xmrig | 1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7

Analysis

max time kernel
120s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 07:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
Size

2.2MB
MD5

b775eac357855ed4f9280a6b46eec190
SHA1

f07d460a4e7bd37dca076cc93feb1201862400bf
SHA256

1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7
SHA512

1be3d2735eb5362fb1782c8f5eb7726e8a1a95e55e1395d9b6b334f96c2b80d0fadec87d253f1ab5afe303cc9c081781af98f96856985d340f959122f1764300
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGv4rzq6c2HAUJYO:BemTLkNdfE0pZr3

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5728-0-0x00007FF779230000-0x00007FF779584000-memory.dmp	xmrig
behavioral2/files/0x0008000000023402-5.dat	xmrig
behavioral2/files/0x0007000000023407-9.dat	xmrig
behavioral2/files/0x0007000000023406-11.dat	xmrig
behavioral2/memory/3372-10-0x00007FF7427D0000-0x00007FF742B24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-27.dat	xmrig
behavioral2/files/0x0007000000023409-32.dat	xmrig
behavioral2/memory/2384-36-0x00007FF6E20A0000-0x00007FF6E23F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-37.dat	xmrig
behavioral2/memory/1568-34-0x00007FF782730000-0x00007FF782A84000-memory.dmp	xmrig
behavioral2/memory/5116-29-0x00007FF721780000-0x00007FF721AD4000-memory.dmp	xmrig
behavioral2/memory/1988-22-0x00007FF632660000-0x00007FF6329B4000-memory.dmp	xmrig
behavioral2/memory/3580-16-0x00007FF65E9D0000-0x00007FF65ED24000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-41.dat	xmrig
behavioral2/files/0x0008000000023403-47.dat	xmrig
behavioral2/memory/5340-50-0x00007FF6D02A0000-0x00007FF6D05F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-57.dat	xmrig
behavioral2/memory/4688-68-0x00007FF60D280000-0x00007FF60D5D4000-memory.dmp	xmrig
behavioral2/memory/5076-74-0x00007FF7F4020000-0x00007FF7F4374000-memory.dmp	xmrig
behavioral2/memory/4580-79-0x00007FF6F82C0000-0x00007FF6F8614000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-82.dat	xmrig
behavioral2/memory/3592-84-0x00007FF7847D0000-0x00007FF784B24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-89.dat	xmrig
behavioral2/files/0x0007000000023413-92.dat	xmrig
behavioral2/memory/5940-91-0x00007FF73FF10000-0x00007FF740264000-memory.dmp	xmrig
behavioral2/memory/5728-83-0x00007FF779230000-0x00007FF779584000-memory.dmp	xmrig
behavioral2/memory/2932-81-0x00007FF778900000-0x00007FF778C54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-77.dat	xmrig
behavioral2/files/0x000700000002340f-70.dat	xmrig
behavioral2/memory/5212-63-0x00007FF6EF440000-0x00007FF6EF794000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-59.dat	xmrig
behavioral2/memory/1520-52-0x00007FF67DF00000-0x00007FF67E254000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-96.dat	xmrig
behavioral2/memory/3580-102-0x00007FF65E9D0000-0x00007FF65ED24000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-110.dat	xmrig
behavioral2/files/0x000700000002341c-118.dat	xmrig
behavioral2/files/0x0007000000023419-124.dat	xmrig
behavioral2/files/0x000700000002341b-133.dat	xmrig
behavioral2/files/0x000700000002341d-140.dat	xmrig
behavioral2/files/0x0007000000023424-172.dat	xmrig
behavioral2/memory/564-523-0x00007FF7F2A90000-0x00007FF7F2DE4000-memory.dmp	xmrig
behavioral2/memory/1612-524-0x00007FF7A99D0000-0x00007FF7A9D24000-memory.dmp	xmrig
behavioral2/memory/1004-522-0x00007FF755820000-0x00007FF755B74000-memory.dmp	xmrig
behavioral2/memory/2592-527-0x00007FF60F540000-0x00007FF60F894000-memory.dmp	xmrig
behavioral2/memory/1584-525-0x00007FF7AA490000-0x00007FF7AA7E4000-memory.dmp	xmrig
behavioral2/memory/2420-530-0x00007FF7DB670000-0x00007FF7DB9C4000-memory.dmp	xmrig
behavioral2/memory/3212-546-0x00007FF609BE0000-0x00007FF609F34000-memory.dmp	xmrig
behavioral2/memory/5516-545-0x00007FF7A08F0000-0x00007FF7A0C44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-186.dat	xmrig
behavioral2/files/0x0007000000023426-182.dat	xmrig
behavioral2/files/0x0007000000023427-181.dat	xmrig
behavioral2/files/0x0007000000023425-176.dat	xmrig
behavioral2/files/0x0007000000023423-167.dat	xmrig
behavioral2/files/0x0007000000023422-162.dat	xmrig
behavioral2/files/0x0007000000023421-157.dat	xmrig
behavioral2/files/0x0007000000023420-152.dat	xmrig
behavioral2/files/0x000700000002341f-146.dat	xmrig
behavioral2/files/0x000700000002341e-142.dat	xmrig
behavioral2/memory/5668-130-0x00007FF7F34C0000-0x00007FF7F3814000-memory.dmp	xmrig
behavioral2/memory/1260-123-0x00007FF73F5F0000-0x00007FF73F944000-memory.dmp	xmrig
behavioral2/memory/5424-119-0x00007FF69A770000-0x00007FF69AAC4000-memory.dmp	xmrig
behavioral2/memory/4552-115-0x00007FF7F6BA0000-0x00007FF7F6EF4000-memory.dmp	xmrig
behavioral2/memory/2596-114-0x00007FF7C8550000-0x00007FF7C88A4000-memory.dmp	xmrig
behavioral2/memory/5116-111-0x00007FF721780000-0x00007FF721AD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3372	zoABHZa.exe
3580	hvaeXQc.exe
1988	ZGVlRCZ.exe
5116	Vbsusas.exe
1568	TJHxLxN.exe
2384	yWLjhuX.exe
5340	clRjjeh.exe
1520	GtaaZHT.exe
5212	yOfhuAf.exe
4688	DeOEWlb.exe
5076	WrvoCAd.exe
4580	lWQgSEt.exe
2932	ZSDAFgP.exe
3592	kDxKBAc.exe
5940	GKXtzVp.exe
2596	sCHZSKT.exe
4552	qMsvSxs.exe
5668	AYivEaS.exe
5424	tarjUHZ.exe
1004	umeXncf.exe
1260	XardDkM.exe
2024	IOTibyj.exe
564	FxUoJyC.exe
1612	YhIsttS.exe
1584	OcdTZyV.exe
2592	GymuVsB.exe
2420	acXZGaP.exe
5516	hfsHbQV.exe
3212	bnZWJxO.exe
1684	dFijtfE.exe
5900	xNmpHaR.exe
4816	sTCPyJk.exe
4152	kEVmosi.exe
116	qedjliF.exe
2328	Pqcxjoz.exe
5768	IOdNWmh.exe
3100	BSqqbWy.exe
4076	wVWagpq.exe
752	NOyATMt.exe
2740	EpPPyUe.exe
4888	wBBaorg.exe
1904	kMWTSmk.exe
4388	UdRNvjF.exe
5292	BNcnBOJ.exe
1116	iOUmOhq.exe
5676	bWovMJT.exe
4036	iDFoNWQ.exe
4708	sxUZbBN.exe
5164	JogRTTM.exe
3176	ZqImvSM.exe
5316	ULONHfk.exe
2264	jrzdiMp.exe
3348	lgFcdnK.exe
1396	UVwPOkl.exe
3148	MBoIOGb.exe
3140	QlkSWXu.exe
2428	DobeGBI.exe
5480	OQPvXfl.exe
3724	LWLVlyv.exe
6080	NgcgMtX.exe
4068	ppiCeAp.exe
3744	dTbUoJC.exe
2896	GofGdSg.exe
5924	gSqqGuW.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5728-0-0x00007FF779230000-0x00007FF779584000-memory.dmp	upx
behavioral2/files/0x0008000000023402-5.dat	upx
behavioral2/files/0x0007000000023407-9.dat	upx
behavioral2/files/0x0007000000023406-11.dat	upx
behavioral2/memory/3372-10-0x00007FF7427D0000-0x00007FF742B24000-memory.dmp	upx
behavioral2/files/0x0007000000023408-27.dat	upx
behavioral2/files/0x0007000000023409-32.dat	upx
behavioral2/memory/2384-36-0x00007FF6E20A0000-0x00007FF6E23F4000-memory.dmp	upx
behavioral2/files/0x000700000002340a-37.dat	upx
behavioral2/memory/1568-34-0x00007FF782730000-0x00007FF782A84000-memory.dmp	upx
behavioral2/memory/5116-29-0x00007FF721780000-0x00007FF721AD4000-memory.dmp	upx
behavioral2/memory/1988-22-0x00007FF632660000-0x00007FF6329B4000-memory.dmp	upx
behavioral2/memory/3580-16-0x00007FF65E9D0000-0x00007FF65ED24000-memory.dmp	upx
behavioral2/files/0x000700000002340b-41.dat	upx
behavioral2/files/0x0008000000023403-47.dat	upx
behavioral2/memory/5340-50-0x00007FF6D02A0000-0x00007FF6D05F4000-memory.dmp	upx
behavioral2/files/0x000700000002340e-57.dat	upx
behavioral2/memory/4688-68-0x00007FF60D280000-0x00007FF60D5D4000-memory.dmp	upx
behavioral2/memory/5076-74-0x00007FF7F4020000-0x00007FF7F4374000-memory.dmp	upx
behavioral2/memory/4580-79-0x00007FF6F82C0000-0x00007FF6F8614000-memory.dmp	upx
behavioral2/files/0x0007000000023411-82.dat	upx
behavioral2/memory/3592-84-0x00007FF7847D0000-0x00007FF784B24000-memory.dmp	upx
behavioral2/files/0x0007000000023412-89.dat	upx
behavioral2/files/0x0007000000023413-92.dat	upx
behavioral2/memory/5940-91-0x00007FF73FF10000-0x00007FF740264000-memory.dmp	upx
behavioral2/memory/5728-83-0x00007FF779230000-0x00007FF779584000-memory.dmp	upx
behavioral2/memory/2932-81-0x00007FF778900000-0x00007FF778C54000-memory.dmp	upx
behavioral2/files/0x0007000000023410-77.dat	upx
behavioral2/files/0x000700000002340f-70.dat	upx
behavioral2/memory/5212-63-0x00007FF6EF440000-0x00007FF6EF794000-memory.dmp	upx
behavioral2/files/0x000700000002340d-59.dat	upx
behavioral2/memory/1520-52-0x00007FF67DF00000-0x00007FF67E254000-memory.dmp	upx
behavioral2/files/0x0007000000023414-96.dat	upx
behavioral2/memory/3580-102-0x00007FF65E9D0000-0x00007FF65ED24000-memory.dmp	upx
behavioral2/files/0x000700000002341a-110.dat	upx
behavioral2/files/0x000700000002341c-118.dat	upx
behavioral2/files/0x0007000000023419-124.dat	upx
behavioral2/files/0x000700000002341b-133.dat	upx
behavioral2/files/0x000700000002341d-140.dat	upx
behavioral2/files/0x0007000000023424-172.dat	upx
behavioral2/memory/564-523-0x00007FF7F2A90000-0x00007FF7F2DE4000-memory.dmp	upx
behavioral2/memory/1612-524-0x00007FF7A99D0000-0x00007FF7A9D24000-memory.dmp	upx
behavioral2/memory/1004-522-0x00007FF755820000-0x00007FF755B74000-memory.dmp	upx
behavioral2/memory/2592-527-0x00007FF60F540000-0x00007FF60F894000-memory.dmp	upx
behavioral2/memory/1584-525-0x00007FF7AA490000-0x00007FF7AA7E4000-memory.dmp	upx
behavioral2/memory/2420-530-0x00007FF7DB670000-0x00007FF7DB9C4000-memory.dmp	upx
behavioral2/memory/3212-546-0x00007FF609BE0000-0x00007FF609F34000-memory.dmp	upx
behavioral2/memory/5516-545-0x00007FF7A08F0000-0x00007FF7A0C44000-memory.dmp	upx
behavioral2/files/0x0007000000023428-186.dat	upx
behavioral2/files/0x0007000000023426-182.dat	upx
behavioral2/files/0x0007000000023427-181.dat	upx
behavioral2/files/0x0007000000023425-176.dat	upx
behavioral2/files/0x0007000000023423-167.dat	upx
behavioral2/files/0x0007000000023422-162.dat	upx
behavioral2/files/0x0007000000023421-157.dat	upx
behavioral2/files/0x0007000000023420-152.dat	upx
behavioral2/files/0x000700000002341f-146.dat	upx
behavioral2/files/0x000700000002341e-142.dat	upx
behavioral2/memory/5668-130-0x00007FF7F34C0000-0x00007FF7F3814000-memory.dmp	upx
behavioral2/memory/1260-123-0x00007FF73F5F0000-0x00007FF73F944000-memory.dmp	upx
behavioral2/memory/5424-119-0x00007FF69A770000-0x00007FF69AAC4000-memory.dmp	upx
behavioral2/memory/4552-115-0x00007FF7F6BA0000-0x00007FF7F6EF4000-memory.dmp	upx
behavioral2/memory/2596-114-0x00007FF7C8550000-0x00007FF7C88A4000-memory.dmp	upx
behavioral2/memory/5116-111-0x00007FF721780000-0x00007FF721AD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HwHntQf.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\lGxTtHa.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\yZPxUEp.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\DxTuZXc.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\SyZEvrQ.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\lWQgSEt.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\AYivEaS.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\tOfyOrf.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\dfjyKsj.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\LzGveEd.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\HAXoKDn.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\tRJImxs.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\zyyyXjy.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\xNnZfrN.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\Lartmfv.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\zOhBjCI.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\SXjDQQf.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\HpmHoFq.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\gAIPPqV.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\nBentFK.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\xNmpHaR.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\TQYcbZc.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\qQFyjGu.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\qoTuJFJ.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\nwiroNq.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\YhIsttS.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\LIxRfVY.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\yyCZdyY.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\mLJslzH.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\GpagHHE.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\xhoyHKA.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\likJBbA.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\vkXTUnA.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\WFMsbyU.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\Driiptj.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\vQpERcZ.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\WabVTAg.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\reMTMVR.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\acXZGaP.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\BdtqlSO.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\hoBEtMO.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\TcZSnZm.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\iZxYUxP.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\FguuURW.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\cYExBhb.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\alMvePq.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\XSKtmeh.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\rtiTrKI.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\fAARJuP.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\wVWagpq.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\hzquerx.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\DqdzcRh.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\OlibbPd.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\hjBEyrt.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\TBKrKUZ.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\CBOARFu.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\FIavlGx.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\CjrKrsN.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\meUvlKG.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\WZguocJ.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\iHDrZEu.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\DTGaiAF.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\vgSIJGq.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
File created	C:\Windows\System\cEXijop.exe	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14636	dwm.exe
Token: SeChangeNotifyPrivilege	14636	dwm.exe
Token: 33	14636	dwm.exe
Token: SeIncBasePriorityPrivilege	14636	dwm.exe
Token: SeShutdownPrivilege	14636	dwm.exe
Token: SeCreatePagefilePrivilege	14636	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5728 wrote to memory of 3372	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	84
PID 5728 wrote to memory of 3372	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	84
PID 5728 wrote to memory of 3580	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	86
PID 5728 wrote to memory of 3580	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	86
PID 5728 wrote to memory of 1988	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	87
PID 5728 wrote to memory of 1988	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	87
PID 5728 wrote to memory of 5116	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	88
PID 5728 wrote to memory of 5116	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	88
PID 5728 wrote to memory of 1568	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	89
PID 5728 wrote to memory of 1568	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	89
PID 5728 wrote to memory of 2384	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	90
PID 5728 wrote to memory of 2384	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	90
PID 5728 wrote to memory of 5340	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	91
PID 5728 wrote to memory of 5340	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	91
PID 5728 wrote to memory of 1520	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	93
PID 5728 wrote to memory of 1520	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	93
PID 5728 wrote to memory of 5212	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	95
PID 5728 wrote to memory of 5212	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	95
PID 5728 wrote to memory of 4688	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	96
PID 5728 wrote to memory of 4688	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	96
PID 5728 wrote to memory of 5076	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	97
PID 5728 wrote to memory of 5076	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	97
PID 5728 wrote to memory of 4580	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	98
PID 5728 wrote to memory of 4580	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	98
PID 5728 wrote to memory of 2932	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	99
PID 5728 wrote to memory of 2932	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	99
PID 5728 wrote to memory of 3592	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	100
PID 5728 wrote to memory of 3592	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	100
PID 5728 wrote to memory of 5940	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	101
PID 5728 wrote to memory of 5940	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	101
PID 5728 wrote to memory of 2596	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	102
PID 5728 wrote to memory of 2596	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	102
PID 5728 wrote to memory of 4552	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	105
PID 5728 wrote to memory of 4552	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	105
PID 5728 wrote to memory of 5668	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	106
PID 5728 wrote to memory of 5668	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	106
PID 5728 wrote to memory of 5424	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	107
PID 5728 wrote to memory of 5424	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	107
PID 5728 wrote to memory of 1004	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	108
PID 5728 wrote to memory of 1004	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	108
PID 5728 wrote to memory of 1260	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	109
PID 5728 wrote to memory of 1260	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	109
PID 5728 wrote to memory of 2024	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	110
PID 5728 wrote to memory of 2024	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	110
PID 5728 wrote to memory of 564	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	112
PID 5728 wrote to memory of 564	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	112
PID 5728 wrote to memory of 1612	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	113
PID 5728 wrote to memory of 1612	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	113
PID 5728 wrote to memory of 1584	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	114
PID 5728 wrote to memory of 1584	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	114
PID 5728 wrote to memory of 2592	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	115
PID 5728 wrote to memory of 2592	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	115
PID 5728 wrote to memory of 2420	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	116
PID 5728 wrote to memory of 2420	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	116
PID 5728 wrote to memory of 5516	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	117
PID 5728 wrote to memory of 5516	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	117
PID 5728 wrote to memory of 3212	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	118
PID 5728 wrote to memory of 3212	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	118
PID 5728 wrote to memory of 1684	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	119
PID 5728 wrote to memory of 1684	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	119
PID 5728 wrote to memory of 5900	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	120
PID 5728 wrote to memory of 5900	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	120
PID 5728 wrote to memory of 4816	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	121
PID 5728 wrote to memory of 4816	5728	1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe	121

C:\Users\Admin\AppData\Local\Temp\1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b38119667ad7c7aeab925e5a76d170c7d1df1bdc51b0bb15df672a2353276e7_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5728
- C:\Windows\System\zoABHZa.exe
  C:\Windows\System\zoABHZa.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\hvaeXQc.exe
  C:\Windows\System\hvaeXQc.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\ZGVlRCZ.exe
  C:\Windows\System\ZGVlRCZ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\Vbsusas.exe
  C:\Windows\System\Vbsusas.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\TJHxLxN.exe
  C:\Windows\System\TJHxLxN.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\yWLjhuX.exe
  C:\Windows\System\yWLjhuX.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\clRjjeh.exe
  C:\Windows\System\clRjjeh.exe
  2⤵
  - Executes dropped EXE
  PID:5340
- C:\Windows\System\GtaaZHT.exe
  C:\Windows\System\GtaaZHT.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\yOfhuAf.exe
  C:\Windows\System\yOfhuAf.exe
  2⤵
  - Executes dropped EXE
  PID:5212
- C:\Windows\System\DeOEWlb.exe
  C:\Windows\System\DeOEWlb.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\WrvoCAd.exe
  C:\Windows\System\WrvoCAd.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\lWQgSEt.exe
  C:\Windows\System\lWQgSEt.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\ZSDAFgP.exe
  C:\Windows\System\ZSDAFgP.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\kDxKBAc.exe
  C:\Windows\System\kDxKBAc.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\GKXtzVp.exe
  C:\Windows\System\GKXtzVp.exe
  2⤵
  - Executes dropped EXE
  PID:5940
- C:\Windows\System\sCHZSKT.exe
  C:\Windows\System\sCHZSKT.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\qMsvSxs.exe
  C:\Windows\System\qMsvSxs.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\AYivEaS.exe
  C:\Windows\System\AYivEaS.exe
  2⤵
  - Executes dropped EXE
  PID:5668
- C:\Windows\System\tarjUHZ.exe
  C:\Windows\System\tarjUHZ.exe
  2⤵
  - Executes dropped EXE
  PID:5424
- C:\Windows\System\umeXncf.exe
  C:\Windows\System\umeXncf.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\XardDkM.exe
  C:\Windows\System\XardDkM.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\IOTibyj.exe
  C:\Windows\System\IOTibyj.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\FxUoJyC.exe
  C:\Windows\System\FxUoJyC.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\YhIsttS.exe
  C:\Windows\System\YhIsttS.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\OcdTZyV.exe
  C:\Windows\System\OcdTZyV.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\GymuVsB.exe
  C:\Windows\System\GymuVsB.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\acXZGaP.exe
  C:\Windows\System\acXZGaP.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\hfsHbQV.exe
  C:\Windows\System\hfsHbQV.exe
  2⤵
  - Executes dropped EXE
  PID:5516
- C:\Windows\System\bnZWJxO.exe
  C:\Windows\System\bnZWJxO.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\dFijtfE.exe
  C:\Windows\System\dFijtfE.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\xNmpHaR.exe
  C:\Windows\System\xNmpHaR.exe
  2⤵
  - Executes dropped EXE
  PID:5900
- C:\Windows\System\sTCPyJk.exe
  C:\Windows\System\sTCPyJk.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\kEVmosi.exe
  C:\Windows\System\kEVmosi.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\qedjliF.exe
  C:\Windows\System\qedjliF.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\Pqcxjoz.exe
  C:\Windows\System\Pqcxjoz.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\IOdNWmh.exe
  C:\Windows\System\IOdNWmh.exe
  2⤵
  - Executes dropped EXE
  PID:5768
- C:\Windows\System\BSqqbWy.exe
  C:\Windows\System\BSqqbWy.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\wVWagpq.exe
  C:\Windows\System\wVWagpq.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\NOyATMt.exe
  C:\Windows\System\NOyATMt.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\EpPPyUe.exe
  C:\Windows\System\EpPPyUe.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\wBBaorg.exe
  C:\Windows\System\wBBaorg.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\kMWTSmk.exe
  C:\Windows\System\kMWTSmk.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\UdRNvjF.exe
  C:\Windows\System\UdRNvjF.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\BNcnBOJ.exe
  C:\Windows\System\BNcnBOJ.exe
  2⤵
  - Executes dropped EXE
  PID:5292
- C:\Windows\System\iOUmOhq.exe
  C:\Windows\System\iOUmOhq.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\bWovMJT.exe
  C:\Windows\System\bWovMJT.exe
  2⤵
  - Executes dropped EXE
  PID:5676
- C:\Windows\System\iDFoNWQ.exe
  C:\Windows\System\iDFoNWQ.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\sxUZbBN.exe
  C:\Windows\System\sxUZbBN.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\JogRTTM.exe
  C:\Windows\System\JogRTTM.exe
  2⤵
  - Executes dropped EXE
  PID:5164
- C:\Windows\System\ZqImvSM.exe
  C:\Windows\System\ZqImvSM.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\ULONHfk.exe
  C:\Windows\System\ULONHfk.exe
  2⤵
  - Executes dropped EXE
  PID:5316
- C:\Windows\System\jrzdiMp.exe
  C:\Windows\System\jrzdiMp.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\lgFcdnK.exe
  C:\Windows\System\lgFcdnK.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\UVwPOkl.exe
  C:\Windows\System\UVwPOkl.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\MBoIOGb.exe
  C:\Windows\System\MBoIOGb.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\QlkSWXu.exe
  C:\Windows\System\QlkSWXu.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\DobeGBI.exe
  C:\Windows\System\DobeGBI.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\OQPvXfl.exe
  C:\Windows\System\OQPvXfl.exe
  2⤵
  - Executes dropped EXE
  PID:5480
- C:\Windows\System\LWLVlyv.exe
  C:\Windows\System\LWLVlyv.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\NgcgMtX.exe
  C:\Windows\System\NgcgMtX.exe
  2⤵
  - Executes dropped EXE
  PID:6080
- C:\Windows\System\ppiCeAp.exe
  C:\Windows\System\ppiCeAp.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\dTbUoJC.exe
  C:\Windows\System\dTbUoJC.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\GofGdSg.exe
  C:\Windows\System\GofGdSg.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\gSqqGuW.exe
  C:\Windows\System\gSqqGuW.exe
  2⤵
  - Executes dropped EXE
  PID:5924
- C:\Windows\System\YzwWvSX.exe
  C:\Windows\System\YzwWvSX.exe
  2⤵
  PID:6060
- C:\Windows\System\BbwsFjp.exe
  C:\Windows\System\BbwsFjp.exe
  2⤵
  PID:6116
- C:\Windows\System\OhaVSKI.exe
  C:\Windows\System\OhaVSKI.exe
  2⤵
  PID:3848
- C:\Windows\System\HbbAhFi.exe
  C:\Windows\System\HbbAhFi.exe
  2⤵
  PID:4316
- C:\Windows\System\YQIlOcy.exe
  C:\Windows\System\YQIlOcy.exe
  2⤵
  PID:2556
- C:\Windows\System\KKLNAiR.exe
  C:\Windows\System\KKLNAiR.exe
  2⤵
  PID:1356
- C:\Windows\System\txzoTZU.exe
  C:\Windows\System\txzoTZU.exe
  2⤵
  PID:6128
- C:\Windows\System\ruFxyqi.exe
  C:\Windows\System\ruFxyqi.exe
  2⤵
  PID:3900
- C:\Windows\System\ezZEoeC.exe
  C:\Windows\System\ezZEoeC.exe
  2⤵
  PID:4176
- C:\Windows\System\gbmvAUA.exe
  C:\Windows\System\gbmvAUA.exe
  2⤵
  PID:6088
- C:\Windows\System\LFuOHsj.exe
  C:\Windows\System\LFuOHsj.exe
  2⤵
  PID:4800
- C:\Windows\System\ANAxwSc.exe
  C:\Windows\System\ANAxwSc.exe
  2⤵
  PID:3188
- C:\Windows\System\yPZhTOe.exe
  C:\Windows\System\yPZhTOe.exe
  2⤵
  PID:5952
- C:\Windows\System\iZxYUxP.exe
  C:\Windows\System\iZxYUxP.exe
  2⤵
  PID:6100
- C:\Windows\System\nVQpCXF.exe
  C:\Windows\System\nVQpCXF.exe
  2⤵
  PID:4220
- C:\Windows\System\IrqxJMe.exe
  C:\Windows\System\IrqxJMe.exe
  2⤵
  PID:3440
- C:\Windows\System\ABzVdSi.exe
  C:\Windows\System\ABzVdSi.exe
  2⤵
  PID:5764
- C:\Windows\System\fkISEOz.exe
  C:\Windows\System\fkISEOz.exe
  2⤵
  PID:1216
- C:\Windows\System\qoTuJFJ.exe
  C:\Windows\System\qoTuJFJ.exe
  2⤵
  PID:4536
- C:\Windows\System\SLCYtto.exe
  C:\Windows\System\SLCYtto.exe
  2⤵
  PID:5020
- C:\Windows\System\CdQQKuM.exe
  C:\Windows\System\CdQQKuM.exe
  2⤵
  PID:3020
- C:\Windows\System\BdtqlSO.exe
  C:\Windows\System\BdtqlSO.exe
  2⤵
  PID:712
- C:\Windows\System\cJqxdKE.exe
  C:\Windows\System\cJqxdKE.exe
  2⤵
  PID:2852
- C:\Windows\System\hWoYvoU.exe
  C:\Windows\System\hWoYvoU.exe
  2⤵
  PID:1900
- C:\Windows\System\vRirHxK.exe
  C:\Windows\System\vRirHxK.exe
  2⤵
  PID:4940
- C:\Windows\System\HwHntQf.exe
  C:\Windows\System\HwHntQf.exe
  2⤵
  PID:6156
- C:\Windows\System\jDHOtKa.exe
  C:\Windows\System\jDHOtKa.exe
  2⤵
  PID:6184
- C:\Windows\System\NzrpUmS.exe
  C:\Windows\System\NzrpUmS.exe
  2⤵
  PID:6212
- C:\Windows\System\rUAoMcM.exe
  C:\Windows\System\rUAoMcM.exe
  2⤵
  PID:6240
- C:\Windows\System\XnFEEYY.exe
  C:\Windows\System\XnFEEYY.exe
  2⤵
  PID:6268
- C:\Windows\System\acRBskW.exe
  C:\Windows\System\acRBskW.exe
  2⤵
  PID:6296
- C:\Windows\System\tzFfBVK.exe
  C:\Windows\System\tzFfBVK.exe
  2⤵
  PID:6324
- C:\Windows\System\ErdyULT.exe
  C:\Windows\System\ErdyULT.exe
  2⤵
  PID:6352
- C:\Windows\System\eUKcoQw.exe
  C:\Windows\System\eUKcoQw.exe
  2⤵
  PID:6380
- C:\Windows\System\jbdRxmj.exe
  C:\Windows\System\jbdRxmj.exe
  2⤵
  PID:6408
- C:\Windows\System\tOfyOrf.exe
  C:\Windows\System\tOfyOrf.exe
  2⤵
  PID:6436
- C:\Windows\System\LJNHkgm.exe
  C:\Windows\System\LJNHkgm.exe
  2⤵
  PID:6464
- C:\Windows\System\zlFACHT.exe
  C:\Windows\System\zlFACHT.exe
  2⤵
  PID:6496
- C:\Windows\System\zMZtozr.exe
  C:\Windows\System\zMZtozr.exe
  2⤵
  PID:6528
- C:\Windows\System\FguuURW.exe
  C:\Windows\System\FguuURW.exe
  2⤵
  PID:6556
- C:\Windows\System\cEXijop.exe
  C:\Windows\System\cEXijop.exe
  2⤵
  PID:6584
- C:\Windows\System\bdnjbpw.exe
  C:\Windows\System\bdnjbpw.exe
  2⤵
  PID:6612
- C:\Windows\System\zyyyXjy.exe
  C:\Windows\System\zyyyXjy.exe
  2⤵
  PID:6640
- C:\Windows\System\lnNBInu.exe
  C:\Windows\System\lnNBInu.exe
  2⤵
  PID:6672
- C:\Windows\System\nwiroNq.exe
  C:\Windows\System\nwiroNq.exe
  2⤵
  PID:6696
- C:\Windows\System\VOZekMk.exe
  C:\Windows\System\VOZekMk.exe
  2⤵
  PID:6724
- C:\Windows\System\hEmSYYs.exe
  C:\Windows\System\hEmSYYs.exe
  2⤵
  PID:6752
- C:\Windows\System\SRpPgKs.exe
  C:\Windows\System\SRpPgKs.exe
  2⤵
  PID:6780
- C:\Windows\System\ljCBGVe.exe
  C:\Windows\System\ljCBGVe.exe
  2⤵
  PID:6808
- C:\Windows\System\McqUPrn.exe
  C:\Windows\System\McqUPrn.exe
  2⤵
  PID:6840
- C:\Windows\System\tOioEfa.exe
  C:\Windows\System\tOioEfa.exe
  2⤵
  PID:6864
- C:\Windows\System\OUutnzp.exe
  C:\Windows\System\OUutnzp.exe
  2⤵
  PID:6892
- C:\Windows\System\uFQpbpR.exe
  C:\Windows\System\uFQpbpR.exe
  2⤵
  PID:6920
- C:\Windows\System\LIxRfVY.exe
  C:\Windows\System\LIxRfVY.exe
  2⤵
  PID:6952
- C:\Windows\System\DHjHzpe.exe
  C:\Windows\System\DHjHzpe.exe
  2⤵
  PID:6980
- C:\Windows\System\DLgaRQx.exe
  C:\Windows\System\DLgaRQx.exe
  2⤵
  PID:7008
- C:\Windows\System\IztGRLH.exe
  C:\Windows\System\IztGRLH.exe
  2⤵
  PID:7036
- C:\Windows\System\ddCufyC.exe
  C:\Windows\System\ddCufyC.exe
  2⤵
  PID:7064
- C:\Windows\System\iIZfzHE.exe
  C:\Windows\System\iIZfzHE.exe
  2⤵
  PID:7092
- C:\Windows\System\eyRWWCH.exe
  C:\Windows\System\eyRWWCH.exe
  2⤵
  PID:7116
- C:\Windows\System\onEwtwo.exe
  C:\Windows\System\onEwtwo.exe
  2⤵
  PID:7148
- C:\Windows\System\MvjtsdB.exe
  C:\Windows\System\MvjtsdB.exe
  2⤵
  PID:6172
- C:\Windows\System\ynGkWIJ.exe
  C:\Windows\System\ynGkWIJ.exe
  2⤵
  PID:4972
- C:\Windows\System\jqHQYfY.exe
  C:\Windows\System\jqHQYfY.exe
  2⤵
  PID:3624
- C:\Windows\System\bOHRzSb.exe
  C:\Windows\System\bOHRzSb.exe
  2⤵
  PID:5576
- C:\Windows\System\NHppcHp.exe
  C:\Windows\System\NHppcHp.exe
  2⤵
  PID:5612
- C:\Windows\System\WcTAQpx.exe
  C:\Windows\System\WcTAQpx.exe
  2⤵
  PID:1160
- C:\Windows\System\mLJslzH.exe
  C:\Windows\System\mLJslzH.exe
  2⤵
  PID:1580
- C:\Windows\System\Mnpkdbl.exe
  C:\Windows\System\Mnpkdbl.exe
  2⤵
  PID:3760
- C:\Windows\System\YfQCKSO.exe
  C:\Windows\System\YfQCKSO.exe
  2⤵
  PID:1332
- C:\Windows\System\jpkhGqs.exe
  C:\Windows\System\jpkhGqs.exe
  2⤵
  PID:1156
- C:\Windows\System\QSxpsZz.exe
  C:\Windows\System\QSxpsZz.exe
  2⤵
  PID:1500
- C:\Windows\System\GAcUdOV.exe
  C:\Windows\System\GAcUdOV.exe
  2⤵
  PID:4440
- C:\Windows\System\JDBNEOv.exe
  C:\Windows\System\JDBNEOv.exe
  2⤵
  PID:4432
- C:\Windows\System\olNQdUf.exe
  C:\Windows\System\olNQdUf.exe
  2⤵
  PID:3056
- C:\Windows\System\IiLjEOn.exe
  C:\Windows\System\IiLjEOn.exe
  2⤵
  PID:3280
- C:\Windows\System\dfjyKsj.exe
  C:\Windows\System\dfjyKsj.exe
  2⤵
  PID:5192
- C:\Windows\System\EPnZPAe.exe
  C:\Windows\System\EPnZPAe.exe
  2⤵
  PID:1360
- C:\Windows\System\JqzpVfN.exe
  C:\Windows\System\JqzpVfN.exe
  2⤵
  PID:3036
- C:\Windows\System\bjtpxtQ.exe
  C:\Windows\System\bjtpxtQ.exe
  2⤵
  PID:436
- C:\Windows\System\TQYcbZc.exe
  C:\Windows\System\TQYcbZc.exe
  2⤵
  PID:5608
- C:\Windows\System\pjjdAOi.exe
  C:\Windows\System\pjjdAOi.exe
  2⤵
  PID:1944
- C:\Windows\System\HAXoKDn.exe
  C:\Windows\System\HAXoKDn.exe
  2⤵
  PID:5364
- C:\Windows\System\vJheepR.exe
  C:\Windows\System\vJheepR.exe
  2⤵
  PID:5156
- C:\Windows\System\QqBXiMp.exe
  C:\Windows\System\QqBXiMp.exe
  2⤵
  PID:2600
- C:\Windows\System\TsdGtJs.exe
  C:\Windows\System\TsdGtJs.exe
  2⤵
  PID:460
- C:\Windows\System\fNGlLgB.exe
  C:\Windows\System\fNGlLgB.exe
  2⤵
  PID:5708
- C:\Windows\System\wOxkzYZ.exe
  C:\Windows\System\wOxkzYZ.exe
  2⤵
  PID:3248
- C:\Windows\System\cHhQXyP.exe
  C:\Windows\System\cHhQXyP.exe
  2⤵
  PID:6252
- C:\Windows\System\zYRwvPq.exe
  C:\Windows\System\zYRwvPq.exe
  2⤵
  PID:6288
- C:\Windows\System\UwsSWQm.exe
  C:\Windows\System\UwsSWQm.exe
  2⤵
  PID:6336
- C:\Windows\System\HkRRMXs.exe
  C:\Windows\System\HkRRMXs.exe
  2⤵
  PID:6368
- C:\Windows\System\NDjhQCd.exe
  C:\Windows\System\NDjhQCd.exe
  2⤵
  PID:6420
- C:\Windows\System\XFWFGUV.exe
  C:\Windows\System\XFWFGUV.exe
  2⤵
  PID:6456
- C:\Windows\System\lEHWFoj.exe
  C:\Windows\System\lEHWFoj.exe
  2⤵
  PID:6600
- C:\Windows\System\SyEXZqb.exe
  C:\Windows\System\SyEXZqb.exe
  2⤵
  PID:6684
- C:\Windows\System\dzOAfYk.exe
  C:\Windows\System\dzOAfYk.exe
  2⤵
  PID:6744
- C:\Windows\System\tkMSIKo.exe
  C:\Windows\System\tkMSIKo.exe
  2⤵
  PID:5684
- C:\Windows\System\jbiwTsh.exe
  C:\Windows\System\jbiwTsh.exe
  2⤵
  PID:3136
- C:\Windows\System\qLIRlKs.exe
  C:\Windows\System\qLIRlKs.exe
  2⤵
  PID:2292
- C:\Windows\System\dfgrWkE.exe
  C:\Windows\System\dfgrWkE.exe
  2⤵
  PID:3916
- C:\Windows\System\EONfofN.exe
  C:\Windows\System\EONfofN.exe
  2⤵
  PID:3800
- C:\Windows\System\RzTwVgg.exe
  C:\Windows\System\RzTwVgg.exe
  2⤵
  PID:1144
- C:\Windows\System\RxGxunI.exe
  C:\Windows\System\RxGxunI.exe
  2⤵
  PID:5472
- C:\Windows\System\AIISJEi.exe
  C:\Windows\System\AIISJEi.exe
  2⤵
  PID:3300
- C:\Windows\System\hoBEtMO.exe
  C:\Windows\System\hoBEtMO.exe
  2⤵
  PID:3040
- C:\Windows\System\hOnOfrR.exe
  C:\Windows\System\hOnOfrR.exe
  2⤵
  PID:4696
- C:\Windows\System\KOloKuA.exe
  C:\Windows\System\KOloKuA.exe
  2⤵
  PID:5268
- C:\Windows\System\WFMsbyU.exe
  C:\Windows\System\WFMsbyU.exe
  2⤵
  PID:4684
- C:\Windows\System\EqHQMeV.exe
  C:\Windows\System\EqHQMeV.exe
  2⤵
  PID:1836
- C:\Windows\System\CYkSRGQ.exe
  C:\Windows\System\CYkSRGQ.exe
  2⤵
  PID:1952
- C:\Windows\System\TRmUfhs.exe
  C:\Windows\System\TRmUfhs.exe
  2⤵
  PID:6448
- C:\Windows\System\KZKYYOY.exe
  C:\Windows\System\KZKYYOY.exe
  2⤵
  PID:6396
- C:\Windows\System\iAlLMGn.exe
  C:\Windows\System\iAlLMGn.exe
  2⤵
  PID:6628
- C:\Windows\System\hzquerx.exe
  C:\Windows\System\hzquerx.exe
  2⤵
  PID:6716
- C:\Windows\System\qSDaAsK.exe
  C:\Windows\System\qSDaAsK.exe
  2⤵
  PID:6884
- C:\Windows\System\hWYWKXd.exe
  C:\Windows\System\hWYWKXd.exe
  2⤵
  PID:3080
- C:\Windows\System\gNwprOD.exe
  C:\Windows\System\gNwprOD.exe
  2⤵
  PID:2448
- C:\Windows\System\zGTHrXC.exe
  C:\Windows\System\zGTHrXC.exe
  2⤵
  PID:5032
- C:\Windows\System\yAhmFyj.exe
  C:\Windows\System\yAhmFyj.exe
  2⤵
  PID:4324
- C:\Windows\System\LbRlrLi.exe
  C:\Windows\System\LbRlrLi.exe
  2⤵
  PID:6044
- C:\Windows\System\GpagHHE.exe
  C:\Windows\System\GpagHHE.exe
  2⤵
  PID:6260
- C:\Windows\System\ccEhStD.exe
  C:\Windows\System\ccEhStD.exe
  2⤵
  PID:948
- C:\Windows\System\wdkbUai.exe
  C:\Windows\System\wdkbUai.exe
  2⤵
  PID:6392
- C:\Windows\System\moMZKpy.exe
  C:\Windows\System\moMZKpy.exe
  2⤵
  PID:6452
- C:\Windows\System\RAJcAwk.exe
  C:\Windows\System\RAJcAwk.exe
  2⤵
  PID:6800
- C:\Windows\System\zvWUiyC.exe
  C:\Windows\System\zvWUiyC.exe
  2⤵
  PID:4560
- C:\Windows\System\GQEhSET.exe
  C:\Windows\System\GQEhSET.exe
  2⤵
  PID:5760
- C:\Windows\System\CGvyClE.exe
  C:\Windows\System\CGvyClE.exe
  2⤵
  PID:5688
- C:\Windows\System\fJvGIEK.exe
  C:\Windows\System\fJvGIEK.exe
  2⤵
  PID:1460
- C:\Windows\System\ZlQvbST.exe
  C:\Windows\System\ZlQvbST.exe
  2⤵
  PID:1576
- C:\Windows\System\iMFKEzZ.exe
  C:\Windows\System\iMFKEzZ.exe
  2⤵
  PID:1632
- C:\Windows\System\voOGmLm.exe
  C:\Windows\System\voOGmLm.exe
  2⤵
  PID:2340
- C:\Windows\System\vcEErYM.exe
  C:\Windows\System\vcEErYM.exe
  2⤵
  PID:7180
- C:\Windows\System\qaiJQOI.exe
  C:\Windows\System\qaiJQOI.exe
  2⤵
  PID:7200
- C:\Windows\System\zlcLzya.exe
  C:\Windows\System\zlcLzya.exe
  2⤵
  PID:7220
- C:\Windows\System\znKNAFA.exe
  C:\Windows\System\znKNAFA.exe
  2⤵
  PID:7244
- C:\Windows\System\cNhLwql.exe
  C:\Windows\System\cNhLwql.exe
  2⤵
  PID:7268
- C:\Windows\System\QkYapJB.exe
  C:\Windows\System\QkYapJB.exe
  2⤵
  PID:7304
- C:\Windows\System\SXjDQQf.exe
  C:\Windows\System\SXjDQQf.exe
  2⤵
  PID:7356
- C:\Windows\System\MpNWhXq.exe
  C:\Windows\System\MpNWhXq.exe
  2⤵
  PID:7384
- C:\Windows\System\UFKzERt.exe
  C:\Windows\System\UFKzERt.exe
  2⤵
  PID:7436
- C:\Windows\System\sfkQOOh.exe
  C:\Windows\System\sfkQOOh.exe
  2⤵
  PID:7464
- C:\Windows\System\VeIVeAo.exe
  C:\Windows\System\VeIVeAo.exe
  2⤵
  PID:7488
- C:\Windows\System\SDjZVze.exe
  C:\Windows\System\SDjZVze.exe
  2⤵
  PID:7512
- C:\Windows\System\WdNvSvY.exe
  C:\Windows\System\WdNvSvY.exe
  2⤵
  PID:7544
- C:\Windows\System\bTzSxRv.exe
  C:\Windows\System\bTzSxRv.exe
  2⤵
  PID:7584
- C:\Windows\System\arFyVHV.exe
  C:\Windows\System\arFyVHV.exe
  2⤵
  PID:7616
- C:\Windows\System\xNnZfrN.exe
  C:\Windows\System\xNnZfrN.exe
  2⤵
  PID:7648
- C:\Windows\System\OVjdZrz.exe
  C:\Windows\System\OVjdZrz.exe
  2⤵
  PID:7672
- C:\Windows\System\cicqRhP.exe
  C:\Windows\System\cicqRhP.exe
  2⤵
  PID:7708
- C:\Windows\System\KklYHIr.exe
  C:\Windows\System\KklYHIr.exe
  2⤵
  PID:7744
- C:\Windows\System\rtiTrKI.exe
  C:\Windows\System\rtiTrKI.exe
  2⤵
  PID:7776
- C:\Windows\System\LYCgCwQ.exe
  C:\Windows\System\LYCgCwQ.exe
  2⤵
  PID:7800
- C:\Windows\System\rgZiHiU.exe
  C:\Windows\System\rgZiHiU.exe
  2⤵
  PID:7844
- C:\Windows\System\Kptiryd.exe
  C:\Windows\System\Kptiryd.exe
  2⤵
  PID:7872
- C:\Windows\System\nhamtBM.exe
  C:\Windows\System\nhamtBM.exe
  2⤵
  PID:7908
- C:\Windows\System\cTtJjyu.exe
  C:\Windows\System\cTtJjyu.exe
  2⤵
  PID:7944
- C:\Windows\System\YMPNVqc.exe
  C:\Windows\System\YMPNVqc.exe
  2⤵
  PID:7964
- C:\Windows\System\CjrKrsN.exe
  C:\Windows\System\CjrKrsN.exe
  2⤵
  PID:7992
- C:\Windows\System\LzGveEd.exe
  C:\Windows\System\LzGveEd.exe
  2⤵
  PID:8024
- C:\Windows\System\zoJCttT.exe
  C:\Windows\System\zoJCttT.exe
  2⤵
  PID:8052
- C:\Windows\System\iqTrvPd.exe
  C:\Windows\System\iqTrvPd.exe
  2⤵
  PID:8080
- C:\Windows\System\JknpkMu.exe
  C:\Windows\System\JknpkMu.exe
  2⤵
  PID:8100
- C:\Windows\System\SfDkikF.exe
  C:\Windows\System\SfDkikF.exe
  2⤵
  PID:8132
- C:\Windows\System\pMIQwTH.exe
  C:\Windows\System\pMIQwTH.exe
  2⤵
  PID:8164
- C:\Windows\System\lKuQoDy.exe
  C:\Windows\System\lKuQoDy.exe
  2⤵
  PID:6992
- C:\Windows\System\tRJImxs.exe
  C:\Windows\System\tRJImxs.exe
  2⤵
  PID:7232
- C:\Windows\System\yRyxSCD.exe
  C:\Windows\System\yRyxSCD.exe
  2⤵
  PID:7288
- C:\Windows\System\KWjQNwP.exe
  C:\Windows\System\KWjQNwP.exe
  2⤵
  PID:7372
- C:\Windows\System\bIQBVpa.exe
  C:\Windows\System\bIQBVpa.exe
  2⤵
  PID:7456
- C:\Windows\System\UBWdXEN.exe
  C:\Windows\System\UBWdXEN.exe
  2⤵
  PID:7532
- C:\Windows\System\wgOMAMI.exe
  C:\Windows\System\wgOMAMI.exe
  2⤵
  PID:7612
- C:\Windows\System\sPUzTDa.exe
  C:\Windows\System\sPUzTDa.exe
  2⤵
  PID:4848
- C:\Windows\System\QmoTiiU.exe
  C:\Windows\System\QmoTiiU.exe
  2⤵
  PID:7764
- C:\Windows\System\vnrGanc.exe
  C:\Windows\System\vnrGanc.exe
  2⤵
  PID:7840
- C:\Windows\System\ElsQxRe.exe
  C:\Windows\System\ElsQxRe.exe
  2⤵
  PID:7924
- C:\Windows\System\OPrIiNh.exe
  C:\Windows\System\OPrIiNh.exe
  2⤵
  PID:7984
- C:\Windows\System\NfLoCoS.exe
  C:\Windows\System\NfLoCoS.exe
  2⤵
  PID:8016
- C:\Windows\System\TFbQXDP.exe
  C:\Windows\System\TFbQXDP.exe
  2⤵
  PID:8072
- C:\Windows\System\DxTuZXc.exe
  C:\Windows\System\DxTuZXc.exe
  2⤵
  PID:6312
- C:\Windows\System\ixSizEx.exe
  C:\Windows\System\ixSizEx.exe
  2⤵
  PID:1700
- C:\Windows\System\IBmpWHi.exe
  C:\Windows\System\IBmpWHi.exe
  2⤵
  PID:6944
- C:\Windows\System\QMiOuRi.exe
  C:\Windows\System\QMiOuRi.exe
  2⤵
  PID:7256
- C:\Windows\System\uwDoIGB.exe
  C:\Windows\System\uwDoIGB.exe
  2⤵
  PID:7408
- C:\Windows\System\PkmmZMd.exe
  C:\Windows\System\PkmmZMd.exe
  2⤵
  PID:7564
- C:\Windows\System\tvTrunh.exe
  C:\Windows\System\tvTrunh.exe
  2⤵
  PID:7796
- C:\Windows\System\IMpdtxO.exe
  C:\Windows\System\IMpdtxO.exe
  2⤵
  PID:7980
- C:\Windows\System\nHvCDTe.exe
  C:\Windows\System\nHvCDTe.exe
  2⤵
  PID:8120
- C:\Windows\System\uxCQLWf.exe
  C:\Windows\System\uxCQLWf.exe
  2⤵
  PID:8148
- C:\Windows\System\FrViKFr.exe
  C:\Windows\System\FrViKFr.exe
  2⤵
  PID:6120
- C:\Windows\System\MEGOmOF.exe
  C:\Windows\System\MEGOmOF.exe
  2⤵
  PID:7704
- C:\Windows\System\HWKcXyZ.exe
  C:\Windows\System\HWKcXyZ.exe
  2⤵
  PID:8124
- C:\Windows\System\FxgzmBm.exe
  C:\Windows\System\FxgzmBm.exe
  2⤵
  PID:7368
- C:\Windows\System\UlyyQbQ.exe
  C:\Windows\System\UlyyQbQ.exe
  2⤵
  PID:8180
- C:\Windows\System\Lartmfv.exe
  C:\Windows\System\Lartmfv.exe
  2⤵
  PID:8212
- C:\Windows\System\ZUMcIPh.exe
  C:\Windows\System\ZUMcIPh.exe
  2⤵
  PID:8228
- C:\Windows\System\XeegIoS.exe
  C:\Windows\System\XeegIoS.exe
  2⤵
  PID:8256
- C:\Windows\System\Driiptj.exe
  C:\Windows\System\Driiptj.exe
  2⤵
  PID:8288
- C:\Windows\System\yeIOzCb.exe
  C:\Windows\System\yeIOzCb.exe
  2⤵
  PID:8312
- C:\Windows\System\mKdxnDL.exe
  C:\Windows\System\mKdxnDL.exe
  2⤵
  PID:8332
- C:\Windows\System\jLtxGuo.exe
  C:\Windows\System\jLtxGuo.exe
  2⤵
  PID:8364
- C:\Windows\System\fuPbJep.exe
  C:\Windows\System\fuPbJep.exe
  2⤵
  PID:8388
- C:\Windows\System\kgWdvCr.exe
  C:\Windows\System\kgWdvCr.exe
  2⤵
  PID:8420
- C:\Windows\System\yCjimLU.exe
  C:\Windows\System\yCjimLU.exe
  2⤵
  PID:8436
- C:\Windows\System\hoMnQZA.exe
  C:\Windows\System\hoMnQZA.exe
  2⤵
  PID:8492
- C:\Windows\System\MZQkqDl.exe
  C:\Windows\System\MZQkqDl.exe
  2⤵
  PID:8520
- C:\Windows\System\bDEIobe.exe
  C:\Windows\System\bDEIobe.exe
  2⤵
  PID:8536
- C:\Windows\System\fDxIxYw.exe
  C:\Windows\System\fDxIxYw.exe
  2⤵
  PID:8568
- C:\Windows\System\DpsMogL.exe
  C:\Windows\System\DpsMogL.exe
  2⤵
  PID:8592
- C:\Windows\System\asQLFte.exe
  C:\Windows\System\asQLFte.exe
  2⤵
  PID:8620
- C:\Windows\System\BWAAkca.exe
  C:\Windows\System\BWAAkca.exe
  2⤵
  PID:8660
- C:\Windows\System\NkcrNGL.exe
  C:\Windows\System\NkcrNGL.exe
  2⤵
  PID:8684
- C:\Windows\System\GuUBwfW.exe
  C:\Windows\System\GuUBwfW.exe
  2⤵
  PID:8704
- C:\Windows\System\BfMkSlh.exe
  C:\Windows\System\BfMkSlh.exe
  2⤵
  PID:8732
- C:\Windows\System\kxCXNBc.exe
  C:\Windows\System\kxCXNBc.exe
  2⤵
  PID:8764
- C:\Windows\System\vQpERcZ.exe
  C:\Windows\System\vQpERcZ.exe
  2⤵
  PID:8788
- C:\Windows\System\ddkQiFQ.exe
  C:\Windows\System\ddkQiFQ.exe
  2⤵
  PID:8828
- C:\Windows\System\aOWlyIh.exe
  C:\Windows\System\aOWlyIh.exe
  2⤵
  PID:8856
- C:\Windows\System\aTENqsz.exe
  C:\Windows\System\aTENqsz.exe
  2⤵
  PID:8884
- C:\Windows\System\bZRbzxk.exe
  C:\Windows\System\bZRbzxk.exe
  2⤵
  PID:8912
- C:\Windows\System\KLbqvDH.exe
  C:\Windows\System\KLbqvDH.exe
  2⤵
  PID:8940
- C:\Windows\System\BJJCgzF.exe
  C:\Windows\System\BJJCgzF.exe
  2⤵
  PID:8956
- C:\Windows\System\hvfFVSe.exe
  C:\Windows\System\hvfFVSe.exe
  2⤵
  PID:8984
- C:\Windows\System\qMcQDji.exe
  C:\Windows\System\qMcQDji.exe
  2⤵
  PID:9012
- C:\Windows\System\gqrPfdk.exe
  C:\Windows\System\gqrPfdk.exe
  2⤵
  PID:9036
- C:\Windows\System\LTUxQCn.exe
  C:\Windows\System\LTUxQCn.exe
  2⤵
  PID:9080
- C:\Windows\System\NGJvGQU.exe
  C:\Windows\System\NGJvGQU.exe
  2⤵
  PID:9108
- C:\Windows\System\NmzAKxb.exe
  C:\Windows\System\NmzAKxb.exe
  2⤵
  PID:9136
- C:\Windows\System\DqdzcRh.exe
  C:\Windows\System\DqdzcRh.exe
  2⤵
  PID:9164
- C:\Windows\System\qFzuLtw.exe
  C:\Windows\System\qFzuLtw.exe
  2⤵
  PID:8196
- C:\Windows\System\TcZSnZm.exe
  C:\Windows\System\TcZSnZm.exe
  2⤵
  PID:8220
- C:\Windows\System\WabVTAg.exe
  C:\Windows\System\WabVTAg.exe
  2⤵
  PID:8308
- C:\Windows\System\uPYwRkV.exe
  C:\Windows\System\uPYwRkV.exe
  2⤵
  PID:8320
- C:\Windows\System\zZVZwqt.exe
  C:\Windows\System\zZVZwqt.exe
  2⤵
  PID:8384
- C:\Windows\System\TFeDDVb.exe
  C:\Windows\System\TFeDDVb.exe
  2⤵
  PID:8428
- C:\Windows\System\meUvlKG.exe
  C:\Windows\System\meUvlKG.exe
  2⤵
  PID:8512
- C:\Windows\System\JdfTpnj.exe
  C:\Windows\System\JdfTpnj.exe
  2⤵
  PID:8576
- C:\Windows\System\bMjeKto.exe
  C:\Windows\System\bMjeKto.exe
  2⤵
  PID:8616
- C:\Windows\System\ujlDjXh.exe
  C:\Windows\System\ujlDjXh.exe
  2⤵
  PID:8696
- C:\Windows\System\AxkRpgE.exe
  C:\Windows\System\AxkRpgE.exe
  2⤵
  PID:8804
- C:\Windows\System\ChqeBBN.exe
  C:\Windows\System\ChqeBBN.exe
  2⤵
  PID:8868
- C:\Windows\System\nKvhCui.exe
  C:\Windows\System\nKvhCui.exe
  2⤵
  PID:8952
- C:\Windows\System\tQRFdZQ.exe
  C:\Windows\System\tQRFdZQ.exe
  2⤵
  PID:9052
- C:\Windows\System\lOnqqql.exe
  C:\Windows\System\lOnqqql.exe
  2⤵
  PID:9120
- C:\Windows\System\AjRpaas.exe
  C:\Windows\System\AjRpaas.exe
  2⤵
  PID:9156
- C:\Windows\System\jNjUVmu.exe
  C:\Windows\System\jNjUVmu.exe
  2⤵
  PID:9200
- C:\Windows\System\hmepMUY.exe
  C:\Windows\System\hmepMUY.exe
  2⤵
  PID:8268
- C:\Windows\System\WZguocJ.exe
  C:\Windows\System\WZguocJ.exe
  2⤵
  PID:8456
- C:\Windows\System\gpyMTxM.exe
  C:\Windows\System\gpyMTxM.exe
  2⤵
  PID:8560
- C:\Windows\System\mNuMTqJ.exe
  C:\Windows\System\mNuMTqJ.exe
  2⤵
  PID:8844
- C:\Windows\System\UIkZpiG.exe
  C:\Windows\System\UIkZpiG.exe
  2⤵
  PID:8824
- C:\Windows\System\rBGDGps.exe
  C:\Windows\System\rBGDGps.exe
  2⤵
  PID:8968
- C:\Windows\System\pKEewOa.exe
  C:\Windows\System\pKEewOa.exe
  2⤵
  PID:9148
- C:\Windows\System\sMWZxUs.exe
  C:\Windows\System\sMWZxUs.exe
  2⤵
  PID:8376
- C:\Windows\System\MobzXFZ.exe
  C:\Windows\System\MobzXFZ.exe
  2⤵
  PID:8528
- C:\Windows\System\lozwoGm.exe
  C:\Windows\System\lozwoGm.exe
  2⤵
  PID:8272
- C:\Windows\System\GRavcDs.exe
  C:\Windows\System\GRavcDs.exe
  2⤵
  PID:9240
- C:\Windows\System\dPTEtZE.exe
  C:\Windows\System\dPTEtZE.exe
  2⤵
  PID:9264
- C:\Windows\System\tFMVLNV.exe
  C:\Windows\System\tFMVLNV.exe
  2⤵
  PID:9296
- C:\Windows\System\CaVyPsa.exe
  C:\Windows\System\CaVyPsa.exe
  2⤵
  PID:9320
- C:\Windows\System\AQGFjkz.exe
  C:\Windows\System\AQGFjkz.exe
  2⤵
  PID:9352
- C:\Windows\System\IBdpCrv.exe
  C:\Windows\System\IBdpCrv.exe
  2⤵
  PID:9400
- C:\Windows\System\kKIElIm.exe
  C:\Windows\System\kKIElIm.exe
  2⤵
  PID:9420
- C:\Windows\System\VhDlxEu.exe
  C:\Windows\System\VhDlxEu.exe
  2⤵
  PID:9464
- C:\Windows\System\lGxTtHa.exe
  C:\Windows\System\lGxTtHa.exe
  2⤵
  PID:9496
- C:\Windows\System\xjqViAv.exe
  C:\Windows\System\xjqViAv.exe
  2⤵
  PID:9528
- C:\Windows\System\wjvIsqa.exe
  C:\Windows\System\wjvIsqa.exe
  2⤵
  PID:9544
- C:\Windows\System\ThNlUsf.exe
  C:\Windows\System\ThNlUsf.exe
  2⤵
  PID:9572
- C:\Windows\System\ioQckoL.exe
  C:\Windows\System\ioQckoL.exe
  2⤵
  PID:9612
- C:\Windows\System\mbhCCTZ.exe
  C:\Windows\System\mbhCCTZ.exe
  2⤵
  PID:9636
- C:\Windows\System\Hvzmrnr.exe
  C:\Windows\System\Hvzmrnr.exe
  2⤵
  PID:9676
- C:\Windows\System\VTQQRAS.exe
  C:\Windows\System\VTQQRAS.exe
  2⤵
  PID:9716
- C:\Windows\System\yUXhcKg.exe
  C:\Windows\System\yUXhcKg.exe
  2⤵
  PID:9740
- C:\Windows\System\cYExBhb.exe
  C:\Windows\System\cYExBhb.exe
  2⤵
  PID:9764
- C:\Windows\System\GypXqff.exe
  C:\Windows\System\GypXqff.exe
  2⤵
  PID:9796
- C:\Windows\System\QtmZZHi.exe
  C:\Windows\System\QtmZZHi.exe
  2⤵
  PID:9832
- C:\Windows\System\gLSXvup.exe
  C:\Windows\System\gLSXvup.exe
  2⤵
  PID:9864
- C:\Windows\System\EFSsKLv.exe
  C:\Windows\System\EFSsKLv.exe
  2⤵
  PID:9892
- C:\Windows\System\MRTCDnT.exe
  C:\Windows\System\MRTCDnT.exe
  2⤵
  PID:9916
- C:\Windows\System\MAnevNf.exe
  C:\Windows\System\MAnevNf.exe
  2⤵
  PID:9936
- C:\Windows\System\LuqTnfa.exe
  C:\Windows\System\LuqTnfa.exe
  2⤵
  PID:9964
- C:\Windows\System\UDjQKcg.exe
  C:\Windows\System\UDjQKcg.exe
  2⤵
  PID:10004
- C:\Windows\System\jpQxwcZ.exe
  C:\Windows\System\jpQxwcZ.exe
  2⤵
  PID:10032
- C:\Windows\System\LcBojiH.exe
  C:\Windows\System\LcBojiH.exe
  2⤵
  PID:10056
- C:\Windows\System\hjSpWyg.exe
  C:\Windows\System\hjSpWyg.exe
  2⤵
  PID:10088
- C:\Windows\System\CqBADbW.exe
  C:\Windows\System\CqBADbW.exe
  2⤵
  PID:10116
- C:\Windows\System\wynYcdx.exe
  C:\Windows\System\wynYcdx.exe
  2⤵
  PID:10144
- C:\Windows\System\OOEDDgf.exe
  C:\Windows\System\OOEDDgf.exe
  2⤵
  PID:10160
- C:\Windows\System\VupvWZb.exe
  C:\Windows\System\VupvWZb.exe
  2⤵
  PID:10184
- C:\Windows\System\cKKTmrj.exe
  C:\Windows\System\cKKTmrj.exe
  2⤵
  PID:10216
- C:\Windows\System\alMvePq.exe
  C:\Windows\System\alMvePq.exe
  2⤵
  PID:8900
- C:\Windows\System\ogLHsGH.exe
  C:\Windows\System\ogLHsGH.exe
  2⤵
  PID:9252
- C:\Windows\System\PtYXjZu.exe
  C:\Windows\System\PtYXjZu.exe
  2⤵
  PID:9332
- C:\Windows\System\gOniJqq.exe
  C:\Windows\System\gOniJqq.exe
  2⤵
  PID:9392
- C:\Windows\System\QBNAJkf.exe
  C:\Windows\System\QBNAJkf.exe
  2⤵
  PID:9484
- C:\Windows\System\qMiyqru.exe
  C:\Windows\System\qMiyqru.exe
  2⤵
  PID:9540
- C:\Windows\System\yerbfdO.exe
  C:\Windows\System\yerbfdO.exe
  2⤵
  PID:9584
- C:\Windows\System\HpmHoFq.exe
  C:\Windows\System\HpmHoFq.exe
  2⤵
  PID:9204
- C:\Windows\System\vCEfCsN.exe
  C:\Windows\System\vCEfCsN.exe
  2⤵
  PID:9728
- C:\Windows\System\ufnzswX.exe
  C:\Windows\System\ufnzswX.exe
  2⤵
  PID:9272
- C:\Windows\System\YrQxaJs.exe
  C:\Windows\System\YrQxaJs.exe
  2⤵
  PID:9820
- C:\Windows\System\mOnPRep.exe
  C:\Windows\System\mOnPRep.exe
  2⤵
  PID:9900
- C:\Windows\System\InTHtfw.exe
  C:\Windows\System\InTHtfw.exe
  2⤵
  PID:9956
- C:\Windows\System\weTscUa.exe
  C:\Windows\System\weTscUa.exe
  2⤵
  PID:10024
- C:\Windows\System\WNNrRBo.exe
  C:\Windows\System\WNNrRBo.exe
  2⤵
  PID:10128
- C:\Windows\System\hbPiPgw.exe
  C:\Windows\System\hbPiPgw.exe
  2⤵
  PID:10196
- C:\Windows\System\gAIPPqV.exe
  C:\Windows\System\gAIPPqV.exe
  2⤵
  PID:10228
- C:\Windows\System\SvOdgbw.exe
  C:\Windows\System\SvOdgbw.exe
  2⤵
  PID:9316
- C:\Windows\System\UlXCzSr.exe
  C:\Windows\System\UlXCzSr.exe
  2⤵
  PID:9448
- C:\Windows\System\eVzNjAW.exe
  C:\Windows\System\eVzNjAW.exe
  2⤵
  PID:2304
- C:\Windows\System\NfvsHUM.exe
  C:\Windows\System\NfvsHUM.exe
  2⤵
  PID:9852
- C:\Windows\System\ozWNDIo.exe
  C:\Windows\System\ozWNDIo.exe
  2⤵
  PID:9848
- C:\Windows\System\rhKVzHl.exe
  C:\Windows\System\rhKVzHl.exe
  2⤵
  PID:10020
- C:\Windows\System\tdiBhJK.exe
  C:\Windows\System\tdiBhJK.exe
  2⤵
  PID:10156
- C:\Windows\System\KVGCZip.exe
  C:\Windows\System\KVGCZip.exe
  2⤵
  PID:9228
- C:\Windows\System\npdPmok.exe
  C:\Windows\System\npdPmok.exe
  2⤵
  PID:9732
- C:\Windows\System\IgFWhIB.exe
  C:\Windows\System\IgFWhIB.exe
  2⤵
  PID:3164
- C:\Windows\System\weqSeRR.exe
  C:\Windows\System\weqSeRR.exe
  2⤵
  PID:9284
- C:\Windows\System\IuxkxEG.exe
  C:\Windows\System\IuxkxEG.exe
  2⤵
  PID:10104
- C:\Windows\System\ciKxwYv.exe
  C:\Windows\System\ciKxwYv.exe
  2⤵
  PID:10264
- C:\Windows\System\NmcnYOQ.exe
  C:\Windows\System\NmcnYOQ.exe
  2⤵
  PID:10292
- C:\Windows\System\WMxGsnd.exe
  C:\Windows\System\WMxGsnd.exe
  2⤵
  PID:10320
- C:\Windows\System\ZsioTRn.exe
  C:\Windows\System\ZsioTRn.exe
  2⤵
  PID:10348
- C:\Windows\System\XfPTEKq.exe
  C:\Windows\System\XfPTEKq.exe
  2⤵
  PID:10376
- C:\Windows\System\WPkgOhG.exe
  C:\Windows\System\WPkgOhG.exe
  2⤵
  PID:10404
- C:\Windows\System\bEuVhHA.exe
  C:\Windows\System\bEuVhHA.exe
  2⤵
  PID:10420
- C:\Windows\System\xhoyHKA.exe
  C:\Windows\System\xhoyHKA.exe
  2⤵
  PID:10460
- C:\Windows\System\GlboSvG.exe
  C:\Windows\System\GlboSvG.exe
  2⤵
  PID:10476
- C:\Windows\System\apFYZgd.exe
  C:\Windows\System\apFYZgd.exe
  2⤵
  PID:10504
- C:\Windows\System\eWthdLP.exe
  C:\Windows\System\eWthdLP.exe
  2⤵
  PID:10532
- C:\Windows\System\lapVJoa.exe
  C:\Windows\System\lapVJoa.exe
  2⤵
  PID:10564
- C:\Windows\System\zbQIzFN.exe
  C:\Windows\System\zbQIzFN.exe
  2⤵
  PID:10588
- C:\Windows\System\xZXzjNO.exe
  C:\Windows\System\xZXzjNO.exe
  2⤵
  PID:10604
- C:\Windows\System\UGZtcKa.exe
  C:\Windows\System\UGZtcKa.exe
  2⤵
  PID:10640
- C:\Windows\System\TOPZPbF.exe
  C:\Windows\System\TOPZPbF.exe
  2⤵
  PID:10684
- C:\Windows\System\xwxqsqc.exe
  C:\Windows\System\xwxqsqc.exe
  2⤵
  PID:10712
- C:\Windows\System\RSBGpVs.exe
  C:\Windows\System\RSBGpVs.exe
  2⤵
  PID:10740
- C:\Windows\System\qDFGLxG.exe
  C:\Windows\System\qDFGLxG.exe
  2⤵
  PID:10768
- C:\Windows\System\cmkQfdJ.exe
  C:\Windows\System\cmkQfdJ.exe
  2⤵
  PID:10788
- C:\Windows\System\GQMmZLw.exe
  C:\Windows\System\GQMmZLw.exe
  2⤵
  PID:10812
- C:\Windows\System\uyrWEbg.exe
  C:\Windows\System\uyrWEbg.exe
  2⤵
  PID:10852
- C:\Windows\System\swGWOYh.exe
  C:\Windows\System\swGWOYh.exe
  2⤵
  PID:10868
- C:\Windows\System\gbgdHdD.exe
  C:\Windows\System\gbgdHdD.exe
  2⤵
  PID:10900
- C:\Windows\System\igWuIBc.exe
  C:\Windows\System\igWuIBc.exe
  2⤵
  PID:10924
- C:\Windows\System\kFVaKCm.exe
  C:\Windows\System\kFVaKCm.exe
  2⤵
  PID:10964
- C:\Windows\System\BjVqacM.exe
  C:\Windows\System\BjVqacM.exe
  2⤵
  PID:10980
- C:\Windows\System\pEuAYUj.exe
  C:\Windows\System\pEuAYUj.exe
  2⤵
  PID:11016
- C:\Windows\System\KiMMrTc.exe
  C:\Windows\System\KiMMrTc.exe
  2⤵
  PID:11036
- C:\Windows\System\yvUZBwi.exe
  C:\Windows\System\yvUZBwi.exe
  2⤵
  PID:11052
- C:\Windows\System\lQrDgNk.exe
  C:\Windows\System\lQrDgNk.exe
  2⤵
  PID:11104
- C:\Windows\System\FTaORFa.exe
  C:\Windows\System\FTaORFa.exe
  2⤵
  PID:11132
- C:\Windows\System\MoCLvPo.exe
  C:\Windows\System\MoCLvPo.exe
  2⤵
  PID:11160
- C:\Windows\System\EFHbSdY.exe
  C:\Windows\System\EFHbSdY.exe
  2⤵
  PID:11188
- C:\Windows\System\kRTNeXN.exe
  C:\Windows\System\kRTNeXN.exe
  2⤵
  PID:11204
- C:\Windows\System\wQNMmRU.exe
  C:\Windows\System\wQNMmRU.exe
  2⤵
  PID:11236
- C:\Windows\System\ycOSHYe.exe
  C:\Windows\System\ycOSHYe.exe
  2⤵
  PID:11260
- C:\Windows\System\IQeNxoZ.exe
  C:\Windows\System\IQeNxoZ.exe
  2⤵
  PID:10288
- C:\Windows\System\fXJPWyQ.exe
  C:\Windows\System\fXJPWyQ.exe
  2⤵
  PID:10332
- C:\Windows\System\FZllspB.exe
  C:\Windows\System\FZllspB.exe
  2⤵
  PID:10388
- C:\Windows\System\HKbylqX.exe
  C:\Windows\System\HKbylqX.exe
  2⤵
  PID:10456
- C:\Windows\System\dwFCJDE.exe
  C:\Windows\System\dwFCJDE.exe
  2⤵
  PID:10524
- C:\Windows\System\qQrixYC.exe
  C:\Windows\System\qQrixYC.exe
  2⤵
  PID:10552
- C:\Windows\System\hHMRdeH.exe
  C:\Windows\System\hHMRdeH.exe
  2⤵
  PID:10628
- C:\Windows\System\WihWYEF.exe
  C:\Windows\System\WihWYEF.exe
  2⤵
  PID:10724
- C:\Windows\System\nhkZGya.exe
  C:\Windows\System\nhkZGya.exe
  2⤵
  PID:10760
- C:\Windows\System\kxqZLOd.exe
  C:\Windows\System\kxqZLOd.exe
  2⤵
  PID:10776
- C:\Windows\System\RpMnwcC.exe
  C:\Windows\System\RpMnwcC.exe
  2⤵
  PID:10896
- C:\Windows\System\KHUVHAA.exe
  C:\Windows\System\KHUVHAA.exe
  2⤵
  PID:10948
- C:\Windows\System\wwkLbmR.exe
  C:\Windows\System\wwkLbmR.exe
  2⤵
  PID:10992
- C:\Windows\System\ebofCzU.exe
  C:\Windows\System\ebofCzU.exe
  2⤵
  PID:11064
- C:\Windows\System\UoyCMZa.exe
  C:\Windows\System\UoyCMZa.exe
  2⤵
  PID:11152
- C:\Windows\System\SuScPMZ.exe
  C:\Windows\System\SuScPMZ.exe
  2⤵
  PID:4716
- C:\Windows\System\VzHosxC.exe
  C:\Windows\System\VzHosxC.exe
  2⤵
  PID:10276
- C:\Windows\System\OmYjvgS.exe
  C:\Windows\System\OmYjvgS.exe
  2⤵
  PID:10416
- C:\Windows\System\VOUKrNa.exe
  C:\Windows\System\VOUKrNa.exe
  2⤵
  PID:10516
- C:\Windows\System\GCfBSjY.exe
  C:\Windows\System\GCfBSjY.exe
  2⤵
  PID:10676
- C:\Windows\System\NPWGcSE.exe
  C:\Windows\System\NPWGcSE.exe
  2⤵
  PID:10796
- C:\Windows\System\XlxFxKO.exe
  C:\Windows\System\XlxFxKO.exe
  2⤵
  PID:10832
- C:\Windows\System\MmxxLBJ.exe
  C:\Windows\System\MmxxLBJ.exe
  2⤵
  PID:11008
- C:\Windows\System\RUhHbTK.exe
  C:\Windows\System\RUhHbTK.exe
  2⤵
  PID:11180
- C:\Windows\System\ZrcvdCd.exe
  C:\Windows\System\ZrcvdCd.exe
  2⤵
  PID:11196
- C:\Windows\System\pFjMzUb.exe
  C:\Windows\System\pFjMzUb.exe
  2⤵
  PID:10372
- C:\Windows\System\vGTwEwu.exe
  C:\Windows\System\vGTwEwu.exe
  2⤵
  PID:10780
- C:\Windows\System\EMLVHhB.exe
  C:\Windows\System\EMLVHhB.exe
  2⤵
  PID:10580
- C:\Windows\System\UnCfFlu.exe
  C:\Windows\System\UnCfFlu.exe
  2⤵
  PID:11092
- C:\Windows\System\ZYaccKk.exe
  C:\Windows\System\ZYaccKk.exe
  2⤵
  PID:11284
- C:\Windows\System\KfGonwq.exe
  C:\Windows\System\KfGonwq.exe
  2⤵
  PID:11304
- C:\Windows\System\XahkpQQ.exe
  C:\Windows\System\XahkpQQ.exe
  2⤵
  PID:11332
- C:\Windows\System\VbEhDus.exe
  C:\Windows\System\VbEhDus.exe
  2⤵
  PID:11356
- C:\Windows\System\aTVLkeY.exe
  C:\Windows\System\aTVLkeY.exe
  2⤵
  PID:11384
- C:\Windows\System\lSwzrBH.exe
  C:\Windows\System\lSwzrBH.exe
  2⤵
  PID:11424
- C:\Windows\System\EatArwC.exe
  C:\Windows\System\EatArwC.exe
  2⤵
  PID:11448
- C:\Windows\System\GqJtqqX.exe
  C:\Windows\System\GqJtqqX.exe
  2⤵
  PID:11480
- C:\Windows\System\erRNdfm.exe
  C:\Windows\System\erRNdfm.exe
  2⤵
  PID:11508
- C:\Windows\System\nBentFK.exe
  C:\Windows\System\nBentFK.exe
  2⤵
  PID:11528
- C:\Windows\System\OYijQec.exe
  C:\Windows\System\OYijQec.exe
  2⤵
  PID:11564
- C:\Windows\System\yCTbBpK.exe
  C:\Windows\System\yCTbBpK.exe
  2⤵
  PID:11592
- C:\Windows\System\UBPqWvK.exe
  C:\Windows\System\UBPqWvK.exe
  2⤵
  PID:11608
- C:\Windows\System\iHDrZEu.exe
  C:\Windows\System\iHDrZEu.exe
  2⤵
  PID:11640
- C:\Windows\System\RuhBauO.exe
  C:\Windows\System\RuhBauO.exe
  2⤵
  PID:11684
- C:\Windows\System\biEHjcq.exe
  C:\Windows\System\biEHjcq.exe
  2⤵
  PID:11704
- C:\Windows\System\qQFyjGu.exe
  C:\Windows\System\qQFyjGu.exe
  2⤵
  PID:11732
- C:\Windows\System\WLBOQym.exe
  C:\Windows\System\WLBOQym.exe
  2⤵
  PID:11772
- C:\Windows\System\oXJjjlJ.exe
  C:\Windows\System\oXJjjlJ.exe
  2⤵
  PID:11800
- C:\Windows\System\WdOfEvz.exe
  C:\Windows\System\WdOfEvz.exe
  2⤵
  PID:11816
- C:\Windows\System\VEAVwTg.exe
  C:\Windows\System\VEAVwTg.exe
  2⤵
  PID:11856
- C:\Windows\System\LoNXEoW.exe
  C:\Windows\System\LoNXEoW.exe
  2⤵
  PID:11888
- C:\Windows\System\RJUDAba.exe
  C:\Windows\System\RJUDAba.exe
  2⤵
  PID:11912
- C:\Windows\System\DXnFRJQ.exe
  C:\Windows\System\DXnFRJQ.exe
  2⤵
  PID:11928
- C:\Windows\System\BGudkEP.exe
  C:\Windows\System\BGudkEP.exe
  2⤵
  PID:11956
- C:\Windows\System\AcvswdR.exe
  C:\Windows\System\AcvswdR.exe
  2⤵
  PID:12000
- C:\Windows\System\QaUXJJg.exe
  C:\Windows\System\QaUXJJg.exe
  2⤵
  PID:12028
- C:\Windows\System\rBUjvNP.exe
  C:\Windows\System\rBUjvNP.exe
  2⤵
  PID:12056
- C:\Windows\System\JHQREyd.exe
  C:\Windows\System\JHQREyd.exe
  2⤵
  PID:12080
- C:\Windows\System\iLOIfxN.exe
  C:\Windows\System\iLOIfxN.exe
  2⤵
  PID:12112
- C:\Windows\System\XSKtmeh.exe
  C:\Windows\System\XSKtmeh.exe
  2⤵
  PID:12136
- C:\Windows\System\DLdSLvv.exe
  C:\Windows\System\DLdSLvv.exe
  2⤵
  PID:12160
- C:\Windows\System\oGdrmRe.exe
  C:\Windows\System\oGdrmRe.exe
  2⤵
  PID:12192
- C:\Windows\System\LMpntKH.exe
  C:\Windows\System\LMpntKH.exe
  2⤵
  PID:12216
- C:\Windows\System\QDehrPP.exe
  C:\Windows\System\QDehrPP.exe
  2⤵
  PID:12244
- C:\Windows\System\hARELuX.exe
  C:\Windows\System\hARELuX.exe
  2⤵
  PID:12264
- C:\Windows\System\cAhSSoi.exe
  C:\Windows\System\cAhSSoi.exe
  2⤵
  PID:2396
- C:\Windows\System\JbheUWy.exe
  C:\Windows\System\JbheUWy.exe
  2⤵
  PID:11280
- C:\Windows\System\OlibbPd.exe
  C:\Windows\System\OlibbPd.exe
  2⤵
  PID:11376
- C:\Windows\System\aEPxplx.exe
  C:\Windows\System\aEPxplx.exe
  2⤵
  PID:11440
- C:\Windows\System\rVBsrMr.exe
  C:\Windows\System\rVBsrMr.exe
  2⤵
  PID:11496
- C:\Windows\System\HUqYPCh.exe
  C:\Windows\System\HUqYPCh.exe
  2⤵
  PID:11524
- C:\Windows\System\FQowUwy.exe
  C:\Windows\System\FQowUwy.exe
  2⤵
  PID:11600
- C:\Windows\System\oxlOeRP.exe
  C:\Windows\System\oxlOeRP.exe
  2⤵
  PID:11692
- C:\Windows\System\SNbIkZi.exe
  C:\Windows\System\SNbIkZi.exe
  2⤵
  PID:11752
- C:\Windows\System\xRSvoVV.exe
  C:\Windows\System\xRSvoVV.exe
  2⤵
  PID:11812
- C:\Windows\System\xJCDgqb.exe
  C:\Windows\System\xJCDgqb.exe
  2⤵
  PID:11908
- C:\Windows\System\hNjICfI.exe
  C:\Windows\System\hNjICfI.exe
  2⤵
  PID:11968
- C:\Windows\System\aipPKHK.exe
  C:\Windows\System\aipPKHK.exe
  2⤵
  PID:12020
- C:\Windows\System\aFPHjIo.exe
  C:\Windows\System\aFPHjIo.exe
  2⤵
  PID:12100
- C:\Windows\System\RPanIaU.exe
  C:\Windows\System\RPanIaU.exe
  2⤵
  PID:12176
- C:\Windows\System\baAcQyS.exe
  C:\Windows\System\baAcQyS.exe
  2⤵
  PID:12212
- C:\Windows\System\wcbkrCG.exe
  C:\Windows\System\wcbkrCG.exe
  2⤵
  PID:12272
- C:\Windows\System\vgSIJGq.exe
  C:\Windows\System\vgSIJGq.exe
  2⤵
  PID:11316
- C:\Windows\System\OBNMbNn.exe
  C:\Windows\System\OBNMbNn.exe
  2⤵
  PID:11492
- C:\Windows\System\PIOiGNm.exe
  C:\Windows\System\PIOiGNm.exe
  2⤵
  PID:11676
- C:\Windows\System\likJBbA.exe
  C:\Windows\System\likJBbA.exe
  2⤵
  PID:11876
- C:\Windows\System\EkXWgiu.exe
  C:\Windows\System\EkXWgiu.exe
  2⤵
  PID:11980
- C:\Windows\System\DxByVDG.exe
  C:\Windows\System\DxByVDG.exe
  2⤵
  PID:12076
- C:\Windows\System\jDFqEWQ.exe
  C:\Windows\System\jDFqEWQ.exe
  2⤵
  PID:12252
- C:\Windows\System\wEWsPbU.exe
  C:\Windows\System\wEWsPbU.exe
  2⤵
  PID:11516
- C:\Windows\System\JppjRwo.exe
  C:\Windows\System\JppjRwo.exe
  2⤵
  PID:11748
- C:\Windows\System\Fzqlati.exe
  C:\Windows\System\Fzqlati.exe
  2⤵
  PID:11944
- C:\Windows\System\LKgWKQH.exe
  C:\Windows\System\LKgWKQH.exe
  2⤵
  PID:11476
- C:\Windows\System\oWMtRKu.exe
  C:\Windows\System\oWMtRKu.exe
  2⤵
  PID:11940
- C:\Windows\System\rAFNluA.exe
  C:\Windows\System\rAFNluA.exe
  2⤵
  PID:12344
- C:\Windows\System\VZXlUPH.exe
  C:\Windows\System\VZXlUPH.exe
  2⤵
  PID:12372
- C:\Windows\System\VTDXkdu.exe
  C:\Windows\System\VTDXkdu.exe
  2⤵
  PID:12388
- C:\Windows\System\XfOfVzE.exe
  C:\Windows\System\XfOfVzE.exe
  2⤵
  PID:12428
- C:\Windows\System\oukUwId.exe
  C:\Windows\System\oukUwId.exe
  2⤵
  PID:12460
- C:\Windows\System\DTGaiAF.exe
  C:\Windows\System\DTGaiAF.exe
  2⤵
  PID:12492
- C:\Windows\System\tySNxAf.exe
  C:\Windows\System\tySNxAf.exe
  2⤵
  PID:12556
- C:\Windows\System\FsgRmve.exe
  C:\Windows\System\FsgRmve.exe
  2⤵
  PID:12596
- C:\Windows\System\WFaTpdH.exe
  C:\Windows\System\WFaTpdH.exe
  2⤵
  PID:12624
- C:\Windows\System\pXRddAG.exe
  C:\Windows\System\pXRddAG.exe
  2⤵
  PID:12652
- C:\Windows\System\fjBSaYR.exe
  C:\Windows\System\fjBSaYR.exe
  2⤵
  PID:12672
- C:\Windows\System\lhfwvLD.exe
  C:\Windows\System\lhfwvLD.exe
  2⤵
  PID:12700
- C:\Windows\System\fHLsYug.exe
  C:\Windows\System\fHLsYug.exe
  2⤵
  PID:12728
- C:\Windows\System\WETWPOx.exe
  C:\Windows\System\WETWPOx.exe
  2⤵
  PID:12748
- C:\Windows\System\PlMbOwW.exe
  C:\Windows\System\PlMbOwW.exe
  2⤵
  PID:12772
- C:\Windows\System\JoSqnAu.exe
  C:\Windows\System\JoSqnAu.exe
  2⤵
  PID:12804
- C:\Windows\System\Wgkyfaf.exe
  C:\Windows\System\Wgkyfaf.exe
  2⤵
  PID:12836
- C:\Windows\System\wbvEGDv.exe
  C:\Windows\System\wbvEGDv.exe
  2⤵
  PID:12892
- C:\Windows\System\GUTOcWK.exe
  C:\Windows\System\GUTOcWK.exe
  2⤵
  PID:12920
- C:\Windows\System\bIJGSpy.exe
  C:\Windows\System\bIJGSpy.exe
  2⤵
  PID:12948
- C:\Windows\System\hjWZWLE.exe
  C:\Windows\System\hjWZWLE.exe
  2⤵
  PID:12972
- C:\Windows\System\xXMWncc.exe
  C:\Windows\System\xXMWncc.exe
  2⤵
  PID:12992
- C:\Windows\System\bjhbaYB.exe
  C:\Windows\System\bjhbaYB.exe
  2⤵
  PID:13032
- C:\Windows\System\cCUmUNh.exe
  C:\Windows\System\cCUmUNh.exe
  2⤵
  PID:13052
- C:\Windows\System\FwZZfKn.exe
  C:\Windows\System\FwZZfKn.exe
  2⤵
  PID:13080
- C:\Windows\System\xtAPPvJ.exe
  C:\Windows\System\xtAPPvJ.exe
  2⤵
  PID:13100
- C:\Windows\System\OqyHnAZ.exe
  C:\Windows\System\OqyHnAZ.exe
  2⤵
  PID:13128
- C:\Windows\System\aGqkIaj.exe
  C:\Windows\System\aGqkIaj.exe
  2⤵
  PID:13172
- C:\Windows\System\hhiaeaC.exe
  C:\Windows\System\hhiaeaC.exe
  2⤵
  PID:13192
- C:\Windows\System\KSslDvP.exe
  C:\Windows\System\KSslDvP.exe
  2⤵
  PID:13220
- C:\Windows\System\ckvBGFN.exe
  C:\Windows\System\ckvBGFN.exe
  2⤵
  PID:13260
- C:\Windows\System\mFfoLHQ.exe
  C:\Windows\System\mFfoLHQ.exe
  2⤵
  PID:13276
- C:\Windows\System\LxzjfpV.exe
  C:\Windows\System\LxzjfpV.exe
  2⤵
  PID:13304
- C:\Windows\System\UwSIsue.exe
  C:\Windows\System\UwSIsue.exe
  2⤵
  PID:12156
- C:\Windows\System\UNKJzOF.exe
  C:\Windows\System\UNKJzOF.exe
  2⤵
  PID:12316
- C:\Windows\System\pODSRYJ.exe
  C:\Windows\System\pODSRYJ.exe
  2⤵
  PID:12416
- C:\Windows\System\vxxzZHc.exe
  C:\Windows\System\vxxzZHc.exe
  2⤵
  PID:12476
- C:\Windows\System\tdEBEOT.exe
  C:\Windows\System\tdEBEOT.exe
  2⤵
  PID:12608
- C:\Windows\System\DjtPCok.exe
  C:\Windows\System\DjtPCok.exe
  2⤵
  PID:12648
- C:\Windows\System\IQfuDwj.exe
  C:\Windows\System\IQfuDwj.exe
  2⤵
  PID:12716
- C:\Windows\System\nvSFoJr.exe
  C:\Windows\System\nvSFoJr.exe
  2⤵
  PID:12824
- C:\Windows\System\vtPyusd.exe
  C:\Windows\System\vtPyusd.exe
  2⤵
  PID:12800
- C:\Windows\System\yVoZwnR.exe
  C:\Windows\System\yVoZwnR.exe
  2⤵
  PID:12940
- C:\Windows\System\JGWKVqi.exe
  C:\Windows\System\JGWKVqi.exe
  2⤵
  PID:13008
- C:\Windows\System\hskXpPT.exe
  C:\Windows\System\hskXpPT.exe
  2⤵
  PID:13064
- C:\Windows\System\tPfHpmJ.exe
  C:\Windows\System\tPfHpmJ.exe
  2⤵
  PID:13164
- C:\Windows\System\KRKQBqA.exe
  C:\Windows\System\KRKQBqA.exe
  2⤵
  PID:13184
- C:\Windows\System\JjiTeDS.exe
  C:\Windows\System\JjiTeDS.exe
  2⤵
  PID:13296
- C:\Windows\System\MTVSqAh.exe
  C:\Windows\System\MTVSqAh.exe
  2⤵
  PID:11468
- C:\Windows\System\LfqZFwR.exe
  C:\Windows\System\LfqZFwR.exe
  2⤵
  PID:12448
- C:\Windows\System\yCIBkex.exe
  C:\Windows\System\yCIBkex.exe
  2⤵
  PID:12696
- C:\Windows\System\juxNekf.exe
  C:\Windows\System\juxNekf.exe
  2⤵
  PID:12932
- C:\Windows\System\ttLyDMs.exe
  C:\Windows\System\ttLyDMs.exe
  2⤵
  PID:13044
- C:\Windows\System\zpSEwRH.exe
  C:\Windows\System\zpSEwRH.exe
  2⤵
  PID:13156
- C:\Windows\System\PAjHdFp.exe
  C:\Windows\System\PAjHdFp.exe
  2⤵
  PID:13216
- C:\Windows\System\WqAlvAA.exe
  C:\Windows\System\WqAlvAA.exe
  2⤵
  PID:12324
- C:\Windows\System\FPTEtxe.exe
  C:\Windows\System\FPTEtxe.exe
  2⤵
  PID:12740
- C:\Windows\System\gCFxUUE.exe
  C:\Windows\System\gCFxUUE.exe
  2⤵
  PID:13248
- C:\Windows\System\qfsmDog.exe
  C:\Windows\System\qfsmDog.exe
  2⤵
  PID:12768
- C:\Windows\System\UXsSHIi.exe
  C:\Windows\System\UXsSHIi.exe
  2⤵
  PID:13336
- C:\Windows\System\uDLzmVh.exe
  C:\Windows\System\uDLzmVh.exe
  2⤵
  PID:13352
- C:\Windows\System\vzconbc.exe
  C:\Windows\System\vzconbc.exe
  2⤵
  PID:13376
- C:\Windows\System\YoalSlB.exe
  C:\Windows\System\YoalSlB.exe
  2⤵
  PID:13392
- C:\Windows\System\enWeHOx.exe
  C:\Windows\System\enWeHOx.exe
  2⤵
  PID:13420
- C:\Windows\System\GYeBbav.exe
  C:\Windows\System\GYeBbav.exe
  2⤵
  PID:13448
- C:\Windows\System\zFJFTnp.exe
  C:\Windows\System\zFJFTnp.exe
  2⤵
  PID:13508
- C:\Windows\System\vkXTUnA.exe
  C:\Windows\System\vkXTUnA.exe
  2⤵
  PID:13524
- C:\Windows\System\hjBEyrt.exe
  C:\Windows\System\hjBEyrt.exe
  2⤵
  PID:13552
- C:\Windows\System\jQckZco.exe
  C:\Windows\System\jQckZco.exe
  2⤵
  PID:13580
- C:\Windows\System\jCcplPB.exe
  C:\Windows\System\jCcplPB.exe
  2⤵
  PID:13608
- C:\Windows\System\wkCFgkx.exe
  C:\Windows\System\wkCFgkx.exe
  2⤵
  PID:13640
- C:\Windows\System\sbMdTnt.exe
  C:\Windows\System\sbMdTnt.exe
  2⤵
  PID:13676
- C:\Windows\System\GWrhPTv.exe
  C:\Windows\System\GWrhPTv.exe
  2⤵
  PID:13704
- C:\Windows\System\StIPMPe.exe
  C:\Windows\System\StIPMPe.exe
  2⤵
  PID:13728
- C:\Windows\System\FeOlqpZ.exe
  C:\Windows\System\FeOlqpZ.exe
  2⤵
  PID:13760
- C:\Windows\System\zOhBjCI.exe
  C:\Windows\System\zOhBjCI.exe
  2⤵
  PID:13780
- C:\Windows\System\UtrqToh.exe
  C:\Windows\System\UtrqToh.exe
  2⤵
  PID:13820
- C:\Windows\System\VzXRvkr.exe
  C:\Windows\System\VzXRvkr.exe
  2⤵
  PID:13856
- C:\Windows\System\jareLkw.exe
  C:\Windows\System\jareLkw.exe
  2⤵
  PID:13884
- C:\Windows\System\MzbuEXj.exe
  C:\Windows\System\MzbuEXj.exe
  2⤵
  PID:13900
- C:\Windows\System\kCdAlgl.exe
  C:\Windows\System\kCdAlgl.exe
  2⤵
  PID:13924
- C:\Windows\System\UvmYuSH.exe
  C:\Windows\System\UvmYuSH.exe
  2⤵
  PID:13968
- C:\Windows\System\UwiubHW.exe
  C:\Windows\System\UwiubHW.exe
  2⤵
  PID:13996
- C:\Windows\System\vcrFqqE.exe
  C:\Windows\System\vcrFqqE.exe
  2⤵
  PID:14024
- C:\Windows\System\OFgKJHH.exe
  C:\Windows\System\OFgKJHH.exe
  2⤵
  PID:14044
- C:\Windows\System\TBKrKUZ.exe
  C:\Windows\System\TBKrKUZ.exe
  2⤵
  PID:14068
- C:\Windows\System\lCItkxn.exe
  C:\Windows\System\lCItkxn.exe
  2⤵
  PID:14096
- C:\Windows\System\yCFcMro.exe
  C:\Windows\System\yCFcMro.exe
  2⤵
  PID:14128
- C:\Windows\System\CBOARFu.exe
  C:\Windows\System\CBOARFu.exe
  2⤵
  PID:14144
- C:\Windows\System\qDXlvyw.exe
  C:\Windows\System\qDXlvyw.exe
  2⤵
  PID:14168
- C:\Windows\System\txqgfKK.exe
  C:\Windows\System\txqgfKK.exe
  2⤵
  PID:14188
- C:\Windows\System\guTobIh.exe
  C:\Windows\System\guTobIh.exe
  2⤵
  PID:14228
- C:\Windows\System\UbmTqbd.exe
  C:\Windows\System\UbmTqbd.exe
  2⤵
  PID:14276
- C:\Windows\System\jGpOEmt.exe
  C:\Windows\System\jGpOEmt.exe
  2⤵
  PID:14304
- C:\Windows\System\JXRYZEo.exe
  C:\Windows\System\JXRYZEo.exe
  2⤵
  PID:14320
- C:\Windows\System\HzlImxh.exe
  C:\Windows\System\HzlImxh.exe
  2⤵
  PID:13316
- C:\Windows\System\wSCZFSo.exe
  C:\Windows\System\wSCZFSo.exe
  2⤵
  PID:13388
- C:\Windows\System\bgiayCu.exe
  C:\Windows\System\bgiayCu.exe
  2⤵
  PID:13436
- C:\Windows\System\ImmwfRs.exe
  C:\Windows\System\ImmwfRs.exe
  2⤵
  PID:13504
- C:\Windows\System\opfccEz.exe
  C:\Windows\System\opfccEz.exe
  2⤵
  PID:13596
- C:\Windows\System\BMWDoFV.exe
  C:\Windows\System\BMWDoFV.exe
  2⤵
  PID:13636
- C:\Windows\System\yZPxUEp.exe
  C:\Windows\System\yZPxUEp.exe
  2⤵
  PID:4896
- C:\Windows\System\btQpMvp.exe
  C:\Windows\System\btQpMvp.exe
  2⤵
  PID:4728
- C:\Windows\System\wHoPnVY.exe
  C:\Windows\System\wHoPnVY.exe
  2⤵
  PID:5068
- C:\Windows\System\oeoDrLK.exe
  C:\Windows\System\oeoDrLK.exe
  2⤵
  PID:6132
- C:\Windows\System\QglQRZm.exe
  C:\Windows\System\QglQRZm.exe
  2⤵
  PID:5112
- C:\Windows\System\hJKOmXv.exe
  C:\Windows\System\hJKOmXv.exe
  2⤵
  PID:13808
- C:\Windows\System\qDXNEav.exe
  C:\Windows\System\qDXNEav.exe
  2⤵
  PID:13852
- C:\Windows\System\fSyyXpL.exe
  C:\Windows\System\fSyyXpL.exe
  2⤵
  PID:13916
- C:\Windows\System\yyCZdyY.exe
  C:\Windows\System\yyCZdyY.exe
  2⤵
  PID:13988
- C:\Windows\System\NQWnmYw.exe
  C:\Windows\System\NQWnmYw.exe
  2⤵
  PID:14088
- C:\Windows\System\PnzSoQg.exe
  C:\Windows\System\PnzSoQg.exe
  2⤵
  PID:14164
- C:\Windows\System\gOBjEPz.exe
  C:\Windows\System\gOBjEPz.exe
  2⤵
  PID:14220
- C:\Windows\System\QCSTPjB.exe
  C:\Windows\System\QCSTPjB.exe
  2⤵
  PID:14296
- C:\Windows\System\zXrAyBR.exe
  C:\Windows\System\zXrAyBR.exe
  2⤵
  PID:12152
- C:\Windows\System\Pxdxxkz.exe
  C:\Windows\System\Pxdxxkz.exe
  2⤵
  PID:13384
- C:\Windows\System\FYAzLqs.exe
  C:\Windows\System\FYAzLqs.exe
  2⤵
  PID:13544
- C:\Windows\System\BKdtAAz.exe
  C:\Windows\System\BKdtAAz.exe
  2⤵
  PID:3500
- C:\Windows\System\PusqtGX.exe
  C:\Windows\System\PusqtGX.exe
  2⤵
  PID:13772
- C:\Windows\System\ulMcOSL.exe
  C:\Windows\System\ulMcOSL.exe
  2⤵
  PID:5088
- C:\Windows\System\biwEhEO.exe
  C:\Windows\System\biwEhEO.exe
  2⤵
  PID:13908
- C:\Windows\System\QVoUlll.exe
  C:\Windows\System\QVoUlll.exe
  2⤵
  PID:14052
- C:\Windows\System\nsNYoqY.exe
  C:\Windows\System\nsNYoqY.exe
  2⤵
  PID:14184
- C:\Windows\System\UcwylDc.exe
  C:\Windows\System\UcwylDc.exe
  2⤵
  PID:13460
- C:\Windows\System\PYRehnH.exe
  C:\Windows\System\PYRehnH.exe
  2⤵
  PID:13672
- C:\Windows\System\aHTQcYN.exe
  C:\Windows\System\aHTQcYN.exe
  2⤵
  PID:13752
- C:\Windows\System\IAwXmae.exe
  C:\Windows\System\IAwXmae.exe
  2⤵
  PID:14200
- C:\Windows\System\jeYmObT.exe
  C:\Windows\System\jeYmObT.exe
  2⤵
  PID:13748
- C:\Windows\System\mWtKUVp.exe
  C:\Windows\System\mWtKUVp.exe
  2⤵
  PID:13592
- C:\Windows\System\cVjVsjN.exe
  C:\Windows\System\cVjVsjN.exe
  2⤵
  PID:14364
- C:\Windows\System\xmasTHz.exe
  C:\Windows\System\xmasTHz.exe
  2⤵
  PID:14388
- C:\Windows\System\sQeDKih.exe
  C:\Windows\System\sQeDKih.exe
  2⤵
  PID:14408
- C:\Windows\System\IFVFUYC.exe
  C:\Windows\System\IFVFUYC.exe
  2⤵
  PID:14448
- C:\Windows\System\loBmqNV.exe
  C:\Windows\System\loBmqNV.exe
  2⤵
  PID:14476
- C:\Windows\System\JRLpdHt.exe
  C:\Windows\System\JRLpdHt.exe
  2⤵
  PID:14496
- C:\Windows\System\uEUkTwW.exe
  C:\Windows\System\uEUkTwW.exe
  2⤵
  PID:14516
- C:\Windows\System\MfaYxwb.exe
  C:\Windows\System\MfaYxwb.exe
  2⤵
  PID:14536
- C:\Windows\System\LhrpTDc.exe
  C:\Windows\System\LhrpTDc.exe
  2⤵
  PID:14572
- C:\Windows\System\RZRjhdp.exe
  C:\Windows\System\RZRjhdp.exe
  2⤵
  PID:14616
- C:\Windows\System\yIliCLk.exe
  C:\Windows\System\yIliCLk.exe
  2⤵
  PID:14644
- C:\Windows\System\pubbAzE.exe
  C:\Windows\System\pubbAzE.exe
  2⤵
  PID:14668
- C:\Windows\System\hSdGKoS.exe
  C:\Windows\System\hSdGKoS.exe
  2⤵
  PID:14688
- C:\Windows\System\TOOeYKQ.exe
  C:\Windows\System\TOOeYKQ.exe
  2⤵
  PID:14728
- C:\Windows\System\aQolrOC.exe
  C:\Windows\System\aQolrOC.exe
  2⤵
  PID:14756
- C:\Windows\System\KRdfXwb.exe
  C:\Windows\System\KRdfXwb.exe
  2⤵
  PID:14784
- C:\Windows\System\jhYsnhW.exe
  C:\Windows\System\jhYsnhW.exe
  2⤵
  PID:14800
- C:\Windows\System\XxfYVXl.exe
  C:\Windows\System\XxfYVXl.exe
  2⤵
  PID:14820
- C:\Windows\System\LtwROxD.exe
  C:\Windows\System\LtwROxD.exe
  2⤵
  PID:14844
- C:\Windows\System\WWxAdIE.exe
  C:\Windows\System\WWxAdIE.exe
  2⤵
  PID:14880
- C:\Windows\System\xIeqPOz.exe
  C:\Windows\System\xIeqPOz.exe
  2⤵
  PID:14912
- C:\Windows\System\mYibGCE.exe
  C:\Windows\System\mYibGCE.exe
  2⤵
  PID:14940
- C:\Windows\System\MYflZFJ.exe
  C:\Windows\System\MYflZFJ.exe
  2⤵
  PID:14972
- C:\Windows\System\ZbVZXOU.exe
  C:\Windows\System\ZbVZXOU.exe
  2⤵
  PID:15004
- C:\Windows\System\hfjUIWW.exe
  C:\Windows\System\hfjUIWW.exe
  2⤵
  PID:15024
- C:\Windows\System\OEAfufI.exe
  C:\Windows\System\OEAfufI.exe
  2⤵
  PID:15064
- C:\Windows\System\EbyKRhH.exe
  C:\Windows\System\EbyKRhH.exe
  2⤵
  PID:15092

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AYivEaS.exe

Filesize
2.2MB

MD5
4dcffb0b0d09005590e9301febc62f8c

SHA1
2cf7a1fec3b12077a6163a5cf7fa700a7decfef0

SHA256
aeb77796586ad4fbd6c00adef472396a704a71dd6b28efbb79552922b97a7153

SHA512
0cff85aa1f589782d7ca9d0e505f697f9610b9ea69ff0c8480681848c29ac1729e50d38b5046ecdcdc3fb8d904173c3143eded5c7324fb13a9fa4f87ae151e4c

Download Submit
C:\Windows\System\DeOEWlb.exe

Filesize
2.2MB

MD5
0c0974e856f9ea7ff9784e057dc34bb6

SHA1
f6862cecbfcf4a375d173917654dd0c203f34072

SHA256
6b3da0aaf2aac15899f862cf21395abf6440e1fe3d869790ec0baf19c72f5070

SHA512
7cc4622465cf62241423af9e1f1af42e3a3e601382cc708c9ab27ba327d4576ba5dba44239978c6d34347366080f7ee2739fe2c3041c22a8074c4f5d1e0a3464

Download Submit
C:\Windows\System\FxUoJyC.exe

Filesize
2.2MB

MD5
6a6c98d37918f87a9fd9f250b5cbb662

SHA1
ddf8cd6704b00dae43aad3f17347c1f8a73cea30

SHA256
e460849bd45acc92edfcee146c5de9ad203a380734a831a49403f84b22cc1d4b

SHA512
fe5fdb7b55c3883d29745270a9c06bd609a87b86cf6b87dfa1995c69512db0e580e22d696890f7735806eced1870b16d739c9005c115d3b9863a81a4cb1c501f

Download Submit
C:\Windows\System\GKXtzVp.exe

Filesize
2.2MB

MD5
853dbeef617021d7939c638799f76401

SHA1
8ebedde86374e4ae009404b8dc20bbc6f6e5176f

SHA256
e667372de28cf1dc71e0e20f43047d19aaa5076df5e5a00c6eec5278e5434498

SHA512
3bce1c9190d9db81980ab55f014622143931aa8205ba3e11aede051da606cab11d8e0e771b8c4d58bc427492837a09880c1f6006a4c1ae2297d676bc43fb2c90

Download Submit
C:\Windows\System\GtaaZHT.exe

Filesize
2.2MB

MD5
6921ec5ead53333faa8272b9a0fa5979

SHA1
5725692538f3e85a9ca08e4865acb516d1c70ad9

SHA256
1390ae3589fe9a6702d90bee59881972dc58ceb0263f36e825b4e61349ff9baf

SHA512
a9859f7fbc6072aedf7859ea2f9f8ffebd326645b7aa99ba274318fa94144f1819e60953cb9662ee6bf7fefc04aad3c942a573d7aaa79370d61895f647d35f1c

Download Submit
C:\Windows\System\GymuVsB.exe

Filesize
2.2MB

MD5
c6d66a42e877d8c66b902aeaecaa9640

SHA1
3f0507f1980a115f38a9e48ceae6aecafd735a22

SHA256
29db8fabc132865a545af8bf65dec28c5b3876b4b65873196afe88447a9bbdb2

SHA512
21ff49c35ceb081c7a426b31ebbbafcf2d494a03c70d725274bd80059a9370b985c5953d5c2c641c30a53d21e8f6fb2d28a9e98430dfbd5719ea0858e577b775

Download Submit
C:\Windows\System\IOTibyj.exe

Filesize
2.2MB

MD5
491f45a885023e424105f309de1ee204

SHA1
c2bad1c95e61592e1fce472b81a1c0b067dd7ce8

SHA256
1b2a59bc110fe97c69fd4b9880f1afbde9847e4765535425157759ece48260b5

SHA512
05c00f63eee2d6fa3714ec8300362ff72f82e2d3ad67c553a4602de18dd4e87c6866df2834521bff886640d4df99fe2be80f50541e5796ca8085647d431f27d3

Download Submit
C:\Windows\System\OcdTZyV.exe

Filesize
2.2MB

MD5
1c3a00f50ac759ae45eb3699b8a24d57

SHA1
be0c7d828a8aa21fd72f1e2e6b101167b67d73b4

SHA256
4db24ec1842a9b6a517568d4aade6784a7d55d5a011a03bbb420837e3b4c93b3

SHA512
471b87cd460b86278e3409898b45cdecce46e7bd560b80be23fc2199119e19470968a9add5a5122d7e0d2210929fe5d4f80086ee8f0deeb16b430548526c8576

Download Submit
C:\Windows\System\TJHxLxN.exe

Filesize
2.2MB

MD5
0deab438170224aaa8865e880295556d

SHA1
46df8193ffebb9010eb50155fac460c1a3018227

SHA256
f8ca9e36ba4ae0d2c12c5cbe05df5d00fa59fc2a85fb1c98080b8c3497a9efa6

SHA512
a6884a214a3367a26ce1acd90355be9858ca526df306feb2cad5eb00cb3ccd1614cbc651194e5a3b5cb389234d545f27ec587ec2c3f90a4685631eeb2b48320e

Download Submit
C:\Windows\System\Vbsusas.exe

Filesize
2.2MB

MD5
582aacf72b143bb9309cfefa4ea42155

SHA1
d8cf114a4ab37496aba1cc3afaa8eac78588997e

SHA256
e6834f936a0d1bf4cd1f11739c40a7a8e29053cdbba6b15c1f3e6f3480c0bf5b

SHA512
5493358869970373bb3195198b309f7b4b637d908a9ae3b0a3107cb19c83c7925ac88e1627a798c9cb11cc985d2c3501d518815d4fec65dcbc6e6378cfadd5a2

Download Submit
C:\Windows\System\WrvoCAd.exe

Filesize
2.2MB

MD5
aa88fbd126f020b002046903e74dcc32

SHA1
18bceb56dd27758fef1996faf873810f56118942

SHA256
edda40b3cd3187eca48eb41b46df50d5cd379572baccf218dce4734c601a6ea7

SHA512
88619adb8e426894f3038770740a29f64527f2e1d233faa51feb218082e37359b265d44f8cda495be7dc0c8c709da9e36f6e0818710c1a84f6af00ea579e601e

Download Submit
C:\Windows\System\XardDkM.exe

Filesize
2.2MB

MD5
5a3630f83065535668b44b2d1860b8c0

SHA1
9e13506163e7831966703a4b3b4cab30d2c8c58c

SHA256
499796b33df84dbf8619ee28201d6475f3fa89e34907c23d8cf31a881c2c32e9

SHA512
32f99407343212097def2e1355b465b9c7fe09dadf48a443be20b22285831c1f7eb00075f1881ba5c5ad853e776d66e50279f59db5ac13fd63759a04731699d5

Download Submit
C:\Windows\System\YhIsttS.exe

Filesize
2.2MB

MD5
872c43aabcc8bcdc6b226e6a157b35bd

SHA1
d3fd6a9a0a204ab7594a668b774406b205603ea0

SHA256
38d3d2efe1afad7b7fd534fe61a3bd7e9d2c76d4cd8b824cd0b8aa779c9771a3

SHA512
797f8746a03e60ea5f23c396cc48fb675da509f9e22cfd3177ca4a7ec6820374139648122f5145e30547548f9a967b6fbbc3ae8d927e32f1a8bac51a76dd24f4

Download Submit
C:\Windows\System\ZGVlRCZ.exe

Filesize
2.2MB

MD5
71c48ef1ba558b308f6cd30a2c0fd097

SHA1
410b441385ba3e0ac3c2df7adad23caef191643f

SHA256
9ed384395278682dcb166f8bcf290b6a4b9c5bea7345b3e2d1633b00ff6a081c

SHA512
4e7f2376acedead832821d815298a666896c2fe22b87f2e723b8d1831a4fb938f64d68ecbfa24e0ead21d9f1c40ea55870b8b875db658c8d1cf33e30cfd8d706

Download Submit
C:\Windows\System\ZSDAFgP.exe

Filesize
2.2MB

MD5
18742e150f8181ba66d3f9668b86f97f

SHA1
ad81d7fac43a3a1cf25349dc333758be8c206f77

SHA256
293c58e123b7a35aed9ee406ff78262acc4c8ad511c8213478bec94b25967178

SHA512
4e770d47d52ac81ee6f8637f8d00ff093949aae6f85a1fdc684be2d91f93b572bcb2521e3ebf713fe51a21b795743cc1275a94c21f627336b14813a9a139fe82

Download Submit
C:\Windows\System\acXZGaP.exe

Filesize
2.2MB

MD5
2c280c379276b09f81762fdfced7a89f

SHA1
5440bef79d9c623b5f5dd6e33e02f531aa6bd517

SHA256
a920f8970d2d607b41ff2f28809c4164cca8729fb94cbb03c80871d1961ae81d

SHA512
9a5e37f372b9b01a6552416d3c03802810081048c13b9d926f8afc1e9f89f9a73bec1cf695f7b0ba56a529faa86eeacf2601682abe446109920fa2d33e0b819d

Download Submit
C:\Windows\System\bnZWJxO.exe

Filesize
2.2MB

MD5
a5043781413837a560da0ea56ef5a383

SHA1
fe3380c90163fe7a27d6593c8e2ccd0d18f5f416

SHA256
57252c11b18a07765b275ce5f87d66402456d525957fec6f8fadc5579e77f71f

SHA512
8ace430b4f20fc012a7fd03adfb0f616d5de35850520fdda2f8897cec735b72a4c3f4ba6eb985376391de25c057a6998d452fd00bd89126585d874cc61c5734d

Download Submit
C:\Windows\System\clRjjeh.exe

Filesize
2.2MB

MD5
746a2d0bd378d92fab8bc754a18844d0

SHA1
c5f0e6cbec8c06400ee95677dc9d145154844884

SHA256
fa7a6897772d8f6af5ec86be32f1113ee6b4afc6fce3016bb10ad541cd759250

SHA512
2507fb8d56f87602e9f6529ae7cf87a8dd9b81810497d26f8c71c2e8ed2586c43a19a4c61f3b007e1dd973c01a5dece218b07bdee2d1e11555d3577caef5d73d

Download Submit
C:\Windows\System\dFijtfE.exe

Filesize
2.2MB

MD5
e3a3aa935167d442dd518be79828c445

SHA1
861c87a8a63ef5c94fe5ce2042c2497a65666fff

SHA256
a8a701ffabad854eb68344209d4454f101c78511a976bd54b2f87e29bda28f0c

SHA512
68d920397dc2a6af2a4d3b4e493a7726d815dabcfae4f140eeb3b003325cbd3713011b8918ad5c6db1e8b62a90333e86a97bd3ca2ac7ddc6b5946eb23d6cbe22

Download Submit
C:\Windows\System\hfsHbQV.exe

Filesize
2.2MB

MD5
80a5dd3cd25712741ae5fdf5601a9aed

SHA1
c329dc1e284d64a829fd3ac957396b2e6b6b0883

SHA256
ceefa6b7350df2ea00b235047d97cb1a552ddf5de48a128e308503c9ad7c73f2

SHA512
4855e8a7cef5a85fe093773a8b26e8d23d80800789cea8096dd3c30f01e78342999a76f6562305a956de98e720544594d739498aee6819fa4519aac4b20c9945

Download Submit
C:\Windows\System\hvaeXQc.exe

Filesize
2.2MB

MD5
b83dbeb4a726f386791382c2634695d0

SHA1
fd544c4ef36de5eadb755077f4a196ca8d607219

SHA256
c25b7b7ca677e43c1c4f264d8e863208a681576413cc9bfee827e0108c5c1624

SHA512
0431655e42bd2eef11d696b051b87dfbc2947d08d23494ee074cf8f0b26b506ffad6be520ff0f13510252998ab2668def3518a57045568f2c733d51f4fd4ee99

Download Submit
C:\Windows\System\kDxKBAc.exe

Filesize
2.2MB

MD5
598f7c155f0318b3bb1cf419cc8d3de0

SHA1
9b59c4c8bf126a51d3bbcb640a87bfef69532d85

SHA256
8f2da9326aa2cda11d4dfba7e3125c39ed8852586076101e3629ae635bc29b28

SHA512
5d9c8d4df2c48eabfcc89bf9f700ea9602cc5dab80c6b8141e6a32fbe56bb0c94e26940896ff2f9032fa29c35466761c75ec7d0806b74a1ef995c37276e76da4

Download Submit
C:\Windows\System\kEVmosi.exe

Filesize
2.2MB

MD5
eff9dcb7df01eae12435616c03e19809

SHA1
9045d5042213f1896422577ccf81f0bc1924ee06

SHA256
93ecaecb597a01e14d4a5cc34aa573e2eef3f0273a8e1badf767ffd6ca714ba8

SHA512
4c4bd392e730ea6886154b6e0375c8e808b8289fbabfad4bbd7ced27e4ecf6c6c6ae51d49b888f886abcb36a9b5c3e2aa60b96acc371b95b30a0b7aebabe0bf2

Download Submit
C:\Windows\System\lWQgSEt.exe

Filesize
2.2MB

MD5
cb84548d08c3701f7feda4e29a3bee47

SHA1
6bec1b529357dff2694d3cee879c1bb89e399813

SHA256
b8f0cce198b3e21a3241bbf8db6a3fa96257e3c83e4f59f95177616b7ba8c504

SHA512
a960d6ba789d2624ef5976b88747b8a194125d332792d6c31d88a80726a457d2967bee86b27f66ede0b7873208dd8834c0de1de445c80a201fdaffaf377cc3ba

Download Submit
C:\Windows\System\qMsvSxs.exe

Filesize
2.2MB

MD5
84053b84f0b21b71455118fa363e2f13

SHA1
494aca1a52e8eacd4a560de1c8759259c1336b65

SHA256
9df20c61947724d3db18554106b1a36f0e76eea2dfd8402afd795fed3d6bfb4e

SHA512
9fe642be7e13264805a5d518da6c2b70793152f657a467b83141cede7c8e3077c39cfec0587d16130758d015931f92b5d7192fe0b6a6a676c61c6387921d4f89

Download Submit
C:\Windows\System\sCHZSKT.exe

Filesize
2.2MB

MD5
1121846fb7e3612a526f9d0b704f0cdd

SHA1
13cccb7250b3cce619b51afbbb737fb46ec326a9

SHA256
17696c8e2c3e575c1107d09b93670fa1f69db8183e0d3ff10755b2754f9fcb09

SHA512
2016cf4db54731c7ed2e80e14ea04736abc797bd67de0ab8c730e7423a4a3c445aef4835a503c875be693ae253a0375119c7c99bcccbe02432cb397112353723

Download Submit
C:\Windows\System\sTCPyJk.exe

Filesize
2.2MB

MD5
acde767cf0e60d9b8670e654cb68e457

SHA1
661d1c6de41b913cce048be06fdb6461b95c4847

SHA256
269156d5627f0500cda16408a4ca28f1b075074118c8a7f3a3042beeeb0045da

SHA512
c09d5b78fd22c98204151591db5ed1f487c45095a9a54918b72ccfdf330bceb9bb11c39420f3feeb76f4fbb4eb868ed0c20c0af20eff3030d444e9e654578182

Download Submit
C:\Windows\System\tarjUHZ.exe

Filesize
2.2MB

MD5
46109b01d181eaed04b933dfe9594a52

SHA1
9c861314cfc83a4e928b5429e17d948546dd0983

SHA256
fd96ea984423f8c43b510c4bc447c8ba4ebeda2814ec0655e9dedde9c3f90461

SHA512
0d71ae1db8d3f813c6fbfecde9e1adcd16a07e6d6d5633674a46dac033d2be5eb32f4bdc06ccf5d71214305017cc187b2027693127fd88499f0fc5db0c090e81

Download Submit
C:\Windows\System\umeXncf.exe

Filesize
2.2MB

MD5
20b25f80d74e654b3bd33ecb4525c864

SHA1
6735020b7523d9a538d0ad4632760fddefe17690

SHA256
1ba2bfd3b840986349c0d233d697d0fe03e724c7321ae7ab6df375a4dfcc28b3

SHA512
234ac668b71977532cc8b1e780e4e700c1913a5785eb52af05ee73304813da90be4034070f65f62565cbb84fd19aa3c9afc7578c7f54fd73975e47ea008cc283

Download Submit
C:\Windows\System\xNmpHaR.exe

Filesize
2.2MB

MD5
16716a1574da1abf555572702bf90063

SHA1
48a4ae4505ae22edd533c71c8d1ba69a58818b7d

SHA256
cc04c09d768f9a1f5b073cdbc05e73fd7351cbde0e9072ddab92739454d4b1fb

SHA512
f39caf36f20440ed77c7241fd5e4e41d0221fd5aa46824e3b96d8c66c8fc0d2e8c71bfa5442053359faeadbb2c71059a4a20565708b6cd3f16af8a50a568e1f9

Download Submit
C:\Windows\System\yOfhuAf.exe

Filesize
2.2MB

MD5
f5a5f13a0357feac2d436e3eaed297d1

SHA1
92577aacc0388d92476da241461a6aaa886ee19b

SHA256
f2801123246ceb2c945cf4bfcc10811032c97869661b92d9ae429a34e4f5abf1

SHA512
8af232a4a2ced603dc3e6964aab165eee778b1b4d5451ad1d911600ed318f77191278dd58dc3644a79dc7e31902223fd0ee34723fef9646be8b6ce6c4f249b47

Download Submit
C:\Windows\System\yWLjhuX.exe

Filesize
2.2MB

MD5
0da3f6fe004cf1435d96b24304e159da

SHA1
0985f0325502ecd53eeb4c590b93785bcced85eb

SHA256
3f106b29803a6b955bd107c721d0c23f9ea40a9c71d6b9fbc24c0126461bdf3b

SHA512
f7e459a937e8d1cf846deeaf8b0b98e86afa182360cac0d1cc6ba55ea78431ba8ff61526612c1aa7fd98709ba7da843de72dbaa05a53dec723bcfc321d4872b6

Download Submit
C:\Windows\System\zoABHZa.exe

Filesize
2.2MB

MD5
74817b5e9c9cf2c2f2d08082bf37cdab

SHA1
278fc079071f9cc0951aada5575155b3f4caf8f6

SHA256
c74f0048a2a4e535fa546aa89f19c61797915107cfa4ea38cc0b9d052d7f8f01

SHA512
8a1d93c140eafd7c79417fe72c9f4a74c440c9342f2059359bbc4360b98eb5ee78acb8febc69227ba18bc91ff9f1d8c69cbdb24dba17f0a50528dd32c663bfe0

Download Submit
memory/564-523-0x00007FF7F2A90000-0x00007FF7F2DE4000-memory.dmp

Filesize
3.3MB

Download
memory/564-2173-0x00007FF7F2A90000-0x00007FF7F2DE4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2150-0x00007FF755820000-0x00007FF755B74000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2171-0x00007FF755820000-0x00007FF755B74000-memory.dmp

Filesize
3.3MB

Download
memory/1004-522-0x00007FF755820000-0x00007FF755B74000-memory.dmp

Filesize
3.3MB

Download
memory/1260-123-0x00007FF73F5F0000-0x00007FF73F944000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2149-0x00007FF73F5F0000-0x00007FF73F944000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2168-0x00007FF73F5F0000-0x00007FF73F944000-memory.dmp

Filesize
3.3MB

Download
memory/1520-52-0x00007FF67DF00000-0x00007FF67E254000-memory.dmp

Filesize
3.3MB

Download
memory/1520-2158-0x00007FF67DF00000-0x00007FF67E254000-memory.dmp

Filesize
3.3MB

Download
memory/1568-551-0x00007FF782730000-0x00007FF782A84000-memory.dmp

Filesize
3.3MB

Download
memory/1568-2156-0x00007FF782730000-0x00007FF782A84000-memory.dmp

Filesize
3.3MB

Download
memory/1568-34-0x00007FF782730000-0x00007FF782A84000-memory.dmp

Filesize
3.3MB

Download
memory/1584-525-0x00007FF7AA490000-0x00007FF7AA7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2176-0x00007FF7AA490000-0x00007FF7AA7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-524-0x00007FF7A99D0000-0x00007FF7A9D24000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2179-0x00007FF7A99D0000-0x00007FF7A9D24000-memory.dmp

Filesize
3.3MB

Download
memory/1988-2153-0x00007FF632660000-0x00007FF6329B4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-22-0x00007FF632660000-0x00007FF6329B4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2172-0x00007FF69A950000-0x00007FF69ACA4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-558-0x00007FF69A950000-0x00007FF69ACA4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-998-0x00007FF6E20A0000-0x00007FF6E23F4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-36-0x00007FF6E20A0000-0x00007FF6E23F4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2154-0x00007FF6E20A0000-0x00007FF6E23F4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-530-0x00007FF7DB670000-0x00007FF7DB9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2178-0x00007FF7DB670000-0x00007FF7DB9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2177-0x00007FF60F540000-0x00007FF60F894000-memory.dmp

Filesize
3.3MB

Download
memory/2592-527-0x00007FF60F540000-0x00007FF60F894000-memory.dmp

Filesize
3.3MB

Download
memory/2596-114-0x00007FF7C8550000-0x00007FF7C88A4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2166-0x00007FF7C8550000-0x00007FF7C88A4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2145-0x00007FF778900000-0x00007FF778C54000-memory.dmp

Filesize
3.3MB

Download
memory/2932-81-0x00007FF778900000-0x00007FF778C54000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2163-0x00007FF778900000-0x00007FF778C54000-memory.dmp

Filesize
3.3MB

Download
memory/3212-546-0x00007FF609BE0000-0x00007FF609F34000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2174-0x00007FF609BE0000-0x00007FF609F34000-memory.dmp

Filesize
3.3MB

Download
memory/3372-2151-0x00007FF7427D0000-0x00007FF742B24000-memory.dmp

Filesize
3.3MB

Download
memory/3372-10-0x00007FF7427D0000-0x00007FF742B24000-memory.dmp

Filesize
3.3MB

Download
memory/3580-2152-0x00007FF65E9D0000-0x00007FF65ED24000-memory.dmp

Filesize
3.3MB

Download
memory/3580-16-0x00007FF65E9D0000-0x00007FF65ED24000-memory.dmp

Filesize
3.3MB

Download
memory/3580-102-0x00007FF65E9D0000-0x00007FF65ED24000-memory.dmp

Filesize
3.3MB

Download
memory/3592-2146-0x00007FF7847D0000-0x00007FF784B24000-memory.dmp

Filesize
3.3MB

Download
memory/3592-84-0x00007FF7847D0000-0x00007FF784B24000-memory.dmp

Filesize
3.3MB

Download
memory/3592-2164-0x00007FF7847D0000-0x00007FF784B24000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2167-0x00007FF7F6BA0000-0x00007FF7F6EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4552-115-0x00007FF7F6BA0000-0x00007FF7F6EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2161-0x00007FF6F82C0000-0x00007FF6F8614000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2144-0x00007FF6F82C0000-0x00007FF6F8614000-memory.dmp

Filesize
3.3MB

Download
memory/4580-79-0x00007FF6F82C0000-0x00007FF6F8614000-memory.dmp

Filesize
3.3MB

Download
memory/4688-68-0x00007FF60D280000-0x00007FF60D5D4000-memory.dmp

Filesize
3.3MB

Download
memory/4688-2160-0x00007FF60D280000-0x00007FF60D5D4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-2162-0x00007FF7F4020000-0x00007FF7F4374000-memory.dmp

Filesize
3.3MB

Download
memory/5076-74-0x00007FF7F4020000-0x00007FF7F4374000-memory.dmp

Filesize
3.3MB

Download
memory/5076-1836-0x00007FF7F4020000-0x00007FF7F4374000-memory.dmp

Filesize
3.3MB

Download
memory/5116-29-0x00007FF721780000-0x00007FF721AD4000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2155-0x00007FF721780000-0x00007FF721AD4000-memory.dmp

Filesize
3.3MB

Download
memory/5116-111-0x00007FF721780000-0x00007FF721AD4000-memory.dmp

Filesize
3.3MB

Download
memory/5212-2159-0x00007FF6EF440000-0x00007FF6EF794000-memory.dmp

Filesize
3.3MB

Download
memory/5212-63-0x00007FF6EF440000-0x00007FF6EF794000-memory.dmp

Filesize
3.3MB

Download
memory/5340-2157-0x00007FF6D02A0000-0x00007FF6D05F4000-memory.dmp

Filesize
3.3MB

Download
memory/5340-50-0x00007FF6D02A0000-0x00007FF6D05F4000-memory.dmp

Filesize
3.3MB

Download
memory/5424-2148-0x00007FF69A770000-0x00007FF69AAC4000-memory.dmp

Filesize
3.3MB

Download
memory/5424-119-0x00007FF69A770000-0x00007FF69AAC4000-memory.dmp

Filesize
3.3MB

Download
memory/5424-2170-0x00007FF69A770000-0x00007FF69AAC4000-memory.dmp

Filesize
3.3MB

Download
memory/5516-545-0x00007FF7A08F0000-0x00007FF7A0C44000-memory.dmp

Filesize
3.3MB

Download
memory/5516-2175-0x00007FF7A08F0000-0x00007FF7A0C44000-memory.dmp

Filesize
3.3MB

Download
memory/5668-2169-0x00007FF7F34C0000-0x00007FF7F3814000-memory.dmp

Filesize
3.3MB

Download
memory/5668-130-0x00007FF7F34C0000-0x00007FF7F3814000-memory.dmp

Filesize
3.3MB

Download
memory/5728-83-0x00007FF779230000-0x00007FF779584000-memory.dmp

Filesize
3.3MB

Download
memory/5728-0-0x00007FF779230000-0x00007FF779584000-memory.dmp

Filesize
3.3MB

Download
memory/5728-1-0x00000241D0630000-0x00000241D0640000-memory.dmp

Filesize
64KB

Download
memory/5940-2147-0x00007FF73FF10000-0x00007FF740264000-memory.dmp

Filesize
3.3MB

Download
memory/5940-91-0x00007FF73FF10000-0x00007FF740264000-memory.dmp

Filesize
3.3MB

Download
memory/5940-2165-0x00007FF73FF10000-0x00007FF740264000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads