xmrig | 337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2

Analysis

max time kernel
112s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
Size

2.3MB
MD5

c287fccd6fb3d6484a69cc47a5eab310
SHA1

b7aef84c2211cd9850d9b1f7cc883b69fd1c798e
SHA256

337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2
SHA512

44b0eb27a0c340e4e05abb510230d9c497b212bd222e580611279937454e8ae23d67e48d51e3d4bb66514b7edb0a395a5c93d26e57305046eea5d5712a83ac46
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQFHKsUKC6PeOwctWko:BemTLkNdfE0pZrQy

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4904-0-0x00007FF698A30000-0x00007FF698D84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023278-6.dat	xmrig
behavioral2/files/0x00070000000233fa-9.dat	xmrig
behavioral2/files/0x00070000000233fb-18.dat	xmrig
behavioral2/files/0x00070000000233fc-22.dat	xmrig
behavioral2/files/0x00070000000233fd-33.dat	xmrig
behavioral2/files/0x00070000000233fe-37.dat	xmrig
behavioral2/files/0x0007000000023402-62.dat	xmrig
behavioral2/memory/5104-81-0x00007FF6B7E40000-0x00007FF6B8194000-memory.dmp	xmrig
behavioral2/files/0x0007000000023407-91.dat	xmrig
behavioral2/memory/1092-98-0x00007FF6494A0000-0x00007FF6497F4000-memory.dmp	xmrig
behavioral2/memory/1616-101-0x00007FF6FA8C0000-0x00007FF6FAC14000-memory.dmp	xmrig
behavioral2/memory/4600-104-0x00007FF6BFBA0000-0x00007FF6BFEF4000-memory.dmp	xmrig
behavioral2/memory/3956-103-0x00007FF7DCB80000-0x00007FF7DCED4000-memory.dmp	xmrig
behavioral2/memory/3104-102-0x00007FF687660000-0x00007FF6879B4000-memory.dmp	xmrig
behavioral2/memory/4200-100-0x00007FF783E10000-0x00007FF784164000-memory.dmp	xmrig
behavioral2/memory/224-99-0x00007FF778280000-0x00007FF7785D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-96.dat	xmrig
behavioral2/memory/2280-95-0x00007FF7D1E90000-0x00007FF7D21E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023403-93.dat	xmrig
behavioral2/memory/3432-90-0x00007FF6C5900000-0x00007FF6C5C54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023406-88.dat	xmrig
behavioral2/files/0x0007000000023405-86.dat	xmrig
behavioral2/files/0x0007000000023404-84.dat	xmrig
behavioral2/memory/2192-82-0x00007FF684CC0000-0x00007FF685014000-memory.dmp	xmrig
behavioral2/memory/4076-77-0x00007FF70B7F0000-0x00007FF70BB44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023401-74.dat	xmrig
behavioral2/files/0x0007000000023400-71.dat	xmrig
behavioral2/memory/1932-59-0x00007FF7354B0000-0x00007FF735804000-memory.dmp	xmrig
behavioral2/memory/3948-53-0x00007FF7EB800000-0x00007FF7EBB54000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ff-54.dat	xmrig
behavioral2/memory/1264-47-0x00007FF671080000-0x00007FF6713D4000-memory.dmp	xmrig
behavioral2/memory/4716-27-0x00007FF621880000-0x00007FF621BD4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f9-25.dat	xmrig
behavioral2/memory/2364-12-0x00007FF7D9480000-0x00007FF7D97D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-107.dat	xmrig
behavioral2/memory/3760-118-0x00007FF69E0D0000-0x00007FF69E424000-memory.dmp	xmrig
behavioral2/memory/4780-126-0x00007FF65C810000-0x00007FF65CB64000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-131.dat	xmrig
behavioral2/files/0x000700000002340f-144.dat	xmrig
behavioral2/files/0x0007000000023410-153.dat	xmrig
behavioral2/files/0x0007000000023412-160.dat	xmrig
behavioral2/files/0x0007000000023411-166.dat	xmrig
behavioral2/files/0x0007000000023416-187.dat	xmrig
behavioral2/files/0x000700000002341a-200.dat	xmrig
behavioral2/memory/3680-254-0x00007FF6577A0000-0x00007FF657AF4000-memory.dmp	xmrig
behavioral2/memory/1800-262-0x00007FF604FB0000-0x00007FF605304000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-199.dat	xmrig
behavioral2/memory/3100-196-0x00007FF7FEB70000-0x00007FF7FEEC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-192.dat	xmrig
behavioral2/files/0x0007000000023417-190.dat	xmrig
behavioral2/files/0x0007000000023414-182.dat	xmrig
behavioral2/files/0x0007000000023413-178.dat	xmrig
behavioral2/memory/3272-177-0x00007FF64E600000-0x00007FF64E954000-memory.dmp	xmrig
behavioral2/memory/2196-161-0x00007FF667700000-0x00007FF667A54000-memory.dmp	xmrig
behavioral2/memory/4988-155-0x00007FF669820000-0x00007FF669B74000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-151.dat	xmrig
behavioral2/memory/1996-150-0x00007FF6EC040000-0x00007FF6EC394000-memory.dmp	xmrig
behavioral2/memory/644-145-0x00007FF6051A0000-0x00007FF6054F4000-memory.dmp	xmrig
behavioral2/memory/4404-141-0x00007FF78F600000-0x00007FF78F954000-memory.dmp	xmrig
behavioral2/memory/1480-137-0x00007FF690F80000-0x00007FF6912D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-138.dat	xmrig
behavioral2/files/0x000700000002340c-133.dat	xmrig
behavioral2/files/0x00080000000233f6-123.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2364	cqJQSBV.exe
4716	FgyFZoW.exe
1264	qMpoCiO.exe
3948	MmMkjtM.exe
224	txwDuwK.exe
4200	rVTHnvg.exe
1932	xgDtYtZ.exe
4076	lGemSZg.exe
1616	bjowdbY.exe
5104	rtdhzDK.exe
2192	hUFgGmZ.exe
3104	yHtqRNw.exe
3432	GTuQXmZ.exe
2280	jiFfdxC.exe
1092	HUVcDPx.exe
3956	evDoWok.exe
4600	AFkYnWD.exe
3760	gVJNclX.exe
644	HBZBFRf.exe
4780	xjAjGtx.exe
1996	QoRIkit.exe
1480	ytJwHGH.exe
4404	yqyQlCk.exe
4988	QXxRtye.exe
3272	NMOWrOm.exe
3100	wHAeWWl.exe
2196	GqsUrad.exe
3680	mgliMXE.exe
1800	uTGiTrM.exe
1648	NtpIfOg.exe
3216	phByKee.exe
3000	vbAynvT.exe
3712	DdqOfBU.exe
4768	akeFFbT.exe
3796	kNwrMEq.exe
4568	bRhkLsv.exe
3480	fLgKgMC.exe
3096	fVlvJbt.exe
3192	bfsnJsV.exe
1588	EmLjhiJ.exe
220	CSpJPCT.exe
4116	GbGYJep.exe
4300	LjdYujO.exe
4288	zidwTzB.exe
4380	tfZIwnY.exe
2660	CEPKPaN.exe
4944	yTSGLhz.exe
4864	gHVFHrC.exe
2988	eaZNbqd.exe
4880	osQhPud.exe
4868	vHGCbjl.exe
3736	dzLiOeX.exe
2168	osdEKwO.exe
1060	RPsNqqA.exe
812	UTdSoBr.exe
4192	ZgqpdMU.exe
3600	RkKlqPP.exe
1888	vcGVkdX.exe
1900	NzamLry.exe
4848	kbiezzb.exe
2180	CIsgtgs.exe
5048	MlaLLnK.exe
2708	ejwjvDv.exe
2004	YgSygSM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4904-0-0x00007FF698A30000-0x00007FF698D84000-memory.dmp	upx
behavioral2/files/0x0007000000023278-6.dat	upx
behavioral2/files/0x00070000000233fa-9.dat	upx
behavioral2/files/0x00070000000233fb-18.dat	upx
behavioral2/files/0x00070000000233fc-22.dat	upx
behavioral2/files/0x00070000000233fd-33.dat	upx
behavioral2/files/0x00070000000233fe-37.dat	upx
behavioral2/files/0x0007000000023402-62.dat	upx
behavioral2/memory/5104-81-0x00007FF6B7E40000-0x00007FF6B8194000-memory.dmp	upx
behavioral2/files/0x0007000000023407-91.dat	upx
behavioral2/memory/1092-98-0x00007FF6494A0000-0x00007FF6497F4000-memory.dmp	upx
behavioral2/memory/1616-101-0x00007FF6FA8C0000-0x00007FF6FAC14000-memory.dmp	upx
behavioral2/memory/4600-104-0x00007FF6BFBA0000-0x00007FF6BFEF4000-memory.dmp	upx
behavioral2/memory/3956-103-0x00007FF7DCB80000-0x00007FF7DCED4000-memory.dmp	upx
behavioral2/memory/3104-102-0x00007FF687660000-0x00007FF6879B4000-memory.dmp	upx
behavioral2/memory/4200-100-0x00007FF783E10000-0x00007FF784164000-memory.dmp	upx
behavioral2/memory/224-99-0x00007FF778280000-0x00007FF7785D4000-memory.dmp	upx
behavioral2/files/0x0007000000023408-96.dat	upx
behavioral2/memory/2280-95-0x00007FF7D1E90000-0x00007FF7D21E4000-memory.dmp	upx
behavioral2/files/0x0007000000023403-93.dat	upx
behavioral2/memory/3432-90-0x00007FF6C5900000-0x00007FF6C5C54000-memory.dmp	upx
behavioral2/files/0x0007000000023406-88.dat	upx
behavioral2/files/0x0007000000023405-86.dat	upx
behavioral2/files/0x0007000000023404-84.dat	upx
behavioral2/memory/2192-82-0x00007FF684CC0000-0x00007FF685014000-memory.dmp	upx
behavioral2/memory/4076-77-0x00007FF70B7F0000-0x00007FF70BB44000-memory.dmp	upx
behavioral2/files/0x0007000000023401-74.dat	upx
behavioral2/files/0x0007000000023400-71.dat	upx
behavioral2/memory/1932-59-0x00007FF7354B0000-0x00007FF735804000-memory.dmp	upx
behavioral2/memory/3948-53-0x00007FF7EB800000-0x00007FF7EBB54000-memory.dmp	upx
behavioral2/files/0x00070000000233ff-54.dat	upx
behavioral2/memory/1264-47-0x00007FF671080000-0x00007FF6713D4000-memory.dmp	upx
behavioral2/memory/4716-27-0x00007FF621880000-0x00007FF621BD4000-memory.dmp	upx
behavioral2/files/0x00070000000233f9-25.dat	upx
behavioral2/memory/2364-12-0x00007FF7D9480000-0x00007FF7D97D4000-memory.dmp	upx
behavioral2/files/0x0007000000023409-107.dat	upx
behavioral2/memory/3760-118-0x00007FF69E0D0000-0x00007FF69E424000-memory.dmp	upx
behavioral2/memory/4780-126-0x00007FF65C810000-0x00007FF65CB64000-memory.dmp	upx
behavioral2/files/0x000700000002340b-131.dat	upx
behavioral2/files/0x000700000002340f-144.dat	upx
behavioral2/files/0x0007000000023410-153.dat	upx
behavioral2/files/0x0007000000023412-160.dat	upx
behavioral2/files/0x0007000000023411-166.dat	upx
behavioral2/files/0x0007000000023416-187.dat	upx
behavioral2/files/0x000700000002341a-200.dat	upx
behavioral2/memory/3680-254-0x00007FF6577A0000-0x00007FF657AF4000-memory.dmp	upx
behavioral2/memory/1800-262-0x00007FF604FB0000-0x00007FF605304000-memory.dmp	upx
behavioral2/files/0x0007000000023419-199.dat	upx
behavioral2/memory/3100-196-0x00007FF7FEB70000-0x00007FF7FEEC4000-memory.dmp	upx
behavioral2/files/0x0007000000023418-192.dat	upx
behavioral2/files/0x0007000000023417-190.dat	upx
behavioral2/files/0x0007000000023414-182.dat	upx
behavioral2/files/0x0007000000023413-178.dat	upx
behavioral2/memory/3272-177-0x00007FF64E600000-0x00007FF64E954000-memory.dmp	upx
behavioral2/memory/2196-161-0x00007FF667700000-0x00007FF667A54000-memory.dmp	upx
behavioral2/memory/4988-155-0x00007FF669820000-0x00007FF669B74000-memory.dmp	upx
behavioral2/files/0x000700000002340e-151.dat	upx
behavioral2/memory/1996-150-0x00007FF6EC040000-0x00007FF6EC394000-memory.dmp	upx
behavioral2/memory/644-145-0x00007FF6051A0000-0x00007FF6054F4000-memory.dmp	upx
behavioral2/memory/4404-141-0x00007FF78F600000-0x00007FF78F954000-memory.dmp	upx
behavioral2/memory/1480-137-0x00007FF690F80000-0x00007FF6912D4000-memory.dmp	upx
behavioral2/files/0x000700000002340d-138.dat	upx
behavioral2/files/0x000700000002340c-133.dat	upx
behavioral2/files/0x00080000000233f6-123.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AiImMOZ.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\EfQbktP.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\SkBeFqf.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\LhnDIql.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\cqJQSBV.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\Mujbrpw.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\pHHGgkN.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\utdhHtQ.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\EZNknDG.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\mTrScNv.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\VMQHdjr.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\ecEpmse.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\SOJFfay.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\UmNnWxY.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\QOhcBgL.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\rRIycvu.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\acKvHZl.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\evDoWok.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\gHVFHrC.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\osdEKwO.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\qwbgahG.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\yqyOGQM.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\cDZLnUj.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\dLviaZV.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\APYGHIC.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\MxrfoLg.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\odJugFP.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\YUMVWLD.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\oREsQam.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\XYwQnqx.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\PxCfLyG.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\KpZduLN.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\HBZBFRf.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\CKGRNCK.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\hssoJFU.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\gaPDTOW.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\aRRnysd.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\gqMjnHL.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\kXoxLzG.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\zipHNTC.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\qxVAdOH.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\UjPtDNq.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\LmUlYJI.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\ncGlbfv.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\xgDtYtZ.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\AioYcim.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\TzXKbQm.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\UYXsJte.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\mimddwP.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\fVlvJbt.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\rWztkRE.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\yyAozPn.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\WNcxOlr.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\MmIiEkI.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\wsQzFwZ.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\vjbknjJ.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\KtuCtYD.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\yHtqRNw.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\bDBfGxn.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\VgosChR.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\GLCQxzk.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\hcvncVF.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\HNHmgLA.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
File created	C:\Windows\System\OtlyTvL.exe	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14936	dwm.exe
Token: SeChangeNotifyPrivilege	14936	dwm.exe
Token: 33	14936	dwm.exe
Token: SeIncBasePriorityPrivilege	14936	dwm.exe
Token: SeShutdownPrivilege	14936	dwm.exe
Token: SeCreatePagefilePrivilege	14936	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 2364	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	84
PID 4904 wrote to memory of 2364	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	84
PID 4904 wrote to memory of 4716	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	85
PID 4904 wrote to memory of 4716	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	85
PID 4904 wrote to memory of 1264	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	86
PID 4904 wrote to memory of 1264	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	86
PID 4904 wrote to memory of 3948	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	87
PID 4904 wrote to memory of 3948	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	87
PID 4904 wrote to memory of 224	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	88
PID 4904 wrote to memory of 224	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	88
PID 4904 wrote to memory of 4200	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	89
PID 4904 wrote to memory of 4200	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	89
PID 4904 wrote to memory of 1932	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	90
PID 4904 wrote to memory of 1932	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	90
PID 4904 wrote to memory of 4076	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	91
PID 4904 wrote to memory of 4076	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	91
PID 4904 wrote to memory of 1616	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	92
PID 4904 wrote to memory of 1616	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	92
PID 4904 wrote to memory of 5104	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	93
PID 4904 wrote to memory of 5104	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	93
PID 4904 wrote to memory of 2192	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	94
PID 4904 wrote to memory of 2192	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	94
PID 4904 wrote to memory of 3104	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	95
PID 4904 wrote to memory of 3104	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	95
PID 4904 wrote to memory of 3432	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	96
PID 4904 wrote to memory of 3432	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	96
PID 4904 wrote to memory of 2280	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	97
PID 4904 wrote to memory of 2280	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	97
PID 4904 wrote to memory of 1092	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	98
PID 4904 wrote to memory of 1092	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	98
PID 4904 wrote to memory of 3956	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	99
PID 4904 wrote to memory of 3956	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	99
PID 4904 wrote to memory of 4600	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	100
PID 4904 wrote to memory of 4600	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	100
PID 4904 wrote to memory of 3760	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	101
PID 4904 wrote to memory of 3760	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	101
PID 4904 wrote to memory of 644	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	102
PID 4904 wrote to memory of 644	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	102
PID 4904 wrote to memory of 4780	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	103
PID 4904 wrote to memory of 4780	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	103
PID 4904 wrote to memory of 1996	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	104
PID 4904 wrote to memory of 1996	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	104
PID 4904 wrote to memory of 1480	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	105
PID 4904 wrote to memory of 1480	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	105
PID 4904 wrote to memory of 4404	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	106
PID 4904 wrote to memory of 4404	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	106
PID 4904 wrote to memory of 4988	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	107
PID 4904 wrote to memory of 4988	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	107
PID 4904 wrote to memory of 3272	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	108
PID 4904 wrote to memory of 3272	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	108
PID 4904 wrote to memory of 3100	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	109
PID 4904 wrote to memory of 3100	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	109
PID 4904 wrote to memory of 2196	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	110
PID 4904 wrote to memory of 2196	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	110
PID 4904 wrote to memory of 3680	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	111
PID 4904 wrote to memory of 3680	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	111
PID 4904 wrote to memory of 1800	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	112
PID 4904 wrote to memory of 1800	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	112
PID 4904 wrote to memory of 1648	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	113
PID 4904 wrote to memory of 1648	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	113
PID 4904 wrote to memory of 3096	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	114
PID 4904 wrote to memory of 3096	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	114
PID 4904 wrote to memory of 3216	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	115
PID 4904 wrote to memory of 3216	4904	337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\337dc9fc0f98405d032a9da6616c2a9f54331d6f2604ac55c2f9eeba45ea7df2_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Windows\System\cqJQSBV.exe
  C:\Windows\System\cqJQSBV.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\FgyFZoW.exe
  C:\Windows\System\FgyFZoW.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\qMpoCiO.exe
  C:\Windows\System\qMpoCiO.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\MmMkjtM.exe
  C:\Windows\System\MmMkjtM.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\txwDuwK.exe
  C:\Windows\System\txwDuwK.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\rVTHnvg.exe
  C:\Windows\System\rVTHnvg.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\xgDtYtZ.exe
  C:\Windows\System\xgDtYtZ.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\lGemSZg.exe
  C:\Windows\System\lGemSZg.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\bjowdbY.exe
  C:\Windows\System\bjowdbY.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\rtdhzDK.exe
  C:\Windows\System\rtdhzDK.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\hUFgGmZ.exe
  C:\Windows\System\hUFgGmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\yHtqRNw.exe
  C:\Windows\System\yHtqRNw.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\GTuQXmZ.exe
  C:\Windows\System\GTuQXmZ.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\jiFfdxC.exe
  C:\Windows\System\jiFfdxC.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\HUVcDPx.exe
  C:\Windows\System\HUVcDPx.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\evDoWok.exe
  C:\Windows\System\evDoWok.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\AFkYnWD.exe
  C:\Windows\System\AFkYnWD.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\gVJNclX.exe
  C:\Windows\System\gVJNclX.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\HBZBFRf.exe
  C:\Windows\System\HBZBFRf.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\xjAjGtx.exe
  C:\Windows\System\xjAjGtx.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\QoRIkit.exe
  C:\Windows\System\QoRIkit.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\ytJwHGH.exe
  C:\Windows\System\ytJwHGH.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\yqyQlCk.exe
  C:\Windows\System\yqyQlCk.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\QXxRtye.exe
  C:\Windows\System\QXxRtye.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\NMOWrOm.exe
  C:\Windows\System\NMOWrOm.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\wHAeWWl.exe
  C:\Windows\System\wHAeWWl.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\GqsUrad.exe
  C:\Windows\System\GqsUrad.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\mgliMXE.exe
  C:\Windows\System\mgliMXE.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\uTGiTrM.exe
  C:\Windows\System\uTGiTrM.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\NtpIfOg.exe
  C:\Windows\System\NtpIfOg.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\fVlvJbt.exe
  C:\Windows\System\fVlvJbt.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\phByKee.exe
  C:\Windows\System\phByKee.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\vbAynvT.exe
  C:\Windows\System\vbAynvT.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\DdqOfBU.exe
  C:\Windows\System\DdqOfBU.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\akeFFbT.exe
  C:\Windows\System\akeFFbT.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\kNwrMEq.exe
  C:\Windows\System\kNwrMEq.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\bRhkLsv.exe
  C:\Windows\System\bRhkLsv.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\fLgKgMC.exe
  C:\Windows\System\fLgKgMC.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\bfsnJsV.exe
  C:\Windows\System\bfsnJsV.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\EmLjhiJ.exe
  C:\Windows\System\EmLjhiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\CSpJPCT.exe
  C:\Windows\System\CSpJPCT.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\GbGYJep.exe
  C:\Windows\System\GbGYJep.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\LjdYujO.exe
  C:\Windows\System\LjdYujO.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\zidwTzB.exe
  C:\Windows\System\zidwTzB.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\tfZIwnY.exe
  C:\Windows\System\tfZIwnY.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\CEPKPaN.exe
  C:\Windows\System\CEPKPaN.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\yTSGLhz.exe
  C:\Windows\System\yTSGLhz.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\gHVFHrC.exe
  C:\Windows\System\gHVFHrC.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\eaZNbqd.exe
  C:\Windows\System\eaZNbqd.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\osQhPud.exe
  C:\Windows\System\osQhPud.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\vHGCbjl.exe
  C:\Windows\System\vHGCbjl.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\dzLiOeX.exe
  C:\Windows\System\dzLiOeX.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\osdEKwO.exe
  C:\Windows\System\osdEKwO.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\RPsNqqA.exe
  C:\Windows\System\RPsNqqA.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\UTdSoBr.exe
  C:\Windows\System\UTdSoBr.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\ZgqpdMU.exe
  C:\Windows\System\ZgqpdMU.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\RkKlqPP.exe
  C:\Windows\System\RkKlqPP.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\vcGVkdX.exe
  C:\Windows\System\vcGVkdX.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\NzamLry.exe
  C:\Windows\System\NzamLry.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\kbiezzb.exe
  C:\Windows\System\kbiezzb.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\CIsgtgs.exe
  C:\Windows\System\CIsgtgs.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\MlaLLnK.exe
  C:\Windows\System\MlaLLnK.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\ejwjvDv.exe
  C:\Windows\System\ejwjvDv.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\YgSygSM.exe
  C:\Windows\System\YgSygSM.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\lInxaqK.exe
  C:\Windows\System\lInxaqK.exe
  2⤵
  PID:5008
- C:\Windows\System\GHNIRqg.exe
  C:\Windows\System\GHNIRqg.exe
  2⤵
  PID:3964
- C:\Windows\System\wImYPMO.exe
  C:\Windows\System\wImYPMO.exe
  2⤵
  PID:2512
- C:\Windows\System\kAlYyOX.exe
  C:\Windows\System\kAlYyOX.exe
  2⤵
  PID:1064
- C:\Windows\System\utdhHtQ.exe
  C:\Windows\System\utdhHtQ.exe
  2⤵
  PID:1356
- C:\Windows\System\SRhpzSA.exe
  C:\Windows\System\SRhpzSA.exe
  2⤵
  PID:1644
- C:\Windows\System\bMgFiVU.exe
  C:\Windows\System\bMgFiVU.exe
  2⤵
  PID:4660
- C:\Windows\System\mMGNluv.exe
  C:\Windows\System\mMGNluv.exe
  2⤵
  PID:892
- C:\Windows\System\gODXwPe.exe
  C:\Windows\System\gODXwPe.exe
  2⤵
  PID:3984
- C:\Windows\System\nTnKtzP.exe
  C:\Windows\System\nTnKtzP.exe
  2⤵
  PID:1328
- C:\Windows\System\KZnYpcM.exe
  C:\Windows\System\KZnYpcM.exe
  2⤵
  PID:1964
- C:\Windows\System\douWmQp.exe
  C:\Windows\System\douWmQp.exe
  2⤵
  PID:2240
- C:\Windows\System\VDHBNRh.exe
  C:\Windows\System\VDHBNRh.exe
  2⤵
  PID:1584
- C:\Windows\System\tvfmvrY.exe
  C:\Windows\System\tvfmvrY.exe
  2⤵
  PID:60
- C:\Windows\System\bDBfGxn.exe
  C:\Windows\System\bDBfGxn.exe
  2⤵
  PID:2764
- C:\Windows\System\AMHEBfE.exe
  C:\Windows\System\AMHEBfE.exe
  2⤵
  PID:868
- C:\Windows\System\VgosChR.exe
  C:\Windows\System\VgosChR.exe
  2⤵
  PID:4784
- C:\Windows\System\DhZEMpY.exe
  C:\Windows\System\DhZEMpY.exe
  2⤵
  PID:4128
- C:\Windows\System\iwYmCkE.exe
  C:\Windows\System\iwYmCkE.exe
  2⤵
  PID:2532
- C:\Windows\System\vgJPdmf.exe
  C:\Windows\System\vgJPdmf.exe
  2⤵
  PID:2392
- C:\Windows\System\WIlEpjt.exe
  C:\Windows\System\WIlEpjt.exe
  2⤵
  PID:3188
- C:\Windows\System\xeyktbQ.exe
  C:\Windows\System\xeyktbQ.exe
  2⤵
  PID:3976
- C:\Windows\System\VwmKeFM.exe
  C:\Windows\System\VwmKeFM.exe
  2⤵
  PID:4396
- C:\Windows\System\MCOOEpg.exe
  C:\Windows\System\MCOOEpg.exe
  2⤵
  PID:4244
- C:\Windows\System\XxfYuwC.exe
  C:\Windows\System\XxfYuwC.exe
  2⤵
  PID:2620
- C:\Windows\System\TPfoqQO.exe
  C:\Windows\System\TPfoqQO.exe
  2⤵
  PID:1600
- C:\Windows\System\WdYeQSx.exe
  C:\Windows\System\WdYeQSx.exe
  2⤵
  PID:3252
- C:\Windows\System\uqxgAPO.exe
  C:\Windows\System\uqxgAPO.exe
  2⤵
  PID:4384
- C:\Windows\System\CgEVxvL.exe
  C:\Windows\System\CgEVxvL.exe
  2⤵
  PID:948
- C:\Windows\System\ofqGRrr.exe
  C:\Windows\System\ofqGRrr.exe
  2⤵
  PID:5132
- C:\Windows\System\HpXYPjc.exe
  C:\Windows\System\HpXYPjc.exe
  2⤵
  PID:5164
- C:\Windows\System\kaZjMVg.exe
  C:\Windows\System\kaZjMVg.exe
  2⤵
  PID:5184
- C:\Windows\System\mkIWGFr.exe
  C:\Windows\System\mkIWGFr.exe
  2⤵
  PID:5212
- C:\Windows\System\ecEpmse.exe
  C:\Windows\System\ecEpmse.exe
  2⤵
  PID:5240
- C:\Windows\System\rUGwprj.exe
  C:\Windows\System\rUGwprj.exe
  2⤵
  PID:5276
- C:\Windows\System\SreVNxQ.exe
  C:\Windows\System\SreVNxQ.exe
  2⤵
  PID:5292
- C:\Windows\System\YnYTpdL.exe
  C:\Windows\System\YnYTpdL.exe
  2⤵
  PID:5328
- C:\Windows\System\APYGHIC.exe
  C:\Windows\System\APYGHIC.exe
  2⤵
  PID:5360
- C:\Windows\System\NItLnTR.exe
  C:\Windows\System\NItLnTR.exe
  2⤵
  PID:5408
- C:\Windows\System\LdjhbZR.exe
  C:\Windows\System\LdjhbZR.exe
  2⤵
  PID:5428
- C:\Windows\System\yHDQbFT.exe
  C:\Windows\System\yHDQbFT.exe
  2⤵
  PID:5468
- C:\Windows\System\isMvlZI.exe
  C:\Windows\System\isMvlZI.exe
  2⤵
  PID:5484
- C:\Windows\System\gqoMrcv.exe
  C:\Windows\System\gqoMrcv.exe
  2⤵
  PID:5528
- C:\Windows\System\FIaPJgr.exe
  C:\Windows\System\FIaPJgr.exe
  2⤵
  PID:5560
- C:\Windows\System\GLCQxzk.exe
  C:\Windows\System\GLCQxzk.exe
  2⤵
  PID:5584
- C:\Windows\System\XKBdOqb.exe
  C:\Windows\System\XKBdOqb.exe
  2⤵
  PID:5608
- C:\Windows\System\odPfATQ.exe
  C:\Windows\System\odPfATQ.exe
  2⤵
  PID:5652
- C:\Windows\System\aaqeDch.exe
  C:\Windows\System\aaqeDch.exe
  2⤵
  PID:5680
- C:\Windows\System\toaqAJW.exe
  C:\Windows\System\toaqAJW.exe
  2⤵
  PID:5712
- C:\Windows\System\ucfGPCC.exe
  C:\Windows\System\ucfGPCC.exe
  2⤵
  PID:5736
- C:\Windows\System\MDItaLz.exe
  C:\Windows\System\MDItaLz.exe
  2⤵
  PID:5764
- C:\Windows\System\QfdIMrg.exe
  C:\Windows\System\QfdIMrg.exe
  2⤵
  PID:5784
- C:\Windows\System\rWztkRE.exe
  C:\Windows\System\rWztkRE.exe
  2⤵
  PID:5824
- C:\Windows\System\hXKHoXc.exe
  C:\Windows\System\hXKHoXc.exe
  2⤵
  PID:5852
- C:\Windows\System\mBxtqeA.exe
  C:\Windows\System\mBxtqeA.exe
  2⤵
  PID:5880
- C:\Windows\System\PMiFMQz.exe
  C:\Windows\System\PMiFMQz.exe
  2⤵
  PID:5908
- C:\Windows\System\zaEGdYE.exe
  C:\Windows\System\zaEGdYE.exe
  2⤵
  PID:5944
- C:\Windows\System\PqijSbK.exe
  C:\Windows\System\PqijSbK.exe
  2⤵
  PID:5964
- C:\Windows\System\RcjVGrz.exe
  C:\Windows\System\RcjVGrz.exe
  2⤵
  PID:5996
- C:\Windows\System\zORowJa.exe
  C:\Windows\System\zORowJa.exe
  2⤵
  PID:6024
- C:\Windows\System\WJaqPKP.exe
  C:\Windows\System\WJaqPKP.exe
  2⤵
  PID:6040
- C:\Windows\System\qwbgahG.exe
  C:\Windows\System\qwbgahG.exe
  2⤵
  PID:6056
- C:\Windows\System\vuYqLjh.exe
  C:\Windows\System\vuYqLjh.exe
  2⤵
  PID:6072
- C:\Windows\System\HQnhDoM.exe
  C:\Windows\System\HQnhDoM.exe
  2⤵
  PID:6100
- C:\Windows\System\OdRygok.exe
  C:\Windows\System\OdRygok.exe
  2⤵
  PID:6132
- C:\Windows\System\UeLOwnZ.exe
  C:\Windows\System\UeLOwnZ.exe
  2⤵
  PID:2156
- C:\Windows\System\bJtBEFj.exe
  C:\Windows\System\bJtBEFj.exe
  2⤵
  PID:5228
- C:\Windows\System\eFtctoR.exe
  C:\Windows\System\eFtctoR.exe
  2⤵
  PID:2792
- C:\Windows\System\AZNefkT.exe
  C:\Windows\System\AZNefkT.exe
  2⤵
  PID:5288
- C:\Windows\System\UMULZbT.exe
  C:\Windows\System\UMULZbT.exe
  2⤵
  PID:5384
- C:\Windows\System\IrxUZLk.exe
  C:\Windows\System\IrxUZLk.exe
  2⤵
  PID:5480
- C:\Windows\System\cLFVvOn.exe
  C:\Windows\System\cLFVvOn.exe
  2⤵
  PID:5544
- C:\Windows\System\owGeVsv.exe
  C:\Windows\System\owGeVsv.exe
  2⤵
  PID:5620
- C:\Windows\System\gdmSadM.exe
  C:\Windows\System\gdmSadM.exe
  2⤵
  PID:5672
- C:\Windows\System\TKkYrcX.exe
  C:\Windows\System\TKkYrcX.exe
  2⤵
  PID:5732
- C:\Windows\System\LbStwPs.exe
  C:\Windows\System\LbStwPs.exe
  2⤵
  PID:5776
- C:\Windows\System\YHfgZKh.exe
  C:\Windows\System\YHfgZKh.exe
  2⤵
  PID:5872
- C:\Windows\System\yaGpLCn.exe
  C:\Windows\System\yaGpLCn.exe
  2⤵
  PID:5904
- C:\Windows\System\KExSNkX.exe
  C:\Windows\System\KExSNkX.exe
  2⤵
  PID:6008
- C:\Windows\System\yqyOGQM.exe
  C:\Windows\System\yqyOGQM.exe
  2⤵
  PID:6052
- C:\Windows\System\qCAThcg.exe
  C:\Windows\System\qCAThcg.exe
  2⤵
  PID:2560
- C:\Windows\System\MxrfoLg.exe
  C:\Windows\System\MxrfoLg.exe
  2⤵
  PID:5208
- C:\Windows\System\hMmnlYS.exe
  C:\Windows\System\hMmnlYS.exe
  2⤵
  PID:5272
- C:\Windows\System\fgFbhrL.exe
  C:\Windows\System\fgFbhrL.exe
  2⤵
  PID:5440
- C:\Windows\System\ehsFQgB.exe
  C:\Windows\System\ehsFQgB.exe
  2⤵
  PID:5664
- C:\Windows\System\naCMVNX.exe
  C:\Windows\System\naCMVNX.exe
  2⤵
  PID:5752
- C:\Windows\System\HEqtgEN.exe
  C:\Windows\System\HEqtgEN.exe
  2⤵
  PID:5932
- C:\Windows\System\saGdzXH.exe
  C:\Windows\System\saGdzXH.exe
  2⤵
  PID:6064
- C:\Windows\System\MRthlYR.exe
  C:\Windows\System\MRthlYR.exe
  2⤵
  PID:5012
- C:\Windows\System\jgwqllP.exe
  C:\Windows\System\jgwqllP.exe
  2⤵
  PID:5720
- C:\Windows\System\LJGfMho.exe
  C:\Windows\System\LJGfMho.exe
  2⤵
  PID:5900
- C:\Windows\System\wXcqWsj.exe
  C:\Windows\System\wXcqWsj.exe
  2⤵
  PID:5152
- C:\Windows\System\kBVeebm.exe
  C:\Windows\System\kBVeebm.exe
  2⤵
  PID:5864
- C:\Windows\System\BsErzfM.exe
  C:\Windows\System\BsErzfM.exe
  2⤵
  PID:6180
- C:\Windows\System\yPFtZzh.exe
  C:\Windows\System\yPFtZzh.exe
  2⤵
  PID:6220
- C:\Windows\System\HELrJfy.exe
  C:\Windows\System\HELrJfy.exe
  2⤵
  PID:6252
- C:\Windows\System\IdPomXR.exe
  C:\Windows\System\IdPomXR.exe
  2⤵
  PID:6296
- C:\Windows\System\voBdBmX.exe
  C:\Windows\System\voBdBmX.exe
  2⤵
  PID:6316
- C:\Windows\System\xhMMVNQ.exe
  C:\Windows\System\xhMMVNQ.exe
  2⤵
  PID:6332
- C:\Windows\System\yfNPbAV.exe
  C:\Windows\System\yfNPbAV.exe
  2⤵
  PID:6372
- C:\Windows\System\HGogXzb.exe
  C:\Windows\System\HGogXzb.exe
  2⤵
  PID:6408
- C:\Windows\System\odJugFP.exe
  C:\Windows\System\odJugFP.exe
  2⤵
  PID:6428
- C:\Windows\System\msOhPGm.exe
  C:\Windows\System\msOhPGm.exe
  2⤵
  PID:6464
- C:\Windows\System\MUJFJSt.exe
  C:\Windows\System\MUJFJSt.exe
  2⤵
  PID:6496
- C:\Windows\System\GmmqEZZ.exe
  C:\Windows\System\GmmqEZZ.exe
  2⤵
  PID:6520
- C:\Windows\System\kpNDTGT.exe
  C:\Windows\System\kpNDTGT.exe
  2⤵
  PID:6540
- C:\Windows\System\nmmtXQN.exe
  C:\Windows\System\nmmtXQN.exe
  2⤵
  PID:6576
- C:\Windows\System\vRLKQRP.exe
  C:\Windows\System\vRLKQRP.exe
  2⤵
  PID:6604
- C:\Windows\System\ozlxpeg.exe
  C:\Windows\System\ozlxpeg.exe
  2⤵
  PID:6636
- C:\Windows\System\kmQjOrQ.exe
  C:\Windows\System\kmQjOrQ.exe
  2⤵
  PID:6660
- C:\Windows\System\YSpjCiw.exe
  C:\Windows\System\YSpjCiw.exe
  2⤵
  PID:6692
- C:\Windows\System\dGWZaVH.exe
  C:\Windows\System\dGWZaVH.exe
  2⤵
  PID:6712
- C:\Windows\System\vxomOow.exe
  C:\Windows\System\vxomOow.exe
  2⤵
  PID:6732
- C:\Windows\System\tdYBjOD.exe
  C:\Windows\System\tdYBjOD.exe
  2⤵
  PID:6772
- C:\Windows\System\OLRVtRF.exe
  C:\Windows\System\OLRVtRF.exe
  2⤵
  PID:6804
- C:\Windows\System\fuwxORj.exe
  C:\Windows\System\fuwxORj.exe
  2⤵
  PID:6828
- C:\Windows\System\PtHYBku.exe
  C:\Windows\System\PtHYBku.exe
  2⤵
  PID:6856
- C:\Windows\System\pmdoKRS.exe
  C:\Windows\System\pmdoKRS.exe
  2⤵
  PID:6896
- C:\Windows\System\QfFyVsX.exe
  C:\Windows\System\QfFyVsX.exe
  2⤵
  PID:6916
- C:\Windows\System\WwpviLN.exe
  C:\Windows\System\WwpviLN.exe
  2⤵
  PID:6932
- C:\Windows\System\rzisWik.exe
  C:\Windows\System\rzisWik.exe
  2⤵
  PID:6948
- C:\Windows\System\vhEfOft.exe
  C:\Windows\System\vhEfOft.exe
  2⤵
  PID:6964
- C:\Windows\System\bCWSzxY.exe
  C:\Windows\System\bCWSzxY.exe
  2⤵
  PID:6988
- C:\Windows\System\FNBmGRE.exe
  C:\Windows\System\FNBmGRE.exe
  2⤵
  PID:7012
- C:\Windows\System\mLlinOZ.exe
  C:\Windows\System\mLlinOZ.exe
  2⤵
  PID:7052
- C:\Windows\System\HCIetFM.exe
  C:\Windows\System\HCIetFM.exe
  2⤵
  PID:7088
- C:\Windows\System\zIohQTR.exe
  C:\Windows\System\zIohQTR.exe
  2⤵
  PID:7116
- C:\Windows\System\MMWJqdR.exe
  C:\Windows\System\MMWJqdR.exe
  2⤵
  PID:7156
- C:\Windows\System\ecfjGCd.exe
  C:\Windows\System\ecfjGCd.exe
  2⤵
  PID:6216
- C:\Windows\System\TmqlGmX.exe
  C:\Windows\System\TmqlGmX.exe
  2⤵
  PID:6268
- C:\Windows\System\QSyEbZI.exe
  C:\Windows\System\QSyEbZI.exe
  2⤵
  PID:6324
- C:\Windows\System\olaHSrs.exe
  C:\Windows\System\olaHSrs.exe
  2⤵
  PID:6404
- C:\Windows\System\bCGMdqF.exe
  C:\Windows\System\bCGMdqF.exe
  2⤵
  PID:6484
- C:\Windows\System\GuOlYAD.exe
  C:\Windows\System\GuOlYAD.exe
  2⤵
  PID:6572
- C:\Windows\System\NMKHNZf.exe
  C:\Windows\System\NMKHNZf.exe
  2⤵
  PID:6624
- C:\Windows\System\kPHzsFu.exe
  C:\Windows\System\kPHzsFu.exe
  2⤵
  PID:6672
- C:\Windows\System\QJAgGaS.exe
  C:\Windows\System\QJAgGaS.exe
  2⤵
  PID:6756
- C:\Windows\System\ChsLCyt.exe
  C:\Windows\System\ChsLCyt.exe
  2⤵
  PID:6796
- C:\Windows\System\OUSPBLL.exe
  C:\Windows\System\OUSPBLL.exe
  2⤵
  PID:6872
- C:\Windows\System\oVzUXqp.exe
  C:\Windows\System\oVzUXqp.exe
  2⤵
  PID:6944
- C:\Windows\System\ZAdowvt.exe
  C:\Windows\System\ZAdowvt.exe
  2⤵
  PID:6940
- C:\Windows\System\ecsDEhd.exe
  C:\Windows\System\ecsDEhd.exe
  2⤵
  PID:7008
- C:\Windows\System\EZNknDG.exe
  C:\Windows\System\EZNknDG.exe
  2⤵
  PID:7140
- C:\Windows\System\SYGeXzB.exe
  C:\Windows\System\SYGeXzB.exe
  2⤵
  PID:6304
- C:\Windows\System\VuEFOHq.exe
  C:\Windows\System\VuEFOHq.exe
  2⤵
  PID:6384
- C:\Windows\System\VWjBDsR.exe
  C:\Windows\System\VWjBDsR.exe
  2⤵
  PID:6548
- C:\Windows\System\mkSrvYA.exe
  C:\Windows\System\mkSrvYA.exe
  2⤵
  PID:6652
- C:\Windows\System\HOaLLFV.exe
  C:\Windows\System\HOaLLFV.exe
  2⤵
  PID:6784
- C:\Windows\System\SOJFfay.exe
  C:\Windows\System\SOJFfay.exe
  2⤵
  PID:6960
- C:\Windows\System\UsHIvvQ.exe
  C:\Windows\System\UsHIvvQ.exe
  2⤵
  PID:7100
- C:\Windows\System\FKqWMBN.exe
  C:\Windows\System\FKqWMBN.exe
  2⤵
  PID:6424
- C:\Windows\System\uHwGlXO.exe
  C:\Windows\System\uHwGlXO.exe
  2⤵
  PID:6744
- C:\Windows\System\ofSGOwV.exe
  C:\Windows\System\ofSGOwV.exe
  2⤵
  PID:6596
- C:\Windows\System\Mujbrpw.exe
  C:\Windows\System\Mujbrpw.exe
  2⤵
  PID:6308
- C:\Windows\System\lNSYLnw.exe
  C:\Windows\System\lNSYLnw.exe
  2⤵
  PID:7188
- C:\Windows\System\eTgMMGd.exe
  C:\Windows\System\eTgMMGd.exe
  2⤵
  PID:7204
- C:\Windows\System\HvDBCMt.exe
  C:\Windows\System\HvDBCMt.exe
  2⤵
  PID:7244
- C:\Windows\System\KnFUfZH.exe
  C:\Windows\System\KnFUfZH.exe
  2⤵
  PID:7264
- C:\Windows\System\wUnhYPQ.exe
  C:\Windows\System\wUnhYPQ.exe
  2⤵
  PID:7288
- C:\Windows\System\pnfcCHh.exe
  C:\Windows\System\pnfcCHh.exe
  2⤵
  PID:7316
- C:\Windows\System\yUPHDeJ.exe
  C:\Windows\System\yUPHDeJ.exe
  2⤵
  PID:7356
- C:\Windows\System\MIfzHuJ.exe
  C:\Windows\System\MIfzHuJ.exe
  2⤵
  PID:7384
- C:\Windows\System\AiImMOZ.exe
  C:\Windows\System\AiImMOZ.exe
  2⤵
  PID:7412
- C:\Windows\System\yyAozPn.exe
  C:\Windows\System\yyAozPn.exe
  2⤵
  PID:7440
- C:\Windows\System\zlvjjlj.exe
  C:\Windows\System\zlvjjlj.exe
  2⤵
  PID:7476
- C:\Windows\System\WGBpVuD.exe
  C:\Windows\System\WGBpVuD.exe
  2⤵
  PID:7496
- C:\Windows\System\aCLMHjW.exe
  C:\Windows\System\aCLMHjW.exe
  2⤵
  PID:7524
- C:\Windows\System\CIFWZSU.exe
  C:\Windows\System\CIFWZSU.exe
  2⤵
  PID:7552
- C:\Windows\System\pAtUCVx.exe
  C:\Windows\System\pAtUCVx.exe
  2⤵
  PID:7580
- C:\Windows\System\TyjFxSy.exe
  C:\Windows\System\TyjFxSy.exe
  2⤵
  PID:7608
- C:\Windows\System\CKGRNCK.exe
  C:\Windows\System\CKGRNCK.exe
  2⤵
  PID:7636
- C:\Windows\System\DQwtTyt.exe
  C:\Windows\System\DQwtTyt.exe
  2⤵
  PID:7652
- C:\Windows\System\jseBcAY.exe
  C:\Windows\System\jseBcAY.exe
  2⤵
  PID:7692
- C:\Windows\System\LJKxPEq.exe
  C:\Windows\System\LJKxPEq.exe
  2⤵
  PID:7724
- C:\Windows\System\wtjIuml.exe
  C:\Windows\System\wtjIuml.exe
  2⤵
  PID:7744
- C:\Windows\System\lnraccK.exe
  C:\Windows\System\lnraccK.exe
  2⤵
  PID:7768
- C:\Windows\System\QgWLKoJ.exe
  C:\Windows\System\QgWLKoJ.exe
  2⤵
  PID:7792
- C:\Windows\System\RirBRgE.exe
  C:\Windows\System\RirBRgE.exe
  2⤵
  PID:7820
- C:\Windows\System\FLkwfOD.exe
  C:\Windows\System\FLkwfOD.exe
  2⤵
  PID:7852
- C:\Windows\System\UkPTqHQ.exe
  C:\Windows\System\UkPTqHQ.exe
  2⤵
  PID:7888
- C:\Windows\System\UsxQtyw.exe
  C:\Windows\System\UsxQtyw.exe
  2⤵
  PID:7904
- C:\Windows\System\sIUayPv.exe
  C:\Windows\System\sIUayPv.exe
  2⤵
  PID:7948
- C:\Windows\System\JzSoJOo.exe
  C:\Windows\System\JzSoJOo.exe
  2⤵
  PID:7976
- C:\Windows\System\ytCCPwE.exe
  C:\Windows\System\ytCCPwE.exe
  2⤵
  PID:8012
- C:\Windows\System\XanBDgx.exe
  C:\Windows\System\XanBDgx.exe
  2⤵
  PID:8032
- C:\Windows\System\NBIUyOo.exe
  C:\Windows\System\NBIUyOo.exe
  2⤵
  PID:8072
- C:\Windows\System\lRTxTmy.exe
  C:\Windows\System\lRTxTmy.exe
  2⤵
  PID:8096
- C:\Windows\System\PWBANZI.exe
  C:\Windows\System\PWBANZI.exe
  2⤵
  PID:8116
- C:\Windows\System\bNfEvFF.exe
  C:\Windows\System\bNfEvFF.exe
  2⤵
  PID:8140
- C:\Windows\System\TPibeUh.exe
  C:\Windows\System\TPibeUh.exe
  2⤵
  PID:8172
- C:\Windows\System\DUcTijH.exe
  C:\Windows\System\DUcTijH.exe
  2⤵
  PID:6344
- C:\Windows\System\hcvncVF.exe
  C:\Windows\System\hcvncVF.exe
  2⤵
  PID:7228
- C:\Windows\System\IiZvadJ.exe
  C:\Windows\System\IiZvadJ.exe
  2⤵
  PID:7308
- C:\Windows\System\vLMOzoB.exe
  C:\Windows\System\vLMOzoB.exe
  2⤵
  PID:7376
- C:\Windows\System\SXtBKoR.exe
  C:\Windows\System\SXtBKoR.exe
  2⤵
  PID:7452
- C:\Windows\System\VHXTgqy.exe
  C:\Windows\System\VHXTgqy.exe
  2⤵
  PID:7508
- C:\Windows\System\bISHrnX.exe
  C:\Windows\System\bISHrnX.exe
  2⤵
  PID:7576
- C:\Windows\System\OiBOoVC.exe
  C:\Windows\System\OiBOoVC.exe
  2⤵
  PID:7620
- C:\Windows\System\YUMVWLD.exe
  C:\Windows\System\YUMVWLD.exe
  2⤵
  PID:2752
- C:\Windows\System\ovavoKi.exe
  C:\Windows\System\ovavoKi.exe
  2⤵
  PID:7736
- C:\Windows\System\KILqhJg.exe
  C:\Windows\System\KILqhJg.exe
  2⤵
  PID:7812
- C:\Windows\System\JxXetBu.exe
  C:\Windows\System\JxXetBu.exe
  2⤵
  PID:7840
- C:\Windows\System\mXrzFpD.exe
  C:\Windows\System\mXrzFpD.exe
  2⤵
  PID:7924
- C:\Windows\System\EuwuAWo.exe
  C:\Windows\System\EuwuAWo.exe
  2⤵
  PID:7992
- C:\Windows\System\iNuqPZB.exe
  C:\Windows\System\iNuqPZB.exe
  2⤵
  PID:8052
- C:\Windows\System\ZUPtBZl.exe
  C:\Windows\System\ZUPtBZl.exe
  2⤵
  PID:8152
- C:\Windows\System\FTNOlrn.exe
  C:\Windows\System\FTNOlrn.exe
  2⤵
  PID:7300
- C:\Windows\System\LHlzfah.exe
  C:\Windows\System\LHlzfah.exe
  2⤵
  PID:7516
- C:\Windows\System\wsQzFwZ.exe
  C:\Windows\System\wsQzFwZ.exe
  2⤵
  PID:7600
- C:\Windows\System\IIFctzG.exe
  C:\Windows\System\IIFctzG.exe
  2⤵
  PID:7784
- C:\Windows\System\oREsQam.exe
  C:\Windows\System\oREsQam.exe
  2⤵
  PID:8024
- C:\Windows\System\WHrGZTx.exe
  C:\Windows\System\WHrGZTx.exe
  2⤵
  PID:8104
- C:\Windows\System\wUJZssW.exe
  C:\Windows\System\wUJZssW.exe
  2⤵
  PID:6904
- C:\Windows\System\UNYLRdD.exe
  C:\Windows\System\UNYLRdD.exe
  2⤵
  PID:7716
- C:\Windows\System\hYvEEZw.exe
  C:\Windows\System\hYvEEZw.exe
  2⤵
  PID:8204
- C:\Windows\System\MEzkZGA.exe
  C:\Windows\System\MEzkZGA.exe
  2⤵
  PID:8224
- C:\Windows\System\zAgDAQY.exe
  C:\Windows\System\zAgDAQY.exe
  2⤵
  PID:8252
- C:\Windows\System\LUQdkXh.exe
  C:\Windows\System\LUQdkXh.exe
  2⤵
  PID:8280
- C:\Windows\System\UmJMdLM.exe
  C:\Windows\System\UmJMdLM.exe
  2⤵
  PID:8316
- C:\Windows\System\vuUhoMu.exe
  C:\Windows\System\vuUhoMu.exe
  2⤵
  PID:8344
- C:\Windows\System\vVEtmZU.exe
  C:\Windows\System\vVEtmZU.exe
  2⤵
  PID:8368
- C:\Windows\System\eNrRpLV.exe
  C:\Windows\System\eNrRpLV.exe
  2⤵
  PID:8396
- C:\Windows\System\RzdttUN.exe
  C:\Windows\System\RzdttUN.exe
  2⤵
  PID:8436
- C:\Windows\System\XWeGdeH.exe
  C:\Windows\System\XWeGdeH.exe
  2⤵
  PID:8496
- C:\Windows\System\WNcxOlr.exe
  C:\Windows\System\WNcxOlr.exe
  2⤵
  PID:8520
- C:\Windows\System\vBYirmj.exe
  C:\Windows\System\vBYirmj.exe
  2⤵
  PID:8548
- C:\Windows\System\sxmZTum.exe
  C:\Windows\System\sxmZTum.exe
  2⤵
  PID:8564
- C:\Windows\System\EsHNbus.exe
  C:\Windows\System\EsHNbus.exe
  2⤵
  PID:8604
- C:\Windows\System\shsjzJU.exe
  C:\Windows\System\shsjzJU.exe
  2⤵
  PID:8644
- C:\Windows\System\sySsUsp.exe
  C:\Windows\System\sySsUsp.exe
  2⤵
  PID:8684
- C:\Windows\System\dfoyJYH.exe
  C:\Windows\System\dfoyJYH.exe
  2⤵
  PID:8708
- C:\Windows\System\hssoJFU.exe
  C:\Windows\System\hssoJFU.exe
  2⤵
  PID:8744
- C:\Windows\System\jFkOuKn.exe
  C:\Windows\System\jFkOuKn.exe
  2⤵
  PID:8772
- C:\Windows\System\iIAdWZN.exe
  C:\Windows\System\iIAdWZN.exe
  2⤵
  PID:8808
- C:\Windows\System\TjLFjTg.exe
  C:\Windows\System\TjLFjTg.exe
  2⤵
  PID:8836
- C:\Windows\System\PvRnBBB.exe
  C:\Windows\System\PvRnBBB.exe
  2⤵
  PID:8864
- C:\Windows\System\POllaYo.exe
  C:\Windows\System\POllaYo.exe
  2⤵
  PID:8900
- C:\Windows\System\qnBXyDj.exe
  C:\Windows\System\qnBXyDj.exe
  2⤵
  PID:8920
- C:\Windows\System\nTCojWd.exe
  C:\Windows\System\nTCojWd.exe
  2⤵
  PID:8948
- C:\Windows\System\DwjYSxM.exe
  C:\Windows\System\DwjYSxM.exe
  2⤵
  PID:8964
- C:\Windows\System\UmNnWxY.exe
  C:\Windows\System\UmNnWxY.exe
  2⤵
  PID:8992
- C:\Windows\System\CwgfnRt.exe
  C:\Windows\System\CwgfnRt.exe
  2⤵
  PID:9032
- C:\Windows\System\awZjMVZ.exe
  C:\Windows\System\awZjMVZ.exe
  2⤵
  PID:9060
- C:\Windows\System\kYWvTVH.exe
  C:\Windows\System\kYWvTVH.exe
  2⤵
  PID:9088
- C:\Windows\System\OgleAzL.exe
  C:\Windows\System\OgleAzL.exe
  2⤵
  PID:9128
- C:\Windows\System\lYbLbyZ.exe
  C:\Windows\System\lYbLbyZ.exe
  2⤵
  PID:9148
- C:\Windows\System\tWKZuxg.exe
  C:\Windows\System\tWKZuxg.exe
  2⤵
  PID:9164
- C:\Windows\System\EfQbktP.exe
  C:\Windows\System\EfQbktP.exe
  2⤵
  PID:9180
- C:\Windows\System\ChRCCXp.exe
  C:\Windows\System\ChRCCXp.exe
  2⤵
  PID:9208
- C:\Windows\System\gKWDFzz.exe
  C:\Windows\System\gKWDFzz.exe
  2⤵
  PID:3848
- C:\Windows\System\xovpbOw.exe
  C:\Windows\System\xovpbOw.exe
  2⤵
  PID:8244
- C:\Windows\System\nOFJdBN.exe
  C:\Windows\System\nOFJdBN.exe
  2⤵
  PID:8304
- C:\Windows\System\uQvXmzA.exe
  C:\Windows\System\uQvXmzA.exe
  2⤵
  PID:8416
- C:\Windows\System\PGgPYpn.exe
  C:\Windows\System\PGgPYpn.exe
  2⤵
  PID:8536
- C:\Windows\System\hPcFdpP.exe
  C:\Windows\System\hPcFdpP.exe
  2⤵
  PID:8584
- C:\Windows\System\AyHOdjS.exe
  C:\Windows\System\AyHOdjS.exe
  2⤵
  PID:8704
- C:\Windows\System\OTTLvli.exe
  C:\Windows\System\OTTLvli.exe
  2⤵
  PID:8796
- C:\Windows\System\FIbgXID.exe
  C:\Windows\System\FIbgXID.exe
  2⤵
  PID:8828
- C:\Windows\System\MWPPHBa.exe
  C:\Windows\System\MWPPHBa.exe
  2⤵
  PID:8848
- C:\Windows\System\SsspYia.exe
  C:\Windows\System\SsspYia.exe
  2⤵
  PID:8984
- C:\Windows\System\AioYcim.exe
  C:\Windows\System\AioYcim.exe
  2⤵
  PID:9000
- C:\Windows\System\WBwLNvf.exe
  C:\Windows\System\WBwLNvf.exe
  2⤵
  PID:9076
- C:\Windows\System\zipHNTC.exe
  C:\Windows\System\zipHNTC.exe
  2⤵
  PID:9136
- C:\Windows\System\KEjNrqi.exe
  C:\Windows\System\KEjNrqi.exe
  2⤵
  PID:8184
- C:\Windows\System\QCiEhoz.exe
  C:\Windows\System\QCiEhoz.exe
  2⤵
  PID:8212
- C:\Windows\System\eJxOgno.exe
  C:\Windows\System\eJxOgno.exe
  2⤵
  PID:8512
- C:\Windows\System\PKadglr.exe
  C:\Windows\System\PKadglr.exe
  2⤵
  PID:8620
- C:\Windows\System\AKmkFTZ.exe
  C:\Windows\System\AKmkFTZ.exe
  2⤵
  PID:8728
- C:\Windows\System\tDcuJHt.exe
  C:\Windows\System\tDcuJHt.exe
  2⤵
  PID:8264
- C:\Windows\System\fPdLoZe.exe
  C:\Windows\System\fPdLoZe.exe
  2⤵
  PID:8352
- C:\Windows\System\xZpsIcR.exe
  C:\Windows\System\xZpsIcR.exe
  2⤵
  PID:8764
- C:\Windows\System\VOCaxTG.exe
  C:\Windows\System\VOCaxTG.exe
  2⤵
  PID:8932
- C:\Windows\System\NOEtgoT.exe
  C:\Windows\System\NOEtgoT.exe
  2⤵
  PID:3628
- C:\Windows\System\jDJtShz.exe
  C:\Windows\System\jDJtShz.exe
  2⤵
  PID:8556
- C:\Windows\System\HegCRvw.exe
  C:\Windows\System\HegCRvw.exe
  2⤵
  PID:8956
- C:\Windows\System\cWIMAaz.exe
  C:\Windows\System\cWIMAaz.exe
  2⤵
  PID:9240
- C:\Windows\System\uqeoNQD.exe
  C:\Windows\System\uqeoNQD.exe
  2⤵
  PID:9272
- C:\Windows\System\LhRlYdV.exe
  C:\Windows\System\LhRlYdV.exe
  2⤵
  PID:9300
- C:\Windows\System\RYHoaTA.exe
  C:\Windows\System\RYHoaTA.exe
  2⤵
  PID:9332
- C:\Windows\System\QOhcBgL.exe
  C:\Windows\System\QOhcBgL.exe
  2⤵
  PID:9368
- C:\Windows\System\mkqErFl.exe
  C:\Windows\System\mkqErFl.exe
  2⤵
  PID:9404
- C:\Windows\System\murVYjj.exe
  C:\Windows\System\murVYjj.exe
  2⤵
  PID:9436
- C:\Windows\System\oDBhGqH.exe
  C:\Windows\System\oDBhGqH.exe
  2⤵
  PID:9464
- C:\Windows\System\HHhyhzx.exe
  C:\Windows\System\HHhyhzx.exe
  2⤵
  PID:9480
- C:\Windows\System\AxHvgoD.exe
  C:\Windows\System\AxHvgoD.exe
  2⤵
  PID:9496
- C:\Windows\System\pKkVzaE.exe
  C:\Windows\System\pKkVzaE.exe
  2⤵
  PID:9524
- C:\Windows\System\hdLhOyd.exe
  C:\Windows\System\hdLhOyd.exe
  2⤵
  PID:9540
- C:\Windows\System\mdiTYcu.exe
  C:\Windows\System\mdiTYcu.exe
  2⤵
  PID:9580
- C:\Windows\System\dVsahFY.exe
  C:\Windows\System\dVsahFY.exe
  2⤵
  PID:9616
- C:\Windows\System\vjbknjJ.exe
  C:\Windows\System\vjbknjJ.exe
  2⤵
  PID:9640
- C:\Windows\System\mTrScNv.exe
  C:\Windows\System\mTrScNv.exe
  2⤵
  PID:9676
- C:\Windows\System\yMeGxSn.exe
  C:\Windows\System\yMeGxSn.exe
  2⤵
  PID:9696
- C:\Windows\System\uaWhVrA.exe
  C:\Windows\System\uaWhVrA.exe
  2⤵
  PID:9712
- C:\Windows\System\hALLrTR.exe
  C:\Windows\System\hALLrTR.exe
  2⤵
  PID:9728
- C:\Windows\System\vDeAkBX.exe
  C:\Windows\System\vDeAkBX.exe
  2⤵
  PID:9756
- C:\Windows\System\hZggIWA.exe
  C:\Windows\System\hZggIWA.exe
  2⤵
  PID:9788
- C:\Windows\System\oQzoKrr.exe
  C:\Windows\System\oQzoKrr.exe
  2⤵
  PID:9812
- C:\Windows\System\jbjWCDt.exe
  C:\Windows\System\jbjWCDt.exe
  2⤵
  PID:9844
- C:\Windows\System\oobcsva.exe
  C:\Windows\System\oobcsva.exe
  2⤵
  PID:9892
- C:\Windows\System\WPKdjEo.exe
  C:\Windows\System\WPKdjEo.exe
  2⤵
  PID:9920
- C:\Windows\System\JxeoXTR.exe
  C:\Windows\System\JxeoXTR.exe
  2⤵
  PID:9936
- C:\Windows\System\AXQUBxu.exe
  C:\Windows\System\AXQUBxu.exe
  2⤵
  PID:9952
- C:\Windows\System\VMQHdjr.exe
  C:\Windows\System\VMQHdjr.exe
  2⤵
  PID:9992
- C:\Windows\System\ButzquD.exe
  C:\Windows\System\ButzquD.exe
  2⤵
  PID:10020
- C:\Windows\System\HrDqsKk.exe
  C:\Windows\System\HrDqsKk.exe
  2⤵
  PID:10056
- C:\Windows\System\UPkXXIi.exe
  C:\Windows\System\UPkXXIi.exe
  2⤵
  PID:10088
- C:\Windows\System\HqUpATX.exe
  C:\Windows\System\HqUpATX.exe
  2⤵
  PID:10120
- C:\Windows\System\MHJUJJd.exe
  C:\Windows\System\MHJUJJd.exe
  2⤵
  PID:10160
- C:\Windows\System\RpvRjex.exe
  C:\Windows\System\RpvRjex.exe
  2⤵
  PID:10184
- C:\Windows\System\yLCvpCC.exe
  C:\Windows\System\yLCvpCC.exe
  2⤵
  PID:10212
- C:\Windows\System\UTvuEJR.exe
  C:\Windows\System\UTvuEJR.exe
  2⤵
  PID:8912
- C:\Windows\System\yJBGXoC.exe
  C:\Windows\System\yJBGXoC.exe
  2⤵
  PID:9248
- C:\Windows\System\PZLqBTv.exe
  C:\Windows\System\PZLqBTv.exe
  2⤵
  PID:9344
- C:\Windows\System\drXbKDX.exe
  C:\Windows\System\drXbKDX.exe
  2⤵
  PID:9396
- C:\Windows\System\mDcrOgq.exe
  C:\Windows\System\mDcrOgq.exe
  2⤵
  PID:9516
- C:\Windows\System\nUWlnyl.exe
  C:\Windows\System\nUWlnyl.exe
  2⤵
  PID:9532
- C:\Windows\System\RQdgsvj.exe
  C:\Windows\System\RQdgsvj.exe
  2⤵
  PID:9612
- C:\Windows\System\REtLKOY.exe
  C:\Windows\System\REtLKOY.exe
  2⤵
  PID:9656
- C:\Windows\System\XYUuFnW.exe
  C:\Windows\System\XYUuFnW.exe
  2⤵
  PID:9720
- C:\Windows\System\oUITpkT.exe
  C:\Windows\System\oUITpkT.exe
  2⤵
  PID:9752
- C:\Windows\System\zrmvhCd.exe
  C:\Windows\System\zrmvhCd.exe
  2⤵
  PID:9832
- C:\Windows\System\bKZcbXC.exe
  C:\Windows\System\bKZcbXC.exe
  2⤵
  PID:9868
- C:\Windows\System\UdaHkJn.exe
  C:\Windows\System\UdaHkJn.exe
  2⤵
  PID:9980
- C:\Windows\System\FYVAgbE.exe
  C:\Windows\System\FYVAgbE.exe
  2⤵
  PID:10044
- C:\Windows\System\nNMbJkU.exe
  C:\Windows\System\nNMbJkU.exe
  2⤵
  PID:10040
- C:\Windows\System\gaPDTOW.exe
  C:\Windows\System\gaPDTOW.exe
  2⤵
  PID:10180
- C:\Windows\System\FzTFwnX.exe
  C:\Windows\System\FzTFwnX.exe
  2⤵
  PID:9224
- C:\Windows\System\EBbcOUu.exe
  C:\Windows\System\EBbcOUu.exe
  2⤵
  PID:9376
- C:\Windows\System\YfZdizA.exe
  C:\Windows\System\YfZdizA.exe
  2⤵
  PID:9476
- C:\Windows\System\HntwNsV.exe
  C:\Windows\System\HntwNsV.exe
  2⤵
  PID:2892
- C:\Windows\System\BCnEjoi.exe
  C:\Windows\System\BCnEjoi.exe
  2⤵
  PID:9880
- C:\Windows\System\CMTKIop.exe
  C:\Windows\System\CMTKIop.exe
  2⤵
  PID:9972
- C:\Windows\System\BiEDFTi.exe
  C:\Windows\System\BiEDFTi.exe
  2⤵
  PID:10144
- C:\Windows\System\YQwMZjq.exe
  C:\Windows\System\YQwMZjq.exe
  2⤵
  PID:9292
- C:\Windows\System\ZpGtcJq.exe
  C:\Windows\System\ZpGtcJq.exe
  2⤵
  PID:9660
- C:\Windows\System\kvlnHab.exe
  C:\Windows\System\kvlnHab.exe
  2⤵
  PID:10080
- C:\Windows\System\qmVeUyf.exe
  C:\Windows\System\qmVeUyf.exe
  2⤵
  PID:9508
- C:\Windows\System\YuwLmiV.exe
  C:\Windows\System\YuwLmiV.exe
  2⤵
  PID:9632
- C:\Windows\System\PQavliK.exe
  C:\Windows\System\PQavliK.exe
  2⤵
  PID:5032
- C:\Windows\System\pIhPlqg.exe
  C:\Windows\System\pIhPlqg.exe
  2⤵
  PID:10272
- C:\Windows\System\qxVAdOH.exe
  C:\Windows\System\qxVAdOH.exe
  2⤵
  PID:10296
- C:\Windows\System\aHuIVhM.exe
  C:\Windows\System\aHuIVhM.exe
  2⤵
  PID:10320
- C:\Windows\System\PSQVhxG.exe
  C:\Windows\System\PSQVhxG.exe
  2⤵
  PID:10340
- C:\Windows\System\dYthVYe.exe
  C:\Windows\System\dYthVYe.exe
  2⤵
  PID:10360
- C:\Windows\System\viJMEfY.exe
  C:\Windows\System\viJMEfY.exe
  2⤵
  PID:10384
- C:\Windows\System\fmhOPrM.exe
  C:\Windows\System\fmhOPrM.exe
  2⤵
  PID:10420
- C:\Windows\System\WVkMaEf.exe
  C:\Windows\System\WVkMaEf.exe
  2⤵
  PID:10452
- C:\Windows\System\TDdnHXa.exe
  C:\Windows\System\TDdnHXa.exe
  2⤵
  PID:10484
- C:\Windows\System\aNEvOOL.exe
  C:\Windows\System\aNEvOOL.exe
  2⤵
  PID:10520
- C:\Windows\System\DZGlepy.exe
  C:\Windows\System\DZGlepy.exe
  2⤵
  PID:10552
- C:\Windows\System\EuisxYa.exe
  C:\Windows\System\EuisxYa.exe
  2⤵
  PID:10576
- C:\Windows\System\CeRRSYV.exe
  C:\Windows\System\CeRRSYV.exe
  2⤵
  PID:10596
- C:\Windows\System\kkYoSeS.exe
  C:\Windows\System\kkYoSeS.exe
  2⤵
  PID:10620
- C:\Windows\System\gVzKWAE.exe
  C:\Windows\System\gVzKWAE.exe
  2⤵
  PID:10656
- C:\Windows\System\wOBxhSI.exe
  C:\Windows\System\wOBxhSI.exe
  2⤵
  PID:10676
- C:\Windows\System\LrJiIrg.exe
  C:\Windows\System\LrJiIrg.exe
  2⤵
  PID:10720
- C:\Windows\System\hfjRXFF.exe
  C:\Windows\System\hfjRXFF.exe
  2⤵
  PID:10752
- C:\Windows\System\OFcNEeT.exe
  C:\Windows\System\OFcNEeT.exe
  2⤵
  PID:10784
- C:\Windows\System\YNwCIjt.exe
  C:\Windows\System\YNwCIjt.exe
  2⤵
  PID:10804
- C:\Windows\System\vrTmpes.exe
  C:\Windows\System\vrTmpes.exe
  2⤵
  PID:10824
- C:\Windows\System\geGlYNK.exe
  C:\Windows\System\geGlYNK.exe
  2⤵
  PID:10852
- C:\Windows\System\tjnxtvc.exe
  C:\Windows\System\tjnxtvc.exe
  2⤵
  PID:10888
- C:\Windows\System\vqiQoVI.exe
  C:\Windows\System\vqiQoVI.exe
  2⤵
  PID:10932
- C:\Windows\System\snMaick.exe
  C:\Windows\System\snMaick.exe
  2⤵
  PID:10964
- C:\Windows\System\XEyIbkZ.exe
  C:\Windows\System\XEyIbkZ.exe
  2⤵
  PID:11000
- C:\Windows\System\QKGdCNz.exe
  C:\Windows\System\QKGdCNz.exe
  2⤵
  PID:11044
- C:\Windows\System\yjaegJX.exe
  C:\Windows\System\yjaegJX.exe
  2⤵
  PID:11076
- C:\Windows\System\tEVdqhi.exe
  C:\Windows\System\tEVdqhi.exe
  2⤵
  PID:11104
- C:\Windows\System\umZtjof.exe
  C:\Windows\System\umZtjof.exe
  2⤵
  PID:11120
- C:\Windows\System\gStcTDP.exe
  C:\Windows\System\gStcTDP.exe
  2⤵
  PID:11152
- C:\Windows\System\mlNoLUJ.exe
  C:\Windows\System\mlNoLUJ.exe
  2⤵
  PID:11172
- C:\Windows\System\jYAEYBs.exe
  C:\Windows\System\jYAEYBs.exe
  2⤵
  PID:11196
- C:\Windows\System\VKsqQUk.exe
  C:\Windows\System\VKsqQUk.exe
  2⤵
  PID:11224
- C:\Windows\System\OsdLsyY.exe
  C:\Windows\System\OsdLsyY.exe
  2⤵
  PID:11256
- C:\Windows\System\mDfuQuQ.exe
  C:\Windows\System\mDfuQuQ.exe
  2⤵
  PID:10308
- C:\Windows\System\SoFWiZl.exe
  C:\Windows\System\SoFWiZl.exe
  2⤵
  PID:10332
- C:\Windows\System\AluSObv.exe
  C:\Windows\System\AluSObv.exe
  2⤵
  PID:10408
- C:\Windows\System\yIRiniq.exe
  C:\Windows\System\yIRiniq.exe
  2⤵
  PID:10468
- C:\Windows\System\AgQbgBs.exe
  C:\Windows\System\AgQbgBs.exe
  2⤵
  PID:10572
- C:\Windows\System\KtuCtYD.exe
  C:\Windows\System\KtuCtYD.exe
  2⤵
  PID:10588
- C:\Windows\System\SkBeFqf.exe
  C:\Windows\System\SkBeFqf.exe
  2⤵
  PID:10668
- C:\Windows\System\LRzzGny.exe
  C:\Windows\System\LRzzGny.exe
  2⤵
  PID:10772
- C:\Windows\System\gIZbaWy.exe
  C:\Windows\System\gIZbaWy.exe
  2⤵
  PID:10820
- C:\Windows\System\NPEWVgQ.exe
  C:\Windows\System\NPEWVgQ.exe
  2⤵
  PID:10900
- C:\Windows\System\UNEOUbf.exe
  C:\Windows\System\UNEOUbf.exe
  2⤵
  PID:10952
- C:\Windows\System\LQpeWhk.exe
  C:\Windows\System\LQpeWhk.exe
  2⤵
  PID:11016
- C:\Windows\System\RYIdUPo.exe
  C:\Windows\System\RYIdUPo.exe
  2⤵
  PID:11112
- C:\Windows\System\TaOCdUU.exe
  C:\Windows\System\TaOCdUU.exe
  2⤵
  PID:11184
- C:\Windows\System\ncmDUpv.exe
  C:\Windows\System\ncmDUpv.exe
  2⤵
  PID:11248
- C:\Windows\System\KGSjCCf.exe
  C:\Windows\System\KGSjCCf.exe
  2⤵
  PID:10280
- C:\Windows\System\CWhSRzq.exe
  C:\Windows\System\CWhSRzq.exe
  2⤵
  PID:10444
- C:\Windows\System\cbIEDyy.exe
  C:\Windows\System\cbIEDyy.exe
  2⤵
  PID:10508
- C:\Windows\System\MmIiEkI.exe
  C:\Windows\System\MmIiEkI.exe
  2⤵
  PID:10688
- C:\Windows\System\usbEazv.exe
  C:\Windows\System\usbEazv.exe
  2⤵
  PID:10920
- C:\Windows\System\pKuVAVL.exe
  C:\Windows\System\pKuVAVL.exe
  2⤵
  PID:10980
- C:\Windows\System\gswHMyv.exe
  C:\Windows\System\gswHMyv.exe
  2⤵
  PID:11244
- C:\Windows\System\yxLeVWW.exe
  C:\Windows\System\yxLeVWW.exe
  2⤵
  PID:10432
- C:\Windows\System\xFzYOYd.exe
  C:\Windows\System\xFzYOYd.exe
  2⤵
  PID:10644
- C:\Windows\System\skiaGzp.exe
  C:\Windows\System\skiaGzp.exe
  2⤵
  PID:11088
- C:\Windows\System\gDChVMM.exe
  C:\Windows\System\gDChVMM.exe
  2⤵
  PID:10604
- C:\Windows\System\aRRnysd.exe
  C:\Windows\System\aRRnysd.exe
  2⤵
  PID:11280
- C:\Windows\System\CFIPqmO.exe
  C:\Windows\System\CFIPqmO.exe
  2⤵
  PID:11308
- C:\Windows\System\cbSFYQk.exe
  C:\Windows\System\cbSFYQk.exe
  2⤵
  PID:11324
- C:\Windows\System\pxSRzCS.exe
  C:\Windows\System\pxSRzCS.exe
  2⤵
  PID:11356
- C:\Windows\System\HNHmgLA.exe
  C:\Windows\System\HNHmgLA.exe
  2⤵
  PID:11384
- C:\Windows\System\PcLiSpu.exe
  C:\Windows\System\PcLiSpu.exe
  2⤵
  PID:11408
- C:\Windows\System\BYlhdvr.exe
  C:\Windows\System\BYlhdvr.exe
  2⤵
  PID:11428
- C:\Windows\System\bjjsPXq.exe
  C:\Windows\System\bjjsPXq.exe
  2⤵
  PID:11476
- C:\Windows\System\ozrwBuh.exe
  C:\Windows\System\ozrwBuh.exe
  2⤵
  PID:11496
- C:\Windows\System\tCYhOBK.exe
  C:\Windows\System\tCYhOBK.exe
  2⤵
  PID:11512
- C:\Windows\System\hUVoKgj.exe
  C:\Windows\System\hUVoKgj.exe
  2⤵
  PID:11540
- C:\Windows\System\RJZbWzV.exe
  C:\Windows\System\RJZbWzV.exe
  2⤵
  PID:11576
- C:\Windows\System\eZXMaGO.exe
  C:\Windows\System\eZXMaGO.exe
  2⤵
  PID:11608
- C:\Windows\System\gjQJzRd.exe
  C:\Windows\System\gjQJzRd.exe
  2⤵
  PID:11640
- C:\Windows\System\uqYPdPy.exe
  C:\Windows\System\uqYPdPy.exe
  2⤵
  PID:11664
- C:\Windows\System\crhknno.exe
  C:\Windows\System\crhknno.exe
  2⤵
  PID:11696
- C:\Windows\System\qNphEXD.exe
  C:\Windows\System\qNphEXD.exe
  2⤵
  PID:11716
- C:\Windows\System\SMuzEHS.exe
  C:\Windows\System\SMuzEHS.exe
  2⤵
  PID:11748
- C:\Windows\System\XyGhAlG.exe
  C:\Windows\System\XyGhAlG.exe
  2⤵
  PID:11764
- C:\Windows\System\nUcmYRb.exe
  C:\Windows\System\nUcmYRb.exe
  2⤵
  PID:11796
- C:\Windows\System\NRyastu.exe
  C:\Windows\System\NRyastu.exe
  2⤵
  PID:11828
- C:\Windows\System\FsRzauT.exe
  C:\Windows\System\FsRzauT.exe
  2⤵
  PID:11848
- C:\Windows\System\JyKnqSt.exe
  C:\Windows\System\JyKnqSt.exe
  2⤵
  PID:11868
- C:\Windows\System\tBHSnIg.exe
  C:\Windows\System\tBHSnIg.exe
  2⤵
  PID:11900
- C:\Windows\System\wGFRycW.exe
  C:\Windows\System\wGFRycW.exe
  2⤵
  PID:11928
- C:\Windows\System\UnaFwVs.exe
  C:\Windows\System\UnaFwVs.exe
  2⤵
  PID:11960
- C:\Windows\System\fFGebCa.exe
  C:\Windows\System\fFGebCa.exe
  2⤵
  PID:11996
- C:\Windows\System\FNdTyoL.exe
  C:\Windows\System\FNdTyoL.exe
  2⤵
  PID:12020
- C:\Windows\System\TzXKbQm.exe
  C:\Windows\System\TzXKbQm.exe
  2⤵
  PID:12044
- C:\Windows\System\oIpmMlX.exe
  C:\Windows\System\oIpmMlX.exe
  2⤵
  PID:12072
- C:\Windows\System\OplVgrV.exe
  C:\Windows\System\OplVgrV.exe
  2⤵
  PID:12108
- C:\Windows\System\OcvUwSZ.exe
  C:\Windows\System\OcvUwSZ.exe
  2⤵
  PID:12156
- C:\Windows\System\XYwQnqx.exe
  C:\Windows\System\XYwQnqx.exe
  2⤵
  PID:12172
- C:\Windows\System\AmJPOXZ.exe
  C:\Windows\System\AmJPOXZ.exe
  2⤵
  PID:12196
- C:\Windows\System\mYsleEU.exe
  C:\Windows\System\mYsleEU.exe
  2⤵
  PID:12228
- C:\Windows\System\UYXsJte.exe
  C:\Windows\System\UYXsJte.exe
  2⤵
  PID:12260
- C:\Windows\System\fMjNRlb.exe
  C:\Windows\System\fMjNRlb.exe
  2⤵
  PID:11208
- C:\Windows\System\FoEHUzh.exe
  C:\Windows\System\FoEHUzh.exe
  2⤵
  PID:11344
- C:\Windows\System\rRIycvu.exe
  C:\Windows\System\rRIycvu.exe
  2⤵
  PID:11424
- C:\Windows\System\GLWAgtI.exe
  C:\Windows\System\GLWAgtI.exe
  2⤵
  PID:11524
- C:\Windows\System\dvsRIoB.exe
  C:\Windows\System\dvsRIoB.exe
  2⤵
  PID:11532
- C:\Windows\System\IPeJnnq.exe
  C:\Windows\System\IPeJnnq.exe
  2⤵
  PID:11660
- C:\Windows\System\vRaYZMG.exe
  C:\Windows\System\vRaYZMG.exe
  2⤵
  PID:11648
- C:\Windows\System\sNvCJHQ.exe
  C:\Windows\System\sNvCJHQ.exe
  2⤵
  PID:11792
- C:\Windows\System\YYnyxYC.exe
  C:\Windows\System\YYnyxYC.exe
  2⤵
  PID:11836
- C:\Windows\System\QwlXPGv.exe
  C:\Windows\System\QwlXPGv.exe
  2⤵
  PID:11864
- C:\Windows\System\orBwptB.exe
  C:\Windows\System\orBwptB.exe
  2⤵
  PID:11896
- C:\Windows\System\vKRPXaZ.exe
  C:\Windows\System\vKRPXaZ.exe
  2⤵
  PID:11940
- C:\Windows\System\TlPUQYy.exe
  C:\Windows\System\TlPUQYy.exe
  2⤵
  PID:12128
- C:\Windows\System\UjPtDNq.exe
  C:\Windows\System\UjPtDNq.exe
  2⤵
  PID:12060
- C:\Windows\System\bZQggsO.exe
  C:\Windows\System\bZQggsO.exe
  2⤵
  PID:12216
- C:\Windows\System\larjEmm.exe
  C:\Windows\System\larjEmm.exe
  2⤵
  PID:11300
- C:\Windows\System\Xcihice.exe
  C:\Windows\System\Xcihice.exe
  2⤵
  PID:11392
- C:\Windows\System\PxCfLyG.exe
  C:\Windows\System\PxCfLyG.exe
  2⤵
  PID:11488
- C:\Windows\System\mZiLfwj.exe
  C:\Windows\System\mZiLfwj.exe
  2⤵
  PID:11628
- C:\Windows\System\lVgvItX.exe
  C:\Windows\System\lVgvItX.exe
  2⤵
  PID:11756
- C:\Windows\System\PzkWzJJ.exe
  C:\Windows\System\PzkWzJJ.exe
  2⤵
  PID:11916
- C:\Windows\System\hfjBydY.exe
  C:\Windows\System\hfjBydY.exe
  2⤵
  PID:11976
- C:\Windows\System\VvUHJyT.exe
  C:\Windows\System\VvUHJyT.exe
  2⤵
  PID:12104
- C:\Windows\System\wEOIVVi.exe
  C:\Windows\System\wEOIVVi.exe
  2⤵
  PID:11336
- C:\Windows\System\INYqAfr.exe
  C:\Windows\System\INYqAfr.exe
  2⤵
  PID:11564
- C:\Windows\System\QzCxUXJ.exe
  C:\Windows\System\QzCxUXJ.exe
  2⤵
  PID:11528
- C:\Windows\System\xJXLpNy.exe
  C:\Windows\System\xJXLpNy.exe
  2⤵
  PID:11684
- C:\Windows\System\hVRddxR.exe
  C:\Windows\System\hVRddxR.exe
  2⤵
  PID:12300
- C:\Windows\System\FOCcsfV.exe
  C:\Windows\System\FOCcsfV.exe
  2⤵
  PID:12320
- C:\Windows\System\hSbdkUj.exe
  C:\Windows\System\hSbdkUj.exe
  2⤵
  PID:12356
- C:\Windows\System\HCgQxtT.exe
  C:\Windows\System\HCgQxtT.exe
  2⤵
  PID:12396
- C:\Windows\System\QNPieXH.exe
  C:\Windows\System\QNPieXH.exe
  2⤵
  PID:12412
- C:\Windows\System\NlnZSHx.exe
  C:\Windows\System\NlnZSHx.exe
  2⤵
  PID:12428
- C:\Windows\System\sjELBzK.exe
  C:\Windows\System\sjELBzK.exe
  2⤵
  PID:12460
- C:\Windows\System\WYetaPS.exe
  C:\Windows\System\WYetaPS.exe
  2⤵
  PID:12496
- C:\Windows\System\LPwpYcV.exe
  C:\Windows\System\LPwpYcV.exe
  2⤵
  PID:12520
- C:\Windows\System\TOVrrZE.exe
  C:\Windows\System\TOVrrZE.exe
  2⤵
  PID:12552
- C:\Windows\System\EySWYFT.exe
  C:\Windows\System\EySWYFT.exe
  2⤵
  PID:12576
- C:\Windows\System\czTaATw.exe
  C:\Windows\System\czTaATw.exe
  2⤵
  PID:12616
- C:\Windows\System\GuaviQH.exe
  C:\Windows\System\GuaviQH.exe
  2⤵
  PID:12636
- C:\Windows\System\yKgfWNe.exe
  C:\Windows\System\yKgfWNe.exe
  2⤵
  PID:12664
- C:\Windows\System\ZTuMQVX.exe
  C:\Windows\System\ZTuMQVX.exe
  2⤵
  PID:12704
- C:\Windows\System\wLTuqvH.exe
  C:\Windows\System\wLTuqvH.exe
  2⤵
  PID:12740
- C:\Windows\System\egUJzgD.exe
  C:\Windows\System\egUJzgD.exe
  2⤵
  PID:12756
- C:\Windows\System\nNdxrBC.exe
  C:\Windows\System\nNdxrBC.exe
  2⤵
  PID:12788
- C:\Windows\System\WHoBCsJ.exe
  C:\Windows\System\WHoBCsJ.exe
  2⤵
  PID:12820
- C:\Windows\System\cDZLnUj.exe
  C:\Windows\System\cDZLnUj.exe
  2⤵
  PID:12852
- C:\Windows\System\ecTeRvZ.exe
  C:\Windows\System\ecTeRvZ.exe
  2⤵
  PID:12884
- C:\Windows\System\iXIlYXf.exe
  C:\Windows\System\iXIlYXf.exe
  2⤵
  PID:12904
- C:\Windows\System\UaHwJyR.exe
  C:\Windows\System\UaHwJyR.exe
  2⤵
  PID:12928
- C:\Windows\System\duHjcKX.exe
  C:\Windows\System\duHjcKX.exe
  2⤵
  PID:12956
- C:\Windows\System\FMmzLRh.exe
  C:\Windows\System\FMmzLRh.exe
  2⤵
  PID:12984
- C:\Windows\System\KpZduLN.exe
  C:\Windows\System\KpZduLN.exe
  2⤵
  PID:13012
- C:\Windows\System\RooblGI.exe
  C:\Windows\System\RooblGI.exe
  2⤵
  PID:13040
- C:\Windows\System\MpYVmFo.exe
  C:\Windows\System\MpYVmFo.exe
  2⤵
  PID:13072
- C:\Windows\System\NxnIgho.exe
  C:\Windows\System\NxnIgho.exe
  2⤵
  PID:13096
- C:\Windows\System\DjTxqOG.exe
  C:\Windows\System\DjTxqOG.exe
  2⤵
  PID:13132
- C:\Windows\System\AoRaDac.exe
  C:\Windows\System\AoRaDac.exe
  2⤵
  PID:13156
- C:\Windows\System\lakoVmN.exe
  C:\Windows\System\lakoVmN.exe
  2⤵
  PID:13180
- C:\Windows\System\YXMsmGc.exe
  C:\Windows\System\YXMsmGc.exe
  2⤵
  PID:13204
- C:\Windows\System\kprLsBU.exe
  C:\Windows\System\kprLsBU.exe
  2⤵
  PID:13232
- C:\Windows\System\mvajszq.exe
  C:\Windows\System\mvajszq.exe
  2⤵
  PID:13264
- C:\Windows\System\HnqzHCK.exe
  C:\Windows\System\HnqzHCK.exe
  2⤵
  PID:13288
- C:\Windows\System\pjiXKre.exe
  C:\Windows\System\pjiXKre.exe
  2⤵
  PID:11948
- C:\Windows\System\eTLxlMi.exe
  C:\Windows\System\eTLxlMi.exe
  2⤵
  PID:11420
- C:\Windows\System\oHziFME.exe
  C:\Windows\System\oHziFME.exe
  2⤵
  PID:12380
- C:\Windows\System\gOpeWsm.exe
  C:\Windows\System\gOpeWsm.exe
  2⤵
  PID:12424
- C:\Windows\System\kfpMVcY.exe
  C:\Windows\System\kfpMVcY.exe
  2⤵
  PID:12516
- C:\Windows\System\kgWsnll.exe
  C:\Windows\System\kgWsnll.exe
  2⤵
  PID:12592
- C:\Windows\System\cWobnLC.exe
  C:\Windows\System\cWobnLC.exe
  2⤵
  PID:12628
- C:\Windows\System\QemrRug.exe
  C:\Windows\System\QemrRug.exe
  2⤵
  PID:12692
- C:\Windows\System\hDLReui.exe
  C:\Windows\System\hDLReui.exe
  2⤵
  PID:12748
- C:\Windows\System\jeTcZka.exe
  C:\Windows\System\jeTcZka.exe
  2⤵
  PID:12848
- C:\Windows\System\flDGiwO.exe
  C:\Windows\System\flDGiwO.exe
  2⤵
  PID:12900
- C:\Windows\System\rkicohp.exe
  C:\Windows\System\rkicohp.exe
  2⤵
  PID:12940
- C:\Windows\System\eStpZHC.exe
  C:\Windows\System\eStpZHC.exe
  2⤵
  PID:12968
- C:\Windows\System\lwtDGiM.exe
  C:\Windows\System\lwtDGiM.exe
  2⤵
  PID:13056
- C:\Windows\System\pHHGgkN.exe
  C:\Windows\System\pHHGgkN.exe
  2⤵
  PID:13108
- C:\Windows\System\ylSAagL.exe
  C:\Windows\System\ylSAagL.exe
  2⤵
  PID:13200
- C:\Windows\System\SSwZQYa.exe
  C:\Windows\System\SSwZQYa.exe
  2⤵
  PID:13280
- C:\Windows\System\VxcRUGF.exe
  C:\Windows\System\VxcRUGF.exe
  2⤵
  PID:12456
- C:\Windows\System\jzRaVOI.exe
  C:\Windows\System\jzRaVOI.exe
  2⤵
  PID:12544
- C:\Windows\System\BRMQBea.exe
  C:\Windows\System\BRMQBea.exe
  2⤵
  PID:12608
- C:\Windows\System\LNWDLwX.exe
  C:\Windows\System\LNWDLwX.exe
  2⤵
  PID:1780
- C:\Windows\System\tMTCfCd.exe
  C:\Windows\System\tMTCfCd.exe
  2⤵
  PID:4928
- C:\Windows\System\SKpIxGW.exe
  C:\Windows\System\SKpIxGW.exe
  2⤵
  PID:12952
- C:\Windows\System\zNrslcj.exe
  C:\Windows\System\zNrslcj.exe
  2⤵
  PID:12892
- C:\Windows\System\UKIovYs.exe
  C:\Windows\System\UKIovYs.exe
  2⤵
  PID:13276
- C:\Windows\System\IyuxTng.exe
  C:\Windows\System\IyuxTng.exe
  2⤵
  PID:12452
- C:\Windows\System\LJZJguX.exe
  C:\Windows\System\LJZJguX.exe
  2⤵
  PID:12648
- C:\Windows\System\mBszloe.exe
  C:\Windows\System\mBszloe.exe
  2⤵
  PID:13164
- C:\Windows\System\InfuAtu.exe
  C:\Windows\System\InfuAtu.exe
  2⤵
  PID:13112
- C:\Windows\System\bOGgAaM.exe
  C:\Windows\System\bOGgAaM.exe
  2⤵
  PID:13348
- C:\Windows\System\tKncyQR.exe
  C:\Windows\System\tKncyQR.exe
  2⤵
  PID:13388
- C:\Windows\System\iXNFzkd.exe
  C:\Windows\System\iXNFzkd.exe
  2⤵
  PID:13416
- C:\Windows\System\LHxHWUS.exe
  C:\Windows\System\LHxHWUS.exe
  2⤵
  PID:13448
- C:\Windows\System\QmEXAOq.exe
  C:\Windows\System\QmEXAOq.exe
  2⤵
  PID:13480
- C:\Windows\System\IRatlcL.exe
  C:\Windows\System\IRatlcL.exe
  2⤵
  PID:13504
- C:\Windows\System\mirwIXG.exe
  C:\Windows\System\mirwIXG.exe
  2⤵
  PID:13536
- C:\Windows\System\rMWLJYg.exe
  C:\Windows\System\rMWLJYg.exe
  2⤵
  PID:13552
- C:\Windows\System\aMEOjxd.exe
  C:\Windows\System\aMEOjxd.exe
  2⤵
  PID:13576
- C:\Windows\System\okOgcMV.exe
  C:\Windows\System\okOgcMV.exe
  2⤵
  PID:13596
- C:\Windows\System\VTwuCwY.exe
  C:\Windows\System\VTwuCwY.exe
  2⤵
  PID:13636
- C:\Windows\System\LJnmkda.exe
  C:\Windows\System\LJnmkda.exe
  2⤵
  PID:13676
- C:\Windows\System\MQsAdWO.exe
  C:\Windows\System\MQsAdWO.exe
  2⤵
  PID:13720
- C:\Windows\System\gqMjnHL.exe
  C:\Windows\System\gqMjnHL.exe
  2⤵
  PID:13744
- C:\Windows\System\JsOEATj.exe
  C:\Windows\System\JsOEATj.exe
  2⤵
  PID:13772
- C:\Windows\System\KiBMGMS.exe
  C:\Windows\System\KiBMGMS.exe
  2⤵
  PID:13808
- C:\Windows\System\DoaVPMa.exe
  C:\Windows\System\DoaVPMa.exe
  2⤵
  PID:13836
- C:\Windows\System\CHbFOZP.exe
  C:\Windows\System\CHbFOZP.exe
  2⤵
  PID:13860
- C:\Windows\System\qUSfllV.exe
  C:\Windows\System\qUSfllV.exe
  2⤵
  PID:13884
- C:\Windows\System\ATHhLZw.exe
  C:\Windows\System\ATHhLZw.exe
  2⤵
  PID:13920
- C:\Windows\System\tGXqTcA.exe
  C:\Windows\System\tGXqTcA.exe
  2⤵
  PID:13956
- C:\Windows\System\NrsRpny.exe
  C:\Windows\System\NrsRpny.exe
  2⤵
  PID:13988
- C:\Windows\System\XoyUTys.exe
  C:\Windows\System\XoyUTys.exe
  2⤵
  PID:14012
- C:\Windows\System\dLviaZV.exe
  C:\Windows\System\dLviaZV.exe
  2⤵
  PID:14036
- C:\Windows\System\kXoxLzG.exe
  C:\Windows\System\kXoxLzG.exe
  2⤵
  PID:14056
- C:\Windows\System\etbDCWw.exe
  C:\Windows\System\etbDCWw.exe
  2⤵
  PID:14088
- C:\Windows\System\OtlyTvL.exe
  C:\Windows\System\OtlyTvL.exe
  2⤵
  PID:14120
- C:\Windows\System\VhEEnWX.exe
  C:\Windows\System\VhEEnWX.exe
  2⤵
  PID:14140
- C:\Windows\System\JUJSHwH.exe
  C:\Windows\System\JUJSHwH.exe
  2⤵
  PID:14168
- C:\Windows\System\evgibTr.exe
  C:\Windows\System\evgibTr.exe
  2⤵
  PID:14196
- C:\Windows\System\otOibZw.exe
  C:\Windows\System\otOibZw.exe
  2⤵
  PID:14236
- C:\Windows\System\HYqyrBj.exe
  C:\Windows\System\HYqyrBj.exe
  2⤵
  PID:14264
- C:\Windows\System\IQNdjRN.exe
  C:\Windows\System\IQNdjRN.exe
  2⤵
  PID:14280
- C:\Windows\System\sAihRNo.exe
  C:\Windows\System\sAihRNo.exe
  2⤵
  PID:14316
- C:\Windows\System\pYJLcuF.exe
  C:\Windows\System\pYJLcuF.exe
  2⤵
  PID:13084
- C:\Windows\System\FUuaRsw.exe
  C:\Windows\System\FUuaRsw.exe
  2⤵
  PID:13380
- C:\Windows\System\pmaLcCJ.exe
  C:\Windows\System\pmaLcCJ.exe
  2⤵
  PID:13412
- C:\Windows\System\ZIvpYzd.exe
  C:\Windows\System\ZIvpYzd.exe
  2⤵
  PID:13496
- C:\Windows\System\XmyZVWL.exe
  C:\Windows\System\XmyZVWL.exe
  2⤵
  PID:13472
- C:\Windows\System\zMqNthP.exe
  C:\Windows\System\zMqNthP.exe
  2⤵
  PID:13584
- C:\Windows\System\KDtDHfE.exe
  C:\Windows\System\KDtDHfE.exe
  2⤵
  PID:13768
- C:\Windows\System\YRZyJuy.exe
  C:\Windows\System\YRZyJuy.exe
  2⤵
  PID:13856
- C:\Windows\System\FIMLsvT.exe
  C:\Windows\System\FIMLsvT.exe
  2⤵
  PID:13908
- C:\Windows\System\toEQAFG.exe
  C:\Windows\System\toEQAFG.exe
  2⤵
  PID:13984
- C:\Windows\System\TwtjPnq.exe
  C:\Windows\System\TwtjPnq.exe
  2⤵
  PID:14028
- C:\Windows\System\mimddwP.exe
  C:\Windows\System\mimddwP.exe
  2⤵
  PID:14108
- C:\Windows\System\JovAFRQ.exe
  C:\Windows\System\JovAFRQ.exe
  2⤵
  PID:14192
- C:\Windows\System\nSzcFSj.exe
  C:\Windows\System\nSzcFSj.exe
  2⤵
  PID:14252
- C:\Windows\System\LmUlYJI.exe
  C:\Windows\System\LmUlYJI.exe
  2⤵
  PID:14272
- C:\Windows\System\gUGJgic.exe
  C:\Windows\System\gUGJgic.exe
  2⤵
  PID:13296
- C:\Windows\System\nTyjLCN.exe
  C:\Windows\System\nTyjLCN.exe
  2⤵
  PID:13336
- C:\Windows\System\iYaxdzt.exe
  C:\Windows\System\iYaxdzt.exe
  2⤵
  PID:13608
- C:\Windows\System\wioWduo.exe
  C:\Windows\System\wioWduo.exe
  2⤵
  PID:13632
- C:\Windows\System\OHEhnQn.exe
  C:\Windows\System\OHEhnQn.exe
  2⤵
  PID:14032
- C:\Windows\System\ntDwuoY.exe
  C:\Windows\System\ntDwuoY.exe
  2⤵
  PID:14132
- C:\Windows\System\voOYCxs.exe
  C:\Windows\System\voOYCxs.exe
  2⤵
  PID:14308
- C:\Windows\System\KXvStUv.exe
  C:\Windows\System\KXvStUv.exe
  2⤵
  PID:13528
- C:\Windows\System\IOdYHlo.exe
  C:\Windows\System\IOdYHlo.exe
  2⤵
  PID:13740
- C:\Windows\System\aHhFESb.exe
  C:\Windows\System\aHhFESb.exe
  2⤵
  PID:13876
- C:\Windows\System\vONESUQ.exe
  C:\Windows\System\vONESUQ.exe
  2⤵
  PID:13624
- C:\Windows\System\MzDUMpM.exe
  C:\Windows\System\MzDUMpM.exe
  2⤵
  PID:14084
- C:\Windows\System\ddEUoSc.exe
  C:\Windows\System\ddEUoSc.exe
  2⤵
  PID:14348
- C:\Windows\System\eDQrdUD.exe
  C:\Windows\System\eDQrdUD.exe
  2⤵
  PID:14376

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AFkYnWD.exe

Filesize
2.3MB

MD5
06f396e9da7556d0978e1c5df00e3103

SHA1
b14653faeabbdbabb5ddabacc8c26222f7fb33d5

SHA256
36a0c809dc53ed51d01e7c09403cc094856bab616658256f952a6d7f76563fc5

SHA512
38dd2ac8a85ec2c27b2f7369bf1d859bbcb84b90d402bdc9c5838ae13396736777fdf8088946306f3b501edea4fd25ca39977e5ef47072fd78b14c938ad765ba

Download Submit
C:\Windows\System\DdqOfBU.exe

Filesize
2.3MB

MD5
41e676d07e4853c86d8b7520afcbc19e

SHA1
967c92635de19fb3560ba5972f60bd2875e63a7c

SHA256
53700a2e6ed0b67023c3475acb9d8cb32eba56206ee5013c8361ca78e025d947

SHA512
450ba2692c62b999466ab1a9a9fcfba1ecdd74282b80d584305815335dced72c5811f66f5a6e2860a68cd61403ac8c25dcc4c4e7670e17f66422a8821f9b9fb3

Download Submit
C:\Windows\System\FgyFZoW.exe

Filesize
2.3MB

MD5
9cd79d77236fd41bc4953ea9a8eba8f0

SHA1
6cf6fc4069d9360850b1bb8afdd2987d79938fbe

SHA256
ae90eeb8f98b5079b1002160d577aec2bfb689ac580114aaf2d26ff052d9ea1c

SHA512
71df036d43f271a560fe0ecff50ea05eb9cb6086f0ed9734488b488de31e7340b1f9cc4315094fc34dd526903ac9cf70a8f6d5011bb712fd91a6fee825171527

Download Submit
C:\Windows\System\GTuQXmZ.exe

Filesize
2.3MB

MD5
3b1c29653ee601c48eebac4f9d259619

SHA1
8576e8eb3950781fd5e0266cf88515fb069af9f3

SHA256
5b59430ba05c98da8748df73adb68d7c549b08ac92ec5c33e220d7c370b943c3

SHA512
9c6899815f8f45a97d65f9ec75de8b96afcaff77fa11ab9ed32b97f6c48b1b4bbb3191872b4f63bf4c1fd335f98b60d745d7b4a3feceeffce7247d05fa6f130a

Download Submit
C:\Windows\System\GqsUrad.exe

Filesize
2.3MB

MD5
873ae73263e6f3acaa282a82e1086398

SHA1
1141e564927075f48d1f57cc438e38816920a3d4

SHA256
4f4b9564836b9924f3a37ee8e10f9125a0e899a84daec85515a127eeae827fa2

SHA512
c6bd5d52b5c02f71776071ccaf27fb5d0cb7d483f62c04c68e287af94174c2fa083db20a56ef4dc6bef6533601f776a315b837f527c467bddaf786a5fe758aa9

Download Submit
C:\Windows\System\HBZBFRf.exe

Filesize
2.3MB

MD5
8cbc51d9406528a799534f334d8f0fc7

SHA1
25eb0bc2b139e30f4fa99e517acbc771891b65ea

SHA256
b9e14d076cbf6e2f0db1df5dce2e7d785ccb3dec37fd6174bc6715488df3cb4d

SHA512
e78d7c7e73045c206e7d6c4545cf239e8fdab24edf68700f110aad8479d17060f2fa2d81e4a9eab77de41ee3002595bc90732bf01d67e16e93f26fcbd3df26cb

Download Submit
C:\Windows\System\HUVcDPx.exe

Filesize
2.3MB

MD5
a8c2bff8e64aec71caaef4be3cb49b47

SHA1
76d99b1fa36648fd1cd881d60a747c55b84166d9

SHA256
a9562b31f30af2b49b6b307935588f9bde65f6df5f2e9973cb8e595ab102599c

SHA512
0db6ddc592f775554f40764e22477c9c78b0b4931c00ed010a0d70f7a2f383c523ae473c3caec0ff8434e55996075ba73c1d44e6ee295d5304c23b7a53b9f433

Download Submit
C:\Windows\System\MmMkjtM.exe

Filesize
2.3MB

MD5
4b08707ef6fa0661d52c1865eda3d359

SHA1
a8817ec432df4c734ca4e7ffe781b6c71480a73f

SHA256
481e79dde96f1a6f12cb0a0f432c8cf7c459dba42fb779331046bdb6db493096

SHA512
3fd7dd5b54d7b53e3a975d66641d662827ae1a4a1ba0d30b0dbf01a13b06a48518eeaee663490d90c1e8695d86e460fd42b18f90e25a8ac01828cfb7772caacd

Download Submit
C:\Windows\System\NMOWrOm.exe

Filesize
2.3MB

MD5
8fc851f7e9df03b7d384a8d0c3b57a60

SHA1
ab45c5ccbfc3f78114e5b03d7628bade7d5a708d

SHA256
28cefcc26c5717f9f0ba697944f08319d1a5248db22f962c98df3a341ad2aba9

SHA512
3ba90c064602007bdb6fee0b4cd4dee22452720a5cfe0c24fe020f6c0d89d678b961fa384e6acb3b29b656f3bde63702d0230611061f6ffe61a50ffb984fa743

Download Submit
C:\Windows\System\NtpIfOg.exe

Filesize
2.3MB

MD5
62963e6c01901056e624bf1dd662263e

SHA1
543d6cc10e5aa140a8bb47bae060446dd3b30870

SHA256
310fa39cafc11029698aa573524d46dc0dd11745f99b077bd60d3c7bbaf0487d

SHA512
2bb0f7af009e9354dff5cc82ffee186ced2d72880c1ac614b64225f156f71cc9c91d156d5c47638f36976ae439f36eab2cba7b63e125dcc4e3c777dedb9d0374

Download Submit
C:\Windows\System\QXxRtye.exe

Filesize
2.3MB

MD5
96521d5a3c35c96e7187af22d351123a

SHA1
c8a8aa9d4cc02411cb04fc944b2725d2717d81c6

SHA256
47a5c31f89c51a9357ce8699c786df9d90b7d766fa9b8a47a581a994c08de093

SHA512
759735b32aa1dd98236dc8a92ab36f7d04b3d351f58e61d6370c61a3dbb7bb5d85037c3bf70176574885394f037c86ff8532fb0b4f200b9e7b75976bd1e1c7a5

Download Submit
C:\Windows\System\QoRIkit.exe

Filesize
2.3MB

MD5
d34e7ab0d77640414ebeace6c7faaed9

SHA1
9a9b91e750d72db7fda168f7f33a702c49beec26

SHA256
8244929db0ea3b83dfcf37bf26ff0092f6268da06953558f22329d7ae7678cac

SHA512
3de16eb9500b8738805dd9af1ab10ebe01337fc63b0e63cdba5e8cc7afc861d4e33ecc9288f81b0093e9825474cc36b3185e10841d39078d39cb7c7c184936b8

Download Submit
C:\Windows\System\akeFFbT.exe

Filesize
2.3MB

MD5
c9e59203af37e93b6d4b1af469904516

SHA1
fc91eb285391eafdb9ff53f7ce8ea1f460b1110e

SHA256
d34821f9a940da356e247a4186cd49aef642d285457d5f7583daef821f06f801

SHA512
1e4a5a72281d6b5733765be0de3189e39dc7c12802f636b0599f35e1a5067898dd9d47aea6c9daa699cffaa75ad6aa88565eb5644ff5457d2def0f003797597e

Download Submit
C:\Windows\System\bjowdbY.exe

Filesize
2.3MB

MD5
e45fa533af6b816858068e7a02166bbb

SHA1
c3d33b146a65f6f7acfbbe67b6c8447ca403be8f

SHA256
3de8771a170023fa4a3a4db75f2e0e0fd18a62523eb81a5810f7f3b0eba3ea4d

SHA512
42d42526278307ce068f5b2a5c249ce3287d83e41c794055f0217d26a7b22974543d45ec504c2b4df0281c50ac3927be839d0574f0a9f8e73abca78fd9a9356e

Download Submit
C:\Windows\System\cqJQSBV.exe

Filesize
2.3MB

MD5
d3c15a071c190b61081cd2e89972f94e

SHA1
0f02034df4476d7fc9d2a5eb79651faa48e50f0b

SHA256
40e943c375a698aae30afaecb94ef48d0bcc39b780b57093fd0955771b05e589

SHA512
f8ab177ab43b79782c4bfc76544f070f9d17992b94df3e42f21484c07d6286c8e0bc48c330c65be75898b480866dac50d5dc5ec4123e9a28488720a7a93eb84a

Download Submit
C:\Windows\System\evDoWok.exe

Filesize
2.3MB

MD5
205e3c7508601162b30a9c9e3660693c

SHA1
757c03311ea48b5bc9667b7a1dec70f62b242eb5

SHA256
aaeb25cf34abc0de3108fb5c7520bc7c5d1c1f8037b2122c8f59b53c092d3d72

SHA512
46743d6ef8773ca6dc06e03f40bb9ed1ae7e55a134c0527fb974c775380f028a39387cbd9cd4e5237275301b5ffbb18a045e419f74d03dd9509b093560046fb3

Download Submit
C:\Windows\System\gVJNclX.exe

Filesize
2.3MB

MD5
d8105962228e9b6ef118d127a3927f2f

SHA1
b810b47c415ba73c62d2b41724453b1df576c951

SHA256
6ed3eda782e0e152f9f1a63e9cf27fc9e037a2421c8116828e6e8e5ce6b6e15b

SHA512
04822e9283ccb75a3ce66f3e4a237baab0af4de9281d286bb3ca2aa50d75e2c4749b3d28a5ff6a04a9d35d511912201d08145cdbfbadf1de0f385664efa0dd88

Download Submit
C:\Windows\System\hUFgGmZ.exe

Filesize
2.3MB

MD5
a0c39374516160fac4a338f81e44fb3f

SHA1
2f43c2b68b24244b89cf23ee1aa5b8fe826e1605

SHA256
4f80b02be9d3d1b734a100f960899bc073782cb62b6c2715c055970ce7d5d58f

SHA512
9e3d86f4d92e04010d3dcb6997ca6e242f1f5b58f6b4bb714efcba1a03b36bbbfd6ac853736cd110ec60bd4c25d30dc90488f4aeba4591a366eb9ac564886e1a

Download Submit
C:\Windows\System\jiFfdxC.exe

Filesize
2.3MB

MD5
7a4569587ebbe23116c0e056bd460d52

SHA1
b5691756463abe3027b56dc7cacb5ca5769605f3

SHA256
581c880ece37393a0312c03781490004bd12cd723fc834654eae1c72574c03fa

SHA512
bf4f54eae89f68a923c80d1736eca313643a2497655e01a639322351e706ac8902893c71efb203dffe2b4ea48bba7ea91771cb37b4a1d9ff992b7e57cad80698

Download Submit
C:\Windows\System\kNwrMEq.exe

Filesize
2.3MB

MD5
9ca814a2ab8800ffd502e4a08a69adcd

SHA1
fe9b4e2ca0e16101bbc5cca7e946b67f888e5ace

SHA256
f683f6c118719d3e6c0834a90a5196576cda8b737f6f4a52ab35d74c94578837

SHA512
4a8e8967dff83b96768ea5f80deccfef9b15d905e034a6d63f5da18feb03cb4a4ca0cb067c50c188ecf973b7949c29a2968272dacdb9eba52ad8e10e9f22c5db

Download Submit
C:\Windows\System\lGemSZg.exe

Filesize
2.3MB

MD5
8377f2034003831cf5ade1eb06a2d45b

SHA1
8a3b398ea20cac10c0cc8ddd3e76ebbd79416076

SHA256
391b39e66b52ec61f0dd3c492f0c6f48301d4b0f1dced59ad92b0d2072ce3e2c

SHA512
2fd7fa672c4c6f11c6bcf3f1402c4af72829100add9fe45e14b0c1e8a4ff8c2fbd6fb285b51d0ba16a62b630f1674b265daa82ac78b2e5d7471bfe3b958b0e36

Download Submit
C:\Windows\System\mgliMXE.exe

Filesize
2.3MB

MD5
c6766d54d9e8a0469347f14ec1a34936

SHA1
a2e4f8bf47cc3275e3933d27975418ea6b21323a

SHA256
97a2d94ec1341040b8fc6b40631f2f6e10fe41b6edbafde4cda57c86dc05e74c

SHA512
8a66483fb47fc7eb02541b7406203e27999a7d9efa83a1c6ab957db805deec895d539c35ac20b801524d90372bd9e80c8d92d474b10606c4262d632f39e2c446

Download Submit
C:\Windows\System\phByKee.exe

Filesize
2.3MB

MD5
a6f31d6dd2f26cb5b166560d0d5a7264

SHA1
f4fbb6abb74f80984312bab4a7c3aacd9cba1ec0

SHA256
e64164c841bf90f5fea45dde4a9aec49e0e747c80f01d4092fa9a03302fc4d43

SHA512
f3af167f71c5f19fbf5464b27f62ce80719b4c3f1c00088f8d5b9b2dd69ad5f0d05c015d4d3605d0ce05dce1899860ba4c9fdf31a36b2d84665fbed45c36ae1a

Download Submit
C:\Windows\System\qMpoCiO.exe

Filesize
2.3MB

MD5
072bbc5a540100e04c34e93eaa6c0880

SHA1
ecb2047b94e9bfcc80b74143a6c1ad4eb38281b0

SHA256
c582a3797eac3ec5ee7a005f912893644afe93a43ed374a0d91b340642b26a4a

SHA512
7a632a6f20fb4b3060e2a3c809e7dc55db6dc860112cf0f6225cc0e98fcfb411ff8a35804fc24a61da8de60071f62070bcf4234876db7cb4ea4013d18182b919

Download Submit
C:\Windows\System\rVTHnvg.exe

Filesize
2.3MB

MD5
670aae83585da037d3c2bf563a53b543

SHA1
77f4fe9d807772997766b46a436092eebe113e07

SHA256
4dd56399fb856f5ffd3ba61d9e03b13ffc24a9c31056c998425c84b581e3380f

SHA512
3bb35deaddd6d6fc615323d9551dabc4859c8a70dff1f6e1c4b1960cfb3e72060a02d09f0644d195826366b1509d4c66934986b7d36848a3e2e8ba0a231d5291

Download Submit
C:\Windows\System\rtdhzDK.exe

Filesize
2.3MB

MD5
86c787934abbdbbca1448bdb974d29f1

SHA1
ec51bfdaa19f056ec218dfa4bdd68e9c4392c07f

SHA256
861e540e553a9933bae6fec12c716ff4e87ac712fe352cd85d4b6cf74a14ee02

SHA512
44177644cb921846a010e8e2f7e68d2f2a12fa62eb4a4d9dcd040f1dab1a171e8211212e6a8c4014f1cc169b6df49cedd97a333f76532acef285ab960818a7ac

Download Submit
C:\Windows\System\txwDuwK.exe

Filesize
2.3MB

MD5
7b8b76ca1310b63bcc96d1e24e3fd8a2

SHA1
5ab53a7bd7820e354d2de04d1ed1a5bf9d2d0772

SHA256
a36fc0019039bb5fec6e5ed68f43b5394602e31ef809c2153f7fc1aea991b361

SHA512
ae0fb5e87c86529c38a9ff8b410e4587abe07d6a096da848254729f61c719de3a894d84b357e3e3f662968f6b910d1e897148ecaa303e27d46bb623916aa2ace

Download Submit
C:\Windows\System\uTGiTrM.exe

Filesize
2.3MB

MD5
c42622b866709405794647a3f0813cdf

SHA1
0e7712ca48ffc0a04a054ae67a7a4644e775e667

SHA256
19e97546934457f9ebdeafaba41c7c41a3f37a381d609d6de7a3e0b7be2fce40

SHA512
4b94e2aec6018a46775fbf57ed8fb06bb867329de91a9676d0ed7d16f76989c75c6d49a4a2402f84bcc3802529f4247d01c322dd070add8b9b56e3f67f4e8455

Download Submit
C:\Windows\System\vbAynvT.exe

Filesize
2.3MB

MD5
9ccf37c230e12e70104e73b96fe91cc8

SHA1
fd7fc887f23a5fe49823bd6a8f430e57b6b7b85b

SHA256
a446b1f1aed9d7ccf31840a584ee7b0b128805d312c60b3549acea25f3aa741a

SHA512
87cadfd215cf3805ee5701801297bac8f91f6cde4a63265347d323f4b113f074084e7c8ea1b813953ff09647f91d45df542ca7319890db27dcf0cb8a52636816

Download Submit
C:\Windows\System\wHAeWWl.exe

Filesize
2.3MB

MD5
3fdda2537743c7965907c9c1cc7098fb

SHA1
d8a60fe7261b06c982a8868bbeaa58258ca70a55

SHA256
999d330492004ea358a7c728d146f559878fdb1a9d73bc83d630d45fddc1aef4

SHA512
6f7385dfeb2c1164c4ea17ddb7a5ee6dac6b229799a48efac3c5b2ac63ccc40ca7cba63517dd51ec792f9cef432146120bb05330c60f8b57b48ebdd6b600e029

Download Submit
C:\Windows\System\xgDtYtZ.exe

Filesize
2.3MB

MD5
7275c0f1dcdbb9a38facc34055fbc7fb

SHA1
5d0b22f24be06b8190331b8656ad91f693eacd14

SHA256
1ea4ef41a65bd9e86340f0a72607e8a693166d843c07b2581885eddaf6a043c8

SHA512
b56a80266763b5fac9c190e3d54d99d32f34945b5758b3de347c9f726e9733e5c19b149da6f4c00b003aa21d6cc5065e02753b16c35f27cfb1d5ba84dd0116ff

Download Submit
C:\Windows\System\xjAjGtx.exe

Filesize
2.3MB

MD5
b7f9c9944105cea08282d89c1a176058

SHA1
aeab25e5e8f8d979d443514387882c3f576c436b

SHA256
e410441c4f8b5cebab82d9f7616884b86ee7f00914c31a0fe63418fa608b3aa3

SHA512
662e37de479d48de72d7d89bb910d030dead607d189ec0ea83ace8cb7e850366e385fabea894ebf40ced0f87b1ebc4146965c29669449ec3bae333561d2992db

Download Submit
C:\Windows\System\yHtqRNw.exe

Filesize
2.3MB

MD5
1ca22e2d8ab16c77d983a2349c343744

SHA1
5c1c127922f05b1cca461eefcaf3109ebe3bcb69

SHA256
bbed9c0459431a0b2f3f56688f98efb0d40a7b528da6f8066ac1a9bf69e4bf19

SHA512
73471a0d77f6aaa214823fc1575d3762e6da987d9f35da4e160a7bc007c566d67d768350bd074726961d195f3e9dc829c463380c78cd4395a8abcb3e9ca32586

Download Submit
C:\Windows\System\yqyQlCk.exe

Filesize
2.3MB

MD5
9bf834501aca43ce3e174f64e6b73fb8

SHA1
79a7faacb4b9b7d0e5c14275d3a2db0627ce3748

SHA256
b81a0423b32f49f2bbd9c7899305a5ea719af6afffe8e627741e07b638873913

SHA512
21a50745702c326fc7b97aa7b7e42ffe7b02ad26bb1797009216dce2368a0cb5d4b3a719aa597e6c8c9fbca5067d6591335b0228d44e96f00c0f51e24f4a0933

Download Submit
C:\Windows\System\ytJwHGH.exe

Filesize
2.3MB

MD5
aafb3b74a6fd6629b0f47bb12c0f1905

SHA1
f6da6f592e568dcc66ecc1a5ac9b21c82884e0a5

SHA256
9c02e16996384f7432936c2e650237a239663e53dbf373018ead24a85be1a00e

SHA512
8fc6e6263d49c93552f6739482aed1398211ca8c7efb82f30152c08c99dd9710bae9dbc3a0d08c997fbebcdbbbdb4d00dfec4e79934fb213e00637b63bf79648

Download Submit
memory/224-2119-0x00007FF778280000-0x00007FF7785D4000-memory.dmp

Filesize
3.3MB

Download
memory/224-99-0x00007FF778280000-0x00007FF7785D4000-memory.dmp

Filesize
3.3MB

Download
memory/644-145-0x00007FF6051A0000-0x00007FF6054F4000-memory.dmp

Filesize
3.3MB

Download
memory/644-2136-0x00007FF6051A0000-0x00007FF6054F4000-memory.dmp

Filesize
3.3MB

Download
memory/1092-2131-0x00007FF6494A0000-0x00007FF6497F4000-memory.dmp

Filesize
3.3MB

Download
memory/1092-98-0x00007FF6494A0000-0x00007FF6497F4000-memory.dmp

Filesize
3.3MB

Download
memory/1264-47-0x00007FF671080000-0x00007FF6713D4000-memory.dmp

Filesize
3.3MB

Download
memory/1264-2120-0x00007FF671080000-0x00007FF6713D4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-137-0x00007FF690F80000-0x00007FF6912D4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-2140-0x00007FF690F80000-0x00007FF6912D4000-memory.dmp

Filesize
3.3MB

Download
memory/1616-2127-0x00007FF6FA8C0000-0x00007FF6FAC14000-memory.dmp

Filesize
3.3MB

Download
memory/1616-101-0x00007FF6FA8C0000-0x00007FF6FAC14000-memory.dmp

Filesize
3.3MB

Download
memory/1800-262-0x00007FF604FB0000-0x00007FF605304000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2145-0x00007FF604FB0000-0x00007FF605304000-memory.dmp

Filesize
3.3MB

Download
memory/1932-2125-0x00007FF7354B0000-0x00007FF735804000-memory.dmp

Filesize
3.3MB

Download
memory/1932-59-0x00007FF7354B0000-0x00007FF735804000-memory.dmp

Filesize
3.3MB

Download
memory/1996-150-0x00007FF6EC040000-0x00007FF6EC394000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2138-0x00007FF6EC040000-0x00007FF6EC394000-memory.dmp

Filesize
3.3MB

Download
memory/2192-82-0x00007FF684CC0000-0x00007FF685014000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2124-0x00007FF684CC0000-0x00007FF685014000-memory.dmp

Filesize
3.3MB

Download
memory/2196-161-0x00007FF667700000-0x00007FF667A54000-memory.dmp

Filesize
3.3MB

Download
memory/2196-2117-0x00007FF667700000-0x00007FF667A54000-memory.dmp

Filesize
3.3MB

Download
memory/2196-2146-0x00007FF667700000-0x00007FF667A54000-memory.dmp

Filesize
3.3MB

Download
memory/2280-2132-0x00007FF7D1E90000-0x00007FF7D21E4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-95-0x00007FF7D1E90000-0x00007FF7D21E4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2118-0x00007FF7D9480000-0x00007FF7D97D4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-12-0x00007FF7D9480000-0x00007FF7D97D4000-memory.dmp

Filesize
3.3MB

Download
memory/3100-196-0x00007FF7FEB70000-0x00007FF7FEEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3100-2143-0x00007FF7FEB70000-0x00007FF7FEEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3104-2130-0x00007FF687660000-0x00007FF6879B4000-memory.dmp

Filesize
3.3MB

Download
memory/3104-102-0x00007FF687660000-0x00007FF6879B4000-memory.dmp

Filesize
3.3MB

Download
memory/3272-2139-0x00007FF64E600000-0x00007FF64E954000-memory.dmp

Filesize
3.3MB

Download
memory/3272-177-0x00007FF64E600000-0x00007FF64E954000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2133-0x00007FF6C5900000-0x00007FF6C5C54000-memory.dmp

Filesize
3.3MB

Download
memory/3432-90-0x00007FF6C5900000-0x00007FF6C5C54000-memory.dmp

Filesize
3.3MB

Download
memory/3680-254-0x00007FF6577A0000-0x00007FF657AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3680-2144-0x00007FF6577A0000-0x00007FF657AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3760-2135-0x00007FF69E0D0000-0x00007FF69E424000-memory.dmp

Filesize
3.3MB

Download
memory/3760-118-0x00007FF69E0D0000-0x00007FF69E424000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2121-0x00007FF7EB800000-0x00007FF7EBB54000-memory.dmp

Filesize
3.3MB

Download
memory/3948-53-0x00007FF7EB800000-0x00007FF7EBB54000-memory.dmp

Filesize
3.3MB

Download
memory/3956-2129-0x00007FF7DCB80000-0x00007FF7DCED4000-memory.dmp

Filesize
3.3MB

Download
memory/3956-103-0x00007FF7DCB80000-0x00007FF7DCED4000-memory.dmp

Filesize
3.3MB

Download
memory/4076-77-0x00007FF70B7F0000-0x00007FF70BB44000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2114-0x00007FF70B7F0000-0x00007FF70BB44000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2126-0x00007FF70B7F0000-0x00007FF70BB44000-memory.dmp

Filesize
3.3MB

Download
memory/4200-2122-0x00007FF783E10000-0x00007FF784164000-memory.dmp

Filesize
3.3MB

Download
memory/4200-100-0x00007FF783E10000-0x00007FF784164000-memory.dmp

Filesize
3.3MB

Download
memory/4404-141-0x00007FF78F600000-0x00007FF78F954000-memory.dmp

Filesize
3.3MB

Download
memory/4404-2116-0x00007FF78F600000-0x00007FF78F954000-memory.dmp

Filesize
3.3MB

Download
memory/4404-2141-0x00007FF78F600000-0x00007FF78F954000-memory.dmp

Filesize
3.3MB

Download
memory/4600-2134-0x00007FF6BFBA0000-0x00007FF6BFEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-104-0x00007FF6BFBA0000-0x00007FF6BFEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2113-0x00007FF621880000-0x00007FF621BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-27-0x00007FF621880000-0x00007FF621BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2123-0x00007FF621880000-0x00007FF621BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2115-0x00007FF65C810000-0x00007FF65CB64000-memory.dmp

Filesize
3.3MB

Download
memory/4780-126-0x00007FF65C810000-0x00007FF65CB64000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2137-0x00007FF65C810000-0x00007FF65CB64000-memory.dmp

Filesize
3.3MB

Download
memory/4904-1780-0x00007FF698A30000-0x00007FF698D84000-memory.dmp

Filesize
3.3MB

Download
memory/4904-1-0x000001D7EE340000-0x000001D7EE350000-memory.dmp

Filesize
64KB

Download
memory/4904-0-0x00007FF698A30000-0x00007FF698D84000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2142-0x00007FF669820000-0x00007FF669B74000-memory.dmp

Filesize
3.3MB

Download
memory/4988-155-0x00007FF669820000-0x00007FF669B74000-memory.dmp

Filesize
3.3MB

Download
memory/5104-81-0x00007FF6B7E40000-0x00007FF6B8194000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2128-0x00007FF6B7E40000-0x00007FF6B8194000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads