xmrig | 21bad06c8617b48fef6e64c9c5cd33320936d9bba55d5c27cb4ecdc23430362d

Analysis

max time kernel
126s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14f64423b355430609b086e060553000_NeikiAnalytics.exe
Size

1.8MB
MD5

14f64423b355430609b086e060553000
SHA1

978470a1ded9ee07d958b9785a1d5b45874e672f
SHA256

21bad06c8617b48fef6e64c9c5cd33320936d9bba55d5c27cb4ecdc23430362d
SHA512

5a0c56a2a92f6f91549c3b2ac7ee6ac84adab290d92f89843669d8231ca0e18a1529b24fc36677037fc625122abc2ec94e7b250a57e10ac15d352130c15022aa
SSDEEP

49152:ROdWCCi7/rahHxhOWenbffOldXeLA1cFrk9:RWWBiba/

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/1900-59-0x00007FF6F0970000-0x00007FF6F0CC1000-memory.dmp	xmrig
behavioral2/memory/4200-69-0x00007FF6A0780000-0x00007FF6A0AD1000-memory.dmp	xmrig
behavioral2/memory/4700-209-0x00007FF6CB4F0000-0x00007FF6CB841000-memory.dmp	xmrig
behavioral2/memory/1792-218-0x00007FF79CFB0000-0x00007FF79D301000-memory.dmp	xmrig
behavioral2/memory/4164-241-0x00007FF7276B0000-0x00007FF727A01000-memory.dmp	xmrig
behavioral2/memory/3320-240-0x00007FF7BD410000-0x00007FF7BD761000-memory.dmp	xmrig
behavioral2/memory/4180-236-0x00007FF63C7E0000-0x00007FF63CB31000-memory.dmp	xmrig
behavioral2/memory/812-235-0x00007FF6AFB40000-0x00007FF6AFE91000-memory.dmp	xmrig
behavioral2/memory/3304-231-0x00007FF7AD560000-0x00007FF7AD8B1000-memory.dmp	xmrig
behavioral2/memory/4788-228-0x00007FF63CCD0000-0x00007FF63D021000-memory.dmp	xmrig
behavioral2/memory/4212-225-0x00007FF71F570000-0x00007FF71F8C1000-memory.dmp	xmrig
behavioral2/memory/4288-224-0x00007FF74CE00000-0x00007FF74D151000-memory.dmp	xmrig
behavioral2/memory/4192-221-0x00007FF6D6230000-0x00007FF6D6581000-memory.dmp	xmrig
behavioral2/memory/2628-220-0x00007FF70AB40000-0x00007FF70AE91000-memory.dmp	xmrig
behavioral2/memory/4508-217-0x00007FF6F8AA0000-0x00007FF6F8DF1000-memory.dmp	xmrig
behavioral2/memory/3260-211-0x00007FF7A3690000-0x00007FF7A39E1000-memory.dmp	xmrig
behavioral2/memory/552-208-0x00007FF7C7990000-0x00007FF7C7CE1000-memory.dmp	xmrig
behavioral2/memory/2540-203-0x00007FF671EE0000-0x00007FF672231000-memory.dmp	xmrig
behavioral2/memory/1668-55-0x00007FF7E56D0000-0x00007FF7E5A21000-memory.dmp	xmrig
behavioral2/memory/2012-1317-0x00007FF744FF0000-0x00007FF745341000-memory.dmp	xmrig
behavioral2/memory/3804-1909-0x00007FF704070000-0x00007FF7043C1000-memory.dmp	xmrig
behavioral2/memory/1980-2208-0x00007FF703330000-0x00007FF703681000-memory.dmp	xmrig
behavioral2/memory/1084-2209-0x00007FF78C5B0000-0x00007FF78C901000-memory.dmp	xmrig
behavioral2/memory/4928-2230-0x00007FF6E2710000-0x00007FF6E2A61000-memory.dmp	xmrig
behavioral2/memory/3636-2233-0x00007FF60FF80000-0x00007FF6102D1000-memory.dmp	xmrig
behavioral2/memory/4740-2235-0x00007FF74AE90000-0x00007FF74B1E1000-memory.dmp	xmrig
behavioral2/memory/2340-2245-0x00007FF73B0A0000-0x00007FF73B3F1000-memory.dmp	xmrig
behavioral2/memory/1496-2246-0x00007FF79B560000-0x00007FF79B8B1000-memory.dmp	xmrig
behavioral2/memory/4884-2249-0x00007FF780E90000-0x00007FF7811E1000-memory.dmp	xmrig
behavioral2/memory/3804-2253-0x00007FF704070000-0x00007FF7043C1000-memory.dmp	xmrig
behavioral2/memory/3184-2255-0x00007FF7AD3A0000-0x00007FF7AD6F1000-memory.dmp	xmrig
behavioral2/memory/1084-2257-0x00007FF78C5B0000-0x00007FF78C901000-memory.dmp	xmrig
behavioral2/memory/1980-2259-0x00007FF703330000-0x00007FF703681000-memory.dmp	xmrig
behavioral2/memory/3636-2263-0x00007FF60FF80000-0x00007FF6102D1000-memory.dmp	xmrig
behavioral2/memory/1668-2269-0x00007FF7E56D0000-0x00007FF7E5A21000-memory.dmp	xmrig
behavioral2/memory/4200-2267-0x00007FF6A0780000-0x00007FF6A0AD1000-memory.dmp	xmrig
behavioral2/memory/4928-2261-0x00007FF6E2710000-0x00007FF6E2A61000-memory.dmp	xmrig
behavioral2/memory/1900-2265-0x00007FF6F0970000-0x00007FF6F0CC1000-memory.dmp	xmrig
behavioral2/memory/1496-2280-0x00007FF79B560000-0x00007FF79B8B1000-memory.dmp	xmrig
behavioral2/memory/3304-2298-0x00007FF7AD560000-0x00007FF7AD8B1000-memory.dmp	xmrig
behavioral2/memory/4288-2314-0x00007FF74CE00000-0x00007FF74D151000-memory.dmp	xmrig
behavioral2/memory/812-2306-0x00007FF6AFB40000-0x00007FF6AFE91000-memory.dmp	xmrig
behavioral2/memory/4180-2304-0x00007FF63C7E0000-0x00007FF63CB31000-memory.dmp	xmrig
behavioral2/memory/4212-2317-0x00007FF71F570000-0x00007FF71F8C1000-memory.dmp	xmrig
behavioral2/memory/4164-2300-0x00007FF7276B0000-0x00007FF727A01000-memory.dmp	xmrig
behavioral2/memory/4192-2296-0x00007FF6D6230000-0x00007FF6D6581000-memory.dmp	xmrig
behavioral2/memory/4788-2294-0x00007FF63CCD0000-0x00007FF63D021000-memory.dmp	xmrig
behavioral2/memory/3320-2302-0x00007FF7BD410000-0x00007FF7BD761000-memory.dmp	xmrig
behavioral2/memory/1792-2292-0x00007FF79CFB0000-0x00007FF79D301000-memory.dmp	xmrig
behavioral2/memory/2628-2290-0x00007FF70AB40000-0x00007FF70AE91000-memory.dmp	xmrig
behavioral2/memory/4700-2288-0x00007FF6CB4F0000-0x00007FF6CB841000-memory.dmp	xmrig
behavioral2/memory/3260-2286-0x00007FF7A3690000-0x00007FF7A39E1000-memory.dmp	xmrig
behavioral2/memory/4508-2284-0x00007FF6F8AA0000-0x00007FF6F8DF1000-memory.dmp	xmrig
behavioral2/memory/552-2282-0x00007FF7C7990000-0x00007FF7C7CE1000-memory.dmp	xmrig
behavioral2/memory/4740-2278-0x00007FF74AE90000-0x00007FF74B1E1000-memory.dmp	xmrig
behavioral2/memory/4884-2275-0x00007FF780E90000-0x00007FF7811E1000-memory.dmp	xmrig
behavioral2/memory/2340-2273-0x00007FF73B0A0000-0x00007FF73B3F1000-memory.dmp	xmrig
behavioral2/memory/2540-2271-0x00007FF671EE0000-0x00007FF672231000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3804	uLdRnEQ.exe
3184	orALVkX.exe
1980	ujxWtkL.exe
1084	bXsSrlQ.exe
4928	WrPSPIL.exe
3636	IEnfkil.exe
1668	ZCTxwUv.exe
1900	VIkUMdO.exe
4740	qORsyiW.exe
4200	sNOAGIi.exe
2340	WxjSUDa.exe
1496	oVvMvuH.exe
4884	mxUhtfZ.exe
2540	PFJvxJg.exe
552	GSotSXJ.exe
4700	KBSZuML.exe
3260	UkCTpor.exe
4508	aSzOfzG.exe
1792	UwGTbrF.exe
2628	nqIzRVO.exe
4192	ZdQyZsP.exe
4288	lyWdOOs.exe
4212	NlRnbwM.exe
4788	zVZHETz.exe
3304	arNiFrQ.exe
812	jhSFhyH.exe
4180	PvTCmfH.exe
3320	eFjtouX.exe
4164	BmkuHhh.exe
5060	CCGTuMB.exe
3964	BBepaIf.exe
2804	HRujuea.exe
5008	dPhgcSz.exe
3748	GKMWkOd.exe
528	LaUdfZK.exe
2960	xihcEGc.exe
1904	exjKpDk.exe
4148	ZRQfUGY.exe
4132	TFYxnhj.exe
1612	xemXclV.exe
1936	grvXTSZ.exe
2008	tLuKjpE.exe
2096	dTTqXrF.exe
2612	zYHNLBw.exe
3884	jBTXGtF.exe
3460	OcAhXuj.exe
2768	OUaELln.exe
956	qSRvHQb.exe
1536	SeIVesy.exe
4316	AnEjMQN.exe
2020	qfHKgzZ.exe
4568	RcXLoCs.exe
1504	FrnOYoH.exe
4100	mFhRCNI.exe
412	cRMNEWh.exe
4252	QhHdZGe.exe
4456	ajYxQGX.exe
2708	XmVmKCM.exe
4044	FcDdNpN.exe
2024	mmvazRE.exe
736	CBkeGbJ.exe
2116	SwrXCqx.exe
1308	DdKwDAS.exe
1284	bSeIoii.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2012-0-0x00007FF744FF0000-0x00007FF745341000-memory.dmp	upx
behavioral2/files/0x0009000000023404-4.dat	upx
behavioral2/files/0x000700000002340f-11.dat	upx
behavioral2/memory/3184-12-0x00007FF7AD3A0000-0x00007FF7AD6F1000-memory.dmp	upx
behavioral2/files/0x0007000000023410-17.dat	upx
behavioral2/files/0x0007000000023411-24.dat	upx
behavioral2/files/0x0007000000023412-31.dat	upx
behavioral2/memory/3636-34-0x00007FF60FF80000-0x00007FF6102D1000-memory.dmp	upx
behavioral2/files/0x0007000000023413-37.dat	upx
behavioral2/files/0x0007000000023417-54.dat	upx
behavioral2/memory/1900-59-0x00007FF6F0970000-0x00007FF6F0CC1000-memory.dmp	upx
behavioral2/memory/4200-69-0x00007FF6A0780000-0x00007FF6A0AD1000-memory.dmp	upx
behavioral2/memory/1496-72-0x00007FF79B560000-0x00007FF79B8B1000-memory.dmp	upx
behavioral2/files/0x0007000000023429-126.dat	upx
behavioral2/files/0x000700000002342e-141.dat	upx
behavioral2/files/0x0007000000023432-153.dat	upx
behavioral2/files/0x000700000002341e-169.dat	upx
behavioral2/memory/4700-209-0x00007FF6CB4F0000-0x00007FF6CB841000-memory.dmp	upx
behavioral2/memory/1792-218-0x00007FF79CFB0000-0x00007FF79D301000-memory.dmp	upx
behavioral2/memory/4164-241-0x00007FF7276B0000-0x00007FF727A01000-memory.dmp	upx
behavioral2/memory/3320-240-0x00007FF7BD410000-0x00007FF7BD761000-memory.dmp	upx
behavioral2/memory/4180-236-0x00007FF63C7E0000-0x00007FF63CB31000-memory.dmp	upx
behavioral2/memory/812-235-0x00007FF6AFB40000-0x00007FF6AFE91000-memory.dmp	upx
behavioral2/memory/3304-231-0x00007FF7AD560000-0x00007FF7AD8B1000-memory.dmp	upx
behavioral2/memory/4788-228-0x00007FF63CCD0000-0x00007FF63D021000-memory.dmp	upx
behavioral2/memory/4212-225-0x00007FF71F570000-0x00007FF71F8C1000-memory.dmp	upx
behavioral2/memory/4288-224-0x00007FF74CE00000-0x00007FF74D151000-memory.dmp	upx
behavioral2/memory/4192-221-0x00007FF6D6230000-0x00007FF6D6581000-memory.dmp	upx
behavioral2/memory/2628-220-0x00007FF70AB40000-0x00007FF70AE91000-memory.dmp	upx
behavioral2/memory/4508-217-0x00007FF6F8AA0000-0x00007FF6F8DF1000-memory.dmp	upx
behavioral2/memory/3260-211-0x00007FF7A3690000-0x00007FF7A39E1000-memory.dmp	upx
behavioral2/memory/552-208-0x00007FF7C7990000-0x00007FF7C7CE1000-memory.dmp	upx
behavioral2/memory/2540-203-0x00007FF671EE0000-0x00007FF672231000-memory.dmp	upx
behavioral2/files/0x0007000000023426-190.dat	upx
behavioral2/files/0x0007000000023425-188.dat	upx
behavioral2/files/0x0007000000023424-184.dat	upx
behavioral2/files/0x0007000000023421-182.dat	upx
behavioral2/files/0x0007000000023420-177.dat	upx
behavioral2/files/0x000700000002341f-173.dat	upx
behavioral2/files/0x000700000002341d-167.dat	upx
behavioral2/files/0x000700000002341c-165.dat	upx
behavioral2/files/0x0009000000023406-163.dat	upx
behavioral2/files/0x000700000002341b-161.dat	upx
behavioral2/files/0x0007000000023433-160.dat	upx
behavioral2/files/0x0007000000023431-150.dat	upx
behavioral2/files/0x0007000000023430-147.dat	upx
behavioral2/files/0x000700000002342f-144.dat	upx
behavioral2/files/0x000700000002342d-138.dat	upx
behavioral2/files/0x000700000002342c-135.dat	upx
behavioral2/files/0x000700000002342b-132.dat	upx
behavioral2/files/0x000700000002342a-129.dat	upx
behavioral2/files/0x0007000000023428-123.dat	upx
behavioral2/files/0x0007000000023427-120.dat	upx
behavioral2/files/0x0007000000023423-108.dat	upx
behavioral2/files/0x0007000000023422-105.dat	upx
behavioral2/files/0x0007000000023419-83.dat	upx
behavioral2/memory/4884-79-0x00007FF780E90000-0x00007FF7811E1000-memory.dmp	upx
behavioral2/files/0x000700000002341a-78.dat	upx
behavioral2/files/0x0007000000023418-75.dat	upx
behavioral2/memory/2340-71-0x00007FF73B0A0000-0x00007FF73B3F1000-memory.dmp	upx
behavioral2/memory/4740-65-0x00007FF74AE90000-0x00007FF74B1E1000-memory.dmp	upx
behavioral2/files/0x0007000000023416-58.dat	upx
behavioral2/memory/1668-55-0x00007FF7E56D0000-0x00007FF7E5A21000-memory.dmp	upx
behavioral2/files/0x0007000000023415-50.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ftuDCje.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\dYBVWKG.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\HnNYbZT.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\XkyRIaA.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\jurEDpc.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\LPgOZxB.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\GWWZgNw.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\LbHQSFp.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\IvINBuL.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\RESjShM.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\HkNrnya.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\LETQqAe.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\DzkVcrn.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\GTnYWbZ.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\KFXrDQg.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\GgqJRJx.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\rTaGUfA.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\wmpTfdQ.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\ddMGMMd.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\skXRXYJ.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\cCUzIdd.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\WrPSPIL.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\oVvMvuH.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\zVZHETz.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\zYHNLBw.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\jYFmMOv.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\SaQrXoK.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\SsoUPHk.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\YbFWLLj.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\kpHjGba.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\QYxIqLJ.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\HbbxYYj.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\bwJAEMO.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\NkemgrW.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\BmkuHhh.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\SwrXCqx.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\wfeQjnx.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\HkOOmIA.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\BXohyJD.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\ofYXKDE.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\hsTbGVl.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\zpVOWGU.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\qfHKgzZ.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\AmelNEF.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\SZYdHpC.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\UkCTpor.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\AEpPqxm.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\RgBingO.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\BCVWyPX.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\TvBzDAK.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\sVMYddx.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\khaTdlA.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\YYHLvNR.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\ZdQyZsP.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\uwvTxDF.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\nVEaFAZ.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\CyaOAGk.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\zIjVEhE.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\AmsznJH.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\nrIKsth.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\aDXFmiy.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\hvJcwZi.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\FMpkSVC.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe
File created	C:\Windows\System\MKIoScE.exe	14f64423b355430609b086e060553000_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13524	dwm.exe
Token: SeChangeNotifyPrivilege	13524	dwm.exe
Token: 33	13524	dwm.exe
Token: SeIncBasePriorityPrivilege	13524	dwm.exe
Token: SeShutdownPrivilege	13524	dwm.exe
Token: SeCreatePagefilePrivilege	13524	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 3804	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	84
PID 2012 wrote to memory of 3804	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	84
PID 2012 wrote to memory of 3184	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	85
PID 2012 wrote to memory of 3184	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	85
PID 2012 wrote to memory of 1980	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	86
PID 2012 wrote to memory of 1980	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	86
PID 2012 wrote to memory of 1084	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	87
PID 2012 wrote to memory of 1084	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	87
PID 2012 wrote to memory of 4928	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	88
PID 2012 wrote to memory of 4928	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	88
PID 2012 wrote to memory of 3636	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	89
PID 2012 wrote to memory of 3636	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	89
PID 2012 wrote to memory of 1668	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	90
PID 2012 wrote to memory of 1668	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	90
PID 2012 wrote to memory of 1900	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	91
PID 2012 wrote to memory of 1900	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	91
PID 2012 wrote to memory of 4740	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	92
PID 2012 wrote to memory of 4740	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	92
PID 2012 wrote to memory of 4200	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	93
PID 2012 wrote to memory of 4200	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	93
PID 2012 wrote to memory of 2340	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	94
PID 2012 wrote to memory of 2340	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	94
PID 2012 wrote to memory of 1496	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	95
PID 2012 wrote to memory of 1496	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	95
PID 2012 wrote to memory of 4884	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	96
PID 2012 wrote to memory of 4884	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	96
PID 2012 wrote to memory of 2540	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	97
PID 2012 wrote to memory of 2540	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	97
PID 2012 wrote to memory of 552	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	98
PID 2012 wrote to memory of 552	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	98
PID 2012 wrote to memory of 4700	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	99
PID 2012 wrote to memory of 4700	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	99
PID 2012 wrote to memory of 3260	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	100
PID 2012 wrote to memory of 3260	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	100
PID 2012 wrote to memory of 4508	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	101
PID 2012 wrote to memory of 4508	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	101
PID 2012 wrote to memory of 1792	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	102
PID 2012 wrote to memory of 1792	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	102
PID 2012 wrote to memory of 2628	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	103
PID 2012 wrote to memory of 2628	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	103
PID 2012 wrote to memory of 4192	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	104
PID 2012 wrote to memory of 4192	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	104
PID 2012 wrote to memory of 4288	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	105
PID 2012 wrote to memory of 4288	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	105
PID 2012 wrote to memory of 4212	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	106
PID 2012 wrote to memory of 4212	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	106
PID 2012 wrote to memory of 4788	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	107
PID 2012 wrote to memory of 4788	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	107
PID 2012 wrote to memory of 3304	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	108
PID 2012 wrote to memory of 3304	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	108
PID 2012 wrote to memory of 812	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	109
PID 2012 wrote to memory of 812	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	109
PID 2012 wrote to memory of 4180	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	110
PID 2012 wrote to memory of 4180	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	110
PID 2012 wrote to memory of 3320	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	111
PID 2012 wrote to memory of 3320	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	111
PID 2012 wrote to memory of 4164	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	112
PID 2012 wrote to memory of 4164	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	112
PID 2012 wrote to memory of 5060	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	113
PID 2012 wrote to memory of 5060	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	113
PID 2012 wrote to memory of 3964	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	114
PID 2012 wrote to memory of 3964	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	114
PID 2012 wrote to memory of 2804	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	115
PID 2012 wrote to memory of 2804	2012	14f64423b355430609b086e060553000_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\14f64423b355430609b086e060553000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\14f64423b355430609b086e060553000_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\System\uLdRnEQ.exe
  C:\Windows\System\uLdRnEQ.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\orALVkX.exe
  C:\Windows\System\orALVkX.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\ujxWtkL.exe
  C:\Windows\System\ujxWtkL.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\bXsSrlQ.exe
  C:\Windows\System\bXsSrlQ.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\WrPSPIL.exe
  C:\Windows\System\WrPSPIL.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\IEnfkil.exe
  C:\Windows\System\IEnfkil.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\ZCTxwUv.exe
  C:\Windows\System\ZCTxwUv.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\VIkUMdO.exe
  C:\Windows\System\VIkUMdO.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\qORsyiW.exe
  C:\Windows\System\qORsyiW.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\sNOAGIi.exe
  C:\Windows\System\sNOAGIi.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\WxjSUDa.exe
  C:\Windows\System\WxjSUDa.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\oVvMvuH.exe
  C:\Windows\System\oVvMvuH.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\mxUhtfZ.exe
  C:\Windows\System\mxUhtfZ.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\PFJvxJg.exe
  C:\Windows\System\PFJvxJg.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\GSotSXJ.exe
  C:\Windows\System\GSotSXJ.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\KBSZuML.exe
  C:\Windows\System\KBSZuML.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\UkCTpor.exe
  C:\Windows\System\UkCTpor.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\aSzOfzG.exe
  C:\Windows\System\aSzOfzG.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\UwGTbrF.exe
  C:\Windows\System\UwGTbrF.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\nqIzRVO.exe
  C:\Windows\System\nqIzRVO.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\ZdQyZsP.exe
  C:\Windows\System\ZdQyZsP.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\lyWdOOs.exe
  C:\Windows\System\lyWdOOs.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\NlRnbwM.exe
  C:\Windows\System\NlRnbwM.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\zVZHETz.exe
  C:\Windows\System\zVZHETz.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\arNiFrQ.exe
  C:\Windows\System\arNiFrQ.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\jhSFhyH.exe
  C:\Windows\System\jhSFhyH.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\PvTCmfH.exe
  C:\Windows\System\PvTCmfH.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\eFjtouX.exe
  C:\Windows\System\eFjtouX.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\BmkuHhh.exe
  C:\Windows\System\BmkuHhh.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\CCGTuMB.exe
  C:\Windows\System\CCGTuMB.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\BBepaIf.exe
  C:\Windows\System\BBepaIf.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\HRujuea.exe
  C:\Windows\System\HRujuea.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\dPhgcSz.exe
  C:\Windows\System\dPhgcSz.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\GKMWkOd.exe
  C:\Windows\System\GKMWkOd.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\LaUdfZK.exe
  C:\Windows\System\LaUdfZK.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\xihcEGc.exe
  C:\Windows\System\xihcEGc.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\exjKpDk.exe
  C:\Windows\System\exjKpDk.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\ZRQfUGY.exe
  C:\Windows\System\ZRQfUGY.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\TFYxnhj.exe
  C:\Windows\System\TFYxnhj.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\xemXclV.exe
  C:\Windows\System\xemXclV.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\grvXTSZ.exe
  C:\Windows\System\grvXTSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\tLuKjpE.exe
  C:\Windows\System\tLuKjpE.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\dTTqXrF.exe
  C:\Windows\System\dTTqXrF.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\zYHNLBw.exe
  C:\Windows\System\zYHNLBw.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\jBTXGtF.exe
  C:\Windows\System\jBTXGtF.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\OcAhXuj.exe
  C:\Windows\System\OcAhXuj.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\OUaELln.exe
  C:\Windows\System\OUaELln.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\qSRvHQb.exe
  C:\Windows\System\qSRvHQb.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\SeIVesy.exe
  C:\Windows\System\SeIVesy.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\AnEjMQN.exe
  C:\Windows\System\AnEjMQN.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\qfHKgzZ.exe
  C:\Windows\System\qfHKgzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\RcXLoCs.exe
  C:\Windows\System\RcXLoCs.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\FrnOYoH.exe
  C:\Windows\System\FrnOYoH.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\mFhRCNI.exe
  C:\Windows\System\mFhRCNI.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\cRMNEWh.exe
  C:\Windows\System\cRMNEWh.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\QhHdZGe.exe
  C:\Windows\System\QhHdZGe.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\ajYxQGX.exe
  C:\Windows\System\ajYxQGX.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\XmVmKCM.exe
  C:\Windows\System\XmVmKCM.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\FcDdNpN.exe
  C:\Windows\System\FcDdNpN.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\mmvazRE.exe
  C:\Windows\System\mmvazRE.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\CBkeGbJ.exe
  C:\Windows\System\CBkeGbJ.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\SwrXCqx.exe
  C:\Windows\System\SwrXCqx.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\DdKwDAS.exe
  C:\Windows\System\DdKwDAS.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\bSeIoii.exe
  C:\Windows\System\bSeIoii.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\IwNYrhk.exe
  C:\Windows\System\IwNYrhk.exe
  2⤵
  PID:2324
- C:\Windows\System\ifOOgrd.exe
  C:\Windows\System\ifOOgrd.exe
  2⤵
  PID:2800
- C:\Windows\System\SsWKJkG.exe
  C:\Windows\System\SsWKJkG.exe
  2⤵
  PID:3268
- C:\Windows\System\WlNAwGj.exe
  C:\Windows\System\WlNAwGj.exe
  2⤵
  PID:3168
- C:\Windows\System\PnwWalE.exe
  C:\Windows\System\PnwWalE.exe
  2⤵
  PID:3856
- C:\Windows\System\eakoGpB.exe
  C:\Windows\System\eakoGpB.exe
  2⤵
  PID:60
- C:\Windows\System\pspJEag.exe
  C:\Windows\System\pspJEag.exe
  2⤵
  PID:1776
- C:\Windows\System\KQEGGGC.exe
  C:\Windows\System\KQEGGGC.exe
  2⤵
  PID:2548
- C:\Windows\System\iSnoClT.exe
  C:\Windows\System\iSnoClT.exe
  2⤵
  PID:4640
- C:\Windows\System\RESjShM.exe
  C:\Windows\System\RESjShM.exe
  2⤵
  PID:5124
- C:\Windows\System\yixftwV.exe
  C:\Windows\System\yixftwV.exe
  2⤵
  PID:5152
- C:\Windows\System\cnmFcWH.exe
  C:\Windows\System\cnmFcWH.exe
  2⤵
  PID:5180
- C:\Windows\System\dghSnHa.exe
  C:\Windows\System\dghSnHa.exe
  2⤵
  PID:5208
- C:\Windows\System\KcsMxSN.exe
  C:\Windows\System\KcsMxSN.exe
  2⤵
  PID:5236
- C:\Windows\System\OEuFDSB.exe
  C:\Windows\System\OEuFDSB.exe
  2⤵
  PID:5264
- C:\Windows\System\sOsHWPd.exe
  C:\Windows\System\sOsHWPd.exe
  2⤵
  PID:5292
- C:\Windows\System\GgnXEgi.exe
  C:\Windows\System\GgnXEgi.exe
  2⤵
  PID:5320
- C:\Windows\System\zJJbEdW.exe
  C:\Windows\System\zJJbEdW.exe
  2⤵
  PID:5348
- C:\Windows\System\ZiwTDgw.exe
  C:\Windows\System\ZiwTDgw.exe
  2⤵
  PID:5376
- C:\Windows\System\IVARwCi.exe
  C:\Windows\System\IVARwCi.exe
  2⤵
  PID:5404
- C:\Windows\System\MnngxHV.exe
  C:\Windows\System\MnngxHV.exe
  2⤵
  PID:5432
- C:\Windows\System\kvZASkr.exe
  C:\Windows\System\kvZASkr.exe
  2⤵
  PID:5460
- C:\Windows\System\znINPSu.exe
  C:\Windows\System\znINPSu.exe
  2⤵
  PID:5488
- C:\Windows\System\HjATDsN.exe
  C:\Windows\System\HjATDsN.exe
  2⤵
  PID:5516
- C:\Windows\System\MWRJkai.exe
  C:\Windows\System\MWRJkai.exe
  2⤵
  PID:5540
- C:\Windows\System\YXuTfcl.exe
  C:\Windows\System\YXuTfcl.exe
  2⤵
  PID:5568
- C:\Windows\System\mEFWZox.exe
  C:\Windows\System\mEFWZox.exe
  2⤵
  PID:5596
- C:\Windows\System\nucUJKQ.exe
  C:\Windows\System\nucUJKQ.exe
  2⤵
  PID:5628
- C:\Windows\System\zLoVrdD.exe
  C:\Windows\System\zLoVrdD.exe
  2⤵
  PID:5656
- C:\Windows\System\DsWLjlG.exe
  C:\Windows\System\DsWLjlG.exe
  2⤵
  PID:5684
- C:\Windows\System\piJDGOj.exe
  C:\Windows\System\piJDGOj.exe
  2⤵
  PID:5712
- C:\Windows\System\PZvuWoZ.exe
  C:\Windows\System\PZvuWoZ.exe
  2⤵
  PID:5740
- C:\Windows\System\mfFplPc.exe
  C:\Windows\System\mfFplPc.exe
  2⤵
  PID:5768
- C:\Windows\System\AejHpqt.exe
  C:\Windows\System\AejHpqt.exe
  2⤵
  PID:5792
- C:\Windows\System\PTJUBmX.exe
  C:\Windows\System\PTJUBmX.exe
  2⤵
  PID:5824
- C:\Windows\System\qrdHOeU.exe
  C:\Windows\System\qrdHOeU.exe
  2⤵
  PID:5852
- C:\Windows\System\dLKfPTF.exe
  C:\Windows\System\dLKfPTF.exe
  2⤵
  PID:5880
- C:\Windows\System\LqNVaeR.exe
  C:\Windows\System\LqNVaeR.exe
  2⤵
  PID:5908
- C:\Windows\System\JEEhRlb.exe
  C:\Windows\System\JEEhRlb.exe
  2⤵
  PID:5936
- C:\Windows\System\CqekCfL.exe
  C:\Windows\System\CqekCfL.exe
  2⤵
  PID:5964
- C:\Windows\System\gfPqMLV.exe
  C:\Windows\System\gfPqMLV.exe
  2⤵
  PID:5992
- C:\Windows\System\cbNlyhy.exe
  C:\Windows\System\cbNlyhy.exe
  2⤵
  PID:6020
- C:\Windows\System\DaggOWc.exe
  C:\Windows\System\DaggOWc.exe
  2⤵
  PID:6048
- C:\Windows\System\oOsNWHy.exe
  C:\Windows\System\oOsNWHy.exe
  2⤵
  PID:6076
- C:\Windows\System\pEIKFSD.exe
  C:\Windows\System\pEIKFSD.exe
  2⤵
  PID:6104
- C:\Windows\System\PnJluJS.exe
  C:\Windows\System\PnJluJS.exe
  2⤵
  PID:6132
- C:\Windows\System\VFgZQTA.exe
  C:\Windows\System\VFgZQTA.exe
  2⤵
  PID:3368
- C:\Windows\System\ZBrgmxd.exe
  C:\Windows\System\ZBrgmxd.exe
  2⤵
  PID:4684
- C:\Windows\System\IdEDmcS.exe
  C:\Windows\System\IdEDmcS.exe
  2⤵
  PID:1028
- C:\Windows\System\xeGOKDe.exe
  C:\Windows\System\xeGOKDe.exe
  2⤵
  PID:556
- C:\Windows\System\MFRYtGu.exe
  C:\Windows\System\MFRYtGu.exe
  2⤵
  PID:2756
- C:\Windows\System\FFCRjXo.exe
  C:\Windows\System\FFCRjXo.exe
  2⤵
  PID:5140
- C:\Windows\System\yeBoHSZ.exe
  C:\Windows\System\yeBoHSZ.exe
  2⤵
  PID:5200
- C:\Windows\System\swrJjHH.exe
  C:\Windows\System\swrJjHH.exe
  2⤵
  PID:5256
- C:\Windows\System\jDWHeuN.exe
  C:\Windows\System\jDWHeuN.exe
  2⤵
  PID:5332
- C:\Windows\System\ogXzdIN.exe
  C:\Windows\System\ogXzdIN.exe
  2⤵
  PID:5388
- C:\Windows\System\cGNwWnH.exe
  C:\Windows\System\cGNwWnH.exe
  2⤵
  PID:5444
- C:\Windows\System\yWzgYDd.exe
  C:\Windows\System\yWzgYDd.exe
  2⤵
  PID:5508
- C:\Windows\System\aCPWvBz.exe
  C:\Windows\System\aCPWvBz.exe
  2⤵
  PID:5564
- C:\Windows\System\dYBVWKG.exe
  C:\Windows\System\dYBVWKG.exe
  2⤵
  PID:5648
- C:\Windows\System\buEcTzh.exe
  C:\Windows\System\buEcTzh.exe
  2⤵
  PID:5700
- C:\Windows\System\AYlGEtA.exe
  C:\Windows\System\AYlGEtA.exe
  2⤵
  PID:5760
- C:\Windows\System\HkNrnya.exe
  C:\Windows\System\HkNrnya.exe
  2⤵
  PID:5836
- C:\Windows\System\MYJfrTl.exe
  C:\Windows\System\MYJfrTl.exe
  2⤵
  PID:1664
- C:\Windows\System\AUUOIWG.exe
  C:\Windows\System\AUUOIWG.exe
  2⤵
  PID:5948
- C:\Windows\System\YbidqYq.exe
  C:\Windows\System\YbidqYq.exe
  2⤵
  PID:6008
- C:\Windows\System\DpfrAmI.exe
  C:\Windows\System\DpfrAmI.exe
  2⤵
  PID:6068
- C:\Windows\System\fJVUOJr.exe
  C:\Windows\System\fJVUOJr.exe
  2⤵
  PID:6124
- C:\Windows\System\wfeQjnx.exe
  C:\Windows\System\wfeQjnx.exe
  2⤵
  PID:4188
- C:\Windows\System\vSZnkZC.exe
  C:\Windows\System\vSZnkZC.exe
  2⤵
  PID:2644
- C:\Windows\System\rwOwIVP.exe
  C:\Windows\System\rwOwIVP.exe
  2⤵
  PID:5172
- C:\Windows\System\iURJFda.exe
  C:\Windows\System\iURJFda.exe
  2⤵
  PID:5308
- C:\Windows\System\HrIfOYW.exe
  C:\Windows\System\HrIfOYW.exe
  2⤵
  PID:5424
- C:\Windows\System\aqLCgBK.exe
  C:\Windows\System\aqLCgBK.exe
  2⤵
  PID:5560
- C:\Windows\System\hbUBYen.exe
  C:\Windows\System\hbUBYen.exe
  2⤵
  PID:5696
- C:\Windows\System\qWotxVT.exe
  C:\Windows\System\qWotxVT.exe
  2⤵
  PID:5808
- C:\Windows\System\QiCzHga.exe
  C:\Windows\System\QiCzHga.exe
  2⤵
  PID:5920
- C:\Windows\System\EpOwNKi.exe
  C:\Windows\System\EpOwNKi.exe
  2⤵
  PID:6060
- C:\Windows\System\tsETVkn.exe
  C:\Windows\System\tsETVkn.exe
  2⤵
  PID:1976
- C:\Windows\System\VXsxjvS.exe
  C:\Windows\System\VXsxjvS.exe
  2⤵
  PID:6152
- C:\Windows\System\nNPGYEX.exe
  C:\Windows\System\nNPGYEX.exe
  2⤵
  PID:6180
- C:\Windows\System\kQbAXuJ.exe
  C:\Windows\System\kQbAXuJ.exe
  2⤵
  PID:6208
- C:\Windows\System\LETQqAe.exe
  C:\Windows\System\LETQqAe.exe
  2⤵
  PID:6232
- C:\Windows\System\HlvFvvT.exe
  C:\Windows\System\HlvFvvT.exe
  2⤵
  PID:6264
- C:\Windows\System\PJPizkn.exe
  C:\Windows\System\PJPizkn.exe
  2⤵
  PID:6292
- C:\Windows\System\KpaQAfI.exe
  C:\Windows\System\KpaQAfI.exe
  2⤵
  PID:6320
- C:\Windows\System\HObDUwk.exe
  C:\Windows\System\HObDUwk.exe
  2⤵
  PID:6348
- C:\Windows\System\bqIMkae.exe
  C:\Windows\System\bqIMkae.exe
  2⤵
  PID:6376
- C:\Windows\System\nrIKsth.exe
  C:\Windows\System\nrIKsth.exe
  2⤵
  PID:6404
- C:\Windows\System\pGvxAMh.exe
  C:\Windows\System\pGvxAMh.exe
  2⤵
  PID:6432
- C:\Windows\System\OUpXDqW.exe
  C:\Windows\System\OUpXDqW.exe
  2⤵
  PID:6460
- C:\Windows\System\bJEbuNp.exe
  C:\Windows\System\bJEbuNp.exe
  2⤵
  PID:6488
- C:\Windows\System\EYVNFmZ.exe
  C:\Windows\System\EYVNFmZ.exe
  2⤵
  PID:6516
- C:\Windows\System\nYaFbOr.exe
  C:\Windows\System\nYaFbOr.exe
  2⤵
  PID:6548
- C:\Windows\System\gQrDyXo.exe
  C:\Windows\System\gQrDyXo.exe
  2⤵
  PID:6572
- C:\Windows\System\WohtAvs.exe
  C:\Windows\System\WohtAvs.exe
  2⤵
  PID:6600
- C:\Windows\System\FVrbNEe.exe
  C:\Windows\System\FVrbNEe.exe
  2⤵
  PID:6628
- C:\Windows\System\qujZfwP.exe
  C:\Windows\System\qujZfwP.exe
  2⤵
  PID:6656
- C:\Windows\System\kQcbpdz.exe
  C:\Windows\System\kQcbpdz.exe
  2⤵
  PID:6684
- C:\Windows\System\uJdhgWt.exe
  C:\Windows\System\uJdhgWt.exe
  2⤵
  PID:6712
- C:\Windows\System\wwmQrpx.exe
  C:\Windows\System\wwmQrpx.exe
  2⤵
  PID:6740
- C:\Windows\System\TkZCwVO.exe
  C:\Windows\System\TkZCwVO.exe
  2⤵
  PID:6768
- C:\Windows\System\csnfPdc.exe
  C:\Windows\System\csnfPdc.exe
  2⤵
  PID:6796
- C:\Windows\System\PRsJrrM.exe
  C:\Windows\System\PRsJrrM.exe
  2⤵
  PID:6824
- C:\Windows\System\TZmJGYO.exe
  C:\Windows\System\TZmJGYO.exe
  2⤵
  PID:6852
- C:\Windows\System\DzkVcrn.exe
  C:\Windows\System\DzkVcrn.exe
  2⤵
  PID:6880
- C:\Windows\System\YcpakTK.exe
  C:\Windows\System\YcpakTK.exe
  2⤵
  PID:6908
- C:\Windows\System\jOfkMwi.exe
  C:\Windows\System\jOfkMwi.exe
  2⤵
  PID:6936
- C:\Windows\System\oavaWwF.exe
  C:\Windows\System\oavaWwF.exe
  2⤵
  PID:6964
- C:\Windows\System\yZINEbe.exe
  C:\Windows\System\yZINEbe.exe
  2⤵
  PID:6992
- C:\Windows\System\GjdlpFu.exe
  C:\Windows\System\GjdlpFu.exe
  2⤵
  PID:7020
- C:\Windows\System\AEpPqxm.exe
  C:\Windows\System\AEpPqxm.exe
  2⤵
  PID:7048
- C:\Windows\System\ftfXtYr.exe
  C:\Windows\System\ftfXtYr.exe
  2⤵
  PID:7076
- C:\Windows\System\qtpqLYK.exe
  C:\Windows\System\qtpqLYK.exe
  2⤵
  PID:7104
- C:\Windows\System\CXxnBGV.exe
  C:\Windows\System\CXxnBGV.exe
  2⤵
  PID:7132
- C:\Windows\System\vYRbSjq.exe
  C:\Windows\System\vYRbSjq.exe
  2⤵
  PID:7160
- C:\Windows\System\TmUqUOW.exe
  C:\Windows\System\TmUqUOW.exe
  2⤵
  PID:5284
- C:\Windows\System\ItAfAaM.exe
  C:\Windows\System\ItAfAaM.exe
  2⤵
  PID:5620
- C:\Windows\System\XjKwEGu.exe
  C:\Windows\System\XjKwEGu.exe
  2⤵
  PID:5872
- C:\Windows\System\HqAmQrc.exe
  C:\Windows\System\HqAmQrc.exe
  2⤵
  PID:1088
- C:\Windows\System\MwuNQsx.exe
  C:\Windows\System\MwuNQsx.exe
  2⤵
  PID:6164
- C:\Windows\System\hWXvsyV.exe
  C:\Windows\System\hWXvsyV.exe
  2⤵
  PID:6224
- C:\Windows\System\sBZHYGn.exe
  C:\Windows\System\sBZHYGn.exe
  2⤵
  PID:6284
- C:\Windows\System\CgLSkXq.exe
  C:\Windows\System\CgLSkXq.exe
  2⤵
  PID:6360
- C:\Windows\System\RrCJuBs.exe
  C:\Windows\System\RrCJuBs.exe
  2⤵
  PID:532
- C:\Windows\System\kkCYnzE.exe
  C:\Windows\System\kkCYnzE.exe
  2⤵
  PID:6476
- C:\Windows\System\dNyoYvk.exe
  C:\Windows\System\dNyoYvk.exe
  2⤵
  PID:6540
- C:\Windows\System\ShqaEhu.exe
  C:\Windows\System\ShqaEhu.exe
  2⤵
  PID:4612
- C:\Windows\System\KISNEXM.exe
  C:\Windows\System\KISNEXM.exe
  2⤵
  PID:3572
- C:\Windows\System\ubipdSC.exe
  C:\Windows\System\ubipdSC.exe
  2⤵
  PID:2516
- C:\Windows\System\bBzINaa.exe
  C:\Windows\System\bBzINaa.exe
  2⤵
  PID:6728
- C:\Windows\System\lLJbwhM.exe
  C:\Windows\System\lLJbwhM.exe
  2⤵
  PID:2072
- C:\Windows\System\laNFbrd.exe
  C:\Windows\System\laNFbrd.exe
  2⤵
  PID:6788
- C:\Windows\System\GXdpSYh.exe
  C:\Windows\System\GXdpSYh.exe
  2⤵
  PID:6812
- C:\Windows\System\XFKZgCy.exe
  C:\Windows\System\XFKZgCy.exe
  2⤵
  PID:6872
- C:\Windows\System\HvzMzdk.exe
  C:\Windows\System\HvzMzdk.exe
  2⤵
  PID:6948
- C:\Windows\System\jtwUyHm.exe
  C:\Windows\System\jtwUyHm.exe
  2⤵
  PID:3036
- C:\Windows\System\jYFmMOv.exe
  C:\Windows\System\jYFmMOv.exe
  2⤵
  PID:1780
- C:\Windows\System\UzMndVJ.exe
  C:\Windows\System\UzMndVJ.exe
  2⤵
  PID:1968
- C:\Windows\System\yTtnxEK.exe
  C:\Windows\System\yTtnxEK.exe
  2⤵
  PID:400
- C:\Windows\System\jMJNqfV.exe
  C:\Windows\System\jMJNqfV.exe
  2⤵
  PID:7144
- C:\Windows\System\snPjeLx.exe
  C:\Windows\System\snPjeLx.exe
  2⤵
  PID:4068
- C:\Windows\System\tFQMGCC.exe
  C:\Windows\System\tFQMGCC.exe
  2⤵
  PID:5248
- C:\Windows\System\HkdnHWf.exe
  C:\Windows\System\HkdnHWf.exe
  2⤵
  PID:5980
- C:\Windows\System\llGQLIQ.exe
  C:\Windows\System\llGQLIQ.exe
  2⤵
  PID:6192
- C:\Windows\System\hKTOkfj.exe
  C:\Windows\System\hKTOkfj.exe
  2⤵
  PID:2984
- C:\Windows\System\spMSyFf.exe
  C:\Windows\System\spMSyFf.exe
  2⤵
  PID:6672
- C:\Windows\System\cDlsSwy.exe
  C:\Windows\System\cDlsSwy.exe
  2⤵
  PID:6760
- C:\Windows\System\KiYBTnI.exe
  C:\Windows\System\KiYBTnI.exe
  2⤵
  PID:1528
- C:\Windows\System\NwrwJNR.exe
  C:\Windows\System\NwrwJNR.exe
  2⤵
  PID:6864
- C:\Windows\System\VvWDwOw.exe
  C:\Windows\System\VvWDwOw.exe
  2⤵
  PID:6956
- C:\Windows\System\acetjGG.exe
  C:\Windows\System\acetjGG.exe
  2⤵
  PID:7040
- C:\Windows\System\EJumskN.exe
  C:\Windows\System\EJumskN.exe
  2⤵
  PID:1484
- C:\Windows\System\OXtQXdx.exe
  C:\Windows\System\OXtQXdx.exe
  2⤵
  PID:4952
- C:\Windows\System\NQJxGqz.exe
  C:\Windows\System\NQJxGqz.exe
  2⤵
  PID:4352
- C:\Windows\System\ddPMmkL.exe
  C:\Windows\System\ddPMmkL.exe
  2⤵
  PID:3596
- C:\Windows\System\mZLdhMu.exe
  C:\Windows\System\mZLdhMu.exe
  2⤵
  PID:5732
- C:\Windows\System\QFpebue.exe
  C:\Windows\System\QFpebue.exe
  2⤵
  PID:3332
- C:\Windows\System\RgBingO.exe
  C:\Windows\System\RgBingO.exe
  2⤵
  PID:928
- C:\Windows\System\qSAUgch.exe
  C:\Windows\System\qSAUgch.exe
  2⤵
  PID:6640
- C:\Windows\System\GRZYmwR.exe
  C:\Windows\System\GRZYmwR.exe
  2⤵
  PID:1200
- C:\Windows\System\gicHonN.exe
  C:\Windows\System\gicHonN.exe
  2⤵
  PID:4324
- C:\Windows\System\BYIirRq.exe
  C:\Windows\System\BYIirRq.exe
  2⤵
  PID:7088
- C:\Windows\System\MFUyyFy.exe
  C:\Windows\System\MFUyyFy.exe
  2⤵
  PID:3296
- C:\Windows\System\bhQGiYV.exe
  C:\Windows\System\bhQGiYV.exe
  2⤵
  PID:1592
- C:\Windows\System\oMFhqUR.exe
  C:\Windows\System\oMFhqUR.exe
  2⤵
  PID:6920
- C:\Windows\System\FftAaxC.exe
  C:\Windows\System\FftAaxC.exe
  2⤵
  PID:7068
- C:\Windows\System\HkOOmIA.exe
  C:\Windows\System\HkOOmIA.exe
  2⤵
  PID:4144
- C:\Windows\System\kcwmsBI.exe
  C:\Windows\System\kcwmsBI.exe
  2⤵
  PID:7184
- C:\Windows\System\mbspLjY.exe
  C:\Windows\System\mbspLjY.exe
  2⤵
  PID:7220
- C:\Windows\System\uKsVQJz.exe
  C:\Windows\System\uKsVQJz.exe
  2⤵
  PID:7244
- C:\Windows\System\MsyWDZT.exe
  C:\Windows\System\MsyWDZT.exe
  2⤵
  PID:7264
- C:\Windows\System\PoaWaMN.exe
  C:\Windows\System\PoaWaMN.exe
  2⤵
  PID:7292
- C:\Windows\System\GQbymZb.exe
  C:\Windows\System\GQbymZb.exe
  2⤵
  PID:7316
- C:\Windows\System\WrdnLPN.exe
  C:\Windows\System\WrdnLPN.exe
  2⤵
  PID:7332
- C:\Windows\System\cnwSBOe.exe
  C:\Windows\System\cnwSBOe.exe
  2⤵
  PID:7360
- C:\Windows\System\dPWWZvO.exe
  C:\Windows\System\dPWWZvO.exe
  2⤵
  PID:7416
- C:\Windows\System\bcCiFDq.exe
  C:\Windows\System\bcCiFDq.exe
  2⤵
  PID:7436
- C:\Windows\System\vcKTeMg.exe
  C:\Windows\System\vcKTeMg.exe
  2⤵
  PID:7468
- C:\Windows\System\PEbLRgh.exe
  C:\Windows\System\PEbLRgh.exe
  2⤵
  PID:7504
- C:\Windows\System\YZHOjDj.exe
  C:\Windows\System\YZHOjDj.exe
  2⤵
  PID:7524
- C:\Windows\System\nTUQFoO.exe
  C:\Windows\System\nTUQFoO.exe
  2⤵
  PID:7540
- C:\Windows\System\SpWnHRl.exe
  C:\Windows\System\SpWnHRl.exe
  2⤵
  PID:7580
- C:\Windows\System\zQaSYPu.exe
  C:\Windows\System\zQaSYPu.exe
  2⤵
  PID:7600
- C:\Windows\System\DSREytn.exe
  C:\Windows\System\DSREytn.exe
  2⤵
  PID:7640
- C:\Windows\System\Uyoyhus.exe
  C:\Windows\System\Uyoyhus.exe
  2⤵
  PID:7660
- C:\Windows\System\BXohyJD.exe
  C:\Windows\System\BXohyJD.exe
  2⤵
  PID:7684
- C:\Windows\System\QtfjvwT.exe
  C:\Windows\System\QtfjvwT.exe
  2⤵
  PID:7712
- C:\Windows\System\zAVEPYG.exe
  C:\Windows\System\zAVEPYG.exe
  2⤵
  PID:7728
- C:\Windows\System\OTzMFFa.exe
  C:\Windows\System\OTzMFFa.exe
  2⤵
  PID:7748
- C:\Windows\System\BwXgQve.exe
  C:\Windows\System\BwXgQve.exe
  2⤵
  PID:7816
- C:\Windows\System\zFIPbQj.exe
  C:\Windows\System\zFIPbQj.exe
  2⤵
  PID:7832
- C:\Windows\System\CXUYZLQ.exe
  C:\Windows\System\CXUYZLQ.exe
  2⤵
  PID:7852
- C:\Windows\System\wGoijKR.exe
  C:\Windows\System\wGoijKR.exe
  2⤵
  PID:7872
- C:\Windows\System\oRrukvq.exe
  C:\Windows\System\oRrukvq.exe
  2⤵
  PID:7912
- C:\Windows\System\yOjxSsn.exe
  C:\Windows\System\yOjxSsn.exe
  2⤵
  PID:7956
- C:\Windows\System\ehVkUNY.exe
  C:\Windows\System\ehVkUNY.exe
  2⤵
  PID:7972
- C:\Windows\System\fqMpkTM.exe
  C:\Windows\System\fqMpkTM.exe
  2⤵
  PID:7992
- C:\Windows\System\uAyeYwK.exe
  C:\Windows\System\uAyeYwK.exe
  2⤵
  PID:8012
- C:\Windows\System\YCKUbry.exe
  C:\Windows\System\YCKUbry.exe
  2⤵
  PID:8044
- C:\Windows\System\dugAaaX.exe
  C:\Windows\System\dugAaaX.exe
  2⤵
  PID:8064
- C:\Windows\System\QJYuXYP.exe
  C:\Windows\System\QJYuXYP.exe
  2⤵
  PID:8088
- C:\Windows\System\srNyYHS.exe
  C:\Windows\System\srNyYHS.exe
  2⤵
  PID:8136
- C:\Windows\System\ldGwmDl.exe
  C:\Windows\System\ldGwmDl.exe
  2⤵
  PID:8168
- C:\Windows\System\iFJUiUL.exe
  C:\Windows\System\iFJUiUL.exe
  2⤵
  PID:8188
- C:\Windows\System\GTnYWbZ.exe
  C:\Windows\System\GTnYWbZ.exe
  2⤵
  PID:3776
- C:\Windows\System\YIMYkQu.exe
  C:\Windows\System\YIMYkQu.exe
  2⤵
  PID:7236
- C:\Windows\System\EpPiNyL.exe
  C:\Windows\System\EpPiNyL.exe
  2⤵
  PID:7272
- C:\Windows\System\yVcEzTr.exe
  C:\Windows\System\yVcEzTr.exe
  2⤵
  PID:7348
- C:\Windows\System\ydUNQrY.exe
  C:\Windows\System\ydUNQrY.exe
  2⤵
  PID:7488
- C:\Windows\System\SCJgVsM.exe
  C:\Windows\System\SCJgVsM.exe
  2⤵
  PID:7512
- C:\Windows\System\AmelNEF.exe
  C:\Windows\System\AmelNEF.exe
  2⤵
  PID:7592
- C:\Windows\System\KqmAlzb.exe
  C:\Windows\System\KqmAlzb.exe
  2⤵
  PID:7668
- C:\Windows\System\yBDGOiU.exe
  C:\Windows\System\yBDGOiU.exe
  2⤵
  PID:7720
- C:\Windows\System\BNrysTx.exe
  C:\Windows\System\BNrysTx.exe
  2⤵
  PID:7812
- C:\Windows\System\qeojVfq.exe
  C:\Windows\System\qeojVfq.exe
  2⤵
  PID:7884
- C:\Windows\System\AlLpEjr.exe
  C:\Windows\System\AlLpEjr.exe
  2⤵
  PID:7968
- C:\Windows\System\zxoEsoQ.exe
  C:\Windows\System\zxoEsoQ.exe
  2⤵
  PID:7980
- C:\Windows\System\FwGvsYS.exe
  C:\Windows\System\FwGvsYS.exe
  2⤵
  PID:8072
- C:\Windows\System\RDtrLbn.exe
  C:\Windows\System\RDtrLbn.exe
  2⤵
  PID:8084
- C:\Windows\System\QGmCHtl.exe
  C:\Windows\System\QGmCHtl.exe
  2⤵
  PID:8144
- C:\Windows\System\nAfWgCu.exe
  C:\Windows\System\nAfWgCu.exe
  2⤵
  PID:7208
- C:\Windows\System\AtJrkkt.exe
  C:\Windows\System\AtJrkkt.exe
  2⤵
  PID:7380
- C:\Windows\System\atIZWiJ.exe
  C:\Windows\System\atIZWiJ.exe
  2⤵
  PID:7656
- C:\Windows\System\BSCAntJ.exe
  C:\Windows\System\BSCAntJ.exe
  2⤵
  PID:7768
- C:\Windows\System\alSyLUy.exe
  C:\Windows\System\alSyLUy.exe
  2⤵
  PID:7932
- C:\Windows\System\RgoaTDQ.exe
  C:\Windows\System\RgoaTDQ.exe
  2⤵
  PID:8004
- C:\Windows\System\cnOBxol.exe
  C:\Windows\System\cnOBxol.exe
  2⤵
  PID:8160
- C:\Windows\System\qmXJyUj.exe
  C:\Windows\System\qmXJyUj.exe
  2⤵
  PID:7572
- C:\Windows\System\MCLyxzN.exe
  C:\Windows\System\MCLyxzN.exe
  2⤵
  PID:7740
- C:\Windows\System\dOWXwUh.exe
  C:\Windows\System\dOWXwUh.exe
  2⤵
  PID:7988
- C:\Windows\System\QLWoPrP.exe
  C:\Windows\System\QLWoPrP.exe
  2⤵
  PID:7676
- C:\Windows\System\DyNZmRY.exe
  C:\Windows\System\DyNZmRY.exe
  2⤵
  PID:8200
- C:\Windows\System\SGKGYIf.exe
  C:\Windows\System\SGKGYIf.exe
  2⤵
  PID:8220
- C:\Windows\System\LEDcjZk.exe
  C:\Windows\System\LEDcjZk.exe
  2⤵
  PID:8248
- C:\Windows\System\gvQOeqI.exe
  C:\Windows\System\gvQOeqI.exe
  2⤵
  PID:8288
- C:\Windows\System\ShzDPqB.exe
  C:\Windows\System\ShzDPqB.exe
  2⤵
  PID:8308
- C:\Windows\System\BAUXhzx.exe
  C:\Windows\System\BAUXhzx.exe
  2⤵
  PID:8332
- C:\Windows\System\rxYkhQW.exe
  C:\Windows\System\rxYkhQW.exe
  2⤵
  PID:8356
- C:\Windows\System\ElJZiVN.exe
  C:\Windows\System\ElJZiVN.exe
  2⤵
  PID:8408
- C:\Windows\System\YHfYFKR.exe
  C:\Windows\System\YHfYFKR.exe
  2⤵
  PID:8428
- C:\Windows\System\omHvhzh.exe
  C:\Windows\System\omHvhzh.exe
  2⤵
  PID:8452
- C:\Windows\System\JNkHGMy.exe
  C:\Windows\System\JNkHGMy.exe
  2⤵
  PID:8500
- C:\Windows\System\GrUyFji.exe
  C:\Windows\System\GrUyFji.exe
  2⤵
  PID:8520
- C:\Windows\System\ObEBEea.exe
  C:\Windows\System\ObEBEea.exe
  2⤵
  PID:8540
- C:\Windows\System\nbrvjZO.exe
  C:\Windows\System\nbrvjZO.exe
  2⤵
  PID:8568
- C:\Windows\System\EsVtZgg.exe
  C:\Windows\System\EsVtZgg.exe
  2⤵
  PID:8592
- C:\Windows\System\jxJKiVj.exe
  C:\Windows\System\jxJKiVj.exe
  2⤵
  PID:8620
- C:\Windows\System\UnYCIRr.exe
  C:\Windows\System\UnYCIRr.exe
  2⤵
  PID:8640
- C:\Windows\System\oJiCBUD.exe
  C:\Windows\System\oJiCBUD.exe
  2⤵
  PID:8668
- C:\Windows\System\LwssTiy.exe
  C:\Windows\System\LwssTiy.exe
  2⤵
  PID:8692
- C:\Windows\System\hjnhKpl.exe
  C:\Windows\System\hjnhKpl.exe
  2⤵
  PID:8712
- C:\Windows\System\VkUPChc.exe
  C:\Windows\System\VkUPChc.exe
  2⤵
  PID:8752
- C:\Windows\System\TLeXYXQ.exe
  C:\Windows\System\TLeXYXQ.exe
  2⤵
  PID:8780
- C:\Windows\System\HEjGRXC.exe
  C:\Windows\System\HEjGRXC.exe
  2⤵
  PID:8824
- C:\Windows\System\RljjBln.exe
  C:\Windows\System\RljjBln.exe
  2⤵
  PID:8848
- C:\Windows\System\ALsBmrc.exe
  C:\Windows\System\ALsBmrc.exe
  2⤵
  PID:8872
- C:\Windows\System\KFXrDQg.exe
  C:\Windows\System\KFXrDQg.exe
  2⤵
  PID:8896
- C:\Windows\System\hNUUBaS.exe
  C:\Windows\System\hNUUBaS.exe
  2⤵
  PID:8936
- C:\Windows\System\tipNZfa.exe
  C:\Windows\System\tipNZfa.exe
  2⤵
  PID:8968
- C:\Windows\System\vvKiMRW.exe
  C:\Windows\System\vvKiMRW.exe
  2⤵
  PID:8996
- C:\Windows\System\GyOAfZY.exe
  C:\Windows\System\GyOAfZY.exe
  2⤵
  PID:9028
- C:\Windows\System\CRVIptk.exe
  C:\Windows\System\CRVIptk.exe
  2⤵
  PID:9052
- C:\Windows\System\poKEBzS.exe
  C:\Windows\System\poKEBzS.exe
  2⤵
  PID:9072
- C:\Windows\System\mgePeUl.exe
  C:\Windows\System\mgePeUl.exe
  2⤵
  PID:9100
- C:\Windows\System\SaQrXoK.exe
  C:\Windows\System\SaQrXoK.exe
  2⤵
  PID:9124
- C:\Windows\System\cKXKJyy.exe
  C:\Windows\System\cKXKJyy.exe
  2⤵
  PID:9152
- C:\Windows\System\plBTrZF.exe
  C:\Windows\System\plBTrZF.exe
  2⤵
  PID:9172
- C:\Windows\System\pLOrtPc.exe
  C:\Windows\System\pLOrtPc.exe
  2⤵
  PID:9200
- C:\Windows\System\WwybPON.exe
  C:\Windows\System\WwybPON.exe
  2⤵
  PID:7840
- C:\Windows\System\spnWiBm.exe
  C:\Windows\System\spnWiBm.exe
  2⤵
  PID:8216
- C:\Windows\System\ahGOpPB.exe
  C:\Windows\System\ahGOpPB.exe
  2⤵
  PID:8268
- C:\Windows\System\gUdjfSz.exe
  C:\Windows\System\gUdjfSz.exe
  2⤵
  PID:8328
- C:\Windows\System\HSSQtwY.exe
  C:\Windows\System\HSSQtwY.exe
  2⤵
  PID:8436
- C:\Windows\System\MHwGFEf.exe
  C:\Windows\System\MHwGFEf.exe
  2⤵
  PID:8564
- C:\Windows\System\BrTBMvC.exe
  C:\Windows\System\BrTBMvC.exe
  2⤵
  PID:8612
- C:\Windows\System\JfiZpVm.exe
  C:\Windows\System\JfiZpVm.exe
  2⤵
  PID:8636
- C:\Windows\System\SgyzvkY.exe
  C:\Windows\System\SgyzvkY.exe
  2⤵
  PID:8760
- C:\Windows\System\XxLvNMm.exe
  C:\Windows\System\XxLvNMm.exe
  2⤵
  PID:8868
- C:\Windows\System\afMWkSQ.exe
  C:\Windows\System\afMWkSQ.exe
  2⤵
  PID:8892
- C:\Windows\System\aKIPsJR.exe
  C:\Windows\System\aKIPsJR.exe
  2⤵
  PID:8980
- C:\Windows\System\ZWtEuNq.exe
  C:\Windows\System\ZWtEuNq.exe
  2⤵
  PID:9012
- C:\Windows\System\ortKkLt.exe
  C:\Windows\System\ortKkLt.exe
  2⤵
  PID:9092
- C:\Windows\System\bCiVAFT.exe
  C:\Windows\System\bCiVAFT.exe
  2⤵
  PID:9196
- C:\Windows\System\uOXPPWU.exe
  C:\Windows\System\uOXPPWU.exe
  2⤵
  PID:8212
- C:\Windows\System\pVscZdn.exe
  C:\Windows\System\pVscZdn.exe
  2⤵
  PID:9212
- C:\Windows\System\FcNrwId.exe
  C:\Windows\System\FcNrwId.exe
  2⤵
  PID:8536
- C:\Windows\System\lbCSPeN.exe
  C:\Windows\System\lbCSPeN.exe
  2⤵
  PID:8788
- C:\Windows\System\GlyjscS.exe
  C:\Windows\System\GlyjscS.exe
  2⤵
  PID:8864
- C:\Windows\System\AISRQqW.exe
  C:\Windows\System\AISRQqW.exe
  2⤵
  PID:9068
- C:\Windows\System\mwWXFHx.exe
  C:\Windows\System\mwWXFHx.exe
  2⤵
  PID:9136
- C:\Windows\System\mrATDjF.exe
  C:\Windows\System\mrATDjF.exe
  2⤵
  PID:8392
- C:\Windows\System\aSGYtjp.exe
  C:\Windows\System\aSGYtjp.exe
  2⤵
  PID:8704
- C:\Windows\System\alVLDZq.exe
  C:\Windows\System\alVLDZq.exe
  2⤵
  PID:8988
- C:\Windows\System\fwOhLjV.exe
  C:\Windows\System\fwOhLjV.exe
  2⤵
  PID:8196
- C:\Windows\System\xJDzuTZ.exe
  C:\Windows\System\xJDzuTZ.exe
  2⤵
  PID:9236
- C:\Windows\System\JEpfYxx.exe
  C:\Windows\System\JEpfYxx.exe
  2⤵
  PID:9252
- C:\Windows\System\pdNfYPy.exe
  C:\Windows\System\pdNfYPy.exe
  2⤵
  PID:9272
- C:\Windows\System\BVQUzbX.exe
  C:\Windows\System\BVQUzbX.exe
  2⤵
  PID:9316
- C:\Windows\System\Jgdldmz.exe
  C:\Windows\System\Jgdldmz.exe
  2⤵
  PID:9336
- C:\Windows\System\RSYcDtg.exe
  C:\Windows\System\RSYcDtg.exe
  2⤵
  PID:9352
- C:\Windows\System\zvNVUEp.exe
  C:\Windows\System\zvNVUEp.exe
  2⤵
  PID:9376
- C:\Windows\System\PMzTDFH.exe
  C:\Windows\System\PMzTDFH.exe
  2⤵
  PID:9400
- C:\Windows\System\gPDNJVA.exe
  C:\Windows\System\gPDNJVA.exe
  2⤵
  PID:9420
- C:\Windows\System\mwUsltW.exe
  C:\Windows\System\mwUsltW.exe
  2⤵
  PID:9448
- C:\Windows\System\yvqpwRe.exe
  C:\Windows\System\yvqpwRe.exe
  2⤵
  PID:9472
- C:\Windows\System\HJXEMJf.exe
  C:\Windows\System\HJXEMJf.exe
  2⤵
  PID:9488
- C:\Windows\System\OXkPkLD.exe
  C:\Windows\System\OXkPkLD.exe
  2⤵
  PID:9524
- C:\Windows\System\nBSmnzs.exe
  C:\Windows\System\nBSmnzs.exe
  2⤵
  PID:9548
- C:\Windows\System\apaNMya.exe
  C:\Windows\System\apaNMya.exe
  2⤵
  PID:9568
- C:\Windows\System\zRnqwvk.exe
  C:\Windows\System\zRnqwvk.exe
  2⤵
  PID:9600
- C:\Windows\System\gutnLxv.exe
  C:\Windows\System\gutnLxv.exe
  2⤵
  PID:9660
- C:\Windows\System\KhyfWZw.exe
  C:\Windows\System\KhyfWZw.exe
  2⤵
  PID:9692
- C:\Windows\System\HIJSXPA.exe
  C:\Windows\System\HIJSXPA.exe
  2⤵
  PID:9724
- C:\Windows\System\NBxbaQd.exe
  C:\Windows\System\NBxbaQd.exe
  2⤵
  PID:9760
- C:\Windows\System\BURjphw.exe
  C:\Windows\System\BURjphw.exe
  2⤵
  PID:9804
- C:\Windows\System\AclnvIw.exe
  C:\Windows\System\AclnvIw.exe
  2⤵
  PID:9824
- C:\Windows\System\VQpsaog.exe
  C:\Windows\System\VQpsaog.exe
  2⤵
  PID:9848
- C:\Windows\System\bGqAeHT.exe
  C:\Windows\System\bGqAeHT.exe
  2⤵
  PID:9892
- C:\Windows\System\LxXcUIm.exe
  C:\Windows\System\LxXcUIm.exe
  2⤵
  PID:9912
- C:\Windows\System\wEslbfC.exe
  C:\Windows\System\wEslbfC.exe
  2⤵
  PID:9940
- C:\Windows\System\YAvtdLd.exe
  C:\Windows\System\YAvtdLd.exe
  2⤵
  PID:9980
- C:\Windows\System\uwvTxDF.exe
  C:\Windows\System\uwvTxDF.exe
  2⤵
  PID:9996
- C:\Windows\System\eYSwXlD.exe
  C:\Windows\System\eYSwXlD.exe
  2⤵
  PID:10020
- C:\Windows\System\RdwiGGj.exe
  C:\Windows\System\RdwiGGj.exe
  2⤵
  PID:10060
- C:\Windows\System\rhLeNPW.exe
  C:\Windows\System\rhLeNPW.exe
  2⤵
  PID:10084
- C:\Windows\System\pDyRhln.exe
  C:\Windows\System\pDyRhln.exe
  2⤵
  PID:10104
- C:\Windows\System\iuIJNgu.exe
  C:\Windows\System\iuIJNgu.exe
  2⤵
  PID:10148
- C:\Windows\System\AjwdOSU.exe
  C:\Windows\System\AjwdOSU.exe
  2⤵
  PID:10168
- C:\Windows\System\znBlyqY.exe
  C:\Windows\System\znBlyqY.exe
  2⤵
  PID:10188
- C:\Windows\System\HBLfoWQ.exe
  C:\Windows\System\HBLfoWQ.exe
  2⤵
  PID:10220
- C:\Windows\System\EnTlUXL.exe
  C:\Windows\System\EnTlUXL.exe
  2⤵
  PID:9224
- C:\Windows\System\ofYXKDE.exe
  C:\Windows\System\ofYXKDE.exe
  2⤵
  PID:9348
- C:\Windows\System\QDdtQJX.exe
  C:\Windows\System\QDdtQJX.exe
  2⤵
  PID:9388
- C:\Windows\System\TzpPwyl.exe
  C:\Windows\System\TzpPwyl.exe
  2⤵
  PID:9624
- C:\Windows\System\AQTXnaj.exe
  C:\Windows\System\AQTXnaj.exe
  2⤵
  PID:9716
- C:\Windows\System\hAZwjUs.exe
  C:\Windows\System\hAZwjUs.exe
  2⤵
  PID:9812
- C:\Windows\System\EIdMhrz.exe
  C:\Windows\System\EIdMhrz.exe
  2⤵
  PID:9832
- C:\Windows\System\mzvtUWe.exe
  C:\Windows\System\mzvtUWe.exe
  2⤵
  PID:9908
- C:\Windows\System\NWucQSA.exe
  C:\Windows\System\NWucQSA.exe
  2⤵
  PID:9976
- C:\Windows\System\xLahDoM.exe
  C:\Windows\System\xLahDoM.exe
  2⤵
  PID:9992
- C:\Windows\System\nVEaFAZ.exe
  C:\Windows\System\nVEaFAZ.exe
  2⤵
  PID:10096
- C:\Windows\System\jHjPqth.exe
  C:\Windows\System\jHjPqth.exe
  2⤵
  PID:10128
- C:\Windows\System\PEBVqLe.exe
  C:\Windows\System\PEBVqLe.exe
  2⤵
  PID:10236
- C:\Windows\System\uhTzFGg.exe
  C:\Windows\System\uhTzFGg.exe
  2⤵
  PID:9392
- C:\Windows\System\fKehQff.exe
  C:\Windows\System\fKehQff.exe
  2⤵
  PID:9260
- C:\Windows\System\gqYiVgu.exe
  C:\Windows\System\gqYiVgu.exe
  2⤵
  PID:9324
- C:\Windows\System\XXKueLF.exe
  C:\Windows\System\XXKueLF.exe
  2⤵
  PID:9496
- C:\Windows\System\dVMZCib.exe
  C:\Windows\System\dVMZCib.exe
  2⤵
  PID:9592
- C:\Windows\System\ZowVhQa.exe
  C:\Windows\System\ZowVhQa.exe
  2⤵
  PID:4756
- C:\Windows\System\opfpZgy.exe
  C:\Windows\System\opfpZgy.exe
  2⤵
  PID:9484
- C:\Windows\System\xcJvCEI.exe
  C:\Windows\System\xcJvCEI.exe
  2⤵
  PID:10076
- C:\Windows\System\iBxAJwY.exe
  C:\Windows\System\iBxAJwY.exe
  2⤵
  PID:10160
- C:\Windows\System\WOSivaR.exe
  C:\Windows\System\WOSivaR.exe
  2⤵
  PID:9480
- C:\Windows\System\MHxsBMB.exe
  C:\Windows\System\MHxsBMB.exe
  2⤵
  PID:9444
- C:\Windows\System\aUArpli.exe
  C:\Windows\System\aUArpli.exe
  2⤵
  PID:9596
- C:\Windows\System\laXoWvZ.exe
  C:\Windows\System\laXoWvZ.exe
  2⤵
  PID:9368
- C:\Windows\System\HueiKLU.exe
  C:\Windows\System\HueiKLU.exe
  2⤵
  PID:9988
- C:\Windows\System\ibBCFdm.exe
  C:\Windows\System\ibBCFdm.exe
  2⤵
  PID:3220
- C:\Windows\System\XblHDZK.exe
  C:\Windows\System\XblHDZK.exe
  2⤵
  PID:9456
- C:\Windows\System\IBwkTxi.exe
  C:\Windows\System\IBwkTxi.exe
  2⤵
  PID:10244
- C:\Windows\System\hcFJNYA.exe
  C:\Windows\System\hcFJNYA.exe
  2⤵
  PID:10264
- C:\Windows\System\HqitNXa.exe
  C:\Windows\System\HqitNXa.exe
  2⤵
  PID:10284
- C:\Windows\System\xqFalKf.exe
  C:\Windows\System\xqFalKf.exe
  2⤵
  PID:10300
- C:\Windows\System\xPjPJmK.exe
  C:\Windows\System\xPjPJmK.exe
  2⤵
  PID:10360
- C:\Windows\System\GWBzTdt.exe
  C:\Windows\System\GWBzTdt.exe
  2⤵
  PID:10384
- C:\Windows\System\NFsmZmS.exe
  C:\Windows\System\NFsmZmS.exe
  2⤵
  PID:10416
- C:\Windows\System\AxCyubN.exe
  C:\Windows\System\AxCyubN.exe
  2⤵
  PID:10468
- C:\Windows\System\ynkrNbT.exe
  C:\Windows\System\ynkrNbT.exe
  2⤵
  PID:10488
- C:\Windows\System\TExvsNb.exe
  C:\Windows\System\TExvsNb.exe
  2⤵
  PID:10512
- C:\Windows\System\dtsCLMn.exe
  C:\Windows\System\dtsCLMn.exe
  2⤵
  PID:10536
- C:\Windows\System\xcTDPuN.exe
  C:\Windows\System\xcTDPuN.exe
  2⤵
  PID:10584
- C:\Windows\System\xPNLZBK.exe
  C:\Windows\System\xPNLZBK.exe
  2⤵
  PID:10608
- C:\Windows\System\fgsSWXL.exe
  C:\Windows\System\fgsSWXL.exe
  2⤵
  PID:10632
- C:\Windows\System\UjsZqxS.exe
  C:\Windows\System\UjsZqxS.exe
  2⤵
  PID:10648
- C:\Windows\System\APKlWzG.exe
  C:\Windows\System\APKlWzG.exe
  2⤵
  PID:10676
- C:\Windows\System\vZTycYG.exe
  C:\Windows\System\vZTycYG.exe
  2⤵
  PID:10696
- C:\Windows\System\jmZjzkh.exe
  C:\Windows\System\jmZjzkh.exe
  2⤵
  PID:10756
- C:\Windows\System\niTPbPG.exe
  C:\Windows\System\niTPbPG.exe
  2⤵
  PID:10772
- C:\Windows\System\KRvzVxp.exe
  C:\Windows\System\KRvzVxp.exe
  2⤵
  PID:10844
- C:\Windows\System\inzzuUM.exe
  C:\Windows\System\inzzuUM.exe
  2⤵
  PID:10860
- C:\Windows\System\GgqJRJx.exe
  C:\Windows\System\GgqJRJx.exe
  2⤵
  PID:10876
- C:\Windows\System\VxAcbfR.exe
  C:\Windows\System\VxAcbfR.exe
  2⤵
  PID:10896
- C:\Windows\System\RFwWadt.exe
  C:\Windows\System\RFwWadt.exe
  2⤵
  PID:10916
- C:\Windows\System\PUOogCd.exe
  C:\Windows\System\PUOogCd.exe
  2⤵
  PID:10952
- C:\Windows\System\zGMHBEe.exe
  C:\Windows\System\zGMHBEe.exe
  2⤵
  PID:10976
- C:\Windows\System\PvKnmpL.exe
  C:\Windows\System\PvKnmpL.exe
  2⤵
  PID:11024
- C:\Windows\System\BgCCCvU.exe
  C:\Windows\System\BgCCCvU.exe
  2⤵
  PID:11056
- C:\Windows\System\CrACGlU.exe
  C:\Windows\System\CrACGlU.exe
  2⤵
  PID:11072
- C:\Windows\System\GIYeQph.exe
  C:\Windows\System\GIYeQph.exe
  2⤵
  PID:11088
- C:\Windows\System\aDXFmiy.exe
  C:\Windows\System\aDXFmiy.exe
  2⤵
  PID:11128
- C:\Windows\System\vYqDTjR.exe
  C:\Windows\System\vYqDTjR.exe
  2⤵
  PID:11152
- C:\Windows\System\QZltGrQ.exe
  C:\Windows\System\QZltGrQ.exe
  2⤵
  PID:11172
- C:\Windows\System\hsTbGVl.exe
  C:\Windows\System\hsTbGVl.exe
  2⤵
  PID:11188
- C:\Windows\System\rsXcKQn.exe
  C:\Windows\System\rsXcKQn.exe
  2⤵
  PID:11204
- C:\Windows\System\tydCatt.exe
  C:\Windows\System\tydCatt.exe
  2⤵
  PID:11244
- C:\Windows\System\zIkXhog.exe
  C:\Windows\System\zIkXhog.exe
  2⤵
  PID:10256
- C:\Windows\System\EwWOsMz.exe
  C:\Windows\System\EwWOsMz.exe
  2⤵
  PID:10260
- C:\Windows\System\IDKfqKA.exe
  C:\Windows\System\IDKfqKA.exe
  2⤵
  PID:10296
- C:\Windows\System\SsoUPHk.exe
  C:\Windows\System\SsoUPHk.exe
  2⤵
  PID:10372
- C:\Windows\System\cCJIfCO.exe
  C:\Windows\System\cCJIfCO.exe
  2⤵
  PID:10408
- C:\Windows\System\KxCxHfu.exe
  C:\Windows\System\KxCxHfu.exe
  2⤵
  PID:10432
- C:\Windows\System\IvINBuL.exe
  C:\Windows\System\IvINBuL.exe
  2⤵
  PID:10592
- C:\Windows\System\nSdZflT.exe
  C:\Windows\System\nSdZflT.exe
  2⤵
  PID:10640
- C:\Windows\System\cCUzIdd.exe
  C:\Windows\System\cCUzIdd.exe
  2⤵
  PID:10692
- C:\Windows\System\HnNYbZT.exe
  C:\Windows\System\HnNYbZT.exe
  2⤵
  PID:10724
- C:\Windows\System\qONdCFV.exe
  C:\Windows\System\qONdCFV.exe
  2⤵
  PID:4384
- C:\Windows\System\nYeJGRq.exe
  C:\Windows\System\nYeJGRq.exe
  2⤵
  PID:10824
- C:\Windows\System\smOOFUd.exe
  C:\Windows\System\smOOFUd.exe
  2⤵
  PID:10796
- C:\Windows\System\YbFWLLj.exe
  C:\Windows\System\YbFWLLj.exe
  2⤵
  PID:10872
- C:\Windows\System\MBxiVyb.exe
  C:\Windows\System\MBxiVyb.exe
  2⤵
  PID:10948
- C:\Windows\System\ZWJxzdY.exe
  C:\Windows\System\ZWJxzdY.exe
  2⤵
  PID:10972
- C:\Windows\System\DNfQCrA.exe
  C:\Windows\System\DNfQCrA.exe
  2⤵
  PID:11048
- C:\Windows\System\OQTEuzB.exe
  C:\Windows\System\OQTEuzB.exe
  2⤵
  PID:11100
- C:\Windows\System\GvpaWUl.exe
  C:\Windows\System\GvpaWUl.exe
  2⤵
  PID:11140
- C:\Windows\System\NyQKKDS.exe
  C:\Windows\System\NyQKKDS.exe
  2⤵
  PID:10496
- C:\Windows\System\fHPgOXw.exe
  C:\Windows\System\fHPgOXw.exe
  2⤵
  PID:10576
- C:\Windows\System\FcMOAQv.exe
  C:\Windows\System\FcMOAQv.exe
  2⤵
  PID:10704
- C:\Windows\System\pGxqgPF.exe
  C:\Windows\System\pGxqgPF.exe
  2⤵
  PID:10792
- C:\Windows\System\ICUmUvN.exe
  C:\Windows\System\ICUmUvN.exe
  2⤵
  PID:2940
- C:\Windows\System\JFFVNwZ.exe
  C:\Windows\System\JFFVNwZ.exe
  2⤵
  PID:11160
- C:\Windows\System\hsKHUIT.exe
  C:\Windows\System\hsKHUIT.exe
  2⤵
  PID:11044
- C:\Windows\System\wYYJIzQ.exe
  C:\Windows\System\wYYJIzQ.exe
  2⤵
  PID:10276
- C:\Windows\System\YYkfuZb.exe
  C:\Windows\System\YYkfuZb.exe
  2⤵
  PID:10596
- C:\Windows\System\VLXbRoF.exe
  C:\Windows\System\VLXbRoF.exe
  2⤵
  PID:10764
- C:\Windows\System\laCnNqx.exe
  C:\Windows\System\laCnNqx.exe
  2⤵
  PID:11068
- C:\Windows\System\BCVWyPX.exe
  C:\Windows\System\BCVWyPX.exe
  2⤵
  PID:10312
- C:\Windows\System\zWsugpw.exe
  C:\Windows\System\zWsugpw.exe
  2⤵
  PID:11272
- C:\Windows\System\UPDRldb.exe
  C:\Windows\System\UPDRldb.exe
  2⤵
  PID:11292
- C:\Windows\System\TEonpKn.exe
  C:\Windows\System\TEonpKn.exe
  2⤵
  PID:11308
- C:\Windows\System\xYdGjye.exe
  C:\Windows\System\xYdGjye.exe
  2⤵
  PID:11332
- C:\Windows\System\wWagpXi.exe
  C:\Windows\System\wWagpXi.exe
  2⤵
  PID:11360
- C:\Windows\System\MEXgtZO.exe
  C:\Windows\System\MEXgtZO.exe
  2⤵
  PID:11420
- C:\Windows\System\RVCCfSj.exe
  C:\Windows\System\RVCCfSj.exe
  2⤵
  PID:11452
- C:\Windows\System\sppkJoi.exe
  C:\Windows\System\sppkJoi.exe
  2⤵
  PID:11476
- C:\Windows\System\ezlmHgJ.exe
  C:\Windows\System\ezlmHgJ.exe
  2⤵
  PID:11496
- C:\Windows\System\TEqdcpy.exe
  C:\Windows\System\TEqdcpy.exe
  2⤵
  PID:11516
- C:\Windows\System\xZotTva.exe
  C:\Windows\System\xZotTva.exe
  2⤵
  PID:11548
- C:\Windows\System\gvofVrc.exe
  C:\Windows\System\gvofVrc.exe
  2⤵
  PID:11600
- C:\Windows\System\oMlfmeA.exe
  C:\Windows\System\oMlfmeA.exe
  2⤵
  PID:11628
- C:\Windows\System\CfTknIB.exe
  C:\Windows\System\CfTknIB.exe
  2⤵
  PID:11660
- C:\Windows\System\rkONKXE.exe
  C:\Windows\System\rkONKXE.exe
  2⤵
  PID:11696
- C:\Windows\System\huzneNC.exe
  C:\Windows\System\huzneNC.exe
  2⤵
  PID:11716
- C:\Windows\System\tRIGokC.exe
  C:\Windows\System\tRIGokC.exe
  2⤵
  PID:11740
- C:\Windows\System\AevUQWr.exe
  C:\Windows\System\AevUQWr.exe
  2⤵
  PID:11772
- C:\Windows\System\lkrsMGH.exe
  C:\Windows\System\lkrsMGH.exe
  2⤵
  PID:11792
- C:\Windows\System\CyaOAGk.exe
  C:\Windows\System\CyaOAGk.exe
  2⤵
  PID:11816
- C:\Windows\System\bMCNuPW.exe
  C:\Windows\System\bMCNuPW.exe
  2⤵
  PID:11840
- C:\Windows\System\XFEVlVJ.exe
  C:\Windows\System\XFEVlVJ.exe
  2⤵
  PID:11868
- C:\Windows\System\NkemgrW.exe
  C:\Windows\System\NkemgrW.exe
  2⤵
  PID:11916
- C:\Windows\System\MCPnuBg.exe
  C:\Windows\System\MCPnuBg.exe
  2⤵
  PID:11936
- C:\Windows\System\bWNGwon.exe
  C:\Windows\System\bWNGwon.exe
  2⤵
  PID:11976
- C:\Windows\System\cskDAhD.exe
  C:\Windows\System\cskDAhD.exe
  2⤵
  PID:11992
- C:\Windows\System\DyzRfyo.exe
  C:\Windows\System\DyzRfyo.exe
  2⤵
  PID:12032
- C:\Windows\System\xsXUnBP.exe
  C:\Windows\System\xsXUnBP.exe
  2⤵
  PID:12052
- C:\Windows\System\FtKKkbT.exe
  C:\Windows\System\FtKKkbT.exe
  2⤵
  PID:12076
- C:\Windows\System\TvBzDAK.exe
  C:\Windows\System\TvBzDAK.exe
  2⤵
  PID:12092
- C:\Windows\System\nwDqVKW.exe
  C:\Windows\System\nwDqVKW.exe
  2⤵
  PID:12124
- C:\Windows\System\vWJdxAo.exe
  C:\Windows\System\vWJdxAo.exe
  2⤵
  PID:12164
- C:\Windows\System\rLKeHmp.exe
  C:\Windows\System\rLKeHmp.exe
  2⤵
  PID:12192
- C:\Windows\System\jAgZaAC.exe
  C:\Windows\System\jAgZaAC.exe
  2⤵
  PID:12220
- C:\Windows\System\nqPWlrX.exe
  C:\Windows\System\nqPWlrX.exe
  2⤵
  PID:12240
- C:\Windows\System\XkyRIaA.exe
  C:\Windows\System\XkyRIaA.exe
  2⤵
  PID:12264
- C:\Windows\System\YDvtlCl.exe
  C:\Windows\System\YDvtlCl.exe
  2⤵
  PID:1824
- C:\Windows\System\NJPjrES.exe
  C:\Windows\System\NJPjrES.exe
  2⤵
  PID:11320
- C:\Windows\System\HijKStv.exe
  C:\Windows\System\HijKStv.exe
  2⤵
  PID:11300
- C:\Windows\System\rTaGUfA.exe
  C:\Windows\System\rTaGUfA.exe
  2⤵
  PID:11344
- C:\Windows\System\iIDNzcv.exe
  C:\Windows\System\iIDNzcv.exe
  2⤵
  PID:11400
- C:\Windows\System\YWPRuIJ.exe
  C:\Windows\System\YWPRuIJ.exe
  2⤵
  PID:11488
- C:\Windows\System\hvJcwZi.exe
  C:\Windows\System\hvJcwZi.exe
  2⤵
  PID:11492
- C:\Windows\System\WbrbvRr.exe
  C:\Windows\System\WbrbvRr.exe
  2⤵
  PID:11540
- C:\Windows\System\PtdasJq.exe
  C:\Windows\System\PtdasJq.exe
  2⤵
  PID:11620
- C:\Windows\System\sMUrSYr.exe
  C:\Windows\System\sMUrSYr.exe
  2⤵
  PID:11780
- C:\Windows\System\urxgMcy.exe
  C:\Windows\System\urxgMcy.exe
  2⤵
  PID:11864
- C:\Windows\System\kDrvEjn.exe
  C:\Windows\System\kDrvEjn.exe
  2⤵
  PID:11924
- C:\Windows\System\pScfsGQ.exe
  C:\Windows\System\pScfsGQ.exe
  2⤵
  PID:12060
- C:\Windows\System\SIfjNeI.exe
  C:\Windows\System\SIfjNeI.exe
  2⤵
  PID:12112
- C:\Windows\System\uZKWLVO.exe
  C:\Windows\System\uZKWLVO.exe
  2⤵
  PID:12156
- C:\Windows\System\tfGyknR.exe
  C:\Windows\System\tfGyknR.exe
  2⤵
  PID:12208
- C:\Windows\System\yfBkREj.exe
  C:\Windows\System\yfBkREj.exe
  2⤵
  PID:12260
- C:\Windows\System\fvVGrxB.exe
  C:\Windows\System\fvVGrxB.exe
  2⤵
  PID:10404
- C:\Windows\System\ohmQErZ.exe
  C:\Windows\System\ohmQErZ.exe
  2⤵
  PID:11564
- C:\Windows\System\uIvVYIn.exe
  C:\Windows\System\uIvVYIn.exe
  2⤵
  PID:11692
- C:\Windows\System\FTGkHwE.exe
  C:\Windows\System\FTGkHwE.exe
  2⤵
  PID:11804
- C:\Windows\System\dMAKWHU.exe
  C:\Windows\System\dMAKWHU.exe
  2⤵
  PID:11912
- C:\Windows\System\REZzXZE.exe
  C:\Windows\System\REZzXZE.exe
  2⤵
  PID:12120
- C:\Windows\System\wmpTfdQ.exe
  C:\Windows\System\wmpTfdQ.exe
  2⤵
  PID:11388
- C:\Windows\System\mWMLoGn.exe
  C:\Windows\System\mWMLoGn.exe
  2⤵
  PID:11588
- C:\Windows\System\xCchkHB.exe
  C:\Windows\System\xCchkHB.exe
  2⤵
  PID:12148
- C:\Windows\System\AAgHrWt.exe
  C:\Windows\System\AAgHrWt.exe
  2⤵
  PID:11712
- C:\Windows\System\PelccOo.exe
  C:\Windows\System\PelccOo.exe
  2⤵
  PID:3812
- C:\Windows\System\HoWNbMX.exe
  C:\Windows\System\HoWNbMX.exe
  2⤵
  PID:12312
- C:\Windows\System\wrsBDFf.exe
  C:\Windows\System\wrsBDFf.exe
  2⤵
  PID:12336
- C:\Windows\System\bbTqRee.exe
  C:\Windows\System\bbTqRee.exe
  2⤵
  PID:12360
- C:\Windows\System\nUYaFmj.exe
  C:\Windows\System\nUYaFmj.exe
  2⤵
  PID:12380
- C:\Windows\System\wPfevAR.exe
  C:\Windows\System\wPfevAR.exe
  2⤵
  PID:12404
- C:\Windows\System\cWNwRXS.exe
  C:\Windows\System\cWNwRXS.exe
  2⤵
  PID:12444
- C:\Windows\System\uewyAhy.exe
  C:\Windows\System\uewyAhy.exe
  2⤵
  PID:12472
- C:\Windows\System\SIQXaSB.exe
  C:\Windows\System\SIQXaSB.exe
  2⤵
  PID:12516
- C:\Windows\System\tsSvvnt.exe
  C:\Windows\System\tsSvvnt.exe
  2⤵
  PID:12536
- C:\Windows\System\kpHjGba.exe
  C:\Windows\System\kpHjGba.exe
  2⤵
  PID:12560
- C:\Windows\System\WjkjpXu.exe
  C:\Windows\System\WjkjpXu.exe
  2⤵
  PID:12592
- C:\Windows\System\dRjgIlY.exe
  C:\Windows\System\dRjgIlY.exe
  2⤵
  PID:12644
- C:\Windows\System\BoAuJmZ.exe
  C:\Windows\System\BoAuJmZ.exe
  2⤵
  PID:12664
- C:\Windows\System\riLpReO.exe
  C:\Windows\System\riLpReO.exe
  2⤵
  PID:12688
- C:\Windows\System\LmwbePb.exe
  C:\Windows\System\LmwbePb.exe
  2⤵
  PID:12712
- C:\Windows\System\rCzUXAW.exe
  C:\Windows\System\rCzUXAW.exe
  2⤵
  PID:12728
- C:\Windows\System\iqAbYrB.exe
  C:\Windows\System\iqAbYrB.exe
  2⤵
  PID:12752
- C:\Windows\System\HRvmQOg.exe
  C:\Windows\System\HRvmQOg.exe
  2⤵
  PID:12776
- C:\Windows\System\aLrVLKa.exe
  C:\Windows\System\aLrVLKa.exe
  2⤵
  PID:12812
- C:\Windows\System\khaTdlA.exe
  C:\Windows\System\khaTdlA.exe
  2⤵
  PID:12836
- C:\Windows\System\RuiAwuT.exe
  C:\Windows\System\RuiAwuT.exe
  2⤵
  PID:12856
- C:\Windows\System\CHtgXzS.exe
  C:\Windows\System\CHtgXzS.exe
  2⤵
  PID:12920
- C:\Windows\System\ItZuMfN.exe
  C:\Windows\System\ItZuMfN.exe
  2⤵
  PID:12952
- C:\Windows\System\WcxYXyo.exe
  C:\Windows\System\WcxYXyo.exe
  2⤵
  PID:12968
- C:\Windows\System\aFTtnir.exe
  C:\Windows\System\aFTtnir.exe
  2⤵
  PID:12984
- C:\Windows\System\OpWIUDW.exe
  C:\Windows\System\OpWIUDW.exe
  2⤵
  PID:13028
- C:\Windows\System\jNOXizR.exe
  C:\Windows\System\jNOXizR.exe
  2⤵
  PID:13048
- C:\Windows\System\WAyBYlx.exe
  C:\Windows\System\WAyBYlx.exe
  2⤵
  PID:13104
- C:\Windows\System\WqndCJh.exe
  C:\Windows\System\WqndCJh.exe
  2⤵
  PID:13132
- C:\Windows\System\YoohXdk.exe
  C:\Windows\System\YoohXdk.exe
  2⤵
  PID:13152
- C:\Windows\System\RfolmNF.exe
  C:\Windows\System\RfolmNF.exe
  2⤵
  PID:13176
- C:\Windows\System\IQDEvFA.exe
  C:\Windows\System\IQDEvFA.exe
  2⤵
  PID:13196
- C:\Windows\System\IWJINnS.exe
  C:\Windows\System\IWJINnS.exe
  2⤵
  PID:13220
- C:\Windows\System\KfKapsA.exe
  C:\Windows\System\KfKapsA.exe
  2⤵
  PID:13276
- C:\Windows\System\jurEDpc.exe
  C:\Windows\System\jurEDpc.exe
  2⤵
  PID:12308
- C:\Windows\System\IMFNCat.exe
  C:\Windows\System\IMFNCat.exe
  2⤵
  PID:12396
- C:\Windows\System\jdrwmSw.exe
  C:\Windows\System\jdrwmSw.exe
  2⤵
  PID:12440
- C:\Windows\System\QOtkgpG.exe
  C:\Windows\System\QOtkgpG.exe
  2⤵
  PID:12504
- C:\Windows\System\xGqQQdk.exe
  C:\Windows\System\xGqQQdk.exe
  2⤵
  PID:12072
- C:\Windows\System\RSVztOo.exe
  C:\Windows\System\RSVztOo.exe
  2⤵
  PID:3628
- C:\Windows\System\MvgkfKk.exe
  C:\Windows\System\MvgkfKk.exe
  2⤵
  PID:12624
- C:\Windows\System\YYHLvNR.exe
  C:\Windows\System\YYHLvNR.exe
  2⤵
  PID:12708
- C:\Windows\System\FMpkSVC.exe
  C:\Windows\System\FMpkSVC.exe
  2⤵
  PID:12832
- C:\Windows\System\ddMGMMd.exe
  C:\Windows\System\ddMGMMd.exe
  2⤵
  PID:12868
- C:\Windows\System\kgFzoqZ.exe
  C:\Windows\System\kgFzoqZ.exe
  2⤵
  PID:12932
- C:\Windows\System\yQErqJq.exe
  C:\Windows\System\yQErqJq.exe
  2⤵
  PID:13076
- C:\Windows\System\YCeXQjE.exe
  C:\Windows\System\YCeXQjE.exe
  2⤵
  PID:13160
- C:\Windows\System\dpuoUse.exe
  C:\Windows\System\dpuoUse.exe
  2⤵
  PID:13188
- C:\Windows\System\QYxIqLJ.exe
  C:\Windows\System\QYxIqLJ.exe
  2⤵
  PID:13268
- C:\Windows\System\AOnDdyE.exe
  C:\Windows\System\AOnDdyE.exe
  2⤵
  PID:13300
- C:\Windows\System\kpsLJHn.exe
  C:\Windows\System\kpsLJHn.exe
  2⤵
  PID:12320
- C:\Windows\System\DsmpptR.exe
  C:\Windows\System\DsmpptR.exe
  2⤵
  PID:4808
- C:\Windows\System\yLfMyyf.exe
  C:\Windows\System\yLfMyyf.exe
  2⤵
  PID:3620
- C:\Windows\System\YgNPEUq.exe
  C:\Windows\System\YgNPEUq.exe
  2⤵
  PID:12616
- C:\Windows\System\STKyJQl.exe
  C:\Windows\System\STKyJQl.exe
  2⤵
  PID:12684
- C:\Windows\System\QqZkrWR.exe
  C:\Windows\System\QqZkrWR.exe
  2⤵
  PID:12980
- C:\Windows\System\nAkYpVs.exe
  C:\Windows\System\nAkYpVs.exe
  2⤵
  PID:12900
- C:\Windows\System\MXtLVIm.exe
  C:\Windows\System\MXtLVIm.exe
  2⤵
  PID:13040
- C:\Windows\System\MWHeSCp.exe
  C:\Windows\System\MWHeSCp.exe
  2⤵
  PID:13120
- C:\Windows\System\XeujumQ.exe
  C:\Windows\System\XeujumQ.exe
  2⤵
  PID:13248
- C:\Windows\System\PiStXJh.exe
  C:\Windows\System\PiStXJh.exe
  2⤵
  PID:12556
- C:\Windows\System\jwlWSNu.exe
  C:\Windows\System\jwlWSNu.exe
  2⤵
  PID:12800
- C:\Windows\System\RRTCPzM.exe
  C:\Windows\System\RRTCPzM.exe
  2⤵
  PID:1328
- C:\Windows\System\lKjbNys.exe
  C:\Windows\System\lKjbNys.exe
  2⤵
  PID:12352
- C:\Windows\System\Rkgmnfm.exe
  C:\Windows\System\Rkgmnfm.exe
  2⤵
  PID:3200
- C:\Windows\System\nSuBzXC.exe
  C:\Windows\System\nSuBzXC.exe
  2⤵
  PID:13336
- C:\Windows\System\cMgPYKG.exe
  C:\Windows\System\cMgPYKG.exe
  2⤵
  PID:13368
- C:\Windows\System\zizwnSp.exe
  C:\Windows\System\zizwnSp.exe
  2⤵
  PID:13388
- C:\Windows\System\kvNgCzo.exe
  C:\Windows\System\kvNgCzo.exe
  2⤵
  PID:13404
- C:\Windows\System\yBDDSIz.exe
  C:\Windows\System\yBDDSIz.exe
  2⤵
  PID:13448
- C:\Windows\System\QurGbld.exe
  C:\Windows\System\QurGbld.exe
  2⤵
  PID:13476
- C:\Windows\System\FHvysKq.exe
  C:\Windows\System\FHvysKq.exe
  2⤵
  PID:13492
- C:\Windows\System\WmXjTxH.exe
  C:\Windows\System\WmXjTxH.exe
  2⤵
  PID:13528
- C:\Windows\System\aqiGCCF.exe
  C:\Windows\System\aqiGCCF.exe
  2⤵
  PID:13548
- C:\Windows\System\OEPzXna.exe
  C:\Windows\System\OEPzXna.exe
  2⤵
  PID:13572
- C:\Windows\System\JYWvnSl.exe
  C:\Windows\System\JYWvnSl.exe
  2⤵
  PID:13592
- C:\Windows\System\ZPRlmRO.exe
  C:\Windows\System\ZPRlmRO.exe
  2⤵
  PID:13616
- C:\Windows\System\jWNccVP.exe
  C:\Windows\System\jWNccVP.exe
  2⤵
  PID:13632
- C:\Windows\System\LPgOZxB.exe
  C:\Windows\System\LPgOZxB.exe
  2⤵
  PID:13656
- C:\Windows\System\RKBSaAk.exe
  C:\Windows\System\RKBSaAk.exe
  2⤵
  PID:13692
- C:\Windows\System\GJrbDyg.exe
  C:\Windows\System\GJrbDyg.exe
  2⤵
  PID:13776
- C:\Windows\System\KjUkdLm.exe
  C:\Windows\System\KjUkdLm.exe
  2⤵
  PID:13792
- C:\Windows\System\RnWtLtq.exe
  C:\Windows\System\RnWtLtq.exe
  2⤵
  PID:13812
- C:\Windows\System\FJWDbbN.exe
  C:\Windows\System\FJWDbbN.exe
  2⤵
  PID:13844
- C:\Windows\System\IhqMALq.exe
  C:\Windows\System\IhqMALq.exe
  2⤵
  PID:13864
- C:\Windows\System\qzNXApt.exe
  C:\Windows\System\qzNXApt.exe
  2⤵
  PID:13904
- C:\Windows\System\PmKarJf.exe
  C:\Windows\System\PmKarJf.exe
  2⤵
  PID:13920
- C:\Windows\System\rOYqjZr.exe
  C:\Windows\System\rOYqjZr.exe
  2⤵
  PID:13940
- C:\Windows\System\suwXCCk.exe
  C:\Windows\System\suwXCCk.exe
  2⤵
  PID:13964
- C:\Windows\System\AOJLmPb.exe
  C:\Windows\System\AOJLmPb.exe
  2⤵
  PID:13992
- C:\Windows\System\xxEvNbo.exe
  C:\Windows\System\xxEvNbo.exe
  2⤵
  PID:14020
- C:\Windows\System\RANRBoh.exe
  C:\Windows\System\RANRBoh.exe
  2⤵
  PID:14044
- C:\Windows\System\QWBcfph.exe
  C:\Windows\System\QWBcfph.exe
  2⤵
  PID:14064
- C:\Windows\System\GWWZgNw.exe
  C:\Windows\System\GWWZgNw.exe
  2⤵
  PID:14088
- C:\Windows\System\PuFaRRk.exe
  C:\Windows\System\PuFaRRk.exe
  2⤵
  PID:14152
- C:\Windows\System\EpvWTkn.exe
  C:\Windows\System\EpvWTkn.exe
  2⤵
  PID:14176
- C:\Windows\System\MKIoScE.exe
  C:\Windows\System\MKIoScE.exe
  2⤵
  PID:14196
- C:\Windows\System\afxxSTd.exe
  C:\Windows\System\afxxSTd.exe
  2⤵
  PID:14216
- C:\Windows\System\asKpMSz.exe
  C:\Windows\System\asKpMSz.exe
  2⤵
  PID:14252
- C:\Windows\System\zIjVEhE.exe
  C:\Windows\System\zIjVEhE.exe
  2⤵
  PID:14280
- C:\Windows\System\VAnnQrb.exe
  C:\Windows\System\VAnnQrb.exe
  2⤵
  PID:14324
- C:\Windows\System\uwGIEus.exe
  C:\Windows\System\uwGIEus.exe
  2⤵
  PID:13292
- C:\Windows\System\DGluxyE.exe
  C:\Windows\System\DGluxyE.exe
  2⤵
  PID:13360
- C:\Windows\System\EQKEZmv.exe
  C:\Windows\System\EQKEZmv.exe
  2⤵
  PID:13420
- C:\Windows\System\JoYVjjb.exe
  C:\Windows\System\JoYVjjb.exe
  2⤵
  PID:13460
- C:\Windows\System\kHoymbH.exe
  C:\Windows\System\kHoymbH.exe
  2⤵
  PID:13464
- C:\Windows\System\HbbxYYj.exe
  C:\Windows\System\HbbxYYj.exe
  2⤵
  PID:13544
- C:\Windows\System\umwRtTQ.exe
  C:\Windows\System\umwRtTQ.exe
  2⤵
  PID:13668
- C:\Windows\System\lYzJyRP.exe
  C:\Windows\System\lYzJyRP.exe
  2⤵
  PID:13736
- C:\Windows\System\SZYdHpC.exe
  C:\Windows\System\SZYdHpC.exe
  2⤵
  PID:13784
- C:\Windows\System\uBYupgu.exe
  C:\Windows\System\uBYupgu.exe
  2⤵
  PID:13836
- C:\Windows\System\ZqeKiQw.exe
  C:\Windows\System\ZqeKiQw.exe
  2⤵
  PID:13916
- C:\Windows\System\gWyOjGk.exe
  C:\Windows\System\gWyOjGk.exe
  2⤵
  PID:14124

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BBepaIf.exe

Filesize
1.8MB

MD5
781b105e00d0aa0aaddaad0f31cceefc

SHA1
b1100f7c310ef01e626f52851c603b7e3b0c330c

SHA256
be4eba5ea92dfbf6c611040c9271f10959677b606ad640972afb11845b8d8dd4

SHA512
c9ccf5533dbb3ef7b93aa07641f633e8a82ffedee63786402dd52c95e41f4b401ec7fe1bfd15bac1d4b04591b3af1d90ea6d5649a6748652331091c71319dbff

Download Submit
C:\Windows\System\BmkuHhh.exe

Filesize
1.8MB

MD5
2e8893fdeb58d6e1c8c7b539f01dd720

SHA1
e35e4fa2ae34091a0f1ae70346c01b9b6b3949da

SHA256
5eb1b726c5de7c8f697677144a820d2423433722c5b8b74e1cb15384b2461ee9

SHA512
c318898c70a1d8a880288094d2421b86955604556945c44b59f42d30489310c486c676a2dad97cf11706a3e09fa30eff06d733d7c46dccdd1c83257f1f570f16

Download Submit
C:\Windows\System\CCGTuMB.exe

Filesize
1.8MB

MD5
b2c1eb66bf2d255e217d0dd9ce1b82fd

SHA1
7b3b6d7bafd252d43647fca0c8669a24fb8ab954

SHA256
176b28c605d18309fcd705470e8bf1dac686f780157343ae1efeb52985bd58f2

SHA512
9f8d120f47b0751e503ba2e4e07224b27995b50f96f6df80b56d96f409a8b0b791be0c116f45da341cb45de17e81abe15be978d5000f6343e9c12651359954a7

Download Submit
C:\Windows\System\GKMWkOd.exe

Filesize
1.8MB

MD5
3582bc5f71544e199fe1558826fe15b6

SHA1
5689ea2d078ecb05f1550bb2f8838166e6cb6255

SHA256
013e9a1c0e349231900478df243bebfbee0050295340a88fe8069a9bf7aa209c

SHA512
b5bfcb06648fa94e3bde798bdad1d6810d5aa3c2311018dcd0b892b8a56d3e144b306fcf2fa182599a1a138e38e1315c2b8aa967f1a7c713a500135b98fd1180

Download Submit
C:\Windows\System\GSotSXJ.exe

Filesize
1.8MB

MD5
acfb0789d5b0c03a796961eeedbfbdaa

SHA1
7cebb1f0de4144be2a12e52a92063fcd452e814f

SHA256
afbaf63de8436de5690dc6f6c413a911488db8d4dad8fb390b607f35b6e54a70

SHA512
7d62ac2177a3c93c693e3a574e1e72c18945b80611d21b3d83961dddbe2bc336b0473767715dd6bdcb9bff1d9120e5be842c4737b7f6a44b0f5b180bd0484be9

Download Submit
C:\Windows\System\HRujuea.exe

Filesize
1.8MB

MD5
4356df852be7a8d9137f3be531569b78

SHA1
5a3e3e4dfa2b78f84fdc8f0ef71e2ff6d5c03035

SHA256
538dd52ecc3b9c5f4324368ad44fc4d7418e2f4d64c4782f40b8bba25f03ae2d

SHA512
0de33cd66db971b329809b8dfdb1fe4ebadb5c2e1cabd1628638a6431db4e9166535d5e3866dc91cea2a7850a938d8930f4b42ca1b7edaf57955bb51de52c426

Download Submit
C:\Windows\System\IEnfkil.exe

Filesize
1.8MB

MD5
14f86193faf8c56565704586cda92868

SHA1
6fcaa66ad9cba38173135626555d626fddec4997

SHA256
01ca67ed81f750911d2b8daf3f3f85307a7c6fd79371a579f5b5296b8f0bf942

SHA512
f440156ee074b169dadf3400f8e5f5a1067337f7574266ae70872d2996100f31395f3862ae46de808932eb97a0392fcb5d3ac8a8a0146ebd9c2f8c5d4603d83c

Download Submit
C:\Windows\System\KBSZuML.exe

Filesize
1.8MB

MD5
d2175b7d7f5488d1b4d8e0b4f5e6e666

SHA1
e476c058630843e070a51d9f92cc768aeb97e74a

SHA256
278c556a50d04e4c559e974b9a44e639234eb35e29de286ff713f540b1ba6ac6

SHA512
9aabdbd8ff80e0e0d8435abe1d1c4fc64a5d1be292db03215118a62f510d2f9c048c5dd58bba3066ee905dba142d8bd93e27f944822da8fc4b6418c57bce6e5c

Download Submit
C:\Windows\System\LaUdfZK.exe

Filesize
1.8MB

MD5
115fb5b371b902fbb96c8e35488b1bfb

SHA1
5c4217d53d3cd9ed3ab496d8d6b590048eb0bacf

SHA256
d469af8842116824b8ff7bff5886eb5385c7d4a054bd73ea0d0ee8ae6e9a6c11

SHA512
9dc4f1020003e6f82d29cbba88804facb094f42a28cae80d9226adfa25fc2db24a602a26e92a3ef0e5530f73b4bde9693d6c2b21b3694404e6e8c4888d7cfa42

Download Submit
C:\Windows\System\NlRnbwM.exe

Filesize
1.8MB

MD5
6d184b27828cc7c21293c1f1a14292f6

SHA1
4e11d0ffad005f02dd05de366acbf31ac9599add

SHA256
c69081c554b289191aa28f07ddee01b5719edabaa67f48460fa7c0b13c74f92d

SHA512
76662c706ef2e6a5e1c4203107711a99521164c86fe08c486916e6a7f70c9e50929d6ac90e288720c682ca53bffe193aa1fcee61b5f6364314bab2d2bfc03eea

Download Submit
C:\Windows\System\PFJvxJg.exe

Filesize
1.8MB

MD5
e9c9bb85dd89a3f103ca511d02b2cfdc

SHA1
31c007bbd301ef8bbeca03575a0c73a391faae3c

SHA256
253ae6f03c8c3f44bfa727f0e937220f7fd3ec18b55b765cc74d0bc3734ddc34

SHA512
491110d77f6452ec46a6bac65b461ec2d957d9c2b980c894652b4e2e55c8f8b5b4dc05bd33dbadcd8e82a2d376737879a7d46c6c77619324b113b4b492a21ea8

Download Submit
C:\Windows\System\PvTCmfH.exe

Filesize
1.8MB

MD5
7680720d5b5050e01b9c325616d76b53

SHA1
5d61ad3c6afd0be8204113810add5ab854cd4955

SHA256
1db7bbffe6e330799ad02cf032a3dfd39242d29f2e3de1782c59f5520498b718

SHA512
3a0dab9447d388888609e7d628ffc0799832d5468bf694ef8d8bc77e66ecdef11cab8ec0d50146ef3ba658b191dcab17306cec5df4f289204e666ee1a3d7237e

Download Submit
C:\Windows\System\TFYxnhj.exe

Filesize
1.8MB

MD5
dca209ac18994c6a39dfaeadc87b5b6d

SHA1
44f9585613786309c1efa3dee1ef6c764f69156c

SHA256
06a3b513b1ee6539e66739489d13c383a8f428638c8d62de621b07d9c9be2c32

SHA512
f81ea3f28decfacd45ae38dd07cccd3b72d0570e3640f348d61e1c4a967fd25e08a1315a25c2716b4a9c1cfa90ad829f6216b8f8de723994af0d20eb2826632a

Download Submit
C:\Windows\System\UkCTpor.exe

Filesize
1.8MB

MD5
e66b1e626a0b89ffe9a6b5a3020b5cb5

SHA1
ed58c243c9b6501e0a439b97f3eceacd4d5d0027

SHA256
f60e8a8fb071e1091a127be47834a63f952059f5d28152d5943f6a098141df4d

SHA512
d818a0bc70dd4c3952fcf4ce7286fc837306d62c7c57804421f429549907c91305b8d6d35007b3d74e6c7f9b51ca4961e5dcf6f7cfe2014d5a163ccd839a8d99

Download Submit
C:\Windows\System\UwGTbrF.exe

Filesize
1.8MB

MD5
add3b00e5863c94aa537e528ade4b652

SHA1
6869168f408b7eb86b722a8ad0721b16c7c75e52

SHA256
435bc95e9278fe9b98ba4be6c141ed13a140c767e88b3556526f5d0874fa477d

SHA512
49287259bcd5cc289be709b86a0d8dd74929aedd36530f481b48f613ffba5cc917535c33f230cc6d495ac89ca3203b4eacd26012d6730058765f5d136a12a385

Download Submit
C:\Windows\System\VIkUMdO.exe

Filesize
1.8MB

MD5
5591b63f1dd2b180d54add9867f0f19b

SHA1
6bbe5564e255d4fa714983635dcfdb4973816257

SHA256
ac36072ea59c1dbda5afdbbb8d4a7e9d7afb6d99db50832c8f6dfd3b1902d264

SHA512
bcb2d87b6d1970e192fa7f71b07d46424197eebf51731111386d06d7cac3b0e9c2a0160f774eb47a052bf727b9a1a8e2f4b7b0598ebeb8cd6765152994d11706

Download Submit
C:\Windows\System\WrPSPIL.exe

Filesize
1.8MB

MD5
0d5c4f77eb2478fbf60559b2766a5ae2

SHA1
6141b02e57ee39d8d2f5a11adca70816e7190afe

SHA256
d4d0b2404b7310d48a0ca5e069b6c561a150b91783cdf8507abdb2991e9b8df0

SHA512
5d60da57801918c6d1cb216fdcf0dfbe1d9972b99e354bd9046d429f07b3f874921ed8776c329420c4b4cddbd7fb33176e30b0fbdd0cbcb86d6e610a76fbd5ba

Download Submit
C:\Windows\System\WxjSUDa.exe

Filesize
1.8MB

MD5
05590a4a80fa0ab1f07f13f477a1528e

SHA1
2fd559e8d13f621f9d086e32c57be2c1e4c2d14e

SHA256
1b57dd3adbd3728ae0c685693f3a1be13554567cdfedd0645f431a8d925f9d16

SHA512
59b44bf5dbcc43c9655d6968156c4b9bebfb5c7b0d950583f49c72f476bc23bd48db355ebb8e40f20b6042457a312dbdf1dc35d7a9167472a75b08171e3ae735

Download Submit
C:\Windows\System\ZCTxwUv.exe

Filesize
1.8MB

MD5
2be760e39c3c4e06b5c353ec06279391

SHA1
86bbbe4c2df4ae6de457126bcda078d3e0c15645

SHA256
be7bc3cf6a4f9471035e1ae5bf402c8169b97850277ff85dbbd27ad2601b65de

SHA512
5841fde68f6c475cbbd5039964c9c324638b24172a78036591eb586902b0238b954606038183116616d768d142c6d0df8bf9fbcdf1dfad67099cbb2fd3ad96c1

Download Submit
C:\Windows\System\ZRQfUGY.exe

Filesize
1.8MB

MD5
0c056f7d1fb91abfb53a275ef78c3cb7

SHA1
0580e8b0a5ca56a791143c2dfa292c3411e43dbf

SHA256
a02b4b02f3113f552be3e7f4be13e2f507fcc36e8e28719006b5600de7d04e4e

SHA512
8df81a0abfa233e0f28939a88a41f55cf3e5558d91d0c1483bbdb7efa2de7557835327e796e197dc737d7de865a1df61296da9f71cf5cc6f9f2e268a7e737a25

Download Submit
C:\Windows\System\ZdQyZsP.exe

Filesize
1.8MB

MD5
86647acd12e0c77b2292549bd78507f9

SHA1
eae0d979741e3e1905254ac2dcfe30da3f01a648

SHA256
bd786608ea78231330e5095f3ca84eb570081f3ecf2a2735b4b8bf3e363c1435

SHA512
5af25b30630a97890c328dffba3185c1a99f34dff48639b41e99bab0f19e406ca90c4d704f463e3779777aef9da9e2528e82b9b249fcc1dccdf772c934e1c565

Download Submit
C:\Windows\System\aSzOfzG.exe

Filesize
1.8MB

MD5
30e417d8210fa5d18189624e0aa67f92

SHA1
c4c9ec5dc276c2a10cc3fb6871e96e462f6d6038

SHA256
40d9559373385fed0f8cc745968c374c58d486548a23a2d610b1f2935cde1f87

SHA512
969e12c836e390bddb4e3042a0b8c0b950d56cf3fd6803378f2e142d19c641abae55524169a6909126c79c57982b9138f5b8418c6a777a5bb4504954ce1cd6d0

Download Submit
C:\Windows\System\arNiFrQ.exe

Filesize
1.8MB

MD5
e37ed3b9570cc1a8bd29aae74ff49c84

SHA1
db42f37fc54fd81a2e4d7247dc750b9c45d2d6d7

SHA256
3ea827fc102873e35f05b5d8ab6b5790c5582428af3f3d8f30886396aa0d9909

SHA512
6cf1cf7824e8858f95f29b95a40fb3426048282a8733aaeb3d07a9a6fc5b88a8f01892c08cd2ddc777e3651c0a010a25a03f36a0780531425227ead30c221d4d

Download Submit
C:\Windows\System\bXsSrlQ.exe

Filesize
1.8MB

MD5
5db37c9724a0f40c1e9d6e24f310a255

SHA1
b25e8e7195065e02a9929106bd70960df10c8d90

SHA256
21bac740b9036d6810de5230c2e62ebf4113a63073a6268764116e1fbd4e2a83

SHA512
932bb98e7da5f146aa11b752981b8cca0b81ad1a9d2155d89f8a7026291aa78e6c0c8113c7f9e928ee11bf55bc9d5e8b5477a00457a9ac9e3c990ce39a1a9677

Download Submit
C:\Windows\System\dPhgcSz.exe

Filesize
1.8MB

MD5
23e151109a4a4da1ea84b2a55bb4bdb0

SHA1
42b238430613e827950cc9491e003357766b3207

SHA256
6466a24784986c01b7108e9f62dd41cef04073f89e759b7de7072c3df9dee80e

SHA512
b2c198868bdcb0c3cb380443978a33b7ad8a97833ad727e04132c7d0137de02ccd18de0f447a6ad1d475c133e3a47819de7f7e73a10ad7cd0c5dfff1715ac490

Download Submit
C:\Windows\System\eFjtouX.exe

Filesize
1.8MB

MD5
cc6fc9693917a4168f500018aa0459ee

SHA1
5330b0c5dd645d1e372e8a6e8a73b347a315a128

SHA256
014e934fd2a048737a1fe7f2870c542bd350dda36a33daceabfae9b3e34f9374

SHA512
803f080e09346d8f14cdc794c7439932094427002b56bea1ba4382a6dcf81cd7ec45264696dfc55e653ca93f7b351056da3fff5093e02cf001569210a31c11ce

Download Submit
C:\Windows\System\exjKpDk.exe

Filesize
1.8MB

MD5
38d30f10d814d36ab77ee0600d2b0eba

SHA1
a20f9dc7c21919efb2580812901a549c47c7f4d5

SHA256
781aa8d886e727851c5d3433d25939ecc2d7f35f399ac4d62905ab6b5d298ac0

SHA512
e5a1548b0b29904d5a6a33791b3ba78131a80421944f0e8055a03c708b8707a095dffaa8cc8868ecb6f90a34ef12c426e3481caf757f49274ebc8c823dca194d

Download Submit
C:\Windows\System\jhSFhyH.exe

Filesize
1.8MB

MD5
0ed7c5acf3bad1ab38315bf6209ebc5a

SHA1
b6ab9158081991a8f71524f3b38f8ef64d870d04

SHA256
cb9f1d0ca7f34969bf0426c8e5b6dda47490c2a8c615ee4ae75b02fe9cd8f464

SHA512
3364e510cfff1bc6259f6fe2abc088d1c413758823d330208b90508048eca8427193148a10961ab45f1eb11a0f7c03aae5b243a9eeb06ef3c630753064d605d4

Download Submit
C:\Windows\System\lyWdOOs.exe

Filesize
1.8MB

MD5
fe98245915a11f7305cab1b9322d950d

SHA1
210d373339daf13e9c4627d76c5c66ae707968fe

SHA256
40eab97f43f9472dc63beec8d93c5bbd508d50226179775927444f9f3760d951

SHA512
adb2d9f850b9b0d9539d8b2fd3e2e7c32d2fdf35e1675755718391841d980a537b0e713c4dbbf1ff31c7a647a29f864e1909f23bca7377bf0035c4761158e25b

Download Submit
C:\Windows\System\mxUhtfZ.exe

Filesize
1.8MB

MD5
3194c8593bca57888c80b93e62b029e1

SHA1
9c4b074176bb38cd972bbed6e9df1c3e7ea1e608

SHA256
c8e60e65eb5cd7cb567f72e508fc17378960415feda28d9dd28d0996cb3bb4a4

SHA512
4bf348f5a99b9a19df00d36ddb4a9f8faf86188c525a40e8f8b1f7db5195faada889ba36d5fd966f3467e5b05db5fb77f6b06543906613433375b6fbe78d21f1

Download Submit
C:\Windows\System\nqIzRVO.exe

Filesize
1.8MB

MD5
5d10f89ee844b2c98e9be8c7cd294f35

SHA1
b871db2fbea441206c397dd5bfd3b57db27485ca

SHA256
36827f6f29d6f5bbfd05b9db19f5c090895bd44e7e1bb86cecc7e4c0c6c00daf

SHA512
51b55c69468a1f413bc149a0819ab43d12399ae3ee022f352dd025859500d8eecefe86d6e9f4bc1eb80363c950861a76085aa261cdbb7730e5a286adf05e31fd

Download Submit
C:\Windows\System\oVvMvuH.exe

Filesize
1.8MB

MD5
5a30c92b43c1201ae3b5d530b61324b3

SHA1
c43de6d771abe4a91f14d32dc58a4ea267805241

SHA256
742906b5783f382f0a654298a31abc1aa3203916ca80a91b8f3438bdcea71bf3

SHA512
f403ded459e62ff961ee10101e38247c025e180922a9eda979fe9d3c6d899abaf330ead022b157dd6e6f71d543b513e81d2a6bc443bf7bd47639ab6dd41472e6

Download Submit
C:\Windows\System\orALVkX.exe

Filesize
1.8MB

MD5
05a16fcc83998006672dfd0f1b823f23

SHA1
33c369c038d825c8b54d3534db55df1c9b360d99

SHA256
a965ae47dd9181d0f226975a3c0ac0bd2d8bc77683ffa9e05071a830078c68e6

SHA512
a7fef49b517b8e3c433a24bcb8cdc96c6b76d433e2893b77b32b8313bf936ceb09e73ee19725106371277d0d96d4e6022fbc9ea609a0fee195fb32858f98be16

Download Submit
C:\Windows\System\qORsyiW.exe

Filesize
1.8MB

MD5
cf217c4f31880a1c9e14dac2a85240b0

SHA1
1216f640a13672371a084bfac9c0db963b73ff99

SHA256
ccbbcdd9e0cb343ff344ba0bcb296936522ba9fd226f9eba9f5fe2fec9825d75

SHA512
28cd8b8bb0e45da9749b1c4abc980c53aff2fd12a332513331acae7b042253023aad748104282aab358394c9da985fd45c6bc5d5a3d9dd0efbdfd7a91a8f4026

Download Submit
C:\Windows\System\sNOAGIi.exe

Filesize
1.8MB

MD5
1e6eab1f9c6739ed7fc94e54466aff7a

SHA1
756af70d7c6a0052ba1f884b7f5577a323e094de

SHA256
bbed15a9b4f6fcba273d1ef34b54655108a67b100084bde5fb0f81663cb0a417

SHA512
c534a041a1e7fe5c8bc3d05b25ea0f12590115313384ce1fdc729c64484c066bddf0315e4d1edc797e5bc1a6a62ab31b4289c93f70e814551bb02bb19b4dc4d0

Download Submit
C:\Windows\System\uLdRnEQ.exe

Filesize
1.8MB

MD5
3e1d413e503ab5483947a5d08dd37418

SHA1
25fb58462a24f3deeca2a060c358c2f9cadd5fd3

SHA256
9e45fd8de5344c4c00faf7544435a11588404f19c757ee98360654eaacf0684f

SHA512
d0b19e3a2db47503de90335a369dcd69212fc12a60c9035b039a10e4ee832d8e5224eb11bf4ce2832e0c0588823288c9795011961f5629d3d107765c09824408

Download Submit
C:\Windows\System\ujxWtkL.exe

Filesize
1.8MB

MD5
e80205e2beeb34ea5035cb1da83e9a1e

SHA1
d866f0fba1f8abd34f2f03e5c2d05fd37922003f

SHA256
ed5ef21a3abb0ab4cdd1d170b937eee24a14f4753838d445b90afb6d0941ce61

SHA512
c737268f1effb3c3fe5f276766eca6d0c7c7e4872576ae0a302d97405da07bcf5b85b7f7b095bed11a8e7169a6a89aa0778b75893b15d2ae92a4e8eb73f1f7b2

Download Submit
C:\Windows\System\xihcEGc.exe

Filesize
1.8MB

MD5
d7103b3dcc04113d719ada5c0062817a

SHA1
1b6ecef730ba339a538af60be4d03814e94c1b1f

SHA256
b6d1b4ea946502d270f937e95725e1d82b09911025f463c42f74214517eb3497

SHA512
d4827d70998e1600e57a4cb7e046e9cef7429abb8fe71a277e29362a08768b27ad91558620890b315e2ba107f23d74e8e55979d95e5d661b89cff3a871714776

Download Submit
C:\Windows\System\zVZHETz.exe

Filesize
1.8MB

MD5
7d1bfdb0d55e3103a4148695def1a9ad

SHA1
746e201c87464f403babf5f30cb330514503459a

SHA256
3296e02fd4f83c159dab3085303f1476cc0cb90af9a2f68389a8b0cbf99ab746

SHA512
88bfbe39fc727f9703e9bb6420d761575959434c270aac527cb7a06d781f89305d6e2fc1b0ba4dfbe456da45a361900dfd73d625fcfd39b5346abf8d121f8840

Download Submit
memory/552-2282-0x00007FF7C7990000-0x00007FF7C7CE1000-memory.dmp

Filesize
3.3MB

Download
memory/552-208-0x00007FF7C7990000-0x00007FF7C7CE1000-memory.dmp

Filesize
3.3MB

Download
memory/812-2306-0x00007FF6AFB40000-0x00007FF6AFE91000-memory.dmp

Filesize
3.3MB

Download
memory/812-235-0x00007FF6AFB40000-0x00007FF6AFE91000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2257-0x00007FF78C5B0000-0x00007FF78C901000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2209-0x00007FF78C5B0000-0x00007FF78C901000-memory.dmp

Filesize
3.3MB

Download
memory/1084-28-0x00007FF78C5B0000-0x00007FF78C901000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2246-0x00007FF79B560000-0x00007FF79B8B1000-memory.dmp

Filesize
3.3MB

Download
memory/1496-72-0x00007FF79B560000-0x00007FF79B8B1000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2280-0x00007FF79B560000-0x00007FF79B8B1000-memory.dmp

Filesize
3.3MB

Download
memory/1668-55-0x00007FF7E56D0000-0x00007FF7E5A21000-memory.dmp

Filesize
3.3MB

Download
memory/1668-2269-0x00007FF7E56D0000-0x00007FF7E5A21000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2292-0x00007FF79CFB0000-0x00007FF79D301000-memory.dmp

Filesize
3.3MB

Download
memory/1792-218-0x00007FF79CFB0000-0x00007FF79D301000-memory.dmp

Filesize
3.3MB

Download
memory/1900-2265-0x00007FF6F0970000-0x00007FF6F0CC1000-memory.dmp

Filesize
3.3MB

Download
memory/1900-59-0x00007FF6F0970000-0x00007FF6F0CC1000-memory.dmp

Filesize
3.3MB

Download
memory/1980-2208-0x00007FF703330000-0x00007FF703681000-memory.dmp

Filesize
3.3MB

Download
memory/1980-2259-0x00007FF703330000-0x00007FF703681000-memory.dmp

Filesize
3.3MB

Download
memory/1980-20-0x00007FF703330000-0x00007FF703681000-memory.dmp

Filesize
3.3MB

Download
memory/2012-0-0x00007FF744FF0000-0x00007FF745341000-memory.dmp

Filesize
3.3MB

Download
memory/2012-1-0x000002AF09500000-0x000002AF09510000-memory.dmp

Filesize
64KB

Download
memory/2012-1317-0x00007FF744FF0000-0x00007FF745341000-memory.dmp

Filesize
3.3MB

Download
memory/2340-71-0x00007FF73B0A0000-0x00007FF73B3F1000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2245-0x00007FF73B0A0000-0x00007FF73B3F1000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2273-0x00007FF73B0A0000-0x00007FF73B3F1000-memory.dmp

Filesize
3.3MB

Download
memory/2540-2271-0x00007FF671EE0000-0x00007FF672231000-memory.dmp

Filesize
3.3MB

Download
memory/2540-203-0x00007FF671EE0000-0x00007FF672231000-memory.dmp

Filesize
3.3MB

Download
memory/2628-220-0x00007FF70AB40000-0x00007FF70AE91000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2290-0x00007FF70AB40000-0x00007FF70AE91000-memory.dmp

Filesize
3.3MB

Download
memory/3184-2255-0x00007FF7AD3A0000-0x00007FF7AD6F1000-memory.dmp

Filesize
3.3MB

Download
memory/3184-12-0x00007FF7AD3A0000-0x00007FF7AD6F1000-memory.dmp

Filesize
3.3MB

Download
memory/3260-2286-0x00007FF7A3690000-0x00007FF7A39E1000-memory.dmp

Filesize
3.3MB

Download
memory/3260-211-0x00007FF7A3690000-0x00007FF7A39E1000-memory.dmp

Filesize
3.3MB

Download
memory/3304-231-0x00007FF7AD560000-0x00007FF7AD8B1000-memory.dmp

Filesize
3.3MB

Download
memory/3304-2298-0x00007FF7AD560000-0x00007FF7AD8B1000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2302-0x00007FF7BD410000-0x00007FF7BD761000-memory.dmp

Filesize
3.3MB

Download
memory/3320-240-0x00007FF7BD410000-0x00007FF7BD761000-memory.dmp

Filesize
3.3MB

Download
memory/3636-2233-0x00007FF60FF80000-0x00007FF6102D1000-memory.dmp

Filesize
3.3MB

Download
memory/3636-2263-0x00007FF60FF80000-0x00007FF6102D1000-memory.dmp

Filesize
3.3MB

Download
memory/3636-34-0x00007FF60FF80000-0x00007FF6102D1000-memory.dmp

Filesize
3.3MB

Download
memory/3804-2253-0x00007FF704070000-0x00007FF7043C1000-memory.dmp

Filesize
3.3MB

Download
memory/3804-8-0x00007FF704070000-0x00007FF7043C1000-memory.dmp

Filesize
3.3MB

Download
memory/3804-1909-0x00007FF704070000-0x00007FF7043C1000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2300-0x00007FF7276B0000-0x00007FF727A01000-memory.dmp

Filesize
3.3MB

Download
memory/4164-241-0x00007FF7276B0000-0x00007FF727A01000-memory.dmp

Filesize
3.3MB

Download
memory/4180-236-0x00007FF63C7E0000-0x00007FF63CB31000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2304-0x00007FF63C7E0000-0x00007FF63CB31000-memory.dmp

Filesize
3.3MB

Download
memory/4192-221-0x00007FF6D6230000-0x00007FF6D6581000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2296-0x00007FF6D6230000-0x00007FF6D6581000-memory.dmp

Filesize
3.3MB

Download
memory/4200-2267-0x00007FF6A0780000-0x00007FF6A0AD1000-memory.dmp

Filesize
3.3MB

Download
memory/4200-69-0x00007FF6A0780000-0x00007FF6A0AD1000-memory.dmp

Filesize
3.3MB

Download
memory/4212-2317-0x00007FF71F570000-0x00007FF71F8C1000-memory.dmp

Filesize
3.3MB

Download
memory/4212-225-0x00007FF71F570000-0x00007FF71F8C1000-memory.dmp

Filesize
3.3MB

Download
memory/4288-224-0x00007FF74CE00000-0x00007FF74D151000-memory.dmp

Filesize
3.3MB

Download
memory/4288-2314-0x00007FF74CE00000-0x00007FF74D151000-memory.dmp

Filesize
3.3MB

Download
memory/4508-2284-0x00007FF6F8AA0000-0x00007FF6F8DF1000-memory.dmp

Filesize
3.3MB

Download
memory/4508-217-0x00007FF6F8AA0000-0x00007FF6F8DF1000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2288-0x00007FF6CB4F0000-0x00007FF6CB841000-memory.dmp

Filesize
3.3MB

Download
memory/4700-209-0x00007FF6CB4F0000-0x00007FF6CB841000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2235-0x00007FF74AE90000-0x00007FF74B1E1000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2278-0x00007FF74AE90000-0x00007FF74B1E1000-memory.dmp

Filesize
3.3MB

Download
memory/4740-65-0x00007FF74AE90000-0x00007FF74B1E1000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2294-0x00007FF63CCD0000-0x00007FF63D021000-memory.dmp

Filesize
3.3MB

Download
memory/4788-228-0x00007FF63CCD0000-0x00007FF63D021000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2249-0x00007FF780E90000-0x00007FF7811E1000-memory.dmp

Filesize
3.3MB

Download
memory/4884-79-0x00007FF780E90000-0x00007FF7811E1000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2275-0x00007FF780E90000-0x00007FF7811E1000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2230-0x00007FF6E2710000-0x00007FF6E2A61000-memory.dmp

Filesize
3.3MB

Download
memory/4928-2261-0x00007FF6E2710000-0x00007FF6E2A61000-memory.dmp

Filesize
3.3MB

Download
memory/4928-33-0x00007FF6E2710000-0x00007FF6E2A61000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads