007FF641D20000-0x00007FF642074000-memory.dmp

Filesize
3.3MB

Download
memory/2560-200-0x00007FF77C490000-0x00007FF77C7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2254-0x00007FF77C490000-0x00007FF77C7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-291-0x00007FF70A4D0000-0x00007FF70A824000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2249-0x00007FF70A4D0000-0x00007FF70A824000-memory.dmp

Filesize
3.3MB

Download
memory/3624-2264-0x00007FF75AB70000-0x00007FF75AEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3624-277-0x00007FF75AB70000-0x00007FF75AEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3656-120-0x00007FF726020000-0x00007FF726374000-memory.dmp

Filesize
3.3MB

Download
memory/3656-2253-0x00007FF726020000-0x00007FF726374000-memory.dmp

Filesize
3.3MB

Download
memory/3736-79-0x00007FF7C8420000-0x00007FF7C8774000-memory.dmp

Filesize
3.3MB

Download
memory/3736-2250-0x00007FF7C8420000-0x00007FF7C8774000-memory.dmp

Filesize
3.3MB

Download
memory/4016-294-0x00007FF671A60000-0x00007FF671DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4016-2257-0x00007FF671A60000-0x00007FF671DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4208-2267-0x00007FF70A3D0000-0x00007FF70A724000-memory.dmp

Filesize
3.3MB

Download
memory/4208-285-0x00007FF70A3D0000-0x00007FF70A724000-memory.dmp

Filesize
3.3MB

Download
memory/4232-2242-0x00007FF761010000-0x00007FF761364000-memory.dmp

Filesize
3.3MB

Download
memory/4232-77-0x00007FF761010000-0x00007FF761364000-memory.dmp

Filesize
3.3MB

Download
memory/4232-2247-0x00007FF761010000-0x00007FF761364000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2239-0x00007FF689070000-0x00007FF6893C4000-memory.dmp

Filesize
3.3MB

Download
memory/4264-1-0x00000197DC460000-0x00000197DC470000-memory.dmp

Filesize
64KB

Download
memory/4264-0-0x00007FF689070000-0x00007FF6893C4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-265-0x00007FF6E6060000-0x00007FF6E63B4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-2262-0x00007FF6E6060000-0x00007FF6E63B4000-memory.dmp

Filesize
3.3MB

Download
memory/4548-248-0x00007FF7858F0000-0x00007FF785C44000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2261-0x00007FF7858F0000-0x00007FF785C44000-memory.dmp

Filesize
3.3MB

Download
memory/4748-2256-0x00007FF6A2600000-0x00007FF6A2954000-memory.dmp

Filesize
3.3MB

Download
memory/4748-197-0x00007FF6A2600000-0x00007FF6A2954000-memory.dmp

Filesize
3.3MB

Download
memory/4796-295-0x00007FF60DB30000-0x00007FF60DE84000-memory.dmp

Filesize
3.3MB

Download
memory/4796-2265-0x00007FF60DB30000-0x00007FF60DE84000-memory.dmp

Filesize
3.3MB

Download
memory/4844-154-0x00007FF738AE0000-0x00007FF738E34000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2252-0x00007FF738AE0000-0x00007FF738E34000-memory.dmp

Filesize
3.3MB

Download
memory/4884-266-0x00007FF742800000-0x00007FF742B54000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2272-0x00007FF742800000-0x00007FF742B54000-memory.dmp

Filesize
3.3MB

Download
memory/4940-227-0x00007FF68CCD0000-0x00007FF68D024000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2258-0x00007FF68CCD0000-0x00007FF68D024000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2270-0x00007FF6870E0000-0x00007FF687434000-memory.dmp

Filesize
3.3MB

Download
memory/5104-287-0x00007FF6870E0000-0x00007FF687434000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads