xmrig | 0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7

Analysis

max time kernel
133s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
Size

1.9MB
MD5

3891d4c1b086647acc897648622e0fe0
SHA1

a7f6547a57ab5d8270ac110dc3681e01a73dd74a
SHA256

0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7
SHA512

68924e2fc3f8744f404cd8206c0b47ba6116d382c860b08555f9280e8b188ab93d1c30e4627a88be09f5fde7d687bb242200fce6a9e2a742870f642e16051a4a
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727vrNaT/6CFdDQaAhnebqn+C1Y+oARdyKzMMzNqsY7y:ROdWCCi7/rahW/zFdDrARey15hhzqi

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/1792-33-0x00007FF6C4000000-0x00007FF6C4351000-memory.dmp	xmrig
behavioral2/memory/552-461-0x00007FF74EB50000-0x00007FF74EEA1000-memory.dmp	xmrig
behavioral2/memory/4428-462-0x00007FF7B3C30000-0x00007FF7B3F81000-memory.dmp	xmrig
behavioral2/memory/3864-464-0x00007FF789F70000-0x00007FF78A2C1000-memory.dmp	xmrig
behavioral2/memory/5048-463-0x00007FF748FC0000-0x00007FF749311000-memory.dmp	xmrig
behavioral2/memory/2208-465-0x00007FF6105D0000-0x00007FF610921000-memory.dmp	xmrig
behavioral2/memory/3856-466-0x00007FF7F3BA0000-0x00007FF7F3EF1000-memory.dmp	xmrig
behavioral2/memory/4916-467-0x00007FF6EAC00000-0x00007FF6EAF51000-memory.dmp	xmrig
behavioral2/memory/1612-468-0x00007FF61DD30000-0x00007FF61E081000-memory.dmp	xmrig
behavioral2/memory/1888-469-0x00007FF654300000-0x00007FF654651000-memory.dmp	xmrig
behavioral2/memory/1796-472-0x00007FF76D7D0000-0x00007FF76DB21000-memory.dmp	xmrig
behavioral2/memory/784-488-0x00007FF69E610000-0x00007FF69E961000-memory.dmp	xmrig
behavioral2/memory/4572-485-0x00007FF74D7C0000-0x00007FF74DB11000-memory.dmp	xmrig
behavioral2/memory/2136-480-0x00007FF737E40000-0x00007FF738191000-memory.dmp	xmrig
behavioral2/memory/2552-477-0x00007FF678EB0000-0x00007FF679201000-memory.dmp	xmrig
behavioral2/memory/1764-517-0x00007FF69CFE0000-0x00007FF69D331000-memory.dmp	xmrig
behavioral2/memory/4724-529-0x00007FF60F990000-0x00007FF60FCE1000-memory.dmp	xmrig
behavioral2/memory/4304-518-0x00007FF7F14F0000-0x00007FF7F1841000-memory.dmp	xmrig
behavioral2/memory/432-511-0x00007FF620A70000-0x00007FF620DC1000-memory.dmp	xmrig
behavioral2/memory/752-508-0x00007FF7EA9D0000-0x00007FF7EAD21000-memory.dmp	xmrig
behavioral2/memory/1664-505-0x00007FF7AB6A0000-0x00007FF7AB9F1000-memory.dmp	xmrig
behavioral2/memory/1452-503-0x00007FF69FC90000-0x00007FF69FFE1000-memory.dmp	xmrig
behavioral2/memory/2404-494-0x00007FF759D20000-0x00007FF75A071000-memory.dmp	xmrig
behavioral2/memory/1392-2192-0x00007FF654280000-0x00007FF6545D1000-memory.dmp	xmrig
behavioral2/memory/1916-2194-0x00007FF6ED3F0000-0x00007FF6ED741000-memory.dmp	xmrig
behavioral2/memory/2444-2226-0x00007FF6E96B0000-0x00007FF6E9A01000-memory.dmp	xmrig
behavioral2/memory/3044-2225-0x00007FF711890000-0x00007FF711BE1000-memory.dmp	xmrig
behavioral2/memory/1564-2227-0x00007FF76A4E0000-0x00007FF76A831000-memory.dmp	xmrig
behavioral2/memory/3648-2228-0x00007FF76B850000-0x00007FF76BBA1000-memory.dmp	xmrig
behavioral2/memory/1392-2244-0x00007FF654280000-0x00007FF6545D1000-memory.dmp	xmrig
behavioral2/memory/1792-2248-0x00007FF6C4000000-0x00007FF6C4351000-memory.dmp	xmrig
behavioral2/memory/2444-2246-0x00007FF6E96B0000-0x00007FF6E9A01000-memory.dmp	xmrig
behavioral2/memory/4304-2254-0x00007FF7F14F0000-0x00007FF7F1841000-memory.dmp	xmrig
behavioral2/memory/1564-2260-0x00007FF76A4E0000-0x00007FF76A831000-memory.dmp	xmrig
behavioral2/memory/1916-2258-0x00007FF6ED3F0000-0x00007FF6ED741000-memory.dmp	xmrig
behavioral2/memory/3648-2256-0x00007FF76B850000-0x00007FF76BBA1000-memory.dmp	xmrig
behavioral2/memory/4724-2252-0x00007FF60F990000-0x00007FF60FCE1000-memory.dmp	xmrig
behavioral2/memory/3044-2250-0x00007FF711890000-0x00007FF711BE1000-memory.dmp	xmrig
behavioral2/memory/4428-2264-0x00007FF7B3C30000-0x00007FF7B3F81000-memory.dmp	xmrig
behavioral2/memory/1452-2294-0x00007FF69FC90000-0x00007FF69FFE1000-memory.dmp	xmrig
behavioral2/memory/1664-2292-0x00007FF7AB6A0000-0x00007FF7AB9F1000-memory.dmp	xmrig
behavioral2/memory/1764-2300-0x00007FF69CFE0000-0x00007FF69D331000-memory.dmp	xmrig
behavioral2/memory/432-2298-0x00007FF620A70000-0x00007FF620DC1000-memory.dmp	xmrig
behavioral2/memory/752-2296-0x00007FF7EA9D0000-0x00007FF7EAD21000-memory.dmp	xmrig
behavioral2/memory/5048-2288-0x00007FF748FC0000-0x00007FF749311000-memory.dmp	xmrig
behavioral2/memory/3856-2286-0x00007FF7F3BA0000-0x00007FF7F3EF1000-memory.dmp	xmrig
behavioral2/memory/2208-2284-0x00007FF6105D0000-0x00007FF610921000-memory.dmp	xmrig
behavioral2/memory/4572-2272-0x00007FF74D7C0000-0x00007FF74DB11000-memory.dmp	xmrig
behavioral2/memory/784-2270-0x00007FF69E610000-0x00007FF69E961000-memory.dmp	xmrig
behavioral2/memory/2136-2266-0x00007FF737E40000-0x00007FF738191000-memory.dmp	xmrig
behavioral2/memory/3864-2290-0x00007FF789F70000-0x00007FF78A2C1000-memory.dmp	xmrig
behavioral2/memory/4916-2282-0x00007FF6EAC00000-0x00007FF6EAF51000-memory.dmp	xmrig
behavioral2/memory/1612-2280-0x00007FF61DD30000-0x00007FF61E081000-memory.dmp	xmrig
behavioral2/memory/1796-2278-0x00007FF76D7D0000-0x00007FF76DB21000-memory.dmp	xmrig
behavioral2/memory/1888-2276-0x00007FF654300000-0x00007FF654651000-memory.dmp	xmrig
behavioral2/memory/2552-2274-0x00007FF678EB0000-0x00007FF679201000-memory.dmp	xmrig
behavioral2/memory/2404-2268-0x00007FF759D20000-0x00007FF75A071000-memory.dmp	xmrig
behavioral2/memory/552-2262-0x00007FF74EB50000-0x00007FF74EEA1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1392	SARAaRf.exe
3044	xguYpnM.exe
2444	vZOaRiB.exe
1916	zrvRynI.exe
1792	eMVxrJC.exe
1564	uxXaXkQ.exe
3648	tkmdqcZ.exe
4304	SSqIhjy.exe
4724	VutYgeb.exe
552	CxagOcn.exe
4428	tsBTomT.exe
5048	vrlyhll.exe
3864	YHyVsYS.exe
2208	fUmurqJ.exe
3856	BVfhHCF.exe
4916	uTaRCyO.exe
1612	TdiuNmD.exe
1888	datQddp.exe
1796	unuypIz.exe
2552	bZZAjGL.exe
2136	bQPJDmg.exe
4572	RNjzCHA.exe
784	TrwCzOh.exe
2404	dAFNSIr.exe
1452	igPtQzo.exe
1664	RqVOrnR.exe
752	HzlkQSl.exe
432	SDfnGEb.exe
1764	pHdJzwi.exe
1040	wNHJceO.exe
4024	TsWzNEv.exe
3612	TxsVkCW.exe
3644	tPZkXiI.exe
4996	CGXXPNn.exe
408	koTmZjg.exe
3512	mevKMTF.exe
3456	jSLOpBb.exe
4568	uAICaYb.exe
1080	ESfkZjT.exe
5036	qBIHSYd.exe
1932	Yplnaur.exe
1144	qUXgrTY.exe
4224	kfELLnk.exe
3528	auyTOQp.exe
744	RjKjhMB.exe
2564	dyYpIIG.exe
1700	GjFJqhI.exe
5084	MnojeVP.exe
2196	gfZOtAf.exe
2752	fEtdWEZ.exe
404	MmQWtaj.exe
116	NnAJzEd.exe
2460	wGWOOyx.exe
4692	eiWmbIL.exe
3884	LTluIrl.exe
736	XdPFqlf.exe
3472	EzdBETs.exe
5044	TpvhPhF.exe
1168	WrMfavZ.exe
2780	fqbCvvT.exe
756	VcZajxz.exe
1560	SptoaqR.exe
2756	WQHnBVT.exe
2068	IiPfENi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2484-0-0x00007FF6F3290000-0x00007FF6F35E1000-memory.dmp	upx
behavioral2/files/0x000800000002356c-5.dat	upx
behavioral2/memory/1392-11-0x00007FF654280000-0x00007FF6545D1000-memory.dmp	upx
behavioral2/files/0x0007000000023573-25.dat	upx
behavioral2/files/0x0007000000023575-38.dat	upx
behavioral2/files/0x0007000000023576-49.dat	upx
behavioral2/files/0x0007000000023577-54.dat	upx
behavioral2/files/0x0007000000023578-60.dat	upx
behavioral2/files/0x000700000002357a-66.dat	upx
behavioral2/files/0x000700000002357e-84.dat	upx
behavioral2/files/0x0007000000023580-94.dat	upx
behavioral2/files/0x0007000000023584-114.dat	upx
behavioral2/files/0x0007000000023585-127.dat	upx
behavioral2/files/0x000700000002358c-154.dat	upx
behavioral2/files/0x000700000002358d-167.dat	upx
behavioral2/files/0x000700000002358f-169.dat	upx
behavioral2/files/0x000700000002358e-164.dat	upx
behavioral2/files/0x000700000002358b-157.dat	upx
behavioral2/files/0x000700000002358a-152.dat	upx
behavioral2/files/0x0007000000023589-147.dat	upx
behavioral2/files/0x0007000000023588-142.dat	upx
behavioral2/files/0x0007000000023587-137.dat	upx
behavioral2/files/0x0007000000023586-132.dat	upx
behavioral2/files/0x0007000000023583-117.dat	upx
behavioral2/files/0x0007000000023582-112.dat	upx
behavioral2/files/0x0007000000023581-107.dat	upx
behavioral2/files/0x000700000002357f-97.dat	upx
behavioral2/files/0x000700000002357d-87.dat	upx
behavioral2/files/0x000700000002357c-82.dat	upx
behavioral2/files/0x000700000002357b-77.dat	upx
behavioral2/files/0x0007000000023579-64.dat	upx
behavioral2/memory/3648-460-0x00007FF76B850000-0x00007FF76BBA1000-memory.dmp	upx
behavioral2/files/0x0007000000023574-43.dat	upx
behavioral2/memory/1564-42-0x00007FF76A4E0000-0x00007FF76A831000-memory.dmp	upx
behavioral2/memory/1792-33-0x00007FF6C4000000-0x00007FF6C4351000-memory.dmp	upx
behavioral2/files/0x0007000000023572-32.dat	upx
behavioral2/memory/1916-29-0x00007FF6ED3F0000-0x00007FF6ED741000-memory.dmp	upx
behavioral2/files/0x0007000000023570-23.dat	upx
behavioral2/files/0x0007000000023571-19.dat	upx
behavioral2/memory/2444-22-0x00007FF6E96B0000-0x00007FF6E9A01000-memory.dmp	upx
behavioral2/memory/3044-20-0x00007FF711890000-0x00007FF711BE1000-memory.dmp	upx
behavioral2/memory/552-461-0x00007FF74EB50000-0x00007FF74EEA1000-memory.dmp	upx
behavioral2/memory/4428-462-0x00007FF7B3C30000-0x00007FF7B3F81000-memory.dmp	upx
behavioral2/memory/3864-464-0x00007FF789F70000-0x00007FF78A2C1000-memory.dmp	upx
behavioral2/memory/5048-463-0x00007FF748FC0000-0x00007FF749311000-memory.dmp	upx
behavioral2/memory/2208-465-0x00007FF6105D0000-0x00007FF610921000-memory.dmp	upx
behavioral2/memory/3856-466-0x00007FF7F3BA0000-0x00007FF7F3EF1000-memory.dmp	upx
behavioral2/memory/4916-467-0x00007FF6EAC00000-0x00007FF6EAF51000-memory.dmp	upx
behavioral2/memory/1612-468-0x00007FF61DD30000-0x00007FF61E081000-memory.dmp	upx
behavioral2/memory/1888-469-0x00007FF654300000-0x00007FF654651000-memory.dmp	upx
behavioral2/memory/1796-472-0x00007FF76D7D0000-0x00007FF76DB21000-memory.dmp	upx
behavioral2/memory/784-488-0x00007FF69E610000-0x00007FF69E961000-memory.dmp	upx
behavioral2/memory/4572-485-0x00007FF74D7C0000-0x00007FF74DB11000-memory.dmp	upx
behavioral2/memory/2136-480-0x00007FF737E40000-0x00007FF738191000-memory.dmp	upx
behavioral2/memory/2552-477-0x00007FF678EB0000-0x00007FF679201000-memory.dmp	upx
behavioral2/memory/1764-517-0x00007FF69CFE0000-0x00007FF69D331000-memory.dmp	upx
behavioral2/memory/4724-529-0x00007FF60F990000-0x00007FF60FCE1000-memory.dmp	upx
behavioral2/memory/4304-518-0x00007FF7F14F0000-0x00007FF7F1841000-memory.dmp	upx
behavioral2/memory/432-511-0x00007FF620A70000-0x00007FF620DC1000-memory.dmp	upx
behavioral2/memory/752-508-0x00007FF7EA9D0000-0x00007FF7EAD21000-memory.dmp	upx
behavioral2/memory/1664-505-0x00007FF7AB6A0000-0x00007FF7AB9F1000-memory.dmp	upx
behavioral2/memory/1452-503-0x00007FF69FC90000-0x00007FF69FFE1000-memory.dmp	upx
behavioral2/memory/2404-494-0x00007FF759D20000-0x00007FF75A071000-memory.dmp	upx
behavioral2/memory/1392-2192-0x00007FF654280000-0x00007FF6545D1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XMPaWXh.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\WYFhyXW.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\pfiptLd.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\fqbCvvT.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\cPTzDzg.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\SUrHdqc.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\ViIGQWJ.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\upvBBWg.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\CCpRfks.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\StahLSV.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\cVdffsE.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\GOarLHf.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\YUDBhjn.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\xHMKVND.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\XoTZcAJ.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\ggmEZUL.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\YaaJIYc.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\nFQdsEh.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\joiMqUK.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\ouzrIAh.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\jSLOpBb.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\auyTOQp.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\fAKrGqH.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\KwRTKWe.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\htzezJe.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\LnawYTq.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\ckLNksN.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\knNjblM.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\SMwjzVE.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\qoelDjG.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\hADXoaC.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\yAxKAtF.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\JRsWdhv.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\oTHLvsX.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\vTjxViB.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\qTpJTaj.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\EYihiWG.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\iWySosW.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\xphNhxd.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\SQCCSpI.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\rdwocSZ.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\rFJwVzK.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\omvnVuS.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\DfTzHnX.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\KtXINLO.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\wAalfYD.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\DigJLhO.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\uAICaYb.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\JiyaSCp.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\yYvqhZa.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\AorGcJh.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\mjmqLEA.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\NshPUXZ.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\exWjrjg.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\srIcnKD.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\yLrJyuA.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\frCxYwv.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\dGJfJQA.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\PcJVlCm.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\iZMNoCA.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\jkfGVnk.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\hSpJBVv.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\ZnBYCsA.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
File created	C:\Windows\System\bORvuGL.exe	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14004	dwm.exe
Token: SeChangeNotifyPrivilege	14004	dwm.exe
Token: 33	14004	dwm.exe
Token: SeIncBasePriorityPrivilege	14004	dwm.exe
Token: SeShutdownPrivilege	14004	dwm.exe
Token: SeCreatePagefilePrivilege	14004	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1392	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	83
PID 2484 wrote to memory of 1392	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	83
PID 2484 wrote to memory of 2444	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	84
PID 2484 wrote to memory of 2444	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	84
PID 2484 wrote to memory of 3044	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	85
PID 2484 wrote to memory of 3044	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	85
PID 2484 wrote to memory of 1916	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	86
PID 2484 wrote to memory of 1916	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	86
PID 2484 wrote to memory of 1792	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	87
PID 2484 wrote to memory of 1792	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	87
PID 2484 wrote to memory of 1564	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	88
PID 2484 wrote to memory of 1564	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	88
PID 2484 wrote to memory of 3648	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	89
PID 2484 wrote to memory of 3648	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	89
PID 2484 wrote to memory of 4304	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	90
PID 2484 wrote to memory of 4304	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	90
PID 2484 wrote to memory of 4724	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	91
PID 2484 wrote to memory of 4724	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	91
PID 2484 wrote to memory of 552	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	92
PID 2484 wrote to memory of 552	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	92
PID 2484 wrote to memory of 4428	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	93
PID 2484 wrote to memory of 4428	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	93
PID 2484 wrote to memory of 5048	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	94
PID 2484 wrote to memory of 5048	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	94
PID 2484 wrote to memory of 3864	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	95
PID 2484 wrote to memory of 3864	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	95
PID 2484 wrote to memory of 2208	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	96
PID 2484 wrote to memory of 2208	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	96
PID 2484 wrote to memory of 3856	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	97
PID 2484 wrote to memory of 3856	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	97
PID 2484 wrote to memory of 4916	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	98
PID 2484 wrote to memory of 4916	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	98
PID 2484 wrote to memory of 1612	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	99
PID 2484 wrote to memory of 1612	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	99
PID 2484 wrote to memory of 1888	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	100
PID 2484 wrote to memory of 1888	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	100
PID 2484 wrote to memory of 1796	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	101
PID 2484 wrote to memory of 1796	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	101
PID 2484 wrote to memory of 2552	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	102
PID 2484 wrote to memory of 2552	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	102
PID 2484 wrote to memory of 2136	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	103
PID 2484 wrote to memory of 2136	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	103
PID 2484 wrote to memory of 4572	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	104
PID 2484 wrote to memory of 4572	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	104
PID 2484 wrote to memory of 784	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	105
PID 2484 wrote to memory of 784	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	105
PID 2484 wrote to memory of 2404	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	106
PID 2484 wrote to memory of 2404	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	106
PID 2484 wrote to memory of 1452	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	107
PID 2484 wrote to memory of 1452	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	107
PID 2484 wrote to memory of 1664	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	108
PID 2484 wrote to memory of 1664	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	108
PID 2484 wrote to memory of 752	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	109
PID 2484 wrote to memory of 752	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	109
PID 2484 wrote to memory of 432	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	110
PID 2484 wrote to memory of 432	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	110
PID 2484 wrote to memory of 1764	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	111
PID 2484 wrote to memory of 1764	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	111
PID 2484 wrote to memory of 1040	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	112
PID 2484 wrote to memory of 1040	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	112
PID 2484 wrote to memory of 4024	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	113
PID 2484 wrote to memory of 4024	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	113
PID 2484 wrote to memory of 3612	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	114
PID 2484 wrote to memory of 3612	2484	0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0ec400ca0c0e09fe296c0404dbdd61ac559268964a4a7475712c1baa83912fa7_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\System\SARAaRf.exe
  C:\Windows\System\SARAaRf.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\vZOaRiB.exe
  C:\Windows\System\vZOaRiB.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\xguYpnM.exe
  C:\Windows\System\xguYpnM.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\zrvRynI.exe
  C:\Windows\System\zrvRynI.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\eMVxrJC.exe
  C:\Windows\System\eMVxrJC.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\uxXaXkQ.exe
  C:\Windows\System\uxXaXkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\tkmdqcZ.exe
  C:\Windows\System\tkmdqcZ.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\SSqIhjy.exe
  C:\Windows\System\SSqIhjy.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\VutYgeb.exe
  C:\Windows\System\VutYgeb.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\CxagOcn.exe
  C:\Windows\System\CxagOcn.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\tsBTomT.exe
  C:\Windows\System\tsBTomT.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\vrlyhll.exe
  C:\Windows\System\vrlyhll.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\YHyVsYS.exe
  C:\Windows\System\YHyVsYS.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\fUmurqJ.exe
  C:\Windows\System\fUmurqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\BVfhHCF.exe
  C:\Windows\System\BVfhHCF.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\uTaRCyO.exe
  C:\Windows\System\uTaRCyO.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\TdiuNmD.exe
  C:\Windows\System\TdiuNmD.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\datQddp.exe
  C:\Windows\System\datQddp.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\unuypIz.exe
  C:\Windows\System\unuypIz.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\bZZAjGL.exe
  C:\Windows\System\bZZAjGL.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\bQPJDmg.exe
  C:\Windows\System\bQPJDmg.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\RNjzCHA.exe
  C:\Windows\System\RNjzCHA.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\TrwCzOh.exe
  C:\Windows\System\TrwCzOh.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\dAFNSIr.exe
  C:\Windows\System\dAFNSIr.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\igPtQzo.exe
  C:\Windows\System\igPtQzo.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\RqVOrnR.exe
  C:\Windows\System\RqVOrnR.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\HzlkQSl.exe
  C:\Windows\System\HzlkQSl.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\SDfnGEb.exe
  C:\Windows\System\SDfnGEb.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\pHdJzwi.exe
  C:\Windows\System\pHdJzwi.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\wNHJceO.exe
  C:\Windows\System\wNHJceO.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\TsWzNEv.exe
  C:\Windows\System\TsWzNEv.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\TxsVkCW.exe
  C:\Windows\System\TxsVkCW.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\tPZkXiI.exe
  C:\Windows\System\tPZkXiI.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\CGXXPNn.exe
  C:\Windows\System\CGXXPNn.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\koTmZjg.exe
  C:\Windows\System\koTmZjg.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\mevKMTF.exe
  C:\Windows\System\mevKMTF.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\jSLOpBb.exe
  C:\Windows\System\jSLOpBb.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\uAICaYb.exe
  C:\Windows\System\uAICaYb.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\ESfkZjT.exe
  C:\Windows\System\ESfkZjT.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\qBIHSYd.exe
  C:\Windows\System\qBIHSYd.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\Yplnaur.exe
  C:\Windows\System\Yplnaur.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\qUXgrTY.exe
  C:\Windows\System\qUXgrTY.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\kfELLnk.exe
  C:\Windows\System\kfELLnk.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\auyTOQp.exe
  C:\Windows\System\auyTOQp.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\RjKjhMB.exe
  C:\Windows\System\RjKjhMB.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\dyYpIIG.exe
  C:\Windows\System\dyYpIIG.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\GjFJqhI.exe
  C:\Windows\System\GjFJqhI.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\MnojeVP.exe
  C:\Windows\System\MnojeVP.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\gfZOtAf.exe
  C:\Windows\System\gfZOtAf.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\fEtdWEZ.exe
  C:\Windows\System\fEtdWEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\MmQWtaj.exe
  C:\Windows\System\MmQWtaj.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\NnAJzEd.exe
  C:\Windows\System\NnAJzEd.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\wGWOOyx.exe
  C:\Windows\System\wGWOOyx.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\eiWmbIL.exe
  C:\Windows\System\eiWmbIL.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\LTluIrl.exe
  C:\Windows\System\LTluIrl.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\XdPFqlf.exe
  C:\Windows\System\XdPFqlf.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\EzdBETs.exe
  C:\Windows\System\EzdBETs.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\TpvhPhF.exe
  C:\Windows\System\TpvhPhF.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\WrMfavZ.exe
  C:\Windows\System\WrMfavZ.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\fqbCvvT.exe
  C:\Windows\System\fqbCvvT.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\VcZajxz.exe
  C:\Windows\System\VcZajxz.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\SptoaqR.exe
  C:\Windows\System\SptoaqR.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\WQHnBVT.exe
  C:\Windows\System\WQHnBVT.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\IiPfENi.exe
  C:\Windows\System\IiPfENi.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\MoKwFLY.exe
  C:\Windows\System\MoKwFLY.exe
  2⤵
  PID:2024
- C:\Windows\System\KutmfTW.exe
  C:\Windows\System\KutmfTW.exe
  2⤵
  PID:3992
- C:\Windows\System\BQsyACq.exe
  C:\Windows\System\BQsyACq.exe
  2⤵
  PID:4420
- C:\Windows\System\CCgmais.exe
  C:\Windows\System\CCgmais.exe
  2⤵
  PID:4228
- C:\Windows\System\IXdjpzs.exe
  C:\Windows\System\IXdjpzs.exe
  2⤵
  PID:3696
- C:\Windows\System\ythKfTL.exe
  C:\Windows\System\ythKfTL.exe
  2⤵
  PID:4436
- C:\Windows\System\nLcLCgH.exe
  C:\Windows\System\nLcLCgH.exe
  2⤵
  PID:4576
- C:\Windows\System\pTBCDxW.exe
  C:\Windows\System\pTBCDxW.exe
  2⤵
  PID:4356
- C:\Windows\System\JiyaSCp.exe
  C:\Windows\System\JiyaSCp.exe
  2⤵
  PID:2192
- C:\Windows\System\fAKrGqH.exe
  C:\Windows\System\fAKrGqH.exe
  2⤵
  PID:2492
- C:\Windows\System\AVGUrta.exe
  C:\Windows\System\AVGUrta.exe
  2⤵
  PID:2004
- C:\Windows\System\pFmIYtM.exe
  C:\Windows\System\pFmIYtM.exe
  2⤵
  PID:3960
- C:\Windows\System\oyHqsKB.exe
  C:\Windows\System\oyHqsKB.exe
  2⤵
  PID:2784
- C:\Windows\System\smbIvzI.exe
  C:\Windows\System\smbIvzI.exe
  2⤵
  PID:3592
- C:\Windows\System\XNGXjyH.exe
  C:\Windows\System\XNGXjyH.exe
  2⤵
  PID:4088
- C:\Windows\System\DLeIZDK.exe
  C:\Windows\System\DLeIZDK.exe
  2⤵
  PID:4972
- C:\Windows\System\IQdXHBu.exe
  C:\Windows\System\IQdXHBu.exe
  2⤵
  PID:4196
- C:\Windows\System\TEFqqsQ.exe
  C:\Windows\System\TEFqqsQ.exe
  2⤵
  PID:5124
- C:\Windows\System\uGMepxS.exe
  C:\Windows\System\uGMepxS.exe
  2⤵
  PID:5152
- C:\Windows\System\GoFjvQS.exe
  C:\Windows\System\GoFjvQS.exe
  2⤵
  PID:5176
- C:\Windows\System\neXiHTY.exe
  C:\Windows\System\neXiHTY.exe
  2⤵
  PID:5208
- C:\Windows\System\iLjcYHA.exe
  C:\Windows\System\iLjcYHA.exe
  2⤵
  PID:5232
- C:\Windows\System\MlIKLgO.exe
  C:\Windows\System\MlIKLgO.exe
  2⤵
  PID:5260
- C:\Windows\System\XRWXvRp.exe
  C:\Windows\System\XRWXvRp.exe
  2⤵
  PID:5288
- C:\Windows\System\SyOAJFY.exe
  C:\Windows\System\SyOAJFY.exe
  2⤵
  PID:5320
- C:\Windows\System\mXgVYFx.exe
  C:\Windows\System\mXgVYFx.exe
  2⤵
  PID:5348
- C:\Windows\System\qTpJTaj.exe
  C:\Windows\System\qTpJTaj.exe
  2⤵
  PID:5372
- C:\Windows\System\zYvaFTh.exe
  C:\Windows\System\zYvaFTh.exe
  2⤵
  PID:5400
- C:\Windows\System\srIcnKD.exe
  C:\Windows\System\srIcnKD.exe
  2⤵
  PID:5428
- C:\Windows\System\rmecshk.exe
  C:\Windows\System\rmecshk.exe
  2⤵
  PID:5456
- C:\Windows\System\XufqbhD.exe
  C:\Windows\System\XufqbhD.exe
  2⤵
  PID:5484
- C:\Windows\System\FxJjFdy.exe
  C:\Windows\System\FxJjFdy.exe
  2⤵
  PID:5512
- C:\Windows\System\xeXbtXe.exe
  C:\Windows\System\xeXbtXe.exe
  2⤵
  PID:5544
- C:\Windows\System\omvnVuS.exe
  C:\Windows\System\omvnVuS.exe
  2⤵
  PID:5572
- C:\Windows\System\DkiwgCo.exe
  C:\Windows\System\DkiwgCo.exe
  2⤵
  PID:5596
- C:\Windows\System\PjBlvGe.exe
  C:\Windows\System\PjBlvGe.exe
  2⤵
  PID:5628
- C:\Windows\System\BKCiZHi.exe
  C:\Windows\System\BKCiZHi.exe
  2⤵
  PID:5652
- C:\Windows\System\bKjSxHf.exe
  C:\Windows\System\bKjSxHf.exe
  2⤵
  PID:5680
- C:\Windows\System\GVMgeUg.exe
  C:\Windows\System\GVMgeUg.exe
  2⤵
  PID:5708
- C:\Windows\System\YiQJHKz.exe
  C:\Windows\System\YiQJHKz.exe
  2⤵
  PID:5740
- C:\Windows\System\sxchksp.exe
  C:\Windows\System\sxchksp.exe
  2⤵
  PID:5768
- C:\Windows\System\cVzhxTh.exe
  C:\Windows\System\cVzhxTh.exe
  2⤵
  PID:5796
- C:\Windows\System\xTUmMNM.exe
  C:\Windows\System\xTUmMNM.exe
  2⤵
  PID:5824
- C:\Windows\System\wgOSXqf.exe
  C:\Windows\System\wgOSXqf.exe
  2⤵
  PID:5848
- C:\Windows\System\tFFXGPO.exe
  C:\Windows\System\tFFXGPO.exe
  2⤵
  PID:5876
- C:\Windows\System\pUvsFiM.exe
  C:\Windows\System\pUvsFiM.exe
  2⤵
  PID:5908
- C:\Windows\System\qKdCYpH.exe
  C:\Windows\System\qKdCYpH.exe
  2⤵
  PID:5932
- C:\Windows\System\hRjADgL.exe
  C:\Windows\System\hRjADgL.exe
  2⤵
  PID:5960
- C:\Windows\System\vcgFxff.exe
  C:\Windows\System\vcgFxff.exe
  2⤵
  PID:5988
- C:\Windows\System\nincjxq.exe
  C:\Windows\System\nincjxq.exe
  2⤵
  PID:6020
- C:\Windows\System\YUDBhjn.exe
  C:\Windows\System\YUDBhjn.exe
  2⤵
  PID:6044
- C:\Windows\System\mwYXSyG.exe
  C:\Windows\System\mwYXSyG.exe
  2⤵
  PID:6080
- C:\Windows\System\kqRZbeV.exe
  C:\Windows\System\kqRZbeV.exe
  2⤵
  PID:6104
- C:\Windows\System\ajqjZcU.exe
  C:\Windows\System\ajqjZcU.exe
  2⤵
  PID:6128
- C:\Windows\System\zdEGsSx.exe
  C:\Windows\System\zdEGsSx.exe
  2⤵
  PID:3252
- C:\Windows\System\sGRTzfI.exe
  C:\Windows\System\sGRTzfI.exe
  2⤵
  PID:1712
- C:\Windows\System\DmCOiqI.exe
  C:\Windows\System\DmCOiqI.exe
  2⤵
  PID:3048
- C:\Windows\System\RLhuROJ.exe
  C:\Windows\System\RLhuROJ.exe
  2⤵
  PID:2976
- C:\Windows\System\NQjqbts.exe
  C:\Windows\System\NQjqbts.exe
  2⤵
  PID:5144
- C:\Windows\System\kXBzezw.exe
  C:\Windows\System\kXBzezw.exe
  2⤵
  PID:5220
- C:\Windows\System\PwdWqMO.exe
  C:\Windows\System\PwdWqMO.exe
  2⤵
  PID:5276
- C:\Windows\System\FfycLuu.exe
  C:\Windows\System\FfycLuu.exe
  2⤵
  PID:5332
- C:\Windows\System\EpAtvms.exe
  C:\Windows\System\EpAtvms.exe
  2⤵
  PID:5392
- C:\Windows\System\DfTzHnX.exe
  C:\Windows\System\DfTzHnX.exe
  2⤵
  PID:1616
- C:\Windows\System\DOIdusU.exe
  C:\Windows\System\DOIdusU.exe
  2⤵
  PID:5472
- C:\Windows\System\HKauJAz.exe
  C:\Windows\System\HKauJAz.exe
  2⤵
  PID:4552
- C:\Windows\System\aDZlzmI.exe
  C:\Windows\System\aDZlzmI.exe
  2⤵
  PID:4596
- C:\Windows\System\BuussZy.exe
  C:\Windows\System\BuussZy.exe
  2⤵
  PID:5816
- C:\Windows\System\boOGefX.exe
  C:\Windows\System\boOGefX.exe
  2⤵
  PID:5872
- C:\Windows\System\iZMNoCA.exe
  C:\Windows\System\iZMNoCA.exe
  2⤵
  PID:5900
- C:\Windows\System\cPTzDzg.exe
  C:\Windows\System\cPTzDzg.exe
  2⤵
  PID:2508
- C:\Windows\System\yzDhkoH.exe
  C:\Windows\System\yzDhkoH.exe
  2⤵
  PID:5980
- C:\Windows\System\FqLlBeW.exe
  C:\Windows\System\FqLlBeW.exe
  2⤵
  PID:6036
- C:\Windows\System\vqtqXgM.exe
  C:\Windows\System\vqtqXgM.exe
  2⤵
  PID:6076
- C:\Windows\System\yGyxOqa.exe
  C:\Windows\System\yGyxOqa.exe
  2⤵
  PID:6116
- C:\Windows\System\KLZMShy.exe
  C:\Windows\System\KLZMShy.exe
  2⤵
  PID:4928
- C:\Windows\System\SUrHdqc.exe
  C:\Windows\System\SUrHdqc.exe
  2⤵
  PID:3324
- C:\Windows\System\kgQgiPy.exe
  C:\Windows\System\kgQgiPy.exe
  2⤵
  PID:2728
- C:\Windows\System\QeGzlNf.exe
  C:\Windows\System\QeGzlNf.exe
  2⤵
  PID:4492
- C:\Windows\System\SnNswFG.exe
  C:\Windows\System\SnNswFG.exe
  2⤵
  PID:1972
- C:\Windows\System\QUsZDOj.exe
  C:\Windows\System\QUsZDOj.exe
  2⤵
  PID:2776
- C:\Windows\System\vJYdTBH.exe
  C:\Windows\System\vJYdTBH.exe
  2⤵
  PID:2364
- C:\Windows\System\EcEZgKc.exe
  C:\Windows\System\EcEZgKc.exe
  2⤵
  PID:4300
- C:\Windows\System\lgSURlQ.exe
  C:\Windows\System\lgSURlQ.exe
  2⤵
  PID:5028
- C:\Windows\System\knNjblM.exe
  C:\Windows\System\knNjblM.exe
  2⤵
  PID:5732
- C:\Windows\System\wGnDoPX.exe
  C:\Windows\System\wGnDoPX.exe
  2⤵
  PID:5584
- C:\Windows\System\QUxHQBq.exe
  C:\Windows\System\QUxHQBq.exe
  2⤵
  PID:3008
- C:\Windows\System\rKVdIrQ.exe
  C:\Windows\System\rKVdIrQ.exe
  2⤵
  PID:3872
- C:\Windows\System\teuRbKI.exe
  C:\Windows\System\teuRbKI.exe
  2⤵
  PID:5788
- C:\Windows\System\ofuAIct.exe
  C:\Windows\System\ofuAIct.exe
  2⤵
  PID:6004
- C:\Windows\System\PiPyiMy.exe
  C:\Windows\System\PiPyiMy.exe
  2⤵
  PID:5896
- C:\Windows\System\nVAEOcZ.exe
  C:\Windows\System\nVAEOcZ.exe
  2⤵
  PID:4820
- C:\Windows\System\xqiwWlk.exe
  C:\Windows\System\xqiwWlk.exe
  2⤵
  PID:1336
- C:\Windows\System\PcFGaiY.exe
  C:\Windows\System\PcFGaiY.exe
  2⤵
  PID:2272
- C:\Windows\System\ylMzPuZ.exe
  C:\Windows\System\ylMzPuZ.exe
  2⤵
  PID:5452
- C:\Windows\System\ZYRsmNH.exe
  C:\Windows\System\ZYRsmNH.exe
  2⤵
  PID:1608
- C:\Windows\System\BSCIVsy.exe
  C:\Windows\System\BSCIVsy.exe
  2⤵
  PID:4868
- C:\Windows\System\YWGzXwR.exe
  C:\Windows\System\YWGzXwR.exe
  2⤵
  PID:3032
- C:\Windows\System\vvEXjzB.exe
  C:\Windows\System\vvEXjzB.exe
  2⤵
  PID:5676
- C:\Windows\System\bmbDToS.exe
  C:\Windows\System\bmbDToS.exe
  2⤵
  PID:5256
- C:\Windows\System\WxfLttx.exe
  C:\Windows\System\WxfLttx.exe
  2⤵
  PID:5840
- C:\Windows\System\RmubdNl.exe
  C:\Windows\System\RmubdNl.exe
  2⤵
  PID:5136
- C:\Windows\System\bNdZJdo.exe
  C:\Windows\System\bNdZJdo.exe
  2⤵
  PID:5784
- C:\Windows\System\MdDcFue.exe
  C:\Windows\System\MdDcFue.exe
  2⤵
  PID:6152
- C:\Windows\System\ECIqkEB.exe
  C:\Windows\System\ECIqkEB.exe
  2⤵
  PID:6168
- C:\Windows\System\MtpWPFq.exe
  C:\Windows\System\MtpWPFq.exe
  2⤵
  PID:6184
- C:\Windows\System\HNLVMRc.exe
  C:\Windows\System\HNLVMRc.exe
  2⤵
  PID:6200
- C:\Windows\System\RfLrZnQ.exe
  C:\Windows\System\RfLrZnQ.exe
  2⤵
  PID:6216
- C:\Windows\System\OnmwGHj.exe
  C:\Windows\System\OnmwGHj.exe
  2⤵
  PID:6232
- C:\Windows\System\prKwxEx.exe
  C:\Windows\System\prKwxEx.exe
  2⤵
  PID:6248
- C:\Windows\System\lVhyhwJ.exe
  C:\Windows\System\lVhyhwJ.exe
  2⤵
  PID:6268
- C:\Windows\System\lSxGsFv.exe
  C:\Windows\System\lSxGsFv.exe
  2⤵
  PID:6300
- C:\Windows\System\JWLKsEl.exe
  C:\Windows\System\JWLKsEl.exe
  2⤵
  PID:6380
- C:\Windows\System\mmzXUOA.exe
  C:\Windows\System\mmzXUOA.exe
  2⤵
  PID:6404
- C:\Windows\System\JexJUpg.exe
  C:\Windows\System\JexJUpg.exe
  2⤵
  PID:6428
- C:\Windows\System\SrZTHzx.exe
  C:\Windows\System\SrZTHzx.exe
  2⤵
  PID:6444
- C:\Windows\System\KtXINLO.exe
  C:\Windows\System\KtXINLO.exe
  2⤵
  PID:6500
- C:\Windows\System\ZEaNzvc.exe
  C:\Windows\System\ZEaNzvc.exe
  2⤵
  PID:6544
- C:\Windows\System\bdndqdk.exe
  C:\Windows\System\bdndqdk.exe
  2⤵
  PID:6568
- C:\Windows\System\WCldTGp.exe
  C:\Windows\System\WCldTGp.exe
  2⤵
  PID:6584
- C:\Windows\System\mKscFRX.exe
  C:\Windows\System\mKscFRX.exe
  2⤵
  PID:6604
- C:\Windows\System\wFmLfbi.exe
  C:\Windows\System\wFmLfbi.exe
  2⤵
  PID:6632
- C:\Windows\System\zEJmvVv.exe
  C:\Windows\System\zEJmvVv.exe
  2⤵
  PID:6680
- C:\Windows\System\VGQGcaA.exe
  C:\Windows\System\VGQGcaA.exe
  2⤵
  PID:6704
- C:\Windows\System\OSsiJvC.exe
  C:\Windows\System\OSsiJvC.exe
  2⤵
  PID:6732
- C:\Windows\System\gNouapG.exe
  C:\Windows\System\gNouapG.exe
  2⤵
  PID:6752
- C:\Windows\System\ljxxFtn.exe
  C:\Windows\System\ljxxFtn.exe
  2⤵
  PID:6776
- C:\Windows\System\gMGiKtk.exe
  C:\Windows\System\gMGiKtk.exe
  2⤵
  PID:6820
- C:\Windows\System\tcXRpYd.exe
  C:\Windows\System\tcXRpYd.exe
  2⤵
  PID:6844
- C:\Windows\System\SRyarjN.exe
  C:\Windows\System\SRyarjN.exe
  2⤵
  PID:6868
- C:\Windows\System\WecTVXH.exe
  C:\Windows\System\WecTVXH.exe
  2⤵
  PID:6892
- C:\Windows\System\rrUNLKn.exe
  C:\Windows\System\rrUNLKn.exe
  2⤵
  PID:6912
- C:\Windows\System\Ntvacsz.exe
  C:\Windows\System\Ntvacsz.exe
  2⤵
  PID:6932
- C:\Windows\System\tDAiAQU.exe
  C:\Windows\System\tDAiAQU.exe
  2⤵
  PID:6992
- C:\Windows\System\lwqtvCc.exe
  C:\Windows\System\lwqtvCc.exe
  2⤵
  PID:7016
- C:\Windows\System\RSDEpsg.exe
  C:\Windows\System\RSDEpsg.exe
  2⤵
  PID:7072
- C:\Windows\System\ZrWbyka.exe
  C:\Windows\System\ZrWbyka.exe
  2⤵
  PID:7092
- C:\Windows\System\TsPlXMS.exe
  C:\Windows\System\TsPlXMS.exe
  2⤵
  PID:7128
- C:\Windows\System\UWsLEwq.exe
  C:\Windows\System\UWsLEwq.exe
  2⤵
  PID:7152
- C:\Windows\System\wWEeAUW.exe
  C:\Windows\System\wWEeAUW.exe
  2⤵
  PID:2424
- C:\Windows\System\KytEprY.exe
  C:\Windows\System\KytEprY.exe
  2⤵
  PID:6148
- C:\Windows\System\EYihiWG.exe
  C:\Windows\System\EYihiWG.exe
  2⤵
  PID:6176
- C:\Windows\System\FYrekoC.exe
  C:\Windows\System\FYrekoC.exe
  2⤵
  PID:6244
- C:\Windows\System\aCynjom.exe
  C:\Windows\System\aCynjom.exe
  2⤵
  PID:6416
- C:\Windows\System\kEYJUzK.exe
  C:\Windows\System\kEYJUzK.exe
  2⤵
  PID:6296
- C:\Windows\System\EJdcsTT.exe
  C:\Windows\System\EJdcsTT.exe
  2⤵
  PID:6372
- C:\Windows\System\kazZoUg.exe
  C:\Windows\System\kazZoUg.exe
  2⤵
  PID:6556
- C:\Windows\System\LxzIdKh.exe
  C:\Windows\System\LxzIdKh.exe
  2⤵
  PID:6620
- C:\Windows\System\jgfQKQR.exe
  C:\Windows\System\jgfQKQR.exe
  2⤵
  PID:6628
- C:\Windows\System\JysoqCU.exe
  C:\Windows\System\JysoqCU.exe
  2⤵
  PID:6716
- C:\Windows\System\QYavDBs.exe
  C:\Windows\System\QYavDBs.exe
  2⤵
  PID:6852
- C:\Windows\System\sWrOQOT.exe
  C:\Windows\System\sWrOQOT.exe
  2⤵
  PID:6840
- C:\Windows\System\PayBTOi.exe
  C:\Windows\System\PayBTOi.exe
  2⤵
  PID:7000
- C:\Windows\System\cmmjQkW.exe
  C:\Windows\System\cmmjQkW.exe
  2⤵
  PID:7056
- C:\Windows\System\tHQAYOm.exe
  C:\Windows\System\tHQAYOm.exe
  2⤵
  PID:7088
- C:\Windows\System\MMVYEZU.exe
  C:\Windows\System\MMVYEZU.exe
  2⤵
  PID:7148
- C:\Windows\System\vsiAlFm.exe
  C:\Windows\System\vsiAlFm.exe
  2⤵
  PID:6452
- C:\Windows\System\NPJxuzP.exe
  C:\Windows\System\NPJxuzP.exe
  2⤵
  PID:6412
- C:\Windows\System\BBeaRhe.exe
  C:\Windows\System\BBeaRhe.exe
  2⤵
  PID:6524
- C:\Windows\System\DnqSnbt.exe
  C:\Windows\System\DnqSnbt.exe
  2⤵
  PID:6660
- C:\Windows\System\ZTZnrIx.exe
  C:\Windows\System\ZTZnrIx.exe
  2⤵
  PID:6748
- C:\Windows\System\OBnvxTm.exe
  C:\Windows\System\OBnvxTm.exe
  2⤵
  PID:6964
- C:\Windows\System\yFguxlL.exe
  C:\Windows\System\yFguxlL.exe
  2⤵
  PID:7080
- C:\Windows\System\PClzBlJ.exe
  C:\Windows\System\PClzBlJ.exe
  2⤵
  PID:5420
- C:\Windows\System\AvnFIcJ.exe
  C:\Windows\System\AvnFIcJ.exe
  2⤵
  PID:6580
- C:\Windows\System\uWOPXLT.exe
  C:\Windows\System\uWOPXLT.exe
  2⤵
  PID:7172
- C:\Windows\System\ArjwNVT.exe
  C:\Windows\System\ArjwNVT.exe
  2⤵
  PID:7204
- C:\Windows\System\KwRTKWe.exe
  C:\Windows\System\KwRTKWe.exe
  2⤵
  PID:7236
- C:\Windows\System\QQcFVQE.exe
  C:\Windows\System\QQcFVQE.exe
  2⤵
  PID:7256
- C:\Windows\System\hsaPxXc.exe
  C:\Windows\System\hsaPxXc.exe
  2⤵
  PID:7288
- C:\Windows\System\mbltwBB.exe
  C:\Windows\System\mbltwBB.exe
  2⤵
  PID:7308
- C:\Windows\System\KzATYcX.exe
  C:\Windows\System\KzATYcX.exe
  2⤵
  PID:7332
- C:\Windows\System\wguFNdq.exe
  C:\Windows\System\wguFNdq.exe
  2⤵
  PID:7360
- C:\Windows\System\VoLLeEJ.exe
  C:\Windows\System\VoLLeEJ.exe
  2⤵
  PID:7384
- C:\Windows\System\IGGDzOV.exe
  C:\Windows\System\IGGDzOV.exe
  2⤵
  PID:7404
- C:\Windows\System\KOWHZik.exe
  C:\Windows\System\KOWHZik.exe
  2⤵
  PID:7436
- C:\Windows\System\CmoGYBq.exe
  C:\Windows\System\CmoGYBq.exe
  2⤵
  PID:7456
- C:\Windows\System\iWySosW.exe
  C:\Windows\System\iWySosW.exe
  2⤵
  PID:7516
- C:\Windows\System\zrldDUm.exe
  C:\Windows\System\zrldDUm.exe
  2⤵
  PID:7548
- C:\Windows\System\yLrJyuA.exe
  C:\Windows\System\yLrJyuA.exe
  2⤵
  PID:7568
- C:\Windows\System\KfsXisT.exe
  C:\Windows\System\KfsXisT.exe
  2⤵
  PID:7592
- C:\Windows\System\gTjdkqL.exe
  C:\Windows\System\gTjdkqL.exe
  2⤵
  PID:7620
- C:\Windows\System\nSPiyfh.exe
  C:\Windows\System\nSPiyfh.exe
  2⤵
  PID:7644
- C:\Windows\System\eZBCTmT.exe
  C:\Windows\System\eZBCTmT.exe
  2⤵
  PID:7668
- C:\Windows\System\NTLYund.exe
  C:\Windows\System\NTLYund.exe
  2⤵
  PID:7692
- C:\Windows\System\taNspOn.exe
  C:\Windows\System\taNspOn.exe
  2⤵
  PID:7708
- C:\Windows\System\achdriX.exe
  C:\Windows\System\achdriX.exe
  2⤵
  PID:7732
- C:\Windows\System\htzezJe.exe
  C:\Windows\System\htzezJe.exe
  2⤵
  PID:7776
- C:\Windows\System\vMeWoky.exe
  C:\Windows\System\vMeWoky.exe
  2⤵
  PID:7820
- C:\Windows\System\bRKSecU.exe
  C:\Windows\System\bRKSecU.exe
  2⤵
  PID:7868
- C:\Windows\System\FxDbuMp.exe
  C:\Windows\System\FxDbuMp.exe
  2⤵
  PID:7888
- C:\Windows\System\yYvqhZa.exe
  C:\Windows\System\yYvqhZa.exe
  2⤵
  PID:7912
- C:\Windows\System\GkPDqPa.exe
  C:\Windows\System\GkPDqPa.exe
  2⤵
  PID:7936
- C:\Windows\System\LstuUWM.exe
  C:\Windows\System\LstuUWM.exe
  2⤵
  PID:7964
- C:\Windows\System\rviaDJH.exe
  C:\Windows\System\rviaDJH.exe
  2⤵
  PID:7984
- C:\Windows\System\xZDUMrb.exe
  C:\Windows\System\xZDUMrb.exe
  2⤵
  PID:8000
- C:\Windows\System\wFiJwSr.exe
  C:\Windows\System\wFiJwSr.exe
  2⤵
  PID:8020
- C:\Windows\System\ELQowJy.exe
  C:\Windows\System\ELQowJy.exe
  2⤵
  PID:8048
- C:\Windows\System\CGWGAzy.exe
  C:\Windows\System\CGWGAzy.exe
  2⤵
  PID:8112
- C:\Windows\System\uUOaaJG.exe
  C:\Windows\System\uUOaaJG.exe
  2⤵
  PID:8132
- C:\Windows\System\QuwDMxc.exe
  C:\Windows\System\QuwDMxc.exe
  2⤵
  PID:8156
- C:\Windows\System\eEnImFo.exe
  C:\Windows\System\eEnImFo.exe
  2⤵
  PID:6600
- C:\Windows\System\FCVMizP.exe
  C:\Windows\System\FCVMizP.exe
  2⤵
  PID:7108
- C:\Windows\System\VjQChjJ.exe
  C:\Windows\System\VjQChjJ.exe
  2⤵
  PID:7248
- C:\Windows\System\wyrhYVJ.exe
  C:\Windows\System\wyrhYVJ.exe
  2⤵
  PID:7284
- C:\Windows\System\nFQdsEh.exe
  C:\Windows\System\nFQdsEh.exe
  2⤵
  PID:7372
- C:\Windows\System\xHMKVND.exe
  C:\Windows\System\xHMKVND.exe
  2⤵
  PID:7452
- C:\Windows\System\ELyjSEY.exe
  C:\Windows\System\ELyjSEY.exe
  2⤵
  PID:7484
- C:\Windows\System\UuJongk.exe
  C:\Windows\System\UuJongk.exe
  2⤵
  PID:7556
- C:\Windows\System\PgJvoeU.exe
  C:\Windows\System\PgJvoeU.exe
  2⤵
  PID:7640
- C:\Windows\System\CCpRfks.exe
  C:\Windows\System\CCpRfks.exe
  2⤵
  PID:7744
- C:\Windows\System\wANVeBR.exe
  C:\Windows\System\wANVeBR.exe
  2⤵
  PID:7724
- C:\Windows\System\frCxYwv.exe
  C:\Windows\System\frCxYwv.exe
  2⤵
  PID:7764
- C:\Windows\System\ijhYVrQ.exe
  C:\Windows\System\ijhYVrQ.exe
  2⤵
  PID:7848
- C:\Windows\System\wSQVTpw.exe
  C:\Windows\System\wSQVTpw.exe
  2⤵
  PID:7952
- C:\Windows\System\rprInTb.exe
  C:\Windows\System\rprInTb.exe
  2⤵
  PID:7944
- C:\Windows\System\qQHixSP.exe
  C:\Windows\System\qQHixSP.exe
  2⤵
  PID:8012
- C:\Windows\System\SMwjzVE.exe
  C:\Windows\System\SMwjzVE.exe
  2⤵
  PID:8056
- C:\Windows\System\xkgxShi.exe
  C:\Windows\System\xkgxShi.exe
  2⤵
  PID:8120
- C:\Windows\System\AorGcJh.exe
  C:\Windows\System\AorGcJh.exe
  2⤵
  PID:7216
- C:\Windows\System\zxhsDvd.exe
  C:\Windows\System\zxhsDvd.exe
  2⤵
  PID:7508
- C:\Windows\System\IfKKDLh.exe
  C:\Windows\System\IfKKDLh.exe
  2⤵
  PID:7700
- C:\Windows\System\LTFXwbh.exe
  C:\Windows\System\LTFXwbh.exe
  2⤵
  PID:7836
- C:\Windows\System\iNfDnRr.exe
  C:\Windows\System\iNfDnRr.exe
  2⤵
  PID:7948
- C:\Windows\System\dWRsqqv.exe
  C:\Windows\System\dWRsqqv.exe
  2⤵
  PID:8168
- C:\Windows\System\pTTDunv.exe
  C:\Windows\System\pTTDunv.exe
  2⤵
  PID:5956
- C:\Windows\System\RCsIbzt.exe
  C:\Windows\System\RCsIbzt.exe
  2⤵
  PID:7584
- C:\Windows\System\bCEZttG.exe
  C:\Windows\System\bCEZttG.exe
  2⤵
  PID:7832
- C:\Windows\System\wtleCNq.exe
  C:\Windows\System\wtleCNq.exe
  2⤵
  PID:7184
- C:\Windows\System\qoelDjG.exe
  C:\Windows\System\qoelDjG.exe
  2⤵
  PID:7464
- C:\Windows\System\EadyzoY.exe
  C:\Windows\System\EadyzoY.exe
  2⤵
  PID:8216
- C:\Windows\System\JOxaWcu.exe
  C:\Windows\System\JOxaWcu.exe
  2⤵
  PID:8236
- C:\Windows\System\TzRqBnZ.exe
  C:\Windows\System\TzRqBnZ.exe
  2⤵
  PID:8260
- C:\Windows\System\oqdAefD.exe
  C:\Windows\System\oqdAefD.exe
  2⤵
  PID:8280
- C:\Windows\System\sfRIEjO.exe
  C:\Windows\System\sfRIEjO.exe
  2⤵
  PID:8388
- C:\Windows\System\joiMqUK.exe
  C:\Windows\System\joiMqUK.exe
  2⤵
  PID:8408
- C:\Windows\System\sAcatTV.exe
  C:\Windows\System\sAcatTV.exe
  2⤵
  PID:8436
- C:\Windows\System\YVHYgsf.exe
  C:\Windows\System\YVHYgsf.exe
  2⤵
  PID:8456
- C:\Windows\System\Wzcfnrw.exe
  C:\Windows\System\Wzcfnrw.exe
  2⤵
  PID:8476
- C:\Windows\System\xphNhxd.exe
  C:\Windows\System\xphNhxd.exe
  2⤵
  PID:8496
- C:\Windows\System\cmhXFYJ.exe
  C:\Windows\System\cmhXFYJ.exe
  2⤵
  PID:8524
- C:\Windows\System\XoTZcAJ.exe
  C:\Windows\System\XoTZcAJ.exe
  2⤵
  PID:8544
- C:\Windows\System\nLsBSoo.exe
  C:\Windows\System\nLsBSoo.exe
  2⤵
  PID:8564
- C:\Windows\System\SQCCSpI.exe
  C:\Windows\System\SQCCSpI.exe
  2⤵
  PID:8604
- C:\Windows\System\XMPaWXh.exe
  C:\Windows\System\XMPaWXh.exe
  2⤵
  PID:8632
- C:\Windows\System\qfdEiDQ.exe
  C:\Windows\System\qfdEiDQ.exe
  2⤵
  PID:8652
- C:\Windows\System\zcXxnXJ.exe
  C:\Windows\System\zcXxnXJ.exe
  2⤵
  PID:8688
- C:\Windows\System\skycaDx.exe
  C:\Windows\System\skycaDx.exe
  2⤵
  PID:8708
- C:\Windows\System\veaHJDx.exe
  C:\Windows\System\veaHJDx.exe
  2⤵
  PID:8736
- C:\Windows\System\Xlzmeat.exe
  C:\Windows\System\Xlzmeat.exe
  2⤵
  PID:8756
- C:\Windows\System\jqsRDgk.exe
  C:\Windows\System\jqsRDgk.exe
  2⤵
  PID:8784
- C:\Windows\System\cZAZbyP.exe
  C:\Windows\System\cZAZbyP.exe
  2⤵
  PID:8832
- C:\Windows\System\KByOCqP.exe
  C:\Windows\System\KByOCqP.exe
  2⤵
  PID:8872
- C:\Windows\System\lGxBcBV.exe
  C:\Windows\System\lGxBcBV.exe
  2⤵
  PID:8912
- C:\Windows\System\BRCTgSB.exe
  C:\Windows\System\BRCTgSB.exe
  2⤵
  PID:8940
- C:\Windows\System\rQDmPup.exe
  C:\Windows\System\rQDmPup.exe
  2⤵
  PID:8960
- C:\Windows\System\UJbUoBB.exe
  C:\Windows\System\UJbUoBB.exe
  2⤵
  PID:8988
- C:\Windows\System\lpiSRPP.exe
  C:\Windows\System\lpiSRPP.exe
  2⤵
  PID:9028
- C:\Windows\System\dceVRYA.exe
  C:\Windows\System\dceVRYA.exe
  2⤵
  PID:9048
- C:\Windows\System\StahLSV.exe
  C:\Windows\System\StahLSV.exe
  2⤵
  PID:9068
- C:\Windows\System\kwwMdFE.exe
  C:\Windows\System\kwwMdFE.exe
  2⤵
  PID:9096
- C:\Windows\System\CLpVPtH.exe
  C:\Windows\System\CLpVPtH.exe
  2⤵
  PID:9116
- C:\Windows\System\zabZCAS.exe
  C:\Windows\System\zabZCAS.exe
  2⤵
  PID:9140
- C:\Windows\System\cpXhGzF.exe
  C:\Windows\System\cpXhGzF.exe
  2⤵
  PID:9184
- C:\Windows\System\rOQOEml.exe
  C:\Windows\System\rOQOEml.exe
  2⤵
  PID:7928
- C:\Windows\System\aglolMr.exe
  C:\Windows\System\aglolMr.exe
  2⤵
  PID:8044
- C:\Windows\System\nYZejAp.exe
  C:\Windows\System\nYZejAp.exe
  2⤵
  PID:8328
- C:\Windows\System\BBMVnki.exe
  C:\Windows\System\BBMVnki.exe
  2⤵
  PID:8320
- C:\Windows\System\nCWSToy.exe
  C:\Windows\System\nCWSToy.exe
  2⤵
  PID:8432
- C:\Windows\System\LjcDjtn.exe
  C:\Windows\System\LjcDjtn.exe
  2⤵
  PID:8468
- C:\Windows\System\JXOxAaE.exe
  C:\Windows\System\JXOxAaE.exe
  2⤵
  PID:8516
- C:\Windows\System\gUhzkVl.exe
  C:\Windows\System\gUhzkVl.exe
  2⤵
  PID:8616
- C:\Windows\System\HxKNrHV.exe
  C:\Windows\System\HxKNrHV.exe
  2⤵
  PID:8676
- C:\Windows\System\zigyQWN.exe
  C:\Windows\System\zigyQWN.exe
  2⤵
  PID:8672
- C:\Windows\System\tNBNVIE.exe
  C:\Windows\System\tNBNVIE.exe
  2⤵
  PID:8768
- C:\Windows\System\WTckhDj.exe
  C:\Windows\System\WTckhDj.exe
  2⤵
  PID:8828
- C:\Windows\System\VCNafyp.exe
  C:\Windows\System\VCNafyp.exe
  2⤵
  PID:8928
- C:\Windows\System\GSnVGoP.exe
  C:\Windows\System\GSnVGoP.exe
  2⤵
  PID:9040
- C:\Windows\System\jkfGVnk.exe
  C:\Windows\System\jkfGVnk.exe
  2⤵
  PID:9156
- C:\Windows\System\jbGnTMU.exe
  C:\Windows\System\jbGnTMU.exe
  2⤵
  PID:9172
- C:\Windows\System\DntOBMT.exe
  C:\Windows\System\DntOBMT.exe
  2⤵
  PID:6856
- C:\Windows\System\xSOSeEy.exe
  C:\Windows\System\xSOSeEy.exe
  2⤵
  PID:8368
- C:\Windows\System\GUyjXev.exe
  C:\Windows\System\GUyjXev.exe
  2⤵
  PID:8540
- C:\Windows\System\vJVmJIC.exe
  C:\Windows\System\vJVmJIC.exe
  2⤵
  PID:8644
- C:\Windows\System\oCGchdF.exe
  C:\Windows\System\oCGchdF.exe
  2⤵
  PID:8684
- C:\Windows\System\qBzWOGl.exe
  C:\Windows\System\qBzWOGl.exe
  2⤵
  PID:8864
- C:\Windows\System\JRsWdhv.exe
  C:\Windows\System\JRsWdhv.exe
  2⤵
  PID:8984
- C:\Windows\System\nJyFzQe.exe
  C:\Windows\System\nJyFzQe.exe
  2⤵
  PID:9084
- C:\Windows\System\cVdffsE.exe
  C:\Windows\System\cVdffsE.exe
  2⤵
  PID:8204
- C:\Windows\System\CwRrblU.exe
  C:\Windows\System\CwRrblU.exe
  2⤵
  PID:8704
- C:\Windows\System\neWjNPc.exe
  C:\Windows\System\neWjNPc.exe
  2⤵
  PID:8824
- C:\Windows\System\GMIJusm.exe
  C:\Windows\System\GMIJusm.exe
  2⤵
  PID:8776
- C:\Windows\System\FZWbUXD.exe
  C:\Windows\System\FZWbUXD.exe
  2⤵
  PID:9260
- C:\Windows\System\fTjNQjt.exe
  C:\Windows\System\fTjNQjt.exe
  2⤵
  PID:9288
- C:\Windows\System\RGIqKqg.exe
  C:\Windows\System\RGIqKqg.exe
  2⤵
  PID:9308
- C:\Windows\System\CnQxOzb.exe
  C:\Windows\System\CnQxOzb.exe
  2⤵
  PID:9328
- C:\Windows\System\CPzptpl.exe
  C:\Windows\System\CPzptpl.exe
  2⤵
  PID:9348
- C:\Windows\System\FfPiPMe.exe
  C:\Windows\System\FfPiPMe.exe
  2⤵
  PID:9400
- C:\Windows\System\XjUAnyM.exe
  C:\Windows\System\XjUAnyM.exe
  2⤵
  PID:9420
- C:\Windows\System\zqZkQby.exe
  C:\Windows\System\zqZkQby.exe
  2⤵
  PID:9440
- C:\Windows\System\CnNHYDg.exe
  C:\Windows\System\CnNHYDg.exe
  2⤵
  PID:9464
- C:\Windows\System\LsdPdrk.exe
  C:\Windows\System\LsdPdrk.exe
  2⤵
  PID:9512
- C:\Windows\System\MuCoYHW.exe
  C:\Windows\System\MuCoYHW.exe
  2⤵
  PID:9556
- C:\Windows\System\hUDPRZn.exe
  C:\Windows\System\hUDPRZn.exe
  2⤵
  PID:9712
- C:\Windows\System\lgKvZjY.exe
  C:\Windows\System\lgKvZjY.exe
  2⤵
  PID:9728
- C:\Windows\System\PqncgcB.exe
  C:\Windows\System\PqncgcB.exe
  2⤵
  PID:9744
- C:\Windows\System\hSpJBVv.exe
  C:\Windows\System\hSpJBVv.exe
  2⤵
  PID:9760
- C:\Windows\System\NWgkMXQ.exe
  C:\Windows\System\NWgkMXQ.exe
  2⤵
  PID:9776
- C:\Windows\System\RgoKmzj.exe
  C:\Windows\System\RgoKmzj.exe
  2⤵
  PID:9792
- C:\Windows\System\AAHYSjU.exe
  C:\Windows\System\AAHYSjU.exe
  2⤵
  PID:9812
- C:\Windows\System\qfwqaDA.exe
  C:\Windows\System\qfwqaDA.exe
  2⤵
  PID:9828
- C:\Windows\System\TSvHxxA.exe
  C:\Windows\System\TSvHxxA.exe
  2⤵
  PID:9848
- C:\Windows\System\opmARHU.exe
  C:\Windows\System\opmARHU.exe
  2⤵
  PID:9864
- C:\Windows\System\UYsrTzn.exe
  C:\Windows\System\UYsrTzn.exe
  2⤵
  PID:9880
- C:\Windows\System\NwOtGLF.exe
  C:\Windows\System\NwOtGLF.exe
  2⤵
  PID:9896
- C:\Windows\System\ALkyiXS.exe
  C:\Windows\System\ALkyiXS.exe
  2⤵
  PID:9912
- C:\Windows\System\OxJGgwR.exe
  C:\Windows\System\OxJGgwR.exe
  2⤵
  PID:9928
- C:\Windows\System\ToZCQSx.exe
  C:\Windows\System\ToZCQSx.exe
  2⤵
  PID:9944
- C:\Windows\System\xmShsbl.exe
  C:\Windows\System\xmShsbl.exe
  2⤵
  PID:9960
- C:\Windows\System\oCtGhQU.exe
  C:\Windows\System\oCtGhQU.exe
  2⤵
  PID:9976
- C:\Windows\System\svAGXPL.exe
  C:\Windows\System\svAGXPL.exe
  2⤵
  PID:9992
- C:\Windows\System\UyxqKpz.exe
  C:\Windows\System\UyxqKpz.exe
  2⤵
  PID:10008
- C:\Windows\System\OQpkaVF.exe
  C:\Windows\System\OQpkaVF.exe
  2⤵
  PID:10024
- C:\Windows\System\PlGILZu.exe
  C:\Windows\System\PlGILZu.exe
  2⤵
  PID:10040
- C:\Windows\System\qWsYReC.exe
  C:\Windows\System\qWsYReC.exe
  2⤵
  PID:10064
- C:\Windows\System\wAalfYD.exe
  C:\Windows\System\wAalfYD.exe
  2⤵
  PID:10080
- C:\Windows\System\zqopLUq.exe
  C:\Windows\System\zqopLUq.exe
  2⤵
  PID:10140
- C:\Windows\System\TSXZGXM.exe
  C:\Windows\System\TSXZGXM.exe
  2⤵
  PID:10160
- C:\Windows\System\yqcOpGQ.exe
  C:\Windows\System\yqcOpGQ.exe
  2⤵
  PID:10176
- C:\Windows\System\TvTvkrj.exe
  C:\Windows\System\TvTvkrj.exe
  2⤵
  PID:10200
- C:\Windows\System\rRbgMJP.exe
  C:\Windows\System\rRbgMJP.exe
  2⤵
  PID:9304
- C:\Windows\System\BcNRXca.exe
  C:\Windows\System\BcNRXca.exe
  2⤵
  PID:9432
- C:\Windows\System\nglnmEs.exe
  C:\Windows\System\nglnmEs.exe
  2⤵
  PID:9396
- C:\Windows\System\trfcgGf.exe
  C:\Windows\System\trfcgGf.exe
  2⤵
  PID:9504
- C:\Windows\System\ZUpVwWj.exe
  C:\Windows\System\ZUpVwWj.exe
  2⤵
  PID:9648
- C:\Windows\System\FcGfFgM.exe
  C:\Windows\System\FcGfFgM.exe
  2⤵
  PID:9576
- C:\Windows\System\pOUTJlJ.exe
  C:\Windows\System\pOUTJlJ.exe
  2⤵
  PID:9756
- C:\Windows\System\tYRyzTv.exe
  C:\Windows\System\tYRyzTv.exe
  2⤵
  PID:9680
- C:\Windows\System\ZIMFImJ.exe
  C:\Windows\System\ZIMFImJ.exe
  2⤵
  PID:10048
- C:\Windows\System\Dsjaqtn.exe
  C:\Windows\System\Dsjaqtn.exe
  2⤵
  PID:10212
- C:\Windows\System\ggmEZUL.exe
  C:\Windows\System\ggmEZUL.exe
  2⤵
  PID:9952
- C:\Windows\System\ahulZwI.exe
  C:\Windows\System\ahulZwI.exe
  2⤵
  PID:10156
- C:\Windows\System\iULIpBK.exe
  C:\Windows\System\iULIpBK.exe
  2⤵
  PID:9872
- C:\Windows\System\hEYxePN.exe
  C:\Windows\System\hEYxePN.exe
  2⤵
  PID:9448
- C:\Windows\System\BvTYuZF.exe
  C:\Windows\System\BvTYuZF.exe
  2⤵
  PID:9460
- C:\Windows\System\aaaWlIN.exe
  C:\Windows\System\aaaWlIN.exe
  2⤵
  PID:9908
- C:\Windows\System\SsrZsHJ.exe
  C:\Windows\System\SsrZsHJ.exe
  2⤵
  PID:9984
- C:\Windows\System\aHoYoPo.exe
  C:\Windows\System\aHoYoPo.exe
  2⤵
  PID:10124
- C:\Windows\System\zZKYjIZ.exe
  C:\Windows\System\zZKYjIZ.exe
  2⤵
  PID:10148
- C:\Windows\System\fDxAGws.exe
  C:\Windows\System\fDxAGws.exe
  2⤵
  PID:9236
- C:\Windows\System\TVrPUJb.exe
  C:\Windows\System\TVrPUJb.exe
  2⤵
  PID:9724
- C:\Windows\System\idobrZm.exe
  C:\Windows\System\idobrZm.exe
  2⤵
  PID:9688
- C:\Windows\System\WhaMFVf.exe
  C:\Windows\System\WhaMFVf.exe
  2⤵
  PID:9664
- C:\Windows\System\QQCTbju.exe
  C:\Windows\System\QQCTbju.exe
  2⤵
  PID:10248
- C:\Windows\System\udezCAX.exe
  C:\Windows\System\udezCAX.exe
  2⤵
  PID:10276
- C:\Windows\System\pnBvtms.exe
  C:\Windows\System\pnBvtms.exe
  2⤵
  PID:10300
- C:\Windows\System\gdmxauR.exe
  C:\Windows\System\gdmxauR.exe
  2⤵
  PID:10320
- C:\Windows\System\aXRnbaS.exe
  C:\Windows\System\aXRnbaS.exe
  2⤵
  PID:10348
- C:\Windows\System\oTHLvsX.exe
  C:\Windows\System\oTHLvsX.exe
  2⤵
  PID:10392
- C:\Windows\System\EXJUazQ.exe
  C:\Windows\System\EXJUazQ.exe
  2⤵
  PID:10412
- C:\Windows\System\gsKLUjE.exe
  C:\Windows\System\gsKLUjE.exe
  2⤵
  PID:10444
- C:\Windows\System\YnsggNC.exe
  C:\Windows\System\YnsggNC.exe
  2⤵
  PID:10476
- C:\Windows\System\XyeMWGj.exe
  C:\Windows\System\XyeMWGj.exe
  2⤵
  PID:10508
- C:\Windows\System\vxwttJO.exe
  C:\Windows\System\vxwttJO.exe
  2⤵
  PID:10528
- C:\Windows\System\yBpFWQA.exe
  C:\Windows\System\yBpFWQA.exe
  2⤵
  PID:10556
- C:\Windows\System\SMLkqxA.exe
  C:\Windows\System\SMLkqxA.exe
  2⤵
  PID:10580
- C:\Windows\System\tGBoLzy.exe
  C:\Windows\System\tGBoLzy.exe
  2⤵
  PID:10604
- C:\Windows\System\POrFJuu.exe
  C:\Windows\System\POrFJuu.exe
  2⤵
  PID:10652
- C:\Windows\System\ZTQZRlc.exe
  C:\Windows\System\ZTQZRlc.exe
  2⤵
  PID:10676
- C:\Windows\System\vLKsbGJ.exe
  C:\Windows\System\vLKsbGJ.exe
  2⤵
  PID:10708
- C:\Windows\System\RMRpfLr.exe
  C:\Windows\System\RMRpfLr.exe
  2⤵
  PID:10728
- C:\Windows\System\DigJLhO.exe
  C:\Windows\System\DigJLhO.exe
  2⤵
  PID:10748
- C:\Windows\System\mclZCES.exe
  C:\Windows\System\mclZCES.exe
  2⤵
  PID:10776
- C:\Windows\System\GOarLHf.exe
  C:\Windows\System\GOarLHf.exe
  2⤵
  PID:10800
- C:\Windows\System\NDKuiaB.exe
  C:\Windows\System\NDKuiaB.exe
  2⤵
  PID:10856
- C:\Windows\System\YaaJIYc.exe
  C:\Windows\System\YaaJIYc.exe
  2⤵
  PID:10872
- C:\Windows\System\iCLHPSx.exe
  C:\Windows\System\iCLHPSx.exe
  2⤵
  PID:10896
- C:\Windows\System\xHXBjtq.exe
  C:\Windows\System\xHXBjtq.exe
  2⤵
  PID:10920
- C:\Windows\System\xoaoZvf.exe
  C:\Windows\System\xoaoZvf.exe
  2⤵
  PID:10944
- C:\Windows\System\DiiieHA.exe
  C:\Windows\System\DiiieHA.exe
  2⤵
  PID:10964
- C:\Windows\System\oAuudtM.exe
  C:\Windows\System\oAuudtM.exe
  2⤵
  PID:10992
- C:\Windows\System\MbRMpuj.exe
  C:\Windows\System\MbRMpuj.exe
  2⤵
  PID:11012
- C:\Windows\System\JhaJhLe.exe
  C:\Windows\System\JhaJhLe.exe
  2⤵
  PID:11072
- C:\Windows\System\gbniGDs.exe
  C:\Windows\System\gbniGDs.exe
  2⤵
  PID:11092
- C:\Windows\System\BKhmRQs.exe
  C:\Windows\System\BKhmRQs.exe
  2⤵
  PID:11112
- C:\Windows\System\yCobesj.exe
  C:\Windows\System\yCobesj.exe
  2⤵
  PID:11152
- C:\Windows\System\XXnzzqS.exe
  C:\Windows\System\XXnzzqS.exe
  2⤵
  PID:11180
- C:\Windows\System\MnXBJvS.exe
  C:\Windows\System\MnXBJvS.exe
  2⤵
  PID:11200
- C:\Windows\System\SnHfNHU.exe
  C:\Windows\System\SnHfNHU.exe
  2⤵
  PID:11236
- C:\Windows\System\KzwCdjp.exe
  C:\Windows\System\KzwCdjp.exe
  2⤵
  PID:9840
- C:\Windows\System\KXCgJeI.exe
  C:\Windows\System\KXCgJeI.exe
  2⤵
  PID:10256
- C:\Windows\System\pVykeYw.exe
  C:\Windows\System\pVykeYw.exe
  2⤵
  PID:10292
- C:\Windows\System\UUNchRG.exe
  C:\Windows\System\UUNchRG.exe
  2⤵
  PID:10384
- C:\Windows\System\SFzPmjH.exe
  C:\Windows\System\SFzPmjH.exe
  2⤵
  PID:10452
- C:\Windows\System\UaUqBXC.exe
  C:\Windows\System\UaUqBXC.exe
  2⤵
  PID:10504
- C:\Windows\System\lcTQsQZ.exe
  C:\Windows\System\lcTQsQZ.exe
  2⤵
  PID:10552
- C:\Windows\System\hKSUUxu.exe
  C:\Windows\System\hKSUUxu.exe
  2⤵
  PID:10628
- C:\Windows\System\UXoWrBi.exe
  C:\Windows\System\UXoWrBi.exe
  2⤵
  PID:10664
- C:\Windows\System\sPcgCBo.exe
  C:\Windows\System\sPcgCBo.exe
  2⤵
  PID:10736
- C:\Windows\System\HIOzXnb.exe
  C:\Windows\System\HIOzXnb.exe
  2⤵
  PID:10812
- C:\Windows\System\oHvAVLH.exe
  C:\Windows\System\oHvAVLH.exe
  2⤵
  PID:10848
- C:\Windows\System\xEZxiNy.exe
  C:\Windows\System\xEZxiNy.exe
  2⤵
  PID:10960
- C:\Windows\System\cOplqVH.exe
  C:\Windows\System\cOplqVH.exe
  2⤵
  PID:11004
- C:\Windows\System\PKzKwGb.exe
  C:\Windows\System\PKzKwGb.exe
  2⤵
  PID:11108
- C:\Windows\System\WldNygj.exe
  C:\Windows\System\WldNygj.exe
  2⤵
  PID:11160
- C:\Windows\System\dGJfJQA.exe
  C:\Windows\System\dGJfJQA.exe
  2⤵
  PID:11212
- C:\Windows\System\VlLYahm.exe
  C:\Windows\System\VlLYahm.exe
  2⤵
  PID:9740
- C:\Windows\System\NtJPkjr.exe
  C:\Windows\System\NtJPkjr.exe
  2⤵
  PID:10380
- C:\Windows\System\OlKgoql.exe
  C:\Windows\System\OlKgoql.exe
  2⤵
  PID:10536
- C:\Windows\System\ZWMaXog.exe
  C:\Windows\System\ZWMaXog.exe
  2⤵
  PID:10796
- C:\Windows\System\eeiHUKr.exe
  C:\Windows\System\eeiHUKr.exe
  2⤵
  PID:8400
- C:\Windows\System\VSkshoW.exe
  C:\Windows\System\VSkshoW.exe
  2⤵
  PID:10760
- C:\Windows\System\YMBFMBV.exe
  C:\Windows\System\YMBFMBV.exe
  2⤵
  PID:11048
- C:\Windows\System\hvYvkSF.exe
  C:\Windows\System\hvYvkSF.exe
  2⤵
  PID:11088
- C:\Windows\System\EqsXctO.exe
  C:\Windows\System\EqsXctO.exe
  2⤵
  PID:9584
- C:\Windows\System\WYFhyXW.exe
  C:\Windows\System\WYFhyXW.exe
  2⤵
  PID:10572
- C:\Windows\System\JnggBSh.exe
  C:\Windows\System\JnggBSh.exe
  2⤵
  PID:11080
- C:\Windows\System\QnmIzDR.exe
  C:\Windows\System\QnmIzDR.exe
  2⤵
  PID:11284
- C:\Windows\System\zgtafDr.exe
  C:\Windows\System\zgtafDr.exe
  2⤵
  PID:11304
- C:\Windows\System\vfiHesh.exe
  C:\Windows\System\vfiHesh.exe
  2⤵
  PID:11328
- C:\Windows\System\tgAbIWn.exe
  C:\Windows\System\tgAbIWn.exe
  2⤵
  PID:11352
- C:\Windows\System\eUMgQMN.exe
  C:\Windows\System\eUMgQMN.exe
  2⤵
  PID:11376
- C:\Windows\System\ABQTqwQ.exe
  C:\Windows\System\ABQTqwQ.exe
  2⤵
  PID:11416
- C:\Windows\System\oSlUSIu.exe
  C:\Windows\System\oSlUSIu.exe
  2⤵
  PID:11440
- C:\Windows\System\GfJGUHq.exe
  C:\Windows\System\GfJGUHq.exe
  2⤵
  PID:11460
- C:\Windows\System\AfLlAIT.exe
  C:\Windows\System\AfLlAIT.exe
  2⤵
  PID:11492
- C:\Windows\System\dMCIJXC.exe
  C:\Windows\System\dMCIJXC.exe
  2⤵
  PID:11528
- C:\Windows\System\nuMtTyg.exe
  C:\Windows\System\nuMtTyg.exe
  2⤵
  PID:11544
- C:\Windows\System\rLXCZOh.exe
  C:\Windows\System\rLXCZOh.exe
  2⤵
  PID:11596
- C:\Windows\System\wNyoWOq.exe
  C:\Windows\System\wNyoWOq.exe
  2⤵
  PID:11616
- C:\Windows\System\mHhOMFF.exe
  C:\Windows\System\mHhOMFF.exe
  2⤵
  PID:11640
- C:\Windows\System\yuSbEUq.exe
  C:\Windows\System\yuSbEUq.exe
  2⤵
  PID:11672
- C:\Windows\System\dzXlIas.exe
  C:\Windows\System\dzXlIas.exe
  2⤵
  PID:11692
- C:\Windows\System\uDvruhO.exe
  C:\Windows\System\uDvruhO.exe
  2⤵
  PID:11712
- C:\Windows\System\qpQFUPT.exe
  C:\Windows\System\qpQFUPT.exe
  2⤵
  PID:11756
- C:\Windows\System\KWgMIha.exe
  C:\Windows\System\KWgMIha.exe
  2⤵
  PID:11780
- C:\Windows\System\gysxxPu.exe
  C:\Windows\System\gysxxPu.exe
  2⤵
  PID:11800
- C:\Windows\System\gWSweiY.exe
  C:\Windows\System\gWSweiY.exe
  2⤵
  PID:11828
- C:\Windows\System\fRgzUBh.exe
  C:\Windows\System\fRgzUBh.exe
  2⤵
  PID:11856
- C:\Windows\System\vecfmkg.exe
  C:\Windows\System\vecfmkg.exe
  2⤵
  PID:11884
- C:\Windows\System\iskMKMR.exe
  C:\Windows\System\iskMKMR.exe
  2⤵
  PID:11920
- C:\Windows\System\FsNffIq.exe
  C:\Windows\System\FsNffIq.exe
  2⤵
  PID:11964
- C:\Windows\System\uAtBjUh.exe
  C:\Windows\System\uAtBjUh.exe
  2⤵
  PID:11984
- C:\Windows\System\JVITTeF.exe
  C:\Windows\System\JVITTeF.exe
  2⤵
  PID:12008
- C:\Windows\System\nOCbPGD.exe
  C:\Windows\System\nOCbPGD.exe
  2⤵
  PID:12032
- C:\Windows\System\JXilgZE.exe
  C:\Windows\System\JXilgZE.exe
  2⤵
  PID:12048
- C:\Windows\System\AUqowLD.exe
  C:\Windows\System\AUqowLD.exe
  2⤵
  PID:12068
- C:\Windows\System\dEWSjMx.exe
  C:\Windows\System\dEWSjMx.exe
  2⤵
  PID:12100
- C:\Windows\System\lavpDsf.exe
  C:\Windows\System\lavpDsf.exe
  2⤵
  PID:12116
- C:\Windows\System\gUVrOgg.exe
  C:\Windows\System\gUVrOgg.exe
  2⤵
  PID:12164
- C:\Windows\System\nVYqwlJ.exe
  C:\Windows\System\nVYqwlJ.exe
  2⤵
  PID:12184
- C:\Windows\System\YFgENAA.exe
  C:\Windows\System\YFgENAA.exe
  2⤵
  PID:12220
- C:\Windows\System\IrtnkOD.exe
  C:\Windows\System\IrtnkOD.exe
  2⤵
  PID:12240
- C:\Windows\System\bajZUYa.exe
  C:\Windows\System\bajZUYa.exe
  2⤵
  PID:12260
- C:\Windows\System\qGclgAQ.exe
  C:\Windows\System\qGclgAQ.exe
  2⤵
  PID:10312
- C:\Windows\System\wYnbBlo.exe
  C:\Windows\System\wYnbBlo.exe
  2⤵
  PID:11296
- C:\Windows\System\qruFGGL.exe
  C:\Windows\System\qruFGGL.exe
  2⤵
  PID:11320
- C:\Windows\System\LeVvchM.exe
  C:\Windows\System\LeVvchM.exe
  2⤵
  PID:11396
- C:\Windows\System\vSoQhHu.exe
  C:\Windows\System\vSoQhHu.exe
  2⤵
  PID:11448
- C:\Windows\System\FxVBrnG.exe
  C:\Windows\System\FxVBrnG.exe
  2⤵
  PID:11520
- C:\Windows\System\lfOaScl.exe
  C:\Windows\System\lfOaScl.exe
  2⤵
  PID:11564
- C:\Windows\System\mxtmnAD.exe
  C:\Windows\System\mxtmnAD.exe
  2⤵
  PID:11592
- C:\Windows\System\HCEphHk.exe
  C:\Windows\System\HCEphHk.exe
  2⤵
  PID:11688
- C:\Windows\System\MCIvccL.exe
  C:\Windows\System\MCIvccL.exe
  2⤵
  PID:11740
- C:\Windows\System\qFCviXw.exe
  C:\Windows\System\qFCviXw.exe
  2⤵
  PID:11916
- C:\Windows\System\OIUpNtZ.exe
  C:\Windows\System\OIUpNtZ.exe
  2⤵
  PID:11960
- C:\Windows\System\bqhVPlS.exe
  C:\Windows\System\bqhVPlS.exe
  2⤵
  PID:12000
- C:\Windows\System\rdwocSZ.exe
  C:\Windows\System\rdwocSZ.exe
  2⤵
  PID:12016
- C:\Windows\System\otMrwpH.exe
  C:\Windows\System\otMrwpH.exe
  2⤵
  PID:12136
- C:\Windows\System\pMtDOuL.exe
  C:\Windows\System\pMtDOuL.exe
  2⤵
  PID:12176
- C:\Windows\System\jfXrtRN.exe
  C:\Windows\System\jfXrtRN.exe
  2⤵
  PID:12268
- C:\Windows\System\aswVyQC.exe
  C:\Windows\System\aswVyQC.exe
  2⤵
  PID:11488
- C:\Windows\System\LvJKgWF.exe
  C:\Windows\System\LvJKgWF.exe
  2⤵
  PID:11708
- C:\Windows\System\lIGtFKE.exe
  C:\Windows\System\lIGtFKE.exe
  2⤵
  PID:11796
- C:\Windows\System\xHwdBOW.exe
  C:\Windows\System\xHwdBOW.exe
  2⤵
  PID:11872
- C:\Windows\System\vblmzIG.exe
  C:\Windows\System\vblmzIG.exe
  2⤵
  PID:12060
- C:\Windows\System\KReZBDj.exe
  C:\Windows\System\KReZBDj.exe
  2⤵
  PID:11292
- C:\Windows\System\WsfRYSS.exe
  C:\Windows\System\WsfRYSS.exe
  2⤵
  PID:11412
- C:\Windows\System\ZnBYCsA.exe
  C:\Windows\System\ZnBYCsA.exe
  2⤵
  PID:11820
- C:\Windows\System\omUTdeT.exe
  C:\Windows\System\omUTdeT.exe
  2⤵
  PID:11980
- C:\Windows\System\SCGhDZp.exe
  C:\Windows\System\SCGhDZp.exe
  2⤵
  PID:12280
- C:\Windows\System\KagxWwM.exe
  C:\Windows\System\KagxWwM.exe
  2⤵
  PID:12296
- C:\Windows\System\BRTVTmg.exe
  C:\Windows\System\BRTVTmg.exe
  2⤵
  PID:12364
- C:\Windows\System\NpLFkpt.exe
  C:\Windows\System\NpLFkpt.exe
  2⤵
  PID:12380
- C:\Windows\System\rFJwVzK.exe
  C:\Windows\System\rFJwVzK.exe
  2⤵
  PID:12400
- C:\Windows\System\FCrGixn.exe
  C:\Windows\System\FCrGixn.exe
  2⤵
  PID:12428
- C:\Windows\System\nsApOIc.exe
  C:\Windows\System\nsApOIc.exe
  2⤵
  PID:12452
- C:\Windows\System\aMYXZXl.exe
  C:\Windows\System\aMYXZXl.exe
  2⤵
  PID:12472
- C:\Windows\System\YOEAuPp.exe
  C:\Windows\System\YOEAuPp.exe
  2⤵
  PID:12496
- C:\Windows\System\NVdHsZQ.exe
  C:\Windows\System\NVdHsZQ.exe
  2⤵
  PID:12512
- C:\Windows\System\VShMPxq.exe
  C:\Windows\System\VShMPxq.exe
  2⤵
  PID:12548
- C:\Windows\System\eAZTPGN.exe
  C:\Windows\System\eAZTPGN.exe
  2⤵
  PID:12572
- C:\Windows\System\dPowKRj.exe
  C:\Windows\System\dPowKRj.exe
  2⤵
  PID:12612
- C:\Windows\System\KrxNriL.exe
  C:\Windows\System\KrxNriL.exe
  2⤵
  PID:12636
- C:\Windows\System\zJpKOXO.exe
  C:\Windows\System\zJpKOXO.exe
  2⤵
  PID:12656
- C:\Windows\System\QucxPPu.exe
  C:\Windows\System\QucxPPu.exe
  2⤵
  PID:12672
- C:\Windows\System\hADXoaC.exe
  C:\Windows\System\hADXoaC.exe
  2⤵
  PID:12724
- C:\Windows\System\ySzPEZE.exe
  C:\Windows\System\ySzPEZE.exe
  2⤵
  PID:12744
- C:\Windows\System\RpJqqno.exe
  C:\Windows\System\RpJqqno.exe
  2⤵
  PID:12768
- C:\Windows\System\EvFVHMa.exe
  C:\Windows\System\EvFVHMa.exe
  2⤵
  PID:12796
- C:\Windows\System\PcJVlCm.exe
  C:\Windows\System\PcJVlCm.exe
  2⤵
  PID:12820
- C:\Windows\System\xuOXuII.exe
  C:\Windows\System\xuOXuII.exe
  2⤵
  PID:12848
- C:\Windows\System\tTTTkmf.exe
  C:\Windows\System\tTTTkmf.exe
  2⤵
  PID:12868
- C:\Windows\System\nRYSEeB.exe
  C:\Windows\System\nRYSEeB.exe
  2⤵
  PID:12888
- C:\Windows\System\LDGTXKU.exe
  C:\Windows\System\LDGTXKU.exe
  2⤵
  PID:12908
- C:\Windows\System\GomhjxS.exe
  C:\Windows\System\GomhjxS.exe
  2⤵
  PID:12944
- C:\Windows\System\pfiptLd.exe
  C:\Windows\System\pfiptLd.exe
  2⤵
  PID:12992
- C:\Windows\System\LyieuAY.exe
  C:\Windows\System\LyieuAY.exe
  2⤵
  PID:13016
- C:\Windows\System\gfVgvIe.exe
  C:\Windows\System\gfVgvIe.exe
  2⤵
  PID:13040
- C:\Windows\System\iwrwlPj.exe
  C:\Windows\System\iwrwlPj.exe
  2⤵
  PID:13060
- C:\Windows\System\nkcsptG.exe
  C:\Windows\System\nkcsptG.exe
  2⤵
  PID:13092
- C:\Windows\System\PwxWkhy.exe
  C:\Windows\System\PwxWkhy.exe
  2⤵
  PID:13108
- C:\Windows\System\RzKdoiI.exe
  C:\Windows\System\RzKdoiI.exe
  2⤵
  PID:13144
- C:\Windows\System\xqkwthu.exe
  C:\Windows\System\xqkwthu.exe
  2⤵
  PID:13172
- C:\Windows\System\USDuMBg.exe
  C:\Windows\System\USDuMBg.exe
  2⤵
  PID:13224
- C:\Windows\System\MhyOyYl.exe
  C:\Windows\System\MhyOyYl.exe
  2⤵
  PID:13256
- C:\Windows\System\DjhDPtq.exe
  C:\Windows\System\DjhDPtq.exe
  2⤵
  PID:13280
- C:\Windows\System\UvCTJJG.exe
  C:\Windows\System\UvCTJJG.exe
  2⤵
  PID:12044
- C:\Windows\System\giQMxmz.exe
  C:\Windows\System\giQMxmz.exe
  2⤵
  PID:11664
- C:\Windows\System\ouzrIAh.exe
  C:\Windows\System\ouzrIAh.exe
  2⤵
  PID:12372
- C:\Windows\System\zksMMYy.exe
  C:\Windows\System\zksMMYy.exe
  2⤵
  PID:12424
- C:\Windows\System\iqiDSTa.exe
  C:\Windows\System\iqiDSTa.exe
  2⤵
  PID:12508
- C:\Windows\System\XoaChgu.exe
  C:\Windows\System\XoaChgu.exe
  2⤵
  PID:12532
- C:\Windows\System\EDIYXpG.exe
  C:\Windows\System\EDIYXpG.exe
  2⤵
  PID:12528
- C:\Windows\System\XXYXEQZ.exe
  C:\Windows\System\XXYXEQZ.exe
  2⤵
  PID:12668
- C:\Windows\System\vzqdNuI.exe
  C:\Windows\System\vzqdNuI.exe
  2⤵
  PID:12684
- C:\Windows\System\mnkkewL.exe
  C:\Windows\System\mnkkewL.exe
  2⤵
  PID:12740
- C:\Windows\System\ukNzsdH.exe
  C:\Windows\System\ukNzsdH.exe
  2⤵
  PID:12832
- C:\Windows\System\wBmZJPP.exe
  C:\Windows\System\wBmZJPP.exe
  2⤵
  PID:12864
- C:\Windows\System\JrlZvxp.exe
  C:\Windows\System\JrlZvxp.exe
  2⤵
  PID:12896
- C:\Windows\System\ViIGQWJ.exe
  C:\Windows\System\ViIGQWJ.exe
  2⤵
  PID:13036
- C:\Windows\System\vdlQmxZ.exe
  C:\Windows\System\vdlQmxZ.exe
  2⤵
  PID:13076
- C:\Windows\System\ZoUVgTj.exe
  C:\Windows\System\ZoUVgTj.exe
  2⤵
  PID:13132
- C:\Windows\System\nfNpCzk.exe
  C:\Windows\System\nfNpCzk.exe
  2⤵
  PID:13164
- C:\Windows\System\lyVLtMD.exe
  C:\Windows\System\lyVLtMD.exe
  2⤵
  PID:13244
- C:\Windows\System\lzpUYKt.exe
  C:\Windows\System\lzpUYKt.exe
  2⤵
  PID:12252
- C:\Windows\System\TqhWmtD.exe
  C:\Windows\System\TqhWmtD.exe
  2⤵
  PID:12396
- C:\Windows\System\biFZuZJ.exe
  C:\Windows\System\biFZuZJ.exe
  2⤵
  PID:12860
- C:\Windows\System\NshPUXZ.exe
  C:\Windows\System\NshPUXZ.exe
  2⤵
  PID:12980
- C:\Windows\System\VAKbDcs.exe
  C:\Windows\System\VAKbDcs.exe
  2⤵
  PID:13052
- C:\Windows\System\qOqOBGl.exe
  C:\Windows\System\qOqOBGl.exe
  2⤵
  PID:12312
- C:\Windows\System\upvBBWg.exe
  C:\Windows\System\upvBBWg.exe
  2⤵
  PID:12808
- C:\Windows\System\dyiMmWZ.exe
  C:\Windows\System\dyiMmWZ.exe
  2⤵
  PID:2804
- C:\Windows\System\DARCMSB.exe
  C:\Windows\System\DARCMSB.exe
  2⤵
  PID:1068
- C:\Windows\System\IiVJiUA.exe
  C:\Windows\System\IiVJiUA.exe
  2⤵
  PID:4440
- C:\Windows\System\RrRpaVc.exe
  C:\Windows\System\RrRpaVc.exe
  2⤵
  PID:12720
- C:\Windows\System\pGzpnuB.exe
  C:\Windows\System\pGzpnuB.exe
  2⤵
  PID:1404
- C:\Windows\System\rzSOYkX.exe
  C:\Windows\System\rzSOYkX.exe
  2⤵
  PID:13320
- C:\Windows\System\rGUmixu.exe
  C:\Windows\System\rGUmixu.exe
  2⤵
  PID:13344
- C:\Windows\System\wdSPtJU.exe
  C:\Windows\System\wdSPtJU.exe
  2⤵
  PID:13396
- C:\Windows\System\ywmGICK.exe
  C:\Windows\System\ywmGICK.exe
  2⤵
  PID:13416
- C:\Windows\System\ZhRrwGQ.exe
  C:\Windows\System\ZhRrwGQ.exe
  2⤵
  PID:13460
- C:\Windows\System\FTMYxtM.exe
  C:\Windows\System\FTMYxtM.exe
  2⤵
  PID:13480
- C:\Windows\System\VXVZnea.exe
  C:\Windows\System\VXVZnea.exe
  2⤵
  PID:13508
- C:\Windows\System\iqmlUsP.exe
  C:\Windows\System\iqmlUsP.exe
  2⤵
  PID:13532
- C:\Windows\System\hyiPYyQ.exe
  C:\Windows\System\hyiPYyQ.exe
  2⤵
  PID:13572
- C:\Windows\System\CbkNwZp.exe
  C:\Windows\System\CbkNwZp.exe
  2⤵
  PID:13604
- C:\Windows\System\LedBmyK.exe
  C:\Windows\System\LedBmyK.exe
  2⤵
  PID:13628
- C:\Windows\System\kYSsGku.exe
  C:\Windows\System\kYSsGku.exe
  2⤵
  PID:13660
- C:\Windows\System\idUERjm.exe
  C:\Windows\System\idUERjm.exe
  2⤵
  PID:13680
- C:\Windows\System\ZWLfOhH.exe
  C:\Windows\System\ZWLfOhH.exe
  2⤵
  PID:13696
- C:\Windows\System\cxSXWCm.exe
  C:\Windows\System\cxSXWCm.exe
  2⤵
  PID:13748
- C:\Windows\System\BVperBl.exe
  C:\Windows\System\BVperBl.exe
  2⤵
  PID:13768
- C:\Windows\System\lefIfXX.exe
  C:\Windows\System\lefIfXX.exe
  2⤵
  PID:13800
- C:\Windows\System\BZVVrvv.exe
  C:\Windows\System\BZVVrvv.exe
  2⤵
  PID:13820
- C:\Windows\System\lYHwIZX.exe
  C:\Windows\System\lYHwIZX.exe
  2⤵
  PID:13840
- C:\Windows\System\vTjxViB.exe
  C:\Windows\System\vTjxViB.exe
  2⤵
  PID:13868
- C:\Windows\System\lIHYmBm.exe
  C:\Windows\System\lIHYmBm.exe
  2⤵
  PID:13892
- C:\Windows\System\LDsEyeN.exe
  C:\Windows\System\LDsEyeN.exe
  2⤵
  PID:13920
- C:\Windows\System\prJLSSL.exe
  C:\Windows\System\prJLSSL.exe
  2⤵
  PID:13940
- C:\Windows\System\qqCpPao.exe
  C:\Windows\System\qqCpPao.exe
  2⤵
  PID:13964
- C:\Windows\System\NwyAHZC.exe
  C:\Windows\System\NwyAHZC.exe
  2⤵
  PID:13996
- C:\Windows\System\LnawYTq.exe
  C:\Windows\System\LnawYTq.exe
  2⤵
  PID:14024
- C:\Windows\System\aPllLwh.exe
  C:\Windows\System\aPllLwh.exe
  2⤵
  PID:14048
- C:\Windows\System\FWhHrvA.exe
  C:\Windows\System\FWhHrvA.exe
  2⤵
  PID:14072
- C:\Windows\System\bSyesMY.exe
  C:\Windows\System\bSyesMY.exe
  2⤵
  PID:14092
- C:\Windows\System\QyBImNl.exe
  C:\Windows\System\QyBImNl.exe
  2⤵
  PID:14120
- C:\Windows\System\jHrFAQc.exe
  C:\Windows\System\jHrFAQc.exe
  2⤵
  PID:14156
- C:\Windows\System\rakJouX.exe
  C:\Windows\System\rakJouX.exe
  2⤵
  PID:14184
- C:\Windows\System\HKVVMUh.exe
  C:\Windows\System\HKVVMUh.exe
  2⤵
  PID:14204
- C:\Windows\System\rlQPhOK.exe
  C:\Windows\System\rlQPhOK.exe
  2⤵
  PID:14244
- C:\Windows\System\QhiCHlI.exe
  C:\Windows\System\QhiCHlI.exe
  2⤵
  PID:14276
- C:\Windows\System\rbDmkmx.exe
  C:\Windows\System\rbDmkmx.exe
  2⤵
  PID:14308
- C:\Windows\System\ybKbHkD.exe
  C:\Windows\System\ybKbHkD.exe
  2⤵
  PID:14332
- C:\Windows\System\wZiQsEc.exe
  C:\Windows\System\wZiQsEc.exe
  2⤵
  PID:13356
- C:\Windows\System\exWjrjg.exe
  C:\Windows\System\exWjrjg.exe
  2⤵
  PID:13388
- C:\Windows\System\uqGMJqf.exe
  C:\Windows\System\uqGMJqf.exe
  2⤵
  PID:13524
- C:\Windows\System\XSbtBCZ.exe
  C:\Windows\System\XSbtBCZ.exe
  2⤵
  PID:13580
- C:\Windows\System\eOpBRwe.exe
  C:\Windows\System\eOpBRwe.exe
  2⤵
  PID:13624
- C:\Windows\System\NfZxZre.exe
  C:\Windows\System\NfZxZre.exe
  2⤵
  PID:13676
- C:\Windows\System\QNhaVRQ.exe
  C:\Windows\System\QNhaVRQ.exe
  2⤵
  PID:13792
- C:\Windows\System\RQdbZck.exe
  C:\Windows\System\RQdbZck.exe
  2⤵
  PID:13876
- C:\Windows\System\ZWCICGh.exe
  C:\Windows\System\ZWCICGh.exe
  2⤵
  PID:13856
- C:\Windows\System\GQZQFTS.exe
  C:\Windows\System\GQZQFTS.exe
  2⤵
  PID:13972
- C:\Windows\System\UxFuRkR.exe
  C:\Windows\System\UxFuRkR.exe
  2⤵
  PID:14040
- C:\Windows\System\GKXyZHA.exe
  C:\Windows\System\GKXyZHA.exe
  2⤵
  PID:14064
- C:\Windows\System\XigHBiF.exe
  C:\Windows\System\XigHBiF.exe
  2⤵
  PID:14132
- C:\Windows\System\qHWtTkk.exe
  C:\Windows\System\qHWtTkk.exe
  2⤵
  PID:14152
- C:\Windows\System\GafCUig.exe
  C:\Windows\System\GafCUig.exe
  2⤵
  PID:14196
- C:\Windows\System\iEFrSFZ.exe
  C:\Windows\System\iEFrSFZ.exe
  2⤵
  PID:14268
- C:\Windows\System\vDKZiLT.exe
  C:\Windows\System\vDKZiLT.exe
  2⤵
  PID:13316
- C:\Windows\System\PXkCbZe.exe
  C:\Windows\System\PXkCbZe.exe
  2⤵
  PID:13668

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BVfhHCF.exe

Filesize
1.9MB

MD5
0884bf6647a5567f8dfacc923561308f

SHA1
92deead1292ed01328b6b6ba9b36aa1a805e91a0

SHA256
862e37d58059dda9fc491a517901dce35bf5b78f92257db5d741733a58ad1002

SHA512
bd8bc24ea9a11a3625f9ca5e52021ac608d92e0a50bc57e1f73e68eee53bf4f983a69d27ba43890bf1638c19d54150d83f262e9862432e57f8d8372fa743e627

Download Submit
C:\Windows\System\CxagOcn.exe

Filesize
1.9MB

MD5
d15ff32168add1779441a83ac5273dc4

SHA1
431b7564ad68ab6b73831554a4d9b2b23bdfe083

SHA256
b135f6f78116499264493d6a1dc7c9ec7f37d6cb2eb218a7a348e52ca37c13c2

SHA512
a12cad5b4d4607815cca1091708f02092ef7557834145afab3f55560d87e52c238a51e6c0c21c19bce5e871b27d7fb211b8d78f892eb723eb3fcdf820c739d7f

Download Submit
C:\Windows\System\HzlkQSl.exe

Filesize
1.9MB

MD5
96fe7d0d04ecb71c03df3c46fecb6b6d

SHA1
c7d21ce152f01a775a91e6e1a646e18357de2aa3

SHA256
da90fa059595ad5ec168a1297e829e9740a9373d3292b1ed5eb36d6e13a2914b

SHA512
e2dfdab15d4ac0eda6cbd9584fc4c7929d2118e2c36b86afe4b43dd35c5ef5b650a767becf069205e2610d93c885445b016c5364ba137076312eae15fe872a4f

Download Submit
C:\Windows\System\RNjzCHA.exe

Filesize
1.9MB

MD5
8aa92e00515ef8a072b467a82cd93184

SHA1
c8f2c9b3c37b2b1d0a66ea14277fa92821293d29

SHA256
3fba634abc2ea2c884f067354e15f1f35299391759d847718c1e2bbd3ee1d505

SHA512
6ba17faac24000b3f99dda260d4e4a36d29218626f0d253916f14c72afc1bc23b3fc4b37c0a564f2dbd22deeeadcefdf8c4160255748a3ffddde8c354623481b

Download Submit
C:\Windows\System\RqVOrnR.exe

Filesize
1.9MB

MD5
49427c6aad6323f65b26658fe207a6f2

SHA1
a4fcf6b3e11126460a73c0c7c4cae1d77bff7adc

SHA256
3a65b561effcbe8ea597683aa58f1c605aa67a5cc1aa0d828ab8825db810ccbe

SHA512
46979e15eddb522fa2aae40d0652e076f246c68acca38c821ffdd93380cc187f8599249e448a515b86cd52c62b776fbd1b1a0a50ae9023a3049965075d914684

Download Submit
C:\Windows\System\SARAaRf.exe

Filesize
1.9MB

MD5
e89bca890ceade4d45cf58bafe9595c3

SHA1
f1d85ed03d2ca1a7d245c53c7d323d5fe8a35776

SHA256
f78805b2b159240435cc484723e419484ee743709fc6540f61f627f3b7aef778

SHA512
9cd2288cde8adf5ff810871d24ce0c0a3be573febc1773ff774ec8c46592eb05386cea13ebf94fe7d6ba4d64eae781576b7fce16c280b132d54ed62b6a923fd9

Download Submit
C:\Windows\System\SDfnGEb.exe

Filesize
1.9MB

MD5
15c82dfddfc30e861ccfb48e9a3b755a

SHA1
317e263bb5f4dc3e2237521c0df1c9232af8bb4f

SHA256
9f4b7598a5915a8b183594aad3ed386d3e4ab37a0179f79e0a3b939ace65cfb6

SHA512
dab866ab3027f1b3b50ba40ca1bd58a81ff02675e75eed323b6041525187914b162e6e5e09b2598ab28a6e440c8141372dcfe0266f097de468a529bd4e069b16

Download Submit
C:\Windows\System\SSqIhjy.exe

Filesize
1.9MB

MD5
c26938fe51fcf25aee8ff0f29196bd19

SHA1
ea99f3f37f15dbedec534da16ab4571249caee73

SHA256
698f65e1d913bbc72c127f415eacd3a5ff99405f36ed2c93168afb58f7986212

SHA512
19d5cc45f00d7e6008282d56b04892e02dfed507bf09545b05ab2830e5256ffbdb95ff85520d356a1aa07721cfcb7f100b36471421e8e9bf643ae2d3fb437243

Download Submit
C:\Windows\System\TdiuNmD.exe

Filesize
1.9MB

MD5
8b35cab0008c3712f72d5526bda9d83e

SHA1
a98065091c46db88b48ac87864a11700a11fff76

SHA256
ab4a600f14a8081118be038b392eaeeaec879edc0f70ad19b03ced82dd8e45b8

SHA512
7e8010d97e4e8831765d09d1e8177526d114111917c725dd283796142e55f2749bd448c218f394c935397c00e3ee425cafb1153eff8df8d664b1fe0202edb417

Download Submit
C:\Windows\System\TrwCzOh.exe

Filesize
1.9MB

MD5
2d08518c83845ee60b12a1b778c1737a

SHA1
d724d9760c3ee3c1e72e74fb2d172e6a38a9b89e

SHA256
5e180c7eb905c5e0b7b00ea5e196bed2808fc2c7411dfed644d793c9177af9c1

SHA512
d954c5f10833a7cbdb07b45485394384f22efd3a5d2f4484150b0c0e7e12377ac7a4aab4390944b0fedabb77020ca49e016d6fa088ec0f9896d2ecea0619c9dd

Download Submit
C:\Windows\System\TsWzNEv.exe

Filesize
1.9MB

MD5
174011795160a515cceb25b4081244ca

SHA1
a6535a1f19a1bf0381addb49e32d74a933334b5c

SHA256
f2e96afcd7cae21370a74eb0581e1deaf3cd1973c46e58a0d9de30fcc0a542bb

SHA512
80a74f40ae7bdab7784b5470d9bf56d39204e9356412feac2ad020cc4d6d61de477af27808db4e2c5fdedb8134a65b50ebb8ec1ebf622800c71c61037144e424

Download Submit
C:\Windows\System\TxsVkCW.exe

Filesize
1.9MB

MD5
ddf890d8b4d1d5ba63a64ffc828a3779

SHA1
17d138c66bd1450da0dfe734f32f0c221b4a3f90

SHA256
444ff3bc3ba2eba11a554d31580e9efa030a282784ca831f1cf9ec4445f8ef1d

SHA512
e6537c848653af0157f2833cb24349cf1ac601958dbf5bb2ca38e6626eb8ed11663330a9d0fca01e4840afa9fab6a62b56d41fd96fcbd4eba5af47e57052d7ce

Download Submit
C:\Windows\System\VutYgeb.exe

Filesize
1.9MB

MD5
ba8a4d99c630240d9334c9495efbaa7b

SHA1
76b01428217de0474d542024f00514ee313356f6

SHA256
c0202ada58b7503b0772910ec3d190f3cf5a0a25a32f57d7767cccbf62254ac5

SHA512
0c4e38959c979c7f1638a03317b4f982462faeda4928982b5a49ea0fd5ad939af10fca3eb782c34a13c772a976201aa18b562131c6f485b9da088052476dbfa9

Download Submit
C:\Windows\System\YHyVsYS.exe

Filesize
1.9MB

MD5
73bfec5de4454a711f044e309a543205

SHA1
2f68690692f7b5998f3c4c2410f0b39c74514138

SHA256
97e450cc309e3a66473f6ffc66840b76e921f81aaa52bb51b02d298e5501e838

SHA512
4f7b24998119ffb697ef8775c7e1999eba7f04793875a965837666f53a55b9374d6d76041e44bd59435c9385ede8270841b3fca130e238de26b2752fb5d73e77

Download Submit
C:\Windows\System\bQPJDmg.exe

Filesize
1.9MB

MD5
75ccecb01325d800fac04e2e2d640e09

SHA1
68a4e5e74e0981ddb3da14de5505861a8c3c3e0c

SHA256
144a1b0a0fb56bc58a6fd235be47e04dec7a720efba1df1454e50d288781e644

SHA512
1f8fc9885054356ed2013e8beb3234fae6827a95383d93052b4e388241253e99dd3a092e44e3f9bbdd58c26733c1b40735e032289cda2be8b1c12031df536806

Download Submit
C:\Windows\System\bZZAjGL.exe

Filesize
1.9MB

MD5
1a47d1c1b14dcf0764f521e3c11e24c3

SHA1
752aa9f2e4c5c37657ad621566e26e35077b56ee

SHA256
d8ae7ef2e58ec2775e924a8e68c004205de68ade39100d74cb51b236e3efdd2d

SHA512
5c37cf0551944f5b00f54b8fc3f127cb49bd9cff5ac7d20b40e8cd9461282a6d7929d211f8b974d2a3533262d13c9066a9c1fa2a3ea846dcc081b7f8d36ddb91

Download Submit
C:\Windows\System\dAFNSIr.exe

Filesize
1.9MB

MD5
61e0dbb84de2b225de582ef5c97df083

SHA1
a53eb5be54d33d3a25ca0ad7218c90e81677ea94

SHA256
bbad69090eb02da4700c9f11edc15767cbbf0d3ac38542380e0ad7ae18933485

SHA512
4a29e486f4225eba33cc465568e36562aa48f1e14ec0af64c6b383deea668e9c85427d4b5c74f20729b2eb1c0e60ca6bd570d6a4775521c1ec40212e2aa8ff09

Download Submit
C:\Windows\System\datQddp.exe

Filesize
1.9MB

MD5
ee318918ddde516461d8c7b6f9b3950a

SHA1
eb6d31e599da19399d0966c37b749a312cd242e8

SHA256
c0a4c96ba425c4f22e2eae303fa947ce8f93e6b193e402c5681abd0384b17847

SHA512
d0054da398a2433817af3cfcefa8e095488b8c6fee029e7c286747864b9d21f719d8637c2df0f451d00cf2ff89150ae96cf49785b6d1c486e429c967a409b53d

Download Submit
C:\Windows\System\eMVxrJC.exe

Filesize
1.9MB

MD5
fdbb2631df46a6b56ce204bfc3c25d5b

SHA1
d52aff91c6ba728224a17f8f5916f62b3596e994

SHA256
463c0c30309dc92f8e68b1a1ca5f339ea7d12a7cdc758a72cfe9bd36a3f8218b

SHA512
e57c3b20fdaf83547a0b564056b47270c5ba0a1defc1645d0b99e4f9098816e271dde6f79600fcd35f9a88413bc6bbeb6ca94fa1540b108e138f9476c8299457

Download Submit
C:\Windows\System\fUmurqJ.exe

Filesize
1.9MB

MD5
fb14493f071bcedf1d7a6970b2da317d

SHA1
04fc4b702e7a62615bad0afaaf0df37794583211

SHA256
098601ca630813a10408631d06685df6f9b6da5d121f3730cf20ab35ac359faf

SHA512
9800c2bcc4bd2ecb89ec5962dae3c0327668b1e76bb4f32a8b07cfdc32e0b469d45028bc2ec23b27b9717b2786edb23f81a18eea6435459350fc41a6f9dfdc7e

Download Submit
C:\Windows\System\igPtQzo.exe

Filesize
1.9MB

MD5
1f5d5b83ffb211598f8e6e5843c7b94e

SHA1
5776383cc844229267dcc7909c666f33e8ddf99e

SHA256
a2a2dbd1475ab2846d21ba6246df4abeda6b0d358f4d04fbbba87c1e54181430

SHA512
1ce2d0c5381d16e374fbfc02d10c3add9fcc5643886a1d4584a85bbc7cf875dacea56b853be4566babd2ad8433da1f60d5bcfa5e796dc0048a9d764bdb6bfec3

Download Submit
C:\Windows\System\pHdJzwi.exe

Filesize
1.9MB

MD5
bb8bc2b8331065f58cb51f4aba89c32f

SHA1
f6a88c32e6128364e6c297d2c52a1f7cd86ed20b

SHA256
da09905c3cfde96078edd1c8af679f69ecae535d8db4d39ba0e83ae4769e7649

SHA512
ccd86ca97112e48de8b7f5c79ae96c9f318ea9c3c37529fd2d1ab1ed7741fae70507b809a05aa9140f84a98277f04574c5e91b9056dae0a8a3823bfb05eaa9e5

Download Submit
C:\Windows\System\tPZkXiI.exe

Filesize
1.9MB

MD5
4bb19a08941b58f76507e405f50babfe

SHA1
a70d34f140518ecb68547613be5cbb214f0f9b7c

SHA256
b0fe4f64770292e25fb6d1512e5fda69cd1cf8a3fd9773e87eaede69abb84754

SHA512
4734ded2193992e5f86d2f07f5f72e7f244f5c42590aa0e7badc4d9d1ca41c9185953357792943a5c0a2a567cc8081ee2d3b13d7f3e594809824fc8fe85c6d7f

Download Submit
C:\Windows\System\tkmdqcZ.exe

Filesize
1.9MB

MD5
adb8ba3fa814e62776f4e2008e99619d

SHA1
21407c4c2e9916888387eacd7fd330552337cf05

SHA256
fa88730d20e009c4fb53ed9e7675be5ea94f34cdf362abf9ccbb89f30e76c045

SHA512
ccc83e3668bcfe16dbed3fd4814f573b9302e11725b25c60f8a277a4f316f9a529ef608d4c7551e539647ffb0ee80e5513e2fd47a83a211d1ea1fd4949a7e1ab

Download Submit
C:\Windows\System\tsBTomT.exe

Filesize
1.9MB

MD5
a89c419580f0a160166816971eca6fd5

SHA1
1c4ec2354bf687a02a3e8d506b863a39969ea655

SHA256
648226ef8e1d8cbbd94ac5ba8f83ac63e29b0a393469eb910f0c9c44e61fc3c2

SHA512
e1cb0e99673fe0ad586a9fc57b694d6dbc80bd3b456dcc8d669dae5ca4b52613f73d4c32949ea8a87aaa92e0b18667a98eea24101f6e3afe2dbd45a8121ef162

Download Submit
C:\Windows\System\uTaRCyO.exe

Filesize
1.9MB

MD5
53f5859318dd2bfadeb8e23cce981a4a

SHA1
3571f5ecd0f777ddffe1ee56ba9ba7ac84a82231

SHA256
0ad8a7460910bee4f777d40edc84fce51b6acf87ca3befef1d77f765a890ce6d

SHA512
d18637203690ab8bf740df99f21e633ad2b9375c0d48b53f54eccbbe8a32ec6e63cc58181a0add95608dce8e298525b4e4e51e6e4b9a573740228ccf254b62f8

Download Submit
C:\Windows\System\unuypIz.exe

Filesize
1.9MB

MD5
317c65c07c1d882e2c2036b381a06616

SHA1
49705f50c8baef57344ef75b3129373f70ba0162

SHA256
f14faf66c702e0960cc04534d47a428a0f8188f9f52add4dd3b78dfa2234c145

SHA512
99afcc83e908f52d52e59ed38cc79ee710937392b8e0263bbd49b34816401e13114a999fb5ae4846e236a43edffb4f57abbc97f6039e1b65451cb1a5c88a265b

Download Submit
C:\Windows\System\uxXaXkQ.exe

Filesize
1.9MB

MD5
3e52d08cb5ab7026ea6d327ccaa5e909

SHA1
b6f4814e8fac5e457b01e03a33be7c4d99399120

SHA256
a389df4a469f12a68b16f593ce560af3b99418a78e7abdf3603c0cbb94d70cf6

SHA512
eba61182048192452548a9950cf550948ca61b28fc12b085b23eae005984202f0d85e28f52eda31bf36a552586f3c3b01b47d0b2df397ef306a7b840685518c3

Download Submit
C:\Windows\System\vZOaRiB.exe

Filesize
1.9MB

MD5
9e32523398dcc51345fc8e5f42651c4f

SHA1
f3a43b07f51d97de9605ecb1e54f5db354b0a3f5

SHA256
24525e244eee6dda720491d193536796fcd73dbe9150d483c154484f164c23eb

SHA512
3d91f6790081fdd4f49423a74722f0d0699b82e63ae23f92dae5bcf07ead1e45cf5307c654a29265c3a6737c2eaee490552823334b00c6f3ee3d1cb298d8585f

Download Submit
C:\Windows\System\vrlyhll.exe

Filesize
1.9MB

MD5
650c491081739136a7fc60487630bb28

SHA1
727abaab106f5a460f17d8223b4ebd109ccc3683

SHA256
f890be75e962338adef4fe3fb29958f460a8357370d09708cff679e8a41a868f

SHA512
fce6ea4d6f4514c21fa346c1b4bf6f39cc6316253757e3942f231f9a8cccaee2914fa9d413d467794182aa1bd685b79c9acd30b76bb38bf037e0cba9fc5d7ffe

Download Submit
C:\Windows\System\wNHJceO.exe

Filesize
1.9MB

MD5
a2f7c675ee1210f3b190a7254aa0b845

SHA1
f89c3848bc5c327e9e89d5eb41860950412ddc77

SHA256
75ac23a7a0523258f37545baaebeb98b87a99aa5ba7a37f5672a215e5e71496b

SHA512
c816398600369db85b2e37f82d088ab17f21a36a65d81a4c917e56e91305ad11e674f7a8a3fc3788d08a8bd56e3fe47626c54ccf09345bbba4343c7b0f89bd04

Download Submit
C:\Windows\System\xguYpnM.exe

Filesize
1.9MB

MD5
89e53ced9e6fe35dd26f2703f4acda99

SHA1
322a869c60597e0f369af8a60fbf6da4f3015fb1

SHA256
94330d187aa8e9bd8e212406bfeca294769112e0e5306c3d341b7e39fbcad293

SHA512
d5e91af60fff2b4cee8e08bccad2f55267c5c8d7589de616ebe169cb133e448a694591ce98b9747c2d90e01063e53c043256e83ada892f659f7d0247a2b05e95

Download Submit
C:\Windows\System\zrvRynI.exe

Filesize
1.9MB

MD5
954ea6c77f07becd4d3fc424ed0b4056

SHA1
329119e07ec3a06c8964cbc4a75c26d2dc191b55

SHA256
ce7b3a61b5eb4fb6e7ff36a0b586e5f09d00451904ed42c159d130a93b9240a3

SHA512
4f96e86c5065be5a3171bd51cebd5d932c91d2662682ce8323552bbbd1a311387ccf92a71d19b2ee7351a3a25269cd0be6cdbdd3800a49586640417e33e2b3c8

Download Submit
memory/432-2298-0x00007FF620A70000-0x00007FF620DC1000-memory.dmp

Filesize
3.3MB

Download
memory/432-511-0x00007FF620A70000-0x00007FF620DC1000-memory.dmp

Filesize
3.3MB

Download
memory/552-2262-0x00007FF74EB50000-0x00007FF74EEA1000-memory.dmp

Filesize
3.3MB

Download
memory/552-461-0x00007FF74EB50000-0x00007FF74EEA1000-memory.dmp

Filesize
3.3MB

Download
memory/752-2296-0x00007FF7EA9D0000-0x00007FF7EAD21000-memory.dmp

Filesize
3.3MB

Download
memory/752-508-0x00007FF7EA9D0000-0x00007FF7EAD21000-memory.dmp

Filesize
3.3MB

Download
memory/784-488-0x00007FF69E610000-0x00007FF69E961000-memory.dmp

Filesize
3.3MB

Download
memory/784-2270-0x00007FF69E610000-0x00007FF69E961000-memory.dmp

Filesize
3.3MB

Download
memory/1392-2244-0x00007FF654280000-0x00007FF6545D1000-memory.dmp

Filesize
3.3MB

Download
memory/1392-2192-0x00007FF654280000-0x00007FF6545D1000-memory.dmp

Filesize
3.3MB

Download
memory/1392-11-0x00007FF654280000-0x00007FF6545D1000-memory.dmp

Filesize
3.3MB

Download
memory/1452-503-0x00007FF69FC90000-0x00007FF69FFE1000-memory.dmp

Filesize
3.3MB

Download
memory/1452-2294-0x00007FF69FC90000-0x00007FF69FFE1000-memory.dmp

Filesize
3.3MB

Download
memory/1564-42-0x00007FF76A4E0000-0x00007FF76A831000-memory.dmp

Filesize
3.3MB

Download
memory/1564-2227-0x00007FF76A4E0000-0x00007FF76A831000-memory.dmp

Filesize
3.3MB

Download
memory/1564-2260-0x00007FF76A4E0000-0x00007FF76A831000-memory.dmp

Filesize
3.3MB

Download
memory/1612-468-0x00007FF61DD30000-0x00007FF61E081000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2280-0x00007FF61DD30000-0x00007FF61E081000-memory.dmp

Filesize
3.3MB

Download
memory/1664-505-0x00007FF7AB6A0000-0x00007FF7AB9F1000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2292-0x00007FF7AB6A0000-0x00007FF7AB9F1000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2300-0x00007FF69CFE0000-0x00007FF69D331000-memory.dmp

Filesize
3.3MB

Download
memory/1764-517-0x00007FF69CFE0000-0x00007FF69D331000-memory.dmp

Filesize
3.3MB

Download
memory/1792-33-0x00007FF6C4000000-0x00007FF6C4351000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2248-0x00007FF6C4000000-0x00007FF6C4351000-memory.dmp

Filesize
3.3MB

Download
memory/1796-472-0x00007FF76D7D0000-0x00007FF76DB21000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2278-0x00007FF76D7D0000-0x00007FF76DB21000-memory.dmp

Filesize
3.3MB

Download
memory/1888-2276-0x00007FF654300000-0x00007FF654651000-memory.dmp

Filesize
3.3MB

Download
memory/1888-469-0x00007FF654300000-0x00007FF654651000-memory.dmp

Filesize
3.3MB

Download
memory/1916-2194-0x00007FF6ED3F0000-0x00007FF6ED741000-memory.dmp

Filesize
3.3MB

Download
memory/1916-2258-0x00007FF6ED3F0000-0x00007FF6ED741000-memory.dmp

Filesize
3.3MB

Download
memory/1916-29-0x00007FF6ED3F0000-0x00007FF6ED741000-memory.dmp

Filesize
3.3MB

Download
memory/2136-480-0x00007FF737E40000-0x00007FF738191000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2266-0x00007FF737E40000-0x00007FF738191000-memory.dmp

Filesize
3.3MB

Download
memory/2208-2284-0x00007FF6105D0000-0x00007FF610921000-memory.dmp

Filesize
3.3MB

Download
memory/2208-465-0x00007FF6105D0000-0x00007FF610921000-memory.dmp

Filesize
3.3MB

Download
memory/2404-494-0x00007FF759D20000-0x00007FF75A071000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2268-0x00007FF759D20000-0x00007FF75A071000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2246-0x00007FF6E96B0000-0x00007FF6E9A01000-memory.dmp

Filesize
3.3MB

Download
memory/2444-22-0x00007FF6E96B0000-0x00007FF6E9A01000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2226-0x00007FF6E96B0000-0x00007FF6E9A01000-memory.dmp

Filesize
3.3MB

Download
memory/2484-0-0x00007FF6F3290000-0x00007FF6F35E1000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1-0x000001ED71EB0000-0x000001ED71EC0000-memory.dmp

Filesize
64KB

Download
memory/2552-2274-0x00007FF678EB0000-0x00007FF679201000-memory.dmp

Filesize
3.3MB

Download
memory/2552-477-0x00007FF678EB0000-0x00007FF679201000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2225-0x00007FF711890000-0x00007FF711BE1000-memory.dmp

Filesize
3.3MB

Download
memory/3044-20-0x00007FF711890000-0x00007FF711BE1000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2250-0x00007FF711890000-0x00007FF711BE1000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2256-0x00007FF76B850000-0x00007FF76BBA1000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2228-0x00007FF76B850000-0x00007FF76BBA1000-memory.dmp

Filesize
3.3MB

Download
memory/3648-460-0x00007FF76B850000-0x00007FF76BBA1000-memory.dmp

Filesize
3.3MB

Download
memory/3856-2286-0x00007FF7F3BA0000-0x00007FF7F3EF1000-memory.dmp

Filesize
3.3MB

Download
memory/3856-466-0x00007FF7F3BA0000-0x00007FF7F3EF1000-memory.dmp

Filesize
3.3MB

Download
memory/3864-2290-0x00007FF789F70000-0x00007FF78A2C1000-memory.dmp

Filesize
3.3MB

Download
memory/3864-464-0x00007FF789F70000-0x00007FF78A2C1000-memory.dmp

Filesize
3.3MB

Download
memory/4304-518-0x00007FF7F14F0000-0x00007FF7F1841000-memory.dmp

Filesize
3.3MB

Download
memory/4304-2254-0x00007FF7F14F0000-0x00007FF7F1841000-memory.dmp

Filesize
3.3MB

Download
memory/4428-462-0x00007FF7B3C30000-0x00007FF7B3F81000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2264-0x00007FF7B3C30000-0x00007FF7B3F81000-memory.dmp

Filesize
3.3MB

Download
memory/4572-485-0x00007FF74D7C0000-0x00007FF74DB11000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2272-0x00007FF74D7C0000-0x00007FF74DB11000-memory.dmp

Filesize
3.3MB

Download
memory/4724-529-0x00007FF60F990000-0x00007FF60FCE1000-memory.dmp

Filesize
3.3MB

Download
memory/4724-2252-0x00007FF60F990000-0x00007FF60FCE1000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2282-0x00007FF6EAC00000-0x00007FF6EAF51000-memory.dmp

Filesize
3.3MB

Download
memory/4916-467-0x00007FF6EAC00000-0x00007FF6EAF51000-memory.dmp

Filesize
3.3MB

Download
memory/5048-463-0x00007FF748FC0000-0x00007FF749311000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2288-0x00007FF748FC0000-0x00007FF749311000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads