xmrig | 204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154

Analysis

max time kernel
133s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 08:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
Size

2.4MB
MD5

62a482628290abd006a1d3d8b2683770
SHA1

9f863e2d610f5d249d06176a0a4dad13fcf3f8c2
SHA256

204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154
SHA512

45d5ebba335a602d065826ecff79290c72c4cc723d44f5402b8f24c7ecefb189e69e0cb3c756d4455333f8d45b8ff18886792992498f596f214b7b1d668151e7
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQHxWiVuZNV+pKfRcT:BemTLkNdfE0pZrQx

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3160-0-0x00007FF78EF70000-0x00007FF78F2C4000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-5.dat	xmrig
behavioral2/memory/4868-10-0x00007FF7BDAD0000-0x00007FF7BDE24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023403-9.dat	xmrig
behavioral2/files/0x00090000000233f4-13.dat	xmrig
behavioral2/memory/1364-19-0x00007FF751100000-0x00007FF751454000-memory.dmp	xmrig
behavioral2/memory/3864-35-0x00007FF7E0D20000-0x00007FF7E1074000-memory.dmp	xmrig
behavioral2/memory/4356-40-0x00007FF64DD50000-0x00007FF64E0A4000-memory.dmp	xmrig
behavioral2/memory/3552-49-0x00007FF711740000-0x00007FF711A94000-memory.dmp	xmrig
behavioral2/memory/1852-55-0x00007FF62C5A0000-0x00007FF62C8F4000-memory.dmp	xmrig
behavioral2/memory/4348-56-0x00007FF6CC150000-0x00007FF6CC4A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-60.dat	xmrig
behavioral2/files/0x000700000002340a-58.dat	xmrig
behavioral2/memory/1048-57-0x00007FF6EDCD0000-0x00007FF6EE024000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-53.dat	xmrig
behavioral2/files/0x0007000000023407-51.dat	xmrig
behavioral2/files/0x0007000000023406-45.dat	xmrig
behavioral2/files/0x0007000000023404-43.dat	xmrig
behavioral2/memory/3984-33-0x00007FF78E390000-0x00007FF78E6E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023405-37.dat	xmrig
behavioral2/memory/3908-25-0x00007FF74D5F0000-0x00007FF74D944000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-66.dat	xmrig
behavioral2/memory/4232-68-0x00007FF712D30000-0x00007FF713084000-memory.dmp	xmrig
behavioral2/files/0x00090000000233fc-74.dat	xmrig
behavioral2/files/0x0007000000023410-84.dat	xmrig
behavioral2/memory/4168-81-0x00007FF7DD090000-0x00007FF7DD3E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-80.dat	xmrig
behavioral2/memory/1840-77-0x00007FF6FB070000-0x00007FF6FB3C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-75.dat	xmrig
behavioral2/memory/1360-100-0x00007FF6E1900000-0x00007FF6E1C54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-104.dat	xmrig
behavioral2/memory/536-114-0x00007FF618680000-0x00007FF6189D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-117.dat	xmrig
behavioral2/memory/3320-123-0x00007FF718850000-0x00007FF718BA4000-memory.dmp	xmrig
behavioral2/memory/1164-126-0x00007FF605700000-0x00007FF605A54000-memory.dmp	xmrig
behavioral2/memory/592-128-0x00007FF7BDE30000-0x00007FF7BE184000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-133.dat	xmrig
behavioral2/files/0x0007000000023416-132.dat	xmrig
behavioral2/memory/1852-131-0x00007FF62C5A0000-0x00007FF62C8F4000-memory.dmp	xmrig
behavioral2/memory/3552-130-0x00007FF711740000-0x00007FF711A94000-memory.dmp	xmrig
behavioral2/memory/3864-129-0x00007FF7E0D20000-0x00007FF7E1074000-memory.dmp	xmrig
behavioral2/memory/1172-127-0x00007FF7E6D10000-0x00007FF7E7064000-memory.dmp	xmrig
behavioral2/memory/4356-125-0x00007FF64DD50000-0x00007FF64E0A4000-memory.dmp	xmrig
behavioral2/memory/3984-124-0x00007FF78E390000-0x00007FF78E6E4000-memory.dmp	xmrig
behavioral2/memory/1364-120-0x00007FF751100000-0x00007FF751454000-memory.dmp	xmrig
behavioral2/memory/1592-119-0x00007FF706C10000-0x00007FF706F64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-109.dat	xmrig
behavioral2/files/0x0007000000023412-107.dat	xmrig
behavioral2/memory/3160-89-0x00007FF78EF70000-0x00007FF78F2C4000-memory.dmp	xmrig
behavioral2/memory/3720-87-0x00007FF77A330000-0x00007FF77A684000-memory.dmp	xmrig
behavioral2/files/0x0007000000023417-138.dat	xmrig
behavioral2/files/0x0007000000023418-143.dat	xmrig
behavioral2/files/0x0007000000023419-148.dat	xmrig
behavioral2/files/0x000700000002341a-154.dat	xmrig
behavioral2/memory/1048-157-0x00007FF6EDCD0000-0x00007FF6EE024000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-163.dat	xmrig
behavioral2/memory/4348-151-0x00007FF6CC150000-0x00007FF6CC4A4000-memory.dmp	xmrig
behavioral2/memory/2540-150-0x00007FF7B70E0000-0x00007FF7B7434000-memory.dmp	xmrig
behavioral2/memory/3208-147-0x00007FF77E210000-0x00007FF77E564000-memory.dmp	xmrig
behavioral2/memory/2196-165-0x00007FF60F010000-0x00007FF60F364000-memory.dmp	xmrig
behavioral2/memory/1396-168-0x00007FF631740000-0x00007FF631A94000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-181.dat	xmrig
behavioral2/memory/1388-178-0x00007FF605E90000-0x00007FF6061E4000-memory.dmp	xmrig
behavioral2/memory/1080-186-0x00007FF66E2B0000-0x00007FF66E604000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4868	pujFqge.exe
1364	NtfFoon.exe
3908	eLxYZyj.exe
3984	yJbvzam.exe
3552	TUGPAGh.exe
3864	mxVATns.exe
4356	XqntnbD.exe
1852	HtpAFKu.exe
4348	QWqZzQv.exe
1048	bAOXVTh.exe
4232	tIqDJbI.exe
1840	FudJmpW.exe
4168	UpULxXK.exe
3720	RUzhvjY.exe
1360	OKPGWbQ.exe
536	qhmvpLS.exe
3320	NQHTUXh.exe
1592	GldwEKW.exe
1164	XWjEOGR.exe
592	hivaqPa.exe
1172	gIYyZWW.exe
3208	rGwhvDg.exe
2540	dAqLqiA.exe
2196	axdhboe.exe
1396	iaAhIwp.exe
1388	rmFdwGb.exe
1080	iHazBis.exe
3308	ualkmtF.exe
3932	WPguOcH.exe
4192	srHVrbX.exe
2392	bWBKCBV.exe
1724	wOZcfsU.exe
4744	XSiexuV.exe
4604	CixVMnm.exe
1236	nsamwbQ.exe
4736	uQxgkRd.exe
3400	SidzVmV.exe
3296	pjHFjCh.exe
3904	OtlpNby.exe
800	Unktjrr.exe
4500	MHOdnmu.exe
3680	BlBUACv.exe
4124	VjonsXP.exe
2732	cudxRef.exe
1740	YTvYgyQ.exe
4376	gTjXipg.exe
4072	JJMCjkN.exe
1228	bjXwolz.exe
1372	HYBFNHq.exe
64	dMKUNck.exe
1720	TZwLyDu.exe
1264	MWDZzof.exe
1068	pMOJNum.exe
3028	eJYeKrg.exe
2376	TshsckQ.exe
1820	RRwasdC.exe
3788	DlrwrKA.exe
2340	gjzNrjA.exe
4176	JaXudDj.exe
4040	RJsITrW.exe
2680	EeeoliN.exe
3216	dHIIrXD.exe
4368	iwEHNxZ.exe
1964	pCKADpS.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3160-0-0x00007FF78EF70000-0x00007FF78F2C4000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-5.dat	upx
behavioral2/memory/4868-10-0x00007FF7BDAD0000-0x00007FF7BDE24000-memory.dmp	upx
behavioral2/files/0x0007000000023403-9.dat	upx
behavioral2/files/0x00090000000233f4-13.dat	upx
behavioral2/memory/1364-19-0x00007FF751100000-0x00007FF751454000-memory.dmp	upx
behavioral2/memory/3864-35-0x00007FF7E0D20000-0x00007FF7E1074000-memory.dmp	upx
behavioral2/memory/4356-40-0x00007FF64DD50000-0x00007FF64E0A4000-memory.dmp	upx
behavioral2/memory/3552-49-0x00007FF711740000-0x00007FF711A94000-memory.dmp	upx
behavioral2/memory/1852-55-0x00007FF62C5A0000-0x00007FF62C8F4000-memory.dmp	upx
behavioral2/memory/4348-56-0x00007FF6CC150000-0x00007FF6CC4A4000-memory.dmp	upx
behavioral2/files/0x0007000000023409-60.dat	upx
behavioral2/files/0x000700000002340a-58.dat	upx
behavioral2/memory/1048-57-0x00007FF6EDCD0000-0x00007FF6EE024000-memory.dmp	upx
behavioral2/files/0x0007000000023408-53.dat	upx
behavioral2/files/0x0007000000023407-51.dat	upx
behavioral2/files/0x0007000000023406-45.dat	upx
behavioral2/files/0x0007000000023404-43.dat	upx
behavioral2/memory/3984-33-0x00007FF78E390000-0x00007FF78E6E4000-memory.dmp	upx
behavioral2/files/0x0007000000023405-37.dat	upx
behavioral2/memory/3908-25-0x00007FF74D5F0000-0x00007FF74D944000-memory.dmp	upx
behavioral2/files/0x000700000002340b-66.dat	upx
behavioral2/memory/4232-68-0x00007FF712D30000-0x00007FF713084000-memory.dmp	upx
behavioral2/files/0x00090000000233fc-74.dat	upx
behavioral2/files/0x0007000000023410-84.dat	upx
behavioral2/memory/4168-81-0x00007FF7DD090000-0x00007FF7DD3E4000-memory.dmp	upx
behavioral2/files/0x000700000002340f-80.dat	upx
behavioral2/memory/1840-77-0x00007FF6FB070000-0x00007FF6FB3C4000-memory.dmp	upx
behavioral2/files/0x000700000002340e-75.dat	upx
behavioral2/memory/1360-100-0x00007FF6E1900000-0x00007FF6E1C54000-memory.dmp	upx
behavioral2/files/0x0007000000023413-104.dat	upx
behavioral2/memory/536-114-0x00007FF618680000-0x00007FF6189D4000-memory.dmp	upx
behavioral2/files/0x0007000000023411-117.dat	upx
behavioral2/memory/3320-123-0x00007FF718850000-0x00007FF718BA4000-memory.dmp	upx
behavioral2/memory/1164-126-0x00007FF605700000-0x00007FF605A54000-memory.dmp	upx
behavioral2/memory/592-128-0x00007FF7BDE30000-0x00007FF7BE184000-memory.dmp	upx
behavioral2/files/0x0007000000023415-133.dat	upx
behavioral2/files/0x0007000000023416-132.dat	upx
behavioral2/memory/1852-131-0x00007FF62C5A0000-0x00007FF62C8F4000-memory.dmp	upx
behavioral2/memory/3552-130-0x00007FF711740000-0x00007FF711A94000-memory.dmp	upx
behavioral2/memory/3864-129-0x00007FF7E0D20000-0x00007FF7E1074000-memory.dmp	upx
behavioral2/memory/1172-127-0x00007FF7E6D10000-0x00007FF7E7064000-memory.dmp	upx
behavioral2/memory/4356-125-0x00007FF64DD50000-0x00007FF64E0A4000-memory.dmp	upx
behavioral2/memory/3984-124-0x00007FF78E390000-0x00007FF78E6E4000-memory.dmp	upx
behavioral2/memory/1364-120-0x00007FF751100000-0x00007FF751454000-memory.dmp	upx
behavioral2/memory/1592-119-0x00007FF706C10000-0x00007FF706F64000-memory.dmp	upx
behavioral2/files/0x0007000000023414-109.dat	upx
behavioral2/files/0x0007000000023412-107.dat	upx
behavioral2/memory/3160-89-0x00007FF78EF70000-0x00007FF78F2C4000-memory.dmp	upx
behavioral2/memory/3720-87-0x00007FF77A330000-0x00007FF77A684000-memory.dmp	upx
behavioral2/files/0x0007000000023417-138.dat	upx
behavioral2/files/0x0007000000023418-143.dat	upx
behavioral2/files/0x0007000000023419-148.dat	upx
behavioral2/files/0x000700000002341a-154.dat	upx
behavioral2/memory/1048-157-0x00007FF6EDCD0000-0x00007FF6EE024000-memory.dmp	upx
behavioral2/files/0x000700000002341b-163.dat	upx
behavioral2/memory/4348-151-0x00007FF6CC150000-0x00007FF6CC4A4000-memory.dmp	upx
behavioral2/memory/2540-150-0x00007FF7B70E0000-0x00007FF7B7434000-memory.dmp	upx
behavioral2/memory/3208-147-0x00007FF77E210000-0x00007FF77E564000-memory.dmp	upx
behavioral2/memory/2196-165-0x00007FF60F010000-0x00007FF60F364000-memory.dmp	upx
behavioral2/memory/1396-168-0x00007FF631740000-0x00007FF631A94000-memory.dmp	upx
behavioral2/files/0x000700000002341c-181.dat	upx
behavioral2/memory/1388-178-0x00007FF605E90000-0x00007FF6061E4000-memory.dmp	upx
behavioral2/memory/1080-186-0x00007FF66E2B0000-0x00007FF66E604000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hTLMWKi.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\RSsIcxt.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\YiFUNyA.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\sXCxUbl.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\zUciuxq.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\fkIKRJY.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\vSeGgBr.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\FiRSqjT.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\cHSDSHY.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\ualkmtF.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\MunwoSb.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\QcxIkZa.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\AMLNHOv.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\cNDrewF.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\hgiWwiJ.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\BHdzEkB.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\GKHdMLh.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\hivaqPa.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\RRwasdC.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\YQQQpsq.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\qnGPinh.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\GVbKeDl.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\TshsckQ.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\GwUcGYr.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\ELhmfBO.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\xbHrDSJ.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\hvSIODr.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\vXTlxxx.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\BHoQiYd.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\geMHhll.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\yAdXHHD.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\VrZStdk.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\hSAZzXQ.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\zOZYimv.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\kQfAiOT.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\pujFqge.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\AvNchHc.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\DKJWpyz.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\aGXGvIU.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\jIxdeEe.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\zLCvnUH.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\truOtRo.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\SPHgMyW.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\yVAGXiU.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\MoLWlOW.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\wjCFJql.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\bkoEoOU.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\wnxCvWd.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\UUUbVUI.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\GGrFZfO.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\AvNhjfp.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\HsVRUUk.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\acudIIl.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\MWDZzof.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\bliyjhc.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\hfLTCTR.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\LvnKpPy.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\HualGuQ.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\wcCAMwN.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\ibFcdpy.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\SUbwMBc.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\VlxenKM.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\GRgEEdb.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
File created	C:\Windows\System\rUQNMQd.exe	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15272	dwm.exe
Token: SeChangeNotifyPrivilege	15272	dwm.exe
Token: 33	15272	dwm.exe
Token: SeIncBasePriorityPrivilege	15272	dwm.exe
Token: SeShutdownPrivilege	15272	dwm.exe
Token: SeCreatePagefilePrivilege	15272	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 4868	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	84
PID 3160 wrote to memory of 4868	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	84
PID 3160 wrote to memory of 1364	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	85
PID 3160 wrote to memory of 1364	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	85
PID 3160 wrote to memory of 3908	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	86
PID 3160 wrote to memory of 3908	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	86
PID 3160 wrote to memory of 3552	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	87
PID 3160 wrote to memory of 3552	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	87
PID 3160 wrote to memory of 3984	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	88
PID 3160 wrote to memory of 3984	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	88
PID 3160 wrote to memory of 3864	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	89
PID 3160 wrote to memory of 3864	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	89
PID 3160 wrote to memory of 4356	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	90
PID 3160 wrote to memory of 4356	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	90
PID 3160 wrote to memory of 1852	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	91
PID 3160 wrote to memory of 1852	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	91
PID 3160 wrote to memory of 4348	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	92
PID 3160 wrote to memory of 4348	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	92
PID 3160 wrote to memory of 1048	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	93
PID 3160 wrote to memory of 1048	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	93
PID 3160 wrote to memory of 4232	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	94
PID 3160 wrote to memory of 4232	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	94
PID 3160 wrote to memory of 1840	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	95
PID 3160 wrote to memory of 1840	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	95
PID 3160 wrote to memory of 4168	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	96
PID 3160 wrote to memory of 4168	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	96
PID 3160 wrote to memory of 3720	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	97
PID 3160 wrote to memory of 3720	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	97
PID 3160 wrote to memory of 1360	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	98
PID 3160 wrote to memory of 1360	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	98
PID 3160 wrote to memory of 536	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	99
PID 3160 wrote to memory of 536	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	99
PID 3160 wrote to memory of 3320	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	100
PID 3160 wrote to memory of 3320	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	100
PID 3160 wrote to memory of 1592	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	101
PID 3160 wrote to memory of 1592	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	101
PID 3160 wrote to memory of 1164	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	102
PID 3160 wrote to memory of 1164	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	102
PID 3160 wrote to memory of 1172	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	103
PID 3160 wrote to memory of 1172	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	103
PID 3160 wrote to memory of 592	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	104
PID 3160 wrote to memory of 592	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	104
PID 3160 wrote to memory of 3208	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	105
PID 3160 wrote to memory of 3208	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	105
PID 3160 wrote to memory of 2540	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	108
PID 3160 wrote to memory of 2540	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	108
PID 3160 wrote to memory of 2196	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	109
PID 3160 wrote to memory of 2196	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	109
PID 3160 wrote to memory of 1396	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	110
PID 3160 wrote to memory of 1396	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	110
PID 3160 wrote to memory of 1388	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	111
PID 3160 wrote to memory of 1388	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	111
PID 3160 wrote to memory of 1080	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	112
PID 3160 wrote to memory of 1080	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	112
PID 3160 wrote to memory of 3308	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	114
PID 3160 wrote to memory of 3308	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	114
PID 3160 wrote to memory of 3932	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	115
PID 3160 wrote to memory of 3932	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	115
PID 3160 wrote to memory of 4192	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	116
PID 3160 wrote to memory of 4192	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	116
PID 3160 wrote to memory of 2392	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	117
PID 3160 wrote to memory of 2392	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	117
PID 3160 wrote to memory of 1724	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	118
PID 3160 wrote to memory of 1724	3160	204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\204f7c6908fb15f68679a8982c0bd0aca1a9bd50f8ce5fa2cfff4b4f011d3154_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Windows\System\pujFqge.exe
  C:\Windows\System\pujFqge.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\NtfFoon.exe
  C:\Windows\System\NtfFoon.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\eLxYZyj.exe
  C:\Windows\System\eLxYZyj.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\TUGPAGh.exe
  C:\Windows\System\TUGPAGh.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\yJbvzam.exe
  C:\Windows\System\yJbvzam.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\mxVATns.exe
  C:\Windows\System\mxVATns.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\XqntnbD.exe
  C:\Windows\System\XqntnbD.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\HtpAFKu.exe
  C:\Windows\System\HtpAFKu.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\QWqZzQv.exe
  C:\Windows\System\QWqZzQv.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\bAOXVTh.exe
  C:\Windows\System\bAOXVTh.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\tIqDJbI.exe
  C:\Windows\System\tIqDJbI.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\FudJmpW.exe
  C:\Windows\System\FudJmpW.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\UpULxXK.exe
  C:\Windows\System\UpULxXK.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\RUzhvjY.exe
  C:\Windows\System\RUzhvjY.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\OKPGWbQ.exe
  C:\Windows\System\OKPGWbQ.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\qhmvpLS.exe
  C:\Windows\System\qhmvpLS.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\NQHTUXh.exe
  C:\Windows\System\NQHTUXh.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\GldwEKW.exe
  C:\Windows\System\GldwEKW.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\XWjEOGR.exe
  C:\Windows\System\XWjEOGR.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\gIYyZWW.exe
  C:\Windows\System\gIYyZWW.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\hivaqPa.exe
  C:\Windows\System\hivaqPa.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\rGwhvDg.exe
  C:\Windows\System\rGwhvDg.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\dAqLqiA.exe
  C:\Windows\System\dAqLqiA.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\axdhboe.exe
  C:\Windows\System\axdhboe.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\iaAhIwp.exe
  C:\Windows\System\iaAhIwp.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\rmFdwGb.exe
  C:\Windows\System\rmFdwGb.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\iHazBis.exe
  C:\Windows\System\iHazBis.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\ualkmtF.exe
  C:\Windows\System\ualkmtF.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\WPguOcH.exe
  C:\Windows\System\WPguOcH.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\srHVrbX.exe
  C:\Windows\System\srHVrbX.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\bWBKCBV.exe
  C:\Windows\System\bWBKCBV.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\wOZcfsU.exe
  C:\Windows\System\wOZcfsU.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\XSiexuV.exe
  C:\Windows\System\XSiexuV.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\CixVMnm.exe
  C:\Windows\System\CixVMnm.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\nsamwbQ.exe
  C:\Windows\System\nsamwbQ.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\uQxgkRd.exe
  C:\Windows\System\uQxgkRd.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\SidzVmV.exe
  C:\Windows\System\SidzVmV.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\pjHFjCh.exe
  C:\Windows\System\pjHFjCh.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\OtlpNby.exe
  C:\Windows\System\OtlpNby.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\Unktjrr.exe
  C:\Windows\System\Unktjrr.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\MHOdnmu.exe
  C:\Windows\System\MHOdnmu.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\BlBUACv.exe
  C:\Windows\System\BlBUACv.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\VjonsXP.exe
  C:\Windows\System\VjonsXP.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\cudxRef.exe
  C:\Windows\System\cudxRef.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\YTvYgyQ.exe
  C:\Windows\System\YTvYgyQ.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\gTjXipg.exe
  C:\Windows\System\gTjXipg.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\JJMCjkN.exe
  C:\Windows\System\JJMCjkN.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\bjXwolz.exe
  C:\Windows\System\bjXwolz.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\HYBFNHq.exe
  C:\Windows\System\HYBFNHq.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\dMKUNck.exe
  C:\Windows\System\dMKUNck.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\TZwLyDu.exe
  C:\Windows\System\TZwLyDu.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\MWDZzof.exe
  C:\Windows\System\MWDZzof.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\pMOJNum.exe
  C:\Windows\System\pMOJNum.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\eJYeKrg.exe
  C:\Windows\System\eJYeKrg.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\TshsckQ.exe
  C:\Windows\System\TshsckQ.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\RRwasdC.exe
  C:\Windows\System\RRwasdC.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\DlrwrKA.exe
  C:\Windows\System\DlrwrKA.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\gjzNrjA.exe
  C:\Windows\System\gjzNrjA.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\JaXudDj.exe
  C:\Windows\System\JaXudDj.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\RJsITrW.exe
  C:\Windows\System\RJsITrW.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\EeeoliN.exe
  C:\Windows\System\EeeoliN.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\dHIIrXD.exe
  C:\Windows\System\dHIIrXD.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\iwEHNxZ.exe
  C:\Windows\System\iwEHNxZ.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\pCKADpS.exe
  C:\Windows\System\pCKADpS.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\GXMmtln.exe
  C:\Windows\System\GXMmtln.exe
  2⤵
  PID:3604
- C:\Windows\System\gEqxWds.exe
  C:\Windows\System\gEqxWds.exe
  2⤵
  PID:4420
- C:\Windows\System\lZeloDY.exe
  C:\Windows\System\lZeloDY.exe
  2⤵
  PID:3156
- C:\Windows\System\mynkQhs.exe
  C:\Windows\System\mynkQhs.exe
  2⤵
  PID:4900
- C:\Windows\System\LqpToZK.exe
  C:\Windows\System\LqpToZK.exe
  2⤵
  PID:1860
- C:\Windows\System\ZzeUxxB.exe
  C:\Windows\System\ZzeUxxB.exe
  2⤵
  PID:1996
- C:\Windows\System\hpwSaHG.exe
  C:\Windows\System\hpwSaHG.exe
  2⤵
  PID:368
- C:\Windows\System\YggFUeS.exe
  C:\Windows\System\YggFUeS.exe
  2⤵
  PID:208
- C:\Windows\System\PmxMelZ.exe
  C:\Windows\System\PmxMelZ.exe
  2⤵
  PID:4172
- C:\Windows\System\pDHDJaB.exe
  C:\Windows\System\pDHDJaB.exe
  2⤵
  PID:4272
- C:\Windows\System\itLgXJw.exe
  C:\Windows\System\itLgXJw.exe
  2⤵
  PID:348
- C:\Windows\System\rnGLfkK.exe
  C:\Windows\System\rnGLfkK.exe
  2⤵
  PID:1016
- C:\Windows\System\dFhPknm.exe
  C:\Windows\System\dFhPknm.exe
  2⤵
  PID:3108
- C:\Windows\System\ddiFrof.exe
  C:\Windows\System\ddiFrof.exe
  2⤵
  PID:1576
- C:\Windows\System\vzFyHxw.exe
  C:\Windows\System\vzFyHxw.exe
  2⤵
  PID:3408
- C:\Windows\System\KbIztuQ.exe
  C:\Windows\System\KbIztuQ.exe
  2⤵
  PID:4504
- C:\Windows\System\ToPgdRo.exe
  C:\Windows\System\ToPgdRo.exe
  2⤵
  PID:3568
- C:\Windows\System\DNbGFTD.exe
  C:\Windows\System\DNbGFTD.exe
  2⤵
  PID:2592
- C:\Windows\System\LXmVJYb.exe
  C:\Windows\System\LXmVJYb.exe
  2⤵
  PID:2264
- C:\Windows\System\HHOJppD.exe
  C:\Windows\System\HHOJppD.exe
  2⤵
  PID:1808
- C:\Windows\System\PHMzkxm.exe
  C:\Windows\System\PHMzkxm.exe
  2⤵
  PID:860
- C:\Windows\System\bkoEoOU.exe
  C:\Windows\System\bkoEoOU.exe
  2⤵
  PID:5144
- C:\Windows\System\uIPcIEY.exe
  C:\Windows\System\uIPcIEY.exe
  2⤵
  PID:5180
- C:\Windows\System\RSsIcxt.exe
  C:\Windows\System\RSsIcxt.exe
  2⤵
  PID:5200
- C:\Windows\System\zOHYasc.exe
  C:\Windows\System\zOHYasc.exe
  2⤵
  PID:5232
- C:\Windows\System\hHmYQzw.exe
  C:\Windows\System\hHmYQzw.exe
  2⤵
  PID:5260
- C:\Windows\System\erTDzxx.exe
  C:\Windows\System\erTDzxx.exe
  2⤵
  PID:5288
- C:\Windows\System\LLpzXrN.exe
  C:\Windows\System\LLpzXrN.exe
  2⤵
  PID:5324
- C:\Windows\System\ltVsIIP.exe
  C:\Windows\System\ltVsIIP.exe
  2⤵
  PID:5340
- C:\Windows\System\mcSZPPi.exe
  C:\Windows\System\mcSZPPi.exe
  2⤵
  PID:5372
- C:\Windows\System\ChpmNJI.exe
  C:\Windows\System\ChpmNJI.exe
  2⤵
  PID:5396
- C:\Windows\System\msBoYbF.exe
  C:\Windows\System\msBoYbF.exe
  2⤵
  PID:5416
- C:\Windows\System\WuvECwa.exe
  C:\Windows\System\WuvECwa.exe
  2⤵
  PID:5448
- C:\Windows\System\TmYedqd.exe
  C:\Windows\System\TmYedqd.exe
  2⤵
  PID:5480
- C:\Windows\System\FbMtqqe.exe
  C:\Windows\System\FbMtqqe.exe
  2⤵
  PID:5520
- C:\Windows\System\zJCnaqW.exe
  C:\Windows\System\zJCnaqW.exe
  2⤵
  PID:5556
- C:\Windows\System\cGrfvNm.exe
  C:\Windows\System\cGrfvNm.exe
  2⤵
  PID:5572
- C:\Windows\System\tqMFXYX.exe
  C:\Windows\System\tqMFXYX.exe
  2⤵
  PID:5604
- C:\Windows\System\QKQdMWk.exe
  C:\Windows\System\QKQdMWk.exe
  2⤵
  PID:5632
- C:\Windows\System\oQgoYiZ.exe
  C:\Windows\System\oQgoYiZ.exe
  2⤵
  PID:5656
- C:\Windows\System\zFDaaKI.exe
  C:\Windows\System\zFDaaKI.exe
  2⤵
  PID:5712
- C:\Windows\System\IXVARyP.exe
  C:\Windows\System\IXVARyP.exe
  2⤵
  PID:5744
- C:\Windows\System\uwogTJo.exe
  C:\Windows\System\uwogTJo.exe
  2⤵
  PID:5772
- C:\Windows\System\GZXXmFa.exe
  C:\Windows\System\GZXXmFa.exe
  2⤵
  PID:5796
- C:\Windows\System\coamKHW.exe
  C:\Windows\System\coamKHW.exe
  2⤵
  PID:5828
- C:\Windows\System\HmTOfFh.exe
  C:\Windows\System\HmTOfFh.exe
  2⤵
  PID:5856
- C:\Windows\System\QZFjGEW.exe
  C:\Windows\System\QZFjGEW.exe
  2⤵
  PID:5880
- C:\Windows\System\wYAftoE.exe
  C:\Windows\System\wYAftoE.exe
  2⤵
  PID:5908
- C:\Windows\System\bzUnESr.exe
  C:\Windows\System\bzUnESr.exe
  2⤵
  PID:5940
- C:\Windows\System\YhxzNEn.exe
  C:\Windows\System\YhxzNEn.exe
  2⤵
  PID:5988
- C:\Windows\System\ZULqsfy.exe
  C:\Windows\System\ZULqsfy.exe
  2⤵
  PID:6020
- C:\Windows\System\AUQdCAg.exe
  C:\Windows\System\AUQdCAg.exe
  2⤵
  PID:6036
- C:\Windows\System\gRqKVoG.exe
  C:\Windows\System\gRqKVoG.exe
  2⤵
  PID:6080
- C:\Windows\System\czgOsvB.exe
  C:\Windows\System\czgOsvB.exe
  2⤵
  PID:6112
- C:\Windows\System\CGcoedH.exe
  C:\Windows\System\CGcoedH.exe
  2⤵
  PID:6136
- C:\Windows\System\bHXHpMn.exe
  C:\Windows\System\bHXHpMn.exe
  2⤵
  PID:5124
- C:\Windows\System\EjwuJRK.exe
  C:\Windows\System\EjwuJRK.exe
  2⤵
  PID:5220
- C:\Windows\System\mDfEMYF.exe
  C:\Windows\System\mDfEMYF.exe
  2⤵
  PID:5304
- C:\Windows\System\JaHScmk.exe
  C:\Windows\System\JaHScmk.exe
  2⤵
  PID:5380
- C:\Windows\System\yExicoo.exe
  C:\Windows\System\yExicoo.exe
  2⤵
  PID:5440
- C:\Windows\System\CVMLqLG.exe
  C:\Windows\System\CVMLqLG.exe
  2⤵
  PID:5492
- C:\Windows\System\LewfTqB.exe
  C:\Windows\System\LewfTqB.exe
  2⤵
  PID:5568
- C:\Windows\System\PMofSaV.exe
  C:\Windows\System\PMofSaV.exe
  2⤵
  PID:5640
- C:\Windows\System\vzFcaou.exe
  C:\Windows\System\vzFcaou.exe
  2⤵
  PID:5724
- C:\Windows\System\uwNkAEs.exe
  C:\Windows\System\uwNkAEs.exe
  2⤵
  PID:5788
- C:\Windows\System\EEiQuvF.exe
  C:\Windows\System\EEiQuvF.exe
  2⤵
  PID:5840
- C:\Windows\System\pJRVFIc.exe
  C:\Windows\System\pJRVFIc.exe
  2⤵
  PID:5868
- C:\Windows\System\ADLXZXZ.exe
  C:\Windows\System\ADLXZXZ.exe
  2⤵
  PID:5984
- C:\Windows\System\UWSbLkX.exe
  C:\Windows\System\UWSbLkX.exe
  2⤵
  PID:6016
- C:\Windows\System\bSTNvVP.exe
  C:\Windows\System\bSTNvVP.exe
  2⤵
  PID:6120
- C:\Windows\System\GwUcGYr.exe
  C:\Windows\System\GwUcGYr.exe
  2⤵
  PID:5192
- C:\Windows\System\SaxtEnB.exe
  C:\Windows\System\SaxtEnB.exe
  2⤵
  PID:5356
- C:\Windows\System\UiATBBx.exe
  C:\Windows\System\UiATBBx.exe
  2⤵
  PID:1288
- C:\Windows\System\NgmnQZJ.exe
  C:\Windows\System\NgmnQZJ.exe
  2⤵
  PID:5596
- C:\Windows\System\nNCJsLR.exe
  C:\Windows\System\nNCJsLR.exe
  2⤵
  PID:5760
- C:\Windows\System\MDyPVdv.exe
  C:\Windows\System\MDyPVdv.exe
  2⤵
  PID:5900
- C:\Windows\System\vLMCuKZ.exe
  C:\Windows\System\vLMCuKZ.exe
  2⤵
  PID:6004
- C:\Windows\System\DuwTFbH.exe
  C:\Windows\System\DuwTFbH.exe
  2⤵
  PID:4804
- C:\Windows\System\PPWQYFV.exe
  C:\Windows\System\PPWQYFV.exe
  2⤵
  PID:5680
- C:\Windows\System\AOLdvTh.exe
  C:\Windows\System\AOLdvTh.exe
  2⤵
  PID:1652
- C:\Windows\System\RviOuaR.exe
  C:\Windows\System\RviOuaR.exe
  2⤵
  PID:5280
- C:\Windows\System\lPnPkhD.exe
  C:\Windows\System\lPnPkhD.exe
  2⤵
  PID:6076
- C:\Windows\System\TrCCDrp.exe
  C:\Windows\System\TrCCDrp.exe
  2⤵
  PID:6172
- C:\Windows\System\YCDNyWu.exe
  C:\Windows\System\YCDNyWu.exe
  2⤵
  PID:6188
- C:\Windows\System\KTTgxkd.exe
  C:\Windows\System\KTTgxkd.exe
  2⤵
  PID:6216
- C:\Windows\System\fmEQMXO.exe
  C:\Windows\System\fmEQMXO.exe
  2⤵
  PID:6248
- C:\Windows\System\hvwLjUd.exe
  C:\Windows\System\hvwLjUd.exe
  2⤵
  PID:6272
- C:\Windows\System\VlxenKM.exe
  C:\Windows\System\VlxenKM.exe
  2⤵
  PID:6300
- C:\Windows\System\fmSAsGB.exe
  C:\Windows\System\fmSAsGB.exe
  2⤵
  PID:6340
- C:\Windows\System\fPpvODA.exe
  C:\Windows\System\fPpvODA.exe
  2⤵
  PID:6360
- C:\Windows\System\nSWvYUn.exe
  C:\Windows\System\nSWvYUn.exe
  2⤵
  PID:6404
- C:\Windows\System\anBvAPD.exe
  C:\Windows\System\anBvAPD.exe
  2⤵
  PID:6424
- C:\Windows\System\hdzFgoT.exe
  C:\Windows\System\hdzFgoT.exe
  2⤵
  PID:6444
- C:\Windows\System\TdMjEgC.exe
  C:\Windows\System\TdMjEgC.exe
  2⤵
  PID:6484
- C:\Windows\System\YdFjwHl.exe
  C:\Windows\System\YdFjwHl.exe
  2⤵
  PID:6516
- C:\Windows\System\dYaTQOF.exe
  C:\Windows\System\dYaTQOF.exe
  2⤵
  PID:6540
- C:\Windows\System\TLILHMN.exe
  C:\Windows\System\TLILHMN.exe
  2⤵
  PID:6568
- C:\Windows\System\FDZHdGM.exe
  C:\Windows\System\FDZHdGM.exe
  2⤵
  PID:6596
- C:\Windows\System\LosDGNg.exe
  C:\Windows\System\LosDGNg.exe
  2⤵
  PID:6628
- C:\Windows\System\CzmCdYY.exe
  C:\Windows\System\CzmCdYY.exe
  2⤵
  PID:6656
- C:\Windows\System\uxyHHdW.exe
  C:\Windows\System\uxyHHdW.exe
  2⤵
  PID:6684
- C:\Windows\System\MRgDwBK.exe
  C:\Windows\System\MRgDwBK.exe
  2⤵
  PID:6712
- C:\Windows\System\rTKRobo.exe
  C:\Windows\System\rTKRobo.exe
  2⤵
  PID:6740
- C:\Windows\System\ESiOYpe.exe
  C:\Windows\System\ESiOYpe.exe
  2⤵
  PID:6768
- C:\Windows\System\kLMkxhP.exe
  C:\Windows\System\kLMkxhP.exe
  2⤵
  PID:6796
- C:\Windows\System\kDuvNNu.exe
  C:\Windows\System\kDuvNNu.exe
  2⤵
  PID:6816
- C:\Windows\System\AvNchHc.exe
  C:\Windows\System\AvNchHc.exe
  2⤵
  PID:6852
- C:\Windows\System\GjFZFZi.exe
  C:\Windows\System\GjFZFZi.exe
  2⤵
  PID:6880
- C:\Windows\System\wPOSTND.exe
  C:\Windows\System\wPOSTND.exe
  2⤵
  PID:6908
- C:\Windows\System\cRvOJvE.exe
  C:\Windows\System\cRvOJvE.exe
  2⤵
  PID:6940
- C:\Windows\System\FSWFyxN.exe
  C:\Windows\System\FSWFyxN.exe
  2⤵
  PID:6964
- C:\Windows\System\qOqtFxe.exe
  C:\Windows\System\qOqtFxe.exe
  2⤵
  PID:6992
- C:\Windows\System\qzEZDUl.exe
  C:\Windows\System\qzEZDUl.exe
  2⤵
  PID:7008
- C:\Windows\System\UcppPXh.exe
  C:\Windows\System\UcppPXh.exe
  2⤵
  PID:7036
- C:\Windows\System\YQQQpsq.exe
  C:\Windows\System\YQQQpsq.exe
  2⤵
  PID:7064
- C:\Windows\System\PHdOZKc.exe
  C:\Windows\System\PHdOZKc.exe
  2⤵
  PID:7088
- C:\Windows\System\rovrvfd.exe
  C:\Windows\System\rovrvfd.exe
  2⤵
  PID:7112
- C:\Windows\System\MJEHfRY.exe
  C:\Windows\System\MJEHfRY.exe
  2⤵
  PID:7140
- C:\Windows\System\xXbNZtT.exe
  C:\Windows\System\xXbNZtT.exe
  2⤵
  PID:3256
- C:\Windows\System\hXlWzzY.exe
  C:\Windows\System\hXlWzzY.exe
  2⤵
  PID:6184
- C:\Windows\System\zNpsHKl.exe
  C:\Windows\System\zNpsHKl.exe
  2⤵
  PID:6264
- C:\Windows\System\tuJecgl.exe
  C:\Windows\System\tuJecgl.exe
  2⤵
  PID:6336
- C:\Windows\System\ubVNuNJ.exe
  C:\Windows\System\ubVNuNJ.exe
  2⤵
  PID:6460
- C:\Windows\System\VivoKXt.exe
  C:\Windows\System\VivoKXt.exe
  2⤵
  PID:6492
- C:\Windows\System\UibRiZM.exe
  C:\Windows\System\UibRiZM.exe
  2⤵
  PID:6588
- C:\Windows\System\nhwPATE.exe
  C:\Windows\System\nhwPATE.exe
  2⤵
  PID:6652
- C:\Windows\System\GLwlARH.exe
  C:\Windows\System\GLwlARH.exe
  2⤵
  PID:6724
- C:\Windows\System\KKBPsHu.exe
  C:\Windows\System\KKBPsHu.exe
  2⤵
  PID:6764
- C:\Windows\System\BwFUIhs.exe
  C:\Windows\System\BwFUIhs.exe
  2⤵
  PID:6848
- C:\Windows\System\ILYeKoC.exe
  C:\Windows\System\ILYeKoC.exe
  2⤵
  PID:6920
- C:\Windows\System\ObhRtRH.exe
  C:\Windows\System\ObhRtRH.exe
  2⤵
  PID:6976
- C:\Windows\System\JtrzCyM.exe
  C:\Windows\System\JtrzCyM.exe
  2⤵
  PID:7048
- C:\Windows\System\LvDiMoD.exe
  C:\Windows\System\LvDiMoD.exe
  2⤵
  PID:7084
- C:\Windows\System\nhvXySj.exe
  C:\Windows\System\nhvXySj.exe
  2⤵
  PID:7160
- C:\Windows\System\FXFsGsO.exe
  C:\Windows\System\FXFsGsO.exe
  2⤵
  PID:6292
- C:\Windows\System\NVoRsQc.exe
  C:\Windows\System\NVoRsQc.exe
  2⤵
  PID:6384
- C:\Windows\System\MunwoSb.exe
  C:\Windows\System\MunwoSb.exe
  2⤵
  PID:6564
- C:\Windows\System\truOtRo.exe
  C:\Windows\System\truOtRo.exe
  2⤵
  PID:6780
- C:\Windows\System\pfOEPJU.exe
  C:\Windows\System\pfOEPJU.exe
  2⤵
  PID:6896
- C:\Windows\System\QcxIkZa.exe
  C:\Windows\System\QcxIkZa.exe
  2⤵
  PID:7104
- C:\Windows\System\qQdoGOY.exe
  C:\Windows\System\qQdoGOY.exe
  2⤵
  PID:6240
- C:\Windows\System\gYitThs.exe
  C:\Windows\System\gYitThs.exe
  2⤵
  PID:7120
- C:\Windows\System\WcGXqPt.exe
  C:\Windows\System\WcGXqPt.exe
  2⤵
  PID:6616
- C:\Windows\System\SIUeNTy.exe
  C:\Windows\System\SIUeNTy.exe
  2⤵
  PID:6508
- C:\Windows\System\VPxUMkQ.exe
  C:\Windows\System\VPxUMkQ.exe
  2⤵
  PID:6472
- C:\Windows\System\zjgzqDo.exe
  C:\Windows\System\zjgzqDo.exe
  2⤵
  PID:7196
- C:\Windows\System\AMLNHOv.exe
  C:\Windows\System\AMLNHOv.exe
  2⤵
  PID:7224
- C:\Windows\System\olUDbtu.exe
  C:\Windows\System\olUDbtu.exe
  2⤵
  PID:7252
- C:\Windows\System\qSDLESU.exe
  C:\Windows\System\qSDLESU.exe
  2⤵
  PID:7280
- C:\Windows\System\wQMWOGi.exe
  C:\Windows\System\wQMWOGi.exe
  2⤵
  PID:7308
- C:\Windows\System\COovGjx.exe
  C:\Windows\System\COovGjx.exe
  2⤵
  PID:7344
- C:\Windows\System\KSLjZfv.exe
  C:\Windows\System\KSLjZfv.exe
  2⤵
  PID:7368
- C:\Windows\System\ueENHCL.exe
  C:\Windows\System\ueENHCL.exe
  2⤵
  PID:7396
- C:\Windows\System\nYiAfTs.exe
  C:\Windows\System\nYiAfTs.exe
  2⤵
  PID:7424
- C:\Windows\System\giTBnnT.exe
  C:\Windows\System\giTBnnT.exe
  2⤵
  PID:7452
- C:\Windows\System\VQoxFZe.exe
  C:\Windows\System\VQoxFZe.exe
  2⤵
  PID:7480
- C:\Windows\System\efksjfG.exe
  C:\Windows\System\efksjfG.exe
  2⤵
  PID:7508
- C:\Windows\System\rbRdBAo.exe
  C:\Windows\System\rbRdBAo.exe
  2⤵
  PID:7536
- C:\Windows\System\YgBtljc.exe
  C:\Windows\System\YgBtljc.exe
  2⤵
  PID:7564
- C:\Windows\System\wnxCvWd.exe
  C:\Windows\System\wnxCvWd.exe
  2⤵
  PID:7592
- C:\Windows\System\vMsfiyh.exe
  C:\Windows\System\vMsfiyh.exe
  2⤵
  PID:7628
- C:\Windows\System\YzkHsum.exe
  C:\Windows\System\YzkHsum.exe
  2⤵
  PID:7648
- C:\Windows\System\GzRoiQy.exe
  C:\Windows\System\GzRoiQy.exe
  2⤵
  PID:7676
- C:\Windows\System\YJVzllL.exe
  C:\Windows\System\YJVzllL.exe
  2⤵
  PID:7704
- C:\Windows\System\ktKVCIu.exe
  C:\Windows\System\ktKVCIu.exe
  2⤵
  PID:7732
- C:\Windows\System\OoJhSQP.exe
  C:\Windows\System\OoJhSQP.exe
  2⤵
  PID:7760
- C:\Windows\System\KBcvUuW.exe
  C:\Windows\System\KBcvUuW.exe
  2⤵
  PID:7788
- C:\Windows\System\BvKbnUC.exe
  C:\Windows\System\BvKbnUC.exe
  2⤵
  PID:7820
- C:\Windows\System\PdMoxZP.exe
  C:\Windows\System\PdMoxZP.exe
  2⤵
  PID:7844
- C:\Windows\System\kppqkNp.exe
  C:\Windows\System\kppqkNp.exe
  2⤵
  PID:7876
- C:\Windows\System\zcMMGCL.exe
  C:\Windows\System\zcMMGCL.exe
  2⤵
  PID:7916
- C:\Windows\System\BmmxIQP.exe
  C:\Windows\System\BmmxIQP.exe
  2⤵
  PID:7932
- C:\Windows\System\dRjGTvs.exe
  C:\Windows\System\dRjGTvs.exe
  2⤵
  PID:7960
- C:\Windows\System\AVnXzcU.exe
  C:\Windows\System\AVnXzcU.exe
  2⤵
  PID:7988
- C:\Windows\System\JuKRyIt.exe
  C:\Windows\System\JuKRyIt.exe
  2⤵
  PID:8020
- C:\Windows\System\ELhmfBO.exe
  C:\Windows\System\ELhmfBO.exe
  2⤵
  PID:8052
- C:\Windows\System\LHLUELQ.exe
  C:\Windows\System\LHLUELQ.exe
  2⤵
  PID:8080
- C:\Windows\System\VZbLdzH.exe
  C:\Windows\System\VZbLdzH.exe
  2⤵
  PID:8100
- C:\Windows\System\vXTlxxx.exe
  C:\Windows\System\vXTlxxx.exe
  2⤵
  PID:8124
- C:\Windows\System\YaqwRWt.exe
  C:\Windows\System\YaqwRWt.exe
  2⤵
  PID:8152
- C:\Windows\System\bliyjhc.exe
  C:\Windows\System\bliyjhc.exe
  2⤵
  PID:8180
- C:\Windows\System\vvTdvSc.exe
  C:\Windows\System\vvTdvSc.exe
  2⤵
  PID:7220
- C:\Windows\System\iQFDhOp.exe
  C:\Windows\System\iQFDhOp.exe
  2⤵
  PID:7296
- C:\Windows\System\IJAZdCd.exe
  C:\Windows\System\IJAZdCd.exe
  2⤵
  PID:7380
- C:\Windows\System\JzNgeVa.exe
  C:\Windows\System\JzNgeVa.exe
  2⤵
  PID:7464
- C:\Windows\System\xqkbilt.exe
  C:\Windows\System\xqkbilt.exe
  2⤵
  PID:7520
- C:\Windows\System\szovWRi.exe
  C:\Windows\System\szovWRi.exe
  2⤵
  PID:7584
- C:\Windows\System\GRgEEdb.exe
  C:\Windows\System\GRgEEdb.exe
  2⤵
  PID:7644
- C:\Windows\System\bisrgTh.exe
  C:\Windows\System\bisrgTh.exe
  2⤵
  PID:7716
- C:\Windows\System\qpnNKZl.exe
  C:\Windows\System\qpnNKZl.exe
  2⤵
  PID:7780
- C:\Windows\System\PrLfumn.exe
  C:\Windows\System\PrLfumn.exe
  2⤵
  PID:7840
- C:\Windows\System\SPHgMyW.exe
  C:\Windows\System\SPHgMyW.exe
  2⤵
  PID:3024
- C:\Windows\System\KRJFAYV.exe
  C:\Windows\System\KRJFAYV.exe
  2⤵
  PID:7900
- C:\Windows\System\pPPUAqG.exe
  C:\Windows\System\pPPUAqG.exe
  2⤵
  PID:7928
- C:\Windows\System\ALnnwyH.exe
  C:\Windows\System\ALnnwyH.exe
  2⤵
  PID:8000
- C:\Windows\System\UzWNgAs.exe
  C:\Windows\System\UzWNgAs.exe
  2⤵
  PID:8076
- C:\Windows\System\eDzshzq.exe
  C:\Windows\System\eDzshzq.exe
  2⤵
  PID:8144
- C:\Windows\System\ZIUaWOp.exe
  C:\Windows\System\ZIUaWOp.exe
  2⤵
  PID:7184
- C:\Windows\System\GjhMTqz.exe
  C:\Windows\System\GjhMTqz.exe
  2⤵
  PID:7420
- C:\Windows\System\cvkDSly.exe
  C:\Windows\System\cvkDSly.exe
  2⤵
  PID:7548
- C:\Windows\System\DKJWpyz.exe
  C:\Windows\System\DKJWpyz.exe
  2⤵
  PID:7672
- C:\Windows\System\aIUoFoP.exe
  C:\Windows\System\aIUoFoP.exe
  2⤵
  PID:7836
- C:\Windows\System\UUUbVUI.exe
  C:\Windows\System\UUUbVUI.exe
  2⤵
  PID:6640
- C:\Windows\System\SdsWffi.exe
  C:\Windows\System\SdsWffi.exe
  2⤵
  PID:8092
- C:\Windows\System\lbsJNmP.exe
  C:\Windows\System\lbsJNmP.exe
  2⤵
  PID:7352
- C:\Windows\System\DRLlCYU.exe
  C:\Windows\System\DRLlCYU.exe
  2⤵
  PID:7616
- C:\Windows\System\jZCrJMZ.exe
  C:\Windows\System\jZCrJMZ.exe
  2⤵
  PID:7976
- C:\Windows\System\MMWXcPb.exe
  C:\Windows\System\MMWXcPb.exe
  2⤵
  PID:7640
- C:\Windows\System\ELokmJx.exe
  C:\Windows\System\ELokmJx.exe
  2⤵
  PID:7292
- C:\Windows\System\aGXGvIU.exe
  C:\Windows\System\aGXGvIU.exe
  2⤵
  PID:8208
- C:\Windows\System\VszXPJk.exe
  C:\Windows\System\VszXPJk.exe
  2⤵
  PID:8236
- C:\Windows\System\bYklZGY.exe
  C:\Windows\System\bYklZGY.exe
  2⤵
  PID:8264
- C:\Windows\System\GidqCBT.exe
  C:\Windows\System\GidqCBT.exe
  2⤵
  PID:8280
- C:\Windows\System\NiDoUMD.exe
  C:\Windows\System\NiDoUMD.exe
  2⤵
  PID:8296
- C:\Windows\System\HWQoabR.exe
  C:\Windows\System\HWQoabR.exe
  2⤵
  PID:8328
- C:\Windows\System\cNDrewF.exe
  C:\Windows\System\cNDrewF.exe
  2⤵
  PID:8368
- C:\Windows\System\UCWwGEj.exe
  C:\Windows\System\UCWwGEj.exe
  2⤵
  PID:8388
- C:\Windows\System\DQodvgI.exe
  C:\Windows\System\DQodvgI.exe
  2⤵
  PID:8424
- C:\Windows\System\qVJzBCM.exe
  C:\Windows\System\qVJzBCM.exe
  2⤵
  PID:8456
- C:\Windows\System\iNDrwqD.exe
  C:\Windows\System\iNDrwqD.exe
  2⤵
  PID:8492
- C:\Windows\System\oLqzJfZ.exe
  C:\Windows\System\oLqzJfZ.exe
  2⤵
  PID:8508
- C:\Windows\System\xcSdnmA.exe
  C:\Windows\System\xcSdnmA.exe
  2⤵
  PID:8544
- C:\Windows\System\zMwQhhY.exe
  C:\Windows\System\zMwQhhY.exe
  2⤵
  PID:8584
- C:\Windows\System\AHyLxZR.exe
  C:\Windows\System\AHyLxZR.exe
  2⤵
  PID:8612
- C:\Windows\System\RNcIMmT.exe
  C:\Windows\System\RNcIMmT.exe
  2⤵
  PID:8636
- C:\Windows\System\jwclRGI.exe
  C:\Windows\System\jwclRGI.exe
  2⤵
  PID:8680
- C:\Windows\System\ysYcrHD.exe
  C:\Windows\System\ysYcrHD.exe
  2⤵
  PID:8736
- C:\Windows\System\gjVRlII.exe
  C:\Windows\System\gjVRlII.exe
  2⤵
  PID:8756
- C:\Windows\System\jAVvoYV.exe
  C:\Windows\System\jAVvoYV.exe
  2⤵
  PID:8780
- C:\Windows\System\WnAlchq.exe
  C:\Windows\System\WnAlchq.exe
  2⤵
  PID:8820
- C:\Windows\System\vembmbl.exe
  C:\Windows\System\vembmbl.exe
  2⤵
  PID:8844
- C:\Windows\System\OGvvhvz.exe
  C:\Windows\System\OGvvhvz.exe
  2⤵
  PID:8888
- C:\Windows\System\BHoQiYd.exe
  C:\Windows\System\BHoQiYd.exe
  2⤵
  PID:8916
- C:\Windows\System\qJuXtcQ.exe
  C:\Windows\System\qJuXtcQ.exe
  2⤵
  PID:8944
- C:\Windows\System\SrZmdQv.exe
  C:\Windows\System\SrZmdQv.exe
  2⤵
  PID:8972
- C:\Windows\System\HFPZHBC.exe
  C:\Windows\System\HFPZHBC.exe
  2⤵
  PID:9000
- C:\Windows\System\DhKthVF.exe
  C:\Windows\System\DhKthVF.exe
  2⤵
  PID:9032
- C:\Windows\System\nUihGia.exe
  C:\Windows\System\nUihGia.exe
  2⤵
  PID:9060
- C:\Windows\System\LjyNjOW.exe
  C:\Windows\System\LjyNjOW.exe
  2⤵
  PID:9088
- C:\Windows\System\vSeGgBr.exe
  C:\Windows\System\vSeGgBr.exe
  2⤵
  PID:9116
- C:\Windows\System\QLitUxV.exe
  C:\Windows\System\QLitUxV.exe
  2⤵
  PID:9140
- C:\Windows\System\ygzzdXx.exe
  C:\Windows\System\ygzzdXx.exe
  2⤵
  PID:9176
- C:\Windows\System\nEHNEqM.exe
  C:\Windows\System\nEHNEqM.exe
  2⤵
  PID:9204
- C:\Windows\System\NdWblMj.exe
  C:\Windows\System\NdWblMj.exe
  2⤵
  PID:8228
- C:\Windows\System\XgfgjEe.exe
  C:\Windows\System\XgfgjEe.exe
  2⤵
  PID:8288
- C:\Windows\System\tduEkUO.exe
  C:\Windows\System\tduEkUO.exe
  2⤵
  PID:8352
- C:\Windows\System\lqyPhmB.exe
  C:\Windows\System\lqyPhmB.exe
  2⤵
  PID:8396
- C:\Windows\System\geMHhll.exe
  C:\Windows\System\geMHhll.exe
  2⤵
  PID:8480
- C:\Windows\System\iJlhqvB.exe
  C:\Windows\System\iJlhqvB.exe
  2⤵
  PID:8560
- C:\Windows\System\ddxfDBV.exe
  C:\Windows\System\ddxfDBV.exe
  2⤵
  PID:8304
- C:\Windows\System\WlJYhYm.exe
  C:\Windows\System\WlJYhYm.exe
  2⤵
  PID:8700
- C:\Windows\System\jIxdeEe.exe
  C:\Windows\System\jIxdeEe.exe
  2⤵
  PID:8772
- C:\Windows\System\DTDHlpN.exe
  C:\Windows\System\DTDHlpN.exe
  2⤵
  PID:8884
- C:\Windows\System\fkKXkqo.exe
  C:\Windows\System\fkKXkqo.exe
  2⤵
  PID:8912
- C:\Windows\System\LbWniVI.exe
  C:\Windows\System\LbWniVI.exe
  2⤵
  PID:8992
- C:\Windows\System\emCViKt.exe
  C:\Windows\System\emCViKt.exe
  2⤵
  PID:9052
- C:\Windows\System\GWgudtv.exe
  C:\Windows\System\GWgudtv.exe
  2⤵
  PID:9124
- C:\Windows\System\aWQAIwl.exe
  C:\Windows\System\aWQAIwl.exe
  2⤵
  PID:9200
- C:\Windows\System\GGrFZfO.exe
  C:\Windows\System\GGrFZfO.exe
  2⤵
  PID:8256
- C:\Windows\System\txNTzcr.exe
  C:\Windows\System\txNTzcr.exe
  2⤵
  PID:8452
- C:\Windows\System\NZoNLry.exe
  C:\Windows\System\NZoNLry.exe
  2⤵
  PID:8592
- C:\Windows\System\TsXCrQh.exe
  C:\Windows\System\TsXCrQh.exe
  2⤵
  PID:8776
- C:\Windows\System\zXgKwWt.exe
  C:\Windows\System\zXgKwWt.exe
  2⤵
  PID:8956
- C:\Windows\System\YnaxHGc.exe
  C:\Windows\System\YnaxHGc.exe
  2⤵
  PID:9108
- C:\Windows\System\VqrWdkY.exe
  C:\Windows\System\VqrWdkY.exe
  2⤵
  PID:8340
- C:\Windows\System\rUQNMQd.exe
  C:\Windows\System\rUQNMQd.exe
  2⤵
  PID:8748
- C:\Windows\System\kSfZiyL.exe
  C:\Windows\System\kSfZiyL.exe
  2⤵
  PID:9024
- C:\Windows\System\HiXeXbE.exe
  C:\Windows\System\HiXeXbE.exe
  2⤵
  PID:8872
- C:\Windows\System\pIMNSum.exe
  C:\Windows\System\pIMNSum.exe
  2⤵
  PID:8272
- C:\Windows\System\tjIVhKJ.exe
  C:\Windows\System\tjIVhKJ.exe
  2⤵
  PID:9236
- C:\Windows\System\nOucgrE.exe
  C:\Windows\System\nOucgrE.exe
  2⤵
  PID:9268
- C:\Windows\System\QOmHnfr.exe
  C:\Windows\System\QOmHnfr.exe
  2⤵
  PID:9296
- C:\Windows\System\Wvnyusr.exe
  C:\Windows\System\Wvnyusr.exe
  2⤵
  PID:9324
- C:\Windows\System\CmXQuyn.exe
  C:\Windows\System\CmXQuyn.exe
  2⤵
  PID:9352
- C:\Windows\System\MWYVsVh.exe
  C:\Windows\System\MWYVsVh.exe
  2⤵
  PID:9380
- C:\Windows\System\pjINANL.exe
  C:\Windows\System\pjINANL.exe
  2⤵
  PID:9408
- C:\Windows\System\SQcoGEZ.exe
  C:\Windows\System\SQcoGEZ.exe
  2⤵
  PID:9436
- C:\Windows\System\IpxMKLW.exe
  C:\Windows\System\IpxMKLW.exe
  2⤵
  PID:9464
- C:\Windows\System\yVAGXiU.exe
  C:\Windows\System\yVAGXiU.exe
  2⤵
  PID:9484
- C:\Windows\System\yfYTyxH.exe
  C:\Windows\System\yfYTyxH.exe
  2⤵
  PID:9520
- C:\Windows\System\MagTSwQ.exe
  C:\Windows\System\MagTSwQ.exe
  2⤵
  PID:9548
- C:\Windows\System\vmMBhVr.exe
  C:\Windows\System\vmMBhVr.exe
  2⤵
  PID:9576
- C:\Windows\System\YiFUNyA.exe
  C:\Windows\System\YiFUNyA.exe
  2⤵
  PID:9592
- C:\Windows\System\xWKKvsh.exe
  C:\Windows\System\xWKKvsh.exe
  2⤵
  PID:9624
- C:\Windows\System\aRleBTH.exe
  C:\Windows\System\aRleBTH.exe
  2⤵
  PID:9660
- C:\Windows\System\pCrCxud.exe
  C:\Windows\System\pCrCxud.exe
  2⤵
  PID:9688
- C:\Windows\System\lQKxDda.exe
  C:\Windows\System\lQKxDda.exe
  2⤵
  PID:9716
- C:\Windows\System\wxQfNYQ.exe
  C:\Windows\System\wxQfNYQ.exe
  2⤵
  PID:9752
- C:\Windows\System\vCfbwNa.exe
  C:\Windows\System\vCfbwNa.exe
  2⤵
  PID:9772
- C:\Windows\System\jsevhiu.exe
  C:\Windows\System\jsevhiu.exe
  2⤵
  PID:9800
- C:\Windows\System\ekgvsyr.exe
  C:\Windows\System\ekgvsyr.exe
  2⤵
  PID:9828
- C:\Windows\System\rqsLKJP.exe
  C:\Windows\System\rqsLKJP.exe
  2⤵
  PID:9860
- C:\Windows\System\DhlQscY.exe
  C:\Windows\System\DhlQscY.exe
  2⤵
  PID:9884
- C:\Windows\System\NOImHkq.exe
  C:\Windows\System\NOImHkq.exe
  2⤵
  PID:9912
- C:\Windows\System\qIPjPOe.exe
  C:\Windows\System\qIPjPOe.exe
  2⤵
  PID:9940
- C:\Windows\System\BHqWVSv.exe
  C:\Windows\System\BHqWVSv.exe
  2⤵
  PID:9968
- C:\Windows\System\eJEqjtt.exe
  C:\Windows\System\eJEqjtt.exe
  2⤵
  PID:9996
- C:\Windows\System\fUAIlEK.exe
  C:\Windows\System\fUAIlEK.exe
  2⤵
  PID:10024
- C:\Windows\System\SgzkfPB.exe
  C:\Windows\System\SgzkfPB.exe
  2⤵
  PID:10052
- C:\Windows\System\bQELfsT.exe
  C:\Windows\System\bQELfsT.exe
  2⤵
  PID:10080
- C:\Windows\System\hfLTCTR.exe
  C:\Windows\System\hfLTCTR.exe
  2⤵
  PID:10108
- C:\Windows\System\wAxpKje.exe
  C:\Windows\System\wAxpKje.exe
  2⤵
  PID:10136
- C:\Windows\System\VIWPlui.exe
  C:\Windows\System\VIWPlui.exe
  2⤵
  PID:10164
- C:\Windows\System\GXttwqj.exe
  C:\Windows\System\GXttwqj.exe
  2⤵
  PID:10192
- C:\Windows\System\SLIGqVQ.exe
  C:\Windows\System\SLIGqVQ.exe
  2⤵
  PID:10220
- C:\Windows\System\cWgPzDT.exe
  C:\Windows\System\cWgPzDT.exe
  2⤵
  PID:9232
- C:\Windows\System\zzZEZMv.exe
  C:\Windows\System\zzZEZMv.exe
  2⤵
  PID:9316
- C:\Windows\System\vJCnyFI.exe
  C:\Windows\System\vJCnyFI.exe
  2⤵
  PID:9368
- C:\Windows\System\YKVGdTo.exe
  C:\Windows\System\YKVGdTo.exe
  2⤵
  PID:9432
- C:\Windows\System\tMAsEpi.exe
  C:\Windows\System\tMAsEpi.exe
  2⤵
  PID:9508
- C:\Windows\System\YAcnOAi.exe
  C:\Windows\System\YAcnOAi.exe
  2⤵
  PID:9568
- C:\Windows\System\wcCAMwN.exe
  C:\Windows\System\wcCAMwN.exe
  2⤵
  PID:9632
- C:\Windows\System\lwQbOGh.exe
  C:\Windows\System\lwQbOGh.exe
  2⤵
  PID:9700
- C:\Windows\System\aGQuLKA.exe
  C:\Windows\System\aGQuLKA.exe
  2⤵
  PID:9760
- C:\Windows\System\BlsRDIG.exe
  C:\Windows\System\BlsRDIG.exe
  2⤵
  PID:9824
- C:\Windows\System\NLmHWxr.exe
  C:\Windows\System\NLmHWxr.exe
  2⤵
  PID:9900
- C:\Windows\System\zqHjpbF.exe
  C:\Windows\System\zqHjpbF.exe
  2⤵
  PID:9936
- C:\Windows\System\foNrrSM.exe
  C:\Windows\System\foNrrSM.exe
  2⤵
  PID:9988
- C:\Windows\System\CbxoNWX.exe
  C:\Windows\System\CbxoNWX.exe
  2⤵
  PID:10064
- C:\Windows\System\aArlENM.exe
  C:\Windows\System\aArlENM.exe
  2⤵
  PID:10176
- C:\Windows\System\wfYNzFz.exe
  C:\Windows\System\wfYNzFz.exe
  2⤵
  PID:9224
- C:\Windows\System\xbHrDSJ.exe
  C:\Windows\System\xbHrDSJ.exe
  2⤵
  PID:9404
- C:\Windows\System\YiwOocM.exe
  C:\Windows\System\YiwOocM.exe
  2⤵
  PID:9560
- C:\Windows\System\WMoquKy.exe
  C:\Windows\System\WMoquKy.exe
  2⤵
  PID:9684
- C:\Windows\System\hpvqVHJ.exe
  C:\Windows\System\hpvqVHJ.exe
  2⤵
  PID:9820
- C:\Windows\System\LnPMIcS.exe
  C:\Windows\System\LnPMIcS.exe
  2⤵
  PID:10048
- C:\Windows\System\aycRqtt.exe
  C:\Windows\System\aycRqtt.exe
  2⤵
  PID:10160
- C:\Windows\System\JtGyaby.exe
  C:\Windows\System\JtGyaby.exe
  2⤵
  PID:9908
- C:\Windows\System\xLYWjYS.exe
  C:\Windows\System\xLYWjYS.exe
  2⤵
  PID:10104
- C:\Windows\System\ltNZBYv.exe
  C:\Windows\System\ltNZBYv.exe
  2⤵
  PID:10268
- C:\Windows\System\AuVKZtO.exe
  C:\Windows\System\AuVKZtO.exe
  2⤵
  PID:10296
- C:\Windows\System\mfVKsMM.exe
  C:\Windows\System\mfVKsMM.exe
  2⤵
  PID:10340
- C:\Windows\System\GmBVCmI.exe
  C:\Windows\System\GmBVCmI.exe
  2⤵
  PID:10356
- C:\Windows\System\ukIbFpr.exe
  C:\Windows\System\ukIbFpr.exe
  2⤵
  PID:10384
- C:\Windows\System\dXKqAjc.exe
  C:\Windows\System\dXKqAjc.exe
  2⤵
  PID:10424
- C:\Windows\System\PRrJYMn.exe
  C:\Windows\System\PRrJYMn.exe
  2⤵
  PID:10448
- C:\Windows\System\ibFcdpy.exe
  C:\Windows\System\ibFcdpy.exe
  2⤵
  PID:10472
- C:\Windows\System\mgZVUwr.exe
  C:\Windows\System\mgZVUwr.exe
  2⤵
  PID:10524
- C:\Windows\System\ueKexEF.exe
  C:\Windows\System\ueKexEF.exe
  2⤵
  PID:10556
- C:\Windows\System\hSAZzXQ.exe
  C:\Windows\System\hSAZzXQ.exe
  2⤵
  PID:10576
- C:\Windows\System\IJuFueb.exe
  C:\Windows\System\IJuFueb.exe
  2⤵
  PID:10600
- C:\Windows\System\KLzEGZi.exe
  C:\Windows\System\KLzEGZi.exe
  2⤵
  PID:10632
- C:\Windows\System\LdXtoPU.exe
  C:\Windows\System\LdXtoPU.exe
  2⤵
  PID:10668
- C:\Windows\System\EKfRMGB.exe
  C:\Windows\System\EKfRMGB.exe
  2⤵
  PID:10696
- C:\Windows\System\vnZAjTX.exe
  C:\Windows\System\vnZAjTX.exe
  2⤵
  PID:10724
- C:\Windows\System\IyBbWae.exe
  C:\Windows\System\IyBbWae.exe
  2⤵
  PID:10752
- C:\Windows\System\vpHLIGf.exe
  C:\Windows\System\vpHLIGf.exe
  2⤵
  PID:10780
- C:\Windows\System\bvELrIt.exe
  C:\Windows\System\bvELrIt.exe
  2⤵
  PID:10808
- C:\Windows\System\QCifszx.exe
  C:\Windows\System\QCifszx.exe
  2⤵
  PID:10836
- C:\Windows\System\oDAsxMg.exe
  C:\Windows\System\oDAsxMg.exe
  2⤵
  PID:10864
- C:\Windows\System\FYZaJDS.exe
  C:\Windows\System\FYZaJDS.exe
  2⤵
  PID:10892
- C:\Windows\System\hqEjHMP.exe
  C:\Windows\System\hqEjHMP.exe
  2⤵
  PID:10912
- C:\Windows\System\yfSGYNL.exe
  C:\Windows\System\yfSGYNL.exe
  2⤵
  PID:10940
- C:\Windows\System\biyoLyr.exe
  C:\Windows\System\biyoLyr.exe
  2⤵
  PID:10976
- C:\Windows\System\zpWSHCo.exe
  C:\Windows\System\zpWSHCo.exe
  2⤵
  PID:10996
- C:\Windows\System\FYizroQ.exe
  C:\Windows\System\FYizroQ.exe
  2⤵
  PID:11032
- C:\Windows\System\QcefLYb.exe
  C:\Windows\System\QcefLYb.exe
  2⤵
  PID:11052
- C:\Windows\System\emHgGdM.exe
  C:\Windows\System\emHgGdM.exe
  2⤵
  PID:11092
- C:\Windows\System\IyoMWLN.exe
  C:\Windows\System\IyoMWLN.exe
  2⤵
  PID:11124
- C:\Windows\System\kiCkQCi.exe
  C:\Windows\System\kiCkQCi.exe
  2⤵
  PID:11152
- C:\Windows\System\FMfthET.exe
  C:\Windows\System\FMfthET.exe
  2⤵
  PID:11172
- C:\Windows\System\ukMfQMY.exe
  C:\Windows\System\ukMfQMY.exe
  2⤵
  PID:11196
- C:\Windows\System\SUbwMBc.exe
  C:\Windows\System\SUbwMBc.exe
  2⤵
  PID:11224
- C:\Windows\System\WLYqcNS.exe
  C:\Windows\System\WLYqcNS.exe
  2⤵
  PID:11252
- C:\Windows\System\sjGIxhh.exe
  C:\Windows\System\sjGIxhh.exe
  2⤵
  PID:10244
- C:\Windows\System\YgLpGBw.exe
  C:\Windows\System\YgLpGBw.exe
  2⤵
  PID:10320
- C:\Windows\System\EpFqzAL.exe
  C:\Windows\System\EpFqzAL.exe
  2⤵
  PID:10380
- C:\Windows\System\zOZYimv.exe
  C:\Windows\System\zOZYimv.exe
  2⤵
  PID:10464
- C:\Windows\System\sXCxUbl.exe
  C:\Windows\System\sXCxUbl.exe
  2⤵
  PID:10568
- C:\Windows\System\nhHiMTo.exe
  C:\Windows\System\nhHiMTo.exe
  2⤵
  PID:10620
- C:\Windows\System\FEIaQdZ.exe
  C:\Windows\System\FEIaQdZ.exe
  2⤵
  PID:10660
- C:\Windows\System\hoxYAjN.exe
  C:\Windows\System\hoxYAjN.exe
  2⤵
  PID:10764
- C:\Windows\System\qlFWdKN.exe
  C:\Windows\System\qlFWdKN.exe
  2⤵
  PID:10820
- C:\Windows\System\MCyBCgr.exe
  C:\Windows\System\MCyBCgr.exe
  2⤵
  PID:10860
- C:\Windows\System\NuBRAvt.exe
  C:\Windows\System\NuBRAvt.exe
  2⤵
  PID:10904
- C:\Windows\System\lBWoVzg.exe
  C:\Windows\System\lBWoVzg.exe
  2⤵
  PID:11012
- C:\Windows\System\HSLeLrf.exe
  C:\Windows\System\HSLeLrf.exe
  2⤵
  PID:11060
- C:\Windows\System\DFcBNPL.exe
  C:\Windows\System\DFcBNPL.exe
  2⤵
  PID:11104
- C:\Windows\System\kfcMrjx.exe
  C:\Windows\System\kfcMrjx.exe
  2⤵
  PID:11184
- C:\Windows\System\nOeaWBW.exe
  C:\Windows\System\nOeaWBW.exe
  2⤵
  PID:10204
- C:\Windows\System\kAtCvJB.exe
  C:\Windows\System\kAtCvJB.exe
  2⤵
  PID:10352
- C:\Windows\System\mYjPKXq.exe
  C:\Windows\System\mYjPKXq.exe
  2⤵
  PID:10616
- C:\Windows\System\kLjuKND.exe
  C:\Windows\System\kLjuKND.exe
  2⤵
  PID:10720
- C:\Windows\System\ADmdwFb.exe
  C:\Windows\System\ADmdwFb.exe
  2⤵
  PID:10884
- C:\Windows\System\NQuZtqZ.exe
  C:\Windows\System\NQuZtqZ.exe
  2⤵
  PID:11016
- C:\Windows\System\zyniNgM.exe
  C:\Windows\System\zyniNgM.exe
  2⤵
  PID:11160
- C:\Windows\System\wZvmLOa.exe
  C:\Windows\System\wZvmLOa.exe
  2⤵
  PID:11240
- C:\Windows\System\tKynKqD.exe
  C:\Windows\System\tKynKqD.exe
  2⤵
  PID:10292
- C:\Windows\System\OPHBZLH.exe
  C:\Windows\System\OPHBZLH.exe
  2⤵
  PID:10832
- C:\Windows\System\qnGPinh.exe
  C:\Windows\System\qnGPinh.exe
  2⤵
  PID:11084
- C:\Windows\System\zualhFC.exe
  C:\Windows\System\zualhFC.exe
  2⤵
  PID:10936
- C:\Windows\System\SZbpgFT.exe
  C:\Windows\System\SZbpgFT.exe
  2⤵
  PID:11280
- C:\Windows\System\HndjNyf.exe
  C:\Windows\System\HndjNyf.exe
  2⤵
  PID:11320
- C:\Windows\System\MBPwVYl.exe
  C:\Windows\System\MBPwVYl.exe
  2⤵
  PID:11344
- C:\Windows\System\YdjGLIE.exe
  C:\Windows\System\YdjGLIE.exe
  2⤵
  PID:11376
- C:\Windows\System\cwHXJFd.exe
  C:\Windows\System\cwHXJFd.exe
  2⤵
  PID:11400
- C:\Windows\System\nQlPZnG.exe
  C:\Windows\System\nQlPZnG.exe
  2⤵
  PID:11448
- C:\Windows\System\FiRSqjT.exe
  C:\Windows\System\FiRSqjT.exe
  2⤵
  PID:11476
- C:\Windows\System\qoRhFSi.exe
  C:\Windows\System\qoRhFSi.exe
  2⤵
  PID:11504
- C:\Windows\System\gwnXTpW.exe
  C:\Windows\System\gwnXTpW.exe
  2⤵
  PID:11532
- C:\Windows\System\ZzLDCIf.exe
  C:\Windows\System\ZzLDCIf.exe
  2⤵
  PID:11560
- C:\Windows\System\DVhRcrV.exe
  C:\Windows\System\DVhRcrV.exe
  2⤵
  PID:11588
- C:\Windows\System\WkCaorV.exe
  C:\Windows\System\WkCaorV.exe
  2⤵
  PID:11616
- C:\Windows\System\fuzjLez.exe
  C:\Windows\System\fuzjLez.exe
  2⤵
  PID:11640
- C:\Windows\System\ibsBThk.exe
  C:\Windows\System\ibsBThk.exe
  2⤵
  PID:11664
- C:\Windows\System\iBVieNt.exe
  C:\Windows\System\iBVieNt.exe
  2⤵
  PID:11704
- C:\Windows\System\jBpFiCi.exe
  C:\Windows\System\jBpFiCi.exe
  2⤵
  PID:11732
- C:\Windows\System\EwEvMEi.exe
  C:\Windows\System\EwEvMEi.exe
  2⤵
  PID:11748
- C:\Windows\System\QPuKMoo.exe
  C:\Windows\System\QPuKMoo.exe
  2⤵
  PID:11788
- C:\Windows\System\CkNJNzt.exe
  C:\Windows\System\CkNJNzt.exe
  2⤵
  PID:11816
- C:\Windows\System\PSCulFD.exe
  C:\Windows\System\PSCulFD.exe
  2⤵
  PID:11844
- C:\Windows\System\sUSRvLj.exe
  C:\Windows\System\sUSRvLj.exe
  2⤵
  PID:11872
- C:\Windows\System\QgJbRov.exe
  C:\Windows\System\QgJbRov.exe
  2⤵
  PID:11892
- C:\Windows\System\qhUIExd.exe
  C:\Windows\System\qhUIExd.exe
  2⤵
  PID:11928
- C:\Windows\System\jErNsQr.exe
  C:\Windows\System\jErNsQr.exe
  2⤵
  PID:11956
- C:\Windows\System\DcGiFAh.exe
  C:\Windows\System\DcGiFAh.exe
  2⤵
  PID:11984
- C:\Windows\System\NchXYAS.exe
  C:\Windows\System\NchXYAS.exe
  2⤵
  PID:12012
- C:\Windows\System\tSvocyM.exe
  C:\Windows\System\tSvocyM.exe
  2⤵
  PID:12040
- C:\Windows\System\lNGjkto.exe
  C:\Windows\System\lNGjkto.exe
  2⤵
  PID:12068
- C:\Windows\System\RKohuJi.exe
  C:\Windows\System\RKohuJi.exe
  2⤵
  PID:12084
- C:\Windows\System\NlNKYQp.exe
  C:\Windows\System\NlNKYQp.exe
  2⤵
  PID:12100
- C:\Windows\System\qBiXyUI.exe
  C:\Windows\System\qBiXyUI.exe
  2⤵
  PID:12140
- C:\Windows\System\pIFbJjJ.exe
  C:\Windows\System\pIFbJjJ.exe
  2⤵
  PID:12168
- C:\Windows\System\jbctxZV.exe
  C:\Windows\System\jbctxZV.exe
  2⤵
  PID:12208
- C:\Windows\System\vCSZLNW.exe
  C:\Windows\System\vCSZLNW.exe
  2⤵
  PID:12236
- C:\Windows\System\ovyKVst.exe
  C:\Windows\System\ovyKVst.exe
  2⤵
  PID:12252
- C:\Windows\System\HCZsvwm.exe
  C:\Windows\System\HCZsvwm.exe
  2⤵
  PID:12280
- C:\Windows\System\buUaOAC.exe
  C:\Windows\System\buUaOAC.exe
  2⤵
  PID:11272
- C:\Windows\System\jxekrbB.exe
  C:\Windows\System\jxekrbB.exe
  2⤵
  PID:11360
- C:\Windows\System\vjRnDmz.exe
  C:\Windows\System\vjRnDmz.exe
  2⤵
  PID:11424
- C:\Windows\System\PyMhyQx.exe
  C:\Windows\System\PyMhyQx.exe
  2⤵
  PID:11472
- C:\Windows\System\fXXVTbu.exe
  C:\Windows\System\fXXVTbu.exe
  2⤵
  PID:11544
- C:\Windows\System\kXHFTrr.exe
  C:\Windows\System\kXHFTrr.exe
  2⤵
  PID:11608
- C:\Windows\System\ejjssLY.exe
  C:\Windows\System\ejjssLY.exe
  2⤵
  PID:11660
- C:\Windows\System\Svlofrv.exe
  C:\Windows\System\Svlofrv.exe
  2⤵
  PID:3968
- C:\Windows\System\RvcDCAF.exe
  C:\Windows\System\RvcDCAF.exe
  2⤵
  PID:1484
- C:\Windows\System\cvXmolL.exe
  C:\Windows\System\cvXmolL.exe
  2⤵
  PID:4580
- C:\Windows\System\OdscEgS.exe
  C:\Windows\System\OdscEgS.exe
  2⤵
  PID:11812
- C:\Windows\System\EYpYOdG.exe
  C:\Windows\System\EYpYOdG.exe
  2⤵
  PID:11868
- C:\Windows\System\bnoDpTf.exe
  C:\Windows\System\bnoDpTf.exe
  2⤵
  PID:11924
- C:\Windows\System\kNaytLv.exe
  C:\Windows\System\kNaytLv.exe
  2⤵
  PID:11996
- C:\Windows\System\tWuyqUd.exe
  C:\Windows\System\tWuyqUd.exe
  2⤵
  PID:12060
- C:\Windows\System\cHSDSHY.exe
  C:\Windows\System\cHSDSHY.exe
  2⤵
  PID:12112
- C:\Windows\System\fNynKTT.exe
  C:\Windows\System\fNynKTT.exe
  2⤵
  PID:12192
- C:\Windows\System\yHJAjbZ.exe
  C:\Windows\System\yHJAjbZ.exe
  2⤵
  PID:12264
- C:\Windows\System\HoZVquJ.exe
  C:\Windows\System\HoZVquJ.exe
  2⤵
  PID:11276
- C:\Windows\System\AvNhjfp.exe
  C:\Windows\System\AvNhjfp.exe
  2⤵
  PID:11440
- C:\Windows\System\WFnTKAJ.exe
  C:\Windows\System\WFnTKAJ.exe
  2⤵
  PID:11572
- C:\Windows\System\JiNDYON.exe
  C:\Windows\System\JiNDYON.exe
  2⤵
  PID:11636
- C:\Windows\System\ffRoxvu.exe
  C:\Windows\System\ffRoxvu.exe
  2⤵
  PID:11784
- C:\Windows\System\Ihjlkbo.exe
  C:\Windows\System\Ihjlkbo.exe
  2⤵
  PID:11904
- C:\Windows\System\vJEBWku.exe
  C:\Windows\System\vJEBWku.exe
  2⤵
  PID:12056
- C:\Windows\System\oflswnZ.exe
  C:\Windows\System\oflswnZ.exe
  2⤵
  PID:12180
- C:\Windows\System\TaoWIDZ.exe
  C:\Windows\System\TaoWIDZ.exe
  2⤵
  PID:11408
- C:\Windows\System\rutuFwl.exe
  C:\Windows\System\rutuFwl.exe
  2⤵
  PID:11604
- C:\Windows\System\LnOgBaE.exe
  C:\Windows\System\LnOgBaE.exe
  2⤵
  PID:11840
- C:\Windows\System\hgiWwiJ.exe
  C:\Windows\System\hgiWwiJ.exe
  2⤵
  PID:10280
- C:\Windows\System\vygOrQy.exe
  C:\Windows\System\vygOrQy.exe
  2⤵
  PID:11976
- C:\Windows\System\OKoOISC.exe
  C:\Windows\System\OKoOISC.exe
  2⤵
  PID:3572
- C:\Windows\System\dNNajvQ.exe
  C:\Windows\System\dNNajvQ.exe
  2⤵
  PID:12296
- C:\Windows\System\lbSJnnn.exe
  C:\Windows\System\lbSJnnn.exe
  2⤵
  PID:12320
- C:\Windows\System\vksKTPx.exe
  C:\Windows\System\vksKTPx.exe
  2⤵
  PID:12344
- C:\Windows\System\GVbKeDl.exe
  C:\Windows\System\GVbKeDl.exe
  2⤵
  PID:12372
- C:\Windows\System\pgnJldi.exe
  C:\Windows\System\pgnJldi.exe
  2⤵
  PID:12400
- C:\Windows\System\uQUgzJq.exe
  C:\Windows\System\uQUgzJq.exe
  2⤵
  PID:12416
- C:\Windows\System\JgmBzdI.exe
  C:\Windows\System\JgmBzdI.exe
  2⤵
  PID:12448
- C:\Windows\System\GYEwNnh.exe
  C:\Windows\System\GYEwNnh.exe
  2⤵
  PID:12484
- C:\Windows\System\BFeqMMP.exe
  C:\Windows\System\BFeqMMP.exe
  2⤵
  PID:12504
- C:\Windows\System\EoVNwtV.exe
  C:\Windows\System\EoVNwtV.exe
  2⤵
  PID:12544
- C:\Windows\System\hUHBqzY.exe
  C:\Windows\System\hUHBqzY.exe
  2⤵
  PID:12580
- C:\Windows\System\uBEagfZ.exe
  C:\Windows\System\uBEagfZ.exe
  2⤵
  PID:12608
- C:\Windows\System\QYGAMpH.exe
  C:\Windows\System\QYGAMpH.exe
  2⤵
  PID:12636
- C:\Windows\System\kQfAiOT.exe
  C:\Windows\System\kQfAiOT.exe
  2⤵
  PID:12664
- C:\Windows\System\FEdffcv.exe
  C:\Windows\System\FEdffcv.exe
  2⤵
  PID:12692
- C:\Windows\System\ghjIaBy.exe
  C:\Windows\System\ghjIaBy.exe
  2⤵
  PID:12708
- C:\Windows\System\Lhskkwi.exe
  C:\Windows\System\Lhskkwi.exe
  2⤵
  PID:12724
- C:\Windows\System\EJlTdQo.exe
  C:\Windows\System\EJlTdQo.exe
  2⤵
  PID:12764
- C:\Windows\System\HfvkVbD.exe
  C:\Windows\System\HfvkVbD.exe
  2⤵
  PID:12804
- C:\Windows\System\hVAIzqK.exe
  C:\Windows\System\hVAIzqK.exe
  2⤵
  PID:12832
- C:\Windows\System\tJxcgPL.exe
  C:\Windows\System\tJxcgPL.exe
  2⤵
  PID:12860
- C:\Windows\System\uVrhKpy.exe
  C:\Windows\System\uVrhKpy.exe
  2⤵
  PID:12888
- C:\Windows\System\eheEwuk.exe
  C:\Windows\System\eheEwuk.exe
  2⤵
  PID:12916
- C:\Windows\System\PGzYdhj.exe
  C:\Windows\System\PGzYdhj.exe
  2⤵
  PID:12944
- C:\Windows\System\gxCXYMZ.exe
  C:\Windows\System\gxCXYMZ.exe
  2⤵
  PID:12988
- C:\Windows\System\HgiNIsz.exe
  C:\Windows\System\HgiNIsz.exe
  2⤵
  PID:13008
- C:\Windows\System\hJMfvSB.exe
  C:\Windows\System\hJMfvSB.exe
  2⤵
  PID:13036
- C:\Windows\System\hOhGsYG.exe
  C:\Windows\System\hOhGsYG.exe
  2⤵
  PID:13088
- C:\Windows\System\XOUORtE.exe
  C:\Windows\System\XOUORtE.exe
  2⤵
  PID:13116
- C:\Windows\System\oRciqQH.exe
  C:\Windows\System\oRciqQH.exe
  2⤵
  PID:13136
- C:\Windows\System\oUpERwy.exe
  C:\Windows\System\oUpERwy.exe
  2⤵
  PID:13168
- C:\Windows\System\whYnhjE.exe
  C:\Windows\System\whYnhjE.exe
  2⤵
  PID:13204
- C:\Windows\System\jZPLUFX.exe
  C:\Windows\System\jZPLUFX.exe
  2⤵
  PID:13232
- C:\Windows\System\HdETAug.exe
  C:\Windows\System\HdETAug.exe
  2⤵
  PID:13260
- C:\Windows\System\QLnhpBX.exe
  C:\Windows\System\QLnhpBX.exe
  2⤵
  PID:13288
- C:\Windows\System\MoLWlOW.exe
  C:\Windows\System\MoLWlOW.exe
  2⤵
  PID:5536
- C:\Windows\System\BWTSrcp.exe
  C:\Windows\System\BWTSrcp.exe
  2⤵
  PID:12340
- C:\Windows\System\zUciuxq.exe
  C:\Windows\System\zUciuxq.exe
  2⤵
  PID:12408
- C:\Windows\System\SvpJmEV.exe
  C:\Windows\System\SvpJmEV.exe
  2⤵
  PID:1752
- C:\Windows\System\hYgYQss.exe
  C:\Windows\System\hYgYQss.exe
  2⤵
  PID:12572
- C:\Windows\System\LvnKpPy.exe
  C:\Windows\System\LvnKpPy.exe
  2⤵
  PID:12628
- C:\Windows\System\TWCVugM.exe
  C:\Windows\System\TWCVugM.exe
  2⤵
  PID:12652
- C:\Windows\System\yAdXHHD.exe
  C:\Windows\System\yAdXHHD.exe
  2⤵
  PID:12700
- C:\Windows\System\CSxoNmU.exe
  C:\Windows\System\CSxoNmU.exe
  2⤵
  PID:12748
- C:\Windows\System\VMbFUSW.exe
  C:\Windows\System\VMbFUSW.exe
  2⤵
  PID:12852
- C:\Windows\System\vYxsvlc.exe
  C:\Windows\System\vYxsvlc.exe
  2⤵
  PID:12900
- C:\Windows\System\EJiHdZP.exe
  C:\Windows\System\EJiHdZP.exe
  2⤵
  PID:12952
- C:\Windows\System\RtegQnj.exe
  C:\Windows\System\RtegQnj.exe
  2⤵
  PID:13052
- C:\Windows\System\WRVoUSV.exe
  C:\Windows\System\WRVoUSV.exe
  2⤵
  PID:13152
- C:\Windows\System\ENOtzmM.exe
  C:\Windows\System\ENOtzmM.exe
  2⤵
  PID:13220
- C:\Windows\System\fwjsHsC.exe
  C:\Windows\System\fwjsHsC.exe
  2⤵
  PID:11356
- C:\Windows\System\nQWuAjF.exe
  C:\Windows\System\nQWuAjF.exe
  2⤵
  PID:12336
- C:\Windows\System\cNBArQP.exe
  C:\Windows\System\cNBArQP.exe
  2⤵
  PID:12472
- C:\Windows\System\vfjNIAe.exe
  C:\Windows\System\vfjNIAe.exe
  2⤵
  PID:12620
- C:\Windows\System\DfkkcZE.exe
  C:\Windows\System\DfkkcZE.exe
  2⤵
  PID:11700
- C:\Windows\System\UcpgPlJ.exe
  C:\Windows\System\UcpgPlJ.exe
  2⤵
  PID:13020
- C:\Windows\System\zLCvnUH.exe
  C:\Windows\System\zLCvnUH.exe
  2⤵
  PID:12936
- C:\Windows\System\iVthxfj.exe
  C:\Windows\System\iVthxfj.exe
  2⤵
  PID:13180
- C:\Windows\System\bqqTntP.exe
  C:\Windows\System\bqqTntP.exe
  2⤵
  PID:12592
- C:\Windows\System\KafUoEp.exe
  C:\Windows\System\KafUoEp.exe
  2⤵
  PID:12912
- C:\Windows\System\WfqSIYJ.exe
  C:\Windows\System\WfqSIYJ.exe
  2⤵
  PID:12688
- C:\Windows\System\JdaePUo.exe
  C:\Windows\System\JdaePUo.exe
  2⤵
  PID:13320
- C:\Windows\System\zCyoMgn.exe
  C:\Windows\System\zCyoMgn.exe
  2⤵
  PID:13340
- C:\Windows\System\DUOAzRI.exe
  C:\Windows\System\DUOAzRI.exe
  2⤵
  PID:13364
- C:\Windows\System\xreSZrc.exe
  C:\Windows\System\xreSZrc.exe
  2⤵
  PID:13432
- C:\Windows\System\ToYenfM.exe
  C:\Windows\System\ToYenfM.exe
  2⤵
  PID:13460
- C:\Windows\System\PSsHBhl.exe
  C:\Windows\System\PSsHBhl.exe
  2⤵
  PID:13476
- C:\Windows\System\ACCfoPa.exe
  C:\Windows\System\ACCfoPa.exe
  2⤵
  PID:13516
- C:\Windows\System\HualGuQ.exe
  C:\Windows\System\HualGuQ.exe
  2⤵
  PID:13536
- C:\Windows\System\KERZNsX.exe
  C:\Windows\System\KERZNsX.exe
  2⤵
  PID:13580
- C:\Windows\System\TFdPdre.exe
  C:\Windows\System\TFdPdre.exe
  2⤵
  PID:13616
- C:\Windows\System\rCQjavw.exe
  C:\Windows\System\rCQjavw.exe
  2⤵
  PID:13656
- C:\Windows\System\JhAytAF.exe
  C:\Windows\System\JhAytAF.exe
  2⤵
  PID:13684
- C:\Windows\System\cfPjTIK.exe
  C:\Windows\System\cfPjTIK.exe
  2⤵
  PID:13712
- C:\Windows\System\WHMdjTO.exe
  C:\Windows\System\WHMdjTO.exe
  2⤵
  PID:13732
- C:\Windows\System\YBWpziu.exe
  C:\Windows\System\YBWpziu.exe
  2⤵
  PID:13768
- C:\Windows\System\UJGPqnc.exe
  C:\Windows\System\UJGPqnc.exe
  2⤵
  PID:13784
- C:\Windows\System\WIDclPa.exe
  C:\Windows\System\WIDclPa.exe
  2⤵
  PID:13812
- C:\Windows\System\MWgnQtJ.exe
  C:\Windows\System\MWgnQtJ.exe
  2⤵
  PID:13852
- C:\Windows\System\VrZStdk.exe
  C:\Windows\System\VrZStdk.exe
  2⤵
  PID:13872
- C:\Windows\System\NLNIRfL.exe
  C:\Windows\System\NLNIRfL.exe
  2⤵
  PID:13888
- C:\Windows\System\YsfNQxZ.exe
  C:\Windows\System\YsfNQxZ.exe
  2⤵
  PID:13920
- C:\Windows\System\CtbOGgj.exe
  C:\Windows\System\CtbOGgj.exe
  2⤵
  PID:13952
- C:\Windows\System\RthFHTG.exe
  C:\Windows\System\RthFHTG.exe
  2⤵
  PID:13980
- C:\Windows\System\okKlbbB.exe
  C:\Windows\System\okKlbbB.exe
  2⤵
  PID:14024
- C:\Windows\System\RrdzXrU.exe
  C:\Windows\System\RrdzXrU.exe
  2⤵
  PID:14052
- C:\Windows\System\tFemSPY.exe
  C:\Windows\System\tFemSPY.exe
  2⤵
  PID:14084
- C:\Windows\System\WOGYkhH.exe
  C:\Windows\System\WOGYkhH.exe
  2⤵
  PID:14112
- C:\Windows\System\SEryEtj.exe
  C:\Windows\System\SEryEtj.exe
  2⤵
  PID:14140
- C:\Windows\System\lWpiTkp.exe
  C:\Windows\System\lWpiTkp.exe
  2⤵
  PID:14172
- C:\Windows\System\GtGFMJY.exe
  C:\Windows\System\GtGFMJY.exe
  2⤵
  PID:14188
- C:\Windows\System\LURHFkm.exe
  C:\Windows\System\LURHFkm.exe
  2⤵
  PID:14228
- C:\Windows\System\YXFeHke.exe
  C:\Windows\System\YXFeHke.exe
  2⤵
  PID:14256
- C:\Windows\System\DMylWOp.exe
  C:\Windows\System\DMylWOp.exe
  2⤵
  PID:14284
- C:\Windows\System\AayFrEL.exe
  C:\Windows\System\AayFrEL.exe
  2⤵
  PID:14300
- C:\Windows\System\bvlFWWl.exe
  C:\Windows\System\bvlFWWl.exe
  2⤵
  PID:13332
- C:\Windows\System\aZmByZX.exe
  C:\Windows\System\aZmByZX.exe
  2⤵
  PID:3684
- C:\Windows\System\YXDZbUv.exe
  C:\Windows\System\YXDZbUv.exe
  2⤵
  PID:13416
- C:\Windows\System\wfIRHii.exe
  C:\Windows\System\wfIRHii.exe
  2⤵
  PID:13468
- C:\Windows\System\wRxhxar.exe
  C:\Windows\System\wRxhxar.exe
  2⤵
  PID:13572
- C:\Windows\System\fkIKRJY.exe
  C:\Windows\System\fkIKRJY.exe
  2⤵
  PID:13652
- C:\Windows\System\UglwyGc.exe
  C:\Windows\System\UglwyGc.exe
  2⤵
  PID:13720
- C:\Windows\System\DRRRPUl.exe
  C:\Windows\System\DRRRPUl.exe
  2⤵
  PID:13780
- C:\Windows\System\EnEoXOZ.exe
  C:\Windows\System\EnEoXOZ.exe
  2⤵
  PID:13844
- C:\Windows\System\BHdzEkB.exe
  C:\Windows\System\BHdzEkB.exe
  2⤵
  PID:13880
- C:\Windows\System\ysXfegU.exe
  C:\Windows\System\ysXfegU.exe
  2⤵
  PID:13936
- C:\Windows\System\piCIXUR.exe
  C:\Windows\System\piCIXUR.exe
  2⤵
  PID:13976
- C:\Windows\System\HsVRUUk.exe
  C:\Windows\System\HsVRUUk.exe
  2⤵
  PID:14068
- C:\Windows\System\IvPKFGo.exe
  C:\Windows\System\IvPKFGo.exe
  2⤵
  PID:14124
- C:\Windows\System\hmbCiBX.exe
  C:\Windows\System\hmbCiBX.exe
  2⤵
  PID:14168
- C:\Windows\System\jLnzrfp.exe
  C:\Windows\System\jLnzrfp.exe
  2⤵
  PID:3776
- C:\Windows\System\GKHdMLh.exe
  C:\Windows\System\GKHdMLh.exe
  2⤵
  PID:2200
- C:\Windows\System\zkArRoI.exe
  C:\Windows\System\zkArRoI.exe
  2⤵
  PID:14272
- C:\Windows\System\PdBVtEa.exe
  C:\Windows\System\PdBVtEa.exe
  2⤵
  PID:14320
- C:\Windows\System\xcUocrh.exe
  C:\Windows\System\xcUocrh.exe
  2⤵
  PID:10264
- C:\Windows\System\gYrDPwO.exe
  C:\Windows\System\gYrDPwO.exe
  2⤵
  PID:13452
- C:\Windows\System\DvkpnYE.exe
  C:\Windows\System\DvkpnYE.exe
  2⤵
  PID:13748
- C:\Windows\System\AxVwgox.exe
  C:\Windows\System\AxVwgox.exe
  2⤵
  PID:13868
- C:\Windows\System\IUCUGQa.exe
  C:\Windows\System\IUCUGQa.exe
  2⤵
  PID:13860
- C:\Windows\System\ZBllaLz.exe
  C:\Windows\System\ZBllaLz.exe
  2⤵
  PID:1140
- C:\Windows\System\mSjrFLB.exe
  C:\Windows\System\mSjrFLB.exe
  2⤵
  PID:220
- C:\Windows\System\gKeuJYw.exe
  C:\Windows\System\gKeuJYw.exe
  2⤵
  PID:13472
- C:\Windows\System\RqINzGn.exe
  C:\Windows\System\RqINzGn.exe
  2⤵
  PID:13700
- C:\Windows\System\PblrFPg.exe
  C:\Windows\System\PblrFPg.exe
  2⤵
  PID:14080
- C:\Windows\System\ZaoAail.exe
  C:\Windows\System\ZaoAail.exe
  2⤵
  PID:14296
- C:\Windows\System\PmmLfJZ.exe
  C:\Windows\System\PmmLfJZ.exe
  2⤵
  PID:3140
- C:\Windows\System\UsSAgkD.exe
  C:\Windows\System\UsSAgkD.exe
  2⤵
  PID:14344
- C:\Windows\System\mpBqtcx.exe
  C:\Windows\System\mpBqtcx.exe
  2⤵
  PID:14372
- C:\Windows\System\HwbGgOe.exe
  C:\Windows\System\HwbGgOe.exe
  2⤵
  PID:14400
- C:\Windows\System\iXoGRAQ.exe
  C:\Windows\System\iXoGRAQ.exe
  2⤵
  PID:14444
- C:\Windows\System\asDeDNa.exe
  C:\Windows\System\asDeDNa.exe
  2⤵
  PID:14460
- C:\Windows\System\howGCAB.exe
  C:\Windows\System\howGCAB.exe
  2⤵
  PID:14488
- C:\Windows\System\hvSIODr.exe
  C:\Windows\System\hvSIODr.exe
  2⤵
  PID:14516
- C:\Windows\System\ZBNgXqB.exe
  C:\Windows\System\ZBNgXqB.exe
  2⤵
  PID:14548
- C:\Windows\System\KsaNdSQ.exe
  C:\Windows\System\KsaNdSQ.exe
  2⤵
  PID:14576
- C:\Windows\System\UnREEHD.exe
  C:\Windows\System\UnREEHD.exe
  2⤵
  PID:14600
- C:\Windows\System\jRSkPWV.exe
  C:\Windows\System\jRSkPWV.exe
  2⤵
  PID:14632
- C:\Windows\System\rkKlhza.exe
  C:\Windows\System\rkKlhza.exe
  2⤵
  PID:14660
- C:\Windows\System\zSZrNZt.exe
  C:\Windows\System\zSZrNZt.exe
  2⤵
  PID:14688
- C:\Windows\System\YSrUjbl.exe
  C:\Windows\System\YSrUjbl.exe
  2⤵
  PID:14716
- C:\Windows\System\xhfeqxA.exe
  C:\Windows\System\xhfeqxA.exe
  2⤵
  PID:14744
- C:\Windows\System\sBrmwyE.exe
  C:\Windows\System\sBrmwyE.exe
  2⤵
  PID:14772
- C:\Windows\System\jrECLWu.exe
  C:\Windows\System\jrECLWu.exe
  2⤵
  PID:14788
- C:\Windows\System\qGBqSVe.exe
  C:\Windows\System\qGBqSVe.exe
  2⤵
  PID:14828
- C:\Windows\System\acudIIl.exe
  C:\Windows\System\acudIIl.exe
  2⤵
  PID:14856
- C:\Windows\System\dNvfVxV.exe
  C:\Windows\System\dNvfVxV.exe
  2⤵
  PID:14884
- C:\Windows\System\onWULao.exe
  C:\Windows\System\onWULao.exe
  2⤵
  PID:14900
- C:\Windows\System\nKSrvOs.exe
  C:\Windows\System\nKSrvOs.exe
  2⤵
  PID:14936
- C:\Windows\System\TxYlEna.exe
  C:\Windows\System\TxYlEna.exe
  2⤵
  PID:14956
- C:\Windows\System\cBiLyQo.exe
  C:\Windows\System\cBiLyQo.exe
  2⤵
  PID:14972
- C:\Windows\System\YUoUrAU.exe
  C:\Windows\System\YUoUrAU.exe
  2⤵
  PID:15024
- C:\Windows\System\ScaThox.exe
  C:\Windows\System\ScaThox.exe
  2⤵
  PID:15040
- C:\Windows\System\iuwDYpq.exe
  C:\Windows\System\iuwDYpq.exe
  2⤵
  PID:15080
- C:\Windows\System\ApZOcZi.exe
  C:\Windows\System\ApZOcZi.exe
  2⤵
  PID:15096
- C:\Windows\System\qtcTKbE.exe
  C:\Windows\System\qtcTKbE.exe
  2⤵
  PID:15124
- C:\Windows\System\AqFpCqH.exe
  C:\Windows\System\AqFpCqH.exe
  2⤵
  PID:15152
- C:\Windows\System\NfUEBUQ.exe
  C:\Windows\System\NfUEBUQ.exe
  2⤵
  PID:15184
- C:\Windows\System\RWgYiBp.exe
  C:\Windows\System\RWgYiBp.exe
  2⤵
  PID:15212
- C:\Windows\System\RHwhENA.exe
  C:\Windows\System\RHwhENA.exe
  2⤵
  PID:15248
- C:\Windows\System\RbbqFRr.exe
  C:\Windows\System\RbbqFRr.exe
  2⤵
  PID:15276
- C:\Windows\System\ndhteif.exe
  C:\Windows\System\ndhteif.exe
  2⤵
  PID:15308

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\FudJmpW.exe

Filesize
2.4MB

MD5
9a7dd189bcdb514d381ce17dea3eb420

SHA1
25762ea8716be2fc927073b825fd62432d6ce188

SHA256
683771cffc7486fb754e0cad56b3acf94f235072d7054ccf95fcf7fad14793ff

SHA512
36cdb795fdc6cd4768e5d7c94465b6221d7addfd8a5d1babf1640212c503b2a3e7baaea788152795e8329aa32cf367d8672ff91f53e91cb45c15026dcf5938cc

Download Submit
C:\Windows\System\GldwEKW.exe

Filesize
2.4MB

MD5
b46119ed6f24d455717da88eed83ca93

SHA1
6d84d640410085049131ea315a0b4711ac1c6c61

SHA256
2cb424d14fca6ad56c53f6489ff38f1c9d75392e5f1714ea760c2c8044c1db2e

SHA512
02711c5987eee018791dbce410bfd46e21e340a2559500d21fdcc7228fb7f5ea16cf590e16aa74754c4ff5014365059e8bda1c1d7be7eeeb00cb899ba0eb6824

Download Submit
C:\Windows\System\HtpAFKu.exe

Filesize
2.4MB

MD5
41b9c44b24a14bedcbe481374b9d6333

SHA1
20a2d641ca0804427e5871d6257157a85e66405a

SHA256
6b0e99b5adc4a144d1d1cc39474f8332af7ab70578e2c0ab3d3c1cde7cbdc088

SHA512
f2257f86ea92a9dbb1aa06f39005b83ef3d04d60a420ee05addece1b67d47c24b498b56371244e458045ca2bbf99851790d2eb52e46f916cf76bf18ccc1c18c7

Download Submit
C:\Windows\System\NQHTUXh.exe

Filesize
2.4MB

MD5
40c49f02ca25a437b4112c4fac4f1896

SHA1
d59168b619dddcc1c6bf44eb8b4ef84ec2578388

SHA256
8615e6dd1bae3940584248500751e40d7fdeacf5d33602269faffe5a6d6259e7

SHA512
c2c65ce604f264128073db5015b51ab9b1f979257a10d1ff7133af5b844c7c15319a39eb332e8e1b2ca6ed9320404409bc912badd6f7a3e406bb200be8711602

Download Submit
C:\Windows\System\NtfFoon.exe

Filesize
2.4MB

MD5
ffd63caafabfb04d5688ca4fe179449e

SHA1
ceb55642d297b5faa6830397ba6dfbe4706740df

SHA256
0f8ddba2d9d1298c9cb0ead64f8c0bc3158c4d514e7bde3da5db83d8e2a92e41

SHA512
aa8fe42c35ab2fc1101a2b7a3a51ef8865af46b314b225a9aa399ae85c815998ddc66bf7a989a73a4093bb677e00b2e0ca95a20402fa4f619297d934a7b308d4

Download Submit
C:\Windows\System\OKPGWbQ.exe

Filesize
2.4MB

MD5
dc317b68df063a262f2f4b52aa78f3b9

SHA1
b67c05e69df0a1690f8e2c3334397fa267611b65

SHA256
0dfa6d98a7e78b8ce49b86028f9b7e5b43e1bc14e3dfbd9725997ee3afd75624

SHA512
826c2df22da14d8049ddf51fc9b6b10cae7212485a769d8ac870cb263d1996db446dd663b150007d69a6de28623dd1be68a862ac70be3f5e56c514e1702d24cc

Download Submit
C:\Windows\System\QWqZzQv.exe

Filesize
2.4MB

MD5
6298d160a292fca452aa5c6ff8648d20

SHA1
e840ac65b3841b7ff440baa9d9b334746118c649

SHA256
dbe06eaeb7aa1edab7f0601ead3b359bef0a9d3f2a287a9277171f82f5a616dc

SHA512
b1a0d4913acf93868f957ca75dcf719e4f62843520d0c67f6469a6071f25be5f80c66fa93eac7620c18f9c3cf239e1fe3be364e0971e5a8d53f5ea1f9d2a0477

Download Submit
C:\Windows\System\RUzhvjY.exe

Filesize
2.4MB

MD5
049b7d7ef7f467715baaa1780467ebca

SHA1
7cf3afb8764b776253ea5cf0ce246443c4bcc942

SHA256
44bd8a21588b2f2c41cceb1cbbd04fa18985cc3843d7cd1317412a16d75edf6a

SHA512
bb9b2542fc06e3856e8eb574d45ed8a06464b8e1f0defa41372ecafa74edfd9e73d0deb06a370ff96650f0b2cbe9a56f869e3d099a83c7122f3f34452f430bca

Download Submit
C:\Windows\System\TUGPAGh.exe

Filesize
2.4MB

MD5
6e66e1d3ba3d8e72b4aaec6876f065fd

SHA1
d15790313d8d709decfedd4ed42046ad2aad856a

SHA256
d31da81129d76176ee772d93ef355db5f21454d186f4289ac9f0ad41727b1bc0

SHA512
a4a7c69efcd8b4b1f179f5b86ec9b4799b706f55ff4b323f1fe9c9092bdf719ad6e71fcccc47b28de9310eda6aa4ea34f0ccfd1b181d016c306764942acb320d

Download Submit
C:\Windows\System\UpULxXK.exe

Filesize
2.4MB

MD5
db035fa33398e77781b33344a5ec25da

SHA1
33a044c0ffcd3101ca3e6dbfc16661c40f3b5b40

SHA256
f20d27aebc3ec589679489abfadf1a113465bfb3c3b5af6b23dbaf6b1514471d

SHA512
c3cc79793dcd7ee1a79567f4c8f1f8d097c6ebe60a5460629524ffe3720aca864dc2a389bc6ca36167ae0ec234e8f34ab590cbed98b22d70c250c849f279d724

Download Submit
C:\Windows\System\WPguOcH.exe

Filesize
2.5MB

MD5
15b3aa9eae2cf78d9418fc807fa9f724

SHA1
05ba42074e90574c9171c2d682e98602260f9547

SHA256
7a14eecd45e65ae1ca4e7ba7ded504998283fee25da3f621e8f28abc8f02dd35

SHA512
0760d6b49963bc4d8aeabb75bd0e9bb08fd987ac0c143e9334b30c687b05922c4226a41a3d949529619af5e84d5eb63b8881f8f3467b7701d6ced81f3fba5e38

Download Submit
C:\Windows\System\XWjEOGR.exe

Filesize
2.4MB

MD5
3eaa46aa62ec8cb9e83da03114d196c5

SHA1
2a990e5b2b7b1362a61f18f7768df66d11c76656

SHA256
7f4e0951ffa6873ab6fba49203427797400ff81f1947406e8cae847ac620004c

SHA512
4de3c53de9e2175fe9f33343961fd72fa0035cfafe228387eeb3e46863b189ab1a69843e098d4caa23afaf504c949eef8164475266e0f2f7463d8c0a2647205e

Download Submit
C:\Windows\System\XqntnbD.exe

Filesize
2.4MB

MD5
49d9b30424cc35ddd36f9ead6b5ae540

SHA1
f188768768ee8528c2fd22c5b5356d7395808d0a

SHA256
0e39e1c2b425bd8fef2dd50875641e4986e6e0071cecdc997ccfbe7034502cda

SHA512
6db7890ccb5494f96a5eedddad3ef6200b5ed36e5669b15a74aca8268a6b30d1b85a51cc9af6b0e3b201a0580728274279d64f89806ceb857408be82dcad5631

Download Submit
C:\Windows\System\axdhboe.exe

Filesize
2.4MB

MD5
1d22a556adfa29098ad381009ac4f08f

SHA1
11979a11fc21100ff1201ea4ec2b47086a3efd1d

SHA256
360d06ba9dec48376fff2270be8bf1a8b2d466e316e7ca684b64f0f728446527

SHA512
29f9e3bfaeaa3a05ceb810289b0523496e8390d7547bd6799cfa754fc0241125bf9b7d6674528fb385b31fca75c541cb9545a4da3cd67c7159e38c593f51a77a

Download Submit
C:\Windows\System\bAOXVTh.exe

Filesize
2.4MB

MD5
c9d60b073a7330168a345c9655ee1852

SHA1
fcad491af692b4547384f3170967075b4d090156

SHA256
fd02e01f81102fa238b9a314980f9d44d043d02c67374577c1e81ef6320db856

SHA512
01e07b80d72327b1136080b48aafe2b29a1c25c40c677fa301448631b68c8af58b57d32ffc0b43c73d7b16c12ffc6f71570997df7b75a3d76da725598b1e7e10

Download Submit
C:\Windows\System\bWBKCBV.exe

Filesize
2.5MB

MD5
76ebd020bbf56bf92e6e239ad0a90476

SHA1
edcaa0d6ca8d3535ad2dca85dc16205e9387c503

SHA256
058fa6ef862b991cf2f2452a60f5d25e8a86ff4e90944decfd5fdc136bf62384

SHA512
d61addf0a6904e4763e3b2a0bdabdde8f337c74af82357f45a7ead228b1a5615cd6fc4fb8c92bc3303e43573e72c2004a7fd2624e3b8c0ea56b44abe9fac8df5

Download Submit
C:\Windows\System\dAqLqiA.exe

Filesize
2.4MB

MD5
2bf3595570deb923a67db504ecbf9f63

SHA1
e46f56ab8fc15c012ff763ba293dc616ad43a056

SHA256
34f500fa2780ab2ffaac18179c8ac9518b70855f9dd7cbfeae4ac27b95683b26

SHA512
4f4d1ef48b7d7626a52bce4e5c96a0b0cec3b65da4624f3a8e93b023b834d6e402d86be78400a2f58edc19a59e7de364eca111bdf77c89db06340ab76b7b43a6

Download Submit
C:\Windows\System\eLxYZyj.exe

Filesize
2.4MB

MD5
07517323d0a7a298ebdc2def4ed41cf9

SHA1
23726c0217ed32e03583f5f2e237cda8c4bb0a62

SHA256
fc3be9b3eb1c0c62f27ae06d0815de9cd65bdf97e29504c931e9a6fee72bd633

SHA512
48b18bffebbd71af54b192d82903ff0d8e44d447cee1abe9a91fc58c41e5e1746978b87b802bb52699135fde4cab5094b24ba1d135aab5bf6cdee2e45eb0ce0c

Download Submit
C:\Windows\System\gIYyZWW.exe

Filesize
2.4MB

MD5
937b80787fd4b55ab6c136fa1443300d

SHA1
55bb81a09057b3d64aad021e977a7b90d2464a0c

SHA256
f1fb1065e29df6adedacd706477e25573ecca3e7ba686b246cc76fa4f3e2ca35

SHA512
5faa5a7881c1d1cc27894eb01baf6ad2778fbfc06df1500b07c03862ae88b29def0f5de665e9c933e04fbcac2607e29c08e847e5e9d8db0af592c42b03ca6720

Download Submit
C:\Windows\System\hivaqPa.exe

Filesize
2.4MB

MD5
c865b87b3c94b2ce93a6327aa28d1a34

SHA1
4dfcab5fb148a1c320a5754eb141bc2afd435720

SHA256
799111aba8dbd520830fe9138686a59e37ff1175b0767a1e270a6c610f98fd53

SHA512
aeae057e690a1a8c3a3b86eaeceee8d957f17926e010dc058c2e1efd1e676cc39f0eb518ea74f27eaa323926c278629e59e64f626476a02d7977bf928b02e894

Download Submit
C:\Windows\System\iHazBis.exe

Filesize
2.4MB

MD5
bcd66fcfadfe730c7ee516a04bb0baa6

SHA1
6cbb0365652e81ba01d8f2270344943b8b171a83

SHA256
68fcd6286db7ec325ec255747ca4a4b9b136b06e9640e0f6c2e787773de154b6

SHA512
239d66170203067da378651059fc2b58d98a08af41817a6aebd9774b7cf6cd2e3c1c771be08662429f1a51ef82934b5748e76f0ae0a9a8f1034d83a68f990e0f

Download Submit
C:\Windows\System\iaAhIwp.exe

Filesize
2.4MB

MD5
0567773d035d059d39aad807c4b9fa8e

SHA1
b9548623c7ba1311195c2e18a42bced9b2d5b310

SHA256
b331ade7c293bfd16d698a38a3c9566d8b69e9afed96a1c3e663ba3c234da67e

SHA512
fb7596f464774d3dce13e33c0240cf8aabba428e169101c19961b94675fb9ff25b98e8659a8ba3a86fab5c0c991fd5df64f59fbdd7bcc8e0541f473f24ff013b

Download Submit
C:\Windows\System\mxVATns.exe

Filesize
2.4MB

MD5
5389f46dbf65b0d2d05e01b5be6c04e1

SHA1
9f7e2b6e851ec78430818cff28fd2de9ab713a98

SHA256
332acf7dbde035199cba8b194a6e417f03ea17ac9656890e3e2ddfc144a50dc3

SHA512
f4166dc4cc30db1c2665e7560c092ffa479706a3b4865b4830e2aa0383c55468ae3e28ad2a9bd42d6ea837a14e7795797d74dd2bed1f26af8f85b04f41482bbe

Download Submit
C:\Windows\System\pujFqge.exe

Filesize
2.4MB

MD5
e0e75b6391b59af5b76fe4e11cc11a80

SHA1
90a9a62a6be25ce38b921e313f456cd84e34765e

SHA256
7d53169d0d53075f9da693d49c93c23e9665fa28b91a9bfb0d7e63d44bdd9c3f

SHA512
46476b336de5816471e55a0957937c035d4aa3b306ca8d2ff736a9ec813600851e6ed1074fc505141846b5cb304f74062db5ef77baa50f6cc542746f2881ec27

Download Submit
C:\Windows\System\qhmvpLS.exe

Filesize
2.4MB

MD5
ee6a730571a3b56a372cbc4d07ca0e5a

SHA1
4a1061c6ce2fdef792ced0d10e58121f5e65b033

SHA256
ecab855ddfb682a24745e4426c21607319235371e14fcd99a73d967a6272a035

SHA512
11acd6c11cbdefab26be5c8c682284db8b57a2a00c302ae44c82e8113433b3f7944932e61c185b961c5a9f1198f751667f08045f1d913a1fa8f05711a97ffab9

Download Submit
C:\Windows\System\rGwhvDg.exe

Filesize
2.4MB

MD5
bd7297a38c3c3eec71c4822714d87881

SHA1
c93385ccd39d8417a951f7b84f2d06fd704ce2d7

SHA256
6ddc186c3d86d08d07bb66b708058a1bc4fd71f0e5731961548452ec6d65a4bc

SHA512
a18d8cdb49dbfb793fc2364a2494d5c259503db9547b5ee4b671841ee2ab47d4d391c3150804e742302022130784a22638e879fb604efd57bd31fae5d5f4ff29

Download Submit
C:\Windows\System\rmFdwGb.exe

Filesize
2.4MB

MD5
0daae5bb5188dc6a8cddc2778d4c3b78

SHA1
9b423dbf0635a046069b743e2f8537aebb73d5a6

SHA256
bdb876a359ca581ee9d6fa7dc0e2f689446daa34229c975795aaf4124e4ddf63

SHA512
2e80159fce07b64823ace41d2e9ae4a9565983a21b4d2cff4c96eeb0f2b9bcb7c5458cac3f8485bfbdb4ce82e55bacdd4c4d7f01879a230123bfbe1d26f94078

Download Submit
C:\Windows\System\srHVrbX.exe

Filesize
2.5MB

MD5
b0c844e0a43ddd3dd9dbf198c27ee858

SHA1
89c3185f153e3b53101461fc3662246b0f18d37b

SHA256
d959720b1cd27aca3dedd83a75d5c4ce9f08c030a781524d50b6e78084bd0fce

SHA512
b9824843fcb577b2eb362d84fbc498ec7e3e2696368c732836af1bafd7ac78eafe966cd2c081199a515f728aaade0a28009b8e8324fc372e4916d75ab7431d09

Download Submit
C:\Windows\System\tIqDJbI.exe

Filesize
2.4MB

MD5
881dd98f1159ae2c85e9d78ae502b8f3

SHA1
18c47007582784b08bfa692c738c3930d4a9573e

SHA256
7d519cc351f6f77c36060d84791657818476b419cb4131f564fcf26de8e42b15

SHA512
7bfa3700cb0e8de3830c2c8d0d2192a3f70044daea0fdc851b7ed98f862ef6bba596ba92f02d414f7dd95a83bbd54461f0d6f1615e38d5fb5178d360544b84e1

Download Submit
C:\Windows\System\ualkmtF.exe

Filesize
2.4MB

MD5
13b3209a035385a9f355ca3c749d87dc

SHA1
fc6cddb8fdf77f80eb6e7f5f54864ad525faa003

SHA256
5f0cf18c8adfdbe8c249a560e359d6dfa1e63b8966f335f74c4b4d48596d20a3

SHA512
46c80fefd9bd1684f26e54085da59e74787af23962f345f247321a7038618ec65dfa73f27ec0dee5571771acdeaaef1830b32d1d8235011c6399f20f36100769

Download Submit
C:\Windows\System\wOZcfsU.exe

Filesize
2.5MB

MD5
022e25df42fb09e7ce821f65aaa18cbe

SHA1
8d82dfde8ae9e609aeb8ac5b7cb7206895f1dbac

SHA256
a6ab9138fb747320bc6bbd8b91385a01b29059d92f8def522847582e1c40572c

SHA512
0cb673fd97065c436daf5931a033d86e5a9daee63396de0e8438a8ed95aa2ebc165a575ea800ae143e6b035faeb3a24492029a2297bb33123090aaec651abbe4

Download Submit
C:\Windows\System\yJbvzam.exe

Filesize
2.4MB

MD5
bda34a871bd8baded67e3aac168cf7bf

SHA1
566488bbc16077d3c35ca53698623315ec907110

SHA256
15f143c77ee3697a66eee3ba0e4342b3e9c65b9c314ed7b87182d3fb387a5486

SHA512
7c356def621b6b524578036c96f6c4f0bb925a3b9abb6adef9053e619a954118352fb488ed2affacb92371cdf88c25046fba96da8cd5aafee67ad3159a60e9d3

Download Submit
memory/536-1245-0x00007FF618680000-0x00007FF6189D4000-memory.dmp

Filesize
3.3MB

Download
memory/536-2249-0x00007FF618680000-0x00007FF6189D4000-memory.dmp

Filesize
3.3MB

Download
memory/536-114-0x00007FF618680000-0x00007FF6189D4000-memory.dmp

Filesize
3.3MB

Download
memory/592-2251-0x00007FF7BDE30000-0x00007FF7BE184000-memory.dmp

Filesize
3.3MB

Download
memory/592-128-0x00007FF7BDE30000-0x00007FF7BE184000-memory.dmp

Filesize
3.3MB

Download
memory/1048-157-0x00007FF6EDCD0000-0x00007FF6EE024000-memory.dmp

Filesize
3.3MB

Download
memory/1048-2234-0x00007FF6EDCD0000-0x00007FF6EE024000-memory.dmp

Filesize
3.3MB

Download
memory/1048-57-0x00007FF6EDCD0000-0x00007FF6EE024000-memory.dmp

Filesize
3.3MB

Download
memory/1080-186-0x00007FF66E2B0000-0x00007FF66E604000-memory.dmp

Filesize
3.3MB

Download
memory/1080-2239-0x00007FF66E2B0000-0x00007FF66E604000-memory.dmp

Filesize
3.3MB

Download
memory/1080-2258-0x00007FF66E2B0000-0x00007FF66E604000-memory.dmp

Filesize
3.3MB

Download
memory/1164-126-0x00007FF605700000-0x00007FF605A54000-memory.dmp

Filesize
3.3MB

Download
memory/1164-2248-0x00007FF605700000-0x00007FF605A54000-memory.dmp

Filesize
3.3MB

Download
memory/1172-2250-0x00007FF7E6D10000-0x00007FF7E7064000-memory.dmp

Filesize
3.3MB

Download
memory/1172-127-0x00007FF7E6D10000-0x00007FF7E7064000-memory.dmp

Filesize
3.3MB

Download
memory/1172-1912-0x00007FF7E6D10000-0x00007FF7E7064000-memory.dmp

Filesize
3.3MB

Download
memory/1360-100-0x00007FF6E1900000-0x00007FF6E1C54000-memory.dmp

Filesize
3.3MB

Download
memory/1360-936-0x00007FF6E1900000-0x00007FF6E1C54000-memory.dmp

Filesize
3.3MB

Download
memory/1360-2244-0x00007FF6E1900000-0x00007FF6E1C54000-memory.dmp

Filesize
3.3MB

Download
memory/1364-120-0x00007FF751100000-0x00007FF751454000-memory.dmp

Filesize
3.3MB

Download
memory/1364-19-0x00007FF751100000-0x00007FF751454000-memory.dmp

Filesize
3.3MB

Download
memory/1364-2231-0x00007FF751100000-0x00007FF751454000-memory.dmp

Filesize
3.3MB

Download
memory/1388-2256-0x00007FF605E90000-0x00007FF6061E4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-178-0x00007FF605E90000-0x00007FF6061E4000-memory.dmp

Filesize
3.3MB

Download
memory/1396-2255-0x00007FF631740000-0x00007FF631A94000-memory.dmp

Filesize
3.3MB

Download
memory/1396-168-0x00007FF631740000-0x00007FF631A94000-memory.dmp

Filesize
3.3MB

Download
memory/1592-119-0x00007FF706C10000-0x00007FF706F64000-memory.dmp

Filesize
3.3MB

Download
memory/1592-2247-0x00007FF706C10000-0x00007FF706F64000-memory.dmp

Filesize
3.3MB

Download
memory/1840-77-0x00007FF6FB070000-0x00007FF6FB3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1840-2242-0x00007FF6FB070000-0x00007FF6FB3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1840-176-0x00007FF6FB070000-0x00007FF6FB3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-2238-0x00007FF62C5A0000-0x00007FF62C8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-131-0x00007FF62C5A0000-0x00007FF62C8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-55-0x00007FF62C5A0000-0x00007FF62C8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-2254-0x00007FF60F010000-0x00007FF60F364000-memory.dmp

Filesize
3.3MB

Download
memory/2196-165-0x00007FF60F010000-0x00007FF60F364000-memory.dmp

Filesize
3.3MB

Download
memory/2196-2228-0x00007FF60F010000-0x00007FF60F364000-memory.dmp

Filesize
3.3MB

Download
memory/2540-2227-0x00007FF7B70E0000-0x00007FF7B7434000-memory.dmp

Filesize
3.3MB

Download
memory/2540-2253-0x00007FF7B70E0000-0x00007FF7B7434000-memory.dmp

Filesize
3.3MB

Download
memory/2540-150-0x00007FF7B70E0000-0x00007FF7B7434000-memory.dmp

Filesize
3.3MB

Download
memory/3160-0-0x00007FF78EF70000-0x00007FF78F2C4000-memory.dmp

Filesize
3.3MB

Download
memory/3160-89-0x00007FF78EF70000-0x00007FF78F2C4000-memory.dmp

Filesize
3.3MB

Download
memory/3160-1-0x0000017BC42C0000-0x0000017BC42D0000-memory.dmp

Filesize
64KB

Download
memory/3208-2252-0x00007FF77E210000-0x00007FF77E564000-memory.dmp

Filesize
3.3MB

Download
memory/3208-147-0x00007FF77E210000-0x00007FF77E564000-memory.dmp

Filesize
3.3MB

Download
memory/3308-184-0x00007FF669CA0000-0x00007FF669FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3308-2257-0x00007FF669CA0000-0x00007FF669FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-123-0x00007FF718850000-0x00007FF718BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2246-0x00007FF718850000-0x00007FF718BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3552-130-0x00007FF711740000-0x00007FF711A94000-memory.dmp

Filesize
3.3MB

Download
memory/3552-2237-0x00007FF711740000-0x00007FF711A94000-memory.dmp

Filesize
3.3MB

Download
memory/3552-49-0x00007FF711740000-0x00007FF711A94000-memory.dmp

Filesize
3.3MB

Download
memory/3720-645-0x00007FF77A330000-0x00007FF77A684000-memory.dmp

Filesize
3.3MB

Download
memory/3720-87-0x00007FF77A330000-0x00007FF77A684000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2245-0x00007FF77A330000-0x00007FF77A684000-memory.dmp

Filesize
3.3MB

Download
memory/3864-2236-0x00007FF7E0D20000-0x00007FF7E1074000-memory.dmp

Filesize
3.3MB

Download
memory/3864-35-0x00007FF7E0D20000-0x00007FF7E1074000-memory.dmp

Filesize
3.3MB

Download
memory/3864-129-0x00007FF7E0D20000-0x00007FF7E1074000-memory.dmp

Filesize
3.3MB

Download
memory/3908-2230-0x00007FF74D5F0000-0x00007FF74D944000-memory.dmp

Filesize
3.3MB

Download
memory/3908-25-0x00007FF74D5F0000-0x00007FF74D944000-memory.dmp

Filesize
3.3MB

Download
memory/3932-195-0x00007FF7FEA40000-0x00007FF7FED94000-memory.dmp

Filesize
3.3MB

Download
memory/3932-2240-0x00007FF7FEA40000-0x00007FF7FED94000-memory.dmp

Filesize
3.3MB

Download
memory/3932-2259-0x00007FF7FEA40000-0x00007FF7FED94000-memory.dmp

Filesize
3.3MB

Download
memory/3984-2232-0x00007FF78E390000-0x00007FF78E6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-33-0x00007FF78E390000-0x00007FF78E6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3984-124-0x00007FF78E390000-0x00007FF78E6E4000-memory.dmp

Filesize
3.3MB

Download
memory/4168-81-0x00007FF7DD090000-0x00007FF7DD3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4168-2243-0x00007FF7DD090000-0x00007FF7DD3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4168-190-0x00007FF7DD090000-0x00007FF7DD3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4232-68-0x00007FF712D30000-0x00007FF713084000-memory.dmp

Filesize
3.3MB

Download
memory/4232-2241-0x00007FF712D30000-0x00007FF713084000-memory.dmp

Filesize
3.3MB

Download
memory/4348-151-0x00007FF6CC150000-0x00007FF6CC4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-2233-0x00007FF6CC150000-0x00007FF6CC4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-56-0x00007FF6CC150000-0x00007FF6CC4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4356-125-0x00007FF64DD50000-0x00007FF64E0A4000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2235-0x00007FF64DD50000-0x00007FF64E0A4000-memory.dmp

Filesize
3.3MB

Download
memory/4356-40-0x00007FF64DD50000-0x00007FF64E0A4000-memory.dmp

Filesize
3.3MB

Download
memory/4868-10-0x00007FF7BDAD0000-0x00007FF7BDE24000-memory.dmp

Filesize
3.3MB

Download
memory/4868-2229-0x00007FF7BDAD0000-0x00007FF7BDE24000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads