xmrig | 79fa05292fb268e161c47052d35c756f52922791d1fc60c2954c865b2df871be

Analysis

max time kernel
127s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 08:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
Size

1.9MB
MD5

44ac091ee5d8a08b0883336941d179f0
SHA1

8f07af82e48e03fa7473e547da3110cc9dca1d6e
SHA256

79fa05292fb268e161c47052d35c756f52922791d1fc60c2954c865b2df871be
SHA512

d72b0e239d92c708baac4352d04abec6f2e241e6ab0cde884aa891b03469dff37786638f8574b2a800676400bf7c709a5c07009f31719c54a42f243f7db4bf6c
SSDEEP

49152:ROdWCCi7/raU56uL3pgrCEd2hXcfFfikz2i:RWWBib356utgP

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/532-19-0x00007FF689A20000-0x00007FF689D71000-memory.dmp	xmrig
behavioral2/memory/3860-91-0x00007FF692B50000-0x00007FF692EA1000-memory.dmp	xmrig
behavioral2/memory/4428-105-0x00007FF6F3230000-0x00007FF6F3581000-memory.dmp	xmrig
behavioral2/memory/2504-191-0x00007FF68ED40000-0x00007FF68F091000-memory.dmp	xmrig
behavioral2/memory/1644-190-0x00007FF761F40000-0x00007FF762291000-memory.dmp	xmrig
behavioral2/memory/4988-189-0x00007FF776E10000-0x00007FF777161000-memory.dmp	xmrig
behavioral2/memory/4372-188-0x00007FF681980000-0x00007FF681CD1000-memory.dmp	xmrig
behavioral2/memory/5116-182-0x00007FF6785C0000-0x00007FF678911000-memory.dmp	xmrig
behavioral2/memory/2568-180-0x00007FF6F89B0000-0x00007FF6F8D01000-memory.dmp	xmrig
behavioral2/memory/2400-167-0x00007FF7696F0000-0x00007FF769A41000-memory.dmp	xmrig
behavioral2/memory/2072-118-0x00007FF6AAB50000-0x00007FF6AAEA1000-memory.dmp	xmrig
behavioral2/memory/3168-117-0x00007FF63F1A0000-0x00007FF63F4F1000-memory.dmp	xmrig
behavioral2/memory/5072-111-0x00007FF7769E0000-0x00007FF776D31000-memory.dmp	xmrig
behavioral2/memory/1008-99-0x00007FF7602B0000-0x00007FF760601000-memory.dmp	xmrig
behavioral2/memory/1624-98-0x00007FF7AB610000-0x00007FF7AB961000-memory.dmp	xmrig
behavioral2/memory/1608-92-0x00007FF79C210000-0x00007FF79C561000-memory.dmp	xmrig
behavioral2/memory/1772-85-0x00007FF6ABA40000-0x00007FF6ABD91000-memory.dmp	xmrig
behavioral2/memory/1880-73-0x00007FF75D0B0000-0x00007FF75D401000-memory.dmp	xmrig
behavioral2/memory/2568-22-0x00007FF6F89B0000-0x00007FF6F8D01000-memory.dmp	xmrig
behavioral2/memory/4184-1362-0x00007FF6D5830000-0x00007FF6D5B81000-memory.dmp	xmrig
behavioral2/memory/4596-2275-0x00007FF62DC10000-0x00007FF62DF61000-memory.dmp	xmrig
behavioral2/memory/2532-2274-0x00007FF636CB0000-0x00007FF637001000-memory.dmp	xmrig
behavioral2/memory/4624-2276-0x00007FF788CC0000-0x00007FF789011000-memory.dmp	xmrig
behavioral2/memory/3644-2277-0x00007FF7C2350000-0x00007FF7C26A1000-memory.dmp	xmrig
behavioral2/memory/1868-2310-0x00007FF790600000-0x00007FF790951000-memory.dmp	xmrig
behavioral2/memory/4040-2311-0x00007FF78AE20000-0x00007FF78B171000-memory.dmp	xmrig
behavioral2/memory/908-2312-0x00007FF6C6CD0000-0x00007FF6C7021000-memory.dmp	xmrig
behavioral2/memory/1768-2316-0x00007FF741D30000-0x00007FF742081000-memory.dmp	xmrig
behavioral2/memory/532-2319-0x00007FF689A20000-0x00007FF689D71000-memory.dmp	xmrig
behavioral2/memory/2568-2321-0x00007FF6F89B0000-0x00007FF6F8D01000-memory.dmp	xmrig
behavioral2/memory/5116-2323-0x00007FF6785C0000-0x00007FF678911000-memory.dmp	xmrig
behavioral2/memory/1772-2325-0x00007FF6ABA40000-0x00007FF6ABD91000-memory.dmp	xmrig
behavioral2/memory/3860-2329-0x00007FF692B50000-0x00007FF692EA1000-memory.dmp	xmrig
behavioral2/memory/4372-2327-0x00007FF681980000-0x00007FF681CD1000-memory.dmp	xmrig
behavioral2/memory/4184-2331-0x00007FF6D5830000-0x00007FF6D5B81000-memory.dmp	xmrig
behavioral2/memory/1608-2333-0x00007FF79C210000-0x00007FF79C561000-memory.dmp	xmrig
behavioral2/memory/2504-2343-0x00007FF68ED40000-0x00007FF68F091000-memory.dmp	xmrig
behavioral2/memory/1624-2341-0x00007FF7AB610000-0x00007FF7AB961000-memory.dmp	xmrig
behavioral2/memory/1644-2339-0x00007FF761F40000-0x00007FF762291000-memory.dmp	xmrig
behavioral2/memory/1880-2337-0x00007FF75D0B0000-0x00007FF75D401000-memory.dmp	xmrig
behavioral2/memory/4988-2335-0x00007FF776E10000-0x00007FF777161000-memory.dmp	xmrig
behavioral2/memory/2532-2349-0x00007FF636CB0000-0x00007FF637001000-memory.dmp	xmrig
behavioral2/memory/1176-2359-0x00007FF619380000-0x00007FF6196D1000-memory.dmp	xmrig
behavioral2/memory/4596-2357-0x00007FF62DC10000-0x00007FF62DF61000-memory.dmp	xmrig
behavioral2/memory/4624-2361-0x00007FF788CC0000-0x00007FF789011000-memory.dmp	xmrig
behavioral2/memory/4428-2355-0x00007FF6F3230000-0x00007FF6F3581000-memory.dmp	xmrig
behavioral2/memory/5072-2354-0x00007FF7769E0000-0x00007FF776D31000-memory.dmp	xmrig
behavioral2/memory/2072-2347-0x00007FF6AAB50000-0x00007FF6AAEA1000-memory.dmp	xmrig
behavioral2/memory/1008-2345-0x00007FF7602B0000-0x00007FF760601000-memory.dmp	xmrig
behavioral2/memory/3168-2351-0x00007FF63F1A0000-0x00007FF63F4F1000-memory.dmp	xmrig
behavioral2/memory/4764-2374-0x00007FF6167E0000-0x00007FF616B31000-memory.dmp	xmrig
behavioral2/memory/4040-2389-0x00007FF78AE20000-0x00007FF78B171000-memory.dmp	xmrig
behavioral2/memory/908-2378-0x00007FF6C6CD0000-0x00007FF6C7021000-memory.dmp	xmrig
behavioral2/memory/1768-2376-0x00007FF741D30000-0x00007FF742081000-memory.dmp	xmrig
behavioral2/memory/1060-2372-0x00007FF756D90000-0x00007FF7570E1000-memory.dmp	xmrig
behavioral2/memory/1868-2370-0x00007FF790600000-0x00007FF790951000-memory.dmp	xmrig
behavioral2/memory/3644-2363-0x00007FF7C2350000-0x00007FF7C26A1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
532	FkwAslK.exe
5116	upHpwlX.exe
2568	DvuUYNP.exe
1772	wbzCZGi.exe
4372	tvfALHm.exe
4184	pqrtaEe.exe
3860	LAGvGyX.exe
4988	MULAynb.exe
1608	RLXuwNj.exe
1644	yqslyBy.exe
1880	kDBakPJ.exe
1624	evEzjGi.exe
2504	DJtcSaG.exe
1008	OXNsWeW.exe
4428	ZwOYHhI.exe
5072	gWQdCMM.exe
3168	caVcYOH.exe
2072	LbRupIy.exe
2532	HdHywkh.exe
4596	WbZxJqQ.exe
1176	zqWcWlS.exe
4624	TgTUkjl.exe
3644	PJjpSWR.exe
1868	xOzXuHI.exe
4040	HIcfapk.exe
908	ETYNcor.exe
1768	jpspeaL.exe
4764	PxmHnuu.exe
1060	DuVDlpJ.exe
884	kvidWkW.exe
5076	FKOIiLI.exe
5048	cQGDIEh.exe
3328	mvkkqJS.exe
3572	OgUzBpc.exe
644	HcIOGwq.exe
540	lBPgKiy.exe
64	pangOpN.exe
4912	IFueebE.exe
2116	ZLbExrb.exe
4072	zzfIJAF.exe
880	ilasoVO.exe
4000	eYXdIbZ.exe
4524	DaRflii.exe
4972	qDTyPgo.exe
2284	uVTKsPU.exe
3428	zkdupBH.exe
3308	JvYsZfL.exe
4360	uUKSIaA.exe
1952	NFyaJTt.exe
1848	YDnpfic.exe
1696	pQHGDtX.exe
1788	wOihtft.exe
1604	HyFsrpP.exe
3648	qTWXaMo.exe
1408	brSAepl.exe
3448	KFclOWb.exe
956	xkdZsQn.exe
4536	gQttvfY.exe
3116	FNynTqi.exe
1628	rwTKCgB.exe
3184	NWMqbYT.exe
2280	HNWxacv.exe
2096	RZlmTqJ.exe
1280	zqmcAwc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2400-0-0x00007FF7696F0000-0x00007FF769A41000-memory.dmp	upx
behavioral2/files/0x0007000000023429-8.dat	upx
behavioral2/memory/532-19-0x00007FF689A20000-0x00007FF689D71000-memory.dmp	upx
behavioral2/files/0x000700000002342c-26.dat	upx
behavioral2/files/0x000700000002342e-34.dat	upx
behavioral2/files/0x000700000002342d-45.dat	upx
behavioral2/files/0x000700000002342f-56.dat	upx
behavioral2/files/0x0007000000023432-62.dat	upx
behavioral2/files/0x0007000000023433-70.dat	upx
behavioral2/files/0x0007000000023434-76.dat	upx
behavioral2/files/0x0007000000023435-82.dat	upx
behavioral2/memory/3860-91-0x00007FF692B50000-0x00007FF692EA1000-memory.dmp	upx
behavioral2/memory/4428-105-0x00007FF6F3230000-0x00007FF6F3581000-memory.dmp	upx
behavioral2/files/0x000700000002343a-125.dat	upx
behavioral2/memory/1176-136-0x00007FF619380000-0x00007FF6196D1000-memory.dmp	upx
behavioral2/files/0x000700000002343f-146.dat	upx
behavioral2/files/0x0007000000023443-171.dat	upx
behavioral2/files/0x0007000000023445-185.dat	upx
behavioral2/files/0x0007000000023447-199.dat	upx
behavioral2/files/0x0007000000023446-194.dat	upx
behavioral2/files/0x0007000000023444-192.dat	upx
behavioral2/memory/2504-191-0x00007FF68ED40000-0x00007FF68F091000-memory.dmp	upx
behavioral2/memory/1644-190-0x00007FF761F40000-0x00007FF762291000-memory.dmp	upx
behavioral2/memory/4988-189-0x00007FF776E10000-0x00007FF777161000-memory.dmp	upx
behavioral2/memory/4372-188-0x00007FF681980000-0x00007FF681CD1000-memory.dmp	upx
behavioral2/memory/5116-182-0x00007FF6785C0000-0x00007FF678911000-memory.dmp	upx
behavioral2/memory/1060-181-0x00007FF756D90000-0x00007FF7570E1000-memory.dmp	upx
behavioral2/memory/2568-180-0x00007FF6F89B0000-0x00007FF6F8D01000-memory.dmp	upx
behavioral2/files/0x0007000000023442-175.dat	upx
behavioral2/memory/4764-174-0x00007FF6167E0000-0x00007FF616B31000-memory.dmp	upx
behavioral2/files/0x0007000000023441-169.dat	upx
behavioral2/memory/1768-168-0x00007FF741D30000-0x00007FF742081000-memory.dmp	upx
behavioral2/memory/2400-167-0x00007FF7696F0000-0x00007FF769A41000-memory.dmp	upx
behavioral2/files/0x0007000000023440-162.dat	upx
behavioral2/memory/908-161-0x00007FF6C6CD0000-0x00007FF6C7021000-memory.dmp	upx
behavioral2/memory/4040-155-0x00007FF78AE20000-0x00007FF78B171000-memory.dmp	upx
behavioral2/files/0x000700000002343e-150.dat	upx
behavioral2/memory/1868-149-0x00007FF790600000-0x00007FF790951000-memory.dmp	upx
behavioral2/files/0x000700000002343d-144.dat	upx
behavioral2/memory/3644-143-0x00007FF7C2350000-0x00007FF7C26A1000-memory.dmp	upx
behavioral2/files/0x000700000002343c-138.dat	upx
behavioral2/memory/4624-137-0x00007FF788CC0000-0x00007FF789011000-memory.dmp	upx
behavioral2/files/0x000700000002343b-131.dat	upx
behavioral2/memory/4596-130-0x00007FF62DC10000-0x00007FF62DF61000-memory.dmp	upx
behavioral2/memory/2532-124-0x00007FF636CB0000-0x00007FF637001000-memory.dmp	upx
behavioral2/files/0x0007000000023439-119.dat	upx
behavioral2/memory/2072-118-0x00007FF6AAB50000-0x00007FF6AAEA1000-memory.dmp	upx
behavioral2/memory/3168-117-0x00007FF63F1A0000-0x00007FF63F4F1000-memory.dmp	upx
behavioral2/files/0x0007000000023438-112.dat	upx
behavioral2/memory/5072-111-0x00007FF7769E0000-0x00007FF776D31000-memory.dmp	upx
behavioral2/files/0x0007000000023437-106.dat	upx
behavioral2/files/0x0007000000023436-100.dat	upx
behavioral2/memory/1008-99-0x00007FF7602B0000-0x00007FF760601000-memory.dmp	upx
behavioral2/memory/1624-98-0x00007FF7AB610000-0x00007FF7AB961000-memory.dmp	upx
behavioral2/memory/1608-92-0x00007FF79C210000-0x00007FF79C561000-memory.dmp	upx
behavioral2/memory/1772-85-0x00007FF6ABA40000-0x00007FF6ABD91000-memory.dmp	upx
behavioral2/memory/2504-79-0x00007FF68ED40000-0x00007FF68F091000-memory.dmp	upx
behavioral2/memory/1880-73-0x00007FF75D0B0000-0x00007FF75D401000-memory.dmp	upx
behavioral2/memory/1644-68-0x00007FF761F40000-0x00007FF762291000-memory.dmp	upx
behavioral2/files/0x0007000000023431-67.dat	upx
behavioral2/files/0x0007000000023430-65.dat	upx
behavioral2/memory/4988-58-0x00007FF776E10000-0x00007FF777161000-memory.dmp	upx
behavioral2/memory/4184-47-0x00007FF6D5830000-0x00007FF6D5B81000-memory.dmp	upx
behavioral2/memory/4372-43-0x00007FF681980000-0x00007FF681CD1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VsacxST.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\RsCQAEX.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\lrIDELw.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\bsESJvg.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\pehGIqc.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\JgXbxZI.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\OgUzBpc.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\zqmcAwc.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\UyFSdMh.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\UavYaIh.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\jWewifZ.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\NoGnJZp.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\yBsVpwX.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\mnrEUtr.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\rTZKTWW.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZBRWsUj.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\UJimPre.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\xmdBHwu.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZmVVAjQ.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\nxfZJcw.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\mezuxuy.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\UacYLKu.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\qOyXyge.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\LOUpXdY.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\BOHFCyv.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\sjWOetJ.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\OXyRrvc.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\HHOTEfU.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\GZPtyZG.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\NtSulYZ.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\YYHYaxr.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\ASfCrsU.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\xkdZsQn.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\FlnfnSM.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\uzOJcas.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\tdHQpCX.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\mSFyopL.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\HcIOGwq.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\pZTSbzF.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\dZskLbb.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\EQeoTSH.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\qhQgkqQ.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\VwfYkMd.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\kIGlTQw.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\LSkUoTY.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\XIRJTfz.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZfqBipv.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\FxyIXlp.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\yUMmDgd.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\XeavtaY.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\QBGaMQb.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\ClAOhkH.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\OZFStwp.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\cSDpSvO.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\yEnBoOh.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\XEJtAPH.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\SWEBvXk.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\YrykLTR.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\DvuUYNP.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\rRUzPsK.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\TNawQbC.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\WcyZjJu.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\GAazUwB.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
File created	C:\Windows\System\fXmEhSD.exe	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14772	dwm.exe
Token: SeChangeNotifyPrivilege	14772	dwm.exe
Token: 33	14772	dwm.exe
Token: SeIncBasePriorityPrivilege	14772	dwm.exe
Token: SeShutdownPrivilege	14772	dwm.exe
Token: SeCreatePagefilePrivilege	14772	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 532	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	83
PID 2400 wrote to memory of 532	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	83
PID 2400 wrote to memory of 5116	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	84
PID 2400 wrote to memory of 5116	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	84
PID 2400 wrote to memory of 2568	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	85
PID 2400 wrote to memory of 2568	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	85
PID 2400 wrote to memory of 1772	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	86
PID 2400 wrote to memory of 1772	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	86
PID 2400 wrote to memory of 4372	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	87
PID 2400 wrote to memory of 4372	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	87
PID 2400 wrote to memory of 4184	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	88
PID 2400 wrote to memory of 4184	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	88
PID 2400 wrote to memory of 3860	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	89
PID 2400 wrote to memory of 3860	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	89
PID 2400 wrote to memory of 4988	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	90
PID 2400 wrote to memory of 4988	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	90
PID 2400 wrote to memory of 1608	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	91
PID 2400 wrote to memory of 1608	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	91
PID 2400 wrote to memory of 1644	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	92
PID 2400 wrote to memory of 1644	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	92
PID 2400 wrote to memory of 1880	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	93
PID 2400 wrote to memory of 1880	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	93
PID 2400 wrote to memory of 1624	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	94
PID 2400 wrote to memory of 1624	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	94
PID 2400 wrote to memory of 2504	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	95
PID 2400 wrote to memory of 2504	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	95
PID 2400 wrote to memory of 1008	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	96
PID 2400 wrote to memory of 1008	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	96
PID 2400 wrote to memory of 4428	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	97
PID 2400 wrote to memory of 4428	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	97
PID 2400 wrote to memory of 5072	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	98
PID 2400 wrote to memory of 5072	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	98
PID 2400 wrote to memory of 3168	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	99
PID 2400 wrote to memory of 3168	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	99
PID 2400 wrote to memory of 2072	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	100
PID 2400 wrote to memory of 2072	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	100
PID 2400 wrote to memory of 2532	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	101
PID 2400 wrote to memory of 2532	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	101
PID 2400 wrote to memory of 4596	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	102
PID 2400 wrote to memory of 4596	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	102
PID 2400 wrote to memory of 1176	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	103
PID 2400 wrote to memory of 1176	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	103
PID 2400 wrote to memory of 4624	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	104
PID 2400 wrote to memory of 4624	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	104
PID 2400 wrote to memory of 3644	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	105
PID 2400 wrote to memory of 3644	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	105
PID 2400 wrote to memory of 1868	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	106
PID 2400 wrote to memory of 1868	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	106
PID 2400 wrote to memory of 4040	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	107
PID 2400 wrote to memory of 4040	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	107
PID 2400 wrote to memory of 908	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	108
PID 2400 wrote to memory of 908	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	108
PID 2400 wrote to memory of 1768	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	109
PID 2400 wrote to memory of 1768	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	109
PID 2400 wrote to memory of 4764	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	110
PID 2400 wrote to memory of 4764	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	110
PID 2400 wrote to memory of 1060	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	111
PID 2400 wrote to memory of 1060	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	111
PID 2400 wrote to memory of 884	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	112
PID 2400 wrote to memory of 884	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	112
PID 2400 wrote to memory of 5076	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	113
PID 2400 wrote to memory of 5076	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	113
PID 2400 wrote to memory of 5048	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	114
PID 2400 wrote to memory of 5048	2400	44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\44ac091ee5d8a08b0883336941d179f0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\System\FkwAslK.exe
  C:\Windows\System\FkwAslK.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\upHpwlX.exe
  C:\Windows\System\upHpwlX.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\DvuUYNP.exe
  C:\Windows\System\DvuUYNP.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\wbzCZGi.exe
  C:\Windows\System\wbzCZGi.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\tvfALHm.exe
  C:\Windows\System\tvfALHm.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\pqrtaEe.exe
  C:\Windows\System\pqrtaEe.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\LAGvGyX.exe
  C:\Windows\System\LAGvGyX.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\MULAynb.exe
  C:\Windows\System\MULAynb.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\RLXuwNj.exe
  C:\Windows\System\RLXuwNj.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\yqslyBy.exe
  C:\Windows\System\yqslyBy.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\kDBakPJ.exe
  C:\Windows\System\kDBakPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\evEzjGi.exe
  C:\Windows\System\evEzjGi.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\DJtcSaG.exe
  C:\Windows\System\DJtcSaG.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\OXNsWeW.exe
  C:\Windows\System\OXNsWeW.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\ZwOYHhI.exe
  C:\Windows\System\ZwOYHhI.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\gWQdCMM.exe
  C:\Windows\System\gWQdCMM.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\caVcYOH.exe
  C:\Windows\System\caVcYOH.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\LbRupIy.exe
  C:\Windows\System\LbRupIy.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\HdHywkh.exe
  C:\Windows\System\HdHywkh.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\WbZxJqQ.exe
  C:\Windows\System\WbZxJqQ.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\zqWcWlS.exe
  C:\Windows\System\zqWcWlS.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\TgTUkjl.exe
  C:\Windows\System\TgTUkjl.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\PJjpSWR.exe
  C:\Windows\System\PJjpSWR.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\xOzXuHI.exe
  C:\Windows\System\xOzXuHI.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\HIcfapk.exe
  C:\Windows\System\HIcfapk.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\ETYNcor.exe
  C:\Windows\System\ETYNcor.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\jpspeaL.exe
  C:\Windows\System\jpspeaL.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\PxmHnuu.exe
  C:\Windows\System\PxmHnuu.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\DuVDlpJ.exe
  C:\Windows\System\DuVDlpJ.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\kvidWkW.exe
  C:\Windows\System\kvidWkW.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\FKOIiLI.exe
  C:\Windows\System\FKOIiLI.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\cQGDIEh.exe
  C:\Windows\System\cQGDIEh.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\mvkkqJS.exe
  C:\Windows\System\mvkkqJS.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\OgUzBpc.exe
  C:\Windows\System\OgUzBpc.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\HcIOGwq.exe
  C:\Windows\System\HcIOGwq.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\lBPgKiy.exe
  C:\Windows\System\lBPgKiy.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\pangOpN.exe
  C:\Windows\System\pangOpN.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\IFueebE.exe
  C:\Windows\System\IFueebE.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\ZLbExrb.exe
  C:\Windows\System\ZLbExrb.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\zzfIJAF.exe
  C:\Windows\System\zzfIJAF.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\ilasoVO.exe
  C:\Windows\System\ilasoVO.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\eYXdIbZ.exe
  C:\Windows\System\eYXdIbZ.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\DaRflii.exe
  C:\Windows\System\DaRflii.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\qDTyPgo.exe
  C:\Windows\System\qDTyPgo.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\uVTKsPU.exe
  C:\Windows\System\uVTKsPU.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\zkdupBH.exe
  C:\Windows\System\zkdupBH.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\JvYsZfL.exe
  C:\Windows\System\JvYsZfL.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\uUKSIaA.exe
  C:\Windows\System\uUKSIaA.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\NFyaJTt.exe
  C:\Windows\System\NFyaJTt.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\YDnpfic.exe
  C:\Windows\System\YDnpfic.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\pQHGDtX.exe
  C:\Windows\System\pQHGDtX.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\wOihtft.exe
  C:\Windows\System\wOihtft.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\HyFsrpP.exe
  C:\Windows\System\HyFsrpP.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\qTWXaMo.exe
  C:\Windows\System\qTWXaMo.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\brSAepl.exe
  C:\Windows\System\brSAepl.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\KFclOWb.exe
  C:\Windows\System\KFclOWb.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\xkdZsQn.exe
  C:\Windows\System\xkdZsQn.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\gQttvfY.exe
  C:\Windows\System\gQttvfY.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\FNynTqi.exe
  C:\Windows\System\FNynTqi.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\rwTKCgB.exe
  C:\Windows\System\rwTKCgB.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\NWMqbYT.exe
  C:\Windows\System\NWMqbYT.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\HNWxacv.exe
  C:\Windows\System\HNWxacv.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\RZlmTqJ.exe
  C:\Windows\System\RZlmTqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\zqmcAwc.exe
  C:\Windows\System\zqmcAwc.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\sjWOetJ.exe
  C:\Windows\System\sjWOetJ.exe
  2⤵
  PID:2800
- C:\Windows\System\ilgIoXg.exe
  C:\Windows\System\ilgIoXg.exe
  2⤵
  PID:3988
- C:\Windows\System\cJyoCgp.exe
  C:\Windows\System\cJyoCgp.exe
  2⤵
  PID:4632
- C:\Windows\System\HUgWYFg.exe
  C:\Windows\System\HUgWYFg.exe
  2⤵
  PID:3592
- C:\Windows\System\JzdfKLy.exe
  C:\Windows\System\JzdfKLy.exe
  2⤵
  PID:1796
- C:\Windows\System\ENAIcSB.exe
  C:\Windows\System\ENAIcSB.exe
  2⤵
  PID:4756
- C:\Windows\System\wwlwgKN.exe
  C:\Windows\System\wwlwgKN.exe
  2⤵
  PID:1324
- C:\Windows\System\ZucudAz.exe
  C:\Windows\System\ZucudAz.exe
  2⤵
  PID:4856
- C:\Windows\System\moKbGQc.exe
  C:\Windows\System\moKbGQc.exe
  2⤵
  PID:5124
- C:\Windows\System\eqeaNbo.exe
  C:\Windows\System\eqeaNbo.exe
  2⤵
  PID:5152
- C:\Windows\System\XUDTyqi.exe
  C:\Windows\System\XUDTyqi.exe
  2⤵
  PID:5180
- C:\Windows\System\NzjskEL.exe
  C:\Windows\System\NzjskEL.exe
  2⤵
  PID:5208
- C:\Windows\System\EkAnAug.exe
  C:\Windows\System\EkAnAug.exe
  2⤵
  PID:5236
- C:\Windows\System\OwclDbk.exe
  C:\Windows\System\OwclDbk.exe
  2⤵
  PID:5264
- C:\Windows\System\FlnfnSM.exe
  C:\Windows\System\FlnfnSM.exe
  2⤵
  PID:5296
- C:\Windows\System\EdNHyXF.exe
  C:\Windows\System\EdNHyXF.exe
  2⤵
  PID:5320
- C:\Windows\System\tyfnpeD.exe
  C:\Windows\System\tyfnpeD.exe
  2⤵
  PID:5348
- C:\Windows\System\WHKRpcc.exe
  C:\Windows\System\WHKRpcc.exe
  2⤵
  PID:5376
- C:\Windows\System\UJJQHfa.exe
  C:\Windows\System\UJJQHfa.exe
  2⤵
  PID:5404
- C:\Windows\System\BQfBZeY.exe
  C:\Windows\System\BQfBZeY.exe
  2⤵
  PID:5432
- C:\Windows\System\pZTSbzF.exe
  C:\Windows\System\pZTSbzF.exe
  2⤵
  PID:5460
- C:\Windows\System\cRyckJk.exe
  C:\Windows\System\cRyckJk.exe
  2⤵
  PID:5488
- C:\Windows\System\qvpZnzg.exe
  C:\Windows\System\qvpZnzg.exe
  2⤵
  PID:5516
- C:\Windows\System\kXTOoqt.exe
  C:\Windows\System\kXTOoqt.exe
  2⤵
  PID:5544
- C:\Windows\System\vnzqzup.exe
  C:\Windows\System\vnzqzup.exe
  2⤵
  PID:5572
- C:\Windows\System\wAgvjqT.exe
  C:\Windows\System\wAgvjqT.exe
  2⤵
  PID:5596
- C:\Windows\System\VEnccQi.exe
  C:\Windows\System\VEnccQi.exe
  2⤵
  PID:5624
- C:\Windows\System\VfefjRz.exe
  C:\Windows\System\VfefjRz.exe
  2⤵
  PID:5652
- C:\Windows\System\vIommbn.exe
  C:\Windows\System\vIommbn.exe
  2⤵
  PID:5680
- C:\Windows\System\PiqQKqN.exe
  C:\Windows\System\PiqQKqN.exe
  2⤵
  PID:5712
- C:\Windows\System\jUyclJF.exe
  C:\Windows\System\jUyclJF.exe
  2⤵
  PID:5740
- C:\Windows\System\CiNYagK.exe
  C:\Windows\System\CiNYagK.exe
  2⤵
  PID:5768
- C:\Windows\System\HPbUHHg.exe
  C:\Windows\System\HPbUHHg.exe
  2⤵
  PID:5792
- C:\Windows\System\FOztGuY.exe
  C:\Windows\System\FOztGuY.exe
  2⤵
  PID:5820
- C:\Windows\System\bVixkec.exe
  C:\Windows\System\bVixkec.exe
  2⤵
  PID:5852
- C:\Windows\System\TIFFAHW.exe
  C:\Windows\System\TIFFAHW.exe
  2⤵
  PID:5880
- C:\Windows\System\CuczHPC.exe
  C:\Windows\System\CuczHPC.exe
  2⤵
  PID:5908
- C:\Windows\System\ltfebIN.exe
  C:\Windows\System\ltfebIN.exe
  2⤵
  PID:5936
- C:\Windows\System\quAxMTd.exe
  C:\Windows\System\quAxMTd.exe
  2⤵
  PID:5964
- C:\Windows\System\fOdNkbY.exe
  C:\Windows\System\fOdNkbY.exe
  2⤵
  PID:5992
- C:\Windows\System\rRUzPsK.exe
  C:\Windows\System\rRUzPsK.exe
  2⤵
  PID:6020
- C:\Windows\System\IUhDRXT.exe
  C:\Windows\System\IUhDRXT.exe
  2⤵
  PID:6048
- C:\Windows\System\fMDFZnU.exe
  C:\Windows\System\fMDFZnU.exe
  2⤵
  PID:6076
- C:\Windows\System\NiFXxek.exe
  C:\Windows\System\NiFXxek.exe
  2⤵
  PID:6100
- C:\Windows\System\aOAAePU.exe
  C:\Windows\System\aOAAePU.exe
  2⤵
  PID:6132
- C:\Windows\System\TIrtXiG.exe
  C:\Windows\System\TIrtXiG.exe
  2⤵
  PID:1492
- C:\Windows\System\TNawQbC.exe
  C:\Windows\System\TNawQbC.exe
  2⤵
  PID:4088
- C:\Windows\System\UTTYziS.exe
  C:\Windows\System\UTTYziS.exe
  2⤵
  PID:5108
- C:\Windows\System\VKkzEJC.exe
  C:\Windows\System\VKkzEJC.exe
  2⤵
  PID:3800
- C:\Windows\System\mhSXLpA.exe
  C:\Windows\System\mhSXLpA.exe
  2⤵
  PID:1028
- C:\Windows\System\CXPbusD.exe
  C:\Windows\System\CXPbusD.exe
  2⤵
  PID:2804
- C:\Windows\System\CwhmsKj.exe
  C:\Windows\System\CwhmsKj.exe
  2⤵
  PID:5172
- C:\Windows\System\atVfGEI.exe
  C:\Windows\System\atVfGEI.exe
  2⤵
  PID:5248
- C:\Windows\System\qFzFqsV.exe
  C:\Windows\System\qFzFqsV.exe
  2⤵
  PID:5312
- C:\Windows\System\jVQkYqD.exe
  C:\Windows\System\jVQkYqD.exe
  2⤵
  PID:5368
- C:\Windows\System\QBGaMQb.exe
  C:\Windows\System\QBGaMQb.exe
  2⤵
  PID:5444
- C:\Windows\System\JXjXjBc.exe
  C:\Windows\System\JXjXjBc.exe
  2⤵
  PID:5504
- C:\Windows\System\EhoQxmo.exe
  C:\Windows\System\EhoQxmo.exe
  2⤵
  PID:5564
- C:\Windows\System\IXBOPRq.exe
  C:\Windows\System\IXBOPRq.exe
  2⤵
  PID:5640
- C:\Windows\System\xVZGnnG.exe
  C:\Windows\System\xVZGnnG.exe
  2⤵
  PID:5700
- C:\Windows\System\QXFHguk.exe
  C:\Windows\System\QXFHguk.exe
  2⤵
  PID:5760
- C:\Windows\System\SPdzrWa.exe
  C:\Windows\System\SPdzrWa.exe
  2⤵
  PID:3876
- C:\Windows\System\mwSIsiD.exe
  C:\Windows\System\mwSIsiD.exe
  2⤵
  PID:5872
- C:\Windows\System\yAOiVxF.exe
  C:\Windows\System\yAOiVxF.exe
  2⤵
  PID:5928
- C:\Windows\System\IAKuSZR.exe
  C:\Windows\System\IAKuSZR.exe
  2⤵
  PID:6004
- C:\Windows\System\RBpsGGr.exe
  C:\Windows\System\RBpsGGr.exe
  2⤵
  PID:6064
- C:\Windows\System\bzOeABp.exe
  C:\Windows\System\bzOeABp.exe
  2⤵
  PID:6124
- C:\Windows\System\LQDFCLG.exe
  C:\Windows\System\LQDFCLG.exe
  2⤵
  PID:1992
- C:\Windows\System\EYSipKo.exe
  C:\Windows\System\EYSipKo.exe
  2⤵
  PID:4720
- C:\Windows\System\jeKWgYk.exe
  C:\Windows\System\jeKWgYk.exe
  2⤵
  PID:3588
- C:\Windows\System\MjhhgKH.exe
  C:\Windows\System\MjhhgKH.exe
  2⤵
  PID:5204
- C:\Windows\System\cEcqged.exe
  C:\Windows\System\cEcqged.exe
  2⤵
  PID:5336
- C:\Windows\System\LsuSWIv.exe
  C:\Windows\System\LsuSWIv.exe
  2⤵
  PID:5476
- C:\Windows\System\EKUooYD.exe
  C:\Windows\System\EKUooYD.exe
  2⤵
  PID:1972
- C:\Windows\System\UyFSdMh.exe
  C:\Windows\System\UyFSdMh.exe
  2⤵
  PID:5732
- C:\Windows\System\cQAZnKz.exe
  C:\Windows\System\cQAZnKz.exe
  2⤵
  PID:5900
- C:\Windows\System\HCvEGdv.exe
  C:\Windows\System\HCvEGdv.exe
  2⤵
  PID:4540
- C:\Windows\System\OCiMHsn.exe
  C:\Windows\System\OCiMHsn.exe
  2⤵
  PID:6096
- C:\Windows\System\hcFoZlk.exe
  C:\Windows\System\hcFoZlk.exe
  2⤵
  PID:2580
- C:\Windows\System\zAdKnsX.exe
  C:\Windows\System\zAdKnsX.exe
  2⤵
  PID:6172
- C:\Windows\System\rMaKvuu.exe
  C:\Windows\System\rMaKvuu.exe
  2⤵
  PID:6200
- C:\Windows\System\DDLypqH.exe
  C:\Windows\System\DDLypqH.exe
  2⤵
  PID:6228
- C:\Windows\System\MVvsGsB.exe
  C:\Windows\System\MVvsGsB.exe
  2⤵
  PID:6256
- C:\Windows\System\tPMLzrU.exe
  C:\Windows\System\tPMLzrU.exe
  2⤵
  PID:6284
- C:\Windows\System\xRjZoAr.exe
  C:\Windows\System\xRjZoAr.exe
  2⤵
  PID:6312
- C:\Windows\System\KkYcfja.exe
  C:\Windows\System\KkYcfja.exe
  2⤵
  PID:6340
- C:\Windows\System\WcyZjJu.exe
  C:\Windows\System\WcyZjJu.exe
  2⤵
  PID:6368
- C:\Windows\System\SdHiGHD.exe
  C:\Windows\System\SdHiGHD.exe
  2⤵
  PID:6396
- C:\Windows\System\UdAwHKG.exe
  C:\Windows\System\UdAwHKG.exe
  2⤵
  PID:6424
- C:\Windows\System\elezjCU.exe
  C:\Windows\System\elezjCU.exe
  2⤵
  PID:6452
- C:\Windows\System\aKeIaly.exe
  C:\Windows\System\aKeIaly.exe
  2⤵
  PID:6476
- C:\Windows\System\nznnGQg.exe
  C:\Windows\System\nznnGQg.exe
  2⤵
  PID:6508
- C:\Windows\System\JbvaXcf.exe
  C:\Windows\System\JbvaXcf.exe
  2⤵
  PID:6536
- C:\Windows\System\OEUqNYk.exe
  C:\Windows\System\OEUqNYk.exe
  2⤵
  PID:6564
- C:\Windows\System\ypEsNHB.exe
  C:\Windows\System\ypEsNHB.exe
  2⤵
  PID:6592
- C:\Windows\System\CAQSZbv.exe
  C:\Windows\System\CAQSZbv.exe
  2⤵
  PID:6620
- C:\Windows\System\qJcmPZQ.exe
  C:\Windows\System\qJcmPZQ.exe
  2⤵
  PID:6648
- C:\Windows\System\GAazUwB.exe
  C:\Windows\System\GAazUwB.exe
  2⤵
  PID:6676
- C:\Windows\System\SZQhnhT.exe
  C:\Windows\System\SZQhnhT.exe
  2⤵
  PID:6704
- C:\Windows\System\ZwExprh.exe
  C:\Windows\System\ZwExprh.exe
  2⤵
  PID:6732
- C:\Windows\System\KrywUiR.exe
  C:\Windows\System\KrywUiR.exe
  2⤵
  PID:6760
- C:\Windows\System\rAiKPMl.exe
  C:\Windows\System\rAiKPMl.exe
  2⤵
  PID:6788
- C:\Windows\System\HPXlFrK.exe
  C:\Windows\System\HPXlFrK.exe
  2⤵
  PID:6816
- C:\Windows\System\ZyLznFg.exe
  C:\Windows\System\ZyLznFg.exe
  2⤵
  PID:6844
- C:\Windows\System\ygjGQMR.exe
  C:\Windows\System\ygjGQMR.exe
  2⤵
  PID:6872
- C:\Windows\System\kIGlTQw.exe
  C:\Windows\System\kIGlTQw.exe
  2⤵
  PID:6900
- C:\Windows\System\FpdVxpo.exe
  C:\Windows\System\FpdVxpo.exe
  2⤵
  PID:6928
- C:\Windows\System\gCFPKkU.exe
  C:\Windows\System\gCFPKkU.exe
  2⤵
  PID:6956
- C:\Windows\System\RWNDkgW.exe
  C:\Windows\System\RWNDkgW.exe
  2⤵
  PID:6984
- C:\Windows\System\LSkUoTY.exe
  C:\Windows\System\LSkUoTY.exe
  2⤵
  PID:7012
- C:\Windows\System\KxJjtHM.exe
  C:\Windows\System\KxJjtHM.exe
  2⤵
  PID:7040
- C:\Windows\System\UavYaIh.exe
  C:\Windows\System\UavYaIh.exe
  2⤵
  PID:7068
- C:\Windows\System\phRHCLT.exe
  C:\Windows\System\phRHCLT.exe
  2⤵
  PID:7096
- C:\Windows\System\rfNuMey.exe
  C:\Windows\System\rfNuMey.exe
  2⤵
  PID:7124
- C:\Windows\System\KtXtvgo.exe
  C:\Windows\System\KtXtvgo.exe
  2⤵
  PID:7152
- C:\Windows\System\YQHSeRx.exe
  C:\Windows\System\YQHSeRx.exe
  2⤵
  PID:1900
- C:\Windows\System\QwmnWuC.exe
  C:\Windows\System\QwmnWuC.exe
  2⤵
  PID:5280
- C:\Windows\System\FRZOcgx.exe
  C:\Windows\System\FRZOcgx.exe
  2⤵
  PID:2112
- C:\Windows\System\fdHLBUh.exe
  C:\Windows\System\fdHLBUh.exe
  2⤵
  PID:2224
- C:\Windows\System\VJvMuwk.exe
  C:\Windows\System\VJvMuwk.exe
  2⤵
  PID:6092
- C:\Windows\System\PAexAaB.exe
  C:\Windows\System\PAexAaB.exe
  2⤵
  PID:6184
- C:\Windows\System\cqzQXnu.exe
  C:\Windows\System\cqzQXnu.exe
  2⤵
  PID:4748
- C:\Windows\System\mWQHobP.exe
  C:\Windows\System\mWQHobP.exe
  2⤵
  PID:6276
- C:\Windows\System\MgdVARv.exe
  C:\Windows\System\MgdVARv.exe
  2⤵
  PID:3236
- C:\Windows\System\NfOaieL.exe
  C:\Windows\System\NfOaieL.exe
  2⤵
  PID:6408
- C:\Windows\System\CYVxYsJ.exe
  C:\Windows\System\CYVxYsJ.exe
  2⤵
  PID:6464
- C:\Windows\System\jeEsMzZ.exe
  C:\Windows\System\jeEsMzZ.exe
  2⤵
  PID:2044
- C:\Windows\System\PvtZWNQ.exe
  C:\Windows\System\PvtZWNQ.exe
  2⤵
  PID:6556
- C:\Windows\System\YnwaRcf.exe
  C:\Windows\System\YnwaRcf.exe
  2⤵
  PID:6636
- C:\Windows\System\yBOWQgf.exe
  C:\Windows\System\yBOWQgf.exe
  2⤵
  PID:6688
- C:\Windows\System\RypMjcL.exe
  C:\Windows\System\RypMjcL.exe
  2⤵
  PID:4424
- C:\Windows\System\wxoyOyP.exe
  C:\Windows\System\wxoyOyP.exe
  2⤵
  PID:6780
- C:\Windows\System\xkDvRjT.exe
  C:\Windows\System\xkDvRjT.exe
  2⤵
  PID:6836
- C:\Windows\System\HGBSXDu.exe
  C:\Windows\System\HGBSXDu.exe
  2⤵
  PID:6912
- C:\Windows\System\OXyRrvc.exe
  C:\Windows\System\OXyRrvc.exe
  2⤵
  PID:4788
- C:\Windows\System\mSTqDXR.exe
  C:\Windows\System\mSTqDXR.exe
  2⤵
  PID:6996
- C:\Windows\System\yBsVpwX.exe
  C:\Windows\System\yBsVpwX.exe
  2⤵
  PID:7052
- C:\Windows\System\NWRfxLZ.exe
  C:\Windows\System\NWRfxLZ.exe
  2⤵
  PID:4716
- C:\Windows\System\LHjuwLp.exe
  C:\Windows\System\LHjuwLp.exe
  2⤵
  PID:7144
- C:\Windows\System\ocXlRwC.exe
  C:\Windows\System\ocXlRwC.exe
  2⤵
  PID:5164
- C:\Windows\System\lFSlNhw.exe
  C:\Windows\System\lFSlNhw.exe
  2⤵
  PID:1860
- C:\Windows\System\XfZKdiF.exe
  C:\Windows\System\XfZKdiF.exe
  2⤵
  PID:4048
- C:\Windows\System\DYFxyzY.exe
  C:\Windows\System\DYFxyzY.exe
  2⤵
  PID:3268
- C:\Windows\System\QYtisnT.exe
  C:\Windows\System\QYtisnT.exe
  2⤵
  PID:6360
- C:\Windows\System\iNLQlCU.exe
  C:\Windows\System\iNLQlCU.exe
  2⤵
  PID:4732
- C:\Windows\System\GsoXSuf.exe
  C:\Windows\System\GsoXSuf.exe
  2⤵
  PID:6528
- C:\Windows\System\rKIEvgZ.exe
  C:\Windows\System\rKIEvgZ.exe
  2⤵
  PID:6612
- C:\Windows\System\Okqcsvn.exe
  C:\Windows\System\Okqcsvn.exe
  2⤵
  PID:6720
- C:\Windows\System\YowNqGi.exe
  C:\Windows\System\YowNqGi.exe
  2⤵
  PID:4580
- C:\Windows\System\MATOliE.exe
  C:\Windows\System\MATOliE.exe
  2⤵
  PID:6864
- C:\Windows\System\mfwwJSw.exe
  C:\Windows\System\mfwwJSw.exe
  2⤵
  PID:6972
- C:\Windows\System\KzvzVnX.exe
  C:\Windows\System\KzvzVnX.exe
  2⤵
  PID:3292
- C:\Windows\System\lliqeXm.exe
  C:\Windows\System\lliqeXm.exe
  2⤵
  PID:1944
- C:\Windows\System\vCBrHkX.exe
  C:\Windows\System\vCBrHkX.exe
  2⤵
  PID:1572
- C:\Windows\System\tFVtlQo.exe
  C:\Windows\System\tFVtlQo.exe
  2⤵
  PID:6324
- C:\Windows\System\jmeiojB.exe
  C:\Windows\System\jmeiojB.exe
  2⤵
  PID:6496
- C:\Windows\System\RVtopTw.exe
  C:\Windows\System\RVtopTw.exe
  2⤵
  PID:2128
- C:\Windows\System\yPsrneL.exe
  C:\Windows\System\yPsrneL.exe
  2⤵
  PID:6808
- C:\Windows\System\FLfuNFA.exe
  C:\Windows\System\FLfuNFA.exe
  2⤵
  PID:7032
- C:\Windows\System\tHrFcjr.exe
  C:\Windows\System\tHrFcjr.exe
  2⤵
  PID:5420
- C:\Windows\System\QtyHRrN.exe
  C:\Windows\System\QtyHRrN.exe
  2⤵
  PID:524
- C:\Windows\System\TiRzuxh.exe
  C:\Windows\System\TiRzuxh.exe
  2⤵
  PID:7188
- C:\Windows\System\zFFWmbf.exe
  C:\Windows\System\zFFWmbf.exe
  2⤵
  PID:7216
- C:\Windows\System\IXGIlkd.exe
  C:\Windows\System\IXGIlkd.exe
  2⤵
  PID:7244
- C:\Windows\System\RvztPVx.exe
  C:\Windows\System\RvztPVx.exe
  2⤵
  PID:7272
- C:\Windows\System\JQGYJsp.exe
  C:\Windows\System\JQGYJsp.exe
  2⤵
  PID:7296
- C:\Windows\System\BGXBZUb.exe
  C:\Windows\System\BGXBZUb.exe
  2⤵
  PID:7392
- C:\Windows\System\eOIzHdT.exe
  C:\Windows\System\eOIzHdT.exe
  2⤵
  PID:7448
- C:\Windows\System\EgosNcY.exe
  C:\Windows\System\EgosNcY.exe
  2⤵
  PID:7468
- C:\Windows\System\acMBNwK.exe
  C:\Windows\System\acMBNwK.exe
  2⤵
  PID:7492
- C:\Windows\System\OvLxTWF.exe
  C:\Windows\System\OvLxTWF.exe
  2⤵
  PID:7524
- C:\Windows\System\gpSTxaf.exe
  C:\Windows\System\gpSTxaf.exe
  2⤵
  PID:7544
- C:\Windows\System\mfliPga.exe
  C:\Windows\System\mfliPga.exe
  2⤵
  PID:7568
- C:\Windows\System\QOKaEYZ.exe
  C:\Windows\System\QOKaEYZ.exe
  2⤵
  PID:7584
- C:\Windows\System\yfKVVTV.exe
  C:\Windows\System\yfKVVTV.exe
  2⤵
  PID:7608
- C:\Windows\System\nNTMiQO.exe
  C:\Windows\System\nNTMiQO.exe
  2⤵
  PID:7648
- C:\Windows\System\avmbPhj.exe
  C:\Windows\System\avmbPhj.exe
  2⤵
  PID:7680
- C:\Windows\System\iVYGJNy.exe
  C:\Windows\System\iVYGJNy.exe
  2⤵
  PID:7708
- C:\Windows\System\ggeJvHf.exe
  C:\Windows\System\ggeJvHf.exe
  2⤵
  PID:7732
- C:\Windows\System\jSNFOrG.exe
  C:\Windows\System\jSNFOrG.exe
  2⤵
  PID:7776
- C:\Windows\System\wsxTSVG.exe
  C:\Windows\System\wsxTSVG.exe
  2⤵
  PID:7804
- C:\Windows\System\uTVWpZt.exe
  C:\Windows\System\uTVWpZt.exe
  2⤵
  PID:7828
- C:\Windows\System\knYClxP.exe
  C:\Windows\System\knYClxP.exe
  2⤵
  PID:7880
- C:\Windows\System\FFtMWGb.exe
  C:\Windows\System\FFtMWGb.exe
  2⤵
  PID:7900
- C:\Windows\System\YzgSoqF.exe
  C:\Windows\System\YzgSoqF.exe
  2⤵
  PID:7924
- C:\Windows\System\arBxhyR.exe
  C:\Windows\System\arBxhyR.exe
  2⤵
  PID:7944
- C:\Windows\System\XMyMqDd.exe
  C:\Windows\System\XMyMqDd.exe
  2⤵
  PID:7964
- C:\Windows\System\TxLQmhH.exe
  C:\Windows\System\TxLQmhH.exe
  2⤵
  PID:7988
- C:\Windows\System\ZUiToIv.exe
  C:\Windows\System\ZUiToIv.exe
  2⤵
  PID:8032
- C:\Windows\System\qKPmTmY.exe
  C:\Windows\System\qKPmTmY.exe
  2⤵
  PID:8084
- C:\Windows\System\dZskLbb.exe
  C:\Windows\System\dZskLbb.exe
  2⤵
  PID:8104
- C:\Windows\System\kJPdQfQ.exe
  C:\Windows\System\kJPdQfQ.exe
  2⤵
  PID:8132
- C:\Windows\System\mQjtqtW.exe
  C:\Windows\System\mQjtqtW.exe
  2⤵
  PID:8156
- C:\Windows\System\qSCoOkV.exe
  C:\Windows\System\qSCoOkV.exe
  2⤵
  PID:8176
- C:\Windows\System\OAIfLVn.exe
  C:\Windows\System\OAIfLVn.exe
  2⤵
  PID:6772
- C:\Windows\System\JFWrlBM.exe
  C:\Windows\System\JFWrlBM.exe
  2⤵
  PID:2444
- C:\Windows\System\dtgxZeh.exe
  C:\Windows\System\dtgxZeh.exe
  2⤵
  PID:3312
- C:\Windows\System\Uzymppo.exe
  C:\Windows\System\Uzymppo.exe
  2⤵
  PID:4288
- C:\Windows\System\kNRUszI.exe
  C:\Windows\System\kNRUszI.exe
  2⤵
  PID:648
- C:\Windows\System\eojwbKO.exe
  C:\Windows\System\eojwbKO.exe
  2⤵
  PID:440
- C:\Windows\System\xVTyDAO.exe
  C:\Windows\System\xVTyDAO.exe
  2⤵
  PID:2916
- C:\Windows\System\dyWHFUU.exe
  C:\Windows\System\dyWHFUU.exe
  2⤵
  PID:388
- C:\Windows\System\Cxkzvhf.exe
  C:\Windows\System\Cxkzvhf.exe
  2⤵
  PID:1816
- C:\Windows\System\lSncJSW.exe
  C:\Windows\System\lSncJSW.exe
  2⤵
  PID:7380
- C:\Windows\System\NkwDIcv.exe
  C:\Windows\System\NkwDIcv.exe
  2⤵
  PID:7440
- C:\Windows\System\ASiQRDy.exe
  C:\Windows\System\ASiQRDy.exe
  2⤵
  PID:7484
- C:\Windows\System\QzrolBI.exe
  C:\Windows\System\QzrolBI.exe
  2⤵
  PID:7628
- C:\Windows\System\gvwXeQd.exe
  C:\Windows\System\gvwXeQd.exe
  2⤵
  PID:7772
- C:\Windows\System\VsacxST.exe
  C:\Windows\System\VsacxST.exe
  2⤵
  PID:7796
- C:\Windows\System\hQgOQcm.exe
  C:\Windows\System\hQgOQcm.exe
  2⤵
  PID:7896
- C:\Windows\System\ouFysNj.exe
  C:\Windows\System\ouFysNj.exe
  2⤵
  PID:7940
- C:\Windows\System\rbZtAIy.exe
  C:\Windows\System\rbZtAIy.exe
  2⤵
  PID:8012
- C:\Windows\System\WobSJXu.exe
  C:\Windows\System\WobSJXu.exe
  2⤵
  PID:8024
- C:\Windows\System\zvTYdxC.exe
  C:\Windows\System\zvTYdxC.exe
  2⤵
  PID:8096
- C:\Windows\System\ogzdOcy.exe
  C:\Windows\System\ogzdOcy.exe
  2⤵
  PID:4904
- C:\Windows\System\hVKFYkt.exe
  C:\Windows\System\hVKFYkt.exe
  2⤵
  PID:2848
- C:\Windows\System\EYCyjwy.exe
  C:\Windows\System\EYCyjwy.exe
  2⤵
  PID:3360
- C:\Windows\System\mnrEUtr.exe
  C:\Windows\System\mnrEUtr.exe
  2⤵
  PID:7208
- C:\Windows\System\PILjFJX.exe
  C:\Windows\System\PILjFJX.exe
  2⤵
  PID:7416
- C:\Windows\System\CKXrceZ.exe
  C:\Windows\System\CKXrceZ.exe
  2⤵
  PID:7596
- C:\Windows\System\csDTvdz.exe
  C:\Windows\System\csDTvdz.exe
  2⤵
  PID:7640
- C:\Windows\System\PUhAvwG.exe
  C:\Windows\System\PUhAvwG.exe
  2⤵
  PID:7972
- C:\Windows\System\RAEfrwI.exe
  C:\Windows\System\RAEfrwI.exe
  2⤵
  PID:8080
- C:\Windows\System\DhFudeM.exe
  C:\Windows\System\DhFudeM.exe
  2⤵
  PID:2584
- C:\Windows\System\oPuQGFd.exe
  C:\Windows\System\oPuQGFd.exe
  2⤵
  PID:4916
- C:\Windows\System\GxXEtsN.exe
  C:\Windows\System\GxXEtsN.exe
  2⤵
  PID:2620
- C:\Windows\System\jWewifZ.exe
  C:\Windows\System\jWewifZ.exe
  2⤵
  PID:7752
- C:\Windows\System\fAtnTBH.exe
  C:\Windows\System\fAtnTBH.exe
  2⤵
  PID:7936
- C:\Windows\System\ugnwVNn.exe
  C:\Windows\System\ugnwVNn.exe
  2⤵
  PID:7876
- C:\Windows\System\gjANGxp.exe
  C:\Windows\System\gjANGxp.exe
  2⤵
  PID:8200
- C:\Windows\System\XYVTklQ.exe
  C:\Windows\System\XYVTklQ.exe
  2⤵
  PID:8224
- C:\Windows\System\KPCXAWP.exe
  C:\Windows\System\KPCXAWP.exe
  2⤵
  PID:8256
- C:\Windows\System\PvGCvUz.exe
  C:\Windows\System\PvGCvUz.exe
  2⤵
  PID:8280
- C:\Windows\System\vQhpZqC.exe
  C:\Windows\System\vQhpZqC.exe
  2⤵
  PID:8304
- C:\Windows\System\ClAOhkH.exe
  C:\Windows\System\ClAOhkH.exe
  2⤵
  PID:8324
- C:\Windows\System\xmdBHwu.exe
  C:\Windows\System\xmdBHwu.exe
  2⤵
  PID:8344
- C:\Windows\System\SgRDrBv.exe
  C:\Windows\System\SgRDrBv.exe
  2⤵
  PID:8364
- C:\Windows\System\KsNEmGT.exe
  C:\Windows\System\KsNEmGT.exe
  2⤵
  PID:8444
- C:\Windows\System\KLUvokL.exe
  C:\Windows\System\KLUvokL.exe
  2⤵
  PID:8476
- C:\Windows\System\UVKiSyU.exe
  C:\Windows\System\UVKiSyU.exe
  2⤵
  PID:8512
- C:\Windows\System\MTyZbbn.exe
  C:\Windows\System\MTyZbbn.exe
  2⤵
  PID:8540
- C:\Windows\System\PIurnnz.exe
  C:\Windows\System\PIurnnz.exe
  2⤵
  PID:8556
- C:\Windows\System\kOZhgPA.exe
  C:\Windows\System\kOZhgPA.exe
  2⤵
  PID:8592
- C:\Windows\System\fXmEhSD.exe
  C:\Windows\System\fXmEhSD.exe
  2⤵
  PID:8612
- C:\Windows\System\XIRJTfz.exe
  C:\Windows\System\XIRJTfz.exe
  2⤵
  PID:8632
- C:\Windows\System\rLStFBE.exe
  C:\Windows\System\rLStFBE.exe
  2⤵
  PID:8664
- C:\Windows\System\preDvbB.exe
  C:\Windows\System\preDvbB.exe
  2⤵
  PID:8700
- C:\Windows\System\kJiRRfD.exe
  C:\Windows\System\kJiRRfD.exe
  2⤵
  PID:8720
- C:\Windows\System\XgGaLrh.exe
  C:\Windows\System\XgGaLrh.exe
  2⤵
  PID:8752
- C:\Windows\System\zRjTxkv.exe
  C:\Windows\System\zRjTxkv.exe
  2⤵
  PID:8776
- C:\Windows\System\KfsfMNp.exe
  C:\Windows\System\KfsfMNp.exe
  2⤵
  PID:8820
- C:\Windows\System\LwudoYz.exe
  C:\Windows\System\LwudoYz.exe
  2⤵
  PID:8844
- C:\Windows\System\fpFMzEV.exe
  C:\Windows\System\fpFMzEV.exe
  2⤵
  PID:8876
- C:\Windows\System\vajeJVO.exe
  C:\Windows\System\vajeJVO.exe
  2⤵
  PID:8900
- C:\Windows\System\HHOTEfU.exe
  C:\Windows\System\HHOTEfU.exe
  2⤵
  PID:8928
- C:\Windows\System\rTZKTWW.exe
  C:\Windows\System\rTZKTWW.exe
  2⤵
  PID:8948
- C:\Windows\System\HPEPXVr.exe
  C:\Windows\System\HPEPXVr.exe
  2⤵
  PID:8976
- C:\Windows\System\gaeLNGh.exe
  C:\Windows\System\gaeLNGh.exe
  2⤵
  PID:9012
- C:\Windows\System\hzvEoYQ.exe
  C:\Windows\System\hzvEoYQ.exe
  2⤵
  PID:9028
- C:\Windows\System\bfyfLct.exe
  C:\Windows\System\bfyfLct.exe
  2⤵
  PID:9072
- C:\Windows\System\MBVhiUr.exe
  C:\Windows\System\MBVhiUr.exe
  2⤵
  PID:9088
- C:\Windows\System\xHhJJMZ.exe
  C:\Windows\System\xHhJJMZ.exe
  2⤵
  PID:9108
- C:\Windows\System\OOyCMsB.exe
  C:\Windows\System\OOyCMsB.exe
  2⤵
  PID:9156
- C:\Windows\System\JOpfkXd.exe
  C:\Windows\System\JOpfkXd.exe
  2⤵
  PID:9180
- C:\Windows\System\gXVvvkg.exe
  C:\Windows\System\gXVvvkg.exe
  2⤵
  PID:9200
- C:\Windows\System\ICXELHM.exe
  C:\Windows\System\ICXELHM.exe
  2⤵
  PID:8076
- C:\Windows\System\abVJcYe.exe
  C:\Windows\System\abVJcYe.exe
  2⤵
  PID:8220
- C:\Windows\System\OZFStwp.exe
  C:\Windows\System\OZFStwp.exe
  2⤵
  PID:8288
- C:\Windows\System\tTlnAoL.exe
  C:\Windows\System\tTlnAoL.exe
  2⤵
  PID:8356
- C:\Windows\System\GjUxFYn.exe
  C:\Windows\System\GjUxFYn.exe
  2⤵
  PID:8452
- C:\Windows\System\DpuzvwD.exe
  C:\Windows\System\DpuzvwD.exe
  2⤵
  PID:8536
- C:\Windows\System\bmHJBTI.exe
  C:\Windows\System\bmHJBTI.exe
  2⤵
  PID:8588
- C:\Windows\System\FwuUUSJ.exe
  C:\Windows\System\FwuUUSJ.exe
  2⤵
  PID:8656
- C:\Windows\System\mhktCZK.exe
  C:\Windows\System\mhktCZK.exe
  2⤵
  PID:8692
- C:\Windows\System\wnFRpte.exe
  C:\Windows\System\wnFRpte.exe
  2⤵
  PID:8764
- C:\Windows\System\hVzlChY.exe
  C:\Windows\System\hVzlChY.exe
  2⤵
  PID:8796
- C:\Windows\System\GXzwgJQ.exe
  C:\Windows\System\GXzwgJQ.exe
  2⤵
  PID:8864
- C:\Windows\System\CpexQXs.exe
  C:\Windows\System\CpexQXs.exe
  2⤵
  PID:8936
- C:\Windows\System\ZvYaWmf.exe
  C:\Windows\System\ZvYaWmf.exe
  2⤵
  PID:9036
- C:\Windows\System\XUkwMPQ.exe
  C:\Windows\System\XUkwMPQ.exe
  2⤵
  PID:9080
- C:\Windows\System\KgIGrRh.exe
  C:\Windows\System\KgIGrRh.exe
  2⤵
  PID:9132
- C:\Windows\System\EAAXODR.exe
  C:\Windows\System\EAAXODR.exe
  2⤵
  PID:9188
- C:\Windows\System\kDpfmUA.exe
  C:\Windows\System\kDpfmUA.exe
  2⤵
  PID:8316
- C:\Windows\System\HkdwClt.exe
  C:\Windows\System\HkdwClt.exe
  2⤵
  PID:8496
- C:\Windows\System\uHBKSgQ.exe
  C:\Windows\System\uHBKSgQ.exe
  2⤵
  PID:8732
- C:\Windows\System\EAvzmbc.exe
  C:\Windows\System\EAvzmbc.exe
  2⤵
  PID:8744
- C:\Windows\System\SWTwMib.exe
  C:\Windows\System\SWTwMib.exe
  2⤵
  PID:8856
- C:\Windows\System\HIHPejf.exe
  C:\Windows\System\HIHPejf.exe
  2⤵
  PID:9004
- C:\Windows\System\cPYQRXp.exe
  C:\Windows\System\cPYQRXp.exe
  2⤵
  PID:9140
- C:\Windows\System\EXxaMlk.exe
  C:\Windows\System\EXxaMlk.exe
  2⤵
  PID:8584
- C:\Windows\System\aLePjuJ.exe
  C:\Windows\System\aLePjuJ.exe
  2⤵
  PID:8804
- C:\Windows\System\cjqEAei.exe
  C:\Windows\System\cjqEAei.exe
  2⤵
  PID:8264
- C:\Windows\System\mVwERzC.exe
  C:\Windows\System\mVwERzC.exe
  2⤵
  PID:8836
- C:\Windows\System\MbMWOCc.exe
  C:\Windows\System\MbMWOCc.exe
  2⤵
  PID:9240
- C:\Windows\System\yXgJhlY.exe
  C:\Windows\System\yXgJhlY.exe
  2⤵
  PID:9256
- C:\Windows\System\IvScdWF.exe
  C:\Windows\System\IvScdWF.exe
  2⤵
  PID:9276
- C:\Windows\System\fMuiJYG.exe
  C:\Windows\System\fMuiJYG.exe
  2⤵
  PID:9316
- C:\Windows\System\bkRfAiT.exe
  C:\Windows\System\bkRfAiT.exe
  2⤵
  PID:9340
- C:\Windows\System\ETAhrBw.exe
  C:\Windows\System\ETAhrBw.exe
  2⤵
  PID:9372
- C:\Windows\System\DNSzPah.exe
  C:\Windows\System\DNSzPah.exe
  2⤵
  PID:9424
- C:\Windows\System\ZBYVPJW.exe
  C:\Windows\System\ZBYVPJW.exe
  2⤵
  PID:9440
- C:\Windows\System\RcSgCbc.exe
  C:\Windows\System\RcSgCbc.exe
  2⤵
  PID:9472
- C:\Windows\System\nJgLVEE.exe
  C:\Windows\System\nJgLVEE.exe
  2⤵
  PID:9508
- C:\Windows\System\wcdJXPs.exe
  C:\Windows\System\wcdJXPs.exe
  2⤵
  PID:9524
- C:\Windows\System\iBjWleL.exe
  C:\Windows\System\iBjWleL.exe
  2⤵
  PID:9564
- C:\Windows\System\cSDpSvO.exe
  C:\Windows\System\cSDpSvO.exe
  2⤵
  PID:9584
- C:\Windows\System\LRrbOyC.exe
  C:\Windows\System\LRrbOyC.exe
  2⤵
  PID:9612
- C:\Windows\System\XdwdydP.exe
  C:\Windows\System\XdwdydP.exe
  2⤵
  PID:9652
- C:\Windows\System\kLkMBje.exe
  C:\Windows\System\kLkMBje.exe
  2⤵
  PID:9668
- C:\Windows\System\FxhHTGE.exe
  C:\Windows\System\FxhHTGE.exe
  2⤵
  PID:9684
- C:\Windows\System\ABqcoha.exe
  C:\Windows\System\ABqcoha.exe
  2⤵
  PID:9704
- C:\Windows\System\lFyqWtl.exe
  C:\Windows\System\lFyqWtl.exe
  2⤵
  PID:9720
- C:\Windows\System\mbvhQYQ.exe
  C:\Windows\System\mbvhQYQ.exe
  2⤵
  PID:9780
- C:\Windows\System\qKQONjN.exe
  C:\Windows\System\qKQONjN.exe
  2⤵
  PID:9804
- C:\Windows\System\gShXDOP.exe
  C:\Windows\System\gShXDOP.exe
  2⤵
  PID:9824
- C:\Windows\System\MaPdQfG.exe
  C:\Windows\System\MaPdQfG.exe
  2⤵
  PID:9844
- C:\Windows\System\ZGZGarY.exe
  C:\Windows\System\ZGZGarY.exe
  2⤵
  PID:9864
- C:\Windows\System\hhdtFLA.exe
  C:\Windows\System\hhdtFLA.exe
  2⤵
  PID:9888
- C:\Windows\System\iCGtcEl.exe
  C:\Windows\System\iCGtcEl.exe
  2⤵
  PID:9912
- C:\Windows\System\ZCPEmEd.exe
  C:\Windows\System\ZCPEmEd.exe
  2⤵
  PID:9960
- C:\Windows\System\ywyxdRt.exe
  C:\Windows\System\ywyxdRt.exe
  2⤵
  PID:10008
- C:\Windows\System\RnGgJym.exe
  C:\Windows\System\RnGgJym.exe
  2⤵
  PID:10036
- C:\Windows\System\XVZOJtO.exe
  C:\Windows\System\XVZOJtO.exe
  2⤵
  PID:10064
- C:\Windows\System\pnHeDDR.exe
  C:\Windows\System\pnHeDDR.exe
  2⤵
  PID:10088
- C:\Windows\System\ZmVVAjQ.exe
  C:\Windows\System\ZmVVAjQ.exe
  2⤵
  PID:10112
- C:\Windows\System\XICwErC.exe
  C:\Windows\System\XICwErC.exe
  2⤵
  PID:10140
- C:\Windows\System\uFYYWdp.exe
  C:\Windows\System\uFYYWdp.exe
  2⤵
  PID:10164
- C:\Windows\System\zpAbqqZ.exe
  C:\Windows\System\zpAbqqZ.exe
  2⤵
  PID:10200
- C:\Windows\System\ULATiEX.exe
  C:\Windows\System\ULATiEX.exe
  2⤵
  PID:10232
- C:\Windows\System\RuvLZkO.exe
  C:\Windows\System\RuvLZkO.exe
  2⤵
  PID:9232
- C:\Windows\System\eJVwgSL.exe
  C:\Windows\System\eJVwgSL.exe
  2⤵
  PID:9292
- C:\Windows\System\QcIbmXn.exe
  C:\Windows\System\QcIbmXn.exe
  2⤵
  PID:9392
- C:\Windows\System\eiPXYnJ.exe
  C:\Windows\System\eiPXYnJ.exe
  2⤵
  PID:9432
- C:\Windows\System\dqsVrGc.exe
  C:\Windows\System\dqsVrGc.exe
  2⤵
  PID:9544
- C:\Windows\System\yEnBoOh.exe
  C:\Windows\System\yEnBoOh.exe
  2⤵
  PID:9608
- C:\Windows\System\YaChwFh.exe
  C:\Windows\System\YaChwFh.exe
  2⤵
  PID:9640
- C:\Windows\System\unwzNau.exe
  C:\Windows\System\unwzNau.exe
  2⤵
  PID:9680
- C:\Windows\System\FVQaFcX.exe
  C:\Windows\System\FVQaFcX.exe
  2⤵
  PID:9772
- C:\Windows\System\XEJtAPH.exe
  C:\Windows\System\XEJtAPH.exe
  2⤵
  PID:9800
- C:\Windows\System\EQeoTSH.exe
  C:\Windows\System\EQeoTSH.exe
  2⤵
  PID:9860
- C:\Windows\System\lXCcYGI.exe
  C:\Windows\System\lXCcYGI.exe
  2⤵
  PID:9908
- C:\Windows\System\zUZBSyN.exe
  C:\Windows\System\zUZBSyN.exe
  2⤵
  PID:10048
- C:\Windows\System\oYjPYso.exe
  C:\Windows\System\oYjPYso.exe
  2⤵
  PID:10084
- C:\Windows\System\wGPYRJV.exe
  C:\Windows\System\wGPYRJV.exe
  2⤵
  PID:9336
- C:\Windows\System\CqbQtqt.exe
  C:\Windows\System\CqbQtqt.exe
  2⤵
  PID:9484
- C:\Windows\System\ZSSXwYM.exe
  C:\Windows\System\ZSSXwYM.exe
  2⤵
  PID:9660
- C:\Windows\System\jyiTTqa.exe
  C:\Windows\System\jyiTTqa.exe
  2⤵
  PID:4804
- C:\Windows\System\ghNIkNk.exe
  C:\Windows\System\ghNIkNk.exe
  2⤵
  PID:9488
- C:\Windows\System\zGurCxK.exe
  C:\Windows\System\zGurCxK.exe
  2⤵
  PID:9756
- C:\Windows\System\qykKIOh.exe
  C:\Windows\System\qykKIOh.exe
  2⤵
  PID:9576
- C:\Windows\System\LDzEHZt.exe
  C:\Windows\System\LDzEHZt.exe
  2⤵
  PID:10196
- C:\Windows\System\OGlSTOH.exe
  C:\Windows\System\OGlSTOH.exe
  2⤵
  PID:9896
- C:\Windows\System\JyLaPOs.exe
  C:\Windows\System\JyLaPOs.exe
  2⤵
  PID:9604
- C:\Windows\System\EiadwwY.exe
  C:\Windows\System\EiadwwY.exe
  2⤵
  PID:10016
- C:\Windows\System\TLmoZqv.exe
  C:\Windows\System\TLmoZqv.exe
  2⤵
  PID:4044
- C:\Windows\System\oYUlrvI.exe
  C:\Windows\System\oYUlrvI.exe
  2⤵
  PID:9988
- C:\Windows\System\NlccNfn.exe
  C:\Windows\System\NlccNfn.exe
  2⤵
  PID:10192
- C:\Windows\System\AaJWczL.exe
  C:\Windows\System\AaJWczL.exe
  2⤵
  PID:10260
- C:\Windows\System\WFKuJCg.exe
  C:\Windows\System\WFKuJCg.exe
  2⤵
  PID:10288
- C:\Windows\System\NnrTvwQ.exe
  C:\Windows\System\NnrTvwQ.exe
  2⤵
  PID:10316
- C:\Windows\System\IHYdpMQ.exe
  C:\Windows\System\IHYdpMQ.exe
  2⤵
  PID:10348
- C:\Windows\System\BddCBYC.exe
  C:\Windows\System\BddCBYC.exe
  2⤵
  PID:10376
- C:\Windows\System\JZEJXwS.exe
  C:\Windows\System\JZEJXwS.exe
  2⤵
  PID:10392
- C:\Windows\System\dCAYWlP.exe
  C:\Windows\System\dCAYWlP.exe
  2⤵
  PID:10416
- C:\Windows\System\iSkRgTX.exe
  C:\Windows\System\iSkRgTX.exe
  2⤵
  PID:10464
- C:\Windows\System\UCNnyJs.exe
  C:\Windows\System\UCNnyJs.exe
  2⤵
  PID:10484
- C:\Windows\System\sdymBpI.exe
  C:\Windows\System\sdymBpI.exe
  2⤵
  PID:10504
- C:\Windows\System\LsLRZye.exe
  C:\Windows\System\LsLRZye.exe
  2⤵
  PID:10528
- C:\Windows\System\VwpXRku.exe
  C:\Windows\System\VwpXRku.exe
  2⤵
  PID:10552
- C:\Windows\System\HthRJki.exe
  C:\Windows\System\HthRJki.exe
  2⤵
  PID:10580
- C:\Windows\System\VINpdzS.exe
  C:\Windows\System\VINpdzS.exe
  2⤵
  PID:10608
- C:\Windows\System\oGAReoP.exe
  C:\Windows\System\oGAReoP.exe
  2⤵
  PID:10640
- C:\Windows\System\dXDEbdH.exe
  C:\Windows\System\dXDEbdH.exe
  2⤵
  PID:10664
- C:\Windows\System\nROZIjG.exe
  C:\Windows\System\nROZIjG.exe
  2⤵
  PID:10720
- C:\Windows\System\yFIPTDe.exe
  C:\Windows\System\yFIPTDe.exe
  2⤵
  PID:10740
- C:\Windows\System\wqOxrKR.exe
  C:\Windows\System\wqOxrKR.exe
  2⤵
  PID:10760
- C:\Windows\System\yxNHnNv.exe
  C:\Windows\System\yxNHnNv.exe
  2⤵
  PID:10776
- C:\Windows\System\cTVmZRe.exe
  C:\Windows\System\cTVmZRe.exe
  2⤵
  PID:10800
- C:\Windows\System\QpmkqIe.exe
  C:\Windows\System\QpmkqIe.exe
  2⤵
  PID:10836
- C:\Windows\System\JSSxnua.exe
  C:\Windows\System\JSSxnua.exe
  2⤵
  PID:10856
- C:\Windows\System\gvwWyjZ.exe
  C:\Windows\System\gvwWyjZ.exe
  2⤵
  PID:10876
- C:\Windows\System\DKEXgWd.exe
  C:\Windows\System\DKEXgWd.exe
  2⤵
  PID:10904
- C:\Windows\System\dojznBV.exe
  C:\Windows\System\dojznBV.exe
  2⤵
  PID:10924
- C:\Windows\System\xdVTaAz.exe
  C:\Windows\System\xdVTaAz.exe
  2⤵
  PID:10968
- C:\Windows\System\JkeNXZS.exe
  C:\Windows\System\JkeNXZS.exe
  2⤵
  PID:10988
- C:\Windows\System\kENmiEp.exe
  C:\Windows\System\kENmiEp.exe
  2⤵
  PID:11036
- C:\Windows\System\coPRewP.exe
  C:\Windows\System\coPRewP.exe
  2⤵
  PID:11052
- C:\Windows\System\BFjclmJ.exe
  C:\Windows\System\BFjclmJ.exe
  2⤵
  PID:11072
- C:\Windows\System\xToiboG.exe
  C:\Windows\System\xToiboG.exe
  2⤵
  PID:11092
- C:\Windows\System\GMYZumP.exe
  C:\Windows\System\GMYZumP.exe
  2⤵
  PID:11124
- C:\Windows\System\qhQgkqQ.exe
  C:\Windows\System\qhQgkqQ.exe
  2⤵
  PID:11164
- C:\Windows\System\bDOQIfI.exe
  C:\Windows\System\bDOQIfI.exe
  2⤵
  PID:11220
- C:\Windows\System\JdACDAt.exe
  C:\Windows\System\JdACDAt.exe
  2⤵
  PID:11252
- C:\Windows\System\EjfykHi.exe
  C:\Windows\System\EjfykHi.exe
  2⤵
  PID:9464
- C:\Windows\System\IzxcuKe.exe
  C:\Windows\System\IzxcuKe.exe
  2⤵
  PID:10280
- C:\Windows\System\SgdYHtx.exe
  C:\Windows\System\SgdYHtx.exe
  2⤵
  PID:10332
- C:\Windows\System\nxfZJcw.exe
  C:\Windows\System\nxfZJcw.exe
  2⤵
  PID:10492
- C:\Windows\System\QUxIrIN.exe
  C:\Windows\System\QUxIrIN.exe
  2⤵
  PID:10476
- C:\Windows\System\iJtSHFE.exe
  C:\Windows\System\iJtSHFE.exe
  2⤵
  PID:10524
- C:\Windows\System\kOoxQtg.exe
  C:\Windows\System\kOoxQtg.exe
  2⤵
  PID:10616
- C:\Windows\System\DwvZNnP.exe
  C:\Windows\System\DwvZNnP.exe
  2⤵
  PID:10652
- C:\Windows\System\QmbUdsu.exe
  C:\Windows\System\QmbUdsu.exe
  2⤵
  PID:10732
- C:\Windows\System\IBdaqaC.exe
  C:\Windows\System\IBdaqaC.exe
  2⤵
  PID:10820
- C:\Windows\System\zuCeqUg.exe
  C:\Windows\System\zuCeqUg.exe
  2⤵
  PID:10812
- C:\Windows\System\XvEttJp.exe
  C:\Windows\System\XvEttJp.exe
  2⤵
  PID:10872
- C:\Windows\System\jJDQaJV.exe
  C:\Windows\System\jJDQaJV.exe
  2⤵
  PID:10920
- C:\Windows\System\XcYeBSp.exe
  C:\Windows\System\XcYeBSp.exe
  2⤵
  PID:11060
- C:\Windows\System\nsdReoM.exe
  C:\Windows\System\nsdReoM.exe
  2⤵
  PID:11088
- C:\Windows\System\ODEGOfD.exe
  C:\Windows\System\ODEGOfD.exe
  2⤵
  PID:11156
- C:\Windows\System\YrykLTR.exe
  C:\Windows\System\YrykLTR.exe
  2⤵
  PID:11244
- C:\Windows\System\dRPpgFH.exe
  C:\Windows\System\dRPpgFH.exe
  2⤵
  PID:10328
- C:\Windows\System\RsCQAEX.exe
  C:\Windows\System\RsCQAEX.exe
  2⤵
  PID:10408
- C:\Windows\System\GZPtyZG.exe
  C:\Windows\System\GZPtyZG.exe
  2⤵
  PID:10480
- C:\Windows\System\IqxwsMP.exe
  C:\Windows\System\IqxwsMP.exe
  2⤵
  PID:10672
- C:\Windows\System\ZqRDRUA.exe
  C:\Windows\System\ZqRDRUA.exe
  2⤵
  PID:10892
- C:\Windows\System\glCqZjF.exe
  C:\Windows\System\glCqZjF.exe
  2⤵
  PID:11116
- C:\Windows\System\yiMAwEL.exe
  C:\Windows\System\yiMAwEL.exe
  2⤵
  PID:11232
- C:\Windows\System\jpDFlKZ.exe
  C:\Windows\System\jpDFlKZ.exe
  2⤵
  PID:1380
- C:\Windows\System\TIKFvsS.exe
  C:\Windows\System\TIKFvsS.exe
  2⤵
  PID:10604
- C:\Windows\System\GHsJtoi.exe
  C:\Windows\System\GHsJtoi.exe
  2⤵
  PID:10960
- C:\Windows\System\mezuxuy.exe
  C:\Windows\System\mezuxuy.exe
  2⤵
  PID:10736
- C:\Windows\System\lPwthES.exe
  C:\Windows\System\lPwthES.exe
  2⤵
  PID:10516
- C:\Windows\System\uZVaDbT.exe
  C:\Windows\System\uZVaDbT.exe
  2⤵
  PID:11284
- C:\Windows\System\NoGnJZp.exe
  C:\Windows\System\NoGnJZp.exe
  2⤵
  PID:11308
- C:\Windows\System\VwfYkMd.exe
  C:\Windows\System\VwfYkMd.exe
  2⤵
  PID:11332
- C:\Windows\System\mdRzClS.exe
  C:\Windows\System\mdRzClS.exe
  2⤵
  PID:11396
- C:\Windows\System\UXAuStp.exe
  C:\Windows\System\UXAuStp.exe
  2⤵
  PID:11420
- C:\Windows\System\cBwsUvB.exe
  C:\Windows\System\cBwsUvB.exe
  2⤵
  PID:11444
- C:\Windows\System\qjOxlnR.exe
  C:\Windows\System\qjOxlnR.exe
  2⤵
  PID:11476
- C:\Windows\System\TnNGoSR.exe
  C:\Windows\System\TnNGoSR.exe
  2⤵
  PID:11500
- C:\Windows\System\aUNZMOo.exe
  C:\Windows\System\aUNZMOo.exe
  2⤵
  PID:11528
- C:\Windows\System\gwdmDia.exe
  C:\Windows\System\gwdmDia.exe
  2⤵
  PID:11556
- C:\Windows\System\MzivJXl.exe
  C:\Windows\System\MzivJXl.exe
  2⤵
  PID:11572
- C:\Windows\System\kkGphYw.exe
  C:\Windows\System\kkGphYw.exe
  2⤵
  PID:11592
- C:\Windows\System\uzOJcas.exe
  C:\Windows\System\uzOJcas.exe
  2⤵
  PID:11620
- C:\Windows\System\eFFddcD.exe
  C:\Windows\System\eFFddcD.exe
  2⤵
  PID:11644
- C:\Windows\System\vnBBCtZ.exe
  C:\Windows\System\vnBBCtZ.exe
  2⤵
  PID:11696
- C:\Windows\System\yUMmDgd.exe
  C:\Windows\System\yUMmDgd.exe
  2⤵
  PID:11720
- C:\Windows\System\SofCtxj.exe
  C:\Windows\System\SofCtxj.exe
  2⤵
  PID:11744
- C:\Windows\System\jiClEFC.exe
  C:\Windows\System\jiClEFC.exe
  2⤵
  PID:11792
- C:\Windows\System\WstNSHW.exe
  C:\Windows\System\WstNSHW.exe
  2⤵
  PID:11808
- C:\Windows\System\VtuEeBU.exe
  C:\Windows\System\VtuEeBU.exe
  2⤵
  PID:11840
- C:\Windows\System\olHSSsH.exe
  C:\Windows\System\olHSSsH.exe
  2⤵
  PID:11864
- C:\Windows\System\XDigoiV.exe
  C:\Windows\System\XDigoiV.exe
  2⤵
  PID:11904
- C:\Windows\System\rJCyLaI.exe
  C:\Windows\System\rJCyLaI.exe
  2⤵
  PID:11928
- C:\Windows\System\SJxgpZC.exe
  C:\Windows\System\SJxgpZC.exe
  2⤵
  PID:11948
- C:\Windows\System\igNfEtN.exe
  C:\Windows\System\igNfEtN.exe
  2⤵
  PID:11976
- C:\Windows\System\oHGHOLJ.exe
  C:\Windows\System\oHGHOLJ.exe
  2⤵
  PID:12000
- C:\Windows\System\URsxTCL.exe
  C:\Windows\System\URsxTCL.exe
  2⤵
  PID:12036
- C:\Windows\System\LhwIXQp.exe
  C:\Windows\System\LhwIXQp.exe
  2⤵
  PID:12060
- C:\Windows\System\nbQhNul.exe
  C:\Windows\System\nbQhNul.exe
  2⤵
  PID:12112
- C:\Windows\System\EqniPZB.exe
  C:\Windows\System\EqniPZB.exe
  2⤵
  PID:12136
- C:\Windows\System\LAAddsh.exe
  C:\Windows\System\LAAddsh.exe
  2⤵
  PID:12164
- C:\Windows\System\FWDtmRD.exe
  C:\Windows\System\FWDtmRD.exe
  2⤵
  PID:12192
- C:\Windows\System\WQGQPXk.exe
  C:\Windows\System\WQGQPXk.exe
  2⤵
  PID:12208
- C:\Windows\System\KegSvGX.exe
  C:\Windows\System\KegSvGX.exe
  2⤵
  PID:12228
- C:\Windows\System\rVyQLUO.exe
  C:\Windows\System\rVyQLUO.exe
  2⤵
  PID:12256
- C:\Windows\System\XTnLnIX.exe
  C:\Windows\System\XTnLnIX.exe
  2⤵
  PID:12272
- C:\Windows\System\ZBRWsUj.exe
  C:\Windows\System\ZBRWsUj.exe
  2⤵
  PID:11344
- C:\Windows\System\tOgTSsv.exe
  C:\Windows\System\tOgTSsv.exe
  2⤵
  PID:11360
- C:\Windows\System\eQkwnLF.exe
  C:\Windows\System\eQkwnLF.exe
  2⤵
  PID:11408
- C:\Windows\System\ADkyjdh.exe
  C:\Windows\System\ADkyjdh.exe
  2⤵
  PID:11516
- C:\Windows\System\KNlLNga.exe
  C:\Windows\System\KNlLNga.exe
  2⤵
  PID:11564
- C:\Windows\System\XeavtaY.exe
  C:\Windows\System\XeavtaY.exe
  2⤵
  PID:11640
- C:\Windows\System\lrIDELw.exe
  C:\Windows\System\lrIDELw.exe
  2⤵
  PID:11688
- C:\Windows\System\IzCbZDr.exe
  C:\Windows\System\IzCbZDr.exe
  2⤵
  PID:11188
- C:\Windows\System\wKFVSJv.exe
  C:\Windows\System\wKFVSJv.exe
  2⤵
  PID:11816
- C:\Windows\System\bSYLUFW.exe
  C:\Windows\System\bSYLUFW.exe
  2⤵
  PID:11884
- C:\Windows\System\frzHWHE.exe
  C:\Windows\System\frzHWHE.exe
  2⤵
  PID:11940
- C:\Windows\System\NtSulYZ.exe
  C:\Windows\System\NtSulYZ.exe
  2⤵
  PID:11988
- C:\Windows\System\nBqkIEd.exe
  C:\Windows\System\nBqkIEd.exe
  2⤵
  PID:12052
- C:\Windows\System\sjPMUyI.exe
  C:\Windows\System\sjPMUyI.exe
  2⤵
  PID:12096
- C:\Windows\System\epHXakG.exe
  C:\Windows\System\epHXakG.exe
  2⤵
  PID:4296
- C:\Windows\System\eRLSrcI.exe
  C:\Windows\System\eRLSrcI.exe
  2⤵
  PID:12204
- C:\Windows\System\pEDUzDR.exe
  C:\Windows\System\pEDUzDR.exe
  2⤵
  PID:2340
- C:\Windows\System\XcSqzUO.exe
  C:\Windows\System\XcSqzUO.exe
  2⤵
  PID:12264
- C:\Windows\System\bNztHWj.exe
  C:\Windows\System\bNztHWj.exe
  2⤵
  PID:11392
- C:\Windows\System\oIthfXQ.exe
  C:\Windows\System\oIthfXQ.exe
  2⤵
  PID:11512
- C:\Windows\System\vjgtROJ.exe
  C:\Windows\System\vjgtROJ.exe
  2⤵
  PID:11668
- C:\Windows\System\MMjDgvQ.exe
  C:\Windows\System\MMjDgvQ.exe
  2⤵
  PID:11740
- C:\Windows\System\UJimPre.exe
  C:\Windows\System\UJimPre.exe
  2⤵
  PID:11824
- C:\Windows\System\UMILCps.exe
  C:\Windows\System\UMILCps.exe
  2⤵
  PID:12128
- C:\Windows\System\xlVYhFP.exe
  C:\Windows\System\xlVYhFP.exe
  2⤵
  PID:12280
- C:\Windows\System\sUVkGmr.exe
  C:\Windows\System\sUVkGmr.exe
  2⤵
  PID:11584
- C:\Windows\System\SQytPjv.exe
  C:\Windows\System\SQytPjv.exe
  2⤵
  PID:12088
- C:\Windows\System\CaVzIho.exe
  C:\Windows\System\CaVzIho.exe
  2⤵
  PID:11996
- C:\Windows\System\DLdNsMC.exe
  C:\Windows\System\DLdNsMC.exe
  2⤵
  PID:12300
- C:\Windows\System\rMCfwrH.exe
  C:\Windows\System\rMCfwrH.exe
  2⤵
  PID:12324
- C:\Windows\System\PzYCpgz.exe
  C:\Windows\System\PzYCpgz.exe
  2⤵
  PID:12360
- C:\Windows\System\SKNEwPt.exe
  C:\Windows\System\SKNEwPt.exe
  2⤵
  PID:12376
- C:\Windows\System\iZQsDAC.exe
  C:\Windows\System\iZQsDAC.exe
  2⤵
  PID:12396
- C:\Windows\System\bCRTEGL.exe
  C:\Windows\System\bCRTEGL.exe
  2⤵
  PID:12424
- C:\Windows\System\wNVePRF.exe
  C:\Windows\System\wNVePRF.exe
  2⤵
  PID:12452
- C:\Windows\System\cFjfwQg.exe
  C:\Windows\System\cFjfwQg.exe
  2⤵
  PID:12476
- C:\Windows\System\ZQWfNjw.exe
  C:\Windows\System\ZQWfNjw.exe
  2⤵
  PID:12532
- C:\Windows\System\YYHYaxr.exe
  C:\Windows\System\YYHYaxr.exe
  2⤵
  PID:12556
- C:\Windows\System\oDnOXNQ.exe
  C:\Windows\System\oDnOXNQ.exe
  2⤵
  PID:12600
- C:\Windows\System\kXqPpyw.exe
  C:\Windows\System\kXqPpyw.exe
  2⤵
  PID:12628
- C:\Windows\System\dyMWIHb.exe
  C:\Windows\System\dyMWIHb.exe
  2⤵
  PID:12652
- C:\Windows\System\QVYkHrG.exe
  C:\Windows\System\QVYkHrG.exe
  2⤵
  PID:12672
- C:\Windows\System\xbbwlLp.exe
  C:\Windows\System\xbbwlLp.exe
  2⤵
  PID:12696
- C:\Windows\System\SIsJRhj.exe
  C:\Windows\System\SIsJRhj.exe
  2⤵
  PID:12748
- C:\Windows\System\qkIUmjH.exe
  C:\Windows\System\qkIUmjH.exe
  2⤵
  PID:12776
- C:\Windows\System\oXKaGhR.exe
  C:\Windows\System\oXKaGhR.exe
  2⤵
  PID:12804
- C:\Windows\System\LSitrYk.exe
  C:\Windows\System\LSitrYk.exe
  2⤵
  PID:12820
- C:\Windows\System\ETCOAfr.exe
  C:\Windows\System\ETCOAfr.exe
  2⤵
  PID:12860
- C:\Windows\System\NAQFvTK.exe
  C:\Windows\System\NAQFvTK.exe
  2⤵
  PID:12888
- C:\Windows\System\Ovouceb.exe
  C:\Windows\System\Ovouceb.exe
  2⤵
  PID:12904
- C:\Windows\System\weNkofI.exe
  C:\Windows\System\weNkofI.exe
  2⤵
  PID:12932
- C:\Windows\System\FGPJGon.exe
  C:\Windows\System\FGPJGon.exe
  2⤵
  PID:12960
- C:\Windows\System\SmSzMSV.exe
  C:\Windows\System\SmSzMSV.exe
  2⤵
  PID:12988
- C:\Windows\System\tmKVDjK.exe
  C:\Windows\System\tmKVDjK.exe
  2⤵
  PID:13016
- C:\Windows\System\xJPHJDw.exe
  C:\Windows\System\xJPHJDw.exe
  2⤵
  PID:13112
- C:\Windows\System\PKXgIHb.exe
  C:\Windows\System\PKXgIHb.exe
  2⤵
  PID:13128
- C:\Windows\System\pehGIqc.exe
  C:\Windows\System\pehGIqc.exe
  2⤵
  PID:13144
- C:\Windows\System\pECCHRY.exe
  C:\Windows\System\pECCHRY.exe
  2⤵
  PID:13160
- C:\Windows\System\tdHQpCX.exe
  C:\Windows\System\tdHQpCX.exe
  2⤵
  PID:13176
- C:\Windows\System\hiVVdcn.exe
  C:\Windows\System\hiVVdcn.exe
  2⤵
  PID:13192
- C:\Windows\System\LpJWKMe.exe
  C:\Windows\System\LpJWKMe.exe
  2⤵
  PID:13208
- C:\Windows\System\IwxiObV.exe
  C:\Windows\System\IwxiObV.exe
  2⤵
  PID:13224
- C:\Windows\System\ZfqBipv.exe
  C:\Windows\System\ZfqBipv.exe
  2⤵
  PID:13240
- C:\Windows\System\EYiBHwa.exe
  C:\Windows\System\EYiBHwa.exe
  2⤵
  PID:13260
- C:\Windows\System\AIYYDgd.exe
  C:\Windows\System\AIYYDgd.exe
  2⤵
  PID:13292
- C:\Windows\System\ZSIKzSk.exe
  C:\Windows\System\ZSIKzSk.exe
  2⤵
  PID:13308
- C:\Windows\System\QIQEmtE.exe
  C:\Windows\System\QIQEmtE.exe
  2⤵
  PID:11684
- C:\Windows\System\ZNlDgHY.exe
  C:\Windows\System\ZNlDgHY.exe
  2⤵
  PID:12296
- C:\Windows\System\DaXyZfv.exe
  C:\Windows\System\DaXyZfv.exe
  2⤵
  PID:12340
- C:\Windows\System\saISSWW.exe
  C:\Windows\System\saISSWW.exe
  2⤵
  PID:12608
- C:\Windows\System\DhvbRAI.exe
  C:\Windows\System\DhvbRAI.exe
  2⤵
  PID:12644
- C:\Windows\System\oswoOwK.exe
  C:\Windows\System\oswoOwK.exe
  2⤵
  PID:12692
- C:\Windows\System\OrcUqBx.exe
  C:\Windows\System\OrcUqBx.exe
  2⤵
  PID:12852
- C:\Windows\System\QIEvdWj.exe
  C:\Windows\System\QIEvdWj.exe
  2⤵
  PID:13004
- C:\Windows\System\iMcJvWh.exe
  C:\Windows\System\iMcJvWh.exe
  2⤵
  PID:13104
- C:\Windows\System\PaPIiXh.exe
  C:\Windows\System\PaPIiXh.exe
  2⤵
  PID:13032
- C:\Windows\System\jpdOTWx.exe
  C:\Windows\System\jpdOTWx.exe
  2⤵
  PID:13060
- C:\Windows\System\UacYLKu.exe
  C:\Windows\System\UacYLKu.exe
  2⤵
  PID:13120
- C:\Windows\System\HWbTouU.exe
  C:\Windows\System\HWbTouU.exe
  2⤵
  PID:13232
- C:\Windows\System\vHfxfLh.exe
  C:\Windows\System\vHfxfLh.exe
  2⤵
  PID:11276
- C:\Windows\System\sYYcuOw.exe
  C:\Windows\System\sYYcuOw.exe
  2⤵
  PID:11292
- C:\Windows\System\CPePEEU.exe
  C:\Windows\System\CPePEEU.exe
  2⤵
  PID:12292
- C:\Windows\System\IwLFRmG.exe
  C:\Windows\System\IwLFRmG.exe
  2⤵
  PID:12836
- C:\Windows\System\bIixpGU.exe
  C:\Windows\System\bIixpGU.exe
  2⤵
  PID:12520
- C:\Windows\System\mSFyopL.exe
  C:\Windows\System\mSFyopL.exe
  2⤵
  PID:4340
- C:\Windows\System\DjPlLwq.exe
  C:\Windows\System\DjPlLwq.exe
  2⤵
  PID:12980
- C:\Windows\System\KuaehCk.exe
  C:\Windows\System\KuaehCk.exe
  2⤵
  PID:13048
- C:\Windows\System\grURcKR.exe
  C:\Windows\System\grURcKR.exe
  2⤵
  PID:13220
- C:\Windows\System\CDoMMMd.exe
  C:\Windows\System\CDoMMMd.exe
  2⤵
  PID:12524
- C:\Windows\System\bsESJvg.exe
  C:\Windows\System\bsESJvg.exe
  2⤵
  PID:12540
- C:\Windows\System\YlpChGt.exe
  C:\Windows\System\YlpChGt.exe
  2⤵
  PID:12944
- C:\Windows\System\gvTIiKu.exe
  C:\Windows\System\gvTIiKu.exe
  2⤵
  PID:13140
- C:\Windows\System\sHHvIqN.exe
  C:\Windows\System\sHHvIqN.exe
  2⤵
  PID:12388
- C:\Windows\System\MhBZUTP.exe
  C:\Windows\System\MhBZUTP.exe
  2⤵
  PID:13320
- C:\Windows\System\JgXbxZI.exe
  C:\Windows\System\JgXbxZI.exe
  2⤵
  PID:13380
- C:\Windows\System\kLQyKYs.exe
  C:\Windows\System\kLQyKYs.exe
  2⤵
  PID:13400
- C:\Windows\System\fYXjkVR.exe
  C:\Windows\System\fYXjkVR.exe
  2⤵
  PID:13428
- C:\Windows\System\LOUpXdY.exe
  C:\Windows\System\LOUpXdY.exe
  2⤵
  PID:13452
- C:\Windows\System\BOHFCyv.exe
  C:\Windows\System\BOHFCyv.exe
  2⤵
  PID:13476
- C:\Windows\System\tGrgfyY.exe
  C:\Windows\System\tGrgfyY.exe
  2⤵
  PID:13496
- C:\Windows\System\QPskNUX.exe
  C:\Windows\System\QPskNUX.exe
  2⤵
  PID:13552
- C:\Windows\System\CwwsKKV.exe
  C:\Windows\System\CwwsKKV.exe
  2⤵
  PID:13568
- C:\Windows\System\Blbnjca.exe
  C:\Windows\System\Blbnjca.exe
  2⤵
  PID:13596
- C:\Windows\System\XKzOeWx.exe
  C:\Windows\System\XKzOeWx.exe
  2⤵
  PID:13620
- C:\Windows\System\nVQAoOQ.exe
  C:\Windows\System\nVQAoOQ.exe
  2⤵
  PID:13636
- C:\Windows\System\foceyvF.exe
  C:\Windows\System\foceyvF.exe
  2⤵
  PID:13664
- C:\Windows\System\ZcZfRTS.exe
  C:\Windows\System\ZcZfRTS.exe
  2⤵
  PID:13688
- C:\Windows\System\CnaYGOJ.exe
  C:\Windows\System\CnaYGOJ.exe
  2⤵
  PID:13736
- C:\Windows\System\ibaFqRS.exe
  C:\Windows\System\ibaFqRS.exe
  2⤵
  PID:13752
- C:\Windows\System\HMNsdoG.exe
  C:\Windows\System\HMNsdoG.exe
  2⤵
  PID:13768
- C:\Windows\System\sWxFXWa.exe
  C:\Windows\System\sWxFXWa.exe
  2⤵
  PID:13800
- C:\Windows\System\iJiGbjs.exe
  C:\Windows\System\iJiGbjs.exe
  2⤵
  PID:13828
- C:\Windows\System\yEUeAUm.exe
  C:\Windows\System\yEUeAUm.exe
  2⤵
  PID:13884
- C:\Windows\System\hBEbqhF.exe
  C:\Windows\System\hBEbqhF.exe
  2⤵
  PID:13904
- C:\Windows\System\ncfPGhG.exe
  C:\Windows\System\ncfPGhG.exe
  2⤵
  PID:13928
- C:\Windows\System\SpbsArn.exe
  C:\Windows\System\SpbsArn.exe
  2⤵
  PID:13952
- C:\Windows\System\QCopWjY.exe
  C:\Windows\System\QCopWjY.exe
  2⤵
  PID:13976
- C:\Windows\System\VlnvVWQ.exe
  C:\Windows\System\VlnvVWQ.exe
  2⤵
  PID:14004
- C:\Windows\System\BzodjAA.exe
  C:\Windows\System\BzodjAA.exe
  2⤵
  PID:14028
- C:\Windows\System\PjVZPIz.exe
  C:\Windows\System\PjVZPIz.exe
  2⤵
  PID:14056
- C:\Windows\System\JaWobLC.exe
  C:\Windows\System\JaWobLC.exe
  2⤵
  PID:14076
- C:\Windows\System\SoSCyAv.exe
  C:\Windows\System\SoSCyAv.exe
  2⤵
  PID:14104
- C:\Windows\System\wzdpBah.exe
  C:\Windows\System\wzdpBah.exe
  2⤵
  PID:14144
- C:\Windows\System\doYcaTD.exe
  C:\Windows\System\doYcaTD.exe
  2⤵
  PID:14168
- C:\Windows\System\FNaUTRN.exe
  C:\Windows\System\FNaUTRN.exe
  2⤵
  PID:14212
- C:\Windows\System\kPuWCjk.exe
  C:\Windows\System\kPuWCjk.exe
  2⤵
  PID:14244
- C:\Windows\System\gXbevpw.exe
  C:\Windows\System\gXbevpw.exe
  2⤵
  PID:14264
- C:\Windows\System\jBdsYmf.exe
  C:\Windows\System\jBdsYmf.exe
  2⤵
  PID:14288
- C:\Windows\System\iSLkemE.exe
  C:\Windows\System\iSLkemE.exe
  2⤵
  PID:14304
- C:\Windows\System\FxyIXlp.exe
  C:\Windows\System\FxyIXlp.exe
  2⤵
  PID:14332
- C:\Windows\System\MTclJUM.exe
  C:\Windows\System\MTclJUM.exe
  2⤵
  PID:12420
- C:\Windows\System\mcrPpZT.exe
  C:\Windows\System\mcrPpZT.exe
  2⤵
  PID:13356
- C:\Windows\System\ZWuQouI.exe
  C:\Windows\System\ZWuQouI.exe
  2⤵
  PID:13416
- C:\Windows\System\gipeoIp.exe
  C:\Windows\System\gipeoIp.exe
  2⤵
  PID:13460
- C:\Windows\System\icvXphY.exe
  C:\Windows\System\icvXphY.exe
  2⤵
  PID:13528
- C:\Windows\System\aZmJTHG.exe
  C:\Windows\System\aZmJTHG.exe
  2⤵
  PID:13588
- C:\Windows\System\nIeVzPg.exe
  C:\Windows\System\nIeVzPg.exe
  2⤵
  PID:13716
- C:\Windows\System\FkBnMwo.exe
  C:\Windows\System\FkBnMwo.exe
  2⤵
  PID:13676
- C:\Windows\System\jEOhCbn.exe
  C:\Windows\System\jEOhCbn.exe
  2⤵
  PID:13820
- C:\Windows\System\lWZwOHt.exe
  C:\Windows\System\lWZwOHt.exe
  2⤵
  PID:13936
- C:\Windows\System\ASfCrsU.exe
  C:\Windows\System\ASfCrsU.exe
  2⤵
  PID:13992
- C:\Windows\System\TFBcKQV.exe
  C:\Windows\System\TFBcKQV.exe
  2⤵
  PID:14048
- C:\Windows\System\VNBqRIi.exe
  C:\Windows\System\VNBqRIi.exe
  2⤵
  PID:14124
- C:\Windows\System\idnFogz.exe
  C:\Windows\System\idnFogz.exe
  2⤵
  PID:14140
- C:\Windows\System\eHbkhsV.exe
  C:\Windows\System\eHbkhsV.exe
  2⤵
  PID:14224
- C:\Windows\System\KAZMwre.exe
  C:\Windows\System\KAZMwre.exe
  2⤵
  PID:4232
- C:\Windows\System\zwTiHQz.exe
  C:\Windows\System\zwTiHQz.exe
  2⤵
  PID:13444
- C:\Windows\System\wKRMlJE.exe
  C:\Windows\System\wKRMlJE.exe
  2⤵
  PID:13672
- C:\Windows\System\evsOuxM.exe
  C:\Windows\System\evsOuxM.exe
  2⤵
  PID:13628
- C:\Windows\System\ouMAfYQ.exe
  C:\Windows\System\ouMAfYQ.exe
  2⤵
  PID:13968
- C:\Windows\System\ixcJqYS.exe
  C:\Windows\System\ixcJqYS.exe
  2⤵
  PID:14024
- C:\Windows\System\nuARbSs.exe
  C:\Windows\System\nuARbSs.exe
  2⤵
  PID:14200
- C:\Windows\System\qgnRwph.exe
  C:\Windows\System\qgnRwph.exe
  2⤵
  PID:13560
- C:\Windows\System\StlLHlJ.exe
  C:\Windows\System\StlLHlJ.exe
  2⤵
  PID:13468
- C:\Windows\System\livrXCk.exe
  C:\Windows\System\livrXCk.exe
  2⤵
  PID:14272
- C:\Windows\System\bCncXTT.exe
  C:\Windows\System\bCncXTT.exe
  2⤵
  PID:13848
- C:\Windows\System\iiHRCLr.exe
  C:\Windows\System\iiHRCLr.exe
  2⤵
  PID:14020
- C:\Windows\System\wWYAcuR.exe
  C:\Windows\System\wWYAcuR.exe
  2⤵
  PID:14368
- C:\Windows\System\ggXXIpE.exe
  C:\Windows\System\ggXXIpE.exe
  2⤵
  PID:14408
- C:\Windows\System\RAyqdme.exe
  C:\Windows\System\RAyqdme.exe
  2⤵
  PID:14424
- C:\Windows\System\iiyLmQy.exe
  C:\Windows\System\iiyLmQy.exe
  2⤵
  PID:14468
- C:\Windows\System\wbxClUF.exe
  C:\Windows\System\wbxClUF.exe
  2⤵
  PID:14484
- C:\Windows\System\tkcpdga.exe
  C:\Windows\System\tkcpdga.exe
  2⤵
  PID:14520
- C:\Windows\System\OBkAFQT.exe
  C:\Windows\System\OBkAFQT.exe
  2⤵
  PID:14548
- C:\Windows\System\oYRkPBC.exe
  C:\Windows\System\oYRkPBC.exe
  2⤵
  PID:14564
- C:\Windows\System\XAGoChF.exe
  C:\Windows\System\XAGoChF.exe
  2⤵
  PID:14596
- C:\Windows\System\SWEBvXk.exe
  C:\Windows\System\SWEBvXk.exe
  2⤵
  PID:14644
- C:\Windows\System\VBmWgMk.exe
  C:\Windows\System\VBmWgMk.exe
  2⤵
  PID:14664
- C:\Windows\System\LglfBzC.exe
  C:\Windows\System\LglfBzC.exe
  2⤵
  PID:14692

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DJtcSaG.exe

Filesize
1.9MB

MD5
6994a393120a92b79306e789a1ff5a5b

SHA1
f13b6e3e8db6db27c30f2f46d4e8d3bd501877b0

SHA256
ce4de40788b373e39ac9a10ed658decc575b6431bc4cb69b072ad6cc872b7beb

SHA512
fcc95c6ae5fcfa5696bb093b7be2e550d4397e2067f2b852297da7e455ee48f07bc68b327f7c6e3ddc2e2fa3e3a4e1789c47c88ffead5d5a6af59e6379b2f1ce

Download Submit
C:\Windows\System\DuVDlpJ.exe

Filesize
1.9MB

MD5
ac4da2e69445f1bae39a4d421fc0faea

SHA1
8623e8bb1851efe3b844fc0b78dd016421bed2bf

SHA256
a4a31caf2c10849d871456355a6e53867d12b3c6f47c09937f74bcd357ae6bba

SHA512
afdb00cea0ed5e03b7070def8584178fc4f25aaccdef49d95c88140edc54b21380733359f41b7513d95fc0fb53aefb1d7851dd2f7993784f95997c5009b4c267

Download Submit
C:\Windows\System\DvuUYNP.exe

Filesize
1.9MB

MD5
64d40e1edd117eb51a76c30f2794675e

SHA1
f6254446454f2fc2fe8178b8db90f3d8a5b336d3

SHA256
ce26fb5f7b8f287e49f227b61db69f35b2d00532cccd6538e9a661f7c0f60a41

SHA512
422388d22716bb5aa354a568ef640f2fc43f6b31d322d454705cab363db26cc1c09896e432707dd730acce8f818b53c1d2419ed7c2f50d93c722d084be20c183

Download Submit
C:\Windows\System\ETYNcor.exe

Filesize
1.9MB

MD5
ac8ffb450f399f2f314ebd724bb6c7d8

SHA1
17bd5917aeaf01fd6eb2ec6edf3fe50e1911b01b

SHA256
4e6a452f3bd93cb7476bffeb1b9fb81811c97caca7ab9dc201bfa2dd397d867a

SHA512
8208def2bbce1ad63ca9cf71e4efc87042c7c518eae83a57d832c0e524eac360be6ef76059aba0d2ab3a3ff8198be24e29c877c09daa7ca95f1b8136c9c002e3

Download Submit
C:\Windows\System\FKOIiLI.exe

Filesize
1.9MB

MD5
27ecab95fa8ed3befec59b26464183e6

SHA1
8eb6504dd93605f94d587fc07bbc65c61ae60ed2

SHA256
8da28a5b6ded63da62d37911503fd3ac9c7f031725b17cb108b437d7fa504d84

SHA512
396021a08face11a493bb0800c6df7315665bec2b7d5bec630418802ebe41b3f7f925d188110628a63a31e764a44be3602e48873d804046aa3b5e608f31bc2a6

Download Submit
C:\Windows\System\FkwAslK.exe

Filesize
1.9MB

MD5
03ed3b836371bc03f565cad46fb0670b

SHA1
42fc3b96afff84bfb38c58ad1da0580e842d0d31

SHA256
d197bc9eea6db82265486c8f99ce4bd885950e1d195aa8e587a06097fb835a6f

SHA512
ea24da631f78d28f03fe2175d2f0cc2154d9ca827b03a2890db91be60f8b6fc7e784ec69a07dcd2e91faa5279326ae1bfd4faba9fc8d48b2f4cc0d628b775ed9

Download Submit
C:\Windows\System\HIcfapk.exe

Filesize
1.9MB

MD5
aa181198201a247091d749a9faa77680

SHA1
cd5e3bc0643b2fc71a0370bcee363b5c0cfefa34

SHA256
989ec4e93b61b5d09ec710c9a03bf577a8153074fe43b1f5bc1fdc2b9413c9cc

SHA512
f034136b4176710272d142b41f0058ae9140b2a163eb0a33fecb159ad305eee9df2e6c02b8d6272f97f89f7a99aa66f520fd4e7891f56dcdb57b70efc12a1233

Download Submit
C:\Windows\System\HdHywkh.exe

Filesize
1.9MB

MD5
e234ab5b223626d2a79803ad27b3c60d

SHA1
16f7b2c7882dc06f73d859733df1d458275c2caa

SHA256
b7e2f2973fa5ff16cdc8be9e3ecbcfd343616d9d91b242d561fbb4891e88ffdb

SHA512
23ccf3f0d73a02b6fb4598cfd021420256b7b8270ac9c473efefeccfe1e75ba96f45cc07df10d575a807a3955abb6075ceb4ac764a753bea65bc7776bcaead3f

Download Submit
C:\Windows\System\LAGvGyX.exe

Filesize
1.9MB

MD5
c82b605d9ff4663cccabb16cd820d45e

SHA1
d6abb0341dcf09fecbbcc1a6a87d78c300f92a63

SHA256
4e4476940d76aceb3aae33b0812c5aa7a0ea752adcb9730129d8cbfcbe8eda32

SHA512
385b276fd48a7878d75598ae629eedd58ee3325d8f03a2b23edeec499d6a296dab8ea8c60a16ec79aaf28e6727f71d95a312494fb1467afbb8d6643dc232e6d1

Download Submit
C:\Windows\System\LbRupIy.exe

Filesize
1.9MB

MD5
3ecf4cf8283e374ae8610b6947961add

SHA1
b3a15ffd9c6d97a4683c06c7cbd985ee126bdab1

SHA256
b9b6068b71a59d1956ca241c276e86625e2e747ce57e14b1a685df68f35ec8d0

SHA512
d5227b6fd84e57590282260d1ccdc666992f45f968948ca503ebf33ede69acd6a8c8fb58080cdeea822d1315c992b0d330188ace1b0ec9c0354321125f5cd8d8

Download Submit
C:\Windows\System\MULAynb.exe

Filesize
1.9MB

MD5
a8ccfdf8e1e76721944999bb2a5671d9

SHA1
57ee25dcda085a91b7af006b5d45e68494ce2acb

SHA256
859dbec485e80f91315f10ab276ee9e8df47dceed14c1f42272b688f9342c322

SHA512
c07423eba2b5f42842384c82e0bd3bbfd3bce76eaeab815def8408c0defa501a320e9424f32eb7a8c1941cafdef06f40fc05b9f2ddd0bafed83dcf28b6de061b

Download Submit
C:\Windows\System\OXNsWeW.exe

Filesize
1.9MB

MD5
f387e2edfaa7cae1a4872465f5aeb18b

SHA1
3cef5a302c8d52cc944aff0989b529496e5caa33

SHA256
f655638027277de4ddb9e734e5a3b616bbd2d5c78278c62e874788198351bca9

SHA512
9f7acc9d050cb902ebc60884892818924eda48433b24e9b44db45b7a575ad1f17ccb671e798d248cabac30121b478e37c884530059df6feb1c00a96a0559d3e8

Download Submit
C:\Windows\System\PJjpSWR.exe

Filesize
1.9MB

MD5
8c2b7c5ce6b142be0e59aa962f3e5eb7

SHA1
ac5a82ee6bed08969831feedfb4fe3a0e72714e6

SHA256
e1b21dbcb9c811c4fa478026e2d2b70ad59f37be445428c743de8036e5f449ef

SHA512
e42f0704c0d3c44712430548197a4acbe342652760c8b8face79ee2a01d0a07a3e47f4ed2852e41d5c236ee9689f18c956c08af416b0913546bc633e674b4d76

Download Submit
C:\Windows\System\PxmHnuu.exe

Filesize
1.9MB

MD5
37a2d8133c64a8bdfb0f23574afc7bc2

SHA1
d06fbb2a18def426691c6327d9e0b5ebae6918fa

SHA256
08392631be7a8de79626dd45c619446740debab821abe929665b16a8e91382fb

SHA512
dd45f77f6fef5df6f0288af13ba9c64568b2d030034650c32e0916c88249f1c6c9cb4fc4e2b41c0d25822b2447c94429a8efcca8ed3763d0587f967e412c3680

Download Submit
C:\Windows\System\RLXuwNj.exe

Filesize
1.9MB

MD5
ea3548f7c2ed75f90902e445e35f1e2d

SHA1
f1a361003471ebe7a59ecd246c5240ce3735b0f5

SHA256
fa7208faf465227fcc09ad9b0365fdfa2c6124c0f7d2d7d08d94a70898b04663

SHA512
5c621b6ca22df7aa334ecebb8fc65a9e65d63f48980652bd9fea033fddb2b5dc573d278d85cd0c9c056e580e0d62c458d09b0f47fce8cd6759e74aa3bf1283fa

Download Submit
C:\Windows\System\TgTUkjl.exe

Filesize
1.9MB

MD5
2347c2a9ddeeef146c61efc9059c47df

SHA1
6ec542867fb331afef092683c3d981c158f481bb

SHA256
49a35321041c071256f95dd6016b2af7a06489c10387c2e9ddc76e38dd3e0c51

SHA512
c7cd1fed261f5016bae8e28b4d2c6b25b151f1b09531fd213da8ab9e1dd0e3b2f6c433dd14dfe4078dada21792d92e664e6bcad00b391e93f309b6ccda8ead62

Download Submit
C:\Windows\System\WbZxJqQ.exe

Filesize
1.9MB

MD5
d72584e75f9235f5e509d2594af5633f

SHA1
71a39ce5738805d9a5b35ca31d371ca5369b794f

SHA256
b3800d2d2cdc0da7e39ba4cd64ce432a3e370e97db7db763b968b82c19110148

SHA512
51e632af95745679fe3445176be575d54b74cc8f1809936654d1fe940e267e9f11013aae59bcb908b42e2c7cebc57d676998209a00878c7c85e91ed834ab5d3c

Download Submit
C:\Windows\System\ZwOYHhI.exe

Filesize
1.9MB

MD5
17141ac0e59a4498959a11b524535e95

SHA1
6843038e4f21c32b1146855e2c8e4997ce3afc89

SHA256
89ce0ba030055ba93ed62fe046a85f2f45509961a2eda30bad32db7e6abd2706

SHA512
31d1eb6587d2288a6047aa1e34e7bd6a03ad8e423d65586b63f7e065ab9d9cf70fe4fc40dcd2958e386d73b06a2ff9e6da9ff7c27c5f90cf71767e6d5a2d5700

Download Submit
C:\Windows\System\cQGDIEh.exe

Filesize
1.9MB

MD5
fc3b8ff58f63e0425255b64316cea535

SHA1
edf9578b66487bb1d409c14e4783c7e0637cf1e4

SHA256
31570c4c383968a4df9377caafda3ad57affea608e464d06a991ce069d115897

SHA512
5a874c1d09d8ec1dced35255cbf4256350e333d2eef6873a8490695625d82e4c28994b2af739a0ec762cb366c6c2a4f5e05a3ed987eb036f1a08d380fc74d497

Download Submit
C:\Windows\System\caVcYOH.exe

Filesize
1.9MB

MD5
0b64a2e8905e488c1b7079a4e2522925

SHA1
64a37e188e80327fc5e82e6032b1057b33996b96

SHA256
176151a0702724dcdda8785ac1e40ae2085af6cc81776e8e9ef50dac76575a0a

SHA512
e217f68c708660fbc1b6d496054a5568ff8817a3d09e4a44b76592ef3c63affd214188cc983c7e5be1081022b54031e5f0a08e8bbe85e3922905d62222d52b4f

Download Submit
C:\Windows\System\evEzjGi.exe

Filesize
1.9MB

MD5
c45c636f13a64d9b63269fde07be39e6

SHA1
a4f7acfa2146160862b1aacc01191cc50f197cc5

SHA256
edef1ae3f7750fc1f4afed427033b6b7993cf17377549bec31522f73b07ff569

SHA512
6f902af16655c8b48fbd4e75fa1c289c146bcc10fed28043a1c58d34a6856771e13a348e0edbeb64ffba9f7d23082095e480a85d68ae0218dae465149d090811

Download Submit
C:\Windows\System\gWQdCMM.exe

Filesize
1.9MB

MD5
830d4e2ee9be1ad7a723cb25ae9dd921

SHA1
37e70fbc6ad0517eb489d633d610453676040a28

SHA256
4f9c7747f0a3a2e2992e4cb87cfc5035a757ea85aa8cd4c6eddd719e2e3b6920

SHA512
b6551fb673a96ab3ad5c5682bd6a359df972dcff34c663a56f21defeb6e309575ebfcc18319ca9fadba27b2c120c4d5de38b5fcfa653feddfccd6fbd58fbbd2d

Download Submit
C:\Windows\System\jpspeaL.exe

Filesize
1.9MB

MD5
c7cb75c787ba0e206e41611513b28823

SHA1
6f62bd96e6398c88899921be1efc131cf427cf6b

SHA256
762dc3596fe59170fa4459069d0e1155a90ddf829bfcf5fb61da728e9c726c97

SHA512
b7b6dcdfbc53f7947cbbd0189e7c4a1a22ed5c98a1ccba9a1e6c3787d366b980026225ea47baaef95c93ea4977e82519dfa28fbdfd141b7ed331667838f4d024

Download Submit
C:\Windows\System\kDBakPJ.exe

Filesize
1.9MB

MD5
5e262fdc922974c2a2981d5e827e02a4

SHA1
72a59ed241e6f5a55e5af22f17af0a91e2de1c03

SHA256
9f868c6609a1bf94ae8c330ab19fc2f3e56e24c0e663105b43c799dafd1cbab7

SHA512
6a0ddbd91df19051d4a64b47799605a10ce04e3eff566c246d4acd31441ae595df631199b02f575a3cc508599526c570b4c3860a258445c6b0f807863665c61d

Download Submit
C:\Windows\System\kvidWkW.exe

Filesize
1.9MB

MD5
bff0ae16cf478009b85fed53b73143e9

SHA1
cc3a46dac9de43329be7a569065be7f4ed9be272

SHA256
b927d4c9865a79b1fd1550c372be599f6f15af793f5654af0b795194f713811a

SHA512
73bffee52fa9326d86cdc76773960c6981dc5fb0e59191f12335b6f1cfe8385cba367698f06653085f6f5ce9e11035f894016288cb506c7413ad3844e184099c

Download Submit
C:\Windows\System\mvkkqJS.exe

Filesize
1.9MB

MD5
6cccaa19a41ef18f96190d0e252fd3d7

SHA1
96007bed425fc62fee6106661943808615afa542

SHA256
9bbb85ed6886c4ab23a631af5b33c1cfaa9d3df29758435b7835800dedd53018

SHA512
637b2eafb3d540b132fda1f5af4f193a6be5ac8e52c63a14de2c34522fd8b7bb65fb641714101a5cfeec946a6d8f6b999a635a51bef43ca4a40d5abd08a4a5c6

Download Submit
C:\Windows\System\pqrtaEe.exe

Filesize
1.9MB

MD5
16e63e9725b7f61cefca33489fd680b7

SHA1
b6fd34a7b6ba8d642a16b1bb33ee58aa624eec07

SHA256
81b6b6fc3357c175b68d40b62f283908dd14e424afb5084ea6aa67438e4df4b7

SHA512
c095a7c9b268818b02700e12bff1896160a89d991ed60f1b280e80975b9b8ce42ef9de15fbda6fdf37d06b41d04c0492645ac9c3838cd885c84b7400fdbb9014

Download Submit
C:\Windows\System\tvfALHm.exe

Filesize
1.9MB

MD5
bd5ff83fc2d4768fbc439c6027245648

SHA1
b0e8e5eaa025b767c6cd867f7dfa093809601fee

SHA256
04338ed64f81d127552afbe3d83bb09cb9509be698d653bf1231ed6959ee1886

SHA512
73a139918cfa65a2159770b09b8fb7f3a732b061fcf9de0882948c0017a11e80a82015fb0047d563c76780963c021861105d400cf30bb66ea8f9438b27c91aca

Download Submit
C:\Windows\System\upHpwlX.exe

Filesize
1.9MB

MD5
35c471827f242fda5caf6f421c6b4568

SHA1
2d7b2cbe21e50df75a7d2525e218b3bc5f2fee62

SHA256
d7c1a84dfab848050f76d1282acf029e3d7e7aeb49c8370cc29086880079c006

SHA512
fe13e25afcdf37b5afd4c614edf0eab217ebb3c5dbd56249fa2a5f3593e7d1154d7b54b965d677666577e6ac4fbe8e0d0cb76f24065cf72bbf42e2ad25224c17

Download Submit
C:\Windows\System\wbzCZGi.exe

Filesize
1.9MB

MD5
e5476fbb4b514078d67204ff34f393ce

SHA1
116b33b773c82adb02112d66199b5eb666cdff98

SHA256
8d5ce61e2c12bebcd4fd339d0069a920944bd660af3a33f79aec06488523ce4e

SHA512
6bb11f8e5e8df1c710c6882b95e542db7b242a2e8c3a93b4ac8bd2ae40835cb0894bc678ac6a09df6176d92117aed021d1c73df0ac47e79c643e67329596da20

Download Submit
C:\Windows\System\xOzXuHI.exe

Filesize
1.9MB

MD5
f6d705bb6bad78e6447432c68daf9f6e

SHA1
2390d735dd73c360edbc337ad6d36a696b6e7e50

SHA256
77b7ca7a4990609387c10fdcc8b2e6f3e4356beae46ecdd7a1c2b1459791c5fb

SHA512
94c99b4da0ca8b317743719efea280faaf9854eb06da1caf1be311ba4405742cedfe5769177a4f2030e45f28573f78618f2eafa93c6cc4cf6f953f4e63b58990

Download Submit
C:\Windows\System\yqslyBy.exe

Filesize
1.9MB

MD5
e9690d9d38cfef92e6a25778ad7415e8

SHA1
3be005536e3a318a5519969f43f6008439da17fc

SHA256
ca955b5d2296b6e060d2b00d8622503251765bc418c6c441e1163efe60538dba

SHA512
98b67beaa5b6c440ab8b5b003ea5fa7d2c40b4115bb8472daf253856de221ad9ccf63efa9e1702b5ead412e5a4f17639e55dc1e31a3b13d71e01ca4d4b2aaa43

Download Submit
C:\Windows\System\zqWcWlS.exe

Filesize
1.9MB

MD5
00f9941209c302cc2d1e372f7c715a21

SHA1
9f314b26eb4865514346adaf4bd739e5036d5e20

SHA256
10fcc55518741292532f220feb83c7c77a09d2989c9636643a12cb4e004205d2

SHA512
27d88dbf6db5a74a2dc7317f541164ea22aa90995f32046fd9cba0722e2b376090b5100f7fd8241f004b5723872000daeb540bc050f27fa63e8e80f51619bd6a

Download Submit
memory/532-2319-0x00007FF689A20000-0x00007FF689D71000-memory.dmp

Filesize
3.3MB

Download
memory/532-19-0x00007FF689A20000-0x00007FF689D71000-memory.dmp

Filesize
3.3MB

Download
memory/908-161-0x00007FF6C6CD0000-0x00007FF6C7021000-memory.dmp

Filesize
3.3MB

Download
memory/908-2312-0x00007FF6C6CD0000-0x00007FF6C7021000-memory.dmp

Filesize
3.3MB

Download
memory/908-2378-0x00007FF6C6CD0000-0x00007FF6C7021000-memory.dmp

Filesize
3.3MB

Download
memory/1008-99-0x00007FF7602B0000-0x00007FF760601000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2345-0x00007FF7602B0000-0x00007FF760601000-memory.dmp

Filesize
3.3MB

Download
memory/1060-181-0x00007FF756D90000-0x00007FF7570E1000-memory.dmp

Filesize
3.3MB

Download
memory/1060-2372-0x00007FF756D90000-0x00007FF7570E1000-memory.dmp

Filesize
3.3MB

Download
memory/1176-136-0x00007FF619380000-0x00007FF6196D1000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2359-0x00007FF619380000-0x00007FF6196D1000-memory.dmp

Filesize
3.3MB

Download
memory/1608-2333-0x00007FF79C210000-0x00007FF79C561000-memory.dmp

Filesize
3.3MB

Download
memory/1608-92-0x00007FF79C210000-0x00007FF79C561000-memory.dmp

Filesize
3.3MB

Download
memory/1624-2341-0x00007FF7AB610000-0x00007FF7AB961000-memory.dmp

Filesize
3.3MB

Download
memory/1624-98-0x00007FF7AB610000-0x00007FF7AB961000-memory.dmp

Filesize
3.3MB

Download
memory/1644-68-0x00007FF761F40000-0x00007FF762291000-memory.dmp

Filesize
3.3MB

Download
memory/1644-190-0x00007FF761F40000-0x00007FF762291000-memory.dmp

Filesize
3.3MB

Download
memory/1644-2339-0x00007FF761F40000-0x00007FF762291000-memory.dmp

Filesize
3.3MB

Download
memory/1768-2376-0x00007FF741D30000-0x00007FF742081000-memory.dmp

Filesize
3.3MB

Download
memory/1768-168-0x00007FF741D30000-0x00007FF742081000-memory.dmp

Filesize
3.3MB

Download
memory/1768-2316-0x00007FF741D30000-0x00007FF742081000-memory.dmp

Filesize
3.3MB

Download
memory/1772-2325-0x00007FF6ABA40000-0x00007FF6ABD91000-memory.dmp

Filesize
3.3MB

Download
memory/1772-85-0x00007FF6ABA40000-0x00007FF6ABD91000-memory.dmp

Filesize
3.3MB

Download
memory/1868-149-0x00007FF790600000-0x00007FF790951000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2310-0x00007FF790600000-0x00007FF790951000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2370-0x00007FF790600000-0x00007FF790951000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2337-0x00007FF75D0B0000-0x00007FF75D401000-memory.dmp

Filesize
3.3MB

Download
memory/1880-73-0x00007FF75D0B0000-0x00007FF75D401000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2347-0x00007FF6AAB50000-0x00007FF6AAEA1000-memory.dmp

Filesize
3.3MB

Download
memory/2072-118-0x00007FF6AAB50000-0x00007FF6AAEA1000-memory.dmp

Filesize
3.3MB

Download
memory/2400-0-0x00007FF7696F0000-0x00007FF769A41000-memory.dmp

Filesize
3.3MB

Download
memory/2400-167-0x00007FF7696F0000-0x00007FF769A41000-memory.dmp

Filesize
3.3MB

Download
memory/2400-1-0x000001BAB88A0000-0x000001BAB88B0000-memory.dmp

Filesize
64KB

Download
memory/2504-2343-0x00007FF68ED40000-0x00007FF68F091000-memory.dmp

Filesize
3.3MB

Download
memory/2504-191-0x00007FF68ED40000-0x00007FF68F091000-memory.dmp

Filesize
3.3MB

Download
memory/2504-79-0x00007FF68ED40000-0x00007FF68F091000-memory.dmp

Filesize
3.3MB

Download
memory/2532-124-0x00007FF636CB0000-0x00007FF637001000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2349-0x00007FF636CB0000-0x00007FF637001000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2274-0x00007FF636CB0000-0x00007FF637001000-memory.dmp

Filesize
3.3MB

Download
memory/2568-180-0x00007FF6F89B0000-0x00007FF6F8D01000-memory.dmp

Filesize
3.3MB

Download
memory/2568-22-0x00007FF6F89B0000-0x00007FF6F8D01000-memory.dmp

Filesize
3.3MB

Download
memory/2568-2321-0x00007FF6F89B0000-0x00007FF6F8D01000-memory.dmp

Filesize
3.3MB

Download
memory/3168-117-0x00007FF63F1A0000-0x00007FF63F4F1000-memory.dmp

Filesize
3.3MB

Download
memory/3168-2351-0x00007FF63F1A0000-0x00007FF63F4F1000-memory.dmp

Filesize
3.3MB

Download
memory/3644-143-0x00007FF7C2350000-0x00007FF7C26A1000-memory.dmp

Filesize
3.3MB

Download
memory/3644-2277-0x00007FF7C2350000-0x00007FF7C26A1000-memory.dmp

Filesize
3.3MB

Download
memory/3644-2363-0x00007FF7C2350000-0x00007FF7C26A1000-memory.dmp

Filesize
3.3MB

Download
memory/3860-91-0x00007FF692B50000-0x00007FF692EA1000-memory.dmp

Filesize
3.3MB

Download
memory/3860-2329-0x00007FF692B50000-0x00007FF692EA1000-memory.dmp

Filesize
3.3MB

Download
memory/4040-2389-0x00007FF78AE20000-0x00007FF78B171000-memory.dmp

Filesize
3.3MB

Download
memory/4040-2311-0x00007FF78AE20000-0x00007FF78B171000-memory.dmp

Filesize
3.3MB

Download
memory/4040-155-0x00007FF78AE20000-0x00007FF78B171000-memory.dmp

Filesize
3.3MB

Download
memory/4184-47-0x00007FF6D5830000-0x00007FF6D5B81000-memory.dmp

Filesize
3.3MB

Download
memory/4184-2331-0x00007FF6D5830000-0x00007FF6D5B81000-memory.dmp

Filesize
3.3MB

Download
memory/4184-1362-0x00007FF6D5830000-0x00007FF6D5B81000-memory.dmp

Filesize
3.3MB

Download
memory/4372-188-0x00007FF681980000-0x00007FF681CD1000-memory.dmp

Filesize
3.3MB

Download
memory/4372-2327-0x00007FF681980000-0x00007FF681CD1000-memory.dmp

Filesize
3.3MB

Download
memory/4372-43-0x00007FF681980000-0x00007FF681CD1000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2355-0x00007FF6F3230000-0x00007FF6F3581000-memory.dmp

Filesize
3.3MB

Download
memory/4428-105-0x00007FF6F3230000-0x00007FF6F3581000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2275-0x00007FF62DC10000-0x00007FF62DF61000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2357-0x00007FF62DC10000-0x00007FF62DF61000-memory.dmp

Filesize
3.3MB

Download
memory/4596-130-0x00007FF62DC10000-0x00007FF62DF61000-memory.dmp

Filesize
3.3MB

Download
memory/4624-137-0x00007FF788CC0000-0x00007FF789011000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2361-0x00007FF788CC0000-0x00007FF789011000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2276-0x00007FF788CC0000-0x00007FF789011000-memory.dmp

Filesize
3.3MB

Download
memory/4764-2374-0x00007FF6167E0000-0x00007FF616B31000-memory.dmp

Filesize
3.3MB

Download
memory/4764-174-0x00007FF6167E0000-0x00007FF616B31000-memory.dmp

Filesize
3.3MB

Download
memory/4988-58-0x00007FF776E10000-0x00007FF777161000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2335-0x00007FF776E10000-0x00007FF777161000-memory.dmp

Filesize
3.3MB

Download
memory/4988-189-0x00007FF776E10000-0x00007FF777161000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2354-0x00007FF7769E0000-0x00007FF776D31000-memory.dmp

Filesize
3.3MB

Download
memory/5072-111-0x00007FF7769E0000-0x00007FF776D31000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2323-0x00007FF6785C0000-0x00007FF678911000-memory.dmp

Filesize
3.3MB

Download
memory/5116-182-0x00007FF6785C0000-0x00007FF678911000-memory.dmp

Filesize
3.3MB

Download
memory/5116-30-0x00007FF6785C0000-0x00007FF678911000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads