xmrig | 73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
Size

1.7MB
MD5

d696602d7db8526d4ff9c005f40f5540
SHA1

090a13043f57fbdb10af29df2de0e51338b34e8c
SHA256

73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171
SHA512

2f45c4fde61c82697f45484dd3e8453c03ba41f2cf36d1306ad9f1d4c7f5af51fa4068b440339d0df99be10092de9d1f030618948054fae7aeff1983d74576be
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIXxeHNR0dRF:oemTLkNdfE0pZrj

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4720-0-0x00007FF627830000-0x00007FF627B84000-memory.dmp	xmrig
behavioral2/files/0x0008000000023564-5.dat	xmrig
behavioral2/files/0x0007000000023565-8.dat	xmrig
behavioral2/files/0x0007000000023568-19.dat	xmrig
behavioral2/files/0x0007000000023567-18.dat	xmrig
behavioral2/files/0x000700000002356d-65.dat	xmrig
behavioral2/files/0x000700000002356e-85.dat	xmrig
behavioral2/memory/740-114-0x00007FF62C910000-0x00007FF62CC64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023580-150.dat	xmrig
behavioral2/memory/4148-186-0x00007FF686780000-0x00007FF686AD4000-memory.dmp	xmrig
behavioral2/memory/384-197-0x00007FF690910000-0x00007FF690C64000-memory.dmp	xmrig
behavioral2/memory/4876-210-0x00007FF649E80000-0x00007FF64A1D4000-memory.dmp	xmrig
behavioral2/memory/1568-216-0x00007FF6178A0000-0x00007FF617BF4000-memory.dmp	xmrig
behavioral2/memory/2296-221-0x00007FF7C68F0000-0x00007FF7C6C44000-memory.dmp	xmrig
behavioral2/memory/1164-220-0x00007FF66B9F0000-0x00007FF66BD44000-memory.dmp	xmrig
behavioral2/memory/2028-219-0x00007FF70F920000-0x00007FF70FC74000-memory.dmp	xmrig
behavioral2/memory/3272-218-0x00007FF69AA40000-0x00007FF69AD94000-memory.dmp	xmrig
behavioral2/memory/1796-217-0x00007FF78BB90000-0x00007FF78BEE4000-memory.dmp	xmrig
behavioral2/memory/1504-215-0x00007FF72E430000-0x00007FF72E784000-memory.dmp	xmrig
behavioral2/memory/4804-214-0x00007FF7180E0000-0x00007FF718434000-memory.dmp	xmrig
behavioral2/memory/3784-213-0x00007FF6E1140000-0x00007FF6E1494000-memory.dmp	xmrig
behavioral2/memory/4368-212-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp	xmrig
behavioral2/memory/5108-211-0x00007FF66F080000-0x00007FF66F3D4000-memory.dmp	xmrig
behavioral2/memory/4608-209-0x00007FF7DB100000-0x00007FF7DB454000-memory.dmp	xmrig
behavioral2/memory/1724-207-0x00007FF614590000-0x00007FF6148E4000-memory.dmp	xmrig
behavioral2/memory/3652-206-0x00007FF6E9CC0000-0x00007FF6EA014000-memory.dmp	xmrig
behavioral2/memory/4648-205-0x00007FF676320000-0x00007FF676674000-memory.dmp	xmrig
behavioral2/memory/2008-204-0x00007FF7FF280000-0x00007FF7FF5D4000-memory.dmp	xmrig
behavioral2/memory/3568-196-0x00007FF6F4390000-0x00007FF6F46E4000-memory.dmp	xmrig
behavioral2/memory/1916-187-0x00007FF699240000-0x00007FF699594000-memory.dmp	xmrig
behavioral2/files/0x0007000000023588-183.dat	xmrig
behavioral2/files/0x0007000000023587-181.dat	xmrig
behavioral2/files/0x0007000000023586-179.dat	xmrig
behavioral2/files/0x000700000002357f-177.dat	xmrig
behavioral2/files/0x0007000000023579-175.dat	xmrig
behavioral2/files/0x0007000000023573-173.dat	xmrig
behavioral2/files/0x0007000000023585-172.dat	xmrig
behavioral2/files/0x0007000000023584-171.dat	xmrig
behavioral2/memory/1148-167-0x00007FF7829A0000-0x00007FF782CF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023576-163.dat	xmrig
behavioral2/files/0x0007000000023582-162.dat	xmrig
behavioral2/files/0x0007000000023581-158.dat	xmrig
behavioral2/files/0x000700000002357c-154.dat	xmrig
behavioral2/files/0x000700000002357b-148.dat	xmrig
behavioral2/files/0x000700000002357a-146.dat	xmrig
behavioral2/files/0x0007000000023575-142.dat	xmrig
behavioral2/files/0x0007000000023574-139.dat	xmrig
behavioral2/files/0x0007000000023571-135.dat	xmrig
behavioral2/files/0x0007000000023578-129.dat	xmrig
behavioral2/files/0x000700000002357e-124.dat	xmrig
behavioral2/files/0x0007000000023583-170.dat	xmrig
behavioral2/files/0x000700000002357d-121.dat	xmrig
behavioral2/memory/3768-118-0x00007FF620640000-0x00007FF620994000-memory.dmp	xmrig
behavioral2/files/0x0007000000023570-108.dat	xmrig
behavioral2/files/0x000700000002356c-106.dat	xmrig
behavioral2/files/0x0007000000023577-98.dat	xmrig
behavioral2/memory/232-88-0x00007FF6CA680000-0x00007FF6CA9D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023572-110.dat	xmrig
behavioral2/memory/1296-78-0x00007FF751190000-0x00007FF7514E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002356f-72.dat	xmrig
behavioral2/files/0x000700000002356b-69.dat	xmrig
behavioral2/files/0x000700000002356a-94.dat	xmrig
behavioral2/memory/4256-42-0x00007FF771020000-0x00007FF771374000-memory.dmp	xmrig
behavioral2/memory/1228-52-0x00007FF6714B0000-0x00007FF671804000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2156	blYZLVo.exe
4256	dQmRnME.exe
4804	VoQHxCH.exe
1228	HbZemET.exe
1296	ynznvWb.exe
232	sKwQMNB.exe
1504	GAucocY.exe
740	qvEjCTJ.exe
1568	lKdcNDS.exe
1796	uQfZajR.exe
3768	IfmFiQW.exe
1148	UVWShEA.exe
4148	vddKJjb.exe
1916	jZQtYsY.exe
3568	ppbYOmR.exe
3272	hSfjGqO.exe
384	CGYfZzo.exe
2008	TUxAWeT.exe
2028	sPpgWZz.exe
4648	yRqwkmc.exe
3652	jrrZxRC.exe
1724	fOwWePw.exe
4608	bkSSDFK.exe
4876	cmXXePX.exe
1164	cGCPrdl.exe
2296	RhCWMIN.exe
5108	OnOSrNJ.exe
4368	zshneyo.exe
3784	xRJswyF.exe
2096	eAuZRRT.exe
3600	QvnrOZZ.exe
2460	jvvkJvu.exe
4540	SvwSKHb.exe
4944	rcfXAJh.exe
4744	xykTVAk.exe
1420	npazpQq.exe
1604	nTKrXRP.exe
1896	Bgsxrdw.exe
1832	OSTWVmF.exe
4916	mUZWNqx.exe
2984	EBUjLdU.exe
3684	RrYsFrn.exe
4336	SwiNwuB.exe
1516	FrWbiCr.exe
3084	COcUmxv.exe
3356	NdYgjHn.exe
344	TDqDhkQ.exe
4932	iogrwKY.exe
3876	cGYTOKU.exe
2052	EREtway.exe
4908	vNLnVsW.exe
1696	bOZczxR.exe
3196	dhdTDfs.exe
4212	iGxoUDH.exe
464	jssFUZt.exe
2464	WridDZq.exe
4196	cVICesA.exe
1912	DRnVBfN.exe
1124	DtsSlLX.exe
4976	mfHumNN.exe
388	mfdeyiH.exe
5048	kBWpewB.exe
4296	QEyVbop.exe
4324	Kfgxoge.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4720-0-0x00007FF627830000-0x00007FF627B84000-memory.dmp	upx
behavioral2/files/0x0008000000023564-5.dat	upx
behavioral2/files/0x0007000000023565-8.dat	upx
behavioral2/files/0x0007000000023568-19.dat	upx
behavioral2/files/0x0007000000023567-18.dat	upx
behavioral2/files/0x000700000002356d-65.dat	upx
behavioral2/files/0x000700000002356e-85.dat	upx
behavioral2/memory/740-114-0x00007FF62C910000-0x00007FF62CC64000-memory.dmp	upx
behavioral2/files/0x0007000000023580-150.dat	upx
behavioral2/memory/4148-186-0x00007FF686780000-0x00007FF686AD4000-memory.dmp	upx
behavioral2/memory/384-197-0x00007FF690910000-0x00007FF690C64000-memory.dmp	upx
behavioral2/memory/4876-210-0x00007FF649E80000-0x00007FF64A1D4000-memory.dmp	upx
behavioral2/memory/1568-216-0x00007FF6178A0000-0x00007FF617BF4000-memory.dmp	upx
behavioral2/memory/2296-221-0x00007FF7C68F0000-0x00007FF7C6C44000-memory.dmp	upx
behavioral2/memory/1164-220-0x00007FF66B9F0000-0x00007FF66BD44000-memory.dmp	upx
behavioral2/memory/2028-219-0x00007FF70F920000-0x00007FF70FC74000-memory.dmp	upx
behavioral2/memory/3272-218-0x00007FF69AA40000-0x00007FF69AD94000-memory.dmp	upx
behavioral2/memory/1796-217-0x00007FF78BB90000-0x00007FF78BEE4000-memory.dmp	upx
behavioral2/memory/1504-215-0x00007FF72E430000-0x00007FF72E784000-memory.dmp	upx
behavioral2/memory/4804-214-0x00007FF7180E0000-0x00007FF718434000-memory.dmp	upx
behavioral2/memory/3784-213-0x00007FF6E1140000-0x00007FF6E1494000-memory.dmp	upx
behavioral2/memory/4368-212-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp	upx
behavioral2/memory/5108-211-0x00007FF66F080000-0x00007FF66F3D4000-memory.dmp	upx
behavioral2/memory/4608-209-0x00007FF7DB100000-0x00007FF7DB454000-memory.dmp	upx
behavioral2/memory/1724-207-0x00007FF614590000-0x00007FF6148E4000-memory.dmp	upx
behavioral2/memory/3652-206-0x00007FF6E9CC0000-0x00007FF6EA014000-memory.dmp	upx
behavioral2/memory/4648-205-0x00007FF676320000-0x00007FF676674000-memory.dmp	upx
behavioral2/memory/2008-204-0x00007FF7FF280000-0x00007FF7FF5D4000-memory.dmp	upx
behavioral2/memory/3568-196-0x00007FF6F4390000-0x00007FF6F46E4000-memory.dmp	upx
behavioral2/memory/1916-187-0x00007FF699240000-0x00007FF699594000-memory.dmp	upx
behavioral2/files/0x0007000000023588-183.dat	upx
behavioral2/files/0x0007000000023587-181.dat	upx
behavioral2/files/0x0007000000023586-179.dat	upx
behavioral2/files/0x000700000002357f-177.dat	upx
behavioral2/files/0x0007000000023579-175.dat	upx
behavioral2/files/0x0007000000023573-173.dat	upx
behavioral2/files/0x0007000000023585-172.dat	upx
behavioral2/files/0x0007000000023584-171.dat	upx
behavioral2/memory/1148-167-0x00007FF7829A0000-0x00007FF782CF4000-memory.dmp	upx
behavioral2/files/0x0007000000023576-163.dat	upx
behavioral2/files/0x0007000000023582-162.dat	upx
behavioral2/files/0x0007000000023581-158.dat	upx
behavioral2/files/0x000700000002357c-154.dat	upx
behavioral2/files/0x000700000002357b-148.dat	upx
behavioral2/files/0x000700000002357a-146.dat	upx
behavioral2/files/0x0007000000023575-142.dat	upx
behavioral2/files/0x0007000000023574-139.dat	upx
behavioral2/files/0x0007000000023571-135.dat	upx
behavioral2/files/0x0007000000023578-129.dat	upx
behavioral2/files/0x000700000002357e-124.dat	upx
behavioral2/files/0x0007000000023583-170.dat	upx
behavioral2/files/0x000700000002357d-121.dat	upx
behavioral2/memory/3768-118-0x00007FF620640000-0x00007FF620994000-memory.dmp	upx
behavioral2/files/0x0007000000023570-108.dat	upx
behavioral2/files/0x000700000002356c-106.dat	upx
behavioral2/files/0x0007000000023577-98.dat	upx
behavioral2/memory/232-88-0x00007FF6CA680000-0x00007FF6CA9D4000-memory.dmp	upx
behavioral2/files/0x0007000000023572-110.dat	upx
behavioral2/memory/1296-78-0x00007FF751190000-0x00007FF7514E4000-memory.dmp	upx
behavioral2/files/0x000700000002356f-72.dat	upx
behavioral2/files/0x000700000002356b-69.dat	upx
behavioral2/files/0x000700000002356a-94.dat	upx
behavioral2/memory/4256-42-0x00007FF771020000-0x00007FF771374000-memory.dmp	upx
behavioral2/memory/1228-52-0x00007FF6714B0000-0x00007FF671804000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IbfQHzr.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\HKcHymV.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\NTKPXUh.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\IuVQCgB.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\RZfdJYQ.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\FxnkWVj.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\ETvvYFD.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\VivBsNb.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\CnFiwef.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\IdxhgVF.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\Bgsxrdw.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\SxXjpAd.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\ywFdCWE.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\HbZemET.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\UVWShEA.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\dWCSrMq.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\uQMWbEG.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\mDGpduR.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\KmQPzMZ.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\YlSGWVy.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\zwUSjcm.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\VtGVTqE.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\XJQoVpb.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\QOHKTCK.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\ouUBBxk.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\fsJQPWm.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\vPdrtwu.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\OtqmZaB.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\XHZcowZ.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\bvySDiA.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\nkrSTgR.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\epyiwNS.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\cGCPrdl.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\jpnDjMo.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\OzGRGSv.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\EkXhJFQ.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\wybCExI.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\ctIAIqx.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\CdgPXYs.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\TLVnWCQ.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\nglGuoS.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\RuzPAdX.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\WwYafDD.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\qtvUOiq.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\gyNoWuJ.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\rcfXAJh.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\LiURfjS.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\nOUxeqj.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\OvDhbBW.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\EnyOKst.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\lNOFVKX.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\TPNYzaV.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\ZlJXvDU.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\mxSJTuS.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\oUFoggc.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\ObdgVbR.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\xRJiniD.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\FkxwseV.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\BfWkZaN.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\AmxkGSq.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\zcWLKKC.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\fZIMmRv.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\xykTVAk.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
File created	C:\Windows\System\HOPqWxp.exe	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3752	dwm.exe
Token: SeChangeNotifyPrivilege	3752	dwm.exe
Token: 33	3752	dwm.exe
Token: SeIncBasePriorityPrivilege	3752	dwm.exe
Token: SeShutdownPrivilege	3752	dwm.exe
Token: SeCreatePagefilePrivilege	3752	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 2156	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	83
PID 4720 wrote to memory of 2156	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	83
PID 4720 wrote to memory of 4256	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	84
PID 4720 wrote to memory of 4256	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	84
PID 4720 wrote to memory of 232	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	85
PID 4720 wrote to memory of 232	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	85
PID 4720 wrote to memory of 4804	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	86
PID 4720 wrote to memory of 4804	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	86
PID 4720 wrote to memory of 1228	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	87
PID 4720 wrote to memory of 1228	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	87
PID 4720 wrote to memory of 1296	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	88
PID 4720 wrote to memory of 1296	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	88
PID 4720 wrote to memory of 1504	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	89
PID 4720 wrote to memory of 1504	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	89
PID 4720 wrote to memory of 740	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	90
PID 4720 wrote to memory of 740	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	90
PID 4720 wrote to memory of 1568	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	91
PID 4720 wrote to memory of 1568	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	91
PID 4720 wrote to memory of 1916	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	92
PID 4720 wrote to memory of 1916	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	92
PID 4720 wrote to memory of 1796	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	93
PID 4720 wrote to memory of 1796	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	93
PID 4720 wrote to memory of 3768	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	94
PID 4720 wrote to memory of 3768	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	94
PID 4720 wrote to memory of 1148	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	95
PID 4720 wrote to memory of 1148	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	95
PID 4720 wrote to memory of 4148	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	96
PID 4720 wrote to memory of 4148	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	96
PID 4720 wrote to memory of 3568	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	97
PID 4720 wrote to memory of 3568	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	97
PID 4720 wrote to memory of 3272	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	98
PID 4720 wrote to memory of 3272	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	98
PID 4720 wrote to memory of 384	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	99
PID 4720 wrote to memory of 384	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	99
PID 4720 wrote to memory of 2008	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	100
PID 4720 wrote to memory of 2008	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	100
PID 4720 wrote to memory of 2028	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	101
PID 4720 wrote to memory of 2028	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	101
PID 4720 wrote to memory of 4648	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	102
PID 4720 wrote to memory of 4648	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	102
PID 4720 wrote to memory of 3652	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	103
PID 4720 wrote to memory of 3652	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	103
PID 4720 wrote to memory of 1724	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	104
PID 4720 wrote to memory of 1724	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	104
PID 4720 wrote to memory of 4608	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	105
PID 4720 wrote to memory of 4608	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	105
PID 4720 wrote to memory of 4876	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	106
PID 4720 wrote to memory of 4876	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	106
PID 4720 wrote to memory of 1164	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	107
PID 4720 wrote to memory of 1164	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	107
PID 4720 wrote to memory of 2296	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	108
PID 4720 wrote to memory of 2296	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	108
PID 4720 wrote to memory of 5108	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	109
PID 4720 wrote to memory of 5108	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	109
PID 4720 wrote to memory of 4368	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	110
PID 4720 wrote to memory of 4368	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	110
PID 4720 wrote to memory of 3784	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	111
PID 4720 wrote to memory of 3784	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	111
PID 4720 wrote to memory of 2096	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	112
PID 4720 wrote to memory of 2096	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	112
PID 4720 wrote to memory of 3600	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	113
PID 4720 wrote to memory of 3600	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	113
PID 4720 wrote to memory of 2460	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	114
PID 4720 wrote to memory of 2460	4720	73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\73f93a574003781424747d44b20b689fad1569d05ccdf922421d076c72f08171_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Windows\System\blYZLVo.exe
  C:\Windows\System\blYZLVo.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\dQmRnME.exe
  C:\Windows\System\dQmRnME.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\sKwQMNB.exe
  C:\Windows\System\sKwQMNB.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\VoQHxCH.exe
  C:\Windows\System\VoQHxCH.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\HbZemET.exe
  C:\Windows\System\HbZemET.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\ynznvWb.exe
  C:\Windows\System\ynznvWb.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\GAucocY.exe
  C:\Windows\System\GAucocY.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\qvEjCTJ.exe
  C:\Windows\System\qvEjCTJ.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\lKdcNDS.exe
  C:\Windows\System\lKdcNDS.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\jZQtYsY.exe
  C:\Windows\System\jZQtYsY.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\uQfZajR.exe
  C:\Windows\System\uQfZajR.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\IfmFiQW.exe
  C:\Windows\System\IfmFiQW.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\UVWShEA.exe
  C:\Windows\System\UVWShEA.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\vddKJjb.exe
  C:\Windows\System\vddKJjb.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\ppbYOmR.exe
  C:\Windows\System\ppbYOmR.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\hSfjGqO.exe
  C:\Windows\System\hSfjGqO.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\CGYfZzo.exe
  C:\Windows\System\CGYfZzo.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\TUxAWeT.exe
  C:\Windows\System\TUxAWeT.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\sPpgWZz.exe
  C:\Windows\System\sPpgWZz.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\yRqwkmc.exe
  C:\Windows\System\yRqwkmc.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\jrrZxRC.exe
  C:\Windows\System\jrrZxRC.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\fOwWePw.exe
  C:\Windows\System\fOwWePw.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\bkSSDFK.exe
  C:\Windows\System\bkSSDFK.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\cmXXePX.exe
  C:\Windows\System\cmXXePX.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\cGCPrdl.exe
  C:\Windows\System\cGCPrdl.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\RhCWMIN.exe
  C:\Windows\System\RhCWMIN.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\OnOSrNJ.exe
  C:\Windows\System\OnOSrNJ.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\zshneyo.exe
  C:\Windows\System\zshneyo.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\xRJswyF.exe
  C:\Windows\System\xRJswyF.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\eAuZRRT.exe
  C:\Windows\System\eAuZRRT.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\QvnrOZZ.exe
  C:\Windows\System\QvnrOZZ.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\jvvkJvu.exe
  C:\Windows\System\jvvkJvu.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\SvwSKHb.exe
  C:\Windows\System\SvwSKHb.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\rcfXAJh.exe
  C:\Windows\System\rcfXAJh.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\xykTVAk.exe
  C:\Windows\System\xykTVAk.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\npazpQq.exe
  C:\Windows\System\npazpQq.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\nTKrXRP.exe
  C:\Windows\System\nTKrXRP.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\Bgsxrdw.exe
  C:\Windows\System\Bgsxrdw.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\OSTWVmF.exe
  C:\Windows\System\OSTWVmF.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\mUZWNqx.exe
  C:\Windows\System\mUZWNqx.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\EBUjLdU.exe
  C:\Windows\System\EBUjLdU.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\RrYsFrn.exe
  C:\Windows\System\RrYsFrn.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\SwiNwuB.exe
  C:\Windows\System\SwiNwuB.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\FrWbiCr.exe
  C:\Windows\System\FrWbiCr.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\COcUmxv.exe
  C:\Windows\System\COcUmxv.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\NdYgjHn.exe
  C:\Windows\System\NdYgjHn.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\TDqDhkQ.exe
  C:\Windows\System\TDqDhkQ.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\iogrwKY.exe
  C:\Windows\System\iogrwKY.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\cGYTOKU.exe
  C:\Windows\System\cGYTOKU.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\EREtway.exe
  C:\Windows\System\EREtway.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\vNLnVsW.exe
  C:\Windows\System\vNLnVsW.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\bOZczxR.exe
  C:\Windows\System\bOZczxR.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\dhdTDfs.exe
  C:\Windows\System\dhdTDfs.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\iGxoUDH.exe
  C:\Windows\System\iGxoUDH.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\jssFUZt.exe
  C:\Windows\System\jssFUZt.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\WridDZq.exe
  C:\Windows\System\WridDZq.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\cVICesA.exe
  C:\Windows\System\cVICesA.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\DRnVBfN.exe
  C:\Windows\System\DRnVBfN.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\DtsSlLX.exe
  C:\Windows\System\DtsSlLX.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\mfHumNN.exe
  C:\Windows\System\mfHumNN.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\mfdeyiH.exe
  C:\Windows\System\mfdeyiH.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\kBWpewB.exe
  C:\Windows\System\kBWpewB.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\QEyVbop.exe
  C:\Windows\System\QEyVbop.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\Kfgxoge.exe
  C:\Windows\System\Kfgxoge.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\EzKCWNl.exe
  C:\Windows\System\EzKCWNl.exe
  2⤵
  PID:4984
- C:\Windows\System\ouUBBxk.exe
  C:\Windows\System\ouUBBxk.exe
  2⤵
  PID:1812
- C:\Windows\System\HNYGySK.exe
  C:\Windows\System\HNYGySK.exe
  2⤵
  PID:1920
- C:\Windows\System\DxWvDXE.exe
  C:\Windows\System\DxWvDXE.exe
  2⤵
  PID:5172
- C:\Windows\System\jpnDjMo.exe
  C:\Windows\System\jpnDjMo.exe
  2⤵
  PID:5188
- C:\Windows\System\Yvfjggp.exe
  C:\Windows\System\Yvfjggp.exe
  2⤵
  PID:5204
- C:\Windows\System\gBSekEd.exe
  C:\Windows\System\gBSekEd.exe
  2⤵
  PID:5220
- C:\Windows\System\mQhbvaq.exe
  C:\Windows\System\mQhbvaq.exe
  2⤵
  PID:5236
- C:\Windows\System\GQePAmc.exe
  C:\Windows\System\GQePAmc.exe
  2⤵
  PID:5256
- C:\Windows\System\ZRSIceB.exe
  C:\Windows\System\ZRSIceB.exe
  2⤵
  PID:5276
- C:\Windows\System\PXDYGOX.exe
  C:\Windows\System\PXDYGOX.exe
  2⤵
  PID:5308
- C:\Windows\System\FxnkWVj.exe
  C:\Windows\System\FxnkWVj.exe
  2⤵
  PID:5348
- C:\Windows\System\aWHDLew.exe
  C:\Windows\System\aWHDLew.exe
  2⤵
  PID:5384
- C:\Windows\System\wwOTgLw.exe
  C:\Windows\System\wwOTgLw.exe
  2⤵
  PID:5412
- C:\Windows\System\ZlJXvDU.exe
  C:\Windows\System\ZlJXvDU.exe
  2⤵
  PID:5468
- C:\Windows\System\mxSJTuS.exe
  C:\Windows\System\mxSJTuS.exe
  2⤵
  PID:5500
- C:\Windows\System\nTwIrqD.exe
  C:\Windows\System\nTwIrqD.exe
  2⤵
  PID:5540
- C:\Windows\System\oKAodYS.exe
  C:\Windows\System\oKAodYS.exe
  2⤵
  PID:5568
- C:\Windows\System\vPMpbYe.exe
  C:\Windows\System\vPMpbYe.exe
  2⤵
  PID:5596
- C:\Windows\System\OvMtmcM.exe
  C:\Windows\System\OvMtmcM.exe
  2⤵
  PID:5616
- C:\Windows\System\dMRSWkJ.exe
  C:\Windows\System\dMRSWkJ.exe
  2⤵
  PID:5648
- C:\Windows\System\pxieSwk.exe
  C:\Windows\System\pxieSwk.exe
  2⤵
  PID:5680
- C:\Windows\System\yGxdHqh.exe
  C:\Windows\System\yGxdHqh.exe
  2⤵
  PID:5700
- C:\Windows\System\jPInkWb.exe
  C:\Windows\System\jPInkWb.exe
  2⤵
  PID:5724
- C:\Windows\System\TNDsJAl.exe
  C:\Windows\System\TNDsJAl.exe
  2⤵
  PID:5752
- C:\Windows\System\KXOPuzX.exe
  C:\Windows\System\KXOPuzX.exe
  2⤵
  PID:5780
- C:\Windows\System\fnnDJBg.exe
  C:\Windows\System\fnnDJBg.exe
  2⤵
  PID:5808
- C:\Windows\System\uyVBSEC.exe
  C:\Windows\System\uyVBSEC.exe
  2⤵
  PID:5832
- C:\Windows\System\GmrezAR.exe
  C:\Windows\System\GmrezAR.exe
  2⤵
  PID:5860
- C:\Windows\System\ETvvYFD.exe
  C:\Windows\System\ETvvYFD.exe
  2⤵
  PID:5892
- C:\Windows\System\HOPqWxp.exe
  C:\Windows\System\HOPqWxp.exe
  2⤵
  PID:5908
- C:\Windows\System\iFJGeyU.exe
  C:\Windows\System\iFJGeyU.exe
  2⤵
  PID:5944
- C:\Windows\System\etJdZkk.exe
  C:\Windows\System\etJdZkk.exe
  2⤵
  PID:5964
- C:\Windows\System\GLBSWgB.exe
  C:\Windows\System\GLBSWgB.exe
  2⤵
  PID:6004
- C:\Windows\System\LiURfjS.exe
  C:\Windows\System\LiURfjS.exe
  2⤵
  PID:6032
- C:\Windows\System\nOUxeqj.exe
  C:\Windows\System\nOUxeqj.exe
  2⤵
  PID:6048
- C:\Windows\System\YlSGWVy.exe
  C:\Windows\System\YlSGWVy.exe
  2⤵
  PID:6080
- C:\Windows\System\GgzPfwy.exe
  C:\Windows\System\GgzPfwy.exe
  2⤵
  PID:6120
- C:\Windows\System\kepAPlg.exe
  C:\Windows\System\kepAPlg.exe
  2⤵
  PID:6136
- C:\Windows\System\ySKebwj.exe
  C:\Windows\System\ySKebwj.exe
  2⤵
  PID:2472
- C:\Windows\System\BCCTDqw.exe
  C:\Windows\System\BCCTDqw.exe
  2⤵
  PID:1904
- C:\Windows\System\AjdYcdX.exe
  C:\Windows\System\AjdYcdX.exe
  2⤵
  PID:5116
- C:\Windows\System\JbgOaNG.exe
  C:\Windows\System\JbgOaNG.exe
  2⤵
  PID:1576
- C:\Windows\System\nkcgQCS.exe
  C:\Windows\System\nkcgQCS.exe
  2⤵
  PID:2788
- C:\Windows\System\PsFFMVB.exe
  C:\Windows\System\PsFFMVB.exe
  2⤵
  PID:4092
- C:\Windows\System\KjemwSj.exe
  C:\Windows\System\KjemwSj.exe
  2⤵
  PID:552
- C:\Windows\System\BvLQtyP.exe
  C:\Windows\System\BvLQtyP.exe
  2⤵
  PID:1264
- C:\Windows\System\AKkIjSf.exe
  C:\Windows\System\AKkIjSf.exe
  2⤵
  PID:4496
- C:\Windows\System\EkYLMfL.exe
  C:\Windows\System\EkYLMfL.exe
  2⤵
  PID:3840
- C:\Windows\System\hLDRkeu.exe
  C:\Windows\System\hLDRkeu.exe
  2⤵
  PID:1956
- C:\Windows\System\OTvMjBi.exe
  C:\Windows\System\OTvMjBi.exe
  2⤵
  PID:3560
- C:\Windows\System\ukLAthp.exe
  C:\Windows\System\ukLAthp.exe
  2⤵
  PID:936
- C:\Windows\System\MGdemyG.exe
  C:\Windows\System\MGdemyG.exe
  2⤵
  PID:4072
- C:\Windows\System\ChaqvKu.exe
  C:\Windows\System\ChaqvKu.exe
  2⤵
  PID:1476
- C:\Windows\System\SURdBFO.exe
  C:\Windows\System\SURdBFO.exe
  2⤵
  PID:1512
- C:\Windows\System\dVDtVTD.exe
  C:\Windows\System\dVDtVTD.exe
  2⤵
  PID:4452
- C:\Windows\System\LOuUKaR.exe
  C:\Windows\System\LOuUKaR.exe
  2⤵
  PID:2496
- C:\Windows\System\SCNbyyq.exe
  C:\Windows\System\SCNbyyq.exe
  2⤵
  PID:4620
- C:\Windows\System\BkkJygs.exe
  C:\Windows\System\BkkJygs.exe
  2⤵
  PID:4484
- C:\Windows\System\hUcMkCZ.exe
  C:\Windows\System\hUcMkCZ.exe
  2⤵
  PID:2192
- C:\Windows\System\mafwuyE.exe
  C:\Windows\System\mafwuyE.exe
  2⤵
  PID:5180
- C:\Windows\System\azUoHvr.exe
  C:\Windows\System\azUoHvr.exe
  2⤵
  PID:5244
- C:\Windows\System\CLhuSFR.exe
  C:\Windows\System\CLhuSFR.exe
  2⤵
  PID:5300
- C:\Windows\System\ygRlvTc.exe
  C:\Windows\System\ygRlvTc.exe
  2⤵
  PID:5396
- C:\Windows\System\XxGktbH.exe
  C:\Windows\System\XxGktbH.exe
  2⤵
  PID:5452
- C:\Windows\System\xGaoPPx.exe
  C:\Windows\System\xGaoPPx.exe
  2⤵
  PID:5536
- C:\Windows\System\pmIoFsp.exe
  C:\Windows\System\pmIoFsp.exe
  2⤵
  PID:5604
- C:\Windows\System\aGqcnzl.exe
  C:\Windows\System\aGqcnzl.exe
  2⤵
  PID:5676
- C:\Windows\System\qCFodUH.exe
  C:\Windows\System\qCFodUH.exe
  2⤵
  PID:5748
- C:\Windows\System\XMUEIQv.exe
  C:\Windows\System\XMUEIQv.exe
  2⤵
  PID:5820
- C:\Windows\System\nHEZmnq.exe
  C:\Windows\System\nHEZmnq.exe
  2⤵
  PID:5856
- C:\Windows\System\qUZGNjl.exe
  C:\Windows\System\qUZGNjl.exe
  2⤵
  PID:5936
- C:\Windows\System\tLlwKPl.exe
  C:\Windows\System\tLlwKPl.exe
  2⤵
  PID:5996
- C:\Windows\System\mQcWplU.exe
  C:\Windows\System\mQcWplU.exe
  2⤵
  PID:6016
- C:\Windows\System\jYLzeTP.exe
  C:\Windows\System\jYLzeTP.exe
  2⤵
  PID:6088
- C:\Windows\System\HceCyhs.exe
  C:\Windows\System\HceCyhs.exe
  2⤵
  PID:3036
- C:\Windows\System\TmHbCQj.exe
  C:\Windows\System\TmHbCQj.exe
  2⤵
  PID:4228
- C:\Windows\System\FUJKfVG.exe
  C:\Windows\System\FUJKfVG.exe
  2⤵
  PID:4304
- C:\Windows\System\aVQfjeP.exe
  C:\Windows\System\aVQfjeP.exe
  2⤵
  PID:4904
- C:\Windows\System\uLUrEiE.exe
  C:\Windows\System\uLUrEiE.exe
  2⤵
  PID:1172
- C:\Windows\System\SxXjpAd.exe
  C:\Windows\System\SxXjpAd.exe
  2⤵
  PID:1580
- C:\Windows\System\ZWnIBKv.exe
  C:\Windows\System\ZWnIBKv.exe
  2⤵
  PID:1368
- C:\Windows\System\BWjtVEC.exe
  C:\Windows\System\BWjtVEC.exe
  2⤵
  PID:2752
- C:\Windows\System\DFNxMec.exe
  C:\Windows\System\DFNxMec.exe
  2⤵
  PID:4596
- C:\Windows\System\CvTPEIe.exe
  C:\Windows\System\CvTPEIe.exe
  2⤵
  PID:864
- C:\Windows\System\pNiEdEz.exe
  C:\Windows\System\pNiEdEz.exe
  2⤵
  PID:1096
- C:\Windows\System\LYDVZRo.exe
  C:\Windows\System\LYDVZRo.exe
  2⤵
  PID:5212
- C:\Windows\System\BOKfjnS.exe
  C:\Windows\System\BOKfjnS.exe
  2⤵
  PID:5268
- C:\Windows\System\SsNOneV.exe
  C:\Windows\System\SsNOneV.exe
  2⤵
  PID:5284
- C:\Windows\System\TGnzlnK.exe
  C:\Windows\System\TGnzlnK.exe
  2⤵
  PID:5524
- C:\Windows\System\jJNAofY.exe
  C:\Windows\System\jJNAofY.exe
  2⤵
  PID:4968
- C:\Windows\System\RlfHdYp.exe
  C:\Windows\System\RlfHdYp.exe
  2⤵
  PID:5708
- C:\Windows\System\JaZErKQ.exe
  C:\Windows\System\JaZErKQ.exe
  2⤵
  PID:5800
- C:\Windows\System\LzaUCbS.exe
  C:\Windows\System\LzaUCbS.exe
  2⤵
  PID:5900
- C:\Windows\System\gOFuQwJ.exe
  C:\Windows\System\gOFuQwJ.exe
  2⤵
  PID:6092
- C:\Windows\System\ctIAIqx.exe
  C:\Windows\System\ctIAIqx.exe
  2⤵
  PID:2648
- C:\Windows\System\zwUSjcm.exe
  C:\Windows\System\zwUSjcm.exe
  2⤵
  PID:3016
- C:\Windows\System\DQHdppA.exe
  C:\Windows\System\DQHdppA.exe
  2⤵
  PID:3564
- C:\Windows\System\chEzvMq.exe
  C:\Windows\System\chEzvMq.exe
  2⤵
  PID:5564
- C:\Windows\System\MwPdmTE.exe
  C:\Windows\System\MwPdmTE.exe
  2⤵
  PID:5588
- C:\Windows\System\VtGVTqE.exe
  C:\Windows\System\VtGVTqE.exe
  2⤵
  PID:5100
- C:\Windows\System\zxXjzmA.exe
  C:\Windows\System\zxXjzmA.exe
  2⤵
  PID:6060
- C:\Windows\System\jWogTTO.exe
  C:\Windows\System\jWogTTO.exe
  2⤵
  PID:6132
- C:\Windows\System\dfPlluT.exe
  C:\Windows\System\dfPlluT.exe
  2⤵
  PID:6172
- C:\Windows\System\AHnVrTw.exe
  C:\Windows\System\AHnVrTw.exe
  2⤵
  PID:6200
- C:\Windows\System\uVVsPcJ.exe
  C:\Windows\System\uVVsPcJ.exe
  2⤵
  PID:6228
- C:\Windows\System\jLKaSOp.exe
  C:\Windows\System\jLKaSOp.exe
  2⤵
  PID:6260
- C:\Windows\System\iNIOMJx.exe
  C:\Windows\System\iNIOMJx.exe
  2⤵
  PID:6292
- C:\Windows\System\ICChgtI.exe
  C:\Windows\System\ICChgtI.exe
  2⤵
  PID:6328
- C:\Windows\System\tpDaIPa.exe
  C:\Windows\System\tpDaIPa.exe
  2⤵
  PID:6364
- C:\Windows\System\gMNXoTG.exe
  C:\Windows\System\gMNXoTG.exe
  2⤵
  PID:6396
- C:\Windows\System\uHJfjGc.exe
  C:\Windows\System\uHJfjGc.exe
  2⤵
  PID:6432
- C:\Windows\System\yGSMhKR.exe
  C:\Windows\System\yGSMhKR.exe
  2⤵
  PID:6464
- C:\Windows\System\NpWxMHg.exe
  C:\Windows\System\NpWxMHg.exe
  2⤵
  PID:6500
- C:\Windows\System\oLSdZIb.exe
  C:\Windows\System\oLSdZIb.exe
  2⤵
  PID:6528
- C:\Windows\System\ZfLLaHx.exe
  C:\Windows\System\ZfLLaHx.exe
  2⤵
  PID:6556
- C:\Windows\System\fsJQPWm.exe
  C:\Windows\System\fsJQPWm.exe
  2⤵
  PID:6588
- C:\Windows\System\ApuvOLW.exe
  C:\Windows\System\ApuvOLW.exe
  2⤵
  PID:6620
- C:\Windows\System\DwwOtsj.exe
  C:\Windows\System\DwwOtsj.exe
  2⤵
  PID:6660
- C:\Windows\System\rKBZFhr.exe
  C:\Windows\System\rKBZFhr.exe
  2⤵
  PID:6696
- C:\Windows\System\wgVrFTf.exe
  C:\Windows\System\wgVrFTf.exe
  2⤵
  PID:6732
- C:\Windows\System\ttgtcrc.exe
  C:\Windows\System\ttgtcrc.exe
  2⤵
  PID:6748
- C:\Windows\System\DxYbHqw.exe
  C:\Windows\System\DxYbHqw.exe
  2⤵
  PID:6780
- C:\Windows\System\NNwnEGG.exe
  C:\Windows\System\NNwnEGG.exe
  2⤵
  PID:6800
- C:\Windows\System\lKJRSvE.exe
  C:\Windows\System\lKJRSvE.exe
  2⤵
  PID:6824
- C:\Windows\System\SxkefFV.exe
  C:\Windows\System\SxkefFV.exe
  2⤵
  PID:6864
- C:\Windows\System\iLWywRu.exe
  C:\Windows\System\iLWywRu.exe
  2⤵
  PID:6884
- C:\Windows\System\WcJZMjc.exe
  C:\Windows\System\WcJZMjc.exe
  2⤵
  PID:6900
- C:\Windows\System\CdgPXYs.exe
  C:\Windows\System\CdgPXYs.exe
  2⤵
  PID:6928
- C:\Windows\System\GhMODiZ.exe
  C:\Windows\System\GhMODiZ.exe
  2⤵
  PID:6956
- C:\Windows\System\xmEBJmG.exe
  C:\Windows\System\xmEBJmG.exe
  2⤵
  PID:6992
- C:\Windows\System\yYdazBy.exe
  C:\Windows\System\yYdazBy.exe
  2⤵
  PID:7024
- C:\Windows\System\VivBsNb.exe
  C:\Windows\System\VivBsNb.exe
  2⤵
  PID:7064
- C:\Windows\System\bdwegnq.exe
  C:\Windows\System\bdwegnq.exe
  2⤵
  PID:7092
- C:\Windows\System\LiBKAku.exe
  C:\Windows\System\LiBKAku.exe
  2⤵
  PID:7116
- C:\Windows\System\AaCZoLm.exe
  C:\Windows\System\AaCZoLm.exe
  2⤵
  PID:7140
- C:\Windows\System\kvmGrmf.exe
  C:\Windows\System\kvmGrmf.exe
  2⤵
  PID:7156
- C:\Windows\System\aqHwvQd.exe
  C:\Windows\System\aqHwvQd.exe
  2⤵
  PID:5984
- C:\Windows\System\vMPRsPt.exe
  C:\Windows\System\vMPRsPt.exe
  2⤵
  PID:5168
- C:\Windows\System\DwmBYXF.exe
  C:\Windows\System\DwmBYXF.exe
  2⤵
  PID:6252
- C:\Windows\System\bYEfaeE.exe
  C:\Windows\System\bYEfaeE.exe
  2⤵
  PID:6280
- C:\Windows\System\ANPzQFA.exe
  C:\Windows\System\ANPzQFA.exe
  2⤵
  PID:6220
- C:\Windows\System\smOpqQy.exe
  C:\Windows\System\smOpqQy.exe
  2⤵
  PID:6408
- C:\Windows\System\dvHRfXc.exe
  C:\Windows\System\dvHRfXc.exe
  2⤵
  PID:6424
- C:\Windows\System\iPYPZtv.exe
  C:\Windows\System\iPYPZtv.exe
  2⤵
  PID:6612
- C:\Windows\System\ssTkqJi.exe
  C:\Windows\System\ssTkqJi.exe
  2⤵
  PID:6704
- C:\Windows\System\bUPesxp.exe
  C:\Windows\System\bUPesxp.exe
  2⤵
  PID:6632
- C:\Windows\System\ZAUaEhE.exe
  C:\Windows\System\ZAUaEhE.exe
  2⤵
  PID:6844
- C:\Windows\System\qhRDbIK.exe
  C:\Windows\System\qhRDbIK.exe
  2⤵
  PID:6924
- C:\Windows\System\ZqADHbb.exe
  C:\Windows\System\ZqADHbb.exe
  2⤵
  PID:6912
- C:\Windows\System\IbfQHzr.exe
  C:\Windows\System\IbfQHzr.exe
  2⤵
  PID:6972
- C:\Windows\System\WIIrXnj.exe
  C:\Windows\System\WIIrXnj.exe
  2⤵
  PID:7112
- C:\Windows\System\bkSesug.exe
  C:\Windows\System\bkSesug.exe
  2⤵
  PID:6216
- C:\Windows\System\XcnvZsU.exe
  C:\Windows\System\XcnvZsU.exe
  2⤵
  PID:6148
- C:\Windows\System\iKYgwJD.exe
  C:\Windows\System\iKYgwJD.exe
  2⤵
  PID:5328
- C:\Windows\System\KVjMXTY.exe
  C:\Windows\System\KVjMXTY.exe
  2⤵
  PID:6276
- C:\Windows\System\csPlwAw.exe
  C:\Windows\System\csPlwAw.exe
  2⤵
  PID:6676
- C:\Windows\System\XoTaMgW.exe
  C:\Windows\System\XoTaMgW.exe
  2⤵
  PID:6728
- C:\Windows\System\TuRdaNi.exe
  C:\Windows\System\TuRdaNi.exe
  2⤵
  PID:7004
- C:\Windows\System\xcKJLak.exe
  C:\Windows\System\xcKJLak.exe
  2⤵
  PID:6896
- C:\Windows\System\lAaEhWX.exe
  C:\Windows\System\lAaEhWX.exe
  2⤵
  PID:7080
- C:\Windows\System\DNJUpiI.exe
  C:\Windows\System\DNJUpiI.exe
  2⤵
  PID:6416
- C:\Windows\System\peokPos.exe
  C:\Windows\System\peokPos.exe
  2⤵
  PID:6768
- C:\Windows\System\HKcHymV.exe
  C:\Windows\System\HKcHymV.exe
  2⤵
  PID:6240
- C:\Windows\System\REabgjA.exe
  C:\Windows\System\REabgjA.exe
  2⤵
  PID:7204
- C:\Windows\System\OzGRGSv.exe
  C:\Windows\System\OzGRGSv.exe
  2⤵
  PID:7232
- C:\Windows\System\QjKuKbZ.exe
  C:\Windows\System\QjKuKbZ.exe
  2⤵
  PID:7272
- C:\Windows\System\PGQfphy.exe
  C:\Windows\System\PGQfphy.exe
  2⤵
  PID:7296
- C:\Windows\System\dNNsRZg.exe
  C:\Windows\System\dNNsRZg.exe
  2⤵
  PID:7336
- C:\Windows\System\sOuwEwR.exe
  C:\Windows\System\sOuwEwR.exe
  2⤵
  PID:7356
- C:\Windows\System\oDwqSbW.exe
  C:\Windows\System\oDwqSbW.exe
  2⤵
  PID:7384
- C:\Windows\System\izOCkbI.exe
  C:\Windows\System\izOCkbI.exe
  2⤵
  PID:7416
- C:\Windows\System\zCPVoCq.exe
  C:\Windows\System\zCPVoCq.exe
  2⤵
  PID:7448
- C:\Windows\System\ckqUDTm.exe
  C:\Windows\System\ckqUDTm.exe
  2⤵
  PID:7468
- C:\Windows\System\QFOkbiJ.exe
  C:\Windows\System\QFOkbiJ.exe
  2⤵
  PID:7504
- C:\Windows\System\qbKXdgo.exe
  C:\Windows\System\qbKXdgo.exe
  2⤵
  PID:7524
- C:\Windows\System\sJGHVss.exe
  C:\Windows\System\sJGHVss.exe
  2⤵
  PID:7556
- C:\Windows\System\kNlkdMo.exe
  C:\Windows\System\kNlkdMo.exe
  2⤵
  PID:7580
- C:\Windows\System\KmpVdbH.exe
  C:\Windows\System\KmpVdbH.exe
  2⤵
  PID:7596
- C:\Windows\System\mKxiOUB.exe
  C:\Windows\System\mKxiOUB.exe
  2⤵
  PID:7620
- C:\Windows\System\caVWhLJ.exe
  C:\Windows\System\caVWhLJ.exe
  2⤵
  PID:7648
- C:\Windows\System\LOPcQLJ.exe
  C:\Windows\System\LOPcQLJ.exe
  2⤵
  PID:7680
- C:\Windows\System\xRhpMVs.exe
  C:\Windows\System\xRhpMVs.exe
  2⤵
  PID:7696
- C:\Windows\System\TpPleBp.exe
  C:\Windows\System\TpPleBp.exe
  2⤵
  PID:7728
- C:\Windows\System\NefAnbt.exe
  C:\Windows\System\NefAnbt.exe
  2⤵
  PID:7756
- C:\Windows\System\GGybSId.exe
  C:\Windows\System\GGybSId.exe
  2⤵
  PID:7784
- C:\Windows\System\wpAdWoa.exe
  C:\Windows\System\wpAdWoa.exe
  2⤵
  PID:7808
- C:\Windows\System\SvBBgsz.exe
  C:\Windows\System\SvBBgsz.exe
  2⤵
  PID:7848
- C:\Windows\System\veeucYh.exe
  C:\Windows\System\veeucYh.exe
  2⤵
  PID:7876
- C:\Windows\System\DIqEOCf.exe
  C:\Windows\System\DIqEOCf.exe
  2⤵
  PID:7916
- C:\Windows\System\vPdrtwu.exe
  C:\Windows\System\vPdrtwu.exe
  2⤵
  PID:7944
- C:\Windows\System\sKaQZku.exe
  C:\Windows\System\sKaQZku.exe
  2⤵
  PID:7972
- C:\Windows\System\LtBgwEK.exe
  C:\Windows\System\LtBgwEK.exe
  2⤵
  PID:8000
- C:\Windows\System\aDvJfta.exe
  C:\Windows\System\aDvJfta.exe
  2⤵
  PID:8024
- C:\Windows\System\ZBhmqtp.exe
  C:\Windows\System\ZBhmqtp.exe
  2⤵
  PID:8052
- C:\Windows\System\buhiSuj.exe
  C:\Windows\System\buhiSuj.exe
  2⤵
  PID:8072
- C:\Windows\System\esFdUnS.exe
  C:\Windows\System\esFdUnS.exe
  2⤵
  PID:8100
- C:\Windows\System\gzdDLZo.exe
  C:\Windows\System\gzdDLZo.exe
  2⤵
  PID:8128
- C:\Windows\System\QhnZZsD.exe
  C:\Windows\System\QhnZZsD.exe
  2⤵
  PID:8168
- C:\Windows\System\WnTEgFm.exe
  C:\Windows\System\WnTEgFm.exe
  2⤵
  PID:7124
- C:\Windows\System\NTKPXUh.exe
  C:\Windows\System\NTKPXUh.exe
  2⤵
  PID:7180
- C:\Windows\System\xSWNaoA.exe
  C:\Windows\System\xSWNaoA.exe
  2⤵
  PID:7216
- C:\Windows\System\azAfLJF.exe
  C:\Windows\System\azAfLJF.exe
  2⤵
  PID:7328
- C:\Windows\System\nglGuoS.exe
  C:\Windows\System\nglGuoS.exe
  2⤵
  PID:7368
- C:\Windows\System\Gadzfpb.exe
  C:\Windows\System\Gadzfpb.exe
  2⤵
  PID:7464
- C:\Windows\System\BGrdZEe.exe
  C:\Windows\System\BGrdZEe.exe
  2⤵
  PID:7520
- C:\Windows\System\HQBZAoC.exe
  C:\Windows\System\HQBZAoC.exe
  2⤵
  PID:7552
- C:\Windows\System\raqyfFL.exe
  C:\Windows\System\raqyfFL.exe
  2⤵
  PID:7588
- C:\Windows\System\TCjchYK.exe
  C:\Windows\System\TCjchYK.exe
  2⤵
  PID:7748
- C:\Windows\System\LiejcIL.exe
  C:\Windows\System\LiejcIL.exe
  2⤵
  PID:7776
- C:\Windows\System\sRSKpKm.exe
  C:\Windows\System\sRSKpKm.exe
  2⤵
  PID:7872
- C:\Windows\System\oUFoggc.exe
  C:\Windows\System\oUFoggc.exe
  2⤵
  PID:7908
- C:\Windows\System\RuzPAdX.exe
  C:\Windows\System\RuzPAdX.exe
  2⤵
  PID:7988
- C:\Windows\System\nbhspoi.exe
  C:\Windows\System\nbhspoi.exe
  2⤵
  PID:8040
- C:\Windows\System\KWmYTHG.exe
  C:\Windows\System\KWmYTHG.exe
  2⤵
  PID:8092
- C:\Windows\System\jgqnclW.exe
  C:\Windows\System\jgqnclW.exe
  2⤵
  PID:8148
- C:\Windows\System\VJJswtY.exe
  C:\Windows\System\VJJswtY.exe
  2⤵
  PID:8180
- C:\Windows\System\OlYybJf.exe
  C:\Windows\System\OlYybJf.exe
  2⤵
  PID:7400
- C:\Windows\System\gZiQRrI.exe
  C:\Windows\System\gZiQRrI.exe
  2⤵
  PID:7572
- C:\Windows\System\zFeOkIf.exe
  C:\Windows\System\zFeOkIf.exe
  2⤵
  PID:7640
- C:\Windows\System\eVktiQb.exe
  C:\Windows\System\eVktiQb.exe
  2⤵
  PID:7744
- C:\Windows\System\sGmBYQi.exe
  C:\Windows\System\sGmBYQi.exe
  2⤵
  PID:7932
- C:\Windows\System\OvDhbBW.exe
  C:\Windows\System\OvDhbBW.exe
  2⤵
  PID:8088
- C:\Windows\System\Vqdqrrx.exe
  C:\Windows\System\Vqdqrrx.exe
  2⤵
  PID:7308
- C:\Windows\System\xoJktHx.exe
  C:\Windows\System\xoJktHx.exe
  2⤵
  PID:7460
- C:\Windows\System\DcseCXL.exe
  C:\Windows\System\DcseCXL.exe
  2⤵
  PID:7836
- C:\Windows\System\YaVZBmM.exe
  C:\Windows\System\YaVZBmM.exe
  2⤵
  PID:8188
- C:\Windows\System\qkAuwQq.exe
  C:\Windows\System\qkAuwQq.exe
  2⤵
  PID:7440
- C:\Windows\System\UFaJTli.exe
  C:\Windows\System\UFaJTli.exe
  2⤵
  PID:8220
- C:\Windows\System\RBnYZNm.exe
  C:\Windows\System\RBnYZNm.exe
  2⤵
  PID:8256
- C:\Windows\System\OtqmZaB.exe
  C:\Windows\System\OtqmZaB.exe
  2⤵
  PID:8284
- C:\Windows\System\coBedhC.exe
  C:\Windows\System\coBedhC.exe
  2⤵
  PID:8312
- C:\Windows\System\SgtVXzj.exe
  C:\Windows\System\SgtVXzj.exe
  2⤵
  PID:8344
- C:\Windows\System\ZqibBtH.exe
  C:\Windows\System\ZqibBtH.exe
  2⤵
  PID:8368
- C:\Windows\System\YxiyUtl.exe
  C:\Windows\System\YxiyUtl.exe
  2⤵
  PID:8392
- C:\Windows\System\PGqrgzf.exe
  C:\Windows\System\PGqrgzf.exe
  2⤵
  PID:8428
- C:\Windows\System\eIXtOQe.exe
  C:\Windows\System\eIXtOQe.exe
  2⤵
  PID:8456
- C:\Windows\System\RXaDaOC.exe
  C:\Windows\System\RXaDaOC.exe
  2⤵
  PID:8480
- C:\Windows\System\ebwGsTk.exe
  C:\Windows\System\ebwGsTk.exe
  2⤵
  PID:8508
- C:\Windows\System\mBKuPOJ.exe
  C:\Windows\System\mBKuPOJ.exe
  2⤵
  PID:8524
- C:\Windows\System\YwAPtcH.exe
  C:\Windows\System\YwAPtcH.exe
  2⤵
  PID:8552
- C:\Windows\System\OPpTkGO.exe
  C:\Windows\System\OPpTkGO.exe
  2⤵
  PID:8580
- C:\Windows\System\ukxBeOl.exe
  C:\Windows\System\ukxBeOl.exe
  2⤵
  PID:8604
- C:\Windows\System\IuVQCgB.exe
  C:\Windows\System\IuVQCgB.exe
  2⤵
  PID:8636
- C:\Windows\System\NCOoooB.exe
  C:\Windows\System\NCOoooB.exe
  2⤵
  PID:8656
- C:\Windows\System\TbmkFCJ.exe
  C:\Windows\System\TbmkFCJ.exe
  2⤵
  PID:8688
- C:\Windows\System\QfxKOlh.exe
  C:\Windows\System\QfxKOlh.exe
  2⤵
  PID:8716
- C:\Windows\System\XHZcowZ.exe
  C:\Windows\System\XHZcowZ.exe
  2⤵
  PID:8744
- C:\Windows\System\kZDmRBf.exe
  C:\Windows\System\kZDmRBf.exe
  2⤵
  PID:8764
- C:\Windows\System\mSFYOFk.exe
  C:\Windows\System\mSFYOFk.exe
  2⤵
  PID:8788
- C:\Windows\System\owpvCjF.exe
  C:\Windows\System\owpvCjF.exe
  2⤵
  PID:8820
- C:\Windows\System\dKlwjxA.exe
  C:\Windows\System\dKlwjxA.exe
  2⤵
  PID:8836
- C:\Windows\System\hAAXLBJ.exe
  C:\Windows\System\hAAXLBJ.exe
  2⤵
  PID:8872
- C:\Windows\System\ZgOZwBY.exe
  C:\Windows\System\ZgOZwBY.exe
  2⤵
  PID:8896
- C:\Windows\System\IEXeqNS.exe
  C:\Windows\System\IEXeqNS.exe
  2⤵
  PID:8924
- C:\Windows\System\CzXnMhm.exe
  C:\Windows\System\CzXnMhm.exe
  2⤵
  PID:8956
- C:\Windows\System\xlTfoac.exe
  C:\Windows\System\xlTfoac.exe
  2⤵
  PID:8988
- C:\Windows\System\VrVzRZm.exe
  C:\Windows\System\VrVzRZm.exe
  2⤵
  PID:9024
- C:\Windows\System\RSZjQpC.exe
  C:\Windows\System\RSZjQpC.exe
  2⤵
  PID:9056
- C:\Windows\System\NJQMYlh.exe
  C:\Windows\System\NJQMYlh.exe
  2⤵
  PID:9084
- C:\Windows\System\npnhhKb.exe
  C:\Windows\System\npnhhKb.exe
  2⤵
  PID:9116
- C:\Windows\System\OSxoodj.exe
  C:\Windows\System\OSxoodj.exe
  2⤵
  PID:9144
- C:\Windows\System\iVsFtKp.exe
  C:\Windows\System\iVsFtKp.exe
  2⤵
  PID:9168
- C:\Windows\System\uXcyJHT.exe
  C:\Windows\System\uXcyJHT.exe
  2⤵
  PID:9200
- C:\Windows\System\zUcYCZL.exe
  C:\Windows\System\zUcYCZL.exe
  2⤵
  PID:8216
- C:\Windows\System\fBUSKBa.exe
  C:\Windows\System\fBUSKBa.exe
  2⤵
  PID:8300
- C:\Windows\System\TMAEbnv.exe
  C:\Windows\System\TMAEbnv.exe
  2⤵
  PID:8352
- C:\Windows\System\dFKkGzf.exe
  C:\Windows\System\dFKkGzf.exe
  2⤵
  PID:8444
- C:\Windows\System\oBSPVtU.exe
  C:\Windows\System\oBSPVtU.exe
  2⤵
  PID:8468
- C:\Windows\System\eAVFdmk.exe
  C:\Windows\System\eAVFdmk.exe
  2⤵
  PID:8544
- C:\Windows\System\HqzaNrt.exe
  C:\Windows\System\HqzaNrt.exe
  2⤵
  PID:8616
- C:\Windows\System\AbgTEjb.exe
  C:\Windows\System\AbgTEjb.exe
  2⤵
  PID:8712
- C:\Windows\System\KeUTYCV.exe
  C:\Windows\System\KeUTYCV.exe
  2⤵
  PID:8736
- C:\Windows\System\dWCSrMq.exe
  C:\Windows\System\dWCSrMq.exe
  2⤵
  PID:8848
- C:\Windows\System\EnyOKst.exe
  C:\Windows\System\EnyOKst.exe
  2⤵
  PID:8800
- C:\Windows\System\ZUIVfNE.exe
  C:\Windows\System\ZUIVfNE.exe
  2⤵
  PID:8860
- C:\Windows\System\ASdLGXr.exe
  C:\Windows\System\ASdLGXr.exe
  2⤵
  PID:8984
- C:\Windows\System\dcLOBQC.exe
  C:\Windows\System\dcLOBQC.exe
  2⤵
  PID:9096
- C:\Windows\System\CrGxjah.exe
  C:\Windows\System\CrGxjah.exe
  2⤵
  PID:9136
- C:\Windows\System\WwYafDD.exe
  C:\Windows\System\WwYafDD.exe
  2⤵
  PID:9208
- C:\Windows\System\UiyjzKA.exe
  C:\Windows\System\UiyjzKA.exe
  2⤵
  PID:8240
- C:\Windows\System\cJxVZHZ.exe
  C:\Windows\System\cJxVZHZ.exe
  2⤵
  PID:8464
- C:\Windows\System\iDYjEaj.exe
  C:\Windows\System\iDYjEaj.exe
  2⤵
  PID:8628
- C:\Windows\System\WCuqdsC.exe
  C:\Windows\System\WCuqdsC.exe
  2⤵
  PID:8672
- C:\Windows\System\DIXeSQT.exe
  C:\Windows\System\DIXeSQT.exe
  2⤵
  PID:8784
- C:\Windows\System\LoDPUPG.exe
  C:\Windows\System\LoDPUPG.exe
  2⤵
  PID:8832
- C:\Windows\System\uQMWbEG.exe
  C:\Windows\System\uQMWbEG.exe
  2⤵
  PID:9004
- C:\Windows\System\EWQrsoc.exe
  C:\Windows\System\EWQrsoc.exe
  2⤵
  PID:9036
- C:\Windows\System\xpDCNDD.exe
  C:\Windows\System\xpDCNDD.exe
  2⤵
  PID:9108
- C:\Windows\System\JVHPtms.exe
  C:\Windows\System\JVHPtms.exe
  2⤵
  PID:8364
- C:\Windows\System\TFeVIoL.exe
  C:\Windows\System\TFeVIoL.exe
  2⤵
  PID:8644
- C:\Windows\System\Dsxuuhs.exe
  C:\Windows\System\Dsxuuhs.exe
  2⤵
  PID:8308
- C:\Windows\System\upzrTkG.exe
  C:\Windows\System\upzrTkG.exe
  2⤵
  PID:9236
- C:\Windows\System\mQiJGjo.exe
  C:\Windows\System\mQiJGjo.exe
  2⤵
  PID:9268
- C:\Windows\System\EXbWakA.exe
  C:\Windows\System\EXbWakA.exe
  2⤵
  PID:9300
- C:\Windows\System\ghiArtV.exe
  C:\Windows\System\ghiArtV.exe
  2⤵
  PID:9328
- C:\Windows\System\wDUokfE.exe
  C:\Windows\System\wDUokfE.exe
  2⤵
  PID:9364
- C:\Windows\System\EMbGYif.exe
  C:\Windows\System\EMbGYif.exe
  2⤵
  PID:9404
- C:\Windows\System\XedRqPz.exe
  C:\Windows\System\XedRqPz.exe
  2⤵
  PID:9428
- C:\Windows\System\NtwPeNi.exe
  C:\Windows\System\NtwPeNi.exe
  2⤵
  PID:9452
- C:\Windows\System\IVJQdyo.exe
  C:\Windows\System\IVJQdyo.exe
  2⤵
  PID:9488
- C:\Windows\System\XUljvTq.exe
  C:\Windows\System\XUljvTq.exe
  2⤵
  PID:9520
- C:\Windows\System\hlJaJQI.exe
  C:\Windows\System\hlJaJQI.exe
  2⤵
  PID:9540
- C:\Windows\System\JuvojEx.exe
  C:\Windows\System\JuvojEx.exe
  2⤵
  PID:9572
- C:\Windows\System\RYctngx.exe
  C:\Windows\System\RYctngx.exe
  2⤵
  PID:9600
- C:\Windows\System\TJYqUcj.exe
  C:\Windows\System\TJYqUcj.exe
  2⤵
  PID:9636
- C:\Windows\System\FkxwseV.exe
  C:\Windows\System\FkxwseV.exe
  2⤵
  PID:9652
- C:\Windows\System\XKvHAiu.exe
  C:\Windows\System\XKvHAiu.exe
  2⤵
  PID:9684
- C:\Windows\System\ZtWyIqw.exe
  C:\Windows\System\ZtWyIqw.exe
  2⤵
  PID:9716
- C:\Windows\System\gFwVVnZ.exe
  C:\Windows\System\gFwVVnZ.exe
  2⤵
  PID:9748
- C:\Windows\System\UNWUvrm.exe
  C:\Windows\System\UNWUvrm.exe
  2⤵
  PID:9772
- C:\Windows\System\KvDvjlv.exe
  C:\Windows\System\KvDvjlv.exe
  2⤵
  PID:9808
- C:\Windows\System\jMaWFul.exe
  C:\Windows\System\jMaWFul.exe
  2⤵
  PID:9840
- C:\Windows\System\CNwprrx.exe
  C:\Windows\System\CNwprrx.exe
  2⤵
  PID:9856
- C:\Windows\System\jKdcnKL.exe
  C:\Windows\System\jKdcnKL.exe
  2⤵
  PID:9876
- C:\Windows\System\QtWoZkd.exe
  C:\Windows\System\QtWoZkd.exe
  2⤵
  PID:9908
- C:\Windows\System\FNXHDru.exe
  C:\Windows\System\FNXHDru.exe
  2⤵
  PID:9948
- C:\Windows\System\EMhTJPj.exe
  C:\Windows\System\EMhTJPj.exe
  2⤵
  PID:9976
- C:\Windows\System\raKyNZT.exe
  C:\Windows\System\raKyNZT.exe
  2⤵
  PID:10008
- C:\Windows\System\qSIioGo.exe
  C:\Windows\System\qSIioGo.exe
  2⤵
  PID:10044
- C:\Windows\System\MrsgfTS.exe
  C:\Windows\System\MrsgfTS.exe
  2⤵
  PID:10080
- C:\Windows\System\rysIQdA.exe
  C:\Windows\System\rysIQdA.exe
  2⤵
  PID:10100
- C:\Windows\System\vSGEwKy.exe
  C:\Windows\System\vSGEwKy.exe
  2⤵
  PID:10128
- C:\Windows\System\wtwchfS.exe
  C:\Windows\System\wtwchfS.exe
  2⤵
  PID:10164
- C:\Windows\System\mQZgINz.exe
  C:\Windows\System\mQZgINz.exe
  2⤵
  PID:10196
- C:\Windows\System\KxDoZcW.exe
  C:\Windows\System\KxDoZcW.exe
  2⤵
  PID:10224
- C:\Windows\System\RmjTwbe.exe
  C:\Windows\System\RmjTwbe.exe
  2⤵
  PID:8516
- C:\Windows\System\KFibntL.exe
  C:\Windows\System\KFibntL.exe
  2⤵
  PID:9284
- C:\Windows\System\SercIxh.exe
  C:\Windows\System\SercIxh.exe
  2⤵
  PID:9340
- C:\Windows\System\cvbjcOx.exe
  C:\Windows\System\cvbjcOx.exe
  2⤵
  PID:9396
- C:\Windows\System\AMwddOc.exe
  C:\Windows\System\AMwddOc.exe
  2⤵
  PID:9440
- C:\Windows\System\LqKIqxo.exe
  C:\Windows\System\LqKIqxo.exe
  2⤵
  PID:6572
- C:\Windows\System\ZUnyoxD.exe
  C:\Windows\System\ZUnyoxD.exe
  2⤵
  PID:9596
- C:\Windows\System\saJOsTy.exe
  C:\Windows\System\saJOsTy.exe
  2⤵
  PID:9628
- C:\Windows\System\oVvsldB.exe
  C:\Windows\System\oVvsldB.exe
  2⤵
  PID:9724
- C:\Windows\System\BobXWiG.exe
  C:\Windows\System\BobXWiG.exe
  2⤵
  PID:9760
- C:\Windows\System\RXrgiOo.exe
  C:\Windows\System\RXrgiOo.exe
  2⤵
  PID:9804
- C:\Windows\System\GQNsTZA.exe
  C:\Windows\System\GQNsTZA.exe
  2⤵
  PID:9892
- C:\Windows\System\HNJxJuC.exe
  C:\Windows\System\HNJxJuC.exe
  2⤵
  PID:10016
- C:\Windows\System\HdtKJZV.exe
  C:\Windows\System\HdtKJZV.exe
  2⤵
  PID:9940
- C:\Windows\System\VEkigNx.exe
  C:\Windows\System\VEkigNx.exe
  2⤵
  PID:10072
- C:\Windows\System\NbIaZSS.exe
  C:\Windows\System\NbIaZSS.exe
  2⤵
  PID:10152
- C:\Windows\System\yTssOQQ.exe
  C:\Windows\System\yTssOQQ.exe
  2⤵
  PID:10208
- C:\Windows\System\BhfQyaK.exe
  C:\Windows\System\BhfQyaK.exe
  2⤵
  PID:9224
- C:\Windows\System\lHtEBfJ.exe
  C:\Windows\System\lHtEBfJ.exe
  2⤵
  PID:9360
- C:\Windows\System\BfWkZaN.exe
  C:\Windows\System\BfWkZaN.exe
  2⤵
  PID:9848
- C:\Windows\System\fojaPGQ.exe
  C:\Windows\System\fojaPGQ.exe
  2⤵
  PID:9872
- C:\Windows\System\uwVvMvK.exe
  C:\Windows\System\uwVvMvK.exe
  2⤵
  PID:10036
- C:\Windows\System\baZGLgG.exe
  C:\Windows\System\baZGLgG.exe
  2⤵
  PID:10156
- C:\Windows\System\TiTeDsq.exe
  C:\Windows\System\TiTeDsq.exe
  2⤵
  PID:9256
- C:\Windows\System\weqZyBf.exe
  C:\Windows\System\weqZyBf.exe
  2⤵
  PID:1848
- C:\Windows\System\StjzbfR.exe
  C:\Windows\System\StjzbfR.exe
  2⤵
  PID:9788
- C:\Windows\System\XTaxsJd.exe
  C:\Windows\System\XTaxsJd.exe
  2⤵
  PID:10120
- C:\Windows\System\zGZZgsD.exe
  C:\Windows\System\zGZZgsD.exe
  2⤵
  PID:9352
- C:\Windows\System\YuqisWX.exe
  C:\Windows\System\YuqisWX.exe
  2⤵
  PID:10260
- C:\Windows\System\hIZRacJ.exe
  C:\Windows\System\hIZRacJ.exe
  2⤵
  PID:10296
- C:\Windows\System\UcvEgUZ.exe
  C:\Windows\System\UcvEgUZ.exe
  2⤵
  PID:10324
- C:\Windows\System\QAbDOXn.exe
  C:\Windows\System\QAbDOXn.exe
  2⤵
  PID:10352
- C:\Windows\System\MGvpvEr.exe
  C:\Windows\System\MGvpvEr.exe
  2⤵
  PID:10380
- C:\Windows\System\olzFGGS.exe
  C:\Windows\System\olzFGGS.exe
  2⤵
  PID:10408
- C:\Windows\System\UfRkgCY.exe
  C:\Windows\System\UfRkgCY.exe
  2⤵
  PID:10436
- C:\Windows\System\TRMVgrK.exe
  C:\Windows\System\TRMVgrK.exe
  2⤵
  PID:10472
- C:\Windows\System\qtvUOiq.exe
  C:\Windows\System\qtvUOiq.exe
  2⤵
  PID:10488
- C:\Windows\System\EEEDbDh.exe
  C:\Windows\System\EEEDbDh.exe
  2⤵
  PID:10508
- C:\Windows\System\BtejIId.exe
  C:\Windows\System\BtejIId.exe
  2⤵
  PID:10544
- C:\Windows\System\WcKiECS.exe
  C:\Windows\System\WcKiECS.exe
  2⤵
  PID:10584
- C:\Windows\System\kVYwtjL.exe
  C:\Windows\System\kVYwtjL.exe
  2⤵
  PID:10604
- C:\Windows\System\XBgHDIj.exe
  C:\Windows\System\XBgHDIj.exe
  2⤵
  PID:10636
- C:\Windows\System\ypiBVOc.exe
  C:\Windows\System\ypiBVOc.exe
  2⤵
  PID:10672
- C:\Windows\System\EpUQNPZ.exe
  C:\Windows\System\EpUQNPZ.exe
  2⤵
  PID:10696
- C:\Windows\System\QTMvUHT.exe
  C:\Windows\System\QTMvUHT.exe
  2⤵
  PID:10716
- C:\Windows\System\bfPrdbO.exe
  C:\Windows\System\bfPrdbO.exe
  2⤵
  PID:10744
- C:\Windows\System\wuuvilB.exe
  C:\Windows\System\wuuvilB.exe
  2⤵
  PID:10776
- C:\Windows\System\fIDQoLB.exe
  C:\Windows\System\fIDQoLB.exe
  2⤵
  PID:10812
- C:\Windows\System\VQhgUUw.exe
  C:\Windows\System\VQhgUUw.exe
  2⤵
  PID:10828
- C:\Windows\System\NSKdLmH.exe
  C:\Windows\System\NSKdLmH.exe
  2⤵
  PID:10856
- C:\Windows\System\cESkppv.exe
  C:\Windows\System\cESkppv.exe
  2⤵
  PID:10896
- C:\Windows\System\UTHBaKY.exe
  C:\Windows\System\UTHBaKY.exe
  2⤵
  PID:10912
- C:\Windows\System\lNOFVKX.exe
  C:\Windows\System\lNOFVKX.exe
  2⤵
  PID:10944
- C:\Windows\System\FluGGWX.exe
  C:\Windows\System\FluGGWX.exe
  2⤵
  PID:10972
- C:\Windows\System\BIVXkmC.exe
  C:\Windows\System\BIVXkmC.exe
  2⤵
  PID:11000
- C:\Windows\System\QBandbJ.exe
  C:\Windows\System\QBandbJ.exe
  2⤵
  PID:11036
- C:\Windows\System\vscwgsr.exe
  C:\Windows\System\vscwgsr.exe
  2⤵
  PID:11056
- C:\Windows\System\qgZQZRA.exe
  C:\Windows\System\qgZQZRA.exe
  2⤵
  PID:11084
- C:\Windows\System\NhLKmek.exe
  C:\Windows\System\NhLKmek.exe
  2⤵
  PID:11120
- C:\Windows\System\JovpcbY.exe
  C:\Windows\System\JovpcbY.exe
  2⤵
  PID:11152
- C:\Windows\System\MZjUkGj.exe
  C:\Windows\System\MZjUkGj.exe
  2⤵
  PID:11176
- C:\Windows\System\RZfdJYQ.exe
  C:\Windows\System\RZfdJYQ.exe
  2⤵
  PID:11192
- C:\Windows\System\haEjMBY.exe
  C:\Windows\System\haEjMBY.exe
  2⤵
  PID:11212
- C:\Windows\System\ahPdptp.exe
  C:\Windows\System\ahPdptp.exe
  2⤵
  PID:11236
- C:\Windows\System\mXkCODz.exe
  C:\Windows\System\mXkCODz.exe
  2⤵
  PID:10252
- C:\Windows\System\txHBPMh.exe
  C:\Windows\System\txHBPMh.exe
  2⤵
  PID:10320
- C:\Windows\System\aQNBCfz.exe
  C:\Windows\System\aQNBCfz.exe
  2⤵
  PID:10364
- C:\Windows\System\pLKrWID.exe
  C:\Windows\System\pLKrWID.exe
  2⤵
  PID:10460
- C:\Windows\System\ovVKvJq.exe
  C:\Windows\System\ovVKvJq.exe
  2⤵
  PID:10528
- C:\Windows\System\DsDptad.exe
  C:\Windows\System\DsDptad.exe
  2⤵
  PID:10576
- C:\Windows\System\ClwEpnp.exe
  C:\Windows\System\ClwEpnp.exe
  2⤵
  PID:10688
- C:\Windows\System\oBbxWKk.exe
  C:\Windows\System\oBbxWKk.exe
  2⤵
  PID:10736
- C:\Windows\System\CgpNQpg.exe
  C:\Windows\System\CgpNQpg.exe
  2⤵
  PID:10760
- C:\Windows\System\kyfXaKP.exe
  C:\Windows\System\kyfXaKP.exe
  2⤵
  PID:10820
- C:\Windows\System\ZgJHfJH.exe
  C:\Windows\System\ZgJHfJH.exe
  2⤵
  PID:10932
- C:\Windows\System\SaxyEKn.exe
  C:\Windows\System\SaxyEKn.exe
  2⤵
  PID:10968
- C:\Windows\System\JRtQZRd.exe
  C:\Windows\System\JRtQZRd.exe
  2⤵
  PID:11080
- C:\Windows\System\paJOqTS.exe
  C:\Windows\System\paJOqTS.exe
  2⤵
  PID:11132
- C:\Windows\System\SUyRsAp.exe
  C:\Windows\System\SUyRsAp.exe
  2⤵
  PID:11168
- C:\Windows\System\eOKLYcG.exe
  C:\Windows\System\eOKLYcG.exe
  2⤵
  PID:11184
- C:\Windows\System\ItFFUMo.exe
  C:\Windows\System\ItFFUMo.exe
  2⤵
  PID:9616
- C:\Windows\System\yiZHrFH.exe
  C:\Windows\System\yiZHrFH.exe
  2⤵
  PID:10452
- C:\Windows\System\uOreKZJ.exe
  C:\Windows\System\uOreKZJ.exe
  2⤵
  PID:10456
- C:\Windows\System\lUPmqBf.exe
  C:\Windows\System\lUPmqBf.exe
  2⤵
  PID:10712
- C:\Windows\System\yrhVAPn.exe
  C:\Windows\System\yrhVAPn.exe
  2⤵
  PID:10764
- C:\Windows\System\fmyuzwl.exe
  C:\Windows\System\fmyuzwl.exe
  2⤵
  PID:11024
- C:\Windows\System\eLjFEGX.exe
  C:\Windows\System\eLjFEGX.exe
  2⤵
  PID:11108
- C:\Windows\System\zdtCJsm.exe
  C:\Windows\System\zdtCJsm.exe
  2⤵
  PID:9992
- C:\Windows\System\aVDigdM.exe
  C:\Windows\System\aVDigdM.exe
  2⤵
  PID:10656
- C:\Windows\System\LqOrTJR.exe
  C:\Windows\System\LqOrTJR.exe
  2⤵
  PID:11200
- C:\Windows\System\WpACJiz.exe
  C:\Windows\System\WpACJiz.exe
  2⤵
  PID:10680
- C:\Windows\System\ktcadoQ.exe
  C:\Windows\System\ktcadoQ.exe
  2⤵
  PID:11288
- C:\Windows\System\ZGrpZyy.exe
  C:\Windows\System\ZGrpZyy.exe
  2⤵
  PID:11320
- C:\Windows\System\Ignkmav.exe
  C:\Windows\System\Ignkmav.exe
  2⤵
  PID:11340
- C:\Windows\System\YVkBCIJ.exe
  C:\Windows\System\YVkBCIJ.exe
  2⤵
  PID:11372
- C:\Windows\System\jImLiqu.exe
  C:\Windows\System\jImLiqu.exe
  2⤵
  PID:11408
- C:\Windows\System\BtJxnvf.exe
  C:\Windows\System\BtJxnvf.exe
  2⤵
  PID:11440
- C:\Windows\System\GHpCKQQ.exe
  C:\Windows\System\GHpCKQQ.exe
  2⤵
  PID:11468
- C:\Windows\System\EkYSnHg.exe
  C:\Windows\System\EkYSnHg.exe
  2⤵
  PID:11500
- C:\Windows\System\dItrNWT.exe
  C:\Windows\System\dItrNWT.exe
  2⤵
  PID:11532
- C:\Windows\System\bvySDiA.exe
  C:\Windows\System\bvySDiA.exe
  2⤵
  PID:11560
- C:\Windows\System\kpqOErh.exe
  C:\Windows\System\kpqOErh.exe
  2⤵
  PID:11580
- C:\Windows\System\NHzKFAD.exe
  C:\Windows\System\NHzKFAD.exe
  2⤵
  PID:11604
- C:\Windows\System\OyyxDVz.exe
  C:\Windows\System\OyyxDVz.exe
  2⤵
  PID:11636
- C:\Windows\System\hYhrooz.exe
  C:\Windows\System\hYhrooz.exe
  2⤵
  PID:11656
- C:\Windows\System\EPuUNEb.exe
  C:\Windows\System\EPuUNEb.exe
  2⤵
  PID:11684
- C:\Windows\System\auuqFWT.exe
  C:\Windows\System\auuqFWT.exe
  2⤵
  PID:11708
- C:\Windows\System\kbQOqzm.exe
  C:\Windows\System\kbQOqzm.exe
  2⤵
  PID:11724
- C:\Windows\System\ZAgSsFD.exe
  C:\Windows\System\ZAgSsFD.exe
  2⤵
  PID:11744
- C:\Windows\System\gdmKyjr.exe
  C:\Windows\System\gdmKyjr.exe
  2⤵
  PID:11768
- C:\Windows\System\SqDTcwg.exe
  C:\Windows\System\SqDTcwg.exe
  2⤵
  PID:11792
- C:\Windows\System\SLZYvBZ.exe
  C:\Windows\System\SLZYvBZ.exe
  2⤵
  PID:11828
- C:\Windows\System\nkrSTgR.exe
  C:\Windows\System\nkrSTgR.exe
  2⤵
  PID:11860
- C:\Windows\System\mwIUwEu.exe
  C:\Windows\System\mwIUwEu.exe
  2⤵
  PID:11896
- C:\Windows\System\WVAjcTW.exe
  C:\Windows\System\WVAjcTW.exe
  2⤵
  PID:11932
- C:\Windows\System\mDGpduR.exe
  C:\Windows\System\mDGpduR.exe
  2⤵
  PID:11968
- C:\Windows\System\CceFcTu.exe
  C:\Windows\System\CceFcTu.exe
  2⤵
  PID:11996
- C:\Windows\System\CqMmrLk.exe
  C:\Windows\System\CqMmrLk.exe
  2⤵
  PID:12036
- C:\Windows\System\gOvGTus.exe
  C:\Windows\System\gOvGTus.exe
  2⤵
  PID:12064
- C:\Windows\System\lPcwhyL.exe
  C:\Windows\System\lPcwhyL.exe
  2⤵
  PID:12088
- C:\Windows\System\BvjEKJg.exe
  C:\Windows\System\BvjEKJg.exe
  2⤵
  PID:12124
- C:\Windows\System\dtOCjgP.exe
  C:\Windows\System\dtOCjgP.exe
  2⤵
  PID:12156
- C:\Windows\System\SvYpPUW.exe
  C:\Windows\System\SvYpPUW.exe
  2⤵
  PID:12184
- C:\Windows\System\tMeKucC.exe
  C:\Windows\System\tMeKucC.exe
  2⤵
  PID:12204
- C:\Windows\System\UCUzqIT.exe
  C:\Windows\System\UCUzqIT.exe
  2⤵
  PID:12240
- C:\Windows\System\CakjFHu.exe
  C:\Windows\System\CakjFHu.exe
  2⤵
  PID:12256
- C:\Windows\System\XjGpwxf.exe
  C:\Windows\System\XjGpwxf.exe
  2⤵
  PID:12280
- C:\Windows\System\kteQgpQ.exe
  C:\Windows\System\kteQgpQ.exe
  2⤵
  PID:11104
- C:\Windows\System\bJnzAlR.exe
  C:\Windows\System\bJnzAlR.exe
  2⤵
  PID:11312
- C:\Windows\System\jZxunUJ.exe
  C:\Windows\System\jZxunUJ.exe
  2⤵
  PID:11300
- C:\Windows\System\fHJzSXW.exe
  C:\Windows\System\fHJzSXW.exe
  2⤵
  PID:11452
- C:\Windows\System\YmhzafS.exe
  C:\Windows\System\YmhzafS.exe
  2⤵
  PID:11488
- C:\Windows\System\nIaeHNv.exe
  C:\Windows\System\nIaeHNv.exe
  2⤵
  PID:11524
- C:\Windows\System\MPqYnVf.exe
  C:\Windows\System\MPqYnVf.exe
  2⤵
  PID:11568
- C:\Windows\System\qNaLqIQ.exe
  C:\Windows\System\qNaLqIQ.exe
  2⤵
  PID:11680
- C:\Windows\System\cJTaUUe.exe
  C:\Windows\System\cJTaUUe.exe
  2⤵
  PID:11716
- C:\Windows\System\ahBLzQc.exe
  C:\Windows\System\ahBLzQc.exe
  2⤵
  PID:11824
- C:\Windows\System\zcWLKKC.exe
  C:\Windows\System\zcWLKKC.exe
  2⤵
  PID:11920
- C:\Windows\System\fNYjTTG.exe
  C:\Windows\System\fNYjTTG.exe
  2⤵
  PID:11980
- C:\Windows\System\VpxkfIF.exe
  C:\Windows\System\VpxkfIF.exe
  2⤵
  PID:12108
- C:\Windows\System\uUBSWta.exe
  C:\Windows\System\uUBSWta.exe
  2⤵
  PID:12180
- C:\Windows\System\VAmTagG.exe
  C:\Windows\System\VAmTagG.exe
  2⤵
  PID:12224
- C:\Windows\System\OPBrdEr.exe
  C:\Windows\System\OPBrdEr.exe
  2⤵
  PID:12216
- C:\Windows\System\oljHtfG.exe
  C:\Windows\System\oljHtfG.exe
  2⤵
  PID:11308
- C:\Windows\System\jSsQtDr.exe
  C:\Windows\System\jSsQtDr.exe
  2⤵
  PID:11352
- C:\Windows\System\XJQoVpb.exe
  C:\Windows\System\XJQoVpb.exe
  2⤵
  PID:11740
- C:\Windows\System\khSiKLJ.exe
  C:\Windows\System\khSiKLJ.exe
  2⤵
  PID:11872
- C:\Windows\System\QDsAIRc.exe
  C:\Windows\System\QDsAIRc.exe
  2⤵
  PID:12020
- C:\Windows\System\lpwrOgI.exe
  C:\Windows\System\lpwrOgI.exe
  2⤵
  PID:12076
- C:\Windows\System\FpZOlsd.exe
  C:\Windows\System\FpZOlsd.exe
  2⤵
  PID:11272
- C:\Windows\System\ROlgDHa.exe
  C:\Windows\System\ROlgDHa.exe
  2⤵
  PID:11420
- C:\Windows\System\dFAceWb.exe
  C:\Windows\System\dFAceWb.exe
  2⤵
  PID:11848
- C:\Windows\System\WEtglsp.exe
  C:\Windows\System\WEtglsp.exe
  2⤵
  PID:11328
- C:\Windows\System\gSuLrlu.exe
  C:\Windows\System\gSuLrlu.exe
  2⤵
  PID:12084
- C:\Windows\System\VYwoKhh.exe
  C:\Windows\System\VYwoKhh.exe
  2⤵
  PID:12300
- C:\Windows\System\QWbGrsj.exe
  C:\Windows\System\QWbGrsj.exe
  2⤵
  PID:12320
- C:\Windows\System\RYolHeL.exe
  C:\Windows\System\RYolHeL.exe
  2⤵
  PID:12368
- C:\Windows\System\UVzypXl.exe
  C:\Windows\System\UVzypXl.exe
  2⤵
  PID:12396
- C:\Windows\System\LNARuUr.exe
  C:\Windows\System\LNARuUr.exe
  2⤵
  PID:12416
- C:\Windows\System\QQPwVXy.exe
  C:\Windows\System\QQPwVXy.exe
  2⤵
  PID:12440
- C:\Windows\System\jxGDOtO.exe
  C:\Windows\System\jxGDOtO.exe
  2⤵
  PID:12464
- C:\Windows\System\YzajzOp.exe
  C:\Windows\System\YzajzOp.exe
  2⤵
  PID:12488
- C:\Windows\System\qNJNJvh.exe
  C:\Windows\System\qNJNJvh.exe
  2⤵
  PID:12516
- C:\Windows\System\ijHhbxR.exe
  C:\Windows\System\ijHhbxR.exe
  2⤵
  PID:12552
- C:\Windows\System\Yfhddio.exe
  C:\Windows\System\Yfhddio.exe
  2⤵
  PID:12584
- C:\Windows\System\aeDabKo.exe
  C:\Windows\System\aeDabKo.exe
  2⤵
  PID:12608
- C:\Windows\System\AMlkgMQ.exe
  C:\Windows\System\AMlkgMQ.exe
  2⤵
  PID:12652
- C:\Windows\System\fMbrOiv.exe
  C:\Windows\System\fMbrOiv.exe
  2⤵
  PID:12676
- C:\Windows\System\fZhASkL.exe
  C:\Windows\System\fZhASkL.exe
  2⤵
  PID:12696
- C:\Windows\System\FMbqQsZ.exe
  C:\Windows\System\FMbqQsZ.exe
  2⤵
  PID:12712
- C:\Windows\System\Ocdttxj.exe
  C:\Windows\System\Ocdttxj.exe
  2⤵
  PID:12752
- C:\Windows\System\uIoHaLJ.exe
  C:\Windows\System\uIoHaLJ.exe
  2⤵
  PID:12780
- C:\Windows\System\mpQstrl.exe
  C:\Windows\System\mpQstrl.exe
  2⤵
  PID:12808
- C:\Windows\System\rzWqOtM.exe
  C:\Windows\System\rzWqOtM.exe
  2⤵
  PID:12836
- C:\Windows\System\IhYMUgl.exe
  C:\Windows\System\IhYMUgl.exe
  2⤵
  PID:12884
- C:\Windows\System\zzBSoed.exe
  C:\Windows\System\zzBSoed.exe
  2⤵
  PID:12908
- C:\Windows\System\vMHZeqj.exe
  C:\Windows\System\vMHZeqj.exe
  2⤵
  PID:12948
- C:\Windows\System\OozleuC.exe
  C:\Windows\System\OozleuC.exe
  2⤵
  PID:12964
- C:\Windows\System\RSRouMY.exe
  C:\Windows\System\RSRouMY.exe
  2⤵
  PID:12980
- C:\Windows\System\DeRxVWY.exe
  C:\Windows\System\DeRxVWY.exe
  2⤵
  PID:13004
- C:\Windows\System\DVTtFVm.exe
  C:\Windows\System\DVTtFVm.exe
  2⤵
  PID:13024
- C:\Windows\System\RrcTayq.exe
  C:\Windows\System\RrcTayq.exe
  2⤵
  PID:13048
- C:\Windows\System\ObaViuE.exe
  C:\Windows\System\ObaViuE.exe
  2⤵
  PID:13084
- C:\Windows\System\UBJnkQe.exe
  C:\Windows\System\UBJnkQe.exe
  2⤵
  PID:13116
- C:\Windows\System\XjxBzdF.exe
  C:\Windows\System\XjxBzdF.exe
  2⤵
  PID:13140
- C:\Windows\System\TBELPoz.exe
  C:\Windows\System\TBELPoz.exe
  2⤵
  PID:13156
- C:\Windows\System\UmLPQhg.exe
  C:\Windows\System\UmLPQhg.exe
  2⤵
  PID:13184
- C:\Windows\System\NTBOMfi.exe
  C:\Windows\System\NTBOMfi.exe
  2⤵
  PID:13212
- C:\Windows\System\IaZCpSh.exe
  C:\Windows\System\IaZCpSh.exe
  2⤵
  PID:13236
- C:\Windows\System\dLrcjJU.exe
  C:\Windows\System\dLrcjJU.exe
  2⤵
  PID:13256
- C:\Windows\System\gyNoWuJ.exe
  C:\Windows\System\gyNoWuJ.exe
  2⤵
  PID:13284
- C:\Windows\System\rmuMDwT.exe
  C:\Windows\System\rmuMDwT.exe
  2⤵
  PID:10560
- C:\Windows\System\CnFiwef.exe
  C:\Windows\System\CnFiwef.exe
  2⤵
  PID:12336
- C:\Windows\System\ATaOxBn.exe
  C:\Windows\System\ATaOxBn.exe
  2⤵
  PID:12436
- C:\Windows\System\aSHYCjc.exe
  C:\Windows\System\aSHYCjc.exe
  2⤵
  PID:12448
- C:\Windows\System\TLVnWCQ.exe
  C:\Windows\System\TLVnWCQ.exe
  2⤵
  PID:12512
- C:\Windows\System\NMnOnxO.exe
  C:\Windows\System\NMnOnxO.exe
  2⤵
  PID:12604
- C:\Windows\System\myUVgPN.exe
  C:\Windows\System\myUVgPN.exe
  2⤵
  PID:12668
- C:\Windows\System\cfzJZbu.exe
  C:\Windows\System\cfzJZbu.exe
  2⤵
  PID:12704
- C:\Windows\System\mClYkAt.exe
  C:\Windows\System\mClYkAt.exe
  2⤵
  PID:12828
- C:\Windows\System\eZkOViQ.exe
  C:\Windows\System\eZkOViQ.exe
  2⤵
  PID:12920
- C:\Windows\System\Nkhecnb.exe
  C:\Windows\System\Nkhecnb.exe
  2⤵
  PID:12992
- C:\Windows\System\uImcvQN.exe
  C:\Windows\System\uImcvQN.exe
  2⤵
  PID:13016
- C:\Windows\System\jElpnzx.exe
  C:\Windows\System\jElpnzx.exe
  2⤵
  PID:13036
- C:\Windows\System\KSxAMCp.exe
  C:\Windows\System\KSxAMCp.exe
  2⤵
  PID:13228
- C:\Windows\System\KzSaNTv.exe
  C:\Windows\System\KzSaNTv.exe
  2⤵
  PID:13276
- C:\Windows\System\otYpfwn.exe
  C:\Windows\System\otYpfwn.exe
  2⤵
  PID:13268
- C:\Windows\System\DxqvPeK.exe
  C:\Windows\System\DxqvPeK.exe
  2⤵
  PID:13272
- C:\Windows\System\fZIMmRv.exe
  C:\Windows\System\fZIMmRv.exe
  2⤵
  PID:12596
- C:\Windows\System\byuOkOI.exe
  C:\Windows\System\byuOkOI.exe
  2⤵
  PID:12472
- C:\Windows\System\MYEYmrG.exe
  C:\Windows\System\MYEYmrG.exe
  2⤵
  PID:12708
- C:\Windows\System\nlGNvRC.exe
  C:\Windows\System\nlGNvRC.exe
  2⤵
  PID:12692
- C:\Windows\System\zJzxVmP.exe
  C:\Windows\System\zJzxVmP.exe
  2⤵
  PID:13108
- C:\Windows\System\BAiJKTU.exe
  C:\Windows\System\BAiJKTU.exe
  2⤵
  PID:13224
- C:\Windows\System\uMADjaP.exe
  C:\Windows\System\uMADjaP.exe
  2⤵
  PID:11520
- C:\Windows\System\kmOMerf.exe
  C:\Windows\System\kmOMerf.exe
  2⤵
  PID:12744
- C:\Windows\System\HsWwqVO.exe
  C:\Windows\System\HsWwqVO.exe
  2⤵
  PID:12972
- C:\Windows\System\bxFGpVm.exe
  C:\Windows\System\bxFGpVm.exe
  2⤵
  PID:13336
- C:\Windows\System\GHGkHTD.exe
  C:\Windows\System\GHGkHTD.exe
  2⤵
  PID:13372
- C:\Windows\System\zmymylE.exe
  C:\Windows\System\zmymylE.exe
  2⤵
  PID:13400
- C:\Windows\System\AmxkGSq.exe
  C:\Windows\System\AmxkGSq.exe
  2⤵
  PID:13424
- C:\Windows\System\pXBdXGT.exe
  C:\Windows\System\pXBdXGT.exe
  2⤵
  PID:13456
- C:\Windows\System\ywFdCWE.exe
  C:\Windows\System\ywFdCWE.exe
  2⤵
  PID:13484
- C:\Windows\System\VeTIqAh.exe
  C:\Windows\System\VeTIqAh.exe
  2⤵
  PID:13508
- C:\Windows\System\XKUXIBm.exe
  C:\Windows\System\XKUXIBm.exe
  2⤵
  PID:13552
- C:\Windows\System\ofgoFFh.exe
  C:\Windows\System\ofgoFFh.exe
  2⤵
  PID:13584
- C:\Windows\System\pTwaGGx.exe
  C:\Windows\System\pTwaGGx.exe
  2⤵
  PID:13620
- C:\Windows\System\jXsyrEK.exe
  C:\Windows\System\jXsyrEK.exe
  2⤵
  PID:13652
- C:\Windows\System\snwCdTG.exe
  C:\Windows\System\snwCdTG.exe
  2⤵
  PID:13688
- C:\Windows\System\dTmfKLk.exe
  C:\Windows\System\dTmfKLk.exe
  2⤵
  PID:13704
- C:\Windows\System\CUWtjAy.exe
  C:\Windows\System\CUWtjAy.exe
  2⤵
  PID:13732
- C:\Windows\System\tTqykOg.exe
  C:\Windows\System\tTqykOg.exe
  2⤵
  PID:13760
- C:\Windows\System\uuCmLfn.exe
  C:\Windows\System\uuCmLfn.exe
  2⤵
  PID:13788
- C:\Windows\System\cfMPkll.exe
  C:\Windows\System\cfMPkll.exe
  2⤵
  PID:13816
- C:\Windows\System\LTKRsbO.exe
  C:\Windows\System\LTKRsbO.exe
  2⤵
  PID:13836
- C:\Windows\System\oYABeQW.exe
  C:\Windows\System\oYABeQW.exe
  2⤵
  PID:13872
- C:\Windows\System\iHtiYBW.exe
  C:\Windows\System\iHtiYBW.exe
  2⤵
  PID:13892
- C:\Windows\System\KGdDVSh.exe
  C:\Windows\System\KGdDVSh.exe
  2⤵
  PID:13920
- C:\Windows\System\gyZYAAQ.exe
  C:\Windows\System\gyZYAAQ.exe
  2⤵
  PID:13944
- C:\Windows\System\QcnWRal.exe
  C:\Windows\System\QcnWRal.exe
  2⤵
  PID:13976
- C:\Windows\System\ztlSgfs.exe
  C:\Windows\System\ztlSgfs.exe
  2⤵
  PID:14000
- C:\Windows\System\OHavelt.exe
  C:\Windows\System\OHavelt.exe
  2⤵
  PID:14040
- C:\Windows\System\xEkejfj.exe
  C:\Windows\System\xEkejfj.exe
  2⤵
  PID:14072
- C:\Windows\System\TPNYzaV.exe
  C:\Windows\System\TPNYzaV.exe
  2⤵
  PID:14096
- C:\Windows\System\iFohSTA.exe
  C:\Windows\System\iFohSTA.exe
  2⤵
  PID:14124
- C:\Windows\System\FpOWwkk.exe
  C:\Windows\System\FpOWwkk.exe
  2⤵
  PID:14148
- C:\Windows\System\vmkIjLi.exe
  C:\Windows\System\vmkIjLi.exe
  2⤵
  PID:14168
- C:\Windows\System\XUQEtAM.exe
  C:\Windows\System\XUQEtAM.exe
  2⤵
  PID:14196
- C:\Windows\System\mnZEDcC.exe
  C:\Windows\System\mnZEDcC.exe
  2⤵
  PID:14212
- C:\Windows\System\oLlwXEa.exe
  C:\Windows\System\oLlwXEa.exe
  2⤵
  PID:14232
- C:\Windows\System\wiAKDQG.exe
  C:\Windows\System\wiAKDQG.exe
  2⤵
  PID:14264
- C:\Windows\System\bkImvOl.exe
  C:\Windows\System\bkImvOl.exe
  2⤵
  PID:14288
- C:\Windows\System\LkaRspN.exe
  C:\Windows\System\LkaRspN.exe
  2⤵
  PID:14312
- C:\Windows\System\ZdEGhJm.exe
  C:\Windows\System\ZdEGhJm.exe
  2⤵
  PID:12576
- C:\Windows\System\tQYhhvZ.exe
  C:\Windows\System\tQYhhvZ.exe
  2⤵
  PID:13112
- C:\Windows\System\zUhuwKn.exe
  C:\Windows\System\zUhuwKn.exe
  2⤵
  PID:13408
- C:\Windows\System\eSguoyI.exe
  C:\Windows\System\eSguoyI.exe
  2⤵
  PID:13444
- C:\Windows\System\szIHUCX.exe
  C:\Windows\System\szIHUCX.exe
  2⤵
  PID:13520
- C:\Windows\System\ROLNRJL.exe
  C:\Windows\System\ROLNRJL.exe
  2⤵
  PID:13576
- C:\Windows\System\FHwigqc.exe
  C:\Windows\System\FHwigqc.exe
  2⤵
  PID:13660
- C:\Windows\System\PXkmFmj.exe
  C:\Windows\System\PXkmFmj.exe
  2⤵
  PID:13696
- C:\Windows\System\lugMxUq.exe
  C:\Windows\System\lugMxUq.exe
  2⤵
  PID:13800
- C:\Windows\System\KgtyRpx.exe
  C:\Windows\System\KgtyRpx.exe
  2⤵
  PID:13832
- C:\Windows\System\RvOEDvj.exe
  C:\Windows\System\RvOEDvj.exe
  2⤵
  PID:13912
- C:\Windows\System\EDoAFGM.exe
  C:\Windows\System\EDoAFGM.exe
  2⤵
  PID:13972
- C:\Windows\System\GCtRqcm.exe
  C:\Windows\System\GCtRqcm.exe
  2⤵
  PID:14020
- C:\Windows\System\ObdgVbR.exe
  C:\Windows\System\ObdgVbR.exe
  2⤵
  PID:14088
- C:\Windows\System\xRJiniD.exe
  C:\Windows\System\xRJiniD.exe
  2⤵
  PID:14136
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14136 -s 248
    3⤵
    PID:13776
- C:\Windows\System\GeOirTH.exe
  C:\Windows\System\GeOirTH.exe
  2⤵
  PID:14204
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14204 -s 248
    3⤵
    PID:13984

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CGYfZzo.exe

Filesize
1.7MB

MD5
999d4d8a6439236c179753994174889c

SHA1
6fd05b481fee30f73afce961e7ace31c5945d990

SHA256
8469dc3dfb2fa57ad58e368ab5994491be9fccdf4f7d987a9152c1fcd743c681

SHA512
3eeddbc3528bda6fafefde1aad8cf7f9f205b61d284475520de168431c3c681dd662d39bdf906ce4a53f71dd11a8cd95a2ddd275756ffd569b7222a8b8ea14e3

Download Submit
C:\Windows\System\GAucocY.exe

Filesize
1.7MB

MD5
393e38bf9a30181bfc4fcfa974d0df24

SHA1
cc0ebd10967dfd5fda36a5602baf6f8432c60c65

SHA256
fcb12760c998d1309a03242526c8533af70ea432bcddf4517196fc8259495fef

SHA512
ddcba98c210be37a69f618b281dc12a24eac4ab4f049abffc79f4957e2be448549436c4a4b70f14a6967dc2557d70b7d14e6f86fc89ec8d4d07c7f7346ecce16

Download Submit
C:\Windows\System\HbZemET.exe

Filesize
1.7MB

MD5
6ffd9d47e5da409b1328cdffc17c3f3c

SHA1
50ac1f108107d83a8fb5e4de67abf70d0c9f1e0e

SHA256
ff8954ee9cf27ccac4e251ff7160c3e623385230fdbd2512eb26c1df981868e6

SHA512
269c5a0aa267e006a4712f8b79815456da04b6f410f5a4705161b210ae7cb03d9803d902d7e48d50baeed83261172f91a4a34bd3788bd2ce20c34e0ea356d328

Download Submit
C:\Windows\System\IfmFiQW.exe

Filesize
1.7MB

MD5
7cf15a79f697d93bfc53c00e422725b6

SHA1
4416cfa1ccdd4a4319efe4b9db9cf64143e29849

SHA256
88b738a50a720407810a34a628e6e14626bf92004a2db4cc62dc59edada464ab

SHA512
bda3407208c38973b78aad10cad4a7d69462f9d9f509a7e3ac690471701934d5ee541c4ed94e7c8b96da9c26779d0fac3ca3ae0e270284cc43bf790b87b55948

Download Submit
C:\Windows\System\OnOSrNJ.exe

Filesize
1.7MB

MD5
4cca8075ca10e096d6e2fc0138abebe3

SHA1
1afcab7224909c9309b83b9bbba679141956b949

SHA256
ea540a44337bf872c2da5a90e798f46754bebab1652e5592f20f2983a393acc5

SHA512
0c468dae170c546545a4bbfba10a52ca160e11dabc94057174547913626367f032297d150d847f97aa2a03e102f70dbe262f090889b9705e829a43eaf0c256f5

Download Submit
C:\Windows\System\QvnrOZZ.exe

Filesize
1.7MB

MD5
11537976be8b42a849b5776777d32d72

SHA1
2c10bd1ecf3b741d9ea5ec093bb53712d7dee9cf

SHA256
0d94465fc6a4356588ba000448e2878510f336cda194d4953e5de69d1e7b0b92

SHA512
c54aaac28ef8c569366587f02f8597da672bf58f1ad33c455482ea4f44c9503a0f25b0e97da32534e26ba699ce1b4c3e5593be5a446f868bf918abeaadcb7465

Download Submit
C:\Windows\System\RhCWMIN.exe

Filesize
1.7MB

MD5
2c5750b3f03534e02b68cf181b44283e

SHA1
eab6d340d30967c2ea5105a4522d4356acfd55f7

SHA256
b5070f9e9ba425dda26873585813341a262949cd414464a8a662c1de2ea0f134

SHA512
691472388ddbdcb84813d25aa6eadc33c46fea2b70409207f8a5dd1bf5770c93ec67b62aa8e139d33b2e70959bc986607eff9cacafd2d17891c16178b0bc5f02

Download Submit
C:\Windows\System\SvwSKHb.exe

Filesize
1.7MB

MD5
29d6639fe39d2fc0a3e29be9d2315f18

SHA1
153124250745abbcceb6f37db2224f493cd17da7

SHA256
d71013ad3d20875cf0ef815c87b2a47455d8dbba955b48a0bd0f23ce04a475c9

SHA512
a268a20602817659999e0351f99927c3c7b7766b65893247ef031b5979dad34a9c18cc86fae03a79f522e511ee0065f7122e4edc4d21a7b170e1823b30e518c5

Download Submit
C:\Windows\System\TUxAWeT.exe

Filesize
1.7MB

MD5
4444f10240a5a54b4c4a93002ddf1e02

SHA1
175d54199450787fcb66d49dedd1d5977e0e3cfa

SHA256
8e6f87f5e412344e9627115daeea4b4418c2f63e9003b1fa34eea57a79511226

SHA512
724d0adec036950ad9b4137ece71185179312db843b5453a4fc101acbb61e730b00ceb4e9e8426cd97ee6bf2c59532b7fea9b6595c6230998d48da6650d4c9a2

Download Submit
C:\Windows\System\UVWShEA.exe

Filesize
1.7MB

MD5
746f956e022396cfe481c23181f6c864

SHA1
135614464226950fc72d3ce9dbeaf15cc7b34a7f

SHA256
aa6af10e86534af18109d24b29fa75eab5a0ebed50b577ceb88eb83d0e3a4b96

SHA512
36830a03c860b445e576d4344135fe12804fdb79e0d4d6654249bcc314fed3fe1d9aca7ab4a4802b509fa532b50dd7cde4bfd7f1468b608f6fb1dc40e2ef6dc3

Download Submit
C:\Windows\System\VoQHxCH.exe

Filesize
1.7MB

MD5
247c97782c7da93e1fbeb146c58901b0

SHA1
9a776fc61cc463d8490476064449f44eb34258a7

SHA256
661ff97353f87a11624e530f2a303890fe3746f60b1edb53038cefb9cba0670b

SHA512
7c9b26cece97a8fdebfbb9585c6872b2e87f9969baecc4e9897f9f806085c73de742fd5d15cddfa8323087c7e78b2ee485c9a7702594a00e3b6f44296eff7da5

Download Submit
C:\Windows\System\bkSSDFK.exe

Filesize
1.7MB

MD5
6b082320142651647b391ae561c1d4e8

SHA1
93272d023c2afb984cd2d5bddb7291567558fa5f

SHA256
2536894d96089a5cb284351affd925ec697e1e62034bf60ef5e8c675cc5f5a98

SHA512
d4750292b8da8ee3be4df8d147039c054e136ebc6389801dca417f90119a8e6805d24f97f2f2f770ba74abb4d5634813a5a349403229c86ca0756198c3fe95cd

Download Submit
C:\Windows\System\blYZLVo.exe

Filesize
1.7MB

MD5
ed8945f8f9557e454931e4cf44f5d51f

SHA1
8f312791c9f2119f4c6a7420275b27b52000cbf8

SHA256
fbd1a96e81e4caefc3a8784134bd76b51fcab4e8b1da2cdda36bb9d719fd10d1

SHA512
433f2230e12181079e25e209243ee37bcb7b212a9b67d79cbe1b6c66a304795e57a8224b013fb0dfd6b64ee30c9aafb6bc1f7cefe20c9869ed9928e337e5ce1a

Download Submit
C:\Windows\System\cGCPrdl.exe

Filesize
1.7MB

MD5
e9cdd6ee66ca7180e37f94784429132e

SHA1
a23767dd61efb41971d704a1dbb0c3d192b11b3b

SHA256
df1eaf3beb123d11d536512074552e73142a27f7f55d6cb28bb666e3f01551a3

SHA512
c5b7237c4f572110ae64f8009e7e5de3d290df31f0f68a2455458384e6091f70acd25c4de0faf45b7c5f14867126e19b7096a4a630dca405db3f4014dc6ee4fa

Download Submit
C:\Windows\System\cmXXePX.exe

Filesize
1.7MB

MD5
8171e1cc8add854557f12ce377bc59eb

SHA1
54407e80f0682e50549c9c254f78193b46d420ba

SHA256
3f8bd7681513d7d31c1be6de4aa0f98867cb88e9c228b8effa17b6bf1d552117

SHA512
b084436d6e1927867205af3e6d9b4a8790a8399a985530594007943ba8ec3b7e5507ee4b636b3540fbae7e2554afec0404867d2bbb95b6a4df068c841583fc73

Download Submit
C:\Windows\System\dQmRnME.exe

Filesize
1.7MB

MD5
07fe2a775dbd20b427b30b72d73e2cd6

SHA1
05d0c23d060c72871155b3c9cb7f0eef06d5231a

SHA256
874a83d7986459c2e77f53d8f3d97a6c62a0e8969874bcbbc95bfd906bc7aa9b

SHA512
56e9d466743aa15e362f8abb45e40b0e4a1545e3774facd74bd81243c04835e3a99ba2e0073755de5ee009c07afabdfec71bff440a2834e1eba265fb7f4361bd

Download Submit
C:\Windows\System\eAuZRRT.exe

Filesize
1.7MB

MD5
f7d457a2c3a02afbf90c5a4222201602

SHA1
5c753869bee2833768b06819fa340fce492aef0c

SHA256
bead08e83ba4549b593476b09b543f1b5e2a25f70ff471c5945ed3d053983344

SHA512
126d5aa61d7b09fa6963c0c60e1d9666a1f26a0034fd05cbba401610497ac2060418918ecd9cc097a32bd22910f4166125fcbd88ed2e8df546a9b8ca42998007

Download Submit
C:\Windows\System\fOwWePw.exe

Filesize
1.7MB

MD5
4a444ad270b2ad60aeb1d58ebbf936b1

SHA1
4b268a700b28c1495f9f42268f00f6180a836f78

SHA256
163f7d77954c3a235ff72fdfa3035714caeda4100c9584e049074008aa759d2c

SHA512
1c1280d5b389cbd0d19207533c056cd2a0babc54ab7b8b5a34adca1ab311fa8cc4574cb31bedebc3e387d30ccd2792a927a549be0873fc1a54c0ece071e0b4e9

Download Submit
C:\Windows\System\hSfjGqO.exe

Filesize
1.7MB

MD5
7d6e93e5a9e8f4d7e01316b289976586

SHA1
ca7065b629065d5190ab2b974043708a48101bcd

SHA256
531c794071688158094e528be70608d01588560506729a63f3d363c486884c1d

SHA512
da230ac3d607208ca0a141f7541427644f1ecc6f836e0847e4f0d39897db3d0ac75e8c3d93e28d4ee49b4c54b6063d2f8ca934b2a7885f8278524bacf03e5d30

Download Submit
C:\Windows\System\jZQtYsY.exe

Filesize
1.7MB

MD5
b4e765a8d917772f9a617c27e3c5a53a

SHA1
c22b8ce0df6080d273a91e19644ca45dc76014cb

SHA256
1ebbe26780448c73e2b3ecdd9b54175116c5cb1a6d76a8f458677795884f3148

SHA512
e7184113cc9fd007b268d1ccad9877b74d3535a0d647443ffb3d1b02296afb328a56b1da5d97a3357c1aa46a293c2295da6227730466c0424f0a90d6519bde4b

Download Submit
C:\Windows\System\jrrZxRC.exe

Filesize
1.7MB

MD5
bc5f9e32395153ea197fe41cd10ffe71

SHA1
7661d8ce409d2bbce3ad513b7ed5d9e631032399

SHA256
7a52fc073886cb918d996e262be913f46c16ade642f459d8f067fb9c885d7b55

SHA512
869c44bf84ec1ddc979088023e82968049fab575af312e8fe44e335c7eff3a6913faf6899a66b2d1110c273895551a252c939a5797091ddf39794d7c4d7b3800

Download Submit
C:\Windows\System\jvvkJvu.exe

Filesize
1.7MB

MD5
1f15f275e2bf72bf2c47345818d2f75f

SHA1
914b5f6f616ee8df594f0bbb6ad99b46e15b4ae0

SHA256
0554995892c0cfaa8d37f2f82f744d1cae7f5e3f9b2d2ce01d857a7b804d8b5b

SHA512
c9395d7803699d66598b92bfa3d936d1440695fae3774a676a872a21609e0fe16863bfe4511938e80a22c6b3ac0128b4262a8869800144c2129d8677da72f9a9

Download Submit
C:\Windows\System\lKdcNDS.exe

Filesize
1.7MB

MD5
76c3c9934cdbd58e977768c72b6830dc

SHA1
17a4e86e2dc63d30660172e23e01338dc88bf9d2

SHA256
331717f7430258cbf4c452623765027975eaf23ed870d055c3d1b8bf3e988e1e

SHA512
b9616939e311e39a943117cc72af63e2c8706bc2a65f6012dfde93f812996a28486aa99271ca34b1958b3fc405851e3b9135d890e3c82b9f466b01b52b9c2829

Download Submit
C:\Windows\System\nTKrXRP.exe

Filesize
1.7MB

MD5
5a82e5bc8cf2123b18d878e2e8cac8e5

SHA1
cf5cc84fc752a7a709ae1e6261b01997c8cd4f75

SHA256
1e3d564c3d4aa67ced47e426e2b34bc6c7178d6070d43efd7cbcb9d973d299ca

SHA512
edc9a8496cc90f2be781d2c60e4604b9e0329f4de6829ae4e9a57138bbb718e2bbbe4c8d9f1d9815034a14cd146e2876957e5c18e00c9a24c5d45169311d1f28

Download Submit
C:\Windows\System\npazpQq.exe

Filesize
1.7MB

MD5
aa0b766dc6d53f205ffa9b8f148ac814

SHA1
5780b8fa7de9b3ded626c08698421401f1d91772

SHA256
4cea26e1687924490259eb72faddf184540642fe687febdc5f48363b1e9fb759

SHA512
0feaf642ebf9d9882eb9a1accb18d740fdf9be0379a9dcce6dcb1beef0eb72a2686a127de4fd8e7ccfcb3c269735afcee25b97f8bfbfdcffdd98d17c53d2ab72

Download Submit
C:\Windows\System\ppbYOmR.exe

Filesize
1.7MB

MD5
90cdbfdde5929ab17873365979f5ec9d

SHA1
4709f434805045f2ffead6b9e4a7af2c1174f730

SHA256
ef48b2ca5f08797d3b2fd0d628ddb1163b9d17e85be59a40be021a397dbd3488

SHA512
72129e9e9696a789d185d50697130f24b9aed592981b27127f9d5a8f3585d1fb14ae284b1dc1d7214880a581faeb926e00ea9fb1eadb3eaa849684f0951efc9c

Download Submit
C:\Windows\System\qvEjCTJ.exe

Filesize
1.7MB

MD5
a05b7cca75948942a006604a074db38b

SHA1
0eaa19e8c644ae478dd04e887f4d06fc7cb9fec6

SHA256
4fcbda19b4f5403d5f8f6eb1453f18bae2799ae0bdf0a365fe370128bcbba22d

SHA512
9f03e12bbb9c8b77455f9ad8090b1714ada0eff1f32c1ce7e854b0eff7bad4cb808decebaaa4febace58ae10cde6645969c6316e3c78cb666b893d116febdf20

Download Submit
C:\Windows\System\rcfXAJh.exe

Filesize
1.7MB

MD5
e7468bcc57b0ec68389f2b44f1c7efff

SHA1
d943e5f9380694e93c04934450e8d17b5591639c

SHA256
6b77d79d72795418b08c1031eaf7c6206f11e1c2a1d50ab1ad5b0f875647ba2e

SHA512
25b7bf6ba7199e8361d08df4714b2cfab9612aeeeeabbde56819a77f3895a8e1c6820d5a424137591c365a1ae057298b7f31a2fe22d5663bb40c48e65e86c973

Download Submit
C:\Windows\System\sKwQMNB.exe

Filesize
1.7MB

MD5
d692d4719fc246b8d27180ebd44b10a4

SHA1
af45350b2f2e917f2027787e76408b8719df8a38

SHA256
af2b754203645037525bbe5df3aca05ea5fb8b80b21008721b56b8400ef1d8bd

SHA512
934b330d57f11b15ff7a91ea86f08451443e8aba02d8d8e0d6cc51004e00f94e454dbada7c82a63683659e394edd22a35ac4e0bc862dfb463759b5ec7bd66789

Download Submit
C:\Windows\System\sPpgWZz.exe

Filesize
1.7MB

MD5
260bcc9973c538f4fa8a07c73ad720cb

SHA1
ca38c58fc6120a63219c5410dc8fd833b727f00b

SHA256
d9eec8782f6a91dbc7704e7fba34d9053d79dce5b52a8ac6026427e563c1af76

SHA512
1c7606d187e6ccf1d8fb22194ae091be6049bcda40afdb382553e4c2473c0d3ee0482dd6219cd4ae7d30e1b51b21d8991948e8f27afe5acaf70298f2ae6b5c17

Download Submit
C:\Windows\System\uQfZajR.exe

Filesize
1.7MB

MD5
f36d2d93cf89ddf6b48db85e1a5138a7

SHA1
e4a0beec01e47e92120eea8f36fae05765752af0

SHA256
216c0758f7246f67d0f638e037c1364edac2c7d056e07700b6b2d86eb6946a0b

SHA512
437b70a8d279ce936ffd28f98e2c758807c8b91ea637788ee91a6e8e0651c83f84cea58b89a31999624fd8666db76140743c6bef3ff822c58f8055ccb5e39f38

Download Submit
C:\Windows\System\vddKJjb.exe

Filesize
1.7MB

MD5
1e77d000532247609f0c5d9befa72886

SHA1
e3761ca0a3074d2301351d1eda104117bb55d040

SHA256
0ab57c2d9cdecdfbe4f46e2cbe565b142c29dff147b49ddfb54cbd02c5303f5d

SHA512
3efb19c0457dc5d3058d07bc8b3630ad66778f8c6ee3de3c67e62e7f1dcf0b881acc7596e06e43053bc352b8cbbc24f4723df93f2beb8cbdda4de3f7505a1641

Download Submit
C:\Windows\System\xRJswyF.exe

Filesize
1.7MB

MD5
acfe3760906b289e0d9752f5eef93423

SHA1
4deed01358b6a2883a37d37e128cb94c1a2b9f1b

SHA256
e37620b9ff4953ba71e11b1ddff906002e48b9267e2e1f5f1dfd0491eeee9207

SHA512
b064be653b313a48adf04b49e5ed92f3d5424d77ab76e2bb1ee4fdfad6644f91b198d5246622d4ae402e7acd3dd5286c90eae4835cc8406ccc9cac9407461bfb

Download Submit
C:\Windows\System\xykTVAk.exe

Filesize
1.7MB

MD5
06f83905123b2de3fd77f39a623adc99

SHA1
aa64dfb2c5ca76b6b2ccc61c964d4354c0dc2f7c

SHA256
9d3745e1ebfcb91f8de83eed4b486017b7791e8f0b43153847ccca7ce1643ce7

SHA512
36f90ab175aa0358584922bd8db841ec33c8d8d96cebb52a94fb8095d862a8f27fb19e2edc90459ddc65ad6b1e44cee4dab69a6cb5d8bae0f02a2e3aea62d4db

Download Submit
C:\Windows\System\yRqwkmc.exe

Filesize
1.7MB

MD5
9cdc2a2116323acdec3f2f079461ce17

SHA1
429a5c03f845f12555355f30f9f33c137daf02b5

SHA256
6ed0a86db3d8d9e1f61f86290fd1a4232e5ce8e6b95284cc92ad8953a897d0f5

SHA512
ef46cb1406d5fb5619aadf921bc06120d5a3e56c34e1ad96fc6717168bc63e21257b748ee92a4ac92bb7fdc69df5c180137ddbf8956cf9b8eba4d4bc58e38a99

Download Submit
C:\Windows\System\ynznvWb.exe

Filesize
1.7MB

MD5
052cc7e1e4128f370f43c3daddbe1552

SHA1
f53a33ca9abf04d0aba93d73b347952f2376483d

SHA256
b9bf6e1b85e90ea3a15054c0664cf95ebf4fe393559eeca9da770b02e0d69f6f

SHA512
1f4d4dd3d35accc0cedf0b8615ebaa76757e76495ebf4009c2cb4e7a765b2e866659ab12eb440c09826a2c19a2ca8fd81d14ffe101a9ece088769261aaadacd7

Download Submit
C:\Windows\System\zshneyo.exe

Filesize
1.7MB

MD5
6b4e393660a84f0ec9c22c73f3e06bbb

SHA1
528bca4d312e95ca6a1ed7f7a65f1732775b1b8c

SHA256
3dadd9a099054a7e585c1025b67fc55f97d6cbb03343bde0d9885fa5306aff4c

SHA512
bf1c9ca2bb1b9b65d744984d9430d6518acd43a4ae5db92e57ea5b50b69356193e84c16ce8565e6938152c9d63f95e276b42ce92d34b7dc008cbdd6046065551

Download Submit
memory/232-2175-0x00007FF6CA680000-0x00007FF6CA9D4000-memory.dmp

Filesize
3.3MB

Download
memory/232-88-0x00007FF6CA680000-0x00007FF6CA9D4000-memory.dmp

Filesize
3.3MB

Download
memory/384-197-0x00007FF690910000-0x00007FF690C64000-memory.dmp

Filesize
3.3MB

Download
memory/384-2202-0x00007FF690910000-0x00007FF690C64000-memory.dmp

Filesize
3.3MB

Download
memory/740-2178-0x00007FF62C910000-0x00007FF62CC64000-memory.dmp

Filesize
3.3MB

Download
memory/740-114-0x00007FF62C910000-0x00007FF62CC64000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2193-0x00007FF7829A0000-0x00007FF782CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1148-167-0x00007FF7829A0000-0x00007FF782CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2173-0x00007FF7829A0000-0x00007FF782CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1164-220-0x00007FF66B9F0000-0x00007FF66BD44000-memory.dmp

Filesize
3.3MB

Download
memory/1164-2190-0x00007FF66B9F0000-0x00007FF66BD44000-memory.dmp

Filesize
3.3MB

Download
memory/1228-2181-0x00007FF6714B0000-0x00007FF671804000-memory.dmp

Filesize
3.3MB

Download
memory/1228-2172-0x00007FF6714B0000-0x00007FF671804000-memory.dmp

Filesize
3.3MB

Download
memory/1228-52-0x00007FF6714B0000-0x00007FF671804000-memory.dmp

Filesize
3.3MB

Download
memory/1296-2174-0x00007FF751190000-0x00007FF7514E4000-memory.dmp

Filesize
3.3MB

Download
memory/1296-78-0x00007FF751190000-0x00007FF7514E4000-memory.dmp

Filesize
3.3MB

Download
memory/1504-215-0x00007FF72E430000-0x00007FF72E784000-memory.dmp

Filesize
3.3MB

Download
memory/1504-2183-0x00007FF72E430000-0x00007FF72E784000-memory.dmp

Filesize
3.3MB

Download
memory/1568-2192-0x00007FF6178A0000-0x00007FF617BF4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-216-0x00007FF6178A0000-0x00007FF617BF4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2201-0x00007FF614590000-0x00007FF6148E4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-207-0x00007FF614590000-0x00007FF6148E4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2182-0x00007FF78BB90000-0x00007FF78BEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-217-0x00007FF78BB90000-0x00007FF78BEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-2198-0x00007FF699240000-0x00007FF699594000-memory.dmp

Filesize
3.3MB

Download
memory/1916-187-0x00007FF699240000-0x00007FF699594000-memory.dmp

Filesize
3.3MB

Download
memory/2008-204-0x00007FF7FF280000-0x00007FF7FF5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2189-0x00007FF7FF280000-0x00007FF7FF5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-2186-0x00007FF70F920000-0x00007FF70FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2028-219-0x00007FF70F920000-0x00007FF70FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2156-23-0x00007FF661570000-0x00007FF6618C4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-2177-0x00007FF661570000-0x00007FF6618C4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-2197-0x00007FF7C68F0000-0x00007FF7C6C44000-memory.dmp

Filesize
3.3MB

Download
memory/2296-221-0x00007FF7C68F0000-0x00007FF7C6C44000-memory.dmp

Filesize
3.3MB

Download
memory/3272-2200-0x00007FF69AA40000-0x00007FF69AD94000-memory.dmp

Filesize
3.3MB

Download
memory/3272-218-0x00007FF69AA40000-0x00007FF69AD94000-memory.dmp

Filesize
3.3MB

Download
memory/3568-2185-0x00007FF6F4390000-0x00007FF6F46E4000-memory.dmp

Filesize
3.3MB

Download
memory/3568-196-0x00007FF6F4390000-0x00007FF6F46E4000-memory.dmp

Filesize
3.3MB

Download
memory/3652-2194-0x00007FF6E9CC0000-0x00007FF6EA014000-memory.dmp

Filesize
3.3MB

Download
memory/3652-206-0x00007FF6E9CC0000-0x00007FF6EA014000-memory.dmp

Filesize
3.3MB

Download
memory/3768-118-0x00007FF620640000-0x00007FF620994000-memory.dmp

Filesize
3.3MB

Download
memory/3768-2179-0x00007FF620640000-0x00007FF620994000-memory.dmp

Filesize
3.3MB

Download
memory/3784-2195-0x00007FF6E1140000-0x00007FF6E1494000-memory.dmp

Filesize
3.3MB

Download
memory/3784-213-0x00007FF6E1140000-0x00007FF6E1494000-memory.dmp

Filesize
3.3MB

Download
memory/4148-186-0x00007FF686780000-0x00007FF686AD4000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2191-0x00007FF686780000-0x00007FF686AD4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2176-0x00007FF771020000-0x00007FF771374000-memory.dmp

Filesize
3.3MB

Download
memory/4256-42-0x00007FF771020000-0x00007FF771374000-memory.dmp

Filesize
3.3MB

Download
memory/4368-2199-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp

Filesize
3.3MB

Download
memory/4368-212-0x00007FF6E7CE0000-0x00007FF6E8034000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2188-0x00007FF7DB100000-0x00007FF7DB454000-memory.dmp

Filesize
3.3MB

Download
memory/4608-209-0x00007FF7DB100000-0x00007FF7DB454000-memory.dmp

Filesize
3.3MB

Download
memory/4648-2184-0x00007FF676320000-0x00007FF676674000-memory.dmp

Filesize
3.3MB

Download
memory/4648-205-0x00007FF676320000-0x00007FF676674000-memory.dmp

Filesize
3.3MB

Download
memory/4720-1-0x000001F2478B0000-0x000001F2478C0000-memory.dmp

Filesize
64KB

Download
memory/4720-0-0x00007FF627830000-0x00007FF627B84000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2171-0x00007FF627830000-0x00007FF627B84000-memory.dmp

Filesize
3.3MB

Download
memory/4804-214-0x00007FF7180E0000-0x00007FF718434000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2180-0x00007FF7180E0000-0x00007FF718434000-memory.dmp

Filesize
3.3MB

Download
memory/4876-210-0x00007FF649E80000-0x00007FF64A1D4000-memory.dmp

Filesize
3.3MB

Download
memory/4876-2187-0x00007FF649E80000-0x00007FF64A1D4000-memory.dmp

Filesize
3.3MB

Download
memory/5108-2196-0x00007FF66F080000-0x00007FF66F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/5108-211-0x00007FF66F080000-0x00007FF66F3D4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads