xmrig | 05cb4f3754de4785c5498ccd721e0e62e4aaaaf9773fbd08a6c05f086a88f733

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
Size

1.5MB
MD5

703706b48dea315f2e23c0b3e3700400
SHA1

b428071b29f5b9af9e584ab4f58d078afde05115
SHA256

05cb4f3754de4785c5498ccd721e0e62e4aaaaf9773fbd08a6c05f086a88f733
SHA512

cbb0e0902174356ea019f0d8df951ed62ec2a09abb6d366996ce0f0edd162c93c662109ca73a7053d2d215534fea70e3300a26d08c4958f2a426493c43b3ad27
SSDEEP

49152:ROdWCCi7/rahUUvXjVTRdf5k5p8iKCopw/:RWWBiba+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/1144-71-0x00007FF7A7EC0000-0x00007FF7A8211000-memory.dmp	xmrig
behavioral2/memory/3332-334-0x00007FF7832B0000-0x00007FF783601000-memory.dmp	xmrig
behavioral2/memory/4772-436-0x00007FF7B59A0000-0x00007FF7B5CF1000-memory.dmp	xmrig
behavioral2/memory/648-469-0x00007FF690850000-0x00007FF690BA1000-memory.dmp	xmrig
behavioral2/memory/4744-529-0x00007FF6718C0000-0x00007FF671C11000-memory.dmp	xmrig
behavioral2/memory/4572-533-0x00007FF735720000-0x00007FF735A71000-memory.dmp	xmrig
behavioral2/memory/1888-534-0x00007FF68E270000-0x00007FF68E5C1000-memory.dmp	xmrig
behavioral2/memory/1792-532-0x00007FF7CA4B0000-0x00007FF7CA801000-memory.dmp	xmrig
behavioral2/memory/4560-531-0x00007FF774380000-0x00007FF7746D1000-memory.dmp	xmrig
behavioral2/memory/4216-530-0x00007FF648CC0000-0x00007FF649011000-memory.dmp	xmrig
behavioral2/memory/4736-528-0x00007FF6363C0000-0x00007FF636711000-memory.dmp	xmrig
behavioral2/memory/3496-527-0x00007FF7EDDB0000-0x00007FF7EE101000-memory.dmp	xmrig
behavioral2/memory/4388-526-0x00007FF65E730000-0x00007FF65EA81000-memory.dmp	xmrig
behavioral2/memory/3852-391-0x00007FF61A960000-0x00007FF61ACB1000-memory.dmp	xmrig
behavioral2/memory/1244-331-0x00007FF7C29A0000-0x00007FF7C2CF1000-memory.dmp	xmrig
behavioral2/memory/960-307-0x00007FF6047E0000-0x00007FF604B31000-memory.dmp	xmrig
behavioral2/memory/2116-268-0x00007FF66B590000-0x00007FF66B8E1000-memory.dmp	xmrig
behavioral2/memory/3528-264-0x00007FF682180000-0x00007FF6824D1000-memory.dmp	xmrig
behavioral2/memory/4272-223-0x00007FF7F1E40000-0x00007FF7F2191000-memory.dmp	xmrig
behavioral2/memory/4080-185-0x00007FF6A2A90000-0x00007FF6A2DE1000-memory.dmp	xmrig
behavioral2/memory/2536-181-0x00007FF66F5F0000-0x00007FF66F941000-memory.dmp	xmrig
behavioral2/memory/4832-148-0x00007FF7C3F90000-0x00007FF7C42E1000-memory.dmp	xmrig
behavioral2/memory/4292-121-0x00007FF73B720000-0x00007FF73BA71000-memory.dmp	xmrig
behavioral2/memory/3424-86-0x00007FF7BDE00000-0x00007FF7BE151000-memory.dmp	xmrig
behavioral2/memory/3092-83-0x00007FF646FF0000-0x00007FF647341000-memory.dmp	xmrig
behavioral2/memory/2524-62-0x00007FF72F9E0000-0x00007FF72FD31000-memory.dmp	xmrig
behavioral2/memory/912-51-0x00007FF62C8D0000-0x00007FF62CC21000-memory.dmp	xmrig
behavioral2/memory/2948-2144-0x00007FF74EC20000-0x00007FF74EF71000-memory.dmp	xmrig
behavioral2/memory/4976-2247-0x00007FF7FA1F0000-0x00007FF7FA541000-memory.dmp	xmrig
behavioral2/memory/2668-2249-0x00007FF737260000-0x00007FF7375B1000-memory.dmp	xmrig
behavioral2/memory/912-2251-0x00007FF62C8D0000-0x00007FF62CC21000-memory.dmp	xmrig
behavioral2/memory/4976-2253-0x00007FF7FA1F0000-0x00007FF7FA541000-memory.dmp	xmrig
behavioral2/memory/4560-2255-0x00007FF774380000-0x00007FF7746D1000-memory.dmp	xmrig
behavioral2/memory/2524-2261-0x00007FF72F9E0000-0x00007FF72FD31000-memory.dmp	xmrig
behavioral2/memory/3092-2260-0x00007FF646FF0000-0x00007FF647341000-memory.dmp	xmrig
behavioral2/memory/1144-2257-0x00007FF7A7EC0000-0x00007FF7A8211000-memory.dmp	xmrig
behavioral2/memory/4292-2265-0x00007FF73B720000-0x00007FF73BA71000-memory.dmp	xmrig
behavioral2/memory/4832-2267-0x00007FF7C3F90000-0x00007FF7C42E1000-memory.dmp	xmrig
behavioral2/memory/3424-2264-0x00007FF7BDE00000-0x00007FF7BE151000-memory.dmp	xmrig
behavioral2/memory/3852-2295-0x00007FF61A960000-0x00007FF61ACB1000-memory.dmp	xmrig
behavioral2/memory/3332-2297-0x00007FF7832B0000-0x00007FF783601000-memory.dmp	xmrig
behavioral2/memory/4216-2299-0x00007FF648CC0000-0x00007FF649011000-memory.dmp	xmrig
behavioral2/memory/4572-2301-0x00007FF735720000-0x00007FF735A71000-memory.dmp	xmrig
behavioral2/memory/4772-2292-0x00007FF7B59A0000-0x00007FF7B5CF1000-memory.dmp	xmrig
behavioral2/memory/4736-2290-0x00007FF6363C0000-0x00007FF636711000-memory.dmp	xmrig
behavioral2/memory/1244-2287-0x00007FF7C29A0000-0x00007FF7C2CF1000-memory.dmp	xmrig
behavioral2/memory/4744-2285-0x00007FF6718C0000-0x00007FF671C11000-memory.dmp	xmrig
behavioral2/memory/4080-2281-0x00007FF6A2A90000-0x00007FF6A2DE1000-memory.dmp	xmrig
behavioral2/memory/2536-2279-0x00007FF66F5F0000-0x00007FF66F941000-memory.dmp	xmrig
behavioral2/memory/3528-2276-0x00007FF682180000-0x00007FF6824D1000-memory.dmp	xmrig
behavioral2/memory/4272-2271-0x00007FF7F1E40000-0x00007FF7F2191000-memory.dmp	xmrig
behavioral2/memory/2116-2283-0x00007FF66B590000-0x00007FF66B8E1000-memory.dmp	xmrig
behavioral2/memory/960-2278-0x00007FF6047E0000-0x00007FF604B31000-memory.dmp	xmrig
behavioral2/memory/1888-2274-0x00007FF68E270000-0x00007FF68E5C1000-memory.dmp	xmrig
behavioral2/memory/1792-2270-0x00007FF7CA4B0000-0x00007FF7CA801000-memory.dmp	xmrig
behavioral2/memory/4388-2318-0x00007FF65E730000-0x00007FF65EA81000-memory.dmp	xmrig
behavioral2/memory/648-2345-0x00007FF690850000-0x00007FF690BA1000-memory.dmp	xmrig
behavioral2/memory/3496-2329-0x00007FF7EDDB0000-0x00007FF7EE101000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4976	TkOWXDG.exe
2668	sgLwJpY.exe
912	Brpsqii.exe
4560	RcUdEhy.exe
2524	tfmMWrW.exe
1144	aiXOcIJ.exe
3092	ETTfJJE.exe
3424	UskOtwB.exe
4292	hqNShXx.exe
4832	DTcrPTn.exe
1792	YhrRkSy.exe
2536	oAGeoeh.exe
4080	aErSprj.exe
4272	LorLUsT.exe
3528	BoWWijh.exe
2116	fkKkplZ.exe
960	kjVUQNU.exe
4572	EdMrngm.exe
1244	akeFDOq.exe
3332	XqRJRaP.exe
1888	kcAaFqR.exe
3852	QgUcVzz.exe
4772	gHbTrkX.exe
648	isLCHyS.exe
4388	iSuvqky.exe
3496	DwlNVci.exe
4736	UqLYWGi.exe
4744	DdVqdLb.exe
4216	oSyojZV.exe
3932	VPkRIwG.exe
2136	oDmMBzz.exe
3876	piylcAC.exe
1728	yGGkpyz.exe
2100	wkBVOEA.exe
992	NfLIkqQ.exe
1712	YgfjLQP.exe
2404	yiJnjyq.exe
2968	keRwEBU.exe
3296	NGTLvzb.exe
3972	mlznxaR.exe
1828	XzOfyoW.exe
2468	xNJQwpo.exe
4724	vraoYtf.exe
5012	wivvEeu.exe
3204	bztzzFt.exe
4400	rMynhKC.exe
3452	qqPgtFY.exe
3548	JIbTzoC.exe
1192	aySvhzf.exe
3668	JTiMrVT.exe
1876	EehcOuD.exe
2256	CySNFKM.exe
948	GqYuWZS.exe
1344	TDXELPT.exe
4828	xpLdMpC.exe
4544	dADLjms.exe
3516	JKqbuUp.exe
1072	TTAFTMH.exe
1656	ZEPjDgM.exe
404	HlGFzwX.exe
4348	TfgoOVy.exe
4396	tBTemOg.exe
3464	kVstnEp.exe
1276	kfgsIJc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2948-0-0x00007FF74EC20000-0x00007FF74EF71000-memory.dmp	upx
behavioral2/files/0x000900000002340d-5.dat	upx
behavioral2/files/0x0007000000023414-8.dat	upx
behavioral2/files/0x0007000000023415-7.dat	upx
behavioral2/files/0x0007000000023417-26.dat	upx
behavioral2/files/0x0007000000023416-47.dat	upx
behavioral2/memory/1144-71-0x00007FF7A7EC0000-0x00007FF7A8211000-memory.dmp	upx
behavioral2/files/0x000700000002342d-138.dat	upx
behavioral2/files/0x0007000000023433-164.dat	upx
behavioral2/memory/3332-334-0x00007FF7832B0000-0x00007FF783601000-memory.dmp	upx
behavioral2/memory/4772-436-0x00007FF7B59A0000-0x00007FF7B5CF1000-memory.dmp	upx
behavioral2/memory/648-469-0x00007FF690850000-0x00007FF690BA1000-memory.dmp	upx
behavioral2/memory/4744-529-0x00007FF6718C0000-0x00007FF671C11000-memory.dmp	upx
behavioral2/memory/4572-533-0x00007FF735720000-0x00007FF735A71000-memory.dmp	upx
behavioral2/memory/1888-534-0x00007FF68E270000-0x00007FF68E5C1000-memory.dmp	upx
behavioral2/memory/1792-532-0x00007FF7CA4B0000-0x00007FF7CA801000-memory.dmp	upx
behavioral2/memory/4560-531-0x00007FF774380000-0x00007FF7746D1000-memory.dmp	upx
behavioral2/memory/4216-530-0x00007FF648CC0000-0x00007FF649011000-memory.dmp	upx
behavioral2/memory/4736-528-0x00007FF6363C0000-0x00007FF636711000-memory.dmp	upx
behavioral2/memory/3496-527-0x00007FF7EDDB0000-0x00007FF7EE101000-memory.dmp	upx
behavioral2/memory/4388-526-0x00007FF65E730000-0x00007FF65EA81000-memory.dmp	upx
behavioral2/memory/3852-391-0x00007FF61A960000-0x00007FF61ACB1000-memory.dmp	upx
behavioral2/memory/1244-331-0x00007FF7C29A0000-0x00007FF7C2CF1000-memory.dmp	upx
behavioral2/memory/960-307-0x00007FF6047E0000-0x00007FF604B31000-memory.dmp	upx
behavioral2/memory/2116-268-0x00007FF66B590000-0x00007FF66B8E1000-memory.dmp	upx
behavioral2/memory/3528-264-0x00007FF682180000-0x00007FF6824D1000-memory.dmp	upx
behavioral2/memory/4272-223-0x00007FF7F1E40000-0x00007FF7F2191000-memory.dmp	upx
behavioral2/files/0x000700000002342b-201.dat	upx
behavioral2/files/0x000700000002342a-200.dat	upx
behavioral2/files/0x0007000000023429-193.dat	upx
behavioral2/files/0x0007000000023428-190.dat	upx
behavioral2/files/0x0007000000023424-188.dat	upx
behavioral2/memory/4080-185-0x00007FF6A2A90000-0x00007FF6A2DE1000-memory.dmp	upx
behavioral2/files/0x0007000000023437-174.dat	upx
behavioral2/files/0x0007000000023436-173.dat	upx
behavioral2/files/0x0007000000023435-170.dat	upx
behavioral2/files/0x000700000002342c-169.dat	upx
behavioral2/files/0x0007000000023432-165.dat	upx
behavioral2/files/0x0007000000023426-159.dat	upx
behavioral2/files/0x0007000000023431-154.dat	upx
behavioral2/files/0x0007000000023438-189.dat	upx
behavioral2/memory/2536-181-0x00007FF66F5F0000-0x00007FF66F941000-memory.dmp	upx
behavioral2/memory/4832-148-0x00007FF7C3F90000-0x00007FF7C42E1000-memory.dmp	upx
behavioral2/files/0x0007000000023430-145.dat	upx
behavioral2/files/0x000700000002342f-142.dat	upx
behavioral2/files/0x000700000002342e-141.dat	upx
behavioral2/files/0x0007000000023434-168.dat	upx
behavioral2/files/0x0007000000023422-129.dat	upx
behavioral2/files/0x0007000000023425-151.dat	upx
behavioral2/memory/4292-121-0x00007FF73B720000-0x00007FF73BA71000-memory.dmp	upx
behavioral2/files/0x0007000000023427-120.dat	upx
behavioral2/files/0x0007000000023423-109.dat	upx
behavioral2/files/0x0007000000023421-94.dat	upx
behavioral2/files/0x0007000000023420-93.dat	upx
behavioral2/files/0x000700000002341f-91.dat	upx
behavioral2/files/0x000700000002341e-89.dat	upx
behavioral2/files/0x000700000002341a-88.dat	upx
behavioral2/memory/3424-86-0x00007FF7BDE00000-0x00007FF7BE151000-memory.dmp	upx
behavioral2/memory/3092-83-0x00007FF646FF0000-0x00007FF647341000-memory.dmp	upx
behavioral2/files/0x000700000002341d-77.dat	upx
behavioral2/files/0x000700000002341c-74.dat	upx
behavioral2/files/0x000700000002341b-73.dat	upx
behavioral2/memory/2524-62-0x00007FF72F9E0000-0x00007FF72FD31000-memory.dmp	upx
behavioral2/files/0x0007000000023419-55.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xGjxPLJ.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\LJtRfuH.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\hbOYusS.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\OKTCVgI.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\imkkIRh.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\VXlXPqG.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\AIrdDHY.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\aYUCWIQ.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\mNXjPgs.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\nfqUQfz.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\SgCPfYW.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\ZGIpbYu.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\JvAUgYD.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\DoqcOPJ.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\cCJeAPi.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\rWWjPoK.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\NwGYZuo.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\bnrnmyO.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\OJruXsk.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\keRwEBU.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\EehcOuD.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\IsmCDfb.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\EXbQfnk.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\vSMSzao.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\xziTinJ.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\nxMBCad.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\tjOoadw.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\uaocxFl.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\ideoZSb.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\tBTemOg.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\yrUyHEt.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\fgzHlIK.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\vWbuxIW.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\PCeTyFs.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\kfNERNX.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\afKlTnl.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\suRhAKz.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\SwBHfpu.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\eGmMBqC.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\SGfxUlD.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\pPLandE.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\sUrjluN.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\ztUInKa.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\LnDoyXF.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\YxEtpBw.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\RzrJzKV.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\FtOWZmU.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\AGhnTTr.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\CNCAaJI.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\UIqDGCV.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\LuAJabY.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\JbOZuUU.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\znecxXb.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\zHtzbhZ.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\YmXvUEU.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\LDwlDrT.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\CySNFKM.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\kLeXHKG.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\YKkCjxR.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\xNraDxX.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\nDWhoLA.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\LoWEKev.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\MraTgsL.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
File created	C:\Windows\System\HlNZLqw.exe	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2496	dwm.exe
Token: SeChangeNotifyPrivilege	2496	dwm.exe
Token: 33	2496	dwm.exe
Token: SeIncBasePriorityPrivilege	2496	dwm.exe
Token: SeShutdownPrivilege	2496	dwm.exe
Token: SeCreatePagefilePrivilege	2496	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 4976	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	84
PID 2948 wrote to memory of 4976	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	84
PID 2948 wrote to memory of 2668	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	85
PID 2948 wrote to memory of 2668	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	85
PID 2948 wrote to memory of 912	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	86
PID 2948 wrote to memory of 912	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	86
PID 2948 wrote to memory of 2524	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	87
PID 2948 wrote to memory of 2524	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	87
PID 2948 wrote to memory of 4560	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	88
PID 2948 wrote to memory of 4560	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	88
PID 2948 wrote to memory of 1144	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	89
PID 2948 wrote to memory of 1144	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	89
PID 2948 wrote to memory of 3092	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	90
PID 2948 wrote to memory of 3092	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	90
PID 2948 wrote to memory of 1792	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	91
PID 2948 wrote to memory of 1792	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	91
PID 2948 wrote to memory of 3424	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	92
PID 2948 wrote to memory of 3424	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	92
PID 2948 wrote to memory of 4292	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	93
PID 2948 wrote to memory of 4292	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	93
PID 2948 wrote to memory of 4832	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	94
PID 2948 wrote to memory of 4832	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	94
PID 2948 wrote to memory of 2536	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	95
PID 2948 wrote to memory of 2536	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	95
PID 2948 wrote to memory of 4080	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	96
PID 2948 wrote to memory of 4080	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	96
PID 2948 wrote to memory of 4272	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	97
PID 2948 wrote to memory of 4272	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	97
PID 2948 wrote to memory of 3528	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	98
PID 2948 wrote to memory of 3528	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	98
PID 2948 wrote to memory of 2116	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	99
PID 2948 wrote to memory of 2116	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	99
PID 2948 wrote to memory of 960	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	100
PID 2948 wrote to memory of 960	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	100
PID 2948 wrote to memory of 4572	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	101
PID 2948 wrote to memory of 4572	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	101
PID 2948 wrote to memory of 1244	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	102
PID 2948 wrote to memory of 1244	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	102
PID 2948 wrote to memory of 3332	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	103
PID 2948 wrote to memory of 3332	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	103
PID 2948 wrote to memory of 1888	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	104
PID 2948 wrote to memory of 1888	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	104
PID 2948 wrote to memory of 3852	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	105
PID 2948 wrote to memory of 3852	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	105
PID 2948 wrote to memory of 4772	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	106
PID 2948 wrote to memory of 4772	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	106
PID 2948 wrote to memory of 648	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	107
PID 2948 wrote to memory of 648	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	107
PID 2948 wrote to memory of 4388	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	108
PID 2948 wrote to memory of 4388	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	108
PID 2948 wrote to memory of 2100	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	109
PID 2948 wrote to memory of 2100	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	109
PID 2948 wrote to memory of 3496	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	110
PID 2948 wrote to memory of 3496	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	110
PID 2948 wrote to memory of 4736	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	111
PID 2948 wrote to memory of 4736	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	111
PID 2948 wrote to memory of 4744	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	112
PID 2948 wrote to memory of 4744	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	112
PID 2948 wrote to memory of 4216	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	113
PID 2948 wrote to memory of 4216	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	113
PID 2948 wrote to memory of 3932	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	114
PID 2948 wrote to memory of 3932	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	114
PID 2948 wrote to memory of 2136	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	115
PID 2948 wrote to memory of 2136	2948	703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\703706b48dea315f2e23c0b3e3700400_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Windows\System\TkOWXDG.exe
  C:\Windows\System\TkOWXDG.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\sgLwJpY.exe
  C:\Windows\System\sgLwJpY.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\Brpsqii.exe
  C:\Windows\System\Brpsqii.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\tfmMWrW.exe
  C:\Windows\System\tfmMWrW.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\RcUdEhy.exe
  C:\Windows\System\RcUdEhy.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\aiXOcIJ.exe
  C:\Windows\System\aiXOcIJ.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\ETTfJJE.exe
  C:\Windows\System\ETTfJJE.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\YhrRkSy.exe
  C:\Windows\System\YhrRkSy.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\UskOtwB.exe
  C:\Windows\System\UskOtwB.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\hqNShXx.exe
  C:\Windows\System\hqNShXx.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\DTcrPTn.exe
  C:\Windows\System\DTcrPTn.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\oAGeoeh.exe
  C:\Windows\System\oAGeoeh.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\aErSprj.exe
  C:\Windows\System\aErSprj.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\LorLUsT.exe
  C:\Windows\System\LorLUsT.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\BoWWijh.exe
  C:\Windows\System\BoWWijh.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\fkKkplZ.exe
  C:\Windows\System\fkKkplZ.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\kjVUQNU.exe
  C:\Windows\System\kjVUQNU.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\EdMrngm.exe
  C:\Windows\System\EdMrngm.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\akeFDOq.exe
  C:\Windows\System\akeFDOq.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\XqRJRaP.exe
  C:\Windows\System\XqRJRaP.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\kcAaFqR.exe
  C:\Windows\System\kcAaFqR.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\QgUcVzz.exe
  C:\Windows\System\QgUcVzz.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\gHbTrkX.exe
  C:\Windows\System\gHbTrkX.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\isLCHyS.exe
  C:\Windows\System\isLCHyS.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\iSuvqky.exe
  C:\Windows\System\iSuvqky.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\wkBVOEA.exe
  C:\Windows\System\wkBVOEA.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\DwlNVci.exe
  C:\Windows\System\DwlNVci.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\UqLYWGi.exe
  C:\Windows\System\UqLYWGi.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\DdVqdLb.exe
  C:\Windows\System\DdVqdLb.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\oSyojZV.exe
  C:\Windows\System\oSyojZV.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\VPkRIwG.exe
  C:\Windows\System\VPkRIwG.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\oDmMBzz.exe
  C:\Windows\System\oDmMBzz.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\piylcAC.exe
  C:\Windows\System\piylcAC.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\yGGkpyz.exe
  C:\Windows\System\yGGkpyz.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\NfLIkqQ.exe
  C:\Windows\System\NfLIkqQ.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\YgfjLQP.exe
  C:\Windows\System\YgfjLQP.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\yiJnjyq.exe
  C:\Windows\System\yiJnjyq.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\keRwEBU.exe
  C:\Windows\System\keRwEBU.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\NGTLvzb.exe
  C:\Windows\System\NGTLvzb.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\mlznxaR.exe
  C:\Windows\System\mlznxaR.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\XzOfyoW.exe
  C:\Windows\System\XzOfyoW.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\xNJQwpo.exe
  C:\Windows\System\xNJQwpo.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\vraoYtf.exe
  C:\Windows\System\vraoYtf.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\wivvEeu.exe
  C:\Windows\System\wivvEeu.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\bztzzFt.exe
  C:\Windows\System\bztzzFt.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\rMynhKC.exe
  C:\Windows\System\rMynhKC.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\qqPgtFY.exe
  C:\Windows\System\qqPgtFY.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\JIbTzoC.exe
  C:\Windows\System\JIbTzoC.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\aySvhzf.exe
  C:\Windows\System\aySvhzf.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\JTiMrVT.exe
  C:\Windows\System\JTiMrVT.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\EehcOuD.exe
  C:\Windows\System\EehcOuD.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\kVstnEp.exe
  C:\Windows\System\kVstnEp.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\CySNFKM.exe
  C:\Windows\System\CySNFKM.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\GqYuWZS.exe
  C:\Windows\System\GqYuWZS.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\TDXELPT.exe
  C:\Windows\System\TDXELPT.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\xpLdMpC.exe
  C:\Windows\System\xpLdMpC.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\dADLjms.exe
  C:\Windows\System\dADLjms.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\JKqbuUp.exe
  C:\Windows\System\JKqbuUp.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\TTAFTMH.exe
  C:\Windows\System\TTAFTMH.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\ZEPjDgM.exe
  C:\Windows\System\ZEPjDgM.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\HlGFzwX.exe
  C:\Windows\System\HlGFzwX.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\TfgoOVy.exe
  C:\Windows\System\TfgoOVy.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\tBTemOg.exe
  C:\Windows\System\tBTemOg.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\kfgsIJc.exe
  C:\Windows\System\kfgsIJc.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\jQmsOSO.exe
  C:\Windows\System\jQmsOSO.exe
  2⤵
  PID:1272
- C:\Windows\System\okkAjLP.exe
  C:\Windows\System\okkAjLP.exe
  2⤵
  PID:1512
- C:\Windows\System\XOqcriL.exe
  C:\Windows\System\XOqcriL.exe
  2⤵
  PID:2372
- C:\Windows\System\sUrjluN.exe
  C:\Windows\System\sUrjluN.exe
  2⤵
  PID:4856
- C:\Windows\System\SYuUFqO.exe
  C:\Windows\System\SYuUFqO.exe
  2⤵
  PID:4152
- C:\Windows\System\elCeWUP.exe
  C:\Windows\System\elCeWUP.exe
  2⤵
  PID:2600
- C:\Windows\System\KHuQAJI.exe
  C:\Windows\System\KHuQAJI.exe
  2⤵
  PID:4712
- C:\Windows\System\AxpKqbi.exe
  C:\Windows\System\AxpKqbi.exe
  2⤵
  PID:4896
- C:\Windows\System\fuqroBR.exe
  C:\Windows\System\fuqroBR.exe
  2⤵
  PID:2432
- C:\Windows\System\ovXqeNk.exe
  C:\Windows\System\ovXqeNk.exe
  2⤵
  PID:2236
- C:\Windows\System\eDETyuy.exe
  C:\Windows\System\eDETyuy.exe
  2⤵
  PID:4220
- C:\Windows\System\wWYMEaH.exe
  C:\Windows\System\wWYMEaH.exe
  2⤵
  PID:704
- C:\Windows\System\AoqrTLb.exe
  C:\Windows\System\AoqrTLb.exe
  2⤵
  PID:3924
- C:\Windows\System\NYhFALi.exe
  C:\Windows\System\NYhFALi.exe
  2⤵
  PID:2856
- C:\Windows\System\wsOhLil.exe
  C:\Windows\System\wsOhLil.exe
  2⤵
  PID:4628
- C:\Windows\System\eSRSbfw.exe
  C:\Windows\System\eSRSbfw.exe
  2⤵
  PID:3112
- C:\Windows\System\SrspdHA.exe
  C:\Windows\System\SrspdHA.exe
  2⤵
  PID:3008
- C:\Windows\System\dsfXzLX.exe
  C:\Windows\System\dsfXzLX.exe
  2⤵
  PID:5040
- C:\Windows\System\MvfMtwH.exe
  C:\Windows\System\MvfMtwH.exe
  2⤵
  PID:5128
- C:\Windows\System\SJRZsSZ.exe
  C:\Windows\System\SJRZsSZ.exe
  2⤵
  PID:5148
- C:\Windows\System\ueCcsTK.exe
  C:\Windows\System\ueCcsTK.exe
  2⤵
  PID:5196
- C:\Windows\System\eUtyBBW.exe
  C:\Windows\System\eUtyBBW.exe
  2⤵
  PID:5216
- C:\Windows\System\YkbIdsF.exe
  C:\Windows\System\YkbIdsF.exe
  2⤵
  PID:5240
- C:\Windows\System\YqXcTgk.exe
  C:\Windows\System\YqXcTgk.exe
  2⤵
  PID:5256
- C:\Windows\System\gsmHwct.exe
  C:\Windows\System\gsmHwct.exe
  2⤵
  PID:5280
- C:\Windows\System\SgCPfYW.exe
  C:\Windows\System\SgCPfYW.exe
  2⤵
  PID:5368
- C:\Windows\System\FnAaUdv.exe
  C:\Windows\System\FnAaUdv.exe
  2⤵
  PID:5388
- C:\Windows\System\PhDwBRi.exe
  C:\Windows\System\PhDwBRi.exe
  2⤵
  PID:5412
- C:\Windows\System\ObulBvd.exe
  C:\Windows\System\ObulBvd.exe
  2⤵
  PID:5432
- C:\Windows\System\dHRxWsq.exe
  C:\Windows\System\dHRxWsq.exe
  2⤵
  PID:5464
- C:\Windows\System\yTppieD.exe
  C:\Windows\System\yTppieD.exe
  2⤵
  PID:5480
- C:\Windows\System\cbxHcln.exe
  C:\Windows\System\cbxHcln.exe
  2⤵
  PID:5536
- C:\Windows\System\yEtlZyd.exe
  C:\Windows\System\yEtlZyd.exe
  2⤵
  PID:5576
- C:\Windows\System\vUTLWzE.exe
  C:\Windows\System\vUTLWzE.exe
  2⤵
  PID:5600
- C:\Windows\System\JphYUJX.exe
  C:\Windows\System\JphYUJX.exe
  2⤵
  PID:5624
- C:\Windows\System\ErjRTWf.exe
  C:\Windows\System\ErjRTWf.exe
  2⤵
  PID:5656
- C:\Windows\System\fLiPVAF.exe
  C:\Windows\System\fLiPVAF.exe
  2⤵
  PID:5672
- C:\Windows\System\VXAeXcT.exe
  C:\Windows\System\VXAeXcT.exe
  2⤵
  PID:5688
- C:\Windows\System\lSHtNIR.exe
  C:\Windows\System\lSHtNIR.exe
  2⤵
  PID:5708
- C:\Windows\System\kLeXHKG.exe
  C:\Windows\System\kLeXHKG.exe
  2⤵
  PID:5724
- C:\Windows\System\RYCxAFd.exe
  C:\Windows\System\RYCxAFd.exe
  2⤵
  PID:5748
- C:\Windows\System\VySVjZa.exe
  C:\Windows\System\VySVjZa.exe
  2⤵
  PID:5768
- C:\Windows\System\JzVpABc.exe
  C:\Windows\System\JzVpABc.exe
  2⤵
  PID:5788
- C:\Windows\System\vEHtErn.exe
  C:\Windows\System\vEHtErn.exe
  2⤵
  PID:5812
- C:\Windows\System\KBIfQgG.exe
  C:\Windows\System\KBIfQgG.exe
  2⤵
  PID:5832
- C:\Windows\System\hPZJFyj.exe
  C:\Windows\System\hPZJFyj.exe
  2⤵
  PID:5852
- C:\Windows\System\dvSQfDg.exe
  C:\Windows\System\dvSQfDg.exe
  2⤵
  PID:5872
- C:\Windows\System\UbEWKfE.exe
  C:\Windows\System\UbEWKfE.exe
  2⤵
  PID:5888
- C:\Windows\System\tUpqkPs.exe
  C:\Windows\System\tUpqkPs.exe
  2⤵
  PID:5912
- C:\Windows\System\soxkWfZ.exe
  C:\Windows\System\soxkWfZ.exe
  2⤵
  PID:5964
- C:\Windows\System\HPeqvQR.exe
  C:\Windows\System\HPeqvQR.exe
  2⤵
  PID:5992
- C:\Windows\System\TKLHMuk.exe
  C:\Windows\System\TKLHMuk.exe
  2⤵
  PID:6020
- C:\Windows\System\QIuohgo.exe
  C:\Windows\System\QIuohgo.exe
  2⤵
  PID:6044
- C:\Windows\System\YKkCjxR.exe
  C:\Windows\System\YKkCjxR.exe
  2⤵
  PID:6068
- C:\Windows\System\akoFcsk.exe
  C:\Windows\System\akoFcsk.exe
  2⤵
  PID:6100
- C:\Windows\System\ARuWUGS.exe
  C:\Windows\System\ARuWUGS.exe
  2⤵
  PID:6124
- C:\Windows\System\mKkzgzl.exe
  C:\Windows\System\mKkzgzl.exe
  2⤵
  PID:6140
- C:\Windows\System\vOptwCi.exe
  C:\Windows\System\vOptwCi.exe
  2⤵
  PID:832
- C:\Windows\System\VCNjnqs.exe
  C:\Windows\System\VCNjnqs.exe
  2⤵
  PID:4864
- C:\Windows\System\TnAYdoe.exe
  C:\Windows\System\TnAYdoe.exe
  2⤵
  PID:4788
- C:\Windows\System\EZDWOQO.exe
  C:\Windows\System\EZDWOQO.exe
  2⤵
  PID:4288
- C:\Windows\System\KgdNVod.exe
  C:\Windows\System\KgdNVod.exe
  2⤵
  PID:2368
- C:\Windows\System\myGoOPZ.exe
  C:\Windows\System\myGoOPZ.exe
  2⤵
  PID:3564
- C:\Windows\System\MraTgsL.exe
  C:\Windows\System\MraTgsL.exe
  2⤵
  PID:1612
- C:\Windows\System\ZfUDVHW.exe
  C:\Windows\System\ZfUDVHW.exe
  2⤵
  PID:5108
- C:\Windows\System\XKmyWkJ.exe
  C:\Windows\System\XKmyWkJ.exe
  2⤵
  PID:1596
- C:\Windows\System\sqAHPoj.exe
  C:\Windows\System\sqAHPoj.exe
  2⤵
  PID:1844
- C:\Windows\System\lNbvbfh.exe
  C:\Windows\System\lNbvbfh.exe
  2⤵
  PID:2984
- C:\Windows\System\zJwRAqY.exe
  C:\Windows\System\zJwRAqY.exe
  2⤵
  PID:1616
- C:\Windows\System\AQNeqNm.exe
  C:\Windows\System\AQNeqNm.exe
  2⤵
  PID:636
- C:\Windows\System\dinNubJ.exe
  C:\Windows\System\dinNubJ.exe
  2⤵
  PID:2844
- C:\Windows\System\nxMBCad.exe
  C:\Windows\System\nxMBCad.exe
  2⤵
  PID:3040
- C:\Windows\System\NGLIKHm.exe
  C:\Windows\System\NGLIKHm.exe
  2⤵
  PID:4844
- C:\Windows\System\bpukeSe.exe
  C:\Windows\System\bpukeSe.exe
  2⤵
  PID:3080
- C:\Windows\System\ZTFVbDL.exe
  C:\Windows\System\ZTFVbDL.exe
  2⤵
  PID:5236
- C:\Windows\System\OkUmzra.exe
  C:\Windows\System\OkUmzra.exe
  2⤵
  PID:5208
- C:\Windows\System\VAHnqpF.exe
  C:\Windows\System\VAHnqpF.exe
  2⤵
  PID:5172
- C:\Windows\System\ODirnAJ.exe
  C:\Windows\System\ODirnAJ.exe
  2⤵
  PID:6116
- C:\Windows\System\pDYrvnp.exe
  C:\Windows\System\pDYrvnp.exe
  2⤵
  PID:5424
- C:\Windows\System\ZhFrbou.exe
  C:\Windows\System\ZhFrbou.exe
  2⤵
  PID:5472
- C:\Windows\System\ZRrmuCt.exe
  C:\Windows\System\ZRrmuCt.exe
  2⤵
  PID:5844
- C:\Windows\System\HPuKhtq.exe
  C:\Windows\System\HPuKhtq.exe
  2⤵
  PID:5868
- C:\Windows\System\JHwtNxW.exe
  C:\Windows\System\JHwtNxW.exe
  2⤵
  PID:5904
- C:\Windows\System\vDXEuug.exe
  C:\Windows\System\vDXEuug.exe
  2⤵
  PID:5508
- C:\Windows\System\UJQpwfJ.exe
  C:\Windows\System\UJQpwfJ.exe
  2⤵
  PID:5568
- C:\Windows\System\ZGIpbYu.exe
  C:\Windows\System\ZGIpbYu.exe
  2⤵
  PID:5640
- C:\Windows\System\tjOoadw.exe
  C:\Windows\System\tjOoadw.exe
  2⤵
  PID:6168
- C:\Windows\System\VlOzSYI.exe
  C:\Windows\System\VlOzSYI.exe
  2⤵
  PID:6188
- C:\Windows\System\MuJQRpk.exe
  C:\Windows\System\MuJQRpk.exe
  2⤵
  PID:6212
- C:\Windows\System\IFbmuja.exe
  C:\Windows\System\IFbmuja.exe
  2⤵
  PID:6236
- C:\Windows\System\rDvhEUm.exe
  C:\Windows\System\rDvhEUm.exe
  2⤵
  PID:6260
- C:\Windows\System\XkFCLNj.exe
  C:\Windows\System\XkFCLNj.exe
  2⤵
  PID:6280
- C:\Windows\System\xGjxPLJ.exe
  C:\Windows\System\xGjxPLJ.exe
  2⤵
  PID:6308
- C:\Windows\System\rufOUMX.exe
  C:\Windows\System\rufOUMX.exe
  2⤵
  PID:6336
- C:\Windows\System\gdTRoNc.exe
  C:\Windows\System\gdTRoNc.exe
  2⤵
  PID:6352
- C:\Windows\System\TvhzRSy.exe
  C:\Windows\System\TvhzRSy.exe
  2⤵
  PID:6376
- C:\Windows\System\ooOSJGO.exe
  C:\Windows\System\ooOSJGO.exe
  2⤵
  PID:6400
- C:\Windows\System\sAhEQkT.exe
  C:\Windows\System\sAhEQkT.exe
  2⤵
  PID:6428
- C:\Windows\System\AIrdDHY.exe
  C:\Windows\System\AIrdDHY.exe
  2⤵
  PID:6444
- C:\Windows\System\KdCuPdz.exe
  C:\Windows\System\KdCuPdz.exe
  2⤵
  PID:6472
- C:\Windows\System\somWcSb.exe
  C:\Windows\System\somWcSb.exe
  2⤵
  PID:6496
- C:\Windows\System\AfuQmXK.exe
  C:\Windows\System\AfuQmXK.exe
  2⤵
  PID:6516
- C:\Windows\System\HRNWvHF.exe
  C:\Windows\System\HRNWvHF.exe
  2⤵
  PID:6536
- C:\Windows\System\GbJxdhv.exe
  C:\Windows\System\GbJxdhv.exe
  2⤵
  PID:6584
- C:\Windows\System\FYYKCHx.exe
  C:\Windows\System\FYYKCHx.exe
  2⤵
  PID:7084
- C:\Windows\System\QRYMPIT.exe
  C:\Windows\System\QRYMPIT.exe
  2⤵
  PID:7100
- C:\Windows\System\kMsUGdg.exe
  C:\Windows\System\kMsUGdg.exe
  2⤵
  PID:7116
- C:\Windows\System\Aicvbkk.exe
  C:\Windows\System\Aicvbkk.exe
  2⤵
  PID:5684
- C:\Windows\System\hVdSSea.exe
  C:\Windows\System\hVdSSea.exe
  2⤵
  PID:5804
- C:\Windows\System\YmXvUEU.exe
  C:\Windows\System\YmXvUEU.exe
  2⤵
  PID:5828
- C:\Windows\System\njgUxSd.exe
  C:\Windows\System\njgUxSd.exe
  2⤵
  PID:5144
- C:\Windows\System\DauwuqC.exe
  C:\Windows\System\DauwuqC.exe
  2⤵
  PID:5264
- C:\Windows\System\tQnhGRd.exe
  C:\Windows\System\tQnhGRd.exe
  2⤵
  PID:5948
- C:\Windows\System\AeUODFG.exe
  C:\Windows\System\AeUODFG.exe
  2⤵
  PID:6028
- C:\Windows\System\qmcGuIe.exe
  C:\Windows\System\qmcGuIe.exe
  2⤵
  PID:4424
- C:\Windows\System\suRhAKz.exe
  C:\Windows\System\suRhAKz.exe
  2⤵
  PID:4548
- C:\Windows\System\qvjqiuD.exe
  C:\Windows\System\qvjqiuD.exe
  2⤵
  PID:1268
- C:\Windows\System\saSyzHp.exe
  C:\Windows\System\saSyzHp.exe
  2⤵
  PID:64
- C:\Windows\System\CzkRlJi.exe
  C:\Windows\System\CzkRlJi.exe
  2⤵
  PID:5380
- C:\Windows\System\bfHctmg.exe
  C:\Windows\System\bfHctmg.exe
  2⤵
  PID:1528
- C:\Windows\System\lrkIBMf.exe
  C:\Windows\System\lrkIBMf.exe
  2⤵
  PID:4668
- C:\Windows\System\BQdaUWB.exe
  C:\Windows\System\BQdaUWB.exe
  2⤵
  PID:6060
- C:\Windows\System\iaWYgnD.exe
  C:\Windows\System\iaWYgnD.exe
  2⤵
  PID:3056
- C:\Windows\System\WxvFMgp.exe
  C:\Windows\System\WxvFMgp.exe
  2⤵
  PID:5340
- C:\Windows\System\xLZFrrH.exe
  C:\Windows\System\xLZFrrH.exe
  2⤵
  PID:5492
- C:\Windows\System\gXEuLRA.exe
  C:\Windows\System\gXEuLRA.exe
  2⤵
  PID:6052
- C:\Windows\System\JnULiVf.exe
  C:\Windows\System\JnULiVf.exe
  2⤵
  PID:6184
- C:\Windows\System\PoAJKCN.exe
  C:\Windows\System\PoAJKCN.exe
  2⤵
  PID:6248
- C:\Windows\System\odYSHhu.exe
  C:\Windows\System\odYSHhu.exe
  2⤵
  PID:6320
- C:\Windows\System\qIpmzcy.exe
  C:\Windows\System\qIpmzcy.exe
  2⤵
  PID:6384
- C:\Windows\System\NTnvoVm.exe
  C:\Windows\System\NTnvoVm.exe
  2⤵
  PID:6452
- C:\Windows\System\DchDBUh.exe
  C:\Windows\System\DchDBUh.exe
  2⤵
  PID:6512
- C:\Windows\System\okrNpJB.exe
  C:\Windows\System\okrNpJB.exe
  2⤵
  PID:1676
- C:\Windows\System\zlOXTHO.exe
  C:\Windows\System\zlOXTHO.exe
  2⤵
  PID:4412
- C:\Windows\System\dhSnAqv.exe
  C:\Windows\System\dhSnAqv.exe
  2⤵
  PID:3608
- C:\Windows\System\TbYnMVT.exe
  C:\Windows\System\TbYnMVT.exe
  2⤵
  PID:5032
- C:\Windows\System\YarWkCU.exe
  C:\Windows\System\YarWkCU.exe
  2⤵
  PID:2196
- C:\Windows\System\CAOcfie.exe
  C:\Windows\System\CAOcfie.exe
  2⤵
  PID:2944
- C:\Windows\System\bJmheMm.exe
  C:\Windows\System\bJmheMm.exe
  2⤵
  PID:4964
- C:\Windows\System\GBLsLZp.exe
  C:\Windows\System\GBLsLZp.exe
  2⤵
  PID:3948
- C:\Windows\System\uqYpfLn.exe
  C:\Windows\System\uqYpfLn.exe
  2⤵
  PID:3540
- C:\Windows\System\HlNZLqw.exe
  C:\Windows\System\HlNZLqw.exe
  2⤵
  PID:5608
- C:\Windows\System\nRxFmZi.exe
  C:\Windows\System\nRxFmZi.exe
  2⤵
  PID:6604
- C:\Windows\System\HuNSUFT.exe
  C:\Windows\System\HuNSUFT.exe
  2⤵
  PID:6964
- C:\Windows\System\STUaKnj.exe
  C:\Windows\System\STUaKnj.exe
  2⤵
  PID:5224
- C:\Windows\System\YsJPsmJ.exe
  C:\Windows\System\YsJPsmJ.exe
  2⤵
  PID:6268
- C:\Windows\System\CNCAaJI.exe
  C:\Windows\System\CNCAaJI.exe
  2⤵
  PID:6204
- C:\Windows\System\thxwQwc.exe
  C:\Windows\System\thxwQwc.exe
  2⤵
  PID:4232
- C:\Windows\System\iojUGZP.exe
  C:\Windows\System\iojUGZP.exe
  2⤵
  PID:1152
- C:\Windows\System\STWLaBX.exe
  C:\Windows\System\STWLaBX.exe
  2⤵
  PID:512
- C:\Windows\System\hjDBKLI.exe
  C:\Windows\System\hjDBKLI.exe
  2⤵
  PID:2308
- C:\Windows\System\CuXRmrk.exe
  C:\Windows\System\CuXRmrk.exe
  2⤵
  PID:5188
- C:\Windows\System\FuyouAk.exe
  C:\Windows\System\FuyouAk.exe
  2⤵
  PID:2684
- C:\Windows\System\uspceBt.exe
  C:\Windows\System\uspceBt.exe
  2⤵
  PID:2476
- C:\Windows\System\EYqfKTA.exe
  C:\Windows\System\EYqfKTA.exe
  2⤵
  PID:1816
- C:\Windows\System\FdKvCeV.exe
  C:\Windows\System\FdKvCeV.exe
  2⤵
  PID:6504
- C:\Windows\System\kaJLiVY.exe
  C:\Windows\System\kaJLiVY.exe
  2⤵
  PID:6344
- C:\Windows\System\fZcruSh.exe
  C:\Windows\System\fZcruSh.exe
  2⤵
  PID:6292
- C:\Windows\System\fvRJxNq.exe
  C:\Windows\System\fvRJxNq.exe
  2⤵
  PID:7180
- C:\Windows\System\LJtRfuH.exe
  C:\Windows\System\LJtRfuH.exe
  2⤵
  PID:7200
- C:\Windows\System\pQirdqX.exe
  C:\Windows\System\pQirdqX.exe
  2⤵
  PID:7220
- C:\Windows\System\RpwMccx.exe
  C:\Windows\System\RpwMccx.exe
  2⤵
  PID:7240
- C:\Windows\System\vwCdjnI.exe
  C:\Windows\System\vwCdjnI.exe
  2⤵
  PID:7256
- C:\Windows\System\RGocntc.exe
  C:\Windows\System\RGocntc.exe
  2⤵
  PID:7276
- C:\Windows\System\QHoyWKT.exe
  C:\Windows\System\QHoyWKT.exe
  2⤵
  PID:7292
- C:\Windows\System\YWaeksR.exe
  C:\Windows\System\YWaeksR.exe
  2⤵
  PID:7312
- C:\Windows\System\vmCEVWV.exe
  C:\Windows\System\vmCEVWV.exe
  2⤵
  PID:7332
- C:\Windows\System\ujFpSvp.exe
  C:\Windows\System\ujFpSvp.exe
  2⤵
  PID:7352
- C:\Windows\System\DvxwQPF.exe
  C:\Windows\System\DvxwQPF.exe
  2⤵
  PID:7376
- C:\Windows\System\CNilxKL.exe
  C:\Windows\System\CNilxKL.exe
  2⤵
  PID:7404
- C:\Windows\System\GGMZljD.exe
  C:\Windows\System\GGMZljD.exe
  2⤵
  PID:7424
- C:\Windows\System\POpBqDC.exe
  C:\Windows\System\POpBqDC.exe
  2⤵
  PID:7444
- C:\Windows\System\kJuzxMw.exe
  C:\Windows\System\kJuzxMw.exe
  2⤵
  PID:7464
- C:\Windows\System\grLdTii.exe
  C:\Windows\System\grLdTii.exe
  2⤵
  PID:7480
- C:\Windows\System\efYtuzu.exe
  C:\Windows\System\efYtuzu.exe
  2⤵
  PID:7524
- C:\Windows\System\dLposwu.exe
  C:\Windows\System\dLposwu.exe
  2⤵
  PID:7540
- C:\Windows\System\ePLPwAn.exe
  C:\Windows\System\ePLPwAn.exe
  2⤵
  PID:7624
- C:\Windows\System\WhYZNVK.exe
  C:\Windows\System\WhYZNVK.exe
  2⤵
  PID:7644
- C:\Windows\System\hbOYusS.exe
  C:\Windows\System\hbOYusS.exe
  2⤵
  PID:7664
- C:\Windows\System\HdaXTuL.exe
  C:\Windows\System\HdaXTuL.exe
  2⤵
  PID:7684
- C:\Windows\System\MgZiMig.exe
  C:\Windows\System\MgZiMig.exe
  2⤵
  PID:7700
- C:\Windows\System\KRvrDmu.exe
  C:\Windows\System\KRvrDmu.exe
  2⤵
  PID:7716
- C:\Windows\System\wSDWCUo.exe
  C:\Windows\System\wSDWCUo.exe
  2⤵
  PID:7736
- C:\Windows\System\mGQZgdE.exe
  C:\Windows\System\mGQZgdE.exe
  2⤵
  PID:7756
- C:\Windows\System\lDXRezN.exe
  C:\Windows\System\lDXRezN.exe
  2⤵
  PID:7772
- C:\Windows\System\GApxRyE.exe
  C:\Windows\System\GApxRyE.exe
  2⤵
  PID:7792
- C:\Windows\System\TosOqsY.exe
  C:\Windows\System\TosOqsY.exe
  2⤵
  PID:7816
- C:\Windows\System\bOJGtOd.exe
  C:\Windows\System\bOJGtOd.exe
  2⤵
  PID:7832
- C:\Windows\System\SVXDRFw.exe
  C:\Windows\System\SVXDRFw.exe
  2⤵
  PID:7852
- C:\Windows\System\fFLnZrN.exe
  C:\Windows\System\fFLnZrN.exe
  2⤵
  PID:7868
- C:\Windows\System\SeBVZLt.exe
  C:\Windows\System\SeBVZLt.exe
  2⤵
  PID:7884
- C:\Windows\System\ayGwlYV.exe
  C:\Windows\System\ayGwlYV.exe
  2⤵
  PID:7904
- C:\Windows\System\yibNJMP.exe
  C:\Windows\System\yibNJMP.exe
  2⤵
  PID:7924
- C:\Windows\System\tUIMyLh.exe
  C:\Windows\System\tUIMyLh.exe
  2⤵
  PID:7944
- C:\Windows\System\GVyqPqv.exe
  C:\Windows\System\GVyqPqv.exe
  2⤵
  PID:7964
- C:\Windows\System\IjbvOfL.exe
  C:\Windows\System\IjbvOfL.exe
  2⤵
  PID:7980
- C:\Windows\System\MvbODjp.exe
  C:\Windows\System\MvbODjp.exe
  2⤵
  PID:8000
- C:\Windows\System\gGenHGC.exe
  C:\Windows\System\gGenHGC.exe
  2⤵
  PID:8020
- C:\Windows\System\oKdpxid.exe
  C:\Windows\System\oKdpxid.exe
  2⤵
  PID:8040
- C:\Windows\System\BPQybfH.exe
  C:\Windows\System\BPQybfH.exe
  2⤵
  PID:8060
- C:\Windows\System\AhhUqSn.exe
  C:\Windows\System\AhhUqSn.exe
  2⤵
  PID:8076
- C:\Windows\System\UIqDGCV.exe
  C:\Windows\System\UIqDGCV.exe
  2⤵
  PID:8092
- C:\Windows\System\VksLipg.exe
  C:\Windows\System\VksLipg.exe
  2⤵
  PID:8108
- C:\Windows\System\HZlWZMd.exe
  C:\Windows\System\HZlWZMd.exe
  2⤵
  PID:8128
- C:\Windows\System\uxRppAz.exe
  C:\Windows\System\uxRppAz.exe
  2⤵
  PID:8148
- C:\Windows\System\LmKLxtl.exe
  C:\Windows\System\LmKLxtl.exe
  2⤵
  PID:8164
- C:\Windows\System\PCUEdQA.exe
  C:\Windows\System\PCUEdQA.exe
  2⤵
  PID:8180
- C:\Windows\System\tXOrKoe.exe
  C:\Windows\System\tXOrKoe.exe
  2⤵
  PID:5784
- C:\Windows\System\lMMLNsl.exe
  C:\Windows\System\lMMLNsl.exe
  2⤵
  PID:1404
- C:\Windows\System\ApNVdCC.exe
  C:\Windows\System\ApNVdCC.exe
  2⤵
  PID:6208
- C:\Windows\System\zQkFVsF.exe
  C:\Windows\System\zQkFVsF.exe
  2⤵
  PID:6288
- C:\Windows\System\MBAcuTE.exe
  C:\Windows\System\MBAcuTE.exe
  2⤵
  PID:6412
- C:\Windows\System\fNDFJPf.exe
  C:\Windows\System\fNDFJPf.exe
  2⤵
  PID:6576
- C:\Windows\System\sjuKIiM.exe
  C:\Windows\System\sjuKIiM.exe
  2⤵
  PID:864
- C:\Windows\System\hJPRDzg.exe
  C:\Windows\System\hJPRDzg.exe
  2⤵
  PID:4904
- C:\Windows\System\nLABrOx.exe
  C:\Windows\System\nLABrOx.exe
  2⤵
  PID:5444
- C:\Windows\System\MBatWbd.exe
  C:\Windows\System\MBatWbd.exe
  2⤵
  PID:628
- C:\Windows\System\rTQYwaa.exe
  C:\Windows\System\rTQYwaa.exe
  2⤵
  PID:3108
- C:\Windows\System\pKTmltF.exe
  C:\Windows\System\pKTmltF.exe
  2⤵
  PID:7188
- C:\Windows\System\dmpQzRn.exe
  C:\Windows\System\dmpQzRn.exe
  2⤵
  PID:7248
- C:\Windows\System\mwIMTXK.exe
  C:\Windows\System\mwIMTXK.exe
  2⤵
  PID:7340
- C:\Windows\System\JvAUgYD.exe
  C:\Windows\System\JvAUgYD.exe
  2⤵
  PID:7368
- C:\Windows\System\IANqqLB.exe
  C:\Windows\System\IANqqLB.exe
  2⤵
  PID:7436
- C:\Windows\System\WIimvdv.exe
  C:\Windows\System\WIimvdv.exe
  2⤵
  PID:7096
- C:\Windows\System\vmYAFss.exe
  C:\Windows\System\vmYAFss.exe
  2⤵
  PID:7652
- C:\Windows\System\iHctxTW.exe
  C:\Windows\System\iHctxTW.exe
  2⤵
  PID:5396
- C:\Windows\System\qRSugbq.exe
  C:\Windows\System\qRSugbq.exe
  2⤵
  PID:2672
- C:\Windows\System\ujViniZ.exe
  C:\Windows\System\ujViniZ.exe
  2⤵
  PID:1016
- C:\Windows\System\ocKxYmK.exe
  C:\Windows\System\ocKxYmK.exe
  2⤵
  PID:3816
- C:\Windows\System\qgxxGNC.exe
  C:\Windows\System\qgxxGNC.exe
  2⤵
  PID:6080
- C:\Windows\System\cnKZyTF.exe
  C:\Windows\System\cnKZyTF.exe
  2⤵
  PID:7748
- C:\Windows\System\XJlkcYj.exe
  C:\Windows\System\XJlkcYj.exe
  2⤵
  PID:7844
- C:\Windows\System\vmhVtTm.exe
  C:\Windows\System\vmhVtTm.exe
  2⤵
  PID:7892
- C:\Windows\System\EakhBjl.exe
  C:\Windows\System\EakhBjl.exe
  2⤵
  PID:7940
- C:\Windows\System\cmQgylx.exe
  C:\Windows\System\cmQgylx.exe
  2⤵
  PID:8016
- C:\Windows\System\DBoXduM.exe
  C:\Windows\System\DBoXduM.exe
  2⤵
  PID:2132
- C:\Windows\System\yrUyHEt.exe
  C:\Windows\System\yrUyHEt.exe
  2⤵
  PID:8120
- C:\Windows\System\vMaXumd.exe
  C:\Windows\System\vMaXumd.exe
  2⤵
  PID:8140
- C:\Windows\System\GxuxXMs.exe
  C:\Windows\System\GxuxXMs.exe
  2⤵
  PID:8156
- C:\Windows\System\zBkKXNc.exe
  C:\Windows\System\zBkKXNc.exe
  2⤵
  PID:6408
- C:\Windows\System\KFHSCoC.exe
  C:\Windows\System\KFHSCoC.exe
  2⤵
  PID:6180
- C:\Windows\System\FtNLZhg.exe
  C:\Windows\System\FtNLZhg.exe
  2⤵
  PID:1328
- C:\Windows\System\jIFgEXA.exe
  C:\Windows\System\jIFgEXA.exe
  2⤵
  PID:7236
- C:\Windows\System\EXhlLok.exe
  C:\Windows\System\EXhlLok.exe
  2⤵
  PID:8216
- C:\Windows\System\dNzQhGE.exe
  C:\Windows\System\dNzQhGE.exe
  2⤵
  PID:8236
- C:\Windows\System\tfvXrCQ.exe
  C:\Windows\System\tfvXrCQ.exe
  2⤵
  PID:8256
- C:\Windows\System\wYYTyci.exe
  C:\Windows\System\wYYTyci.exe
  2⤵
  PID:8272
- C:\Windows\System\pSBwAPL.exe
  C:\Windows\System\pSBwAPL.exe
  2⤵
  PID:8296
- C:\Windows\System\LuAJabY.exe
  C:\Windows\System\LuAJabY.exe
  2⤵
  PID:8316
- C:\Windows\System\LEeaYFM.exe
  C:\Windows\System\LEeaYFM.exe
  2⤵
  PID:8336
- C:\Windows\System\AKKnrDQ.exe
  C:\Windows\System\AKKnrDQ.exe
  2⤵
  PID:8352
- C:\Windows\System\lKGkfRW.exe
  C:\Windows\System\lKGkfRW.exe
  2⤵
  PID:8376
- C:\Windows\System\Slmmpqi.exe
  C:\Windows\System\Slmmpqi.exe
  2⤵
  PID:8396
- C:\Windows\System\HnXRXqF.exe
  C:\Windows\System\HnXRXqF.exe
  2⤵
  PID:8416
- C:\Windows\System\UQEoETc.exe
  C:\Windows\System\UQEoETc.exe
  2⤵
  PID:8440
- C:\Windows\System\BuSmmdZ.exe
  C:\Windows\System\BuSmmdZ.exe
  2⤵
  PID:8460
- C:\Windows\System\YmNEWsV.exe
  C:\Windows\System\YmNEWsV.exe
  2⤵
  PID:8488
- C:\Windows\System\vkABCiD.exe
  C:\Windows\System\vkABCiD.exe
  2⤵
  PID:8508
- C:\Windows\System\qhmmHpX.exe
  C:\Windows\System\qhmmHpX.exe
  2⤵
  PID:8528
- C:\Windows\System\KVCPwTQ.exe
  C:\Windows\System\KVCPwTQ.exe
  2⤵
  PID:8552
- C:\Windows\System\kcDqWIz.exe
  C:\Windows\System\kcDqWIz.exe
  2⤵
  PID:8576
- C:\Windows\System\ztUInKa.exe
  C:\Windows\System\ztUInKa.exe
  2⤵
  PID:8596
- C:\Windows\System\EbWeuYQ.exe
  C:\Windows\System\EbWeuYQ.exe
  2⤵
  PID:8616
- C:\Windows\System\IvkIUsK.exe
  C:\Windows\System\IvkIUsK.exe
  2⤵
  PID:8640
- C:\Windows\System\SPaJrDu.exe
  C:\Windows\System\SPaJrDu.exe
  2⤵
  PID:8664
- C:\Windows\System\WuDbiJn.exe
  C:\Windows\System\WuDbiJn.exe
  2⤵
  PID:8688
- C:\Windows\System\OsPnEox.exe
  C:\Windows\System\OsPnEox.exe
  2⤵
  PID:8704
- C:\Windows\System\WANwgJS.exe
  C:\Windows\System\WANwgJS.exe
  2⤵
  PID:8728
- C:\Windows\System\DNrHSgt.exe
  C:\Windows\System\DNrHSgt.exe
  2⤵
  PID:8752
- C:\Windows\System\oCvmEVC.exe
  C:\Windows\System\oCvmEVC.exe
  2⤵
  PID:8772
- C:\Windows\System\UCWCUUm.exe
  C:\Windows\System\UCWCUUm.exe
  2⤵
  PID:8792
- C:\Windows\System\PSrCLTQ.exe
  C:\Windows\System\PSrCLTQ.exe
  2⤵
  PID:8816
- C:\Windows\System\VgTspjY.exe
  C:\Windows\System\VgTspjY.exe
  2⤵
  PID:8840
- C:\Windows\System\IIeeImV.exe
  C:\Windows\System\IIeeImV.exe
  2⤵
  PID:8864
- C:\Windows\System\LnDoyXF.exe
  C:\Windows\System\LnDoyXF.exe
  2⤵
  PID:8884
- C:\Windows\System\OVbUTcF.exe
  C:\Windows\System\OVbUTcF.exe
  2⤵
  PID:8904
- C:\Windows\System\IDMoqdm.exe
  C:\Windows\System\IDMoqdm.exe
  2⤵
  PID:8920
- C:\Windows\System\YLNIldK.exe
  C:\Windows\System\YLNIldK.exe
  2⤵
  PID:8940
- C:\Windows\System\cuGyPHd.exe
  C:\Windows\System\cuGyPHd.exe
  2⤵
  PID:8960
- C:\Windows\System\rWWjPoK.exe
  C:\Windows\System\rWWjPoK.exe
  2⤵
  PID:8984
- C:\Windows\System\lQRSmvG.exe
  C:\Windows\System\lQRSmvG.exe
  2⤵
  PID:9000
- C:\Windows\System\wATuMbm.exe
  C:\Windows\System\wATuMbm.exe
  2⤵
  PID:9020
- C:\Windows\System\JpfYmid.exe
  C:\Windows\System\JpfYmid.exe
  2⤵
  PID:9040
- C:\Windows\System\yqbFlIS.exe
  C:\Windows\System\yqbFlIS.exe
  2⤵
  PID:9060
- C:\Windows\System\IKvaiYu.exe
  C:\Windows\System\IKvaiYu.exe
  2⤵
  PID:9088
- C:\Windows\System\xpmFdvC.exe
  C:\Windows\System\xpmFdvC.exe
  2⤵
  PID:9104
- C:\Windows\System\TgLSTJw.exe
  C:\Windows\System\TgLSTJw.exe
  2⤵
  PID:9128
- C:\Windows\System\kokkVLO.exe
  C:\Windows\System\kokkVLO.exe
  2⤵
  PID:9152
- C:\Windows\System\ekyhYPm.exe
  C:\Windows\System\ekyhYPm.exe
  2⤵
  PID:9168
- C:\Windows\System\uaocxFl.exe
  C:\Windows\System\uaocxFl.exe
  2⤵
  PID:9188
- C:\Windows\System\kjaGDXv.exe
  C:\Windows\System\kjaGDXv.exe
  2⤵
  PID:9208
- C:\Windows\System\hKwlaxs.exe
  C:\Windows\System\hKwlaxs.exe
  2⤵
  PID:6544
- C:\Windows\System\YxEtpBw.exe
  C:\Windows\System\YxEtpBw.exe
  2⤵
  PID:7304
- C:\Windows\System\JRmgwkP.exe
  C:\Windows\System\JRmgwkP.exe
  2⤵
  PID:7388
- C:\Windows\System\rAsfzNy.exe
  C:\Windows\System\rAsfzNy.exe
  2⤵
  PID:7476
- C:\Windows\System\XoyBAxf.exe
  C:\Windows\System\XoyBAxf.exe
  2⤵
  PID:7324
- C:\Windows\System\ALjDCJz.exe
  C:\Windows\System\ALjDCJz.exe
  2⤵
  PID:5376
- C:\Windows\System\yEYaCXW.exe
  C:\Windows\System\yEYaCXW.exe
  2⤵
  PID:5932
- C:\Windows\System\FitJZKB.exe
  C:\Windows\System\FitJZKB.exe
  2⤵
  PID:3600
- C:\Windows\System\IsmCDfb.exe
  C:\Windows\System\IsmCDfb.exe
  2⤵
  PID:7768
- C:\Windows\System\clavSMB.exe
  C:\Windows\System\clavSMB.exe
  2⤵
  PID:5560
- C:\Windows\System\OAUiwDM.exe
  C:\Windows\System\OAUiwDM.exe
  2⤵
  PID:4100
- C:\Windows\System\ZrIWQnO.exe
  C:\Windows\System\ZrIWQnO.exe
  2⤵
  PID:7896
- C:\Windows\System\YVwiMtR.exe
  C:\Windows\System\YVwiMtR.exe
  2⤵
  PID:7972
- C:\Windows\System\bzsNDFt.exe
  C:\Windows\System\bzsNDFt.exe
  2⤵
  PID:4940
- C:\Windows\System\HnKniUB.exe
  C:\Windows\System\HnKniUB.exe
  2⤵
  PID:3088
- C:\Windows\System\SKYaspw.exe
  C:\Windows\System\SKYaspw.exe
  2⤵
  PID:5016
- C:\Windows\System\egbLWPV.exe
  C:\Windows\System\egbLWPV.exe
  2⤵
  PID:8136
- C:\Windows\System\FoeMLgC.exe
  C:\Windows\System\FoeMLgC.exe
  2⤵
  PID:5184
- C:\Windows\System\aMhYjbS.exe
  C:\Windows\System\aMhYjbS.exe
  2⤵
  PID:7216
- C:\Windows\System\hggUiJm.exe
  C:\Windows\System\hggUiJm.exe
  2⤵
  PID:7212
- C:\Windows\System\jbvFukB.exe
  C:\Windows\System\jbvFukB.exe
  2⤵
  PID:5344
- C:\Windows\System\aYUCWIQ.exe
  C:\Windows\System\aYUCWIQ.exe
  2⤵
  PID:8252
- C:\Windows\System\gBIRdzM.exe
  C:\Windows\System\gBIRdzM.exe
  2⤵
  PID:8264
- C:\Windows\System\QmKiJGP.exe
  C:\Windows\System\QmKiJGP.exe
  2⤵
  PID:8308
- C:\Windows\System\hKpBkdT.exe
  C:\Windows\System\hKpBkdT.exe
  2⤵
  PID:8344
- C:\Windows\System\qauoyPs.exe
  C:\Windows\System\qauoyPs.exe
  2⤵
  PID:8392
- C:\Windows\System\GIjGkyj.exe
  C:\Windows\System\GIjGkyj.exe
  2⤵
  PID:8412
- C:\Windows\System\PyWunMw.exe
  C:\Windows\System\PyWunMw.exe
  2⤵
  PID:8456
- C:\Windows\System\vWGFVtz.exe
  C:\Windows\System\vWGFVtz.exe
  2⤵
  PID:8504
- C:\Windows\System\hhyDLOn.exe
  C:\Windows\System\hhyDLOn.exe
  2⤵
  PID:8684
- C:\Windows\System\xSIDcEg.exe
  C:\Windows\System\xSIDcEg.exe
  2⤵
  PID:8760
- C:\Windows\System\qqrdtMl.exe
  C:\Windows\System\qqrdtMl.exe
  2⤵
  PID:8848
- C:\Windows\System\ZyRrEUj.exe
  C:\Windows\System\ZyRrEUj.exe
  2⤵
  PID:7732
- C:\Windows\System\QSYkIpU.exe
  C:\Windows\System\QSYkIpU.exe
  2⤵
  PID:7804
- C:\Windows\System\zEdYyUD.exe
  C:\Windows\System\zEdYyUD.exe
  2⤵
  PID:9224
- C:\Windows\System\tahwzuT.exe
  C:\Windows\System\tahwzuT.exe
  2⤵
  PID:9244
- C:\Windows\System\esefnMb.exe
  C:\Windows\System\esefnMb.exe
  2⤵
  PID:9264
- C:\Windows\System\SwBHfpu.exe
  C:\Windows\System\SwBHfpu.exe
  2⤵
  PID:9288
- C:\Windows\System\EUpOkqz.exe
  C:\Windows\System\EUpOkqz.exe
  2⤵
  PID:9308
- C:\Windows\System\kpmSnqQ.exe
  C:\Windows\System\kpmSnqQ.exe
  2⤵
  PID:9332
- C:\Windows\System\GaEnGWX.exe
  C:\Windows\System\GaEnGWX.exe
  2⤵
  PID:9352
- C:\Windows\System\eTijDzm.exe
  C:\Windows\System\eTijDzm.exe
  2⤵
  PID:9376
- C:\Windows\System\PuiMCeb.exe
  C:\Windows\System\PuiMCeb.exe
  2⤵
  PID:9404
- C:\Windows\System\vZnVDhF.exe
  C:\Windows\System\vZnVDhF.exe
  2⤵
  PID:9424
- C:\Windows\System\YaBnVYt.exe
  C:\Windows\System\YaBnVYt.exe
  2⤵
  PID:9444
- C:\Windows\System\rrEiAqA.exe
  C:\Windows\System\rrEiAqA.exe
  2⤵
  PID:9468
- C:\Windows\System\UswNkgj.exe
  C:\Windows\System\UswNkgj.exe
  2⤵
  PID:9484
- C:\Windows\System\fgfOown.exe
  C:\Windows\System\fgfOown.exe
  2⤵
  PID:9508
- C:\Windows\System\cowtXBj.exe
  C:\Windows\System\cowtXBj.exe
  2⤵
  PID:9532
- C:\Windows\System\AWJdlBc.exe
  C:\Windows\System\AWJdlBc.exe
  2⤵
  PID:9556
- C:\Windows\System\mNXjPgs.exe
  C:\Windows\System\mNXjPgs.exe
  2⤵
  PID:9576
- C:\Windows\System\wPXHGRb.exe
  C:\Windows\System\wPXHGRb.exe
  2⤵
  PID:9596
- C:\Windows\System\fNkXIcR.exe
  C:\Windows\System\fNkXIcR.exe
  2⤵
  PID:9620
- C:\Windows\System\PCeTyFs.exe
  C:\Windows\System\PCeTyFs.exe
  2⤵
  PID:9644
- C:\Windows\System\QmHSliN.exe
  C:\Windows\System\QmHSliN.exe
  2⤵
  PID:9664
- C:\Windows\System\JVBENCf.exe
  C:\Windows\System\JVBENCf.exe
  2⤵
  PID:9684
- C:\Windows\System\NxonRhl.exe
  C:\Windows\System\NxonRhl.exe
  2⤵
  PID:9708
- C:\Windows\System\iOjfKcF.exe
  C:\Windows\System\iOjfKcF.exe
  2⤵
  PID:9732
- C:\Windows\System\ClGLWwq.exe
  C:\Windows\System\ClGLWwq.exe
  2⤵
  PID:9756
- C:\Windows\System\IHlnLcU.exe
  C:\Windows\System\IHlnLcU.exe
  2⤵
  PID:9776
- C:\Windows\System\SlmBMxv.exe
  C:\Windows\System\SlmBMxv.exe
  2⤵
  PID:9796
- C:\Windows\System\cVZOfCp.exe
  C:\Windows\System\cVZOfCp.exe
  2⤵
  PID:9816
- C:\Windows\System\uDQeJSP.exe
  C:\Windows\System\uDQeJSP.exe
  2⤵
  PID:9840
- C:\Windows\System\JqXEglP.exe
  C:\Windows\System\JqXEglP.exe
  2⤵
  PID:9864
- C:\Windows\System\dlafgkm.exe
  C:\Windows\System\dlafgkm.exe
  2⤵
  PID:9880
- C:\Windows\System\EXbQfnk.exe
  C:\Windows\System\EXbQfnk.exe
  2⤵
  PID:9900
- C:\Windows\System\OKTCVgI.exe
  C:\Windows\System\OKTCVgI.exe
  2⤵
  PID:9920
- C:\Windows\System\zLVlTAM.exe
  C:\Windows\System\zLVlTAM.exe
  2⤵
  PID:9940
- C:\Windows\System\fgzHlIK.exe
  C:\Windows\System\fgzHlIK.exe
  2⤵
  PID:9956
- C:\Windows\System\iscBLUJ.exe
  C:\Windows\System\iscBLUJ.exe
  2⤵
  PID:9976
- C:\Windows\System\sDMuELl.exe
  C:\Windows\System\sDMuELl.exe
  2⤵
  PID:9996
- C:\Windows\System\OgThpRM.exe
  C:\Windows\System\OgThpRM.exe
  2⤵
  PID:10016
- C:\Windows\System\TSiklBz.exe
  C:\Windows\System\TSiklBz.exe
  2⤵
  PID:10040
- C:\Windows\System\idyPKCY.exe
  C:\Windows\System\idyPKCY.exe
  2⤵
  PID:10056
- C:\Windows\System\EjcMulo.exe
  C:\Windows\System\EjcMulo.exe
  2⤵
  PID:10076
- C:\Windows\System\UgLPIPd.exe
  C:\Windows\System\UgLPIPd.exe
  2⤵
  PID:10096
- C:\Windows\System\BBQEDEF.exe
  C:\Windows\System\BBQEDEF.exe
  2⤵
  PID:10124
- C:\Windows\System\ZchVsPh.exe
  C:\Windows\System\ZchVsPh.exe
  2⤵
  PID:10144
- C:\Windows\System\sNgdySs.exe
  C:\Windows\System\sNgdySs.exe
  2⤵
  PID:10176
- C:\Windows\System\LycLRuE.exe
  C:\Windows\System\LycLRuE.exe
  2⤵
  PID:10196
- C:\Windows\System\ykjxwef.exe
  C:\Windows\System\ykjxwef.exe
  2⤵
  PID:10212
- C:\Windows\System\ajtPGKv.exe
  C:\Windows\System\ajtPGKv.exe
  2⤵
  PID:10232
- C:\Windows\System\IESRiNN.exe
  C:\Windows\System\IESRiNN.exe
  2⤵
  PID:8916
- C:\Windows\System\cQrFxHG.exe
  C:\Windows\System\cQrFxHG.exe
  2⤵
  PID:7696
- C:\Windows\System\JhKVeJB.exe
  C:\Windows\System\JhKVeJB.exe
  2⤵
  PID:8036
- C:\Windows\System\jpmfJCY.exe
  C:\Windows\System\jpmfJCY.exe
  2⤵
  PID:8976
- C:\Windows\System\AMeaHkC.exe
  C:\Windows\System\AMeaHkC.exe
  2⤵
  PID:5000
- C:\Windows\System\gLZTIvY.exe
  C:\Windows\System\gLZTIvY.exe
  2⤵
  PID:9068
- C:\Windows\System\PMfPBPJ.exe
  C:\Windows\System\PMfPBPJ.exe
  2⤵
  PID:5456
- C:\Windows\System\NwGYZuo.exe
  C:\Windows\System\NwGYZuo.exe
  2⤵
  PID:9164
- C:\Windows\System\tMxclPZ.exe
  C:\Windows\System\tMxclPZ.exe
  2⤵
  PID:7152
- C:\Windows\System\pybZZSU.exe
  C:\Windows\System\pybZZSU.exe
  2⤵
  PID:7496
- C:\Windows\System\dEqHZcz.exe
  C:\Windows\System\dEqHZcz.exe
  2⤵
  PID:1532
- C:\Windows\System\bUdScMD.exe
  C:\Windows\System\bUdScMD.exe
  2⤵
  PID:8520
- C:\Windows\System\zNxcsQz.exe
  C:\Windows\System\zNxcsQz.exe
  2⤵
  PID:3208
- C:\Windows\System\KjAqwui.exe
  C:\Windows\System\KjAqwui.exe
  2⤵
  PID:8100
- C:\Windows\System\eGmMBqC.exe
  C:\Windows\System\eGmMBqC.exe
  2⤵
  PID:8228
- C:\Windows\System\HdOPvMk.exe
  C:\Windows\System\HdOPvMk.exe
  2⤵
  PID:8808
- C:\Windows\System\VOIpNWR.exe
  C:\Windows\System\VOIpNWR.exe
  2⤵
  PID:7112
- C:\Windows\System\xNraDxX.exe
  C:\Windows\System\xNraDxX.exe
  2⤵
  PID:10248
- C:\Windows\System\fTXpjTL.exe
  C:\Windows\System\fTXpjTL.exe
  2⤵
  PID:10272
- C:\Windows\System\UAsxkUe.exe
  C:\Windows\System\UAsxkUe.exe
  2⤵
  PID:10296
- C:\Windows\System\loLafHa.exe
  C:\Windows\System\loLafHa.exe
  2⤵
  PID:10324
- C:\Windows\System\onmCIYi.exe
  C:\Windows\System\onmCIYi.exe
  2⤵
  PID:10344
- C:\Windows\System\MXSCLxh.exe
  C:\Windows\System\MXSCLxh.exe
  2⤵
  PID:10392
- C:\Windows\System\uhpRrNe.exe
  C:\Windows\System\uhpRrNe.exe
  2⤵
  PID:10420
- C:\Windows\System\nwjDoNe.exe
  C:\Windows\System\nwjDoNe.exe
  2⤵
  PID:10436
- C:\Windows\System\skaoxQs.exe
  C:\Windows\System\skaoxQs.exe
  2⤵
  PID:10456
- C:\Windows\System\pvQeohY.exe
  C:\Windows\System\pvQeohY.exe
  2⤵
  PID:10480
- C:\Windows\System\uNHHaPk.exe
  C:\Windows\System\uNHHaPk.exe
  2⤵
  PID:10512
- C:\Windows\System\YhWTWeU.exe
  C:\Windows\System\YhWTWeU.exe
  2⤵
  PID:10536
- C:\Windows\System\SGfxUlD.exe
  C:\Windows\System\SGfxUlD.exe
  2⤵
  PID:10564
- C:\Windows\System\NicNUHd.exe
  C:\Windows\System\NicNUHd.exe
  2⤵
  PID:10580
- C:\Windows\System\JbOZuUU.exe
  C:\Windows\System\JbOZuUU.exe
  2⤵
  PID:10612
- C:\Windows\System\hfziwxz.exe
  C:\Windows\System\hfziwxz.exe
  2⤵
  PID:10652
- C:\Windows\System\NOHIKwN.exe
  C:\Windows\System\NOHIKwN.exe
  2⤵
  PID:10672
- C:\Windows\System\rWDqSgL.exe
  C:\Windows\System\rWDqSgL.exe
  2⤵
  PID:10696
- C:\Windows\System\znecxXb.exe
  C:\Windows\System\znecxXb.exe
  2⤵
  PID:10720
- C:\Windows\System\xxXsMFD.exe
  C:\Windows\System\xxXsMFD.exe
  2⤵
  PID:10760
- C:\Windows\System\BvLuCdY.exe
  C:\Windows\System\BvLuCdY.exe
  2⤵
  PID:10780
- C:\Windows\System\KPvEeHN.exe
  C:\Windows\System\KPvEeHN.exe
  2⤵
  PID:10804
- C:\Windows\System\biTesLG.exe
  C:\Windows\System\biTesLG.exe
  2⤵
  PID:10828
- C:\Windows\System\tEagfeb.exe
  C:\Windows\System\tEagfeb.exe
  2⤵
  PID:10856
- C:\Windows\System\GxhoLJB.exe
  C:\Windows\System\GxhoLJB.exe
  2⤵
  PID:10884
- C:\Windows\System\kfNERNX.exe
  C:\Windows\System\kfNERNX.exe
  2⤵
  PID:10928
- C:\Windows\System\yRwbynk.exe
  C:\Windows\System\yRwbynk.exe
  2⤵
  PID:10952
- C:\Windows\System\lASOQyf.exe
  C:\Windows\System\lASOQyf.exe
  2⤵
  PID:10968
- C:\Windows\System\zihYOGV.exe
  C:\Windows\System\zihYOGV.exe
  2⤵
  PID:11008
- C:\Windows\System\DuCRPZq.exe
  C:\Windows\System\DuCRPZq.exe
  2⤵
  PID:11032
- C:\Windows\System\mLjpvsL.exe
  C:\Windows\System\mLjpvsL.exe
  2⤵
  PID:11052
- C:\Windows\System\xpKFKhT.exe
  C:\Windows\System\xpKFKhT.exe
  2⤵
  PID:11072
- C:\Windows\System\pxAbDki.exe
  C:\Windows\System\pxAbDki.exe
  2⤵
  PID:11096
- C:\Windows\System\jRaAADX.exe
  C:\Windows\System\jRaAADX.exe
  2⤵
  PID:11116
- C:\Windows\System\vLYLfoE.exe
  C:\Windows\System\vLYLfoE.exe
  2⤵
  PID:11140
- C:\Windows\System\pTsvtlz.exe
  C:\Windows\System\pTsvtlz.exe
  2⤵
  PID:11156
- C:\Windows\System\fiVWjhJ.exe
  C:\Windows\System\fiVWjhJ.exe
  2⤵
  PID:11180
- C:\Windows\System\YPdHOMn.exe
  C:\Windows\System\YPdHOMn.exe
  2⤵
  PID:11200
- C:\Windows\System\zeFUFQh.exe
  C:\Windows\System\zeFUFQh.exe
  2⤵
  PID:11220
- C:\Windows\System\XpfLfEk.exe
  C:\Windows\System\XpfLfEk.exe
  2⤵
  PID:11244
- C:\Windows\System\qsuUccN.exe
  C:\Windows\System\qsuUccN.exe
  2⤵
  PID:7848
- C:\Windows\System\ODNpUjE.exe
  C:\Windows\System\ODNpUjE.exe
  2⤵
  PID:9252
- C:\Windows\System\mcYEoSl.exe
  C:\Windows\System\mcYEoSl.exe
  2⤵
  PID:9300
- C:\Windows\System\GhyCWff.exe
  C:\Windows\System\GhyCWff.exe
  2⤵
  PID:9368
- C:\Windows\System\UeZdXii.exe
  C:\Windows\System\UeZdXii.exe
  2⤵
  PID:9416
- C:\Windows\System\DoqcOPJ.exe
  C:\Windows\System\DoqcOPJ.exe
  2⤵
  PID:8912
- C:\Windows\System\FwJXbvn.exe
  C:\Windows\System\FwJXbvn.exe
  2⤵
  PID:9548
- C:\Windows\System\YzJmUZs.exe
  C:\Windows\System\YzJmUZs.exe
  2⤵
  PID:9588
- C:\Windows\System\EYYasvu.exe
  C:\Windows\System\EYYasvu.exe
  2⤵
  PID:9628
- C:\Windows\System\KFFuTQs.exe
  C:\Windows\System\KFFuTQs.exe
  2⤵
  PID:6132
- C:\Windows\System\imkkIRh.exe
  C:\Windows\System\imkkIRh.exe
  2⤵
  PID:9700
- C:\Windows\System\cvwFaQb.exe
  C:\Windows\System\cvwFaQb.exe
  2⤵
  PID:8952
- C:\Windows\System\TRaGJoE.exe
  C:\Windows\System\TRaGJoE.exe
  2⤵
  PID:9812
- C:\Windows\System\miEUxFX.exe
  C:\Windows\System\miEUxFX.exe
  2⤵
  PID:9848
- C:\Windows\System\QMLyuFT.exe
  C:\Windows\System\QMLyuFT.exe
  2⤵
  PID:9872
- C:\Windows\System\PTFtNVA.exe
  C:\Windows\System\PTFtNVA.exe
  2⤵
  PID:9080
- C:\Windows\System\kyKMWlp.exe
  C:\Windows\System\kyKMWlp.exe
  2⤵
  PID:9932
- C:\Windows\System\bnrnmyO.exe
  C:\Windows\System\bnrnmyO.exe
  2⤵
  PID:9124
- C:\Windows\System\ChimQcW.exe
  C:\Windows\System\ChimQcW.exe
  2⤵
  PID:8208
- C:\Windows\System\kNuvxEc.exe
  C:\Windows\System\kNuvxEc.exe
  2⤵
  PID:11272
- C:\Windows\System\xymxeLZ.exe
  C:\Windows\System\xymxeLZ.exe
  2⤵
  PID:11296
- C:\Windows\System\taOoZRm.exe
  C:\Windows\System\taOoZRm.exe
  2⤵
  PID:11320
- C:\Windows\System\WhMJTTe.exe
  C:\Windows\System\WhMJTTe.exe
  2⤵
  PID:11340
- C:\Windows\System\BvDmoyk.exe
  C:\Windows\System\BvDmoyk.exe
  2⤵
  PID:11356
- C:\Windows\System\CHkBPyY.exe
  C:\Windows\System\CHkBPyY.exe
  2⤵
  PID:11372
- C:\Windows\System\dvudsBu.exe
  C:\Windows\System\dvudsBu.exe
  2⤵
  PID:11396
- C:\Windows\System\vrQLctz.exe
  C:\Windows\System\vrQLctz.exe
  2⤵
  PID:11416
- C:\Windows\System\OhOJMjb.exe
  C:\Windows\System\OhOJMjb.exe
  2⤵
  PID:11436
- C:\Windows\System\ZirlDwf.exe
  C:\Windows\System\ZirlDwf.exe
  2⤵
  PID:11460
- C:\Windows\System\soKAlkk.exe
  C:\Windows\System\soKAlkk.exe
  2⤵
  PID:11480
- C:\Windows\System\FVtaETQ.exe
  C:\Windows\System\FVtaETQ.exe
  2⤵
  PID:11508
- C:\Windows\System\JCsJdQY.exe
  C:\Windows\System\JCsJdQY.exe
  2⤵
  PID:11528
- C:\Windows\System\mtMPevE.exe
  C:\Windows\System\mtMPevE.exe
  2⤵
  PID:11552
- C:\Windows\System\FBbIxRJ.exe
  C:\Windows\System\FBbIxRJ.exe
  2⤵
  PID:11572
- C:\Windows\System\XfqEJNx.exe
  C:\Windows\System\XfqEJNx.exe
  2⤵
  PID:11600
- C:\Windows\System\rUVOiKw.exe
  C:\Windows\System\rUVOiKw.exe
  2⤵
  PID:11616
- C:\Windows\System\CCorOFu.exe
  C:\Windows\System\CCorOFu.exe
  2⤵
  PID:11632
- C:\Windows\System\nDWhoLA.exe
  C:\Windows\System\nDWhoLA.exe
  2⤵
  PID:11648
- C:\Windows\System\ocJawrD.exe
  C:\Windows\System\ocJawrD.exe
  2⤵
  PID:11672
- C:\Windows\System\eYadULH.exe
  C:\Windows\System\eYadULH.exe
  2⤵
  PID:11700
- C:\Windows\System\lhxddIQ.exe
  C:\Windows\System\lhxddIQ.exe
  2⤵
  PID:11716
- C:\Windows\System\mMHeCvL.exe
  C:\Windows\System\mMHeCvL.exe
  2⤵
  PID:11740
- C:\Windows\System\QPElYnK.exe
  C:\Windows\System\QPElYnK.exe
  2⤵
  PID:11764
- C:\Windows\System\YNIkdDr.exe
  C:\Windows\System\YNIkdDr.exe
  2⤵
  PID:11784
- C:\Windows\System\AhiagQL.exe
  C:\Windows\System\AhiagQL.exe
  2⤵
  PID:11808
- C:\Windows\System\gAhyCCO.exe
  C:\Windows\System\gAhyCCO.exe
  2⤵
  PID:11824
- C:\Windows\System\EAZzTNO.exe
  C:\Windows\System\EAZzTNO.exe
  2⤵
  PID:11844
- C:\Windows\System\pPLandE.exe
  C:\Windows\System\pPLandE.exe
  2⤵
  PID:11868
- C:\Windows\System\KSHVTDS.exe
  C:\Windows\System\KSHVTDS.exe
  2⤵
  PID:11892
- C:\Windows\System\ZixpwpB.exe
  C:\Windows\System\ZixpwpB.exe
  2⤵
  PID:11912
- C:\Windows\System\DUVpcCo.exe
  C:\Windows\System\DUVpcCo.exe
  2⤵
  PID:11936
- C:\Windows\System\wHTbsuG.exe
  C:\Windows\System\wHTbsuG.exe
  2⤵
  PID:11956
- C:\Windows\System\ksrCaby.exe
  C:\Windows\System\ksrCaby.exe
  2⤵
  PID:11984
- C:\Windows\System\vXRksPy.exe
  C:\Windows\System\vXRksPy.exe
  2⤵
  PID:12008
- C:\Windows\System\hswUcBd.exe
  C:\Windows\System\hswUcBd.exe
  2⤵
  PID:12028
- C:\Windows\System\lcbAWrx.exe
  C:\Windows\System\lcbAWrx.exe
  2⤵
  PID:12056
- C:\Windows\System\JfWGzBB.exe
  C:\Windows\System\JfWGzBB.exe
  2⤵
  PID:12076
- C:\Windows\System\OfUzwBP.exe
  C:\Windows\System\OfUzwBP.exe
  2⤵
  PID:12100
- C:\Windows\System\wKiaTNL.exe
  C:\Windows\System\wKiaTNL.exe
  2⤵
  PID:8200
- C:\Windows\System\xtRDzPQ.exe
  C:\Windows\System\xtRDzPQ.exe
  2⤵
  PID:10636
- C:\Windows\System\rWYKSfR.exe
  C:\Windows\System\rWYKSfR.exe
  2⤵
  PID:10772
- C:\Windows\System\zHmyLoc.exe
  C:\Windows\System\zHmyLoc.exe
  2⤵
  PID:10864
- C:\Windows\System\kQeTcNU.exe
  C:\Windows\System\kQeTcNU.exe
  2⤵
  PID:11040
- C:\Windows\System\MrxGQkG.exe
  C:\Windows\System\MrxGQkG.exe
  2⤵
  PID:11148
- C:\Windows\System\RzrJzKV.exe
  C:\Windows\System\RzrJzKV.exe
  2⤵
  PID:9604
- C:\Windows\System\OdvbyYt.exe
  C:\Windows\System\OdvbyYt.exe
  2⤵
  PID:5556
- C:\Windows\System\nfqUQfz.exe
  C:\Windows\System\nfqUQfz.exe
  2⤵
  PID:11328
- C:\Windows\System\bSVUhvb.exe
  C:\Windows\System\bSVUhvb.exe
  2⤵
  PID:11472
- C:\Windows\System\RQOeENW.exe
  C:\Windows\System\RQOeENW.exe
  2⤵
  PID:11608
- C:\Windows\System\qHEisWt.exe
  C:\Windows\System\qHEisWt.exe
  2⤵
  PID:11680
- C:\Windows\System\RCWOKnB.exe
  C:\Windows\System\RCWOKnB.exe
  2⤵
  PID:11776
- C:\Windows\System\mWvvrlM.exe
  C:\Windows\System\mWvvrlM.exe
  2⤵
  PID:11920
- C:\Windows\System\OOjzLvD.exe
  C:\Windows\System\OOjzLvD.exe
  2⤵
  PID:12068
- C:\Windows\System\HVhqKTi.exe
  C:\Windows\System\HVhqKTi.exe
  2⤵
  PID:9344
- C:\Windows\System\OiPeHmW.exe
  C:\Windows\System\OiPeHmW.exe
  2⤵
  PID:11212
- C:\Windows\System\YMAqEkK.exe
  C:\Windows\System\YMAqEkK.exe
  2⤵
  PID:10312
- C:\Windows\System\fsXLMMD.exe
  C:\Windows\System\fsXLMMD.exe
  2⤵
  PID:9568
- C:\Windows\System\vWbuxIW.exe
  C:\Windows\System\vWbuxIW.exe
  2⤵
  PID:7936
- C:\Windows\System\XMAecqc.exe
  C:\Windows\System\XMAecqc.exe
  2⤵
  PID:12296
- C:\Windows\System\eVozZEv.exe
  C:\Windows\System\eVozZEv.exe
  2⤵
  PID:12324
- C:\Windows\System\kZgfYiT.exe
  C:\Windows\System\kZgfYiT.exe
  2⤵
  PID:12400
- C:\Windows\System\wHJterc.exe
  C:\Windows\System\wHJterc.exe
  2⤵
  PID:12424
- C:\Windows\System\cizJAhS.exe
  C:\Windows\System\cizJAhS.exe
  2⤵
  PID:12468
- C:\Windows\System\xulUwPl.exe
  C:\Windows\System\xulUwPl.exe
  2⤵
  PID:12492
- C:\Windows\System\AmYXgns.exe
  C:\Windows\System\AmYXgns.exe
  2⤵
  PID:12520
- C:\Windows\System\ZswlhaO.exe
  C:\Windows\System\ZswlhaO.exe
  2⤵
  PID:12556
- C:\Windows\System\cyrNCVT.exe
  C:\Windows\System\cyrNCVT.exe
  2⤵
  PID:12576
- C:\Windows\System\yArzyTz.exe
  C:\Windows\System\yArzyTz.exe
  2⤵
  PID:12612
- C:\Windows\System\EAbvLsN.exe
  C:\Windows\System\EAbvLsN.exe
  2⤵
  PID:12644
- C:\Windows\System\ibhLYib.exe
  C:\Windows\System\ibhLYib.exe
  2⤵
  PID:12708
- C:\Windows\System\oVsCXTV.exe
  C:\Windows\System\oVsCXTV.exe
  2⤵
  PID:12736
- C:\Windows\System\rTuOjbP.exe
  C:\Windows\System\rTuOjbP.exe
  2⤵
  PID:12768
- C:\Windows\System\hzESPkW.exe
  C:\Windows\System\hzESPkW.exe
  2⤵
  PID:12784
- C:\Windows\System\dfNrGBr.exe
  C:\Windows\System\dfNrGBr.exe
  2⤵
  PID:12820
- C:\Windows\System\DBSVPPd.exe
  C:\Windows\System\DBSVPPd.exe
  2⤵
  PID:12848
- C:\Windows\System\cjLsmVQ.exe
  C:\Windows\System\cjLsmVQ.exe
  2⤵
  PID:12868
- C:\Windows\System\GOoqMIF.exe
  C:\Windows\System\GOoqMIF.exe
  2⤵
  PID:12892
- C:\Windows\System\NkvfAgS.exe
  C:\Windows\System\NkvfAgS.exe
  2⤵
  PID:12916
- C:\Windows\System\CbHCakK.exe
  C:\Windows\System\CbHCakK.exe
  2⤵
  PID:12940
- C:\Windows\System\FPALvyi.exe
  C:\Windows\System\FPALvyi.exe
  2⤵
  PID:12960
- C:\Windows\System\MCWvhjE.exe
  C:\Windows\System\MCWvhjE.exe
  2⤵
  PID:12980
- C:\Windows\System\rTrKfDz.exe
  C:\Windows\System\rTrKfDz.exe
  2⤵
  PID:13004
- C:\Windows\System\gTACvsd.exe
  C:\Windows\System\gTACvsd.exe
  2⤵
  PID:13028
- C:\Windows\System\MUTMQyf.exe
  C:\Windows\System\MUTMQyf.exe
  2⤵
  PID:13060
- C:\Windows\System\evmnzBI.exe
  C:\Windows\System\evmnzBI.exe
  2⤵
  PID:13080
- C:\Windows\System\tDDxMGO.exe
  C:\Windows\System\tDDxMGO.exe
  2⤵
  PID:13104
- C:\Windows\System\DaRKGwW.exe
  C:\Windows\System\DaRKGwW.exe
  2⤵
  PID:13128
- C:\Windows\System\czOrjgN.exe
  C:\Windows\System\czOrjgN.exe
  2⤵
  PID:13152
- C:\Windows\System\TxRRfdp.exe
  C:\Windows\System\TxRRfdp.exe
  2⤵
  PID:13172
- C:\Windows\System\LoWEKev.exe
  C:\Windows\System\LoWEKev.exe
  2⤵
  PID:13196
- C:\Windows\System\VriecSh.exe
  C:\Windows\System\VriecSh.exe
  2⤵
  PID:13216
- C:\Windows\System\bYgcHAR.exe
  C:\Windows\System\bYgcHAR.exe
  2⤵
  PID:13232
- C:\Windows\System\jbIKays.exe
  C:\Windows\System\jbIKays.exe
  2⤵
  PID:13248
- C:\Windows\System\OTlwUEa.exe
  C:\Windows\System\OTlwUEa.exe
  2⤵
  PID:13268
- C:\Windows\System\pnkSNJx.exe
  C:\Windows\System\pnkSNJx.exe
  2⤵
  PID:13284
- C:\Windows\System\XmGPdJk.exe
  C:\Windows\System\XmGPdJk.exe
  2⤵
  PID:13300
- C:\Windows\System\cCJeAPi.exe
  C:\Windows\System\cCJeAPi.exe
  2⤵
  PID:9912
- C:\Windows\System\EvvaOaW.exe
  C:\Windows\System\EvvaOaW.exe
  2⤵
  PID:11412
- C:\Windows\System\jJZZHsJ.exe
  C:\Windows\System\jJZZHsJ.exe
  2⤵
  PID:11468
- C:\Windows\System\zGXTOfJ.exe
  C:\Windows\System\zGXTOfJ.exe
  2⤵
  PID:11520
- C:\Windows\System\mXrofzx.exe
  C:\Windows\System\mXrofzx.exe
  2⤵
  PID:11568
- C:\Windows\System\YLAsXai.exe
  C:\Windows\System\YLAsXai.exe
  2⤵
  PID:11644
- C:\Windows\System\MMqoKfz.exe
  C:\Windows\System\MMqoKfz.exe
  2⤵
  PID:10012
- C:\Windows\System\yDLNinD.exe
  C:\Windows\System\yDLNinD.exe
  2⤵
  PID:11800
- C:\Windows\System\DnkQIoI.exe
  C:\Windows\System\DnkQIoI.exe
  2⤵
  PID:10164
- C:\Windows\System\PSPlwuF.exe
  C:\Windows\System\PSPlwuF.exe
  2⤵
  PID:11908
- C:\Windows\System\wjKFOBr.exe
  C:\Windows\System\wjKFOBr.exe
  2⤵
  PID:11952
- C:\Windows\System\WDJtVBL.exe
  C:\Windows\System\WDJtVBL.exe
  2⤵
  PID:6108
- C:\Windows\System\WJjOnFO.exe
  C:\Windows\System\WJjOnFO.exe
  2⤵
  PID:7548
- C:\Windows\System\GlNItFQ.exe
  C:\Windows\System\GlNItFQ.exe
  2⤵
  PID:8560
- C:\Windows\System\HBGPocs.exe
  C:\Windows\System\HBGPocs.exe
  2⤵
  PID:10244
- C:\Windows\System\zUFIZHr.exe
  C:\Windows\System\zUFIZHr.exe
  2⤵
  PID:10588
- C:\Windows\System\GDodycJ.exe
  C:\Windows\System\GDodycJ.exe
  2⤵
  PID:10620
- C:\Windows\System\GUwZWxY.exe
  C:\Windows\System\GUwZWxY.exe
  2⤵
  PID:10664
- C:\Windows\System\sJrmTKO.exe
  C:\Windows\System\sJrmTKO.exe
  2⤵
  PID:10728
- C:\Windows\System\lzkAlPV.exe
  C:\Windows\System\lzkAlPV.exe
  2⤵
  PID:10812
- C:\Windows\System\ePmYVVV.exe
  C:\Windows\System\ePmYVVV.exe
  2⤵
  PID:10944
- C:\Windows\System\sbqnPgq.exe
  C:\Windows\System\sbqnPgq.exe
  2⤵
  PID:11048
- C:\Windows\System\UcyTNvY.exe
  C:\Windows\System\UcyTNvY.exe
  2⤵
  PID:11088
- C:\Windows\System\vSMSzao.exe
  C:\Windows\System\vSMSzao.exe
  2⤵
  PID:11196
- C:\Windows\System\dMtrVbI.exe
  C:\Windows\System\dMtrVbI.exe
  2⤵
  PID:11252
- C:\Windows\System\hOFsBhq.exe
  C:\Windows\System\hOFsBhq.exe
  2⤵
  PID:6228
- C:\Windows\System\lJvQYDI.exe
  C:\Windows\System\lJvQYDI.exe
  2⤵
  PID:8764
- C:\Windows\System\zaiNtlL.exe
  C:\Windows\System\zaiNtlL.exe
  2⤵
  PID:3224
- C:\Windows\System\CnQeNvp.exe
  C:\Windows\System\CnQeNvp.exe
  2⤵
  PID:9784
- C:\Windows\System\FIsVjLI.exe
  C:\Windows\System\FIsVjLI.exe
  2⤵
  PID:4188
- C:\Windows\System\LGKZgrf.exe
  C:\Windows\System\LGKZgrf.exe
  2⤵
  PID:4596
- C:\Windows\System\FEvLoOM.exe
  C:\Windows\System\FEvLoOM.exe
  2⤵
  PID:10748
- C:\Windows\System\SfraZuo.exe
  C:\Windows\System\SfraZuo.exe
  2⤵
  PID:8724
- C:\Windows\System\fZhRArD.exe
  C:\Windows\System\fZhRArD.exe
  2⤵
  PID:9504
- C:\Windows\System\ideoZSb.exe
  C:\Windows\System\ideoZSb.exe
  2⤵
  PID:11404
- C:\Windows\System\AfDMAYX.exe
  C:\Windows\System\AfDMAYX.exe
  2⤵
  PID:9612
- C:\Windows\System\cIlZajH.exe
  C:\Windows\System\cIlZajH.exe
  2⤵
  PID:9384
- C:\Windows\System\OFVPhnL.exe
  C:\Windows\System\OFVPhnL.exe
  2⤵
  PID:9076
- C:\Windows\System\SvekbNn.exe
  C:\Windows\System\SvekbNn.exe
  2⤵
  PID:12304
- C:\Windows\System\rSShwxm.exe
  C:\Windows\System\rSShwxm.exe
  2⤵
  PID:11336
- C:\Windows\System\QwCMhfg.exe
  C:\Windows\System\QwCMhfg.exe
  2⤵
  PID:11772
- C:\Windows\System\wWfGGLn.exe
  C:\Windows\System\wWfGGLn.exe
  2⤵
  PID:12420
- C:\Windows\System\mjvprjJ.exe
  C:\Windows\System\mjvprjJ.exe
  2⤵
  PID:13336
- C:\Windows\System\dfgbmLM.exe
  C:\Windows\System\dfgbmLM.exe
  2⤵
  PID:13360
- C:\Windows\System\cWbxUqq.exe
  C:\Windows\System\cWbxUqq.exe
  2⤵
  PID:13384
- C:\Windows\System\BMEVBqR.exe
  C:\Windows\System\BMEVBqR.exe
  2⤵
  PID:13400
- C:\Windows\System\uPWQIYg.exe
  C:\Windows\System\uPWQIYg.exe
  2⤵
  PID:13420
- C:\Windows\System\IIUTCNS.exe
  C:\Windows\System\IIUTCNS.exe
  2⤵
  PID:13444
- C:\Windows\System\jzEpqVR.exe
  C:\Windows\System\jzEpqVR.exe
  2⤵
  PID:13472
- C:\Windows\System\oyfbHBb.exe
  C:\Windows\System\oyfbHBb.exe
  2⤵
  PID:13500
- C:\Windows\System\nCHoohV.exe
  C:\Windows\System\nCHoohV.exe
  2⤵
  PID:13520
- C:\Windows\System\lLvfYio.exe
  C:\Windows\System\lLvfYio.exe
  2⤵
  PID:13544
- C:\Windows\System\sEqsprs.exe
  C:\Windows\System\sEqsprs.exe
  2⤵
  PID:13564
- C:\Windows\System\LDwlDrT.exe
  C:\Windows\System\LDwlDrT.exe
  2⤵
  PID:13584
- C:\Windows\System\UYtcgeC.exe
  C:\Windows\System\UYtcgeC.exe
  2⤵
  PID:13604
- C:\Windows\System\jRIHvge.exe
  C:\Windows\System\jRIHvge.exe
  2⤵
  PID:13624
- C:\Windows\System\qytldCx.exe
  C:\Windows\System\qytldCx.exe
  2⤵
  PID:13648
- C:\Windows\System\RotWljN.exe
  C:\Windows\System\RotWljN.exe
  2⤵
  PID:13672
- C:\Windows\System\VXlXPqG.exe
  C:\Windows\System\VXlXPqG.exe
  2⤵
  PID:13696
- C:\Windows\System\qpPaqWL.exe
  C:\Windows\System\qpPaqWL.exe
  2⤵
  PID:13720
- C:\Windows\System\CSUnJim.exe
  C:\Windows\System\CSUnJim.exe
  2⤵
  PID:13740
- C:\Windows\System\PwKNeWq.exe
  C:\Windows\System\PwKNeWq.exe
  2⤵
  PID:13768
- C:\Windows\System\dsfYnhy.exe
  C:\Windows\System\dsfYnhy.exe
  2⤵
  PID:13792
- C:\Windows\System\ZLxWdSo.exe
  C:\Windows\System\ZLxWdSo.exe
  2⤵
  PID:13816
- C:\Windows\System\tqBJLZY.exe
  C:\Windows\System\tqBJLZY.exe
  2⤵
  PID:13836
- C:\Windows\System\XafdbiM.exe
  C:\Windows\System\XafdbiM.exe
  2⤵
  PID:13852
- C:\Windows\System\FcTBYXw.exe
  C:\Windows\System\FcTBYXw.exe
  2⤵
  PID:13868
- C:\Windows\System\GTyLCDh.exe
  C:\Windows\System\GTyLCDh.exe
  2⤵
  PID:13884
- C:\Windows\System\xziTinJ.exe
  C:\Windows\System\xziTinJ.exe
  2⤵
  PID:13904
- C:\Windows\System\zTIbKCT.exe
  C:\Windows\System\zTIbKCT.exe
  2⤵
  PID:13920
- C:\Windows\System\FtOWZmU.exe
  C:\Windows\System\FtOWZmU.exe
  2⤵
  PID:13940
- C:\Windows\System\afKlTnl.exe
  C:\Windows\System\afKlTnl.exe
  2⤵
  PID:13956
- C:\Windows\System\mBMgGgx.exe
  C:\Windows\System\mBMgGgx.exe
  2⤵
  PID:13972
- C:\Windows\System\BEFcYQT.exe
  C:\Windows\System\BEFcYQT.exe
  2⤵
  PID:13988
- C:\Windows\System\wwcdlAk.exe
  C:\Windows\System\wwcdlAk.exe
  2⤵
  PID:14004
- C:\Windows\System\WXMoyLi.exe
  C:\Windows\System\WXMoyLi.exe
  2⤵
  PID:14020
- C:\Windows\System\UbxvtBg.exe
  C:\Windows\System\UbxvtBg.exe
  2⤵
  PID:14044
- C:\Windows\System\iOsPjMr.exe
  C:\Windows\System\iOsPjMr.exe
  2⤵
  PID:14064
- C:\Windows\System\AGhnTTr.exe
  C:\Windows\System\AGhnTTr.exe
  2⤵
  PID:14084
- C:\Windows\System\zHtzbhZ.exe
  C:\Windows\System\zHtzbhZ.exe
  2⤵
  PID:14112
- C:\Windows\System\mbqWylj.exe
  C:\Windows\System\mbqWylj.exe
  2⤵
  PID:14136
- C:\Windows\System\dBPkztJ.exe
  C:\Windows\System\dBPkztJ.exe
  2⤵
  PID:14160
- C:\Windows\System\HtVxNNB.exe
  C:\Windows\System\HtVxNNB.exe
  2⤵
  PID:14176
- C:\Windows\System\WoIJSZq.exe
  C:\Windows\System\WoIJSZq.exe
  2⤵
  PID:14196
- C:\Windows\System\jkXGPnv.exe
  C:\Windows\System\jkXGPnv.exe
  2⤵
  PID:14220
- C:\Windows\System\IyTrZtN.exe
  C:\Windows\System\IyTrZtN.exe
  2⤵
  PID:14244

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BoWWijh.exe

Filesize
1.5MB

MD5
988eb323739589950d76189572a0f765

SHA1
189f18877c8775ae5c90a7ef84fbd51755f1faf5

SHA256
272bc0bf21909513d7a78076fbed20178c3b37cf1d5a84cf1e3c74f45fd377bc

SHA512
3ac419a5cbedfa85437796ed6ce081a9015fd5afe84e2cf42bf1e470b33a3e24239197e4a07e29af5e66201f9e0c9e48acd0e2ac4840ae0663f4e14ff25e84fa

Download Submit
C:\Windows\System\Brpsqii.exe

Filesize
1.5MB

MD5
cc87de9bc95ab1a65fa4ca12d05991ed

SHA1
e9bc91a3a04394835132edf887697d59058425c4

SHA256
06a360a24f4f35367a46545e0552ec6d27ad3fbe23977d58c5c4acfd9f99e94d

SHA512
821f1c737d210b94466fe8a3e454828bb58c5eeeb22fd1b31333870cc289224591f88ab3b2a6977ee3b0952803d9a678c94907a0dcaf22009cb9bd3442a1367b

Download Submit
C:\Windows\System\DTcrPTn.exe

Filesize
1.5MB

MD5
838e940ccea55111880dc84a0dd1f5d2

SHA1
8b796988469467c2234bc3c12d7d3adce2db7cde

SHA256
03f72a064211f92d17808964ea2c61501481e22fc272bae88394f104478d44b3

SHA512
ee5b789f08bea0982b7d0cfb2ee579d5084b12ff076eba502e797129a913d7aed35b10dcf6c2dccd9dad7397d29680750558c56ef8e6540746732f307043baac

Download Submit
C:\Windows\System\DdVqdLb.exe

Filesize
1.5MB

MD5
0498a8a3eb4101b11aa5082056a9a62d

SHA1
6ba58969fcbdeafc81892a313726c4f0f9c33fbb

SHA256
7f556a206a567d82e97cc76bf636e8d60051e8c5c4dd01ef4c4f5c62f233dd96

SHA512
698b490ddd535934aabb4c1d483cd435c78f9464f1df9e454fa298b3dbf629b68443b5f18d1a06128a885bcc90d6f10b1d26d997074b2bb62224c4d28fcc981d

Download Submit
C:\Windows\System\DwlNVci.exe

Filesize
1.5MB

MD5
a5af5445709bc002fbed850297314fa7

SHA1
9e63c74d791c94733d696fc79dccd56382371cf3

SHA256
05d9bef113408bdb5ae31fca6ea9ac55698234fa0e673b9b14f0e0e0dbb4edf4

SHA512
5e6eef95ecf66814d17544d8f69552e5831b5d804cf4de50f2126b007c8a2193a4532e8d83028ad752ada264092b930616e12dafa83ce1579a9a2ea062b41aaa

Download Submit
C:\Windows\System\ETTfJJE.exe

Filesize
1.5MB

MD5
7f1c65b1491868c151b0fabd41b6c868

SHA1
db093cb9a94dd4b30bae59d6356976b3b6b54195

SHA256
932a8c1d2e80cffbc1ab03be48001ca782aef6f153c95830c09ecee20d255b9e

SHA512
2b08d69974aec11ef78a25f3284b82cbda88686f2a45f155e15770b317f94de3b48a605d43e52cd778c6a851bcf5b070dd3ad0426c06b885a8f752b48cc83a26

Download Submit
C:\Windows\System\EdMrngm.exe

Filesize
1.5MB

MD5
0117170abc60163b0fb12d1d62c78aae

SHA1
89535e57c84e73dbf9b7e4a7a60b560e99a6b9fe

SHA256
6d70729089c7a3ff0de1ebf481dfee97c527b42cf442d948c6eaedf638d5fd5b

SHA512
32de5c897558d448687a9c0cfed407de14cab367fb21c8158585ade496eeeeed4244a410bbe4f6f645b22d265e74bece8c150d784918f00e58b44440142bfa12

Download Submit
C:\Windows\System\LorLUsT.exe

Filesize
1.5MB

MD5
e9e68501bdd0d0c89007c1b8d9cdb39b

SHA1
e0fba1a2fec3bf4b2fda8f937d0dd43a67bd55d9

SHA256
2050da17d5bc82ab9584b42512f8afbc9dc7fa06b1521d83dfcba69136a2a252

SHA512
0ce74494c2868b59c40e6f32a2e06d215ac570ba5a471061fe6dee20185c5fa94b080b28b85d223b9bc77c8927de1a6c1bb93c27e585c4399f8bf0188df69b70

Download Submit
C:\Windows\System\NfLIkqQ.exe

Filesize
1.5MB

MD5
06d087f3639017eb60f99871899a7125

SHA1
8a7a93adc65825d43cc72f4ee80cf4ffbedb5956

SHA256
0c452c52054765ffe58d500297ea614b0e910b4e2c2828f69a4b4a0342080fac

SHA512
fc08bb202f5a28a6f32e1b341a1aadaa7bf465e98424c5379ba07e3da93029ada927b0b78e981de4cc106924903871fbe288e3bef50f3f67b23875cf6d088c34

Download Submit
C:\Windows\System\QgUcVzz.exe

Filesize
1.5MB

MD5
cd627c7d40d78abd8372caba6ea86f3d

SHA1
104b24fb604b0e9eb8df5272203e259fbc4cff71

SHA256
ab966630a0f45428af280263c8450a9bd7f29cc81f99926a28dc7d806bc4e813

SHA512
43d875e2c7d904ba88dbda685062b4c2f3da1b651164ccd4df0472100c8c21716cfcd470076880fe82fd23ac52435fec45826b7ea67bd097054486342f282135

Download Submit
C:\Windows\System\RcUdEhy.exe

Filesize
1.5MB

MD5
2f1f671c472783290cca79928e033192

SHA1
d312c54edf1447aea4611543c741f0f68d735bf7

SHA256
c269cedb1e2e4d8ed0232559434852e51b20517364a0599f917661267a9891d4

SHA512
d1e257177bce75427cd732230336bf0fb57ae0336a6774fcd410a31a7ef042bb6c87ec104e8573280907f6e257b62566c56750191fb25b664434f84227575e53

Download Submit
C:\Windows\System\TkOWXDG.exe

Filesize
1.5MB

MD5
9eebba0d81f2e5bb19e78b08dc0b4cd3

SHA1
18a59c69d34dab60a588af3c4dc0a3c4b17f0638

SHA256
165cd99ded660c3a1b311dd1a2a023fc381556b4b6ee16abef7bb5c11efbf4aa

SHA512
0561c4e1e17300ed7e0fad91cc480ff7efa99d369d28a4405366f4ae578906869ff7fde592a7489e909d0591ba29e4a7f736b6c154e38338bdb812be4d108897

Download Submit
C:\Windows\System\UqLYWGi.exe

Filesize
1.5MB

MD5
7fed671bcc4d60a89f12004aea0f39b4

SHA1
31016bde4dbc9c0a3f716af93956a0b0527fc062

SHA256
964a7897ba0b2b175319bd9cb6ad75fa965ac97e5c46f6aa71a78a0e4de54478

SHA512
a10dd9abdcaf2103d13fb13a93139be2de95497f7f7794a795bc02e5a8268cd3b2b1c4b6741aa66e13c5d249ee1a24374392df4287de2b32aefd32abb82c7e0c

Download Submit
C:\Windows\System\UskOtwB.exe

Filesize
1.5MB

MD5
9df6b98012e3539311402e789e5a1c3b

SHA1
a8ce83f88e11638316256b03d1291bc3a0571095

SHA256
c54fd0931ea0e2fea04dc5649c8b6e3c854285e87eee29a4f7f9eae4db8fd695

SHA512
6091d2e67410d94933b1dd4e80487251e710e5deed7a9f65c34b49dd6eee149795d9d400a204ce2d5fc4ad17752d28b974700382f74249dc37f5c0685951e5e4

Download Submit
C:\Windows\System\VPkRIwG.exe

Filesize
1.5MB

MD5
7ad10b2afc138ff9a1b7eabf46e81876

SHA1
76131f3da4b97d9383069ee718608a7ab74d7267

SHA256
9b1f17721be72300198883c19a54d9d9c6d431ca10a30041fb4222a0ffe7afc1

SHA512
aa38e7e2e399427a4f95a92c61a419e38e1154b633c9525d3424bfd7c4b3333e574ef5c19b1add457bffca7bfd2bf3f229d639f39d069a700e3721dae9782008

Download Submit
C:\Windows\System\XqRJRaP.exe

Filesize
1.5MB

MD5
2dd45b9c176549c5ad21199fbd3a6988

SHA1
ecfa60d454812f6af5ec4ebcbdbb230e6bc71e9a

SHA256
34901dc97d8f1a591fbaa24e6f48ea869f799b5071cb5aaf703dc5598b0ff43e

SHA512
d3315db79b79d2093a726c0b51ebb1423b5fe1fd52aa1f618a1f34c256e2a3632bb95e5af246dd2264f103ff778a9b49da46c7ea025d0dcbe906cf12f88d0ca8

Download Submit
C:\Windows\System\YgfjLQP.exe

Filesize
1.5MB

MD5
cf203a7734a543824386831cd04a0901

SHA1
215ec915cc2e22dfbbc2f6ef5bcab7181094f2cc

SHA256
a094de21cb8444dbc8845b60ad0e38f58dc9bbdfd1741b7143180196e0ac2b10

SHA512
474aa19c603d25f82a59b3672e49d4693b459c7a55fa98983c823b75786f1b6c1c5eca68e499b4608f7e2998419831c5437ef1a94b1d963a4aab53e131dc6f4a

Download Submit
C:\Windows\System\YhrRkSy.exe

Filesize
1.5MB

MD5
1cf25889faf0ab8a6e2bca2d662c9d37

SHA1
026f546a85a882aede77f7e6e44c0a59f291679f

SHA256
a5372f1977a549a41e7ef0dc63c4842cc79f4033130e374c6b288cdc24d9983c

SHA512
cbcb728a3e5ac43f2905b0a02133b46295d2d642773ae4a99ab17f65edbfb1c27de566ebefbe473454cfc9154a4de0ec65699cbccfd0594e57e11af8e56c7cc5

Download Submit
C:\Windows\System\aErSprj.exe

Filesize
1.5MB

MD5
ef195cf45330860890c1b8a2019570f3

SHA1
2dc8f4d1ba88e53d188c355e0fe1d4e156ef20fc

SHA256
b1d17987ffeba36454954445a5760b9a6f03a9b0ea14322f45d9198b5947cb7f

SHA512
0e47ecda87ea1383ee0ac752c1e85c5ccded467746e46d0518674ef4d7bb6b76b632e24453732722f34291b728c0fce9f4eeb0ded7ee76122d9749712d076f5a

Download Submit
C:\Windows\System\aiXOcIJ.exe

Filesize
1.5MB

MD5
975bf55bca545aa8a63f38c2a33a7e44

SHA1
27ebf916139dd3d2554d4a03a428852da93b0820

SHA256
d3ffc4730e5d19d4614dbc17c0bd7719e5f4af7653355817e5e9561c67a7d82b

SHA512
d8493cb4b4f2fb398614740ef5638e8565d4f3b95ea88d44d70b94e0ab611d48377f695949340dfd7c5d287843dfcfc18244e08e49d5e01846d3f6c3a5ed6521

Download Submit
C:\Windows\System\akeFDOq.exe

Filesize
1.5MB

MD5
65e11158205949f0f3b1c26468ebb40c

SHA1
a4d99b7805591b0299ed4016da5ecdba7051c108

SHA256
0706afa4f36ec7012a480bc4b77515c033fc88c930748e9334e56efeef6a7a03

SHA512
16d9a11c830b6a451e4b8ef02d592218bc387085ba03ff096c6b1197965dd60350659b9c31b74452b3e93d3b2a8aeb9e1d8596020ac798829605bf988cf6b640

Download Submit
C:\Windows\System\fkKkplZ.exe

Filesize
1.5MB

MD5
82bc86a7159075043f7b7d5e9fc3bf7d

SHA1
e8c03f4b0e6f660e1bc9330ae570f3f44069037e

SHA256
2870c19ea81a8b64200bdef1a80071679d52c6272425e08d1b3d65ed368a5eb8

SHA512
968a5652b1a495db393d07b6d27a8c3e2b9b704f92a0374818e0ee2b8adf7d3dfd53116a8a9b65301c28677426f19884cc120d0cf3c791e06cb24efe92add861

Download Submit
C:\Windows\System\gHbTrkX.exe

Filesize
1.5MB

MD5
1776d48865c4d9b2c30e8acb8c8a0f2f

SHA1
56961f5c9671a2699c531580d1554ede1027f029

SHA256
43a756096ed21379282b36d544950725ea02884729e45cc4c510ef03ba436d19

SHA512
97a5a23a4d99f3f4e3fa5d3c9e70f78079eaf4932b4684f0fd5b88177563b07220685752c91bc54cc44fd20ac292f8bb4258dd73039385184a48bcddc0f41210

Download Submit
C:\Windows\System\hqNShXx.exe

Filesize
1.5MB

MD5
e55011f9144b8062125dff74611ced82

SHA1
78cf68f143338e06167844ee94ff3ca0b318d791

SHA256
f2743dd6d09f4e6f3acd826dd65c3c22c6e703639d7cef33232fcbc76e9bdb6b

SHA512
7e3d3dacf360581c4de7c86357fda6ce26e9594636a83cdffa3ca66843e486f326045d0f193448128888f0d6a72067c25e02a8fcea034a2012e010762d7550aa

Download Submit
C:\Windows\System\iSuvqky.exe

Filesize
1.5MB

MD5
3175129b7f8f0345d9448ae2084071d3

SHA1
a4f4f0079689a205e05bef2418697b039d33db79

SHA256
a8fe7aa8a95954a2108d929049f75f77fb56d2c736deec7cd346d39337427b6b

SHA512
51af6a0a96f8acd8ca251859650729f7099966fa11f9b628849a49427e36800a5d1131914048be4861fa0f860af79069eeef40d75e8225a2eb826d154aded819

Download Submit
C:\Windows\System\isLCHyS.exe

Filesize
1.5MB

MD5
a0f0740468d21ea44fd54894205a7c47

SHA1
86e7d3bd882e59cbe66995be786ba41f28773744

SHA256
09ddc4017c31bed4f69d1cb87adce934de795fc2d925db033cbebb25c58e645d

SHA512
8a77bf3bccf0074b9e89480957064d079393b344760591e5bbe8454ae60af870b804fc17fb6a75dd069ccd500ab0892397b8f215f0817b29b8c4486358e6143c

Download Submit
C:\Windows\System\kcAaFqR.exe

Filesize
1.5MB

MD5
5c03c247f8d8b30f05b4ead33177894c

SHA1
ac7e2eafe49b5344bf8516d7bb620cf5af9d9c25

SHA256
2041baa15d7fd365e4f10828d285ed43a5291415963942bc973de55ebb0711ee

SHA512
71b8fd0c146b525cfcd16604e10057d5852d6fca88431d19a13b69161c18ca7a2f04ff04fc0e968ed9d51bdad3e13369f19692878448e09cef500c80ff9a8c33

Download Submit
C:\Windows\System\keRwEBU.exe

Filesize
1.5MB

MD5
72ccba9768e534ebd632dda2bd688a02

SHA1
7e2a4ce114fcb24ec9502ad9a038f1ae4a69619f

SHA256
d5790367247d10cbb75bfe9cb738428d06247bc3a55d32e2560921f067357fa5

SHA512
12cff6b90a5bce34db3f4b431755bddaf56a050b3caa375e3c26eb41cbeed59ce5784c7a9438cdb62e7686f3b40e2841b94bf3577a5f71c61ed5127ccbafeab1

Download Submit
C:\Windows\System\kjVUQNU.exe

Filesize
1.5MB

MD5
d465add14ec555eef39a3487d30ca64b

SHA1
193aa3552335ec5de2035515fd1e6aff5f01a78a

SHA256
3395d0e6a9c574980c1456c7d92f50ccf946685695b80bb0de5b195c95c2cd35

SHA512
2a62211e49dae133d90b27d7aa0ec856449e280dbc474e7ada1c623404303f1aa844d9a01e79dee53a6380bd78c598d5b6955b8d2a7e80dd00b3b0a0406f320c

Download Submit
C:\Windows\System\oAGeoeh.exe

Filesize
1.5MB

MD5
011e621c3ef2fe14350323db507194d7

SHA1
2693d27e5913b775226fc2648bd15757566ce37f

SHA256
2f202516c5d23e196bccce0ae2ce89ad6f8a7db161e8e3c781f97a312836d3c5

SHA512
6b1bb43281a1a2d7cd5e536ccefbea0ba690d2237a790d061d76f72618398528ac92776e114f021253d5b15ae2047645fbc7e24611d05e33de4201b94944b5f3

Download Submit
C:\Windows\System\oDmMBzz.exe

Filesize
1.5MB

MD5
26fe5a69b7bd0d63c9b2045ce75c2487

SHA1
8a0b9604fe15eb68425e15bfd18077d2cebfaf25

SHA256
82ff9a76508d3e7c8bfd13970a80a8ea86d4ad817d6e0b51bb2895c019094a19

SHA512
75c4afcc86d7ee01a9fc35f38b89a7900587ba7f880e93e445105f3d640ca532bde2f60124cf0018b3249abcd850333d82a7355bd8b920c3839c22b7a85b8157

Download Submit
C:\Windows\System\oSyojZV.exe

Filesize
1.5MB

MD5
9cfa7442987f0a65e94ecf4ad215db85

SHA1
3c861bb5d2c5966183ca3ec22497182a2e475511

SHA256
aabd15f84563afe657542f8181cd2ee5a3c9a1726c7841f7ecf7595a3133bf0b

SHA512
600099ab1cafbf14273f55808571d7e1e42f6671e91b5cf43006eb34d56752ce20e43b46bcc8b5ed58191aa58218cc8d698a2cc5d9982d00bc350919b1e2ae53

Download Submit
C:\Windows\System\piylcAC.exe

Filesize
1.5MB

MD5
4804d473ca7fac3b21378489f03347a0

SHA1
e48e1834bc5f2e87824c73f983dc6a7bc750b15f

SHA256
550476db05545caa843eb57484d763c92c01e34afbc3d55adaf9034393aa47b8

SHA512
ad9b773be8b8c95f70de4d38e0f02e4d4afdf5b6d008b9b5c994d4b79351b07ddf2d1d3b7402136966dbd928dbb21e2daf051c5013d1ea1f97fd39b54e4527ec

Download Submit
C:\Windows\System\sgLwJpY.exe

Filesize
1.5MB

MD5
2ef2cbec1bac634b9f7947c4503acb88

SHA1
f2c0d9bc8747e19587db1cdfb3df4e06b7f6e428

SHA256
ef360ebe2b14d2c06f26a602e33ace9d7a30bc4146b48a2f821c18521fcb90bf

SHA512
ac8bb660fb0441ca9a996db4d2ee5fc642a8a879e321f6a6a8fd54ccf4d400b9d07c0ae0fe5258bb999af3694d9883bdd59d341fb1e91b60f09aaeeaf72eb30f

Download Submit
C:\Windows\System\tfmMWrW.exe

Filesize
1.5MB

MD5
16ea41bda592191c586e4a7e3db28292

SHA1
ad2e5c69ad6fd9c0dd8eced1fe43f7564785572f

SHA256
3f50561819f05b545806546b03619dacf1173c2c0a8c732efcddea2d65d7f318

SHA512
bf3564822fe37632ce7c571460d224de75adf332c0d86fe0449f4e03a8f821ac89313bbeeaf363a12e3b1fe0290cb3addf36cf8d0913d067282af0f44a697249

Download Submit
C:\Windows\System\wkBVOEA.exe

Filesize
1.5MB

MD5
c48231a7bdf42f0e74830ba7b9b44476

SHA1
7d2da38cbcd54c9f6d16b8f49e81dd167b5ef7fa

SHA256
0be74e1efec10052d579fcc3172b49abded1dcc9e47df85d11b9627701102bf5

SHA512
9a21162abfcc746ab396e0c6232fe63750b950157bc69759e63c32dde3b48741c9165e0d29cbb1f91966ff9983302c274d2b37dfac5a885657f809bd72287771

Download Submit
C:\Windows\System\yGGkpyz.exe

Filesize
1.5MB

MD5
5ab797cdaebef52f1d7089e314a37bee

SHA1
351b26f216703043092700267cf9dc68c3f02ac5

SHA256
1b9e8fae51913b4b9153c2b590aace92fd0441051c22697c4b03470c0bb8011e

SHA512
ce0b9c1bc3234dffd9363178e790e3691a0838df4b86522c3594333db614b3fb7cbaeb19e92bd40a478831591b16f2ca97a7156e460f20e80d926c039284f1d6

Download Submit
C:\Windows\System\yiJnjyq.exe

Filesize
1.5MB

MD5
dfb4d70ef371ae3ec829d4023ba7a3ba

SHA1
8fab9f0b7dfc201b3dacc17ae4afed74b117a8cb

SHA256
2444fe18ba2b76f616a99450a399253023a45ee1001be393df373d1c25e79eda

SHA512
7bb330b2ad9171b2e127196ee2db94badec4621cb0ce45a81716f63f7ba1c69aac26dca80fe60971cce799fcc01a31d70ada33316e4b586cdb9b2da47a35b360

Download Submit
memory/648-469-0x00007FF690850000-0x00007FF690BA1000-memory.dmp

Filesize
3.3MB

Download
memory/648-2345-0x00007FF690850000-0x00007FF690BA1000-memory.dmp

Filesize
3.3MB

Download
memory/912-51-0x00007FF62C8D0000-0x00007FF62CC21000-memory.dmp

Filesize
3.3MB

Download
memory/912-2251-0x00007FF62C8D0000-0x00007FF62CC21000-memory.dmp

Filesize
3.3MB

Download
memory/960-307-0x00007FF6047E0000-0x00007FF604B31000-memory.dmp

Filesize
3.3MB

Download
memory/960-2278-0x00007FF6047E0000-0x00007FF604B31000-memory.dmp

Filesize
3.3MB

Download
memory/1144-71-0x00007FF7A7EC0000-0x00007FF7A8211000-memory.dmp

Filesize
3.3MB

Download
memory/1144-2257-0x00007FF7A7EC0000-0x00007FF7A8211000-memory.dmp

Filesize
3.3MB

Download
memory/1244-2287-0x00007FF7C29A0000-0x00007FF7C2CF1000-memory.dmp

Filesize
3.3MB

Download
memory/1244-331-0x00007FF7C29A0000-0x00007FF7C2CF1000-memory.dmp

Filesize
3.3MB

Download
memory/1792-532-0x00007FF7CA4B0000-0x00007FF7CA801000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2270-0x00007FF7CA4B0000-0x00007FF7CA801000-memory.dmp

Filesize
3.3MB

Download
memory/1888-534-0x00007FF68E270000-0x00007FF68E5C1000-memory.dmp

Filesize
3.3MB

Download
memory/1888-2274-0x00007FF68E270000-0x00007FF68E5C1000-memory.dmp

Filesize
3.3MB

Download
memory/2116-268-0x00007FF66B590000-0x00007FF66B8E1000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2283-0x00007FF66B590000-0x00007FF66B8E1000-memory.dmp

Filesize
3.3MB

Download
memory/2524-62-0x00007FF72F9E0000-0x00007FF72FD31000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2261-0x00007FF72F9E0000-0x00007FF72FD31000-memory.dmp

Filesize
3.3MB

Download
memory/2536-181-0x00007FF66F5F0000-0x00007FF66F941000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2279-0x00007FF66F5F0000-0x00007FF66F941000-memory.dmp

Filesize
3.3MB

Download
memory/2668-2249-0x00007FF737260000-0x00007FF7375B1000-memory.dmp

Filesize
3.3MB

Download
memory/2668-10-0x00007FF737260000-0x00007FF7375B1000-memory.dmp

Filesize
3.3MB

Download
memory/2948-1-0x000001DA3C1E0000-0x000001DA3C1F0000-memory.dmp

Filesize
64KB

Download
memory/2948-2144-0x00007FF74EC20000-0x00007FF74EF71000-memory.dmp

Filesize
3.3MB

Download
memory/2948-0-0x00007FF74EC20000-0x00007FF74EF71000-memory.dmp

Filesize
3.3MB

Download
memory/3092-2260-0x00007FF646FF0000-0x00007FF647341000-memory.dmp

Filesize
3.3MB

Download
memory/3092-83-0x00007FF646FF0000-0x00007FF647341000-memory.dmp

Filesize
3.3MB

Download
memory/3332-334-0x00007FF7832B0000-0x00007FF783601000-memory.dmp

Filesize
3.3MB

Download
memory/3332-2297-0x00007FF7832B0000-0x00007FF783601000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2264-0x00007FF7BDE00000-0x00007FF7BE151000-memory.dmp

Filesize
3.3MB

Download
memory/3424-86-0x00007FF7BDE00000-0x00007FF7BE151000-memory.dmp

Filesize
3.3MB

Download
memory/3496-527-0x00007FF7EDDB0000-0x00007FF7EE101000-memory.dmp

Filesize
3.3MB

Download
memory/3496-2329-0x00007FF7EDDB0000-0x00007FF7EE101000-memory.dmp

Filesize
3.3MB

Download
memory/3528-264-0x00007FF682180000-0x00007FF6824D1000-memory.dmp

Filesize
3.3MB

Download
memory/3528-2276-0x00007FF682180000-0x00007FF6824D1000-memory.dmp

Filesize
3.3MB

Download
memory/3852-391-0x00007FF61A960000-0x00007FF61ACB1000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2295-0x00007FF61A960000-0x00007FF61ACB1000-memory.dmp

Filesize
3.3MB

Download
memory/4080-2281-0x00007FF6A2A90000-0x00007FF6A2DE1000-memory.dmp

Filesize
3.3MB

Download
memory/4080-185-0x00007FF6A2A90000-0x00007FF6A2DE1000-memory.dmp

Filesize
3.3MB

Download
memory/4216-530-0x00007FF648CC0000-0x00007FF649011000-memory.dmp

Filesize
3.3MB

Download
memory/4216-2299-0x00007FF648CC0000-0x00007FF649011000-memory.dmp

Filesize
3.3MB

Download
memory/4272-2271-0x00007FF7F1E40000-0x00007FF7F2191000-memory.dmp

Filesize
3.3MB

Download
memory/4272-223-0x00007FF7F1E40000-0x00007FF7F2191000-memory.dmp

Filesize
3.3MB

Download
memory/4292-121-0x00007FF73B720000-0x00007FF73BA71000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2265-0x00007FF73B720000-0x00007FF73BA71000-memory.dmp

Filesize
3.3MB

Download
memory/4388-526-0x00007FF65E730000-0x00007FF65EA81000-memory.dmp

Filesize
3.3MB

Download
memory/4388-2318-0x00007FF65E730000-0x00007FF65EA81000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2255-0x00007FF774380000-0x00007FF7746D1000-memory.dmp

Filesize
3.3MB

Download
memory/4560-531-0x00007FF774380000-0x00007FF7746D1000-memory.dmp

Filesize
3.3MB

Download
memory/4572-533-0x00007FF735720000-0x00007FF735A71000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2301-0x00007FF735720000-0x00007FF735A71000-memory.dmp

Filesize
3.3MB

Download
memory/4736-2290-0x00007FF6363C0000-0x00007FF636711000-memory.dmp

Filesize
3.3MB

Download
memory/4736-528-0x00007FF6363C0000-0x00007FF636711000-memory.dmp

Filesize
3.3MB

Download
memory/4744-2285-0x00007FF6718C0000-0x00007FF671C11000-memory.dmp

Filesize
3.3MB

Download
memory/4744-529-0x00007FF6718C0000-0x00007FF671C11000-memory.dmp

Filesize
3.3MB

Download
memory/4772-2292-0x00007FF7B59A0000-0x00007FF7B5CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4772-436-0x00007FF7B59A0000-0x00007FF7B5CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2267-0x00007FF7C3F90000-0x00007FF7C42E1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-148-0x00007FF7C3F90000-0x00007FF7C42E1000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2253-0x00007FF7FA1F0000-0x00007FF7FA541000-memory.dmp

Filesize
3.3MB

Download
memory/4976-9-0x00007FF7FA1F0000-0x00007FF7FA541000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2247-0x00007FF7FA1F0000-0x00007FF7FA541000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads