xmrig | 40f9251943b8620dbc24b42f1925b19016a09fa7ed6ad05ed3f13ba4aaa98ec2

Analysis

max time kernel
60s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
Size

2.1MB
MD5

1bd5b8d2a0c8ae92b6a8da74fd81d1d0
SHA1

e7bac882e613826b78dc3eefd08a06badccf913c
SHA256

40f9251943b8620dbc24b42f1925b19016a09fa7ed6ad05ed3f13ba4aaa98ec2
SHA512

b94a3da4a6f2ab607019a63cfc7110aeaa755920b6ddb1b8e85958af0e9a4aedf166360399ee2d4f01306b6f4f23b8cb8484937836e4bc6a6df7ef876a73ceff
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQwNGx5c5Lm6ft3:oemTLkNdfE0pZrQo

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1944-0-0x00007FF7A0180000-0x00007FF7A04D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023276-5.dat	xmrig
behavioral2/files/0x00070000000233ee-8.dat	xmrig
behavioral2/memory/5000-15-0x00007FF6AF290000-0x00007FF6AF5E4000-memory.dmp	xmrig
behavioral2/memory/2448-28-0x00007FF7E85D0000-0x00007FF7E8924000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f9-73.dat	xmrig
behavioral2/files/0x00070000000233f8-84.dat	xmrig
behavioral2/memory/5012-81-0x00007FF6A09E0000-0x00007FF6A0D34000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fe-95.dat	xmrig
behavioral2/files/0x0007000000023404-121.dat	xmrig
behavioral2/files/0x000700000002340c-153.dat	xmrig
behavioral2/files/0x0007000000023407-177.dat	xmrig
behavioral2/memory/5076-191-0x00007FF7CE780000-0x00007FF7CEAD4000-memory.dmp	xmrig
behavioral2/memory/3368-198-0x00007FF7A1440000-0x00007FF7A1794000-memory.dmp	xmrig
behavioral2/memory/3172-203-0x00007FF627360000-0x00007FF6276B4000-memory.dmp	xmrig
behavioral2/memory/3608-202-0x00007FF70DDC0000-0x00007FF70E114000-memory.dmp	xmrig
behavioral2/memory/448-201-0x00007FF69A550000-0x00007FF69A8A4000-memory.dmp	xmrig
behavioral2/memory/1392-200-0x00007FF611DA0000-0x00007FF6120F4000-memory.dmp	xmrig
behavioral2/memory/4992-199-0x00007FF7DE6A0000-0x00007FF7DE9F4000-memory.dmp	xmrig
behavioral2/memory/796-197-0x00007FF7073A0000-0x00007FF7076F4000-memory.dmp	xmrig
behavioral2/memory/3196-196-0x00007FF665450000-0x00007FF6657A4000-memory.dmp	xmrig
behavioral2/memory/3240-195-0x00007FF733790000-0x00007FF733AE4000-memory.dmp	xmrig
behavioral2/memory/3836-194-0x00007FF79DA60000-0x00007FF79DDB4000-memory.dmp	xmrig
behavioral2/memory/2744-193-0x00007FF605E60000-0x00007FF6061B4000-memory.dmp	xmrig
behavioral2/memory/4564-192-0x00007FF7CD030000-0x00007FF7CD384000-memory.dmp	xmrig
behavioral2/memory/4312-190-0x00007FF668B50000-0x00007FF668EA4000-memory.dmp	xmrig
behavioral2/memory/4916-185-0x00007FF6028A0000-0x00007FF602BF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-179.dat	xmrig
behavioral2/files/0x0007000000023400-175.dat	xmrig
behavioral2/files/0x0007000000023406-173.dat	xmrig
behavioral2/memory/3992-172-0x00007FF6B6140000-0x00007FF6B6494000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-171.dat	xmrig
behavioral2/files/0x0007000000023405-169.dat	xmrig
behavioral2/files/0x0007000000023403-165.dat	xmrig
behavioral2/files/0x0007000000023402-163.dat	xmrig
behavioral2/files/0x000700000002340f-162.dat	xmrig
behavioral2/files/0x0007000000023401-159.dat	xmrig
behavioral2/files/0x000700000002340e-158.dat	xmrig
behavioral2/files/0x000700000002340d-157.dat	xmrig
behavioral2/memory/892-156-0x00007FF625EA0000-0x00007FF6261F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-152.dat	xmrig
behavioral2/files/0x000700000002340a-151.dat	xmrig
behavioral2/files/0x0007000000023409-150.dat	xmrig
behavioral2/files/0x00070000000233fd-145.dat	xmrig
behavioral2/files/0x00070000000233fc-140.dat	xmrig
behavioral2/files/0x00070000000233fb-136.dat	xmrig
behavioral2/memory/2180-135-0x00007FF68FE30000-0x00007FF690184000-memory.dmp	xmrig
behavioral2/memory/1276-131-0x00007FF737B10000-0x00007FF737E64000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ff-124.dat	xmrig
behavioral2/memory/3964-102-0x00007FF6443E0000-0x00007FF644734000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fa-107.dat	xmrig
behavioral2/files/0x00070000000233f7-74.dat	xmrig
behavioral2/memory/3708-72-0x00007FF61A570000-0x00007FF61A8C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f6-68.dat	xmrig
behavioral2/files/0x00070000000233f5-66.dat	xmrig
behavioral2/files/0x00070000000233f4-60.dat	xmrig
behavioral2/files/0x00070000000233f3-57.dat	xmrig
behavioral2/memory/4332-54-0x00007FF612CA0000-0x00007FF612FF4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f2-48.dat	xmrig
behavioral2/files/0x00070000000233ef-44.dat	xmrig
behavioral2/memory/3828-41-0x00007FF727E10000-0x00007FF728164000-memory.dmp	xmrig
behavioral2/memory/3116-53-0x00007FF7B23B0000-0x00007FF7B2704000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f1-33.dat	xmrig
behavioral2/memory/3168-27-0x00007FF7982E0000-0x00007FF798634000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5000	ibDnaRo.exe
1828	EBnKcgh.exe
2448	BLXVyRE.exe
3828	sEvaAAe.exe
3168	lzRXVkb.exe
3116	RcBCHZM.exe
4332	YebMjQT.exe
796	BdomvXb.exe
3368	ZLXARPM.exe
3708	BTHZkTf.exe
5012	PfXixJK.exe
4992	tjrlItw.exe
1392	XABHEAK.exe
3964	iNmEAhf.exe
1276	rkVmlNP.exe
2180	xGcnkZe.exe
448	NJtGXgk.exe
892	OBPsHAK.exe
3992	BJnmCnB.exe
3608	CvVtuxE.exe
4916	ouLtRlw.exe
4312	tKEObjf.exe
5076	CbyRAtz.exe
4564	InANecv.exe
2744	UTpJWdt.exe
3172	pVznKAg.exe
3836	HLLHKcv.exe
3240	fucTWrs.exe
3196	iabJSaK.exe
3040	mGqGUHl.exe
4784	eUTUjOt.exe
4632	PbXbeRI.exe
4572	bkpgmOQ.exe
5088	rGqCWFf.exe
924	gyNlHqg.exe
764	dnQzKqW.exe
876	RPrNEUd.exe
2496	ikoWfTw.exe
1688	utnHzEX.exe
1492	iybohNm.exe
1424	QNDvIfh.exe
4040	tWQEKgP.exe
1212	vuGwVOk.exe
3480	ldjiITu.exe
2404	rIWcxaH.exe
1948	MJlOuqk.exe
512	yleGzuW.exe
552	MRMEMKT.exe
4476	DbvhHDy.exe
4384	yTQGdJn.exe
4668	rqlhjPe.exe
3936	VAEYzpt.exe
4652	MgTMuGI.exe
2208	DDgDGZF.exe
1816	CAPKCut.exe
3292	CGYqsrx.exe
1996	TRVDBwi.exe
4184	njMcmei.exe
4620	DEvMBxD.exe
4644	eNufWYr.exe
2616	KlbpnoV.exe
2520	bXRNXdO.exe
2392	GJljeZr.exe
756	HZNghgs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1944-0-0x00007FF7A0180000-0x00007FF7A04D4000-memory.dmp	upx
behavioral2/files/0x0007000000023276-5.dat	upx
behavioral2/files/0x00070000000233ee-8.dat	upx
behavioral2/memory/5000-15-0x00007FF6AF290000-0x00007FF6AF5E4000-memory.dmp	upx
behavioral2/memory/2448-28-0x00007FF7E85D0000-0x00007FF7E8924000-memory.dmp	upx
behavioral2/files/0x00070000000233f9-73.dat	upx
behavioral2/files/0x00070000000233f8-84.dat	upx
behavioral2/memory/5012-81-0x00007FF6A09E0000-0x00007FF6A0D34000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-95.dat	upx
behavioral2/files/0x0007000000023404-121.dat	upx
behavioral2/files/0x000700000002340c-153.dat	upx
behavioral2/files/0x0007000000023407-177.dat	upx
behavioral2/memory/5076-191-0x00007FF7CE780000-0x00007FF7CEAD4000-memory.dmp	upx
behavioral2/memory/3368-198-0x00007FF7A1440000-0x00007FF7A1794000-memory.dmp	upx
behavioral2/memory/3172-203-0x00007FF627360000-0x00007FF6276B4000-memory.dmp	upx
behavioral2/memory/3608-202-0x00007FF70DDC0000-0x00007FF70E114000-memory.dmp	upx
behavioral2/memory/448-201-0x00007FF69A550000-0x00007FF69A8A4000-memory.dmp	upx
behavioral2/memory/1392-200-0x00007FF611DA0000-0x00007FF6120F4000-memory.dmp	upx
behavioral2/memory/4992-199-0x00007FF7DE6A0000-0x00007FF7DE9F4000-memory.dmp	upx
behavioral2/memory/796-197-0x00007FF7073A0000-0x00007FF7076F4000-memory.dmp	upx
behavioral2/memory/3196-196-0x00007FF665450000-0x00007FF6657A4000-memory.dmp	upx
behavioral2/memory/3240-195-0x00007FF733790000-0x00007FF733AE4000-memory.dmp	upx
behavioral2/memory/3836-194-0x00007FF79DA60000-0x00007FF79DDB4000-memory.dmp	upx
behavioral2/memory/2744-193-0x00007FF605E60000-0x00007FF6061B4000-memory.dmp	upx
behavioral2/memory/4564-192-0x00007FF7CD030000-0x00007FF7CD384000-memory.dmp	upx
behavioral2/memory/4312-190-0x00007FF668B50000-0x00007FF668EA4000-memory.dmp	upx
behavioral2/memory/4916-185-0x00007FF6028A0000-0x00007FF602BF4000-memory.dmp	upx
behavioral2/files/0x0007000000023408-179.dat	upx
behavioral2/files/0x0007000000023400-175.dat	upx
behavioral2/files/0x0007000000023406-173.dat	upx
behavioral2/memory/3992-172-0x00007FF6B6140000-0x00007FF6B6494000-memory.dmp	upx
behavioral2/files/0x0007000000023410-171.dat	upx
behavioral2/files/0x0007000000023405-169.dat	upx
behavioral2/files/0x0007000000023403-165.dat	upx
behavioral2/files/0x0007000000023402-163.dat	upx
behavioral2/files/0x000700000002340f-162.dat	upx
behavioral2/files/0x0007000000023401-159.dat	upx
behavioral2/files/0x000700000002340e-158.dat	upx
behavioral2/files/0x000700000002340d-157.dat	upx
behavioral2/memory/892-156-0x00007FF625EA0000-0x00007FF6261F4000-memory.dmp	upx
behavioral2/files/0x000700000002340b-152.dat	upx
behavioral2/files/0x000700000002340a-151.dat	upx
behavioral2/files/0x0007000000023409-150.dat	upx
behavioral2/files/0x00070000000233fd-145.dat	upx
behavioral2/files/0x00070000000233fc-140.dat	upx
behavioral2/files/0x00070000000233fb-136.dat	upx
behavioral2/memory/2180-135-0x00007FF68FE30000-0x00007FF690184000-memory.dmp	upx
behavioral2/memory/1276-131-0x00007FF737B10000-0x00007FF737E64000-memory.dmp	upx
behavioral2/files/0x00070000000233ff-124.dat	upx
behavioral2/memory/3964-102-0x00007FF6443E0000-0x00007FF644734000-memory.dmp	upx
behavioral2/files/0x00070000000233fa-107.dat	upx
behavioral2/files/0x00070000000233f7-74.dat	upx
behavioral2/memory/3708-72-0x00007FF61A570000-0x00007FF61A8C4000-memory.dmp	upx
behavioral2/files/0x00070000000233f6-68.dat	upx
behavioral2/files/0x00070000000233f5-66.dat	upx
behavioral2/files/0x00070000000233f4-60.dat	upx
behavioral2/files/0x00070000000233f3-57.dat	upx
behavioral2/memory/4332-54-0x00007FF612CA0000-0x00007FF612FF4000-memory.dmp	upx
behavioral2/files/0x00070000000233f2-48.dat	upx
behavioral2/files/0x00070000000233ef-44.dat	upx
behavioral2/memory/3828-41-0x00007FF727E10000-0x00007FF728164000-memory.dmp	upx
behavioral2/memory/3116-53-0x00007FF7B23B0000-0x00007FF7B2704000-memory.dmp	upx
behavioral2/files/0x00070000000233f1-33.dat	upx
behavioral2/memory/3168-27-0x00007FF7982E0000-0x00007FF798634000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rqlhjPe.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\vjaAxoB.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\tjrlItw.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\LScKcTK.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\xssjTdC.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\YHDcYxK.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\bKSitRl.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\Aagcpat.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\AnSLNFu.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\nkeIhkt.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\BTHZkTf.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\wMvUBKu.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\YePAPOE.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\rquIulc.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\oalIbRI.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\YHVOSKD.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\tXlKFVP.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\BLXVyRE.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\rZsUGhh.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\HogrREx.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\iesxmKK.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\BMbdoDu.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\lUCQttS.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\BZOIDxL.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\MgTMuGI.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\HLMIYnh.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\tKEObjf.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\nQctkkA.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\DDrrOoe.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\PQgxIaX.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\GEKDDaw.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\uZYnaNv.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\dyTfZiE.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\wpfETeH.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\qKolkxm.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\XSWtFnh.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\yxwoMxm.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\reOlXaW.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\wPglWzu.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\YEOKKjT.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\QqDZGTL.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\LVcgKZv.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\SOkcURD.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\RxhLgZb.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\RJTnSTP.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\gztorgp.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\OVoQaMo.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\yleGzuW.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\NnaBWjj.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\qxRwhqm.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\qLWeoEa.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\zzuyKAD.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\vtsDCGK.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\HLLHKcv.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\obcvjtX.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\UHhPRDx.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\SACTkWG.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\nDIRdpk.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\PBysMka.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\CAPKCut.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\WOsaGFz.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\NmrhKyJ.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\BTtMBDt.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
File created	C:\Windows\System\bXRNXdO.exe	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13992	dwm.exe
Token: SeChangeNotifyPrivilege	13992	dwm.exe
Token: 33	13992	dwm.exe
Token: SeIncBasePriorityPrivilege	13992	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 5000	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	84
PID 1944 wrote to memory of 5000	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	84
PID 1944 wrote to memory of 1828	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	85
PID 1944 wrote to memory of 1828	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	85
PID 1944 wrote to memory of 3828	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	86
PID 1944 wrote to memory of 3828	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	86
PID 1944 wrote to memory of 2448	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	87
PID 1944 wrote to memory of 2448	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	87
PID 1944 wrote to memory of 3116	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	88
PID 1944 wrote to memory of 3116	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	88
PID 1944 wrote to memory of 3168	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	89
PID 1944 wrote to memory of 3168	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	89
PID 1944 wrote to memory of 4332	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	90
PID 1944 wrote to memory of 4332	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	90
PID 1944 wrote to memory of 796	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	91
PID 1944 wrote to memory of 796	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	91
PID 1944 wrote to memory of 3368	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	92
PID 1944 wrote to memory of 3368	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	92
PID 1944 wrote to memory of 3708	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	93
PID 1944 wrote to memory of 3708	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	93
PID 1944 wrote to memory of 5012	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	94
PID 1944 wrote to memory of 5012	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	94
PID 1944 wrote to memory of 4992	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	95
PID 1944 wrote to memory of 4992	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	95
PID 1944 wrote to memory of 1392	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	96
PID 1944 wrote to memory of 1392	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	96
PID 1944 wrote to memory of 3964	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	97
PID 1944 wrote to memory of 3964	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	97
PID 1944 wrote to memory of 1276	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	98
PID 1944 wrote to memory of 1276	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	98
PID 1944 wrote to memory of 2180	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	99
PID 1944 wrote to memory of 2180	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	99
PID 1944 wrote to memory of 448	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	100
PID 1944 wrote to memory of 448	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	100
PID 1944 wrote to memory of 892	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	101
PID 1944 wrote to memory of 892	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	101
PID 1944 wrote to memory of 3992	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	102
PID 1944 wrote to memory of 3992	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	102
PID 1944 wrote to memory of 3608	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	103
PID 1944 wrote to memory of 3608	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	103
PID 1944 wrote to memory of 4916	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	104
PID 1944 wrote to memory of 4916	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	104
PID 1944 wrote to memory of 4312	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	105
PID 1944 wrote to memory of 4312	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	105
PID 1944 wrote to memory of 5076	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	106
PID 1944 wrote to memory of 5076	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	106
PID 1944 wrote to memory of 4564	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	107
PID 1944 wrote to memory of 4564	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	107
PID 1944 wrote to memory of 2744	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	108
PID 1944 wrote to memory of 2744	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	108
PID 1944 wrote to memory of 3172	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	109
PID 1944 wrote to memory of 3172	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	109
PID 1944 wrote to memory of 3836	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	110
PID 1944 wrote to memory of 3836	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	110
PID 1944 wrote to memory of 3240	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	111
PID 1944 wrote to memory of 3240	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	111
PID 1944 wrote to memory of 3196	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	112
PID 1944 wrote to memory of 3196	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	112
PID 1944 wrote to memory of 3040	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	113
PID 1944 wrote to memory of 3040	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	113
PID 1944 wrote to memory of 4784	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	114
PID 1944 wrote to memory of 4784	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	114
PID 1944 wrote to memory of 4632	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	115
PID 1944 wrote to memory of 4632	1944	1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1bd5b8d2a0c8ae92b6a8da74fd81d1d0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\System\ibDnaRo.exe
  C:\Windows\System\ibDnaRo.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\EBnKcgh.exe
  C:\Windows\System\EBnKcgh.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\sEvaAAe.exe
  C:\Windows\System\sEvaAAe.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\BLXVyRE.exe
  C:\Windows\System\BLXVyRE.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\RcBCHZM.exe
  C:\Windows\System\RcBCHZM.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\lzRXVkb.exe
  C:\Windows\System\lzRXVkb.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\YebMjQT.exe
  C:\Windows\System\YebMjQT.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\BdomvXb.exe
  C:\Windows\System\BdomvXb.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\ZLXARPM.exe
  C:\Windows\System\ZLXARPM.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\BTHZkTf.exe
  C:\Windows\System\BTHZkTf.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\PfXixJK.exe
  C:\Windows\System\PfXixJK.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\tjrlItw.exe
  C:\Windows\System\tjrlItw.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\XABHEAK.exe
  C:\Windows\System\XABHEAK.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\iNmEAhf.exe
  C:\Windows\System\iNmEAhf.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\rkVmlNP.exe
  C:\Windows\System\rkVmlNP.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\xGcnkZe.exe
  C:\Windows\System\xGcnkZe.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\NJtGXgk.exe
  C:\Windows\System\NJtGXgk.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\OBPsHAK.exe
  C:\Windows\System\OBPsHAK.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\BJnmCnB.exe
  C:\Windows\System\BJnmCnB.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\CvVtuxE.exe
  C:\Windows\System\CvVtuxE.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\ouLtRlw.exe
  C:\Windows\System\ouLtRlw.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\tKEObjf.exe
  C:\Windows\System\tKEObjf.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\CbyRAtz.exe
  C:\Windows\System\CbyRAtz.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\InANecv.exe
  C:\Windows\System\InANecv.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\UTpJWdt.exe
  C:\Windows\System\UTpJWdt.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\pVznKAg.exe
  C:\Windows\System\pVznKAg.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\HLLHKcv.exe
  C:\Windows\System\HLLHKcv.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\fucTWrs.exe
  C:\Windows\System\fucTWrs.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\iabJSaK.exe
  C:\Windows\System\iabJSaK.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\mGqGUHl.exe
  C:\Windows\System\mGqGUHl.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\eUTUjOt.exe
  C:\Windows\System\eUTUjOt.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\PbXbeRI.exe
  C:\Windows\System\PbXbeRI.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\bkpgmOQ.exe
  C:\Windows\System\bkpgmOQ.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\rGqCWFf.exe
  C:\Windows\System\rGqCWFf.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\gyNlHqg.exe
  C:\Windows\System\gyNlHqg.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\dnQzKqW.exe
  C:\Windows\System\dnQzKqW.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\RPrNEUd.exe
  C:\Windows\System\RPrNEUd.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\ikoWfTw.exe
  C:\Windows\System\ikoWfTw.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\utnHzEX.exe
  C:\Windows\System\utnHzEX.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\iybohNm.exe
  C:\Windows\System\iybohNm.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\QNDvIfh.exe
  C:\Windows\System\QNDvIfh.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\tWQEKgP.exe
  C:\Windows\System\tWQEKgP.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\vuGwVOk.exe
  C:\Windows\System\vuGwVOk.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\ldjiITu.exe
  C:\Windows\System\ldjiITu.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\rIWcxaH.exe
  C:\Windows\System\rIWcxaH.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\MJlOuqk.exe
  C:\Windows\System\MJlOuqk.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\yleGzuW.exe
  C:\Windows\System\yleGzuW.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\MRMEMKT.exe
  C:\Windows\System\MRMEMKT.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\DbvhHDy.exe
  C:\Windows\System\DbvhHDy.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\yTQGdJn.exe
  C:\Windows\System\yTQGdJn.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\rqlhjPe.exe
  C:\Windows\System\rqlhjPe.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\VAEYzpt.exe
  C:\Windows\System\VAEYzpt.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\MgTMuGI.exe
  C:\Windows\System\MgTMuGI.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\DDgDGZF.exe
  C:\Windows\System\DDgDGZF.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\CAPKCut.exe
  C:\Windows\System\CAPKCut.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\CGYqsrx.exe
  C:\Windows\System\CGYqsrx.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\TRVDBwi.exe
  C:\Windows\System\TRVDBwi.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\njMcmei.exe
  C:\Windows\System\njMcmei.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\DEvMBxD.exe
  C:\Windows\System\DEvMBxD.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\eNufWYr.exe
  C:\Windows\System\eNufWYr.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\KlbpnoV.exe
  C:\Windows\System\KlbpnoV.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\bXRNXdO.exe
  C:\Windows\System\bXRNXdO.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\GJljeZr.exe
  C:\Windows\System\GJljeZr.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\HZNghgs.exe
  C:\Windows\System\HZNghgs.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\bWJyvkA.exe
  C:\Windows\System\bWJyvkA.exe
  2⤵
  PID:4940
- C:\Windows\System\BTtMBDt.exe
  C:\Windows\System\BTtMBDt.exe
  2⤵
  PID:816
- C:\Windows\System\qFMbYys.exe
  C:\Windows\System\qFMbYys.exe
  2⤵
  PID:1372
- C:\Windows\System\pokkIUU.exe
  C:\Windows\System\pokkIUU.exe
  2⤵
  PID:4728
- C:\Windows\System\fGFYebE.exe
  C:\Windows\System\fGFYebE.exe
  2⤵
  PID:4500
- C:\Windows\System\WPiewQx.exe
  C:\Windows\System\WPiewQx.exe
  2⤵
  PID:1608
- C:\Windows\System\jwMQFhz.exe
  C:\Windows\System\jwMQFhz.exe
  2⤵
  PID:1396
- C:\Windows\System\QSJyivC.exe
  C:\Windows\System\QSJyivC.exe
  2⤵
  PID:1700
- C:\Windows\System\QxDhLCY.exe
  C:\Windows\System\QxDhLCY.exe
  2⤵
  PID:4832
- C:\Windows\System\goSGmEE.exe
  C:\Windows\System\goSGmEE.exe
  2⤵
  PID:772
- C:\Windows\System\tGZoVDZ.exe
  C:\Windows\System\tGZoVDZ.exe
  2⤵
  PID:672
- C:\Windows\System\LbrQCCM.exe
  C:\Windows\System\LbrQCCM.exe
  2⤵
  PID:3884
- C:\Windows\System\tVEwKhX.exe
  C:\Windows\System\tVEwKhX.exe
  2⤵
  PID:1176
- C:\Windows\System\sqyYXBA.exe
  C:\Windows\System\sqyYXBA.exe
  2⤵
  PID:5060
- C:\Windows\System\KZXyefd.exe
  C:\Windows\System\KZXyefd.exe
  2⤵
  PID:2756
- C:\Windows\System\nGaBOLp.exe
  C:\Windows\System\nGaBOLp.exe
  2⤵
  PID:228
- C:\Windows\System\jXtMHFC.exe
  C:\Windows\System\jXtMHFC.exe
  2⤵
  PID:2312
- C:\Windows\System\rZDRmVV.exe
  C:\Windows\System\rZDRmVV.exe
  2⤵
  PID:2880
- C:\Windows\System\MawdWGR.exe
  C:\Windows\System\MawdWGR.exe
  2⤵
  PID:1604
- C:\Windows\System\tALKRVw.exe
  C:\Windows\System\tALKRVw.exe
  2⤵
  PID:3772
- C:\Windows\System\kgISFlU.exe
  C:\Windows\System\kgISFlU.exe
  2⤵
  PID:1288
- C:\Windows\System\GDkkSqq.exe
  C:\Windows\System\GDkkSqq.exe
  2⤵
  PID:3728
- C:\Windows\System\fbHFfBJ.exe
  C:\Windows\System\fbHFfBJ.exe
  2⤵
  PID:60
- C:\Windows\System\uWicDHD.exe
  C:\Windows\System\uWicDHD.exe
  2⤵
  PID:4576
- C:\Windows\System\oDOFpTP.exe
  C:\Windows\System\oDOFpTP.exe
  2⤵
  PID:3752
- C:\Windows\System\DBpwaZa.exe
  C:\Windows\System\DBpwaZa.exe
  2⤵
  PID:4988
- C:\Windows\System\yQwdNxv.exe
  C:\Windows\System\yQwdNxv.exe
  2⤵
  PID:3792
- C:\Windows\System\XJAphoD.exe
  C:\Windows\System\XJAphoD.exe
  2⤵
  PID:4836
- C:\Windows\System\iesxmKK.exe
  C:\Windows\System\iesxmKK.exe
  2⤵
  PID:4072
- C:\Windows\System\yAVykSt.exe
  C:\Windows\System\yAVykSt.exe
  2⤵
  PID:3144
- C:\Windows\System\eCgnwql.exe
  C:\Windows\System\eCgnwql.exe
  2⤵
  PID:4532
- C:\Windows\System\rEWnUAa.exe
  C:\Windows\System\rEWnUAa.exe
  2⤵
  PID:224
- C:\Windows\System\vJSSbPc.exe
  C:\Windows\System\vJSSbPc.exe
  2⤵
  PID:2588
- C:\Windows\System\JmVpgXZ.exe
  C:\Windows\System\JmVpgXZ.exe
  2⤵
  PID:3220
- C:\Windows\System\CdUEdjM.exe
  C:\Windows\System\CdUEdjM.exe
  2⤵
  PID:3872
- C:\Windows\System\lJxWIwb.exe
  C:\Windows\System\lJxWIwb.exe
  2⤵
  PID:2800
- C:\Windows\System\ywKlrwJ.exe
  C:\Windows\System\ywKlrwJ.exe
  2⤵
  PID:4108
- C:\Windows\System\CFxMriP.exe
  C:\Windows\System\CFxMriP.exe
  2⤵
  PID:216
- C:\Windows\System\LeXlEVO.exe
  C:\Windows\System\LeXlEVO.exe
  2⤵
  PID:2408
- C:\Windows\System\NKpxWho.exe
  C:\Windows\System\NKpxWho.exe
  2⤵
  PID:4972
- C:\Windows\System\hyaSBmZ.exe
  C:\Windows\System\hyaSBmZ.exe
  2⤵
  PID:4600
- C:\Windows\System\esiwsed.exe
  C:\Windows\System\esiwsed.exe
  2⤵
  PID:316
- C:\Windows\System\BxXJNUI.exe
  C:\Windows\System\BxXJNUI.exe
  2⤵
  PID:4020
- C:\Windows\System\AYgTacK.exe
  C:\Windows\System\AYgTacK.exe
  2⤵
  PID:5144
- C:\Windows\System\xIGaouC.exe
  C:\Windows\System\xIGaouC.exe
  2⤵
  PID:5168
- C:\Windows\System\gsSoMSx.exe
  C:\Windows\System\gsSoMSx.exe
  2⤵
  PID:5200
- C:\Windows\System\trtepft.exe
  C:\Windows\System\trtepft.exe
  2⤵
  PID:5224
- C:\Windows\System\leixplu.exe
  C:\Windows\System\leixplu.exe
  2⤵
  PID:5252
- C:\Windows\System\sVUmITk.exe
  C:\Windows\System\sVUmITk.exe
  2⤵
  PID:5280
- C:\Windows\System\zJtJNxx.exe
  C:\Windows\System\zJtJNxx.exe
  2⤵
  PID:5308
- C:\Windows\System\KVvZkVF.exe
  C:\Windows\System\KVvZkVF.exe
  2⤵
  PID:5340
- C:\Windows\System\PyqTfTS.exe
  C:\Windows\System\PyqTfTS.exe
  2⤵
  PID:5368
- C:\Windows\System\rLDztgj.exe
  C:\Windows\System\rLDztgj.exe
  2⤵
  PID:5396
- C:\Windows\System\Aagcpat.exe
  C:\Windows\System\Aagcpat.exe
  2⤵
  PID:5424
- C:\Windows\System\gnSHXWa.exe
  C:\Windows\System\gnSHXWa.exe
  2⤵
  PID:5452
- C:\Windows\System\kUfuSov.exe
  C:\Windows\System\kUfuSov.exe
  2⤵
  PID:5476
- C:\Windows\System\dUoZOiY.exe
  C:\Windows\System\dUoZOiY.exe
  2⤵
  PID:5508
- C:\Windows\System\ZgxkScI.exe
  C:\Windows\System\ZgxkScI.exe
  2⤵
  PID:5532
- C:\Windows\System\NqClPfk.exe
  C:\Windows\System\NqClPfk.exe
  2⤵
  PID:5556
- C:\Windows\System\LPUfAZx.exe
  C:\Windows\System\LPUfAZx.exe
  2⤵
  PID:5592
- C:\Windows\System\DPYuQTo.exe
  C:\Windows\System\DPYuQTo.exe
  2⤵
  PID:5624
- C:\Windows\System\cFeTFMc.exe
  C:\Windows\System\cFeTFMc.exe
  2⤵
  PID:5648
- C:\Windows\System\VESNwEI.exe
  C:\Windows\System\VESNwEI.exe
  2⤵
  PID:5680
- C:\Windows\System\lDfrHBG.exe
  C:\Windows\System\lDfrHBG.exe
  2⤵
  PID:5716
- C:\Windows\System\XRuouDB.exe
  C:\Windows\System\XRuouDB.exe
  2⤵
  PID:5744
- C:\Windows\System\XxWQpQo.exe
  C:\Windows\System\XxWQpQo.exe
  2⤵
  PID:5768
- C:\Windows\System\trUqDvT.exe
  C:\Windows\System\trUqDvT.exe
  2⤵
  PID:5792
- C:\Windows\System\obcvjtX.exe
  C:\Windows\System\obcvjtX.exe
  2⤵
  PID:5820
- C:\Windows\System\mwDEXhA.exe
  C:\Windows\System\mwDEXhA.exe
  2⤵
  PID:5864
- C:\Windows\System\eNjwcVN.exe
  C:\Windows\System\eNjwcVN.exe
  2⤵
  PID:5888
- C:\Windows\System\JTmzQWU.exe
  C:\Windows\System\JTmzQWU.exe
  2⤵
  PID:5912
- C:\Windows\System\wMvUBKu.exe
  C:\Windows\System\wMvUBKu.exe
  2⤵
  PID:5948
- C:\Windows\System\OVEBHlj.exe
  C:\Windows\System\OVEBHlj.exe
  2⤵
  PID:5972
- C:\Windows\System\oOHMjzW.exe
  C:\Windows\System\oOHMjzW.exe
  2⤵
  PID:6004
- C:\Windows\System\ZdVjpXB.exe
  C:\Windows\System\ZdVjpXB.exe
  2⤵
  PID:6032
- C:\Windows\System\AtnTCXP.exe
  C:\Windows\System\AtnTCXP.exe
  2⤵
  PID:6056
- C:\Windows\System\ropuXZz.exe
  C:\Windows\System\ropuXZz.exe
  2⤵
  PID:6084
- C:\Windows\System\FcVfQFf.exe
  C:\Windows\System\FcVfQFf.exe
  2⤵
  PID:6112
- C:\Windows\System\ZUeFZpZ.exe
  C:\Windows\System\ZUeFZpZ.exe
  2⤵
  PID:6128
- C:\Windows\System\irnxyHw.exe
  C:\Windows\System\irnxyHw.exe
  2⤵
  PID:5128
- C:\Windows\System\gbedFXB.exe
  C:\Windows\System\gbedFXB.exe
  2⤵
  PID:5188
- C:\Windows\System\AFFdrBB.exe
  C:\Windows\System\AFFdrBB.exe
  2⤵
  PID:5244
- C:\Windows\System\dkkNtXm.exe
  C:\Windows\System\dkkNtXm.exe
  2⤵
  PID:5288
- C:\Windows\System\PnBRVFa.exe
  C:\Windows\System\PnBRVFa.exe
  2⤵
  PID:5348
- C:\Windows\System\RHbsXcr.exe
  C:\Windows\System\RHbsXcr.exe
  2⤵
  PID:5384
- C:\Windows\System\DvYBxlL.exe
  C:\Windows\System\DvYBxlL.exe
  2⤵
  PID:5460
- C:\Windows\System\rZsUGhh.exe
  C:\Windows\System\rZsUGhh.exe
  2⤵
  PID:5540
- C:\Windows\System\heqWnQH.exe
  C:\Windows\System\heqWnQH.exe
  2⤵
  PID:5604
- C:\Windows\System\ItHuhxc.exe
  C:\Windows\System\ItHuhxc.exe
  2⤵
  PID:5692
- C:\Windows\System\cXguiMt.exe
  C:\Windows\System\cXguiMt.exe
  2⤵
  PID:5816
- C:\Windows\System\aOGwjlk.exe
  C:\Windows\System\aOGwjlk.exe
  2⤵
  PID:5896
- C:\Windows\System\FujEdAw.exe
  C:\Windows\System\FujEdAw.exe
  2⤵
  PID:5968
- C:\Windows\System\cDrXYEn.exe
  C:\Windows\System\cDrXYEn.exe
  2⤵
  PID:6020
- C:\Windows\System\QmwtYdz.exe
  C:\Windows\System\QmwtYdz.exe
  2⤵
  PID:6052
- C:\Windows\System\NnaBWjj.exe
  C:\Windows\System\NnaBWjj.exe
  2⤵
  PID:6096
- C:\Windows\System\ouDptqg.exe
  C:\Windows\System\ouDptqg.exe
  2⤵
  PID:6120
- C:\Windows\System\LVcgKZv.exe
  C:\Windows\System\LVcgKZv.exe
  2⤵
  PID:5212
- C:\Windows\System\QqDZGTL.exe
  C:\Windows\System\QqDZGTL.exe
  2⤵
  PID:5184
- C:\Windows\System\WZBUGjF.exe
  C:\Windows\System\WZBUGjF.exe
  2⤵
  PID:5376
- C:\Windows\System\MaOpIvj.exe
  C:\Windows\System\MaOpIvj.exe
  2⤵
  PID:5496
- C:\Windows\System\HLMIYnh.exe
  C:\Windows\System\HLMIYnh.exe
  2⤵
  PID:5568
- C:\Windows\System\ZhGGbCP.exe
  C:\Windows\System\ZhGGbCP.exe
  2⤵
  PID:5852
- C:\Windows\System\yRKuKOy.exe
  C:\Windows\System\yRKuKOy.exe
  2⤵
  PID:5176
- C:\Windows\System\WeUnSOG.exe
  C:\Windows\System\WeUnSOG.exe
  2⤵
  PID:5440
- C:\Windows\System\IBJMoua.exe
  C:\Windows\System\IBJMoua.exe
  2⤵
  PID:6080
- C:\Windows\System\RrOtoLS.exe
  C:\Windows\System\RrOtoLS.exe
  2⤵
  PID:6164
- C:\Windows\System\nUGeoWU.exe
  C:\Windows\System\nUGeoWU.exe
  2⤵
  PID:6204
- C:\Windows\System\fWanYmA.exe
  C:\Windows\System\fWanYmA.exe
  2⤵
  PID:6236
- C:\Windows\System\UdRhaqE.exe
  C:\Windows\System\UdRhaqE.exe
  2⤵
  PID:6264
- C:\Windows\System\yqjdvKP.exe
  C:\Windows\System\yqjdvKP.exe
  2⤵
  PID:6292
- C:\Windows\System\Hkrtcgb.exe
  C:\Windows\System\Hkrtcgb.exe
  2⤵
  PID:6324
- C:\Windows\System\ePNwBXe.exe
  C:\Windows\System\ePNwBXe.exe
  2⤵
  PID:6360
- C:\Windows\System\FOYLeXw.exe
  C:\Windows\System\FOYLeXw.exe
  2⤵
  PID:6392
- C:\Windows\System\yscRRpe.exe
  C:\Windows\System\yscRRpe.exe
  2⤵
  PID:6420
- C:\Windows\System\PxLKFZM.exe
  C:\Windows\System\PxLKFZM.exe
  2⤵
  PID:6460
- C:\Windows\System\dCwngap.exe
  C:\Windows\System\dCwngap.exe
  2⤵
  PID:6492
- C:\Windows\System\WuskPEj.exe
  C:\Windows\System\WuskPEj.exe
  2⤵
  PID:6528
- C:\Windows\System\QfwFtEg.exe
  C:\Windows\System\QfwFtEg.exe
  2⤵
  PID:6544
- C:\Windows\System\qxRwhqm.exe
  C:\Windows\System\qxRwhqm.exe
  2⤵
  PID:6580
- C:\Windows\System\sqlAYFV.exe
  C:\Windows\System\sqlAYFV.exe
  2⤵
  PID:6604
- C:\Windows\System\rWDbZBY.exe
  C:\Windows\System\rWDbZBY.exe
  2⤵
  PID:6628
- C:\Windows\System\nVsONYH.exe
  C:\Windows\System\nVsONYH.exe
  2⤵
  PID:6656
- C:\Windows\System\HogrREx.exe
  C:\Windows\System\HogrREx.exe
  2⤵
  PID:6672
- C:\Windows\System\EDiDyKh.exe
  C:\Windows\System\EDiDyKh.exe
  2⤵
  PID:6696
- C:\Windows\System\qKolkxm.exe
  C:\Windows\System\qKolkxm.exe
  2⤵
  PID:6728
- C:\Windows\System\EugUprZ.exe
  C:\Windows\System\EugUprZ.exe
  2⤵
  PID:6748
- C:\Windows\System\sTLbqfi.exe
  C:\Windows\System\sTLbqfi.exe
  2⤵
  PID:6788
- C:\Windows\System\JenYLAN.exe
  C:\Windows\System\JenYLAN.exe
  2⤵
  PID:6812
- C:\Windows\System\iWoZprx.exe
  C:\Windows\System\iWoZprx.exe
  2⤵
  PID:6856
- C:\Windows\System\nQctkkA.exe
  C:\Windows\System\nQctkkA.exe
  2⤵
  PID:6892
- C:\Windows\System\RVyLGum.exe
  C:\Windows\System\RVyLGum.exe
  2⤵
  PID:6916
- C:\Windows\System\zBVJrew.exe
  C:\Windows\System\zBVJrew.exe
  2⤵
  PID:6936
- C:\Windows\System\eGQlsRN.exe
  C:\Windows\System\eGQlsRN.exe
  2⤵
  PID:6956
- C:\Windows\System\htIOFPH.exe
  C:\Windows\System\htIOFPH.exe
  2⤵
  PID:6980
- C:\Windows\System\KeXlczQ.exe
  C:\Windows\System\KeXlczQ.exe
  2⤵
  PID:7008
- C:\Windows\System\FKojSfu.exe
  C:\Windows\System\FKojSfu.exe
  2⤵
  PID:7036
- C:\Windows\System\fbZdEFf.exe
  C:\Windows\System\fbZdEFf.exe
  2⤵
  PID:7076
- C:\Windows\System\BZOIDxL.exe
  C:\Windows\System\BZOIDxL.exe
  2⤵
  PID:7104
- C:\Windows\System\aYnPrqB.exe
  C:\Windows\System\aYnPrqB.exe
  2⤵
  PID:7120
- C:\Windows\System\wPGNXJA.exe
  C:\Windows\System\wPGNXJA.exe
  2⤵
  PID:7148
- C:\Windows\System\nfNvngg.exe
  C:\Windows\System\nfNvngg.exe
  2⤵
  PID:5356
- C:\Windows\System\FuwHxRs.exe
  C:\Windows\System\FuwHxRs.exe
  2⤵
  PID:6148
- C:\Windows\System\SOkcURD.exe
  C:\Windows\System\SOkcURD.exe
  2⤵
  PID:4440
- C:\Windows\System\KpBKaNf.exe
  C:\Windows\System\KpBKaNf.exe
  2⤵
  PID:6276
- C:\Windows\System\MRHNgpu.exe
  C:\Windows\System\MRHNgpu.exe
  2⤵
  PID:6372
- C:\Windows\System\zWFhwwd.exe
  C:\Windows\System\zWFhwwd.exe
  2⤵
  PID:6432
- C:\Windows\System\eCFsnzj.exe
  C:\Windows\System\eCFsnzj.exe
  2⤵
  PID:6508
- C:\Windows\System\YlfFjqO.exe
  C:\Windows\System\YlfFjqO.exe
  2⤵
  PID:6556
- C:\Windows\System\jLogdSy.exe
  C:\Windows\System\jLogdSy.exe
  2⤵
  PID:6640
- C:\Windows\System\rVUmlxr.exe
  C:\Windows\System\rVUmlxr.exe
  2⤵
  PID:6712
- C:\Windows\System\eSpSrtA.exe
  C:\Windows\System\eSpSrtA.exe
  2⤵
  PID:6744
- C:\Windows\System\tTggqEX.exe
  C:\Windows\System\tTggqEX.exe
  2⤵
  PID:6832
- C:\Windows\System\UzsxGNn.exe
  C:\Windows\System\UzsxGNn.exe
  2⤵
  PID:6912
- C:\Windows\System\xMObwRr.exe
  C:\Windows\System\xMObwRr.exe
  2⤵
  PID:6944
- C:\Windows\System\cNjtlTm.exe
  C:\Windows\System\cNjtlTm.exe
  2⤵
  PID:6992
- C:\Windows\System\XeXqLGX.exe
  C:\Windows\System\XeXqLGX.exe
  2⤵
  PID:7132
- C:\Windows\System\vwYXyGb.exe
  C:\Windows\System\vwYXyGb.exe
  2⤵
  PID:5964
- C:\Windows\System\qiwIOxz.exe
  C:\Windows\System\qiwIOxz.exe
  2⤵
  PID:6048
- C:\Windows\System\DDrrlAC.exe
  C:\Windows\System\DDrrlAC.exe
  2⤵
  PID:6316
- C:\Windows\System\TliJeuL.exe
  C:\Windows\System\TliJeuL.exe
  2⤵
  PID:6612
- C:\Windows\System\uPKRGjc.exe
  C:\Windows\System\uPKRGjc.exe
  2⤵
  PID:6764
- C:\Windows\System\kMLIPWZ.exe
  C:\Windows\System\kMLIPWZ.exe
  2⤵
  PID:6808
- C:\Windows\System\WOMtOym.exe
  C:\Windows\System\WOMtOym.exe
  2⤵
  PID:6996
- C:\Windows\System\aqzbJON.exe
  C:\Windows\System\aqzbJON.exe
  2⤵
  PID:7048
- C:\Windows\System\ZCPcYMG.exe
  C:\Windows\System\ZCPcYMG.exe
  2⤵
  PID:5760
- C:\Windows\System\wHAclKS.exe
  C:\Windows\System\wHAclKS.exe
  2⤵
  PID:6308
- C:\Windows\System\NHRuZEB.exe
  C:\Windows\System\NHRuZEB.exe
  2⤵
  PID:6616
- C:\Windows\System\EaSHNzg.exe
  C:\Windows\System\EaSHNzg.exe
  2⤵
  PID:6212
- C:\Windows\System\XPYiXKy.exe
  C:\Windows\System\XPYiXKy.exe
  2⤵
  PID:7116
- C:\Windows\System\kCsTXKg.exe
  C:\Windows\System\kCsTXKg.exe
  2⤵
  PID:7200
- C:\Windows\System\TQnuCSp.exe
  C:\Windows\System\TQnuCSp.exe
  2⤵
  PID:7240
- C:\Windows\System\sPEvQNj.exe
  C:\Windows\System\sPEvQNj.exe
  2⤵
  PID:7272
- C:\Windows\System\FetCcvb.exe
  C:\Windows\System\FetCcvb.exe
  2⤵
  PID:7312
- C:\Windows\System\kTVvDXz.exe
  C:\Windows\System\kTVvDXz.exe
  2⤵
  PID:7328
- C:\Windows\System\AnSLNFu.exe
  C:\Windows\System\AnSLNFu.exe
  2⤵
  PID:7356
- C:\Windows\System\lpbAYnh.exe
  C:\Windows\System\lpbAYnh.exe
  2⤵
  PID:7376
- C:\Windows\System\AypsFvP.exe
  C:\Windows\System\AypsFvP.exe
  2⤵
  PID:7412
- C:\Windows\System\xnZyXzQ.exe
  C:\Windows\System\xnZyXzQ.exe
  2⤵
  PID:7440
- C:\Windows\System\RmChFkb.exe
  C:\Windows\System\RmChFkb.exe
  2⤵
  PID:7460
- C:\Windows\System\GCqGuei.exe
  C:\Windows\System\GCqGuei.exe
  2⤵
  PID:7488
- C:\Windows\System\LScKcTK.exe
  C:\Windows\System\LScKcTK.exe
  2⤵
  PID:7532
- C:\Windows\System\bLQCCOk.exe
  C:\Windows\System\bLQCCOk.exe
  2⤵
  PID:7564
- C:\Windows\System\WBwoEHf.exe
  C:\Windows\System\WBwoEHf.exe
  2⤵
  PID:7580
- C:\Windows\System\ZNUzxMD.exe
  C:\Windows\System\ZNUzxMD.exe
  2⤵
  PID:7612
- C:\Windows\System\rnyRcAe.exe
  C:\Windows\System\rnyRcAe.exe
  2⤵
  PID:7652
- C:\Windows\System\nggtTXK.exe
  C:\Windows\System\nggtTXK.exe
  2⤵
  PID:7668
- C:\Windows\System\DDrrOoe.exe
  C:\Windows\System\DDrrOoe.exe
  2⤵
  PID:7696
- C:\Windows\System\HmozeUr.exe
  C:\Windows\System\HmozeUr.exe
  2⤵
  PID:7732
- C:\Windows\System\ddSNTCd.exe
  C:\Windows\System\ddSNTCd.exe
  2⤵
  PID:7752
- C:\Windows\System\XBRdhHw.exe
  C:\Windows\System\XBRdhHw.exe
  2⤵
  PID:7780
- C:\Windows\System\qcxNqfb.exe
  C:\Windows\System\qcxNqfb.exe
  2⤵
  PID:7808
- C:\Windows\System\KVtTrmj.exe
  C:\Windows\System\KVtTrmj.exe
  2⤵
  PID:7828
- C:\Windows\System\ltpbCQX.exe
  C:\Windows\System\ltpbCQX.exe
  2⤵
  PID:7860
- C:\Windows\System\jYJgibg.exe
  C:\Windows\System\jYJgibg.exe
  2⤵
  PID:7880
- C:\Windows\System\iESZPsd.exe
  C:\Windows\System\iESZPsd.exe
  2⤵
  PID:7920
- C:\Windows\System\cOffZvO.exe
  C:\Windows\System\cOffZvO.exe
  2⤵
  PID:7956
- C:\Windows\System\DWKMAkl.exe
  C:\Windows\System\DWKMAkl.exe
  2⤵
  PID:7976
- C:\Windows\System\vRtwnmb.exe
  C:\Windows\System\vRtwnmb.exe
  2⤵
  PID:8008
- C:\Windows\System\znkcCZq.exe
  C:\Windows\System\znkcCZq.exe
  2⤵
  PID:8032
- C:\Windows\System\XBTkrTC.exe
  C:\Windows\System\XBTkrTC.exe
  2⤵
  PID:8068
- C:\Windows\System\IAalamq.exe
  C:\Windows\System\IAalamq.exe
  2⤵
  PID:8088
- C:\Windows\System\blbyaiV.exe
  C:\Windows\System\blbyaiV.exe
  2⤵
  PID:8116
- C:\Windows\System\cQTqVHC.exe
  C:\Windows\System\cQTqVHC.exe
  2⤵
  PID:8148
- C:\Windows\System\DXOXewv.exe
  C:\Windows\System\DXOXewv.exe
  2⤵
  PID:8176
- C:\Windows\System\wOmoyJd.exe
  C:\Windows\System\wOmoyJd.exe
  2⤵
  PID:7176
- C:\Windows\System\cGotoHI.exe
  C:\Windows\System\cGotoHI.exe
  2⤵
  PID:7220
- C:\Windows\System\fXHjJJD.exe
  C:\Windows\System\fXHjJJD.exe
  2⤵
  PID:7268
- C:\Windows\System\jbqVETP.exe
  C:\Windows\System\jbqVETP.exe
  2⤵
  PID:7340
- C:\Windows\System\zqHWDoi.exe
  C:\Windows\System\zqHWDoi.exe
  2⤵
  PID:7364
- C:\Windows\System\PcrcUhJ.exe
  C:\Windows\System\PcrcUhJ.exe
  2⤵
  PID:7472
- C:\Windows\System\JdBTRxM.exe
  C:\Windows\System\JdBTRxM.exe
  2⤵
  PID:7484
- C:\Windows\System\NtFgpUN.exe
  C:\Windows\System\NtFgpUN.exe
  2⤵
  PID:7596
- C:\Windows\System\uYrRSaq.exe
  C:\Windows\System\uYrRSaq.exe
  2⤵
  PID:7688
- C:\Windows\System\BedjjiA.exe
  C:\Windows\System\BedjjiA.exe
  2⤵
  PID:7724
- C:\Windows\System\IiSBUPM.exe
  C:\Windows\System\IiSBUPM.exe
  2⤵
  PID:7796
- C:\Windows\System\PQgxIaX.exe
  C:\Windows\System\PQgxIaX.exe
  2⤵
  PID:7876
- C:\Windows\System\WSxRUEY.exe
  C:\Windows\System\WSxRUEY.exe
  2⤵
  PID:7936
- C:\Windows\System\zfikmCC.exe
  C:\Windows\System\zfikmCC.exe
  2⤵
  PID:7996
- C:\Windows\System\CEdMNwb.exe
  C:\Windows\System\CEdMNwb.exe
  2⤵
  PID:8060
- C:\Windows\System\YJDAtgJ.exe
  C:\Windows\System\YJDAtgJ.exe
  2⤵
  PID:8132
- C:\Windows\System\YePAPOE.exe
  C:\Windows\System\YePAPOE.exe
  2⤵
  PID:8164
- C:\Windows\System\DcjrZuR.exe
  C:\Windows\System\DcjrZuR.exe
  2⤵
  PID:7404
- C:\Windows\System\YNlwZXM.exe
  C:\Windows\System\YNlwZXM.exe
  2⤵
  PID:7452
- C:\Windows\System\eUEuhiR.exe
  C:\Windows\System\eUEuhiR.exe
  2⤵
  PID:7548
- C:\Windows\System\TgDqTKr.exe
  C:\Windows\System\TgDqTKr.exe
  2⤵
  PID:7772
- C:\Windows\System\VZwsLAX.exe
  C:\Windows\System\VZwsLAX.exe
  2⤵
  PID:7988
- C:\Windows\System\kfNkxjX.exe
  C:\Windows\System\kfNkxjX.exe
  2⤵
  PID:8128
- C:\Windows\System\HIspLCF.exe
  C:\Windows\System\HIspLCF.exe
  2⤵
  PID:7296
- C:\Windows\System\NlhJwQO.exe
  C:\Windows\System\NlhJwQO.exe
  2⤵
  PID:7648
- C:\Windows\System\RkpGAfT.exe
  C:\Windows\System\RkpGAfT.exe
  2⤵
  PID:8020
- C:\Windows\System\vfcqtbO.exe
  C:\Windows\System\vfcqtbO.exe
  2⤵
  PID:6576
- C:\Windows\System\CnKJnuy.exe
  C:\Windows\System\CnKJnuy.exe
  2⤵
  PID:8220
- C:\Windows\System\BPznIXr.exe
  C:\Windows\System\BPznIXr.exe
  2⤵
  PID:8248
- C:\Windows\System\JdUAGEW.exe
  C:\Windows\System\JdUAGEW.exe
  2⤵
  PID:8284
- C:\Windows\System\HomLzRB.exe
  C:\Windows\System\HomLzRB.exe
  2⤵
  PID:8300
- C:\Windows\System\BCazxkx.exe
  C:\Windows\System\BCazxkx.exe
  2⤵
  PID:8320
- C:\Windows\System\mIAxZIy.exe
  C:\Windows\System\mIAxZIy.exe
  2⤵
  PID:8352
- C:\Windows\System\EaeropC.exe
  C:\Windows\System\EaeropC.exe
  2⤵
  PID:8388
- C:\Windows\System\QpQmCAn.exe
  C:\Windows\System\QpQmCAn.exe
  2⤵
  PID:8416
- C:\Windows\System\cwDqWlg.exe
  C:\Windows\System\cwDqWlg.exe
  2⤵
  PID:8452
- C:\Windows\System\zpOEmVI.exe
  C:\Windows\System\zpOEmVI.exe
  2⤵
  PID:8484
- C:\Windows\System\OzIGBri.exe
  C:\Windows\System\OzIGBri.exe
  2⤵
  PID:8516
- C:\Windows\System\wfKyYmW.exe
  C:\Windows\System\wfKyYmW.exe
  2⤵
  PID:8540
- C:\Windows\System\KHwNZGC.exe
  C:\Windows\System\KHwNZGC.exe
  2⤵
  PID:8572
- C:\Windows\System\FjvDxNu.exe
  C:\Windows\System\FjvDxNu.exe
  2⤵
  PID:8592
- C:\Windows\System\RxhLgZb.exe
  C:\Windows\System\RxhLgZb.exe
  2⤵
  PID:8616
- C:\Windows\System\yxwoMxm.exe
  C:\Windows\System\yxwoMxm.exe
  2⤵
  PID:8644
- C:\Windows\System\bgNJlSl.exe
  C:\Windows\System\bgNJlSl.exe
  2⤵
  PID:8664
- C:\Windows\System\fiVulli.exe
  C:\Windows\System\fiVulli.exe
  2⤵
  PID:8688
- C:\Windows\System\QGnmBdo.exe
  C:\Windows\System\QGnmBdo.exe
  2⤵
  PID:8728
- C:\Windows\System\kXpsibz.exe
  C:\Windows\System\kXpsibz.exe
  2⤵
  PID:8756
- C:\Windows\System\GEKDDaw.exe
  C:\Windows\System\GEKDDaw.exe
  2⤵
  PID:8788
- C:\Windows\System\GJizNVw.exe
  C:\Windows\System\GJizNVw.exe
  2⤵
  PID:8812
- C:\Windows\System\WLvyvsx.exe
  C:\Windows\System\WLvyvsx.exe
  2⤵
  PID:8840
- C:\Windows\System\HjLKeLa.exe
  C:\Windows\System\HjLKeLa.exe
  2⤵
  PID:8868
- C:\Windows\System\EAqbKGl.exe
  C:\Windows\System\EAqbKGl.exe
  2⤵
  PID:8900
- C:\Windows\System\iAvwriY.exe
  C:\Windows\System\iAvwriY.exe
  2⤵
  PID:8924
- C:\Windows\System\VocBoEs.exe
  C:\Windows\System\VocBoEs.exe
  2⤵
  PID:8952
- C:\Windows\System\MjgRcsU.exe
  C:\Windows\System\MjgRcsU.exe
  2⤵
  PID:8988
- C:\Windows\System\ROsNfRv.exe
  C:\Windows\System\ROsNfRv.exe
  2⤵
  PID:9008
- C:\Windows\System\lezUrJu.exe
  C:\Windows\System\lezUrJu.exe
  2⤵
  PID:9036
- C:\Windows\System\IPjSflt.exe
  C:\Windows\System\IPjSflt.exe
  2⤵
  PID:9068
- C:\Windows\System\qLWeoEa.exe
  C:\Windows\System\qLWeoEa.exe
  2⤵
  PID:9092
- C:\Windows\System\uZYnaNv.exe
  C:\Windows\System\uZYnaNv.exe
  2⤵
  PID:9124
- C:\Windows\System\rsPYNfm.exe
  C:\Windows\System\rsPYNfm.exe
  2⤵
  PID:9148
- C:\Windows\System\WFPZQZb.exe
  C:\Windows\System\WFPZQZb.exe
  2⤵
  PID:9176
- C:\Windows\System\gplGuXu.exe
  C:\Windows\System\gplGuXu.exe
  2⤵
  PID:9204
- C:\Windows\System\yhmEVMz.exe
  C:\Windows\System\yhmEVMz.exe
  2⤵
  PID:7556
- C:\Windows\System\eHKAAJe.exe
  C:\Windows\System\eHKAAJe.exe
  2⤵
  PID:8272
- C:\Windows\System\mIrAoFl.exe
  C:\Windows\System\mIrAoFl.exe
  2⤵
  PID:8316
- C:\Windows\System\reOlXaW.exe
  C:\Windows\System\reOlXaW.exe
  2⤵
  PID:8372
- C:\Windows\System\JKdSWTG.exe
  C:\Windows\System\JKdSWTG.exe
  2⤵
  PID:8440
- C:\Windows\System\JSQxQYc.exe
  C:\Windows\System\JSQxQYc.exe
  2⤵
  PID:8508
- C:\Windows\System\AaggIVR.exe
  C:\Windows\System\AaggIVR.exe
  2⤵
  PID:8580
- C:\Windows\System\kEOllrp.exe
  C:\Windows\System\kEOllrp.exe
  2⤵
  PID:8628
- C:\Windows\System\YcPOBKt.exe
  C:\Windows\System\YcPOBKt.exe
  2⤵
  PID:8660
- C:\Windows\System\jdYIRht.exe
  C:\Windows\System\jdYIRht.exe
  2⤵
  PID:8804
- C:\Windows\System\niljOvk.exe
  C:\Windows\System\niljOvk.exe
  2⤵
  PID:8852
- C:\Windows\System\lkIjTBe.exe
  C:\Windows\System\lkIjTBe.exe
  2⤵
  PID:8920
- C:\Windows\System\RJTnSTP.exe
  C:\Windows\System\RJTnSTP.exe
  2⤵
  PID:8976
- C:\Windows\System\HpWUPJA.exe
  C:\Windows\System\HpWUPJA.exe
  2⤵
  PID:9020
- C:\Windows\System\CqQAPcd.exe
  C:\Windows\System\CqQAPcd.exe
  2⤵
  PID:9104
- C:\Windows\System\WwOYRYI.exe
  C:\Windows\System\WwOYRYI.exe
  2⤵
  PID:9136
- C:\Windows\System\cOnBdbE.exe
  C:\Windows\System\cOnBdbE.exe
  2⤵
  PID:9160
- C:\Windows\System\REsjbEh.exe
  C:\Windows\System\REsjbEh.exe
  2⤵
  PID:8232
- C:\Windows\System\zaLuxLB.exe
  C:\Windows\System\zaLuxLB.exe
  2⤵
  PID:8432
- C:\Windows\System\VWXGmpI.exe
  C:\Windows\System\VWXGmpI.exe
  2⤵
  PID:8480
- C:\Windows\System\SQPFAHk.exe
  C:\Windows\System\SQPFAHk.exe
  2⤵
  PID:8552
- C:\Windows\System\cUNXKaE.exe
  C:\Windows\System\cUNXKaE.exe
  2⤵
  PID:8744
- C:\Windows\System\jYYdCtl.exe
  C:\Windows\System\jYYdCtl.exe
  2⤵
  PID:8936
- C:\Windows\System\btgxLTc.exe
  C:\Windows\System\btgxLTc.exe
  2⤵
  PID:8212
- C:\Windows\System\LwOzGir.exe
  C:\Windows\System\LwOzGir.exe
  2⤵
  PID:8360
- C:\Windows\System\WqQlirz.exe
  C:\Windows\System\WqQlirz.exe
  2⤵
  PID:8944
- C:\Windows\System\eHyPQYT.exe
  C:\Windows\System\eHyPQYT.exe
  2⤵
  PID:9028
- C:\Windows\System\EWomOqx.exe
  C:\Windows\System\EWomOqx.exe
  2⤵
  PID:9056
- C:\Windows\System\qhYNUMA.exe
  C:\Windows\System\qhYNUMA.exe
  2⤵
  PID:9240
- C:\Windows\System\GTWMFlv.exe
  C:\Windows\System\GTWMFlv.exe
  2⤵
  PID:9268
- C:\Windows\System\GijSjdQ.exe
  C:\Windows\System\GijSjdQ.exe
  2⤵
  PID:9304
- C:\Windows\System\hWXGYSN.exe
  C:\Windows\System\hWXGYSN.exe
  2⤵
  PID:9336
- C:\Windows\System\ZIUifQl.exe
  C:\Windows\System\ZIUifQl.exe
  2⤵
  PID:9364
- C:\Windows\System\FfUdMHR.exe
  C:\Windows\System\FfUdMHR.exe
  2⤵
  PID:9400
- C:\Windows\System\gkMYrPX.exe
  C:\Windows\System\gkMYrPX.exe
  2⤵
  PID:9416
- C:\Windows\System\DynokPH.exe
  C:\Windows\System\DynokPH.exe
  2⤵
  PID:9448
- C:\Windows\System\xvRNITo.exe
  C:\Windows\System\xvRNITo.exe
  2⤵
  PID:9476
- C:\Windows\System\NKLrzPy.exe
  C:\Windows\System\NKLrzPy.exe
  2⤵
  PID:9504
- C:\Windows\System\PgiHqKI.exe
  C:\Windows\System\PgiHqKI.exe
  2⤵
  PID:9532
- C:\Windows\System\MlBkCfF.exe
  C:\Windows\System\MlBkCfF.exe
  2⤵
  PID:9560
- C:\Windows\System\NESXxGv.exe
  C:\Windows\System\NESXxGv.exe
  2⤵
  PID:9588
- C:\Windows\System\EJbkkZh.exe
  C:\Windows\System\EJbkkZh.exe
  2⤵
  PID:9616
- C:\Windows\System\vadXERU.exe
  C:\Windows\System\vadXERU.exe
  2⤵
  PID:9640
- C:\Windows\System\JSnkZHQ.exe
  C:\Windows\System\JSnkZHQ.exe
  2⤵
  PID:9664
- C:\Windows\System\ykpzUaA.exe
  C:\Windows\System\ykpzUaA.exe
  2⤵
  PID:9692
- C:\Windows\System\qwwznBZ.exe
  C:\Windows\System\qwwznBZ.exe
  2⤵
  PID:9720
- C:\Windows\System\SKkstlz.exe
  C:\Windows\System\SKkstlz.exe
  2⤵
  PID:9748
- C:\Windows\System\GjJzVkl.exe
  C:\Windows\System\GjJzVkl.exe
  2⤵
  PID:9776
- C:\Windows\System\jtkKKpa.exe
  C:\Windows\System\jtkKKpa.exe
  2⤵
  PID:9816
- C:\Windows\System\QqBTLTn.exe
  C:\Windows\System\QqBTLTn.exe
  2⤵
  PID:9852
- C:\Windows\System\MMIaROI.exe
  C:\Windows\System\MMIaROI.exe
  2⤵
  PID:9876
- C:\Windows\System\rJNzglb.exe
  C:\Windows\System\rJNzglb.exe
  2⤵
  PID:9912
- C:\Windows\System\LlclFxs.exe
  C:\Windows\System\LlclFxs.exe
  2⤵
  PID:9940
- C:\Windows\System\vUFAOwS.exe
  C:\Windows\System\vUFAOwS.exe
  2⤵
  PID:9956
- C:\Windows\System\QpBXkUc.exe
  C:\Windows\System\QpBXkUc.exe
  2⤵
  PID:9988
- C:\Windows\System\AXpTQbf.exe
  C:\Windows\System\AXpTQbf.exe
  2⤵
  PID:10024
- C:\Windows\System\JwRqvYG.exe
  C:\Windows\System\JwRqvYG.exe
  2⤵
  PID:10052
- C:\Windows\System\ICerdRi.exe
  C:\Windows\System\ICerdRi.exe
  2⤵
  PID:10072
- C:\Windows\System\oogrblJ.exe
  C:\Windows\System\oogrblJ.exe
  2⤵
  PID:10088
- C:\Windows\System\ltbjwIw.exe
  C:\Windows\System\ltbjwIw.exe
  2⤵
  PID:10104
- C:\Windows\System\XNTfVeP.exe
  C:\Windows\System\XNTfVeP.exe
  2⤵
  PID:10128
- C:\Windows\System\KbYDJlp.exe
  C:\Windows\System\KbYDJlp.exe
  2⤵
  PID:10160
- C:\Windows\System\ypdaBHx.exe
  C:\Windows\System\ypdaBHx.exe
  2⤵
  PID:10180
- C:\Windows\System\Emdvuuu.exe
  C:\Windows\System\Emdvuuu.exe
  2⤵
  PID:10204
- C:\Windows\System\bSjNhkz.exe
  C:\Windows\System\bSjNhkz.exe
  2⤵
  PID:8916
- C:\Windows\System\mIoZNLX.exe
  C:\Windows\System\mIoZNLX.exe
  2⤵
  PID:9260
- C:\Windows\System\fBzaFPt.exe
  C:\Windows\System\fBzaFPt.exe
  2⤵
  PID:9328
- C:\Windows\System\OAJfGjj.exe
  C:\Windows\System\OAJfGjj.exe
  2⤵
  PID:9384
- C:\Windows\System\kpWoPxm.exe
  C:\Windows\System\kpWoPxm.exe
  2⤵
  PID:9436
- C:\Windows\System\qhdJDMw.exe
  C:\Windows\System\qhdJDMw.exe
  2⤵
  PID:9492
- C:\Windows\System\eNziarF.exe
  C:\Windows\System\eNziarF.exe
  2⤵
  PID:9580
- C:\Windows\System\ppagpqm.exe
  C:\Windows\System\ppagpqm.exe
  2⤵
  PID:9652
- C:\Windows\System\rquIulc.exe
  C:\Windows\System\rquIulc.exe
  2⤵
  PID:9732
- C:\Windows\System\QvzcYvB.exe
  C:\Windows\System\QvzcYvB.exe
  2⤵
  PID:9796
- C:\Windows\System\MYBnyVu.exe
  C:\Windows\System\MYBnyVu.exe
  2⤵
  PID:9864
- C:\Windows\System\aBKIbHr.exe
  C:\Windows\System\aBKIbHr.exe
  2⤵
  PID:9948
- C:\Windows\System\FIDCWTI.exe
  C:\Windows\System\FIDCWTI.exe
  2⤵
  PID:10040
- C:\Windows\System\MCTuIqF.exe
  C:\Windows\System\MCTuIqF.exe
  2⤵
  PID:10084
- C:\Windows\System\nuEBvaQ.exe
  C:\Windows\System\nuEBvaQ.exe
  2⤵
  PID:10116
- C:\Windows\System\OBdOoiq.exe
  C:\Windows\System\OBdOoiq.exe
  2⤵
  PID:9220
- C:\Windows\System\jxPSGyG.exe
  C:\Windows\System\jxPSGyG.exe
  2⤵
  PID:9280
- C:\Windows\System\wfcPGhW.exe
  C:\Windows\System\wfcPGhW.exe
  2⤵
  PID:9488
- C:\Windows\System\jqLQXBz.exe
  C:\Windows\System\jqLQXBz.exe
  2⤵
  PID:9516
- C:\Windows\System\NdBiElr.exe
  C:\Windows\System\NdBiElr.exe
  2⤵
  PID:9708
- C:\Windows\System\MVBeZbK.exe
  C:\Windows\System\MVBeZbK.exe
  2⤵
  PID:9928
- C:\Windows\System\dyTfZiE.exe
  C:\Windows\System\dyTfZiE.exe
  2⤵
  PID:9972
- C:\Windows\System\TLjwgUL.exe
  C:\Windows\System\TLjwgUL.exe
  2⤵
  PID:10140
- C:\Windows\System\XfSnxBh.exe
  C:\Windows\System\XfSnxBh.exe
  2⤵
  PID:9324
- C:\Windows\System\aAzkenP.exe
  C:\Windows\System\aAzkenP.exe
  2⤵
  PID:9704
- C:\Windows\System\wTWSoQg.exe
  C:\Windows\System\wTWSoQg.exe
  2⤵
  PID:10080
- C:\Windows\System\ONcEBys.exe
  C:\Windows\System\ONcEBys.exe
  2⤵
  PID:10168
- C:\Windows\System\NLgOEiT.exe
  C:\Windows\System\NLgOEiT.exe
  2⤵
  PID:9348
- C:\Windows\System\nUUKhwP.exe
  C:\Windows\System\nUUKhwP.exe
  2⤵
  PID:10016
- C:\Windows\System\jEpIwLR.exe
  C:\Windows\System\jEpIwLR.exe
  2⤵
  PID:10280
- C:\Windows\System\hLYZQAG.exe
  C:\Windows\System\hLYZQAG.exe
  2⤵
  PID:10304
- C:\Windows\System\EHvmjOy.exe
  C:\Windows\System\EHvmjOy.exe
  2⤵
  PID:10332
- C:\Windows\System\QEWBuYb.exe
  C:\Windows\System\QEWBuYb.exe
  2⤵
  PID:10368
- C:\Windows\System\dOXTzVc.exe
  C:\Windows\System\dOXTzVc.exe
  2⤵
  PID:10404
- C:\Windows\System\LZScmSx.exe
  C:\Windows\System\LZScmSx.exe
  2⤵
  PID:10428
- C:\Windows\System\elaFQut.exe
  C:\Windows\System\elaFQut.exe
  2⤵
  PID:10456
- C:\Windows\System\LSRWobQ.exe
  C:\Windows\System\LSRWobQ.exe
  2⤵
  PID:10484
- C:\Windows\System\WOsaGFz.exe
  C:\Windows\System\WOsaGFz.exe
  2⤵
  PID:10520
- C:\Windows\System\OdatZUz.exe
  C:\Windows\System\OdatZUz.exe
  2⤵
  PID:10540
- C:\Windows\System\ifyAjyo.exe
  C:\Windows\System\ifyAjyo.exe
  2⤵
  PID:10568
- C:\Windows\System\TjVVbwT.exe
  C:\Windows\System\TjVVbwT.exe
  2⤵
  PID:10588
- C:\Windows\System\gztorgp.exe
  C:\Windows\System\gztorgp.exe
  2⤵
  PID:10612
- C:\Windows\System\ACeWAJG.exe
  C:\Windows\System\ACeWAJG.exe
  2⤵
  PID:10640
- C:\Windows\System\zKHnMGU.exe
  C:\Windows\System\zKHnMGU.exe
  2⤵
  PID:10668
- C:\Windows\System\WJWcuhe.exe
  C:\Windows\System\WJWcuhe.exe
  2⤵
  PID:10700
- C:\Windows\System\QoHvujN.exe
  C:\Windows\System\QoHvujN.exe
  2⤵
  PID:10736
- C:\Windows\System\BujQtsa.exe
  C:\Windows\System\BujQtsa.exe
  2⤵
  PID:10764
- C:\Windows\System\pUGMcbC.exe
  C:\Windows\System\pUGMcbC.exe
  2⤵
  PID:10792
- C:\Windows\System\coOBlxH.exe
  C:\Windows\System\coOBlxH.exe
  2⤵
  PID:10820
- C:\Windows\System\DQtgAXe.exe
  C:\Windows\System\DQtgAXe.exe
  2⤵
  PID:10836
- C:\Windows\System\wnKyZEW.exe
  C:\Windows\System\wnKyZEW.exe
  2⤵
  PID:10852
- C:\Windows\System\SiTnbKP.exe
  C:\Windows\System\SiTnbKP.exe
  2⤵
  PID:10900
- C:\Windows\System\vtZkuLv.exe
  C:\Windows\System\vtZkuLv.exe
  2⤵
  PID:10928
- C:\Windows\System\CIPQGCm.exe
  C:\Windows\System\CIPQGCm.exe
  2⤵
  PID:10956
- C:\Windows\System\YuoDsWB.exe
  C:\Windows\System\YuoDsWB.exe
  2⤵
  PID:10980
- C:\Windows\System\xgHqXpK.exe
  C:\Windows\System\xgHqXpK.exe
  2⤵
  PID:11004
- C:\Windows\System\oIHzTMs.exe
  C:\Windows\System\oIHzTMs.exe
  2⤵
  PID:11048
- C:\Windows\System\FbvCjbT.exe
  C:\Windows\System\FbvCjbT.exe
  2⤵
  PID:11072
- C:\Windows\System\YzSrFdb.exe
  C:\Windows\System\YzSrFdb.exe
  2⤵
  PID:11088
- C:\Windows\System\fuBlFIg.exe
  C:\Windows\System\fuBlFIg.exe
  2⤵
  PID:11112
- C:\Windows\System\QmcJPeY.exe
  C:\Windows\System\QmcJPeY.exe
  2⤵
  PID:11132
- C:\Windows\System\IgCdWrO.exe
  C:\Windows\System\IgCdWrO.exe
  2⤵
  PID:11156
- C:\Windows\System\oqAANsr.exe
  C:\Windows\System\oqAANsr.exe
  2⤵
  PID:11176
- C:\Windows\System\ukAydzj.exe
  C:\Windows\System\ukAydzj.exe
  2⤵
  PID:11208
- C:\Windows\System\sqHCXhk.exe
  C:\Windows\System\sqHCXhk.exe
  2⤵
  PID:11236
- C:\Windows\System\OVoQaMo.exe
  C:\Windows\System\OVoQaMo.exe
  2⤵
  PID:10260
- C:\Windows\System\wpfETeH.exe
  C:\Windows\System\wpfETeH.exe
  2⤵
  PID:10324
- C:\Windows\System\opYUORR.exe
  C:\Windows\System\opYUORR.exe
  2⤵
  PID:10388
- C:\Windows\System\RmucLbq.exe
  C:\Windows\System\RmucLbq.exe
  2⤵
  PID:10468
- C:\Windows\System\nGOQSpt.exe
  C:\Windows\System\nGOQSpt.exe
  2⤵
  PID:10508
- C:\Windows\System\WlPBQQV.exe
  C:\Windows\System\WlPBQQV.exe
  2⤵
  PID:10576
- C:\Windows\System\nJQooNb.exe
  C:\Windows\System\nJQooNb.exe
  2⤵
  PID:10676
- C:\Windows\System\RWQeQNt.exe
  C:\Windows\System\RWQeQNt.exe
  2⤵
  PID:10696
- C:\Windows\System\fhtOzzZ.exe
  C:\Windows\System\fhtOzzZ.exe
  2⤵
  PID:10748
- C:\Windows\System\RxCOrUO.exe
  C:\Windows\System\RxCOrUO.exe
  2⤵
  PID:10848
- C:\Windows\System\ehzBIry.exe
  C:\Windows\System\ehzBIry.exe
  2⤵
  PID:2324
- C:\Windows\System\unOsiJk.exe
  C:\Windows\System\unOsiJk.exe
  2⤵
  PID:11000
- C:\Windows\System\DaFlRww.exe
  C:\Windows\System\DaFlRww.exe
  2⤵
  PID:11068
- C:\Windows\System\FiGIOiP.exe
  C:\Windows\System\FiGIOiP.exe
  2⤵
  PID:11080
- C:\Windows\System\wSqyRnf.exe
  C:\Windows\System\wSqyRnf.exe
  2⤵
  PID:11104
- C:\Windows\System\OwoOLuG.exe
  C:\Windows\System\OwoOLuG.exe
  2⤵
  PID:11196
- C:\Windows\System\LjVJQNj.exe
  C:\Windows\System\LjVJQNj.exe
  2⤵
  PID:11252
- C:\Windows\System\pcHqVzI.exe
  C:\Windows\System\pcHqVzI.exe
  2⤵
  PID:10480
- C:\Windows\System\bwbLIdL.exe
  C:\Windows\System\bwbLIdL.exe
  2⤵
  PID:10536
- C:\Windows\System\HaxcCax.exe
  C:\Windows\System\HaxcCax.exe
  2⤵
  PID:10600
- C:\Windows\System\UHhPRDx.exe
  C:\Windows\System\UHhPRDx.exe
  2⤵
  PID:10804
- C:\Windows\System\HHrplKZ.exe
  C:\Windows\System\HHrplKZ.exe
  2⤵
  PID:10888
- C:\Windows\System\MuBnZKH.exe
  C:\Windows\System\MuBnZKH.exe
  2⤵
  PID:11024
- C:\Windows\System\ZaxEXlF.exe
  C:\Windows\System\ZaxEXlF.exe
  2⤵
  PID:11148
- C:\Windows\System\nkeIhkt.exe
  C:\Windows\System\nkeIhkt.exe
  2⤵
  PID:10300
- C:\Windows\System\JVuobJv.exe
  C:\Windows\System\JVuobJv.exe
  2⤵
  PID:10420
- C:\Windows\System\QUYZzqi.exe
  C:\Windows\System\QUYZzqi.exe
  2⤵
  PID:10752
- C:\Windows\System\ZLSYcPB.exe
  C:\Windows\System\ZLSYcPB.exe
  2⤵
  PID:10424
- C:\Windows\System\CNRtcyV.exe
  C:\Windows\System\CNRtcyV.exe
  2⤵
  PID:11248
- C:\Windows\System\JIGekaI.exe
  C:\Windows\System\JIGekaI.exe
  2⤵
  PID:11292
- C:\Windows\System\wWcImpu.exe
  C:\Windows\System\wWcImpu.exe
  2⤵
  PID:11312
- C:\Windows\System\OTFUmtA.exe
  C:\Windows\System\OTFUmtA.exe
  2⤵
  PID:11340
- C:\Windows\System\VGMShRv.exe
  C:\Windows\System\VGMShRv.exe
  2⤵
  PID:11368
- C:\Windows\System\xssjTdC.exe
  C:\Windows\System\xssjTdC.exe
  2⤵
  PID:11404
- C:\Windows\System\nvpbVSt.exe
  C:\Windows\System\nvpbVSt.exe
  2⤵
  PID:11436
- C:\Windows\System\uHTRUxI.exe
  C:\Windows\System\uHTRUxI.exe
  2⤵
  PID:11476
- C:\Windows\System\uUtpikS.exe
  C:\Windows\System\uUtpikS.exe
  2⤵
  PID:11504
- C:\Windows\System\iXDNoEd.exe
  C:\Windows\System\iXDNoEd.exe
  2⤵
  PID:11532
- C:\Windows\System\oHNpjTc.exe
  C:\Windows\System\oHNpjTc.exe
  2⤵
  PID:11552
- C:\Windows\System\kEAvNNF.exe
  C:\Windows\System\kEAvNNF.exe
  2⤵
  PID:11576
- C:\Windows\System\dJGQMBp.exe
  C:\Windows\System\dJGQMBp.exe
  2⤵
  PID:11604
- C:\Windows\System\LErmGSH.exe
  C:\Windows\System\LErmGSH.exe
  2⤵
  PID:11628
- C:\Windows\System\xJHOYJK.exe
  C:\Windows\System\xJHOYJK.exe
  2⤵
  PID:11664
- C:\Windows\System\YWKCLXZ.exe
  C:\Windows\System\YWKCLXZ.exe
  2⤵
  PID:11704
- C:\Windows\System\RffjWRX.exe
  C:\Windows\System\RffjWRX.exe
  2⤵
  PID:11728
- C:\Windows\System\KHpyflC.exe
  C:\Windows\System\KHpyflC.exe
  2⤵
  PID:11760
- C:\Windows\System\eSrTlGI.exe
  C:\Windows\System\eSrTlGI.exe
  2⤵
  PID:11792
- C:\Windows\System\wJcLdhq.exe
  C:\Windows\System\wJcLdhq.exe
  2⤵
  PID:11828
- C:\Windows\System\fucHYeJ.exe
  C:\Windows\System\fucHYeJ.exe
  2⤵
  PID:11848
- C:\Windows\System\kVQGiOF.exe
  C:\Windows\System\kVQGiOF.exe
  2⤵
  PID:11868
- C:\Windows\System\oalIbRI.exe
  C:\Windows\System\oalIbRI.exe
  2⤵
  PID:11900
- C:\Windows\System\wPglWzu.exe
  C:\Windows\System\wPglWzu.exe
  2⤵
  PID:11928
- C:\Windows\System\JqmMPuB.exe
  C:\Windows\System\JqmMPuB.exe
  2⤵
  PID:11948
- C:\Windows\System\tQyxrDl.exe
  C:\Windows\System\tQyxrDl.exe
  2⤵
  PID:11976
- C:\Windows\System\uVAHJxi.exe
  C:\Windows\System\uVAHJxi.exe
  2⤵
  PID:12008
- C:\Windows\System\acgUNsT.exe
  C:\Windows\System\acgUNsT.exe
  2⤵
  PID:12032
- C:\Windows\System\aFuYvVg.exe
  C:\Windows\System\aFuYvVg.exe
  2⤵
  PID:12064
- C:\Windows\System\CxzDAmU.exe
  C:\Windows\System\CxzDAmU.exe
  2⤵
  PID:12096
- C:\Windows\System\UJXaDIv.exe
  C:\Windows\System\UJXaDIv.exe
  2⤵
  PID:12112
- C:\Windows\System\DTrsAYo.exe
  C:\Windows\System\DTrsAYo.exe
  2⤵
  PID:12144
- C:\Windows\System\hTXrNuF.exe
  C:\Windows\System\hTXrNuF.exe
  2⤵
  PID:12164
- C:\Windows\System\GsWQhjp.exe
  C:\Windows\System\GsWQhjp.exe
  2⤵
  PID:12188
- C:\Windows\System\ADcbPfQ.exe
  C:\Windows\System\ADcbPfQ.exe
  2⤵
  PID:12228
- C:\Windows\System\zEHOKOD.exe
  C:\Windows\System\zEHOKOD.exe
  2⤵
  PID:12264
- C:\Windows\System\vjaAxoB.exe
  C:\Windows\System\vjaAxoB.exe
  2⤵
  PID:3784
- C:\Windows\System\MAXNiSv.exe
  C:\Windows\System\MAXNiSv.exe
  2⤵
  PID:11276
- C:\Windows\System\BMbdoDu.exe
  C:\Windows\System\BMbdoDu.exe
  2⤵
  PID:11308
- C:\Windows\System\nenRjqR.exe
  C:\Windows\System\nenRjqR.exe
  2⤵
  PID:11360
- C:\Windows\System\yGofmPq.exe
  C:\Windows\System\yGofmPq.exe
  2⤵
  PID:11452
- C:\Windows\System\uhWCYYy.exe
  C:\Windows\System\uhWCYYy.exe
  2⤵
  PID:11524
- C:\Windows\System\yrEapmR.exe
  C:\Windows\System\yrEapmR.exe
  2⤵
  PID:11584
- C:\Windows\System\CNPwTtv.exe
  C:\Windows\System\CNPwTtv.exe
  2⤵
  PID:11656
- C:\Windows\System\zEUmYix.exe
  C:\Windows\System\zEUmYix.exe
  2⤵
  PID:11620
- C:\Windows\System\spTxdLo.exe
  C:\Windows\System\spTxdLo.exe
  2⤵
  PID:11724
- C:\Windows\System\YnJGaib.exe
  C:\Windows\System\YnJGaib.exe
  2⤵
  PID:11780
- C:\Windows\System\guDnZOF.exe
  C:\Windows\System\guDnZOF.exe
  2⤵
  PID:11864
- C:\Windows\System\SACTkWG.exe
  C:\Windows\System\SACTkWG.exe
  2⤵
  PID:11944
- C:\Windows\System\YHDcYxK.exe
  C:\Windows\System\YHDcYxK.exe
  2⤵
  PID:11968
- C:\Windows\System\nPdfKjB.exe
  C:\Windows\System\nPdfKjB.exe
  2⤵
  PID:12060
- C:\Windows\System\bJYSeSj.exe
  C:\Windows\System\bJYSeSj.exe
  2⤵
  PID:12180
- C:\Windows\System\YDtxWXJ.exe
  C:\Windows\System\YDtxWXJ.exe
  2⤵
  PID:12224
- C:\Windows\System\SlHvxuS.exe
  C:\Windows\System\SlHvxuS.exe
  2⤵
  PID:736
- C:\Windows\System\VAlnQqx.exe
  C:\Windows\System\VAlnQqx.exe
  2⤵
  PID:11376
- C:\Windows\System\PQeMSIA.exe
  C:\Windows\System\PQeMSIA.exe
  2⤵
  PID:11416
- C:\Windows\System\uCwbTVZ.exe
  C:\Windows\System\uCwbTVZ.exe
  2⤵
  PID:11820
- C:\Windows\System\xfFfxKw.exe
  C:\Windows\System\xfFfxKw.exe
  2⤵
  PID:11892
- C:\Windows\System\TiHpxOU.exe
  C:\Windows\System\TiHpxOU.exe
  2⤵
  PID:12052
- C:\Windows\System\XSWtFnh.exe
  C:\Windows\System\XSWtFnh.exe
  2⤵
  PID:12216
- C:\Windows\System\jqkQJGq.exe
  C:\Windows\System\jqkQJGq.exe
  2⤵
  PID:3568
- C:\Windows\System\TFXUHwd.exe
  C:\Windows\System\TFXUHwd.exe
  2⤵
  PID:3176
- C:\Windows\System\TLkrIzv.exe
  C:\Windows\System\TLkrIzv.exe
  2⤵
  PID:11964
- C:\Windows\System\NWXVPtg.exe
  C:\Windows\System\NWXVPtg.exe
  2⤵
  PID:11784
- C:\Windows\System\lMQQVxr.exe
  C:\Windows\System\lMQQVxr.exe
  2⤵
  PID:5096
- C:\Windows\System\OXLlfGu.exe
  C:\Windows\System\OXLlfGu.exe
  2⤵
  PID:11544
- C:\Windows\System\BdkUgWH.exe
  C:\Windows\System\BdkUgWH.exe
  2⤵
  PID:12304
- C:\Windows\System\PVnmfri.exe
  C:\Windows\System\PVnmfri.exe
  2⤵
  PID:12332
- C:\Windows\System\vWzYKNu.exe
  C:\Windows\System\vWzYKNu.exe
  2⤵
  PID:12364
- C:\Windows\System\bKSitRl.exe
  C:\Windows\System\bKSitRl.exe
  2⤵
  PID:12396
- C:\Windows\System\czoDbPP.exe
  C:\Windows\System\czoDbPP.exe
  2⤵
  PID:12436
- C:\Windows\System\yoQpjOT.exe
  C:\Windows\System\yoQpjOT.exe
  2⤵
  PID:12452
- C:\Windows\System\xNSkrcP.exe
  C:\Windows\System\xNSkrcP.exe
  2⤵
  PID:12480
- C:\Windows\System\HKbzPHc.exe
  C:\Windows\System\HKbzPHc.exe
  2⤵
  PID:12520
- C:\Windows\System\wiGMiMv.exe
  C:\Windows\System\wiGMiMv.exe
  2⤵
  PID:12548
- C:\Windows\System\tVGMFUl.exe
  C:\Windows\System\tVGMFUl.exe
  2⤵
  PID:12584
- C:\Windows\System\UNkfhJF.exe
  C:\Windows\System\UNkfhJF.exe
  2⤵
  PID:12604
- C:\Windows\System\yhztgnu.exe
  C:\Windows\System\yhztgnu.exe
  2⤵
  PID:12640
- C:\Windows\System\tnLJACW.exe
  C:\Windows\System\tnLJACW.exe
  2⤵
  PID:12660
- C:\Windows\System\iwUSQfU.exe
  C:\Windows\System\iwUSQfU.exe
  2⤵
  PID:12676
- C:\Windows\System\NVWLIPY.exe
  C:\Windows\System\NVWLIPY.exe
  2⤵
  PID:12700
- C:\Windows\System\ncAVppB.exe
  C:\Windows\System\ncAVppB.exe
  2⤵
  PID:12736
- C:\Windows\System\bkJvCqy.exe
  C:\Windows\System\bkJvCqy.exe
  2⤵
  PID:12768
- C:\Windows\System\DWLtDSD.exe
  C:\Windows\System\DWLtDSD.exe
  2⤵
  PID:12792
- C:\Windows\System\lIkgCUZ.exe
  C:\Windows\System\lIkgCUZ.exe
  2⤵
  PID:12824
- C:\Windows\System\jdSdkyr.exe
  C:\Windows\System\jdSdkyr.exe
  2⤵
  PID:12852
- C:\Windows\System\KsTPkEn.exe
  C:\Windows\System\KsTPkEn.exe
  2⤵
  PID:12872
- C:\Windows\System\fFBQOKp.exe
  C:\Windows\System\fFBQOKp.exe
  2⤵
  PID:12896
- C:\Windows\System\DLQodya.exe
  C:\Windows\System\DLQodya.exe
  2⤵
  PID:12932
- C:\Windows\System\THRMxrW.exe
  C:\Windows\System\THRMxrW.exe
  2⤵
  PID:12956
- C:\Windows\System\xvWVigd.exe
  C:\Windows\System\xvWVigd.exe
  2⤵
  PID:13004
- C:\Windows\System\nueQEIQ.exe
  C:\Windows\System\nueQEIQ.exe
  2⤵
  PID:13024
- C:\Windows\System\hEHDfgd.exe
  C:\Windows\System\hEHDfgd.exe
  2⤵
  PID:13048
- C:\Windows\System\Adpbcgv.exe
  C:\Windows\System\Adpbcgv.exe
  2⤵
  PID:13064
- C:\Windows\System\YHVOSKD.exe
  C:\Windows\System\YHVOSKD.exe
  2⤵
  PID:13096
- C:\Windows\System\PBlhAFh.exe
  C:\Windows\System\PBlhAFh.exe
  2⤵
  PID:13124
- C:\Windows\System\dSVVgOW.exe
  C:\Windows\System\dSVVgOW.exe
  2⤵
  PID:13148
- C:\Windows\System\OnWybsX.exe
  C:\Windows\System\OnWybsX.exe
  2⤵
  PID:13184
- C:\Windows\System\ISDJsyB.exe
  C:\Windows\System\ISDJsyB.exe
  2⤵
  PID:13220
- C:\Windows\System\WBYimAN.exe
  C:\Windows\System\WBYimAN.exe
  2⤵
  PID:13252
- C:\Windows\System\eqiWwLi.exe
  C:\Windows\System\eqiWwLi.exe
  2⤵
  PID:13276
- C:\Windows\System\KNruKHZ.exe
  C:\Windows\System\KNruKHZ.exe
  2⤵
  PID:13300
- C:\Windows\System\hFeKWKZ.exe
  C:\Windows\System\hFeKWKZ.exe
  2⤵
  PID:12260
- C:\Windows\System\lUCQttS.exe
  C:\Windows\System\lUCQttS.exe
  2⤵
  PID:12344
- C:\Windows\System\tkNJQRQ.exe
  C:\Windows\System\tkNJQRQ.exe
  2⤵
  PID:12516
- C:\Windows\System\YSjxYuu.exe
  C:\Windows\System\YSjxYuu.exe
  2⤵
  PID:12564
- C:\Windows\System\KVLSKlK.exe
  C:\Windows\System\KVLSKlK.exe
  2⤵
  PID:12616
- C:\Windows\System\Zzydryk.exe
  C:\Windows\System\Zzydryk.exe
  2⤵
  PID:12668
- C:\Windows\System\EIePADR.exe
  C:\Windows\System\EIePADR.exe
  2⤵
  PID:12688
- C:\Windows\System\WnQIkbc.exe
  C:\Windows\System\WnQIkbc.exe
  2⤵
  PID:12844
- C:\Windows\System\aMvyqbG.exe
  C:\Windows\System\aMvyqbG.exe
  2⤵
  PID:12888
- C:\Windows\System\HKSjXqm.exe
  C:\Windows\System\HKSjXqm.exe
  2⤵
  PID:12928
- C:\Windows\System\IdMooli.exe
  C:\Windows\System\IdMooli.exe
  2⤵
  PID:12972
- C:\Windows\System\gtpmGiq.exe
  C:\Windows\System\gtpmGiq.exe
  2⤵
  PID:13060
- C:\Windows\System\jyiaLZP.exe
  C:\Windows\System\jyiaLZP.exe
  2⤵
  PID:13076
- C:\Windows\System\ksZCnfj.exe
  C:\Windows\System\ksZCnfj.exe
  2⤵
  PID:13172
- C:\Windows\System\aUiiCQq.exe
  C:\Windows\System\aUiiCQq.exe
  2⤵
  PID:13248
- C:\Windows\System\zFnQdNr.exe
  C:\Windows\System\zFnQdNr.exe
  2⤵
  PID:13296
- C:\Windows\System\agPmObi.exe
  C:\Windows\System\agPmObi.exe
  2⤵
  PID:12500
- C:\Windows\System\QnahloH.exe
  C:\Windows\System\QnahloH.exe
  2⤵
  PID:12568
- C:\Windows\System\YEOKKjT.exe
  C:\Windows\System\YEOKKjT.exe
  2⤵
  PID:12728
- C:\Windows\System\MUefJBz.exe
  C:\Windows\System\MUefJBz.exe
  2⤵
  PID:12816
- C:\Windows\System\aGDgYoe.exe
  C:\Windows\System\aGDgYoe.exe
  2⤵
  PID:12952
- C:\Windows\System\HRUhpuU.exe
  C:\Windows\System\HRUhpuU.exe
  2⤵
  PID:13196
- C:\Windows\System\UZVqgHr.exe
  C:\Windows\System\UZVqgHr.exe
  2⤵
  PID:13288
- C:\Windows\System\UjVgHAh.exe
  C:\Windows\System\UjVgHAh.exe
  2⤵
  PID:11744
- C:\Windows\System\MwoiJRv.exe
  C:\Windows\System\MwoiJRv.exe
  2⤵
  PID:12908
- C:\Windows\System\tXlKFVP.exe
  C:\Windows\System\tXlKFVP.exe
  2⤵
  PID:13040
- C:\Windows\System\ulcYHhv.exe
  C:\Windows\System\ulcYHhv.exe
  2⤵
  PID:12788
- C:\Windows\System\RhueZFc.exe
  C:\Windows\System\RhueZFc.exe
  2⤵
  PID:12732
- C:\Windows\System\gIuJsuk.exe
  C:\Windows\System\gIuJsuk.exe
  2⤵
  PID:13328
- C:\Windows\System\AJuHFpr.exe
  C:\Windows\System\AJuHFpr.exe
  2⤵
  PID:13348
- C:\Windows\System\LvheHyy.exe
  C:\Windows\System\LvheHyy.exe
  2⤵
  PID:13372
- C:\Windows\System\nikxrGD.exe
  C:\Windows\System\nikxrGD.exe
  2⤵
  PID:13404
- C:\Windows\System\gSYEGFH.exe
  C:\Windows\System\gSYEGFH.exe
  2⤵
  PID:13428
- C:\Windows\System\kmGPlCY.exe
  C:\Windows\System\kmGPlCY.exe
  2⤵
  PID:13444
- C:\Windows\System\bBkytMT.exe
  C:\Windows\System\bBkytMT.exe
  2⤵
  PID:13476
- C:\Windows\System\pxZjAxO.exe
  C:\Windows\System\pxZjAxO.exe
  2⤵
  PID:13508
- C:\Windows\System\hvOptDD.exe
  C:\Windows\System\hvOptDD.exe
  2⤵
  PID:13528
- C:\Windows\System\ITVVybn.exe
  C:\Windows\System\ITVVybn.exe
  2⤵
  PID:13556
- C:\Windows\System\HRZfxEl.exe
  C:\Windows\System\HRZfxEl.exe
  2⤵
  PID:13588
- C:\Windows\System\wwALcdU.exe
  C:\Windows\System\wwALcdU.exe
  2⤵
  PID:13612
- C:\Windows\System\wHTfyao.exe
  C:\Windows\System\wHTfyao.exe
  2⤵
  PID:13644
- C:\Windows\System\GysXjmr.exe
  C:\Windows\System\GysXjmr.exe
  2⤵
  PID:13668
- C:\Windows\System\hZuOaCP.exe
  C:\Windows\System\hZuOaCP.exe
  2⤵
  PID:13692
- C:\Windows\System\RmKSicg.exe
  C:\Windows\System\RmKSicg.exe
  2⤵
  PID:13728
- C:\Windows\System\OCVYhWs.exe
  C:\Windows\System\OCVYhWs.exe
  2⤵
  PID:13752
- C:\Windows\System\Rxmfyje.exe
  C:\Windows\System\Rxmfyje.exe
  2⤵
  PID:13768
- C:\Windows\System\XHjaJUU.exe
  C:\Windows\System\XHjaJUU.exe
  2⤵
  PID:13796
- C:\Windows\System\JUdgkOf.exe
  C:\Windows\System\JUdgkOf.exe
  2⤵
  PID:13824
- C:\Windows\System\HoFLuDN.exe
  C:\Windows\System\HoFLuDN.exe
  2⤵
  PID:13856
- C:\Windows\System\asMgxzQ.exe
  C:\Windows\System\asMgxzQ.exe
  2⤵
  PID:13892
- C:\Windows\System\IaOvVuE.exe
  C:\Windows\System\IaOvVuE.exe
  2⤵
  PID:13912
- C:\Windows\System\DWzdedS.exe
  C:\Windows\System\DWzdedS.exe
  2⤵
  PID:13936
- C:\Windows\System\NmrhKyJ.exe
  C:\Windows\System\NmrhKyJ.exe
  2⤵
  PID:13968
- C:\Windows\System\vKUYMCk.exe
  C:\Windows\System\vKUYMCk.exe
  2⤵
  PID:14000
- C:\Windows\System\hPGPhfL.exe
  C:\Windows\System\hPGPhfL.exe
  2⤵
  PID:14020
- C:\Windows\System\FcbLRKX.exe
  C:\Windows\System\FcbLRKX.exe
  2⤵
  PID:14056
- C:\Windows\System\jkLeiIK.exe
  C:\Windows\System\jkLeiIK.exe
  2⤵
  PID:14076
- C:\Windows\System\sUskkZG.exe
  C:\Windows\System\sUskkZG.exe
  2⤵
  PID:14100
- C:\Windows\System\kLKChbC.exe
  C:\Windows\System\kLKChbC.exe
  2⤵
  PID:14120
- C:\Windows\System\zCcNJJK.exe
  C:\Windows\System\zCcNJJK.exe
  2⤵
  PID:14160
- C:\Windows\System\FykRdvq.exe
  C:\Windows\System\FykRdvq.exe
  2⤵
  PID:14188
- C:\Windows\System\wpoxzTk.exe
  C:\Windows\System\wpoxzTk.exe
  2⤵
  PID:14224
- C:\Windows\System\aRctiAs.exe
  C:\Windows\System\aRctiAs.exe
  2⤵
  PID:14248
- C:\Windows\System\INADAku.exe
  C:\Windows\System\INADAku.exe
  2⤵
  PID:14276
- C:\Windows\System\EWNWmaT.exe
  C:\Windows\System\EWNWmaT.exe
  2⤵
  PID:14300
- C:\Windows\System\ZaYNGCa.exe
  C:\Windows\System\ZaYNGCa.exe
  2⤵
  PID:14324
- C:\Windows\System\Xxnfyjg.exe
  C:\Windows\System\Xxnfyjg.exe
  2⤵
  PID:13384
- C:\Windows\System\qXilHLb.exe
  C:\Windows\System\qXilHLb.exe
  2⤵
  PID:13364
- C:\Windows\System\nQjguUE.exe
  C:\Windows\System\nQjguUE.exe
  2⤵
  PID:13464

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BJnmCnB.exe

Filesize
2.1MB

MD5
487ae63cec9da5d8ad48aef44d0cc075

SHA1
bf061b1aa955205580837555c3f074b8b09158ad

SHA256
bed7046f20bb54bd8a36ebf2c57ed54627da53ec593b986157803d4d4c4e8afe

SHA512
be32221da7bedabf1388f5f12f63e5101e31d1bf9611bbc3a174e837b7567acf56049cfa72c8e11c33f86f92f2a916e4cd3bf25bce8cd9f846e03095d6dbf113

Download Submit
C:\Windows\System\BLXVyRE.exe

Filesize
2.1MB

MD5
ece2e450ca637f4be3138ed89d5aff36

SHA1
dc75c70701d0103134c44c214250e67b709b394d

SHA256
e2f67cc1e0c235ef35d28e082ca7c540e9cbb75dd1e65ee44dfdf27c4a3f829b

SHA512
a0950394f92d03b57d5b462bda145a0900dd8329adbcae6d9e99ce734c192087968246ef60d97e22abdf9fbd887441d32e79938eed72008145429fc52e46f03d

Download Submit
C:\Windows\System\BTHZkTf.exe

Filesize
2.1MB

MD5
c7d135afd05d62e1c057285aa33fde72

SHA1
a6900af90d76772f9f0fdd4aaad106f331e7a918

SHA256
511925bd353dca55245317135e2ca288e7d6c8c507254b21b3ea7d544f64753c

SHA512
1ea309c289c272c00056430d182da6a22ee7bf51c0c2f682d555822531586dc4cef4c6a2ba1a7e9348efbe52e531a2dc0cd1e5286870aa360c91440070b51039

Download Submit
C:\Windows\System\BdomvXb.exe

Filesize
2.1MB

MD5
ba8e09e4be38d5f56fdb3d664e1f7bb2

SHA1
fffee021c892e7f75368f5b284cec51aab733823

SHA256
09f08625263ca2ac57f17ec77152e3be48c869601fb37ad9afa21a8a85a347ed

SHA512
5de734181462f53c30732a2d6c5fcab80419599ff18906daf2d022bef3a5e44426755044aa6a56fb1595ec9820bf994fbd260c8b612a6be79913d0b1c0c49a4c

Download Submit
C:\Windows\System\CbyRAtz.exe

Filesize
2.1MB

MD5
e1e2fdcd37dc92d46269192fbdbf8392

SHA1
205e9f63b12af16f462ec2ae144a7ffd023cafbc

SHA256
259aab4fd92b78cc0ad010f7b24ebe469f8ecbfd1fc62a0f629cd908ed9b4bf3

SHA512
ce932fd3bc6c1995a62257115400eb6e3da49a805987111acba6cb9fcf431ca80acf94b674f5c8c8f3227d51bddf819480ad3a30fe1a07b2664dd72083e02704

Download Submit
C:\Windows\System\CvVtuxE.exe

Filesize
2.1MB

MD5
03faaa3890d40dacf458f925079c17b2

SHA1
febff55307eea484fd63e628f89589fed326fcf7

SHA256
681a2bdc269a8bd86b3fe84d1c789e2971e8e3176d85ee758f60564933a55ab2

SHA512
af851e0f9d5568a352ee35567849462189350dac30bf686a0e76bb987ab5f83ff83e08d544a29f8b9c292285b0bb1dffa117cb64d322194230597a11dca02028

Download Submit
C:\Windows\System\EBnKcgh.exe

Filesize
2.1MB

MD5
a89c873917a18746586c8ab076cdb42b

SHA1
60559f965263eff089bba253d8f11cf56981dd97

SHA256
236c8929fad2311197ba1cdcb9b7649a35143e6bfd75c7b654562be29344a9d4

SHA512
829a3956a450fca66fd931148111a574014deeffc7570840faa68872eef94d6d03ccace01f89633a18dcc38ecdf5da68cf2e8f52acb66a40bc4c45cc1d7c64ef

Download Submit
C:\Windows\System\HLLHKcv.exe

Filesize
2.1MB

MD5
ea4e67d375f86ba8d12c654b0e2fe949

SHA1
808320bf073b673a069eca3ff0470534f194b630

SHA256
01044f1e5efcaf7a943e368b858a72e7c2c74faca82641cf2f7f6aebeffa5a6c

SHA512
b9ed2207b30594668058b9f429ecd86833ff116503b33d1ed1e397e35179190babe3d72933fe501b629fe7242f1a0eb998694db693fc8194b129fa59ab7bb305

Download Submit
C:\Windows\System\InANecv.exe

Filesize
2.1MB

MD5
835f0a7cc480694e6f3e66266fbddb23

SHA1
4169a2aea701692f937f7172e96b4d7a3644025f

SHA256
2fbc73f09eba08cef55638f77a191504deaf3d796002deba0ab8fec15cf8f977

SHA512
28fea1202e1ef7c8315cb7dc898ff2bd1e4b946bc4d09438887cd4b4879b5cc061c6c0ab831f5c287216aab5ec1d653554a5187b26d8bf6896d5baddfbe8ad03

Download Submit
C:\Windows\System\NJtGXgk.exe

Filesize
2.1MB

MD5
9a4e857f5468a07e88a98f6e27986a1e

SHA1
03e1246b6165937e5361df9c3002059888865e28

SHA256
32ba60fd38bfadb870910c800effe01df8e8aec6e52d982b7004c6d9a967d372

SHA512
2af4ba61fc1ccc9e3e5d4e00090ebbf1f06d2fac375ffb133f6d53f87d865fddc04ef8320dfe2cdc4123550a09152dca16e679f6fa87b8960b2c8facd723c05e

Download Submit
C:\Windows\System\OBPsHAK.exe

Filesize
2.1MB

MD5
01f4a4662ae746bea948abb03035c0a3

SHA1
4a6943bb07b2429d7e9217aecf6ecd2446ede392

SHA256
33d992821161af7aad27a3582be07865869941475ae05b3c860e798c26d9e0e6

SHA512
675561b2748edff2314f1c0d9c3be6438be9476e0b9f9bfe06b0fafcabd79a551830d25a430a35981048f1ca5b65cd6ee8335e87ee852a74a7b14980ef4bdd4e

Download Submit
C:\Windows\System\PbXbeRI.exe

Filesize
2.1MB

MD5
48e9489b38f1db58f8aaf6744dee5e21

SHA1
1337a7534b65b866c083163deceee64ee3ace59a

SHA256
ed38f43a695e8438e245f308bc77941e19336843d170c4ada3ebb1779ccf6044

SHA512
980631e16a3818976024bfac48b967275aec206ac0f263d1807ec0cd37fac47324952bb95419f0ee67c83ab6d827dfa5d4415d97896c17a4aa2397e798b9f377

Download Submit
C:\Windows\System\PfXixJK.exe

Filesize
2.1MB

MD5
d5da72dad27ea4df2e22f410d2bbebcb

SHA1
0595114a8c80e24de9679d3dd6a047a1296d7b49

SHA256
4b4e5a70302bee207d87555b0ba95e768b7dfdc41fd23e6b01b612c8b03032bd

SHA512
a863a79c7a806d8282952787898bd334dee94e872b690fb5b4dc93ec9cd1f1513a5cf2f951bd226b83b8d61e33f7344893c7f49fcf1c00e7ec264cf67aee1a9e

Download Submit
C:\Windows\System\RcBCHZM.exe

Filesize
2.1MB

MD5
af4650ad8ad032bf71ec80bd0359113f

SHA1
246ac2f61e0a2ed2ab87622aca8cd6e8c4ea15e7

SHA256
635b09fa0fcceed34743aeb14a5af8ceb91d106de93b3cb15984ad501933df5e

SHA512
bcb73921d15833bf6af67783cf6db76a50b22e91af427d17048a9d62bb6849b6e0f03e622e91e055d62fbf486d646b4e37a903459177fb00181610d565f826e9

Download Submit
C:\Windows\System\UTpJWdt.exe

Filesize
2.1MB

MD5
642e3050c2a92c6fd86f75c72d4f7c1c

SHA1
d9af30ce7d8a7e3c83f90cef3107e6c07bd95de3

SHA256
df93e06c6a8fa7d6b0dd077c262090f24c3bb47d7cd1d8bf9913ac9249c931c7

SHA512
b877cd87d1962ee589184ab20385b973532707e178b84cc3ef530c7f8d521fce84d150fcd8ef923aa1c204939668cbc3153942161d8a89095b61ff02967f2e6e

Download Submit
C:\Windows\System\XABHEAK.exe

Filesize
2.1MB

MD5
f44f524a918d0aad995342de8a90eb60

SHA1
c95a57f25fc3208f26542a6c5310d296963ae7d7

SHA256
5e98c341cc2e36fa34e048a10cd13cd6639972f59a1099e20dfcd809947cd8d7

SHA512
73685fc5f59105f046bf233f756f478e579091afe57411f960d61910a78b7ac3b5dc7c48dd6b29c565e4ea4a3a0dbf38f29a0c24aa51a9ce1a018df6eba45f2a

Download Submit
C:\Windows\System\YebMjQT.exe

Filesize
2.1MB

MD5
63265594b84c2d1ef5bfb2fd7331d929

SHA1
63a7d2377b0332db3346bf0368db0265116b2eb2

SHA256
2f4a61dc2fb1ee44606fb65e75f469cfdc3def31147439edfc63cd856ec9936b

SHA512
fdd0fdc106360db9f125025f3d1b4295c2760339daa2725abdafc741c7a1bb62589219512456f9e3b60fccfe4837c9f3913f64063eadfd790bf82a8f97eded77

Download Submit
C:\Windows\System\ZLXARPM.exe

Filesize
2.1MB

MD5
b301fa447b13d328b282d01745e63147

SHA1
3bb64aff1479ed1aec19fdc8b7966b3afbafee49

SHA256
bc01ec6013fea77ca63751f7d36b4e278402f6a72915bd81dba01c36c657502c

SHA512
4865467cce82e9bd5e111ee2a6b5d4a828eca02373e6c4adf6617a47f45db10b6a9ceff02a04cc5cac31429f9c4173135d95d8c00ab8ad3c947050afe8a582c0

Download Submit
C:\Windows\System\bkpgmOQ.exe

Filesize
2.1MB

MD5
cf0c8d1b8eb461d47df2b7c387594fd8

SHA1
f2b86b86c3cf5732d5c518e144f6e16287881c52

SHA256
b1a22756b4271ff8046f0a11fab8a16ae083524e487d73622676a930c621e7a3

SHA512
243cb86c1316614f6d1f82109422ded6093e4b3c505a337c8212e97aad3f4a206b04fbec71e37426d98c95242fad62fe91a201799fbe57fad207802e89ebea63

Download Submit
C:\Windows\System\dnQzKqW.exe

Filesize
2.1MB

MD5
0d2fa3b48b348e39cc3fc34f82385837

SHA1
f255c92f5d8d3b69c1220c94c55c327769076057

SHA256
7d0e28927985099a2b53bbd4b58369c712728c8c67618ce26c17c6dd8d88e681

SHA512
e7cc59b763fb792e157dce6aef42c1fc2bd6dae696ca30f38432e422c9256a7a42537b3bdeca301f72d5dcd7f78758861cf6acade5dd188b1e404e482ec32ca1

Download Submit
C:\Windows\System\eUTUjOt.exe

Filesize
2.1MB

MD5
e47aa67eae5444407d82bb4f8e5a9ed4

SHA1
3a8b870fa1240a6425c6885dd05feb5baa925c1f

SHA256
eb3358ec9e8b191a9141d758036e0c905ce3eae8e63585175402bbc298fd84ee

SHA512
9f12c466d0b64e0683c2b245e110c1d4f62220489d9a4f3e63eb1c80961438f83146d30cbb00c940e5f0148353823aead09c2b8cbe2cd8fe7dae823e978416a8

Download Submit
C:\Windows\System\fucTWrs.exe

Filesize
2.1MB

MD5
04508ff4691c407fbe19ed9652316ec7

SHA1
034bd25e59b9fa539752d6ce9cfd1304ddbbcaa6

SHA256
eee5048e84ea71ff91c99f1fa9160265cdd85f51f8bc60deb5922557fdcf090c

SHA512
06ed98534bf12d3e5296d32de1ac8f2b58c9d66e0c76b1011fc2c7277a4c0208ee2bb5b5d278f7a83ec38ce32b6efd280610322122b5e5d5d6d66bb6cce85d74

Download Submit
C:\Windows\System\gyNlHqg.exe

Filesize
2.1MB

MD5
fdb42fbc2a2eefb03a403ee1d44dce62

SHA1
242311e0d7963acadeb9f0a19e5d17dd574ad070

SHA256
1991b3b22fae688bc48782c45c48b8eb67d95e3716b7884535498138446e521c

SHA512
39dc8d2776301e0118f1fbea5339d798ca43f0f6de74884fc60ff9bc922aad46b07b419ec69a0c83fe2e23d08a36070e447f8151b2f71056db41bc4e29c0611a

Download Submit
C:\Windows\System\iNmEAhf.exe

Filesize
2.1MB

MD5
d6da93bcc35641520e2b4f150c69a8b3

SHA1
52f3aa0a406735a0030dd1eb62519f089d934432

SHA256
525652714d6bebfc83d904f17ba993f37a9435b520b041a4b20356be667675f1

SHA512
3eb514da5406d9ede6a3411908fcbdfa123b298457543b7b67e2eeda4284926f1a4bfa3794c2f65a45173d4646e7175e9ea757c7ca4f19e02b7d07608eadf827

Download Submit
C:\Windows\System\iabJSaK.exe

Filesize
2.1MB

MD5
b0d48047d9411837feccfd0de0c3aef8

SHA1
a76bb85b0683f98b2ea135d725eae1e05962ddf3

SHA256
3fbad8178aa3821e16dadfe49172c5728334c4424ac72b63a8239b60285406ce

SHA512
ba8c16a0fa9faea372342ea6feb7de1e5aa74f5a912419d61e5448d2dce463141cedda66105f5cfced855321852f1a5aee34f8dfa3b2a4d1a9773177fc26c72c

Download Submit
C:\Windows\System\ibDnaRo.exe

Filesize
2.1MB

MD5
a176b6cd4babe189f265d9f85d7e3750

SHA1
6bb892bc9df46eea93b7ab096d9472b239a36db8

SHA256
d6209fe897da4064146c633e70956814794c5bac1fc400e63fe0406e1b9a957f

SHA512
53be7256006dddb05247cd488f6a55d4bf5385db7829d613d11a5cee957ebe814e31146edc01997fb6e1ddef2fc25a7115d2da6b1695b6b5503db5609b564a6a

Download Submit
C:\Windows\System\lzRXVkb.exe

Filesize
2.1MB

MD5
48d2c0ec2c7acd6c9988c505b5825c75

SHA1
5f1ee4fb2ec57cfd524f2409125be3c8cdced438

SHA256
46da0f519f97c7c3e24f8c3c2a62394c690a17e56725195effd9d1a45e9f0457

SHA512
04206166eca88eee19190b7c09669e229e407cc4dc71ea53ff2bcd733d535c02e3f507743e885d0072e7395ef340f9934d238ead28a88fd5851778ee82f6ae48

Download Submit
C:\Windows\System\mGqGUHl.exe

Filesize
2.1MB

MD5
64f25f41de3091e48ca26c8992fb1085

SHA1
a478aaaa9992b026b4d1f77ed1c6a4c3efe0d8e3

SHA256
d2149cbd619fa728a5b6fb121878d1c13d19faa190fabdec175087fbf548e72a

SHA512
8492c2b7e9dd78d71da5e239b3acd70d6480f497da1adadb240ef277d4e264a93d0a144b709e08489e40d6ebcebbe399f5357d01869773e7b968f6418f2114ad

Download Submit
C:\Windows\System\ouLtRlw.exe

Filesize
2.1MB

MD5
d6820d074f09fcb64de7c07f752f232f

SHA1
6bb50ff4b48b5e48580aeefab08a679e44ba9336

SHA256
8503608c1a91457384ae513fc62d02602d1d8d30558584efef1ee23aabbee9f0

SHA512
a87e3a3935c1a8e32992365d4c3daeda84eabd737c5fadd7a79ffbe60c93a6c2ec03415e8bd589096a0a0cf9211c2d5279dfa3948849507a41c285b778daa60c

Download Submit
C:\Windows\System\pVznKAg.exe

Filesize
2.1MB

MD5
e059fad77a843fb72c576fc94e0dd93b

SHA1
111f7b1612da60b4ae343603b422c43aae4cf771

SHA256
ce3e2880a8bf92736b4159b9e27026ad7e2ac1b08e553a155328d41b0d3b458a

SHA512
524c01af2f70bf5794c86717c3e9c99d4f54066d667f244a53f3b88bcbaad4682bb53a46a07bcb867f33cd084d0a7d2af0bd4225276c0a7a313fd9fbb1a4d1f0

Download Submit
C:\Windows\System\rGqCWFf.exe

Filesize
2.1MB

MD5
bc02ae26b9e3a15e9cfb4098636be60e

SHA1
0a745cd45620486855a720ca49687b04765702d7

SHA256
2ce7d2b0a1d652992f35306f55dc24f278038d738e7ddb93f5c6d35ef75b7a35

SHA512
d413a5fddce6986e721140d18d8920e3a52ed1515bb09193230bd8dc860bed21ed147b1ad0d366400181b241ea9a1da72973d5b33ef7996d6c91f5dad619d42c

Download Submit
C:\Windows\System\rkVmlNP.exe

Filesize
2.1MB

MD5
5830bb957d2c9daec645fc6a1516ffc2

SHA1
25b9a39c8d4f71099cb3755f8d6ca9834f5f70fc

SHA256
97f4c72b7c962e97203f698f1029bf37df8f92795ac00f52093626db7f3dad45

SHA512
b4d0002a1f1eeac7971d551a8d89c0a112d5dc8d11c293e937af01c007311c38e06151f4b270c69e0b8b5e0ffde127a5778883ab9b26be93f94bb0b6fdd9c8cb

Download Submit
C:\Windows\System\sEvaAAe.exe

Filesize
2.1MB

MD5
553fdf2835ff8a330a5dc2e5db9848ef

SHA1
87861b7684ddd7b9d022bcfbb20eb49bc70b21a3

SHA256
1f983d92a09271a45ac3ed7c508c64aef17018cee30f1a765d7423d82c7f984c

SHA512
0e779fe3ebdca4e68e8602d19d752a3c8e46eb6b45ae49f2886bd66f29cbd336bf342aa86bbc879ef78b0b28d8c5df7ebc29790ca66d8cbeee8871a7ace321bb

Download Submit
C:\Windows\System\tKEObjf.exe

Filesize
2.1MB

MD5
7a4935a913b38944198405f26c321fd9

SHA1
94b02711003e0b779d5b672dd0c5c63e5432d6a0

SHA256
99f4997453fc07ef00950003f8deb81bbaca1d7cd3c67463eebdcff5921aaacc

SHA512
cce6d6310d54c30bd3c01683d415db51c534a9af6b9f1fa123217a5c691ac1be32e92b2562a19c8d47eb6bb297ca1d5a9540dff8d8e3f44db9b90364e22a1c82

Download Submit
C:\Windows\System\tjrlItw.exe

Filesize
2.1MB

MD5
720d245b27402c062909b5d6fc1228f6

SHA1
ca733e85c7c54f22682f39ff44977381d4e24ed6

SHA256
69e90baca6c8d01465d2c9216d72b96d392f43462b545715ff9cf1e19d702636

SHA512
05c36f0fe80bc57dc578c77711d7f6b54c1b8d98f459e8200142f9dd7b9a74aece9c08c2041c119b86e87fa1dca2f787cc6c6caead2d71a44d84b2e8e613b4db

Download Submit
C:\Windows\System\xGcnkZe.exe

Filesize
2.1MB

MD5
16473c1bad7385012a21d4fbff39eb83

SHA1
90aeb9cbf9916059c38d3e5397380c53f6226769

SHA256
e60c17d10d7f96e97fa2475fbbf2b76366218852f851d69b50192df00b6fde0c

SHA512
f81f626ca784145ea884dbd7b1de9b831b76cda106112677b0101566e6f98d7b36842722eb930f2a719d5f2dd427e7f1af1b2d4ada2229d03661f69251d14f24

Download Submit
memory/448-2180-0x00007FF69A550000-0x00007FF69A8A4000-memory.dmp

Filesize
3.3MB

Download
memory/448-201-0x00007FF69A550000-0x00007FF69A8A4000-memory.dmp

Filesize
3.3MB

Download
memory/796-197-0x00007FF7073A0000-0x00007FF7076F4000-memory.dmp

Filesize
3.3MB

Download
memory/796-2164-0x00007FF7073A0000-0x00007FF7076F4000-memory.dmp

Filesize
3.3MB

Download
memory/892-2171-0x00007FF625EA0000-0x00007FF6261F4000-memory.dmp

Filesize
3.3MB

Download
memory/892-156-0x00007FF625EA0000-0x00007FF6261F4000-memory.dmp

Filesize
3.3MB

Download
memory/1276-2170-0x00007FF737B10000-0x00007FF737E64000-memory.dmp

Filesize
3.3MB

Download
memory/1276-2151-0x00007FF737B10000-0x00007FF737E64000-memory.dmp

Filesize
3.3MB

Download
memory/1276-131-0x00007FF737B10000-0x00007FF737E64000-memory.dmp

Filesize
3.3MB

Download
memory/1392-200-0x00007FF611DA0000-0x00007FF6120F4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-2166-0x00007FF611DA0000-0x00007FF6120F4000-memory.dmp

Filesize
3.3MB

Download
memory/1828-2158-0x00007FF77C5E0000-0x00007FF77C934000-memory.dmp

Filesize
3.3MB

Download
memory/1828-20-0x00007FF77C5E0000-0x00007FF77C934000-memory.dmp

Filesize
3.3MB

Download
memory/1944-1-0x0000029ABBC60000-0x0000029ABBC70000-memory.dmp

Filesize
64KB

Download
memory/1944-0-0x00007FF7A0180000-0x00007FF7A04D4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-135-0x00007FF68FE30000-0x00007FF690184000-memory.dmp

Filesize
3.3MB

Download
memory/2180-2183-0x00007FF68FE30000-0x00007FF690184000-memory.dmp

Filesize
3.3MB

Download
memory/2180-2152-0x00007FF68FE30000-0x00007FF690184000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2153-0x00007FF7E85D0000-0x00007FF7E8924000-memory.dmp

Filesize
3.3MB

Download
memory/2448-28-0x00007FF7E85D0000-0x00007FF7E8924000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2159-0x00007FF7E85D0000-0x00007FF7E8924000-memory.dmp

Filesize
3.3MB

Download
memory/2744-193-0x00007FF605E60000-0x00007FF6061B4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2181-0x00007FF605E60000-0x00007FF6061B4000-memory.dmp

Filesize
3.3MB

Download
memory/3116-2156-0x00007FF7B23B0000-0x00007FF7B2704000-memory.dmp

Filesize
3.3MB

Download
memory/3116-53-0x00007FF7B23B0000-0x00007FF7B2704000-memory.dmp

Filesize
3.3MB

Download
memory/3168-2157-0x00007FF7982E0000-0x00007FF798634000-memory.dmp

Filesize
3.3MB

Download
memory/3168-27-0x00007FF7982E0000-0x00007FF798634000-memory.dmp

Filesize
3.3MB

Download
memory/3168-2146-0x00007FF7982E0000-0x00007FF798634000-memory.dmp

Filesize
3.3MB

Download
memory/3172-203-0x00007FF627360000-0x00007FF6276B4000-memory.dmp

Filesize
3.3MB

Download
memory/3172-2175-0x00007FF627360000-0x00007FF6276B4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-196-0x00007FF665450000-0x00007FF6657A4000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2172-0x00007FF665450000-0x00007FF6657A4000-memory.dmp

Filesize
3.3MB

Download
memory/3240-195-0x00007FF733790000-0x00007FF733AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3240-2174-0x00007FF733790000-0x00007FF733AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3368-198-0x00007FF7A1440000-0x00007FF7A1794000-memory.dmp

Filesize
3.3MB

Download
memory/3368-2165-0x00007FF7A1440000-0x00007FF7A1794000-memory.dmp

Filesize
3.3MB

Download
memory/3608-202-0x00007FF70DDC0000-0x00007FF70E114000-memory.dmp

Filesize
3.3MB

Download
memory/3608-2176-0x00007FF70DDC0000-0x00007FF70E114000-memory.dmp

Filesize
3.3MB

Download
memory/3708-2148-0x00007FF61A570000-0x00007FF61A8C4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-2161-0x00007FF61A570000-0x00007FF61A8C4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-72-0x00007FF61A570000-0x00007FF61A8C4000-memory.dmp

Filesize
3.3MB

Download
memory/3828-2147-0x00007FF727E10000-0x00007FF728164000-memory.dmp

Filesize
3.3MB

Download
memory/3828-2160-0x00007FF727E10000-0x00007FF728164000-memory.dmp

Filesize
3.3MB

Download
memory/3828-41-0x00007FF727E10000-0x00007FF728164000-memory.dmp

Filesize
3.3MB

Download
memory/3836-194-0x00007FF79DA60000-0x00007FF79DDB4000-memory.dmp

Filesize
3.3MB

Download
memory/3836-2173-0x00007FF79DA60000-0x00007FF79DDB4000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2150-0x00007FF6443E0000-0x00007FF644734000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2169-0x00007FF6443E0000-0x00007FF644734000-memory.dmp

Filesize
3.3MB

Download
memory/3964-102-0x00007FF6443E0000-0x00007FF644734000-memory.dmp

Filesize
3.3MB

Download
memory/3992-2167-0x00007FF6B6140000-0x00007FF6B6494000-memory.dmp

Filesize
3.3MB

Download
memory/3992-172-0x00007FF6B6140000-0x00007FF6B6494000-memory.dmp

Filesize
3.3MB

Download
memory/4312-2179-0x00007FF668B50000-0x00007FF668EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-190-0x00007FF668B50000-0x00007FF668EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-2154-0x00007FF612CA0000-0x00007FF612FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-2162-0x00007FF612CA0000-0x00007FF612FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-54-0x00007FF612CA0000-0x00007FF612FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4564-192-0x00007FF7CD030000-0x00007FF7CD384000-memory.dmp

Filesize
3.3MB

Download
memory/4564-2177-0x00007FF7CD030000-0x00007FF7CD384000-memory.dmp

Filesize
3.3MB

Download
memory/4916-185-0x00007FF6028A0000-0x00007FF602BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2182-0x00007FF6028A0000-0x00007FF602BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-2168-0x00007FF7DE6A0000-0x00007FF7DE9F4000-memory.dmp

Filesize
3.3MB

Download
memory/4992-199-0x00007FF7DE6A0000-0x00007FF7DE9F4000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2155-0x00007FF6AF290000-0x00007FF6AF5E4000-memory.dmp

Filesize
3.3MB

Download
memory/5000-15-0x00007FF6AF290000-0x00007FF6AF5E4000-memory.dmp

Filesize
3.3MB

Download
memory/5012-81-0x00007FF6A09E0000-0x00007FF6A0D34000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2149-0x00007FF6A09E0000-0x00007FF6A0D34000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2163-0x00007FF6A09E0000-0x00007FF6A0D34000-memory.dmp

Filesize
3.3MB

Download
memory/5076-2178-0x00007FF7CE780000-0x00007FF7CEAD4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-191-0x00007FF7CE780000-0x00007FF7CEAD4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads