xmrig | 5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879

Analysis

max time kernel
121s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
Size

1.9MB
MD5

01f6c59c29f4d531d592c3a772161f00
SHA1

7f788103cddc4924db4b24e7d952b5c1c830f46a
SHA256

5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879
SHA512

6c41a8e883a01ae758c90dd7bf35b2ed6006b7bf705c7db9b8aded2d3ef95c4c732518d8935e0a7222daf711f65d50117a4108cb39fa66f13d54631beffd4ef5
SSDEEP

49152:ROdWCCi7/raU56uL3pgrCEdMKPFo4BwHzQHm96:RWWBib356utgpPFoc

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/3628-8-0x00007FF646750000-0x00007FF646AA1000-memory.dmp	xmrig
behavioral2/memory/1128-452-0x00007FF6768E0000-0x00007FF676C31000-memory.dmp	xmrig
behavioral2/memory/3632-453-0x00007FF736E10000-0x00007FF737161000-memory.dmp	xmrig
behavioral2/memory/2440-455-0x00007FF65D650000-0x00007FF65D9A1000-memory.dmp	xmrig
behavioral2/memory/1760-454-0x00007FF77C100000-0x00007FF77C451000-memory.dmp	xmrig
behavioral2/memory/612-459-0x00007FF72F930000-0x00007FF72FC81000-memory.dmp	xmrig
behavioral2/memory/1108-461-0x00007FF74FA80000-0x00007FF74FDD1000-memory.dmp	xmrig
behavioral2/memory/4648-462-0x00007FF69B5C0000-0x00007FF69B911000-memory.dmp	xmrig
behavioral2/memory/2388-464-0x00007FF7F7330000-0x00007FF7F7681000-memory.dmp	xmrig
behavioral2/memory/700-465-0x00007FF686160000-0x00007FF6864B1000-memory.dmp	xmrig
behavioral2/memory/4004-470-0x00007FF7085B0000-0x00007FF708901000-memory.dmp	xmrig
behavioral2/memory/4912-469-0x00007FF7B0340000-0x00007FF7B0691000-memory.dmp	xmrig
behavioral2/memory/1000-472-0x00007FF61C290000-0x00007FF61C5E1000-memory.dmp	xmrig
behavioral2/memory/4160-473-0x00007FF77BA90000-0x00007FF77BDE1000-memory.dmp	xmrig
behavioral2/memory/4324-471-0x00007FF624CB0000-0x00007FF625001000-memory.dmp	xmrig
behavioral2/memory/3240-468-0x00007FF7E5C10000-0x00007FF7E5F61000-memory.dmp	xmrig
behavioral2/memory/4764-467-0x00007FF682D50000-0x00007FF6830A1000-memory.dmp	xmrig
behavioral2/memory/1508-466-0x00007FF6F3190000-0x00007FF6F34E1000-memory.dmp	xmrig
behavioral2/memory/1844-478-0x00007FF66AEA0000-0x00007FF66B1F1000-memory.dmp	xmrig
behavioral2/memory/2304-463-0x00007FF757FD0000-0x00007FF758321000-memory.dmp	xmrig
behavioral2/memory/2368-460-0x00007FF7E75F0000-0x00007FF7E7941000-memory.dmp	xmrig
behavioral2/memory/4908-458-0x00007FF6C7740000-0x00007FF6C7A91000-memory.dmp	xmrig
behavioral2/memory/2872-457-0x00007FF6864C0000-0x00007FF686811000-memory.dmp	xmrig
behavioral2/memory/4092-456-0x00007FF77E9E0000-0x00007FF77ED31000-memory.dmp	xmrig
behavioral2/memory/4272-2198-0x00007FF6969C0000-0x00007FF696D11000-memory.dmp	xmrig
behavioral2/memory/2088-2207-0x00007FF61BD60000-0x00007FF61C0B1000-memory.dmp	xmrig
behavioral2/memory/3564-2232-0x00007FF646D60000-0x00007FF6470B1000-memory.dmp	xmrig
behavioral2/memory/2428-2233-0x00007FF655150000-0x00007FF6554A1000-memory.dmp	xmrig
behavioral2/memory/3628-2253-0x00007FF646750000-0x00007FF646AA1000-memory.dmp	xmrig
behavioral2/memory/1148-2255-0x00007FF6BD1D0000-0x00007FF6BD521000-memory.dmp	xmrig
behavioral2/memory/4272-2257-0x00007FF6969C0000-0x00007FF696D11000-memory.dmp	xmrig
behavioral2/memory/3564-2259-0x00007FF646D60000-0x00007FF6470B1000-memory.dmp	xmrig
behavioral2/memory/2088-2263-0x00007FF61BD60000-0x00007FF61C0B1000-memory.dmp	xmrig
behavioral2/memory/2428-2262-0x00007FF655150000-0x00007FF6554A1000-memory.dmp	xmrig
behavioral2/memory/1844-2265-0x00007FF66AEA0000-0x00007FF66B1F1000-memory.dmp	xmrig
behavioral2/memory/2872-2269-0x00007FF6864C0000-0x00007FF686811000-memory.dmp	xmrig
behavioral2/memory/4092-2281-0x00007FF77E9E0000-0x00007FF77ED31000-memory.dmp	xmrig
behavioral2/memory/2304-2289-0x00007FF757FD0000-0x00007FF758321000-memory.dmp	xmrig
behavioral2/memory/2388-2291-0x00007FF7F7330000-0x00007FF7F7681000-memory.dmp	xmrig
behavioral2/memory/1108-2287-0x00007FF74FA80000-0x00007FF74FDD1000-memory.dmp	xmrig
behavioral2/memory/4648-2285-0x00007FF69B5C0000-0x00007FF69B911000-memory.dmp	xmrig
behavioral2/memory/2368-2283-0x00007FF7E75F0000-0x00007FF7E7941000-memory.dmp	xmrig
behavioral2/memory/2440-2279-0x00007FF65D650000-0x00007FF65D9A1000-memory.dmp	xmrig
behavioral2/memory/612-2277-0x00007FF72F930000-0x00007FF72FC81000-memory.dmp	xmrig
behavioral2/memory/3632-2275-0x00007FF736E10000-0x00007FF737161000-memory.dmp	xmrig
behavioral2/memory/1760-2273-0x00007FF77C100000-0x00007FF77C451000-memory.dmp	xmrig
behavioral2/memory/1128-2271-0x00007FF6768E0000-0x00007FF676C31000-memory.dmp	xmrig
behavioral2/memory/4908-2267-0x00007FF6C7740000-0x00007FF6C7A91000-memory.dmp	xmrig
behavioral2/memory/700-2293-0x00007FF686160000-0x00007FF6864B1000-memory.dmp	xmrig
behavioral2/memory/3240-2312-0x00007FF7E5C10000-0x00007FF7E5F61000-memory.dmp	xmrig
behavioral2/memory/4160-2295-0x00007FF77BA90000-0x00007FF77BDE1000-memory.dmp	xmrig
behavioral2/memory/4324-2324-0x00007FF624CB0000-0x00007FF625001000-memory.dmp	xmrig
behavioral2/memory/4764-2314-0x00007FF682D50000-0x00007FF6830A1000-memory.dmp	xmrig
behavioral2/memory/1508-2307-0x00007FF6F3190000-0x00007FF6F34E1000-memory.dmp	xmrig
behavioral2/memory/4912-2303-0x00007FF7B0340000-0x00007FF7B0691000-memory.dmp	xmrig
behavioral2/memory/4004-2300-0x00007FF7085B0000-0x00007FF708901000-memory.dmp	xmrig
behavioral2/memory/1000-2298-0x00007FF61C290000-0x00007FF61C5E1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3628	zskQzrt.exe
1148	gNkNAQa.exe
4272	xZXBKVm.exe
3564	AAzTQaO.exe
2088	GZthWsY.exe
2428	tXotLFO.exe
1844	WoiLtVI.exe
1128	sTrsoYA.exe
3632	XYFDLCR.exe
1760	WUXYxsf.exe
2440	PncquOx.exe
4092	pelfVAT.exe
2872	KZfkTvl.exe
4908	hxjsNck.exe
612	UldjzUK.exe
2368	GiKaAbK.exe
1108	aJwRAhR.exe
4648	zTMdEzn.exe
2304	hZPbvnq.exe
2388	ncxaRiq.exe
700	GFoFQXY.exe
1508	flhbhZT.exe
4764	YoiIXUC.exe
3240	oSYpPqA.exe
4912	BZeTYcM.exe
4004	grGgsvW.exe
4324	GuIdDlp.exe
1000	QRXclLn.exe
4160	cuwZsNg.exe
3908	pwvezMa.exe
3288	mRBPXHj.exe
5000	CNecIEW.exe
1896	cLRNDmV.exe
2308	SIvGUzE.exe
316	seZsehm.exe
2176	DObzZDH.exe
632	UmNBfKO.exe
1260	PBKDCgW.exe
3096	JsKbvJm.exe
2664	nNgHEQG.exe
3656	jmTNULy.exe
4420	xuTBdVc.exe
3504	RcDmPLc.exe
4404	MXeUJSN.exe
452	YalLylG.exe
1004	TqcWzdn.exe
4968	cDrSMAk.exe
1264	ymcvfaI.exe
1560	INpsHTG.exe
2236	zRrzyxx.exe
2700	AlOUCUT.exe
2076	HRtNtaP.exe
4612	cNZAIdW.exe
4820	apcGXrj.exe
2956	KyYSykn.exe
4996	FjwxNjO.exe
1904	eQABava.exe
4516	ztWFdzL.exe
1964	gxfcSlk.exe
2716	gmsFpyp.exe
4432	NOyVADJ.exe
4444	TrGujoH.exe
2540	KEzwjaU.exe
4676	BbmdJua.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3560-0-0x00007FF6B96B0000-0x00007FF6B9A01000-memory.dmp	upx
behavioral2/files/0x0009000000023417-5.dat	upx
behavioral2/memory/3628-8-0x00007FF646750000-0x00007FF646AA1000-memory.dmp	upx
behavioral2/files/0x0008000000023420-11.dat	upx
behavioral2/files/0x0007000000023424-16.dat	upx
behavioral2/memory/1148-18-0x00007FF6BD1D0000-0x00007FF6BD521000-memory.dmp	upx
behavioral2/memory/4272-22-0x00007FF6969C0000-0x00007FF696D11000-memory.dmp	upx
behavioral2/memory/3564-26-0x00007FF646D60000-0x00007FF6470B1000-memory.dmp	upx
behavioral2/files/0x0007000000023427-33.dat	upx
behavioral2/files/0x0007000000023428-41.dat	upx
behavioral2/files/0x000700000002342a-54.dat	upx
behavioral2/files/0x000700000002342c-64.dat	upx
behavioral2/files/0x000700000002342e-74.dat	upx
behavioral2/files/0x0007000000023432-90.dat	upx
behavioral2/files/0x0007000000023435-109.dat	upx
behavioral2/files/0x0007000000023437-119.dat	upx
behavioral2/files/0x0007000000023439-129.dat	upx
behavioral2/files/0x0007000000023440-164.dat	upx
behavioral2/files/0x0007000000023442-168.dat	upx
behavioral2/files/0x0007000000023441-163.dat	upx
behavioral2/files/0x000700000002343f-159.dat	upx
behavioral2/files/0x000700000002343e-154.dat	upx
behavioral2/files/0x000700000002343d-149.dat	upx
behavioral2/files/0x000700000002343c-143.dat	upx
behavioral2/files/0x000700000002343b-139.dat	upx
behavioral2/files/0x000700000002343a-134.dat	upx
behavioral2/files/0x0007000000023438-124.dat	upx
behavioral2/files/0x0007000000023436-114.dat	upx
behavioral2/files/0x0007000000023434-104.dat	upx
behavioral2/files/0x0007000000023433-98.dat	upx
behavioral2/files/0x0007000000023431-86.dat	upx
behavioral2/files/0x0007000000023430-81.dat	upx
behavioral2/files/0x000700000002342f-76.dat	upx
behavioral2/files/0x000700000002342d-68.dat	upx
behavioral2/files/0x000700000002342b-59.dat	upx
behavioral2/files/0x0007000000023429-46.dat	upx
behavioral2/memory/2088-34-0x00007FF61BD60000-0x00007FF61C0B1000-memory.dmp	upx
behavioral2/files/0x0007000000023426-31.dat	upx
behavioral2/files/0x0007000000023425-28.dat	upx
behavioral2/memory/2428-451-0x00007FF655150000-0x00007FF6554A1000-memory.dmp	upx
behavioral2/memory/1128-452-0x00007FF6768E0000-0x00007FF676C31000-memory.dmp	upx
behavioral2/memory/3632-453-0x00007FF736E10000-0x00007FF737161000-memory.dmp	upx
behavioral2/memory/2440-455-0x00007FF65D650000-0x00007FF65D9A1000-memory.dmp	upx
behavioral2/memory/1760-454-0x00007FF77C100000-0x00007FF77C451000-memory.dmp	upx
behavioral2/memory/612-459-0x00007FF72F930000-0x00007FF72FC81000-memory.dmp	upx
behavioral2/memory/1108-461-0x00007FF74FA80000-0x00007FF74FDD1000-memory.dmp	upx
behavioral2/memory/4648-462-0x00007FF69B5C0000-0x00007FF69B911000-memory.dmp	upx
behavioral2/memory/2388-464-0x00007FF7F7330000-0x00007FF7F7681000-memory.dmp	upx
behavioral2/memory/700-465-0x00007FF686160000-0x00007FF6864B1000-memory.dmp	upx
behavioral2/memory/4004-470-0x00007FF7085B0000-0x00007FF708901000-memory.dmp	upx
behavioral2/memory/4912-469-0x00007FF7B0340000-0x00007FF7B0691000-memory.dmp	upx
behavioral2/memory/1000-472-0x00007FF61C290000-0x00007FF61C5E1000-memory.dmp	upx
behavioral2/memory/4160-473-0x00007FF77BA90000-0x00007FF77BDE1000-memory.dmp	upx
behavioral2/memory/4324-471-0x00007FF624CB0000-0x00007FF625001000-memory.dmp	upx
behavioral2/memory/3240-468-0x00007FF7E5C10000-0x00007FF7E5F61000-memory.dmp	upx
behavioral2/memory/4764-467-0x00007FF682D50000-0x00007FF6830A1000-memory.dmp	upx
behavioral2/memory/1508-466-0x00007FF6F3190000-0x00007FF6F34E1000-memory.dmp	upx
behavioral2/memory/1844-478-0x00007FF66AEA0000-0x00007FF66B1F1000-memory.dmp	upx
behavioral2/memory/2304-463-0x00007FF757FD0000-0x00007FF758321000-memory.dmp	upx
behavioral2/memory/2368-460-0x00007FF7E75F0000-0x00007FF7E7941000-memory.dmp	upx
behavioral2/memory/4908-458-0x00007FF6C7740000-0x00007FF6C7A91000-memory.dmp	upx
behavioral2/memory/2872-457-0x00007FF6864C0000-0x00007FF686811000-memory.dmp	upx
behavioral2/memory/4092-456-0x00007FF77E9E0000-0x00007FF77ED31000-memory.dmp	upx
behavioral2/memory/4272-2198-0x00007FF6969C0000-0x00007FF696D11000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Ijkkpzt.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\tfJylGZ.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\InyKnbo.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\uQgWXRT.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\seZsehm.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\FjwxNjO.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\XLJgBpl.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\CCEvFbc.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\rzKhOCw.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\fiOQdED.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\hTqQyEL.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\IoAlySm.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\zsmKmbu.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\YxuiYFw.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\rGWeIVO.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\CcfqDmn.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\GvPSpDa.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\sgdEmVe.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\kjTDGBb.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\WoiLtVI.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\cxuagom.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\dChFauq.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\TqTXQMk.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\HbsPTQQ.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\GJpnNSW.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\LGWgmmt.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\STPtHwT.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\IbdvoNX.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\gCtgdWv.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\hRYCgwI.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\RLrXboF.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\iBncikf.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\sTrsoYA.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\zbfzqav.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\TuTGpDY.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\bcXRzbV.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\jnhGYil.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\BFMHGiD.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\cuwZsNg.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\xuTBdVc.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\wjyfdWU.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\PEeOfog.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\vIbqime.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\sXqdENT.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\AIKSwFE.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\QRXclLn.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\JkYpWWO.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\dPKVCOf.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\JfcwdQL.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\MyPDiJX.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\whKzOqN.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\LPzrawF.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\AEkqjMX.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\jmTNULy.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\YalLylG.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\OCBggPK.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\XkyKtso.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\gEbLWRT.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\kpwVSID.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\eeksTka.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\mesRDPu.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\BvEGYgk.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\zAGVMjt.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
File created	C:\Windows\System\klaaYax.exe	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2292	dwm.exe
Token: SeChangeNotifyPrivilege	2292	dwm.exe
Token: 33	2292	dwm.exe
Token: SeIncBasePriorityPrivilege	2292	dwm.exe
Token: SeShutdownPrivilege	2292	dwm.exe
Token: SeCreatePagefilePrivilege	2292	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 3628	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	84
PID 3560 wrote to memory of 3628	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	84
PID 3560 wrote to memory of 1148	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	85
PID 3560 wrote to memory of 1148	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	85
PID 3560 wrote to memory of 4272	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	86
PID 3560 wrote to memory of 4272	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	86
PID 3560 wrote to memory of 3564	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	87
PID 3560 wrote to memory of 3564	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	87
PID 3560 wrote to memory of 2088	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	88
PID 3560 wrote to memory of 2088	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	88
PID 3560 wrote to memory of 2428	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	89
PID 3560 wrote to memory of 2428	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	89
PID 3560 wrote to memory of 1844	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	90
PID 3560 wrote to memory of 1844	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	90
PID 3560 wrote to memory of 1128	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	91
PID 3560 wrote to memory of 1128	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	91
PID 3560 wrote to memory of 3632	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	92
PID 3560 wrote to memory of 3632	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	92
PID 3560 wrote to memory of 1760	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	93
PID 3560 wrote to memory of 1760	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	93
PID 3560 wrote to memory of 2440	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	94
PID 3560 wrote to memory of 2440	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	94
PID 3560 wrote to memory of 4092	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	95
PID 3560 wrote to memory of 4092	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	95
PID 3560 wrote to memory of 2872	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	96
PID 3560 wrote to memory of 2872	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	96
PID 3560 wrote to memory of 4908	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	97
PID 3560 wrote to memory of 4908	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	97
PID 3560 wrote to memory of 612	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	98
PID 3560 wrote to memory of 612	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	98
PID 3560 wrote to memory of 2368	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	99
PID 3560 wrote to memory of 2368	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	99
PID 3560 wrote to memory of 1108	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	100
PID 3560 wrote to memory of 1108	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	100
PID 3560 wrote to memory of 4648	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	101
PID 3560 wrote to memory of 4648	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	101
PID 3560 wrote to memory of 2304	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	102
PID 3560 wrote to memory of 2304	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	102
PID 3560 wrote to memory of 2388	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	103
PID 3560 wrote to memory of 2388	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	103
PID 3560 wrote to memory of 700	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	104
PID 3560 wrote to memory of 700	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	104
PID 3560 wrote to memory of 1508	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	105
PID 3560 wrote to memory of 1508	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	105
PID 3560 wrote to memory of 4764	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	106
PID 3560 wrote to memory of 4764	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	106
PID 3560 wrote to memory of 3240	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	107
PID 3560 wrote to memory of 3240	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	107
PID 3560 wrote to memory of 4912	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	108
PID 3560 wrote to memory of 4912	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	108
PID 3560 wrote to memory of 4004	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	109
PID 3560 wrote to memory of 4004	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	109
PID 3560 wrote to memory of 4324	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	110
PID 3560 wrote to memory of 4324	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	110
PID 3560 wrote to memory of 1000	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	111
PID 3560 wrote to memory of 1000	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	111
PID 3560 wrote to memory of 4160	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	112
PID 3560 wrote to memory of 4160	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	112
PID 3560 wrote to memory of 3908	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	113
PID 3560 wrote to memory of 3908	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	113
PID 3560 wrote to memory of 3288	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	114
PID 3560 wrote to memory of 3288	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	114
PID 3560 wrote to memory of 5000	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	115
PID 3560 wrote to memory of 5000	3560	5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ff83f4d240240ae215b518a479419bd0c678bcf93352a3432bfbd508667e879_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Windows\System\zskQzrt.exe
  C:\Windows\System\zskQzrt.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\gNkNAQa.exe
  C:\Windows\System\gNkNAQa.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\xZXBKVm.exe
  C:\Windows\System\xZXBKVm.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\AAzTQaO.exe
  C:\Windows\System\AAzTQaO.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\GZthWsY.exe
  C:\Windows\System\GZthWsY.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\tXotLFO.exe
  C:\Windows\System\tXotLFO.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\WoiLtVI.exe
  C:\Windows\System\WoiLtVI.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\sTrsoYA.exe
  C:\Windows\System\sTrsoYA.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\XYFDLCR.exe
  C:\Windows\System\XYFDLCR.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\WUXYxsf.exe
  C:\Windows\System\WUXYxsf.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\PncquOx.exe
  C:\Windows\System\PncquOx.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\pelfVAT.exe
  C:\Windows\System\pelfVAT.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\KZfkTvl.exe
  C:\Windows\System\KZfkTvl.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\hxjsNck.exe
  C:\Windows\System\hxjsNck.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\UldjzUK.exe
  C:\Windows\System\UldjzUK.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\GiKaAbK.exe
  C:\Windows\System\GiKaAbK.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\aJwRAhR.exe
  C:\Windows\System\aJwRAhR.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\zTMdEzn.exe
  C:\Windows\System\zTMdEzn.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\hZPbvnq.exe
  C:\Windows\System\hZPbvnq.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\ncxaRiq.exe
  C:\Windows\System\ncxaRiq.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\GFoFQXY.exe
  C:\Windows\System\GFoFQXY.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\flhbhZT.exe
  C:\Windows\System\flhbhZT.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\YoiIXUC.exe
  C:\Windows\System\YoiIXUC.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\oSYpPqA.exe
  C:\Windows\System\oSYpPqA.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\BZeTYcM.exe
  C:\Windows\System\BZeTYcM.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\grGgsvW.exe
  C:\Windows\System\grGgsvW.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\GuIdDlp.exe
  C:\Windows\System\GuIdDlp.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\QRXclLn.exe
  C:\Windows\System\QRXclLn.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\cuwZsNg.exe
  C:\Windows\System\cuwZsNg.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\pwvezMa.exe
  C:\Windows\System\pwvezMa.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\mRBPXHj.exe
  C:\Windows\System\mRBPXHj.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\CNecIEW.exe
  C:\Windows\System\CNecIEW.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\cLRNDmV.exe
  C:\Windows\System\cLRNDmV.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\SIvGUzE.exe
  C:\Windows\System\SIvGUzE.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\seZsehm.exe
  C:\Windows\System\seZsehm.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\DObzZDH.exe
  C:\Windows\System\DObzZDH.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\UmNBfKO.exe
  C:\Windows\System\UmNBfKO.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\PBKDCgW.exe
  C:\Windows\System\PBKDCgW.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\JsKbvJm.exe
  C:\Windows\System\JsKbvJm.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\nNgHEQG.exe
  C:\Windows\System\nNgHEQG.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\jmTNULy.exe
  C:\Windows\System\jmTNULy.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\xuTBdVc.exe
  C:\Windows\System\xuTBdVc.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\RcDmPLc.exe
  C:\Windows\System\RcDmPLc.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\MXeUJSN.exe
  C:\Windows\System\MXeUJSN.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\YalLylG.exe
  C:\Windows\System\YalLylG.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\TqcWzdn.exe
  C:\Windows\System\TqcWzdn.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\cDrSMAk.exe
  C:\Windows\System\cDrSMAk.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\ymcvfaI.exe
  C:\Windows\System\ymcvfaI.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\INpsHTG.exe
  C:\Windows\System\INpsHTG.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\zRrzyxx.exe
  C:\Windows\System\zRrzyxx.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\AlOUCUT.exe
  C:\Windows\System\AlOUCUT.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\HRtNtaP.exe
  C:\Windows\System\HRtNtaP.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\cNZAIdW.exe
  C:\Windows\System\cNZAIdW.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\apcGXrj.exe
  C:\Windows\System\apcGXrj.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\KyYSykn.exe
  C:\Windows\System\KyYSykn.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\FjwxNjO.exe
  C:\Windows\System\FjwxNjO.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\eQABava.exe
  C:\Windows\System\eQABava.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\ztWFdzL.exe
  C:\Windows\System\ztWFdzL.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\gxfcSlk.exe
  C:\Windows\System\gxfcSlk.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\gmsFpyp.exe
  C:\Windows\System\gmsFpyp.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\NOyVADJ.exe
  C:\Windows\System\NOyVADJ.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\TrGujoH.exe
  C:\Windows\System\TrGujoH.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\KEzwjaU.exe
  C:\Windows\System\KEzwjaU.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\BbmdJua.exe
  C:\Windows\System\BbmdJua.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\wCqaZHe.exe
  C:\Windows\System\wCqaZHe.exe
  2⤵
  PID:412
- C:\Windows\System\iCfJFii.exe
  C:\Windows\System\iCfJFii.exe
  2⤵
  PID:3460
- C:\Windows\System\SFEmOOD.exe
  C:\Windows\System\SFEmOOD.exe
  2⤵
  PID:1548
- C:\Windows\System\UgiUoaY.exe
  C:\Windows\System\UgiUoaY.exe
  2⤵
  PID:4680
- C:\Windows\System\sSZOXdj.exe
  C:\Windows\System\sSZOXdj.exe
  2⤵
  PID:4072
- C:\Windows\System\vPlIUxD.exe
  C:\Windows\System\vPlIUxD.exe
  2⤵
  PID:2312
- C:\Windows\System\ivUWGTU.exe
  C:\Windows\System\ivUWGTU.exe
  2⤵
  PID:4588
- C:\Windows\System\WwGPrYn.exe
  C:\Windows\System\WwGPrYn.exe
  2⤵
  PID:3248
- C:\Windows\System\vqiAOUN.exe
  C:\Windows\System\vqiAOUN.exe
  2⤵
  PID:3884
- C:\Windows\System\ZvlaVsr.exe
  C:\Windows\System\ZvlaVsr.exe
  2⤵
  PID:3732
- C:\Windows\System\KzmQuMT.exe
  C:\Windows\System\KzmQuMT.exe
  2⤵
  PID:2704
- C:\Windows\System\VfGZHti.exe
  C:\Windows\System\VfGZHti.exe
  2⤵
  PID:2120
- C:\Windows\System\UizVopg.exe
  C:\Windows\System\UizVopg.exe
  2⤵
  PID:2188
- C:\Windows\System\RMLZGFX.exe
  C:\Windows\System\RMLZGFX.exe
  2⤵
  PID:4180
- C:\Windows\System\IiEHvRY.exe
  C:\Windows\System\IiEHvRY.exe
  2⤵
  PID:3088
- C:\Windows\System\hKADebE.exe
  C:\Windows\System\hKADebE.exe
  2⤵
  PID:3864
- C:\Windows\System\iLPZHhc.exe
  C:\Windows\System\iLPZHhc.exe
  2⤵
  PID:1724
- C:\Windows\System\JkYpWWO.exe
  C:\Windows\System\JkYpWWO.exe
  2⤵
  PID:3276
- C:\Windows\System\otUKeTm.exe
  C:\Windows\System\otUKeTm.exe
  2⤵
  PID:1852
- C:\Windows\System\MwYCbrj.exe
  C:\Windows\System\MwYCbrj.exe
  2⤵
  PID:3876
- C:\Windows\System\rokMBBz.exe
  C:\Windows\System\rokMBBz.exe
  2⤵
  PID:1880
- C:\Windows\System\BSgrGhS.exe
  C:\Windows\System\BSgrGhS.exe
  2⤵
  PID:3764
- C:\Windows\System\wxKBJfy.exe
  C:\Windows\System\wxKBJfy.exe
  2⤵
  PID:688
- C:\Windows\System\mOVvSAt.exe
  C:\Windows\System\mOVvSAt.exe
  2⤵
  PID:2644
- C:\Windows\System\RJladHH.exe
  C:\Windows\System\RJladHH.exe
  2⤵
  PID:5128
- C:\Windows\System\AiOfluV.exe
  C:\Windows\System\AiOfluV.exe
  2⤵
  PID:5156
- C:\Windows\System\OHMDarS.exe
  C:\Windows\System\OHMDarS.exe
  2⤵
  PID:5184
- C:\Windows\System\sUxURlc.exe
  C:\Windows\System\sUxURlc.exe
  2⤵
  PID:5208
- C:\Windows\System\XWieqZk.exe
  C:\Windows\System\XWieqZk.exe
  2⤵
  PID:5236
- C:\Windows\System\eZFZlyj.exe
  C:\Windows\System\eZFZlyj.exe
  2⤵
  PID:5264
- C:\Windows\System\lfdEigm.exe
  C:\Windows\System\lfdEigm.exe
  2⤵
  PID:5296
- C:\Windows\System\XLJgBpl.exe
  C:\Windows\System\XLJgBpl.exe
  2⤵
  PID:5324
- C:\Windows\System\KxbEoXz.exe
  C:\Windows\System\KxbEoXz.exe
  2⤵
  PID:5352
- C:\Windows\System\uSaPEOW.exe
  C:\Windows\System\uSaPEOW.exe
  2⤵
  PID:5380
- C:\Windows\System\nmnnCkV.exe
  C:\Windows\System\nmnnCkV.exe
  2⤵
  PID:5404
- C:\Windows\System\EmeEHAq.exe
  C:\Windows\System\EmeEHAq.exe
  2⤵
  PID:5432
- C:\Windows\System\uistxMs.exe
  C:\Windows\System\uistxMs.exe
  2⤵
  PID:5464
- C:\Windows\System\jBcaqRI.exe
  C:\Windows\System\jBcaqRI.exe
  2⤵
  PID:5492
- C:\Windows\System\EldZMSO.exe
  C:\Windows\System\EldZMSO.exe
  2⤵
  PID:5520
- C:\Windows\System\zbfzqav.exe
  C:\Windows\System\zbfzqav.exe
  2⤵
  PID:5544
- C:\Windows\System\yWaswAy.exe
  C:\Windows\System\yWaswAy.exe
  2⤵
  PID:5576
- C:\Windows\System\grsuuJg.exe
  C:\Windows\System\grsuuJg.exe
  2⤵
  PID:5604
- C:\Windows\System\wsMDhyu.exe
  C:\Windows\System\wsMDhyu.exe
  2⤵
  PID:5632
- C:\Windows\System\PRMlXdv.exe
  C:\Windows\System\PRMlXdv.exe
  2⤵
  PID:5660
- C:\Windows\System\gQyeKmP.exe
  C:\Windows\System\gQyeKmP.exe
  2⤵
  PID:5688
- C:\Windows\System\GgeZAhp.exe
  C:\Windows\System\GgeZAhp.exe
  2⤵
  PID:5716
- C:\Windows\System\JkSmmPn.exe
  C:\Windows\System\JkSmmPn.exe
  2⤵
  PID:5740
- C:\Windows\System\AZxoFmx.exe
  C:\Windows\System\AZxoFmx.exe
  2⤵
  PID:5772
- C:\Windows\System\CDXoJwZ.exe
  C:\Windows\System\CDXoJwZ.exe
  2⤵
  PID:5800
- C:\Windows\System\oHQMzHN.exe
  C:\Windows\System\oHQMzHN.exe
  2⤵
  PID:5828
- C:\Windows\System\xaIMEiJ.exe
  C:\Windows\System\xaIMEiJ.exe
  2⤵
  PID:5856
- C:\Windows\System\lQcJWlS.exe
  C:\Windows\System\lQcJWlS.exe
  2⤵
  PID:5884
- C:\Windows\System\hPsfCji.exe
  C:\Windows\System\hPsfCji.exe
  2⤵
  PID:5912
- C:\Windows\System\dOivPjm.exe
  C:\Windows\System\dOivPjm.exe
  2⤵
  PID:5936
- C:\Windows\System\tJJmhVN.exe
  C:\Windows\System\tJJmhVN.exe
  2⤵
  PID:5968
- C:\Windows\System\mIqYHiM.exe
  C:\Windows\System\mIqYHiM.exe
  2⤵
  PID:5996
- C:\Windows\System\mRRLrQM.exe
  C:\Windows\System\mRRLrQM.exe
  2⤵
  PID:6024
- C:\Windows\System\wwFXwWe.exe
  C:\Windows\System\wwFXwWe.exe
  2⤵
  PID:6052
- C:\Windows\System\NdvSmDl.exe
  C:\Windows\System\NdvSmDl.exe
  2⤵
  PID:6084
- C:\Windows\System\Ijkkpzt.exe
  C:\Windows\System\Ijkkpzt.exe
  2⤵
  PID:6108
- C:\Windows\System\STIvxWr.exe
  C:\Windows\System\STIvxWr.exe
  2⤵
  PID:6136
- C:\Windows\System\bmGTFdj.exe
  C:\Windows\System\bmGTFdj.exe
  2⤵
  PID:4748
- C:\Windows\System\PKrhZkB.exe
  C:\Windows\System\PKrhZkB.exe
  2⤵
  PID:4640
- C:\Windows\System\vhvZTTM.exe
  C:\Windows\System\vhvZTTM.exe
  2⤵
  PID:1432
- C:\Windows\System\nALCxOd.exe
  C:\Windows\System\nALCxOd.exe
  2⤵
  PID:5396
- C:\Windows\System\xNflQAi.exe
  C:\Windows\System\xNflQAi.exe
  2⤵
  PID:5512
- C:\Windows\System\TuTGpDY.exe
  C:\Windows\System\TuTGpDY.exe
  2⤵
  PID:5540
- C:\Windows\System\SFGtRQQ.exe
  C:\Windows\System\SFGtRQQ.exe
  2⤵
  PID:5760
- C:\Windows\System\qhSRbWl.exe
  C:\Windows\System\qhSRbWl.exe
  2⤵
  PID:2160
- C:\Windows\System\pbecOPJ.exe
  C:\Windows\System\pbecOPJ.exe
  2⤵
  PID:5820
- C:\Windows\System\nKdnYXT.exe
  C:\Windows\System\nKdnYXT.exe
  2⤵
  PID:5024
- C:\Windows\System\tLbwAzN.exe
  C:\Windows\System\tLbwAzN.exe
  2⤵
  PID:5900
- C:\Windows\System\ZkXiigI.exe
  C:\Windows\System\ZkXiigI.exe
  2⤵
  PID:5952
- C:\Windows\System\ojcLvRT.exe
  C:\Windows\System\ojcLvRT.exe
  2⤵
  PID:5980
- C:\Windows\System\pOCRifN.exe
  C:\Windows\System\pOCRifN.exe
  2⤵
  PID:2288
- C:\Windows\System\nLWVikf.exe
  C:\Windows\System\nLWVikf.exe
  2⤵
  PID:1900
- C:\Windows\System\kJxNXYy.exe
  C:\Windows\System\kJxNXYy.exe
  2⤵
  PID:2020
- C:\Windows\System\PEeOfog.exe
  C:\Windows\System\PEeOfog.exe
  2⤵
  PID:3348
- C:\Windows\System\GMyvXBk.exe
  C:\Windows\System\GMyvXBk.exe
  2⤵
  PID:4240
- C:\Windows\System\MMHgRrV.exe
  C:\Windows\System\MMHgRrV.exe
  2⤵
  PID:340
- C:\Windows\System\WiqGHbh.exe
  C:\Windows\System\WiqGHbh.exe
  2⤵
  PID:4876
- C:\Windows\System\EaGAmKc.exe
  C:\Windows\System\EaGAmKc.exe
  2⤵
  PID:2544
- C:\Windows\System\zkaIvsL.exe
  C:\Windows\System\zkaIvsL.exe
  2⤵
  PID:4020
- C:\Windows\System\oLyXiqv.exe
  C:\Windows\System\oLyXiqv.exe
  2⤵
  PID:5176
- C:\Windows\System\cxuagom.exe
  C:\Windows\System\cxuagom.exe
  2⤵
  PID:5504
- C:\Windows\System\qAioMPZ.exe
  C:\Windows\System\qAioMPZ.exe
  2⤵
  PID:5224
- C:\Windows\System\OCBggPK.exe
  C:\Windows\System\OCBggPK.exe
  2⤵
  PID:3404
- C:\Windows\System\tpHMUSl.exe
  C:\Windows\System\tpHMUSl.exe
  2⤵
  PID:5308
- C:\Windows\System\oFHzaLk.exe
  C:\Windows\System\oFHzaLk.exe
  2⤵
  PID:4236
- C:\Windows\System\xnohdSc.exe
  C:\Windows\System\xnohdSc.exe
  2⤵
  PID:5420
- C:\Windows\System\jmuBGVv.exe
  C:\Windows\System\jmuBGVv.exe
  2⤵
  PID:5784
- C:\Windows\System\bujaJof.exe
  C:\Windows\System\bujaJof.exe
  2⤵
  PID:5728
- C:\Windows\System\mBxlOWZ.exe
  C:\Windows\System\mBxlOWZ.exe
  2⤵
  PID:6012
- C:\Windows\System\JDGUjlb.exe
  C:\Windows\System\JDGUjlb.exe
  2⤵
  PID:2180
- C:\Windows\System\rOwqPHU.exe
  C:\Windows\System\rOwqPHU.exe
  2⤵
  PID:2692
- C:\Windows\System\SIZnQKn.exe
  C:\Windows\System\SIZnQKn.exe
  2⤵
  PID:5260
- C:\Windows\System\HuocFrL.exe
  C:\Windows\System\HuocFrL.exe
  2⤵
  PID:5252
- C:\Windows\System\DXDQPaM.exe
  C:\Windows\System\DXDQPaM.exe
  2⤵
  PID:5336
- C:\Windows\System\KMPcwuc.exe
  C:\Windows\System\KMPcwuc.exe
  2⤵
  PID:1800
- C:\Windows\System\TTNCSbn.exe
  C:\Windows\System\TTNCSbn.exe
  2⤵
  PID:4368
- C:\Windows\System\QIQcypi.exe
  C:\Windows\System\QIQcypi.exe
  2⤵
  PID:5288
- C:\Windows\System\JNRaqwz.exe
  C:\Windows\System\JNRaqwz.exe
  2⤵
  PID:6148
- C:\Windows\System\BKMMaFz.exe
  C:\Windows\System\BKMMaFz.exe
  2⤵
  PID:6180
- C:\Windows\System\UzJCPIX.exe
  C:\Windows\System\UzJCPIX.exe
  2⤵
  PID:6200
- C:\Windows\System\YaxtxPn.exe
  C:\Windows\System\YaxtxPn.exe
  2⤵
  PID:6224
- C:\Windows\System\wjyfdWU.exe
  C:\Windows\System\wjyfdWU.exe
  2⤵
  PID:6240
- C:\Windows\System\ApTABNc.exe
  C:\Windows\System\ApTABNc.exe
  2⤵
  PID:6292
- C:\Windows\System\BoecPLv.exe
  C:\Windows\System\BoecPLv.exe
  2⤵
  PID:6312
- C:\Windows\System\uwkfYjr.exe
  C:\Windows\System\uwkfYjr.exe
  2⤵
  PID:6340
- C:\Windows\System\oZDECnU.exe
  C:\Windows\System\oZDECnU.exe
  2⤵
  PID:6364
- C:\Windows\System\ldULBYz.exe
  C:\Windows\System\ldULBYz.exe
  2⤵
  PID:6404
- C:\Windows\System\kSbIqqD.exe
  C:\Windows\System\kSbIqqD.exe
  2⤵
  PID:6444
- C:\Windows\System\KeaWmrH.exe
  C:\Windows\System\KeaWmrH.exe
  2⤵
  PID:6464
- C:\Windows\System\dueRKVx.exe
  C:\Windows\System\dueRKVx.exe
  2⤵
  PID:6480
- C:\Windows\System\eSLUMhE.exe
  C:\Windows\System\eSLUMhE.exe
  2⤵
  PID:6516
- C:\Windows\System\fEujLpK.exe
  C:\Windows\System\fEujLpK.exe
  2⤵
  PID:6536
- C:\Windows\System\WPJBPGV.exe
  C:\Windows\System\WPJBPGV.exe
  2⤵
  PID:6584
- C:\Windows\System\nTgErCn.exe
  C:\Windows\System\nTgErCn.exe
  2⤵
  PID:6600
- C:\Windows\System\TweTwhV.exe
  C:\Windows\System\TweTwhV.exe
  2⤵
  PID:6620
- C:\Windows\System\LQlHQOy.exe
  C:\Windows\System\LQlHQOy.exe
  2⤵
  PID:6644
- C:\Windows\System\oDRqsEQ.exe
  C:\Windows\System\oDRqsEQ.exe
  2⤵
  PID:6660
- C:\Windows\System\JkWttmR.exe
  C:\Windows\System\JkWttmR.exe
  2⤵
  PID:6680
- C:\Windows\System\NCIMwVm.exe
  C:\Windows\System\NCIMwVm.exe
  2⤵
  PID:6720
- C:\Windows\System\WXslZVf.exe
  C:\Windows\System\WXslZVf.exe
  2⤵
  PID:6740
- C:\Windows\System\bDMYsBt.exe
  C:\Windows\System\bDMYsBt.exe
  2⤵
  PID:6772
- C:\Windows\System\dSxRsHS.exe
  C:\Windows\System\dSxRsHS.exe
  2⤵
  PID:6792
- C:\Windows\System\SxCUEcz.exe
  C:\Windows\System\SxCUEcz.exe
  2⤵
  PID:6848
- C:\Windows\System\aYeQMJi.exe
  C:\Windows\System\aYeQMJi.exe
  2⤵
  PID:6876
- C:\Windows\System\GJpnNSW.exe
  C:\Windows\System\GJpnNSW.exe
  2⤵
  PID:6896
- C:\Windows\System\cuAzuaK.exe
  C:\Windows\System\cuAzuaK.exe
  2⤵
  PID:6916
- C:\Windows\System\pNHRCzs.exe
  C:\Windows\System\pNHRCzs.exe
  2⤵
  PID:6940
- C:\Windows\System\jWZUWUt.exe
  C:\Windows\System\jWZUWUt.exe
  2⤵
  PID:6960
- C:\Windows\System\oatYpQv.exe
  C:\Windows\System\oatYpQv.exe
  2⤵
  PID:6984
- C:\Windows\System\QHTtswp.exe
  C:\Windows\System\QHTtswp.exe
  2⤵
  PID:7012
- C:\Windows\System\sFCAmhj.exe
  C:\Windows\System\sFCAmhj.exe
  2⤵
  PID:7032
- C:\Windows\System\ZYVxoLT.exe
  C:\Windows\System\ZYVxoLT.exe
  2⤵
  PID:7056
- C:\Windows\System\euftHyw.exe
  C:\Windows\System\euftHyw.exe
  2⤵
  PID:7076
- C:\Windows\System\ZauDsJe.exe
  C:\Windows\System\ZauDsJe.exe
  2⤵
  PID:7096
- C:\Windows\System\VGXdgyP.exe
  C:\Windows\System\VGXdgyP.exe
  2⤵
  PID:7140
- C:\Windows\System\UkxyJhl.exe
  C:\Windows\System\UkxyJhl.exe
  2⤵
  PID:7164
- C:\Windows\System\raIMVHt.exe
  C:\Windows\System\raIMVHt.exe
  2⤵
  PID:5484
- C:\Windows\System\RHVkVtu.exe
  C:\Windows\System\RHVkVtu.exe
  2⤵
  PID:6208
- C:\Windows\System\zlNtobd.exe
  C:\Windows\System\zlNtobd.exe
  2⤵
  PID:6332
- C:\Windows\System\QYdAszq.exe
  C:\Windows\System\QYdAszq.exe
  2⤵
  PID:6388
- C:\Windows\System\IdIcLXn.exe
  C:\Windows\System\IdIcLXn.exe
  2⤵
  PID:6424
- C:\Windows\System\sDZjASS.exe
  C:\Windows\System\sDZjASS.exe
  2⤵
  PID:6456
- C:\Windows\System\bZiZTxj.exe
  C:\Windows\System\bZiZTxj.exe
  2⤵
  PID:6564
- C:\Windows\System\GPMxRgX.exe
  C:\Windows\System\GPMxRgX.exe
  2⤵
  PID:6688
- C:\Windows\System\hZyEeex.exe
  C:\Windows\System\hZyEeex.exe
  2⤵
  PID:6748
- C:\Windows\System\pVIvjTL.exe
  C:\Windows\System\pVIvjTL.exe
  2⤵
  PID:6788
- C:\Windows\System\nDQMzOp.exe
  C:\Windows\System\nDQMzOp.exe
  2⤵
  PID:6860
- C:\Windows\System\plrBIQB.exe
  C:\Windows\System\plrBIQB.exe
  2⤵
  PID:6952
- C:\Windows\System\JtOgUen.exe
  C:\Windows\System\JtOgUen.exe
  2⤵
  PID:6992
- C:\Windows\System\uaTOgmG.exe
  C:\Windows\System\uaTOgmG.exe
  2⤵
  PID:7088
- C:\Windows\System\YfGeyXL.exe
  C:\Windows\System\YfGeyXL.exe
  2⤵
  PID:7132
- C:\Windows\System\odRZpWw.exe
  C:\Windows\System\odRZpWw.exe
  2⤵
  PID:7116
- C:\Windows\System\yJJUkXh.exe
  C:\Windows\System\yJJUkXh.exe
  2⤵
  PID:6348
- C:\Windows\System\jcXJnOE.exe
  C:\Windows\System\jcXJnOE.exe
  2⤵
  PID:6276
- C:\Windows\System\AUAtsgu.exe
  C:\Windows\System\AUAtsgu.exe
  2⤵
  PID:6384
- C:\Windows\System\tWTCevN.exe
  C:\Windows\System\tWTCevN.exe
  2⤵
  PID:6508
- C:\Windows\System\LYtiHUd.exe
  C:\Windows\System\LYtiHUd.exe
  2⤵
  PID:6784
- C:\Windows\System\JNeJImy.exe
  C:\Windows\System\JNeJImy.exe
  2⤵
  PID:6188
- C:\Windows\System\yhYpYdC.exe
  C:\Windows\System\yhYpYdC.exe
  2⤵
  PID:6592
- C:\Windows\System\ioYWJYt.exe
  C:\Windows\System\ioYWJYt.exe
  2⤵
  PID:6512
- C:\Windows\System\vMCKaTE.exe
  C:\Windows\System\vMCKaTE.exe
  2⤵
  PID:6936
- C:\Windows\System\GaVECmQ.exe
  C:\Windows\System\GaVECmQ.exe
  2⤵
  PID:7180
- C:\Windows\System\ZXrIUmK.exe
  C:\Windows\System\ZXrIUmK.exe
  2⤵
  PID:7204
- C:\Windows\System\yRgMueX.exe
  C:\Windows\System\yRgMueX.exe
  2⤵
  PID:7220
- C:\Windows\System\cObveYf.exe
  C:\Windows\System\cObveYf.exe
  2⤵
  PID:7240
- C:\Windows\System\xdyjIDP.exe
  C:\Windows\System\xdyjIDP.exe
  2⤵
  PID:7284
- C:\Windows\System\ocDkoIt.exe
  C:\Windows\System\ocDkoIt.exe
  2⤵
  PID:7308
- C:\Windows\System\xDQrOoE.exe
  C:\Windows\System\xDQrOoE.exe
  2⤵
  PID:7344
- C:\Windows\System\ADQXCYz.exe
  C:\Windows\System\ADQXCYz.exe
  2⤵
  PID:7364
- C:\Windows\System\RjcZNrW.exe
  C:\Windows\System\RjcZNrW.exe
  2⤵
  PID:7400
- C:\Windows\System\zPjxEye.exe
  C:\Windows\System\zPjxEye.exe
  2⤵
  PID:7424
- C:\Windows\System\AtvfiKo.exe
  C:\Windows\System\AtvfiKo.exe
  2⤵
  PID:7444
- C:\Windows\System\yxMwxgK.exe
  C:\Windows\System\yxMwxgK.exe
  2⤵
  PID:7472
- C:\Windows\System\LQmNsDN.exe
  C:\Windows\System\LQmNsDN.exe
  2⤵
  PID:7492
- C:\Windows\System\IczufQG.exe
  C:\Windows\System\IczufQG.exe
  2⤵
  PID:7512
- C:\Windows\System\XoXqUsL.exe
  C:\Windows\System\XoXqUsL.exe
  2⤵
  PID:7536
- C:\Windows\System\wykamkP.exe
  C:\Windows\System\wykamkP.exe
  2⤵
  PID:7604
- C:\Windows\System\MohLIbJ.exe
  C:\Windows\System\MohLIbJ.exe
  2⤵
  PID:7624
- C:\Windows\System\HvPRTDa.exe
  C:\Windows\System\HvPRTDa.exe
  2⤵
  PID:7644
- C:\Windows\System\RBBhsGw.exe
  C:\Windows\System\RBBhsGw.exe
  2⤵
  PID:7700
- C:\Windows\System\siFemVJ.exe
  C:\Windows\System\siFemVJ.exe
  2⤵
  PID:7744
- C:\Windows\System\WSQphRP.exe
  C:\Windows\System\WSQphRP.exe
  2⤵
  PID:7768
- C:\Windows\System\vKqUhTC.exe
  C:\Windows\System\vKqUhTC.exe
  2⤵
  PID:7784
- C:\Windows\System\vIbqime.exe
  C:\Windows\System\vIbqime.exe
  2⤵
  PID:7804
- C:\Windows\System\SwZIycH.exe
  C:\Windows\System\SwZIycH.exe
  2⤵
  PID:7832
- C:\Windows\System\PNQYoMR.exe
  C:\Windows\System\PNQYoMR.exe
  2⤵
  PID:7852
- C:\Windows\System\wztzbrq.exe
  C:\Windows\System\wztzbrq.exe
  2⤵
  PID:7900
- C:\Windows\System\ByKiXiI.exe
  C:\Windows\System\ByKiXiI.exe
  2⤵
  PID:7924
- C:\Windows\System\mPKRtxg.exe
  C:\Windows\System\mPKRtxg.exe
  2⤵
  PID:7944
- C:\Windows\System\EqUlugS.exe
  C:\Windows\System\EqUlugS.exe
  2⤵
  PID:7968
- C:\Windows\System\TvZXKgQ.exe
  C:\Windows\System\TvZXKgQ.exe
  2⤵
  PID:7992
- C:\Windows\System\HLPoAio.exe
  C:\Windows\System\HLPoAio.exe
  2⤵
  PID:8020
- C:\Windows\System\PNWCaKl.exe
  C:\Windows\System\PNWCaKl.exe
  2⤵
  PID:8044
- C:\Windows\System\PkMfjqL.exe
  C:\Windows\System\PkMfjqL.exe
  2⤵
  PID:8064
- C:\Windows\System\vorPoBg.exe
  C:\Windows\System\vorPoBg.exe
  2⤵
  PID:8128
- C:\Windows\System\FHRsOzN.exe
  C:\Windows\System\FHRsOzN.exe
  2⤵
  PID:8148
- C:\Windows\System\VgjCNOO.exe
  C:\Windows\System\VgjCNOO.exe
  2⤵
  PID:8168
- C:\Windows\System\BnsiEyS.exe
  C:\Windows\System\BnsiEyS.exe
  2⤵
  PID:8188
- C:\Windows\System\CwKQwdM.exe
  C:\Windows\System\CwKQwdM.exe
  2⤵
  PID:7196
- C:\Windows\System\QANDWgh.exe
  C:\Windows\System\QANDWgh.exe
  2⤵
  PID:7232
- C:\Windows\System\gVNGiWa.exe
  C:\Windows\System\gVNGiWa.exe
  2⤵
  PID:7420
- C:\Windows\System\xbIwYgr.exe
  C:\Windows\System\xbIwYgr.exe
  2⤵
  PID:7376
- C:\Windows\System\nTuQNyI.exe
  C:\Windows\System\nTuQNyI.exe
  2⤵
  PID:7460
- C:\Windows\System\gmrWtjb.exe
  C:\Windows\System\gmrWtjb.exe
  2⤵
  PID:7548
- C:\Windows\System\IbdvoNX.exe
  C:\Windows\System\IbdvoNX.exe
  2⤵
  PID:7528
- C:\Windows\System\gCtgdWv.exe
  C:\Windows\System\gCtgdWv.exe
  2⤵
  PID:7616
- C:\Windows\System\nsLEqiT.exe
  C:\Windows\System\nsLEqiT.exe
  2⤵
  PID:7640
- C:\Windows\System\LfdolEy.exe
  C:\Windows\System\LfdolEy.exe
  2⤵
  PID:7752
- C:\Windows\System\EDPUfNg.exe
  C:\Windows\System\EDPUfNg.exe
  2⤵
  PID:7916
- C:\Windows\System\PmZmCBm.exe
  C:\Windows\System\PmZmCBm.exe
  2⤵
  PID:7976
- C:\Windows\System\bcXRzbV.exe
  C:\Windows\System\bcXRzbV.exe
  2⤵
  PID:8036
- C:\Windows\System\hoMMMCc.exe
  C:\Windows\System\hoMMMCc.exe
  2⤵
  PID:8076
- C:\Windows\System\lRszfKD.exe
  C:\Windows\System\lRszfKD.exe
  2⤵
  PID:8156
- C:\Windows\System\sAZepFM.exe
  C:\Windows\System\sAZepFM.exe
  2⤵
  PID:6488
- C:\Windows\System\imkycBH.exe
  C:\Windows\System\imkycBH.exe
  2⤵
  PID:7360
- C:\Windows\System\xcqVndC.exe
  C:\Windows\System\xcqVndC.exe
  2⤵
  PID:7452
- C:\Windows\System\DggyhwB.exe
  C:\Windows\System\DggyhwB.exe
  2⤵
  PID:7592
- C:\Windows\System\EekfbGO.exe
  C:\Windows\System\EekfbGO.exe
  2⤵
  PID:7760
- C:\Windows\System\DrqOqAf.exe
  C:\Windows\System\DrqOqAf.exe
  2⤵
  PID:8000
- C:\Windows\System\crmDDMj.exe
  C:\Windows\System\crmDDMj.exe
  2⤵
  PID:8124
- C:\Windows\System\VayoiwI.exe
  C:\Windows\System\VayoiwI.exe
  2⤵
  PID:7392
- C:\Windows\System\rFqwAiz.exe
  C:\Windows\System\rFqwAiz.exe
  2⤵
  PID:7432
- C:\Windows\System\rnXVfgE.exe
  C:\Windows\System\rnXVfgE.exe
  2⤵
  PID:7956
- C:\Windows\System\CtSulPZ.exe
  C:\Windows\System\CtSulPZ.exe
  2⤵
  PID:7436
- C:\Windows\System\OTmggBx.exe
  C:\Windows\System\OTmggBx.exe
  2⤵
  PID:8236
- C:\Windows\System\CmyjYdv.exe
  C:\Windows\System\CmyjYdv.exe
  2⤵
  PID:8252
- C:\Windows\System\HQGFrWK.exe
  C:\Windows\System\HQGFrWK.exe
  2⤵
  PID:8292
- C:\Windows\System\FNlNEgS.exe
  C:\Windows\System\FNlNEgS.exe
  2⤵
  PID:8364
- C:\Windows\System\vaheQzL.exe
  C:\Windows\System\vaheQzL.exe
  2⤵
  PID:8380
- C:\Windows\System\KxQtswu.exe
  C:\Windows\System\KxQtswu.exe
  2⤵
  PID:8400
- C:\Windows\System\RCBLCvu.exe
  C:\Windows\System\RCBLCvu.exe
  2⤵
  PID:8424
- C:\Windows\System\MtNPvKy.exe
  C:\Windows\System\MtNPvKy.exe
  2⤵
  PID:8464
- C:\Windows\System\zDSbCtX.exe
  C:\Windows\System\zDSbCtX.exe
  2⤵
  PID:8488
- C:\Windows\System\sEUUAtN.exe
  C:\Windows\System\sEUUAtN.exe
  2⤵
  PID:8516
- C:\Windows\System\otQdUzh.exe
  C:\Windows\System\otQdUzh.exe
  2⤵
  PID:8532
- C:\Windows\System\hfhmEjM.exe
  C:\Windows\System\hfhmEjM.exe
  2⤵
  PID:8552
- C:\Windows\System\rYxYobu.exe
  C:\Windows\System\rYxYobu.exe
  2⤵
  PID:8572
- C:\Windows\System\mMDsItA.exe
  C:\Windows\System\mMDsItA.exe
  2⤵
  PID:8616
- C:\Windows\System\DcWEdfr.exe
  C:\Windows\System\DcWEdfr.exe
  2⤵
  PID:8648
- C:\Windows\System\dQRhucD.exe
  C:\Windows\System\dQRhucD.exe
  2⤵
  PID:8664
- C:\Windows\System\bzQKwPW.exe
  C:\Windows\System\bzQKwPW.exe
  2⤵
  PID:8688
- C:\Windows\System\DOOPNHB.exe
  C:\Windows\System\DOOPNHB.exe
  2⤵
  PID:8720
- C:\Windows\System\uKDpXPx.exe
  C:\Windows\System\uKDpXPx.exe
  2⤵
  PID:8736
- C:\Windows\System\gFveLqB.exe
  C:\Windows\System\gFveLqB.exe
  2⤵
  PID:8760
- C:\Windows\System\IYxzFZM.exe
  C:\Windows\System\IYxzFZM.exe
  2⤵
  PID:8788
- C:\Windows\System\RjEpAZF.exe
  C:\Windows\System\RjEpAZF.exe
  2⤵
  PID:8832
- C:\Windows\System\VgycUdu.exe
  C:\Windows\System\VgycUdu.exe
  2⤵
  PID:8872
- C:\Windows\System\KZSlwJI.exe
  C:\Windows\System\KZSlwJI.exe
  2⤵
  PID:8892
- C:\Windows\System\xQsAHDx.exe
  C:\Windows\System\xQsAHDx.exe
  2⤵
  PID:8916
- C:\Windows\System\fpWJweP.exe
  C:\Windows\System\fpWJweP.exe
  2⤵
  PID:8968
- C:\Windows\System\JGAQbrY.exe
  C:\Windows\System\JGAQbrY.exe
  2⤵
  PID:8992
- C:\Windows\System\halThTG.exe
  C:\Windows\System\halThTG.exe
  2⤵
  PID:9024
- C:\Windows\System\mpCIbmk.exe
  C:\Windows\System\mpCIbmk.exe
  2⤵
  PID:9048
- C:\Windows\System\tfJylGZ.exe
  C:\Windows\System\tfJylGZ.exe
  2⤵
  PID:9068
- C:\Windows\System\uqxVVZo.exe
  C:\Windows\System\uqxVVZo.exe
  2⤵
  PID:9108
- C:\Windows\System\VYRdePB.exe
  C:\Windows\System\VYRdePB.exe
  2⤵
  PID:9124
- C:\Windows\System\DmtblXi.exe
  C:\Windows\System\DmtblXi.exe
  2⤵
  PID:9140
- C:\Windows\System\kokDDDO.exe
  C:\Windows\System\kokDDDO.exe
  2⤵
  PID:9168
- C:\Windows\System\twPCAUU.exe
  C:\Windows\System\twPCAUU.exe
  2⤵
  PID:9196
- C:\Windows\System\iAPzDPK.exe
  C:\Windows\System\iAPzDPK.exe
  2⤵
  PID:7572
- C:\Windows\System\AifrbgC.exe
  C:\Windows\System\AifrbgC.exe
  2⤵
  PID:7720
- C:\Windows\System\PGFNiDc.exe
  C:\Windows\System\PGFNiDc.exe
  2⤵
  PID:8288
- C:\Windows\System\jlPfvoJ.exe
  C:\Windows\System\jlPfvoJ.exe
  2⤵
  PID:824
- C:\Windows\System\qNjaSxT.exe
  C:\Windows\System\qNjaSxT.exe
  2⤵
  PID:8372
- C:\Windows\System\dLrfNNo.exe
  C:\Windows\System\dLrfNNo.exe
  2⤵
  PID:8496
- C:\Windows\System\nrOdgFg.exe
  C:\Windows\System\nrOdgFg.exe
  2⤵
  PID:8548
- C:\Windows\System\ZwgAEEd.exe
  C:\Windows\System\ZwgAEEd.exe
  2⤵
  PID:8624
- C:\Windows\System\JfcwdQL.exe
  C:\Windows\System\JfcwdQL.exe
  2⤵
  PID:8656
- C:\Windows\System\PbzTxxg.exe
  C:\Windows\System\PbzTxxg.exe
  2⤵
  PID:8700
- C:\Windows\System\NfAVdOk.exe
  C:\Windows\System\NfAVdOk.exe
  2⤵
  PID:8752
- C:\Windows\System\oVvcbjX.exe
  C:\Windows\System\oVvcbjX.exe
  2⤵
  PID:8780
- C:\Windows\System\vbqltmm.exe
  C:\Windows\System\vbqltmm.exe
  2⤵
  PID:8848
- C:\Windows\System\qvGIuUm.exe
  C:\Windows\System\qvGIuUm.exe
  2⤵
  PID:9016
- C:\Windows\System\IcunuFj.exe
  C:\Windows\System\IcunuFj.exe
  2⤵
  PID:9060
- C:\Windows\System\hGNPkem.exe
  C:\Windows\System\hGNPkem.exe
  2⤵
  PID:9104
- C:\Windows\System\qhHrFIL.exe
  C:\Windows\System\qhHrFIL.exe
  2⤵
  PID:9180
- C:\Windows\System\kGROGNp.exe
  C:\Windows\System\kGROGNp.exe
  2⤵
  PID:8524
- C:\Windows\System\rTrtRdS.exe
  C:\Windows\System\rTrtRdS.exe
  2⤵
  PID:7252
- C:\Windows\System\UPXGlMP.exe
  C:\Windows\System\UPXGlMP.exe
  2⤵
  PID:9004
- C:\Windows\System\wDveRfm.exe
  C:\Windows\System\wDveRfm.exe
  2⤵
  PID:9100
- C:\Windows\System\AVLvtxw.exe
  C:\Windows\System\AVLvtxw.exe
  2⤵
  PID:8528
- C:\Windows\System\rHQeTwC.exe
  C:\Windows\System\rHQeTwC.exe
  2⤵
  PID:8704
- C:\Windows\System\FNxzUxJ.exe
  C:\Windows\System\FNxzUxJ.exe
  2⤵
  PID:9120
- C:\Windows\System\guTwSyo.exe
  C:\Windows\System\guTwSyo.exe
  2⤵
  PID:8500
- C:\Windows\System\uwWYSGN.exe
  C:\Windows\System\uwWYSGN.exe
  2⤵
  PID:8804
- C:\Windows\System\aEgSiGI.exe
  C:\Windows\System\aEgSiGI.exe
  2⤵
  PID:8696
- C:\Windows\System\UwokVrV.exe
  C:\Windows\System\UwokVrV.exe
  2⤵
  PID:9232
- C:\Windows\System\SGQAady.exe
  C:\Windows\System\SGQAady.exe
  2⤵
  PID:9272
- C:\Windows\System\ODLohCu.exe
  C:\Windows\System\ODLohCu.exe
  2⤵
  PID:9296
- C:\Windows\System\wTiLVLH.exe
  C:\Windows\System\wTiLVLH.exe
  2⤵
  PID:9316
- C:\Windows\System\IuADLLI.exe
  C:\Windows\System\IuADLLI.exe
  2⤵
  PID:9340
- C:\Windows\System\cgbuIyp.exe
  C:\Windows\System\cgbuIyp.exe
  2⤵
  PID:9360
- C:\Windows\System\cLeCCNx.exe
  C:\Windows\System\cLeCCNx.exe
  2⤵
  PID:9436
- C:\Windows\System\YnLLUdZ.exe
  C:\Windows\System\YnLLUdZ.exe
  2⤵
  PID:9460
- C:\Windows\System\nasRzST.exe
  C:\Windows\System\nasRzST.exe
  2⤵
  PID:9476
- C:\Windows\System\ZkBZsaD.exe
  C:\Windows\System\ZkBZsaD.exe
  2⤵
  PID:9492
- C:\Windows\System\iRhqYiu.exe
  C:\Windows\System\iRhqYiu.exe
  2⤵
  PID:9516
- C:\Windows\System\SCIfYdF.exe
  C:\Windows\System\SCIfYdF.exe
  2⤵
  PID:9536
- C:\Windows\System\YitiYmL.exe
  C:\Windows\System\YitiYmL.exe
  2⤵
  PID:9564
- C:\Windows\System\CCEvFbc.exe
  C:\Windows\System\CCEvFbc.exe
  2⤵
  PID:9592
- C:\Windows\System\wzmBwEJ.exe
  C:\Windows\System\wzmBwEJ.exe
  2⤵
  PID:9608
- C:\Windows\System\NyTCDfH.exe
  C:\Windows\System\NyTCDfH.exe
  2⤵
  PID:9632
- C:\Windows\System\LGWgmmt.exe
  C:\Windows\System\LGWgmmt.exe
  2⤵
  PID:9652
- C:\Windows\System\udhOpbj.exe
  C:\Windows\System\udhOpbj.exe
  2⤵
  PID:9680
- C:\Windows\System\GetagOA.exe
  C:\Windows\System\GetagOA.exe
  2⤵
  PID:9704
- C:\Windows\System\FHngDEP.exe
  C:\Windows\System\FHngDEP.exe
  2⤵
  PID:9724
- C:\Windows\System\EObtcZV.exe
  C:\Windows\System\EObtcZV.exe
  2⤵
  PID:9756
- C:\Windows\System\PzLKULS.exe
  C:\Windows\System\PzLKULS.exe
  2⤵
  PID:9780
- C:\Windows\System\OSAJtTV.exe
  C:\Windows\System\OSAJtTV.exe
  2⤵
  PID:9800
- C:\Windows\System\MViEtdP.exe
  C:\Windows\System\MViEtdP.exe
  2⤵
  PID:9828
- C:\Windows\System\ktETCkW.exe
  C:\Windows\System\ktETCkW.exe
  2⤵
  PID:9864
- C:\Windows\System\dChFauq.exe
  C:\Windows\System\dChFauq.exe
  2⤵
  PID:9936
- C:\Windows\System\YiFeSqe.exe
  C:\Windows\System\YiFeSqe.exe
  2⤵
  PID:9980
- C:\Windows\System\xRkmJrO.exe
  C:\Windows\System\xRkmJrO.exe
  2⤵
  PID:10012
- C:\Windows\System\gZKqIWz.exe
  C:\Windows\System\gZKqIWz.exe
  2⤵
  PID:10044
- C:\Windows\System\usADOlT.exe
  C:\Windows\System\usADOlT.exe
  2⤵
  PID:10068
- C:\Windows\System\gniwcFm.exe
  C:\Windows\System\gniwcFm.exe
  2⤵
  PID:10092
- C:\Windows\System\STPtHwT.exe
  C:\Windows\System\STPtHwT.exe
  2⤵
  PID:10112
- C:\Windows\System\pgOtSCP.exe
  C:\Windows\System\pgOtSCP.exe
  2⤵
  PID:10136
- C:\Windows\System\KpnHlBz.exe
  C:\Windows\System\KpnHlBz.exe
  2⤵
  PID:10152
- C:\Windows\System\jGZPYpr.exe
  C:\Windows\System\jGZPYpr.exe
  2⤵
  PID:10184
- C:\Windows\System\HdXXDez.exe
  C:\Windows\System\HdXXDez.exe
  2⤵
  PID:10232
- C:\Windows\System\dzHzUcF.exe
  C:\Windows\System\dzHzUcF.exe
  2⤵
  PID:5476
- C:\Windows\System\vsONfrz.exe
  C:\Windows\System\vsONfrz.exe
  2⤵
  PID:8684
- C:\Windows\System\gwaaNdj.exe
  C:\Windows\System\gwaaNdj.exe
  2⤵
  PID:9240
- C:\Windows\System\VvXeHgD.exe
  C:\Windows\System\VvXeHgD.exe
  2⤵
  PID:9280
- C:\Windows\System\Jwhgdgl.exe
  C:\Windows\System\Jwhgdgl.exe
  2⤵
  PID:9308
- C:\Windows\System\rGWeIVO.exe
  C:\Windows\System\rGWeIVO.exe
  2⤵
  PID:9400
- C:\Windows\System\LCPzbMx.exe
  C:\Windows\System\LCPzbMx.exe
  2⤵
  PID:9488
- C:\Windows\System\BvEGYgk.exe
  C:\Windows\System\BvEGYgk.exe
  2⤵
  PID:9624
- C:\Windows\System\SWNdyob.exe
  C:\Windows\System\SWNdyob.exe
  2⤵
  PID:9752
- C:\Windows\System\rNSFXMD.exe
  C:\Windows\System\rNSFXMD.exe
  2⤵
  PID:9768
- C:\Windows\System\hSEpnwv.exe
  C:\Windows\System\hSEpnwv.exe
  2⤵
  PID:9820
- C:\Windows\System\eaQYrDM.exe
  C:\Windows\System\eaQYrDM.exe
  2⤵
  PID:9916
- C:\Windows\System\aEniKYG.exe
  C:\Windows\System\aEniKYG.exe
  2⤵
  PID:9972
- C:\Windows\System\CcfqDmn.exe
  C:\Windows\System\CcfqDmn.exe
  2⤵
  PID:10036
- C:\Windows\System\etOzwXv.exe
  C:\Windows\System\etOzwXv.exe
  2⤵
  PID:10060
- C:\Windows\System\TBnUSbN.exe
  C:\Windows\System\TBnUSbN.exe
  2⤵
  PID:10148
- C:\Windows\System\GvPSpDa.exe
  C:\Windows\System\GvPSpDa.exe
  2⤵
  PID:10220
- C:\Windows\System\LAMoGqe.exe
  C:\Windows\System\LAMoGqe.exe
  2⤵
  PID:9136
- C:\Windows\System\Bmynqep.exe
  C:\Windows\System\Bmynqep.exe
  2⤵
  PID:9356
- C:\Windows\System\yhsAcxL.exe
  C:\Windows\System\yhsAcxL.exe
  2⤵
  PID:9508
- C:\Windows\System\TWzAAOK.exe
  C:\Windows\System\TWzAAOK.exe
  2⤵
  PID:9740
- C:\Windows\System\NOHprXQ.exe
  C:\Windows\System\NOHprXQ.exe
  2⤵
  PID:9860
- C:\Windows\System\awRPsuP.exe
  C:\Windows\System\awRPsuP.exe
  2⤵
  PID:10024
- C:\Windows\System\hRYCgwI.exe
  C:\Windows\System\hRYCgwI.exe
  2⤵
  PID:10056
- C:\Windows\System\ioXhDBx.exe
  C:\Windows\System\ioXhDBx.exe
  2⤵
  PID:9224
- C:\Windows\System\NDZgQLp.exe
  C:\Windows\System\NDZgQLp.exe
  2⤵
  PID:9620
- C:\Windows\System\dPKVCOf.exe
  C:\Windows\System\dPKVCOf.exe
  2⤵
  PID:9900
- C:\Windows\System\apfYHfs.exe
  C:\Windows\System\apfYHfs.exe
  2⤵
  PID:10204
- C:\Windows\System\ynWSqmu.exe
  C:\Windows\System\ynWSqmu.exe
  2⤵
  PID:9948
- C:\Windows\System\QgOHLcl.exe
  C:\Windows\System\QgOHLcl.exe
  2⤵
  PID:10108
- C:\Windows\System\fiOQdED.exe
  C:\Windows\System\fiOQdED.exe
  2⤵
  PID:10276
- C:\Windows\System\tPtYcPZ.exe
  C:\Windows\System\tPtYcPZ.exe
  2⤵
  PID:10308
- C:\Windows\System\gohjznw.exe
  C:\Windows\System\gohjznw.exe
  2⤵
  PID:10348
- C:\Windows\System\fonZTQs.exe
  C:\Windows\System\fonZTQs.exe
  2⤵
  PID:10368
- C:\Windows\System\wzTnJUB.exe
  C:\Windows\System\wzTnJUB.exe
  2⤵
  PID:10392
- C:\Windows\System\iTsdyWX.exe
  C:\Windows\System\iTsdyWX.exe
  2⤵
  PID:10432
- C:\Windows\System\hXZueaz.exe
  C:\Windows\System\hXZueaz.exe
  2⤵
  PID:10460
- C:\Windows\System\hfinKNh.exe
  C:\Windows\System\hfinKNh.exe
  2⤵
  PID:10480
- C:\Windows\System\iGqDNHx.exe
  C:\Windows\System\iGqDNHx.exe
  2⤵
  PID:10504
- C:\Windows\System\nwoXcrU.exe
  C:\Windows\System\nwoXcrU.exe
  2⤵
  PID:10528
- C:\Windows\System\SYCXFzO.exe
  C:\Windows\System\SYCXFzO.exe
  2⤵
  PID:10564
- C:\Windows\System\kgxYFEg.exe
  C:\Windows\System\kgxYFEg.exe
  2⤵
  PID:10596
- C:\Windows\System\TqTXQMk.exe
  C:\Windows\System\TqTXQMk.exe
  2⤵
  PID:10616
- C:\Windows\System\QXnPRpR.exe
  C:\Windows\System\QXnPRpR.exe
  2⤵
  PID:10636
- C:\Windows\System\bbngBFm.exe
  C:\Windows\System\bbngBFm.exe
  2⤵
  PID:10656
- C:\Windows\System\aNWQhQS.exe
  C:\Windows\System\aNWQhQS.exe
  2⤵
  PID:10680
- C:\Windows\System\uHdwAJt.exe
  C:\Windows\System\uHdwAJt.exe
  2⤵
  PID:10704
- C:\Windows\System\GxsrGPi.exe
  C:\Windows\System\GxsrGPi.exe
  2⤵
  PID:10760
- C:\Windows\System\MyPDiJX.exe
  C:\Windows\System\MyPDiJX.exe
  2⤵
  PID:10780
- C:\Windows\System\jPcpfnn.exe
  C:\Windows\System\jPcpfnn.exe
  2⤵
  PID:10804
- C:\Windows\System\XVThdnP.exe
  C:\Windows\System\XVThdnP.exe
  2⤵
  PID:10832
- C:\Windows\System\vGtxBVY.exe
  C:\Windows\System\vGtxBVY.exe
  2⤵
  PID:10852
- C:\Windows\System\LXEhrGd.exe
  C:\Windows\System\LXEhrGd.exe
  2⤵
  PID:10876
- C:\Windows\System\ZTDaVxb.exe
  C:\Windows\System\ZTDaVxb.exe
  2⤵
  PID:10928
- C:\Windows\System\AGnoLlH.exe
  C:\Windows\System\AGnoLlH.exe
  2⤵
  PID:10960
- C:\Windows\System\GFSRWqm.exe
  C:\Windows\System\GFSRWqm.exe
  2⤵
  PID:10988
- C:\Windows\System\GwsVpSz.exe
  C:\Windows\System\GwsVpSz.exe
  2⤵
  PID:11032
- C:\Windows\System\HwqOlCc.exe
  C:\Windows\System\HwqOlCc.exe
  2⤵
  PID:11052
- C:\Windows\System\dSWtHmB.exe
  C:\Windows\System\dSWtHmB.exe
  2⤵
  PID:11092
- C:\Windows\System\kRLQvvO.exe
  C:\Windows\System\kRLQvvO.exe
  2⤵
  PID:11116
- C:\Windows\System\WwJVJvK.exe
  C:\Windows\System\WwJVJvK.exe
  2⤵
  PID:11136
- C:\Windows\System\hWEmVmX.exe
  C:\Windows\System\hWEmVmX.exe
  2⤵
  PID:11160
- C:\Windows\System\IvvSEXL.exe
  C:\Windows\System\IvvSEXL.exe
  2⤵
  PID:11184
- C:\Windows\System\CWTAcTC.exe
  C:\Windows\System\CWTAcTC.exe
  2⤵
  PID:11228
- C:\Windows\System\IPvpsvn.exe
  C:\Windows\System\IPvpsvn.exe
  2⤵
  PID:11244
- C:\Windows\System\VxLiBIH.exe
  C:\Windows\System\VxLiBIH.exe
  2⤵
  PID:10252
- C:\Windows\System\onxFprh.exe
  C:\Windows\System\onxFprh.exe
  2⤵
  PID:10284
- C:\Windows\System\MfaPeNh.exe
  C:\Windows\System\MfaPeNh.exe
  2⤵
  PID:10364
- C:\Windows\System\TRFJlTx.exe
  C:\Windows\System\TRFJlTx.exe
  2⤵
  PID:10472
- C:\Windows\System\OTonuqH.exe
  C:\Windows\System\OTonuqH.exe
  2⤵
  PID:10512
- C:\Windows\System\JMJyPrJ.exe
  C:\Windows\System\JMJyPrJ.exe
  2⤵
  PID:10624
- C:\Windows\System\AyltMeF.exe
  C:\Windows\System\AyltMeF.exe
  2⤵
  PID:10648
- C:\Windows\System\GcKkGjH.exe
  C:\Windows\System\GcKkGjH.exe
  2⤵
  PID:10664
- C:\Windows\System\JOOygdL.exe
  C:\Windows\System\JOOygdL.exe
  2⤵
  PID:10776
- C:\Windows\System\xFcAyJA.exe
  C:\Windows\System\xFcAyJA.exe
  2⤵
  PID:10796
- C:\Windows\System\YUJzFbd.exe
  C:\Windows\System\YUJzFbd.exe
  2⤵
  PID:10888
- C:\Windows\System\sWavlhF.exe
  C:\Windows\System\sWavlhF.exe
  2⤵
  PID:10908
- C:\Windows\System\fkjtEkr.exe
  C:\Windows\System\fkjtEkr.exe
  2⤵
  PID:10956
- C:\Windows\System\GlxFUmN.exe
  C:\Windows\System\GlxFUmN.exe
  2⤵
  PID:11048
- C:\Windows\System\RLrXboF.exe
  C:\Windows\System\RLrXboF.exe
  2⤵
  PID:11104
- C:\Windows\System\mZESvWv.exe
  C:\Windows\System\mZESvWv.exe
  2⤵
  PID:11204
- C:\Windows\System\BxCddBQ.exe
  C:\Windows\System\BxCddBQ.exe
  2⤵
  PID:10324
- C:\Windows\System\xTzxeJG.exe
  C:\Windows\System\xTzxeJG.exe
  2⤵
  PID:10332
- C:\Windows\System\GditZGk.exe
  C:\Windows\System\GditZGk.exe
  2⤵
  PID:10536
- C:\Windows\System\XDmaaQJ.exe
  C:\Windows\System\XDmaaQJ.exe
  2⤵
  PID:10612
- C:\Windows\System\ZxvQKZX.exe
  C:\Windows\System\ZxvQKZX.exe
  2⤵
  PID:10772
- C:\Windows\System\gVUWFTB.exe
  C:\Windows\System\gVUWFTB.exe
  2⤵
  PID:10860
- C:\Windows\System\xvHjSOE.exe
  C:\Windows\System\xvHjSOE.exe
  2⤵
  PID:11068
- C:\Windows\System\RjMZnyO.exe
  C:\Windows\System\RjMZnyO.exe
  2⤵
  PID:10248
- C:\Windows\System\POyDRBy.exe
  C:\Windows\System\POyDRBy.exe
  2⤵
  PID:10768
- C:\Windows\System\bJeSDoL.exe
  C:\Windows\System\bJeSDoL.exe
  2⤵
  PID:10948
- C:\Windows\System\GEQoPbY.exe
  C:\Windows\System\GEQoPbY.exe
  2⤵
  PID:10268
- C:\Windows\System\BHSndCH.exe
  C:\Windows\System\BHSndCH.exe
  2⤵
  PID:11276
- C:\Windows\System\hBbaRSC.exe
  C:\Windows\System\hBbaRSC.exe
  2⤵
  PID:11320
- C:\Windows\System\siTvfWz.exe
  C:\Windows\System\siTvfWz.exe
  2⤵
  PID:11336
- C:\Windows\System\tcQOTZs.exe
  C:\Windows\System\tcQOTZs.exe
  2⤵
  PID:11376
- C:\Windows\System\qhbjcIh.exe
  C:\Windows\System\qhbjcIh.exe
  2⤵
  PID:11396
- C:\Windows\System\kHFcpLm.exe
  C:\Windows\System\kHFcpLm.exe
  2⤵
  PID:11420
- C:\Windows\System\zUUlFKb.exe
  C:\Windows\System\zUUlFKb.exe
  2⤵
  PID:11436
- C:\Windows\System\dROpbHh.exe
  C:\Windows\System\dROpbHh.exe
  2⤵
  PID:11456
- C:\Windows\System\wncObpT.exe
  C:\Windows\System\wncObpT.exe
  2⤵
  PID:11492
- C:\Windows\System\wvyrEVx.exe
  C:\Windows\System\wvyrEVx.exe
  2⤵
  PID:11528
- C:\Windows\System\fYZYBED.exe
  C:\Windows\System\fYZYBED.exe
  2⤵
  PID:11552
- C:\Windows\System\WqflNAz.exe
  C:\Windows\System\WqflNAz.exe
  2⤵
  PID:11576
- C:\Windows\System\zmTaLfT.exe
  C:\Windows\System\zmTaLfT.exe
  2⤵
  PID:11600
- C:\Windows\System\HbsPTQQ.exe
  C:\Windows\System\HbsPTQQ.exe
  2⤵
  PID:11652
- C:\Windows\System\JKAWVSK.exe
  C:\Windows\System\JKAWVSK.exe
  2⤵
  PID:11684
- C:\Windows\System\hVmIuYD.exe
  C:\Windows\System\hVmIuYD.exe
  2⤵
  PID:11708
- C:\Windows\System\vVSTTkm.exe
  C:\Windows\System\vVSTTkm.exe
  2⤵
  PID:11728
- C:\Windows\System\gFejFTG.exe
  C:\Windows\System\gFejFTG.exe
  2⤵
  PID:11768
- C:\Windows\System\iuSelMK.exe
  C:\Windows\System\iuSelMK.exe
  2⤵
  PID:11792
- C:\Windows\System\pnwWRxr.exe
  C:\Windows\System\pnwWRxr.exe
  2⤵
  PID:11820
- C:\Windows\System\bhaesPX.exe
  C:\Windows\System\bhaesPX.exe
  2⤵
  PID:11836
- C:\Windows\System\vRHYiPD.exe
  C:\Windows\System\vRHYiPD.exe
  2⤵
  PID:11860
- C:\Windows\System\uHqRudX.exe
  C:\Windows\System\uHqRudX.exe
  2⤵
  PID:11884
- C:\Windows\System\zZSPvKs.exe
  C:\Windows\System\zZSPvKs.exe
  2⤵
  PID:11904
- C:\Windows\System\vTxiOBI.exe
  C:\Windows\System\vTxiOBI.exe
  2⤵
  PID:11936
- C:\Windows\System\lgFAQKV.exe
  C:\Windows\System\lgFAQKV.exe
  2⤵
  PID:11952
- C:\Windows\System\RcrsUsr.exe
  C:\Windows\System\RcrsUsr.exe
  2⤵
  PID:11988
- C:\Windows\System\GFXtwXR.exe
  C:\Windows\System\GFXtwXR.exe
  2⤵
  PID:12016
- C:\Windows\System\uTlBLVV.exe
  C:\Windows\System\uTlBLVV.exe
  2⤵
  PID:12036
- C:\Windows\System\dSpBDQw.exe
  C:\Windows\System\dSpBDQw.exe
  2⤵
  PID:12072
- C:\Windows\System\sgdEmVe.exe
  C:\Windows\System\sgdEmVe.exe
  2⤵
  PID:12096
- C:\Windows\System\DRlTydo.exe
  C:\Windows\System\DRlTydo.exe
  2⤵
  PID:12124
- C:\Windows\System\LyqoIBU.exe
  C:\Windows\System\LyqoIBU.exe
  2⤵
  PID:12148
- C:\Windows\System\TAWnNsN.exe
  C:\Windows\System\TAWnNsN.exe
  2⤵
  PID:12204
- C:\Windows\System\uHupsiz.exe
  C:\Windows\System\uHupsiz.exe
  2⤵
  PID:12224
- C:\Windows\System\jOaPVqG.exe
  C:\Windows\System\jOaPVqG.exe
  2⤵
  PID:12276
- C:\Windows\System\hTqQyEL.exe
  C:\Windows\System\hTqQyEL.exe
  2⤵
  PID:11268
- C:\Windows\System\cZJyKoD.exe
  C:\Windows\System\cZJyKoD.exe
  2⤵
  PID:11316
- C:\Windows\System\aKsmtka.exe
  C:\Windows\System\aKsmtka.exe
  2⤵
  PID:11412
- C:\Windows\System\PobvMfi.exe
  C:\Windows\System\PobvMfi.exe
  2⤵
  PID:11452
- C:\Windows\System\zAGVMjt.exe
  C:\Windows\System\zAGVMjt.exe
  2⤵
  PID:11540
- C:\Windows\System\klaaYax.exe
  C:\Windows\System\klaaYax.exe
  2⤵
  PID:11572
- C:\Windows\System\IoAlySm.exe
  C:\Windows\System\IoAlySm.exe
  2⤵
  PID:11668
- C:\Windows\System\rzKhOCw.exe
  C:\Windows\System\rzKhOCw.exe
  2⤵
  PID:11716
- C:\Windows\System\QuqDGPB.exe
  C:\Windows\System\QuqDGPB.exe
  2⤵
  PID:11760
- C:\Windows\System\kkDhUae.exe
  C:\Windows\System\kkDhUae.exe
  2⤵
  PID:11828
- C:\Windows\System\oYBTZnq.exe
  C:\Windows\System\oYBTZnq.exe
  2⤵
  PID:11920
- C:\Windows\System\XngRIgc.exe
  C:\Windows\System\XngRIgc.exe
  2⤵
  PID:12000
- C:\Windows\System\fFmYePH.exe
  C:\Windows\System\fFmYePH.exe
  2⤵
  PID:12116
- C:\Windows\System\aJngrwU.exe
  C:\Windows\System\aJngrwU.exe
  2⤵
  PID:12144
- C:\Windows\System\vzAqrVq.exe
  C:\Windows\System\vzAqrVq.exe
  2⤵
  PID:12092
- C:\Windows\System\KFDXtjj.exe
  C:\Windows\System\KFDXtjj.exe
  2⤵
  PID:12252
- C:\Windows\System\IvdXVwZ.exe
  C:\Windows\System\IvdXVwZ.exe
  2⤵
  PID:12272
- C:\Windows\System\oIulane.exe
  C:\Windows\System\oIulane.exe
  2⤵
  PID:11404
- C:\Windows\System\ATcYLXE.exe
  C:\Windows\System\ATcYLXE.exe
  2⤵
  PID:11516
- C:\Windows\System\jnhGYil.exe
  C:\Windows\System\jnhGYil.exe
  2⤵
  PID:11628
- C:\Windows\System\InyKnbo.exe
  C:\Windows\System\InyKnbo.exe
  2⤵
  PID:11872
- C:\Windows\System\gwjRiCw.exe
  C:\Windows\System\gwjRiCw.exe
  2⤵
  PID:11980
- C:\Windows\System\bohMsZj.exe
  C:\Windows\System\bohMsZj.exe
  2⤵
  PID:12200
- C:\Windows\System\AmihlGN.exe
  C:\Windows\System\AmihlGN.exe
  2⤵
  PID:11916
- C:\Windows\System\TaGeXiJ.exe
  C:\Windows\System\TaGeXiJ.exe
  2⤵
  PID:11968
- C:\Windows\System\pPvxsjG.exe
  C:\Windows\System\pPvxsjG.exe
  2⤵
  PID:11484
- C:\Windows\System\YHNtkph.exe
  C:\Windows\System\YHNtkph.exe
  2⤵
  PID:12292
- C:\Windows\System\DoKwZQM.exe
  C:\Windows\System\DoKwZQM.exe
  2⤵
  PID:12320
- C:\Windows\System\kjTDGBb.exe
  C:\Windows\System\kjTDGBb.exe
  2⤵
  PID:12348
- C:\Windows\System\sHgDYFg.exe
  C:\Windows\System\sHgDYFg.exe
  2⤵
  PID:12372
- C:\Windows\System\CZBBUNf.exe
  C:\Windows\System\CZBBUNf.exe
  2⤵
  PID:12396
- C:\Windows\System\rpTZDll.exe
  C:\Windows\System\rpTZDll.exe
  2⤵
  PID:12424
- C:\Windows\System\TDwZBAA.exe
  C:\Windows\System\TDwZBAA.exe
  2⤵
  PID:12444
- C:\Windows\System\tokWdBQ.exe
  C:\Windows\System\tokWdBQ.exe
  2⤵
  PID:12488
- C:\Windows\System\gBMxxye.exe
  C:\Windows\System\gBMxxye.exe
  2⤵
  PID:12512
- C:\Windows\System\xqSEGoW.exe
  C:\Windows\System\xqSEGoW.exe
  2⤵
  PID:12536
- C:\Windows\System\vtwVkJK.exe
  C:\Windows\System\vtwVkJK.exe
  2⤵
  PID:12568
- C:\Windows\System\CalYzMC.exe
  C:\Windows\System\CalYzMC.exe
  2⤵
  PID:12604
- C:\Windows\System\sRdYvaZ.exe
  C:\Windows\System\sRdYvaZ.exe
  2⤵
  PID:12624
- C:\Windows\System\IAefSnt.exe
  C:\Windows\System\IAefSnt.exe
  2⤵
  PID:12640
- C:\Windows\System\SkDqOMJ.exe
  C:\Windows\System\SkDqOMJ.exe
  2⤵
  PID:12664
- C:\Windows\System\OBUeEVX.exe
  C:\Windows\System\OBUeEVX.exe
  2⤵
  PID:12712
- C:\Windows\System\FVIjWdN.exe
  C:\Windows\System\FVIjWdN.exe
  2⤵
  PID:12752
- C:\Windows\System\meGzIeB.exe
  C:\Windows\System\meGzIeB.exe
  2⤵
  PID:12768
- C:\Windows\System\tiTtDcG.exe
  C:\Windows\System\tiTtDcG.exe
  2⤵
  PID:12800
- C:\Windows\System\NmeAaxs.exe
  C:\Windows\System\NmeAaxs.exe
  2⤵
  PID:12824
- C:\Windows\System\DDQymbP.exe
  C:\Windows\System\DDQymbP.exe
  2⤵
  PID:12848
- C:\Windows\System\nBXbFNR.exe
  C:\Windows\System\nBXbFNR.exe
  2⤵
  PID:12872
- C:\Windows\System\JhZiyrg.exe
  C:\Windows\System\JhZiyrg.exe
  2⤵
  PID:12912
- C:\Windows\System\EFMBbsn.exe
  C:\Windows\System\EFMBbsn.exe
  2⤵
  PID:12932
- C:\Windows\System\QaIHrax.exe
  C:\Windows\System\QaIHrax.exe
  2⤵
  PID:12956
- C:\Windows\System\MiEPQqh.exe
  C:\Windows\System\MiEPQqh.exe
  2⤵
  PID:12980
- C:\Windows\System\MGQyQsq.exe
  C:\Windows\System\MGQyQsq.exe
  2⤵
  PID:13000
- C:\Windows\System\jRSrsdQ.exe
  C:\Windows\System\jRSrsdQ.exe
  2⤵
  PID:13040
- C:\Windows\System\eNRcjsL.exe
  C:\Windows\System\eNRcjsL.exe
  2⤵
  PID:13068
- C:\Windows\System\kRwefSY.exe
  C:\Windows\System\kRwefSY.exe
  2⤵
  PID:13088
- C:\Windows\System\qOmLiGB.exe
  C:\Windows\System\qOmLiGB.exe
  2⤵
  PID:13120
- C:\Windows\System\zmNzgWw.exe
  C:\Windows\System\zmNzgWw.exe
  2⤵
  PID:13140
- C:\Windows\System\yfEnGjZ.exe
  C:\Windows\System\yfEnGjZ.exe
  2⤵
  PID:13164
- C:\Windows\System\eDgYgcp.exe
  C:\Windows\System\eDgYgcp.exe
  2⤵
  PID:13196
- C:\Windows\System\AWkNFmv.exe
  C:\Windows\System\AWkNFmv.exe
  2⤵
  PID:13224
- C:\Windows\System\QeuEKNM.exe
  C:\Windows\System\QeuEKNM.exe
  2⤵
  PID:13252
- C:\Windows\System\oBHeuon.exe
  C:\Windows\System\oBHeuon.exe
  2⤵
  PID:13276
- C:\Windows\System\ePUnUro.exe
  C:\Windows\System\ePUnUro.exe
  2⤵
  PID:13292
- C:\Windows\System\CPxIXTJ.exe
  C:\Windows\System\CPxIXTJ.exe
  2⤵
  PID:13308
- C:\Windows\System\DvdCexf.exe
  C:\Windows\System\DvdCexf.exe
  2⤵
  PID:12340
- C:\Windows\System\SwqQBfA.exe
  C:\Windows\System\SwqQBfA.exe
  2⤵
  PID:12432
- C:\Windows\System\XkyKtso.exe
  C:\Windows\System\XkyKtso.exe
  2⤵
  PID:12472
- C:\Windows\System\SRWkifU.exe
  C:\Windows\System\SRWkifU.exe
  2⤵
  PID:1712
- C:\Windows\System\pWbxPIe.exe
  C:\Windows\System\pWbxPIe.exe
  2⤵
  PID:12636
- C:\Windows\System\rZdHsGZ.exe
  C:\Windows\System\rZdHsGZ.exe
  2⤵
  PID:12632
- C:\Windows\System\YfTDDXw.exe
  C:\Windows\System\YfTDDXw.exe
  2⤵
  PID:12744
- C:\Windows\System\lwakjBg.exe
  C:\Windows\System\lwakjBg.exe
  2⤵
  PID:12812
- C:\Windows\System\whKzOqN.exe
  C:\Windows\System\whKzOqN.exe
  2⤵
  PID:12860
- C:\Windows\System\qEpotcG.exe
  C:\Windows\System\qEpotcG.exe
  2⤵
  PID:12944
- C:\Windows\System\mBlWWcM.exe
  C:\Windows\System\mBlWWcM.exe
  2⤵
  PID:12928
- C:\Windows\System\LPzrawF.exe
  C:\Windows\System\LPzrawF.exe
  2⤵
  PID:13012
- C:\Windows\System\ltDNumW.exe
  C:\Windows\System\ltDNumW.exe
  2⤵
  PID:13128
- C:\Windows\System\QXySlwO.exe
  C:\Windows\System\QXySlwO.exe
  2⤵
  PID:13208
- C:\Windows\System\tXSEzPm.exe
  C:\Windows\System\tXSEzPm.exe
  2⤵
  PID:13240
- C:\Windows\System\JRGOonR.exe
  C:\Windows\System\JRGOonR.exe
  2⤵
  PID:13260
- C:\Windows\System\UdLknmA.exe
  C:\Windows\System\UdLknmA.exe
  2⤵
  PID:12328
- C:\Windows\System\RoQNxKd.exe
  C:\Windows\System\RoQNxKd.exe
  2⤵
  PID:13304
- C:\Windows\System\YnrdrKx.exe
  C:\Windows\System\YnrdrKx.exe
  2⤵
  PID:2696
- C:\Windows\System\AdLeiSq.exe
  C:\Windows\System\AdLeiSq.exe
  2⤵
  PID:12256
- C:\Windows\System\NAeGmQK.exe
  C:\Windows\System\NAeGmQK.exe
  2⤵
  PID:3804
- C:\Windows\System\vyHdXyN.exe
  C:\Windows\System\vyHdXyN.exe
  2⤵
  PID:12868
- C:\Windows\System\OIdFYcI.exe
  C:\Windows\System\OIdFYcI.exe
  2⤵
  PID:13052
- C:\Windows\System\TZGowwK.exe
  C:\Windows\System\TZGowwK.exe
  2⤵
  PID:4256
- C:\Windows\System\UXbCCBm.exe
  C:\Windows\System\UXbCCBm.exe
  2⤵
  PID:13284
- C:\Windows\System\DazmKLo.exe
  C:\Windows\System\DazmKLo.exe
  2⤵
  PID:1288
- C:\Windows\System\gEbLWRT.exe
  C:\Windows\System\gEbLWRT.exe
  2⤵
  PID:12468
- C:\Windows\System\HsOGHBb.exe
  C:\Windows\System\HsOGHBb.exe
  2⤵
  PID:12728
- C:\Windows\System\ywgKbvk.exe
  C:\Windows\System\ywgKbvk.exe
  2⤵
  PID:12584
- C:\Windows\System\sGZCnju.exe
  C:\Windows\System\sGZCnju.exe
  2⤵
  PID:12684
- C:\Windows\System\QqFVrwk.exe
  C:\Windows\System\QqFVrwk.exe
  2⤵
  PID:13344
- C:\Windows\System\GRsnkmd.exe
  C:\Windows\System\GRsnkmd.exe
  2⤵
  PID:13360
- C:\Windows\System\OLZyEIl.exe
  C:\Windows\System\OLZyEIl.exe
  2⤵
  PID:13396
- C:\Windows\System\kpwVSID.exe
  C:\Windows\System\kpwVSID.exe
  2⤵
  PID:13416
- C:\Windows\System\NFkXkWL.exe
  C:\Windows\System\NFkXkWL.exe
  2⤵
  PID:13452
- C:\Windows\System\MNaImlh.exe
  C:\Windows\System\MNaImlh.exe
  2⤵
  PID:13472
- C:\Windows\System\GVMKSlx.exe
  C:\Windows\System\GVMKSlx.exe
  2⤵
  PID:13492
- C:\Windows\System\igunkrX.exe
  C:\Windows\System\igunkrX.exe
  2⤵
  PID:13524
- C:\Windows\System\QLRLdzw.exe
  C:\Windows\System\QLRLdzw.exe
  2⤵
  PID:13560
- C:\Windows\System\UPTsBjV.exe
  C:\Windows\System\UPTsBjV.exe
  2⤵
  PID:13596
- C:\Windows\System\etaMgCR.exe
  C:\Windows\System\etaMgCR.exe
  2⤵
  PID:13624
- C:\Windows\System\MdXUNfS.exe
  C:\Windows\System\MdXUNfS.exe
  2⤵
  PID:13644
- C:\Windows\System\zoTGiha.exe
  C:\Windows\System\zoTGiha.exe
  2⤵
  PID:13668
- C:\Windows\System\zsmKmbu.exe
  C:\Windows\System\zsmKmbu.exe
  2⤵
  PID:13700
- C:\Windows\System\dLVdXQD.exe
  C:\Windows\System\dLVdXQD.exe
  2⤵
  PID:13728
- C:\Windows\System\dXdmRPD.exe
  C:\Windows\System\dXdmRPD.exe
  2⤵
  PID:13768
- C:\Windows\System\TXTMuGd.exe
  C:\Windows\System\TXTMuGd.exe
  2⤵
  PID:13792
- C:\Windows\System\BFMHGiD.exe
  C:\Windows\System\BFMHGiD.exe
  2⤵
  PID:13820
- C:\Windows\System\yESeWFe.exe
  C:\Windows\System\yESeWFe.exe
  2⤵
  PID:13840
- C:\Windows\System\ABGCBsU.exe
  C:\Windows\System\ABGCBsU.exe
  2⤵
  PID:13860
- C:\Windows\System\GNEOMvB.exe
  C:\Windows\System\GNEOMvB.exe
  2⤵
  PID:13880
- C:\Windows\System\hXAhJSM.exe
  C:\Windows\System\hXAhJSM.exe
  2⤵
  PID:13908
- C:\Windows\System\zTTLpWS.exe
  C:\Windows\System\zTTLpWS.exe
  2⤵
  PID:13932
- C:\Windows\System\snkzsge.exe
  C:\Windows\System\snkzsge.exe
  2⤵
  PID:13960
- C:\Windows\System\eeksTka.exe
  C:\Windows\System\eeksTka.exe
  2⤵
  PID:13984
- C:\Windows\System\PJbFVlq.exe
  C:\Windows\System\PJbFVlq.exe
  2⤵
  PID:14008
- C:\Windows\System\idArDgf.exe
  C:\Windows\System\idArDgf.exe
  2⤵
  PID:14028
- C:\Windows\System\PtzsSyB.exe
  C:\Windows\System\PtzsSyB.exe
  2⤵
  PID:14052
- C:\Windows\System\qHlYYOa.exe
  C:\Windows\System\qHlYYOa.exe
  2⤵
  PID:14072
- C:\Windows\System\GQkGUoY.exe
  C:\Windows\System\GQkGUoY.exe
  2⤵
  PID:14100
- C:\Windows\System\jPKrHEt.exe
  C:\Windows\System\jPKrHEt.exe
  2⤵
  PID:14128
- C:\Windows\System\zFKbnmW.exe
  C:\Windows\System\zFKbnmW.exe
  2⤵
  PID:14152
- C:\Windows\System\gJGcKnM.exe
  C:\Windows\System\gJGcKnM.exe
  2⤵
  PID:14216
- C:\Windows\System\lLbGuAA.exe
  C:\Windows\System\lLbGuAA.exe
  2⤵
  PID:14272
- C:\Windows\System\bLDQoCS.exe
  C:\Windows\System\bLDQoCS.exe
  2⤵
  PID:14296
- C:\Windows\System\lnUfaon.exe
  C:\Windows\System\lnUfaon.exe
  2⤵
  PID:14316
- C:\Windows\System\wJDwUmA.exe
  C:\Windows\System\wJDwUmA.exe
  2⤵
  PID:12832
- C:\Windows\System\vQOqqbL.exe
  C:\Windows\System\vQOqqbL.exe
  2⤵
  PID:13316
- C:\Windows\System\AEkqjMX.exe
  C:\Windows\System\AEkqjMX.exe
  2⤵
  PID:13388
- C:\Windows\System\jNQbEOZ.exe
  C:\Windows\System\jNQbEOZ.exe
  2⤵
  PID:12676
- C:\Windows\System\ATMNabu.exe
  C:\Windows\System\ATMNabu.exe
  2⤵
  PID:13444
- C:\Windows\System\kDaKECd.exe
  C:\Windows\System\kDaKECd.exe
  2⤵
  PID:13464
- C:\Windows\System\oALBTfn.exe
  C:\Windows\System\oALBTfn.exe
  2⤵
  PID:13604
- C:\Windows\System\SQEehzY.exe
  C:\Windows\System\SQEehzY.exe
  2⤵
  PID:13676
- C:\Windows\System\uQgWXRT.exe
  C:\Windows\System\uQgWXRT.exe
  2⤵
  PID:13748
- C:\Windows\System\PmnqkOO.exe
  C:\Windows\System\PmnqkOO.exe
  2⤵
  PID:13848
- C:\Windows\System\WiubtHu.exe
  C:\Windows\System\WiubtHu.exe
  2⤵
  PID:13868
- C:\Windows\System\mCheJsz.exe
  C:\Windows\System\mCheJsz.exe
  2⤵
  PID:13948
- C:\Windows\System\LBRLmWX.exe
  C:\Windows\System\LBRLmWX.exe
  2⤵
  PID:14024
- C:\Windows\System\sXqdENT.exe
  C:\Windows\System\sXqdENT.exe
  2⤵
  PID:14048
- C:\Windows\System\QNyuWhh.exe
  C:\Windows\System\QNyuWhh.exe
  2⤵
  PID:14148
- C:\Windows\System\xZbSfkn.exe
  C:\Windows\System\xZbSfkn.exe
  2⤵
  PID:14248

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AAzTQaO.exe

Filesize
1.9MB

MD5
0b89338a86c7096608d5b18cd5ff771c

SHA1
7f40a11e0a280ac360668c6a75dd1dd6e52c7004

SHA256
1f79ce0766afed7e18ed1fa6a6b5274240675ddb1217588f2fa0c35e5d347a40

SHA512
16e850f27804bd1e3eb1b73a51f1da68e7a3c3235ea9b4a218ce55b9275b6873ba63d4e264096d5b463ef06d323a81bc469e145a52746cdfd32ffe91ce08ed88

Download Submit
C:\Windows\System\BZeTYcM.exe

Filesize
1.9MB

MD5
8d295e55667653a971c2bdb0678fc295

SHA1
217b7f39906b31969af5944d5a3c61d5e747fa81

SHA256
932293484efa7947967db7740e465890243ddea5ab6ac5fae0b3c9d0286fa4cb

SHA512
c3a56ab0dd63843bd5ae05a89bf69488200b06b9fd7a69125e86fb119e21447653bea63aa45ad2152b8611b5dc26d0eef86354623b92e7025c439565a103e704

Download Submit
C:\Windows\System\CNecIEW.exe

Filesize
1.9MB

MD5
00044b612173a76031bdc9440f56ecd9

SHA1
0979aa4a7b3a84e46c452685a6a68fb851bb5172

SHA256
fcd95de99805e6b86005d3b43781493ca31745d625d859835907ad6dbe860fe6

SHA512
f618916df0376db93e3b30b7e707c591bc797f5ce97caf1395502da9f4c7c48abbc2e286c5aa954d10d92b0c899a67c23b082be95cd91319d33955174c224c97

Download Submit
C:\Windows\System\GFoFQXY.exe

Filesize
1.9MB

MD5
ccf3e52a479038776b9f11300fa98a02

SHA1
7f5467a0a453adf518c4319bac7ec88533789fb8

SHA256
3a5f1b36b1661f939ee58fb7cff0fdbb433192536a01c47d37c284307130d185

SHA512
ac0ffa5d3c76d14619318831443c82306048d3fb41ba6f60dd12d5e76655c77fbae18ce19e0cb3cdeec29a95f455bf88e3dcf2ba5f0446ce34c3c548225c8a0d

Download Submit
C:\Windows\System\GZthWsY.exe

Filesize
1.9MB

MD5
18c88a5318aec2327bf6441fbddbd2e6

SHA1
f99a8df3c17736b167b216d8f8a23f2e825732f2

SHA256
1603049927b566ee03e1e0d645497d7c9f2bfd44c1ebf0d9e917a66ce5653827

SHA512
4dcb2da34e591d544d85609a573cac72f084de30a5f93a1502201dfe8964336a724dbb744d00bb27b21f73628763588a70f15eb3c812495666fabcbf95f24a4d

Download Submit
C:\Windows\System\GiKaAbK.exe

Filesize
1.9MB

MD5
7cb3bada15e281da7f7a50429acf29c6

SHA1
edff0736b27cb5592571b9ae5b4bbce78a134701

SHA256
d41af52033a39c90d083a17b07063c9d2e6990fc9bf656e3e68d0fa25b3eb187

SHA512
ede3b231d3d55f4dae1a5169bfb7408985896820eb7bd3dbc4f056da2c7179119cb438ddbf2b8f7c4a8a1c3fa37bd587481c395f7ee395308843d18ff6a6a4c4

Download Submit
C:\Windows\System\GuIdDlp.exe

Filesize
1.9MB

MD5
71f8a8c8ff219728c78f7a51d9362cde

SHA1
20f2a9bf9666225140f3e9d80c4349f6cdcba9af

SHA256
f1d17cfe8ea3048a9f25468fd9b4e2deca16e2057b8e5ef9fd5b2f8ffc209b4e

SHA512
5bbed273ece0a337f9a0875fa38b4ba5228f282794091bd156de4f5eee100e820d91acbefca06d7e6a721ebdc506473d4e0749337d849ab591eb4146a121ffcc

Download Submit
C:\Windows\System\KZfkTvl.exe

Filesize
1.9MB

MD5
0adb7889e20e9c594bc8ad61ae1f2f7e

SHA1
9692220267804a5b104645ffb84a670b45eafa04

SHA256
82950a443e09ee7c330a82e4db23accf823baf4507dfd1e503c8284e1919e427

SHA512
aed0f9251e19ff34e87d523a16f27f739049af61a2b501fcbc2639d04ffcfc4553633c54f4d643a235391b88700f457e1282b1934e262b5d3fca0ea08eddbda3

Download Submit
C:\Windows\System\PncquOx.exe

Filesize
1.9MB

MD5
04491543482f64365515666cac3ef36d

SHA1
d5e4864c489ec71e5bf2d95822d1a6840b69eacf

SHA256
f01af154c970d8990a84649283375b3e1fdee24086bdd837b7f4cbad055ec1a9

SHA512
b043c013e276a6f0eabea7486a3e17895c4099f30f21779da25e099fe8fe398e48c564321ec97ab02b8e5bea0da4f96957c246b694fe1efa2c6b93c6ac82e8d7

Download Submit
C:\Windows\System\QRXclLn.exe

Filesize
1.9MB

MD5
ae14d9cc5aef83caea92b939da3f1228

SHA1
682e2aac0c22af840b26a5d15c3136ff9ff27852

SHA256
12089815090edd918fc5454e8b3069eeb8cabfafe60dc97309a463e7ce28b7e6

SHA512
a49e3c53a815a18e971745ec69a920892251af1b2c2f249db51e02f33537f23810f1338c3ede6d789e27867a0c564ff50616590a105e5f47d319bc81bc1f4884

Download Submit
C:\Windows\System\UldjzUK.exe

Filesize
1.9MB

MD5
c5cc37ca9e893d36eb0e1115a91d3d35

SHA1
afb143974bceaa2f0fe948156635dc2abf8dea43

SHA256
b5d7dc157114aa2aca1b06df5623ecc3b0624ae1d427167bbc628f5e10ca371b

SHA512
dc6428e58b317207f393470bb55919d0d95d7ccf190bcc9a77ad64d351ab6681c1c409875654498a3e529d036b71fcf7653d8165ad060155d5691938f214b21f

Download Submit
C:\Windows\System\WUXYxsf.exe

Filesize
1.9MB

MD5
63c4b6c6182c034c5771fcc239a7208e

SHA1
eeb6ea570cba4508e3bd8c680005ba1d17db7ec3

SHA256
caf8b7a34263e1d035748fcb5679408be9082791d97963c99f443bc323c7d0aa

SHA512
4524090e0863a2a58109ebd67d00b85c8bac1f3b49a761ba238f92303d88ba85c661b7ae651b636cd62b4a4590b3d14d88df2128eacc33ebeff0d8c3ecf3d921

Download Submit
C:\Windows\System\WoiLtVI.exe

Filesize
1.9MB

MD5
e58ec2f46cb0a035ce2973746d402265

SHA1
92a9077acaa5b8b0548d7784dcdf524e4b30bb2e

SHA256
8391ded0ac711210520be4169e779c9f05a050b955e8c5525ea2f099fc65961c

SHA512
c41077cf91d66e972a0232243b7ed6e2d84ac773c9e1c5adac7ba0d8706ae8a4200b89a72ea92d8e6dba51979364ab734f5a4116aeed7078c97045fb93cc6c18

Download Submit
C:\Windows\System\XYFDLCR.exe

Filesize
1.9MB

MD5
4fa4f21f67aec2af1a80ec1cca2b0bca

SHA1
8093bf8c6a2ce976bbc5de7e1dfa5e5ade8871a0

SHA256
629e6c0a94989120301a8ccf1eddba61cf3045c4b1ebabaeef7fb985a009e369

SHA512
68c97dd2425b3ff0e8c7451a3b2b3eb5db0dc3ea25f0d0e47d89876057cb2a56846453c04886b2702997a4d6253838cd328b47c4d17b31a365bfe857b5c05366

Download Submit
C:\Windows\System\YoiIXUC.exe

Filesize
1.9MB

MD5
fc64eae57f7ef62f0f04e8aeb3dfb6ed

SHA1
acb1d2a94165dd2ec2cab1bf9d3bd7939fbe9023

SHA256
bf139ff440515ddadc09f4b8854ef9db2b9dfc8003fde99eab665d08e9cc5df5

SHA512
c98f70981f9e2c21a3fdf3fec5aad97662062f2b83f3835ec78b89efde08254b792e2beea5a6002abb3a2ac332f7f0e2a702312a58ee821b8f3dd40e3792f468

Download Submit
C:\Windows\System\aJwRAhR.exe

Filesize
1.9MB

MD5
99d4897cce138f9014c3db6cc278b8e8

SHA1
71fa7d5cafe4cc18efc601adae7f360a0cea121c

SHA256
3b7e6eb70ee28f696e6568f5b54bbc3dc05cb3f979a6f51ecbde5c60ae088cba

SHA512
7888766149ac687a58922f616d23e5e59cdf98b38460439eac4b80776ce3a761901b91658520933d0e3c53f06dd5c226139a487a321771b578a8e36208b04f39

Download Submit
C:\Windows\System\cLRNDmV.exe

Filesize
1.9MB

MD5
d299c90e39a3cdb3b028e41433b727ee

SHA1
e29069ba98c7e3847bc1bea2ad84145d000906f9

SHA256
fc1a01bdcf256c13ffc72b2befaecdd07f88665a1ebf686613422e169de89a16

SHA512
bc685aa3e85a179cd603116b0f6072015734cc681f391f1f50bfc068fea315a0f092e07b59333fe98b1b2f5ba06129cf9321d866a8fc549601199747954fba1e

Download Submit
C:\Windows\System\cuwZsNg.exe

Filesize
1.9MB

MD5
a30d4e8926f7fe105e58cc7a5dd6a435

SHA1
2fb8a03a59638d542af4479f3156ee45ec7db53f

SHA256
13cfe77187bb2e4aee671518d443b06091661392c9556d87f330db91ed501bbb

SHA512
fd4279c83379e67183fdf8e2d8e3cb36142342240ae49980c6aadde294620c10a649c9769bad832a38800867cfea883c7cf652840af7f307479651811c0eee2a

Download Submit
C:\Windows\System\flhbhZT.exe

Filesize
1.9MB

MD5
d261980d4fbcc99979a30a7e7236d7ff

SHA1
bdc736be391217d9fe03593aff5b9e9f96a4e47a

SHA256
6bf85a197bc6433ade39120a0c06210ab53b5c36316ddae8073b655af05e91e4

SHA512
b46a8406c65f0b5a067189a4565589f4812f4c4780e185cd35ea4c53fb1ba25ae2d4753b20bf0885685b2e640aa655e495995aa85bdc146dc3ec0938c4be73bc

Download Submit
C:\Windows\System\gNkNAQa.exe

Filesize
1.9MB

MD5
a74a2763d6fa1bbb85daf10049a9cc95

SHA1
360c556863b2d1e94494047baa934cee3adb9b7a

SHA256
e333e3af1470d4945ad5cdc897c4e98cc7b7254161d6aeb163d16a8bc4ff8ca4

SHA512
2fcc29c3476c59a817d9a28102abee9f830a02a3e18ca4722f578ddf8338a2dcbdacf9576ad8d38e96277a10848a35001127776193a811567697418a79dc1670

Download Submit
C:\Windows\System\grGgsvW.exe

Filesize
1.9MB

MD5
9cdd27c36d7e904d91b8d21d9dd2a70e

SHA1
2188d4aee00fdd796fc252e4314a56bf68d8612b

SHA256
8c8389b3c0d1c08e056215a9f0ae32fbb2ecfeb5a2b8a8b930cd4427e8905f39

SHA512
b50aa46e3ec29f39e4eb30f2276efc9e931694a0cc85410deef4c6436fa08aa5528e80d46fba320aca9434f9a0ee32139b8dc0d32bbdc8162f4efc7c18dc3eea

Download Submit
C:\Windows\System\hZPbvnq.exe

Filesize
1.9MB

MD5
5203ea09ea1bf4624d8b023e6ec2d82f

SHA1
e84dfb52ed1998de85fc12da29d836cb697aecbb

SHA256
a4c315b04c5a5bf44725036b522af019265662c2dc75596e1eb96f877156955b

SHA512
f6cb492f2f629b0d917122d0e416254168a0a043ef29032e38eb2e774676af64ea7212d34db089fc803071c51c4152293117dd3a2242a07c265c75095b338aa3

Download Submit
C:\Windows\System\hxjsNck.exe

Filesize
1.9MB

MD5
a71e0dc49ba7cf282ac68ada9878dade

SHA1
50bc8a4aab69d4ba6a71e9b830aabbb607d76abb

SHA256
9212f0994e0a5cd62e37985f929c5cacedb269b5e5728c7f1402d284530882d4

SHA512
be0111b095a6d00f7f90a999d0240b445a973aba951e36d9d2839a1726c3c11c423abb8da211e2c2aee3833ac9063693fb63a507c091ac3e0b8dc7785f1ba8ac

Download Submit
C:\Windows\System\mRBPXHj.exe

Filesize
1.9MB

MD5
001202fb4e32896a3212d7363a556295

SHA1
6467ac9302fb4cfbdc4bf1398166a23535d9be7c

SHA256
eeac0025e7098a5e2135b2b27ecfbfff84bfcf582ada9b8597560b86e4f4e8af

SHA512
541178695f6cecaf0266cf984a464f4734e471d9cfb5443bc7e991272a92d602c657a3fe447ab143a6cb9e125f78a5bc9bacbca4c3f8524f04e0347c1ac079c3

Download Submit
C:\Windows\System\ncxaRiq.exe

Filesize
1.9MB

MD5
b67c471b1ed43fe2e580973609becef3

SHA1
779c45f340ad821294cb38175f1f5bcf28689fe6

SHA256
1209d577f85e575c927cf7e1fccc33ecd3315c7443d1cb87748001d3da776977

SHA512
2255c7f5ec7c11fdd2f1b09f7a30b69a8a54badd81e03bf55dcf28f69eeee6d86c0f748dc2a2c1319b9a4f8c5fa27d44f77962c6a0fb511cd52ff02f57bcc4e9

Download Submit
C:\Windows\System\oSYpPqA.exe

Filesize
1.9MB

MD5
92e02bd8e063e658e0725fa3c8a625c2

SHA1
e076707fd1b240a27f9b1ff0fd5577ff9a2eadf9

SHA256
d603e53c3383504ca0792273b50b8d4805010370ee47a7a92c4e123d9a04517f

SHA512
91b52683c5bee924b2faae20c4efa2d9135a2b452fc79c8c1be6d252b513b2c5fe0dbe7a8a93c44409251dc6cb6ff3239528e1d9b07a1fe6984044a9de185275

Download Submit
C:\Windows\System\pelfVAT.exe

Filesize
1.9MB

MD5
2c0ac9048a1576ec676a3c8b621ca5d7

SHA1
5b5910153038ffd094728ad7f315336929c63098

SHA256
0d0edd9ee97622bfce7e7438374a1b67fea9a92e3db3136c90d30fcbadebe558

SHA512
6dfad24208c5c69a770bcda4a8d37dd2dcff768ae8b820909b4e449c56dea0e76bb69acc883518010482ae5cfec6afba9ec891575cf558906a90eed39a1df9cf

Download Submit
C:\Windows\System\pwvezMa.exe

Filesize
1.9MB

MD5
0d5a6ccd6967f9395e2becf834da4453

SHA1
c25b760af7f145d8742cddecea5f4fd5f4a00e40

SHA256
dbc0b4c15dcf56c139a34db0e996e1119a1a96202b522cfbb6f8ea0afb7a52e8

SHA512
2e597c2a7f6733f492973eff662754d60f21d791ebfc4f18ca0f53caa839b3c873e558d1767a5cd8290c1dc0b47e079735af002a8fb6e75f057c72e4650bcc98

Download Submit
C:\Windows\System\sTrsoYA.exe

Filesize
1.9MB

MD5
c83d3f6c00db3476d5b8fac7cbd2e160

SHA1
1c97feb48ea66720c7389d0086bf21c6faeb1737

SHA256
dc96207fa02ca6e963a49dcdc2434f08a87c4e33791c9a6a270a114e8f23d5e2

SHA512
f1a20a0ecfa4dfcdbba731636828e1ecde95ac27d74229a2afce4fccda739061359d493fe4259002aa0170f7c2d9df5c9ce83dfcba0c62ffe41aa06873dfdaf4

Download Submit
C:\Windows\System\tXotLFO.exe

Filesize
1.9MB

MD5
405f39f15a8b945ff3c3fd55437693d8

SHA1
f3901d592d9954fa22f4851c6a015557b7ad23bb

SHA256
28d33d111a9a78e7b4c414ac93564bfe6fc8c49605f0bb94811b2e9a306091cf

SHA512
c7005f3e991571abb5339f7d83ffee35976cb19a1c65f4dd24f8e2d583f4ab547754df2b917aa8dacfd48ac7cc67505658501964e5f99969e554bbb706201047

Download Submit
C:\Windows\System\xZXBKVm.exe

Filesize
1.9MB

MD5
b3cddd91f1fc887f5fde71ddedb71c79

SHA1
100a2abdf5cf4e040d2e10f109fea4630e9b0c44

SHA256
a6e9fbf0ab89a6e2e9fe7f5221831829d0e68e63ca5a85386cce22869339b111

SHA512
f3456524dfd00d7388420afc0905d64c63723c753bb689b62e3e188c591692230e357624381321cfed6533666d00c28edc60a3cd7cd75965bc574f02418e391b

Download Submit
C:\Windows\System\zTMdEzn.exe

Filesize
1.9MB

MD5
f33eb4895b0dc235005b4409c1c06d3c

SHA1
7c330237089627823a98328284f1d580e6f6460a

SHA256
e482ead7e8ef0fb66fb0ae41cdff8e626cae67181b88b9e01382ec2f53d651aa

SHA512
d2a7e2223613c1bfa1eae87ffc43e31853d06e590ce859b9809b589f43d7ef1fa0ce5bf40265ba9994bdfa8b6a04d30044a91548729237bead7ae023224440af

Download Submit
C:\Windows\System\zskQzrt.exe

Filesize
1.9MB

MD5
c163810b4e4e7858f819266a49bfb249

SHA1
ab3968652fc4aa21c0feab2898a53cd30a243dc9

SHA256
c94e1a9434e9cf0b8278d4696c2074d1c536d61e59ccfd3dca79c405fb00ccec

SHA512
654a540aa7e4756ec8bd87ee89c4eb31cf282fc0c00a4c8101d068e56896db35014a5044cecca6c41571b2e8c09e94bf91d31131742adc778862c667db4adbf8

Download Submit
memory/612-459-0x00007FF72F930000-0x00007FF72FC81000-memory.dmp

Filesize
3.3MB

Download
memory/612-2277-0x00007FF72F930000-0x00007FF72FC81000-memory.dmp

Filesize
3.3MB

Download
memory/700-2293-0x00007FF686160000-0x00007FF6864B1000-memory.dmp

Filesize
3.3MB

Download
memory/700-465-0x00007FF686160000-0x00007FF6864B1000-memory.dmp

Filesize
3.3MB

Download
memory/1000-2298-0x00007FF61C290000-0x00007FF61C5E1000-memory.dmp

Filesize
3.3MB

Download
memory/1000-472-0x00007FF61C290000-0x00007FF61C5E1000-memory.dmp

Filesize
3.3MB

Download
memory/1108-461-0x00007FF74FA80000-0x00007FF74FDD1000-memory.dmp

Filesize
3.3MB

Download
memory/1108-2287-0x00007FF74FA80000-0x00007FF74FDD1000-memory.dmp

Filesize
3.3MB

Download
memory/1128-2271-0x00007FF6768E0000-0x00007FF676C31000-memory.dmp

Filesize
3.3MB

Download
memory/1128-452-0x00007FF6768E0000-0x00007FF676C31000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2255-0x00007FF6BD1D0000-0x00007FF6BD521000-memory.dmp

Filesize
3.3MB

Download
memory/1148-18-0x00007FF6BD1D0000-0x00007FF6BD521000-memory.dmp

Filesize
3.3MB

Download
memory/1508-466-0x00007FF6F3190000-0x00007FF6F34E1000-memory.dmp

Filesize
3.3MB

Download
memory/1508-2307-0x00007FF6F3190000-0x00007FF6F34E1000-memory.dmp

Filesize
3.3MB

Download
memory/1760-454-0x00007FF77C100000-0x00007FF77C451000-memory.dmp

Filesize
3.3MB

Download
memory/1760-2273-0x00007FF77C100000-0x00007FF77C451000-memory.dmp

Filesize
3.3MB

Download
memory/1844-478-0x00007FF66AEA0000-0x00007FF66B1F1000-memory.dmp

Filesize
3.3MB

Download
memory/1844-2265-0x00007FF66AEA0000-0x00007FF66B1F1000-memory.dmp

Filesize
3.3MB

Download
memory/2088-2263-0x00007FF61BD60000-0x00007FF61C0B1000-memory.dmp

Filesize
3.3MB

Download
memory/2088-2207-0x00007FF61BD60000-0x00007FF61C0B1000-memory.dmp

Filesize
3.3MB

Download
memory/2088-34-0x00007FF61BD60000-0x00007FF61C0B1000-memory.dmp

Filesize
3.3MB

Download
memory/2304-2289-0x00007FF757FD0000-0x00007FF758321000-memory.dmp

Filesize
3.3MB

Download
memory/2304-463-0x00007FF757FD0000-0x00007FF758321000-memory.dmp

Filesize
3.3MB

Download
memory/2368-2283-0x00007FF7E75F0000-0x00007FF7E7941000-memory.dmp

Filesize
3.3MB

Download
memory/2368-460-0x00007FF7E75F0000-0x00007FF7E7941000-memory.dmp

Filesize
3.3MB

Download
memory/2388-464-0x00007FF7F7330000-0x00007FF7F7681000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2291-0x00007FF7F7330000-0x00007FF7F7681000-memory.dmp

Filesize
3.3MB

Download
memory/2428-2262-0x00007FF655150000-0x00007FF6554A1000-memory.dmp

Filesize
3.3MB

Download
memory/2428-451-0x00007FF655150000-0x00007FF6554A1000-memory.dmp

Filesize
3.3MB

Download
memory/2428-2233-0x00007FF655150000-0x00007FF6554A1000-memory.dmp

Filesize
3.3MB

Download
memory/2440-2279-0x00007FF65D650000-0x00007FF65D9A1000-memory.dmp

Filesize
3.3MB

Download
memory/2440-455-0x00007FF65D650000-0x00007FF65D9A1000-memory.dmp

Filesize
3.3MB

Download
memory/2872-457-0x00007FF6864C0000-0x00007FF686811000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2269-0x00007FF6864C0000-0x00007FF686811000-memory.dmp

Filesize
3.3MB

Download
memory/3240-468-0x00007FF7E5C10000-0x00007FF7E5F61000-memory.dmp

Filesize
3.3MB

Download
memory/3240-2312-0x00007FF7E5C10000-0x00007FF7E5F61000-memory.dmp

Filesize
3.3MB

Download
memory/3560-1-0x000002506E890000-0x000002506E8A0000-memory.dmp

Filesize
64KB

Download
memory/3560-0-0x00007FF6B96B0000-0x00007FF6B9A01000-memory.dmp

Filesize
3.3MB

Download
memory/3564-26-0x00007FF646D60000-0x00007FF6470B1000-memory.dmp

Filesize
3.3MB

Download
memory/3564-2259-0x00007FF646D60000-0x00007FF6470B1000-memory.dmp

Filesize
3.3MB

Download
memory/3564-2232-0x00007FF646D60000-0x00007FF6470B1000-memory.dmp

Filesize
3.3MB

Download
memory/3628-2253-0x00007FF646750000-0x00007FF646AA1000-memory.dmp

Filesize
3.3MB

Download
memory/3628-8-0x00007FF646750000-0x00007FF646AA1000-memory.dmp

Filesize
3.3MB

Download
memory/3632-2275-0x00007FF736E10000-0x00007FF737161000-memory.dmp

Filesize
3.3MB

Download
memory/3632-453-0x00007FF736E10000-0x00007FF737161000-memory.dmp

Filesize
3.3MB

Download
memory/4004-470-0x00007FF7085B0000-0x00007FF708901000-memory.dmp

Filesize
3.3MB

Download
memory/4004-2300-0x00007FF7085B0000-0x00007FF708901000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2281-0x00007FF77E9E0000-0x00007FF77ED31000-memory.dmp

Filesize
3.3MB

Download
memory/4092-456-0x00007FF77E9E0000-0x00007FF77ED31000-memory.dmp

Filesize
3.3MB

Download
memory/4160-473-0x00007FF77BA90000-0x00007FF77BDE1000-memory.dmp

Filesize
3.3MB

Download
memory/4160-2295-0x00007FF77BA90000-0x00007FF77BDE1000-memory.dmp

Filesize
3.3MB

Download
memory/4272-2257-0x00007FF6969C0000-0x00007FF696D11000-memory.dmp

Filesize
3.3MB

Download
memory/4272-2198-0x00007FF6969C0000-0x00007FF696D11000-memory.dmp

Filesize
3.3MB

Download
memory/4272-22-0x00007FF6969C0000-0x00007FF696D11000-memory.dmp

Filesize
3.3MB

Download
memory/4324-471-0x00007FF624CB0000-0x00007FF625001000-memory.dmp

Filesize
3.3MB

Download
memory/4324-2324-0x00007FF624CB0000-0x00007FF625001000-memory.dmp

Filesize
3.3MB

Download
memory/4648-462-0x00007FF69B5C0000-0x00007FF69B911000-memory.dmp

Filesize
3.3MB

Download
memory/4648-2285-0x00007FF69B5C0000-0x00007FF69B911000-memory.dmp

Filesize
3.3MB

Download
memory/4764-2314-0x00007FF682D50000-0x00007FF6830A1000-memory.dmp

Filesize
3.3MB

Download
memory/4764-467-0x00007FF682D50000-0x00007FF6830A1000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2267-0x00007FF6C7740000-0x00007FF6C7A91000-memory.dmp

Filesize
3.3MB

Download
memory/4908-458-0x00007FF6C7740000-0x00007FF6C7A91000-memory.dmp

Filesize
3.3MB

Download
memory/4912-2303-0x00007FF7B0340000-0x00007FF7B0691000-memory.dmp

Filesize
3.3MB

Download
memory/4912-469-0x00007FF7B0340000-0x00007FF7B0691000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads