xmrig | 9cff6571ddc7fa611ff31b65b1c2378165588229885696b379f66cb836a47f27

Analysis

max time kernel
130s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 06:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
Size

1.6MB
MD5

4a1735fab580bdb2e019e523812df800
SHA1

6dafb35c4927f73677180a2b980aeb2a2fb7ca10
SHA256

9cff6571ddc7fa611ff31b65b1c2378165588229885696b379f66cb836a47f27
SHA512

4773c304ed9b5cf3072b17b2867339a9cdaf1a7d3826c6ba4f5b8c8576fe3beb70cacb36340121179c45013437c5d26c813405969be8bcac90bc845ff4900347
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727XL1+Kwen8Z2IXW4zO1dYXKJB+exGeVU8yAj:ROdWCCi7/rahHxlUyBGY

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral2/memory/3416-47-0x00007FF6DA3B0000-0x00007FF6DA701000-memory.dmp	xmrig
behavioral2/memory/2820-54-0x00007FF6D4110000-0x00007FF6D4461000-memory.dmp	xmrig
behavioral2/memory/4688-55-0x00007FF7F0090000-0x00007FF7F03E1000-memory.dmp	xmrig
behavioral2/memory/432-80-0x00007FF6D18E0000-0x00007FF6D1C31000-memory.dmp	xmrig
behavioral2/memory/3808-79-0x00007FF77B0B0000-0x00007FF77B401000-memory.dmp	xmrig
behavioral2/memory/8-71-0x00007FF7E2010000-0x00007FF7E2361000-memory.dmp	xmrig
behavioral2/memory/2208-67-0x00007FF7A4280000-0x00007FF7A45D1000-memory.dmp	xmrig
behavioral2/memory/436-13-0x00007FF6024B0000-0x00007FF602801000-memory.dmp	xmrig
behavioral2/memory/1008-103-0x00007FF691DA0000-0x00007FF6920F1000-memory.dmp	xmrig
behavioral2/memory/1672-88-0x00007FF757BF0000-0x00007FF757F41000-memory.dmp	xmrig
behavioral2/memory/1588-380-0x00007FF74C560000-0x00007FF74C8B1000-memory.dmp	xmrig
behavioral2/memory/396-494-0x00007FF78F690000-0x00007FF78F9E1000-memory.dmp	xmrig
behavioral2/memory/1036-486-0x00007FF6FAEB0000-0x00007FF6FB201000-memory.dmp	xmrig
behavioral2/memory/436-416-0x00007FF6024B0000-0x00007FF602801000-memory.dmp	xmrig
behavioral2/memory/2328-387-0x00007FF790FC0000-0x00007FF791311000-memory.dmp	xmrig
behavioral2/memory/4488-302-0x00007FF6B18C0000-0x00007FF6B1C11000-memory.dmp	xmrig
behavioral2/memory/5036-268-0x00007FF73BDB0000-0x00007FF73C101000-memory.dmp	xmrig
behavioral2/memory/3464-241-0x00007FF748B90000-0x00007FF748EE1000-memory.dmp	xmrig
behavioral2/memory/3656-236-0x00007FF694850000-0x00007FF694BA1000-memory.dmp	xmrig
behavioral2/memory/4072-194-0x00007FF703690000-0x00007FF7039E1000-memory.dmp	xmrig
behavioral2/memory/5084-182-0x00007FF6F8FD0000-0x00007FF6F9321000-memory.dmp	xmrig
behavioral2/memory/4256-162-0x00007FF753F80000-0x00007FF7542D1000-memory.dmp	xmrig
behavioral2/memory/2356-1771-0x00007FF7E9470000-0x00007FF7E97C1000-memory.dmp	xmrig
behavioral2/memory/1232-1787-0x00007FF6FD800000-0x00007FF6FDB51000-memory.dmp	xmrig
behavioral2/memory/2520-1783-0x00007FF7C6880000-0x00007FF7C6BD1000-memory.dmp	xmrig
behavioral2/memory/8-2244-0x00007FF7E2010000-0x00007FF7E2361000-memory.dmp	xmrig
behavioral2/memory/1600-2245-0x00007FF7408D0000-0x00007FF740C21000-memory.dmp	xmrig
behavioral2/memory/4436-2278-0x00007FF6C0370000-0x00007FF6C06C1000-memory.dmp	xmrig
behavioral2/memory/1964-2279-0x00007FF642690000-0x00007FF6429E1000-memory.dmp	xmrig
behavioral2/memory/224-2280-0x00007FF720A00000-0x00007FF720D51000-memory.dmp	xmrig
behavioral2/memory/5084-2282-0x00007FF6F8FD0000-0x00007FF6F9321000-memory.dmp	xmrig
behavioral2/memory/3524-2281-0x00007FF79F410000-0x00007FF79F761000-memory.dmp	xmrig
behavioral2/memory/436-2285-0x00007FF6024B0000-0x00007FF602801000-memory.dmp	xmrig
behavioral2/memory/3416-2287-0x00007FF6DA3B0000-0x00007FF6DA701000-memory.dmp	xmrig
behavioral2/memory/2820-2291-0x00007FF6D4110000-0x00007FF6D4461000-memory.dmp	xmrig
behavioral2/memory/2356-2289-0x00007FF7E9470000-0x00007FF7E97C1000-memory.dmp	xmrig
behavioral2/memory/2520-2293-0x00007FF7C6880000-0x00007FF7C6BD1000-memory.dmp	xmrig
behavioral2/memory/3120-2301-0x00007FF73EB50000-0x00007FF73EEA1000-memory.dmp	xmrig
behavioral2/memory/8-2303-0x00007FF7E2010000-0x00007FF7E2361000-memory.dmp	xmrig
behavioral2/memory/2208-2299-0x00007FF7A4280000-0x00007FF7A45D1000-memory.dmp	xmrig
behavioral2/memory/4688-2297-0x00007FF7F0090000-0x00007FF7F03E1000-memory.dmp	xmrig
behavioral2/memory/1232-2295-0x00007FF6FD800000-0x00007FF6FDB51000-memory.dmp	xmrig
behavioral2/memory/1600-2309-0x00007FF7408D0000-0x00007FF740C21000-memory.dmp	xmrig
behavioral2/memory/432-2307-0x00007FF6D18E0000-0x00007FF6D1C31000-memory.dmp	xmrig
behavioral2/memory/3808-2305-0x00007FF77B0B0000-0x00007FF77B401000-memory.dmp	xmrig
behavioral2/memory/1672-2354-0x00007FF757BF0000-0x00007FF757F41000-memory.dmp	xmrig
behavioral2/memory/1008-2356-0x00007FF691DA0000-0x00007FF6920F1000-memory.dmp	xmrig
behavioral2/memory/4436-2358-0x00007FF6C0370000-0x00007FF6C06C1000-memory.dmp	xmrig
behavioral2/memory/1964-2360-0x00007FF642690000-0x00007FF6429E1000-memory.dmp	xmrig
behavioral2/memory/224-2362-0x00007FF720A00000-0x00007FF720D51000-memory.dmp	xmrig
behavioral2/memory/3524-2406-0x00007FF79F410000-0x00007FF79F761000-memory.dmp	xmrig
behavioral2/memory/4256-2408-0x00007FF753F80000-0x00007FF7542D1000-memory.dmp	xmrig
behavioral2/memory/4072-2410-0x00007FF703690000-0x00007FF7039E1000-memory.dmp	xmrig
behavioral2/memory/3656-2412-0x00007FF694850000-0x00007FF694BA1000-memory.dmp	xmrig
behavioral2/memory/3464-2414-0x00007FF748B90000-0x00007FF748EE1000-memory.dmp	xmrig
behavioral2/memory/5036-2428-0x00007FF73BDB0000-0x00007FF73C101000-memory.dmp	xmrig
behavioral2/memory/5084-2416-0x00007FF6F8FD0000-0x00007FF6F9321000-memory.dmp	xmrig
behavioral2/memory/4488-2424-0x00007FF6B18C0000-0x00007FF6B1C11000-memory.dmp	xmrig
behavioral2/memory/396-2436-0x00007FF78F690000-0x00007FF78F9E1000-memory.dmp	xmrig
behavioral2/memory/1588-2419-0x00007FF74C560000-0x00007FF74C8B1000-memory.dmp	xmrig
behavioral2/memory/1036-2432-0x00007FF6FAEB0000-0x00007FF6FB201000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
436	FGTmaqc.exe
2356	ELdZKNi.exe
3416	FkNEifM.exe
2520	HMKsGYj.exe
1232	cPedbyT.exe
2820	roLzDNA.exe
4688	SASUqEo.exe
2208	AhppYqK.exe
3120	IhTgpLO.exe
8	YDwYKCQ.exe
3808	VPrxmSN.exe
432	QWjCaou.exe
1600	lTVkQmm.exe
1672	kAgsCxk.exe
4436	zmBpDLD.exe
1008	kfFszcQ.exe
1964	qaUhLJo.exe
224	ZXbRoWl.exe
3524	wyYNWLF.exe
4256	GdYkxYd.exe
5084	zsDPKBo.exe
4072	tTuUEkN.exe
3656	UZGhBlM.exe
3464	BbWjREn.exe
1036	ATfOxfv.exe
396	apmyGCt.exe
5036	mctJfYQ.exe
4488	KyDPcAy.exe
1588	NZSLmYU.exe
4100	oGJyhmm.exe
1692	SNLmRTr.exe
2668	HzKzBtu.exe
3116	GhpwrwK.exe
920	ZrMjXwh.exe
2148	hMZsJZj.exe
4660	ABYnGXF.exe
5112	pbrzFNN.exe
3704	Zoywhyg.exe
3708	JJJFyzE.exe
4160	yKMYHFL.exe
1800	IbVoPWG.exe
924	VRSKTIC.exe
4536	nnIqVgu.exe
1684	VnldATI.exe
1944	KKiDOCR.exe
1112	ttNYcKd.exe
2828	bPCdBqL.exe
4380	BEKZJRI.exe
4928	KNwLWdd.exe
3828	wqRCzPg.exe
868	jbkFDvR.exe
4372	rwGHxHK.exe
1280	acjmhCh.exe
2948	SAipLgr.exe
1408	VQIqlQI.exe
1584	IKcHHgU.exe
1080	FIKtWGv.exe
4988	ExgXhKB.exe
1444	AHegVez.exe
5076	dYrabhM.exe
760	VKCZKih.exe
2616	WsTpNDZ.exe
4920	Rvhczuy.exe
3028	hGbfEUD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2328-0-0x00007FF790FC0000-0x00007FF791311000-memory.dmp	upx
behavioral2/files/0x00090000000233e2-5.dat	upx
behavioral2/memory/2356-17-0x00007FF7E9470000-0x00007FF7E97C1000-memory.dmp	upx
behavioral2/files/0x00070000000233f7-36.dat	upx
behavioral2/memory/3416-47-0x00007FF6DA3B0000-0x00007FF6DA701000-memory.dmp	upx
behavioral2/memory/2820-54-0x00007FF6D4110000-0x00007FF6D4461000-memory.dmp	upx
behavioral2/memory/4688-55-0x00007FF7F0090000-0x00007FF7F03E1000-memory.dmp	upx
behavioral2/files/0x00070000000233fd-65.dat	upx
behavioral2/files/0x00070000000233fe-72.dat	upx
behavioral2/files/0x0007000000023400-77.dat	upx
behavioral2/memory/432-80-0x00007FF6D18E0000-0x00007FF6D1C31000-memory.dmp	upx
behavioral2/memory/3808-79-0x00007FF77B0B0000-0x00007FF77B401000-memory.dmp	upx
behavioral2/memory/1600-76-0x00007FF7408D0000-0x00007FF740C21000-memory.dmp	upx
behavioral2/files/0x00070000000233ff-74.dat	upx
behavioral2/memory/8-71-0x00007FF7E2010000-0x00007FF7E2361000-memory.dmp	upx
behavioral2/memory/2208-67-0x00007FF7A4280000-0x00007FF7A45D1000-memory.dmp	upx
behavioral2/files/0x00070000000233fc-60.dat	upx
behavioral2/memory/3120-58-0x00007FF73EB50000-0x00007FF73EEA1000-memory.dmp	upx
behavioral2/files/0x00070000000233fa-49.dat	upx
behavioral2/files/0x00070000000233fb-45.dat	upx
behavioral2/files/0x00070000000233f8-42.dat	upx
behavioral2/memory/1232-35-0x00007FF6FD800000-0x00007FF6FDB51000-memory.dmp	upx
behavioral2/memory/2520-31-0x00007FF7C6880000-0x00007FF7C6BD1000-memory.dmp	upx
behavioral2/files/0x00080000000233f5-28.dat	upx
behavioral2/files/0x00070000000233f9-27.dat	upx
behavioral2/files/0x00080000000233f6-24.dat	upx
behavioral2/memory/436-13-0x00007FF6024B0000-0x00007FF602801000-memory.dmp	upx
behavioral2/files/0x0007000000023401-83.dat	upx
behavioral2/files/0x00090000000233e9-89.dat	upx
behavioral2/files/0x0007000000023402-95.dat	upx
behavioral2/files/0x0007000000023405-106.dat	upx
behavioral2/files/0x0007000000023404-105.dat	upx
behavioral2/files/0x0007000000023403-104.dat	upx
behavioral2/memory/1008-103-0x00007FF691DA0000-0x00007FF6920F1000-memory.dmp	upx
behavioral2/memory/4436-100-0x00007FF6C0370000-0x00007FF6C06C1000-memory.dmp	upx
behavioral2/memory/1672-88-0x00007FF757BF0000-0x00007FF757F41000-memory.dmp	upx
behavioral2/memory/1964-110-0x00007FF642690000-0x00007FF6429E1000-memory.dmp	upx
behavioral2/memory/3524-123-0x00007FF79F410000-0x00007FF79F761000-memory.dmp	upx
behavioral2/memory/224-121-0x00007FF720A00000-0x00007FF720D51000-memory.dmp	upx
behavioral2/files/0x000700000002340a-148.dat	upx
behavioral2/files/0x0007000000023409-146.dat	upx
behavioral2/files/0x0007000000023408-143.dat	upx
behavioral2/files/0x0007000000023407-139.dat	upx
behavioral2/memory/1588-380-0x00007FF74C560000-0x00007FF74C8B1000-memory.dmp	upx
behavioral2/memory/396-494-0x00007FF78F690000-0x00007FF78F9E1000-memory.dmp	upx
behavioral2/memory/1036-486-0x00007FF6FAEB0000-0x00007FF6FB201000-memory.dmp	upx
behavioral2/memory/436-416-0x00007FF6024B0000-0x00007FF602801000-memory.dmp	upx
behavioral2/memory/2328-387-0x00007FF790FC0000-0x00007FF791311000-memory.dmp	upx
behavioral2/memory/4488-302-0x00007FF6B18C0000-0x00007FF6B1C11000-memory.dmp	upx
behavioral2/memory/5036-268-0x00007FF73BDB0000-0x00007FF73C101000-memory.dmp	upx
behavioral2/memory/3464-241-0x00007FF748B90000-0x00007FF748EE1000-memory.dmp	upx
behavioral2/memory/3656-236-0x00007FF694850000-0x00007FF694BA1000-memory.dmp	upx
behavioral2/memory/4072-194-0x00007FF703690000-0x00007FF7039E1000-memory.dmp	upx
behavioral2/files/0x0007000000023418-192.dat	upx
behavioral2/files/0x0007000000023412-187.dat	upx
behavioral2/files/0x0007000000023417-186.dat	upx
behavioral2/memory/5084-182-0x00007FF6F8FD0000-0x00007FF6F9321000-memory.dmp	upx
behavioral2/files/0x0007000000023415-180.dat	upx
behavioral2/files/0x0007000000023419-193.dat	upx
behavioral2/files/0x0007000000023414-178.dat	upx
behavioral2/files/0x0007000000023413-177.dat	upx
behavioral2/files/0x000700000002340b-176.dat	upx
behavioral2/files/0x0007000000023411-172.dat	upx
behavioral2/files/0x0007000000023410-171.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pATAkpi.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\FxPcgEE.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\IfpdEbq.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\xXtveET.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\MKkYpwR.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\lzDKcxL.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\IfMmmvD.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\PfQUXkj.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\cEaJLNJ.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\ijocQVS.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\zhsvEtm.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\kjsvBnH.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\mphWHWr.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\NoijnKl.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\OUPDbuv.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\LXaycXI.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\PbXpAPc.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\gpXfyIE.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\WbbTJcy.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\QWjCaou.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\IKcHHgU.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\rrJcanv.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\IIWkbBK.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\qDSzrxq.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\pzjcKZQ.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\izKajfa.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\LmXQOAO.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\HMKsGYj.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\DIXpXhQ.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\GwKSPBx.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\KUniMem.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\gPkOkqi.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\AjCAgeC.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\uAnYMxo.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\xqljWfs.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\tRJdkwl.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\rVWTHRm.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\mnqhLNZ.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\fpbtycl.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\TQemWSd.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\Rvhczuy.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\elwZEpJ.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\ujaCnbt.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\aTzrdFb.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\sDWjSMd.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\ROWQaFr.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\wZkFYMe.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\ZOLeZcq.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\ZnIBAEh.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\uSYfFSW.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\YYTmtMH.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\paScyHo.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\HNEFNBS.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\MUOzIiw.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\smUBQMw.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\fgIskBa.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\hSDewuM.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\RIswMfg.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\EzDJIhu.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\yzyedmW.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\dBMjBid.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\ksSrmpi.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\VDTLYdN.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
File created	C:\Windows\System\rhMrybN.exe	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14408	dwm.exe
Token: SeChangeNotifyPrivilege	14408	dwm.exe
Token: 33	14408	dwm.exe
Token: SeIncBasePriorityPrivilege	14408	dwm.exe
Token: SeShutdownPrivilege	14408	dwm.exe
Token: SeCreatePagefilePrivilege	14408	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 436	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	83
PID 2328 wrote to memory of 436	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	83
PID 2328 wrote to memory of 2356	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	84
PID 2328 wrote to memory of 2356	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	84
PID 2328 wrote to memory of 3416	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	85
PID 2328 wrote to memory of 3416	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	85
PID 2328 wrote to memory of 2520	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	86
PID 2328 wrote to memory of 2520	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	86
PID 2328 wrote to memory of 1232	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	87
PID 2328 wrote to memory of 1232	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	87
PID 2328 wrote to memory of 2820	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	88
PID 2328 wrote to memory of 2820	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	88
PID 2328 wrote to memory of 4688	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	89
PID 2328 wrote to memory of 4688	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	89
PID 2328 wrote to memory of 2208	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	90
PID 2328 wrote to memory of 2208	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	90
PID 2328 wrote to memory of 3120	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	91
PID 2328 wrote to memory of 3120	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	91
PID 2328 wrote to memory of 8	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	92
PID 2328 wrote to memory of 8	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	92
PID 2328 wrote to memory of 3808	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	93
PID 2328 wrote to memory of 3808	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	93
PID 2328 wrote to memory of 432	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	94
PID 2328 wrote to memory of 432	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	94
PID 2328 wrote to memory of 1600	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	95
PID 2328 wrote to memory of 1600	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	95
PID 2328 wrote to memory of 1672	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	96
PID 2328 wrote to memory of 1672	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	96
PID 2328 wrote to memory of 4436	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	97
PID 2328 wrote to memory of 4436	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	97
PID 2328 wrote to memory of 1008	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	98
PID 2328 wrote to memory of 1008	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	98
PID 2328 wrote to memory of 1964	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	99
PID 2328 wrote to memory of 1964	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	99
PID 2328 wrote to memory of 224	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	100
PID 2328 wrote to memory of 224	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	100
PID 2328 wrote to memory of 3524	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	101
PID 2328 wrote to memory of 3524	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	101
PID 2328 wrote to memory of 4256	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	102
PID 2328 wrote to memory of 4256	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	102
PID 2328 wrote to memory of 5084	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	103
PID 2328 wrote to memory of 5084	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	103
PID 2328 wrote to memory of 4072	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	104
PID 2328 wrote to memory of 4072	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	104
PID 2328 wrote to memory of 3656	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	105
PID 2328 wrote to memory of 3656	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	105
PID 2328 wrote to memory of 3464	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	106
PID 2328 wrote to memory of 3464	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	106
PID 2328 wrote to memory of 2668	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	107
PID 2328 wrote to memory of 2668	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	107
PID 2328 wrote to memory of 1036	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	108
PID 2328 wrote to memory of 1036	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	108
PID 2328 wrote to memory of 396	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	109
PID 2328 wrote to memory of 396	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	109
PID 2328 wrote to memory of 5036	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	110
PID 2328 wrote to memory of 5036	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	110
PID 2328 wrote to memory of 4488	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	111
PID 2328 wrote to memory of 4488	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	111
PID 2328 wrote to memory of 1588	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	112
PID 2328 wrote to memory of 1588	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	112
PID 2328 wrote to memory of 4100	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	113
PID 2328 wrote to memory of 4100	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	113
PID 2328 wrote to memory of 1692	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	114
PID 2328 wrote to memory of 1692	2328	4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4a1735fab580bdb2e019e523812df800_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\System\FGTmaqc.exe
  C:\Windows\System\FGTmaqc.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\ELdZKNi.exe
  C:\Windows\System\ELdZKNi.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\FkNEifM.exe
  C:\Windows\System\FkNEifM.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\HMKsGYj.exe
  C:\Windows\System\HMKsGYj.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\cPedbyT.exe
  C:\Windows\System\cPedbyT.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\roLzDNA.exe
  C:\Windows\System\roLzDNA.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\SASUqEo.exe
  C:\Windows\System\SASUqEo.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\AhppYqK.exe
  C:\Windows\System\AhppYqK.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\IhTgpLO.exe
  C:\Windows\System\IhTgpLO.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\YDwYKCQ.exe
  C:\Windows\System\YDwYKCQ.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\VPrxmSN.exe
  C:\Windows\System\VPrxmSN.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\QWjCaou.exe
  C:\Windows\System\QWjCaou.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\lTVkQmm.exe
  C:\Windows\System\lTVkQmm.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\kAgsCxk.exe
  C:\Windows\System\kAgsCxk.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\zmBpDLD.exe
  C:\Windows\System\zmBpDLD.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\kfFszcQ.exe
  C:\Windows\System\kfFszcQ.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\qaUhLJo.exe
  C:\Windows\System\qaUhLJo.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\ZXbRoWl.exe
  C:\Windows\System\ZXbRoWl.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\wyYNWLF.exe
  C:\Windows\System\wyYNWLF.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\GdYkxYd.exe
  C:\Windows\System\GdYkxYd.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\zsDPKBo.exe
  C:\Windows\System\zsDPKBo.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\tTuUEkN.exe
  C:\Windows\System\tTuUEkN.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\UZGhBlM.exe
  C:\Windows\System\UZGhBlM.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\BbWjREn.exe
  C:\Windows\System\BbWjREn.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\HzKzBtu.exe
  C:\Windows\System\HzKzBtu.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\ATfOxfv.exe
  C:\Windows\System\ATfOxfv.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\apmyGCt.exe
  C:\Windows\System\apmyGCt.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\mctJfYQ.exe
  C:\Windows\System\mctJfYQ.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\KyDPcAy.exe
  C:\Windows\System\KyDPcAy.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\NZSLmYU.exe
  C:\Windows\System\NZSLmYU.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\oGJyhmm.exe
  C:\Windows\System\oGJyhmm.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\SNLmRTr.exe
  C:\Windows\System\SNLmRTr.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\GhpwrwK.exe
  C:\Windows\System\GhpwrwK.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\ZrMjXwh.exe
  C:\Windows\System\ZrMjXwh.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\hMZsJZj.exe
  C:\Windows\System\hMZsJZj.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\ABYnGXF.exe
  C:\Windows\System\ABYnGXF.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\pbrzFNN.exe
  C:\Windows\System\pbrzFNN.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\Zoywhyg.exe
  C:\Windows\System\Zoywhyg.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\JJJFyzE.exe
  C:\Windows\System\JJJFyzE.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\yKMYHFL.exe
  C:\Windows\System\yKMYHFL.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\IbVoPWG.exe
  C:\Windows\System\IbVoPWG.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\VRSKTIC.exe
  C:\Windows\System\VRSKTIC.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\nnIqVgu.exe
  C:\Windows\System\nnIqVgu.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\VnldATI.exe
  C:\Windows\System\VnldATI.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\KKiDOCR.exe
  C:\Windows\System\KKiDOCR.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\ttNYcKd.exe
  C:\Windows\System\ttNYcKd.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\bPCdBqL.exe
  C:\Windows\System\bPCdBqL.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\BEKZJRI.exe
  C:\Windows\System\BEKZJRI.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\KNwLWdd.exe
  C:\Windows\System\KNwLWdd.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\wqRCzPg.exe
  C:\Windows\System\wqRCzPg.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\jbkFDvR.exe
  C:\Windows\System\jbkFDvR.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\rwGHxHK.exe
  C:\Windows\System\rwGHxHK.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\acjmhCh.exe
  C:\Windows\System\acjmhCh.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\SAipLgr.exe
  C:\Windows\System\SAipLgr.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\SAXgGhX.exe
  C:\Windows\System\SAXgGhX.exe
  2⤵
  PID:2512
- C:\Windows\System\VQIqlQI.exe
  C:\Windows\System\VQIqlQI.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\IKcHHgU.exe
  C:\Windows\System\IKcHHgU.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\FIKtWGv.exe
  C:\Windows\System\FIKtWGv.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\ExgXhKB.exe
  C:\Windows\System\ExgXhKB.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\AHegVez.exe
  C:\Windows\System\AHegVez.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\dYrabhM.exe
  C:\Windows\System\dYrabhM.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\VKCZKih.exe
  C:\Windows\System\VKCZKih.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\WsTpNDZ.exe
  C:\Windows\System\WsTpNDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\Rvhczuy.exe
  C:\Windows\System\Rvhczuy.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\hGbfEUD.exe
  C:\Windows\System\hGbfEUD.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\OKPdzOx.exe
  C:\Windows\System\OKPdzOx.exe
  2⤵
  PID:2760
- C:\Windows\System\WgnAWqL.exe
  C:\Windows\System\WgnAWqL.exe
  2⤵
  PID:4636
- C:\Windows\System\DIXpXhQ.exe
  C:\Windows\System\DIXpXhQ.exe
  2⤵
  PID:3784
- C:\Windows\System\CsKtqSz.exe
  C:\Windows\System\CsKtqSz.exe
  2⤵
  PID:1616
- C:\Windows\System\dfstLzK.exe
  C:\Windows\System\dfstLzK.exe
  2⤵
  PID:1808
- C:\Windows\System\ZnIBAEh.exe
  C:\Windows\System\ZnIBAEh.exe
  2⤵
  PID:4584
- C:\Windows\System\nsTFzKL.exe
  C:\Windows\System\nsTFzKL.exe
  2⤵
  PID:5104
- C:\Windows\System\gkgAdZC.exe
  C:\Windows\System\gkgAdZC.exe
  2⤵
  PID:4672
- C:\Windows\System\sfjjRnh.exe
  C:\Windows\System\sfjjRnh.exe
  2⤵
  PID:4916
- C:\Windows\System\ElWiDSj.exe
  C:\Windows\System\ElWiDSj.exe
  2⤵
  PID:3960
- C:\Windows\System\jrRHpHo.exe
  C:\Windows\System\jrRHpHo.exe
  2⤵
  PID:4368
- C:\Windows\System\kNFujSI.exe
  C:\Windows\System\kNFujSI.exe
  2⤵
  PID:4992
- C:\Windows\System\UJMYbLO.exe
  C:\Windows\System\UJMYbLO.exe
  2⤵
  PID:4692
- C:\Windows\System\PURHtCw.exe
  C:\Windows\System\PURHtCw.exe
  2⤵
  PID:3152
- C:\Windows\System\XWmfKGV.exe
  C:\Windows\System\XWmfKGV.exe
  2⤵
  PID:1548
- C:\Windows\System\tNaraDu.exe
  C:\Windows\System\tNaraDu.exe
  2⤵
  PID:4632
- C:\Windows\System\RedFyRq.exe
  C:\Windows\System\RedFyRq.exe
  2⤵
  PID:2640
- C:\Windows\System\VIQAIgQ.exe
  C:\Windows\System\VIQAIgQ.exe
  2⤵
  PID:2780
- C:\Windows\System\rrJcanv.exe
  C:\Windows\System\rrJcanv.exe
  2⤵
  PID:3428
- C:\Windows\System\RXGnsNh.exe
  C:\Windows\System\RXGnsNh.exe
  2⤵
  PID:4604
- C:\Windows\System\uSYfFSW.exe
  C:\Windows\System\uSYfFSW.exe
  2⤵
  PID:3584
- C:\Windows\System\zbiPRGl.exe
  C:\Windows\System\zbiPRGl.exe
  2⤵
  PID:5028
- C:\Windows\System\CTsBAoJ.exe
  C:\Windows\System\CTsBAoJ.exe
  2⤵
  PID:2108
- C:\Windows\System\jqhJYxP.exe
  C:\Windows\System\jqhJYxP.exe
  2⤵
  PID:4000
- C:\Windows\System\uADThVU.exe
  C:\Windows\System\uADThVU.exe
  2⤵
  PID:4332
- C:\Windows\System\rkRlsvC.exe
  C:\Windows\System\rkRlsvC.exe
  2⤵
  PID:2788
- C:\Windows\System\dNcEowi.exe
  C:\Windows\System\dNcEowi.exe
  2⤵
  PID:4880
- C:\Windows\System\OIrIYkS.exe
  C:\Windows\System\OIrIYkS.exe
  2⤵
  PID:2600
- C:\Windows\System\dvJORvL.exe
  C:\Windows\System\dvJORvL.exe
  2⤵
  PID:2436
- C:\Windows\System\rUOpFEe.exe
  C:\Windows\System\rUOpFEe.exe
  2⤵
  PID:3744
- C:\Windows\System\CcStTsZ.exe
  C:\Windows\System\CcStTsZ.exe
  2⤵
  PID:5136
- C:\Windows\System\CyhNtQz.exe
  C:\Windows\System\CyhNtQz.exe
  2⤵
  PID:5160
- C:\Windows\System\YUEDqQW.exe
  C:\Windows\System\YUEDqQW.exe
  2⤵
  PID:5192
- C:\Windows\System\DSYxiDQ.exe
  C:\Windows\System\DSYxiDQ.exe
  2⤵
  PID:5216
- C:\Windows\System\oHibRae.exe
  C:\Windows\System\oHibRae.exe
  2⤵
  PID:5244
- C:\Windows\System\ePyVkeZ.exe
  C:\Windows\System\ePyVkeZ.exe
  2⤵
  PID:5268
- C:\Windows\System\vhHjmrW.exe
  C:\Windows\System\vhHjmrW.exe
  2⤵
  PID:5284
- C:\Windows\System\xqljWfs.exe
  C:\Windows\System\xqljWfs.exe
  2⤵
  PID:5308
- C:\Windows\System\aTDgwYJ.exe
  C:\Windows\System\aTDgwYJ.exe
  2⤵
  PID:5332
- C:\Windows\System\mQcOxNW.exe
  C:\Windows\System\mQcOxNW.exe
  2⤵
  PID:5352
- C:\Windows\System\INhcCin.exe
  C:\Windows\System\INhcCin.exe
  2⤵
  PID:5372
- C:\Windows\System\tFaempI.exe
  C:\Windows\System\tFaempI.exe
  2⤵
  PID:5392
- C:\Windows\System\FzEEGiF.exe
  C:\Windows\System\FzEEGiF.exe
  2⤵
  PID:5420
- C:\Windows\System\amfTrRQ.exe
  C:\Windows\System\amfTrRQ.exe
  2⤵
  PID:5444
- C:\Windows\System\KtvGTku.exe
  C:\Windows\System\KtvGTku.exe
  2⤵
  PID:5468
- C:\Windows\System\HzvzATp.exe
  C:\Windows\System\HzvzATp.exe
  2⤵
  PID:5484
- C:\Windows\System\XcOeLwx.exe
  C:\Windows\System\XcOeLwx.exe
  2⤵
  PID:5504
- C:\Windows\System\hyWcpdd.exe
  C:\Windows\System\hyWcpdd.exe
  2⤵
  PID:5532
- C:\Windows\System\onIQFMW.exe
  C:\Windows\System\onIQFMW.exe
  2⤵
  PID:5548
- C:\Windows\System\IfMmmvD.exe
  C:\Windows\System\IfMmmvD.exe
  2⤵
  PID:5572
- C:\Windows\System\ccKyCIB.exe
  C:\Windows\System\ccKyCIB.exe
  2⤵
  PID:5592
- C:\Windows\System\PfQUXkj.exe
  C:\Windows\System\PfQUXkj.exe
  2⤵
  PID:5620
- C:\Windows\System\mogwFxN.exe
  C:\Windows\System\mogwFxN.exe
  2⤵
  PID:5652
- C:\Windows\System\WCdItDb.exe
  C:\Windows\System\WCdItDb.exe
  2⤵
  PID:5676
- C:\Windows\System\GRmYRsc.exe
  C:\Windows\System\GRmYRsc.exe
  2⤵
  PID:5732
- C:\Windows\System\KEBjIYQ.exe
  C:\Windows\System\KEBjIYQ.exe
  2⤵
  PID:5748
- C:\Windows\System\rmddZGM.exe
  C:\Windows\System\rmddZGM.exe
  2⤵
  PID:5780
- C:\Windows\System\cEaJLNJ.exe
  C:\Windows\System\cEaJLNJ.exe
  2⤵
  PID:5808
- C:\Windows\System\wfclNbx.exe
  C:\Windows\System\wfclNbx.exe
  2⤵
  PID:5824
- C:\Windows\System\pATAkpi.exe
  C:\Windows\System\pATAkpi.exe
  2⤵
  PID:5844
- C:\Windows\System\uTKSoaC.exe
  C:\Windows\System\uTKSoaC.exe
  2⤵
  PID:5860
- C:\Windows\System\BnlcVdq.exe
  C:\Windows\System\BnlcVdq.exe
  2⤵
  PID:5888
- C:\Windows\System\DGkWERc.exe
  C:\Windows\System\DGkWERc.exe
  2⤵
  PID:5904
- C:\Windows\System\NJAXfSt.exe
  C:\Windows\System\NJAXfSt.exe
  2⤵
  PID:5920
- C:\Windows\System\hSDewuM.exe
  C:\Windows\System\hSDewuM.exe
  2⤵
  PID:5936
- C:\Windows\System\YYTmtMH.exe
  C:\Windows\System\YYTmtMH.exe
  2⤵
  PID:5952
- C:\Windows\System\WkxZmSb.exe
  C:\Windows\System\WkxZmSb.exe
  2⤵
  PID:5980
- C:\Windows\System\hhUxpxH.exe
  C:\Windows\System\hhUxpxH.exe
  2⤵
  PID:6000
- C:\Windows\System\SdVcEeZ.exe
  C:\Windows\System\SdVcEeZ.exe
  2⤵
  PID:6016
- C:\Windows\System\XLChIQw.exe
  C:\Windows\System\XLChIQw.exe
  2⤵
  PID:6040
- C:\Windows\System\wQbnRMb.exe
  C:\Windows\System\wQbnRMb.exe
  2⤵
  PID:6068
- C:\Windows\System\PpVEPAx.exe
  C:\Windows\System\PpVEPAx.exe
  2⤵
  PID:6088
- C:\Windows\System\aIpDHWn.exe
  C:\Windows\System\aIpDHWn.exe
  2⤵
  PID:6112
- C:\Windows\System\EjLtXUl.exe
  C:\Windows\System\EjLtXUl.exe
  2⤵
  PID:6136
- C:\Windows\System\paScyHo.exe
  C:\Windows\System\paScyHo.exe
  2⤵
  PID:1128
- C:\Windows\System\cbfTusK.exe
  C:\Windows\System\cbfTusK.exe
  2⤵
  PID:1284
- C:\Windows\System\HNEFNBS.exe
  C:\Windows\System\HNEFNBS.exe
  2⤵
  PID:4544
- C:\Windows\System\GquodlS.exe
  C:\Windows\System\GquodlS.exe
  2⤵
  PID:4004
- C:\Windows\System\IGxYbHy.exe
  C:\Windows\System\IGxYbHy.exe
  2⤵
  PID:1668
- C:\Windows\System\IsIwyJP.exe
  C:\Windows\System\IsIwyJP.exe
  2⤵
  PID:4264
- C:\Windows\System\lqgkmuG.exe
  C:\Windows\System\lqgkmuG.exe
  2⤵
  PID:3536
- C:\Windows\System\mqNuxUA.exe
  C:\Windows\System\mqNuxUA.exe
  2⤵
  PID:4964
- C:\Windows\System\MUOzIiw.exe
  C:\Windows\System\MUOzIiw.exe
  2⤵
  PID:5436
- C:\Windows\System\BzuMFnO.exe
  C:\Windows\System\BzuMFnO.exe
  2⤵
  PID:4408
- C:\Windows\System\GwKSPBx.exe
  C:\Windows\System\GwKSPBx.exe
  2⤵
  PID:2416
- C:\Windows\System\AxyuPQF.exe
  C:\Windows\System\AxyuPQF.exe
  2⤵
  PID:3472
- C:\Windows\System\PrHAmLY.exe
  C:\Windows\System\PrHAmLY.exe
  2⤵
  PID:5128
- C:\Windows\System\iYwDTtT.exe
  C:\Windows\System\iYwDTtT.exe
  2⤵
  PID:5152
- C:\Windows\System\iKxCgak.exe
  C:\Windows\System\iKxCgak.exe
  2⤵
  PID:1664
- C:\Windows\System\FoLiJLz.exe
  C:\Windows\System\FoLiJLz.exe
  2⤵
  PID:4216
- C:\Windows\System\mlcbzlr.exe
  C:\Windows\System\mlcbzlr.exe
  2⤵
  PID:5744
- C:\Windows\System\XOIyKvR.exe
  C:\Windows\System\XOIyKvR.exe
  2⤵
  PID:4360
- C:\Windows\System\sAvMynv.exe
  C:\Windows\System\sAvMynv.exe
  2⤵
  PID:5540
- C:\Windows\System\gpXfyIE.exe
  C:\Windows\System\gpXfyIE.exe
  2⤵
  PID:5876
- C:\Windows\System\rPfGjxL.exe
  C:\Windows\System\rPfGjxL.exe
  2⤵
  PID:1056
- C:\Windows\System\WmWZAot.exe
  C:\Windows\System\WmWZAot.exe
  2⤵
  PID:6156
- C:\Windows\System\MmdNssz.exe
  C:\Windows\System\MmdNssz.exe
  2⤵
  PID:6180
- C:\Windows\System\CYdPncy.exe
  C:\Windows\System\CYdPncy.exe
  2⤵
  PID:6200
- C:\Windows\System\TjcvkmW.exe
  C:\Windows\System\TjcvkmW.exe
  2⤵
  PID:6220
- C:\Windows\System\IArVbuS.exe
  C:\Windows\System\IArVbuS.exe
  2⤵
  PID:6240
- C:\Windows\System\rowlzcm.exe
  C:\Windows\System\rowlzcm.exe
  2⤵
  PID:6268
- C:\Windows\System\VaqqkIK.exe
  C:\Windows\System\VaqqkIK.exe
  2⤵
  PID:6288
- C:\Windows\System\LyQPsNs.exe
  C:\Windows\System\LyQPsNs.exe
  2⤵
  PID:6308
- C:\Windows\System\LFvbxQY.exe
  C:\Windows\System\LFvbxQY.exe
  2⤵
  PID:6332
- C:\Windows\System\AuBzknN.exe
  C:\Windows\System\AuBzknN.exe
  2⤵
  PID:6356
- C:\Windows\System\XwSzJBa.exe
  C:\Windows\System\XwSzJBa.exe
  2⤵
  PID:6384
- C:\Windows\System\VeobtiQ.exe
  C:\Windows\System\VeobtiQ.exe
  2⤵
  PID:6408
- C:\Windows\System\qjGQnPE.exe
  C:\Windows\System\qjGQnPE.exe
  2⤵
  PID:6444
- C:\Windows\System\fUSksHR.exe
  C:\Windows\System\fUSksHR.exe
  2⤵
  PID:6476
- C:\Windows\System\FxPcgEE.exe
  C:\Windows\System\FxPcgEE.exe
  2⤵
  PID:6492
- C:\Windows\System\CVUSEqC.exe
  C:\Windows\System\CVUSEqC.exe
  2⤵
  PID:6520
- C:\Windows\System\jCECWSH.exe
  C:\Windows\System\jCECWSH.exe
  2⤵
  PID:6536
- C:\Windows\System\dGhPbMN.exe
  C:\Windows\System\dGhPbMN.exe
  2⤵
  PID:6552
- C:\Windows\System\SvjggnU.exe
  C:\Windows\System\SvjggnU.exe
  2⤵
  PID:6576
- C:\Windows\System\DaTNEqX.exe
  C:\Windows\System\DaTNEqX.exe
  2⤵
  PID:6600
- C:\Windows\System\RIswMfg.exe
  C:\Windows\System\RIswMfg.exe
  2⤵
  PID:6628
- C:\Windows\System\NoijnKl.exe
  C:\Windows\System\NoijnKl.exe
  2⤵
  PID:6648
- C:\Windows\System\RbvkpBS.exe
  C:\Windows\System\RbvkpBS.exe
  2⤵
  PID:6676
- C:\Windows\System\BAnQxGd.exe
  C:\Windows\System\BAnQxGd.exe
  2⤵
  PID:6704
- C:\Windows\System\WmOOmAf.exe
  C:\Windows\System\WmOOmAf.exe
  2⤵
  PID:6724
- C:\Windows\System\VoiWIsZ.exe
  C:\Windows\System\VoiWIsZ.exe
  2⤵
  PID:6740
- C:\Windows\System\FsbZHKq.exe
  C:\Windows\System\FsbZHKq.exe
  2⤵
  PID:6768
- C:\Windows\System\rfRGXMc.exe
  C:\Windows\System\rfRGXMc.exe
  2⤵
  PID:6784
- C:\Windows\System\nRKWlnM.exe
  C:\Windows\System\nRKWlnM.exe
  2⤵
  PID:6808
- C:\Windows\System\TOrWHaN.exe
  C:\Windows\System\TOrWHaN.exe
  2⤵
  PID:6832
- C:\Windows\System\qqCaDWV.exe
  C:\Windows\System\qqCaDWV.exe
  2⤵
  PID:6848
- C:\Windows\System\KCQSInq.exe
  C:\Windows\System\KCQSInq.exe
  2⤵
  PID:6872
- C:\Windows\System\guwPmRc.exe
  C:\Windows\System\guwPmRc.exe
  2⤵
  PID:6900
- C:\Windows\System\eylIfhj.exe
  C:\Windows\System\eylIfhj.exe
  2⤵
  PID:6920
- C:\Windows\System\jQCxrAu.exe
  C:\Windows\System\jQCxrAu.exe
  2⤵
  PID:6944
- C:\Windows\System\xtbxiFg.exe
  C:\Windows\System\xtbxiFg.exe
  2⤵
  PID:6968
- C:\Windows\System\CGITCCs.exe
  C:\Windows\System\CGITCCs.exe
  2⤵
  PID:6988
- C:\Windows\System\SSvFaZq.exe
  C:\Windows\System\SSvFaZq.exe
  2⤵
  PID:7012
- C:\Windows\System\kLYpcKR.exe
  C:\Windows\System\kLYpcKR.exe
  2⤵
  PID:7028
- C:\Windows\System\FgtyHtY.exe
  C:\Windows\System\FgtyHtY.exe
  2⤵
  PID:7064
- C:\Windows\System\htSrhkD.exe
  C:\Windows\System\htSrhkD.exe
  2⤵
  PID:7084
- C:\Windows\System\tRJdkwl.exe
  C:\Windows\System\tRJdkwl.exe
  2⤵
  PID:7104
- C:\Windows\System\NaWlypP.exe
  C:\Windows\System\NaWlypP.exe
  2⤵
  PID:7124
- C:\Windows\System\qYANvQC.exe
  C:\Windows\System\qYANvQC.exe
  2⤵
  PID:7140
- C:\Windows\System\dGjVMVD.exe
  C:\Windows\System\dGjVMVD.exe
  2⤵
  PID:7160
- C:\Windows\System\OzJhdMo.exe
  C:\Windows\System\OzJhdMo.exe
  2⤵
  PID:5320
- C:\Windows\System\wCaeytP.exe
  C:\Windows\System\wCaeytP.exe
  2⤵
  PID:5304
- C:\Windows\System\RTeuAyr.exe
  C:\Windows\System\RTeuAyr.exe
  2⤵
  PID:5280
- C:\Windows\System\epBpfoX.exe
  C:\Windows\System\epBpfoX.exe
  2⤵
  PID:5348
- C:\Windows\System\PXGolNf.exe
  C:\Windows\System\PXGolNf.exe
  2⤵
  PID:3788
- C:\Windows\System\VRttszc.exe
  C:\Windows\System\VRttszc.exe
  2⤵
  PID:5464
- C:\Windows\System\jAPGfTG.exe
  C:\Windows\System\jAPGfTG.exe
  2⤵
  PID:5500
- C:\Windows\System\WsFKikQ.exe
  C:\Windows\System\WsFKikQ.exe
  2⤵
  PID:4736
- C:\Windows\System\toQhCcO.exe
  C:\Windows\System\toQhCcO.exe
  2⤵
  PID:5452
- C:\Windows\System\VFKwJKi.exe
  C:\Windows\System\VFKwJKi.exe
  2⤵
  PID:5524
- C:\Windows\System\SbhEnBL.exe
  C:\Windows\System\SbhEnBL.exe
  2⤵
  PID:5588
- C:\Windows\System\gpHtfmI.exe
  C:\Windows\System\gpHtfmI.exe
  2⤵
  PID:412
- C:\Windows\System\PMhadyZ.exe
  C:\Windows\System\PMhadyZ.exe
  2⤵
  PID:5996
- C:\Windows\System\dQnhNyA.exe
  C:\Windows\System\dQnhNyA.exe
  2⤵
  PID:6008
- C:\Windows\System\nUbJPLh.exe
  C:\Windows\System\nUbJPLh.exe
  2⤵
  PID:6488
- C:\Windows\System\elwZEpJ.exe
  C:\Windows\System\elwZEpJ.exe
  2⤵
  PID:6592
- C:\Windows\System\ujaCnbt.exe
  C:\Windows\System\ujaCnbt.exe
  2⤵
  PID:5684
- C:\Windows\System\ZdBpggQ.exe
  C:\Windows\System\ZdBpggQ.exe
  2⤵
  PID:5820
- C:\Windows\System\hbTpiQa.exe
  C:\Windows\System\hbTpiQa.exe
  2⤵
  PID:5880
- C:\Windows\System\dpvNNWm.exe
  C:\Windows\System\dpvNNWm.exe
  2⤵
  PID:5560
- C:\Windows\System\EpMUVqU.exe
  C:\Windows\System\EpMUVqU.exe
  2⤵
  PID:7176
- C:\Windows\System\ybBQHXM.exe
  C:\Windows\System\ybBQHXM.exe
  2⤵
  PID:7196
- C:\Windows\System\FSWbMuJ.exe
  C:\Windows\System\FSWbMuJ.exe
  2⤵
  PID:7220
- C:\Windows\System\reeKUlC.exe
  C:\Windows\System\reeKUlC.exe
  2⤵
  PID:7236
- C:\Windows\System\DaxuOpJ.exe
  C:\Windows\System\DaxuOpJ.exe
  2⤵
  PID:7260
- C:\Windows\System\rVWTHRm.exe
  C:\Windows\System\rVWTHRm.exe
  2⤵
  PID:7280
- C:\Windows\System\OUPDbuv.exe
  C:\Windows\System\OUPDbuv.exe
  2⤵
  PID:7300
- C:\Windows\System\iMyMKEY.exe
  C:\Windows\System\iMyMKEY.exe
  2⤵
  PID:7320
- C:\Windows\System\OQUoAqm.exe
  C:\Windows\System\OQUoAqm.exe
  2⤵
  PID:7344
- C:\Windows\System\nfQbQvk.exe
  C:\Windows\System\nfQbQvk.exe
  2⤵
  PID:7364
- C:\Windows\System\gvTtxbB.exe
  C:\Windows\System\gvTtxbB.exe
  2⤵
  PID:7380
- C:\Windows\System\AwfPLPk.exe
  C:\Windows\System\AwfPLPk.exe
  2⤵
  PID:7396
- C:\Windows\System\rewWSiq.exe
  C:\Windows\System\rewWSiq.exe
  2⤵
  PID:7420
- C:\Windows\System\znrVCzO.exe
  C:\Windows\System\znrVCzO.exe
  2⤵
  PID:7440
- C:\Windows\System\iqMrQLv.exe
  C:\Windows\System\iqMrQLv.exe
  2⤵
  PID:7460
- C:\Windows\System\tEtHXYf.exe
  C:\Windows\System\tEtHXYf.exe
  2⤵
  PID:7484
- C:\Windows\System\rlIUsLM.exe
  C:\Windows\System\rlIUsLM.exe
  2⤵
  PID:7504
- C:\Windows\System\lkAQhhK.exe
  C:\Windows\System\lkAQhhK.exe
  2⤵
  PID:7528
- C:\Windows\System\ijocQVS.exe
  C:\Windows\System\ijocQVS.exe
  2⤵
  PID:7548
- C:\Windows\System\wZNycFK.exe
  C:\Windows\System\wZNycFK.exe
  2⤵
  PID:7572
- C:\Windows\System\INYVvor.exe
  C:\Windows\System\INYVvor.exe
  2⤵
  PID:7588
- C:\Windows\System\QvZAPDX.exe
  C:\Windows\System\QvZAPDX.exe
  2⤵
  PID:7608
- C:\Windows\System\IfpdEbq.exe
  C:\Windows\System\IfpdEbq.exe
  2⤵
  PID:7632
- C:\Windows\System\OFHuZOn.exe
  C:\Windows\System\OFHuZOn.exe
  2⤵
  PID:7648
- C:\Windows\System\dbqWVVd.exe
  C:\Windows\System\dbqWVVd.exe
  2⤵
  PID:7668
- C:\Windows\System\rQGjbmL.exe
  C:\Windows\System\rQGjbmL.exe
  2⤵
  PID:7688
- C:\Windows\System\aUvapKG.exe
  C:\Windows\System\aUvapKG.exe
  2⤵
  PID:7708
- C:\Windows\System\LSvPgga.exe
  C:\Windows\System\LSvPgga.exe
  2⤵
  PID:7732
- C:\Windows\System\nVrNjiH.exe
  C:\Windows\System\nVrNjiH.exe
  2⤵
  PID:7756
- C:\Windows\System\DbwwBZK.exe
  C:\Windows\System\DbwwBZK.exe
  2⤵
  PID:7780
- C:\Windows\System\euDDPcJ.exe
  C:\Windows\System\euDDPcJ.exe
  2⤵
  PID:7812
- C:\Windows\System\fCRrTVC.exe
  C:\Windows\System\fCRrTVC.exe
  2⤵
  PID:7836
- C:\Windows\System\fzetefW.exe
  C:\Windows\System\fzetefW.exe
  2⤵
  PID:7856
- C:\Windows\System\YqemdXK.exe
  C:\Windows\System\YqemdXK.exe
  2⤵
  PID:7880
- C:\Windows\System\XSNdvvb.exe
  C:\Windows\System\XSNdvvb.exe
  2⤵
  PID:7908
- C:\Windows\System\rYGLzmp.exe
  C:\Windows\System\rYGLzmp.exe
  2⤵
  PID:7928
- C:\Windows\System\etUXhFu.exe
  C:\Windows\System\etUXhFu.exe
  2⤵
  PID:7952
- C:\Windows\System\kJmZqHN.exe
  C:\Windows\System\kJmZqHN.exe
  2⤵
  PID:7968
- C:\Windows\System\cJZHgoB.exe
  C:\Windows\System\cJZHgoB.exe
  2⤵
  PID:7992
- C:\Windows\System\CfriApa.exe
  C:\Windows\System\CfriApa.exe
  2⤵
  PID:8016
- C:\Windows\System\EzDJIhu.exe
  C:\Windows\System\EzDJIhu.exe
  2⤵
  PID:8040
- C:\Windows\System\sSEfUsR.exe
  C:\Windows\System\sSEfUsR.exe
  2⤵
  PID:8060
- C:\Windows\System\WMeVeBa.exe
  C:\Windows\System\WMeVeBa.exe
  2⤵
  PID:8080
- C:\Windows\System\zppRBBl.exe
  C:\Windows\System\zppRBBl.exe
  2⤵
  PID:8108
- C:\Windows\System\bEVMlgE.exe
  C:\Windows\System\bEVMlgE.exe
  2⤵
  PID:8136
- C:\Windows\System\KUniMem.exe
  C:\Windows\System\KUniMem.exe
  2⤵
  PID:8156
- C:\Windows\System\QpRqsdk.exe
  C:\Windows\System\QpRqsdk.exe
  2⤵
  PID:8176
- C:\Windows\System\nwHamcA.exe
  C:\Windows\System\nwHamcA.exe
  2⤵
  PID:5964
- C:\Windows\System\mYeGwfE.exe
  C:\Windows\System\mYeGwfE.exe
  2⤵
  PID:6996
- C:\Windows\System\wxnJrNQ.exe
  C:\Windows\System\wxnJrNQ.exe
  2⤵
  PID:6052
- C:\Windows\System\BmIMfYr.exe
  C:\Windows\System\BmIMfYr.exe
  2⤵
  PID:7132
- C:\Windows\System\zFWvVoZ.exe
  C:\Windows\System\zFWvVoZ.exe
  2⤵
  PID:6096
- C:\Windows\System\fTjbLVB.exe
  C:\Windows\System\fTjbLVB.exe
  2⤵
  PID:4444
- C:\Windows\System\VQeNxpm.exe
  C:\Windows\System\VQeNxpm.exe
  2⤵
  PID:6512
- C:\Windows\System\zhsvEtm.exe
  C:\Windows\System\zhsvEtm.exe
  2⤵
  PID:2808
- C:\Windows\System\pwqZNww.exe
  C:\Windows\System\pwqZNww.exe
  2⤵
  PID:5584
- C:\Windows\System\BPMAXsS.exe
  C:\Windows\System\BPMAXsS.exe
  2⤵
  PID:5148
- C:\Windows\System\pJZmgrt.exe
  C:\Windows\System\pJZmgrt.exe
  2⤵
  PID:3180
- C:\Windows\System\TtrIYFC.exe
  C:\Windows\System\TtrIYFC.exe
  2⤵
  PID:5916
- C:\Windows\System\hVSXhlV.exe
  C:\Windows\System\hVSXhlV.exe
  2⤵
  PID:5932
- C:\Windows\System\UocACAG.exe
  C:\Windows\System\UocACAG.exe
  2⤵
  PID:7268
- C:\Windows\System\tjefDFv.exe
  C:\Windows\System\tjefDFv.exe
  2⤵
  PID:7024
- C:\Windows\System\wEdRZCE.exe
  C:\Windows\System\wEdRZCE.exe
  2⤵
  PID:8212
- C:\Windows\System\SGUtOAJ.exe
  C:\Windows\System\SGUtOAJ.exe
  2⤵
  PID:8232
- C:\Windows\System\DluVdTR.exe
  C:\Windows\System\DluVdTR.exe
  2⤵
  PID:8256
- C:\Windows\System\yzyedmW.exe
  C:\Windows\System\yzyedmW.exe
  2⤵
  PID:8280
- C:\Windows\System\mQciSLd.exe
  C:\Windows\System\mQciSLd.exe
  2⤵
  PID:8296
- C:\Windows\System\bELYUWv.exe
  C:\Windows\System\bELYUWv.exe
  2⤵
  PID:8316
- C:\Windows\System\WbbTJcy.exe
  C:\Windows\System\WbbTJcy.exe
  2⤵
  PID:8336
- C:\Windows\System\JCmtfvR.exe
  C:\Windows\System\JCmtfvR.exe
  2⤵
  PID:8368
- C:\Windows\System\docdxwa.exe
  C:\Windows\System\docdxwa.exe
  2⤵
  PID:8384
- C:\Windows\System\lORpslD.exe
  C:\Windows\System\lORpslD.exe
  2⤵
  PID:8404
- C:\Windows\System\QeZjgUo.exe
  C:\Windows\System\QeZjgUo.exe
  2⤵
  PID:8424
- C:\Windows\System\AvJzqYO.exe
  C:\Windows\System\AvJzqYO.exe
  2⤵
  PID:8444
- C:\Windows\System\dfPjTRQ.exe
  C:\Windows\System\dfPjTRQ.exe
  2⤵
  PID:8464
- C:\Windows\System\rimklag.exe
  C:\Windows\System\rimklag.exe
  2⤵
  PID:8484
- C:\Windows\System\qanAFiZ.exe
  C:\Windows\System\qanAFiZ.exe
  2⤵
  PID:8512
- C:\Windows\System\gPkOkqi.exe
  C:\Windows\System\gPkOkqi.exe
  2⤵
  PID:8528
- C:\Windows\System\LXaycXI.exe
  C:\Windows\System\LXaycXI.exe
  2⤵
  PID:8552
- C:\Windows\System\BRPzCWl.exe
  C:\Windows\System\BRPzCWl.exe
  2⤵
  PID:8572
- C:\Windows\System\KsBeYlH.exe
  C:\Windows\System\KsBeYlH.exe
  2⤵
  PID:8596
- C:\Windows\System\mKjdGik.exe
  C:\Windows\System\mKjdGik.exe
  2⤵
  PID:8620
- C:\Windows\System\YaZCpsY.exe
  C:\Windows\System\YaZCpsY.exe
  2⤵
  PID:8640
- C:\Windows\System\kqFtTeD.exe
  C:\Windows\System\kqFtTeD.exe
  2⤵
  PID:8676
- C:\Windows\System\GSjbUan.exe
  C:\Windows\System\GSjbUan.exe
  2⤵
  PID:8692
- C:\Windows\System\dBMjBid.exe
  C:\Windows\System\dBMjBid.exe
  2⤵
  PID:8712
- C:\Windows\System\tqyVSaf.exe
  C:\Windows\System\tqyVSaf.exe
  2⤵
  PID:8732
- C:\Windows\System\oUIwlAq.exe
  C:\Windows\System\oUIwlAq.exe
  2⤵
  PID:8756
- C:\Windows\System\JKfzGBe.exe
  C:\Windows\System\JKfzGBe.exe
  2⤵
  PID:8780
- C:\Windows\System\mWTGJsZ.exe
  C:\Windows\System\mWTGJsZ.exe
  2⤵
  PID:8800
- C:\Windows\System\MpxaBRB.exe
  C:\Windows\System\MpxaBRB.exe
  2⤵
  PID:8824
- C:\Windows\System\zshBOLk.exe
  C:\Windows\System\zshBOLk.exe
  2⤵
  PID:8844
- C:\Windows\System\uxMNpwf.exe
  C:\Windows\System\uxMNpwf.exe
  2⤵
  PID:8872
- C:\Windows\System\eKNSJkS.exe
  C:\Windows\System\eKNSJkS.exe
  2⤵
  PID:8892
- C:\Windows\System\kjsvBnH.exe
  C:\Windows\System\kjsvBnH.exe
  2⤵
  PID:8912
- C:\Windows\System\ksSrmpi.exe
  C:\Windows\System\ksSrmpi.exe
  2⤵
  PID:8932
- C:\Windows\System\utoygzV.exe
  C:\Windows\System\utoygzV.exe
  2⤵
  PID:8960
- C:\Windows\System\RkBphcu.exe
  C:\Windows\System\RkBphcu.exe
  2⤵
  PID:8988
- C:\Windows\System\HxjMBvV.exe
  C:\Windows\System\HxjMBvV.exe
  2⤵
  PID:9008
- C:\Windows\System\mnqhLNZ.exe
  C:\Windows\System\mnqhLNZ.exe
  2⤵
  PID:9024
- C:\Windows\System\EryMGdE.exe
  C:\Windows\System\EryMGdE.exe
  2⤵
  PID:9044
- C:\Windows\System\reFMkyG.exe
  C:\Windows\System\reFMkyG.exe
  2⤵
  PID:9064
- C:\Windows\System\kLIVniu.exe
  C:\Windows\System\kLIVniu.exe
  2⤵
  PID:9092
- C:\Windows\System\jkYpxGv.exe
  C:\Windows\System\jkYpxGv.exe
  2⤵
  PID:9124
- C:\Windows\System\FdPioMs.exe
  C:\Windows\System\FdPioMs.exe
  2⤵
  PID:9140
- C:\Windows\System\XSkbemb.exe
  C:\Windows\System\XSkbemb.exe
  2⤵
  PID:9160
- C:\Windows\System\qYspOPY.exe
  C:\Windows\System\qYspOPY.exe
  2⤵
  PID:9184
- C:\Windows\System\rNevNXf.exe
  C:\Windows\System\rNevNXf.exe
  2⤵
  PID:9208
- C:\Windows\System\IIWkbBK.exe
  C:\Windows\System\IIWkbBK.exe
  2⤵
  PID:6300
- C:\Windows\System\yGTfHzb.exe
  C:\Windows\System\yGTfHzb.exe
  2⤵
  PID:6340
- C:\Windows\System\gjnnvJq.exe
  C:\Windows\System\gjnnvJq.exe
  2⤵
  PID:7076
- C:\Windows\System\PmdyZJP.exe
  C:\Windows\System\PmdyZJP.exe
  2⤵
  PID:7100
- C:\Windows\System\euYNdwy.exe
  C:\Windows\System\euYNdwy.exe
  2⤵
  PID:6416
- C:\Windows\System\FlTzVRY.exe
  C:\Windows\System\FlTzVRY.exe
  2⤵
  PID:7696
- C:\Windows\System\jzxuddW.exe
  C:\Windows\System\jzxuddW.exe
  2⤵
  PID:7824
- C:\Windows\System\GfMdwaf.exe
  C:\Windows\System\GfMdwaf.exe
  2⤵
  PID:5344
- C:\Windows\System\EdxVwFm.exe
  C:\Windows\System\EdxVwFm.exe
  2⤵
  PID:6544
- C:\Windows\System\kpDmKAk.exe
  C:\Windows\System\kpDmKAk.exe
  2⤵
  PID:5456
- C:\Windows\System\kbibXIh.exe
  C:\Windows\System\kbibXIh.exe
  2⤵
  PID:6620
- C:\Windows\System\VKlOAGe.exe
  C:\Windows\System\VKlOAGe.exe
  2⤵
  PID:5900
- C:\Windows\System\ZbsYbFz.exe
  C:\Windows\System\ZbsYbFz.exe
  2⤵
  PID:8000
- C:\Windows\System\jalYuLi.exe
  C:\Windows\System\jalYuLi.exe
  2⤵
  PID:6248
- C:\Windows\System\fpbtycl.exe
  C:\Windows\System\fpbtycl.exe
  2⤵
  PID:6736
- C:\Windows\System\KZqhYoF.exe
  C:\Windows\System\KZqhYoF.exe
  2⤵
  PID:8188
- C:\Windows\System\sEDdmWZ.exe
  C:\Windows\System\sEDdmWZ.exe
  2⤵
  PID:9372
- C:\Windows\System\BgkcYir.exe
  C:\Windows\System\BgkcYir.exe
  2⤵
  PID:10108
- C:\Windows\System\YtNjTuG.exe
  C:\Windows\System\YtNjTuG.exe
  2⤵
  PID:10132
- C:\Windows\System\XBZsRKu.exe
  C:\Windows\System\XBZsRKu.exe
  2⤵
  PID:7776
- C:\Windows\System\CExINiq.exe
  C:\Windows\System\CExINiq.exe
  2⤵
  PID:6208
- C:\Windows\System\xXWBbWo.exe
  C:\Windows\System\xXWBbWo.exe
  2⤵
  PID:8400
- C:\Windows\System\uZKlkNr.exe
  C:\Windows\System\uZKlkNr.exe
  2⤵
  PID:8816
- C:\Windows\System\cLvNUSk.exe
  C:\Windows\System\cLvNUSk.exe
  2⤵
  PID:8852
- C:\Windows\System\giskSWY.exe
  C:\Windows\System\giskSWY.exe
  2⤵
  PID:8928
- C:\Windows\System\iujKFWJ.exe
  C:\Windows\System\iujKFWJ.exe
  2⤵
  PID:9020
- C:\Windows\System\hsnsfWR.exe
  C:\Windows\System\hsnsfWR.exe
  2⤵
  PID:9084
- C:\Windows\System\zKAibWX.exe
  C:\Windows\System\zKAibWX.exe
  2⤵
  PID:9152
- C:\Windows\System\MFMfjtu.exe
  C:\Windows\System\MFMfjtu.exe
  2⤵
  PID:9204
- C:\Windows\System\SEAmrrp.exe
  C:\Windows\System\SEAmrrp.exe
  2⤵
  PID:9676
- C:\Windows\System\GqHdZzq.exe
  C:\Windows\System\GqHdZzq.exe
  2⤵
  PID:9724
- C:\Windows\System\jMwazfo.exe
  C:\Windows\System\jMwazfo.exe
  2⤵
  PID:9796
- C:\Windows\System\pJqhOPu.exe
  C:\Windows\System\pJqhOPu.exe
  2⤵
  PID:7584
- C:\Windows\System\IpNGUpQ.exe
  C:\Windows\System\IpNGUpQ.exe
  2⤵
  PID:5208
- C:\Windows\System\NynWyRO.exe
  C:\Windows\System\NynWyRO.exe
  2⤵
  PID:6640
- C:\Windows\System\VABjKcK.exe
  C:\Windows\System\VABjKcK.exe
  2⤵
  PID:10068
- C:\Windows\System\jMUGXRD.exe
  C:\Windows\System\jMUGXRD.exe
  2⤵
  PID:3916
- C:\Windows\System\DRogemq.exe
  C:\Windows\System\DRogemq.exe
  2⤵
  PID:4784
- C:\Windows\System\FgSwfwc.exe
  C:\Windows\System\FgSwfwc.exe
  2⤵
  PID:5200
- C:\Windows\System\SEnKpqh.exe
  C:\Windows\System\SEnKpqh.exe
  2⤵
  PID:8476
- C:\Windows\System\GtdNiZt.exe
  C:\Windows\System\GtdNiZt.exe
  2⤵
  PID:7172
- C:\Windows\System\GRmShKu.exe
  C:\Windows\System\GRmShKu.exe
  2⤵
  PID:9960
- C:\Windows\System\DudpHwE.exe
  C:\Windows\System\DudpHwE.exe
  2⤵
  PID:10096
- C:\Windows\System\SJJXCGj.exe
  C:\Windows\System\SJJXCGj.exe
  2⤵
  PID:9432
- C:\Windows\System\nePtSPv.exe
  C:\Windows\System\nePtSPv.exe
  2⤵
  PID:9484
- C:\Windows\System\qDSzrxq.exe
  C:\Windows\System\qDSzrxq.exe
  2⤵
  PID:9852
- C:\Windows\System\QsDOpkX.exe
  C:\Windows\System\QsDOpkX.exe
  2⤵
  PID:9884
- C:\Windows\System\AjCAgeC.exe
  C:\Windows\System\AjCAgeC.exe
  2⤵
  PID:10020
- C:\Windows\System\gFlofOx.exe
  C:\Windows\System\gFlofOx.exe
  2⤵
  PID:10128
- C:\Windows\System\tNTrGzj.exe
  C:\Windows\System\tNTrGzj.exe
  2⤵
  PID:7232
- C:\Windows\System\DFXTqUN.exe
  C:\Windows\System\DFXTqUN.exe
  2⤵
  PID:7604
- C:\Windows\System\YtLOZCQ.exe
  C:\Windows\System\YtLOZCQ.exe
  2⤵
  PID:7820
- C:\Windows\System\enlmJmk.exe
  C:\Windows\System\enlmJmk.exe
  2⤵
  PID:6132
- C:\Windows\System\YOGtMQG.exe
  C:\Windows\System\YOGtMQG.exe
  2⤵
  PID:8292
- C:\Windows\System\vLdHcDA.exe
  C:\Windows\System\vLdHcDA.exe
  2⤵
  PID:8836
- C:\Windows\System\KuloyOi.exe
  C:\Windows\System\KuloyOi.exe
  2⤵
  PID:9060
- C:\Windows\System\yIfJzHI.exe
  C:\Windows\System\yIfJzHI.exe
  2⤵
  PID:1088
- C:\Windows\System\KNPvgFq.exe
  C:\Windows\System\KNPvgFq.exe
  2⤵
  PID:7432
- C:\Windows\System\pSIyyzo.exe
  C:\Windows\System\pSIyyzo.exe
  2⤵
  PID:8764
- C:\Windows\System\eYJDijz.exe
  C:\Windows\System\eYJDijz.exe
  2⤵
  PID:9260
- C:\Windows\System\soBteqe.exe
  C:\Windows\System\soBteqe.exe
  2⤵
  PID:3432
- C:\Windows\System\MDBMuXe.exe
  C:\Windows\System\MDBMuXe.exe
  2⤵
  PID:10116
- C:\Windows\System\guisndl.exe
  C:\Windows\System\guisndl.exe
  2⤵
  PID:10124
- C:\Windows\System\AmAaUXa.exe
  C:\Windows\System\AmAaUXa.exe
  2⤵
  PID:7888
- C:\Windows\System\kOLHCCW.exe
  C:\Windows\System\kOLHCCW.exe
  2⤵
  PID:4128
- C:\Windows\System\ZuULnBe.exe
  C:\Windows\System\ZuULnBe.exe
  2⤵
  PID:9876
- C:\Windows\System\FNSWFFb.exe
  C:\Windows\System\FNSWFFb.exe
  2⤵
  PID:8308
- C:\Windows\System\ijYClyV.exe
  C:\Windows\System\ijYClyV.exe
  2⤵
  PID:8612
- C:\Windows\System\fcMiOTr.exe
  C:\Windows\System\fcMiOTr.exe
  2⤵
  PID:3500
- C:\Windows\System\bmqvPMI.exe
  C:\Windows\System\bmqvPMI.exe
  2⤵
  PID:8888
- C:\Windows\System\AuOIDTn.exe
  C:\Windows\System\AuOIDTn.exe
  2⤵
  PID:8904
- C:\Windows\System\quFQaDx.exe
  C:\Windows\System\quFQaDx.exe
  2⤵
  PID:5520
- C:\Windows\System\VRMTrrZ.exe
  C:\Windows\System\VRMTrrZ.exe
  2⤵
  PID:6396
- C:\Windows\System\OFnfocQ.exe
  C:\Windows\System\OFnfocQ.exe
  2⤵
  PID:4676
- C:\Windows\System\qxeIuRo.exe
  C:\Windows\System\qxeIuRo.exe
  2⤵
  PID:9464
- C:\Windows\System\UiVmMpa.exe
  C:\Windows\System\UiVmMpa.exe
  2⤵
  PID:5556
- C:\Windows\System\hfbGiQo.exe
  C:\Windows\System\hfbGiQo.exe
  2⤵
  PID:7976
- C:\Windows\System\uAnYMxo.exe
  C:\Windows\System\uAnYMxo.exe
  2⤵
  PID:9108
- C:\Windows\System\tjnLWsO.exe
  C:\Windows\System\tjnLWsO.exe
  2⤵
  PID:2916
- C:\Windows\System\EasObNh.exe
  C:\Windows\System\EasObNh.exe
  2⤵
  PID:7036
- C:\Windows\System\gHyCDMC.exe
  C:\Windows\System\gHyCDMC.exe
  2⤵
  PID:6372
- C:\Windows\System\PUGdVga.exe
  C:\Windows\System\PUGdVga.exe
  2⤵
  PID:6892
- C:\Windows\System\VDTLYdN.exe
  C:\Windows\System\VDTLYdN.exe
  2⤵
  PID:10276
- C:\Windows\System\zYCzptR.exe
  C:\Windows\System\zYCzptR.exe
  2⤵
  PID:10296
- C:\Windows\System\qVjEXNH.exe
  C:\Windows\System\qVjEXNH.exe
  2⤵
  PID:10316
- C:\Windows\System\EkQqkSi.exe
  C:\Windows\System\EkQqkSi.exe
  2⤵
  PID:10336
- C:\Windows\System\egQgUjg.exe
  C:\Windows\System\egQgUjg.exe
  2⤵
  PID:10372
- C:\Windows\System\abYHzJt.exe
  C:\Windows\System\abYHzJt.exe
  2⤵
  PID:10392
- C:\Windows\System\NImdAyt.exe
  C:\Windows\System\NImdAyt.exe
  2⤵
  PID:10424
- C:\Windows\System\qtjjLRw.exe
  C:\Windows\System\qtjjLRw.exe
  2⤵
  PID:10448
- C:\Windows\System\PEZhzuF.exe
  C:\Windows\System\PEZhzuF.exe
  2⤵
  PID:10468
- C:\Windows\System\MhgiTYq.exe
  C:\Windows\System\MhgiTYq.exe
  2⤵
  PID:10488
- C:\Windows\System\hYttBYk.exe
  C:\Windows\System\hYttBYk.exe
  2⤵
  PID:10544
- C:\Windows\System\hlgyrBT.exe
  C:\Windows\System\hlgyrBT.exe
  2⤵
  PID:10568
- C:\Windows\System\rnzqlJl.exe
  C:\Windows\System\rnzqlJl.exe
  2⤵
  PID:10588
- C:\Windows\System\svDKUHo.exe
  C:\Windows\System\svDKUHo.exe
  2⤵
  PID:10624
- C:\Windows\System\eKplPgy.exe
  C:\Windows\System\eKplPgy.exe
  2⤵
  PID:10648
- C:\Windows\System\vvOKRlI.exe
  C:\Windows\System\vvOKRlI.exe
  2⤵
  PID:10664
- C:\Windows\System\dhJEwVL.exe
  C:\Windows\System\dhJEwVL.exe
  2⤵
  PID:10736
- C:\Windows\System\cOcPfAo.exe
  C:\Windows\System\cOcPfAo.exe
  2⤵
  PID:10756
- C:\Windows\System\YltcNIS.exe
  C:\Windows\System\YltcNIS.exe
  2⤵
  PID:10776
- C:\Windows\System\hIMFMgE.exe
  C:\Windows\System\hIMFMgE.exe
  2⤵
  PID:10796
- C:\Windows\System\mFAtSYG.exe
  C:\Windows\System\mFAtSYG.exe
  2⤵
  PID:10848
- C:\Windows\System\gXXErwf.exe
  C:\Windows\System\gXXErwf.exe
  2⤵
  PID:10880
- C:\Windows\System\aeAbaNi.exe
  C:\Windows\System\aeAbaNi.exe
  2⤵
  PID:10900
- C:\Windows\System\GNlhNri.exe
  C:\Windows\System\GNlhNri.exe
  2⤵
  PID:10940
- C:\Windows\System\OHKUfJm.exe
  C:\Windows\System\OHKUfJm.exe
  2⤵
  PID:10964
- C:\Windows\System\vdHpZBS.exe
  C:\Windows\System\vdHpZBS.exe
  2⤵
  PID:10984
- C:\Windows\System\impxUAU.exe
  C:\Windows\System\impxUAU.exe
  2⤵
  PID:11004
- C:\Windows\System\zKwRMNv.exe
  C:\Windows\System\zKwRMNv.exe
  2⤵
  PID:11052
- C:\Windows\System\wOpJTQH.exe
  C:\Windows\System\wOpJTQH.exe
  2⤵
  PID:11076
- C:\Windows\System\aCNSQWg.exe
  C:\Windows\System\aCNSQWg.exe
  2⤵
  PID:11096
- C:\Windows\System\NvKufYB.exe
  C:\Windows\System\NvKufYB.exe
  2⤵
  PID:11116
- C:\Windows\System\TixYgoH.exe
  C:\Windows\System\TixYgoH.exe
  2⤵
  PID:11148
- C:\Windows\System\qbEmTJY.exe
  C:\Windows\System\qbEmTJY.exe
  2⤵
  PID:11180
- C:\Windows\System\QFNltYA.exe
  C:\Windows\System\QFNltYA.exe
  2⤵
  PID:11208
- C:\Windows\System\nyYzxfs.exe
  C:\Windows\System\nyYzxfs.exe
  2⤵
  PID:11228
- C:\Windows\System\AJITfPS.exe
  C:\Windows\System\AJITfPS.exe
  2⤵
  PID:11248
- C:\Windows\System\aPIxcLS.exe
  C:\Windows\System\aPIxcLS.exe
  2⤵
  PID:8608
- C:\Windows\System\emJNNij.exe
  C:\Windows\System\emJNNij.exe
  2⤵
  PID:5096
- C:\Windows\System\nDdxioF.exe
  C:\Windows\System\nDdxioF.exe
  2⤵
  PID:10360
- C:\Windows\System\vjqdVAz.exe
  C:\Windows\System\vjqdVAz.exe
  2⤵
  PID:10444
- C:\Windows\System\jNzbECZ.exe
  C:\Windows\System\jNzbECZ.exe
  2⤵
  PID:10480
- C:\Windows\System\xaXRVGg.exe
  C:\Windows\System\xaXRVGg.exe
  2⤵
  PID:10556
- C:\Windows\System\PolOwes.exe
  C:\Windows\System\PolOwes.exe
  2⤵
  PID:10584
- C:\Windows\System\dZdXGqE.exe
  C:\Windows\System\dZdXGqE.exe
  2⤵
  PID:10632
- C:\Windows\System\eOonZgn.exe
  C:\Windows\System\eOonZgn.exe
  2⤵
  PID:10696
- C:\Windows\System\JrVSans.exe
  C:\Windows\System\JrVSans.exe
  2⤵
  PID:10772
- C:\Windows\System\HvAtiDJ.exe
  C:\Windows\System\HvAtiDJ.exe
  2⤵
  PID:10792
- C:\Windows\System\gwJDRjT.exe
  C:\Windows\System\gwJDRjT.exe
  2⤵
  PID:10888
- C:\Windows\System\rhMrybN.exe
  C:\Windows\System\rhMrybN.exe
  2⤵
  PID:10920
- C:\Windows\System\JyeOHbg.exe
  C:\Windows\System\JyeOHbg.exe
  2⤵
  PID:10956
- C:\Windows\System\pzjcKZQ.exe
  C:\Windows\System\pzjcKZQ.exe
  2⤵
  PID:11040
- C:\Windows\System\mneoLhI.exe
  C:\Windows\System\mneoLhI.exe
  2⤵
  PID:11172
- C:\Windows\System\TgDRDOu.exe
  C:\Windows\System\TgDRDOu.exe
  2⤵
  PID:10304
- C:\Windows\System\HJNJrOz.exe
  C:\Windows\System\HJNJrOz.exe
  2⤵
  PID:10464
- C:\Windows\System\UEjgjxn.exe
  C:\Windows\System\UEjgjxn.exe
  2⤵
  PID:10616
- C:\Windows\System\gQEcMJu.exe
  C:\Windows\System\gQEcMJu.exe
  2⤵
  PID:9780
- C:\Windows\System\mUsssdQ.exe
  C:\Windows\System\mUsssdQ.exe
  2⤵
  PID:11068
- C:\Windows\System\rNAilMs.exe
  C:\Windows\System\rNAilMs.exe
  2⤵
  PID:10972
- C:\Windows\System\vksFxWl.exe
  C:\Windows\System\vksFxWl.exe
  2⤵
  PID:11108
- C:\Windows\System\ujcNYOJ.exe
  C:\Windows\System\ujcNYOJ.exe
  2⤵
  PID:11260
- C:\Windows\System\KMPUOwF.exe
  C:\Windows\System\KMPUOwF.exe
  2⤵
  PID:10564
- C:\Windows\System\jjUMGti.exe
  C:\Windows\System\jjUMGti.exe
  2⤵
  PID:10824
- C:\Windows\System\GNJWebV.exe
  C:\Windows\System\GNJWebV.exe
  2⤵
  PID:10660
- C:\Windows\System\UWIusDa.exe
  C:\Windows\System\UWIusDa.exe
  2⤵
  PID:10440
- C:\Windows\System\LprgUXP.exe
  C:\Windows\System\LprgUXP.exe
  2⤵
  PID:11284
- C:\Windows\System\eRbWKJe.exe
  C:\Windows\System\eRbWKJe.exe
  2⤵
  PID:11304
- C:\Windows\System\TaXuVNF.exe
  C:\Windows\System\TaXuVNF.exe
  2⤵
  PID:11332
- C:\Windows\System\smUBQMw.exe
  C:\Windows\System\smUBQMw.exe
  2⤵
  PID:11352
- C:\Windows\System\UFvixGq.exe
  C:\Windows\System\UFvixGq.exe
  2⤵
  PID:11376
- C:\Windows\System\WngmAWe.exe
  C:\Windows\System\WngmAWe.exe
  2⤵
  PID:11416
- C:\Windows\System\qtYRjaA.exe
  C:\Windows\System\qtYRjaA.exe
  2⤵
  PID:11456
- C:\Windows\System\hGgfvBs.exe
  C:\Windows\System\hGgfvBs.exe
  2⤵
  PID:11480
- C:\Windows\System\umxYnNI.exe
  C:\Windows\System\umxYnNI.exe
  2⤵
  PID:11496
- C:\Windows\System\hTrCULK.exe
  C:\Windows\System\hTrCULK.exe
  2⤵
  PID:11532
- C:\Windows\System\uYxcfWr.exe
  C:\Windows\System\uYxcfWr.exe
  2⤵
  PID:11560
- C:\Windows\System\xXfIvui.exe
  C:\Windows\System\xXfIvui.exe
  2⤵
  PID:11600
- C:\Windows\System\aTzrdFb.exe
  C:\Windows\System\aTzrdFb.exe
  2⤵
  PID:11624
- C:\Windows\System\frVbQGE.exe
  C:\Windows\System\frVbQGE.exe
  2⤵
  PID:11652
- C:\Windows\System\SWoKZaH.exe
  C:\Windows\System\SWoKZaH.exe
  2⤵
  PID:11672
- C:\Windows\System\FqvRLiC.exe
  C:\Windows\System\FqvRLiC.exe
  2⤵
  PID:11728
- C:\Windows\System\iICMgBZ.exe
  C:\Windows\System\iICMgBZ.exe
  2⤵
  PID:11748
- C:\Windows\System\iHCjFkt.exe
  C:\Windows\System\iHCjFkt.exe
  2⤵
  PID:11768
- C:\Windows\System\jysnXpm.exe
  C:\Windows\System\jysnXpm.exe
  2⤵
  PID:11788
- C:\Windows\System\xXtveET.exe
  C:\Windows\System\xXtveET.exe
  2⤵
  PID:11820
- C:\Windows\System\pYNHyBi.exe
  C:\Windows\System\pYNHyBi.exe
  2⤵
  PID:11840
- C:\Windows\System\ondsLZB.exe
  C:\Windows\System\ondsLZB.exe
  2⤵
  PID:11860
- C:\Windows\System\SCnUGVc.exe
  C:\Windows\System\SCnUGVc.exe
  2⤵
  PID:11900
- C:\Windows\System\BCUjPYD.exe
  C:\Windows\System\BCUjPYD.exe
  2⤵
  PID:11928
- C:\Windows\System\elJMrtD.exe
  C:\Windows\System\elJMrtD.exe
  2⤵
  PID:11952
- C:\Windows\System\DDtOIdf.exe
  C:\Windows\System\DDtOIdf.exe
  2⤵
  PID:11972
- C:\Windows\System\OQNHGvS.exe
  C:\Windows\System\OQNHGvS.exe
  2⤵
  PID:12008
- C:\Windows\System\mVDCcXx.exe
  C:\Windows\System\mVDCcXx.exe
  2⤵
  PID:12040
- C:\Windows\System\LmXQOAO.exe
  C:\Windows\System\LmXQOAO.exe
  2⤵
  PID:12064
- C:\Windows\System\GmHJkGC.exe
  C:\Windows\System\GmHJkGC.exe
  2⤵
  PID:12084
- C:\Windows\System\dErtcLL.exe
  C:\Windows\System\dErtcLL.exe
  2⤵
  PID:12124
- C:\Windows\System\IRvQfhJ.exe
  C:\Windows\System\IRvQfhJ.exe
  2⤵
  PID:12172
- C:\Windows\System\TyDyyzP.exe
  C:\Windows\System\TyDyyzP.exe
  2⤵
  PID:12192
- C:\Windows\System\PkSTPKK.exe
  C:\Windows\System\PkSTPKK.exe
  2⤵
  PID:12212
- C:\Windows\System\JqcGITr.exe
  C:\Windows\System\JqcGITr.exe
  2⤵
  PID:12228
- C:\Windows\System\tltvhYr.exe
  C:\Windows\System\tltvhYr.exe
  2⤵
  PID:12248
- C:\Windows\System\YqCPeBl.exe
  C:\Windows\System\YqCPeBl.exe
  2⤵
  PID:12276
- C:\Windows\System\ozwzOIg.exe
  C:\Windows\System\ozwzOIg.exe
  2⤵
  PID:11276
- C:\Windows\System\GBDxZHS.exe
  C:\Windows\System\GBDxZHS.exe
  2⤵
  PID:11296
- C:\Windows\System\sjtnDcH.exe
  C:\Windows\System\sjtnDcH.exe
  2⤵
  PID:11452
- C:\Windows\System\XILLuUO.exe
  C:\Windows\System\XILLuUO.exe
  2⤵
  PID:11492
- C:\Windows\System\LvBTFJw.exe
  C:\Windows\System\LvBTFJw.exe
  2⤵
  PID:11552
- C:\Windows\System\zxIURhH.exe
  C:\Windows\System\zxIURhH.exe
  2⤵
  PID:11608
- C:\Windows\System\MHTwFsb.exe
  C:\Windows\System\MHTwFsb.exe
  2⤵
  PID:11720
- C:\Windows\System\DRuehcc.exe
  C:\Windows\System\DRuehcc.exe
  2⤵
  PID:11756
- C:\Windows\System\QdvZMVG.exe
  C:\Windows\System\QdvZMVG.exe
  2⤵
  PID:11856
- C:\Windows\System\hGVfjOp.exe
  C:\Windows\System\hGVfjOp.exe
  2⤵
  PID:11876
- C:\Windows\System\Khqabme.exe
  C:\Windows\System\Khqabme.exe
  2⤵
  PID:11908
- C:\Windows\System\yFoeOfn.exe
  C:\Windows\System\yFoeOfn.exe
  2⤵
  PID:12016
- C:\Windows\System\ytoNWxe.exe
  C:\Windows\System\ytoNWxe.exe
  2⤵
  PID:12024
- C:\Windows\System\kDHNtGK.exe
  C:\Windows\System\kDHNtGK.exe
  2⤵
  PID:12056
- C:\Windows\System\qlMLLNc.exe
  C:\Windows\System\qlMLLNc.exe
  2⤵
  PID:12188
- C:\Windows\System\mphWHWr.exe
  C:\Windows\System\mphWHWr.exe
  2⤵
  PID:12180
- C:\Windows\System\GRuwDkt.exe
  C:\Windows\System\GRuwDkt.exe
  2⤵
  PID:11464
- C:\Windows\System\vqFpAXS.exe
  C:\Windows\System\vqFpAXS.exe
  2⤵
  PID:2936
- C:\Windows\System\QNFgsHr.exe
  C:\Windows\System\QNFgsHr.exe
  2⤵
  PID:11804
- C:\Windows\System\eMkUJET.exe
  C:\Windows\System\eMkUJET.exe
  2⤵
  PID:11828
- C:\Windows\System\ZioircA.exe
  C:\Windows\System\ZioircA.exe
  2⤵
  PID:11964
- C:\Windows\System\JJnxqnW.exe
  C:\Windows\System\JJnxqnW.exe
  2⤵
  PID:12164
- C:\Windows\System\zmOQEWL.exe
  C:\Windows\System\zmOQEWL.exe
  2⤵
  PID:12168
- C:\Windows\System\fgIskBa.exe
  C:\Windows\System\fgIskBa.exe
  2⤵
  PID:12324
- C:\Windows\System\bBSIzcC.exe
  C:\Windows\System\bBSIzcC.exe
  2⤵
  PID:12340
- C:\Windows\System\IFcuVOG.exe
  C:\Windows\System\IFcuVOG.exe
  2⤵
  PID:12356
- C:\Windows\System\pHqGHyJ.exe
  C:\Windows\System\pHqGHyJ.exe
  2⤵
  PID:12372
- C:\Windows\System\fsxDHze.exe
  C:\Windows\System\fsxDHze.exe
  2⤵
  PID:12388
- C:\Windows\System\FJZAYtx.exe
  C:\Windows\System\FJZAYtx.exe
  2⤵
  PID:12404
- C:\Windows\System\ycVuKFW.exe
  C:\Windows\System\ycVuKFW.exe
  2⤵
  PID:12420
- C:\Windows\System\WkKRcln.exe
  C:\Windows\System\WkKRcln.exe
  2⤵
  PID:12440
- C:\Windows\System\CqdUPmf.exe
  C:\Windows\System\CqdUPmf.exe
  2⤵
  PID:12460
- C:\Windows\System\ewuPpdP.exe
  C:\Windows\System\ewuPpdP.exe
  2⤵
  PID:12572
- C:\Windows\System\RkWdMbx.exe
  C:\Windows\System\RkWdMbx.exe
  2⤵
  PID:12648
- C:\Windows\System\XetfTaD.exe
  C:\Windows\System\XetfTaD.exe
  2⤵
  PID:12668
- C:\Windows\System\uAiwpaM.exe
  C:\Windows\System\uAiwpaM.exe
  2⤵
  PID:12700
- C:\Windows\System\YfzlvyZ.exe
  C:\Windows\System\YfzlvyZ.exe
  2⤵
  PID:12720
- C:\Windows\System\NBmZTiB.exe
  C:\Windows\System\NBmZTiB.exe
  2⤵
  PID:12780
- C:\Windows\System\mBcLpNM.exe
  C:\Windows\System\mBcLpNM.exe
  2⤵
  PID:12820
- C:\Windows\System\UhUsPdz.exe
  C:\Windows\System\UhUsPdz.exe
  2⤵
  PID:12836
- C:\Windows\System\CbBOrrl.exe
  C:\Windows\System\CbBOrrl.exe
  2⤵
  PID:12868
- C:\Windows\System\WRnyNtz.exe
  C:\Windows\System\WRnyNtz.exe
  2⤵
  PID:12908
- C:\Windows\System\ilshmvj.exe
  C:\Windows\System\ilshmvj.exe
  2⤵
  PID:12940
- C:\Windows\System\jJlZwOv.exe
  C:\Windows\System\jJlZwOv.exe
  2⤵
  PID:12980
- C:\Windows\System\rLlKNAw.exe
  C:\Windows\System\rLlKNAw.exe
  2⤵
  PID:13004
- C:\Windows\System\HUWYTth.exe
  C:\Windows\System\HUWYTth.exe
  2⤵
  PID:13032
- C:\Windows\System\isdLPox.exe
  C:\Windows\System\isdLPox.exe
  2⤵
  PID:13056
- C:\Windows\System\zWfzvDU.exe
  C:\Windows\System\zWfzvDU.exe
  2⤵
  PID:13084
- C:\Windows\System\VnKWjcQ.exe
  C:\Windows\System\VnKWjcQ.exe
  2⤵
  PID:13128
- C:\Windows\System\UBOooip.exe
  C:\Windows\System\UBOooip.exe
  2⤵
  PID:13160
- C:\Windows\System\DrbpqyG.exe
  C:\Windows\System\DrbpqyG.exe
  2⤵
  PID:13180
- C:\Windows\System\TjidpzV.exe
  C:\Windows\System\TjidpzV.exe
  2⤵
  PID:13204
- C:\Windows\System\uUyMFlr.exe
  C:\Windows\System\uUyMFlr.exe
  2⤵
  PID:13228
- C:\Windows\System\wBjrwJL.exe
  C:\Windows\System\wBjrwJL.exe
  2⤵
  PID:13248
- C:\Windows\System\lIFzXgT.exe
  C:\Windows\System\lIFzXgT.exe
  2⤵
  PID:13268
- C:\Windows\System\BdVyXFe.exe
  C:\Windows\System\BdVyXFe.exe
  2⤵
  PID:13292
- C:\Windows\System\LeqZXYV.exe
  C:\Windows\System\LeqZXYV.exe
  2⤵
  PID:12224
- C:\Windows\System\Yjgfajj.exe
  C:\Windows\System\Yjgfajj.exe
  2⤵
  PID:12260
- C:\Windows\System\YXdAoyY.exe
  C:\Windows\System\YXdAoyY.exe
  2⤵
  PID:12468
- C:\Windows\System\ddQTtJS.exe
  C:\Windows\System\ddQTtJS.exe
  2⤵
  PID:11740
- C:\Windows\System\hdcNZIm.exe
  C:\Windows\System\hdcNZIm.exe
  2⤵
  PID:11524
- C:\Windows\System\syXiGaz.exe
  C:\Windows\System\syXiGaz.exe
  2⤵
  PID:12368
- C:\Windows\System\zmYcRMv.exe
  C:\Windows\System\zmYcRMv.exe
  2⤵
  PID:12412
- C:\Windows\System\msRpMLz.exe
  C:\Windows\System\msRpMLz.exe
  2⤵
  PID:12456
- C:\Windows\System\HMpbuFm.exe
  C:\Windows\System\HMpbuFm.exe
  2⤵
  PID:12476
- C:\Windows\System\VWFUyKw.exe
  C:\Windows\System\VWFUyKw.exe
  2⤵
  PID:12568
- C:\Windows\System\gPkdChd.exe
  C:\Windows\System\gPkdChd.exe
  2⤵
  PID:12632
- C:\Windows\System\nsmMKpc.exe
  C:\Windows\System\nsmMKpc.exe
  2⤵
  PID:12696
- C:\Windows\System\UDmoqwi.exe
  C:\Windows\System\UDmoqwi.exe
  2⤵
  PID:12716
- C:\Windows\System\dxcctvx.exe
  C:\Windows\System\dxcctvx.exe
  2⤵
  PID:12828
- C:\Windows\System\UWPKTFq.exe
  C:\Windows\System\UWPKTFq.exe
  2⤵
  PID:12932
- C:\Windows\System\WvIxZkX.exe
  C:\Windows\System\WvIxZkX.exe
  2⤵
  PID:13044
- C:\Windows\System\gQEJhKh.exe
  C:\Windows\System\gQEJhKh.exe
  2⤵
  PID:3488
- C:\Windows\System\qoWZxJY.exe
  C:\Windows\System\qoWZxJY.exe
  2⤵
  PID:13120
- C:\Windows\System\HhPhjmY.exe
  C:\Windows\System\HhPhjmY.exe
  2⤵
  PID:13172
- C:\Windows\System\yJlWGCN.exe
  C:\Windows\System\yJlWGCN.exe
  2⤵
  PID:12144
- C:\Windows\System\DRbQGgW.exe
  C:\Windows\System\DRbQGgW.exe
  2⤵
  PID:12000
- C:\Windows\System\EzKqvhs.exe
  C:\Windows\System\EzKqvhs.exe
  2⤵
  PID:12052
- C:\Windows\System\MwNopYl.exe
  C:\Windows\System\MwNopYl.exe
  2⤵
  PID:12708
- C:\Windows\System\IYnTpOC.exe
  C:\Windows\System\IYnTpOC.exe
  2⤵
  PID:11448
- C:\Windows\System\RZxQOpw.exe
  C:\Windows\System\RZxQOpw.exe
  2⤵
  PID:12396
- C:\Windows\System\VeYiSPM.exe
  C:\Windows\System\VeYiSPM.exe
  2⤵
  PID:12560
- C:\Windows\System\gFyDylJ.exe
  C:\Windows\System\gFyDylJ.exe
  2⤵
  PID:12688
- C:\Windows\System\IMbfBZb.exe
  C:\Windows\System\IMbfBZb.exe
  2⤵
  PID:12860
- C:\Windows\System\xDsFKxz.exe
  C:\Windows\System\xDsFKxz.exe
  2⤵
  PID:3396
- C:\Windows\System\ZwYUHuk.exe
  C:\Windows\System\ZwYUHuk.exe
  2⤵
  PID:13116
- C:\Windows\System\lCbkjYR.exe
  C:\Windows\System\lCbkjYR.exe
  2⤵
  PID:1396
- C:\Windows\System\vywpiil.exe
  C:\Windows\System\vywpiil.exe
  2⤵
  PID:3288
- C:\Windows\System\dUqlPln.exe
  C:\Windows\System\dUqlPln.exe
  2⤵
  PID:11632
- C:\Windows\System\FcfOtel.exe
  C:\Windows\System\FcfOtel.exe
  2⤵
  PID:12536
- C:\Windows\System\pysKAGu.exe
  C:\Windows\System\pysKAGu.exe
  2⤵
  PID:12804
- C:\Windows\System\HsZrRax.exe
  C:\Windows\System\HsZrRax.exe
  2⤵
  PID:4468
- C:\Windows\System\izKajfa.exe
  C:\Windows\System\izKajfa.exe
  2⤵
  PID:4756
- C:\Windows\System\KjVXhWA.exe
  C:\Windows\System\KjVXhWA.exe
  2⤵
  PID:12600
- C:\Windows\System\sDWjSMd.exe
  C:\Windows\System\sDWjSMd.exe
  2⤵
  PID:13264
- C:\Windows\System\rlQmaCC.exe
  C:\Windows\System\rlQmaCC.exe
  2⤵
  PID:13324
- C:\Windows\System\sepSdgs.exe
  C:\Windows\System\sepSdgs.exe
  2⤵
  PID:13344
- C:\Windows\System\MKkYpwR.exe
  C:\Windows\System\MKkYpwR.exe
  2⤵
  PID:13364
- C:\Windows\System\RxCSRHg.exe
  C:\Windows\System\RxCSRHg.exe
  2⤵
  PID:13400
- C:\Windows\System\buWSfST.exe
  C:\Windows\System\buWSfST.exe
  2⤵
  PID:13440
- C:\Windows\System\vmXcWCW.exe
  C:\Windows\System\vmXcWCW.exe
  2⤵
  PID:13464
- C:\Windows\System\ROWQaFr.exe
  C:\Windows\System\ROWQaFr.exe
  2⤵
  PID:13484
- C:\Windows\System\twwIybT.exe
  C:\Windows\System\twwIybT.exe
  2⤵
  PID:13508
- C:\Windows\System\CWssypF.exe
  C:\Windows\System\CWssypF.exe
  2⤵
  PID:13532
- C:\Windows\System\HUjPRTG.exe
  C:\Windows\System\HUjPRTG.exe
  2⤵
  PID:13552
- C:\Windows\System\tXuFGwd.exe
  C:\Windows\System\tXuFGwd.exe
  2⤵
  PID:13572
- C:\Windows\System\filPSVh.exe
  C:\Windows\System\filPSVh.exe
  2⤵
  PID:13592
- C:\Windows\System\COqwvXZ.exe
  C:\Windows\System\COqwvXZ.exe
  2⤵
  PID:13616
- C:\Windows\System\PkfwlRR.exe
  C:\Windows\System\PkfwlRR.exe
  2⤵
  PID:13700
- C:\Windows\System\kTmzTzV.exe
  C:\Windows\System\kTmzTzV.exe
  2⤵
  PID:13720
- C:\Windows\System\AxewgGY.exe
  C:\Windows\System\AxewgGY.exe
  2⤵
  PID:13736
- C:\Windows\System\ZPMYhKZ.exe
  C:\Windows\System\ZPMYhKZ.exe
  2⤵
  PID:13756
- C:\Windows\System\XnElqWK.exe
  C:\Windows\System\XnElqWK.exe
  2⤵
  PID:13776
- C:\Windows\System\ZvVReQQ.exe
  C:\Windows\System\ZvVReQQ.exe
  2⤵
  PID:13796
- C:\Windows\System\QeyGqUc.exe
  C:\Windows\System\QeyGqUc.exe
  2⤵
  PID:13844
- C:\Windows\System\FpqNfLG.exe
  C:\Windows\System\FpqNfLG.exe
  2⤵
  PID:13864
- C:\Windows\System\tbAtHGw.exe
  C:\Windows\System\tbAtHGw.exe
  2⤵
  PID:13888
- C:\Windows\System\WMjYwON.exe
  C:\Windows\System\WMjYwON.exe
  2⤵
  PID:13952
- C:\Windows\System\axpnCkp.exe
  C:\Windows\System\axpnCkp.exe
  2⤵
  PID:13972
- C:\Windows\System\DbkkMjg.exe
  C:\Windows\System\DbkkMjg.exe
  2⤵
  PID:13992
- C:\Windows\System\xzzvdkQ.exe
  C:\Windows\System\xzzvdkQ.exe
  2⤵
  PID:14016
- C:\Windows\System\jGKkRbd.exe
  C:\Windows\System\jGKkRbd.exe
  2⤵
  PID:14068
- C:\Windows\System\HYvQFMW.exe
  C:\Windows\System\HYvQFMW.exe
  2⤵
  PID:14088
- C:\Windows\System\ZNAWDdd.exe
  C:\Windows\System\ZNAWDdd.exe
  2⤵
  PID:14104
- C:\Windows\System\FoNKdYF.exe
  C:\Windows\System\FoNKdYF.exe
  2⤵
  PID:14120
- C:\Windows\System\AXJcrXf.exe
  C:\Windows\System\AXJcrXf.exe
  2⤵
  PID:14144
- C:\Windows\System\KTyfVzA.exe
  C:\Windows\System\KTyfVzA.exe
  2⤵
  PID:14164
- C:\Windows\System\KYHywBP.exe
  C:\Windows\System\KYHywBP.exe
  2⤵
  PID:14188
- C:\Windows\System\cqsVmJD.exe
  C:\Windows\System\cqsVmJD.exe
  2⤵
  PID:14212
- C:\Windows\System\MFTkMWs.exe
  C:\Windows\System\MFTkMWs.exe
  2⤵
  PID:14252
- C:\Windows\System\OsXLHbZ.exe
  C:\Windows\System\OsXLHbZ.exe
  2⤵
  PID:14276
- C:\Windows\System\NJrfZci.exe
  C:\Windows\System\NJrfZci.exe
  2⤵
  PID:14320
- C:\Windows\System\wZkFYMe.exe
  C:\Windows\System\wZkFYMe.exe
  2⤵
  PID:12964
- C:\Windows\System\PbXpAPc.exe
  C:\Windows\System\PbXpAPc.exe
  2⤵
  PID:13336
- C:\Windows\System\dBtmswg.exe
  C:\Windows\System\dBtmswg.exe
  2⤵
  PID:13408
- C:\Windows\System\OPPrvNg.exe
  C:\Windows\System\OPPrvNg.exe
  2⤵
  PID:13452
- C:\Windows\System\lzDKcxL.exe
  C:\Windows\System\lzDKcxL.exe
  2⤵
  PID:13548
- C:\Windows\System\uxYSMgt.exe
  C:\Windows\System\uxYSMgt.exe
  2⤵
  PID:13660
- C:\Windows\System\nfZAMGP.exe
  C:\Windows\System\nfZAMGP.exe
  2⤵
  PID:13640
- C:\Windows\System\kyZfMEb.exe
  C:\Windows\System\kyZfMEb.exe
  2⤵
  PID:2488
- C:\Windows\System\fURznUg.exe
  C:\Windows\System\fURznUg.exe
  2⤵
  PID:13748
- C:\Windows\System\OIqygfF.exe
  C:\Windows\System\OIqygfF.exe
  2⤵
  PID:13832
- C:\Windows\System\qHwunhh.exe
  C:\Windows\System\qHwunhh.exe
  2⤵
  PID:13876
- C:\Windows\System\eCUvYeU.exe
  C:\Windows\System\eCUvYeU.exe
  2⤵
  PID:14008
- C:\Windows\System\ZOLeZcq.exe
  C:\Windows\System\ZOLeZcq.exe
  2⤵
  PID:13000
- C:\Windows\System\RMUGtOI.exe
  C:\Windows\System\RMUGtOI.exe
  2⤵
  PID:14084
- C:\Windows\System\CjTrwXO.exe
  C:\Windows\System\CjTrwXO.exe
  2⤵
  PID:14176
- C:\Windows\System\fBTToNf.exe
  C:\Windows\System\fBTToNf.exe
  2⤵
  PID:14272
- C:\Windows\System\leQTvGj.exe
  C:\Windows\System\leQTvGj.exe
  2⤵
  PID:13320
- C:\Windows\System\SyzXHsV.exe
  C:\Windows\System\SyzXHsV.exe
  2⤵
  PID:13360
- C:\Windows\System\sbOfxZe.exe
  C:\Windows\System\sbOfxZe.exe
  2⤵
  PID:13540
- C:\Windows\System\yLJNaAD.exe
  C:\Windows\System\yLJNaAD.exe
  2⤵
  PID:13708
- C:\Windows\System\XrVYbND.exe
  C:\Windows\System\XrVYbND.exe
  2⤵
  PID:13784
- C:\Windows\System\hxrNfHb.exe
  C:\Windows\System\hxrNfHb.exe
  2⤵
  PID:13960
- C:\Windows\System\fsvmWSd.exe
  C:\Windows\System\fsvmWSd.exe
  2⤵
  PID:14116
- C:\Windows\System\FootaLE.exe
  C:\Windows\System\FootaLE.exe
  2⤵
  PID:14260
- C:\Windows\System\PwwTnIO.exe
  C:\Windows\System\PwwTnIO.exe
  2⤵
  PID:13316
- C:\Windows\System\KOTmYTa.exe
  C:\Windows\System\KOTmYTa.exe
  2⤵
  PID:14132
- C:\Windows\System\wSEXIOQ.exe
  C:\Windows\System\wSEXIOQ.exe
  2⤵
  PID:14244

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ABYnGXF.exe

Filesize
1.6MB

MD5
25614adf6fe5dd6a88dc343736a70510

SHA1
5b15822ee6a223e60038a492400760ee386fc062

SHA256
1ab5b8b981dfac6c7e1f5554cb0189e9ac77b489373dc26911316915fd18e4c6

SHA512
a7295521d552d7d892ac3129556c97ddcd0d1d1895f3d4589f1bde00840695d3f169f3bdef477b5898113f9c46cf9ab1989e64576ed07763cdad2430c5e30acb

Download Submit
C:\Windows\System\ATfOxfv.exe

Filesize
1.6MB

MD5
8f8a9a8186d5a9b8076c6d8090e9673f

SHA1
38b8a9e457d674f9cb1f13ade5b693ecda4e63c7

SHA256
fcdcbbb6f848d64bcf01f7874821560b701cde0072f7ed67e482a15a1b93bf4c

SHA512
c665826bfda4203b1bebc7789b58625c03dacddd23cf31584ddddbd7eac91acf0fb2fd45b1e62530984f2a77187a7d81a1544de5977be1b9e89261ce3c500872

Download Submit
C:\Windows\System\AhppYqK.exe

Filesize
1.6MB

MD5
210fd777c3706da1ac4ce76392421321

SHA1
4ee39d247d0441298c44cd086ecf123804e4759e

SHA256
8cf99b4a6ea75d96a398327847fc36b801594601c315a7f7997ff67e7860e227

SHA512
c756bd4133358523dfea1c2e62181c462cfadc5590e021ca4ebff05d0aff6f329f024df80f86f317e40e6ea541075228841f506b5b454273fb1bdf735a3f67a6

Download Submit
C:\Windows\System\BbWjREn.exe

Filesize
1.6MB

MD5
1bc60cbbbb5dfba2366fa8be1445d11d

SHA1
3bb4132fb8969d5554e44df2ef2f8c43fcd165cc

SHA256
ec79d630a7bb854429a70e8cffe447544b2b43ead59d9dc40032767decc5f3da

SHA512
f0a2a9c996b28424b8b2e5fd46ea4c4184a800e6da8876d2a8d65ffcc233f15b461e6235871732bc94d3c001c0609600e55a07273a948d3fa001294935e9421d

Download Submit
C:\Windows\System\ELdZKNi.exe

Filesize
1.6MB

MD5
6f0b1f2411a679844314b1ea5b224bb6

SHA1
3aaf653c20caefcb589b9ac3a79c928dbc24b1ef

SHA256
cb71db292054f6b2f16b9b05529044491dd611d4ebbd3d4f5ab68ef0e3f20c67

SHA512
ae5b89e737e19db61ed75e17f102ca7ea7a16d87ee1d4df776a37a9adfb4e29e29a2ce5c79669131137c8d22e54a4c3a5b71ac0bf756381408930d9f039b3253

Download Submit
C:\Windows\System\FGTmaqc.exe

Filesize
1.6MB

MD5
e26fea7bb9748a3afc720e54a52b1220

SHA1
6760a24ea2e37623345ffc1f627090272ad8714a

SHA256
8f9cc40f999e4ea625d159e0303e2557a07e4941b243a09b02182f399774bfad

SHA512
1bb73a81bc5c2b700e666d891d18108087fb4bbfd7cca10b5b0a29d6278894ce65420ef1b631ec894ee2847b942376c012bf43783799c3460c0a434607fe7899

Download Submit
C:\Windows\System\FkNEifM.exe

Filesize
1.6MB

MD5
f2e8def0ab161dd5317c05c18636f9b8

SHA1
029817878e1ccd337e67876905b1eb5a22e2b154

SHA256
0e910b85987b5a553dafa78870b0646b22188088ce847f86d0c147c6244f8425

SHA512
3814c5488ada2b806fa764844657af02c000dc4aec38cff2a00ad009a57778dab9f604ca23ea00f36bfe1ebd67031b9da3c2cee832ecd928c213af3ee88c38e3

Download Submit
C:\Windows\System\GdYkxYd.exe

Filesize
1.6MB

MD5
cbd981b62488e468af965b58d40532d1

SHA1
c9d47dc2f7c5aa029f740132ab849de90c0cefe2

SHA256
6a1899da15d799769277c2bf7c93e08df8034328169ef9e72e31f3cc2d921bac

SHA512
96b49e60a376412d2e2bdf38af55930ebba1e0bca6e2b6318613cd565fd4afa113aec041f46f31bfecedc10dbb3be1728767ece93fdbb1965fce03e605bca5ea

Download Submit
C:\Windows\System\GhpwrwK.exe

Filesize
1.6MB

MD5
574e5f73bb372b57dc74d3b0578cc282

SHA1
8cf30fe22c929e8096129a28577055e2345ba8db

SHA256
2126cd7b0acb3cae9d2573dbc73e9997aec604271822d6f8e6075084c59e4d9a

SHA512
11c10990154c6aa1de68c117dad9933607e3f9571c2052a9954a6ec525e51564302589751538b3d6d7ee9d75a44fb0e89025b08278e3e2dc8b58cbe00da8ad82

Download Submit
C:\Windows\System\HMKsGYj.exe

Filesize
1.6MB

MD5
e859959260dc0038d0679b7e34832241

SHA1
76539682146b4a83921e67f33babdfa86d2db7b9

SHA256
f22c9e43897465365c9ccb2af649a9733984a1e51cee3a3b63d17b67c1874c11

SHA512
f0cceda478efb066504f9bcb7ca036d585171676f0581ce52670728c5583fe2dcf3ac40d253666fe23b4b0f8dbad66ac3b623f12f9494f46a90d952aa39ef1e8

Download Submit
C:\Windows\System\HzKzBtu.exe

Filesize
1.6MB

MD5
6849ce7bfef15519d9e7ae306b0dbded

SHA1
5d73c831d1647ef370776e14b8f6ab8dec80e20b

SHA256
7fccd92107cd74851d97e39923dad8d4e99f2f4f24a25adb89667a2954dc00a5

SHA512
d0e94c01d1ff7272d8c9c84206ed09094a1b53b5a19d9f24f60c2fbe61a532b41cad887e3d783fe44ee9f2c08c9d6b1ea069846e880214c9d35cb4a3b994ee06

Download Submit
C:\Windows\System\IhTgpLO.exe

Filesize
1.6MB

MD5
a5dce543eba36474c9a846136f1960d4

SHA1
a756596823984933bf139e964441308529a2bdc1

SHA256
94295f89ff2ca8131c7afe0df9dcbf6d499be8835aad4a4546b4b91b28762375

SHA512
f7bef30ddb96d6f76146a2154089f45712442a981568142990c5549692a03da20e8e00dc94fd45d18af322cb17ef82f4c6656e9322f7b6062a5fef79964eb352

Download Submit
C:\Windows\System\JJJFyzE.exe

Filesize
1.6MB

MD5
f5ad99bbc214439b27accde8f5411ee3

SHA1
06db76a50f3d486118e67e18f9f54efa8ac2a694

SHA256
e30ae325ab83313153a43d8a269db04c5fdb07e506494a84f8e9d1aaf48cf54f

SHA512
015588b99bdc4ca4b56b1c611ff63405e386976135b3e391a52847cc0bff6f960501a15743a2c6926426e24a0014a2c82ce24ed06061e08d1f852d955d0108a8

Download Submit
C:\Windows\System\KyDPcAy.exe

Filesize
1.6MB

MD5
a321ce2e7b535214b3214b911c05f31c

SHA1
bdc38748e0af6ce5806fb5a0c13133b3a7754e9e

SHA256
f9349b9da189300c6b0af383e898b20d876dab664196672d0b9785ac2afdb3ec

SHA512
fc56ab55ab8efb09ddc64016f43d5338a3fd771dbf3602b95dc0cdd3d9d6b1d2b502892694f1c4354363964a421d74e4ded3e108fd162bebc6ffe84e6f68d588

Download Submit
C:\Windows\System\NZSLmYU.exe

Filesize
1.6MB

MD5
3893faa1f4b9860a400fb57741d97ca7

SHA1
a1f2ec9db23a354b873392f500bbe61eaf9d65ae

SHA256
385502794ca1d1dc9adbbd9822a3ea6f59c32bd1718e11a51c87e1d075dd5bb3

SHA512
91077401472864daf318602bf492f089cd8f69823cdcf8496c8e450bc6583cf95fbe2354939481da73763cd57f1339efc19a51a1300208301fec908dc76db389

Download Submit
C:\Windows\System\QWjCaou.exe

Filesize
1.6MB

MD5
6e9002e36ab3c1be2094241cb3107682

SHA1
c7c47047b17a9e27375e4396d2ece5eb9aa3781f

SHA256
0beef0e1e508db605dca501374d0c46620f7ceaed1eb30d2c7af0e08127ebeb5

SHA512
bc370a21af97ce01ba4f99b60e2e91f95decbcb34bf63024a54e80696c336173326de8cebfe8b9a02b6cef624cd8017cbc163507ab1d85faa876cd3303ea6353

Download Submit
C:\Windows\System\SASUqEo.exe

Filesize
1.6MB

MD5
10b8114f862e758acd05af395efe609a

SHA1
c73644b80d7e6364ad6c65f29d37f0df2a57a199

SHA256
a1f5beeb0d767a0234c4fdbdc452069ec7947b61c0f60bc7fc277667d3aa2444

SHA512
ec570620e93f2acdc9ba4f6ef4b75d1868f1222b5fb121436a2a28508e00ce4f2ebb2856a5fc6b3935d1a6810195a87627661195d54233c6adaea7f3608225c7

Download Submit
C:\Windows\System\SNLmRTr.exe

Filesize
1.6MB

MD5
5ca3737086b4a98be74eb3769ac270e9

SHA1
dbcfd777690d1afb281a63f64b9113329513e7a3

SHA256
8a2b3efb8f512a11a1a0556ed375c3eb1302ee00f0b286c13c769795a8fa3e42

SHA512
78f4204cf8b8b2aade7dce07cfe459abff3ee6cd9ed499f4aef2ab1716bfec891dd4dc4d9d81c74b57c977d9534bda5fdec7a0acf7d733f7eb9dec0adc9d9613

Download Submit
C:\Windows\System\UZGhBlM.exe

Filesize
1.6MB

MD5
542cb54ac2fdd14d569b273ce98f7d0f

SHA1
e025d43617a82c02ee4c11a2ff267eeb42913bbe

SHA256
7c3be9dce5c20bfaed00c7dd8b169eef7aff1835c67b94de1e2a2fd170bb9528

SHA512
1a440c667fa8c3201e6c7f61c12375103dd50ab40cac76f551cb36489741446948f479295e07eea22ebed2da897742dfc6797e601b6d44655240d30604fb3de6

Download Submit
C:\Windows\System\VPrxmSN.exe

Filesize
1.6MB

MD5
7e0f18ba05e7c2f82c7330e82ff5611d

SHA1
21e2a9e2cf614e1382e8398916163aaa2aae97f5

SHA256
39d3d2f6201e762948a9c444498944eb342e79f22537b2d2e2644d93241c221b

SHA512
7376fee033a7c8dfe58500deb14753686b6a98b587e58a2ee683550580adea2427c1fb021cb7511b5cc8221a2ddd6131d6f4b20a6fa8cd6fa450a51658166f94

Download Submit
C:\Windows\System\YDwYKCQ.exe

Filesize
1.6MB

MD5
8033045b66c3ac9612c925c609716025

SHA1
99170b80f30c98143d87ed0c4da198003b88fd42

SHA256
c532107fdd16e36606ddc07e257a29eeb6ccbb1affee9ae8ef43f82cb08b3d81

SHA512
2a7843aaa3ec0bcb3d2503285214ca4a83baf697b1841b038848257d3f52abcc24c59a4c383aca2a230f24c5d5f1a8fbdcc348a8a14e33897914a2cada0cf93d

Download Submit
C:\Windows\System\ZXbRoWl.exe

Filesize
1.6MB

MD5
f8365de96381a31b832c50c1358198f3

SHA1
4fbe5ca386443199d8e931269c7caa60a0e18276

SHA256
aa570a71d83be4a2cbbd04ccfcb207f81e70e6d0c5465de7115a2fd8b6be61c8

SHA512
639efc475dd38ebe64cb2aa9743b95d152877180d53e8b67d869160c87ce18a0f5a9e88b8e204426a2f749cf65ec2951e00282e8b93e459e9629f9c85093c9b9

Download Submit
C:\Windows\System\Zoywhyg.exe

Filesize
1.6MB

MD5
f3d8de6d9c3d5805bab6e6f884a65765

SHA1
3ade005f0fc2815747d5c11ab07a479f81e834d6

SHA256
71858e4a10b756d5d61f7c17e6d673c8dcb1a1380a68fa0371394d8fa149c24e

SHA512
99adc4d53aa890e708bdf577d9e980c70347afddcd35d46f6fdaeb4194ec8e60811ad7a74405d059f33a099e75a7fc820a1d18e2c073e993b8f2f44633908e3a

Download Submit
C:\Windows\System\ZrMjXwh.exe

Filesize
1.6MB

MD5
af49a31938be2331d4be916d2dd8aa40

SHA1
928287e165cf1447fb649a8f46ddc4c372a4375e

SHA256
f1c07120b681dee5806288a2f2f815566f63fe107322f6c3aa703f78f2bc8288

SHA512
6bd403c8c3015fcb5cb36017d386cdeaa0837c44fa1abc8c8d841526bb23eb4994ea4e1ce23e3e456c49707165e3cfc79664a48a66afc074f8ca7fac25de018a

Download Submit
C:\Windows\System\apmyGCt.exe

Filesize
1.6MB

MD5
5d2087ed39fab4008c2763c657a3e5ae

SHA1
56a85b7845191949d39e27cc34b2ed52f0823582

SHA256
b900a393714f871088fd190f4fd30f875cf894a4e9a7a3e4ff2deb1893aebb08

SHA512
b71b4d2e798a3344347b9c5684f8a08a605d876af85aea80c406ead7c7f835f708396e555985cd394165c65d6cea9eeb787c21fc0f579fc8808b8501f46f5993

Download Submit
C:\Windows\System\cPedbyT.exe

Filesize
1.6MB

MD5
d88fbf51bd59141760b65b53362602d6

SHA1
268a1117ba6af3ea45740acee5ca50ad064de1f3

SHA256
733b336a1b43d8374aa95b0fb17ee0654e941ffb2bd49eac93cc112bfd0b8fe5

SHA512
c2ae0d6439e236603bb17389bea3c471306ab529a8aa7dd33922be83bbc46348931e512f59dafe562416a2117a5e4d74e35c1cbeebc3041ed324b815ff819505

Download Submit
C:\Windows\System\hMZsJZj.exe

Filesize
1.6MB

MD5
8dd642251d983fbf80d84db458f10742

SHA1
7aae44a0c673388bc4a838023b8eea71ad7b1669

SHA256
aba5e284cbc3d443be5b0a440a5fc6f3c3c8e23c695fa9eed274e05a02edc764

SHA512
a7f2556061673ca088f337f602232a1106757ec7cfc9da876dfe1072474c163a85541383949baa4df97b148217dca686ab25afbbe92d5f0a81f4c857f42ef91d

Download Submit
C:\Windows\System\kAgsCxk.exe

Filesize
1.6MB

MD5
566d546be849cf1827b07d4378e97390

SHA1
5f5b5f00fd1985a2ae70eba385730ebf06cc87b9

SHA256
8eb61b0738d90afef787118054799566792c216d196c6c53ce9b6171abca0b5e

SHA512
aed8dda5ec474bd9fe76b9211d8f6ce9be007365edb78bfce4f89417c092227353d573e510b72fe4763041e96db3915b2e73cb2e91ce1704c64bc430e37dc1d3

Download Submit
C:\Windows\System\kfFszcQ.exe

Filesize
1.6MB

MD5
9752e1f9144911036fd4b9e72eb2dfb8

SHA1
09fff00370fb27c0485461be93c3e1f73c229403

SHA256
a012fb85bb01c5ee49eb4ce01dd6b17a69fae9872801341ecabb983f9cdddeb1

SHA512
c4d7b256890edb3de4939055c3c726c2c1f7254a1a8e36bff9ff1ca2cd0983f612b39dadbffa8fdf996faf053ef638db4e47bda257595d71646e51738cffef73

Download Submit
C:\Windows\System\lTVkQmm.exe

Filesize
1.6MB

MD5
3f3738b60f6e07fada0acee6039a81a6

SHA1
6cfb0fe1192410ddd49d7a31a99604bb060f5a8c

SHA256
633ea2e98112b89eb211e22a618d48d762e04dbf7b67282918df48a1bf0867ad

SHA512
a20bb01330f40b6b5b9f2677caa8872eef3c9d5b100c7343885fdf2601e0f8c12dc14ac6f6939a0338c264526d5e3e53709fb1831ffe2ca3291f471995db1b8c

Download Submit
C:\Windows\System\mctJfYQ.exe

Filesize
1.6MB

MD5
98d64d5754b58dca70198bfd9e7dfb0d

SHA1
728ec1629070158c2f61cc7c900cc7783715431c

SHA256
c4ed308df8c9c720fc2afc867b767f355d4d71a1f88ae3a8af51530b33df1bc3

SHA512
3754ac8e0b64bfec0587cf5941e9ef932bc94e1bf01ab8efae75a8a2e56fb47b3a35e27efbc77948638a3df7e24e03675c858c0b7828e013229e1c267ed28ae0

Download Submit
C:\Windows\System\oGJyhmm.exe

Filesize
1.6MB

MD5
6cee8284b1fc0bb46344695e1ac57d61

SHA1
b3fa36d2de073342c0b507be395c7fc40701a1b7

SHA256
eaea93d45e88eef496396c4f7afeb24b0aac370b51654ba4d9514f3a679893d8

SHA512
cc577ae40a2a8b530ebb21b453356f789bd8c507fb125039759213dfcda3e53f45a2adb2f4069f96fad8166bb376b2dcad9726a3238544ac196115fbf3e72a2c

Download Submit
C:\Windows\System\pbrzFNN.exe

Filesize
1.6MB

MD5
06bfa6f3539027864917815431368faa

SHA1
22d994dbdb03367762514bab2b1f9536b23aaf3d

SHA256
20b02cdc630bb7986825602b3b25e5157a9c1f02a1b6fe8c6ca7dc81e81c55f1

SHA512
6a36e57c4025cf73a7e5278c179ca315a05367af4f0fc394737dea69dd4fc303854bde1bf6313ea2cdc0adf245986464d56f409ccda988dac1cec3055d47f271

Download Submit
C:\Windows\System\qaUhLJo.exe

Filesize
1.6MB

MD5
2714027095da0cf257b51483f4b3c983

SHA1
78808b95921884eb6189d700b79634317c86bee8

SHA256
9f4dc39809b0b3710ebd18736906188bc64d75656c0c4870549403b5cc514045

SHA512
44c590ee6b93c90c14f1ea252db82f3f1c8d475222513566a72a64f07c5e9dcd58909a99d108b19abf7214130558b3106fb26c7c17c10e6602e479baad35f132

Download Submit
C:\Windows\System\roLzDNA.exe

Filesize
1.6MB

MD5
31bc7826602576fea5b209044e6d41f2

SHA1
6c91406ad147abc3bc44b22c7557c88f29047143

SHA256
a77ff2d05786e87f99394e98a17476a543d974ce86dcdb2e9030275ff6bc4c99

SHA512
d2ec56544e6ff86fedf9d25c1d06a2880feec5b49164c458d24cc1aa3e8960dba932dfce0e4284d66b47b772789a68bbcb83ad0dcca79e74d0208df7a0593734

Download Submit
C:\Windows\System\tTuUEkN.exe

Filesize
1.6MB

MD5
18c58e5e0f91aee093027f3b452bf2e6

SHA1
0a8686a7b8df767dac12fc88b50f9c20831e9f06

SHA256
83e2c2678222a1ddaffe37cf3e2a4792d5ea0b5408496d80bce1704f8b944005

SHA512
04f6075a017fcc492f0eb26902cbd482739576624f212d361c092256f44420de29009f44084a8b2f0fea78fc5e94c61b12f3c3b799aa60371f78a3f70098b2b6

Download Submit
C:\Windows\System\wyYNWLF.exe

Filesize
1.6MB

MD5
db2c55db145019ef4e96024e5a56bc65

SHA1
ee5a2ac03f4f829fab8a992256a00992d260d681

SHA256
d24c974f17f8834243927a753774a8f67ac67d365b5442ae3f9cdf47c0c93595

SHA512
3f760f7d0a43dd6a6c966533fafbf49e840286c99bdbbc75c5276b7c83a3fd39c6e4f9d3261d0cdda51083486ab13d4f0c837e9ed8a0655cdbe5c3f4ec5b9cbe

Download Submit
C:\Windows\System\zmBpDLD.exe

Filesize
1.6MB

MD5
baa87967e56f9407d272435a90de6893

SHA1
2c6ed5efda574f28a1429fb2aeefccc9d7eb278c

SHA256
2516cff1d57b417d33cf2e5242855fe5b8f78e05de007adf4a987b18c9b6fd12

SHA512
645903f4fb748cfc29d14cbeabceffc497bd663b4857af0d32f897fe3ead70cae195a1df2ba11846ffb4eae1ec0edc1f6f3fa37137dc3ce6a0d86fa71598ab12

Download Submit
C:\Windows\System\zsDPKBo.exe

Filesize
1.6MB

MD5
8a7b5802cb63aafa662cb4f282d79a0b

SHA1
2065585bc3aff2a2d8d8e84e54e6f88e93f4961b

SHA256
8f57ea5daacea6eb0e394f17f314d323fd1a1e3f2a70c95c9a62d041606332f9

SHA512
0e360d7a8088455bb2bb9c39a701e6d2cc5c280d9837e72bf47d10508198b56e3a90fc39b1e6389523ea08915ee5b1298b464435d4fe70f3bd3f2426732f6dc3

Download Submit
memory/8-2303-0x00007FF7E2010000-0x00007FF7E2361000-memory.dmp

Filesize
3.3MB

Download
memory/8-2244-0x00007FF7E2010000-0x00007FF7E2361000-memory.dmp

Filesize
3.3MB

Download
memory/8-71-0x00007FF7E2010000-0x00007FF7E2361000-memory.dmp

Filesize
3.3MB

Download
memory/224-121-0x00007FF720A00000-0x00007FF720D51000-memory.dmp

Filesize
3.3MB

Download
memory/224-2280-0x00007FF720A00000-0x00007FF720D51000-memory.dmp

Filesize
3.3MB

Download
memory/224-2362-0x00007FF720A00000-0x00007FF720D51000-memory.dmp

Filesize
3.3MB

Download
memory/396-2436-0x00007FF78F690000-0x00007FF78F9E1000-memory.dmp

Filesize
3.3MB

Download
memory/396-494-0x00007FF78F690000-0x00007FF78F9E1000-memory.dmp

Filesize
3.3MB

Download
memory/432-80-0x00007FF6D18E0000-0x00007FF6D1C31000-memory.dmp

Filesize
3.3MB

Download
memory/432-2307-0x00007FF6D18E0000-0x00007FF6D1C31000-memory.dmp

Filesize
3.3MB

Download
memory/436-2285-0x00007FF6024B0000-0x00007FF602801000-memory.dmp

Filesize
3.3MB

Download
memory/436-416-0x00007FF6024B0000-0x00007FF602801000-memory.dmp

Filesize
3.3MB

Download
memory/436-13-0x00007FF6024B0000-0x00007FF602801000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2356-0x00007FF691DA0000-0x00007FF6920F1000-memory.dmp

Filesize
3.3MB

Download
memory/1008-103-0x00007FF691DA0000-0x00007FF6920F1000-memory.dmp

Filesize
3.3MB

Download
memory/1036-486-0x00007FF6FAEB0000-0x00007FF6FB201000-memory.dmp

Filesize
3.3MB

Download
memory/1036-2432-0x00007FF6FAEB0000-0x00007FF6FB201000-memory.dmp

Filesize
3.3MB

Download
memory/1232-1787-0x00007FF6FD800000-0x00007FF6FDB51000-memory.dmp

Filesize
3.3MB

Download
memory/1232-35-0x00007FF6FD800000-0x00007FF6FDB51000-memory.dmp

Filesize
3.3MB

Download
memory/1232-2295-0x00007FF6FD800000-0x00007FF6FDB51000-memory.dmp

Filesize
3.3MB

Download
memory/1588-2419-0x00007FF74C560000-0x00007FF74C8B1000-memory.dmp

Filesize
3.3MB

Download
memory/1588-380-0x00007FF74C560000-0x00007FF74C8B1000-memory.dmp

Filesize
3.3MB

Download
memory/1600-76-0x00007FF7408D0000-0x00007FF740C21000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2309-0x00007FF7408D0000-0x00007FF740C21000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2245-0x00007FF7408D0000-0x00007FF740C21000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2354-0x00007FF757BF0000-0x00007FF757F41000-memory.dmp

Filesize
3.3MB

Download
memory/1672-88-0x00007FF757BF0000-0x00007FF757F41000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2360-0x00007FF642690000-0x00007FF6429E1000-memory.dmp

Filesize
3.3MB

Download
memory/1964-110-0x00007FF642690000-0x00007FF6429E1000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2279-0x00007FF642690000-0x00007FF6429E1000-memory.dmp

Filesize
3.3MB

Download
memory/2208-67-0x00007FF7A4280000-0x00007FF7A45D1000-memory.dmp

Filesize
3.3MB

Download
memory/2208-2299-0x00007FF7A4280000-0x00007FF7A45D1000-memory.dmp

Filesize
3.3MB

Download
memory/2328-387-0x00007FF790FC0000-0x00007FF791311000-memory.dmp

Filesize
3.3MB

Download
memory/2328-0-0x00007FF790FC0000-0x00007FF791311000-memory.dmp

Filesize
3.3MB

Download
memory/2328-1-0x000001E6ED7A0000-0x000001E6ED7B0000-memory.dmp

Filesize
64KB

Download
memory/2356-17-0x00007FF7E9470000-0x00007FF7E97C1000-memory.dmp

Filesize
3.3MB

Download
memory/2356-2289-0x00007FF7E9470000-0x00007FF7E97C1000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1771-0x00007FF7E9470000-0x00007FF7E97C1000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1783-0x00007FF7C6880000-0x00007FF7C6BD1000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2293-0x00007FF7C6880000-0x00007FF7C6BD1000-memory.dmp

Filesize
3.3MB

Download
memory/2520-31-0x00007FF7C6880000-0x00007FF7C6BD1000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2291-0x00007FF6D4110000-0x00007FF6D4461000-memory.dmp

Filesize
3.3MB

Download
memory/2820-54-0x00007FF6D4110000-0x00007FF6D4461000-memory.dmp

Filesize
3.3MB

Download
memory/3120-58-0x00007FF73EB50000-0x00007FF73EEA1000-memory.dmp

Filesize
3.3MB

Download
memory/3120-2301-0x00007FF73EB50000-0x00007FF73EEA1000-memory.dmp

Filesize
3.3MB

Download
memory/3416-2287-0x00007FF6DA3B0000-0x00007FF6DA701000-memory.dmp

Filesize
3.3MB

Download
memory/3416-47-0x00007FF6DA3B0000-0x00007FF6DA701000-memory.dmp

Filesize
3.3MB

Download
memory/3464-241-0x00007FF748B90000-0x00007FF748EE1000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2414-0x00007FF748B90000-0x00007FF748EE1000-memory.dmp

Filesize
3.3MB

Download
memory/3524-2281-0x00007FF79F410000-0x00007FF79F761000-memory.dmp

Filesize
3.3MB

Download
memory/3524-2406-0x00007FF79F410000-0x00007FF79F761000-memory.dmp

Filesize
3.3MB

Download
memory/3524-123-0x00007FF79F410000-0x00007FF79F761000-memory.dmp

Filesize
3.3MB

Download
memory/3656-236-0x00007FF694850000-0x00007FF694BA1000-memory.dmp

Filesize
3.3MB

Download
memory/3656-2412-0x00007FF694850000-0x00007FF694BA1000-memory.dmp

Filesize
3.3MB

Download
memory/3808-79-0x00007FF77B0B0000-0x00007FF77B401000-memory.dmp

Filesize
3.3MB

Download
memory/3808-2305-0x00007FF77B0B0000-0x00007FF77B401000-memory.dmp

Filesize
3.3MB

Download
memory/4072-194-0x00007FF703690000-0x00007FF7039E1000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2410-0x00007FF703690000-0x00007FF7039E1000-memory.dmp

Filesize
3.3MB

Download
memory/4256-162-0x00007FF753F80000-0x00007FF7542D1000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2408-0x00007FF753F80000-0x00007FF7542D1000-memory.dmp

Filesize
3.3MB

Download
memory/4436-2278-0x00007FF6C0370000-0x00007FF6C06C1000-memory.dmp

Filesize
3.3MB

Download
memory/4436-100-0x00007FF6C0370000-0x00007FF6C06C1000-memory.dmp

Filesize
3.3MB

Download
memory/4436-2358-0x00007FF6C0370000-0x00007FF6C06C1000-memory.dmp

Filesize
3.3MB

Download
memory/4488-2424-0x00007FF6B18C0000-0x00007FF6B1C11000-memory.dmp

Filesize
3.3MB

Download
memory/4488-302-0x00007FF6B18C0000-0x00007FF6B1C11000-memory.dmp

Filesize
3.3MB

Download
memory/4688-55-0x00007FF7F0090000-0x00007FF7F03E1000-memory.dmp

Filesize
3.3MB

Download
memory/4688-2297-0x00007FF7F0090000-0x00007FF7F03E1000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2428-0x00007FF73BDB0000-0x00007FF73C101000-memory.dmp

Filesize
3.3MB

Download
memory/5036-268-0x00007FF73BDB0000-0x00007FF73C101000-memory.dmp

Filesize
3.3MB

Download
memory/5084-182-0x00007FF6F8FD0000-0x00007FF6F9321000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2416-0x00007FF6F8FD0000-0x00007FF6F9321000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2282-0x00007FF6F8FD0000-0x00007FF6F9321000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads