xmrig | 2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7

Analysis

max time kernel
150s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
Size

2.1MB
MD5

659b05fe9b7a7f919417321f6cf55d80
SHA1

74ee8eef16a379eb23926cf46329bcfa68c02f06
SHA256

2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7
SHA512

35b69b5c1fce25ac488fd83c709a1099047c308406de2ca2338a206d313b4ab60259b551c0fee49d551c67627b95e90dfe977cf7138245e124d34d24b243d348
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+A8JhP703lq:BemTLkNdfE0pZrp

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1048-0-0x00007FF614D70000-0x00007FF6150C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-7.dat	xmrig
behavioral2/memory/2292-10-0x00007FF72D430000-0x00007FF72D784000-memory.dmp	xmrig
behavioral2/memory/3188-33-0x00007FF6CAD60000-0x00007FF6CB0B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-55.dat	xmrig
behavioral2/files/0x0007000000023427-64.dat	xmrig
behavioral2/files/0x0007000000023428-80.dat	xmrig
behavioral2/files/0x000700000002342e-96.dat	xmrig
behavioral2/memory/4388-109-0x00007FF615BA0000-0x00007FF615EF4000-memory.dmp	xmrig
behavioral2/memory/4972-122-0x00007FF7B01D0000-0x00007FF7B0524000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-140.dat	xmrig
behavioral2/memory/452-153-0x00007FF70C7A0000-0x00007FF70CAF4000-memory.dmp	xmrig
behavioral2/memory/4572-157-0x00007FF7453E0000-0x00007FF745734000-memory.dmp	xmrig
behavioral2/memory/3916-161-0x00007FF789260000-0x00007FF7895B4000-memory.dmp	xmrig
behavioral2/memory/1076-166-0x00007FF7A7CD0000-0x00007FF7A8024000-memory.dmp	xmrig
behavioral2/memory/2336-170-0x00007FF7D07B0000-0x00007FF7D0B04000-memory.dmp	xmrig
behavioral2/memory/3064-169-0x00007FF787020000-0x00007FF787374000-memory.dmp	xmrig
behavioral2/memory/4492-168-0x00007FF7E4810000-0x00007FF7E4B64000-memory.dmp	xmrig
behavioral2/memory/1944-167-0x00007FF7A0430000-0x00007FF7A0784000-memory.dmp	xmrig
behavioral2/memory/4532-165-0x00007FF673EF0000-0x00007FF674244000-memory.dmp	xmrig
behavioral2/memory/1660-164-0x00007FF776A70000-0x00007FF776DC4000-memory.dmp	xmrig
behavioral2/memory/4500-163-0x00007FF6A3CE0000-0x00007FF6A4034000-memory.dmp	xmrig
behavioral2/memory/3244-162-0x00007FF6F3E00000-0x00007FF6F4154000-memory.dmp	xmrig
behavioral2/memory/2720-160-0x00007FF723AA0000-0x00007FF723DF4000-memory.dmp	xmrig
behavioral2/memory/5064-159-0x00007FF643050000-0x00007FF6433A4000-memory.dmp	xmrig
behavioral2/memory/4172-158-0x00007FF669400000-0x00007FF669754000-memory.dmp	xmrig
behavioral2/memory/5028-156-0x00007FF62F1A0000-0x00007FF62F4F4000-memory.dmp	xmrig
behavioral2/memory/2308-155-0x00007FF7A8830000-0x00007FF7A8B84000-memory.dmp	xmrig
behavioral2/memory/3360-154-0x00007FF69AC90000-0x00007FF69AFE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023437-151.dat	xmrig
behavioral2/files/0x0007000000023436-149.dat	xmrig
behavioral2/files/0x0007000000023435-147.dat	xmrig
behavioral2/files/0x0007000000023434-145.dat	xmrig
behavioral2/memory/3204-144-0x00007FF651070000-0x00007FF6513C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-142.dat	xmrig
behavioral2/files/0x0007000000023431-138.dat	xmrig
behavioral2/memory/5080-137-0x00007FF69BF30000-0x00007FF69C284000-memory.dmp	xmrig
behavioral2/memory/2672-136-0x00007FF72CA70000-0x00007FF72CDC4000-memory.dmp	xmrig
behavioral2/memory/2352-129-0x00007FF6E5020000-0x00007FF6E5374000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-119.dat	xmrig
behavioral2/files/0x000700000002342c-116.dat	xmrig
behavioral2/files/0x0007000000023430-114.dat	xmrig
behavioral2/files/0x000700000002342b-112.dat	xmrig
behavioral2/files/0x000700000002342a-101.dat	xmrig
behavioral2/files/0x000700000002342f-100.dat	xmrig
behavioral2/files/0x000700000002343a-193.dat	xmrig
behavioral2/files/0x0007000000023439-188.dat	xmrig
behavioral2/files/0x000700000002343b-190.dat	xmrig
behavioral2/memory/4292-179-0x00007FF7FC8C0000-0x00007FF7FCC14000-memory.dmp	xmrig
behavioral2/files/0x0009000000023419-182.dat	xmrig
behavioral2/files/0x0007000000023438-176.dat	xmrig
behavioral2/files/0x0007000000023429-89.dat	xmrig
behavioral2/memory/3572-87-0x00007FF623B70000-0x00007FF623EC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-59.dat	xmrig
behavioral2/files/0x0007000000023425-57.dat	xmrig
behavioral2/files/0x0007000000023422-53.dat	xmrig
behavioral2/files/0x0007000000023421-51.dat	xmrig
behavioral2/files/0x0007000000023423-44.dat	xmrig
behavioral2/files/0x0007000000023420-28.dat	xmrig
behavioral2/memory/1832-24-0x00007FF794500000-0x00007FF794854000-memory.dmp	xmrig
behavioral2/files/0x000700000002341f-19.dat	xmrig
behavioral2/files/0x000800000002341d-20.dat	xmrig
behavioral2/files/0x00090000000233e5-12.dat	xmrig
behavioral2/memory/1048-2088-0x00007FF614D70000-0x00007FF6150C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2292	MQfdDxo.exe
1832	XQLjPrf.exe
3188	BCzAadp.exe
1076	VqRkEgd.exe
1944	LhmNOZP.exe
3572	CAGMsVG.exe
4388	vQqFfJw.exe
4492	FVjjEgg.exe
4972	EYHSQKh.exe
2352	DSRmoPi.exe
2672	VyBMQeV.exe
5080	pKqWioJ.exe
3204	eEGUYum.exe
452	IthYXyi.exe
3360	HNGHrFd.exe
2308	DNATYjH.exe
3064	ViFuJvK.exe
5028	NWKkqJr.exe
4572	FJETeyu.exe
4172	OTcPbFw.exe
5064	fjZARdo.exe
2720	wRYGQPn.exe
3916	aZApFrY.exe
3244	CKiAdlk.exe
2336	AihuyhI.exe
4500	qzhwtKT.exe
1660	KdJfBzB.exe
4532	aSkNVmS.exe
4292	FkTSRnT.exe
4416	SUqcgeI.exe
5040	qgwRrUs.exe
4836	NAoMqiU.exe
2212	RxnbLVU.exe
2376	hLubYTo.exe
3340	iCNkpnB.exe
2848	cfmwYou.exe
3376	krKvHCg.exe
1112	BImLgAX.exe
4996	NSugEiH.exe
2020	lcZMdKD.exe
4488	QdwRrpv.exe
3124	BVmjtSQ.exe
3416	nURxJLh.exe
3164	KNxwffc.exe
2280	JREcMIS.exe
1336	ZmYWMQk.exe
324	aiCBtjM.exe
5052	gXhnUeX.exe
4612	OraZthh.exe
2164	huaSqZt.exe
3636	NMfTOqP.exe
2768	MyPXRJf.exe
2116	ipXvSwc.exe
1284	TVdhteh.exe
3484	ZTcoRZE.exe
400	XaCQhtx.exe
3724	YWAbGHR.exe
4824	mVdfqvk.exe
1664	iurKaMQ.exe
1756	aMBZgXI.exe
3500	Qsfzckm.exe
2884	gNxJYxw.exe
3212	oNJXWXy.exe
4968	ROEOLlA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1048-0-0x00007FF614D70000-0x00007FF6150C4000-memory.dmp	upx
behavioral2/files/0x000700000002341e-7.dat	upx
behavioral2/memory/2292-10-0x00007FF72D430000-0x00007FF72D784000-memory.dmp	upx
behavioral2/memory/3188-33-0x00007FF6CAD60000-0x00007FF6CB0B4000-memory.dmp	upx
behavioral2/files/0x0007000000023424-55.dat	upx
behavioral2/files/0x0007000000023427-64.dat	upx
behavioral2/files/0x0007000000023428-80.dat	upx
behavioral2/files/0x000700000002342e-96.dat	upx
behavioral2/memory/4388-109-0x00007FF615BA0000-0x00007FF615EF4000-memory.dmp	upx
behavioral2/memory/4972-122-0x00007FF7B01D0000-0x00007FF7B0524000-memory.dmp	upx
behavioral2/files/0x0007000000023432-140.dat	upx
behavioral2/memory/452-153-0x00007FF70C7A0000-0x00007FF70CAF4000-memory.dmp	upx
behavioral2/memory/4572-157-0x00007FF7453E0000-0x00007FF745734000-memory.dmp	upx
behavioral2/memory/3916-161-0x00007FF789260000-0x00007FF7895B4000-memory.dmp	upx
behavioral2/memory/1076-166-0x00007FF7A7CD0000-0x00007FF7A8024000-memory.dmp	upx
behavioral2/memory/2336-170-0x00007FF7D07B0000-0x00007FF7D0B04000-memory.dmp	upx
behavioral2/memory/3064-169-0x00007FF787020000-0x00007FF787374000-memory.dmp	upx
behavioral2/memory/4492-168-0x00007FF7E4810000-0x00007FF7E4B64000-memory.dmp	upx
behavioral2/memory/1944-167-0x00007FF7A0430000-0x00007FF7A0784000-memory.dmp	upx
behavioral2/memory/4532-165-0x00007FF673EF0000-0x00007FF674244000-memory.dmp	upx
behavioral2/memory/1660-164-0x00007FF776A70000-0x00007FF776DC4000-memory.dmp	upx
behavioral2/memory/4500-163-0x00007FF6A3CE0000-0x00007FF6A4034000-memory.dmp	upx
behavioral2/memory/3244-162-0x00007FF6F3E00000-0x00007FF6F4154000-memory.dmp	upx
behavioral2/memory/2720-160-0x00007FF723AA0000-0x00007FF723DF4000-memory.dmp	upx
behavioral2/memory/5064-159-0x00007FF643050000-0x00007FF6433A4000-memory.dmp	upx
behavioral2/memory/4172-158-0x00007FF669400000-0x00007FF669754000-memory.dmp	upx
behavioral2/memory/5028-156-0x00007FF62F1A0000-0x00007FF62F4F4000-memory.dmp	upx
behavioral2/memory/2308-155-0x00007FF7A8830000-0x00007FF7A8B84000-memory.dmp	upx
behavioral2/memory/3360-154-0x00007FF69AC90000-0x00007FF69AFE4000-memory.dmp	upx
behavioral2/files/0x0007000000023437-151.dat	upx
behavioral2/files/0x0007000000023436-149.dat	upx
behavioral2/files/0x0007000000023435-147.dat	upx
behavioral2/files/0x0007000000023434-145.dat	upx
behavioral2/memory/3204-144-0x00007FF651070000-0x00007FF6513C4000-memory.dmp	upx
behavioral2/files/0x0007000000023433-142.dat	upx
behavioral2/files/0x0007000000023431-138.dat	upx
behavioral2/memory/5080-137-0x00007FF69BF30000-0x00007FF69C284000-memory.dmp	upx
behavioral2/memory/2672-136-0x00007FF72CA70000-0x00007FF72CDC4000-memory.dmp	upx
behavioral2/memory/2352-129-0x00007FF6E5020000-0x00007FF6E5374000-memory.dmp	upx
behavioral2/files/0x000700000002342d-119.dat	upx
behavioral2/files/0x000700000002342c-116.dat	upx
behavioral2/files/0x0007000000023430-114.dat	upx
behavioral2/files/0x000700000002342b-112.dat	upx
behavioral2/files/0x000700000002342a-101.dat	upx
behavioral2/files/0x000700000002342f-100.dat	upx
behavioral2/files/0x000700000002343a-193.dat	upx
behavioral2/files/0x0007000000023439-188.dat	upx
behavioral2/files/0x000700000002343b-190.dat	upx
behavioral2/memory/4292-179-0x00007FF7FC8C0000-0x00007FF7FCC14000-memory.dmp	upx
behavioral2/files/0x0009000000023419-182.dat	upx
behavioral2/files/0x0007000000023438-176.dat	upx
behavioral2/files/0x0007000000023429-89.dat	upx
behavioral2/memory/3572-87-0x00007FF623B70000-0x00007FF623EC4000-memory.dmp	upx
behavioral2/files/0x0007000000023426-59.dat	upx
behavioral2/files/0x0007000000023425-57.dat	upx
behavioral2/files/0x0007000000023422-53.dat	upx
behavioral2/files/0x0007000000023421-51.dat	upx
behavioral2/files/0x0007000000023423-44.dat	upx
behavioral2/files/0x0007000000023420-28.dat	upx
behavioral2/memory/1832-24-0x00007FF794500000-0x00007FF794854000-memory.dmp	upx
behavioral2/files/0x000700000002341f-19.dat	upx
behavioral2/files/0x000800000002341d-20.dat	upx
behavioral2/files/0x00090000000233e5-12.dat	upx
behavioral2/memory/1048-2088-0x00007FF614D70000-0x00007FF6150C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UtekrBC.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\pVHDfgX.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\LnGeLJj.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\aMBZgXI.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\AcOHNdu.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\CGuiuku.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\heGYvLW.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\LHFKfyz.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\BwkYzHa.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\CAGMsVG.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\LSlEqGu.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\cMwWZyB.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\DicGZTy.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\auGsEsJ.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\etcuJvv.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\QgIpGwg.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\XQLjPrf.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\pIHnBfK.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\OzpPZNB.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\ZhvQSmt.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\dwSmgig.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\HdgvkIb.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\tKPlhId.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\OTSivvD.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\OTcPbFw.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\EnBsGjJ.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\dMboEHC.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\MILjnHH.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\HkEtTrb.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\pwZaabH.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\CLaIRsg.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\jdjZgHW.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\kqbmMPS.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\sevnHjP.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\hsmxGmf.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\YDlNUYo.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\gAEiYDj.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\VyBMQeV.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\NMfTOqP.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\SipuYOH.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\xDfIeWY.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\rYWoVNd.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\SFCbyHZ.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\hemXSxl.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\iGYKlFy.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\SsSXRlH.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\AMhLShz.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\MPlKxlg.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\vgyUafw.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\WIsSVvz.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\ZtpycUu.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\flkUSig.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\JbGMNiW.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\jsySlPq.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\tbcTmoq.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\kOJLMnB.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\NtMHmRB.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\gQlfKsJ.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\vTzmrqv.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\lipVKpx.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\uuwIRCz.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\JjJUJAm.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\JuOSlWO.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
File created	C:\Windows\System\oBLBFEK.exe	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15308	dwm.exe
Token: SeChangeNotifyPrivilege	15308	dwm.exe
Token: 33	15308	dwm.exe
Token: SeIncBasePriorityPrivilege	15308	dwm.exe
Token: SeShutdownPrivilege	15308	dwm.exe
Token: SeCreatePagefilePrivilege	15308	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 2292	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	83
PID 1048 wrote to memory of 2292	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	83
PID 1048 wrote to memory of 1832	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	84
PID 1048 wrote to memory of 1832	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	84
PID 1048 wrote to memory of 3188	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	85
PID 1048 wrote to memory of 3188	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	85
PID 1048 wrote to memory of 1076	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	86
PID 1048 wrote to memory of 1076	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	86
PID 1048 wrote to memory of 1944	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	87
PID 1048 wrote to memory of 1944	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	87
PID 1048 wrote to memory of 3572	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	88
PID 1048 wrote to memory of 3572	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	88
PID 1048 wrote to memory of 4388	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	89
PID 1048 wrote to memory of 4388	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	89
PID 1048 wrote to memory of 4492	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	90
PID 1048 wrote to memory of 4492	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	90
PID 1048 wrote to memory of 4972	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	91
PID 1048 wrote to memory of 4972	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	91
PID 1048 wrote to memory of 2352	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	92
PID 1048 wrote to memory of 2352	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	92
PID 1048 wrote to memory of 2672	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	93
PID 1048 wrote to memory of 2672	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	93
PID 1048 wrote to memory of 5080	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	94
PID 1048 wrote to memory of 5080	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	94
PID 1048 wrote to memory of 3204	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	95
PID 1048 wrote to memory of 3204	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	95
PID 1048 wrote to memory of 452	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	96
PID 1048 wrote to memory of 452	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	96
PID 1048 wrote to memory of 3360	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	97
PID 1048 wrote to memory of 3360	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	97
PID 1048 wrote to memory of 2308	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	98
PID 1048 wrote to memory of 2308	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	98
PID 1048 wrote to memory of 5064	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	99
PID 1048 wrote to memory of 5064	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	99
PID 1048 wrote to memory of 3064	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	100
PID 1048 wrote to memory of 3064	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	100
PID 1048 wrote to memory of 5028	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	101
PID 1048 wrote to memory of 5028	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	101
PID 1048 wrote to memory of 4572	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	102
PID 1048 wrote to memory of 4572	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	102
PID 1048 wrote to memory of 4172	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	103
PID 1048 wrote to memory of 4172	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	103
PID 1048 wrote to memory of 2720	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	104
PID 1048 wrote to memory of 2720	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	104
PID 1048 wrote to memory of 3916	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	105
PID 1048 wrote to memory of 3916	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	105
PID 1048 wrote to memory of 3244	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	106
PID 1048 wrote to memory of 3244	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	106
PID 1048 wrote to memory of 2336	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	107
PID 1048 wrote to memory of 2336	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	107
PID 1048 wrote to memory of 4500	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	108
PID 1048 wrote to memory of 4500	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	108
PID 1048 wrote to memory of 1660	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	109
PID 1048 wrote to memory of 1660	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	109
PID 1048 wrote to memory of 4532	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	110
PID 1048 wrote to memory of 4532	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	110
PID 1048 wrote to memory of 4292	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	111
PID 1048 wrote to memory of 4292	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	111
PID 1048 wrote to memory of 4416	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	112
PID 1048 wrote to memory of 4416	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	112
PID 1048 wrote to memory of 5040	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	113
PID 1048 wrote to memory of 5040	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	113
PID 1048 wrote to memory of 4836	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	114
PID 1048 wrote to memory of 4836	1048	2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2a0bed96a3db49155a3810c8945b6d304d78ef01e184ded64a7143342d813ce7_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\System\MQfdDxo.exe
  C:\Windows\System\MQfdDxo.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\XQLjPrf.exe
  C:\Windows\System\XQLjPrf.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\BCzAadp.exe
  C:\Windows\System\BCzAadp.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\VqRkEgd.exe
  C:\Windows\System\VqRkEgd.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\LhmNOZP.exe
  C:\Windows\System\LhmNOZP.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\CAGMsVG.exe
  C:\Windows\System\CAGMsVG.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\vQqFfJw.exe
  C:\Windows\System\vQqFfJw.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\FVjjEgg.exe
  C:\Windows\System\FVjjEgg.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\EYHSQKh.exe
  C:\Windows\System\EYHSQKh.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\DSRmoPi.exe
  C:\Windows\System\DSRmoPi.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\VyBMQeV.exe
  C:\Windows\System\VyBMQeV.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\pKqWioJ.exe
  C:\Windows\System\pKqWioJ.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\eEGUYum.exe
  C:\Windows\System\eEGUYum.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\IthYXyi.exe
  C:\Windows\System\IthYXyi.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\HNGHrFd.exe
  C:\Windows\System\HNGHrFd.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\DNATYjH.exe
  C:\Windows\System\DNATYjH.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\fjZARdo.exe
  C:\Windows\System\fjZARdo.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\ViFuJvK.exe
  C:\Windows\System\ViFuJvK.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\NWKkqJr.exe
  C:\Windows\System\NWKkqJr.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\FJETeyu.exe
  C:\Windows\System\FJETeyu.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\OTcPbFw.exe
  C:\Windows\System\OTcPbFw.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\wRYGQPn.exe
  C:\Windows\System\wRYGQPn.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\aZApFrY.exe
  C:\Windows\System\aZApFrY.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\CKiAdlk.exe
  C:\Windows\System\CKiAdlk.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\AihuyhI.exe
  C:\Windows\System\AihuyhI.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\qzhwtKT.exe
  C:\Windows\System\qzhwtKT.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\KdJfBzB.exe
  C:\Windows\System\KdJfBzB.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\aSkNVmS.exe
  C:\Windows\System\aSkNVmS.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\FkTSRnT.exe
  C:\Windows\System\FkTSRnT.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\SUqcgeI.exe
  C:\Windows\System\SUqcgeI.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\qgwRrUs.exe
  C:\Windows\System\qgwRrUs.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\NAoMqiU.exe
  C:\Windows\System\NAoMqiU.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\RxnbLVU.exe
  C:\Windows\System\RxnbLVU.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\hLubYTo.exe
  C:\Windows\System\hLubYTo.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\iCNkpnB.exe
  C:\Windows\System\iCNkpnB.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\cfmwYou.exe
  C:\Windows\System\cfmwYou.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\krKvHCg.exe
  C:\Windows\System\krKvHCg.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\BImLgAX.exe
  C:\Windows\System\BImLgAX.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\NSugEiH.exe
  C:\Windows\System\NSugEiH.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\lcZMdKD.exe
  C:\Windows\System\lcZMdKD.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\QdwRrpv.exe
  C:\Windows\System\QdwRrpv.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\BVmjtSQ.exe
  C:\Windows\System\BVmjtSQ.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\nURxJLh.exe
  C:\Windows\System\nURxJLh.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\KNxwffc.exe
  C:\Windows\System\KNxwffc.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\ZmYWMQk.exe
  C:\Windows\System\ZmYWMQk.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\JREcMIS.exe
  C:\Windows\System\JREcMIS.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\aiCBtjM.exe
  C:\Windows\System\aiCBtjM.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\gXhnUeX.exe
  C:\Windows\System\gXhnUeX.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\OraZthh.exe
  C:\Windows\System\OraZthh.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\huaSqZt.exe
  C:\Windows\System\huaSqZt.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\NMfTOqP.exe
  C:\Windows\System\NMfTOqP.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\MyPXRJf.exe
  C:\Windows\System\MyPXRJf.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\ipXvSwc.exe
  C:\Windows\System\ipXvSwc.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\TVdhteh.exe
  C:\Windows\System\TVdhteh.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\ZTcoRZE.exe
  C:\Windows\System\ZTcoRZE.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\XaCQhtx.exe
  C:\Windows\System\XaCQhtx.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\YWAbGHR.exe
  C:\Windows\System\YWAbGHR.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\mVdfqvk.exe
  C:\Windows\System\mVdfqvk.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\iurKaMQ.exe
  C:\Windows\System\iurKaMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\aMBZgXI.exe
  C:\Windows\System\aMBZgXI.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\Qsfzckm.exe
  C:\Windows\System\Qsfzckm.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\gNxJYxw.exe
  C:\Windows\System\gNxJYxw.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\oNJXWXy.exe
  C:\Windows\System\oNJXWXy.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\ROEOLlA.exe
  C:\Windows\System\ROEOLlA.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\MpHgOuU.exe
  C:\Windows\System\MpHgOuU.exe
  2⤵
  PID:3504
- C:\Windows\System\PRuGNLL.exe
  C:\Windows\System\PRuGNLL.exe
  2⤵
  PID:4604
- C:\Windows\System\aNIaEGG.exe
  C:\Windows\System\aNIaEGG.exe
  2⤵
  PID:2956
- C:\Windows\System\qjoAgLc.exe
  C:\Windows\System\qjoAgLc.exe
  2⤵
  PID:4664
- C:\Windows\System\sydTPMp.exe
  C:\Windows\System\sydTPMp.exe
  2⤵
  PID:3752
- C:\Windows\System\ohpzcZb.exe
  C:\Windows\System\ohpzcZb.exe
  2⤵
  PID:2140
- C:\Windows\System\hYFCcli.exe
  C:\Windows\System\hYFCcli.exe
  2⤵
  PID:772
- C:\Windows\System\VoxScAx.exe
  C:\Windows\System\VoxScAx.exe
  2⤵
  PID:3020
- C:\Windows\System\gXrJBHn.exe
  C:\Windows\System\gXrJBHn.exe
  2⤵
  PID:3100
- C:\Windows\System\HXxpDEE.exe
  C:\Windows\System\HXxpDEE.exe
  2⤵
  PID:1740
- C:\Windows\System\MAJYpUW.exe
  C:\Windows\System\MAJYpUW.exe
  2⤵
  PID:2356
- C:\Windows\System\kMnSPPT.exe
  C:\Windows\System\kMnSPPT.exe
  2⤵
  PID:4024
- C:\Windows\System\LrHzPku.exe
  C:\Windows\System\LrHzPku.exe
  2⤵
  PID:1984
- C:\Windows\System\WncyVZv.exe
  C:\Windows\System\WncyVZv.exe
  2⤵
  PID:2360
- C:\Windows\System\zhjKgGf.exe
  C:\Windows\System\zhjKgGf.exe
  2⤵
  PID:3828
- C:\Windows\System\SwknBKS.exe
  C:\Windows\System\SwknBKS.exe
  2⤵
  PID:4800
- C:\Windows\System\idpATpd.exe
  C:\Windows\System\idpATpd.exe
  2⤵
  PID:3348
- C:\Windows\System\SipuYOH.exe
  C:\Windows\System\SipuYOH.exe
  2⤵
  PID:2448
- C:\Windows\System\ZDLLbzV.exe
  C:\Windows\System\ZDLLbzV.exe
  2⤵
  PID:3432
- C:\Windows\System\zllesLt.exe
  C:\Windows\System\zllesLt.exe
  2⤵
  PID:4960
- C:\Windows\System\GWXLthq.exe
  C:\Windows\System\GWXLthq.exe
  2⤵
  PID:1744
- C:\Windows\System\SnrTwGq.exe
  C:\Windows\System\SnrTwGq.exe
  2⤵
  PID:2248
- C:\Windows\System\EnBsGjJ.exe
  C:\Windows\System\EnBsGjJ.exe
  2⤵
  PID:3928
- C:\Windows\System\XgqfZjH.exe
  C:\Windows\System\XgqfZjH.exe
  2⤵
  PID:3800
- C:\Windows\System\ScHrgak.exe
  C:\Windows\System\ScHrgak.exe
  2⤵
  PID:1068
- C:\Windows\System\bMQkSzE.exe
  C:\Windows\System\bMQkSzE.exe
  2⤵
  PID:5136
- C:\Windows\System\OjfYMUh.exe
  C:\Windows\System\OjfYMUh.exe
  2⤵
  PID:5172
- C:\Windows\System\iHvHWMX.exe
  C:\Windows\System\iHvHWMX.exe
  2⤵
  PID:5188
- C:\Windows\System\BfxFVzR.exe
  C:\Windows\System\BfxFVzR.exe
  2⤵
  PID:5216
- C:\Windows\System\IpbNLOc.exe
  C:\Windows\System\IpbNLOc.exe
  2⤵
  PID:5244
- C:\Windows\System\ZezpUBv.exe
  C:\Windows\System\ZezpUBv.exe
  2⤵
  PID:5280
- C:\Windows\System\HGMLGNk.exe
  C:\Windows\System\HGMLGNk.exe
  2⤵
  PID:5312
- C:\Windows\System\OGOaYHg.exe
  C:\Windows\System\OGOaYHg.exe
  2⤵
  PID:5356
- C:\Windows\System\dZOpWxm.exe
  C:\Windows\System\dZOpWxm.exe
  2⤵
  PID:5392
- C:\Windows\System\WKzzfTt.exe
  C:\Windows\System\WKzzfTt.exe
  2⤵
  PID:5420
- C:\Windows\System\GEZFXcD.exe
  C:\Windows\System\GEZFXcD.exe
  2⤵
  PID:5448
- C:\Windows\System\xTfgmpa.exe
  C:\Windows\System\xTfgmpa.exe
  2⤵
  PID:5480
- C:\Windows\System\NtMHmRB.exe
  C:\Windows\System\NtMHmRB.exe
  2⤵
  PID:5508
- C:\Windows\System\uxnLddN.exe
  C:\Windows\System\uxnLddN.exe
  2⤵
  PID:5536
- C:\Windows\System\XYEtwAy.exe
  C:\Windows\System\XYEtwAy.exe
  2⤵
  PID:5572
- C:\Windows\System\QfTOQEr.exe
  C:\Windows\System\QfTOQEr.exe
  2⤵
  PID:5600
- C:\Windows\System\RQNqmMt.exe
  C:\Windows\System\RQNqmMt.exe
  2⤵
  PID:5632
- C:\Windows\System\CFoBjcS.exe
  C:\Windows\System\CFoBjcS.exe
  2⤵
  PID:5656
- C:\Windows\System\ASwvIES.exe
  C:\Windows\System\ASwvIES.exe
  2⤵
  PID:5684
- C:\Windows\System\cPxEfsy.exe
  C:\Windows\System\cPxEfsy.exe
  2⤵
  PID:5712
- C:\Windows\System\aFZZCaC.exe
  C:\Windows\System\aFZZCaC.exe
  2⤵
  PID:5748
- C:\Windows\System\sfTFFeP.exe
  C:\Windows\System\sfTFFeP.exe
  2⤵
  PID:5776
- C:\Windows\System\nVsLOIW.exe
  C:\Windows\System\nVsLOIW.exe
  2⤵
  PID:5804
- C:\Windows\System\DBmGOCH.exe
  C:\Windows\System\DBmGOCH.exe
  2⤵
  PID:5836
- C:\Windows\System\tPqLAOV.exe
  C:\Windows\System\tPqLAOV.exe
  2⤵
  PID:5864
- C:\Windows\System\LSlEqGu.exe
  C:\Windows\System\LSlEqGu.exe
  2⤵
  PID:5880
- C:\Windows\System\YyoEhSz.exe
  C:\Windows\System\YyoEhSz.exe
  2⤵
  PID:5896
- C:\Windows\System\CocrxYj.exe
  C:\Windows\System\CocrxYj.exe
  2⤵
  PID:5916
- C:\Windows\System\mzcSkPV.exe
  C:\Windows\System\mzcSkPV.exe
  2⤵
  PID:5952
- C:\Windows\System\mHmVHVA.exe
  C:\Windows\System\mHmVHVA.exe
  2⤵
  PID:5980
- C:\Windows\System\GsDoNBi.exe
  C:\Windows\System\GsDoNBi.exe
  2⤵
  PID:5996
- C:\Windows\System\tZdzZXb.exe
  C:\Windows\System\tZdzZXb.exe
  2⤵
  PID:6028
- C:\Windows\System\jBqXFDY.exe
  C:\Windows\System\jBqXFDY.exe
  2⤵
  PID:6056
- C:\Windows\System\uoFvehE.exe
  C:\Windows\System\uoFvehE.exe
  2⤵
  PID:6092
- C:\Windows\System\RDOmtdk.exe
  C:\Windows\System\RDOmtdk.exe
  2⤵
  PID:6124
- C:\Windows\System\ngFIACS.exe
  C:\Windows\System\ngFIACS.exe
  2⤵
  PID:5184
- C:\Windows\System\mPvRDoX.exe
  C:\Windows\System\mPvRDoX.exe
  2⤵
  PID:5232
- C:\Windows\System\BKYwuNG.exe
  C:\Windows\System\BKYwuNG.exe
  2⤵
  PID:5308
- C:\Windows\System\bDvlUBv.exe
  C:\Windows\System\bDvlUBv.exe
  2⤵
  PID:2880
- C:\Windows\System\jqewdxR.exe
  C:\Windows\System\jqewdxR.exe
  2⤵
  PID:5444
- C:\Windows\System\RsStaUe.exe
  C:\Windows\System\RsStaUe.exe
  2⤵
  PID:5504
- C:\Windows\System\tCGylsM.exe
  C:\Windows\System\tCGylsM.exe
  2⤵
  PID:5568
- C:\Windows\System\pgKSlsC.exe
  C:\Windows\System\pgKSlsC.exe
  2⤵
  PID:5652
- C:\Windows\System\NKcbove.exe
  C:\Windows\System\NKcbove.exe
  2⤵
  PID:5724
- C:\Windows\System\ZqzLkLS.exe
  C:\Windows\System\ZqzLkLS.exe
  2⤵
  PID:5772
- C:\Windows\System\dMboEHC.exe
  C:\Windows\System\dMboEHC.exe
  2⤵
  PID:5848
- C:\Windows\System\SgmsSsK.exe
  C:\Windows\System\SgmsSsK.exe
  2⤵
  PID:5912
- C:\Windows\System\HTjRLlm.exe
  C:\Windows\System\HTjRLlm.exe
  2⤵
  PID:5976
- C:\Windows\System\TKGQVGl.exe
  C:\Windows\System\TKGQVGl.exe
  2⤵
  PID:6044
- C:\Windows\System\yILAcRb.exe
  C:\Windows\System\yILAcRb.exe
  2⤵
  PID:6112
- C:\Windows\System\WPEEIPU.exe
  C:\Windows\System\WPEEIPU.exe
  2⤵
  PID:5180
- C:\Windows\System\EFAWFGS.exe
  C:\Windows\System\EFAWFGS.exe
  2⤵
  PID:5300
- C:\Windows\System\aBDubiS.exe
  C:\Windows\System\aBDubiS.exe
  2⤵
  PID:3884
- C:\Windows\System\hqlOuii.exe
  C:\Windows\System\hqlOuii.exe
  2⤵
  PID:5624
- C:\Windows\System\FdNvUcI.exe
  C:\Windows\System\FdNvUcI.exe
  2⤵
  PID:5800
- C:\Windows\System\QPJxHQU.exe
  C:\Windows\System\QPJxHQU.exe
  2⤵
  PID:5944
- C:\Windows\System\IJOlSlN.exe
  C:\Windows\System\IJOlSlN.exe
  2⤵
  PID:6072
- C:\Windows\System\WiFZqgH.exe
  C:\Windows\System\WiFZqgH.exe
  2⤵
  PID:5384
- C:\Windows\System\FZKfLaK.exe
  C:\Windows\System\FZKfLaK.exe
  2⤵
  PID:5704
- C:\Windows\System\vRXHxlV.exe
  C:\Windows\System\vRXHxlV.exe
  2⤵
  PID:6040
- C:\Windows\System\iBbslEO.exe
  C:\Windows\System\iBbslEO.exe
  2⤵
  PID:5828
- C:\Windows\System\pJdcUqg.exe
  C:\Windows\System\pJdcUqg.exe
  2⤵
  PID:5888
- C:\Windows\System\AksNoVK.exe
  C:\Windows\System\AksNoVK.exe
  2⤵
  PID:6160
- C:\Windows\System\FVdibFl.exe
  C:\Windows\System\FVdibFl.exe
  2⤵
  PID:6188
- C:\Windows\System\xDogObU.exe
  C:\Windows\System\xDogObU.exe
  2⤵
  PID:6216
- C:\Windows\System\eInVlZJ.exe
  C:\Windows\System\eInVlZJ.exe
  2⤵
  PID:6244
- C:\Windows\System\AcOHNdu.exe
  C:\Windows\System\AcOHNdu.exe
  2⤵
  PID:6272
- C:\Windows\System\eoIMAwK.exe
  C:\Windows\System\eoIMAwK.exe
  2⤵
  PID:6304
- C:\Windows\System\NNrrubt.exe
  C:\Windows\System\NNrrubt.exe
  2⤵
  PID:6328
- C:\Windows\System\MLRjucQ.exe
  C:\Windows\System\MLRjucQ.exe
  2⤵
  PID:6344
- C:\Windows\System\RympBQv.exe
  C:\Windows\System\RympBQv.exe
  2⤵
  PID:6360
- C:\Windows\System\KTBKxvz.exe
  C:\Windows\System\KTBKxvz.exe
  2⤵
  PID:6392
- C:\Windows\System\kSjVasf.exe
  C:\Windows\System\kSjVasf.exe
  2⤵
  PID:6432
- C:\Windows\System\bZmZHXQ.exe
  C:\Windows\System\bZmZHXQ.exe
  2⤵
  PID:6472
- C:\Windows\System\bRqjeTF.exe
  C:\Windows\System\bRqjeTF.exe
  2⤵
  PID:6504
- C:\Windows\System\TWmIMQH.exe
  C:\Windows\System\TWmIMQH.exe
  2⤵
  PID:6520
- C:\Windows\System\fWmMJAA.exe
  C:\Windows\System\fWmMJAA.exe
  2⤵
  PID:6548
- C:\Windows\System\xDfIeWY.exe
  C:\Windows\System\xDfIeWY.exe
  2⤵
  PID:6588
- C:\Windows\System\LZqsiHZ.exe
  C:\Windows\System\LZqsiHZ.exe
  2⤵
  PID:6616
- C:\Windows\System\mUhBjax.exe
  C:\Windows\System\mUhBjax.exe
  2⤵
  PID:6652
- C:\Windows\System\liVYRJS.exe
  C:\Windows\System\liVYRJS.exe
  2⤵
  PID:6676
- C:\Windows\System\FEpcMaz.exe
  C:\Windows\System\FEpcMaz.exe
  2⤵
  PID:6704
- C:\Windows\System\JbuTZzl.exe
  C:\Windows\System\JbuTZzl.exe
  2⤵
  PID:6732
- C:\Windows\System\fJMUgNX.exe
  C:\Windows\System\fJMUgNX.exe
  2⤵
  PID:6760
- C:\Windows\System\KCpcRyM.exe
  C:\Windows\System\KCpcRyM.exe
  2⤵
  PID:6788
- C:\Windows\System\kHUeViM.exe
  C:\Windows\System\kHUeViM.exe
  2⤵
  PID:6816
- C:\Windows\System\DZkeqiw.exe
  C:\Windows\System\DZkeqiw.exe
  2⤵
  PID:6848
- C:\Windows\System\WXZfEyv.exe
  C:\Windows\System\WXZfEyv.exe
  2⤵
  PID:6888
- C:\Windows\System\VXNnhbE.exe
  C:\Windows\System\VXNnhbE.exe
  2⤵
  PID:6912
- C:\Windows\System\uOgIxKq.exe
  C:\Windows\System\uOgIxKq.exe
  2⤵
  PID:6944
- C:\Windows\System\aPdJmeg.exe
  C:\Windows\System\aPdJmeg.exe
  2⤵
  PID:6992
- C:\Windows\System\nZMiWQl.exe
  C:\Windows\System\nZMiWQl.exe
  2⤵
  PID:7016
- C:\Windows\System\nhbJXmd.exe
  C:\Windows\System\nhbJXmd.exe
  2⤵
  PID:7060
- C:\Windows\System\HPAwRKN.exe
  C:\Windows\System\HPAwRKN.exe
  2⤵
  PID:7092
- C:\Windows\System\ttKwnan.exe
  C:\Windows\System\ttKwnan.exe
  2⤵
  PID:7120
- C:\Windows\System\sBkIIJL.exe
  C:\Windows\System\sBkIIJL.exe
  2⤵
  PID:7148
- C:\Windows\System\oLhKioU.exe
  C:\Windows\System\oLhKioU.exe
  2⤵
  PID:6156
- C:\Windows\System\eIHbIWP.exe
  C:\Windows\System\eIHbIWP.exe
  2⤵
  PID:6212
- C:\Windows\System\nuPZcZa.exe
  C:\Windows\System\nuPZcZa.exe
  2⤵
  PID:6256
- C:\Windows\System\XmNICIe.exe
  C:\Windows\System\XmNICIe.exe
  2⤵
  PID:6324
- C:\Windows\System\WiiNXID.exe
  C:\Windows\System\WiiNXID.exe
  2⤵
  PID:6424
- C:\Windows\System\JoaaqWg.exe
  C:\Windows\System\JoaaqWg.exe
  2⤵
  PID:6492
- C:\Windows\System\muwTcEK.exe
  C:\Windows\System\muwTcEK.exe
  2⤵
  PID:6560
- C:\Windows\System\gksBReQ.exe
  C:\Windows\System\gksBReQ.exe
  2⤵
  PID:6608
- C:\Windows\System\vVkntBh.exe
  C:\Windows\System\vVkntBh.exe
  2⤵
  PID:6672
- C:\Windows\System\wOHmFGx.exe
  C:\Windows\System\wOHmFGx.exe
  2⤵
  PID:6744
- C:\Windows\System\DyHVSsR.exe
  C:\Windows\System\DyHVSsR.exe
  2⤵
  PID:6808
- C:\Windows\System\okirbGA.exe
  C:\Windows\System\okirbGA.exe
  2⤵
  PID:6904
- C:\Windows\System\sPdlZsm.exe
  C:\Windows\System\sPdlZsm.exe
  2⤵
  PID:6976
- C:\Windows\System\oQVjGbs.exe
  C:\Windows\System\oQVjGbs.exe
  2⤵
  PID:7048
- C:\Windows\System\krsmYkD.exe
  C:\Windows\System\krsmYkD.exe
  2⤵
  PID:7112
- C:\Windows\System\pjfuOuG.exe
  C:\Windows\System\pjfuOuG.exe
  2⤵
  PID:6152
- C:\Windows\System\IimtOzW.exe
  C:\Windows\System\IimtOzW.exe
  2⤵
  PID:6284
- C:\Windows\System\aaSTHUv.exe
  C:\Windows\System\aaSTHUv.exe
  2⤵
  PID:6444
- C:\Windows\System\CuoidWa.exe
  C:\Windows\System\CuoidWa.exe
  2⤵
  PID:6600
- C:\Windows\System\xEYgusm.exe
  C:\Windows\System\xEYgusm.exe
  2⤵
  PID:6728
- C:\Windows\System\CfJHqNT.exe
  C:\Windows\System\CfJHqNT.exe
  2⤵
  PID:6876
- C:\Windows\System\byaYUzA.exe
  C:\Windows\System\byaYUzA.exe
  2⤵
  PID:3600
- C:\Windows\System\JVYBNja.exe
  C:\Windows\System\JVYBNja.exe
  2⤵
  PID:4288
- C:\Windows\System\tNwrXVZ.exe
  C:\Windows\System\tNwrXVZ.exe
  2⤵
  PID:6572
- C:\Windows\System\CGuiuku.exe
  C:\Windows\System\CGuiuku.exe
  2⤵
  PID:7008
- C:\Windows\System\LTdLNiU.exe
  C:\Windows\System\LTdLNiU.exe
  2⤵
  PID:4072
- C:\Windows\System\UaqxLjZ.exe
  C:\Windows\System\UaqxLjZ.exe
  2⤵
  PID:6240
- C:\Windows\System\spthEBv.exe
  C:\Windows\System\spthEBv.exe
  2⤵
  PID:7176
- C:\Windows\System\djCfCsD.exe
  C:\Windows\System\djCfCsD.exe
  2⤵
  PID:7204
- C:\Windows\System\IzotHuw.exe
  C:\Windows\System\IzotHuw.exe
  2⤵
  PID:7232
- C:\Windows\System\aywWanQ.exe
  C:\Windows\System\aywWanQ.exe
  2⤵
  PID:7260
- C:\Windows\System\fnDVTuc.exe
  C:\Windows\System\fnDVTuc.exe
  2⤵
  PID:7288
- C:\Windows\System\PEmmQsb.exe
  C:\Windows\System\PEmmQsb.exe
  2⤵
  PID:7316
- C:\Windows\System\yjlktuw.exe
  C:\Windows\System\yjlktuw.exe
  2⤵
  PID:7344
- C:\Windows\System\xNsQHIv.exe
  C:\Windows\System\xNsQHIv.exe
  2⤵
  PID:7372
- C:\Windows\System\AshyxUU.exe
  C:\Windows\System\AshyxUU.exe
  2⤵
  PID:7400
- C:\Windows\System\lxbvKCw.exe
  C:\Windows\System\lxbvKCw.exe
  2⤵
  PID:7428
- C:\Windows\System\NcbdQVj.exe
  C:\Windows\System\NcbdQVj.exe
  2⤵
  PID:7456
- C:\Windows\System\gQlfKsJ.exe
  C:\Windows\System\gQlfKsJ.exe
  2⤵
  PID:7488
- C:\Windows\System\sQTsMNy.exe
  C:\Windows\System\sQTsMNy.exe
  2⤵
  PID:7516
- C:\Windows\System\poBohHo.exe
  C:\Windows\System\poBohHo.exe
  2⤵
  PID:7548
- C:\Windows\System\wdPumWj.exe
  C:\Windows\System\wdPumWj.exe
  2⤵
  PID:7576
- C:\Windows\System\iqobent.exe
  C:\Windows\System\iqobent.exe
  2⤵
  PID:7604
- C:\Windows\System\CLaIRsg.exe
  C:\Windows\System\CLaIRsg.exe
  2⤵
  PID:7632
- C:\Windows\System\cMwWZyB.exe
  C:\Windows\System\cMwWZyB.exe
  2⤵
  PID:7660
- C:\Windows\System\TNitAqM.exe
  C:\Windows\System\TNitAqM.exe
  2⤵
  PID:7688
- C:\Windows\System\PtUTzpv.exe
  C:\Windows\System\PtUTzpv.exe
  2⤵
  PID:7716
- C:\Windows\System\niCdxGM.exe
  C:\Windows\System\niCdxGM.exe
  2⤵
  PID:7744
- C:\Windows\System\LGjKzzz.exe
  C:\Windows\System\LGjKzzz.exe
  2⤵
  PID:7772
- C:\Windows\System\FGLjUJj.exe
  C:\Windows\System\FGLjUJj.exe
  2⤵
  PID:7804
- C:\Windows\System\gUEhHxK.exe
  C:\Windows\System\gUEhHxK.exe
  2⤵
  PID:7832
- C:\Windows\System\fCcfMZx.exe
  C:\Windows\System\fCcfMZx.exe
  2⤵
  PID:7880
- C:\Windows\System\NmVbUgI.exe
  C:\Windows\System\NmVbUgI.exe
  2⤵
  PID:7908
- C:\Windows\System\CQVAppq.exe
  C:\Windows\System\CQVAppq.exe
  2⤵
  PID:7936
- C:\Windows\System\rYWoVNd.exe
  C:\Windows\System\rYWoVNd.exe
  2⤵
  PID:7964
- C:\Windows\System\oyBGmMk.exe
  C:\Windows\System\oyBGmMk.exe
  2⤵
  PID:7984
- C:\Windows\System\ZtpycUu.exe
  C:\Windows\System\ZtpycUu.exe
  2⤵
  PID:8024
- C:\Windows\System\tgUbOqB.exe
  C:\Windows\System\tgUbOqB.exe
  2⤵
  PID:8064
- C:\Windows\System\vDdQAEs.exe
  C:\Windows\System\vDdQAEs.exe
  2⤵
  PID:8088
- C:\Windows\System\hcUcawP.exe
  C:\Windows\System\hcUcawP.exe
  2⤵
  PID:8140
- C:\Windows\System\YLCkCrc.exe
  C:\Windows\System\YLCkCrc.exe
  2⤵
  PID:8176
- C:\Windows\System\NoOEgis.exe
  C:\Windows\System\NoOEgis.exe
  2⤵
  PID:7224
- C:\Windows\System\alWrMGz.exe
  C:\Windows\System\alWrMGz.exe
  2⤵
  PID:7284
- C:\Windows\System\tsIKEFZ.exe
  C:\Windows\System\tsIKEFZ.exe
  2⤵
  PID:6428
- C:\Windows\System\DHCIRgL.exe
  C:\Windows\System\DHCIRgL.exe
  2⤵
  PID:7452
- C:\Windows\System\DicGZTy.exe
  C:\Windows\System\DicGZTy.exe
  2⤵
  PID:7560
- C:\Windows\System\HprcfHl.exe
  C:\Windows\System\HprcfHl.exe
  2⤵
  PID:7600
- C:\Windows\System\XWLAXDx.exe
  C:\Windows\System\XWLAXDx.exe
  2⤵
  PID:7656
- C:\Windows\System\lkkzXml.exe
  C:\Windows\System\lkkzXml.exe
  2⤵
  PID:7728
- C:\Windows\System\LdkNewH.exe
  C:\Windows\System\LdkNewH.exe
  2⤵
  PID:7824
- C:\Windows\System\JTuETkF.exe
  C:\Windows\System\JTuETkF.exe
  2⤵
  PID:7932
- C:\Windows\System\nhqXVWV.exe
  C:\Windows\System\nhqXVWV.exe
  2⤵
  PID:8060
- C:\Windows\System\etbQcWg.exe
  C:\Windows\System\etbQcWg.exe
  2⤵
  PID:8172
- C:\Windows\System\AvYtPgK.exe
  C:\Windows\System\AvYtPgK.exe
  2⤵
  PID:7336
- C:\Windows\System\MnEJklO.exe
  C:\Windows\System\MnEJklO.exe
  2⤵
  PID:7572
- C:\Windows\System\uLNmpZY.exe
  C:\Windows\System\uLNmpZY.exe
  2⤵
  PID:7684
- C:\Windows\System\iMDMHyc.exe
  C:\Windows\System\iMDMHyc.exe
  2⤵
  PID:7784
- C:\Windows\System\lNWnEac.exe
  C:\Windows\System\lNWnEac.exe
  2⤵
  PID:8008
- C:\Windows\System\Ojrezpr.exe
  C:\Windows\System\Ojrezpr.exe
  2⤵
  PID:7508
- C:\Windows\System\demVhRs.exe
  C:\Windows\System\demVhRs.exe
  2⤵
  PID:7920
- C:\Windows\System\GhTahpO.exe
  C:\Windows\System\GhTahpO.exe
  2⤵
  PID:7628
- C:\Windows\System\uLTJDuH.exe
  C:\Windows\System\uLTJDuH.exe
  2⤵
  PID:8220
- C:\Windows\System\ZSYKoud.exe
  C:\Windows\System\ZSYKoud.exe
  2⤵
  PID:8248
- C:\Windows\System\ISZxJfN.exe
  C:\Windows\System\ISZxJfN.exe
  2⤵
  PID:8280
- C:\Windows\System\LCjpmeJ.exe
  C:\Windows\System\LCjpmeJ.exe
  2⤵
  PID:8308
- C:\Windows\System\LvSObbW.exe
  C:\Windows\System\LvSObbW.exe
  2⤵
  PID:8344
- C:\Windows\System\aLdXeJv.exe
  C:\Windows\System\aLdXeJv.exe
  2⤵
  PID:8392
- C:\Windows\System\MILjnHH.exe
  C:\Windows\System\MILjnHH.exe
  2⤵
  PID:8412
- C:\Windows\System\pIHnBfK.exe
  C:\Windows\System\pIHnBfK.exe
  2⤵
  PID:8440
- C:\Windows\System\piuHSgE.exe
  C:\Windows\System\piuHSgE.exe
  2⤵
  PID:8468
- C:\Windows\System\TiyATat.exe
  C:\Windows\System\TiyATat.exe
  2⤵
  PID:8496
- C:\Windows\System\OzpPZNB.exe
  C:\Windows\System\OzpPZNB.exe
  2⤵
  PID:8524
- C:\Windows\System\bZQLEaP.exe
  C:\Windows\System\bZQLEaP.exe
  2⤵
  PID:8552
- C:\Windows\System\axAUiJO.exe
  C:\Windows\System\axAUiJO.exe
  2⤵
  PID:8580
- C:\Windows\System\MCVbSeX.exe
  C:\Windows\System\MCVbSeX.exe
  2⤵
  PID:8612
- C:\Windows\System\oFAiXNt.exe
  C:\Windows\System\oFAiXNt.exe
  2⤵
  PID:8640
- C:\Windows\System\hkhsRlK.exe
  C:\Windows\System\hkhsRlK.exe
  2⤵
  PID:8668
- C:\Windows\System\TMwDnbj.exe
  C:\Windows\System\TMwDnbj.exe
  2⤵
  PID:8696
- C:\Windows\System\QuymLpV.exe
  C:\Windows\System\QuymLpV.exe
  2⤵
  PID:8724
- C:\Windows\System\uxvfZsd.exe
  C:\Windows\System\uxvfZsd.exe
  2⤵
  PID:8752
- C:\Windows\System\DynrXEJ.exe
  C:\Windows\System\DynrXEJ.exe
  2⤵
  PID:8780
- C:\Windows\System\cGVlPhP.exe
  C:\Windows\System\cGVlPhP.exe
  2⤵
  PID:8808
- C:\Windows\System\kIyPKcQ.exe
  C:\Windows\System\kIyPKcQ.exe
  2⤵
  PID:8836
- C:\Windows\System\lGNyOZU.exe
  C:\Windows\System\lGNyOZU.exe
  2⤵
  PID:8864
- C:\Windows\System\ComPeuE.exe
  C:\Windows\System\ComPeuE.exe
  2⤵
  PID:8896
- C:\Windows\System\iYSWsWa.exe
  C:\Windows\System\iYSWsWa.exe
  2⤵
  PID:8920
- C:\Windows\System\EEdXKqD.exe
  C:\Windows\System\EEdXKqD.exe
  2⤵
  PID:8948
- C:\Windows\System\FSYWgvx.exe
  C:\Windows\System\FSYWgvx.exe
  2⤵
  PID:8976
- C:\Windows\System\ztSpEhI.exe
  C:\Windows\System\ztSpEhI.exe
  2⤵
  PID:9004
- C:\Windows\System\cflgCDT.exe
  C:\Windows\System\cflgCDT.exe
  2⤵
  PID:9024
- C:\Windows\System\TahaGLd.exe
  C:\Windows\System\TahaGLd.exe
  2⤵
  PID:9060
- C:\Windows\System\qYfaNDN.exe
  C:\Windows\System\qYfaNDN.exe
  2⤵
  PID:9088
- C:\Windows\System\pQPOABv.exe
  C:\Windows\System\pQPOABv.exe
  2⤵
  PID:9116
- C:\Windows\System\ZOioiLz.exe
  C:\Windows\System\ZOioiLz.exe
  2⤵
  PID:9144
- C:\Windows\System\vyGTOxM.exe
  C:\Windows\System\vyGTOxM.exe
  2⤵
  PID:9172
- C:\Windows\System\ElyWfyi.exe
  C:\Windows\System\ElyWfyi.exe
  2⤵
  PID:9200
- C:\Windows\System\FfVoQkB.exe
  C:\Windows\System\FfVoQkB.exe
  2⤵
  PID:8240
- C:\Windows\System\sYOvKSB.exe
  C:\Windows\System\sYOvKSB.exe
  2⤵
  PID:8376
- C:\Windows\System\wdNijYH.exe
  C:\Windows\System\wdNijYH.exe
  2⤵
  PID:8432
- C:\Windows\System\FALSdIb.exe
  C:\Windows\System\FALSdIb.exe
  2⤵
  PID:8488
- C:\Windows\System\mFDNvJR.exe
  C:\Windows\System\mFDNvJR.exe
  2⤵
  PID:8544
- C:\Windows\System\hsmxGmf.exe
  C:\Windows\System\hsmxGmf.exe
  2⤵
  PID:8608
- C:\Windows\System\DkxrnJY.exe
  C:\Windows\System\DkxrnJY.exe
  2⤵
  PID:8688
- C:\Windows\System\wxzNloB.exe
  C:\Windows\System\wxzNloB.exe
  2⤵
  PID:8740
- C:\Windows\System\flkUSig.exe
  C:\Windows\System\flkUSig.exe
  2⤵
  PID:8832
- C:\Windows\System\XsXxgYF.exe
  C:\Windows\System\XsXxgYF.exe
  2⤵
  PID:8876
- C:\Windows\System\iKgBgPH.exe
  C:\Windows\System\iKgBgPH.exe
  2⤵
  PID:8936
- C:\Windows\System\BEPdhTQ.exe
  C:\Windows\System\BEPdhTQ.exe
  2⤵
  PID:8996
- C:\Windows\System\SGwVzda.exe
  C:\Windows\System\SGwVzda.exe
  2⤵
  PID:9044
- C:\Windows\System\gamIJlF.exe
  C:\Windows\System\gamIJlF.exe
  2⤵
  PID:9128
- C:\Windows\System\ZEmFLnm.exe
  C:\Windows\System\ZEmFLnm.exe
  2⤵
  PID:9164
- C:\Windows\System\DEOGCtI.exe
  C:\Windows\System\DEOGCtI.exe
  2⤵
  PID:9196
- C:\Windows\System\rbpGATJ.exe
  C:\Windows\System\rbpGATJ.exe
  2⤵
  PID:8320
- C:\Windows\System\YDlNUYo.exe
  C:\Windows\System\YDlNUYo.exe
  2⤵
  PID:8516
- C:\Windows\System\RiWwwgP.exe
  C:\Windows\System\RiWwwgP.exe
  2⤵
  PID:8744
- C:\Windows\System\yzQWafv.exe
  C:\Windows\System\yzQWafv.exe
  2⤵
  PID:8912
- C:\Windows\System\VigJIvO.exe
  C:\Windows\System\VigJIvO.exe
  2⤵
  PID:9108
- C:\Windows\System\oHEfAKi.exe
  C:\Windows\System\oHEfAKi.exe
  2⤵
  PID:8260
- C:\Windows\System\ftJiThE.exe
  C:\Windows\System\ftJiThE.exe
  2⤵
  PID:8664
- C:\Windows\System\mVmQBZh.exe
  C:\Windows\System\mVmQBZh.exe
  2⤵
  PID:9048
- C:\Windows\System\XKAHRvQ.exe
  C:\Windows\System\XKAHRvQ.exe
  2⤵
  PID:8604
- C:\Windows\System\ZhvQSmt.exe
  C:\Windows\System\ZhvQSmt.exe
  2⤵
  PID:8464
- C:\Windows\System\ZKBiqBX.exe
  C:\Windows\System\ZKBiqBX.exe
  2⤵
  PID:9232
- C:\Windows\System\MOpwZaE.exe
  C:\Windows\System\MOpwZaE.exe
  2⤵
  PID:9260
- C:\Windows\System\QqdOzDa.exe
  C:\Windows\System\QqdOzDa.exe
  2⤵
  PID:9288
- C:\Windows\System\aWJuncH.exe
  C:\Windows\System\aWJuncH.exe
  2⤵
  PID:9316
- C:\Windows\System\etfXjJH.exe
  C:\Windows\System\etfXjJH.exe
  2⤵
  PID:9344
- C:\Windows\System\DyAtftX.exe
  C:\Windows\System\DyAtftX.exe
  2⤵
  PID:9372
- C:\Windows\System\blMMqRB.exe
  C:\Windows\System\blMMqRB.exe
  2⤵
  PID:9400
- C:\Windows\System\FQHWvRD.exe
  C:\Windows\System\FQHWvRD.exe
  2⤵
  PID:9428
- C:\Windows\System\TuLcpIU.exe
  C:\Windows\System\TuLcpIU.exe
  2⤵
  PID:9456
- C:\Windows\System\KKWHccK.exe
  C:\Windows\System\KKWHccK.exe
  2⤵
  PID:9472
- C:\Windows\System\tBRfiGW.exe
  C:\Windows\System\tBRfiGW.exe
  2⤵
  PID:9512
- C:\Windows\System\PfRnJGR.exe
  C:\Windows\System\PfRnJGR.exe
  2⤵
  PID:9540
- C:\Windows\System\obeJALD.exe
  C:\Windows\System\obeJALD.exe
  2⤵
  PID:9568
- C:\Windows\System\JbGMNiW.exe
  C:\Windows\System\JbGMNiW.exe
  2⤵
  PID:9600
- C:\Windows\System\XEegSKU.exe
  C:\Windows\System\XEegSKU.exe
  2⤵
  PID:9624
- C:\Windows\System\LEnbKeZ.exe
  C:\Windows\System\LEnbKeZ.exe
  2⤵
  PID:9652
- C:\Windows\System\DIDiBMw.exe
  C:\Windows\System\DIDiBMw.exe
  2⤵
  PID:9680
- C:\Windows\System\kupQMrf.exe
  C:\Windows\System\kupQMrf.exe
  2⤵
  PID:9708
- C:\Windows\System\hVeMAKh.exe
  C:\Windows\System\hVeMAKh.exe
  2⤵
  PID:9736
- C:\Windows\System\RzBVsoV.exe
  C:\Windows\System\RzBVsoV.exe
  2⤵
  PID:9764
- C:\Windows\System\erPJrpM.exe
  C:\Windows\System\erPJrpM.exe
  2⤵
  PID:9792
- C:\Windows\System\OEUSUJl.exe
  C:\Windows\System\OEUSUJl.exe
  2⤵
  PID:9820
- C:\Windows\System\gvaAsoc.exe
  C:\Windows\System\gvaAsoc.exe
  2⤵
  PID:9848
- C:\Windows\System\asSSbWh.exe
  C:\Windows\System\asSSbWh.exe
  2⤵
  PID:9876
- C:\Windows\System\pGdDgEC.exe
  C:\Windows\System\pGdDgEC.exe
  2⤵
  PID:9904
- C:\Windows\System\BwrqGAL.exe
  C:\Windows\System\BwrqGAL.exe
  2⤵
  PID:9932
- C:\Windows\System\bjbNGFY.exe
  C:\Windows\System\bjbNGFY.exe
  2⤵
  PID:9960
- C:\Windows\System\dwSmgig.exe
  C:\Windows\System\dwSmgig.exe
  2⤵
  PID:9988
- C:\Windows\System\heGYvLW.exe
  C:\Windows\System\heGYvLW.exe
  2⤵
  PID:10016
- C:\Windows\System\lmQgdup.exe
  C:\Windows\System\lmQgdup.exe
  2⤵
  PID:10044
- C:\Windows\System\pybCdns.exe
  C:\Windows\System\pybCdns.exe
  2⤵
  PID:10072
- C:\Windows\System\DekoNby.exe
  C:\Windows\System\DekoNby.exe
  2⤵
  PID:10100
- C:\Windows\System\cSDLDab.exe
  C:\Windows\System\cSDLDab.exe
  2⤵
  PID:10120
- C:\Windows\System\lCkkNXw.exe
  C:\Windows\System\lCkkNXw.exe
  2⤵
  PID:10160
- C:\Windows\System\HkEtTrb.exe
  C:\Windows\System\HkEtTrb.exe
  2⤵
  PID:10188
- C:\Windows\System\WvIpWZm.exe
  C:\Windows\System\WvIpWZm.exe
  2⤵
  PID:10216
- C:\Windows\System\jjIeJXk.exe
  C:\Windows\System\jjIeJXk.exe
  2⤵
  PID:9224
- C:\Windows\System\diSwECe.exe
  C:\Windows\System\diSwECe.exe
  2⤵
  PID:9284
- C:\Windows\System\pcAJoan.exe
  C:\Windows\System\pcAJoan.exe
  2⤵
  PID:9356
- C:\Windows\System\fNOPYhb.exe
  C:\Windows\System\fNOPYhb.exe
  2⤵
  PID:9440
- C:\Windows\System\OMuiDzT.exe
  C:\Windows\System\OMuiDzT.exe
  2⤵
  PID:9500
- C:\Windows\System\UjGHZeo.exe
  C:\Windows\System\UjGHZeo.exe
  2⤵
  PID:9564
- C:\Windows\System\oXKKLiD.exe
  C:\Windows\System\oXKKLiD.exe
  2⤵
  PID:9672
- C:\Windows\System\iSWOhaN.exe
  C:\Windows\System\iSWOhaN.exe
  2⤵
  PID:9748
- C:\Windows\System\pQNAOXD.exe
  C:\Windows\System\pQNAOXD.exe
  2⤵
  PID:9816
- C:\Windows\System\LJTiSJy.exe
  C:\Windows\System\LJTiSJy.exe
  2⤵
  PID:9896
- C:\Windows\System\lEuirLK.exe
  C:\Windows\System\lEuirLK.exe
  2⤵
  PID:9956
- C:\Windows\System\HdgvkIb.exe
  C:\Windows\System\HdgvkIb.exe
  2⤵
  PID:10028
- C:\Windows\System\ERLGKbD.exe
  C:\Windows\System\ERLGKbD.exe
  2⤵
  PID:10096
- C:\Windows\System\sMmGigt.exe
  C:\Windows\System\sMmGigt.exe
  2⤵
  PID:10144
- C:\Windows\System\SurtAiN.exe
  C:\Windows\System\SurtAiN.exe
  2⤵
  PID:10228
- C:\Windows\System\eMWRQyT.exe
  C:\Windows\System\eMWRQyT.exe
  2⤵
  PID:9312
- C:\Windows\System\PUVyzqI.exe
  C:\Windows\System\PUVyzqI.exe
  2⤵
  PID:9552
- C:\Windows\System\lhTEUQq.exe
  C:\Windows\System\lhTEUQq.exe
  2⤵
  PID:9732
- C:\Windows\System\XWaOayu.exe
  C:\Windows\System\XWaOayu.exe
  2⤵
  PID:9924
- C:\Windows\System\oROTOrD.exe
  C:\Windows\System\oROTOrD.exe
  2⤵
  PID:10084
- C:\Windows\System\SETnkXN.exe
  C:\Windows\System\SETnkXN.exe
  2⤵
  PID:9252
- C:\Windows\System\jgOKUnj.exe
  C:\Windows\System\jgOKUnj.exe
  2⤵
  PID:9720
- C:\Windows\System\ZWzQgUk.exe
  C:\Windows\System\ZWzQgUk.exe
  2⤵
  PID:10208
- C:\Windows\System\FlxMHoq.exe
  C:\Windows\System\FlxMHoq.exe
  2⤵
  PID:10056
- C:\Windows\System\VKyMOrU.exe
  C:\Windows\System\VKyMOrU.exe
  2⤵
  PID:10248
- C:\Windows\System\uJNdMEt.exe
  C:\Windows\System\uJNdMEt.exe
  2⤵
  PID:10276
- C:\Windows\System\SvxQQuB.exe
  C:\Windows\System\SvxQQuB.exe
  2⤵
  PID:10304
- C:\Windows\System\EScjGhr.exe
  C:\Windows\System\EScjGhr.exe
  2⤵
  PID:10332
- C:\Windows\System\FvAlqii.exe
  C:\Windows\System\FvAlqii.exe
  2⤵
  PID:10364
- C:\Windows\System\tisduxR.exe
  C:\Windows\System\tisduxR.exe
  2⤵
  PID:10392
- C:\Windows\System\bBpFHZJ.exe
  C:\Windows\System\bBpFHZJ.exe
  2⤵
  PID:10420
- C:\Windows\System\gmFCViG.exe
  C:\Windows\System\gmFCViG.exe
  2⤵
  PID:10448
- C:\Windows\System\SQvZySi.exe
  C:\Windows\System\SQvZySi.exe
  2⤵
  PID:10480
- C:\Windows\System\usYZgwS.exe
  C:\Windows\System\usYZgwS.exe
  2⤵
  PID:10508
- C:\Windows\System\uTRYLOj.exe
  C:\Windows\System\uTRYLOj.exe
  2⤵
  PID:10524
- C:\Windows\System\SlzbXdF.exe
  C:\Windows\System\SlzbXdF.exe
  2⤵
  PID:10560
- C:\Windows\System\hwXQmvF.exe
  C:\Windows\System\hwXQmvF.exe
  2⤵
  PID:10592
- C:\Windows\System\PpYpCro.exe
  C:\Windows\System\PpYpCro.exe
  2⤵
  PID:10620
- C:\Windows\System\JJlGONe.exe
  C:\Windows\System\JJlGONe.exe
  2⤵
  PID:10652
- C:\Windows\System\COtWzQV.exe
  C:\Windows\System\COtWzQV.exe
  2⤵
  PID:10680
- C:\Windows\System\jsySlPq.exe
  C:\Windows\System\jsySlPq.exe
  2⤵
  PID:10716
- C:\Windows\System\wGdAcOX.exe
  C:\Windows\System\wGdAcOX.exe
  2⤵
  PID:10756
- C:\Windows\System\iGYKlFy.exe
  C:\Windows\System\iGYKlFy.exe
  2⤵
  PID:10796
- C:\Windows\System\enJEWGW.exe
  C:\Windows\System\enJEWGW.exe
  2⤵
  PID:10828
- C:\Windows\System\vxExXPS.exe
  C:\Windows\System\vxExXPS.exe
  2⤵
  PID:10856
- C:\Windows\System\CENfiST.exe
  C:\Windows\System\CENfiST.exe
  2⤵
  PID:10884
- C:\Windows\System\BFsIvjc.exe
  C:\Windows\System\BFsIvjc.exe
  2⤵
  PID:10912
- C:\Windows\System\vtASUSv.exe
  C:\Windows\System\vtASUSv.exe
  2⤵
  PID:10940
- C:\Windows\System\vNwdkeO.exe
  C:\Windows\System\vNwdkeO.exe
  2⤵
  PID:10968
- C:\Windows\System\RWBypKa.exe
  C:\Windows\System\RWBypKa.exe
  2⤵
  PID:10996
- C:\Windows\System\owxfWGQ.exe
  C:\Windows\System\owxfWGQ.exe
  2⤵
  PID:11024
- C:\Windows\System\ruvYHWl.exe
  C:\Windows\System\ruvYHWl.exe
  2⤵
  PID:11052
- C:\Windows\System\aTROyzv.exe
  C:\Windows\System\aTROyzv.exe
  2⤵
  PID:11092
- C:\Windows\System\PdwfSwA.exe
  C:\Windows\System\PdwfSwA.exe
  2⤵
  PID:11112
- C:\Windows\System\SjbSBgo.exe
  C:\Windows\System\SjbSBgo.exe
  2⤵
  PID:11140
- C:\Windows\System\YfUgCry.exe
  C:\Windows\System\YfUgCry.exe
  2⤵
  PID:11168
- C:\Windows\System\YbWzweW.exe
  C:\Windows\System\YbWzweW.exe
  2⤵
  PID:11196
- C:\Windows\System\huJEmuh.exe
  C:\Windows\System\huJEmuh.exe
  2⤵
  PID:11220
- C:\Windows\System\ugrrCju.exe
  C:\Windows\System\ugrrCju.exe
  2⤵
  PID:11256
- C:\Windows\System\htbtdAc.exe
  C:\Windows\System\htbtdAc.exe
  2⤵
  PID:10288
- C:\Windows\System\OATzrVA.exe
  C:\Windows\System\OATzrVA.exe
  2⤵
  PID:10384
- C:\Windows\System\ZsxHyNU.exe
  C:\Windows\System\ZsxHyNU.exe
  2⤵
  PID:10444
- C:\Windows\System\ySzENNi.exe
  C:\Windows\System\ySzENNi.exe
  2⤵
  PID:10504
- C:\Windows\System\DvGtiQt.exe
  C:\Windows\System\DvGtiQt.exe
  2⤵
  PID:10580
- C:\Windows\System\HFVHpOG.exe
  C:\Windows\System\HFVHpOG.exe
  2⤵
  PID:10672
- C:\Windows\System\jdjZgHW.exe
  C:\Windows\System\jdjZgHW.exe
  2⤵
  PID:10768
- C:\Windows\System\nIzkteY.exe
  C:\Windows\System\nIzkteY.exe
  2⤵
  PID:10840
- C:\Windows\System\OixhLqO.exe
  C:\Windows\System\OixhLqO.exe
  2⤵
  PID:10904
- C:\Windows\System\YMpaiSA.exe
  C:\Windows\System\YMpaiSA.exe
  2⤵
  PID:10964
- C:\Windows\System\WOEBdyS.exe
  C:\Windows\System\WOEBdyS.exe
  2⤵
  PID:11016
- C:\Windows\System\CLjPDDk.exe
  C:\Windows\System\CLjPDDk.exe
  2⤵
  PID:11104
- C:\Windows\System\vTzmrqv.exe
  C:\Windows\System\vTzmrqv.exe
  2⤵
  PID:11164
- C:\Windows\System\etcuJvv.exe
  C:\Windows\System\etcuJvv.exe
  2⤵
  PID:11204
- C:\Windows\System\SDNRWNj.exe
  C:\Windows\System\SDNRWNj.exe
  2⤵
  PID:10268
- C:\Windows\System\dfMtAvx.exe
  C:\Windows\System\dfMtAvx.exe
  2⤵
  PID:10472
- C:\Windows\System\JhMqhaH.exe
  C:\Windows\System\JhMqhaH.exe
  2⤵
  PID:10664
- C:\Windows\System\KjIiLUW.exe
  C:\Windows\System\KjIiLUW.exe
  2⤵
  PID:10820
- C:\Windows\System\CMgzIaE.exe
  C:\Windows\System\CMgzIaE.exe
  2⤵
  PID:10960
- C:\Windows\System\uddtwfz.exe
  C:\Windows\System\uddtwfz.exe
  2⤵
  PID:11132
- C:\Windows\System\plnehIp.exe
  C:\Windows\System\plnehIp.exe
  2⤵
  PID:11240
- C:\Windows\System\HjolkaY.exe
  C:\Windows\System\HjolkaY.exe
  2⤵
  PID:10568
- C:\Windows\System\fAmYMbM.exe
  C:\Windows\System\fAmYMbM.exe
  2⤵
  PID:11064
- C:\Windows\System\SFPjkHJ.exe
  C:\Windows\System\SFPjkHJ.exe
  2⤵
  PID:10952
- C:\Windows\System\GfPWwYn.exe
  C:\Windows\System\GfPWwYn.exe
  2⤵
  PID:11268
- C:\Windows\System\HnOKakO.exe
  C:\Windows\System\HnOKakO.exe
  2⤵
  PID:11300
- C:\Windows\System\SWzsqcp.exe
  C:\Windows\System\SWzsqcp.exe
  2⤵
  PID:11324
- C:\Windows\System\uMjWOWJ.exe
  C:\Windows\System\uMjWOWJ.exe
  2⤵
  PID:11348
- C:\Windows\System\akkIpqK.exe
  C:\Windows\System\akkIpqK.exe
  2⤵
  PID:11376
- C:\Windows\System\KgCniPJ.exe
  C:\Windows\System\KgCniPJ.exe
  2⤵
  PID:11404
- C:\Windows\System\LHxdigt.exe
  C:\Windows\System\LHxdigt.exe
  2⤵
  PID:11432
- C:\Windows\System\odGegyw.exe
  C:\Windows\System\odGegyw.exe
  2⤵
  PID:11468
- C:\Windows\System\NCsueho.exe
  C:\Windows\System\NCsueho.exe
  2⤵
  PID:11492
- C:\Windows\System\FicbSXR.exe
  C:\Windows\System\FicbSXR.exe
  2⤵
  PID:11516
- C:\Windows\System\deCLDyk.exe
  C:\Windows\System\deCLDyk.exe
  2⤵
  PID:11552
- C:\Windows\System\COfrOTN.exe
  C:\Windows\System\COfrOTN.exe
  2⤵
  PID:11572
- C:\Windows\System\xFDVVlt.exe
  C:\Windows\System\xFDVVlt.exe
  2⤵
  PID:11600
- C:\Windows\System\xEdgqFO.exe
  C:\Windows\System\xEdgqFO.exe
  2⤵
  PID:11628
- C:\Windows\System\yweDfHo.exe
  C:\Windows\System\yweDfHo.exe
  2⤵
  PID:11644
- C:\Windows\System\YCaqYCS.exe
  C:\Windows\System\YCaqYCS.exe
  2⤵
  PID:11672
- C:\Windows\System\ClWlgoh.exe
  C:\Windows\System\ClWlgoh.exe
  2⤵
  PID:11712
- C:\Windows\System\TEUbaCh.exe
  C:\Windows\System\TEUbaCh.exe
  2⤵
  PID:11728
- C:\Windows\System\SsSXRlH.exe
  C:\Windows\System\SsSXRlH.exe
  2⤵
  PID:11760
- C:\Windows\System\tKPlhId.exe
  C:\Windows\System\tKPlhId.exe
  2⤵
  PID:11788
- C:\Windows\System\CUoEsXk.exe
  C:\Windows\System\CUoEsXk.exe
  2⤵
  PID:11812
- C:\Windows\System\psxpPwf.exe
  C:\Windows\System\psxpPwf.exe
  2⤵
  PID:11844
- C:\Windows\System\ILNfBbA.exe
  C:\Windows\System\ILNfBbA.exe
  2⤵
  PID:11868
- C:\Windows\System\EVBiNFq.exe
  C:\Windows\System\EVBiNFq.exe
  2⤵
  PID:11896
- C:\Windows\System\kdcqXHp.exe
  C:\Windows\System\kdcqXHp.exe
  2⤵
  PID:11928
- C:\Windows\System\LHFKfyz.exe
  C:\Windows\System\LHFKfyz.exe
  2⤵
  PID:11948
- C:\Windows\System\rzWHEQs.exe
  C:\Windows\System\rzWHEQs.exe
  2⤵
  PID:11968
- C:\Windows\System\NLVjbsS.exe
  C:\Windows\System\NLVjbsS.exe
  2⤵
  PID:11992
- C:\Windows\System\uogWqTt.exe
  C:\Windows\System\uogWqTt.exe
  2⤵
  PID:12036
- C:\Windows\System\aaRLpKF.exe
  C:\Windows\System\aaRLpKF.exe
  2⤵
  PID:12052
- C:\Windows\System\tqZgpfh.exe
  C:\Windows\System\tqZgpfh.exe
  2⤵
  PID:12080
- C:\Windows\System\iNoCFSx.exe
  C:\Windows\System\iNoCFSx.exe
  2⤵
  PID:12104
- C:\Windows\System\XoHTsYi.exe
  C:\Windows\System\XoHTsYi.exe
  2⤵
  PID:12148
- C:\Windows\System\zdHLVsh.exe
  C:\Windows\System\zdHLVsh.exe
  2⤵
  PID:12164
- C:\Windows\System\cDRFKTa.exe
  C:\Windows\System\cDRFKTa.exe
  2⤵
  PID:12200
- C:\Windows\System\VuQqmEX.exe
  C:\Windows\System\VuQqmEX.exe
  2⤵
  PID:12240
- C:\Windows\System\gAEiYDj.exe
  C:\Windows\System\gAEiYDj.exe
  2⤵
  PID:12260
- C:\Windows\System\SFCbyHZ.exe
  C:\Windows\System\SFCbyHZ.exe
  2⤵
  PID:11244
- C:\Windows\System\jLsQtNN.exe
  C:\Windows\System\jLsQtNN.exe
  2⤵
  PID:11332
- C:\Windows\System\xCcawlu.exe
  C:\Windows\System\xCcawlu.exe
  2⤵
  PID:11416
- C:\Windows\System\GbhLZML.exe
  C:\Windows\System\GbhLZML.exe
  2⤵
  PID:11500
- C:\Windows\System\NUkjasd.exe
  C:\Windows\System\NUkjasd.exe
  2⤵
  PID:11564
- C:\Windows\System\tWRAzOS.exe
  C:\Windows\System\tWRAzOS.exe
  2⤵
  PID:11588
- C:\Windows\System\iikqRvN.exe
  C:\Windows\System\iikqRvN.exe
  2⤵
  PID:11708
- C:\Windows\System\GVzrsWc.exe
  C:\Windows\System\GVzrsWc.exe
  2⤵
  PID:11752
- C:\Windows\System\lipVKpx.exe
  C:\Windows\System\lipVKpx.exe
  2⤵
  PID:11832
- C:\Windows\System\VOeBiYy.exe
  C:\Windows\System\VOeBiYy.exe
  2⤵
  PID:11852
- C:\Windows\System\UtekrBC.exe
  C:\Windows\System\UtekrBC.exe
  2⤵
  PID:11956
- C:\Windows\System\TLRzGGG.exe
  C:\Windows\System\TLRzGGG.exe
  2⤵
  PID:12012
- C:\Windows\System\TwVYjxk.exe
  C:\Windows\System\TwVYjxk.exe
  2⤵
  PID:12020
- C:\Windows\System\PkucSMW.exe
  C:\Windows\System\PkucSMW.exe
  2⤵
  PID:12092
- C:\Windows\System\CRtfFER.exe
  C:\Windows\System\CRtfFER.exe
  2⤵
  PID:12188
- C:\Windows\System\VtuGjqE.exe
  C:\Windows\System\VtuGjqE.exe
  2⤵
  PID:12224
- C:\Windows\System\JKzVeCJ.exe
  C:\Windows\System\JKzVeCJ.exe
  2⤵
  PID:11288
- C:\Windows\System\uuwIRCz.exe
  C:\Windows\System\uuwIRCz.exe
  2⤵
  PID:11444
- C:\Windows\System\MNZlagG.exe
  C:\Windows\System\MNZlagG.exe
  2⤵
  PID:11584
- C:\Windows\System\ueEHajR.exe
  C:\Windows\System\ueEHajR.exe
  2⤵
  PID:11744
- C:\Windows\System\YCbynFd.exe
  C:\Windows\System\YCbynFd.exe
  2⤵
  PID:11856
- C:\Windows\System\mgKufTM.exe
  C:\Windows\System\mgKufTM.exe
  2⤵
  PID:12048
- C:\Windows\System\TaQnGUd.exe
  C:\Windows\System\TaQnGUd.exe
  2⤵
  PID:12276
- C:\Windows\System\ELqZYdf.exe
  C:\Windows\System\ELqZYdf.exe
  2⤵
  PID:11504
- C:\Windows\System\VPrtmJK.exe
  C:\Windows\System\VPrtmJK.exe
  2⤵
  PID:11980
- C:\Windows\System\JwmUgmi.exe
  C:\Windows\System\JwmUgmi.exe
  2⤵
  PID:12156
- C:\Windows\System\TgUtjuR.exe
  C:\Windows\System\TgUtjuR.exe
  2⤵
  PID:12136
- C:\Windows\System\DBPBPCF.exe
  C:\Windows\System\DBPBPCF.exe
  2⤵
  PID:11340
- C:\Windows\System\pVHDfgX.exe
  C:\Windows\System\pVHDfgX.exe
  2⤵
  PID:12316
- C:\Windows\System\MIzOlYs.exe
  C:\Windows\System\MIzOlYs.exe
  2⤵
  PID:12344
- C:\Windows\System\bPFIrLi.exe
  C:\Windows\System\bPFIrLi.exe
  2⤵
  PID:12376
- C:\Windows\System\kaAfutN.exe
  C:\Windows\System\kaAfutN.exe
  2⤵
  PID:12396
- C:\Windows\System\hemXSxl.exe
  C:\Windows\System\hemXSxl.exe
  2⤵
  PID:12416
- C:\Windows\System\gQuBCDQ.exe
  C:\Windows\System\gQuBCDQ.exe
  2⤵
  PID:12444
- C:\Windows\System\tzmdkJc.exe
  C:\Windows\System\tzmdkJc.exe
  2⤵
  PID:12480
- C:\Windows\System\tbcTmoq.exe
  C:\Windows\System\tbcTmoq.exe
  2⤵
  PID:12512
- C:\Windows\System\KzuUMsI.exe
  C:\Windows\System\KzuUMsI.exe
  2⤵
  PID:12552
- C:\Windows\System\QyMiUxR.exe
  C:\Windows\System\QyMiUxR.exe
  2⤵
  PID:12568
- C:\Windows\System\iSqkERP.exe
  C:\Windows\System\iSqkERP.exe
  2⤵
  PID:12588
- C:\Windows\System\YCKXdgP.exe
  C:\Windows\System\YCKXdgP.exe
  2⤵
  PID:12604
- C:\Windows\System\GkEgbqM.exe
  C:\Windows\System\GkEgbqM.exe
  2⤵
  PID:12632
- C:\Windows\System\HHulpep.exe
  C:\Windows\System\HHulpep.exe
  2⤵
  PID:12652
- C:\Windows\System\AxmsOHj.exe
  C:\Windows\System\AxmsOHj.exe
  2⤵
  PID:12692
- C:\Windows\System\JjJUJAm.exe
  C:\Windows\System\JjJUJAm.exe
  2⤵
  PID:12724
- C:\Windows\System\SqzRtmN.exe
  C:\Windows\System\SqzRtmN.exe
  2⤵
  PID:12752
- C:\Windows\System\cfgTUoX.exe
  C:\Windows\System\cfgTUoX.exe
  2⤵
  PID:12776
- C:\Windows\System\ftyuuoM.exe
  C:\Windows\System\ftyuuoM.exe
  2⤵
  PID:12824
- C:\Windows\System\ODrZblv.exe
  C:\Windows\System\ODrZblv.exe
  2⤵
  PID:12860
- C:\Windows\System\qBPUGQx.exe
  C:\Windows\System\qBPUGQx.exe
  2⤵
  PID:12880
- C:\Windows\System\tRUxhIA.exe
  C:\Windows\System\tRUxhIA.exe
  2⤵
  PID:12916
- C:\Windows\System\kkvqZAE.exe
  C:\Windows\System\kkvqZAE.exe
  2⤵
  PID:12948
- C:\Windows\System\NAhVxWG.exe
  C:\Windows\System\NAhVxWG.exe
  2⤵
  PID:12976
- C:\Windows\System\AMhLShz.exe
  C:\Windows\System\AMhLShz.exe
  2⤵
  PID:13000
- C:\Windows\System\KZRALQH.exe
  C:\Windows\System\KZRALQH.exe
  2⤵
  PID:13020
- C:\Windows\System\ybSxrBg.exe
  C:\Windows\System\ybSxrBg.exe
  2⤵
  PID:13040
- C:\Windows\System\SWWBXZe.exe
  C:\Windows\System\SWWBXZe.exe
  2⤵
  PID:13060
- C:\Windows\System\YgJBnvB.exe
  C:\Windows\System\YgJBnvB.exe
  2⤵
  PID:13080
- C:\Windows\System\CvSlYwd.exe
  C:\Windows\System\CvSlYwd.exe
  2⤵
  PID:13124
- C:\Windows\System\bqyrkEg.exe
  C:\Windows\System\bqyrkEg.exe
  2⤵
  PID:13156
- C:\Windows\System\tWPciwR.exe
  C:\Windows\System\tWPciwR.exe
  2⤵
  PID:13192
- C:\Windows\System\auGsEsJ.exe
  C:\Windows\System\auGsEsJ.exe
  2⤵
  PID:13224
- C:\Windows\System\npZUvQu.exe
  C:\Windows\System\npZUvQu.exe
  2⤵
  PID:13244
- C:\Windows\System\YrzFeLC.exe
  C:\Windows\System\YrzFeLC.exe
  2⤵
  PID:13268
- C:\Windows\System\sbJXUbc.exe
  C:\Windows\System\sbJXUbc.exe
  2⤵
  PID:13308
- C:\Windows\System\DbtgdSx.exe
  C:\Windows\System\DbtgdSx.exe
  2⤵
  PID:12324
- C:\Windows\System\YKwTehs.exe
  C:\Windows\System\YKwTehs.exe
  2⤵
  PID:12428
- C:\Windows\System\fUkpDlr.exe
  C:\Windows\System\fUkpDlr.exe
  2⤵
  PID:12412
- C:\Windows\System\BCbWSSA.exe
  C:\Windows\System\BCbWSSA.exe
  2⤵
  PID:12520
- C:\Windows\System\kqbmMPS.exe
  C:\Windows\System\kqbmMPS.exe
  2⤵
  PID:12616
- C:\Windows\System\roMhxAm.exe
  C:\Windows\System\roMhxAm.exe
  2⤵
  PID:12672
- C:\Windows\System\uZyCgVs.exe
  C:\Windows\System\uZyCgVs.exe
  2⤵
  PID:12712
- C:\Windows\System\ctBhgFS.exe
  C:\Windows\System\ctBhgFS.exe
  2⤵
  PID:12796
- C:\Windows\System\ZghvDJS.exe
  C:\Windows\System\ZghvDJS.exe
  2⤵
  PID:12812
- C:\Windows\System\Qhqwfxx.exe
  C:\Windows\System\Qhqwfxx.exe
  2⤵
  PID:12900
- C:\Windows\System\ADMBdVy.exe
  C:\Windows\System\ADMBdVy.exe
  2⤵
  PID:13048
- C:\Windows\System\DkoHZPM.exe
  C:\Windows\System\DkoHZPM.exe
  2⤵
  PID:13028
- C:\Windows\System\ClbqHAg.exe
  C:\Windows\System\ClbqHAg.exe
  2⤵
  PID:13056
- C:\Windows\System\CIzxzkb.exe
  C:\Windows\System\CIzxzkb.exe
  2⤵
  PID:13208
- C:\Windows\System\JuOSlWO.exe
  C:\Windows\System\JuOSlWO.exe
  2⤵
  PID:13232
- C:\Windows\System\IKbcJzF.exe
  C:\Windows\System\IKbcJzF.exe
  2⤵
  PID:13292
- C:\Windows\System\cLVZzjM.exe
  C:\Windows\System\cLVZzjM.exe
  2⤵
  PID:12404
- C:\Windows\System\XEtOibL.exe
  C:\Windows\System\XEtOibL.exe
  2⤵
  PID:12640
- C:\Windows\System\RsGiNkN.exe
  C:\Windows\System\RsGiNkN.exe
  2⤵
  PID:12768
- C:\Windows\System\ybgQgBo.exe
  C:\Windows\System\ybgQgBo.exe
  2⤵
  PID:12868
- C:\Windows\System\QkHMFeD.exe
  C:\Windows\System\QkHMFeD.exe
  2⤵
  PID:13096
- C:\Windows\System\VcEiCma.exe
  C:\Windows\System\VcEiCma.exe
  2⤵
  PID:13216
- C:\Windows\System\ItsZiKC.exe
  C:\Windows\System\ItsZiKC.exe
  2⤵
  PID:2664
- C:\Windows\System\YcnEOjg.exe
  C:\Windows\System\YcnEOjg.exe
  2⤵
  PID:4420
- C:\Windows\System\bnNGYty.exe
  C:\Windows\System\bnNGYty.exe
  2⤵
  PID:12876
- C:\Windows\System\ATUHtpf.exe
  C:\Windows\System\ATUHtpf.exe
  2⤵
  PID:12392
- C:\Windows\System\rPUtnXj.exe
  C:\Windows\System\rPUtnXj.exe
  2⤵
  PID:12704
- C:\Windows\System\WPDqDTl.exe
  C:\Windows\System\WPDqDTl.exe
  2⤵
  PID:12368
- C:\Windows\System\IBlkfcs.exe
  C:\Windows\System\IBlkfcs.exe
  2⤵
  PID:13336
- C:\Windows\System\tiTOpmt.exe
  C:\Windows\System\tiTOpmt.exe
  2⤵
  PID:13360
- C:\Windows\System\BpBpaNP.exe
  C:\Windows\System\BpBpaNP.exe
  2⤵
  PID:13380
- C:\Windows\System\vHiBZPw.exe
  C:\Windows\System\vHiBZPw.exe
  2⤵
  PID:13404
- C:\Windows\System\vgVtTZt.exe
  C:\Windows\System\vgVtTZt.exe
  2⤵
  PID:13424
- C:\Windows\System\uWubNXj.exe
  C:\Windows\System\uWubNXj.exe
  2⤵
  PID:13440
- C:\Windows\System\kxuJNDG.exe
  C:\Windows\System\kxuJNDG.exe
  2⤵
  PID:13456
- C:\Windows\System\TwIhTNp.exe
  C:\Windows\System\TwIhTNp.exe
  2⤵
  PID:13480
- C:\Windows\System\rOCUlpG.exe
  C:\Windows\System\rOCUlpG.exe
  2⤵
  PID:13504
- C:\Windows\System\OTSivvD.exe
  C:\Windows\System\OTSivvD.exe
  2⤵
  PID:13520
- C:\Windows\System\jHsoVHW.exe
  C:\Windows\System\jHsoVHW.exe
  2⤵
  PID:13544
- C:\Windows\System\DGzlvWB.exe
  C:\Windows\System\DGzlvWB.exe
  2⤵
  PID:13560
- C:\Windows\System\yvOqllQ.exe
  C:\Windows\System\yvOqllQ.exe
  2⤵
  PID:13588
- C:\Windows\System\IvLFKJK.exe
  C:\Windows\System\IvLFKJK.exe
  2⤵
  PID:13620
- C:\Windows\System\LBeUsrG.exe
  C:\Windows\System\LBeUsrG.exe
  2⤵
  PID:13652
- C:\Windows\System\awwwzvB.exe
  C:\Windows\System\awwwzvB.exe
  2⤵
  PID:13692
- C:\Windows\System\OHQDiNA.exe
  C:\Windows\System\OHQDiNA.exe
  2⤵
  PID:13732
- C:\Windows\System\IiJoTly.exe
  C:\Windows\System\IiJoTly.exe
  2⤵
  PID:13752
- C:\Windows\System\JvfziPD.exe
  C:\Windows\System\JvfziPD.exe
  2⤵
  PID:13768
- C:\Windows\System\nhlBpsO.exe
  C:\Windows\System\nhlBpsO.exe
  2⤵
  PID:13804
- C:\Windows\System\KeZptSG.exe
  C:\Windows\System\KeZptSG.exe
  2⤵
  PID:13828
- C:\Windows\System\eabuAEs.exe
  C:\Windows\System\eabuAEs.exe
  2⤵
  PID:13860
- C:\Windows\System\zjTXaYE.exe
  C:\Windows\System\zjTXaYE.exe
  2⤵
  PID:13900
- C:\Windows\System\YXvdbQn.exe
  C:\Windows\System\YXvdbQn.exe
  2⤵
  PID:13940
- C:\Windows\System\KbWjYEY.exe
  C:\Windows\System\KbWjYEY.exe
  2⤵
  PID:13960
- C:\Windows\System\EXJqDas.exe
  C:\Windows\System\EXJqDas.exe
  2⤵
  PID:13980
- C:\Windows\System\QpaiRix.exe
  C:\Windows\System\QpaiRix.exe
  2⤵
  PID:14008
- C:\Windows\System\uSBfuPn.exe
  C:\Windows\System\uSBfuPn.exe
  2⤵
  PID:14036
- C:\Windows\System\patJRff.exe
  C:\Windows\System\patJRff.exe
  2⤵
  PID:14064
- C:\Windows\System\MPlKxlg.exe
  C:\Windows\System\MPlKxlg.exe
  2⤵
  PID:14108
- C:\Windows\System\KXEJrQR.exe
  C:\Windows\System\KXEJrQR.exe
  2⤵
  PID:14148
- C:\Windows\System\mIPBgmV.exe
  C:\Windows\System\mIPBgmV.exe
  2⤵
  PID:14184
- C:\Windows\System\oBLBFEK.exe
  C:\Windows\System\oBLBFEK.exe
  2⤵
  PID:14216
- C:\Windows\System\unFMJTs.exe
  C:\Windows\System\unFMJTs.exe
  2⤵
  PID:14248
- C:\Windows\System\IiTLtPB.exe
  C:\Windows\System\IiTLtPB.exe
  2⤵
  PID:14284
- C:\Windows\System\NQkzqAp.exe
  C:\Windows\System\NQkzqAp.exe
  2⤵
  PID:14312
- C:\Windows\System\GZMKRfy.exe
  C:\Windows\System\GZMKRfy.exe
  2⤵
  PID:12744
- C:\Windows\System\PIyVWxy.exe
  C:\Windows\System\PIyVWxy.exe
  2⤵
  PID:13392
- C:\Windows\System\LSLiSDC.exe
  C:\Windows\System\LSLiSDC.exe
  2⤵
  PID:13516
- C:\Windows\System\LdgObqe.exe
  C:\Windows\System\LdgObqe.exe
  2⤵
  PID:13492
- C:\Windows\System\MnnjAai.exe
  C:\Windows\System\MnnjAai.exe
  2⤵
  PID:14272
- C:\Windows\System\cygowNH.exe
  C:\Windows\System\cygowNH.exe
  2⤵
  PID:14296
- C:\Windows\System\nxSKaAK.exe
  C:\Windows\System\nxSKaAK.exe
  2⤵
  PID:14332
- C:\Windows\System\MThewcs.exe
  C:\Windows\System\MThewcs.exe
  2⤵
  PID:13352
- C:\Windows\System\kOJLMnB.exe
  C:\Windows\System\kOJLMnB.exe
  2⤵
  PID:13532
- C:\Windows\System\AToSjiQ.exe
  C:\Windows\System\AToSjiQ.exe
  2⤵
  PID:13576
- C:\Windows\System\iseHQQr.exe
  C:\Windows\System\iseHQQr.exe
  2⤵
  PID:13916
- C:\Windows\System\lGyvmTI.exe
  C:\Windows\System\lGyvmTI.exe
  2⤵
  PID:13892
- C:\Windows\System\Gwbjmob.exe
  C:\Windows\System\Gwbjmob.exe
  2⤵
  PID:13948
- C:\Windows\System\jLwWhfe.exe
  C:\Windows\System\jLwWhfe.exe
  2⤵
  PID:13956
- C:\Windows\System\KkDktcn.exe
  C:\Windows\System\KkDktcn.exe
  2⤵
  PID:14000
- C:\Windows\System\zhtOvMa.exe
  C:\Windows\System\zhtOvMa.exe
  2⤵
  PID:14080
- C:\Windows\System\IgDnUpt.exe
  C:\Windows\System\IgDnUpt.exe
  2⤵
  PID:14324
- C:\Windows\System\BorLeUz.exe
  C:\Windows\System\BorLeUz.exe
  2⤵
  PID:13664
- C:\Windows\System\xHmQUhN.exe
  C:\Windows\System\xHmQUhN.exe
  2⤵
  PID:14028
- C:\Windows\System\NUzPnal.exe
  C:\Windows\System\NUzPnal.exe
  2⤵
  PID:13968
- C:\Windows\System\YIlqyDt.exe
  C:\Windows\System\YIlqyDt.exe
  2⤵
  PID:14260
- C:\Windows\System\ydlievF.exe
  C:\Windows\System\ydlievF.exe
  2⤵
  PID:14344
- C:\Windows\System\SqHZqDI.exe
  C:\Windows\System\SqHZqDI.exe
  2⤵
  PID:14380
- C:\Windows\System\ZXZObth.exe
  C:\Windows\System\ZXZObth.exe
  2⤵
  PID:14408
- C:\Windows\System\GijdTIS.exe
  C:\Windows\System\GijdTIS.exe
  2⤵
  PID:14448
- C:\Windows\System\QgIpGwg.exe
  C:\Windows\System\QgIpGwg.exe
  2⤵
  PID:14464
- C:\Windows\System\OGnpzOD.exe
  C:\Windows\System\OGnpzOD.exe
  2⤵
  PID:14504
- C:\Windows\System\YRqscLi.exe
  C:\Windows\System\YRqscLi.exe
  2⤵
  PID:14520
- C:\Windows\System\fOpPRgQ.exe
  C:\Windows\System\fOpPRgQ.exe
  2⤵
  PID:14560
- C:\Windows\System\xEnnBqv.exe
  C:\Windows\System\xEnnBqv.exe
  2⤵
  PID:14576
- C:\Windows\System\zmyBUij.exe
  C:\Windows\System\zmyBUij.exe
  2⤵
  PID:14608
- C:\Windows\System\bdmzvGT.exe
  C:\Windows\System\bdmzvGT.exe
  2⤵
  PID:14648
- C:\Windows\System\XCQvRcc.exe
  C:\Windows\System\XCQvRcc.exe
  2⤵
  PID:14672
- C:\Windows\System\tbfhrPm.exe
  C:\Windows\System\tbfhrPm.exe
  2⤵
  PID:14688
- C:\Windows\System\yvZbeim.exe
  C:\Windows\System\yvZbeim.exe
  2⤵
  PID:14704

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AihuyhI.exe

Filesize
2.1MB

MD5
5a7a96f003284d0e65dc92a881bcb971

SHA1
8426a5440542df22514817a0fd3f04e912ca36d7

SHA256
d87762bdd4f264a05d5d33eea5f9e5a65a0a135b822bc37af8e87a17a357815e

SHA512
b020ce16a7c4583ab677cf0739b144e7ffca2d58a7a068c22603815545f1e03d804c9ff28c899688b85fc8f2fc13e8b16c5b4c2e8a48e6e77d52ac39b31ca3ea

Download Submit
C:\Windows\System\BCzAadp.exe

Filesize
2.1MB

MD5
feb2570cc148e8e20e0c43d80b38d217

SHA1
ddb78295f94945bf0459211516c437bb8b3a3655

SHA256
2d2759ab9df491cf9dd4bf015129bfa050bbc6a1ed581f8e8009d72cc05b796c

SHA512
d3a8d1fc092e83b1659fbf818e985200ce29574040ed342f88e802642b7b5f3478188ae579c9c0a8248e68068124967b2841120908d1039261edf3e688e8643a

Download Submit
C:\Windows\System\CAGMsVG.exe

Filesize
2.1MB

MD5
8ce4b7b97f5e67bef5655b70687a1a28

SHA1
c2d2b36a590d0e0aeb18535acdfa8dad9d43c5cf

SHA256
45374e89864b681335b611f0f2020fae7e54a1dd8b15d04710640c4bfd6354b6

SHA512
0a5f7af4e07f798f299733517f7dc7bbab3b0f95649d7d1d97dd6c4f72130cec97fb771864d079569fac194b40c04800b154e442d65570d47a14b7dae6aec923

Download Submit
C:\Windows\System\CKiAdlk.exe

Filesize
2.1MB

MD5
e300dfe3863d7743ce89ab37fbb89082

SHA1
06b8587c02a48790ee027b533be2a5898606ed1b

SHA256
dcb7e0980e356cb26ea604c1f1d9b440c81d5df29ec648997109ac1a6b261c6b

SHA512
696a08c8b5b2cfdbee84a7fa566dc401c19f6c5aa85872c5fe9a6423f7e333593f64b4f83fe27fc516fe9b85fa3e4b1395dab0fd13acc20a12c51c1da539d983

Download Submit
C:\Windows\System\DNATYjH.exe

Filesize
2.1MB

MD5
a643014cdb27a6c5e13b0f88eb6cdb4c

SHA1
58a18c31963d5d7955aa65683c59c4b8eb4688a6

SHA256
943d7083d739e7c2046e1d2d2e77343f9c10d4e0b3018a439b64675ecf9f68e0

SHA512
1fd2b6efaf393128cc5896739bd535703d70b0b3a5701b0faed6afd6133dbe0cd61554a1f3ccc1099898e0830f085bd7ae93af3c4b993a628b9499cdff570578

Download Submit
C:\Windows\System\DSRmoPi.exe

Filesize
2.1MB

MD5
9ce16f896a6fff260c9a1418e66f1975

SHA1
700fcce34959a967ff4418d4d337d8b60cc94354

SHA256
9215e320278cf8869b00a4b585c41355e362dbd8706682001ac8eaf9e5ec3231

SHA512
cb04d9b9839c2b2af3cabd577ba0f03192d85bd13a8ab3d83bfe4f977b4e8d313932ccbde115ba45f7725fbe3df1e0cb1cb8a951ce5e2d8d61967ccb73839c25

Download Submit
C:\Windows\System\EYHSQKh.exe

Filesize
2.1MB

MD5
21e4e06d249c65b16cbf9f423cff9cda

SHA1
442a3ea81ecd075697f4f42b77c873597038268f

SHA256
03e959a62ecc6c1df8116091761750e613afdee733d7e881b811eb0fc755b66e

SHA512
db7604353dac57ab3a68c8eeeb451190bd8b0d352a87bbfb82cede37750b2a6b29ce69d6f231b8b6ef1451d9b385709ff46500b6e57bb1caa36bfbb8f0131fb7

Download Submit
C:\Windows\System\FJETeyu.exe

Filesize
2.1MB

MD5
11855fa05e4f4f92d1828252d8386cff

SHA1
39c0d6e099ae9eeb73196ee54a96dbe5a2fb4f53

SHA256
15da3bdbbfc3cb3ba0fb183caad6db7c6b0bd3d1d8161d83d324775b70350463

SHA512
4a7937bbfd00f68e5aac4383839eef9e4eb3fa083bec869747eb55b3bd83434624e069c4e9d55953433637a12ec0ba6f68b12f91f3298a9b5d15c569c4898818

Download Submit
C:\Windows\System\FVjjEgg.exe

Filesize
2.1MB

MD5
c0dba14eb5eca5c9f5d720c1d5e02b01

SHA1
bd2b356c82b0c154d797ff5d3e15c678690ee98c

SHA256
57db18e43b9ec2181875baf5c5952b67f155e8a12a9299060a433c53db7bd27e

SHA512
df364b7ffb91393354cd2b1f8610a26e247cf863592969475758ccdc3b4106ed8f15f5db902052502872cfa5ae2167bb28bd94c24114d5738b1293967c7edf52

Download Submit
C:\Windows\System\FkTSRnT.exe

Filesize
2.1MB

MD5
32432448ce7efab16cbd3e7ab74a97b3

SHA1
3daba343d575b066a354b2d64762376466303f43

SHA256
8a9e0bc9339bd37d172f77a17670aec564deb2cedac07cf9bf61914b578f00c7

SHA512
bd09591f074226b37c4c6674adec76d4bc0c609906b1954af14c220109fced1c2f0ad8e20b63e629a03e836597b9c65bcd5f24f5b7107bf527d41f5fb365bb71

Download Submit
C:\Windows\System\HNGHrFd.exe

Filesize
2.1MB

MD5
e45cb716b59ae65b26989c0d5c94ccba

SHA1
5e383c19f58047e6af9a0337eef1c138d6a0686d

SHA256
3ecc61aae8154bd23d7ccaabdd2e7fc104ca6d1775720d5a6e37be66f5b9a4fd

SHA512
755ea1555da5c19909a17cae766617cc9cf9c5541c2b5eb0c065fed55866d325f867776e29c3ff63d85d0d7df9c324bbadc0cd81f6e52ffd758cc19dfab8eed5

Download Submit
C:\Windows\System\IthYXyi.exe

Filesize
2.1MB

MD5
d81b0058de1a37752b8590a8adcb82bd

SHA1
17ef0465e28a39c30e334e980b5eaa6d75ae553f

SHA256
e58b616f9988d02e5e4110ee5d36b52e7681bbaf2d60e4823a8b2ffd7a654a39

SHA512
a6e0c86ca0bb1f7aa8e500153a3d980996384bbf98e54294c823d9683d6fa17898ab5630a55e8e37966334fb472ae810b756483264372701de9ebd2b5a17ac14

Download Submit
C:\Windows\System\KdJfBzB.exe

Filesize
2.1MB

MD5
2b48a8ada7ba7c1036f799c6fab1f5db

SHA1
a881b31d6eec50465516437ec10ea1ae929b7fe2

SHA256
0bd06474e6c542e0df329f132df60877ebb25cd248835474485d2cb74a2a1f82

SHA512
c2c1c863117c570dc5c3c10b22c4c3b4e6170b64bdea1321a92c61447aabcf250cc1a6e58ec0e62cbb381b2a225d3893011c95293262acd7cbaac47c4d744a69

Download Submit
C:\Windows\System\LhmNOZP.exe

Filesize
2.1MB

MD5
40a795ef647c67a132fb5fe345855bbe

SHA1
e2a2740f2e3a92cd489a7f70513492127831a39e

SHA256
d79c9b4e24df8ce111576effdb5bcd8219e59c0e2b8c93055dce2ee5fb2a18e4

SHA512
4c003287846e0a38683e52103936d9dfc98140c0013634c3774d0fbbcbb17c01a013169402eb1491b198889cf187f4335d3453512c8fbba315398403ae326379

Download Submit
C:\Windows\System\MQfdDxo.exe

Filesize
2.1MB

MD5
a1a9a2c8ba449c19d92f3c49da71b328

SHA1
1d795a00b1414d21414d7a923a22b565c797a03d

SHA256
c92c8de0176bd762419eb811a4fb6dd29b2c0568a374992ce83e41b60342e832

SHA512
34458086009cdee0d112edc517289ae41a2a7792dce8505ca23bd9f7cd448e58d19cc05a351b830e73b4ffe5beb76e3a445e336939309753d69ad419f674766d

Download Submit
C:\Windows\System\NAoMqiU.exe

Filesize
2.1MB

MD5
29dbfa571fcc3bf0e62e4836662b39ac

SHA1
5f8771293b4b67638bf26ed2855b497a775e5639

SHA256
e4af67616f2fdf0cad18fb86800c9d45bdf7576a80e2e13ab0939a4e00ca454b

SHA512
204bb4647eb2d22a29866ab2e9979afd7a182e970906dec8a8617ef1192ca50bd4c9717401455854f4b658aa551db7a3fd76b29cd8e478e0ba7f998639109444

Download Submit
C:\Windows\System\NWKkqJr.exe

Filesize
2.1MB

MD5
0f0973e9645ff89428268ce875f704bd

SHA1
f7e62ebcf67f8f707199804794ff2fecebd3a9d3

SHA256
2a5d4645b00da8d6a36f7ef28c38f07cb73da50528df7a2d2d669361e7c3a344

SHA512
b71447b9715f92415a6ab1945fb76ab3f5b6d35191d4e681f23b01eef9356965ddaa0bf4c72d61775bbbd947e285222669b0e4e799a4e874f7d410c4f7b4495f

Download Submit
C:\Windows\System\OTcPbFw.exe

Filesize
2.1MB

MD5
497e6c41820261b6c7fd6dacc12ed10f

SHA1
a37d6477709a7c1d65848d0a74fa40f385ab06b4

SHA256
c7305a25b37e23dcd13f480fa9450a31509527f19c62878dce852bc043e8f14a

SHA512
1dcb36ec854edb86269428f5402abedd0cd6ff7a47de3acab218f836dd2552f6e62eeecd44c2c0ebaddf00b064c63c385472839231dce171fc0cc35215cb6ae3

Download Submit
C:\Windows\System\RxnbLVU.exe

Filesize
2.1MB

MD5
c1b23941f417cc842d23a9dcb2f2ab38

SHA1
eea4eb6c7fbd9ba128d863119eadf5f87553428d

SHA256
ab9780368ef30dfc419f6a360c9fc9cc5dddb81a4bc1d4faf243333c149d694d

SHA512
bb955ff04142aa6fd611e132472302fc510097d32a3a8554b2a85ca25e8e028949a35c8eeec7efddd6792fe247181ab08f02cbbd52de7f6d109c450242e44521

Download Submit
C:\Windows\System\SUqcgeI.exe

Filesize
2.1MB

MD5
33c28530dfd332564dc741c2e8def47b

SHA1
211e88450b5a7bc82057978d785cff8f7df29870

SHA256
bb4560f29fdfa577eb2ac67b893b54763d135174629a966993f3a26ec27a2a4b

SHA512
d9f61d188004ff1acb31c242f27a3bd471c35462d85515db22823daaa99b85278f2c89aafed5271bfabc1c2fbc8aa2535dc793f3bb5cb163c10a990f549e4537

Download Submit
C:\Windows\System\ViFuJvK.exe

Filesize
2.1MB

MD5
13d4650829f815fc74e8bffd21353891

SHA1
feed32283ef2587bfd505fc728ba4a2bbf316cf7

SHA256
5daea369306c264b7735128bacc2aebf5b31bc35923cb4b9f767c1115e821be4

SHA512
1bc83911e74b3880a48d5b7eae5f3b5a5162958f6e6c7eda3dc692deb5071e4197f5523ab637177e310b5109226b0066b7539b83ff6db0563717a958ab87a757

Download Submit
C:\Windows\System\VqRkEgd.exe

Filesize
2.1MB

MD5
86c901bf8d8864d8b991b6aafc7c5fbe

SHA1
8814f8373fd3f4e183d5cd8e00edcf5dd3a7fcb8

SHA256
07c29a441327663a834dbac662fee07ede4a4705b2523b4fce0a7f5f7ee96515

SHA512
a61a9ca22f60723ffbfff262c657aa0dfc1f82d50ee25beb160ef06bcc5dd3e145a2bb2c3d4f5be468abcd8f93cc4cc4f30251a24cf7d9d86630f1adc80eeb2d

Download Submit
C:\Windows\System\VyBMQeV.exe

Filesize
2.1MB

MD5
6c9a4d0ed3b27e341e2b5129ba0624a0

SHA1
a035971ea15f11189365dfa81d1ebaf2b99c2d06

SHA256
7b81ba0d8a7510e9884de2773d1d7157cc6280d26ee6e36046b6370aa6aea93b

SHA512
83ea23ef15922a63048a425af6000cfb6d60486e1705299849efda70c8e6b0fc8581e84aac022b897322fcc1a35f7da1122ce2e9d4d57d71c73247bcfd6dcc45

Download Submit
C:\Windows\System\XQLjPrf.exe

Filesize
2.1MB

MD5
2edbf4e87d59b061880c1ad24394800b

SHA1
a3428625d166906047f49b3e77c6647fa2321f1d

SHA256
fe13f7f98efa4044d55a0b1da6b9150eca0488807963ec3c00bd5a898291396a

SHA512
aa679339fe7cd01b7b21fc54a6695fd07989283ab704907beeb5ebb1f68c57fd84587a63fd216c9c5317e9a2a2cc600ada847f0dcc66d85fb7f48c607ed394de

Download Submit
C:\Windows\System\aSkNVmS.exe

Filesize
2.1MB

MD5
2bd706b470f9db0b0991a0bb7eb2d4a5

SHA1
708d0bc86a43b0bf981a305488b469e9319ce00e

SHA256
283841c1a4602e481b97e9f730ad286f435970cc141c926b8cb7ec558449ad3d

SHA512
ab8413fabb74b3eec7de761450878608588037f1c43f7b2dc23d40458a8cf3e2f2c1d4ea2dfe03776083dcec17e2f732e9838a8668e20068a836c4ce1232645b

Download Submit
C:\Windows\System\aZApFrY.exe

Filesize
2.1MB

MD5
bd24387a8109596bab7923b9a61bac9b

SHA1
0dc2d7df8f5d17e312dd583fe4bf444b25d2ff91

SHA256
0303320f38fdc974994bf711257c6bc67475eb08367c4ae3fa81f37bd70f734f

SHA512
16616b84734cd3057a1b4e6dfe911638ad0a94ae4b1c79733603018fca1f1fa6d1a6f3e28f4054a7e1283590a2c1cfa14307f221a595a217a0ddf9b126994ab2

Download Submit
C:\Windows\System\eEGUYum.exe

Filesize
2.1MB

MD5
f677831dd360d8a94b9b56e0d3d1af16

SHA1
e93b8f53ad04c2917f52f18c13065b987fc4643e

SHA256
09a209eb43bb6f4cf604f1cabc469723c7231155284eb384ca8c97ec4165e571

SHA512
8629833a7f4399498ec00c8bbb1d12ca31925c0fa3b073eee3bc1eeb8c4b2128054b3e4ed136a9bad8caaf702173df325123eb17e7a5207e35f86a76b0240fdb

Download Submit
C:\Windows\System\fjZARdo.exe

Filesize
2.1MB

MD5
9abc9b5d30571d1a066582be33fabf9e

SHA1
2bd2057200337d41dcc87ec16d5d21f29c832197

SHA256
86a56c2d23eb0bbd6575b42975410ec1db0aec465823b168e64cbd1f72f3fe2e

SHA512
d60988d4ba25bb6e5df57352696139aecb520c3f61c3370c9fefb82cabeb58cf57d2a4c3966474180a3a82415fb48e5c56f773e1c7d21f7a9fff94290d938ead

Download Submit
C:\Windows\System\pKqWioJ.exe

Filesize
2.1MB

MD5
b339b9415963f52cfc52812de255b8a4

SHA1
f94af980ac8274925a11ad854fa69e3f86646ff4

SHA256
640fc7c2bb0733769e7c5e72e0d8c9b80675b8c3d726e6602ffc6b0e88c3cc38

SHA512
2a9deaf7b030e77cbfd6456b71e283d19d0547e39074a19d43fcb1b7f71ffc45e0a12f2bba034521cb0888f9c76189551567ec1d0ee8d7100d7ee99d30fbcc4a

Download Submit
C:\Windows\System\qgwRrUs.exe

Filesize
2.1MB

MD5
c4eb3a8d0900fd3f7ab397f7ca180f95

SHA1
5ac1d37fa6a83a22dfdf412e751dcd9bfbd039bf

SHA256
c872f64bb84d2f63b4648d9b9169e412c264697943a0946264bf412f4cd044e3

SHA512
554e67edbd9140f23a22b0953ae616b91a5479bd21d4b383c8db5c5a4a3a4a96a6b79ba678ceabf1ef24daa384846c4bce2209eb2bc00325bdb425dc04e40614

Download Submit
C:\Windows\System\qzhwtKT.exe

Filesize
2.1MB

MD5
0ecd9e24d44dbf7550e97f564b3a067e

SHA1
966b9e6fff58d8e477c7ae0dda3b860e9dcfdcb0

SHA256
5e7de5b21bc27c5959854a566595fd402117a2958a9049ce449aa53b69af460f

SHA512
efee92420b354709e807e7bd0907fbd38526cbddcb004cf6d216a91d6d04e263327b515ce6519ebf263beb77f502c10ca06ef7a989bc5094949de26a17420fea

Download Submit
C:\Windows\System\vQqFfJw.exe

Filesize
2.1MB

MD5
e6ce2d878db55a682cc49a4c9c194d5e

SHA1
3847107c57260b21a247710ef7bb8264c3574bca

SHA256
9cf3e86668ad4bf28854b5328173958c92dc5dd201d78b7840a05f7bfe9e55ca

SHA512
0e5b1a3d2279400284194815d08837075b71594219827038e2753b46bdb0036143afc5cf7c94bd37ad964f46fb20e24c80941ce44ccebc10763c6c70d8c7ad05

Download Submit
C:\Windows\System\wRYGQPn.exe

Filesize
2.1MB

MD5
357be20b3a6e224068ed7b70e35b7fd8

SHA1
b205557b385d12d334220d90af6cbaf94fca2125

SHA256
c7581489331a08ea3c895eefa7721692661a0386de343bd20749c0148b8e5ee2

SHA512
9485021d9594269498449b2a0ba95828cbf04bf9e96380b5d2450f7c5616da740cf5b0725a41966dff21e996ea0d0c1c776daf34f30f531ab82fc6cc5ed0ccf9

Download Submit
memory/452-153-0x00007FF70C7A0000-0x00007FF70CAF4000-memory.dmp

Filesize
3.3MB

Download
memory/452-2107-0x00007FF70C7A0000-0x00007FF70CAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-0-0x00007FF614D70000-0x00007FF6150C4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-2088-0x00007FF614D70000-0x00007FF6150C4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1-0x0000028B368D0000-0x0000028B368E0000-memory.dmp

Filesize
64KB

Download
memory/1076-2095-0x00007FF7A7CD0000-0x00007FF7A8024000-memory.dmp

Filesize
3.3MB

Download
memory/1076-166-0x00007FF7A7CD0000-0x00007FF7A8024000-memory.dmp

Filesize
3.3MB

Download
memory/1660-2119-0x00007FF776A70000-0x00007FF776DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-164-0x00007FF776A70000-0x00007FF776DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2096-0x00007FF794500000-0x00007FF794854000-memory.dmp

Filesize
3.3MB

Download
memory/1832-24-0x00007FF794500000-0x00007FF794854000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2090-0x00007FF794500000-0x00007FF794854000-memory.dmp

Filesize
3.3MB

Download
memory/1944-167-0x00007FF7A0430000-0x00007FF7A0784000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2097-0x00007FF7A0430000-0x00007FF7A0784000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2094-0x00007FF72D430000-0x00007FF72D784000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2089-0x00007FF72D430000-0x00007FF72D784000-memory.dmp

Filesize
3.3MB

Download
memory/2292-10-0x00007FF72D430000-0x00007FF72D784000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2112-0x00007FF7A8830000-0x00007FF7A8B84000-memory.dmp

Filesize
3.3MB

Download
memory/2308-155-0x00007FF7A8830000-0x00007FF7A8B84000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2117-0x00007FF7D07B0000-0x00007FF7D0B04000-memory.dmp

Filesize
3.3MB

Download
memory/2336-170-0x00007FF7D07B0000-0x00007FF7D0B04000-memory.dmp

Filesize
3.3MB

Download
memory/2352-129-0x00007FF6E5020000-0x00007FF6E5374000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2102-0x00007FF6E5020000-0x00007FF6E5374000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2103-0x00007FF72CA70000-0x00007FF72CDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-136-0x00007FF72CA70000-0x00007FF72CDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-160-0x00007FF723AA0000-0x00007FF723DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2113-0x00007FF723AA0000-0x00007FF723DF4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-169-0x00007FF787020000-0x00007FF787374000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2115-0x00007FF787020000-0x00007FF787374000-memory.dmp

Filesize
3.3MB

Download
memory/3188-33-0x00007FF6CAD60000-0x00007FF6CB0B4000-memory.dmp

Filesize
3.3MB

Download
memory/3188-2091-0x00007FF6CAD60000-0x00007FF6CB0B4000-memory.dmp

Filesize
3.3MB

Download
memory/3188-2098-0x00007FF6CAD60000-0x00007FF6CB0B4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-144-0x00007FF651070000-0x00007FF6513C4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-2108-0x00007FF651070000-0x00007FF6513C4000-memory.dmp

Filesize
3.3MB

Download
memory/3244-2111-0x00007FF6F3E00000-0x00007FF6F4154000-memory.dmp

Filesize
3.3MB

Download
memory/3244-162-0x00007FF6F3E00000-0x00007FF6F4154000-memory.dmp

Filesize
3.3MB

Download
memory/3360-2106-0x00007FF69AC90000-0x00007FF69AFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3360-154-0x00007FF69AC90000-0x00007FF69AFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3572-2092-0x00007FF623B70000-0x00007FF623EC4000-memory.dmp

Filesize
3.3MB

Download
memory/3572-87-0x00007FF623B70000-0x00007FF623EC4000-memory.dmp

Filesize
3.3MB

Download
memory/3572-2104-0x00007FF623B70000-0x00007FF623EC4000-memory.dmp

Filesize
3.3MB

Download
memory/3916-2110-0x00007FF789260000-0x00007FF7895B4000-memory.dmp

Filesize
3.3MB

Download
memory/3916-161-0x00007FF789260000-0x00007FF7895B4000-memory.dmp

Filesize
3.3MB

Download
memory/4172-2118-0x00007FF669400000-0x00007FF669754000-memory.dmp

Filesize
3.3MB

Download
memory/4172-158-0x00007FF669400000-0x00007FF669754000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2093-0x00007FF7FC8C0000-0x00007FF7FCC14000-memory.dmp

Filesize
3.3MB

Download
memory/4292-179-0x00007FF7FC8C0000-0x00007FF7FCC14000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2122-0x00007FF7FC8C0000-0x00007FF7FCC14000-memory.dmp

Filesize
3.3MB

Download
memory/4388-109-0x00007FF615BA0000-0x00007FF615EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4388-2100-0x00007FF615BA0000-0x00007FF615EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4492-168-0x00007FF7E4810000-0x00007FF7E4B64000-memory.dmp

Filesize
3.3MB

Download
memory/4492-2099-0x00007FF7E4810000-0x00007FF7E4B64000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2121-0x00007FF6A3CE0000-0x00007FF6A4034000-memory.dmp

Filesize
3.3MB

Download
memory/4500-163-0x00007FF6A3CE0000-0x00007FF6A4034000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2120-0x00007FF673EF0000-0x00007FF674244000-memory.dmp

Filesize
3.3MB

Download
memory/4532-165-0x00007FF673EF0000-0x00007FF674244000-memory.dmp

Filesize
3.3MB

Download
memory/4572-157-0x00007FF7453E0000-0x00007FF745734000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2109-0x00007FF7453E0000-0x00007FF745734000-memory.dmp

Filesize
3.3MB

Download
memory/4972-122-0x00007FF7B01D0000-0x00007FF7B0524000-memory.dmp

Filesize
3.3MB

Download
memory/4972-2101-0x00007FF7B01D0000-0x00007FF7B0524000-memory.dmp

Filesize
3.3MB

Download
memory/5028-2114-0x00007FF62F1A0000-0x00007FF62F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/5028-156-0x00007FF62F1A0000-0x00007FF62F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-2116-0x00007FF643050000-0x00007FF6433A4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-159-0x00007FF643050000-0x00007FF6433A4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2105-0x00007FF69BF30000-0x00007FF69C284000-memory.dmp

Filesize
3.3MB

Download
memory/5080-137-0x00007FF69BF30000-0x00007FF69C284000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads