xmrig | 05429d73c0f9d144122edd2f7eb06434500f7e3fbe20a216f6dc159dadc49016

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
Size

2.3MB
MD5

20656fa3bfc6c8dc8aa3a7c9ea44a200
SHA1

54a724c5a0eeb00db86af3dbe1aea3a62af089c8
SHA256

05429d73c0f9d144122edd2f7eb06434500f7e3fbe20a216f6dc159dadc49016
SHA512

d1afe2b61d4e79ffbb0ee8029dbcf179a3dbcd2e334cc99a9f292dddd57c57a4c3792095be163b614c10e38384f6c8834d7e8acd6eac1a9258ba22d5f8ad3a9b
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIlMm+ZQaLwBXhu4:oemTLkNdfE0pZrH

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1700-0-0x00007FF740BB0000-0x00007FF740F04000-memory.dmp	xmrig
behavioral2/files/0x000a00000002328e-4.dat	xmrig
behavioral2/memory/2732-8-0x00007FF672200000-0x00007FF672554000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-10.dat	xmrig
behavioral2/files/0x000700000002341c-11.dat	xmrig
behavioral2/files/0x000700000002341e-20.dat	xmrig
behavioral2/memory/3432-28-0x00007FF652BD0000-0x00007FF652F24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-35.dat	xmrig
behavioral2/files/0x0007000000023422-44.dat	xmrig
behavioral2/memory/812-57-0x00007FF78ACB0000-0x00007FF78B004000-memory.dmp	xmrig
behavioral2/memory/2148-62-0x00007FF7F0130000-0x00007FF7F0484000-memory.dmp	xmrig
behavioral2/memory/4976-71-0x00007FF6475E0000-0x00007FF647934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-80.dat	xmrig
behavioral2/memory/2456-90-0x00007FF649920000-0x00007FF649C74000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-113.dat	xmrig
behavioral2/files/0x0007000000023430-140.dat	xmrig
behavioral2/memory/2148-156-0x00007FF7F0130000-0x00007FF7F0484000-memory.dmp	xmrig
behavioral2/memory/3732-178-0x00007FF61C860000-0x00007FF61CBB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023438-194.dat	xmrig
behavioral2/files/0x000700000002343a-204.dat	xmrig
behavioral2/files/0x0007000000023439-199.dat	xmrig
behavioral2/files/0x0007000000023437-197.dat	xmrig
behavioral2/files/0x0007000000023436-192.dat	xmrig
behavioral2/memory/2760-191-0x00007FF70FBD0000-0x00007FF70FF24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-186.dat	xmrig
behavioral2/memory/2200-185-0x00007FF6F38C0000-0x00007FF6F3C14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-180.dat	xmrig
behavioral2/memory/2456-179-0x00007FF649920000-0x00007FF649C74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-173.dat	xmrig
behavioral2/memory/2072-172-0x00007FF73C4D0000-0x00007FF73C824000-memory.dmp	xmrig
behavioral2/memory/1296-171-0x00007FF79F1B0000-0x00007FF79F504000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-166.dat	xmrig
behavioral2/memory/4656-165-0x00007FF746E70000-0x00007FF7471C4000-memory.dmp	xmrig
behavioral2/memory/4332-164-0x00007FF7854A0000-0x00007FF7857F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023431-159.dat	xmrig
behavioral2/memory/1448-158-0x00007FF605E00000-0x00007FF606154000-memory.dmp	xmrig
behavioral2/memory/5072-157-0x00007FF6B5310000-0x00007FF6B5664000-memory.dmp	xmrig
behavioral2/memory/4052-150-0x00007FF669CA0000-0x00007FF669FF4000-memory.dmp	xmrig
behavioral2/memory/812-149-0x00007FF78ACB0000-0x00007FF78B004000-memory.dmp	xmrig
behavioral2/files/0x000700000002342f-144.dat	xmrig
behavioral2/memory/1272-143-0x00007FF7A2F00000-0x00007FF7A3254000-memory.dmp	xmrig
behavioral2/memory/2240-137-0x00007FF7D2140000-0x00007FF7D2494000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-138.dat	xmrig
behavioral2/memory/3720-136-0x00007FF7998B0000-0x00007FF799C04000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-131.dat	xmrig
behavioral2/memory/368-130-0x00007FF62FB40000-0x00007FF62FE94000-memory.dmp	xmrig
behavioral2/memory/5020-124-0x00007FF747760000-0x00007FF747AB4000-memory.dmp	xmrig
behavioral2/memory/3196-123-0x00007FF72B480000-0x00007FF72B7D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-118.dat	xmrig
behavioral2/memory/3692-117-0x00007FF66ACB0000-0x00007FF66B004000-memory.dmp	xmrig
behavioral2/memory/3684-116-0x00007FF794B50000-0x00007FF794EA4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-111.dat	xmrig
behavioral2/memory/4396-110-0x00007FF6A25F0000-0x00007FF6A2944000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-105.dat	xmrig
behavioral2/memory/3992-104-0x00007FF6F8280000-0x00007FF6F85D4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023415-99.dat	xmrig
behavioral2/memory/1352-98-0x00007FF7748C0000-0x00007FF774C14000-memory.dmp	xmrig
behavioral2/memory/2732-97-0x00007FF672200000-0x00007FF672554000-memory.dmp	xmrig
behavioral2/memory/3432-91-0x00007FF652BD0000-0x00007FF652F24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-85.dat	xmrig
behavioral2/memory/1700-84-0x00007FF740BB0000-0x00007FF740F04000-memory.dmp	xmrig
behavioral2/memory/2072-83-0x00007FF73C4D0000-0x00007FF73C824000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-78.dat	xmrig
behavioral2/memory/4656-77-0x00007FF746E70000-0x00007FF7471C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2732	fYMtpdn.exe
1204	zkHebJu.exe
4396	CzGopvO.exe
3432	mnNKFnZ.exe
4048	YgANwqb.exe
3196	DuLGQwR.exe
3720	UeuMpAb.exe
812	hJCCTJb.exe
4976	UiSUufN.exe
2148	Pwhjafc.exe
5072	QAfHEkZ.exe
4656	djkUdZt.exe
2072	QpIEVjX.exe
2456	JiySoFX.exe
1352	iwmfBLZ.exe
3992	tHqIXky.exe
3684	UiYxAEC.exe
3692	eyNjQPi.exe
5020	dSHlrLA.exe
368	pcIUEFO.exe
2240	RBpRytr.exe
1272	rTeuRKd.exe
4052	pOCyGto.exe
1448	PshjFFO.exe
4332	cAEeawm.exe
1296	PMuLqOV.exe
3732	afWCFYx.exe
2200	kLzdvHf.exe
2760	CSBHTrx.exe
1744	iadmCMY.exe
4896	dKrkhxd.exe
1836	eRnPGtX.exe
3660	hVBJLnq.exe
4908	NoIjDul.exe
1536	HIVleqM.exe
3548	cJotuur.exe
2372	kByWCrH.exe
4536	YUFdije.exe
4564	sgZzQoF.exe
2592	ycdyPgw.exe
4808	EAXIoCG.exe
4500	yYBmRrt.exe
1828	PBUyZpx.exe
4304	fLXYbAE.exe
4292	ysQekNr.exe
3360	GMGVQdo.exe
2540	aMTYqlj.exe
1328	oigYsmO.exe
1896	mBKOyGW.exe
2940	TWUANJT.exe
4928	BAJaOjF.exe
3672	AdxMVsH.exe
3000	WdCBSLb.exe
1812	EwxZfCA.exe
4840	EWsOHQq.exe
3664	TCxnBtZ.exe
1652	yCLhoNJ.exe
1444	NyQoOuQ.exe
4440	YednfQD.exe
2040	bcDHgTp.exe
1412	UMfQPud.exe
3928	KOlJwop.exe
5052	lchSQmc.exe
4680	aLHOGri.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1700-0-0x00007FF740BB0000-0x00007FF740F04000-memory.dmp	upx
behavioral2/files/0x000a00000002328e-4.dat	upx
behavioral2/memory/2732-8-0x00007FF672200000-0x00007FF672554000-memory.dmp	upx
behavioral2/files/0x000700000002341d-10.dat	upx
behavioral2/files/0x000700000002341c-11.dat	upx
behavioral2/files/0x000700000002341e-20.dat	upx
behavioral2/memory/3432-28-0x00007FF652BD0000-0x00007FF652F24000-memory.dmp	upx
behavioral2/files/0x0007000000023420-35.dat	upx
behavioral2/files/0x0007000000023422-44.dat	upx
behavioral2/memory/812-57-0x00007FF78ACB0000-0x00007FF78B004000-memory.dmp	upx
behavioral2/memory/2148-62-0x00007FF7F0130000-0x00007FF7F0484000-memory.dmp	upx
behavioral2/memory/4976-71-0x00007FF6475E0000-0x00007FF647934000-memory.dmp	upx
behavioral2/files/0x0007000000023428-80.dat	upx
behavioral2/memory/2456-90-0x00007FF649920000-0x00007FF649C74000-memory.dmp	upx
behavioral2/files/0x000700000002342c-113.dat	upx
behavioral2/files/0x0007000000023430-140.dat	upx
behavioral2/memory/2148-156-0x00007FF7F0130000-0x00007FF7F0484000-memory.dmp	upx
behavioral2/memory/3732-178-0x00007FF61C860000-0x00007FF61CBB4000-memory.dmp	upx
behavioral2/files/0x0007000000023438-194.dat	upx
behavioral2/files/0x000700000002343a-204.dat	upx
behavioral2/files/0x0007000000023439-199.dat	upx
behavioral2/files/0x0007000000023437-197.dat	upx
behavioral2/files/0x0007000000023436-192.dat	upx
behavioral2/memory/2760-191-0x00007FF70FBD0000-0x00007FF70FF24000-memory.dmp	upx
behavioral2/files/0x0007000000023435-186.dat	upx
behavioral2/memory/2200-185-0x00007FF6F38C0000-0x00007FF6F3C14000-memory.dmp	upx
behavioral2/files/0x0007000000023434-180.dat	upx
behavioral2/memory/2456-179-0x00007FF649920000-0x00007FF649C74000-memory.dmp	upx
behavioral2/files/0x0007000000023433-173.dat	upx
behavioral2/memory/2072-172-0x00007FF73C4D0000-0x00007FF73C824000-memory.dmp	upx
behavioral2/memory/1296-171-0x00007FF79F1B0000-0x00007FF79F504000-memory.dmp	upx
behavioral2/files/0x0007000000023432-166.dat	upx
behavioral2/memory/4656-165-0x00007FF746E70000-0x00007FF7471C4000-memory.dmp	upx
behavioral2/memory/4332-164-0x00007FF7854A0000-0x00007FF7857F4000-memory.dmp	upx
behavioral2/files/0x0007000000023431-159.dat	upx
behavioral2/memory/1448-158-0x00007FF605E00000-0x00007FF606154000-memory.dmp	upx
behavioral2/memory/5072-157-0x00007FF6B5310000-0x00007FF6B5664000-memory.dmp	upx
behavioral2/memory/4052-150-0x00007FF669CA0000-0x00007FF669FF4000-memory.dmp	upx
behavioral2/memory/812-149-0x00007FF78ACB0000-0x00007FF78B004000-memory.dmp	upx
behavioral2/files/0x000700000002342f-144.dat	upx
behavioral2/memory/1272-143-0x00007FF7A2F00000-0x00007FF7A3254000-memory.dmp	upx
behavioral2/memory/2240-137-0x00007FF7D2140000-0x00007FF7D2494000-memory.dmp	upx
behavioral2/files/0x000700000002342e-138.dat	upx
behavioral2/memory/3720-136-0x00007FF7998B0000-0x00007FF799C04000-memory.dmp	upx
behavioral2/files/0x000700000002342d-131.dat	upx
behavioral2/memory/368-130-0x00007FF62FB40000-0x00007FF62FE94000-memory.dmp	upx
behavioral2/memory/5020-124-0x00007FF747760000-0x00007FF747AB4000-memory.dmp	upx
behavioral2/memory/3196-123-0x00007FF72B480000-0x00007FF72B7D4000-memory.dmp	upx
behavioral2/files/0x000700000002342b-118.dat	upx
behavioral2/memory/3692-117-0x00007FF66ACB0000-0x00007FF66B004000-memory.dmp	upx
behavioral2/memory/3684-116-0x00007FF794B50000-0x00007FF794EA4000-memory.dmp	upx
behavioral2/files/0x000700000002342a-111.dat	upx
behavioral2/memory/4396-110-0x00007FF6A25F0000-0x00007FF6A2944000-memory.dmp	upx
behavioral2/files/0x0007000000023429-105.dat	upx
behavioral2/memory/3992-104-0x00007FF6F8280000-0x00007FF6F85D4000-memory.dmp	upx
behavioral2/files/0x0009000000023415-99.dat	upx
behavioral2/memory/1352-98-0x00007FF7748C0000-0x00007FF774C14000-memory.dmp	upx
behavioral2/memory/2732-97-0x00007FF672200000-0x00007FF672554000-memory.dmp	upx
behavioral2/memory/3432-91-0x00007FF652BD0000-0x00007FF652F24000-memory.dmp	upx
behavioral2/files/0x0007000000023427-85.dat	upx
behavioral2/memory/1700-84-0x00007FF740BB0000-0x00007FF740F04000-memory.dmp	upx
behavioral2/memory/2072-83-0x00007FF73C4D0000-0x00007FF73C824000-memory.dmp	upx
behavioral2/files/0x0007000000023426-78.dat	upx
behavioral2/memory/4656-77-0x00007FF746E70000-0x00007FF7471C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kQPJdDF.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\TRTxFyB.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\GAhGgnp.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\raswHle.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\NcNCwLz.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\RwEwwAu.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\ZQSrmJY.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\FOgJDVb.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\DicRuPt.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\KzpTfNi.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\FoyOTXc.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\weKfVJS.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\oIjlQUu.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\eYGkFtJ.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\yjQPNbO.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\OWNcoFN.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\RCopInv.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\HqKCHYt.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\bUHcQIP.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\DjxhBxG.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\SbhgSxg.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\bGhSejk.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\dKrkhxd.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\rnlEElg.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\LYRemuA.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\eoqIfxw.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\DnIMjLy.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\UhaxSKH.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\TBdGAmK.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\aRqbzKq.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\iadmCMY.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\EWsOHQq.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\qwuotLt.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\CIWVVWe.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\vrvIqPq.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\jZVoPOo.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\sgZzQoF.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\oSFCcyc.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\sLCAqos.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\sOFBGAE.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\VmIlUCc.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\USefKRO.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\CtYUwSO.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\TRzNajM.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\eRnPGtX.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\VoGbUgT.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\IcepVWG.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\IjYqcRn.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\wHcwtaW.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\cRbLVBx.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\FQuBXCM.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\HDCabAn.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\GNaRSKD.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\eWKbksC.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\Lemuisr.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\XQLNUJX.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\UOWPlRB.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\akWefye.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\NOTuWse.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\VFEpuiR.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\KrvHDwO.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\JnsIBHZ.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\FpwqYOf.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
File created	C:\Windows\System\tctlZhL.exe	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13460	dwm.exe
Token: SeChangeNotifyPrivilege	13460	dwm.exe
Token: 33	13460	dwm.exe
Token: SeIncBasePriorityPrivilege	13460	dwm.exe
Token: SeShutdownPrivilege	13460	dwm.exe
Token: SeCreatePagefilePrivilege	13460	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2732	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	84
PID 1700 wrote to memory of 2732	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	84
PID 1700 wrote to memory of 1204	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	85
PID 1700 wrote to memory of 1204	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	85
PID 1700 wrote to memory of 4396	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	86
PID 1700 wrote to memory of 4396	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	86
PID 1700 wrote to memory of 3432	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	87
PID 1700 wrote to memory of 3432	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	87
PID 1700 wrote to memory of 4048	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	88
PID 1700 wrote to memory of 4048	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	88
PID 1700 wrote to memory of 3196	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	89
PID 1700 wrote to memory of 3196	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	89
PID 1700 wrote to memory of 3720	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	90
PID 1700 wrote to memory of 3720	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	90
PID 1700 wrote to memory of 812	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	91
PID 1700 wrote to memory of 812	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	91
PID 1700 wrote to memory of 4976	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	92
PID 1700 wrote to memory of 4976	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	92
PID 1700 wrote to memory of 2148	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	93
PID 1700 wrote to memory of 2148	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	93
PID 1700 wrote to memory of 5072	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	94
PID 1700 wrote to memory of 5072	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	94
PID 1700 wrote to memory of 4656	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	95
PID 1700 wrote to memory of 4656	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	95
PID 1700 wrote to memory of 2072	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	96
PID 1700 wrote to memory of 2072	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	96
PID 1700 wrote to memory of 2456	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	97
PID 1700 wrote to memory of 2456	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	97
PID 1700 wrote to memory of 1352	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	98
PID 1700 wrote to memory of 1352	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	98
PID 1700 wrote to memory of 3992	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	99
PID 1700 wrote to memory of 3992	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	99
PID 1700 wrote to memory of 3684	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	100
PID 1700 wrote to memory of 3684	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	100
PID 1700 wrote to memory of 3692	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	101
PID 1700 wrote to memory of 3692	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	101
PID 1700 wrote to memory of 5020	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	102
PID 1700 wrote to memory of 5020	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	102
PID 1700 wrote to memory of 368	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	103
PID 1700 wrote to memory of 368	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	103
PID 1700 wrote to memory of 2240	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	104
PID 1700 wrote to memory of 2240	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	104
PID 1700 wrote to memory of 1272	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	105
PID 1700 wrote to memory of 1272	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	105
PID 1700 wrote to memory of 4052	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	106
PID 1700 wrote to memory of 4052	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	106
PID 1700 wrote to memory of 1448	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	107
PID 1700 wrote to memory of 1448	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	107
PID 1700 wrote to memory of 4332	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	108
PID 1700 wrote to memory of 4332	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	108
PID 1700 wrote to memory of 1296	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	109
PID 1700 wrote to memory of 1296	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	109
PID 1700 wrote to memory of 3732	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	110
PID 1700 wrote to memory of 3732	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	110
PID 1700 wrote to memory of 2200	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	111
PID 1700 wrote to memory of 2200	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	111
PID 1700 wrote to memory of 2760	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	112
PID 1700 wrote to memory of 2760	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	112
PID 1700 wrote to memory of 1744	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	113
PID 1700 wrote to memory of 1744	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	113
PID 1700 wrote to memory of 4896	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	114
PID 1700 wrote to memory of 4896	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	114
PID 1700 wrote to memory of 1836	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	115
PID 1700 wrote to memory of 1836	1700	20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\20656fa3bfc6c8dc8aa3a7c9ea44a200_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\System\fYMtpdn.exe
  C:\Windows\System\fYMtpdn.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\zkHebJu.exe
  C:\Windows\System\zkHebJu.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\CzGopvO.exe
  C:\Windows\System\CzGopvO.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\mnNKFnZ.exe
  C:\Windows\System\mnNKFnZ.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\YgANwqb.exe
  C:\Windows\System\YgANwqb.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\DuLGQwR.exe
  C:\Windows\System\DuLGQwR.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\UeuMpAb.exe
  C:\Windows\System\UeuMpAb.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\hJCCTJb.exe
  C:\Windows\System\hJCCTJb.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\UiSUufN.exe
  C:\Windows\System\UiSUufN.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\Pwhjafc.exe
  C:\Windows\System\Pwhjafc.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\QAfHEkZ.exe
  C:\Windows\System\QAfHEkZ.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\djkUdZt.exe
  C:\Windows\System\djkUdZt.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\QpIEVjX.exe
  C:\Windows\System\QpIEVjX.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\JiySoFX.exe
  C:\Windows\System\JiySoFX.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\iwmfBLZ.exe
  C:\Windows\System\iwmfBLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\tHqIXky.exe
  C:\Windows\System\tHqIXky.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\UiYxAEC.exe
  C:\Windows\System\UiYxAEC.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\eyNjQPi.exe
  C:\Windows\System\eyNjQPi.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\dSHlrLA.exe
  C:\Windows\System\dSHlrLA.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\pcIUEFO.exe
  C:\Windows\System\pcIUEFO.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\RBpRytr.exe
  C:\Windows\System\RBpRytr.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\rTeuRKd.exe
  C:\Windows\System\rTeuRKd.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\pOCyGto.exe
  C:\Windows\System\pOCyGto.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\PshjFFO.exe
  C:\Windows\System\PshjFFO.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\cAEeawm.exe
  C:\Windows\System\cAEeawm.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\PMuLqOV.exe
  C:\Windows\System\PMuLqOV.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\afWCFYx.exe
  C:\Windows\System\afWCFYx.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\kLzdvHf.exe
  C:\Windows\System\kLzdvHf.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\CSBHTrx.exe
  C:\Windows\System\CSBHTrx.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\iadmCMY.exe
  C:\Windows\System\iadmCMY.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\dKrkhxd.exe
  C:\Windows\System\dKrkhxd.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\eRnPGtX.exe
  C:\Windows\System\eRnPGtX.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\hVBJLnq.exe
  C:\Windows\System\hVBJLnq.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\NoIjDul.exe
  C:\Windows\System\NoIjDul.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\HIVleqM.exe
  C:\Windows\System\HIVleqM.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\cJotuur.exe
  C:\Windows\System\cJotuur.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\kByWCrH.exe
  C:\Windows\System\kByWCrH.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\YUFdije.exe
  C:\Windows\System\YUFdije.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\sgZzQoF.exe
  C:\Windows\System\sgZzQoF.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\ycdyPgw.exe
  C:\Windows\System\ycdyPgw.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\EAXIoCG.exe
  C:\Windows\System\EAXIoCG.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\yYBmRrt.exe
  C:\Windows\System\yYBmRrt.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\PBUyZpx.exe
  C:\Windows\System\PBUyZpx.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\fLXYbAE.exe
  C:\Windows\System\fLXYbAE.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\ysQekNr.exe
  C:\Windows\System\ysQekNr.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\GMGVQdo.exe
  C:\Windows\System\GMGVQdo.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\aMTYqlj.exe
  C:\Windows\System\aMTYqlj.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\oigYsmO.exe
  C:\Windows\System\oigYsmO.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\mBKOyGW.exe
  C:\Windows\System\mBKOyGW.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\TWUANJT.exe
  C:\Windows\System\TWUANJT.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\BAJaOjF.exe
  C:\Windows\System\BAJaOjF.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\AdxMVsH.exe
  C:\Windows\System\AdxMVsH.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\WdCBSLb.exe
  C:\Windows\System\WdCBSLb.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\EwxZfCA.exe
  C:\Windows\System\EwxZfCA.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\EWsOHQq.exe
  C:\Windows\System\EWsOHQq.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\TCxnBtZ.exe
  C:\Windows\System\TCxnBtZ.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\yCLhoNJ.exe
  C:\Windows\System\yCLhoNJ.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\NyQoOuQ.exe
  C:\Windows\System\NyQoOuQ.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\YednfQD.exe
  C:\Windows\System\YednfQD.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\bcDHgTp.exe
  C:\Windows\System\bcDHgTp.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\UMfQPud.exe
  C:\Windows\System\UMfQPud.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\KOlJwop.exe
  C:\Windows\System\KOlJwop.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\lchSQmc.exe
  C:\Windows\System\lchSQmc.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\aLHOGri.exe
  C:\Windows\System\aLHOGri.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\NcSfBZF.exe
  C:\Windows\System\NcSfBZF.exe
  2⤵
  PID:4844
- C:\Windows\System\noSRZRB.exe
  C:\Windows\System\noSRZRB.exe
  2⤵
  PID:5140
- C:\Windows\System\uSMNRrH.exe
  C:\Windows\System\uSMNRrH.exe
  2⤵
  PID:5168
- C:\Windows\System\XnGhqJp.exe
  C:\Windows\System\XnGhqJp.exe
  2⤵
  PID:5200
- C:\Windows\System\GRsuCur.exe
  C:\Windows\System\GRsuCur.exe
  2⤵
  PID:5236
- C:\Windows\System\KwvSEnr.exe
  C:\Windows\System\KwvSEnr.exe
  2⤵
  PID:5264
- C:\Windows\System\xuVMtSS.exe
  C:\Windows\System\xuVMtSS.exe
  2⤵
  PID:5288
- C:\Windows\System\fRBNDMA.exe
  C:\Windows\System\fRBNDMA.exe
  2⤵
  PID:5308
- C:\Windows\System\gQdvDNg.exe
  C:\Windows\System\gQdvDNg.exe
  2⤵
  PID:5336
- C:\Windows\System\oSFCcyc.exe
  C:\Windows\System\oSFCcyc.exe
  2⤵
  PID:5364
- C:\Windows\System\vFQscTl.exe
  C:\Windows\System\vFQscTl.exe
  2⤵
  PID:5392
- C:\Windows\System\qggkXNL.exe
  C:\Windows\System\qggkXNL.exe
  2⤵
  PID:5420
- C:\Windows\System\bnFsxBG.exe
  C:\Windows\System\bnFsxBG.exe
  2⤵
  PID:5448
- C:\Windows\System\akWefye.exe
  C:\Windows\System\akWefye.exe
  2⤵
  PID:5476
- C:\Windows\System\SHYOXZn.exe
  C:\Windows\System\SHYOXZn.exe
  2⤵
  PID:5504
- C:\Windows\System\oSqlpUo.exe
  C:\Windows\System\oSqlpUo.exe
  2⤵
  PID:5532
- C:\Windows\System\YlWWgqo.exe
  C:\Windows\System\YlWWgqo.exe
  2⤵
  PID:5560
- C:\Windows\System\WjFXLrC.exe
  C:\Windows\System\WjFXLrC.exe
  2⤵
  PID:5584
- C:\Windows\System\DQFpNJk.exe
  C:\Windows\System\DQFpNJk.exe
  2⤵
  PID:5612
- C:\Windows\System\ThgkrmF.exe
  C:\Windows\System\ThgkrmF.exe
  2⤵
  PID:5644
- C:\Windows\System\qCZuSEA.exe
  C:\Windows\System\qCZuSEA.exe
  2⤵
  PID:5672
- C:\Windows\System\qwuotLt.exe
  C:\Windows\System\qwuotLt.exe
  2⤵
  PID:5700
- C:\Windows\System\OBiFDxF.exe
  C:\Windows\System\OBiFDxF.exe
  2⤵
  PID:5728
- C:\Windows\System\WpxoZgk.exe
  C:\Windows\System\WpxoZgk.exe
  2⤵
  PID:5756
- C:\Windows\System\wVQJnMz.exe
  C:\Windows\System\wVQJnMz.exe
  2⤵
  PID:5784
- C:\Windows\System\UHAcoSD.exe
  C:\Windows\System\UHAcoSD.exe
  2⤵
  PID:5812
- C:\Windows\System\FaVFmUP.exe
  C:\Windows\System\FaVFmUP.exe
  2⤵
  PID:5840
- C:\Windows\System\ljYMSIU.exe
  C:\Windows\System\ljYMSIU.exe
  2⤵
  PID:5868
- C:\Windows\System\mRXnkNR.exe
  C:\Windows\System\mRXnkNR.exe
  2⤵
  PID:5896
- C:\Windows\System\rbXJfvN.exe
  C:\Windows\System\rbXJfvN.exe
  2⤵
  PID:5924
- C:\Windows\System\ILllDTc.exe
  C:\Windows\System\ILllDTc.exe
  2⤵
  PID:5952
- C:\Windows\System\EsLxMnh.exe
  C:\Windows\System\EsLxMnh.exe
  2⤵
  PID:5980
- C:\Windows\System\HIevJXf.exe
  C:\Windows\System\HIevJXf.exe
  2⤵
  PID:6008
- C:\Windows\System\TPfqszY.exe
  C:\Windows\System\TPfqszY.exe
  2⤵
  PID:6036
- C:\Windows\System\pfQqgLS.exe
  C:\Windows\System\pfQqgLS.exe
  2⤵
  PID:6064
- C:\Windows\System\tUIvYAr.exe
  C:\Windows\System\tUIvYAr.exe
  2⤵
  PID:6092
- C:\Windows\System\mEEdgzz.exe
  C:\Windows\System\mEEdgzz.exe
  2⤵
  PID:6120
- C:\Windows\System\XRAwEHh.exe
  C:\Windows\System\XRAwEHh.exe
  2⤵
  PID:4348
- C:\Windows\System\KFVNPba.exe
  C:\Windows\System\KFVNPba.exe
  2⤵
  PID:4592
- C:\Windows\System\WofKRYK.exe
  C:\Windows\System\WofKRYK.exe
  2⤵
  PID:2340
- C:\Windows\System\mynpwqG.exe
  C:\Windows\System\mynpwqG.exe
  2⤵
  PID:4884
- C:\Windows\System\dQTnzds.exe
  C:\Windows\System\dQTnzds.exe
  2⤵
  PID:3408
- C:\Windows\System\ZUnRuDc.exe
  C:\Windows\System\ZUnRuDc.exe
  2⤵
  PID:4372
- C:\Windows\System\GBgdxNF.exe
  C:\Windows\System\GBgdxNF.exe
  2⤵
  PID:3280
- C:\Windows\System\fJmCHkm.exe
  C:\Windows\System\fJmCHkm.exe
  2⤵
  PID:1928
- C:\Windows\System\FeThuUs.exe
  C:\Windows\System\FeThuUs.exe
  2⤵
  PID:3276
- C:\Windows\System\TCDDWnt.exe
  C:\Windows\System\TCDDWnt.exe
  2⤵
  PID:5132
- C:\Windows\System\KzpTfNi.exe
  C:\Windows\System\KzpTfNi.exe
  2⤵
  PID:5216
- C:\Windows\System\DvnePnN.exe
  C:\Windows\System\DvnePnN.exe
  2⤵
  PID:5276
- C:\Windows\System\kebYGtP.exe
  C:\Windows\System\kebYGtP.exe
  2⤵
  PID:5328
- C:\Windows\System\FCmzuqm.exe
  C:\Windows\System\FCmzuqm.exe
  2⤵
  PID:5404
- C:\Windows\System\nsIvVhJ.exe
  C:\Windows\System\nsIvVhJ.exe
  2⤵
  PID:5464
- C:\Windows\System\SoAUfFD.exe
  C:\Windows\System\SoAUfFD.exe
  2⤵
  PID:5524
- C:\Windows\System\zndvkaz.exe
  C:\Windows\System\zndvkaz.exe
  2⤵
  PID:5600
- C:\Windows\System\XTBfSCs.exe
  C:\Windows\System\XTBfSCs.exe
  2⤵
  PID:5660
- C:\Windows\System\rnlEElg.exe
  C:\Windows\System\rnlEElg.exe
  2⤵
  PID:5724
- C:\Windows\System\gooGQPs.exe
  C:\Windows\System\gooGQPs.exe
  2⤵
  PID:5796
- C:\Windows\System\BowgBQl.exe
  C:\Windows\System\BowgBQl.exe
  2⤵
  PID:5856
- C:\Windows\System\PSeQtfd.exe
  C:\Windows\System\PSeQtfd.exe
  2⤵
  PID:5916
- C:\Windows\System\rRRIjXQ.exe
  C:\Windows\System\rRRIjXQ.exe
  2⤵
  PID:5992
- C:\Windows\System\QzWRGZy.exe
  C:\Windows\System\QzWRGZy.exe
  2⤵
  PID:6048
- C:\Windows\System\NMjGzJw.exe
  C:\Windows\System\NMjGzJw.exe
  2⤵
  PID:6132
- C:\Windows\System\VoGbUgT.exe
  C:\Windows\System\VoGbUgT.exe
  2⤵
  PID:1824
- C:\Windows\System\XtNigJD.exe
  C:\Windows\System\XtNigJD.exe
  2⤵
  PID:2848
- C:\Windows\System\zGNNMCy.exe
  C:\Windows\System\zGNNMCy.exe
  2⤵
  PID:760
- C:\Windows\System\JnsIBHZ.exe
  C:\Windows\System\JnsIBHZ.exe
  2⤵
  PID:6168
- C:\Windows\System\qpDHiia.exe
  C:\Windows\System\qpDHiia.exe
  2⤵
  PID:6184
- C:\Windows\System\BpBzZvt.exe
  C:\Windows\System\BpBzZvt.exe
  2⤵
  PID:6212
- C:\Windows\System\fmYncNp.exe
  C:\Windows\System\fmYncNp.exe
  2⤵
  PID:6240
- C:\Windows\System\modgCnu.exe
  C:\Windows\System\modgCnu.exe
  2⤵
  PID:6268
- C:\Windows\System\FoyOTXc.exe
  C:\Windows\System\FoyOTXc.exe
  2⤵
  PID:6296
- C:\Windows\System\xQEhYdy.exe
  C:\Windows\System\xQEhYdy.exe
  2⤵
  PID:6324
- C:\Windows\System\czxhOwS.exe
  C:\Windows\System\czxhOwS.exe
  2⤵
  PID:6352
- C:\Windows\System\nrVKaIN.exe
  C:\Windows\System\nrVKaIN.exe
  2⤵
  PID:6380
- C:\Windows\System\sRFCBFz.exe
  C:\Windows\System\sRFCBFz.exe
  2⤵
  PID:6408
- C:\Windows\System\weKfVJS.exe
  C:\Windows\System\weKfVJS.exe
  2⤵
  PID:6432
- C:\Windows\System\aYnQXSy.exe
  C:\Windows\System\aYnQXSy.exe
  2⤵
  PID:6464
- C:\Windows\System\bQskNTI.exe
  C:\Windows\System\bQskNTI.exe
  2⤵
  PID:6492
- C:\Windows\System\jgoLsWB.exe
  C:\Windows\System\jgoLsWB.exe
  2⤵
  PID:6520
- C:\Windows\System\Nidzwez.exe
  C:\Windows\System\Nidzwez.exe
  2⤵
  PID:6548
- C:\Windows\System\dZueSbm.exe
  C:\Windows\System\dZueSbm.exe
  2⤵
  PID:6576
- C:\Windows\System\EHUvSgf.exe
  C:\Windows\System\EHUvSgf.exe
  2⤵
  PID:6604
- C:\Windows\System\AqOegJX.exe
  C:\Windows\System\AqOegJX.exe
  2⤵
  PID:6632
- C:\Windows\System\avdvnDs.exe
  C:\Windows\System\avdvnDs.exe
  2⤵
  PID:6660
- C:\Windows\System\aXMALJb.exe
  C:\Windows\System\aXMALJb.exe
  2⤵
  PID:6688
- C:\Windows\System\tmYpXUc.exe
  C:\Windows\System\tmYpXUc.exe
  2⤵
  PID:6716
- C:\Windows\System\frEQmoV.exe
  C:\Windows\System\frEQmoV.exe
  2⤵
  PID:6744
- C:\Windows\System\SxUNKto.exe
  C:\Windows\System\SxUNKto.exe
  2⤵
  PID:6772
- C:\Windows\System\FrWTvFn.exe
  C:\Windows\System\FrWTvFn.exe
  2⤵
  PID:6800
- C:\Windows\System\MDGmMgb.exe
  C:\Windows\System\MDGmMgb.exe
  2⤵
  PID:6828
- C:\Windows\System\bskhAOI.exe
  C:\Windows\System\bskhAOI.exe
  2⤵
  PID:6856
- C:\Windows\System\HtrnkSs.exe
  C:\Windows\System\HtrnkSs.exe
  2⤵
  PID:6884
- C:\Windows\System\IcepVWG.exe
  C:\Windows\System\IcepVWG.exe
  2⤵
  PID:6912
- C:\Windows\System\IOivZad.exe
  C:\Windows\System\IOivZad.exe
  2⤵
  PID:6940
- C:\Windows\System\ZjxCDeW.exe
  C:\Windows\System\ZjxCDeW.exe
  2⤵
  PID:6968
- C:\Windows\System\AoybCEo.exe
  C:\Windows\System\AoybCEo.exe
  2⤵
  PID:6996
- C:\Windows\System\pJsYZAo.exe
  C:\Windows\System\pJsYZAo.exe
  2⤵
  PID:7024
- C:\Windows\System\XHtKpJh.exe
  C:\Windows\System\XHtKpJh.exe
  2⤵
  PID:7052
- C:\Windows\System\pOOwrTy.exe
  C:\Windows\System\pOOwrTy.exe
  2⤵
  PID:7080
- C:\Windows\System\zVCltWT.exe
  C:\Windows\System\zVCltWT.exe
  2⤵
  PID:7108
- C:\Windows\System\afWlqVM.exe
  C:\Windows\System\afWlqVM.exe
  2⤵
  PID:7136
- C:\Windows\System\vEVOTfD.exe
  C:\Windows\System\vEVOTfD.exe
  2⤵
  PID:7164
- C:\Windows\System\CIWVVWe.exe
  C:\Windows\System\CIWVVWe.exe
  2⤵
  PID:5160
- C:\Windows\System\Afaroqd.exe
  C:\Windows\System\Afaroqd.exe
  2⤵
  PID:5304
- C:\Windows\System\VasxHzG.exe
  C:\Windows\System\VasxHzG.exe
  2⤵
  PID:5440
- C:\Windows\System\ggAWBOI.exe
  C:\Windows\System\ggAWBOI.exe
  2⤵
  PID:5628
- C:\Windows\System\xKatXIZ.exe
  C:\Windows\System\xKatXIZ.exe
  2⤵
  PID:5768
- C:\Windows\System\ipuFOLp.exe
  C:\Windows\System\ipuFOLp.exe
  2⤵
  PID:5908
- C:\Windows\System\XzTLyqH.exe
  C:\Windows\System\XzTLyqH.exe
  2⤵
  PID:6080
- C:\Windows\System\cXpxUDU.exe
  C:\Windows\System\cXpxUDU.exe
  2⤵
  PID:5076
- C:\Windows\System\oCakQwf.exe
  C:\Windows\System\oCakQwf.exe
  2⤵
  PID:6156
- C:\Windows\System\HNuQGmA.exe
  C:\Windows\System\HNuQGmA.exe
  2⤵
  PID:6224
- C:\Windows\System\QbKCyJW.exe
  C:\Windows\System\QbKCyJW.exe
  2⤵
  PID:6284
- C:\Windows\System\ILPdwwF.exe
  C:\Windows\System\ILPdwwF.exe
  2⤵
  PID:6344
- C:\Windows\System\zcjATnp.exe
  C:\Windows\System\zcjATnp.exe
  2⤵
  PID:6400
- C:\Windows\System\amQmraw.exe
  C:\Windows\System\amQmraw.exe
  2⤵
  PID:6476
- C:\Windows\System\dbRBUJw.exe
  C:\Windows\System\dbRBUJw.exe
  2⤵
  PID:6536
- C:\Windows\System\eFWIzne.exe
  C:\Windows\System\eFWIzne.exe
  2⤵
  PID:6596
- C:\Windows\System\SxsjhLv.exe
  C:\Windows\System\SxsjhLv.exe
  2⤵
  PID:6672
- C:\Windows\System\lggCHvE.exe
  C:\Windows\System\lggCHvE.exe
  2⤵
  PID:6736
- C:\Windows\System\jwjGouO.exe
  C:\Windows\System\jwjGouO.exe
  2⤵
  PID:6792
- C:\Windows\System\VGXEoZw.exe
  C:\Windows\System\VGXEoZw.exe
  2⤵
  PID:6868
- C:\Windows\System\gnzLQRw.exe
  C:\Windows\System\gnzLQRw.exe
  2⤵
  PID:6928
- C:\Windows\System\bodQAje.exe
  C:\Windows\System\bodQAje.exe
  2⤵
  PID:6988
- C:\Windows\System\AGkDaXZ.exe
  C:\Windows\System\AGkDaXZ.exe
  2⤵
  PID:7064
- C:\Windows\System\MJjJpyy.exe
  C:\Windows\System\MJjJpyy.exe
  2⤵
  PID:7124
- C:\Windows\System\yXcTirC.exe
  C:\Windows\System\yXcTirC.exe
  2⤵
  PID:4968
- C:\Windows\System\SqhbHlB.exe
  C:\Windows\System\SqhbHlB.exe
  2⤵
  PID:5516
- C:\Windows\System\aWfddmL.exe
  C:\Windows\System\aWfddmL.exe
  2⤵
  PID:5836
- C:\Windows\System\zjHlVvu.exe
  C:\Windows\System\zjHlVvu.exe
  2⤵
  PID:1972
- C:\Windows\System\DrUqPqq.exe
  C:\Windows\System\DrUqPqq.exe
  2⤵
  PID:6252
- C:\Windows\System\HeyZLJs.exe
  C:\Windows\System\HeyZLJs.exe
  2⤵
  PID:6392
- C:\Windows\System\fjrOGuF.exe
  C:\Windows\System\fjrOGuF.exe
  2⤵
  PID:6512
- C:\Windows\System\jCghrvT.exe
  C:\Windows\System\jCghrvT.exe
  2⤵
  PID:7192
- C:\Windows\System\bUYkYMS.exe
  C:\Windows\System\bUYkYMS.exe
  2⤵
  PID:7224
- C:\Windows\System\YwaGOMW.exe
  C:\Windows\System\YwaGOMW.exe
  2⤵
  PID:7248
- C:\Windows\System\hAgXYrA.exe
  C:\Windows\System\hAgXYrA.exe
  2⤵
  PID:7276
- C:\Windows\System\NhJDUjY.exe
  C:\Windows\System\NhJDUjY.exe
  2⤵
  PID:7308
- C:\Windows\System\oORpHYu.exe
  C:\Windows\System\oORpHYu.exe
  2⤵
  PID:7332
- C:\Windows\System\aPtoVss.exe
  C:\Windows\System\aPtoVss.exe
  2⤵
  PID:7364
- C:\Windows\System\iigatNY.exe
  C:\Windows\System\iigatNY.exe
  2⤵
  PID:7392
- C:\Windows\System\NOTuWse.exe
  C:\Windows\System\NOTuWse.exe
  2⤵
  PID:7420
- C:\Windows\System\xbVoIMS.exe
  C:\Windows\System\xbVoIMS.exe
  2⤵
  PID:7448
- C:\Windows\System\FpwqYOf.exe
  C:\Windows\System\FpwqYOf.exe
  2⤵
  PID:7476
- C:\Windows\System\nYohPFY.exe
  C:\Windows\System\nYohPFY.exe
  2⤵
  PID:7500
- C:\Windows\System\pUXZWcm.exe
  C:\Windows\System\pUXZWcm.exe
  2⤵
  PID:7532
- C:\Windows\System\nQHJofj.exe
  C:\Windows\System\nQHJofj.exe
  2⤵
  PID:7556
- C:\Windows\System\KwwFrAO.exe
  C:\Windows\System\KwwFrAO.exe
  2⤵
  PID:7588
- C:\Windows\System\YwTfttX.exe
  C:\Windows\System\YwTfttX.exe
  2⤵
  PID:7616
- C:\Windows\System\IjYqcRn.exe
  C:\Windows\System\IjYqcRn.exe
  2⤵
  PID:7640
- C:\Windows\System\IyApXbx.exe
  C:\Windows\System\IyApXbx.exe
  2⤵
  PID:7672
- C:\Windows\System\uKzYLPt.exe
  C:\Windows\System\uKzYLPt.exe
  2⤵
  PID:7696
- C:\Windows\System\mMuBaSP.exe
  C:\Windows\System\mMuBaSP.exe
  2⤵
  PID:7724
- C:\Windows\System\fHrezoM.exe
  C:\Windows\System\fHrezoM.exe
  2⤵
  PID:7756
- C:\Windows\System\QrPyLeR.exe
  C:\Windows\System\QrPyLeR.exe
  2⤵
  PID:7780
- C:\Windows\System\qWLpEQA.exe
  C:\Windows\System\qWLpEQA.exe
  2⤵
  PID:7808
- C:\Windows\System\wKQYTkR.exe
  C:\Windows\System\wKQYTkR.exe
  2⤵
  PID:7836
- C:\Windows\System\OUytPxp.exe
  C:\Windows\System\OUytPxp.exe
  2⤵
  PID:7868
- C:\Windows\System\iYPGzpl.exe
  C:\Windows\System\iYPGzpl.exe
  2⤵
  PID:7896
- C:\Windows\System\yjQPNbO.exe
  C:\Windows\System\yjQPNbO.exe
  2⤵
  PID:7924
- C:\Windows\System\IFBETxZ.exe
  C:\Windows\System\IFBETxZ.exe
  2⤵
  PID:7948
- C:\Windows\System\ZvEDTeo.exe
  C:\Windows\System\ZvEDTeo.exe
  2⤵
  PID:7976
- C:\Windows\System\cZfUOkX.exe
  C:\Windows\System\cZfUOkX.exe
  2⤵
  PID:8004
- C:\Windows\System\WYxOEka.exe
  C:\Windows\System\WYxOEka.exe
  2⤵
  PID:8036
- C:\Windows\System\GSjehFC.exe
  C:\Windows\System\GSjehFC.exe
  2⤵
  PID:8064
- C:\Windows\System\EhTrqTw.exe
  C:\Windows\System\EhTrqTw.exe
  2⤵
  PID:8088
- C:\Windows\System\xlhwZWS.exe
  C:\Windows\System\xlhwZWS.exe
  2⤵
  PID:8120
- C:\Windows\System\BjctQql.exe
  C:\Windows\System\BjctQql.exe
  2⤵
  PID:8148
- C:\Windows\System\wdsYYIy.exe
  C:\Windows\System\wdsYYIy.exe
  2⤵
  PID:8176
- C:\Windows\System\VwqFMkS.exe
  C:\Windows\System\VwqFMkS.exe
  2⤵
  PID:6624
- C:\Windows\System\RBkLVKj.exe
  C:\Windows\System\RBkLVKj.exe
  2⤵
  PID:6784
- C:\Windows\System\niSYplR.exe
  C:\Windows\System\niSYplR.exe
  2⤵
  PID:6904
- C:\Windows\System\VFEpuiR.exe
  C:\Windows\System\VFEpuiR.exe
  2⤵
  PID:7040
- C:\Windows\System\ovFZcqk.exe
  C:\Windows\System\ovFZcqk.exe
  2⤵
  PID:5252
- C:\Windows\System\yMCEVCE.exe
  C:\Windows\System\yMCEVCE.exe
  2⤵
  PID:6024
- C:\Windows\System\SjGWqRI.exe
  C:\Windows\System\SjGWqRI.exe
  2⤵
  PID:6336
- C:\Windows\System\DdHxZGY.exe
  C:\Windows\System\DdHxZGY.exe
  2⤵
  PID:7208
- C:\Windows\System\KUOfqYJ.exe
  C:\Windows\System\KUOfqYJ.exe
  2⤵
  PID:7268
- C:\Windows\System\ACMnNvO.exe
  C:\Windows\System\ACMnNvO.exe
  2⤵
  PID:7328
- C:\Windows\System\eWKbksC.exe
  C:\Windows\System\eWKbksC.exe
  2⤵
  PID:7404
- C:\Windows\System\Lemuisr.exe
  C:\Windows\System\Lemuisr.exe
  2⤵
  PID:7464
- C:\Windows\System\WQQXOAh.exe
  C:\Windows\System\WQQXOAh.exe
  2⤵
  PID:4672
- C:\Windows\System\SqkmylE.exe
  C:\Windows\System\SqkmylE.exe
  2⤵
  PID:7580
- C:\Windows\System\WRqKnKy.exe
  C:\Windows\System\WRqKnKy.exe
  2⤵
  PID:7632
- C:\Windows\System\mCXpaFU.exe
  C:\Windows\System\mCXpaFU.exe
  2⤵
  PID:7688
- C:\Windows\System\OAmCogI.exe
  C:\Windows\System\OAmCogI.exe
  2⤵
  PID:7748
- C:\Windows\System\soHXPQh.exe
  C:\Windows\System\soHXPQh.exe
  2⤵
  PID:7800
- C:\Windows\System\spKYUCQ.exe
  C:\Windows\System\spKYUCQ.exe
  2⤵
  PID:7860
- C:\Windows\System\NlpHymR.exe
  C:\Windows\System\NlpHymR.exe
  2⤵
  PID:7916
- C:\Windows\System\FAQYewT.exe
  C:\Windows\System\FAQYewT.exe
  2⤵
  PID:7996
- C:\Windows\System\LYRemuA.exe
  C:\Windows\System\LYRemuA.exe
  2⤵
  PID:8056
- C:\Windows\System\EweliHN.exe
  C:\Windows\System\EweliHN.exe
  2⤵
  PID:8132
- C:\Windows\System\xZCApfn.exe
  C:\Windows\System\xZCApfn.exe
  2⤵
  PID:8188
- C:\Windows\System\SjdqFtJ.exe
  C:\Windows\System\SjdqFtJ.exe
  2⤵
  PID:6840
- C:\Windows\System\sKaiBdJ.exe
  C:\Windows\System\sKaiBdJ.exe
  2⤵
  PID:7152
- C:\Windows\System\rEkBTrf.exe
  C:\Windows\System\rEkBTrf.exe
  2⤵
  PID:1068
- C:\Windows\System\mAeKVpT.exe
  C:\Windows\System\mAeKVpT.exe
  2⤵
  PID:7240
- C:\Windows\System\Yexezzx.exe
  C:\Windows\System\Yexezzx.exe
  2⤵
  PID:7380
- C:\Windows\System\VmIlUCc.exe
  C:\Windows\System\VmIlUCc.exe
  2⤵
  PID:7524
- C:\Windows\System\XQLNUJX.exe
  C:\Windows\System\XQLNUJX.exe
  2⤵
  PID:7656
- C:\Windows\System\zgcksWy.exe
  C:\Windows\System\zgcksWy.exe
  2⤵
  PID:7772
- C:\Windows\System\lQIdcBt.exe
  C:\Windows\System\lQIdcBt.exe
  2⤵
  PID:8216
- C:\Windows\System\XnilJOz.exe
  C:\Windows\System\XnilJOz.exe
  2⤵
  PID:8244
- C:\Windows\System\ZyuRfkd.exe
  C:\Windows\System\ZyuRfkd.exe
  2⤵
  PID:8272
- C:\Windows\System\WkMQHmH.exe
  C:\Windows\System\WkMQHmH.exe
  2⤵
  PID:8300
- C:\Windows\System\zmkuVRv.exe
  C:\Windows\System\zmkuVRv.exe
  2⤵
  PID:8328
- C:\Windows\System\wockeez.exe
  C:\Windows\System\wockeez.exe
  2⤵
  PID:8352
- C:\Windows\System\wFijUYi.exe
  C:\Windows\System\wFijUYi.exe
  2⤵
  PID:8384
- C:\Windows\System\eBLQXmK.exe
  C:\Windows\System\eBLQXmK.exe
  2⤵
  PID:8412
- C:\Windows\System\odaEPZL.exe
  C:\Windows\System\odaEPZL.exe
  2⤵
  PID:8440
- C:\Windows\System\Fejgwzo.exe
  C:\Windows\System\Fejgwzo.exe
  2⤵
  PID:8468
- C:\Windows\System\CXBuVdI.exe
  C:\Windows\System\CXBuVdI.exe
  2⤵
  PID:8496
- C:\Windows\System\NhazrKF.exe
  C:\Windows\System\NhazrKF.exe
  2⤵
  PID:8524
- C:\Windows\System\ZFmNMuZ.exe
  C:\Windows\System\ZFmNMuZ.exe
  2⤵
  PID:8552
- C:\Windows\System\GAhGgnp.exe
  C:\Windows\System\GAhGgnp.exe
  2⤵
  PID:8580
- C:\Windows\System\sLCAqos.exe
  C:\Windows\System\sLCAqos.exe
  2⤵
  PID:8608
- C:\Windows\System\svrVbXL.exe
  C:\Windows\System\svrVbXL.exe
  2⤵
  PID:8636
- C:\Windows\System\MTUCEOn.exe
  C:\Windows\System\MTUCEOn.exe
  2⤵
  PID:8664
- C:\Windows\System\bupMyNV.exe
  C:\Windows\System\bupMyNV.exe
  2⤵
  PID:8692
- C:\Windows\System\lAuJXmM.exe
  C:\Windows\System\lAuJXmM.exe
  2⤵
  PID:8720
- C:\Windows\System\jFtEeRW.exe
  C:\Windows\System\jFtEeRW.exe
  2⤵
  PID:8748
- C:\Windows\System\UcVFflJ.exe
  C:\Windows\System\UcVFflJ.exe
  2⤵
  PID:8776
- C:\Windows\System\nUmtsPO.exe
  C:\Windows\System\nUmtsPO.exe
  2⤵
  PID:8804
- C:\Windows\System\kvurpYw.exe
  C:\Windows\System\kvurpYw.exe
  2⤵
  PID:8832
- C:\Windows\System\UOWPlRB.exe
  C:\Windows\System\UOWPlRB.exe
  2⤵
  PID:8860
- C:\Windows\System\yXBCCGg.exe
  C:\Windows\System\yXBCCGg.exe
  2⤵
  PID:8888
- C:\Windows\System\yIIlvgm.exe
  C:\Windows\System\yIIlvgm.exe
  2⤵
  PID:8916
- C:\Windows\System\ZGbemWl.exe
  C:\Windows\System\ZGbemWl.exe
  2⤵
  PID:8944
- C:\Windows\System\zxcUYvu.exe
  C:\Windows\System\zxcUYvu.exe
  2⤵
  PID:8972
- C:\Windows\System\FtjbLPd.exe
  C:\Windows\System\FtjbLPd.exe
  2⤵
  PID:9000
- C:\Windows\System\OEqvIJF.exe
  C:\Windows\System\OEqvIJF.exe
  2⤵
  PID:9028
- C:\Windows\System\pHxcURj.exe
  C:\Windows\System\pHxcURj.exe
  2⤵
  PID:9056
- C:\Windows\System\YhomIBW.exe
  C:\Windows\System\YhomIBW.exe
  2⤵
  PID:9084
- C:\Windows\System\FMvqsFW.exe
  C:\Windows\System\FMvqsFW.exe
  2⤵
  PID:9112
- C:\Windows\System\LsKqIvr.exe
  C:\Windows\System\LsKqIvr.exe
  2⤵
  PID:9140
- C:\Windows\System\sCAfjjV.exe
  C:\Windows\System\sCAfjjV.exe
  2⤵
  PID:9168
- C:\Windows\System\qnUEjoa.exe
  C:\Windows\System\qnUEjoa.exe
  2⤵
  PID:9196
- C:\Windows\System\lAPPLNw.exe
  C:\Windows\System\lAPPLNw.exe
  2⤵
  PID:7852
- C:\Windows\System\VEDUscV.exe
  C:\Windows\System\VEDUscV.exe
  2⤵
  PID:7972
- C:\Windows\System\IoLhfnd.exe
  C:\Windows\System\IoLhfnd.exe
  2⤵
  PID:4832
- C:\Windows\System\xpdutkl.exe
  C:\Windows\System\xpdutkl.exe
  2⤵
  PID:6980
- C:\Windows\System\rZAzZHD.exe
  C:\Windows\System\rZAzZHD.exe
  2⤵
  PID:6504
- C:\Windows\System\rkcfvox.exe
  C:\Windows\System\rkcfvox.exe
  2⤵
  PID:2860
- C:\Windows\System\eoqIfxw.exe
  C:\Windows\System\eoqIfxw.exe
  2⤵
  PID:7720
- C:\Windows\System\YtfZVYo.exe
  C:\Windows\System\YtfZVYo.exe
  2⤵
  PID:8236
- C:\Windows\System\raIuSBX.exe
  C:\Windows\System\raIuSBX.exe
  2⤵
  PID:8312
- C:\Windows\System\KNGZFuG.exe
  C:\Windows\System\KNGZFuG.exe
  2⤵
  PID:3112
- C:\Windows\System\tupyrAC.exe
  C:\Windows\System\tupyrAC.exe
  2⤵
  PID:8424
- C:\Windows\System\LmePiwR.exe
  C:\Windows\System\LmePiwR.exe
  2⤵
  PID:8484
- C:\Windows\System\zCthhyO.exe
  C:\Windows\System\zCthhyO.exe
  2⤵
  PID:8544
- C:\Windows\System\CJLcCVj.exe
  C:\Windows\System\CJLcCVj.exe
  2⤵
  PID:8600
- C:\Windows\System\lVVGvjV.exe
  C:\Windows\System\lVVGvjV.exe
  2⤵
  PID:8676
- C:\Windows\System\KcHLDku.exe
  C:\Windows\System\KcHLDku.exe
  2⤵
  PID:8732
- C:\Windows\System\RgnKJtZ.exe
  C:\Windows\System\RgnKJtZ.exe
  2⤵
  PID:8788
- C:\Windows\System\hyzZRBB.exe
  C:\Windows\System\hyzZRBB.exe
  2⤵
  PID:8824
- C:\Windows\System\JWmBubf.exe
  C:\Windows\System\JWmBubf.exe
  2⤵
  PID:8880
- C:\Windows\System\ZSyDbsb.exe
  C:\Windows\System\ZSyDbsb.exe
  2⤵
  PID:8956
- C:\Windows\System\NLOlOFq.exe
  C:\Windows\System\NLOlOFq.exe
  2⤵
  PID:8992
- C:\Windows\System\zmLknqc.exe
  C:\Windows\System\zmLknqc.exe
  2⤵
  PID:4940
- C:\Windows\System\CdsETFC.exe
  C:\Windows\System\CdsETFC.exe
  2⤵
  PID:9104
- C:\Windows\System\HdgXVqu.exe
  C:\Windows\System\HdgXVqu.exe
  2⤵
  PID:9160
- C:\Windows\System\hEUuOnC.exe
  C:\Windows\System\hEUuOnC.exe
  2⤵
  PID:4520
- C:\Windows\System\UXydecR.exe
  C:\Windows\System\UXydecR.exe
  2⤵
  PID:8164
- C:\Windows\System\YoZpGhG.exe
  C:\Windows\System\YoZpGhG.exe
  2⤵
  PID:7320
- C:\Windows\System\ZxNDHhj.exe
  C:\Windows\System\ZxNDHhj.exe
  2⤵
  PID:8204
- C:\Windows\System\syjsYRD.exe
  C:\Windows\System\syjsYRD.exe
  2⤵
  PID:8288
- C:\Windows\System\YENiQuW.exe
  C:\Windows\System\YENiQuW.exe
  2⤵
  PID:544
- C:\Windows\System\kzQSosD.exe
  C:\Windows\System\kzQSosD.exe
  2⤵
  PID:8568
- C:\Windows\System\cqggKNM.exe
  C:\Windows\System\cqggKNM.exe
  2⤵
  PID:8704
- C:\Windows\System\WEjaPHl.exe
  C:\Windows\System\WEjaPHl.exe
  2⤵
  PID:2532
- C:\Windows\System\XIYcXUA.exe
  C:\Windows\System\XIYcXUA.exe
  2⤵
  PID:8928
- C:\Windows\System\lJUMFtu.exe
  C:\Windows\System\lJUMFtu.exe
  2⤵
  PID:9040
- C:\Windows\System\RAgpZIK.exe
  C:\Windows\System\RAgpZIK.exe
  2⤵
  PID:9132
- C:\Windows\System\OWNcoFN.exe
  C:\Windows\System\OWNcoFN.exe
  2⤵
  PID:2472
- C:\Windows\System\OsLxoJD.exe
  C:\Windows\System\OsLxoJD.exe
  2⤵
  PID:5692
- C:\Windows\System\rkkCSKZ.exe
  C:\Windows\System\rkkCSKZ.exe
  2⤵
  PID:8264
- C:\Windows\System\lzdUCmQ.exe
  C:\Windows\System\lzdUCmQ.exe
  2⤵
  PID:8396
- C:\Windows\System\hyFXyfL.exe
  C:\Windows\System\hyFXyfL.exe
  2⤵
  PID:8516
- C:\Windows\System\dcUyqrs.exe
  C:\Windows\System\dcUyqrs.exe
  2⤵
  PID:8764
- C:\Windows\System\pAYtsHI.exe
  C:\Windows\System\pAYtsHI.exe
  2⤵
  PID:2060
- C:\Windows\System\mZSdHYS.exe
  C:\Windows\System\mZSdHYS.exe
  2⤵
  PID:8
- C:\Windows\System\YUxbJfM.exe
  C:\Windows\System\YUxbJfM.exe
  2⤵
  PID:9244
- C:\Windows\System\FpCUOpC.exe
  C:\Windows\System\FpCUOpC.exe
  2⤵
  PID:9272
- C:\Windows\System\YEmZBoH.exe
  C:\Windows\System\YEmZBoH.exe
  2⤵
  PID:9300
- C:\Windows\System\FJydhTl.exe
  C:\Windows\System\FJydhTl.exe
  2⤵
  PID:9328
- C:\Windows\System\sOFBGAE.exe
  C:\Windows\System\sOFBGAE.exe
  2⤵
  PID:9356
- C:\Windows\System\FWvjByY.exe
  C:\Windows\System\FWvjByY.exe
  2⤵
  PID:9384
- C:\Windows\System\UDgNpzx.exe
  C:\Windows\System\UDgNpzx.exe
  2⤵
  PID:9412
- C:\Windows\System\MSCRhWJ.exe
  C:\Windows\System\MSCRhWJ.exe
  2⤵
  PID:9440
- C:\Windows\System\uHLxhPt.exe
  C:\Windows\System\uHLxhPt.exe
  2⤵
  PID:9468
- C:\Windows\System\HTxHXiL.exe
  C:\Windows\System\HTxHXiL.exe
  2⤵
  PID:9496
- C:\Windows\System\ZxlBeAj.exe
  C:\Windows\System\ZxlBeAj.exe
  2⤵
  PID:9520
- C:\Windows\System\AYscEbk.exe
  C:\Windows\System\AYscEbk.exe
  2⤵
  PID:9548
- C:\Windows\System\wyMSrfe.exe
  C:\Windows\System\wyMSrfe.exe
  2⤵
  PID:9580
- C:\Windows\System\XGAIGVc.exe
  C:\Windows\System\XGAIGVc.exe
  2⤵
  PID:9608
- C:\Windows\System\MXGsJZn.exe
  C:\Windows\System\MXGsJZn.exe
  2⤵
  PID:9640
- C:\Windows\System\RUjHKap.exe
  C:\Windows\System\RUjHKap.exe
  2⤵
  PID:9664
- C:\Windows\System\bUHcQIP.exe
  C:\Windows\System\bUHcQIP.exe
  2⤵
  PID:9692
- C:\Windows\System\TPwJvuB.exe
  C:\Windows\System\TPwJvuB.exe
  2⤵
  PID:9720
- C:\Windows\System\mEjBrZM.exe
  C:\Windows\System\mEjBrZM.exe
  2⤵
  PID:9748
- C:\Windows\System\JBoQoxT.exe
  C:\Windows\System\JBoQoxT.exe
  2⤵
  PID:9776
- C:\Windows\System\afmQIdL.exe
  C:\Windows\System\afmQIdL.exe
  2⤵
  PID:9804
- C:\Windows\System\QLjnWGZ.exe
  C:\Windows\System\QLjnWGZ.exe
  2⤵
  PID:9832
- C:\Windows\System\xGyNQqQ.exe
  C:\Windows\System\xGyNQqQ.exe
  2⤵
  PID:9860
- C:\Windows\System\BndDFae.exe
  C:\Windows\System\BndDFae.exe
  2⤵
  PID:9888
- C:\Windows\System\KarQYQq.exe
  C:\Windows\System\KarQYQq.exe
  2⤵
  PID:9916
- C:\Windows\System\qakhmkR.exe
  C:\Windows\System\qakhmkR.exe
  2⤵
  PID:9944
- C:\Windows\System\nkjYhmJ.exe
  C:\Windows\System\nkjYhmJ.exe
  2⤵
  PID:9972
- C:\Windows\System\LtTRQPK.exe
  C:\Windows\System\LtTRQPK.exe
  2⤵
  PID:10000
- C:\Windows\System\AOeYurB.exe
  C:\Windows\System\AOeYurB.exe
  2⤵
  PID:10028
- C:\Windows\System\YqauncH.exe
  C:\Windows\System\YqauncH.exe
  2⤵
  PID:10056
- C:\Windows\System\vHfPtxr.exe
  C:\Windows\System\vHfPtxr.exe
  2⤵
  PID:10084
- C:\Windows\System\fwBIdHq.exe
  C:\Windows\System\fwBIdHq.exe
  2⤵
  PID:10112
- C:\Windows\System\GkEhPJu.exe
  C:\Windows\System\GkEhPJu.exe
  2⤵
  PID:10140
- C:\Windows\System\HCPmrVD.exe
  C:\Windows\System\HCPmrVD.exe
  2⤵
  PID:10168
- C:\Windows\System\PLeHoTK.exe
  C:\Windows\System\PLeHoTK.exe
  2⤵
  PID:10196
- C:\Windows\System\FLUhdQt.exe
  C:\Windows\System\FLUhdQt.exe
  2⤵
  PID:10224
- C:\Windows\System\DnIMjLy.exe
  C:\Windows\System\DnIMjLy.exe
  2⤵
  PID:9536
- C:\Windows\System\orXSvsW.exe
  C:\Windows\System\orXSvsW.exe
  2⤵
  PID:9592
- C:\Windows\System\sceNuNi.exe
  C:\Windows\System\sceNuNi.exe
  2⤵
  PID:1224
- C:\Windows\System\tctlZhL.exe
  C:\Windows\System\tctlZhL.exe
  2⤵
  PID:9656
- C:\Windows\System\mbbJEXV.exe
  C:\Windows\System\mbbJEXV.exe
  2⤵
  PID:9708
- C:\Windows\System\ZBImXdu.exe
  C:\Windows\System\ZBImXdu.exe
  2⤵
  PID:9736
- C:\Windows\System\mPyfYsg.exe
  C:\Windows\System\mPyfYsg.exe
  2⤵
  PID:2800
- C:\Windows\System\KnCZZRu.exe
  C:\Windows\System\KnCZZRu.exe
  2⤵
  PID:9900
- C:\Windows\System\kBYQvvO.exe
  C:\Windows\System\kBYQvvO.exe
  2⤵
  PID:9960
- C:\Windows\System\TNZwjia.exe
  C:\Windows\System\TNZwjia.exe
  2⤵
  PID:10012
- C:\Windows\System\UhaxSKH.exe
  C:\Windows\System\UhaxSKH.exe
  2⤵
  PID:4316
- C:\Windows\System\INdqJoQ.exe
  C:\Windows\System\INdqJoQ.exe
  2⤵
  PID:2620
- C:\Windows\System\qoRAsbX.exe
  C:\Windows\System\qoRAsbX.exe
  2⤵
  PID:10152
- C:\Windows\System\YdhskkO.exe
  C:\Windows\System\YdhskkO.exe
  2⤵
  PID:4904
- C:\Windows\System\dqgtkNw.exe
  C:\Windows\System\dqgtkNw.exe
  2⤵
  PID:4356
- C:\Windows\System\ZUUBCjv.exe
  C:\Windows\System\ZUUBCjv.exe
  2⤵
  PID:4492
- C:\Windows\System\CFrxUol.exe
  C:\Windows\System\CFrxUol.exe
  2⤵
  PID:10184
- C:\Windows\System\OhKiHGI.exe
  C:\Windows\System\OhKiHGI.exe
  2⤵
  PID:10236
- C:\Windows\System\dJSrbPT.exe
  C:\Windows\System\dJSrbPT.exe
  2⤵
  PID:3856
- C:\Windows\System\tqDSKOL.exe
  C:\Windows\System\tqDSKOL.exe
  2⤵
  PID:2724
- C:\Windows\System\TvndWnt.exe
  C:\Windows\System\TvndWnt.exe
  2⤵
  PID:3948
- C:\Windows\System\CSezOig.exe
  C:\Windows\System\CSezOig.exe
  2⤵
  PID:4992
- C:\Windows\System\wzIRhYS.exe
  C:\Windows\System\wzIRhYS.exe
  2⤵
  PID:9428
- C:\Windows\System\gYDaiUt.exe
  C:\Windows\System\gYDaiUt.exe
  2⤵
  PID:9368
- C:\Windows\System\HFFhywQ.exe
  C:\Windows\System\HFFhywQ.exe
  2⤵
  PID:9704
- C:\Windows\System\RCopInv.exe
  C:\Windows\System\RCopInv.exe
  2⤵
  PID:3592
- C:\Windows\System\gGKbEUO.exe
  C:\Windows\System\gGKbEUO.exe
  2⤵
  PID:9880
- C:\Windows\System\RwbzxtN.exe
  C:\Windows\System\RwbzxtN.exe
  2⤵
  PID:10068
- C:\Windows\System\mUlyHhC.exe
  C:\Windows\System\mUlyHhC.exe
  2⤵
  PID:10072
- C:\Windows\System\OoMRXoR.exe
  C:\Windows\System\OoMRXoR.exe
  2⤵
  PID:10160
- C:\Windows\System\BfvEaym.exe
  C:\Windows\System\BfvEaym.exe
  2⤵
  PID:5024
- C:\Windows\System\OAnnBwN.exe
  C:\Windows\System\OAnnBwN.exe
  2⤵
  PID:3416
- C:\Windows\System\rCSnrMG.exe
  C:\Windows\System\rCSnrMG.exe
  2⤵
  PID:1644
- C:\Windows\System\QahMEKt.exe
  C:\Windows\System\QahMEKt.exe
  2⤵
  PID:9228
- C:\Windows\System\iPusyQv.exe
  C:\Windows\System\iPusyQv.exe
  2⤵
  PID:9236
- C:\Windows\System\RMPOfjB.exe
  C:\Windows\System\RMPOfjB.exe
  2⤵
  PID:4424
- C:\Windows\System\FXQJZGc.exe
  C:\Windows\System\FXQJZGc.exe
  2⤵
  PID:9316
- C:\Windows\System\izKydaJ.exe
  C:\Windows\System\izKydaJ.exe
  2⤵
  PID:9344
- C:\Windows\System\STWXtnh.exe
  C:\Windows\System\STWXtnh.exe
  2⤵
  PID:3488
- C:\Windows\System\DwMxhpU.exe
  C:\Windows\System\DwMxhpU.exe
  2⤵
  PID:10100
- C:\Windows\System\SNjIRgH.exe
  C:\Windows\System\SNjIRgH.exe
  2⤵
  PID:2904
- C:\Windows\System\ItsNidL.exe
  C:\Windows\System\ItsNidL.exe
  2⤵
  PID:9292
- C:\Windows\System\FgXlvsl.exe
  C:\Windows\System\FgXlvsl.exe
  2⤵
  PID:9284
- C:\Windows\System\WRLEojn.exe
  C:\Windows\System\WRLEojn.exe
  2⤵
  PID:4608
- C:\Windows\System\cRbLVBx.exe
  C:\Windows\System\cRbLVBx.exe
  2⤵
  PID:9372
- C:\Windows\System\qyVOnvY.exe
  C:\Windows\System\qyVOnvY.exe
  2⤵
  PID:9232
- C:\Windows\System\AdISavz.exe
  C:\Windows\System\AdISavz.exe
  2⤵
  PID:4644
- C:\Windows\System\PQsanLL.exe
  C:\Windows\System\PQsanLL.exe
  2⤵
  PID:10264
- C:\Windows\System\wNHFwoV.exe
  C:\Windows\System\wNHFwoV.exe
  2⤵
  PID:10280
- C:\Windows\System\AzvNbcV.exe
  C:\Windows\System\AzvNbcV.exe
  2⤵
  PID:10308
- C:\Windows\System\ogKuaMI.exe
  C:\Windows\System\ogKuaMI.exe
  2⤵
  PID:10340
- C:\Windows\System\BEvgzYS.exe
  C:\Windows\System\BEvgzYS.exe
  2⤵
  PID:10364
- C:\Windows\System\JnFtRDq.exe
  C:\Windows\System\JnFtRDq.exe
  2⤵
  PID:10392
- C:\Windows\System\OdbHyFK.exe
  C:\Windows\System\OdbHyFK.exe
  2⤵
  PID:10420
- C:\Windows\System\RCWjCci.exe
  C:\Windows\System\RCWjCci.exe
  2⤵
  PID:10460
- C:\Windows\System\oIjlQUu.exe
  C:\Windows\System\oIjlQUu.exe
  2⤵
  PID:10488
- C:\Windows\System\GIaJUgK.exe
  C:\Windows\System\GIaJUgK.exe
  2⤵
  PID:10516
- C:\Windows\System\FVvfsic.exe
  C:\Windows\System\FVvfsic.exe
  2⤵
  PID:10544
- C:\Windows\System\EQRaifK.exe
  C:\Windows\System\EQRaifK.exe
  2⤵
  PID:10560
- C:\Windows\System\hMbMHPu.exe
  C:\Windows\System\hMbMHPu.exe
  2⤵
  PID:10600
- C:\Windows\System\sTGiReb.exe
  C:\Windows\System\sTGiReb.exe
  2⤵
  PID:10624
- C:\Windows\System\DfKJcKI.exe
  C:\Windows\System\DfKJcKI.exe
  2⤵
  PID:10656
- C:\Windows\System\VSogrvj.exe
  C:\Windows\System\VSogrvj.exe
  2⤵
  PID:10676
- C:\Windows\System\raswHle.exe
  C:\Windows\System\raswHle.exe
  2⤵
  PID:10700
- C:\Windows\System\ZoTUocG.exe
  C:\Windows\System\ZoTUocG.exe
  2⤵
  PID:10728
- C:\Windows\System\nqgHkLb.exe
  C:\Windows\System\nqgHkLb.exe
  2⤵
  PID:10756
- C:\Windows\System\yiNCjND.exe
  C:\Windows\System\yiNCjND.exe
  2⤵
  PID:10772
- C:\Windows\System\TBdGAmK.exe
  C:\Windows\System\TBdGAmK.exe
  2⤵
  PID:10812
- C:\Windows\System\ujQCawx.exe
  C:\Windows\System\ujQCawx.exe
  2⤵
  PID:10840
- C:\Windows\System\tkICiqt.exe
  C:\Windows\System\tkICiqt.exe
  2⤵
  PID:10876
- C:\Windows\System\rEVBJiK.exe
  C:\Windows\System\rEVBJiK.exe
  2⤵
  PID:10896
- C:\Windows\System\lEkMXLZ.exe
  C:\Windows\System\lEkMXLZ.exe
  2⤵
  PID:10924
- C:\Windows\System\zrCWCsj.exe
  C:\Windows\System\zrCWCsj.exe
  2⤵
  PID:10956
- C:\Windows\System\jmZjbIj.exe
  C:\Windows\System\jmZjbIj.exe
  2⤵
  PID:10980
- C:\Windows\System\WtWDNaJ.exe
  C:\Windows\System\WtWDNaJ.exe
  2⤵
  PID:11000
- C:\Windows\System\sTtAeYM.exe
  C:\Windows\System\sTtAeYM.exe
  2⤵
  PID:11036
- C:\Windows\System\GjzGdrR.exe
  C:\Windows\System\GjzGdrR.exe
  2⤵
  PID:11064
- C:\Windows\System\WOsEYsk.exe
  C:\Windows\System\WOsEYsk.exe
  2⤵
  PID:11104
- C:\Windows\System\ZQSrmJY.exe
  C:\Windows\System\ZQSrmJY.exe
  2⤵
  PID:11128
- C:\Windows\System\oTQDmqP.exe
  C:\Windows\System\oTQDmqP.exe
  2⤵
  PID:11180
- C:\Windows\System\uDdDfau.exe
  C:\Windows\System\uDdDfau.exe
  2⤵
  PID:11208
- C:\Windows\System\rRCvhQc.exe
  C:\Windows\System\rRCvhQc.exe
  2⤵
  PID:11236
- C:\Windows\System\LNDjZIS.exe
  C:\Windows\System\LNDjZIS.exe
  2⤵
  PID:11252
- C:\Windows\System\NFrBBgX.exe
  C:\Windows\System\NFrBBgX.exe
  2⤵
  PID:10248
- C:\Windows\System\blcwgHG.exe
  C:\Windows\System\blcwgHG.exe
  2⤵
  PID:10348
- C:\Windows\System\ANqZotX.exe
  C:\Windows\System\ANqZotX.exe
  2⤵
  PID:10408
- C:\Windows\System\mclMvGb.exe
  C:\Windows\System\mclMvGb.exe
  2⤵
  PID:10476
- C:\Windows\System\wqcGaMk.exe
  C:\Windows\System\wqcGaMk.exe
  2⤵
  PID:10504
- C:\Windows\System\hKfuyKx.exe
  C:\Windows\System\hKfuyKx.exe
  2⤵
  PID:10588
- C:\Windows\System\JCmLYjV.exe
  C:\Windows\System\JCmLYjV.exe
  2⤵
  PID:10640
- C:\Windows\System\LLniQEO.exe
  C:\Windows\System\LLniQEO.exe
  2⤵
  PID:10664
- C:\Windows\System\VdJVunT.exe
  C:\Windows\System\VdJVunT.exe
  2⤵
  PID:10744
- C:\Windows\System\LRdKhpC.exe
  C:\Windows\System\LRdKhpC.exe
  2⤵
  PID:10784
- C:\Windows\System\hLluIQp.exe
  C:\Windows\System\hLluIQp.exe
  2⤵
  PID:10824
- C:\Windows\System\dAyaVZc.exe
  C:\Windows\System\dAyaVZc.exe
  2⤵
  PID:10888
- C:\Windows\System\hDTXWvW.exe
  C:\Windows\System\hDTXWvW.exe
  2⤵
  PID:10968
- C:\Windows\System\MslRHUd.exe
  C:\Windows\System\MslRHUd.exe
  2⤵
  PID:11048
- C:\Windows\System\MkyUCNa.exe
  C:\Windows\System\MkyUCNa.exe
  2⤵
  PID:11112
- C:\Windows\System\TnDULbm.exe
  C:\Windows\System\TnDULbm.exe
  2⤵
  PID:10276
- C:\Windows\System\KUmTkoM.exe
  C:\Windows\System\KUmTkoM.exe
  2⤵
  PID:10300
- C:\Windows\System\ejoTOYR.exe
  C:\Windows\System\ejoTOYR.exe
  2⤵
  PID:10456
- C:\Windows\System\HqKCHYt.exe
  C:\Windows\System\HqKCHYt.exe
  2⤵
  PID:10616
- C:\Windows\System\HHwEPlv.exe
  C:\Windows\System\HHwEPlv.exe
  2⤵
  PID:10692
- C:\Windows\System\wEYqayh.exe
  C:\Windows\System\wEYqayh.exe
  2⤵
  PID:10908
- C:\Windows\System\JXYeSgr.exe
  C:\Windows\System\JXYeSgr.exe
  2⤵
  PID:11248
- C:\Windows\System\DjxhBxG.exe
  C:\Windows\System\DjxhBxG.exe
  2⤵
  PID:10440
- C:\Windows\System\UgLrhFo.exe
  C:\Windows\System\UgLrhFo.exe
  2⤵
  PID:10592
- C:\Windows\System\AwQnPBW.exe
  C:\Windows\System\AwQnPBW.exe
  2⤵
  PID:10988
- C:\Windows\System\spPXmAK.exe
  C:\Windows\System\spPXmAK.exe
  2⤵
  PID:10556
- C:\Windows\System\IxWcfDp.exe
  C:\Windows\System\IxWcfDp.exe
  2⤵
  PID:10920
- C:\Windows\System\bfCRMKh.exe
  C:\Windows\System\bfCRMKh.exe
  2⤵
  PID:11280
- C:\Windows\System\gabtpbE.exe
  C:\Windows\System\gabtpbE.exe
  2⤵
  PID:11304
- C:\Windows\System\bAmQjkc.exe
  C:\Windows\System\bAmQjkc.exe
  2⤵
  PID:11320
- C:\Windows\System\Nauqveg.exe
  C:\Windows\System\Nauqveg.exe
  2⤵
  PID:11384
- C:\Windows\System\yaJUxMq.exe
  C:\Windows\System\yaJUxMq.exe
  2⤵
  PID:11404
- C:\Windows\System\lqWTcuu.exe
  C:\Windows\System\lqWTcuu.exe
  2⤵
  PID:11432
- C:\Windows\System\lkyMdkl.exe
  C:\Windows\System\lkyMdkl.exe
  2⤵
  PID:11464
- C:\Windows\System\Gfqiihx.exe
  C:\Windows\System\Gfqiihx.exe
  2⤵
  PID:11488
- C:\Windows\System\HGaZhxm.exe
  C:\Windows\System\HGaZhxm.exe
  2⤵
  PID:11532
- C:\Windows\System\YwGnsbw.exe
  C:\Windows\System\YwGnsbw.exe
  2⤵
  PID:11604
- C:\Windows\System\oUDiQRb.exe
  C:\Windows\System\oUDiQRb.exe
  2⤵
  PID:11660
- C:\Windows\System\sSWKgoI.exe
  C:\Windows\System\sSWKgoI.exe
  2⤵
  PID:11688
- C:\Windows\System\QGySJvW.exe
  C:\Windows\System\QGySJvW.exe
  2⤵
  PID:11708
- C:\Windows\System\DfaTXyn.exe
  C:\Windows\System\DfaTXyn.exe
  2⤵
  PID:11748
- C:\Windows\System\YdMVLix.exe
  C:\Windows\System\YdMVLix.exe
  2⤵
  PID:11764
- C:\Windows\System\mkkdFuQ.exe
  C:\Windows\System\mkkdFuQ.exe
  2⤵
  PID:11792
- C:\Windows\System\dAIwGrn.exe
  C:\Windows\System\dAIwGrn.exe
  2⤵
  PID:11824
- C:\Windows\System\nmIMSZh.exe
  C:\Windows\System\nmIMSZh.exe
  2⤵
  PID:11860
- C:\Windows\System\MgTPDui.exe
  C:\Windows\System\MgTPDui.exe
  2⤵
  PID:11888
- C:\Windows\System\HMnLPTg.exe
  C:\Windows\System\HMnLPTg.exe
  2⤵
  PID:11916
- C:\Windows\System\akkhFfB.exe
  C:\Windows\System\akkhFfB.exe
  2⤵
  PID:11944
- C:\Windows\System\QIeWXzN.exe
  C:\Windows\System\QIeWXzN.exe
  2⤵
  PID:11964
- C:\Windows\System\QUVsdqK.exe
  C:\Windows\System\QUVsdqK.exe
  2⤵
  PID:12004
- C:\Windows\System\AAcCnBW.exe
  C:\Windows\System\AAcCnBW.exe
  2⤵
  PID:12032
- C:\Windows\System\dniiDFr.exe
  C:\Windows\System\dniiDFr.exe
  2⤵
  PID:12048
- C:\Windows\System\Gqekkqh.exe
  C:\Windows\System\Gqekkqh.exe
  2⤵
  PID:12068
- C:\Windows\System\igZfFsr.exe
  C:\Windows\System\igZfFsr.exe
  2⤵
  PID:12104
- C:\Windows\System\MNYUJeP.exe
  C:\Windows\System\MNYUJeP.exe
  2⤵
  PID:12144
- C:\Windows\System\bJeauQt.exe
  C:\Windows\System\bJeauQt.exe
  2⤵
  PID:12172
- C:\Windows\System\Avgtxbw.exe
  C:\Windows\System\Avgtxbw.exe
  2⤵
  PID:12188
- C:\Windows\System\RlFQrxE.exe
  C:\Windows\System\RlFQrxE.exe
  2⤵
  PID:12216
- C:\Windows\System\rneYQqY.exe
  C:\Windows\System\rneYQqY.exe
  2⤵
  PID:12232
- C:\Windows\System\zPdBfFw.exe
  C:\Windows\System\zPdBfFw.exe
  2⤵
  PID:12268
- C:\Windows\System\ShXKTbJ.exe
  C:\Windows\System\ShXKTbJ.exe
  2⤵
  PID:10324
- C:\Windows\System\PUMshYy.exe
  C:\Windows\System\PUMshYy.exe
  2⤵
  PID:11316
- C:\Windows\System\czjwtTX.exe
  C:\Windows\System\czjwtTX.exe
  2⤵
  PID:11396
- C:\Windows\System\cdULsrb.exe
  C:\Windows\System\cdULsrb.exe
  2⤵
  PID:11484
- C:\Windows\System\OjpobaT.exe
  C:\Windows\System\OjpobaT.exe
  2⤵
  PID:11524
- C:\Windows\System\xSWnoFJ.exe
  C:\Windows\System\xSWnoFJ.exe
  2⤵
  PID:11600
- C:\Windows\System\wjNxCuX.exe
  C:\Windows\System\wjNxCuX.exe
  2⤵
  PID:11616
- C:\Windows\System\NcNCwLz.exe
  C:\Windows\System\NcNCwLz.exe
  2⤵
  PID:11804
- C:\Windows\System\UvKubSB.exe
  C:\Windows\System\UvKubSB.exe
  2⤵
  PID:11852
- C:\Windows\System\YBjKsni.exe
  C:\Windows\System\YBjKsni.exe
  2⤵
  PID:11952
- C:\Windows\System\qgSQzbH.exe
  C:\Windows\System\qgSQzbH.exe
  2⤵
  PID:11996
- C:\Windows\System\LMIeBlb.exe
  C:\Windows\System\LMIeBlb.exe
  2⤵
  PID:12020
- C:\Windows\System\pNBiKwt.exe
  C:\Windows\System\pNBiKwt.exe
  2⤵
  PID:12084
- C:\Windows\System\DRNDooQ.exe
  C:\Windows\System\DRNDooQ.exe
  2⤵
  PID:12164
- C:\Windows\System\qGphevD.exe
  C:\Windows\System\qGphevD.exe
  2⤵
  PID:12276
- C:\Windows\System\rDjsSTT.exe
  C:\Windows\System\rDjsSTT.exe
  2⤵
  PID:11348
- C:\Windows\System\KrvHDwO.exe
  C:\Windows\System\KrvHDwO.exe
  2⤵
  PID:11428
- C:\Windows\System\xMSaBfr.exe
  C:\Windows\System\xMSaBfr.exe
  2⤵
  PID:11672
- C:\Windows\System\gtrviYq.exe
  C:\Windows\System\gtrviYq.exe
  2⤵
  PID:11776
- C:\Windows\System\DPQttds.exe
  C:\Windows\System\DPQttds.exe
  2⤵
  PID:11960
- C:\Windows\System\VeOaseK.exe
  C:\Windows\System\VeOaseK.exe
  2⤵
  PID:12156
- C:\Windows\System\totizUM.exe
  C:\Windows\System\totizUM.exe
  2⤵
  PID:12252
- C:\Windows\System\USefKRO.exe
  C:\Windows\System\USefKRO.exe
  2⤵
  PID:11720
- C:\Windows\System\dJAhjEY.exe
  C:\Windows\System\dJAhjEY.exe
  2⤵
  PID:12092
- C:\Windows\System\ZDnpoUQ.exe
  C:\Windows\System\ZDnpoUQ.exe
  2⤵
  PID:11424
- C:\Windows\System\xDCTeda.exe
  C:\Windows\System\xDCTeda.exe
  2⤵
  PID:12224
- C:\Windows\System\SbhgSxg.exe
  C:\Windows\System\SbhgSxg.exe
  2⤵
  PID:12308
- C:\Windows\System\bJvjMoQ.exe
  C:\Windows\System\bJvjMoQ.exe
  2⤵
  PID:12336
- C:\Windows\System\fNYyumE.exe
  C:\Windows\System\fNYyumE.exe
  2⤵
  PID:12352
- C:\Windows\System\qKXEgBk.exe
  C:\Windows\System\qKXEgBk.exe
  2⤵
  PID:12392
- C:\Windows\System\cwCbMIL.exe
  C:\Windows\System\cwCbMIL.exe
  2⤵
  PID:12408
- C:\Windows\System\brLFkgP.exe
  C:\Windows\System\brLFkgP.exe
  2⤵
  PID:12440
- C:\Windows\System\zVKwEaP.exe
  C:\Windows\System\zVKwEaP.exe
  2⤵
  PID:12460
- C:\Windows\System\KuuXEYF.exe
  C:\Windows\System\KuuXEYF.exe
  2⤵
  PID:12488
- C:\Windows\System\CLSypxo.exe
  C:\Windows\System\CLSypxo.exe
  2⤵
  PID:12532
- C:\Windows\System\CtYUwSO.exe
  C:\Windows\System\CtYUwSO.exe
  2⤵
  PID:12560
- C:\Windows\System\TXaZvdW.exe
  C:\Windows\System\TXaZvdW.exe
  2⤵
  PID:12588
- C:\Windows\System\NWbIHvt.exe
  C:\Windows\System\NWbIHvt.exe
  2⤵
  PID:12612
- C:\Windows\System\sSNHfrm.exe
  C:\Windows\System\sSNHfrm.exe
  2⤵
  PID:12644
- C:\Windows\System\SpQGXzD.exe
  C:\Windows\System\SpQGXzD.exe
  2⤵
  PID:12672
- C:\Windows\System\LgOnhwr.exe
  C:\Windows\System\LgOnhwr.exe
  2⤵
  PID:12692
- C:\Windows\System\HelxwHj.exe
  C:\Windows\System\HelxwHj.exe
  2⤵
  PID:12732
- C:\Windows\System\TRzNajM.exe
  C:\Windows\System\TRzNajM.exe
  2⤵
  PID:12804
- C:\Windows\System\lnTrACA.exe
  C:\Windows\System\lnTrACA.exe
  2⤵
  PID:12820
- C:\Windows\System\JrWqCma.exe
  C:\Windows\System\JrWqCma.exe
  2⤵
  PID:12840
- C:\Windows\System\jIlMPIO.exe
  C:\Windows\System\jIlMPIO.exe
  2⤵
  PID:12864
- C:\Windows\System\fRTzPQc.exe
  C:\Windows\System\fRTzPQc.exe
  2⤵
  PID:12900
- C:\Windows\System\psOPLwL.exe
  C:\Windows\System\psOPLwL.exe
  2⤵
  PID:12924
- C:\Windows\System\CRUZFgp.exe
  C:\Windows\System\CRUZFgp.exe
  2⤵
  PID:12952
- C:\Windows\System\bFkuFoO.exe
  C:\Windows\System\bFkuFoO.exe
  2⤵
  PID:12976
- C:\Windows\System\fDXGYCk.exe
  C:\Windows\System\fDXGYCk.exe
  2⤵
  PID:13020
- C:\Windows\System\NWHRTMx.exe
  C:\Windows\System\NWHRTMx.exe
  2⤵
  PID:13040
- C:\Windows\System\fdlRMsM.exe
  C:\Windows\System\fdlRMsM.exe
  2⤵
  PID:13072
- C:\Windows\System\hwpMhDm.exe
  C:\Windows\System\hwpMhDm.exe
  2⤵
  PID:13096
- C:\Windows\System\OXjYQzw.exe
  C:\Windows\System\OXjYQzw.exe
  2⤵
  PID:13148
- C:\Windows\System\vEVyVwR.exe
  C:\Windows\System\vEVyVwR.exe
  2⤵
  PID:13176
- C:\Windows\System\xQzpiUK.exe
  C:\Windows\System\xQzpiUK.exe
  2⤵
  PID:13220
- C:\Windows\System\bnuAuNW.exe
  C:\Windows\System\bnuAuNW.exe
  2⤵
  PID:13236
- C:\Windows\System\lFsttIH.exe
  C:\Windows\System\lFsttIH.exe
  2⤵
  PID:13276
- C:\Windows\System\bmOybwa.exe
  C:\Windows\System\bmOybwa.exe
  2⤵
  PID:13292
- C:\Windows\System\UlISSfk.exe
  C:\Windows\System\UlISSfk.exe
  2⤵
  PID:12292
- C:\Windows\System\PYSAJld.exe
  C:\Windows\System\PYSAJld.exe
  2⤵
  PID:12364
- C:\Windows\System\rVFGGDV.exe
  C:\Windows\System\rVFGGDV.exe
  2⤵
  PID:12476
- C:\Windows\System\FQuBXCM.exe
  C:\Windows\System\FQuBXCM.exe
  2⤵
  PID:12508
- C:\Windows\System\rAajpjR.exe
  C:\Windows\System\rAajpjR.exe
  2⤵
  PID:12580
- C:\Windows\System\Jzxheiu.exe
  C:\Windows\System\Jzxheiu.exe
  2⤵
  PID:12636
- C:\Windows\System\puqItVq.exe
  C:\Windows\System\puqItVq.exe
  2⤵
  PID:12716
- C:\Windows\System\wpwFMsC.exe
  C:\Windows\System\wpwFMsC.exe
  2⤵
  PID:12780
- C:\Windows\System\oSlaoZy.exe
  C:\Windows\System\oSlaoZy.exe
  2⤵
  PID:12832
- C:\Windows\System\pHngDFi.exe
  C:\Windows\System\pHngDFi.exe
  2⤵
  PID:12920
- C:\Windows\System\AODDBMI.exe
  C:\Windows\System\AODDBMI.exe
  2⤵
  PID:12988
- C:\Windows\System\ElOCLxH.exe
  C:\Windows\System\ElOCLxH.exe
  2⤵
  PID:13088
- C:\Windows\System\uRXYASr.exe
  C:\Windows\System\uRXYASr.exe
  2⤵
  PID:13120
- C:\Windows\System\rvtUQNr.exe
  C:\Windows\System\rvtUQNr.exe
  2⤵
  PID:13192
- C:\Windows\System\rFTRUvN.exe
  C:\Windows\System\rFTRUvN.exe
  2⤵
  PID:13228
- C:\Windows\System\muVbqlu.exe
  C:\Windows\System\muVbqlu.exe
  2⤵
  PID:12348
- C:\Windows\System\KHiqkSH.exe
  C:\Windows\System\KHiqkSH.exe
  2⤵
  PID:12556
- C:\Windows\System\FOgJDVb.exe
  C:\Windows\System\FOgJDVb.exe
  2⤵
  PID:12620
- C:\Windows\System\fyVJFQr.exe
  C:\Windows\System\fyVJFQr.exe
  2⤵
  PID:12912
- C:\Windows\System\pwhQziY.exe
  C:\Windows\System\pwhQziY.exe
  2⤵
  PID:13056
- C:\Windows\System\LeXhNff.exe
  C:\Windows\System\LeXhNff.exe
  2⤵
  PID:13284
- C:\Windows\System\bGhSejk.exe
  C:\Windows\System\bGhSejk.exe
  2⤵
  PID:13304
- C:\Windows\System\sTrWJoa.exe
  C:\Windows\System\sTrWJoa.exe
  2⤵
  PID:12828
- C:\Windows\System\RwEwwAu.exe
  C:\Windows\System\RwEwwAu.exe
  2⤵
  PID:13028
- C:\Windows\System\DicRuPt.exe
  C:\Windows\System\DicRuPt.exe
  2⤵
  PID:12908
- C:\Windows\System\cEkWJZQ.exe
  C:\Windows\System\cEkWJZQ.exe
  2⤵
  PID:13324
- C:\Windows\System\rBRNZra.exe
  C:\Windows\System\rBRNZra.exe
  2⤵
  PID:13340
- C:\Windows\System\fptAand.exe
  C:\Windows\System\fptAand.exe
  2⤵
  PID:13368
- C:\Windows\System\DDiFfZs.exe
  C:\Windows\System\DDiFfZs.exe
  2⤵
  PID:13396
- C:\Windows\System\ONeeQRS.exe
  C:\Windows\System\ONeeQRS.exe
  2⤵
  PID:13416
- C:\Windows\System\RhZWuip.exe
  C:\Windows\System\RhZWuip.exe
  2⤵
  PID:13444
- C:\Windows\System\EFPwUNT.exe
  C:\Windows\System\EFPwUNT.exe
  2⤵
  PID:13472
- C:\Windows\System\SQJgnsl.exe
  C:\Windows\System\SQJgnsl.exe
  2⤵
  PID:13500
- C:\Windows\System\HDCabAn.exe
  C:\Windows\System\HDCabAn.exe
  2⤵
  PID:13524
- C:\Windows\System\rguYOnD.exe
  C:\Windows\System\rguYOnD.exe
  2⤵
  PID:13552
- C:\Windows\System\fqUnTPk.exe
  C:\Windows\System\fqUnTPk.exe
  2⤵
  PID:13588
- C:\Windows\System\Rnthonj.exe
  C:\Windows\System\Rnthonj.exe
  2⤵
  PID:13620
- C:\Windows\System\KmkxIgz.exe
  C:\Windows\System\KmkxIgz.exe
  2⤵
  PID:13644
- C:\Windows\System\IywtZjX.exe
  C:\Windows\System\IywtZjX.exe
  2⤵
  PID:13660
- C:\Windows\System\NHGEIij.exe
  C:\Windows\System\NHGEIij.exe
  2⤵
  PID:13688
- C:\Windows\System\htFjtPl.exe
  C:\Windows\System\htFjtPl.exe
  2⤵
  PID:13708
- C:\Windows\System\XHYFdoO.exe
  C:\Windows\System\XHYFdoO.exe
  2⤵
  PID:13728
- C:\Windows\System\kQPJdDF.exe
  C:\Windows\System\kQPJdDF.exe
  2⤵
  PID:13752
- C:\Windows\System\eJoqnFC.exe
  C:\Windows\System\eJoqnFC.exe
  2⤵
  PID:13780
- C:\Windows\System\pMoXnvg.exe
  C:\Windows\System\pMoXnvg.exe
  2⤵
  PID:13836
- C:\Windows\System\rfyASVE.exe
  C:\Windows\System\rfyASVE.exe
  2⤵
  PID:13860
- C:\Windows\System\vfRzvhP.exe
  C:\Windows\System\vfRzvhP.exe
  2⤵
  PID:13888
- C:\Windows\System\uRzdHWA.exe
  C:\Windows\System\uRzdHWA.exe
  2⤵
  PID:13920
- C:\Windows\System\Fulvody.exe
  C:\Windows\System\Fulvody.exe
  2⤵
  PID:13956
- C:\Windows\System\oPqhqYo.exe
  C:\Windows\System\oPqhqYo.exe
  2⤵
  PID:13976
- C:\Windows\System\GPptCQf.exe
  C:\Windows\System\GPptCQf.exe
  2⤵
  PID:14000
- C:\Windows\System\BKJouFm.exe
  C:\Windows\System\BKJouFm.exe
  2⤵
  PID:14044
- C:\Windows\System\AZojVQf.exe
  C:\Windows\System\AZojVQf.exe
  2⤵
  PID:14064
- C:\Windows\System\bwEESGS.exe
  C:\Windows\System\bwEESGS.exe
  2⤵
  PID:14108
- C:\Windows\System\cMZkNGg.exe
  C:\Windows\System\cMZkNGg.exe
  2⤵
  PID:14128
- C:\Windows\System\rxNiaej.exe
  C:\Windows\System\rxNiaej.exe
  2⤵
  PID:14156
- C:\Windows\System\aRqbzKq.exe
  C:\Windows\System\aRqbzKq.exe
  2⤵
  PID:14180
- C:\Windows\System\ZpoQdmr.exe
  C:\Windows\System\ZpoQdmr.exe
  2⤵
  PID:14212
- C:\Windows\System\CDvrauk.exe
  C:\Windows\System\CDvrauk.exe
  2⤵
  PID:14252
- C:\Windows\System\CXRxlLZ.exe
  C:\Windows\System\CXRxlLZ.exe
  2⤵
  PID:14280
- C:\Windows\System\zarwVAx.exe
  C:\Windows\System\zarwVAx.exe
  2⤵
  PID:14296
- C:\Windows\System\rEpnROZ.exe
  C:\Windows\System\rEpnROZ.exe
  2⤵
  PID:14324
- C:\Windows\System\nQpIVaC.exe
  C:\Windows\System\nQpIVaC.exe
  2⤵
  PID:13352
- C:\Windows\System\FntjNqZ.exe
  C:\Windows\System\FntjNqZ.exe
  2⤵
  PID:13388
- C:\Windows\System\GNaRSKD.exe
  C:\Windows\System\GNaRSKD.exe
  2⤵
  PID:13432
- C:\Windows\System\DvDNlfr.exe
  C:\Windows\System\DvDNlfr.exe
  2⤵
  PID:13544
- C:\Windows\System\NinFUxI.exe
  C:\Windows\System\NinFUxI.exe
  2⤵
  PID:13576
- C:\Windows\System\vMJRtXk.exe
  C:\Windows\System\vMJRtXk.exe
  2⤵
  PID:13628
- C:\Windows\System\uTQojZW.exe
  C:\Windows\System\uTQojZW.exe
  2⤵
  PID:13656
- C:\Windows\System\bYoQpIx.exe
  C:\Windows\System\bYoQpIx.exe
  2⤵
  PID:13740
- C:\Windows\System\nQPzDop.exe
  C:\Windows\System\nQPzDop.exe
  2⤵
  PID:13884
- C:\Windows\System\OqQhEHS.exe
  C:\Windows\System\OqQhEHS.exe
  2⤵
  PID:2648
- C:\Windows\System\GQCjDri.exe
  C:\Windows\System\GQCjDri.exe
  2⤵
  PID:13908
- C:\Windows\System\tdrlYEN.exe
  C:\Windows\System\tdrlYEN.exe
  2⤵
  PID:2112
- C:\Windows\System\hFBlZic.exe
  C:\Windows\System\hFBlZic.exe
  2⤵
  PID:14028
- C:\Windows\System\kpEWJbn.exe
  C:\Windows\System\kpEWJbn.exe
  2⤵
  PID:14072
- C:\Windows\System\nrTLykq.exe
  C:\Windows\System\nrTLykq.exe
  2⤵
  PID:14196
- C:\Windows\System\nSMzIHH.exe
  C:\Windows\System\nSMzIHH.exe
  2⤵
  PID:14276
- C:\Windows\System\ZPeEYkS.exe
  C:\Windows\System\ZPeEYkS.exe
  2⤵
  PID:13356
- C:\Windows\System\oENioWb.exe
  C:\Windows\System\oENioWb.exe
  2⤵
  PID:13412
- C:\Windows\System\wWdddsM.exe
  C:\Windows\System\wWdddsM.exe
  2⤵
  PID:13488
- C:\Windows\System\SnPIgYQ.exe
  C:\Windows\System\SnPIgYQ.exe
  2⤵
  PID:13772
- C:\Windows\System\OJlikvM.exe
  C:\Windows\System\OJlikvM.exe
  2⤵
  PID:13748
- C:\Windows\System\ETVsaoW.exe
  C:\Windows\System\ETVsaoW.exe
  2⤵
  PID:13844
- C:\Windows\System\FSSHjVt.exe
  C:\Windows\System\FSSHjVt.exe
  2⤵
  PID:14140
- C:\Windows\System\tLNGiTq.exe
  C:\Windows\System\tLNGiTq.exe
  2⤵
  PID:13316
- C:\Windows\System\eHgzTLd.exe
  C:\Windows\System\eHgzTLd.exe
  2⤵
  PID:13384
- C:\Windows\System\SQITHiv.exe
  C:\Windows\System\SQITHiv.exe
  2⤵
  PID:13536
- C:\Windows\System\bULfzwL.exe
  C:\Windows\System\bULfzwL.exe
  2⤵
  PID:14100
- C:\Windows\System\NJcXcZO.exe
  C:\Windows\System\NJcXcZO.exe
  2⤵
  PID:14204
- C:\Windows\System\YNEltkS.exe
  C:\Windows\System\YNEltkS.exe
  2⤵
  PID:13572
- C:\Windows\System\XvYPbWp.exe
  C:\Windows\System\XvYPbWp.exe
  2⤵
  PID:14372
- C:\Windows\System\JDQeaIu.exe
  C:\Windows\System\JDQeaIu.exe
  2⤵
  PID:14408
- C:\Windows\System\TRTxFyB.exe
  C:\Windows\System\TRTxFyB.exe
  2⤵
  PID:14456
- C:\Windows\System\NhUYRCT.exe
  C:\Windows\System\NhUYRCT.exe
  2⤵
  PID:14484
- C:\Windows\System\TymmAov.exe
  C:\Windows\System\TymmAov.exe
  2⤵
  PID:14508
- C:\Windows\System\NRbhmOO.exe
  C:\Windows\System\NRbhmOO.exe
  2⤵
  PID:14528
- C:\Windows\System\DcxBOix.exe
  C:\Windows\System\DcxBOix.exe
  2⤵
  PID:14568

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CSBHTrx.exe

Filesize
2.3MB

MD5
22686082f697b98a0a6ca5d99e0d7ff1

SHA1
5c06597d3f60597b8fa24eb507dc84b9467d6b8f

SHA256
330ebe89a9d26eb2544300648931a044c3abef6ba5d3cf30da1c711736b257f0

SHA512
aec2d229dce3ac1d188f6b7a79f6ea2b95c938bfe635db1f1ad2a16fe27c566e77d56d5c421cfe1a7bfd624410dc104d592296112912788a64b45927dabf49b9

Download Submit
C:\Windows\System\CzGopvO.exe

Filesize
2.3MB

MD5
cc9a8179f8bd513a1dba22235319f3d6

SHA1
5d0e18c1f15fc8e50f0db4e06c9cb6ac649c0872

SHA256
fd097b212070e46b9e4b4924d65065abe81d5b9d3afa55b7c77e424f6b61ab70

SHA512
f36c8c5e843c458f7d930b6a96b422534458455f562aa6100ac0827151078db3219bfa9177769e1f56698dc2df8a9fcde8d29fbdbcac573a928076f2dd97e73c

Download Submit
C:\Windows\System\DuLGQwR.exe

Filesize
2.3MB

MD5
782496b2fe938476b4ba1199a5f84720

SHA1
7200fa252f6a1125972a13e2f664e84a8b8eed54

SHA256
b2db5b100e2e293369896095b93a0d6d4f73e512e931c1cf89f9279ddebc85f4

SHA512
8508f341d9f60ca9fc9621061e0f160b43b52fa1a2888508c0aba93328a6864f1b295ef76801eb26d4ab86069b723e5aa6c2b6b8c551f1e922a487b2e4f5b839

Download Submit
C:\Windows\System\JiySoFX.exe

Filesize
2.3MB

MD5
ec228b1a08c2265ab579561cf754e00c

SHA1
0b0e3001d154a2472fa78e20aced2232f4cbff96

SHA256
5fcafa930bbfc68a24c53ed6309b7f1d7883bd454404dc4ef78ae1b9cd4eac6a

SHA512
43b757b755ec1b2a4a6c072ad6d382e1afc5a37694ca69f5c5384544ad13d0e100220f80bbbce871a2430312cd2cf69ac5680019dcb071ef940e4178d399ab70

Download Submit
C:\Windows\System\PMuLqOV.exe

Filesize
2.3MB

MD5
c4d3c7d3547747b89330bc3a53efb001

SHA1
7829936bdb14d71b759fd672ce32848d593cd43f

SHA256
c216bf15abcf8462d2b6688abe1ab60fc967ff385711334b4567fff10244dbdd

SHA512
ef49c4eed9e9776c347856e07fb1de9011da26dcca01b09e9125c1a7bcb160a06228eb7e23447be6017deb1c10e859a8c8d8c798377e6910c03c9a3717f6e9e9

Download Submit
C:\Windows\System\PshjFFO.exe

Filesize
2.3MB

MD5
fe5c30eec8d0c3be154bfe89fa572d10

SHA1
cc3383b6856cd6da8203131ab576adae896be3bd

SHA256
5ce4633895171b1a360f19a77c917791273ccf7ecc6ee3957facee306dc7b812

SHA512
6bb43269b5753c527b572a6d8cfd95788ecd64477c518bcb7946eb05021f981bf4ec710c963393bfc2c9471b78abbfee4435bc379df7a449d8643a5ae8f3947a

Download Submit
C:\Windows\System\Pwhjafc.exe

Filesize
2.3MB

MD5
ce4615dfc32895f41fc8a44e8f974df6

SHA1
e25b639256462703647f1b69d9424984dd26fae7

SHA256
fbeb517ec3f5aaa07ddc6271596f7a92a41c18555b02088d6c5f70930860a3a7

SHA512
014f080d0899b407da9661943c7b1d87d8af39dc3225143dad0247793526cae17c8be105f0f637c9509dadb36b409345ac0e72c33a465bc231c2efad8dc7699c

Download Submit
C:\Windows\System\QAfHEkZ.exe

Filesize
2.3MB

MD5
9ed01572ed613f86374490018c7c7dd8

SHA1
0cb1e864bf42a6ed9343377256d366c36c29614d

SHA256
ffbb0c85ccb69d3f949260a525f6e5c18c37d5e0a87cc3f7190302d88f922130

SHA512
c901ef497165b204d543a6dd7299658e96d59810cdbe98036cbe48c0636362e8afef7861df62280c1c3ad17e88745aab565f1c6d5ac61aacdc6eb5ee35663261

Download Submit
C:\Windows\System\QpIEVjX.exe

Filesize
2.3MB

MD5
eca929c7cc584a5e100221327fa7c9df

SHA1
f7ff1a6ca0b7782303ed683960f9e6518ac8a74b

SHA256
117f4f96d58de793567a71bcdb9352b5c50413021c56cd7dd40b0e4b97314689

SHA512
9828eb07f7dd7894c5f9a8443033724c5f3aea1cee1f64e7b7afb974800abd7c8bcdd3ab6100d26d0b3e8e98c18ddc9b385d2a491c367346adb5f7e7b6bece1a

Download Submit
C:\Windows\System\RBpRytr.exe

Filesize
2.3MB

MD5
7907301079f7425e2bb506da86f0e937

SHA1
03e19a18b202d5d0865ba2ef9a3d1a55937cb334

SHA256
3bc7212e22d2f3a609139fb8697ec0c49c5947ac4f1510289440c6f0c6745b90

SHA512
e11204c42649d5958a5ffc2cf2c99b51717736a9ebe28bf034c76013cadc4df3660d8f02377cadec40085438de2168aadfde8bd619f5c5cb16f79952f5d8dbcd

Download Submit
C:\Windows\System\UeuMpAb.exe

Filesize
2.3MB

MD5
1408771780f6dd0b8510693ee34d9aa9

SHA1
5b8cdb574f0598292d17a40c476785c58fe5c05c

SHA256
c8bce1d55090e9160507b125884f485b83e98969956e17eb087bf6184c755a93

SHA512
1944fbdc0ca653cd051a10f4f7b34390841188c9f9c45b9df8875644d82f0431759fd47a9c5a30d33d6f03d24a5390493d699bd47c470beffd008eebf0e8be90

Download Submit
C:\Windows\System\UiSUufN.exe

Filesize
2.3MB

MD5
c94a4ae5c1758ce72a46160208fa181c

SHA1
a9ffaba920d2e905a8db5852ccece350eda6e921

SHA256
4332074d99277a00268b093ae96a53cc79d5306248ef0de1c56b82bb925db1cf

SHA512
2b985ff6b9cc070e92acb3b4fba62720a851b6554eb1259a14c0f03ba7273c035b75c888b334c8df84d5a4007443163e32349bfa6de8565ab50c41eea4feedbd

Download Submit
C:\Windows\System\UiYxAEC.exe

Filesize
2.3MB

MD5
a519eceff9e4a9a603cabfdd17805222

SHA1
57120710d8b8258c6450dbfa3b02ab6b108fac88

SHA256
a35c37104be01dd6b65201c6b568ae9d4fbf3d3d7b441f689bd610e37ce84856

SHA512
3920a3fb88f3b1358e2d22ddf8b5c7e86cbab43bcabd5af3627e2e907eae384e46cf5d07dbbb72953a0897302dedd85346603154880e1712cc28f169e23c03b6

Download Submit
C:\Windows\System\YgANwqb.exe

Filesize
2.3MB

MD5
9f97b36d34262235b07b1013fdfd3dc6

SHA1
f95c19b264920794f6ed2bc8330c9de6c1a0c932

SHA256
a894eac9ef5c8f36700dffc35c23d5af5cc70309168aaf480fe72762fcd8898a

SHA512
a47b4b3ccb96883b12175133787ec25dbf68b37d5d31e7256cd25e94bca751904385d92e82aefedc9f7b9c68f06203956c1fcd2005c6c5c62365429509ce0749

Download Submit
C:\Windows\System\afWCFYx.exe

Filesize
2.3MB

MD5
612980ff859f0e39bac1142a5c8ee4a4

SHA1
7c455a293dff47b5b9c4fb6f4041e6b0e43230be

SHA256
1c37bbd4f2c0a0a1b3b85a1f86ec3730674e8f75027f1c568f1457e33b1d2150

SHA512
31c36a9d3fc0cc7adeed1d4654ea92a79524ac172ed955673dd2d217858f9ddf7f2cabc42f4da20d124db63a6915991e3a396a07c77f0da5474872bcded5e31e

Download Submit
C:\Windows\System\cAEeawm.exe

Filesize
2.3MB

MD5
d49e5a05030bdfcdf32a14760058f097

SHA1
f4cbc682d8cc38e8cc324144d663a36757be453c

SHA256
8447d862c964df987c99f9a508f8009be49c7ac29a24d9db511a55062c3c202d

SHA512
e08a625f50b0ad29e48a997f8225cfe372e31c37d714710519cc79989586592a767d82e4542bac5afafaad0d34f5ed1452f250f383b3cefc81d12e10880c93c1

Download Submit
C:\Windows\System\dKrkhxd.exe

Filesize
2.3MB

MD5
65bb8bba4c03f2992310489774c8abce

SHA1
eb18735b267dc9495a9990cff35707af04a2436b

SHA256
7c2c25fd034ed9589e6771d4ef5a9ae829f156b2c5a354b8db38ecf399c3565a

SHA512
6abaf1659f3b7139746646a19bf7948abea0eb7efb4e4ecd40ff8ff8bd2c0654edb5e8fda899dc3c7ef8f627515a5031bfca0dcdfb742cd9486e48500063d6ec

Download Submit
C:\Windows\System\dSHlrLA.exe

Filesize
2.3MB

MD5
505785e2722a3fceefe21054aa4e3ece

SHA1
484eb2027c1ae3c69a1b32adee679e16fa3ff0ba

SHA256
8790d973316c2e21255cba04bc125d9ae381e3f6a037001837d0634fbcca30dc

SHA512
88133c47538bfb12431792c5fb12555fce30b39998b1445ad1ebff04b0b81adc438e66344115091e144ea872d74b1c9c983bec6937d9690939304939658875b6

Download Submit
C:\Windows\System\djkUdZt.exe

Filesize
2.3MB

MD5
2a2e55800e7d916b9b4df13b15267b63

SHA1
351bf960a0753d38502e48ec7d0a617dec2dbf45

SHA256
99da49c824331a307d83f850251f4828e9869b04809ef3a6abeef2971e0f3d4f

SHA512
4dd9f9f7db5bdd23685c4e6f0915368f63cb4d2275a197ec4d932b65fc5fc7952226c1c86396244b5e61e2c638a7f33d732cde1b912d4b54f565fb95b95418ab

Download Submit
C:\Windows\System\eRnPGtX.exe

Filesize
2.3MB

MD5
cedaf1a4898503315ef6862984a22c89

SHA1
b1ef934119c594c2dc94e85f35f38f43efc4371d

SHA256
ca5c4d3d48f1931b1860390d0aecfc3a331dc2a63822ca7aa103c8250d5c2d35

SHA512
5164d4894a48037371cbdefaf5fc9f0788b3779a9257da42e69cb44b1e42db4fee8a4a65366170fd8aa9649433391fcf1f03891072784f3cc4f671a1747278b2

Download Submit
C:\Windows\System\eyNjQPi.exe

Filesize
2.3MB

MD5
97b9364ceea38eb08f6f400873862a84

SHA1
f7301fab008d7878ebd70a9f3ca92faf29a9da22

SHA256
a3026376dc20f84a727ef4333d90c9e0300a238ec3ce2f249d570ea48fa712b9

SHA512
ac45ff5ca4b379b842a6df99dd9ed6bf6fd02a5d24a48cff9828050e81bc10625ae277c48bea8f2bf8b6da86726e5b15e41c7bf84cc9f9b51de4e1de6e8af28f

Download Submit
C:\Windows\System\fYMtpdn.exe

Filesize
2.3MB

MD5
64e884fe17ab08b28eb56257c7ba32a0

SHA1
cf66b0fee1e2891a2922f1c5804eb262f8c12167

SHA256
8475508437a7b4ef77715e447374afab75c3cf1e7ec1a964e5c63479da86864c

SHA512
1f542b88a08fa3e22b6616a9242624829a1e13f6cdf65862adf0c647763cf6bf4cc77cb60780cdcca8ca2c5ce175ca382026899b38e5a6fd9f7f6cce823bbad7

Download Submit
C:\Windows\System\hJCCTJb.exe

Filesize
2.3MB

MD5
10fc5c24c1966e7568d3c3683f164c2d

SHA1
a109eadc4ed6071febf70fe05f6b9330e228d739

SHA256
4206af909ec65e192d58e80ac06f3f8745db4cfb0ac415ab0f2efcb82098a2c1

SHA512
84b2d6bf08793c82548be92c8fd0520c3a358ca91d18234756cda36145b86735a42ec0bd15b4e7a3baf8776efbc9ff48609dd277ea0f99c70bc4ec22914eb99a

Download Submit
C:\Windows\System\hVBJLnq.exe

Filesize
2.3MB

MD5
a2388a44849a50fabd6f682c19adb1ef

SHA1
ad26c5a8abc55c0ae7a94b179a07dbc96afe2d4f

SHA256
b39687b1158d2d6f17aed383792e581a4230c47757c3d1dad5d79e79618e0293

SHA512
400ad4bfbf7f8c7cab9f9e63470e1ac63f0537a4f1d46595d14cdfd0dea99dc6761682ae1452e057d5f7349949f9f4b78e7b4d21786a2f2e42aa33b793ad33c8

Download Submit
C:\Windows\System\iadmCMY.exe

Filesize
2.3MB

MD5
3ea1954525ca1fd8fed24869599f8f42

SHA1
b8326e45bdf399f966caa6b00f1bb490eb64c6a5

SHA256
5263451951273818511c577480d42457ed62da9b98c39e42b1ad7298b487b533

SHA512
16fb54f0acf98252074f8d7a5f544deeffe78949e4fe42ac3aa9ec3befd5a555cbb91c3f9c2bff29289496e72db339f55489ac333339ec35c866ce1dd089cf05

Download Submit
C:\Windows\System\iwmfBLZ.exe

Filesize
2.3MB

MD5
b23bb0d24e821aed8afe37f2b06eb732

SHA1
225204744d1372fce54ce6dee212745b5caaedfc

SHA256
838823653548dfd5108505bee7d4627387eecec26642d716fe91433132d8cca2

SHA512
80eddfc704189f116b169ca8d4d257e8bcab8140628d89ebf3b6a6c688e6cdd0d761cbc09b44051a578667748b7d53ba2be7541b9f4345d6b37e8f26f700acd5

Download Submit
C:\Windows\System\kLzdvHf.exe

Filesize
2.3MB

MD5
e9af6b4b35253e4ebbcc4c29b052d1f8

SHA1
50e70924db123d2cd3eecc2b9af35e81cca2026e

SHA256
5adaf166038215bbd88a28217a58b3bb71915e9142871bc7bbe90b345d597b7e

SHA512
13de6516e56dd09bc386ec578e6788ac2b3b5c7ce35a3462a41d0ab77e6d9a7fce1d07df47976dd47bb619b81f74e89feb82d6ce6fe7c9213226d0700e4f8e6a

Download Submit
C:\Windows\System\mnNKFnZ.exe

Filesize
2.3MB

MD5
efd8320ccf36eab237e9ae18aca58ba5

SHA1
e97889851b031810f8c189d9368419e25e93b2f5

SHA256
183751873102ff022f005da979ccb45a9d8a80875ba0b1dfbdbe1ca347b80164

SHA512
0c86a18032c373a22ee9795b632e700b9ae2c4d9b8796a748369f85a2d5b2767ed744946919182a307a8c870e31254f8a01bdfbb3f4cb41ef5ed2f940d1e6904

Download Submit
C:\Windows\System\pOCyGto.exe

Filesize
2.3MB

MD5
399a8148f884ea88b1a519a002d5474f

SHA1
3f41c7a7d97b727fda23e12642063bfda2e7d36d

SHA256
9a25cfdc22e2b949e18d4faff9fed678712be82b9ba4e3902446b40adacfc2c2

SHA512
ee3272a36828eac276ca9358b6a49f090f41e00493dc5b67e634d1fc401d5aa3abd31ffd671a74a41b4b79f5db9871057b1c6e5181927ef9a1d5067b965d4a03

Download Submit
C:\Windows\System\pcIUEFO.exe

Filesize
2.3MB

MD5
5e6e7415ac5a3d27ad39a299570ec5cc

SHA1
dbec8fa7b5cfd610535e5c412c391e0434d8c3ba

SHA256
4a5f3e8a21a1cb4df06b887cfecc0f69fab8a8509f8182e2cbb993deee1de5ef

SHA512
a73b2448f736e1739642ace173d20a0ce7585a2a7528f4d50ef1b94aa7d632faac37622cb963bf72e08cbbd5d4b9584ff40dddc79cca30ef5cb9b8b6d1d46319

Download Submit
C:\Windows\System\rTeuRKd.exe

Filesize
2.3MB

MD5
c365d5be0209ecbaa170dd469344e383

SHA1
6ce39b1005f787715f3fb372062856956d2c5a7e

SHA256
59e77eab80d911472c57d2851d7ac4a4044c36261173fcce7aed0af9cdf57cc7

SHA512
fc5de450ac16ef6700d262bc51584176eb0ad19f9966f72f6fdecb9483c240ee6c2a2dc7dfb1748c1a1496a51308053425a2e159b39e9d2881f92f4454e2bc04

Download Submit
C:\Windows\System\tHqIXky.exe

Filesize
2.3MB

MD5
c604422fe1315fa159e97251438d0da4

SHA1
194c03b40f8bdad542beb39c5fe7bcdcc0281f16

SHA256
39f2f478c4d97deb22749a9753e5d762096a34313afa914cce384842b6e4f653

SHA512
8b14d346ed3270469b4bf67a716664993fcfebbcfec35b51d3f07dbeb0697fe77aa5ca92235e7b5719ebcf8baa071e22007848e0feeb588c788a772236f2483e

Download Submit
C:\Windows\System\zkHebJu.exe

Filesize
2.3MB

MD5
a27ba723c4c7249eabf245506e0f4448

SHA1
aad76ee26400cb4f7216f3dfd22f8c7986a41097

SHA256
078aa02f3fda455934110d214649fd1b479efc2e40c48aca01117ebddaa7c4e5

SHA512
5c90f794520c938883e7c971b371119bfc6a32be4d73c9cac0f841924ddb702a4c9014e254e2d4817b9ddc3531967c343fc71b6b789d879bae793c96af7ab27f

Download Submit
memory/368-2226-0x00007FF62FB40000-0x00007FF62FE94000-memory.dmp

Filesize
3.3MB

Download
memory/368-130-0x00007FF62FB40000-0x00007FF62FE94000-memory.dmp

Filesize
3.3MB

Download
memory/368-2259-0x00007FF62FB40000-0x00007FF62FE94000-memory.dmp

Filesize
3.3MB

Download
memory/812-2248-0x00007FF78ACB0000-0x00007FF78B004000-memory.dmp

Filesize
3.3MB

Download
memory/812-149-0x00007FF78ACB0000-0x00007FF78B004000-memory.dmp

Filesize
3.3MB

Download
memory/812-57-0x00007FF78ACB0000-0x00007FF78B004000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2236-0x00007FF6AD2F0000-0x00007FF6AD644000-memory.dmp

Filesize
3.3MB

Download
memory/1204-21-0x00007FF6AD2F0000-0x00007FF6AD644000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2257-0x00007FF7A2F00000-0x00007FF7A3254000-memory.dmp

Filesize
3.3MB

Download
memory/1272-143-0x00007FF7A2F00000-0x00007FF7A3254000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2229-0x00007FF7A2F00000-0x00007FF7A3254000-memory.dmp

Filesize
3.3MB

Download
memory/1296-2233-0x00007FF79F1B0000-0x00007FF79F504000-memory.dmp

Filesize
3.3MB

Download
memory/1296-171-0x00007FF79F1B0000-0x00007FF79F504000-memory.dmp

Filesize
3.3MB

Download
memory/1296-2254-0x00007FF79F1B0000-0x00007FF79F504000-memory.dmp

Filesize
3.3MB

Download
memory/1352-1578-0x00007FF7748C0000-0x00007FF774C14000-memory.dmp

Filesize
3.3MB

Download
memory/1352-98-0x00007FF7748C0000-0x00007FF774C14000-memory.dmp

Filesize
3.3MB

Download
memory/1352-2249-0x00007FF7748C0000-0x00007FF774C14000-memory.dmp

Filesize
3.3MB

Download
memory/1448-2232-0x00007FF605E00000-0x00007FF606154000-memory.dmp

Filesize
3.3MB

Download
memory/1448-158-0x00007FF605E00000-0x00007FF606154000-memory.dmp

Filesize
3.3MB

Download
memory/1448-2255-0x00007FF605E00000-0x00007FF606154000-memory.dmp

Filesize
3.3MB

Download
memory/1700-1-0x0000029DDECC0000-0x0000029DDECD0000-memory.dmp

Filesize
64KB

Download
memory/1700-0-0x00007FF740BB0000-0x00007FF740F04000-memory.dmp

Filesize
3.3MB

Download
memory/1700-84-0x00007FF740BB0000-0x00007FF740F04000-memory.dmp

Filesize
3.3MB

Download
memory/2072-83-0x00007FF73C4D0000-0x00007FF73C824000-memory.dmp

Filesize
3.3MB

Download
memory/2072-172-0x00007FF73C4D0000-0x00007FF73C824000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2245-0x00007FF73C4D0000-0x00007FF73C824000-memory.dmp

Filesize
3.3MB

Download
memory/2148-62-0x00007FF7F0130000-0x00007FF7F0484000-memory.dmp

Filesize
3.3MB

Download
memory/2148-2242-0x00007FF7F0130000-0x00007FF7F0484000-memory.dmp

Filesize
3.3MB

Download
memory/2148-156-0x00007FF7F0130000-0x00007FF7F0484000-memory.dmp

Filesize
3.3MB

Download
memory/2200-185-0x00007FF6F38C0000-0x00007FF6F3C14000-memory.dmp

Filesize
3.3MB

Download
memory/2200-2251-0x00007FF6F38C0000-0x00007FF6F3C14000-memory.dmp

Filesize
3.3MB

Download
memory/2240-2258-0x00007FF7D2140000-0x00007FF7D2494000-memory.dmp

Filesize
3.3MB

Download
memory/2240-2228-0x00007FF7D2140000-0x00007FF7D2494000-memory.dmp

Filesize
3.3MB

Download
memory/2240-137-0x00007FF7D2140000-0x00007FF7D2494000-memory.dmp

Filesize
3.3MB

Download
memory/2456-2244-0x00007FF649920000-0x00007FF649C74000-memory.dmp

Filesize
3.3MB

Download
memory/2456-90-0x00007FF649920000-0x00007FF649C74000-memory.dmp

Filesize
3.3MB

Download
memory/2456-179-0x00007FF649920000-0x00007FF649C74000-memory.dmp

Filesize
3.3MB

Download
memory/2732-97-0x00007FF672200000-0x00007FF672554000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2235-0x00007FF672200000-0x00007FF672554000-memory.dmp

Filesize
3.3MB

Download
memory/2732-8-0x00007FF672200000-0x00007FF672554000-memory.dmp

Filesize
3.3MB

Download
memory/2760-191-0x00007FF70FBD0000-0x00007FF70FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2260-0x00007FF70FBD0000-0x00007FF70FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2240-0x00007FF72B480000-0x00007FF72B7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-43-0x00007FF72B480000-0x00007FF72B7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-123-0x00007FF72B480000-0x00007FF72B7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3432-91-0x00007FF652BD0000-0x00007FF652F24000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2239-0x00007FF652BD0000-0x00007FF652F24000-memory.dmp

Filesize
3.3MB

Download
memory/3432-28-0x00007FF652BD0000-0x00007FF652F24000-memory.dmp

Filesize
3.3MB

Download
memory/3684-2262-0x00007FF794B50000-0x00007FF794EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3684-1975-0x00007FF794B50000-0x00007FF794EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3684-116-0x00007FF794B50000-0x00007FF794EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3692-2261-0x00007FF66ACB0000-0x00007FF66B004000-memory.dmp

Filesize
3.3MB

Download
memory/3692-117-0x00007FF66ACB0000-0x00007FF66B004000-memory.dmp

Filesize
3.3MB

Download
memory/3720-51-0x00007FF7998B0000-0x00007FF799C04000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2241-0x00007FF7998B0000-0x00007FF799C04000-memory.dmp

Filesize
3.3MB

Download
memory/3720-136-0x00007FF7998B0000-0x00007FF799C04000-memory.dmp

Filesize
3.3MB

Download
memory/3732-2234-0x00007FF61C860000-0x00007FF61CBB4000-memory.dmp

Filesize
3.3MB

Download
memory/3732-2252-0x00007FF61C860000-0x00007FF61CBB4000-memory.dmp

Filesize
3.3MB

Download
memory/3732-178-0x00007FF61C860000-0x00007FF61CBB4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-104-0x00007FF6F8280000-0x00007FF6F85D4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-1586-0x00007FF6F8280000-0x00007FF6F85D4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-2250-0x00007FF6F8280000-0x00007FF6F85D4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-2238-0x00007FF74C970000-0x00007FF74CCC4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-34-0x00007FF74C970000-0x00007FF74CCC4000-memory.dmp

Filesize
3.3MB

Download
memory/4052-2230-0x00007FF669CA0000-0x00007FF669FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4052-150-0x00007FF669CA0000-0x00007FF669FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4052-2256-0x00007FF669CA0000-0x00007FF669FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-2253-0x00007FF7854A0000-0x00007FF7857F4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-164-0x00007FF7854A0000-0x00007FF7857F4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-2231-0x00007FF7854A0000-0x00007FF7857F4000-memory.dmp

Filesize
3.3MB

Download
memory/4396-25-0x00007FF6A25F0000-0x00007FF6A2944000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2237-0x00007FF6A25F0000-0x00007FF6A2944000-memory.dmp

Filesize
3.3MB

Download
memory/4396-110-0x00007FF6A25F0000-0x00007FF6A2944000-memory.dmp

Filesize
3.3MB

Download
memory/4656-165-0x00007FF746E70000-0x00007FF7471C4000-memory.dmp

Filesize
3.3MB

Download
memory/4656-77-0x00007FF746E70000-0x00007FF7471C4000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2243-0x00007FF746E70000-0x00007FF7471C4000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2247-0x00007FF6475E0000-0x00007FF647934000-memory.dmp

Filesize
3.3MB

Download
memory/4976-71-0x00007FF6475E0000-0x00007FF647934000-memory.dmp

Filesize
3.3MB

Download
memory/5020-124-0x00007FF747760000-0x00007FF747AB4000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2263-0x00007FF747760000-0x00007FF747AB4000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2227-0x00007FF747760000-0x00007FF747AB4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-157-0x00007FF6B5310000-0x00007FF6B5664000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2246-0x00007FF6B5310000-0x00007FF6B5664000-memory.dmp

Filesize
3.3MB

Download
memory/5072-63-0x00007FF6B5310000-0x00007FF6B5664000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads