xmrig | 23ee87cfef967ea3a9c67c8d116dbae2616f98f49f04c85a2021345e2f1e0dc4

Analysis

max time kernel
113s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
Size

2.2MB
MD5

0d68ca0e90fc8dfbb09ae01818e8c1d0
SHA1

a678e68c18cfa07cdb44b5a501290d59f2646b72
SHA256

23ee87cfef967ea3a9c67c8d116dbae2616f98f49f04c85a2021345e2f1e0dc4
SHA512

4352318228389e21355611be7c6cdb0698be7643cf683dc3104bc18f241364b79413309ca1bfac2ea644c5b0e4bb93b07bef43b94b053c6c8dc4d33187956406
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIaHs1PTma87Xx1gOqu:BemTLkNdfE0pZr+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2028-0-0x00007FF6FD1A0000-0x00007FF6FD4F4000-memory.dmp	xmrig
behavioral2/files/0x00080000000233f7-4.dat	xmrig
behavioral2/files/0x00070000000233fc-9.dat	xmrig
behavioral2/files/0x00070000000233fb-11.dat	xmrig
behavioral2/memory/220-6-0x00007FF6E3F40000-0x00007FF6E4294000-memory.dmp	xmrig
behavioral2/memory/4796-14-0x00007FF7C35F0000-0x00007FF7C3944000-memory.dmp	xmrig
behavioral2/memory/744-20-0x00007FF74BF50000-0x00007FF74C2A4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fe-29.dat	xmrig
behavioral2/files/0x00070000000233ff-34.dat	xmrig
behavioral2/files/0x0007000000023400-38.dat	xmrig
behavioral2/files/0x0007000000023402-51.dat	xmrig
behavioral2/files/0x0007000000023404-61.dat	xmrig
behavioral2/files/0x0007000000023407-77.dat	xmrig
behavioral2/files/0x000700000002340b-97.dat	xmrig
behavioral2/files/0x000700000002340e-111.dat	xmrig
behavioral2/files/0x0007000000023411-127.dat	xmrig
behavioral2/files/0x0007000000023415-143.dat	xmrig
behavioral2/files/0x0007000000023419-166.dat	xmrig
behavioral2/files/0x0007000000023418-162.dat	xmrig
behavioral2/files/0x0007000000023417-157.dat	xmrig
behavioral2/files/0x0007000000023416-152.dat	xmrig
behavioral2/files/0x0007000000023414-141.dat	xmrig
behavioral2/files/0x0007000000023413-137.dat	xmrig
behavioral2/files/0x0007000000023412-131.dat	xmrig
behavioral2/files/0x0007000000023410-121.dat	xmrig
behavioral2/files/0x000700000002340f-117.dat	xmrig
behavioral2/files/0x000700000002340d-107.dat	xmrig
behavioral2/files/0x000700000002340c-102.dat	xmrig
behavioral2/files/0x000700000002340a-91.dat	xmrig
behavioral2/files/0x0007000000023409-87.dat	xmrig
behavioral2/files/0x0007000000023408-82.dat	xmrig
behavioral2/files/0x0007000000023406-71.dat	xmrig
behavioral2/files/0x0007000000023405-67.dat	xmrig
behavioral2/files/0x0007000000023403-57.dat	xmrig
behavioral2/files/0x0007000000023401-47.dat	xmrig
behavioral2/files/0x00080000000233f8-24.dat	xmrig
behavioral2/memory/944-721-0x00007FF685280000-0x00007FF6855D4000-memory.dmp	xmrig
behavioral2/memory/3512-735-0x00007FF621BC0000-0x00007FF621F14000-memory.dmp	xmrig
behavioral2/memory/384-738-0x00007FF62FC80000-0x00007FF62FFD4000-memory.dmp	xmrig
behavioral2/memory/1752-757-0x00007FF620C70000-0x00007FF620FC4000-memory.dmp	xmrig
behavioral2/memory/4696-764-0x00007FF603200000-0x00007FF603554000-memory.dmp	xmrig
behavioral2/memory/3464-751-0x00007FF6EB3D0000-0x00007FF6EB724000-memory.dmp	xmrig
behavioral2/memory/2996-748-0x00007FF7B4BC0000-0x00007FF7B4F14000-memory.dmp	xmrig
behavioral2/memory/3660-743-0x00007FF7FC7B0000-0x00007FF7FCB04000-memory.dmp	xmrig
behavioral2/memory/1080-730-0x00007FF7E8820000-0x00007FF7E8B74000-memory.dmp	xmrig
behavioral2/memory/3884-726-0x00007FF727800000-0x00007FF727B54000-memory.dmp	xmrig
behavioral2/memory/4940-770-0x00007FF7A2F30000-0x00007FF7A3284000-memory.dmp	xmrig
behavioral2/memory/4888-772-0x00007FF60CDB0000-0x00007FF60D104000-memory.dmp	xmrig
behavioral2/memory/576-766-0x00007FF79F730000-0x00007FF79FA84000-memory.dmp	xmrig
behavioral2/memory/1500-794-0x00007FF775510000-0x00007FF775864000-memory.dmp	xmrig
behavioral2/memory/1148-845-0x00007FF780410000-0x00007FF780764000-memory.dmp	xmrig
behavioral2/memory/444-847-0x00007FF77BEF0000-0x00007FF77C244000-memory.dmp	xmrig
behavioral2/memory/3548-851-0x00007FF723390000-0x00007FF7236E4000-memory.dmp	xmrig
behavioral2/memory/1388-852-0x00007FF681950000-0x00007FF681CA4000-memory.dmp	xmrig
behavioral2/memory/4788-854-0x00007FF78D7A0000-0x00007FF78DAF4000-memory.dmp	xmrig
behavioral2/memory/996-856-0x00007FF66A0F0000-0x00007FF66A444000-memory.dmp	xmrig
behavioral2/memory/3692-859-0x00007FF7A2280000-0x00007FF7A25D4000-memory.dmp	xmrig
behavioral2/memory/3292-858-0x00007FF7D65F0000-0x00007FF7D6944000-memory.dmp	xmrig
behavioral2/memory/4708-857-0x00007FF63BBB0000-0x00007FF63BF04000-memory.dmp	xmrig
behavioral2/memory/860-855-0x00007FF6300F0000-0x00007FF630444000-memory.dmp	xmrig
behavioral2/memory/3696-853-0x00007FF6140C0000-0x00007FF614414000-memory.dmp	xmrig
behavioral2/memory/1352-846-0x00007FF7CB600000-0x00007FF7CB954000-memory.dmp	xmrig
behavioral2/memory/2028-2136-0x00007FF6FD1A0000-0x00007FF6FD4F4000-memory.dmp	xmrig
behavioral2/memory/220-2137-0x00007FF6E3F40000-0x00007FF6E4294000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
220	iDPQuCo.exe
4796	vvTYJLB.exe
744	PNGESlG.exe
944	zfbmPOn.exe
3884	ZCVGEYd.exe
1080	HohFpEh.exe
3512	oPyiqpL.exe
384	gicNQvT.exe
3660	VxxROPD.exe
2996	mlfSmEU.exe
3464	cWbRvLh.exe
1752	BgxMlYS.exe
4696	xeHneeu.exe
576	hCugKTR.exe
4940	BKIRbcr.exe
4888	oAaRBou.exe
1500	rUwTyZi.exe
1148	eLpZddf.exe
1352	QHqflMi.exe
444	FblDUaa.exe
3548	bXlCtpk.exe
1388	umZYFSx.exe
3696	XuqgHLT.exe
4788	isksbau.exe
860	txoExJA.exe
996	AVvAyDx.exe
4708	kKHmjND.exe
3292	UYEzASh.exe
3692	pKGAEmK.exe
4904	UxTcZvx.exe
3188	JJWHFcy.exe
3088	upiltBs.exe
3804	CVtcpoj.exe
4496	ooorkTn.exe
3788	zkQekxr.exe
3736	MPusWpy.exe
4932	JXAhePl.exe
4028	imBTqIv.exe
1404	dCxiQrq.exe
2440	fbvtrxI.exe
4184	adZhFxo.exe
2160	byCYGHh.exe
2332	qvaItpd.exe
3240	kbBultT.exe
4012	IvEpcju.exe
1484	CYhtRpt.exe
4356	hvDODre.exe
3372	ylPtQFs.exe
4664	cPyvtsG.exe
1520	LyOkijV.exe
2240	tMtuKHw.exe
3128	UgJGbHi.exe
4016	FQWEbid.exe
644	nzpKKoX.exe
2888	IVsIAKp.exe
3200	taHXfKY.exe
1508	IeNPYeF.exe
1012	pFuoVkH.exe
3976	nYqSYMF.exe
380	KytBdzC.exe
2544	vlrVoiK.exe
2936	JLgeWIg.exe
2744	KuBIZMJ.exe
2008	FGpsnVA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2028-0-0x00007FF6FD1A0000-0x00007FF6FD4F4000-memory.dmp	upx
behavioral2/files/0x00080000000233f7-4.dat	upx
behavioral2/files/0x00070000000233fc-9.dat	upx
behavioral2/files/0x00070000000233fb-11.dat	upx
behavioral2/memory/220-6-0x00007FF6E3F40000-0x00007FF6E4294000-memory.dmp	upx
behavioral2/memory/4796-14-0x00007FF7C35F0000-0x00007FF7C3944000-memory.dmp	upx
behavioral2/memory/744-20-0x00007FF74BF50000-0x00007FF74C2A4000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-29.dat	upx
behavioral2/files/0x00070000000233ff-34.dat	upx
behavioral2/files/0x0007000000023400-38.dat	upx
behavioral2/files/0x0007000000023402-51.dat	upx
behavioral2/files/0x0007000000023404-61.dat	upx
behavioral2/files/0x0007000000023407-77.dat	upx
behavioral2/files/0x000700000002340b-97.dat	upx
behavioral2/files/0x000700000002340e-111.dat	upx
behavioral2/files/0x0007000000023411-127.dat	upx
behavioral2/files/0x0007000000023415-143.dat	upx
behavioral2/files/0x0007000000023419-166.dat	upx
behavioral2/files/0x0007000000023418-162.dat	upx
behavioral2/files/0x0007000000023417-157.dat	upx
behavioral2/files/0x0007000000023416-152.dat	upx
behavioral2/files/0x0007000000023414-141.dat	upx
behavioral2/files/0x0007000000023413-137.dat	upx
behavioral2/files/0x0007000000023412-131.dat	upx
behavioral2/files/0x0007000000023410-121.dat	upx
behavioral2/files/0x000700000002340f-117.dat	upx
behavioral2/files/0x000700000002340d-107.dat	upx
behavioral2/files/0x000700000002340c-102.dat	upx
behavioral2/files/0x000700000002340a-91.dat	upx
behavioral2/files/0x0007000000023409-87.dat	upx
behavioral2/files/0x0007000000023408-82.dat	upx
behavioral2/files/0x0007000000023406-71.dat	upx
behavioral2/files/0x0007000000023405-67.dat	upx
behavioral2/files/0x0007000000023403-57.dat	upx
behavioral2/files/0x0007000000023401-47.dat	upx
behavioral2/files/0x00080000000233f8-24.dat	upx
behavioral2/memory/944-721-0x00007FF685280000-0x00007FF6855D4000-memory.dmp	upx
behavioral2/memory/3512-735-0x00007FF621BC0000-0x00007FF621F14000-memory.dmp	upx
behavioral2/memory/384-738-0x00007FF62FC80000-0x00007FF62FFD4000-memory.dmp	upx
behavioral2/memory/1752-757-0x00007FF620C70000-0x00007FF620FC4000-memory.dmp	upx
behavioral2/memory/4696-764-0x00007FF603200000-0x00007FF603554000-memory.dmp	upx
behavioral2/memory/3464-751-0x00007FF6EB3D0000-0x00007FF6EB724000-memory.dmp	upx
behavioral2/memory/2996-748-0x00007FF7B4BC0000-0x00007FF7B4F14000-memory.dmp	upx
behavioral2/memory/3660-743-0x00007FF7FC7B0000-0x00007FF7FCB04000-memory.dmp	upx
behavioral2/memory/1080-730-0x00007FF7E8820000-0x00007FF7E8B74000-memory.dmp	upx
behavioral2/memory/3884-726-0x00007FF727800000-0x00007FF727B54000-memory.dmp	upx
behavioral2/memory/4940-770-0x00007FF7A2F30000-0x00007FF7A3284000-memory.dmp	upx
behavioral2/memory/4888-772-0x00007FF60CDB0000-0x00007FF60D104000-memory.dmp	upx
behavioral2/memory/576-766-0x00007FF79F730000-0x00007FF79FA84000-memory.dmp	upx
behavioral2/memory/1500-794-0x00007FF775510000-0x00007FF775864000-memory.dmp	upx
behavioral2/memory/1148-845-0x00007FF780410000-0x00007FF780764000-memory.dmp	upx
behavioral2/memory/444-847-0x00007FF77BEF0000-0x00007FF77C244000-memory.dmp	upx
behavioral2/memory/3548-851-0x00007FF723390000-0x00007FF7236E4000-memory.dmp	upx
behavioral2/memory/1388-852-0x00007FF681950000-0x00007FF681CA4000-memory.dmp	upx
behavioral2/memory/4788-854-0x00007FF78D7A0000-0x00007FF78DAF4000-memory.dmp	upx
behavioral2/memory/996-856-0x00007FF66A0F0000-0x00007FF66A444000-memory.dmp	upx
behavioral2/memory/3692-859-0x00007FF7A2280000-0x00007FF7A25D4000-memory.dmp	upx
behavioral2/memory/3292-858-0x00007FF7D65F0000-0x00007FF7D6944000-memory.dmp	upx
behavioral2/memory/4708-857-0x00007FF63BBB0000-0x00007FF63BF04000-memory.dmp	upx
behavioral2/memory/860-855-0x00007FF6300F0000-0x00007FF630444000-memory.dmp	upx
behavioral2/memory/3696-853-0x00007FF6140C0000-0x00007FF614414000-memory.dmp	upx
behavioral2/memory/1352-846-0x00007FF7CB600000-0x00007FF7CB954000-memory.dmp	upx
behavioral2/memory/2028-2136-0x00007FF6FD1A0000-0x00007FF6FD4F4000-memory.dmp	upx
behavioral2/memory/220-2137-0x00007FF6E3F40000-0x00007FF6E4294000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JiYqntL.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\nxoeOXE.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\vAeAGsM.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\IeNPYeF.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\aqbvKGV.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\UslXCNJ.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\oBbrOfc.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\WyGxixh.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\RUgcMWz.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\YHtqDPv.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\KWygOcV.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\pQHAPKo.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\NRBnBEN.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\gicNQvT.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\QHqflMi.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\bXlCtpk.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\adZhFxo.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\JTslwHv.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\vklAZDW.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\ITFqviv.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\MiASmnt.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\togSClT.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\kLxfnPo.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\QxGVXXK.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\FQWEbid.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\QVhuind.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\JPzHzCW.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\khrHUUA.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\JgbNOSq.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\APPyQBl.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\RerTMaY.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\zgdSGyE.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\tEyemGF.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\VsXXBjd.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\qLcQjez.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\xeHneeu.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\FGpsnVA.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\tKvcIUm.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\faCClKi.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\RQxlBsl.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\kqNSxcQ.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\fYgTlZF.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\fielCRo.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\gGJYmBw.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\RFJGRDS.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\dVQqIwe.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\CPIKffS.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\iaLYYLL.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\ypKguiG.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\EPeDDfj.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\rwNbVop.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\aoCFzwF.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\KxWGPEK.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\yKlkHAL.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\XXEANlO.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\FblDUaa.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\qBCYbBv.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\xxhVqfW.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\obKhDwz.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\vUhSLkL.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\RBmaTVk.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\sSdxdtw.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\IZZMNnV.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
File created	C:\Windows\System\XuqgHLT.exe	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12284	dwm.exe
Token: SeChangeNotifyPrivilege	12284	dwm.exe
Token: 33	12284	dwm.exe
Token: SeIncBasePriorityPrivilege	12284	dwm.exe
Token: SeShutdownPrivilege	12284	dwm.exe
Token: SeCreatePagefilePrivilege	12284	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 220	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	84
PID 2028 wrote to memory of 220	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	84
PID 2028 wrote to memory of 4796	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	85
PID 2028 wrote to memory of 4796	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	85
PID 2028 wrote to memory of 744	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	86
PID 2028 wrote to memory of 744	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	86
PID 2028 wrote to memory of 944	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	89
PID 2028 wrote to memory of 944	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	89
PID 2028 wrote to memory of 3884	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	90
PID 2028 wrote to memory of 3884	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	90
PID 2028 wrote to memory of 1080	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	91
PID 2028 wrote to memory of 1080	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	91
PID 2028 wrote to memory of 3512	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	92
PID 2028 wrote to memory of 3512	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	92
PID 2028 wrote to memory of 384	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	93
PID 2028 wrote to memory of 384	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	93
PID 2028 wrote to memory of 3660	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	94
PID 2028 wrote to memory of 3660	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	94
PID 2028 wrote to memory of 2996	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	95
PID 2028 wrote to memory of 2996	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	95
PID 2028 wrote to memory of 3464	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	96
PID 2028 wrote to memory of 3464	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	96
PID 2028 wrote to memory of 1752	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	97
PID 2028 wrote to memory of 1752	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	97
PID 2028 wrote to memory of 4696	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	98
PID 2028 wrote to memory of 4696	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	98
PID 2028 wrote to memory of 576	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	99
PID 2028 wrote to memory of 576	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	99
PID 2028 wrote to memory of 4940	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	100
PID 2028 wrote to memory of 4940	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	100
PID 2028 wrote to memory of 4888	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	101
PID 2028 wrote to memory of 4888	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	101
PID 2028 wrote to memory of 1500	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	102
PID 2028 wrote to memory of 1500	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	102
PID 2028 wrote to memory of 1148	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	103
PID 2028 wrote to memory of 1148	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	103
PID 2028 wrote to memory of 1352	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	104
PID 2028 wrote to memory of 1352	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	104
PID 2028 wrote to memory of 444	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	105
PID 2028 wrote to memory of 444	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	105
PID 2028 wrote to memory of 3548	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	106
PID 2028 wrote to memory of 3548	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	106
PID 2028 wrote to memory of 1388	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	107
PID 2028 wrote to memory of 1388	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	107
PID 2028 wrote to memory of 3696	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	108
PID 2028 wrote to memory of 3696	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	108
PID 2028 wrote to memory of 4788	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	109
PID 2028 wrote to memory of 4788	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	109
PID 2028 wrote to memory of 860	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	110
PID 2028 wrote to memory of 860	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	110
PID 2028 wrote to memory of 996	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	111
PID 2028 wrote to memory of 996	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	111
PID 2028 wrote to memory of 4708	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	112
PID 2028 wrote to memory of 4708	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	112
PID 2028 wrote to memory of 3292	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	113
PID 2028 wrote to memory of 3292	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	113
PID 2028 wrote to memory of 3692	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	114
PID 2028 wrote to memory of 3692	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	114
PID 2028 wrote to memory of 4904	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	115
PID 2028 wrote to memory of 4904	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	115
PID 2028 wrote to memory of 3188	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	116
PID 2028 wrote to memory of 3188	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	116
PID 2028 wrote to memory of 3088	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	117
PID 2028 wrote to memory of 3088	2028	0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0d68ca0e90fc8dfbb09ae01818e8c1d0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\System\iDPQuCo.exe
  C:\Windows\System\iDPQuCo.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\vvTYJLB.exe
  C:\Windows\System\vvTYJLB.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\PNGESlG.exe
  C:\Windows\System\PNGESlG.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\zfbmPOn.exe
  C:\Windows\System\zfbmPOn.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\ZCVGEYd.exe
  C:\Windows\System\ZCVGEYd.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\HohFpEh.exe
  C:\Windows\System\HohFpEh.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\oPyiqpL.exe
  C:\Windows\System\oPyiqpL.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\gicNQvT.exe
  C:\Windows\System\gicNQvT.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\VxxROPD.exe
  C:\Windows\System\VxxROPD.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\mlfSmEU.exe
  C:\Windows\System\mlfSmEU.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\cWbRvLh.exe
  C:\Windows\System\cWbRvLh.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\BgxMlYS.exe
  C:\Windows\System\BgxMlYS.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\xeHneeu.exe
  C:\Windows\System\xeHneeu.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\hCugKTR.exe
  C:\Windows\System\hCugKTR.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\BKIRbcr.exe
  C:\Windows\System\BKIRbcr.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\oAaRBou.exe
  C:\Windows\System\oAaRBou.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\rUwTyZi.exe
  C:\Windows\System\rUwTyZi.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\eLpZddf.exe
  C:\Windows\System\eLpZddf.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\QHqflMi.exe
  C:\Windows\System\QHqflMi.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\FblDUaa.exe
  C:\Windows\System\FblDUaa.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\bXlCtpk.exe
  C:\Windows\System\bXlCtpk.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\umZYFSx.exe
  C:\Windows\System\umZYFSx.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\XuqgHLT.exe
  C:\Windows\System\XuqgHLT.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\isksbau.exe
  C:\Windows\System\isksbau.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\txoExJA.exe
  C:\Windows\System\txoExJA.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\AVvAyDx.exe
  C:\Windows\System\AVvAyDx.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\kKHmjND.exe
  C:\Windows\System\kKHmjND.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\UYEzASh.exe
  C:\Windows\System\UYEzASh.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\pKGAEmK.exe
  C:\Windows\System\pKGAEmK.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\UxTcZvx.exe
  C:\Windows\System\UxTcZvx.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\JJWHFcy.exe
  C:\Windows\System\JJWHFcy.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\upiltBs.exe
  C:\Windows\System\upiltBs.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\CVtcpoj.exe
  C:\Windows\System\CVtcpoj.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\ooorkTn.exe
  C:\Windows\System\ooorkTn.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\zkQekxr.exe
  C:\Windows\System\zkQekxr.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\MPusWpy.exe
  C:\Windows\System\MPusWpy.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\JXAhePl.exe
  C:\Windows\System\JXAhePl.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\imBTqIv.exe
  C:\Windows\System\imBTqIv.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\dCxiQrq.exe
  C:\Windows\System\dCxiQrq.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\fbvtrxI.exe
  C:\Windows\System\fbvtrxI.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\adZhFxo.exe
  C:\Windows\System\adZhFxo.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\byCYGHh.exe
  C:\Windows\System\byCYGHh.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\qvaItpd.exe
  C:\Windows\System\qvaItpd.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\kbBultT.exe
  C:\Windows\System\kbBultT.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\IvEpcju.exe
  C:\Windows\System\IvEpcju.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\CYhtRpt.exe
  C:\Windows\System\CYhtRpt.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\hvDODre.exe
  C:\Windows\System\hvDODre.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\ylPtQFs.exe
  C:\Windows\System\ylPtQFs.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\cPyvtsG.exe
  C:\Windows\System\cPyvtsG.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\LyOkijV.exe
  C:\Windows\System\LyOkijV.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\tMtuKHw.exe
  C:\Windows\System\tMtuKHw.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\UgJGbHi.exe
  C:\Windows\System\UgJGbHi.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\FQWEbid.exe
  C:\Windows\System\FQWEbid.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\nzpKKoX.exe
  C:\Windows\System\nzpKKoX.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\IVsIAKp.exe
  C:\Windows\System\IVsIAKp.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\taHXfKY.exe
  C:\Windows\System\taHXfKY.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\IeNPYeF.exe
  C:\Windows\System\IeNPYeF.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\pFuoVkH.exe
  C:\Windows\System\pFuoVkH.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\nYqSYMF.exe
  C:\Windows\System\nYqSYMF.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\KytBdzC.exe
  C:\Windows\System\KytBdzC.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\vlrVoiK.exe
  C:\Windows\System\vlrVoiK.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\JLgeWIg.exe
  C:\Windows\System\JLgeWIg.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\KuBIZMJ.exe
  C:\Windows\System\KuBIZMJ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\FGpsnVA.exe
  C:\Windows\System\FGpsnVA.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\JFhlEKc.exe
  C:\Windows\System\JFhlEKc.exe
  2⤵
  PID:544
- C:\Windows\System\FtjRbEn.exe
  C:\Windows\System\FtjRbEn.exe
  2⤵
  PID:2020
- C:\Windows\System\wrKksuC.exe
  C:\Windows\System\wrKksuC.exe
  2⤵
  PID:364
- C:\Windows\System\swvvYvb.exe
  C:\Windows\System\swvvYvb.exe
  2⤵
  PID:2284
- C:\Windows\System\tinzkMB.exe
  C:\Windows\System\tinzkMB.exe
  2⤵
  PID:764
- C:\Windows\System\lEqaAXh.exe
  C:\Windows\System\lEqaAXh.exe
  2⤵
  PID:1960
- C:\Windows\System\QVhuind.exe
  C:\Windows\System\QVhuind.exe
  2⤵
  PID:3840
- C:\Windows\System\AuVOsPl.exe
  C:\Windows\System\AuVOsPl.exe
  2⤵
  PID:2644
- C:\Windows\System\TinDZfP.exe
  C:\Windows\System\TinDZfP.exe
  2⤵
  PID:5136
- C:\Windows\System\prfjoCS.exe
  C:\Windows\System\prfjoCS.exe
  2⤵
  PID:5164
- C:\Windows\System\vbRZqpb.exe
  C:\Windows\System\vbRZqpb.exe
  2⤵
  PID:5192
- C:\Windows\System\erdtYwf.exe
  C:\Windows\System\erdtYwf.exe
  2⤵
  PID:5216
- C:\Windows\System\bEOCfhD.exe
  C:\Windows\System\bEOCfhD.exe
  2⤵
  PID:5244
- C:\Windows\System\lgmIJNc.exe
  C:\Windows\System\lgmIJNc.exe
  2⤵
  PID:5276
- C:\Windows\System\ispnacs.exe
  C:\Windows\System\ispnacs.exe
  2⤵
  PID:5304
- C:\Windows\System\RerTMaY.exe
  C:\Windows\System\RerTMaY.exe
  2⤵
  PID:5332
- C:\Windows\System\fYgTlZF.exe
  C:\Windows\System\fYgTlZF.exe
  2⤵
  PID:5360
- C:\Windows\System\xOqTlGf.exe
  C:\Windows\System\xOqTlGf.exe
  2⤵
  PID:5388
- C:\Windows\System\YfXmTWL.exe
  C:\Windows\System\YfXmTWL.exe
  2⤵
  PID:5416
- C:\Windows\System\VccMARG.exe
  C:\Windows\System\VccMARG.exe
  2⤵
  PID:5444
- C:\Windows\System\fuBmSyN.exe
  C:\Windows\System\fuBmSyN.exe
  2⤵
  PID:5472
- C:\Windows\System\RAQLpCX.exe
  C:\Windows\System\RAQLpCX.exe
  2⤵
  PID:5500
- C:\Windows\System\RWsWpSx.exe
  C:\Windows\System\RWsWpSx.exe
  2⤵
  PID:5528
- C:\Windows\System\jIYqZEE.exe
  C:\Windows\System\jIYqZEE.exe
  2⤵
  PID:5556
- C:\Windows\System\SYRGumL.exe
  C:\Windows\System\SYRGumL.exe
  2⤵
  PID:5584
- C:\Windows\System\VwmzDur.exe
  C:\Windows\System\VwmzDur.exe
  2⤵
  PID:5612
- C:\Windows\System\uWkHiXd.exe
  C:\Windows\System\uWkHiXd.exe
  2⤵
  PID:5640
- C:\Windows\System\kGfMqYl.exe
  C:\Windows\System\kGfMqYl.exe
  2⤵
  PID:5668
- C:\Windows\System\IBbUKFh.exe
  C:\Windows\System\IBbUKFh.exe
  2⤵
  PID:5696
- C:\Windows\System\GqmcqDk.exe
  C:\Windows\System\GqmcqDk.exe
  2⤵
  PID:5724
- C:\Windows\System\bllXJsV.exe
  C:\Windows\System\bllXJsV.exe
  2⤵
  PID:5752
- C:\Windows\System\iyovNms.exe
  C:\Windows\System\iyovNms.exe
  2⤵
  PID:5780
- C:\Windows\System\tBpQbXe.exe
  C:\Windows\System\tBpQbXe.exe
  2⤵
  PID:5808
- C:\Windows\System\WRrbjkU.exe
  C:\Windows\System\WRrbjkU.exe
  2⤵
  PID:5836
- C:\Windows\System\ohjZMpT.exe
  C:\Windows\System\ohjZMpT.exe
  2⤵
  PID:5864
- C:\Windows\System\smogXlV.exe
  C:\Windows\System\smogXlV.exe
  2⤵
  PID:5892
- C:\Windows\System\sczsWBq.exe
  C:\Windows\System\sczsWBq.exe
  2⤵
  PID:5920
- C:\Windows\System\kAEOlWJ.exe
  C:\Windows\System\kAEOlWJ.exe
  2⤵
  PID:5948
- C:\Windows\System\OrQuqtt.exe
  C:\Windows\System\OrQuqtt.exe
  2⤵
  PID:5976
- C:\Windows\System\PPPVwBG.exe
  C:\Windows\System\PPPVwBG.exe
  2⤵
  PID:6000
- C:\Windows\System\CVfwWpx.exe
  C:\Windows\System\CVfwWpx.exe
  2⤵
  PID:6032
- C:\Windows\System\gNGbjkV.exe
  C:\Windows\System\gNGbjkV.exe
  2⤵
  PID:6060
- C:\Windows\System\wOMJIZV.exe
  C:\Windows\System\wOMJIZV.exe
  2⤵
  PID:6088
- C:\Windows\System\fvRpHKN.exe
  C:\Windows\System\fvRpHKN.exe
  2⤵
  PID:6116
- C:\Windows\System\ypKguiG.exe
  C:\Windows\System\ypKguiG.exe
  2⤵
  PID:5072
- C:\Windows\System\ACsCvdp.exe
  C:\Windows\System\ACsCvdp.exe
  2⤵
  PID:4420
- C:\Windows\System\BTdDvSt.exe
  C:\Windows\System\BTdDvSt.exe
  2⤵
  PID:3824
- C:\Windows\System\xQRpeib.exe
  C:\Windows\System\xQRpeib.exe
  2⤵
  PID:2524
- C:\Windows\System\UAoSkvH.exe
  C:\Windows\System\UAoSkvH.exe
  2⤵
  PID:1888
- C:\Windows\System\aoCFzwF.exe
  C:\Windows\System\aoCFzwF.exe
  2⤵
  PID:2848
- C:\Windows\System\RgMEGFN.exe
  C:\Windows\System\RgMEGFN.exe
  2⤵
  PID:1492
- C:\Windows\System\LXyyjdp.exe
  C:\Windows\System\LXyyjdp.exe
  2⤵
  PID:672
- C:\Windows\System\HRSCfWA.exe
  C:\Windows\System\HRSCfWA.exe
  2⤵
  PID:5176
- C:\Windows\System\FvmLGGM.exe
  C:\Windows\System\FvmLGGM.exe
  2⤵
  PID:5236
- C:\Windows\System\CJNzwyD.exe
  C:\Windows\System\CJNzwyD.exe
  2⤵
  PID:5296
- C:\Windows\System\yGdAGtN.exe
  C:\Windows\System\yGdAGtN.exe
  2⤵
  PID:5372
- C:\Windows\System\KxWGPEK.exe
  C:\Windows\System\KxWGPEK.exe
  2⤵
  PID:5432
- C:\Windows\System\BSytItr.exe
  C:\Windows\System\BSytItr.exe
  2⤵
  PID:5512
- C:\Windows\System\bMglpsF.exe
  C:\Windows\System\bMglpsF.exe
  2⤵
  PID:5568
- C:\Windows\System\GIAuNKX.exe
  C:\Windows\System\GIAuNKX.exe
  2⤵
  PID:5624
- C:\Windows\System\nzzxvgJ.exe
  C:\Windows\System\nzzxvgJ.exe
  2⤵
  PID:5684
- C:\Windows\System\lYPKKVL.exe
  C:\Windows\System\lYPKKVL.exe
  2⤵
  PID:5744
- C:\Windows\System\XgOICfe.exe
  C:\Windows\System\XgOICfe.exe
  2⤵
  PID:5796
- C:\Windows\System\ENIIych.exe
  C:\Windows\System\ENIIych.exe
  2⤵
  PID:5876
- C:\Windows\System\AGzIOPS.exe
  C:\Windows\System\AGzIOPS.exe
  2⤵
  PID:5936
- C:\Windows\System\oFolMmc.exe
  C:\Windows\System\oFolMmc.exe
  2⤵
  PID:5996
- C:\Windows\System\tnQzhDy.exe
  C:\Windows\System\tnQzhDy.exe
  2⤵
  PID:6072
- C:\Windows\System\zgdSGyE.exe
  C:\Windows\System\zgdSGyE.exe
  2⤵
  PID:6132
- C:\Windows\System\OgnDzDU.exe
  C:\Windows\System\OgnDzDU.exe
  2⤵
  PID:4092
- C:\Windows\System\qBCYbBv.exe
  C:\Windows\System\qBCYbBv.exe
  2⤵
  PID:2732
- C:\Windows\System\aqbvKGV.exe
  C:\Windows\System\aqbvKGV.exe
  2⤵
  PID:1144
- C:\Windows\System\QkAlfnT.exe
  C:\Windows\System\QkAlfnT.exe
  2⤵
  PID:5208
- C:\Windows\System\NSEjtIR.exe
  C:\Windows\System\NSEjtIR.exe
  2⤵
  PID:5348
- C:\Windows\System\BnEUYxT.exe
  C:\Windows\System\BnEUYxT.exe
  2⤵
  PID:5544
- C:\Windows\System\MLoskGt.exe
  C:\Windows\System\MLoskGt.exe
  2⤵
  PID:5660
- C:\Windows\System\uOxUNqa.exe
  C:\Windows\System\uOxUNqa.exe
  2⤵
  PID:5828
- C:\Windows\System\ixvteRn.exe
  C:\Windows\System\ixvteRn.exe
  2⤵
  PID:5968
- C:\Windows\System\UChOxNs.exe
  C:\Windows\System\UChOxNs.exe
  2⤵
  PID:6172
- C:\Windows\System\leBXKJR.exe
  C:\Windows\System\leBXKJR.exe
  2⤵
  PID:6200
- C:\Windows\System\aixwmdu.exe
  C:\Windows\System\aixwmdu.exe
  2⤵
  PID:6228
- C:\Windows\System\OfYsIfh.exe
  C:\Windows\System\OfYsIfh.exe
  2⤵
  PID:6256
- C:\Windows\System\pjqAnij.exe
  C:\Windows\System\pjqAnij.exe
  2⤵
  PID:6284
- C:\Windows\System\BCBcwAE.exe
  C:\Windows\System\BCBcwAE.exe
  2⤵
  PID:6312
- C:\Windows\System\DZrbtGM.exe
  C:\Windows\System\DZrbtGM.exe
  2⤵
  PID:6340
- C:\Windows\System\QEeiGUi.exe
  C:\Windows\System\QEeiGUi.exe
  2⤵
  PID:6368
- C:\Windows\System\vCCjlAj.exe
  C:\Windows\System\vCCjlAj.exe
  2⤵
  PID:6396
- C:\Windows\System\xLZaonU.exe
  C:\Windows\System\xLZaonU.exe
  2⤵
  PID:6424
- C:\Windows\System\hjRGlHI.exe
  C:\Windows\System\hjRGlHI.exe
  2⤵
  PID:6452
- C:\Windows\System\lbyVUxU.exe
  C:\Windows\System\lbyVUxU.exe
  2⤵
  PID:6492
- C:\Windows\System\fielCRo.exe
  C:\Windows\System\fielCRo.exe
  2⤵
  PID:6520
- C:\Windows\System\YbOwXAj.exe
  C:\Windows\System\YbOwXAj.exe
  2⤵
  PID:6548
- C:\Windows\System\pcXjFcX.exe
  C:\Windows\System\pcXjFcX.exe
  2⤵
  PID:6564
- C:\Windows\System\cyWzPHI.exe
  C:\Windows\System\cyWzPHI.exe
  2⤵
  PID:6592
- C:\Windows\System\HvIRwRT.exe
  C:\Windows\System\HvIRwRT.exe
  2⤵
  PID:6620
- C:\Windows\System\TFLFmGl.exe
  C:\Windows\System\TFLFmGl.exe
  2⤵
  PID:6648
- C:\Windows\System\ABkUnSA.exe
  C:\Windows\System\ABkUnSA.exe
  2⤵
  PID:6676
- C:\Windows\System\KMVxZPL.exe
  C:\Windows\System\KMVxZPL.exe
  2⤵
  PID:6704
- C:\Windows\System\xovjdOh.exe
  C:\Windows\System\xovjdOh.exe
  2⤵
  PID:6732
- C:\Windows\System\ykbMzGX.exe
  C:\Windows\System\ykbMzGX.exe
  2⤵
  PID:6760
- C:\Windows\System\LMwVFSR.exe
  C:\Windows\System\LMwVFSR.exe
  2⤵
  PID:6788
- C:\Windows\System\PjYNozr.exe
  C:\Windows\System\PjYNozr.exe
  2⤵
  PID:6816
- C:\Windows\System\ISuXxfK.exe
  C:\Windows\System\ISuXxfK.exe
  2⤵
  PID:6844
- C:\Windows\System\JlOQNWl.exe
  C:\Windows\System\JlOQNWl.exe
  2⤵
  PID:6872
- C:\Windows\System\YEMMslU.exe
  C:\Windows\System\YEMMslU.exe
  2⤵
  PID:6900
- C:\Windows\System\UtwoIUf.exe
  C:\Windows\System\UtwoIUf.exe
  2⤵
  PID:6928
- C:\Windows\System\jGopzVA.exe
  C:\Windows\System\jGopzVA.exe
  2⤵
  PID:6956
- C:\Windows\System\zrMNVBR.exe
  C:\Windows\System\zrMNVBR.exe
  2⤵
  PID:6984
- C:\Windows\System\gGJYmBw.exe
  C:\Windows\System\gGJYmBw.exe
  2⤵
  PID:7012
- C:\Windows\System\tEyemGF.exe
  C:\Windows\System\tEyemGF.exe
  2⤵
  PID:7040
- C:\Windows\System\FIbFNKm.exe
  C:\Windows\System\FIbFNKm.exe
  2⤵
  PID:7068
- C:\Windows\System\cDIFTGJ.exe
  C:\Windows\System\cDIFTGJ.exe
  2⤵
  PID:7096
- C:\Windows\System\IZUwTWv.exe
  C:\Windows\System\IZUwTWv.exe
  2⤵
  PID:7124
- C:\Windows\System\CiWdjIa.exe
  C:\Windows\System\CiWdjIa.exe
  2⤵
  PID:7152
- C:\Windows\System\ejpaHQx.exe
  C:\Windows\System\ejpaHQx.exe
  2⤵
  PID:6048
- C:\Windows\System\qCFmUvy.exe
  C:\Windows\System\qCFmUvy.exe
  2⤵
  PID:1824
- C:\Windows\System\EaXcQNl.exe
  C:\Windows\System\EaXcQNl.exe
  2⤵
  PID:5204
- C:\Windows\System\GfJXmSv.exe
  C:\Windows\System\GfJXmSv.exe
  2⤵
  PID:5492
- C:\Windows\System\SEuSnPm.exe
  C:\Windows\System\SEuSnPm.exe
  2⤵
  PID:5904
- C:\Windows\System\UanUZQM.exe
  C:\Windows\System\UanUZQM.exe
  2⤵
  PID:6188
- C:\Windows\System\gkNgIwq.exe
  C:\Windows\System\gkNgIwq.exe
  2⤵
  PID:6248
- C:\Windows\System\eRuxARY.exe
  C:\Windows\System\eRuxARY.exe
  2⤵
  PID:6324
- C:\Windows\System\tZvEuqK.exe
  C:\Windows\System\tZvEuqK.exe
  2⤵
  PID:6384
- C:\Windows\System\nezjaAQ.exe
  C:\Windows\System\nezjaAQ.exe
  2⤵
  PID:6444
- C:\Windows\System\ZCvxSSm.exe
  C:\Windows\System\ZCvxSSm.exe
  2⤵
  PID:6516
- C:\Windows\System\TnNnhTD.exe
  C:\Windows\System\TnNnhTD.exe
  2⤵
  PID:6580
- C:\Windows\System\TpZAawc.exe
  C:\Windows\System\TpZAawc.exe
  2⤵
  PID:6640
- C:\Windows\System\faigfkF.exe
  C:\Windows\System\faigfkF.exe
  2⤵
  PID:6716
- C:\Windows\System\nRIGgOD.exe
  C:\Windows\System\nRIGgOD.exe
  2⤵
  PID:6776
- C:\Windows\System\RUwQxLp.exe
  C:\Windows\System\RUwQxLp.exe
  2⤵
  PID:6836
- C:\Windows\System\jzHtnvA.exe
  C:\Windows\System\jzHtnvA.exe
  2⤵
  PID:6892
- C:\Windows\System\XtEBxsC.exe
  C:\Windows\System\XtEBxsC.exe
  2⤵
  PID:6944
- C:\Windows\System\yFomcDP.exe
  C:\Windows\System\yFomcDP.exe
  2⤵
  PID:7024
- C:\Windows\System\HMByBDf.exe
  C:\Windows\System\HMByBDf.exe
  2⤵
  PID:7060
- C:\Windows\System\WlCTvou.exe
  C:\Windows\System\WlCTvou.exe
  2⤵
  PID:7136
- C:\Windows\System\PjxlzMW.exe
  C:\Windows\System\PjxlzMW.exe
  2⤵
  PID:6108
- C:\Windows\System\VVcMofF.exe
  C:\Windows\System\VVcMofF.exe
  2⤵
  PID:5344
- C:\Windows\System\BqOEtII.exe
  C:\Windows\System\BqOEtII.exe
  2⤵
  PID:3656
- C:\Windows\System\dSKTPUA.exe
  C:\Windows\System\dSKTPUA.exe
  2⤵
  PID:6276
- C:\Windows\System\tlBWBoq.exe
  C:\Windows\System\tlBWBoq.exe
  2⤵
  PID:6416
- C:\Windows\System\xxhVqfW.exe
  C:\Windows\System\xxhVqfW.exe
  2⤵
  PID:6560
- C:\Windows\System\FoFXzBm.exe
  C:\Windows\System\FoFXzBm.exe
  2⤵
  PID:6692
- C:\Windows\System\iUAJpQy.exe
  C:\Windows\System\iUAJpQy.exe
  2⤵
  PID:6808
- C:\Windows\System\UslXCNJ.exe
  C:\Windows\System\UslXCNJ.exe
  2⤵
  PID:6920
- C:\Windows\System\oUJNuXb.exe
  C:\Windows\System\oUJNuXb.exe
  2⤵
  PID:3676
- C:\Windows\System\cnPCpvn.exe
  C:\Windows\System\cnPCpvn.exe
  2⤵
  PID:3176
- C:\Windows\System\hdTBArO.exe
  C:\Windows\System\hdTBArO.exe
  2⤵
  PID:5736
- C:\Windows\System\OjxdLik.exe
  C:\Windows\System\OjxdLik.exe
  2⤵
  PID:4876
- C:\Windows\System\kKqDKyf.exe
  C:\Windows\System\kKqDKyf.exe
  2⤵
  PID:6500
- C:\Windows\System\qwiFQyr.exe
  C:\Windows\System\qwiFQyr.exe
  2⤵
  PID:6668
- C:\Windows\System\LdcBeYF.exe
  C:\Windows\System\LdcBeYF.exe
  2⤵
  PID:1288
- C:\Windows\System\XrqMreV.exe
  C:\Windows\System\XrqMreV.exe
  2⤵
  PID:3588
- C:\Windows\System\fMTSESR.exe
  C:\Windows\System\fMTSESR.exe
  2⤵
  PID:2172
- C:\Windows\System\aqGpyPv.exe
  C:\Windows\System\aqGpyPv.exe
  2⤵
  PID:6216
- C:\Windows\System\qSMGjwg.exe
  C:\Windows\System\qSMGjwg.exe
  2⤵
  PID:6360
- C:\Windows\System\DqrwOGQ.exe
  C:\Windows\System\DqrwOGQ.exe
  2⤵
  PID:1168
- C:\Windows\System\OOVicyX.exe
  C:\Windows\System\OOVicyX.exe
  2⤵
  PID:3852
- C:\Windows\System\oJnuuOK.exe
  C:\Windows\System\oJnuuOK.exe
  2⤵
  PID:4436
- C:\Windows\System\qMNLfBZ.exe
  C:\Windows\System\qMNLfBZ.exe
  2⤵
  PID:1800
- C:\Windows\System\yhpwcin.exe
  C:\Windows\System\yhpwcin.exe
  2⤵
  PID:5116
- C:\Windows\System\aDJAIPz.exe
  C:\Windows\System\aDJAIPz.exe
  2⤵
  PID:3856
- C:\Windows\System\yQwIZOB.exe
  C:\Windows\System\yQwIZOB.exe
  2⤵
  PID:3480
- C:\Windows\System\MiASmnt.exe
  C:\Windows\System\MiASmnt.exe
  2⤵
  PID:7188
- C:\Windows\System\YCdWona.exe
  C:\Windows\System\YCdWona.exe
  2⤵
  PID:7204
- C:\Windows\System\EcNErCq.exe
  C:\Windows\System\EcNErCq.exe
  2⤵
  PID:7240
- C:\Windows\System\DAvmxRD.exe
  C:\Windows\System\DAvmxRD.exe
  2⤵
  PID:7276
- C:\Windows\System\TdANVtg.exe
  C:\Windows\System\TdANVtg.exe
  2⤵
  PID:7304
- C:\Windows\System\QCoywEw.exe
  C:\Windows\System\QCoywEw.exe
  2⤵
  PID:7344
- C:\Windows\System\ZzDyHZl.exe
  C:\Windows\System\ZzDyHZl.exe
  2⤵
  PID:7368
- C:\Windows\System\myhSXJb.exe
  C:\Windows\System\myhSXJb.exe
  2⤵
  PID:7416
- C:\Windows\System\tKfGZSS.exe
  C:\Windows\System\tKfGZSS.exe
  2⤵
  PID:7456
- C:\Windows\System\OailFlQ.exe
  C:\Windows\System\OailFlQ.exe
  2⤵
  PID:7476
- C:\Windows\System\wBhhRHF.exe
  C:\Windows\System\wBhhRHF.exe
  2⤵
  PID:7504
- C:\Windows\System\BCbDhON.exe
  C:\Windows\System\BCbDhON.exe
  2⤵
  PID:7532
- C:\Windows\System\AvOYPWF.exe
  C:\Windows\System\AvOYPWF.exe
  2⤵
  PID:7588
- C:\Windows\System\hTRhPRX.exe
  C:\Windows\System\hTRhPRX.exe
  2⤵
  PID:7608
- C:\Windows\System\tsYSmve.exe
  C:\Windows\System\tsYSmve.exe
  2⤵
  PID:7624
- C:\Windows\System\nPLaYMz.exe
  C:\Windows\System\nPLaYMz.exe
  2⤵
  PID:7640
- C:\Windows\System\jVJJZVk.exe
  C:\Windows\System\jVJJZVk.exe
  2⤵
  PID:7656
- C:\Windows\System\YKMuVhO.exe
  C:\Windows\System\YKMuVhO.exe
  2⤵
  PID:7672
- C:\Windows\System\VVnqacT.exe
  C:\Windows\System\VVnqacT.exe
  2⤵
  PID:7688
- C:\Windows\System\OEFXnOV.exe
  C:\Windows\System\OEFXnOV.exe
  2⤵
  PID:7704
- C:\Windows\System\WcWCQSb.exe
  C:\Windows\System\WcWCQSb.exe
  2⤵
  PID:7720
- C:\Windows\System\UaAqeIx.exe
  C:\Windows\System\UaAqeIx.exe
  2⤵
  PID:7736
- C:\Windows\System\CIzfgDC.exe
  C:\Windows\System\CIzfgDC.exe
  2⤵
  PID:7752
- C:\Windows\System\dwymobv.exe
  C:\Windows\System\dwymobv.exe
  2⤵
  PID:7768
- C:\Windows\System\SZGHDLQ.exe
  C:\Windows\System\SZGHDLQ.exe
  2⤵
  PID:7784
- C:\Windows\System\JTslwHv.exe
  C:\Windows\System\JTslwHv.exe
  2⤵
  PID:7800
- C:\Windows\System\HVpRnBW.exe
  C:\Windows\System\HVpRnBW.exe
  2⤵
  PID:7856
- C:\Windows\System\ANpxFOR.exe
  C:\Windows\System\ANpxFOR.exe
  2⤵
  PID:7912
- C:\Windows\System\EPmTvxW.exe
  C:\Windows\System\EPmTvxW.exe
  2⤵
  PID:7988
- C:\Windows\System\RFJGRDS.exe
  C:\Windows\System\RFJGRDS.exe
  2⤵
  PID:8024
- C:\Windows\System\MPWAYps.exe
  C:\Windows\System\MPWAYps.exe
  2⤵
  PID:8132
- C:\Windows\System\YlilZde.exe
  C:\Windows\System\YlilZde.exe
  2⤵
  PID:8148
- C:\Windows\System\uErvlNc.exe
  C:\Windows\System\uErvlNc.exe
  2⤵
  PID:8168
- C:\Windows\System\eSVOsJB.exe
  C:\Windows\System\eSVOsJB.exe
  2⤵
  PID:8184
- C:\Windows\System\erWvjCD.exe
  C:\Windows\System\erWvjCD.exe
  2⤵
  PID:4020
- C:\Windows\System\JjRoFzd.exe
  C:\Windows\System\JjRoFzd.exe
  2⤵
  PID:7232
- C:\Windows\System\QuuDgiL.exe
  C:\Windows\System\QuuDgiL.exe
  2⤵
  PID:7296
- C:\Windows\System\vFXwxYt.exe
  C:\Windows\System\vFXwxYt.exe
  2⤵
  PID:7316
- C:\Windows\System\bHeusHG.exe
  C:\Windows\System\bHeusHG.exe
  2⤵
  PID:7388
- C:\Windows\System\jPzaeSl.exe
  C:\Windows\System\jPzaeSl.exe
  2⤵
  PID:7468
- C:\Windows\System\GuTeNvM.exe
  C:\Windows\System\GuTeNvM.exe
  2⤵
  PID:7520
- C:\Windows\System\KlrHlKn.exe
  C:\Windows\System\KlrHlKn.exe
  2⤵
  PID:7564
- C:\Windows\System\DVESEJs.exe
  C:\Windows\System\DVESEJs.exe
  2⤵
  PID:7604
- C:\Windows\System\lcFnPcd.exe
  C:\Windows\System\lcFnPcd.exe
  2⤵
  PID:7636
- C:\Windows\System\mnaWGcO.exe
  C:\Windows\System\mnaWGcO.exe
  2⤵
  PID:7668
- C:\Windows\System\IOFRfnu.exe
  C:\Windows\System\IOFRfnu.exe
  2⤵
  PID:7700
- C:\Windows\System\OkqwhWU.exe
  C:\Windows\System\OkqwhWU.exe
  2⤵
  PID:7732
- C:\Windows\System\cXuJtOK.exe
  C:\Windows\System\cXuJtOK.exe
  2⤵
  PID:7760
- C:\Windows\System\mymEwkR.exe
  C:\Windows\System\mymEwkR.exe
  2⤵
  PID:7812
- C:\Windows\System\EiyVNcw.exe
  C:\Windows\System\EiyVNcw.exe
  2⤵
  PID:7944
- C:\Windows\System\LDEAMjc.exe
  C:\Windows\System\LDEAMjc.exe
  2⤵
  PID:7828
- C:\Windows\System\wZnfpwz.exe
  C:\Windows\System\wZnfpwz.exe
  2⤵
  PID:7900
- C:\Windows\System\yDibAmY.exe
  C:\Windows\System\yDibAmY.exe
  2⤵
  PID:7956
- C:\Windows\System\ZsnqTDA.exe
  C:\Windows\System\ZsnqTDA.exe
  2⤵
  PID:8004
- C:\Windows\System\aHgkNdR.exe
  C:\Windows\System\aHgkNdR.exe
  2⤵
  PID:8040
- C:\Windows\System\fyqexeH.exe
  C:\Windows\System\fyqexeH.exe
  2⤵
  PID:8080
- C:\Windows\System\pkcjvTd.exe
  C:\Windows\System\pkcjvTd.exe
  2⤵
  PID:8160
- C:\Windows\System\PMtCMst.exe
  C:\Windows\System\PMtCMst.exe
  2⤵
  PID:8180
- C:\Windows\System\ppQPIOI.exe
  C:\Windows\System\ppQPIOI.exe
  2⤵
  PID:940
- C:\Windows\System\VzBnENk.exe
  C:\Windows\System\VzBnENk.exe
  2⤵
  PID:7324
- C:\Windows\System\oBbrOfc.exe
  C:\Windows\System\oBbrOfc.exe
  2⤵
  PID:7256
- C:\Windows\System\HhWFycK.exe
  C:\Windows\System\HhWFycK.exe
  2⤵
  PID:7404
- C:\Windows\System\dzADgMi.exe
  C:\Windows\System\dzADgMi.exe
  2⤵
  PID:7496
- C:\Windows\System\VsXXBjd.exe
  C:\Windows\System\VsXXBjd.exe
  2⤵
  PID:7620
- C:\Windows\System\EhXklZh.exe
  C:\Windows\System\EhXklZh.exe
  2⤵
  PID:7696
- C:\Windows\System\fFVLwBh.exe
  C:\Windows\System\fFVLwBh.exe
  2⤵
  PID:7748
- C:\Windows\System\UjVPnIa.exe
  C:\Windows\System\UjVPnIa.exe
  2⤵
  PID:7808
- C:\Windows\System\fIjlEvc.exe
  C:\Windows\System\fIjlEvc.exe
  2⤵
  PID:7884
- C:\Windows\System\dEhIqKr.exe
  C:\Windows\System\dEhIqKr.exe
  2⤵
  PID:7968
- C:\Windows\System\lEeeEZr.exe
  C:\Windows\System\lEeeEZr.exe
  2⤵
  PID:2496
- C:\Windows\System\fFcIIZi.exe
  C:\Windows\System\fFcIIZi.exe
  2⤵
  PID:8144
- C:\Windows\System\KWygOcV.exe
  C:\Windows\System\KWygOcV.exe
  2⤵
  PID:1244
- C:\Windows\System\lXYmSDB.exe
  C:\Windows\System\lXYmSDB.exe
  2⤵
  PID:7224
- C:\Windows\System\OnRbklO.exe
  C:\Windows\System\OnRbklO.exe
  2⤵
  PID:7652
- C:\Windows\System\HEsbpKs.exe
  C:\Windows\System\HEsbpKs.exe
  2⤵
  PID:8216
- C:\Windows\System\NuhTbFv.exe
  C:\Windows\System\NuhTbFv.exe
  2⤵
  PID:8252
- C:\Windows\System\RlcxerN.exe
  C:\Windows\System\RlcxerN.exe
  2⤵
  PID:8284
- C:\Windows\System\JUbhgqX.exe
  C:\Windows\System\JUbhgqX.exe
  2⤵
  PID:8320
- C:\Windows\System\ZtivZUp.exe
  C:\Windows\System\ZtivZUp.exe
  2⤵
  PID:8356
- C:\Windows\System\fVsMFZV.exe
  C:\Windows\System\fVsMFZV.exe
  2⤵
  PID:8392
- C:\Windows\System\IVGsWSD.exe
  C:\Windows\System\IVGsWSD.exe
  2⤵
  PID:8424
- C:\Windows\System\GEgCojS.exe
  C:\Windows\System\GEgCojS.exe
  2⤵
  PID:8648
- C:\Windows\System\fAHOgoX.exe
  C:\Windows\System\fAHOgoX.exe
  2⤵
  PID:8680
- C:\Windows\System\DbrrECj.exe
  C:\Windows\System\DbrrECj.exe
  2⤵
  PID:8980
- C:\Windows\System\QJtvaIN.exe
  C:\Windows\System\QJtvaIN.exe
  2⤵
  PID:8996
- C:\Windows\System\aXsscLM.exe
  C:\Windows\System\aXsscLM.exe
  2⤵
  PID:9012
- C:\Windows\System\FmaRbyW.exe
  C:\Windows\System\FmaRbyW.exe
  2⤵
  PID:9028
- C:\Windows\System\Xoabujc.exe
  C:\Windows\System\Xoabujc.exe
  2⤵
  PID:9048
- C:\Windows\System\PImxfMu.exe
  C:\Windows\System\PImxfMu.exe
  2⤵
  PID:9064
- C:\Windows\System\zVbJuTp.exe
  C:\Windows\System\zVbJuTp.exe
  2⤵
  PID:9080
- C:\Windows\System\vTQSlTY.exe
  C:\Windows\System\vTQSlTY.exe
  2⤵
  PID:9096
- C:\Windows\System\leajRwL.exe
  C:\Windows\System\leajRwL.exe
  2⤵
  PID:9112
- C:\Windows\System\jQfHAEC.exe
  C:\Windows\System\jQfHAEC.exe
  2⤵
  PID:9128
- C:\Windows\System\xzlVzFE.exe
  C:\Windows\System\xzlVzFE.exe
  2⤵
  PID:9144
- C:\Windows\System\hEixTcE.exe
  C:\Windows\System\hEixTcE.exe
  2⤵
  PID:9160
- C:\Windows\System\mviDNBN.exe
  C:\Windows\System\mviDNBN.exe
  2⤵
  PID:9180
- C:\Windows\System\nSlBFzg.exe
  C:\Windows\System\nSlBFzg.exe
  2⤵
  PID:9208
- C:\Windows\System\VpXHxeg.exe
  C:\Windows\System\VpXHxeg.exe
  2⤵
  PID:7780
- C:\Windows\System\KAcVWTV.exe
  C:\Windows\System\KAcVWTV.exe
  2⤵
  PID:7340
- C:\Windows\System\obKhDwz.exe
  C:\Windows\System\obKhDwz.exe
  2⤵
  PID:8348
- C:\Windows\System\JOxBdGZ.exe
  C:\Windows\System\JOxBdGZ.exe
  2⤵
  PID:8788
- C:\Windows\System\xzBAvCG.exe
  C:\Windows\System\xzBAvCG.exe
  2⤵
  PID:8720
- C:\Windows\System\VoFbqbH.exe
  C:\Windows\System\VoFbqbH.exe
  2⤵
  PID:8656
- C:\Windows\System\tUPtbev.exe
  C:\Windows\System\tUPtbev.exe
  2⤵
  PID:8388
- C:\Windows\System\stdkpCQ.exe
  C:\Windows\System\stdkpCQ.exe
  2⤵
  PID:8296
- C:\Windows\System\oTUfDsH.exe
  C:\Windows\System\oTUfDsH.exe
  2⤵
  PID:8988
- C:\Windows\System\jIQEOuQ.exe
  C:\Windows\System\jIQEOuQ.exe
  2⤵
  PID:9020
- C:\Windows\System\tXfPuIo.exe
  C:\Windows\System\tXfPuIo.exe
  2⤵
  PID:9072
- C:\Windows\System\RNUzwTz.exe
  C:\Windows\System\RNUzwTz.exe
  2⤵
  PID:9108
- C:\Windows\System\wFcwALQ.exe
  C:\Windows\System\wFcwALQ.exe
  2⤵
  PID:9136
- C:\Windows\System\qexLytY.exe
  C:\Windows\System\qexLytY.exe
  2⤵
  PID:1912
- C:\Windows\System\vPdKreT.exe
  C:\Windows\System\vPdKreT.exe
  2⤵
  PID:9200
- C:\Windows\System\IZCeqRQ.exe
  C:\Windows\System\IZCeqRQ.exe
  2⤵
  PID:8772
- C:\Windows\System\erJwuOM.exe
  C:\Windows\System\erJwuOM.exe
  2⤵
  PID:8204
- C:\Windows\System\tEZjrLm.exe
  C:\Windows\System\tEZjrLm.exe
  2⤵
  PID:8664
- C:\Windows\System\nNdYYnb.exe
  C:\Windows\System\nNdYYnb.exe
  2⤵
  PID:8456
- C:\Windows\System\ISDPLqx.exe
  C:\Windows\System\ISDPLqx.exe
  2⤵
  PID:4040
- C:\Windows\System\lYnNzzA.exe
  C:\Windows\System\lYnNzzA.exe
  2⤵
  PID:8064
- C:\Windows\System\JUtmtZV.exe
  C:\Windows\System\JUtmtZV.exe
  2⤵
  PID:9168
- C:\Windows\System\yidRpHV.exe
  C:\Windows\System\yidRpHV.exe
  2⤵
  PID:7216
- C:\Windows\System\ZMdKCGF.exe
  C:\Windows\System\ZMdKCGF.exe
  2⤵
  PID:8660
- C:\Windows\System\HrIgFOx.exe
  C:\Windows\System\HrIgFOx.exe
  2⤵
  PID:8304
- C:\Windows\System\izNwMMP.exe
  C:\Windows\System\izNwMMP.exe
  2⤵
  PID:7360
- C:\Windows\System\nKFwIIC.exe
  C:\Windows\System\nKFwIIC.exe
  2⤵
  PID:8100
- C:\Windows\System\pvELWPl.exe
  C:\Windows\System\pvELWPl.exe
  2⤵
  PID:9228
- C:\Windows\System\zSIKgtf.exe
  C:\Windows\System\zSIKgtf.exe
  2⤵
  PID:9256
- C:\Windows\System\ccIGyFI.exe
  C:\Windows\System\ccIGyFI.exe
  2⤵
  PID:9284
- C:\Windows\System\vwyUhWm.exe
  C:\Windows\System\vwyUhWm.exe
  2⤵
  PID:9308
- C:\Windows\System\FDwNXfB.exe
  C:\Windows\System\FDwNXfB.exe
  2⤵
  PID:9328
- C:\Windows\System\jjnjySI.exe
  C:\Windows\System\jjnjySI.exe
  2⤵
  PID:9352
- C:\Windows\System\bSAgKVa.exe
  C:\Windows\System\bSAgKVa.exe
  2⤵
  PID:9384
- C:\Windows\System\oxRomdH.exe
  C:\Windows\System\oxRomdH.exe
  2⤵
  PID:9424
- C:\Windows\System\BOCXglU.exe
  C:\Windows\System\BOCXglU.exe
  2⤵
  PID:9452
- C:\Windows\System\UNXqlsd.exe
  C:\Windows\System\UNXqlsd.exe
  2⤵
  PID:9476
- C:\Windows\System\FZuMjtn.exe
  C:\Windows\System\FZuMjtn.exe
  2⤵
  PID:9496
- C:\Windows\System\czaQWhg.exe
  C:\Windows\System\czaQWhg.exe
  2⤵
  PID:9536
- C:\Windows\System\NXTWdMn.exe
  C:\Windows\System\NXTWdMn.exe
  2⤵
  PID:9552
- C:\Windows\System\WyGxixh.exe
  C:\Windows\System\WyGxixh.exe
  2⤵
  PID:9580
- C:\Windows\System\AkTKucg.exe
  C:\Windows\System\AkTKucg.exe
  2⤵
  PID:9620
- C:\Windows\System\SkyDTdq.exe
  C:\Windows\System\SkyDTdq.exe
  2⤵
  PID:9640
- C:\Windows\System\SXaXung.exe
  C:\Windows\System\SXaXung.exe
  2⤵
  PID:9676
- C:\Windows\System\gEwzuhZ.exe
  C:\Windows\System\gEwzuhZ.exe
  2⤵
  PID:9700
- C:\Windows\System\vkuDVJn.exe
  C:\Windows\System\vkuDVJn.exe
  2⤵
  PID:9728
- C:\Windows\System\NfVrbxQ.exe
  C:\Windows\System\NfVrbxQ.exe
  2⤵
  PID:9760
- C:\Windows\System\yXRGBvh.exe
  C:\Windows\System\yXRGBvh.exe
  2⤵
  PID:9780
- C:\Windows\System\xIClOly.exe
  C:\Windows\System\xIClOly.exe
  2⤵
  PID:9812
- C:\Windows\System\BYLvrPQ.exe
  C:\Windows\System\BYLvrPQ.exe
  2⤵
  PID:9828
- C:\Windows\System\AkaVWap.exe
  C:\Windows\System\AkaVWap.exe
  2⤵
  PID:9848
- C:\Windows\System\FSECVTA.exe
  C:\Windows\System\FSECVTA.exe
  2⤵
  PID:9876
- C:\Windows\System\kUAgrPZ.exe
  C:\Windows\System\kUAgrPZ.exe
  2⤵
  PID:9904
- C:\Windows\System\pSvHMRh.exe
  C:\Windows\System\pSvHMRh.exe
  2⤵
  PID:9960
- C:\Windows\System\LwVyAuf.exe
  C:\Windows\System\LwVyAuf.exe
  2⤵
  PID:9976
- C:\Windows\System\VWBOpBk.exe
  C:\Windows\System\VWBOpBk.exe
  2⤵
  PID:10016
- C:\Windows\System\NKvYWLA.exe
  C:\Windows\System\NKvYWLA.exe
  2⤵
  PID:10044
- C:\Windows\System\OOdJwuI.exe
  C:\Windows\System\OOdJwuI.exe
  2⤵
  PID:10060
- C:\Windows\System\zgIrCPF.exe
  C:\Windows\System\zgIrCPF.exe
  2⤵
  PID:10092
- C:\Windows\System\ZmQouho.exe
  C:\Windows\System\ZmQouho.exe
  2⤵
  PID:10116
- C:\Windows\System\BSDoewo.exe
  C:\Windows\System\BSDoewo.exe
  2⤵
  PID:10148
- C:\Windows\System\qXLlcjR.exe
  C:\Windows\System\qXLlcjR.exe
  2⤵
  PID:10188
- C:\Windows\System\vpneyvV.exe
  C:\Windows\System\vpneyvV.exe
  2⤵
  PID:10220
- C:\Windows\System\IHBeNpY.exe
  C:\Windows\System\IHBeNpY.exe
  2⤵
  PID:9240
- C:\Windows\System\dVQqIwe.exe
  C:\Windows\System\dVQqIwe.exe
  2⤵
  PID:9280
- C:\Windows\System\MxagieR.exe
  C:\Windows\System\MxagieR.exe
  2⤵
  PID:9316
- C:\Windows\System\jqJatYl.exe
  C:\Windows\System\jqJatYl.exe
  2⤵
  PID:9364
- C:\Windows\System\hLQjnPt.exe
  C:\Windows\System\hLQjnPt.exe
  2⤵
  PID:9448
- C:\Windows\System\iYKRaqU.exe
  C:\Windows\System\iYKRaqU.exe
  2⤵
  PID:9492
- C:\Windows\System\EPeDDfj.exe
  C:\Windows\System\EPeDDfj.exe
  2⤵
  PID:9544
- C:\Windows\System\ZsbZNgo.exe
  C:\Windows\System\ZsbZNgo.exe
  2⤵
  PID:9632
- C:\Windows\System\GhcFfhM.exe
  C:\Windows\System\GhcFfhM.exe
  2⤵
  PID:9688
- C:\Windows\System\jzFqciv.exe
  C:\Windows\System\jzFqciv.exe
  2⤵
  PID:9736
- C:\Windows\System\JYSEFZR.exe
  C:\Windows\System\JYSEFZR.exe
  2⤵
  PID:9776
- C:\Windows\System\KZuKkES.exe
  C:\Windows\System\KZuKkES.exe
  2⤵
  PID:9864
- C:\Windows\System\bYuJWAS.exe
  C:\Windows\System\bYuJWAS.exe
  2⤵
  PID:9900
- C:\Windows\System\uLWsCVB.exe
  C:\Windows\System\uLWsCVB.exe
  2⤵
  PID:1488
- C:\Windows\System\NiqxusV.exe
  C:\Windows\System\NiqxusV.exe
  2⤵
  PID:10028
- C:\Windows\System\MjzrBVa.exe
  C:\Windows\System\MjzrBVa.exe
  2⤵
  PID:10072
- C:\Windows\System\qLcQjez.exe
  C:\Windows\System\qLcQjez.exe
  2⤵
  PID:10100
- C:\Windows\System\RGuzpgr.exe
  C:\Windows\System\RGuzpgr.exe
  2⤵
  PID:10144
- C:\Windows\System\aCXuyNO.exe
  C:\Windows\System\aCXuyNO.exe
  2⤵
  PID:9296
- C:\Windows\System\uAVwqRe.exe
  C:\Windows\System\uAVwqRe.exe
  2⤵
  PID:9444
- C:\Windows\System\YVgUSpH.exe
  C:\Windows\System\YVgUSpH.exe
  2⤵
  PID:9532
- C:\Windows\System\fBfuoYx.exe
  C:\Windows\System\fBfuoYx.exe
  2⤵
  PID:2748
- C:\Windows\System\BkpDMYw.exe
  C:\Windows\System\BkpDMYw.exe
  2⤵
  PID:9668
- C:\Windows\System\LCAsVbd.exe
  C:\Windows\System\LCAsVbd.exe
  2⤵
  PID:9796
- C:\Windows\System\JGUxrhU.exe
  C:\Windows\System\JGUxrhU.exe
  2⤵
  PID:9932
- C:\Windows\System\wJxRxwp.exe
  C:\Windows\System\wJxRxwp.exe
  2⤵
  PID:10000
- C:\Windows\System\bSHjdsw.exe
  C:\Windows\System\bSHjdsw.exe
  2⤵
  PID:10184
- C:\Windows\System\FIHwrfn.exe
  C:\Windows\System\FIHwrfn.exe
  2⤵
  PID:8212
- C:\Windows\System\AcMpumT.exe
  C:\Windows\System\AcMpumT.exe
  2⤵
  PID:8976
- C:\Windows\System\CSYAgnS.exe
  C:\Windows\System\CSYAgnS.exe
  2⤵
  PID:10076
- C:\Windows\System\gcKnzOW.exe
  C:\Windows\System\gcKnzOW.exe
  2⤵
  PID:1588
- C:\Windows\System\nAIKSbJ.exe
  C:\Windows\System\nAIKSbJ.exe
  2⤵
  PID:5096
- C:\Windows\System\eTmGHtc.exe
  C:\Windows\System\eTmGHtc.exe
  2⤵
  PID:10248
- C:\Windows\System\HruCnrG.exe
  C:\Windows\System\HruCnrG.exe
  2⤵
  PID:10276
- C:\Windows\System\gJUVnrp.exe
  C:\Windows\System\gJUVnrp.exe
  2⤵
  PID:10324
- C:\Windows\System\ylVajsr.exe
  C:\Windows\System\ylVajsr.exe
  2⤵
  PID:10340
- C:\Windows\System\kNXFSGb.exe
  C:\Windows\System\kNXFSGb.exe
  2⤵
  PID:10392
- C:\Windows\System\zHAQKVI.exe
  C:\Windows\System\zHAQKVI.exe
  2⤵
  PID:10420
- C:\Windows\System\dvqYehH.exe
  C:\Windows\System\dvqYehH.exe
  2⤵
  PID:10448
- C:\Windows\System\KUmEicF.exe
  C:\Windows\System\KUmEicF.exe
  2⤵
  PID:10464
- C:\Windows\System\pQHAPKo.exe
  C:\Windows\System\pQHAPKo.exe
  2⤵
  PID:10492
- C:\Windows\System\fjVWOZH.exe
  C:\Windows\System\fjVWOZH.exe
  2⤵
  PID:10532
- C:\Windows\System\gQNmTce.exe
  C:\Windows\System\gQNmTce.exe
  2⤵
  PID:10560
- C:\Windows\System\nMsxuKc.exe
  C:\Windows\System\nMsxuKc.exe
  2⤵
  PID:10588
- C:\Windows\System\JiYqntL.exe
  C:\Windows\System\JiYqntL.exe
  2⤵
  PID:10604
- C:\Windows\System\hJoNdWQ.exe
  C:\Windows\System\hJoNdWQ.exe
  2⤵
  PID:10636
- C:\Windows\System\ZhbjpWJ.exe
  C:\Windows\System\ZhbjpWJ.exe
  2⤵
  PID:10672
- C:\Windows\System\mBBvdya.exe
  C:\Windows\System\mBBvdya.exe
  2⤵
  PID:10688
- C:\Windows\System\IfWnTcc.exe
  C:\Windows\System\IfWnTcc.exe
  2⤵
  PID:10716
- C:\Windows\System\YKBPjgx.exe
  C:\Windows\System\YKBPjgx.exe
  2⤵
  PID:10744
- C:\Windows\System\lPyVPIn.exe
  C:\Windows\System\lPyVPIn.exe
  2⤵
  PID:10784
- C:\Windows\System\SnfbALq.exe
  C:\Windows\System\SnfbALq.exe
  2⤵
  PID:10816
- C:\Windows\System\JzXpcEK.exe
  C:\Windows\System\JzXpcEK.exe
  2⤵
  PID:10844
- C:\Windows\System\wRAZeuk.exe
  C:\Windows\System\wRAZeuk.exe
  2⤵
  PID:10872
- C:\Windows\System\KhJnkdN.exe
  C:\Windows\System\KhJnkdN.exe
  2⤵
  PID:10900
- C:\Windows\System\yUIiGrb.exe
  C:\Windows\System\yUIiGrb.exe
  2⤵
  PID:10916
- C:\Windows\System\MRwjOjd.exe
  C:\Windows\System\MRwjOjd.exe
  2⤵
  PID:10952
- C:\Windows\System\NRBnBEN.exe
  C:\Windows\System\NRBnBEN.exe
  2⤵
  PID:10984
- C:\Windows\System\IwboDPZ.exe
  C:\Windows\System\IwboDPZ.exe
  2⤵
  PID:11008
- C:\Windows\System\ZZRenPy.exe
  C:\Windows\System\ZZRenPy.exe
  2⤵
  PID:11024
- C:\Windows\System\CLomttX.exe
  C:\Windows\System\CLomttX.exe
  2⤵
  PID:11056
- C:\Windows\System\bcyhtmu.exe
  C:\Windows\System\bcyhtmu.exe
  2⤵
  PID:11092
- C:\Windows\System\sAeAoKd.exe
  C:\Windows\System\sAeAoKd.exe
  2⤵
  PID:11132
- C:\Windows\System\LATjDfT.exe
  C:\Windows\System\LATjDfT.exe
  2⤵
  PID:11160
- C:\Windows\System\NKOCyjL.exe
  C:\Windows\System\NKOCyjL.exe
  2⤵
  PID:11180
- C:\Windows\System\JYqxzJQ.exe
  C:\Windows\System\JYqxzJQ.exe
  2⤵
  PID:11216
- C:\Windows\System\xnbEvzm.exe
  C:\Windows\System\xnbEvzm.exe
  2⤵
  PID:11244
- C:\Windows\System\fSNJFEC.exe
  C:\Windows\System\fSNJFEC.exe
  2⤵
  PID:11260
- C:\Windows\System\LcDPVPr.exe
  C:\Windows\System\LcDPVPr.exe
  2⤵
  PID:1424
- C:\Windows\System\KGaPpog.exe
  C:\Windows\System\KGaPpog.exe
  2⤵
  PID:10332
- C:\Windows\System\vUhSLkL.exe
  C:\Windows\System\vUhSLkL.exe
  2⤵
  PID:10388
- C:\Windows\System\DJjWEsh.exe
  C:\Windows\System\DJjWEsh.exe
  2⤵
  PID:10440
- C:\Windows\System\ZQJdlRn.exe
  C:\Windows\System\ZQJdlRn.exe
  2⤵
  PID:10524
- C:\Windows\System\yKlkHAL.exe
  C:\Windows\System\yKlkHAL.exe
  2⤵
  PID:10584
- C:\Windows\System\iIAIkqM.exe
  C:\Windows\System\iIAIkqM.exe
  2⤵
  PID:10648
- C:\Windows\System\sYHgAtw.exe
  C:\Windows\System\sYHgAtw.exe
  2⤵
  PID:10760
- C:\Windows\System\jXDpRff.exe
  C:\Windows\System\jXDpRff.exe
  2⤵
  PID:10812
- C:\Windows\System\mGlethL.exe
  C:\Windows\System\mGlethL.exe
  2⤵
  PID:10840
- C:\Windows\System\SpEZJYM.exe
  C:\Windows\System\SpEZJYM.exe
  2⤵
  PID:10908
- C:\Windows\System\ovdmPSu.exe
  C:\Windows\System\ovdmPSu.exe
  2⤵
  PID:10996
- C:\Windows\System\xKUxiPJ.exe
  C:\Windows\System\xKUxiPJ.exe
  2⤵
  PID:11044
- C:\Windows\System\JQIsbzC.exe
  C:\Windows\System\JQIsbzC.exe
  2⤵
  PID:11104
- C:\Windows\System\FvkbOFQ.exe
  C:\Windows\System\FvkbOFQ.exe
  2⤵
  PID:11156
- C:\Windows\System\uADzjPh.exe
  C:\Windows\System\uADzjPh.exe
  2⤵
  PID:11252
- C:\Windows\System\vwVapVv.exe
  C:\Windows\System\vwVapVv.exe
  2⤵
  PID:10288
- C:\Windows\System\cSnHKEN.exe
  C:\Windows\System\cSnHKEN.exe
  2⤵
  PID:10416
- C:\Windows\System\qtGTlwv.exe
  C:\Windows\System\qtGTlwv.exe
  2⤵
  PID:10556
- C:\Windows\System\PqXluBq.exe
  C:\Windows\System\PqXluBq.exe
  2⤵
  PID:10708
- C:\Windows\System\iqxLXtc.exe
  C:\Windows\System\iqxLXtc.exe
  2⤵
  PID:10832
- C:\Windows\System\iFkVTqd.exe
  C:\Windows\System\iFkVTqd.exe
  2⤵
  PID:10960
- C:\Windows\System\ehkPbPS.exe
  C:\Windows\System\ehkPbPS.exe
  2⤵
  PID:11228
- C:\Windows\System\kMeCRSA.exe
  C:\Windows\System\kMeCRSA.exe
  2⤵
  PID:10572
- C:\Windows\System\SaBcPKL.exe
  C:\Windows\System\SaBcPKL.exe
  2⤵
  PID:10868
- C:\Windows\System\vHFwMYG.exe
  C:\Windows\System\vHFwMYG.exe
  2⤵
  PID:10308
- C:\Windows\System\geWoGUU.exe
  C:\Windows\System\geWoGUU.exe
  2⤵
  PID:10700
- C:\Windows\System\ysqxoem.exe
  C:\Windows\System\ysqxoem.exe
  2⤵
  PID:10656
- C:\Windows\System\IQyVmbz.exe
  C:\Windows\System\IQyVmbz.exe
  2⤵
  PID:11272
- C:\Windows\System\AVDIjlc.exe
  C:\Windows\System\AVDIjlc.exe
  2⤵
  PID:11312
- C:\Windows\System\UdLEkPV.exe
  C:\Windows\System\UdLEkPV.exe
  2⤵
  PID:11340
- C:\Windows\System\wOSHuOO.exe
  C:\Windows\System\wOSHuOO.exe
  2⤵
  PID:11368
- C:\Windows\System\WQYHZJQ.exe
  C:\Windows\System\WQYHZJQ.exe
  2⤵
  PID:11388
- C:\Windows\System\zNljvRt.exe
  C:\Windows\System\zNljvRt.exe
  2⤵
  PID:11428
- C:\Windows\System\IrAPLiP.exe
  C:\Windows\System\IrAPLiP.exe
  2⤵
  PID:11456
- C:\Windows\System\RBmaTVk.exe
  C:\Windows\System\RBmaTVk.exe
  2⤵
  PID:11484
- C:\Windows\System\GAZKEbd.exe
  C:\Windows\System\GAZKEbd.exe
  2⤵
  PID:11512
- C:\Windows\System\xLBqltA.exe
  C:\Windows\System\xLBqltA.exe
  2⤵
  PID:11528
- C:\Windows\System\jPzvZiq.exe
  C:\Windows\System\jPzvZiq.exe
  2⤵
  PID:11568
- C:\Windows\System\JPzHzCW.exe
  C:\Windows\System\JPzHzCW.exe
  2⤵
  PID:11596
- C:\Windows\System\KhVeQFB.exe
  C:\Windows\System\KhVeQFB.exe
  2⤵
  PID:11624
- C:\Windows\System\VeAVIJx.exe
  C:\Windows\System\VeAVIJx.exe
  2⤵
  PID:11652
- C:\Windows\System\AdetTsT.exe
  C:\Windows\System\AdetTsT.exe
  2⤵
  PID:11680
- C:\Windows\System\hQkMMWx.exe
  C:\Windows\System\hQkMMWx.exe
  2⤵
  PID:11708
- C:\Windows\System\bmpIUpR.exe
  C:\Windows\System\bmpIUpR.exe
  2⤵
  PID:11736
- C:\Windows\System\UPKEeyn.exe
  C:\Windows\System\UPKEeyn.exe
  2⤵
  PID:11764
- C:\Windows\System\nbxonLo.exe
  C:\Windows\System\nbxonLo.exe
  2⤵
  PID:11792
- C:\Windows\System\kZtAQbP.exe
  C:\Windows\System\kZtAQbP.exe
  2⤵
  PID:11820
- C:\Windows\System\XURBcQA.exe
  C:\Windows\System\XURBcQA.exe
  2⤵
  PID:11836
- C:\Windows\System\yqEIyXw.exe
  C:\Windows\System\yqEIyXw.exe
  2⤵
  PID:11864
- C:\Windows\System\nRJTDsT.exe
  C:\Windows\System\nRJTDsT.exe
  2⤵
  PID:11904
- C:\Windows\System\ggmTlGJ.exe
  C:\Windows\System\ggmTlGJ.exe
  2⤵
  PID:11932
- C:\Windows\System\IueiRMi.exe
  C:\Windows\System\IueiRMi.exe
  2⤵
  PID:11948
- C:\Windows\System\AuRtWMH.exe
  C:\Windows\System\AuRtWMH.exe
  2⤵
  PID:11976
- C:\Windows\System\ojEAnrM.exe
  C:\Windows\System\ojEAnrM.exe
  2⤵
  PID:11992
- C:\Windows\System\JgbNOSq.exe
  C:\Windows\System\JgbNOSq.exe
  2⤵
  PID:12032
- C:\Windows\System\pBNyAqg.exe
  C:\Windows\System\pBNyAqg.exe
  2⤵
  PID:12060
- C:\Windows\System\TToTOel.exe
  C:\Windows\System\TToTOel.exe
  2⤵
  PID:12088
- C:\Windows\System\TLmmvyo.exe
  C:\Windows\System\TLmmvyo.exe
  2⤵
  PID:12128
- C:\Windows\System\tmCMBFS.exe
  C:\Windows\System\tmCMBFS.exe
  2⤵
  PID:12156
- C:\Windows\System\TnVdXpq.exe
  C:\Windows\System\TnVdXpq.exe
  2⤵
  PID:12180
- C:\Windows\System\PpdLAzO.exe
  C:\Windows\System\PpdLAzO.exe
  2⤵
  PID:12204
- C:\Windows\System\UEXCgrx.exe
  C:\Windows\System\UEXCgrx.exe
  2⤵
  PID:12240
- C:\Windows\System\MBDQgVf.exe
  C:\Windows\System\MBDQgVf.exe
  2⤵
  PID:12268
- C:\Windows\System\wJpExtC.exe
  C:\Windows\System\wJpExtC.exe
  2⤵
  PID:10804
- C:\Windows\System\YkTvdAe.exe
  C:\Windows\System\YkTvdAe.exe
  2⤵
  PID:11336
- C:\Windows\System\knRJNQb.exe
  C:\Windows\System\knRJNQb.exe
  2⤵
  PID:11420
- C:\Windows\System\AGiAXfJ.exe
  C:\Windows\System\AGiAXfJ.exe
  2⤵
  PID:11472
- C:\Windows\System\RtEMpkm.exe
  C:\Windows\System\RtEMpkm.exe
  2⤵
  PID:11556
- C:\Windows\System\WiaSJni.exe
  C:\Windows\System\WiaSJni.exe
  2⤵
  PID:11620
- C:\Windows\System\GbWKchI.exe
  C:\Windows\System\GbWKchI.exe
  2⤵
  PID:11676
- C:\Windows\System\DFVWTNO.exe
  C:\Windows\System\DFVWTNO.exe
  2⤵
  PID:11752
- C:\Windows\System\eRslcsZ.exe
  C:\Windows\System\eRslcsZ.exe
  2⤵
  PID:11816
- C:\Windows\System\dZXQNPO.exe
  C:\Windows\System\dZXQNPO.exe
  2⤵
  PID:11920
- C:\Windows\System\nxoeOXE.exe
  C:\Windows\System\nxoeOXE.exe
  2⤵
  PID:11960
- C:\Windows\System\TTXpigc.exe
  C:\Windows\System\TTXpigc.exe
  2⤵
  PID:12052
- C:\Windows\System\sXJAREa.exe
  C:\Windows\System\sXJAREa.exe
  2⤵
  PID:12112
- C:\Windows\System\pvkJoux.exe
  C:\Windows\System\pvkJoux.exe
  2⤵
  PID:12276
- C:\Windows\System\PBUMSXr.exe
  C:\Windows\System\PBUMSXr.exe
  2⤵
  PID:11324
- C:\Windows\System\PmWdOiQ.exe
  C:\Windows\System\PmWdOiQ.exe
  2⤵
  PID:11504
- C:\Windows\System\VrFhWcd.exe
  C:\Windows\System\VrFhWcd.exe
  2⤵
  PID:11664
- C:\Windows\System\szayAme.exe
  C:\Windows\System\szayAme.exe
  2⤵
  PID:11704
- C:\Windows\System\jZFiNDS.exe
  C:\Windows\System\jZFiNDS.exe
  2⤵
  PID:11944
- C:\Windows\System\eiFWEdx.exe
  C:\Windows\System\eiFWEdx.exe
  2⤵
  PID:12084
- C:\Windows\System\EVXQCIa.exe
  C:\Windows\System\EVXQCIa.exe
  2⤵
  PID:3476
- C:\Windows\System\QvQJrNY.exe
  C:\Windows\System\QvQJrNY.exe
  2⤵
  PID:11404
- C:\Windows\System\vklAZDW.exe
  C:\Windows\System\vklAZDW.exe
  2⤵
  PID:11648
- C:\Windows\System\QVTdGuE.exe
  C:\Windows\System\QVTdGuE.exe
  2⤵
  PID:11916
- C:\Windows\System\iUcQJNZ.exe
  C:\Windows\System\iUcQJNZ.exe
  2⤵
  PID:4544
- C:\Windows\System\PENgUTs.exe
  C:\Windows\System\PENgUTs.exe
  2⤵
  PID:11584
- C:\Windows\System\pyfowhN.exe
  C:\Windows\System\pyfowhN.exe
  2⤵
  PID:12164
- C:\Windows\System\XRcBSQI.exe
  C:\Windows\System\XRcBSQI.exe
  2⤵
  PID:12316
- C:\Windows\System\rYoIAye.exe
  C:\Windows\System\rYoIAye.exe
  2⤵
  PID:12332
- C:\Windows\System\VNdeFzK.exe
  C:\Windows\System\VNdeFzK.exe
  2⤵
  PID:12364
- C:\Windows\System\nxFsJGb.exe
  C:\Windows\System\nxFsJGb.exe
  2⤵
  PID:12396
- C:\Windows\System\jSojENB.exe
  C:\Windows\System\jSojENB.exe
  2⤵
  PID:12416
- C:\Windows\System\qPAOESq.exe
  C:\Windows\System\qPAOESq.exe
  2⤵
  PID:12440
- C:\Windows\System\vDdrGWH.exe
  C:\Windows\System\vDdrGWH.exe
  2⤵
  PID:12468
- C:\Windows\System\dJDhaXH.exe
  C:\Windows\System\dJDhaXH.exe
  2⤵
  PID:12504
- C:\Windows\System\sSdxdtw.exe
  C:\Windows\System\sSdxdtw.exe
  2⤵
  PID:12536
- C:\Windows\System\MOxXnBK.exe
  C:\Windows\System\MOxXnBK.exe
  2⤵
  PID:12556
- C:\Windows\System\HcDhyGl.exe
  C:\Windows\System\HcDhyGl.exe
  2⤵
  PID:12580
- C:\Windows\System\ITFqviv.exe
  C:\Windows\System\ITFqviv.exe
  2⤵
  PID:12612
- C:\Windows\System\kfdgHCj.exe
  C:\Windows\System\kfdgHCj.exe
  2⤵
  PID:12648
- C:\Windows\System\HkKTqvw.exe
  C:\Windows\System\HkKTqvw.exe
  2⤵
  PID:12672
- C:\Windows\System\Pnkiczr.exe
  C:\Windows\System\Pnkiczr.exe
  2⤵
  PID:12696
- C:\Windows\System\HmLLIdg.exe
  C:\Windows\System\HmLLIdg.exe
  2⤵
  PID:12724
- C:\Windows\System\fGcWrwK.exe
  C:\Windows\System\fGcWrwK.exe
  2⤵
  PID:12756
- C:\Windows\System\jStTADH.exe
  C:\Windows\System\jStTADH.exe
  2⤵
  PID:12780
- C:\Windows\System\NxpEAdO.exe
  C:\Windows\System\NxpEAdO.exe
  2⤵
  PID:12808
- C:\Windows\System\tKvcIUm.exe
  C:\Windows\System\tKvcIUm.exe
  2⤵
  PID:12844
- C:\Windows\System\vAeAGsM.exe
  C:\Windows\System\vAeAGsM.exe
  2⤵
  PID:12884
- C:\Windows\System\AxHvptN.exe
  C:\Windows\System\AxHvptN.exe
  2⤵
  PID:12900
- C:\Windows\System\bnnvrSe.exe
  C:\Windows\System\bnnvrSe.exe
  2⤵
  PID:12936
- C:\Windows\System\IwSeIYK.exe
  C:\Windows\System\IwSeIYK.exe
  2⤵
  PID:12976
- C:\Windows\System\cQEFdex.exe
  C:\Windows\System\cQEFdex.exe
  2⤵
  PID:12992
- C:\Windows\System\cyhkrGr.exe
  C:\Windows\System\cyhkrGr.exe
  2⤵
  PID:13024
- C:\Windows\System\JViBORM.exe
  C:\Windows\System\JViBORM.exe
  2⤵
  PID:13048
- C:\Windows\System\bmUmoIJ.exe
  C:\Windows\System\bmUmoIJ.exe
  2⤵
  PID:13076
- C:\Windows\System\ZxCispf.exe
  C:\Windows\System\ZxCispf.exe
  2⤵
  PID:13096
- C:\Windows\System\zHQqIaS.exe
  C:\Windows\System\zHQqIaS.exe
  2⤵
  PID:13128
- C:\Windows\System\uOCrTMV.exe
  C:\Windows\System\uOCrTMV.exe
  2⤵
  PID:13168
- C:\Windows\System\LkwQZxn.exe
  C:\Windows\System\LkwQZxn.exe
  2⤵
  PID:13204
- C:\Windows\System\BgmbwqP.exe
  C:\Windows\System\BgmbwqP.exe
  2⤵
  PID:13220
- C:\Windows\System\yShbCwM.exe
  C:\Windows\System\yShbCwM.exe
  2⤵
  PID:13248
- C:\Windows\System\kUOsbMj.exe
  C:\Windows\System\kUOsbMj.exe
  2⤵
  PID:13280
- C:\Windows\System\euIcexq.exe
  C:\Windows\System\euIcexq.exe
  2⤵
  PID:13304
- C:\Windows\System\JiKlZdX.exe
  C:\Windows\System\JiKlZdX.exe
  2⤵
  PID:11940
- C:\Windows\System\PXfmUur.exe
  C:\Windows\System\PXfmUur.exe
  2⤵
  PID:12324
- C:\Windows\System\hTrXmaR.exe
  C:\Windows\System\hTrXmaR.exe
  2⤵
  PID:12428
- C:\Windows\System\kwTmuBS.exe
  C:\Windows\System\kwTmuBS.exe
  2⤵
  PID:12524
- C:\Windows\System\YTFcXba.exe
  C:\Windows\System\YTFcXba.exe
  2⤵
  PID:12600
- C:\Windows\System\BQgSjAp.exe
  C:\Windows\System\BQgSjAp.exe
  2⤵
  PID:12520
- C:\Windows\System\HZsOalF.exe
  C:\Windows\System\HZsOalF.exe
  2⤵
  PID:12664
- C:\Windows\System\dXstNSK.exe
  C:\Windows\System\dXstNSK.exe
  2⤵
  PID:12684
- C:\Windows\System\uxxesRf.exe
  C:\Windows\System\uxxesRf.exe
  2⤵
  PID:12772
- C:\Windows\System\YIRjgzx.exe
  C:\Windows\System\YIRjgzx.exe
  2⤵
  PID:12836
- C:\Windows\System\nMdItgH.exe
  C:\Windows\System\nMdItgH.exe
  2⤵
  PID:12832
- C:\Windows\System\oAJxumv.exe
  C:\Windows\System\oAJxumv.exe
  2⤵
  PID:12912
- C:\Windows\System\togSClT.exe
  C:\Windows\System\togSClT.exe
  2⤵
  PID:12920
- C:\Windows\System\groPhlr.exe
  C:\Windows\System\groPhlr.exe
  2⤵
  PID:13032
- C:\Windows\System\OheRfQT.exe
  C:\Windows\System\OheRfQT.exe
  2⤵
  PID:13068
- C:\Windows\System\kLxfnPo.exe
  C:\Windows\System\kLxfnPo.exe
  2⤵
  PID:13120
- C:\Windows\System\cLDjMJj.exe
  C:\Windows\System\cLDjMJj.exe
  2⤵
  PID:13156
- C:\Windows\System\FGgFHdw.exe
  C:\Windows\System\FGgFHdw.exe
  2⤵
  PID:4048
- C:\Windows\System\fEBCLWk.exe
  C:\Windows\System\fEBCLWk.exe
  2⤵
  PID:4736
- C:\Windows\System\BDVZQHI.exe
  C:\Windows\System\BDVZQHI.exe
  2⤵
  PID:13264
- C:\Windows\System\YyDNqHp.exe
  C:\Windows\System\YyDNqHp.exe
  2⤵
  PID:12328
- C:\Windows\System\uxDInUF.exe
  C:\Windows\System\uxDInUF.exe
  2⤵
  PID:12608
- C:\Windows\System\XLGfrrT.exe
  C:\Windows\System\XLGfrrT.exe
  2⤵
  PID:4712
- C:\Windows\System\TfdyQaT.exe
  C:\Windows\System\TfdyQaT.exe
  2⤵
  PID:12716
- C:\Windows\System\EFBOtpp.exe
  C:\Windows\System\EFBOtpp.exe
  2⤵
  PID:12492
- C:\Windows\System\WKUtzpk.exe
  C:\Windows\System\WKUtzpk.exe
  2⤵
  PID:12880
- C:\Windows\System\SxYGxYo.exe
  C:\Windows\System\SxYGxYo.exe
  2⤵
  PID:12988
- C:\Windows\System\fIqLhaK.exe
  C:\Windows\System\fIqLhaK.exe
  2⤵
  PID:13300
- C:\Windows\System\HZdCZzU.exe
  C:\Windows\System\HZdCZzU.exe
  2⤵
  PID:12576
- C:\Windows\System\maLNsQg.exe
  C:\Windows\System\maLNsQg.exe
  2⤵
  PID:13092
- C:\Windows\System\MbZKeYf.exe
  C:\Windows\System\MbZKeYf.exe
  2⤵
  PID:13212
- C:\Windows\System\YUbhQHK.exe
  C:\Windows\System\YUbhQHK.exe
  2⤵
  PID:13324
- C:\Windows\System\eohKBzT.exe
  C:\Windows\System\eohKBzT.exe
  2⤵
  PID:13348
- C:\Windows\System\sHrbQRy.exe
  C:\Windows\System\sHrbQRy.exe
  2⤵
  PID:13368
- C:\Windows\System\NWJYBqD.exe
  C:\Windows\System\NWJYBqD.exe
  2⤵
  PID:13404
- C:\Windows\System\ONQaRrm.exe
  C:\Windows\System\ONQaRrm.exe
  2⤵
  PID:13436
- C:\Windows\System\Jfcxvmm.exe
  C:\Windows\System\Jfcxvmm.exe
  2⤵
  PID:13472
- C:\Windows\System\faCClKi.exe
  C:\Windows\System\faCClKi.exe
  2⤵
  PID:13500
- C:\Windows\System\KgKbuSa.exe
  C:\Windows\System\KgKbuSa.exe
  2⤵
  PID:13532
- C:\Windows\System\cnrBasC.exe
  C:\Windows\System\cnrBasC.exe
  2⤵
  PID:13560
- C:\Windows\System\vijIuzc.exe
  C:\Windows\System\vijIuzc.exe
  2⤵
  PID:13580
- C:\Windows\System\tLiiMzs.exe
  C:\Windows\System\tLiiMzs.exe
  2⤵
  PID:13616
- C:\Windows\System\RUgcMWz.exe
  C:\Windows\System\RUgcMWz.exe
  2⤵
  PID:13644
- C:\Windows\System\XeJjbzJ.exe
  C:\Windows\System\XeJjbzJ.exe
  2⤵
  PID:13680
- C:\Windows\System\soziPYI.exe
  C:\Windows\System\soziPYI.exe
  2⤵
  PID:13708
- C:\Windows\System\LpWuigw.exe
  C:\Windows\System\LpWuigw.exe
  2⤵
  PID:13728
- C:\Windows\System\GSGLlgo.exe
  C:\Windows\System\GSGLlgo.exe
  2⤵
  PID:13756
- C:\Windows\System\BatGBbe.exe
  C:\Windows\System\BatGBbe.exe
  2⤵
  PID:13788
- C:\Windows\System\TSLvwko.exe
  C:\Windows\System\TSLvwko.exe
  2⤵
  PID:13828
- C:\Windows\System\fmxCmtr.exe
  C:\Windows\System\fmxCmtr.exe
  2⤵
  PID:13860
- C:\Windows\System\LYxLQjB.exe
  C:\Windows\System\LYxLQjB.exe
  2⤵
  PID:13892
- C:\Windows\System\aBSLoYo.exe
  C:\Windows\System\aBSLoYo.exe
  2⤵
  PID:13924
- C:\Windows\System\ewyZCeW.exe
  C:\Windows\System\ewyZCeW.exe
  2⤵
  PID:13948
- C:\Windows\System\YHtqDPv.exe
  C:\Windows\System\YHtqDPv.exe
  2⤵
  PID:13976
- C:\Windows\System\aeZllxx.exe
  C:\Windows\System\aeZllxx.exe
  2⤵
  PID:14000
- C:\Windows\System\cVthtMz.exe
  C:\Windows\System\cVthtMz.exe
  2⤵
  PID:14020
- C:\Windows\System\VocPENu.exe
  C:\Windows\System\VocPENu.exe
  2⤵
  PID:14048
- C:\Windows\System\flDAFgu.exe
  C:\Windows\System\flDAFgu.exe
  2⤵
  PID:14084
- C:\Windows\System\khrHUUA.exe
  C:\Windows\System\khrHUUA.exe
  2⤵
  PID:14108
- C:\Windows\System\XXEANlO.exe
  C:\Windows\System\XXEANlO.exe
  2⤵
  PID:14136
- C:\Windows\System\BftWzUS.exe
  C:\Windows\System\BftWzUS.exe
  2⤵
  PID:14164
- C:\Windows\System\mbXcnGy.exe
  C:\Windows\System\mbXcnGy.exe
  2⤵
  PID:14192
- C:\Windows\System\XtVQtSk.exe
  C:\Windows\System\XtVQtSk.exe
  2⤵
  PID:14228
- C:\Windows\System\SsccVcU.exe
  C:\Windows\System\SsccVcU.exe
  2⤵
  PID:14264
- C:\Windows\System\fxwmRur.exe
  C:\Windows\System\fxwmRur.exe
  2⤵
  PID:14300
- C:\Windows\System\RQxlBsl.exe
  C:\Windows\System\RQxlBsl.exe
  2⤵
  PID:14324
- C:\Windows\System\QxGVXXK.exe
  C:\Windows\System\QxGVXXK.exe
  2⤵
  PID:12572
- C:\Windows\System\SHXjmiN.exe
  C:\Windows\System\SHXjmiN.exe
  2⤵
  PID:12820
- C:\Windows\System\vtAZISR.exe
  C:\Windows\System\vtAZISR.exe
  2⤵
  PID:13232
- C:\Windows\System\iVWAhgP.exe
  C:\Windows\System\iVWAhgP.exe
  2⤵
  PID:13180
- C:\Windows\System\kqNSxcQ.exe
  C:\Windows\System\kqNSxcQ.exe
  2⤵
  PID:4584
- C:\Windows\System\eEJtLVW.exe
  C:\Windows\System\eEJtLVW.exe
  2⤵
  PID:13508
- C:\Windows\System\RaPZwmQ.exe
  C:\Windows\System\RaPZwmQ.exe
  2⤵
  PID:13392
- C:\Windows\System\wjxKBIe.exe
  C:\Windows\System\wjxKBIe.exe
  2⤵
  PID:13632
- C:\Windows\System\wriUJeK.exe
  C:\Windows\System\wriUJeK.exe
  2⤵
  PID:13748
- C:\Windows\System\upUPFyd.exe
  C:\Windows\System\upUPFyd.exe
  2⤵
  PID:13704
- C:\Windows\System\dQJkDdI.exe
  C:\Windows\System\dQJkDdI.exe
  2⤵
  PID:13888
- C:\Windows\System\UoopBPY.exe
  C:\Windows\System\UoopBPY.exe
  2⤵
  PID:13920
- C:\Windows\System\emWwtRF.exe
  C:\Windows\System\emWwtRF.exe
  2⤵
  PID:14252

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AVvAyDx.exe

Filesize
2.2MB

MD5
2015d66ee015ce3478c637a3ea367b5d

SHA1
22479f67bba3122361c86f5c13021f1109b9d7ca

SHA256
433d69bca13152ad45f58753b67379ea68acca233b992aa0b62eda27707a34d8

SHA512
563a36b32a93788ce006b65f155c25dfc18a989f51638c0bc016f3c5273fd323d4da9691d1a5fb6a8b645d82b9e20ef04d06d653394db02946df1de2a3388864

Download Submit
C:\Windows\System\BKIRbcr.exe

Filesize
2.2MB

MD5
0f0ac61979af673cb0c2ee3b065fbb06

SHA1
25dd2eda849313b29a7e1c81025073ff53f48927

SHA256
5ca40bf146b071df6611d22ca2f6b06014820a63ebadc03da281b634ae3485e9

SHA512
c841a8c13e0c890aea760e6ce745b19baa5ac1f5c580849afb1304b96095d8d8e06c0d7d66e3195c4954694effdab1fb9557bee9a66cbd0beec6fdfe5e0e7d7f

Download Submit
C:\Windows\System\BgxMlYS.exe

Filesize
2.2MB

MD5
22448ed28bc373cb510d7b909735d877

SHA1
ea6dd4d7e6ef90c4c42dd61cd9c96492a19f9562

SHA256
cac504510392919efad2d0b63097c64d3fff55a56a7eb4a4de3a8a3e2dfec209

SHA512
e6ba392e66e630f9d350e6a349ebe3da0b083c5d5a6396c1f1f5ecef2b6a7494be711dea62e4e7ad84c2045189c30bbdca7b9b4d1e78a1f295a654c64b1d883e

Download Submit
C:\Windows\System\FblDUaa.exe

Filesize
2.2MB

MD5
eb0fffe54969c98bdd1726de95522966

SHA1
6daf3328aae5b1ef2eb7c2c2c53e89aee820fbb8

SHA256
efcf281fbd5fce3b03b31f10aee53e18d0d49306dc4353f18d84dbf0d56e163e

SHA512
3a627dc563d5988cbbff236bc524f198e9fe055e86427fffb98990e8ee509d2e9eb4a9b77ccf01577a8816459de2904f9af68f7ca3dadacbe12143a58a4d5b83

Download Submit
C:\Windows\System\HohFpEh.exe

Filesize
2.2MB

MD5
e16460b869c99c95196d3775e089e5f8

SHA1
e89a664f35bc5741cc7d887de9ee840d96a02cf4

SHA256
1af6b32feee1ecfa842eff096a782f84bfff3c9f3c58a28f9e45611566e60b42

SHA512
5b383c65304f31a51da020098baee7a448e1b20f6e4ab49bb7ecd008a3acf90dbd2ef5f52f10d50f57c32f5b589c6ac18b0bcf40a923e6d4735e0d15c41d3109

Download Submit
C:\Windows\System\JJWHFcy.exe

Filesize
2.2MB

MD5
ded24b09af55bc4d288d422afa44760b

SHA1
46c29048daf5399353d848674e2b5b4f1850b196

SHA256
53e9ecda0b77db93db9d7e728d208a5974b22155c531bf43b82cd1052d33e60a

SHA512
9a39aeb1f4044c7277c39f8ec2404536c1765d302ef0cb4ade747c62f9cc6d4880066766ed40d1de65e7049c75a455df1328d2683fa6ff8d2b58c8238f7ec655

Download Submit
C:\Windows\System\PNGESlG.exe

Filesize
2.2MB

MD5
ac1633b1aa543d615f66ad90be954416

SHA1
648bcb0e5380a233fcaeac65f5841da6551fb379

SHA256
39c47fe478e7b01a12f41d7f8204ef07582a50e6bc165c68d198e7e0f456a03b

SHA512
dd55b1e4407730c2e361f154cb8aec770df997a852b1e58d0fd1e0b1c9e832dd0ac16986453b3f44f1e9344ef39c0c1ba69e27a0f36a6d0bdeb33c472abd7cfa

Download Submit
C:\Windows\System\QHqflMi.exe

Filesize
2.2MB

MD5
a6faa6aee50dfb0b57a335e94695916c

SHA1
8c9c35b504cb59cde1f8a4c08d5a9c22613fcec1

SHA256
629c96981cbc603f6bc77aafc3dfa4b46252567eb7d8987dd61628c067fa9f36

SHA512
8e0906802a4918f842c75ca4799a9a1f7b515311e68a235b1eeec6101eb1928f408fd4eb87b82584b2c36473ba93b1fe14a23f15a057edb5abb71453190f0107

Download Submit
C:\Windows\System\UYEzASh.exe

Filesize
2.2MB

MD5
e5b4ce972fd08effa568c9172760e71b

SHA1
6ea817327bc4dda79a91816a59206752069eaa2f

SHA256
dc64f39ab56b32be7d83dc001c14f6b7b5f61797e4b38301fa862aa88a4ea425

SHA512
0e4259f5979bfc6de846f67d93fd92f329fc1b646f159ca844baec6a9196346b0353dd9d230eb71eb0b237f58795d40881176e32516d981c6ef9edc94fbb96fe

Download Submit
C:\Windows\System\UxTcZvx.exe

Filesize
2.2MB

MD5
fcaea29dd9f26a18032ebb37803766a2

SHA1
408d35afd488c8c080f29c8da950e7fdac87804c

SHA256
410d5f6006b50c6e215997c73d5c6045c45c11fad17141da904720e9f10b6556

SHA512
4b8ba4aeaae8f414914d88be03dcebfc4e87c386a53b8c457792e2fce36e23e2fe7b0df701092ce36399dd1c4c777b999dfca160f1fb56e152b109f4c3e363cb

Download Submit
C:\Windows\System\VxxROPD.exe

Filesize
2.2MB

MD5
2f2cde67b24fb2f796e8573c01e87408

SHA1
4fa6a81a9285c8d14eae775bc9b8e2073412420d

SHA256
5d3a98f586401238e3d4213d00bb7cf5537a39332268ecd150801210eee1a6ea

SHA512
a11168f2e0a358b09a47324f42018d50f0adb7e1641655ab99776bc322c2a4ac5570b2dcd2a6095b3bed1e4c6676a0455c2ad6a12db64faa2407b077691a8898

Download Submit
C:\Windows\System\XuqgHLT.exe

Filesize
2.2MB

MD5
43fc88aed434819572ee3175a092b208

SHA1
63300f81ce9ba3055c33c5d007eb191f05304aad

SHA256
045aec65061e32a4c22f3a4539c2c24c55a78c1a3e51cd5a032fdc5349cdf484

SHA512
386a20923a5632db4546f65efe66ce9d1e8770240b07fde6f9c42b0ac7c2ddc01d1c3566a8784a9cfd073189a9de91bd36d8578ae00bc8692bc426e798d5091f

Download Submit
C:\Windows\System\ZCVGEYd.exe

Filesize
2.2MB

MD5
bf9803a0aabe0c84510c017f33be1c17

SHA1
b78e8e25315ed779755424fc28784db5596fdc1f

SHA256
9aaf97b832993e185f199a296a60caf295ee1258910c398d6f9057ed51b2ab7c

SHA512
0dfe40b74b421bba1256cb3d6500cd78d3c98c6d0e9fe257f8bfe40c9910ec57a4c28e98c43f3ef845c1c6fa76299a0a635113c2e4ac9a9a3f3048db0a6fb848

Download Submit
C:\Windows\System\bXlCtpk.exe

Filesize
2.2MB

MD5
b028d42e6e17948bdf3b8a578e9d1aad

SHA1
59aada0bb4ad5af207ae6ea8fc116c35026492af

SHA256
6665b2c276ac31ed2f5e8e4e1b49c45e5c7f5b3654c0fcc24a12f5eb33e24fc0

SHA512
0f9a30dbe21d9cd4b3baf6fd52d24c8ab376c8c9ec3404cecb88a7ce5f6306e2644133e8750c3a63ac81da5cb23ba3f303555a783070542df53f8ee4fec819dd

Download Submit
C:\Windows\System\cWbRvLh.exe

Filesize
2.2MB

MD5
54957eefa1de5f96dfc4b7cfaf0c4257

SHA1
8d35676c8f9c6bc7e3114783343a82b9949f677c

SHA256
1d612b9cd8bcc63105baa559d733d82c1a4dde327d9d41b476a4e75057db0070

SHA512
f0648437a9ebbc3e23493a752bea429a61a2a0b35172ec365b7d5edaba9bd468c917b5c2217ed62722eceaf356a70057c0ca7598416131464e83d2d9d0c1323d

Download Submit
C:\Windows\System\eLpZddf.exe

Filesize
2.2MB

MD5
e0191437043a5ad7ac3c655e6d7254a3

SHA1
f17fffb7131bfb3ee4b17e5934d5c1222576e733

SHA256
b9d0fcb61e04f80e70da42e1e291925ab48092d16eaa3bdda2a7685f827c0f27

SHA512
55920cfcaee9cf2aace96df30c051066d22d466c1956e866d020976527490b60b3d3c5caf382ce8f6e06c7cf0cd2fee98904d631c79f8caffe952f39de3390f1

Download Submit
C:\Windows\System\gicNQvT.exe

Filesize
2.2MB

MD5
311869263f839683eca86bc936f537f3

SHA1
01c77ef66ed5af07846754de11243a900da81b78

SHA256
d8a7d19cc95142b5a96fe66c9de6bfe7d8fa5bda922c0f6202447349b58e3be3

SHA512
ae80bef8a3c53963f503123ec732e8819d58c924caf6f48a418aefc435980cb7b850811e07f14ee1c2793c6703a976bcd888a3e96df2a6d315f5ed40e8d19ec7

Download Submit
C:\Windows\System\hCugKTR.exe

Filesize
2.2MB

MD5
a592bf5252cb715567762effa0b056a5

SHA1
57dc81955103cb80eeda3afc03f5d92ce611c7da

SHA256
09a5ebe3b7469f440b0e63b012be1440ca61193e03f207cc0a8a4601b75d864d

SHA512
c32227e3c81d978fe1f3c4da6628be4a73867f3b32729e6ec772fb45b12e8696e9b3c77bff251f38738afe91e9dd05ab12b3e6a19168636195a69f72e2c7a9e7

Download Submit
C:\Windows\System\iDPQuCo.exe

Filesize
2.2MB

MD5
ff47601294aba8e324976130a00ff251

SHA1
c397efddc55106e16a76d60786f79a16929b3749

SHA256
5521f36f7ba91d66ad4c900a75d4f0c7c11ae1d2ccba5f069201785a0c064cec

SHA512
3fc80b957fe7dd478b3e28a91505b99415cac55bcbe7d3e887851c5f5c3987e803c5db079e4350d6cf03d1a3ebea3d04fe9b50c89391db65afa79dc692704e5e

Download Submit
C:\Windows\System\isksbau.exe

Filesize
2.2MB

MD5
de27c382cbf5dbdd017c4581b244c635

SHA1
8fb2008430c41a0aaea01bb1540ee3df47e8bc14

SHA256
7d15dfe2190cdda926fcf5424f71e5ffe5e1d92512314238d4565f8d6e7dbdae

SHA512
12775b31476f07a1b670f3af429f99cd2ad3008d78c5a5fdeb28583aa57b902f2002af5d0d6d049ce398de8e74a579956d8786bf12f6e89866ef5ba3ed1189ca

Download Submit
C:\Windows\System\kKHmjND.exe

Filesize
2.2MB

MD5
da57b0c2168ab568a80ffbf0d97c146d

SHA1
7f23575a87219f5cb83d170804a6d3f666fe1cb2

SHA256
be632bedcfcee76fcc08e46468d545afba5b51460945269464953c0c288084bc

SHA512
96b5992ede66cc0572094286676d1db43b1c6d10ecbd7da6aa108687d06504c6acccc3251581a89457b1ec1398848a636cfd2b61429f6ff0b88fe6e243b643e0

Download Submit
C:\Windows\System\mlfSmEU.exe

Filesize
2.2MB

MD5
88ce95c36ceba9eeb9e6c43e6e6c14df

SHA1
97efe7cf068112edc8378d083480dbf03012c780

SHA256
6385688b07a2d0728e3fce1f73aaf6342974d45972604361931532ec8c8b40d8

SHA512
5549296a73d8361fb363924f0dc131058d77efe50f51b832f4ffd1f32ec8b5ed07e0f0b5c85368d1d7a2b9e93cfb654ce23c15a984cc07fe139954300e1f0527

Download Submit
C:\Windows\System\oAaRBou.exe

Filesize
2.2MB

MD5
3e7d120dd1028e1fccc5ebdddd1bbee2

SHA1
ff226b526b29c264366509bde7b58cfc8176da7f

SHA256
cbe887149d714c561bbb2049aabfc9a5df09a6c17edcb3ddb6404630d35e4615

SHA512
c2d4bb203b94965c3f884ee860e3e189a8c5c77f067ac8a697175f425886ada1db7c3c0c5df61fbfe653d490df70871a7b25198798adaa38e682c94a856f2c64

Download Submit
C:\Windows\System\oPyiqpL.exe

Filesize
2.2MB

MD5
3702cd42f4b3004e14f3f8bbd39a264b

SHA1
4df830b574a5784b3c55a3c0a284bc87dc6e4b70

SHA256
30ba15b681c1b0fd1ea53048db3e44df7091fd6a47f5904447ce82de6e593249

SHA512
9118a56db26d7751f54e8cc76c9e91cff8698e71f4ed78cba88aaff5e9f3d98aea26a5f5bb9c54f2b18621725f6d34dafb7817a2f2e137caf3558cda9b463811

Download Submit
C:\Windows\System\pKGAEmK.exe

Filesize
2.2MB

MD5
cd5158d22d5efd14ab4d3af57b26996b

SHA1
46d1cbf9119514b6742080f143bea174966f6a1a

SHA256
96030269654de040f586cbe239910bc13cd85d54bb497545f1318f2df9a608ef

SHA512
0319e72c516443101610cde888764901c3ed8b41feb135ea8c6de60c471498ff4da38227ceed87b3ab14b7d3cc76f00afcf9f612706cf943bfd93183e0c99089

Download Submit
C:\Windows\System\rUwTyZi.exe

Filesize
2.2MB

MD5
afa3cd24ac94a488b8307f89259d02bd

SHA1
db1ad7df953b753a99bb55fedf7633b1a952ba13

SHA256
0f8052a33970341441f320d1907ad5d36e71fa41aa17ed58f0466ad60820f32c

SHA512
3ac8007f1ae159c7e6d1a6ab215297c2b012215ee3fdfa436882369d1d6e4446b4d5156fafcf0c39aa62dc0ef6232515217d464b5744bc5b6f9b3cea670f71fc

Download Submit
C:\Windows\System\txoExJA.exe

Filesize
2.2MB

MD5
be5e4b43016b8e5de8c470db4bf2b760

SHA1
e762f756a65df37a8f783a10566acf406f92fbfb

SHA256
76c672d472e5bf35a7b2db8ff76bc18f35f53ab3fe038980c2000708c1588096

SHA512
c1723f901e2f67aa4e010343d5bdf7feb4eb75f7fd63296cdb5c039b6c264473a1101260c66dfd032b31368d446eabc50ed1f38d0a893d1a218b34f32fa9f7b0

Download Submit
C:\Windows\System\umZYFSx.exe

Filesize
2.2MB

MD5
d176209ea1bc3d0febe2c185435349a3

SHA1
dad13a326bf7e8709fb29a1bc34bd1ab23f7c4e0

SHA256
9bd7710ef6211ce417e7783ee6a60bb7347c11274983eb791a0f2185c4ce1c44

SHA512
73e979807bafe0a603a172b0b1c586d2e32af9b416bedebc98a5e9937d057d9fef2db379dbdebf6a4bbbe246b33a9241d297a04e6d5120b0f7de91064ba30918

Download Submit
C:\Windows\System\upiltBs.exe

Filesize
2.2MB

MD5
5f1114974271ddfee223346428cbbc73

SHA1
8a7dd6ecec19bcba32db94ab1636bb1bdbd4dabf

SHA256
f029bc62d835d3e6ad7fb7226eae1e1c825f4a01a95627c2af6a063aff71ca11

SHA512
b9d946fdf4341d4201390ae16e86d835575a8d31bc74e569863ed112052007aa5c932e67bb65cfa8326b74a55e0231d6b4e3a45afdf6ff5225d52afa65334302

Download Submit
C:\Windows\System\vvTYJLB.exe

Filesize
2.2MB

MD5
caa91360ed4712794d0eea55b1d23e1d

SHA1
cf01e7088b581f9f5f5b006ff5c0224523c280f6

SHA256
431475ee8217e92ffbbacad8bf53321843cbe2249d54bbc41d8980d2cf4850d9

SHA512
5f363ff84e1a47af5535f182caa1a09247c679f32e64a79b569d2bed67363aaaaa9c4fc84c667e6d840e243aaf5bae17f467c1a2b24863ca6e2b38980338089c

Download Submit
C:\Windows\System\xeHneeu.exe

Filesize
2.2MB

MD5
d0b4b02827de443199eec764a253a373

SHA1
62eb63aabe2ec3601b34774289a2c480e43f4fe8

SHA256
8265cb4ef60fe584dbe7141516e30349dcd87affa8e3fc3f386915132640d119

SHA512
2e74f7c5bdf100132c7dc98a901547f377c03fb0803888035fb0120598bce68ba8de48b3fa04e394ce1eeb485eae32a3652506ce0e1f963cf59d336c92736d65

Download Submit
C:\Windows\System\zfbmPOn.exe

Filesize
2.2MB

MD5
8aa7f8aa4f893d6bc13073c1af769e57

SHA1
63577a64f3bdd0b79aa8ac28ba77ed3eed29e441

SHA256
22256b4d7087b0506901f2547f41474f2fe099d7cf598465f7024e769889e9b1

SHA512
70f64168efd7096fd667dedefa3d551b1ad54540e1e300dfeba78f8eb1e1e4e50a1302bffff13be808269a6281919294af9852144bfdf8eba7fc945f967ba0e1

Download Submit
memory/220-2138-0x00007FF6E3F40000-0x00007FF6E4294000-memory.dmp

Filesize
3.3MB

Download
memory/220-2137-0x00007FF6E3F40000-0x00007FF6E4294000-memory.dmp

Filesize
3.3MB

Download
memory/220-6-0x00007FF6E3F40000-0x00007FF6E4294000-memory.dmp

Filesize
3.3MB

Download
memory/384-738-0x00007FF62FC80000-0x00007FF62FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/384-2147-0x00007FF62FC80000-0x00007FF62FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/444-2154-0x00007FF77BEF0000-0x00007FF77C244000-memory.dmp

Filesize
3.3MB

Download
memory/444-847-0x00007FF77BEF0000-0x00007FF77C244000-memory.dmp

Filesize
3.3MB

Download
memory/576-2159-0x00007FF79F730000-0x00007FF79FA84000-memory.dmp

Filesize
3.3MB

Download
memory/576-766-0x00007FF79F730000-0x00007FF79FA84000-memory.dmp

Filesize
3.3MB

Download
memory/744-20-0x00007FF74BF50000-0x00007FF74C2A4000-memory.dmp

Filesize
3.3MB

Download
memory/744-2140-0x00007FF74BF50000-0x00007FF74C2A4000-memory.dmp

Filesize
3.3MB

Download
memory/860-2164-0x00007FF6300F0000-0x00007FF630444000-memory.dmp

Filesize
3.3MB

Download
memory/860-855-0x00007FF6300F0000-0x00007FF630444000-memory.dmp

Filesize
3.3MB

Download
memory/944-721-0x00007FF685280000-0x00007FF6855D4000-memory.dmp

Filesize
3.3MB

Download
memory/944-2141-0x00007FF685280000-0x00007FF6855D4000-memory.dmp

Filesize
3.3MB

Download
memory/996-856-0x00007FF66A0F0000-0x00007FF66A444000-memory.dmp

Filesize
3.3MB

Download
memory/996-2160-0x00007FF66A0F0000-0x00007FF66A444000-memory.dmp

Filesize
3.3MB

Download
memory/1080-730-0x00007FF7E8820000-0x00007FF7E8B74000-memory.dmp

Filesize
3.3MB

Download
memory/1080-2146-0x00007FF7E8820000-0x00007FF7E8B74000-memory.dmp

Filesize
3.3MB

Download
memory/1148-845-0x00007FF780410000-0x00007FF780764000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2157-0x00007FF780410000-0x00007FF780764000-memory.dmp

Filesize
3.3MB

Download
memory/1352-2158-0x00007FF7CB600000-0x00007FF7CB954000-memory.dmp

Filesize
3.3MB

Download
memory/1352-846-0x00007FF7CB600000-0x00007FF7CB954000-memory.dmp

Filesize
3.3MB

Download
memory/1388-852-0x00007FF681950000-0x00007FF681CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-2153-0x00007FF681950000-0x00007FF681CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-2156-0x00007FF775510000-0x00007FF775864000-memory.dmp

Filesize
3.3MB

Download
memory/1500-794-0x00007FF775510000-0x00007FF775864000-memory.dmp

Filesize
3.3MB

Download
memory/1752-757-0x00007FF620C70000-0x00007FF620FC4000-memory.dmp

Filesize
3.3MB

Download
memory/1752-2149-0x00007FF620C70000-0x00007FF620FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-2136-0x00007FF6FD1A0000-0x00007FF6FD4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1-0x000002666FEF0000-0x000002666FF00000-memory.dmp

Filesize
64KB

Download
memory/2028-0-0x00007FF6FD1A0000-0x00007FF6FD4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-748-0x00007FF7B4BC0000-0x00007FF7B4F14000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2145-0x00007FF7B4BC0000-0x00007FF7B4F14000-memory.dmp

Filesize
3.3MB

Download
memory/3292-858-0x00007FF7D65F0000-0x00007FF7D6944000-memory.dmp

Filesize
3.3MB

Download
memory/3292-2162-0x00007FF7D65F0000-0x00007FF7D6944000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2148-0x00007FF6EB3D0000-0x00007FF6EB724000-memory.dmp

Filesize
3.3MB

Download
memory/3464-751-0x00007FF6EB3D0000-0x00007FF6EB724000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2143-0x00007FF621BC0000-0x00007FF621F14000-memory.dmp

Filesize
3.3MB

Download
memory/3512-735-0x00007FF621BC0000-0x00007FF621F14000-memory.dmp

Filesize
3.3MB

Download
memory/3548-2150-0x00007FF723390000-0x00007FF7236E4000-memory.dmp

Filesize
3.3MB

Download
memory/3548-851-0x00007FF723390000-0x00007FF7236E4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-743-0x00007FF7FC7B0000-0x00007FF7FCB04000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2144-0x00007FF7FC7B0000-0x00007FF7FCB04000-memory.dmp

Filesize
3.3MB

Download
memory/3692-2163-0x00007FF7A2280000-0x00007FF7A25D4000-memory.dmp

Filesize
3.3MB

Download
memory/3692-859-0x00007FF7A2280000-0x00007FF7A25D4000-memory.dmp

Filesize
3.3MB

Download
memory/3696-853-0x00007FF6140C0000-0x00007FF614414000-memory.dmp

Filesize
3.3MB

Download
memory/3696-2166-0x00007FF6140C0000-0x00007FF614414000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2142-0x00007FF727800000-0x00007FF727B54000-memory.dmp

Filesize
3.3MB

Download
memory/3884-726-0x00007FF727800000-0x00007FF727B54000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2152-0x00007FF603200000-0x00007FF603554000-memory.dmp

Filesize
3.3MB

Download
memory/4696-764-0x00007FF603200000-0x00007FF603554000-memory.dmp

Filesize
3.3MB

Download
memory/4708-2165-0x00007FF63BBB0000-0x00007FF63BF04000-memory.dmp

Filesize
3.3MB

Download
memory/4708-857-0x00007FF63BBB0000-0x00007FF63BF04000-memory.dmp

Filesize
3.3MB

Download
memory/4788-2161-0x00007FF78D7A0000-0x00007FF78DAF4000-memory.dmp

Filesize
3.3MB

Download
memory/4788-854-0x00007FF78D7A0000-0x00007FF78DAF4000-memory.dmp

Filesize
3.3MB

Download
memory/4796-14-0x00007FF7C35F0000-0x00007FF7C3944000-memory.dmp

Filesize
3.3MB

Download
memory/4796-2139-0x00007FF7C35F0000-0x00007FF7C3944000-memory.dmp

Filesize
3.3MB

Download
memory/4888-2155-0x00007FF60CDB0000-0x00007FF60D104000-memory.dmp

Filesize
3.3MB

Download
memory/4888-772-0x00007FF60CDB0000-0x00007FF60D104000-memory.dmp

Filesize
3.3MB

Download
memory/4940-770-0x00007FF7A2F30000-0x00007FF7A3284000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2151-0x00007FF7A2F30000-0x00007FF7A3284000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads