xmrig | d152ddc39c2bcd3b5e92b9b87b71a09300e1ab52cfcab3c1d60a029660f65357

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
Size

1.6MB
MD5

4957a18e19fcf751762900cc1fb2f200
SHA1

a24c03e173d85f023ffbd983bac8a68cd7387472
SHA256

d152ddc39c2bcd3b5e92b9b87b71a09300e1ab52cfcab3c1d60a029660f65357
SHA512

9a64fbf074dc21542e4d024a57a747d792d635ebaa025d0c98fc3e6165e1f6636a6b883b131527ed5bd3355014b47372e8e9a0dbc61ec1f10e913a430c4ce653
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIRxj4c7bCa0:GemTLkNdfE0pZa8

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x000c0000000233da-4.dat	xmrig
behavioral2/files/0x0007000000023427-7.dat	xmrig
behavioral2/files/0x0007000000023428-16.dat	xmrig
behavioral2/files/0x000700000002342c-32.dat	xmrig
behavioral2/files/0x0007000000023429-33.dat	xmrig
behavioral2/files/0x0007000000023430-47.dat	xmrig
behavioral2/files/0x000700000002342a-66.dat	xmrig
behavioral2/files/0x000700000002343a-99.dat	xmrig
behavioral2/files/0x0007000000023436-128.dat	xmrig
behavioral2/files/0x0007000000023444-154.dat	xmrig
behavioral2/files/0x0007000000023443-152.dat	xmrig
behavioral2/files/0x0007000000023442-150.dat	xmrig
behavioral2/files/0x0007000000023441-148.dat	xmrig
behavioral2/files/0x0007000000023440-146.dat	xmrig
behavioral2/files/0x000700000002343f-144.dat	xmrig
behavioral2/files/0x000700000002343e-142.dat	xmrig
behavioral2/files/0x000700000002343c-140.dat	xmrig
behavioral2/files/0x0007000000023439-136.dat	xmrig
behavioral2/files/0x0007000000023437-134.dat	xmrig
behavioral2/files/0x0007000000023438-132.dat	xmrig
behavioral2/files/0x000700000002343d-130.dat	xmrig
behavioral2/files/0x000700000002343b-123.dat	xmrig
behavioral2/files/0x0007000000023434-117.dat	xmrig
behavioral2/files/0x0007000000023432-111.dat	xmrig
behavioral2/files/0x0007000000023431-106.dat	xmrig
behavioral2/files/0x0007000000023435-102.dat	xmrig
behavioral2/files/0x0007000000023433-93.dat	xmrig
behavioral2/files/0x000700000002342e-89.dat	xmrig
behavioral2/files/0x000700000002342d-78.dat	xmrig
behavioral2/files/0x000700000002342b-61.dat	xmrig
behavioral2/files/0x000700000002342f-48.dat	xmrig
behavioral2/files/0x0007000000023445-161.dat	xmrig
behavioral2/files/0x0008000000023424-162.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5024	PNgItto.exe
3524	mjuWbcw.exe
4088	BMjPyOq.exe
4584	pVsPrNh.exe
3892	KBmuRwY.exe
3992	DCxeXuF.exe
1032	hsTtuuY.exe
4104	heEUNVd.exe
2576	SsbHfFG.exe
2484	ktTVkwv.exe
3480	HHNxMTo.exe
2196	AuKqYgW.exe
2064	FLAZUXT.exe
2972	xgPZwnV.exe
3904	uIdrjbN.exe
4772	GnoSEww.exe
3244	jhZFTKg.exe
1996	XeICZyp.exe
1948	nrapFEW.exe
3440	xuAqkCz.exe
2752	zQcgIfp.exe
4232	HObMQeS.exe
1884	IYIpWsu.exe
4252	CwcFqzH.exe
3644	pSWfooU.exe
1368	oFYgQJx.exe
2916	Gtfoxyn.exe
4740	UPdfuiT.exe
3284	XvZWOpT.exe
1196	ieaFxtg.exe
2524	tHGGejB.exe
2548	UHWQHaB.exe
4476	VYqgkfn.exe
3476	BJbGpOM.exe
1972	BtcyivX.exe
4120	aQKefcD.exe
1172	xStgOZM.exe
544	BnAzFiO.exe
4728	RvKjPSx.exe
4904	jlmSTnB.exe
1004	dVtCWVY.exe
1168	YzKvLHW.exe
4040	nBFhfLw.exe
2004	fSkguYv.exe
3452	nzikYri.exe
4520	ZpVHedw.exe
1644	yjDBheA.exe
2712	ZLocLDc.exe
4768	pEaYWzn.exe
3076	zZFkbHt.exe
3556	DFmHEen.exe
2100	SbnCZOs.exe
3004	FIhULgM.exe
668	BqZwGAf.exe
5048	KKaVaow.exe
3124	PdSmWpR.exe
4356	jwyaknF.exe
2344	hraikSP.exe
4276	rtZkFbj.exe
3008	ZYpVVeS.exe
4284	dZHIgeU.exe
4456	WFYgids.exe
3236	GrjAfFA.exe
3448	WyTKcLS.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\wbem\Performance\WmiApRpl_new.h	WMIADAP.EXE
File created	C:\Windows\system32\wbem\Performance\WmiApRpl_new.ini	WMIADAP.EXE

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wWeYXWV.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\tPPSmcq.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\GVVHVtu.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\xuAqkCz.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\hraikSP.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\NSlSIwv.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\OgKVPTL.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\OnVTitY.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\IGPzxAt.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\nVMqKHu.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\pJsKTWd.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\zuZtxXz.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\eytVZWF.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\wFEUqiz.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\skCLlUp.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\eYIcRpL.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\sxPPpFA.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\bxbdNBd.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\xQAdaVl.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\gJwJNgc.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\BtQqNMF.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\JPmgfBT.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\SbnCZOs.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\eOUVxYF.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\lxEOIlE.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\qUIMcTk.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\lvYTykg.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\CwcFqzH.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\CPLDNDM.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\VuYTdHm.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\ulshjYN.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\IYIpWsu.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\oLTMaIj.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\qZeZPrT.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\DxPpwVQ.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\PpnxkGi.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\oKSgQtK.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\FczPTMM.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\PKJRUII.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\ZYpVVeS.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\pCOqKIe.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\kRzCiZR.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\jQXCDvH.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\dtkQWMA.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\UIKXaNE.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\KrAHUbM.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\CbjqgvS.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\GKhFGto.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\zQcgIfp.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\BqZwGAf.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\kqCiAFo.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\yxcEucL.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\APuSvcu.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\GtDpwgd.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\pQCHiZc.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\CxCCeWJ.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\znwOoML.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\ZpPzPJV.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\hAKWrla.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\PlSiPtj.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\BSbeJah.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\GdPkXZs.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\sUjChzl.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
File created	C:\Windows\System\jlmSTnB.exe	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 41 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 14 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
18184	Process not Found
18220	Process not Found
18224	Process not Found
18228	Process not Found
18236	Process not Found
18160	Process not Found
18208	Process not Found
18248	Process not Found
18156	Process not Found
18280	Process not Found
18324	Process not Found
18276	Process not Found
18288	Process not Found
18292	Process not Found
18316	Process not Found
18320	Process not Found
18268	Process not Found
18328	Process not Found
18332	Process not Found
18340	Process not Found
18260	Process not Found
18360	Process not Found
18376	Process not Found
364	Process not Found
18412	Process not Found
16904	Process not Found
18416	Process not Found
17376	Process not Found
16796	Process not Found
17396	Process not Found
17140	Process not Found
17504	Process not Found
17516	Process not Found
18356	Process not Found
18368	Process not Found
17028	Process not Found
13336	Process not Found
1364	Process not Found
3444	Process not Found
852	Process not Found
860	Process not Found
796	Process not Found
2624	Process not Found
3092	Process not Found
2596	Process not Found
2384	Process not Found
2328	Process not Found
1872	Process not Found
2584	Process not Found
2256	Process not Found
2556	Process not Found
3376	Process not Found
4552	Process not Found
4072	Process not Found
17736	Process not Found
16960	Process not Found
17496	Process not Found
17728	Process not Found
16908	Process not Found
4484	Process not Found
3240	Process not Found
15928	Process not Found
15440	Process not Found
16080	Process not Found

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16792	dwm.exe
Token: SeChangeNotifyPrivilege	16792	dwm.exe
Token: 33	16792	dwm.exe
Token: SeIncBasePriorityPrivilege	16792	dwm.exe
Token: SeCreateGlobalPrivilege	17532	dwm.exe
Token: SeChangeNotifyPrivilege	17532	dwm.exe
Token: 33	17532	dwm.exe
Token: SeIncBasePriorityPrivilege	17532	dwm.exe
Token: SeCreateGlobalPrivilege	17816	dwm.exe
Token: SeChangeNotifyPrivilege	17816	dwm.exe
Token: 33	17816	dwm.exe
Token: SeIncBasePriorityPrivilege	17816	dwm.exe
Token: SeCreateGlobalPrivilege	17908	dwm.exe
Token: SeChangeNotifyPrivilege	17908	dwm.exe
Token: 33	17908	dwm.exe
Token: SeIncBasePriorityPrivilege	17908	dwm.exe
Token: SeCreateGlobalPrivilege	18056	dwm.exe
Token: SeChangeNotifyPrivilege	18056	dwm.exe
Token: 33	18056	dwm.exe
Token: SeIncBasePriorityPrivilege	18056	dwm.exe
Token: SeCreateGlobalPrivilege	18152	dwm.exe
Token: SeChangeNotifyPrivilege	18152	dwm.exe
Token: 33	18152	dwm.exe
Token: SeIncBasePriorityPrivilege	18152	dwm.exe
Token: SeCreateGlobalPrivilege	18260	dwm.exe
Token: SeChangeNotifyPrivilege	18260	dwm.exe
Token: 33	18260	dwm.exe
Token: SeIncBasePriorityPrivilege	18260	dwm.exe
Token: SeCreateGlobalPrivilege	18352	dwm.exe
Token: SeChangeNotifyPrivilege	18352	dwm.exe
Token: 33	18352	dwm.exe
Token: SeIncBasePriorityPrivilege	18352	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 5024	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	86
PID 3148 wrote to memory of 5024	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	86
PID 3148 wrote to memory of 3524	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	87
PID 3148 wrote to memory of 3524	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	87
PID 3148 wrote to memory of 4088	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	88
PID 3148 wrote to memory of 4088	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	88
PID 3148 wrote to memory of 4584	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	89
PID 3148 wrote to memory of 4584	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	89
PID 3148 wrote to memory of 3892	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	90
PID 3148 wrote to memory of 3892	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	90
PID 3148 wrote to memory of 3992	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	91
PID 3148 wrote to memory of 3992	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	91
PID 3148 wrote to memory of 1032	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	92
PID 3148 wrote to memory of 1032	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	92
PID 3148 wrote to memory of 4104	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	93
PID 3148 wrote to memory of 4104	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	93
PID 3148 wrote to memory of 2576	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	94
PID 3148 wrote to memory of 2576	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	94
PID 3148 wrote to memory of 2484	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	95
PID 3148 wrote to memory of 2484	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	95
PID 3148 wrote to memory of 3480	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	96
PID 3148 wrote to memory of 3480	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	96
PID 3148 wrote to memory of 2196	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	97
PID 3148 wrote to memory of 2196	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	97
PID 3148 wrote to memory of 2064	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	98
PID 3148 wrote to memory of 2064	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	98
PID 3148 wrote to memory of 2972	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	99
PID 3148 wrote to memory of 2972	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	99
PID 3148 wrote to memory of 3904	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	100
PID 3148 wrote to memory of 3904	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	100
PID 3148 wrote to memory of 4772	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	101
PID 3148 wrote to memory of 4772	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	101
PID 3148 wrote to memory of 3244	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	102
PID 3148 wrote to memory of 3244	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	102
PID 3148 wrote to memory of 1996	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	103
PID 3148 wrote to memory of 1996	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	103
PID 3148 wrote to memory of 1948	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	104
PID 3148 wrote to memory of 1948	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	104
PID 3148 wrote to memory of 3440	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	105
PID 3148 wrote to memory of 3440	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	105
PID 3148 wrote to memory of 2752	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	106
PID 3148 wrote to memory of 2752	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	106
PID 3148 wrote to memory of 4232	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	107
PID 3148 wrote to memory of 4232	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	107
PID 3148 wrote to memory of 1884	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	108
PID 3148 wrote to memory of 1884	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	108
PID 3148 wrote to memory of 4252	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	109
PID 3148 wrote to memory of 4252	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	109
PID 3148 wrote to memory of 3644	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	110
PID 3148 wrote to memory of 3644	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	110
PID 3148 wrote to memory of 1368	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	111
PID 3148 wrote to memory of 1368	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	111
PID 3148 wrote to memory of 2916	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	112
PID 3148 wrote to memory of 2916	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	112
PID 3148 wrote to memory of 4740	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	113
PID 3148 wrote to memory of 4740	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	113
PID 3148 wrote to memory of 3284	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	114
PID 3148 wrote to memory of 3284	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	114
PID 3148 wrote to memory of 1196	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	115
PID 3148 wrote to memory of 1196	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	115
PID 3148 wrote to memory of 2524	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	116
PID 3148 wrote to memory of 2524	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	116
PID 3148 wrote to memory of 2548	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	117
PID 3148 wrote to memory of 2548	3148	4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4957a18e19fcf751762900cc1fb2f200_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Windows\System\PNgItto.exe
  C:\Windows\System\PNgItto.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\mjuWbcw.exe
  C:\Windows\System\mjuWbcw.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\BMjPyOq.exe
  C:\Windows\System\BMjPyOq.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\pVsPrNh.exe
  C:\Windows\System\pVsPrNh.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\KBmuRwY.exe
  C:\Windows\System\KBmuRwY.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\DCxeXuF.exe
  C:\Windows\System\DCxeXuF.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\hsTtuuY.exe
  C:\Windows\System\hsTtuuY.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\heEUNVd.exe
  C:\Windows\System\heEUNVd.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\SsbHfFG.exe
  C:\Windows\System\SsbHfFG.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ktTVkwv.exe
  C:\Windows\System\ktTVkwv.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\HHNxMTo.exe
  C:\Windows\System\HHNxMTo.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\AuKqYgW.exe
  C:\Windows\System\AuKqYgW.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\FLAZUXT.exe
  C:\Windows\System\FLAZUXT.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\xgPZwnV.exe
  C:\Windows\System\xgPZwnV.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\uIdrjbN.exe
  C:\Windows\System\uIdrjbN.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\GnoSEww.exe
  C:\Windows\System\GnoSEww.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\jhZFTKg.exe
  C:\Windows\System\jhZFTKg.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\XeICZyp.exe
  C:\Windows\System\XeICZyp.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\nrapFEW.exe
  C:\Windows\System\nrapFEW.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\xuAqkCz.exe
  C:\Windows\System\xuAqkCz.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\zQcgIfp.exe
  C:\Windows\System\zQcgIfp.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\HObMQeS.exe
  C:\Windows\System\HObMQeS.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\IYIpWsu.exe
  C:\Windows\System\IYIpWsu.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\CwcFqzH.exe
  C:\Windows\System\CwcFqzH.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\pSWfooU.exe
  C:\Windows\System\pSWfooU.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\oFYgQJx.exe
  C:\Windows\System\oFYgQJx.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\Gtfoxyn.exe
  C:\Windows\System\Gtfoxyn.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\UPdfuiT.exe
  C:\Windows\System\UPdfuiT.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\XvZWOpT.exe
  C:\Windows\System\XvZWOpT.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\ieaFxtg.exe
  C:\Windows\System\ieaFxtg.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\tHGGejB.exe
  C:\Windows\System\tHGGejB.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\UHWQHaB.exe
  C:\Windows\System\UHWQHaB.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\VYqgkfn.exe
  C:\Windows\System\VYqgkfn.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\aQKefcD.exe
  C:\Windows\System\aQKefcD.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\xStgOZM.exe
  C:\Windows\System\xStgOZM.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\BJbGpOM.exe
  C:\Windows\System\BJbGpOM.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\BtcyivX.exe
  C:\Windows\System\BtcyivX.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\BnAzFiO.exe
  C:\Windows\System\BnAzFiO.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\RvKjPSx.exe
  C:\Windows\System\RvKjPSx.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\jlmSTnB.exe
  C:\Windows\System\jlmSTnB.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\dVtCWVY.exe
  C:\Windows\System\dVtCWVY.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\YzKvLHW.exe
  C:\Windows\System\YzKvLHW.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\nBFhfLw.exe
  C:\Windows\System\nBFhfLw.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\fSkguYv.exe
  C:\Windows\System\fSkguYv.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\nzikYri.exe
  C:\Windows\System\nzikYri.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\ZpVHedw.exe
  C:\Windows\System\ZpVHedw.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\yjDBheA.exe
  C:\Windows\System\yjDBheA.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\ZLocLDc.exe
  C:\Windows\System\ZLocLDc.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\pEaYWzn.exe
  C:\Windows\System\pEaYWzn.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\zZFkbHt.exe
  C:\Windows\System\zZFkbHt.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\DFmHEen.exe
  C:\Windows\System\DFmHEen.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\SbnCZOs.exe
  C:\Windows\System\SbnCZOs.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\FIhULgM.exe
  C:\Windows\System\FIhULgM.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\BqZwGAf.exe
  C:\Windows\System\BqZwGAf.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\KKaVaow.exe
  C:\Windows\System\KKaVaow.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\PdSmWpR.exe
  C:\Windows\System\PdSmWpR.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\jwyaknF.exe
  C:\Windows\System\jwyaknF.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\hraikSP.exe
  C:\Windows\System\hraikSP.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\rtZkFbj.exe
  C:\Windows\System\rtZkFbj.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\ZYpVVeS.exe
  C:\Windows\System\ZYpVVeS.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\dZHIgeU.exe
  C:\Windows\System\dZHIgeU.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\WFYgids.exe
  C:\Windows\System\WFYgids.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\GrjAfFA.exe
  C:\Windows\System\GrjAfFA.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\WyTKcLS.exe
  C:\Windows\System\WyTKcLS.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\TYGQycM.exe
  C:\Windows\System\TYGQycM.exe
  2⤵
  PID:2540
- C:\Windows\System\KbExYzL.exe
  C:\Windows\System\KbExYzL.exe
  2⤵
  PID:748
- C:\Windows\System\kStwjrW.exe
  C:\Windows\System\kStwjrW.exe
  2⤵
  PID:1352
- C:\Windows\System\eOUVxYF.exe
  C:\Windows\System\eOUVxYF.exe
  2⤵
  PID:4372
- C:\Windows\System\PCSkZbo.exe
  C:\Windows\System\PCSkZbo.exe
  2⤵
  PID:3684
- C:\Windows\System\YBhzfDt.exe
  C:\Windows\System\YBhzfDt.exe
  2⤵
  PID:1756
- C:\Windows\System\CPLDNDM.exe
  C:\Windows\System\CPLDNDM.exe
  2⤵
  PID:3064
- C:\Windows\System\CMnlxNk.exe
  C:\Windows\System\CMnlxNk.exe
  2⤵
  PID:3740
- C:\Windows\System\qlrFwgt.exe
  C:\Windows\System\qlrFwgt.exe
  2⤵
  PID:4180
- C:\Windows\System\MVQuQSW.exe
  C:\Windows\System\MVQuQSW.exe
  2⤵
  PID:960
- C:\Windows\System\SbRjHEU.exe
  C:\Windows\System\SbRjHEU.exe
  2⤵
  PID:2204
- C:\Windows\System\KzDcCdp.exe
  C:\Windows\System\KzDcCdp.exe
  2⤵
  PID:1680
- C:\Windows\System\htmWxWm.exe
  C:\Windows\System\htmWxWm.exe
  2⤵
  PID:2356
- C:\Windows\System\SEIUPDa.exe
  C:\Windows\System\SEIUPDa.exe
  2⤵
  PID:4656
- C:\Windows\System\WHpBsJy.exe
  C:\Windows\System\WHpBsJy.exe
  2⤵
  PID:4316
- C:\Windows\System\QNfiJWB.exe
  C:\Windows\System\QNfiJWB.exe
  2⤵
  PID:2816
- C:\Windows\System\hjfBhgG.exe
  C:\Windows\System\hjfBhgG.exe
  2⤵
  PID:2872
- C:\Windows\System\MFhwFhk.exe
  C:\Windows\System\MFhwFhk.exe
  2⤵
  PID:3084
- C:\Windows\System\wDxtiYh.exe
  C:\Windows\System\wDxtiYh.exe
  2⤵
  PID:4300
- C:\Windows\System\mkOaATQ.exe
  C:\Windows\System\mkOaATQ.exe
  2⤵
  PID:3728
- C:\Windows\System\XcFJRYg.exe
  C:\Windows\System\XcFJRYg.exe
  2⤵
  PID:1108
- C:\Windows\System\aHYFUDo.exe
  C:\Windows\System\aHYFUDo.exe
  2⤵
  PID:4056
- C:\Windows\System\sCxImgJ.exe
  C:\Windows\System\sCxImgJ.exe
  2⤵
  PID:1492
- C:\Windows\System\AkeWVbX.exe
  C:\Windows\System\AkeWVbX.exe
  2⤵
  PID:3228
- C:\Windows\System\wLHrbbj.exe
  C:\Windows\System\wLHrbbj.exe
  2⤵
  PID:4512
- C:\Windows\System\daVzUoJ.exe
  C:\Windows\System\daVzUoJ.exe
  2⤵
  PID:1504
- C:\Windows\System\BNrPcAd.exe
  C:\Windows\System\BNrPcAd.exe
  2⤵
  PID:1940
- C:\Windows\System\cswOEkZ.exe
  C:\Windows\System\cswOEkZ.exe
  2⤵
  PID:3472
- C:\Windows\System\bMdoeHO.exe
  C:\Windows\System\bMdoeHO.exe
  2⤵
  PID:3716
- C:\Windows\System\OxQkhmR.exe
  C:\Windows\System\OxQkhmR.exe
  2⤵
  PID:1508
- C:\Windows\System\PVGoTZQ.exe
  C:\Windows\System\PVGoTZQ.exe
  2⤵
  PID:4748
- C:\Windows\System\GKvDuTy.exe
  C:\Windows\System\GKvDuTy.exe
  2⤵
  PID:3940
- C:\Windows\System\OquOjXC.exe
  C:\Windows\System\OquOjXC.exe
  2⤵
  PID:3584
- C:\Windows\System\JNgDbwS.exe
  C:\Windows\System\JNgDbwS.exe
  2⤵
  PID:3764
- C:\Windows\System\ypGkqUo.exe
  C:\Windows\System\ypGkqUo.exe
  2⤵
  PID:3392
- C:\Windows\System\QxBudeI.exe
  C:\Windows\System\QxBudeI.exe
  2⤵
  PID:3180
- C:\Windows\System\MhxAgBM.exe
  C:\Windows\System\MhxAgBM.exe
  2⤵
  PID:5004
- C:\Windows\System\nRaykrZ.exe
  C:\Windows\System\nRaykrZ.exe
  2⤵
  PID:712
- C:\Windows\System\mnSMjgb.exe
  C:\Windows\System\mnSMjgb.exe
  2⤵
  PID:4644
- C:\Windows\System\LvwFzBg.exe
  C:\Windows\System\LvwFzBg.exe
  2⤵
  PID:5136
- C:\Windows\System\BsFtjaE.exe
  C:\Windows\System\BsFtjaE.exe
  2⤵
  PID:5156
- C:\Windows\System\FyRdoAG.exe
  C:\Windows\System\FyRdoAG.exe
  2⤵
  PID:5188
- C:\Windows\System\aLCLEgK.exe
  C:\Windows\System\aLCLEgK.exe
  2⤵
  PID:5224
- C:\Windows\System\cgBmoEf.exe
  C:\Windows\System\cgBmoEf.exe
  2⤵
  PID:5248
- C:\Windows\System\mmbcVHN.exe
  C:\Windows\System\mmbcVHN.exe
  2⤵
  PID:5280
- C:\Windows\System\JKCJVIT.exe
  C:\Windows\System\JKCJVIT.exe
  2⤵
  PID:5308
- C:\Windows\System\UaBVVhE.exe
  C:\Windows\System\UaBVVhE.exe
  2⤵
  PID:5348
- C:\Windows\System\IqtohBP.exe
  C:\Windows\System\IqtohBP.exe
  2⤵
  PID:5376
- C:\Windows\System\UpuCqpN.exe
  C:\Windows\System\UpuCqpN.exe
  2⤵
  PID:5412
- C:\Windows\System\iFlWHDF.exe
  C:\Windows\System\iFlWHDF.exe
  2⤵
  PID:5444
- C:\Windows\System\PpnxkGi.exe
  C:\Windows\System\PpnxkGi.exe
  2⤵
  PID:5476
- C:\Windows\System\BQfzMnQ.exe
  C:\Windows\System\BQfzMnQ.exe
  2⤵
  PID:5508
- C:\Windows\System\CaYaSNy.exe
  C:\Windows\System\CaYaSNy.exe
  2⤵
  PID:5536
- C:\Windows\System\ePHnwBl.exe
  C:\Windows\System\ePHnwBl.exe
  2⤵
  PID:5564
- C:\Windows\System\VSMPbHV.exe
  C:\Windows\System\VSMPbHV.exe
  2⤵
  PID:5592
- C:\Windows\System\YeKmJTp.exe
  C:\Windows\System\YeKmJTp.exe
  2⤵
  PID:5608
- C:\Windows\System\OefBrQV.exe
  C:\Windows\System\OefBrQV.exe
  2⤵
  PID:5624
- C:\Windows\System\sScJNrC.exe
  C:\Windows\System\sScJNrC.exe
  2⤵
  PID:5640
- C:\Windows\System\vIacapD.exe
  C:\Windows\System\vIacapD.exe
  2⤵
  PID:5656
- C:\Windows\System\JOjMEuO.exe
  C:\Windows\System\JOjMEuO.exe
  2⤵
  PID:5676
- C:\Windows\System\HTvoYRn.exe
  C:\Windows\System\HTvoYRn.exe
  2⤵
  PID:5692
- C:\Windows\System\NKabikW.exe
  C:\Windows\System\NKabikW.exe
  2⤵
  PID:5708
- C:\Windows\System\VcVoLLm.exe
  C:\Windows\System\VcVoLLm.exe
  2⤵
  PID:5732
- C:\Windows\System\sUwyZXN.exe
  C:\Windows\System\sUwyZXN.exe
  2⤵
  PID:5756
- C:\Windows\System\OytnQLq.exe
  C:\Windows\System\OytnQLq.exe
  2⤵
  PID:5776
- C:\Windows\System\godAcdl.exe
  C:\Windows\System\godAcdl.exe
  2⤵
  PID:5804
- C:\Windows\System\sNAvWIO.exe
  C:\Windows\System\sNAvWIO.exe
  2⤵
  PID:5844
- C:\Windows\System\feYqQBw.exe
  C:\Windows\System\feYqQBw.exe
  2⤵
  PID:5868
- C:\Windows\System\SgVDcJX.exe
  C:\Windows\System\SgVDcJX.exe
  2⤵
  PID:5904
- C:\Windows\System\oKSgQtK.exe
  C:\Windows\System\oKSgQtK.exe
  2⤵
  PID:5940
- C:\Windows\System\OwrUCje.exe
  C:\Windows\System\OwrUCje.exe
  2⤵
  PID:5972
- C:\Windows\System\IKcPpIb.exe
  C:\Windows\System\IKcPpIb.exe
  2⤵
  PID:6004
- C:\Windows\System\GtvcrcS.exe
  C:\Windows\System\GtvcrcS.exe
  2⤵
  PID:6036
- C:\Windows\System\avwJzKc.exe
  C:\Windows\System\avwJzKc.exe
  2⤵
  PID:6068
- C:\Windows\System\FQHuBxz.exe
  C:\Windows\System\FQHuBxz.exe
  2⤵
  PID:6100
- C:\Windows\System\aeJSorG.exe
  C:\Windows\System\aeJSorG.exe
  2⤵
  PID:6136
- C:\Windows\System\KgmhqSk.exe
  C:\Windows\System\KgmhqSk.exe
  2⤵
  PID:5132
- C:\Windows\System\qyJzPBS.exe
  C:\Windows\System\qyJzPBS.exe
  2⤵
  PID:5220
- C:\Windows\System\NgVPLMR.exe
  C:\Windows\System\NgVPLMR.exe
  2⤵
  PID:5300
- C:\Windows\System\EnNzVjS.exe
  C:\Windows\System\EnNzVjS.exe
  2⤵
  PID:5396
- C:\Windows\System\ZgmUbDv.exe
  C:\Windows\System\ZgmUbDv.exe
  2⤵
  PID:5460
- C:\Windows\System\etYlQOb.exe
  C:\Windows\System\etYlQOb.exe
  2⤵
  PID:5524
- C:\Windows\System\OnVTitY.exe
  C:\Windows\System\OnVTitY.exe
  2⤵
  PID:5620
- C:\Windows\System\OEUdVcH.exe
  C:\Windows\System\OEUdVcH.exe
  2⤵
  PID:5648
- C:\Windows\System\qotraBc.exe
  C:\Windows\System\qotraBc.exe
  2⤵
  PID:5684
- C:\Windows\System\cTYqecM.exe
  C:\Windows\System\cTYqecM.exe
  2⤵
  PID:5764
- C:\Windows\System\krSeUFT.exe
  C:\Windows\System\krSeUFT.exe
  2⤵
  PID:5752
- C:\Windows\System\fGtJzBv.exe
  C:\Windows\System\fGtJzBv.exe
  2⤵
  PID:5828
- C:\Windows\System\rHcqqXL.exe
  C:\Windows\System\rHcqqXL.exe
  2⤵
  PID:5988
- C:\Windows\System\kngrToW.exe
  C:\Windows\System\kngrToW.exe
  2⤵
  PID:5932
- C:\Windows\System\WewYCRS.exe
  C:\Windows\System\WewYCRS.exe
  2⤵
  PID:5996
- C:\Windows\System\AHelYKJ.exe
  C:\Windows\System\AHelYKJ.exe
  2⤵
  PID:6056
- C:\Windows\System\VuYTdHm.exe
  C:\Windows\System\VuYTdHm.exe
  2⤵
  PID:6120
- C:\Windows\System\wfOEabc.exe
  C:\Windows\System\wfOEabc.exe
  2⤵
  PID:5236
- C:\Windows\System\gpXGOTy.exe
  C:\Windows\System\gpXGOTy.exe
  2⤵
  PID:5356
- C:\Windows\System\RfmrMmf.exe
  C:\Windows\System\RfmrMmf.exe
  2⤵
  PID:5652
- C:\Windows\System\GkKvgGr.exe
  C:\Windows\System\GkKvgGr.exe
  2⤵
  PID:5704
- C:\Windows\System\tWTdfTk.exe
  C:\Windows\System\tWTdfTk.exe
  2⤵
  PID:6020
- C:\Windows\System\NgpaxWg.exe
  C:\Windows\System\NgpaxWg.exe
  2⤵
  PID:5916
- C:\Windows\System\SELxrul.exe
  C:\Windows\System\SELxrul.exe
  2⤵
  PID:5468
- C:\Windows\System\HBxoUiO.exe
  C:\Windows\System\HBxoUiO.exe
  2⤵
  PID:5724
- C:\Windows\System\VlEBgdR.exe
  C:\Windows\System\VlEBgdR.exe
  2⤵
  PID:5824
- C:\Windows\System\CquKwza.exe
  C:\Windows\System\CquKwza.exe
  2⤵
  PID:6152
- C:\Windows\System\olkPihb.exe
  C:\Windows\System\olkPihb.exe
  2⤵
  PID:6184
- C:\Windows\System\YZOWqgq.exe
  C:\Windows\System\YZOWqgq.exe
  2⤵
  PID:6212
- C:\Windows\System\vmhZpsb.exe
  C:\Windows\System\vmhZpsb.exe
  2⤵
  PID:6240
- C:\Windows\System\CypPDDE.exe
  C:\Windows\System\CypPDDE.exe
  2⤵
  PID:6268
- C:\Windows\System\QtmHTAh.exe
  C:\Windows\System\QtmHTAh.exe
  2⤵
  PID:6300
- C:\Windows\System\KViNhZP.exe
  C:\Windows\System\KViNhZP.exe
  2⤵
  PID:6328
- C:\Windows\System\MBnMmwg.exe
  C:\Windows\System\MBnMmwg.exe
  2⤵
  PID:6356
- C:\Windows\System\QeHFSIq.exe
  C:\Windows\System\QeHFSIq.exe
  2⤵
  PID:6388
- C:\Windows\System\NHXuDFl.exe
  C:\Windows\System\NHXuDFl.exe
  2⤵
  PID:6416
- C:\Windows\System\axPjvgY.exe
  C:\Windows\System\axPjvgY.exe
  2⤵
  PID:6440
- C:\Windows\System\DybBdic.exe
  C:\Windows\System\DybBdic.exe
  2⤵
  PID:6472
- C:\Windows\System\PBjlkBZ.exe
  C:\Windows\System\PBjlkBZ.exe
  2⤵
  PID:6500
- C:\Windows\System\qgfgwJC.exe
  C:\Windows\System\qgfgwJC.exe
  2⤵
  PID:6520
- C:\Windows\System\ZNNVBAH.exe
  C:\Windows\System\ZNNVBAH.exe
  2⤵
  PID:6556
- C:\Windows\System\BiKWECA.exe
  C:\Windows\System\BiKWECA.exe
  2⤵
  PID:6588
- C:\Windows\System\sEpxiGw.exe
  C:\Windows\System\sEpxiGw.exe
  2⤵
  PID:6612
- C:\Windows\System\tkJALmR.exe
  C:\Windows\System\tkJALmR.exe
  2⤵
  PID:6628
- C:\Windows\System\HcQMrjC.exe
  C:\Windows\System\HcQMrjC.exe
  2⤵
  PID:6664
- C:\Windows\System\feUrWvt.exe
  C:\Windows\System\feUrWvt.exe
  2⤵
  PID:6696
- C:\Windows\System\YThlZJn.exe
  C:\Windows\System\YThlZJn.exe
  2⤵
  PID:6732
- C:\Windows\System\wepagiz.exe
  C:\Windows\System\wepagiz.exe
  2⤵
  PID:6752
- C:\Windows\System\gVAOTjr.exe
  C:\Windows\System\gVAOTjr.exe
  2⤵
  PID:6776
- C:\Windows\System\nhUiAzn.exe
  C:\Windows\System\nhUiAzn.exe
  2⤵
  PID:6808
- C:\Windows\System\nwfscmD.exe
  C:\Windows\System\nwfscmD.exe
  2⤵
  PID:6832
- C:\Windows\System\QWJXYuk.exe
  C:\Windows\System\QWJXYuk.exe
  2⤵
  PID:6868
- C:\Windows\System\grzOgoG.exe
  C:\Windows\System\grzOgoG.exe
  2⤵
  PID:6900
- C:\Windows\System\SOPGTpk.exe
  C:\Windows\System\SOPGTpk.exe
  2⤵
  PID:6932
- C:\Windows\System\NZakhKS.exe
  C:\Windows\System\NZakhKS.exe
  2⤵
  PID:6960
- C:\Windows\System\KoAfMGM.exe
  C:\Windows\System\KoAfMGM.exe
  2⤵
  PID:6988
- C:\Windows\System\yLVUOZr.exe
  C:\Windows\System\yLVUOZr.exe
  2⤵
  PID:7016
- C:\Windows\System\XOWgHsu.exe
  C:\Windows\System\XOWgHsu.exe
  2⤵
  PID:7048
- C:\Windows\System\SYUBQli.exe
  C:\Windows\System\SYUBQli.exe
  2⤵
  PID:7080
- C:\Windows\System\YtfsruK.exe
  C:\Windows\System\YtfsruK.exe
  2⤵
  PID:7108
- C:\Windows\System\UQopyYd.exe
  C:\Windows\System\UQopyYd.exe
  2⤵
  PID:7140
- C:\Windows\System\EhBidNn.exe
  C:\Windows\System\EhBidNn.exe
  2⤵
  PID:7164
- C:\Windows\System\ZSMrGsv.exe
  C:\Windows\System\ZSMrGsv.exe
  2⤵
  PID:5504
- C:\Windows\System\WcybMKR.exe
  C:\Windows\System\WcybMKR.exe
  2⤵
  PID:5636
- C:\Windows\System\hcIVWqy.exe
  C:\Windows\System\hcIVWqy.exe
  2⤵
  PID:6264
- C:\Windows\System\RLKJxaA.exe
  C:\Windows\System\RLKJxaA.exe
  2⤵
  PID:6324
- C:\Windows\System\TcdtiYD.exe
  C:\Windows\System\TcdtiYD.exe
  2⤵
  PID:6368
- C:\Windows\System\FJECASa.exe
  C:\Windows\System\FJECASa.exe
  2⤵
  PID:6460
- C:\Windows\System\tLMnzeh.exe
  C:\Windows\System\tLMnzeh.exe
  2⤵
  PID:6528
- C:\Windows\System\VqxrGmT.exe
  C:\Windows\System\VqxrGmT.exe
  2⤵
  PID:6620
- C:\Windows\System\SAsyqWH.exe
  C:\Windows\System\SAsyqWH.exe
  2⤵
  PID:6764
- C:\Windows\System\uHCwUOE.exe
  C:\Windows\System\uHCwUOE.exe
  2⤵
  PID:6744
- C:\Windows\System\dtkQWMA.exe
  C:\Windows\System\dtkQWMA.exe
  2⤵
  PID:6880
- C:\Windows\System\VVoGsFD.exe
  C:\Windows\System\VVoGsFD.exe
  2⤵
  PID:6952
- C:\Windows\System\uTsgbXH.exe
  C:\Windows\System\uTsgbXH.exe
  2⤵
  PID:6924
- C:\Windows\System\OgXKheL.exe
  C:\Windows\System\OgXKheL.exe
  2⤵
  PID:7060
- C:\Windows\System\IpucnMS.exe
  C:\Windows\System\IpucnMS.exe
  2⤵
  PID:7088
- C:\Windows\System\UNtZFQn.exe
  C:\Windows\System\UNtZFQn.exe
  2⤵
  PID:5428
- C:\Windows\System\rPsrTJw.exe
  C:\Windows\System\rPsrTJw.exe
  2⤵
  PID:6176
- C:\Windows\System\ylUDxlA.exe
  C:\Windows\System\ylUDxlA.exe
  2⤵
  PID:6484
- C:\Windows\System\vJwrMiF.exe
  C:\Windows\System\vJwrMiF.exe
  2⤵
  PID:6408
- C:\Windows\System\CbkbFFC.exe
  C:\Windows\System\CbkbFFC.exe
  2⤵
  PID:6716
- C:\Windows\System\EsfcyyK.exe
  C:\Windows\System\EsfcyyK.exe
  2⤵
  PID:7032
- C:\Windows\System\ZLfptsE.exe
  C:\Windows\System\ZLfptsE.exe
  2⤵
  PID:7096
- C:\Windows\System\KwvMKjG.exe
  C:\Windows\System\KwvMKjG.exe
  2⤵
  PID:5432
- C:\Windows\System\eAZqxZP.exe
  C:\Windows\System\eAZqxZP.exe
  2⤵
  PID:7156
- C:\Windows\System\IkelPSA.exe
  C:\Windows\System\IkelPSA.exe
  2⤵
  PID:6220
- C:\Windows\System\HOZIlYJ.exe
  C:\Windows\System\HOZIlYJ.exe
  2⤵
  PID:7196
- C:\Windows\System\kqCiAFo.exe
  C:\Windows\System\kqCiAFo.exe
  2⤵
  PID:7224
- C:\Windows\System\qEnfdQQ.exe
  C:\Windows\System\qEnfdQQ.exe
  2⤵
  PID:7260
- C:\Windows\System\NXTuaXr.exe
  C:\Windows\System\NXTuaXr.exe
  2⤵
  PID:7292
- C:\Windows\System\KUyawjm.exe
  C:\Windows\System\KUyawjm.exe
  2⤵
  PID:7320
- C:\Windows\System\uZusGfq.exe
  C:\Windows\System\uZusGfq.exe
  2⤵
  PID:7348
- C:\Windows\System\CiEilqc.exe
  C:\Windows\System\CiEilqc.exe
  2⤵
  PID:7376
- C:\Windows\System\bezFOKm.exe
  C:\Windows\System\bezFOKm.exe
  2⤵
  PID:7404
- C:\Windows\System\EEccfxN.exe
  C:\Windows\System\EEccfxN.exe
  2⤵
  PID:7420
- C:\Windows\System\LZQBwta.exe
  C:\Windows\System\LZQBwta.exe
  2⤵
  PID:7448
- C:\Windows\System\znwOoML.exe
  C:\Windows\System\znwOoML.exe
  2⤵
  PID:7468
- C:\Windows\System\QSBBcQW.exe
  C:\Windows\System\QSBBcQW.exe
  2⤵
  PID:7488
- C:\Windows\System\uzEeMAU.exe
  C:\Windows\System\uzEeMAU.exe
  2⤵
  PID:7516
- C:\Windows\System\TcbsRIa.exe
  C:\Windows\System\TcbsRIa.exe
  2⤵
  PID:7540
- C:\Windows\System\Ijzaabc.exe
  C:\Windows\System\Ijzaabc.exe
  2⤵
  PID:7568
- C:\Windows\System\VmkTfPc.exe
  C:\Windows\System\VmkTfPc.exe
  2⤵
  PID:7604
- C:\Windows\System\ruvhRzC.exe
  C:\Windows\System\ruvhRzC.exe
  2⤵
  PID:7628
- C:\Windows\System\VAQOSnt.exe
  C:\Windows\System\VAQOSnt.exe
  2⤵
  PID:7656
- C:\Windows\System\gsYMatZ.exe
  C:\Windows\System\gsYMatZ.exe
  2⤵
  PID:7680
- C:\Windows\System\KBLTFKE.exe
  C:\Windows\System\KBLTFKE.exe
  2⤵
  PID:7704
- C:\Windows\System\jCSHEFZ.exe
  C:\Windows\System\jCSHEFZ.exe
  2⤵
  PID:7732
- C:\Windows\System\cflzcmq.exe
  C:\Windows\System\cflzcmq.exe
  2⤵
  PID:7772
- C:\Windows\System\bivBZaI.exe
  C:\Windows\System\bivBZaI.exe
  2⤵
  PID:7792
- C:\Windows\System\HDmFwYr.exe
  C:\Windows\System\HDmFwYr.exe
  2⤵
  PID:7820
- C:\Windows\System\yxcEucL.exe
  C:\Windows\System\yxcEucL.exe
  2⤵
  PID:7852
- C:\Windows\System\JosKpLy.exe
  C:\Windows\System\JosKpLy.exe
  2⤵
  PID:7876
- C:\Windows\System\hziFrgR.exe
  C:\Windows\System\hziFrgR.exe
  2⤵
  PID:7908
- C:\Windows\System\FyOnvNW.exe
  C:\Windows\System\FyOnvNW.exe
  2⤵
  PID:7944
- C:\Windows\System\dJvqfYD.exe
  C:\Windows\System\dJvqfYD.exe
  2⤵
  PID:7976
- C:\Windows\System\dyiJwQM.exe
  C:\Windows\System\dyiJwQM.exe
  2⤵
  PID:8008
- C:\Windows\System\CAYRFMa.exe
  C:\Windows\System\CAYRFMa.exe
  2⤵
  PID:8028
- C:\Windows\System\LVmKCIq.exe
  C:\Windows\System\LVmKCIq.exe
  2⤵
  PID:8056
- C:\Windows\System\ZZdsuXz.exe
  C:\Windows\System\ZZdsuXz.exe
  2⤵
  PID:8084
- C:\Windows\System\juwungv.exe
  C:\Windows\System\juwungv.exe
  2⤵
  PID:8116
- C:\Windows\System\tciACbU.exe
  C:\Windows\System\tciACbU.exe
  2⤵
  PID:8148
- C:\Windows\System\lHwWyXB.exe
  C:\Windows\System\lHwWyXB.exe
  2⤵
  PID:8180
- C:\Windows\System\lIESNOl.exe
  C:\Windows\System\lIESNOl.exe
  2⤵
  PID:6984
- C:\Windows\System\aJYrChq.exe
  C:\Windows\System\aJYrChq.exe
  2⤵
  PID:7220
- C:\Windows\System\sfRYXjy.exe
  C:\Windows\System\sfRYXjy.exe
  2⤵
  PID:7276
- C:\Windows\System\bbmCDFf.exe
  C:\Windows\System\bbmCDFf.exe
  2⤵
  PID:7316
- C:\Windows\System\hJPIUGy.exe
  C:\Windows\System\hJPIUGy.exe
  2⤵
  PID:7332
- C:\Windows\System\EMYrdUN.exe
  C:\Windows\System\EMYrdUN.exe
  2⤵
  PID:7400
- C:\Windows\System\DKzSzlw.exe
  C:\Windows\System\DKzSzlw.exe
  2⤵
  PID:7444
- C:\Windows\System\APuSvcu.exe
  C:\Windows\System\APuSvcu.exe
  2⤵
  PID:7528
- C:\Windows\System\PlSiPtj.exe
  C:\Windows\System\PlSiPtj.exe
  2⤵
  PID:7564
- C:\Windows\System\wdPJoKq.exe
  C:\Windows\System\wdPJoKq.exe
  2⤵
  PID:7672
- C:\Windows\System\RvQGLNv.exe
  C:\Windows\System\RvQGLNv.exe
  2⤵
  PID:7692
- C:\Windows\System\KlYiQBD.exe
  C:\Windows\System\KlYiQBD.exe
  2⤵
  PID:7728
- C:\Windows\System\cBtDrlD.exe
  C:\Windows\System\cBtDrlD.exe
  2⤵
  PID:7840
- C:\Windows\System\tScthRk.exe
  C:\Windows\System\tScthRk.exe
  2⤵
  PID:7900
- C:\Windows\System\NSlSIwv.exe
  C:\Windows\System\NSlSIwv.exe
  2⤵
  PID:7996
- C:\Windows\System\fZqSXVl.exe
  C:\Windows\System\fZqSXVl.exe
  2⤵
  PID:8044
- C:\Windows\System\HaeYBOv.exe
  C:\Windows\System\HaeYBOv.exe
  2⤵
  PID:8108
- C:\Windows\System\ICfzwJO.exe
  C:\Windows\System\ICfzwJO.exe
  2⤵
  PID:6648
- C:\Windows\System\xoFsSOs.exe
  C:\Windows\System\xoFsSOs.exe
  2⤵
  PID:7304
- C:\Windows\System\mlTzjXi.exe
  C:\Windows\System\mlTzjXi.exe
  2⤵
  PID:2492
- C:\Windows\System\IxzBHFF.exe
  C:\Windows\System\IxzBHFF.exe
  2⤵
  PID:7556
- C:\Windows\System\rMrGSkh.exe
  C:\Windows\System\rMrGSkh.exe
  2⤵
  PID:7724
- C:\Windows\System\PiitwEF.exe
  C:\Windows\System\PiitwEF.exe
  2⤵
  PID:7868
- C:\Windows\System\jBbdfeI.exe
  C:\Windows\System\jBbdfeI.exe
  2⤵
  PID:8168
- C:\Windows\System\bxbdNBd.exe
  C:\Windows\System\bxbdNBd.exe
  2⤵
  PID:6248
- C:\Windows\System\tGwARkc.exe
  C:\Windows\System\tGwARkc.exe
  2⤵
  PID:7620
- C:\Windows\System\drFUntC.exe
  C:\Windows\System\drFUntC.exe
  2⤵
  PID:7256
- C:\Windows\System\pMByYMY.exe
  C:\Windows\System\pMByYMY.exe
  2⤵
  PID:7972
- C:\Windows\System\kCHvVNW.exe
  C:\Windows\System\kCHvVNW.exe
  2⤵
  PID:7464
- C:\Windows\System\tAyJTwi.exe
  C:\Windows\System\tAyJTwi.exe
  2⤵
  PID:8220
- C:\Windows\System\WKldrYV.exe
  C:\Windows\System\WKldrYV.exe
  2⤵
  PID:8248
- C:\Windows\System\IHAfdgj.exe
  C:\Windows\System\IHAfdgj.exe
  2⤵
  PID:8272
- C:\Windows\System\hwqHexW.exe
  C:\Windows\System\hwqHexW.exe
  2⤵
  PID:8304
- C:\Windows\System\AYWlbnA.exe
  C:\Windows\System\AYWlbnA.exe
  2⤵
  PID:8320
- C:\Windows\System\KTllMTF.exe
  C:\Windows\System\KTllMTF.exe
  2⤵
  PID:8356
- C:\Windows\System\NaONwOM.exe
  C:\Windows\System\NaONwOM.exe
  2⤵
  PID:8388
- C:\Windows\System\aWhBovP.exe
  C:\Windows\System\aWhBovP.exe
  2⤵
  PID:8416
- C:\Windows\System\hVrpjsc.exe
  C:\Windows\System\hVrpjsc.exe
  2⤵
  PID:8444
- C:\Windows\System\UIKXaNE.exe
  C:\Windows\System\UIKXaNE.exe
  2⤵
  PID:8476
- C:\Windows\System\ToMgrJV.exe
  C:\Windows\System\ToMgrJV.exe
  2⤵
  PID:8504
- C:\Windows\System\BtizkZU.exe
  C:\Windows\System\BtizkZU.exe
  2⤵
  PID:8532
- C:\Windows\System\TBcMkMa.exe
  C:\Windows\System\TBcMkMa.exe
  2⤵
  PID:8560
- C:\Windows\System\TEBoDrk.exe
  C:\Windows\System\TEBoDrk.exe
  2⤵
  PID:8584
- C:\Windows\System\QAMXBYf.exe
  C:\Windows\System\QAMXBYf.exe
  2⤵
  PID:8604
- C:\Windows\System\QLPGfLw.exe
  C:\Windows\System\QLPGfLw.exe
  2⤵
  PID:8636
- C:\Windows\System\OgKVPTL.exe
  C:\Windows\System\OgKVPTL.exe
  2⤵
  PID:8660
- C:\Windows\System\eMThYHV.exe
  C:\Windows\System\eMThYHV.exe
  2⤵
  PID:8684
- C:\Windows\System\fskAWnf.exe
  C:\Windows\System\fskAWnf.exe
  2⤵
  PID:8712
- C:\Windows\System\bZYUoqG.exe
  C:\Windows\System\bZYUoqG.exe
  2⤵
  PID:8744
- C:\Windows\System\kyrlTBU.exe
  C:\Windows\System\kyrlTBU.exe
  2⤵
  PID:8760
- C:\Windows\System\pnTRYMP.exe
  C:\Windows\System\pnTRYMP.exe
  2⤵
  PID:8780
- C:\Windows\System\SHFudlj.exe
  C:\Windows\System\SHFudlj.exe
  2⤵
  PID:8816
- C:\Windows\System\rDKiUdl.exe
  C:\Windows\System\rDKiUdl.exe
  2⤵
  PID:8840
- C:\Windows\System\HAqzqeO.exe
  C:\Windows\System\HAqzqeO.exe
  2⤵
  PID:8876
- C:\Windows\System\dTkocpq.exe
  C:\Windows\System\dTkocpq.exe
  2⤵
  PID:8904
- C:\Windows\System\SmEmyJz.exe
  C:\Windows\System\SmEmyJz.exe
  2⤵
  PID:8928
- C:\Windows\System\XtHrlIO.exe
  C:\Windows\System\XtHrlIO.exe
  2⤵
  PID:8956
- C:\Windows\System\VEkHaag.exe
  C:\Windows\System\VEkHaag.exe
  2⤵
  PID:8992
- C:\Windows\System\rrjyWNJ.exe
  C:\Windows\System\rrjyWNJ.exe
  2⤵
  PID:9020
- C:\Windows\System\OWterUf.exe
  C:\Windows\System\OWterUf.exe
  2⤵
  PID:9044
- C:\Windows\System\TxtEMCQ.exe
  C:\Windows\System\TxtEMCQ.exe
  2⤵
  PID:9080
- C:\Windows\System\puReXpj.exe
  C:\Windows\System\puReXpj.exe
  2⤵
  PID:9100
- C:\Windows\System\nNDgjrM.exe
  C:\Windows\System\nNDgjrM.exe
  2⤵
  PID:9136
- C:\Windows\System\yYNWuFN.exe
  C:\Windows\System\yYNWuFN.exe
  2⤵
  PID:9164
- C:\Windows\System\DwrFylU.exe
  C:\Windows\System\DwrFylU.exe
  2⤵
  PID:9204
- C:\Windows\System\PVBoYnZ.exe
  C:\Windows\System\PVBoYnZ.exe
  2⤵
  PID:8212
- C:\Windows\System\RiHrvnV.exe
  C:\Windows\System\RiHrvnV.exe
  2⤵
  PID:8280
- C:\Windows\System\tOHWStz.exe
  C:\Windows\System\tOHWStz.exe
  2⤵
  PID:8332
- C:\Windows\System\HwZQqqZ.exe
  C:\Windows\System\HwZQqqZ.exe
  2⤵
  PID:8400
- C:\Windows\System\FczPTMM.exe
  C:\Windows\System\FczPTMM.exe
  2⤵
  PID:8456
- C:\Windows\System\IsAQiMi.exe
  C:\Windows\System\IsAQiMi.exe
  2⤵
  PID:8500
- C:\Windows\System\wgyjZxQ.exe
  C:\Windows\System\wgyjZxQ.exe
  2⤵
  PID:8552
- C:\Windows\System\mBWAYhB.exe
  C:\Windows\System\mBWAYhB.exe
  2⤵
  PID:8616
- C:\Windows\System\iZGYSLp.exe
  C:\Windows\System\iZGYSLp.exe
  2⤵
  PID:8656
- C:\Windows\System\ahSfLSy.exe
  C:\Windows\System\ahSfLSy.exe
  2⤵
  PID:8736
- C:\Windows\System\HrzBaHC.exe
  C:\Windows\System\HrzBaHC.exe
  2⤵
  PID:8772
- C:\Windows\System\GtDpwgd.exe
  C:\Windows\System\GtDpwgd.exe
  2⤵
  PID:8916
- C:\Windows\System\zkOtfNo.exe
  C:\Windows\System\zkOtfNo.exe
  2⤵
  PID:8864
- C:\Windows\System\lBNqFDe.exe
  C:\Windows\System\lBNqFDe.exe
  2⤵
  PID:8972
- C:\Windows\System\IGPzxAt.exe
  C:\Windows\System\IGPzxAt.exe
  2⤵
  PID:9016
- C:\Windows\System\iCsgpMs.exe
  C:\Windows\System\iCsgpMs.exe
  2⤵
  PID:9088
- C:\Windows\System\EKptbvR.exe
  C:\Windows\System\EKptbvR.exe
  2⤵
  PID:9188
- C:\Windows\System\vbixuPd.exe
  C:\Windows\System\vbixuPd.exe
  2⤵
  PID:8352
- C:\Windows\System\qAXJGwo.exe
  C:\Windows\System\qAXJGwo.exe
  2⤵
  PID:8436
- C:\Windows\System\pQCHiZc.exe
  C:\Windows\System\pQCHiZc.exe
  2⤵
  PID:8596
- C:\Windows\System\sIotesF.exe
  C:\Windows\System\sIotesF.exe
  2⤵
  PID:8632
- C:\Windows\System\rcwQRjz.exe
  C:\Windows\System\rcwQRjz.exe
  2⤵
  PID:8828
- C:\Windows\System\lVUGRiU.exe
  C:\Windows\System\lVUGRiU.exe
  2⤵
  PID:9176
- C:\Windows\System\BHIvhVS.exe
  C:\Windows\System\BHIvhVS.exe
  2⤵
  PID:8260
- C:\Windows\System\KoEcOin.exe
  C:\Windows\System\KoEcOin.exe
  2⤵
  PID:8732
- C:\Windows\System\kWPzEks.exe
  C:\Windows\System\kWPzEks.exe
  2⤵
  PID:9212
- C:\Windows\System\PRmZQeJ.exe
  C:\Windows\System\PRmZQeJ.exe
  2⤵
  PID:9228
- C:\Windows\System\HBOxmYm.exe
  C:\Windows\System\HBOxmYm.exe
  2⤵
  PID:9248
- C:\Windows\System\YeoatQA.exe
  C:\Windows\System\YeoatQA.exe
  2⤵
  PID:9272
- C:\Windows\System\BCweCIB.exe
  C:\Windows\System\BCweCIB.exe
  2⤵
  PID:9300
- C:\Windows\System\ZGpLKAM.exe
  C:\Windows\System\ZGpLKAM.exe
  2⤵
  PID:9316
- C:\Windows\System\xQAdaVl.exe
  C:\Windows\System\xQAdaVl.exe
  2⤵
  PID:9340
- C:\Windows\System\gBXmJrF.exe
  C:\Windows\System\gBXmJrF.exe
  2⤵
  PID:9384
- C:\Windows\System\PxoKCre.exe
  C:\Windows\System\PxoKCre.exe
  2⤵
  PID:9400
- C:\Windows\System\Qfoahqi.exe
  C:\Windows\System\Qfoahqi.exe
  2⤵
  PID:9428
- C:\Windows\System\grvCrJk.exe
  C:\Windows\System\grvCrJk.exe
  2⤵
  PID:9456
- C:\Windows\System\cmIEQKr.exe
  C:\Windows\System\cmIEQKr.exe
  2⤵
  PID:9492
- C:\Windows\System\NTjgGab.exe
  C:\Windows\System\NTjgGab.exe
  2⤵
  PID:9520
- C:\Windows\System\xgGzMmu.exe
  C:\Windows\System\xgGzMmu.exe
  2⤵
  PID:9540
- C:\Windows\System\oTnWLBn.exe
  C:\Windows\System\oTnWLBn.exe
  2⤵
  PID:9568
- C:\Windows\System\PJlwpRD.exe
  C:\Windows\System\PJlwpRD.exe
  2⤵
  PID:9596
- C:\Windows\System\yzSkyKT.exe
  C:\Windows\System\yzSkyKT.exe
  2⤵
  PID:9624
- C:\Windows\System\EOykGbX.exe
  C:\Windows\System\EOykGbX.exe
  2⤵
  PID:9656
- C:\Windows\System\rzgqSmV.exe
  C:\Windows\System\rzgqSmV.exe
  2⤵
  PID:9684
- C:\Windows\System\ggBVqLF.exe
  C:\Windows\System\ggBVqLF.exe
  2⤵
  PID:9712
- C:\Windows\System\CPJzbSj.exe
  C:\Windows\System\CPJzbSj.exe
  2⤵
  PID:9732
- C:\Windows\System\jnCdYEB.exe
  C:\Windows\System\jnCdYEB.exe
  2⤵
  PID:9752
- C:\Windows\System\DwhncyO.exe
  C:\Windows\System\DwhncyO.exe
  2⤵
  PID:9780
- C:\Windows\System\snEmiNM.exe
  C:\Windows\System\snEmiNM.exe
  2⤵
  PID:9808
- C:\Windows\System\fVOvGAe.exe
  C:\Windows\System\fVOvGAe.exe
  2⤵
  PID:9828
- C:\Windows\System\jsTwCVz.exe
  C:\Windows\System\jsTwCVz.exe
  2⤵
  PID:9848
- C:\Windows\System\gblzkYB.exe
  C:\Windows\System\gblzkYB.exe
  2⤵
  PID:9876
- C:\Windows\System\OIyNeHi.exe
  C:\Windows\System\OIyNeHi.exe
  2⤵
  PID:9900
- C:\Windows\System\BSbeJah.exe
  C:\Windows\System\BSbeJah.exe
  2⤵
  PID:9932
- C:\Windows\System\BiHBrhG.exe
  C:\Windows\System\BiHBrhG.exe
  2⤵
  PID:9956
- C:\Windows\System\eKNdmrV.exe
  C:\Windows\System\eKNdmrV.exe
  2⤵
  PID:9980
- C:\Windows\System\ItHFNUD.exe
  C:\Windows\System\ItHFNUD.exe
  2⤵
  PID:10008
- C:\Windows\System\FXswHOk.exe
  C:\Windows\System\FXswHOk.exe
  2⤵
  PID:10040
- C:\Windows\System\TnRfDev.exe
  C:\Windows\System\TnRfDev.exe
  2⤵
  PID:10076
- C:\Windows\System\YbZsIJr.exe
  C:\Windows\System\YbZsIJr.exe
  2⤵
  PID:10104
- C:\Windows\System\dTkwXpr.exe
  C:\Windows\System\dTkwXpr.exe
  2⤵
  PID:10128
- C:\Windows\System\gtsHYPT.exe
  C:\Windows\System\gtsHYPT.exe
  2⤵
  PID:10160
- C:\Windows\System\TUKSLdk.exe
  C:\Windows\System\TUKSLdk.exe
  2⤵
  PID:10184
- C:\Windows\System\VdVCiqw.exe
  C:\Windows\System\VdVCiqw.exe
  2⤵
  PID:10208
- C:\Windows\System\XwJAnZD.exe
  C:\Windows\System\XwJAnZD.exe
  2⤵
  PID:10232
- C:\Windows\System\HaThHio.exe
  C:\Windows\System\HaThHio.exe
  2⤵
  PID:9244
- C:\Windows\System\hhSclgX.exe
  C:\Windows\System\hhSclgX.exe
  2⤵
  PID:9284
- C:\Windows\System\YefBtGz.exe
  C:\Windows\System\YefBtGz.exe
  2⤵
  PID:9352
- C:\Windows\System\qmrQYvH.exe
  C:\Windows\System\qmrQYvH.exe
  2⤵
  PID:9472
- C:\Windows\System\kNqpTwO.exe
  C:\Windows\System\kNqpTwO.exe
  2⤵
  PID:9552
- C:\Windows\System\AwrPsLr.exe
  C:\Windows\System\AwrPsLr.exe
  2⤵
  PID:9528
- C:\Windows\System\LtcAVta.exe
  C:\Windows\System\LtcAVta.exe
  2⤵
  PID:9664
- C:\Windows\System\TBBFJwC.exe
  C:\Windows\System\TBBFJwC.exe
  2⤵
  PID:9696
- C:\Windows\System\sItqeGm.exe
  C:\Windows\System\sItqeGm.exe
  2⤵
  PID:9772
- C:\Windows\System\CpUtDbd.exe
  C:\Windows\System\CpUtDbd.exe
  2⤵
  PID:9940
- C:\Windows\System\fQGbOwg.exe
  C:\Windows\System\fQGbOwg.exe
  2⤵
  PID:9864
- C:\Windows\System\dLfacsw.exe
  C:\Windows\System\dLfacsw.exe
  2⤵
  PID:10024
- C:\Windows\System\zkixTKb.exe
  C:\Windows\System\zkixTKb.exe
  2⤵
  PID:9976
- C:\Windows\System\PeZPvbX.exe
  C:\Windows\System\PeZPvbX.exe
  2⤵
  PID:10028
- C:\Windows\System\lxEOIlE.exe
  C:\Windows\System\lxEOIlE.exe
  2⤵
  PID:10172
- C:\Windows\System\zkeuzZW.exe
  C:\Windows\System\zkeuzZW.exe
  2⤵
  PID:10176
- C:\Windows\System\arOMGGm.exe
  C:\Windows\System\arOMGGm.exe
  2⤵
  PID:9332
- C:\Windows\System\nQhsRTX.exe
  C:\Windows\System\nQhsRTX.exe
  2⤵
  PID:9424
- C:\Windows\System\pNIcqqZ.exe
  C:\Windows\System\pNIcqqZ.exe
  2⤵
  PID:9748
- C:\Windows\System\GkfjWnl.exe
  C:\Windows\System\GkfjWnl.exe
  2⤵
  PID:9644
- C:\Windows\System\yEbavjn.exe
  C:\Windows\System\yEbavjn.exe
  2⤵
  PID:9952
- C:\Windows\System\iQtWEvO.exe
  C:\Windows\System\iQtWEvO.exe
  2⤵
  PID:9928
- C:\Windows\System\xlDCXTX.exe
  C:\Windows\System\xlDCXTX.exe
  2⤵
  PID:10148
- C:\Windows\System\HERknEM.exe
  C:\Windows\System\HERknEM.exe
  2⤵
  PID:9412
- C:\Windows\System\JaHEcOz.exe
  C:\Windows\System\JaHEcOz.exe
  2⤵
  PID:10252
- C:\Windows\System\KTtdoqN.exe
  C:\Windows\System\KTtdoqN.exe
  2⤵
  PID:10280
- C:\Windows\System\KrAHUbM.exe
  C:\Windows\System\KrAHUbM.exe
  2⤵
  PID:10304
- C:\Windows\System\QJkMWgO.exe
  C:\Windows\System\QJkMWgO.exe
  2⤵
  PID:10340
- C:\Windows\System\jxTTGZe.exe
  C:\Windows\System\jxTTGZe.exe
  2⤵
  PID:10368
- C:\Windows\System\ZbWyPqY.exe
  C:\Windows\System\ZbWyPqY.exe
  2⤵
  PID:10400
- C:\Windows\System\HhRxKYJ.exe
  C:\Windows\System\HhRxKYJ.exe
  2⤵
  PID:10440
- C:\Windows\System\QdEOdDH.exe
  C:\Windows\System\QdEOdDH.exe
  2⤵
  PID:10464
- C:\Windows\System\GzVUPBz.exe
  C:\Windows\System\GzVUPBz.exe
  2⤵
  PID:10492
- C:\Windows\System\gJwJNgc.exe
  C:\Windows\System\gJwJNgc.exe
  2⤵
  PID:10520
- C:\Windows\System\pSpeCcO.exe
  C:\Windows\System\pSpeCcO.exe
  2⤵
  PID:10548
- C:\Windows\System\QUcvNLC.exe
  C:\Windows\System\QUcvNLC.exe
  2⤵
  PID:10580
- C:\Windows\System\hRZZcsc.exe
  C:\Windows\System\hRZZcsc.exe
  2⤵
  PID:10608
- C:\Windows\System\iEtVtwE.exe
  C:\Windows\System\iEtVtwE.exe
  2⤵
  PID:10640
- C:\Windows\System\pCOqKIe.exe
  C:\Windows\System\pCOqKIe.exe
  2⤵
  PID:10668
- C:\Windows\System\SMacnTw.exe
  C:\Windows\System\SMacnTw.exe
  2⤵
  PID:10684
- C:\Windows\System\zuZtxXz.exe
  C:\Windows\System\zuZtxXz.exe
  2⤵
  PID:10708
- C:\Windows\System\JZJbXcm.exe
  C:\Windows\System\JZJbXcm.exe
  2⤵
  PID:10728
- C:\Windows\System\RBoVDzD.exe
  C:\Windows\System\RBoVDzD.exe
  2⤵
  PID:10748
- C:\Windows\System\vpDTlFQ.exe
  C:\Windows\System\vpDTlFQ.exe
  2⤵
  PID:10768
- C:\Windows\System\KcwcEey.exe
  C:\Windows\System\KcwcEey.exe
  2⤵
  PID:10796
- C:\Windows\System\SUEKbNw.exe
  C:\Windows\System\SUEKbNw.exe
  2⤵
  PID:10824
- C:\Windows\System\xBIwKcb.exe
  C:\Windows\System\xBIwKcb.exe
  2⤵
  PID:10856
- C:\Windows\System\CCuormC.exe
  C:\Windows\System\CCuormC.exe
  2⤵
  PID:10892
- C:\Windows\System\nXizCHR.exe
  C:\Windows\System\nXizCHR.exe
  2⤵
  PID:10920
- C:\Windows\System\IOmsCYv.exe
  C:\Windows\System\IOmsCYv.exe
  2⤵
  PID:10952
- C:\Windows\System\TqwMBnf.exe
  C:\Windows\System\TqwMBnf.exe
  2⤵
  PID:10976
- C:\Windows\System\nVMqKHu.exe
  C:\Windows\System\nVMqKHu.exe
  2⤵
  PID:11000
- C:\Windows\System\XgxPfNR.exe
  C:\Windows\System\XgxPfNR.exe
  2⤵
  PID:11028
- C:\Windows\System\sPeTFmX.exe
  C:\Windows\System\sPeTFmX.exe
  2⤵
  PID:11044
- C:\Windows\System\SzyVKUc.exe
  C:\Windows\System\SzyVKUc.exe
  2⤵
  PID:11072
- C:\Windows\System\joSSxSj.exe
  C:\Windows\System\joSSxSj.exe
  2⤵
  PID:11096
- C:\Windows\System\oLTMaIj.exe
  C:\Windows\System\oLTMaIj.exe
  2⤵
  PID:11124
- C:\Windows\System\gZvyGQQ.exe
  C:\Windows\System\gZvyGQQ.exe
  2⤵
  PID:11152
- C:\Windows\System\sECEQoU.exe
  C:\Windows\System\sECEQoU.exe
  2⤵
  PID:11180
- C:\Windows\System\NsFbVgL.exe
  C:\Windows\System\NsFbVgL.exe
  2⤵
  PID:11208
- C:\Windows\System\DHFWrkT.exe
  C:\Windows\System\DHFWrkT.exe
  2⤵
  PID:11236
- C:\Windows\System\PHPlyVl.exe
  C:\Windows\System\PHPlyVl.exe
  2⤵
  PID:9804
- C:\Windows\System\aqoFxmI.exe
  C:\Windows\System\aqoFxmI.exe
  2⤵
  PID:10296
- C:\Windows\System\SNqgzQm.exe
  C:\Windows\System\SNqgzQm.exe
  2⤵
  PID:10268
- C:\Windows\System\eHhEZTE.exe
  C:\Windows\System\eHhEZTE.exe
  2⤵
  PID:10292
- C:\Windows\System\GdPkXZs.exe
  C:\Windows\System\GdPkXZs.exe
  2⤵
  PID:10348
- C:\Windows\System\JbFwxgu.exe
  C:\Windows\System\JbFwxgu.exe
  2⤵
  PID:10392
- C:\Windows\System\ZkuTsRa.exe
  C:\Windows\System\ZkuTsRa.exe
  2⤵
  PID:10540
- C:\Windows\System\DsnlxwF.exe
  C:\Windows\System\DsnlxwF.exe
  2⤵
  PID:10604
- C:\Windows\System\vTMrQht.exe
  C:\Windows\System\vTMrQht.exe
  2⤵
  PID:10636
- C:\Windows\System\YmYVJvH.exe
  C:\Windows\System\YmYVJvH.exe
  2⤵
  PID:10724
- C:\Windows\System\fOYblWZ.exe
  C:\Windows\System\fOYblWZ.exe
  2⤵
  PID:10704
- C:\Windows\System\QXvmsgO.exe
  C:\Windows\System\QXvmsgO.exe
  2⤵
  PID:10844
- C:\Windows\System\GVrGSax.exe
  C:\Windows\System\GVrGSax.exe
  2⤵
  PID:10868
- C:\Windows\System\bGwltBy.exe
  C:\Windows\System\bGwltBy.exe
  2⤵
  PID:10964
- C:\Windows\System\lWJlxas.exe
  C:\Windows\System\lWJlxas.exe
  2⤵
  PID:11056
- C:\Windows\System\RtbYaWW.exe
  C:\Windows\System\RtbYaWW.exe
  2⤵
  PID:11060
- C:\Windows\System\yITMCrz.exe
  C:\Windows\System\yITMCrz.exe
  2⤵
  PID:11068
- C:\Windows\System\RWqpuxt.exe
  C:\Windows\System\RWqpuxt.exe
  2⤵
  PID:11176
- C:\Windows\System\xxwPoQN.exe
  C:\Windows\System\xxwPoQN.exe
  2⤵
  PID:11248
- C:\Windows\System\KgTUcEX.exe
  C:\Windows\System\KgTUcEX.exe
  2⤵
  PID:11260
- C:\Windows\System\JQOFKNx.exe
  C:\Windows\System\JQOFKNx.exe
  2⤵
  PID:10384
- C:\Windows\System\UefMDzs.exe
  C:\Windows\System\UefMDzs.exe
  2⤵
  PID:10504
- C:\Windows\System\BtQqNMF.exe
  C:\Windows\System\BtQqNMF.exe
  2⤵
  PID:10588
- C:\Windows\System\orqHezl.exe
  C:\Windows\System\orqHezl.exe
  2⤵
  PID:11012
- C:\Windows\System\fZtexEq.exe
  C:\Windows\System\fZtexEq.exe
  2⤵
  PID:11016
- C:\Windows\System\GBhiZbd.exe
  C:\Windows\System\GBhiZbd.exe
  2⤵
  PID:11164
- C:\Windows\System\XWKTmLU.exe
  C:\Windows\System\XWKTmLU.exe
  2⤵
  PID:9888
- C:\Windows\System\SeJDHmX.exe
  C:\Windows\System\SeJDHmX.exe
  2⤵
  PID:11284
- C:\Windows\System\eNjfXki.exe
  C:\Windows\System\eNjfXki.exe
  2⤵
  PID:11308
- C:\Windows\System\MbrAMjQ.exe
  C:\Windows\System\MbrAMjQ.exe
  2⤵
  PID:11348
- C:\Windows\System\lEqIGaU.exe
  C:\Windows\System\lEqIGaU.exe
  2⤵
  PID:11372
- C:\Windows\System\wWeYXWV.exe
  C:\Windows\System\wWeYXWV.exe
  2⤵
  PID:11404
- C:\Windows\System\tPPSmcq.exe
  C:\Windows\System\tPPSmcq.exe
  2⤵
  PID:11424
- C:\Windows\System\VLMOltw.exe
  C:\Windows\System\VLMOltw.exe
  2⤵
  PID:11440
- C:\Windows\System\WgUqptc.exe
  C:\Windows\System\WgUqptc.exe
  2⤵
  PID:11456
- C:\Windows\System\CGgAXxZ.exe
  C:\Windows\System\CGgAXxZ.exe
  2⤵
  PID:11480
- C:\Windows\System\uvuBRBf.exe
  C:\Windows\System\uvuBRBf.exe
  2⤵
  PID:11504
- C:\Windows\System\kUPlnMb.exe
  C:\Windows\System\kUPlnMb.exe
  2⤵
  PID:11540
- C:\Windows\System\eytVZWF.exe
  C:\Windows\System\eytVZWF.exe
  2⤵
  PID:11556
- C:\Windows\System\wmitaLE.exe
  C:\Windows\System\wmitaLE.exe
  2⤵
  PID:11592
- C:\Windows\System\edYTkWF.exe
  C:\Windows\System\edYTkWF.exe
  2⤵
  PID:11620
- C:\Windows\System\nyIUvxi.exe
  C:\Windows\System\nyIUvxi.exe
  2⤵
  PID:11648
- C:\Windows\System\HdXDBFi.exe
  C:\Windows\System\HdXDBFi.exe
  2⤵
  PID:11664
- C:\Windows\System\xFdBbvM.exe
  C:\Windows\System\xFdBbvM.exe
  2⤵
  PID:11692
- C:\Windows\System\YoUbeUS.exe
  C:\Windows\System\YoUbeUS.exe
  2⤵
  PID:11720
- C:\Windows\System\PKJRUII.exe
  C:\Windows\System\PKJRUII.exe
  2⤵
  PID:11748
- C:\Windows\System\bPGzTOG.exe
  C:\Windows\System\bPGzTOG.exe
  2⤵
  PID:11772
- C:\Windows\System\RBHAOHA.exe
  C:\Windows\System\RBHAOHA.exe
  2⤵
  PID:11808
- C:\Windows\System\kvKWTIZ.exe
  C:\Windows\System\kvKWTIZ.exe
  2⤵
  PID:11832
- C:\Windows\System\UdqSTND.exe
  C:\Windows\System\UdqSTND.exe
  2⤵
  PID:11864
- C:\Windows\System\TEkdoEG.exe
  C:\Windows\System\TEkdoEG.exe
  2⤵
  PID:11892
- C:\Windows\System\cWhkPMR.exe
  C:\Windows\System\cWhkPMR.exe
  2⤵
  PID:11920
- C:\Windows\System\HIoSpKw.exe
  C:\Windows\System\HIoSpKw.exe
  2⤵
  PID:11940
- C:\Windows\System\SInFvvr.exe
  C:\Windows\System\SInFvvr.exe
  2⤵
  PID:11976
- C:\Windows\System\JWcYQum.exe
  C:\Windows\System\JWcYQum.exe
  2⤵
  PID:11996
- C:\Windows\System\FUMdzrk.exe
  C:\Windows\System\FUMdzrk.exe
  2⤵
  PID:12024
- C:\Windows\System\GMEBQYH.exe
  C:\Windows\System\GMEBQYH.exe
  2⤵
  PID:12056
- C:\Windows\System\TshKlYQ.exe
  C:\Windows\System\TshKlYQ.exe
  2⤵
  PID:12084
- C:\Windows\System\oORviGG.exe
  C:\Windows\System\oORviGG.exe
  2⤵
  PID:12108
- C:\Windows\System\srEiVKK.exe
  C:\Windows\System\srEiVKK.exe
  2⤵
  PID:12136
- C:\Windows\System\vccPlwg.exe
  C:\Windows\System\vccPlwg.exe
  2⤵
  PID:12160
- C:\Windows\System\AoXnWof.exe
  C:\Windows\System\AoXnWof.exe
  2⤵
  PID:12188
- C:\Windows\System\jeoQfpU.exe
  C:\Windows\System\jeoQfpU.exe
  2⤵
  PID:12216
- C:\Windows\System\uUqdHOp.exe
  C:\Windows\System\uUqdHOp.exe
  2⤵
  PID:12252
- C:\Windows\System\eYIcRpL.exe
  C:\Windows\System\eYIcRpL.exe
  2⤵
  PID:12272
- C:\Windows\System\vAChUsn.exe
  C:\Windows\System\vAChUsn.exe
  2⤵
  PID:10244
- C:\Windows\System\UFLoUkM.exe
  C:\Windows\System\UFLoUkM.exe
  2⤵
  PID:11296
- C:\Windows\System\moicXnf.exe
  C:\Windows\System\moicXnf.exe
  2⤵
  PID:10544
- C:\Windows\System\sqiNbJA.exe
  C:\Windows\System\sqiNbJA.exe
  2⤵
  PID:11336
- C:\Windows\System\wOnsWCI.exe
  C:\Windows\System\wOnsWCI.exe
  2⤵
  PID:11452
- C:\Windows\System\xWqfrqN.exe
  C:\Windows\System\xWqfrqN.exe
  2⤵
  PID:11392
- C:\Windows\System\auBlbxN.exe
  C:\Windows\System\auBlbxN.exe
  2⤵
  PID:11436
- C:\Windows\System\wIFfxId.exe
  C:\Windows\System\wIFfxId.exe
  2⤵
  PID:11512
- C:\Windows\System\rYGwYTZ.exe
  C:\Windows\System\rYGwYTZ.exe
  2⤵
  PID:11756
- C:\Windows\System\TDfIHEO.exe
  C:\Windows\System\TDfIHEO.exe
  2⤵
  PID:11612
- C:\Windows\System\kTfQGGL.exe
  C:\Windows\System\kTfQGGL.exe
  2⤵
  PID:11736
- C:\Windows\System\joMptcd.exe
  C:\Windows\System\joMptcd.exe
  2⤵
  PID:11880
- C:\Windows\System\WqjKtmR.exe
  C:\Windows\System\WqjKtmR.exe
  2⤵
  PID:11800
- C:\Windows\System\yyOJcOF.exe
  C:\Windows\System\yyOJcOF.exe
  2⤵
  PID:11948
- C:\Windows\System\VQAiqzT.exe
  C:\Windows\System\VQAiqzT.exe
  2⤵
  PID:12152
- C:\Windows\System\ktCcLUG.exe
  C:\Windows\System\ktCcLUG.exe
  2⤵
  PID:12104
- C:\Windows\System\XzfmvDe.exe
  C:\Windows\System\XzfmvDe.exe
  2⤵
  PID:12132
- C:\Windows\System\usSsfwv.exe
  C:\Windows\System\usSsfwv.exe
  2⤵
  PID:12032
- C:\Windows\System\kRzCiZR.exe
  C:\Windows\System\kRzCiZR.exe
  2⤵
  PID:11276
- C:\Windows\System\xsMMPKw.exe
  C:\Windows\System\xsMMPKw.exe
  2⤵
  PID:11500
- C:\Windows\System\aYaZWWR.exe
  C:\Windows\System\aYaZWWR.exe
  2⤵
  PID:10784
- C:\Windows\System\BvnnjFt.exe
  C:\Windows\System\BvnnjFt.exe
  2⤵
  PID:11760
- C:\Windows\System\JxsoWpV.exe
  C:\Windows\System\JxsoWpV.exe
  2⤵
  PID:11644
- C:\Windows\System\CxCCeWJ.exe
  C:\Windows\System\CxCCeWJ.exe
  2⤵
  PID:11660
- C:\Windows\System\XVVouDa.exe
  C:\Windows\System\XVVouDa.exe
  2⤵
  PID:12072
- C:\Windows\System\CbYKxLa.exe
  C:\Windows\System\CbYKxLa.exe
  2⤵
  PID:12296
- C:\Windows\System\JDNEFpC.exe
  C:\Windows\System\JDNEFpC.exe
  2⤵
  PID:12316
- C:\Windows\System\nwTPIGP.exe
  C:\Windows\System\nwTPIGP.exe
  2⤵
  PID:12336
- C:\Windows\System\ESmZgrj.exe
  C:\Windows\System\ESmZgrj.exe
  2⤵
  PID:12364
- C:\Windows\System\TICaNTj.exe
  C:\Windows\System\TICaNTj.exe
  2⤵
  PID:12388
- C:\Windows\System\hGZUewD.exe
  C:\Windows\System\hGZUewD.exe
  2⤵
  PID:12428
- C:\Windows\System\wFcEaTa.exe
  C:\Windows\System\wFcEaTa.exe
  2⤵
  PID:12456
- C:\Windows\System\xBIavhE.exe
  C:\Windows\System\xBIavhE.exe
  2⤵
  PID:12488
- C:\Windows\System\cZdauun.exe
  C:\Windows\System\cZdauun.exe
  2⤵
  PID:12520
- C:\Windows\System\epCBeZa.exe
  C:\Windows\System\epCBeZa.exe
  2⤵
  PID:12544
- C:\Windows\System\gaWnPsN.exe
  C:\Windows\System\gaWnPsN.exe
  2⤵
  PID:12576
- C:\Windows\System\npVMwgy.exe
  C:\Windows\System\npVMwgy.exe
  2⤵
  PID:12600
- C:\Windows\System\ktxUwoN.exe
  C:\Windows\System\ktxUwoN.exe
  2⤵
  PID:12628
- C:\Windows\System\yBURdml.exe
  C:\Windows\System\yBURdml.exe
  2⤵
  PID:12656
- C:\Windows\System\NqHIoCo.exe
  C:\Windows\System\NqHIoCo.exe
  2⤵
  PID:12680
- C:\Windows\System\HWzsftd.exe
  C:\Windows\System\HWzsftd.exe
  2⤵
  PID:12704
- C:\Windows\System\YRkepTy.exe
  C:\Windows\System\YRkepTy.exe
  2⤵
  PID:12724
- C:\Windows\System\gZUWQNc.exe
  C:\Windows\System\gZUWQNc.exe
  2⤵
  PID:12748
- C:\Windows\System\HgYpBzW.exe
  C:\Windows\System\HgYpBzW.exe
  2⤵
  PID:12776
- C:\Windows\System\PWOIrVi.exe
  C:\Windows\System\PWOIrVi.exe
  2⤵
  PID:12796
- C:\Windows\System\ZpYoctQ.exe
  C:\Windows\System\ZpYoctQ.exe
  2⤵
  PID:12828
- C:\Windows\System\sDWdEMc.exe
  C:\Windows\System\sDWdEMc.exe
  2⤵
  PID:12852
- C:\Windows\System\eFZGEjx.exe
  C:\Windows\System\eFZGEjx.exe
  2⤵
  PID:12896
- C:\Windows\System\kbtxEAs.exe
  C:\Windows\System\kbtxEAs.exe
  2⤵
  PID:12916
- C:\Windows\System\QVmdnuU.exe
  C:\Windows\System\QVmdnuU.exe
  2⤵
  PID:12952
- C:\Windows\System\SdCruQo.exe
  C:\Windows\System\SdCruQo.exe
  2⤵
  PID:12976
- C:\Windows\System\PHHuvCo.exe
  C:\Windows\System\PHHuvCo.exe
  2⤵
  PID:13000
- C:\Windows\System\IwuROTt.exe
  C:\Windows\System\IwuROTt.exe
  2⤵
  PID:13032
- C:\Windows\System\EgiXmMq.exe
  C:\Windows\System\EgiXmMq.exe
  2⤵
  PID:13056
- C:\Windows\System\CbjqgvS.exe
  C:\Windows\System\CbjqgvS.exe
  2⤵
  PID:13076
- C:\Windows\System\PnvWAek.exe
  C:\Windows\System\PnvWAek.exe
  2⤵
  PID:13104
- C:\Windows\System\eGZFbff.exe
  C:\Windows\System\eGZFbff.exe
  2⤵
  PID:13132
- C:\Windows\System\JWJkkiL.exe
  C:\Windows\System\JWJkkiL.exe
  2⤵
  PID:13152
- C:\Windows\System\KNAlfGZ.exe
  C:\Windows\System\KNAlfGZ.exe
  2⤵
  PID:13188
- C:\Windows\System\PrvGqiJ.exe
  C:\Windows\System\PrvGqiJ.exe
  2⤵
  PID:13204
- C:\Windows\System\KaIOtBk.exe
  C:\Windows\System\KaIOtBk.exe
  2⤵
  PID:13228
- C:\Windows\System\qkZzUFk.exe
  C:\Windows\System\qkZzUFk.exe
  2⤵
  PID:13256
- C:\Windows\System\sDbTcYu.exe
  C:\Windows\System\sDbTcYu.exe
  2⤵
  PID:13280
- C:\Windows\System\dXyTFuk.exe
  C:\Windows\System\dXyTFuk.exe
  2⤵
  PID:13304
- C:\Windows\System\BburNyP.exe
  C:\Windows\System\BburNyP.exe
  2⤵
  PID:12244
- C:\Windows\System\ygwQukg.exe
  C:\Windows\System\ygwQukg.exe
  2⤵
  PID:12172
- C:\Windows\System\zpEyQaH.exe
  C:\Windows\System\zpEyQaH.exe
  2⤵
  PID:12372
- C:\Windows\System\DzPkbkd.exe
  C:\Windows\System\DzPkbkd.exe
  2⤵
  PID:11576
- C:\Windows\System\rIlLFko.exe
  C:\Windows\System\rIlLFko.exe
  2⤵
  PID:12184
- C:\Windows\System\GKhFGto.exe
  C:\Windows\System\GKhFGto.exe
  2⤵
  PID:12500
- C:\Windows\System\QLfFfPc.exe
  C:\Windows\System\QLfFfPc.exe
  2⤵
  PID:12592
- C:\Windows\System\tQGnHLv.exe
  C:\Windows\System\tQGnHLv.exe
  2⤵
  PID:12408
- C:\Windows\System\TyGEmXS.exe
  C:\Windows\System\TyGEmXS.exe
  2⤵
  PID:12624
- C:\Windows\System\JeCBVfR.exe
  C:\Windows\System\JeCBVfR.exe
  2⤵
  PID:12536
- C:\Windows\System\egtciJL.exe
  C:\Windows\System\egtciJL.exe
  2⤵
  PID:12648
- C:\Windows\System\tdbSYoZ.exe
  C:\Windows\System\tdbSYoZ.exe
  2⤵
  PID:12700
- C:\Windows\System\sxGiOwn.exe
  C:\Windows\System\sxGiOwn.exe
  2⤵
  PID:12716
- C:\Windows\System\EPVLLQB.exe
  C:\Windows\System\EPVLLQB.exe
  2⤵
  PID:12848
- C:\Windows\System\leJMghG.exe
  C:\Windows\System\leJMghG.exe
  2⤵
  PID:13020
- C:\Windows\System\RAgrdFy.exe
  C:\Windows\System\RAgrdFy.exe
  2⤵
  PID:13124
- C:\Windows\System\dVpwbwz.exe
  C:\Windows\System\dVpwbwz.exe
  2⤵
  PID:13172
- C:\Windows\System\Wnoceom.exe
  C:\Windows\System\Wnoceom.exe
  2⤵
  PID:13100
- C:\Windows\System\KPZWGgC.exe
  C:\Windows\System\KPZWGgC.exe
  2⤵
  PID:13092
- C:\Windows\System\lhRsrRe.exe
  C:\Windows\System\lhRsrRe.exe
  2⤵
  PID:13084
- C:\Windows\System\DqOBSwc.exe
  C:\Windows\System\DqOBSwc.exe
  2⤵
  PID:11492
- C:\Windows\System\vuZlZDh.exe
  C:\Windows\System\vuZlZDh.exe
  2⤵
  PID:13248
- C:\Windows\System\upbFXOD.exe
  C:\Windows\System\upbFXOD.exe
  2⤵
  PID:12788
- C:\Windows\System\dPvttFN.exe
  C:\Windows\System\dPvttFN.exe
  2⤵
  PID:11936
- C:\Windows\System\apXsdRs.exe
  C:\Windows\System\apXsdRs.exe
  2⤵
  PID:12352
- C:\Windows\System\NrBtuLa.exe
  C:\Windows\System\NrBtuLa.exe
  2⤵
  PID:12620
- C:\Windows\System\pJsKTWd.exe
  C:\Windows\System\pJsKTWd.exe
  2⤵
  PID:13064
- C:\Windows\System\dIgsZic.exe
  C:\Windows\System\dIgsZic.exe
  2⤵
  PID:13276
- C:\Windows\System\IQReOIb.exe
  C:\Windows\System\IQReOIb.exe
  2⤵
  PID:13328
- C:\Windows\System\WZJxDid.exe
  C:\Windows\System\WZJxDid.exe
  2⤵
  PID:13364
- C:\Windows\System\wFEUqiz.exe
  C:\Windows\System\wFEUqiz.exe
  2⤵
  PID:13384
- C:\Windows\System\puBzfDo.exe
  C:\Windows\System\puBzfDo.exe
  2⤵
  PID:13408
- C:\Windows\System\aQXbkXg.exe
  C:\Windows\System\aQXbkXg.exe
  2⤵
  PID:13432
- C:\Windows\System\dJSVlhH.exe
  C:\Windows\System\dJSVlhH.exe
  2⤵
  PID:13460
- C:\Windows\System\ERtUhHI.exe
  C:\Windows\System\ERtUhHI.exe
  2⤵
  PID:13484
- C:\Windows\System\oppHQqQ.exe
  C:\Windows\System\oppHQqQ.exe
  2⤵
  PID:13508
- C:\Windows\System\CsrHndC.exe
  C:\Windows\System\CsrHndC.exe
  2⤵
  PID:13536
- C:\Windows\System\IYLtmcU.exe
  C:\Windows\System\IYLtmcU.exe
  2⤵
  PID:13560
- C:\Windows\System\nvuFWmR.exe
  C:\Windows\System\nvuFWmR.exe
  2⤵
  PID:13584
- C:\Windows\System\UNayhxp.exe
  C:\Windows\System\UNayhxp.exe
  2⤵
  PID:13608
- C:\Windows\System\XOkJHgx.exe
  C:\Windows\System\XOkJHgx.exe
  2⤵
  PID:13624
- C:\Windows\System\wjZsCvs.exe
  C:\Windows\System\wjZsCvs.exe
  2⤵
  PID:13644
- C:\Windows\System\lWdQQaU.exe
  C:\Windows\System\lWdQQaU.exe
  2⤵
  PID:13664
- C:\Windows\System\sRiRWde.exe
  C:\Windows\System\sRiRWde.exe
  2⤵
  PID:13688
- C:\Windows\System\jQXCDvH.exe
  C:\Windows\System\jQXCDvH.exe
  2⤵
  PID:13720
- C:\Windows\System\rwQLYLL.exe
  C:\Windows\System\rwQLYLL.exe
  2⤵
  PID:13748
- C:\Windows\System\pVpsQef.exe
  C:\Windows\System\pVpsQef.exe
  2⤵
  PID:13784
- C:\Windows\System\qGnpCaK.exe
  C:\Windows\System\qGnpCaK.exe
  2⤵
  PID:13812
- C:\Windows\System\FpiqgHp.exe
  C:\Windows\System\FpiqgHp.exe
  2⤵
  PID:13836
- C:\Windows\System\ntIZbsI.exe
  C:\Windows\System\ntIZbsI.exe
  2⤵
  PID:13852
- C:\Windows\System\FeBTgjM.exe
  C:\Windows\System\FeBTgjM.exe
  2⤵
  PID:13872
- C:\Windows\System\ArJrFQB.exe
  C:\Windows\System\ArJrFQB.exe
  2⤵
  PID:13900
- C:\Windows\System\dzxVSEy.exe
  C:\Windows\System\dzxVSEy.exe
  2⤵
  PID:13928
- C:\Windows\System\LHLNPUf.exe
  C:\Windows\System\LHLNPUf.exe
  2⤵
  PID:13952
- C:\Windows\System\OYWadrp.exe
  C:\Windows\System\OYWadrp.exe
  2⤵
  PID:13976
- C:\Windows\System\PpbThxo.exe
  C:\Windows\System\PpbThxo.exe
  2⤵
  PID:14000
- C:\Windows\System\VZgmEAn.exe
  C:\Windows\System\VZgmEAn.exe
  2⤵
  PID:14024
- C:\Windows\System\NhcJreW.exe
  C:\Windows\System\NhcJreW.exe
  2⤵
  PID:14052
- C:\Windows\System\crlKklN.exe
  C:\Windows\System\crlKklN.exe
  2⤵
  PID:14076
- C:\Windows\System\DrkeCne.exe
  C:\Windows\System\DrkeCne.exe
  2⤵
  PID:14104
- C:\Windows\System\wDNlJCQ.exe
  C:\Windows\System\wDNlJCQ.exe
  2⤵
  PID:14128
- C:\Windows\System\VDtDcsl.exe
  C:\Windows\System\VDtDcsl.exe
  2⤵
  PID:14164
- C:\Windows\System\ZBIhuLF.exe
  C:\Windows\System\ZBIhuLF.exe
  2⤵
  PID:14184
- C:\Windows\System\qOLdzUk.exe
  C:\Windows\System\qOLdzUk.exe
  2⤵
  PID:14208
- C:\Windows\System\QWcryRH.exe
  C:\Windows\System\QWcryRH.exe
  2⤵
  PID:14228
- C:\Windows\System\GVVHVtu.exe
  C:\Windows\System\GVVHVtu.exe
  2⤵
  PID:14256
- C:\Windows\System\JgNmQXu.exe
  C:\Windows\System\JgNmQXu.exe
  2⤵
  PID:14284
- C:\Windows\System\TsrgKlW.exe
  C:\Windows\System\TsrgKlW.exe
  2⤵
  PID:14316
- C:\Windows\System\EQXeQrS.exe
  C:\Windows\System\EQXeQrS.exe
  2⤵
  PID:4176
- C:\Windows\System\kBuxrek.exe
  C:\Windows\System\kBuxrek.exe
  2⤵
  PID:12356
- C:\Windows\System\gClRVtt.exe
  C:\Windows\System\gClRVtt.exe
  2⤵
  PID:13176
- C:\Windows\System\hebWXYH.exe
  C:\Windows\System\hebWXYH.exe
  2⤵
  PID:13200
- C:\Windows\System\nlVKbhQ.exe
  C:\Windows\System\nlVKbhQ.exe
  2⤵
  PID:12820
- C:\Windows\System\fMSZtHL.exe
  C:\Windows\System\fMSZtHL.exe
  2⤵
  PID:13272
- C:\Windows\System\tBhBSoz.exe
  C:\Windows\System\tBhBSoz.exe
  2⤵
  PID:11036
- C:\Windows\System\oeUghTl.exe
  C:\Windows\System\oeUghTl.exe
  2⤵
  PID:13292
- C:\Windows\System\BiNXwLT.exe
  C:\Windows\System\BiNXwLT.exe
  2⤵
  PID:12844
- C:\Windows\System\XoarJBC.exe
  C:\Windows\System\XoarJBC.exe
  2⤵
  PID:13316
- C:\Windows\System\UzPuynD.exe
  C:\Windows\System\UzPuynD.exe
  2⤵
  PID:13744
- C:\Windows\System\JyOXkXF.exe
  C:\Windows\System\JyOXkXF.exe
  2⤵
  PID:13580
- C:\Windows\System\ZzhAaQA.exe
  C:\Windows\System\ZzhAaQA.exe
  2⤵
  PID:13620
- C:\Windows\System\JPmgfBT.exe
  C:\Windows\System\JPmgfBT.exe
  2⤵
  PID:13520
- C:\Windows\System\ahpriaA.exe
  C:\Windows\System\ahpriaA.exe
  2⤵
  PID:14040
- C:\Windows\System\HLEqlzB.exe
  C:\Windows\System\HLEqlzB.exe
  2⤵
  PID:13916
- C:\Windows\System\UOdsSkK.exe
  C:\Windows\System\UOdsSkK.exe
  2⤵
  PID:13988
- C:\Windows\System\phIpxtm.exe
  C:\Windows\System\phIpxtm.exe
  2⤵
  PID:13828
- C:\Windows\System\tciBSBz.exe
  C:\Windows\System\tciBSBz.exe
  2⤵
  PID:13864
- C:\Windows\System\PUlUwYs.exe
  C:\Windows\System\PUlUwYs.exe
  2⤵
  PID:14160
- C:\Windows\System\CajaENO.exe
  C:\Windows\System\CajaENO.exe
  2⤵
  PID:13380
- C:\Windows\System\qpiXAAU.exe
  C:\Windows\System\qpiXAAU.exe
  2⤵
  PID:14020
- C:\Windows\System\CrdVvSx.exe
  C:\Windows\System\CrdVvSx.exe
  2⤵
  PID:14280
- C:\Windows\System\FcYzlAd.exe
  C:\Windows\System\FcYzlAd.exe
  2⤵
  PID:14064
- C:\Windows\System\ccsyMSO.exe
  C:\Windows\System\ccsyMSO.exe
  2⤵
  PID:14600
- C:\Windows\System\HapSlEc.exe
  C:\Windows\System\HapSlEc.exe
  2⤵
  PID:14632
- C:\Windows\System\fbLkWOo.exe
  C:\Windows\System\fbLkWOo.exe
  2⤵
  PID:14652
- C:\Windows\System\OKHRxfw.exe
  C:\Windows\System\OKHRxfw.exe
  2⤵
  PID:14688
- C:\Windows\System\EkUtgEY.exe
  C:\Windows\System\EkUtgEY.exe
  2⤵
  PID:14716
- C:\Windows\System\tfYYNUu.exe
  C:\Windows\System\tfYYNUu.exe
  2⤵
  PID:14756
- C:\Windows\System\jCLVnna.exe
  C:\Windows\System\jCLVnna.exe
  2⤵
  PID:14784
- C:\Windows\System\RBJcxeb.exe
  C:\Windows\System\RBJcxeb.exe
  2⤵
  PID:14812
- C:\Windows\System\vJlaDbt.exe
  C:\Windows\System\vJlaDbt.exe
  2⤵
  PID:14840
- C:\Windows\System\tFPIbff.exe
  C:\Windows\System\tFPIbff.exe
  2⤵
  PID:14856
- C:\Windows\System\DjUcDDH.exe
  C:\Windows\System\DjUcDDH.exe
  2⤵
  PID:14876
- C:\Windows\System\VPdmHqE.exe
  C:\Windows\System\VPdmHqE.exe
  2⤵
  PID:14896
- C:\Windows\System\sowcmlV.exe
  C:\Windows\System\sowcmlV.exe
  2⤵
  PID:14920
- C:\Windows\System\sUjChzl.exe
  C:\Windows\System\sUjChzl.exe
  2⤵
  PID:14944
- C:\Windows\System\KoYIESB.exe
  C:\Windows\System\KoYIESB.exe
  2⤵
  PID:14968
- C:\Windows\System\VDqanRe.exe
  C:\Windows\System\VDqanRe.exe
  2⤵
  PID:14992
- C:\Windows\System\mNkMoeO.exe
  C:\Windows\System\mNkMoeO.exe
  2⤵
  PID:15016
- C:\Windows\System\fPunYUy.exe
  C:\Windows\System\fPunYUy.exe
  2⤵
  PID:15040
- C:\Windows\System\uFhgJMj.exe
  C:\Windows\System\uFhgJMj.exe
  2⤵
  PID:15064
- C:\Windows\System\utusxPe.exe
  C:\Windows\System\utusxPe.exe
  2⤵
  PID:15096
- C:\Windows\System\gDSRTfq.exe
  C:\Windows\System\gDSRTfq.exe
  2⤵
  PID:15124
- C:\Windows\System\SDuVAcL.exe
  C:\Windows\System\SDuVAcL.exe
  2⤵
  PID:15148
- C:\Windows\System\FSmpJYc.exe
  C:\Windows\System\FSmpJYc.exe
  2⤵
  PID:15172
- C:\Windows\System\ezRRlBC.exe
  C:\Windows\System\ezRRlBC.exe
  2⤵
  PID:15196
- C:\Windows\System\RQJAnew.exe
  C:\Windows\System\RQJAnew.exe
  2⤵
  PID:15220
- C:\Windows\System\tqhPHyT.exe
  C:\Windows\System\tqhPHyT.exe
  2⤵
  PID:15244
- C:\Windows\System\xEVywwG.exe
  C:\Windows\System\xEVywwG.exe
  2⤵
  PID:15300
- C:\Windows\System\jpeYLBy.exe
  C:\Windows\System\jpeYLBy.exe
  2⤵
  PID:15320
- C:\Windows\System\qlFAhQL.exe
  C:\Windows\System\qlFAhQL.exe
  2⤵
  PID:15344
- C:\Windows\System\knUJMjH.exe
  C:\Windows\System\knUJMjH.exe
  2⤵
  PID:14300
- C:\Windows\System\MpBQMmg.exe
  C:\Windows\System\MpBQMmg.exe
  2⤵
  PID:14204
- C:\Windows\System\FXaDCrv.exe
  C:\Windows\System\FXaDCrv.exe
  2⤵
  PID:13896
- C:\Windows\System\YqODWQR.exe
  C:\Windows\System\YqODWQR.exe
  2⤵
  PID:12768
- C:\Windows\System\CnilXlK.exe
  C:\Windows\System\CnilXlK.exe
  2⤵
  PID:13844
- C:\Windows\System\iuJmOjW.exe
  C:\Windows\System\iuJmOjW.exe
  2⤵
  PID:12972
- C:\Windows\System\OzsjqWF.exe
  C:\Windows\System\OzsjqWF.exe
  2⤵
  PID:13712
- C:\Windows\System\BuwMhcj.exe
  C:\Windows\System\BuwMhcj.exe
  2⤵
  PID:14196
- C:\Windows\System\ycmuluS.exe
  C:\Windows\System\ycmuluS.exe
  2⤵
  PID:14396
- C:\Windows\System\BXXPbrO.exe
  C:\Windows\System\BXXPbrO.exe
  2⤵
  PID:14480
- C:\Windows\System\Zncalxi.exe
  C:\Windows\System\Zncalxi.exe
  2⤵
  PID:14360
- C:\Windows\System\xjqAdrm.exe
  C:\Windows\System\xjqAdrm.exe
  2⤵
  PID:14712
- C:\Windows\System\YqxiMXD.exe
  C:\Windows\System\YqxiMXD.exe
  2⤵
  PID:14744
- C:\Windows\System\MwzkzsE.exe
  C:\Windows\System\MwzkzsE.exe
  2⤵
  PID:14700
- C:\Windows\System\oHMgAsl.exe
  C:\Windows\System\oHMgAsl.exe
  2⤵
  PID:14776
- C:\Windows\System\pdNmXle.exe
  C:\Windows\System\pdNmXle.exe
  2⤵
  PID:14804
- C:\Windows\System\zsxRurq.exe
  C:\Windows\System\zsxRurq.exe
  2⤵
  PID:14888
- C:\Windows\System\UzPgFRs.exe
  C:\Windows\System\UzPgFRs.exe
  2⤵
  PID:14868
- C:\Windows\System\IHcptIF.exe
  C:\Windows\System\IHcptIF.exe
  2⤵
  PID:15084
- C:\Windows\System\CXUzcat.exe
  C:\Windows\System\CXUzcat.exe
  2⤵
  PID:14932
- C:\Windows\System\TaxMpRL.exe
  C:\Windows\System\TaxMpRL.exe
  2⤵
  PID:15088
- C:\Windows\System\iuAPyau.exe
  C:\Windows\System\iuAPyau.exe
  2⤵
  PID:2664
- C:\Windows\System\dDFpkaO.exe
  C:\Windows\System\dDFpkaO.exe
  2⤵
  PID:15192
- C:\Windows\System\WeEOBiV.exe
  C:\Windows\System\WeEOBiV.exe
  2⤵
  PID:14092
- C:\Windows\System\nXUIQnD.exe
  C:\Windows\System\nXUIQnD.exe
  2⤵
  PID:15232
- C:\Windows\System\PtfSdPS.exe
  C:\Windows\System\PtfSdPS.exe
  2⤵
  PID:13348
- C:\Windows\System\hGJtjzM.exe
  C:\Windows\System\hGJtjzM.exe
  2⤵
  PID:15264
- C:\Windows\System\LZgLgIV.exe
  C:\Windows\System\LZgLgIV.exe
  2⤵
  PID:15288
- C:\Windows\System\ZAKrtlW.exe
  C:\Windows\System\ZAKrtlW.exe
  2⤵
  PID:13596
- C:\Windows\System\YNCFtwm.exe
  C:\Windows\System\YNCFtwm.exe
  2⤵
  PID:14440
- C:\Windows\System\skCLlUp.exe
  C:\Windows\System\skCLlUp.exe
  2⤵
  PID:11344
- C:\Windows\System\YMRFKAr.exe
  C:\Windows\System\YMRFKAr.exe
  2⤵
  PID:14508
- C:\Windows\System\DKIdfhU.exe
  C:\Windows\System\DKIdfhU.exe
  2⤵
  PID:14964
- C:\Windows\System\tOXjPNM.exe
  C:\Windows\System\tOXjPNM.exe
  2⤵
  PID:12744
- C:\Windows\System\plaHIZa.exe
  C:\Windows\System\plaHIZa.exe
  2⤵
  PID:14916
- C:\Windows\System\WbvmoIq.exe
  C:\Windows\System\WbvmoIq.exe
  2⤵
  PID:13548
- C:\Windows\System\YocRqIP.exe
  C:\Windows\System\YocRqIP.exe
  2⤵
  PID:15076
- C:\Windows\System\lXjLcGk.exe
  C:\Windows\System\lXjLcGk.exe
  2⤵
  PID:4908
- C:\Windows\System\mgIPgna.exe
  C:\Windows\System\mgIPgna.exe
  2⤵
  PID:15380
- C:\Windows\System\HArNXsA.exe
  C:\Windows\System\HArNXsA.exe
  2⤵
  PID:15404
- C:\Windows\System\MshrKUM.exe
  C:\Windows\System\MshrKUM.exe
  2⤵
  PID:15424
- C:\Windows\System\XvnbXec.exe
  C:\Windows\System\XvnbXec.exe
  2⤵
  PID:15456
- C:\Windows\System\zmgfpmN.exe
  C:\Windows\System\zmgfpmN.exe
  2⤵
  PID:15484
- C:\Windows\System\PmAUspn.exe
  C:\Windows\System\PmAUspn.exe
  2⤵
  PID:15504
- C:\Windows\System\GtpIrtb.exe
  C:\Windows\System\GtpIrtb.exe
  2⤵
  PID:15528
- C:\Windows\System\jmCvOIf.exe
  C:\Windows\System\jmCvOIf.exe
  2⤵
  PID:15548
- C:\Windows\System\qDkbeji.exe
  C:\Windows\System\qDkbeji.exe
  2⤵
  PID:15564
- C:\Windows\System\fKpkwRF.exe
  C:\Windows\System\fKpkwRF.exe
  2⤵
  PID:15588
- C:\Windows\System\qUIMcTk.exe
  C:\Windows\System\qUIMcTk.exe
  2⤵
  PID:15620
- C:\Windows\System\cuimSAZ.exe
  C:\Windows\System\cuimSAZ.exe
  2⤵
  PID:15656
- C:\Windows\System\UhplHwq.exe
  C:\Windows\System\UhplHwq.exe
  2⤵
  PID:15680
- C:\Windows\System\YwVaqKs.exe
  C:\Windows\System\YwVaqKs.exe
  2⤵
  PID:15712
- C:\Windows\System\UPGRerd.exe
  C:\Windows\System\UPGRerd.exe
  2⤵
  PID:15736
- C:\Windows\System\NjsLDft.exe
  C:\Windows\System\NjsLDft.exe
  2⤵
  PID:15752
- C:\Windows\System\lvYTykg.exe
  C:\Windows\System\lvYTykg.exe
  2⤵
  PID:15784
- C:\Windows\System\znEaxLb.exe
  C:\Windows\System\znEaxLb.exe
  2⤵
  PID:15808
- C:\Windows\System\MXhhiwc.exe
  C:\Windows\System\MXhhiwc.exe
  2⤵
  PID:15828
- C:\Windows\System\vAVhOUz.exe
  C:\Windows\System\vAVhOUz.exe
  2⤵
  PID:15852
- C:\Windows\System\BgjiVRr.exe
  C:\Windows\System\BgjiVRr.exe
  2⤵
  PID:15872
- C:\Windows\System\okADNcd.exe
  C:\Windows\System\okADNcd.exe
  2⤵
  PID:15896
- C:\Windows\System\HCWcqkY.exe
  C:\Windows\System\HCWcqkY.exe
  2⤵
  PID:15916
- C:\Windows\System\TbUKUVy.exe
  C:\Windows\System\TbUKUVy.exe
  2⤵
  PID:15948
- C:\Windows\System\pURszRi.exe
  C:\Windows\System\pURszRi.exe
  2⤵
  PID:15972
- C:\Windows\System\YdtQBKX.exe
  C:\Windows\System\YdtQBKX.exe
  2⤵
  PID:15992
- C:\Windows\System\WnvMRRq.exe
  C:\Windows\System\WnvMRRq.exe
  2⤵
  PID:16024
- C:\Windows\System\xhHMnaE.exe
  C:\Windows\System\xhHMnaE.exe
  2⤵
  PID:16048
- C:\Windows\System\hskmZGk.exe
  C:\Windows\System\hskmZGk.exe
  2⤵
  PID:16064
- C:\Windows\System\sYXRtfx.exe
  C:\Windows\System\sYXRtfx.exe
  2⤵
  PID:16092
- C:\Windows\System\ITKsdZj.exe
  C:\Windows\System\ITKsdZj.exe
  2⤵
  PID:16112
- C:\Windows\System\ZBHnenF.exe
  C:\Windows\System\ZBHnenF.exe
  2⤵
  PID:16132
- C:\Windows\System\SWCoCWc.exe
  C:\Windows\System\SWCoCWc.exe
  2⤵
  PID:16148
- C:\Windows\System\HmOzUhs.exe
  C:\Windows\System\HmOzUhs.exe
  2⤵
  PID:16176
- C:\Windows\System\MHEwPxs.exe
  C:\Windows\System\MHEwPxs.exe
  2⤵
  PID:16196
- C:\Windows\System\mKovGJG.exe
  C:\Windows\System\mKovGJG.exe
  2⤵
  PID:16216
- C:\Windows\System\fyciWor.exe
  C:\Windows\System\fyciWor.exe
  2⤵
  PID:16244
- C:\Windows\System\JZMyucc.exe
  C:\Windows\System\JZMyucc.exe
  2⤵
  PID:16268
- C:\Windows\System\gTDVYGT.exe
  C:\Windows\System\gTDVYGT.exe
  2⤵
  PID:16304
- C:\Windows\System\TgNDKzN.exe
  C:\Windows\System\TgNDKzN.exe
  2⤵
  PID:16328
- C:\Windows\System\zHOCNCa.exe
  C:\Windows\System\zHOCNCa.exe
  2⤵
  PID:16356
- C:\Windows\System\ItAnfIc.exe
  C:\Windows\System\ItAnfIc.exe
  2⤵
  PID:15212
- C:\Windows\System\fvxcfoc.exe
  C:\Windows\System\fvxcfoc.exe
  2⤵
  PID:12360
- C:\Windows\System\ulshjYN.exe
  C:\Windows\System\ulshjYN.exe
  2⤵
  PID:15364
- C:\Windows\System\CyOKRAV.exe
  C:\Windows\System\CyOKRAV.exe
  2⤵
  PID:15316
- C:\Windows\System\NJMbhCV.exe
  C:\Windows\System\NJMbhCV.exe
  2⤵
  PID:14368
- C:\Windows\System\NoiDdso.exe
  C:\Windows\System\NoiDdso.exe
  2⤵
  PID:15340
- C:\Windows\System\ngBsOFw.exe
  C:\Windows\System\ngBsOFw.exe
  2⤵
  PID:15024
- C:\Windows\System\jSsMpxx.exe
  C:\Windows\System\jSsMpxx.exe
  2⤵
  PID:15652
- C:\Windows\System\AqJNbyq.exe
  C:\Windows\System\AqJNbyq.exe
  2⤵
  PID:15412
- C:\Windows\System\ZpPzPJV.exe
  C:\Windows\System\ZpPzPJV.exe
  2⤵
  PID:15816
- C:\Windows\System\NYwyPik.exe
  C:\Windows\System\NYwyPik.exe
  2⤵
  PID:15576
- C:\Windows\System\ZNomFbb.exe
  C:\Windows\System\ZNomFbb.exe
  2⤵
  PID:15928
- C:\Windows\System\CCsCbMn.exe
  C:\Windows\System\CCsCbMn.exe
  2⤵
  PID:15440
- C:\Windows\System\aYyiDbD.exe
  C:\Windows\System\aYyiDbD.exe
  2⤵
  PID:15988
- C:\Windows\System\WpxNabq.exe
  C:\Windows\System\WpxNabq.exe
  2⤵
  PID:16060
- C:\Windows\System\AOfZzoQ.exe
  C:\Windows\System\AOfZzoQ.exe
  2⤵
  PID:15636
- C:\Windows\System\uDJuQOy.exe
  C:\Windows\System\uDJuQOy.exe
  2⤵
  PID:15732
- C:\Windows\System\ympSrTm.exe
  C:\Windows\System\ympSrTm.exe
  2⤵
  PID:15748
- C:\Windows\System\cFwZFSQ.exe
  C:\Windows\System\cFwZFSQ.exe
  2⤵
  PID:16284
- C:\Windows\System\bqSJvZr.exe
  C:\Windows\System\bqSJvZr.exe
  2⤵
  PID:16316
- C:\Windows\System\vImuFLd.exe
  C:\Windows\System\vImuFLd.exe
  2⤵
  PID:16080
- C:\Windows\System\brlZRcO.exe
  C:\Windows\System\brlZRcO.exe
  2⤵
  PID:16108
- C:\Windows\System\SdCCDiq.exe
  C:\Windows\System\SdCCDiq.exe
  2⤵
  PID:16204
- C:\Windows\System\mNGIBFv.exe
  C:\Windows\System\mNGIBFv.exe
  2⤵
  PID:16388
- C:\Windows\System\TpxrlXR.exe
  C:\Windows\System\TpxrlXR.exe
  2⤵
  PID:16416
- C:\Windows\System\WYWtosH.exe
  C:\Windows\System\WYWtosH.exe
  2⤵
  PID:16444
- C:\Windows\System\IFonbAO.exe
  C:\Windows\System\IFonbAO.exe
  2⤵
  PID:16464
- C:\Windows\System\iPcUInk.exe
  C:\Windows\System\iPcUInk.exe
  2⤵
  PID:16484
- C:\Windows\System\zliibfW.exe
  C:\Windows\System\zliibfW.exe
  2⤵
  PID:16508
- C:\Windows\System\lnlxOxn.exe
  C:\Windows\System\lnlxOxn.exe
  2⤵
  PID:16524
- C:\Windows\System\ywdGqOB.exe
  C:\Windows\System\ywdGqOB.exe
  2⤵
  PID:16556
- C:\Windows\System\aiczelZ.exe
  C:\Windows\System\aiczelZ.exe
  2⤵
  PID:16572
- C:\Windows\System\qchDhfR.exe
  C:\Windows\System\qchDhfR.exe
  2⤵
  PID:16600
- C:\Windows\System\jKiZIBc.exe
  C:\Windows\System\jKiZIBc.exe
  2⤵
  PID:16632
- C:\Windows\System\EAVJXRi.exe
  C:\Windows\System\EAVJXRi.exe
  2⤵
  PID:16660
- C:\Windows\System\MDCJeFG.exe
  C:\Windows\System\MDCJeFG.exe
  2⤵
  PID:16688
- C:\Windows\System\tKPQlGr.exe
  C:\Windows\System\tKPQlGr.exe
  2⤵
  PID:16708
- C:\Windows\System\uAERstQ.exe
  C:\Windows\System\uAERstQ.exe
  2⤵
  PID:16732
- C:\Windows\System\cpoCjfa.exe
  C:\Windows\System\cpoCjfa.exe
  2⤵
  PID:16752
- C:\Windows\System\LszlslE.exe
  C:\Windows\System\LszlslE.exe
  2⤵
  PID:16776
- C:\Windows\System\MfboGll.exe
  C:\Windows\System\MfboGll.exe
  2⤵
  PID:16804
- C:\Windows\System\BPPIyYm.exe
  C:\Windows\System\BPPIyYm.exe
  2⤵
  PID:16820
- C:\Windows\System\lWrSaOL.exe
  C:\Windows\System\lWrSaOL.exe
  2⤵
  PID:16856
- C:\Windows\System\VBXgXws.exe
  C:\Windows\System\VBXgXws.exe
  2⤵
  PID:16896
- C:\Windows\System\KDkSprk.exe
  C:\Windows\System\KDkSprk.exe
  2⤵
  PID:16916
- C:\Windows\System\WPlCYEs.exe
  C:\Windows\System\WPlCYEs.exe
  2⤵
  PID:16948
- C:\Windows\System\hYcKqHH.exe
  C:\Windows\System\hYcKqHH.exe
  2⤵
  PID:16972
- C:\Windows\System\zWVsrKw.exe
  C:\Windows\System\zWVsrKw.exe
  2⤵
  PID:16996
- C:\Windows\System\PWiKHEX.exe
  C:\Windows\System\PWiKHEX.exe
  2⤵
  PID:17020
- C:\Windows\System\rOvkIvc.exe
  C:\Windows\System\rOvkIvc.exe
  2⤵
  PID:17052
- C:\Windows\System\mcnSVYU.exe
  C:\Windows\System\mcnSVYU.exe
  2⤵
  PID:17080
- C:\Windows\System\NiPTODi.exe
  C:\Windows\System\NiPTODi.exe
  2⤵
  PID:17104
- C:\Windows\System\vJIGUiL.exe
  C:\Windows\System\vJIGUiL.exe
  2⤵
  PID:17128
- C:\Windows\System\Igwxygw.exe
  C:\Windows\System\Igwxygw.exe
  2⤵
  PID:17160
- C:\Windows\System\onxQEQe.exe
  C:\Windows\System\onxQEQe.exe
  2⤵
  PID:17176
- C:\Windows\System\llYOyJe.exe
  C:\Windows\System\llYOyJe.exe
  2⤵
  PID:17204
- C:\Windows\System\unLYuhs.exe
  C:\Windows\System\unLYuhs.exe
  2⤵
  PID:17232
- C:\Windows\System\uAJqdXc.exe
  C:\Windows\System\uAJqdXc.exe
  2⤵
  PID:17260
- C:\Windows\System\PqXbffu.exe
  C:\Windows\System\PqXbffu.exe
  2⤵
  PID:17288
- C:\Windows\System\ThZMOdF.exe
  C:\Windows\System\ThZMOdF.exe
  2⤵
  PID:17312

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16792

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17532

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17816

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17908

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18056

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18152

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18260

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:18352

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x154
1⤵
PID:16964

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:17600

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:17608

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:17560

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:17564

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:17624

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:17656

C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /R /T
1⤵
- Drops file in System32 directory
PID:14864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AuKqYgW.exe

Filesize
1.6MB

MD5
4d7a476c6877aa8c056d647139ebd366

SHA1
9aac9f08e372850f44a81972256c146288911892

SHA256
e27d9b67a9af9274c253e6378bef56cee7d4dda45a4b6207ffc6e8c72f174d9d

SHA512
9bee7315921804d88697dea4006975421f434b926f27cd40390acad57206307fef0d068fbc87b683f622cfa62ab032d44fe913bf1cca9ad2515ad1357a04cc12

Download Submit
C:\Windows\System\BMjPyOq.exe

Filesize
1.6MB

MD5
0c14326690fd462d2fd970e5b510a6b7

SHA1
0f072fe0cf787101d7d8bd2e6869f7bf44bf9966

SHA256
d95f4f1646cdbc67b207a4c19c43767fc11e422e8827db1f5e626fe48f1d69ee

SHA512
31de5040ef81cadea12232b9363498046d35cfde9efa2171529cf853830500841ed7862734755930fb27af5421521d2ef1afbfac18ea54db9095c72fa640a05a

Download Submit
C:\Windows\System\CwcFqzH.exe

Filesize
1.6MB

MD5
1a022d38ebca4842b5f24f623f751a2a

SHA1
2bbaf3bdb71aa155c9abaca4957f3aada69b57bb

SHA256
f6a094c485a3d5a0b33d352e5abc97844236cf8f3962881a003325c9376e06f2

SHA512
b2d746864b6cefb91efddbed25542164329ce8ac7f32be344c511f9648047dd2a05881883fd95dac44068a036c023183bdcfa6954e99b9a87dd100ef8299e83a

Download Submit
C:\Windows\System\DCxeXuF.exe

Filesize
1.6MB

MD5
b293c54f8fabee3cc0d329190d1dab58

SHA1
db851d1d91ef93f592317feec35ee0453c16b47d

SHA256
fd2e507e5018aa6531d9e59d29240093f55a4900e8aa1159a4d0d6219f345557

SHA512
2fc5fc8f6cb398f181cffcf480c74edd81c24c45efa22c69ca514664deeba736a31c77291e14581d8d69fba016224e1c52360f39b96f4d2eee3f5e3b105cd3bd

Download Submit
C:\Windows\System\FLAZUXT.exe

Filesize
1.6MB

MD5
fd410761265be3bd2b5eeaafafc1294b

SHA1
d18b3ec0b885a3bf5364341f9c1b636292f41c1a

SHA256
a8b2a0e718d9abd72dfd4272c9165d50f4bf60f41fdb43748271ae21e455685a

SHA512
c0e483f51bb21ae78ec88153894ffe093d0fff23a4d30223abfbe306a2fe76a3c3d3379d3caa4f694e0049bf6c091bf117bfbb8f454093e03e90bfaa978c9332

Download Submit
C:\Windows\System\GnoSEww.exe

Filesize
1.6MB

MD5
bd3e30c35c5556effbb8cd42678ea4df

SHA1
2f96f745c4f6ccd2965ec91e7c3c07944a791292

SHA256
138a62f8dde8374ae95fda33073e18d4cc32460c372157122040b70c2af9befd

SHA512
ce21c8a15e5533eea2f00b2594ccd592d62c033cd409ceaa34a9712fe588acec37e6e0b802d1cc11ebfaac80fbb772f6a5b09014b67b5a802d6f32b0ba889db3

Download Submit
C:\Windows\System\Gtfoxyn.exe

Filesize
1.6MB

MD5
a66fabea33b92c4a08b46872a4439b91

SHA1
3eeb7814f94a19b37d27131efdae0722508dc930

SHA256
a60e1b3a0ab0c231db680a67a623838171e96660007aa2e1ba9a3b7929b31032

SHA512
84008e8ca13aef1423bebeccf0db632c2b2e2ac29c7fa1d207d8847feb92dacb5055bde283ada7c11e4e87d9da5b1b0dddc5d7bc0546301bf92d7bfd9a93f5cb

Download Submit
C:\Windows\System\HHNxMTo.exe

Filesize
1.6MB

MD5
ba4d42c284fb245be1f108060978b31f

SHA1
55f5f374f9f4cd0f813dd176324c32a35490608b

SHA256
cefe9c818a6e8f0a92f5848339a5d0697c9125f357cdb796c717661defc06bcd

SHA512
c2d335245c3d21e8622d75388102f805edc0bde3c8ea1a0e856764d10f882b584d0395eb12b72bd8ace288605696176957cab6bd83bfae2fd64df76ec5a67524

Download Submit
C:\Windows\System\HObMQeS.exe

Filesize
1.6MB

MD5
3e14dd91478a7de16e61c0512e8a5b94

SHA1
72fc863dafa349546a2a5cf3a3f4a4a9f7b9bafd

SHA256
1aa5b1d832aa266ef99e440bcc093b8f7288195eeabdfe4ed4d18930a5962aca

SHA512
31f0c98fb03469eafc0219d3ca5a870d350ba3c1ffdc9296f50c5a56cc4252c9dfcbd415803cd3251f03c2fe072b28ad7d9d8b28a85ba6cadce2f94f7de7fe67

Download Submit
C:\Windows\System\IYIpWsu.exe

Filesize
1.6MB

MD5
07c153490c15768deb30a4d814c52e48

SHA1
4723ba86e9da6ce273e2f3dcdde381908323f2d4

SHA256
0ab9fafaf543951a1516fbea73904f2f1fd8f8ba11f26ab26ef75bc0322095a8

SHA512
711f9d99944be4baa3014bf2fa13e51ff4b236dde311e64df78f9da6d69d250ef42acf7383401fc9de645f1ade8332475b67b4f9e752c8aefaecf42c2759783d

Download Submit
C:\Windows\System\KBmuRwY.exe

Filesize
1.6MB

MD5
f52c6f72d5f1e74dae3ed09464140586

SHA1
aa940be20c13b54e3c548d9d110fb662836b13ef

SHA256
70ba4aa3663b02478279123b9765b99fa2ba8634da889249a66fb714f02ef9ad

SHA512
026676d611eb4b6281d0e6ba8a745fc3c9a60463ea9897fb3b0cd3b0b1bbaf09eacfbdc2b97cb953605413f2bddd56ff67e84213ca5d6d0b8ad2c9b3cf27bfcd

Download Submit
C:\Windows\System\PNgItto.exe

Filesize
1.6MB

MD5
e465c2bf9439d92e872c4aa40f2b4dba

SHA1
570fd809b0dc314476fc9771b6dab74bd35b4523

SHA256
94612a50ce201d6f8a5d0b078c968fd4c69ec3d8e3af9a6af8c8d6046b73b451

SHA512
a98c1d81ce49b43a30e61583979fef107d12e5ea6f3214ed50b8e58339047a29313481c19f15726ed65cb23412f4bee7b4169724d60f749ceb086e745be69351

Download Submit
C:\Windows\System\SsbHfFG.exe

Filesize
1.6MB

MD5
c1e4135244452acb3fa34ed56dd53850

SHA1
899d5345eafd22548f68717c9c3ef174d9de09fd

SHA256
9a92bcc5e4e477ebbd013d2ff5f2a9ea3844303e0807428e9cb054a1dfccac92

SHA512
68378f97d7da20ce5d45bd48df33a248c5d02c5586148b2bdb76121026d5722969f15517a00e2761e0439ab51893aa8e264fabc793516b4dbd8db7993fe77b99

Download Submit
C:\Windows\System\UHWQHaB.exe

Filesize
1.6MB

MD5
c1d52f5ac24d91810d888a57c6131aaf

SHA1
182367eec2382c14fbe8e9ea118c4a5171e61045

SHA256
86cd20d82f48ad313d7a79271eee5639a8475a583dd934f60d219755417dd215

SHA512
71085ea8d348c2b5127fb52a7f585f3415a70175156c7f2ccb277ba3ff8529a6cb8ffd236a42d37ac16d2cabe68e2407e3c874011dc7e31d252db77c346eb7b1

Download Submit
C:\Windows\System\UPdfuiT.exe

Filesize
1.6MB

MD5
ffc374e3974f31c93ad9979264f8a446

SHA1
3a999716ec5e4cde22556fe65ee37ee045feabe4

SHA256
e2c95f969c5531c5bc9f5541ad81a5196fae996b12bd993299fd9525c5e8fe92

SHA512
131414d4374b228127ff3334b5473242209a4e17845b0d200642e8a19013407f5d9381fe23cb56059b188bc96d0424e0d256dcd3ccfb1cf275228278d2b0094e

Download Submit
C:\Windows\System\VYqgkfn.exe

Filesize
1.6MB

MD5
4ec959eda02ae129ae2f4bb77e42b09a

SHA1
a394171699e92fa3c0e83ecf0de48cfdfeb1d247

SHA256
a78f98bb870bd4ff62debb877baccb2e11caf935712016e826851e497835ce07

SHA512
7cb9a88898a2dac41e99edace632ac3b7389e929af4269cc053a9c9400051b42bc9b1f391ac9a90ed206b1717f74417281327cb0b9f40eaf259c2ae35f1d89f5

Download Submit
C:\Windows\System\XeICZyp.exe

Filesize
1.6MB

MD5
d43e6e5451cc15519fd3108fa45a5269

SHA1
0945a8a50c86fa65440f7b0fd8d071d27aaadb2f

SHA256
ca9485036bef992d97a6bec85a2384f0e9eafe9da30890c1d1c860cbc1f28bee

SHA512
22fe04d088eb8b618f0dc76a3637f56602b5005fc5fbd812e5eb2ae71093190b932c78bbd042e5a38626257f4142af526e6b8789b568b99d158cfe0b8644864b

Download Submit
C:\Windows\System\XvZWOpT.exe

Filesize
1.6MB

MD5
f66ef73e5fbc7d8e4b44ed1af72c1058

SHA1
639e00804a696a7f9c9204eb1620378b822ce510

SHA256
c8d07195a0375188a84f36754fff8df381d30d6d56219115cbef245a15e509f3

SHA512
078d5f5d3cd09659f6751a61fcb6bed314ed802cbef1195f9777748cd378a3bab16185ee335e994237260af2fba4ef7ef932f21822ca778308d83b419271db14

Download Submit
C:\Windows\System\heEUNVd.exe

Filesize
1.6MB

MD5
8f183f42d7575e5328f42cb133c7d651

SHA1
041dafd7324992be4972df40df4262e9c02cbcc2

SHA256
a094630afdcdfa329899ca57bc1400c64ac04b1c49a0c893b16b5d2f5970ee61

SHA512
4c90ff1751a8a0926fd2a9e83a9c9fac20dd359cfc32ab4a00839bc615a903719556df731a21790423e0b6e0e142a864e7f782723f8966140c55dc5c6afbe977

Download Submit
C:\Windows\System\hsTtuuY.exe

Filesize
1.6MB

MD5
cdba9914c9eec3bbe71ed87303ad9fe2

SHA1
d22324045689ed5af98de96cc72f71d6fa2e99aa

SHA256
57c1b1963c0f27c43fdf0785d9d6f19e17344998f04f5581ca0c3f16d9df17c7

SHA512
f3bbbf14add78475ed90740f4b4d8d19fae68cb3f3fd7b73eb020b9ce86aded6b4abcbeca1f72c62c968844bbd140614b2b77ae964a7379681864c4a4c77bab5

Download Submit
C:\Windows\System\ieaFxtg.exe

Filesize
1.6MB

MD5
47ad7dc2cf9db32c81a8c148e781253f

SHA1
67e7e90babaec3ac8c26f2516cdb9e74feafd92b

SHA256
d36a9d17b9639080b53ef00a0621afb455dd3e35e321a9e1758109e5b4aa8cb6

SHA512
b46aa849dd463e66bd72b2bbf08cb5a35d348f89147ca1ea8977a088f120a7d9863d2f5ad464c090ccff875b0b3521468d6f1c0b72422f6d1258ac80feb20b52

Download Submit
C:\Windows\System\jhZFTKg.exe

Filesize
1.6MB

MD5
90f2040385ff8b01a566c8dbb0d655f2

SHA1
4af85a67a6ace54a04027e8f3adf047af52110fb

SHA256
7e8d78b8ba060b3586fc18ee34c7baa3c10ac0d028dd22727c06477b916a113a

SHA512
493482bd12647aeeb6d9a7ece146b6ac314a196df1a57a12fd44cdc46a5729a0187a4dc60dc74637d0ad54169ca43273bb9309105adf8eb218b6359c18ade3cd

Download Submit
C:\Windows\System\ktTVkwv.exe

Filesize
1.6MB

MD5
9e26b38f3fef87f74de06799793f34d7

SHA1
1aec7526771ef83fe64a303b1047dbefdb3b2881

SHA256
cd0a8d645ec57ed1cbd53325fd3e5441b41f61cd59a8c3527a4590e05f0502ff

SHA512
01da059974680fae9d5aa401401125e69f6ad5d294cde6a978a837f619a59284dac859056c504d7f92a18e0bc7007558ef939099e923c8927eb74f9b1d9816b7

Download Submit
C:\Windows\System\mjuWbcw.exe

Filesize
1.6MB

MD5
7cf138f14c58ac4932bae163efa28d02

SHA1
28cdfb33f1be561dd828782a2ec1d37d12b2afcf

SHA256
b55ea6e4e3bd4f8aa7b0b1f23885abcbc86f022d01d9af0198187d19dcb1021c

SHA512
751faeb7e12c76b09c8373c00a1306e04c0a0063e124dab6327f116fedcd8cf051d1fb73507efd0c0bc861b31aa6e501737dc13f63bf92d0b28c6e6dc8d2e508

Download Submit
C:\Windows\System\nrapFEW.exe

Filesize
1.6MB

MD5
839bfca41cbd14c1bdbec798bc4a3736

SHA1
961b936c3a3896ff03c8a9d44ca328388811b551

SHA256
895c5bad676210a08145188584c3836662114a53e9370cbed017250bcd3dedb2

SHA512
9eeb8f9fc8a98c64d94757a163c767c6dea0944c301ce4969b0cfcf361ae9cddb1a253b21fb63de260b8b670da3efbcab3359dd314d1940cc17c144c884b463c

Download Submit
C:\Windows\System\oFYgQJx.exe

Filesize
1.6MB

MD5
f02cb5cac44fc3d344f71cbaacccdad0

SHA1
77c6900808737e5607c3318b90825144c50c833e

SHA256
4a3162a7d2e263c6d3310b99f21d59d6dad8b81356654e3bea655d6d0bdb7b46

SHA512
9f73dfcc1a7b5905780015ea3d441a1a1f5bfaf1bcd618016cbc8444d9dac36b9e18e102f00ff9d611938d8a5ad57bdbc4fac953ec31bce6558b86c231d68083

Download Submit
C:\Windows\System\pSWfooU.exe

Filesize
1.6MB

MD5
08a7d074ef0dfa512965dc81e51b8bad

SHA1
b6cf86f0fce515aecd423062f53974623aa9cb26

SHA256
19fec671131d874abc1e12fb1b57fff7c4adf9f510dc56373e6f34fc1f4385fc

SHA512
94785504c49e67f237e2b46b03076038473573ae2f5a309df50208ae3371e3e9a4402dd92f0b796f2ee993265a7e2ade6c2d25b2ee9d28fd99e5742638ec4514

Download Submit
C:\Windows\System\pVsPrNh.exe

Filesize
1.6MB

MD5
e956c7eecc8aeec86e3e7d3263a9ab70

SHA1
4542012f7477ff57c920a8d5cb96329cfe66b223

SHA256
fe50d116d7dfdd6549784a325f593cd1ea8008f22633b78148cc49792151df6f

SHA512
ba6fede0a8fcf12306acbb2dd43767e3c32404fd194136b838f17c68d10ae637a754f8f1697a6c5aecbabf22ce2850c8d810c88993f386c115c944c54fb17990

Download Submit
C:\Windows\System\tHGGejB.exe

Filesize
1.6MB

MD5
15b219da2ecc5fe3b7af6c6d040af417

SHA1
d099649104c5e4ab800dd6468c2d53a1eea9da57

SHA256
6f2439b8d47d02bb6c255ba18384addeaac1b3fbfe887b48cf1cdbced505486c

SHA512
ad026b10078b48e8d075d21c314c955d2b67f94d38ca819f0dbe70592654e0f155b034f2d1fa380ae72406bd28f3678ba8cc26526fca1bb838a3e257f592ae5f

Download Submit
C:\Windows\System\uIdrjbN.exe

Filesize
1.6MB

MD5
67563962b9150e13fc723fac3a420cf9

SHA1
9c9423e134a73e553d2d0be7d8d1b6c1a5e47aba

SHA256
d0a81f05c8a700818094f88dda44cc76a95b5a0845eaf7ff824de41b74cb6c6c

SHA512
a1dec7f4b1fb68ea1e2968602f6d4719ec81b26d1ef94a729b74da5cfae9fa90ae9da144f9db96e099795ddf07f06850920f4cc2c1d33c05ea279e82d49981c8

Download Submit
C:\Windows\System\xgPZwnV.exe

Filesize
1.6MB

MD5
4a100b10e43ec79dd599c0f96a10531d

SHA1
7bf68719479c4a4a7a0b5d7b21cba99f6281f25a

SHA256
fd1fb23d677d58a8abc2074690d5a2dcbcbfbb046e1fc6150baf6a1085497f8d

SHA512
43e05f4603c9c8170c7595c0c00c76ba0671c73491aebef304f06f9fdf3c8075eb1a2269a767a7e7801da95dbe37e70201c96c1cf7d507f433bf5e5e07014216

Download Submit
C:\Windows\System\xuAqkCz.exe

Filesize
1.6MB

MD5
e4f7f234d935b3cee5e2836d927efe04

SHA1
906f1344a5f5478f11de120a1a6577b036d2bda1

SHA256
f8c17fe9e54571b5cb06ab0e2b3a2d72e29a32854c33f51f1e56f4193be6e8da

SHA512
ae47f6ae749032937c45c4ee30657c98bcdfe4e873fbb90ccac6768cf1618b7fbf0e389bb6e3fe93d2a2ba72426263db73a369a27d17c9e690ed6717264aa944

Download Submit
C:\Windows\System\zQcgIfp.exe

Filesize
1.6MB

MD5
df9b7c1a8564c223401370868a6aa4a9

SHA1
2f6fde48b65e70cb7323ccfae24347aca22c62c2

SHA256
d4c16b1b71f2236343ba316a456778c06fdb33c13b56137d8146dd762222570f

SHA512
a171197dab87450a98a4aa4f116ae47d7bd7eaeb50cba1dec1bddff8d375a99f1083a312a5eb7bac4bf59283fb27ec7ded5c726d1ef0c7302f924fa1ec5a0b2c

Download Submit
memory/3148-0-0x000001F56FA80000-0x000001F56FA90000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads