xmrig | 742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
Size

3.0MB
MD5

3d81568f0768b99100b3c2de4619e310
SHA1

251cd5cbf71281fa1ccfa5c909c33831b5f82ddc
SHA256

742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21
SHA512

6f819d926ccf9943d3a31ad9c1cc2d84d7225203b76716e178cf3d26b368cc3c6563e74301c01bfcab4b990579b093640625afc246ab02e42d4affa3aae0d161
SSDEEP

49152:ROdWCCi7/rahFD2PrtGAQWl9/dknG62p+RMVSO22tVrN2d:RWWBibab

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 56 IoCs

miner

resource	yara_rule
behavioral2/memory/452-75-0x00007FF7AE710000-0x00007FF7AEA61000-memory.dmp	xmrig
behavioral2/memory/4400-100-0x00007FF7C6300000-0x00007FF7C6651000-memory.dmp	xmrig
behavioral2/memory/1968-102-0x00007FF765820000-0x00007FF765B71000-memory.dmp	xmrig
behavioral2/memory/2652-103-0x00007FF6FCDF0000-0x00007FF6FD141000-memory.dmp	xmrig
behavioral2/memory/1316-101-0x00007FF7D2F10000-0x00007FF7D3261000-memory.dmp	xmrig
behavioral2/memory/4360-94-0x00007FF7BBF60000-0x00007FF7BC2B1000-memory.dmp	xmrig
behavioral2/memory/1792-91-0x00007FF669090000-0x00007FF6693E1000-memory.dmp	xmrig
behavioral2/memory/4544-159-0x00007FF6692B0000-0x00007FF669601000-memory.dmp	xmrig
behavioral2/memory/3604-236-0x00007FF704D00000-0x00007FF705051000-memory.dmp	xmrig
behavioral2/memory/4528-235-0x00007FF70CED0000-0x00007FF70D221000-memory.dmp	xmrig
behavioral2/memory/1084-224-0x00007FF7C33C0000-0x00007FF7C3711000-memory.dmp	xmrig
behavioral2/memory/3088-141-0x00007FF6410B0000-0x00007FF641401000-memory.dmp	xmrig
behavioral2/memory/4192-124-0x00007FF73A450000-0x00007FF73A7A1000-memory.dmp	xmrig
behavioral2/memory/2504-2190-0x00007FF662440000-0x00007FF662791000-memory.dmp	xmrig
behavioral2/memory/3880-2225-0x00007FF64CA50000-0x00007FF64CDA1000-memory.dmp	xmrig
behavioral2/memory/4832-2227-0x00007FF7E2AA0000-0x00007FF7E2DF1000-memory.dmp	xmrig
behavioral2/memory/1236-2228-0x00007FF7ED310000-0x00007FF7ED661000-memory.dmp	xmrig
behavioral2/memory/3948-2226-0x00007FF6618F0000-0x00007FF661C41000-memory.dmp	xmrig
behavioral2/memory/884-2229-0x00007FF69C630000-0x00007FF69C981000-memory.dmp	xmrig
behavioral2/memory/4720-2234-0x00007FF73DE40000-0x00007FF73E191000-memory.dmp	xmrig
behavioral2/memory/3392-2233-0x00007FF681540000-0x00007FF681891000-memory.dmp	xmrig
behavioral2/memory/4036-2232-0x00007FF6189F0000-0x00007FF618D41000-memory.dmp	xmrig
behavioral2/memory/5048-2231-0x00007FF6D07B0000-0x00007FF6D0B01000-memory.dmp	xmrig
behavioral2/memory/1584-2230-0x00007FF7F49E0000-0x00007FF7F4D31000-memory.dmp	xmrig
behavioral2/memory/3880-2236-0x00007FF64CA50000-0x00007FF64CDA1000-memory.dmp	xmrig
behavioral2/memory/3948-2238-0x00007FF6618F0000-0x00007FF661C41000-memory.dmp	xmrig
behavioral2/memory/4400-2240-0x00007FF7C6300000-0x00007FF7C6651000-memory.dmp	xmrig
behavioral2/memory/884-2242-0x00007FF69C630000-0x00007FF69C981000-memory.dmp	xmrig
behavioral2/memory/1316-2254-0x00007FF7D2F10000-0x00007FF7D3261000-memory.dmp	xmrig
behavioral2/memory/4832-2252-0x00007FF7E2AA0000-0x00007FF7E2DF1000-memory.dmp	xmrig
behavioral2/memory/1792-2250-0x00007FF669090000-0x00007FF6693E1000-memory.dmp	xmrig
behavioral2/memory/1968-2248-0x00007FF765820000-0x00007FF765B71000-memory.dmp	xmrig
behavioral2/memory/1236-2246-0x00007FF7ED310000-0x00007FF7ED661000-memory.dmp	xmrig
behavioral2/memory/452-2244-0x00007FF7AE710000-0x00007FF7AEA61000-memory.dmp	xmrig
behavioral2/memory/4360-2256-0x00007FF7BBF60000-0x00007FF7BC2B1000-memory.dmp	xmrig
behavioral2/memory/2652-2258-0x00007FF6FCDF0000-0x00007FF6FD141000-memory.dmp	xmrig
behavioral2/memory/3756-2280-0x00007FF67F980000-0x00007FF67FCD1000-memory.dmp	xmrig
behavioral2/memory/5052-2306-0x00007FF6114D0000-0x00007FF611821000-memory.dmp	xmrig
behavioral2/memory/3088-2305-0x00007FF6410B0000-0x00007FF641401000-memory.dmp	xmrig
behavioral2/memory/4720-2308-0x00007FF73DE40000-0x00007FF73E191000-memory.dmp	xmrig
behavioral2/memory/5048-2310-0x00007FF6D07B0000-0x00007FF6D0B01000-memory.dmp	xmrig
behavioral2/memory/4192-2312-0x00007FF73A450000-0x00007FF73A7A1000-memory.dmp	xmrig
behavioral2/memory/4544-2316-0x00007FF6692B0000-0x00007FF669601000-memory.dmp	xmrig
behavioral2/memory/3088-2314-0x00007FF6410B0000-0x00007FF641401000-memory.dmp	xmrig
behavioral2/memory/3392-2318-0x00007FF681540000-0x00007FF681891000-memory.dmp	xmrig
behavioral2/memory/1584-2326-0x00007FF7F49E0000-0x00007FF7F4D31000-memory.dmp	xmrig
behavioral2/memory/4224-2325-0x00007FF7A5030000-0x00007FF7A5381000-memory.dmp	xmrig
behavioral2/memory/3756-2322-0x00007FF67F980000-0x00007FF67FCD1000-memory.dmp	xmrig
behavioral2/memory/4036-2320-0x00007FF6189F0000-0x00007FF618D41000-memory.dmp	xmrig
behavioral2/memory/4272-2330-0x00007FF6A2560000-0x00007FF6A28B1000-memory.dmp	xmrig
behavioral2/memory/3604-2335-0x00007FF704D00000-0x00007FF705051000-memory.dmp	xmrig
behavioral2/memory/1084-2338-0x00007FF7C33C0000-0x00007FF7C3711000-memory.dmp	xmrig
behavioral2/memory/4528-2328-0x00007FF70CED0000-0x00007FF70D221000-memory.dmp	xmrig
behavioral2/memory/1568-2341-0x00007FF7323A0000-0x00007FF7326F1000-memory.dmp	xmrig
behavioral2/memory/4884-2346-0x00007FF76C430000-0x00007FF76C781000-memory.dmp	xmrig
behavioral2/memory/5052-2343-0x00007FF6114D0000-0x00007FF611821000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3880	FXkLACN.exe
3948	fsZaEGf.exe
4400	kitYFjF.exe
884	sOoYMcs.exe
4832	oCSBlCh.exe
1316	qpsIoVf.exe
1236	Elssenr.exe
452	MFZZDUR.exe
1968	LGpzqbC.exe
1792	yDCkuZo.exe
4360	zPoJqIM.exe
1584	WbHCUSX.exe
2652	eevJfmd.exe
3756	xriEwfk.exe
5048	PzXxDWJ.exe
4036	XFPUiMp.exe
3392	KhJfUCH.exe
4720	iWPUKce.exe
4192	hcqCfNi.exe
4224	gDwLllZ.exe
3088	GlBEntY.exe
1084	SdlQmIi.exe
4884	IsAaXaG.exe
4272	DarudGA.exe
5052	DfKBQjS.exe
4544	TiTyzbl.exe
4528	rsDzhJS.exe
1568	bBTOwoH.exe
3604	vzibCWq.exe
3092	rYaDrtL.exe
1492	pgAWpBn.exe
1004	IzYQUVc.exe
3928	GjwnzgA.exe
5000	sbWKluW.exe
3720	jxYiRNd.exe
2104	xDZFRgw.exe
1412	BsCgRqk.exe
4220	IZcQVxg.exe
2060	cniZdmZ.exe
4304	nwXbOjJ.exe
3764	XQZlaGp.exe
4156	xfwqnYl.exe
4012	GHEzAWW.exe
1544	JtSxWWk.exe
4724	TNLirGB.exe
2876	JKKPGWR.exe
2252	hjzCuFJ.exe
3832	EmTYTHs.exe
4456	EZqClPT.exe
400	VgJdjIN.exe
1888	TsgLaij.exe
3652	Ryusnzx.exe
1488	lZTrNss.exe
2420	OMXIBTR.exe
836	pFGWodI.exe
3744	ncDKeWp.exe
2888	kqoiqTI.exe
2764	JoSYEYA.exe
4280	sfaHJjv.exe
1392	WXaVPpE.exe
2748	iyDpGWO.exe
2396	ZdHzIiC.exe
2260	YMmerTM.exe
4672	vhRDFpP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2504-0-0x00007FF662440000-0x00007FF662791000-memory.dmp	upx
behavioral2/files/0x0006000000022f3f-5.dat	upx
behavioral2/files/0x0007000000023407-18.dat	upx
behavioral2/files/0x000700000002340b-54.dat	upx
behavioral2/memory/452-75-0x00007FF7AE710000-0x00007FF7AEA61000-memory.dmp	upx
behavioral2/memory/1584-95-0x00007FF7F49E0000-0x00007FF7F4D31000-memory.dmp	upx
behavioral2/memory/4036-97-0x00007FF6189F0000-0x00007FF618D41000-memory.dmp	upx
behavioral2/memory/4400-100-0x00007FF7C6300000-0x00007FF7C6651000-memory.dmp	upx
behavioral2/memory/1968-102-0x00007FF765820000-0x00007FF765B71000-memory.dmp	upx
behavioral2/memory/3756-104-0x00007FF67F980000-0x00007FF67FCD1000-memory.dmp	upx
behavioral2/memory/2652-103-0x00007FF6FCDF0000-0x00007FF6FD141000-memory.dmp	upx
behavioral2/memory/1316-101-0x00007FF7D2F10000-0x00007FF7D3261000-memory.dmp	upx
behavioral2/memory/4720-99-0x00007FF73DE40000-0x00007FF73E191000-memory.dmp	upx
behavioral2/memory/3392-98-0x00007FF681540000-0x00007FF681891000-memory.dmp	upx
behavioral2/memory/5048-96-0x00007FF6D07B0000-0x00007FF6D0B01000-memory.dmp	upx
behavioral2/memory/4360-94-0x00007FF7BBF60000-0x00007FF7BC2B1000-memory.dmp	upx
behavioral2/memory/1792-91-0x00007FF669090000-0x00007FF6693E1000-memory.dmp	upx
behavioral2/files/0x0007000000023411-88.dat	upx
behavioral2/files/0x000700000002340f-81.dat	upx
behavioral2/files/0x000700000002340c-65.dat	upx
behavioral2/files/0x000700000002340e-61.dat	upx
behavioral2/files/0x000700000002340a-60.dat	upx
behavioral2/files/0x0007000000023409-50.dat	upx
behavioral2/memory/1236-49-0x00007FF7ED310000-0x00007FF7ED661000-memory.dmp	upx
behavioral2/files/0x000700000002340d-48.dat	upx
behavioral2/memory/4832-44-0x00007FF7E2AA0000-0x00007FF7E2DF1000-memory.dmp	upx
behavioral2/files/0x0007000000023410-71.dat	upx
behavioral2/files/0x0007000000023408-41.dat	upx
behavioral2/memory/884-28-0x00007FF69C630000-0x00007FF69C981000-memory.dmp	upx
behavioral2/files/0x0007000000023406-20.dat	upx
behavioral2/memory/3948-15-0x00007FF6618F0000-0x00007FF661C41000-memory.dmp	upx
behavioral2/memory/3880-11-0x00007FF64CA50000-0x00007FF64CDA1000-memory.dmp	upx
behavioral2/files/0x0007000000023416-90.dat	upx
behavioral2/files/0x0007000000023417-109.dat	upx
behavioral2/files/0x0007000000023419-114.dat	upx
behavioral2/files/0x000700000002341b-133.dat	upx
behavioral2/files/0x000700000002341e-151.dat	upx
behavioral2/files/0x00090000000233ee-168.dat	upx
behavioral2/files/0x0007000000023421-167.dat	upx
behavioral2/files/0x0007000000023420-162.dat	upx
behavioral2/memory/4544-159-0x00007FF6692B0000-0x00007FF669601000-memory.dmp	upx
behavioral2/files/0x000700000002341c-175.dat	upx
behavioral2/memory/3604-236-0x00007FF704D00000-0x00007FF705051000-memory.dmp	upx
behavioral2/memory/4528-235-0x00007FF70CED0000-0x00007FF70D221000-memory.dmp	upx
behavioral2/memory/1084-224-0x00007FF7C33C0000-0x00007FF7C3711000-memory.dmp	upx
behavioral2/files/0x000700000002341f-184.dat	upx
behavioral2/files/0x000700000002341a-179.dat	upx
behavioral2/files/0x0007000000023425-174.dat	upx
behavioral2/files/0x0007000000023424-173.dat	upx
behavioral2/files/0x0007000000023423-172.dat	upx
behavioral2/memory/1568-206-0x00007FF7323A0000-0x00007FF7326F1000-memory.dmp	upx
behavioral2/files/0x0007000000023422-171.dat	upx
behavioral2/memory/5052-158-0x00007FF6114D0000-0x00007FF611821000-memory.dmp	upx
behavioral2/files/0x0007000000023414-146.dat	upx
behavioral2/files/0x0007000000023415-145.dat	upx
behavioral2/memory/4272-144-0x00007FF6A2560000-0x00007FF6A28B1000-memory.dmp	upx
behavioral2/memory/4884-142-0x00007FF76C430000-0x00007FF76C781000-memory.dmp	upx
behavioral2/memory/3088-141-0x00007FF6410B0000-0x00007FF641401000-memory.dmp	upx
behavioral2/files/0x000700000002341d-139.dat	upx
behavioral2/files/0x0007000000023412-136.dat	upx
behavioral2/files/0x0007000000023418-131.dat	upx
behavioral2/memory/4224-125-0x00007FF7A5030000-0x00007FF7A5381000-memory.dmp	upx
behavioral2/memory/4192-124-0x00007FF73A450000-0x00007FF73A7A1000-memory.dmp	upx
behavioral2/files/0x0007000000023413-110.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jniVftW.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\BsCgRqk.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\lgshgwJ.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\jLJPEUn.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\BPduumF.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\DwkcPUc.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\rWOQNym.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\yAeKXjQ.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\DfKBQjS.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\XQZlaGp.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\TskvoIz.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\TeHazAe.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\YAYXhbS.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\tSblOsG.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\MrjlFMo.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\AHaHJgI.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\HUukYEI.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\lPrskRg.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\TeYMExF.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\ETvPfgE.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\DNRJtVE.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\QLSprIu.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\hjXJUok.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\LXVAUcz.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\yeIlICW.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\IhHbBKE.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\DfLJbCm.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\QgrwNdA.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\bBTOwoH.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\EmyjtDR.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\LxFazCi.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\hjEQvDy.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\dHSbHoU.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\pSGYXNH.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\qRSkSGi.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\OmnUmDf.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\dHfoUsn.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\xTSZwHr.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\LiTZXBL.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\PLreEJk.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\GqRdznq.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\ljyajSj.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\SaaMxSj.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\dukNJuQ.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\HurjZZO.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\GQDIvty.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\EcIcmza.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\uXrduMc.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\nScSpXq.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\mItAxNT.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\ARqWoYq.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\HABBohi.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\LdCpmMZ.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\lWKQBIw.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\wRTJLLc.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\hZBOIxA.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\pNiiKna.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\JKKPGWR.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\EwVjqAu.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\NxAnAkf.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\iEkgJRm.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\vszoyss.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\IDCDhKQ.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
File created	C:\Windows\System\YMseeCB.exe	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13712	dwm.exe
Token: SeChangeNotifyPrivilege	13712	dwm.exe
Token: 33	13712	dwm.exe
Token: SeIncBasePriorityPrivilege	13712	dwm.exe
Token: SeShutdownPrivilege	13712	dwm.exe
Token: SeCreatePagefilePrivilege	13712	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 3880	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	83
PID 2504 wrote to memory of 3880	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	83
PID 2504 wrote to memory of 3948	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	84
PID 2504 wrote to memory of 3948	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	84
PID 2504 wrote to memory of 4400	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	85
PID 2504 wrote to memory of 4400	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	85
PID 2504 wrote to memory of 884	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	86
PID 2504 wrote to memory of 884	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	86
PID 2504 wrote to memory of 4832	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	87
PID 2504 wrote to memory of 4832	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	87
PID 2504 wrote to memory of 1316	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	88
PID 2504 wrote to memory of 1316	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	88
PID 2504 wrote to memory of 1236	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	89
PID 2504 wrote to memory of 1236	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	89
PID 2504 wrote to memory of 452	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	90
PID 2504 wrote to memory of 452	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	90
PID 2504 wrote to memory of 1968	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	91
PID 2504 wrote to memory of 1968	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	91
PID 2504 wrote to memory of 1792	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	92
PID 2504 wrote to memory of 1792	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	92
PID 2504 wrote to memory of 4360	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	93
PID 2504 wrote to memory of 4360	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	93
PID 2504 wrote to memory of 1584	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	94
PID 2504 wrote to memory of 1584	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	94
PID 2504 wrote to memory of 2652	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	95
PID 2504 wrote to memory of 2652	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	95
PID 2504 wrote to memory of 3756	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	96
PID 2504 wrote to memory of 3756	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	96
PID 2504 wrote to memory of 5048	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	97
PID 2504 wrote to memory of 5048	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	97
PID 2504 wrote to memory of 4036	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	98
PID 2504 wrote to memory of 4036	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	98
PID 2504 wrote to memory of 3392	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	99
PID 2504 wrote to memory of 3392	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	99
PID 2504 wrote to memory of 4720	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	100
PID 2504 wrote to memory of 4720	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	100
PID 2504 wrote to memory of 3088	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	101
PID 2504 wrote to memory of 3088	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	101
PID 2504 wrote to memory of 4224	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	102
PID 2504 wrote to memory of 4224	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	102
PID 2504 wrote to memory of 4192	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	103
PID 2504 wrote to memory of 4192	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	103
PID 2504 wrote to memory of 1084	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	104
PID 2504 wrote to memory of 1084	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	104
PID 2504 wrote to memory of 4884	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	105
PID 2504 wrote to memory of 4884	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	105
PID 2504 wrote to memory of 4272	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	106
PID 2504 wrote to memory of 4272	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	106
PID 2504 wrote to memory of 5052	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	107
PID 2504 wrote to memory of 5052	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	107
PID 2504 wrote to memory of 4544	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	108
PID 2504 wrote to memory of 4544	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	108
PID 2504 wrote to memory of 4528	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	109
PID 2504 wrote to memory of 4528	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	109
PID 2504 wrote to memory of 1568	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	110
PID 2504 wrote to memory of 1568	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	110
PID 2504 wrote to memory of 3604	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	111
PID 2504 wrote to memory of 3604	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	111
PID 2504 wrote to memory of 3092	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	112
PID 2504 wrote to memory of 3092	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	112
PID 2504 wrote to memory of 1492	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	113
PID 2504 wrote to memory of 1492	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	113
PID 2504 wrote to memory of 1004	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	114
PID 2504 wrote to memory of 1004	2504	742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\742e419d2902ca04707c120b838d0576113bbca0ba494002ed6aa1b4856fea21_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\System\FXkLACN.exe
  C:\Windows\System\FXkLACN.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\fsZaEGf.exe
  C:\Windows\System\fsZaEGf.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\kitYFjF.exe
  C:\Windows\System\kitYFjF.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\sOoYMcs.exe
  C:\Windows\System\sOoYMcs.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\oCSBlCh.exe
  C:\Windows\System\oCSBlCh.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\qpsIoVf.exe
  C:\Windows\System\qpsIoVf.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\Elssenr.exe
  C:\Windows\System\Elssenr.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\MFZZDUR.exe
  C:\Windows\System\MFZZDUR.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\LGpzqbC.exe
  C:\Windows\System\LGpzqbC.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\yDCkuZo.exe
  C:\Windows\System\yDCkuZo.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\zPoJqIM.exe
  C:\Windows\System\zPoJqIM.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\WbHCUSX.exe
  C:\Windows\System\WbHCUSX.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\eevJfmd.exe
  C:\Windows\System\eevJfmd.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\xriEwfk.exe
  C:\Windows\System\xriEwfk.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\PzXxDWJ.exe
  C:\Windows\System\PzXxDWJ.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\XFPUiMp.exe
  C:\Windows\System\XFPUiMp.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\KhJfUCH.exe
  C:\Windows\System\KhJfUCH.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\iWPUKce.exe
  C:\Windows\System\iWPUKce.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\GlBEntY.exe
  C:\Windows\System\GlBEntY.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\gDwLllZ.exe
  C:\Windows\System\gDwLllZ.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\hcqCfNi.exe
  C:\Windows\System\hcqCfNi.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\SdlQmIi.exe
  C:\Windows\System\SdlQmIi.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\IsAaXaG.exe
  C:\Windows\System\IsAaXaG.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\DarudGA.exe
  C:\Windows\System\DarudGA.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\DfKBQjS.exe
  C:\Windows\System\DfKBQjS.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\TiTyzbl.exe
  C:\Windows\System\TiTyzbl.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\rsDzhJS.exe
  C:\Windows\System\rsDzhJS.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\bBTOwoH.exe
  C:\Windows\System\bBTOwoH.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\vzibCWq.exe
  C:\Windows\System\vzibCWq.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\rYaDrtL.exe
  C:\Windows\System\rYaDrtL.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\pgAWpBn.exe
  C:\Windows\System\pgAWpBn.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\IzYQUVc.exe
  C:\Windows\System\IzYQUVc.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\GjwnzgA.exe
  C:\Windows\System\GjwnzgA.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\sbWKluW.exe
  C:\Windows\System\sbWKluW.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\jxYiRNd.exe
  C:\Windows\System\jxYiRNd.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\xDZFRgw.exe
  C:\Windows\System\xDZFRgw.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\BsCgRqk.exe
  C:\Windows\System\BsCgRqk.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\IZcQVxg.exe
  C:\Windows\System\IZcQVxg.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\cniZdmZ.exe
  C:\Windows\System\cniZdmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\nwXbOjJ.exe
  C:\Windows\System\nwXbOjJ.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\XQZlaGp.exe
  C:\Windows\System\XQZlaGp.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\xfwqnYl.exe
  C:\Windows\System\xfwqnYl.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\GHEzAWW.exe
  C:\Windows\System\GHEzAWW.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\JtSxWWk.exe
  C:\Windows\System\JtSxWWk.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\TNLirGB.exe
  C:\Windows\System\TNLirGB.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\JKKPGWR.exe
  C:\Windows\System\JKKPGWR.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\hjzCuFJ.exe
  C:\Windows\System\hjzCuFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\EmTYTHs.exe
  C:\Windows\System\EmTYTHs.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\EZqClPT.exe
  C:\Windows\System\EZqClPT.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\VgJdjIN.exe
  C:\Windows\System\VgJdjIN.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\JoSYEYA.exe
  C:\Windows\System\JoSYEYA.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\TsgLaij.exe
  C:\Windows\System\TsgLaij.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\Ryusnzx.exe
  C:\Windows\System\Ryusnzx.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\lZTrNss.exe
  C:\Windows\System\lZTrNss.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\OMXIBTR.exe
  C:\Windows\System\OMXIBTR.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\pFGWodI.exe
  C:\Windows\System\pFGWodI.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\ncDKeWp.exe
  C:\Windows\System\ncDKeWp.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\kqoiqTI.exe
  C:\Windows\System\kqoiqTI.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\sfaHJjv.exe
  C:\Windows\System\sfaHJjv.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\WXaVPpE.exe
  C:\Windows\System\WXaVPpE.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\iyDpGWO.exe
  C:\Windows\System\iyDpGWO.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\ZdHzIiC.exe
  C:\Windows\System\ZdHzIiC.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\YMmerTM.exe
  C:\Windows\System\YMmerTM.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\vhRDFpP.exe
  C:\Windows\System\vhRDFpP.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\WXgWEKa.exe
  C:\Windows\System\WXgWEKa.exe
  2⤵
  PID:1952
- C:\Windows\System\HqylsCG.exe
  C:\Windows\System\HqylsCG.exe
  2⤵
  PID:4292
- C:\Windows\System\EwVjqAu.exe
  C:\Windows\System\EwVjqAu.exe
  2⤵
  PID:4092
- C:\Windows\System\CPLoIsw.exe
  C:\Windows\System\CPLoIsw.exe
  2⤵
  PID:4584
- C:\Windows\System\oQEiGTP.exe
  C:\Windows\System\oQEiGTP.exe
  2⤵
  PID:4072
- C:\Windows\System\VqorbRB.exe
  C:\Windows\System\VqorbRB.exe
  2⤵
  PID:408
- C:\Windows\System\AHaHJgI.exe
  C:\Windows\System\AHaHJgI.exe
  2⤵
  PID:736
- C:\Windows\System\SCWfkgr.exe
  C:\Windows\System\SCWfkgr.exe
  2⤵
  PID:1108
- C:\Windows\System\cWzLnyJ.exe
  C:\Windows\System\cWzLnyJ.exe
  2⤵
  PID:2904
- C:\Windows\System\DNRJtVE.exe
  C:\Windows\System\DNRJtVE.exe
  2⤵
  PID:1976
- C:\Windows\System\YWtMGLp.exe
  C:\Windows\System\YWtMGLp.exe
  2⤵
  PID:2588
- C:\Windows\System\fxkgVew.exe
  C:\Windows\System\fxkgVew.exe
  2⤵
  PID:4876
- C:\Windows\System\XkdWtfK.exe
  C:\Windows\System\XkdWtfK.exe
  2⤵
  PID:4768
- C:\Windows\System\bqXTbeO.exe
  C:\Windows\System\bqXTbeO.exe
  2⤵
  PID:4688
- C:\Windows\System\RSGPSpa.exe
  C:\Windows\System\RSGPSpa.exe
  2⤵
  PID:2932
- C:\Windows\System\cFPpSrq.exe
  C:\Windows\System\cFPpSrq.exe
  2⤵
  PID:2156
- C:\Windows\System\QSCiDTc.exe
  C:\Windows\System\QSCiDTc.exe
  2⤵
  PID:4264
- C:\Windows\System\RhoXozj.exe
  C:\Windows\System\RhoXozj.exe
  2⤵
  PID:1760
- C:\Windows\System\AVndEiM.exe
  C:\Windows\System\AVndEiM.exe
  2⤵
  PID:3024
- C:\Windows\System\QLSprIu.exe
  C:\Windows\System\QLSprIu.exe
  2⤵
  PID:5044
- C:\Windows\System\EmyjtDR.exe
  C:\Windows\System\EmyjtDR.exe
  2⤵
  PID:224
- C:\Windows\System\SriHkms.exe
  C:\Windows\System\SriHkms.exe
  2⤵
  PID:1984
- C:\Windows\System\GsUmGdk.exe
  C:\Windows\System\GsUmGdk.exe
  2⤵
  PID:64
- C:\Windows\System\QAEGMQF.exe
  C:\Windows\System\QAEGMQF.exe
  2⤵
  PID:756
- C:\Windows\System\uMieRhN.exe
  C:\Windows\System\uMieRhN.exe
  2⤵
  PID:5108
- C:\Windows\System\dSzJRWg.exe
  C:\Windows\System\dSzJRWg.exe
  2⤵
  PID:316
- C:\Windows\System\JklTMry.exe
  C:\Windows\System\JklTMry.exe
  2⤵
  PID:1744
- C:\Windows\System\iWSZKno.exe
  C:\Windows\System\iWSZKno.exe
  2⤵
  PID:1804
- C:\Windows\System\WXUVCde.exe
  C:\Windows\System\WXUVCde.exe
  2⤵
  PID:1668
- C:\Windows\System\LxFazCi.exe
  C:\Windows\System\LxFazCi.exe
  2⤵
  PID:3140
- C:\Windows\System\QoItohc.exe
  C:\Windows\System\QoItohc.exe
  2⤵
  PID:1424
- C:\Windows\System\zbTVZVi.exe
  C:\Windows\System\zbTVZVi.exe
  2⤵
  PID:4088
- C:\Windows\System\zvAckJz.exe
  C:\Windows\System\zvAckJz.exe
  2⤵
  PID:3848
- C:\Windows\System\NxAnAkf.exe
  C:\Windows\System\NxAnAkf.exe
  2⤵
  PID:4008
- C:\Windows\System\oTunZcs.exe
  C:\Windows\System\oTunZcs.exe
  2⤵
  PID:3488
- C:\Windows\System\bUFnOBy.exe
  C:\Windows\System\bUFnOBy.exe
  2⤵
  PID:1464
- C:\Windows\System\cdIjSHy.exe
  C:\Windows\System\cdIjSHy.exe
  2⤵
  PID:3332
- C:\Windows\System\KOgJduY.exe
  C:\Windows\System\KOgJduY.exe
  2⤵
  PID:888
- C:\Windows\System\ybzUfRy.exe
  C:\Windows\System\ybzUfRy.exe
  2⤵
  PID:3884
- C:\Windows\System\mWGVJBh.exe
  C:\Windows\System\mWGVJBh.exe
  2⤵
  PID:1556
- C:\Windows\System\qRehTkY.exe
  C:\Windows\System\qRehTkY.exe
  2⤵
  PID:4680
- C:\Windows\System\pDOhqYp.exe
  C:\Windows\System\pDOhqYp.exe
  2⤵
  PID:5156
- C:\Windows\System\TskvoIz.exe
  C:\Windows\System\TskvoIz.exe
  2⤵
  PID:5176
- C:\Windows\System\YlWMbGx.exe
  C:\Windows\System\YlWMbGx.exe
  2⤵
  PID:5204
- C:\Windows\System\wsOSbpo.exe
  C:\Windows\System\wsOSbpo.exe
  2⤵
  PID:5236
- C:\Windows\System\FzSGcfb.exe
  C:\Windows\System\FzSGcfb.exe
  2⤵
  PID:5268
- C:\Windows\System\juLyCoQ.exe
  C:\Windows\System\juLyCoQ.exe
  2⤵
  PID:5296
- C:\Windows\System\rNnfYet.exe
  C:\Windows\System\rNnfYet.exe
  2⤵
  PID:5316
- C:\Windows\System\KRQXuJR.exe
  C:\Windows\System\KRQXuJR.exe
  2⤵
  PID:5348
- C:\Windows\System\OlkzowB.exe
  C:\Windows\System\OlkzowB.exe
  2⤵
  PID:5368
- C:\Windows\System\MyREwDk.exe
  C:\Windows\System\MyREwDk.exe
  2⤵
  PID:5400
- C:\Windows\System\AMLbhui.exe
  C:\Windows\System\AMLbhui.exe
  2⤵
  PID:5428
- C:\Windows\System\agiKwgw.exe
  C:\Windows\System\agiKwgw.exe
  2⤵
  PID:5464
- C:\Windows\System\pjQMUig.exe
  C:\Windows\System\pjQMUig.exe
  2⤵
  PID:5492
- C:\Windows\System\LiTZXBL.exe
  C:\Windows\System\LiTZXBL.exe
  2⤵
  PID:5516
- C:\Windows\System\nwQJIhf.exe
  C:\Windows\System\nwQJIhf.exe
  2⤵
  PID:5544
- C:\Windows\System\MfuMLDA.exe
  C:\Windows\System\MfuMLDA.exe
  2⤵
  PID:5576
- C:\Windows\System\slLrURo.exe
  C:\Windows\System\slLrURo.exe
  2⤵
  PID:5600
- C:\Windows\System\hjXJUok.exe
  C:\Windows\System\hjXJUok.exe
  2⤵
  PID:5624
- C:\Windows\System\TlMRYvp.exe
  C:\Windows\System\TlMRYvp.exe
  2⤵
  PID:5652
- C:\Windows\System\jiOqEzo.exe
  C:\Windows\System\jiOqEzo.exe
  2⤵
  PID:5680
- C:\Windows\System\DYJDjWM.exe
  C:\Windows\System\DYJDjWM.exe
  2⤵
  PID:5708
- C:\Windows\System\wQfWOcS.exe
  C:\Windows\System\wQfWOcS.exe
  2⤵
  PID:5744
- C:\Windows\System\VIPZKpJ.exe
  C:\Windows\System\VIPZKpJ.exe
  2⤵
  PID:5772
- C:\Windows\System\HnlaKcv.exe
  C:\Windows\System\HnlaKcv.exe
  2⤵
  PID:5796
- C:\Windows\System\hqKeRCx.exe
  C:\Windows\System\hqKeRCx.exe
  2⤵
  PID:5820
- C:\Windows\System\TDFkIxj.exe
  C:\Windows\System\TDFkIxj.exe
  2⤵
  PID:5856
- C:\Windows\System\bMjwXKr.exe
  C:\Windows\System\bMjwXKr.exe
  2⤵
  PID:5880
- C:\Windows\System\qsdWGTS.exe
  C:\Windows\System\qsdWGTS.exe
  2⤵
  PID:5908
- C:\Windows\System\kPRCtTi.exe
  C:\Windows\System\kPRCtTi.exe
  2⤵
  PID:5928
- C:\Windows\System\ghGHaKB.exe
  C:\Windows\System\ghGHaKB.exe
  2⤵
  PID:5956
- C:\Windows\System\qIaEQAP.exe
  C:\Windows\System\qIaEQAP.exe
  2⤵
  PID:5976
- C:\Windows\System\tVqwGLX.exe
  C:\Windows\System\tVqwGLX.exe
  2⤵
  PID:6004
- C:\Windows\System\jcLRlhN.exe
  C:\Windows\System\jcLRlhN.exe
  2⤵
  PID:6032
- C:\Windows\System\nSFNPtX.exe
  C:\Windows\System\nSFNPtX.exe
  2⤵
  PID:6056
- C:\Windows\System\FnrWBpA.exe
  C:\Windows\System\FnrWBpA.exe
  2⤵
  PID:6084
- C:\Windows\System\ZMOyDwU.exe
  C:\Windows\System\ZMOyDwU.exe
  2⤵
  PID:6116
- C:\Windows\System\BBOSlvk.exe
  C:\Windows\System\BBOSlvk.exe
  2⤵
  PID:6140
- C:\Windows\System\YtqifVK.exe
  C:\Windows\System\YtqifVK.exe
  2⤵
  PID:5136
- C:\Windows\System\CimBzzf.exe
  C:\Windows\System\CimBzzf.exe
  2⤵
  PID:5212
- C:\Windows\System\CvsKwac.exe
  C:\Windows\System\CvsKwac.exe
  2⤵
  PID:5168
- C:\Windows\System\jbAVzVR.exe
  C:\Windows\System\jbAVzVR.exe
  2⤵
  PID:5284
- C:\Windows\System\EcIcmza.exe
  C:\Windows\System\EcIcmza.exe
  2⤵
  PID:5416
- C:\Windows\System\xjebAhr.exe
  C:\Windows\System\xjebAhr.exe
  2⤵
  PID:5540
- C:\Windows\System\hzOCush.exe
  C:\Windows\System\hzOCush.exe
  2⤵
  PID:3956
- C:\Windows\System\SRAbpCQ.exe
  C:\Windows\System\SRAbpCQ.exe
  2⤵
  PID:5636
- C:\Windows\System\IAaLMKu.exe
  C:\Windows\System\IAaLMKu.exe
  2⤵
  PID:5692
- C:\Windows\System\oYgvaGC.exe
  C:\Windows\System\oYgvaGC.exe
  2⤵
  PID:5704
- C:\Windows\System\JZsAJgE.exe
  C:\Windows\System\JZsAJgE.exe
  2⤵
  PID:5780
- C:\Windows\System\JfZHIsg.exe
  C:\Windows\System\JfZHIsg.exe
  2⤵
  PID:5876
- C:\Windows\System\dHSbHoU.exe
  C:\Windows\System\dHSbHoU.exe
  2⤵
  PID:5984
- C:\Windows\System\RFrlCsZ.exe
  C:\Windows\System\RFrlCsZ.exe
  2⤵
  PID:5948
- C:\Windows\System\kwRteIO.exe
  C:\Windows\System\kwRteIO.exe
  2⤵
  PID:6076
- C:\Windows\System\zWFTRNo.exe
  C:\Windows\System\zWFTRNo.exe
  2⤵
  PID:6132
- C:\Windows\System\sMxfQLE.exe
  C:\Windows\System\sMxfQLE.exe
  2⤵
  PID:5192
- C:\Windows\System\txpQLZN.exe
  C:\Windows\System\txpQLZN.exe
  2⤵
  PID:5480
- C:\Windows\System\MnGeGPN.exe
  C:\Windows\System\MnGeGPN.exe
  2⤵
  PID:5556
- C:\Windows\System\QyGEGCp.exe
  C:\Windows\System\QyGEGCp.exe
  2⤵
  PID:5696
- C:\Windows\System\UfiQpHA.exe
  C:\Windows\System\UfiQpHA.exe
  2⤵
  PID:5892
- C:\Windows\System\YxuRGTT.exe
  C:\Windows\System\YxuRGTT.exe
  2⤵
  PID:5964
- C:\Windows\System\hjEQvDy.exe
  C:\Windows\System\hjEQvDy.exe
  2⤵
  PID:5244
- C:\Windows\System\JftzLNK.exe
  C:\Windows\System\JftzLNK.exe
  2⤵
  PID:5472
- C:\Windows\System\JiVIXfe.exe
  C:\Windows\System\JiVIXfe.exe
  2⤵
  PID:5756
- C:\Windows\System\iBblPrL.exe
  C:\Windows\System\iBblPrL.exe
  2⤵
  PID:5336
- C:\Windows\System\tqEmZIp.exe
  C:\Windows\System\tqEmZIp.exe
  2⤵
  PID:5760
- C:\Windows\System\YyvGNLi.exe
  C:\Windows\System\YyvGNLi.exe
  2⤵
  PID:6172
- C:\Windows\System\ZzsWJGC.exe
  C:\Windows\System\ZzsWJGC.exe
  2⤵
  PID:6200
- C:\Windows\System\YQXzFXd.exe
  C:\Windows\System\YQXzFXd.exe
  2⤵
  PID:6228
- C:\Windows\System\sIBhTcZ.exe
  C:\Windows\System\sIBhTcZ.exe
  2⤵
  PID:6252
- C:\Windows\System\JQOOBrw.exe
  C:\Windows\System\JQOOBrw.exe
  2⤵
  PID:6280
- C:\Windows\System\etbrwFN.exe
  C:\Windows\System\etbrwFN.exe
  2⤵
  PID:6312
- C:\Windows\System\FhmboJo.exe
  C:\Windows\System\FhmboJo.exe
  2⤵
  PID:6336
- C:\Windows\System\EybVwxH.exe
  C:\Windows\System\EybVwxH.exe
  2⤵
  PID:6360
- C:\Windows\System\wLRMgAZ.exe
  C:\Windows\System\wLRMgAZ.exe
  2⤵
  PID:6380
- C:\Windows\System\lJgzUuY.exe
  C:\Windows\System\lJgzUuY.exe
  2⤵
  PID:6404
- C:\Windows\System\sEvgCDx.exe
  C:\Windows\System\sEvgCDx.exe
  2⤵
  PID:6432
- C:\Windows\System\qbiHWyx.exe
  C:\Windows\System\qbiHWyx.exe
  2⤵
  PID:6460
- C:\Windows\System\tVHqSri.exe
  C:\Windows\System\tVHqSri.exe
  2⤵
  PID:6484
- C:\Windows\System\PLreEJk.exe
  C:\Windows\System\PLreEJk.exe
  2⤵
  PID:6512
- C:\Windows\System\XcKNVVX.exe
  C:\Windows\System\XcKNVVX.exe
  2⤵
  PID:6536
- C:\Windows\System\tCCStxq.exe
  C:\Windows\System\tCCStxq.exe
  2⤵
  PID:6560
- C:\Windows\System\XBFmLww.exe
  C:\Windows\System\XBFmLww.exe
  2⤵
  PID:6584
- C:\Windows\System\wIwtvha.exe
  C:\Windows\System\wIwtvha.exe
  2⤵
  PID:6612
- C:\Windows\System\kivJbPy.exe
  C:\Windows\System\kivJbPy.exe
  2⤵
  PID:6648
- C:\Windows\System\iUcGqUf.exe
  C:\Windows\System\iUcGqUf.exe
  2⤵
  PID:6672
- C:\Windows\System\GDgkkMu.exe
  C:\Windows\System\GDgkkMu.exe
  2⤵
  PID:6700
- C:\Windows\System\MUoPMCI.exe
  C:\Windows\System\MUoPMCI.exe
  2⤵
  PID:6724
- C:\Windows\System\BFNuQlV.exe
  C:\Windows\System\BFNuQlV.exe
  2⤵
  PID:6752
- C:\Windows\System\oPfyCTu.exe
  C:\Windows\System\oPfyCTu.exe
  2⤵
  PID:6780
- C:\Windows\System\tjdNVSS.exe
  C:\Windows\System\tjdNVSS.exe
  2⤵
  PID:6804
- C:\Windows\System\rzbDGBW.exe
  C:\Windows\System\rzbDGBW.exe
  2⤵
  PID:6828
- C:\Windows\System\dRFRgVx.exe
  C:\Windows\System\dRFRgVx.exe
  2⤵
  PID:6864
- C:\Windows\System\GqRdznq.exe
  C:\Windows\System\GqRdznq.exe
  2⤵
  PID:6888
- C:\Windows\System\fXyignq.exe
  C:\Windows\System\fXyignq.exe
  2⤵
  PID:6932
- C:\Windows\System\oGvHqDh.exe
  C:\Windows\System\oGvHqDh.exe
  2⤵
  PID:6956
- C:\Windows\System\IopglIb.exe
  C:\Windows\System\IopglIb.exe
  2⤵
  PID:6980
- C:\Windows\System\CPnFvio.exe
  C:\Windows\System\CPnFvio.exe
  2⤵
  PID:7032
- C:\Windows\System\oFcwUQq.exe
  C:\Windows\System\oFcwUQq.exe
  2⤵
  PID:7056
- C:\Windows\System\JQhZHnK.exe
  C:\Windows\System\JQhZHnK.exe
  2⤵
  PID:7080
- C:\Windows\System\KhipXpX.exe
  C:\Windows\System\KhipXpX.exe
  2⤵
  PID:7112
- C:\Windows\System\lpqsBsz.exe
  C:\Windows\System\lpqsBsz.exe
  2⤵
  PID:7140
- C:\Windows\System\TIJyllE.exe
  C:\Windows\System\TIJyllE.exe
  2⤵
  PID:5612
- C:\Windows\System\unzVyfB.exe
  C:\Windows\System\unzVyfB.exe
  2⤵
  PID:6168
- C:\Windows\System\nZdLgaa.exe
  C:\Windows\System\nZdLgaa.exe
  2⤵
  PID:6272
- C:\Windows\System\sDzSMaX.exe
  C:\Windows\System\sDzSMaX.exe
  2⤵
  PID:6268
- C:\Windows\System\GxbxhSQ.exe
  C:\Windows\System\GxbxhSQ.exe
  2⤵
  PID:6348
- C:\Windows\System\GQcHInp.exe
  C:\Windows\System\GQcHInp.exe
  2⤵
  PID:6500
- C:\Windows\System\GOvaSon.exe
  C:\Windows\System\GOvaSon.exe
  2⤵
  PID:6472
- C:\Windows\System\vpxdUFL.exe
  C:\Windows\System\vpxdUFL.exe
  2⤵
  PID:6568
- C:\Windows\System\ujbbPTg.exe
  C:\Windows\System\ujbbPTg.exe
  2⤵
  PID:6580
- C:\Windows\System\DTlVgRu.exe
  C:\Windows\System\DTlVgRu.exe
  2⤵
  PID:6668
- C:\Windows\System\BFvrpwB.exe
  C:\Windows\System\BFvrpwB.exe
  2⤵
  PID:6812
- C:\Windows\System\gZbWbdW.exe
  C:\Windows\System\gZbWbdW.exe
  2⤵
  PID:6736
- C:\Windows\System\jPbrGTl.exe
  C:\Windows\System\jPbrGTl.exe
  2⤵
  PID:6788
- C:\Windows\System\XTCAWku.exe
  C:\Windows\System\XTCAWku.exe
  2⤵
  PID:6876
- C:\Windows\System\AcQVUfB.exe
  C:\Windows\System\AcQVUfB.exe
  2⤵
  PID:7004
- C:\Windows\System\YvJsqiM.exe
  C:\Windows\System\YvJsqiM.exe
  2⤵
  PID:6920
- C:\Windows\System\zXXUtaO.exe
  C:\Windows\System\zXXUtaO.exe
  2⤵
  PID:7100
- C:\Windows\System\LPszeqb.exe
  C:\Windows\System\LPszeqb.exe
  2⤵
  PID:7148
- C:\Windows\System\EYayNtN.exe
  C:\Windows\System\EYayNtN.exe
  2⤵
  PID:6448
- C:\Windows\System\JCtVnLu.exe
  C:\Windows\System\JCtVnLu.exe
  2⤵
  PID:6192
- C:\Windows\System\VgbCNHA.exe
  C:\Windows\System\VgbCNHA.exe
  2⤵
  PID:6664
- C:\Windows\System\xUeWhRl.exe
  C:\Windows\System\xUeWhRl.exe
  2⤵
  PID:6608
- C:\Windows\System\KlQsQjO.exe
  C:\Windows\System\KlQsQjO.exe
  2⤵
  PID:7000
- C:\Windows\System\tUYsATO.exe
  C:\Windows\System\tUYsATO.exe
  2⤵
  PID:6744
- C:\Windows\System\occxvKc.exe
  C:\Windows\System\occxvKc.exe
  2⤵
  PID:6976
- C:\Windows\System\TBUlSeJ.exe
  C:\Windows\System\TBUlSeJ.exe
  2⤵
  PID:6480
- C:\Windows\System\JyUoCsO.exe
  C:\Windows\System\JyUoCsO.exe
  2⤵
  PID:6764
- C:\Windows\System\cijLhhe.exe
  C:\Windows\System\cijLhhe.exe
  2⤵
  PID:6740
- C:\Windows\System\AJQmxeN.exe
  C:\Windows\System\AJQmxeN.exe
  2⤵
  PID:7184
- C:\Windows\System\mMPvJHe.exe
  C:\Windows\System\mMPvJHe.exe
  2⤵
  PID:7208
- C:\Windows\System\jgRmCaw.exe
  C:\Windows\System\jgRmCaw.exe
  2⤵
  PID:7244
- C:\Windows\System\ljyajSj.exe
  C:\Windows\System\ljyajSj.exe
  2⤵
  PID:7276
- C:\Windows\System\WZIWUUA.exe
  C:\Windows\System\WZIWUUA.exe
  2⤵
  PID:7300
- C:\Windows\System\RbRUwXi.exe
  C:\Windows\System\RbRUwXi.exe
  2⤵
  PID:7324
- C:\Windows\System\ZfonBAH.exe
  C:\Windows\System\ZfonBAH.exe
  2⤵
  PID:7352
- C:\Windows\System\SejMwiI.exe
  C:\Windows\System\SejMwiI.exe
  2⤵
  PID:7388
- C:\Windows\System\BOSwhTT.exe
  C:\Windows\System\BOSwhTT.exe
  2⤵
  PID:7412
- C:\Windows\System\sKBYAEq.exe
  C:\Windows\System\sKBYAEq.exe
  2⤵
  PID:7436
- C:\Windows\System\BzcmebW.exe
  C:\Windows\System\BzcmebW.exe
  2⤵
  PID:7468
- C:\Windows\System\ccYnArn.exe
  C:\Windows\System\ccYnArn.exe
  2⤵
  PID:7492
- C:\Windows\System\dOOlqVX.exe
  C:\Windows\System\dOOlqVX.exe
  2⤵
  PID:7524
- C:\Windows\System\zYZELeQ.exe
  C:\Windows\System\zYZELeQ.exe
  2⤵
  PID:7556
- C:\Windows\System\uXrduMc.exe
  C:\Windows\System\uXrduMc.exe
  2⤵
  PID:7580
- C:\Windows\System\TADouZs.exe
  C:\Windows\System\TADouZs.exe
  2⤵
  PID:7608
- C:\Windows\System\dvqTFmS.exe
  C:\Windows\System\dvqTFmS.exe
  2⤵
  PID:7632
- C:\Windows\System\NnQsPqJ.exe
  C:\Windows\System\NnQsPqJ.exe
  2⤵
  PID:7652
- C:\Windows\System\WXPatgR.exe
  C:\Windows\System\WXPatgR.exe
  2⤵
  PID:7680
- C:\Windows\System\HUukYEI.exe
  C:\Windows\System\HUukYEI.exe
  2⤵
  PID:7724
- C:\Windows\System\QqEyrLr.exe
  C:\Windows\System\QqEyrLr.exe
  2⤵
  PID:7756
- C:\Windows\System\rnvRrul.exe
  C:\Windows\System\rnvRrul.exe
  2⤵
  PID:7776
- C:\Windows\System\MrKdela.exe
  C:\Windows\System\MrKdela.exe
  2⤵
  PID:7804
- C:\Windows\System\xqKrvfh.exe
  C:\Windows\System\xqKrvfh.exe
  2⤵
  PID:7828
- C:\Windows\System\LuUvaRg.exe
  C:\Windows\System\LuUvaRg.exe
  2⤵
  PID:7848
- C:\Windows\System\yeIlICW.exe
  C:\Windows\System\yeIlICW.exe
  2⤵
  PID:7880
- C:\Windows\System\jlEPbRa.exe
  C:\Windows\System\jlEPbRa.exe
  2⤵
  PID:7912
- C:\Windows\System\FpsSIDX.exe
  C:\Windows\System\FpsSIDX.exe
  2⤵
  PID:7940
- C:\Windows\System\OENjdlp.exe
  C:\Windows\System\OENjdlp.exe
  2⤵
  PID:7968
- C:\Windows\System\lbFkvVY.exe
  C:\Windows\System\lbFkvVY.exe
  2⤵
  PID:7992
- C:\Windows\System\TSEyyHZ.exe
  C:\Windows\System\TSEyyHZ.exe
  2⤵
  PID:8016
- C:\Windows\System\UmMuTaw.exe
  C:\Windows\System\UmMuTaw.exe
  2⤵
  PID:8040
- C:\Windows\System\ArUVMLV.exe
  C:\Windows\System\ArUVMLV.exe
  2⤵
  PID:8080
- C:\Windows\System\RfIQrUW.exe
  C:\Windows\System\RfIQrUW.exe
  2⤵
  PID:8100
- C:\Windows\System\ABvJjfa.exe
  C:\Windows\System\ABvJjfa.exe
  2⤵
  PID:8128
- C:\Windows\System\Mwttvco.exe
  C:\Windows\System\Mwttvco.exe
  2⤵
  PID:8156
- C:\Windows\System\dnVDrxo.exe
  C:\Windows\System\dnVDrxo.exe
  2⤵
  PID:8180
- C:\Windows\System\ppRBjac.exe
  C:\Windows\System\ppRBjac.exe
  2⤵
  PID:6224
- C:\Windows\System\eWCUVsm.exe
  C:\Windows\System\eWCUVsm.exe
  2⤵
  PID:6600
- C:\Windows\System\yPcfdIF.exe
  C:\Windows\System\yPcfdIF.exe
  2⤵
  PID:6820
- C:\Windows\System\QaVskXN.exe
  C:\Windows\System\QaVskXN.exe
  2⤵
  PID:7288
- C:\Windows\System\SuPjigS.exe
  C:\Windows\System\SuPjigS.exe
  2⤵
  PID:7344
- C:\Windows\System\SOReecq.exe
  C:\Windows\System\SOReecq.exe
  2⤵
  PID:7380
- C:\Windows\System\kQTFCel.exe
  C:\Windows\System\kQTFCel.exe
  2⤵
  PID:7488
- C:\Windows\System\aQrUICP.exe
  C:\Windows\System\aQrUICP.exe
  2⤵
  PID:7596
- C:\Windows\System\NulvKdG.exe
  C:\Windows\System\NulvKdG.exe
  2⤵
  PID:7700
- C:\Windows\System\JotifNx.exe
  C:\Windows\System\JotifNx.exe
  2⤵
  PID:7768
- C:\Windows\System\sOPBHzP.exe
  C:\Windows\System\sOPBHzP.exe
  2⤵
  PID:7720
- C:\Windows\System\LzwOFMr.exe
  C:\Windows\System\LzwOFMr.exe
  2⤵
  PID:7820
- C:\Windows\System\XFOpGlu.exe
  C:\Windows\System\XFOpGlu.exe
  2⤵
  PID:7924
- C:\Windows\System\MDjCFHB.exe
  C:\Windows\System\MDjCFHB.exe
  2⤵
  PID:7988
- C:\Windows\System\KkUxKIb.exe
  C:\Windows\System\KkUxKIb.exe
  2⤵
  PID:8048
- C:\Windows\System\wjpqrwy.exe
  C:\Windows\System\wjpqrwy.exe
  2⤵
  PID:8148
- C:\Windows\System\jOfjHrZ.exe
  C:\Windows\System\jOfjHrZ.exe
  2⤵
  PID:8064
- C:\Windows\System\xhfTPpj.exe
  C:\Windows\System\xhfTPpj.exe
  2⤵
  PID:8176
- C:\Windows\System\elAIeIy.exe
  C:\Windows\System\elAIeIy.exe
  2⤵
  PID:7504
- C:\Windows\System\gojoAgh.exe
  C:\Windows\System\gojoAgh.exe
  2⤵
  PID:7568
- C:\Windows\System\VAhQlno.exe
  C:\Windows\System\VAhQlno.exe
  2⤵
  PID:7516
- C:\Windows\System\spHYcQB.exe
  C:\Windows\System\spHYcQB.exe
  2⤵
  PID:7764
- C:\Windows\System\yWmeBrI.exe
  C:\Windows\System\yWmeBrI.exe
  2⤵
  PID:7980
- C:\Windows\System\vszoyss.exe
  C:\Windows\System\vszoyss.exe
  2⤵
  PID:8120
- C:\Windows\System\iYkWSro.exe
  C:\Windows\System\iYkWSro.exe
  2⤵
  PID:8060
- C:\Windows\System\SNYWBhj.exe
  C:\Windows\System\SNYWBhj.exe
  2⤵
  PID:8088
- C:\Windows\System\keDREQW.exe
  C:\Windows\System\keDREQW.exe
  2⤵
  PID:8216
- C:\Windows\System\HiXxpBQ.exe
  C:\Windows\System\HiXxpBQ.exe
  2⤵
  PID:8236
- C:\Windows\System\pCifVZT.exe
  C:\Windows\System\pCifVZT.exe
  2⤵
  PID:8272
- C:\Windows\System\nScSpXq.exe
  C:\Windows\System\nScSpXq.exe
  2⤵
  PID:8296
- C:\Windows\System\JqHbIsq.exe
  C:\Windows\System\JqHbIsq.exe
  2⤵
  PID:8320
- C:\Windows\System\GxfvlvU.exe
  C:\Windows\System\GxfvlvU.exe
  2⤵
  PID:8340
- C:\Windows\System\kpkSOni.exe
  C:\Windows\System\kpkSOni.exe
  2⤵
  PID:8368
- C:\Windows\System\XWlRfmA.exe
  C:\Windows\System\XWlRfmA.exe
  2⤵
  PID:8400
- C:\Windows\System\AWkbnhY.exe
  C:\Windows\System\AWkbnhY.exe
  2⤵
  PID:8424
- C:\Windows\System\gsSmaqu.exe
  C:\Windows\System\gsSmaqu.exe
  2⤵
  PID:8452
- C:\Windows\System\JsGkYOl.exe
  C:\Windows\System\JsGkYOl.exe
  2⤵
  PID:8476
- C:\Windows\System\SyfrHgT.exe
  C:\Windows\System\SyfrHgT.exe
  2⤵
  PID:8504
- C:\Windows\System\gyBZWTi.exe
  C:\Windows\System\gyBZWTi.exe
  2⤵
  PID:8528
- C:\Windows\System\lPrskRg.exe
  C:\Windows\System\lPrskRg.exe
  2⤵
  PID:8560
- C:\Windows\System\YVDSdJf.exe
  C:\Windows\System\YVDSdJf.exe
  2⤵
  PID:8584
- C:\Windows\System\maOnGPD.exe
  C:\Windows\System\maOnGPD.exe
  2⤵
  PID:8612
- C:\Windows\System\smiDJyw.exe
  C:\Windows\System\smiDJyw.exe
  2⤵
  PID:8648
- C:\Windows\System\AfzwEfp.exe
  C:\Windows\System\AfzwEfp.exe
  2⤵
  PID:8676
- C:\Windows\System\ZgzuaOF.exe
  C:\Windows\System\ZgzuaOF.exe
  2⤵
  PID:8700
- C:\Windows\System\HMRHwHM.exe
  C:\Windows\System\HMRHwHM.exe
  2⤵
  PID:8716
- C:\Windows\System\aRKhaXR.exe
  C:\Windows\System\aRKhaXR.exe
  2⤵
  PID:8736
- C:\Windows\System\mItAxNT.exe
  C:\Windows\System\mItAxNT.exe
  2⤵
  PID:8752
- C:\Windows\System\fuvXRUt.exe
  C:\Windows\System\fuvXRUt.exe
  2⤵
  PID:8776
- C:\Windows\System\ATmbwMo.exe
  C:\Windows\System\ATmbwMo.exe
  2⤵
  PID:8808
- C:\Windows\System\CsrUgJG.exe
  C:\Windows\System\CsrUgJG.exe
  2⤵
  PID:8832
- C:\Windows\System\DjxsXEv.exe
  C:\Windows\System\DjxsXEv.exe
  2⤵
  PID:8860
- C:\Windows\System\HmluDRT.exe
  C:\Windows\System\HmluDRT.exe
  2⤵
  PID:8884
- C:\Windows\System\xdDpUwf.exe
  C:\Windows\System\xdDpUwf.exe
  2⤵
  PID:8912
- C:\Windows\System\ZWiidPN.exe
  C:\Windows\System\ZWiidPN.exe
  2⤵
  PID:8940
- C:\Windows\System\lvVYBAj.exe
  C:\Windows\System\lvVYBAj.exe
  2⤵
  PID:8968
- C:\Windows\System\WgAijga.exe
  C:\Windows\System\WgAijga.exe
  2⤵
  PID:8988
- C:\Windows\System\RxVnHic.exe
  C:\Windows\System\RxVnHic.exe
  2⤵
  PID:9016
- C:\Windows\System\VEDFIUb.exe
  C:\Windows\System\VEDFIUb.exe
  2⤵
  PID:9044
- C:\Windows\System\qfLVrhh.exe
  C:\Windows\System\qfLVrhh.exe
  2⤵
  PID:7640
- C:\Windows\System\PINpsVn.exe
  C:\Windows\System\PINpsVn.exe
  2⤵
  PID:8260
- C:\Windows\System\RGEixGL.exe
  C:\Windows\System\RGEixGL.exe
  2⤵
  PID:7748
- C:\Windows\System\shMQFoW.exe
  C:\Windows\System\shMQFoW.exe
  2⤵
  PID:8280
- C:\Windows\System\AJyULer.exe
  C:\Windows\System\AJyULer.exe
  2⤵
  PID:8392
- C:\Windows\System\InENaHe.exe
  C:\Windows\System\InENaHe.exe
  2⤵
  PID:8460
- C:\Windows\System\jwHfOaQ.exe
  C:\Windows\System\jwHfOaQ.exe
  2⤵
  PID:8524
- C:\Windows\System\VHeBRgr.exe
  C:\Windows\System\VHeBRgr.exe
  2⤵
  PID:8544
- C:\Windows\System\gozafEq.exe
  C:\Windows\System\gozafEq.exe
  2⤵
  PID:8608
- C:\Windows\System\pRiHZnv.exe
  C:\Windows\System\pRiHZnv.exe
  2⤵
  PID:8760
- C:\Windows\System\PUIOdKA.exe
  C:\Windows\System\PUIOdKA.exe
  2⤵
  PID:8804
- C:\Windows\System\QBQlUSZ.exe
  C:\Windows\System\QBQlUSZ.exe
  2⤵
  PID:8620
- C:\Windows\System\SVRlPmJ.exe
  C:\Windows\System\SVRlPmJ.exe
  2⤵
  PID:8892
- C:\Windows\System\osbmWrt.exe
  C:\Windows\System\osbmWrt.exe
  2⤵
  PID:8748
- C:\Windows\System\qRSkSGi.exe
  C:\Windows\System\qRSkSGi.exe
  2⤵
  PID:8932
- C:\Windows\System\rBQkdYz.exe
  C:\Windows\System\rBQkdYz.exe
  2⤵
  PID:7024
- C:\Windows\System\mOEgTWu.exe
  C:\Windows\System\mOEgTWu.exe
  2⤵
  PID:9032
- C:\Windows\System\iEkgJRm.exe
  C:\Windows\System\iEkgJRm.exe
  2⤵
  PID:8984
- C:\Windows\System\sufAvZn.exe
  C:\Windows\System\sufAvZn.exe
  2⤵
  PID:9056
- C:\Windows\System\KCaRKCz.exe
  C:\Windows\System\KCaRKCz.exe
  2⤵
  PID:9176
- C:\Windows\System\UTtMsMi.exe
  C:\Windows\System\UTtMsMi.exe
  2⤵
  PID:7936
- C:\Windows\System\zhgrCBf.exe
  C:\Windows\System\zhgrCBf.exe
  2⤵
  PID:8724
- C:\Windows\System\ZgKSlwN.exe
  C:\Windows\System\ZgKSlwN.exe
  2⤵
  PID:8924
- C:\Windows\System\fkBQDXd.exe
  C:\Windows\System\fkBQDXd.exe
  2⤵
  PID:8960
- C:\Windows\System\pSGYXNH.exe
  C:\Windows\System\pSGYXNH.exe
  2⤵
  PID:8956
- C:\Windows\System\rUDoBdf.exe
  C:\Windows\System\rUDoBdf.exe
  2⤵
  PID:9236
- C:\Windows\System\qZsZGgX.exe
  C:\Windows\System\qZsZGgX.exe
  2⤵
  PID:9256
- C:\Windows\System\KtUviqn.exe
  C:\Windows\System\KtUviqn.exe
  2⤵
  PID:9272
- C:\Windows\System\LPwEaUQ.exe
  C:\Windows\System\LPwEaUQ.exe
  2⤵
  PID:9288
- C:\Windows\System\kSeMpVF.exe
  C:\Windows\System\kSeMpVF.exe
  2⤵
  PID:9304
- C:\Windows\System\htfeIWo.exe
  C:\Windows\System\htfeIWo.exe
  2⤵
  PID:9320
- C:\Windows\System\TeYMExF.exe
  C:\Windows\System\TeYMExF.exe
  2⤵
  PID:9336
- C:\Windows\System\cBWSMvl.exe
  C:\Windows\System\cBWSMvl.exe
  2⤵
  PID:9352
- C:\Windows\System\GxHeSqJ.exe
  C:\Windows\System\GxHeSqJ.exe
  2⤵
  PID:9368
- C:\Windows\System\uFAruNH.exe
  C:\Windows\System\uFAruNH.exe
  2⤵
  PID:9384
- C:\Windows\System\acfVYxi.exe
  C:\Windows\System\acfVYxi.exe
  2⤵
  PID:9400
- C:\Windows\System\DRThgjG.exe
  C:\Windows\System\DRThgjG.exe
  2⤵
  PID:9416
- C:\Windows\System\PXfRGFa.exe
  C:\Windows\System\PXfRGFa.exe
  2⤵
  PID:9436
- C:\Windows\System\nXdaswa.exe
  C:\Windows\System\nXdaswa.exe
  2⤵
  PID:9456
- C:\Windows\System\TxqbIVr.exe
  C:\Windows\System\TxqbIVr.exe
  2⤵
  PID:9496
- C:\Windows\System\guYzLQa.exe
  C:\Windows\System\guYzLQa.exe
  2⤵
  PID:9520
- C:\Windows\System\VJaTwrw.exe
  C:\Windows\System\VJaTwrw.exe
  2⤵
  PID:9544
- C:\Windows\System\vVnqPej.exe
  C:\Windows\System\vVnqPej.exe
  2⤵
  PID:9576
- C:\Windows\System\KeaKAfW.exe
  C:\Windows\System\KeaKAfW.exe
  2⤵
  PID:9596
- C:\Windows\System\lEJUQij.exe
  C:\Windows\System\lEJUQij.exe
  2⤵
  PID:9616
- C:\Windows\System\VVrlQWC.exe
  C:\Windows\System\VVrlQWC.exe
  2⤵
  PID:9632
- C:\Windows\System\VsJoLeT.exe
  C:\Windows\System\VsJoLeT.exe
  2⤵
  PID:9652
- C:\Windows\System\GQBLDlU.exe
  C:\Windows\System\GQBLDlU.exe
  2⤵
  PID:9668
- C:\Windows\System\hwmKfsc.exe
  C:\Windows\System\hwmKfsc.exe
  2⤵
  PID:9684
- C:\Windows\System\uyNemNK.exe
  C:\Windows\System\uyNemNK.exe
  2⤵
  PID:9704
- C:\Windows\System\loPViYG.exe
  C:\Windows\System\loPViYG.exe
  2⤵
  PID:9732
- C:\Windows\System\HUKsxDL.exe
  C:\Windows\System\HUKsxDL.exe
  2⤵
  PID:9756
- C:\Windows\System\JOUWlzy.exe
  C:\Windows\System\JOUWlzy.exe
  2⤵
  PID:9784
- C:\Windows\System\voZKRbg.exe
  C:\Windows\System\voZKRbg.exe
  2⤵
  PID:9816
- C:\Windows\System\TkdrbLX.exe
  C:\Windows\System\TkdrbLX.exe
  2⤵
  PID:9840
- C:\Windows\System\UjEGWpL.exe
  C:\Windows\System\UjEGWpL.exe
  2⤵
  PID:9860
- C:\Windows\System\WJSwUyX.exe
  C:\Windows\System\WJSwUyX.exe
  2⤵
  PID:9884
- C:\Windows\System\eHFZJNJ.exe
  C:\Windows\System\eHFZJNJ.exe
  2⤵
  PID:9908
- C:\Windows\System\vxkovYG.exe
  C:\Windows\System\vxkovYG.exe
  2⤵
  PID:9940
- C:\Windows\System\cMwciuk.exe
  C:\Windows\System\cMwciuk.exe
  2⤵
  PID:9968
- C:\Windows\System\AvnSqts.exe
  C:\Windows\System\AvnSqts.exe
  2⤵
  PID:9992
- C:\Windows\System\CkoMthb.exe
  C:\Windows\System\CkoMthb.exe
  2⤵
  PID:10020
- C:\Windows\System\WqiikNQ.exe
  C:\Windows\System\WqiikNQ.exe
  2⤵
  PID:10060
- C:\Windows\System\PBDwwrK.exe
  C:\Windows\System\PBDwwrK.exe
  2⤵
  PID:10084
- C:\Windows\System\OBJEPLm.exe
  C:\Windows\System\OBJEPLm.exe
  2⤵
  PID:10108
- C:\Windows\System\PqeJMCa.exe
  C:\Windows\System\PqeJMCa.exe
  2⤵
  PID:10124
- C:\Windows\System\HWDfFbM.exe
  C:\Windows\System\HWDfFbM.exe
  2⤵
  PID:10144
- C:\Windows\System\jnNOgns.exe
  C:\Windows\System\jnNOgns.exe
  2⤵
  PID:10168
- C:\Windows\System\uqlSxNR.exe
  C:\Windows\System\uqlSxNR.exe
  2⤵
  PID:10192
- C:\Windows\System\nUVWHiP.exe
  C:\Windows\System\nUVWHiP.exe
  2⤵
  PID:10224
- C:\Windows\System\qgTRDcW.exe
  C:\Windows\System\qgTRDcW.exe
  2⤵
  PID:9036
- C:\Windows\System\TqIbbxP.exe
  C:\Windows\System\TqIbbxP.exe
  2⤵
  PID:9228
- C:\Windows\System\WPnaucN.exe
  C:\Windows\System\WPnaucN.exe
  2⤵
  PID:8364
- C:\Windows\System\FSnVjvB.exe
  C:\Windows\System\FSnVjvB.exe
  2⤵
  PID:9296
- C:\Windows\System\AjwLqRa.exe
  C:\Windows\System\AjwLqRa.exe
  2⤵
  PID:8500
- C:\Windows\System\RsQvOyt.exe
  C:\Windows\System\RsQvOyt.exe
  2⤵
  PID:9344
- C:\Windows\System\nxLokgC.exe
  C:\Windows\System\nxLokgC.exe
  2⤵
  PID:8660
- C:\Windows\System\bCdpJeP.exe
  C:\Windows\System\bCdpJeP.exe
  2⤵
  PID:9452
- C:\Windows\System\ODHYxOw.exe
  C:\Windows\System\ODHYxOw.exe
  2⤵
  PID:9556
- C:\Windows\System\nNCkNVT.exe
  C:\Windows\System\nNCkNVT.exe
  2⤵
  PID:9280
- C:\Windows\System\OmnUmDf.exe
  C:\Windows\System\OmnUmDf.exe
  2⤵
  PID:9364
- C:\Windows\System\eBehNAo.exe
  C:\Windows\System\eBehNAo.exe
  2⤵
  PID:9392
- C:\Windows\System\LwYiUsc.exe
  C:\Windows\System\LwYiUsc.exe
  2⤵
  PID:9676
- C:\Windows\System\wZbEbzc.exe
  C:\Windows\System\wZbEbzc.exe
  2⤵
  PID:9700
- C:\Windows\System\tvqDLOp.exe
  C:\Windows\System\tvqDLOp.exe
  2⤵
  PID:9528
- C:\Windows\System\rTOkWhT.exe
  C:\Windows\System\rTOkWhT.exe
  2⤵
  PID:9812
- C:\Windows\System\bkdbwet.exe
  C:\Windows\System\bkdbwet.exe
  2⤵
  PID:9900
- C:\Windows\System\laLofoY.exe
  C:\Windows\System\laLofoY.exe
  2⤵
  PID:10028
- C:\Windows\System\FtwDqJh.exe
  C:\Windows\System\FtwDqJh.exe
  2⤵
  PID:10120
- C:\Windows\System\DzhrKaw.exe
  C:\Windows\System\DzhrKaw.exe
  2⤵
  PID:9880
- C:\Windows\System\EolqeAc.exe
  C:\Windows\System\EolqeAc.exe
  2⤵
  PID:9956
- C:\Windows\System\QGNnPlz.exe
  C:\Windows\System\QGNnPlz.exe
  2⤵
  PID:10008
- C:\Windows\System\SaaMxSj.exe
  C:\Windows\System\SaaMxSj.exe
  2⤵
  PID:9264
- C:\Windows\System\TcNTSNG.exe
  C:\Windows\System\TcNTSNG.exe
  2⤵
  PID:9312
- C:\Windows\System\bGFlDaO.exe
  C:\Windows\System\bGFlDaO.exe
  2⤵
  PID:8900
- C:\Windows\System\zVzDvPD.exe
  C:\Windows\System\zVzDvPD.exe
  2⤵
  PID:9248
- C:\Windows\System\rSsGsNi.exe
  C:\Windows\System\rSsGsNi.exe
  2⤵
  PID:10260
- C:\Windows\System\BXznDuU.exe
  C:\Windows\System\BXznDuU.exe
  2⤵
  PID:10280
- C:\Windows\System\evuxSkr.exe
  C:\Windows\System\evuxSkr.exe
  2⤵
  PID:10308
- C:\Windows\System\uTaLIuc.exe
  C:\Windows\System\uTaLIuc.exe
  2⤵
  PID:10340
- C:\Windows\System\HgAvxto.exe
  C:\Windows\System\HgAvxto.exe
  2⤵
  PID:10368
- C:\Windows\System\qwMkJMU.exe
  C:\Windows\System\qwMkJMU.exe
  2⤵
  PID:10392
- C:\Windows\System\dukNJuQ.exe
  C:\Windows\System\dukNJuQ.exe
  2⤵
  PID:10416
- C:\Windows\System\xdhYqMB.exe
  C:\Windows\System\xdhYqMB.exe
  2⤵
  PID:10440
- C:\Windows\System\LjySEjD.exe
  C:\Windows\System\LjySEjD.exe
  2⤵
  PID:10472
- C:\Windows\System\iqJYBdd.exe
  C:\Windows\System\iqJYBdd.exe
  2⤵
  PID:10508
- C:\Windows\System\MDzFhnN.exe
  C:\Windows\System\MDzFhnN.exe
  2⤵
  PID:10544
- C:\Windows\System\nIqxaXv.exe
  C:\Windows\System\nIqxaXv.exe
  2⤵
  PID:10572
- C:\Windows\System\CYAoaBC.exe
  C:\Windows\System\CYAoaBC.exe
  2⤵
  PID:10600
- C:\Windows\System\WJgVFwv.exe
  C:\Windows\System\WJgVFwv.exe
  2⤵
  PID:10628
- C:\Windows\System\dHfoUsn.exe
  C:\Windows\System\dHfoUsn.exe
  2⤵
  PID:10652
- C:\Windows\System\QBWjOpv.exe
  C:\Windows\System\QBWjOpv.exe
  2⤵
  PID:10684
- C:\Windows\System\xrRoeRR.exe
  C:\Windows\System\xrRoeRR.exe
  2⤵
  PID:10700
- C:\Windows\System\ypyVupQ.exe
  C:\Windows\System\ypyVupQ.exe
  2⤵
  PID:10716
- C:\Windows\System\fkrECOH.exe
  C:\Windows\System\fkrECOH.exe
  2⤵
  PID:10732
- C:\Windows\System\GthCDmH.exe
  C:\Windows\System\GthCDmH.exe
  2⤵
  PID:10760
- C:\Windows\System\QXrOuQl.exe
  C:\Windows\System\QXrOuQl.exe
  2⤵
  PID:10784
- C:\Windows\System\TeHazAe.exe
  C:\Windows\System\TeHazAe.exe
  2⤵
  PID:10812
- C:\Windows\System\IIHOhJj.exe
  C:\Windows\System\IIHOhJj.exe
  2⤵
  PID:10840
- C:\Windows\System\ttHVyHv.exe
  C:\Windows\System\ttHVyHv.exe
  2⤵
  PID:10868
- C:\Windows\System\WhSqpQB.exe
  C:\Windows\System\WhSqpQB.exe
  2⤵
  PID:10896
- C:\Windows\System\HPfHDsg.exe
  C:\Windows\System\HPfHDsg.exe
  2⤵
  PID:10924
- C:\Windows\System\tQGHAht.exe
  C:\Windows\System\tQGHAht.exe
  2⤵
  PID:10948
- C:\Windows\System\lgshgwJ.exe
  C:\Windows\System\lgshgwJ.exe
  2⤵
  PID:10976
- C:\Windows\System\gSdxunl.exe
  C:\Windows\System\gSdxunl.exe
  2⤵
  PID:11008
- C:\Windows\System\jLJPEUn.exe
  C:\Windows\System\jLJPEUn.exe
  2⤵
  PID:11036
- C:\Windows\System\AhCpNLJ.exe
  C:\Windows\System\AhCpNLJ.exe
  2⤵
  PID:11072
- C:\Windows\System\NCsfaML.exe
  C:\Windows\System\NCsfaML.exe
  2⤵
  PID:11092
- C:\Windows\System\EoTdHZw.exe
  C:\Windows\System\EoTdHZw.exe
  2⤵
  PID:11124
- C:\Windows\System\JbqMxWu.exe
  C:\Windows\System\JbqMxWu.exe
  2⤵
  PID:11156
- C:\Windows\System\FuvtfxQ.exe
  C:\Windows\System\FuvtfxQ.exe
  2⤵
  PID:11184
- C:\Windows\System\wvOzauI.exe
  C:\Windows\System\wvOzauI.exe
  2⤵
  PID:11204
- C:\Windows\System\VfVkhyG.exe
  C:\Windows\System\VfVkhyG.exe
  2⤵
  PID:11236
- C:\Windows\System\KRmQHeG.exe
  C:\Windows\System\KRmQHeG.exe
  2⤵
  PID:9856
- C:\Windows\System\IlqmVRh.exe
  C:\Windows\System\IlqmVRh.exe
  2⤵
  PID:9612
- C:\Windows\System\WZoGbET.exe
  C:\Windows\System\WZoGbET.exe
  2⤵
  PID:9752
- C:\Windows\System\WNrwxwA.exe
  C:\Windows\System\WNrwxwA.exe
  2⤵
  PID:9244
- C:\Windows\System\wlgNxGN.exe
  C:\Windows\System\wlgNxGN.exe
  2⤵
  PID:10272
- C:\Windows\System\xRpBsOi.exe
  C:\Windows\System\xRpBsOi.exe
  2⤵
  PID:10332
- C:\Windows\System\otjgheT.exe
  C:\Windows\System\otjgheT.exe
  2⤵
  PID:10400
- C:\Windows\System\nNjigES.exe
  C:\Windows\System\nNjigES.exe
  2⤵
  PID:10116
- C:\Windows\System\ywgRhHI.exe
  C:\Windows\System\ywgRhHI.exe
  2⤵
  PID:10568
- C:\Windows\System\IDCDhKQ.exe
  C:\Windows\System\IDCDhKQ.exe
  2⤵
  PID:10696
- C:\Windows\System\HwhdgJN.exe
  C:\Windows\System\HwhdgJN.exe
  2⤵
  PID:10376
- C:\Windows\System\lQNXxwY.exe
  C:\Windows\System\lQNXxwY.exe
  2⤵
  PID:10808
- C:\Windows\System\xTSZwHr.exe
  C:\Windows\System\xTSZwHr.exe
  2⤵
  PID:8856
- C:\Windows\System\Daqlrtd.exe
  C:\Windows\System\Daqlrtd.exe
  2⤵
  PID:10916
- C:\Windows\System\NXcxXIu.exe
  C:\Windows\System\NXcxXIu.exe
  2⤵
  PID:9928
- C:\Windows\System\uKcOXdn.exe
  C:\Windows\System\uKcOXdn.exe
  2⤵
  PID:1788
- C:\Windows\System\ghkeRPT.exe
  C:\Windows\System\ghkeRPT.exe
  2⤵
  PID:876
- C:\Windows\System\nSSUqxp.exe
  C:\Windows\System\nSSUqxp.exe
  2⤵
  PID:10744
- C:\Windows\System\eUupYCV.exe
  C:\Windows\System\eUupYCV.exe
  2⤵
  PID:10428
- C:\Windows\System\yxWIpJd.exe
  C:\Windows\System\yxWIpJd.exe
  2⤵
  PID:11216
- C:\Windows\System\xfRIiHy.exe
  C:\Windows\System\xfRIiHy.exe
  2⤵
  PID:10968
- C:\Windows\System\WvwsxfA.exe
  C:\Windows\System\WvwsxfA.exe
  2⤵
  PID:9444
- C:\Windows\System\DBxOYkI.exe
  C:\Windows\System\DBxOYkI.exe
  2⤵
  PID:10152
- C:\Windows\System\WxQtKdd.exe
  C:\Windows\System\WxQtKdd.exe
  2⤵
  PID:9472
- C:\Windows\System\WysOpWm.exe
  C:\Windows\System\WysOpWm.exe
  2⤵
  PID:11148
- C:\Windows\System\WGjiKSO.exe
  C:\Windows\System\WGjiKSO.exe
  2⤵
  PID:10860
- C:\Windows\System\XUGXcKY.exe
  C:\Windows\System\XUGXcKY.exe
  2⤵
  PID:10712
- C:\Windows\System\QYlUIXx.exe
  C:\Windows\System\QYlUIXx.exe
  2⤵
  PID:10364
- C:\Windows\System\eWTDDWU.exe
  C:\Windows\System\eWTDDWU.exe
  2⤵
  PID:11276
- C:\Windows\System\mkoXjeS.exe
  C:\Windows\System\mkoXjeS.exe
  2⤵
  PID:11308
- C:\Windows\System\YAYXhbS.exe
  C:\Windows\System\YAYXhbS.exe
  2⤵
  PID:11340
- C:\Windows\System\MzKRMhs.exe
  C:\Windows\System\MzKRMhs.exe
  2⤵
  PID:11360
- C:\Windows\System\ZBDghNK.exe
  C:\Windows\System\ZBDghNK.exe
  2⤵
  PID:11396
- C:\Windows\System\CqXXaDY.exe
  C:\Windows\System\CqXXaDY.exe
  2⤵
  PID:11424
- C:\Windows\System\wXGRTbG.exe
  C:\Windows\System\wXGRTbG.exe
  2⤵
  PID:11452
- C:\Windows\System\NdgkJUp.exe
  C:\Windows\System\NdgkJUp.exe
  2⤵
  PID:11472
- C:\Windows\System\uqjsZhQ.exe
  C:\Windows\System\uqjsZhQ.exe
  2⤵
  PID:11512
- C:\Windows\System\FxBpdwv.exe
  C:\Windows\System\FxBpdwv.exe
  2⤵
  PID:11548
- C:\Windows\System\dLoLxGl.exe
  C:\Windows\System\dLoLxGl.exe
  2⤵
  PID:11652
- C:\Windows\System\iYYlKRs.exe
  C:\Windows\System\iYYlKRs.exe
  2⤵
  PID:11696
- C:\Windows\System\jwGVhAI.exe
  C:\Windows\System\jwGVhAI.exe
  2⤵
  PID:11716
- C:\Windows\System\YMseeCB.exe
  C:\Windows\System\YMseeCB.exe
  2⤵
  PID:11740
- C:\Windows\System\BWwMbPZ.exe
  C:\Windows\System\BWwMbPZ.exe
  2⤵
  PID:11776
- C:\Windows\System\aIbQNCD.exe
  C:\Windows\System\aIbQNCD.exe
  2⤵
  PID:11804
- C:\Windows\System\wDibtYQ.exe
  C:\Windows\System\wDibtYQ.exe
  2⤵
  PID:11836
- C:\Windows\System\tADDPFX.exe
  C:\Windows\System\tADDPFX.exe
  2⤵
  PID:11860
- C:\Windows\System\cbLvWgI.exe
  C:\Windows\System\cbLvWgI.exe
  2⤵
  PID:11892
- C:\Windows\System\rsMxamG.exe
  C:\Windows\System\rsMxamG.exe
  2⤵
  PID:11920
- C:\Windows\System\AQKubiL.exe
  C:\Windows\System\AQKubiL.exe
  2⤵
  PID:11940
- C:\Windows\System\DwkcPUc.exe
  C:\Windows\System\DwkcPUc.exe
  2⤵
  PID:11976
- C:\Windows\System\rWOQNym.exe
  C:\Windows\System\rWOQNym.exe
  2⤵
  PID:11996
- C:\Windows\System\BuNTmif.exe
  C:\Windows\System\BuNTmif.exe
  2⤵
  PID:12032
- C:\Windows\System\GTFomPN.exe
  C:\Windows\System\GTFomPN.exe
  2⤵
  PID:12072
- C:\Windows\System\LbhXMln.exe
  C:\Windows\System\LbhXMln.exe
  2⤵
  PID:12112
- C:\Windows\System\omYpBTP.exe
  C:\Windows\System\omYpBTP.exe
  2⤵
  PID:12140
- C:\Windows\System\LlQMsXk.exe
  C:\Windows\System\LlQMsXk.exe
  2⤵
  PID:12164
- C:\Windows\System\wrPXvon.exe
  C:\Windows\System\wrPXvon.exe
  2⤵
  PID:12192
- C:\Windows\System\YVVlWJP.exe
  C:\Windows\System\YVVlWJP.exe
  2⤵
  PID:12212
- C:\Windows\System\GHGPKCw.exe
  C:\Windows\System\GHGPKCw.exe
  2⤵
  PID:12236
- C:\Windows\System\wRTJLLc.exe
  C:\Windows\System\wRTJLLc.exe
  2⤵
  PID:12264
- C:\Windows\System\xgtdyay.exe
  C:\Windows\System\xgtdyay.exe
  2⤵
  PID:10792
- C:\Windows\System\riIPYSL.exe
  C:\Windows\System\riIPYSL.exe
  2⤵
  PID:9584
- C:\Windows\System\bJqWhIF.exe
  C:\Windows\System\bJqWhIF.exe
  2⤵
  PID:10304
- C:\Windows\System\EoqbPdu.exe
  C:\Windows\System\EoqbPdu.exe
  2⤵
  PID:11080
- C:\Windows\System\amlWUwB.exe
  C:\Windows\System\amlWUwB.exe
  2⤵
  PID:4344
- C:\Windows\System\rosBGeC.exe
  C:\Windows\System\rosBGeC.exe
  2⤵
  PID:11176
- C:\Windows\System\YzRhABe.exe
  C:\Windows\System\YzRhABe.exe
  2⤵
  PID:10644
- C:\Windows\System\MApOxUx.exe
  C:\Windows\System\MApOxUx.exe
  2⤵
  PID:10752
- C:\Windows\System\tNHJgMC.exe
  C:\Windows\System\tNHJgMC.exe
  2⤵
  PID:10892
- C:\Windows\System\DXIfxFi.exe
  C:\Windows\System\DXIfxFi.exe
  2⤵
  PID:1608
- C:\Windows\System\ynqzzRm.exe
  C:\Windows\System\ynqzzRm.exe
  2⤵
  PID:9948
- C:\Windows\System\QIIiFFS.exe
  C:\Windows\System\QIIiFFS.exe
  2⤵
  PID:1960
- C:\Windows\System\VZpGQyU.exe
  C:\Windows\System\VZpGQyU.exe
  2⤵
  PID:11468
- C:\Windows\System\oNdgQGM.exe
  C:\Windows\System\oNdgQGM.exe
  2⤵
  PID:11524
- C:\Windows\System\zfyOgyi.exe
  C:\Windows\System\zfyOgyi.exe
  2⤵
  PID:11572
- C:\Windows\System\efqIkAz.exe
  C:\Windows\System\efqIkAz.exe
  2⤵
  PID:11380
- C:\Windows\System\CUCQoCz.exe
  C:\Windows\System\CUCQoCz.exe
  2⤵
  PID:11388
- C:\Windows\System\PHuhwcp.exe
  C:\Windows\System\PHuhwcp.exe
  2⤵
  PID:11960
- C:\Windows\System\PCjxcsZ.exe
  C:\Windows\System\PCjxcsZ.exe
  2⤵
  PID:11684
- C:\Windows\System\bRjzCaM.exe
  C:\Windows\System\bRjzCaM.exe
  2⤵
  PID:11712
- C:\Windows\System\MHNFjmW.exe
  C:\Windows\System\MHNFjmW.exe
  2⤵
  PID:11596
- C:\Windows\System\tqbXZun.exe
  C:\Windows\System\tqbXZun.exe
  2⤵
  PID:11880
- C:\Windows\System\cFTvwCK.exe
  C:\Windows\System\cFTvwCK.exe
  2⤵
  PID:12136
- C:\Windows\System\KAeUcES.exe
  C:\Windows\System\KAeUcES.exe
  2⤵
  PID:12172
- C:\Windows\System\pItQjvJ.exe
  C:\Windows\System\pItQjvJ.exe
  2⤵
  PID:11708
- C:\Windows\System\kavOVPc.exe
  C:\Windows\System\kavOVPc.exe
  2⤵
  PID:11256
- C:\Windows\System\xeAHOSm.exe
  C:\Windows\System\xeAHOSm.exe
  2⤵
  PID:11480
- C:\Windows\System\JEITElS.exe
  C:\Windows\System\JEITElS.exe
  2⤵
  PID:11540
- C:\Windows\System\BPduumF.exe
  C:\Windows\System\BPduumF.exe
  2⤵
  PID:10956
- C:\Windows\System\jDHiJeH.exe
  C:\Windows\System\jDHiJeH.exe
  2⤵
  PID:12084
- C:\Windows\System\rDbgvoo.exe
  C:\Windows\System\rDbgvoo.exe
  2⤵
  PID:12292
- C:\Windows\System\LQNCIQd.exe
  C:\Windows\System\LQNCIQd.exe
  2⤵
  PID:12328
- C:\Windows\System\BKVGUuh.exe
  C:\Windows\System\BKVGUuh.exe
  2⤵
  PID:12356
- C:\Windows\System\iCslmVJ.exe
  C:\Windows\System\iCslmVJ.exe
  2⤵
  PID:12384
- C:\Windows\System\EWKJGrq.exe
  C:\Windows\System\EWKJGrq.exe
  2⤵
  PID:12412
- C:\Windows\System\dWypqyc.exe
  C:\Windows\System\dWypqyc.exe
  2⤵
  PID:12444
- C:\Windows\System\wlOhAYm.exe
  C:\Windows\System\wlOhAYm.exe
  2⤵
  PID:12468
- C:\Windows\System\gEckMkZ.exe
  C:\Windows\System\gEckMkZ.exe
  2⤵
  PID:12488
- C:\Windows\System\rGjPuBP.exe
  C:\Windows\System\rGjPuBP.exe
  2⤵
  PID:12516
- C:\Windows\System\QRcdXyI.exe
  C:\Windows\System\QRcdXyI.exe
  2⤵
  PID:12544
- C:\Windows\System\kLgneOb.exe
  C:\Windows\System\kLgneOb.exe
  2⤵
  PID:12576
- C:\Windows\System\CWUqTEM.exe
  C:\Windows\System\CWUqTEM.exe
  2⤵
  PID:12768
- C:\Windows\System\agKQftV.exe
  C:\Windows\System\agKQftV.exe
  2⤵
  PID:12804
- C:\Windows\System\PvJzJEN.exe
  C:\Windows\System\PvJzJEN.exe
  2⤵
  PID:12832
- C:\Windows\System\AnpaOyA.exe
  C:\Windows\System\AnpaOyA.exe
  2⤵
  PID:12868
- C:\Windows\System\ZmlOjbA.exe
  C:\Windows\System\ZmlOjbA.exe
  2⤵
  PID:12944
- C:\Windows\System\HeXyXvq.exe
  C:\Windows\System\HeXyXvq.exe
  2⤵
  PID:12976
- C:\Windows\System\mKoLQKL.exe
  C:\Windows\System\mKoLQKL.exe
  2⤵
  PID:13016
- C:\Windows\System\HmaTNGp.exe
  C:\Windows\System\HmaTNGp.exe
  2⤵
  PID:13036
- C:\Windows\System\HnRnsfu.exe
  C:\Windows\System\HnRnsfu.exe
  2⤵
  PID:13068
- C:\Windows\System\XnEmBie.exe
  C:\Windows\System\XnEmBie.exe
  2⤵
  PID:13096
- C:\Windows\System\CRVCERv.exe
  C:\Windows\System\CRVCERv.exe
  2⤵
  PID:13128
- C:\Windows\System\IhHbBKE.exe
  C:\Windows\System\IhHbBKE.exe
  2⤵
  PID:13160
- C:\Windows\System\gHcQiNm.exe
  C:\Windows\System\gHcQiNm.exe
  2⤵
  PID:13184
- C:\Windows\System\BgbsdPF.exe
  C:\Windows\System\BgbsdPF.exe
  2⤵
  PID:13212
- C:\Windows\System\GCPOIHf.exe
  C:\Windows\System\GCPOIHf.exe
  2⤵
  PID:13236
- C:\Windows\System\HurjZZO.exe
  C:\Windows\System\HurjZZO.exe
  2⤵
  PID:13260
- C:\Windows\System\VNGcJxM.exe
  C:\Windows\System\VNGcJxM.exe
  2⤵
  PID:13284
- C:\Windows\System\ZliTmtF.exe
  C:\Windows\System\ZliTmtF.exe
  2⤵
  PID:11760
- C:\Windows\System\LXVAUcz.exe
  C:\Windows\System\LXVAUcz.exe
  2⤵
  PID:10864
- C:\Windows\System\iSbbLeJ.exe
  C:\Windows\System\iSbbLeJ.exe
  2⤵
  PID:4496
- C:\Windows\System\DfLJbCm.exe
  C:\Windows\System\DfLJbCm.exe
  2⤵
  PID:12220
- C:\Windows\System\BcBAUXQ.exe
  C:\Windows\System\BcBAUXQ.exe
  2⤵
  PID:10288
- C:\Windows\System\ywTfboU.exe
  C:\Windows\System\ywTfboU.exe
  2⤵
  PID:10552
- C:\Windows\System\LwLNPWo.exe
  C:\Windows\System\LwLNPWo.exe
  2⤵
  PID:11024
- C:\Windows\System\tNmiqHF.exe
  C:\Windows\System\tNmiqHF.exe
  2⤵
  PID:1664
- C:\Windows\System\UgsIovf.exe
  C:\Windows\System\UgsIovf.exe
  2⤵
  PID:1092
- C:\Windows\System\HNHHQBG.exe
  C:\Windows\System\HNHHQBG.exe
  2⤵
  PID:11724
- C:\Windows\System\lCdlwDM.exe
  C:\Windows\System\lCdlwDM.exe
  2⤵
  PID:11284
- C:\Windows\System\tRprEfr.exe
  C:\Windows\System\tRprEfr.exe
  2⤵
  PID:11868
- C:\Windows\System\LePVFXg.exe
  C:\Windows\System\LePVFXg.exe
  2⤵
  PID:12252
- C:\Windows\System\YcTOIjf.exe
  C:\Windows\System\YcTOIjf.exe
  2⤵
  PID:12692
- C:\Windows\System\PPynrub.exe
  C:\Windows\System\PPynrub.exe
  2⤵
  PID:12728
- C:\Windows\System\IAbaYBk.exe
  C:\Windows\System\IAbaYBk.exe
  2⤵
  PID:12456
- C:\Windows\System\tSblOsG.exe
  C:\Windows\System\tSblOsG.exe
  2⤵
  PID:12484
- C:\Windows\System\MUxeBwc.exe
  C:\Windows\System\MUxeBwc.exe
  2⤵
  PID:12592
- C:\Windows\System\oKvTILb.exe
  C:\Windows\System\oKvTILb.exe
  2⤵
  PID:12540
- C:\Windows\System\GQDIvty.exe
  C:\Windows\System\GQDIvty.exe
  2⤵
  PID:12824
- C:\Windows\System\bdHAjkz.exe
  C:\Windows\System\bdHAjkz.exe
  2⤵
  PID:12848
- C:\Windows\System\gMTwjgX.exe
  C:\Windows\System\gMTwjgX.exe
  2⤵
  PID:12660
- C:\Windows\System\hZBOIxA.exe
  C:\Windows\System\hZBOIxA.exe
  2⤵
  PID:13032
- C:\Windows\System\YgmtbET.exe
  C:\Windows\System\YgmtbET.exe
  2⤵
  PID:12852
- C:\Windows\System\weugpIB.exe
  C:\Windows\System\weugpIB.exe
  2⤵
  PID:12952
- C:\Windows\System\ETvPfgE.exe
  C:\Windows\System\ETvPfgE.exe
  2⤵
  PID:13180
- C:\Windows\System\UkiUCPA.exe
  C:\Windows\System\UkiUCPA.exe
  2⤵
  PID:13204
- C:\Windows\System\VXfgHsu.exe
  C:\Windows\System\VXfgHsu.exe
  2⤵
  PID:13176
- C:\Windows\System\yiQFxYy.exe
  C:\Windows\System\yiQFxYy.exe
  2⤵
  PID:13276
- C:\Windows\System\IIaTUbh.exe
  C:\Windows\System\IIaTUbh.exe
  2⤵
  PID:11852
- C:\Windows\System\kUrqEMV.exe
  C:\Windows\System\kUrqEMV.exe
  2⤵
  PID:13280
- C:\Windows\System\acUxsUi.exe
  C:\Windows\System\acUxsUi.exe
  2⤵
  PID:11992
- C:\Windows\System\ecfWnzd.exe
  C:\Windows\System\ecfWnzd.exe
  2⤵
  PID:11068
- C:\Windows\System\RKWdSEf.exe
  C:\Windows\System\RKWdSEf.exe
  2⤵
  PID:12308
- C:\Windows\System\BQziBeD.exe
  C:\Windows\System\BQziBeD.exe
  2⤵
  PID:11904
- C:\Windows\System\PZDRANZ.exe
  C:\Windows\System\PZDRANZ.exe
  2⤵
  PID:12184
- C:\Windows\System\nhFhkvk.exe
  C:\Windows\System\nhFhkvk.exe
  2⤵
  PID:11020
- C:\Windows\System\xtMtQpu.exe
  C:\Windows\System\xtMtQpu.exe
  2⤵
  PID:12344
- C:\Windows\System\DdvbthQ.exe
  C:\Windows\System\DdvbthQ.exe
  2⤵
  PID:13196
- C:\Windows\System\HXEhgdu.exe
  C:\Windows\System\HXEhgdu.exe
  2⤵
  PID:13028
- C:\Windows\System\mGWWHHa.exe
  C:\Windows\System\mGWWHHa.exe
  2⤵
  PID:13256
- C:\Windows\System\CweBFVn.exe
  C:\Windows\System\CweBFVn.exe
  2⤵
  PID:12932
- C:\Windows\System\ARqWoYq.exe
  C:\Windows\System\ARqWoYq.exe
  2⤵
  PID:13060
- C:\Windows\System\BUBnysE.exe
  C:\Windows\System\BUBnysE.exe
  2⤵
  PID:13320
- C:\Windows\System\JbypzoG.exe
  C:\Windows\System\JbypzoG.exe
  2⤵
  PID:13348
- C:\Windows\System\BaPYUnR.exe
  C:\Windows\System\BaPYUnR.exe
  2⤵
  PID:13368
- C:\Windows\System\ouZAzar.exe
  C:\Windows\System\ouZAzar.exe
  2⤵
  PID:13396
- C:\Windows\System\cfYHHxl.exe
  C:\Windows\System\cfYHHxl.exe
  2⤵
  PID:13420
- C:\Windows\System\kSXPikV.exe
  C:\Windows\System\kSXPikV.exe
  2⤵
  PID:13452
- C:\Windows\System\MaoZxjB.exe
  C:\Windows\System\MaoZxjB.exe
  2⤵
  PID:13472
- C:\Windows\System\RuOkapG.exe
  C:\Windows\System\RuOkapG.exe
  2⤵
  PID:13508
- C:\Windows\System\dyQCgAo.exe
  C:\Windows\System\dyQCgAo.exe
  2⤵
  PID:13536
- C:\Windows\System\yrnMlZO.exe
  C:\Windows\System\yrnMlZO.exe
  2⤵
  PID:13568
- C:\Windows\System\siYAXyf.exe
  C:\Windows\System\siYAXyf.exe
  2⤵
  PID:13596
- C:\Windows\System\ZPoqdNK.exe
  C:\Windows\System\ZPoqdNK.exe
  2⤵
  PID:13632
- C:\Windows\System\Ruozemh.exe
  C:\Windows\System\Ruozemh.exe
  2⤵
  PID:13672
- C:\Windows\System\ZEgAcgt.exe
  C:\Windows\System\ZEgAcgt.exe
  2⤵
  PID:13696
- C:\Windows\System\FlIzcrD.exe
  C:\Windows\System\FlIzcrD.exe
  2⤵
  PID:13724
- C:\Windows\System\hetoRsb.exe
  C:\Windows\System\hetoRsb.exe
  2⤵
  PID:13744
- C:\Windows\System\LXovdHS.exe
  C:\Windows\System\LXovdHS.exe
  2⤵
  PID:13780
- C:\Windows\System\HABBohi.exe
  C:\Windows\System\HABBohi.exe
  2⤵
  PID:13812
- C:\Windows\System\xWUoBkw.exe
  C:\Windows\System\xWUoBkw.exe
  2⤵
  PID:13836
- C:\Windows\System\rCTZwPJ.exe
  C:\Windows\System\rCTZwPJ.exe
  2⤵
  PID:13856
- C:\Windows\System\MrjlFMo.exe
  C:\Windows\System\MrjlFMo.exe
  2⤵
  PID:13892
- C:\Windows\System\AaIAwWp.exe
  C:\Windows\System\AaIAwWp.exe
  2⤵
  PID:13912
- C:\Windows\System\LdCpmMZ.exe
  C:\Windows\System\LdCpmMZ.exe
  2⤵
  PID:13936
- C:\Windows\System\LwjrxWT.exe
  C:\Windows\System\LwjrxWT.exe
  2⤵
  PID:13964
- C:\Windows\System\sGQjdTa.exe
  C:\Windows\System\sGQjdTa.exe
  2⤵
  PID:13992
- C:\Windows\System\XAOKUYj.exe
  C:\Windows\System\XAOKUYj.exe
  2⤵
  PID:14016
- C:\Windows\System\zkmksQW.exe
  C:\Windows\System\zkmksQW.exe
  2⤵
  PID:14052
- C:\Windows\System\optXEpz.exe
  C:\Windows\System\optXEpz.exe
  2⤵
  PID:14076
- C:\Windows\System\ToClLbW.exe
  C:\Windows\System\ToClLbW.exe
  2⤵
  PID:14104
- C:\Windows\System\XFSMWcr.exe
  C:\Windows\System\XFSMWcr.exe
  2⤵
  PID:14128
- C:\Windows\System\uhPfWKc.exe
  C:\Windows\System\uhPfWKc.exe
  2⤵
  PID:14160
- C:\Windows\System\hWidOUd.exe
  C:\Windows\System\hWidOUd.exe
  2⤵
  PID:14184
- C:\Windows\System\VAJQWji.exe
  C:\Windows\System\VAJQWji.exe
  2⤵
  PID:14212
- C:\Windows\System\yjHSHHl.exe
  C:\Windows\System\yjHSHHl.exe
  2⤵
  PID:14236
- C:\Windows\System\vioFLaW.exe
  C:\Windows\System\vioFLaW.exe
  2⤵
  PID:14268
- C:\Windows\System\gKofigG.exe
  C:\Windows\System\gKofigG.exe
  2⤵
  PID:14292
- C:\Windows\System\SdYVSvS.exe
  C:\Windows\System\SdYVSvS.exe
  2⤵
  PID:14320
- C:\Windows\System\bIEucSP.exe
  C:\Windows\System\bIEucSP.exe
  2⤵
  PID:12312
- C:\Windows\System\NfYKSxy.exe
  C:\Windows\System\NfYKSxy.exe
  2⤵
  PID:3844
- C:\Windows\System\jniVftW.exe
  C:\Windows\System\jniVftW.exe
  2⤵
  PID:12672
- C:\Windows\System\SxAXvAo.exe
  C:\Windows\System\SxAXvAo.exe
  2⤵
  PID:13328
- C:\Windows\System\nPmjYdf.exe
  C:\Windows\System\nPmjYdf.exe
  2⤵
  PID:12840
- C:\Windows\System\RTCHvfM.exe
  C:\Windows\System\RTCHvfM.exe
  2⤵
  PID:13244
- C:\Windows\System\ShnSNbv.exe
  C:\Windows\System\ShnSNbv.exe
  2⤵
  PID:13412
- C:\Windows\System\QdYRsOl.exe
  C:\Windows\System\QdYRsOl.exe
  2⤵
  PID:13440
- C:\Windows\System\ztjdeAb.exe
  C:\Windows\System\ztjdeAb.exe
  2⤵
  PID:13528
- C:\Windows\System\VpgtSAX.exe
  C:\Windows\System\VpgtSAX.exe
  2⤵
  PID:13092
- C:\Windows\System\xssEHlB.exe
  C:\Windows\System\xssEHlB.exe
  2⤵
  PID:13604

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DarudGA.exe

Filesize
3.0MB

MD5
7fab0ed078f4ea2b15f8124726d93063

SHA1
3e77592f250c1e3ec503236dc46a038209f6ec2e

SHA256
77257d68ec7baab59a58de354f8a7ccbe1da23d9d01453f11b9deb2048627546

SHA512
1687dea7ec9892c8fd9bd56b383aef8b31141bbc3ba650792805f8c2ad6abe2172eef22ee0befdeea38b669d4a4e6bd8b8a9dc8dd55571e7c12ee7d910478416

Download Submit
C:\Windows\System\DfKBQjS.exe

Filesize
3.0MB

MD5
219fd1f570ecc8eef4bc449e9b50e26f

SHA1
a2350564168542153188ee808159df5b3018896d

SHA256
5f93ab7bf865c0bcee8ea80f84beb6be2c84c23cf5dbbb02c94fb7114e75a226

SHA512
af29460a47dd3ec130840204fd6bdc0d9d27193978d5d9f222318f6bd25fe995bda3cf4f884c465acb5becf3d0571a8b90d29820f6134f330c67361e599357df

Download Submit
C:\Windows\System\Elssenr.exe

Filesize
3.0MB

MD5
b6d690800936d2240afed414ca6c9263

SHA1
abd3af2f53f47764c85b0d1efe784907718b0354

SHA256
bd01c9c6188d0ec0b63a57712a9b8c8d4955480087f4b96a5e75ab211f17570a

SHA512
fa1a83436c9452e22a48e35144fc25cae8aee9e9e1d3cdb31324346b2255132aedf9c867c3d69affc422378d180dc8887e5945452aba8d2a401df5499eddb5da

Download Submit
C:\Windows\System\FXkLACN.exe

Filesize
3.0MB

MD5
66a9f9def432b4594ce5531ec96960e8

SHA1
366b473359022a1161fc662d4bc0491b3bb1d539

SHA256
9f7bf76331894252cf0d1a2fd2e2a4abf4a278ab58c35c936e5d74490bd1ed7f

SHA512
b750c93d5a9cb0e276981d03381c9457f8bc2b93925d17de7091cace3b582cf13c31dca363656cfa5e171e0f32c36fbc3d970ecdff2298155e4097bb59d07a81

Download Submit
C:\Windows\System\GjwnzgA.exe

Filesize
3.0MB

MD5
26c7ab0f2478e73f80956be1740da497

SHA1
a54992e8e2b450409ed98d37a1de8d7593e1e927

SHA256
23244a76025ec56ce1f39e2914f00939d463392c932e8a15378e4c6e6e8ad467

SHA512
b4a57d0d1d05c7c969a758ae6d3662932d5eb3612eb1ed3c0903b35b6d719b56d60bddcf5d442d6e114b9fbca3abdd38fc7fcc16a695f44201b33463b34cb515

Download Submit
C:\Windows\System\GlBEntY.exe

Filesize
3.0MB

MD5
ed912db8c0fc0eae447a1449af8d3436

SHA1
0b67853e3bb6a4a0c82bba4dc798294485ecfeb5

SHA256
961b3087f749ce1f08df1284ea435f46c501d527aea63e6fc9ccf619eba52210

SHA512
0c37f337f3bb18e872dbcd5c9fdecf5f32971b469b7bd6057ac15649d77a27f60ee654fca3d5c94d1e4b65fbaef1972399191396c0065be48a87c6e0a697d8e6

Download Submit
C:\Windows\System\IsAaXaG.exe

Filesize
3.0MB

MD5
043850b613d769fc8d976e193028b19f

SHA1
1e94b7faa7b26d9e0ff30ccacdbdcb4a7b3ede1e

SHA256
71fd41751ae00fa27ff088ad2641cadea46ae90831c0ca2a457ce34492fac2e6

SHA512
34a9c7ea3704b8284efb99075eb237650712636b78043ca982156edc5f463c594d7647891d2c349fcc5c0766e312be0b73b7c8d65124d9ed35bf138c8da9f692

Download Submit
C:\Windows\System\IzYQUVc.exe

Filesize
3.0MB

MD5
8711b551706407aa8c40daeba9b9493e

SHA1
e0264fa14e2c140037ea26c36f9abd387c92c586

SHA256
b9d87237028aa7b1ba7924f0ebce9dec192757664d91282afb49fd9a184c2974

SHA512
58524d0326f1bb016f9a63510c093d5617fb543b71569145cf97f04b96126130e5643dd68caa1c11cf5ae97d345911d23b6f37433bc685192e111a3d9769baf7

Download Submit
C:\Windows\System\KhJfUCH.exe

Filesize
3.0MB

MD5
37c1f4d1b358fb0dae7bb752df74395e

SHA1
6f347d931dc93e65b37efe756be19cdb5106686f

SHA256
0e3a4a8cbc8bcd868c6d0e8cefa0a3df6ed6340d71ff09b784c2963a87f149c6

SHA512
033559d0f2e078e899a21e6b1ac6ec4b6930cbc8a3c34d2c2a68454106a9700ca8805af6247475ebd0520a3ffb9268308a35a9243d857e095920d53c6cc23373

Download Submit
C:\Windows\System\LGpzqbC.exe

Filesize
3.0MB

MD5
9d68eee9cad2787a60deb8e7d10bc59d

SHA1
ca2841d0556c2f0006ba05c9506097440e3222b5

SHA256
a1b1a7e470a5c2ae3c34e0363ef4fbbcbca410035beb742e2914ff1786b11a1e

SHA512
a39ee70165fcb0b5e559396bfe32f72d5137dafa044aa2df461cda605c9e9e1bd71c8bdc5f5da372db77624a4f6b0b617e510724b89e0f31edbf2ff5b7c3a663

Download Submit
C:\Windows\System\MFZZDUR.exe

Filesize
3.0MB

MD5
88f59f6afe74a895b6bf308eab5197aa

SHA1
092ee5b6ea2e56e9bb2c093dede9d67373af2a74

SHA256
ab29ca0be83272a30e10db8507da94641fd1a1eadf0412e20c90298f6dade981

SHA512
5439dd154c4c0b11748f30d61b6cf3e85e2916234181b8f29bfda33e9aec4430805e100353622152874448b085288207a21c75986f6752d2352f881a0faac242

Download Submit
C:\Windows\System\PzXxDWJ.exe

Filesize
3.0MB

MD5
6104838ff302c42ef53bcbddd1065dda

SHA1
a1eecfc2d0567e78c0a571d4fb24fcfdca88f3ef

SHA256
46b13d78a2adf9dce35dc6bb5df05338948312648a569155822e36581132a258

SHA512
63d2d9843b2a2bf9940df4c93dfac91cfca7a3d5546fe45a43f7f14ebc88aa59d91b2c92681b970d35963cfd8227df312e4b13e24a81c9196f918fa9d791c5c7

Download Submit
C:\Windows\System\SdlQmIi.exe

Filesize
3.0MB

MD5
321bfbfeed4c97e2e2993508fba719f9

SHA1
8d6340d9432835e291600f98fde09308d13673a1

SHA256
aa93cccdf3faa459c7eb7fbcd0b99d4f26eb66ae8551de8eadfced0f1bc8b82e

SHA512
f2058e524512d327140776f27f6bddf8a23302e5379e674057f7536cbe3d78cea1edcc98a27e017fc0e56cb93e151f5dcd987bbcb9a1b90f811d5bf96dfd06c4

Download Submit
C:\Windows\System\TiTyzbl.exe

Filesize
3.0MB

MD5
07fc7428d34d9b6f96c2d591d48f9133

SHA1
bf157923e5d465c8291a43b7bbc2d72cb56de452

SHA256
49f1f714d920e4851feae9bcfb65b6b97b620c21b3eeacc6410cd69544088fb8

SHA512
815c4476408d20bc77e114899bf72de037c84741a60ed1bfc1fe572e07c987192f5200567b7b5f59a1ed7a14a5a81166ddbd511016f5cb63f981ef7d9e5f7aef

Download Submit
C:\Windows\System\WbHCUSX.exe

Filesize
3.0MB

MD5
e605cb353033115113fe1deffb0699c9

SHA1
94e97030ae282f3f1f22cf8a2b641206a4283fe1

SHA256
9af2bd3c18b407e5584cc86ff92185c478c7cc528a4f361df6b46b14906b3d7b

SHA512
e3c58e8c7c20e6dac4fe98f617543dbd3d1f852bb87b3751a717bf732be9986ae7d06475e3b7ab6175b2a1a354a2b560424e84c31d20ef76baddcbc50d738e7d

Download Submit
C:\Windows\System\XFPUiMp.exe

Filesize
3.0MB

MD5
5b1e93cdf217c49d7392148732ba46bc

SHA1
a7917b3ee1a3397d96925816c254ad4683fcd99b

SHA256
93a5dc40ef1a97596b704b23cf2d69a28b94eac03ab703035cc66202c17384b6

SHA512
1d43f49e43a1bf6bfe67593d8cfa5200b1ee21a357acf5ea68af8f394191554bcb2a8abcfdcb62945a64944856474555613481825c94dddecd44d210b3eb3a7b

Download Submit
C:\Windows\System\bBTOwoH.exe

Filesize
3.0MB

MD5
d06615a5a086889cde69b75bb98eae09

SHA1
4b21cb4c3142ee441f345eaaf76f941404112e0f

SHA256
58734fc02862788b00bf7d3e73bde88b72029e8e0097395360124117e7b0ad48

SHA512
df5a2f0022751f0ebaff62be70de3beff8a711f2560ef8b1cfd39bdbb4b4c2620bb2db3a41351a427341035e3f0cd07e654448c0bc15b9bff1016543d8dca3ca

Download Submit
C:\Windows\System\eevJfmd.exe

Filesize
3.0MB

MD5
18d72c8ba309135d84e573e0bd035d24

SHA1
bbba182809f28531f9800518dbd4560863289b33

SHA256
456c9fddf8462d277d8d2efdf7ec9021c7479ecd967e002fce12a167f4291304

SHA512
c86fa68cf8028e5e94d4d6a9e6dd99de982cc7096957cb6b6e97063ad72297c5d5ce2d224429b684766b8a83901a599f1f354bdeb5f8b96fd31f62cdf8c53592

Download Submit
C:\Windows\System\fsZaEGf.exe

Filesize
3.0MB

MD5
ba5c16e3e16dd8a3ce9a618e50e5353b

SHA1
1ff1b5fb0fbc711080c97b69a614a78ae05d58be

SHA256
0a876f534bef357a1a0bd76fe299c1ee63e6ba21e7af0c07ec2d6debafffc9d6

SHA512
c963c75594549795b2a45af903328e681cbec0c6e98a658049795a1098985071fc5fec6217f657b79734fb224a01be318f526eead41f06f32248d7b7f471cc13

Download Submit
C:\Windows\System\gDwLllZ.exe

Filesize
3.0MB

MD5
3a11263287a635ad7eca1ae496464dfd

SHA1
8741fbc65ddbf4bd82a3c1804a1cd220d09e9a69

SHA256
2d64a413216ce6bd14460745331ce3df81bb64aaa0f774349c39e2d8a4253967

SHA512
7db46d8d3cad31b1f4225f4f0109a04a69a9498e91f833e26f518ba5adbb25ecce6779c976601f92e6b326d049f65deaafadd8e2efc17449f8d3f37c911c53e7

Download Submit
C:\Windows\System\hcqCfNi.exe

Filesize
3.0MB

MD5
ad4fad66fbe98a50dfb466048df7f4c7

SHA1
35e85cbc9bdfbfbd476fff165d429db73078c8e9

SHA256
1862fad17078a4de479cb394b65be7962537bcce6991c661cc7fc9663a30c209

SHA512
5d0a46c52aa9361e81d6e478e35e1c2a848f088ba01c3bc96700e633d382f58cdd98db20ec4ccdae136b5771c5253831a0ba20b85ba128871a50681e75c81363

Download Submit
C:\Windows\System\iWPUKce.exe

Filesize
3.0MB

MD5
73a68da86d194e7a1a3a22b1f008541e

SHA1
c08255cf4481c8f8bc8dc6345c9b2f7d4d59a983

SHA256
c7358104ec0428ed8ca4aab1b388c0c05b416c2de413468ccd4e8de72f683ed2

SHA512
28b59cf27eade843cb41a2b68c19d8acd7a753f8b3aeaefab6de7cdae6dd3774f24c6dc967914ca6a7697369422745692174f45275a876187a0d6621bcf362be

Download Submit
C:\Windows\System\kitYFjF.exe

Filesize
3.0MB

MD5
37fafc0187416f2c6627b7e5f13f7235

SHA1
27fbe3a2a1ed1dac32d9023764918933113565ba

SHA256
951dc6762970bbfa404c443e426cd5b3e45973ef61f9c6d137c43862d49988fb

SHA512
52790aebeeb99c5d2851f13bfdf883608c7b6123478fd408290cabde0094e0a64471c2b7c54c24c9be8ae8662905e8f7991b8864cea8cfc1e31707cf1fa6c016

Download Submit
C:\Windows\System\oCSBlCh.exe

Filesize
3.0MB

MD5
79de0428f56c3731b187347f635078dd

SHA1
7741b4b9f89e34cd8f10f65a42b995cb7f73bf34

SHA256
26cb0acecedfbe095ffa5c2a66fd11f35c3f96ee57cbe3252cdce2a3ae79a88c

SHA512
9ebb7e98c947a3662413b7c717bd09340cc4facb783bb2620af0b38bfbb5309d85d4bf386a86306625c8e050855a1263ac6fafe7392a2db866e475166da44118

Download Submit
C:\Windows\System\pgAWpBn.exe

Filesize
3.0MB

MD5
0246b3966babf6f6a1fd9adf56300368

SHA1
1758ee0adfdee12e929c9877286cde94d33d7346

SHA256
92ee81c9c7a9eff35071c80666f958fd1de7cb30440329630d4ce19e5cb2db99

SHA512
eb62c06bc8443c01dd0fa36d46c9ec1878cbb0456b37257cb53aef6028990ca8d339b9b116e23ed98dbc24c4049c0aa99d31c000aa43201a8b4d40f0abf56580

Download Submit
C:\Windows\System\qpsIoVf.exe

Filesize
3.0MB

MD5
53ac3e12f94f5e530773f298480469aa

SHA1
336590e5f76bedd3b5bec54d6ff8ed02045573bc

SHA256
e7f3219e5614f85e51e36e7ebc7025b3f189923b0057d2e9c9ceed3d22dc7e9f

SHA512
df8dd7cab9e28cf8eda12ad86aca20b95f526daab486360c0750bcf70186dd3621e4a312fa981402d13e1e29be7443573565704d21e5156eea72eb99744764e7

Download Submit
C:\Windows\System\rYaDrtL.exe

Filesize
3.0MB

MD5
5165db53d7031faa07c0e0a5e62d5fcf

SHA1
db1317a7648453586ffd1080cb9d6e12790253b9

SHA256
6f082303a8331fc08957cb43cb356504a32bc97041834846ad36f33b5e3551b2

SHA512
f0830431f46e48f8aee404423c588d31da8cd2057011b8252b1d6982b19c3b3c49a9c72a48416f2cabe2a4fe3f4aca1c05593b997fd9de53a762e0407ad2ccbb

Download Submit
C:\Windows\System\rsDzhJS.exe

Filesize
3.0MB

MD5
9ab84d8caee4dddb5ac0bc0806164913

SHA1
4f27d2c88bff5a1bbe4d84c0c8a84efc90337111

SHA256
c9c8dbb757cc9088cf239b1b873ff2f4deb03368a6eeb0f700d6d6ecba525901

SHA512
c9fb37e8e16dcacfca34afc0498145236500b5bd37bfa7db18f8c725dbd4a8314aee82703122ec97781738ecc73130ba500c21d3b330900297590421b19c7136

Download Submit
C:\Windows\System\sOoYMcs.exe

Filesize
3.0MB

MD5
58cc4fff3ab0c59c96e4315fc6d79519

SHA1
1a07d0347a07ef3233c9f402c435e6028ff43364

SHA256
fd7d114b97107044a4207a0f873aa5df77547a81e1d948ab3643e0931fdfb9db

SHA512
6b5b3c8263e824a0836c6c1df3999be265cd103e968510c2fe26e4708a0b66082dfc65f18db90e4c5b397606ab3abfa07d52478affeaec47c6471cf559a5525c

Download Submit
C:\Windows\System\sbWKluW.exe

Filesize
3.0MB

MD5
fa23ccd841d741324d59923f4698d271

SHA1
549c77ac45dc7f0d06bad6c9af9827857b9d20ff

SHA256
54a335c6a4787666decd0d99cf613d74c4fc46bc535a4c169d229372ccc65ca4

SHA512
35719229f3b230663468374c4ff59c7d39a416ef88c7c16474cb249d9e3e497eaf9696536ba9b363f3a3a6f6f1d3718d1cc53d807af13252d013934f296d5463

Download Submit
C:\Windows\System\vzibCWq.exe

Filesize
3.0MB

MD5
38368a5686342ceb7b3df838239fa8de

SHA1
032a0c8bcf15c97731276b2a864fb17eab338ab8

SHA256
70018529c329adaa0751dc006f0d77e2acc8f715a9f227b8cbebf83c461dae34

SHA512
d76cd968175c3ca038bc1a4b3f4d3ed8f9f245f3f5535290a16ba97aa9be6202682071a278c2bcd65c090fa06f539361070a778494bb815a18a8cafd62a257f8

Download Submit
C:\Windows\System\xriEwfk.exe

Filesize
3.0MB

MD5
272f7579b94c3f9cd13126f860bac50b

SHA1
95c00a9d6f28fcf2fbea11d8ffec68d536dcd383

SHA256
3fb22a9e747a21a09a621dd5a1f336d19b446a9684d3541e1f3e98a51aec738b

SHA512
0e0b71b26b8194010032e8b68e515dee2d7ab2f024fce3d586f35fb6df8ac09c2ed868089f84a7ff9d4ceaa31fae70c820148c8ba4d3a8a77280792df15a83f3

Download Submit
C:\Windows\System\yDCkuZo.exe

Filesize
3.0MB

MD5
3e1b7e34feb7b847b7f161d5bdbcea6d

SHA1
ed3110e05fb06b0845548056936cf705404ac2b4

SHA256
d8e6cff0a58db9ee09c798cc15b33f23f28cae8bac8f4185497ada2ff7188847

SHA512
d956f60e2728234b25c32b1fc597a85dd40c63fcdb3e4292d59ca08bcf5033872b7e04ca7ca43f50b8c0263e6cafb0cf28bdf6d17b96b8fcfa96c06cf82562e1

Download Submit
C:\Windows\System\zPoJqIM.exe

Filesize
3.0MB

MD5
3e3167896de193ec6a9bfa530b5b402d

SHA1
8a98d51d6eab691f07b98e26a85525922044b33d

SHA256
1c634ed47284bc757520ddef35910f4e4cdb224e2bcd581f0da4b2514480324e

SHA512
04023134b66e01f6a94ee21796b75d5f6a791f8a1fa9743d94ae86a6bcbfac21010cf20984709d51fb3ab1e5dca0baeae458f59e0931e9fa55f9a75472fcaaf3

Download Submit
memory/452-75-0x00007FF7AE710000-0x00007FF7AEA61000-memory.dmp

Filesize
3.3MB

Download
memory/452-2244-0x00007FF7AE710000-0x00007FF7AEA61000-memory.dmp

Filesize
3.3MB

Download
memory/884-2229-0x00007FF69C630000-0x00007FF69C981000-memory.dmp

Filesize
3.3MB

Download
memory/884-28-0x00007FF69C630000-0x00007FF69C981000-memory.dmp

Filesize
3.3MB

Download
memory/884-2242-0x00007FF69C630000-0x00007FF69C981000-memory.dmp

Filesize
3.3MB

Download
memory/1084-224-0x00007FF7C33C0000-0x00007FF7C3711000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2338-0x00007FF7C33C0000-0x00007FF7C3711000-memory.dmp

Filesize
3.3MB

Download
memory/1236-2246-0x00007FF7ED310000-0x00007FF7ED661000-memory.dmp

Filesize
3.3MB

Download
memory/1236-2228-0x00007FF7ED310000-0x00007FF7ED661000-memory.dmp

Filesize
3.3MB

Download
memory/1236-49-0x00007FF7ED310000-0x00007FF7ED661000-memory.dmp

Filesize
3.3MB

Download
memory/1316-2254-0x00007FF7D2F10000-0x00007FF7D3261000-memory.dmp

Filesize
3.3MB

Download
memory/1316-101-0x00007FF7D2F10000-0x00007FF7D3261000-memory.dmp

Filesize
3.3MB

Download
memory/1568-206-0x00007FF7323A0000-0x00007FF7326F1000-memory.dmp

Filesize
3.3MB

Download
memory/1568-2341-0x00007FF7323A0000-0x00007FF7326F1000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2326-0x00007FF7F49E0000-0x00007FF7F4D31000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2230-0x00007FF7F49E0000-0x00007FF7F4D31000-memory.dmp

Filesize
3.3MB

Download
memory/1584-95-0x00007FF7F49E0000-0x00007FF7F4D31000-memory.dmp

Filesize
3.3MB

Download
memory/1792-91-0x00007FF669090000-0x00007FF6693E1000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2250-0x00007FF669090000-0x00007FF6693E1000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2248-0x00007FF765820000-0x00007FF765B71000-memory.dmp

Filesize
3.3MB

Download
memory/1968-102-0x00007FF765820000-0x00007FF765B71000-memory.dmp

Filesize
3.3MB

Download
memory/2504-2190-0x00007FF662440000-0x00007FF662791000-memory.dmp

Filesize
3.3MB

Download
memory/2504-1-0x00000227B2090000-0x00000227B20A0000-memory.dmp

Filesize
64KB

Download
memory/2504-0-0x00007FF662440000-0x00007FF662791000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2258-0x00007FF6FCDF0000-0x00007FF6FD141000-memory.dmp

Filesize
3.3MB

Download
memory/2652-103-0x00007FF6FCDF0000-0x00007FF6FD141000-memory.dmp

Filesize
3.3MB

Download
memory/3088-2314-0x00007FF6410B0000-0x00007FF641401000-memory.dmp

Filesize
3.3MB

Download
memory/3088-2305-0x00007FF6410B0000-0x00007FF641401000-memory.dmp

Filesize
3.3MB

Download
memory/3088-141-0x00007FF6410B0000-0x00007FF641401000-memory.dmp

Filesize
3.3MB

Download
memory/3392-98-0x00007FF681540000-0x00007FF681891000-memory.dmp

Filesize
3.3MB

Download
memory/3392-2318-0x00007FF681540000-0x00007FF681891000-memory.dmp

Filesize
3.3MB

Download
memory/3392-2233-0x00007FF681540000-0x00007FF681891000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2335-0x00007FF704D00000-0x00007FF705051000-memory.dmp

Filesize
3.3MB

Download
memory/3604-236-0x00007FF704D00000-0x00007FF705051000-memory.dmp

Filesize
3.3MB

Download
memory/3756-104-0x00007FF67F980000-0x00007FF67FCD1000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2322-0x00007FF67F980000-0x00007FF67FCD1000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2280-0x00007FF67F980000-0x00007FF67FCD1000-memory.dmp

Filesize
3.3MB

Download
memory/3880-2236-0x00007FF64CA50000-0x00007FF64CDA1000-memory.dmp

Filesize
3.3MB

Download
memory/3880-11-0x00007FF64CA50000-0x00007FF64CDA1000-memory.dmp

Filesize
3.3MB

Download
memory/3880-2225-0x00007FF64CA50000-0x00007FF64CDA1000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2238-0x00007FF6618F0000-0x00007FF661C41000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2226-0x00007FF6618F0000-0x00007FF661C41000-memory.dmp

Filesize
3.3MB

Download
memory/3948-15-0x00007FF6618F0000-0x00007FF661C41000-memory.dmp

Filesize
3.3MB

Download
memory/4036-2232-0x00007FF6189F0000-0x00007FF618D41000-memory.dmp

Filesize
3.3MB

Download
memory/4036-97-0x00007FF6189F0000-0x00007FF618D41000-memory.dmp

Filesize
3.3MB

Download
memory/4036-2320-0x00007FF6189F0000-0x00007FF618D41000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2312-0x00007FF73A450000-0x00007FF73A7A1000-memory.dmp

Filesize
3.3MB

Download
memory/4192-124-0x00007FF73A450000-0x00007FF73A7A1000-memory.dmp

Filesize
3.3MB

Download
memory/4224-2325-0x00007FF7A5030000-0x00007FF7A5381000-memory.dmp

Filesize
3.3MB

Download
memory/4224-125-0x00007FF7A5030000-0x00007FF7A5381000-memory.dmp

Filesize
3.3MB

Download
memory/4272-144-0x00007FF6A2560000-0x00007FF6A28B1000-memory.dmp

Filesize
3.3MB

Download
memory/4272-2330-0x00007FF6A2560000-0x00007FF6A28B1000-memory.dmp

Filesize
3.3MB

Download
memory/4360-2256-0x00007FF7BBF60000-0x00007FF7BC2B1000-memory.dmp

Filesize
3.3MB

Download
memory/4360-94-0x00007FF7BBF60000-0x00007FF7BC2B1000-memory.dmp

Filesize
3.3MB

Download
memory/4400-2240-0x00007FF7C6300000-0x00007FF7C6651000-memory.dmp

Filesize
3.3MB

Download
memory/4400-100-0x00007FF7C6300000-0x00007FF7C6651000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2328-0x00007FF70CED0000-0x00007FF70D221000-memory.dmp

Filesize
3.3MB

Download
memory/4528-235-0x00007FF70CED0000-0x00007FF70D221000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2316-0x00007FF6692B0000-0x00007FF669601000-memory.dmp

Filesize
3.3MB

Download
memory/4544-159-0x00007FF6692B0000-0x00007FF669601000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2234-0x00007FF73DE40000-0x00007FF73E191000-memory.dmp

Filesize
3.3MB

Download
memory/4720-99-0x00007FF73DE40000-0x00007FF73E191000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2308-0x00007FF73DE40000-0x00007FF73E191000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2227-0x00007FF7E2AA0000-0x00007FF7E2DF1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2252-0x00007FF7E2AA0000-0x00007FF7E2DF1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-44-0x00007FF7E2AA0000-0x00007FF7E2DF1000-memory.dmp

Filesize
3.3MB

Download
memory/4884-142-0x00007FF76C430000-0x00007FF76C781000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2346-0x00007FF76C430000-0x00007FF76C781000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2310-0x00007FF6D07B0000-0x00007FF6D0B01000-memory.dmp

Filesize
3.3MB

Download
memory/5048-96-0x00007FF6D07B0000-0x00007FF6D0B01000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2231-0x00007FF6D07B0000-0x00007FF6D0B01000-memory.dmp

Filesize
3.3MB

Download
memory/5052-158-0x00007FF6114D0000-0x00007FF611821000-memory.dmp

Filesize
3.3MB

Download
memory/5052-2306-0x00007FF6114D0000-0x00007FF611821000-memory.dmp

Filesize
3.3MB

Download
memory/5052-2343-0x00007FF6114D0000-0x00007FF611821000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads