xmrig | 64a108c95c785e348f13659b6e2898898b7423a6aab00ba25e9923d8df87aeae

Analysis

max time kernel
119s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
Size

1.2MB
MD5

4d8c73cc9ca1fa2d9dfae1094aa6fa50
SHA1

49fdc52e824c62ea1d5dd42f75cf6b97734481b6
SHA256

64a108c95c785e348f13659b6e2898898b7423a6aab00ba25e9923d8df87aeae
SHA512

de165f29a2c60c94fed0d733a281633122671b22fe081ea380c2af1e32246341e16b23319ac7f633b5565cfb77b1ad6ae66b87397ca9a5b97d6f7ceaa0aef78f
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727f8UhNnwSz7TD0SqKpTIr2ejZvU67NnX1vQS:ROdWCCi7/rahUUvlhqLr2+W4f

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/956-438-0x00007FF6411E0000-0x00007FF641531000-memory.dmp	xmrig
behavioral2/memory/5092-439-0x00007FF640890000-0x00007FF640BE1000-memory.dmp	xmrig
behavioral2/memory/732-440-0x00007FF65D570000-0x00007FF65D8C1000-memory.dmp	xmrig
behavioral2/memory/4552-441-0x00007FF783570000-0x00007FF7838C1000-memory.dmp	xmrig
behavioral2/memory/3364-449-0x00007FF7E55E0000-0x00007FF7E5931000-memory.dmp	xmrig
behavioral2/memory/2504-446-0x00007FF65E800000-0x00007FF65EB51000-memory.dmp	xmrig
behavioral2/memory/5072-453-0x00007FF7639B0000-0x00007FF763D01000-memory.dmp	xmrig
behavioral2/memory/4048-467-0x00007FF7333D0000-0x00007FF733721000-memory.dmp	xmrig
behavioral2/memory/1536-459-0x00007FF6FC330000-0x00007FF6FC681000-memory.dmp	xmrig
behavioral2/memory/1344-478-0x00007FF76C220000-0x00007FF76C571000-memory.dmp	xmrig
behavioral2/memory/1956-476-0x00007FF7DD270000-0x00007FF7DD5C1000-memory.dmp	xmrig
behavioral2/memory/4776-484-0x00007FF716D70000-0x00007FF7170C1000-memory.dmp	xmrig
behavioral2/memory/1384-493-0x00007FF735590000-0x00007FF7358E1000-memory.dmp	xmrig
behavioral2/memory/2524-504-0x00007FF6F9E20000-0x00007FF6FA171000-memory.dmp	xmrig
behavioral2/memory/440-513-0x00007FF68D430000-0x00007FF68D781000-memory.dmp	xmrig
behavioral2/memory/1552-523-0x00007FF7FC7A0000-0x00007FF7FCAF1000-memory.dmp	xmrig
behavioral2/memory/1784-545-0x00007FF6AD1A0000-0x00007FF6AD4F1000-memory.dmp	xmrig
behavioral2/memory/4468-548-0x00007FF6FBCC0000-0x00007FF6FC011000-memory.dmp	xmrig
behavioral2/memory/1496-543-0x00007FF7E22D0000-0x00007FF7E2621000-memory.dmp	xmrig
behavioral2/memory/2492-539-0x00007FF66B4C0000-0x00007FF66B811000-memory.dmp	xmrig
behavioral2/memory/2968-536-0x00007FF739CC0000-0x00007FF73A011000-memory.dmp	xmrig
behavioral2/memory/2900-531-0x00007FF65F240000-0x00007FF65F591000-memory.dmp	xmrig
behavioral2/memory/4460-518-0x00007FF6B5830000-0x00007FF6B5B81000-memory.dmp	xmrig
behavioral2/memory/2960-490-0x00007FF6C5800000-0x00007FF6C5B51000-memory.dmp	xmrig
behavioral2/memory/4408-2186-0x00007FF7D11D0000-0x00007FF7D1521000-memory.dmp	xmrig
behavioral2/memory/952-2187-0x00007FF7166A0000-0x00007FF7169F1000-memory.dmp	xmrig
behavioral2/memory/3120-2220-0x00007FF7B8760000-0x00007FF7B8AB1000-memory.dmp	xmrig
behavioral2/memory/396-2221-0x00007FF62E1D0000-0x00007FF62E521000-memory.dmp	xmrig
behavioral2/memory/5032-2224-0x00007FF6A9150000-0x00007FF6A94A1000-memory.dmp	xmrig
behavioral2/memory/4408-2228-0x00007FF7D11D0000-0x00007FF7D1521000-memory.dmp	xmrig
behavioral2/memory/3120-2230-0x00007FF7B8760000-0x00007FF7B8AB1000-memory.dmp	xmrig
behavioral2/memory/396-2232-0x00007FF62E1D0000-0x00007FF62E521000-memory.dmp	xmrig
behavioral2/memory/952-2234-0x00007FF7166A0000-0x00007FF7169F1000-memory.dmp	xmrig
behavioral2/memory/3364-2246-0x00007FF7E55E0000-0x00007FF7E5931000-memory.dmp	xmrig
behavioral2/memory/4552-2244-0x00007FF783570000-0x00007FF7838C1000-memory.dmp	xmrig
behavioral2/memory/1536-2250-0x00007FF6FC330000-0x00007FF6FC681000-memory.dmp	xmrig
behavioral2/memory/1956-2252-0x00007FF7DD270000-0x00007FF7DD5C1000-memory.dmp	xmrig
behavioral2/memory/440-2268-0x00007FF68D430000-0x00007FF68D781000-memory.dmp	xmrig
behavioral2/memory/4460-2266-0x00007FF6B5830000-0x00007FF6B5B81000-memory.dmp	xmrig
behavioral2/memory/2960-2264-0x00007FF6C5800000-0x00007FF6C5B51000-memory.dmp	xmrig
behavioral2/memory/1344-2262-0x00007FF76C220000-0x00007FF76C571000-memory.dmp	xmrig
behavioral2/memory/1384-2260-0x00007FF735590000-0x00007FF7358E1000-memory.dmp	xmrig
behavioral2/memory/2524-2258-0x00007FF6F9E20000-0x00007FF6FA171000-memory.dmp	xmrig
behavioral2/memory/4776-2256-0x00007FF716D70000-0x00007FF7170C1000-memory.dmp	xmrig
behavioral2/memory/4048-2254-0x00007FF7333D0000-0x00007FF733721000-memory.dmp	xmrig
behavioral2/memory/732-2242-0x00007FF65D570000-0x00007FF65D8C1000-memory.dmp	xmrig
behavioral2/memory/5072-2240-0x00007FF7639B0000-0x00007FF763D01000-memory.dmp	xmrig
behavioral2/memory/2504-2238-0x00007FF65E800000-0x00007FF65EB51000-memory.dmp	xmrig
behavioral2/memory/5092-2248-0x00007FF640890000-0x00007FF640BE1000-memory.dmp	xmrig
behavioral2/memory/956-2236-0x00007FF6411E0000-0x00007FF641531000-memory.dmp	xmrig
behavioral2/memory/4468-2314-0x00007FF6FBCC0000-0x00007FF6FC011000-memory.dmp	xmrig
behavioral2/memory/1496-2289-0x00007FF7E22D0000-0x00007FF7E2621000-memory.dmp	xmrig
behavioral2/memory/1784-2286-0x00007FF6AD1A0000-0x00007FF6AD4F1000-memory.dmp	xmrig
behavioral2/memory/1552-2276-0x00007FF7FC7A0000-0x00007FF7FCAF1000-memory.dmp	xmrig
behavioral2/memory/2900-2274-0x00007FF65F240000-0x00007FF65F591000-memory.dmp	xmrig
behavioral2/memory/2492-2272-0x00007FF66B4C0000-0x00007FF66B811000-memory.dmp	xmrig
behavioral2/memory/2968-2270-0x00007FF739CC0000-0x00007FF73A011000-memory.dmp	xmrig
behavioral2/memory/5032-2408-0x00007FF6A9150000-0x00007FF6A94A1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4408	SebQuqJ.exe
3120	uYfGhHW.exe
952	FVMsmqC.exe
396	oYsXIXw.exe
5032	OpHpkuV.exe
956	suPzCaZ.exe
5092	wJCleyP.exe
732	pLSMSgZ.exe
4552	smOVuKX.exe
2504	WvUyizx.exe
3364	FRQZZFp.exe
5072	zCptTXd.exe
1536	KJzzipR.exe
4048	Albhouu.exe
1956	JGwPmPg.exe
1344	xpzzIzm.exe
4776	zapdYit.exe
2960	yOrjTKb.exe
1384	ueUJDlc.exe
2524	UpwsuuI.exe
440	CvxDFRw.exe
4460	CRpOcOt.exe
1552	hJHDamh.exe
2900	fwVZnSJ.exe
2968	jeUTRet.exe
2492	icxfSrQ.exe
1496	dDpZGFb.exe
1784	XlNONzS.exe
4468	WSYNrpd.exe
3224	oWbANQI.exe
4632	khvmSJP.exe
3984	GzYzBRS.exe
2748	ctuYFbO.exe
3056	JgArKuV.exe
3832	XrLdotq.exe
3256	UjboipD.exe
1940	MJyWdQg.exe
372	ACBkbWu.exe
2016	yCTCXYf.exe
2948	AOgKkEX.exe
760	tNKTTjO.exe
1268	WyPOgtL.exe
1564	jPZbkmR.exe
2420	sQXThoL.exe
2520	mNidWkW.exe
4496	jmKhSDg.exe
4348	YFNEfaA.exe
1548	FghHTiV.exe
1824	ldnBMXW.exe
4516	iGcJuah.exe
4576	ZyfVpGI.exe
3272	RwdGGxj.exe
1416	lhPXsVl.exe
2080	OdvKLqK.exe
3192	wtVKyGt.exe
4788	OozKIbh.exe
4724	eNjdpTG.exe
744	OoCGxCr.exe
4476	vyYcXuV.exe
772	bPzsqMe.exe
1152	sTCVeuc.exe
4144	nBvyKoO.exe
1484	fAELwdv.exe
4748	jotLnOH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1720-0-0x00007FF780C70000-0x00007FF780FC1000-memory.dmp	upx
behavioral2/files/0x000b000000023b97-5.dat	upx
behavioral2/files/0x000a000000023b9c-8.dat	upx
behavioral2/files/0x000a000000023b9b-13.dat	upx
behavioral2/files/0x000a000000023b9d-23.dat	upx
behavioral2/files/0x000a000000023b9e-27.dat	upx
behavioral2/files/0x000a000000023ba0-39.dat	upx
behavioral2/files/0x000a000000023ba2-49.dat	upx
behavioral2/files/0x000a000000023ba3-60.dat	upx
behavioral2/files/0x000a000000023baa-87.dat	upx
behavioral2/files/0x000a000000023bac-97.dat	upx
behavioral2/files/0x000a000000023bb2-127.dat	upx
behavioral2/files/0x000a000000023bba-167.dat	upx
behavioral2/files/0x0031000000023bb8-165.dat	upx
behavioral2/files/0x000a000000023bb9-162.dat	upx
behavioral2/files/0x0031000000023bb7-160.dat	upx
behavioral2/files/0x0031000000023bb6-155.dat	upx
behavioral2/files/0x000a000000023bb5-150.dat	upx
behavioral2/files/0x000a000000023bb4-145.dat	upx
behavioral2/files/0x000a000000023bb3-140.dat	upx
behavioral2/files/0x000a000000023bb1-130.dat	upx
behavioral2/files/0x000a000000023bb0-125.dat	upx
behavioral2/files/0x000a000000023baf-120.dat	upx
behavioral2/files/0x000a000000023bae-115.dat	upx
behavioral2/files/0x000a000000023bad-110.dat	upx
behavioral2/files/0x000a000000023bab-100.dat	upx
behavioral2/files/0x000a000000023ba9-90.dat	upx
behavioral2/files/0x000a000000023ba8-85.dat	upx
behavioral2/files/0x000a000000023ba7-80.dat	upx
behavioral2/files/0x000a000000023ba6-75.dat	upx
behavioral2/files/0x000a000000023ba5-70.dat	upx
behavioral2/files/0x000a000000023ba4-65.dat	upx
behavioral2/files/0x000a000000023ba1-47.dat	upx
behavioral2/files/0x000a000000023b9f-35.dat	upx
behavioral2/memory/5032-33-0x00007FF6A9150000-0x00007FF6A94A1000-memory.dmp	upx
behavioral2/memory/396-25-0x00007FF62E1D0000-0x00007FF62E521000-memory.dmp	upx
behavioral2/memory/952-20-0x00007FF7166A0000-0x00007FF7169F1000-memory.dmp	upx
behavioral2/memory/3120-18-0x00007FF7B8760000-0x00007FF7B8AB1000-memory.dmp	upx
behavioral2/memory/4408-9-0x00007FF7D11D0000-0x00007FF7D1521000-memory.dmp	upx
behavioral2/memory/956-438-0x00007FF6411E0000-0x00007FF641531000-memory.dmp	upx
behavioral2/memory/5092-439-0x00007FF640890000-0x00007FF640BE1000-memory.dmp	upx
behavioral2/memory/732-440-0x00007FF65D570000-0x00007FF65D8C1000-memory.dmp	upx
behavioral2/memory/4552-441-0x00007FF783570000-0x00007FF7838C1000-memory.dmp	upx
behavioral2/memory/3364-449-0x00007FF7E55E0000-0x00007FF7E5931000-memory.dmp	upx
behavioral2/memory/2504-446-0x00007FF65E800000-0x00007FF65EB51000-memory.dmp	upx
behavioral2/memory/5072-453-0x00007FF7639B0000-0x00007FF763D01000-memory.dmp	upx
behavioral2/memory/4048-467-0x00007FF7333D0000-0x00007FF733721000-memory.dmp	upx
behavioral2/memory/1536-459-0x00007FF6FC330000-0x00007FF6FC681000-memory.dmp	upx
behavioral2/memory/1344-478-0x00007FF76C220000-0x00007FF76C571000-memory.dmp	upx
behavioral2/memory/1956-476-0x00007FF7DD270000-0x00007FF7DD5C1000-memory.dmp	upx
behavioral2/memory/4776-484-0x00007FF716D70000-0x00007FF7170C1000-memory.dmp	upx
behavioral2/memory/1384-493-0x00007FF735590000-0x00007FF7358E1000-memory.dmp	upx
behavioral2/memory/2524-504-0x00007FF6F9E20000-0x00007FF6FA171000-memory.dmp	upx
behavioral2/memory/440-513-0x00007FF68D430000-0x00007FF68D781000-memory.dmp	upx
behavioral2/memory/1552-523-0x00007FF7FC7A0000-0x00007FF7FCAF1000-memory.dmp	upx
behavioral2/memory/1784-545-0x00007FF6AD1A0000-0x00007FF6AD4F1000-memory.dmp	upx
behavioral2/memory/4468-548-0x00007FF6FBCC0000-0x00007FF6FC011000-memory.dmp	upx
behavioral2/memory/1496-543-0x00007FF7E22D0000-0x00007FF7E2621000-memory.dmp	upx
behavioral2/memory/2492-539-0x00007FF66B4C0000-0x00007FF66B811000-memory.dmp	upx
behavioral2/memory/2968-536-0x00007FF739CC0000-0x00007FF73A011000-memory.dmp	upx
behavioral2/memory/2900-531-0x00007FF65F240000-0x00007FF65F591000-memory.dmp	upx
behavioral2/memory/4460-518-0x00007FF6B5830000-0x00007FF6B5B81000-memory.dmp	upx
behavioral2/memory/2960-490-0x00007FF6C5800000-0x00007FF6C5B51000-memory.dmp	upx
behavioral2/memory/4408-2186-0x00007FF7D11D0000-0x00007FF7D1521000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rnbMsNv.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\DrdeAOt.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\fZioLFT.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\noFtIji.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\shwXXrl.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\xvRYyOS.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\zKQNInK.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\DBaCBdT.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\pcAhcuY.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\CrRCINS.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\JGwPmPg.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\CvxDFRw.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\aGYQcEB.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\vFiTlxA.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\kLTJbpS.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\caJjxof.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\QyaNjSR.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\gBTrfcW.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\SRqAjaJ.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\AxDCtsK.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\oYsXIXw.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\yOrjTKb.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\HfpYevU.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\FDFxvxl.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\OiEdtNc.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\oLBAMIk.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\OoCGxCr.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\ZrnLOXF.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\dSjpEMH.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\GzMrGtr.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\nazDVyY.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\mecAGct.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\rNcbIFX.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\PitrQQY.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\siTNxzP.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\AchhTPZ.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\jnDtWUl.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\orJxeKl.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\DCWQDRQ.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\mScjNcZ.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\ijaSmCJ.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\UjboipD.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\KxEFfDF.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\JvDQRJq.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\MauEqDc.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\EOwowBW.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\QNZiORa.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\XfGJLrW.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\COYbiHp.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\tInKLit.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\YLpjgBF.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\pwbosbk.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\IfUQNRC.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\aoJnTwr.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\AdRFhdl.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\wIEHDCI.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\ZjaYyXm.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\FqINuDJ.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\uejmHHP.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\sQXThoL.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\logwSBb.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\HfMilOg.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\wpdywVv.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
File created	C:\Windows\System\bmiTLkc.exe	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13376	dwm.exe
Token: SeChangeNotifyPrivilege	13376	dwm.exe
Token: 33	13376	dwm.exe
Token: SeIncBasePriorityPrivilege	13376	dwm.exe
Token: SeShutdownPrivilege	13376	dwm.exe
Token: SeCreatePagefilePrivilege	13376	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 4408	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	85
PID 1720 wrote to memory of 4408	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	85
PID 1720 wrote to memory of 3120	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	86
PID 1720 wrote to memory of 3120	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	86
PID 1720 wrote to memory of 952	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	87
PID 1720 wrote to memory of 952	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	87
PID 1720 wrote to memory of 396	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	88
PID 1720 wrote to memory of 396	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	88
PID 1720 wrote to memory of 5032	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	89
PID 1720 wrote to memory of 5032	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	89
PID 1720 wrote to memory of 956	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	90
PID 1720 wrote to memory of 956	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	90
PID 1720 wrote to memory of 5092	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	91
PID 1720 wrote to memory of 5092	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	91
PID 1720 wrote to memory of 732	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	92
PID 1720 wrote to memory of 732	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	92
PID 1720 wrote to memory of 4552	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	93
PID 1720 wrote to memory of 4552	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	93
PID 1720 wrote to memory of 2504	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	94
PID 1720 wrote to memory of 2504	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	94
PID 1720 wrote to memory of 3364	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	95
PID 1720 wrote to memory of 3364	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	95
PID 1720 wrote to memory of 5072	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	96
PID 1720 wrote to memory of 5072	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	96
PID 1720 wrote to memory of 1536	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	97
PID 1720 wrote to memory of 1536	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	97
PID 1720 wrote to memory of 4048	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	98
PID 1720 wrote to memory of 4048	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	98
PID 1720 wrote to memory of 1956	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	99
PID 1720 wrote to memory of 1956	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	99
PID 1720 wrote to memory of 1344	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	100
PID 1720 wrote to memory of 1344	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	100
PID 1720 wrote to memory of 4776	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	101
PID 1720 wrote to memory of 4776	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	101
PID 1720 wrote to memory of 2960	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	102
PID 1720 wrote to memory of 2960	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	102
PID 1720 wrote to memory of 1384	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	103
PID 1720 wrote to memory of 1384	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	103
PID 1720 wrote to memory of 2524	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	104
PID 1720 wrote to memory of 2524	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	104
PID 1720 wrote to memory of 440	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	105
PID 1720 wrote to memory of 440	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	105
PID 1720 wrote to memory of 4460	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	106
PID 1720 wrote to memory of 4460	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	106
PID 1720 wrote to memory of 1552	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	107
PID 1720 wrote to memory of 1552	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	107
PID 1720 wrote to memory of 2900	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	108
PID 1720 wrote to memory of 2900	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	108
PID 1720 wrote to memory of 2968	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	109
PID 1720 wrote to memory of 2968	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	109
PID 1720 wrote to memory of 2492	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	110
PID 1720 wrote to memory of 2492	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	110
PID 1720 wrote to memory of 1496	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	111
PID 1720 wrote to memory of 1496	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	111
PID 1720 wrote to memory of 1784	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	112
PID 1720 wrote to memory of 1784	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	112
PID 1720 wrote to memory of 4468	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	113
PID 1720 wrote to memory of 4468	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	113
PID 1720 wrote to memory of 3224	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	114
PID 1720 wrote to memory of 3224	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	114
PID 1720 wrote to memory of 4632	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	115
PID 1720 wrote to memory of 4632	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	115
PID 1720 wrote to memory of 3984	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	116
PID 1720 wrote to memory of 3984	1720	4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe	116

C:\Users\Admin\AppData\Local\Temp\4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\4d8c73cc9ca1fa2d9dfae1094aa6fa50_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\System\SebQuqJ.exe
  C:\Windows\System\SebQuqJ.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\uYfGhHW.exe
  C:\Windows\System\uYfGhHW.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\FVMsmqC.exe
  C:\Windows\System\FVMsmqC.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\oYsXIXw.exe
  C:\Windows\System\oYsXIXw.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\OpHpkuV.exe
  C:\Windows\System\OpHpkuV.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\suPzCaZ.exe
  C:\Windows\System\suPzCaZ.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\wJCleyP.exe
  C:\Windows\System\wJCleyP.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\pLSMSgZ.exe
  C:\Windows\System\pLSMSgZ.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\smOVuKX.exe
  C:\Windows\System\smOVuKX.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\WvUyizx.exe
  C:\Windows\System\WvUyizx.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\FRQZZFp.exe
  C:\Windows\System\FRQZZFp.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\zCptTXd.exe
  C:\Windows\System\zCptTXd.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\KJzzipR.exe
  C:\Windows\System\KJzzipR.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\Albhouu.exe
  C:\Windows\System\Albhouu.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\JGwPmPg.exe
  C:\Windows\System\JGwPmPg.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\xpzzIzm.exe
  C:\Windows\System\xpzzIzm.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\zapdYit.exe
  C:\Windows\System\zapdYit.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\yOrjTKb.exe
  C:\Windows\System\yOrjTKb.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\ueUJDlc.exe
  C:\Windows\System\ueUJDlc.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\UpwsuuI.exe
  C:\Windows\System\UpwsuuI.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\CvxDFRw.exe
  C:\Windows\System\CvxDFRw.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\CRpOcOt.exe
  C:\Windows\System\CRpOcOt.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\hJHDamh.exe
  C:\Windows\System\hJHDamh.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\fwVZnSJ.exe
  C:\Windows\System\fwVZnSJ.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\jeUTRet.exe
  C:\Windows\System\jeUTRet.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\icxfSrQ.exe
  C:\Windows\System\icxfSrQ.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\dDpZGFb.exe
  C:\Windows\System\dDpZGFb.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\XlNONzS.exe
  C:\Windows\System\XlNONzS.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\WSYNrpd.exe
  C:\Windows\System\WSYNrpd.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\oWbANQI.exe
  C:\Windows\System\oWbANQI.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\khvmSJP.exe
  C:\Windows\System\khvmSJP.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\GzYzBRS.exe
  C:\Windows\System\GzYzBRS.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\ctuYFbO.exe
  C:\Windows\System\ctuYFbO.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\JgArKuV.exe
  C:\Windows\System\JgArKuV.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\XrLdotq.exe
  C:\Windows\System\XrLdotq.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\UjboipD.exe
  C:\Windows\System\UjboipD.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\MJyWdQg.exe
  C:\Windows\System\MJyWdQg.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\ACBkbWu.exe
  C:\Windows\System\ACBkbWu.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\yCTCXYf.exe
  C:\Windows\System\yCTCXYf.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\AOgKkEX.exe
  C:\Windows\System\AOgKkEX.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\tNKTTjO.exe
  C:\Windows\System\tNKTTjO.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\WyPOgtL.exe
  C:\Windows\System\WyPOgtL.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\jPZbkmR.exe
  C:\Windows\System\jPZbkmR.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\sQXThoL.exe
  C:\Windows\System\sQXThoL.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\mNidWkW.exe
  C:\Windows\System\mNidWkW.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\jmKhSDg.exe
  C:\Windows\System\jmKhSDg.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\YFNEfaA.exe
  C:\Windows\System\YFNEfaA.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\FghHTiV.exe
  C:\Windows\System\FghHTiV.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ldnBMXW.exe
  C:\Windows\System\ldnBMXW.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\iGcJuah.exe
  C:\Windows\System\iGcJuah.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\ZyfVpGI.exe
  C:\Windows\System\ZyfVpGI.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\RwdGGxj.exe
  C:\Windows\System\RwdGGxj.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\lhPXsVl.exe
  C:\Windows\System\lhPXsVl.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\OdvKLqK.exe
  C:\Windows\System\OdvKLqK.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\wtVKyGt.exe
  C:\Windows\System\wtVKyGt.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\OozKIbh.exe
  C:\Windows\System\OozKIbh.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\eNjdpTG.exe
  C:\Windows\System\eNjdpTG.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\OoCGxCr.exe
  C:\Windows\System\OoCGxCr.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\vyYcXuV.exe
  C:\Windows\System\vyYcXuV.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\bPzsqMe.exe
  C:\Windows\System\bPzsqMe.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\sTCVeuc.exe
  C:\Windows\System\sTCVeuc.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\nBvyKoO.exe
  C:\Windows\System\nBvyKoO.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\fAELwdv.exe
  C:\Windows\System\fAELwdv.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\jotLnOH.exe
  C:\Windows\System\jotLnOH.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\fZioLFT.exe
  C:\Windows\System\fZioLFT.exe
  2⤵
  PID:2616
- C:\Windows\System\bmeZEIS.exe
  C:\Windows\System\bmeZEIS.exe
  2⤵
  PID:3036
- C:\Windows\System\sbeyJeV.exe
  C:\Windows\System\sbeyJeV.exe
  2⤵
  PID:4068
- C:\Windows\System\Ruxqjoa.exe
  C:\Windows\System\Ruxqjoa.exe
  2⤵
  PID:4332
- C:\Windows\System\oeneXjw.exe
  C:\Windows\System\oeneXjw.exe
  2⤵
  PID:4864
- C:\Windows\System\qrBxUDL.exe
  C:\Windows\System\qrBxUDL.exe
  2⤵
  PID:412
- C:\Windows\System\YIduQnH.exe
  C:\Windows\System\YIduQnH.exe
  2⤵
  PID:548
- C:\Windows\System\UJAoqJt.exe
  C:\Windows\System\UJAoqJt.exe
  2⤵
  PID:2232
- C:\Windows\System\cdBWYaa.exe
  C:\Windows\System\cdBWYaa.exe
  2⤵
  PID:1004
- C:\Windows\System\PsrhKJg.exe
  C:\Windows\System\PsrhKJg.exe
  2⤵
  PID:636
- C:\Windows\System\jlxgxLr.exe
  C:\Windows\System\jlxgxLr.exe
  2⤵
  PID:5124
- C:\Windows\System\iRWnRln.exe
  C:\Windows\System\iRWnRln.exe
  2⤵
  PID:5152
- C:\Windows\System\aPtrRaC.exe
  C:\Windows\System\aPtrRaC.exe
  2⤵
  PID:5176
- C:\Windows\System\TlobtPD.exe
  C:\Windows\System\TlobtPD.exe
  2⤵
  PID:5208
- C:\Windows\System\uHOrupO.exe
  C:\Windows\System\uHOrupO.exe
  2⤵
  PID:5232
- C:\Windows\System\VmHBOoz.exe
  C:\Windows\System\VmHBOoz.exe
  2⤵
  PID:5268
- C:\Windows\System\SLZOyfE.exe
  C:\Windows\System\SLZOyfE.exe
  2⤵
  PID:5288
- C:\Windows\System\wOrDZea.exe
  C:\Windows\System\wOrDZea.exe
  2⤵
  PID:5320
- C:\Windows\System\rtgzEnN.exe
  C:\Windows\System\rtgzEnN.exe
  2⤵
  PID:5348
- C:\Windows\System\NTlyEDh.exe
  C:\Windows\System\NTlyEDh.exe
  2⤵
  PID:5372
- C:\Windows\System\sadEykV.exe
  C:\Windows\System\sadEykV.exe
  2⤵
  PID:5404
- C:\Windows\System\xoktnmQ.exe
  C:\Windows\System\xoktnmQ.exe
  2⤵
  PID:5428
- C:\Windows\System\svRuGha.exe
  C:\Windows\System\svRuGha.exe
  2⤵
  PID:5460
- C:\Windows\System\mNsvnqU.exe
  C:\Windows\System\mNsvnqU.exe
  2⤵
  PID:5488
- C:\Windows\System\ionCnlt.exe
  C:\Windows\System\ionCnlt.exe
  2⤵
  PID:5516
- C:\Windows\System\JhzMaRj.exe
  C:\Windows\System\JhzMaRj.exe
  2⤵
  PID:5540
- C:\Windows\System\pHYmKnS.exe
  C:\Windows\System\pHYmKnS.exe
  2⤵
  PID:5572
- C:\Windows\System\VvuSxkO.exe
  C:\Windows\System\VvuSxkO.exe
  2⤵
  PID:5596
- C:\Windows\System\PvKshSY.exe
  C:\Windows\System\PvKshSY.exe
  2⤵
  PID:5628
- C:\Windows\System\OBkUIQj.exe
  C:\Windows\System\OBkUIQj.exe
  2⤵
  PID:5656
- C:\Windows\System\zUvrqSe.exe
  C:\Windows\System\zUvrqSe.exe
  2⤵
  PID:5680
- C:\Windows\System\iisuWAh.exe
  C:\Windows\System\iisuWAh.exe
  2⤵
  PID:5712
- C:\Windows\System\AenkthB.exe
  C:\Windows\System\AenkthB.exe
  2⤵
  PID:5744
- C:\Windows\System\FwkXtPa.exe
  C:\Windows\System\FwkXtPa.exe
  2⤵
  PID:5764
- C:\Windows\System\BpsogNK.exe
  C:\Windows\System\BpsogNK.exe
  2⤵
  PID:5796
- C:\Windows\System\fDHkIId.exe
  C:\Windows\System\fDHkIId.exe
  2⤵
  PID:5824
- C:\Windows\System\OYvyCLl.exe
  C:\Windows\System\OYvyCLl.exe
  2⤵
  PID:5848
- C:\Windows\System\kgdaBiE.exe
  C:\Windows\System\kgdaBiE.exe
  2⤵
  PID:5880
- C:\Windows\System\mRXhuhU.exe
  C:\Windows\System\mRXhuhU.exe
  2⤵
  PID:5908
- C:\Windows\System\SbNPUVA.exe
  C:\Windows\System\SbNPUVA.exe
  2⤵
  PID:5932
- C:\Windows\System\xMCzVnT.exe
  C:\Windows\System\xMCzVnT.exe
  2⤵
  PID:5964
- C:\Windows\System\gpoYSQh.exe
  C:\Windows\System\gpoYSQh.exe
  2⤵
  PID:5988
- C:\Windows\System\KYchjWa.exe
  C:\Windows\System\KYchjWa.exe
  2⤵
  PID:6020
- C:\Windows\System\UztDUma.exe
  C:\Windows\System\UztDUma.exe
  2⤵
  PID:6048
- C:\Windows\System\dWgSFBf.exe
  C:\Windows\System\dWgSFBf.exe
  2⤵
  PID:6072
- C:\Windows\System\utkphFz.exe
  C:\Windows\System\utkphFz.exe
  2⤵
  PID:6104
- C:\Windows\System\fMiIenJ.exe
  C:\Windows\System\fMiIenJ.exe
  2⤵
  PID:6132
- C:\Windows\System\iOmRAFM.exe
  C:\Windows\System\iOmRAFM.exe
  2⤵
  PID:4020
- C:\Windows\System\yoOWdfl.exe
  C:\Windows\System\yoOWdfl.exe
  2⤵
  PID:384
- C:\Windows\System\vwQjUKQ.exe
  C:\Windows\System\vwQjUKQ.exe
  2⤵
  PID:2892
- C:\Windows\System\Crfrmrp.exe
  C:\Windows\System\Crfrmrp.exe
  2⤵
  PID:2552
- C:\Windows\System\kAlIHsY.exe
  C:\Windows\System\kAlIHsY.exe
  2⤵
  PID:4664
- C:\Windows\System\bVvjjtA.exe
  C:\Windows\System\bVvjjtA.exe
  2⤵
  PID:5132
- C:\Windows\System\AdRFhdl.exe
  C:\Windows\System\AdRFhdl.exe
  2⤵
  PID:5192
- C:\Windows\System\HbkPjPc.exe
  C:\Windows\System\HbkPjPc.exe
  2⤵
  PID:5244
- C:\Windows\System\BPtNnXZ.exe
  C:\Windows\System\BPtNnXZ.exe
  2⤵
  PID:5300
- C:\Windows\System\hPuaQjU.exe
  C:\Windows\System\hPuaQjU.exe
  2⤵
  PID:5368
- C:\Windows\System\eaFXTZl.exe
  C:\Windows\System\eaFXTZl.exe
  2⤵
  PID:5412
- C:\Windows\System\IqApROm.exe
  C:\Windows\System\IqApROm.exe
  2⤵
  PID:2172
- C:\Windows\System\ddwuPmb.exe
  C:\Windows\System\ddwuPmb.exe
  2⤵
  PID:5524
- C:\Windows\System\DqEVEid.exe
  C:\Windows\System\DqEVEid.exe
  2⤵
  PID:5732
- C:\Windows\System\logwSBb.exe
  C:\Windows\System\logwSBb.exe
  2⤵
  PID:5760
- C:\Windows\System\zxrMQdB.exe
  C:\Windows\System\zxrMQdB.exe
  2⤵
  PID:5844
- C:\Windows\System\ksiqyah.exe
  C:\Windows\System\ksiqyah.exe
  2⤵
  PID:5896
- C:\Windows\System\dohkyuh.exe
  C:\Windows\System\dohkyuh.exe
  2⤵
  PID:5928
- C:\Windows\System\HZheXNb.exe
  C:\Windows\System\HZheXNb.exe
  2⤵
  PID:5972
- C:\Windows\System\VHLqleu.exe
  C:\Windows\System\VHLqleu.exe
  2⤵
  PID:6004
- C:\Windows\System\noDBAec.exe
  C:\Windows\System\noDBAec.exe
  2⤵
  PID:1928
- C:\Windows\System\YuRJrnE.exe
  C:\Windows\System\YuRJrnE.exe
  2⤵
  PID:6084
- C:\Windows\System\nrrfNzF.exe
  C:\Windows\System\nrrfNzF.exe
  2⤵
  PID:6120
- C:\Windows\System\YLpjgBF.exe
  C:\Windows\System\YLpjgBF.exe
  2⤵
  PID:2992
- C:\Windows\System\VABmiyW.exe
  C:\Windows\System\VABmiyW.exe
  2⤵
  PID:3844
- C:\Windows\System\wYBgjGM.exe
  C:\Windows\System\wYBgjGM.exe
  2⤵
  PID:4820
- C:\Windows\System\azeCeqR.exe
  C:\Windows\System\azeCeqR.exe
  2⤵
  PID:3580
- C:\Windows\System\AnVldBq.exe
  C:\Windows\System\AnVldBq.exe
  2⤵
  PID:5160
- C:\Windows\System\lMBBCoQ.exe
  C:\Windows\System\lMBBCoQ.exe
  2⤵
  PID:4736
- C:\Windows\System\EXKSkvn.exe
  C:\Windows\System\EXKSkvn.exe
  2⤵
  PID:3276
- C:\Windows\System\LkTtRJv.exe
  C:\Windows\System\LkTtRJv.exe
  2⤵
  PID:5592
- C:\Windows\System\vnREIVe.exe
  C:\Windows\System\vnREIVe.exe
  2⤵
  PID:4484
- C:\Windows\System\cBJHVQp.exe
  C:\Windows\System\cBJHVQp.exe
  2⤵
  PID:4828
- C:\Windows\System\lgrEdzH.exe
  C:\Windows\System\lgrEdzH.exe
  2⤵
  PID:5504
- C:\Windows\System\YXnSPKX.exe
  C:\Windows\System\YXnSPKX.exe
  2⤵
  PID:4424
- C:\Windows\System\qljvIHW.exe
  C:\Windows\System\qljvIHW.exe
  2⤵
  PID:5812
- C:\Windows\System\yBwxTNV.exe
  C:\Windows\System\yBwxTNV.exe
  2⤵
  PID:5900
- C:\Windows\System\PersTiP.exe
  C:\Windows\System\PersTiP.exe
  2⤵
  PID:6092
- C:\Windows\System\palUQcn.exe
  C:\Windows\System\palUQcn.exe
  2⤵
  PID:1904
- C:\Windows\System\noFtIji.exe
  C:\Windows\System\noFtIji.exe
  2⤵
  PID:4024
- C:\Windows\System\naaXaiw.exe
  C:\Windows\System\naaXaiw.exe
  2⤵
  PID:1592
- C:\Windows\System\BKqOcxR.exe
  C:\Windows\System\BKqOcxR.exe
  2⤵
  PID:640
- C:\Windows\System\eLDciCA.exe
  C:\Windows\System\eLDciCA.exe
  2⤵
  PID:1060
- C:\Windows\System\nPuyvop.exe
  C:\Windows\System\nPuyvop.exe
  2⤵
  PID:5840
- C:\Windows\System\shwXXrl.exe
  C:\Windows\System\shwXXrl.exe
  2⤵
  PID:2976
- C:\Windows\System\txIQTeF.exe
  C:\Windows\System\txIQTeF.exe
  2⤵
  PID:6160
- C:\Windows\System\xvRYyOS.exe
  C:\Windows\System\xvRYyOS.exe
  2⤵
  PID:6176
- C:\Windows\System\VaJFxoP.exe
  C:\Windows\System\VaJFxoP.exe
  2⤵
  PID:6204
- C:\Windows\System\QyaNjSR.exe
  C:\Windows\System\QyaNjSR.exe
  2⤵
  PID:6232
- C:\Windows\System\LDxYDoq.exe
  C:\Windows\System\LDxYDoq.exe
  2⤵
  PID:6256
- C:\Windows\System\UiWKkYX.exe
  C:\Windows\System\UiWKkYX.exe
  2⤵
  PID:6288
- C:\Windows\System\VzByLdj.exe
  C:\Windows\System\VzByLdj.exe
  2⤵
  PID:6316
- C:\Windows\System\XTvvYdy.exe
  C:\Windows\System\XTvvYdy.exe
  2⤵
  PID:6344
- C:\Windows\System\DcTgIRE.exe
  C:\Windows\System\DcTgIRE.exe
  2⤵
  PID:6364
- C:\Windows\System\cmWZVgJ.exe
  C:\Windows\System\cmWZVgJ.exe
  2⤵
  PID:6472
- C:\Windows\System\uIohAkx.exe
  C:\Windows\System\uIohAkx.exe
  2⤵
  PID:6488
- C:\Windows\System\BlWTYKN.exe
  C:\Windows\System\BlWTYKN.exe
  2⤵
  PID:6504
- C:\Windows\System\pyeHZkX.exe
  C:\Windows\System\pyeHZkX.exe
  2⤵
  PID:6524
- C:\Windows\System\VkJJErQ.exe
  C:\Windows\System\VkJJErQ.exe
  2⤵
  PID:6552
- C:\Windows\System\YuStNtI.exe
  C:\Windows\System\YuStNtI.exe
  2⤵
  PID:6592
- C:\Windows\System\PScXuTx.exe
  C:\Windows\System\PScXuTx.exe
  2⤵
  PID:6620
- C:\Windows\System\GlJHBKV.exe
  C:\Windows\System\GlJHBKV.exe
  2⤵
  PID:6644
- C:\Windows\System\OITKWAZ.exe
  C:\Windows\System\OITKWAZ.exe
  2⤵
  PID:6676
- C:\Windows\System\haMxICS.exe
  C:\Windows\System\haMxICS.exe
  2⤵
  PID:6700
- C:\Windows\System\VeKKlbQ.exe
  C:\Windows\System\VeKKlbQ.exe
  2⤵
  PID:6724
- C:\Windows\System\rnbMsNv.exe
  C:\Windows\System\rnbMsNv.exe
  2⤵
  PID:6744
- C:\Windows\System\iprICmN.exe
  C:\Windows\System\iprICmN.exe
  2⤵
  PID:6772
- C:\Windows\System\EzehWgc.exe
  C:\Windows\System\EzehWgc.exe
  2⤵
  PID:6804
- C:\Windows\System\fsWPqeY.exe
  C:\Windows\System\fsWPqeY.exe
  2⤵
  PID:6856
- C:\Windows\System\bmXKjJZ.exe
  C:\Windows\System\bmXKjJZ.exe
  2⤵
  PID:6876
- C:\Windows\System\yFEJpei.exe
  C:\Windows\System\yFEJpei.exe
  2⤵
  PID:6904
- C:\Windows\System\KkANdhm.exe
  C:\Windows\System\KkANdhm.exe
  2⤵
  PID:6924
- C:\Windows\System\lfGCbGW.exe
  C:\Windows\System\lfGCbGW.exe
  2⤵
  PID:6968
- C:\Windows\System\QhiZKIN.exe
  C:\Windows\System\QhiZKIN.exe
  2⤵
  PID:6992
- C:\Windows\System\UNcSeYk.exe
  C:\Windows\System\UNcSeYk.exe
  2⤵
  PID:7012
- C:\Windows\System\DHgtDpY.exe
  C:\Windows\System\DHgtDpY.exe
  2⤵
  PID:7036
- C:\Windows\System\MjqJbKP.exe
  C:\Windows\System\MjqJbKP.exe
  2⤵
  PID:7056
- C:\Windows\System\FPibOlq.exe
  C:\Windows\System\FPibOlq.exe
  2⤵
  PID:7104
- C:\Windows\System\MJuXEHz.exe
  C:\Windows\System\MJuXEHz.exe
  2⤵
  PID:7124
- C:\Windows\System\YlzDGOG.exe
  C:\Windows\System\YlzDGOG.exe
  2⤵
  PID:7144
- C:\Windows\System\KhWjlPD.exe
  C:\Windows\System\KhWjlPD.exe
  2⤵
  PID:6244
- C:\Windows\System\iflFcIT.exe
  C:\Windows\System\iflFcIT.exe
  2⤵
  PID:6168
- C:\Windows\System\QNTOedZ.exe
  C:\Windows\System\QNTOedZ.exe
  2⤵
  PID:6040
- C:\Windows\System\MJjFEGv.exe
  C:\Windows\System\MJjFEGv.exe
  2⤵
  PID:5056
- C:\Windows\System\AOSJctA.exe
  C:\Windows\System\AOSJctA.exe
  2⤵
  PID:6356
- C:\Windows\System\ZrnLOXF.exe
  C:\Windows\System\ZrnLOXF.exe
  2⤵
  PID:5832
- C:\Windows\System\VPamAUR.exe
  C:\Windows\System\VPamAUR.exe
  2⤵
  PID:5444
- C:\Windows\System\cxTlOoL.exe
  C:\Windows\System\cxTlOoL.exe
  2⤵
  PID:5224
- C:\Windows\System\ndhrqSI.exe
  C:\Windows\System\ndhrqSI.exe
  2⤵
  PID:6452
- C:\Windows\System\sXmOMhK.exe
  C:\Windows\System\sXmOMhK.exe
  2⤵
  PID:6564
- C:\Windows\System\IAMtybe.exe
  C:\Windows\System\IAMtybe.exe
  2⤵
  PID:6600
- C:\Windows\System\eeJJiWj.exe
  C:\Windows\System\eeJJiWj.exe
  2⤵
  PID:6640
- C:\Windows\System\hfYwxug.exe
  C:\Windows\System\hfYwxug.exe
  2⤵
  PID:6692
- C:\Windows\System\ocPUrnW.exe
  C:\Windows\System\ocPUrnW.exe
  2⤵
  PID:6832
- C:\Windows\System\enCczJj.exe
  C:\Windows\System\enCczJj.exe
  2⤵
  PID:6900
- C:\Windows\System\frFppfq.exe
  C:\Windows\System\frFppfq.exe
  2⤵
  PID:6956
- C:\Windows\System\MNfHVpY.exe
  C:\Windows\System\MNfHVpY.exe
  2⤵
  PID:7052
- C:\Windows\System\UZmivvp.exe
  C:\Windows\System\UZmivvp.exe
  2⤵
  PID:7032
- C:\Windows\System\iGFkRdY.exe
  C:\Windows\System\iGFkRdY.exe
  2⤵
  PID:7096
- C:\Windows\System\kHmdhQt.exe
  C:\Windows\System\kHmdhQt.exe
  2⤵
  PID:6172
- C:\Windows\System\QWXYRBQ.exe
  C:\Windows\System\QWXYRBQ.exe
  2⤵
  PID:6248
- C:\Windows\System\ApgCxji.exe
  C:\Windows\System\ApgCxji.exe
  2⤵
  PID:6328
- C:\Windows\System\pwbosbk.exe
  C:\Windows\System\pwbosbk.exe
  2⤵
  PID:1832
- C:\Windows\System\GKqNMWu.exe
  C:\Windows\System\GKqNMWu.exe
  2⤵
  PID:6708
- C:\Windows\System\WejeZpS.exe
  C:\Windows\System\WejeZpS.exe
  2⤵
  PID:6988
- C:\Windows\System\sPXPrrU.exe
  C:\Windows\System\sPXPrrU.exe
  2⤵
  PID:6896
- C:\Windows\System\RfjHeCm.exe
  C:\Windows\System\RfjHeCm.exe
  2⤵
  PID:6392
- C:\Windows\System\DiDJrGC.exe
  C:\Windows\System\DiDJrGC.exe
  2⤵
  PID:6148
- C:\Windows\System\ufacPnj.exe
  C:\Windows\System\ufacPnj.exe
  2⤵
  PID:5924
- C:\Windows\System\uFZwahf.exe
  C:\Windows\System\uFZwahf.exe
  2⤵
  PID:6664
- C:\Windows\System\PcQuhNT.exe
  C:\Windows\System\PcQuhNT.exe
  2⤵
  PID:1284
- C:\Windows\System\EgzYKwE.exe
  C:\Windows\System\EgzYKwE.exe
  2⤵
  PID:7184
- C:\Windows\System\gQYdYkr.exe
  C:\Windows\System\gQYdYkr.exe
  2⤵
  PID:7212
- C:\Windows\System\OUsyQqH.exe
  C:\Windows\System\OUsyQqH.exe
  2⤵
  PID:7228
- C:\Windows\System\gBTrfcW.exe
  C:\Windows\System\gBTrfcW.exe
  2⤵
  PID:7268
- C:\Windows\System\ToEOncZ.exe
  C:\Windows\System\ToEOncZ.exe
  2⤵
  PID:7296
- C:\Windows\System\auJcCru.exe
  C:\Windows\System\auJcCru.exe
  2⤵
  PID:7324
- C:\Windows\System\WumlVCD.exe
  C:\Windows\System\WumlVCD.exe
  2⤵
  PID:7340
- C:\Windows\System\sgIMXUp.exe
  C:\Windows\System\sgIMXUp.exe
  2⤵
  PID:7360
- C:\Windows\System\WuuxPpE.exe
  C:\Windows\System\WuuxPpE.exe
  2⤵
  PID:7384
- C:\Windows\System\PxCtdyw.exe
  C:\Windows\System\PxCtdyw.exe
  2⤵
  PID:7404
- C:\Windows\System\plMLYkC.exe
  C:\Windows\System\plMLYkC.exe
  2⤵
  PID:7428
- C:\Windows\System\MuscPdg.exe
  C:\Windows\System\MuscPdg.exe
  2⤵
  PID:7468
- C:\Windows\System\TaHZLUD.exe
  C:\Windows\System\TaHZLUD.exe
  2⤵
  PID:7500
- C:\Windows\System\foIsSFn.exe
  C:\Windows\System\foIsSFn.exe
  2⤵
  PID:7520
- C:\Windows\System\apMqUzt.exe
  C:\Windows\System\apMqUzt.exe
  2⤵
  PID:7540
- C:\Windows\System\dDbIpsS.exe
  C:\Windows\System\dDbIpsS.exe
  2⤵
  PID:7580
- C:\Windows\System\YorvbCZ.exe
  C:\Windows\System\YorvbCZ.exe
  2⤵
  PID:7612
- C:\Windows\System\HHVGnJG.exe
  C:\Windows\System\HHVGnJG.exe
  2⤵
  PID:7652
- C:\Windows\System\wZwXFlt.exe
  C:\Windows\System\wZwXFlt.exe
  2⤵
  PID:7676
- C:\Windows\System\YCxLEVr.exe
  C:\Windows\System\YCxLEVr.exe
  2⤵
  PID:7692
- C:\Windows\System\hnEBPsf.exe
  C:\Windows\System\hnEBPsf.exe
  2⤵
  PID:7712
- C:\Windows\System\XnIbuIG.exe
  C:\Windows\System\XnIbuIG.exe
  2⤵
  PID:7732
- C:\Windows\System\mmOMSJq.exe
  C:\Windows\System\mmOMSJq.exe
  2⤵
  PID:7748
- C:\Windows\System\YlBtAgj.exe
  C:\Windows\System\YlBtAgj.exe
  2⤵
  PID:7772
- C:\Windows\System\BlyfmxT.exe
  C:\Windows\System\BlyfmxT.exe
  2⤵
  PID:7788
- C:\Windows\System\TSbqeac.exe
  C:\Windows\System\TSbqeac.exe
  2⤵
  PID:7808
- C:\Windows\System\LWIoCqC.exe
  C:\Windows\System\LWIoCqC.exe
  2⤵
  PID:7828
- C:\Windows\System\EyFrwWU.exe
  C:\Windows\System\EyFrwWU.exe
  2⤵
  PID:7884
- C:\Windows\System\ozDnupf.exe
  C:\Windows\System\ozDnupf.exe
  2⤵
  PID:7916
- C:\Windows\System\DgVwgfv.exe
  C:\Windows\System\DgVwgfv.exe
  2⤵
  PID:7932
- C:\Windows\System\lainxFl.exe
  C:\Windows\System\lainxFl.exe
  2⤵
  PID:7952
- C:\Windows\System\TbqXRra.exe
  C:\Windows\System\TbqXRra.exe
  2⤵
  PID:7968
- C:\Windows\System\tptNaES.exe
  C:\Windows\System\tptNaES.exe
  2⤵
  PID:7992
- C:\Windows\System\fjdnxzn.exe
  C:\Windows\System\fjdnxzn.exe
  2⤵
  PID:8012
- C:\Windows\System\XhznDQL.exe
  C:\Windows\System\XhznDQL.exe
  2⤵
  PID:8056
- C:\Windows\System\QzflxJR.exe
  C:\Windows\System\QzflxJR.exe
  2⤵
  PID:8076
- C:\Windows\System\pYeDQlS.exe
  C:\Windows\System\pYeDQlS.exe
  2⤵
  PID:8092
- C:\Windows\System\BPOaVDo.exe
  C:\Windows\System\BPOaVDo.exe
  2⤵
  PID:8120
- C:\Windows\System\ddobWTH.exe
  C:\Windows\System\ddobWTH.exe
  2⤵
  PID:8144
- C:\Windows\System\jjnaNWx.exe
  C:\Windows\System\jjnaNWx.exe
  2⤵
  PID:7180
- C:\Windows\System\MbCUHlo.exe
  C:\Windows\System\MbCUHlo.exe
  2⤵
  PID:7252
- C:\Windows\System\wIEHDCI.exe
  C:\Windows\System\wIEHDCI.exe
  2⤵
  PID:7396
- C:\Windows\System\UVhtYpK.exe
  C:\Windows\System\UVhtYpK.exe
  2⤵
  PID:7464
- C:\Windows\System\MixIOPJ.exe
  C:\Windows\System\MixIOPJ.exe
  2⤵
  PID:7528
- C:\Windows\System\vCvwyPs.exe
  C:\Windows\System\vCvwyPs.exe
  2⤵
  PID:7608
- C:\Windows\System\VRdkuMo.exe
  C:\Windows\System\VRdkuMo.exe
  2⤵
  PID:7704
- C:\Windows\System\PDywzcO.exe
  C:\Windows\System\PDywzcO.exe
  2⤵
  PID:7780
- C:\Windows\System\qxuYziG.exe
  C:\Windows\System\qxuYziG.exe
  2⤵
  PID:7824
- C:\Windows\System\gbPHDqt.exe
  C:\Windows\System\gbPHDqt.exe
  2⤵
  PID:7852
- C:\Windows\System\eUseMQE.exe
  C:\Windows\System\eUseMQE.exe
  2⤵
  PID:7948
- C:\Windows\System\gViRDWa.exe
  C:\Windows\System\gViRDWa.exe
  2⤵
  PID:8000
- C:\Windows\System\KmnxTgu.exe
  C:\Windows\System\KmnxTgu.exe
  2⤵
  PID:8048
- C:\Windows\System\nLkWpEF.exe
  C:\Windows\System\nLkWpEF.exe
  2⤵
  PID:6516
- C:\Windows\System\pbwUNrS.exe
  C:\Windows\System\pbwUNrS.exe
  2⤵
  PID:7276
- C:\Windows\System\IJJDPNC.exe
  C:\Windows\System\IJJDPNC.exe
  2⤵
  PID:7424
- C:\Windows\System\tlyZRAs.exe
  C:\Windows\System\tlyZRAs.exe
  2⤵
  PID:7564
- C:\Windows\System\FTgSRCx.exe
  C:\Windows\System\FTgSRCx.exe
  2⤵
  PID:7392
- C:\Windows\System\cnDHtIw.exe
  C:\Windows\System\cnDHtIw.exe
  2⤵
  PID:7632
- C:\Windows\System\XQtgsqi.exe
  C:\Windows\System\XQtgsqi.exe
  2⤵
  PID:7816
- C:\Windows\System\SRqAjaJ.exe
  C:\Windows\System\SRqAjaJ.exe
  2⤵
  PID:7928
- C:\Windows\System\xijeUuE.exe
  C:\Windows\System\xijeUuE.exe
  2⤵
  PID:7988
- C:\Windows\System\JIaNiNc.exe
  C:\Windows\System\JIaNiNc.exe
  2⤵
  PID:8088
- C:\Windows\System\BONyoAW.exe
  C:\Windows\System\BONyoAW.exe
  2⤵
  PID:7848
- C:\Windows\System\qhgAvGw.exe
  C:\Windows\System\qhgAvGw.exe
  2⤵
  PID:8208
- C:\Windows\System\nazDVyY.exe
  C:\Windows\System\nazDVyY.exe
  2⤵
  PID:8240
- C:\Windows\System\GTpRyKR.exe
  C:\Windows\System\GTpRyKR.exe
  2⤵
  PID:8260
- C:\Windows\System\CcUMOgn.exe
  C:\Windows\System\CcUMOgn.exe
  2⤵
  PID:8280
- C:\Windows\System\LKMIWMW.exe
  C:\Windows\System\LKMIWMW.exe
  2⤵
  PID:8308
- C:\Windows\System\rCTZHDN.exe
  C:\Windows\System\rCTZHDN.exe
  2⤵
  PID:8328
- C:\Windows\System\KxEFfDF.exe
  C:\Windows\System\KxEFfDF.exe
  2⤵
  PID:8344
- C:\Windows\System\TFAoLMQ.exe
  C:\Windows\System\TFAoLMQ.exe
  2⤵
  PID:8368
- C:\Windows\System\YCHsfuA.exe
  C:\Windows\System\YCHsfuA.exe
  2⤵
  PID:8392
- C:\Windows\System\uEFGVXX.exe
  C:\Windows\System\uEFGVXX.exe
  2⤵
  PID:8412
- C:\Windows\System\HfMilOg.exe
  C:\Windows\System\HfMilOg.exe
  2⤵
  PID:8436
- C:\Windows\System\dSjpEMH.exe
  C:\Windows\System\dSjpEMH.exe
  2⤵
  PID:8456
- C:\Windows\System\RNfplnt.exe
  C:\Windows\System\RNfplnt.exe
  2⤵
  PID:8508
- C:\Windows\System\RHDTSbL.exe
  C:\Windows\System\RHDTSbL.exe
  2⤵
  PID:8536
- C:\Windows\System\TmemEYr.exe
  C:\Windows\System\TmemEYr.exe
  2⤵
  PID:8568
- C:\Windows\System\PrjkPPB.exe
  C:\Windows\System\PrjkPPB.exe
  2⤵
  PID:8588
- C:\Windows\System\hFIuKXi.exe
  C:\Windows\System\hFIuKXi.exe
  2⤵
  PID:8608
- C:\Windows\System\XBnVlkM.exe
  C:\Windows\System\XBnVlkM.exe
  2⤵
  PID:8628
- C:\Windows\System\uacQkfR.exe
  C:\Windows\System\uacQkfR.exe
  2⤵
  PID:8648
- C:\Windows\System\GvOSEKp.exe
  C:\Windows\System\GvOSEKp.exe
  2⤵
  PID:8672
- C:\Windows\System\HCWpKQa.exe
  C:\Windows\System\HCWpKQa.exe
  2⤵
  PID:8696
- C:\Windows\System\PitrQQY.exe
  C:\Windows\System\PitrQQY.exe
  2⤵
  PID:8716
- C:\Windows\System\KWjbVFc.exe
  C:\Windows\System\KWjbVFc.exe
  2⤵
  PID:8768
- C:\Windows\System\mecAGct.exe
  C:\Windows\System\mecAGct.exe
  2⤵
  PID:8784
- C:\Windows\System\CgOuEor.exe
  C:\Windows\System\CgOuEor.exe
  2⤵
  PID:8872
- C:\Windows\System\YCoqhaT.exe
  C:\Windows\System\YCoqhaT.exe
  2⤵
  PID:8920
- C:\Windows\System\MKutGMb.exe
  C:\Windows\System\MKutGMb.exe
  2⤵
  PID:8936
- C:\Windows\System\DmGzUuu.exe
  C:\Windows\System\DmGzUuu.exe
  2⤵
  PID:8968
- C:\Windows\System\HYtUiwi.exe
  C:\Windows\System\HYtUiwi.exe
  2⤵
  PID:8984
- C:\Windows\System\nfpbIvc.exe
  C:\Windows\System\nfpbIvc.exe
  2⤵
  PID:9040
- C:\Windows\System\JBSAcau.exe
  C:\Windows\System\JBSAcau.exe
  2⤵
  PID:9056
- C:\Windows\System\bmiTLkc.exe
  C:\Windows\System\bmiTLkc.exe
  2⤵
  PID:9088
- C:\Windows\System\OcWnbRo.exe
  C:\Windows\System\OcWnbRo.exe
  2⤵
  PID:9112
- C:\Windows\System\WYbNIFu.exe
  C:\Windows\System\WYbNIFu.exe
  2⤵
  PID:9128
- C:\Windows\System\WAraUyE.exe
  C:\Windows\System\WAraUyE.exe
  2⤵
  PID:9152
- C:\Windows\System\FrSlhWu.exe
  C:\Windows\System\FrSlhWu.exe
  2⤵
  PID:9188
- C:\Windows\System\SvDXQxR.exe
  C:\Windows\System\SvDXQxR.exe
  2⤵
  PID:9208
- C:\Windows\System\YhULwce.exe
  C:\Windows\System\YhULwce.exe
  2⤵
  PID:8132
- C:\Windows\System\jwrTcBb.exe
  C:\Windows\System\jwrTcBb.exe
  2⤵
  PID:8272
- C:\Windows\System\TBvKWmq.exe
  C:\Windows\System\TBvKWmq.exe
  2⤵
  PID:8352
- C:\Windows\System\BuNKsHn.exe
  C:\Windows\System\BuNKsHn.exe
  2⤵
  PID:8336
- C:\Windows\System\ENJjlkc.exe
  C:\Windows\System\ENJjlkc.exe
  2⤵
  PID:8420
- C:\Windows\System\TwyFruU.exe
  C:\Windows\System\TwyFruU.exe
  2⤵
  PID:8528
- C:\Windows\System\UGAJlmy.exe
  C:\Windows\System\UGAJlmy.exe
  2⤵
  PID:8580
- C:\Windows\System\uaFNffM.exe
  C:\Windows\System\uaFNffM.exe
  2⤵
  PID:8688
- C:\Windows\System\OYNBXUD.exe
  C:\Windows\System\OYNBXUD.exe
  2⤵
  PID:8744
- C:\Windows\System\JvDQRJq.exe
  C:\Windows\System\JvDQRJq.exe
  2⤵
  PID:8724
- C:\Windows\System\HUVvuYD.exe
  C:\Windows\System\HUVvuYD.exe
  2⤵
  PID:8892
- C:\Windows\System\mLQBFWw.exe
  C:\Windows\System\mLQBFWw.exe
  2⤵
  PID:8856
- C:\Windows\System\FiieQvY.exe
  C:\Windows\System\FiieQvY.exe
  2⤵
  PID:8948
- C:\Windows\System\TvwDncZ.exe
  C:\Windows\System\TvwDncZ.exe
  2⤵
  PID:9032
- C:\Windows\System\TNDdZWm.exe
  C:\Windows\System\TNDdZWm.exe
  2⤵
  PID:9104
- C:\Windows\System\VZIwJni.exe
  C:\Windows\System\VZIwJni.exe
  2⤵
  PID:9172
- C:\Windows\System\FgJyukC.exe
  C:\Windows\System\FgJyukC.exe
  2⤵
  PID:8232
- C:\Windows\System\LopAjGw.exe
  C:\Windows\System\LopAjGw.exe
  2⤵
  PID:8404
- C:\Windows\System\JysTcmU.exe
  C:\Windows\System\JysTcmU.exe
  2⤵
  PID:8560
- C:\Windows\System\ZqayRzc.exe
  C:\Windows\System\ZqayRzc.exe
  2⤵
  PID:8548
- C:\Windows\System\VbjoWAC.exe
  C:\Windows\System\VbjoWAC.exe
  2⤵
  PID:8712
- C:\Windows\System\Taijwng.exe
  C:\Windows\System\Taijwng.exe
  2⤵
  PID:8864
- C:\Windows\System\uRfVfvs.exe
  C:\Windows\System\uRfVfvs.exe
  2⤵
  PID:9084
- C:\Windows\System\CkkPvKl.exe
  C:\Windows\System\CkkPvKl.exe
  2⤵
  PID:9184
- C:\Windows\System\VDbCULz.exe
  C:\Windows\System\VDbCULz.exe
  2⤵
  PID:7380
- C:\Windows\System\kVPUKhA.exe
  C:\Windows\System\kVPUKhA.exe
  2⤵
  PID:8644
- C:\Windows\System\ylpObHP.exe
  C:\Windows\System\ylpObHP.exe
  2⤵
  PID:9220
- C:\Windows\System\pCtWixr.exe
  C:\Windows\System\pCtWixr.exe
  2⤵
  PID:9256
- C:\Windows\System\GzMrGtr.exe
  C:\Windows\System\GzMrGtr.exe
  2⤵
  PID:9308
- C:\Windows\System\SJgrjvN.exe
  C:\Windows\System\SJgrjvN.exe
  2⤵
  PID:9332
- C:\Windows\System\NbZSPJp.exe
  C:\Windows\System\NbZSPJp.exe
  2⤵
  PID:9352
- C:\Windows\System\AxDCtsK.exe
  C:\Windows\System\AxDCtsK.exe
  2⤵
  PID:9376
- C:\Windows\System\txsmPmp.exe
  C:\Windows\System\txsmPmp.exe
  2⤵
  PID:9408
- C:\Windows\System\pngOmdU.exe
  C:\Windows\System\pngOmdU.exe
  2⤵
  PID:9464
- C:\Windows\System\WyWfpJR.exe
  C:\Windows\System\WyWfpJR.exe
  2⤵
  PID:9484
- C:\Windows\System\IfUQNRC.exe
  C:\Windows\System\IfUQNRC.exe
  2⤵
  PID:9500
- C:\Windows\System\TpuEYaE.exe
  C:\Windows\System\TpuEYaE.exe
  2⤵
  PID:9536
- C:\Windows\System\hKyyGeV.exe
  C:\Windows\System\hKyyGeV.exe
  2⤵
  PID:9572
- C:\Windows\System\JMAzLHB.exe
  C:\Windows\System\JMAzLHB.exe
  2⤵
  PID:9596
- C:\Windows\System\wpdywVv.exe
  C:\Windows\System\wpdywVv.exe
  2⤵
  PID:9636
- C:\Windows\System\BmyfBOI.exe
  C:\Windows\System\BmyfBOI.exe
  2⤵
  PID:9664
- C:\Windows\System\nkYRAVH.exe
  C:\Windows\System\nkYRAVH.exe
  2⤵
  PID:9680
- C:\Windows\System\rHdYTiv.exe
  C:\Windows\System\rHdYTiv.exe
  2⤵
  PID:9696
- C:\Windows\System\tXCdRjO.exe
  C:\Windows\System\tXCdRjO.exe
  2⤵
  PID:9724
- C:\Windows\System\aGYQcEB.exe
  C:\Windows\System\aGYQcEB.exe
  2⤵
  PID:9744
- C:\Windows\System\YvxMJYx.exe
  C:\Windows\System\YvxMJYx.exe
  2⤵
  PID:9772
- C:\Windows\System\bhmBhpF.exe
  C:\Windows\System\bhmBhpF.exe
  2⤵
  PID:9788
- C:\Windows\System\ArDhMmO.exe
  C:\Windows\System\ArDhMmO.exe
  2⤵
  PID:9848
- C:\Windows\System\AuOsZMh.exe
  C:\Windows\System\AuOsZMh.exe
  2⤵
  PID:9888
- C:\Windows\System\qwXwHLt.exe
  C:\Windows\System\qwXwHLt.exe
  2⤵
  PID:9924
- C:\Windows\System\VdhbCfB.exe
  C:\Windows\System\VdhbCfB.exe
  2⤵
  PID:9948
- C:\Windows\System\gvhMrxa.exe
  C:\Windows\System\gvhMrxa.exe
  2⤵
  PID:9972
- C:\Windows\System\fiIGWJP.exe
  C:\Windows\System\fiIGWJP.exe
  2⤵
  PID:9992
- C:\Windows\System\yrJiNvr.exe
  C:\Windows\System\yrJiNvr.exe
  2⤵
  PID:10012
- C:\Windows\System\OLdjtIh.exe
  C:\Windows\System\OLdjtIh.exe
  2⤵
  PID:10040
- C:\Windows\System\jcdrxyc.exe
  C:\Windows\System\jcdrxyc.exe
  2⤵
  PID:10056
- C:\Windows\System\weCvfiJ.exe
  C:\Windows\System\weCvfiJ.exe
  2⤵
  PID:10100
- C:\Windows\System\siTNxzP.exe
  C:\Windows\System\siTNxzP.exe
  2⤵
  PID:10152
- C:\Windows\System\HIxheGV.exe
  C:\Windows\System\HIxheGV.exe
  2⤵
  PID:10168
- C:\Windows\System\oJoIEtN.exe
  C:\Windows\System\oJoIEtN.exe
  2⤵
  PID:10192
- C:\Windows\System\fLuRALE.exe
  C:\Windows\System\fLuRALE.exe
  2⤵
  PID:10208
- C:\Windows\System\nWgvjVu.exe
  C:\Windows\System\nWgvjVu.exe
  2⤵
  PID:10228
- C:\Windows\System\yZmEMZR.exe
  C:\Windows\System\yZmEMZR.exe
  2⤵
  PID:8556
- C:\Windows\System\epTPgQS.exe
  C:\Windows\System\epTPgQS.exe
  2⤵
  PID:8956
- C:\Windows\System\qvhqUqK.exe
  C:\Windows\System\qvhqUqK.exe
  2⤵
  PID:8836
- C:\Windows\System\dkKNGyh.exe
  C:\Windows\System\dkKNGyh.exe
  2⤵
  PID:9316
- C:\Windows\System\oXqzehO.exe
  C:\Windows\System\oXqzehO.exe
  2⤵
  PID:9292
- C:\Windows\System\IlAbRId.exe
  C:\Windows\System\IlAbRId.exe
  2⤵
  PID:9392
- C:\Windows\System\dWSzqdX.exe
  C:\Windows\System\dWSzqdX.exe
  2⤵
  PID:9472
- C:\Windows\System\dGAWwZi.exe
  C:\Windows\System\dGAWwZi.exe
  2⤵
  PID:9480
- C:\Windows\System\RPRlJuk.exe
  C:\Windows\System\RPRlJuk.exe
  2⤵
  PID:9520
- C:\Windows\System\erZsYGR.exe
  C:\Windows\System\erZsYGR.exe
  2⤵
  PID:9712
- C:\Windows\System\foyNoUj.exe
  C:\Windows\System\foyNoUj.exe
  2⤵
  PID:9760
- C:\Windows\System\ZJdxqLb.exe
  C:\Windows\System\ZJdxqLb.exe
  2⤵
  PID:9840
- C:\Windows\System\uCqZiTt.exe
  C:\Windows\System\uCqZiTt.exe
  2⤵
  PID:9956
- C:\Windows\System\WAHqpuF.exe
  C:\Windows\System\WAHqpuF.exe
  2⤵
  PID:10000
- C:\Windows\System\XpxheJd.exe
  C:\Windows\System\XpxheJd.exe
  2⤵
  PID:10096
- C:\Windows\System\KdXfTrX.exe
  C:\Windows\System\KdXfTrX.exe
  2⤵
  PID:10132
- C:\Windows\System\nMVdWsx.exe
  C:\Windows\System\nMVdWsx.exe
  2⤵
  PID:9200
- C:\Windows\System\Vhgtsdb.exe
  C:\Windows\System\Vhgtsdb.exe
  2⤵
  PID:8780
- C:\Windows\System\RzBJHrY.exe
  C:\Windows\System\RzBJHrY.exe
  2⤵
  PID:9320
- C:\Windows\System\pIshnHd.exe
  C:\Windows\System\pIshnHd.exe
  2⤵
  PID:9448
- C:\Windows\System\xCnpuTC.exe
  C:\Windows\System\xCnpuTC.exe
  2⤵
  PID:9516
- C:\Windows\System\BPvEXzS.exe
  C:\Windows\System\BPvEXzS.exe
  2⤵
  PID:9780
- C:\Windows\System\wvvSUQv.exe
  C:\Windows\System\wvvSUQv.exe
  2⤵
  PID:10072
- C:\Windows\System\VmcicVl.exe
  C:\Windows\System\VmcicVl.exe
  2⤵
  PID:10028
- C:\Windows\System\ChgAsaw.exe
  C:\Windows\System\ChgAsaw.exe
  2⤵
  PID:10144
- C:\Windows\System\vZNCIqW.exe
  C:\Windows\System\vZNCIqW.exe
  2⤵
  PID:8928
- C:\Windows\System\QDmZtvD.exe
  C:\Windows\System\QDmZtvD.exe
  2⤵
  PID:9940
- C:\Windows\System\vJuPpXH.exe
  C:\Windows\System\vJuPpXH.exe
  2⤵
  PID:10128
- C:\Windows\System\yOjWtdo.exe
  C:\Windows\System\yOjWtdo.exe
  2⤵
  PID:10284
- C:\Windows\System\YXzOwpm.exe
  C:\Windows\System\YXzOwpm.exe
  2⤵
  PID:10316
- C:\Windows\System\dcyPhqh.exe
  C:\Windows\System\dcyPhqh.exe
  2⤵
  PID:10332
- C:\Windows\System\EsnYZwB.exe
  C:\Windows\System\EsnYZwB.exe
  2⤵
  PID:10364
- C:\Windows\System\hPMulzw.exe
  C:\Windows\System\hPMulzw.exe
  2⤵
  PID:10428
- C:\Windows\System\zNasFXc.exe
  C:\Windows\System\zNasFXc.exe
  2⤵
  PID:10532
- C:\Windows\System\aWpKvMi.exe
  C:\Windows\System\aWpKvMi.exe
  2⤵
  PID:10548
- C:\Windows\System\FppViYt.exe
  C:\Windows\System\FppViYt.exe
  2⤵
  PID:10568
- C:\Windows\System\IBigLZI.exe
  C:\Windows\System\IBigLZI.exe
  2⤵
  PID:10592
- C:\Windows\System\svJtxRY.exe
  C:\Windows\System\svJtxRY.exe
  2⤵
  PID:10632
- C:\Windows\System\HGrKubx.exe
  C:\Windows\System\HGrKubx.exe
  2⤵
  PID:10648
- C:\Windows\System\ZuTwjRn.exe
  C:\Windows\System\ZuTwjRn.exe
  2⤵
  PID:10676
- C:\Windows\System\qtVNQbR.exe
  C:\Windows\System\qtVNQbR.exe
  2⤵
  PID:10696
- C:\Windows\System\lXVFeWy.exe
  C:\Windows\System\lXVFeWy.exe
  2⤵
  PID:10768
- C:\Windows\System\njhrnkq.exe
  C:\Windows\System\njhrnkq.exe
  2⤵
  PID:10788
- C:\Windows\System\Ttbsycm.exe
  C:\Windows\System\Ttbsycm.exe
  2⤵
  PID:10804
- C:\Windows\System\tYHTbix.exe
  C:\Windows\System\tYHTbix.exe
  2⤵
  PID:10828
- C:\Windows\System\RQOEOtI.exe
  C:\Windows\System\RQOEOtI.exe
  2⤵
  PID:10852
- C:\Windows\System\afKsqNO.exe
  C:\Windows\System\afKsqNO.exe
  2⤵
  PID:10880
- C:\Windows\System\ghioHFa.exe
  C:\Windows\System\ghioHFa.exe
  2⤵
  PID:10904
- C:\Windows\System\tqnOEqQ.exe
  C:\Windows\System\tqnOEqQ.exe
  2⤵
  PID:10932
- C:\Windows\System\seSEjIU.exe
  C:\Windows\System\seSEjIU.exe
  2⤵
  PID:10984
- C:\Windows\System\HfpYevU.exe
  C:\Windows\System\HfpYevU.exe
  2⤵
  PID:11028
- C:\Windows\System\GKEZWnu.exe
  C:\Windows\System\GKEZWnu.exe
  2⤵
  PID:11056
- C:\Windows\System\uxugaFy.exe
  C:\Windows\System\uxugaFy.exe
  2⤵
  PID:11080
- C:\Windows\System\iqlGsEU.exe
  C:\Windows\System\iqlGsEU.exe
  2⤵
  PID:11096
- C:\Windows\System\LmozSWp.exe
  C:\Windows\System\LmozSWp.exe
  2⤵
  PID:11128
- C:\Windows\System\bXfGBpJ.exe
  C:\Windows\System\bXfGBpJ.exe
  2⤵
  PID:11148
- C:\Windows\System\NrqEjYP.exe
  C:\Windows\System\NrqEjYP.exe
  2⤵
  PID:11172
- C:\Windows\System\aebAwvs.exe
  C:\Windows\System\aebAwvs.exe
  2⤵
  PID:11192
- C:\Windows\System\MauEqDc.exe
  C:\Windows\System\MauEqDc.exe
  2⤵
  PID:11212
- C:\Windows\System\LSyWJBk.exe
  C:\Windows\System\LSyWJBk.exe
  2⤵
  PID:11236
- C:\Windows\System\mALlZEH.exe
  C:\Windows\System\mALlZEH.exe
  2⤵
  PID:11256
- C:\Windows\System\AlqaviW.exe
  C:\Windows\System\AlqaviW.exe
  2⤵
  PID:10312
- C:\Windows\System\duruaam.exe
  C:\Windows\System\duruaam.exe
  2⤵
  PID:10360
- C:\Windows\System\zuNnXgO.exe
  C:\Windows\System\zuNnXgO.exe
  2⤵
  PID:10384
- C:\Windows\System\EeDsaKK.exe
  C:\Windows\System\EeDsaKK.exe
  2⤵
  PID:10440
- C:\Windows\System\AchhTPZ.exe
  C:\Windows\System\AchhTPZ.exe
  2⤵
  PID:10460
- C:\Windows\System\ZnNDQVF.exe
  C:\Windows\System\ZnNDQVF.exe
  2⤵
  PID:10480
- C:\Windows\System\LQtIuUa.exe
  C:\Windows\System\LQtIuUa.exe
  2⤵
  PID:10416
- C:\Windows\System\yTdvCLz.exe
  C:\Windows\System\yTdvCLz.exe
  2⤵
  PID:10576
- C:\Windows\System\WPowZUG.exe
  C:\Windows\System\WPowZUG.exe
  2⤵
  PID:10692
- C:\Windows\System\hncsdbt.exe
  C:\Windows\System\hncsdbt.exe
  2⤵
  PID:10736
- C:\Windows\System\wiBRhYg.exe
  C:\Windows\System\wiBRhYg.exe
  2⤵
  PID:10824
- C:\Windows\System\BQXunHy.exe
  C:\Windows\System\BQXunHy.exe
  2⤵
  PID:10812
- C:\Windows\System\MubLktT.exe
  C:\Windows\System\MubLktT.exe
  2⤵
  PID:10876
- C:\Windows\System\WOmUogA.exe
  C:\Windows\System\WOmUogA.exe
  2⤵
  PID:10912
- C:\Windows\System\hSeChes.exe
  C:\Windows\System\hSeChes.exe
  2⤵
  PID:11036
- C:\Windows\System\nKDpeys.exe
  C:\Windows\System\nKDpeys.exe
  2⤵
  PID:11048
- C:\Windows\System\SOjMwtp.exe
  C:\Windows\System\SOjMwtp.exe
  2⤵
  PID:11108
- C:\Windows\System\UoOprJh.exe
  C:\Windows\System\UoOprJh.exe
  2⤵
  PID:11168
- C:\Windows\System\ygyCmNj.exe
  C:\Windows\System\ygyCmNj.exe
  2⤵
  PID:11208
- C:\Windows\System\PzsNkbI.exe
  C:\Windows\System\PzsNkbI.exe
  2⤵
  PID:9752
- C:\Windows\System\QubiCXJ.exe
  C:\Windows\System\QubiCXJ.exe
  2⤵
  PID:10296
- C:\Windows\System\PzoSdGw.exe
  C:\Windows\System\PzoSdGw.exe
  2⤵
  PID:10512
- C:\Windows\System\qoMbOyg.exe
  C:\Windows\System\qoMbOyg.exe
  2⤵
  PID:10520
- C:\Windows\System\XbNuQPa.exe
  C:\Windows\System\XbNuQPa.exe
  2⤵
  PID:10928
- C:\Windows\System\eUVfitM.exe
  C:\Windows\System\eUVfitM.exe
  2⤵
  PID:11116
- C:\Windows\System\AXUBEGc.exe
  C:\Windows\System\AXUBEGc.exe
  2⤵
  PID:10248
- C:\Windows\System\pAuDcfz.exe
  C:\Windows\System\pAuDcfz.exe
  2⤵
  PID:10508
- C:\Windows\System\pgNHYSo.exe
  C:\Windows\System\pgNHYSo.exe
  2⤵
  PID:10472
- C:\Windows\System\zzJCtpY.exe
  C:\Windows\System\zzJCtpY.exe
  2⤵
  PID:11088
- C:\Windows\System\wUzGOXY.exe
  C:\Windows\System\wUzGOXY.exe
  2⤵
  PID:11072
- C:\Windows\System\SJRaaWa.exe
  C:\Windows\System\SJRaaWa.exe
  2⤵
  PID:10780
- C:\Windows\System\TwxbQbP.exe
  C:\Windows\System\TwxbQbP.exe
  2⤵
  PID:11272
- C:\Windows\System\nbSZkvU.exe
  C:\Windows\System\nbSZkvU.exe
  2⤵
  PID:11316
- C:\Windows\System\dQRcPYC.exe
  C:\Windows\System\dQRcPYC.exe
  2⤵
  PID:11332
- C:\Windows\System\kYlHepD.exe
  C:\Windows\System\kYlHepD.exe
  2⤵
  PID:11352
- C:\Windows\System\ZGDiCfx.exe
  C:\Windows\System\ZGDiCfx.exe
  2⤵
  PID:11372
- C:\Windows\System\YnUQIKA.exe
  C:\Windows\System\YnUQIKA.exe
  2⤵
  PID:11416
- C:\Windows\System\kJxBjuJ.exe
  C:\Windows\System\kJxBjuJ.exe
  2⤵
  PID:11460
- C:\Windows\System\VTPEttK.exe
  C:\Windows\System\VTPEttK.exe
  2⤵
  PID:11504
- C:\Windows\System\vFiTlxA.exe
  C:\Windows\System\vFiTlxA.exe
  2⤵
  PID:11556
- C:\Windows\System\FQYLsUc.exe
  C:\Windows\System\FQYLsUc.exe
  2⤵
  PID:11580
- C:\Windows\System\orJxeKl.exe
  C:\Windows\System\orJxeKl.exe
  2⤵
  PID:11604
- C:\Windows\System\YBolTge.exe
  C:\Windows\System\YBolTge.exe
  2⤵
  PID:11624
- C:\Windows\System\SKHcDFA.exe
  C:\Windows\System\SKHcDFA.exe
  2⤵
  PID:11652
- C:\Windows\System\knpmljr.exe
  C:\Windows\System\knpmljr.exe
  2⤵
  PID:11668
- C:\Windows\System\rlqoepK.exe
  C:\Windows\System\rlqoepK.exe
  2⤵
  PID:11704
- C:\Windows\System\DKsIndN.exe
  C:\Windows\System\DKsIndN.exe
  2⤵
  PID:11736
- C:\Windows\System\NKPcTcB.exe
  C:\Windows\System\NKPcTcB.exe
  2⤵
  PID:11764
- C:\Windows\System\tduYiwG.exe
  C:\Windows\System\tduYiwG.exe
  2⤵
  PID:11784
- C:\Windows\System\FzJsGAS.exe
  C:\Windows\System\FzJsGAS.exe
  2⤵
  PID:11812
- C:\Windows\System\qleqlFs.exe
  C:\Windows\System\qleqlFs.exe
  2⤵
  PID:11832
- C:\Windows\System\HTYnGgS.exe
  C:\Windows\System\HTYnGgS.exe
  2⤵
  PID:11848
- C:\Windows\System\WKlmOmW.exe
  C:\Windows\System\WKlmOmW.exe
  2⤵
  PID:11888
- C:\Windows\System\MncnbeI.exe
  C:\Windows\System\MncnbeI.exe
  2⤵
  PID:11916
- C:\Windows\System\uofPvIl.exe
  C:\Windows\System\uofPvIl.exe
  2⤵
  PID:11944
- C:\Windows\System\JDBEGHx.exe
  C:\Windows\System\JDBEGHx.exe
  2⤵
  PID:11960
- C:\Windows\System\twCtzZq.exe
  C:\Windows\System\twCtzZq.exe
  2⤵
  PID:11980
- C:\Windows\System\XGGQzwT.exe
  C:\Windows\System\XGGQzwT.exe
  2⤵
  PID:12024
- C:\Windows\System\WXoIFbb.exe
  C:\Windows\System\WXoIFbb.exe
  2⤵
  PID:12052
- C:\Windows\System\RqkRHZc.exe
  C:\Windows\System\RqkRHZc.exe
  2⤵
  PID:12072
- C:\Windows\System\HBdwTgN.exe
  C:\Windows\System\HBdwTgN.exe
  2⤵
  PID:12092
- C:\Windows\System\hQZBNZY.exe
  C:\Windows\System\hQZBNZY.exe
  2⤵
  PID:12124
- C:\Windows\System\DCWQDRQ.exe
  C:\Windows\System\DCWQDRQ.exe
  2⤵
  PID:12168
- C:\Windows\System\eRYsgyq.exe
  C:\Windows\System\eRYsgyq.exe
  2⤵
  PID:12224
- C:\Windows\System\bxCUYYh.exe
  C:\Windows\System\bxCUYYh.exe
  2⤵
  PID:12248
- C:\Windows\System\aoJnTwr.exe
  C:\Windows\System\aoJnTwr.exe
  2⤵
  PID:12276
- C:\Windows\System\AHhqHKu.exe
  C:\Windows\System\AHhqHKu.exe
  2⤵
  PID:11092
- C:\Windows\System\aDpAOhP.exe
  C:\Windows\System\aDpAOhP.exe
  2⤵
  PID:11268
- C:\Windows\System\cYevfKR.exe
  C:\Windows\System\cYevfKR.exe
  2⤵
  PID:11328
- C:\Windows\System\zVdgoKg.exe
  C:\Windows\System\zVdgoKg.exe
  2⤵
  PID:11404
- C:\Windows\System\FTCzcES.exe
  C:\Windows\System\FTCzcES.exe
  2⤵
  PID:11444
- C:\Windows\System\bgWCaJi.exe
  C:\Windows\System\bgWCaJi.exe
  2⤵
  PID:11484
- C:\Windows\System\QNZiORa.exe
  C:\Windows\System\QNZiORa.exe
  2⤵
  PID:11564
- C:\Windows\System\uTTRaOr.exe
  C:\Windows\System\uTTRaOr.exe
  2⤵
  PID:11616
- C:\Windows\System\JTUYODo.exe
  C:\Windows\System\JTUYODo.exe
  2⤵
  PID:11684
- C:\Windows\System\qxisXpj.exe
  C:\Windows\System\qxisXpj.exe
  2⤵
  PID:11728
- C:\Windows\System\MzpjZUq.exe
  C:\Windows\System\MzpjZUq.exe
  2⤵
  PID:11864
- C:\Windows\System\PtZJZYK.exe
  C:\Windows\System\PtZJZYK.exe
  2⤵
  PID:11952
- C:\Windows\System\tvTkCgM.exe
  C:\Windows\System\tvTkCgM.exe
  2⤵
  PID:12060
- C:\Windows\System\GAboedN.exe
  C:\Windows\System\GAboedN.exe
  2⤵
  PID:12100
- C:\Windows\System\KOMmcho.exe
  C:\Windows\System\KOMmcho.exe
  2⤵
  PID:12192
- C:\Windows\System\FqINuDJ.exe
  C:\Windows\System\FqINuDJ.exe
  2⤵
  PID:12244
- C:\Windows\System\tVfrWAo.exe
  C:\Windows\System\tVfrWAo.exe
  2⤵
  PID:11348
- C:\Windows\System\mScjNcZ.exe
  C:\Windows\System\mScjNcZ.exe
  2⤵
  PID:11292
- C:\Windows\System\RdphZdQ.exe
  C:\Windows\System\RdphZdQ.exe
  2⤵
  PID:11488
- C:\Windows\System\jFuKyVo.exe
  C:\Windows\System\jFuKyVo.exe
  2⤵
  PID:11576
- C:\Windows\System\UTNBKmb.exe
  C:\Windows\System\UTNBKmb.exe
  2⤵
  PID:11716
- C:\Windows\System\bBqFrbz.exe
  C:\Windows\System\bBqFrbz.exe
  2⤵
  PID:11896
- C:\Windows\System\mcNCcJd.exe
  C:\Windows\System\mcNCcJd.exe
  2⤵
  PID:12156
- C:\Windows\System\XmasDFT.exe
  C:\Windows\System\XmasDFT.exe
  2⤵
  PID:10896
- C:\Windows\System\bsWfooG.exe
  C:\Windows\System\bsWfooG.exe
  2⤵
  PID:11424
- C:\Windows\System\dcPvJYC.exe
  C:\Windows\System\dcPvJYC.exe
  2⤵
  PID:11512
- C:\Windows\System\lzICysb.exe
  C:\Windows\System\lzICysb.exe
  2⤵
  PID:12140
- C:\Windows\System\DeMSLiX.exe
  C:\Windows\System\DeMSLiX.exe
  2⤵
  PID:11880
- C:\Windows\System\RJRSRur.exe
  C:\Windows\System\RJRSRur.exe
  2⤵
  PID:12296
- C:\Windows\System\fAJEbJG.exe
  C:\Windows\System\fAJEbJG.exe
  2⤵
  PID:12324
- C:\Windows\System\ijaSmCJ.exe
  C:\Windows\System\ijaSmCJ.exe
  2⤵
  PID:12352
- C:\Windows\System\MJBiWsz.exe
  C:\Windows\System\MJBiWsz.exe
  2⤵
  PID:12388
- C:\Windows\System\HqXtcRq.exe
  C:\Windows\System\HqXtcRq.exe
  2⤵
  PID:12408
- C:\Windows\System\ZAgGRYB.exe
  C:\Windows\System\ZAgGRYB.exe
  2⤵
  PID:12448
- C:\Windows\System\MPpWkso.exe
  C:\Windows\System\MPpWkso.exe
  2⤵
  PID:12468
- C:\Windows\System\xyIDvMp.exe
  C:\Windows\System\xyIDvMp.exe
  2⤵
  PID:12512
- C:\Windows\System\RtHLOMR.exe
  C:\Windows\System\RtHLOMR.exe
  2⤵
  PID:12532
- C:\Windows\System\FDFxvxl.exe
  C:\Windows\System\FDFxvxl.exe
  2⤵
  PID:12552
- C:\Windows\System\NEAxoMg.exe
  C:\Windows\System\NEAxoMg.exe
  2⤵
  PID:12568
- C:\Windows\System\YrhUkfc.exe
  C:\Windows\System\YrhUkfc.exe
  2⤵
  PID:12612
- C:\Windows\System\wZrdliC.exe
  C:\Windows\System\wZrdliC.exe
  2⤵
  PID:12656
- C:\Windows\System\zirEggX.exe
  C:\Windows\System\zirEggX.exe
  2⤵
  PID:12672
- C:\Windows\System\hZJyooR.exe
  C:\Windows\System\hZJyooR.exe
  2⤵
  PID:12692
- C:\Windows\System\JxLFFTz.exe
  C:\Windows\System\JxLFFTz.exe
  2⤵
  PID:12708
- C:\Windows\System\XHyEtby.exe
  C:\Windows\System\XHyEtby.exe
  2⤵
  PID:12728
- C:\Windows\System\XfGJLrW.exe
  C:\Windows\System\XfGJLrW.exe
  2⤵
  PID:12768
- C:\Windows\System\BeEBHtn.exe
  C:\Windows\System\BeEBHtn.exe
  2⤵
  PID:12816
- C:\Windows\System\FrOpIFV.exe
  C:\Windows\System\FrOpIFV.exe
  2⤵
  PID:12848
- C:\Windows\System\aLlOSlL.exe
  C:\Windows\System\aLlOSlL.exe
  2⤵
  PID:12872
- C:\Windows\System\dEvZBQP.exe
  C:\Windows\System\dEvZBQP.exe
  2⤵
  PID:12896
- C:\Windows\System\OUnuwvW.exe
  C:\Windows\System\OUnuwvW.exe
  2⤵
  PID:12912
- C:\Windows\System\QQqYcMF.exe
  C:\Windows\System\QQqYcMF.exe
  2⤵
  PID:12940
- C:\Windows\System\aBOCzXb.exe
  C:\Windows\System\aBOCzXb.exe
  2⤵
  PID:12956
- C:\Windows\System\qSwTGxQ.exe
  C:\Windows\System\qSwTGxQ.exe
  2⤵
  PID:12980
- C:\Windows\System\zKQNInK.exe
  C:\Windows\System\zKQNInK.exe
  2⤵
  PID:12996
- C:\Windows\System\iZhNbcQ.exe
  C:\Windows\System\iZhNbcQ.exe
  2⤵
  PID:13016
- C:\Windows\System\XywxJsX.exe
  C:\Windows\System\XywxJsX.exe
  2⤵
  PID:13044
- C:\Windows\System\VxTnCsw.exe
  C:\Windows\System\VxTnCsw.exe
  2⤵
  PID:13072
- C:\Windows\System\qGyHSAP.exe
  C:\Windows\System\qGyHSAP.exe
  2⤵
  PID:13136
- C:\Windows\System\lPkosyl.exe
  C:\Windows\System\lPkosyl.exe
  2⤵
  PID:13180
- C:\Windows\System\SiLqnqD.exe
  C:\Windows\System\SiLqnqD.exe
  2⤵
  PID:13220
- C:\Windows\System\troiHEr.exe
  C:\Windows\System\troiHEr.exe
  2⤵
  PID:13268
- C:\Windows\System\KATvXVQ.exe
  C:\Windows\System\KATvXVQ.exe
  2⤵
  PID:13288
- C:\Windows\System\EmTJpnD.exe
  C:\Windows\System\EmTJpnD.exe
  2⤵
  PID:11820
- C:\Windows\System\oWDvucb.exe
  C:\Windows\System\oWDvucb.exe
  2⤵
  PID:10476
- C:\Windows\System\oTcBIxj.exe
  C:\Windows\System\oTcBIxj.exe
  2⤵
  PID:12344
- C:\Windows\System\rjzPHcd.exe
  C:\Windows\System\rjzPHcd.exe
  2⤵
  PID:12400
- C:\Windows\System\nATiJEk.exe
  C:\Windows\System\nATiJEk.exe
  2⤵
  PID:12432
- C:\Windows\System\PLwzcRd.exe
  C:\Windows\System\PLwzcRd.exe
  2⤵
  PID:12524
- C:\Windows\System\ZjaYyXm.exe
  C:\Windows\System\ZjaYyXm.exe
  2⤵
  PID:12584
- C:\Windows\System\jnDtWUl.exe
  C:\Windows\System\jnDtWUl.exe
  2⤵
  PID:12688
- C:\Windows\System\vrPHdwP.exe
  C:\Windows\System\vrPHdwP.exe
  2⤵
  PID:12724
- C:\Windows\System\hGHozpZ.exe
  C:\Windows\System\hGHozpZ.exe
  2⤵
  PID:12800
- C:\Windows\System\DBaCBdT.exe
  C:\Windows\System\DBaCBdT.exe
  2⤵
  PID:12856
- C:\Windows\System\zttTejC.exe
  C:\Windows\System\zttTejC.exe
  2⤵
  PID:12964
- C:\Windows\System\KOzpbTR.exe
  C:\Windows\System\KOzpbTR.exe
  2⤵
  PID:12992
- C:\Windows\System\BjNHuOP.exe
  C:\Windows\System\BjNHuOP.exe
  2⤵
  PID:13004
- C:\Windows\System\vLeCqDm.exe
  C:\Windows\System\vLeCqDm.exe
  2⤵
  PID:13056
- C:\Windows\System\LLCNfjG.exe
  C:\Windows\System\LLCNfjG.exe
  2⤵
  PID:13152
- C:\Windows\System\HYfaXKU.exe
  C:\Windows\System\HYfaXKU.exe
  2⤵
  PID:13128
- C:\Windows\System\izoXSCF.exe
  C:\Windows\System\izoXSCF.exe
  2⤵
  PID:13212
- C:\Windows\System\rkapvry.exe
  C:\Windows\System\rkapvry.exe
  2⤵
  PID:13276
- C:\Windows\System\sCemoyc.exe
  C:\Windows\System\sCemoyc.exe
  2⤵
  PID:12320
- C:\Windows\System\pdckHzi.exe
  C:\Windows\System\pdckHzi.exe
  2⤵
  PID:12312
- C:\Windows\System\binshIB.exe
  C:\Windows\System\binshIB.exe
  2⤵
  PID:12668
- C:\Windows\System\BRinNqg.exe
  C:\Windows\System\BRinNqg.exe
  2⤵
  PID:12884
- C:\Windows\System\DrdeAOt.exe
  C:\Windows\System\DrdeAOt.exe
  2⤵
  PID:12904
- C:\Windows\System\LlGgnyJ.exe
  C:\Windows\System\LlGgnyJ.exe
  2⤵
  PID:13096
- C:\Windows\System\ndClwRu.exe
  C:\Windows\System\ndClwRu.exe
  2⤵
  PID:12464
- C:\Windows\System\FbarNUQ.exe
  C:\Windows\System\FbarNUQ.exe
  2⤵
  PID:11296
- C:\Windows\System\dJzkryc.exe
  C:\Windows\System\dJzkryc.exe
  2⤵
  PID:12740
- C:\Windows\System\EOwowBW.exe
  C:\Windows\System\EOwowBW.exe
  2⤵
  PID:12976
- C:\Windows\System\NYjzulU.exe
  C:\Windows\System\NYjzulU.exe
  2⤵
  PID:13368
- C:\Windows\System\UexziiL.exe
  C:\Windows\System\UexziiL.exe
  2⤵
  PID:13392
- C:\Windows\System\COYbiHp.exe
  C:\Windows\System\COYbiHp.exe
  2⤵
  PID:13416
- C:\Windows\System\AozUkKa.exe
  C:\Windows\System\AozUkKa.exe
  2⤵
  PID:13436
- C:\Windows\System\zmzRetC.exe
  C:\Windows\System\zmzRetC.exe
  2⤵
  PID:13460
- C:\Windows\System\pLSnPnI.exe
  C:\Windows\System\pLSnPnI.exe
  2⤵
  PID:13480
- C:\Windows\System\hsZjMWh.exe
  C:\Windows\System\hsZjMWh.exe
  2⤵
  PID:13512
- C:\Windows\System\sQyzMFe.exe
  C:\Windows\System\sQyzMFe.exe
  2⤵
  PID:13536
- C:\Windows\System\tuTLJcY.exe
  C:\Windows\System\tuTLJcY.exe
  2⤵
  PID:13584
- C:\Windows\System\waPquRb.exe
  C:\Windows\System\waPquRb.exe
  2⤵
  PID:13612
- C:\Windows\System\ybYwzJf.exe
  C:\Windows\System\ybYwzJf.exe
  2⤵
  PID:13628
- C:\Windows\System\dvKswxe.exe
  C:\Windows\System\dvKswxe.exe
  2⤵
  PID:13644
- C:\Windows\System\jbBvaQw.exe
  C:\Windows\System\jbBvaQw.exe
  2⤵
  PID:13668
- C:\Windows\System\IGcVTdk.exe
  C:\Windows\System\IGcVTdk.exe
  2⤵
  PID:13716
- C:\Windows\System\JADBbMr.exe
  C:\Windows\System\JADBbMr.exe
  2⤵
  PID:13732
- C:\Windows\System\BzDwpwM.exe
  C:\Windows\System\BzDwpwM.exe
  2⤵
  PID:13752
- C:\Windows\System\wvxdqui.exe
  C:\Windows\System\wvxdqui.exe
  2⤵
  PID:13804
- C:\Windows\System\XhxHjVc.exe
  C:\Windows\System\XhxHjVc.exe
  2⤵
  PID:13848
- C:\Windows\System\uejmHHP.exe
  C:\Windows\System\uejmHHP.exe
  2⤵
  PID:13880
- C:\Windows\System\gTYiAzY.exe
  C:\Windows\System\gTYiAzY.exe
  2⤵
  PID:13912
- C:\Windows\System\sCTtMJP.exe
  C:\Windows\System\sCTtMJP.exe
  2⤵
  PID:13944
- C:\Windows\System\HwwXvRv.exe
  C:\Windows\System\HwwXvRv.exe
  2⤵
  PID:13960
- C:\Windows\System\MDHdbMC.exe
  C:\Windows\System\MDHdbMC.exe
  2⤵
  PID:13976
- C:\Windows\System\pCXbSrH.exe
  C:\Windows\System\pCXbSrH.exe
  2⤵
  PID:14008
- C:\Windows\System\eezloAZ.exe
  C:\Windows\System\eezloAZ.exe
  2⤵
  PID:14032
- C:\Windows\System\hDZZHik.exe
  C:\Windows\System\hDZZHik.exe
  2⤵
  PID:14052
- C:\Windows\System\yLbFPLa.exe
  C:\Windows\System\yLbFPLa.exe
  2⤵
  PID:14072
- C:\Windows\System\aclYQyr.exe
  C:\Windows\System\aclYQyr.exe
  2⤵
  PID:14092
- C:\Windows\System\aCLtxRf.exe
  C:\Windows\System\aCLtxRf.exe
  2⤵
  PID:14128
- C:\Windows\System\ZMSybkH.exe
  C:\Windows\System\ZMSybkH.exe
  2⤵
  PID:14152
- C:\Windows\System\jIqJFEm.exe
  C:\Windows\System\jIqJFEm.exe
  2⤵
  PID:14176
- C:\Windows\System\DUVOzLn.exe
  C:\Windows\System\DUVOzLn.exe
  2⤵
  PID:14192
- C:\Windows\System\dtRxZxu.exe
  C:\Windows\System\dtRxZxu.exe
  2⤵
  PID:14260
- C:\Windows\System\lUQPuto.exe
  C:\Windows\System\lUQPuto.exe
  2⤵
  PID:14284
- C:\Windows\System\GbtiwDF.exe
  C:\Windows\System\GbtiwDF.exe
  2⤵
  PID:14308
- C:\Windows\System\dPDkynK.exe
  C:\Windows\System\dPDkynK.exe
  2⤵
  PID:13304
- C:\Windows\System\teRPCmu.exe
  C:\Windows\System\teRPCmu.exe
  2⤵
  PID:12840
- C:\Windows\System\yjYyUrO.exe
  C:\Windows\System\yjYyUrO.exe
  2⤵
  PID:13496
- C:\Windows\System\bzGBnSf.exe
  C:\Windows\System\bzGBnSf.exe
  2⤵
  PID:13504
- C:\Windows\System\ARhkJhR.exe
  C:\Windows\System\ARhkJhR.exe
  2⤵
  PID:2484
- C:\Windows\System\VBTbeAD.exe
  C:\Windows\System\VBTbeAD.exe
  2⤵
  PID:13508
- C:\Windows\System\GzyAGoO.exe
  C:\Windows\System\GzyAGoO.exe
  2⤵
  PID:13560
- C:\Windows\System\uwbYbEQ.exe
  C:\Windows\System\uwbYbEQ.exe
  2⤵
  PID:13636
- C:\Windows\System\srllujv.exe
  C:\Windows\System\srllujv.exe
  2⤵
  PID:13740
- C:\Windows\System\GbBkobL.exe
  C:\Windows\System\GbBkobL.exe
  2⤵
  PID:13828
- C:\Windows\System\wNrFBTa.exe
  C:\Windows\System\wNrFBTa.exe
  2⤵
  PID:13820
- C:\Windows\System\vddJDhQ.exe
  C:\Windows\System\vddJDhQ.exe
  2⤵
  PID:13904
- C:\Windows\System\fUxjwFB.exe
  C:\Windows\System\fUxjwFB.exe
  2⤵
  PID:13924
- C:\Windows\System\CDUuMjZ.exe
  C:\Windows\System\CDUuMjZ.exe
  2⤵
  PID:13952
- C:\Windows\System\KEQOuNN.exe
  C:\Windows\System\KEQOuNN.exe
  2⤵
  PID:14020
- C:\Windows\System\HjRxfyM.exe
  C:\Windows\System\HjRxfyM.exe
  2⤵
  PID:13112
- C:\Windows\System\VxvQGHp.exe
  C:\Windows\System\VxvQGHp.exe
  2⤵
  PID:14252
- C:\Windows\System\Knnduzs.exe
  C:\Windows\System\Knnduzs.exe
  2⤵
  PID:14304
- C:\Windows\System\rqUDYLO.exe
  C:\Windows\System\rqUDYLO.exe
  2⤵
  PID:12640
- C:\Windows\System\tInKLit.exe
  C:\Windows\System\tInKLit.exe
  2⤵
  PID:1368
- C:\Windows\System\OiEdtNc.exe
  C:\Windows\System\OiEdtNc.exe
  2⤵
  PID:13528
- C:\Windows\System\FRCIpHb.exe
  C:\Windows\System\FRCIpHb.exe
  2⤵
  PID:13724
- C:\Windows\System\vAjcicv.exe
  C:\Windows\System\vAjcicv.exe
  2⤵
  PID:13728

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\Albhouu.exe

Filesize
1.2MB

MD5
fbca0b9d307929caacfdd3274007e8f0

SHA1
0bd90691be5c93cf2a2b1134a4e8c6a6169d69fe

SHA256
9f83b609e9fe271f222254aaa57a933b8d5c4331167da667fb6a06803633b189

SHA512
bfecf7b909009423edf266bdf7bd4d91a447a8b71f93a5a7b199e33a13a59ed8cd99582c5c4e4be22bb8224da667a0300dd766c93a7e3e9a78922b3c3cc9e178

Download Submit
C:\Windows\System\CRpOcOt.exe

Filesize
1.2MB

MD5
0f39ebdabeb141c73815fbd73fde0f90

SHA1
cad8dfeab68ae2a7fd28cf746672b239f04c4916

SHA256
ac2d4062a4c1830e5dbc55cf9b5236c1e16d4b693499e77a3cae34cca9fdde2e

SHA512
78dab637755ad1fc0fa917da1515d05a04abc80f7b5c18dcb8d23689944157c30750f8726c3b0538f1042a9b31f2b4b052ff0e3d030d23fa58bda22adbee164e

Download Submit
C:\Windows\System\CvxDFRw.exe

Filesize
1.2MB

MD5
3ca1fd8292c12fea3593392b26a06d63

SHA1
564763d2fff565fb2013de61b8a24c18886057db

SHA256
11dbfe55aa18d699ba7493d8fbee77cba948292d49eb2da725dc56d0549be826

SHA512
4687efabc28c8dddce31ef9ccd369128edbfa4e469c7025ca9fb0e97f51f83f51ba29ef6f0520e966645ca214fd8a7694850308f9d8cdffc87de18f2a38c3c94

Download Submit
C:\Windows\System\FRQZZFp.exe

Filesize
1.2MB

MD5
aa00ec82e594070eebf25c675895ef56

SHA1
882b5a4633d8dae34d068c7fc8ebb529290b0948

SHA256
22640f69d34a69084ec25a5ad4c0085a5254cb78c327e170af2cc0469bffd3a8

SHA512
be733ddaf58135281c3ab682c229a68d160ab5f55071fbb7a83573735496062d847b8e9dca100281dd7beeb2702c98efb5e523525f0a2b51439c0ca6ba375145

Download Submit
C:\Windows\System\FVMsmqC.exe

Filesize
1.2MB

MD5
b948129e511c2a9643eef273cb4aea80

SHA1
1e3056ff2e2e0b493f5c9e0d46a7e05c0e0f1a66

SHA256
fefed68719d10e672f8d237099d1ba132273509f4630eac35ec29131e123a0d6

SHA512
9931bf68dee5b75e656dc7b1ad793347a02837f4e7f207fea40df6831a37dcd3b8ac74ee11515b5ae0dea53f6a6c588d09ef70cb7bb86a48dba83d5a72f7e962

Download Submit
C:\Windows\System\GzYzBRS.exe

Filesize
1.3MB

MD5
1bc067e0a4c1b091a369b450fc894878

SHA1
6de01b124e50648385780f634b00049438d9cf5a

SHA256
edf2f48c6266d211933f38fadd9d00c75c888fcb72c1ea9b2b7a38563a638cc4

SHA512
037e79df39d06334cbd84fdb8dba0eff430249bbeecb4c1b4ca61b222789693f1bc968a9a991d39201cf436cbcde5cd1962eb39b91d2dfdb51b74f80931de05e

Download Submit
C:\Windows\System\JGwPmPg.exe

Filesize
1.2MB

MD5
1583a442d07649eaefedb3ebdd9ce758

SHA1
491404c75c63eac36f0787074e6073cdd894d0f5

SHA256
f22d94882d90b363e540d6632743395753d9d98b1afa239b7845a97bdd0ac186

SHA512
e40484c01348d95ef0e699849ad88910608d4e1d4b5b9330c4ecb8a490b135aa7848c4f1036bc1b0372e1ba3fdd461a2e99737268763fb746a46dc586a63698d

Download Submit
C:\Windows\System\KJzzipR.exe

Filesize
1.2MB

MD5
6997f3673e97542ee035f45539b31e0d

SHA1
72514dd8d868f248381ffd98456168e7220e3c55

SHA256
09bacb5c5f1636433b3dd4ad620fd94d87b3c200b9331454c2d27a170bb4217d

SHA512
5a78c7d392450619602318591bdcffb62d14e883b1305fc496c3e6f4a8d779ce1efade46842cc10b9debd7aa610c64bd439508ca7c10ae3062a7869fa804a70f

Download Submit
C:\Windows\System\OpHpkuV.exe

Filesize
1.2MB

MD5
14aa94323468453c1ac054fbc32d8962

SHA1
d2486c06bfc6cde89eb1174efa7521a7f7eb1953

SHA256
db20976034e644ca0cb333267a7d7f6ea1c6991a94d74f7f1bbcd7e10fbe3347

SHA512
0726fdd87e0b0fe12a46ed3c8ee34e2390c3f2f34c4e130093650c104ec13b5aa8d11b09ca7074a203a35b60ca3969de8cb6b3eebc7390ca90e53531004b69a7

Download Submit
C:\Windows\System\SebQuqJ.exe

Filesize
1.2MB

MD5
181f394820151232f83de223a49d82f4

SHA1
ca15b2329425b702e89c54e97a7f89af671e513d

SHA256
279a727d882b05151f7402f765eec98c2b4cc3f643c32e0e045d17bc9fe519bc

SHA512
3da36ed4b6f75558c0f1e3a4b2635f71cbb35881747b5b0254e2428319da4d476c543dc17667410e8ae0c4fab93bfc7714330033c475687758f87556b01c02a4

Download Submit
C:\Windows\System\UpwsuuI.exe

Filesize
1.2MB

MD5
3aa4df729d4c7e6c4f508c4010c7c7d8

SHA1
bd7f402b505639409207d229a9a9b8a076d96624

SHA256
dcde4ed24a933dddef28047f811e02a6d3c033ee76258f6e7531c1a381147c87

SHA512
2192af4ad1d2f9c8f4849e4735e67c33302b6f7cf390f2f6b3c9e7ca637a5aadd925af1fbd0fe99bdc1648efe2450328db6034a5f2c9b5889e826dfe6c544af7

Download Submit
C:\Windows\System\WSYNrpd.exe

Filesize
1.3MB

MD5
f060fcc7a68172b44d10baf820ba5ec5

SHA1
3066e0ca82ec94afd6598397326154133fe5f138

SHA256
65fb6e00c416071567ff3dd5488bfe36f07fe107c90189b243f0265baa0e5690

SHA512
62c4109354d98821584646402e7e73f4e10bf515556b3da0f46c33022796947b1f243d6bb8b75441da3d4030c601c3f83cefb9a58fccdbbebbdaf4f424aee321

Download Submit
C:\Windows\System\WvUyizx.exe

Filesize
1.2MB

MD5
204eb2e011af7f3bb53eee82e126ef6a

SHA1
b9afebd350abf3ec4ecb5de3d73e9631239407f2

SHA256
a725bdd89d19d8e87f3a6b04730cae4f802bbec3f70f1516b4c3fe3900cc5886

SHA512
560577de86f87abdabf0f2f9ecfd759e90a80cca078af9aa91c53c847d09790dc554abaabafc7d19e5e5f19365d523ad0af6d3863ab8ce0768a915eedda9c90c

Download Submit
C:\Windows\System\XlNONzS.exe

Filesize
1.2MB

MD5
94677b14c639eecb9017d317a825681f

SHA1
4707db0057881077524d7e7bf02be464bf28d288

SHA256
fd1fb7e0fbfb107b81fb23a5336326b1285b8120f2b79fc814b214e88f57fbaf

SHA512
959ca5be4fbdc1872b4db60cd7741a9d36be217c452753679fe6e27dde6491cd24a1e6a3611dd456813df95967b5904574c76077be2a37779c12858c1aed1ee5

Download Submit
C:\Windows\System\ctuYFbO.exe

Filesize
1.3MB

MD5
4a187540396023e85f57160e2d360a1c

SHA1
1579d33fb973c52d811f372836672e6b6d3f6fb7

SHA256
73f4bdcd911ac29c2dfa4d7cf717e81b2796032267c817b986837907f8e7a051

SHA512
c4b97b53d85d329309bab0b06c1f047dde7fda60467e9c4e0e975c26d438e01e417b285c7028371eb74411edac73c0db7d480859d006b339551e10a020518aea

Download Submit
C:\Windows\System\dDpZGFb.exe

Filesize
1.2MB

MD5
665e62cb134d58653aeb797dc61b9525

SHA1
973cc78e54932f24c0c247c369f893417d6896d2

SHA256
665662029275107baf92505b636408da88577d62e46e44144474e41967a6e6b2

SHA512
9ecfba5acf3b30212730db7810bacd438ee5ced8621493d8f80c195eabff240d380096b9b13b4504433c9e3554a2bad353c3f75554408fc79f6030dc8b0671d1

Download Submit
C:\Windows\System\fwVZnSJ.exe

Filesize
1.2MB

MD5
bd706770b2f0bf32501795637695c987

SHA1
c5ce487ece7d0e51ac78d67db66236be6d71361a

SHA256
78f8518617e369343ba28f621f1e73d0a8bbfcffce27f17859d1d98030245344

SHA512
ad11def82e975e24357e2c0aa67868806e5c7f06e82d10b238d6d0798c190805ec332da0526add74b8535120db4dfae9a20571a1acb226f21bbc84eac19375e6

Download Submit
C:\Windows\System\hJHDamh.exe

Filesize
1.2MB

MD5
e5f3e565ee636a6eabf6951279a4a87b

SHA1
1eb59e17f8fab3ad1678f9a831a5856b713242fb

SHA256
7b3b533e9f3ab6c5ad62685d84bdc869fc4e5dcc71ed71dd124f67222936e473

SHA512
7265d947bfecc5192ab824b4470aba3234ea161d121b1630706dc6f96dc253d9d0bc996eb5aca99386ef961ac05085d4473501b31c2a631b7ec0bb6576655938

Download Submit
C:\Windows\System\icxfSrQ.exe

Filesize
1.2MB

MD5
e038b374e8e3636390fe55463d61197f

SHA1
6d5e8a4752dea994abe2e5c56ffd0780d888c5ae

SHA256
ae2c689ceabd07628293ba83dd8ebf17c3e48c65728bb4022451a12ef04f5490

SHA512
3b0753a321eeb7389b128cec12280f3270a6153defb8a21ce9e624fbc5f737c5bf37cde87e1e11c5b3e69a6e0cb60138e313d69c58a07faeebce4969249932dc

Download Submit
C:\Windows\System\jeUTRet.exe

Filesize
1.2MB

MD5
0ba130ef9e980dbb73b5852a77857e66

SHA1
a4f0bfd9262ecc4d6c6d44fb6192eeb38037bf9e

SHA256
f2218c2e4c9630344f35554c2454fc852ae46ce68f31dbba06e637a69fb468a1

SHA512
a458242fcb3c7dd0c9e8f06d25fec44678b0b8dd43cb49f47aa43d34206b4228d0f845e1ef86ba939778347c401df25842af536c9fe58ba67c0b6313b71ed241

Download Submit
C:\Windows\System\khvmSJP.exe

Filesize
1.3MB

MD5
450bedf493c21f152749e77bf49cb4a6

SHA1
8567f9857e4bf3fcf982384e49f2bfdbe261ec2f

SHA256
ce723550054a3245c343c782a6846a9e4d362cb6cc7bb77526c864ec89a8264f

SHA512
599c60b4d6bb96e7609ede84c8abf878d641d7db28546b84d1386ac2b90f524ae6ed4d9813b936e63bcf5f6d54e0c7f64599924de3c234a73243d71e80b397fe

Download Submit
C:\Windows\System\oWbANQI.exe

Filesize
1.3MB

MD5
54a7c8c958958c440c20b8489ffe4adb

SHA1
8a3dcdc0369114e88c820e17a879e9bc4092cd8c

SHA256
e565fdfadf1779debacd37b50afad6b4817f958eeabd09431eec6d3b14c5763b

SHA512
63400961bc68605d5e455ce159f312bc009a9fde0984c6cf5d3d912c1e118b9a7c184baa2c0971a5bd51fdb87cbffb77e4db798884505d88d6f35fe77ac95cb3

Download Submit
C:\Windows\System\oYsXIXw.exe

Filesize
1.2MB

MD5
5147239ee74881d91a23a4d6b3895d55

SHA1
438d3c87a3ba35555c9c169d284d323ba3b585e8

SHA256
028fb762c24c69348748048112adca89a8200d5e3be69e1155d95a384dbce533

SHA512
844cb855cf99f3b302fd0b6e7ebe8371baba9989a81bad1b329f2c7c5fa3541a19f9380f81de5d336fee6b2f16f62f8c0658fb4757478fd8347dd546b996d277

Download Submit
C:\Windows\System\pLSMSgZ.exe

Filesize
1.2MB

MD5
d6b1d8e79c94237ca1f4a312761e734d

SHA1
467f4e974876166319920298318a5f58cfd0850c

SHA256
2d80bcf3d353834262a842437a8d932cf87b32c627bb3254cd4601671e16f649

SHA512
5ce5e5caaebd5fb0a8778f4b466024cea1a5f8705c89fd0625731b19bd091f8220edf67e880562c0b0738a7fb085b5c479f57e0cad7ee40f3015315ad028d184

Download Submit
C:\Windows\System\smOVuKX.exe

Filesize
1.2MB

MD5
fdb0aaff3c9b08729e87ad3cad4e2565

SHA1
2624c459ba2d6d9a974132bf6aec29a3eef2a9c9

SHA256
b7b119f5d5be32f791c6e3a7f721c21420d7e44d280c07b73cecf193fc346ed9

SHA512
56905c648f57593678db96b8684660dcc47680a592c8844e31a88f39efe4bad83f661c65a8168f15dcb99fcfbdca2a3297f898c133d5b1bfa851fa6efab0fb51

Download Submit
C:\Windows\System\suPzCaZ.exe

Filesize
1.2MB

MD5
ce01463ff2cfbe5b42f8a077f7d11e37

SHA1
3d23858c156ab40acd30f4fdfd6a8a3f5d269c61

SHA256
2ea1f97f1c2cb3ff784268caeecb57b6bb905ee2ed16d79063c00238c21bb7f1

SHA512
02ced533b2fd835cbc7d4008cc7007bd0ff7f0889f1da7a2638272a86cf3378a5a1f2f474f1b044305978611c677492bb56b84994eb5efb86d883e8edd0e090f

Download Submit
C:\Windows\System\uYfGhHW.exe

Filesize
1.2MB

MD5
b9100de075b15659de873a4f52e5a558

SHA1
e338119f5cb2641946e44804380f5781bf4f8b10

SHA256
9ed99da3b5d91cd740251d49513932bdabc2c8a76685670ce239a72b4512466a

SHA512
7f9fd1726cbcb6d76fe4f17734861a699c02081b8e8aeec13964b92f1fcebeb7d532084c491bf970da46a03e8dac46d9f07823ab84be0e76018465ab5eea17dd

Download Submit
C:\Windows\System\ueUJDlc.exe

Filesize
1.2MB

MD5
842a4d358752b6c20a76090aa03ca613

SHA1
8781cd266877d39bee31ffd8473c4877bd60d95d

SHA256
758b294b8c4debd068e50e0bc66a317206821b465f2a4d9a00a4b1eca6bd4a94

SHA512
f375c95d68f1ae1b71c0ce71f44fb4818edb21652b81dda77913bbdae406b486debe0cb41489a3e48931b3407dbce396685df395bab279e96959442a639925a9

Download Submit
C:\Windows\System\wJCleyP.exe

Filesize
1.2MB

MD5
69954e94f744c3172dbe16fe15b1dc88

SHA1
2e447456df480202b72d05fd22f9fb9663530e0a

SHA256
23a42f4d1b55d56754c73e8ccbdcec8bde063b2162cbc590ce2d895f9f31c1c8

SHA512
9b04f6b920c49293ffdabc1d40666d57a80ce9587e140c5a85965d72f684b327bd655352d1c7a2a5d225376cdd9e9cbe7f4207f1d617281cbd24757d73c79cdd

Download Submit
C:\Windows\System\xpzzIzm.exe

Filesize
1.2MB

MD5
a3c3054e6ee98af46feed60b0ccb9b5d

SHA1
844c71f6f29f86748222d476dadaeb03e18c5b84

SHA256
638b5f3e067a90c9da6e0fee566a4dfdcb790e09fb75f47c13fa859edf5407f5

SHA512
769a1c1d9a526bf8adce23a85f8880e576ece4359115a373a21d0837ac93b1df8afaa400b17f93d7101203ce9c2d4245cafdec46da5e6de862ba8cab3d4bad1d

Download Submit
C:\Windows\System\yOrjTKb.exe

Filesize
1.2MB

MD5
9a654f0ede4b785a467489a36664a03b

SHA1
56bf51b26e40decd262261cb55de2e6d6d2e8120

SHA256
25ccca379633cefbb0c13120f63e1cb74ba69c7f4a3697ce557540602479b4cf

SHA512
01659281636d0d67c5cbd343ff14f0de3f61bac1de8ec428b28e0a3905006674f81b060378f13ec3a171e410deafb88d23f613a62cc694b3daaa0b979a603687

Download Submit
C:\Windows\System\zCptTXd.exe

Filesize
1.2MB

MD5
8094acb7e1036d448acd42ebeb5b83c0

SHA1
bbe91a82ff630594b739cad6768b9faf4ace8252

SHA256
0e1355e14e0942eb139566a4b385fde08af84573a28c118f22b24b56c0d93f46

SHA512
71771cc857556f78e3f91f1ab3046ef4bd365681a1447017c8554722e52041958ee704ed51cdc6f13da9e29c39f1e9715356df5ad58abe3dbc20a4a7cd0b6cae

Download Submit
C:\Windows\System\zapdYit.exe

Filesize
1.2MB

MD5
1ba5ca46425b56a647158efd60fcdf32

SHA1
729ba76969f1d3e8e6dbc05dde3ec56e2f9eba80

SHA256
ffa03274ba30552b620f0e49ff33948e67ecb65e9c81fcb16621567cc94b97e2

SHA512
e60909435a1487b5ee996e4b3bd367b63dc185ea985b4040fd9b81f4ca588dea7a3a62bda5e2a244232a190d97fcf2a8e1feb6db3969bb56d50d6614f24df1a1

Download Submit
memory/396-25-0x00007FF62E1D0000-0x00007FF62E521000-memory.dmp

Filesize
3.3MB

Download
memory/396-2221-0x00007FF62E1D0000-0x00007FF62E521000-memory.dmp

Filesize
3.3MB

Download
memory/396-2232-0x00007FF62E1D0000-0x00007FF62E521000-memory.dmp

Filesize
3.3MB

Download
memory/440-2268-0x00007FF68D430000-0x00007FF68D781000-memory.dmp

Filesize
3.3MB

Download
memory/440-513-0x00007FF68D430000-0x00007FF68D781000-memory.dmp

Filesize
3.3MB

Download
memory/732-440-0x00007FF65D570000-0x00007FF65D8C1000-memory.dmp

Filesize
3.3MB

Download
memory/732-2242-0x00007FF65D570000-0x00007FF65D8C1000-memory.dmp

Filesize
3.3MB

Download
memory/952-2234-0x00007FF7166A0000-0x00007FF7169F1000-memory.dmp

Filesize
3.3MB

Download
memory/952-20-0x00007FF7166A0000-0x00007FF7169F1000-memory.dmp

Filesize
3.3MB

Download
memory/952-2187-0x00007FF7166A0000-0x00007FF7169F1000-memory.dmp

Filesize
3.3MB

Download
memory/956-438-0x00007FF6411E0000-0x00007FF641531000-memory.dmp

Filesize
3.3MB

Download
memory/956-2236-0x00007FF6411E0000-0x00007FF641531000-memory.dmp

Filesize
3.3MB

Download
memory/1344-478-0x00007FF76C220000-0x00007FF76C571000-memory.dmp

Filesize
3.3MB

Download
memory/1344-2262-0x00007FF76C220000-0x00007FF76C571000-memory.dmp

Filesize
3.3MB

Download
memory/1384-493-0x00007FF735590000-0x00007FF7358E1000-memory.dmp

Filesize
3.3MB

Download
memory/1384-2260-0x00007FF735590000-0x00007FF7358E1000-memory.dmp

Filesize
3.3MB

Download
memory/1496-543-0x00007FF7E22D0000-0x00007FF7E2621000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2289-0x00007FF7E22D0000-0x00007FF7E2621000-memory.dmp

Filesize
3.3MB

Download
memory/1536-2250-0x00007FF6FC330000-0x00007FF6FC681000-memory.dmp

Filesize
3.3MB

Download
memory/1536-459-0x00007FF6FC330000-0x00007FF6FC681000-memory.dmp

Filesize
3.3MB

Download
memory/1552-2276-0x00007FF7FC7A0000-0x00007FF7FCAF1000-memory.dmp

Filesize
3.3MB

Download
memory/1552-523-0x00007FF7FC7A0000-0x00007FF7FCAF1000-memory.dmp

Filesize
3.3MB

Download
memory/1720-1-0x000001F922570000-0x000001F922580000-memory.dmp

Filesize
64KB

Download
memory/1720-0-0x00007FF780C70000-0x00007FF780FC1000-memory.dmp

Filesize
3.3MB

Download
memory/1784-2286-0x00007FF6AD1A0000-0x00007FF6AD4F1000-memory.dmp

Filesize
3.3MB

Download
memory/1784-545-0x00007FF6AD1A0000-0x00007FF6AD4F1000-memory.dmp

Filesize
3.3MB

Download
memory/1956-476-0x00007FF7DD270000-0x00007FF7DD5C1000-memory.dmp

Filesize
3.3MB

Download
memory/1956-2252-0x00007FF7DD270000-0x00007FF7DD5C1000-memory.dmp

Filesize
3.3MB

Download
memory/2492-2272-0x00007FF66B4C0000-0x00007FF66B811000-memory.dmp

Filesize
3.3MB

Download
memory/2492-539-0x00007FF66B4C0000-0x00007FF66B811000-memory.dmp

Filesize
3.3MB

Download
memory/2504-2238-0x00007FF65E800000-0x00007FF65EB51000-memory.dmp

Filesize
3.3MB

Download
memory/2504-446-0x00007FF65E800000-0x00007FF65EB51000-memory.dmp

Filesize
3.3MB

Download
memory/2524-504-0x00007FF6F9E20000-0x00007FF6FA171000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2258-0x00007FF6F9E20000-0x00007FF6FA171000-memory.dmp

Filesize
3.3MB

Download
memory/2900-531-0x00007FF65F240000-0x00007FF65F591000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2274-0x00007FF65F240000-0x00007FF65F591000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2264-0x00007FF6C5800000-0x00007FF6C5B51000-memory.dmp

Filesize
3.3MB

Download
memory/2960-490-0x00007FF6C5800000-0x00007FF6C5B51000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2270-0x00007FF739CC0000-0x00007FF73A011000-memory.dmp

Filesize
3.3MB

Download
memory/2968-536-0x00007FF739CC0000-0x00007FF73A011000-memory.dmp

Filesize
3.3MB

Download
memory/3120-2230-0x00007FF7B8760000-0x00007FF7B8AB1000-memory.dmp

Filesize
3.3MB

Download
memory/3120-18-0x00007FF7B8760000-0x00007FF7B8AB1000-memory.dmp

Filesize
3.3MB

Download
memory/3120-2220-0x00007FF7B8760000-0x00007FF7B8AB1000-memory.dmp

Filesize
3.3MB

Download
memory/3364-2246-0x00007FF7E55E0000-0x00007FF7E5931000-memory.dmp

Filesize
3.3MB

Download
memory/3364-449-0x00007FF7E55E0000-0x00007FF7E5931000-memory.dmp

Filesize
3.3MB

Download
memory/4048-2254-0x00007FF7333D0000-0x00007FF733721000-memory.dmp

Filesize
3.3MB

Download
memory/4048-467-0x00007FF7333D0000-0x00007FF733721000-memory.dmp

Filesize
3.3MB

Download
memory/4408-2186-0x00007FF7D11D0000-0x00007FF7D1521000-memory.dmp

Filesize
3.3MB

Download
memory/4408-9-0x00007FF7D11D0000-0x00007FF7D1521000-memory.dmp

Filesize
3.3MB

Download
memory/4408-2228-0x00007FF7D11D0000-0x00007FF7D1521000-memory.dmp

Filesize
3.3MB

Download
memory/4460-2266-0x00007FF6B5830000-0x00007FF6B5B81000-memory.dmp

Filesize
3.3MB

Download
memory/4460-518-0x00007FF6B5830000-0x00007FF6B5B81000-memory.dmp

Filesize
3.3MB

Download
memory/4468-548-0x00007FF6FBCC0000-0x00007FF6FC011000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2314-0x00007FF6FBCC0000-0x00007FF6FC011000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2244-0x00007FF783570000-0x00007FF7838C1000-memory.dmp

Filesize
3.3MB

Download
memory/4552-441-0x00007FF783570000-0x00007FF7838C1000-memory.dmp

Filesize
3.3MB

Download
memory/4776-2256-0x00007FF716D70000-0x00007FF7170C1000-memory.dmp

Filesize
3.3MB

Download
memory/4776-484-0x00007FF716D70000-0x00007FF7170C1000-memory.dmp

Filesize
3.3MB

Download
memory/5032-2224-0x00007FF6A9150000-0x00007FF6A94A1000-memory.dmp

Filesize
3.3MB

Download
memory/5032-33-0x00007FF6A9150000-0x00007FF6A94A1000-memory.dmp

Filesize
3.3MB

Download
memory/5032-2408-0x00007FF6A9150000-0x00007FF6A94A1000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2240-0x00007FF7639B0000-0x00007FF763D01000-memory.dmp

Filesize
3.3MB

Download
memory/5072-453-0x00007FF7639B0000-0x00007FF763D01000-memory.dmp

Filesize
3.3MB

Download
memory/5092-2248-0x00007FF640890000-0x00007FF640BE1000-memory.dmp

Filesize
3.3MB

Download
memory/5092-439-0x00007FF640890000-0x00007FF640BE1000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads