xmrig | 4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28

Analysis

max time kernel
132s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
Size

2.3MB
MD5

d9ded2a4155e10280c5387278e71faa0
SHA1

71e4c123e0d26c3f864da3e3a2ac53aed58be5eb
SHA256

4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28
SHA512

18b21511ecaaee1150aa210180c21b6b63099d675855c94ccbb3f4281752f7e76f4618e593decbad6a6cd44b0bc7e4a84765bb75d6d7402da37ec7da34d50633
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQFxxXgA5Bc+QvdL5Gqa4g:BemTLkNdfE0pZrQR

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/456-0-0x00007FF705A00000-0x00007FF705D54000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-5.dat	xmrig
behavioral2/files/0x000700000002340f-12.dat	xmrig
behavioral2/files/0x0007000000023410-17.dat	xmrig
behavioral2/files/0x0007000000023415-43.dat	xmrig
behavioral2/files/0x0007000000023417-56.dat	xmrig
behavioral2/files/0x0007000000023412-50.dat	xmrig
behavioral2/memory/4732-99-0x00007FF6F27F0000-0x00007FF6F2B44000-memory.dmp	xmrig
behavioral2/memory/1944-111-0x00007FF7D54E0000-0x00007FF7D5834000-memory.dmp	xmrig
behavioral2/memory/4048-114-0x00007FF6F71E0000-0x00007FF6F7534000-memory.dmp	xmrig
behavioral2/memory/2940-118-0x00007FF6BBE40000-0x00007FF6BC194000-memory.dmp	xmrig
behavioral2/memory/1808-123-0x00007FF768ED0000-0x00007FF769224000-memory.dmp	xmrig
behavioral2/memory/4432-122-0x00007FF6E3610000-0x00007FF6E3964000-memory.dmp	xmrig
behavioral2/memory/2988-121-0x00007FF60C990000-0x00007FF60CCE4000-memory.dmp	xmrig
behavioral2/memory/4988-120-0x00007FF668C20000-0x00007FF668F74000-memory.dmp	xmrig
behavioral2/memory/2840-119-0x00007FF734E90000-0x00007FF7351E4000-memory.dmp	xmrig
behavioral2/memory/3128-117-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp	xmrig
behavioral2/memory/4440-116-0x00007FF663420000-0x00007FF663774000-memory.dmp	xmrig
behavioral2/memory/2768-115-0x00007FF6C4B00000-0x00007FF6C4E54000-memory.dmp	xmrig
behavioral2/memory/1268-113-0x00007FF792F70000-0x00007FF7932C4000-memory.dmp	xmrig
behavioral2/memory/2836-112-0x00007FF711EC0000-0x00007FF712214000-memory.dmp	xmrig
behavioral2/files/0x0007000000023422-110.dat	xmrig
behavioral2/files/0x0007000000023421-109.dat	xmrig
behavioral2/files/0x0007000000023420-108.dat	xmrig
behavioral2/files/0x000700000002341f-107.dat	xmrig
behavioral2/memory/3464-106-0x00007FF7C05A0000-0x00007FF7C08F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-105.dat	xmrig
behavioral2/files/0x000700000002341b-104.dat	xmrig
behavioral2/files/0x000700000002341a-103.dat	xmrig
behavioral2/files/0x000700000002341e-102.dat	xmrig
behavioral2/files/0x000700000002341d-101.dat	xmrig
behavioral2/files/0x0007000000023419-100.dat	xmrig
behavioral2/files/0x0007000000023413-93.dat	xmrig
behavioral2/memory/2012-91-0x00007FF659D20000-0x00007FF65A074000-memory.dmp	xmrig
behavioral2/memory/4136-88-0x00007FF635630000-0x00007FF635984000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-81.dat	xmrig
behavioral2/files/0x0007000000023418-63.dat	xmrig
behavioral2/memory/1432-59-0x00007FF7705C0000-0x00007FF770914000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-49.dat	xmrig
behavioral2/files/0x0007000000023414-52.dat	xmrig
behavioral2/memory/4856-38-0x00007FF73F140000-0x00007FF73F494000-memory.dmp	xmrig
behavioral2/memory/528-37-0x00007FF7F90E0000-0x00007FF7F9434000-memory.dmp	xmrig
behavioral2/memory/2752-24-0x00007FF793EC0000-0x00007FF794214000-memory.dmp	xmrig
behavioral2/files/0x000800000002340e-20.dat	xmrig
behavioral2/memory/4032-9-0x00007FF6C2530000-0x00007FF6C2884000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-162.dat	xmrig
behavioral2/files/0x000700000002342b-181.dat	xmrig
behavioral2/memory/5040-202-0x00007FF793010000-0x00007FF793364000-memory.dmp	xmrig
behavioral2/memory/1176-211-0x00007FF6544B0000-0x00007FF654804000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-194.dat	xmrig
behavioral2/memory/880-192-0x00007FF7B6160000-0x00007FF7B64B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-190.dat	xmrig
behavioral2/files/0x000700000002342d-189.dat	xmrig
behavioral2/files/0x000700000002342c-188.dat	xmrig
behavioral2/files/0x0007000000023429-184.dat	xmrig
behavioral2/files/0x0007000000023428-182.dat	xmrig
behavioral2/memory/1404-177-0x00007FF699070000-0x00007FF6993C4000-memory.dmp	xmrig
behavioral2/memory/1248-174-0x00007FF744D40000-0x00007FF745094000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-171.dat	xmrig
behavioral2/files/0x0007000000023425-169.dat	xmrig
behavioral2/files/0x0007000000023424-167.dat	xmrig
behavioral2/files/0x000800000002340c-165.dat	xmrig
behavioral2/files/0x0007000000023427-164.dat	xmrig
behavioral2/memory/756-161-0x00007FF743B90000-0x00007FF743EE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4032	foqNBEY.exe
2752	QxWFNAX.exe
528	SmlKLtZ.exe
4856	xMELIoW.exe
1432	uhskDsr.exe
4136	rfAFjqI.exe
2012	UYrWxQf.exe
2988	cfohGNt.exe
4732	gwHvomF.exe
3464	UYZCSKm.exe
1944	dpMppRe.exe
4432	YzncYCD.exe
2836	SfbsoPQ.exe
1268	jCHnvCI.exe
4048	QSubvTN.exe
2768	vDEMAAh.exe
1808	WIJQdEM.exe
4440	rTOFjZt.exe
3128	EcnThGr.exe
2940	QiXneYs.exe
2840	nHWBFoz.exe
4988	rLBYZjK.exe
1524	IRcjBMt.exe
756	CxtKPnu.exe
5040	WgRcNKc.exe
1248	iwZosNa.exe
1404	hYUTYNX.exe
1176	XXQXPHN.exe
880	IZiNfoH.exe
2320	xyvIqWX.exe
3648	CYGUFGl.exe
4472	FLWxRXK.exe
2644	sNAaTJI.exe
3668	PYDcjdT.exe
1600	rvYIpUO.exe
320	jCcHHEi.exe
4932	tojhuWV.exe
5000	VOUUKVO.exe
3888	VTyXNmx.exe
224	WZyLKpa.exe
3064	ARZmMpc.exe
1396	ngaiXft.exe
4612	XcgOvjs.exe
3968	bPSKduo.exe
1044	CGHKzEP.exe
4824	oCmdmhc.exe
888	nXgkKKA.exe
2096	ZoowQHe.exe
2000	TteLmpR.exe
3164	wSVpBUx.exe
4512	NoytVHC.exe
416	EoTpSCR.exe
516	hsGcfbP.exe
1308	coQsrPg.exe
3652	KFHAxyE.exe
3516	cpXtaXJ.exe
5036	GsZhLzz.exe
4408	LzZHiqB.exe
1660	dRbjUfC.exe
2364	rdkQNjw.exe
3608	fMtHVzD.exe
4304	JzrWIyR.exe
668	OeSjLvJ.exe
3404	iCncmLd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/456-0-0x00007FF705A00000-0x00007FF705D54000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-5.dat	upx
behavioral2/files/0x000700000002340f-12.dat	upx
behavioral2/files/0x0007000000023410-17.dat	upx
behavioral2/files/0x0007000000023415-43.dat	upx
behavioral2/files/0x0007000000023417-56.dat	upx
behavioral2/files/0x0007000000023412-50.dat	upx
behavioral2/memory/4732-99-0x00007FF6F27F0000-0x00007FF6F2B44000-memory.dmp	upx
behavioral2/memory/1944-111-0x00007FF7D54E0000-0x00007FF7D5834000-memory.dmp	upx
behavioral2/memory/4048-114-0x00007FF6F71E0000-0x00007FF6F7534000-memory.dmp	upx
behavioral2/memory/2940-118-0x00007FF6BBE40000-0x00007FF6BC194000-memory.dmp	upx
behavioral2/memory/1808-123-0x00007FF768ED0000-0x00007FF769224000-memory.dmp	upx
behavioral2/memory/4432-122-0x00007FF6E3610000-0x00007FF6E3964000-memory.dmp	upx
behavioral2/memory/2988-121-0x00007FF60C990000-0x00007FF60CCE4000-memory.dmp	upx
behavioral2/memory/4988-120-0x00007FF668C20000-0x00007FF668F74000-memory.dmp	upx
behavioral2/memory/2840-119-0x00007FF734E90000-0x00007FF7351E4000-memory.dmp	upx
behavioral2/memory/3128-117-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp	upx
behavioral2/memory/4440-116-0x00007FF663420000-0x00007FF663774000-memory.dmp	upx
behavioral2/memory/2768-115-0x00007FF6C4B00000-0x00007FF6C4E54000-memory.dmp	upx
behavioral2/memory/1268-113-0x00007FF792F70000-0x00007FF7932C4000-memory.dmp	upx
behavioral2/memory/2836-112-0x00007FF711EC0000-0x00007FF712214000-memory.dmp	upx
behavioral2/files/0x0007000000023422-110.dat	upx
behavioral2/files/0x0007000000023421-109.dat	upx
behavioral2/files/0x0007000000023420-108.dat	upx
behavioral2/files/0x000700000002341f-107.dat	upx
behavioral2/memory/3464-106-0x00007FF7C05A0000-0x00007FF7C08F4000-memory.dmp	upx
behavioral2/files/0x000700000002341c-105.dat	upx
behavioral2/files/0x000700000002341b-104.dat	upx
behavioral2/files/0x000700000002341a-103.dat	upx
behavioral2/files/0x000700000002341e-102.dat	upx
behavioral2/files/0x000700000002341d-101.dat	upx
behavioral2/files/0x0007000000023419-100.dat	upx
behavioral2/files/0x0007000000023413-93.dat	upx
behavioral2/memory/2012-91-0x00007FF659D20000-0x00007FF65A074000-memory.dmp	upx
behavioral2/memory/4136-88-0x00007FF635630000-0x00007FF635984000-memory.dmp	upx
behavioral2/files/0x0007000000023416-81.dat	upx
behavioral2/files/0x0007000000023418-63.dat	upx
behavioral2/memory/1432-59-0x00007FF7705C0000-0x00007FF770914000-memory.dmp	upx
behavioral2/files/0x0007000000023411-49.dat	upx
behavioral2/files/0x0007000000023414-52.dat	upx
behavioral2/memory/4856-38-0x00007FF73F140000-0x00007FF73F494000-memory.dmp	upx
behavioral2/memory/528-37-0x00007FF7F90E0000-0x00007FF7F9434000-memory.dmp	upx
behavioral2/memory/2752-24-0x00007FF793EC0000-0x00007FF794214000-memory.dmp	upx
behavioral2/files/0x000800000002340e-20.dat	upx
behavioral2/memory/4032-9-0x00007FF6C2530000-0x00007FF6C2884000-memory.dmp	upx
behavioral2/files/0x0007000000023423-162.dat	upx
behavioral2/files/0x000700000002342b-181.dat	upx
behavioral2/memory/5040-202-0x00007FF793010000-0x00007FF793364000-memory.dmp	upx
behavioral2/memory/1176-211-0x00007FF6544B0000-0x00007FF654804000-memory.dmp	upx
behavioral2/files/0x0007000000023426-194.dat	upx
behavioral2/memory/880-192-0x00007FF7B6160000-0x00007FF7B64B4000-memory.dmp	upx
behavioral2/files/0x000700000002342e-190.dat	upx
behavioral2/files/0x000700000002342d-189.dat	upx
behavioral2/files/0x000700000002342c-188.dat	upx
behavioral2/files/0x0007000000023429-184.dat	upx
behavioral2/files/0x0007000000023428-182.dat	upx
behavioral2/memory/1404-177-0x00007FF699070000-0x00007FF6993C4000-memory.dmp	upx
behavioral2/memory/1248-174-0x00007FF744D40000-0x00007FF745094000-memory.dmp	upx
behavioral2/files/0x000700000002342a-171.dat	upx
behavioral2/files/0x0007000000023425-169.dat	upx
behavioral2/files/0x0007000000023424-167.dat	upx
behavioral2/files/0x000800000002340c-165.dat	upx
behavioral2/files/0x0007000000023427-164.dat	upx
behavioral2/memory/756-161-0x00007FF743B90000-0x00007FF743EE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IZiNfoH.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\qcAtLWo.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\dGQRNVE.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\haAgXlD.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\yLTzAIZ.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\ErDAmLe.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\sbTmSqO.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\FfYcsmt.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\ZVLypOg.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\wpIzPll.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\QVjCCqg.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\BMBquyT.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\dXJgkGr.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\UlcCXGn.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\fdpJTNu.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\QMcCvWm.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\EbZGYWQ.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\VeHvjcI.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\rgNUNMx.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\RHfUzQE.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\Inimnxu.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\rPpKrnC.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\YzWfHCJ.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\YBjUAXm.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\OMFDOVa.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\hYUTYNX.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\FpOovYx.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\WEPfOfc.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\oRYEFTG.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\iBUYqsM.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\zBZLuSa.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\JliWWJG.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\bySgcMc.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\IsfaTYb.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\FZauwmQ.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\UZHJSyc.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\CNKPqkW.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\dpLQQlD.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\ErLhBZa.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\gIRAuWV.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\EoyNvBY.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\uJhYClJ.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\QSXpuFl.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\WgRcNKc.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\rdkQNjw.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\dpDWteZ.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\wlwwEEn.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\otmJMdS.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\CYGUFGl.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\aZVEkct.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\uTuDriU.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\sFIQbjD.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\SwsPZHy.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\Hlhyuvb.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\cfohGNt.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\duhLnow.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\NLkDKUu.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\HHNBzsz.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\sswCjuX.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\dHeBySo.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\EcnThGr.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\pXRDbdX.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\HFYBrTY.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
File created	C:\Windows\System\iCncmLd.exe	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14908	dwm.exe
Token: SeChangeNotifyPrivilege	14908	dwm.exe
Token: 33	14908	dwm.exe
Token: SeIncBasePriorityPrivilege	14908	dwm.exe
Token: SeShutdownPrivilege	14908	dwm.exe
Token: SeCreatePagefilePrivilege	14908	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 4032	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	84
PID 456 wrote to memory of 4032	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	84
PID 456 wrote to memory of 528	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	85
PID 456 wrote to memory of 528	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	85
PID 456 wrote to memory of 2752	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	86
PID 456 wrote to memory of 2752	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	86
PID 456 wrote to memory of 4856	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	87
PID 456 wrote to memory of 4856	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	87
PID 456 wrote to memory of 1432	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	88
PID 456 wrote to memory of 1432	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	88
PID 456 wrote to memory of 4136	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	89
PID 456 wrote to memory of 4136	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	89
PID 456 wrote to memory of 2012	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	90
PID 456 wrote to memory of 2012	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	90
PID 456 wrote to memory of 2988	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	91
PID 456 wrote to memory of 2988	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	91
PID 456 wrote to memory of 4732	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	92
PID 456 wrote to memory of 4732	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	92
PID 456 wrote to memory of 3464	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	93
PID 456 wrote to memory of 3464	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	93
PID 456 wrote to memory of 1944	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	94
PID 456 wrote to memory of 1944	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	94
PID 456 wrote to memory of 4432	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	95
PID 456 wrote to memory of 4432	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	95
PID 456 wrote to memory of 2836	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	96
PID 456 wrote to memory of 2836	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	96
PID 456 wrote to memory of 1268	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	97
PID 456 wrote to memory of 1268	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	97
PID 456 wrote to memory of 4048	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	98
PID 456 wrote to memory of 4048	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	98
PID 456 wrote to memory of 2768	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	99
PID 456 wrote to memory of 2768	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	99
PID 456 wrote to memory of 1808	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	100
PID 456 wrote to memory of 1808	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	100
PID 456 wrote to memory of 4440	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	101
PID 456 wrote to memory of 4440	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	101
PID 456 wrote to memory of 3128	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	102
PID 456 wrote to memory of 3128	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	102
PID 456 wrote to memory of 2940	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	103
PID 456 wrote to memory of 2940	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	103
PID 456 wrote to memory of 2840	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	104
PID 456 wrote to memory of 2840	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	104
PID 456 wrote to memory of 4988	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	105
PID 456 wrote to memory of 4988	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	105
PID 456 wrote to memory of 1524	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	106
PID 456 wrote to memory of 1524	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	106
PID 456 wrote to memory of 756	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	107
PID 456 wrote to memory of 756	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	107
PID 456 wrote to memory of 5040	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	108
PID 456 wrote to memory of 5040	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	108
PID 456 wrote to memory of 1248	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	109
PID 456 wrote to memory of 1248	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	109
PID 456 wrote to memory of 1404	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	110
PID 456 wrote to memory of 1404	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	110
PID 456 wrote to memory of 2320	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	111
PID 456 wrote to memory of 2320	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	111
PID 456 wrote to memory of 1176	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	112
PID 456 wrote to memory of 1176	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	112
PID 456 wrote to memory of 880	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	113
PID 456 wrote to memory of 880	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	113
PID 456 wrote to memory of 3648	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	114
PID 456 wrote to memory of 3648	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	114
PID 456 wrote to memory of 4472	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	115
PID 456 wrote to memory of 4472	456	4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d3bd3a306ca64c8e044056d3b4043a36be5d1c9588a2220d919b72bd96bbd28_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:456
- C:\Windows\System\foqNBEY.exe
  C:\Windows\System\foqNBEY.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\SmlKLtZ.exe
  C:\Windows\System\SmlKLtZ.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\QxWFNAX.exe
  C:\Windows\System\QxWFNAX.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\xMELIoW.exe
  C:\Windows\System\xMELIoW.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\uhskDsr.exe
  C:\Windows\System\uhskDsr.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\rfAFjqI.exe
  C:\Windows\System\rfAFjqI.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\UYrWxQf.exe
  C:\Windows\System\UYrWxQf.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\cfohGNt.exe
  C:\Windows\System\cfohGNt.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\gwHvomF.exe
  C:\Windows\System\gwHvomF.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\UYZCSKm.exe
  C:\Windows\System\UYZCSKm.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\dpMppRe.exe
  C:\Windows\System\dpMppRe.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\YzncYCD.exe
  C:\Windows\System\YzncYCD.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\SfbsoPQ.exe
  C:\Windows\System\SfbsoPQ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\jCHnvCI.exe
  C:\Windows\System\jCHnvCI.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\QSubvTN.exe
  C:\Windows\System\QSubvTN.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\vDEMAAh.exe
  C:\Windows\System\vDEMAAh.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\WIJQdEM.exe
  C:\Windows\System\WIJQdEM.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\rTOFjZt.exe
  C:\Windows\System\rTOFjZt.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\EcnThGr.exe
  C:\Windows\System\EcnThGr.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\QiXneYs.exe
  C:\Windows\System\QiXneYs.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\nHWBFoz.exe
  C:\Windows\System\nHWBFoz.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\rLBYZjK.exe
  C:\Windows\System\rLBYZjK.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\IRcjBMt.exe
  C:\Windows\System\IRcjBMt.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\CxtKPnu.exe
  C:\Windows\System\CxtKPnu.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\WgRcNKc.exe
  C:\Windows\System\WgRcNKc.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\iwZosNa.exe
  C:\Windows\System\iwZosNa.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\hYUTYNX.exe
  C:\Windows\System\hYUTYNX.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\xyvIqWX.exe
  C:\Windows\System\xyvIqWX.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\XXQXPHN.exe
  C:\Windows\System\XXQXPHN.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\IZiNfoH.exe
  C:\Windows\System\IZiNfoH.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\CYGUFGl.exe
  C:\Windows\System\CYGUFGl.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\FLWxRXK.exe
  C:\Windows\System\FLWxRXK.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\sNAaTJI.exe
  C:\Windows\System\sNAaTJI.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\PYDcjdT.exe
  C:\Windows\System\PYDcjdT.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\rvYIpUO.exe
  C:\Windows\System\rvYIpUO.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\jCcHHEi.exe
  C:\Windows\System\jCcHHEi.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\tojhuWV.exe
  C:\Windows\System\tojhuWV.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\VOUUKVO.exe
  C:\Windows\System\VOUUKVO.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\VTyXNmx.exe
  C:\Windows\System\VTyXNmx.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\WZyLKpa.exe
  C:\Windows\System\WZyLKpa.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\ARZmMpc.exe
  C:\Windows\System\ARZmMpc.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ngaiXft.exe
  C:\Windows\System\ngaiXft.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\XcgOvjs.exe
  C:\Windows\System\XcgOvjs.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\bPSKduo.exe
  C:\Windows\System\bPSKduo.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\CGHKzEP.exe
  C:\Windows\System\CGHKzEP.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\oCmdmhc.exe
  C:\Windows\System\oCmdmhc.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\nXgkKKA.exe
  C:\Windows\System\nXgkKKA.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\ZoowQHe.exe
  C:\Windows\System\ZoowQHe.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\TteLmpR.exe
  C:\Windows\System\TteLmpR.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\wSVpBUx.exe
  C:\Windows\System\wSVpBUx.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\NoytVHC.exe
  C:\Windows\System\NoytVHC.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\EoTpSCR.exe
  C:\Windows\System\EoTpSCR.exe
  2⤵
  - Executes dropped EXE
  PID:416
- C:\Windows\System\hsGcfbP.exe
  C:\Windows\System\hsGcfbP.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\coQsrPg.exe
  C:\Windows\System\coQsrPg.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\KFHAxyE.exe
  C:\Windows\System\KFHAxyE.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\cpXtaXJ.exe
  C:\Windows\System\cpXtaXJ.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\GsZhLzz.exe
  C:\Windows\System\GsZhLzz.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\LzZHiqB.exe
  C:\Windows\System\LzZHiqB.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\dRbjUfC.exe
  C:\Windows\System\dRbjUfC.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\rdkQNjw.exe
  C:\Windows\System\rdkQNjw.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\fMtHVzD.exe
  C:\Windows\System\fMtHVzD.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\OeSjLvJ.exe
  C:\Windows\System\OeSjLvJ.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\JzrWIyR.exe
  C:\Windows\System\JzrWIyR.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\iCncmLd.exe
  C:\Windows\System\iCncmLd.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\SlhGKMr.exe
  C:\Windows\System\SlhGKMr.exe
  2⤵
  PID:4404
- C:\Windows\System\xtMuZBf.exe
  C:\Windows\System\xtMuZBf.exe
  2⤵
  PID:1724
- C:\Windows\System\vIXkMoO.exe
  C:\Windows\System\vIXkMoO.exe
  2⤵
  PID:4712
- C:\Windows\System\PPbbODw.exe
  C:\Windows\System\PPbbODw.exe
  2⤵
  PID:2800
- C:\Windows\System\foYhSgI.exe
  C:\Windows\System\foYhSgI.exe
  2⤵
  PID:4600
- C:\Windows\System\wfjKlHH.exe
  C:\Windows\System\wfjKlHH.exe
  2⤵
  PID:3056
- C:\Windows\System\mvxfIaJ.exe
  C:\Windows\System\mvxfIaJ.exe
  2⤵
  PID:5020
- C:\Windows\System\KxFqHTv.exe
  C:\Windows\System\KxFqHTv.exe
  2⤵
  PID:3616
- C:\Windows\System\YagapRP.exe
  C:\Windows\System\YagapRP.exe
  2⤵
  PID:3660
- C:\Windows\System\gVvYTwm.exe
  C:\Windows\System\gVvYTwm.exe
  2⤵
  PID:208
- C:\Windows\System\QhIfrwS.exe
  C:\Windows\System\QhIfrwS.exe
  2⤵
  PID:3752
- C:\Windows\System\nQgjOsT.exe
  C:\Windows\System\nQgjOsT.exe
  2⤵
  PID:4576
- C:\Windows\System\eZtiOxg.exe
  C:\Windows\System\eZtiOxg.exe
  2⤵
  PID:2772
- C:\Windows\System\wGXozdg.exe
  C:\Windows\System\wGXozdg.exe
  2⤵
  PID:3084
- C:\Windows\System\GgszwSo.exe
  C:\Windows\System\GgszwSo.exe
  2⤵
  PID:3420
- C:\Windows\System\bQxZbmF.exe
  C:\Windows\System\bQxZbmF.exe
  2⤵
  PID:868
- C:\Windows\System\XyZfjwi.exe
  C:\Windows\System\XyZfjwi.exe
  2⤵
  PID:3948
- C:\Windows\System\cOUXoex.exe
  C:\Windows\System\cOUXoex.exe
  2⤵
  PID:2476
- C:\Windows\System\TpWuWNL.exe
  C:\Windows\System\TpWuWNL.exe
  2⤵
  PID:1616
- C:\Windows\System\zWNSwwv.exe
  C:\Windows\System\zWNSwwv.exe
  2⤵
  PID:1068
- C:\Windows\System\kdUtAjF.exe
  C:\Windows\System\kdUtAjF.exe
  2⤵
  PID:2608
- C:\Windows\System\OqlmIxb.exe
  C:\Windows\System\OqlmIxb.exe
  2⤵
  PID:5096
- C:\Windows\System\PVgtGDP.exe
  C:\Windows\System\PVgtGDP.exe
  2⤵
  PID:1740
- C:\Windows\System\aQgpgCW.exe
  C:\Windows\System\aQgpgCW.exe
  2⤵
  PID:3572
- C:\Windows\System\GvlUQWD.exe
  C:\Windows\System\GvlUQWD.exe
  2⤵
  PID:4084
- C:\Windows\System\EDINyYM.exe
  C:\Windows\System\EDINyYM.exe
  2⤵
  PID:3288
- C:\Windows\System\LBdkQpS.exe
  C:\Windows\System\LBdkQpS.exe
  2⤵
  PID:696
- C:\Windows\System\fLWpOFE.exe
  C:\Windows\System\fLWpOFE.exe
  2⤵
  PID:3628
- C:\Windows\System\xKNOUps.exe
  C:\Windows\System\xKNOUps.exe
  2⤵
  PID:4016
- C:\Windows\System\tiMYudF.exe
  C:\Windows\System\tiMYudF.exe
  2⤵
  PID:1908
- C:\Windows\System\alhBgxM.exe
  C:\Windows\System\alhBgxM.exe
  2⤵
  PID:2416
- C:\Windows\System\uDevGtr.exe
  C:\Windows\System\uDevGtr.exe
  2⤵
  PID:1348
- C:\Windows\System\eMLHBfE.exe
  C:\Windows\System\eMLHBfE.exe
  2⤵
  PID:1668
- C:\Windows\System\QlPdKhw.exe
  C:\Windows\System\QlPdKhw.exe
  2⤵
  PID:3168
- C:\Windows\System\MZCwuYM.exe
  C:\Windows\System\MZCwuYM.exe
  2⤵
  PID:5140
- C:\Windows\System\piXbaAw.exe
  C:\Windows\System\piXbaAw.exe
  2⤵
  PID:5168
- C:\Windows\System\sDeUlIe.exe
  C:\Windows\System\sDeUlIe.exe
  2⤵
  PID:5204
- C:\Windows\System\RHzEwVF.exe
  C:\Windows\System\RHzEwVF.exe
  2⤵
  PID:5228
- C:\Windows\System\JliWWJG.exe
  C:\Windows\System\JliWWJG.exe
  2⤵
  PID:5256
- C:\Windows\System\VWEMVyX.exe
  C:\Windows\System\VWEMVyX.exe
  2⤵
  PID:5284
- C:\Windows\System\uPMSfpG.exe
  C:\Windows\System\uPMSfpG.exe
  2⤵
  PID:5312
- C:\Windows\System\VWorcKs.exe
  C:\Windows\System\VWorcKs.exe
  2⤵
  PID:5348
- C:\Windows\System\VcHflks.exe
  C:\Windows\System\VcHflks.exe
  2⤵
  PID:5372
- C:\Windows\System\HblfWQH.exe
  C:\Windows\System\HblfWQH.exe
  2⤵
  PID:5404
- C:\Windows\System\CTlqrBd.exe
  C:\Windows\System\CTlqrBd.exe
  2⤵
  PID:5420
- C:\Windows\System\yFIUapA.exe
  C:\Windows\System\yFIUapA.exe
  2⤵
  PID:5452
- C:\Windows\System\AqmnsEp.exe
  C:\Windows\System\AqmnsEp.exe
  2⤵
  PID:5496
- C:\Windows\System\TRxsmbm.exe
  C:\Windows\System\TRxsmbm.exe
  2⤵
  PID:5524
- C:\Windows\System\krzFFII.exe
  C:\Windows\System\krzFFII.exe
  2⤵
  PID:5560
- C:\Windows\System\qjQPcNg.exe
  C:\Windows\System\qjQPcNg.exe
  2⤵
  PID:5580
- C:\Windows\System\QoaBoxL.exe
  C:\Windows\System\QoaBoxL.exe
  2⤵
  PID:5624
- C:\Windows\System\aZVEkct.exe
  C:\Windows\System\aZVEkct.exe
  2⤵
  PID:5644
- C:\Windows\System\NXHoJIR.exe
  C:\Windows\System\NXHoJIR.exe
  2⤵
  PID:5692
- C:\Windows\System\XxwVewT.exe
  C:\Windows\System\XxwVewT.exe
  2⤵
  PID:5748
- C:\Windows\System\igxstRW.exe
  C:\Windows\System\igxstRW.exe
  2⤵
  PID:5764
- C:\Windows\System\UaowJgX.exe
  C:\Windows\System\UaowJgX.exe
  2⤵
  PID:5792
- C:\Windows\System\PDLnoYt.exe
  C:\Windows\System\PDLnoYt.exe
  2⤵
  PID:5844
- C:\Windows\System\oCoWoSj.exe
  C:\Windows\System\oCoWoSj.exe
  2⤵
  PID:5868
- C:\Windows\System\iqeynZd.exe
  C:\Windows\System\iqeynZd.exe
  2⤵
  PID:5908
- C:\Windows\System\jWRXRDI.exe
  C:\Windows\System\jWRXRDI.exe
  2⤵
  PID:5944
- C:\Windows\System\dpLQQlD.exe
  C:\Windows\System\dpLQQlD.exe
  2⤵
  PID:5972
- C:\Windows\System\cSCcxcJ.exe
  C:\Windows\System\cSCcxcJ.exe
  2⤵
  PID:5988
- C:\Windows\System\VKLLLnh.exe
  C:\Windows\System\VKLLLnh.exe
  2⤵
  PID:6024
- C:\Windows\System\tuipDum.exe
  C:\Windows\System\tuipDum.exe
  2⤵
  PID:6064
- C:\Windows\System\EmVPkyc.exe
  C:\Windows\System\EmVPkyc.exe
  2⤵
  PID:6084
- C:\Windows\System\mRJgqIy.exe
  C:\Windows\System\mRJgqIy.exe
  2⤵
  PID:6116
- C:\Windows\System\sVPRrfm.exe
  C:\Windows\System\sVPRrfm.exe
  2⤵
  PID:6136
- C:\Windows\System\gdfTSRb.exe
  C:\Windows\System\gdfTSRb.exe
  2⤵
  PID:5192
- C:\Windows\System\NEFCVew.exe
  C:\Windows\System\NEFCVew.exe
  2⤵
  PID:540
- C:\Windows\System\faWKfWr.exe
  C:\Windows\System\faWKfWr.exe
  2⤵
  PID:1416
- C:\Windows\System\sNzbYlp.exe
  C:\Windows\System\sNzbYlp.exe
  2⤵
  PID:5304
- C:\Windows\System\SUrlgrJ.exe
  C:\Windows\System\SUrlgrJ.exe
  2⤵
  PID:5356
- C:\Windows\System\fLhkHhI.exe
  C:\Windows\System\fLhkHhI.exe
  2⤵
  PID:5440
- C:\Windows\System\dEAYkQZ.exe
  C:\Windows\System\dEAYkQZ.exe
  2⤵
  PID:5492
- C:\Windows\System\dpDWteZ.exe
  C:\Windows\System\dpDWteZ.exe
  2⤵
  PID:5548
- C:\Windows\System\ZQFqBzJ.exe
  C:\Windows\System\ZQFqBzJ.exe
  2⤵
  PID:4248
- C:\Windows\System\zogOTVs.exe
  C:\Windows\System\zogOTVs.exe
  2⤵
  PID:5732
- C:\Windows\System\MsnApqv.exe
  C:\Windows\System\MsnApqv.exe
  2⤵
  PID:5864
- C:\Windows\System\HZzeKWu.exe
  C:\Windows\System\HZzeKWu.exe
  2⤵
  PID:5928
- C:\Windows\System\VVEpYvp.exe
  C:\Windows\System\VVEpYvp.exe
  2⤵
  PID:5964
- C:\Windows\System\QOKYGGH.exe
  C:\Windows\System\QOKYGGH.exe
  2⤵
  PID:6048
- C:\Windows\System\GZpihFO.exe
  C:\Windows\System\GZpihFO.exe
  2⤵
  PID:6132
- C:\Windows\System\vwzamrD.exe
  C:\Windows\System\vwzamrD.exe
  2⤵
  PID:5280
- C:\Windows\System\NRjZPhE.exe
  C:\Windows\System\NRjZPhE.exe
  2⤵
  PID:5296
- C:\Windows\System\LIYAdWX.exe
  C:\Windows\System\LIYAdWX.exe
  2⤵
  PID:5544
- C:\Windows\System\kNhzHcv.exe
  C:\Windows\System\kNhzHcv.exe
  2⤵
  PID:5776
- C:\Windows\System\QQILQTk.exe
  C:\Windows\System\QQILQTk.exe
  2⤵
  PID:5952
- C:\Windows\System\bzGQgjS.exe
  C:\Windows\System\bzGQgjS.exe
  2⤵
  PID:5980
- C:\Windows\System\lQUoMzI.exe
  C:\Windows\System\lQUoMzI.exe
  2⤵
  PID:6092
- C:\Windows\System\jXVrwuG.exe
  C:\Windows\System\jXVrwuG.exe
  2⤵
  PID:5248
- C:\Windows\System\uTMuulR.exe
  C:\Windows\System\uTMuulR.exe
  2⤵
  PID:5536
- C:\Windows\System\dbBKIxj.exe
  C:\Windows\System\dbBKIxj.exe
  2⤵
  PID:6072
- C:\Windows\System\XBckZqe.exe
  C:\Windows\System\XBckZqe.exe
  2⤵
  PID:6156
- C:\Windows\System\QVjCCqg.exe
  C:\Windows\System\QVjCCqg.exe
  2⤵
  PID:6196
- C:\Windows\System\KiUZnQl.exe
  C:\Windows\System\KiUZnQl.exe
  2⤵
  PID:6236
- C:\Windows\System\kfgvSaZ.exe
  C:\Windows\System\kfgvSaZ.exe
  2⤵
  PID:6268
- C:\Windows\System\UWubfnq.exe
  C:\Windows\System\UWubfnq.exe
  2⤵
  PID:6284
- C:\Windows\System\xjBsdjN.exe
  C:\Windows\System\xjBsdjN.exe
  2⤵
  PID:6304
- C:\Windows\System\FkqyqqF.exe
  C:\Windows\System\FkqyqqF.exe
  2⤵
  PID:6332
- C:\Windows\System\ytSDaNA.exe
  C:\Windows\System\ytSDaNA.exe
  2⤵
  PID:6360
- C:\Windows\System\JDytvrv.exe
  C:\Windows\System\JDytvrv.exe
  2⤵
  PID:6400
- C:\Windows\System\ELqQLCD.exe
  C:\Windows\System\ELqQLCD.exe
  2⤵
  PID:6424
- C:\Windows\System\oLKAwUF.exe
  C:\Windows\System\oLKAwUF.exe
  2⤵
  PID:6448
- C:\Windows\System\ZjbfvKz.exe
  C:\Windows\System\ZjbfvKz.exe
  2⤵
  PID:6472
- C:\Windows\System\rjEWgBq.exe
  C:\Windows\System\rjEWgBq.exe
  2⤵
  PID:6508
- C:\Windows\System\dlPqAXQ.exe
  C:\Windows\System\dlPqAXQ.exe
  2⤵
  PID:6552
- C:\Windows\System\EdwZiar.exe
  C:\Windows\System\EdwZiar.exe
  2⤵
  PID:6568
- C:\Windows\System\XyQfMop.exe
  C:\Windows\System\XyQfMop.exe
  2⤵
  PID:6608
- C:\Windows\System\AEmWFgQ.exe
  C:\Windows\System\AEmWFgQ.exe
  2⤵
  PID:6640
- C:\Windows\System\sbTmSqO.exe
  C:\Windows\System\sbTmSqO.exe
  2⤵
  PID:6668
- C:\Windows\System\EYBLPSr.exe
  C:\Windows\System\EYBLPSr.exe
  2⤵
  PID:6700
- C:\Windows\System\LeLXnRb.exe
  C:\Windows\System\LeLXnRb.exe
  2⤵
  PID:6736
- C:\Windows\System\oRHKdke.exe
  C:\Windows\System\oRHKdke.exe
  2⤵
  PID:6756
- C:\Windows\System\MpuAaTL.exe
  C:\Windows\System\MpuAaTL.exe
  2⤵
  PID:6792
- C:\Windows\System\JxwCGSZ.exe
  C:\Windows\System\JxwCGSZ.exe
  2⤵
  PID:6816
- C:\Windows\System\QqHLoHb.exe
  C:\Windows\System\QqHLoHb.exe
  2⤵
  PID:6832
- C:\Windows\System\umCdagD.exe
  C:\Windows\System\umCdagD.exe
  2⤵
  PID:6848
- C:\Windows\System\Rdsrjpg.exe
  C:\Windows\System\Rdsrjpg.exe
  2⤵
  PID:6864
- C:\Windows\System\pHYExSi.exe
  C:\Windows\System\pHYExSi.exe
  2⤵
  PID:6900
- C:\Windows\System\WobJGNS.exe
  C:\Windows\System\WobJGNS.exe
  2⤵
  PID:6924
- C:\Windows\System\ockFLZB.exe
  C:\Windows\System\ockFLZB.exe
  2⤵
  PID:6968
- C:\Windows\System\miYPZxe.exe
  C:\Windows\System\miYPZxe.exe
  2⤵
  PID:7000
- C:\Windows\System\DAALBpA.exe
  C:\Windows\System\DAALBpA.exe
  2⤵
  PID:7040
- C:\Windows\System\ileptcS.exe
  C:\Windows\System\ileptcS.exe
  2⤵
  PID:7076
- C:\Windows\System\gurSiJI.exe
  C:\Windows\System\gurSiJI.exe
  2⤵
  PID:7124
- C:\Windows\System\tVSofKo.exe
  C:\Windows\System\tVSofKo.exe
  2⤵
  PID:7148
- C:\Windows\System\gEWHnhL.exe
  C:\Windows\System\gEWHnhL.exe
  2⤵
  PID:6168
- C:\Windows\System\RHfUzQE.exe
  C:\Windows\System\RHfUzQE.exe
  2⤵
  PID:6204
- C:\Windows\System\SJkATfX.exe
  C:\Windows\System\SJkATfX.exe
  2⤵
  PID:6292
- C:\Windows\System\MxEQCNV.exe
  C:\Windows\System\MxEQCNV.exe
  2⤵
  PID:6380
- C:\Windows\System\myYDJlC.exe
  C:\Windows\System\myYDJlC.exe
  2⤵
  PID:6444
- C:\Windows\System\pBePTRU.exe
  C:\Windows\System\pBePTRU.exe
  2⤵
  PID:6524
- C:\Windows\System\gkteXvi.exe
  C:\Windows\System\gkteXvi.exe
  2⤵
  PID:6592
- C:\Windows\System\azBOihJ.exe
  C:\Windows\System\azBOihJ.exe
  2⤵
  PID:6632
- C:\Windows\System\MuxTNgT.exe
  C:\Windows\System\MuxTNgT.exe
  2⤵
  PID:6720
- C:\Windows\System\qcAtLWo.exe
  C:\Windows\System\qcAtLWo.exe
  2⤵
  PID:6784
- C:\Windows\System\pfTmSSf.exe
  C:\Windows\System\pfTmSSf.exe
  2⤵
  PID:6812
- C:\Windows\System\bTjtwGh.exe
  C:\Windows\System\bTjtwGh.exe
  2⤵
  PID:6860
- C:\Windows\System\HzPcWqO.exe
  C:\Windows\System\HzPcWqO.exe
  2⤵
  PID:6988
- C:\Windows\System\OCWgyTG.exe
  C:\Windows\System\OCWgyTG.exe
  2⤵
  PID:7088
- C:\Windows\System\hUKbqkI.exe
  C:\Windows\System\hUKbqkI.exe
  2⤵
  PID:5520
- C:\Windows\System\jBkgMWY.exe
  C:\Windows\System\jBkgMWY.exe
  2⤵
  PID:6328
- C:\Windows\System\CgZhqKe.exe
  C:\Windows\System\CgZhqKe.exe
  2⤵
  PID:6416
- C:\Windows\System\PDGuNbq.exe
  C:\Windows\System\PDGuNbq.exe
  2⤵
  PID:5708
- C:\Windows\System\QVaOeIy.exe
  C:\Windows\System\QVaOeIy.exe
  2⤵
  PID:5484
- C:\Windows\System\RGkEUHv.exe
  C:\Windows\System\RGkEUHv.exe
  2⤵
  PID:6752
- C:\Windows\System\AbegGTX.exe
  C:\Windows\System\AbegGTX.exe
  2⤵
  PID:6984
- C:\Windows\System\zTuHLPL.exe
  C:\Windows\System\zTuHLPL.exe
  2⤵
  PID:6256
- C:\Windows\System\XQzcOqd.exe
  C:\Windows\System\XQzcOqd.exe
  2⤵
  PID:5604
- C:\Windows\System\uKZYoHB.exe
  C:\Windows\System\uKZYoHB.exe
  2⤵
  PID:6744
- C:\Windows\System\wlkBIkL.exe
  C:\Windows\System\wlkBIkL.exe
  2⤵
  PID:6276
- C:\Windows\System\BDeGDWa.exe
  C:\Windows\System\BDeGDWa.exe
  2⤵
  PID:6996
- C:\Windows\System\HRAkWBX.exe
  C:\Windows\System\HRAkWBX.exe
  2⤵
  PID:6560
- C:\Windows\System\QzAuoSR.exe
  C:\Windows\System\QzAuoSR.exe
  2⤵
  PID:7192
- C:\Windows\System\KuoJkuI.exe
  C:\Windows\System\KuoJkuI.exe
  2⤵
  PID:7224
- C:\Windows\System\eOUWTGM.exe
  C:\Windows\System\eOUWTGM.exe
  2⤵
  PID:7248
- C:\Windows\System\fJifwtY.exe
  C:\Windows\System\fJifwtY.exe
  2⤵
  PID:7276
- C:\Windows\System\DChYHEV.exe
  C:\Windows\System\DChYHEV.exe
  2⤵
  PID:7292
- C:\Windows\System\YpMhIhg.exe
  C:\Windows\System\YpMhIhg.exe
  2⤵
  PID:7320
- C:\Windows\System\OgsUaZz.exe
  C:\Windows\System\OgsUaZz.exe
  2⤵
  PID:7360
- C:\Windows\System\tyGEbzC.exe
  C:\Windows\System\tyGEbzC.exe
  2⤵
  PID:7376
- C:\Windows\System\juVtmYW.exe
  C:\Windows\System\juVtmYW.exe
  2⤵
  PID:7404
- C:\Windows\System\jjJlWTj.exe
  C:\Windows\System\jjJlWTj.exe
  2⤵
  PID:7448
- C:\Windows\System\WfKuzzv.exe
  C:\Windows\System\WfKuzzv.exe
  2⤵
  PID:7484
- C:\Windows\System\fcFHUmg.exe
  C:\Windows\System\fcFHUmg.exe
  2⤵
  PID:7512
- C:\Windows\System\yaVojra.exe
  C:\Windows\System\yaVojra.exe
  2⤵
  PID:7556
- C:\Windows\System\SnfVkbn.exe
  C:\Windows\System\SnfVkbn.exe
  2⤵
  PID:7584
- C:\Windows\System\mlFwcsj.exe
  C:\Windows\System\mlFwcsj.exe
  2⤵
  PID:7612
- C:\Windows\System\eSHOCWb.exe
  C:\Windows\System\eSHOCWb.exe
  2⤵
  PID:7632
- C:\Windows\System\CgFCLbH.exe
  C:\Windows\System\CgFCLbH.exe
  2⤵
  PID:7672
- C:\Windows\System\svohnsE.exe
  C:\Windows\System\svohnsE.exe
  2⤵
  PID:7716
- C:\Windows\System\CTLQrog.exe
  C:\Windows\System\CTLQrog.exe
  2⤵
  PID:7756
- C:\Windows\System\LuZJviK.exe
  C:\Windows\System\LuZJviK.exe
  2⤵
  PID:7784
- C:\Windows\System\grhsfzC.exe
  C:\Windows\System\grhsfzC.exe
  2⤵
  PID:7832
- C:\Windows\System\gVPKnAA.exe
  C:\Windows\System\gVPKnAA.exe
  2⤵
  PID:7848
- C:\Windows\System\UlcCXGn.exe
  C:\Windows\System\UlcCXGn.exe
  2⤵
  PID:7872
- C:\Windows\System\IdvfNEG.exe
  C:\Windows\System\IdvfNEG.exe
  2⤵
  PID:7900
- C:\Windows\System\Inimnxu.exe
  C:\Windows\System\Inimnxu.exe
  2⤵
  PID:7940
- C:\Windows\System\uvcAjqn.exe
  C:\Windows\System\uvcAjqn.exe
  2⤵
  PID:7960
- C:\Windows\System\NNmNMTb.exe
  C:\Windows\System\NNmNMTb.exe
  2⤵
  PID:8008
- C:\Windows\System\QezAWeF.exe
  C:\Windows\System\QezAWeF.exe
  2⤵
  PID:8036
- C:\Windows\System\SgcHcqf.exe
  C:\Windows\System\SgcHcqf.exe
  2⤵
  PID:8084
- C:\Windows\System\uTuDriU.exe
  C:\Windows\System\uTuDriU.exe
  2⤵
  PID:8124
- C:\Windows\System\ECIfXsk.exe
  C:\Windows\System\ECIfXsk.exe
  2⤵
  PID:8144
- C:\Windows\System\fDGSsPb.exe
  C:\Windows\System\fDGSsPb.exe
  2⤵
  PID:8168
- C:\Windows\System\JqutpeA.exe
  C:\Windows\System\JqutpeA.exe
  2⤵
  PID:7212
- C:\Windows\System\CbcpygH.exe
  C:\Windows\System\CbcpygH.exe
  2⤵
  PID:7308
- C:\Windows\System\lrbPKhy.exe
  C:\Windows\System\lrbPKhy.exe
  2⤵
  PID:7436
- C:\Windows\System\IoFOXbg.exe
  C:\Windows\System\IoFOXbg.exe
  2⤵
  PID:7524
- C:\Windows\System\xuzgbAk.exe
  C:\Windows\System\xuzgbAk.exe
  2⤵
  PID:7580
- C:\Windows\System\mgevdcD.exe
  C:\Windows\System\mgevdcD.exe
  2⤵
  PID:7656
- C:\Windows\System\zACwqRR.exe
  C:\Windows\System\zACwqRR.exe
  2⤵
  PID:7684
- C:\Windows\System\inXEXmo.exe
  C:\Windows\System\inXEXmo.exe
  2⤵
  PID:7776
- C:\Windows\System\LqFWdio.exe
  C:\Windows\System\LqFWdio.exe
  2⤵
  PID:7840
- C:\Windows\System\dbsLxpK.exe
  C:\Windows\System\dbsLxpK.exe
  2⤵
  PID:7924
- C:\Windows\System\wHNuYZE.exe
  C:\Windows\System\wHNuYZE.exe
  2⤵
  PID:7984
- C:\Windows\System\xRjfgTD.exe
  C:\Windows\System\xRjfgTD.exe
  2⤵
  PID:8132
- C:\Windows\System\cjZqHsO.exe
  C:\Windows\System\cjZqHsO.exe
  2⤵
  PID:8176
- C:\Windows\System\EFDGbsT.exe
  C:\Windows\System\EFDGbsT.exe
  2⤵
  PID:7372
- C:\Windows\System\MEeGWQC.exe
  C:\Windows\System\MEeGWQC.exe
  2⤵
  PID:7620
- C:\Windows\System\bFJfjfH.exe
  C:\Windows\System\bFJfjfH.exe
  2⤵
  PID:7844
- C:\Windows\System\KSzYmUE.exe
  C:\Windows\System\KSzYmUE.exe
  2⤵
  PID:7996
- C:\Windows\System\tVuSORC.exe
  C:\Windows\System\tVuSORC.exe
  2⤵
  PID:7288
- C:\Windows\System\OXDKAXc.exe
  C:\Windows\System\OXDKAXc.exe
  2⤵
  PID:7668
- C:\Windows\System\VgyeJJp.exe
  C:\Windows\System\VgyeJJp.exe
  2⤵
  PID:7956
- C:\Windows\System\wlwwEEn.exe
  C:\Windows\System\wlwwEEn.exe
  2⤵
  PID:8208
- C:\Windows\System\dSIIGnb.exe
  C:\Windows\System\dSIIGnb.exe
  2⤵
  PID:8228
- C:\Windows\System\vKFAJRn.exe
  C:\Windows\System\vKFAJRn.exe
  2⤵
  PID:8264
- C:\Windows\System\LGXPDSi.exe
  C:\Windows\System\LGXPDSi.exe
  2⤵
  PID:8288
- C:\Windows\System\duhLnow.exe
  C:\Windows\System\duhLnow.exe
  2⤵
  PID:8316
- C:\Windows\System\qDjjgWa.exe
  C:\Windows\System\qDjjgWa.exe
  2⤵
  PID:8352
- C:\Windows\System\HrgJMdw.exe
  C:\Windows\System\HrgJMdw.exe
  2⤵
  PID:8396
- C:\Windows\System\fYTlxer.exe
  C:\Windows\System\fYTlxer.exe
  2⤵
  PID:8416
- C:\Windows\System\CyBcSvx.exe
  C:\Windows\System\CyBcSvx.exe
  2⤵
  PID:8432
- C:\Windows\System\wxlGYJw.exe
  C:\Windows\System\wxlGYJw.exe
  2⤵
  PID:8460
- C:\Windows\System\AsENCRP.exe
  C:\Windows\System\AsENCRP.exe
  2⤵
  PID:8496
- C:\Windows\System\grErNcZ.exe
  C:\Windows\System\grErNcZ.exe
  2⤵
  PID:8528
- C:\Windows\System\BvKEQlY.exe
  C:\Windows\System\BvKEQlY.exe
  2⤵
  PID:8556
- C:\Windows\System\nFUWEng.exe
  C:\Windows\System\nFUWEng.exe
  2⤵
  PID:8584
- C:\Windows\System\eYHqHAz.exe
  C:\Windows\System\eYHqHAz.exe
  2⤵
  PID:8620
- C:\Windows\System\IxdLDbj.exe
  C:\Windows\System\IxdLDbj.exe
  2⤵
  PID:8640
- C:\Windows\System\cXUCyjV.exe
  C:\Windows\System\cXUCyjV.exe
  2⤵
  PID:8676
- C:\Windows\System\aGrsuyp.exe
  C:\Windows\System\aGrsuyp.exe
  2⤵
  PID:8704
- C:\Windows\System\miuPEvI.exe
  C:\Windows\System\miuPEvI.exe
  2⤵
  PID:8732
- C:\Windows\System\JhNszQF.exe
  C:\Windows\System\JhNszQF.exe
  2⤵
  PID:8764
- C:\Windows\System\vVQfbvj.exe
  C:\Windows\System\vVQfbvj.exe
  2⤵
  PID:8792
- C:\Windows\System\nPdKozd.exe
  C:\Windows\System\nPdKozd.exe
  2⤵
  PID:8820
- C:\Windows\System\pbJFyRM.exe
  C:\Windows\System\pbJFyRM.exe
  2⤵
  PID:8848
- C:\Windows\System\OxWfBnV.exe
  C:\Windows\System\OxWfBnV.exe
  2⤵
  PID:8868
- C:\Windows\System\zLUAkVY.exe
  C:\Windows\System\zLUAkVY.exe
  2⤵
  PID:8904
- C:\Windows\System\nKXPhUy.exe
  C:\Windows\System\nKXPhUy.exe
  2⤵
  PID:8932
- C:\Windows\System\QMAzUJg.exe
  C:\Windows\System\QMAzUJg.exe
  2⤵
  PID:8960
- C:\Windows\System\pEDltUn.exe
  C:\Windows\System\pEDltUn.exe
  2⤵
  PID:8976
- C:\Windows\System\UkRfRlX.exe
  C:\Windows\System\UkRfRlX.exe
  2⤵
  PID:9000
- C:\Windows\System\OBlPiww.exe
  C:\Windows\System\OBlPiww.exe
  2⤵
  PID:9032
- C:\Windows\System\fYPfLgS.exe
  C:\Windows\System\fYPfLgS.exe
  2⤵
  PID:9072
- C:\Windows\System\DpFFDPh.exe
  C:\Windows\System\DpFFDPh.exe
  2⤵
  PID:9096
- C:\Windows\System\IGkGONw.exe
  C:\Windows\System\IGkGONw.exe
  2⤵
  PID:9124
- C:\Windows\System\acGcozT.exe
  C:\Windows\System\acGcozT.exe
  2⤵
  PID:9156
- C:\Windows\System\vUroaZA.exe
  C:\Windows\System\vUroaZA.exe
  2⤵
  PID:9184
- C:\Windows\System\KcYMvFc.exe
  C:\Windows\System\KcYMvFc.exe
  2⤵
  PID:7920
- C:\Windows\System\ILYekZp.exe
  C:\Windows\System\ILYekZp.exe
  2⤵
  PID:8220
- C:\Windows\System\FpOovYx.exe
  C:\Windows\System\FpOovYx.exe
  2⤵
  PID:8276
- C:\Windows\System\NLkDKUu.exe
  C:\Windows\System\NLkDKUu.exe
  2⤵
  PID:8336
- C:\Windows\System\EKWsBXo.exe
  C:\Windows\System\EKWsBXo.exe
  2⤵
  PID:8380
- C:\Windows\System\iBUYqsM.exe
  C:\Windows\System\iBUYqsM.exe
  2⤵
  PID:8456
- C:\Windows\System\oTUeeMg.exe
  C:\Windows\System\oTUeeMg.exe
  2⤵
  PID:8540
- C:\Windows\System\oQbDrJK.exe
  C:\Windows\System\oQbDrJK.exe
  2⤵
  PID:8616
- C:\Windows\System\CdUnpyM.exe
  C:\Windows\System\CdUnpyM.exe
  2⤵
  PID:8648
- C:\Windows\System\tTTxUrv.exe
  C:\Windows\System\tTTxUrv.exe
  2⤵
  PID:8724
- C:\Windows\System\BTWRuuC.exe
  C:\Windows\System\BTWRuuC.exe
  2⤵
  PID:8784
- C:\Windows\System\eoJhRjc.exe
  C:\Windows\System\eoJhRjc.exe
  2⤵
  PID:8844
- C:\Windows\System\xXFTYNR.exe
  C:\Windows\System\xXFTYNR.exe
  2⤵
  PID:8916
- C:\Windows\System\dBsXkXT.exe
  C:\Windows\System\dBsXkXT.exe
  2⤵
  PID:8992
- C:\Windows\System\rPpKrnC.exe
  C:\Windows\System\rPpKrnC.exe
  2⤵
  PID:9060
- C:\Windows\System\hyQSgsf.exe
  C:\Windows\System\hyQSgsf.exe
  2⤵
  PID:9116
- C:\Windows\System\VHzLYZU.exe
  C:\Windows\System\VHzLYZU.exe
  2⤵
  PID:9176
- C:\Windows\System\HHNBzsz.exe
  C:\Windows\System\HHNBzsz.exe
  2⤵
  PID:8200
- C:\Windows\System\dWBkxwu.exe
  C:\Windows\System\dWBkxwu.exe
  2⤵
  PID:8348
- C:\Windows\System\fdpJTNu.exe
  C:\Windows\System\fdpJTNu.exe
  2⤵
  PID:8492
- C:\Windows\System\rLPqQtY.exe
  C:\Windows\System\rLPqQtY.exe
  2⤵
  PID:8628
- C:\Windows\System\dGQRNVE.exe
  C:\Windows\System\dGQRNVE.exe
  2⤵
  PID:8772
- C:\Windows\System\TzGqGhi.exe
  C:\Windows\System\TzGqGhi.exe
  2⤵
  PID:8944
- C:\Windows\System\HtnhoQE.exe
  C:\Windows\System\HtnhoQE.exe
  2⤵
  PID:9088
- C:\Windows\System\TKDAQle.exe
  C:\Windows\System\TKDAQle.exe
  2⤵
  PID:9208
- C:\Windows\System\bySgcMc.exe
  C:\Windows\System\bySgcMc.exe
  2⤵
  PID:8568
- C:\Windows\System\NXqPlSS.exe
  C:\Windows\System\NXqPlSS.exe
  2⤵
  PID:4828
- C:\Windows\System\aSNsvwh.exe
  C:\Windows\System\aSNsvwh.exe
  2⤵
  PID:9020
- C:\Windows\System\JJsDoxV.exe
  C:\Windows\System\JJsDoxV.exe
  2⤵
  PID:8472
- C:\Windows\System\uLBEBOQ.exe
  C:\Windows\System\uLBEBOQ.exe
  2⤵
  PID:8840
- C:\Windows\System\HDzOQBj.exe
  C:\Windows\System\HDzOQBj.exe
  2⤵
  PID:9240
- C:\Windows\System\AVzlPGb.exe
  C:\Windows\System\AVzlPGb.exe
  2⤵
  PID:9268
- C:\Windows\System\BKnweZx.exe
  C:\Windows\System\BKnweZx.exe
  2⤵
  PID:9296
- C:\Windows\System\uYYTpgt.exe
  C:\Windows\System\uYYTpgt.exe
  2⤵
  PID:9332
- C:\Windows\System\OrSwOEX.exe
  C:\Windows\System\OrSwOEX.exe
  2⤵
  PID:9352
- C:\Windows\System\XafLWgX.exe
  C:\Windows\System\XafLWgX.exe
  2⤵
  PID:9392
- C:\Windows\System\tQpZoQq.exe
  C:\Windows\System\tQpZoQq.exe
  2⤵
  PID:9428
- C:\Windows\System\mgmBFDH.exe
  C:\Windows\System\mgmBFDH.exe
  2⤵
  PID:9480
- C:\Windows\System\KcZbmnf.exe
  C:\Windows\System\KcZbmnf.exe
  2⤵
  PID:9512
- C:\Windows\System\EtVyjub.exe
  C:\Windows\System\EtVyjub.exe
  2⤵
  PID:9544
- C:\Windows\System\xxDGoHM.exe
  C:\Windows\System\xxDGoHM.exe
  2⤵
  PID:9560
- C:\Windows\System\IlRPqbf.exe
  C:\Windows\System\IlRPqbf.exe
  2⤵
  PID:9592
- C:\Windows\System\BxJBQuD.exe
  C:\Windows\System\BxJBQuD.exe
  2⤵
  PID:9636
- C:\Windows\System\BEjBEio.exe
  C:\Windows\System\BEjBEio.exe
  2⤵
  PID:9660
- C:\Windows\System\NimNxMJ.exe
  C:\Windows\System\NimNxMJ.exe
  2⤵
  PID:9688
- C:\Windows\System\FBinhqL.exe
  C:\Windows\System\FBinhqL.exe
  2⤵
  PID:9712
- C:\Windows\System\PnzsZkR.exe
  C:\Windows\System\PnzsZkR.exe
  2⤵
  PID:9732
- C:\Windows\System\jEnsesm.exe
  C:\Windows\System\jEnsesm.exe
  2⤵
  PID:9748
- C:\Windows\System\wjFzVtZ.exe
  C:\Windows\System\wjFzVtZ.exe
  2⤵
  PID:9764
- C:\Windows\System\bgITbxk.exe
  C:\Windows\System\bgITbxk.exe
  2⤵
  PID:9784
- C:\Windows\System\PUIUhNH.exe
  C:\Windows\System\PUIUhNH.exe
  2⤵
  PID:9808
- C:\Windows\System\zJpgxUy.exe
  C:\Windows\System\zJpgxUy.exe
  2⤵
  PID:9828
- C:\Windows\System\qzBFFLj.exe
  C:\Windows\System\qzBFFLj.exe
  2⤵
  PID:9860
- C:\Windows\System\ELMjiIE.exe
  C:\Windows\System\ELMjiIE.exe
  2⤵
  PID:9888
- C:\Windows\System\XjUrHxT.exe
  C:\Windows\System\XjUrHxT.exe
  2⤵
  PID:9912
- C:\Windows\System\YzKPgRs.exe
  C:\Windows\System\YzKPgRs.exe
  2⤵
  PID:9948
- C:\Windows\System\fQLYNOV.exe
  C:\Windows\System\fQLYNOV.exe
  2⤵
  PID:9996
- C:\Windows\System\LFvbjLD.exe
  C:\Windows\System\LFvbjLD.exe
  2⤵
  PID:10012
- C:\Windows\System\owJqJXk.exe
  C:\Windows\System\owJqJXk.exe
  2⤵
  PID:10028
- C:\Windows\System\oCqLNim.exe
  C:\Windows\System\oCqLNim.exe
  2⤵
  PID:10048
- C:\Windows\System\sswCjuX.exe
  C:\Windows\System\sswCjuX.exe
  2⤵
  PID:10076
- C:\Windows\System\WEPfOfc.exe
  C:\Windows\System\WEPfOfc.exe
  2⤵
  PID:10100
- C:\Windows\System\YexmiPc.exe
  C:\Windows\System\YexmiPc.exe
  2⤵
  PID:10120
- C:\Windows\System\qrjfcgF.exe
  C:\Windows\System\qrjfcgF.exe
  2⤵
  PID:10136
- C:\Windows\System\IdINSbT.exe
  C:\Windows\System\IdINSbT.exe
  2⤵
  PID:10168
- C:\Windows\System\yuILUsI.exe
  C:\Windows\System\yuILUsI.exe
  2⤵
  PID:10184
- C:\Windows\System\hTuyihX.exe
  C:\Windows\System\hTuyihX.exe
  2⤵
  PID:10220
- C:\Windows\System\ErLhBZa.exe
  C:\Windows\System\ErLhBZa.exe
  2⤵
  PID:9228
- C:\Windows\System\gDkiHia.exe
  C:\Windows\System\gDkiHia.exe
  2⤵
  PID:9292
- C:\Windows\System\RIhkuTj.exe
  C:\Windows\System\RIhkuTj.exe
  2⤵
  PID:9376
- C:\Windows\System\YlrdmOe.exe
  C:\Windows\System\YlrdmOe.exe
  2⤵
  PID:9476
- C:\Windows\System\gIRAuWV.exe
  C:\Windows\System\gIRAuWV.exe
  2⤵
  PID:9852
- C:\Windows\System\sWCMTZu.exe
  C:\Windows\System\sWCMTZu.exe
  2⤵
  PID:9904
- C:\Windows\System\zBZLuSa.exe
  C:\Windows\System\zBZLuSa.exe
  2⤵
  PID:9968
- C:\Windows\System\KrDTqSW.exe
  C:\Windows\System\KrDTqSW.exe
  2⤵
  PID:10040
- C:\Windows\System\XzOihFc.exe
  C:\Windows\System\XzOihFc.exe
  2⤵
  PID:10004
- C:\Windows\System\ceEeDVV.exe
  C:\Windows\System\ceEeDVV.exe
  2⤵
  PID:10208
- C:\Windows\System\zbMSSTA.exe
  C:\Windows\System\zbMSSTA.exe
  2⤵
  PID:8304
- C:\Windows\System\YpRVWbn.exe
  C:\Windows\System\YpRVWbn.exe
  2⤵
  PID:9256
- C:\Windows\System\NtjBFaB.exe
  C:\Windows\System\NtjBFaB.exe
  2⤵
  PID:9524
- C:\Windows\System\sqLTSJt.exe
  C:\Windows\System\sqLTSJt.exe
  2⤵
  PID:9756
- C:\Windows\System\UJWxhei.exe
  C:\Windows\System\UJWxhei.exe
  2⤵
  PID:9532
- C:\Windows\System\qBRUYZu.exe
  C:\Windows\System\qBRUYZu.exe
  2⤵
  PID:10072
- C:\Windows\System\hJNjveu.exe
  C:\Windows\System\hJNjveu.exe
  2⤵
  PID:10156
- C:\Windows\System\JZJvbyC.exe
  C:\Windows\System\JZJvbyC.exe
  2⤵
  PID:9776
- C:\Windows\System\FfYcsmt.exe
  C:\Windows\System\FfYcsmt.exe
  2⤵
  PID:9044
- C:\Windows\System\BUEEyWf.exe
  C:\Windows\System\BUEEyWf.exe
  2⤵
  PID:10008
- C:\Windows\System\HKKucLz.exe
  C:\Windows\System\HKKucLz.exe
  2⤵
  PID:9328
- C:\Windows\System\jGNtLnH.exe
  C:\Windows\System\jGNtLnH.exe
  2⤵
  PID:10268
- C:\Windows\System\EjfGFGc.exe
  C:\Windows\System\EjfGFGc.exe
  2⤵
  PID:10308
- C:\Windows\System\DDtRHOi.exe
  C:\Windows\System\DDtRHOi.exe
  2⤵
  PID:10324
- C:\Windows\System\EoyNvBY.exe
  C:\Windows\System\EoyNvBY.exe
  2⤵
  PID:10340
- C:\Windows\System\bqMmprO.exe
  C:\Windows\System\bqMmprO.exe
  2⤵
  PID:10376
- C:\Windows\System\qoeLDJE.exe
  C:\Windows\System\qoeLDJE.exe
  2⤵
  PID:10416
- C:\Windows\System\wCJALnK.exe
  C:\Windows\System\wCJALnK.exe
  2⤵
  PID:10436
- C:\Windows\System\ZVLypOg.exe
  C:\Windows\System\ZVLypOg.exe
  2⤵
  PID:10464
- C:\Windows\System\DQQoZhC.exe
  C:\Windows\System\DQQoZhC.exe
  2⤵
  PID:10500
- C:\Windows\System\FWRxGOu.exe
  C:\Windows\System\FWRxGOu.exe
  2⤵
  PID:10520
- C:\Windows\System\yRrivcb.exe
  C:\Windows\System\yRrivcb.exe
  2⤵
  PID:10552
- C:\Windows\System\doVctDN.exe
  C:\Windows\System\doVctDN.exe
  2⤵
  PID:10576
- C:\Windows\System\sWWayhc.exe
  C:\Windows\System\sWWayhc.exe
  2⤵
  PID:10604
- C:\Windows\System\xROwFoQ.exe
  C:\Windows\System\xROwFoQ.exe
  2⤵
  PID:10632
- C:\Windows\System\AZGEclU.exe
  C:\Windows\System\AZGEclU.exe
  2⤵
  PID:10664
- C:\Windows\System\NSXoMBg.exe
  C:\Windows\System\NSXoMBg.exe
  2⤵
  PID:10692
- C:\Windows\System\ARvBFmO.exe
  C:\Windows\System\ARvBFmO.exe
  2⤵
  PID:10720
- C:\Windows\System\UPXzkXO.exe
  C:\Windows\System\UPXzkXO.exe
  2⤵
  PID:10748
- C:\Windows\System\dpwSrEa.exe
  C:\Windows\System\dpwSrEa.exe
  2⤵
  PID:10768
- C:\Windows\System\TuGIGok.exe
  C:\Windows\System\TuGIGok.exe
  2⤵
  PID:10788
- C:\Windows\System\sUulWPs.exe
  C:\Windows\System\sUulWPs.exe
  2⤵
  PID:10812
- C:\Windows\System\ZvRgmSq.exe
  C:\Windows\System\ZvRgmSq.exe
  2⤵
  PID:10848
- C:\Windows\System\nqzqpWH.exe
  C:\Windows\System\nqzqpWH.exe
  2⤵
  PID:10884
- C:\Windows\System\tjlWSXE.exe
  C:\Windows\System\tjlWSXE.exe
  2⤵
  PID:10916
- C:\Windows\System\GXJusPU.exe
  C:\Windows\System\GXJusPU.exe
  2⤵
  PID:10932
- C:\Windows\System\BhvcWCZ.exe
  C:\Windows\System\BhvcWCZ.exe
  2⤵
  PID:10960
- C:\Windows\System\thRICJF.exe
  C:\Windows\System\thRICJF.exe
  2⤵
  PID:10996
- C:\Windows\System\YKUWqEf.exe
  C:\Windows\System\YKUWqEf.exe
  2⤵
  PID:11028
- C:\Windows\System\otSoHpY.exe
  C:\Windows\System\otSoHpY.exe
  2⤵
  PID:11060
- C:\Windows\System\IOHtVTF.exe
  C:\Windows\System\IOHtVTF.exe
  2⤵
  PID:11096
- C:\Windows\System\TDEkuqz.exe
  C:\Windows\System\TDEkuqz.exe
  2⤵
  PID:11116
- C:\Windows\System\knGcizJ.exe
  C:\Windows\System\knGcizJ.exe
  2⤵
  PID:11152
- C:\Windows\System\hXLqCNR.exe
  C:\Windows\System\hXLqCNR.exe
  2⤵
  PID:11168
- C:\Windows\System\rKncfyr.exe
  C:\Windows\System\rKncfyr.exe
  2⤵
  PID:11204
- C:\Windows\System\UvrzeYV.exe
  C:\Windows\System\UvrzeYV.exe
  2⤵
  PID:11236
- C:\Windows\System\EAiynnQ.exe
  C:\Windows\System\EAiynnQ.exe
  2⤵
  PID:5056
- C:\Windows\System\iAhJGUe.exe
  C:\Windows\System\iAhJGUe.exe
  2⤵
  PID:10264
- C:\Windows\System\wAuEjif.exe
  C:\Windows\System\wAuEjif.exe
  2⤵
  PID:10316
- C:\Windows\System\sXwImcb.exe
  C:\Windows\System\sXwImcb.exe
  2⤵
  PID:10408
- C:\Windows\System\yLmjGBW.exe
  C:\Windows\System\yLmjGBW.exe
  2⤵
  PID:10432
- C:\Windows\System\FFRtyVy.exe
  C:\Windows\System\FFRtyVy.exe
  2⤵
  PID:10488
- C:\Windows\System\hHKOaln.exe
  C:\Windows\System\hHKOaln.exe
  2⤵
  PID:10560
- C:\Windows\System\uTNFZYp.exe
  C:\Windows\System\uTNFZYp.exe
  2⤵
  PID:10644
- C:\Windows\System\COCepOM.exe
  C:\Windows\System\COCepOM.exe
  2⤵
  PID:10736
- C:\Windows\System\SJfGNER.exe
  C:\Windows\System\SJfGNER.exe
  2⤵
  PID:10832
- C:\Windows\System\YzWfHCJ.exe
  C:\Windows\System\YzWfHCJ.exe
  2⤵
  PID:10900
- C:\Windows\System\TNOoIVK.exe
  C:\Windows\System\TNOoIVK.exe
  2⤵
  PID:10924
- C:\Windows\System\mIUUIFc.exe
  C:\Windows\System\mIUUIFc.exe
  2⤵
  PID:11008
- C:\Windows\System\haAgXlD.exe
  C:\Windows\System\haAgXlD.exe
  2⤵
  PID:11040
- C:\Windows\System\BXaXgjR.exe
  C:\Windows\System\BXaXgjR.exe
  2⤵
  PID:11072
- C:\Windows\System\gvdKYhF.exe
  C:\Windows\System\gvdKYhF.exe
  2⤵
  PID:11140
- C:\Windows\System\DNkjNsT.exe
  C:\Windows\System\DNkjNsT.exe
  2⤵
  PID:11180
- C:\Windows\System\vOpHevW.exe
  C:\Windows\System\vOpHevW.exe
  2⤵
  PID:11256
- C:\Windows\System\YItFVDT.exe
  C:\Windows\System\YItFVDT.exe
  2⤵
  PID:10392
- C:\Windows\System\PNNwLUp.exe
  C:\Windows\System\PNNwLUp.exe
  2⤵
  PID:10600
- C:\Windows\System\BMBquyT.exe
  C:\Windows\System\BMBquyT.exe
  2⤵
  PID:10744
- C:\Windows\System\BTOqalx.exe
  C:\Windows\System\BTOqalx.exe
  2⤵
  PID:10836
- C:\Windows\System\KrWQtaJ.exe
  C:\Windows\System\KrWQtaJ.exe
  2⤵
  PID:10944
- C:\Windows\System\IIHIKdG.exe
  C:\Windows\System\IIHIKdG.exe
  2⤵
  PID:9436
- C:\Windows\System\WTAJRkM.exe
  C:\Windows\System\WTAJRkM.exe
  2⤵
  PID:11224
- C:\Windows\System\JQNZBKD.exe
  C:\Windows\System\JQNZBKD.exe
  2⤵
  PID:10360
- C:\Windows\System\gbLiojk.exe
  C:\Windows\System\gbLiojk.exe
  2⤵
  PID:10872
- C:\Windows\System\yLTzAIZ.exe
  C:\Windows\System\yLTzAIZ.exe
  2⤵
  PID:11280
- C:\Windows\System\IVfxAhS.exe
  C:\Windows\System\IVfxAhS.exe
  2⤵
  PID:11312
- C:\Windows\System\dEfZPiX.exe
  C:\Windows\System\dEfZPiX.exe
  2⤵
  PID:11344
- C:\Windows\System\nVDCFfc.exe
  C:\Windows\System\nVDCFfc.exe
  2⤵
  PID:11364
- C:\Windows\System\heylgRP.exe
  C:\Windows\System\heylgRP.exe
  2⤵
  PID:11396
- C:\Windows\System\utQaIEB.exe
  C:\Windows\System\utQaIEB.exe
  2⤵
  PID:11448
- C:\Windows\System\CAmGdln.exe
  C:\Windows\System\CAmGdln.exe
  2⤵
  PID:11472
- C:\Windows\System\RMXKTAh.exe
  C:\Windows\System\RMXKTAh.exe
  2⤵
  PID:11512
- C:\Windows\System\QMcCvWm.exe
  C:\Windows\System\QMcCvWm.exe
  2⤵
  PID:11540
- C:\Windows\System\IOdGeQZ.exe
  C:\Windows\System\IOdGeQZ.exe
  2⤵
  PID:11556
- C:\Windows\System\XKdAiCp.exe
  C:\Windows\System\XKdAiCp.exe
  2⤵
  PID:11580
- C:\Windows\System\kNIhXbQ.exe
  C:\Windows\System\kNIhXbQ.exe
  2⤵
  PID:11596
- C:\Windows\System\ESjbPuH.exe
  C:\Windows\System\ESjbPuH.exe
  2⤵
  PID:11624
- C:\Windows\System\nsgtqrk.exe
  C:\Windows\System\nsgtqrk.exe
  2⤵
  PID:11656
- C:\Windows\System\dMUgjwP.exe
  C:\Windows\System\dMUgjwP.exe
  2⤵
  PID:11696
- C:\Windows\System\zJfEDqi.exe
  C:\Windows\System\zJfEDqi.exe
  2⤵
  PID:11720
- C:\Windows\System\tBaQscj.exe
  C:\Windows\System\tBaQscj.exe
  2⤵
  PID:11760
- C:\Windows\System\kpsscox.exe
  C:\Windows\System\kpsscox.exe
  2⤵
  PID:11788
- C:\Windows\System\XAEDHnd.exe
  C:\Windows\System\XAEDHnd.exe
  2⤵
  PID:11812
- C:\Windows\System\xNyFtmJ.exe
  C:\Windows\System\xNyFtmJ.exe
  2⤵
  PID:11836
- C:\Windows\System\VWuYJwq.exe
  C:\Windows\System\VWuYJwq.exe
  2⤵
  PID:11872
- C:\Windows\System\xcubukF.exe
  C:\Windows\System\xcubukF.exe
  2⤵
  PID:11900
- C:\Windows\System\ouIvexT.exe
  C:\Windows\System\ouIvexT.exe
  2⤵
  PID:11940
- C:\Windows\System\MbwhrSI.exe
  C:\Windows\System\MbwhrSI.exe
  2⤵
  PID:11960
- C:\Windows\System\ynLRyVu.exe
  C:\Windows\System\ynLRyVu.exe
  2⤵
  PID:12012
- C:\Windows\System\hHyKWxm.exe
  C:\Windows\System\hHyKWxm.exe
  2⤵
  PID:12036
- C:\Windows\System\nqgxcSc.exe
  C:\Windows\System\nqgxcSc.exe
  2⤵
  PID:12052
- C:\Windows\System\wBwYQpr.exe
  C:\Windows\System\wBwYQpr.exe
  2⤵
  PID:12076
- C:\Windows\System\EnsRCpY.exe
  C:\Windows\System\EnsRCpY.exe
  2⤵
  PID:12096
- C:\Windows\System\lCQUEEa.exe
  C:\Windows\System\lCQUEEa.exe
  2⤵
  PID:12120
- C:\Windows\System\mEBNpGu.exe
  C:\Windows\System\mEBNpGu.exe
  2⤵
  PID:12148
- C:\Windows\System\eLDQWHR.exe
  C:\Windows\System\eLDQWHR.exe
  2⤵
  PID:12184
- C:\Windows\System\uJhYClJ.exe
  C:\Windows\System\uJhYClJ.exe
  2⤵
  PID:12208
- C:\Windows\System\yDkwUMa.exe
  C:\Windows\System\yDkwUMa.exe
  2⤵
  PID:12240
- C:\Windows\System\lsHwVwX.exe
  C:\Windows\System\lsHwVwX.exe
  2⤵
  PID:12264
- C:\Windows\System\YjOiftT.exe
  C:\Windows\System\YjOiftT.exe
  2⤵
  PID:11056
- C:\Windows\System\RkzKXEx.exe
  C:\Windows\System\RkzKXEx.exe
  2⤵
  PID:11292
- C:\Windows\System\cENQPCU.exe
  C:\Windows\System\cENQPCU.exe
  2⤵
  PID:11384
- C:\Windows\System\aEVqIFV.exe
  C:\Windows\System\aEVqIFV.exe
  2⤵
  PID:11416
- C:\Windows\System\dXJgkGr.exe
  C:\Windows\System\dXJgkGr.exe
  2⤵
  PID:11464
- C:\Windows\System\QSXpuFl.exe
  C:\Windows\System\QSXpuFl.exe
  2⤵
  PID:11508
- C:\Windows\System\IsfaTYb.exe
  C:\Windows\System\IsfaTYb.exe
  2⤵
  PID:11536
- C:\Windows\System\NDuBgYi.exe
  C:\Windows\System\NDuBgYi.exe
  2⤵
  PID:11592
- C:\Windows\System\qUiOohX.exe
  C:\Windows\System\qUiOohX.exe
  2⤵
  PID:11716
- C:\Windows\System\QLBiyqY.exe
  C:\Windows\System\QLBiyqY.exe
  2⤵
  PID:11744
- C:\Windows\System\fPJTWBd.exe
  C:\Windows\System\fPJTWBd.exe
  2⤵
  PID:11832
- C:\Windows\System\dDJTBET.exe
  C:\Windows\System\dDJTBET.exe
  2⤵
  PID:11920
- C:\Windows\System\VbmGNKg.exe
  C:\Windows\System\VbmGNKg.exe
  2⤵
  PID:11916
- C:\Windows\System\ZYAqysg.exe
  C:\Windows\System\ZYAqysg.exe
  2⤵
  PID:12028
- C:\Windows\System\FhWUqGr.exe
  C:\Windows\System\FhWUqGr.exe
  2⤵
  PID:12072
- C:\Windows\System\JEiQrWR.exe
  C:\Windows\System\JEiQrWR.exe
  2⤵
  PID:12108
- C:\Windows\System\gKpswDc.exe
  C:\Windows\System\gKpswDc.exe
  2⤵
  PID:12228
- C:\Windows\System\LhGniTV.exe
  C:\Windows\System\LhGniTV.exe
  2⤵
  PID:10688
- C:\Windows\System\eiBIfIz.exe
  C:\Windows\System\eiBIfIz.exe
  2⤵
  PID:11268
- C:\Windows\System\gzHVcgD.exe
  C:\Windows\System\gzHVcgD.exe
  2⤵
  PID:11644
- C:\Windows\System\doigVEI.exe
  C:\Windows\System\doigVEI.exe
  2⤵
  PID:11212
- C:\Windows\System\yElqpNe.exe
  C:\Windows\System\yElqpNe.exe
  2⤵
  PID:11548
- C:\Windows\System\fcgtpZF.exe
  C:\Windows\System\fcgtpZF.exe
  2⤵
  PID:11972
- C:\Windows\System\uEiNaKC.exe
  C:\Windows\System\uEiNaKC.exe
  2⤵
  PID:12144
- C:\Windows\System\mDwYZBF.exe
  C:\Windows\System\mDwYZBF.exe
  2⤵
  PID:12200
- C:\Windows\System\IUjnEoa.exe
  C:\Windows\System\IUjnEoa.exe
  2⤵
  PID:12260
- C:\Windows\System\aIsrPfc.exe
  C:\Windows\System\aIsrPfc.exe
  2⤵
  PID:12292
- C:\Windows\System\mfjIjIV.exe
  C:\Windows\System\mfjIjIV.exe
  2⤵
  PID:12316
- C:\Windows\System\muzhZBd.exe
  C:\Windows\System\muzhZBd.exe
  2⤵
  PID:12340
- C:\Windows\System\eRCdPri.exe
  C:\Windows\System\eRCdPri.exe
  2⤵
  PID:12368
- C:\Windows\System\iriBQFx.exe
  C:\Windows\System\iriBQFx.exe
  2⤵
  PID:12408
- C:\Windows\System\LxllgOc.exe
  C:\Windows\System\LxllgOc.exe
  2⤵
  PID:12432
- C:\Windows\System\XPIkNbt.exe
  C:\Windows\System\XPIkNbt.exe
  2⤵
  PID:12468
- C:\Windows\System\EbZGYWQ.exe
  C:\Windows\System\EbZGYWQ.exe
  2⤵
  PID:12508
- C:\Windows\System\eUGSeKM.exe
  C:\Windows\System\eUGSeKM.exe
  2⤵
  PID:12532
- C:\Windows\System\GfOfBgw.exe
  C:\Windows\System\GfOfBgw.exe
  2⤵
  PID:12568
- C:\Windows\System\caIkbEd.exe
  C:\Windows\System\caIkbEd.exe
  2⤵
  PID:12596
- C:\Windows\System\coMvApU.exe
  C:\Windows\System\coMvApU.exe
  2⤵
  PID:12628
- C:\Windows\System\pXRDbdX.exe
  C:\Windows\System\pXRDbdX.exe
  2⤵
  PID:12648
- C:\Windows\System\DGCXITj.exe
  C:\Windows\System\DGCXITj.exe
  2⤵
  PID:12684
- C:\Windows\System\NUliqat.exe
  C:\Windows\System\NUliqat.exe
  2⤵
  PID:12712
- C:\Windows\System\rxIoCwL.exe
  C:\Windows\System\rxIoCwL.exe
  2⤵
  PID:12740
- C:\Windows\System\knLWIIq.exe
  C:\Windows\System\knLWIIq.exe
  2⤵
  PID:12764
- C:\Windows\System\euVQzGy.exe
  C:\Windows\System\euVQzGy.exe
  2⤵
  PID:12800
- C:\Windows\System\grYvNIj.exe
  C:\Windows\System\grYvNIj.exe
  2⤵
  PID:12836
- C:\Windows\System\xrzwJMN.exe
  C:\Windows\System\xrzwJMN.exe
  2⤵
  PID:12864
- C:\Windows\System\vsCZLoe.exe
  C:\Windows\System\vsCZLoe.exe
  2⤵
  PID:12904
- C:\Windows\System\sFIQbjD.exe
  C:\Windows\System\sFIQbjD.exe
  2⤵
  PID:12940
- C:\Windows\System\XwUhRnY.exe
  C:\Windows\System\XwUhRnY.exe
  2⤵
  PID:12972
- C:\Windows\System\vwVwmve.exe
  C:\Windows\System\vwVwmve.exe
  2⤵
  PID:13000
- C:\Windows\System\BkGFqkx.exe
  C:\Windows\System\BkGFqkx.exe
  2⤵
  PID:13032
- C:\Windows\System\aZEeGxW.exe
  C:\Windows\System\aZEeGxW.exe
  2⤵
  PID:13052
- C:\Windows\System\vqvhejs.exe
  C:\Windows\System\vqvhejs.exe
  2⤵
  PID:13080
- C:\Windows\System\QfnPowQ.exe
  C:\Windows\System\QfnPowQ.exe
  2⤵
  PID:13116
- C:\Windows\System\dHIPBdE.exe
  C:\Windows\System\dHIPBdE.exe
  2⤵
  PID:13144
- C:\Windows\System\jUkQxlH.exe
  C:\Windows\System\jUkQxlH.exe
  2⤵
  PID:13172
- C:\Windows\System\YvnQxjQ.exe
  C:\Windows\System\YvnQxjQ.exe
  2⤵
  PID:13196
- C:\Windows\System\UNdBcna.exe
  C:\Windows\System\UNdBcna.exe
  2⤵
  PID:13212
- C:\Windows\System\BhIyrxz.exe
  C:\Windows\System\BhIyrxz.exe
  2⤵
  PID:13240
- C:\Windows\System\GYKPyxA.exe
  C:\Windows\System\GYKPyxA.exe
  2⤵
  PID:13272
- C:\Windows\System\MTfeIff.exe
  C:\Windows\System\MTfeIff.exe
  2⤵
  PID:13304
- C:\Windows\System\bfaoLnN.exe
  C:\Windows\System\bfaoLnN.exe
  2⤵
  PID:11504
- C:\Windows\System\pJMtEcX.exe
  C:\Windows\System\pJMtEcX.exe
  2⤵
  PID:12068
- C:\Windows\System\BkfKAoQ.exe
  C:\Windows\System\BkfKAoQ.exe
  2⤵
  PID:11672
- C:\Windows\System\CyGTqeI.exe
  C:\Windows\System\CyGTqeI.exe
  2⤵
  PID:12456
- C:\Windows\System\jUNmzLW.exe
  C:\Windows\System\jUNmzLW.exe
  2⤵
  PID:12492
- C:\Windows\System\qCdfUBa.exe
  C:\Windows\System\qCdfUBa.exe
  2⤵
  PID:12444
- C:\Windows\System\GheBRkA.exe
  C:\Windows\System\GheBRkA.exe
  2⤵
  PID:12592
- C:\Windows\System\VlMsUeu.exe
  C:\Windows\System\VlMsUeu.exe
  2⤵
  PID:12792
- C:\Windows\System\zoWKMec.exe
  C:\Windows\System\zoWKMec.exe
  2⤵
  PID:12724
- C:\Windows\System\nafyrWg.exe
  C:\Windows\System\nafyrWg.exe
  2⤵
  PID:12896
- C:\Windows\System\EIrAKbY.exe
  C:\Windows\System\EIrAKbY.exe
  2⤵
  PID:12856
- C:\Windows\System\XGZVNsu.exe
  C:\Windows\System\XGZVNsu.exe
  2⤵
  PID:12960
- C:\Windows\System\LXUtzbm.exe
  C:\Windows\System\LXUtzbm.exe
  2⤵
  PID:13044
- C:\Windows\System\MrUrsEQ.exe
  C:\Windows\System\MrUrsEQ.exe
  2⤵
  PID:13048
- C:\Windows\System\AKVuxgi.exe
  C:\Windows\System\AKVuxgi.exe
  2⤵
  PID:13192
- C:\Windows\System\KPjlsDa.exe
  C:\Windows\System\KPjlsDa.exe
  2⤵
  PID:13252
- C:\Windows\System\reDzxoF.exe
  C:\Windows\System\reDzxoF.exe
  2⤵
  PID:12388
- C:\Windows\System\ZqpnSqi.exe
  C:\Windows\System\ZqpnSqi.exe
  2⤵
  PID:12088
- C:\Windows\System\oRYEFTG.exe
  C:\Windows\System\oRYEFTG.exe
  2⤵
  PID:12544
- C:\Windows\System\FZauwmQ.exe
  C:\Windows\System\FZauwmQ.exe
  2⤵
  PID:12616
- C:\Windows\System\rjIavHF.exe
  C:\Windows\System\rjIavHF.exe
  2⤵
  PID:13024
- C:\Windows\System\IdrYCsa.exe
  C:\Windows\System\IdrYCsa.exe
  2⤵
  PID:13184
- C:\Windows\System\iUwdxUA.exe
  C:\Windows\System\iUwdxUA.exe
  2⤵
  PID:13232
- C:\Windows\System\FiLaadf.exe
  C:\Windows\System\FiLaadf.exe
  2⤵
  PID:13228
- C:\Windows\System\nNdQgrR.exe
  C:\Windows\System\nNdQgrR.exe
  2⤵
  PID:12708
- C:\Windows\System\KxCZIrE.exe
  C:\Windows\System\KxCZIrE.exe
  2⤵
  PID:13324
- C:\Windows\System\KOKnYHm.exe
  C:\Windows\System\KOKnYHm.exe
  2⤵
  PID:13364
- C:\Windows\System\yegRnac.exe
  C:\Windows\System\yegRnac.exe
  2⤵
  PID:13384
- C:\Windows\System\kxxfcRv.exe
  C:\Windows\System\kxxfcRv.exe
  2⤵
  PID:13432
- C:\Windows\System\xkIIvGi.exe
  C:\Windows\System\xkIIvGi.exe
  2⤵
  PID:13452
- C:\Windows\System\cHvKDBD.exe
  C:\Windows\System\cHvKDBD.exe
  2⤵
  PID:13472
- C:\Windows\System\UfrqLAQ.exe
  C:\Windows\System\UfrqLAQ.exe
  2⤵
  PID:13508
- C:\Windows\System\lSFiqaJ.exe
  C:\Windows\System\lSFiqaJ.exe
  2⤵
  PID:13544
- C:\Windows\System\mXfrKAc.exe
  C:\Windows\System\mXfrKAc.exe
  2⤵
  PID:13572
- C:\Windows\System\QkPgaXX.exe
  C:\Windows\System\QkPgaXX.exe
  2⤵
  PID:13604
- C:\Windows\System\wpIzPll.exe
  C:\Windows\System\wpIzPll.exe
  2⤵
  PID:13624
- C:\Windows\System\toORUao.exe
  C:\Windows\System\toORUao.exe
  2⤵
  PID:13660
- C:\Windows\System\CWrSRKx.exe
  C:\Windows\System\CWrSRKx.exe
  2⤵
  PID:13700
- C:\Windows\System\DaRTIfl.exe
  C:\Windows\System\DaRTIfl.exe
  2⤵
  PID:13732
- C:\Windows\System\xXZeZJC.exe
  C:\Windows\System\xXZeZJC.exe
  2⤵
  PID:13760
- C:\Windows\System\OPnXKtR.exe
  C:\Windows\System\OPnXKtR.exe
  2⤵
  PID:13796
- C:\Windows\System\ixreKIo.exe
  C:\Windows\System\ixreKIo.exe
  2⤵
  PID:13816
- C:\Windows\System\lUTfbES.exe
  C:\Windows\System\lUTfbES.exe
  2⤵
  PID:13848
- C:\Windows\System\Dsdltsj.exe
  C:\Windows\System\Dsdltsj.exe
  2⤵
  PID:13880
- C:\Windows\System\qLYwccg.exe
  C:\Windows\System\qLYwccg.exe
  2⤵
  PID:13900
- C:\Windows\System\QomSala.exe
  C:\Windows\System\QomSala.exe
  2⤵
  PID:13932
- C:\Windows\System\YxYSfyY.exe
  C:\Windows\System\YxYSfyY.exe
  2⤵
  PID:13956
- C:\Windows\System\wENCAPR.exe
  C:\Windows\System\wENCAPR.exe
  2⤵
  PID:13984
- C:\Windows\System\UJwALUM.exe
  C:\Windows\System\UJwALUM.exe
  2⤵
  PID:14016
- C:\Windows\System\EnbYNIX.exe
  C:\Windows\System\EnbYNIX.exe
  2⤵
  PID:14032
- C:\Windows\System\ldQOzlX.exe
  C:\Windows\System\ldQOzlX.exe
  2⤵
  PID:14060
- C:\Windows\System\mYETEnn.exe
  C:\Windows\System\mYETEnn.exe
  2⤵
  PID:14080
- C:\Windows\System\tmLRzgl.exe
  C:\Windows\System\tmLRzgl.exe
  2⤵
  PID:14108
- C:\Windows\System\xmVHUkX.exe
  C:\Windows\System\xmVHUkX.exe
  2⤵
  PID:14140
- C:\Windows\System\kMRyYpN.exe
  C:\Windows\System\kMRyYpN.exe
  2⤵
  PID:14168
- C:\Windows\System\YvmtKpD.exe
  C:\Windows\System\YvmtKpD.exe
  2⤵
  PID:14192
- C:\Windows\System\ZqwhAwk.exe
  C:\Windows\System\ZqwhAwk.exe
  2⤵
  PID:14216
- C:\Windows\System\jIBakQL.exe
  C:\Windows\System\jIBakQL.exe
  2⤵
  PID:14236
- C:\Windows\System\vYdqHFE.exe
  C:\Windows\System\vYdqHFE.exe
  2⤵
  PID:14272
- C:\Windows\System\xtMPBsC.exe
  C:\Windows\System\xtMPBsC.exe
  2⤵
  PID:14300
- C:\Windows\System\BEgamER.exe
  C:\Windows\System\BEgamER.exe
  2⤵
  PID:14320
- C:\Windows\System\rSUfXWP.exe
  C:\Windows\System\rSUfXWP.exe
  2⤵
  PID:13012
- C:\Windows\System\CNKPqkW.exe
  C:\Windows\System\CNKPqkW.exe
  2⤵
  PID:12356
- C:\Windows\System\VeHvjcI.exe
  C:\Windows\System\VeHvjcI.exe
  2⤵
  PID:12860
- C:\Windows\System\AGrnJjj.exe
  C:\Windows\System\AGrnJjj.exe
  2⤵
  PID:13420
- C:\Windows\System\haLPQuY.exe
  C:\Windows\System\haLPQuY.exe
  2⤵
  PID:13400
- C:\Windows\System\TPMbNBa.exe
  C:\Windows\System\TPMbNBa.exe
  2⤵
  PID:13500
- C:\Windows\System\CNhIoyc.exe
  C:\Windows\System\CNhIoyc.exe
  2⤵
  PID:13516
- C:\Windows\System\GOVsSoD.exe
  C:\Windows\System\GOVsSoD.exe
  2⤵
  PID:13616
- C:\Windows\System\XXBYOli.exe
  C:\Windows\System\XXBYOli.exe
  2⤵
  PID:13676
- C:\Windows\System\UXClhOH.exe
  C:\Windows\System\UXClhOH.exe
  2⤵
  PID:13772
- C:\Windows\System\YBjUAXm.exe
  C:\Windows\System\YBjUAXm.exe
  2⤵
  PID:13868
- C:\Windows\System\xEtvOFS.exe
  C:\Windows\System\xEtvOFS.exe
  2⤵
  PID:13920
- C:\Windows\System\SwsPZHy.exe
  C:\Windows\System\SwsPZHy.exe
  2⤵
  PID:13968
- C:\Windows\System\igwTNDZ.exe
  C:\Windows\System\igwTNDZ.exe
  2⤵
  PID:14072
- C:\Windows\System\pIZIpde.exe
  C:\Windows\System\pIZIpde.exe
  2⤵
  PID:14180
- C:\Windows\System\kNFBKOl.exe
  C:\Windows\System\kNFBKOl.exe
  2⤵
  PID:14208
- C:\Windows\System\DmTvbXo.exe
  C:\Windows\System\DmTvbXo.exe
  2⤵
  PID:2288
- C:\Windows\System\BtrnUSl.exe
  C:\Windows\System\BtrnUSl.exe
  2⤵
  PID:14252
- C:\Windows\System\ORksEwC.exe
  C:\Windows\System\ORksEwC.exe
  2⤵
  PID:12992
- C:\Windows\System\ADqhCFr.exe
  C:\Windows\System\ADqhCFr.exe
  2⤵
  PID:13372
- C:\Windows\System\monHilp.exe
  C:\Windows\System\monHilp.exe
  2⤵
  PID:13484
- C:\Windows\System\DYrDEpd.exe
  C:\Windows\System\DYrDEpd.exe
  2⤵
  PID:13788
- C:\Windows\System\Hlhyuvb.exe
  C:\Windows\System\Hlhyuvb.exe
  2⤵
  PID:14244
- C:\Windows\System\JlFumyE.exe
  C:\Windows\System\JlFumyE.exe
  2⤵
  PID:4352
- C:\Windows\System\pHVbzhn.exe
  C:\Windows\System\pHVbzhn.exe
  2⤵
  PID:4376
- C:\Windows\System\oeXmBrZ.exe
  C:\Windows\System\oeXmBrZ.exe
  2⤵
  PID:13600
- C:\Windows\System\wTVblfg.exe
  C:\Windows\System\wTVblfg.exe
  2⤵
  PID:14024
- C:\Windows\System\otmJMdS.exe
  C:\Windows\System\otmJMdS.exe
  2⤵
  PID:14360
- C:\Windows\System\yyOnRsm.exe
  C:\Windows\System\yyOnRsm.exe
  2⤵
  PID:14384
- C:\Windows\System\tkTpqds.exe
  C:\Windows\System\tkTpqds.exe
  2⤵
  PID:14408
- C:\Windows\System\AvqJNCs.exe
  C:\Windows\System\AvqJNCs.exe
  2⤵
  PID:14436
- C:\Windows\System\ySxFYdI.exe
  C:\Windows\System\ySxFYdI.exe
  2⤵
  PID:14460
- C:\Windows\System\IXVNblS.exe
  C:\Windows\System\IXVNblS.exe
  2⤵
  PID:14496
- C:\Windows\System\coGxntl.exe
  C:\Windows\System\coGxntl.exe
  2⤵
  PID:14520
- C:\Windows\System\ErDAmLe.exe
  C:\Windows\System\ErDAmLe.exe
  2⤵
  PID:14556
- C:\Windows\System\kZETXuy.exe
  C:\Windows\System\kZETXuy.exe
  2⤵
  PID:14592
- C:\Windows\System\CbzajhX.exe
  C:\Windows\System\CbzajhX.exe
  2⤵
  PID:14620
- C:\Windows\System\BqyjlgV.exe
  C:\Windows\System\BqyjlgV.exe
  2⤵
  PID:14644
- C:\Windows\System\uNFDMmJ.exe
  C:\Windows\System\uNFDMmJ.exe
  2⤵
  PID:14676
- C:\Windows\System\iGaCPYd.exe
  C:\Windows\System\iGaCPYd.exe
  2⤵
  PID:14700
- C:\Windows\System\haRuuOh.exe
  C:\Windows\System\haRuuOh.exe
  2⤵
  PID:14716
- C:\Windows\System\FahrVYK.exe
  C:\Windows\System\FahrVYK.exe
  2⤵
  PID:14736
- C:\Windows\System\OaeLwye.exe
  C:\Windows\System\OaeLwye.exe
  2⤵
  PID:14768
- C:\Windows\System\dHeBySo.exe
  C:\Windows\System\dHeBySo.exe
  2⤵
  PID:14912
- C:\Windows\System\JYJvAHZ.exe
  C:\Windows\System\JYJvAHZ.exe
  2⤵
  PID:14936
- C:\Windows\System\vRPymar.exe
  C:\Windows\System\vRPymar.exe
  2⤵
  PID:14952

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CYGUFGl.exe

Filesize
2.3MB

MD5
2c07f03b0deccee0d3f140c43e794a3e

SHA1
8d997c39d75ab80cddc96d034da1ee489fb9227e

SHA256
4ec7d9d2f1d46feabc766f1c562a41180802f9a9236d0659af74e54d194dc912

SHA512
9e12a1711453f04b5c9f22b0fec4a79fd6efb3d57e512bc1fac6889f35042fc87a1438afe0dbadea7e1e36427913e379029aef39c2c500eb82c0a1bdeed49053

Download Submit
C:\Windows\System\CxtKPnu.exe

Filesize
2.3MB

MD5
b1224e52508363356e946f6d25de0c68

SHA1
f76425c02e84dfcc1ee889e4776eaa39d688bf5e

SHA256
ab001101383a796d109c1082eb20c4df70a45ae38e732bea8eb8fec48994a187

SHA512
f9be5a49f078c109746ba12d435af705b626b9572e48cbc539449914a0e6400341c66fc54754e714ac50f068f48168fab1f0fe9549850e6310ebaa4bda5d9866

Download Submit
C:\Windows\System\EcnThGr.exe

Filesize
2.3MB

MD5
a365cd2910101d3b03c0b6108e9484c5

SHA1
38f16028ef26ac0d0147fc67f7bab558756618b9

SHA256
8a1e582d1698b15b90e872b39f68e9010bcabedf66813b83190b8ff4d37080c2

SHA512
d426563103a668aee7dd693225edc067756de6487de0fa7dc52e07824082bcd8e1172492921a54229b6185aea7e58303f0a3226402df51e367d4bc75f422265a

Download Submit
C:\Windows\System\FLWxRXK.exe

Filesize
2.3MB

MD5
908ba1c75e4311f7aad323695e1f9006

SHA1
4bccc04dc1d4b82e1d81f11ce7255027405ca27d

SHA256
9f001ce654ec4f4951d455ddae526752326f94efcf563a04dad0490a75c07acb

SHA512
746e366bebc83dc6c02a29749ca34b3003714a049a86898be6bdfd49370d075f3dd453070fe03da3b41537ca85b4e93c22a5c1f62738236870351e0df35875c9

Download Submit
C:\Windows\System\IRcjBMt.exe

Filesize
2.3MB

MD5
7e3a8e515a4c5af64a5b6ab21a9c0803

SHA1
67c533d7cfb1d6760fad39c2131567afb77bf6f5

SHA256
a1a678c3fee3640f772c48a45a1094ce7cee9608ee78da9e6f0550a330579039

SHA512
fd8efe109eafdcdd27a9c9699bacda95adfb4b51023d16dc3ae38a6186f9a515b9dc3fba580add71c0dc20fd17dff0754d1e12293014d7b88ccc13da9be3590a

Download Submit
C:\Windows\System\IZiNfoH.exe

Filesize
2.3MB

MD5
c06e1a09f519bf336e12f4d193f3a501

SHA1
ca601bf14da8b61780fe8b68ce08e6dcfd2d18fd

SHA256
bf812e029339ec6595268ae0fa74334f8fcc7a8c870673c2134870c8c71c93ce

SHA512
3885758e6bb4dfbe988a33f3fddcdb8426241946142ea7d9a924c2707a54519d434c987232aaa6ab25b6252e73d5662a2d4bb53b4e1e4ee428cd048935692647

Download Submit
C:\Windows\System\PYDcjdT.exe

Filesize
2.3MB

MD5
8d4bb98fc81cdab514b1d88d6ed52312

SHA1
43043d3784e769b1a5aab9584427392f6a4b2481

SHA256
8cd381fb4dca4727d3470a981f3000c8644623029f62d57cd0f55a919d8cf433

SHA512
dfa4276c1750ffe47b2f0b140aaa52f9651fd118b51d7cbc2257d335164800b9645d722028dbabf89da96ad6b50a22b802e4b783d742761c50b100bd924900bf

Download Submit
C:\Windows\System\QSubvTN.exe

Filesize
2.3MB

MD5
01a828b2a1080888a6b4ce9da90fb290

SHA1
d4f903d5ed175b9965d7414a1f910dc92d983bc8

SHA256
fd1cd60a0ca426c40f7433d75e628621d61ea2987c940d2ed9e566c4c1467f3d

SHA512
46d537d498b477eeaba9a4623e39bfbfeaec9035980498d1eca8faf8288b5a2ed5172a5fef4bcea3c74f87afb03f43fd9d73639797dcf1b5ac74e34a0fd4bf5c

Download Submit
C:\Windows\System\QiXneYs.exe

Filesize
2.3MB

MD5
7f8621e5c7f346492a9c5facf80ddb28

SHA1
ab264ce6953b140c332e3c143ee0f346f96ea81b

SHA256
d7463ceb0084480ee9eddf21b43f12e74b2e35a91c721222b91fa85b8a682851

SHA512
d0b25c1a40ddb23fe5b0b9ee97d3791eda87af7759363e12c47b41c6b6a2fc99b5564d15f4b5be02428f6c5946c9f0285cead530f06457e8a53a5067d1a8ca36

Download Submit
C:\Windows\System\QxWFNAX.exe

Filesize
2.3MB

MD5
d16123b57ee4cf17ced562bc809b346f

SHA1
7790c700a83d99893d8fb69a54cc776699b2b878

SHA256
c6c6c97d7c82a231f7389d1bae3d122474b160cdaa41d5e4d8abc73602c373c0

SHA512
bdaff1f7f7dda943c0ad3ffcb9e6e41c8f87203ae57f5d4b4336cb5ba9bd5c968929d3725802b11bbbcd015bb2e31bc7fd9fbb1f200f3135467a704e2276d8ac

Download Submit
C:\Windows\System\SfbsoPQ.exe

Filesize
2.3MB

MD5
acd41133be242206205649e3d3ae6f78

SHA1
1519bc9f484c8af4740c743c8a87ecf95d66e251

SHA256
8366bf6c1ad911d985f9300ee9de013869829b0a0d4e51fd18e64e098edc2caa

SHA512
ec9871c0bce7e7418769fa4e2f3edb49081165a892b7d9c86df481fa759915603182756d8275a5c7d276a6ed761e00918e360c14973774e77258fa8afeb0c94d

Download Submit
C:\Windows\System\SmlKLtZ.exe

Filesize
2.3MB

MD5
a4479b434cc4db10b15396a388abfdc4

SHA1
262d6ec886457d0a454a507862f7c3bcd7f9973b

SHA256
76f4a1433b60783c922d0adfba91bbd06643df8b164ef7d34f5c15a16e05c9a0

SHA512
71b3bf317288df8dddbb51c319db2ac556d55d1d8f95cc8cab37a9569456da58ee80e1f81eb2f80b6ba5f0811a5b6f76789e69f91eb0dbb0918163b41ae6ff04

Download Submit
C:\Windows\System\UYZCSKm.exe

Filesize
2.3MB

MD5
04d611f603bb6dfcf7ec87c74272ceec

SHA1
0873fa5239d73f5ceba88167440456cd870f9f70

SHA256
1c239db0cd7c24329c6062b43c8bb4cdc70b767d3d7b187d2719d2d399a74bf6

SHA512
9e0a54c8700aad7aae7813af008d9671c10906c7089c9bac97544ed2713f39db7f6b4b6e884f38552b441ec8294539cf3d1b87d98fce39fc83873aa1d8fbdd18

Download Submit
C:\Windows\System\UYrWxQf.exe

Filesize
2.3MB

MD5
1301fed75d6e840e4e73efa73c1d42b7

SHA1
31d79172c809bfab4b08e5dbfca7d6b5e1609e93

SHA256
0fe108de01649f62709598b6467ccd1f52485a6a3dd5c723a1c6a81eead84b49

SHA512
a3c39940fd2f50ea61c86644e5ffeb65fbc5f3b9a4cf41c4a2d823f7c01b29582dd604ee057b676a7bd24f2d6b7b235c8c206813b96172f98f2ac231d7ba7c20

Download Submit
C:\Windows\System\WIJQdEM.exe

Filesize
2.3MB

MD5
0810f6f2237a77445466901aa46fd315

SHA1
b2d1a604e72416f6f800be4f32b91d72e3b3c707

SHA256
0961f9910be3288b897b05c6f1f537932a3a34b43ae5b46077d8d057eec0cad3

SHA512
a6a538835cd6240f054e238e6a90dc7009c40904debfb8c7f351eba5e88be59fb2b0e6b13df7c7fee7ce068d6b69fe1be033e3ae9742b3cb6ac52b06b0bbb8a5

Download Submit
C:\Windows\System\WgRcNKc.exe

Filesize
2.3MB

MD5
401b8042b37f8eb67cfe946d6bb7b5eb

SHA1
8453de00e5fbcb34dbf4f5eb3df9286c224c0899

SHA256
bd467cbecde7ce03988220d449a59d59d603219d5a4d341bf9f40eacded2d9db

SHA512
119bce095685dc2e4a257b0e48a4b3d2b6d51016861a7f0534c0d84a7812429d2f83a432edeba93a2b925841875e2bee4b6eab712be5e1842261d93e78fd3da7

Download Submit
C:\Windows\System\XXQXPHN.exe

Filesize
2.3MB

MD5
198507857cfba7c53d7987d1d21ab8ac

SHA1
c912ece99230d86487f3876ce254a55a315a5616

SHA256
a001107c56bbd6eac8a70f32c209c340cbf0ae28afbf14ea9aa9383fe180b506

SHA512
07d8b83dbd80c54a1450251abc9d1b8cfc2b770b10bee2545794d5bd53c07c5c94fa184c220b9e6f894387d1849ad75e56cdff630c41e6776668bad507f79607

Download Submit
C:\Windows\System\YzncYCD.exe

Filesize
2.3MB

MD5
f04f0076958320fba906bf5ea5dc1f94

SHA1
5ad4424d1c6021df27e8d663bb07e62c4ea4e58d

SHA256
d8a0a6b5cc6fc36a02eacacaa507c9c4cb407f8e3af1cdfde08d8b1e47d26ead

SHA512
1ce70502e0c486d51c9f4eb800c24ebad617f64317aabff3d9520740a27defe36f1f8da13916f0e4b6d0962a2cb884d734cda5fa571d1660cf8b19c9f1aa3278

Download Submit
C:\Windows\System\cfohGNt.exe

Filesize
2.3MB

MD5
931fe676d58e2edea85d5b9fe6dc679b

SHA1
8c518e86cd0f85ff39191b9f21ca77e18a5cdc85

SHA256
b4bfe3a2ad73b98943f1977f65c39de4cc771c32ab00f8117ee4731a054449c9

SHA512
42107a4bb75fdbaac2fb133f654cf824f72ff92d4d091cf90030ca8a57f9de47656a5b69f0f3ed0ea6b91af51d0ba3b340fd39d458e4dc00e597ad5d0c98b7e3

Download Submit
C:\Windows\System\dpMppRe.exe

Filesize
2.3MB

MD5
c528a02937d291c233e0c9add6d840d7

SHA1
53693f3fb1814d0db3d65236211a7c5a17d1526f

SHA256
1328d28649262043a8b5ff43985cb49296a2c24d38942f3a560e1e17306630ed

SHA512
1eeffb2965dfa4d08be312e1e378b5563431f07b0879a585261f51d542f6926341ba822358977d343856433c188c9a9db65260b06a90e0e1558f4b83729bad75

Download Submit
C:\Windows\System\foqNBEY.exe

Filesize
2.3MB

MD5
7f262e2aa4ed45b4310eb2b6e323e1f4

SHA1
f38b7651eb49b259cc449f667f2dd6cecdeef7cf

SHA256
787573120075de53ea117d10420dc88e32a925842713ca8f6d310327851d8bfa

SHA512
99c22c5c4be5808f271b26d1968fe565cc57ff20ffbab5d681b0f9e35830325552bd872ae903a797bb5a0a185a452c9eaa85d94d5ad47d362c73c834efdfd1fd

Download Submit
C:\Windows\System\gwHvomF.exe

Filesize
2.3MB

MD5
f4aa18be5f637917d958bb930a4446c1

SHA1
3fa8eae68fa115546bbc12c2ba2646c6d86bcfa6

SHA256
7990f3fd2cf9082a3c70f104f7fc017e7bab96811e091cc47cd984d41faf02bd

SHA512
88945342bada8fe1023d259ebb23d56490bb1a23d4463f05545b91aa406139a815f8000353a466da261841824306e96eaa783999664c7ded0f4e553ba3411c42

Download Submit
C:\Windows\System\hYUTYNX.exe

Filesize
2.3MB

MD5
69b5224c148e8ab6e273a7e52cf030e9

SHA1
0c07005c2426db32ec4703a974cc5a71c144ad55

SHA256
a1dc36c4217bfd238c86a2226d0df8231602bccedaa6fd4fd086d1c5b7de992a

SHA512
06dfcba95f7ed3023bc3d849e08441b982b79b130660735424a3640709857e86aef6e234bd62d6721356f7a481536e0e13dfb275a1931c0c3fe11c8b0575a5ca

Download Submit
C:\Windows\System\iwZosNa.exe

Filesize
2.3MB

MD5
88507de5e7e98159db21f5d4c690b881

SHA1
11a76c3a9ee1f1f9e30e98ce61c7dae41af8cd2a

SHA256
62144f96235aff49fc97e83dce92932cad3f77b527c99152f2d6f5d7a589734c

SHA512
7c0fdbcbbab3a7b3715b02fc799d0a41f5a1da96e49179aee184fb07a8e5cc5bd0310daf44db4b8ff08822e0cf71c8a56b1158f80b3cb2a0702f98bfa29c4550

Download Submit
C:\Windows\System\jCHnvCI.exe

Filesize
2.3MB

MD5
fc87739e98883c6e53547cc0b2c6916d

SHA1
bb74309eb83f68b6154a4eada035c907f5b98ece

SHA256
ff1cd4fa13fe853ba1b63f0026fea49ca5338860ca56eb87aadf217a7bfd309a

SHA512
78eba967de2f665ae4cbdf6fab4bd8d4d3709eacd054f1ab9e3593e8444cfaed76b3c22c7fd1e190ab86c3c78e8d7c0e90d4a79e56705ff52a2f9c3afe0d17d8

Download Submit
C:\Windows\System\nHWBFoz.exe

Filesize
2.3MB

MD5
4ec1776d9ad2f1fea78a68751ed8acf2

SHA1
6e661dc4a41fb8bacc23926d8eaccc361615f2b1

SHA256
3ab5d6e90554c585a36feb50045b9bd1b02756db017c021e8db1dc81475547ca

SHA512
78c244295fd524632073fbc4ad7d1a13244a5e1c763b1734599cac6d9a23ddf737fd36793cef8007194b7b03d0144498ea73acfdfb75f28e7f61c029b6065375

Download Submit
C:\Windows\System\rLBYZjK.exe

Filesize
2.3MB

MD5
71257219e018dd1fbb3910ba7962f823

SHA1
fcf290e59b45299b1adf256544408cedb2aad0e6

SHA256
ea76b9dd7e905ffd9e3292de0895470419e8b8926f42c2507231daa207357720

SHA512
b3e8d309ac0e5d0ec4aec8a08f9e154834a1d018257afac6620e11351f51903e152120688b272328a471b4664e5c1379a764fca9d9956365bfc5ee0c839f938c

Download Submit
C:\Windows\System\rTOFjZt.exe

Filesize
2.3MB

MD5
c7d2138b946e6271f791c0b4ac1882b9

SHA1
8d82281456c0662411f0f2a8e24aaa592ce7f36a

SHA256
61db834b5eceeb42a69dd7b7b339bd2242ca8a00b8e893b9755ced336751b86e

SHA512
1e3faf8bb1a41e05647c0ca4cdd213c707f847da08ae3e8d5979c996302e975c318d3b414c5a899e26a934730e957d95b40884f6a027c11b7d0c85adbf63e754

Download Submit
C:\Windows\System\rfAFjqI.exe

Filesize
2.3MB

MD5
fd5596f8f0b58439edb5921c6d813965

SHA1
7b1d09ac1b1b5822bb1b1153fec3d8a588c2afb6

SHA256
5a20e09ad8d37e286bdb2004366c18a7d3f8f366ff964a6430d912fe1cc4a003

SHA512
1c9eebe5ceae1915f27fdb289f50a0a91c733c2cb17263d639938568d1142f7c2f8ac73028048e4e15ba13e90a986b6eafed8565cb081b9be1b1784c5aecdbd1

Download Submit
C:\Windows\System\rvYIpUO.exe

Filesize
2.3MB

MD5
03a6fe17c439c6eeb833539c4376bf0d

SHA1
2e0de85ad5b69eea10df977e5c12e8057911e570

SHA256
ccbbc2ab8b01e0c70cc539528c498c71f29e496d0599044f6e9bdde42e5b00a4

SHA512
2a59aa8988e65951424ffd556895070d4e604d5095e4cffee872c4e3351319f233c2fafcd13a2a979e12a7ed50b6dcc6af345234ac9a8171950886222e9360d1

Download Submit
C:\Windows\System\sNAaTJI.exe

Filesize
2.3MB

MD5
eec1b68009d56deb346fada1d28de13c

SHA1
df30ea55658415f6b9ba4bbaf37c25f503c6e506

SHA256
5c6796655650152aa1717d206b8ff151d4fade850f29c17b3ab848908a2ea36f

SHA512
d4285dcf5500048d64e47565e70dc5f25e62512f95d52fea5b35d46f360e03d25267eeac6e7ff0345634bf1861e9e47d97e7a048fde30fce11a72e79b6e7340a

Download Submit
C:\Windows\System\uhskDsr.exe

Filesize
2.3MB

MD5
01b68cc3b9615397fba1e9384edb8fc2

SHA1
c828bcd414f220acb90ff54df4175102393710cf

SHA256
a884df1320526e8062af4f474e9767f154034452404b717f449b0bbaedf4ed15

SHA512
98915f1908d2fc22fd7d7af377414bac5ed60bdf894a6ddb4701663faea3257518879a574b8919e197c1b424a245241574ab4969349648fe7bc1d48c2eab91d4

Download Submit
C:\Windows\System\vDEMAAh.exe

Filesize
2.3MB

MD5
5a83e876e724ea4f83a68881f33d2911

SHA1
f6a6a8ea96a38216d65834bf7b06156dcd552c00

SHA256
529d181d4c0036a7b031068ffb55a6e38f96a731a3cceaee13e5fa475bb281da

SHA512
9fbbfeec3338a37f2511ecf87c5fca5329f10ced7e59eafcd81719f1ffa53ae7f1e579e769ae76fc69fb96816df9d871082d8e34c9fd89ea794e47c900f0cc2b

Download Submit
C:\Windows\System\xMELIoW.exe

Filesize
2.3MB

MD5
0e42e096a649df18ff0d527f7b709b2f

SHA1
fea9dfec58ceba5d0ce6275fee588a2b9929cd7b

SHA256
b56c85bb2063fb5dedb0b62f12ce7a44bfd266d52330b172680561a7cc6e608f

SHA512
fba1db30701de0e9cedd231143d4eba4ab74d18e7f10dd553ddb029b514ab517ef220e1126813e2d910ec8c205e175309f0f4d4df0aec8b01ea0be0da8625368

Download Submit
C:\Windows\System\xyvIqWX.exe

Filesize
2.3MB

MD5
c06b29d9394584008a034535e1e287be

SHA1
011f3691093ae50b966ace105f321657a80d46af

SHA256
878f555a8b78376fa27625f850d3d1e9faafe746e6e5ada88c2cfe81da9efb23

SHA512
85a169cad3e76d18e88476b03cc39f5a693917e2ea7fe318c677467f7e4e8f085ccbd3be741afd05421de6164684608a2da9901933623668a4334a16350c7d5f

Download Submit
memory/456-0-0x00007FF705A00000-0x00007FF705D54000-memory.dmp

Filesize
3.3MB

Download
memory/456-1-0x000001AA57030000-0x000001AA57040000-memory.dmp

Filesize
64KB

Download
memory/456-1412-0x00007FF705A00000-0x00007FF705D54000-memory.dmp

Filesize
3.3MB

Download
memory/528-1416-0x00007FF7F90E0000-0x00007FF7F9434000-memory.dmp

Filesize
3.3MB

Download
memory/528-2154-0x00007FF7F90E0000-0x00007FF7F9434000-memory.dmp

Filesize
3.3MB

Download
memory/528-37-0x00007FF7F90E0000-0x00007FF7F9434000-memory.dmp

Filesize
3.3MB

Download
memory/756-161-0x00007FF743B90000-0x00007FF743EE4000-memory.dmp

Filesize
3.3MB

Download
memory/756-2147-0x00007FF743B90000-0x00007FF743EE4000-memory.dmp

Filesize
3.3MB

Download
memory/756-2168-0x00007FF743B90000-0x00007FF743EE4000-memory.dmp

Filesize
3.3MB

Download
memory/880-2174-0x00007FF7B6160000-0x00007FF7B64B4000-memory.dmp

Filesize
3.3MB

Download
memory/880-2150-0x00007FF7B6160000-0x00007FF7B64B4000-memory.dmp

Filesize
3.3MB

Download
memory/880-192-0x00007FF7B6160000-0x00007FF7B64B4000-memory.dmp

Filesize
3.3MB

Download
memory/1176-211-0x00007FF6544B0000-0x00007FF654804000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2167-0x00007FF6544B0000-0x00007FF654804000-memory.dmp

Filesize
3.3MB

Download
memory/1248-174-0x00007FF744D40000-0x00007FF745094000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2148-0x00007FF744D40000-0x00007FF745094000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2172-0x00007FF744D40000-0x00007FF745094000-memory.dmp

Filesize
3.3MB

Download
memory/1268-2162-0x00007FF792F70000-0x00007FF7932C4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-113-0x00007FF792F70000-0x00007FF7932C4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-2137-0x00007FF792F70000-0x00007FF7932C4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-177-0x00007FF699070000-0x00007FF6993C4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-2149-0x00007FF699070000-0x00007FF6993C4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-2173-0x00007FF699070000-0x00007FF6993C4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-59-0x00007FF7705C0000-0x00007FF770914000-memory.dmp

Filesize
3.3MB

Download
memory/1432-2155-0x00007FF7705C0000-0x00007FF770914000-memory.dmp

Filesize
3.3MB

Download
memory/1432-2134-0x00007FF7705C0000-0x00007FF770914000-memory.dmp

Filesize
3.3MB

Download
memory/1524-2146-0x00007FF6240F0000-0x00007FF624444000-memory.dmp

Filesize
3.3MB

Download
memory/1524-2178-0x00007FF6240F0000-0x00007FF624444000-memory.dmp

Filesize
3.3MB

Download
memory/1524-145-0x00007FF6240F0000-0x00007FF624444000-memory.dmp

Filesize
3.3MB

Download
memory/1808-2145-0x00007FF768ED0000-0x00007FF769224000-memory.dmp

Filesize
3.3MB

Download
memory/1808-2171-0x00007FF768ED0000-0x00007FF769224000-memory.dmp

Filesize
3.3MB

Download
memory/1808-123-0x00007FF768ED0000-0x00007FF769224000-memory.dmp

Filesize
3.3MB

Download
memory/1944-111-0x00007FF7D54E0000-0x00007FF7D5834000-memory.dmp

Filesize
3.3MB

Download
memory/1944-2160-0x00007FF7D54E0000-0x00007FF7D5834000-memory.dmp

Filesize
3.3MB

Download
memory/2012-2177-0x00007FF659D20000-0x00007FF65A074000-memory.dmp

Filesize
3.3MB

Download
memory/2012-91-0x00007FF659D20000-0x00007FF65A074000-memory.dmp

Filesize
3.3MB

Download
memory/2012-2135-0x00007FF659D20000-0x00007FF65A074000-memory.dmp

Filesize
3.3MB

Download
memory/2752-24-0x00007FF793EC0000-0x00007FF794214000-memory.dmp

Filesize
3.3MB

Download
memory/2752-2152-0x00007FF793EC0000-0x00007FF794214000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2139-0x00007FF6C4B00000-0x00007FF6C4E54000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2176-0x00007FF6C4B00000-0x00007FF6C4E54000-memory.dmp

Filesize
3.3MB

Download
memory/2768-115-0x00007FF6C4B00000-0x00007FF6C4E54000-memory.dmp

Filesize
3.3MB

Download
memory/2836-112-0x00007FF711EC0000-0x00007FF712214000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2163-0x00007FF711EC0000-0x00007FF712214000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2136-0x00007FF711EC0000-0x00007FF712214000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2143-0x00007FF734E90000-0x00007FF7351E4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2170-0x00007FF734E90000-0x00007FF7351E4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-119-0x00007FF734E90000-0x00007FF7351E4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-118-0x00007FF6BBE40000-0x00007FF6BC194000-memory.dmp

Filesize
3.3MB

Download
memory/2940-2142-0x00007FF6BBE40000-0x00007FF6BC194000-memory.dmp

Filesize
3.3MB

Download
memory/2940-2165-0x00007FF6BBE40000-0x00007FF6BC194000-memory.dmp

Filesize
3.3MB

Download
memory/2988-121-0x00007FF60C990000-0x00007FF60CCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2156-0x00007FF60C990000-0x00007FF60CCE4000-memory.dmp

Filesize
3.3MB

Download
memory/3128-2141-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp

Filesize
3.3MB

Download
memory/3128-2179-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp

Filesize
3.3MB

Download
memory/3128-117-0x00007FF76AC40000-0x00007FF76AF94000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2161-0x00007FF7C05A0000-0x00007FF7C08F4000-memory.dmp

Filesize
3.3MB

Download
memory/3464-106-0x00007FF7C05A0000-0x00007FF7C08F4000-memory.dmp

Filesize
3.3MB

Download
memory/4032-9-0x00007FF6C2530000-0x00007FF6C2884000-memory.dmp

Filesize
3.3MB

Download
memory/4032-1423-0x00007FF6C2530000-0x00007FF6C2884000-memory.dmp

Filesize
3.3MB

Download
memory/4032-2151-0x00007FF6C2530000-0x00007FF6C2884000-memory.dmp

Filesize
3.3MB

Download
memory/4048-114-0x00007FF6F71E0000-0x00007FF6F7534000-memory.dmp

Filesize
3.3MB

Download
memory/4048-2169-0x00007FF6F71E0000-0x00007FF6F7534000-memory.dmp

Filesize
3.3MB

Download
memory/4048-2138-0x00007FF6F71E0000-0x00007FF6F7534000-memory.dmp

Filesize
3.3MB

Download
memory/4136-2158-0x00007FF635630000-0x00007FF635984000-memory.dmp

Filesize
3.3MB

Download
memory/4136-88-0x00007FF635630000-0x00007FF635984000-memory.dmp

Filesize
3.3MB

Download
memory/4432-122-0x00007FF6E3610000-0x00007FF6E3964000-memory.dmp

Filesize
3.3MB

Download
memory/4432-2159-0x00007FF6E3610000-0x00007FF6E3964000-memory.dmp

Filesize
3.3MB

Download
memory/4440-2140-0x00007FF663420000-0x00007FF663774000-memory.dmp

Filesize
3.3MB

Download
memory/4440-2166-0x00007FF663420000-0x00007FF663774000-memory.dmp

Filesize
3.3MB

Download
memory/4440-116-0x00007FF663420000-0x00007FF663774000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2157-0x00007FF6F27F0000-0x00007FF6F2B44000-memory.dmp

Filesize
3.3MB

Download
memory/4732-99-0x00007FF6F27F0000-0x00007FF6F2B44000-memory.dmp

Filesize
3.3MB

Download
memory/4856-38-0x00007FF73F140000-0x00007FF73F494000-memory.dmp

Filesize
3.3MB

Download
memory/4856-2153-0x00007FF73F140000-0x00007FF73F494000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2144-0x00007FF668C20000-0x00007FF668F74000-memory.dmp

Filesize
3.3MB

Download
memory/4988-120-0x00007FF668C20000-0x00007FF668F74000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2164-0x00007FF668C20000-0x00007FF668F74000-memory.dmp

Filesize
3.3MB

Download
memory/5040-202-0x00007FF793010000-0x00007FF793364000-memory.dmp

Filesize
3.3MB

Download
memory/5040-2175-0x00007FF793010000-0x00007FF793364000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads