xmrig | 887cef9e266cd3db4842982b5cf11ba1d054050bd57e1aab6d64a7800d10911a

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
Size

1.3MB
MD5

3cc73400707b6e51c7dfe1bb396dca50
SHA1

3f3c2441d673c45f1d3a9394dd900f6925853f8e
SHA256

887cef9e266cd3db4842982b5cf11ba1d054050bd57e1aab6d64a7800d10911a
SHA512

9349e59a70236bc2a8fb79c9ae881108f78a4b821cf473868ffa0a4c8e089da7321c7fd37491bfe4a620046d40d4d37568d45ceb878ff6d1b943e9990d501ec6
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727XL1+KvSjsvxP09W4fuiN/NHDF6F7:ROdWCCi7/rahHxxZeLK7

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/4052-69-0x00007FF73B7C0000-0x00007FF73BB11000-memory.dmp	xmrig
behavioral2/memory/4872-84-0x00007FF6DB680000-0x00007FF6DB9D1000-memory.dmp	xmrig
behavioral2/memory/2080-109-0x00007FF69EE80000-0x00007FF69F1D1000-memory.dmp	xmrig
behavioral2/memory/4324-402-0x00007FF7C2D10000-0x00007FF7C3061000-memory.dmp	xmrig
behavioral2/memory/4980-409-0x00007FF710F20000-0x00007FF711271000-memory.dmp	xmrig
behavioral2/memory/4412-415-0x00007FF6D03A0000-0x00007FF6D06F1000-memory.dmp	xmrig
behavioral2/memory/2956-416-0x00007FF77A6D0000-0x00007FF77AA21000-memory.dmp	xmrig
behavioral2/memory/3880-420-0x00007FF7C6850000-0x00007FF7C6BA1000-memory.dmp	xmrig
behavioral2/memory/3996-421-0x00007FF672450000-0x00007FF6727A1000-memory.dmp	xmrig
behavioral2/memory/1876-423-0x00007FF6E1760000-0x00007FF6E1AB1000-memory.dmp	xmrig
behavioral2/memory/8-422-0x00007FF645910000-0x00007FF645C61000-memory.dmp	xmrig
behavioral2/memory/4800-412-0x00007FF6D13B0000-0x00007FF6D1701000-memory.dmp	xmrig
behavioral2/memory/4908-397-0x00007FF621D20000-0x00007FF622071000-memory.dmp	xmrig
behavioral2/memory/1952-395-0x00007FF6E7E20000-0x00007FF6E8171000-memory.dmp	xmrig
behavioral2/memory/1004-993-0x00007FF735C30000-0x00007FF735F81000-memory.dmp	xmrig
behavioral2/memory/2564-1000-0x00007FF6486D0000-0x00007FF648A21000-memory.dmp	xmrig
behavioral2/memory/4780-389-0x00007FF63D830000-0x00007FF63DB81000-memory.dmp	xmrig
behavioral2/memory/3144-110-0x00007FF744160000-0x00007FF7444B1000-memory.dmp	xmrig
behavioral2/memory/2340-102-0x00007FF61E090000-0x00007FF61E3E1000-memory.dmp	xmrig
behavioral2/memory/544-85-0x00007FF7E93B0000-0x00007FF7E9701000-memory.dmp	xmrig
behavioral2/memory/2216-68-0x00007FF614020000-0x00007FF614371000-memory.dmp	xmrig
behavioral2/memory/1848-19-0x00007FF602CC0000-0x00007FF603011000-memory.dmp	xmrig
behavioral2/memory/3424-2187-0x00007FF6FE290000-0x00007FF6FE5E1000-memory.dmp	xmrig
behavioral2/memory/408-2186-0x00007FF6913D0000-0x00007FF691721000-memory.dmp	xmrig
behavioral2/memory/4676-2185-0x00007FF7D12B0000-0x00007FF7D1601000-memory.dmp	xmrig
behavioral2/memory/4296-2188-0x00007FF6BB280000-0x00007FF6BB5D1000-memory.dmp	xmrig
behavioral2/memory/852-2221-0x00007FF74A3C0000-0x00007FF74A711000-memory.dmp	xmrig
behavioral2/memory/4020-2222-0x00007FF719610000-0x00007FF719961000-memory.dmp	xmrig
behavioral2/memory/3216-2224-0x00007FF6A6FA0000-0x00007FF6A72F1000-memory.dmp	xmrig
behavioral2/memory/4860-2223-0x00007FF745120000-0x00007FF745471000-memory.dmp	xmrig
behavioral2/memory/1848-2263-0x00007FF602CC0000-0x00007FF603011000-memory.dmp	xmrig
behavioral2/memory/2080-2265-0x00007FF69EE80000-0x00007FF69F1D1000-memory.dmp	xmrig
behavioral2/memory/2564-2267-0x00007FF6486D0000-0x00007FF648A21000-memory.dmp	xmrig
behavioral2/memory/4676-2271-0x00007FF7D12B0000-0x00007FF7D1601000-memory.dmp	xmrig
behavioral2/memory/1004-2269-0x00007FF735C30000-0x00007FF735F81000-memory.dmp	xmrig
behavioral2/memory/408-2273-0x00007FF6913D0000-0x00007FF691721000-memory.dmp	xmrig
behavioral2/memory/3424-2275-0x00007FF6FE290000-0x00007FF6FE5E1000-memory.dmp	xmrig
behavioral2/memory/2216-2279-0x00007FF614020000-0x00007FF614371000-memory.dmp	xmrig
behavioral2/memory/4296-2283-0x00007FF6BB280000-0x00007FF6BB5D1000-memory.dmp	xmrig
behavioral2/memory/544-2287-0x00007FF7E93B0000-0x00007FF7E9701000-memory.dmp	xmrig
behavioral2/memory/4872-2285-0x00007FF6DB680000-0x00007FF6DB9D1000-memory.dmp	xmrig
behavioral2/memory/852-2281-0x00007FF74A3C0000-0x00007FF74A711000-memory.dmp	xmrig
behavioral2/memory/4860-2289-0x00007FF745120000-0x00007FF745471000-memory.dmp	xmrig
behavioral2/memory/3144-2295-0x00007FF744160000-0x00007FF7444B1000-memory.dmp	xmrig
behavioral2/memory/4780-2297-0x00007FF63D830000-0x00007FF63DB81000-memory.dmp	xmrig
behavioral2/memory/1952-2301-0x00007FF6E7E20000-0x00007FF6E8171000-memory.dmp	xmrig
behavioral2/memory/2956-2313-0x00007FF77A6D0000-0x00007FF77AA21000-memory.dmp	xmrig
behavioral2/memory/3880-2311-0x00007FF7C6850000-0x00007FF7C6BA1000-memory.dmp	xmrig
behavioral2/memory/8-2320-0x00007FF645910000-0x00007FF645C61000-memory.dmp	xmrig
behavioral2/memory/3996-2317-0x00007FF672450000-0x00007FF6727A1000-memory.dmp	xmrig
behavioral2/memory/1876-2315-0x00007FF6E1760000-0x00007FF6E1AB1000-memory.dmp	xmrig
behavioral2/memory/4800-2309-0x00007FF6D13B0000-0x00007FF6D1701000-memory.dmp	xmrig
behavioral2/memory/4412-2307-0x00007FF6D03A0000-0x00007FF6D06F1000-memory.dmp	xmrig
behavioral2/memory/4980-2305-0x00007FF710F20000-0x00007FF711271000-memory.dmp	xmrig
behavioral2/memory/4324-2303-0x00007FF7C2D10000-0x00007FF7C3061000-memory.dmp	xmrig
behavioral2/memory/4908-2299-0x00007FF621D20000-0x00007FF622071000-memory.dmp	xmrig
behavioral2/memory/3216-2293-0x00007FF6A6FA0000-0x00007FF6A72F1000-memory.dmp	xmrig
behavioral2/memory/4020-2291-0x00007FF719610000-0x00007FF719961000-memory.dmp	xmrig
behavioral2/memory/4052-2277-0x00007FF73B7C0000-0x00007FF73BB11000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2080	yjkPqoQ.exe
1848	MrTUROp.exe
2564	nsIYyDS.exe
1004	CLGqdEj.exe
4676	GBIyXdn.exe
408	BCTdwWm.exe
3424	oxOVyWH.exe
2216	saMppGL.exe
4296	cCPwRLa.exe
4052	zglncaa.exe
852	ourdriY.exe
4872	TQIexey.exe
544	KzGPDVS.exe
4860	ymWtbHd.exe
4020	KDlrINz.exe
3216	ExkNTUR.exe
3144	NlwCLAF.exe
4780	QPolLuE.exe
1952	wxcvWai.exe
4908	VuDzydT.exe
4324	ALzSpaN.exe
4980	xEJqtPd.exe
4800	puNhlLj.exe
4412	PbCWgBl.exe
2956	FfJZZNC.exe
3880	ajKdQmD.exe
3996	WCpCjWc.exe
8	nVcbvfI.exe
1876	mZXZYlG.exe
1012	SuPLjoM.exe
3228	AQUiKfv.exe
3960	xLLxUMB.exe
4044	EdgDuQt.exe
3088	GCFRPwj.exe
4808	skmtTlG.exe
3316	kUroRQl.exe
4680	AQGHOjZ.exe
3076	FytYsmz.exe
1552	JNAMeFm.exe
908	HThtlFV.exe
372	aNWldWh.exe
1496	ZKdAsnN.exe
4312	LardBYi.exe
4804	buJzcpW.exe
460	GDMvGPT.exe
4424	lxnKrEe.exe
3524	lGFdTRt.exe
4492	ILfQdQa.exe
2356	RWMgUZp.exe
2424	ksxcnAa.exe
1708	RRhMwKD.exe
4244	tJsYBOV.exe
4360	wYHVTSQ.exe
3204	LMWvkIh.exe
4916	wobExAl.exe
4200	dhJlslC.exe
3276	uHPkVdK.exe
4160	haSjmwz.exe
4848	rKRGPRt.exe
2436	jgTivLJ.exe
3148	cNUxucp.exe
4040	nUzJBQp.exe
3252	wkzaDnw.exe
1092	KXBhqqs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2340-0-0x00007FF61E090000-0x00007FF61E3E1000-memory.dmp	upx
behavioral2/files/0x0007000000023417-7.dat	upx
behavioral2/files/0x0007000000023416-9.dat	upx
behavioral2/memory/1004-21-0x00007FF735C30000-0x00007FF735F81000-memory.dmp	upx
behavioral2/files/0x0007000000023419-37.dat	upx
behavioral2/files/0x000700000002341e-52.dat	upx
behavioral2/files/0x000700000002341f-58.dat	upx
behavioral2/files/0x000700000002341d-57.dat	upx
behavioral2/files/0x0007000000023420-65.dat	upx
behavioral2/memory/4052-69-0x00007FF73B7C0000-0x00007FF73BB11000-memory.dmp	upx
behavioral2/memory/4872-84-0x00007FF6DB680000-0x00007FF6DB9D1000-memory.dmp	upx
behavioral2/memory/3216-101-0x00007FF6A6FA0000-0x00007FF6A72F1000-memory.dmp	upx
behavioral2/memory/2080-109-0x00007FF69EE80000-0x00007FF69F1D1000-memory.dmp	upx
behavioral2/files/0x0007000000023429-135.dat	upx
behavioral2/files/0x000700000002342b-145.dat	upx
behavioral2/files/0x0007000000023432-172.dat	upx
behavioral2/memory/4324-402-0x00007FF7C2D10000-0x00007FF7C3061000-memory.dmp	upx
behavioral2/memory/4980-409-0x00007FF710F20000-0x00007FF711271000-memory.dmp	upx
behavioral2/memory/4412-415-0x00007FF6D03A0000-0x00007FF6D06F1000-memory.dmp	upx
behavioral2/memory/2956-416-0x00007FF77A6D0000-0x00007FF77AA21000-memory.dmp	upx
behavioral2/memory/3880-420-0x00007FF7C6850000-0x00007FF7C6BA1000-memory.dmp	upx
behavioral2/memory/3996-421-0x00007FF672450000-0x00007FF6727A1000-memory.dmp	upx
behavioral2/memory/1876-423-0x00007FF6E1760000-0x00007FF6E1AB1000-memory.dmp	upx
behavioral2/memory/8-422-0x00007FF645910000-0x00007FF645C61000-memory.dmp	upx
behavioral2/memory/4800-412-0x00007FF6D13B0000-0x00007FF6D1701000-memory.dmp	upx
behavioral2/memory/4908-397-0x00007FF621D20000-0x00007FF622071000-memory.dmp	upx
behavioral2/memory/1952-395-0x00007FF6E7E20000-0x00007FF6E8171000-memory.dmp	upx
behavioral2/memory/1004-993-0x00007FF735C30000-0x00007FF735F81000-memory.dmp	upx
behavioral2/memory/2564-1000-0x00007FF6486D0000-0x00007FF648A21000-memory.dmp	upx
behavioral2/memory/4780-389-0x00007FF63D830000-0x00007FF63DB81000-memory.dmp	upx
behavioral2/files/0x0007000000023434-182.dat	upx
behavioral2/files/0x0007000000023433-177.dat	upx
behavioral2/files/0x0007000000023431-175.dat	upx
behavioral2/files/0x0007000000023430-170.dat	upx
behavioral2/files/0x000700000002342f-165.dat	upx
behavioral2/files/0x000700000002342e-160.dat	upx
behavioral2/files/0x000700000002342d-155.dat	upx
behavioral2/files/0x000700000002342c-150.dat	upx
behavioral2/files/0x000700000002342a-140.dat	upx
behavioral2/files/0x0007000000023428-130.dat	upx
behavioral2/files/0x0007000000023427-125.dat	upx
behavioral2/files/0x0007000000023426-120.dat	upx
behavioral2/files/0x0008000000023413-118.dat	upx
behavioral2/memory/3144-110-0x00007FF744160000-0x00007FF7444B1000-memory.dmp	upx
behavioral2/files/0x0007000000023425-107.dat	upx
behavioral2/files/0x0007000000023424-103.dat	upx
behavioral2/memory/2340-102-0x00007FF61E090000-0x00007FF61E3E1000-memory.dmp	upx
behavioral2/files/0x0007000000023423-97.dat	upx
behavioral2/memory/4020-95-0x00007FF719610000-0x00007FF719961000-memory.dmp	upx
behavioral2/files/0x0007000000023422-90.dat	upx
behavioral2/memory/4860-88-0x00007FF745120000-0x00007FF745471000-memory.dmp	upx
behavioral2/memory/544-85-0x00007FF7E93B0000-0x00007FF7E9701000-memory.dmp	upx
behavioral2/memory/852-79-0x00007FF74A3C0000-0x00007FF74A711000-memory.dmp	upx
behavioral2/files/0x0007000000023421-73.dat	upx
behavioral2/memory/2216-68-0x00007FF614020000-0x00007FF614371000-memory.dmp	upx
behavioral2/memory/4296-61-0x00007FF6BB280000-0x00007FF6BB5D1000-memory.dmp	upx
behavioral2/files/0x000700000002341c-56.dat	upx
behavioral2/memory/3424-55-0x00007FF6FE290000-0x00007FF6FE5E1000-memory.dmp	upx
behavioral2/memory/408-50-0x00007FF6913D0000-0x00007FF691721000-memory.dmp	upx
behavioral2/files/0x000700000002341b-44.dat	upx
behavioral2/files/0x000700000002341a-40.dat	upx
behavioral2/files/0x0007000000023418-34.dat	upx
behavioral2/memory/4676-30-0x00007FF7D12B0000-0x00007FF7D1601000-memory.dmp	upx
behavioral2/memory/1848-19-0x00007FF602CC0000-0x00007FF603011000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VAowYdO.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\PJASuDS.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\PaJxwFP.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\FBtYhNb.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\CIlmbkK.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\SuPLjoM.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\TXTmkPc.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\NgBCTWU.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\SpIpRbQ.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\mhaSKGx.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\PirYFGl.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\MDYeVyp.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\pLWVapK.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\izPJrKY.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\kUroRQl.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\cNUxucp.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\xJzYaQa.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\uDGyMcq.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\RHodKnn.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\GHSlkBC.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\CLGqdEj.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\uVNAHgm.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\JzhUymE.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\myKAoLR.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\NInLdnm.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\aMpHIJc.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\MgqzHlS.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\doMzakh.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\hBARmvD.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\cCmgUWc.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\heNyPOk.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\XKsLzpf.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\zVucKYK.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\WUETtSf.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\PBQQOwW.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\GZGIVYU.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\nyONDFj.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\OJlVUMv.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\tvmncgF.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\MLrJkLr.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\TQIexey.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\LardBYi.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\jxRgCvO.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\yxqNoZN.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\JlrQruk.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\IYmcaUU.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\SKpsztg.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\GJVKFcZ.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\JSVjAoU.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\wkxCKAN.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\ntzLoLu.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\SbNAmBh.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\edhqToL.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\LPpuEEa.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\NjPdknW.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\ZkHiWHt.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\qRhDOad.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\XFHWIXu.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\OxMmZkl.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\dAbGmZr.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\GoZIUnA.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\tnoaVUu.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\JicpYZf.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
File created	C:\Windows\System\UAlmYst.exe	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14776	dwm.exe
Token: SeChangeNotifyPrivilege	14776	dwm.exe
Token: 33	14776	dwm.exe
Token: SeIncBasePriorityPrivilege	14776	dwm.exe
Token: SeShutdownPrivilege	14776	dwm.exe
Token: SeCreatePagefilePrivilege	14776	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2080	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	83
PID 2340 wrote to memory of 2080	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	83
PID 2340 wrote to memory of 1848	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	84
PID 2340 wrote to memory of 1848	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	84
PID 2340 wrote to memory of 2564	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	85
PID 2340 wrote to memory of 2564	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	85
PID 2340 wrote to memory of 1004	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	86
PID 2340 wrote to memory of 1004	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	86
PID 2340 wrote to memory of 4676	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	87
PID 2340 wrote to memory of 4676	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	87
PID 2340 wrote to memory of 408	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	88
PID 2340 wrote to memory of 408	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	88
PID 2340 wrote to memory of 3424	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	89
PID 2340 wrote to memory of 3424	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	89
PID 2340 wrote to memory of 2216	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	90
PID 2340 wrote to memory of 2216	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	90
PID 2340 wrote to memory of 4296	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	91
PID 2340 wrote to memory of 4296	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	91
PID 2340 wrote to memory of 4052	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	92
PID 2340 wrote to memory of 4052	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	92
PID 2340 wrote to memory of 852	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	93
PID 2340 wrote to memory of 852	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	93
PID 2340 wrote to memory of 4872	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	94
PID 2340 wrote to memory of 4872	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	94
PID 2340 wrote to memory of 544	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	95
PID 2340 wrote to memory of 544	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	95
PID 2340 wrote to memory of 4860	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	96
PID 2340 wrote to memory of 4860	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	96
PID 2340 wrote to memory of 4020	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	97
PID 2340 wrote to memory of 4020	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	97
PID 2340 wrote to memory of 3216	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	98
PID 2340 wrote to memory of 3216	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	98
PID 2340 wrote to memory of 3144	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	99
PID 2340 wrote to memory of 3144	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	99
PID 2340 wrote to memory of 1952	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	100
PID 2340 wrote to memory of 1952	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	100
PID 2340 wrote to memory of 4780	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	101
PID 2340 wrote to memory of 4780	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	101
PID 2340 wrote to memory of 4908	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	102
PID 2340 wrote to memory of 4908	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	102
PID 2340 wrote to memory of 4324	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	103
PID 2340 wrote to memory of 4324	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	103
PID 2340 wrote to memory of 4980	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	104
PID 2340 wrote to memory of 4980	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	104
PID 2340 wrote to memory of 4800	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	105
PID 2340 wrote to memory of 4800	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	105
PID 2340 wrote to memory of 4412	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	106
PID 2340 wrote to memory of 4412	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	106
PID 2340 wrote to memory of 2956	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	107
PID 2340 wrote to memory of 2956	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	107
PID 2340 wrote to memory of 3880	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	108
PID 2340 wrote to memory of 3880	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	108
PID 2340 wrote to memory of 3996	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	109
PID 2340 wrote to memory of 3996	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	109
PID 2340 wrote to memory of 8	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	110
PID 2340 wrote to memory of 8	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	110
PID 2340 wrote to memory of 1876	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	111
PID 2340 wrote to memory of 1876	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	111
PID 2340 wrote to memory of 1012	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	112
PID 2340 wrote to memory of 1012	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	112
PID 2340 wrote to memory of 3228	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	113
PID 2340 wrote to memory of 3228	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	113
PID 2340 wrote to memory of 3960	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	114
PID 2340 wrote to memory of 3960	2340	3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3cc73400707b6e51c7dfe1bb396dca50_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\System\yjkPqoQ.exe
  C:\Windows\System\yjkPqoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\MrTUROp.exe
  C:\Windows\System\MrTUROp.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\nsIYyDS.exe
  C:\Windows\System\nsIYyDS.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\CLGqdEj.exe
  C:\Windows\System\CLGqdEj.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\GBIyXdn.exe
  C:\Windows\System\GBIyXdn.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\BCTdwWm.exe
  C:\Windows\System\BCTdwWm.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\oxOVyWH.exe
  C:\Windows\System\oxOVyWH.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\saMppGL.exe
  C:\Windows\System\saMppGL.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\cCPwRLa.exe
  C:\Windows\System\cCPwRLa.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\zglncaa.exe
  C:\Windows\System\zglncaa.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\ourdriY.exe
  C:\Windows\System\ourdriY.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\TQIexey.exe
  C:\Windows\System\TQIexey.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\KzGPDVS.exe
  C:\Windows\System\KzGPDVS.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\ymWtbHd.exe
  C:\Windows\System\ymWtbHd.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\KDlrINz.exe
  C:\Windows\System\KDlrINz.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\ExkNTUR.exe
  C:\Windows\System\ExkNTUR.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\NlwCLAF.exe
  C:\Windows\System\NlwCLAF.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\wxcvWai.exe
  C:\Windows\System\wxcvWai.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\QPolLuE.exe
  C:\Windows\System\QPolLuE.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\VuDzydT.exe
  C:\Windows\System\VuDzydT.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\ALzSpaN.exe
  C:\Windows\System\ALzSpaN.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\xEJqtPd.exe
  C:\Windows\System\xEJqtPd.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\puNhlLj.exe
  C:\Windows\System\puNhlLj.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\PbCWgBl.exe
  C:\Windows\System\PbCWgBl.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\FfJZZNC.exe
  C:\Windows\System\FfJZZNC.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\ajKdQmD.exe
  C:\Windows\System\ajKdQmD.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\WCpCjWc.exe
  C:\Windows\System\WCpCjWc.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\nVcbvfI.exe
  C:\Windows\System\nVcbvfI.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\mZXZYlG.exe
  C:\Windows\System\mZXZYlG.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\SuPLjoM.exe
  C:\Windows\System\SuPLjoM.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\AQUiKfv.exe
  C:\Windows\System\AQUiKfv.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\xLLxUMB.exe
  C:\Windows\System\xLLxUMB.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\EdgDuQt.exe
  C:\Windows\System\EdgDuQt.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\GCFRPwj.exe
  C:\Windows\System\GCFRPwj.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\skmtTlG.exe
  C:\Windows\System\skmtTlG.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\kUroRQl.exe
  C:\Windows\System\kUroRQl.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\AQGHOjZ.exe
  C:\Windows\System\AQGHOjZ.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\FytYsmz.exe
  C:\Windows\System\FytYsmz.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\JNAMeFm.exe
  C:\Windows\System\JNAMeFm.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\HThtlFV.exe
  C:\Windows\System\HThtlFV.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\aNWldWh.exe
  C:\Windows\System\aNWldWh.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\ZKdAsnN.exe
  C:\Windows\System\ZKdAsnN.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\LardBYi.exe
  C:\Windows\System\LardBYi.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\buJzcpW.exe
  C:\Windows\System\buJzcpW.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\GDMvGPT.exe
  C:\Windows\System\GDMvGPT.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\lxnKrEe.exe
  C:\Windows\System\lxnKrEe.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\lGFdTRt.exe
  C:\Windows\System\lGFdTRt.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\ILfQdQa.exe
  C:\Windows\System\ILfQdQa.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\RWMgUZp.exe
  C:\Windows\System\RWMgUZp.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\ksxcnAa.exe
  C:\Windows\System\ksxcnAa.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\RRhMwKD.exe
  C:\Windows\System\RRhMwKD.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\tJsYBOV.exe
  C:\Windows\System\tJsYBOV.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\wYHVTSQ.exe
  C:\Windows\System\wYHVTSQ.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\LMWvkIh.exe
  C:\Windows\System\LMWvkIh.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\wobExAl.exe
  C:\Windows\System\wobExAl.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\dhJlslC.exe
  C:\Windows\System\dhJlslC.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\uHPkVdK.exe
  C:\Windows\System\uHPkVdK.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\haSjmwz.exe
  C:\Windows\System\haSjmwz.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\rKRGPRt.exe
  C:\Windows\System\rKRGPRt.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\jgTivLJ.exe
  C:\Windows\System\jgTivLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\cNUxucp.exe
  C:\Windows\System\cNUxucp.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\nUzJBQp.exe
  C:\Windows\System\nUzJBQp.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\wkzaDnw.exe
  C:\Windows\System\wkzaDnw.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\KXBhqqs.exe
  C:\Windows\System\KXBhqqs.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\SggDjhp.exe
  C:\Windows\System\SggDjhp.exe
  2⤵
  PID:232
- C:\Windows\System\maJHUrm.exe
  C:\Windows\System\maJHUrm.exe
  2⤵
  PID:444
- C:\Windows\System\jKxDgye.exe
  C:\Windows\System\jKxDgye.exe
  2⤵
  PID:4596
- C:\Windows\System\heLXjpC.exe
  C:\Windows\System\heLXjpC.exe
  2⤵
  PID:4816
- C:\Windows\System\XYhhYfS.exe
  C:\Windows\System\XYhhYfS.exe
  2⤵
  PID:2960
- C:\Windows\System\ZkWbeNe.exe
  C:\Windows\System\ZkWbeNe.exe
  2⤵
  PID:4792
- C:\Windows\System\lhxaTIm.exe
  C:\Windows\System\lhxaTIm.exe
  2⤵
  PID:4444
- C:\Windows\System\mIuvzZH.exe
  C:\Windows\System\mIuvzZH.exe
  2⤵
  PID:3372
- C:\Windows\System\tSyQHwT.exe
  C:\Windows\System\tSyQHwT.exe
  2⤵
  PID:1712
- C:\Windows\System\vnLMiPC.exe
  C:\Windows\System\vnLMiPC.exe
  2⤵
  PID:2496
- C:\Windows\System\gOjojfX.exe
  C:\Windows\System\gOjojfX.exe
  2⤵
  PID:396
- C:\Windows\System\GJNQQwo.exe
  C:\Windows\System\GJNQQwo.exe
  2⤵
  PID:4032
- C:\Windows\System\LkdIlUK.exe
  C:\Windows\System\LkdIlUK.exe
  2⤵
  PID:5140
- C:\Windows\System\AnIBecX.exe
  C:\Windows\System\AnIBecX.exe
  2⤵
  PID:5168
- C:\Windows\System\xRHdtNs.exe
  C:\Windows\System\xRHdtNs.exe
  2⤵
  PID:5196
- C:\Windows\System\yjawhzi.exe
  C:\Windows\System\yjawhzi.exe
  2⤵
  PID:5224
- C:\Windows\System\SbNAmBh.exe
  C:\Windows\System\SbNAmBh.exe
  2⤵
  PID:5252
- C:\Windows\System\VLeQzzI.exe
  C:\Windows\System\VLeQzzI.exe
  2⤵
  PID:5280
- C:\Windows\System\BmWZEeA.exe
  C:\Windows\System\BmWZEeA.exe
  2⤵
  PID:5308
- C:\Windows\System\XmfXRSH.exe
  C:\Windows\System\XmfXRSH.exe
  2⤵
  PID:5332
- C:\Windows\System\nVbmOuB.exe
  C:\Windows\System\nVbmOuB.exe
  2⤵
  PID:5364
- C:\Windows\System\WMgGyFN.exe
  C:\Windows\System\WMgGyFN.exe
  2⤵
  PID:5392
- C:\Windows\System\MqqJDsq.exe
  C:\Windows\System\MqqJDsq.exe
  2⤵
  PID:5420
- C:\Windows\System\pMDuQPn.exe
  C:\Windows\System\pMDuQPn.exe
  2⤵
  PID:5452
- C:\Windows\System\HDXDvyT.exe
  C:\Windows\System\HDXDvyT.exe
  2⤵
  PID:5476
- C:\Windows\System\yWchwXq.exe
  C:\Windows\System\yWchwXq.exe
  2⤵
  PID:5504
- C:\Windows\System\fCFFwnp.exe
  C:\Windows\System\fCFFwnp.exe
  2⤵
  PID:5532
- C:\Windows\System\XlLfClW.exe
  C:\Windows\System\XlLfClW.exe
  2⤵
  PID:5564
- C:\Windows\System\ucRAjPA.exe
  C:\Windows\System\ucRAjPA.exe
  2⤵
  PID:5592
- C:\Windows\System\nOXGNlj.exe
  C:\Windows\System\nOXGNlj.exe
  2⤵
  PID:5616
- C:\Windows\System\LFSmSBf.exe
  C:\Windows\System\LFSmSBf.exe
  2⤵
  PID:5648
- C:\Windows\System\MvkFLda.exe
  C:\Windows\System\MvkFLda.exe
  2⤵
  PID:5672
- C:\Windows\System\gwbcOtr.exe
  C:\Windows\System\gwbcOtr.exe
  2⤵
  PID:5732
- C:\Windows\System\NAcKrNC.exe
  C:\Windows\System\NAcKrNC.exe
  2⤵
  PID:5752
- C:\Windows\System\Yyrnxtc.exe
  C:\Windows\System\Yyrnxtc.exe
  2⤵
  PID:5768
- C:\Windows\System\WyYCzwc.exe
  C:\Windows\System\WyYCzwc.exe
  2⤵
  PID:5792
- C:\Windows\System\zCSOdYU.exe
  C:\Windows\System\zCSOdYU.exe
  2⤵
  PID:5812
- C:\Windows\System\UnDHvZT.exe
  C:\Windows\System\UnDHvZT.exe
  2⤵
  PID:5840
- C:\Windows\System\zKMUNwP.exe
  C:\Windows\System\zKMUNwP.exe
  2⤵
  PID:5868
- C:\Windows\System\SZvVQAw.exe
  C:\Windows\System\SZvVQAw.exe
  2⤵
  PID:5916
- C:\Windows\System\Ymnckpv.exe
  C:\Windows\System\Ymnckpv.exe
  2⤵
  PID:5936
- C:\Windows\System\fHVxdTY.exe
  C:\Windows\System\fHVxdTY.exe
  2⤵
  PID:5968
- C:\Windows\System\GoZIUnA.exe
  C:\Windows\System\GoZIUnA.exe
  2⤵
  PID:6008
- C:\Windows\System\bsYgBxm.exe
  C:\Windows\System\bsYgBxm.exe
  2⤵
  PID:6048
- C:\Windows\System\qvIugvp.exe
  C:\Windows\System\qvIugvp.exe
  2⤵
  PID:6072
- C:\Windows\System\dCSqDsT.exe
  C:\Windows\System\dCSqDsT.exe
  2⤵
  PID:6132
- C:\Windows\System\rEOBcVG.exe
  C:\Windows\System\rEOBcVG.exe
  2⤵
  PID:4580
- C:\Windows\System\XKsLzpf.exe
  C:\Windows\System\XKsLzpf.exe
  2⤵
  PID:3644
- C:\Windows\System\VMUbQVG.exe
  C:\Windows\System\VMUbQVG.exe
  2⤵
  PID:2996
- C:\Windows\System\ayTjJtm.exe
  C:\Windows\System\ayTjJtm.exe
  2⤵
  PID:5152
- C:\Windows\System\SwUCKrU.exe
  C:\Windows\System\SwUCKrU.exe
  2⤵
  PID:5208
- C:\Windows\System\azwJMrF.exe
  C:\Windows\System\azwJMrF.exe
  2⤵
  PID:5244
- C:\Windows\System\FgdSDtA.exe
  C:\Windows\System\FgdSDtA.exe
  2⤵
  PID:5296
- C:\Windows\System\yrVzBVN.exe
  C:\Windows\System\yrVzBVN.exe
  2⤵
  PID:3688
- C:\Windows\System\zlKzIMv.exe
  C:\Windows\System\zlKzIMv.exe
  2⤵
  PID:5376
- C:\Windows\System\zxGXZci.exe
  C:\Windows\System\zxGXZci.exe
  2⤵
  PID:5404
- C:\Windows\System\CcOFdwB.exe
  C:\Windows\System\CcOFdwB.exe
  2⤵
  PID:3356
- C:\Windows\System\PLPrZIt.exe
  C:\Windows\System\PLPrZIt.exe
  2⤵
  PID:5552
- C:\Windows\System\ywUZQlm.exe
  C:\Windows\System\ywUZQlm.exe
  2⤵
  PID:5612
- C:\Windows\System\IVHaYrd.exe
  C:\Windows\System\IVHaYrd.exe
  2⤵
  PID:5664
- C:\Windows\System\QQbjKvt.exe
  C:\Windows\System\QQbjKvt.exe
  2⤵
  PID:5704
- C:\Windows\System\xVJTakq.exe
  C:\Windows\System\xVJTakq.exe
  2⤵
  PID:5760
- C:\Windows\System\CMonTqo.exe
  C:\Windows\System\CMonTqo.exe
  2⤵
  PID:5780
- C:\Windows\System\jYQRUGV.exe
  C:\Windows\System\jYQRUGV.exe
  2⤵
  PID:3048
- C:\Windows\System\VSmiTqH.exe
  C:\Windows\System\VSmiTqH.exe
  2⤵
  PID:1212
- C:\Windows\System\VtUOtue.exe
  C:\Windows\System\VtUOtue.exe
  2⤵
  PID:5888
- C:\Windows\System\jQDQjSK.exe
  C:\Windows\System\jQDQjSK.exe
  2⤵
  PID:4476
- C:\Windows\System\DzYeFlh.exe
  C:\Windows\System\DzYeFlh.exe
  2⤵
  PID:1716
- C:\Windows\System\EIAYyKt.exe
  C:\Windows\System\EIAYyKt.exe
  2⤵
  PID:6016
- C:\Windows\System\TvwzRfL.exe
  C:\Windows\System\TvwzRfL.exe
  2⤵
  PID:6044
- C:\Windows\System\vXPSNyG.exe
  C:\Windows\System\vXPSNyG.exe
  2⤵
  PID:6064
- C:\Windows\System\dmwJcwz.exe
  C:\Windows\System\dmwJcwz.exe
  2⤵
  PID:1140
- C:\Windows\System\MoBuNdI.exe
  C:\Windows\System\MoBuNdI.exe
  2⤵
  PID:4560
- C:\Windows\System\eyWtZqs.exe
  C:\Windows\System\eyWtZqs.exe
  2⤵
  PID:6116
- C:\Windows\System\ZGUcklo.exe
  C:\Windows\System\ZGUcklo.exe
  2⤵
  PID:2388
- C:\Windows\System\HfNECGe.exe
  C:\Windows\System\HfNECGe.exe
  2⤵
  PID:4756
- C:\Windows\System\UAlmYst.exe
  C:\Windows\System\UAlmYst.exe
  2⤵
  PID:1364
- C:\Windows\System\mVFscem.exe
  C:\Windows\System\mVFscem.exe
  2⤵
  PID:5328
- C:\Windows\System\CpnqmoV.exe
  C:\Windows\System\CpnqmoV.exe
  2⤵
  PID:5384
- C:\Windows\System\jxRgCvO.exe
  C:\Windows\System\jxRgCvO.exe
  2⤵
  PID:5496
- C:\Windows\System\JwQIikv.exe
  C:\Windows\System\JwQIikv.exe
  2⤵
  PID:5608
- C:\Windows\System\usIaBpu.exe
  C:\Windows\System\usIaBpu.exe
  2⤵
  PID:5744
- C:\Windows\System\edhqToL.exe
  C:\Windows\System\edhqToL.exe
  2⤵
  PID:5900
- C:\Windows\System\TXTmkPc.exe
  C:\Windows\System\TXTmkPc.exe
  2⤵
  PID:5948
- C:\Windows\System\qSbbhEc.exe
  C:\Windows\System\qSbbhEc.exe
  2⤵
  PID:4008
- C:\Windows\System\ERvUoiF.exe
  C:\Windows\System\ERvUoiF.exe
  2⤵
  PID:5024
- C:\Windows\System\EPWvhOj.exe
  C:\Windows\System\EPWvhOj.exe
  2⤵
  PID:1520
- C:\Windows\System\vNISGGN.exe
  C:\Windows\System\vNISGGN.exe
  2⤵
  PID:2512
- C:\Windows\System\DJbIgjQ.exe
  C:\Windows\System\DJbIgjQ.exe
  2⤵
  PID:5128
- C:\Windows\System\hNfOSPD.exe
  C:\Windows\System\hNfOSPD.exe
  2⤵
  PID:3800
- C:\Windows\System\YOuDMSN.exe
  C:\Windows\System\YOuDMSN.exe
  2⤵
  PID:508
- C:\Windows\System\KPdeJnE.exe
  C:\Windows\System\KPdeJnE.exe
  2⤵
  PID:5692
- C:\Windows\System\OTVUkzt.exe
  C:\Windows\System\OTVUkzt.exe
  2⤵
  PID:5804
- C:\Windows\System\REtkYTj.exe
  C:\Windows\System\REtkYTj.exe
  2⤵
  PID:5856
- C:\Windows\System\EkzNuIc.exe
  C:\Windows\System\EkzNuIc.exe
  2⤵
  PID:5988
- C:\Windows\System\HStGcrH.exe
  C:\Windows\System\HStGcrH.exe
  2⤵
  PID:5436
- C:\Windows\System\OhdATyt.exe
  C:\Windows\System\OhdATyt.exe
  2⤵
  PID:1624
- C:\Windows\System\TvfEVpD.exe
  C:\Windows\System\TvfEVpD.exe
  2⤵
  PID:5688
- C:\Windows\System\EsaSyed.exe
  C:\Windows\System\EsaSyed.exe
  2⤵
  PID:6004
- C:\Windows\System\TeYfJAM.exe
  C:\Windows\System\TeYfJAM.exe
  2⤵
  PID:6160
- C:\Windows\System\yrneSmF.exe
  C:\Windows\System\yrneSmF.exe
  2⤵
  PID:6176
- C:\Windows\System\BFIdlXN.exe
  C:\Windows\System\BFIdlXN.exe
  2⤵
  PID:6208
- C:\Windows\System\fRETVga.exe
  C:\Windows\System\fRETVga.exe
  2⤵
  PID:6232
- C:\Windows\System\giuRytR.exe
  C:\Windows\System\giuRytR.exe
  2⤵
  PID:6256
- C:\Windows\System\AkkxgAr.exe
  C:\Windows\System\AkkxgAr.exe
  2⤵
  PID:6276
- C:\Windows\System\MgqzHlS.exe
  C:\Windows\System\MgqzHlS.exe
  2⤵
  PID:6296
- C:\Windows\System\ltxgoMh.exe
  C:\Windows\System\ltxgoMh.exe
  2⤵
  PID:6320
- C:\Windows\System\Jbacpgn.exe
  C:\Windows\System\Jbacpgn.exe
  2⤵
  PID:6344
- C:\Windows\System\LPpuEEa.exe
  C:\Windows\System\LPpuEEa.exe
  2⤵
  PID:6400
- C:\Windows\System\bFYkITl.exe
  C:\Windows\System\bFYkITl.exe
  2⤵
  PID:6424
- C:\Windows\System\vKGrFwV.exe
  C:\Windows\System\vKGrFwV.exe
  2⤵
  PID:6444
- C:\Windows\System\quqzuMC.exe
  C:\Windows\System\quqzuMC.exe
  2⤵
  PID:6484
- C:\Windows\System\bbGATYw.exe
  C:\Windows\System\bbGATYw.exe
  2⤵
  PID:6500
- C:\Windows\System\rLOjEgp.exe
  C:\Windows\System\rLOjEgp.exe
  2⤵
  PID:6544
- C:\Windows\System\HXUxmid.exe
  C:\Windows\System\HXUxmid.exe
  2⤵
  PID:6576
- C:\Windows\System\hnTxPsW.exe
  C:\Windows\System\hnTxPsW.exe
  2⤵
  PID:6596
- C:\Windows\System\mjMClOX.exe
  C:\Windows\System\mjMClOX.exe
  2⤵
  PID:6628
- C:\Windows\System\ADjTveF.exe
  C:\Windows\System\ADjTveF.exe
  2⤵
  PID:6652
- C:\Windows\System\NjPdknW.exe
  C:\Windows\System\NjPdknW.exe
  2⤵
  PID:6672
- C:\Windows\System\UaNKwQV.exe
  C:\Windows\System\UaNKwQV.exe
  2⤵
  PID:6696
- C:\Windows\System\raASJfx.exe
  C:\Windows\System\raASJfx.exe
  2⤵
  PID:6728
- C:\Windows\System\AAIwGym.exe
  C:\Windows\System\AAIwGym.exe
  2⤵
  PID:6760
- C:\Windows\System\dyosjia.exe
  C:\Windows\System\dyosjia.exe
  2⤵
  PID:6788
- C:\Windows\System\YYXUgeC.exe
  C:\Windows\System\YYXUgeC.exe
  2⤵
  PID:6816
- C:\Windows\System\gjLRQIM.exe
  C:\Windows\System\gjLRQIM.exe
  2⤵
  PID:6832
- C:\Windows\System\JzdUfTA.exe
  C:\Windows\System\JzdUfTA.exe
  2⤵
  PID:6852
- C:\Windows\System\uVNAHgm.exe
  C:\Windows\System\uVNAHgm.exe
  2⤵
  PID:6872
- C:\Windows\System\xZQbwHd.exe
  C:\Windows\System\xZQbwHd.exe
  2⤵
  PID:7008
- C:\Windows\System\CdYTAvm.exe
  C:\Windows\System\CdYTAvm.exe
  2⤵
  PID:7024
- C:\Windows\System\ffFXwGB.exe
  C:\Windows\System\ffFXwGB.exe
  2⤵
  PID:7044
- C:\Windows\System\XGeNFYg.exe
  C:\Windows\System\XGeNFYg.exe
  2⤵
  PID:7068
- C:\Windows\System\OuAILoy.exe
  C:\Windows\System\OuAILoy.exe
  2⤵
  PID:7108
- C:\Windows\System\BnrQqDy.exe
  C:\Windows\System\BnrQqDy.exe
  2⤵
  PID:7144
- C:\Windows\System\fcZaHFV.exe
  C:\Windows\System\fcZaHFV.exe
  2⤵
  PID:5028
- C:\Windows\System\gzwcPPn.exe
  C:\Windows\System\gzwcPPn.exe
  2⤵
  PID:6148
- C:\Windows\System\cvPgeaC.exe
  C:\Windows\System\cvPgeaC.exe
  2⤵
  PID:6220
- C:\Windows\System\NTrbjym.exe
  C:\Windows\System\NTrbjym.exe
  2⤵
  PID:6272
- C:\Windows\System\CsGvDHC.exe
  C:\Windows\System\CsGvDHC.exe
  2⤵
  PID:6312
- C:\Windows\System\yxqNoZN.exe
  C:\Windows\System\yxqNoZN.exe
  2⤵
  PID:6384
- C:\Windows\System\qfBbJfS.exe
  C:\Windows\System\qfBbJfS.exe
  2⤵
  PID:6496
- C:\Windows\System\JweklaM.exe
  C:\Windows\System\JweklaM.exe
  2⤵
  PID:6552
- C:\Windows\System\FBdODLH.exe
  C:\Windows\System\FBdODLH.exe
  2⤵
  PID:6612
- C:\Windows\System\tTzeXMg.exe
  C:\Windows\System\tTzeXMg.exe
  2⤵
  PID:6644
- C:\Windows\System\duyYUAF.exe
  C:\Windows\System\duyYUAF.exe
  2⤵
  PID:6680
- C:\Windows\System\XuPnhUd.exe
  C:\Windows\System\XuPnhUd.exe
  2⤵
  PID:5996
- C:\Windows\System\oWIgWkz.exe
  C:\Windows\System\oWIgWkz.exe
  2⤵
  PID:6828
- C:\Windows\System\YIKvwkW.exe
  C:\Windows\System\YIKvwkW.exe
  2⤵
  PID:6908
- C:\Windows\System\RmGoXUW.exe
  C:\Windows\System\RmGoXUW.exe
  2⤵
  PID:5092
- C:\Windows\System\JDpYWPm.exe
  C:\Windows\System\JDpYWPm.exe
  2⤵
  PID:7064
- C:\Windows\System\NxUcKGW.exe
  C:\Windows\System\NxUcKGW.exe
  2⤵
  PID:7088
- C:\Windows\System\WWJgjDs.exe
  C:\Windows\System\WWJgjDs.exe
  2⤵
  PID:5124
- C:\Windows\System\EFTXqPF.exe
  C:\Windows\System\EFTXqPF.exe
  2⤵
  PID:6268
- C:\Windows\System\WzHbqoL.exe
  C:\Windows\System\WzHbqoL.exe
  2⤵
  PID:6464
- C:\Windows\System\RgbjKAs.exe
  C:\Windows\System\RgbjKAs.exe
  2⤵
  PID:6592
- C:\Windows\System\VdEbeCZ.exe
  C:\Windows\System\VdEbeCZ.exe
  2⤵
  PID:6668
- C:\Windows\System\GHuzzkQ.exe
  C:\Windows\System\GHuzzkQ.exe
  2⤵
  PID:6808
- C:\Windows\System\uqBJzNh.exe
  C:\Windows\System\uqBJzNh.exe
  2⤵
  PID:6972
- C:\Windows\System\yTrQzkL.exe
  C:\Windows\System\yTrQzkL.exe
  2⤵
  PID:6196
- C:\Windows\System\sAjLmKS.exe
  C:\Windows\System\sAjLmKS.exe
  2⤵
  PID:6416
- C:\Windows\System\PZEfgvj.exe
  C:\Windows\System\PZEfgvj.exe
  2⤵
  PID:6292
- C:\Windows\System\SDDHrGx.exe
  C:\Windows\System\SDDHrGx.exe
  2⤵
  PID:6840
- C:\Windows\System\NtQmJFQ.exe
  C:\Windows\System\NtQmJFQ.exe
  2⤵
  PID:7192
- C:\Windows\System\guVdQph.exe
  C:\Windows\System\guVdQph.exe
  2⤵
  PID:7224
- C:\Windows\System\WLUWvjV.exe
  C:\Windows\System\WLUWvjV.exe
  2⤵
  PID:7244
- C:\Windows\System\BQVyqCm.exe
  C:\Windows\System\BQVyqCm.exe
  2⤵
  PID:7264
- C:\Windows\System\YxZdwEk.exe
  C:\Windows\System\YxZdwEk.exe
  2⤵
  PID:7316
- C:\Windows\System\thrBVru.exe
  C:\Windows\System\thrBVru.exe
  2⤵
  PID:7336
- C:\Windows\System\TDWDuXl.exe
  C:\Windows\System\TDWDuXl.exe
  2⤵
  PID:7376
- C:\Windows\System\ydXOsfY.exe
  C:\Windows\System\ydXOsfY.exe
  2⤵
  PID:7400
- C:\Windows\System\eQkFQIo.exe
  C:\Windows\System\eQkFQIo.exe
  2⤵
  PID:7420
- C:\Windows\System\EnlVzzp.exe
  C:\Windows\System\EnlVzzp.exe
  2⤵
  PID:7444
- C:\Windows\System\ZkHiWHt.exe
  C:\Windows\System\ZkHiWHt.exe
  2⤵
  PID:7484
- C:\Windows\System\YarHHPa.exe
  C:\Windows\System\YarHHPa.exe
  2⤵
  PID:7504
- C:\Windows\System\nOOZduc.exe
  C:\Windows\System\nOOZduc.exe
  2⤵
  PID:7524
- C:\Windows\System\ZbxYqHE.exe
  C:\Windows\System\ZbxYqHE.exe
  2⤵
  PID:7564
- C:\Windows\System\yElMYop.exe
  C:\Windows\System\yElMYop.exe
  2⤵
  PID:7592
- C:\Windows\System\cQddfLC.exe
  C:\Windows\System\cQddfLC.exe
  2⤵
  PID:7608
- C:\Windows\System\IYmcaUU.exe
  C:\Windows\System\IYmcaUU.exe
  2⤵
  PID:7632
- C:\Windows\System\sBRYUWx.exe
  C:\Windows\System\sBRYUWx.exe
  2⤵
  PID:7652
- C:\Windows\System\rleoeEF.exe
  C:\Windows\System\rleoeEF.exe
  2⤵
  PID:7700
- C:\Windows\System\wuxoRww.exe
  C:\Windows\System\wuxoRww.exe
  2⤵
  PID:7720
- C:\Windows\System\INUlcbr.exe
  C:\Windows\System\INUlcbr.exe
  2⤵
  PID:7744
- C:\Windows\System\UnENgGq.exe
  C:\Windows\System\UnENgGq.exe
  2⤵
  PID:7764
- C:\Windows\System\eaoiBZH.exe
  C:\Windows\System\eaoiBZH.exe
  2⤵
  PID:7780
- C:\Windows\System\PWJQFZC.exe
  C:\Windows\System\PWJQFZC.exe
  2⤵
  PID:7804
- C:\Windows\System\eczFJOC.exe
  C:\Windows\System\eczFJOC.exe
  2⤵
  PID:7828
- C:\Windows\System\QLUUYhR.exe
  C:\Windows\System\QLUUYhR.exe
  2⤵
  PID:7844
- C:\Windows\System\eMOtptR.exe
  C:\Windows\System\eMOtptR.exe
  2⤵
  PID:7872
- C:\Windows\System\otwAYOy.exe
  C:\Windows\System\otwAYOy.exe
  2⤵
  PID:7936
- C:\Windows\System\mncQkdo.exe
  C:\Windows\System\mncQkdo.exe
  2⤵
  PID:7988
- C:\Windows\System\NgBCTWU.exe
  C:\Windows\System\NgBCTWU.exe
  2⤵
  PID:8016
- C:\Windows\System\SKpsztg.exe
  C:\Windows\System\SKpsztg.exe
  2⤵
  PID:8044
- C:\Windows\System\hTtrdba.exe
  C:\Windows\System\hTtrdba.exe
  2⤵
  PID:8076
- C:\Windows\System\CJuvCkr.exe
  C:\Windows\System\CJuvCkr.exe
  2⤵
  PID:8100
- C:\Windows\System\rgbqEIC.exe
  C:\Windows\System\rgbqEIC.exe
  2⤵
  PID:8120
- C:\Windows\System\EWPUpwH.exe
  C:\Windows\System\EWPUpwH.exe
  2⤵
  PID:8136
- C:\Windows\System\HlAdZKr.exe
  C:\Windows\System\HlAdZKr.exe
  2⤵
  PID:8168
- C:\Windows\System\JzhUymE.exe
  C:\Windows\System\JzhUymE.exe
  2⤵
  PID:6336
- C:\Windows\System\XkZhtfO.exe
  C:\Windows\System\XkZhtfO.exe
  2⤵
  PID:6752
- C:\Windows\System\DkcorRA.exe
  C:\Windows\System\DkcorRA.exe
  2⤵
  PID:7204
- C:\Windows\System\MIgqJaO.exe
  C:\Windows\System\MIgqJaO.exe
  2⤵
  PID:7256
- C:\Windows\System\OSvePxL.exe
  C:\Windows\System\OSvePxL.exe
  2⤵
  PID:6100
- C:\Windows\System\PNtxRPB.exe
  C:\Windows\System\PNtxRPB.exe
  2⤵
  PID:7396
- C:\Windows\System\HVLtIUK.exe
  C:\Windows\System\HVLtIUK.exe
  2⤵
  PID:7460
- C:\Windows\System\SfFrtCm.exe
  C:\Windows\System\SfFrtCm.exe
  2⤵
  PID:7576
- C:\Windows\System\KKIWWXx.exe
  C:\Windows\System\KKIWWXx.exe
  2⤵
  PID:7616
- C:\Windows\System\aiZhsXs.exe
  C:\Windows\System\aiZhsXs.exe
  2⤵
  PID:7672
- C:\Windows\System\CWvllLn.exe
  C:\Windows\System\CWvllLn.exe
  2⤵
  PID:7688
- C:\Windows\System\SpIpRbQ.exe
  C:\Windows\System\SpIpRbQ.exe
  2⤵
  PID:7788
- C:\Windows\System\JCpbZFT.exe
  C:\Windows\System\JCpbZFT.exe
  2⤵
  PID:7836
- C:\Windows\System\BOLZXhz.exe
  C:\Windows\System\BOLZXhz.exe
  2⤵
  PID:7896
- C:\Windows\System\GzrwmIh.exe
  C:\Windows\System\GzrwmIh.exe
  2⤵
  PID:7980
- C:\Windows\System\lrMuREA.exe
  C:\Windows\System\lrMuREA.exe
  2⤵
  PID:8008
- C:\Windows\System\AdJoDLt.exe
  C:\Windows\System\AdJoDLt.exe
  2⤵
  PID:8068
- C:\Windows\System\XrQYgbH.exe
  C:\Windows\System\XrQYgbH.exe
  2⤵
  PID:8092
- C:\Windows\System\ehPdhSh.exe
  C:\Windows\System\ehPdhSh.exe
  2⤵
  PID:8160
- C:\Windows\System\GcyFtkn.exe
  C:\Windows\System\GcyFtkn.exe
  2⤵
  PID:7240
- C:\Windows\System\hCIoMyb.exe
  C:\Windows\System\hCIoMyb.exe
  2⤵
  PID:7556
- C:\Windows\System\eMkbXEj.exe
  C:\Windows\System\eMkbXEj.exe
  2⤵
  PID:7648
- C:\Windows\System\BgbUupl.exe
  C:\Windows\System\BgbUupl.exe
  2⤵
  PID:7820
- C:\Windows\System\ucTussV.exe
  C:\Windows\System\ucTussV.exe
  2⤵
  PID:7892
- C:\Windows\System\doMzakh.exe
  C:\Windows\System\doMzakh.exe
  2⤵
  PID:8112
- C:\Windows\System\pZXvTMx.exe
  C:\Windows\System\pZXvTMx.exe
  2⤵
  PID:8004
- C:\Windows\System\zMcJhpa.exe
  C:\Windows\System\zMcJhpa.exe
  2⤵
  PID:6112
- C:\Windows\System\wbrwsOV.exe
  C:\Windows\System\wbrwsOV.exe
  2⤵
  PID:7436
- C:\Windows\System\kjvZDEM.exe
  C:\Windows\System\kjvZDEM.exe
  2⤵
  PID:8056
- C:\Windows\System\RLqRldQ.exe
  C:\Windows\System\RLqRldQ.exe
  2⤵
  PID:8156
- C:\Windows\System\CWOkxmw.exe
  C:\Windows\System\CWOkxmw.exe
  2⤵
  PID:8200
- C:\Windows\System\FAIXoby.exe
  C:\Windows\System\FAIXoby.exe
  2⤵
  PID:8264
- C:\Windows\System\meAoSen.exe
  C:\Windows\System\meAoSen.exe
  2⤵
  PID:8304
- C:\Windows\System\tvldJxX.exe
  C:\Windows\System\tvldJxX.exe
  2⤵
  PID:8344
- C:\Windows\System\qsnojHx.exe
  C:\Windows\System\qsnojHx.exe
  2⤵
  PID:8364
- C:\Windows\System\SbOwsxW.exe
  C:\Windows\System\SbOwsxW.exe
  2⤵
  PID:8384
- C:\Windows\System\MAwgnlw.exe
  C:\Windows\System\MAwgnlw.exe
  2⤵
  PID:8404
- C:\Windows\System\fTPabcc.exe
  C:\Windows\System\fTPabcc.exe
  2⤵
  PID:8424
- C:\Windows\System\wqDDvKo.exe
  C:\Windows\System\wqDDvKo.exe
  2⤵
  PID:8452
- C:\Windows\System\RtmUEnu.exe
  C:\Windows\System\RtmUEnu.exe
  2⤵
  PID:8516
- C:\Windows\System\WQrcqIM.exe
  C:\Windows\System\WQrcqIM.exe
  2⤵
  PID:8572
- C:\Windows\System\JlrQruk.exe
  C:\Windows\System\JlrQruk.exe
  2⤵
  PID:8588
- C:\Windows\System\FjVNEKT.exe
  C:\Windows\System\FjVNEKT.exe
  2⤵
  PID:8608
- C:\Windows\System\fSeDLOu.exe
  C:\Windows\System\fSeDLOu.exe
  2⤵
  PID:8628
- C:\Windows\System\uJgFWyN.exe
  C:\Windows\System\uJgFWyN.exe
  2⤵
  PID:8660
- C:\Windows\System\anrARAg.exe
  C:\Windows\System\anrARAg.exe
  2⤵
  PID:8676
- C:\Windows\System\SwnOBkp.exe
  C:\Windows\System\SwnOBkp.exe
  2⤵
  PID:8716
- C:\Windows\System\dgSWzcV.exe
  C:\Windows\System\dgSWzcV.exe
  2⤵
  PID:8732
- C:\Windows\System\hBARmvD.exe
  C:\Windows\System\hBARmvD.exe
  2⤵
  PID:8748
- C:\Windows\System\alMYwcD.exe
  C:\Windows\System\alMYwcD.exe
  2⤵
  PID:8776
- C:\Windows\System\IGRaxdY.exe
  C:\Windows\System\IGRaxdY.exe
  2⤵
  PID:8816
- C:\Windows\System\hLRGxvp.exe
  C:\Windows\System\hLRGxvp.exe
  2⤵
  PID:8836
- C:\Windows\System\oEHTjEx.exe
  C:\Windows\System\oEHTjEx.exe
  2⤵
  PID:8852
- C:\Windows\System\DIqMLSL.exe
  C:\Windows\System\DIqMLSL.exe
  2⤵
  PID:8940
- C:\Windows\System\BmooWYg.exe
  C:\Windows\System\BmooWYg.exe
  2⤵
  PID:8968
- C:\Windows\System\oLrvKGn.exe
  C:\Windows\System\oLrvKGn.exe
  2⤵
  PID:8988
- C:\Windows\System\SpKSREQ.exe
  C:\Windows\System\SpKSREQ.exe
  2⤵
  PID:9028
- C:\Windows\System\NAAAsAA.exe
  C:\Windows\System\NAAAsAA.exe
  2⤵
  PID:9056
- C:\Windows\System\IngHfyD.exe
  C:\Windows\System\IngHfyD.exe
  2⤵
  PID:9080
- C:\Windows\System\GttyiLb.exe
  C:\Windows\System\GttyiLb.exe
  2⤵
  PID:9104
- C:\Windows\System\ArZRFHh.exe
  C:\Windows\System\ArZRFHh.exe
  2⤵
  PID:9120
- C:\Windows\System\YVAhaZT.exe
  C:\Windows\System\YVAhaZT.exe
  2⤵
  PID:9136
- C:\Windows\System\AcZkDja.exe
  C:\Windows\System\AcZkDja.exe
  2⤵
  PID:9160
- C:\Windows\System\cUhqiWi.exe
  C:\Windows\System\cUhqiWi.exe
  2⤵
  PID:9212
- C:\Windows\System\anoklzp.exe
  C:\Windows\System\anoklzp.exe
  2⤵
  PID:7932
- C:\Windows\System\FnJUHEm.exe
  C:\Windows\System\FnJUHEm.exe
  2⤵
  PID:8272
- C:\Windows\System\SsGwOmB.exe
  C:\Windows\System\SsGwOmB.exe
  2⤵
  PID:8380
- C:\Windows\System\pzYMnyW.exe
  C:\Windows\System\pzYMnyW.exe
  2⤵
  PID:8412
- C:\Windows\System\JoJpVBL.exe
  C:\Windows\System\JoJpVBL.exe
  2⤵
  PID:8556
- C:\Windows\System\JDmnlGv.exe
  C:\Windows\System\JDmnlGv.exe
  2⤵
  PID:8528
- C:\Windows\System\LMNRjdg.exe
  C:\Windows\System\LMNRjdg.exe
  2⤵
  PID:8600
- C:\Windows\System\LyVPPfK.exe
  C:\Windows\System\LyVPPfK.exe
  2⤵
  PID:8684
- C:\Windows\System\aVGNlIv.exe
  C:\Windows\System\aVGNlIv.exe
  2⤵
  PID:8712
- C:\Windows\System\dPPqmpx.exe
  C:\Windows\System\dPPqmpx.exe
  2⤵
  PID:8788
- C:\Windows\System\YyaHUYI.exe
  C:\Windows\System\YyaHUYI.exe
  2⤵
  PID:8860
- C:\Windows\System\YPpFFZN.exe
  C:\Windows\System\YPpFFZN.exe
  2⤵
  PID:8976
- C:\Windows\System\PzzvZoG.exe
  C:\Windows\System\PzzvZoG.exe
  2⤵
  PID:8952
- C:\Windows\System\rQeXUjb.exe
  C:\Windows\System\rQeXUjb.exe
  2⤵
  PID:9016
- C:\Windows\System\kZkWpMd.exe
  C:\Windows\System\kZkWpMd.exe
  2⤵
  PID:9072
- C:\Windows\System\MHIQWHo.exe
  C:\Windows\System\MHIQWHo.exe
  2⤵
  PID:9112
- C:\Windows\System\doFyxXh.exe
  C:\Windows\System\doFyxXh.exe
  2⤵
  PID:9204
- C:\Windows\System\ydhubAf.exe
  C:\Windows\System\ydhubAf.exe
  2⤵
  PID:8416
- C:\Windows\System\kkovRiw.exe
  C:\Windows\System\kkovRiw.exe
  2⤵
  PID:8544
- C:\Windows\System\NKkGfww.exe
  C:\Windows\System\NKkGfww.exe
  2⤵
  PID:8688
- C:\Windows\System\xrerlym.exe
  C:\Windows\System\xrerlym.exe
  2⤵
  PID:8876
- C:\Windows\System\rHcIVIJ.exe
  C:\Windows\System\rHcIVIJ.exe
  2⤵
  PID:8964
- C:\Windows\System\mKOnNSX.exe
  C:\Windows\System\mKOnNSX.exe
  2⤵
  PID:9092
- C:\Windows\System\yKarXIf.exe
  C:\Windows\System\yKarXIf.exe
  2⤵
  PID:9200
- C:\Windows\System\eKwxREk.exe
  C:\Windows\System\eKwxREk.exe
  2⤵
  PID:8476
- C:\Windows\System\hNVtHtt.exe
  C:\Windows\System\hNVtHtt.exe
  2⤵
  PID:8984
- C:\Windows\System\SadEsUw.exe
  C:\Windows\System\SadEsUw.exe
  2⤵
  PID:8912
- C:\Windows\System\IRvMhBn.exe
  C:\Windows\System\IRvMhBn.exe
  2⤵
  PID:8508
- C:\Windows\System\DIipAYr.exe
  C:\Windows\System\DIipAYr.exe
  2⤵
  PID:9244
- C:\Windows\System\tMsOAkS.exe
  C:\Windows\System\tMsOAkS.exe
  2⤵
  PID:9260
- C:\Windows\System\BXUIHNT.exe
  C:\Windows\System\BXUIHNT.exe
  2⤵
  PID:9276
- C:\Windows\System\wYMNLaW.exe
  C:\Windows\System\wYMNLaW.exe
  2⤵
  PID:9296
- C:\Windows\System\lhztVKQ.exe
  C:\Windows\System\lhztVKQ.exe
  2⤵
  PID:9324
- C:\Windows\System\LHrsBDZ.exe
  C:\Windows\System\LHrsBDZ.exe
  2⤵
  PID:9352
- C:\Windows\System\tpdrXpw.exe
  C:\Windows\System\tpdrXpw.exe
  2⤵
  PID:9412
- C:\Windows\System\leEulTq.exe
  C:\Windows\System\leEulTq.exe
  2⤵
  PID:9436
- C:\Windows\System\yMtUwwQ.exe
  C:\Windows\System\yMtUwwQ.exe
  2⤵
  PID:9460
- C:\Windows\System\zUiMOav.exe
  C:\Windows\System\zUiMOav.exe
  2⤵
  PID:9480
- C:\Windows\System\AGSnYUV.exe
  C:\Windows\System\AGSnYUV.exe
  2⤵
  PID:9560
- C:\Windows\System\HQuSDlg.exe
  C:\Windows\System\HQuSDlg.exe
  2⤵
  PID:9592
- C:\Windows\System\mMSKHyq.exe
  C:\Windows\System\mMSKHyq.exe
  2⤵
  PID:9616
- C:\Windows\System\HRBKlMG.exe
  C:\Windows\System\HRBKlMG.exe
  2⤵
  PID:9636
- C:\Windows\System\hFyXWdL.exe
  C:\Windows\System\hFyXWdL.exe
  2⤵
  PID:9676
- C:\Windows\System\nyONDFj.exe
  C:\Windows\System\nyONDFj.exe
  2⤵
  PID:9700
- C:\Windows\System\UtODEaC.exe
  C:\Windows\System\UtODEaC.exe
  2⤵
  PID:9728
- C:\Windows\System\zZSZjrm.exe
  C:\Windows\System\zZSZjrm.exe
  2⤵
  PID:9748
- C:\Windows\System\glkutvJ.exe
  C:\Windows\System\glkutvJ.exe
  2⤵
  PID:9768
- C:\Windows\System\HeNZLxl.exe
  C:\Windows\System\HeNZLxl.exe
  2⤵
  PID:9792
- C:\Windows\System\yigYoPP.exe
  C:\Windows\System\yigYoPP.exe
  2⤵
  PID:9812
- C:\Windows\System\CInRQWa.exe
  C:\Windows\System\CInRQWa.exe
  2⤵
  PID:9860
- C:\Windows\System\mhaSKGx.exe
  C:\Windows\System\mhaSKGx.exe
  2⤵
  PID:9880
- C:\Windows\System\cuBGxlM.exe
  C:\Windows\System\cuBGxlM.exe
  2⤵
  PID:9924
- C:\Windows\System\GIEeKHz.exe
  C:\Windows\System\GIEeKHz.exe
  2⤵
  PID:9944
- C:\Windows\System\PMelwpE.exe
  C:\Windows\System\PMelwpE.exe
  2⤵
  PID:9968
- C:\Windows\System\zRpefqB.exe
  C:\Windows\System\zRpefqB.exe
  2⤵
  PID:9992
- C:\Windows\System\QtKTfHL.exe
  C:\Windows\System\QtKTfHL.exe
  2⤵
  PID:10016
- C:\Windows\System\wkcXaaq.exe
  C:\Windows\System\wkcXaaq.exe
  2⤵
  PID:10036
- C:\Windows\System\gqmkINN.exe
  C:\Windows\System\gqmkINN.exe
  2⤵
  PID:10060
- C:\Windows\System\WnLqtss.exe
  C:\Windows\System\WnLqtss.exe
  2⤵
  PID:10080
- C:\Windows\System\eGMfrKW.exe
  C:\Windows\System\eGMfrKW.exe
  2⤵
  PID:10104
- C:\Windows\System\HAVrbIp.exe
  C:\Windows\System\HAVrbIp.exe
  2⤵
  PID:10128
- C:\Windows\System\xJzYaQa.exe
  C:\Windows\System\xJzYaQa.exe
  2⤵
  PID:10148
- C:\Windows\System\SHXBJdC.exe
  C:\Windows\System\SHXBJdC.exe
  2⤵
  PID:10164
- C:\Windows\System\qhIMJkx.exe
  C:\Windows\System\qhIMJkx.exe
  2⤵
  PID:8636
- C:\Windows\System\gNCPEka.exe
  C:\Windows\System\gNCPEka.exe
  2⤵
  PID:9228
- C:\Windows\System\EYbnVAi.exe
  C:\Windows\System\EYbnVAi.exe
  2⤵
  PID:9256
- C:\Windows\System\RBFdXwR.exe
  C:\Windows\System\RBFdXwR.exe
  2⤵
  PID:9344
- C:\Windows\System\hgQRlao.exe
  C:\Windows\System\hgQRlao.exe
  2⤵
  PID:9476
- C:\Windows\System\lKAJhuO.exe
  C:\Windows\System\lKAJhuO.exe
  2⤵
  PID:9424
- C:\Windows\System\WmDBHvl.exe
  C:\Windows\System\WmDBHvl.exe
  2⤵
  PID:9524
- C:\Windows\System\IxiwKlf.exe
  C:\Windows\System\IxiwKlf.exe
  2⤵
  PID:9584
- C:\Windows\System\MFNvDiq.exe
  C:\Windows\System\MFNvDiq.exe
  2⤵
  PID:9624
- C:\Windows\System\HarOsrr.exe
  C:\Windows\System\HarOsrr.exe
  2⤵
  PID:9764
- C:\Windows\System\mCAdLTD.exe
  C:\Windows\System\mCAdLTD.exe
  2⤵
  PID:9780
- C:\Windows\System\yuytFyI.exe
  C:\Windows\System\yuytFyI.exe
  2⤵
  PID:9856
- C:\Windows\System\caRYNMu.exe
  C:\Windows\System\caRYNMu.exe
  2⤵
  PID:9892
- C:\Windows\System\tvmncgF.exe
  C:\Windows\System\tvmncgF.exe
  2⤵
  PID:9940
- C:\Windows\System\ceCCUAv.exe
  C:\Windows\System\ceCCUAv.exe
  2⤵
  PID:9988
- C:\Windows\System\VdsoQnC.exe
  C:\Windows\System\VdsoQnC.exe
  2⤵
  PID:10044
- C:\Windows\System\YDZbOno.exe
  C:\Windows\System\YDZbOno.exe
  2⤵
  PID:10072
- C:\Windows\System\woQanax.exe
  C:\Windows\System\woQanax.exe
  2⤵
  PID:10100
- C:\Windows\System\CNafVfE.exe
  C:\Windows\System\CNafVfE.exe
  2⤵
  PID:10200
- C:\Windows\System\uDGyMcq.exe
  C:\Windows\System\uDGyMcq.exe
  2⤵
  PID:8468
- C:\Windows\System\eCVepbG.exe
  C:\Windows\System\eCVepbG.exe
  2⤵
  PID:9292
- C:\Windows\System\hFyOzww.exe
  C:\Windows\System\hFyOzww.exe
  2⤵
  PID:9396
- C:\Windows\System\pNeZdBq.exe
  C:\Windows\System\pNeZdBq.exe
  2⤵
  PID:9520
- C:\Windows\System\BLtkAaa.exe
  C:\Windows\System\BLtkAaa.exe
  2⤵
  PID:9556
- C:\Windows\System\GEeKFvB.exe
  C:\Windows\System\GEeKFvB.exe
  2⤵
  PID:10048
- C:\Windows\System\lWvBEcZ.exe
  C:\Windows\System\lWvBEcZ.exe
  2⤵
  PID:9456
- C:\Windows\System\nOvPXKb.exe
  C:\Windows\System\nOvPXKb.exe
  2⤵
  PID:9920
- C:\Windows\System\mYvbCRB.exe
  C:\Windows\System\mYvbCRB.exe
  2⤵
  PID:9384
- C:\Windows\System\rsxGKxC.exe
  C:\Windows\System\rsxGKxC.exe
  2⤵
  PID:9572
- C:\Windows\System\Rxuhaqp.exe
  C:\Windows\System\Rxuhaqp.exe
  2⤵
  PID:10268
- C:\Windows\System\yobzZDT.exe
  C:\Windows\System\yobzZDT.exe
  2⤵
  PID:10288
- C:\Windows\System\SVZDNDQ.exe
  C:\Windows\System\SVZDNDQ.exe
  2⤵
  PID:10308
- C:\Windows\System\IACPtvw.exe
  C:\Windows\System\IACPtvw.exe
  2⤵
  PID:10332
- C:\Windows\System\TGZKsrS.exe
  C:\Windows\System\TGZKsrS.exe
  2⤵
  PID:10360
- C:\Windows\System\DYHhSdh.exe
  C:\Windows\System\DYHhSdh.exe
  2⤵
  PID:10380
- C:\Windows\System\oxhCRcB.exe
  C:\Windows\System\oxhCRcB.exe
  2⤵
  PID:10400
- C:\Windows\System\tnoaVUu.exe
  C:\Windows\System\tnoaVUu.exe
  2⤵
  PID:10420
- C:\Windows\System\sPGwXYC.exe
  C:\Windows\System\sPGwXYC.exe
  2⤵
  PID:10476
- C:\Windows\System\aICXTVs.exe
  C:\Windows\System\aICXTVs.exe
  2⤵
  PID:10524
- C:\Windows\System\DcldhKy.exe
  C:\Windows\System\DcldhKy.exe
  2⤵
  PID:10548
- C:\Windows\System\ADfVLBh.exe
  C:\Windows\System\ADfVLBh.exe
  2⤵
  PID:10564
- C:\Windows\System\JSVjAoU.exe
  C:\Windows\System\JSVjAoU.exe
  2⤵
  PID:10592
- C:\Windows\System\DmJTamh.exe
  C:\Windows\System\DmJTamh.exe
  2⤵
  PID:10612
- C:\Windows\System\RHodKnn.exe
  C:\Windows\System\RHodKnn.exe
  2⤵
  PID:10636
- C:\Windows\System\SIOZvDq.exe
  C:\Windows\System\SIOZvDq.exe
  2⤵
  PID:10656
- C:\Windows\System\SBiNEfW.exe
  C:\Windows\System\SBiNEfW.exe
  2⤵
  PID:10712
- C:\Windows\System\NzePjYz.exe
  C:\Windows\System\NzePjYz.exe
  2⤵
  PID:10756
- C:\Windows\System\fofJkzr.exe
  C:\Windows\System\fofJkzr.exe
  2⤵
  PID:10780
- C:\Windows\System\cEtIOhw.exe
  C:\Windows\System\cEtIOhw.exe
  2⤵
  PID:10800
- C:\Windows\System\EZGWKKw.exe
  C:\Windows\System\EZGWKKw.exe
  2⤵
  PID:10820
- C:\Windows\System\klphkkB.exe
  C:\Windows\System\klphkkB.exe
  2⤵
  PID:10840
- C:\Windows\System\gshUSUs.exe
  C:\Windows\System\gshUSUs.exe
  2⤵
  PID:10868
- C:\Windows\System\OzfhWGt.exe
  C:\Windows\System\OzfhWGt.exe
  2⤵
  PID:10908
- C:\Windows\System\YbGVMPp.exe
  C:\Windows\System\YbGVMPp.exe
  2⤵
  PID:10936
- C:\Windows\System\eZOTgRd.exe
  C:\Windows\System\eZOTgRd.exe
  2⤵
  PID:10956
- C:\Windows\System\kqJfgYn.exe
  C:\Windows\System\kqJfgYn.exe
  2⤵
  PID:10980
- C:\Windows\System\MuXolGu.exe
  C:\Windows\System\MuXolGu.exe
  2⤵
  PID:11008
- C:\Windows\System\FFtiLfV.exe
  C:\Windows\System\FFtiLfV.exe
  2⤵
  PID:11040
- C:\Windows\System\pWgutqr.exe
  C:\Windows\System\pWgutqr.exe
  2⤵
  PID:11064
- C:\Windows\System\ciAdmvZ.exe
  C:\Windows\System\ciAdmvZ.exe
  2⤵
  PID:11088
- C:\Windows\System\fsmGshx.exe
  C:\Windows\System\fsmGshx.exe
  2⤵
  PID:11136
- C:\Windows\System\SpyNqzt.exe
  C:\Windows\System\SpyNqzt.exe
  2⤵
  PID:11164
- C:\Windows\System\heuvMFR.exe
  C:\Windows\System\heuvMFR.exe
  2⤵
  PID:11184
- C:\Windows\System\aMHmULf.exe
  C:\Windows\System\aMHmULf.exe
  2⤵
  PID:11204
- C:\Windows\System\PnkKewf.exe
  C:\Windows\System\PnkKewf.exe
  2⤵
  PID:11248
- C:\Windows\System\tcnVnsN.exe
  C:\Windows\System\tcnVnsN.exe
  2⤵
  PID:10300
- C:\Windows\System\tidHvTw.exe
  C:\Windows\System\tidHvTw.exe
  2⤵
  PID:10356
- C:\Windows\System\wkxCKAN.exe
  C:\Windows\System\wkxCKAN.exe
  2⤵
  PID:10396
- C:\Windows\System\KquIoRz.exe
  C:\Windows\System\KquIoRz.exe
  2⤵
  PID:10504
- C:\Windows\System\GHAhrBI.exe
  C:\Windows\System\GHAhrBI.exe
  2⤵
  PID:10532
- C:\Windows\System\cIyMrpf.exe
  C:\Windows\System\cIyMrpf.exe
  2⤵
  PID:10600
- C:\Windows\System\YTapNtP.exe
  C:\Windows\System\YTapNtP.exe
  2⤵
  PID:10624
- C:\Windows\System\WLTYNHp.exe
  C:\Windows\System\WLTYNHp.exe
  2⤵
  PID:10724
- C:\Windows\System\LoAWILU.exe
  C:\Windows\System\LoAWILU.exe
  2⤵
  PID:10748
- C:\Windows\System\WuUYtda.exe
  C:\Windows\System\WuUYtda.exe
  2⤵
  PID:10816
- C:\Windows\System\cCmgUWc.exe
  C:\Windows\System\cCmgUWc.exe
  2⤵
  PID:10920
- C:\Windows\System\GiIpRCZ.exe
  C:\Windows\System\GiIpRCZ.exe
  2⤵
  PID:10988
- C:\Windows\System\rvWXmGq.exe
  C:\Windows\System\rvWXmGq.exe
  2⤵
  PID:11056
- C:\Windows\System\aXvSZKi.exe
  C:\Windows\System\aXvSZKi.exe
  2⤵
  PID:11128
- C:\Windows\System\DesEUOQ.exe
  C:\Windows\System\DesEUOQ.exe
  2⤵
  PID:11200
- C:\Windows\System\wzLrvdy.exe
  C:\Windows\System\wzLrvdy.exe
  2⤵
  PID:11224
- C:\Windows\System\pqGRhpj.exe
  C:\Windows\System\pqGRhpj.exe
  2⤵
  PID:10284
- C:\Windows\System\RDRuLbG.exe
  C:\Windows\System\RDRuLbG.exe
  2⤵
  PID:10464
- C:\Windows\System\xaueMHL.exe
  C:\Windows\System\xaueMHL.exe
  2⤵
  PID:10580
- C:\Windows\System\JDpQIWB.exe
  C:\Windows\System\JDpQIWB.exe
  2⤵
  PID:10768
- C:\Windows\System\tGHJMQJ.exe
  C:\Windows\System\tGHJMQJ.exe
  2⤵
  PID:10864
- C:\Windows\System\azNXQUp.exe
  C:\Windows\System\azNXQUp.exe
  2⤵
  PID:11024
- C:\Windows\System\OAHskhK.exe
  C:\Windows\System\OAHskhK.exe
  2⤵
  PID:11152
- C:\Windows\System\vNTRouy.exe
  C:\Windows\System\vNTRouy.exe
  2⤵
  PID:11260
- C:\Windows\System\KwZPsXS.exe
  C:\Windows\System\KwZPsXS.exe
  2⤵
  PID:10836
- C:\Windows\System\XIIbgbR.exe
  C:\Windows\System\XIIbgbR.exe
  2⤵
  PID:11100
- C:\Windows\System\yhezezp.exe
  C:\Windows\System\yhezezp.exe
  2⤵
  PID:10992
- C:\Windows\System\ntzLoLu.exe
  C:\Windows\System\ntzLoLu.exe
  2⤵
  PID:11220
- C:\Windows\System\kukCfVe.exe
  C:\Windows\System\kukCfVe.exe
  2⤵
  PID:11272
- C:\Windows\System\TxEpgto.exe
  C:\Windows\System\TxEpgto.exe
  2⤵
  PID:11292
- C:\Windows\System\iJhxkVt.exe
  C:\Windows\System\iJhxkVt.exe
  2⤵
  PID:11320
- C:\Windows\System\MDYeVyp.exe
  C:\Windows\System\MDYeVyp.exe
  2⤵
  PID:11356
- C:\Windows\System\LQuEcPK.exe
  C:\Windows\System\LQuEcPK.exe
  2⤵
  PID:11384
- C:\Windows\System\ivjpSKp.exe
  C:\Windows\System\ivjpSKp.exe
  2⤵
  PID:11400
- C:\Windows\System\IkhiWtu.exe
  C:\Windows\System\IkhiWtu.exe
  2⤵
  PID:11424
- C:\Windows\System\wyIRCdP.exe
  C:\Windows\System\wyIRCdP.exe
  2⤵
  PID:11444
- C:\Windows\System\WmBNMWM.exe
  C:\Windows\System\WmBNMWM.exe
  2⤵
  PID:11484
- C:\Windows\System\iQTqWeB.exe
  C:\Windows\System\iQTqWeB.exe
  2⤵
  PID:11504
- C:\Windows\System\XTKxjYd.exe
  C:\Windows\System\XTKxjYd.exe
  2⤵
  PID:11544
- C:\Windows\System\OpqQXaa.exe
  C:\Windows\System\OpqQXaa.exe
  2⤵
  PID:11564
- C:\Windows\System\mZzrGJg.exe
  C:\Windows\System\mZzrGJg.exe
  2⤵
  PID:11608
- C:\Windows\System\uZRrMIA.exe
  C:\Windows\System\uZRrMIA.exe
  2⤵
  PID:11632
- C:\Windows\System\VAowYdO.exe
  C:\Windows\System\VAowYdO.exe
  2⤵
  PID:11656
- C:\Windows\System\PrIwXMJ.exe
  C:\Windows\System\PrIwXMJ.exe
  2⤵
  PID:11688
- C:\Windows\System\UBnFGyZ.exe
  C:\Windows\System\UBnFGyZ.exe
  2⤵
  PID:11712
- C:\Windows\System\roQBWDX.exe
  C:\Windows\System\roQBWDX.exe
  2⤵
  PID:11752
- C:\Windows\System\NAGagmy.exe
  C:\Windows\System\NAGagmy.exe
  2⤵
  PID:11788
- C:\Windows\System\GdhsCRm.exe
  C:\Windows\System\GdhsCRm.exe
  2⤵
  PID:11808
- C:\Windows\System\MicPgtH.exe
  C:\Windows\System\MicPgtH.exe
  2⤵
  PID:11832
- C:\Windows\System\krGcdNW.exe
  C:\Windows\System\krGcdNW.exe
  2⤵
  PID:11848
- C:\Windows\System\PaJxwFP.exe
  C:\Windows\System\PaJxwFP.exe
  2⤵
  PID:11872
- C:\Windows\System\CdRamfG.exe
  C:\Windows\System\CdRamfG.exe
  2⤵
  PID:11892
- C:\Windows\System\ydhdASZ.exe
  C:\Windows\System\ydhdASZ.exe
  2⤵
  PID:11940
- C:\Windows\System\KYDRJyQ.exe
  C:\Windows\System\KYDRJyQ.exe
  2⤵
  PID:11968
- C:\Windows\System\qRhDOad.exe
  C:\Windows\System\qRhDOad.exe
  2⤵
  PID:12020
- C:\Windows\System\xbAJaXU.exe
  C:\Windows\System\xbAJaXU.exe
  2⤵
  PID:12044
- C:\Windows\System\rYhYdcB.exe
  C:\Windows\System\rYhYdcB.exe
  2⤵
  PID:12068
- C:\Windows\System\MUMQJWC.exe
  C:\Windows\System\MUMQJWC.exe
  2⤵
  PID:12100
- C:\Windows\System\GJVKFcZ.exe
  C:\Windows\System\GJVKFcZ.exe
  2⤵
  PID:12124
- C:\Windows\System\HsIBFcm.exe
  C:\Windows\System\HsIBFcm.exe
  2⤵
  PID:12172
- C:\Windows\System\BBYxQXs.exe
  C:\Windows\System\BBYxQXs.exe
  2⤵
  PID:12196
- C:\Windows\System\ypnHoTT.exe
  C:\Windows\System\ypnHoTT.exe
  2⤵
  PID:12216
- C:\Windows\System\pLWVapK.exe
  C:\Windows\System\pLWVapK.exe
  2⤵
  PID:12236
- C:\Windows\System\lcZalRQ.exe
  C:\Windows\System\lcZalRQ.exe
  2⤵
  PID:12264
- C:\Windows\System\otcVKQh.exe
  C:\Windows\System\otcVKQh.exe
  2⤵
  PID:9932
- C:\Windows\System\ZSWrOKj.exe
  C:\Windows\System\ZSWrOKj.exe
  2⤵
  PID:11284
- C:\Windows\System\vYeIoqT.exe
  C:\Windows\System\vYeIoqT.exe
  2⤵
  PID:11348
- C:\Windows\System\uxzuKcX.exe
  C:\Windows\System\uxzuKcX.exe
  2⤵
  PID:11372
- C:\Windows\System\KjCqXym.exe
  C:\Windows\System\KjCqXym.exe
  2⤵
  PID:11540
- C:\Windows\System\FBtYhNb.exe
  C:\Windows\System\FBtYhNb.exe
  2⤵
  PID:11572
- C:\Windows\System\GPBdlcc.exe
  C:\Windows\System\GPBdlcc.exe
  2⤵
  PID:11640
- C:\Windows\System\vRCNpdX.exe
  C:\Windows\System\vRCNpdX.exe
  2⤵
  PID:11784
- C:\Windows\System\ZEwpraH.exe
  C:\Windows\System\ZEwpraH.exe
  2⤵
  PID:11856
- C:\Windows\System\vXjpvGT.exe
  C:\Windows\System\vXjpvGT.exe
  2⤵
  PID:11884
- C:\Windows\System\CBYHRIH.exe
  C:\Windows\System\CBYHRIH.exe
  2⤵
  PID:11932
- C:\Windows\System\ikGZSXp.exe
  C:\Windows\System\ikGZSXp.exe
  2⤵
  PID:12036
- C:\Windows\System\daIdtKD.exe
  C:\Windows\System\daIdtKD.exe
  2⤵
  PID:12052
- C:\Windows\System\YwBGxNU.exe
  C:\Windows\System\YwBGxNU.exe
  2⤵
  PID:12160
- C:\Windows\System\AJqObto.exe
  C:\Windows\System\AJqObto.exe
  2⤵
  PID:12188
- C:\Windows\System\reHDXRY.exe
  C:\Windows\System\reHDXRY.exe
  2⤵
  PID:12256
- C:\Windows\System\EpPrHcG.exe
  C:\Windows\System\EpPrHcG.exe
  2⤵
  PID:10976
- C:\Windows\System\jeoIqOJ.exe
  C:\Windows\System\jeoIqOJ.exe
  2⤵
  PID:11804
- C:\Windows\System\jEKqjMk.exe
  C:\Windows\System\jEKqjMk.exe
  2⤵
  PID:11800
- C:\Windows\System\SzwoWFt.exe
  C:\Windows\System\SzwoWFt.exe
  2⤵
  PID:11980
- C:\Windows\System\xiYmntl.exe
  C:\Windows\System\xiYmntl.exe
  2⤵
  PID:12008
- C:\Windows\System\EQNahkY.exe
  C:\Windows\System\EQNahkY.exe
  2⤵
  PID:12116
- C:\Windows\System\yMwffVM.exe
  C:\Windows\System\yMwffVM.exe
  2⤵
  PID:12212
- C:\Windows\System\zVucKYK.exe
  C:\Windows\System\zVucKYK.exe
  2⤵
  PID:12280
- C:\Windows\System\izPJrKY.exe
  C:\Windows\System\izPJrKY.exe
  2⤵
  PID:12344
- C:\Windows\System\tEMdhfZ.exe
  C:\Windows\System\tEMdhfZ.exe
  2⤵
  PID:12372
- C:\Windows\System\myKAoLR.exe
  C:\Windows\System\myKAoLR.exe
  2⤵
  PID:12396
- C:\Windows\System\WUETtSf.exe
  C:\Windows\System\WUETtSf.exe
  2⤵
  PID:12420
- C:\Windows\System\PGqIOai.exe
  C:\Windows\System\PGqIOai.exe
  2⤵
  PID:12440
- C:\Windows\System\UcpPZzo.exe
  C:\Windows\System\UcpPZzo.exe
  2⤵
  PID:12556
- C:\Windows\System\niQZDLg.exe
  C:\Windows\System\niQZDLg.exe
  2⤵
  PID:12584
- C:\Windows\System\fGopEKe.exe
  C:\Windows\System\fGopEKe.exe
  2⤵
  PID:12604
- C:\Windows\System\wUKmzXm.exe
  C:\Windows\System\wUKmzXm.exe
  2⤵
  PID:12624
- C:\Windows\System\eIBgSvb.exe
  C:\Windows\System\eIBgSvb.exe
  2⤵
  PID:12652
- C:\Windows\System\nEvOccD.exe
  C:\Windows\System\nEvOccD.exe
  2⤵
  PID:12672
- C:\Windows\System\kjziWKa.exe
  C:\Windows\System\kjziWKa.exe
  2⤵
  PID:12696
- C:\Windows\System\tcxezRp.exe
  C:\Windows\System\tcxezRp.exe
  2⤵
  PID:12740
- C:\Windows\System\KDZCTNJ.exe
  C:\Windows\System\KDZCTNJ.exe
  2⤵
  PID:12796
- C:\Windows\System\KQnlopp.exe
  C:\Windows\System\KQnlopp.exe
  2⤵
  PID:12812
- C:\Windows\System\nahwkpq.exe
  C:\Windows\System\nahwkpq.exe
  2⤵
  PID:12836
- C:\Windows\System\wqVtraN.exe
  C:\Windows\System\wqVtraN.exe
  2⤵
  PID:12860
- C:\Windows\System\XhnBldR.exe
  C:\Windows\System\XhnBldR.exe
  2⤵
  PID:12880
- C:\Windows\System\hFIwoCt.exe
  C:\Windows\System\hFIwoCt.exe
  2⤵
  PID:12904
- C:\Windows\System\PgeJIGt.exe
  C:\Windows\System\PgeJIGt.exe
  2⤵
  PID:12936
- C:\Windows\System\ikNECDj.exe
  C:\Windows\System\ikNECDj.exe
  2⤵
  PID:12964
- C:\Windows\System\doOfXzn.exe
  C:\Windows\System\doOfXzn.exe
  2⤵
  PID:13036
- C:\Windows\System\dKACvsq.exe
  C:\Windows\System\dKACvsq.exe
  2⤵
  PID:13060
- C:\Windows\System\IyrdhQY.exe
  C:\Windows\System\IyrdhQY.exe
  2⤵
  PID:13100
- C:\Windows\System\CIlmbkK.exe
  C:\Windows\System\CIlmbkK.exe
  2⤵
  PID:13124
- C:\Windows\System\qjzhdCc.exe
  C:\Windows\System\qjzhdCc.exe
  2⤵
  PID:13148
- C:\Windows\System\BROIXTl.exe
  C:\Windows\System\BROIXTl.exe
  2⤵
  PID:13196
- C:\Windows\System\pxOifsR.exe
  C:\Windows\System\pxOifsR.exe
  2⤵
  PID:13216
- C:\Windows\System\FoVeBSx.exe
  C:\Windows\System\FoVeBSx.exe
  2⤵
  PID:13232
- C:\Windows\System\ZgSAdaf.exe
  C:\Windows\System\ZgSAdaf.exe
  2⤵
  PID:13256
- C:\Windows\System\WFjJjLd.exe
  C:\Windows\System\WFjJjLd.exe
  2⤵
  PID:13288
- C:\Windows\System\OQHLtZy.exe
  C:\Windows\System\OQHLtZy.exe
  2⤵
  PID:11316
- C:\Windows\System\DEoxOhO.exe
  C:\Windows\System\DEoxOhO.exe
  2⤵
  PID:11916
- C:\Windows\System\hngUmWi.exe
  C:\Windows\System\hngUmWi.exe
  2⤵
  PID:11768
- C:\Windows\System\EccWefI.exe
  C:\Windows\System\EccWefI.exe
  2⤵
  PID:12296
- C:\Windows\System\ZhoufGL.exe
  C:\Windows\System\ZhoufGL.exe
  2⤵
  PID:12144
- C:\Windows\System\kpzkIJC.exe
  C:\Windows\System\kpzkIJC.exe
  2⤵
  PID:12292
- C:\Windows\System\vJpgKnV.exe
  C:\Windows\System\vJpgKnV.exe
  2⤵
  PID:12388
- C:\Windows\System\FjtGZiZ.exe
  C:\Windows\System\FjtGZiZ.exe
  2⤵
  PID:12380
- C:\Windows\System\PlMViwI.exe
  C:\Windows\System\PlMViwI.exe
  2⤵
  PID:12416
- C:\Windows\System\NInLdnm.exe
  C:\Windows\System\NInLdnm.exe
  2⤵
  PID:12592
- C:\Windows\System\XTvZgJb.exe
  C:\Windows\System\XTvZgJb.exe
  2⤵
  PID:12640
- C:\Windows\System\DPsLTZl.exe
  C:\Windows\System\DPsLTZl.exe
  2⤵
  PID:12680
- C:\Windows\System\HXMjNOc.exe
  C:\Windows\System\HXMjNOc.exe
  2⤵
  PID:12764
- C:\Windows\System\GMsApca.exe
  C:\Windows\System\GMsApca.exe
  2⤵
  PID:12804
- C:\Windows\System\TOaIlHW.exe
  C:\Windows\System\TOaIlHW.exe
  2⤵
  PID:12808
- C:\Windows\System\VJIQwLK.exe
  C:\Windows\System\VJIQwLK.exe
  2⤵
  PID:12916
- C:\Windows\System\lWyPPQd.exe
  C:\Windows\System\lWyPPQd.exe
  2⤵
  PID:12980
- C:\Windows\System\FOuGzFK.exe
  C:\Windows\System\FOuGzFK.exe
  2⤵
  PID:12984
- C:\Windows\System\TnWgYPk.exe
  C:\Windows\System\TnWgYPk.exe
  2⤵
  PID:13164
- C:\Windows\System\QYYnRXc.exe
  C:\Windows\System\QYYnRXc.exe
  2⤵
  PID:13304
- C:\Windows\System\MwPwCku.exe
  C:\Windows\System\MwPwCku.exe
  2⤵
  PID:11776
- C:\Windows\System\DZuPqrG.exe
  C:\Windows\System\DZuPqrG.exe
  2⤵
  PID:11732
- C:\Windows\System\SwQHniN.exe
  C:\Windows\System\SwQHniN.exe
  2⤵
  PID:12480
- C:\Windows\System\faHYTjZ.exe
  C:\Windows\System\faHYTjZ.exe
  2⤵
  PID:12404
- C:\Windows\System\vAvAZed.exe
  C:\Windows\System\vAvAZed.exe
  2⤵
  PID:12724
- C:\Windows\System\OqUPKzu.exe
  C:\Windows\System\OqUPKzu.exe
  2⤵
  PID:12932
- C:\Windows\System\GHSlkBC.exe
  C:\Windows\System\GHSlkBC.exe
  2⤵
  PID:13048
- C:\Windows\System\ViIPkLr.exe
  C:\Windows\System\ViIPkLr.exe
  2⤵
  PID:13276
- C:\Windows\System\treDBoD.exe
  C:\Windows\System\treDBoD.exe
  2⤵
  PID:11868
- C:\Windows\System\aeHiIod.exe
  C:\Windows\System\aeHiIod.exe
  2⤵
  PID:12192
- C:\Windows\System\aKqVjSz.exe
  C:\Windows\System\aKqVjSz.exe
  2⤵
  PID:12848
- C:\Windows\System\PBQQOwW.exe
  C:\Windows\System\PBQQOwW.exe
  2⤵
  PID:12736
- C:\Windows\System\YGdZKjN.exe
  C:\Windows\System\YGdZKjN.exe
  2⤵
  PID:13096
- C:\Windows\System\fErVDJk.exe
  C:\Windows\System\fErVDJk.exe
  2⤵
  PID:12368
- C:\Windows\System\FKHKWnC.exe
  C:\Windows\System\FKHKWnC.exe
  2⤵
  PID:13348
- C:\Windows\System\LvghTBP.exe
  C:\Windows\System\LvghTBP.exe
  2⤵
  PID:13380
- C:\Windows\System\LMEpWIi.exe
  C:\Windows\System\LMEpWIi.exe
  2⤵
  PID:13412
- C:\Windows\System\bCWiPVW.exe
  C:\Windows\System\bCWiPVW.exe
  2⤵
  PID:13436
- C:\Windows\System\VMraYYz.exe
  C:\Windows\System\VMraYYz.exe
  2⤵
  PID:13476
- C:\Windows\System\GZGIVYU.exe
  C:\Windows\System\GZGIVYU.exe
  2⤵
  PID:13512
- C:\Windows\System\XtVdcPG.exe
  C:\Windows\System\XtVdcPG.exe
  2⤵
  PID:13532
- C:\Windows\System\IttKyqv.exe
  C:\Windows\System\IttKyqv.exe
  2⤵
  PID:13556
- C:\Windows\System\BCrhDYZ.exe
  C:\Windows\System\BCrhDYZ.exe
  2⤵
  PID:13572
- C:\Windows\System\LKGXQoa.exe
  C:\Windows\System\LKGXQoa.exe
  2⤵
  PID:13616
- C:\Windows\System\zleqLGi.exe
  C:\Windows\System\zleqLGi.exe
  2⤵
  PID:13644
- C:\Windows\System\PirYFGl.exe
  C:\Windows\System\PirYFGl.exe
  2⤵
  PID:13664
- C:\Windows\System\heNyPOk.exe
  C:\Windows\System\heNyPOk.exe
  2⤵
  PID:13708
- C:\Windows\System\LPXvlGd.exe
  C:\Windows\System\LPXvlGd.exe
  2⤵
  PID:13740
- C:\Windows\System\ZcuobiE.exe
  C:\Windows\System\ZcuobiE.exe
  2⤵
  PID:13776
- C:\Windows\System\ekVRpvi.exe
  C:\Windows\System\ekVRpvi.exe
  2⤵
  PID:13800
- C:\Windows\System\tIdyLuz.exe
  C:\Windows\System\tIdyLuz.exe
  2⤵
  PID:13816
- C:\Windows\System\iOWovEa.exe
  C:\Windows\System\iOWovEa.exe
  2⤵
  PID:13836
- C:\Windows\System\MLrJkLr.exe
  C:\Windows\System\MLrJkLr.exe
  2⤵
  PID:13852
- C:\Windows\System\cXEJtNA.exe
  C:\Windows\System\cXEJtNA.exe
  2⤵
  PID:13876
- C:\Windows\System\fEuqlFV.exe
  C:\Windows\System\fEuqlFV.exe
  2⤵
  PID:13928
- C:\Windows\System\HmlwTWP.exe
  C:\Windows\System\HmlwTWP.exe
  2⤵
  PID:13948
- C:\Windows\System\GifGiwg.exe
  C:\Windows\System\GifGiwg.exe
  2⤵
  PID:13972
- C:\Windows\System\jkNjdev.exe
  C:\Windows\System\jkNjdev.exe
  2⤵
  PID:13996
- C:\Windows\System\mdeZqqL.exe
  C:\Windows\System\mdeZqqL.exe
  2⤵
  PID:14020
- C:\Windows\System\cyEHtCm.exe
  C:\Windows\System\cyEHtCm.exe
  2⤵
  PID:14064
- C:\Windows\System\tiSBMUh.exe
  C:\Windows\System\tiSBMUh.exe
  2⤵
  PID:14096
- C:\Windows\System\nanjJDo.exe
  C:\Windows\System\nanjJDo.exe
  2⤵
  PID:14112
- C:\Windows\System\ZbtwHvQ.exe
  C:\Windows\System\ZbtwHvQ.exe
  2⤵
  PID:14136
- C:\Windows\System\NLdpRYD.exe
  C:\Windows\System\NLdpRYD.exe
  2⤵
  PID:14156
- C:\Windows\System\GMzVNNe.exe
  C:\Windows\System\GMzVNNe.exe
  2⤵
  PID:14176
- C:\Windows\System\eNiEMaA.exe
  C:\Windows\System\eNiEMaA.exe
  2⤵
  PID:14204
- C:\Windows\System\xPGSTyf.exe
  C:\Windows\System\xPGSTyf.exe
  2⤵
  PID:14224
- C:\Windows\System\CDcIpUm.exe
  C:\Windows\System\CDcIpUm.exe
  2⤵
  PID:14256
- C:\Windows\System\UoEakse.exe
  C:\Windows\System\UoEakse.exe
  2⤵
  PID:14272
- C:\Windows\System\jpYFWkT.exe
  C:\Windows\System\jpYFWkT.exe
  2⤵
  PID:14304
- C:\Windows\System\ggYRDQV.exe
  C:\Windows\System\ggYRDQV.exe
  2⤵
  PID:14332
- C:\Windows\System\XFHWIXu.exe
  C:\Windows\System\XFHWIXu.exe
  2⤵
  PID:13324
- C:\Windows\System\VtzSxcj.exe
  C:\Windows\System\VtzSxcj.exe
  2⤵
  PID:13332
- C:\Windows\System\oIqFVfo.exe
  C:\Windows\System\oIqFVfo.exe
  2⤵
  PID:13460
- C:\Windows\System\iOCJTHN.exe
  C:\Windows\System\iOCJTHN.exe
  2⤵
  PID:13500
- C:\Windows\System\qicuUCt.exe
  C:\Windows\System\qicuUCt.exe
  2⤵
  PID:13584
- C:\Windows\System\DeEyMEa.exe
  C:\Windows\System\DeEyMEa.exe
  2⤵
  PID:13632
- C:\Windows\System\bMciGAG.exe
  C:\Windows\System\bMciGAG.exe
  2⤵
  PID:13700
- C:\Windows\System\dfEoUCp.exe
  C:\Windows\System\dfEoUCp.exe
  2⤵
  PID:13764
- C:\Windows\System\DlxNgKy.exe
  C:\Windows\System\DlxNgKy.exe
  2⤵
  PID:13844
- C:\Windows\System\bPIakWN.exe
  C:\Windows\System\bPIakWN.exe
  2⤵
  PID:13868
- C:\Windows\System\PJASuDS.exe
  C:\Windows\System\PJASuDS.exe
  2⤵
  PID:13944
- C:\Windows\System\JgnOWsT.exe
  C:\Windows\System\JgnOWsT.exe
  2⤵
  PID:14008
- C:\Windows\System\uOIIOUB.exe
  C:\Windows\System\uOIIOUB.exe
  2⤵
  PID:14132
- C:\Windows\System\BdUNfFc.exe
  C:\Windows\System\BdUNfFc.exe
  2⤵
  PID:13340
- C:\Windows\System\ZMSuCqV.exe
  C:\Windows\System\ZMSuCqV.exe
  2⤵
  PID:14312
- C:\Windows\System\UQVtvxp.exe
  C:\Windows\System\UQVtvxp.exe
  2⤵
  PID:13404
- C:\Windows\System\kFMAXVa.exe
  C:\Windows\System\kFMAXVa.exe
  2⤵
  PID:13544
- C:\Windows\System\vnBGFtl.exe
  C:\Windows\System\vnBGFtl.exe
  2⤵
  PID:13824
- C:\Windows\System\ChfyEtg.exe
  C:\Windows\System\ChfyEtg.exe
  2⤵
  PID:13936
- C:\Windows\System\flnQjPf.exe
  C:\Windows\System\flnQjPf.exe
  2⤵
  PID:14028
- C:\Windows\System\IMCBXQC.exe
  C:\Windows\System\IMCBXQC.exe
  2⤵
  PID:14296
- C:\Windows\System\fyIFMZp.exe
  C:\Windows\System\fyIFMZp.exe
  2⤵
  PID:13564
- C:\Windows\System\miPIboL.exe
  C:\Windows\System\miPIboL.exe
  2⤵
  PID:13864
- C:\Windows\System\YeMZEaU.exe
  C:\Windows\System\YeMZEaU.exe
  2⤵
  PID:13920
- C:\Windows\System\XMrImWS.exe
  C:\Windows\System\XMrImWS.exe
  2⤵
  PID:14212
- C:\Windows\System\tiqJYYD.exe
  C:\Windows\System\tiqJYYD.exe
  2⤵
  PID:14360
- C:\Windows\System\nLLbLXx.exe
  C:\Windows\System\nLLbLXx.exe
  2⤵
  PID:14376

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ALzSpaN.exe

Filesize
1.3MB

MD5
4903514d9aa51182987e6fc840300b76

SHA1
15adac53fc767f38df440e811f11bd2267e76699

SHA256
269d1b062fabe4422554193b7463c0b3c19446322342512c6db189d564a19f03

SHA512
42e6f523823d7f498507074e85e066751a4ef218b0ea2884ee0751fe8eaee025623dfd1eee188311465a4a1355f49fabf768b2bdbb1900fbe1d0f78be114a5df

Download Submit
C:\Windows\System\AQUiKfv.exe

Filesize
1.4MB

MD5
2986dc44e1086850b85e204108cf26f9

SHA1
698a046c7047c6a5f35cdfa127ff1a69bf7f7c68

SHA256
c6631ce094bae5e3b8290c630ba5448d86527d97a4884a23e227116d7ca51767

SHA512
9ff0f2a8fc284b12d60fc719fa56dae5d5bfbe3a058dd5cc81afb1b035c449f45333422a41b60dc042077ff9097945deaecb9b44ba1381d8f48a492830aad95c

Download Submit
C:\Windows\System\BCTdwWm.exe

Filesize
1.3MB

MD5
f546ceb659fde7c04c8e9135f5000526

SHA1
e5b2f0b3268e68547e5f26e0b0d495c8a1e34022

SHA256
d61a2557121958a2a66dde526d96dc566990cbf803802150ada2405afa13b613

SHA512
1fb3a064a69b36d71a893565388e2950e5110aef1d04a318b138ddb2cbc74e8b22a7727331bb93584b976dc68c17059db922af71a05c021209220718e6c6722f

Download Submit
C:\Windows\System\CLGqdEj.exe

Filesize
1.3MB

MD5
1e0c28c08590462e996fe39c34084615

SHA1
17e2c8a0127d50e52c2d79f7e5bea35d4a359073

SHA256
09bd80b44657eae484ec0f7508edab77662d9c418dc6cf4729146cf0875e7f49

SHA512
917a75e9e7d8e64f0870052f67f9362f52789fd3fcfda2a1e9b825fd13a3cc59dbbbf092cf3a04bce1705936e875a7b242d2235368968c08fe0dda0e2b5c0c7f

Download Submit
C:\Windows\System\EdgDuQt.exe

Filesize
1.4MB

MD5
9aaaa54e31c7a9c80a6cc1f0046e41ad

SHA1
081018381ca86c2c9be67792cb189cc01ac72da6

SHA256
a782c5a3de2ae0f4e5c90677d3c6301b9b46f335d1c0647591b7c3d0fa769692

SHA512
876f596ae3aa24b21af7a572f576d4110af1e642c076fe6b317f4d8daebecab10f1bf815346292dde0e61fe73ba89161f2cc46d5ac6674dfc59385e3df2c60a8

Download Submit
C:\Windows\System\ExkNTUR.exe

Filesize
1.3MB

MD5
59cb9b268523217bddf9d49ace4110c3

SHA1
435f0419759a0902371e757e417446a896cb2968

SHA256
c5067b9b16b96506055ea7c9b11177685c0f0d29aa67222a224443ad34187ef5

SHA512
8a8cce2c8fdf04b77f45d73c159f78e36f2b90f2b97916fd93f8be30bbc0b77ff4c92821356c8508bd9a8ab2680dc851d811e3be9f30ef2d73a97ff5ba5892c8

Download Submit
C:\Windows\System\FfJZZNC.exe

Filesize
1.4MB

MD5
80ace1fef412be68b7ddc87e7bd8ee7c

SHA1
14949e9e244db91b4aab3bc77ce6a516a9ce0323

SHA256
99e52523c7986c84e33f52d0f474114b29b3ca74227c13a3d16a2715fa187c6a

SHA512
39af5385d2986e4aaf3a0e235fa419ec6dcc56f666a72fa4aed9d99561d77c9678d1ba9ed262300e25b69ff0bb2d2517beee06dcd06e6877280eec256d0cd1bd

Download Submit
C:\Windows\System\GBIyXdn.exe

Filesize
1.3MB

MD5
d7d5ca5ace600b45d693b2e9e47092e5

SHA1
659f0c67987d6315ee84ccb3215d733827076bf8

SHA256
75f81e6303d34d9d2983c38a081638c18b017ce31bb9253f1ce2ef5801a051ca

SHA512
86c2261959b2c1fab3cda34a87fe4ef42bae4ad083ca4187bf68517c1aceb407748e0610d0ab46e97a2cfcad500f2c6a5704dd4c07957750ed0d62f7310bcd10

Download Submit
C:\Windows\System\KDlrINz.exe

Filesize
1.3MB

MD5
e1cee08a8ff2b23a36d3e8ff09431286

SHA1
30b1838f3fc5007b3c4db385fd13140d62758319

SHA256
4f4ff5c35b57b56561768b82e2f4ad08c0a197448ad74b97bcd7c02c1811668c

SHA512
f7d45efaa8a326908aa833116ab7a4348fd42c0296f4978f4df47106da6b2b976e9561d4a0e5a445587dec0c083a7f44aa9e41187af27d2be29a5fa8f122a793

Download Submit
C:\Windows\System\KzGPDVS.exe

Filesize
1.3MB

MD5
f7482ac25d0fb0f45790af14e60ba155

SHA1
606aba03685ed9b783f87f6d83637f638e5fbef4

SHA256
40e173e477c6dacf82fb5622c9899ba0ac2873fea906ef6f3bd53b93a10b23dd

SHA512
5f597cd8e107b988888ab52ec720eb470ad441c0faba9fd0f2c11901cb62084a1939b044a7200d31f8614d2906b6a24d23ae3104808bd1fa0c8fe4807ef76407

Download Submit
C:\Windows\System\MrTUROp.exe

Filesize
1.3MB

MD5
31126cd712fa2d1096450dbfe681ff64

SHA1
52fcb0051e554930c0c93a23aae49c85d8b7e28e

SHA256
8b8b096e37246607fd07bf23d1f148a898b43a2fd79f04431310a0810ab46e3f

SHA512
8e484f520507e0164e427a5371ba201b59026880e5860bf0993acfe288e24a61209b6bd18ae498d1cb66b324dcb2568b0e7faa6e4b30573934524b96850ab458

Download Submit
C:\Windows\System\NlwCLAF.exe

Filesize
1.3MB

MD5
154a1e22a906193c4a8618958c93ce34

SHA1
49ac51c32bd3a8a077ec9952982efe7a93ed8fc3

SHA256
2dc9f9c40007cbc7ba12cafe7babdffaecad1fbbe204c71134046ed00ecb8c9c

SHA512
cac49adf06ba598413307431cf8fa43a3d3cd973bfe06d08a4b51313e890ba0a4bd4a5a94f56fe6a08c31fea5276045a9d9875be6c43dfdf53f9232bc2baefff

Download Submit
C:\Windows\System\PbCWgBl.exe

Filesize
1.3MB

MD5
42c68f115664bf19b6450f4d94fe14f9

SHA1
ce41646907f25a27abd012075f0e10ce63cf9a79

SHA256
f67b08374b8480889d17077fe54bb6964961b8aab3d67c8181d9071970569d6b

SHA512
443ef96c7199804405dbf3e7db4358e286ba68227abacb4485d7156be231c437bc31d55785be9b20b3ce917ca7e9169873b6a014ff7256a5f2b65e614994d222

Download Submit
C:\Windows\System\QPolLuE.exe

Filesize
1.3MB

MD5
6bd047f76bd983dbf7d17bdfc6d1142d

SHA1
958ce4c681fa6cb737cb7ff9e06ac9d7b8cb9e02

SHA256
0593271da25d1f5a5ed3ecbba0c412ce51fb5630ffd2db2c86678b57fdd2f341

SHA512
5aa821f04692f6e69439f1f8d5a2ef4506beae68136692c936ff903c01bd8c8fd4d74937fc9fc365949f047b9cf192d7ab6d8d4b11ddcecc45d61b7af21948bf

Download Submit
C:\Windows\System\SuPLjoM.exe

Filesize
1.4MB

MD5
7de6f96471da235064679f8fae2731bb

SHA1
0e668cf76ba9e3a9b3f70073fa3647b283bcad4b

SHA256
62b7fc2b5a582c38e7419967b2b1a8942af3011b48d50177ec53badde14c7620

SHA512
32b4516d0a5c130911ff3eed1a0a7716bea0c37d5c0b61423801f231b6d12c38232aa131674119753c3573e899a612119b6bf9c8f59ec0467f5f34f6a2ff8dab

Download Submit
C:\Windows\System\TQIexey.exe

Filesize
1.3MB

MD5
7b7dfbbe8efac997c5e009991d12d5e0

SHA1
7d0efa1b287de2ad78e867001dfdadbef9fe0e8a

SHA256
fc6b80d3a3033010f6b8ac52272e185caee38e386ebfb288e153a4ba9d5f07b3

SHA512
465f7a92ddb61bdd9ddc83fe4ccdd21ad6fea58d10a7ba1fe571f6ca7b5525192bbbdcea5eca4f1e1d537e566fe3e80b7d06d1d80790a909a120b9e3008ba54c

Download Submit
C:\Windows\System\VuDzydT.exe

Filesize
1.3MB

MD5
06363282834f8e4ba9fa51bcb80fcc0f

SHA1
f6142f365f0007a5d311ec3bcd28d73cfd0ada8e

SHA256
0ae965dee8348f518a3a05b25e7fd6b426c65a8f04a39f3e096f81cca64f0a6d

SHA512
662547177f4803f080310428e3136724e3b0e4395d0e22cb3e2f0eb3e3de3d5ad56ca998886bf68f12b9437012bec9592c85741afc015eaf1fd25aed0ed7a26d

Download Submit
C:\Windows\System\WCpCjWc.exe

Filesize
1.4MB

MD5
e589ac0c0886984bfcfb48d9964b9113

SHA1
f656cf5a7957822f4e396a88e58b9fdc9257890f

SHA256
a0948fa1aad4d99de7eccb24552ca4e87054a69396a53a0bc6335276d6c4f415

SHA512
7d21da9d455e03479f7825da3e5d1fb9a9d74db63dee210e577689c2f75a038094c3da00d65578d611c0b58251555f58bfc9a624ddec4f02cba7604ca9d213a5

Download Submit
C:\Windows\System\ajKdQmD.exe

Filesize
1.4MB

MD5
8add240fbdb00646bb23de40b255c585

SHA1
ae58e8705172506f9a162aff976977307599fa2c

SHA256
41ff0927b40baf42864620b72998edc30aa51c74665289f80fc0f649bb2a8224

SHA512
0278fecbb74740c22fe484769ef0c51610acc5c787472dbe2120fd1331c10a4539c0cf581cbb7654a6ce9f6d64b7196d39d6fbc29c250ea23dbc0b50352514c6

Download Submit
C:\Windows\System\cCPwRLa.exe

Filesize
1.3MB

MD5
64704b2ad3480b82095dda37507c0c40

SHA1
930e22f6617caf3d9245fe42199bc30142b9f51e

SHA256
84f7163e70ff12496b65cfffc41b3503baa45eb3b9fceef5614458c1d5e2a9cb

SHA512
2e0edce780da2a202fbbb092e9ca3896b6453baa3bea3b14d0efabddcb69cb7949b5c7ce82530ca0da00e2010b2ce8718e6701da788c1afe097d6ba43fb33076

Download Submit
C:\Windows\System\mZXZYlG.exe

Filesize
1.4MB

MD5
069a8ed6a86530d5363c2c3ebbdfc812

SHA1
5f3c06aa2d468da3bfb3fdefb21473095daf4adc

SHA256
5f7556125ea26a3a5ceb05f9feec984631f555d75292eae3f17a50a4c3123ec5

SHA512
2794be460572cf75cf29b7c04dd48ef704f86d16dc1c59a238ef404f0bc19ce7346474492d0e2fddc8bdab3712a8993dae91e43a78c697877b5b0f71cb4b227f

Download Submit
C:\Windows\System\nVcbvfI.exe

Filesize
1.4MB

MD5
fdd3ceab1b8c3500c7c9adef8d6500cb

SHA1
0370335f275bc8b6f72fcf4a301247234a182d89

SHA256
b377f7da78d1ef0158340f0d61699711294e5f3f5d32f66e6922027f1496385b

SHA512
2d3081ca17240bf9d87f05d213480e67330d7056ea37613cc711518ce8b01b6a016549ef273b1ad8c380a99754faa771e0e926e7b9b88e3a12a87ec4c63b1488

Download Submit
C:\Windows\System\nsIYyDS.exe

Filesize
1.3MB

MD5
2d1950f983e62ed8fb294f4218ce5f90

SHA1
3eea63e86b58750966b3b510bcbe1f47b3f60e9f

SHA256
c02e45e56111dcb13c548a0f58c15e8df0ec3b1a9446ebca8595c0f23667000d

SHA512
211efafead97f2b4e8bd7017a05231152198455470b139c9bb9e37656e1337314039bb346538230ce1d6433f7fd4a9580c4bdd1af2a7b3681171a8c58262ad78

Download Submit
C:\Windows\System\ourdriY.exe

Filesize
1.3MB

MD5
79f813d7cb0f54e053c1d3b705fcc102

SHA1
ae2b882f225898ff1815f7096153a2ba5e9fa6d3

SHA256
89591ff60fcae5c1ef38379e0413c596a1532202d3c4ed7a6d856d49cb760bd8

SHA512
77a836e34765efe44110e866469d90570ca39dde8c1869aa36c80056941060afee26402b88eef23de0897312994daf9f7fa87c7a77bfcf24b2fc8ffb75bf08ee

Download Submit
C:\Windows\System\oxOVyWH.exe

Filesize
1.3MB

MD5
b75787edde431f36688f40143ae31dca

SHA1
4147a031fa020c8d5fde1113005292db346c11f8

SHA256
e3c1779a2d349bfe5d671ac67241ad22ecb5c2c7796f0e1cf033fdc2ed956321

SHA512
da6922819f2ec9d8813096e5c332155596a486accacade27dcf698bbffa1d9b356c1856aeb4941d7e5343a882b2b952aba556970e5fb69f2ac120191ddebde91

Download Submit
C:\Windows\System\puNhlLj.exe

Filesize
1.3MB

MD5
ed795324e7211dc73c137130494b9d38

SHA1
e49d9a9277e5dbcdb637655a6224a1f6fea83ce6

SHA256
6d4a13bdc267e71918c95ffaecb2f47627ac258f164bb4b2b161ed78a2db1fbc

SHA512
6b75b99e78ebd94c6bb9770fa7817e2da07ba8dd1c86e84688c93d0cc3c20c14147fb903069128c53ad37caa4122793ed8bd379919568b2227f4d73754cfba11

Download Submit
C:\Windows\System\saMppGL.exe

Filesize
1.3MB

MD5
38a3330e64788947086a7c0e0a476fcf

SHA1
2ecb79b16ac080129ed76a926222765170153080

SHA256
6dfd569df8c68690a86f0550b91207e6705304171c9951b4ea40179a082c8f3f

SHA512
2c26badb17d847b4bf0f2ec710885b98af8a2ecada81e85284280e06bbb7da828853bbfe5de169c1310300c2586e6f790147280c77eded6d4aeea722176f307d

Download Submit
C:\Windows\System\wxcvWai.exe

Filesize
1.3MB

MD5
eaebdad6d08c0f2995adb897363c0b41

SHA1
8bfbb0cadcffab2914171a1454465cf9dc8d0d80

SHA256
827d731aaa9efeb711ec9729b2d4c3b056b75126adf8870e0023cc307721bf9b

SHA512
8f5dfb32ee154740f8ce598b38c10a07285ed583cc5e4a1218ae90039bf80d42fa2f6625eb236ec9bd076c08794d2eb7c64b7d48b9ddf683a14b6d1d81a539fa

Download Submit
C:\Windows\System\xEJqtPd.exe

Filesize
1.3MB

MD5
4494e84dc59e70871b13f766da126657

SHA1
14c68977bfcc7765e285df07b1c4c112f1bf2a56

SHA256
c4b4729cdf0e8a06eb697d9728917d13408a95d189306a46079ed49db80f2529

SHA512
844794acb0d67b642b9a8823cbadcfa502524fa54147f3b673c54aa60d3ac15dc92de2e3f327cb885fdcdcdc31efb5e3c0ac7187e017ef18befa7932f48a4e43

Download Submit
C:\Windows\System\xLLxUMB.exe

Filesize
1.4MB

MD5
9f2b3060786c7193cd5fc3279c03f2e1

SHA1
08872609c29a75a1078c00e35562dbfc198a37d3

SHA256
f15b8ea84ee1fdd55aa989eaff2c7aa3300d48269f25cfd3c84e3fab18c37dff

SHA512
231915e70d887ba57e74fea92387e975ed84190ee14f30c9839f2b15e11693f78b2bdad8097987d3dd97eaaab88c05950f2936ea2a161d7a1543a1b315ab9d72

Download Submit
C:\Windows\System\yjkPqoQ.exe

Filesize
1.3MB

MD5
f94017184b318196c434d917ed6cf021

SHA1
73f266dbe2fa7f0648eb5ca366cb201635276b02

SHA256
c37baad5194f1bd419e46051d1bef62e6926692868851fc86eaec85042016caf

SHA512
14435481095fab0652194b9a30495e4e6ed66d3bbb0c01e234cd074a22e4e8dc9f027f93e6c41c1f3ebe997a55ffc24d92bd064d70d21b317d016e43d0bc447d

Download Submit
C:\Windows\System\ymWtbHd.exe

Filesize
1.3MB

MD5
c65ae116c86a3c339befa277d96ff850

SHA1
adb23d87c7550199471f7383e973622efacab885

SHA256
f96626961ce1e4f6e60d06543902c09957d9e3312ad63be765e5b28d41f319f8

SHA512
2b242c896aef956b2ee03bf0fcbaa5a19bcd3ab556cef11a869a6608b090dd5452f9be102520e03955e4c1cecad8e69771e4fbdf85044356559aebce480d7275

Download Submit
C:\Windows\System\zglncaa.exe

Filesize
1.3MB

MD5
9f5af20391ed96168ce8205157e19a2b

SHA1
60253f3a43a24aea4443e81bb5fcda62ea42e0e9

SHA256
119332811771f26bd52c16e67743c8daa165dab852c8ebc2816b52164d3bb277

SHA512
e0f687f1b8a857c1893b2fbe70674e67b6ee76bec6a95ffc340536a4ed9404ee6710582520f2419aff930d150bbf07c6eea63f57768dc36eadf8e3fbd11d4086

Download Submit
memory/8-2320-0x00007FF645910000-0x00007FF645C61000-memory.dmp

Filesize
3.3MB

Download
memory/8-422-0x00007FF645910000-0x00007FF645C61000-memory.dmp

Filesize
3.3MB

Download
memory/408-2186-0x00007FF6913D0000-0x00007FF691721000-memory.dmp

Filesize
3.3MB

Download
memory/408-2273-0x00007FF6913D0000-0x00007FF691721000-memory.dmp

Filesize
3.3MB

Download
memory/408-50-0x00007FF6913D0000-0x00007FF691721000-memory.dmp

Filesize
3.3MB

Download
memory/544-2287-0x00007FF7E93B0000-0x00007FF7E9701000-memory.dmp

Filesize
3.3MB

Download
memory/544-85-0x00007FF7E93B0000-0x00007FF7E9701000-memory.dmp

Filesize
3.3MB

Download
memory/852-2221-0x00007FF74A3C0000-0x00007FF74A711000-memory.dmp

Filesize
3.3MB

Download
memory/852-2281-0x00007FF74A3C0000-0x00007FF74A711000-memory.dmp

Filesize
3.3MB

Download
memory/852-79-0x00007FF74A3C0000-0x00007FF74A711000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2269-0x00007FF735C30000-0x00007FF735F81000-memory.dmp

Filesize
3.3MB

Download
memory/1004-21-0x00007FF735C30000-0x00007FF735F81000-memory.dmp

Filesize
3.3MB

Download
memory/1004-993-0x00007FF735C30000-0x00007FF735F81000-memory.dmp

Filesize
3.3MB

Download
memory/1848-19-0x00007FF602CC0000-0x00007FF603011000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2263-0x00007FF602CC0000-0x00007FF603011000-memory.dmp

Filesize
3.3MB

Download
memory/1876-2315-0x00007FF6E1760000-0x00007FF6E1AB1000-memory.dmp

Filesize
3.3MB

Download
memory/1876-423-0x00007FF6E1760000-0x00007FF6E1AB1000-memory.dmp

Filesize
3.3MB

Download
memory/1952-395-0x00007FF6E7E20000-0x00007FF6E8171000-memory.dmp

Filesize
3.3MB

Download
memory/1952-2301-0x00007FF6E7E20000-0x00007FF6E8171000-memory.dmp

Filesize
3.3MB

Download
memory/2080-14-0x00007FF69EE80000-0x00007FF69F1D1000-memory.dmp

Filesize
3.3MB

Download
memory/2080-109-0x00007FF69EE80000-0x00007FF69F1D1000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2265-0x00007FF69EE80000-0x00007FF69F1D1000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2279-0x00007FF614020000-0x00007FF614371000-memory.dmp

Filesize
3.3MB

Download
memory/2216-68-0x00007FF614020000-0x00007FF614371000-memory.dmp

Filesize
3.3MB

Download
memory/2340-0-0x00007FF61E090000-0x00007FF61E3E1000-memory.dmp

Filesize
3.3MB

Download
memory/2340-102-0x00007FF61E090000-0x00007FF61E3E1000-memory.dmp

Filesize
3.3MB

Download
memory/2340-1-0x000001C3EF9B0000-0x000001C3EF9C0000-memory.dmp

Filesize
64KB

Download
memory/2564-2267-0x00007FF6486D0000-0x00007FF648A21000-memory.dmp

Filesize
3.3MB

Download
memory/2564-23-0x00007FF6486D0000-0x00007FF648A21000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1000-0x00007FF6486D0000-0x00007FF648A21000-memory.dmp

Filesize
3.3MB

Download
memory/2956-416-0x00007FF77A6D0000-0x00007FF77AA21000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2313-0x00007FF77A6D0000-0x00007FF77AA21000-memory.dmp

Filesize
3.3MB

Download
memory/3144-110-0x00007FF744160000-0x00007FF7444B1000-memory.dmp

Filesize
3.3MB

Download
memory/3144-2295-0x00007FF744160000-0x00007FF7444B1000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2224-0x00007FF6A6FA0000-0x00007FF6A72F1000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2293-0x00007FF6A6FA0000-0x00007FF6A72F1000-memory.dmp

Filesize
3.3MB

Download
memory/3216-101-0x00007FF6A6FA0000-0x00007FF6A72F1000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2275-0x00007FF6FE290000-0x00007FF6FE5E1000-memory.dmp

Filesize
3.3MB

Download
memory/3424-55-0x00007FF6FE290000-0x00007FF6FE5E1000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2187-0x00007FF6FE290000-0x00007FF6FE5E1000-memory.dmp

Filesize
3.3MB

Download
memory/3880-2311-0x00007FF7C6850000-0x00007FF7C6BA1000-memory.dmp

Filesize
3.3MB

Download
memory/3880-420-0x00007FF7C6850000-0x00007FF7C6BA1000-memory.dmp

Filesize
3.3MB

Download
memory/3996-421-0x00007FF672450000-0x00007FF6727A1000-memory.dmp

Filesize
3.3MB

Download
memory/3996-2317-0x00007FF672450000-0x00007FF6727A1000-memory.dmp

Filesize
3.3MB

Download
memory/4020-95-0x00007FF719610000-0x00007FF719961000-memory.dmp

Filesize
3.3MB

Download
memory/4020-2222-0x00007FF719610000-0x00007FF719961000-memory.dmp

Filesize
3.3MB

Download
memory/4020-2291-0x00007FF719610000-0x00007FF719961000-memory.dmp

Filesize
3.3MB

Download
memory/4052-2277-0x00007FF73B7C0000-0x00007FF73BB11000-memory.dmp

Filesize
3.3MB

Download
memory/4052-69-0x00007FF73B7C0000-0x00007FF73BB11000-memory.dmp

Filesize
3.3MB

Download
memory/4296-2188-0x00007FF6BB280000-0x00007FF6BB5D1000-memory.dmp

Filesize
3.3MB

Download
memory/4296-61-0x00007FF6BB280000-0x00007FF6BB5D1000-memory.dmp

Filesize
3.3MB

Download
memory/4296-2283-0x00007FF6BB280000-0x00007FF6BB5D1000-memory.dmp

Filesize
3.3MB

Download
memory/4324-2303-0x00007FF7C2D10000-0x00007FF7C3061000-memory.dmp

Filesize
3.3MB

Download
memory/4324-402-0x00007FF7C2D10000-0x00007FF7C3061000-memory.dmp

Filesize
3.3MB

Download
memory/4412-415-0x00007FF6D03A0000-0x00007FF6D06F1000-memory.dmp

Filesize
3.3MB

Download
memory/4412-2307-0x00007FF6D03A0000-0x00007FF6D06F1000-memory.dmp

Filesize
3.3MB

Download
memory/4676-2185-0x00007FF7D12B0000-0x00007FF7D1601000-memory.dmp

Filesize
3.3MB

Download
memory/4676-30-0x00007FF7D12B0000-0x00007FF7D1601000-memory.dmp

Filesize
3.3MB

Download
memory/4676-2271-0x00007FF7D12B0000-0x00007FF7D1601000-memory.dmp

Filesize
3.3MB

Download
memory/4780-389-0x00007FF63D830000-0x00007FF63DB81000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2297-0x00007FF63D830000-0x00007FF63DB81000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2309-0x00007FF6D13B0000-0x00007FF6D1701000-memory.dmp

Filesize
3.3MB

Download
memory/4800-412-0x00007FF6D13B0000-0x00007FF6D1701000-memory.dmp

Filesize
3.3MB

Download
memory/4860-2223-0x00007FF745120000-0x00007FF745471000-memory.dmp

Filesize
3.3MB

Download
memory/4860-88-0x00007FF745120000-0x00007FF745471000-memory.dmp

Filesize
3.3MB

Download
memory/4860-2289-0x00007FF745120000-0x00007FF745471000-memory.dmp

Filesize
3.3MB

Download
memory/4872-84-0x00007FF6DB680000-0x00007FF6DB9D1000-memory.dmp

Filesize
3.3MB

Download
memory/4872-2285-0x00007FF6DB680000-0x00007FF6DB9D1000-memory.dmp

Filesize
3.3MB

Download
memory/4908-397-0x00007FF621D20000-0x00007FF622071000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2299-0x00007FF621D20000-0x00007FF622071000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2305-0x00007FF710F20000-0x00007FF711271000-memory.dmp

Filesize
3.3MB

Download
memory/4980-409-0x00007FF710F20000-0x00007FF711271000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads