xmrig | 9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
Size

1.9MB
MD5

c2bb6b2dcf4ed082027ca5d708b50120
SHA1

d81b4c93604bccd102732b77a26f5560acf35ea9
SHA256

9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f
SHA512

45126ee1e66fedad821a5d9b7589d415475b9b44e6940694313bce2b39c505d6161f15c645dc9942d9046d5c6a9156c076802c475c5f9ea9781386a65cd51f65
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXIZbGb+7Mxexn2NY:BemTLkNdfE0pZrG

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3400-0-0x00007FF61F050000-0x00007FF61F3A4000-memory.dmp	xmrig
behavioral2/memory/4076-6-0x00007FF7A48E0000-0x00007FF7A4C34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023478-10.dat	xmrig
behavioral2/memory/3104-32-0x00007FF789AB0000-0x00007FF789E04000-memory.dmp	xmrig
behavioral2/files/0x000700000002347b-37.dat	xmrig
behavioral2/files/0x000700000002347d-45.dat	xmrig
behavioral2/files/0x0007000000023482-64.dat	xmrig
behavioral2/files/0x0007000000023488-102.dat	xmrig
behavioral2/files/0x0007000000023491-139.dat	xmrig
behavioral2/files/0x0007000000023494-162.dat	xmrig
behavioral2/memory/3664-792-0x00007FF7A0880000-0x00007FF7A0BD4000-memory.dmp	xmrig
behavioral2/memory/1032-793-0x00007FF6306D0000-0x00007FF630A24000-memory.dmp	xmrig
behavioral2/memory/4916-794-0x00007FF7ECFA0000-0x00007FF7ED2F4000-memory.dmp	xmrig
behavioral2/memory/1460-795-0x00007FF6742C0000-0x00007FF674614000-memory.dmp	xmrig
behavioral2/files/0x0007000000023497-169.dat	xmrig
behavioral2/files/0x0007000000023495-167.dat	xmrig
behavioral2/files/0x0007000000023496-164.dat	xmrig
behavioral2/files/0x0007000000023493-157.dat	xmrig
behavioral2/files/0x0007000000023492-152.dat	xmrig
behavioral2/files/0x0007000000023490-142.dat	xmrig
behavioral2/files/0x000700000002348f-137.dat	xmrig
behavioral2/files/0x000700000002348e-132.dat	xmrig
behavioral2/files/0x000700000002348d-127.dat	xmrig
behavioral2/files/0x000700000002348c-122.dat	xmrig
behavioral2/files/0x000700000002348b-117.dat	xmrig
behavioral2/files/0x000700000002348a-112.dat	xmrig
behavioral2/files/0x0007000000023489-107.dat	xmrig
behavioral2/files/0x0007000000023487-97.dat	xmrig
behavioral2/files/0x0007000000023486-92.dat	xmrig
behavioral2/files/0x0007000000023485-87.dat	xmrig
behavioral2/files/0x0007000000023484-82.dat	xmrig
behavioral2/files/0x0007000000023483-77.dat	xmrig
behavioral2/files/0x0007000000023481-67.dat	xmrig
behavioral2/files/0x0007000000023480-62.dat	xmrig
behavioral2/files/0x000700000002347f-54.dat	xmrig
behavioral2/files/0x000700000002347e-50.dat	xmrig
behavioral2/files/0x000700000002347c-40.dat	xmrig
behavioral2/memory/3964-36-0x00007FF710EE0000-0x00007FF711234000-memory.dmp	xmrig
behavioral2/memory/4696-33-0x00007FF6BD0E0000-0x00007FF6BD434000-memory.dmp	xmrig
behavioral2/memory/2756-29-0x00007FF7658B0000-0x00007FF765C04000-memory.dmp	xmrig
behavioral2/files/0x000700000002347a-24.dat	xmrig
behavioral2/files/0x0007000000023479-21.dat	xmrig
behavioral2/memory/220-14-0x00007FF625B90000-0x00007FF625EE4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023474-9.dat	xmrig
behavioral2/memory/1472-796-0x00007FF6BFA60000-0x00007FF6BFDB4000-memory.dmp	xmrig
behavioral2/memory/2872-797-0x00007FF72DCE0000-0x00007FF72E034000-memory.dmp	xmrig
behavioral2/memory/3068-810-0x00007FF74DCB0000-0x00007FF74E004000-memory.dmp	xmrig
behavioral2/memory/1356-828-0x00007FF7674E0000-0x00007FF767834000-memory.dmp	xmrig
behavioral2/memory/5032-854-0x00007FF63F400000-0x00007FF63F754000-memory.dmp	xmrig
behavioral2/memory/540-848-0x00007FF73B390000-0x00007FF73B6E4000-memory.dmp	xmrig
behavioral2/memory/3092-842-0x00007FF6D5840000-0x00007FF6D5B94000-memory.dmp	xmrig
behavioral2/memory/4540-832-0x00007FF7D21A0000-0x00007FF7D24F4000-memory.dmp	xmrig
behavioral2/memory/4072-822-0x00007FF7DA2C0000-0x00007FF7DA614000-memory.dmp	xmrig
behavioral2/memory/2060-817-0x00007FF70ABF0000-0x00007FF70AF44000-memory.dmp	xmrig
behavioral2/memory/4268-805-0x00007FF653E90000-0x00007FF6541E4000-memory.dmp	xmrig
behavioral2/memory/760-862-0x00007FF6D94F0000-0x00007FF6D9844000-memory.dmp	xmrig
behavioral2/memory/5076-858-0x00007FF72EEC0000-0x00007FF72F214000-memory.dmp	xmrig
behavioral2/memory/3064-888-0x00007FF74A0E0000-0x00007FF74A434000-memory.dmp	xmrig
behavioral2/memory/5064-887-0x00007FF7D4670000-0x00007FF7D49C4000-memory.dmp	xmrig
behavioral2/memory/1364-882-0x00007FF690E80000-0x00007FF6911D4000-memory.dmp	xmrig
behavioral2/memory/3616-877-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp	xmrig
behavioral2/memory/2552-875-0x00007FF7C6ED0000-0x00007FF7C7224000-memory.dmp	xmrig
behavioral2/memory/3588-867-0x00007FF7B0E00000-0x00007FF7B1154000-memory.dmp	xmrig
behavioral2/memory/4076-2099-0x00007FF7A48E0000-0x00007FF7A4C34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4076	YsHFDXF.exe
220	GNVSibb.exe
2756	fAuBCzT.exe
3104	NVuRegJ.exe
4696	poqHypw.exe
3964	LohWDeN.exe
3664	CkaGoNY.exe
1032	LldjDoq.exe
4916	ImsLGgj.exe
1460	DaCbBhJ.exe
1472	Rnokmwd.exe
2872	kfPXOwK.exe
4268	VuwPfpD.exe
3068	TWqGasb.exe
2060	YiPXHnk.exe
4072	OLscbYM.exe
1356	OVGpLJM.exe
4540	agtjTgY.exe
3092	DhOdhQr.exe
540	kYUgtee.exe
5032	MtPNujs.exe
5076	KitgjHt.exe
760	nxuggaW.exe
3588	sFfWaTK.exe
2552	TQhOiOh.exe
3616	aVUvxXv.exe
1364	ZdeZzzP.exe
5064	kakSCks.exe
3064	FzzduUE.exe
1560	OIZkATP.exe
1952	phNrgLu.exe
2764	oRrMUxc.exe
3960	zfDGiyZ.exe
4672	MavsMNt.exe
2236	YCPVtcr.exe
4876	SMjCGhM.exe
3832	vbDPgct.exe
1516	vFCjURu.exe
5056	erclDbC.exe
3688	tOhiOeq.exe
676	KJCopdo.exe
4300	pGYgFOD.exe
2284	kHfCGAy.exe
3480	yDUFjLa.exe
4468	cfgpQjK.exe
4380	CMVdtrg.exe
2836	NXiUXWV.exe
512	XsSmXNJ.exe
5020	ZeXKgGl.exe
3892	psLOzRm.exe
5024	hOBgngQ.exe
4220	eXYhDCf.exe
3620	qLwdmxE.exe
3932	dhflYpy.exe
2388	Xxyantd.exe
4768	qowrTDB.exe
1116	nuiAvyh.exe
228	TMlrZnv.exe
4040	DsLFfiB.exe
3360	kIUFeSL.exe
2904	sfchlAg.exe
3912	AfVCQnM.exe
5004	NEJMhxr.exe
1928	ZiKSWGN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3400-0-0x00007FF61F050000-0x00007FF61F3A4000-memory.dmp	upx
behavioral2/memory/4076-6-0x00007FF7A48E0000-0x00007FF7A4C34000-memory.dmp	upx
behavioral2/files/0x0007000000023478-10.dat	upx
behavioral2/memory/3104-32-0x00007FF789AB0000-0x00007FF789E04000-memory.dmp	upx
behavioral2/files/0x000700000002347b-37.dat	upx
behavioral2/files/0x000700000002347d-45.dat	upx
behavioral2/files/0x0007000000023482-64.dat	upx
behavioral2/files/0x0007000000023488-102.dat	upx
behavioral2/files/0x0007000000023491-139.dat	upx
behavioral2/files/0x0007000000023494-162.dat	upx
behavioral2/memory/3664-792-0x00007FF7A0880000-0x00007FF7A0BD4000-memory.dmp	upx
behavioral2/memory/1032-793-0x00007FF6306D0000-0x00007FF630A24000-memory.dmp	upx
behavioral2/memory/4916-794-0x00007FF7ECFA0000-0x00007FF7ED2F4000-memory.dmp	upx
behavioral2/memory/1460-795-0x00007FF6742C0000-0x00007FF674614000-memory.dmp	upx
behavioral2/files/0x0007000000023497-169.dat	upx
behavioral2/files/0x0007000000023495-167.dat	upx
behavioral2/files/0x0007000000023496-164.dat	upx
behavioral2/files/0x0007000000023493-157.dat	upx
behavioral2/files/0x0007000000023492-152.dat	upx
behavioral2/files/0x0007000000023490-142.dat	upx
behavioral2/files/0x000700000002348f-137.dat	upx
behavioral2/files/0x000700000002348e-132.dat	upx
behavioral2/files/0x000700000002348d-127.dat	upx
behavioral2/files/0x000700000002348c-122.dat	upx
behavioral2/files/0x000700000002348b-117.dat	upx
behavioral2/files/0x000700000002348a-112.dat	upx
behavioral2/files/0x0007000000023489-107.dat	upx
behavioral2/files/0x0007000000023487-97.dat	upx
behavioral2/files/0x0007000000023486-92.dat	upx
behavioral2/files/0x0007000000023485-87.dat	upx
behavioral2/files/0x0007000000023484-82.dat	upx
behavioral2/files/0x0007000000023483-77.dat	upx
behavioral2/files/0x0007000000023481-67.dat	upx
behavioral2/files/0x0007000000023480-62.dat	upx
behavioral2/files/0x000700000002347f-54.dat	upx
behavioral2/files/0x000700000002347e-50.dat	upx
behavioral2/files/0x000700000002347c-40.dat	upx
behavioral2/memory/3964-36-0x00007FF710EE0000-0x00007FF711234000-memory.dmp	upx
behavioral2/memory/4696-33-0x00007FF6BD0E0000-0x00007FF6BD434000-memory.dmp	upx
behavioral2/memory/2756-29-0x00007FF7658B0000-0x00007FF765C04000-memory.dmp	upx
behavioral2/files/0x000700000002347a-24.dat	upx
behavioral2/files/0x0007000000023479-21.dat	upx
behavioral2/memory/220-14-0x00007FF625B90000-0x00007FF625EE4000-memory.dmp	upx
behavioral2/files/0x0008000000023474-9.dat	upx
behavioral2/memory/1472-796-0x00007FF6BFA60000-0x00007FF6BFDB4000-memory.dmp	upx
behavioral2/memory/2872-797-0x00007FF72DCE0000-0x00007FF72E034000-memory.dmp	upx
behavioral2/memory/3068-810-0x00007FF74DCB0000-0x00007FF74E004000-memory.dmp	upx
behavioral2/memory/1356-828-0x00007FF7674E0000-0x00007FF767834000-memory.dmp	upx
behavioral2/memory/5032-854-0x00007FF63F400000-0x00007FF63F754000-memory.dmp	upx
behavioral2/memory/540-848-0x00007FF73B390000-0x00007FF73B6E4000-memory.dmp	upx
behavioral2/memory/3092-842-0x00007FF6D5840000-0x00007FF6D5B94000-memory.dmp	upx
behavioral2/memory/4540-832-0x00007FF7D21A0000-0x00007FF7D24F4000-memory.dmp	upx
behavioral2/memory/4072-822-0x00007FF7DA2C0000-0x00007FF7DA614000-memory.dmp	upx
behavioral2/memory/2060-817-0x00007FF70ABF0000-0x00007FF70AF44000-memory.dmp	upx
behavioral2/memory/4268-805-0x00007FF653E90000-0x00007FF6541E4000-memory.dmp	upx
behavioral2/memory/760-862-0x00007FF6D94F0000-0x00007FF6D9844000-memory.dmp	upx
behavioral2/memory/5076-858-0x00007FF72EEC0000-0x00007FF72F214000-memory.dmp	upx
behavioral2/memory/3064-888-0x00007FF74A0E0000-0x00007FF74A434000-memory.dmp	upx
behavioral2/memory/5064-887-0x00007FF7D4670000-0x00007FF7D49C4000-memory.dmp	upx
behavioral2/memory/1364-882-0x00007FF690E80000-0x00007FF6911D4000-memory.dmp	upx
behavioral2/memory/3616-877-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp	upx
behavioral2/memory/2552-875-0x00007FF7C6ED0000-0x00007FF7C7224000-memory.dmp	upx
behavioral2/memory/3588-867-0x00007FF7B0E00000-0x00007FF7B1154000-memory.dmp	upx
behavioral2/memory/4076-2099-0x00007FF7A48E0000-0x00007FF7A4C34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OlDwdwf.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\tQpLMbY.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\cYICnyp.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\pGYgFOD.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\zHgdSVv.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\CsOPNii.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\BUgkGET.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\ClgrnMI.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\uPGIHgJ.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\AFbdsAZ.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\nVepFBS.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\KvWFMaX.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\wOdqWWZ.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\QEkaxXA.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\ZZQHRHz.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\yUWKwGN.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\uSVTtSz.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\Ymgnhik.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\XBYxoCT.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\ZFWJqII.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\NvdWkkS.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\crxePpZ.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\SAjviXG.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\qMohUCv.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\DjRpGpY.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\OsxixMn.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\ddwhIvu.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\LohWDeN.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\RYndngx.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\YqfsWBu.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\tXURcEj.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\zfDGiyZ.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\reuDZvM.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\DSfAFbN.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\kFAafIJ.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\umaesAm.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\wiXrZNh.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\QdXfWWY.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\XWgfAhK.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\tzszJOQ.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\GVWCQvv.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\FBBgfWj.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\BNapLDR.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\YVrgCqR.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\dWjcsWA.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\tLfrLmk.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\sFfWaTK.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\YMPsryr.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\IFXsMvR.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\HBkjTRu.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\lfZHRBL.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\YVcNQCQ.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\wqwMxEp.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\TsEwCpE.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\ILNepdX.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\fgMHjIe.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\ugHxkpb.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\PHKCBBB.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\xZcJJjH.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\hevROTz.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\vFCjURu.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\NCjRrjX.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\roEanCk.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
File created	C:\Windows\System\YUzDbOq.exe	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2340	dwm.exe
Token: SeChangeNotifyPrivilege	2340	dwm.exe
Token: 33	2340	dwm.exe
Token: SeIncBasePriorityPrivilege	2340	dwm.exe
Token: SeShutdownPrivilege	2340	dwm.exe
Token: SeCreatePagefilePrivilege	2340	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 4076	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	84
PID 3400 wrote to memory of 4076	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	84
PID 3400 wrote to memory of 220	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	85
PID 3400 wrote to memory of 220	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	85
PID 3400 wrote to memory of 2756	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	86
PID 3400 wrote to memory of 2756	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	86
PID 3400 wrote to memory of 3104	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	87
PID 3400 wrote to memory of 3104	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	87
PID 3400 wrote to memory of 4696	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	88
PID 3400 wrote to memory of 4696	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	88
PID 3400 wrote to memory of 3964	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	89
PID 3400 wrote to memory of 3964	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	89
PID 3400 wrote to memory of 3664	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	90
PID 3400 wrote to memory of 3664	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	90
PID 3400 wrote to memory of 1032	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	91
PID 3400 wrote to memory of 1032	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	91
PID 3400 wrote to memory of 4916	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	92
PID 3400 wrote to memory of 4916	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	92
PID 3400 wrote to memory of 1460	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	93
PID 3400 wrote to memory of 1460	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	93
PID 3400 wrote to memory of 1472	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	94
PID 3400 wrote to memory of 1472	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	94
PID 3400 wrote to memory of 2872	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	95
PID 3400 wrote to memory of 2872	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	95
PID 3400 wrote to memory of 4268	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	96
PID 3400 wrote to memory of 4268	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	96
PID 3400 wrote to memory of 3068	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	97
PID 3400 wrote to memory of 3068	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	97
PID 3400 wrote to memory of 2060	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	98
PID 3400 wrote to memory of 2060	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	98
PID 3400 wrote to memory of 4072	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	99
PID 3400 wrote to memory of 4072	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	99
PID 3400 wrote to memory of 1356	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	100
PID 3400 wrote to memory of 1356	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	100
PID 3400 wrote to memory of 4540	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	101
PID 3400 wrote to memory of 4540	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	101
PID 3400 wrote to memory of 3092	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	102
PID 3400 wrote to memory of 3092	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	102
PID 3400 wrote to memory of 540	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	103
PID 3400 wrote to memory of 540	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	103
PID 3400 wrote to memory of 5032	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	104
PID 3400 wrote to memory of 5032	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	104
PID 3400 wrote to memory of 5076	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	105
PID 3400 wrote to memory of 5076	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	105
PID 3400 wrote to memory of 760	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	106
PID 3400 wrote to memory of 760	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	106
PID 3400 wrote to memory of 3588	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	107
PID 3400 wrote to memory of 3588	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	107
PID 3400 wrote to memory of 2552	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	108
PID 3400 wrote to memory of 2552	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	108
PID 3400 wrote to memory of 3616	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	109
PID 3400 wrote to memory of 3616	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	109
PID 3400 wrote to memory of 1364	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	110
PID 3400 wrote to memory of 1364	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	110
PID 3400 wrote to memory of 5064	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	111
PID 3400 wrote to memory of 5064	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	111
PID 3400 wrote to memory of 3064	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	112
PID 3400 wrote to memory of 3064	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	112
PID 3400 wrote to memory of 1560	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	113
PID 3400 wrote to memory of 1560	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	113
PID 3400 wrote to memory of 1952	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	114
PID 3400 wrote to memory of 1952	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	114
PID 3400 wrote to memory of 2764	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	115
PID 3400 wrote to memory of 2764	3400	9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9574b7b8591b3765d89eb1212e74bd05d5dae6f293ae45639aa9c200377cf10f_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Windows\System\YsHFDXF.exe
  C:\Windows\System\YsHFDXF.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\GNVSibb.exe
  C:\Windows\System\GNVSibb.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\fAuBCzT.exe
  C:\Windows\System\fAuBCzT.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\NVuRegJ.exe
  C:\Windows\System\NVuRegJ.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\poqHypw.exe
  C:\Windows\System\poqHypw.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\LohWDeN.exe
  C:\Windows\System\LohWDeN.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\CkaGoNY.exe
  C:\Windows\System\CkaGoNY.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\LldjDoq.exe
  C:\Windows\System\LldjDoq.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\ImsLGgj.exe
  C:\Windows\System\ImsLGgj.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\DaCbBhJ.exe
  C:\Windows\System\DaCbBhJ.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\Rnokmwd.exe
  C:\Windows\System\Rnokmwd.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\kfPXOwK.exe
  C:\Windows\System\kfPXOwK.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\VuwPfpD.exe
  C:\Windows\System\VuwPfpD.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\TWqGasb.exe
  C:\Windows\System\TWqGasb.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\YiPXHnk.exe
  C:\Windows\System\YiPXHnk.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\OLscbYM.exe
  C:\Windows\System\OLscbYM.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\OVGpLJM.exe
  C:\Windows\System\OVGpLJM.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\agtjTgY.exe
  C:\Windows\System\agtjTgY.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\DhOdhQr.exe
  C:\Windows\System\DhOdhQr.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\kYUgtee.exe
  C:\Windows\System\kYUgtee.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\MtPNujs.exe
  C:\Windows\System\MtPNujs.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\KitgjHt.exe
  C:\Windows\System\KitgjHt.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\nxuggaW.exe
  C:\Windows\System\nxuggaW.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\sFfWaTK.exe
  C:\Windows\System\sFfWaTK.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\TQhOiOh.exe
  C:\Windows\System\TQhOiOh.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\aVUvxXv.exe
  C:\Windows\System\aVUvxXv.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\ZdeZzzP.exe
  C:\Windows\System\ZdeZzzP.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\kakSCks.exe
  C:\Windows\System\kakSCks.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\FzzduUE.exe
  C:\Windows\System\FzzduUE.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\OIZkATP.exe
  C:\Windows\System\OIZkATP.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\phNrgLu.exe
  C:\Windows\System\phNrgLu.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\oRrMUxc.exe
  C:\Windows\System\oRrMUxc.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\zfDGiyZ.exe
  C:\Windows\System\zfDGiyZ.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\MavsMNt.exe
  C:\Windows\System\MavsMNt.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\YCPVtcr.exe
  C:\Windows\System\YCPVtcr.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\SMjCGhM.exe
  C:\Windows\System\SMjCGhM.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\vbDPgct.exe
  C:\Windows\System\vbDPgct.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\vFCjURu.exe
  C:\Windows\System\vFCjURu.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\erclDbC.exe
  C:\Windows\System\erclDbC.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\tOhiOeq.exe
  C:\Windows\System\tOhiOeq.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\KJCopdo.exe
  C:\Windows\System\KJCopdo.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\pGYgFOD.exe
  C:\Windows\System\pGYgFOD.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\kHfCGAy.exe
  C:\Windows\System\kHfCGAy.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\yDUFjLa.exe
  C:\Windows\System\yDUFjLa.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\cfgpQjK.exe
  C:\Windows\System\cfgpQjK.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\CMVdtrg.exe
  C:\Windows\System\CMVdtrg.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\NXiUXWV.exe
  C:\Windows\System\NXiUXWV.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\XsSmXNJ.exe
  C:\Windows\System\XsSmXNJ.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\ZeXKgGl.exe
  C:\Windows\System\ZeXKgGl.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\psLOzRm.exe
  C:\Windows\System\psLOzRm.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\hOBgngQ.exe
  C:\Windows\System\hOBgngQ.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\eXYhDCf.exe
  C:\Windows\System\eXYhDCf.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\qLwdmxE.exe
  C:\Windows\System\qLwdmxE.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\dhflYpy.exe
  C:\Windows\System\dhflYpy.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\Xxyantd.exe
  C:\Windows\System\Xxyantd.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\qowrTDB.exe
  C:\Windows\System\qowrTDB.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\nuiAvyh.exe
  C:\Windows\System\nuiAvyh.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\TMlrZnv.exe
  C:\Windows\System\TMlrZnv.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\DsLFfiB.exe
  C:\Windows\System\DsLFfiB.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\kIUFeSL.exe
  C:\Windows\System\kIUFeSL.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\sfchlAg.exe
  C:\Windows\System\sfchlAg.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\AfVCQnM.exe
  C:\Windows\System\AfVCQnM.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\NEJMhxr.exe
  C:\Windows\System\NEJMhxr.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\ZiKSWGN.exe
  C:\Windows\System\ZiKSWGN.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\CHSbgak.exe
  C:\Windows\System\CHSbgak.exe
  2⤵
  PID:2804
- C:\Windows\System\xRbHqms.exe
  C:\Windows\System\xRbHqms.exe
  2⤵
  PID:4432
- C:\Windows\System\ONLHdHD.exe
  C:\Windows\System\ONLHdHD.exe
  2⤵
  PID:3716
- C:\Windows\System\DlxbbDl.exe
  C:\Windows\System\DlxbbDl.exe
  2⤵
  PID:1572
- C:\Windows\System\SienqYx.exe
  C:\Windows\System\SienqYx.exe
  2⤵
  PID:2848
- C:\Windows\System\neaIKeh.exe
  C:\Windows\System\neaIKeh.exe
  2⤵
  PID:4500
- C:\Windows\System\lSpobnd.exe
  C:\Windows\System\lSpobnd.exe
  2⤵
  PID:4132
- C:\Windows\System\jDaFvbI.exe
  C:\Windows\System\jDaFvbI.exe
  2⤵
  PID:5140
- C:\Windows\System\xrZzuaU.exe
  C:\Windows\System\xrZzuaU.exe
  2⤵
  PID:5172
- C:\Windows\System\JJRnOKD.exe
  C:\Windows\System\JJRnOKD.exe
  2⤵
  PID:5200
- C:\Windows\System\TLPHpcC.exe
  C:\Windows\System\TLPHpcC.exe
  2⤵
  PID:5232
- C:\Windows\System\XvzYOSP.exe
  C:\Windows\System\XvzYOSP.exe
  2⤵
  PID:5260
- C:\Windows\System\heDkWze.exe
  C:\Windows\System\heDkWze.exe
  2⤵
  PID:5284
- C:\Windows\System\EZkeDqn.exe
  C:\Windows\System\EZkeDqn.exe
  2⤵
  PID:5312
- C:\Windows\System\LQqFDJN.exe
  C:\Windows\System\LQqFDJN.exe
  2⤵
  PID:5336
- C:\Windows\System\XLcqtFo.exe
  C:\Windows\System\XLcqtFo.exe
  2⤵
  PID:5364
- C:\Windows\System\VulpYnS.exe
  C:\Windows\System\VulpYnS.exe
  2⤵
  PID:5392
- C:\Windows\System\AgWyirX.exe
  C:\Windows\System\AgWyirX.exe
  2⤵
  PID:5420
- C:\Windows\System\PXtLIBT.exe
  C:\Windows\System\PXtLIBT.exe
  2⤵
  PID:5448
- C:\Windows\System\tJdJoho.exe
  C:\Windows\System\tJdJoho.exe
  2⤵
  PID:5476
- C:\Windows\System\vgZjrwK.exe
  C:\Windows\System\vgZjrwK.exe
  2⤵
  PID:5504
- C:\Windows\System\avahVCI.exe
  C:\Windows\System\avahVCI.exe
  2⤵
  PID:5532
- C:\Windows\System\MnXpKEg.exe
  C:\Windows\System\MnXpKEg.exe
  2⤵
  PID:5560
- C:\Windows\System\nCQCQCN.exe
  C:\Windows\System\nCQCQCN.exe
  2⤵
  PID:5588
- C:\Windows\System\dtnlSrm.exe
  C:\Windows\System\dtnlSrm.exe
  2⤵
  PID:5616
- C:\Windows\System\UTTfZNL.exe
  C:\Windows\System\UTTfZNL.exe
  2⤵
  PID:5644
- C:\Windows\System\rGwfxkG.exe
  C:\Windows\System\rGwfxkG.exe
  2⤵
  PID:5672
- C:\Windows\System\QFdiOWx.exe
  C:\Windows\System\QFdiOWx.exe
  2⤵
  PID:5700
- C:\Windows\System\smxIadi.exe
  C:\Windows\System\smxIadi.exe
  2⤵
  PID:5728
- C:\Windows\System\geUmJgL.exe
  C:\Windows\System\geUmJgL.exe
  2⤵
  PID:5756
- C:\Windows\System\JVZeHYW.exe
  C:\Windows\System\JVZeHYW.exe
  2⤵
  PID:5784
- C:\Windows\System\XHSLDtZ.exe
  C:\Windows\System\XHSLDtZ.exe
  2⤵
  PID:5812
- C:\Windows\System\VtBGTZl.exe
  C:\Windows\System\VtBGTZl.exe
  2⤵
  PID:5840
- C:\Windows\System\DSdQmac.exe
  C:\Windows\System\DSdQmac.exe
  2⤵
  PID:5868
- C:\Windows\System\DjRpGpY.exe
  C:\Windows\System\DjRpGpY.exe
  2⤵
  PID:5896
- C:\Windows\System\LvdNLXB.exe
  C:\Windows\System\LvdNLXB.exe
  2⤵
  PID:5924
- C:\Windows\System\bydsTdx.exe
  C:\Windows\System\bydsTdx.exe
  2⤵
  PID:5952
- C:\Windows\System\Symbzhq.exe
  C:\Windows\System\Symbzhq.exe
  2⤵
  PID:5980
- C:\Windows\System\yWkWUrS.exe
  C:\Windows\System\yWkWUrS.exe
  2⤵
  PID:6008
- C:\Windows\System\xwzPkKl.exe
  C:\Windows\System\xwzPkKl.exe
  2⤵
  PID:6036
- C:\Windows\System\IzJEXRL.exe
  C:\Windows\System\IzJEXRL.exe
  2⤵
  PID:6064
- C:\Windows\System\BaFplat.exe
  C:\Windows\System\BaFplat.exe
  2⤵
  PID:6092
- C:\Windows\System\MNkRgqN.exe
  C:\Windows\System\MNkRgqN.exe
  2⤵
  PID:6120
- C:\Windows\System\bIKOhPN.exe
  C:\Windows\System\bIKOhPN.exe
  2⤵
  PID:1836
- C:\Windows\System\HHwUwlD.exe
  C:\Windows\System\HHwUwlD.exe
  2⤵
  PID:3520
- C:\Windows\System\jUYAwHq.exe
  C:\Windows\System\jUYAwHq.exe
  2⤵
  PID:3128
- C:\Windows\System\fgMHjIe.exe
  C:\Windows\System\fgMHjIe.exe
  2⤵
  PID:4376
- C:\Windows\System\eRxQZFI.exe
  C:\Windows\System\eRxQZFI.exe
  2⤵
  PID:4392
- C:\Windows\System\DaqbEEU.exe
  C:\Windows\System\DaqbEEU.exe
  2⤵
  PID:4984
- C:\Windows\System\TIdAzZf.exe
  C:\Windows\System\TIdAzZf.exe
  2⤵
  PID:5128
- C:\Windows\System\lLBcHbB.exe
  C:\Windows\System\lLBcHbB.exe
  2⤵
  PID:5188
- C:\Windows\System\lWJklJV.exe
  C:\Windows\System\lWJklJV.exe
  2⤵
  PID:5252
- C:\Windows\System\okprVBR.exe
  C:\Windows\System\okprVBR.exe
  2⤵
  PID:5324
- C:\Windows\System\lkUPWod.exe
  C:\Windows\System\lkUPWod.exe
  2⤵
  PID:5384
- C:\Windows\System\NjgCMpe.exe
  C:\Windows\System\NjgCMpe.exe
  2⤵
  PID:5444
- C:\Windows\System\JpxuuHy.exe
  C:\Windows\System\JpxuuHy.exe
  2⤵
  PID:5520
- C:\Windows\System\qkrOmZg.exe
  C:\Windows\System\qkrOmZg.exe
  2⤵
  PID:5580
- C:\Windows\System\XwPTIVL.exe
  C:\Windows\System\XwPTIVL.exe
  2⤵
  PID:5640
- C:\Windows\System\bnxrIxY.exe
  C:\Windows\System\bnxrIxY.exe
  2⤵
  PID:5716
- C:\Windows\System\ugHxkpb.exe
  C:\Windows\System\ugHxkpb.exe
  2⤵
  PID:5776
- C:\Windows\System\TeTemSi.exe
  C:\Windows\System\TeTemSi.exe
  2⤵
  PID:5836
- C:\Windows\System\HWbfraH.exe
  C:\Windows\System\HWbfraH.exe
  2⤵
  PID:5912
- C:\Windows\System\QPpAoyc.exe
  C:\Windows\System\QPpAoyc.exe
  2⤵
  PID:5972
- C:\Windows\System\dtDNANl.exe
  C:\Windows\System\dtDNANl.exe
  2⤵
  PID:6032
- C:\Windows\System\PEUIZNY.exe
  C:\Windows\System\PEUIZNY.exe
  2⤵
  PID:6108
- C:\Windows\System\wSlBNzA.exe
  C:\Windows\System\wSlBNzA.exe
  2⤵
  PID:5096
- C:\Windows\System\NuGNvlW.exe
  C:\Windows\System\NuGNvlW.exe
  2⤵
  PID:4444
- C:\Windows\System\DzyYghL.exe
  C:\Windows\System\DzyYghL.exe
  2⤵
  PID:2228
- C:\Windows\System\cXSYkMQ.exe
  C:\Windows\System\cXSYkMQ.exe
  2⤵
  PID:5184
- C:\Windows\System\dCSmKaJ.exe
  C:\Windows\System\dCSmKaJ.exe
  2⤵
  PID:5356
- C:\Windows\System\GWbwKBY.exe
  C:\Windows\System\GWbwKBY.exe
  2⤵
  PID:5496
- C:\Windows\System\XVkAWAw.exe
  C:\Windows\System\XVkAWAw.exe
  2⤵
  PID:6168
- C:\Windows\System\nidyDbF.exe
  C:\Windows\System\nidyDbF.exe
  2⤵
  PID:6196
- C:\Windows\System\LTpReew.exe
  C:\Windows\System\LTpReew.exe
  2⤵
  PID:6224
- C:\Windows\System\dsyLvuR.exe
  C:\Windows\System\dsyLvuR.exe
  2⤵
  PID:6252
- C:\Windows\System\lsXEuMZ.exe
  C:\Windows\System\lsXEuMZ.exe
  2⤵
  PID:6280
- C:\Windows\System\MqwVXCJ.exe
  C:\Windows\System\MqwVXCJ.exe
  2⤵
  PID:6308
- C:\Windows\System\nCBoMzo.exe
  C:\Windows\System\nCBoMzo.exe
  2⤵
  PID:6336
- C:\Windows\System\YzEdHDs.exe
  C:\Windows\System\YzEdHDs.exe
  2⤵
  PID:6364
- C:\Windows\System\MuVQeAz.exe
  C:\Windows\System\MuVQeAz.exe
  2⤵
  PID:6392
- C:\Windows\System\mKoUMBq.exe
  C:\Windows\System\mKoUMBq.exe
  2⤵
  PID:6416
- C:\Windows\System\KrcpSXx.exe
  C:\Windows\System\KrcpSXx.exe
  2⤵
  PID:6448
- C:\Windows\System\zctRpdC.exe
  C:\Windows\System\zctRpdC.exe
  2⤵
  PID:6480
- C:\Windows\System\XDGeucC.exe
  C:\Windows\System\XDGeucC.exe
  2⤵
  PID:6504
- C:\Windows\System\TAwBVWO.exe
  C:\Windows\System\TAwBVWO.exe
  2⤵
  PID:6532
- C:\Windows\System\JBPwbBb.exe
  C:\Windows\System\JBPwbBb.exe
  2⤵
  PID:6560
- C:\Windows\System\iFmIFBb.exe
  C:\Windows\System\iFmIFBb.exe
  2⤵
  PID:6588
- C:\Windows\System\uSVTtSz.exe
  C:\Windows\System\uSVTtSz.exe
  2⤵
  PID:6616
- C:\Windows\System\lHZWDcf.exe
  C:\Windows\System\lHZWDcf.exe
  2⤵
  PID:6644
- C:\Windows\System\HiQUrNf.exe
  C:\Windows\System\HiQUrNf.exe
  2⤵
  PID:6672
- C:\Windows\System\CasKlCo.exe
  C:\Windows\System\CasKlCo.exe
  2⤵
  PID:6700
- C:\Windows\System\PCGVVoQ.exe
  C:\Windows\System\PCGVVoQ.exe
  2⤵
  PID:6728
- C:\Windows\System\ahBzlXe.exe
  C:\Windows\System\ahBzlXe.exe
  2⤵
  PID:6756
- C:\Windows\System\NfvXndU.exe
  C:\Windows\System\NfvXndU.exe
  2⤵
  PID:6784
- C:\Windows\System\azQoqdA.exe
  C:\Windows\System\azQoqdA.exe
  2⤵
  PID:6812
- C:\Windows\System\hgpqFCU.exe
  C:\Windows\System\hgpqFCU.exe
  2⤵
  PID:6840
- C:\Windows\System\UBXstLu.exe
  C:\Windows\System\UBXstLu.exe
  2⤵
  PID:6868
- C:\Windows\System\abMjlXa.exe
  C:\Windows\System\abMjlXa.exe
  2⤵
  PID:6896
- C:\Windows\System\WLpCcjR.exe
  C:\Windows\System\WLpCcjR.exe
  2⤵
  PID:6924
- C:\Windows\System\uMXfExr.exe
  C:\Windows\System\uMXfExr.exe
  2⤵
  PID:6952
- C:\Windows\System\rZURcEY.exe
  C:\Windows\System\rZURcEY.exe
  2⤵
  PID:6980
- C:\Windows\System\LMKpCJu.exe
  C:\Windows\System\LMKpCJu.exe
  2⤵
  PID:7008
- C:\Windows\System\IasGZHM.exe
  C:\Windows\System\IasGZHM.exe
  2⤵
  PID:7040
- C:\Windows\System\JRSsPUz.exe
  C:\Windows\System\JRSsPUz.exe
  2⤵
  PID:7064
- C:\Windows\System\bHWGqMP.exe
  C:\Windows\System\bHWGqMP.exe
  2⤵
  PID:7092
- C:\Windows\System\xrUTchh.exe
  C:\Windows\System\xrUTchh.exe
  2⤵
  PID:7124
- C:\Windows\System\MjGdJXk.exe
  C:\Windows\System\MjGdJXk.exe
  2⤵
  PID:7148
- C:\Windows\System\VGGdDmC.exe
  C:\Windows\System\VGGdDmC.exe
  2⤵
  PID:5576
- C:\Windows\System\rjRLCOb.exe
  C:\Windows\System\rjRLCOb.exe
  2⤵
  PID:5748
- C:\Windows\System\nCbVcRB.exe
  C:\Windows\System\nCbVcRB.exe
  2⤵
  PID:5892
- C:\Windows\System\PKmJLaF.exe
  C:\Windows\System\PKmJLaF.exe
  2⤵
  PID:6028
- C:\Windows\System\oTMPJLv.exe
  C:\Windows\System\oTMPJLv.exe
  2⤵
  PID:2444
- C:\Windows\System\LQQLoSA.exe
  C:\Windows\System\LQQLoSA.exe
  2⤵
  PID:5160
- C:\Windows\System\hXTWkey.exe
  C:\Windows\System\hXTWkey.exe
  2⤵
  PID:5492
- C:\Windows\System\mtldtnC.exe
  C:\Windows\System\mtldtnC.exe
  2⤵
  PID:6212
- C:\Windows\System\OTMmbQY.exe
  C:\Windows\System\OTMmbQY.exe
  2⤵
  PID:6272
- C:\Windows\System\BNapLDR.exe
  C:\Windows\System\BNapLDR.exe
  2⤵
  PID:6332
- C:\Windows\System\apwPlGZ.exe
  C:\Windows\System\apwPlGZ.exe
  2⤵
  PID:6404
- C:\Windows\System\onRophk.exe
  C:\Windows\System\onRophk.exe
  2⤵
  PID:6492
- C:\Windows\System\AFbdsAZ.exe
  C:\Windows\System\AFbdsAZ.exe
  2⤵
  PID:6548
- C:\Windows\System\PnGqUkY.exe
  C:\Windows\System\PnGqUkY.exe
  2⤵
  PID:6608
- C:\Windows\System\fAicVvb.exe
  C:\Windows\System\fAicVvb.exe
  2⤵
  PID:4888
- C:\Windows\System\vZnqryx.exe
  C:\Windows\System\vZnqryx.exe
  2⤵
  PID:6716
- C:\Windows\System\uKiCylg.exe
  C:\Windows\System\uKiCylg.exe
  2⤵
  PID:6776
- C:\Windows\System\doDPatY.exe
  C:\Windows\System\doDPatY.exe
  2⤵
  PID:6856
- C:\Windows\System\VbbnvxG.exe
  C:\Windows\System\VbbnvxG.exe
  2⤵
  PID:6916
- C:\Windows\System\YUzDbOq.exe
  C:\Windows\System\YUzDbOq.exe
  2⤵
  PID:6976
- C:\Windows\System\ywtApxY.exe
  C:\Windows\System\ywtApxY.exe
  2⤵
  PID:7052
- C:\Windows\System\tLdgyDB.exe
  C:\Windows\System\tLdgyDB.exe
  2⤵
  PID:7088
- C:\Windows\System\bxZvSyo.exe
  C:\Windows\System\bxZvSyo.exe
  2⤵
  PID:7164
- C:\Windows\System\JaOAegs.exe
  C:\Windows\System\JaOAegs.exe
  2⤵
  PID:5832
- C:\Windows\System\BjLXKWB.exe
  C:\Windows\System\BjLXKWB.exe
  2⤵
  PID:4992
- C:\Windows\System\qMohUCv.exe
  C:\Windows\System\qMohUCv.exe
  2⤵
  PID:5440
- C:\Windows\System\BUNmtlq.exe
  C:\Windows\System\BUNmtlq.exe
  2⤵
  PID:6324
- C:\Windows\System\tzszJOQ.exe
  C:\Windows\System\tzszJOQ.exe
  2⤵
  PID:6444
- C:\Windows\System\PKYHHrQ.exe
  C:\Windows\System\PKYHHrQ.exe
  2⤵
  PID:6580
- C:\Windows\System\oecPIjM.exe
  C:\Windows\System\oecPIjM.exe
  2⤵
  PID:6692
- C:\Windows\System\WdOnnzM.exe
  C:\Windows\System\WdOnnzM.exe
  2⤵
  PID:6828
- C:\Windows\System\fAzrjFz.exe
  C:\Windows\System\fAzrjFz.exe
  2⤵
  PID:7176
- C:\Windows\System\gIFKCtQ.exe
  C:\Windows\System\gIFKCtQ.exe
  2⤵
  PID:7204
- C:\Windows\System\QyxLafr.exe
  C:\Windows\System\QyxLafr.exe
  2⤵
  PID:7232
- C:\Windows\System\koeIqfm.exe
  C:\Windows\System\koeIqfm.exe
  2⤵
  PID:7264
- C:\Windows\System\nMJXDdD.exe
  C:\Windows\System\nMJXDdD.exe
  2⤵
  PID:7288
- C:\Windows\System\wiXrZNh.exe
  C:\Windows\System\wiXrZNh.exe
  2⤵
  PID:7316
- C:\Windows\System\ZPqVgma.exe
  C:\Windows\System\ZPqVgma.exe
  2⤵
  PID:7344
- C:\Windows\System\AqPaMNu.exe
  C:\Windows\System\AqPaMNu.exe
  2⤵
  PID:7376
- C:\Windows\System\cJyQsxY.exe
  C:\Windows\System\cJyQsxY.exe
  2⤵
  PID:7400
- C:\Windows\System\MjhVUru.exe
  C:\Windows\System\MjhVUru.exe
  2⤵
  PID:7428
- C:\Windows\System\nmEzqjJ.exe
  C:\Windows\System\nmEzqjJ.exe
  2⤵
  PID:7456
- C:\Windows\System\RpnxGHY.exe
  C:\Windows\System\RpnxGHY.exe
  2⤵
  PID:7484
- C:\Windows\System\HWVOwPX.exe
  C:\Windows\System\HWVOwPX.exe
  2⤵
  PID:7516
- C:\Windows\System\tDwRvIZ.exe
  C:\Windows\System\tDwRvIZ.exe
  2⤵
  PID:7540
- C:\Windows\System\LvmKHNi.exe
  C:\Windows\System\LvmKHNi.exe
  2⤵
  PID:7568
- C:\Windows\System\dAdxrbe.exe
  C:\Windows\System\dAdxrbe.exe
  2⤵
  PID:7596
- C:\Windows\System\UOBZfut.exe
  C:\Windows\System\UOBZfut.exe
  2⤵
  PID:7624
- C:\Windows\System\wAWaWNX.exe
  C:\Windows\System\wAWaWNX.exe
  2⤵
  PID:7652
- C:\Windows\System\dgCHOop.exe
  C:\Windows\System\dgCHOop.exe
  2⤵
  PID:7680
- C:\Windows\System\HYVOIFq.exe
  C:\Windows\System\HYVOIFq.exe
  2⤵
  PID:7708
- C:\Windows\System\mDyImKC.exe
  C:\Windows\System\mDyImKC.exe
  2⤵
  PID:7740
- C:\Windows\System\ctRuANv.exe
  C:\Windows\System\ctRuANv.exe
  2⤵
  PID:7764
- C:\Windows\System\imbButX.exe
  C:\Windows\System\imbButX.exe
  2⤵
  PID:7792
- C:\Windows\System\VyQwnvL.exe
  C:\Windows\System\VyQwnvL.exe
  2⤵
  PID:7824
- C:\Windows\System\WLpntUY.exe
  C:\Windows\System\WLpntUY.exe
  2⤵
  PID:7852
- C:\Windows\System\LSHoZSu.exe
  C:\Windows\System\LSHoZSu.exe
  2⤵
  PID:7876
- C:\Windows\System\ucpuXBa.exe
  C:\Windows\System\ucpuXBa.exe
  2⤵
  PID:7904
- C:\Windows\System\WplfaYF.exe
  C:\Windows\System\WplfaYF.exe
  2⤵
  PID:7932
- C:\Windows\System\AIPcWmu.exe
  C:\Windows\System\AIPcWmu.exe
  2⤵
  PID:7960
- C:\Windows\System\pHmqtHc.exe
  C:\Windows\System\pHmqtHc.exe
  2⤵
  PID:7988
- C:\Windows\System\FIfCoOA.exe
  C:\Windows\System\FIfCoOA.exe
  2⤵
  PID:8016
- C:\Windows\System\qDQpQJp.exe
  C:\Windows\System\qDQpQJp.exe
  2⤵
  PID:8048
- C:\Windows\System\kRteoRO.exe
  C:\Windows\System\kRteoRO.exe
  2⤵
  PID:8072
- C:\Windows\System\OWSPhNQ.exe
  C:\Windows\System\OWSPhNQ.exe
  2⤵
  PID:8100
- C:\Windows\System\LvknPHn.exe
  C:\Windows\System\LvknPHn.exe
  2⤵
  PID:8128
- C:\Windows\System\JlBhIoh.exe
  C:\Windows\System\JlBhIoh.exe
  2⤵
  PID:8156
- C:\Windows\System\dGfVbgl.exe
  C:\Windows\System\dGfVbgl.exe
  2⤵
  PID:8184
- C:\Windows\System\PLtKLis.exe
  C:\Windows\System\PLtKLis.exe
  2⤵
  PID:7080
- C:\Windows\System\dsFugnR.exe
  C:\Windows\System\dsFugnR.exe
  2⤵
  PID:5696
- C:\Windows\System\vVblcxx.exe
  C:\Windows\System\vVblcxx.exe
  2⤵
  PID:6244
- C:\Windows\System\GSHDNwR.exe
  C:\Windows\System\GSHDNwR.exe
  2⤵
  PID:7248
- C:\Windows\System\WizOFmk.exe
  C:\Windows\System\WizOFmk.exe
  2⤵
  PID:972
- C:\Windows\System\bKRMHSr.exe
  C:\Windows\System\bKRMHSr.exe
  2⤵
  PID:7332
- C:\Windows\System\qoMarMb.exe
  C:\Windows\System\qoMarMb.exe
  2⤵
  PID:7364
- C:\Windows\System\mkKxKsO.exe
  C:\Windows\System\mkKxKsO.exe
  2⤵
  PID:7480
- C:\Windows\System\vuvhvXR.exe
  C:\Windows\System\vuvhvXR.exe
  2⤵
  PID:4032
- C:\Windows\System\uwYCrqK.exe
  C:\Windows\System\uwYCrqK.exe
  2⤵
  PID:7612
- C:\Windows\System\AomysMp.exe
  C:\Windows\System\AomysMp.exe
  2⤵
  PID:7644
- C:\Windows\System\binKgRO.exe
  C:\Windows\System\binKgRO.exe
  2⤵
  PID:7704
- C:\Windows\System\wJkjUQi.exe
  C:\Windows\System\wJkjUQi.exe
  2⤵
  PID:7756
- C:\Windows\System\wzVVkiF.exe
  C:\Windows\System\wzVVkiF.exe
  2⤵
  PID:7788
- C:\Windows\System\NCjRrjX.exe
  C:\Windows\System\NCjRrjX.exe
  2⤵
  PID:7836
- C:\Windows\System\DyxJOnV.exe
  C:\Windows\System\DyxJOnV.exe
  2⤵
  PID:2976
- C:\Windows\System\DfMpjzi.exe
  C:\Windows\System\DfMpjzi.exe
  2⤵
  PID:4720
- C:\Windows\System\CnZrQVU.exe
  C:\Windows\System\CnZrQVU.exe
  2⤵
  PID:4612
- C:\Windows\System\yxiWxOG.exe
  C:\Windows\System\yxiWxOG.exe
  2⤵
  PID:8004
- C:\Windows\System\wyvAwdp.exe
  C:\Windows\System\wyvAwdp.exe
  2⤵
  PID:8036
- C:\Windows\System\RYndngx.exe
  C:\Windows\System\RYndngx.exe
  2⤵
  PID:8064
- C:\Windows\System\YVrgCqR.exe
  C:\Windows\System\YVrgCqR.exe
  2⤵
  PID:8096
- C:\Windows\System\HDokxEp.exe
  C:\Windows\System\HDokxEp.exe
  2⤵
  PID:3496
- C:\Windows\System\eNUdcfd.exe
  C:\Windows\System\eNUdcfd.exe
  2⤵
  PID:4116
- C:\Windows\System\fTIbunb.exe
  C:\Windows\System\fTIbunb.exe
  2⤵
  PID:7144
- C:\Windows\System\DwCfIkz.exe
  C:\Windows\System\DwCfIkz.exe
  2⤵
  PID:6808
- C:\Windows\System\ZHYVjer.exe
  C:\Windows\System\ZHYVjer.exe
  2⤵
  PID:4956
- C:\Windows\System\irBEIOF.exe
  C:\Windows\System\irBEIOF.exe
  2⤵
  PID:2096
- C:\Windows\System\GIOPGyl.exe
  C:\Windows\System\GIOPGyl.exe
  2⤵
  PID:1940
- C:\Windows\System\YVcNQCQ.exe
  C:\Windows\System\YVcNQCQ.exe
  2⤵
  PID:7312
- C:\Windows\System\PcxswnN.exe
  C:\Windows\System\PcxswnN.exe
  2⤵
  PID:7448
- C:\Windows\System\lXihEGQ.exe
  C:\Windows\System\lXihEGQ.exe
  2⤵
  PID:7556
- C:\Windows\System\lkSiqLB.exe
  C:\Windows\System\lkSiqLB.exe
  2⤵
  PID:7172
- C:\Windows\System\ytLlZTM.exe
  C:\Windows\System\ytLlZTM.exe
  2⤵
  PID:7928
- C:\Windows\System\SAXTtNv.exe
  C:\Windows\System\SAXTtNv.exe
  2⤵
  PID:1288
- C:\Windows\System\wqwMxEp.exe
  C:\Windows\System\wqwMxEp.exe
  2⤵
  PID:7140
- C:\Windows\System\uNcfCdD.exe
  C:\Windows\System\uNcfCdD.exe
  2⤵
  PID:1236
- C:\Windows\System\bVhWVFo.exe
  C:\Windows\System\bVhWVFo.exe
  2⤵
  PID:7004
- C:\Windows\System\kGGyQRC.exe
  C:\Windows\System\kGGyQRC.exe
  2⤵
  PID:3428
- C:\Windows\System\akrDzEt.exe
  C:\Windows\System\akrDzEt.exe
  2⤵
  PID:7308
- C:\Windows\System\IeQbwQl.exe
  C:\Windows\System\IeQbwQl.exe
  2⤵
  PID:7476
- C:\Windows\System\vYmxEly.exe
  C:\Windows\System\vYmxEly.exe
  2⤵
  PID:2336
- C:\Windows\System\kGwbRuY.exe
  C:\Windows\System\kGwbRuY.exe
  2⤵
  PID:7676
- C:\Windows\System\SlUNzjx.exe
  C:\Windows\System\SlUNzjx.exe
  2⤵
  PID:8180
- C:\Windows\System\LEOSyyI.exe
  C:\Windows\System\LEOSyyI.exe
  2⤵
  PID:1228
- C:\Windows\System\Ymgnhik.exe
  C:\Windows\System\Ymgnhik.exe
  2⤵
  PID:8092
- C:\Windows\System\MMPoyhN.exe
  C:\Windows\System\MMPoyhN.exe
  2⤵
  PID:3636
- C:\Windows\System\AsHjlaK.exe
  C:\Windows\System\AsHjlaK.exe
  2⤵
  PID:3644
- C:\Windows\System\PeLLeGx.exe
  C:\Windows\System\PeLLeGx.exe
  2⤵
  PID:8120
- C:\Windows\System\ahbxIzW.exe
  C:\Windows\System\ahbxIzW.exe
  2⤵
  PID:7588
- C:\Windows\System\FGyZkIj.exe
  C:\Windows\System\FGyZkIj.exe
  2⤵
  PID:4964
- C:\Windows\System\tbTVcFT.exe
  C:\Windows\System\tbTVcFT.exe
  2⤵
  PID:8204
- C:\Windows\System\ObivPvO.exe
  C:\Windows\System\ObivPvO.exe
  2⤵
  PID:8256
- C:\Windows\System\GXChdwb.exe
  C:\Windows\System\GXChdwb.exe
  2⤵
  PID:8284
- C:\Windows\System\reuDZvM.exe
  C:\Windows\System\reuDZvM.exe
  2⤵
  PID:8320
- C:\Windows\System\OfwdrpK.exe
  C:\Windows\System\OfwdrpK.exe
  2⤵
  PID:8352
- C:\Windows\System\lLfsCQx.exe
  C:\Windows\System\lLfsCQx.exe
  2⤵
  PID:8368
- C:\Windows\System\dXrFnsq.exe
  C:\Windows\System\dXrFnsq.exe
  2⤵
  PID:8396
- C:\Windows\System\GyxEPmY.exe
  C:\Windows\System\GyxEPmY.exe
  2⤵
  PID:8428
- C:\Windows\System\YeSbNBj.exe
  C:\Windows\System\YeSbNBj.exe
  2⤵
  PID:8468
- C:\Windows\System\YnRrfMv.exe
  C:\Windows\System\YnRrfMv.exe
  2⤵
  PID:8492
- C:\Windows\System\DSfAFbN.exe
  C:\Windows\System\DSfAFbN.exe
  2⤵
  PID:8512
- C:\Windows\System\qGCgDmb.exe
  C:\Windows\System\qGCgDmb.exe
  2⤵
  PID:8552
- C:\Windows\System\mcPrgxG.exe
  C:\Windows\System\mcPrgxG.exe
  2⤵
  PID:8580
- C:\Windows\System\CsjxzPd.exe
  C:\Windows\System\CsjxzPd.exe
  2⤵
  PID:8608
- C:\Windows\System\pSanVcz.exe
  C:\Windows\System\pSanVcz.exe
  2⤵
  PID:8632
- C:\Windows\System\KPLQlqT.exe
  C:\Windows\System\KPLQlqT.exe
  2⤵
  PID:8672
- C:\Windows\System\HOOxMgg.exe
  C:\Windows\System\HOOxMgg.exe
  2⤵
  PID:8692
- C:\Windows\System\cDGpkYG.exe
  C:\Windows\System\cDGpkYG.exe
  2⤵
  PID:8716
- C:\Windows\System\ZWwzkzF.exe
  C:\Windows\System\ZWwzkzF.exe
  2⤵
  PID:8732
- C:\Windows\System\AYSYuCl.exe
  C:\Windows\System\AYSYuCl.exe
  2⤵
  PID:8760
- C:\Windows\System\mLVVQXu.exe
  C:\Windows\System\mLVVQXu.exe
  2⤵
  PID:8792
- C:\Windows\System\TJvWZjX.exe
  C:\Windows\System\TJvWZjX.exe
  2⤵
  PID:8828
- C:\Windows\System\vOqHmYM.exe
  C:\Windows\System\vOqHmYM.exe
  2⤵
  PID:8856
- C:\Windows\System\pQXoByf.exe
  C:\Windows\System\pQXoByf.exe
  2⤵
  PID:8884
- C:\Windows\System\QPszkFK.exe
  C:\Windows\System\QPszkFK.exe
  2⤵
  PID:8944
- C:\Windows\System\QOJSKTp.exe
  C:\Windows\System\QOJSKTp.exe
  2⤵
  PID:8976
- C:\Windows\System\fljUkxm.exe
  C:\Windows\System\fljUkxm.exe
  2⤵
  PID:9004
- C:\Windows\System\iyhXidx.exe
  C:\Windows\System\iyhXidx.exe
  2⤵
  PID:9032
- C:\Windows\System\EKdKavG.exe
  C:\Windows\System\EKdKavG.exe
  2⤵
  PID:9060
- C:\Windows\System\oSkVoWX.exe
  C:\Windows\System\oSkVoWX.exe
  2⤵
  PID:9088
- C:\Windows\System\ZZQHRHz.exe
  C:\Windows\System\ZZQHRHz.exe
  2⤵
  PID:9104
- C:\Windows\System\isIJCYw.exe
  C:\Windows\System\isIJCYw.exe
  2⤵
  PID:9136
- C:\Windows\System\YeZsMQO.exe
  C:\Windows\System\YeZsMQO.exe
  2⤵
  PID:9160
- C:\Windows\System\PHKCBBB.exe
  C:\Windows\System\PHKCBBB.exe
  2⤵
  PID:9200
- C:\Windows\System\KhParTN.exe
  C:\Windows\System\KhParTN.exe
  2⤵
  PID:8196
- C:\Windows\System\vAdyArF.exe
  C:\Windows\System\vAdyArF.exe
  2⤵
  PID:8268
- C:\Windows\System\pSEdXEA.exe
  C:\Windows\System\pSEdXEA.exe
  2⤵
  PID:8364
- C:\Windows\System\HQykUBt.exe
  C:\Windows\System\HQykUBt.exe
  2⤵
  PID:8412
- C:\Windows\System\wkUptfQ.exe
  C:\Windows\System\wkUptfQ.exe
  2⤵
  PID:8488
- C:\Windows\System\DkQNoOy.exe
  C:\Windows\System\DkQNoOy.exe
  2⤵
  PID:8548
- C:\Windows\System\kyICgNx.exe
  C:\Windows\System\kyICgNx.exe
  2⤵
  PID:8300
- C:\Windows\System\tKXnePn.exe
  C:\Windows\System\tKXnePn.exe
  2⤵
  PID:8644
- C:\Windows\System\XIcELWY.exe
  C:\Windows\System\XIcELWY.exe
  2⤵
  PID:8684
- C:\Windows\System\JusFWbF.exe
  C:\Windows\System\JusFWbF.exe
  2⤵
  PID:8780
- C:\Windows\System\oPRdwvx.exe
  C:\Windows\System\oPRdwvx.exe
  2⤵
  PID:8820
- C:\Windows\System\WTzLOfi.exe
  C:\Windows\System\WTzLOfi.exe
  2⤵
  PID:8940
- C:\Windows\System\OlDwdwf.exe
  C:\Windows\System\OlDwdwf.exe
  2⤵
  PID:4920
- C:\Windows\System\FqkUECy.exe
  C:\Windows\System\FqkUECy.exe
  2⤵
  PID:9084
- C:\Windows\System\RacIRIF.exe
  C:\Windows\System\RacIRIF.exe
  2⤵
  PID:9152
- C:\Windows\System\Dodjlbt.exe
  C:\Windows\System\Dodjlbt.exe
  2⤵
  PID:9196
- C:\Windows\System\TzvqCwx.exe
  C:\Windows\System\TzvqCwx.exe
  2⤵
  PID:8280
- C:\Windows\System\hpcxzah.exe
  C:\Windows\System\hpcxzah.exe
  2⤵
  PID:8444
- C:\Windows\System\PAUmHZj.exe
  C:\Windows\System\PAUmHZj.exe
  2⤵
  PID:8772
- C:\Windows\System\LuoajNZ.exe
  C:\Windows\System\LuoajNZ.exe
  2⤵
  PID:8804
- C:\Windows\System\OsxixMn.exe
  C:\Windows\System\OsxixMn.exe
  2⤵
  PID:8864
- C:\Windows\System\HfARFzV.exe
  C:\Windows\System\HfARFzV.exe
  2⤵
  PID:8200
- C:\Windows\System\BETeWWM.exe
  C:\Windows\System\BETeWWM.exe
  2⤵
  PID:8392
- C:\Windows\System\heUoSKq.exe
  C:\Windows\System\heUoSKq.exe
  2⤵
  PID:8708
- C:\Windows\System\KczBWVC.exe
  C:\Windows\System\KczBWVC.exe
  2⤵
  PID:9132
- C:\Windows\System\XJbFMFh.exe
  C:\Windows\System\XJbFMFh.exe
  2⤵
  PID:8952
- C:\Windows\System\kCrpJuT.exe
  C:\Windows\System\kCrpJuT.exe
  2⤵
  PID:9232
- C:\Windows\System\uCyMmQp.exe
  C:\Windows\System\uCyMmQp.exe
  2⤵
  PID:9256
- C:\Windows\System\ASpvxBO.exe
  C:\Windows\System\ASpvxBO.exe
  2⤵
  PID:9300
- C:\Windows\System\AxIPyHy.exe
  C:\Windows\System\AxIPyHy.exe
  2⤵
  PID:9344
- C:\Windows\System\FCVotBl.exe
  C:\Windows\System\FCVotBl.exe
  2⤵
  PID:9360
- C:\Windows\System\fgJRoEX.exe
  C:\Windows\System\fgJRoEX.exe
  2⤵
  PID:9376
- C:\Windows\System\XVMIkIH.exe
  C:\Windows\System\XVMIkIH.exe
  2⤵
  PID:9416
- C:\Windows\System\zKrhlBs.exe
  C:\Windows\System\zKrhlBs.exe
  2⤵
  PID:9432
- C:\Windows\System\PhlpAIr.exe
  C:\Windows\System\PhlpAIr.exe
  2⤵
  PID:9460
- C:\Windows\System\tQpLMbY.exe
  C:\Windows\System\tQpLMbY.exe
  2⤵
  PID:9488
- C:\Windows\System\TfWDKeW.exe
  C:\Windows\System\TfWDKeW.exe
  2⤵
  PID:9504
- C:\Windows\System\Lducsli.exe
  C:\Windows\System\Lducsli.exe
  2⤵
  PID:9532
- C:\Windows\System\RDzNcjz.exe
  C:\Windows\System\RDzNcjz.exe
  2⤵
  PID:9564
- C:\Windows\System\RqLWSXz.exe
  C:\Windows\System\RqLWSXz.exe
  2⤵
  PID:9588
- C:\Windows\System\GInuOID.exe
  C:\Windows\System\GInuOID.exe
  2⤵
  PID:9608
- C:\Windows\System\IwGlLva.exe
  C:\Windows\System\IwGlLva.exe
  2⤵
  PID:9640
- C:\Windows\System\onKdtal.exe
  C:\Windows\System\onKdtal.exe
  2⤵
  PID:9700
- C:\Windows\System\FQOmCiA.exe
  C:\Windows\System\FQOmCiA.exe
  2⤵
  PID:9716
- C:\Windows\System\Mdhbuse.exe
  C:\Windows\System\Mdhbuse.exe
  2⤵
  PID:9744
- C:\Windows\System\cpNwdYE.exe
  C:\Windows\System\cpNwdYE.exe
  2⤵
  PID:9764
- C:\Windows\System\PKmHAFx.exe
  C:\Windows\System\PKmHAFx.exe
  2⤵
  PID:9792
- C:\Windows\System\QdXfWWY.exe
  C:\Windows\System\QdXfWWY.exe
  2⤵
  PID:9816
- C:\Windows\System\AmVnYJP.exe
  C:\Windows\System\AmVnYJP.exe
  2⤵
  PID:9832
- C:\Windows\System\rOcwIHp.exe
  C:\Windows\System\rOcwIHp.exe
  2⤵
  PID:9896
- C:\Windows\System\wbcEZNA.exe
  C:\Windows\System\wbcEZNA.exe
  2⤵
  PID:9924
- C:\Windows\System\ihQPFNU.exe
  C:\Windows\System\ihQPFNU.exe
  2⤵
  PID:9952
- C:\Windows\System\XGvAliI.exe
  C:\Windows\System\XGvAliI.exe
  2⤵
  PID:9976
- C:\Windows\System\lfZHRBL.exe
  C:\Windows\System\lfZHRBL.exe
  2⤵
  PID:10008
- C:\Windows\System\QIBkxHV.exe
  C:\Windows\System\QIBkxHV.exe
  2⤵
  PID:10024
- C:\Windows\System\qdsMVtu.exe
  C:\Windows\System\qdsMVtu.exe
  2⤵
  PID:10060
- C:\Windows\System\eSbYCWN.exe
  C:\Windows\System\eSbYCWN.exe
  2⤵
  PID:10080
- C:\Windows\System\CYXmCew.exe
  C:\Windows\System\CYXmCew.exe
  2⤵
  PID:10120
- C:\Windows\System\fkpUpfH.exe
  C:\Windows\System\fkpUpfH.exe
  2⤵
  PID:10136
- C:\Windows\System\BkNHzrk.exe
  C:\Windows\System\BkNHzrk.exe
  2⤵
  PID:10156
- C:\Windows\System\yMCPHgk.exe
  C:\Windows\System\yMCPHgk.exe
  2⤵
  PID:10180
- C:\Windows\System\VXfhWsN.exe
  C:\Windows\System\VXfhWsN.exe
  2⤵
  PID:10224
- C:\Windows\System\QlktOUp.exe
  C:\Windows\System\QlktOUp.exe
  2⤵
  PID:8616
- C:\Windows\System\zHgdSVv.exe
  C:\Windows\System\zHgdSVv.exe
  2⤵
  PID:9288
- C:\Windows\System\QNcWlOt.exe
  C:\Windows\System\QNcWlOt.exe
  2⤵
  PID:448
- C:\Windows\System\WqOmcRd.exe
  C:\Windows\System\WqOmcRd.exe
  2⤵
  PID:9352
- C:\Windows\System\XAOImgr.exe
  C:\Windows\System\XAOImgr.exe
  2⤵
  PID:9404
- C:\Windows\System\jUwejhy.exe
  C:\Windows\System\jUwejhy.exe
  2⤵
  PID:9476
- C:\Windows\System\HxkPenW.exe
  C:\Windows\System\HxkPenW.exe
  2⤵
  PID:9552
- C:\Windows\System\SREhkon.exe
  C:\Windows\System\SREhkon.exe
  2⤵
  PID:9684
- C:\Windows\System\rlkICpF.exe
  C:\Windows\System\rlkICpF.exe
  2⤵
  PID:9708
- C:\Windows\System\jWXNTPZ.exe
  C:\Windows\System\jWXNTPZ.exe
  2⤵
  PID:9752
- C:\Windows\System\vbRYpgD.exe
  C:\Windows\System\vbRYpgD.exe
  2⤵
  PID:9808
- C:\Windows\System\gBZuMya.exe
  C:\Windows\System\gBZuMya.exe
  2⤵
  PID:9872
- C:\Windows\System\SlUPRws.exe
  C:\Windows\System\SlUPRws.exe
  2⤵
  PID:9992
- C:\Windows\System\LpdLDcZ.exe
  C:\Windows\System\LpdLDcZ.exe
  2⤵
  PID:10056
- C:\Windows\System\DXOhWQK.exe
  C:\Windows\System\DXOhWQK.exe
  2⤵
  PID:10116
- C:\Windows\System\wMnWlBZ.exe
  C:\Windows\System\wMnWlBZ.exe
  2⤵
  PID:10176
- C:\Windows\System\SmAlSeZ.exe
  C:\Windows\System\SmAlSeZ.exe
  2⤵
  PID:10212
- C:\Windows\System\yVSSQcY.exe
  C:\Windows\System\yVSSQcY.exe
  2⤵
  PID:8276
- C:\Windows\System\XhGXNeG.exe
  C:\Windows\System\XhGXNeG.exe
  2⤵
  PID:9372
- C:\Windows\System\YySyKYh.exe
  C:\Windows\System\YySyKYh.exe
  2⤵
  PID:9480
- C:\Windows\System\WBFfWVH.exe
  C:\Windows\System\WBFfWVH.exe
  2⤵
  PID:9528
- C:\Windows\System\DJqiYoQ.exe
  C:\Windows\System\DJqiYoQ.exe
  2⤵
  PID:9732
- C:\Windows\System\GwPumki.exe
  C:\Windows\System\GwPumki.exe
  2⤵
  PID:9972
- C:\Windows\System\hIIQnJh.exe
  C:\Windows\System\hIIQnJh.exe
  2⤵
  PID:10144
- C:\Windows\System\XTjvWXT.exe
  C:\Windows\System\XTjvWXT.exe
  2⤵
  PID:9400
- C:\Windows\System\UhWxWjB.exe
  C:\Windows\System\UhWxWjB.exe
  2⤵
  PID:9736
- C:\Windows\System\qtXyxGv.exe
  C:\Windows\System\qtXyxGv.exe
  2⤵
  PID:10076
- C:\Windows\System\oAOoOUT.exe
  C:\Windows\System\oAOoOUT.exe
  2⤵
  PID:9660
- C:\Windows\System\CfDVIlV.exe
  C:\Windows\System\CfDVIlV.exe
  2⤵
  PID:9240
- C:\Windows\System\JWaqMMF.exe
  C:\Windows\System\JWaqMMF.exe
  2⤵
  PID:10256
- C:\Windows\System\YMPsryr.exe
  C:\Windows\System\YMPsryr.exe
  2⤵
  PID:10272
- C:\Windows\System\cTAZSbt.exe
  C:\Windows\System\cTAZSbt.exe
  2⤵
  PID:10328
- C:\Windows\System\BhtrMCW.exe
  C:\Windows\System\BhtrMCW.exe
  2⤵
  PID:10348
- C:\Windows\System\HTuOaMh.exe
  C:\Windows\System\HTuOaMh.exe
  2⤵
  PID:10392
- C:\Windows\System\faUfCBL.exe
  C:\Windows\System\faUfCBL.exe
  2⤵
  PID:10408
- C:\Windows\System\gzDTpvd.exe
  C:\Windows\System\gzDTpvd.exe
  2⤵
  PID:10424
- C:\Windows\System\tXRvCyd.exe
  C:\Windows\System\tXRvCyd.exe
  2⤵
  PID:10464
- C:\Windows\System\mMgTwbz.exe
  C:\Windows\System\mMgTwbz.exe
  2⤵
  PID:10496
- C:\Windows\System\nakwZPi.exe
  C:\Windows\System\nakwZPi.exe
  2⤵
  PID:10536
- C:\Windows\System\UYKQHOX.exe
  C:\Windows\System\UYKQHOX.exe
  2⤵
  PID:10552
- C:\Windows\System\CsOPNii.exe
  C:\Windows\System\CsOPNii.exe
  2⤵
  PID:10584
- C:\Windows\System\onJEwdU.exe
  C:\Windows\System\onJEwdU.exe
  2⤵
  PID:10608
- C:\Windows\System\vzpHwqT.exe
  C:\Windows\System\vzpHwqT.exe
  2⤵
  PID:10628
- C:\Windows\System\QMNNbRJ.exe
  C:\Windows\System\QMNNbRJ.exe
  2⤵
  PID:10660
- C:\Windows\System\xEUNlOg.exe
  C:\Windows\System\xEUNlOg.exe
  2⤵
  PID:10684
- C:\Windows\System\FICDeSf.exe
  C:\Windows\System\FICDeSf.exe
  2⤵
  PID:10708
- C:\Windows\System\MRcSbkf.exe
  C:\Windows\System\MRcSbkf.exe
  2⤵
  PID:10728
- C:\Windows\System\nTocDsI.exe
  C:\Windows\System\nTocDsI.exe
  2⤵
  PID:10776
- C:\Windows\System\QuPfPXy.exe
  C:\Windows\System\QuPfPXy.exe
  2⤵
  PID:10804
- C:\Windows\System\hkjvlbo.exe
  C:\Windows\System\hkjvlbo.exe
  2⤵
  PID:10820
- C:\Windows\System\yaPYHZP.exe
  C:\Windows\System\yaPYHZP.exe
  2⤵
  PID:10848
- C:\Windows\System\puBPjQN.exe
  C:\Windows\System\puBPjQN.exe
  2⤵
  PID:10900
- C:\Windows\System\sKupaHm.exe
  C:\Windows\System\sKupaHm.exe
  2⤵
  PID:10928
- C:\Windows\System\ywrJPJI.exe
  C:\Windows\System\ywrJPJI.exe
  2⤵
  PID:10952
- C:\Windows\System\hXSnYnF.exe
  C:\Windows\System\hXSnYnF.exe
  2⤵
  PID:10976
- C:\Windows\System\udNumWH.exe
  C:\Windows\System\udNumWH.exe
  2⤵
  PID:11000
- C:\Windows\System\xZcJJjH.exe
  C:\Windows\System\xZcJJjH.exe
  2⤵
  PID:11020
- C:\Windows\System\HhEgvLf.exe
  C:\Windows\System\HhEgvLf.exe
  2⤵
  PID:11052
- C:\Windows\System\BUgkGET.exe
  C:\Windows\System\BUgkGET.exe
  2⤵
  PID:11100
- C:\Windows\System\AMcBPfc.exe
  C:\Windows\System\AMcBPfc.exe
  2⤵
  PID:11116
- C:\Windows\System\UXYiNuK.exe
  C:\Windows\System\UXYiNuK.exe
  2⤵
  PID:11148
- C:\Windows\System\XBYxoCT.exe
  C:\Windows\System\XBYxoCT.exe
  2⤵
  PID:11172
- C:\Windows\System\tVkNVZp.exe
  C:\Windows\System\tVkNVZp.exe
  2⤵
  PID:11192
- C:\Windows\System\dpjOzhF.exe
  C:\Windows\System\dpjOzhF.exe
  2⤵
  PID:11220
- C:\Windows\System\gjwSOGI.exe
  C:\Windows\System\gjwSOGI.exe
  2⤵
  PID:10248
- C:\Windows\System\mZZHQdi.exe
  C:\Windows\System\mZZHQdi.exe
  2⤵
  PID:10284
- C:\Windows\System\bcCWmqc.exe
  C:\Windows\System\bcCWmqc.exe
  2⤵
  PID:10316
- C:\Windows\System\GqJIEjr.exe
  C:\Windows\System\GqJIEjr.exe
  2⤵
  PID:10404
- C:\Windows\System\HIUWSIo.exe
  C:\Windows\System\HIUWSIo.exe
  2⤵
  PID:10448
- C:\Windows\System\sooQYOy.exe
  C:\Windows\System\sooQYOy.exe
  2⤵
  PID:10520
- C:\Windows\System\cYICnyp.exe
  C:\Windows\System\cYICnyp.exe
  2⤵
  PID:10620
- C:\Windows\System\NKaRaAc.exe
  C:\Windows\System\NKaRaAc.exe
  2⤵
  PID:10672
- C:\Windows\System\pchLPXo.exe
  C:\Windows\System\pchLPXo.exe
  2⤵
  PID:10740
- C:\Windows\System\DEeifrl.exe
  C:\Windows\System\DEeifrl.exe
  2⤵
  PID:10772
- C:\Windows\System\IFXsMvR.exe
  C:\Windows\System\IFXsMvR.exe
  2⤵
  PID:10832
- C:\Windows\System\JiStqeQ.exe
  C:\Windows\System\JiStqeQ.exe
  2⤵
  PID:10896
- C:\Windows\System\ZFWJqII.exe
  C:\Windows\System\ZFWJqII.exe
  2⤵
  PID:11016
- C:\Windows\System\hevROTz.exe
  C:\Windows\System\hevROTz.exe
  2⤵
  PID:11044
- C:\Windows\System\HXEFbIb.exe
  C:\Windows\System\HXEFbIb.exe
  2⤵
  PID:11112
- C:\Windows\System\OhKRkqD.exe
  C:\Windows\System\OhKRkqD.exe
  2⤵
  PID:11212
- C:\Windows\System\DGmzeNn.exe
  C:\Windows\System\DGmzeNn.exe
  2⤵
  PID:9636
- C:\Windows\System\DvinCtI.exe
  C:\Windows\System\DvinCtI.exe
  2⤵
  PID:10360
- C:\Windows\System\YqfsWBu.exe
  C:\Windows\System\YqfsWBu.exe
  2⤵
  PID:10444
- C:\Windows\System\tUOuVwa.exe
  C:\Windows\System\tUOuVwa.exe
  2⤵
  PID:10572
- C:\Windows\System\TsEwCpE.exe
  C:\Windows\System\TsEwCpE.exe
  2⤵
  PID:10700
- C:\Windows\System\GIaWfwy.exe
  C:\Windows\System\GIaWfwy.exe
  2⤵
  PID:10816
- C:\Windows\System\FTMUrzl.exe
  C:\Windows\System\FTMUrzl.exe
  2⤵
  PID:11140
- C:\Windows\System\YoacUNF.exe
  C:\Windows\System\YoacUNF.exe
  2⤵
  PID:10344
- C:\Windows\System\SZdJRFQ.exe
  C:\Windows\System\SZdJRFQ.exe
  2⤵
  PID:10648
- C:\Windows\System\qCqZDOl.exe
  C:\Windows\System\qCqZDOl.exe
  2⤵
  PID:10996
- C:\Windows\System\NSFNaJf.exe
  C:\Windows\System\NSFNaJf.exe
  2⤵
  PID:10336
- C:\Windows\System\fURigHG.exe
  C:\Windows\System\fURigHG.exe
  2⤵
  PID:10844
- C:\Windows\System\Ctlckkt.exe
  C:\Windows\System\Ctlckkt.exe
  2⤵
  PID:11276
- C:\Windows\System\tablsBt.exe
  C:\Windows\System\tablsBt.exe
  2⤵
  PID:11300
- C:\Windows\System\qcoHxDy.exe
  C:\Windows\System\qcoHxDy.exe
  2⤵
  PID:11348
- C:\Windows\System\oFNUxxS.exe
  C:\Windows\System\oFNUxxS.exe
  2⤵
  PID:11376
- C:\Windows\System\dwWDlBH.exe
  C:\Windows\System\dwWDlBH.exe
  2⤵
  PID:11404
- C:\Windows\System\EgrZgwJ.exe
  C:\Windows\System\EgrZgwJ.exe
  2⤵
  PID:11424
- C:\Windows\System\bfVMWlq.exe
  C:\Windows\System\bfVMWlq.exe
  2⤵
  PID:11448
- C:\Windows\System\EaHiBps.exe
  C:\Windows\System\EaHiBps.exe
  2⤵
  PID:11480
- C:\Windows\System\OUZEjgA.exe
  C:\Windows\System\OUZEjgA.exe
  2⤵
  PID:11508
- C:\Windows\System\CAhPPlR.exe
  C:\Windows\System\CAhPPlR.exe
  2⤵
  PID:11536
- C:\Windows\System\BZZLokc.exe
  C:\Windows\System\BZZLokc.exe
  2⤵
  PID:11556
- C:\Windows\System\VTKFIhf.exe
  C:\Windows\System\VTKFIhf.exe
  2⤵
  PID:11584
- C:\Windows\System\yUWKwGN.exe
  C:\Windows\System\yUWKwGN.exe
  2⤵
  PID:11620
- C:\Windows\System\FBBgfWj.exe
  C:\Windows\System\FBBgfWj.exe
  2⤵
  PID:11660
- C:\Windows\System\bdniNvL.exe
  C:\Windows\System\bdniNvL.exe
  2⤵
  PID:11676
- C:\Windows\System\XWgfAhK.exe
  C:\Windows\System\XWgfAhK.exe
  2⤵
  PID:11704
- C:\Windows\System\ralTKyR.exe
  C:\Windows\System\ralTKyR.exe
  2⤵
  PID:11744
- C:\Windows\System\EDQtcAB.exe
  C:\Windows\System\EDQtcAB.exe
  2⤵
  PID:11760
- C:\Windows\System\HLCLoIY.exe
  C:\Windows\System\HLCLoIY.exe
  2⤵
  PID:11800
- C:\Windows\System\issBPpw.exe
  C:\Windows\System\issBPpw.exe
  2⤵
  PID:11828
- C:\Windows\System\ZmhuwzK.exe
  C:\Windows\System\ZmhuwzK.exe
  2⤵
  PID:11844
- C:\Windows\System\eGTqcYJ.exe
  C:\Windows\System\eGTqcYJ.exe
  2⤵
  PID:11864
- C:\Windows\System\slSGvLW.exe
  C:\Windows\System\slSGvLW.exe
  2⤵
  PID:11896
- C:\Windows\System\ybplSRf.exe
  C:\Windows\System\ybplSRf.exe
  2⤵
  PID:11916
- C:\Windows\System\mOvIcFJ.exe
  C:\Windows\System\mOvIcFJ.exe
  2⤵
  PID:11936
- C:\Windows\System\VuLMHmk.exe
  C:\Windows\System\VuLMHmk.exe
  2⤵
  PID:11980
- C:\Windows\System\ULhtXke.exe
  C:\Windows\System\ULhtXke.exe
  2⤵
  PID:12000
- C:\Windows\System\bwZuuxW.exe
  C:\Windows\System\bwZuuxW.exe
  2⤵
  PID:12020
- C:\Windows\System\ClgrnMI.exe
  C:\Windows\System\ClgrnMI.exe
  2⤵
  PID:12056
- C:\Windows\System\RSWPWJy.exe
  C:\Windows\System\RSWPWJy.exe
  2⤵
  PID:12108
- C:\Windows\System\gFmNsTl.exe
  C:\Windows\System\gFmNsTl.exe
  2⤵
  PID:12128
- C:\Windows\System\kFAafIJ.exe
  C:\Windows\System\kFAafIJ.exe
  2⤵
  PID:12148
- C:\Windows\System\XgOGxZW.exe
  C:\Windows\System\XgOGxZW.exe
  2⤵
  PID:12168
- C:\Windows\System\EbHAvSC.exe
  C:\Windows\System\EbHAvSC.exe
  2⤵
  PID:12216
- C:\Windows\System\roEanCk.exe
  C:\Windows\System\roEanCk.exe
  2⤵
  PID:12244
- C:\Windows\System\dTFLrsQ.exe
  C:\Windows\System\dTFLrsQ.exe
  2⤵
  PID:12264
- C:\Windows\System\keyYxua.exe
  C:\Windows\System\keyYxua.exe
  2⤵
  PID:10340
- C:\Windows\System\OFVUqJW.exe
  C:\Windows\System\OFVUqJW.exe
  2⤵
  PID:11316
- C:\Windows\System\ZnRKdgX.exe
  C:\Windows\System\ZnRKdgX.exe
  2⤵
  PID:11344
- C:\Windows\System\tXURcEj.exe
  C:\Windows\System\tXURcEj.exe
  2⤵
  PID:11488
- C:\Windows\System\UVkSuIh.exe
  C:\Windows\System\UVkSuIh.exe
  2⤵
  PID:11532
- C:\Windows\System\NvdWkkS.exe
  C:\Windows\System\NvdWkkS.exe
  2⤵
  PID:11604
- C:\Windows\System\nVepFBS.exe
  C:\Windows\System\nVepFBS.exe
  2⤵
  PID:11644
- C:\Windows\System\cKhOuRU.exe
  C:\Windows\System\cKhOuRU.exe
  2⤵
  PID:11692
- C:\Windows\System\IOEixzW.exe
  C:\Windows\System\IOEixzW.exe
  2⤵
  PID:11796
- C:\Windows\System\ZvbOczu.exe
  C:\Windows\System\ZvbOczu.exe
  2⤵
  PID:11836
- C:\Windows\System\gOGZqgC.exe
  C:\Windows\System\gOGZqgC.exe
  2⤵
  PID:11944
- C:\Windows\System\xcezsMU.exe
  C:\Windows\System\xcezsMU.exe
  2⤵
  PID:11992
- C:\Windows\System\baSMHQh.exe
  C:\Windows\System\baSMHQh.exe
  2⤵
  PID:12016
- C:\Windows\System\SHrvAId.exe
  C:\Windows\System\SHrvAId.exe
  2⤵
  PID:12124
- C:\Windows\System\RwFzUQt.exe
  C:\Windows\System\RwFzUQt.exe
  2⤵
  PID:12208
- C:\Windows\System\puDxhok.exe
  C:\Windows\System\puDxhok.exe
  2⤵
  PID:12252
- C:\Windows\System\shBNYWZ.exe
  C:\Windows\System\shBNYWZ.exe
  2⤵
  PID:11296
- C:\Windows\System\eExUlOx.exe
  C:\Windows\System\eExUlOx.exe
  2⤵
  PID:11388
- C:\Windows\System\MvNypNh.exe
  C:\Windows\System\MvNypNh.exe
  2⤵
  PID:11572
- C:\Windows\System\cUWRYNU.exe
  C:\Windows\System\cUWRYNU.exe
  2⤵
  PID:11640
- C:\Windows\System\Slrrpwa.exe
  C:\Windows\System\Slrrpwa.exe
  2⤵
  PID:11856
- C:\Windows\System\GqizMPr.exe
  C:\Windows\System\GqizMPr.exe
  2⤵
  PID:11976
- C:\Windows\System\WrNhgmV.exe
  C:\Windows\System\WrNhgmV.exe
  2⤵
  PID:12156
- C:\Windows\System\IkZorHn.exe
  C:\Windows\System\IkZorHn.exe
  2⤵
  PID:11340
- C:\Windows\System\BXXcudJ.exe
  C:\Windows\System\BXXcudJ.exe
  2⤵
  PID:11736
- C:\Windows\System\NduPoiS.exe
  C:\Windows\System\NduPoiS.exe
  2⤵
  PID:11616
- C:\Windows\System\MPDsFqS.exe
  C:\Windows\System\MPDsFqS.exe
  2⤵
  PID:11700
- C:\Windows\System\sSfqqOB.exe
  C:\Windows\System\sSfqqOB.exe
  2⤵
  PID:11576
- C:\Windows\System\kYnxYvB.exe
  C:\Windows\System\kYnxYvB.exe
  2⤵
  PID:12308
- C:\Windows\System\ghRsuQj.exe
  C:\Windows\System\ghRsuQj.exe
  2⤵
  PID:12332
- C:\Windows\System\vdQSLTZ.exe
  C:\Windows\System\vdQSLTZ.exe
  2⤵
  PID:12352
- C:\Windows\System\cDfINxz.exe
  C:\Windows\System\cDfINxz.exe
  2⤵
  PID:12372
- C:\Windows\System\NmYXJli.exe
  C:\Windows\System\NmYXJli.exe
  2⤵
  PID:12436
- C:\Windows\System\wHLzaYq.exe
  C:\Windows\System\wHLzaYq.exe
  2⤵
  PID:12460
- C:\Windows\System\ksHpbOH.exe
  C:\Windows\System\ksHpbOH.exe
  2⤵
  PID:12484
- C:\Windows\System\tGhxVmn.exe
  C:\Windows\System\tGhxVmn.exe
  2⤵
  PID:12504
- C:\Windows\System\hKPANxE.exe
  C:\Windows\System\hKPANxE.exe
  2⤵
  PID:12536
- C:\Windows\System\XTqMYot.exe
  C:\Windows\System\XTqMYot.exe
  2⤵
  PID:12560
- C:\Windows\System\OTxVIdf.exe
  C:\Windows\System\OTxVIdf.exe
  2⤵
  PID:12596
- C:\Windows\System\aNjmrpy.exe
  C:\Windows\System\aNjmrpy.exe
  2⤵
  PID:12636
- C:\Windows\System\jYTiFly.exe
  C:\Windows\System\jYTiFly.exe
  2⤵
  PID:12660
- C:\Windows\System\olpjqkq.exe
  C:\Windows\System\olpjqkq.exe
  2⤵
  PID:12692
- C:\Windows\System\XGHhcUK.exe
  C:\Windows\System\XGHhcUK.exe
  2⤵
  PID:12716
- C:\Windows\System\ElhMQWE.exe
  C:\Windows\System\ElhMQWE.exe
  2⤵
  PID:12740
- C:\Windows\System\YCSozem.exe
  C:\Windows\System\YCSozem.exe
  2⤵
  PID:12768
- C:\Windows\System\LienBTa.exe
  C:\Windows\System\LienBTa.exe
  2⤵
  PID:12788
- C:\Windows\System\sjGDxHT.exe
  C:\Windows\System\sjGDxHT.exe
  2⤵
  PID:12828
- C:\Windows\System\pVeDBwK.exe
  C:\Windows\System\pVeDBwK.exe
  2⤵
  PID:12852
- C:\Windows\System\HBkjTRu.exe
  C:\Windows\System\HBkjTRu.exe
  2⤵
  PID:12876
- C:\Windows\System\MNCIjwa.exe
  C:\Windows\System\MNCIjwa.exe
  2⤵
  PID:12928
- C:\Windows\System\XcqUtSJ.exe
  C:\Windows\System\XcqUtSJ.exe
  2⤵
  PID:12972
- C:\Windows\System\kdQVhZW.exe
  C:\Windows\System\kdQVhZW.exe
  2⤵
  PID:13000
- C:\Windows\System\erLfqSW.exe
  C:\Windows\System\erLfqSW.exe
  2⤵
  PID:13028
- C:\Windows\System\tcrHllz.exe
  C:\Windows\System\tcrHllz.exe
  2⤵
  PID:13056
- C:\Windows\System\WzLNnQK.exe
  C:\Windows\System\WzLNnQK.exe
  2⤵
  PID:13072
- C:\Windows\System\ZOTGLeA.exe
  C:\Windows\System\ZOTGLeA.exe
  2⤵
  PID:13092
- C:\Windows\System\vNGKjeQ.exe
  C:\Windows\System\vNGKjeQ.exe
  2⤵
  PID:13116
- C:\Windows\System\qqvRdmS.exe
  C:\Windows\System\qqvRdmS.exe
  2⤵
  PID:13136
- C:\Windows\System\MNFqhNx.exe
  C:\Windows\System\MNFqhNx.exe
  2⤵
  PID:13176
- C:\Windows\System\bfgqnxv.exe
  C:\Windows\System\bfgqnxv.exe
  2⤵
  PID:13224
- C:\Windows\System\BuUJJPz.exe
  C:\Windows\System\BuUJJPz.exe
  2⤵
  PID:13252
- C:\Windows\System\GQUTsUc.exe
  C:\Windows\System\GQUTsUc.exe
  2⤵
  PID:13280
- C:\Windows\System\CIEylSU.exe
  C:\Windows\System\CIEylSU.exe
  2⤵
  PID:13296
- C:\Windows\System\ZNzhoUO.exe
  C:\Windows\System\ZNzhoUO.exe
  2⤵
  PID:11956
- C:\Windows\System\scZLNjL.exe
  C:\Windows\System\scZLNjL.exe
  2⤵
  PID:12344
- C:\Windows\System\ZetvURz.exe
  C:\Windows\System\ZetvURz.exe
  2⤵
  PID:12324
- C:\Windows\System\wqOXCog.exe
  C:\Windows\System\wqOXCog.exe
  2⤵
  PID:12428
- C:\Windows\System\KvWFMaX.exe
  C:\Windows\System\KvWFMaX.exe
  2⤵
  PID:12524
- C:\Windows\System\gMcNBTo.exe
  C:\Windows\System\gMcNBTo.exe
  2⤵
  PID:12588
- C:\Windows\System\RWzBeVo.exe
  C:\Windows\System\RWzBeVo.exe
  2⤵
  PID:12656
- C:\Windows\System\QrAWKjT.exe
  C:\Windows\System\QrAWKjT.exe
  2⤵
  PID:12684
- C:\Windows\System\nSxUVMu.exe
  C:\Windows\System\nSxUVMu.exe
  2⤵
  PID:12748
- C:\Windows\System\vDPyxgv.exe
  C:\Windows\System\vDPyxgv.exe
  2⤵
  PID:12920
- C:\Windows\System\SwBskCo.exe
  C:\Windows\System\SwBskCo.exe
  2⤵
  PID:12984
- C:\Windows\System\YImnWrH.exe
  C:\Windows\System\YImnWrH.exe
  2⤵
  PID:13048
- C:\Windows\System\DNxvnWI.exe
  C:\Windows\System\DNxvnWI.exe
  2⤵
  PID:13080
- C:\Windows\System\zVejQDT.exe
  C:\Windows\System\zVejQDT.exe
  2⤵
  PID:13164
- C:\Windows\System\wcABQqZ.exe
  C:\Windows\System\wcABQqZ.exe
  2⤵
  PID:13204
- C:\Windows\System\xKGtBHF.exe
  C:\Windows\System\xKGtBHF.exe
  2⤵
  PID:13244
- C:\Windows\System\cvlpwwv.exe
  C:\Windows\System\cvlpwwv.exe
  2⤵
  PID:13304
- C:\Windows\System\dwsIQld.exe
  C:\Windows\System\dwsIQld.exe
  2⤵
  PID:12360
- C:\Windows\System\LlkGcfk.exe
  C:\Windows\System\LlkGcfk.exe
  2⤵
  PID:12612
- C:\Windows\System\BsDwXDb.exe
  C:\Windows\System\BsDwXDb.exe
  2⤵
  PID:12784
- C:\Windows\System\hyIzPBE.exe
  C:\Windows\System\hyIzPBE.exe
  2⤵
  PID:12820
- C:\Windows\System\nbkMFXl.exe
  C:\Windows\System\nbkMFXl.exe
  2⤵
  PID:2148
- C:\Windows\System\KYTUTyv.exe
  C:\Windows\System\KYTUTyv.exe
  2⤵
  PID:13088
- C:\Windows\System\NkYlKYL.exe
  C:\Windows\System\NkYlKYL.exe
  2⤵
  PID:13104
- C:\Windows\System\jMqhnGJ.exe
  C:\Windows\System\jMqhnGJ.exe
  2⤵
  PID:13268
- C:\Windows\System\gtTXtDl.exe
  C:\Windows\System\gtTXtDl.exe
  2⤵
  PID:12472
- C:\Windows\System\fBpoVhd.exe
  C:\Windows\System\fBpoVhd.exe
  2⤵
  PID:12580
- C:\Windows\System\XvPzvYs.exe
  C:\Windows\System\XvPzvYs.exe
  2⤵
  PID:13168
- C:\Windows\System\TFYxBwe.exe
  C:\Windows\System\TFYxBwe.exe
  2⤵
  PID:13320
- C:\Windows\System\pisSMVi.exe
  C:\Windows\System\pisSMVi.exe
  2⤵
  PID:13360
- C:\Windows\System\sLgvylw.exe
  C:\Windows\System\sLgvylw.exe
  2⤵
  PID:13384
- C:\Windows\System\ZIUehnx.exe
  C:\Windows\System\ZIUehnx.exe
  2⤵
  PID:13404
- C:\Windows\System\AhWwIyS.exe
  C:\Windows\System\AhWwIyS.exe
  2⤵
  PID:13428
- C:\Windows\System\FMfsujE.exe
  C:\Windows\System\FMfsujE.exe
  2⤵
  PID:13468
- C:\Windows\System\uDWgIjb.exe
  C:\Windows\System\uDWgIjb.exe
  2⤵
  PID:13496
- C:\Windows\System\tduevgk.exe
  C:\Windows\System\tduevgk.exe
  2⤵
  PID:13512
- C:\Windows\System\xgmilTs.exe
  C:\Windows\System\xgmilTs.exe
  2⤵
  PID:13540
- C:\Windows\System\ySkSzai.exe
  C:\Windows\System\ySkSzai.exe
  2⤵
  PID:13560
- C:\Windows\System\wOdqWWZ.exe
  C:\Windows\System\wOdqWWZ.exe
  2⤵
  PID:13584
- C:\Windows\System\YyYNXtK.exe
  C:\Windows\System\YyYNXtK.exe
  2⤵
  PID:13636
- C:\Windows\System\TqqwMjw.exe
  C:\Windows\System\TqqwMjw.exe
  2⤵
  PID:13652
- C:\Windows\System\ILNepdX.exe
  C:\Windows\System\ILNepdX.exe
  2⤵
  PID:13668
- C:\Windows\System\qnrRwRv.exe
  C:\Windows\System\qnrRwRv.exe
  2⤵
  PID:13700
- C:\Windows\System\rbAtZAI.exe
  C:\Windows\System\rbAtZAI.exe
  2⤵
  PID:13724
- C:\Windows\System\PCWoESM.exe
  C:\Windows\System\PCWoESM.exe
  2⤵
  PID:13748
- C:\Windows\System\TcBgkhp.exe
  C:\Windows\System\TcBgkhp.exe
  2⤵
  PID:13780
- C:\Windows\System\PNdywIe.exe
  C:\Windows\System\PNdywIe.exe
  2⤵
  PID:13800
- C:\Windows\System\bBDxKSP.exe
  C:\Windows\System\bBDxKSP.exe
  2⤵
  PID:13840
- C:\Windows\System\oNwuxFw.exe
  C:\Windows\System\oNwuxFw.exe
  2⤵
  PID:13868
- C:\Windows\System\gjNEMYo.exe
  C:\Windows\System\gjNEMYo.exe
  2⤵
  PID:13892
- C:\Windows\System\YRvwqNp.exe
  C:\Windows\System\YRvwqNp.exe
  2⤵
  PID:13908
- C:\Windows\System\KePKOHL.exe
  C:\Windows\System\KePKOHL.exe
  2⤵
  PID:13980
- C:\Windows\System\AyCTdNq.exe
  C:\Windows\System\AyCTdNq.exe
  2⤵
  PID:14012
- C:\Windows\System\FqKbUfI.exe
  C:\Windows\System\FqKbUfI.exe
  2⤵
  PID:14040
- C:\Windows\System\JatyFKo.exe
  C:\Windows\System\JatyFKo.exe
  2⤵
  PID:14068
- C:\Windows\System\iiEIiYe.exe
  C:\Windows\System\iiEIiYe.exe
  2⤵
  PID:14088
- C:\Windows\System\uPGIHgJ.exe
  C:\Windows\System\uPGIHgJ.exe
  2⤵
  PID:14112
- C:\Windows\System\QEkaxXA.exe
  C:\Windows\System\QEkaxXA.exe
  2⤵
  PID:14132
- C:\Windows\System\BvHNsnP.exe
  C:\Windows\System\BvHNsnP.exe
  2⤵
  PID:14156
- C:\Windows\System\TNBYLoV.exe
  C:\Windows\System\TNBYLoV.exe
  2⤵
  PID:14180
- C:\Windows\System\TQSQMZP.exe
  C:\Windows\System\TQSQMZP.exe
  2⤵
  PID:14200
- C:\Windows\System\AOUrhdx.exe
  C:\Windows\System\AOUrhdx.exe
  2⤵
  PID:14224
- C:\Windows\System\PQmcnLF.exe
  C:\Windows\System\PQmcnLF.exe
  2⤵
  PID:14268
- C:\Windows\System\cODknaN.exe
  C:\Windows\System\cODknaN.exe
  2⤵
  PID:14296
- C:\Windows\System\dWjcsWA.exe
  C:\Windows\System\dWjcsWA.exe
  2⤵
  PID:14316
- C:\Windows\System\YJAeMmT.exe
  C:\Windows\System\YJAeMmT.exe
  2⤵
  PID:4168
- C:\Windows\System\GxzxSgS.exe
  C:\Windows\System\GxzxSgS.exe
  2⤵
  PID:13340
- C:\Windows\System\CcDpdiw.exe
  C:\Windows\System\CcDpdiw.exe
  2⤵
  PID:13424
- C:\Windows\System\UPjMASU.exe
  C:\Windows\System\UPjMASU.exe
  2⤵
  PID:13480
- C:\Windows\System\GwrHBOw.exe
  C:\Windows\System\GwrHBOw.exe
  2⤵
  PID:13548
- C:\Windows\System\OlSVtvm.exe
  C:\Windows\System\OlSVtvm.exe
  2⤵
  PID:5048
- C:\Windows\System\crxePpZ.exe
  C:\Windows\System\crxePpZ.exe
  2⤵
  PID:13696
- C:\Windows\System\XGyqZNE.exe
  C:\Windows\System\XGyqZNE.exe
  2⤵
  PID:13720
- C:\Windows\System\KZgPUbH.exe
  C:\Windows\System\KZgPUbH.exe
  2⤵
  PID:13880
- C:\Windows\System\githBBj.exe
  C:\Windows\System\githBBj.exe
  2⤵
  PID:13860
- C:\Windows\System\ddwhIvu.exe
  C:\Windows\System\ddwhIvu.exe
  2⤵
  PID:13952
- C:\Windows\System\LKrypYO.exe
  C:\Windows\System\LKrypYO.exe
  2⤵
  PID:14056
- C:\Windows\System\NCyEtyf.exe
  C:\Windows\System\NCyEtyf.exe
  2⤵
  PID:14084
- C:\Windows\System\lpuIqSJ.exe
  C:\Windows\System\lpuIqSJ.exe
  2⤵
  PID:14164
- C:\Windows\System\bPlYqNh.exe
  C:\Windows\System\bPlYqNh.exe
  2⤵
  PID:14208
- C:\Windows\System\vLUOFab.exe
  C:\Windows\System\vLUOFab.exe
  2⤵
  PID:14284
- C:\Windows\System\KrRzKJR.exe
  C:\Windows\System\KrRzKJR.exe
  2⤵
  PID:14324
- C:\Windows\System\KxtUcTD.exe
  C:\Windows\System\KxtUcTD.exe
  2⤵
  PID:12292
- C:\Windows\System\aojXWLo.exe
  C:\Windows\System\aojXWLo.exe
  2⤵
  PID:13508

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CkaGoNY.exe

Filesize
1.9MB

MD5
7edd0c0e37072ae8d5a11af680cdc700

SHA1
1362f30db20580104c0ded739e4118680e1a97eb

SHA256
56c17766d44901c288fbbeb7d325df407e213557c3b04ba3cd4341b02765f0af

SHA512
88ebed56998b1f9685e784d81117ca57a84f3741ceb129dc005e80a5a31d9bf25344ab7638704e34244292b82667c43ee254ce73e328d2399808466596beda86

Download Submit
C:\Windows\System\DaCbBhJ.exe

Filesize
1.9MB

MD5
726b8dc25c9d0e34c072df07f41d7143

SHA1
081df25ce791afd0b3da984277d0b70bc0a47bfc

SHA256
39c748450093b8641d07d79e68a8ea2e2c6f842d85a4cf6a5455ce5423499e1c

SHA512
bb4121dd288df7050d85e87c5e312d0262fcc34b6bca95368e2bd2b49b59f07dd04917d264f3cff4d5695aebaff9a9e025f078339c466f2a13ff0f7bd2b3b29f

Download Submit
C:\Windows\System\DhOdhQr.exe

Filesize
1.9MB

MD5
04e0446abe49718b346de1dca0315692

SHA1
b94d1125a18352c2d0a0daf991919076e1b10d69

SHA256
a20811af59f36d47ba4f69673b00797fed491c1b5de30a2f94dcb021d6f76553

SHA512
84d8251f57267c862a6a107f5ccd842b1c138579142a80800546876b4606c1716cd1af52b42b0b95af74c6799c7bc386309d92aa988aaab306d0d17fc8761dc4

Download Submit
C:\Windows\System\FzzduUE.exe

Filesize
1.9MB

MD5
3e79c7d2edb3f079b941c9b9fbbc27d3

SHA1
c4fe9ef99cce2bc521612e61829d8bf559717c23

SHA256
3c16fe64001e69f30269597cf66e9ae5e0568ad81a8a96c8b85cb4781654f034

SHA512
8835f71eea5978653568dd4379e5cf667d5f9a23a1104314f271795be26e238db57ef594bbc2dc54327915940670a2795ca4ff240811458ffaf47b506b096c73

Download Submit
C:\Windows\System\GNVSibb.exe

Filesize
1.9MB

MD5
631099a1bae591202841ff2f50c950eb

SHA1
c067814c1d978f47af395ffe653b48560b8f33d5

SHA256
2508e12048948623f09983574c7a20ea39c3d127e3bf42781890a8f92fa3d202

SHA512
8519074e8a43123180f4f46ea5a191c1727b18ce19d9e6c398d16fafc0ff7843cb4ddb49930d867f59191fe5e1e6e4aca61150ec9b21fbac24788bc1090fee2e

Download Submit
C:\Windows\System\ImsLGgj.exe

Filesize
1.9MB

MD5
9d17412439eef6efbe33409392fc38c8

SHA1
40701be6c3857813a59d24cd5e6da94d40547518

SHA256
93f921a9d7812e58fd77325ec36f669f99e44e2a819a73a4ac2b8d2104c84e4d

SHA512
24d7c067deabed34039532e4aad1d160501d0197cfbe2f5047fb8a46b44c44135eff12a91763ced6e36278554de9a4780058aedc8f36386f8ec386fa2916eab7

Download Submit
C:\Windows\System\KitgjHt.exe

Filesize
1.9MB

MD5
3f2e8bffb9dd4344242643cba42781c2

SHA1
8349ee1276099fe7ea07f00c2c739183f65dd925

SHA256
031640f6bc33fe939b58cd608adb124b4d1bdef4a20215e0aebb05d60ca2a3b8

SHA512
b761c38018755ee212a5b8cb6b20bd055b59a5edda23ef90080be8c648bcf449dcd4142cab60a18673ca1137c3645edb441f5cc1a4aa1c0503e99b58a96764c5

Download Submit
C:\Windows\System\LldjDoq.exe

Filesize
1.9MB

MD5
1e47b591bcae831ea7313109c6597830

SHA1
7a8ceda7ad54903296471de123d7625ef4b10a96

SHA256
42f9b61319a00fd167412602bbea5ec231aa8c336c1f58ebdc684f839afca4cf

SHA512
eb33628979bab52aa5e16486a39037a0d40d675c0563ee1572d0590918844815bb513d4da8f1e38681a4e851b7d6a189c1b98027a92be7fa2cbfb510f40a0594

Download Submit
C:\Windows\System\LohWDeN.exe

Filesize
1.9MB

MD5
9a4ad2672386c87a7c5be0fdd5dddcde

SHA1
783007ccc7b79ed54f16107465a5710fede06519

SHA256
3c954163f0a63f680d97d08da1f4d8f9b1d8d42f8ceba6c0449f14ca6635a73c

SHA512
de5d9aa6952bc6210ad50b23ac64d2b4a391e1ee905af3c4819d790f2a956e0f54481904808785eefaf904a751e3b6398df27992ec900c09aa73aacc939d7646

Download Submit
C:\Windows\System\MtPNujs.exe

Filesize
1.9MB

MD5
b6b1778f54490915d8bcdb972e03fd71

SHA1
f61310a75798122103016f297c1cded96465fa1c

SHA256
61001c3e3d016060aeda1d873a0ee4fc1a4d851599cabb891ff4225b834fcc6d

SHA512
0142cac8614514ef9202626614d070653ca2fa19166df8a5deac03db62de84c85d6be8c2effda200c88cc8307a642258af6ab8dd543fc301ede738a292476665

Download Submit
C:\Windows\System\NVuRegJ.exe

Filesize
1.9MB

MD5
2224a03dd9b0c7a0f44dec9ffc6f4522

SHA1
40ca0b86b092414f2a3010e28935bcd849c7f662

SHA256
5fd17b1d2dd41bdeac34c8e2e7c502b442217173126e4d2c7db40e9d58f7d655

SHA512
6b148dcc195f6dc8f469013b1d559ac9dfebf49d3961057b5253b0f92329858f3c36ac60f9a012e3f8d39441c60e6978f013240d5b82a096b6ba66601688ad6f

Download Submit
C:\Windows\System\OIZkATP.exe

Filesize
1.9MB

MD5
1279002056515d83377b070f3ca24090

SHA1
7194901bf93cd1045d5e104636b44eb7c7d78e5b

SHA256
01653f83f175b91843ba8c181eb2c2f901f1ef713aaefa5c53efd5a26a9c99e4

SHA512
74fdf3533adda4b80c4453394d1a4b843238361739cd903ddc5f4339ca1db899005020f0ab19f5708e8975a2ecca7375a87ccb575e23058277815cfc47c78a48

Download Submit
C:\Windows\System\OLscbYM.exe

Filesize
1.9MB

MD5
93cf3acc417b7857a27f6829ebd2ac08

SHA1
c4634ad28ee50423f7df51c65014b7ac398e5a64

SHA256
4d0b3f5ee2bdcb709b2de480cac50afc1ec4392b3156c3c8644c63c8482219aa

SHA512
cf29c1769d0b189590dd8cd18e5da2a79356c07869702777f1553debe4125d34e4c6cb3bb803afc2fc7a89587b26bacab0ad72488a1ccc77ba973f2c254cc255

Download Submit
C:\Windows\System\OVGpLJM.exe

Filesize
1.9MB

MD5
fed6cb95623773f0c527cf361ec8c5ed

SHA1
e159cac65d08a8f16c1d118428a2e6fcb37b0649

SHA256
adfbe1d1737dc7acf0228ffac070fdc5345d2229206ec0e9b065824d11a2562f

SHA512
b53e8d290af25280ddce54584cda56a2603e5b05aded501ee62363c9a0869bca65d601caa115a43ff0a9be394da2f4e13abd3d89874fec5bb6bb8b89a135f05a

Download Submit
C:\Windows\System\Rnokmwd.exe

Filesize
1.9MB

MD5
788c79e20157c2a71d6cbea3e4df5bdf

SHA1
7c0e49cc9de09f592e6f9a3f8724368032e8090b

SHA256
5e7ca9dac6dd6cc27fbf918c0b16afb0fdad7f4f3405f655121d584b2228685f

SHA512
aa3594a9a4d816379bcb5094c87049d26ec3d910b95567d9a5e6030611fc48c41dc8614d69cfc7887314c6ce3ca0f150cfaed7af1cc3782d2d15f51523721974

Download Submit
C:\Windows\System\TQhOiOh.exe

Filesize
1.9MB

MD5
af3a760b20fcf4effe6d4428983faedb

SHA1
d913a2160fd2fc3d8274bbea67fee17aa9cb5a64

SHA256
47d1b2a9e1650856f651e7be0966bf9dc6393b833c06a760d1c1aa768a638405

SHA512
b776e99171c51e04a6515507534a730bf8736151cc3b721c4d0c3dcff90259fe41f0f7ce4cc84035a0e3083e01b6403775b5ffafd1d1f786117a19fffd4d4922

Download Submit
C:\Windows\System\TWqGasb.exe

Filesize
1.9MB

MD5
2c6dc2f2c4dd978ca9a4ef4604e3dfdf

SHA1
1f26bf918d81136b07c7e1bedecb524964e69dcf

SHA256
e3e7c1cab355139294796d10e41318bc94166ea07d2bc03cdefb60d37a4f43d2

SHA512
efb872bc499675e7d08124f54031937593d8d5aa75146fc4a9995ebcd2a2774e472d80d20ec241cb1570cf7c6a710363225b4bfe7973736eb69315dfbf622d36

Download Submit
C:\Windows\System\VuwPfpD.exe

Filesize
1.9MB

MD5
47cbd65c35ae269deaa9bd3975378c84

SHA1
3190b5b665d0dd3bcb68f2467bd4c19ee72383e4

SHA256
2447d656130e5f18e97d0412a660b14e7fb138ac0e2e3c8fd5a9a355b2f77fe7

SHA512
eaeaf16ec665cfe062ad83e2b00c57cf14bd27989d4fe61b79c7ea360995724a9617018579a17b951b48f441217ae144fb404662017422a2882b497b20f0c11b

Download Submit
C:\Windows\System\YiPXHnk.exe

Filesize
1.9MB

MD5
9f8b90a5507025b2e8611523a93de577

SHA1
ebadf2a99c5f24af1ebcab32d32582a7ab64308d

SHA256
a820f722e1a5c9cbc9b9174f9d3c0b228cbca65ebf3926180b5e94ea1ca3ca03

SHA512
0d7a7919033b35ee4b87aab2a1faffe88b1e1360b7f6714196523e509d99fd201dd9c1263ee4f1e522455aa14d44a3eb72780db95c3698bbec880fdbf0e9e603

Download Submit
C:\Windows\System\YsHFDXF.exe

Filesize
1.9MB

MD5
2d996fed6add642ac55c716871040005

SHA1
51c871142ae34b5aaca310b8fbb5ac3f05738df1

SHA256
7dfcd043ec5cbaa412ab862ac34aedec2c8cde54e34b15b364c4e12428c64450

SHA512
d17215439d67aa7c7b209e16863fc7e4ff79d55af60b5efabb079b641dabb29de2afb387fb3706a48e23acebab533186f6aa3ffd699ed00309c31b1afb20bb01

Download Submit
C:\Windows\System\ZdeZzzP.exe

Filesize
1.9MB

MD5
6449ea38b6da89f18ec2162ff41b0fba

SHA1
27c2476ead9816a04fe7213466fbbb79bb05b766

SHA256
b34ff9898f0b6a346911fbab7524cdaf44ab66ce9a06d7c927ccd503b4aa9cdc

SHA512
1bfaf1a0e72f49156d8f460c185e3432eb6e4032d8b2cbfc90982434060de7893113a64ba476bf5498e6afe25c0fe21ee6fedcba1b851663eaaf52c9a5cb4b23

Download Submit
C:\Windows\System\aVUvxXv.exe

Filesize
1.9MB

MD5
155bbe1b0dd0eb3ea7e30225563fba25

SHA1
ca1633496d0b12c95d24bdefe572a7c9aea5a1f6

SHA256
a87a4a7015e0660b629b6c9ef02c2cff558494de7c98325de8039fc4513363f7

SHA512
2b8b2bebd3afd748dc9a159f9789f4eb379a9c627889be71389117590fbd5078d69f0f287353baed1da69e10d6d5d35a099fe57bb37196e61f68b1437bc588e8

Download Submit
C:\Windows\System\agtjTgY.exe

Filesize
1.9MB

MD5
13d93c5d22a7774004ff551444808d4e

SHA1
63e78d4766474bd29931757b91451e06dec6ab47

SHA256
e748674253f0063241b1377c3e81c6bcd3511cd55d73f53552c2d659d7924447

SHA512
f987306af89a4ea0a12bb32520bc6751a826b6361fb0bc1fe5877f0a80a77ced4763b2f251ec6ee5b2b1057de37ff33a8e85f3adfcab0ad5dc669ea3189c7747

Download Submit
C:\Windows\System\fAuBCzT.exe

Filesize
1.9MB

MD5
6ab63c22368f79c90bea4fc82e5a4ff6

SHA1
c9e8bf1bba20293116c5760bf9a9a8879608d46c

SHA256
a4223420e9e31d0392c2dc07164b4441640f3d89f7ccea2ccdce28662a34d8e8

SHA512
fd2ade897731c7084a8db11e5d3a183a5cc31b218c840e7bf5cb05a7f894bf47f2e3d3dc665df13812b14777c8e80756709ff9c3bd8ba18090fe833c2fb9ec0d

Download Submit
C:\Windows\System\kYUgtee.exe

Filesize
1.9MB

MD5
36264c5fea581d74b1d782bc36d79008

SHA1
d323fa663f9da2589877e16da6436176b005da6a

SHA256
da963373047389926bae9eaea20366f2ed21784605e2756ad686537d745eb074

SHA512
d377b169ab6a751130a72814355458de58e77f9371b45c8ab0fce49498d5f4638c5f0be19b186cfe20c2483f83953035fe83ff7e7dbecc18abce84c254ac3bc3

Download Submit
C:\Windows\System\kakSCks.exe

Filesize
1.9MB

MD5
ebe07ed585790f235452b157df09f2af

SHA1
ac1237c88ebbb2e2fda6dc814f80b4a7db4ff1c8

SHA256
1fd3591148849942b8dac7ee540448268c3842220940ea01ee4a0cecd8ab8e5f

SHA512
72e702c9bb73e30743a9772a6711e7135a0972d22700a11d7f5cc2b495bda225026d76c9f017eceac383c8f933a7ed491f01b74c31a9c8c5f6a8b32eaf0b3b2f

Download Submit
C:\Windows\System\kfPXOwK.exe

Filesize
1.9MB

MD5
eb81e26bc39cbd46303078f67662eddf

SHA1
1a1fd4e37e1c78f0e1b0014ccd43544fe0c2f0ce

SHA256
26d5365cb137fc8037143273b95a245652314c117e0cc205cfece7d5d65f156c

SHA512
cc3b2312c6b940122f35bf18f40b3804c96b6f889b9208ff47f49c1c61a28492258064bbc8181f6be21e5ec5bdf9f2cf20dafc1a49c2758f187b92615246ab60

Download Submit
C:\Windows\System\nxuggaW.exe

Filesize
1.9MB

MD5
00bcf1bc04fc73f57c5106f2cbbdac82

SHA1
c67ab563ac0692d4dd955a7f0d1635d01a453c77

SHA256
ffd194e5cf968ce3082cbe2e144bc242f125047c9b33a6cc4677e9348b3d6ba2

SHA512
12c35b827922c9330dcba814a47ec53b34d3fbd88eb0bf64ce27a469df603a396720bb4c251c18e54d019e224b10d51cdcf9f98bfa3ac9ae16ede7f90af93a78

Download Submit
C:\Windows\System\oRrMUxc.exe

Filesize
1.9MB

MD5
3e6ee61e8455d7467f686c9880e852e7

SHA1
c47e4d1f5245e5688d11e5b229ac14a89ce548c7

SHA256
de6a7814692df0e429e79338ab0cec5ada2ba58e96571e9ea44c0b5f3c6db37b

SHA512
6d8661c0499b40e0ab17695d336377d9755eec56cec82d72dcd863e2995091acff562929dfb93fbed80cfeb8a85de12b4962679823b5c1db198c4a74a27f5885

Download Submit
C:\Windows\System\phNrgLu.exe

Filesize
1.9MB

MD5
fe22be8e00d14895b1711af4f120d681

SHA1
81cce64462296150dd8878d6b38d58b44b279c7e

SHA256
f03c0bd76f86966c106658b136f34e6adf9ab598585587cfaa8a798853ee719e

SHA512
e18daa252b167bbd9e4048f6b87c3a1f2a483fda1dca3b112127b3f1880171869b3d83ae9f275129d00354c682865a51bc4840a92342177e2585f82a0ce85bc5

Download Submit
C:\Windows\System\poqHypw.exe

Filesize
1.9MB

MD5
640dfb1ba764867daa8548a153241951

SHA1
25051bd3728635b546b58cd85e5904548ef8b202

SHA256
44fd3cbf250a588161e19048eea101d4e8f34bc50ff85768e06504c61768db76

SHA512
85782ba142eda77de33682ed7356339baf429159694c8912291d9c72415c863c330ff562ff889a6a78c31bd21d23fc6c5561c8d9cd036d8e7dbac992db3452c6

Download Submit
C:\Windows\System\sFfWaTK.exe

Filesize
1.9MB

MD5
cb44f8093e4da34067a6fd354feb5903

SHA1
2aa647d5d28301022d0ed02798c632c953df3c9f

SHA256
f68a1eef04bb73241a3eefcfaeb16b0045d67e3b0e58c29b05d592746e946f7d

SHA512
717dcfdfc230d8cbe0216e351d80031509dd7b68beba0bf1dfcecf992f9e5b9cc23f7504d4b531653f850702fb6bd160f603b6456a162744eed0be87c44610d8

Download Submit
C:\Windows\System\zfDGiyZ.exe

Filesize
1.9MB

MD5
9811323c3364192439788bdf5c171cb9

SHA1
6b902be33e2bf4c0971d5a1367df2feb820e1720

SHA256
8a2404d54d3e3e75d3630988f138c43a49068b468ead2412686106e38943515b

SHA512
e5a660bb8b8aabed15b7a9a9395d597815d9b00fb9e37fc7d299f572f0155b19c0aeb02bb20501f7702ab4e115c840c123b003ebbec9c18303d2d8133ed9f3d4

Download Submit
memory/220-2108-0x00007FF625B90000-0x00007FF625EE4000-memory.dmp

Filesize
3.3MB

Download
memory/220-14-0x00007FF625B90000-0x00007FF625EE4000-memory.dmp

Filesize
3.3MB

Download
memory/220-2101-0x00007FF625B90000-0x00007FF625EE4000-memory.dmp

Filesize
3.3MB

Download
memory/540-848-0x00007FF73B390000-0x00007FF73B6E4000-memory.dmp

Filesize
3.3MB

Download
memory/540-2123-0x00007FF73B390000-0x00007FF73B6E4000-memory.dmp

Filesize
3.3MB

Download
memory/760-862-0x00007FF6D94F0000-0x00007FF6D9844000-memory.dmp

Filesize
3.3MB

Download
memory/760-2125-0x00007FF6D94F0000-0x00007FF6D9844000-memory.dmp

Filesize
3.3MB

Download
memory/1032-2114-0x00007FF6306D0000-0x00007FF630A24000-memory.dmp

Filesize
3.3MB

Download
memory/1032-793-0x00007FF6306D0000-0x00007FF630A24000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2121-0x00007FF7674E0000-0x00007FF767834000-memory.dmp

Filesize
3.3MB

Download
memory/1356-828-0x00007FF7674E0000-0x00007FF767834000-memory.dmp

Filesize
3.3MB

Download
memory/1364-2127-0x00007FF690E80000-0x00007FF6911D4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-882-0x00007FF690E80000-0x00007FF6911D4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2112-0x00007FF6742C0000-0x00007FF674614000-memory.dmp

Filesize
3.3MB

Download
memory/1460-795-0x00007FF6742C0000-0x00007FF674614000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2117-0x00007FF6BFA60000-0x00007FF6BFDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-796-0x00007FF6BFA60000-0x00007FF6BFDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-817-0x00007FF70ABF0000-0x00007FF70AF44000-memory.dmp

Filesize
3.3MB

Download
memory/2060-2118-0x00007FF70ABF0000-0x00007FF70AF44000-memory.dmp

Filesize
3.3MB

Download
memory/2552-875-0x00007FF7C6ED0000-0x00007FF7C7224000-memory.dmp

Filesize
3.3MB

Download
memory/2552-2133-0x00007FF7C6ED0000-0x00007FF7C7224000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2107-0x00007FF7658B0000-0x00007FF765C04000-memory.dmp

Filesize
3.3MB

Download
memory/2756-29-0x00007FF7658B0000-0x00007FF765C04000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2102-0x00007FF7658B0000-0x00007FF765C04000-memory.dmp

Filesize
3.3MB

Download
memory/2872-797-0x00007FF72DCE0000-0x00007FF72E034000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2119-0x00007FF72DCE0000-0x00007FF72E034000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2126-0x00007FF74A0E0000-0x00007FF74A434000-memory.dmp

Filesize
3.3MB

Download
memory/3064-888-0x00007FF74A0E0000-0x00007FF74A434000-memory.dmp

Filesize
3.3MB

Download
memory/3068-810-0x00007FF74DCB0000-0x00007FF74E004000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2115-0x00007FF74DCB0000-0x00007FF74E004000-memory.dmp

Filesize
3.3MB

Download
memory/3092-2124-0x00007FF6D5840000-0x00007FF6D5B94000-memory.dmp

Filesize
3.3MB

Download
memory/3092-842-0x00007FF6D5840000-0x00007FF6D5B94000-memory.dmp

Filesize
3.3MB

Download
memory/3104-32-0x00007FF789AB0000-0x00007FF789E04000-memory.dmp

Filesize
3.3MB

Download
memory/3104-2106-0x00007FF789AB0000-0x00007FF789E04000-memory.dmp

Filesize
3.3MB

Download
memory/3400-0-0x00007FF61F050000-0x00007FF61F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/3400-1-0x0000023152350000-0x0000023152360000-memory.dmp

Filesize
64KB

Download
memory/3588-867-0x00007FF7B0E00000-0x00007FF7B1154000-memory.dmp

Filesize
3.3MB

Download
memory/3588-2132-0x00007FF7B0E00000-0x00007FF7B1154000-memory.dmp

Filesize
3.3MB

Download
memory/3616-877-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3616-2129-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3664-2111-0x00007FF7A0880000-0x00007FF7A0BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3664-792-0x00007FF7A0880000-0x00007FF7A0BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2104-0x00007FF710EE0000-0x00007FF711234000-memory.dmp

Filesize
3.3MB

Download
memory/3964-36-0x00007FF710EE0000-0x00007FF711234000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2109-0x00007FF710EE0000-0x00007FF711234000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2120-0x00007FF7DA2C0000-0x00007FF7DA614000-memory.dmp

Filesize
3.3MB

Download
memory/4072-822-0x00007FF7DA2C0000-0x00007FF7DA614000-memory.dmp

Filesize
3.3MB

Download
memory/4076-6-0x00007FF7A48E0000-0x00007FF7A4C34000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2105-0x00007FF7A48E0000-0x00007FF7A4C34000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2099-0x00007FF7A48E0000-0x00007FF7A4C34000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2116-0x00007FF653E90000-0x00007FF6541E4000-memory.dmp

Filesize
3.3MB

Download
memory/4268-805-0x00007FF653E90000-0x00007FF6541E4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2122-0x00007FF7D21A0000-0x00007FF7D24F4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-832-0x00007FF7D21A0000-0x00007FF7D24F4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-33-0x00007FF6BD0E0000-0x00007FF6BD434000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2113-0x00007FF6BD0E0000-0x00007FF6BD434000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2103-0x00007FF6BD0E0000-0x00007FF6BD434000-memory.dmp

Filesize
3.3MB

Download
memory/4916-794-0x00007FF7ECFA0000-0x00007FF7ED2F4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2110-0x00007FF7ECFA0000-0x00007FF7ED2F4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-2131-0x00007FF63F400000-0x00007FF63F754000-memory.dmp

Filesize
3.3MB

Download
memory/5032-854-0x00007FF63F400000-0x00007FF63F754000-memory.dmp

Filesize
3.3MB

Download
memory/5064-2128-0x00007FF7D4670000-0x00007FF7D49C4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-887-0x00007FF7D4670000-0x00007FF7D49C4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-2130-0x00007FF72EEC0000-0x00007FF72F214000-memory.dmp

Filesize
3.3MB

Download
memory/5076-858-0x00007FF72EEC0000-0x00007FF72F214000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads