xmrig | 45dddec4b27e146c710988a444d12afb06555c729dc6f4a888d07f4087effd1b

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
Size

2.6MB
MD5

e6a4936c57b2677ca7fdd8cc1db4fdb0
SHA1

5da824b28f5fe026b3da6229c57a28f9d904600a
SHA256

45dddec4b27e146c710988a444d12afb06555c729dc6f4a888d07f4087effd1b
SHA512

3da0018708b4af60102a1793283607dfbc35c996940e57f6466572d81d7c032b6fac70c795c061c09adcf0f64923cf49117bd4a06bf72d2941ef21acc131e084
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Aj4k3SJCavKM1W7FJyCx7:BemTLkNdfE0pZr6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5060-0-0x00007FF6995A0000-0x00007FF6998F4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023405-5.dat	xmrig
behavioral2/memory/1748-12-0x00007FF6482F0000-0x00007FF648644000-memory.dmp	xmrig
behavioral2/files/0x000800000002343a-15.dat	xmrig
behavioral2/files/0x000700000002343e-27.dat	xmrig
behavioral2/files/0x000700000002343b-18.dat	xmrig
behavioral2/files/0x000700000002343f-28.dat	xmrig
behavioral2/files/0x000700000002343d-26.dat	xmrig
behavioral2/files/0x000700000002343c-23.dat	xmrig
behavioral2/files/0x0007000000023444-66.dat	xmrig
behavioral2/files/0x000700000002344b-97.dat	xmrig
behavioral2/files/0x0007000000023450-115.dat	xmrig
behavioral2/memory/676-130-0x00007FF6F46B0000-0x00007FF6F4A04000-memory.dmp	xmrig
behavioral2/memory/3636-147-0x00007FF717360000-0x00007FF7176B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023454-167.dat	xmrig
behavioral2/memory/2352-182-0x00007FF7E4BC0000-0x00007FF7E4F14000-memory.dmp	xmrig
behavioral2/memory/4516-188-0x00007FF68CC30000-0x00007FF68CF84000-memory.dmp	xmrig
behavioral2/memory/2456-194-0x00007FF60DB40000-0x00007FF60DE94000-memory.dmp	xmrig
behavioral2/memory/4496-199-0x00007FF6DC950000-0x00007FF6DCCA4000-memory.dmp	xmrig
behavioral2/memory/1220-198-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp	xmrig
behavioral2/memory/2084-197-0x00007FF7118D0000-0x00007FF711C24000-memory.dmp	xmrig
behavioral2/memory/4824-196-0x00007FF6BFB60000-0x00007FF6BFEB4000-memory.dmp	xmrig
behavioral2/memory/3544-195-0x00007FF7404D0000-0x00007FF740824000-memory.dmp	xmrig
behavioral2/memory/1668-193-0x00007FF7F5390000-0x00007FF7F56E4000-memory.dmp	xmrig
behavioral2/memory/4156-192-0x00007FF6B5360000-0x00007FF6B56B4000-memory.dmp	xmrig
behavioral2/memory/3328-191-0x00007FF7C6AB0000-0x00007FF7C6E04000-memory.dmp	xmrig
behavioral2/memory/4500-190-0x00007FF6948E0000-0x00007FF694C34000-memory.dmp	xmrig
behavioral2/memory/4756-189-0x00007FF688F40000-0x00007FF689294000-memory.dmp	xmrig
behavioral2/memory/4520-187-0x00007FF704840000-0x00007FF704B94000-memory.dmp	xmrig
behavioral2/memory/3164-186-0x00007FF750A50000-0x00007FF750DA4000-memory.dmp	xmrig
behavioral2/memory/2228-179-0x00007FF6AF9B0000-0x00007FF6AFD04000-memory.dmp	xmrig
behavioral2/files/0x000a000000023415-177.dat	xmrig
behavioral2/files/0x0007000000023455-175.dat	xmrig
behavioral2/files/0x0007000000023458-173.dat	xmrig
behavioral2/files/0x0007000000023459-172.dat	xmrig
behavioral2/memory/2912-170-0x00007FF6BC890000-0x00007FF6BCBE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023452-163.dat	xmrig
behavioral2/files/0x000700000002344f-161.dat	xmrig
behavioral2/files/0x000700000002344e-159.dat	xmrig
behavioral2/files/0x0007000000023451-155.dat	xmrig
behavioral2/files/0x0007000000023457-154.dat	xmrig
behavioral2/files/0x0007000000023456-153.dat	xmrig
behavioral2/memory/2464-148-0x00007FF789F20000-0x00007FF78A274000-memory.dmp	xmrig
behavioral2/files/0x000700000002344d-141.dat	xmrig
behavioral2/files/0x0007000000023449-138.dat	xmrig
behavioral2/files/0x000700000002344c-135.dat	xmrig
behavioral2/files/0x0007000000023453-143.dat	xmrig
behavioral2/files/0x000700000002344a-125.dat	xmrig
behavioral2/files/0x0007000000023446-121.dat	xmrig
behavioral2/memory/4984-116-0x00007FF730290000-0x00007FF7305E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023447-113.dat	xmrig
behavioral2/memory/1448-110-0x00007FF7954B0000-0x00007FF795804000-memory.dmp	xmrig
behavioral2/files/0x0007000000023445-106.dat	xmrig
behavioral2/files/0x0007000000023448-119.dat	xmrig
behavioral2/memory/2800-91-0x00007FF7DDA20000-0x00007FF7DDD74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023443-89.dat	xmrig
behavioral2/files/0x0007000000023442-87.dat	xmrig
behavioral2/files/0x0007000000023441-74.dat	xmrig
behavioral2/memory/2480-72-0x00007FF6680E0000-0x00007FF668434000-memory.dmp	xmrig
behavioral2/memory/4684-70-0x00007FF6B2390000-0x00007FF6B26E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-61.dat	xmrig
behavioral2/memory/1084-58-0x00007FF63C350000-0x00007FF63C6A4000-memory.dmp	xmrig
behavioral2/memory/2008-43-0x00007FF67D290000-0x00007FF67D5E4000-memory.dmp	xmrig
behavioral2/memory/2424-35-0x00007FF6601D0000-0x00007FF660524000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1748	MXaGeTe.exe
2424	VYoBZvN.exe
2008	EpNmVTl.exe
1084	gUXxhCy.exe
3328	sIMQDJY.exe
4684	sjcrzVj.exe
2480	nevRFoC.exe
4156	WPiRkNr.exe
1668	TMubMHi.exe
2800	TmndHBE.exe
1448	jBjjAnB.exe
4984	ZFWlAyf.exe
2456	NCTKPlf.exe
3544	VVPAuRg.exe
676	BvrzeaN.exe
3636	aIvoCFS.exe
2464	pTsbdtS.exe
4824	wphSLES.exe
2912	NVbGmgQ.exe
2228	OYaaecu.exe
2352	RcKnOcw.exe
3164	OfEABRR.exe
4520	qletsSb.exe
2084	JewQhNa.exe
1220	zyhHiGM.exe
4516	GtKPRtr.exe
4756	toKCEfe.exe
4500	dHVmxkL.exe
4496	fQWLedm.exe
4580	qeLaRqp.exe
4940	ogVXFjj.exe
1972	smZRqxa.exe
4404	yvxiSFb.exe
4780	ZJXnTrs.exe
916	rxKMQjB.exe
1176	zXbWDwu.exe
4324	troqNrR.exe
4488	ceXHMdj.exe
448	dJywMbr.exe
1772	EnkKVjV.exe
2608	WxHxKGF.exe
4104	toBoVyR.exe
4024	RAmhHtF.exe
4396	bOanVzc.exe
4092	zlzwgOH.exe
620	wprXJsv.exe
4920	fLyLRxe.exe
2276	KTfVMsz.exe
2172	nQxEySG.exe
4060	EMQeJxK.exe
4372	WsRvuyS.exe
3008	bdlFBaa.exe
2164	OLNkfkO.exe
220	LLtdjYI.exe
4688	OAUnAjQ.exe
2684	HlduuHU.exe
2804	erbCUlW.exe
3984	aGOHVrG.exe
2032	iyrGCPu.exe
2360	riqxltu.exe
3728	KTRHTvy.exe
4084	ZOiVsjb.exe
2728	oKqrcpQ.exe
1088	NykCfpw.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5060-0-0x00007FF6995A0000-0x00007FF6998F4000-memory.dmp	upx
behavioral2/files/0x0009000000023405-5.dat	upx
behavioral2/memory/1748-12-0x00007FF6482F0000-0x00007FF648644000-memory.dmp	upx
behavioral2/files/0x000800000002343a-15.dat	upx
behavioral2/files/0x000700000002343e-27.dat	upx
behavioral2/files/0x000700000002343b-18.dat	upx
behavioral2/files/0x000700000002343f-28.dat	upx
behavioral2/files/0x000700000002343d-26.dat	upx
behavioral2/files/0x000700000002343c-23.dat	upx
behavioral2/files/0x0007000000023444-66.dat	upx
behavioral2/files/0x000700000002344b-97.dat	upx
behavioral2/files/0x0007000000023450-115.dat	upx
behavioral2/memory/676-130-0x00007FF6F46B0000-0x00007FF6F4A04000-memory.dmp	upx
behavioral2/memory/3636-147-0x00007FF717360000-0x00007FF7176B4000-memory.dmp	upx
behavioral2/files/0x0007000000023454-167.dat	upx
behavioral2/memory/2352-182-0x00007FF7E4BC0000-0x00007FF7E4F14000-memory.dmp	upx
behavioral2/memory/4516-188-0x00007FF68CC30000-0x00007FF68CF84000-memory.dmp	upx
behavioral2/memory/2456-194-0x00007FF60DB40000-0x00007FF60DE94000-memory.dmp	upx
behavioral2/memory/4496-199-0x00007FF6DC950000-0x00007FF6DCCA4000-memory.dmp	upx
behavioral2/memory/1220-198-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp	upx
behavioral2/memory/2084-197-0x00007FF7118D0000-0x00007FF711C24000-memory.dmp	upx
behavioral2/memory/4824-196-0x00007FF6BFB60000-0x00007FF6BFEB4000-memory.dmp	upx
behavioral2/memory/3544-195-0x00007FF7404D0000-0x00007FF740824000-memory.dmp	upx
behavioral2/memory/1668-193-0x00007FF7F5390000-0x00007FF7F56E4000-memory.dmp	upx
behavioral2/memory/4156-192-0x00007FF6B5360000-0x00007FF6B56B4000-memory.dmp	upx
behavioral2/memory/3328-191-0x00007FF7C6AB0000-0x00007FF7C6E04000-memory.dmp	upx
behavioral2/memory/4500-190-0x00007FF6948E0000-0x00007FF694C34000-memory.dmp	upx
behavioral2/memory/4756-189-0x00007FF688F40000-0x00007FF689294000-memory.dmp	upx
behavioral2/memory/4520-187-0x00007FF704840000-0x00007FF704B94000-memory.dmp	upx
behavioral2/memory/3164-186-0x00007FF750A50000-0x00007FF750DA4000-memory.dmp	upx
behavioral2/memory/2228-179-0x00007FF6AF9B0000-0x00007FF6AFD04000-memory.dmp	upx
behavioral2/files/0x000a000000023415-177.dat	upx
behavioral2/files/0x0007000000023455-175.dat	upx
behavioral2/files/0x0007000000023458-173.dat	upx
behavioral2/files/0x0007000000023459-172.dat	upx
behavioral2/memory/2912-170-0x00007FF6BC890000-0x00007FF6BCBE4000-memory.dmp	upx
behavioral2/files/0x0007000000023452-163.dat	upx
behavioral2/files/0x000700000002344f-161.dat	upx
behavioral2/files/0x000700000002344e-159.dat	upx
behavioral2/files/0x0007000000023451-155.dat	upx
behavioral2/files/0x0007000000023457-154.dat	upx
behavioral2/files/0x0007000000023456-153.dat	upx
behavioral2/memory/2464-148-0x00007FF789F20000-0x00007FF78A274000-memory.dmp	upx
behavioral2/files/0x000700000002344d-141.dat	upx
behavioral2/files/0x0007000000023449-138.dat	upx
behavioral2/files/0x000700000002344c-135.dat	upx
behavioral2/files/0x0007000000023453-143.dat	upx
behavioral2/files/0x000700000002344a-125.dat	upx
behavioral2/files/0x0007000000023446-121.dat	upx
behavioral2/memory/4984-116-0x00007FF730290000-0x00007FF7305E4000-memory.dmp	upx
behavioral2/files/0x0007000000023447-113.dat	upx
behavioral2/memory/1448-110-0x00007FF7954B0000-0x00007FF795804000-memory.dmp	upx
behavioral2/files/0x0007000000023445-106.dat	upx
behavioral2/files/0x0007000000023448-119.dat	upx
behavioral2/memory/2800-91-0x00007FF7DDA20000-0x00007FF7DDD74000-memory.dmp	upx
behavioral2/files/0x0007000000023443-89.dat	upx
behavioral2/files/0x0007000000023442-87.dat	upx
behavioral2/files/0x0007000000023441-74.dat	upx
behavioral2/memory/2480-72-0x00007FF6680E0000-0x00007FF668434000-memory.dmp	upx
behavioral2/memory/4684-70-0x00007FF6B2390000-0x00007FF6B26E4000-memory.dmp	upx
behavioral2/files/0x0007000000023440-61.dat	upx
behavioral2/memory/1084-58-0x00007FF63C350000-0x00007FF63C6A4000-memory.dmp	upx
behavioral2/memory/2008-43-0x00007FF67D290000-0x00007FF67D5E4000-memory.dmp	upx
behavioral2/memory/2424-35-0x00007FF6601D0000-0x00007FF660524000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fQWLedm.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\WxHxKGF.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\enEdhyc.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\GogQukf.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\DiHfgXd.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\KOGlNVs.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\dlGGgKy.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\LvejART.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\GJCxeJF.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\VewviMB.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\bGfBTvo.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\gofjYQQ.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\aExHuvL.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\utuvakf.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\lJMgqii.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\zQuJmsS.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\rLBcUfV.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\LVROGCU.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\eZKwqXG.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\SIdvEgG.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\KbxOtql.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\BgNzsAL.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\QXEwUUx.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\rgypzBx.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\CrIAnNS.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\bOTAtsS.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\abkdOLI.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\ddlyLIX.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\cPRKAdW.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\ILsaoKQ.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\pkCzPsx.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\bDqWWTN.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\gepCGsd.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\vfXcaHj.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\rXXLTUa.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\eAnVyWv.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\QLZThnf.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\nnbLYZY.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\ComohZm.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\IEIsrcP.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\hGfzUnt.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\MFlYBkr.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\pJdoOsg.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\toKCEfe.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\ceXHMdj.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\dJywMbr.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\UYZDpkD.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\GhFXtEo.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\QUWHZKz.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\WfeIYPp.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\ELhoOTN.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\oPMokPc.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\qNkHQHF.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\Nhhsjqv.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\VDpiexw.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\bGxBRAy.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\gCOgKao.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\cCRZZKT.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\NjfAGRe.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\LBIIJoD.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\NWPZkGU.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\ucHvNvY.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\yxniIDx.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
File created	C:\Windows\System\OLNkfkO.exe	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15100	dwm.exe
Token: SeChangeNotifyPrivilege	15100	dwm.exe
Token: 33	15100	dwm.exe
Token: SeIncBasePriorityPrivilege	15100	dwm.exe
Token: SeShutdownPrivilege	15100	dwm.exe
Token: SeCreatePagefilePrivilege	15100	dwm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5512	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 1748	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	85
PID 5060 wrote to memory of 1748	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	85
PID 5060 wrote to memory of 2424	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	86
PID 5060 wrote to memory of 2424	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	86
PID 5060 wrote to memory of 2008	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	87
PID 5060 wrote to memory of 2008	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	87
PID 5060 wrote to memory of 1084	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	88
PID 5060 wrote to memory of 1084	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	88
PID 5060 wrote to memory of 3328	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	89
PID 5060 wrote to memory of 3328	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	89
PID 5060 wrote to memory of 4684	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	90
PID 5060 wrote to memory of 4684	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	90
PID 5060 wrote to memory of 2480	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	91
PID 5060 wrote to memory of 2480	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	91
PID 5060 wrote to memory of 4156	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	92
PID 5060 wrote to memory of 4156	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	92
PID 5060 wrote to memory of 1668	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	93
PID 5060 wrote to memory of 1668	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	93
PID 5060 wrote to memory of 2800	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	94
PID 5060 wrote to memory of 2800	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	94
PID 5060 wrote to memory of 1448	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	95
PID 5060 wrote to memory of 1448	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	95
PID 5060 wrote to memory of 4984	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	96
PID 5060 wrote to memory of 4984	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	96
PID 5060 wrote to memory of 2456	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	97
PID 5060 wrote to memory of 2456	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	97
PID 5060 wrote to memory of 3636	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	98
PID 5060 wrote to memory of 3636	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	98
PID 5060 wrote to memory of 3544	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	99
PID 5060 wrote to memory of 3544	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	99
PID 5060 wrote to memory of 676	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	100
PID 5060 wrote to memory of 676	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	100
PID 5060 wrote to memory of 2464	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	101
PID 5060 wrote to memory of 2464	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	101
PID 5060 wrote to memory of 4824	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	102
PID 5060 wrote to memory of 4824	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	102
PID 5060 wrote to memory of 2912	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	103
PID 5060 wrote to memory of 2912	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	103
PID 5060 wrote to memory of 2228	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	104
PID 5060 wrote to memory of 2228	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	104
PID 5060 wrote to memory of 2352	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	105
PID 5060 wrote to memory of 2352	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	105
PID 5060 wrote to memory of 3164	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	106
PID 5060 wrote to memory of 3164	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	106
PID 5060 wrote to memory of 4520	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	107
PID 5060 wrote to memory of 4520	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	107
PID 5060 wrote to memory of 2084	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	108
PID 5060 wrote to memory of 2084	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	108
PID 5060 wrote to memory of 1220	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	109
PID 5060 wrote to memory of 1220	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	109
PID 5060 wrote to memory of 4516	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	110
PID 5060 wrote to memory of 4516	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	110
PID 5060 wrote to memory of 4756	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	111
PID 5060 wrote to memory of 4756	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	111
PID 5060 wrote to memory of 4500	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	112
PID 5060 wrote to memory of 4500	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	112
PID 5060 wrote to memory of 4496	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	113
PID 5060 wrote to memory of 4496	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	113
PID 5060 wrote to memory of 4580	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	114
PID 5060 wrote to memory of 4580	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	114
PID 5060 wrote to memory of 4940	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	115
PID 5060 wrote to memory of 4940	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	115
PID 5060 wrote to memory of 1972	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	116
PID 5060 wrote to memory of 1972	5060	e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e6a4936c57b2677ca7fdd8cc1db4fdb0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\System\MXaGeTe.exe
  C:\Windows\System\MXaGeTe.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\VYoBZvN.exe
  C:\Windows\System\VYoBZvN.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\EpNmVTl.exe
  C:\Windows\System\EpNmVTl.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\gUXxhCy.exe
  C:\Windows\System\gUXxhCy.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\sIMQDJY.exe
  C:\Windows\System\sIMQDJY.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\sjcrzVj.exe
  C:\Windows\System\sjcrzVj.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\nevRFoC.exe
  C:\Windows\System\nevRFoC.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\WPiRkNr.exe
  C:\Windows\System\WPiRkNr.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\TMubMHi.exe
  C:\Windows\System\TMubMHi.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\TmndHBE.exe
  C:\Windows\System\TmndHBE.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\jBjjAnB.exe
  C:\Windows\System\jBjjAnB.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\ZFWlAyf.exe
  C:\Windows\System\ZFWlAyf.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\NCTKPlf.exe
  C:\Windows\System\NCTKPlf.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\aIvoCFS.exe
  C:\Windows\System\aIvoCFS.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\VVPAuRg.exe
  C:\Windows\System\VVPAuRg.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\BvrzeaN.exe
  C:\Windows\System\BvrzeaN.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\pTsbdtS.exe
  C:\Windows\System\pTsbdtS.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\wphSLES.exe
  C:\Windows\System\wphSLES.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\NVbGmgQ.exe
  C:\Windows\System\NVbGmgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\OYaaecu.exe
  C:\Windows\System\OYaaecu.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\RcKnOcw.exe
  C:\Windows\System\RcKnOcw.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\OfEABRR.exe
  C:\Windows\System\OfEABRR.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\qletsSb.exe
  C:\Windows\System\qletsSb.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\JewQhNa.exe
  C:\Windows\System\JewQhNa.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\zyhHiGM.exe
  C:\Windows\System\zyhHiGM.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\GtKPRtr.exe
  C:\Windows\System\GtKPRtr.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\toKCEfe.exe
  C:\Windows\System\toKCEfe.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\dHVmxkL.exe
  C:\Windows\System\dHVmxkL.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\fQWLedm.exe
  C:\Windows\System\fQWLedm.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\qeLaRqp.exe
  C:\Windows\System\qeLaRqp.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\ogVXFjj.exe
  C:\Windows\System\ogVXFjj.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\smZRqxa.exe
  C:\Windows\System\smZRqxa.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\yvxiSFb.exe
  C:\Windows\System\yvxiSFb.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\ZJXnTrs.exe
  C:\Windows\System\ZJXnTrs.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\rxKMQjB.exe
  C:\Windows\System\rxKMQjB.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\zXbWDwu.exe
  C:\Windows\System\zXbWDwu.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\troqNrR.exe
  C:\Windows\System\troqNrR.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\ceXHMdj.exe
  C:\Windows\System\ceXHMdj.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\dJywMbr.exe
  C:\Windows\System\dJywMbr.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\EnkKVjV.exe
  C:\Windows\System\EnkKVjV.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\WxHxKGF.exe
  C:\Windows\System\WxHxKGF.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\toBoVyR.exe
  C:\Windows\System\toBoVyR.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\RAmhHtF.exe
  C:\Windows\System\RAmhHtF.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\bOanVzc.exe
  C:\Windows\System\bOanVzc.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\zlzwgOH.exe
  C:\Windows\System\zlzwgOH.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\wprXJsv.exe
  C:\Windows\System\wprXJsv.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\fLyLRxe.exe
  C:\Windows\System\fLyLRxe.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\KTfVMsz.exe
  C:\Windows\System\KTfVMsz.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\nQxEySG.exe
  C:\Windows\System\nQxEySG.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\EMQeJxK.exe
  C:\Windows\System\EMQeJxK.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\WsRvuyS.exe
  C:\Windows\System\WsRvuyS.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\bdlFBaa.exe
  C:\Windows\System\bdlFBaa.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\OLNkfkO.exe
  C:\Windows\System\OLNkfkO.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\LLtdjYI.exe
  C:\Windows\System\LLtdjYI.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\OAUnAjQ.exe
  C:\Windows\System\OAUnAjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\HlduuHU.exe
  C:\Windows\System\HlduuHU.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\erbCUlW.exe
  C:\Windows\System\erbCUlW.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\aGOHVrG.exe
  C:\Windows\System\aGOHVrG.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\iyrGCPu.exe
  C:\Windows\System\iyrGCPu.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\riqxltu.exe
  C:\Windows\System\riqxltu.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\KTRHTvy.exe
  C:\Windows\System\KTRHTvy.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\ZOiVsjb.exe
  C:\Windows\System\ZOiVsjb.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\oKqrcpQ.exe
  C:\Windows\System\oKqrcpQ.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\NykCfpw.exe
  C:\Windows\System\NykCfpw.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\mRxilSw.exe
  C:\Windows\System\mRxilSw.exe
  2⤵
  PID:5076
- C:\Windows\System\afPZyvK.exe
  C:\Windows\System\afPZyvK.exe
  2⤵
  PID:1028
- C:\Windows\System\IXELgTA.exe
  C:\Windows\System\IXELgTA.exe
  2⤵
  PID:2304
- C:\Windows\System\mBsejFO.exe
  C:\Windows\System\mBsejFO.exe
  2⤵
  PID:1172
- C:\Windows\System\bMjfaDA.exe
  C:\Windows\System\bMjfaDA.exe
  2⤵
  PID:1528
- C:\Windows\System\rXXLTUa.exe
  C:\Windows\System\rXXLTUa.exe
  2⤵
  PID:4764
- C:\Windows\System\GBmYUtT.exe
  C:\Windows\System\GBmYUtT.exe
  2⤵
  PID:3552
- C:\Windows\System\pYYQdFn.exe
  C:\Windows\System\pYYQdFn.exe
  2⤵
  PID:4212
- C:\Windows\System\WYvgIFu.exe
  C:\Windows\System\WYvgIFu.exe
  2⤵
  PID:3736
- C:\Windows\System\JKogkfR.exe
  C:\Windows\System\JKogkfR.exe
  2⤵
  PID:3352
- C:\Windows\System\AZIKmar.exe
  C:\Windows\System\AZIKmar.exe
  2⤵
  PID:3160
- C:\Windows\System\vBffvOR.exe
  C:\Windows\System\vBffvOR.exe
  2⤵
  PID:4492
- C:\Windows\System\wQDKlmq.exe
  C:\Windows\System\wQDKlmq.exe
  2⤵
  PID:2564
- C:\Windows\System\eZKwqXG.exe
  C:\Windows\System\eZKwqXG.exe
  2⤵
  PID:2232
- C:\Windows\System\jxwiwpO.exe
  C:\Windows\System\jxwiwpO.exe
  2⤵
  PID:1836
- C:\Windows\System\GDpksJJ.exe
  C:\Windows\System\GDpksJJ.exe
  2⤵
  PID:2408
- C:\Windows\System\XweaHrt.exe
  C:\Windows\System\XweaHrt.exe
  2⤵
  PID:1464
- C:\Windows\System\QYNENve.exe
  C:\Windows\System\QYNENve.exe
  2⤵
  PID:1644
- C:\Windows\System\awWBcit.exe
  C:\Windows\System\awWBcit.exe
  2⤵
  PID:1192
- C:\Windows\System\uPnhFNt.exe
  C:\Windows\System\uPnhFNt.exe
  2⤵
  PID:3068
- C:\Windows\System\aPEyiMj.exe
  C:\Windows\System\aPEyiMj.exe
  2⤵
  PID:3760
- C:\Windows\System\WfeIYPp.exe
  C:\Windows\System\WfeIYPp.exe
  2⤵
  PID:1432
- C:\Windows\System\WJASfon.exe
  C:\Windows\System\WJASfon.exe
  2⤵
  PID:1016
- C:\Windows\System\HjDAXFh.exe
  C:\Windows\System\HjDAXFh.exe
  2⤵
  PID:3600
- C:\Windows\System\zahMCeK.exe
  C:\Windows\System\zahMCeK.exe
  2⤵
  PID:392
- C:\Windows\System\nhNndkk.exe
  C:\Windows\System\nhNndkk.exe
  2⤵
  PID:2652
- C:\Windows\System\ZYZvtsF.exe
  C:\Windows\System\ZYZvtsF.exe
  2⤵
  PID:5144
- C:\Windows\System\BIdukRv.exe
  C:\Windows\System\BIdukRv.exe
  2⤵
  PID:5176
- C:\Windows\System\gCOgKao.exe
  C:\Windows\System\gCOgKao.exe
  2⤵
  PID:5208
- C:\Windows\System\LvejART.exe
  C:\Windows\System\LvejART.exe
  2⤵
  PID:5228
- C:\Windows\System\qzpKGie.exe
  C:\Windows\System\qzpKGie.exe
  2⤵
  PID:5264
- C:\Windows\System\rdeSMDR.exe
  C:\Windows\System\rdeSMDR.exe
  2⤵
  PID:5308
- C:\Windows\System\iZMwJxp.exe
  C:\Windows\System\iZMwJxp.exe
  2⤵
  PID:5344
- C:\Windows\System\JdKUNtH.exe
  C:\Windows\System\JdKUNtH.exe
  2⤵
  PID:5372
- C:\Windows\System\rgypzBx.exe
  C:\Windows\System\rgypzBx.exe
  2⤵
  PID:5400
- C:\Windows\System\XlCNNgq.exe
  C:\Windows\System\XlCNNgq.exe
  2⤵
  PID:5436
- C:\Windows\System\iPofyNV.exe
  C:\Windows\System\iPofyNV.exe
  2⤵
  PID:5464
- C:\Windows\System\ZKduUGW.exe
  C:\Windows\System\ZKduUGW.exe
  2⤵
  PID:5492
- C:\Windows\System\sHGLlPD.exe
  C:\Windows\System\sHGLlPD.exe
  2⤵
  PID:5524
- C:\Windows\System\GJCxeJF.exe
  C:\Windows\System\GJCxeJF.exe
  2⤵
  PID:5548
- C:\Windows\System\KDJWskc.exe
  C:\Windows\System\KDJWskc.exe
  2⤵
  PID:5588
- C:\Windows\System\BvYYktM.exe
  C:\Windows\System\BvYYktM.exe
  2⤵
  PID:5624
- C:\Windows\System\cPRKAdW.exe
  C:\Windows\System\cPRKAdW.exe
  2⤵
  PID:5660
- C:\Windows\System\WWsmKrk.exe
  C:\Windows\System\WWsmKrk.exe
  2⤵
  PID:5692
- C:\Windows\System\SBGNrFP.exe
  C:\Windows\System\SBGNrFP.exe
  2⤵
  PID:5716
- C:\Windows\System\lJMgqii.exe
  C:\Windows\System\lJMgqii.exe
  2⤵
  PID:5744
- C:\Windows\System\UraQPJM.exe
  C:\Windows\System\UraQPJM.exe
  2⤵
  PID:5772
- C:\Windows\System\RbvrlSH.exe
  C:\Windows\System\RbvrlSH.exe
  2⤵
  PID:5804
- C:\Windows\System\QNPqDld.exe
  C:\Windows\System\QNPqDld.exe
  2⤵
  PID:5828
- C:\Windows\System\PckgAPn.exe
  C:\Windows\System\PckgAPn.exe
  2⤵
  PID:5856
- C:\Windows\System\OlEmYSs.exe
  C:\Windows\System\OlEmYSs.exe
  2⤵
  PID:5884
- C:\Windows\System\SIdvEgG.exe
  C:\Windows\System\SIdvEgG.exe
  2⤵
  PID:5912
- C:\Windows\System\JexVRdY.exe
  C:\Windows\System\JexVRdY.exe
  2⤵
  PID:5928
- C:\Windows\System\FWasRAk.exe
  C:\Windows\System\FWasRAk.exe
  2⤵
  PID:5960
- C:\Windows\System\eRTJUcq.exe
  C:\Windows\System\eRTJUcq.exe
  2⤵
  PID:6000
- C:\Windows\System\ILsaoKQ.exe
  C:\Windows\System\ILsaoKQ.exe
  2⤵
  PID:6028
- C:\Windows\System\nycBxIW.exe
  C:\Windows\System\nycBxIW.exe
  2⤵
  PID:6048
- C:\Windows\System\FSgBHrr.exe
  C:\Windows\System\FSgBHrr.exe
  2⤵
  PID:6072
- C:\Windows\System\sugFBQb.exe
  C:\Windows\System\sugFBQb.exe
  2⤵
  PID:6100
- C:\Windows\System\TtnjtJJ.exe
  C:\Windows\System\TtnjtJJ.exe
  2⤵
  PID:6140
- C:\Windows\System\nZxILKt.exe
  C:\Windows\System\nZxILKt.exe
  2⤵
  PID:5164
- C:\Windows\System\beizRCz.exe
  C:\Windows\System\beizRCz.exe
  2⤵
  PID:5236
- C:\Windows\System\xVBwpyg.exe
  C:\Windows\System\xVBwpyg.exe
  2⤵
  PID:5288
- C:\Windows\System\SlgksrG.exe
  C:\Windows\System\SlgksrG.exe
  2⤵
  PID:5336
- C:\Windows\System\pjjiTea.exe
  C:\Windows\System\pjjiTea.exe
  2⤵
  PID:5364
- C:\Windows\System\WxWKwnB.exe
  C:\Windows\System\WxWKwnB.exe
  2⤵
  PID:5460
- C:\Windows\System\jovDTiR.exe
  C:\Windows\System\jovDTiR.exe
  2⤵
  PID:5580
- C:\Windows\System\oqGAZqe.exe
  C:\Windows\System\oqGAZqe.exe
  2⤵
  PID:5672
- C:\Windows\System\mkFualf.exe
  C:\Windows\System\mkFualf.exe
  2⤵
  PID:5712
- C:\Windows\System\HYYQGqG.exe
  C:\Windows\System\HYYQGqG.exe
  2⤵
  PID:5764
- C:\Windows\System\ZtapOgh.exe
  C:\Windows\System\ZtapOgh.exe
  2⤵
  PID:5840
- C:\Windows\System\nTWEKyQ.exe
  C:\Windows\System\nTWEKyQ.exe
  2⤵
  PID:5924
- C:\Windows\System\fNeBPPi.exe
  C:\Windows\System\fNeBPPi.exe
  2⤵
  PID:6012
- C:\Windows\System\eIdtiGT.exe
  C:\Windows\System\eIdtiGT.exe
  2⤵
  PID:6088
- C:\Windows\System\obGtOSX.exe
  C:\Windows\System\obGtOSX.exe
  2⤵
  PID:5128
- C:\Windows\System\vfuQNub.exe
  C:\Windows\System\vfuQNub.exe
  2⤵
  PID:5324
- C:\Windows\System\qQePQHW.exe
  C:\Windows\System\qQePQHW.exe
  2⤵
  PID:5396
- C:\Windows\System\EvUlBQi.exe
  C:\Windows\System\EvUlBQi.exe
  2⤵
  PID:5636
- C:\Windows\System\KlYSSLN.exe
  C:\Windows\System\KlYSSLN.exe
  2⤵
  PID:5708
- C:\Windows\System\jSGoEQc.exe
  C:\Windows\System\jSGoEQc.exe
  2⤵
  PID:5900
- C:\Windows\System\uZDbHIc.exe
  C:\Windows\System\uZDbHIc.exe
  2⤵
  PID:6136
- C:\Windows\System\LFlBlwd.exe
  C:\Windows\System\LFlBlwd.exe
  2⤵
  PID:5448
- C:\Windows\System\mWMBXEb.exe
  C:\Windows\System\mWMBXEb.exe
  2⤵
  PID:5784
- C:\Windows\System\TtaSffA.exe
  C:\Windows\System\TtaSffA.exe
  2⤵
  PID:5356
- C:\Windows\System\PFPBmFs.exe
  C:\Windows\System\PFPBmFs.exe
  2⤵
  PID:6156
- C:\Windows\System\eymWRkh.exe
  C:\Windows\System\eymWRkh.exe
  2⤵
  PID:6184
- C:\Windows\System\LBIIJoD.exe
  C:\Windows\System\LBIIJoD.exe
  2⤵
  PID:6220
- C:\Windows\System\wVWUauS.exe
  C:\Windows\System\wVWUauS.exe
  2⤵
  PID:6252
- C:\Windows\System\BbfHNEt.exe
  C:\Windows\System\BbfHNEt.exe
  2⤵
  PID:6288
- C:\Windows\System\UYZDpkD.exe
  C:\Windows\System\UYZDpkD.exe
  2⤵
  PID:6332
- C:\Windows\System\hUNcCxu.exe
  C:\Windows\System\hUNcCxu.exe
  2⤵
  PID:6360
- C:\Windows\System\mZcQNFX.exe
  C:\Windows\System\mZcQNFX.exe
  2⤵
  PID:6376
- C:\Windows\System\tOPWmsr.exe
  C:\Windows\System\tOPWmsr.exe
  2⤵
  PID:6392
- C:\Windows\System\ZJjSfPy.exe
  C:\Windows\System\ZJjSfPy.exe
  2⤵
  PID:6420
- C:\Windows\System\uCHKqgF.exe
  C:\Windows\System\uCHKqgF.exe
  2⤵
  PID:6444
- C:\Windows\System\eTYSIdm.exe
  C:\Windows\System\eTYSIdm.exe
  2⤵
  PID:6492
- C:\Windows\System\zzJgCXH.exe
  C:\Windows\System\zzJgCXH.exe
  2⤵
  PID:6536
- C:\Windows\System\FsVobMb.exe
  C:\Windows\System\FsVobMb.exe
  2⤵
  PID:6572
- C:\Windows\System\WWhVDDz.exe
  C:\Windows\System\WWhVDDz.exe
  2⤵
  PID:6592
- C:\Windows\System\ALgiGyz.exe
  C:\Windows\System\ALgiGyz.exe
  2⤵
  PID:6620
- C:\Windows\System\OiFvlzK.exe
  C:\Windows\System\OiFvlzK.exe
  2⤵
  PID:6660
- C:\Windows\System\MDZSicR.exe
  C:\Windows\System\MDZSicR.exe
  2⤵
  PID:6744
- C:\Windows\System\IVbJhqD.exe
  C:\Windows\System\IVbJhqD.exe
  2⤵
  PID:6760
- C:\Windows\System\MSYQogI.exe
  C:\Windows\System\MSYQogI.exe
  2⤵
  PID:6776
- C:\Windows\System\cmBFwRi.exe
  C:\Windows\System\cmBFwRi.exe
  2⤵
  PID:6820
- C:\Windows\System\rZzUJku.exe
  C:\Windows\System\rZzUJku.exe
  2⤵
  PID:6844
- C:\Windows\System\NFpjWhm.exe
  C:\Windows\System\NFpjWhm.exe
  2⤵
  PID:6884
- C:\Windows\System\nhgYJOx.exe
  C:\Windows\System\nhgYJOx.exe
  2⤵
  PID:6928
- C:\Windows\System\UGaxSsE.exe
  C:\Windows\System\UGaxSsE.exe
  2⤵
  PID:6980
- C:\Windows\System\TJyHmaQ.exe
  C:\Windows\System\TJyHmaQ.exe
  2⤵
  PID:6996
- C:\Windows\System\mcJSspz.exe
  C:\Windows\System\mcJSspz.exe
  2⤵
  PID:7036
- C:\Windows\System\MNfJDeZ.exe
  C:\Windows\System\MNfJDeZ.exe
  2⤵
  PID:7068
- C:\Windows\System\xqGGzbc.exe
  C:\Windows\System\xqGGzbc.exe
  2⤵
  PID:7084
- C:\Windows\System\SzMlwhn.exe
  C:\Windows\System\SzMlwhn.exe
  2⤵
  PID:7112
- C:\Windows\System\qEuNkKQ.exe
  C:\Windows\System\qEuNkKQ.exe
  2⤵
  PID:7156
- C:\Windows\System\hHbumwJ.exe
  C:\Windows\System\hHbumwJ.exe
  2⤵
  PID:6216
- C:\Windows\System\vjyugGM.exe
  C:\Windows\System\vjyugGM.exe
  2⤵
  PID:6272
- C:\Windows\System\MXdtquM.exe
  C:\Windows\System\MXdtquM.exe
  2⤵
  PID:6328
- C:\Windows\System\MsUQQbU.exe
  C:\Windows\System\MsUQQbU.exe
  2⤵
  PID:6344
- C:\Windows\System\lbfuQNO.exe
  C:\Windows\System\lbfuQNO.exe
  2⤵
  PID:6472
- C:\Windows\System\OtrFSJv.exe
  C:\Windows\System\OtrFSJv.exe
  2⤵
  PID:6556
- C:\Windows\System\UAVjGTh.exe
  C:\Windows\System\UAVjGTh.exe
  2⤵
  PID:6632
- C:\Windows\System\NBOMRuP.exe
  C:\Windows\System\NBOMRuP.exe
  2⤵
  PID:6552
- C:\Windows\System\dlLdtRj.exe
  C:\Windows\System\dlLdtRj.exe
  2⤵
  PID:6756
- C:\Windows\System\jTmxsaG.exe
  C:\Windows\System\jTmxsaG.exe
  2⤵
  PID:6828
- C:\Windows\System\uSIbFyg.exe
  C:\Windows\System\uSIbFyg.exe
  2⤵
  PID:7012
- C:\Windows\System\Llizdpv.exe
  C:\Windows\System\Llizdpv.exe
  2⤵
  PID:7064
- C:\Windows\System\GCkWXZy.exe
  C:\Windows\System\GCkWXZy.exe
  2⤵
  PID:7104
- C:\Windows\System\NWPZkGU.exe
  C:\Windows\System\NWPZkGU.exe
  2⤵
  PID:7152
- C:\Windows\System\ddlyLIX.exe
  C:\Windows\System\ddlyLIX.exe
  2⤵
  PID:6412
- C:\Windows\System\mLfDszg.exe
  C:\Windows\System\mLfDszg.exe
  2⤵
  PID:6588
- C:\Windows\System\whHjNdX.exe
  C:\Windows\System\whHjNdX.exe
  2⤵
  PID:6880
- C:\Windows\System\zGokHvn.exe
  C:\Windows\System\zGokHvn.exe
  2⤵
  PID:6200
- C:\Windows\System\lFEkQid.exe
  C:\Windows\System\lFEkQid.exe
  2⤵
  PID:6528
- C:\Windows\System\eStrsiT.exe
  C:\Windows\System\eStrsiT.exe
  2⤵
  PID:7080
- C:\Windows\System\QJQjBjM.exe
  C:\Windows\System\QJQjBjM.exe
  2⤵
  PID:6692
- C:\Windows\System\tWnxtHv.exe
  C:\Windows\System\tWnxtHv.exe
  2⤵
  PID:7212
- C:\Windows\System\XZmvhOY.exe
  C:\Windows\System\XZmvhOY.exe
  2⤵
  PID:7260
- C:\Windows\System\fUbsGTq.exe
  C:\Windows\System\fUbsGTq.exe
  2⤵
  PID:7288
- C:\Windows\System\JJDemTF.exe
  C:\Windows\System\JJDemTF.exe
  2⤵
  PID:7320
- C:\Windows\System\PXtDYZR.exe
  C:\Windows\System\PXtDYZR.exe
  2⤵
  PID:7340
- C:\Windows\System\aafcTov.exe
  C:\Windows\System\aafcTov.exe
  2⤵
  PID:7372
- C:\Windows\System\rKZjajP.exe
  C:\Windows\System\rKZjajP.exe
  2⤵
  PID:7404
- C:\Windows\System\zgMHkzh.exe
  C:\Windows\System\zgMHkzh.exe
  2⤵
  PID:7448
- C:\Windows\System\abVKjnf.exe
  C:\Windows\System\abVKjnf.exe
  2⤵
  PID:7476
- C:\Windows\System\xpNCRgy.exe
  C:\Windows\System\xpNCRgy.exe
  2⤵
  PID:7516
- C:\Windows\System\JfvQvKk.exe
  C:\Windows\System\JfvQvKk.exe
  2⤵
  PID:7560
- C:\Windows\System\tlDkgJc.exe
  C:\Windows\System\tlDkgJc.exe
  2⤵
  PID:7596
- C:\Windows\System\iFaXIjj.exe
  C:\Windows\System\iFaXIjj.exe
  2⤵
  PID:7620
- C:\Windows\System\YHoiucJ.exe
  C:\Windows\System\YHoiucJ.exe
  2⤵
  PID:7644
- C:\Windows\System\pGToOHL.exe
  C:\Windows\System\pGToOHL.exe
  2⤵
  PID:7664
- C:\Windows\System\ELhoOTN.exe
  C:\Windows\System\ELhoOTN.exe
  2⤵
  PID:7688
- C:\Windows\System\IEIsrcP.exe
  C:\Windows\System\IEIsrcP.exe
  2⤵
  PID:7720
- C:\Windows\System\kJMaLVg.exe
  C:\Windows\System\kJMaLVg.exe
  2⤵
  PID:7752
- C:\Windows\System\wRENdrs.exe
  C:\Windows\System\wRENdrs.exe
  2⤵
  PID:7784
- C:\Windows\System\JgNPPwL.exe
  C:\Windows\System\JgNPPwL.exe
  2⤵
  PID:7812
- C:\Windows\System\dovvjqm.exe
  C:\Windows\System\dovvjqm.exe
  2⤵
  PID:7840
- C:\Windows\System\NMiTxfs.exe
  C:\Windows\System\NMiTxfs.exe
  2⤵
  PID:7868
- C:\Windows\System\HePbNYp.exe
  C:\Windows\System\HePbNYp.exe
  2⤵
  PID:7892
- C:\Windows\System\bDSxNQd.exe
  C:\Windows\System\bDSxNQd.exe
  2⤵
  PID:7912
- C:\Windows\System\KaEFnMF.exe
  C:\Windows\System\KaEFnMF.exe
  2⤵
  PID:7944
- C:\Windows\System\kBsEafZ.exe
  C:\Windows\System\kBsEafZ.exe
  2⤵
  PID:7988
- C:\Windows\System\cCRZZKT.exe
  C:\Windows\System\cCRZZKT.exe
  2⤵
  PID:8012
- C:\Windows\System\bpYoyPb.exe
  C:\Windows\System\bpYoyPb.exe
  2⤵
  PID:8048
- C:\Windows\System\xLKctuW.exe
  C:\Windows\System\xLKctuW.exe
  2⤵
  PID:8076
- C:\Windows\System\kpEQbSN.exe
  C:\Windows\System\kpEQbSN.exe
  2⤵
  PID:8132
- C:\Windows\System\OsPAUMD.exe
  C:\Windows\System\OsPAUMD.exe
  2⤵
  PID:8152
- C:\Windows\System\dJnjEsI.exe
  C:\Windows\System\dJnjEsI.exe
  2⤵
  PID:8188
- C:\Windows\System\KJXBcQp.exe
  C:\Windows\System\KJXBcQp.exe
  2⤵
  PID:7204
- C:\Windows\System\VJTfXwm.exe
  C:\Windows\System\VJTfXwm.exe
  2⤵
  PID:7304
- C:\Windows\System\CxUgpHP.exe
  C:\Windows\System\CxUgpHP.exe
  2⤵
  PID:7364
- C:\Windows\System\hGfzUnt.exe
  C:\Windows\System\hGfzUnt.exe
  2⤵
  PID:7428
- C:\Windows\System\MTJprJY.exe
  C:\Windows\System\MTJprJY.exe
  2⤵
  PID:7524
- C:\Windows\System\hSqTqBb.exe
  C:\Windows\System\hSqTqBb.exe
  2⤵
  PID:7628
- C:\Windows\System\pZGaYPt.exe
  C:\Windows\System\pZGaYPt.exe
  2⤵
  PID:7704
- C:\Windows\System\VzjXeiY.exe
  C:\Windows\System\VzjXeiY.exe
  2⤵
  PID:7744
- C:\Windows\System\gxskfnM.exe
  C:\Windows\System\gxskfnM.exe
  2⤵
  PID:7772
- C:\Windows\System\DkkKgVJ.exe
  C:\Windows\System\DkkKgVJ.exe
  2⤵
  PID:7876
- C:\Windows\System\FmxQIjN.exe
  C:\Windows\System\FmxQIjN.exe
  2⤵
  PID:7936
- C:\Windows\System\mXXPPCA.exe
  C:\Windows\System\mXXPPCA.exe
  2⤵
  PID:8100
- C:\Windows\System\sLvCMka.exe
  C:\Windows\System\sLvCMka.exe
  2⤵
  PID:8144
- C:\Windows\System\ZPOMenN.exe
  C:\Windows\System\ZPOMenN.exe
  2⤵
  PID:7200
- C:\Windows\System\CrIAnNS.exe
  C:\Windows\System\CrIAnNS.exe
  2⤵
  PID:7460
- C:\Windows\System\wKXqYZz.exe
  C:\Windows\System\wKXqYZz.exe
  2⤵
  PID:7652
- C:\Windows\System\psRCplH.exe
  C:\Windows\System\psRCplH.exe
  2⤵
  PID:7712
- C:\Windows\System\pNuQDMB.exe
  C:\Windows\System\pNuQDMB.exe
  2⤵
  PID:7972
- C:\Windows\System\OCLSnAR.exe
  C:\Windows\System\OCLSnAR.exe
  2⤵
  PID:5612
- C:\Windows\System\EtBujqt.exe
  C:\Windows\System\EtBujqt.exe
  2⤵
  PID:5540
- C:\Windows\System\bDqWWTN.exe
  C:\Windows\System\bDqWWTN.exe
  2⤵
  PID:8140
- C:\Windows\System\enEdhyc.exe
  C:\Windows\System\enEdhyc.exe
  2⤵
  PID:7696
- C:\Windows\System\ueOzAqq.exe
  C:\Windows\System\ueOzAqq.exe
  2⤵
  PID:8044
- C:\Windows\System\VewviMB.exe
  C:\Windows\System\VewviMB.exe
  2⤵
  PID:5424
- C:\Windows\System\axRJkoG.exe
  C:\Windows\System\axRJkoG.exe
  2⤵
  PID:7836
- C:\Windows\System\wwsuTNK.exe
  C:\Windows\System\wwsuTNK.exe
  2⤵
  PID:7568
- C:\Windows\System\EkHmWkd.exe
  C:\Windows\System\EkHmWkd.exe
  2⤵
  PID:8216
- C:\Windows\System\BEiJVEf.exe
  C:\Windows\System\BEiJVEf.exe
  2⤵
  PID:8244
- C:\Windows\System\oGLCGru.exe
  C:\Windows\System\oGLCGru.exe
  2⤵
  PID:8272
- C:\Windows\System\nbZAgIg.exe
  C:\Windows\System\nbZAgIg.exe
  2⤵
  PID:8300
- C:\Windows\System\MPGHQza.exe
  C:\Windows\System\MPGHQza.exe
  2⤵
  PID:8336
- C:\Windows\System\NtDRJFK.exe
  C:\Windows\System\NtDRJFK.exe
  2⤵
  PID:8356
- C:\Windows\System\TYKSqNX.exe
  C:\Windows\System\TYKSqNX.exe
  2⤵
  PID:8384
- C:\Windows\System\OkUYyOP.exe
  C:\Windows\System\OkUYyOP.exe
  2⤵
  PID:8412
- C:\Windows\System\yIkCcYW.exe
  C:\Windows\System\yIkCcYW.exe
  2⤵
  PID:8448
- C:\Windows\System\LIDWLUL.exe
  C:\Windows\System\LIDWLUL.exe
  2⤵
  PID:8468
- C:\Windows\System\rpBnyUZ.exe
  C:\Windows\System\rpBnyUZ.exe
  2⤵
  PID:8496
- C:\Windows\System\ddVxsaI.exe
  C:\Windows\System\ddVxsaI.exe
  2⤵
  PID:8524
- C:\Windows\System\cwduSLN.exe
  C:\Windows\System\cwduSLN.exe
  2⤵
  PID:8560
- C:\Windows\System\yhCXysL.exe
  C:\Windows\System\yhCXysL.exe
  2⤵
  PID:8584
- C:\Windows\System\LWODicq.exe
  C:\Windows\System\LWODicq.exe
  2⤵
  PID:8612
- C:\Windows\System\aHBveWh.exe
  C:\Windows\System\aHBveWh.exe
  2⤵
  PID:8640
- C:\Windows\System\oGhKslr.exe
  C:\Windows\System\oGhKslr.exe
  2⤵
  PID:8672
- C:\Windows\System\sBLvdpn.exe
  C:\Windows\System\sBLvdpn.exe
  2⤵
  PID:8700
- C:\Windows\System\UlxVWCo.exe
  C:\Windows\System\UlxVWCo.exe
  2⤵
  PID:8728
- C:\Windows\System\nkwvyni.exe
  C:\Windows\System\nkwvyni.exe
  2⤵
  PID:8764
- C:\Windows\System\cDntmAL.exe
  C:\Windows\System\cDntmAL.exe
  2⤵
  PID:8792
- C:\Windows\System\LbsEXNz.exe
  C:\Windows\System\LbsEXNz.exe
  2⤵
  PID:8816
- C:\Windows\System\BmrvYUa.exe
  C:\Windows\System\BmrvYUa.exe
  2⤵
  PID:8852
- C:\Windows\System\DNMtSKw.exe
  C:\Windows\System\DNMtSKw.exe
  2⤵
  PID:8876
- C:\Windows\System\iKfVtNl.exe
  C:\Windows\System\iKfVtNl.exe
  2⤵
  PID:8904
- C:\Windows\System\oGrsnBM.exe
  C:\Windows\System\oGrsnBM.exe
  2⤵
  PID:8932
- C:\Windows\System\sGojCpS.exe
  C:\Windows\System\sGojCpS.exe
  2⤵
  PID:8960
- C:\Windows\System\eAnVyWv.exe
  C:\Windows\System\eAnVyWv.exe
  2⤵
  PID:8988
- C:\Windows\System\ZHKrAvU.exe
  C:\Windows\System\ZHKrAvU.exe
  2⤵
  PID:9032
- C:\Windows\System\wGQMnbi.exe
  C:\Windows\System\wGQMnbi.exe
  2⤵
  PID:9056
- C:\Windows\System\xulYKbk.exe
  C:\Windows\System\xulYKbk.exe
  2⤵
  PID:9084
- C:\Windows\System\FpQkjya.exe
  C:\Windows\System\FpQkjya.exe
  2⤵
  PID:9112
- C:\Windows\System\JBccLxa.exe
  C:\Windows\System\JBccLxa.exe
  2⤵
  PID:9140
- C:\Windows\System\qUBcGjc.exe
  C:\Windows\System\qUBcGjc.exe
  2⤵
  PID:9168
- C:\Windows\System\jHTcudz.exe
  C:\Windows\System\jHTcudz.exe
  2⤵
  PID:9196
- C:\Windows\System\VvkEoSc.exe
  C:\Windows\System\VvkEoSc.exe
  2⤵
  PID:8208
- C:\Windows\System\UXZNaoT.exe
  C:\Windows\System\UXZNaoT.exe
  2⤵
  PID:8268
- C:\Windows\System\hGxNkMf.exe
  C:\Windows\System\hGxNkMf.exe
  2⤵
  PID:8352
- C:\Windows\System\xNLjfmH.exe
  C:\Windows\System\xNLjfmH.exe
  2⤵
  PID:8396
- C:\Windows\System\ebyOSQU.exe
  C:\Windows\System\ebyOSQU.exe
  2⤵
  PID:8480
- C:\Windows\System\GogQukf.exe
  C:\Windows\System\GogQukf.exe
  2⤵
  PID:8536
- C:\Windows\System\jnfTSKd.exe
  C:\Windows\System\jnfTSKd.exe
  2⤵
  PID:8596
- C:\Windows\System\UWFYNyB.exe
  C:\Windows\System\UWFYNyB.exe
  2⤵
  PID:8680
- C:\Windows\System\hQFkIfN.exe
  C:\Windows\System\hQFkIfN.exe
  2⤵
  PID:8740
- C:\Windows\System\dPkgXHI.exe
  C:\Windows\System\dPkgXHI.exe
  2⤵
  PID:8812
- C:\Windows\System\SOHYHaO.exe
  C:\Windows\System\SOHYHaO.exe
  2⤵
  PID:8896
- C:\Windows\System\MAfTtub.exe
  C:\Windows\System\MAfTtub.exe
  2⤵
  PID:9020
- C:\Windows\System\QDsqCgB.exe
  C:\Windows\System\QDsqCgB.exe
  2⤵
  PID:9096
- C:\Windows\System\nPcKChB.exe
  C:\Windows\System\nPcKChB.exe
  2⤵
  PID:9160
- C:\Windows\System\vPhdDEw.exe
  C:\Windows\System\vPhdDEw.exe
  2⤵
  PID:9192
- C:\Windows\System\IWoOiHC.exe
  C:\Windows\System\IWoOiHC.exe
  2⤵
  PID:8296
- C:\Windows\System\qdxMdbJ.exe
  C:\Windows\System\qdxMdbJ.exe
  2⤵
  PID:8456
- C:\Windows\System\KbxOtql.exe
  C:\Windows\System\KbxOtql.exe
  2⤵
  PID:8668
- C:\Windows\System\XfaBKFx.exe
  C:\Windows\System\XfaBKFx.exe
  2⤵
  PID:8868
- C:\Windows\System\SVJuIgk.exe
  C:\Windows\System\SVJuIgk.exe
  2⤵
  PID:9048
- C:\Windows\System\iMMVQmw.exe
  C:\Windows\System\iMMVQmw.exe
  2⤵
  PID:9188
- C:\Windows\System\phdoVLF.exe
  C:\Windows\System\phdoVLF.exe
  2⤵
  PID:8580
- C:\Windows\System\QLZThnf.exe
  C:\Windows\System\QLZThnf.exe
  2⤵
  PID:8956
- C:\Windows\System\tJjLBUH.exe
  C:\Windows\System\tJjLBUH.exe
  2⤵
  PID:8372
- C:\Windows\System\nJWMjkR.exe
  C:\Windows\System\nJWMjkR.exe
  2⤵
  PID:8200
- C:\Windows\System\TvXhmve.exe
  C:\Windows\System\TvXhmve.exe
  2⤵
  PID:9240
- C:\Windows\System\kQYgvUd.exe
  C:\Windows\System\kQYgvUd.exe
  2⤵
  PID:9272
- C:\Windows\System\oNObTBZ.exe
  C:\Windows\System\oNObTBZ.exe
  2⤵
  PID:9300
- C:\Windows\System\ZFjiIfw.exe
  C:\Windows\System\ZFjiIfw.exe
  2⤵
  PID:9332
- C:\Windows\System\MUGOJJt.exe
  C:\Windows\System\MUGOJJt.exe
  2⤵
  PID:9360
- C:\Windows\System\nnbLYZY.exe
  C:\Windows\System\nnbLYZY.exe
  2⤵
  PID:9388
- C:\Windows\System\oFSUhHT.exe
  C:\Windows\System\oFSUhHT.exe
  2⤵
  PID:9416
- C:\Windows\System\zihbNSI.exe
  C:\Windows\System\zihbNSI.exe
  2⤵
  PID:9444
- C:\Windows\System\CppFsCs.exe
  C:\Windows\System\CppFsCs.exe
  2⤵
  PID:9472
- C:\Windows\System\wMdfmkV.exe
  C:\Windows\System\wMdfmkV.exe
  2⤵
  PID:9500
- C:\Windows\System\bGfBTvo.exe
  C:\Windows\System\bGfBTvo.exe
  2⤵
  PID:9528
- C:\Windows\System\BSJEzjs.exe
  C:\Windows\System\BSJEzjs.exe
  2⤵
  PID:9556
- C:\Windows\System\TCOYjOt.exe
  C:\Windows\System\TCOYjOt.exe
  2⤵
  PID:9584
- C:\Windows\System\GbYTSrS.exe
  C:\Windows\System\GbYTSrS.exe
  2⤵
  PID:9612
- C:\Windows\System\bxhuszQ.exe
  C:\Windows\System\bxhuszQ.exe
  2⤵
  PID:9640
- C:\Windows\System\CJskwXc.exe
  C:\Windows\System\CJskwXc.exe
  2⤵
  PID:9672
- C:\Windows\System\zKnfBVs.exe
  C:\Windows\System\zKnfBVs.exe
  2⤵
  PID:9700
- C:\Windows\System\YAZKltQ.exe
  C:\Windows\System\YAZKltQ.exe
  2⤵
  PID:9732
- C:\Windows\System\iNRJsVW.exe
  C:\Windows\System\iNRJsVW.exe
  2⤵
  PID:9764
- C:\Windows\System\igtstUK.exe
  C:\Windows\System\igtstUK.exe
  2⤵
  PID:9792
- C:\Windows\System\ZcAwKpw.exe
  C:\Windows\System\ZcAwKpw.exe
  2⤵
  PID:9812
- C:\Windows\System\YuEJZnD.exe
  C:\Windows\System\YuEJZnD.exe
  2⤵
  PID:9848
- C:\Windows\System\KzcbSZL.exe
  C:\Windows\System\KzcbSZL.exe
  2⤵
  PID:9876
- C:\Windows\System\umCuUIy.exe
  C:\Windows\System\umCuUIy.exe
  2⤵
  PID:9904
- C:\Windows\System\kdlgKIv.exe
  C:\Windows\System\kdlgKIv.exe
  2⤵
  PID:9932
- C:\Windows\System\VCcbBoi.exe
  C:\Windows\System\VCcbBoi.exe
  2⤵
  PID:9964
- C:\Windows\System\SYLvcWN.exe
  C:\Windows\System\SYLvcWN.exe
  2⤵
  PID:9996
- C:\Windows\System\OUfjxgy.exe
  C:\Windows\System\OUfjxgy.exe
  2⤵
  PID:10020
- C:\Windows\System\TRbBaII.exe
  C:\Windows\System\TRbBaII.exe
  2⤵
  PID:10048
- C:\Windows\System\ByMbqEU.exe
  C:\Windows\System\ByMbqEU.exe
  2⤵
  PID:10072
- C:\Windows\System\ihAIyMI.exe
  C:\Windows\System\ihAIyMI.exe
  2⤵
  PID:10104
- C:\Windows\System\zQuJmsS.exe
  C:\Windows\System\zQuJmsS.exe
  2⤵
  PID:10128
- C:\Windows\System\AYOIuNc.exe
  C:\Windows\System\AYOIuNc.exe
  2⤵
  PID:10144
- C:\Windows\System\oEHfCHJ.exe
  C:\Windows\System\oEHfCHJ.exe
  2⤵
  PID:10172
- C:\Windows\System\ayEJZJy.exe
  C:\Windows\System\ayEJZJy.exe
  2⤵
  PID:10224
- C:\Windows\System\ucHvNvY.exe
  C:\Windows\System\ucHvNvY.exe
  2⤵
  PID:9236
- C:\Windows\System\tusjHtj.exe
  C:\Windows\System\tusjHtj.exe
  2⤵
  PID:9284
- C:\Windows\System\foFmAZk.exe
  C:\Windows\System\foFmAZk.exe
  2⤵
  PID:9376
- C:\Windows\System\NiofsSf.exe
  C:\Windows\System\NiofsSf.exe
  2⤵
  PID:9464
- C:\Windows\System\TurpXss.exe
  C:\Windows\System\TurpXss.exe
  2⤵
  PID:9516
- C:\Windows\System\LnVXzXI.exe
  C:\Windows\System\LnVXzXI.exe
  2⤵
  PID:9596
- C:\Windows\System\InjDWxo.exe
  C:\Windows\System\InjDWxo.exe
  2⤵
  PID:9660
- C:\Windows\System\miinBre.exe
  C:\Windows\System\miinBre.exe
  2⤵
  PID:9728
- C:\Windows\System\CEaIytE.exe
  C:\Windows\System\CEaIytE.exe
  2⤵
  PID:9748
- C:\Windows\System\ZqLPrCc.exe
  C:\Windows\System\ZqLPrCc.exe
  2⤵
  PID:9860
- C:\Windows\System\LpNZftK.exe
  C:\Windows\System\LpNZftK.exe
  2⤵
  PID:9928
- C:\Windows\System\rLBcUfV.exe
  C:\Windows\System\rLBcUfV.exe
  2⤵
  PID:9988
- C:\Windows\System\umSLWDE.exe
  C:\Windows\System\umSLWDE.exe
  2⤵
  PID:10056
- C:\Windows\System\HpuTuXa.exe
  C:\Windows\System\HpuTuXa.exe
  2⤵
  PID:10164
- C:\Windows\System\VRrAIva.exe
  C:\Windows\System\VRrAIva.exe
  2⤵
  PID:10160
- C:\Windows\System\dbZYbcP.exe
  C:\Windows\System\dbZYbcP.exe
  2⤵
  PID:9268
- C:\Windows\System\ciVnRtD.exe
  C:\Windows\System\ciVnRtD.exe
  2⤵
  PID:9428
- C:\Windows\System\YCXolvU.exe
  C:\Windows\System\YCXolvU.exe
  2⤵
  PID:9580
- C:\Windows\System\SwitKTo.exe
  C:\Windows\System\SwitKTo.exe
  2⤵
  PID:9760
- C:\Windows\System\vDlNoSg.exe
  C:\Windows\System\vDlNoSg.exe
  2⤵
  PID:9916
- C:\Windows\System\cHnBApO.exe
  C:\Windows\System\cHnBApO.exe
  2⤵
  PID:10044
- C:\Windows\System\efFyGhb.exe
  C:\Windows\System\efFyGhb.exe
  2⤵
  PID:10220
- C:\Windows\System\NbyUJKV.exe
  C:\Windows\System\NbyUJKV.exe
  2⤵
  PID:9548
- C:\Windows\System\YtzeZVt.exe
  C:\Windows\System\YtzeZVt.exe
  2⤵
  PID:9836
- C:\Windows\System\uqetSAV.exe
  C:\Windows\System\uqetSAV.exe
  2⤵
  PID:10192
- C:\Windows\System\AcGSlar.exe
  C:\Windows\System\AcGSlar.exe
  2⤵
  PID:10032
- C:\Windows\System\SlzveOC.exe
  C:\Windows\System\SlzveOC.exe
  2⤵
  PID:9668
- C:\Windows\System\regrptO.exe
  C:\Windows\System\regrptO.exe
  2⤵
  PID:10256
- C:\Windows\System\ComohZm.exe
  C:\Windows\System\ComohZm.exe
  2⤵
  PID:10284
- C:\Windows\System\csLxrGe.exe
  C:\Windows\System\csLxrGe.exe
  2⤵
  PID:10324
- C:\Windows\System\ZhstRQz.exe
  C:\Windows\System\ZhstRQz.exe
  2⤵
  PID:10352
- C:\Windows\System\figqFoz.exe
  C:\Windows\System\figqFoz.exe
  2⤵
  PID:10380
- C:\Windows\System\aNzletA.exe
  C:\Windows\System\aNzletA.exe
  2⤵
  PID:10408
- C:\Windows\System\YvSIFsr.exe
  C:\Windows\System\YvSIFsr.exe
  2⤵
  PID:10440
- C:\Windows\System\ivKISMZ.exe
  C:\Windows\System\ivKISMZ.exe
  2⤵
  PID:10460
- C:\Windows\System\PzdZyfF.exe
  C:\Windows\System\PzdZyfF.exe
  2⤵
  PID:10488
- C:\Windows\System\UhrPQGb.exe
  C:\Windows\System\UhrPQGb.exe
  2⤵
  PID:10512
- C:\Windows\System\iLaEPUX.exe
  C:\Windows\System\iLaEPUX.exe
  2⤵
  PID:10552
- C:\Windows\System\PuYhkvX.exe
  C:\Windows\System\PuYhkvX.exe
  2⤵
  PID:10580
- C:\Windows\System\JhfNOfd.exe
  C:\Windows\System\JhfNOfd.exe
  2⤵
  PID:10596
- C:\Windows\System\irrxqcQ.exe
  C:\Windows\System\irrxqcQ.exe
  2⤵
  PID:10636
- C:\Windows\System\wHXmbVV.exe
  C:\Windows\System\wHXmbVV.exe
  2⤵
  PID:10664
- C:\Windows\System\XfDKdUA.exe
  C:\Windows\System\XfDKdUA.exe
  2⤵
  PID:10692
- C:\Windows\System\RQphQrh.exe
  C:\Windows\System\RQphQrh.exe
  2⤵
  PID:10708
- C:\Windows\System\LKyQbHt.exe
  C:\Windows\System\LKyQbHt.exe
  2⤵
  PID:10748
- C:\Windows\System\LFjVLNr.exe
  C:\Windows\System\LFjVLNr.exe
  2⤵
  PID:10776
- C:\Windows\System\NWHwByL.exe
  C:\Windows\System\NWHwByL.exe
  2⤵
  PID:10804
- C:\Windows\System\lRJBBsl.exe
  C:\Windows\System\lRJBBsl.exe
  2⤵
  PID:10832
- C:\Windows\System\RAeIMfN.exe
  C:\Windows\System\RAeIMfN.exe
  2⤵
  PID:10860
- C:\Windows\System\KwHKGyv.exe
  C:\Windows\System\KwHKGyv.exe
  2⤵
  PID:10888
- C:\Windows\System\CPPznkX.exe
  C:\Windows\System\CPPznkX.exe
  2⤵
  PID:10916
- C:\Windows\System\iTjcPsR.exe
  C:\Windows\System\iTjcPsR.exe
  2⤵
  PID:10944
- C:\Windows\System\TUyayDX.exe
  C:\Windows\System\TUyayDX.exe
  2⤵
  PID:10972
- C:\Windows\System\NwKVMPw.exe
  C:\Windows\System\NwKVMPw.exe
  2⤵
  PID:11000
- C:\Windows\System\PPjpFTD.exe
  C:\Windows\System\PPjpFTD.exe
  2⤵
  PID:11028
- C:\Windows\System\oQOYPaU.exe
  C:\Windows\System\oQOYPaU.exe
  2⤵
  PID:11056
- C:\Windows\System\HdreafJ.exe
  C:\Windows\System\HdreafJ.exe
  2⤵
  PID:11084
- C:\Windows\System\bOTAtsS.exe
  C:\Windows\System\bOTAtsS.exe
  2⤵
  PID:11112
- C:\Windows\System\DiHfgXd.exe
  C:\Windows\System\DiHfgXd.exe
  2⤵
  PID:11140
- C:\Windows\System\sApkzsg.exe
  C:\Windows\System\sApkzsg.exe
  2⤵
  PID:11168
- C:\Windows\System\KhLKRcZ.exe
  C:\Windows\System\KhLKRcZ.exe
  2⤵
  PID:11196
- C:\Windows\System\MyVymBg.exe
  C:\Windows\System\MyVymBg.exe
  2⤵
  PID:11224
- C:\Windows\System\zIVtCQT.exe
  C:\Windows\System\zIVtCQT.exe
  2⤵
  PID:11252
- C:\Windows\System\ETyDvKF.exe
  C:\Windows\System\ETyDvKF.exe
  2⤵
  PID:10268
- C:\Windows\System\yxniIDx.exe
  C:\Windows\System\yxniIDx.exe
  2⤵
  PID:10336
- C:\Windows\System\lvMeruJ.exe
  C:\Windows\System\lvMeruJ.exe
  2⤵
  PID:10372
- C:\Windows\System\URzJSWx.exe
  C:\Windows\System\URzJSWx.exe
  2⤵
  PID:10456
- C:\Windows\System\pLNmDvJ.exe
  C:\Windows\System\pLNmDvJ.exe
  2⤵
  PID:10524
- C:\Windows\System\fOQgWGP.exe
  C:\Windows\System\fOQgWGP.exe
  2⤵
  PID:10572
- C:\Windows\System\gofjYQQ.exe
  C:\Windows\System\gofjYQQ.exe
  2⤵
  PID:10660
- C:\Windows\System\KWeNYOH.exe
  C:\Windows\System\KWeNYOH.exe
  2⤵
  PID:10728
- C:\Windows\System\sriAeGZ.exe
  C:\Windows\System\sriAeGZ.exe
  2⤵
  PID:10800
- C:\Windows\System\lwGGLnL.exe
  C:\Windows\System\lwGGLnL.exe
  2⤵
  PID:10856
- C:\Windows\System\HifXCtc.exe
  C:\Windows\System\HifXCtc.exe
  2⤵
  PID:10928
- C:\Windows\System\MXGtreq.exe
  C:\Windows\System\MXGtreq.exe
  2⤵
  PID:10992
- C:\Windows\System\lTdGoZD.exe
  C:\Windows\System\lTdGoZD.exe
  2⤵
  PID:11052
- C:\Windows\System\Nhhsjqv.exe
  C:\Windows\System\Nhhsjqv.exe
  2⤵
  PID:11124
- C:\Windows\System\dohIrhx.exe
  C:\Windows\System\dohIrhx.exe
  2⤵
  PID:11192
- C:\Windows\System\gaYtvts.exe
  C:\Windows\System\gaYtvts.exe
  2⤵
  PID:10248
- C:\Windows\System\LjZPEoG.exe
  C:\Windows\System\LjZPEoG.exe
  2⤵
  PID:10404
- C:\Windows\System\CHteJmM.exe
  C:\Windows\System\CHteJmM.exe
  2⤵
  PID:10544
- C:\Windows\System\gQCRpJM.exe
  C:\Windows\System\gQCRpJM.exe
  2⤵
  PID:10956
- C:\Windows\System\CiZPsyI.exe
  C:\Windows\System\CiZPsyI.exe
  2⤵
  PID:6704
- C:\Windows\System\FHuAQyt.exe
  C:\Windows\System\FHuAQyt.exe
  2⤵
  PID:7508
- C:\Windows\System\oWuxdKf.exe
  C:\Windows\System\oWuxdKf.exe
  2⤵
  PID:11180
- C:\Windows\System\IIqoere.exe
  C:\Windows\System\IIqoere.exe
  2⤵
  PID:11240
- C:\Windows\System\GhFXtEo.exe
  C:\Windows\System\GhFXtEo.exe
  2⤵
  PID:10884
- C:\Windows\System\jjfhSdu.exe
  C:\Windows\System\jjfhSdu.exe
  2⤵
  PID:11104
- C:\Windows\System\dqbtCLQ.exe
  C:\Windows\System\dqbtCLQ.exe
  2⤵
  PID:6716
- C:\Windows\System\OpYTWOE.exe
  C:\Windows\System\OpYTWOE.exe
  2⤵
  PID:11284
- C:\Windows\System\cHjsijV.exe
  C:\Windows\System\cHjsijV.exe
  2⤵
  PID:11316
- C:\Windows\System\siZGaEE.exe
  C:\Windows\System\siZGaEE.exe
  2⤵
  PID:11356
- C:\Windows\System\Rfhvlln.exe
  C:\Windows\System\Rfhvlln.exe
  2⤵
  PID:11376
- C:\Windows\System\fCEHbXx.exe
  C:\Windows\System\fCEHbXx.exe
  2⤵
  PID:11408
- C:\Windows\System\ORxtzhI.exe
  C:\Windows\System\ORxtzhI.exe
  2⤵
  PID:11444
- C:\Windows\System\EfNPfOG.exe
  C:\Windows\System\EfNPfOG.exe
  2⤵
  PID:11468
- C:\Windows\System\VsSnKZh.exe
  C:\Windows\System\VsSnKZh.exe
  2⤵
  PID:11500
- C:\Windows\System\bVSXCnm.exe
  C:\Windows\System\bVSXCnm.exe
  2⤵
  PID:11528
- C:\Windows\System\WwLiHem.exe
  C:\Windows\System\WwLiHem.exe
  2⤵
  PID:11544
- C:\Windows\System\dEoWzkS.exe
  C:\Windows\System\dEoWzkS.exe
  2⤵
  PID:11572
- C:\Windows\System\VxfdmQb.exe
  C:\Windows\System\VxfdmQb.exe
  2⤵
  PID:11592
- C:\Windows\System\IKtBVRt.exe
  C:\Windows\System\IKtBVRt.exe
  2⤵
  PID:11608
- C:\Windows\System\VaKujXU.exe
  C:\Windows\System\VaKujXU.exe
  2⤵
  PID:11628
- C:\Windows\System\jdUDBBG.exe
  C:\Windows\System\jdUDBBG.exe
  2⤵
  PID:11652
- C:\Windows\System\DKhdeGd.exe
  C:\Windows\System\DKhdeGd.exe
  2⤵
  PID:11684
- C:\Windows\System\DDhTAYc.exe
  C:\Windows\System\DDhTAYc.exe
  2⤵
  PID:11708
- C:\Windows\System\EItKLxr.exe
  C:\Windows\System\EItKLxr.exe
  2⤵
  PID:11744
- C:\Windows\System\bVhIUjc.exe
  C:\Windows\System\bVhIUjc.exe
  2⤵
  PID:11780
- C:\Windows\System\aLmVeBm.exe
  C:\Windows\System\aLmVeBm.exe
  2⤵
  PID:11812
- C:\Windows\System\QgupkNa.exe
  C:\Windows\System\QgupkNa.exe
  2⤵
  PID:11856
- C:\Windows\System\CqpyeEw.exe
  C:\Windows\System\CqpyeEw.exe
  2⤵
  PID:11904
- C:\Windows\System\CSMWiZp.exe
  C:\Windows\System\CSMWiZp.exe
  2⤵
  PID:11936
- C:\Windows\System\DWDLJGD.exe
  C:\Windows\System\DWDLJGD.exe
  2⤵
  PID:11964
- C:\Windows\System\isSDqDJ.exe
  C:\Windows\System\isSDqDJ.exe
  2⤵
  PID:11980
- C:\Windows\System\MFlYBkr.exe
  C:\Windows\System\MFlYBkr.exe
  2⤵
  PID:12008
- C:\Windows\System\KOGlNVs.exe
  C:\Windows\System\KOGlNVs.exe
  2⤵
  PID:12036
- C:\Windows\System\OnhtPJY.exe
  C:\Windows\System\OnhtPJY.exe
  2⤵
  PID:12064
- C:\Windows\System\cTtLGsk.exe
  C:\Windows\System\cTtLGsk.exe
  2⤵
  PID:12092
- C:\Windows\System\fDPwxDv.exe
  C:\Windows\System\fDPwxDv.exe
  2⤵
  PID:12108
- C:\Windows\System\wzHAyFT.exe
  C:\Windows\System\wzHAyFT.exe
  2⤵
  PID:12144
- C:\Windows\System\UZrDkKT.exe
  C:\Windows\System\UZrDkKT.exe
  2⤵
  PID:12164
- C:\Windows\System\nOGDMFB.exe
  C:\Windows\System\nOGDMFB.exe
  2⤵
  PID:12200
- C:\Windows\System\tnRVmMZ.exe
  C:\Windows\System\tnRVmMZ.exe
  2⤵
  PID:12232
- C:\Windows\System\sROPVtT.exe
  C:\Windows\System\sROPVtT.exe
  2⤵
  PID:12260
- C:\Windows\System\SiHtvXI.exe
  C:\Windows\System\SiHtvXI.exe
  2⤵
  PID:9328
- C:\Windows\System\Jhieakz.exe
  C:\Windows\System\Jhieakz.exe
  2⤵
  PID:11336
- C:\Windows\System\VrvDINv.exe
  C:\Windows\System\VrvDINv.exe
  2⤵
  PID:11400
- C:\Windows\System\nttDMlk.exe
  C:\Windows\System\nttDMlk.exe
  2⤵
  PID:11460
- C:\Windows\System\SFOoclg.exe
  C:\Windows\System\SFOoclg.exe
  2⤵
  PID:11540
- C:\Windows\System\jFYcxLq.exe
  C:\Windows\System\jFYcxLq.exe
  2⤵
  PID:11644
- C:\Windows\System\nmYOWhy.exe
  C:\Windows\System\nmYOWhy.exe
  2⤵
  PID:11724
- C:\Windows\System\ZGqNXIh.exe
  C:\Windows\System\ZGqNXIh.exe
  2⤵
  PID:11704
- C:\Windows\System\rublMWH.exe
  C:\Windows\System\rublMWH.exe
  2⤵
  PID:11776
- C:\Windows\System\uWrBLwp.exe
  C:\Windows\System\uWrBLwp.exe
  2⤵
  PID:11884
- C:\Windows\System\nfFWIQc.exe
  C:\Windows\System\nfFWIQc.exe
  2⤵
  PID:11960
- C:\Windows\System\mdNKCEM.exe
  C:\Windows\System\mdNKCEM.exe
  2⤵
  PID:12000
- C:\Windows\System\ofGoqxD.exe
  C:\Windows\System\ofGoqxD.exe
  2⤵
  PID:12072
- C:\Windows\System\sdPGVdO.exe
  C:\Windows\System\sdPGVdO.exe
  2⤵
  PID:12132
- C:\Windows\System\vmReHJX.exe
  C:\Windows\System\vmReHJX.exe
  2⤵
  PID:12208
- C:\Windows\System\eeJttMX.exe
  C:\Windows\System\eeJttMX.exe
  2⤵
  PID:12272
- C:\Windows\System\AcWTHbm.exe
  C:\Windows\System\AcWTHbm.exe
  2⤵
  PID:11304
- C:\Windows\System\NgabIZE.exe
  C:\Windows\System\NgabIZE.exe
  2⤵
  PID:11452
- C:\Windows\System\KecNiYg.exe
  C:\Windows\System\KecNiYg.exe
  2⤵
  PID:11600
- C:\Windows\System\yoTLLHe.exe
  C:\Windows\System\yoTLLHe.exe
  2⤵
  PID:11868
- C:\Windows\System\cWWKjQm.exe
  C:\Windows\System\cWWKjQm.exe
  2⤵
  PID:11996
- C:\Windows\System\jMtHety.exe
  C:\Windows\System\jMtHety.exe
  2⤵
  PID:12140
- C:\Windows\System\zgReCzQ.exe
  C:\Windows\System\zgReCzQ.exe
  2⤵
  PID:12284
- C:\Windows\System\qBzrsrE.exe
  C:\Windows\System\qBzrsrE.exe
  2⤵
  PID:11668
- C:\Windows\System\VtzqOlX.exe
  C:\Windows\System\VtzqOlX.exe
  2⤵
  PID:11992
- C:\Windows\System\XtKLZck.exe
  C:\Windows\System\XtKLZck.exe
  2⤵
  PID:11388
- C:\Windows\System\ObZRqOx.exe
  C:\Windows\System\ObZRqOx.exe
  2⤵
  PID:12220
- C:\Windows\System\TRZZarf.exe
  C:\Windows\System\TRZZarf.exe
  2⤵
  PID:12296
- C:\Windows\System\jiRJCTZ.exe
  C:\Windows\System\jiRJCTZ.exe
  2⤵
  PID:12324
- C:\Windows\System\bguEsnK.exe
  C:\Windows\System\bguEsnK.exe
  2⤵
  PID:12352
- C:\Windows\System\jWpHdXr.exe
  C:\Windows\System\jWpHdXr.exe
  2⤵
  PID:12380
- C:\Windows\System\AJeylLv.exe
  C:\Windows\System\AJeylLv.exe
  2⤵
  PID:12408
- C:\Windows\System\KadqNLM.exe
  C:\Windows\System\KadqNLM.exe
  2⤵
  PID:12436
- C:\Windows\System\LRImrbl.exe
  C:\Windows\System\LRImrbl.exe
  2⤵
  PID:12464
- C:\Windows\System\VbNtvrP.exe
  C:\Windows\System\VbNtvrP.exe
  2⤵
  PID:12492
- C:\Windows\System\xBLucuF.exe
  C:\Windows\System\xBLucuF.exe
  2⤵
  PID:12520
- C:\Windows\System\EJCGuxB.exe
  C:\Windows\System\EJCGuxB.exe
  2⤵
  PID:12556
- C:\Windows\System\Ntitoys.exe
  C:\Windows\System\Ntitoys.exe
  2⤵
  PID:12584
- C:\Windows\System\Yymqffb.exe
  C:\Windows\System\Yymqffb.exe
  2⤵
  PID:12612
- C:\Windows\System\eTXvyyC.exe
  C:\Windows\System\eTXvyyC.exe
  2⤵
  PID:12640
- C:\Windows\System\kdJEXNH.exe
  C:\Windows\System\kdJEXNH.exe
  2⤵
  PID:12660
- C:\Windows\System\KWeHGMY.exe
  C:\Windows\System\KWeHGMY.exe
  2⤵
  PID:12700
- C:\Windows\System\lRVsbvG.exe
  C:\Windows\System\lRVsbvG.exe
  2⤵
  PID:12728
- C:\Windows\System\WdYSbaj.exe
  C:\Windows\System\WdYSbaj.exe
  2⤵
  PID:12756
- C:\Windows\System\zsLgHRc.exe
  C:\Windows\System\zsLgHRc.exe
  2⤵
  PID:12784
- C:\Windows\System\SdrzCoB.exe
  C:\Windows\System\SdrzCoB.exe
  2⤵
  PID:12812
- C:\Windows\System\zFhxkYK.exe
  C:\Windows\System\zFhxkYK.exe
  2⤵
  PID:12840
- C:\Windows\System\gepCGsd.exe
  C:\Windows\System\gepCGsd.exe
  2⤵
  PID:12868
- C:\Windows\System\GFExfaI.exe
  C:\Windows\System\GFExfaI.exe
  2⤵
  PID:12896
- C:\Windows\System\GAmKEmV.exe
  C:\Windows\System\GAmKEmV.exe
  2⤵
  PID:12924
- C:\Windows\System\NpwYALY.exe
  C:\Windows\System\NpwYALY.exe
  2⤵
  PID:12952
- C:\Windows\System\ELihRxh.exe
  C:\Windows\System\ELihRxh.exe
  2⤵
  PID:12984
- C:\Windows\System\NLbCDmy.exe
  C:\Windows\System\NLbCDmy.exe
  2⤵
  PID:13016
- C:\Windows\System\RBdEUQw.exe
  C:\Windows\System\RBdEUQw.exe
  2⤵
  PID:13048
- C:\Windows\System\EwpuaHD.exe
  C:\Windows\System\EwpuaHD.exe
  2⤵
  PID:13076
- C:\Windows\System\FwZloeG.exe
  C:\Windows\System\FwZloeG.exe
  2⤵
  PID:13108
- C:\Windows\System\pbSsgiF.exe
  C:\Windows\System\pbSsgiF.exe
  2⤵
  PID:13132
- C:\Windows\System\zLmPTUp.exe
  C:\Windows\System\zLmPTUp.exe
  2⤵
  PID:13156
- C:\Windows\System\jBTKLMR.exe
  C:\Windows\System\jBTKLMR.exe
  2⤵
  PID:13180
- C:\Windows\System\pgDVnPu.exe
  C:\Windows\System\pgDVnPu.exe
  2⤵
  PID:13196
- C:\Windows\System\fkbZQiv.exe
  C:\Windows\System\fkbZQiv.exe
  2⤵
  PID:13216
- C:\Windows\System\dlGGgKy.exe
  C:\Windows\System\dlGGgKy.exe
  2⤵
  PID:13256
- C:\Windows\System\RkIJzTe.exe
  C:\Windows\System\RkIJzTe.exe
  2⤵
  PID:13276
- C:\Windows\System\UlHOQuU.exe
  C:\Windows\System\UlHOQuU.exe
  2⤵
  PID:13292
- C:\Windows\System\vccmIon.exe
  C:\Windows\System\vccmIon.exe
  2⤵
  PID:12308
- C:\Windows\System\AsggFRz.exe
  C:\Windows\System\AsggFRz.exe
  2⤵
  PID:12364
- C:\Windows\System\zpGxqDI.exe
  C:\Windows\System\zpGxqDI.exe
  2⤵
  PID:12420
- C:\Windows\System\XbXEpje.exe
  C:\Windows\System\XbXEpje.exe
  2⤵
  PID:12544
- C:\Windows\System\sUKTxTZ.exe
  C:\Windows\System\sUKTxTZ.exe
  2⤵
  PID:12596
- C:\Windows\System\pnJWspZ.exe
  C:\Windows\System\pnJWspZ.exe
  2⤵
  PID:12648
- C:\Windows\System\nAKpyfT.exe
  C:\Windows\System\nAKpyfT.exe
  2⤵
  PID:12748
- C:\Windows\System\HhPntew.exe
  C:\Windows\System\HhPntew.exe
  2⤵
  PID:12836
- C:\Windows\System\tPMvZsP.exe
  C:\Windows\System\tPMvZsP.exe
  2⤵
  PID:12908
- C:\Windows\System\wsmUiKW.exe
  C:\Windows\System\wsmUiKW.exe
  2⤵
  PID:12944
- C:\Windows\System\PHkTVrQ.exe
  C:\Windows\System\PHkTVrQ.exe
  2⤵
  PID:13028
- C:\Windows\System\uwtDukn.exe
  C:\Windows\System\uwtDukn.exe
  2⤵
  PID:13116
- C:\Windows\System\tkOpNgZ.exe
  C:\Windows\System\tkOpNgZ.exe
  2⤵
  PID:13164
- C:\Windows\System\NjfAGRe.exe
  C:\Windows\System\NjfAGRe.exe
  2⤵
  PID:13236
- C:\Windows\System\KFOplHk.exe
  C:\Windows\System\KFOplHk.exe
  2⤵
  PID:13300
- C:\Windows\System\vUJbEcd.exe
  C:\Windows\System\vUJbEcd.exe
  2⤵
  PID:12512
- C:\Windows\System\oINriIO.exe
  C:\Windows\System\oINriIO.exe
  2⤵
  PID:12576
- C:\Windows\System\BgNzsAL.exe
  C:\Windows\System\BgNzsAL.exe
  2⤵
  PID:11436
- C:\Windows\System\HshAbfj.exe
  C:\Windows\System\HshAbfj.exe
  2⤵
  PID:12804
- C:\Windows\System\HVrRKhG.exe
  C:\Windows\System\HVrRKhG.exe
  2⤵
  PID:13088
- C:\Windows\System\pxTtFSX.exe
  C:\Windows\System\pxTtFSX.exe
  2⤵
  PID:13204
- C:\Windows\System\yjoXghH.exe
  C:\Windows\System\yjoXghH.exe
  2⤵
  PID:13288
- C:\Windows\System\tPEvODc.exe
  C:\Windows\System\tPEvODc.exe
  2⤵
  PID:12652
- C:\Windows\System\fakhWIk.exe
  C:\Windows\System\fakhWIk.exe
  2⤵
  PID:12824
- C:\Windows\System\HBDYdQM.exe
  C:\Windows\System\HBDYdQM.exe
  2⤵
  PID:12920
- C:\Windows\System\HUUbcTP.exe
  C:\Windows\System\HUUbcTP.exe
  2⤵
  PID:12580
- C:\Windows\System\ZnVrQtA.exe
  C:\Windows\System\ZnVrQtA.exe
  2⤵
  PID:12796
- C:\Windows\System\oQBrJAE.exe
  C:\Windows\System\oQBrJAE.exe
  2⤵
  PID:13248
- C:\Windows\System\oPMokPc.exe
  C:\Windows\System\oPMokPc.exe
  2⤵
  PID:2716
- C:\Windows\System\LeIoTYi.exe
  C:\Windows\System\LeIoTYi.exe
  2⤵
  PID:13336
- C:\Windows\System\syJfzaW.exe
  C:\Windows\System\syJfzaW.exe
  2⤵
  PID:13372
- C:\Windows\System\PyfpBWB.exe
  C:\Windows\System\PyfpBWB.exe
  2⤵
  PID:13400
- C:\Windows\System\QXEwUUx.exe
  C:\Windows\System\QXEwUUx.exe
  2⤵
  PID:13420
- C:\Windows\System\IJOydup.exe
  C:\Windows\System\IJOydup.exe
  2⤵
  PID:13456
- C:\Windows\System\EwKclNo.exe
  C:\Windows\System\EwKclNo.exe
  2⤵
  PID:13480
- C:\Windows\System\QYkmzqw.exe
  C:\Windows\System\QYkmzqw.exe
  2⤵
  PID:13500
- C:\Windows\System\mVeAARP.exe
  C:\Windows\System\mVeAARP.exe
  2⤵
  PID:13520
- C:\Windows\System\DgPnwWU.exe
  C:\Windows\System\DgPnwWU.exe
  2⤵
  PID:13556
- C:\Windows\System\iAHvrzg.exe
  C:\Windows\System\iAHvrzg.exe
  2⤵
  PID:13596
- C:\Windows\System\OgrfKgn.exe
  C:\Windows\System\OgrfKgn.exe
  2⤵
  PID:13624
- C:\Windows\System\hqlFIpD.exe
  C:\Windows\System\hqlFIpD.exe
  2⤵
  PID:13652
- C:\Windows\System\huOMayL.exe
  C:\Windows\System\huOMayL.exe
  2⤵
  PID:13668
- C:\Windows\System\JGEAlEu.exe
  C:\Windows\System\JGEAlEu.exe
  2⤵
  PID:13696
- C:\Windows\System\jGuoDqU.exe
  C:\Windows\System\jGuoDqU.exe
  2⤵
  PID:13712
- C:\Windows\System\mkhTVEy.exe
  C:\Windows\System\mkhTVEy.exe
  2⤵
  PID:13752
- C:\Windows\System\AWBAJYM.exe
  C:\Windows\System\AWBAJYM.exe
  2⤵
  PID:13792
- C:\Windows\System\LzDREtF.exe
  C:\Windows\System\LzDREtF.exe
  2⤵
  PID:13808
- C:\Windows\System\UgdcNCg.exe
  C:\Windows\System\UgdcNCg.exe
  2⤵
  PID:13840
- C:\Windows\System\DHYiotZ.exe
  C:\Windows\System\DHYiotZ.exe
  2⤵
  PID:13864
- C:\Windows\System\qpsFnLg.exe
  C:\Windows\System\qpsFnLg.exe
  2⤵
  PID:13880
- C:\Windows\System\QSzZAmh.exe
  C:\Windows\System\QSzZAmh.exe
  2⤵
  PID:13916
- C:\Windows\System\zshyMIB.exe
  C:\Windows\System\zshyMIB.exe
  2⤵
  PID:13952
- C:\Windows\System\abkdOLI.exe
  C:\Windows\System\abkdOLI.exe
  2⤵
  PID:13984
- C:\Windows\System\fedBqHS.exe
  C:\Windows\System\fedBqHS.exe
  2⤵
  PID:14016
- C:\Windows\System\EjvGqsn.exe
  C:\Windows\System\EjvGqsn.exe
  2⤵
  PID:14060
- C:\Windows\System\fwlddTW.exe
  C:\Windows\System\fwlddTW.exe
  2⤵
  PID:14076
- C:\Windows\System\xfwWnCi.exe
  C:\Windows\System\xfwWnCi.exe
  2⤵
  PID:14104
- C:\Windows\System\kTNIjSO.exe
  C:\Windows\System\kTNIjSO.exe
  2⤵
  PID:14132
- C:\Windows\System\xvfLtZR.exe
  C:\Windows\System\xvfLtZR.exe
  2⤵
  PID:14156
- C:\Windows\System\qNkHQHF.exe
  C:\Windows\System\qNkHQHF.exe
  2⤵
  PID:14172
- C:\Windows\System\ydnCwWJ.exe
  C:\Windows\System\ydnCwWJ.exe
  2⤵
  PID:14192
- C:\Windows\System\vbekOHm.exe
  C:\Windows\System\vbekOHm.exe
  2⤵
  PID:14208
- C:\Windows\System\XyFyKFP.exe
  C:\Windows\System\XyFyKFP.exe
  2⤵
  PID:14236
- C:\Windows\System\mDVFkwz.exe
  C:\Windows\System\mDVFkwz.exe
  2⤵
  PID:14276
- C:\Windows\System\GiwcBQv.exe
  C:\Windows\System\GiwcBQv.exe
  2⤵
  PID:14308
- C:\Windows\System\XgSMfyg.exe
  C:\Windows\System\XgSMfyg.exe
  2⤵
  PID:4864
- C:\Windows\System\LVROGCU.exe
  C:\Windows\System\LVROGCU.exe
  2⤵
  PID:13360
- C:\Windows\System\wunbsPV.exe
  C:\Windows\System\wunbsPV.exe
  2⤵
  PID:13448
- C:\Windows\System\NtOwPGQ.exe
  C:\Windows\System\NtOwPGQ.exe
  2⤵
  PID:13508
- C:\Windows\System\iflDoTC.exe
  C:\Windows\System\iflDoTC.exe
  2⤵
  PID:13576
- C:\Windows\System\omylpMV.exe
  C:\Windows\System\omylpMV.exe
  2⤵
  PID:13660
- C:\Windows\System\NiNZDto.exe
  C:\Windows\System\NiNZDto.exe
  2⤵
  PID:13736
- C:\Windows\System\MIXvpNv.exe
  C:\Windows\System\MIXvpNv.exe
  2⤵
  PID:13800
- C:\Windows\System\ciqlPcf.exe
  C:\Windows\System\ciqlPcf.exe
  2⤵
  PID:13872
- C:\Windows\System\bOTnbix.exe
  C:\Windows\System\bOTnbix.exe
  2⤵
  PID:13924
- C:\Windows\System\QHUpUDe.exe
  C:\Windows\System\QHUpUDe.exe
  2⤵
  PID:14008
- C:\Windows\System\GgyiSIW.exe
  C:\Windows\System\GgyiSIW.exe
  2⤵
  PID:14072
- C:\Windows\System\IvjusWM.exe
  C:\Windows\System\IvjusWM.exe
  2⤵
  PID:14124
- C:\Windows\System\iuMCrMN.exe
  C:\Windows\System\iuMCrMN.exe
  2⤵
  PID:14180
- C:\Windows\System\WwBZjwm.exe
  C:\Windows\System\WwBZjwm.exe
  2⤵
  PID:14248
- C:\Windows\System\atSlNKd.exe
  C:\Windows\System\atSlNKd.exe
  2⤵
  PID:14220
- C:\Windows\System\TJTRLyK.exe
  C:\Windows\System\TJTRLyK.exe
  2⤵
  PID:13384
- C:\Windows\System\DlyrZWb.exe
  C:\Windows\System\DlyrZWb.exe
  2⤵
  PID:13492
- C:\Windows\System\sAaoNNG.exe
  C:\Windows\System\sAaoNNG.exe
  2⤵
  PID:13568
- C:\Windows\System\OdwzZZJ.exe
  C:\Windows\System\OdwzZZJ.exe
  2⤵
  PID:13764
- C:\Windows\System\TpLMjlB.exe
  C:\Windows\System\TpLMjlB.exe
  2⤵
  PID:13996
- C:\Windows\System\VDpiexw.exe
  C:\Windows\System\VDpiexw.exe
  2⤵
  PID:14100
- C:\Windows\System\CWmjJWn.exe
  C:\Windows\System\CWmjJWn.exe
  2⤵
  PID:14268
- C:\Windows\System\xuhpEgK.exe
  C:\Windows\System\xuhpEgK.exe
  2⤵
  PID:13528
- C:\Windows\System\VCgWBRG.exe
  C:\Windows\System\VCgWBRG.exe
  2⤵
  PID:13704
- C:\Windows\System\shFcXIl.exe
  C:\Windows\System\shFcXIl.exe
  2⤵
  PID:14068
- C:\Windows\System\HDjeIoB.exe
  C:\Windows\System\HDjeIoB.exe
  2⤵
  PID:13732
- C:\Windows\System\pkCzPsx.exe
  C:\Windows\System\pkCzPsx.exe
  2⤵
  PID:13468
- C:\Windows\System\uHCFDax.exe
  C:\Windows\System\uHCFDax.exe
  2⤵
  PID:14356
- C:\Windows\System\iWopYcB.exe
  C:\Windows\System\iWopYcB.exe
  2⤵
  PID:14372
- C:\Windows\System\ZeErxWR.exe
  C:\Windows\System\ZeErxWR.exe
  2⤵
  PID:14392
- C:\Windows\System\aExHuvL.exe
  C:\Windows\System\aExHuvL.exe
  2⤵
  PID:14428
- C:\Windows\System\CNWxbQq.exe
  C:\Windows\System\CNWxbQq.exe
  2⤵
  PID:14452
- C:\Windows\System\CIzLTsr.exe
  C:\Windows\System\CIzLTsr.exe
  2⤵
  PID:14508
- C:\Windows\System\vfXcaHj.exe
  C:\Windows\System\vfXcaHj.exe
  2⤵
  PID:14524
- C:\Windows\System\PbGdDmU.exe
  C:\Windows\System\PbGdDmU.exe
  2⤵
  PID:14552
- C:\Windows\System\bBrcAnD.exe
  C:\Windows\System\bBrcAnD.exe
  2⤵
  PID:14584
- C:\Windows\System\WqXqNtt.exe
  C:\Windows\System\WqXqNtt.exe
  2⤵
  PID:14612
- C:\Windows\System\hZCyEzW.exe
  C:\Windows\System\hZCyEzW.exe
  2⤵
  PID:14648
- C:\Windows\System\eMLwcED.exe
  C:\Windows\System\eMLwcED.exe
  2⤵
  PID:14692
- C:\Windows\System\iHrJWfu.exe
  C:\Windows\System\iHrJWfu.exe
  2⤵
  PID:14708

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15100

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BvrzeaN.exe

Filesize
2.6MB

MD5
0e137299973d6d543c42ea7c96ac3582

SHA1
a4e0ad0b9299b6b3a3489be91e608bffba2a6102

SHA256
2f0ac89b38eb9e706f1853ba91f62bfe1b191b2935cae91d0fe8393cee51729c

SHA512
85f389feb8bfd658d5fcebc7865c22eb60b1b248c3c9614543acc26ae400940d0e5f89c05442bf6382e7079e51d5c3069066777f40d6a6329a20c8106c4f0f95

Download Submit
C:\Windows\System\EpNmVTl.exe

Filesize
2.6MB

MD5
546b25fe3355b352f2dabcb882021b21

SHA1
07b718a52dd21fbd027cc7ae4ee294fbef26fe64

SHA256
df53cb40736ff930962fbbc0c5a70a1ee9fe8188f5a67153dfc71058a800727f

SHA512
bc7e432731bc82debbccad2db0b398243408b09f7a5bafbabe2646172f8fa6a67dea563a737f9dec10266899f215d967cbf5bb2e0e9c9ec916345a637d802e05

Download Submit
C:\Windows\System\GtKPRtr.exe

Filesize
2.6MB

MD5
a02e12ed3905e86b507bbcf28e8dd416

SHA1
ffb258cbd6b813075f3d60a5c0dccebc3ab4b726

SHA256
dbf63a88c19fe7ea1d51204915b0ad45a58a6ffc14e304d5b3f501d39a65cb6c

SHA512
d2c42151c2b0176267e9500d5d0ac7a1fdff0794ca2a0be28574af9f6d8dc17b78e00511f0065c80396dc81a3b016bdd9f6180f2aefa0da3191597ba1c750481

Download Submit
C:\Windows\System\JewQhNa.exe

Filesize
2.6MB

MD5
8347b0c119d9369656ac430fe188330d

SHA1
c1216be1c62f0be4e86bd41adb47556ef8a80906

SHA256
ce5bbac296189749f10e370a9ec42242407fe8d75ef7ec42050b8a676c2d6f97

SHA512
7d3bfd5d5a86a25c64c9e744f90ec75ced865c1c8208728623905b7e2bc661fa984c4fbe12a8e8f21f76283b6b25a3c18693cffd0ad34d1ee81d04c3b79eab14

Download Submit
C:\Windows\System\MXaGeTe.exe

Filesize
2.6MB

MD5
6bf534e2ddb3df2c84bc47e77830a31f

SHA1
1e37dbbd915c8812755f1e677349fb2232322555

SHA256
7b3f3aa3eea77e5e2ac52c6be92ee2804251781304347f02f76513bc11411587

SHA512
f64b2bbb5371322208b5ef9c7239cbfcd6b4fbdcdf1a8bd7ccc32b807fc0ca4e55ded868135f3e2dffbd50598e9ca19c559036f122c0cd67a0069e0728b38ab8

Download Submit
C:\Windows\System\NCTKPlf.exe

Filesize
2.6MB

MD5
deb4a44e7e8bd75a56e12890397fab51

SHA1
0d9975483894b15462ca798292277921dde33c00

SHA256
7ee54c8224f81b636ac00bb7cd1ffb9b2e3523637641c474b637a68269991a13

SHA512
c156440d269659d044555ca9063336ce007b319ca0090ad837f8efd56626d6ad2a1cac6ea67844805fc5b8933f6185f00606b98d3f248fcfbc8c771bffc6f7e8

Download Submit
C:\Windows\System\NVbGmgQ.exe

Filesize
2.6MB

MD5
d68667e7d30d846d67761c4fb2e1fefc

SHA1
0183fb533c762e7968f124306667b7500c6f2232

SHA256
bbcc36a2ddb7ec7b5de54be84189bdd3dd601a0cbd3eac4e69d2d5217a3ecb4d

SHA512
e3bfaef83408d8e379d3bfffc34226e128b4bcdfb7d0bb211890f15dcb3f4dcd40ddf0a832b7910bd4458563e2129a1e5b2d18a59db44a4c65bfd79590337037

Download Submit
C:\Windows\System\OYaaecu.exe

Filesize
2.6MB

MD5
4e20becd37b5417ce475728f7de48eda

SHA1
a2349c56543d4d69cdd551cbab4fbfc34121ad74

SHA256
a9ba8207a280d42c8cda2e46ffe6d24cdb09d70121ee241ef076c5987d33bff7

SHA512
d62dbd1cf79aa6de79cf4a84010da4c730f31c2b0d67a622de38cb4e754b55096f0a6ba0715be421c7dcf012934b8e6ec10e623f531b27184ff4f9e0f3bb88d1

Download Submit
C:\Windows\System\OfEABRR.exe

Filesize
2.6MB

MD5
03a15e4fd86b5089a2687b4409e0a88b

SHA1
3019ff0b40b839037d2e2727542871caf2fdefe0

SHA256
f0669c659b751f4255fab461e8cb76f5e2a34edd385f2ff420e0493a4321c553

SHA512
1b4f4a981eeebdb040585dae73ef97e83938d016733a0c9b14ae59ffab93b5b2bbeaec2f0341b99fc1d9a69039e8ea2edf4073e741b7ea7168af1924d02db116

Download Submit
C:\Windows\System\RcKnOcw.exe

Filesize
2.6MB

MD5
29fce1422ac68701e94badf298fbe583

SHA1
5a05cf0fd753d99a07165c21738fa990e5864234

SHA256
cdd66418b4c0b127da857e643eac87a86ed9d06cb7d032a039f4c60f69b2a132

SHA512
efb597504a3c41ea40f87803dfac449928702250b8d9d5b89b65401e938b0ec413d2f4f5835c22b91c42e9eebfeefe4214731fa7960f5f8204612e7f05c5cc34

Download Submit
C:\Windows\System\TMubMHi.exe

Filesize
2.6MB

MD5
24b9af4b1c97a7f2ac00258e2d9e3536

SHA1
5de970dd17a47a0f478845d07ffd1eaaa7ee7bc6

SHA256
f8f5c22197fbee169c6d066fad3b67fcbc6283ff97b3a35dd3a9d0becf42cc5b

SHA512
4c5d204074c60fd761bb4c19ba6d04d3704f4dc97ea2b3ab2529192e0860359f4d3d60c74de0feacf61008ebd9025e9775aad1051ecfcfd7961d6d42876069a8

Download Submit
C:\Windows\System\TmndHBE.exe

Filesize
2.6MB

MD5
1b5c437fd68bc02e696d32586e0714c3

SHA1
f4504b3b8d8d1a6aa74c16a652d1a7932bcb6ce4

SHA256
046c34eb18f65781f7102acd0bccfadde2271ec2930729f6881051a5298458ab

SHA512
82a4b537511207819dc36bec5cb8d059257c0780e9d3c135a12f810ba314ba50d4f357006a2c1c1160dbfc127d92fad2f09c95a6f5f1d2661f52d7d18388a457

Download Submit
C:\Windows\System\VVPAuRg.exe

Filesize
2.6MB

MD5
e572fea083833685654168314039b77a

SHA1
a8d6ad51c9fe2a7b6368bd85f2dd3485570ff8f3

SHA256
23d212c509b8c304083a049e55a091123e3b51f954d14e9e18dda31776f01228

SHA512
bd6af4ff09b77cc3ef2bfd90c8afc03d3d21be3d47fe35ab160b5a5dbd9c7987e454393b040c8e26984ac63547b5608ea7577edee1232fb35de66470d1b5ce19

Download Submit
C:\Windows\System\VYoBZvN.exe

Filesize
2.6MB

MD5
e4da6533ce47127cc4c3ce6822769fd6

SHA1
7753c542d65e5a2e4876a250dde1d2e720818d35

SHA256
09cce1f75dab0c52a39d00f92cdee0f509b3e2740ae2fffb92a75465e66add0f

SHA512
08da9cd2113d43773bed1e23d1218ebc0bbdddab4a628c304628f310136e2f654f617cfb1a55675fbbecdbc238a385dee97c775bf9d8138b6a750f5cc2e53fc3

Download Submit
C:\Windows\System\WPiRkNr.exe

Filesize
2.6MB

MD5
127fd9c012816bfad840d9b36bd04d32

SHA1
1edc8f40dd145ce11cd168a754b158541aa01190

SHA256
ac47a27236e77198915f1d707999008feffb8a62cbea5e4eced85ed209f86ca7

SHA512
d081c0bf1aa84d5deee0377a9013b1288fbbed4e52eea9287bce17c1ebcc0cc82f8dc6a4b83c4b8ffaf2afd0b3154ff13c6b7c74313943796b75ce2145b93870

Download Submit
C:\Windows\System\ZFWlAyf.exe

Filesize
2.6MB

MD5
f09d9a319ac5cd52df0614efb983b916

SHA1
47efb1e9ea5c46a3c3ddae9154653e8df4d6b973

SHA256
281ea7ba606490be19e0e527ffe5a7cb609190331472a0097c27f23ec7a1f9f8

SHA512
8aa23660e6ac56d43e31f3144f482842c42eb74c29bc6aa5e2f446a969cdf65f931fa46bbc7e6e0f130c39784ac32e80ba960e11160cf7102275e61eb919d0c9

Download Submit
C:\Windows\System\ZJXnTrs.exe

Filesize
2.6MB

MD5
a5edf99e25efcf1cbdab23d3de79d497

SHA1
f35a97ec431da6c69140f5926aff53ac4f209c1b

SHA256
77c5d99ea1ad5161526fdd8dff3cadbb4260c350ea15e816d07ce80ab7eb4883

SHA512
6a04d5230a4eb69c61c808074565524b04bc9a7af921b3265dde43a57073d1aba5aa7c3fc3ef9b6d6dd9b9a6dbb5ac66e4895f458610983be394c15b17777f08

Download Submit
C:\Windows\System\aIvoCFS.exe

Filesize
2.6MB

MD5
374b941f3d4edd9536f04e3442dab777

SHA1
d87251fe2a441f95e40afec66006c64e7fe31558

SHA256
685ee4f6ef5ec05de0bf8c2232de155a5b5ce417fff9061d5f3dba21e4ff3f7f

SHA512
e56fd714336bff5937fe6418898104e2047bf62c28410e49a0fa733146d19e0d2c15487685d3029672bf28c6cf1152ed9fa7e5c35efc5ac5184ba1f12923d1e2

Download Submit
C:\Windows\System\dHVmxkL.exe

Filesize
2.6MB

MD5
a6c173451221fc66e44b32b00b2d7215

SHA1
f509d58607d6ba1d120806cb4093c626a3e76f8f

SHA256
0f21b1467d92b4134f1e844e5c90333870a2ecb4d4c0d72415125f8c5fe7fba7

SHA512
309b1eb17dd74ae0e7fa3b32a24e2d4d2bfb3859d9c31b96751daa885e55e6d903f07ac5e3b929ecc23c080a973bfb55cff3d1dc54707d89f82b75f81e996b99

Download Submit
C:\Windows\System\fQWLedm.exe

Filesize
2.6MB

MD5
b00cd77a60467a7825969163f746c3c7

SHA1
08bf4adc8d1c4997474b47bd03d2b79250c6c6c8

SHA256
06a825b6638b2e86bebd1499836c91220f7636b9fc9bda4f2ff64b8cc2ea62e9

SHA512
fdbb929c837739a8a8730e1a67935218460d88f87e8e9072f7fb7e4b0ee863cc3668006bd6dc6bb2dbf8ce5cbedc8d987ebb189b52db1028ec9dea845c351f26

Download Submit
C:\Windows\System\gUXxhCy.exe

Filesize
2.6MB

MD5
fe0fb2c780a970b1cd5b2dd5d95b63e0

SHA1
3295c17ccfdb76d7bfb5945dda9ac6362e6c5f69

SHA256
ac5eab95a237052630f2a18af116f92c694639012cb8d105b841858b12394ba0

SHA512
b498fabedb2c7f37dd7f65aa7d7cd9b62bc7949e1939fb441bdd30dc7165f1784f3339f9741a962785913138f2f2b7c36bc63967e8972e98008314a23f3b9418

Download Submit
C:\Windows\System\jBjjAnB.exe

Filesize
2.6MB

MD5
e614af08b5bc1602e4d20a04442a887f

SHA1
37412aedfc674ea69ce295c1be55ac81a31aa499

SHA256
f299882701bfc5bda746ebf6532f02ee28f10b4eb35c82012947c5fd2555f3a1

SHA512
f400b89aa4a3aab5ee4aff988f87e8e6d2e362701a14e03cb563dcc3125f5aa06ce1aa5a28e746d9968d7fc50d0a6f9f1df7aaa42ff946fb986a468b696cdb96

Download Submit
C:\Windows\System\nevRFoC.exe

Filesize
2.6MB

MD5
66b8bfed0a777ec981e9cd461058c051

SHA1
b93c697167c904966720ded6e240ea1ecbb14cbd

SHA256
7b0da90ffaf7ba7dfc9220ec9efe5bdac723d6df00eda31305ba932675181e96

SHA512
97fc5b97c112174e5a2664893d01d0c889e8f99559ee4375f18ea298d1630fe20c38bfedee44a311b283cb9e0765d8efc42c71bbc3515558494f23cc2fc132fa

Download Submit
C:\Windows\System\ogVXFjj.exe

Filesize
2.6MB

MD5
85af4900f58e01b461241b7fb7eec205

SHA1
e4c218d58076144a759e26c849d120c424cdaed1

SHA256
08c8f4fd0bf3b5b5a0078efb60a36280bc5eac02cd40c69100cc23d831cfb2b5

SHA512
d82aa2ac30b82b6f9cd074dac02322e26b82ed67cab4797fb28fd55c550c57d22e9df0d8a9e313529e74401ef87cecc84bda3323b57f5e35b8ef834ef87e54f7

Download Submit
C:\Windows\System\pTsbdtS.exe

Filesize
2.6MB

MD5
8c9dc5fb08bc0491772b4a8251f80035

SHA1
136831c71398d1408e12cdf5841fdc6234b2d55e

SHA256
dc7a7cd422708b259b47b50ee86eb84fa6dcfbecbeca04ce755368754cd18f5c

SHA512
c425e39e3b713c4856a782d70e349cb0cc0cf1232556ace428930824aab53856a2ee47158e0cc6039cbdc45df7cb85a1d156099489c89f2e0c42104618a32204

Download Submit
C:\Windows\System\qeLaRqp.exe

Filesize
2.6MB

MD5
e522af6134b837b75b382fa131f1d8e5

SHA1
31ad6f7520dea90040fddcd459318cd818d0963f

SHA256
c65fc53a5e205473fb33dfedba568c5b49779f75041b3e43d1370de5b63a119c

SHA512
ebb1af3e250e265ef144dd933f0975cd45c2724f812d6c4cd91851f8e69806cdba1df69be7ca7ca578f7f30d9430d0405880089d9e37aaca5e4d77b9fd17b5d1

Download Submit
C:\Windows\System\qletsSb.exe

Filesize
2.6MB

MD5
e250178ff713c0a31af3576e5e2cba43

SHA1
4c8222b4c6b506dcb37467a72545eb70f68edefe

SHA256
430199c2c19abcba32899e1b8053df8d60dca15eda5a94facf20c6fed979d283

SHA512
2f0aa5711ba173fa70a8120eca6bcc7e2cb1a50cd504254dccd3f872b4014297dea21893a7914b8c3ead7dd178f429e5ebcff25a65b0a0ec235f71264e69c3b5

Download Submit
C:\Windows\System\sIMQDJY.exe

Filesize
2.6MB

MD5
324a4eb5dd8c126777ce4d9c43a0ff0e

SHA1
f792e447e0837e99bff4523c8135662efe933824

SHA256
82e976b00c50799884f7dd374c7b3f66b1af11028310053a0df7fe2fd6c7c0ac

SHA512
41cd827ec5c7c97f1e73dda944bd30b7fff4c2ed1e485a2245c54d2ddb96fc4580bd2bc7df3b247824bcd884a60330bf9e6036760570f2d63b9eb34d380b5325

Download Submit
C:\Windows\System\sjcrzVj.exe

Filesize
2.6MB

MD5
238100d19159dbd04c5a87d3d4c5ce4f

SHA1
9c2652b95a8835b8dad23b63296c7998831681d4

SHA256
ddd5cc58f37992818548ef00a095a8b32bb5d6cfeef60f3d821fea5ec0856122

SHA512
a9151d7b8e098e971dcc2e77934decd375b2328468feb70fed0633943fe85da928c771643c2ba6f5c7451c8845f4f28949cb343a899bd853058f6a7216fba1ef

Download Submit
C:\Windows\System\smZRqxa.exe

Filesize
2.6MB

MD5
eae2014281fb65e7a86a6b99ffcf4d5f

SHA1
6e6aa2508a0e5722de69806b1fd24052b240da1e

SHA256
6546fb14bbcebfc9c8b11c6d30fdd5a16551cc54b523ebb1684e4dc123995ad8

SHA512
ed601d84316d90e1bc03cc914268830dbd40a04bd1aebbf8dca7222e143db89ed6cd27a2b49949162b0223ffecdd906f25d2fe2cd8d8c240fe08a5b04d16c09b

Download Submit
C:\Windows\System\toKCEfe.exe

Filesize
2.6MB

MD5
d2ecec5bc20402b04950bfe07d6f0421

SHA1
e7522ebf0e9b43e2e54c895ba8b8f8e5e769d87e

SHA256
312bdd960257c17359c6c46fe35cd4a68b586ea917f15921a8cc9f945561f6ac

SHA512
09805de13dedfea19f3bfbcf9f40a845d39340f6de57f23ea68907f7b33e2f76838217e113a01c2f178af872de1376ca2b966e7219239049f36e2867da4022f3

Download Submit
C:\Windows\System\wphSLES.exe

Filesize
2.6MB

MD5
ea96249fec2d2309d3e7d12d31522317

SHA1
4eeec014130ecbbbc9f86e8fab1707e8ecfdcecb

SHA256
9077dbca2696fdb293488ced6a3315354fff4f7b51a15cd33c33667e73625932

SHA512
497fc016e21df716265aeb39ced47720f26aae5b38d82d764414c973916c671f43f707ad9f7ad279f425ceec709bd3c57eb3e9722ac801c6616afdf023450cbf

Download Submit
C:\Windows\System\yvxiSFb.exe

Filesize
2.6MB

MD5
fd9ea039d1cc8cdaa70a8467aca86b1f

SHA1
e18395a02f5d5d50a4ce07a22dce95982c01f2ba

SHA256
8623416b5c131a3cd70a9ff74f22c6f32a8e3e59a14c3009583a920686a8b4e1

SHA512
443505595d5baa724907757467935e1b1f10638786ff06b68bc797a80cee346c02abad5bf3d910a40a35b01da6af78ac895b95eba477a56fc38c38aa65b58ff5

Download Submit
C:\Windows\System\zyhHiGM.exe

Filesize
2.6MB

MD5
157cae67df274f440afb392e921eedff

SHA1
cce5941261271b0f3da610ecc4ef6b9316dc2440

SHA256
f77e6c997dbcaae2fb560cbafc0de99a8958c3f663e4eca4dd3752e28be1aecc

SHA512
57f99b7d29fc595866fa4f4471043d0f6ad785d8e53af9c8fc30e294b1dd65a0ecdb477da94a6b77bda369cdfa9f81d96e382f7817deb36f381171b7c66addc8

Download Submit
memory/676-2063-0x00007FF6F46B0000-0x00007FF6F4A04000-memory.dmp

Filesize
3.3MB

Download
memory/676-130-0x00007FF6F46B0000-0x00007FF6F4A04000-memory.dmp

Filesize
3.3MB

Download
memory/676-2078-0x00007FF6F46B0000-0x00007FF6F4A04000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2068-0x00007FF63C350000-0x00007FF63C6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-58-0x00007FF63C350000-0x00007FF63C6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1220-2089-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp

Filesize
3.3MB

Download
memory/1220-198-0x00007FF6FFBE0000-0x00007FF6FFF34000-memory.dmp

Filesize
3.3MB

Download
memory/1448-2075-0x00007FF7954B0000-0x00007FF795804000-memory.dmp

Filesize
3.3MB

Download
memory/1448-110-0x00007FF7954B0000-0x00007FF795804000-memory.dmp

Filesize
3.3MB

Download
memory/1448-2062-0x00007FF7954B0000-0x00007FF795804000-memory.dmp

Filesize
3.3MB

Download
memory/1668-193-0x00007FF7F5390000-0x00007FF7F56E4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-2074-0x00007FF7F5390000-0x00007FF7F56E4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2065-0x00007FF6482F0000-0x00007FF648644000-memory.dmp

Filesize
3.3MB

Download
memory/1748-12-0x00007FF6482F0000-0x00007FF648644000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2059-0x00007FF6482F0000-0x00007FF648644000-memory.dmp

Filesize
3.3MB

Download
memory/2008-43-0x00007FF67D290000-0x00007FF67D5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2066-0x00007FF67D290000-0x00007FF67D5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-197-0x00007FF7118D0000-0x00007FF711C24000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2084-0x00007FF7118D0000-0x00007FF711C24000-memory.dmp

Filesize
3.3MB

Download
memory/2228-179-0x00007FF6AF9B0000-0x00007FF6AFD04000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2088-0x00007FF6AF9B0000-0x00007FF6AFD04000-memory.dmp

Filesize
3.3MB

Download
memory/2352-182-0x00007FF7E4BC0000-0x00007FF7E4F14000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2085-0x00007FF7E4BC0000-0x00007FF7E4F14000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2060-0x00007FF6601D0000-0x00007FF660524000-memory.dmp

Filesize
3.3MB

Download
memory/2424-35-0x00007FF6601D0000-0x00007FF660524000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2067-0x00007FF6601D0000-0x00007FF660524000-memory.dmp

Filesize
3.3MB

Download
memory/2456-194-0x00007FF60DB40000-0x00007FF60DE94000-memory.dmp

Filesize
3.3MB

Download
memory/2456-2076-0x00007FF60DB40000-0x00007FF60DE94000-memory.dmp

Filesize
3.3MB

Download
memory/2464-148-0x00007FF789F20000-0x00007FF78A274000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2083-0x00007FF789F20000-0x00007FF78A274000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2072-0x00007FF6680E0000-0x00007FF668434000-memory.dmp

Filesize
3.3MB

Download
memory/2480-72-0x00007FF6680E0000-0x00007FF668434000-memory.dmp

Filesize
3.3MB

Download
memory/2800-91-0x00007FF7DDA20000-0x00007FF7DDD74000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2061-0x00007FF7DDA20000-0x00007FF7DDD74000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2077-0x00007FF7DDA20000-0x00007FF7DDD74000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2086-0x00007FF6BC890000-0x00007FF6BCBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2064-0x00007FF6BC890000-0x00007FF6BCBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-170-0x00007FF6BC890000-0x00007FF6BCBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3164-2090-0x00007FF750A50000-0x00007FF750DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3164-186-0x00007FF750A50000-0x00007FF750DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3328-191-0x00007FF7C6AB0000-0x00007FF7C6E04000-memory.dmp

Filesize
3.3MB

Download
memory/3328-2070-0x00007FF7C6AB0000-0x00007FF7C6E04000-memory.dmp

Filesize
3.3MB

Download
memory/3544-195-0x00007FF7404D0000-0x00007FF740824000-memory.dmp

Filesize
3.3MB

Download
memory/3544-2080-0x00007FF7404D0000-0x00007FF740824000-memory.dmp

Filesize
3.3MB

Download
memory/3636-147-0x00007FF717360000-0x00007FF7176B4000-memory.dmp

Filesize
3.3MB

Download
memory/3636-2079-0x00007FF717360000-0x00007FF7176B4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2071-0x00007FF6B5360000-0x00007FF6B56B4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-192-0x00007FF6B5360000-0x00007FF6B56B4000-memory.dmp

Filesize
3.3MB

Download
memory/4496-199-0x00007FF6DC950000-0x00007FF6DCCA4000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2091-0x00007FF6DC950000-0x00007FF6DCCA4000-memory.dmp

Filesize
3.3MB

Download
memory/4500-190-0x00007FF6948E0000-0x00007FF694C34000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2092-0x00007FF6948E0000-0x00007FF694C34000-memory.dmp

Filesize
3.3MB

Download
memory/4516-2093-0x00007FF68CC30000-0x00007FF68CF84000-memory.dmp

Filesize
3.3MB

Download
memory/4516-188-0x00007FF68CC30000-0x00007FF68CF84000-memory.dmp

Filesize
3.3MB

Download
memory/4520-187-0x00007FF704840000-0x00007FF704B94000-memory.dmp

Filesize
3.3MB

Download
memory/4520-2087-0x00007FF704840000-0x00007FF704B94000-memory.dmp

Filesize
3.3MB

Download
memory/4684-70-0x00007FF6B2390000-0x00007FF6B26E4000-memory.dmp

Filesize
3.3MB

Download
memory/4684-2069-0x00007FF6B2390000-0x00007FF6B26E4000-memory.dmp

Filesize
3.3MB

Download
memory/4756-2082-0x00007FF688F40000-0x00007FF689294000-memory.dmp

Filesize
3.3MB

Download
memory/4756-189-0x00007FF688F40000-0x00007FF689294000-memory.dmp

Filesize
3.3MB

Download
memory/4824-196-0x00007FF6BFB60000-0x00007FF6BFEB4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-2081-0x00007FF6BFB60000-0x00007FF6BFEB4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-116-0x00007FF730290000-0x00007FF7305E4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2073-0x00007FF730290000-0x00007FF7305E4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-0-0x00007FF6995A0000-0x00007FF6998F4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-1-0x00000208E0A40000-0x00000208E0A50000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads