xmrig | 87dc8c18cbeaed614dc79dee57c8020928fd9aa957648d8806a7877e56650819

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
Size

2.5MB
MD5

3a85dcc3bc6e551b1021ca8f5442ac50
SHA1

459cbd508e00fe5f102459ee9d91c0075d9d5bb3
SHA256

87dc8c18cbeaed614dc79dee57c8020928fd9aa957648d8806a7877e56650819
SHA512

a12b434b580240126c7110f1826afe27c9a242380934dddb866f8412b2ed00a7185a7c1c0056208448a439498305f9ffe693d9ea7819c77ce6d5eb7319afb5c0
SSDEEP

49152:N0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjcz8DzeaEUiRJwzC:N0GnJMOWPClFdx6e0EALKWVTffZiPAcM

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2604-0-0x00007FF616F70000-0x00007FF617365000-memory.dmp	xmrig
C:\Windows\System32\qWqmafJ.exe	xmrig
C:\Windows\System32\Ycdftef.exe	xmrig
C:\Windows\System32\xoVTpmk.exe	xmrig
C:\Windows\System32\uyIWqHp.exe	xmrig
C:\Windows\System32\JxbqzuJ.exe	xmrig
C:\Windows\System32\wcFxndE.exe	xmrig
C:\Windows\System32\pRgKjfi.exe	xmrig
C:\Windows\System32\oDYwvgJ.exe	xmrig
C:\Windows\System32\aIDmPnY.exe	xmrig
C:\Windows\System32\wgdLdwb.exe	xmrig
C:\Windows\System32\CIyrHnI.exe	xmrig
C:\Windows\System32\MvznUDD.exe	xmrig
behavioral2/memory/4584-663-0x00007FF74DE50000-0x00007FF74E245000-memory.dmp	xmrig
behavioral2/memory/4580-664-0x00007FF74FB50000-0x00007FF74FF45000-memory.dmp	xmrig
behavioral2/memory/2992-665-0x00007FF68F980000-0x00007FF68FD75000-memory.dmp	xmrig
behavioral2/memory/3192-666-0x00007FF6360C0000-0x00007FF6364B5000-memory.dmp	xmrig
behavioral2/memory/864-667-0x00007FF7D8620000-0x00007FF7D8A15000-memory.dmp	xmrig
behavioral2/memory/2192-668-0x00007FF7F5590000-0x00007FF7F5985000-memory.dmp	xmrig
behavioral2/memory/3348-669-0x00007FF6D5C70000-0x00007FF6D6065000-memory.dmp	xmrig
behavioral2/memory/2108-670-0x00007FF700060000-0x00007FF700455000-memory.dmp	xmrig
behavioral2/memory/5064-671-0x00007FF741960000-0x00007FF741D55000-memory.dmp	xmrig
behavioral2/memory/1572-672-0x00007FF7915C0000-0x00007FF7919B5000-memory.dmp	xmrig
behavioral2/memory/4032-677-0x00007FF78BB00000-0x00007FF78BEF5000-memory.dmp	xmrig
behavioral2/memory/4164-678-0x00007FF677770000-0x00007FF677B65000-memory.dmp	xmrig
behavioral2/memory/920-692-0x00007FF630250000-0x00007FF630645000-memory.dmp	xmrig
behavioral2/memory/4244-696-0x00007FF6E3B50000-0x00007FF6E3F45000-memory.dmp	xmrig
behavioral2/memory/3372-702-0x00007FF7BBE70000-0x00007FF7BC265000-memory.dmp	xmrig
behavioral2/memory/3284-716-0x00007FF690890000-0x00007FF690C85000-memory.dmp	xmrig
behavioral2/memory/2856-712-0x00007FF65A980000-0x00007FF65AD75000-memory.dmp	xmrig
behavioral2/memory/1936-707-0x00007FF6C1130000-0x00007FF6C1525000-memory.dmp	xmrig
behavioral2/memory/2096-705-0x00007FF6CF760000-0x00007FF6CFB55000-memory.dmp	xmrig
behavioral2/memory/4516-686-0x00007FF7D1B70000-0x00007FF7D1F65000-memory.dmp	xmrig
behavioral2/memory/552-673-0x00007FF727930000-0x00007FF727D25000-memory.dmp	xmrig
C:\Windows\System32\xYYiMzT.exe	xmrig
C:\Windows\System32\LmIZMdN.exe	xmrig
C:\Windows\System32\fxuQBtJ.exe	xmrig
C:\Windows\System32\dsPAxra.exe	xmrig
C:\Windows\System32\Myaxjkn.exe	xmrig
C:\Windows\System32\astKHLw.exe	xmrig
C:\Windows\System32\csrYaVZ.exe	xmrig
C:\Windows\System32\dvSyHxq.exe	xmrig
C:\Windows\System32\gjLkZOx.exe	xmrig
C:\Windows\System32\BxXRRzV.exe	xmrig
C:\Windows\System32\qQWFWhL.exe	xmrig
C:\Windows\System32\fNlXsHa.exe	xmrig
C:\Windows\System32\aMWoysd.exe	xmrig
C:\Windows\System32\KccPeLK.exe	xmrig
C:\Windows\System32\pFZXIBd.exe	xmrig
C:\Windows\System32\UYglNID.exe	xmrig
C:\Windows\System32\zLshLvu.exe	xmrig
C:\Windows\System32\dfVMoyo.exe	xmrig
C:\Windows\System32\rdPBBmO.exe	xmrig
C:\Windows\System32\ndvXXgx.exe	xmrig
behavioral2/memory/3904-21-0x00007FF7E2A60000-0x00007FF7E2E55000-memory.dmp	xmrig
behavioral2/memory/3812-19-0x00007FF69B210000-0x00007FF69B605000-memory.dmp	xmrig
behavioral2/memory/1444-10-0x00007FF735B90000-0x00007FF735F85000-memory.dmp	xmrig
behavioral2/memory/2604-1904-0x00007FF616F70000-0x00007FF617365000-memory.dmp	xmrig
behavioral2/memory/3904-1905-0x00007FF7E2A60000-0x00007FF7E2E55000-memory.dmp	xmrig
behavioral2/memory/3812-1906-0x00007FF69B210000-0x00007FF69B605000-memory.dmp	xmrig
behavioral2/memory/1444-1907-0x00007FF735B90000-0x00007FF735F85000-memory.dmp	xmrig
behavioral2/memory/3812-1908-0x00007FF69B210000-0x00007FF69B605000-memory.dmp	xmrig
behavioral2/memory/3284-1910-0x00007FF690890000-0x00007FF690C85000-memory.dmp	xmrig
behavioral2/memory/4580-1909-0x00007FF74FB50000-0x00007FF74FF45000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

qWqmafJ.exexoVTpmk.exeYcdftef.exeuyIWqHp.exeJxbqzuJ.exendvXXgx.exerdPBBmO.exewcFxndE.exepRgKjfi.exedfVMoyo.exeoDYwvgJ.exezLshLvu.exeUYglNID.exepFZXIBd.exeKccPeLK.exeaMWoysd.exeaIDmPnY.exefNlXsHa.exeqQWFWhL.exeBxXRRzV.exegjLkZOx.exewgdLdwb.exedvSyHxq.execsrYaVZ.exeCIyrHnI.exeastKHLw.exeMyaxjkn.exedsPAxra.exeMvznUDD.exefxuQBtJ.exeLmIZMdN.exexYYiMzT.exeiDlIepP.exeOIKujZv.exesufSynQ.exePoXWROT.exenyAvhee.exeptPzQuV.exelgChUpg.exeKIYMuJW.exeSJuJHnG.exeSNZLKrc.exemdBvbGq.exeCLqTHWj.exeXdoJFMF.exeJQxOKIp.exeyZbEGBx.exeypoFgSc.exemZtNBbg.exeCnxCytw.exeyZpFEpI.exejYOwjhm.exeWBZccEn.exebtrfcPG.exeerlvXuJ.exesqFntJS.exeDLbgZzT.exepOUMmaP.exelNKTTAU.execjotDzK.exeJlaOVZZ.exeelCALWC.exeLWRfPOj.exehvOeZUX.exe

pid	process
1444	qWqmafJ.exe
3812	xoVTpmk.exe
3904	Ycdftef.exe
3284	uyIWqHp.exe
4584	JxbqzuJ.exe
4580	ndvXXgx.exe
2992	rdPBBmO.exe
3192	wcFxndE.exe
864	pRgKjfi.exe
2192	dfVMoyo.exe
3348	oDYwvgJ.exe
2108	zLshLvu.exe
5064	UYglNID.exe
1572	pFZXIBd.exe
552	KccPeLK.exe
4032	aMWoysd.exe
4164	aIDmPnY.exe
4516	fNlXsHa.exe
920	qQWFWhL.exe
4244	BxXRRzV.exe
3372	gjLkZOx.exe
2096	wgdLdwb.exe
1936	dvSyHxq.exe
2856	csrYaVZ.exe
2916	CIyrHnI.exe
2996	astKHLw.exe
2700	Myaxjkn.exe
3700	dsPAxra.exe
3508	MvznUDD.exe
3088	fxuQBtJ.exe
3568	LmIZMdN.exe
4064	xYYiMzT.exe
4240	iDlIepP.exe
780	OIKujZv.exe
3972	sufSynQ.exe
2796	PoXWROT.exe
2412	nyAvhee.exe
2600	ptPzQuV.exe
332	lgChUpg.exe
1912	KIYMuJW.exe
5052	SJuJHnG.exe
4872	SNZLKrc.exe
220	mdBvbGq.exe
4644	CLqTHWj.exe
2516	XdoJFMF.exe
2296	JQxOKIp.exe
2616	yZbEGBx.exe
4920	ypoFgSc.exe
5032	mZtNBbg.exe
4480	CnxCytw.exe
820	yZpFEpI.exe
2508	jYOwjhm.exe
2764	WBZccEn.exe
684	btrfcPG.exe
2920	erlvXuJ.exe
3196	sqFntJS.exe
1900	DLbgZzT.exe
4412	pOUMmaP.exe
2520	lNKTTAU.exe
1488	cjotDzK.exe
4964	JlaOVZZ.exe
5060	elCALWC.exe
2636	LWRfPOj.exe
2228	hvOeZUX.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2604-0-0x00007FF616F70000-0x00007FF617365000-memory.dmp	upx
C:\Windows\System32\qWqmafJ.exe	upx
C:\Windows\System32\Ycdftef.exe	upx
C:\Windows\System32\xoVTpmk.exe	upx
C:\Windows\System32\uyIWqHp.exe	upx
C:\Windows\System32\JxbqzuJ.exe	upx
C:\Windows\System32\wcFxndE.exe	upx
C:\Windows\System32\pRgKjfi.exe	upx
C:\Windows\System32\oDYwvgJ.exe	upx
C:\Windows\System32\aIDmPnY.exe	upx
C:\Windows\System32\wgdLdwb.exe	upx
C:\Windows\System32\CIyrHnI.exe	upx
C:\Windows\System32\MvznUDD.exe	upx
behavioral2/memory/4584-663-0x00007FF74DE50000-0x00007FF74E245000-memory.dmp	upx
behavioral2/memory/4580-664-0x00007FF74FB50000-0x00007FF74FF45000-memory.dmp	upx
behavioral2/memory/2992-665-0x00007FF68F980000-0x00007FF68FD75000-memory.dmp	upx
behavioral2/memory/3192-666-0x00007FF6360C0000-0x00007FF6364B5000-memory.dmp	upx
behavioral2/memory/864-667-0x00007FF7D8620000-0x00007FF7D8A15000-memory.dmp	upx
behavioral2/memory/2192-668-0x00007FF7F5590000-0x00007FF7F5985000-memory.dmp	upx
behavioral2/memory/3348-669-0x00007FF6D5C70000-0x00007FF6D6065000-memory.dmp	upx
behavioral2/memory/2108-670-0x00007FF700060000-0x00007FF700455000-memory.dmp	upx
behavioral2/memory/5064-671-0x00007FF741960000-0x00007FF741D55000-memory.dmp	upx
behavioral2/memory/1572-672-0x00007FF7915C0000-0x00007FF7919B5000-memory.dmp	upx
behavioral2/memory/4032-677-0x00007FF78BB00000-0x00007FF78BEF5000-memory.dmp	upx
behavioral2/memory/4164-678-0x00007FF677770000-0x00007FF677B65000-memory.dmp	upx
behavioral2/memory/920-692-0x00007FF630250000-0x00007FF630645000-memory.dmp	upx
behavioral2/memory/4244-696-0x00007FF6E3B50000-0x00007FF6E3F45000-memory.dmp	upx
behavioral2/memory/3372-702-0x00007FF7BBE70000-0x00007FF7BC265000-memory.dmp	upx
behavioral2/memory/3284-716-0x00007FF690890000-0x00007FF690C85000-memory.dmp	upx
behavioral2/memory/2856-712-0x00007FF65A980000-0x00007FF65AD75000-memory.dmp	upx
behavioral2/memory/1936-707-0x00007FF6C1130000-0x00007FF6C1525000-memory.dmp	upx
behavioral2/memory/2096-705-0x00007FF6CF760000-0x00007FF6CFB55000-memory.dmp	upx
behavioral2/memory/4516-686-0x00007FF7D1B70000-0x00007FF7D1F65000-memory.dmp	upx
behavioral2/memory/552-673-0x00007FF727930000-0x00007FF727D25000-memory.dmp	upx
C:\Windows\System32\xYYiMzT.exe	upx
C:\Windows\System32\LmIZMdN.exe	upx
C:\Windows\System32\fxuQBtJ.exe	upx
C:\Windows\System32\dsPAxra.exe	upx
C:\Windows\System32\Myaxjkn.exe	upx
C:\Windows\System32\astKHLw.exe	upx
C:\Windows\System32\csrYaVZ.exe	upx
C:\Windows\System32\dvSyHxq.exe	upx
C:\Windows\System32\gjLkZOx.exe	upx
C:\Windows\System32\BxXRRzV.exe	upx
C:\Windows\System32\qQWFWhL.exe	upx
C:\Windows\System32\fNlXsHa.exe	upx
C:\Windows\System32\aMWoysd.exe	upx
C:\Windows\System32\KccPeLK.exe	upx
C:\Windows\System32\pFZXIBd.exe	upx
C:\Windows\System32\UYglNID.exe	upx
C:\Windows\System32\zLshLvu.exe	upx
C:\Windows\System32\dfVMoyo.exe	upx
C:\Windows\System32\rdPBBmO.exe	upx
C:\Windows\System32\ndvXXgx.exe	upx
behavioral2/memory/3904-21-0x00007FF7E2A60000-0x00007FF7E2E55000-memory.dmp	upx
behavioral2/memory/3812-19-0x00007FF69B210000-0x00007FF69B605000-memory.dmp	upx
behavioral2/memory/1444-10-0x00007FF735B90000-0x00007FF735F85000-memory.dmp	upx
behavioral2/memory/2604-1904-0x00007FF616F70000-0x00007FF617365000-memory.dmp	upx
behavioral2/memory/3904-1905-0x00007FF7E2A60000-0x00007FF7E2E55000-memory.dmp	upx
behavioral2/memory/3812-1906-0x00007FF69B210000-0x00007FF69B605000-memory.dmp	upx
behavioral2/memory/1444-1907-0x00007FF735B90000-0x00007FF735F85000-memory.dmp	upx
behavioral2/memory/3812-1908-0x00007FF69B210000-0x00007FF69B605000-memory.dmp	upx
behavioral2/memory/3284-1910-0x00007FF690890000-0x00007FF690C85000-memory.dmp	upx
behavioral2/memory/4580-1909-0x00007FF74FB50000-0x00007FF74FF45000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

Processes:

3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System32\shVXTit.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\eimqbeE.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\uIDnReF.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\qWpdLOV.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\wxvBGyU.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\QWRZVrz.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\pixMiTr.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\UwoezZF.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\ovHDlps.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\mOwLZGo.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\ixLeACP.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\nCyHuHd.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\DsZPUDI.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\TLYvTvD.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\mwMqnsP.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\aXnvGoM.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\pfpPhya.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\QsGEENn.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\ndvXXgx.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\NGdLonO.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\qQbcYoh.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\ptuUEzx.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\BxXRRzV.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\zOBvzaG.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\VSAnqSY.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\ONtFpTu.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\yblEgKF.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\tGNnqky.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\CTlWPGv.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\UyjkUtj.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\YkpStPX.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\xMYEWsP.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\CoNRnTw.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\vcBrjVE.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\WZMpMUd.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\btrfcPG.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\yTnemua.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\cAUjtIa.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\iMJRTup.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\cjotDzK.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\LWRfPOj.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\SqSglKl.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\HaQXiXn.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\xXCzvrk.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\TmEGNhT.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\DahXiCy.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\nvRqKqD.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\nVlaBlQ.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\sufSynQ.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\NjMqxoY.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\ZLHEktQ.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\apAaVVq.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\ClbOqSI.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\SaAXpog.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\pkzvwBA.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\egAFuWy.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\xCTBlnc.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\MvznUDD.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\cEhOFuJ.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\CQuwsKw.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\DTEnrPS.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\PIFymxr.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\TYDJkeo.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
File created	C:\Windows\System32\aJVVNBT.exe	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	1060	dwm.exe
Token: SeChangeNotifyPrivilege	1060	dwm.exe
Token: 33	1060	dwm.exe
Token: SeIncBasePriorityPrivilege	1060	dwm.exe
Token: SeShutdownPrivilege	1060	dwm.exe
Token: SeCreatePagefilePrivilege	1060	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe

description	pid	process	target process
PID 2604 wrote to memory of 1444	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	qWqmafJ.exe
PID 2604 wrote to memory of 1444	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	qWqmafJ.exe
PID 2604 wrote to memory of 3812	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	xoVTpmk.exe
PID 2604 wrote to memory of 3812	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	xoVTpmk.exe
PID 2604 wrote to memory of 3904	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	Ycdftef.exe
PID 2604 wrote to memory of 3904	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	Ycdftef.exe
PID 2604 wrote to memory of 3284	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	uyIWqHp.exe
PID 2604 wrote to memory of 3284	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	uyIWqHp.exe
PID 2604 wrote to memory of 4584	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	JxbqzuJ.exe
PID 2604 wrote to memory of 4584	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	JxbqzuJ.exe
PID 2604 wrote to memory of 4580	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	ndvXXgx.exe
PID 2604 wrote to memory of 4580	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	ndvXXgx.exe
PID 2604 wrote to memory of 2992	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	rdPBBmO.exe
PID 2604 wrote to memory of 2992	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	rdPBBmO.exe
PID 2604 wrote to memory of 3192	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	wcFxndE.exe
PID 2604 wrote to memory of 3192	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	wcFxndE.exe
PID 2604 wrote to memory of 864	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	pRgKjfi.exe
PID 2604 wrote to memory of 864	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	pRgKjfi.exe
PID 2604 wrote to memory of 2192	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	dfVMoyo.exe
PID 2604 wrote to memory of 2192	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	dfVMoyo.exe
PID 2604 wrote to memory of 3348	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	oDYwvgJ.exe
PID 2604 wrote to memory of 3348	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	oDYwvgJ.exe
PID 2604 wrote to memory of 2108	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	zLshLvu.exe
PID 2604 wrote to memory of 2108	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	zLshLvu.exe
PID 2604 wrote to memory of 5064	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	UYglNID.exe
PID 2604 wrote to memory of 5064	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	UYglNID.exe
PID 2604 wrote to memory of 1572	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	pFZXIBd.exe
PID 2604 wrote to memory of 1572	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	pFZXIBd.exe
PID 2604 wrote to memory of 552	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	KccPeLK.exe
PID 2604 wrote to memory of 552	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	KccPeLK.exe
PID 2604 wrote to memory of 4032	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	aMWoysd.exe
PID 2604 wrote to memory of 4032	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	aMWoysd.exe
PID 2604 wrote to memory of 4164	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	aIDmPnY.exe
PID 2604 wrote to memory of 4164	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	aIDmPnY.exe
PID 2604 wrote to memory of 4516	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	fNlXsHa.exe
PID 2604 wrote to memory of 4516	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	fNlXsHa.exe
PID 2604 wrote to memory of 920	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	qQWFWhL.exe
PID 2604 wrote to memory of 920	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	qQWFWhL.exe
PID 2604 wrote to memory of 4244	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	BxXRRzV.exe
PID 2604 wrote to memory of 4244	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	BxXRRzV.exe
PID 2604 wrote to memory of 3372	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	gjLkZOx.exe
PID 2604 wrote to memory of 3372	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	gjLkZOx.exe
PID 2604 wrote to memory of 2096	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	wgdLdwb.exe
PID 2604 wrote to memory of 2096	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	wgdLdwb.exe
PID 2604 wrote to memory of 1936	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	dvSyHxq.exe
PID 2604 wrote to memory of 1936	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	dvSyHxq.exe
PID 2604 wrote to memory of 2856	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	csrYaVZ.exe
PID 2604 wrote to memory of 2856	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	csrYaVZ.exe
PID 2604 wrote to memory of 2916	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	CIyrHnI.exe
PID 2604 wrote to memory of 2916	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	CIyrHnI.exe
PID 2604 wrote to memory of 2996	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	astKHLw.exe
PID 2604 wrote to memory of 2996	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	astKHLw.exe
PID 2604 wrote to memory of 2700	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	Myaxjkn.exe
PID 2604 wrote to memory of 2700	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	Myaxjkn.exe
PID 2604 wrote to memory of 3700	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	dsPAxra.exe
PID 2604 wrote to memory of 3700	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	dsPAxra.exe
PID 2604 wrote to memory of 3508	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	MvznUDD.exe
PID 2604 wrote to memory of 3508	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	MvznUDD.exe
PID 2604 wrote to memory of 3088	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	fxuQBtJ.exe
PID 2604 wrote to memory of 3088	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	fxuQBtJ.exe
PID 2604 wrote to memory of 3568	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	LmIZMdN.exe
PID 2604 wrote to memory of 3568	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	LmIZMdN.exe
PID 2604 wrote to memory of 4064	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	xYYiMzT.exe
PID 2604 wrote to memory of 4064	2604	3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe	xYYiMzT.exe

C:\Users\Admin\AppData\Local\Temp\3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3a85dcc3bc6e551b1021ca8f5442ac50_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Windows\System32\qWqmafJ.exe
  C:\Windows\System32\qWqmafJ.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System32\xoVTpmk.exe
  C:\Windows\System32\xoVTpmk.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System32\Ycdftef.exe
  C:\Windows\System32\Ycdftef.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System32\uyIWqHp.exe
  C:\Windows\System32\uyIWqHp.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System32\JxbqzuJ.exe
  C:\Windows\System32\JxbqzuJ.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System32\ndvXXgx.exe
  C:\Windows\System32\ndvXXgx.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System32\rdPBBmO.exe
  C:\Windows\System32\rdPBBmO.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System32\wcFxndE.exe
  C:\Windows\System32\wcFxndE.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System32\pRgKjfi.exe
  C:\Windows\System32\pRgKjfi.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System32\dfVMoyo.exe
  C:\Windows\System32\dfVMoyo.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System32\oDYwvgJ.exe
  C:\Windows\System32\oDYwvgJ.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System32\zLshLvu.exe
  C:\Windows\System32\zLshLvu.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System32\UYglNID.exe
  C:\Windows\System32\UYglNID.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System32\pFZXIBd.exe
  C:\Windows\System32\pFZXIBd.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System32\KccPeLK.exe
  C:\Windows\System32\KccPeLK.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System32\aMWoysd.exe
  C:\Windows\System32\aMWoysd.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System32\aIDmPnY.exe
  C:\Windows\System32\aIDmPnY.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System32\fNlXsHa.exe
  C:\Windows\System32\fNlXsHa.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System32\qQWFWhL.exe
  C:\Windows\System32\qQWFWhL.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System32\BxXRRzV.exe
  C:\Windows\System32\BxXRRzV.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System32\gjLkZOx.exe
  C:\Windows\System32\gjLkZOx.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System32\wgdLdwb.exe
  C:\Windows\System32\wgdLdwb.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System32\dvSyHxq.exe
  C:\Windows\System32\dvSyHxq.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System32\csrYaVZ.exe
  C:\Windows\System32\csrYaVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System32\CIyrHnI.exe
  C:\Windows\System32\CIyrHnI.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System32\astKHLw.exe
  C:\Windows\System32\astKHLw.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System32\Myaxjkn.exe
  C:\Windows\System32\Myaxjkn.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System32\dsPAxra.exe
  C:\Windows\System32\dsPAxra.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System32\MvznUDD.exe
  C:\Windows\System32\MvznUDD.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System32\fxuQBtJ.exe
  C:\Windows\System32\fxuQBtJ.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System32\LmIZMdN.exe
  C:\Windows\System32\LmIZMdN.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System32\xYYiMzT.exe
  C:\Windows\System32\xYYiMzT.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System32\iDlIepP.exe
  C:\Windows\System32\iDlIepP.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System32\OIKujZv.exe
  C:\Windows\System32\OIKujZv.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System32\sufSynQ.exe
  C:\Windows\System32\sufSynQ.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System32\PoXWROT.exe
  C:\Windows\System32\PoXWROT.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System32\nyAvhee.exe
  C:\Windows\System32\nyAvhee.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System32\ptPzQuV.exe
  C:\Windows\System32\ptPzQuV.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System32\lgChUpg.exe
  C:\Windows\System32\lgChUpg.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System32\KIYMuJW.exe
  C:\Windows\System32\KIYMuJW.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System32\SJuJHnG.exe
  C:\Windows\System32\SJuJHnG.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System32\SNZLKrc.exe
  C:\Windows\System32\SNZLKrc.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System32\mdBvbGq.exe
  C:\Windows\System32\mdBvbGq.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System32\CLqTHWj.exe
  C:\Windows\System32\CLqTHWj.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System32\XdoJFMF.exe
  C:\Windows\System32\XdoJFMF.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System32\JQxOKIp.exe
  C:\Windows\System32\JQxOKIp.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System32\yZbEGBx.exe
  C:\Windows\System32\yZbEGBx.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System32\ypoFgSc.exe
  C:\Windows\System32\ypoFgSc.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System32\mZtNBbg.exe
  C:\Windows\System32\mZtNBbg.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System32\CnxCytw.exe
  C:\Windows\System32\CnxCytw.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System32\yZpFEpI.exe
  C:\Windows\System32\yZpFEpI.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System32\jYOwjhm.exe
  C:\Windows\System32\jYOwjhm.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System32\WBZccEn.exe
  C:\Windows\System32\WBZccEn.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System32\btrfcPG.exe
  C:\Windows\System32\btrfcPG.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System32\erlvXuJ.exe
  C:\Windows\System32\erlvXuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System32\sqFntJS.exe
  C:\Windows\System32\sqFntJS.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System32\DLbgZzT.exe
  C:\Windows\System32\DLbgZzT.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System32\pOUMmaP.exe
  C:\Windows\System32\pOUMmaP.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System32\lNKTTAU.exe
  C:\Windows\System32\lNKTTAU.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System32\cjotDzK.exe
  C:\Windows\System32\cjotDzK.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System32\JlaOVZZ.exe
  C:\Windows\System32\JlaOVZZ.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System32\elCALWC.exe
  C:\Windows\System32\elCALWC.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System32\LWRfPOj.exe
  C:\Windows\System32\LWRfPOj.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System32\hvOeZUX.exe
  C:\Windows\System32\hvOeZUX.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System32\LeTFjQv.exe
  C:\Windows\System32\LeTFjQv.exe
  2⤵
  PID:1964
- C:\Windows\System32\BttaSXJ.exe
  C:\Windows\System32\BttaSXJ.exe
  2⤵
  PID:4532
- C:\Windows\System32\WAEZBnb.exe
  C:\Windows\System32\WAEZBnb.exe
  2⤵
  PID:2276
- C:\Windows\System32\RpVdYJc.exe
  C:\Windows\System32\RpVdYJc.exe
  2⤵
  PID:4488
- C:\Windows\System32\JbCLksB.exe
  C:\Windows\System32\JbCLksB.exe
  2⤵
  PID:2536
- C:\Windows\System32\xMYEWsP.exe
  C:\Windows\System32\xMYEWsP.exe
  2⤵
  PID:4552
- C:\Windows\System32\CoNRnTw.exe
  C:\Windows\System32\CoNRnTw.exe
  2⤵
  PID:4376
- C:\Windows\System32\PHPihOZ.exe
  C:\Windows\System32\PHPihOZ.exe
  2⤵
  PID:4336
- C:\Windows\System32\AQrywtm.exe
  C:\Windows\System32\AQrywtm.exe
  2⤵
  PID:3696
- C:\Windows\System32\FQckfpU.exe
  C:\Windows\System32\FQckfpU.exe
  2⤵
  PID:1036
- C:\Windows\System32\UibWHeW.exe
  C:\Windows\System32\UibWHeW.exe
  2⤵
  PID:4508
- C:\Windows\System32\BskGyNk.exe
  C:\Windows\System32\BskGyNk.exe
  2⤵
  PID:3480
- C:\Windows\System32\vGbJkSy.exe
  C:\Windows\System32\vGbJkSy.exe
  2⤵
  PID:1384
- C:\Windows\System32\nmvcylt.exe
  C:\Windows\System32\nmvcylt.exe
  2⤵
  PID:4072
- C:\Windows\System32\NxyKWfp.exe
  C:\Windows\System32\NxyKWfp.exe
  2⤵
  PID:5148
- C:\Windows\System32\YUiPNdz.exe
  C:\Windows\System32\YUiPNdz.exe
  2⤵
  PID:5176
- C:\Windows\System32\RuWELuN.exe
  C:\Windows\System32\RuWELuN.exe
  2⤵
  PID:5204
- C:\Windows\System32\EXNMDwT.exe
  C:\Windows\System32\EXNMDwT.exe
  2⤵
  PID:5232
- C:\Windows\System32\NYLHuXK.exe
  C:\Windows\System32\NYLHuXK.exe
  2⤵
  PID:5260
- C:\Windows\System32\vcBrjVE.exe
  C:\Windows\System32\vcBrjVE.exe
  2⤵
  PID:5288
- C:\Windows\System32\JVSaXng.exe
  C:\Windows\System32\JVSaXng.exe
  2⤵
  PID:5316
- C:\Windows\System32\wesraVV.exe
  C:\Windows\System32\wesraVV.exe
  2⤵
  PID:5352
- C:\Windows\System32\zqETZlM.exe
  C:\Windows\System32\zqETZlM.exe
  2⤵
  PID:5372
- C:\Windows\System32\KwETXnp.exe
  C:\Windows\System32\KwETXnp.exe
  2⤵
  PID:5400
- C:\Windows\System32\guUzDwA.exe
  C:\Windows\System32\guUzDwA.exe
  2⤵
  PID:5428
- C:\Windows\System32\AzglmnA.exe
  C:\Windows\System32\AzglmnA.exe
  2⤵
  PID:5456
- C:\Windows\System32\AtKmavJ.exe
  C:\Windows\System32\AtKmavJ.exe
  2⤵
  PID:5484
- C:\Windows\System32\iyAxHsR.exe
  C:\Windows\System32\iyAxHsR.exe
  2⤵
  PID:5512
- C:\Windows\System32\uVyAWpT.exe
  C:\Windows\System32\uVyAWpT.exe
  2⤵
  PID:5540
- C:\Windows\System32\kywFivh.exe
  C:\Windows\System32\kywFivh.exe
  2⤵
  PID:5568
- C:\Windows\System32\XNkcjvn.exe
  C:\Windows\System32\XNkcjvn.exe
  2⤵
  PID:5596
- C:\Windows\System32\olWWlbR.exe
  C:\Windows\System32\olWWlbR.exe
  2⤵
  PID:5624
- C:\Windows\System32\taqEGoN.exe
  C:\Windows\System32\taqEGoN.exe
  2⤵
  PID:5652
- C:\Windows\System32\AGbPzZK.exe
  C:\Windows\System32\AGbPzZK.exe
  2⤵
  PID:5680
- C:\Windows\System32\yTnemua.exe
  C:\Windows\System32\yTnemua.exe
  2⤵
  PID:5708
- C:\Windows\System32\jzsTtJm.exe
  C:\Windows\System32\jzsTtJm.exe
  2⤵
  PID:5736
- C:\Windows\System32\vnPTDQy.exe
  C:\Windows\System32\vnPTDQy.exe
  2⤵
  PID:5764
- C:\Windows\System32\YcUQZOQ.exe
  C:\Windows\System32\YcUQZOQ.exe
  2⤵
  PID:5792
- C:\Windows\System32\DJBHLVN.exe
  C:\Windows\System32\DJBHLVN.exe
  2⤵
  PID:5820
- C:\Windows\System32\forPfxc.exe
  C:\Windows\System32\forPfxc.exe
  2⤵
  PID:5848
- C:\Windows\System32\FeSUgYN.exe
  C:\Windows\System32\FeSUgYN.exe
  2⤵
  PID:5876
- C:\Windows\System32\uFXGebP.exe
  C:\Windows\System32\uFXGebP.exe
  2⤵
  PID:5904
- C:\Windows\System32\aLDlbUn.exe
  C:\Windows\System32\aLDlbUn.exe
  2⤵
  PID:5932
- C:\Windows\System32\oTQyqco.exe
  C:\Windows\System32\oTQyqco.exe
  2⤵
  PID:5960
- C:\Windows\System32\FTIeAUy.exe
  C:\Windows\System32\FTIeAUy.exe
  2⤵
  PID:5988
- C:\Windows\System32\OzxuQKI.exe
  C:\Windows\System32\OzxuQKI.exe
  2⤵
  PID:6016
- C:\Windows\System32\iBUIpvV.exe
  C:\Windows\System32\iBUIpvV.exe
  2⤵
  PID:6044
- C:\Windows\System32\RFTYtfD.exe
  C:\Windows\System32\RFTYtfD.exe
  2⤵
  PID:6072
- C:\Windows\System32\jvsITTC.exe
  C:\Windows\System32\jvsITTC.exe
  2⤵
  PID:6100
- C:\Windows\System32\audUQJi.exe
  C:\Windows\System32\audUQJi.exe
  2⤵
  PID:6128
- C:\Windows\System32\PpiEMSB.exe
  C:\Windows\System32\PpiEMSB.exe
  2⤵
  PID:1960
- C:\Windows\System32\mwMqnsP.exe
  C:\Windows\System32\mwMqnsP.exe
  2⤵
  PID:2548
- C:\Windows\System32\zLadQdG.exe
  C:\Windows\System32\zLadQdG.exe
  2⤵
  PID:1644
- C:\Windows\System32\TrOPrid.exe
  C:\Windows\System32\TrOPrid.exe
  2⤵
  PID:468
- C:\Windows\System32\fwxuRFi.exe
  C:\Windows\System32\fwxuRFi.exe
  2⤵
  PID:3472
- C:\Windows\System32\ovHDlps.exe
  C:\Windows\System32\ovHDlps.exe
  2⤵
  PID:2144
- C:\Windows\System32\pbjUdHy.exe
  C:\Windows\System32\pbjUdHy.exe
  2⤵
  PID:5188
- C:\Windows\System32\kEqyKjj.exe
  C:\Windows\System32\kEqyKjj.exe
  2⤵
  PID:5256
- C:\Windows\System32\NGdLonO.exe
  C:\Windows\System32\NGdLonO.exe
  2⤵
  PID:5304
- C:\Windows\System32\MPjhRnz.exe
  C:\Windows\System32\MPjhRnz.exe
  2⤵
  PID:5388
- C:\Windows\System32\yBCtPOa.exe
  C:\Windows\System32\yBCtPOa.exe
  2⤵
  PID:5452
- C:\Windows\System32\KwmAMLC.exe
  C:\Windows\System32\KwmAMLC.exe
  2⤵
  PID:5500
- C:\Windows\System32\EKyCQQp.exe
  C:\Windows\System32\EKyCQQp.exe
  2⤵
  PID:5580
- C:\Windows\System32\UPoODAA.exe
  C:\Windows\System32\UPoODAA.exe
  2⤵
  PID:5648
- C:\Windows\System32\wZjJFQS.exe
  C:\Windows\System32\wZjJFQS.exe
  2⤵
  PID:5724
- C:\Windows\System32\VrjsVxO.exe
  C:\Windows\System32\VrjsVxO.exe
  2⤵
  PID:5776
- C:\Windows\System32\amRXcUA.exe
  C:\Windows\System32\amRXcUA.exe
  2⤵
  PID:5836
- C:\Windows\System32\eEdLuWL.exe
  C:\Windows\System32\eEdLuWL.exe
  2⤵
  PID:5892
- C:\Windows\System32\lbIvDKF.exe
  C:\Windows\System32\lbIvDKF.exe
  2⤵
  PID:5972
- C:\Windows\System32\VfxqNdU.exe
  C:\Windows\System32\VfxqNdU.exe
  2⤵
  PID:6040
- C:\Windows\System32\EzmbqLk.exe
  C:\Windows\System32\EzmbqLk.exe
  2⤵
  PID:6088
- C:\Windows\System32\zbHmJMI.exe
  C:\Windows\System32\zbHmJMI.exe
  2⤵
  PID:4216
- C:\Windows\System32\Kfdsxhr.exe
  C:\Windows\System32\Kfdsxhr.exe
  2⤵
  PID:816
- C:\Windows\System32\tPcnUgf.exe
  C:\Windows\System32\tPcnUgf.exe
  2⤵
  PID:1640
- C:\Windows\System32\hkokhEe.exe
  C:\Windows\System32\hkokhEe.exe
  2⤵
  PID:5284
- C:\Windows\System32\GaNwGCE.exe
  C:\Windows\System32\GaNwGCE.exe
  2⤵
  PID:5440
- C:\Windows\System32\YJLUChJ.exe
  C:\Windows\System32\YJLUChJ.exe
  2⤵
  PID:5552
- C:\Windows\System32\obJPoGD.exe
  C:\Windows\System32\obJPoGD.exe
  2⤵
  PID:5720
- C:\Windows\System32\CdXfDNx.exe
  C:\Windows\System32\CdXfDNx.exe
  2⤵
  PID:5900
- C:\Windows\System32\PLwiLSu.exe
  C:\Windows\System32\PLwiLSu.exe
  2⤵
  PID:6012
- C:\Windows\System32\vZlIKHf.exe
  C:\Windows\System32\vZlIKHf.exe
  2⤵
  PID:4036
- C:\Windows\System32\HTOYBCX.exe
  C:\Windows\System32\HTOYBCX.exe
  2⤵
  PID:5228
- C:\Windows\System32\ghKkKWw.exe
  C:\Windows\System32\ghKkKWw.exe
  2⤵
  PID:5472
- C:\Windows\System32\EAPVJBG.exe
  C:\Windows\System32\EAPVJBG.exe
  2⤵
  PID:5948
- C:\Windows\System32\iquuAML.exe
  C:\Windows\System32\iquuAML.exe
  2⤵
  PID:6160
- C:\Windows\System32\pUMcgcZ.exe
  C:\Windows\System32\pUMcgcZ.exe
  2⤵
  PID:6188
- C:\Windows\System32\EJxwPXk.exe
  C:\Windows\System32\EJxwPXk.exe
  2⤵
  PID:6216
- C:\Windows\System32\jOMNaxB.exe
  C:\Windows\System32\jOMNaxB.exe
  2⤵
  PID:6244
- C:\Windows\System32\BFXBvOK.exe
  C:\Windows\System32\BFXBvOK.exe
  2⤵
  PID:6272
- C:\Windows\System32\YdlmLwU.exe
  C:\Windows\System32\YdlmLwU.exe
  2⤵
  PID:6300
- C:\Windows\System32\opDeImr.exe
  C:\Windows\System32\opDeImr.exe
  2⤵
  PID:6328
- C:\Windows\System32\dbgkywZ.exe
  C:\Windows\System32\dbgkywZ.exe
  2⤵
  PID:6356
- C:\Windows\System32\IKyFbQl.exe
  C:\Windows\System32\IKyFbQl.exe
  2⤵
  PID:6384
- C:\Windows\System32\IHpEXOz.exe
  C:\Windows\System32\IHpEXOz.exe
  2⤵
  PID:6412
- C:\Windows\System32\aMtPiqm.exe
  C:\Windows\System32\aMtPiqm.exe
  2⤵
  PID:6440
- C:\Windows\System32\tIWBFza.exe
  C:\Windows\System32\tIWBFza.exe
  2⤵
  PID:6468
- C:\Windows\System32\XuWBBRV.exe
  C:\Windows\System32\XuWBBRV.exe
  2⤵
  PID:6496
- C:\Windows\System32\XVFedMs.exe
  C:\Windows\System32\XVFedMs.exe
  2⤵
  PID:6524
- C:\Windows\System32\gqJBQIg.exe
  C:\Windows\System32\gqJBQIg.exe
  2⤵
  PID:6552
- C:\Windows\System32\umBhRvn.exe
  C:\Windows\System32\umBhRvn.exe
  2⤵
  PID:6580
- C:\Windows\System32\zfvmcKJ.exe
  C:\Windows\System32\zfvmcKJ.exe
  2⤵
  PID:6608
- C:\Windows\System32\mDUPzpF.exe
  C:\Windows\System32\mDUPzpF.exe
  2⤵
  PID:6636
- C:\Windows\System32\JKUnmQb.exe
  C:\Windows\System32\JKUnmQb.exe
  2⤵
  PID:6664
- C:\Windows\System32\NRQVPxu.exe
  C:\Windows\System32\NRQVPxu.exe
  2⤵
  PID:6692
- C:\Windows\System32\CHKkNoZ.exe
  C:\Windows\System32\CHKkNoZ.exe
  2⤵
  PID:6720
- C:\Windows\System32\OfuJVuK.exe
  C:\Windows\System32\OfuJVuK.exe
  2⤵
  PID:6748
- C:\Windows\System32\zgbuveE.exe
  C:\Windows\System32\zgbuveE.exe
  2⤵
  PID:6776
- C:\Windows\System32\TSfXqAK.exe
  C:\Windows\System32\TSfXqAK.exe
  2⤵
  PID:6804
- C:\Windows\System32\UHRqFpn.exe
  C:\Windows\System32\UHRqFpn.exe
  2⤵
  PID:6832
- C:\Windows\System32\COIvCLt.exe
  C:\Windows\System32\COIvCLt.exe
  2⤵
  PID:6860
- C:\Windows\System32\tdqaseB.exe
  C:\Windows\System32\tdqaseB.exe
  2⤵
  PID:6888
- C:\Windows\System32\IHYSElA.exe
  C:\Windows\System32\IHYSElA.exe
  2⤵
  PID:6916
- C:\Windows\System32\SqSglKl.exe
  C:\Windows\System32\SqSglKl.exe
  2⤵
  PID:6944
- C:\Windows\System32\LnXmVsY.exe
  C:\Windows\System32\LnXmVsY.exe
  2⤵
  PID:6980
- C:\Windows\System32\pruDDXV.exe
  C:\Windows\System32\pruDDXV.exe
  2⤵
  PID:7000
- C:\Windows\System32\dohdXpJ.exe
  C:\Windows\System32\dohdXpJ.exe
  2⤵
  PID:7028
- C:\Windows\System32\ovBtrjI.exe
  C:\Windows\System32\ovBtrjI.exe
  2⤵
  PID:7056
- C:\Windows\System32\qWpdLOV.exe
  C:\Windows\System32\qWpdLOV.exe
  2⤵
  PID:7084
- C:\Windows\System32\mJvmDGp.exe
  C:\Windows\System32\mJvmDGp.exe
  2⤵
  PID:7112
- C:\Windows\System32\EOjnoJB.exe
  C:\Windows\System32\EOjnoJB.exe
  2⤵
  PID:7140
- C:\Windows\System32\IkbQOBv.exe
  C:\Windows\System32\IkbQOBv.exe
  2⤵
  PID:6140
- C:\Windows\System32\gZBjEXH.exe
  C:\Windows\System32\gZBjEXH.exe
  2⤵
  PID:2376
- C:\Windows\System32\BOxrfGn.exe
  C:\Windows\System32\BOxrfGn.exe
  2⤵
  PID:6156
- C:\Windows\System32\LnpSpZy.exe
  C:\Windows\System32\LnpSpZy.exe
  2⤵
  PID:6204
- C:\Windows\System32\WWeLreK.exe
  C:\Windows\System32\WWeLreK.exe
  2⤵
  PID:6284
- C:\Windows\System32\hrGNaKH.exe
  C:\Windows\System32\hrGNaKH.exe
  2⤵
  PID:6352
- C:\Windows\System32\xRGLZJq.exe
  C:\Windows\System32\xRGLZJq.exe
  2⤵
  PID:6408
- C:\Windows\System32\VBDNsYx.exe
  C:\Windows\System32\VBDNsYx.exe
  2⤵
  PID:6456
- C:\Windows\System32\ndeiHif.exe
  C:\Windows\System32\ndeiHif.exe
  2⤵
  PID:6536
- C:\Windows\System32\iAWxHry.exe
  C:\Windows\System32\iAWxHry.exe
  2⤵
  PID:388
- C:\Windows\System32\SaAXpog.exe
  C:\Windows\System32\SaAXpog.exe
  2⤵
  PID:6624
- C:\Windows\System32\KbapZcx.exe
  C:\Windows\System32\KbapZcx.exe
  2⤵
  PID:6704
- C:\Windows\System32\qSbppkI.exe
  C:\Windows\System32\qSbppkI.exe
  2⤵
  PID:6760
- C:\Windows\System32\IeVyhJG.exe
  C:\Windows\System32\IeVyhJG.exe
  2⤵
  PID:840
- C:\Windows\System32\VaDFOMJ.exe
  C:\Windows\System32\VaDFOMJ.exe
  2⤵
  PID:4992
- C:\Windows\System32\jaJWceA.exe
  C:\Windows\System32\jaJWceA.exe
  2⤵
  PID:5620
- C:\Windows\System32\vaTPHcj.exe
  C:\Windows\System32\vaTPHcj.exe
  2⤵
  PID:6184
- C:\Windows\System32\aIuEkwW.exe
  C:\Windows\System32\aIuEkwW.exe
  2⤵
  PID:2568
- C:\Windows\System32\qcPQmuH.exe
  C:\Windows\System32\qcPQmuH.exe
  2⤵
  PID:6340
- C:\Windows\System32\xcNjmtJ.exe
  C:\Windows\System32\xcNjmtJ.exe
  2⤵
  PID:6508
- C:\Windows\System32\tWOeLLI.exe
  C:\Windows\System32\tWOeLLI.exe
  2⤵
  PID:6592
- C:\Windows\System32\vgWKudi.exe
  C:\Windows\System32\vgWKudi.exe
  2⤵
  PID:6736
- C:\Windows\System32\WKEJMtH.exe
  C:\Windows\System32\WKEJMtH.exe
  2⤵
  PID:6816
- C:\Windows\System32\bgDsAbT.exe
  C:\Windows\System32\bgDsAbT.exe
  2⤵
  PID:1660
- C:\Windows\System32\svMpPvz.exe
  C:\Windows\System32\svMpPvz.exe
  2⤵
  PID:6992
- C:\Windows\System32\qtRHFQj.exe
  C:\Windows\System32\qtRHFQj.exe
  2⤵
  PID:2972
- C:\Windows\System32\VEapUBm.exe
  C:\Windows\System32\VEapUBm.exe
  2⤵
  PID:1212
- C:\Windows\System32\EUIYNQc.exe
  C:\Windows\System32\EUIYNQc.exe
  2⤵
  PID:7156
- C:\Windows\System32\spDmIVl.exe
  C:\Windows\System32\spDmIVl.exe
  2⤵
  PID:6176
- C:\Windows\System32\qbjnGSe.exe
  C:\Windows\System32\qbjnGSe.exe
  2⤵
  PID:2288
- C:\Windows\System32\nsVDBXK.exe
  C:\Windows\System32\nsVDBXK.exe
  2⤵
  PID:1956
- C:\Windows\System32\CfAGkfh.exe
  C:\Windows\System32\CfAGkfh.exe
  2⤵
  PID:4876
- C:\Windows\System32\UUkopPK.exe
  C:\Windows\System32\UUkopPK.exe
  2⤵
  PID:1340
- C:\Windows\System32\YZjfitY.exe
  C:\Windows\System32\YZjfitY.exe
  2⤵
  PID:2980
- C:\Windows\System32\kguCgxU.exe
  C:\Windows\System32\kguCgxU.exe
  2⤵
  PID:5832
- C:\Windows\System32\XxgjpZu.exe
  C:\Windows\System32\XxgjpZu.exe
  2⤵
  PID:4752
- C:\Windows\System32\wxvBGyU.exe
  C:\Windows\System32\wxvBGyU.exe
  2⤵
  PID:1728
- C:\Windows\System32\icrAdEz.exe
  C:\Windows\System32\icrAdEz.exe
  2⤵
  PID:6256
- C:\Windows\System32\oscIBon.exe
  C:\Windows\System32\oscIBon.exe
  2⤵
  PID:7172
- C:\Windows\System32\FxIUUne.exe
  C:\Windows\System32\FxIUUne.exe
  2⤵
  PID:7188
- C:\Windows\System32\HuJbCga.exe
  C:\Windows\System32\HuJbCga.exe
  2⤵
  PID:7220
- C:\Windows\System32\WzNhrgS.exe
  C:\Windows\System32\WzNhrgS.exe
  2⤵
  PID:7256
- C:\Windows\System32\SXNbkfe.exe
  C:\Windows\System32\SXNbkfe.exe
  2⤵
  PID:7284
- C:\Windows\System32\kBdLPTB.exe
  C:\Windows\System32\kBdLPTB.exe
  2⤵
  PID:7308
- C:\Windows\System32\oItIPxM.exe
  C:\Windows\System32\oItIPxM.exe
  2⤵
  PID:7356
- C:\Windows\System32\mOwLZGo.exe
  C:\Windows\System32\mOwLZGo.exe
  2⤵
  PID:7380
- C:\Windows\System32\scSMKNv.exe
  C:\Windows\System32\scSMKNv.exe
  2⤵
  PID:7424
- C:\Windows\System32\kliOlJf.exe
  C:\Windows\System32\kliOlJf.exe
  2⤵
  PID:7452
- C:\Windows\System32\eUKRUBX.exe
  C:\Windows\System32\eUKRUBX.exe
  2⤵
  PID:7484
- C:\Windows\System32\vfWiKmF.exe
  C:\Windows\System32\vfWiKmF.exe
  2⤵
  PID:7508
- C:\Windows\System32\NjMqxoY.exe
  C:\Windows\System32\NjMqxoY.exe
  2⤵
  PID:7548
- C:\Windows\System32\eOVBPdu.exe
  C:\Windows\System32\eOVBPdu.exe
  2⤵
  PID:7600
- C:\Windows\System32\TmEGNhT.exe
  C:\Windows\System32\TmEGNhT.exe
  2⤵
  PID:7632
- C:\Windows\System32\VCrFJpr.exe
  C:\Windows\System32\VCrFJpr.exe
  2⤵
  PID:7656
- C:\Windows\System32\miOwYPM.exe
  C:\Windows\System32\miOwYPM.exe
  2⤵
  PID:7684
- C:\Windows\System32\wSCPaSi.exe
  C:\Windows\System32\wSCPaSi.exe
  2⤵
  PID:7708
- C:\Windows\System32\YxBhUey.exe
  C:\Windows\System32\YxBhUey.exe
  2⤵
  PID:7736
- C:\Windows\System32\ESPCdkm.exe
  C:\Windows\System32\ESPCdkm.exe
  2⤵
  PID:7776
- C:\Windows\System32\YsGdcwp.exe
  C:\Windows\System32\YsGdcwp.exe
  2⤵
  PID:7816
- C:\Windows\System32\ucDdJZg.exe
  C:\Windows\System32\ucDdJZg.exe
  2⤵
  PID:7856
- C:\Windows\System32\SJdsoQy.exe
  C:\Windows\System32\SJdsoQy.exe
  2⤵
  PID:7916
- C:\Windows\System32\MwUUHsQ.exe
  C:\Windows\System32\MwUUHsQ.exe
  2⤵
  PID:7948
- C:\Windows\System32\ZqmLuSe.exe
  C:\Windows\System32\ZqmLuSe.exe
  2⤵
  PID:7996
- C:\Windows\System32\ZrcWRZj.exe
  C:\Windows\System32\ZrcWRZj.exe
  2⤵
  PID:8020
- C:\Windows\System32\bdLSvlm.exe
  C:\Windows\System32\bdLSvlm.exe
  2⤵
  PID:8056
- C:\Windows\System32\wYqPpQf.exe
  C:\Windows\System32\wYqPpQf.exe
  2⤵
  PID:8084
- C:\Windows\System32\OXXuVtU.exe
  C:\Windows\System32\OXXuVtU.exe
  2⤵
  PID:8120
- C:\Windows\System32\oPXokGi.exe
  C:\Windows\System32\oPXokGi.exe
  2⤵
  PID:8148
- C:\Windows\System32\QWRZVrz.exe
  C:\Windows\System32\QWRZVrz.exe
  2⤵
  PID:7252
- C:\Windows\System32\yblEgKF.exe
  C:\Windows\System32\yblEgKF.exe
  2⤵
  PID:7296
- C:\Windows\System32\YRloLkY.exe
  C:\Windows\System32\YRloLkY.exe
  2⤵
  PID:7348
- C:\Windows\System32\mNzXANl.exe
  C:\Windows\System32\mNzXANl.exe
  2⤵
  PID:7440
- C:\Windows\System32\cgqhyKx.exe
  C:\Windows\System32\cgqhyKx.exe
  2⤵
  PID:7532
- C:\Windows\System32\vPrKItC.exe
  C:\Windows\System32\vPrKItC.exe
  2⤵
  PID:7620
- C:\Windows\System32\jUAbtlv.exe
  C:\Windows\System32\jUAbtlv.exe
  2⤵
  PID:7676
- C:\Windows\System32\BGuINJI.exe
  C:\Windows\System32\BGuINJI.exe
  2⤵
  PID:7748
- C:\Windows\System32\HaQXiXn.exe
  C:\Windows\System32\HaQXiXn.exe
  2⤵
  PID:7832
- C:\Windows\System32\ZpBiyvN.exe
  C:\Windows\System32\ZpBiyvN.exe
  2⤵
  PID:3052
- C:\Windows\System32\USTIaUQ.exe
  C:\Windows\System32\USTIaUQ.exe
  2⤵
  PID:7968
- C:\Windows\System32\gzTQqAf.exe
  C:\Windows\System32\gzTQqAf.exe
  2⤵
  PID:8052
- C:\Windows\System32\iFkHeUX.exe
  C:\Windows\System32\iFkHeUX.exe
  2⤵
  PID:7724
- C:\Windows\System32\HjSRaoU.exe
  C:\Windows\System32\HjSRaoU.exe
  2⤵
  PID:8136
- C:\Windows\System32\EKDQdsf.exe
  C:\Windows\System32\EKDQdsf.exe
  2⤵
  PID:2280
- C:\Windows\System32\DWhLbWM.exe
  C:\Windows\System32\DWhLbWM.exe
  2⤵
  PID:7276
- C:\Windows\System32\DahXiCy.exe
  C:\Windows\System32\DahXiCy.exe
  2⤵
  PID:7584
- C:\Windows\System32\ZGHTmff.exe
  C:\Windows\System32\ZGHTmff.exe
  2⤵
  PID:7652
- C:\Windows\System32\tGNnqky.exe
  C:\Windows\System32\tGNnqky.exe
  2⤵
  PID:7788
- C:\Windows\System32\bLUojtM.exe
  C:\Windows\System32\bLUojtM.exe
  2⤵
  PID:8048
- C:\Windows\System32\vqSqMAF.exe
  C:\Windows\System32\vqSqMAF.exe
  2⤵
  PID:1348
- C:\Windows\System32\iWhFlWf.exe
  C:\Windows\System32\iWhFlWf.exe
  2⤵
  PID:1032
- C:\Windows\System32\OSEAUIs.exe
  C:\Windows\System32\OSEAUIs.exe
  2⤵
  PID:7572
- C:\Windows\System32\vkZdwUR.exe
  C:\Windows\System32\vkZdwUR.exe
  2⤵
  PID:7876
- C:\Windows\System32\TOfEOXf.exe
  C:\Windows\System32\TOfEOXf.exe
  2⤵
  PID:7804
- C:\Windows\System32\NtROIRN.exe
  C:\Windows\System32\NtROIRN.exe
  2⤵
  PID:7728
- C:\Windows\System32\cEhOFuJ.exe
  C:\Windows\System32\cEhOFuJ.exe
  2⤵
  PID:8172
- C:\Windows\System32\ZlTKUBs.exe
  C:\Windows\System32\ZlTKUBs.exe
  2⤵
  PID:8204
- C:\Windows\System32\erSlKKP.exe
  C:\Windows\System32\erSlKKP.exe
  2⤵
  PID:8228
- C:\Windows\System32\IqnrYtb.exe
  C:\Windows\System32\IqnrYtb.exe
  2⤵
  PID:8252
- C:\Windows\System32\qQbcYoh.exe
  C:\Windows\System32\qQbcYoh.exe
  2⤵
  PID:8272
- C:\Windows\System32\nHAnJYu.exe
  C:\Windows\System32\nHAnJYu.exe
  2⤵
  PID:8312
- C:\Windows\System32\rinLkZu.exe
  C:\Windows\System32\rinLkZu.exe
  2⤵
  PID:8340
- C:\Windows\System32\aqPlLwx.exe
  C:\Windows\System32\aqPlLwx.exe
  2⤵
  PID:8376
- C:\Windows\System32\cAUjtIa.exe
  C:\Windows\System32\cAUjtIa.exe
  2⤵
  PID:8396
- C:\Windows\System32\bNfxxUy.exe
  C:\Windows\System32\bNfxxUy.exe
  2⤵
  PID:8424
- C:\Windows\System32\SpkiXJm.exe
  C:\Windows\System32\SpkiXJm.exe
  2⤵
  PID:8460
- C:\Windows\System32\aXnvGoM.exe
  C:\Windows\System32\aXnvGoM.exe
  2⤵
  PID:8496
- C:\Windows\System32\lKygLmE.exe
  C:\Windows\System32\lKygLmE.exe
  2⤵
  PID:8544
- C:\Windows\System32\AYZHskt.exe
  C:\Windows\System32\AYZHskt.exe
  2⤵
  PID:8580
- C:\Windows\System32\WUZuNbn.exe
  C:\Windows\System32\WUZuNbn.exe
  2⤵
  PID:8608
- C:\Windows\System32\VeXcQls.exe
  C:\Windows\System32\VeXcQls.exe
  2⤵
  PID:8640
- C:\Windows\System32\vBRmewJ.exe
  C:\Windows\System32\vBRmewJ.exe
  2⤵
  PID:8668
- C:\Windows\System32\bfyauZg.exe
  C:\Windows\System32\bfyauZg.exe
  2⤵
  PID:8696
- C:\Windows\System32\kxyUfNH.exe
  C:\Windows\System32\kxyUfNH.exe
  2⤵
  PID:8724
- C:\Windows\System32\BNZzaFn.exe
  C:\Windows\System32\BNZzaFn.exe
  2⤵
  PID:8752
- C:\Windows\System32\EhcyiyH.exe
  C:\Windows\System32\EhcyiyH.exe
  2⤵
  PID:8780
- C:\Windows\System32\DyCnANA.exe
  C:\Windows\System32\DyCnANA.exe
  2⤵
  PID:8808
- C:\Windows\System32\PaZxEWD.exe
  C:\Windows\System32\PaZxEWD.exe
  2⤵
  PID:8836
- C:\Windows\System32\mJColWH.exe
  C:\Windows\System32\mJColWH.exe
  2⤵
  PID:8864
- C:\Windows\System32\SDvnsHk.exe
  C:\Windows\System32\SDvnsHk.exe
  2⤵
  PID:8892
- C:\Windows\System32\YUlXLEj.exe
  C:\Windows\System32\YUlXLEj.exe
  2⤵
  PID:8920
- C:\Windows\System32\QTrwXFJ.exe
  C:\Windows\System32\QTrwXFJ.exe
  2⤵
  PID:8948
- C:\Windows\System32\iQEmwMI.exe
  C:\Windows\System32\iQEmwMI.exe
  2⤵
  PID:8976
- C:\Windows\System32\XrtCcxs.exe
  C:\Windows\System32\XrtCcxs.exe
  2⤵
  PID:9004
- C:\Windows\System32\GVLafGG.exe
  C:\Windows\System32\GVLafGG.exe
  2⤵
  PID:9032
- C:\Windows\System32\FZziDGM.exe
  C:\Windows\System32\FZziDGM.exe
  2⤵
  PID:9060
- C:\Windows\System32\ciLpQhz.exe
  C:\Windows\System32\ciLpQhz.exe
  2⤵
  PID:9088
- C:\Windows\System32\eEgpabQ.exe
  C:\Windows\System32\eEgpabQ.exe
  2⤵
  PID:9116
- C:\Windows\System32\CDEYVBz.exe
  C:\Windows\System32\CDEYVBz.exe
  2⤵
  PID:9148
- C:\Windows\System32\IuOtOvK.exe
  C:\Windows\System32\IuOtOvK.exe
  2⤵
  PID:9176
- C:\Windows\System32\tJNOFlu.exe
  C:\Windows\System32\tJNOFlu.exe
  2⤵
  PID:9204
- C:\Windows\System32\oviUlUt.exe
  C:\Windows\System32\oviUlUt.exe
  2⤵
  PID:8224
- C:\Windows\System32\kvAXlYJ.exe
  C:\Windows\System32\kvAXlYJ.exe
  2⤵
  PID:8284
- C:\Windows\System32\ihdtycj.exe
  C:\Windows\System32\ihdtycj.exe
  2⤵
  PID:8336
- C:\Windows\System32\KOPTHad.exe
  C:\Windows\System32\KOPTHad.exe
  2⤵
  PID:8408
- C:\Windows\System32\VBUXpFT.exe
  C:\Windows\System32\VBUXpFT.exe
  2⤵
  PID:8448
- C:\Windows\System32\IslMmpF.exe
  C:\Windows\System32\IslMmpF.exe
  2⤵
  PID:8484
- C:\Windows\System32\hENZtcN.exe
  C:\Windows\System32\hENZtcN.exe
  2⤵
  PID:8600
- C:\Windows\System32\WoKBXvR.exe
  C:\Windows\System32\WoKBXvR.exe
  2⤵
  PID:8656
- C:\Windows\System32\toCdTmL.exe
  C:\Windows\System32\toCdTmL.exe
  2⤵
  PID:3316
- C:\Windows\System32\bxCRBck.exe
  C:\Windows\System32\bxCRBck.exe
  2⤵
  PID:8720
- C:\Windows\System32\ZxHQNBO.exe
  C:\Windows\System32\ZxHQNBO.exe
  2⤵
  PID:8792
- C:\Windows\System32\pwUbvLW.exe
  C:\Windows\System32\pwUbvLW.exe
  2⤵
  PID:8888
- C:\Windows\System32\JtrtHyk.exe
  C:\Windows\System32\JtrtHyk.exe
  2⤵
  PID:8940
- C:\Windows\System32\NOECuLm.exe
  C:\Windows\System32\NOECuLm.exe
  2⤵
  PID:9056
- C:\Windows\System32\QUekVbq.exe
  C:\Windows\System32\QUekVbq.exe
  2⤵
  PID:9172
- C:\Windows\System32\NNvqMTK.exe
  C:\Windows\System32\NNvqMTK.exe
  2⤵
  PID:8264
- C:\Windows\System32\zOBvzaG.exe
  C:\Windows\System32\zOBvzaG.exe
  2⤵
  PID:8444
- C:\Windows\System32\DkMlBth.exe
  C:\Windows\System32\DkMlBth.exe
  2⤵
  PID:8684
- C:\Windows\System32\pkzvwBA.exe
  C:\Windows\System32\pkzvwBA.exe
  2⤵
  PID:9108
- C:\Windows\System32\egAFuWy.exe
  C:\Windows\System32\egAFuWy.exe
  2⤵
  PID:8384
- C:\Windows\System32\unRPFQD.exe
  C:\Windows\System32\unRPFQD.exe
  2⤵
  PID:9052
- C:\Windows\System32\oIqIlaN.exe
  C:\Windows\System32\oIqIlaN.exe
  2⤵
  PID:9044
- C:\Windows\System32\xBkFxkJ.exe
  C:\Windows\System32\xBkFxkJ.exe
  2⤵
  PID:9244
- C:\Windows\System32\WwfOmQq.exe
  C:\Windows\System32\WwfOmQq.exe
  2⤵
  PID:9268
- C:\Windows\System32\jmvGHLN.exe
  C:\Windows\System32\jmvGHLN.exe
  2⤵
  PID:9316
- C:\Windows\System32\AlGLNen.exe
  C:\Windows\System32\AlGLNen.exe
  2⤵
  PID:9348
- C:\Windows\System32\Cdnazlh.exe
  C:\Windows\System32\Cdnazlh.exe
  2⤵
  PID:9376
- C:\Windows\System32\DTEnrPS.exe
  C:\Windows\System32\DTEnrPS.exe
  2⤵
  PID:9416
- C:\Windows\System32\pfpPhya.exe
  C:\Windows\System32\pfpPhya.exe
  2⤵
  PID:9456
- C:\Windows\System32\EBjuDMC.exe
  C:\Windows\System32\EBjuDMC.exe
  2⤵
  PID:9484
- C:\Windows\System32\auXiBYm.exe
  C:\Windows\System32\auXiBYm.exe
  2⤵
  PID:9512
- C:\Windows\System32\tqJhdKy.exe
  C:\Windows\System32\tqJhdKy.exe
  2⤵
  PID:9540
- C:\Windows\System32\oLdmBox.exe
  C:\Windows\System32\oLdmBox.exe
  2⤵
  PID:9568
- C:\Windows\System32\GpzNySP.exe
  C:\Windows\System32\GpzNySP.exe
  2⤵
  PID:9596
- C:\Windows\System32\cWHVgwU.exe
  C:\Windows\System32\cWHVgwU.exe
  2⤵
  PID:9624
- C:\Windows\System32\NwEDeag.exe
  C:\Windows\System32\NwEDeag.exe
  2⤵
  PID:9652
- C:\Windows\System32\vIPyueS.exe
  C:\Windows\System32\vIPyueS.exe
  2⤵
  PID:9680
- C:\Windows\System32\RuEaAEy.exe
  C:\Windows\System32\RuEaAEy.exe
  2⤵
  PID:9708
- C:\Windows\System32\QRbitIe.exe
  C:\Windows\System32\QRbitIe.exe
  2⤵
  PID:9736
- C:\Windows\System32\KZfIlIZ.exe
  C:\Windows\System32\KZfIlIZ.exe
  2⤵
  PID:9764
- C:\Windows\System32\NDloVZJ.exe
  C:\Windows\System32\NDloVZJ.exe
  2⤵
  PID:9792
- C:\Windows\System32\agIEbUi.exe
  C:\Windows\System32\agIEbUi.exe
  2⤵
  PID:9820
- C:\Windows\System32\oRSnOai.exe
  C:\Windows\System32\oRSnOai.exe
  2⤵
  PID:9848
- C:\Windows\System32\mNWKjuu.exe
  C:\Windows\System32\mNWKjuu.exe
  2⤵
  PID:9876
- C:\Windows\System32\AXuhzVo.exe
  C:\Windows\System32\AXuhzVo.exe
  2⤵
  PID:9904
- C:\Windows\System32\LTvZSVc.exe
  C:\Windows\System32\LTvZSVc.exe
  2⤵
  PID:9932
- C:\Windows\System32\VSAnqSY.exe
  C:\Windows\System32\VSAnqSY.exe
  2⤵
  PID:9960
- C:\Windows\System32\rChCIdV.exe
  C:\Windows\System32\rChCIdV.exe
  2⤵
  PID:9988
- C:\Windows\System32\TkoYJIj.exe
  C:\Windows\System32\TkoYJIj.exe
  2⤵
  PID:10016
- C:\Windows\System32\fCLnmzL.exe
  C:\Windows\System32\fCLnmzL.exe
  2⤵
  PID:10044
- C:\Windows\System32\sJTaJTL.exe
  C:\Windows\System32\sJTaJTL.exe
  2⤵
  PID:10072
- C:\Windows\System32\ytsJVos.exe
  C:\Windows\System32\ytsJVos.exe
  2⤵
  PID:10108
- C:\Windows\System32\cEnwlEi.exe
  C:\Windows\System32\cEnwlEi.exe
  2⤵
  PID:10132
- C:\Windows\System32\CkPLKxc.exe
  C:\Windows\System32\CkPLKxc.exe
  2⤵
  PID:10160
- C:\Windows\System32\UWZHzCx.exe
  C:\Windows\System32\UWZHzCx.exe
  2⤵
  PID:10188
- C:\Windows\System32\djLFhsF.exe
  C:\Windows\System32\djLFhsF.exe
  2⤵
  PID:10216
- C:\Windows\System32\nvRqKqD.exe
  C:\Windows\System32\nvRqKqD.exe
  2⤵
  PID:9236
- C:\Windows\System32\glIYeCg.exe
  C:\Windows\System32\glIYeCg.exe
  2⤵
  PID:5112
- C:\Windows\System32\JffcJzx.exe
  C:\Windows\System32\JffcJzx.exe
  2⤵
  PID:9368
- C:\Windows\System32\PlFKKEF.exe
  C:\Windows\System32\PlFKKEF.exe
  2⤵
  PID:9452
- C:\Windows\System32\BFicabz.exe
  C:\Windows\System32\BFicabz.exe
  2⤵
  PID:9528
- C:\Windows\System32\UccBTFk.exe
  C:\Windows\System32\UccBTFk.exe
  2⤵
  PID:1164
- C:\Windows\System32\sbphUMH.exe
  C:\Windows\System32\sbphUMH.exe
  2⤵
  PID:9640
- C:\Windows\System32\iMJRTup.exe
  C:\Windows\System32\iMJRTup.exe
  2⤵
  PID:9704
- C:\Windows\System32\WZMpMUd.exe
  C:\Windows\System32\WZMpMUd.exe
  2⤵
  PID:9780
- C:\Windows\System32\ejlzClw.exe
  C:\Windows\System32\ejlzClw.exe
  2⤵
  PID:9840
- C:\Windows\System32\NhuFqxG.exe
  C:\Windows\System32\NhuFqxG.exe
  2⤵
  PID:9900
- C:\Windows\System32\pixMiTr.exe
  C:\Windows\System32\pixMiTr.exe
  2⤵
  PID:9976
- C:\Windows\System32\hQnjYAk.exe
  C:\Windows\System32\hQnjYAk.exe
  2⤵
  PID:10040
- C:\Windows\System32\qglUTOZ.exe
  C:\Windows\System32\qglUTOZ.exe
  2⤵
  PID:10096
- C:\Windows\System32\fYLGpde.exe
  C:\Windows\System32\fYLGpde.exe
  2⤵
  PID:10176
- C:\Windows\System32\szCgJRg.exe
  C:\Windows\System32\szCgJRg.exe
  2⤵
  PID:10236
- C:\Windows\System32\XiencEm.exe
  C:\Windows\System32\XiencEm.exe
  2⤵
  PID:9344
- C:\Windows\System32\PIFymxr.exe
  C:\Windows\System32\PIFymxr.exe
  2⤵
  PID:9508
- C:\Windows\System32\PmnFXMA.exe
  C:\Windows\System32\PmnFXMA.exe
  2⤵
  PID:9620
- C:\Windows\System32\UUjyEyF.exe
  C:\Windows\System32\UUjyEyF.exe
  2⤵
  PID:9812
- C:\Windows\System32\ClPDUHa.exe
  C:\Windows\System32\ClPDUHa.exe
  2⤵
  PID:9956
- C:\Windows\System32\XzmnFto.exe
  C:\Windows\System32\XzmnFto.exe
  2⤵
  PID:10092
- C:\Windows\System32\YHKypQm.exe
  C:\Windows\System32\YHKypQm.exe
  2⤵
  PID:9284
- C:\Windows\System32\skalMXw.exe
  C:\Windows\System32\skalMXw.exe
  2⤵
  PID:9592
- C:\Windows\System32\aVtBAZx.exe
  C:\Windows\System32\aVtBAZx.exe
  2⤵
  PID:9948
- C:\Windows\System32\GSXzreL.exe
  C:\Windows\System32\GSXzreL.exe
  2⤵
  PID:9480
- C:\Windows\System32\gnmSEox.exe
  C:\Windows\System32\gnmSEox.exe
  2⤵
  PID:10232
- C:\Windows\System32\RNAUOUa.exe
  C:\Windows\System32\RNAUOUa.exe
  2⤵
  PID:10248
- C:\Windows\System32\qQFUYPl.exe
  C:\Windows\System32\qQFUYPl.exe
  2⤵
  PID:10276
- C:\Windows\System32\FvXvygG.exe
  C:\Windows\System32\FvXvygG.exe
  2⤵
  PID:10304
- C:\Windows\System32\RQdlrii.exe
  C:\Windows\System32\RQdlrii.exe
  2⤵
  PID:10332
- C:\Windows\System32\DJzqPmd.exe
  C:\Windows\System32\DJzqPmd.exe
  2⤵
  PID:10360
- C:\Windows\System32\Kcocduu.exe
  C:\Windows\System32\Kcocduu.exe
  2⤵
  PID:10388
- C:\Windows\System32\HFqaKfS.exe
  C:\Windows\System32\HFqaKfS.exe
  2⤵
  PID:10416
- C:\Windows\System32\pXufnuu.exe
  C:\Windows\System32\pXufnuu.exe
  2⤵
  PID:10444
- C:\Windows\System32\buepHTU.exe
  C:\Windows\System32\buepHTU.exe
  2⤵
  PID:10472
- C:\Windows\System32\sXVdlZI.exe
  C:\Windows\System32\sXVdlZI.exe
  2⤵
  PID:10500
- C:\Windows\System32\twoNdSw.exe
  C:\Windows\System32\twoNdSw.exe
  2⤵
  PID:10528
- C:\Windows\System32\xZopkzW.exe
  C:\Windows\System32\xZopkzW.exe
  2⤵
  PID:10556
- C:\Windows\System32\fZsLtvp.exe
  C:\Windows\System32\fZsLtvp.exe
  2⤵
  PID:10584
- C:\Windows\System32\WUdiufx.exe
  C:\Windows\System32\WUdiufx.exe
  2⤵
  PID:10612
- C:\Windows\System32\wDSsflJ.exe
  C:\Windows\System32\wDSsflJ.exe
  2⤵
  PID:10640
- C:\Windows\System32\ZvyfArB.exe
  C:\Windows\System32\ZvyfArB.exe
  2⤵
  PID:10668
- C:\Windows\System32\DVIaeDQ.exe
  C:\Windows\System32\DVIaeDQ.exe
  2⤵
  PID:10696
- C:\Windows\System32\JzWaUaU.exe
  C:\Windows\System32\JzWaUaU.exe
  2⤵
  PID:10724
- C:\Windows\System32\PeLKXFC.exe
  C:\Windows\System32\PeLKXFC.exe
  2⤵
  PID:10752
- C:\Windows\System32\shVXTit.exe
  C:\Windows\System32\shVXTit.exe
  2⤵
  PID:10780
- C:\Windows\System32\whkgSBa.exe
  C:\Windows\System32\whkgSBa.exe
  2⤵
  PID:10808
- C:\Windows\System32\RmJPNRO.exe
  C:\Windows\System32\RmJPNRO.exe
  2⤵
  PID:10836
- C:\Windows\System32\EnUKmfZ.exe
  C:\Windows\System32\EnUKmfZ.exe
  2⤵
  PID:10864
- C:\Windows\System32\nVlaBlQ.exe
  C:\Windows\System32\nVlaBlQ.exe
  2⤵
  PID:10892
- C:\Windows\System32\KZJVvKW.exe
  C:\Windows\System32\KZJVvKW.exe
  2⤵
  PID:10920
- C:\Windows\System32\ncQRFQR.exe
  C:\Windows\System32\ncQRFQR.exe
  2⤵
  PID:10948
- C:\Windows\System32\zNCzkaE.exe
  C:\Windows\System32\zNCzkaE.exe
  2⤵
  PID:10976
- C:\Windows\System32\ZnPUeKT.exe
  C:\Windows\System32\ZnPUeKT.exe
  2⤵
  PID:11004
- C:\Windows\System32\WtytNxa.exe
  C:\Windows\System32\WtytNxa.exe
  2⤵
  PID:11032
- C:\Windows\System32\uJHmDra.exe
  C:\Windows\System32\uJHmDra.exe
  2⤵
  PID:11060
- C:\Windows\System32\xSAoQXQ.exe
  C:\Windows\System32\xSAoQXQ.exe
  2⤵
  PID:11088
- C:\Windows\System32\BqfzVEq.exe
  C:\Windows\System32\BqfzVEq.exe
  2⤵
  PID:11116
- C:\Windows\System32\JFCqyxn.exe
  C:\Windows\System32\JFCqyxn.exe
  2⤵
  PID:11144
- C:\Windows\System32\GcuJzsh.exe
  C:\Windows\System32\GcuJzsh.exe
  2⤵
  PID:11172
- C:\Windows\System32\TPWdYLc.exe
  C:\Windows\System32\TPWdYLc.exe
  2⤵
  PID:11200
- C:\Windows\System32\tBecbpn.exe
  C:\Windows\System32\tBecbpn.exe
  2⤵
  PID:11228
- C:\Windows\System32\AlTXlBF.exe
  C:\Windows\System32\AlTXlBF.exe
  2⤵
  PID:11256
- C:\Windows\System32\DujFnfq.exe
  C:\Windows\System32\DujFnfq.exe
  2⤵
  PID:10292
- C:\Windows\System32\dhsjdrN.exe
  C:\Windows\System32\dhsjdrN.exe
  2⤵
  PID:10352
- C:\Windows\System32\dAIgyVW.exe
  C:\Windows\System32\dAIgyVW.exe
  2⤵
  PID:10412
- C:\Windows\System32\pzekQAE.exe
  C:\Windows\System32\pzekQAE.exe
  2⤵
  PID:10484
- C:\Windows\System32\gnPJXtR.exe
  C:\Windows\System32\gnPJXtR.exe
  2⤵
  PID:10548
- C:\Windows\System32\TYDJkeo.exe
  C:\Windows\System32\TYDJkeo.exe
  2⤵
  PID:10628
- C:\Windows\System32\ixLeACP.exe
  C:\Windows\System32\ixLeACP.exe
  2⤵
  PID:10688
- C:\Windows\System32\EtzKMLj.exe
  C:\Windows\System32\EtzKMLj.exe
  2⤵
  PID:10748
- C:\Windows\System32\lsOWuzt.exe
  C:\Windows\System32\lsOWuzt.exe
  2⤵
  PID:10824
- C:\Windows\System32\QfCITbq.exe
  C:\Windows\System32\QfCITbq.exe
  2⤵
  PID:10888
- C:\Windows\System32\gfevRON.exe
  C:\Windows\System32\gfevRON.exe
  2⤵
  PID:10944
- C:\Windows\System32\mmXKmyL.exe
  C:\Windows\System32\mmXKmyL.exe
  2⤵
  PID:11020
- C:\Windows\System32\QsGEENn.exe
  C:\Windows\System32\QsGEENn.exe
  2⤵
  PID:11080
- C:\Windows\System32\xXCzvrk.exe
  C:\Windows\System32\xXCzvrk.exe
  2⤵
  PID:11184
- C:\Windows\System32\lsVfqje.exe
  C:\Windows\System32\lsVfqje.exe
  2⤵
  PID:11244
- C:\Windows\System32\YwcKJXe.exe
  C:\Windows\System32\YwcKJXe.exe
  2⤵
  PID:10436
- C:\Windows\System32\ZLHEktQ.exe
  C:\Windows\System32\ZLHEktQ.exe
  2⤵
  PID:10604
- C:\Windows\System32\NcoxHYH.exe
  C:\Windows\System32\NcoxHYH.exe
  2⤵
  PID:10744
- C:\Windows\System32\PpUoPbW.exe
  C:\Windows\System32\PpUoPbW.exe
  2⤵
  PID:10916
- C:\Windows\System32\ZoSKTSl.exe
  C:\Windows\System32\ZoSKTSl.exe
  2⤵
  PID:11056
- C:\Windows\System32\xBehmxa.exe
  C:\Windows\System32\xBehmxa.exe
  2⤵
  PID:11252
- C:\Windows\System32\WWmTbcG.exe
  C:\Windows\System32\WWmTbcG.exe
  2⤵
  PID:10540
- C:\Windows\System32\vKbaKDY.exe
  C:\Windows\System32\vKbaKDY.exe
  2⤵
  PID:11000
- C:\Windows\System32\nCyHuHd.exe
  C:\Windows\System32\nCyHuHd.exe
  2⤵
  PID:10524
- C:\Windows\System32\LZSSfTE.exe
  C:\Windows\System32\LZSSfTE.exe
  2⤵
  PID:10860
- C:\Windows\System32\YgCDWdr.exe
  C:\Windows\System32\YgCDWdr.exe
  2⤵
  PID:11280
- C:\Windows\System32\vlGdnLG.exe
  C:\Windows\System32\vlGdnLG.exe
  2⤵
  PID:11308
- C:\Windows\System32\TfIsMAI.exe
  C:\Windows\System32\TfIsMAI.exe
  2⤵
  PID:11336
- C:\Windows\System32\kFYXUQx.exe
  C:\Windows\System32\kFYXUQx.exe
  2⤵
  PID:11364
- C:\Windows\System32\vgYdxSa.exe
  C:\Windows\System32\vgYdxSa.exe
  2⤵
  PID:11392
- C:\Windows\System32\UvSbmaU.exe
  C:\Windows\System32\UvSbmaU.exe
  2⤵
  PID:11408
- C:\Windows\System32\hzAWWoP.exe
  C:\Windows\System32\hzAWWoP.exe
  2⤵
  PID:11432
- C:\Windows\System32\YcKhFRW.exe
  C:\Windows\System32\YcKhFRW.exe
  2⤵
  PID:11476
- C:\Windows\System32\eimqbeE.exe
  C:\Windows\System32\eimqbeE.exe
  2⤵
  PID:11504
- C:\Windows\System32\WKmDpkD.exe
  C:\Windows\System32\WKmDpkD.exe
  2⤵
  PID:11532
- C:\Windows\System32\GNjIsFY.exe
  C:\Windows\System32\GNjIsFY.exe
  2⤵
  PID:11560
- C:\Windows\System32\tzgkbWA.exe
  C:\Windows\System32\tzgkbWA.exe
  2⤵
  PID:11588
- C:\Windows\System32\apAaVVq.exe
  C:\Windows\System32\apAaVVq.exe
  2⤵
  PID:11616
- C:\Windows\System32\PhYYsgU.exe
  C:\Windows\System32\PhYYsgU.exe
  2⤵
  PID:11644
- C:\Windows\System32\KFBVHkL.exe
  C:\Windows\System32\KFBVHkL.exe
  2⤵
  PID:11672
- C:\Windows\System32\JDjmFfl.exe
  C:\Windows\System32\JDjmFfl.exe
  2⤵
  PID:11700
- C:\Windows\System32\dSFMtfC.exe
  C:\Windows\System32\dSFMtfC.exe
  2⤵
  PID:11728
- C:\Windows\System32\DKaPpye.exe
  C:\Windows\System32\DKaPpye.exe
  2⤵
  PID:11756
- C:\Windows\System32\sDErmJK.exe
  C:\Windows\System32\sDErmJK.exe
  2⤵
  PID:11784
- C:\Windows\System32\xwcMCZI.exe
  C:\Windows\System32\xwcMCZI.exe
  2⤵
  PID:11812
- C:\Windows\System32\nADhTSx.exe
  C:\Windows\System32\nADhTSx.exe
  2⤵
  PID:11840
- C:\Windows\System32\fGzyCRl.exe
  C:\Windows\System32\fGzyCRl.exe
  2⤵
  PID:11868
- C:\Windows\System32\BMfkGVG.exe
  C:\Windows\System32\BMfkGVG.exe
  2⤵
  PID:11900
- C:\Windows\System32\KsXeRYy.exe
  C:\Windows\System32\KsXeRYy.exe
  2⤵
  PID:11940
- C:\Windows\System32\kXOmuXa.exe
  C:\Windows\System32\kXOmuXa.exe
  2⤵
  PID:11956
- C:\Windows\System32\iDpBPUy.exe
  C:\Windows\System32\iDpBPUy.exe
  2⤵
  PID:11984
- C:\Windows\System32\ZQctwTz.exe
  C:\Windows\System32\ZQctwTz.exe
  2⤵
  PID:12012
- C:\Windows\System32\dmJLkZs.exe
  C:\Windows\System32\dmJLkZs.exe
  2⤵
  PID:12040
- C:\Windows\System32\wqzpVGE.exe
  C:\Windows\System32\wqzpVGE.exe
  2⤵
  PID:12068
- C:\Windows\System32\jdVCnMr.exe
  C:\Windows\System32\jdVCnMr.exe
  2⤵
  PID:12096
- C:\Windows\System32\eFhHBdQ.exe
  C:\Windows\System32\eFhHBdQ.exe
  2⤵
  PID:12124
- C:\Windows\System32\zNrSQmY.exe
  C:\Windows\System32\zNrSQmY.exe
  2⤵
  PID:12152
- C:\Windows\System32\CTlWPGv.exe
  C:\Windows\System32\CTlWPGv.exe
  2⤵
  PID:12180
- C:\Windows\System32\XxYzrtR.exe
  C:\Windows\System32\XxYzrtR.exe
  2⤵
  PID:12208
- C:\Windows\System32\qpMNrMg.exe
  C:\Windows\System32\qpMNrMg.exe
  2⤵
  PID:12236
- C:\Windows\System32\tWGEJSW.exe
  C:\Windows\System32\tWGEJSW.exe
  2⤵
  PID:12264
- C:\Windows\System32\CPSnhpw.exe
  C:\Windows\System32\CPSnhpw.exe
  2⤵
  PID:11272
- C:\Windows\System32\CJfqEay.exe
  C:\Windows\System32\CJfqEay.exe
  2⤵
  PID:11360
- C:\Windows\System32\gFiszlG.exe
  C:\Windows\System32\gFiszlG.exe
  2⤵
  PID:11440
- C:\Windows\System32\NbGjLdM.exe
  C:\Windows\System32\NbGjLdM.exe
  2⤵
  PID:11500
- C:\Windows\System32\xOvcJbn.exe
  C:\Windows\System32\xOvcJbn.exe
  2⤵
  PID:11576
- C:\Windows\System32\ZyXsijf.exe
  C:\Windows\System32\ZyXsijf.exe
  2⤵
  PID:11628
- C:\Windows\System32\ViMMrbw.exe
  C:\Windows\System32\ViMMrbw.exe
  2⤵
  PID:11696
- C:\Windows\System32\tNgbpBQ.exe
  C:\Windows\System32\tNgbpBQ.exe
  2⤵
  PID:11752
- C:\Windows\System32\KOHwcWT.exe
  C:\Windows\System32\KOHwcWT.exe
  2⤵
  PID:11828
- C:\Windows\System32\HaNQozT.exe
  C:\Windows\System32\HaNQozT.exe
  2⤵
  PID:11888
- C:\Windows\System32\DITjPkJ.exe
  C:\Windows\System32\DITjPkJ.exe
  2⤵
  PID:11952
- C:\Windows\System32\UrfxKTs.exe
  C:\Windows\System32\UrfxKTs.exe
  2⤵
  PID:12004
- C:\Windows\System32\LHbCdwB.exe
  C:\Windows\System32\LHbCdwB.exe
  2⤵
  PID:12080
- C:\Windows\System32\QsrJuPs.exe
  C:\Windows\System32\QsrJuPs.exe
  2⤵
  PID:12144
- C:\Windows\System32\KydNLUA.exe
  C:\Windows\System32\KydNLUA.exe
  2⤵
  PID:12204
- C:\Windows\System32\GZwmlxb.exe
  C:\Windows\System32\GZwmlxb.exe
  2⤵
  PID:12276
- C:\Windows\System32\YkpStPX.exe
  C:\Windows\System32\YkpStPX.exe
  2⤵
  PID:11428
- C:\Windows\System32\RhvnfAD.exe
  C:\Windows\System32\RhvnfAD.exe
  2⤵
  PID:11556
- C:\Windows\System32\gvgaYuV.exe
  C:\Windows\System32\gvgaYuV.exe
  2⤵
  PID:11724
- C:\Windows\System32\VtmofeC.exe
  C:\Windows\System32\VtmofeC.exe
  2⤵
  PID:11860
- C:\Windows\System32\HoahZOY.exe
  C:\Windows\System32\HoahZOY.exe
  2⤵
  PID:12008
- C:\Windows\System32\SugWPKX.exe
  C:\Windows\System32\SugWPKX.exe
  2⤵
  PID:12172
- C:\Windows\System32\pvMDulX.exe
  C:\Windows\System32\pvMDulX.exe
  2⤵
  PID:11328
- C:\Windows\System32\aJVVNBT.exe
  C:\Windows\System32\aJVVNBT.exe
  2⤵
  PID:11684
- C:\Windows\System32\igQWbOn.exe
  C:\Windows\System32\igQWbOn.exe
  2⤵
  PID:4332
- C:\Windows\System32\VSbGjkf.exe
  C:\Windows\System32\VSbGjkf.exe
  2⤵
  PID:11548
- C:\Windows\System32\zmYNXgW.exe
  C:\Windows\System32\zmYNXgW.exe
  2⤵
  PID:11896
- C:\Windows\System32\fUteBye.exe
  C:\Windows\System32\fUteBye.exe
  2⤵
  PID:12304
- C:\Windows\System32\YbIXluV.exe
  C:\Windows\System32\YbIXluV.exe
  2⤵
  PID:12332
- C:\Windows\System32\XtBnhar.exe
  C:\Windows\System32\XtBnhar.exe
  2⤵
  PID:12360
- C:\Windows\System32\jFrlhib.exe
  C:\Windows\System32\jFrlhib.exe
  2⤵
  PID:12384
- C:\Windows\System32\Bybyhiv.exe
  C:\Windows\System32\Bybyhiv.exe
  2⤵
  PID:12416
- C:\Windows\System32\qPEWPkW.exe
  C:\Windows\System32\qPEWPkW.exe
  2⤵
  PID:12444
- C:\Windows\System32\uWzdqwg.exe
  C:\Windows\System32\uWzdqwg.exe
  2⤵
  PID:12472
- C:\Windows\System32\nMHIwHF.exe
  C:\Windows\System32\nMHIwHF.exe
  2⤵
  PID:12500
- C:\Windows\System32\UyjkUtj.exe
  C:\Windows\System32\UyjkUtj.exe
  2⤵
  PID:12528
- C:\Windows\System32\jWlDBnD.exe
  C:\Windows\System32\jWlDBnD.exe
  2⤵
  PID:12556
- C:\Windows\System32\nAcLCSH.exe
  C:\Windows\System32\nAcLCSH.exe
  2⤵
  PID:12584
- C:\Windows\System32\rvgkhVF.exe
  C:\Windows\System32\rvgkhVF.exe
  2⤵
  PID:12612
- C:\Windows\System32\GzrohRe.exe
  C:\Windows\System32\GzrohRe.exe
  2⤵
  PID:12640
- C:\Windows\System32\DsZPUDI.exe
  C:\Windows\System32\DsZPUDI.exe
  2⤵
  PID:12668
- C:\Windows\System32\LUwdkQQ.exe
  C:\Windows\System32\LUwdkQQ.exe
  2⤵
  PID:12696
- C:\Windows\System32\hzzNAlx.exe
  C:\Windows\System32\hzzNAlx.exe
  2⤵
  PID:12716
- C:\Windows\System32\tgWpCTU.exe
  C:\Windows\System32\tgWpCTU.exe
  2⤵
  PID:12752
- C:\Windows\System32\IwnNkns.exe
  C:\Windows\System32\IwnNkns.exe
  2⤵
  PID:12780
- C:\Windows\System32\RUMaCdP.exe
  C:\Windows\System32\RUMaCdP.exe
  2⤵
  PID:12808
- C:\Windows\System32\nljEHuW.exe
  C:\Windows\System32\nljEHuW.exe
  2⤵
  PID:12836
- C:\Windows\System32\TUaSIdV.exe
  C:\Windows\System32\TUaSIdV.exe
  2⤵
  PID:12864
- C:\Windows\System32\mjJbXvv.exe
  C:\Windows\System32\mjJbXvv.exe
  2⤵
  PID:12880
- C:\Windows\System32\smpyCPr.exe
  C:\Windows\System32\smpyCPr.exe
  2⤵
  PID:12912
- C:\Windows\System32\ocnagJO.exe
  C:\Windows\System32\ocnagJO.exe
  2⤵
  PID:12948
- C:\Windows\System32\oHDTqYa.exe
  C:\Windows\System32\oHDTqYa.exe
  2⤵
  PID:12968
- C:\Windows\System32\OiNKShU.exe
  C:\Windows\System32\OiNKShU.exe
  2⤵
  PID:12992
- C:\Windows\System32\TLYvTvD.exe
  C:\Windows\System32\TLYvTvD.exe
  2⤵
  PID:13024
- C:\Windows\System32\uUielvS.exe
  C:\Windows\System32\uUielvS.exe
  2⤵
  PID:13056
- C:\Windows\System32\mMFtPJg.exe
  C:\Windows\System32\mMFtPJg.exe
  2⤵
  PID:13076
- C:\Windows\System32\KEBatjU.exe
  C:\Windows\System32\KEBatjU.exe
  2⤵
  PID:13104
- C:\Windows\System32\MeDRJIG.exe
  C:\Windows\System32\MeDRJIG.exe
  2⤵
  PID:13140
- C:\Windows\System32\CQuwsKw.exe
  C:\Windows\System32\CQuwsKw.exe
  2⤵
  PID:13172
- C:\Windows\System32\MaciPMm.exe
  C:\Windows\System32\MaciPMm.exe
  2⤵
  PID:13212
- C:\Windows\System32\eXRiHST.exe
  C:\Windows\System32\eXRiHST.exe
  2⤵
  PID:13244
- C:\Windows\System32\dSwiobM.exe
  C:\Windows\System32\dSwiobM.exe
  2⤵
  PID:13288
- C:\Windows\System32\GdBFNZu.exe
  C:\Windows\System32\GdBFNZu.exe
  2⤵
  PID:12300
- C:\Windows\System32\IzIYMCV.exe
  C:\Windows\System32\IzIYMCV.exe
  2⤵
  PID:12356
- C:\Windows\System32\ltNQQfn.exe
  C:\Windows\System32\ltNQQfn.exe
  2⤵
  PID:396
- C:\Windows\System32\lgvlGFj.exe
  C:\Windows\System32\lgvlGFj.exe
  2⤵
  PID:12408
- C:\Windows\System32\BzdUICi.exe
  C:\Windows\System32\BzdUICi.exe
  2⤵
  PID:12436
- C:\Windows\System32\aKTBpKW.exe
  C:\Windows\System32\aKTBpKW.exe
  2⤵
  PID:12464
- C:\Windows\System32\rPrihdH.exe
  C:\Windows\System32\rPrihdH.exe
  2⤵
  PID:12600
- C:\Windows\System32\mjAvsFT.exe
  C:\Windows\System32\mjAvsFT.exe
  2⤵
  PID:12712
- C:\Windows\System32\INloydO.exe
  C:\Windows\System32\INloydO.exe
  2⤵
  PID:12852
- C:\Windows\System32\MnwdvWQ.exe
  C:\Windows\System32\MnwdvWQ.exe
  2⤵
  PID:12956
- C:\Windows\System32\iyJLOLX.exe
  C:\Windows\System32\iyJLOLX.exe
  2⤵
  PID:13040
- C:\Windows\System32\XUHXAFe.exe
  C:\Windows\System32\XUHXAFe.exe
  2⤵
  PID:13124
- C:\Windows\System32\aGwPRZj.exe
  C:\Windows\System32\aGwPRZj.exe
  2⤵
  PID:13236
- C:\Windows\System32\grtPFfv.exe
  C:\Windows\System32\grtPFfv.exe
  2⤵
  PID:13256
- C:\Windows\System32\iQTqoXu.exe
  C:\Windows\System32\iQTqoXu.exe
  2⤵
  PID:12392
- C:\Windows\System32\xLZSRNP.exe
  C:\Windows\System32\xLZSRNP.exe
  2⤵
  PID:12400
- C:\Windows\System32\sKulYTu.exe
  C:\Windows\System32\sKulYTu.exe
  2⤵
  PID:12520
- C:\Windows\System32\CdaBuGJ.exe
  C:\Windows\System32\CdaBuGJ.exe
  2⤵
  PID:13152
- C:\Windows\System32\lvajCkS.exe
  C:\Windows\System32\lvajCkS.exe
  2⤵
  PID:12932
- C:\Windows\System32\QdJHtGN.exe
  C:\Windows\System32\QdJHtGN.exe
  2⤵
  PID:13188
- C:\Windows\System32\VVVemUe.exe
  C:\Windows\System32\VVVemUe.exe
  2⤵
  PID:12328

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BxXRRzV.exe

Filesize
2.5MB

MD5
f424cb1fe1d5609a197f05b5729a2c1b

SHA1
1bd4aa8265abeb4f46424eff1c323b9a0f6a4e67

SHA256
30656fe3a100200ae28f7f30273d207ff50250f011d9b32a135c20d7341c11ce

SHA512
f3e43a9cbfce2806db62d1f1ab78683034f3938e2fbe5b37b29f92fc74bfed38f26fea92c3d3c623b9e9c44fad7bd96f07a9907170f945c28f074973d3160eee

Download Submit
C:\Windows\System32\CIyrHnI.exe

Filesize
2.5MB

MD5
42de9f93571e0b8c9bdd2639f88050a4

SHA1
e7cc9b233dce5531e579cef6a3bad71de1365b1c

SHA256
7ccd6ca8192500a9f0246f3712d3a108c8b83d5b398aba553ace5e308d2b1673

SHA512
91e6245671f61a01ad12074c91db36611651ae8bc2281d506d93fd95cc20be7deb1851f1bcad58d5f06694cae9787a89380cc0e87ed1798817d7a84cbb786e77

Download Submit
C:\Windows\System32\JxbqzuJ.exe

Filesize
2.5MB

MD5
aebc31473b0c7a2a6dff79b7031ccfbe

SHA1
3be8b76a3972db425846eefbbefbd327da1db545

SHA256
2f328bed32c489e4f34879c1bbaff0839018692a1af509641ebe9880a5c334ea

SHA512
0a52923efec7f30f0dcc95f17d998c3c26b19da1bf3c44927289b490b4b053096bc110036e1c712578e351af31754af6e9bb8685f03c3db2d64fa313a4b7cfd4

Download Submit
C:\Windows\System32\KccPeLK.exe

Filesize
2.5MB

MD5
76fc5b6175104a3f790be7aeaf938ed1

SHA1
ebd445c41c42a5eb0f407fb2427771e0bed6dcc9

SHA256
2723c783b30f559cb4fa3bc25f51679bd6dbbf2a0044befb769a5a1cc4ccd529

SHA512
db0b67d8a8ff9b421c7705f5467278d431a2683f723dfdd512d5f690d35ba375a34f4d0db92ec3219bd26a9351ef03d85dffd4230dececd640d23ec5a018900e

Download Submit
C:\Windows\System32\LmIZMdN.exe

Filesize
2.5MB

MD5
b2e5483dcb6cf07e23a7d1d43591da17

SHA1
1adef71c0ded3966e8305587cd0cf982829a5c24

SHA256
0f51a1cc4779d9359e5a8ddcc858b9f9f393a5c6a736897a7d88db3a9b9727b3

SHA512
28fb778bf0332e6dfdaaec9ce0ade6a1c8292cdff71a9e5f7db3a1510b01f74840f881115456be72ebb8b1463d19d7eb9f9ff9efc7171c25ca36d4beaab89f73

Download Submit
C:\Windows\System32\MvznUDD.exe

Filesize
2.5MB

MD5
4e3a3615424e398c81b114fc6caa774b

SHA1
9254abffe203cddad906f003edf99e333e9f9674

SHA256
579e41e4fe57377463ded50877614b7d08718a5d86427b4c63b9d5ac363db7ca

SHA512
ce9e8d6cfe719426c78ed68e4791da064936dff8498655fbc2635655c85a4838c5b64e5fd9cc9be99d6aba10dfb9c0d39da8d90322b2de9a41601c71ac9270e7

Download Submit
C:\Windows\System32\Myaxjkn.exe

Filesize
2.5MB

MD5
02795040e62da30b1b480bf3e9265905

SHA1
6ac25bb1a63f177fd54fa291ba155cfac87e602e

SHA256
f34e3ed542f76da374370742a04b80eca3867e9447748e0da66abc348f31f72a

SHA512
e180795189f7e78c48010477930e78ff0e494bb20f56d37b353722c83896fac64829c76f3679209c8b4ff3836fe5ee4cd63bae311d1ec37b6e354dfac2c0106e

Download Submit
C:\Windows\System32\UYglNID.exe

Filesize
2.5MB

MD5
900cc28d0688afbdd921e313571b1b0e

SHA1
a94ac81d987d9e0549c8cf200c154ae7ca7799ce

SHA256
d7f913f1dbbcd960d103803990609e387d71934abb22eca9b851d5ce0e82e96f

SHA512
ba4994a6108c8e12ca06f134bb14fcc368460e14c538a4334c8d9dc309ba9e90745e47d379e14f5078b04c7f06deda8d2c415395da427699ad99f9f0680bd14f

Download Submit
C:\Windows\System32\Ycdftef.exe

Filesize
2.5MB

MD5
f3f6e0f590608ce1f68c6606dbe7671a

SHA1
5e239566861a1825610cf64a0bda7de6a9a4bb63

SHA256
1d644a1d472b53eba85d11eca2048c0dbac2023a057b7dd05a3cc1bee7d1ba31

SHA512
b8cdced895ee9fcdfd60011791e308bddf17be5364e607b12f746ccea002e0eb4d0ace151a48cc30c8956cfcfd82c0b2c98e02a14dc7e26f6d35c2bff7c0fd76

Download Submit
C:\Windows\System32\aIDmPnY.exe

Filesize
2.5MB

MD5
604736b447e38d08b7b63c4f2b308419

SHA1
e7623d8e271898d64a2b53f37af8b115f1c8cb21

SHA256
3eab540ca312fc77c3665a95d5d7b5ca9ede62bdd6df044bdb11af8e01b2cb4b

SHA512
c13f4ecf3f9002cfa1584bfb392206658b43211183af395f02552f97e4c66352a205faab01e7f52d5d8bde85c589a6a8ec96debfca2d35c6cf8e59fc9e3af90b

Download Submit
C:\Windows\System32\aMWoysd.exe

Filesize
2.5MB

MD5
eec9aa04ea0071cbe672d34c3f224619

SHA1
ef051353cb36f29d340eaee1b597d78dcca2e225

SHA256
0ab6d444fc1d762eeed516d49a7688b1016da7c4c3b980f42a1728a2e288a851

SHA512
7292d51ab93eff8831e71efa9ac1025ca6b2fb14fba2918c7a975dec502a0250c5fc65b62b91089a8ea3f8980de5e63570dbb5ef4ba5d3651d0d64b0a7096c8a

Download Submit
C:\Windows\System32\astKHLw.exe

Filesize
2.5MB

MD5
5070abb62b7f2c221cf8c859c9bb8676

SHA1
588121d91f57576e5fc77da55e72b5bb45914d82

SHA256
09b36ea8ebac8d3c9c47f27e0f1cb10f6b1805c74de824cfe8fb36227391e5df

SHA512
ecfaf5d5903499037627b4fef04bbe043213765b95c3fad21161e3c67f6044adf2ac228a6518ec71ff2fe5697c75589be97634f27aedab407432418061a7127f

Download Submit
C:\Windows\System32\csrYaVZ.exe

Filesize
2.5MB

MD5
3a1077c9cd99586584cea24b017db0c7

SHA1
d386505fb7ad1a6e1434988335a8d0d11b62f677

SHA256
5d8679fb1dea258820007d59762432a429e5b8c9a156e9817aefdc878ca31e2b

SHA512
455bc86e7d9afb0d73e09fd1f8c5b666558b9f02a243315763d4e79ce1daab3bf67ba7ee071aeca8033a2e4ffc6bf1d0752863901c2d8ea6cb25ea5596569ec5

Download Submit
C:\Windows\System32\dfVMoyo.exe

Filesize
2.5MB

MD5
f703005f98796a56c61e4dd20d433678

SHA1
000776215f292727e19a8b45831780332a86bd75

SHA256
e5c6ba8643a9e16a5871b99df743e7e33f4626898284bc45bc79782eba1df91e

SHA512
a52f2fb5b4d269f6f5e9973c191e7392d987ae797a6c25592e9717c28bf1c7fb6229bda42fa3a367bc5c2e0495b6cbf3681bd60acd9618bdd2dac239353cd251

Download Submit
C:\Windows\System32\dsPAxra.exe

Filesize
2.5MB

MD5
6ffbe9b06199faf477a7312fcea79dcc

SHA1
53bc4b3660015ca4068514c4cc9508e01bf2514e

SHA256
7efd147ad751b499c15f1cf4d68c37605388a55befbb19d90503b4bab5cf5015

SHA512
b2563bbcdaa7e58d3696b17f8ea4b3d2c42f60ee5316326d44a6c96ae68ada536576662de5d2c92f188d06f48a446ee17ea72083fe3cab14322a8c6d23bd478d

Download Submit
C:\Windows\System32\dvSyHxq.exe

Filesize
2.5MB

MD5
013d823e02a95e8201da5259cb7bc96a

SHA1
97312ba810c61ac8fbdb041367096a5a6625a00d

SHA256
b4b858f5eac541bc17f8cdc054a083be1068e8a29c78a67f7e90c9587443be62

SHA512
28115701fc716e0419b23e182f2bde1ea968cb43e7747a2370ae067072743437a2b042cefd1a9f75db64af9daafa4cbcadc4a842cf12ac687cd3b260e7b030b5

Download Submit
C:\Windows\System32\fNlXsHa.exe

Filesize
2.5MB

MD5
ebbf285fb9304fe36ac57518642e68fb

SHA1
ac618a90ca5c2840e29469f20f2a0f2f7ef6c810

SHA256
50d21ebebdbbb65210d12eb37674ba0db64d5e45551a29e150110848670f3adc

SHA512
a221a9dbfdac6cafa635165380546d85134b9fbfcc89705cd558e7f7678fad319a8790bab39665631cbcc12800c4d0d17000cfa3733fcada346d57cd8581477d

Download Submit
C:\Windows\System32\fxuQBtJ.exe

Filesize
2.5MB

MD5
dc340779fb9a2bf0ad5a7fac056df215

SHA1
b146b145a0ce37c15bd96e2198f119257192d7c7

SHA256
2be7021698cb5d0401a8d78d93a430acd4a313b34be41c17273264e2c3f8d374

SHA512
dc1b3ad7353b0681b1d5de65b4a112f515d9533a0a63c749525d70eddc10f979391b208217cafb373db06f31dc49051f5913559e43e4276a0a49b3a524519726

Download Submit
C:\Windows\System32\gjLkZOx.exe

Filesize
2.5MB

MD5
681ce5da1f8c0f4cff10dff61af697a9

SHA1
95e42f1292f273909da3f1b8bc8536dde81b9d18

SHA256
b5af6c417a5f7cc8ef2fb6715e62e500589f35e24d6d21261f87d47f877d14be

SHA512
c5994b8c7e6c91a4453ceec3d0f5c216057b5ad13d965469c261c54e810200ac465dec5172208bc60f77d6111eb735760461609ed1d35e06a968a3d2e1080bb7

Download Submit
C:\Windows\System32\ndvXXgx.exe

Filesize
2.5MB

MD5
1797cc266c280b87d6062a9a62cee6d8

SHA1
3130f7352ff6316bb16aaba05866830765f92f20

SHA256
8991d9c9c75e33ad7b733cb1340f946eab58a19aee318c1cb4eb6d14b96e1105

SHA512
cd798685861a99f061d07a850616ed06094b66e361e537c3c39107d700f60539ef2084a1d39dc5a1d4b9cf92a3901598b922338f1bfe7cc4efaaf5a9eb466fe7

Download Submit
C:\Windows\System32\oDYwvgJ.exe

Filesize
2.5MB

MD5
2ec69344f2899c4a3401ec17565d3269

SHA1
e691ddf7d3d4f34c639fc8302ff8bc3112d56b45

SHA256
1c0a9eab992b239fe47b633b97a09b5c43879b715304e85cfa57ea9dc616bbf2

SHA512
83b169b554bc805f9e29fe5e83593af3c8a5b97870c75baf3973f9517f5bee97d31752a87a2b63aa18a27baff4add068001f9cfa5e5ff2f5378c72afdd9bf716

Download Submit
C:\Windows\System32\pFZXIBd.exe

Filesize
2.5MB

MD5
479c47abec4e469696bb73ed1925b81b

SHA1
e7335cb74f5534bc77bd8ec7f6aef75e78df4b1c

SHA256
681c2134562d0384c20102be0087b0e31428c066bdfff0416d4deac21403489e

SHA512
01d5e9b3b61ece20b2e6ee50f12d975c39fec36a8de89d5618f256a2f15eb3e6242c77f33522a054bf69f7f44e7297287f57cf0d72ffb6f322f6c610b190cc60

Download Submit
C:\Windows\System32\pRgKjfi.exe

Filesize
2.5MB

MD5
258c14d72f743703147e6819faeabb0f

SHA1
40f647cd5b3f084a80caf230d650445469f5f7e4

SHA256
9f78209f62e0ebf1ba0c5cef4a8185c867bef2f2b38d43dc7ee4e72cd6135cf2

SHA512
2d2e59e3c7e1db5e93bc57a3bf426b57e744f9776658c835e18fb98f25967829a16d3ce1fa60d036b26a447a516faec312f652ad8b839a140d0383d185d535fb

Download Submit
C:\Windows\System32\qQWFWhL.exe

Filesize
2.5MB

MD5
0324cc21c53eaf79f138285d74410c67

SHA1
74d7bcc0d45e81dcd77e02226d53adba3a0d6168

SHA256
b86aa960059119d16a7a1d03d59c2b12e95c83870d5fc7c52157d5194d068f13

SHA512
9a8851db60278607866a8d1682a0e33ee0ed923c24f20c44b1dead38a2dae77fb631f53ae221164087997cd6db6393fc3ccffcefc842f45c024d333ef91059e8

Download Submit
C:\Windows\System32\qWqmafJ.exe

Filesize
2.5MB

MD5
96fdb60799fb79f441681b6912751536

SHA1
29d515b9e0f4011f88ae32eb525ed8077dcadf4c

SHA256
7b03b5e28c260420a6973c4f9c45a3afa5144969308c0369713fc824ab975cc1

SHA512
b5d24d889460c37f83720f9155d4605770d6f72c1e00a95287b03cbe48a92779ec9d70380134ae9a474491ed13ac84c721eac5812f053cacf675b452608d90e2

Download Submit
C:\Windows\System32\rdPBBmO.exe

Filesize
2.5MB

MD5
3ee9ba977015209647396ab73330f4a5

SHA1
7de09f5409b3f07da946a5dc3d2710ea359a3bee

SHA256
2b74df9e7b54c0cd3cd3996d5ac4f761bcca63c17f1e0b28d7eb669b57da7feb

SHA512
e768f13c364664e9cf29eddcb050158a05a8da2a35e9b5abc75c597f60fffb4e4e4cec335466dc5d71b54f6c58a28fe60661fd93e98eff8e35cd412fba335006

Download Submit
C:\Windows\System32\uyIWqHp.exe

Filesize
2.5MB

MD5
56b67adb8ebacae484299e4d24f72463

SHA1
4cd7a7c51386c567b6a493dd854603560b7b87aa

SHA256
35f55bb44e1baaf17e19ec1f281886ef3cb6eb884436584fe4073259cc915c2b

SHA512
8708bf9f1b3f28199f1073e3b4fe930739a89adf0ae74f44cf8bbb3a3b5ba968418489e611b697d4d6c98cc8fcf63cec32e0c3cf6fb2968d23983eb49ace8f47

Download Submit
C:\Windows\System32\wcFxndE.exe

Filesize
2.5MB

MD5
87d3b388cbb2c4580d41b45ce1572fe3

SHA1
8e558d95765ad07a9ce8a816791ae198aabd6c26

SHA256
2fafd64140836ec37e3ed00c63fa216b71e236e1c885197d9b0524984bf65658

SHA512
a4e45a3290bd1125729dd678fe074ae3369b5d1654e41467d4eb9644e82d5b684524ac5663949593db3bd4822768afdca55218add054369f3f74734dd2e896f8

Download Submit
C:\Windows\System32\wgdLdwb.exe

Filesize
2.5MB

MD5
fff0f3b8333e292637cac0b20ca06a2f

SHA1
afa69db7337bff983deb9d66dbf335581ab6552a

SHA256
dc5f2090edb7c781d69375788b7a70e644e21a84b80595f13a7a6b063383304e

SHA512
fa2d5ed339855f22287c8d2627a8c289416508f3ef36bde67dd879b9e830df0e5826c1a99ea47fbc045e84eeb0ca921bbde0542fe5e51011c306a2459b106478

Download Submit
C:\Windows\System32\xYYiMzT.exe

Filesize
2.5MB

MD5
af50ce9067e446f83be74441a9ebd413

SHA1
8ca445d0ffdfd25932622afa362fdf695db63c73

SHA256
f8ef2f28d8a127e13e4594a003c0ffbc3d0c024079751c210a9e4e0b9a6cb509

SHA512
1bb2d7ee0fbe8033fcdb8772602fe30de966d8dd20037e39d155f76a69ccaaf07500d49bfee2d6fd86dbebfd336b2c44bbc91ac1c8ff809d160c074c7cdf6501

Download Submit
C:\Windows\System32\xoVTpmk.exe

Filesize
2.5MB

MD5
bf3ebe0165ef310cd10661f86820e657

SHA1
860b99d93dd2e30aa951b3b7090d1187c76cd66f

SHA256
5af9f8fc3b2b90cf5273acff2475dede340a60508fa24a35452a43550d32ff6a

SHA512
dbf763adc90051d367d46a71c0b827a6e197094609d939e45682f227f22baa3db51f1bfe3926c3ab8ee82c9e0a683f32cfbb64b4c42b36c75cc85fa195fa578a

Download Submit
C:\Windows\System32\zLshLvu.exe

Filesize
2.5MB

MD5
0dc87d213facb62406ec2555a11981f2

SHA1
8fb118e7831ffa84aac8d1e8fd5dbfb809f64943

SHA256
84266a82c7c8b0d984f9080cb59cfff70505edc6401b5419a4c17477cadcb81f

SHA512
6fe5cf286293341be5e0dc9b933553b8bd88c81e227267c6f027c9bd9b56b971ca8c9195bd277e139cb746d43ce2df157ab332ca3438fd01a92560f330e7af65

Download Submit
memory/552-673-0x00007FF727930000-0x00007FF727D25000-memory.dmp

Filesize
4.0MB

Download
memory/552-1919-0x00007FF727930000-0x00007FF727D25000-memory.dmp

Filesize
4.0MB

Download
memory/864-1916-0x00007FF7D8620000-0x00007FF7D8A15000-memory.dmp

Filesize
4.0MB

Download
memory/864-667-0x00007FF7D8620000-0x00007FF7D8A15000-memory.dmp

Filesize
4.0MB

Download
memory/920-692-0x00007FF630250000-0x00007FF630645000-memory.dmp

Filesize
4.0MB

Download
memory/920-1926-0x00007FF630250000-0x00007FF630645000-memory.dmp

Filesize
4.0MB

Download
memory/1444-10-0x00007FF735B90000-0x00007FF735F85000-memory.dmp

Filesize
4.0MB

Download
memory/1444-1907-0x00007FF735B90000-0x00007FF735F85000-memory.dmp

Filesize
4.0MB

Download
memory/1572-1922-0x00007FF7915C0000-0x00007FF7919B5000-memory.dmp

Filesize
4.0MB

Download
memory/1572-672-0x00007FF7915C0000-0x00007FF7919B5000-memory.dmp

Filesize
4.0MB

Download
memory/1936-707-0x00007FF6C1130000-0x00007FF6C1525000-memory.dmp

Filesize
4.0MB

Download
memory/1936-1923-0x00007FF6C1130000-0x00007FF6C1525000-memory.dmp

Filesize
4.0MB

Download
memory/2096-705-0x00007FF6CF760000-0x00007FF6CFB55000-memory.dmp

Filesize
4.0MB

Download
memory/2096-1930-0x00007FF6CF760000-0x00007FF6CFB55000-memory.dmp

Filesize
4.0MB

Download
memory/2108-1912-0x00007FF700060000-0x00007FF700455000-memory.dmp

Filesize
4.0MB

Download
memory/2108-670-0x00007FF700060000-0x00007FF700455000-memory.dmp

Filesize
4.0MB

Download
memory/2192-1915-0x00007FF7F5590000-0x00007FF7F5985000-memory.dmp

Filesize
4.0MB

Download
memory/2192-668-0x00007FF7F5590000-0x00007FF7F5985000-memory.dmp

Filesize
4.0MB

Download
memory/2604-0-0x00007FF616F70000-0x00007FF617365000-memory.dmp

Filesize
4.0MB

Download
memory/2604-1-0x000001945E080000-0x000001945E090000-memory.dmp

Filesize
64KB

Download
memory/2604-1904-0x00007FF616F70000-0x00007FF617365000-memory.dmp

Filesize
4.0MB

Download
memory/2856-1920-0x00007FF65A980000-0x00007FF65AD75000-memory.dmp

Filesize
4.0MB

Download
memory/2856-712-0x00007FF65A980000-0x00007FF65AD75000-memory.dmp

Filesize
4.0MB

Download
memory/2992-1913-0x00007FF68F980000-0x00007FF68FD75000-memory.dmp

Filesize
4.0MB

Download
memory/2992-665-0x00007FF68F980000-0x00007FF68FD75000-memory.dmp

Filesize
4.0MB

Download
memory/3192-666-0x00007FF6360C0000-0x00007FF6364B5000-memory.dmp

Filesize
4.0MB

Download
memory/3192-1917-0x00007FF6360C0000-0x00007FF6364B5000-memory.dmp

Filesize
4.0MB

Download
memory/3284-716-0x00007FF690890000-0x00007FF690C85000-memory.dmp

Filesize
4.0MB

Download
memory/3284-1910-0x00007FF690890000-0x00007FF690C85000-memory.dmp

Filesize
4.0MB

Download
memory/3348-669-0x00007FF6D5C70000-0x00007FF6D6065000-memory.dmp

Filesize
4.0MB

Download
memory/3348-1914-0x00007FF6D5C70000-0x00007FF6D6065000-memory.dmp

Filesize
4.0MB

Download
memory/3372-1925-0x00007FF7BBE70000-0x00007FF7BC265000-memory.dmp

Filesize
4.0MB

Download
memory/3372-702-0x00007FF7BBE70000-0x00007FF7BC265000-memory.dmp

Filesize
4.0MB

Download
memory/3812-1906-0x00007FF69B210000-0x00007FF69B605000-memory.dmp

Filesize
4.0MB

Download
memory/3812-19-0x00007FF69B210000-0x00007FF69B605000-memory.dmp

Filesize
4.0MB

Download
memory/3812-1908-0x00007FF69B210000-0x00007FF69B605000-memory.dmp

Filesize
4.0MB

Download
memory/3904-1905-0x00007FF7E2A60000-0x00007FF7E2E55000-memory.dmp

Filesize
4.0MB

Download
memory/3904-1918-0x00007FF7E2A60000-0x00007FF7E2E55000-memory.dmp

Filesize
4.0MB

Download
memory/3904-21-0x00007FF7E2A60000-0x00007FF7E2E55000-memory.dmp

Filesize
4.0MB

Download
memory/4032-1929-0x00007FF78BB00000-0x00007FF78BEF5000-memory.dmp

Filesize
4.0MB

Download
memory/4032-677-0x00007FF78BB00000-0x00007FF78BEF5000-memory.dmp

Filesize
4.0MB

Download
memory/4164-678-0x00007FF677770000-0x00007FF677B65000-memory.dmp

Filesize
4.0MB

Download
memory/4164-1928-0x00007FF677770000-0x00007FF677B65000-memory.dmp

Filesize
4.0MB

Download
memory/4244-696-0x00007FF6E3B50000-0x00007FF6E3F45000-memory.dmp

Filesize
4.0MB

Download
memory/4244-1924-0x00007FF6E3B50000-0x00007FF6E3F45000-memory.dmp

Filesize
4.0MB

Download
memory/4516-1927-0x00007FF7D1B70000-0x00007FF7D1F65000-memory.dmp

Filesize
4.0MB

Download
memory/4516-686-0x00007FF7D1B70000-0x00007FF7D1F65000-memory.dmp

Filesize
4.0MB

Download
memory/4580-664-0x00007FF74FB50000-0x00007FF74FF45000-memory.dmp

Filesize
4.0MB

Download
memory/4580-1909-0x00007FF74FB50000-0x00007FF74FF45000-memory.dmp

Filesize
4.0MB

Download
memory/4584-1911-0x00007FF74DE50000-0x00007FF74E245000-memory.dmp

Filesize
4.0MB

Download
memory/4584-663-0x00007FF74DE50000-0x00007FF74E245000-memory.dmp

Filesize
4.0MB

Download
memory/5064-671-0x00007FF741960000-0x00007FF741D55000-memory.dmp

Filesize
4.0MB

Download
memory/5064-1921-0x00007FF741960000-0x00007FF741D55000-memory.dmp

Filesize
4.0MB

Download