xmrig | d2b1da98338430c462e153c8268c93b978719ea7cce5be97b94d7fd1008ef5bb

Analysis

max time kernel
147s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
Size

2.2MB
MD5

8c667c048cb332ecf6ab94aa4dd9bfc0
SHA1

ca39f6f2df57d71d0a3ca743f8d7b22d2fe6fe08
SHA256

d2b1da98338430c462e153c8268c93b978719ea7cce5be97b94d7fd1008ef5bb
SHA512

6aac7b8ce7c74dd32ef0d8b8160f74d958ca54622f9b709efd93376753ec747915d5e90784e0e609f266b533592162f597db0b641ff8d0a6dbd924940561c16a
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGMdXIxDzYKw4TxHR7:BemTLkNdfE0pZru

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/216-0-0x00007FF7939D0000-0x00007FF793D24000-memory.dmp	xmrig
behavioral2/files/0x0009000000023470-5.dat	xmrig
behavioral2/files/0x0007000000023478-10.dat	xmrig
behavioral2/files/0x0007000000023477-15.dat	xmrig
behavioral2/files/0x0007000000023479-29.dat	xmrig
behavioral2/files/0x000700000002347a-34.dat	xmrig
behavioral2/memory/692-38-0x00007FF7A49E0000-0x00007FF7A4D34000-memory.dmp	xmrig
behavioral2/files/0x000700000002347c-44.dat	xmrig
behavioral2/files/0x000700000002347e-53.dat	xmrig
behavioral2/files/0x0007000000023481-65.dat	xmrig
behavioral2/files/0x0007000000023484-86.dat	xmrig
behavioral2/files/0x0007000000023487-101.dat	xmrig
behavioral2/files/0x000700000002348b-121.dat	xmrig
behavioral2/files/0x0007000000023490-140.dat	xmrig
behavioral2/memory/4848-739-0x00007FF62A140000-0x00007FF62A494000-memory.dmp	xmrig
behavioral2/memory/4896-741-0x00007FF643C50000-0x00007FF643FA4000-memory.dmp	xmrig
behavioral2/memory/3964-740-0x00007FF76A6D0000-0x00007FF76AA24000-memory.dmp	xmrig
behavioral2/memory/3668-742-0x00007FF652EE0000-0x00007FF653234000-memory.dmp	xmrig
behavioral2/memory/4080-745-0x00007FF74D790000-0x00007FF74DAE4000-memory.dmp	xmrig
behavioral2/memory/4348-746-0x00007FF7C32B0000-0x00007FF7C3604000-memory.dmp	xmrig
behavioral2/memory/3484-747-0x00007FF79A520000-0x00007FF79A874000-memory.dmp	xmrig
behavioral2/memory/876-750-0x00007FF6173D0000-0x00007FF617724000-memory.dmp	xmrig
behavioral2/memory/3552-751-0x00007FF699E10000-0x00007FF69A164000-memory.dmp	xmrig
behavioral2/memory/4516-749-0x00007FF72C1B0000-0x00007FF72C504000-memory.dmp	xmrig
behavioral2/memory/2836-748-0x00007FF6A5850000-0x00007FF6A5BA4000-memory.dmp	xmrig
behavioral2/memory/4292-752-0x00007FF7C10B0000-0x00007FF7C1404000-memory.dmp	xmrig
behavioral2/memory/1016-744-0x00007FF623F80000-0x00007FF6242D4000-memory.dmp	xmrig
behavioral2/memory/4296-743-0x00007FF686300000-0x00007FF686654000-memory.dmp	xmrig
behavioral2/memory/4032-754-0x00007FF7F7620000-0x00007FF7F7974000-memory.dmp	xmrig
behavioral2/memory/1312-764-0x00007FF7F3900000-0x00007FF7F3C54000-memory.dmp	xmrig
behavioral2/memory/3160-757-0x00007FF6D0630000-0x00007FF6D0984000-memory.dmp	xmrig
behavioral2/memory/1504-768-0x00007FF6BA8B0000-0x00007FF6BAC04000-memory.dmp	xmrig
behavioral2/memory/4680-771-0x00007FF69FBD0000-0x00007FF69FF24000-memory.dmp	xmrig
behavioral2/memory/5008-774-0x00007FF794FC0000-0x00007FF795314000-memory.dmp	xmrig
behavioral2/memory/4964-778-0x00007FF736090000-0x00007FF7363E4000-memory.dmp	xmrig
behavioral2/memory/4592-753-0x00007FF7FAE40000-0x00007FF7FB194000-memory.dmp	xmrig
behavioral2/files/0x0007000000023496-170.dat	xmrig
behavioral2/files/0x0007000000023494-166.dat	xmrig
behavioral2/files/0x0007000000023495-165.dat	xmrig
behavioral2/files/0x0007000000023493-161.dat	xmrig
behavioral2/files/0x0007000000023492-156.dat	xmrig
behavioral2/files/0x0007000000023491-151.dat	xmrig
behavioral2/files/0x000700000002348f-141.dat	xmrig
behavioral2/files/0x000700000002348e-136.dat	xmrig
behavioral2/files/0x000700000002348d-130.dat	xmrig
behavioral2/files/0x000700000002348c-126.dat	xmrig
behavioral2/files/0x000700000002348a-116.dat	xmrig
behavioral2/files/0x0007000000023489-111.dat	xmrig
behavioral2/files/0x0007000000023488-106.dat	xmrig
behavioral2/files/0x0007000000023486-96.dat	xmrig
behavioral2/files/0x0007000000023485-91.dat	xmrig
behavioral2/files/0x0007000000023483-81.dat	xmrig
behavioral2/files/0x0007000000023482-75.dat	xmrig
behavioral2/files/0x0007000000023480-66.dat	xmrig
behavioral2/files/0x000700000002347f-61.dat	xmrig
behavioral2/files/0x000700000002347d-51.dat	xmrig
behavioral2/memory/2744-48-0x00007FF7F4D00000-0x00007FF7F5054000-memory.dmp	xmrig
behavioral2/memory/2544-42-0x00007FF664E10000-0x00007FF665164000-memory.dmp	xmrig
behavioral2/files/0x000700000002347b-40.dat	xmrig
behavioral2/memory/4360-37-0x00007FF7FDB10000-0x00007FF7FDE64000-memory.dmp	xmrig
behavioral2/memory/856-20-0x00007FF7DDFA0000-0x00007FF7DE2F4000-memory.dmp	xmrig
behavioral2/memory/1516-12-0x00007FF7BA730000-0x00007FF7BAA84000-memory.dmp	xmrig
behavioral2/memory/3320-8-0x00007FF7590B0000-0x00007FF759404000-memory.dmp	xmrig
behavioral2/memory/3320-2073-0x00007FF7590B0000-0x00007FF759404000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3320	JDZpgzd.exe
1516	eZaNcgC.exe
856	PVbhEJq.exe
4360	psfqabF.exe
692	YTOzFSJ.exe
2544	HGRCSzN.exe
2744	KZOrrRW.exe
4848	VzVTocC.exe
4964	xjXQkhG.exe
3964	ZwTzYml.exe
4896	WQGbBdE.exe
3668	HCRsJqS.exe
4296	HBjDiDD.exe
1016	aFdkYSQ.exe
4080	QSkaQcL.exe
4348	CjKHUeX.exe
3484	Usronhc.exe
2836	UgbamGT.exe
4516	JLCXqsW.exe
876	vjlTODb.exe
3552	JLDtOzA.exe
4292	irZUjRC.exe
4592	Dzhqttr.exe
4032	GUwjwlP.exe
3160	YwRcWYj.exe
1312	ptiSvBn.exe
1504	XBFkbbZ.exe
4680	IQfbglz.exe
5008	KQDCivK.exe
3056	vMlXSHE.exe
4368	tVkFrCU.exe
1224	vjQDEjO.exe
2792	rPGIIRd.exe
3800	cmWrpHw.exe
3888	PIfYRpZ.exe
4468	wyCmPcJ.exe
4036	wesfmjM.exe
2740	wRXvpMQ.exe
2096	SXHVqfE.exe
452	gRgJlPv.exe
2484	umBQJKE.exe
3216	fIigImI.exe
2828	GHCTIWG.exe
2060	GwaFiEC.exe
3696	wvmapEq.exe
4988	QHKNluD.exe
1592	nlsLNLZ.exe
4280	bbdyoxY.exe
1148	fnODZar.exe
1012	Xgmmtnr.exe
3412	fmvtSfE.exe
5068	lNDCOAL.exe
1792	lUqDjWa.exe
4456	YhwRDpY.exe
5040	DdJFkFv.exe
4792	PhCzPPe.exe
1104	viFAdDl.exe
4464	JaEHhxd.exe
1340	NeRNJNp.exe
4196	BsKrzgX.exe
2564	hEkTIfe.exe
3612	CyJJvTs.exe
512	VktbCEp.exe
4164	uYQLMve.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/216-0-0x00007FF7939D0000-0x00007FF793D24000-memory.dmp	upx
behavioral2/files/0x0009000000023470-5.dat	upx
behavioral2/files/0x0007000000023478-10.dat	upx
behavioral2/files/0x0007000000023477-15.dat	upx
behavioral2/files/0x0007000000023479-29.dat	upx
behavioral2/files/0x000700000002347a-34.dat	upx
behavioral2/memory/692-38-0x00007FF7A49E0000-0x00007FF7A4D34000-memory.dmp	upx
behavioral2/files/0x000700000002347c-44.dat	upx
behavioral2/files/0x000700000002347e-53.dat	upx
behavioral2/files/0x0007000000023481-65.dat	upx
behavioral2/files/0x0007000000023484-86.dat	upx
behavioral2/files/0x0007000000023487-101.dat	upx
behavioral2/files/0x000700000002348b-121.dat	upx
behavioral2/files/0x0007000000023490-140.dat	upx
behavioral2/memory/4848-739-0x00007FF62A140000-0x00007FF62A494000-memory.dmp	upx
behavioral2/memory/4896-741-0x00007FF643C50000-0x00007FF643FA4000-memory.dmp	upx
behavioral2/memory/3964-740-0x00007FF76A6D0000-0x00007FF76AA24000-memory.dmp	upx
behavioral2/memory/3668-742-0x00007FF652EE0000-0x00007FF653234000-memory.dmp	upx
behavioral2/memory/4080-745-0x00007FF74D790000-0x00007FF74DAE4000-memory.dmp	upx
behavioral2/memory/4348-746-0x00007FF7C32B0000-0x00007FF7C3604000-memory.dmp	upx
behavioral2/memory/3484-747-0x00007FF79A520000-0x00007FF79A874000-memory.dmp	upx
behavioral2/memory/876-750-0x00007FF6173D0000-0x00007FF617724000-memory.dmp	upx
behavioral2/memory/3552-751-0x00007FF699E10000-0x00007FF69A164000-memory.dmp	upx
behavioral2/memory/4516-749-0x00007FF72C1B0000-0x00007FF72C504000-memory.dmp	upx
behavioral2/memory/2836-748-0x00007FF6A5850000-0x00007FF6A5BA4000-memory.dmp	upx
behavioral2/memory/4292-752-0x00007FF7C10B0000-0x00007FF7C1404000-memory.dmp	upx
behavioral2/memory/1016-744-0x00007FF623F80000-0x00007FF6242D4000-memory.dmp	upx
behavioral2/memory/4296-743-0x00007FF686300000-0x00007FF686654000-memory.dmp	upx
behavioral2/memory/4032-754-0x00007FF7F7620000-0x00007FF7F7974000-memory.dmp	upx
behavioral2/memory/1312-764-0x00007FF7F3900000-0x00007FF7F3C54000-memory.dmp	upx
behavioral2/memory/3160-757-0x00007FF6D0630000-0x00007FF6D0984000-memory.dmp	upx
behavioral2/memory/1504-768-0x00007FF6BA8B0000-0x00007FF6BAC04000-memory.dmp	upx
behavioral2/memory/4680-771-0x00007FF69FBD0000-0x00007FF69FF24000-memory.dmp	upx
behavioral2/memory/5008-774-0x00007FF794FC0000-0x00007FF795314000-memory.dmp	upx
behavioral2/memory/4964-778-0x00007FF736090000-0x00007FF7363E4000-memory.dmp	upx
behavioral2/memory/4592-753-0x00007FF7FAE40000-0x00007FF7FB194000-memory.dmp	upx
behavioral2/files/0x0007000000023496-170.dat	upx
behavioral2/files/0x0007000000023494-166.dat	upx
behavioral2/files/0x0007000000023495-165.dat	upx
behavioral2/files/0x0007000000023493-161.dat	upx
behavioral2/files/0x0007000000023492-156.dat	upx
behavioral2/files/0x0007000000023491-151.dat	upx
behavioral2/files/0x000700000002348f-141.dat	upx
behavioral2/files/0x000700000002348e-136.dat	upx
behavioral2/files/0x000700000002348d-130.dat	upx
behavioral2/files/0x000700000002348c-126.dat	upx
behavioral2/files/0x000700000002348a-116.dat	upx
behavioral2/files/0x0007000000023489-111.dat	upx
behavioral2/files/0x0007000000023488-106.dat	upx
behavioral2/files/0x0007000000023486-96.dat	upx
behavioral2/files/0x0007000000023485-91.dat	upx
behavioral2/files/0x0007000000023483-81.dat	upx
behavioral2/files/0x0007000000023482-75.dat	upx
behavioral2/files/0x0007000000023480-66.dat	upx
behavioral2/files/0x000700000002347f-61.dat	upx
behavioral2/files/0x000700000002347d-51.dat	upx
behavioral2/memory/2744-48-0x00007FF7F4D00000-0x00007FF7F5054000-memory.dmp	upx
behavioral2/memory/2544-42-0x00007FF664E10000-0x00007FF665164000-memory.dmp	upx
behavioral2/files/0x000700000002347b-40.dat	upx
behavioral2/memory/4360-37-0x00007FF7FDB10000-0x00007FF7FDE64000-memory.dmp	upx
behavioral2/memory/856-20-0x00007FF7DDFA0000-0x00007FF7DE2F4000-memory.dmp	upx
behavioral2/memory/1516-12-0x00007FF7BA730000-0x00007FF7BAA84000-memory.dmp	upx
behavioral2/memory/3320-8-0x00007FF7590B0000-0x00007FF759404000-memory.dmp	upx
behavioral2/memory/3320-2073-0x00007FF7590B0000-0x00007FF759404000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bZesiNy.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\SzvxLKO.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\TfrJWvd.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\kIxhGwX.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\HnQXyGm.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\lYFyEwZ.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\mtanEZQ.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\NYmNcPh.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\PIRsdre.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\FIaOqUr.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\mpayvVd.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\KWPxVod.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\hyOcOxk.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\qWoEmxW.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\zCTskDh.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\IUzbmKN.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\dKhPioD.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\wesfmjM.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\fylYzvv.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\buWLrWu.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\JiCKqoZ.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\QPzZlSS.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\UUbgtPB.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\cXmIQzb.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\iwCoPIZ.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\ssBTzrz.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\wRXvpMQ.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\NcCcABy.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\bbOelet.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\BGjRXrZ.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\AvLKvas.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\KbZSjKl.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\hKBiiQF.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\aHJBlfa.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\vEWzOWm.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\SaCbtoT.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\LljdKYt.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\cYlOEsP.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\JVaiGLm.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\lZXciZd.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\qyZNiFV.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\tHnGQiJ.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\CDeEXli.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\cEWQykZ.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\PjsuRFa.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\iikGCes.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\CfGdiqT.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\CVRbrfr.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\nIoCBSd.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\shTUHJO.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\KmqCkOi.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\wCyLCDh.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\GurWqcx.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\jcLLpfi.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\EBzULVC.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\iJELFXO.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\ZZeoyAm.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\hvTSJUQ.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\IzItLKM.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\VXXXkZe.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\KQDCivK.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\wyCmPcJ.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\xfIZAmz.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
File created	C:\Windows\System\DZRrMMz.exe	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5888	dwm.exe
Token: SeChangeNotifyPrivilege	5888	dwm.exe
Token: 33	5888	dwm.exe
Token: SeIncBasePriorityPrivilege	5888	dwm.exe
Token: SeShutdownPrivilege	5888	dwm.exe
Token: SeCreatePagefilePrivilege	5888	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 3320	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	84
PID 216 wrote to memory of 3320	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	84
PID 216 wrote to memory of 1516	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	85
PID 216 wrote to memory of 1516	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	85
PID 216 wrote to memory of 856	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	86
PID 216 wrote to memory of 856	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	86
PID 216 wrote to memory of 4360	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	87
PID 216 wrote to memory of 4360	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	87
PID 216 wrote to memory of 692	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	88
PID 216 wrote to memory of 692	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	88
PID 216 wrote to memory of 2544	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	89
PID 216 wrote to memory of 2544	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	89
PID 216 wrote to memory of 2744	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	90
PID 216 wrote to memory of 2744	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	90
PID 216 wrote to memory of 4848	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	91
PID 216 wrote to memory of 4848	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	91
PID 216 wrote to memory of 4964	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	92
PID 216 wrote to memory of 4964	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	92
PID 216 wrote to memory of 3964	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	93
PID 216 wrote to memory of 3964	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	93
PID 216 wrote to memory of 4896	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	94
PID 216 wrote to memory of 4896	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	94
PID 216 wrote to memory of 3668	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	95
PID 216 wrote to memory of 3668	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	95
PID 216 wrote to memory of 4296	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	96
PID 216 wrote to memory of 4296	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	96
PID 216 wrote to memory of 1016	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	97
PID 216 wrote to memory of 1016	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	97
PID 216 wrote to memory of 4080	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	98
PID 216 wrote to memory of 4080	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	98
PID 216 wrote to memory of 4348	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	99
PID 216 wrote to memory of 4348	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	99
PID 216 wrote to memory of 3484	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	100
PID 216 wrote to memory of 3484	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	100
PID 216 wrote to memory of 2836	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	101
PID 216 wrote to memory of 2836	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	101
PID 216 wrote to memory of 4516	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	102
PID 216 wrote to memory of 4516	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	102
PID 216 wrote to memory of 876	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	103
PID 216 wrote to memory of 876	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	103
PID 216 wrote to memory of 3552	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	104
PID 216 wrote to memory of 3552	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	104
PID 216 wrote to memory of 4292	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	105
PID 216 wrote to memory of 4292	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	105
PID 216 wrote to memory of 4592	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	106
PID 216 wrote to memory of 4592	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	106
PID 216 wrote to memory of 4032	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	107
PID 216 wrote to memory of 4032	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	107
PID 216 wrote to memory of 3160	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	108
PID 216 wrote to memory of 3160	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	108
PID 216 wrote to memory of 1312	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	109
PID 216 wrote to memory of 1312	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	109
PID 216 wrote to memory of 1504	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	110
PID 216 wrote to memory of 1504	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	110
PID 216 wrote to memory of 4680	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	111
PID 216 wrote to memory of 4680	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	111
PID 216 wrote to memory of 5008	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	112
PID 216 wrote to memory of 5008	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	112
PID 216 wrote to memory of 3056	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	113
PID 216 wrote to memory of 3056	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	113
PID 216 wrote to memory of 4368	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	114
PID 216 wrote to memory of 4368	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	114
PID 216 wrote to memory of 1224	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	115
PID 216 wrote to memory of 1224	216	8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8c667c048cb332ecf6ab94aa4dd9bfc0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:216
- C:\Windows\System\JDZpgzd.exe
  C:\Windows\System\JDZpgzd.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\eZaNcgC.exe
  C:\Windows\System\eZaNcgC.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\PVbhEJq.exe
  C:\Windows\System\PVbhEJq.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\psfqabF.exe
  C:\Windows\System\psfqabF.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\YTOzFSJ.exe
  C:\Windows\System\YTOzFSJ.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\HGRCSzN.exe
  C:\Windows\System\HGRCSzN.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\KZOrrRW.exe
  C:\Windows\System\KZOrrRW.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\VzVTocC.exe
  C:\Windows\System\VzVTocC.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\xjXQkhG.exe
  C:\Windows\System\xjXQkhG.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\ZwTzYml.exe
  C:\Windows\System\ZwTzYml.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\WQGbBdE.exe
  C:\Windows\System\WQGbBdE.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\HCRsJqS.exe
  C:\Windows\System\HCRsJqS.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\HBjDiDD.exe
  C:\Windows\System\HBjDiDD.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\aFdkYSQ.exe
  C:\Windows\System\aFdkYSQ.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\QSkaQcL.exe
  C:\Windows\System\QSkaQcL.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\CjKHUeX.exe
  C:\Windows\System\CjKHUeX.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\Usronhc.exe
  C:\Windows\System\Usronhc.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\UgbamGT.exe
  C:\Windows\System\UgbamGT.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\JLCXqsW.exe
  C:\Windows\System\JLCXqsW.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\vjlTODb.exe
  C:\Windows\System\vjlTODb.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\JLDtOzA.exe
  C:\Windows\System\JLDtOzA.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\irZUjRC.exe
  C:\Windows\System\irZUjRC.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\Dzhqttr.exe
  C:\Windows\System\Dzhqttr.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\GUwjwlP.exe
  C:\Windows\System\GUwjwlP.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\YwRcWYj.exe
  C:\Windows\System\YwRcWYj.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\ptiSvBn.exe
  C:\Windows\System\ptiSvBn.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\XBFkbbZ.exe
  C:\Windows\System\XBFkbbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\IQfbglz.exe
  C:\Windows\System\IQfbglz.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\KQDCivK.exe
  C:\Windows\System\KQDCivK.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\vMlXSHE.exe
  C:\Windows\System\vMlXSHE.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\tVkFrCU.exe
  C:\Windows\System\tVkFrCU.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\vjQDEjO.exe
  C:\Windows\System\vjQDEjO.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\rPGIIRd.exe
  C:\Windows\System\rPGIIRd.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\cmWrpHw.exe
  C:\Windows\System\cmWrpHw.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\PIfYRpZ.exe
  C:\Windows\System\PIfYRpZ.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\wyCmPcJ.exe
  C:\Windows\System\wyCmPcJ.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\wesfmjM.exe
  C:\Windows\System\wesfmjM.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\wRXvpMQ.exe
  C:\Windows\System\wRXvpMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\SXHVqfE.exe
  C:\Windows\System\SXHVqfE.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\gRgJlPv.exe
  C:\Windows\System\gRgJlPv.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\umBQJKE.exe
  C:\Windows\System\umBQJKE.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\fIigImI.exe
  C:\Windows\System\fIigImI.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\GHCTIWG.exe
  C:\Windows\System\GHCTIWG.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\GwaFiEC.exe
  C:\Windows\System\GwaFiEC.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\wvmapEq.exe
  C:\Windows\System\wvmapEq.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\QHKNluD.exe
  C:\Windows\System\QHKNluD.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\nlsLNLZ.exe
  C:\Windows\System\nlsLNLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\bbdyoxY.exe
  C:\Windows\System\bbdyoxY.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\fnODZar.exe
  C:\Windows\System\fnODZar.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\Xgmmtnr.exe
  C:\Windows\System\Xgmmtnr.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\fmvtSfE.exe
  C:\Windows\System\fmvtSfE.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\lNDCOAL.exe
  C:\Windows\System\lNDCOAL.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\lUqDjWa.exe
  C:\Windows\System\lUqDjWa.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\YhwRDpY.exe
  C:\Windows\System\YhwRDpY.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\DdJFkFv.exe
  C:\Windows\System\DdJFkFv.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\PhCzPPe.exe
  C:\Windows\System\PhCzPPe.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\viFAdDl.exe
  C:\Windows\System\viFAdDl.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\JaEHhxd.exe
  C:\Windows\System\JaEHhxd.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\NeRNJNp.exe
  C:\Windows\System\NeRNJNp.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\BsKrzgX.exe
  C:\Windows\System\BsKrzgX.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\hEkTIfe.exe
  C:\Windows\System\hEkTIfe.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\CyJJvTs.exe
  C:\Windows\System\CyJJvTs.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\VktbCEp.exe
  C:\Windows\System\VktbCEp.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\uYQLMve.exe
  C:\Windows\System\uYQLMve.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\EqWNZyt.exe
  C:\Windows\System\EqWNZyt.exe
  2⤵
  PID:3960
- C:\Windows\System\GGaPHHm.exe
  C:\Windows\System\GGaPHHm.exe
  2⤵
  PID:4304
- C:\Windows\System\DCXVeSY.exe
  C:\Windows\System\DCXVeSY.exe
  2⤵
  PID:3324
- C:\Windows\System\PEEtwdl.exe
  C:\Windows\System\PEEtwdl.exe
  2⤵
  PID:372
- C:\Windows\System\MjZzrpL.exe
  C:\Windows\System\MjZzrpL.exe
  2⤵
  PID:2372
- C:\Windows\System\cYlOEsP.exe
  C:\Windows\System\cYlOEsP.exe
  2⤵
  PID:232
- C:\Windows\System\dfOUBOs.exe
  C:\Windows\System\dfOUBOs.exe
  2⤵
  PID:468
- C:\Windows\System\OkcqBLz.exe
  C:\Windows\System\OkcqBLz.exe
  2⤵
  PID:440
- C:\Windows\System\RnHsbQv.exe
  C:\Windows\System\RnHsbQv.exe
  2⤵
  PID:1968
- C:\Windows\System\CMtehoB.exe
  C:\Windows\System\CMtehoB.exe
  2⤵
  PID:2264
- C:\Windows\System\dYdPPwW.exe
  C:\Windows\System\dYdPPwW.exe
  2⤵
  PID:4060
- C:\Windows\System\wCyLCDh.exe
  C:\Windows\System\wCyLCDh.exe
  2⤵
  PID:5124
- C:\Windows\System\lPUWSLs.exe
  C:\Windows\System\lPUWSLs.exe
  2⤵
  PID:5152
- C:\Windows\System\oHjiTSr.exe
  C:\Windows\System\oHjiTSr.exe
  2⤵
  PID:5180
- C:\Windows\System\rTpcRuY.exe
  C:\Windows\System\rTpcRuY.exe
  2⤵
  PID:5208
- C:\Windows\System\sdhAPFa.exe
  C:\Windows\System\sdhAPFa.exe
  2⤵
  PID:5236
- C:\Windows\System\MtFTiMt.exe
  C:\Windows\System\MtFTiMt.exe
  2⤵
  PID:5260
- C:\Windows\System\VIkeKbN.exe
  C:\Windows\System\VIkeKbN.exe
  2⤵
  PID:5292
- C:\Windows\System\YGpLkVv.exe
  C:\Windows\System\YGpLkVv.exe
  2⤵
  PID:5320
- C:\Windows\System\dSFlISK.exe
  C:\Windows\System\dSFlISK.exe
  2⤵
  PID:5348
- C:\Windows\System\uFBCFvi.exe
  C:\Windows\System\uFBCFvi.exe
  2⤵
  PID:5372
- C:\Windows\System\ZulDmtl.exe
  C:\Windows\System\ZulDmtl.exe
  2⤵
  PID:5404
- C:\Windows\System\EQibMar.exe
  C:\Windows\System\EQibMar.exe
  2⤵
  PID:5428
- C:\Windows\System\AQXMPrF.exe
  C:\Windows\System\AQXMPrF.exe
  2⤵
  PID:5460
- C:\Windows\System\qOzozoq.exe
  C:\Windows\System\qOzozoq.exe
  2⤵
  PID:5484
- C:\Windows\System\EGFwWKe.exe
  C:\Windows\System\EGFwWKe.exe
  2⤵
  PID:5512
- C:\Windows\System\QeGwYZG.exe
  C:\Windows\System\QeGwYZG.exe
  2⤵
  PID:5544
- C:\Windows\System\DCFfPGs.exe
  C:\Windows\System\DCFfPGs.exe
  2⤵
  PID:5568
- C:\Windows\System\OeUzIeJ.exe
  C:\Windows\System\OeUzIeJ.exe
  2⤵
  PID:5596
- C:\Windows\System\rvsCnEE.exe
  C:\Windows\System\rvsCnEE.exe
  2⤵
  PID:5628
- C:\Windows\System\ITtDFsO.exe
  C:\Windows\System\ITtDFsO.exe
  2⤵
  PID:5656
- C:\Windows\System\pUDQQsx.exe
  C:\Windows\System\pUDQQsx.exe
  2⤵
  PID:5684
- C:\Windows\System\imZJnCl.exe
  C:\Windows\System\imZJnCl.exe
  2⤵
  PID:5712
- C:\Windows\System\cEWQykZ.exe
  C:\Windows\System\cEWQykZ.exe
  2⤵
  PID:5736
- C:\Windows\System\EeTiNsH.exe
  C:\Windows\System\EeTiNsH.exe
  2⤵
  PID:5764
- C:\Windows\System\LfOniAF.exe
  C:\Windows\System\LfOniAF.exe
  2⤵
  PID:5796
- C:\Windows\System\ryQLTHU.exe
  C:\Windows\System\ryQLTHU.exe
  2⤵
  PID:5824
- C:\Windows\System\ZHFvQTa.exe
  C:\Windows\System\ZHFvQTa.exe
  2⤵
  PID:5852
- C:\Windows\System\Ezvsyez.exe
  C:\Windows\System\Ezvsyez.exe
  2⤵
  PID:5876
- C:\Windows\System\eECGktc.exe
  C:\Windows\System\eECGktc.exe
  2⤵
  PID:5904
- C:\Windows\System\AASfndj.exe
  C:\Windows\System\AASfndj.exe
  2⤵
  PID:5932
- C:\Windows\System\nEAXcUH.exe
  C:\Windows\System\nEAXcUH.exe
  2⤵
  PID:5960
- C:\Windows\System\zHmfmtP.exe
  C:\Windows\System\zHmfmtP.exe
  2⤵
  PID:5988
- C:\Windows\System\ZHEjJom.exe
  C:\Windows\System\ZHEjJom.exe
  2⤵
  PID:6016
- C:\Windows\System\fylYzvv.exe
  C:\Windows\System\fylYzvv.exe
  2⤵
  PID:6044
- C:\Windows\System\AfEbCGv.exe
  C:\Windows\System\AfEbCGv.exe
  2⤵
  PID:6072
- C:\Windows\System\dLLFDGJ.exe
  C:\Windows\System\dLLFDGJ.exe
  2⤵
  PID:6100
- C:\Windows\System\XwmrHxG.exe
  C:\Windows\System\XwmrHxG.exe
  2⤵
  PID:6128
- C:\Windows\System\jEOAFPz.exe
  C:\Windows\System\jEOAFPz.exe
  2⤵
  PID:3008
- C:\Windows\System\JmnVjfZ.exe
  C:\Windows\System\JmnVjfZ.exe
  2⤵
  PID:3296
- C:\Windows\System\omFjmmt.exe
  C:\Windows\System\omFjmmt.exe
  2⤵
  PID:4924
- C:\Windows\System\KVUQgVi.exe
  C:\Windows\System\KVUQgVi.exe
  2⤵
  PID:3920
- C:\Windows\System\AKuEBXu.exe
  C:\Windows\System\AKuEBXu.exe
  2⤵
  PID:760
- C:\Windows\System\DFbRMzb.exe
  C:\Windows\System\DFbRMzb.exe
  2⤵
  PID:2460
- C:\Windows\System\uQXtaav.exe
  C:\Windows\System\uQXtaav.exe
  2⤵
  PID:3260
- C:\Windows\System\SftOszY.exe
  C:\Windows\System\SftOszY.exe
  2⤵
  PID:5164
- C:\Windows\System\POvbpvZ.exe
  C:\Windows\System\POvbpvZ.exe
  2⤵
  PID:5224
- C:\Windows\System\zHRJIPG.exe
  C:\Windows\System\zHRJIPG.exe
  2⤵
  PID:5284
- C:\Windows\System\RCLAVIE.exe
  C:\Windows\System\RCLAVIE.exe
  2⤵
  PID:5360
- C:\Windows\System\aVBWVJR.exe
  C:\Windows\System\aVBWVJR.exe
  2⤵
  PID:5420
- C:\Windows\System\lYFyEwZ.exe
  C:\Windows\System\lYFyEwZ.exe
  2⤵
  PID:5480
- C:\Windows\System\fAJnSHC.exe
  C:\Windows\System\fAJnSHC.exe
  2⤵
  PID:5556
- C:\Windows\System\obIdVvS.exe
  C:\Windows\System\obIdVvS.exe
  2⤵
  PID:5616
- C:\Windows\System\LhlKPFA.exe
  C:\Windows\System\LhlKPFA.exe
  2⤵
  PID:5672
- C:\Windows\System\ffgARxU.exe
  C:\Windows\System\ffgARxU.exe
  2⤵
  PID:5756
- C:\Windows\System\rllJNHA.exe
  C:\Windows\System\rllJNHA.exe
  2⤵
  PID:5812
- C:\Windows\System\NOOhVTi.exe
  C:\Windows\System\NOOhVTi.exe
  2⤵
  PID:5872
- C:\Windows\System\mtanEZQ.exe
  C:\Windows\System\mtanEZQ.exe
  2⤵
  PID:5948
- C:\Windows\System\uGCvkRR.exe
  C:\Windows\System\uGCvkRR.exe
  2⤵
  PID:6008
- C:\Windows\System\eLpIwkQ.exe
  C:\Windows\System\eLpIwkQ.exe
  2⤵
  PID:6088
- C:\Windows\System\xjneUxQ.exe
  C:\Windows\System\xjneUxQ.exe
  2⤵
  PID:3340
- C:\Windows\System\gQCdqvD.exe
  C:\Windows\System\gQCdqvD.exe
  2⤵
  PID:1840
- C:\Windows\System\xfIZAmz.exe
  C:\Windows\System\xfIZAmz.exe
  2⤵
  PID:1080
- C:\Windows\System\xrBFxnt.exe
  C:\Windows\System\xrBFxnt.exe
  2⤵
  PID:2980
- C:\Windows\System\xHeLpUy.exe
  C:\Windows\System\xHeLpUy.exe
  2⤵
  PID:5252
- C:\Windows\System\FrcsEDG.exe
  C:\Windows\System\FrcsEDG.exe
  2⤵
  PID:5388
- C:\Windows\System\FIaOqUr.exe
  C:\Windows\System\FIaOqUr.exe
  2⤵
  PID:6148
- C:\Windows\System\BpdKjFo.exe
  C:\Windows\System\BpdKjFo.exe
  2⤵
  PID:6176
- C:\Windows\System\FBKAHHM.exe
  C:\Windows\System\FBKAHHM.exe
  2⤵
  PID:6204
- C:\Windows\System\QPzZlSS.exe
  C:\Windows\System\QPzZlSS.exe
  2⤵
  PID:6232
- C:\Windows\System\wuLZfWE.exe
  C:\Windows\System\wuLZfWE.exe
  2⤵
  PID:6260
- C:\Windows\System\cIbaTuj.exe
  C:\Windows\System\cIbaTuj.exe
  2⤵
  PID:6288
- C:\Windows\System\BEHXLiV.exe
  C:\Windows\System\BEHXLiV.exe
  2⤵
  PID:6316
- C:\Windows\System\umRYTBv.exe
  C:\Windows\System\umRYTBv.exe
  2⤵
  PID:6340
- C:\Windows\System\EHyMAko.exe
  C:\Windows\System\EHyMAko.exe
  2⤵
  PID:6372
- C:\Windows\System\TCxAgJW.exe
  C:\Windows\System\TCxAgJW.exe
  2⤵
  PID:6396
- C:\Windows\System\JlwCOyp.exe
  C:\Windows\System\JlwCOyp.exe
  2⤵
  PID:6424
- C:\Windows\System\kcpJWtD.exe
  C:\Windows\System\kcpJWtD.exe
  2⤵
  PID:6452
- C:\Windows\System\Ihpryjj.exe
  C:\Windows\System\Ihpryjj.exe
  2⤵
  PID:6484
- C:\Windows\System\GurWqcx.exe
  C:\Windows\System\GurWqcx.exe
  2⤵
  PID:6508
- C:\Windows\System\PmNTBMI.exe
  C:\Windows\System\PmNTBMI.exe
  2⤵
  PID:6536
- C:\Windows\System\yJlosPT.exe
  C:\Windows\System\yJlosPT.exe
  2⤵
  PID:6568
- C:\Windows\System\jjTdiqg.exe
  C:\Windows\System\jjTdiqg.exe
  2⤵
  PID:6596
- C:\Windows\System\jcLLpfi.exe
  C:\Windows\System\jcLLpfi.exe
  2⤵
  PID:6620
- C:\Windows\System\cOuqFdO.exe
  C:\Windows\System\cOuqFdO.exe
  2⤵
  PID:6652
- C:\Windows\System\FTlzrmt.exe
  C:\Windows\System\FTlzrmt.exe
  2⤵
  PID:6676
- C:\Windows\System\kfmRTGb.exe
  C:\Windows\System\kfmRTGb.exe
  2⤵
  PID:6708
- C:\Windows\System\OtgcyXv.exe
  C:\Windows\System\OtgcyXv.exe
  2⤵
  PID:6736
- C:\Windows\System\CoVMJnG.exe
  C:\Windows\System\CoVMJnG.exe
  2⤵
  PID:6760
- C:\Windows\System\cEWKqKb.exe
  C:\Windows\System\cEWKqKb.exe
  2⤵
  PID:6792
- C:\Windows\System\UUbgtPB.exe
  C:\Windows\System\UUbgtPB.exe
  2⤵
  PID:6820
- C:\Windows\System\LTcWARu.exe
  C:\Windows\System\LTcWARu.exe
  2⤵
  PID:6848
- C:\Windows\System\clcmUBF.exe
  C:\Windows\System\clcmUBF.exe
  2⤵
  PID:6872
- C:\Windows\System\FNXnjUp.exe
  C:\Windows\System\FNXnjUp.exe
  2⤵
  PID:6900
- C:\Windows\System\KnjkWrQ.exe
  C:\Windows\System\KnjkWrQ.exe
  2⤵
  PID:6940
- C:\Windows\System\gmCGokO.exe
  C:\Windows\System\gmCGokO.exe
  2⤵
  PID:6960
- C:\Windows\System\bVxDnKo.exe
  C:\Windows\System\bVxDnKo.exe
  2⤵
  PID:6988
- C:\Windows\System\cvzDzkJ.exe
  C:\Windows\System\cvzDzkJ.exe
  2⤵
  PID:7016
- C:\Windows\System\jZbdxLq.exe
  C:\Windows\System\jZbdxLq.exe
  2⤵
  PID:7044
- C:\Windows\System\UUPqKkN.exe
  C:\Windows\System\UUPqKkN.exe
  2⤵
  PID:7068
- C:\Windows\System\Hdzzmdo.exe
  C:\Windows\System\Hdzzmdo.exe
  2⤵
  PID:7096
- C:\Windows\System\tJNcJWs.exe
  C:\Windows\System\tJNcJWs.exe
  2⤵
  PID:7124
- C:\Windows\System\buWLrWu.exe
  C:\Windows\System\buWLrWu.exe
  2⤵
  PID:7156
- C:\Windows\System\pueThUo.exe
  C:\Windows\System\pueThUo.exe
  2⤵
  PID:5592
- C:\Windows\System\xCehWib.exe
  C:\Windows\System\xCehWib.exe
  2⤵
  PID:5780
- C:\Windows\System\TCPhEFe.exe
  C:\Windows\System\TCPhEFe.exe
  2⤵
  PID:5900
- C:\Windows\System\ZcQdEkr.exe
  C:\Windows\System\ZcQdEkr.exe
  2⤵
  PID:6040
- C:\Windows\System\hyOcOxk.exe
  C:\Windows\System\hyOcOxk.exe
  2⤵
  PID:3624
- C:\Windows\System\pgtnbZv.exe
  C:\Windows\System\pgtnbZv.exe
  2⤵
  PID:5192
- C:\Windows\System\TQiJdEC.exe
  C:\Windows\System\TQiJdEC.exe
  2⤵
  PID:5508
- C:\Windows\System\jPxYXZs.exe
  C:\Windows\System\jPxYXZs.exe
  2⤵
  PID:6196
- C:\Windows\System\fWsgLmn.exe
  C:\Windows\System\fWsgLmn.exe
  2⤵
  PID:6300
- C:\Windows\System\OdrQqPs.exe
  C:\Windows\System\OdrQqPs.exe
  2⤵
  PID:6336
- C:\Windows\System\PjsuRFa.exe
  C:\Windows\System\PjsuRFa.exe
  2⤵
  PID:6392
- C:\Windows\System\beoWnXt.exe
  C:\Windows\System\beoWnXt.exe
  2⤵
  PID:6472
- C:\Windows\System\ZTITIim.exe
  C:\Windows\System\ZTITIim.exe
  2⤵
  PID:6532
- C:\Windows\System\HqoeWNG.exe
  C:\Windows\System\HqoeWNG.exe
  2⤵
  PID:6608
- C:\Windows\System\mUYcmjC.exe
  C:\Windows\System\mUYcmjC.exe
  2⤵
  PID:6664
- C:\Windows\System\NMvQyPZ.exe
  C:\Windows\System\NMvQyPZ.exe
  2⤵
  PID:6724
- C:\Windows\System\eonMAwW.exe
  C:\Windows\System\eonMAwW.exe
  2⤵
  PID:6776
- C:\Windows\System\YhLpDZh.exe
  C:\Windows\System\YhLpDZh.exe
  2⤵
  PID:6840
- C:\Windows\System\jgpYFZe.exe
  C:\Windows\System\jgpYFZe.exe
  2⤵
  PID:6896
- C:\Windows\System\pUyIRew.exe
  C:\Windows\System\pUyIRew.exe
  2⤵
  PID:6972
- C:\Windows\System\bXSkZAE.exe
  C:\Windows\System\bXSkZAE.exe
  2⤵
  PID:7036
- C:\Windows\System\HfoLUnb.exe
  C:\Windows\System\HfoLUnb.exe
  2⤵
  PID:7092
- C:\Windows\System\wLScbIt.exe
  C:\Windows\System\wLScbIt.exe
  2⤵
  PID:7148
- C:\Windows\System\JVaiGLm.exe
  C:\Windows\System\JVaiGLm.exe
  2⤵
  PID:5840
- C:\Windows\System\RhwoBXr.exe
  C:\Windows\System\RhwoBXr.exe
  2⤵
  PID:6116
- C:\Windows\System\rFmoaUS.exe
  C:\Windows\System\rFmoaUS.exe
  2⤵
  PID:4668
- C:\Windows\System\tBLnYij.exe
  C:\Windows\System\tBLnYij.exe
  2⤵
  PID:6192
- C:\Windows\System\uVsuxfB.exe
  C:\Windows\System\uVsuxfB.exe
  2⤵
  PID:6364
- C:\Windows\System\LQMdVvw.exe
  C:\Windows\System\LQMdVvw.exe
  2⤵
  PID:6500
- C:\Windows\System\HLFmHDK.exe
  C:\Windows\System\HLFmHDK.exe
  2⤵
  PID:6644
- C:\Windows\System\BXQKfAi.exe
  C:\Windows\System\BXQKfAi.exe
  2⤵
  PID:6756
- C:\Windows\System\bliBhYm.exe
  C:\Windows\System\bliBhYm.exe
  2⤵
  PID:6936
- C:\Windows\System\sCmLTZv.exe
  C:\Windows\System\sCmLTZv.exe
  2⤵
  PID:7064
- C:\Windows\System\EszvVNb.exe
  C:\Windows\System\EszvVNb.exe
  2⤵
  PID:4376
- C:\Windows\System\OEhmTOX.exe
  C:\Windows\System\OEhmTOX.exe
  2⤵
  PID:6036
- C:\Windows\System\UcqVqfX.exe
  C:\Windows\System\UcqVqfX.exe
  2⤵
  PID:6188
- C:\Windows\System\RELUagv.exe
  C:\Windows\System\RELUagv.exe
  2⤵
  PID:6448
- C:\Windows\System\msanpJq.exe
  C:\Windows\System\msanpJq.exe
  2⤵
  PID:1740
- C:\Windows\System\CDWCBVp.exe
  C:\Windows\System\CDWCBVp.exe
  2⤵
  PID:7192
- C:\Windows\System\NBvfzdM.exe
  C:\Windows\System\NBvfzdM.exe
  2⤵
  PID:7216
- C:\Windows\System\AlPhMHg.exe
  C:\Windows\System\AlPhMHg.exe
  2⤵
  PID:7248
- C:\Windows\System\PJzvlsK.exe
  C:\Windows\System\PJzvlsK.exe
  2⤵
  PID:7276
- C:\Windows\System\YalovfF.exe
  C:\Windows\System\YalovfF.exe
  2⤵
  PID:7304
- C:\Windows\System\qfhSrLQ.exe
  C:\Windows\System\qfhSrLQ.exe
  2⤵
  PID:7332
- C:\Windows\System\iikGCes.exe
  C:\Windows\System\iikGCes.exe
  2⤵
  PID:7360
- C:\Windows\System\CWZMzJl.exe
  C:\Windows\System\CWZMzJl.exe
  2⤵
  PID:7388
- C:\Windows\System\qyZNiFV.exe
  C:\Windows\System\qyZNiFV.exe
  2⤵
  PID:7416
- C:\Windows\System\rtTetSY.exe
  C:\Windows\System\rtTetSY.exe
  2⤵
  PID:7592
- C:\Windows\System\qxdxiHp.exe
  C:\Windows\System\qxdxiHp.exe
  2⤵
  PID:7628
- C:\Windows\System\agmLpsJ.exe
  C:\Windows\System\agmLpsJ.exe
  2⤵
  PID:7656
- C:\Windows\System\ijnfgMU.exe
  C:\Windows\System\ijnfgMU.exe
  2⤵
  PID:7688
- C:\Windows\System\qWoEmxW.exe
  C:\Windows\System\qWoEmxW.exe
  2⤵
  PID:7712
- C:\Windows\System\TLwPOpl.exe
  C:\Windows\System\TLwPOpl.exe
  2⤵
  PID:7732
- C:\Windows\System\NYmNcPh.exe
  C:\Windows\System\NYmNcPh.exe
  2⤵
  PID:7752
- C:\Windows\System\CevIiof.exe
  C:\Windows\System\CevIiof.exe
  2⤵
  PID:7772
- C:\Windows\System\cEVHsIU.exe
  C:\Windows\System\cEVHsIU.exe
  2⤵
  PID:7868
- C:\Windows\System\QkiRAoR.exe
  C:\Windows\System\QkiRAoR.exe
  2⤵
  PID:7888
- C:\Windows\System\UbekwrK.exe
  C:\Windows\System\UbekwrK.exe
  2⤵
  PID:7972
- C:\Windows\System\CfGdiqT.exe
  C:\Windows\System\CfGdiqT.exe
  2⤵
  PID:7988
- C:\Windows\System\dzMzCAN.exe
  C:\Windows\System\dzMzCAN.exe
  2⤵
  PID:8044
- C:\Windows\System\POOQGFW.exe
  C:\Windows\System\POOQGFW.exe
  2⤵
  PID:8088
- C:\Windows\System\RsrCHbG.exe
  C:\Windows\System\RsrCHbG.exe
  2⤵
  PID:8108
- C:\Windows\System\NVLKnAq.exe
  C:\Windows\System\NVLKnAq.exe
  2⤵
  PID:8148
- C:\Windows\System\qhDsmdY.exe
  C:\Windows\System\qhDsmdY.exe
  2⤵
  PID:8184
- C:\Windows\System\mmjeDuv.exe
  C:\Windows\System\mmjeDuv.exe
  2⤵
  PID:4544
- C:\Windows\System\ZwJoOfR.exe
  C:\Windows\System\ZwJoOfR.exe
  2⤵
  PID:6444
- C:\Windows\System\kEZoxwK.exe
  C:\Windows\System\kEZoxwK.exe
  2⤵
  PID:2868
- C:\Windows\System\UkdDuvl.exe
  C:\Windows\System\UkdDuvl.exe
  2⤵
  PID:7212
- C:\Windows\System\vIdZRNH.exe
  C:\Windows\System\vIdZRNH.exe
  2⤵
  PID:7264
- C:\Windows\System\UhcDNgh.exe
  C:\Windows\System\UhcDNgh.exe
  2⤵
  PID:7352
- C:\Windows\System\VFKwdjR.exe
  C:\Windows\System\VFKwdjR.exe
  2⤵
  PID:4840
- C:\Windows\System\SKMkLTS.exe
  C:\Windows\System\SKMkLTS.exe
  2⤵
  PID:3672
- C:\Windows\System\RtOCBSZ.exe
  C:\Windows\System\RtOCBSZ.exe
  2⤵
  PID:7464
- C:\Windows\System\aEyXOgp.exe
  C:\Windows\System\aEyXOgp.exe
  2⤵
  PID:3096
- C:\Windows\System\jCpNWpF.exe
  C:\Windows\System\jCpNWpF.exe
  2⤵
  PID:1112
- C:\Windows\System\bgpaKiB.exe
  C:\Windows\System\bgpaKiB.exe
  2⤵
  PID:2968
- C:\Windows\System\SsZxjgo.exe
  C:\Windows\System\SsZxjgo.exe
  2⤵
  PID:2376
- C:\Windows\System\uDYNsLs.exe
  C:\Windows\System\uDYNsLs.exe
  2⤵
  PID:7576
- C:\Windows\System\uXSWhDA.exe
  C:\Windows\System\uXSWhDA.exe
  2⤵
  PID:7668
- C:\Windows\System\buWDETl.exe
  C:\Windows\System\buWDETl.exe
  2⤵
  PID:7748
- C:\Windows\System\zynKZTo.exe
  C:\Windows\System\zynKZTo.exe
  2⤵
  PID:7808
- C:\Windows\System\VbDVlNJ.exe
  C:\Windows\System\VbDVlNJ.exe
  2⤵
  PID:7876
- C:\Windows\System\hrwuEci.exe
  C:\Windows\System\hrwuEci.exe
  2⤵
  PID:8036
- C:\Windows\System\iOxYqQg.exe
  C:\Windows\System\iOxYqQg.exe
  2⤵
  PID:8168
- C:\Windows\System\UkwqMaG.exe
  C:\Windows\System\UkwqMaG.exe
  2⤵
  PID:2892
- C:\Windows\System\mpayvVd.exe
  C:\Windows\System\mpayvVd.exe
  2⤵
  PID:6700
- C:\Windows\System\CVRbrfr.exe
  C:\Windows\System\CVRbrfr.exe
  2⤵
  PID:7236
- C:\Windows\System\okoQWgH.exe
  C:\Windows\System\okoQWgH.exe
  2⤵
  PID:4648
- C:\Windows\System\fPRAoIl.exe
  C:\Windows\System\fPRAoIl.exe
  2⤵
  PID:7504
- C:\Windows\System\vqxszOW.exe
  C:\Windows\System\vqxszOW.exe
  2⤵
  PID:4928
- C:\Windows\System\lNzAWkB.exe
  C:\Windows\System\lNzAWkB.exe
  2⤵
  PID:7964
- C:\Windows\System\dYUNgLF.exe
  C:\Windows\System\dYUNgLF.exe
  2⤵
  PID:812
- C:\Windows\System\EVEiNcG.exe
  C:\Windows\System\EVEiNcG.exe
  2⤵
  PID:4064
- C:\Windows\System\gfLiFvr.exe
  C:\Windows\System\gfLiFvr.exe
  2⤵
  PID:7724
- C:\Windows\System\fuDXcXj.exe
  C:\Windows\System\fuDXcXj.exe
  2⤵
  PID:7840
- C:\Windows\System\igJrtAj.exe
  C:\Windows\System\igJrtAj.exe
  2⤵
  PID:7984
- C:\Windows\System\aIbjruy.exe
  C:\Windows\System\aIbjruy.exe
  2⤵
  PID:2680
- C:\Windows\System\IEGzOBW.exe
  C:\Windows\System\IEGzOBW.exe
  2⤵
  PID:7260
- C:\Windows\System\zHHqCDC.exe
  C:\Windows\System\zHHqCDC.exe
  2⤵
  PID:7956
- C:\Windows\System\RQEXbOP.exe
  C:\Windows\System\RQEXbOP.exe
  2⤵
  PID:7532
- C:\Windows\System\fuNuHTN.exe
  C:\Windows\System\fuNuHTN.exe
  2⤵
  PID:7548
- C:\Windows\System\eMpWSrB.exe
  C:\Windows\System\eMpWSrB.exe
  2⤵
  PID:6328
- C:\Windows\System\ZhmvzaR.exe
  C:\Windows\System\ZhmvzaR.exe
  2⤵
  PID:3648
- C:\Windows\System\OGPyaHG.exe
  C:\Windows\System\OGPyaHG.exe
  2⤵
  PID:8124
- C:\Windows\System\lzafbYU.exe
  C:\Windows\System\lzafbYU.exe
  2⤵
  PID:7544
- C:\Windows\System\tHnGQiJ.exe
  C:\Windows\System\tHnGQiJ.exe
  2⤵
  PID:8196
- C:\Windows\System\OXVKvOK.exe
  C:\Windows\System\OXVKvOK.exe
  2⤵
  PID:8224
- C:\Windows\System\SymAstx.exe
  C:\Windows\System\SymAstx.exe
  2⤵
  PID:8252
- C:\Windows\System\NpAfUYc.exe
  C:\Windows\System\NpAfUYc.exe
  2⤵
  PID:8284
- C:\Windows\System\xPfAmky.exe
  C:\Windows\System\xPfAmky.exe
  2⤵
  PID:8312
- C:\Windows\System\FVQbohb.exe
  C:\Windows\System\FVQbohb.exe
  2⤵
  PID:8344
- C:\Windows\System\UcACQkf.exe
  C:\Windows\System\UcACQkf.exe
  2⤵
  PID:8372
- C:\Windows\System\nthRSUo.exe
  C:\Windows\System\nthRSUo.exe
  2⤵
  PID:8400
- C:\Windows\System\kEJBJzF.exe
  C:\Windows\System\kEJBJzF.exe
  2⤵
  PID:8428
- C:\Windows\System\zvUHsAw.exe
  C:\Windows\System\zvUHsAw.exe
  2⤵
  PID:8456
- C:\Windows\System\OvIRWgk.exe
  C:\Windows\System\OvIRWgk.exe
  2⤵
  PID:8484
- C:\Windows\System\IdIHapq.exe
  C:\Windows\System\IdIHapq.exe
  2⤵
  PID:8512
- C:\Windows\System\pIwvNdo.exe
  C:\Windows\System\pIwvNdo.exe
  2⤵
  PID:8540
- C:\Windows\System\JithQJx.exe
  C:\Windows\System\JithQJx.exe
  2⤵
  PID:8556
- C:\Windows\System\RdTcqcT.exe
  C:\Windows\System\RdTcqcT.exe
  2⤵
  PID:8572
- C:\Windows\System\AJhYjah.exe
  C:\Windows\System\AJhYjah.exe
  2⤵
  PID:8600
- C:\Windows\System\mUeVBiR.exe
  C:\Windows\System\mUeVBiR.exe
  2⤵
  PID:8616
- C:\Windows\System\AhKlCkL.exe
  C:\Windows\System\AhKlCkL.exe
  2⤵
  PID:8640
- C:\Windows\System\FwglHel.exe
  C:\Windows\System\FwglHel.exe
  2⤵
  PID:8668
- C:\Windows\System\eBeLUei.exe
  C:\Windows\System\eBeLUei.exe
  2⤵
  PID:8724
- C:\Windows\System\iJELFXO.exe
  C:\Windows\System\iJELFXO.exe
  2⤵
  PID:8764
- C:\Windows\System\jIgPsvC.exe
  C:\Windows\System\jIgPsvC.exe
  2⤵
  PID:8792
- C:\Windows\System\xiVHfAY.exe
  C:\Windows\System\xiVHfAY.exe
  2⤵
  PID:8820
- C:\Windows\System\dNUgBdr.exe
  C:\Windows\System\dNUgBdr.exe
  2⤵
  PID:8860
- C:\Windows\System\edvalKh.exe
  C:\Windows\System\edvalKh.exe
  2⤵
  PID:8888
- C:\Windows\System\kItMIvw.exe
  C:\Windows\System\kItMIvw.exe
  2⤵
  PID:8916
- C:\Windows\System\EUQBTED.exe
  C:\Windows\System\EUQBTED.exe
  2⤵
  PID:8944
- C:\Windows\System\cvdTvBR.exe
  C:\Windows\System\cvdTvBR.exe
  2⤵
  PID:8972
- C:\Windows\System\yIvREOi.exe
  C:\Windows\System\yIvREOi.exe
  2⤵
  PID:9000
- C:\Windows\System\JIxnhKA.exe
  C:\Windows\System\JIxnhKA.exe
  2⤵
  PID:9028
- C:\Windows\System\JBQSAMS.exe
  C:\Windows\System\JBQSAMS.exe
  2⤵
  PID:9056
- C:\Windows\System\cXmIQzb.exe
  C:\Windows\System\cXmIQzb.exe
  2⤵
  PID:9084
- C:\Windows\System\rxoLxGe.exe
  C:\Windows\System\rxoLxGe.exe
  2⤵
  PID:9112
- C:\Windows\System\DuimhXH.exe
  C:\Windows\System\DuimhXH.exe
  2⤵
  PID:9140
- C:\Windows\System\wxhitaa.exe
  C:\Windows\System\wxhitaa.exe
  2⤵
  PID:9168
- C:\Windows\System\DBaispa.exe
  C:\Windows\System\DBaispa.exe
  2⤵
  PID:9204
- C:\Windows\System\wIyRwPM.exe
  C:\Windows\System\wIyRwPM.exe
  2⤵
  PID:8216
- C:\Windows\System\sMGQTEY.exe
  C:\Windows\System\sMGQTEY.exe
  2⤵
  PID:8244
- C:\Windows\System\dOiMonc.exe
  C:\Windows\System\dOiMonc.exe
  2⤵
  PID:8304
- C:\Windows\System\lqStbqM.exe
  C:\Windows\System\lqStbqM.exe
  2⤵
  PID:8360
- C:\Windows\System\bwuumqB.exe
  C:\Windows\System\bwuumqB.exe
  2⤵
  PID:8480
- C:\Windows\System\ygvmwbt.exe
  C:\Windows\System\ygvmwbt.exe
  2⤵
  PID:8584
- C:\Windows\System\hWKxSsU.exe
  C:\Windows\System\hWKxSsU.exe
  2⤵
  PID:7744
- C:\Windows\System\QrGOJQv.exe
  C:\Windows\System\QrGOJQv.exe
  2⤵
  PID:8700
- C:\Windows\System\DvlaDux.exe
  C:\Windows\System\DvlaDux.exe
  2⤵
  PID:8752
- C:\Windows\System\JrCGDOq.exe
  C:\Windows\System\JrCGDOq.exe
  2⤵
  PID:8876
- C:\Windows\System\vILkUvb.exe
  C:\Windows\System\vILkUvb.exe
  2⤵
  PID:8844
- C:\Windows\System\nPtvbGv.exe
  C:\Windows\System\nPtvbGv.exe
  2⤵
  PID:8940
- C:\Windows\System\ErytTdX.exe
  C:\Windows\System\ErytTdX.exe
  2⤵
  PID:9020
- C:\Windows\System\hxDQBCz.exe
  C:\Windows\System\hxDQBCz.exe
  2⤵
  PID:9080
- C:\Windows\System\SrTdqDJ.exe
  C:\Windows\System\SrTdqDJ.exe
  2⤵
  PID:9176
- C:\Windows\System\ULwZmMP.exe
  C:\Windows\System\ULwZmMP.exe
  2⤵
  PID:8300
- C:\Windows\System\ysnUwJi.exe
  C:\Windows\System\ysnUwJi.exe
  2⤵
  PID:8420
- C:\Windows\System\QdVdWTd.exe
  C:\Windows\System\QdVdWTd.exe
  2⤵
  PID:8532
- C:\Windows\System\BFuUfIC.exe
  C:\Windows\System\BFuUfIC.exe
  2⤵
  PID:8688
- C:\Windows\System\OIOwOzb.exe
  C:\Windows\System\OIOwOzb.exe
  2⤵
  PID:8900
- C:\Windows\System\KXXUnCV.exe
  C:\Windows\System\KXXUnCV.exe
  2⤵
  PID:9048
- C:\Windows\System\WjZgxzM.exe
  C:\Windows\System\WjZgxzM.exe
  2⤵
  PID:9148
- C:\Windows\System\hDhZZbA.exe
  C:\Windows\System\hDhZZbA.exe
  2⤵
  PID:8468
- C:\Windows\System\AKvWdcf.exe
  C:\Windows\System\AKvWdcf.exe
  2⤵
  PID:8712
- C:\Windows\System\yllMIJD.exe
  C:\Windows\System\yllMIJD.exe
  2⤵
  PID:8276
- C:\Windows\System\qywkhbk.exe
  C:\Windows\System\qywkhbk.exe
  2⤵
  PID:9196
- C:\Windows\System\fgzzunM.exe
  C:\Windows\System\fgzzunM.exe
  2⤵
  PID:9236
- C:\Windows\System\nIoCBSd.exe
  C:\Windows\System\nIoCBSd.exe
  2⤵
  PID:9264
- C:\Windows\System\RMCywYU.exe
  C:\Windows\System\RMCywYU.exe
  2⤵
  PID:9280
- C:\Windows\System\gamOdcN.exe
  C:\Windows\System\gamOdcN.exe
  2⤵
  PID:9296
- C:\Windows\System\YQKGgES.exe
  C:\Windows\System\YQKGgES.exe
  2⤵
  PID:9312
- C:\Windows\System\LFCODtu.exe
  C:\Windows\System\LFCODtu.exe
  2⤵
  PID:9352
- C:\Windows\System\PybWuuu.exe
  C:\Windows\System\PybWuuu.exe
  2⤵
  PID:9404
- C:\Windows\System\mKqKiyY.exe
  C:\Windows\System\mKqKiyY.exe
  2⤵
  PID:9420
- C:\Windows\System\aQXMRZB.exe
  C:\Windows\System\aQXMRZB.exe
  2⤵
  PID:9460
- C:\Windows\System\mjDCVKz.exe
  C:\Windows\System\mjDCVKz.exe
  2⤵
  PID:9484
- C:\Windows\System\XPXXkKi.exe
  C:\Windows\System\XPXXkKi.exe
  2⤵
  PID:9516
- C:\Windows\System\IAaIFQq.exe
  C:\Windows\System\IAaIFQq.exe
  2⤵
  PID:9544
- C:\Windows\System\DLfRGwf.exe
  C:\Windows\System\DLfRGwf.exe
  2⤵
  PID:9572
- C:\Windows\System\cMMUwpP.exe
  C:\Windows\System\cMMUwpP.exe
  2⤵
  PID:9596
- C:\Windows\System\ZdTHcpe.exe
  C:\Windows\System\ZdTHcpe.exe
  2⤵
  PID:9616
- C:\Windows\System\NdJyFDc.exe
  C:\Windows\System\NdJyFDc.exe
  2⤵
  PID:9660
- C:\Windows\System\VrmnDbk.exe
  C:\Windows\System\VrmnDbk.exe
  2⤵
  PID:9688
- C:\Windows\System\bZesiNy.exe
  C:\Windows\System\bZesiNy.exe
  2⤵
  PID:9704
- C:\Windows\System\yoBlllh.exe
  C:\Windows\System\yoBlllh.exe
  2⤵
  PID:9744
- C:\Windows\System\NcCcABy.exe
  C:\Windows\System\NcCcABy.exe
  2⤵
  PID:9772
- C:\Windows\System\fcinLiB.exe
  C:\Windows\System\fcinLiB.exe
  2⤵
  PID:9816
- C:\Windows\System\omrZkCM.exe
  C:\Windows\System\omrZkCM.exe
  2⤵
  PID:9836
- C:\Windows\System\jCOairw.exe
  C:\Windows\System\jCOairw.exe
  2⤵
  PID:9864
- C:\Windows\System\KWPxVod.exe
  C:\Windows\System\KWPxVod.exe
  2⤵
  PID:9888
- C:\Windows\System\LLjFNtf.exe
  C:\Windows\System\LLjFNtf.exe
  2⤵
  PID:9928
- C:\Windows\System\NkrDyNI.exe
  C:\Windows\System\NkrDyNI.exe
  2⤵
  PID:9972
- C:\Windows\System\kaQwANc.exe
  C:\Windows\System\kaQwANc.exe
  2⤵
  PID:10008
- C:\Windows\System\XIFbxsV.exe
  C:\Windows\System\XIFbxsV.exe
  2⤵
  PID:10048
- C:\Windows\System\enbiMVS.exe
  C:\Windows\System\enbiMVS.exe
  2⤵
  PID:10076
- C:\Windows\System\pvaIGwG.exe
  C:\Windows\System\pvaIGwG.exe
  2⤵
  PID:10132
- C:\Windows\System\HDvadPF.exe
  C:\Windows\System\HDvadPF.exe
  2⤵
  PID:10160
- C:\Windows\System\bbOelet.exe
  C:\Windows\System\bbOelet.exe
  2⤵
  PID:10208
- C:\Windows\System\UOgqrAR.exe
  C:\Windows\System\UOgqrAR.exe
  2⤵
  PID:10224
- C:\Windows\System\dLFjFZe.exe
  C:\Windows\System\dLFjFZe.exe
  2⤵
  PID:9012
- C:\Windows\System\JusjYRf.exe
  C:\Windows\System\JusjYRf.exe
  2⤵
  PID:9288
- C:\Windows\System\SwXtGRj.exe
  C:\Windows\System\SwXtGRj.exe
  2⤵
  PID:9360
- C:\Windows\System\jVQabkc.exe
  C:\Windows\System\jVQabkc.exe
  2⤵
  PID:9388
- C:\Windows\System\HYUQCyW.exe
  C:\Windows\System\HYUQCyW.exe
  2⤵
  PID:9500
- C:\Windows\System\aDrgxLw.exe
  C:\Windows\System\aDrgxLw.exe
  2⤵
  PID:9564
- C:\Windows\System\jJpDRFg.exe
  C:\Windows\System\jJpDRFg.exe
  2⤵
  PID:9628
- C:\Windows\System\mLiTCaO.exe
  C:\Windows\System\mLiTCaO.exe
  2⤵
  PID:9696
- C:\Windows\System\NakwweL.exe
  C:\Windows\System\NakwweL.exe
  2⤵
  PID:9728
- C:\Windows\System\LAzKHza.exe
  C:\Windows\System\LAzKHza.exe
  2⤵
  PID:9824
- C:\Windows\System\eZEhiEP.exe
  C:\Windows\System\eZEhiEP.exe
  2⤵
  PID:2844
- C:\Windows\System\JiCKqoZ.exe
  C:\Windows\System\JiCKqoZ.exe
  2⤵
  PID:9968
- C:\Windows\System\IyJxXMi.exe
  C:\Windows\System\IyJxXMi.exe
  2⤵
  PID:10064
- C:\Windows\System\dzERcyI.exe
  C:\Windows\System\dzERcyI.exe
  2⤵
  PID:10196
- C:\Windows\System\iHyhzjB.exe
  C:\Windows\System\iHyhzjB.exe
  2⤵
  PID:9220
- C:\Windows\System\xhuqHyh.exe
  C:\Windows\System\xhuqHyh.exe
  2⤵
  PID:9536
- C:\Windows\System\sDAjaOz.exe
  C:\Windows\System\sDAjaOz.exe
  2⤵
  PID:9580
- C:\Windows\System\DamKnuN.exe
  C:\Windows\System\DamKnuN.exe
  2⤵
  PID:9812
- C:\Windows\System\cPDFOCv.exe
  C:\Windows\System\cPDFOCv.exe
  2⤵
  PID:10004
- C:\Windows\System\QYditFq.exe
  C:\Windows\System\QYditFq.exe
  2⤵
  PID:10112
- C:\Windows\System\gCVVULi.exe
  C:\Windows\System\gCVVULi.exe
  2⤵
  PID:9672
- C:\Windows\System\iiPRNms.exe
  C:\Windows\System\iiPRNms.exe
  2⤵
  PID:9960
- C:\Windows\System\SqWSecX.exe
  C:\Windows\System\SqWSecX.exe
  2⤵
  PID:10288
- C:\Windows\System\HzOKSzY.exe
  C:\Windows\System\HzOKSzY.exe
  2⤵
  PID:10308
- C:\Windows\System\bsNdZeg.exe
  C:\Windows\System\bsNdZeg.exe
  2⤵
  PID:10332
- C:\Windows\System\tufMkMa.exe
  C:\Windows\System\tufMkMa.exe
  2⤵
  PID:10364
- C:\Windows\System\KYrADyA.exe
  C:\Windows\System\KYrADyA.exe
  2⤵
  PID:10404
- C:\Windows\System\Nyxudtx.exe
  C:\Windows\System\Nyxudtx.exe
  2⤵
  PID:10424
- C:\Windows\System\xjaHtoL.exe
  C:\Windows\System\xjaHtoL.exe
  2⤵
  PID:10452
- C:\Windows\System\GXZroho.exe
  C:\Windows\System\GXZroho.exe
  2⤵
  PID:10476
- C:\Windows\System\EaJZaqd.exe
  C:\Windows\System\EaJZaqd.exe
  2⤵
  PID:10516
- C:\Windows\System\AvLKvas.exe
  C:\Windows\System\AvLKvas.exe
  2⤵
  PID:10540
- C:\Windows\System\LdMouse.exe
  C:\Windows\System\LdMouse.exe
  2⤵
  PID:10560
- C:\Windows\System\TQHazcY.exe
  C:\Windows\System\TQHazcY.exe
  2⤵
  PID:10584
- C:\Windows\System\NqwggZK.exe
  C:\Windows\System\NqwggZK.exe
  2⤵
  PID:10632
- C:\Windows\System\oWIsows.exe
  C:\Windows\System\oWIsows.exe
  2⤵
  PID:10652
- C:\Windows\System\BKMoItc.exe
  C:\Windows\System\BKMoItc.exe
  2⤵
  PID:10672
- C:\Windows\System\tpvyRrt.exe
  C:\Windows\System\tpvyRrt.exe
  2⤵
  PID:10692
- C:\Windows\System\oWSsMRz.exe
  C:\Windows\System\oWSsMRz.exe
  2⤵
  PID:10724
- C:\Windows\System\rtdwwCe.exe
  C:\Windows\System\rtdwwCe.exe
  2⤵
  PID:10752
- C:\Windows\System\nlETIhw.exe
  C:\Windows\System\nlETIhw.exe
  2⤵
  PID:10780
- C:\Windows\System\chUeqqH.exe
  C:\Windows\System\chUeqqH.exe
  2⤵
  PID:10824
- C:\Windows\System\kDlkEnL.exe
  C:\Windows\System\kDlkEnL.exe
  2⤵
  PID:10840
- C:\Windows\System\rKEqupG.exe
  C:\Windows\System\rKEqupG.exe
  2⤵
  PID:10884
- C:\Windows\System\MkGgfLh.exe
  C:\Windows\System\MkGgfLh.exe
  2⤵
  PID:10912
- C:\Windows\System\goTtwwS.exe
  C:\Windows\System\goTtwwS.exe
  2⤵
  PID:10944
- C:\Windows\System\bnFgzWQ.exe
  C:\Windows\System\bnFgzWQ.exe
  2⤵
  PID:10968
- C:\Windows\System\uTypBFA.exe
  C:\Windows\System\uTypBFA.exe
  2⤵
  PID:11000
- C:\Windows\System\LYyEMRQ.exe
  C:\Windows\System\LYyEMRQ.exe
  2⤵
  PID:11024
- C:\Windows\System\wDaSZiV.exe
  C:\Windows\System\wDaSZiV.exe
  2⤵
  PID:11040
- C:\Windows\System\WdzEIRr.exe
  C:\Windows\System\WdzEIRr.exe
  2⤵
  PID:11072
- C:\Windows\System\SzvxLKO.exe
  C:\Windows\System\SzvxLKO.exe
  2⤵
  PID:11096
- C:\Windows\System\WvwFWRx.exe
  C:\Windows\System\WvwFWRx.exe
  2⤵
  PID:11128
- C:\Windows\System\gZMQHuK.exe
  C:\Windows\System\gZMQHuK.exe
  2⤵
  PID:11168
- C:\Windows\System\jzBKCSu.exe
  C:\Windows\System\jzBKCSu.exe
  2⤵
  PID:11212
- C:\Windows\System\xRegFRU.exe
  C:\Windows\System\xRegFRU.exe
  2⤵
  PID:11236
- C:\Windows\System\DZQObuq.exe
  C:\Windows\System\DZQObuq.exe
  2⤵
  PID:11260
- C:\Windows\System\paLHPSx.exe
  C:\Windows\System\paLHPSx.exe
  2⤵
  PID:10024
- C:\Windows\System\neSAzJl.exe
  C:\Windows\System\neSAzJl.exe
  2⤵
  PID:10304
- C:\Windows\System\KBgQhDN.exe
  C:\Windows\System\KBgQhDN.exe
  2⤵
  PID:10388
- C:\Windows\System\KJUbyay.exe
  C:\Windows\System\KJUbyay.exe
  2⤵
  PID:10448
- C:\Windows\System\xgccwzL.exe
  C:\Windows\System\xgccwzL.exe
  2⤵
  PID:10504
- C:\Windows\System\uVWSAcZ.exe
  C:\Windows\System\uVWSAcZ.exe
  2⤵
  PID:10580
- C:\Windows\System\WMZEbLe.exe
  C:\Windows\System\WMZEbLe.exe
  2⤵
  PID:10644
- C:\Windows\System\YzjWHYu.exe
  C:\Windows\System\YzjWHYu.exe
  2⤵
  PID:10684
- C:\Windows\System\VKLLbJW.exe
  C:\Windows\System\VKLLbJW.exe
  2⤵
  PID:10812
- C:\Windows\System\tuhmcKa.exe
  C:\Windows\System\tuhmcKa.exe
  2⤵
  PID:10808
- C:\Windows\System\vECCVbW.exe
  C:\Windows\System\vECCVbW.exe
  2⤵
  PID:10928
- C:\Windows\System\zjClCac.exe
  C:\Windows\System\zjClCac.exe
  2⤵
  PID:10996
- C:\Windows\System\LXShtOO.exe
  C:\Windows\System\LXShtOO.exe
  2⤵
  PID:11080
- C:\Windows\System\hVnqrkg.exe
  C:\Windows\System\hVnqrkg.exe
  2⤵
  PID:11120
- C:\Windows\System\rEkYmdy.exe
  C:\Windows\System\rEkYmdy.exe
  2⤵
  PID:11176
- C:\Windows\System\qSongko.exe
  C:\Windows\System\qSongko.exe
  2⤵
  PID:9648
- C:\Windows\System\pcPrruU.exe
  C:\Windows\System\pcPrruU.exe
  2⤵
  PID:10344
- C:\Windows\System\yMZNyoz.exe
  C:\Windows\System\yMZNyoz.exe
  2⤵
  PID:10468
- C:\Windows\System\LAIrCGy.exe
  C:\Windows\System\LAIrCGy.exe
  2⤵
  PID:10576
- C:\Windows\System\onVJTsc.exe
  C:\Windows\System\onVJTsc.exe
  2⤵
  PID:10708
- C:\Windows\System\OgcfLFe.exe
  C:\Windows\System\OgcfLFe.exe
  2⤵
  PID:10908
- C:\Windows\System\pPFdStV.exe
  C:\Windows\System\pPFdStV.exe
  2⤵
  PID:11056
- C:\Windows\System\zLafMQO.exe
  C:\Windows\System\zLafMQO.exe
  2⤵
  PID:3480
- C:\Windows\System\XCRDUCG.exe
  C:\Windows\System\XCRDUCG.exe
  2⤵
  PID:10400
- C:\Windows\System\IBtHzjo.exe
  C:\Windows\System\IBtHzjo.exe
  2⤵
  PID:10712
- C:\Windows\System\TWtFdGa.exe
  C:\Windows\System\TWtFdGa.exe
  2⤵
  PID:11016
- C:\Windows\System\YBFKasf.exe
  C:\Windows\System\YBFKasf.exe
  2⤵
  PID:11252
- C:\Windows\System\EajcpaB.exe
  C:\Windows\System\EajcpaB.exe
  2⤵
  PID:11116
- C:\Windows\System\zCTskDh.exe
  C:\Windows\System\zCTskDh.exe
  2⤵
  PID:11272
- C:\Windows\System\tHtsLae.exe
  C:\Windows\System\tHtsLae.exe
  2⤵
  PID:11304
- C:\Windows\System\ZeUXDlB.exe
  C:\Windows\System\ZeUXDlB.exe
  2⤵
  PID:11324
- C:\Windows\System\KbZSjKl.exe
  C:\Windows\System\KbZSjKl.exe
  2⤵
  PID:11364
- C:\Windows\System\aHJBlfa.exe
  C:\Windows\System\aHJBlfa.exe
  2⤵
  PID:11392
- C:\Windows\System\ZyamuRj.exe
  C:\Windows\System\ZyamuRj.exe
  2⤵
  PID:11412
- C:\Windows\System\sXPkCoe.exe
  C:\Windows\System\sXPkCoe.exe
  2⤵
  PID:11448
- C:\Windows\System\ZZeoyAm.exe
  C:\Windows\System\ZZeoyAm.exe
  2⤵
  PID:11476
- C:\Windows\System\NCmJNVD.exe
  C:\Windows\System\NCmJNVD.exe
  2⤵
  PID:11504
- C:\Windows\System\AiILHDC.exe
  C:\Windows\System\AiILHDC.exe
  2⤵
  PID:11532
- C:\Windows\System\oUADLZf.exe
  C:\Windows\System\oUADLZf.exe
  2⤵
  PID:11560
- C:\Windows\System\QMfzLog.exe
  C:\Windows\System\QMfzLog.exe
  2⤵
  PID:11588
- C:\Windows\System\qgEedYV.exe
  C:\Windows\System\qgEedYV.exe
  2⤵
  PID:11616
- C:\Windows\System\ujbIduH.exe
  C:\Windows\System\ujbIduH.exe
  2⤵
  PID:11644
- C:\Windows\System\BKxTsVu.exe
  C:\Windows\System\BKxTsVu.exe
  2⤵
  PID:11672
- C:\Windows\System\zAyfXAH.exe
  C:\Windows\System\zAyfXAH.exe
  2⤵
  PID:11700
- C:\Windows\System\easAdvW.exe
  C:\Windows\System\easAdvW.exe
  2⤵
  PID:11720
- C:\Windows\System\oiBvVIO.exe
  C:\Windows\System\oiBvVIO.exe
  2⤵
  PID:11744
- C:\Windows\System\EgxqgCN.exe
  C:\Windows\System\EgxqgCN.exe
  2⤵
  PID:11772
- C:\Windows\System\lZXciZd.exe
  C:\Windows\System\lZXciZd.exe
  2⤵
  PID:11800
- C:\Windows\System\iuLFNAJ.exe
  C:\Windows\System\iuLFNAJ.exe
  2⤵
  PID:11840
- C:\Windows\System\cGMhsxW.exe
  C:\Windows\System\cGMhsxW.exe
  2⤵
  PID:11872
- C:\Windows\System\foAHGri.exe
  C:\Windows\System\foAHGri.exe
  2⤵
  PID:11900
- C:\Windows\System\ElItYgj.exe
  C:\Windows\System\ElItYgj.exe
  2⤵
  PID:11928
- C:\Windows\System\TfrJWvd.exe
  C:\Windows\System\TfrJWvd.exe
  2⤵
  PID:11956
- C:\Windows\System\aYDdsns.exe
  C:\Windows\System\aYDdsns.exe
  2⤵
  PID:11984
- C:\Windows\System\agqQJqi.exe
  C:\Windows\System\agqQJqi.exe
  2⤵
  PID:12000
- C:\Windows\System\NbMnymO.exe
  C:\Windows\System\NbMnymO.exe
  2⤵
  PID:12024
- C:\Windows\System\rZinlQq.exe
  C:\Windows\System\rZinlQq.exe
  2⤵
  PID:12044
- C:\Windows\System\HmxLisj.exe
  C:\Windows\System\HmxLisj.exe
  2⤵
  PID:12072
- C:\Windows\System\niqzngw.exe
  C:\Windows\System\niqzngw.exe
  2⤵
  PID:12104
- C:\Windows\System\gmSvxXp.exe
  C:\Windows\System\gmSvxXp.exe
  2⤵
  PID:12136
- C:\Windows\System\shTUHJO.exe
  C:\Windows\System\shTUHJO.exe
  2⤵
  PID:12172
- C:\Windows\System\xHWsOwz.exe
  C:\Windows\System\xHWsOwz.exe
  2⤵
  PID:12196
- C:\Windows\System\LJOWfNI.exe
  C:\Windows\System\LJOWfNI.exe
  2⤵
  PID:12236
- C:\Windows\System\HxkdrxU.exe
  C:\Windows\System\HxkdrxU.exe
  2⤵
  PID:12264
- C:\Windows\System\idlqxwq.exe
  C:\Windows\System\idlqxwq.exe
  2⤵
  PID:12284
- C:\Windows\System\GATkHdb.exe
  C:\Windows\System\GATkHdb.exe
  2⤵
  PID:11288
- C:\Windows\System\jKfelrR.exe
  C:\Windows\System\jKfelrR.exe
  2⤵
  PID:11388
- C:\Windows\System\zrGAYLw.exe
  C:\Windows\System\zrGAYLw.exe
  2⤵
  PID:11444
- C:\Windows\System\ahVRErz.exe
  C:\Windows\System\ahVRErz.exe
  2⤵
  PID:11492
- C:\Windows\System\DStpbHX.exe
  C:\Windows\System\DStpbHX.exe
  2⤵
  PID:11556
- C:\Windows\System\ATOUBpu.exe
  C:\Windows\System\ATOUBpu.exe
  2⤵
  PID:11628
- C:\Windows\System\ECHIkUa.exe
  C:\Windows\System\ECHIkUa.exe
  2⤵
  PID:11688
- C:\Windows\System\PtBbuyx.exe
  C:\Windows\System\PtBbuyx.exe
  2⤵
  PID:11756
- C:\Windows\System\IKABIGI.exe
  C:\Windows\System\IKABIGI.exe
  2⤵
  PID:11764
- C:\Windows\System\RaOWujR.exe
  C:\Windows\System\RaOWujR.exe
  2⤵
  PID:11856
- C:\Windows\System\ysJXYox.exe
  C:\Windows\System\ysJXYox.exe
  2⤵
  PID:11924
- C:\Windows\System\kIxhGwX.exe
  C:\Windows\System\kIxhGwX.exe
  2⤵
  PID:620
- C:\Windows\System\LAXUIoS.exe
  C:\Windows\System\LAXUIoS.exe
  2⤵
  PID:12060
- C:\Windows\System\QPNXfqc.exe
  C:\Windows\System\QPNXfqc.exe
  2⤵
  PID:12124
- C:\Windows\System\lcfqtbJ.exe
  C:\Windows\System\lcfqtbJ.exe
  2⤵
  PID:12220
- C:\Windows\System\gPqcjPy.exe
  C:\Windows\System\gPqcjPy.exe
  2⤵
  PID:12280
- C:\Windows\System\iwCoPIZ.exe
  C:\Windows\System\iwCoPIZ.exe
  2⤵
  PID:11436
- C:\Windows\System\rqqgpRk.exe
  C:\Windows\System\rqqgpRk.exe
  2⤵
  PID:11612
- C:\Windows\System\zElogvp.exe
  C:\Windows\System\zElogvp.exe
  2⤵
  PID:11740
- C:\Windows\System\PWQqYzi.exe
  C:\Windows\System\PWQqYzi.exe
  2⤵
  PID:3976
- C:\Windows\System\ZpiAVki.exe
  C:\Windows\System\ZpiAVki.exe
  2⤵
  PID:12112
- C:\Windows\System\tWTeXZG.exe
  C:\Windows\System\tWTeXZG.exe
  2⤵
  PID:12248
- C:\Windows\System\YwJOOsf.exe
  C:\Windows\System\YwJOOsf.exe
  2⤵
  PID:11528
- C:\Windows\System\uLqsySb.exe
  C:\Windows\System\uLqsySb.exe
  2⤵
  PID:11916
- C:\Windows\System\yZPWxxf.exe
  C:\Windows\System\yZPWxxf.exe
  2⤵
  PID:11320
- C:\Windows\System\GtTuAFt.exe
  C:\Windows\System\GtTuAFt.exe
  2⤵
  PID:12312
- C:\Windows\System\MrtCzTN.exe
  C:\Windows\System\MrtCzTN.exe
  2⤵
  PID:12340
- C:\Windows\System\zehccfA.exe
  C:\Windows\System\zehccfA.exe
  2⤵
  PID:12368
- C:\Windows\System\vvnCDlN.exe
  C:\Windows\System\vvnCDlN.exe
  2⤵
  PID:12396
- C:\Windows\System\CuRhJGw.exe
  C:\Windows\System\CuRhJGw.exe
  2⤵
  PID:12424
- C:\Windows\System\aJpbRDY.exe
  C:\Windows\System\aJpbRDY.exe
  2⤵
  PID:12448
- C:\Windows\System\hvTSJUQ.exe
  C:\Windows\System\hvTSJUQ.exe
  2⤵
  PID:12468
- C:\Windows\System\EhWSjis.exe
  C:\Windows\System\EhWSjis.exe
  2⤵
  PID:12508
- C:\Windows\System\AwwzOgx.exe
  C:\Windows\System\AwwzOgx.exe
  2⤵
  PID:12536
- C:\Windows\System\uEXSxvz.exe
  C:\Windows\System\uEXSxvz.exe
  2⤵
  PID:12560
- C:\Windows\System\XWUVlcB.exe
  C:\Windows\System\XWUVlcB.exe
  2⤵
  PID:12580
- C:\Windows\System\WsGQMEc.exe
  C:\Windows\System\WsGQMEc.exe
  2⤵
  PID:12620
- C:\Windows\System\XdSOHvc.exe
  C:\Windows\System\XdSOHvc.exe
  2⤵
  PID:12648
- C:\Windows\System\bzleIpr.exe
  C:\Windows\System\bzleIpr.exe
  2⤵
  PID:12668
- C:\Windows\System\KmqCkOi.exe
  C:\Windows\System\KmqCkOi.exe
  2⤵
  PID:12696
- C:\Windows\System\uxaSEhm.exe
  C:\Windows\System\uxaSEhm.exe
  2⤵
  PID:12732
- C:\Windows\System\YOYFcYB.exe
  C:\Windows\System\YOYFcYB.exe
  2⤵
  PID:12752
- C:\Windows\System\cYeBbyK.exe
  C:\Windows\System\cYeBbyK.exe
  2⤵
  PID:12776
- C:\Windows\System\vDBQzja.exe
  C:\Windows\System\vDBQzja.exe
  2⤵
  PID:12816
- C:\Windows\System\WYHqKlZ.exe
  C:\Windows\System\WYHqKlZ.exe
  2⤵
  PID:12836
- C:\Windows\System\IDdKuhb.exe
  C:\Windows\System\IDdKuhb.exe
  2⤵
  PID:12864
- C:\Windows\System\JFNxEmu.exe
  C:\Windows\System\JFNxEmu.exe
  2⤵
  PID:12900
- C:\Windows\System\mSZszrw.exe
  C:\Windows\System\mSZszrw.exe
  2⤵
  PID:12928
- C:\Windows\System\IzItLKM.exe
  C:\Windows\System\IzItLKM.exe
  2⤵
  PID:12956
- C:\Windows\System\yiOBRrO.exe
  C:\Windows\System\yiOBRrO.exe
  2⤵
  PID:12984
- C:\Windows\System\fcGZOFn.exe
  C:\Windows\System\fcGZOFn.exe
  2⤵
  PID:13004
- C:\Windows\System\mEoMOEC.exe
  C:\Windows\System\mEoMOEC.exe
  2⤵
  PID:13036
- C:\Windows\System\TkDPVMd.exe
  C:\Windows\System\TkDPVMd.exe
  2⤵
  PID:13056
- C:\Windows\System\FurKmDT.exe
  C:\Windows\System\FurKmDT.exe
  2⤵
  PID:13084
- C:\Windows\System\kEWPsAl.exe
  C:\Windows\System\kEWPsAl.exe
  2⤵
  PID:13124
- C:\Windows\System\NiwUUDP.exe
  C:\Windows\System\NiwUUDP.exe
  2⤵
  PID:13140
- C:\Windows\System\nAjAJPq.exe
  C:\Windows\System\nAjAJPq.exe
  2⤵
  PID:13168
- C:\Windows\System\tLkWKvy.exe
  C:\Windows\System\tLkWKvy.exe
  2⤵
  PID:13196
- C:\Windows\System\BRAsSAT.exe
  C:\Windows\System\BRAsSAT.exe
  2⤵
  PID:13228
- C:\Windows\System\QWTKQag.exe
  C:\Windows\System\QWTKQag.exe
  2⤵
  PID:13256
- C:\Windows\System\hKBiiQF.exe
  C:\Windows\System\hKBiiQF.exe
  2⤵
  PID:13280
- C:\Windows\System\oWuGCXb.exe
  C:\Windows\System\oWuGCXb.exe
  2⤵
  PID:13300
- C:\Windows\System\EBzULVC.exe
  C:\Windows\System\EBzULVC.exe
  2⤵
  PID:12292
- C:\Windows\System\ObSpjPs.exe
  C:\Windows\System\ObSpjPs.exe
  2⤵
  PID:12392
- C:\Windows\System\woFhBMr.exe
  C:\Windows\System\woFhBMr.exe
  2⤵
  PID:12416
- C:\Windows\System\iKdFNjB.exe
  C:\Windows\System\iKdFNjB.exe
  2⤵
  PID:12492
- C:\Windows\System\LzVMQTY.exe
  C:\Windows\System\LzVMQTY.exe
  2⤵
  PID:12552
- C:\Windows\System\iQLoOJb.exe
  C:\Windows\System\iQLoOJb.exe
  2⤵
  PID:12592
- C:\Windows\System\xOOdGmp.exe
  C:\Windows\System\xOOdGmp.exe
  2⤵
  PID:12656
- C:\Windows\System\hzMWZaZ.exe
  C:\Windows\System\hzMWZaZ.exe
  2⤵
  PID:12720
- C:\Windows\System\aZKbhqj.exe
  C:\Windows\System\aZKbhqj.exe
  2⤵
  PID:12800
- C:\Windows\System\LPFvwMc.exe
  C:\Windows\System\LPFvwMc.exe
  2⤵
  PID:12832
- C:\Windows\System\WefDFlY.exe
  C:\Windows\System\WefDFlY.exe
  2⤵
  PID:12888
- C:\Windows\System\VfIzAIA.exe
  C:\Windows\System\VfIzAIA.exe
  2⤵
  PID:12924
- C:\Windows\System\ROkULGp.exe
  C:\Windows\System\ROkULGp.exe
  2⤵
  PID:13028
- C:\Windows\System\tbdCsNy.exe
  C:\Windows\System\tbdCsNy.exe
  2⤵
  PID:13072
- C:\Windows\System\gySbFCs.exe
  C:\Windows\System\gySbFCs.exe
  2⤵
  PID:13160
- C:\Windows\System\UTcIVCC.exe
  C:\Windows\System\UTcIVCC.exe
  2⤵
  PID:13248
- C:\Windows\System\CtsdMjH.exe
  C:\Windows\System\CtsdMjH.exe
  2⤵
  PID:12336
- C:\Windows\System\VEPNPAN.exe
  C:\Windows\System\VEPNPAN.exe
  2⤵
  PID:12444
- C:\Windows\System\mRgdGXH.exe
  C:\Windows\System\mRgdGXH.exe
  2⤵
  PID:12684
- C:\Windows\System\sXdlkpT.exe
  C:\Windows\System\sXdlkpT.exe
  2⤵
  PID:12824
- C:\Windows\System\KTWkElM.exe
  C:\Windows\System\KTWkElM.exe
  2⤵
  PID:12844
- C:\Windows\System\cpBnzsh.exe
  C:\Windows\System\cpBnzsh.exe
  2⤵
  PID:12992
- C:\Windows\System\zzOIHMX.exe
  C:\Windows\System\zzOIHMX.exe
  2⤵
  PID:13236
- C:\Windows\System\eKoavtA.exe
  C:\Windows\System\eKoavtA.exe
  2⤵
  PID:12412
- C:\Windows\System\ONjWUnQ.exe
  C:\Windows\System\ONjWUnQ.exe
  2⤵
  PID:12576
- C:\Windows\System\eYBNFxW.exe
  C:\Windows\System\eYBNFxW.exe
  2⤵
  PID:12920
- C:\Windows\System\kSZifOj.exe
  C:\Windows\System\kSZifOj.exe
  2⤵
  PID:11940
- C:\Windows\System\VYBHlSA.exe
  C:\Windows\System\VYBHlSA.exe
  2⤵
  PID:13316
- C:\Windows\System\LljdKYt.exe
  C:\Windows\System\LljdKYt.exe
  2⤵
  PID:13356
- C:\Windows\System\vEWzOWm.exe
  C:\Windows\System\vEWzOWm.exe
  2⤵
  PID:13392
- C:\Windows\System\JGgYvWh.exe
  C:\Windows\System\JGgYvWh.exe
  2⤵
  PID:13416
- C:\Windows\System\bQwaeqC.exe
  C:\Windows\System\bQwaeqC.exe
  2⤵
  PID:13436
- C:\Windows\System\xWDoThH.exe
  C:\Windows\System\xWDoThH.exe
  2⤵
  PID:13452
- C:\Windows\System\VXXXkZe.exe
  C:\Windows\System\VXXXkZe.exe
  2⤵
  PID:13476
- C:\Windows\System\ahiYBOo.exe
  C:\Windows\System\ahiYBOo.exe
  2⤵
  PID:13508
- C:\Windows\System\FjDVOdL.exe
  C:\Windows\System\FjDVOdL.exe
  2⤵
  PID:13560
- C:\Windows\System\JkYaVJn.exe
  C:\Windows\System\JkYaVJn.exe
  2⤵
  PID:13580
- C:\Windows\System\asubCyN.exe
  C:\Windows\System\asubCyN.exe
  2⤵
  PID:13604
- C:\Windows\System\ZSaeMGi.exe
  C:\Windows\System\ZSaeMGi.exe
  2⤵
  PID:13620
- C:\Windows\System\qUsIybE.exe
  C:\Windows\System\qUsIybE.exe
  2⤵
  PID:13652
- C:\Windows\System\LENZhfS.exe
  C:\Windows\System\LENZhfS.exe
  2⤵
  PID:13676
- C:\Windows\System\EAUSOJE.exe
  C:\Windows\System\EAUSOJE.exe
  2⤵
  PID:13696
- C:\Windows\System\DZRrMMz.exe
  C:\Windows\System\DZRrMMz.exe
  2⤵
  PID:13712
- C:\Windows\System\olqgzXB.exe
  C:\Windows\System\olqgzXB.exe
  2⤵
  PID:13736
- C:\Windows\System\dMNRJEL.exe
  C:\Windows\System\dMNRJEL.exe
  2⤵
  PID:13800
- C:\Windows\System\fGvTyWh.exe
  C:\Windows\System\fGvTyWh.exe
  2⤵
  PID:13840
- C:\Windows\System\BGjRXrZ.exe
  C:\Windows\System\BGjRXrZ.exe
  2⤵
  PID:13856
- C:\Windows\System\UYeRtLY.exe
  C:\Windows\System\UYeRtLY.exe
  2⤵
  PID:13880
- C:\Windows\System\fAOyKpg.exe
  C:\Windows\System\fAOyKpg.exe
  2⤵
  PID:13924
- C:\Windows\System\sdNHECb.exe
  C:\Windows\System\sdNHECb.exe
  2⤵
  PID:13940
- C:\Windows\System\LMYzqqt.exe
  C:\Windows\System\LMYzqqt.exe
  2⤵
  PID:13980
- C:\Windows\System\WODiTnz.exe
  C:\Windows\System\WODiTnz.exe
  2⤵
  PID:14008
- C:\Windows\System\ZbNPyoa.exe
  C:\Windows\System\ZbNPyoa.exe
  2⤵
  PID:14024
- C:\Windows\System\UaFczZW.exe
  C:\Windows\System\UaFczZW.exe
  2⤵
  PID:14064
- C:\Windows\System\WDTgZTr.exe
  C:\Windows\System\WDTgZTr.exe
  2⤵
  PID:14080
- C:\Windows\System\wBlipLH.exe
  C:\Windows\System\wBlipLH.exe
  2⤵
  PID:14120
- C:\Windows\System\tBpTOYg.exe
  C:\Windows\System\tBpTOYg.exe
  2⤵
  PID:14136
- C:\Windows\System\LPZJCbd.exe
  C:\Windows\System\LPZJCbd.exe
  2⤵
  PID:14156
- C:\Windows\System\bQmrhMr.exe
  C:\Windows\System\bQmrhMr.exe
  2⤵
  PID:14204
- C:\Windows\System\VgFgVqR.exe
  C:\Windows\System\VgFgVqR.exe
  2⤵
  PID:14228
- C:\Windows\System\OanusYU.exe
  C:\Windows\System\OanusYU.exe
  2⤵
  PID:14252
- C:\Windows\System\DoHFfuy.exe
  C:\Windows\System\DoHFfuy.exe
  2⤵
  PID:14288
- C:\Windows\System\TJDMRRr.exe
  C:\Windows\System\TJDMRRr.exe
  2⤵
  PID:14316
- C:\Windows\System\xojLrhE.exe
  C:\Windows\System\xojLrhE.exe
  2⤵
  PID:14332
- C:\Windows\System\vwkUiRV.exe
  C:\Windows\System\vwkUiRV.exe
  2⤵
  PID:13332
- C:\Windows\System\PIRsdre.exe
  C:\Windows\System\PIRsdre.exe
  2⤵
  PID:13372
- C:\Windows\System\qtwkEeb.exe
  C:\Windows\System\qtwkEeb.exe
  2⤵
  PID:13408
- C:\Windows\System\yBGzhxb.exe
  C:\Windows\System\yBGzhxb.exe
  2⤵
  PID:13472
- C:\Windows\System\ibkRRTk.exe
  C:\Windows\System\ibkRRTk.exe
  2⤵
  PID:2620
- C:\Windows\System\WElROHg.exe
  C:\Windows\System\WElROHg.exe
  2⤵
  PID:13612
- C:\Windows\System\NtuEczA.exe
  C:\Windows\System\NtuEczA.exe
  2⤵
  PID:13684
- C:\Windows\System\qEvyuXC.exe
  C:\Windows\System\qEvyuXC.exe
  2⤵
  PID:13760
- C:\Windows\System\NKTuppJ.exe
  C:\Windows\System\NKTuppJ.exe
  2⤵
  PID:13824
- C:\Windows\System\oMQzpEA.exe
  C:\Windows\System\oMQzpEA.exe
  2⤵
  PID:13872
- C:\Windows\System\sAzKUXf.exe
  C:\Windows\System\sAzKUXf.exe
  2⤵
  PID:13908
- C:\Windows\System\KvyTAKc.exe
  C:\Windows\System\KvyTAKc.exe
  2⤵
  PID:13996
- C:\Windows\System\AtRXorj.exe
  C:\Windows\System\AtRXorj.exe
  2⤵
  PID:14072
- C:\Windows\System\lOZCURk.exe
  C:\Windows\System\lOZCURk.exe
  2⤵
  PID:14128
- C:\Windows\System\OMbutoe.exe
  C:\Windows\System\OMbutoe.exe
  2⤵
  PID:14192
- C:\Windows\System\IUzbmKN.exe
  C:\Windows\System\IUzbmKN.exe
  2⤵
  PID:14248
- C:\Windows\System\oaUoIYZ.exe
  C:\Windows\System\oaUoIYZ.exe
  2⤵
  PID:12524
- C:\Windows\System\MJXaKWV.exe
  C:\Windows\System\MJXaKWV.exe
  2⤵
  PID:13404
- C:\Windows\System\pEvoHBD.exe
  C:\Windows\System\pEvoHBD.exe
  2⤵
  PID:13588
- C:\Windows\System\HnQXyGm.exe
  C:\Windows\System\HnQXyGm.exe
  2⤵
  PID:13788
- C:\Windows\System\oXATUai.exe
  C:\Windows\System\oXATUai.exe
  2⤵
  PID:13896
- C:\Windows\System\wNfnzsL.exe
  C:\Windows\System\wNfnzsL.exe
  2⤵
  PID:14056
- C:\Windows\System\bUpAdBV.exe
  C:\Windows\System\bUpAdBV.exe
  2⤵
  PID:14304
- C:\Windows\System\vwipJkx.exe
  C:\Windows\System\vwipJkx.exe
  2⤵
  PID:12748
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 12748 -s 248
    3⤵
    PID:436

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CjKHUeX.exe

Filesize
2.2MB

MD5
ed193a21b1e8908223277f07e943b565

SHA1
ad9ea0354476967d75901765626ffeb86492857e

SHA256
3147f687ebc482a9604eda695e09f18944198c2c93707caa770f9d96685a233d

SHA512
76d799738a722444a2db72d8922ece1af3b39a1af03424e5078bc1375cdeb8aac068fe372031490c906d6383e987b0b08b678de7ff68424e4e3de54e7adf0fd5

Download Submit
C:\Windows\System\Dzhqttr.exe

Filesize
2.2MB

MD5
741bbfd9b055f915e1fa836a71615313

SHA1
4da65577ec2efa876ac190661577912600a09973

SHA256
12b579cad95281872c232844dd49729107d62e9f04c9a2944dfe491c68cdad82

SHA512
9c34da7ad36dc41846a1c1bbee6b7c4dc1d326d8074042de10bea66a3124c98a5775d823d71e429d488ad6cbb9c2232ba00ccb643f1a63a5071a1322c47c3d0b

Download Submit
C:\Windows\System\GUwjwlP.exe

Filesize
2.2MB

MD5
0a90c10f455715a83fcf8a824108e02b

SHA1
1a22973582a05792ea2f44cd950091af19187802

SHA256
51d7078359ae93d14f47ef8672f9eae8887de421520e828d5ca224975ae675c5

SHA512
3908093fa7c5c01039a2232a9f6caf8e4cf753f630ea01176a7bcbfab814332e275c20be8548945c06ef5a97c70debf6254980f6e154b9b8f5dc5023c1b2b194

Download Submit
C:\Windows\System\HBjDiDD.exe

Filesize
2.2MB

MD5
116d61aabeac646be7ea40e61ffcfddb

SHA1
3e00413361c1a99b99914c76b2109a195ced23cc

SHA256
2aaa64ad49780d5e27e9499abc5e7d1dc693cca19d4b6c249cdba97fe1b0703b

SHA512
e1e7868315cb89e6c3850461efc5454484a1ab53a2bc69d57fc2227c8d1c35a656b233246b230b34f02009fad26b8f640267b11f2cbae5c8befe902cab91340e

Download Submit
C:\Windows\System\HCRsJqS.exe

Filesize
2.2MB

MD5
49e8a4f791e4eb30756c377ee1f62dbd

SHA1
24c58c234c20a65f5de9185dd2c27a060c795ea7

SHA256
3e88228a765d2d86ac11b478715e6f2c31b3a9636877cfce0594d20802c5f951

SHA512
c39ac727680c703ccc184995fed7f906a3a1680ced8cc0cb1b885eca5f5f819ae5239b44b53c1153e7014f27aec47a86cfb7be4f6d2e3f52bab6d0348d156597

Download Submit
C:\Windows\System\HGRCSzN.exe

Filesize
2.2MB

MD5
0e924b126c96de4174a5cdf63b136915

SHA1
2b5af4d5ea9c407c9b089081f35c38a89fed1eea

SHA256
4dbc19716eefd07cadd0b3dbf17f40822442f92a17c310e745edf388715eabd8

SHA512
8bf2e84fdd38dea7f8c73037dd9a829989725efe1dc3a31fcc58359ce974f2065706ee4b18e08b72fa4055cfe0815a37187523f0cef01a8cbc29aacf295fe6bc

Download Submit
C:\Windows\System\IQfbglz.exe

Filesize
2.2MB

MD5
b25426bca790336ed166b1caf2c2f54f

SHA1
7e43ff029d3d1736e652783af418bf7e4cd2b48d

SHA256
4aa039324f44526a3d67f44db9cefc9b778a620cdb6730394abca5b094ceb1f9

SHA512
4ff17089884852bbc513f503242befca4c4efe964e65f24ebc879fd32650a7118725076e6949dd4b7dc749df3c576b4ccdfea05a412b8ddba6a856161a73aecb

Download Submit
C:\Windows\System\JDZpgzd.exe

Filesize
2.2MB

MD5
5991dc2a185921cfd63c1e22bd936aef

SHA1
ed74fd2584f6119496c83009d63faa5fc4d786ff

SHA256
eb0032f1ac70ac817f3cacef95fa5d7edc44a66923fd76d5e69505bb5e9a8e42

SHA512
d56080236b73552a2368c7f4e7c63fed1102845aa6d532912b156c73d1a9a30a74e061b0c77ecd8f99caa065d71e0e90fc8705d692d4c97dd0059fdf6aea057f

Download Submit
C:\Windows\System\JLCXqsW.exe

Filesize
2.2MB

MD5
759d559cfb5d54f299ff3e22b108b1ec

SHA1
70a52653919726cf65b9481476c678276c7a3587

SHA256
2bd70c569c6ababfc01f22bbc8f2a557e1cc28b19a8643b038e3ec1d4ac2fbc3

SHA512
c5de6c80acd9e37dd3cd67aae14ff113827ef2285d106768d38f47d76ca03540902bf7031277729a872f7d58545f512524ba2672e53fb171c29a75bf431cba8b

Download Submit
C:\Windows\System\JLDtOzA.exe

Filesize
2.2MB

MD5
815c2524d35b77d6ff156a1ecfc914de

SHA1
0a96263d6c9722fa0705547ba4a0b2a22a5006d8

SHA256
d93fa1f246daf2503c1c7f10afb480c1cae88d1aedd32af4fe4969d00f5da997

SHA512
ac11bcd4cc86c0edb94d0c0e03796570f68faec2ea29ebb2e21d99c373ad26da765c93604a78cea108c70c361340bbe558def4f4796ec6e0b151f5f5e2c2ce6b

Download Submit
C:\Windows\System\KQDCivK.exe

Filesize
2.2MB

MD5
a8018d20bd92646ee9270d129a033694

SHA1
f8a4bfbcd0b69d348339e322ea05938bcf29b596

SHA256
8b0c779b56d5f11d00e2b821c30a6ee6339b8dc5546a5343e314b5f4afc325fe

SHA512
c0c1876d157d0ad8c8ffe94676bfda40fff3da8423818872ab7e79bb2e83c69fe6a8d69924e949a304cd37b5b73e0af8e32c0a00aacc0f7090411226e2e9575f

Download Submit
C:\Windows\System\KZOrrRW.exe

Filesize
2.2MB

MD5
aea6c304d652f7e8cf50f227a8d3cd76

SHA1
ced8cae9efefd6a1eb67da7eca9423ac0f1fd5d3

SHA256
81c98888ebe80b4210227a18fdb8a5d9a0ef186272e1adc454fa6d6a856c3665

SHA512
ef027ef586bb57cd378b3b81031b3b63110d9e96f216c1e411ea6c4aece9d10787fd9bd3e45692a1f970f846b4760d2f999dd595433fff4bcd139bf15280cfee

Download Submit
C:\Windows\System\PVbhEJq.exe

Filesize
2.2MB

MD5
f29ec02dac6acc09cd02443350f90450

SHA1
8ad1e61608ab95e58762791f5293545ebfef8161

SHA256
59cc4b89e4ace614a7ad87ff6b267684ec7e356e5d090a204923ebda2331b372

SHA512
6ca4bddead35df1f316056fd5fdebf63840cdc1fb01fb756653e220e23eff2470608f083d51bbc91203891ecbe32ea9ea1dbf2b1a0e19634cc80c0bc8f5f2149

Download Submit
C:\Windows\System\QSkaQcL.exe

Filesize
2.2MB

MD5
b18e0746acde2ebf0b10a045f2c87485

SHA1
b6429ce7e08d55c4d90af5e80553add28c060053

SHA256
23f47158f2aa1013c9faa764d84a87237f1f54413f0109b3092088e559f90dd1

SHA512
2f6996a7014bd3b430f74bbcb5d9c8c6a7bf87cc46f41486ed80348c3123e96b1aa0875c77f7286317d9942ba0a6d1b559fb1fac160bcda0210aad665bd0e6f1

Download Submit
C:\Windows\System\UgbamGT.exe

Filesize
2.2MB

MD5
7ed9a18c355fc32709b12e9a0e8d542b

SHA1
88dc48a7db92905b566f107ee3624c84620a451e

SHA256
fcc64dc8f75c1ab3c4dd19dd344b2256e0c4714f82a0be724aadf7bf07d25b69

SHA512
9ba5e51f89d804ff388503539ea19a6111fadb29b24ae8ce6051c3b6e30dedd2b05fdd783f858189cee233bf33d95c645e832cda9e70610b4902db6b6e57f7e5

Download Submit
C:\Windows\System\Usronhc.exe

Filesize
2.2MB

MD5
6102431f95f7e50e1b27d02cec5bb768

SHA1
d478c110ad89bb5abe38974ac7a4968c2a1c8ece

SHA256
7d72860f4fc3bb85b639bf148ceb04f136a5688f79c30581e046fa70419dc1d5

SHA512
2fca3eeeb2948d17b9fea662e7a09b8e3df07f8af8505f90841e4420044ca9676b68e9661689542d7721e65c9918b7f04cf090cf9dc1eb7099ae48f92eba138a

Download Submit
C:\Windows\System\VzVTocC.exe

Filesize
2.2MB

MD5
3f165bb9bb9ef19bfa44bdad93a9cd05

SHA1
7409dea912544aa8f66e4f656ce4e89b3c5cf793

SHA256
33e3c2432c24487b122fa110b28cf135c00aa216b00f65b9133414ab2d5f00b3

SHA512
517f5944c8d09c790994ff4df080e091bcc4788b951f8e2a1a721c3a3ce2be41e9c195a7a7065c7247fd6f131ffb462e5785ac53802be26fc8d3098e94a5c5d4

Download Submit
C:\Windows\System\WQGbBdE.exe

Filesize
2.2MB

MD5
a2c2de34756a6f65bb738a036d84699d

SHA1
85d6050302f18909d15efe0dfc78c24a8309f032

SHA256
9ce2193a62088114d81ede111b078e66e73c1d3bdf9fa3080ce948e2539ae002

SHA512
7ba6011f848f082301fd13f2053ea236e2f3353fed6b4653a244ecfa0930997ec918c2bed2625d1e36352e3f9815641e53696bf9a2457f4635a1fa76de72c221

Download Submit
C:\Windows\System\XBFkbbZ.exe

Filesize
2.2MB

MD5
7939e686e4095b3e3839e3b2bbf9dcb3

SHA1
d92a4bd792ca1baf3d4e0c9acc0b6294acb6fe4c

SHA256
014f6677c14d8e3acff2bb8ffe6b5ee5183e5079c402c2ad91d8c8691c970d11

SHA512
f7e8f3eeef7c4a3e99a47891a7dda8a66f70ff79d118a95e195eeaa8ddd3cc0478aba4cc3596f6dbc075020d81ae34b7aac1707b128791bed9dd731bd5e0e243

Download Submit
C:\Windows\System\YTOzFSJ.exe

Filesize
2.2MB

MD5
61104e0427a6cd8e07b3e3f39f90230b

SHA1
8aa26076b8b22e52339bf63ede1764bca0a8402f

SHA256
dc2afa235f15b8df7bc25a6b510656f408387c794ea84878ee2705ee486b8681

SHA512
9bcd39faa7c703bcb6a4e47aa1db013927c6e5ed3af9348f0a889dbd4a0206c067fdd5f4677db16362fc662ea34d41ccf265f721d7f66c56f1a485375c815b7e

Download Submit
C:\Windows\System\YwRcWYj.exe

Filesize
2.2MB

MD5
b603c3b82a9a1e779c39cf2f09d58a4e

SHA1
464da7453446790526deab1774a73e97a5cae218

SHA256
0b1e749ebd461af6f87831855f0510f462fd3ff413f5100e3b50234f3c84623e

SHA512
6662979f0ec6d476e658ca258ec3b65156babd8a47960e6a7c78ccf3bffe9dbdfd38dc822da265be91747437dee67724b6a947eb73148705a498a81b1baef58b

Download Submit
C:\Windows\System\ZwTzYml.exe

Filesize
2.2MB

MD5
d6992c2ba9b822548c32afba4793d901

SHA1
7c5ba5532d7b94c7a37693a53a067dbbfd34d1f6

SHA256
2a844b0bfbbabae9e7604011577266e03318ef2be41e8d3929693576b98e3791

SHA512
4cd033d1caafc68dd571fcbad61399a3c0f0a6a4d3eb08a048adf9cceee679686aa360a030193fced4428943fa0b3407cb993b2bb4975f88dc1d580a6ee2a306

Download Submit
C:\Windows\System\aFdkYSQ.exe

Filesize
2.2MB

MD5
3aac96571fdcf6a68079025c15658a31

SHA1
6bcdeaaa0b30f42d84715c6105932882093bd363

SHA256
7989d18643504d314d0ec9f9dcf69a8d112bf7d60685bc0ed0bd59eca45f748a

SHA512
1fc798595b3d9ca95564af35948f26807b7be2e3cef36acb606c817c4f40215c7a3ff6b704a577b3e308d73ad3b76d168e1017e9c1621434e116db20c55e45ba

Download Submit
C:\Windows\System\eZaNcgC.exe

Filesize
2.2MB

MD5
8f9ffda68d6bf6a3bdc77c67a3653435

SHA1
ef983fa312b776476a15e6f5f9f62724968af3cf

SHA256
db3c842cd18fd2ed05754fbeca2a367996b62b4ce92bbdf8b3f9292f257f8aa3

SHA512
1c97bb1966861e12d7d3dc6c1bc0a8ef1fb4b3272077fa589dc0ba9d9fc7b43614dd0f81e4fb3902ba8648629a42100c71da183d0d7a0da3cdbf99c69a91aad2

Download Submit
C:\Windows\System\irZUjRC.exe

Filesize
2.2MB

MD5
f000f90fcf73e2eb6832ef3777ac8069

SHA1
86f2b38e862d52ac3c4831f99ec8bb29ff9c30e9

SHA256
27e907e569bc6580f2140fc610389b9e44876d177f5236b3739414ed91af6b7c

SHA512
49582c669fa9cf6aae7fed137fed94406e4e7f2759c8589dc51fd7bcf4cdc0f44f2c8bacf70c891c614655acea13972bd78d22157a43a2b935ccab52f3cd6095

Download Submit
C:\Windows\System\psfqabF.exe

Filesize
2.2MB

MD5
00b4541ff5d17972f5e3457456d332d9

SHA1
afea4cf170822f3048d9a71443deb4822be7faab

SHA256
67185739f29033b4745eb4f463270295cb1f76458d02ca7f5bb5ffe09c092ff3

SHA512
a227ff4667a7134693acbedd472ee552312f085fb8fe9adaf49d7354baaf9c0a8746e2c3ac29e23dc892cfc6bb0203c900ef62a431c744fc529473535769f9d4

Download Submit
C:\Windows\System\ptiSvBn.exe

Filesize
2.2MB

MD5
1bd2e4333dfbac902564142ff5cb81d1

SHA1
2af1da30e9da8758bc03be704f8cc5bea8063f89

SHA256
ddd39a5436f278204203b708b46580e1e1daeb5b41d74fcae4cd2d5ca297c001

SHA512
92b2510a674c4daa14c29ee9b12b448531f9eafa2f262d680540323c85ec89ec898f1596c62e70a45ac2b116671f613c2240ac0d3c10551dee6cf8f25dd9815d

Download Submit
C:\Windows\System\rPGIIRd.exe

Filesize
2.2MB

MD5
6261de57af33fcdd774748ab591f3a4b

SHA1
16db427b97bde4f3699bedadd128dab7ef114d07

SHA256
7f0845b40fe9dbc37540a7f84bb4c836a22e4a6ee8e9d12a986aa9462b7b5f0a

SHA512
007dfbf0ee9635a16c5f1b5d0cf7751054bd5c2440af302f76238de5df125288732ea83d7d27645983a7227c7b02e41640d96e52e9e8d29cebb4a2f6dea45ead

Download Submit
C:\Windows\System\tVkFrCU.exe

Filesize
2.2MB

MD5
88922f2d1e9ebc2aa989a3ffdc263d61

SHA1
b917079d98cf0a54bb9991daeb9b2c56d824b6ea

SHA256
abb656169e7350db06401dda3c32b408c453bc9cd56418dbc49b4c536413931b

SHA512
8bcb6ffcb562b726e5cceab38b2df221467d04edc65f5f0d5a83cd41e52d2b936b0212813e1b8a7be2dfbdca208461478f8187bbc2d6c8a71e637ed1736a3ad7

Download Submit
C:\Windows\System\vMlXSHE.exe

Filesize
2.2MB

MD5
16a779ed68a20edd5c332a6f517a6aa2

SHA1
db6f700a0b2735ef7c4be28905367c2a1ba7b862

SHA256
57a5d22a761aaec576f2044e8bb5599e149b491eb0fb9f780eee17818767ca6c

SHA512
1817730f6ff1cfbe8a928ac7bbba914bf13ab4f6d481eaa0662a3460d47395cfc265748a2a29192a5bf3f1e85e5a9665d6aa454e78b5bf94dae16da96e7d1549

Download Submit
C:\Windows\System\vjQDEjO.exe

Filesize
2.2MB

MD5
adcfbf7685b139f6f1d584873b488bf4

SHA1
a3b9c9fb03e4d4e38e8519c8e34385b7cca8cf73

SHA256
c655c90dbe10950606ed86b983480300f0c54fba9f40663945887ca3d7433764

SHA512
8ee45dae397fe442ddfa04da439b28f5a538e3febf6dff9849e03011115c7e00db8b9258863d45cb1ebac54859daec4770895eebabf80dca3db89a4ef9e7e9d5

Download Submit
C:\Windows\System\vjlTODb.exe

Filesize
2.2MB

MD5
6ed586b6dff101459edf9b70c0d99051

SHA1
8f69309a51f6535da33b0ec2c27e99d3d4e752d4

SHA256
4ca9c8fe61fe5f4cbb42da902e7364fc8209fa1cb325dd027ee40437f5598d8c

SHA512
272a808548b3dfccfe93aead51b90ed3cf3a1c1ed9ad12c1241c81a7cd9819c458de392225df68dd4d7ebe4ac7071125ba89c8b413d614651b57d7126e07b9d8

Download Submit
C:\Windows\System\xjXQkhG.exe

Filesize
2.2MB

MD5
f9d7b764c0f805aee514569f0ac8923f

SHA1
b3a8237021d6ac60a0279fea3fe1d6766f1f8178

SHA256
2c3a51ee67aeb2968b71ce8ff3e093abf8a9daa038c841541db0545a23f39e91

SHA512
5953b75a04be6101c31da1e112d953a2abbe50e9bf4be65e36a2b26081ca64d71875d29ac95f64eb86b558c2c00367f343b7279df617e64fa528856966a7d933

Download Submit
memory/216-0-0x00007FF7939D0000-0x00007FF793D24000-memory.dmp

Filesize
3.3MB

Download
memory/216-1-0x000001B5F1C60000-0x000001B5F1C70000-memory.dmp

Filesize
64KB

Download
memory/692-2082-0x00007FF7A49E0000-0x00007FF7A4D34000-memory.dmp

Filesize
3.3MB

Download
memory/692-38-0x00007FF7A49E0000-0x00007FF7A4D34000-memory.dmp

Filesize
3.3MB

Download
memory/856-20-0x00007FF7DDFA0000-0x00007FF7DE2F4000-memory.dmp

Filesize
3.3MB

Download
memory/856-2075-0x00007FF7DDFA0000-0x00007FF7DE2F4000-memory.dmp

Filesize
3.3MB

Download
memory/856-2081-0x00007FF7DDFA0000-0x00007FF7DE2F4000-memory.dmp

Filesize
3.3MB

Download
memory/876-750-0x00007FF6173D0000-0x00007FF617724000-memory.dmp

Filesize
3.3MB

Download
memory/876-2087-0x00007FF6173D0000-0x00007FF617724000-memory.dmp

Filesize
3.3MB

Download
memory/1016-744-0x00007FF623F80000-0x00007FF6242D4000-memory.dmp

Filesize
3.3MB

Download
memory/1016-2095-0x00007FF623F80000-0x00007FF6242D4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-2103-0x00007FF7F3900000-0x00007FF7F3C54000-memory.dmp

Filesize
3.3MB

Download
memory/1312-764-0x00007FF7F3900000-0x00007FF7F3C54000-memory.dmp

Filesize
3.3MB

Download
memory/1504-2106-0x00007FF6BA8B0000-0x00007FF6BAC04000-memory.dmp

Filesize
3.3MB

Download
memory/1504-768-0x00007FF6BA8B0000-0x00007FF6BAC04000-memory.dmp

Filesize
3.3MB

Download
memory/1516-2080-0x00007FF7BA730000-0x00007FF7BAA84000-memory.dmp

Filesize
3.3MB

Download
memory/1516-12-0x00007FF7BA730000-0x00007FF7BAA84000-memory.dmp

Filesize
3.3MB

Download
memory/1516-2074-0x00007FF7BA730000-0x00007FF7BAA84000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2077-0x00007FF664E10000-0x00007FF665164000-memory.dmp

Filesize
3.3MB

Download
memory/2544-42-0x00007FF664E10000-0x00007FF665164000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2085-0x00007FF664E10000-0x00007FF665164000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2084-0x00007FF7F4D00000-0x00007FF7F5054000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2076-0x00007FF7F4D00000-0x00007FF7F5054000-memory.dmp

Filesize
3.3MB

Download
memory/2744-48-0x00007FF7F4D00000-0x00007FF7F5054000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2091-0x00007FF6A5850000-0x00007FF6A5BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-748-0x00007FF6A5850000-0x00007FF6A5BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3160-2104-0x00007FF6D0630000-0x00007FF6D0984000-memory.dmp

Filesize
3.3MB

Download
memory/3160-757-0x00007FF6D0630000-0x00007FF6D0984000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2079-0x00007FF7590B0000-0x00007FF759404000-memory.dmp

Filesize
3.3MB

Download
memory/3320-8-0x00007FF7590B0000-0x00007FF759404000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2073-0x00007FF7590B0000-0x00007FF759404000-memory.dmp

Filesize
3.3MB

Download
memory/3484-747-0x00007FF79A520000-0x00007FF79A874000-memory.dmp

Filesize
3.3MB

Download
memory/3484-2093-0x00007FF79A520000-0x00007FF79A874000-memory.dmp

Filesize
3.3MB

Download
memory/3552-751-0x00007FF699E10000-0x00007FF69A164000-memory.dmp

Filesize
3.3MB

Download
memory/3552-2099-0x00007FF699E10000-0x00007FF69A164000-memory.dmp

Filesize
3.3MB

Download
memory/3668-2086-0x00007FF652EE0000-0x00007FF653234000-memory.dmp

Filesize
3.3MB

Download
memory/3668-742-0x00007FF652EE0000-0x00007FF653234000-memory.dmp

Filesize
3.3MB

Download
memory/3964-740-0x00007FF76A6D0000-0x00007FF76AA24000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2098-0x00007FF76A6D0000-0x00007FF76AA24000-memory.dmp

Filesize
3.3MB

Download
memory/4032-754-0x00007FF7F7620000-0x00007FF7F7974000-memory.dmp

Filesize
3.3MB

Download
memory/4032-2101-0x00007FF7F7620000-0x00007FF7F7974000-memory.dmp

Filesize
3.3MB

Download
memory/4080-745-0x00007FF74D790000-0x00007FF74DAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4080-2094-0x00007FF74D790000-0x00007FF74DAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2102-0x00007FF7C10B0000-0x00007FF7C1404000-memory.dmp

Filesize
3.3MB

Download
memory/4292-752-0x00007FF7C10B0000-0x00007FF7C1404000-memory.dmp

Filesize
3.3MB

Download
memory/4296-2096-0x00007FF686300000-0x00007FF686654000-memory.dmp

Filesize
3.3MB

Download
memory/4296-743-0x00007FF686300000-0x00007FF686654000-memory.dmp

Filesize
3.3MB

Download
memory/4348-2092-0x00007FF7C32B0000-0x00007FF7C3604000-memory.dmp

Filesize
3.3MB

Download
memory/4348-746-0x00007FF7C32B0000-0x00007FF7C3604000-memory.dmp

Filesize
3.3MB

Download
memory/4360-37-0x00007FF7FDB10000-0x00007FF7FDE64000-memory.dmp

Filesize
3.3MB

Download
memory/4360-2083-0x00007FF7FDB10000-0x00007FF7FDE64000-memory.dmp

Filesize
3.3MB

Download
memory/4516-749-0x00007FF72C1B0000-0x00007FF72C504000-memory.dmp

Filesize
3.3MB

Download
memory/4516-2090-0x00007FF72C1B0000-0x00007FF72C504000-memory.dmp

Filesize
3.3MB

Download
memory/4592-2100-0x00007FF7FAE40000-0x00007FF7FB194000-memory.dmp

Filesize
3.3MB

Download
memory/4592-753-0x00007FF7FAE40000-0x00007FF7FB194000-memory.dmp

Filesize
3.3MB

Download
memory/4680-771-0x00007FF69FBD0000-0x00007FF69FF24000-memory.dmp

Filesize
3.3MB

Download
memory/4680-2105-0x00007FF69FBD0000-0x00007FF69FF24000-memory.dmp

Filesize
3.3MB

Download
memory/4848-739-0x00007FF62A140000-0x00007FF62A494000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2089-0x00007FF62A140000-0x00007FF62A494000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2078-0x00007FF62A140000-0x00007FF62A494000-memory.dmp

Filesize
3.3MB

Download
memory/4896-741-0x00007FF643C50000-0x00007FF643FA4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2097-0x00007FF643C50000-0x00007FF643FA4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-778-0x00007FF736090000-0x00007FF7363E4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-2088-0x00007FF736090000-0x00007FF7363E4000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2107-0x00007FF794FC0000-0x00007FF795314000-memory.dmp

Filesize
3.3MB

Download
memory/5008-774-0x00007FF794FC0000-0x00007FF795314000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads