xmrig | 9d1b45aea1b623e810998b25d2e0302e6e09e9e52cc168cc703b4feb04a216f1

Analysis

max time kernel
125s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
Size

2.0MB
MD5

6b7eedab6d69f8b9f1dc84363e19a7e0
SHA1

5f4e5bda5774efe1866fd7ec31116c371767f2e0
SHA256

9d1b45aea1b623e810998b25d2e0302e6e09e9e52cc168cc703b4feb04a216f1
SHA512

3dcf336eac81e8e7c483f9c1019341efc8beb6c3f403ec97dbcac570a10300c85029f84e6f2206343640eb4e854fea2e189eba28ec8ed7e8d7828859d5335210
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQF3OioF5qdh5:BemTLkNdfE0pZrQT

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4800-0-0x00007FF672BA0000-0x00007FF672EF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-16.dat	xmrig
behavioral2/files/0x0007000000023433-23.dat	xmrig
behavioral2/files/0x0007000000023435-31.dat	xmrig
behavioral2/memory/2904-41-0x00007FF7FED50000-0x00007FF7FF0A4000-memory.dmp	xmrig
behavioral2/memory/4896-47-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp	xmrig
behavioral2/files/0x0007000000023438-58.dat	xmrig
behavioral2/files/0x000700000002343b-75.dat	xmrig
behavioral2/files/0x000700000002343f-103.dat	xmrig
behavioral2/files/0x000700000002344a-144.dat	xmrig
behavioral2/files/0x0007000000023449-158.dat	xmrig
behavioral2/memory/4884-177-0x00007FF75F460000-0x00007FF75F7B4000-memory.dmp	xmrig
behavioral2/files/0x000800000002342e-179.dat	xmrig
behavioral2/memory/1772-194-0x00007FF673A20000-0x00007FF673D74000-memory.dmp	xmrig
behavioral2/memory/2352-199-0x00007FF6077E0000-0x00007FF607B34000-memory.dmp	xmrig
behavioral2/memory/3832-204-0x00007FF6A5510000-0x00007FF6A5864000-memory.dmp	xmrig
behavioral2/memory/3932-207-0x00007FF6B45C0000-0x00007FF6B4914000-memory.dmp	xmrig
behavioral2/memory/5040-208-0x00007FF627570000-0x00007FF6278C4000-memory.dmp	xmrig
behavioral2/memory/1452-206-0x00007FF6AFAC0000-0x00007FF6AFE14000-memory.dmp	xmrig
behavioral2/memory/1064-205-0x00007FF68A6D0000-0x00007FF68AA24000-memory.dmp	xmrig
behavioral2/memory/1820-203-0x00007FF64BD60000-0x00007FF64C0B4000-memory.dmp	xmrig
behavioral2/memory/4420-202-0x00007FF789080000-0x00007FF7893D4000-memory.dmp	xmrig
behavioral2/memory/4848-201-0x00007FF6DCA80000-0x00007FF6DCDD4000-memory.dmp	xmrig
behavioral2/memory/3988-198-0x00007FF72A130000-0x00007FF72A484000-memory.dmp	xmrig
behavioral2/memory/2900-193-0x00007FF794B60000-0x00007FF794EB4000-memory.dmp	xmrig
behavioral2/memory/4640-187-0x00007FF6D53C0000-0x00007FF6D5714000-memory.dmp	xmrig
behavioral2/memory/1352-178-0x00007FF7519C0000-0x00007FF751D14000-memory.dmp	xmrig
behavioral2/files/0x000700000002344b-175.dat	xmrig
behavioral2/files/0x0007000000023450-174.dat	xmrig
behavioral2/files/0x000700000002344d-172.dat	xmrig
behavioral2/memory/4272-169-0x00007FF7142A0000-0x00007FF7145F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002344f-168.dat	xmrig
behavioral2/files/0x000700000002344c-167.dat	xmrig
behavioral2/files/0x0007000000023448-165.dat	xmrig
behavioral2/files/0x000700000002344e-164.dat	xmrig
behavioral2/files/0x000800000002342e-163.dat	xmrig
behavioral2/files/0x0007000000023447-157.dat	xmrig
behavioral2/files/0x0007000000023449-143.dat	xmrig
behavioral2/files/0x0007000000023445-131.dat	xmrig
behavioral2/files/0x0007000000023444-128.dat	xmrig
behavioral2/files/0x0007000000023441-126.dat	xmrig
behavioral2/files/0x0007000000023446-125.dat	xmrig
behavioral2/files/0x0007000000023443-123.dat	xmrig
behavioral2/memory/2976-138-0x00007FF628360000-0x00007FF6286B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023442-120.dat	xmrig
behavioral2/memory/3640-118-0x00007FF798E30000-0x00007FF799184000-memory.dmp	xmrig
behavioral2/memory/4232-113-0x00007FF681650000-0x00007FF6819A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023444-110.dat	xmrig
behavioral2/memory/4244-2108-0x00007FF6A8B70000-0x00007FF6A8EC4000-memory.dmp	xmrig
behavioral2/memory/4292-2109-0x00007FF6162A0000-0x00007FF6165F4000-memory.dmp	xmrig
behavioral2/memory/2904-2110-0x00007FF7FED50000-0x00007FF7FF0A4000-memory.dmp	xmrig
behavioral2/memory/4896-2111-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp	xmrig
behavioral2/memory/1052-2112-0x00007FF716990000-0x00007FF716CE4000-memory.dmp	xmrig
behavioral2/memory/2976-2113-0x00007FF628360000-0x00007FF6286B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-115.dat	xmrig
behavioral2/memory/4048-102-0x00007FF630F40000-0x00007FF631294000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-94.dat	xmrig
behavioral2/files/0x000700000002343a-89.dat	xmrig
behavioral2/files/0x000700000002343c-88.dat	xmrig
behavioral2/files/0x000700000002343e-87.dat	xmrig
behavioral2/files/0x000700000002343d-86.dat	xmrig
behavioral2/memory/1748-84-0x00007FF6909F0000-0x00007FF690D44000-memory.dmp	xmrig
behavioral2/memory/1052-79-0x00007FF716990000-0x00007FF716CE4000-memory.dmp	xmrig
behavioral2/memory/3160-65-0x00007FF6912E0000-0x00007FF691634000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4244	Hqpabvv.exe
4292	tKUNfeN.exe
3636	jjAPnqc.exe
4700	PzeJeGD.exe
2904	YEIdbaP.exe
3160	qUJUGEC.exe
4896	yPTFTCL.exe
1052	BhUWsrk.exe
3988	FFeiksn.exe
1748	STSAFYo.exe
2352	WQsnVLk.exe
4048	rfxJlJL.exe
4232	OuuwDQO.exe
4848	rPCmsfQ.exe
3640	hJEDpZa.exe
4420	STAOFpw.exe
1820	BonypAM.exe
3832	gKKeuqU.exe
2976	gKBFgxN.exe
4272	IuqbHYQ.exe
4884	UfnnDJT.exe
1352	XmwglIt.exe
1064	aBTapdP.exe
1452	aFZmZGK.exe
3932	KIGGRqp.exe
4640	sBLGBJm.exe
2900	bFnTFew.exe
1772	ttPEvCa.exe
5040	kGmmLsN.exe
2500	GqfcrPn.exe
736	yPoCILF.exe
3752	EotlNnu.exe
3840	uEfCKMz.exe
2476	FNJdFSK.exe
4544	yzsMWHW.exe
544	trWlvlf.exe
3220	befomWo.exe
3044	WqSyQYY.exe
2424	zrweGui.exe
3764	FuYOonJ.exe
1612	SgVRghM.exe
1596	wgSbfcn.exe
4372	gBGtrjk.exe
1564	zbhscuV.exe
1020	QpcQfdL.exe
4400	NLRLTJY.exe
3992	vTJsUle.exe
3916	lVxrOAb.exe
1664	BfMQkAo.exe
2940	kxbplhD.exe
1104	lHWaRYM.exe
3700	QIAHugt.exe
1592	jqexSEI.exe
392	EBwXqKa.exe
4584	qYXfNyW.exe
3612	SBDYUKx.exe
1092	PkMCIMe.exe
4968	deRHGnI.exe
1524	wAeSPfh.exe
3724	mdkzVYu.exe
3056	BNEtPDi.exe
4852	MSjLLsh.exe
4380	JhGCDmj.exe
4296	phoyIMI.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4800-0-0x00007FF672BA0000-0x00007FF672EF4000-memory.dmp	upx
behavioral2/files/0x0007000000023432-16.dat	upx
behavioral2/files/0x0007000000023433-23.dat	upx
behavioral2/files/0x0007000000023435-31.dat	upx
behavioral2/memory/2904-41-0x00007FF7FED50000-0x00007FF7FF0A4000-memory.dmp	upx
behavioral2/memory/4896-47-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp	upx
behavioral2/files/0x0007000000023438-58.dat	upx
behavioral2/files/0x000700000002343b-75.dat	upx
behavioral2/files/0x000700000002343f-103.dat	upx
behavioral2/files/0x000700000002344a-144.dat	upx
behavioral2/files/0x0007000000023449-158.dat	upx
behavioral2/memory/4884-177-0x00007FF75F460000-0x00007FF75F7B4000-memory.dmp	upx
behavioral2/files/0x000800000002342e-179.dat	upx
behavioral2/memory/1772-194-0x00007FF673A20000-0x00007FF673D74000-memory.dmp	upx
behavioral2/memory/2352-199-0x00007FF6077E0000-0x00007FF607B34000-memory.dmp	upx
behavioral2/memory/3832-204-0x00007FF6A5510000-0x00007FF6A5864000-memory.dmp	upx
behavioral2/memory/3932-207-0x00007FF6B45C0000-0x00007FF6B4914000-memory.dmp	upx
behavioral2/memory/5040-208-0x00007FF627570000-0x00007FF6278C4000-memory.dmp	upx
behavioral2/memory/1452-206-0x00007FF6AFAC0000-0x00007FF6AFE14000-memory.dmp	upx
behavioral2/memory/1064-205-0x00007FF68A6D0000-0x00007FF68AA24000-memory.dmp	upx
behavioral2/memory/1820-203-0x00007FF64BD60000-0x00007FF64C0B4000-memory.dmp	upx
behavioral2/memory/4420-202-0x00007FF789080000-0x00007FF7893D4000-memory.dmp	upx
behavioral2/memory/4848-201-0x00007FF6DCA80000-0x00007FF6DCDD4000-memory.dmp	upx
behavioral2/memory/3988-198-0x00007FF72A130000-0x00007FF72A484000-memory.dmp	upx
behavioral2/memory/2900-193-0x00007FF794B60000-0x00007FF794EB4000-memory.dmp	upx
behavioral2/memory/4640-187-0x00007FF6D53C0000-0x00007FF6D5714000-memory.dmp	upx
behavioral2/memory/1352-178-0x00007FF7519C0000-0x00007FF751D14000-memory.dmp	upx
behavioral2/files/0x000700000002344b-175.dat	upx
behavioral2/files/0x0007000000023450-174.dat	upx
behavioral2/files/0x000700000002344d-172.dat	upx
behavioral2/memory/4272-169-0x00007FF7142A0000-0x00007FF7145F4000-memory.dmp	upx
behavioral2/files/0x000700000002344f-168.dat	upx
behavioral2/files/0x000700000002344c-167.dat	upx
behavioral2/files/0x0007000000023448-165.dat	upx
behavioral2/files/0x000700000002344e-164.dat	upx
behavioral2/files/0x000800000002342e-163.dat	upx
behavioral2/files/0x0007000000023447-157.dat	upx
behavioral2/files/0x0007000000023449-143.dat	upx
behavioral2/files/0x0007000000023445-131.dat	upx
behavioral2/files/0x0007000000023444-128.dat	upx
behavioral2/files/0x0007000000023441-126.dat	upx
behavioral2/files/0x0007000000023446-125.dat	upx
behavioral2/files/0x0007000000023443-123.dat	upx
behavioral2/memory/2976-138-0x00007FF628360000-0x00007FF6286B4000-memory.dmp	upx
behavioral2/files/0x0007000000023442-120.dat	upx
behavioral2/memory/3640-118-0x00007FF798E30000-0x00007FF799184000-memory.dmp	upx
behavioral2/memory/4232-113-0x00007FF681650000-0x00007FF6819A4000-memory.dmp	upx
behavioral2/files/0x0007000000023444-110.dat	upx
behavioral2/memory/4244-2108-0x00007FF6A8B70000-0x00007FF6A8EC4000-memory.dmp	upx
behavioral2/memory/4292-2109-0x00007FF6162A0000-0x00007FF6165F4000-memory.dmp	upx
behavioral2/memory/2904-2110-0x00007FF7FED50000-0x00007FF7FF0A4000-memory.dmp	upx
behavioral2/memory/4896-2111-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp	upx
behavioral2/memory/1052-2112-0x00007FF716990000-0x00007FF716CE4000-memory.dmp	upx
behavioral2/memory/2976-2113-0x00007FF628360000-0x00007FF6286B4000-memory.dmp	upx
behavioral2/files/0x0007000000023440-115.dat	upx
behavioral2/memory/4048-102-0x00007FF630F40000-0x00007FF631294000-memory.dmp	upx
behavioral2/files/0x0007000000023440-94.dat	upx
behavioral2/files/0x000700000002343a-89.dat	upx
behavioral2/files/0x000700000002343c-88.dat	upx
behavioral2/files/0x000700000002343e-87.dat	upx
behavioral2/files/0x000700000002343d-86.dat	upx
behavioral2/memory/1748-84-0x00007FF6909F0000-0x00007FF690D44000-memory.dmp	upx
behavioral2/memory/1052-79-0x00007FF716990000-0x00007FF716CE4000-memory.dmp	upx
behavioral2/memory/3160-65-0x00007FF6912E0000-0x00007FF691634000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XmwglIt.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\iZkLtPW.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\EGiSPKz.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\JXFJrzN.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\IRcJEol.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\acVvLJI.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\YEIdbaP.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\yPTFTCL.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\BlgPDVp.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\iSSuFuc.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\PMtHXYl.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\wnrpxnl.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\TuntKOi.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\NUfEXdw.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\bFnTFew.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\zrweGui.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\nBfuVGV.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\ZnEcnrL.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\NKfDXMn.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\nkrrXRj.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\UhmdPmC.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\TdlUyPG.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\tFWYXtP.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\lqTkpPH.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\WUeunpl.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\TGvwdvP.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\sxFmMGu.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\LXWVAgU.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\qBqKySA.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\FsLgwEO.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\HtnCaZa.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\SgVRghM.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\FQVQgIs.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\aZfWnJP.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\pzpdFnf.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\LLFOhRz.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\LOWRJre.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\gKBFgxN.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\OfWGViA.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\siRDohD.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\lMExtNL.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\lXufzFK.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\befomWo.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\XMBZxEY.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\iFRIJmh.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\hPBHRaj.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\kzknINT.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\XVLqgYu.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\cHcUamk.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\OUfVVzr.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\gqCgbKk.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\jQzVZdB.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\iLRDeob.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\IIDoJGf.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\puhBbBt.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\NFPCTQv.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\lHWaRYM.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\ZCcgalL.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\iwTWhEV.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\mPypVfz.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\bNHWAtn.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\rILcKUq.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\VcsMrpx.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
File created	C:\Windows\System\lHgfKIq.exe	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14916	dwm.exe
Token: SeChangeNotifyPrivilege	14916	dwm.exe
Token: 33	14916	dwm.exe
Token: SeIncBasePriorityPrivilege	14916	dwm.exe
Token: SeShutdownPrivilege	14916	dwm.exe
Token: SeCreatePagefilePrivilege	14916	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 4244	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	83
PID 4800 wrote to memory of 4244	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	83
PID 4800 wrote to memory of 4292	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	84
PID 4800 wrote to memory of 4292	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	84
PID 4800 wrote to memory of 3636	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	85
PID 4800 wrote to memory of 3636	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	85
PID 4800 wrote to memory of 4700	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	86
PID 4800 wrote to memory of 4700	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	86
PID 4800 wrote to memory of 2904	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	87
PID 4800 wrote to memory of 2904	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	87
PID 4800 wrote to memory of 3160	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	88
PID 4800 wrote to memory of 3160	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	88
PID 4800 wrote to memory of 4896	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	89
PID 4800 wrote to memory of 4896	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	89
PID 4800 wrote to memory of 3988	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	90
PID 4800 wrote to memory of 3988	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	90
PID 4800 wrote to memory of 1052	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	91
PID 4800 wrote to memory of 1052	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	91
PID 4800 wrote to memory of 1748	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	92
PID 4800 wrote to memory of 1748	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	92
PID 4800 wrote to memory of 4232	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	93
PID 4800 wrote to memory of 4232	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	93
PID 4800 wrote to memory of 2352	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	94
PID 4800 wrote to memory of 2352	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	94
PID 4800 wrote to memory of 4048	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	95
PID 4800 wrote to memory of 4048	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	95
PID 4800 wrote to memory of 4848	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	96
PID 4800 wrote to memory of 4848	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	96
PID 4800 wrote to memory of 3640	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	97
PID 4800 wrote to memory of 3640	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	97
PID 4800 wrote to memory of 4420	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	98
PID 4800 wrote to memory of 4420	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	98
PID 4800 wrote to memory of 1820	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	99
PID 4800 wrote to memory of 1820	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	99
PID 4800 wrote to memory of 4272	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	100
PID 4800 wrote to memory of 4272	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	100
PID 4800 wrote to memory of 3832	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	101
PID 4800 wrote to memory of 3832	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	101
PID 4800 wrote to memory of 2976	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	102
PID 4800 wrote to memory of 2976	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	102
PID 4800 wrote to memory of 4884	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	103
PID 4800 wrote to memory of 4884	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	103
PID 4800 wrote to memory of 1352	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	104
PID 4800 wrote to memory of 1352	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	104
PID 4800 wrote to memory of 1064	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	105
PID 4800 wrote to memory of 1064	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	105
PID 4800 wrote to memory of 1452	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	106
PID 4800 wrote to memory of 1452	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	106
PID 4800 wrote to memory of 3932	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	107
PID 4800 wrote to memory of 3932	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	107
PID 4800 wrote to memory of 4640	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	108
PID 4800 wrote to memory of 4640	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	108
PID 4800 wrote to memory of 2900	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	109
PID 4800 wrote to memory of 2900	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	109
PID 4800 wrote to memory of 1772	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	110
PID 4800 wrote to memory of 1772	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	110
PID 4800 wrote to memory of 3752	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	111
PID 4800 wrote to memory of 3752	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	111
PID 4800 wrote to memory of 5040	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	112
PID 4800 wrote to memory of 5040	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	112
PID 4800 wrote to memory of 2500	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	113
PID 4800 wrote to memory of 2500	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	113
PID 4800 wrote to memory of 736	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	114
PID 4800 wrote to memory of 736	4800	6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe	114

C:\Windows\system32\MusNotification.exe
C:\Windows\system32\MusNotification.exe
1⤵
PID:424

C:\Users\Admin\AppData\Local\Temp\6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b7eedab6d69f8b9f1dc84363e19a7e0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\System\Hqpabvv.exe
  C:\Windows\System\Hqpabvv.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\tKUNfeN.exe
  C:\Windows\System\tKUNfeN.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\jjAPnqc.exe
  C:\Windows\System\jjAPnqc.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\PzeJeGD.exe
  C:\Windows\System\PzeJeGD.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\YEIdbaP.exe
  C:\Windows\System\YEIdbaP.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\qUJUGEC.exe
  C:\Windows\System\qUJUGEC.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\yPTFTCL.exe
  C:\Windows\System\yPTFTCL.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\FFeiksn.exe
  C:\Windows\System\FFeiksn.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\BhUWsrk.exe
  C:\Windows\System\BhUWsrk.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\STSAFYo.exe
  C:\Windows\System\STSAFYo.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\OuuwDQO.exe
  C:\Windows\System\OuuwDQO.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\WQsnVLk.exe
  C:\Windows\System\WQsnVLk.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\rfxJlJL.exe
  C:\Windows\System\rfxJlJL.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\rPCmsfQ.exe
  C:\Windows\System\rPCmsfQ.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\hJEDpZa.exe
  C:\Windows\System\hJEDpZa.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\STAOFpw.exe
  C:\Windows\System\STAOFpw.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\BonypAM.exe
  C:\Windows\System\BonypAM.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\IuqbHYQ.exe
  C:\Windows\System\IuqbHYQ.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\gKKeuqU.exe
  C:\Windows\System\gKKeuqU.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\gKBFgxN.exe
  C:\Windows\System\gKBFgxN.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\UfnnDJT.exe
  C:\Windows\System\UfnnDJT.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\XmwglIt.exe
  C:\Windows\System\XmwglIt.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\aBTapdP.exe
  C:\Windows\System\aBTapdP.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\aFZmZGK.exe
  C:\Windows\System\aFZmZGK.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\KIGGRqp.exe
  C:\Windows\System\KIGGRqp.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\sBLGBJm.exe
  C:\Windows\System\sBLGBJm.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\bFnTFew.exe
  C:\Windows\System\bFnTFew.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\ttPEvCa.exe
  C:\Windows\System\ttPEvCa.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\EotlNnu.exe
  C:\Windows\System\EotlNnu.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\kGmmLsN.exe
  C:\Windows\System\kGmmLsN.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\GqfcrPn.exe
  C:\Windows\System\GqfcrPn.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\yPoCILF.exe
  C:\Windows\System\yPoCILF.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\uEfCKMz.exe
  C:\Windows\System\uEfCKMz.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\FNJdFSK.exe
  C:\Windows\System\FNJdFSK.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\yzsMWHW.exe
  C:\Windows\System\yzsMWHW.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\trWlvlf.exe
  C:\Windows\System\trWlvlf.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\befomWo.exe
  C:\Windows\System\befomWo.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\WqSyQYY.exe
  C:\Windows\System\WqSyQYY.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\zrweGui.exe
  C:\Windows\System\zrweGui.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\FuYOonJ.exe
  C:\Windows\System\FuYOonJ.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\SgVRghM.exe
  C:\Windows\System\SgVRghM.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\wgSbfcn.exe
  C:\Windows\System\wgSbfcn.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\gBGtrjk.exe
  C:\Windows\System\gBGtrjk.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\zbhscuV.exe
  C:\Windows\System\zbhscuV.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\QpcQfdL.exe
  C:\Windows\System\QpcQfdL.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\NLRLTJY.exe
  C:\Windows\System\NLRLTJY.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\vTJsUle.exe
  C:\Windows\System\vTJsUle.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\lVxrOAb.exe
  C:\Windows\System\lVxrOAb.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\BfMQkAo.exe
  C:\Windows\System\BfMQkAo.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\kxbplhD.exe
  C:\Windows\System\kxbplhD.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\lHWaRYM.exe
  C:\Windows\System\lHWaRYM.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\QIAHugt.exe
  C:\Windows\System\QIAHugt.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\jqexSEI.exe
  C:\Windows\System\jqexSEI.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\EBwXqKa.exe
  C:\Windows\System\EBwXqKa.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\qYXfNyW.exe
  C:\Windows\System\qYXfNyW.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\SBDYUKx.exe
  C:\Windows\System\SBDYUKx.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\PkMCIMe.exe
  C:\Windows\System\PkMCIMe.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\deRHGnI.exe
  C:\Windows\System\deRHGnI.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\wAeSPfh.exe
  C:\Windows\System\wAeSPfh.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\mdkzVYu.exe
  C:\Windows\System\mdkzVYu.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\BNEtPDi.exe
  C:\Windows\System\BNEtPDi.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\MSjLLsh.exe
  C:\Windows\System\MSjLLsh.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\JhGCDmj.exe
  C:\Windows\System\JhGCDmj.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\phoyIMI.exe
  C:\Windows\System\phoyIMI.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\FlIXODc.exe
  C:\Windows\System\FlIXODc.exe
  2⤵
  PID:4672
- C:\Windows\System\KzDdAUG.exe
  C:\Windows\System\KzDdAUG.exe
  2⤵
  PID:2888
- C:\Windows\System\HyvVJbf.exe
  C:\Windows\System\HyvVJbf.exe
  2⤵
  PID:4208
- C:\Windows\System\lqTkpPH.exe
  C:\Windows\System\lqTkpPH.exe
  2⤵
  PID:4212
- C:\Windows\System\zieGZMH.exe
  C:\Windows\System\zieGZMH.exe
  2⤵
  PID:1288
- C:\Windows\System\KqELTuu.exe
  C:\Windows\System\KqELTuu.exe
  2⤵
  PID:1584
- C:\Windows\System\XMBZxEY.exe
  C:\Windows\System\XMBZxEY.exe
  2⤵
  PID:5048
- C:\Windows\System\BscQlqP.exe
  C:\Windows\System\BscQlqP.exe
  2⤵
  PID:1848
- C:\Windows\System\EKYsLDU.exe
  C:\Windows\System\EKYsLDU.exe
  2⤵
  PID:3460
- C:\Windows\System\AtIMyMt.exe
  C:\Windows\System\AtIMyMt.exe
  2⤵
  PID:2296
- C:\Windows\System\yLOpJFc.exe
  C:\Windows\System\yLOpJFc.exe
  2⤵
  PID:4488
- C:\Windows\System\qrJYxCS.exe
  C:\Windows\System\qrJYxCS.exe
  2⤵
  PID:4120
- C:\Windows\System\aqADurt.exe
  C:\Windows\System\aqADurt.exe
  2⤵
  PID:3068
- C:\Windows\System\DLGMowx.exe
  C:\Windows\System\DLGMowx.exe
  2⤵
  PID:3256
- C:\Windows\System\zalrTqc.exe
  C:\Windows\System\zalrTqc.exe
  2⤵
  PID:3324
- C:\Windows\System\UCHFwCZ.exe
  C:\Windows\System\UCHFwCZ.exe
  2⤵
  PID:424
- C:\Windows\System\OuocakL.exe
  C:\Windows\System\OuocakL.exe
  2⤵
  PID:1828
- C:\Windows\System\UbSQemh.exe
  C:\Windows\System\UbSQemh.exe
  2⤵
  PID:2140
- C:\Windows\System\JXYLboF.exe
  C:\Windows\System\JXYLboF.exe
  2⤵
  PID:4220
- C:\Windows\System\QjXPIvU.exe
  C:\Windows\System\QjXPIvU.exe
  2⤵
  PID:4020
- C:\Windows\System\pctMWjp.exe
  C:\Windows\System\pctMWjp.exe
  2⤵
  PID:2856
- C:\Windows\System\WkOrHYq.exe
  C:\Windows\System\WkOrHYq.exe
  2⤵
  PID:3668
- C:\Windows\System\iilkkUK.exe
  C:\Windows\System\iilkkUK.exe
  2⤵
  PID:3912
- C:\Windows\System\MnRJbVu.exe
  C:\Windows\System\MnRJbVu.exe
  2⤵
  PID:1036
- C:\Windows\System\meOZIzy.exe
  C:\Windows\System\meOZIzy.exe
  2⤵
  PID:1224
- C:\Windows\System\LYiQJvT.exe
  C:\Windows\System\LYiQJvT.exe
  2⤵
  PID:5144
- C:\Windows\System\XzydOsC.exe
  C:\Windows\System\XzydOsC.exe
  2⤵
  PID:5176
- C:\Windows\System\CYEGSyG.exe
  C:\Windows\System\CYEGSyG.exe
  2⤵
  PID:5204
- C:\Windows\System\BLhsjlH.exe
  C:\Windows\System\BLhsjlH.exe
  2⤵
  PID:5236
- C:\Windows\System\SShqnlI.exe
  C:\Windows\System\SShqnlI.exe
  2⤵
  PID:5252
- C:\Windows\System\QSHLsTi.exe
  C:\Windows\System\QSHLsTi.exe
  2⤵
  PID:5268
- C:\Windows\System\eVfVvDU.exe
  C:\Windows\System\eVfVvDU.exe
  2⤵
  PID:5300
- C:\Windows\System\WUeunpl.exe
  C:\Windows\System\WUeunpl.exe
  2⤵
  PID:5328
- C:\Windows\System\ScxQvCl.exe
  C:\Windows\System\ScxQvCl.exe
  2⤵
  PID:5356
- C:\Windows\System\yAHuwSC.exe
  C:\Windows\System\yAHuwSC.exe
  2⤵
  PID:5380
- C:\Windows\System\hfmutTo.exe
  C:\Windows\System\hfmutTo.exe
  2⤵
  PID:5416
- C:\Windows\System\nkrrXRj.exe
  C:\Windows\System\nkrrXRj.exe
  2⤵
  PID:5456
- C:\Windows\System\dhgjzeo.exe
  C:\Windows\System\dhgjzeo.exe
  2⤵
  PID:5496
- C:\Windows\System\mabfqcq.exe
  C:\Windows\System\mabfqcq.exe
  2⤵
  PID:5520
- C:\Windows\System\kuaYpzi.exe
  C:\Windows\System\kuaYpzi.exe
  2⤵
  PID:5540
- C:\Windows\System\SsmPlFm.exe
  C:\Windows\System\SsmPlFm.exe
  2⤵
  PID:5572
- C:\Windows\System\gNKendf.exe
  C:\Windows\System\gNKendf.exe
  2⤵
  PID:5600
- C:\Windows\System\KmVIvkd.exe
  C:\Windows\System\KmVIvkd.exe
  2⤵
  PID:5628
- C:\Windows\System\TVjKywW.exe
  C:\Windows\System\TVjKywW.exe
  2⤵
  PID:5664
- C:\Windows\System\OCbzRZm.exe
  C:\Windows\System\OCbzRZm.exe
  2⤵
  PID:5688
- C:\Windows\System\OxmmBer.exe
  C:\Windows\System\OxmmBer.exe
  2⤵
  PID:5728
- C:\Windows\System\DRFfxvU.exe
  C:\Windows\System\DRFfxvU.exe
  2⤵
  PID:5752
- C:\Windows\System\hbBcHBL.exe
  C:\Windows\System\hbBcHBL.exe
  2⤵
  PID:5784
- C:\Windows\System\ttxsVcj.exe
  C:\Windows\System\ttxsVcj.exe
  2⤵
  PID:5812
- C:\Windows\System\MrzNUhR.exe
  C:\Windows\System\MrzNUhR.exe
  2⤵
  PID:5836
- C:\Windows\System\RRsWLBh.exe
  C:\Windows\System\RRsWLBh.exe
  2⤵
  PID:5864
- C:\Windows\System\uZpEVgh.exe
  C:\Windows\System\uZpEVgh.exe
  2⤵
  PID:5892
- C:\Windows\System\piOvfbG.exe
  C:\Windows\System\piOvfbG.exe
  2⤵
  PID:5920
- C:\Windows\System\GnxYdQX.exe
  C:\Windows\System\GnxYdQX.exe
  2⤵
  PID:5948
- C:\Windows\System\mvdChlM.exe
  C:\Windows\System\mvdChlM.exe
  2⤵
  PID:5964
- C:\Windows\System\wFbPGPB.exe
  C:\Windows\System\wFbPGPB.exe
  2⤵
  PID:5980
- C:\Windows\System\UsFaREe.exe
  C:\Windows\System\UsFaREe.exe
  2⤵
  PID:5996
- C:\Windows\System\tzzYoxt.exe
  C:\Windows\System\tzzYoxt.exe
  2⤵
  PID:6012
- C:\Windows\System\VlDqKey.exe
  C:\Windows\System\VlDqKey.exe
  2⤵
  PID:6040
- C:\Windows\System\vPSWOTs.exe
  C:\Windows\System\vPSWOTs.exe
  2⤵
  PID:6072
- C:\Windows\System\ZOYMiso.exe
  C:\Windows\System\ZOYMiso.exe
  2⤵
  PID:6096
- C:\Windows\System\qwrsYJO.exe
  C:\Windows\System\qwrsYJO.exe
  2⤵
  PID:6128
- C:\Windows\System\OFpZzgZ.exe
  C:\Windows\System\OFpZzgZ.exe
  2⤵
  PID:5160
- C:\Windows\System\HyorJgS.exe
  C:\Windows\System\HyorJgS.exe
  2⤵
  PID:5260
- C:\Windows\System\zxpRXtK.exe
  C:\Windows\System\zxpRXtK.exe
  2⤵
  PID:5308
- C:\Windows\System\XDqcaTy.exe
  C:\Windows\System\XDqcaTy.exe
  2⤵
  PID:5400
- C:\Windows\System\yIWbgkn.exe
  C:\Windows\System\yIWbgkn.exe
  2⤵
  PID:5504
- C:\Windows\System\gqCgbKk.exe
  C:\Windows\System\gqCgbKk.exe
  2⤵
  PID:5592
- C:\Windows\System\lTEyVot.exe
  C:\Windows\System\lTEyVot.exe
  2⤵
  PID:5652
- C:\Windows\System\LmKzyyC.exe
  C:\Windows\System\LmKzyyC.exe
  2⤵
  PID:5684
- C:\Windows\System\GdNDjlu.exe
  C:\Windows\System\GdNDjlu.exe
  2⤵
  PID:5748
- C:\Windows\System\wBXygmB.exe
  C:\Windows\System\wBXygmB.exe
  2⤵
  PID:5804
- C:\Windows\System\sZPTGCQ.exe
  C:\Windows\System\sZPTGCQ.exe
  2⤵
  PID:5876
- C:\Windows\System\OVNQxeE.exe
  C:\Windows\System\OVNQxeE.exe
  2⤵
  PID:5960
- C:\Windows\System\inTyQGP.exe
  C:\Windows\System\inTyQGP.exe
  2⤵
  PID:6008
- C:\Windows\System\uzNzXMt.exe
  C:\Windows\System\uzNzXMt.exe
  2⤵
  PID:6092
- C:\Windows\System\TwWVxON.exe
  C:\Windows\System\TwWVxON.exe
  2⤵
  PID:6120
- C:\Windows\System\JbIAQPC.exe
  C:\Windows\System\JbIAQPC.exe
  2⤵
  PID:5244
- C:\Windows\System\VcsMrpx.exe
  C:\Windows\System\VcsMrpx.exe
  2⤵
  PID:5484
- C:\Windows\System\FQVQgIs.exe
  C:\Windows\System\FQVQgIs.exe
  2⤵
  PID:5564
- C:\Windows\System\JRACDOF.exe
  C:\Windows\System\JRACDOF.exe
  2⤵
  PID:5776
- C:\Windows\System\brrUZFV.exe
  C:\Windows\System\brrUZFV.exe
  2⤵
  PID:5904
- C:\Windows\System\BfiwmIj.exe
  C:\Windows\System\BfiwmIj.exe
  2⤵
  PID:6004
- C:\Windows\System\SgmmzJc.exe
  C:\Windows\System\SgmmzJc.exe
  2⤵
  PID:6108
- C:\Windows\System\EnPIKiO.exe
  C:\Windows\System\EnPIKiO.exe
  2⤵
  PID:5532
- C:\Windows\System\cWbHRAG.exe
  C:\Windows\System\cWbHRAG.exe
  2⤵
  PID:5744
- C:\Windows\System\iEgMaNy.exe
  C:\Windows\System\iEgMaNy.exe
  2⤵
  PID:5848
- C:\Windows\System\tZAgeML.exe
  C:\Windows\System\tZAgeML.exe
  2⤵
  PID:6064
- C:\Windows\System\UMElXCI.exe
  C:\Windows\System\UMElXCI.exe
  2⤵
  PID:6148
- C:\Windows\System\Aheuilf.exe
  C:\Windows\System\Aheuilf.exe
  2⤵
  PID:6168
- C:\Windows\System\OkVMnTi.exe
  C:\Windows\System\OkVMnTi.exe
  2⤵
  PID:6196
- C:\Windows\System\AgjrlQb.exe
  C:\Windows\System\AgjrlQb.exe
  2⤵
  PID:6228
- C:\Windows\System\qFVLDYC.exe
  C:\Windows\System\qFVLDYC.exe
  2⤵
  PID:6264
- C:\Windows\System\xPyYamT.exe
  C:\Windows\System\xPyYamT.exe
  2⤵
  PID:6296
- C:\Windows\System\fXhZQbp.exe
  C:\Windows\System\fXhZQbp.exe
  2⤵
  PID:6328
- C:\Windows\System\lZhzXMC.exe
  C:\Windows\System\lZhzXMC.exe
  2⤵
  PID:6356
- C:\Windows\System\vcGLMAC.exe
  C:\Windows\System\vcGLMAC.exe
  2⤵
  PID:6392
- C:\Windows\System\iBsviPh.exe
  C:\Windows\System\iBsviPh.exe
  2⤵
  PID:6420
- C:\Windows\System\cfuPMin.exe
  C:\Windows\System\cfuPMin.exe
  2⤵
  PID:6448
- C:\Windows\System\rcsKTkl.exe
  C:\Windows\System\rcsKTkl.exe
  2⤵
  PID:6480
- C:\Windows\System\XcrZZpU.exe
  C:\Windows\System\XcrZZpU.exe
  2⤵
  PID:6516
- C:\Windows\System\sdtWucj.exe
  C:\Windows\System\sdtWucj.exe
  2⤵
  PID:6552
- C:\Windows\System\dWgulgt.exe
  C:\Windows\System\dWgulgt.exe
  2⤵
  PID:6584
- C:\Windows\System\jVpOIBF.exe
  C:\Windows\System\jVpOIBF.exe
  2⤵
  PID:6612
- C:\Windows\System\PsKHRnj.exe
  C:\Windows\System\PsKHRnj.exe
  2⤵
  PID:6640
- C:\Windows\System\LpeUALV.exe
  C:\Windows\System\LpeUALV.exe
  2⤵
  PID:6668
- C:\Windows\System\vxAeBCP.exe
  C:\Windows\System\vxAeBCP.exe
  2⤵
  PID:6696
- C:\Windows\System\wPsCSdr.exe
  C:\Windows\System\wPsCSdr.exe
  2⤵
  PID:6724
- C:\Windows\System\zBSYkaH.exe
  C:\Windows\System\zBSYkaH.exe
  2⤵
  PID:6752
- C:\Windows\System\kkhPCQm.exe
  C:\Windows\System\kkhPCQm.exe
  2⤵
  PID:6780
- C:\Windows\System\dvjPeEN.exe
  C:\Windows\System\dvjPeEN.exe
  2⤵
  PID:6808
- C:\Windows\System\QhSwebd.exe
  C:\Windows\System\QhSwebd.exe
  2⤵
  PID:6836
- C:\Windows\System\eYbqUQO.exe
  C:\Windows\System\eYbqUQO.exe
  2⤵
  PID:6872
- C:\Windows\System\vgwhJSh.exe
  C:\Windows\System\vgwhJSh.exe
  2⤵
  PID:6908
- C:\Windows\System\AuOzqzV.exe
  C:\Windows\System\AuOzqzV.exe
  2⤵
  PID:6944
- C:\Windows\System\ajPFwKF.exe
  C:\Windows\System\ajPFwKF.exe
  2⤵
  PID:6976
- C:\Windows\System\ydCZKSB.exe
  C:\Windows\System\ydCZKSB.exe
  2⤵
  PID:6996
- C:\Windows\System\OmkISZI.exe
  C:\Windows\System\OmkISZI.exe
  2⤵
  PID:7028
- C:\Windows\System\ezyikGp.exe
  C:\Windows\System\ezyikGp.exe
  2⤵
  PID:7060
- C:\Windows\System\BzGVKYY.exe
  C:\Windows\System\BzGVKYY.exe
  2⤵
  PID:7088
- C:\Windows\System\iZkLtPW.exe
  C:\Windows\System\iZkLtPW.exe
  2⤵
  PID:7116
- C:\Windows\System\coRcwkj.exe
  C:\Windows\System\coRcwkj.exe
  2⤵
  PID:7148
- C:\Windows\System\OBnCdle.exe
  C:\Windows\System\OBnCdle.exe
  2⤵
  PID:5392
- C:\Windows\System\Zxmjqgn.exe
  C:\Windows\System\Zxmjqgn.exe
  2⤵
  PID:6164
- C:\Windows\System\BlgPDVp.exe
  C:\Windows\System\BlgPDVp.exe
  2⤵
  PID:6192
- C:\Windows\System\ubGelsP.exe
  C:\Windows\System\ubGelsP.exe
  2⤵
  PID:6308
- C:\Windows\System\gDiNOYA.exe
  C:\Windows\System\gDiNOYA.exe
  2⤵
  PID:6412
- C:\Windows\System\siRDohD.exe
  C:\Windows\System\siRDohD.exe
  2⤵
  PID:6432
- C:\Windows\System\adRRLCX.exe
  C:\Windows\System\adRRLCX.exe
  2⤵
  PID:6504
- C:\Windows\System\iiKTyKo.exe
  C:\Windows\System\iiKTyKo.exe
  2⤵
  PID:6580
- C:\Windows\System\McFMUCG.exe
  C:\Windows\System\McFMUCG.exe
  2⤵
  PID:6636
- C:\Windows\System\sHHyINN.exe
  C:\Windows\System\sHHyINN.exe
  2⤵
  PID:6736
- C:\Windows\System\COKaKsB.exe
  C:\Windows\System\COKaKsB.exe
  2⤵
  PID:6776
- C:\Windows\System\oKalAod.exe
  C:\Windows\System\oKalAod.exe
  2⤵
  PID:6848
- C:\Windows\System\bLcbolH.exe
  C:\Windows\System\bLcbolH.exe
  2⤵
  PID:6928
- C:\Windows\System\xqRLnNx.exe
  C:\Windows\System\xqRLnNx.exe
  2⤵
  PID:6992
- C:\Windows\System\ZXrIfwk.exe
  C:\Windows\System\ZXrIfwk.exe
  2⤵
  PID:7048
- C:\Windows\System\Pcfwpsy.exe
  C:\Windows\System\Pcfwpsy.exe
  2⤵
  PID:7132
- C:\Windows\System\MJAmQQx.exe
  C:\Windows\System\MJAmQQx.exe
  2⤵
  PID:5216
- C:\Windows\System\UkrMxEz.exe
  C:\Windows\System\UkrMxEz.exe
  2⤵
  PID:6404
- C:\Windows\System\kQJzMuD.exe
  C:\Windows\System\kQJzMuD.exe
  2⤵
  PID:6364
- C:\Windows\System\kQQeGhj.exe
  C:\Windows\System\kQQeGhj.exe
  2⤵
  PID:6596
- C:\Windows\System\puibYbL.exe
  C:\Windows\System\puibYbL.exe
  2⤵
  PID:6748
- C:\Windows\System\ZtLShaZ.exe
  C:\Windows\System\ZtLShaZ.exe
  2⤵
  PID:6892
- C:\Windows\System\EAWHiqg.exe
  C:\Windows\System\EAWHiqg.exe
  2⤵
  PID:7072
- C:\Windows\System\CtXfqwG.exe
  C:\Windows\System\CtXfqwG.exe
  2⤵
  PID:6156
- C:\Windows\System\jBkwJwT.exe
  C:\Windows\System\jBkwJwT.exe
  2⤵
  PID:6528
- C:\Windows\System\YKEywME.exe
  C:\Windows\System\YKEywME.exe
  2⤵
  PID:6828
- C:\Windows\System\zWOMHxc.exe
  C:\Windows\System\zWOMHxc.exe
  2⤵
  PID:6224
- C:\Windows\System\yhJyqmH.exe
  C:\Windows\System\yhJyqmH.exe
  2⤵
  PID:5448
- C:\Windows\System\HyCpCyJ.exe
  C:\Windows\System\HyCpCyJ.exe
  2⤵
  PID:7196
- C:\Windows\System\iIsjrwr.exe
  C:\Windows\System\iIsjrwr.exe
  2⤵
  PID:7224
- C:\Windows\System\CLAkkFO.exe
  C:\Windows\System\CLAkkFO.exe
  2⤵
  PID:7264
- C:\Windows\System\VtSkoZh.exe
  C:\Windows\System\VtSkoZh.exe
  2⤵
  PID:7284
- C:\Windows\System\ZvbqJTB.exe
  C:\Windows\System\ZvbqJTB.exe
  2⤵
  PID:7320
- C:\Windows\System\LxIpmJo.exe
  C:\Windows\System\LxIpmJo.exe
  2⤵
  PID:7340
- C:\Windows\System\ZdxFIAU.exe
  C:\Windows\System\ZdxFIAU.exe
  2⤵
  PID:7368
- C:\Windows\System\NwmTEEK.exe
  C:\Windows\System\NwmTEEK.exe
  2⤵
  PID:7396
- C:\Windows\System\gJgcfhc.exe
  C:\Windows\System\gJgcfhc.exe
  2⤵
  PID:7424
- C:\Windows\System\jQzVZdB.exe
  C:\Windows\System\jQzVZdB.exe
  2⤵
  PID:7444
- C:\Windows\System\lxdukjU.exe
  C:\Windows\System\lxdukjU.exe
  2⤵
  PID:7460
- C:\Windows\System\ZdUGywI.exe
  C:\Windows\System\ZdUGywI.exe
  2⤵
  PID:7484
- C:\Windows\System\iBJVdWz.exe
  C:\Windows\System\iBJVdWz.exe
  2⤵
  PID:7508
- C:\Windows\System\OxIOsIe.exe
  C:\Windows\System\OxIOsIe.exe
  2⤵
  PID:7544
- C:\Windows\System\xnoqFRH.exe
  C:\Windows\System\xnoqFRH.exe
  2⤵
  PID:7568
- C:\Windows\System\MZYzQML.exe
  C:\Windows\System\MZYzQML.exe
  2⤵
  PID:7592
- C:\Windows\System\OyDXEfF.exe
  C:\Windows\System\OyDXEfF.exe
  2⤵
  PID:7628
- C:\Windows\System\YLwDYjG.exe
  C:\Windows\System\YLwDYjG.exe
  2⤵
  PID:7660
- C:\Windows\System\FJLxkUW.exe
  C:\Windows\System\FJLxkUW.exe
  2⤵
  PID:7696
- C:\Windows\System\pwuSrpq.exe
  C:\Windows\System\pwuSrpq.exe
  2⤵
  PID:7728
- C:\Windows\System\fvmcTtM.exe
  C:\Windows\System\fvmcTtM.exe
  2⤵
  PID:7760
- C:\Windows\System\GKuwVFD.exe
  C:\Windows\System\GKuwVFD.exe
  2⤵
  PID:7788
- C:\Windows\System\XTxmpkC.exe
  C:\Windows\System\XTxmpkC.exe
  2⤵
  PID:7824
- C:\Windows\System\IAqNWKp.exe
  C:\Windows\System\IAqNWKp.exe
  2⤵
  PID:7852
- C:\Windows\System\TGvwdvP.exe
  C:\Windows\System\TGvwdvP.exe
  2⤵
  PID:7880
- C:\Windows\System\eEmAJJt.exe
  C:\Windows\System\eEmAJJt.exe
  2⤵
  PID:7916
- C:\Windows\System\EQNBTGc.exe
  C:\Windows\System\EQNBTGc.exe
  2⤵
  PID:7940
- C:\Windows\System\tIZUmQz.exe
  C:\Windows\System\tIZUmQz.exe
  2⤵
  PID:7972
- C:\Windows\System\yVArmKa.exe
  C:\Windows\System\yVArmKa.exe
  2⤵
  PID:8000
- C:\Windows\System\wpERlXF.exe
  C:\Windows\System\wpERlXF.exe
  2⤵
  PID:8032
- C:\Windows\System\PSSXJlr.exe
  C:\Windows\System\PSSXJlr.exe
  2⤵
  PID:8052
- C:\Windows\System\TtWxzIc.exe
  C:\Windows\System\TtWxzIc.exe
  2⤵
  PID:8088
- C:\Windows\System\EkBgXZf.exe
  C:\Windows\System\EkBgXZf.exe
  2⤵
  PID:8136
- C:\Windows\System\ZUCQXLp.exe
  C:\Windows\System\ZUCQXLp.exe
  2⤵
  PID:8172
- C:\Windows\System\FCNrQMO.exe
  C:\Windows\System\FCNrQMO.exe
  2⤵
  PID:6632
- C:\Windows\System\KDfvUoo.exe
  C:\Windows\System\KDfvUoo.exe
  2⤵
  PID:7236
- C:\Windows\System\Cooumtn.exe
  C:\Windows\System\Cooumtn.exe
  2⤵
  PID:4260
- C:\Windows\System\tElGZhK.exe
  C:\Windows\System\tElGZhK.exe
  2⤵
  PID:7456
- C:\Windows\System\kaYxYPb.exe
  C:\Windows\System\kaYxYPb.exe
  2⤵
  PID:7472
- C:\Windows\System\OfWGViA.exe
  C:\Windows\System\OfWGViA.exe
  2⤵
  PID:7588
- C:\Windows\System\zRVTFjT.exe
  C:\Windows\System\zRVTFjT.exe
  2⤵
  PID:7656
- C:\Windows\System\fYVLUvG.exe
  C:\Windows\System\fYVLUvG.exe
  2⤵
  PID:7756
- C:\Windows\System\LOyjfWB.exe
  C:\Windows\System\LOyjfWB.exe
  2⤵
  PID:7848
- C:\Windows\System\BLuZuus.exe
  C:\Windows\System\BLuZuus.exe
  2⤵
  PID:7936
- C:\Windows\System\lMExtNL.exe
  C:\Windows\System\lMExtNL.exe
  2⤵
  PID:8016
- C:\Windows\System\OxuWNFm.exe
  C:\Windows\System\OxuWNFm.exe
  2⤵
  PID:8072
- C:\Windows\System\uUQCjhH.exe
  C:\Windows\System\uUQCjhH.exe
  2⤵
  PID:8168
- C:\Windows\System\HacYJVF.exe
  C:\Windows\System\HacYJVF.exe
  2⤵
  PID:624
- C:\Windows\System\gKYVgnt.exe
  C:\Windows\System\gKYVgnt.exe
  2⤵
  PID:7532
- C:\Windows\System\eBIgPGY.exe
  C:\Windows\System\eBIgPGY.exe
  2⤵
  PID:7840
- C:\Windows\System\kemnogw.exe
  C:\Windows\System\kemnogw.exe
  2⤵
  PID:8048
- C:\Windows\System\XGNAint.exe
  C:\Windows\System\XGNAint.exe
  2⤵
  PID:7280
- C:\Windows\System\CXouyXd.exe
  C:\Windows\System\CXouyXd.exe
  2⤵
  PID:7516
- C:\Windows\System\apySyTu.exe
  C:\Windows\System\apySyTu.exe
  2⤵
  PID:7480
- C:\Windows\System\EMQAVWH.exe
  C:\Windows\System\EMQAVWH.exe
  2⤵
  PID:8208
- C:\Windows\System\ouOBMiI.exe
  C:\Windows\System\ouOBMiI.exe
  2⤵
  PID:8228
- C:\Windows\System\HFFPPsh.exe
  C:\Windows\System\HFFPPsh.exe
  2⤵
  PID:8256
- C:\Windows\System\xfaIDds.exe
  C:\Windows\System\xfaIDds.exe
  2⤵
  PID:8296
- C:\Windows\System\pAqJwNL.exe
  C:\Windows\System\pAqJwNL.exe
  2⤵
  PID:8324
- C:\Windows\System\fGEPkYp.exe
  C:\Windows\System\fGEPkYp.exe
  2⤵
  PID:8352
- C:\Windows\System\pWqcWxZ.exe
  C:\Windows\System\pWqcWxZ.exe
  2⤵
  PID:8380
- C:\Windows\System\ApUgFHY.exe
  C:\Windows\System\ApUgFHY.exe
  2⤵
  PID:8408
- C:\Windows\System\lSQnxZl.exe
  C:\Windows\System\lSQnxZl.exe
  2⤵
  PID:8436
- C:\Windows\System\lhKxHXM.exe
  C:\Windows\System\lhKxHXM.exe
  2⤵
  PID:8464
- C:\Windows\System\KFikKZJ.exe
  C:\Windows\System\KFikKZJ.exe
  2⤵
  PID:8492
- C:\Windows\System\RfQMwIZ.exe
  C:\Windows\System\RfQMwIZ.exe
  2⤵
  PID:8520
- C:\Windows\System\iKuMxRY.exe
  C:\Windows\System\iKuMxRY.exe
  2⤵
  PID:8552
- C:\Windows\System\YHaanVR.exe
  C:\Windows\System\YHaanVR.exe
  2⤵
  PID:8588
- C:\Windows\System\KZOURXh.exe
  C:\Windows\System\KZOURXh.exe
  2⤵
  PID:8608
- C:\Windows\System\PmjAXoJ.exe
  C:\Windows\System\PmjAXoJ.exe
  2⤵
  PID:8636
- C:\Windows\System\MolXSME.exe
  C:\Windows\System\MolXSME.exe
  2⤵
  PID:8668
- C:\Windows\System\CCXbyqZ.exe
  C:\Windows\System\CCXbyqZ.exe
  2⤵
  PID:8700
- C:\Windows\System\pLStFVj.exe
  C:\Windows\System\pLStFVj.exe
  2⤵
  PID:8728
- C:\Windows\System\kSWnLfT.exe
  C:\Windows\System\kSWnLfT.exe
  2⤵
  PID:8748
- C:\Windows\System\MGhioPu.exe
  C:\Windows\System\MGhioPu.exe
  2⤵
  PID:8776
- C:\Windows\System\PkYAryt.exe
  C:\Windows\System\PkYAryt.exe
  2⤵
  PID:8808
- C:\Windows\System\GxUKmDN.exe
  C:\Windows\System\GxUKmDN.exe
  2⤵
  PID:8840
- C:\Windows\System\xHqdnqH.exe
  C:\Windows\System\xHqdnqH.exe
  2⤵
  PID:8876
- C:\Windows\System\HAEgBnY.exe
  C:\Windows\System\HAEgBnY.exe
  2⤵
  PID:8912
- C:\Windows\System\OqxZtKf.exe
  C:\Windows\System\OqxZtKf.exe
  2⤵
  PID:8932
- C:\Windows\System\EnhhmlF.exe
  C:\Windows\System\EnhhmlF.exe
  2⤵
  PID:8960
- C:\Windows\System\QnrMNKB.exe
  C:\Windows\System\QnrMNKB.exe
  2⤵
  PID:8988
- C:\Windows\System\rLntfnI.exe
  C:\Windows\System\rLntfnI.exe
  2⤵
  PID:9004
- C:\Windows\System\DJCXCwU.exe
  C:\Windows\System\DJCXCwU.exe
  2⤵
  PID:9020
- C:\Windows\System\CAVifsr.exe
  C:\Windows\System\CAVifsr.exe
  2⤵
  PID:9064
- C:\Windows\System\lCbfHfU.exe
  C:\Windows\System\lCbfHfU.exe
  2⤵
  PID:9112
- C:\Windows\System\GfUHWST.exe
  C:\Windows\System\GfUHWST.exe
  2⤵
  PID:9132
- C:\Windows\System\AQdlRWQ.exe
  C:\Windows\System\AQdlRWQ.exe
  2⤵
  PID:9164
- C:\Windows\System\ztSMUml.exe
  C:\Windows\System\ztSMUml.exe
  2⤵
  PID:9192
- C:\Windows\System\viLgaMX.exe
  C:\Windows\System\viLgaMX.exe
  2⤵
  PID:7420
- C:\Windows\System\XZUuZWX.exe
  C:\Windows\System\XZUuZWX.exe
  2⤵
  PID:8240
- C:\Windows\System\iGBPAeU.exe
  C:\Windows\System\iGBPAeU.exe
  2⤵
  PID:8308
- C:\Windows\System\kTKnHpF.exe
  C:\Windows\System\kTKnHpF.exe
  2⤵
  PID:8376
- C:\Windows\System\GwXaOPV.exe
  C:\Windows\System\GwXaOPV.exe
  2⤵
  PID:8428
- C:\Windows\System\SOTIeRP.exe
  C:\Windows\System\SOTIeRP.exe
  2⤵
  PID:8480
- C:\Windows\System\NRdHKfh.exe
  C:\Windows\System\NRdHKfh.exe
  2⤵
  PID:8572
- C:\Windows\System\sNSgALZ.exe
  C:\Windows\System\sNSgALZ.exe
  2⤵
  PID:8660
- C:\Windows\System\cAuRilT.exe
  C:\Windows\System\cAuRilT.exe
  2⤵
  PID:8696
- C:\Windows\System\lHgfKIq.exe
  C:\Windows\System\lHgfKIq.exe
  2⤵
  PID:8764
- C:\Windows\System\jBxvWgL.exe
  C:\Windows\System\jBxvWgL.exe
  2⤵
  PID:8852
- C:\Windows\System\RhBGstP.exe
  C:\Windows\System\RhBGstP.exe
  2⤵
  PID:8928
- C:\Windows\System\VkVLXYt.exe
  C:\Windows\System\VkVLXYt.exe
  2⤵
  PID:8976
- C:\Windows\System\OeAzzOc.exe
  C:\Windows\System\OeAzzOc.exe
  2⤵
  PID:9032
- C:\Windows\System\QbpzYzp.exe
  C:\Windows\System\QbpzYzp.exe
  2⤵
  PID:9096
- C:\Windows\System\PHZbSFO.exe
  C:\Windows\System\PHZbSFO.exe
  2⤵
  PID:9156
- C:\Windows\System\KdumVdS.exe
  C:\Windows\System\KdumVdS.exe
  2⤵
  PID:8196
- C:\Windows\System\Qgiyegz.exe
  C:\Windows\System\Qgiyegz.exe
  2⤵
  PID:8364
- C:\Windows\System\jjuDwOG.exe
  C:\Windows\System\jjuDwOG.exe
  2⤵
  PID:8460
- C:\Windows\System\xJIGAcu.exe
  C:\Windows\System\xJIGAcu.exe
  2⤵
  PID:8676
- C:\Windows\System\kzknINT.exe
  C:\Windows\System\kzknINT.exe
  2⤵
  PID:8816
- C:\Windows\System\ZVbdyyP.exe
  C:\Windows\System\ZVbdyyP.exe
  2⤵
  PID:8952
- C:\Windows\System\AnUhStp.exe
  C:\Windows\System\AnUhStp.exe
  2⤵
  PID:9092
- C:\Windows\System\uNOwEgT.exe
  C:\Windows\System\uNOwEgT.exe
  2⤵
  PID:9204
- C:\Windows\System\ierdRDw.exe
  C:\Windows\System\ierdRDw.exe
  2⤵
  PID:8488
- C:\Windows\System\HijLcLo.exe
  C:\Windows\System\HijLcLo.exe
  2⤵
  PID:8888
- C:\Windows\System\ibffMSj.exe
  C:\Windows\System\ibffMSj.exe
  2⤵
  PID:9152
- C:\Windows\System\fmRVsXz.exe
  C:\Windows\System\fmRVsXz.exe
  2⤵
  PID:9060
- C:\Windows\System\izAWSAB.exe
  C:\Windows\System\izAWSAB.exe
  2⤵
  PID:8872
- C:\Windows\System\XpYBTuJ.exe
  C:\Windows\System\XpYBTuJ.exe
  2⤵
  PID:9236
- C:\Windows\System\dJyeNOR.exe
  C:\Windows\System\dJyeNOR.exe
  2⤵
  PID:9264
- C:\Windows\System\tJyRJkf.exe
  C:\Windows\System\tJyRJkf.exe
  2⤵
  PID:9292
- C:\Windows\System\IJJxmIG.exe
  C:\Windows\System\IJJxmIG.exe
  2⤵
  PID:9308
- C:\Windows\System\TdlUyPG.exe
  C:\Windows\System\TdlUyPG.exe
  2⤵
  PID:9348
- C:\Windows\System\YSBNrFv.exe
  C:\Windows\System\YSBNrFv.exe
  2⤵
  PID:9376
- C:\Windows\System\iRcsLSa.exe
  C:\Windows\System\iRcsLSa.exe
  2⤵
  PID:9404
- C:\Windows\System\xgxQmAo.exe
  C:\Windows\System\xgxQmAo.exe
  2⤵
  PID:9432
- C:\Windows\System\iSSuFuc.exe
  C:\Windows\System\iSSuFuc.exe
  2⤵
  PID:9464
- C:\Windows\System\FptTOzB.exe
  C:\Windows\System\FptTOzB.exe
  2⤵
  PID:9488
- C:\Windows\System\RsAgdmZ.exe
  C:\Windows\System\RsAgdmZ.exe
  2⤵
  PID:9512
- C:\Windows\System\QgkOLSR.exe
  C:\Windows\System\QgkOLSR.exe
  2⤵
  PID:9552
- C:\Windows\System\runxEhj.exe
  C:\Windows\System\runxEhj.exe
  2⤵
  PID:9572
- C:\Windows\System\zYSHklj.exe
  C:\Windows\System\zYSHklj.exe
  2⤵
  PID:9600
- C:\Windows\System\zhBNlTE.exe
  C:\Windows\System\zhBNlTE.exe
  2⤵
  PID:9628
- C:\Windows\System\cVJmzqS.exe
  C:\Windows\System\cVJmzqS.exe
  2⤵
  PID:9660
- C:\Windows\System\pptRVhd.exe
  C:\Windows\System\pptRVhd.exe
  2⤵
  PID:9684
- C:\Windows\System\AZfiCGI.exe
  C:\Windows\System\AZfiCGI.exe
  2⤵
  PID:9712
- C:\Windows\System\jmGcaYy.exe
  C:\Windows\System\jmGcaYy.exe
  2⤵
  PID:9740
- C:\Windows\System\xWBULxn.exe
  C:\Windows\System\xWBULxn.exe
  2⤵
  PID:9768
- C:\Windows\System\AEURaHo.exe
  C:\Windows\System\AEURaHo.exe
  2⤵
  PID:9796
- C:\Windows\System\RFQCppl.exe
  C:\Windows\System\RFQCppl.exe
  2⤵
  PID:9824
- C:\Windows\System\iwTWhEV.exe
  C:\Windows\System\iwTWhEV.exe
  2⤵
  PID:9852
- C:\Windows\System\WJDZyCk.exe
  C:\Windows\System\WJDZyCk.exe
  2⤵
  PID:9880
- C:\Windows\System\EkhtLQf.exe
  C:\Windows\System\EkhtLQf.exe
  2⤵
  PID:9908
- C:\Windows\System\pzpdFnf.exe
  C:\Windows\System\pzpdFnf.exe
  2⤵
  PID:9940
- C:\Windows\System\jtQlSpc.exe
  C:\Windows\System\jtQlSpc.exe
  2⤵
  PID:9964
- C:\Windows\System\EmWQHBf.exe
  C:\Windows\System\EmWQHBf.exe
  2⤵
  PID:9992
- C:\Windows\System\sxFmMGu.exe
  C:\Windows\System\sxFmMGu.exe
  2⤵
  PID:10020
- C:\Windows\System\zouYvoV.exe
  C:\Windows\System\zouYvoV.exe
  2⤵
  PID:10048
- C:\Windows\System\lzpHIss.exe
  C:\Windows\System\lzpHIss.exe
  2⤵
  PID:10084
- C:\Windows\System\muSLpIx.exe
  C:\Windows\System\muSLpIx.exe
  2⤵
  PID:10104
- C:\Windows\System\BqPbMSm.exe
  C:\Windows\System\BqPbMSm.exe
  2⤵
  PID:10136
- C:\Windows\System\iRWDTJk.exe
  C:\Windows\System\iRWDTJk.exe
  2⤵
  PID:10160
- C:\Windows\System\IBeBGmM.exe
  C:\Windows\System\IBeBGmM.exe
  2⤵
  PID:10188
- C:\Windows\System\TToTIQo.exe
  C:\Windows\System\TToTIQo.exe
  2⤵
  PID:10216
- C:\Windows\System\YiBQWtq.exe
  C:\Windows\System\YiBQWtq.exe
  2⤵
  PID:9228
- C:\Windows\System\uvqaQdf.exe
  C:\Windows\System\uvqaQdf.exe
  2⤵
  PID:9284
- C:\Windows\System\sMoGWYj.exe
  C:\Windows\System\sMoGWYj.exe
  2⤵
  PID:9360
- C:\Windows\System\dYwQlGm.exe
  C:\Windows\System\dYwQlGm.exe
  2⤵
  PID:9416
- C:\Windows\System\FFTRYWB.exe
  C:\Windows\System\FFTRYWB.exe
  2⤵
  PID:9500
- C:\Windows\System\cNHMVDH.exe
  C:\Windows\System\cNHMVDH.exe
  2⤵
  PID:9560
- C:\Windows\System\IjFhtgj.exe
  C:\Windows\System\IjFhtgj.exe
  2⤵
  PID:9620
- C:\Windows\System\ezinpxo.exe
  C:\Windows\System\ezinpxo.exe
  2⤵
  PID:9680
- C:\Windows\System\vmlGvDC.exe
  C:\Windows\System\vmlGvDC.exe
  2⤵
  PID:9780
- C:\Windows\System\cZbdhEN.exe
  C:\Windows\System\cZbdhEN.exe
  2⤵
  PID:9820
- C:\Windows\System\gtCxYOE.exe
  C:\Windows\System\gtCxYOE.exe
  2⤵
  PID:9872
- C:\Windows\System\boLxlVw.exe
  C:\Windows\System\boLxlVw.exe
  2⤵
  PID:9928
- C:\Windows\System\IhcxeRT.exe
  C:\Windows\System\IhcxeRT.exe
  2⤵
  PID:9988
- C:\Windows\System\XQmLqOW.exe
  C:\Windows\System\XQmLqOW.exe
  2⤵
  PID:10072
- C:\Windows\System\oiFcrqq.exe
  C:\Windows\System\oiFcrqq.exe
  2⤵
  PID:10156
- C:\Windows\System\ABXNrAZ.exe
  C:\Windows\System\ABXNrAZ.exe
  2⤵
  PID:10212
- C:\Windows\System\TCQTcdV.exe
  C:\Windows\System\TCQTcdV.exe
  2⤵
  PID:8756
- C:\Windows\System\kJiULni.exe
  C:\Windows\System\kJiULni.exe
  2⤵
  PID:9452
- C:\Windows\System\RKLGDIP.exe
  C:\Windows\System\RKLGDIP.exe
  2⤵
  PID:9596
- C:\Windows\System\shPWirh.exe
  C:\Windows\System\shPWirh.exe
  2⤵
  PID:9816
- C:\Windows\System\PMtHXYl.exe
  C:\Windows\System\PMtHXYl.exe
  2⤵
  PID:10044
- C:\Windows\System\RhDgGMl.exe
  C:\Windows\System\RhDgGMl.exe
  2⤵
  PID:10096
- C:\Windows\System\yNDYOcB.exe
  C:\Windows\System\yNDYOcB.exe
  2⤵
  PID:9532
- C:\Windows\System\hGiRjdm.exe
  C:\Windows\System\hGiRjdm.exe
  2⤵
  PID:9904
- C:\Windows\System\kvVBzEp.exe
  C:\Windows\System\kvVBzEp.exe
  2⤵
  PID:9388
- C:\Windows\System\EGiSPKz.exe
  C:\Windows\System\EGiSPKz.exe
  2⤵
  PID:10248
- C:\Windows\System\zBnEbvT.exe
  C:\Windows\System\zBnEbvT.exe
  2⤵
  PID:10280
- C:\Windows\System\LmAjZkE.exe
  C:\Windows\System\LmAjZkE.exe
  2⤵
  PID:10308
- C:\Windows\System\FCbCeAm.exe
  C:\Windows\System\FCbCeAm.exe
  2⤵
  PID:10344
- C:\Windows\System\jIcZoAP.exe
  C:\Windows\System\jIcZoAP.exe
  2⤵
  PID:10372
- C:\Windows\System\UhmdPmC.exe
  C:\Windows\System\UhmdPmC.exe
  2⤵
  PID:10404
- C:\Windows\System\lFsmvcd.exe
  C:\Windows\System\lFsmvcd.exe
  2⤵
  PID:10428
- C:\Windows\System\GjtGbwp.exe
  C:\Windows\System\GjtGbwp.exe
  2⤵
  PID:10456
- C:\Windows\System\wAuczmL.exe
  C:\Windows\System\wAuczmL.exe
  2⤵
  PID:10484
- C:\Windows\System\qzDrOcB.exe
  C:\Windows\System\qzDrOcB.exe
  2⤵
  PID:10512
- C:\Windows\System\XMNWJYR.exe
  C:\Windows\System\XMNWJYR.exe
  2⤵
  PID:10544
- C:\Windows\System\OkZlxjR.exe
  C:\Windows\System\OkZlxjR.exe
  2⤵
  PID:10568
- C:\Windows\System\nydOBhG.exe
  C:\Windows\System\nydOBhG.exe
  2⤵
  PID:10596
- C:\Windows\System\WssWfWB.exe
  C:\Windows\System\WssWfWB.exe
  2⤵
  PID:10624
- C:\Windows\System\eQAfXDj.exe
  C:\Windows\System\eQAfXDj.exe
  2⤵
  PID:10652
- C:\Windows\System\JXFJrzN.exe
  C:\Windows\System\JXFJrzN.exe
  2⤵
  PID:10680
- C:\Windows\System\xkKDtqH.exe
  C:\Windows\System\xkKDtqH.exe
  2⤵
  PID:10708
- C:\Windows\System\fEZCXxo.exe
  C:\Windows\System\fEZCXxo.exe
  2⤵
  PID:10736
- C:\Windows\System\yzIkJPX.exe
  C:\Windows\System\yzIkJPX.exe
  2⤵
  PID:10764
- C:\Windows\System\KNeOmCZ.exe
  C:\Windows\System\KNeOmCZ.exe
  2⤵
  PID:10792
- C:\Windows\System\skhyCls.exe
  C:\Windows\System\skhyCls.exe
  2⤵
  PID:10820
- C:\Windows\System\bVoIGKh.exe
  C:\Windows\System\bVoIGKh.exe
  2⤵
  PID:10848
- C:\Windows\System\IRcJEol.exe
  C:\Windows\System\IRcJEol.exe
  2⤵
  PID:10876
- C:\Windows\System\FONMbZm.exe
  C:\Windows\System\FONMbZm.exe
  2⤵
  PID:10904
- C:\Windows\System\ZRgzhFK.exe
  C:\Windows\System\ZRgzhFK.exe
  2⤵
  PID:10932
- C:\Windows\System\RKzqCWL.exe
  C:\Windows\System\RKzqCWL.exe
  2⤵
  PID:10960
- C:\Windows\System\FYBDwml.exe
  C:\Windows\System\FYBDwml.exe
  2⤵
  PID:10988
- C:\Windows\System\QftVyfZ.exe
  C:\Windows\System\QftVyfZ.exe
  2⤵
  PID:11016
- C:\Windows\System\odyCMPE.exe
  C:\Windows\System\odyCMPE.exe
  2⤵
  PID:11036
- C:\Windows\System\vfquWws.exe
  C:\Windows\System\vfquWws.exe
  2⤵
  PID:11052
- C:\Windows\System\zTJwaBi.exe
  C:\Windows\System\zTJwaBi.exe
  2⤵
  PID:11076
- C:\Windows\System\tkJoNOc.exe
  C:\Windows\System\tkJoNOc.exe
  2⤵
  PID:11100
- C:\Windows\System\LXWVAgU.exe
  C:\Windows\System\LXWVAgU.exe
  2⤵
  PID:11120
- C:\Windows\System\GxMIOEs.exe
  C:\Windows\System\GxMIOEs.exe
  2⤵
  PID:11148
- C:\Windows\System\XXDSCfq.exe
  C:\Windows\System\XXDSCfq.exe
  2⤵
  PID:11176
- C:\Windows\System\WgPwotY.exe
  C:\Windows\System\WgPwotY.exe
  2⤵
  PID:11216
- C:\Windows\System\wKZDYSj.exe
  C:\Windows\System\wKZDYSj.exe
  2⤵
  PID:11232
- C:\Windows\System\qCprzGq.exe
  C:\Windows\System\qCprzGq.exe
  2⤵
  PID:9892
- C:\Windows\System\WfxSTUi.exe
  C:\Windows\System\WfxSTUi.exe
  2⤵
  PID:10304
- C:\Windows\System\ezJIvjW.exe
  C:\Windows\System\ezJIvjW.exe
  2⤵
  PID:10384
- C:\Windows\System\BKbYQBc.exe
  C:\Windows\System\BKbYQBc.exe
  2⤵
  PID:10476
- C:\Windows\System\APHdJwf.exe
  C:\Windows\System\APHdJwf.exe
  2⤵
  PID:10560
- C:\Windows\System\ycrIwvS.exe
  C:\Windows\System\ycrIwvS.exe
  2⤵
  PID:10620
- C:\Windows\System\biMxjYx.exe
  C:\Windows\System\biMxjYx.exe
  2⤵
  PID:10692
- C:\Windows\System\sjTBzTo.exe
  C:\Windows\System\sjTBzTo.exe
  2⤵
  PID:10756
- C:\Windows\System\NtqUMop.exe
  C:\Windows\System\NtqUMop.exe
  2⤵
  PID:10816
- C:\Windows\System\kYSMJJD.exe
  C:\Windows\System\kYSMJJD.exe
  2⤵
  PID:10900
- C:\Windows\System\JRFGkEb.exe
  C:\Windows\System\JRFGkEb.exe
  2⤵
  PID:10952
- C:\Windows\System\TQFEBic.exe
  C:\Windows\System\TQFEBic.exe
  2⤵
  PID:11032
- C:\Windows\System\FzkAQnc.exe
  C:\Windows\System\FzkAQnc.exe
  2⤵
  PID:11048
- C:\Windows\System\ONYsNZn.exe
  C:\Windows\System\ONYsNZn.exe
  2⤵
  PID:11136
- C:\Windows\System\YuFKLJk.exe
  C:\Windows\System\YuFKLJk.exe
  2⤵
  PID:11188
- C:\Windows\System\nJAzXww.exe
  C:\Windows\System\nJAzXww.exe
  2⤵
  PID:11248
- C:\Windows\System\OaurvpV.exe
  C:\Windows\System\OaurvpV.exe
  2⤵
  PID:10356
- C:\Windows\System\ZnEcnrL.exe
  C:\Windows\System\ZnEcnrL.exe
  2⤵
  PID:10508
- C:\Windows\System\HJUdRQv.exe
  C:\Windows\System\HJUdRQv.exe
  2⤵
  PID:10676
- C:\Windows\System\UbGKPBI.exe
  C:\Windows\System\UbGKPBI.exe
  2⤵
  PID:10844
- C:\Windows\System\XVLqgYu.exe
  C:\Windows\System\XVLqgYu.exe
  2⤵
  PID:11004
- C:\Windows\System\xJxHIMe.exe
  C:\Windows\System\xJxHIMe.exe
  2⤵
  PID:11132
- C:\Windows\System\VSYmsfa.exe
  C:\Windows\System\VSYmsfa.exe
  2⤵
  PID:10336
- C:\Windows\System\fDLYFtq.exe
  C:\Windows\System\fDLYFtq.exe
  2⤵
  PID:10616
- C:\Windows\System\KiyPrGv.exe
  C:\Windows\System\KiyPrGv.exe
  2⤵
  PID:10984
- C:\Windows\System\ERdFPrz.exe
  C:\Windows\System\ERdFPrz.exe
  2⤵
  PID:11200
- C:\Windows\System\mkCsdUV.exe
  C:\Windows\System\mkCsdUV.exe
  2⤵
  PID:10804
- C:\Windows\System\VQkQPKU.exe
  C:\Windows\System\VQkQPKU.exe
  2⤵
  PID:11268
- C:\Windows\System\aCUfUIB.exe
  C:\Windows\System\aCUfUIB.exe
  2⤵
  PID:11300
- C:\Windows\System\NhqGvPb.exe
  C:\Windows\System\NhqGvPb.exe
  2⤵
  PID:11336
- C:\Windows\System\qBqKySA.exe
  C:\Windows\System\qBqKySA.exe
  2⤵
  PID:11368
- C:\Windows\System\aXthLYg.exe
  C:\Windows\System\aXthLYg.exe
  2⤵
  PID:11396
- C:\Windows\System\ZSUGveE.exe
  C:\Windows\System\ZSUGveE.exe
  2⤵
  PID:11424
- C:\Windows\System\aYHLERL.exe
  C:\Windows\System\aYHLERL.exe
  2⤵
  PID:11452
- C:\Windows\System\yZcRuHQ.exe
  C:\Windows\System\yZcRuHQ.exe
  2⤵
  PID:11480
- C:\Windows\System\HVPaoYp.exe
  C:\Windows\System\HVPaoYp.exe
  2⤵
  PID:11508
- C:\Windows\System\KgpOeSG.exe
  C:\Windows\System\KgpOeSG.exe
  2⤵
  PID:11536
- C:\Windows\System\aEABLml.exe
  C:\Windows\System\aEABLml.exe
  2⤵
  PID:11564
- C:\Windows\System\WEofqFA.exe
  C:\Windows\System\WEofqFA.exe
  2⤵
  PID:11592
- C:\Windows\System\eTMuyNg.exe
  C:\Windows\System\eTMuyNg.exe
  2⤵
  PID:11620
- C:\Windows\System\gRSiktx.exe
  C:\Windows\System\gRSiktx.exe
  2⤵
  PID:11648
- C:\Windows\System\TecMECr.exe
  C:\Windows\System\TecMECr.exe
  2⤵
  PID:11676
- C:\Windows\System\IoGVFsI.exe
  C:\Windows\System\IoGVFsI.exe
  2⤵
  PID:11704
- C:\Windows\System\uizssga.exe
  C:\Windows\System\uizssga.exe
  2⤵
  PID:11732
- C:\Windows\System\aCguOOT.exe
  C:\Windows\System\aCguOOT.exe
  2⤵
  PID:11764
- C:\Windows\System\uaepLro.exe
  C:\Windows\System\uaepLro.exe
  2⤵
  PID:11792
- C:\Windows\System\uQyQPlH.exe
  C:\Windows\System\uQyQPlH.exe
  2⤵
  PID:11820
- C:\Windows\System\kUxHRKb.exe
  C:\Windows\System\kUxHRKb.exe
  2⤵
  PID:11848
- C:\Windows\System\QdVtVmN.exe
  C:\Windows\System\QdVtVmN.exe
  2⤵
  PID:11880
- C:\Windows\System\biXOZgx.exe
  C:\Windows\System\biXOZgx.exe
  2⤵
  PID:11908
- C:\Windows\System\ghMxQit.exe
  C:\Windows\System\ghMxQit.exe
  2⤵
  PID:11932
- C:\Windows\System\FXMARNt.exe
  C:\Windows\System\FXMARNt.exe
  2⤵
  PID:11960
- C:\Windows\System\HyiyLZI.exe
  C:\Windows\System\HyiyLZI.exe
  2⤵
  PID:11976
- C:\Windows\System\ocajZkD.exe
  C:\Windows\System\ocajZkD.exe
  2⤵
  PID:11996
- C:\Windows\System\ncSVJqJ.exe
  C:\Windows\System\ncSVJqJ.exe
  2⤵
  PID:12024
- C:\Windows\System\JcmFXFc.exe
  C:\Windows\System\JcmFXFc.exe
  2⤵
  PID:12048
- C:\Windows\System\EuKOtxp.exe
  C:\Windows\System\EuKOtxp.exe
  2⤵
  PID:12080
- C:\Windows\System\cHcUamk.exe
  C:\Windows\System\cHcUamk.exe
  2⤵
  PID:12120
- C:\Windows\System\TLrAMWH.exe
  C:\Windows\System\TLrAMWH.exe
  2⤵
  PID:12136
- C:\Windows\System\CwPtbRR.exe
  C:\Windows\System\CwPtbRR.exe
  2⤵
  PID:12172
- C:\Windows\System\bhPotNZ.exe
  C:\Windows\System\bhPotNZ.exe
  2⤵
  PID:12192
- C:\Windows\System\mUqlFFs.exe
  C:\Windows\System\mUqlFFs.exe
  2⤵
  PID:12212
- C:\Windows\System\nkqopWz.exe
  C:\Windows\System\nkqopWz.exe
  2⤵
  PID:12240
- C:\Windows\System\IIDoJGf.exe
  C:\Windows\System\IIDoJGf.exe
  2⤵
  PID:12268
- C:\Windows\System\pXaLbEE.exe
  C:\Windows\System\pXaLbEE.exe
  2⤵
  PID:10672
- C:\Windows\System\tFWYXtP.exe
  C:\Windows\System\tFWYXtP.exe
  2⤵
  PID:11360
- C:\Windows\System\cqmGOTZ.exe
  C:\Windows\System\cqmGOTZ.exe
  2⤵
  PID:11416
- C:\Windows\System\QEZKytW.exe
  C:\Windows\System\QEZKytW.exe
  2⤵
  PID:11476
- C:\Windows\System\fdhQmlp.exe
  C:\Windows\System\fdhQmlp.exe
  2⤵
  PID:11580
- C:\Windows\System\XZwqKiq.exe
  C:\Windows\System\XZwqKiq.exe
  2⤵
  PID:11668
- C:\Windows\System\TaparOL.exe
  C:\Windows\System\TaparOL.exe
  2⤵
  PID:11728
- C:\Windows\System\dsBtVZl.exe
  C:\Windows\System\dsBtVZl.exe
  2⤵
  PID:11812
- C:\Windows\System\kUFVLqr.exe
  C:\Windows\System\kUFVLqr.exe
  2⤵
  PID:11872
- C:\Windows\System\EsOMTGR.exe
  C:\Windows\System\EsOMTGR.exe
  2⤵
  PID:11972
- C:\Windows\System\FwbLfIv.exe
  C:\Windows\System\FwbLfIv.exe
  2⤵
  PID:12044
- C:\Windows\System\SuoCiQF.exe
  C:\Windows\System\SuoCiQF.exe
  2⤵
  PID:12040
- C:\Windows\System\tMFadei.exe
  C:\Windows\System\tMFadei.exe
  2⤵
  PID:12128
- C:\Windows\System\enLWpYa.exe
  C:\Windows\System\enLWpYa.exe
  2⤵
  PID:12200
- C:\Windows\System\QGpLVdf.exe
  C:\Windows\System\QGpLVdf.exe
  2⤵
  PID:12248
- C:\Windows\System\gAqmvxO.exe
  C:\Windows\System\gAqmvxO.exe
  2⤵
  PID:11280
- C:\Windows\System\pSZvWao.exe
  C:\Windows\System\pSZvWao.exe
  2⤵
  PID:11472
- C:\Windows\System\BEJGPjm.exe
  C:\Windows\System\BEJGPjm.exe
  2⤵
  PID:4828
- C:\Windows\System\koiBRWu.exe
  C:\Windows\System\koiBRWu.exe
  2⤵
  PID:11696
- C:\Windows\System\viSuwPZ.exe
  C:\Windows\System\viSuwPZ.exe
  2⤵
  PID:11868
- C:\Windows\System\JiGWeNg.exe
  C:\Windows\System\JiGWeNg.exe
  2⤵
  PID:12104
- C:\Windows\System\blNhVTc.exe
  C:\Windows\System\blNhVTc.exe
  2⤵
  PID:12280
- C:\Windows\System\GXDIeCl.exe
  C:\Windows\System\GXDIeCl.exe
  2⤵
  PID:11504
- C:\Windows\System\fmyySkK.exe
  C:\Windows\System\fmyySkK.exe
  2⤵
  PID:11840
- C:\Windows\System\sziPcOR.exe
  C:\Windows\System\sziPcOR.exe
  2⤵
  PID:12232
- C:\Windows\System\xWlpkGu.exe
  C:\Windows\System\xWlpkGu.exe
  2⤵
  PID:12068
- C:\Windows\System\ZCKxuHm.exe
  C:\Windows\System\ZCKxuHm.exe
  2⤵
  PID:12316
- C:\Windows\System\WsKipXI.exe
  C:\Windows\System\WsKipXI.exe
  2⤵
  PID:12344
- C:\Windows\System\AmFFCpK.exe
  C:\Windows\System\AmFFCpK.exe
  2⤵
  PID:12372
- C:\Windows\System\lwLPlpf.exe
  C:\Windows\System\lwLPlpf.exe
  2⤵
  PID:12400
- C:\Windows\System\eSyWkMd.exe
  C:\Windows\System\eSyWkMd.exe
  2⤵
  PID:12428
- C:\Windows\System\GwrrpvK.exe
  C:\Windows\System\GwrrpvK.exe
  2⤵
  PID:12452
- C:\Windows\System\OMIhHiW.exe
  C:\Windows\System\OMIhHiW.exe
  2⤵
  PID:12476
- C:\Windows\System\yCqHvqD.exe
  C:\Windows\System\yCqHvqD.exe
  2⤵
  PID:12500
- C:\Windows\System\UfAxltc.exe
  C:\Windows\System\UfAxltc.exe
  2⤵
  PID:12528
- C:\Windows\System\RsoQfDR.exe
  C:\Windows\System\RsoQfDR.exe
  2⤵
  PID:12560
- C:\Windows\System\MXUsfKg.exe
  C:\Windows\System\MXUsfKg.exe
  2⤵
  PID:12592
- C:\Windows\System\GRwVpDy.exe
  C:\Windows\System\GRwVpDy.exe
  2⤵
  PID:12660
- C:\Windows\System\wnrpxnl.exe
  C:\Windows\System\wnrpxnl.exe
  2⤵
  PID:12680
- C:\Windows\System\puhBbBt.exe
  C:\Windows\System\puhBbBt.exe
  2⤵
  PID:12708
- C:\Windows\System\rXnAVuF.exe
  C:\Windows\System\rXnAVuF.exe
  2⤵
  PID:12752
- C:\Windows\System\rXthmpp.exe
  C:\Windows\System\rXthmpp.exe
  2⤵
  PID:12788
- C:\Windows\System\EqcoGHe.exe
  C:\Windows\System\EqcoGHe.exe
  2⤵
  PID:12820
- C:\Windows\System\envosCy.exe
  C:\Windows\System\envosCy.exe
  2⤵
  PID:12844
- C:\Windows\System\EmvPmBg.exe
  C:\Windows\System\EmvPmBg.exe
  2⤵
  PID:12892
- C:\Windows\System\GGyjZJJ.exe
  C:\Windows\System\GGyjZJJ.exe
  2⤵
  PID:12912
- C:\Windows\System\dJnkiLs.exe
  C:\Windows\System\dJnkiLs.exe
  2⤵
  PID:12952
- C:\Windows\System\KkfXSOP.exe
  C:\Windows\System\KkfXSOP.exe
  2⤵
  PID:12972
- C:\Windows\System\aGnRYZo.exe
  C:\Windows\System\aGnRYZo.exe
  2⤵
  PID:12996
- C:\Windows\System\ZXKGgVs.exe
  C:\Windows\System\ZXKGgVs.exe
  2⤵
  PID:13024
- C:\Windows\System\XNhgIdr.exe
  C:\Windows\System\XNhgIdr.exe
  2⤵
  PID:13060
- C:\Windows\System\ksolnhD.exe
  C:\Windows\System\ksolnhD.exe
  2⤵
  PID:13092
- C:\Windows\System\oJaFtIW.exe
  C:\Windows\System\oJaFtIW.exe
  2⤵
  PID:13120
- C:\Windows\System\UkBESkI.exe
  C:\Windows\System\UkBESkI.exe
  2⤵
  PID:13144
- C:\Windows\System\hMvhuFe.exe
  C:\Windows\System\hMvhuFe.exe
  2⤵
  PID:13180
- C:\Windows\System\nPreAGw.exe
  C:\Windows\System\nPreAGw.exe
  2⤵
  PID:13208
- C:\Windows\System\yWwuXJt.exe
  C:\Windows\System\yWwuXJt.exe
  2⤵
  PID:13232
- C:\Windows\System\lCsvMfc.exe
  C:\Windows\System\lCsvMfc.exe
  2⤵
  PID:13256
- C:\Windows\System\jnrmrjG.exe
  C:\Windows\System\jnrmrjG.exe
  2⤵
  PID:13292
- C:\Windows\System\AoDNbuU.exe
  C:\Windows\System\AoDNbuU.exe
  2⤵
  PID:12312
- C:\Windows\System\LkHsFfg.exe
  C:\Windows\System\LkHsFfg.exe
  2⤵
  PID:12368
- C:\Windows\System\muArMix.exe
  C:\Windows\System\muArMix.exe
  2⤵
  PID:12412
- C:\Windows\System\HPSHbqZ.exe
  C:\Windows\System\HPSHbqZ.exe
  2⤵
  PID:12464
- C:\Windows\System\FTqqBFy.exe
  C:\Windows\System\FTqqBFy.exe
  2⤵
  PID:12524
- C:\Windows\System\hdZNuIb.exe
  C:\Windows\System\hdZNuIb.exe
  2⤵
  PID:12644
- C:\Windows\System\qKfeRTa.exe
  C:\Windows\System\qKfeRTa.exe
  2⤵
  PID:12700
- C:\Windows\System\klGGxio.exe
  C:\Windows\System\klGGxio.exe
  2⤵
  PID:12776
- C:\Windows\System\FpqzlCI.exe
  C:\Windows\System\FpqzlCI.exe
  2⤵
  PID:12836
- C:\Windows\System\ZKQSXLN.exe
  C:\Windows\System\ZKQSXLN.exe
  2⤵
  PID:12856
- C:\Windows\System\mmbODJP.exe
  C:\Windows\System\mmbODJP.exe
  2⤵
  PID:12928
- C:\Windows\System\jMulgxP.exe
  C:\Windows\System\jMulgxP.exe
  2⤵
  PID:13072
- C:\Windows\System\LLFOhRz.exe
  C:\Windows\System\LLFOhRz.exe
  2⤵
  PID:13052
- C:\Windows\System\zAPvhbB.exe
  C:\Windows\System\zAPvhbB.exe
  2⤵
  PID:13128
- C:\Windows\System\UmrNqjg.exe
  C:\Windows\System\UmrNqjg.exe
  2⤵
  PID:13108
- C:\Windows\System\tVKjeLQ.exe
  C:\Windows\System\tVKjeLQ.exe
  2⤵
  PID:13244
- C:\Windows\System\zCmYgeN.exe
  C:\Windows\System\zCmYgeN.exe
  2⤵
  PID:13276
- C:\Windows\System\FsLgwEO.exe
  C:\Windows\System\FsLgwEO.exe
  2⤵
  PID:12520
- C:\Windows\System\ThQxzFx.exe
  C:\Windows\System\ThQxzFx.exe
  2⤵
  PID:12548
- C:\Windows\System\iZaPwqQ.exe
  C:\Windows\System\iZaPwqQ.exe
  2⤵
  PID:12764
- C:\Windows\System\eaxaiUv.exe
  C:\Windows\System\eaxaiUv.exe
  2⤵
  PID:12860
- C:\Windows\System\qrLBczs.exe
  C:\Windows\System\qrLBczs.exe
  2⤵
  PID:12964
- C:\Windows\System\hLykNgX.exe
  C:\Windows\System\hLykNgX.exe
  2⤵
  PID:3464
- C:\Windows\System\GUOLwvI.exe
  C:\Windows\System\GUOLwvI.exe
  2⤵
  PID:13328
- C:\Windows\System\apKXeqv.exe
  C:\Windows\System\apKXeqv.exe
  2⤵
  PID:13348
- C:\Windows\System\mPypVfz.exe
  C:\Windows\System\mPypVfz.exe
  2⤵
  PID:13380
- C:\Windows\System\qNHdJFV.exe
  C:\Windows\System\qNHdJFV.exe
  2⤵
  PID:13416
- C:\Windows\System\ReOyyup.exe
  C:\Windows\System\ReOyyup.exe
  2⤵
  PID:13432
- C:\Windows\System\TGmJYHP.exe
  C:\Windows\System\TGmJYHP.exe
  2⤵
  PID:13464
- C:\Windows\System\DVNUoSs.exe
  C:\Windows\System\DVNUoSs.exe
  2⤵
  PID:13488
- C:\Windows\System\ZCcgalL.exe
  C:\Windows\System\ZCcgalL.exe
  2⤵
  PID:13516
- C:\Windows\System\RMnoXwC.exe
  C:\Windows\System\RMnoXwC.exe
  2⤵
  PID:13552
- C:\Windows\System\dHVYzdT.exe
  C:\Windows\System\dHVYzdT.exe
  2⤵
  PID:13632
- C:\Windows\System\ekLPJzo.exe
  C:\Windows\System\ekLPJzo.exe
  2⤵
  PID:13664
- C:\Windows\System\ZltNFFe.exe
  C:\Windows\System\ZltNFFe.exe
  2⤵
  PID:13700
- C:\Windows\System\unGZKUQ.exe
  C:\Windows\System\unGZKUQ.exe
  2⤵
  PID:13736
- C:\Windows\System\kBwijhM.exe
  C:\Windows\System\kBwijhM.exe
  2⤵
  PID:13764
- C:\Windows\System\hGSOuMB.exe
  C:\Windows\System\hGSOuMB.exe
  2⤵
  PID:13796
- C:\Windows\System\RSJPLEx.exe
  C:\Windows\System\RSJPLEx.exe
  2⤵
  PID:13836
- C:\Windows\System\ayTvPBT.exe
  C:\Windows\System\ayTvPBT.exe
  2⤵
  PID:13880
- C:\Windows\System\qSClyOb.exe
  C:\Windows\System\qSClyOb.exe
  2⤵
  PID:13908
- C:\Windows\System\SFvSiVW.exe
  C:\Windows\System\SFvSiVW.exe
  2⤵
  PID:13936
- C:\Windows\System\jDGYZHq.exe
  C:\Windows\System\jDGYZHq.exe
  2⤵
  PID:13964
- C:\Windows\System\StWfJaw.exe
  C:\Windows\System\StWfJaw.exe
  2⤵
  PID:13992
- C:\Windows\System\WMBVDHv.exe
  C:\Windows\System\WMBVDHv.exe
  2⤵
  PID:14028
- C:\Windows\System\jFNbUaO.exe
  C:\Windows\System\jFNbUaO.exe
  2⤵
  PID:14060
- C:\Windows\System\fPpNOxN.exe
  C:\Windows\System\fPpNOxN.exe
  2⤵
  PID:14088
- C:\Windows\System\FpVciFJ.exe
  C:\Windows\System\FpVciFJ.exe
  2⤵
  PID:14116
- C:\Windows\System\JbkDsBF.exe
  C:\Windows\System\JbkDsBF.exe
  2⤵
  PID:14144
- C:\Windows\System\NFPCTQv.exe
  C:\Windows\System\NFPCTQv.exe
  2⤵
  PID:14172
- C:\Windows\System\UHYzpVz.exe
  C:\Windows\System\UHYzpVz.exe
  2⤵
  PID:14200
- C:\Windows\System\bhvwRXe.exe
  C:\Windows\System\bhvwRXe.exe
  2⤵
  PID:14228
- C:\Windows\System\NKfDXMn.exe
  C:\Windows\System\NKfDXMn.exe
  2⤵
  PID:14256
- C:\Windows\System\VTkiaXU.exe
  C:\Windows\System\VTkiaXU.exe
  2⤵
  PID:14284
- C:\Windows\System\udNitGg.exe
  C:\Windows\System\udNitGg.exe
  2⤵
  PID:14304
- C:\Windows\System\Uitdbzx.exe
  C:\Windows\System\Uitdbzx.exe
  2⤵
  PID:14328
- C:\Windows\System\CYBxqTC.exe
  C:\Windows\System\CYBxqTC.exe
  2⤵
  PID:13280
- C:\Windows\System\RvmsFEf.exe
  C:\Windows\System\RvmsFEf.exe
  2⤵
  PID:12900
- C:\Windows\System\SNiORUe.exe
  C:\Windows\System\SNiORUe.exe
  2⤵
  PID:12668
- C:\Windows\System\mGMZcJa.exe
  C:\Windows\System\mGMZcJa.exe
  2⤵
  PID:13412
- C:\Windows\System\vbPQVKF.exe
  C:\Windows\System\vbPQVKF.exe
  2⤵
  PID:5100
- C:\Windows\System\iOUdtgx.exe
  C:\Windows\System\iOUdtgx.exe
  2⤵
  PID:13480
- C:\Windows\System\BHTeihC.exe
  C:\Windows\System\BHTeihC.exe
  2⤵
  PID:13504
- C:\Windows\System\nclmRIA.exe
  C:\Windows\System\nclmRIA.exe
  2⤵
  PID:13656
- C:\Windows\System\ZWIIEIJ.exe
  C:\Windows\System\ZWIIEIJ.exe
  2⤵
  PID:13720
- C:\Windows\System\CmuQjRu.exe
  C:\Windows\System\CmuQjRu.exe
  2⤵
  PID:13784
- C:\Windows\System\HtnCaZa.exe
  C:\Windows\System\HtnCaZa.exe
  2⤵
  PID:1484
- C:\Windows\System\GBCOygF.exe
  C:\Windows\System\GBCOygF.exe
  2⤵
  PID:13904
- C:\Windows\System\juAqHym.exe
  C:\Windows\System\juAqHym.exe
  2⤵
  PID:13952
- C:\Windows\System\jfSQVYh.exe
  C:\Windows\System\jfSQVYh.exe
  2⤵
  PID:14016
- C:\Windows\System\vNskHtH.exe
  C:\Windows\System\vNskHtH.exe
  2⤵
  PID:14084
- C:\Windows\System\JEMHGsU.exe
  C:\Windows\System\JEMHGsU.exe
  2⤵
  PID:14128
- C:\Windows\System\OUfVVzr.exe
  C:\Windows\System\OUfVVzr.exe
  2⤵
  PID:14184
- C:\Windows\System\SBPwWpz.exe
  C:\Windows\System\SBPwWpz.exe
  2⤵
  PID:14248
- C:\Windows\System\acVvLJI.exe
  C:\Windows\System\acVvLJI.exe
  2⤵
  PID:14280
- C:\Windows\System\vCDtbMJ.exe
  C:\Windows\System\vCDtbMJ.exe
  2⤵
  PID:14316
- C:\Windows\System\jmAFoZI.exe
  C:\Windows\System\jmAFoZI.exe
  2⤵
  PID:13376
- C:\Windows\System\YEufamI.exe
  C:\Windows\System\YEufamI.exe
  2⤵
  PID:13476
- C:\Windows\System\rPrJWJl.exe
  C:\Windows\System\rPrJWJl.exe
  2⤵
  PID:13676
- C:\Windows\System\faoskgd.exe
  C:\Windows\System\faoskgd.exe
  2⤵
  PID:13816
- C:\Windows\System\MBtpgif.exe
  C:\Windows\System\MBtpgif.exe
  2⤵
  PID:13932
- C:\Windows\System\gmoOQUA.exe
  C:\Windows\System\gmoOQUA.exe
  2⤵
  PID:5028
- C:\Windows\System\VwrpVFF.exe
  C:\Windows\System\VwrpVFF.exe
  2⤵
  PID:14220
- C:\Windows\System\QSnTBYw.exe
  C:\Windows\System\QSnTBYw.exe
  2⤵
  PID:14292
- C:\Windows\System\GeCjZGZ.exe
  C:\Windows\System\GeCjZGZ.exe
  2⤵
  PID:13512
- C:\Windows\System\LhmNdac.exe
  C:\Windows\System\LhmNdac.exe
  2⤵
  PID:13848
- C:\Windows\System\bNHWAtn.exe
  C:\Windows\System\bNHWAtn.exe
  2⤵
  PID:14224
- C:\Windows\System\JttqbCz.exe
  C:\Windows\System\JttqbCz.exe
  2⤵
  PID:13340
- C:\Windows\System\nCTPpiE.exe
  C:\Windows\System\nCTPpiE.exe
  2⤵
  PID:14164
- C:\Windows\System\JxCcxFl.exe
  C:\Windows\System\JxCcxFl.exe
  2⤵
  PID:14008
- C:\Windows\System\CmvnEVD.exe
  C:\Windows\System\CmvnEVD.exe
  2⤵
  PID:14360
- C:\Windows\System\oEtfKXk.exe
  C:\Windows\System\oEtfKXk.exe
  2⤵
  PID:14380
- C:\Windows\System\ZmFeMgr.exe
  C:\Windows\System\ZmFeMgr.exe
  2⤵
  PID:14408
- C:\Windows\System\rILcKUq.exe
  C:\Windows\System\rILcKUq.exe
  2⤵
  PID:14436
- C:\Windows\System\tBErNRC.exe
  C:\Windows\System\tBErNRC.exe
  2⤵
  PID:14452
- C:\Windows\System\SvuAiAH.exe
  C:\Windows\System\SvuAiAH.exe
  2⤵
  PID:14488

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BhUWsrk.exe

Filesize
2.0MB

MD5
2ff89ab6fd6fcdda0d2fc1e7a7625faa

SHA1
888bed3b857d483543545fbdf623b72692ba830c

SHA256
eb9ae6bb88f196e744e4aba13bde66d2b1524250ea3592c03159af9e8545adea

SHA512
24c31fefbe9fa3aff0981929548a620d641331d8573b9456219627907ca4e2379afc20f22c187be500b49b365a955f3abf8864eec564250527301ed37e2675fc

Download Submit
C:\Windows\System\BonypAM.exe

Filesize
1.2MB

MD5
15d3b21fb6b60ceca9e41dc5b0f69d37

SHA1
377747fee527ce31cf2668667772a804ea9ae912

SHA256
6b42b82b0b1e8e760aa72d0d7bb28181cb641eb4688c657af8f37cefccd2dae3

SHA512
7bcd0215a0f0f9e76e9d1443828f619aa04f4fe75892971c7d829da3fb541616fd3198b6ebb266cea188976907fe3f8f2bde6beaa6fa746a0a3f9071e449f5b4

Download Submit
C:\Windows\System\BonypAM.exe

Filesize
2.0MB

MD5
aede7f9a47880ca235b6f7ae7ad9e04b

SHA1
085ca175403eb06e538d753640e0569316a00154

SHA256
f7b8bd73c0b9be4fea1c348f6b9c0418e4c7df7502b7bf09aa31999ddfd6d58c

SHA512
4cdd00a5814609474de5af6ed0d8f905868544e930f5e584b6ed6cfbff4a9970c3f7dc5de00390fad2dcda44a00ae0f259fa83d97e7e2fd6b90668dd9abb6acc

Download Submit
C:\Windows\System\EotlNnu.exe

Filesize
2.0MB

MD5
cc0824cfdc22b4a90fcc55b55346e081

SHA1
0063a9ee1a5bfbfb03500d4dc9b5135a9366237e

SHA256
581397f809f81841f8f7287b3507df36118d4bcc908184714b6f30bfe619480d

SHA512
7584d28a07303f94b7e842d9a9cc2f3182ec0453b5ce822400f8a7841caca2589357134c09dde62d8d65cd268c9dd585ba6112ec628c271def2a5d98a1d0d699

Download Submit
C:\Windows\System\FFeiksn.exe

Filesize
2.0MB

MD5
8b2baf0916831c8fdcf154a5b3b892eb

SHA1
1e78637b197cdc87af62a0d695d754ecfb63c146

SHA256
9680792797e61c84a6214541783dd039c78d8b19b66ec5cfeb47f39c82c30acc

SHA512
011667f87a99e1f3c36241f69fbb930435c5bf48178a92dad71c6cef8009b55d07398fb56cbfd8b3d5dd577ea515a8c3a305ec9278442ddb3ac235a3f7ce8a48

Download Submit
C:\Windows\System\FNJdFSK.exe

Filesize
2.0MB

MD5
0b36a912a1a3e8ed591a1158377f576f

SHA1
6e50ead56fe1885c52a064216abf1b73420033cd

SHA256
f5168e377c94ad51913236dbb6aad1e2d96065647bfab48261b76a38bb80de87

SHA512
de39011a075ee7e8c1bdcd3094bc0650ec734f3201d17d8f5736eecf95df0843879ddaa5e9a36a3915bef87d8dfb838d170bc46fc0b45429aac9a530cc535140

Download Submit
C:\Windows\System\GqfcrPn.exe

Filesize
2.0MB

MD5
c55e7e5aeeed2102df0c7fcfb161d9f0

SHA1
8c834b07e4d6dd7928f5b7d249890881d4431a2b

SHA256
253aac84a0fbcf4411e91908c4ee2d7e0945ff084e661d2062dcadd5b82e0f2c

SHA512
904c51f0b8dc4bdf77445f2af7231d28e6b725bcb5f275ef162fa6bbd09a85900c888e1a50c2c1625c652842403977d2cf30af01551a5931e120bc790bba8ffc

Download Submit
C:\Windows\System\GqfcrPn.exe

Filesize
1.8MB

MD5
89d6e1e0b4de4a756b63f3099d73bd63

SHA1
476003ba62aeb1282af1cf7acbb054b2ba074430

SHA256
3f1493e9f618653002937dd90542ea6e7ca9de926a514ed5c27a0cf0f3c9602b

SHA512
b7a25f15586922f368ef759eea8365b1398e3dc716d10fbfbc9f5f6381b50fd5f328afdd3ac23a9400cf7e8758116f7c7f86c0273394ab7dbed00c8f8a14fcd2

Download Submit
C:\Windows\System\Hqpabvv.exe

Filesize
2.0MB

MD5
d33da8274a88ace77df8ffc740d9b39f

SHA1
1494091b9e394b31f216d5b2a4de3b18b48819e9

SHA256
dc425312602ecd5e629bfce219caace2c63bafc4c76e3a76e066c9297f69c409

SHA512
4724110b44fec6baea0f2003175c5832262db7d805926d6eecc104e3599634de3e14eb3f0d902cf0f956ce2caf90c8c60da14792b23e390007c47eda516a4103

Download Submit
C:\Windows\System\IuqbHYQ.exe

Filesize
2.0MB

MD5
248f10e2134c2624c728591cb6226fe4

SHA1
bb540c6a60db8cfb031ad2265e71812562c792ef

SHA256
9014a60303b30952c8edcec94cdb72d5426116393152766136388b519f764f3b

SHA512
07603de03ecf2255c75cf249bbdb78c6f5dce862ad179ae2dfb19775fa3b8599db4b04cd95060f1609225e3503bfca6413bd01255a9e5ed44286d872bfa889a8

Download Submit
C:\Windows\System\KIGGRqp.exe

Filesize
2.0MB

MD5
5b63f332236970e03c4f5ae384727dff

SHA1
469905fb4c67f9535995379992a3da8e624289cb

SHA256
4df142d5d7cdb43d366680d5bdcc7937f8f46653696084e14c34fbb1f774b41e

SHA512
c917f011c4c7f9eaa047dcc8135a81f263e0c7a40a443b47f0db624eac13ab677e25aa1afb3c73c9a6aae56e8780a3a99856f15661e86b420ed33b33370bbaf8

Download Submit
C:\Windows\System\OuuwDQO.exe

Filesize
2.0MB

MD5
970a2b12957edfb21cd96a17a1dd6551

SHA1
cf4a526958524bf3750c3e6b7d094d3f61e36118

SHA256
a70895d625ef2898dcea86ddb270ef3658c8e619d448f4cfed62859bfdf8e768

SHA512
b934b30005c75228ff17d724dfcd98ee6ff51c127c5be8ac94186efaefc4621cbdd8565786fc972a7588b35ee6b7af2ef596b442ed6f59bc358eeb4d71aa4a07

Download Submit
C:\Windows\System\PzeJeGD.exe

Filesize
2.0MB

MD5
8a1843afc8e753b5cfaa301b2a9748af

SHA1
f1d59603f00526b01b11a6175da6f02ef1c0bc4b

SHA256
e99fe8c581909874c1472d5ac9ebf4362c49e5b61713aa72d30fedbf7012f076

SHA512
d87e833646814bd2264d06104b8a0ee3a48dcd9d4975cc4bae018590d24f1f08c987b382e132dc9dc2bc4b047b8ff823eac8ac3349ff12c4a915ecf1cd246514

Download Submit
C:\Windows\System\STAOFpw.exe

Filesize
2.0MB

MD5
8df2a6ee10faf5e04cb1204f15a7b251

SHA1
bc880a6309cc4e2d07c15f7b91f06881978b51eb

SHA256
32525a5865bf79a6d3028cf76e346e2b6cc5f64ff9792d9f224211e87d960834

SHA512
64dec8030fd77de5eac3304b786aff6d55c0a786c989ac38986eb42c6d50aca2bd39daeed907b90ee4d171e16c3638f3433364e51cd1b491cae90faa329a996d

Download Submit
C:\Windows\System\STSAFYo.exe

Filesize
2.0MB

MD5
a12aa6eaed9591651a94370f377abeb2

SHA1
e20653b737e28e757f165cb6bb555e03f9946f6f

SHA256
36a908150880899f193944e65e20e71af37b926323577330e86cbbe387d7c346

SHA512
851ba978d3080d3a5bbb09e660410b844add648152a55bac1c91b55170a2352384e7701b252ec01e81c1fb3fac0505cfa275184c14ee3a8aebb2020e0659e2be

Download Submit
C:\Windows\System\UfnnDJT.exe

Filesize
960KB

MD5
180ec18cff675908ea09fb02b8edeae7

SHA1
908a0fde6e66598e819044f800d2fb12a2c2d5e4

SHA256
35e0571c2720559fc2e392ef1ac01a4890a7f5a52de790fe0560ba1ddb8b0978

SHA512
f4efca4f8c80307ac309f06271cca1b553bd93330b442aaa71749f3ce5f3d47dab778dbee66162c088762bb8f4726a65ed8e5313f9bd8da09d951b910b9f8e49

Download Submit
C:\Windows\System\UfnnDJT.exe

Filesize
1.3MB

MD5
e9a1ae0edf64e82f0acecf9e9700b190

SHA1
4e20707c20cc9b872368d4e26720bc90ecf3dfdc

SHA256
ee245e9fc6a16033bcbb63fc94d5bb49fb373301d28defef3d2e960ebd146192

SHA512
d0cd8a652ce5b55d6e8f60fc04b72dcb171d4fda0ec14693fc815d822a5f2d611356c07dd8c186923b320eb3da849c957b271630b1f5d323e520132b33185abc

Download Submit
C:\Windows\System\WQsnVLk.exe

Filesize
2.0MB

MD5
985f48c45f6aae9c81db6bebc1d32634

SHA1
d6552b73b55176760149e0bf44222b816e91335e

SHA256
000b4c474dcd34f712868f34eb923de6921bb88c9a2d3d473639baf684788881

SHA512
23d012ee507c4a5aef7e23bf74d7c189e1f8fc2f459ef0da3f8555af5def30e503ee0d7a894d84e599a4a0f6530cb5ca24251537aaff564129e7cb8e8ff2c75b

Download Submit
C:\Windows\System\XmwglIt.exe

Filesize
2.0MB

MD5
efc2c750122eb5a38b48e3fdd1b77367

SHA1
74493aa8313a8067ec91798b998ff37839ace659

SHA256
957cc49b6e9ab6f95dc0e6011bf930c1c3e510f0e7576653e78a896aa2f3a6a7

SHA512
78cfd637d64451d5eba617b4033c5651589f8d6684228d6feae9b952b448fff00a3d3093e645b5e769aa0b92db152340179c2c56ab5263836b594610fa055076

Download Submit
C:\Windows\System\YEIdbaP.exe

Filesize
2.0MB

MD5
3a9d2faf3e6261711edb159f14c8f77f

SHA1
449edf8f8731efb212820874fba7b83dc278dca4

SHA256
37bb01a0995d19e210e6c7f91c16363cd651ed229289eecab8d14c213bd02a68

SHA512
4e41f17d91b01546f2703464ad5d110fc31f7432a22ea4ee16b5862f8a554d1124b8e7bb732098fdf0ab154031060479cbb76bf616e825fecc9aeef3ac8c51d8

Download Submit
C:\Windows\System\aBTapdP.exe

Filesize
2.0MB

MD5
2e6ad8d239c8808d1a97fa5d6017d05f

SHA1
b0561f543b05afee8d9363b10877a93dc6b4c3b0

SHA256
3963d7e8341be14e3ae9e7ddd0facd90cf7bc994f350f7b0039af5507fbacd83

SHA512
32cb458bbda0a9c2d54d8a0ba4f4f3cafe8968d2255345753899cc401f9535bd9713d30c85e11322e7616d1da9202a573f92db65b0f73fc5d40564752d984062

Download Submit
C:\Windows\System\aFZmZGK.exe

Filesize
2.0MB

MD5
7cf7cce27a73af72018d0e88e6717890

SHA1
fd2246fbd3d91b7bdd30d55e42e284085276605f

SHA256
7a546ea9377c7721c0176727b87f86eb9bd76c4e90b52bfb564371c65fe2bb70

SHA512
94b909c6b78b4ea43a2eb474e211f1963495156ea1d028fe4df3cfeff5905c43d4eee889ee18d443deb8664b5ccb7c911ef948f0c019dbe98f0e61416bd2fdf2

Download Submit
C:\Windows\System\bFnTFew.exe

Filesize
2.0MB

MD5
08f16ca7075262284a79e3eeab52ec5f

SHA1
0457e04a08a9196bf2db3804a92989298ae9505d

SHA256
8cc21345b35c52e6c872e6d99d2a17faf5f6292abb71870505626b50b9eaec9c

SHA512
03d316b9c2bcceacd70a741a27cb478a9e9c0d3e4cdd3db675a727ce170775aa3d9ba7d35de98877e5d110ade07e4f4d878d26bfdfe12dc6e269daad0dcb9769

Download Submit
C:\Windows\System\gKBFgxN.exe

Filesize
2.0MB

MD5
a5b5645804e1ca07ee93a495b5c1d2d7

SHA1
28f56555a31c7fe62a4e7cccfe52c293f7a98171

SHA256
6d99ed9dd0e1bc1cabcdf1ae71daa87d6b7a6a482082bec8e44f050b5cd3c9ff

SHA512
06f59bff3912f0edc0ed6d1907873a68f08c853c4522d6dce1c3990554594b8742548717d0c96a463f6f2a0abffe6ff9d0b93c01f95522a2e36fe6e99a072a28

Download Submit
C:\Windows\System\gKKeuqU.exe

Filesize
2.0MB

MD5
afdc3311c7fd7cada9e475b954250607

SHA1
e6f4d8cb9921def893bbeaabdf066302a8f674ba

SHA256
af4ed5704a751a021d27e76d241b2057b274c493c362d844943e57a9896126c2

SHA512
3a6fd2d0260d7ff7adfc2a2a12064b9bca1b78378fb1a82778d5d210aff500f2c0c849766709670cdb2fb9cf383c9c0f28c7dba057803712fefd8fd2994eef5d

Download Submit
C:\Windows\System\hJEDpZa.exe

Filesize
2.0MB

MD5
50006c25b69b1c8dcea335da125bc492

SHA1
0109680ee14b8756d6270078496b027484f12064

SHA256
249b25accab4bf86bf6b0aa9ed621294b0338f9f4c7aadfde5f280201b41ca25

SHA512
db86b8946662c0066085411977c486bc5ad5ec01dbc2eef26e0e58f894ba57d344e1eed77fa409505fb157550eaa3992028be888ffb2c5d76da45a92ade21b2d

Download Submit
C:\Windows\System\jjAPnqc.exe

Filesize
2.0MB

MD5
73db2c7ea9591e26fbd8f9ab90a8aeee

SHA1
4ec4125d18764e6d5d06b86a98c4b62e21a4641a

SHA256
c7cff0198bbd4b00e647551caf1923358ec8cb069a887de398f81de5d9a99cfe

SHA512
c380472edfc80a40f42b5febd65993569359895c2e5ec316997469ae9d8bdd21c77d599eba12d8600cd9680a9bcbb2fde9665c5be30308552520ccc4783e19ef

Download Submit
C:\Windows\System\kGmmLsN.exe

Filesize
2.0MB

MD5
bb81a7f22204d08021cd3da8588fe6e5

SHA1
d112c1dcf8ede8331229dadbea79ac5acf3ea370

SHA256
0683b690d26b5c7ffc83b37a30677aa2407331505f87933e2f5efbc88211852a

SHA512
a8dc488600f6db1f05fbf31b5d0e7e9bf1ef9697c86e4a634fa0a771df6a61ecd1957dd6bcc372e930a7ded79496d3db8c6b966e83c489662554180c4d8ae7a1

Download Submit
C:\Windows\System\qUJUGEC.exe

Filesize
2.0MB

MD5
5d205a376412a509d44eed0f136ebac7

SHA1
510ef9ec7c1eea5153071e7db7093ed6af456d1e

SHA256
698f82bd416857524bceea54d5149cc023d111e3ee2cfd2ec494ac49b58d53b8

SHA512
a6373837c240cbe39348df8ebcf9f6b76eed545b74c2e865389940e885baac86d54f797f6a708a6c137cb852f7c4e7f698b53baa8c1f08686cdea7d608460157

Download Submit
C:\Windows\System\rPCmsfQ.exe

Filesize
2.0MB

MD5
68d1608aadc23583d2cc43c30af613f4

SHA1
2af78c91b248a7eb623ee8141d9230b961ce8433

SHA256
b51cdb2d1b22f0b4eab9e9ae242beac1989ed6a69ac115010892c0313fab7497

SHA512
71710a48081b123073f2db57fa78de0e20c9b460ce02457171cd40a9613aa830c098f02466ffba5b79cba8ec029d89d958371256ccfdb0d6b2c7c5703db76d41

Download Submit
C:\Windows\System\rfxJlJL.exe

Filesize
2.0MB

MD5
a2279a51e3342397aad2f5d90d43880f

SHA1
0e38a117d827a18c65b4adfae9c1b974d8a64d2a

SHA256
4aba94a7f23a66e4c3c670ef6efa98fae4378047339eba24f7240eb8ab33434d

SHA512
2965cd2dc92d39b3792f6d281ac7af84512785738c9fd6db57c82329f7ecdfe66bf371be162ee3ac7168fe5fb9677bed07d0500cadabeba7ce204325fe7d218e

Download Submit
C:\Windows\System\sBLGBJm.exe

Filesize
2.0MB

MD5
a1746c805bf33b36e113d5692c5bfc6a

SHA1
00714ab397baa387e1385b8a0b0974fe1d0710f6

SHA256
c4d62e94d9a008d0be7fe017c2009d5bfddae10564e0d9d00a19f629992fc185

SHA512
a79ee3b62ea652bb5850102cd2811d91610d4dee1b83a5f9fd6cc3189a0d2c4c796fb3d46cf9b729b1c14372450165f73d0a0ea1ff2843c189f39d3c38f0c45d

Download Submit
C:\Windows\System\sBLGBJm.exe

Filesize
1.7MB

MD5
374c08e9ff1ca530bf391b1e62dca52f

SHA1
64253e58a059c639dbc3ae437b491d89e7af556e

SHA256
275c99454d8af7c12193515d608ed46c3ea7db4ea5d7a2a7fc47a15f79aee613

SHA512
47ea7ff90d4bd265af9b0229830fbba9c660494180feecb057d11030c1314f969154d0d677cfe2cb4623b155c054e48a0207b1737c63df942c49769ce2e7f781

Download Submit
C:\Windows\System\tKUNfeN.exe

Filesize
2.0MB

MD5
0be473a27dc326ac9ae8c91e2fdb2e55

SHA1
98a21d288d5630d88a77f5bd91435361dc713693

SHA256
b891e74fee523f478c47f4f78c90de660295c2f7cd4459878c9c410de034cd05

SHA512
3ac73696db74952d5c1fd4c69340de2e3959eba068fd3b55c97b711c296595921b08d3dc3ea6ada892607feb3e9de711b470ff62ac1479c2f2986a693231da7e

Download Submit
C:\Windows\System\ttPEvCa.exe

Filesize
2.0MB

MD5
6c43a21c00c041b7f6fb963b9c292e2e

SHA1
e178c70da85eabb58d6f4bbdf2033c0e52fb500f

SHA256
457e4eb0ba712b174c1197d13fdc401ec66fd1cd81643fc0196a455c83a64ce5

SHA512
56f8e6607c151bfc752f7e69d877f8fc11fa19e68dccf94f66777cea4d2fcfb30410565084216085f8cf46ac9473cfd68c681f191ca6daa19a8330dd274410f9

Download Submit
C:\Windows\System\uEfCKMz.exe

Filesize
2.0MB

MD5
9b30ae83c59ee87477796ead9be74670

SHA1
4f3acdd09c4688292332793a13a812e0a9454142

SHA256
3822be56a03aa34038ff0df4df545f321d51ff453a525695085ac5a6f1541d7c

SHA512
722b73a7981cd16d66127c7237ef03ffcf20826bba65ef8623b57d587a55865a59ad9a3fa539d7304c8cad84bb78ea39a55d93a475950aa6f6b0283c9003467c

Download Submit
C:\Windows\System\yPTFTCL.exe

Filesize
2.0MB

MD5
12bab3ed1535172cd1e8c905a011a3b7

SHA1
e423c52b012092f6bb7c19cf8d42a8c037456c8f

SHA256
638b006b527ea37cd1f0c56eb635ffc4bb35c13231dc8664b4b7bc71948ac8ef

SHA512
f84d1b0135d9013defc6f9a4f3ad109bbca8f93f8acb6328a8f27a0b69b002b743b58d95f0f72789508b8750b5a8fdd2a32d2fa3ef9a4df8d3a21124288cc131

Download Submit
C:\Windows\System\yPoCILF.exe

Filesize
2.0MB

MD5
978c9070ebaedb21c8e29920dbb25136

SHA1
11a2d17bbb444967223625ff10110a9ed3a0801e

SHA256
f811f46977207a1ef694c114679abbaa3df766725d7c9f0488b8a4264348dada

SHA512
3e2bcf21450e42c144ea5da31e22b707826e2912a2f320aee6551c91be0272b89047360a1b771edfe6fb5cd702137dd831bc84f34cfda92c458bee37b150e1ea

Download Submit
memory/1052-2124-0x00007FF716990000-0x00007FF716CE4000-memory.dmp

Filesize
3.3MB

Download
memory/1052-79-0x00007FF716990000-0x00007FF716CE4000-memory.dmp

Filesize
3.3MB

Download
memory/1052-2112-0x00007FF716990000-0x00007FF716CE4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-2136-0x00007FF68A6D0000-0x00007FF68AA24000-memory.dmp

Filesize
3.3MB

Download
memory/1064-205-0x00007FF68A6D0000-0x00007FF68AA24000-memory.dmp

Filesize
3.3MB

Download
memory/1352-178-0x00007FF7519C0000-0x00007FF751D14000-memory.dmp

Filesize
3.3MB

Download
memory/1352-2135-0x00007FF7519C0000-0x00007FF751D14000-memory.dmp

Filesize
3.3MB

Download
memory/1452-206-0x00007FF6AFAC0000-0x00007FF6AFE14000-memory.dmp

Filesize
3.3MB

Download
memory/1452-2139-0x00007FF6AFAC0000-0x00007FF6AFE14000-memory.dmp

Filesize
3.3MB

Download
memory/1748-84-0x00007FF6909F0000-0x00007FF690D44000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2122-0x00007FF6909F0000-0x00007FF690D44000-memory.dmp

Filesize
3.3MB

Download
memory/1772-2141-0x00007FF673A20000-0x00007FF673D74000-memory.dmp

Filesize
3.3MB

Download
memory/1772-194-0x00007FF673A20000-0x00007FF673D74000-memory.dmp

Filesize
3.3MB

Download
memory/1820-2130-0x00007FF64BD60000-0x00007FF64C0B4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-203-0x00007FF64BD60000-0x00007FF64C0B4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-199-0x00007FF6077E0000-0x00007FF607B34000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2123-0x00007FF6077E0000-0x00007FF607B34000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2142-0x00007FF794B60000-0x00007FF794EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-193-0x00007FF794B60000-0x00007FF794EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2110-0x00007FF7FED50000-0x00007FF7FF0A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2118-0x00007FF7FED50000-0x00007FF7FF0A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-41-0x00007FF7FED50000-0x00007FF7FF0A4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2113-0x00007FF628360000-0x00007FF6286B4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2134-0x00007FF628360000-0x00007FF6286B4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-138-0x00007FF628360000-0x00007FF6286B4000-memory.dmp

Filesize
3.3MB

Download
memory/3160-65-0x00007FF6912E0000-0x00007FF691634000-memory.dmp

Filesize
3.3MB

Download
memory/3160-2119-0x00007FF6912E0000-0x00007FF691634000-memory.dmp

Filesize
3.3MB

Download
memory/3636-2116-0x00007FF7703F0000-0x00007FF770744000-memory.dmp

Filesize
3.3MB

Download
memory/3636-26-0x00007FF7703F0000-0x00007FF770744000-memory.dmp

Filesize
3.3MB

Download
memory/3640-118-0x00007FF798E30000-0x00007FF799184000-memory.dmp

Filesize
3.3MB

Download
memory/3640-2127-0x00007FF798E30000-0x00007FF799184000-memory.dmp

Filesize
3.3MB

Download
memory/3832-2131-0x00007FF6A5510000-0x00007FF6A5864000-memory.dmp

Filesize
3.3MB

Download
memory/3832-204-0x00007FF6A5510000-0x00007FF6A5864000-memory.dmp

Filesize
3.3MB

Download
memory/3932-2138-0x00007FF6B45C0000-0x00007FF6B4914000-memory.dmp

Filesize
3.3MB

Download
memory/3932-207-0x00007FF6B45C0000-0x00007FF6B4914000-memory.dmp

Filesize
3.3MB

Download
memory/3988-2120-0x00007FF72A130000-0x00007FF72A484000-memory.dmp

Filesize
3.3MB

Download
memory/3988-198-0x00007FF72A130000-0x00007FF72A484000-memory.dmp

Filesize
3.3MB

Download
memory/4048-2126-0x00007FF630F40000-0x00007FF631294000-memory.dmp

Filesize
3.3MB

Download
memory/4048-102-0x00007FF630F40000-0x00007FF631294000-memory.dmp

Filesize
3.3MB

Download
memory/4232-2125-0x00007FF681650000-0x00007FF6819A4000-memory.dmp

Filesize
3.3MB

Download
memory/4232-113-0x00007FF681650000-0x00007FF6819A4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-2108-0x00007FF6A8B70000-0x00007FF6A8EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-2114-0x00007FF6A8B70000-0x00007FF6A8EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-10-0x00007FF6A8B70000-0x00007FF6A8EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4272-2132-0x00007FF7142A0000-0x00007FF7145F4000-memory.dmp

Filesize
3.3MB

Download
memory/4272-169-0x00007FF7142A0000-0x00007FF7145F4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2109-0x00007FF6162A0000-0x00007FF6165F4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-21-0x00007FF6162A0000-0x00007FF6165F4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2115-0x00007FF6162A0000-0x00007FF6165F4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-2128-0x00007FF789080000-0x00007FF7893D4000-memory.dmp

Filesize
3.3MB

Download
memory/4420-202-0x00007FF789080000-0x00007FF7893D4000-memory.dmp

Filesize
3.3MB

Download
memory/4640-187-0x00007FF6D53C0000-0x00007FF6D5714000-memory.dmp

Filesize
3.3MB

Download
memory/4640-2137-0x00007FF6D53C0000-0x00007FF6D5714000-memory.dmp

Filesize
3.3MB

Download
memory/4700-55-0x00007FF7D20F0000-0x00007FF7D2444000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2117-0x00007FF7D20F0000-0x00007FF7D2444000-memory.dmp

Filesize
3.3MB

Download
memory/4800-0-0x00007FF672BA0000-0x00007FF672EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4800-1-0x000002AB57800000-0x000002AB57810000-memory.dmp

Filesize
64KB

Download
memory/4848-201-0x00007FF6DCA80000-0x00007FF6DCDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2129-0x00007FF6DCA80000-0x00007FF6DCDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2133-0x00007FF75F460000-0x00007FF75F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-177-0x00007FF75F460000-0x00007FF75F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2111-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp

Filesize
3.3MB

Download
memory/4896-47-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2121-0x00007FF6B50C0000-0x00007FF6B5414000-memory.dmp

Filesize
3.3MB

Download
memory/5040-2140-0x00007FF627570000-0x00007FF6278C4000-memory.dmp

Filesize
3.3MB

Download
memory/5040-208-0x00007FF627570000-0x00007FF6278C4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads