xmrig | 67c6ca825690b49e1714bc28ffab1582181aa17d7a12fcf4cc5e50ecb4988e2c

Analysis

max time kernel
131s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
Size

1.7MB
MD5

417929ff6e89d6e01f9b626371f5c1f0
SHA1

666d1425b646c1d88f10a50f4989c29e7480f0f3
SHA256

67c6ca825690b49e1714bc28ffab1582181aa17d7a12fcf4cc5e50ecb4988e2c
SHA512

67a137a1bcba7ff2e6c9a364d9778faaf544c49ae37b9f88bc0a995467e0295d16415f5338b2dd3e4bb3dd576e44cae3d992ab75e0322774989df727f47c79a8
SSDEEP

49152:ROdWCCi7/rahHxhOWenbffOldXeLA1cFrYVp:RWWBibat

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/648-36-0x00007FF6B83E0000-0x00007FF6B8731000-memory.dmp	xmrig
behavioral2/memory/3940-136-0x00007FF7125F0000-0x00007FF712941000-memory.dmp	xmrig
behavioral2/memory/4520-412-0x00007FF691EA0000-0x00007FF6921F1000-memory.dmp	xmrig
behavioral2/memory/1148-414-0x00007FF6F8240000-0x00007FF6F8591000-memory.dmp	xmrig
behavioral2/memory/3600-413-0x00007FF6746F0000-0x00007FF674A41000-memory.dmp	xmrig
behavioral2/memory/460-411-0x00007FF717C70000-0x00007FF717FC1000-memory.dmp	xmrig
behavioral2/memory/1612-410-0x00007FF723E40000-0x00007FF724191000-memory.dmp	xmrig
behavioral2/memory/4512-409-0x00007FF701120000-0x00007FF701471000-memory.dmp	xmrig
behavioral2/memory/4624-408-0x00007FF71B180000-0x00007FF71B4D1000-memory.dmp	xmrig
behavioral2/memory/4644-1001-0x00007FF765BA0000-0x00007FF765EF1000-memory.dmp	xmrig
behavioral2/memory/2548-1005-0x00007FF72A8E0000-0x00007FF72AC31000-memory.dmp	xmrig
behavioral2/memory/4140-146-0x00007FF6D91A0000-0x00007FF6D94F1000-memory.dmp	xmrig
behavioral2/memory/4944-131-0x00007FF7C6BE0000-0x00007FF7C6F31000-memory.dmp	xmrig
behavioral2/memory/1756-130-0x00007FF6789E0000-0x00007FF678D31000-memory.dmp	xmrig
behavioral2/memory/4240-82-0x00007FF68E220000-0x00007FF68E571000-memory.dmp	xmrig
behavioral2/memory/3884-77-0x00007FF72EC00000-0x00007FF72EF51000-memory.dmp	xmrig
behavioral2/memory/2672-68-0x00007FF7884B0000-0x00007FF788801000-memory.dmp	xmrig
behavioral2/memory/2720-2218-0x00007FF64E650000-0x00007FF64E9A1000-memory.dmp	xmrig
behavioral2/memory/648-2219-0x00007FF6B83E0000-0x00007FF6B8731000-memory.dmp	xmrig
behavioral2/memory/4264-2221-0x00007FF732E60000-0x00007FF7331B1000-memory.dmp	xmrig
behavioral2/memory/2132-2222-0x00007FF720CE0000-0x00007FF721031000-memory.dmp	xmrig
behavioral2/memory/4708-2220-0x00007FF6F4500000-0x00007FF6F4851000-memory.dmp	xmrig
behavioral2/memory/4940-2228-0x00007FF730800000-0x00007FF730B51000-memory.dmp	xmrig
behavioral2/memory/1720-2258-0x00007FF61E7E0000-0x00007FF61EB31000-memory.dmp	xmrig
behavioral2/memory/3860-2259-0x00007FF689DF0000-0x00007FF68A141000-memory.dmp	xmrig
behavioral2/memory/2836-2257-0x00007FF6ADB50000-0x00007FF6ADEA1000-memory.dmp	xmrig
behavioral2/memory/4604-2256-0x00007FF7C4F40000-0x00007FF7C5291000-memory.dmp	xmrig
behavioral2/memory/3248-2260-0x00007FF630E90000-0x00007FF6311E1000-memory.dmp	xmrig
behavioral2/memory/4140-2262-0x00007FF6D91A0000-0x00007FF6D94F1000-memory.dmp	xmrig
behavioral2/memory/3964-2261-0x00007FF7A7A00000-0x00007FF7A7D51000-memory.dmp	xmrig
behavioral2/memory/5096-2269-0x00007FF7A62F0000-0x00007FF7A6641000-memory.dmp	xmrig
behavioral2/memory/2548-2271-0x00007FF72A8E0000-0x00007FF72AC31000-memory.dmp	xmrig
behavioral2/memory/1412-2273-0x00007FF706D10000-0x00007FF707061000-memory.dmp	xmrig
behavioral2/memory/2720-2275-0x00007FF64E650000-0x00007FF64E9A1000-memory.dmp	xmrig
behavioral2/memory/648-2277-0x00007FF6B83E0000-0x00007FF6B8731000-memory.dmp	xmrig
behavioral2/memory/4708-2279-0x00007FF6F4500000-0x00007FF6F4851000-memory.dmp	xmrig
behavioral2/memory/2672-2281-0x00007FF7884B0000-0x00007FF788801000-memory.dmp	xmrig
behavioral2/memory/3884-2285-0x00007FF72EC00000-0x00007FF72EF51000-memory.dmp	xmrig
behavioral2/memory/4240-2283-0x00007FF68E220000-0x00007FF68E571000-memory.dmp	xmrig
behavioral2/memory/2132-2289-0x00007FF720CE0000-0x00007FF721031000-memory.dmp	xmrig
behavioral2/memory/1756-2291-0x00007FF6789E0000-0x00007FF678D31000-memory.dmp	xmrig
behavioral2/memory/4264-2287-0x00007FF732E60000-0x00007FF7331B1000-memory.dmp	xmrig
behavioral2/memory/4940-2293-0x00007FF730800000-0x00007FF730B51000-memory.dmp	xmrig
behavioral2/memory/4944-2297-0x00007FF7C6BE0000-0x00007FF7C6F31000-memory.dmp	xmrig
behavioral2/memory/4604-2295-0x00007FF7C4F40000-0x00007FF7C5291000-memory.dmp	xmrig
behavioral2/memory/3940-2299-0x00007FF7125F0000-0x00007FF712941000-memory.dmp	xmrig
behavioral2/memory/2836-2303-0x00007FF6ADB50000-0x00007FF6ADEA1000-memory.dmp	xmrig
behavioral2/memory/3248-2301-0x00007FF630E90000-0x00007FF6311E1000-memory.dmp	xmrig
behavioral2/memory/3600-2307-0x00007FF6746F0000-0x00007FF674A41000-memory.dmp	xmrig
behavioral2/memory/1720-2305-0x00007FF61E7E0000-0x00007FF61EB31000-memory.dmp	xmrig
behavioral2/memory/3964-2309-0x00007FF7A7A00000-0x00007FF7A7D51000-memory.dmp	xmrig
behavioral2/memory/4140-2313-0x00007FF6D91A0000-0x00007FF6D94F1000-memory.dmp	xmrig
behavioral2/memory/4624-2317-0x00007FF71B180000-0x00007FF71B4D1000-memory.dmp	xmrig
behavioral2/memory/1612-2321-0x00007FF723E40000-0x00007FF724191000-memory.dmp	xmrig
behavioral2/memory/1148-2319-0x00007FF6F8240000-0x00007FF6F8591000-memory.dmp	xmrig
behavioral2/memory/3860-2315-0x00007FF689DF0000-0x00007FF68A141000-memory.dmp	xmrig
behavioral2/memory/4512-2311-0x00007FF701120000-0x00007FF701471000-memory.dmp	xmrig
behavioral2/memory/4520-2328-0x00007FF691EA0000-0x00007FF6921F1000-memory.dmp	xmrig
behavioral2/memory/460-2323-0x00007FF717C70000-0x00007FF717FC1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2548	NPBzpwo.exe
5096	tOKyygu.exe
1412	KvNTPtD.exe
2720	gNMtxjH.exe
648	uxozadk.exe
4708	QZkvbCK.exe
2672	sVNpdMZ.exe
4264	jYlrrcz.exe
3884	BwsnALH.exe
2132	LnRzNui.exe
4240	QKQrNVK.exe
3248	RzzqKsQ.exe
1756	vmIXhFC.exe
4604	verfWpD.exe
4944	hgMGjST.exe
2836	jKIvdfr.exe
4940	JFOKeAZ.exe
3940	dUpYrFY.exe
1720	HFUvFfU.exe
3600	UYDUeoa.exe
3964	tTzVEPx.exe
4140	oBViOjP.exe
3860	IUqdGgn.exe
4624	qAdFeQq.exe
4512	DJBHBiY.exe
1148	AMwNDrJ.exe
1612	adUUxfa.exe
460	BzTHZhg.exe
4520	LwjBgLU.exe
4176	MXUqHYi.exe
2964	QIXSHYN.exe
536	kupZTKY.exe
500	JTwjxbx.exe
2296	weapSnQ.exe
3092	yhLKvUb.exe
3052	mVWEsro.exe
1988	iFfBHzB.exe
3640	mLojzuh.exe
3948	SSOerUS.exe
2168	TOnczqb.exe
3896	lWtHVWw.exe
3136	LSBdXmf.exe
2664	CXJzcHS.exe
3088	wQwcAOX.exe
3520	vfxYSbk.exe
3632	UHeSEeB.exe
2464	CfRoPBj.exe
4828	PTZzFUA.exe
4348	RNHwamq.exe
4524	pMhrgWc.exe
4416	BffOmcl.exe
2992	slYuKnE.exe
968	HGwKvCW.exe
1872	DmTxble.exe
2012	UNkojrP.exe
1456	fVzBThZ.exe
1060	lqsQWQe.exe
1332	QPlyrfb.exe
2896	TOxiSUV.exe
3572	hmXiYcI.exe
1312	rjQaGnc.exe
3880	wRzxgge.exe
4068	pGNDTSM.exe
1900	jKUMCJl.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4644-0-0x00007FF765BA0000-0x00007FF765EF1000-memory.dmp	upx
behavioral2/files/0x0009000000023403-5.dat	upx
behavioral2/files/0x000700000002340b-7.dat	upx
behavioral2/memory/2548-11-0x00007FF72A8E0000-0x00007FF72AC31000-memory.dmp	upx
behavioral2/files/0x000700000002340c-21.dat	upx
behavioral2/memory/2720-24-0x00007FF64E650000-0x00007FF64E9A1000-memory.dmp	upx
behavioral2/memory/1412-20-0x00007FF706D10000-0x00007FF707061000-memory.dmp	upx
behavioral2/memory/5096-14-0x00007FF7A62F0000-0x00007FF7A6641000-memory.dmp	upx
behavioral2/files/0x0008000000023407-12.dat	upx
behavioral2/memory/648-36-0x00007FF6B83E0000-0x00007FF6B8731000-memory.dmp	upx
behavioral2/files/0x000700000002340e-35.dat	upx
behavioral2/files/0x0007000000023412-50.dat	upx
behavioral2/memory/2132-60-0x00007FF720CE0000-0x00007FF721031000-memory.dmp	upx
behavioral2/files/0x0007000000023414-65.dat	upx
behavioral2/files/0x0007000000023415-74.dat	upx
behavioral2/files/0x0007000000023418-86.dat	upx
behavioral2/memory/4940-103-0x00007FF730800000-0x00007FF730B51000-memory.dmp	upx
behavioral2/files/0x000700000002341f-128.dat	upx
behavioral2/memory/3940-136-0x00007FF7125F0000-0x00007FF712941000-memory.dmp	upx
behavioral2/files/0x000700000002341d-142.dat	upx
behavioral2/files/0x0007000000023422-154.dat	upx
behavioral2/files/0x0007000000023423-167.dat	upx
behavioral2/files/0x0007000000023427-179.dat	upx
behavioral2/memory/3860-407-0x00007FF689DF0000-0x00007FF68A141000-memory.dmp	upx
behavioral2/memory/4520-412-0x00007FF691EA0000-0x00007FF6921F1000-memory.dmp	upx
behavioral2/memory/1148-414-0x00007FF6F8240000-0x00007FF6F8591000-memory.dmp	upx
behavioral2/memory/3600-413-0x00007FF6746F0000-0x00007FF674A41000-memory.dmp	upx
behavioral2/memory/460-411-0x00007FF717C70000-0x00007FF717FC1000-memory.dmp	upx
behavioral2/memory/1612-410-0x00007FF723E40000-0x00007FF724191000-memory.dmp	upx
behavioral2/memory/4512-409-0x00007FF701120000-0x00007FF701471000-memory.dmp	upx
behavioral2/memory/4624-408-0x00007FF71B180000-0x00007FF71B4D1000-memory.dmp	upx
behavioral2/memory/4644-1001-0x00007FF765BA0000-0x00007FF765EF1000-memory.dmp	upx
behavioral2/memory/2548-1005-0x00007FF72A8E0000-0x00007FF72AC31000-memory.dmp	upx
behavioral2/files/0x0007000000023428-184.dat	upx
behavioral2/files/0x0007000000023426-182.dat	upx
behavioral2/files/0x0007000000023425-177.dat	upx
behavioral2/files/0x0007000000023424-172.dat	upx
behavioral2/files/0x0007000000023421-157.dat	upx
behavioral2/memory/4140-146-0x00007FF6D91A0000-0x00007FF6D94F1000-memory.dmp	upx
behavioral2/files/0x0007000000023420-145.dat	upx
behavioral2/files/0x000700000002341e-144.dat	upx
behavioral2/files/0x000700000002341c-140.dat	upx
behavioral2/memory/3964-137-0x00007FF7A7A00000-0x00007FF7A7D51000-memory.dmp	upx
behavioral2/files/0x000700000002341b-134.dat	upx
behavioral2/files/0x000700000002341a-132.dat	upx
behavioral2/memory/4944-131-0x00007FF7C6BE0000-0x00007FF7C6F31000-memory.dmp	upx
behavioral2/memory/1756-130-0x00007FF6789E0000-0x00007FF678D31000-memory.dmp	upx
behavioral2/files/0x0007000000023417-118.dat	upx
behavioral2/memory/3248-115-0x00007FF630E90000-0x00007FF6311E1000-memory.dmp	upx
behavioral2/files/0x0007000000023419-107.dat	upx
behavioral2/memory/1720-106-0x00007FF61E7E0000-0x00007FF61EB31000-memory.dmp	upx
behavioral2/files/0x0007000000023416-98.dat	upx
behavioral2/memory/2836-93-0x00007FF6ADB50000-0x00007FF6ADEA1000-memory.dmp	upx
behavioral2/files/0x0008000000023408-88.dat	upx
behavioral2/memory/4604-87-0x00007FF7C4F40000-0x00007FF7C5291000-memory.dmp	upx
behavioral2/memory/4240-82-0x00007FF68E220000-0x00007FF68E571000-memory.dmp	upx
behavioral2/memory/3884-77-0x00007FF72EC00000-0x00007FF72EF51000-memory.dmp	upx
behavioral2/files/0x0007000000023413-72.dat	upx
behavioral2/memory/2672-68-0x00007FF7884B0000-0x00007FF788801000-memory.dmp	upx
behavioral2/files/0x0007000000023410-63.dat	upx
behavioral2/files/0x0007000000023411-59.dat	upx
behavioral2/memory/4264-55-0x00007FF732E60000-0x00007FF7331B1000-memory.dmp	upx
behavioral2/files/0x000700000002340f-52.dat	upx
behavioral2/memory/4708-46-0x00007FF6F4500000-0x00007FF6F4851000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qWAIwGW.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\sVMstGE.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\oafaNCG.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\IrhcPEJ.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\GuQiCkJ.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\UtoCXGN.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\eEvFVRw.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\gGeNUJZ.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\gVcCqOI.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\yMKfpsq.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\SNuUgPl.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\HGwKvCW.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\FSvRMPj.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\sPfTVSE.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\AtWztqy.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\LwjBgLU.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\UvioqTz.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\tzMAylW.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\JwVLuNQ.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\fMlUdkB.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\uHYLiOe.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\lWtHVWw.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\lyutaOj.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\PMGaFra.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\CtkpKnO.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\EMciTAR.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\ojGjuOK.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\KCLOldH.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\aaXtEuK.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\qOXkddY.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\vNfiEaN.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\UplOxxs.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\iJyxmAS.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\XPDCNPV.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\ulBLYAV.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\tgsJIMm.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\JtAKIfA.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\CvcbKBO.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\WwIodrc.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\Uzzmlvf.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\FLbeuOZ.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\yUnVciS.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\APUECcU.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\AMwNDrJ.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\FuqNobV.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\ULdjzNx.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\nMXHhrP.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\hgMGjST.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\eWAXKMh.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\FXZrAKQ.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\sejAUwI.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\kYwvjYS.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\MhvsGFw.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\dIIawxh.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\EeXMXgr.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\lwhDefd.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\DJBHBiY.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\PTZzFUA.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\aFAOuAY.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\xzcaEtd.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\uSHQpyR.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\zpdffgs.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\pRBIEXp.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
File created	C:\Windows\System\EtnNRFO.exe	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14236	dwm.exe
Token: SeChangeNotifyPrivilege	14236	dwm.exe
Token: 33	14236	dwm.exe
Token: SeIncBasePriorityPrivilege	14236	dwm.exe
Token: SeShutdownPrivilege	14236	dwm.exe
Token: SeCreatePagefilePrivilege	14236	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 2548	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	85
PID 4644 wrote to memory of 2548	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	85
PID 4644 wrote to memory of 5096	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	86
PID 4644 wrote to memory of 5096	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	86
PID 4644 wrote to memory of 1412	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	87
PID 4644 wrote to memory of 1412	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	87
PID 4644 wrote to memory of 2720	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	88
PID 4644 wrote to memory of 2720	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	88
PID 4644 wrote to memory of 648	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	89
PID 4644 wrote to memory of 648	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	89
PID 4644 wrote to memory of 4708	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	90
PID 4644 wrote to memory of 4708	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	90
PID 4644 wrote to memory of 2672	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	91
PID 4644 wrote to memory of 2672	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	91
PID 4644 wrote to memory of 4264	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	92
PID 4644 wrote to memory of 4264	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	92
PID 4644 wrote to memory of 4240	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	93
PID 4644 wrote to memory of 4240	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	93
PID 4644 wrote to memory of 3884	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	94
PID 4644 wrote to memory of 3884	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	94
PID 4644 wrote to memory of 2132	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	95
PID 4644 wrote to memory of 2132	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	95
PID 4644 wrote to memory of 3248	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	96
PID 4644 wrote to memory of 3248	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	96
PID 4644 wrote to memory of 1756	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	97
PID 4644 wrote to memory of 1756	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	97
PID 4644 wrote to memory of 4604	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	98
PID 4644 wrote to memory of 4604	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	98
PID 4644 wrote to memory of 4944	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	99
PID 4644 wrote to memory of 4944	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	99
PID 4644 wrote to memory of 2836	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	100
PID 4644 wrote to memory of 2836	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	100
PID 4644 wrote to memory of 4940	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	101
PID 4644 wrote to memory of 4940	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	101
PID 4644 wrote to memory of 3940	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	102
PID 4644 wrote to memory of 3940	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	102
PID 4644 wrote to memory of 1720	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	103
PID 4644 wrote to memory of 1720	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	103
PID 4644 wrote to memory of 3600	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	104
PID 4644 wrote to memory of 3600	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	104
PID 4644 wrote to memory of 3964	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	105
PID 4644 wrote to memory of 3964	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	105
PID 4644 wrote to memory of 4140	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	106
PID 4644 wrote to memory of 4140	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	106
PID 4644 wrote to memory of 3860	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	107
PID 4644 wrote to memory of 3860	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	107
PID 4644 wrote to memory of 4624	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	108
PID 4644 wrote to memory of 4624	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	108
PID 4644 wrote to memory of 4512	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	109
PID 4644 wrote to memory of 4512	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	109
PID 4644 wrote to memory of 1148	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	110
PID 4644 wrote to memory of 1148	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	110
PID 4644 wrote to memory of 1612	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	111
PID 4644 wrote to memory of 1612	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	111
PID 4644 wrote to memory of 460	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	112
PID 4644 wrote to memory of 460	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	112
PID 4644 wrote to memory of 4520	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	113
PID 4644 wrote to memory of 4520	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	113
PID 4644 wrote to memory of 4176	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	114
PID 4644 wrote to memory of 4176	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	114
PID 4644 wrote to memory of 2964	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	115
PID 4644 wrote to memory of 2964	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	115
PID 4644 wrote to memory of 536	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	116
PID 4644 wrote to memory of 536	4644	417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\417929ff6e89d6e01f9b626371f5c1f0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Windows\System\NPBzpwo.exe
  C:\Windows\System\NPBzpwo.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\tOKyygu.exe
  C:\Windows\System\tOKyygu.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\KvNTPtD.exe
  C:\Windows\System\KvNTPtD.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\gNMtxjH.exe
  C:\Windows\System\gNMtxjH.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\uxozadk.exe
  C:\Windows\System\uxozadk.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\QZkvbCK.exe
  C:\Windows\System\QZkvbCK.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\sVNpdMZ.exe
  C:\Windows\System\sVNpdMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\jYlrrcz.exe
  C:\Windows\System\jYlrrcz.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\QKQrNVK.exe
  C:\Windows\System\QKQrNVK.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\BwsnALH.exe
  C:\Windows\System\BwsnALH.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\LnRzNui.exe
  C:\Windows\System\LnRzNui.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\RzzqKsQ.exe
  C:\Windows\System\RzzqKsQ.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\vmIXhFC.exe
  C:\Windows\System\vmIXhFC.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\verfWpD.exe
  C:\Windows\System\verfWpD.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\hgMGjST.exe
  C:\Windows\System\hgMGjST.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\jKIvdfr.exe
  C:\Windows\System\jKIvdfr.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\JFOKeAZ.exe
  C:\Windows\System\JFOKeAZ.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\dUpYrFY.exe
  C:\Windows\System\dUpYrFY.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\HFUvFfU.exe
  C:\Windows\System\HFUvFfU.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\UYDUeoa.exe
  C:\Windows\System\UYDUeoa.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\tTzVEPx.exe
  C:\Windows\System\tTzVEPx.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\oBViOjP.exe
  C:\Windows\System\oBViOjP.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\IUqdGgn.exe
  C:\Windows\System\IUqdGgn.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\qAdFeQq.exe
  C:\Windows\System\qAdFeQq.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\DJBHBiY.exe
  C:\Windows\System\DJBHBiY.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\AMwNDrJ.exe
  C:\Windows\System\AMwNDrJ.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\adUUxfa.exe
  C:\Windows\System\adUUxfa.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\BzTHZhg.exe
  C:\Windows\System\BzTHZhg.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\LwjBgLU.exe
  C:\Windows\System\LwjBgLU.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\MXUqHYi.exe
  C:\Windows\System\MXUqHYi.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\QIXSHYN.exe
  C:\Windows\System\QIXSHYN.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\kupZTKY.exe
  C:\Windows\System\kupZTKY.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\JTwjxbx.exe
  C:\Windows\System\JTwjxbx.exe
  2⤵
  - Executes dropped EXE
  PID:500
- C:\Windows\System\weapSnQ.exe
  C:\Windows\System\weapSnQ.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\yhLKvUb.exe
  C:\Windows\System\yhLKvUb.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\mVWEsro.exe
  C:\Windows\System\mVWEsro.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\iFfBHzB.exe
  C:\Windows\System\iFfBHzB.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\mLojzuh.exe
  C:\Windows\System\mLojzuh.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\SSOerUS.exe
  C:\Windows\System\SSOerUS.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\TOnczqb.exe
  C:\Windows\System\TOnczqb.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\lWtHVWw.exe
  C:\Windows\System\lWtHVWw.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\LSBdXmf.exe
  C:\Windows\System\LSBdXmf.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\CXJzcHS.exe
  C:\Windows\System\CXJzcHS.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\wQwcAOX.exe
  C:\Windows\System\wQwcAOX.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\vfxYSbk.exe
  C:\Windows\System\vfxYSbk.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\UHeSEeB.exe
  C:\Windows\System\UHeSEeB.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\CfRoPBj.exe
  C:\Windows\System\CfRoPBj.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\PTZzFUA.exe
  C:\Windows\System\PTZzFUA.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\RNHwamq.exe
  C:\Windows\System\RNHwamq.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\pMhrgWc.exe
  C:\Windows\System\pMhrgWc.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\BffOmcl.exe
  C:\Windows\System\BffOmcl.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\slYuKnE.exe
  C:\Windows\System\slYuKnE.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\HGwKvCW.exe
  C:\Windows\System\HGwKvCW.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\DmTxble.exe
  C:\Windows\System\DmTxble.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\UNkojrP.exe
  C:\Windows\System\UNkojrP.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\fVzBThZ.exe
  C:\Windows\System\fVzBThZ.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\lqsQWQe.exe
  C:\Windows\System\lqsQWQe.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\QPlyrfb.exe
  C:\Windows\System\QPlyrfb.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\TOxiSUV.exe
  C:\Windows\System\TOxiSUV.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\hmXiYcI.exe
  C:\Windows\System\hmXiYcI.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\rjQaGnc.exe
  C:\Windows\System\rjQaGnc.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\wRzxgge.exe
  C:\Windows\System\wRzxgge.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\pGNDTSM.exe
  C:\Windows\System\pGNDTSM.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\jKUMCJl.exe
  C:\Windows\System\jKUMCJl.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\KrYCPFr.exe
  C:\Windows\System\KrYCPFr.exe
  2⤵
  PID:1492
- C:\Windows\System\FSvRMPj.exe
  C:\Windows\System\FSvRMPj.exe
  2⤵
  PID:1712
- C:\Windows\System\geWVVPW.exe
  C:\Windows\System\geWVVPW.exe
  2⤵
  PID:4796
- C:\Windows\System\CKpVgRW.exe
  C:\Windows\System\CKpVgRW.exe
  2⤵
  PID:3384
- C:\Windows\System\zXqmqgs.exe
  C:\Windows\System\zXqmqgs.exe
  2⤵
  PID:3044
- C:\Windows\System\CVgRaYy.exe
  C:\Windows\System\CVgRaYy.exe
  2⤵
  PID:5060
- C:\Windows\System\QTPTSVb.exe
  C:\Windows\System\QTPTSVb.exe
  2⤵
  PID:4084
- C:\Windows\System\odInosH.exe
  C:\Windows\System\odInosH.exe
  2⤵
  PID:2856
- C:\Windows\System\tyjzAyD.exe
  C:\Windows\System\tyjzAyD.exe
  2⤵
  PID:4356
- C:\Windows\System\hIIIKUp.exe
  C:\Windows\System\hIIIKUp.exe
  2⤵
  PID:2220
- C:\Windows\System\qNlnRbb.exe
  C:\Windows\System\qNlnRbb.exe
  2⤵
  PID:4316
- C:\Windows\System\kwJSXdq.exe
  C:\Windows\System\kwJSXdq.exe
  2⤵
  PID:4136
- C:\Windows\System\gVcmhZP.exe
  C:\Windows\System\gVcmhZP.exe
  2⤵
  PID:3904
- C:\Windows\System\gGeNUJZ.exe
  C:\Windows\System\gGeNUJZ.exe
  2⤵
  PID:1020
- C:\Windows\System\rcwTyZN.exe
  C:\Windows\System\rcwTyZN.exe
  2⤵
  PID:1428
- C:\Windows\System\zUUfubX.exe
  C:\Windows\System\zUUfubX.exe
  2⤵
  PID:3712
- C:\Windows\System\pGnPHAr.exe
  C:\Windows\System\pGnPHAr.exe
  2⤵
  PID:2640
- C:\Windows\System\cAgIMBs.exe
  C:\Windows\System\cAgIMBs.exe
  2⤵
  PID:5000
- C:\Windows\System\aKJsklo.exe
  C:\Windows\System\aKJsklo.exe
  2⤵
  PID:4500
- C:\Windows\System\jEUQizK.exe
  C:\Windows\System\jEUQizK.exe
  2⤵
  PID:2880
- C:\Windows\System\UvioqTz.exe
  C:\Windows\System\UvioqTz.exe
  2⤵
  PID:32
- C:\Windows\System\RCTbkQV.exe
  C:\Windows\System\RCTbkQV.exe
  2⤵
  PID:4628
- C:\Windows\System\bTnPveV.exe
  C:\Windows\System\bTnPveV.exe
  2⤵
  PID:4452
- C:\Windows\System\JdyCfCx.exe
  C:\Windows\System\JdyCfCx.exe
  2⤵
  PID:2708
- C:\Windows\System\QiKrsnZ.exe
  C:\Windows\System\QiKrsnZ.exe
  2⤵
  PID:5144
- C:\Windows\System\corxhPC.exe
  C:\Windows\System\corxhPC.exe
  2⤵
  PID:5172
- C:\Windows\System\uPcmCDq.exe
  C:\Windows\System\uPcmCDq.exe
  2⤵
  PID:5196
- C:\Windows\System\MyYEWqi.exe
  C:\Windows\System\MyYEWqi.exe
  2⤵
  PID:5228
- C:\Windows\System\PztiQxD.exe
  C:\Windows\System\PztiQxD.exe
  2⤵
  PID:5256
- C:\Windows\System\plChioW.exe
  C:\Windows\System\plChioW.exe
  2⤵
  PID:5284
- C:\Windows\System\oMUCpmh.exe
  C:\Windows\System\oMUCpmh.exe
  2⤵
  PID:5312
- C:\Windows\System\rjqujwm.exe
  C:\Windows\System\rjqujwm.exe
  2⤵
  PID:5340
- C:\Windows\System\pqtSPlz.exe
  C:\Windows\System\pqtSPlz.exe
  2⤵
  PID:5368
- C:\Windows\System\kfGJczB.exe
  C:\Windows\System\kfGJczB.exe
  2⤵
  PID:5396
- C:\Windows\System\MlHQqwO.exe
  C:\Windows\System\MlHQqwO.exe
  2⤵
  PID:5424
- C:\Windows\System\HeNIPGV.exe
  C:\Windows\System\HeNIPGV.exe
  2⤵
  PID:5452
- C:\Windows\System\txxTluz.exe
  C:\Windows\System\txxTluz.exe
  2⤵
  PID:5480
- C:\Windows\System\kfhpTQM.exe
  C:\Windows\System\kfhpTQM.exe
  2⤵
  PID:5508
- C:\Windows\System\aFAOuAY.exe
  C:\Windows\System\aFAOuAY.exe
  2⤵
  PID:5532
- C:\Windows\System\goERFsD.exe
  C:\Windows\System\goERFsD.exe
  2⤵
  PID:5564
- C:\Windows\System\oXjpOVt.exe
  C:\Windows\System\oXjpOVt.exe
  2⤵
  PID:5592
- C:\Windows\System\VEZBwbm.exe
  C:\Windows\System\VEZBwbm.exe
  2⤵
  PID:5620
- C:\Windows\System\fsKmfHQ.exe
  C:\Windows\System\fsKmfHQ.exe
  2⤵
  PID:5648
- C:\Windows\System\ByOSzeh.exe
  C:\Windows\System\ByOSzeh.exe
  2⤵
  PID:5676
- C:\Windows\System\onslmhE.exe
  C:\Windows\System\onslmhE.exe
  2⤵
  PID:5748
- C:\Windows\System\iZgrAsr.exe
  C:\Windows\System\iZgrAsr.exe
  2⤵
  PID:5788
- C:\Windows\System\vqiVCcL.exe
  C:\Windows\System\vqiVCcL.exe
  2⤵
  PID:5808
- C:\Windows\System\aApWhAt.exe
  C:\Windows\System\aApWhAt.exe
  2⤵
  PID:5832
- C:\Windows\System\QFtiXrS.exe
  C:\Windows\System\QFtiXrS.exe
  2⤵
  PID:5856
- C:\Windows\System\XYTolIY.exe
  C:\Windows\System\XYTolIY.exe
  2⤵
  PID:5908
- C:\Windows\System\HwawbMg.exe
  C:\Windows\System\HwawbMg.exe
  2⤵
  PID:5944
- C:\Windows\System\VpOzdHW.exe
  C:\Windows\System\VpOzdHW.exe
  2⤵
  PID:5968
- C:\Windows\System\IgDIQui.exe
  C:\Windows\System\IgDIQui.exe
  2⤵
  PID:5992
- C:\Windows\System\PDHCtLc.exe
  C:\Windows\System\PDHCtLc.exe
  2⤵
  PID:6016
- C:\Windows\System\ICoolEh.exe
  C:\Windows\System\ICoolEh.exe
  2⤵
  PID:6060
- C:\Windows\System\iyOEZkf.exe
  C:\Windows\System\iyOEZkf.exe
  2⤵
  PID:6080
- C:\Windows\System\nhAODDD.exe
  C:\Windows\System\nhAODDD.exe
  2⤵
  PID:6120
- C:\Windows\System\qWAIwGW.exe
  C:\Windows\System\qWAIwGW.exe
  2⤵
  PID:4704
- C:\Windows\System\ArJPlXb.exe
  C:\Windows\System\ArJPlXb.exe
  2⤵
  PID:4408
- C:\Windows\System\BiDcnnW.exe
  C:\Windows\System\BiDcnnW.exe
  2⤵
  PID:2292
- C:\Windows\System\rTNpyDL.exe
  C:\Windows\System\rTNpyDL.exe
  2⤵
  PID:1452
- C:\Windows\System\SogNwvT.exe
  C:\Windows\System\SogNwvT.exe
  2⤵
  PID:5240
- C:\Windows\System\IWcPtZD.exe
  C:\Windows\System\IWcPtZD.exe
  2⤵
  PID:5272
- C:\Windows\System\DRtYoeU.exe
  C:\Windows\System\DRtYoeU.exe
  2⤵
  PID:5324
- C:\Windows\System\leSMRvD.exe
  C:\Windows\System\leSMRvD.exe
  2⤵
  PID:5380
- C:\Windows\System\NXaenAo.exe
  C:\Windows\System\NXaenAo.exe
  2⤵
  PID:5412
- C:\Windows\System\tCcQhNT.exe
  C:\Windows\System\tCcQhNT.exe
  2⤵
  PID:5468
- C:\Windows\System\GyRVfsC.exe
  C:\Windows\System\GyRVfsC.exe
  2⤵
  PID:2808
- C:\Windows\System\cxdDeXT.exe
  C:\Windows\System\cxdDeXT.exe
  2⤵
  PID:5580
- C:\Windows\System\aATbpbv.exe
  C:\Windows\System\aATbpbv.exe
  2⤵
  PID:5608
- C:\Windows\System\pbgJXba.exe
  C:\Windows\System\pbgJXba.exe
  2⤵
  PID:3056
- C:\Windows\System\gbHJKnK.exe
  C:\Windows\System\gbHJKnK.exe
  2⤵
  PID:5640
- C:\Windows\System\NJlviHJ.exe
  C:\Windows\System\NJlviHJ.exe
  2⤵
  PID:904
- C:\Windows\System\YEEDhMx.exe
  C:\Windows\System\YEEDhMx.exe
  2⤵
  PID:3912
- C:\Windows\System\FwKoaTa.exe
  C:\Windows\System\FwKoaTa.exe
  2⤵
  PID:2716
- C:\Windows\System\eIGTnfF.exe
  C:\Windows\System\eIGTnfF.exe
  2⤵
  PID:1124
- C:\Windows\System\ielMaZH.exe
  C:\Windows\System\ielMaZH.exe
  2⤵
  PID:5736
- C:\Windows\System\fAUbKej.exe
  C:\Windows\System\fAUbKej.exe
  2⤵
  PID:5776
- C:\Windows\System\qOXkddY.exe
  C:\Windows\System\qOXkddY.exe
  2⤵
  PID:1668
- C:\Windows\System\LzhuQja.exe
  C:\Windows\System\LzhuQja.exe
  2⤵
  PID:2320
- C:\Windows\System\bdipECN.exe
  C:\Windows\System\bdipECN.exe
  2⤵
  PID:5800
- C:\Windows\System\CYRiTBP.exe
  C:\Windows\System\CYRiTBP.exe
  2⤵
  PID:5848
- C:\Windows\System\cXCHhWy.exe
  C:\Windows\System\cXCHhWy.exe
  2⤵
  PID:6004
- C:\Windows\System\bLMlRgl.exe
  C:\Windows\System\bLMlRgl.exe
  2⤵
  PID:6072
- C:\Windows\System\eAGlxrT.exe
  C:\Windows\System\eAGlxrT.exe
  2⤵
  PID:2416
- C:\Windows\System\rKIlSmh.exe
  C:\Windows\System\rKIlSmh.exe
  2⤵
  PID:5016
- C:\Windows\System\cCvNHxb.exe
  C:\Windows\System\cCvNHxb.exe
  2⤵
  PID:4428
- C:\Windows\System\JenatHX.exe
  C:\Windows\System\JenatHX.exe
  2⤵
  PID:5352
- C:\Windows\System\jnGXeRC.exe
  C:\Windows\System\jnGXeRC.exe
  2⤵
  PID:3596
- C:\Windows\System\wdSDpiu.exe
  C:\Windows\System\wdSDpiu.exe
  2⤵
  PID:5576
- C:\Windows\System\xzcaEtd.exe
  C:\Windows\System\xzcaEtd.exe
  2⤵
  PID:3728
- C:\Windows\System\APUECcU.exe
  C:\Windows\System\APUECcU.exe
  2⤵
  PID:5664
- C:\Windows\System\jvcxtTq.exe
  C:\Windows\System\jvcxtTq.exe
  2⤵
  PID:708
- C:\Windows\System\DReLgKX.exe
  C:\Windows\System\DReLgKX.exe
  2⤵
  PID:3364
- C:\Windows\System\psVOLlK.exe
  C:\Windows\System\psVOLlK.exe
  2⤵
  PID:1080
- C:\Windows\System\tgsJIMm.exe
  C:\Windows\System\tgsJIMm.exe
  2⤵
  PID:2176
- C:\Windows\System\vxElxsd.exe
  C:\Windows\System\vxElxsd.exe
  2⤵
  PID:3868
- C:\Windows\System\HVvPoec.exe
  C:\Windows\System\HVvPoec.exe
  2⤵
  PID:2272
- C:\Windows\System\xWzpizH.exe
  C:\Windows\System\xWzpizH.exe
  2⤵
  PID:5304
- C:\Windows\System\ieWbBRf.exe
  C:\Windows\System\ieWbBRf.exe
  2⤵
  PID:2252
- C:\Windows\System\njkiFsP.exe
  C:\Windows\System\njkiFsP.exe
  2⤵
  PID:1240
- C:\Windows\System\CiyMFnE.exe
  C:\Windows\System\CiyMFnE.exe
  2⤵
  PID:6068
- C:\Windows\System\wQcqxtM.exe
  C:\Windows\System\wQcqxtM.exe
  2⤵
  PID:5092
- C:\Windows\System\UWZwsNN.exe
  C:\Windows\System\UWZwsNN.exe
  2⤵
  PID:4952
- C:\Windows\System\UsEjiVA.exe
  C:\Windows\System\UsEjiVA.exe
  2⤵
  PID:5520
- C:\Windows\System\avBruvk.exe
  C:\Windows\System\avBruvk.exe
  2⤵
  PID:6048
- C:\Windows\System\kqDuTWh.exe
  C:\Windows\System\kqDuTWh.exe
  2⤵
  PID:6172
- C:\Windows\System\bUCIZKV.exe
  C:\Windows\System\bUCIZKV.exe
  2⤵
  PID:6196
- C:\Windows\System\VEjcRCn.exe
  C:\Windows\System\VEjcRCn.exe
  2⤵
  PID:6212
- C:\Windows\System\ulBLYAV.exe
  C:\Windows\System\ulBLYAV.exe
  2⤵
  PID:6248
- C:\Windows\System\BoOrZxM.exe
  C:\Windows\System\BoOrZxM.exe
  2⤵
  PID:6272
- C:\Windows\System\UROXbbB.exe
  C:\Windows\System\UROXbbB.exe
  2⤵
  PID:6288
- C:\Windows\System\tYqowNz.exe
  C:\Windows\System\tYqowNz.exe
  2⤵
  PID:6308
- C:\Windows\System\aBenhxi.exe
  C:\Windows\System\aBenhxi.exe
  2⤵
  PID:6324
- C:\Windows\System\FuqNobV.exe
  C:\Windows\System\FuqNobV.exe
  2⤵
  PID:6344
- C:\Windows\System\EzfjRNQ.exe
  C:\Windows\System\EzfjRNQ.exe
  2⤵
  PID:6364
- C:\Windows\System\kkfgehU.exe
  C:\Windows\System\kkfgehU.exe
  2⤵
  PID:6388
- C:\Windows\System\ULdjzNx.exe
  C:\Windows\System\ULdjzNx.exe
  2⤵
  PID:6416
- C:\Windows\System\iazkMRn.exe
  C:\Windows\System\iazkMRn.exe
  2⤵
  PID:6440
- C:\Windows\System\VcVpAfY.exe
  C:\Windows\System\VcVpAfY.exe
  2⤵
  PID:6456
- C:\Windows\System\KcwcHAp.exe
  C:\Windows\System\KcwcHAp.exe
  2⤵
  PID:6476
- C:\Windows\System\jdkNHNz.exe
  C:\Windows\System\jdkNHNz.exe
  2⤵
  PID:6500
- C:\Windows\System\BppGGtb.exe
  C:\Windows\System\BppGGtb.exe
  2⤵
  PID:6528
- C:\Windows\System\GGGfFAh.exe
  C:\Windows\System\GGGfFAh.exe
  2⤵
  PID:6548
- C:\Windows\System\vrHFQmw.exe
  C:\Windows\System\vrHFQmw.exe
  2⤵
  PID:6568
- C:\Windows\System\JtAKIfA.exe
  C:\Windows\System\JtAKIfA.exe
  2⤵
  PID:6652
- C:\Windows\System\Uluvyga.exe
  C:\Windows\System\Uluvyga.exe
  2⤵
  PID:6676
- C:\Windows\System\vNfiEaN.exe
  C:\Windows\System\vNfiEaN.exe
  2⤵
  PID:6700
- C:\Windows\System\ecnfXKs.exe
  C:\Windows\System\ecnfXKs.exe
  2⤵
  PID:6720
- C:\Windows\System\wVhgAVy.exe
  C:\Windows\System\wVhgAVy.exe
  2⤵
  PID:6788
- C:\Windows\System\GQCyGOY.exe
  C:\Windows\System\GQCyGOY.exe
  2⤵
  PID:6808
- C:\Windows\System\jyAYBZi.exe
  C:\Windows\System\jyAYBZi.exe
  2⤵
  PID:6840
- C:\Windows\System\YJEBQYl.exe
  C:\Windows\System\YJEBQYl.exe
  2⤵
  PID:6896
- C:\Windows\System\YHFefCx.exe
  C:\Windows\System\YHFefCx.exe
  2⤵
  PID:6920
- C:\Windows\System\sPDHLzG.exe
  C:\Windows\System\sPDHLzG.exe
  2⤵
  PID:6948
- C:\Windows\System\suXSDyU.exe
  C:\Windows\System\suXSDyU.exe
  2⤵
  PID:6972
- C:\Windows\System\FXZrAKQ.exe
  C:\Windows\System\FXZrAKQ.exe
  2⤵
  PID:7000
- C:\Windows\System\weodLMY.exe
  C:\Windows\System\weodLMY.exe
  2⤵
  PID:7020
- C:\Windows\System\sVMstGE.exe
  C:\Windows\System\sVMstGE.exe
  2⤵
  PID:7080
- C:\Windows\System\kfSPrjV.exe
  C:\Windows\System\kfSPrjV.exe
  2⤵
  PID:7096
- C:\Windows\System\vgHEWsd.exe
  C:\Windows\System\vgHEWsd.exe
  2⤵
  PID:7132
- C:\Windows\System\UqMOgNu.exe
  C:\Windows\System\UqMOgNu.exe
  2⤵
  PID:5976
- C:\Windows\System\HAkBMes.exe
  C:\Windows\System\HAkBMes.exe
  2⤵
  PID:6188
- C:\Windows\System\vjiaERD.exe
  C:\Windows\System\vjiaERD.exe
  2⤵
  PID:6296
- C:\Windows\System\OMYPFkg.exe
  C:\Windows\System\OMYPFkg.exe
  2⤵
  PID:6320
- C:\Windows\System\MWOnvQY.exe
  C:\Windows\System\MWOnvQY.exe
  2⤵
  PID:6544
- C:\Windows\System\uuhNEjj.exe
  C:\Windows\System\uuhNEjj.exe
  2⤵
  PID:6584
- C:\Windows\System\AGmCUVi.exe
  C:\Windows\System\AGmCUVi.exe
  2⤵
  PID:6376
- C:\Windows\System\suLAiZX.exe
  C:\Windows\System\suLAiZX.exe
  2⤵
  PID:6464
- C:\Windows\System\oRoCQZV.exe
  C:\Windows\System\oRoCQZV.exe
  2⤵
  PID:6644
- C:\Windows\System\KbxvLpG.exe
  C:\Windows\System\KbxvLpG.exe
  2⤵
  PID:6664
- C:\Windows\System\EJhgFoL.exe
  C:\Windows\System\EJhgFoL.exe
  2⤵
  PID:6712
- C:\Windows\System\zThDMYE.exe
  C:\Windows\System\zThDMYE.exe
  2⤵
  PID:6816
- C:\Windows\System\jGyzvsx.exe
  C:\Windows\System\jGyzvsx.exe
  2⤵
  PID:6876
- C:\Windows\System\gPsgXjf.exe
  C:\Windows\System\gPsgXjf.exe
  2⤵
  PID:7040
- C:\Windows\System\GUWNyMD.exe
  C:\Windows\System\GUWNyMD.exe
  2⤵
  PID:7104
- C:\Windows\System\zAgzrzq.exe
  C:\Windows\System\zAgzrzq.exe
  2⤵
  PID:7092
- C:\Windows\System\vJRqFpp.exe
  C:\Windows\System\vJRqFpp.exe
  2⤵
  PID:4680
- C:\Windows\System\FWTSkGI.exe
  C:\Windows\System\FWTSkGI.exe
  2⤵
  PID:6384
- C:\Windows\System\LOmimst.exe
  C:\Windows\System\LOmimst.exe
  2⤵
  PID:5724
- C:\Windows\System\jiuETLw.exe
  C:\Windows\System\jiuETLw.exe
  2⤵
  PID:6624
- C:\Windows\System\CvcbKBO.exe
  C:\Windows\System\CvcbKBO.exe
  2⤵
  PID:6472
- C:\Windows\System\OUPgsZe.exe
  C:\Windows\System\OUPgsZe.exe
  2⤵
  PID:6820
- C:\Windows\System\amuzrua.exe
  C:\Windows\System\amuzrua.exe
  2⤵
  PID:7056
- C:\Windows\System\SNkQmBy.exe
  C:\Windows\System\SNkQmBy.exe
  2⤵
  PID:6284
- C:\Windows\System\bgRKoMg.exe
  C:\Windows\System\bgRKoMg.exe
  2⤵
  PID:6576
- C:\Windows\System\QROaPfM.exe
  C:\Windows\System\QROaPfM.exe
  2⤵
  PID:5704
- C:\Windows\System\oafaNCG.exe
  C:\Windows\System\oafaNCG.exe
  2⤵
  PID:7032
- C:\Windows\System\JnHxBWe.exe
  C:\Windows\System\JnHxBWe.exe
  2⤵
  PID:3508
- C:\Windows\System\gUmQyyI.exe
  C:\Windows\System\gUmQyyI.exe
  2⤵
  PID:6832
- C:\Windows\System\ZhZhVpw.exe
  C:\Windows\System\ZhZhVpw.exe
  2⤵
  PID:7180
- C:\Windows\System\qRFHXgZ.exe
  C:\Windows\System\qRFHXgZ.exe
  2⤵
  PID:7204
- C:\Windows\System\uSHQpyR.exe
  C:\Windows\System\uSHQpyR.exe
  2⤵
  PID:7248
- C:\Windows\System\fcBEXBo.exe
  C:\Windows\System\fcBEXBo.exe
  2⤵
  PID:7272
- C:\Windows\System\RuUsLSy.exe
  C:\Windows\System\RuUsLSy.exe
  2⤵
  PID:7288
- C:\Windows\System\tMvjqqD.exe
  C:\Windows\System\tMvjqqD.exe
  2⤵
  PID:7344
- C:\Windows\System\niqqdgc.exe
  C:\Windows\System\niqqdgc.exe
  2⤵
  PID:7364
- C:\Windows\System\rnhBOtH.exe
  C:\Windows\System\rnhBOtH.exe
  2⤵
  PID:7396
- C:\Windows\System\zyzrcBd.exe
  C:\Windows\System\zyzrcBd.exe
  2⤵
  PID:7416
- C:\Windows\System\gRDoQHX.exe
  C:\Windows\System\gRDoQHX.exe
  2⤵
  PID:7452
- C:\Windows\System\wQQKtTM.exe
  C:\Windows\System\wQQKtTM.exe
  2⤵
  PID:7480
- C:\Windows\System\DONJoVb.exe
  C:\Windows\System\DONJoVb.exe
  2⤵
  PID:7508
- C:\Windows\System\txAlSbz.exe
  C:\Windows\System\txAlSbz.exe
  2⤵
  PID:7528
- C:\Windows\System\YnRUsNg.exe
  C:\Windows\System\YnRUsNg.exe
  2⤵
  PID:7556
- C:\Windows\System\TVGLiFn.exe
  C:\Windows\System\TVGLiFn.exe
  2⤵
  PID:7580
- C:\Windows\System\khQsYrz.exe
  C:\Windows\System\khQsYrz.exe
  2⤵
  PID:7596
- C:\Windows\System\VcCPELW.exe
  C:\Windows\System\VcCPELW.exe
  2⤵
  PID:7620
- C:\Windows\System\ZQMVzvc.exe
  C:\Windows\System\ZQMVzvc.exe
  2⤵
  PID:7652
- C:\Windows\System\zpdffgs.exe
  C:\Windows\System\zpdffgs.exe
  2⤵
  PID:7676
- C:\Windows\System\yriDzsu.exe
  C:\Windows\System\yriDzsu.exe
  2⤵
  PID:7704
- C:\Windows\System\GbCkkhu.exe
  C:\Windows\System\GbCkkhu.exe
  2⤵
  PID:7720
- C:\Windows\System\byBWuBF.exe
  C:\Windows\System\byBWuBF.exe
  2⤵
  PID:7748
- C:\Windows\System\pBauRPJ.exe
  C:\Windows\System\pBauRPJ.exe
  2⤵
  PID:7796
- C:\Windows\System\aEkRSZg.exe
  C:\Windows\System\aEkRSZg.exe
  2⤵
  PID:7840
- C:\Windows\System\HmhyxOD.exe
  C:\Windows\System\HmhyxOD.exe
  2⤵
  PID:7860
- C:\Windows\System\KdpIXeX.exe
  C:\Windows\System\KdpIXeX.exe
  2⤵
  PID:7884
- C:\Windows\System\seUmwFl.exe
  C:\Windows\System\seUmwFl.exe
  2⤵
  PID:7932
- C:\Windows\System\bFJYaLw.exe
  C:\Windows\System\bFJYaLw.exe
  2⤵
  PID:7960
- C:\Windows\System\tSNVTgW.exe
  C:\Windows\System\tSNVTgW.exe
  2⤵
  PID:7980
- C:\Windows\System\sejAUwI.exe
  C:\Windows\System\sejAUwI.exe
  2⤵
  PID:8004
- C:\Windows\System\AoDfitb.exe
  C:\Windows\System\AoDfitb.exe
  2⤵
  PID:8048
- C:\Windows\System\HlOgqee.exe
  C:\Windows\System\HlOgqee.exe
  2⤵
  PID:8072
- C:\Windows\System\GiyaCIt.exe
  C:\Windows\System\GiyaCIt.exe
  2⤵
  PID:8096
- C:\Windows\System\luIQPzV.exe
  C:\Windows\System\luIQPzV.exe
  2⤵
  PID:8116
- C:\Windows\System\nSpuXGa.exe
  C:\Windows\System\nSpuXGa.exe
  2⤵
  PID:8144
- C:\Windows\System\KvTFmEd.exe
  C:\Windows\System\KvTFmEd.exe
  2⤵
  PID:8184
- C:\Windows\System\qhbzWsQ.exe
  C:\Windows\System\qhbzWsQ.exe
  2⤵
  PID:6880
- C:\Windows\System\mwDNufn.exe
  C:\Windows\System\mwDNufn.exe
  2⤵
  PID:7124
- C:\Windows\System\bapZVgb.exe
  C:\Windows\System\bapZVgb.exe
  2⤵
  PID:7264
- C:\Windows\System\aQLhZtB.exe
  C:\Windows\System\aQLhZtB.exe
  2⤵
  PID:7300
- C:\Windows\System\EeUEceH.exe
  C:\Windows\System\EeUEceH.exe
  2⤵
  PID:7428
- C:\Windows\System\QPDjfIb.exe
  C:\Windows\System\QPDjfIb.exe
  2⤵
  PID:7476
- C:\Windows\System\yBIOMih.exe
  C:\Windows\System\yBIOMih.exe
  2⤵
  PID:7524
- C:\Windows\System\lEGXRFZ.exe
  C:\Windows\System\lEGXRFZ.exe
  2⤵
  PID:7548
- C:\Windows\System\aQFpbGZ.exe
  C:\Windows\System\aQFpbGZ.exe
  2⤵
  PID:7660
- C:\Windows\System\qALEmXu.exe
  C:\Windows\System\qALEmXu.exe
  2⤵
  PID:7760
- C:\Windows\System\ZOWjqoq.exe
  C:\Windows\System\ZOWjqoq.exe
  2⤵
  PID:7812
- C:\Windows\System\OpSteSG.exe
  C:\Windows\System\OpSteSG.exe
  2⤵
  PID:7852
- C:\Windows\System\WhaYBQv.exe
  C:\Windows\System\WhaYBQv.exe
  2⤵
  PID:7968
- C:\Windows\System\uRbNadr.exe
  C:\Windows\System\uRbNadr.exe
  2⤵
  PID:8012
- C:\Windows\System\HiEWEHS.exe
  C:\Windows\System\HiEWEHS.exe
  2⤵
  PID:8080
- C:\Windows\System\ZjTUCwY.exe
  C:\Windows\System\ZjTUCwY.exe
  2⤵
  PID:8112
- C:\Windows\System\iolLVvi.exe
  C:\Windows\System\iolLVvi.exe
  2⤵
  PID:6684
- C:\Windows\System\sydxTuu.exe
  C:\Windows\System\sydxTuu.exe
  2⤵
  PID:7256
- C:\Windows\System\EDSrckU.exe
  C:\Windows\System\EDSrckU.exe
  2⤵
  PID:7356
- C:\Windows\System\lzGtNyH.exe
  C:\Windows\System\lzGtNyH.exe
  2⤵
  PID:7444
- C:\Windows\System\efMVsTo.exe
  C:\Windows\System\efMVsTo.exe
  2⤵
  PID:7564
- C:\Windows\System\PItrtIN.exe
  C:\Windows\System\PItrtIN.exe
  2⤵
  PID:7716
- C:\Windows\System\nokEsJc.exe
  C:\Windows\System\nokEsJc.exe
  2⤵
  PID:8104
- C:\Windows\System\htXgWtp.exe
  C:\Windows\System\htXgWtp.exe
  2⤵
  PID:4640
- C:\Windows\System\lRwSFOc.exe
  C:\Windows\System\lRwSFOc.exe
  2⤵
  PID:5700
- C:\Windows\System\zHWlgNJ.exe
  C:\Windows\System\zHWlgNJ.exe
  2⤵
  PID:7568
- C:\Windows\System\BKdAdQq.exe
  C:\Windows\System\BKdAdQq.exe
  2⤵
  PID:7408
- C:\Windows\System\ElciUkb.exe
  C:\Windows\System\ElciUkb.exe
  2⤵
  PID:7540
- C:\Windows\System\llTWZuS.exe
  C:\Windows\System\llTWZuS.exe
  2⤵
  PID:8200
- C:\Windows\System\HNvagXZ.exe
  C:\Windows\System\HNvagXZ.exe
  2⤵
  PID:8220
- C:\Windows\System\mFwXrWZ.exe
  C:\Windows\System\mFwXrWZ.exe
  2⤵
  PID:8252
- C:\Windows\System\KqTBjTU.exe
  C:\Windows\System\KqTBjTU.exe
  2⤵
  PID:8292
- C:\Windows\System\eGhtldt.exe
  C:\Windows\System\eGhtldt.exe
  2⤵
  PID:8312
- C:\Windows\System\uEZsiXI.exe
  C:\Windows\System\uEZsiXI.exe
  2⤵
  PID:8336
- C:\Windows\System\qckgtUG.exe
  C:\Windows\System\qckgtUG.exe
  2⤵
  PID:8356
- C:\Windows\System\JeBgpZu.exe
  C:\Windows\System\JeBgpZu.exe
  2⤵
  PID:8372
- C:\Windows\System\oqYfNeM.exe
  C:\Windows\System\oqYfNeM.exe
  2⤵
  PID:8396
- C:\Windows\System\vHhxXOa.exe
  C:\Windows\System\vHhxXOa.exe
  2⤵
  PID:8448
- C:\Windows\System\HytLGMv.exe
  C:\Windows\System\HytLGMv.exe
  2⤵
  PID:8464
- C:\Windows\System\jwZKtSO.exe
  C:\Windows\System\jwZKtSO.exe
  2⤵
  PID:8488
- C:\Windows\System\arslrXK.exe
  C:\Windows\System\arslrXK.exe
  2⤵
  PID:8512
- C:\Windows\System\vkiZeCW.exe
  C:\Windows\System\vkiZeCW.exe
  2⤵
  PID:8600
- C:\Windows\System\OevZKMV.exe
  C:\Windows\System\OevZKMV.exe
  2⤵
  PID:8644
- C:\Windows\System\tPZJOoa.exe
  C:\Windows\System\tPZJOoa.exe
  2⤵
  PID:8676
- C:\Windows\System\VJIHMvv.exe
  C:\Windows\System\VJIHMvv.exe
  2⤵
  PID:8700
- C:\Windows\System\SaQMUeL.exe
  C:\Windows\System\SaQMUeL.exe
  2⤵
  PID:8716
- C:\Windows\System\qrTwEZb.exe
  C:\Windows\System\qrTwEZb.exe
  2⤵
  PID:8760
- C:\Windows\System\sDTPWGJ.exe
  C:\Windows\System\sDTPWGJ.exe
  2⤵
  PID:8792
- C:\Windows\System\GtQgtbv.exe
  C:\Windows\System\GtQgtbv.exe
  2⤵
  PID:8820
- C:\Windows\System\WwIodrc.exe
  C:\Windows\System\WwIodrc.exe
  2⤵
  PID:8840
- C:\Windows\System\VtgNWAD.exe
  C:\Windows\System\VtgNWAD.exe
  2⤵
  PID:8860
- C:\Windows\System\ZxEdygk.exe
  C:\Windows\System\ZxEdygk.exe
  2⤵
  PID:8884
- C:\Windows\System\nGBgpdM.exe
  C:\Windows\System\nGBgpdM.exe
  2⤵
  PID:8932
- C:\Windows\System\WjRwxNB.exe
  C:\Windows\System\WjRwxNB.exe
  2⤵
  PID:8956
- C:\Windows\System\Lkgxipg.exe
  C:\Windows\System\Lkgxipg.exe
  2⤵
  PID:8984
- C:\Windows\System\ISoDjaH.exe
  C:\Windows\System\ISoDjaH.exe
  2⤵
  PID:9008
- C:\Windows\System\LHWczOH.exe
  C:\Windows\System\LHWczOH.exe
  2⤵
  PID:9032
- C:\Windows\System\zcMxotj.exe
  C:\Windows\System\zcMxotj.exe
  2⤵
  PID:9052
- C:\Windows\System\URhrHyb.exe
  C:\Windows\System\URhrHyb.exe
  2⤵
  PID:9096
- C:\Windows\System\RUsGOUi.exe
  C:\Windows\System\RUsGOUi.exe
  2⤵
  PID:9116
- C:\Windows\System\UplOxxs.exe
  C:\Windows\System\UplOxxs.exe
  2⤵
  PID:9140
- C:\Windows\System\XXtcXwe.exe
  C:\Windows\System\XXtcXwe.exe
  2⤵
  PID:9168
- C:\Windows\System\vmwqhnN.exe
  C:\Windows\System\vmwqhnN.exe
  2⤵
  PID:9188
- C:\Windows\System\WXYnPph.exe
  C:\Windows\System\WXYnPph.exe
  2⤵
  PID:7392
- C:\Windows\System\SNuUgPl.exe
  C:\Windows\System\SNuUgPl.exe
  2⤵
  PID:8212
- C:\Windows\System\BPlteoN.exe
  C:\Windows\System\BPlteoN.exe
  2⤵
  PID:8332
- C:\Windows\System\hPBzZFX.exe
  C:\Windows\System\hPBzZFX.exe
  2⤵
  PID:8268
- C:\Windows\System\rAymZmH.exe
  C:\Windows\System\rAymZmH.exe
  2⤵
  PID:8424
- C:\Windows\System\lPQJuBN.exe
  C:\Windows\System\lPQJuBN.exe
  2⤵
  PID:8444
- C:\Windows\System\FcqQagh.exe
  C:\Windows\System\FcqQagh.exe
  2⤵
  PID:8524
- C:\Windows\System\oSVZgLR.exe
  C:\Windows\System\oSVZgLR.exe
  2⤵
  PID:8628
- C:\Windows\System\ItKNBff.exe
  C:\Windows\System\ItKNBff.exe
  2⤵
  PID:8736
- C:\Windows\System\IrhcPEJ.exe
  C:\Windows\System\IrhcPEJ.exe
  2⤵
  PID:8800
- C:\Windows\System\RtauVuH.exe
  C:\Windows\System\RtauVuH.exe
  2⤵
  PID:8876
- C:\Windows\System\QoycLJF.exe
  C:\Windows\System\QoycLJF.exe
  2⤵
  PID:8924
- C:\Windows\System\wurlTiu.exe
  C:\Windows\System\wurlTiu.exe
  2⤵
  PID:8992
- C:\Windows\System\kYwvjYS.exe
  C:\Windows\System\kYwvjYS.exe
  2⤵
  PID:9048
- C:\Windows\System\AAnKRWb.exe
  C:\Windows\System\AAnKRWb.exe
  2⤵
  PID:9084
- C:\Windows\System\atpUtuU.exe
  C:\Windows\System\atpUtuU.exe
  2⤵
  PID:9148
- C:\Windows\System\YJrHLRD.exe
  C:\Windows\System\YJrHLRD.exe
  2⤵
  PID:9184
- C:\Windows\System\sxlfuOh.exe
  C:\Windows\System\sxlfuOh.exe
  2⤵
  PID:9204
- C:\Windows\System\FfEmlwy.exe
  C:\Windows\System\FfEmlwy.exe
  2⤵
  PID:8272
- C:\Windows\System\DDeylOE.exe
  C:\Windows\System\DDeylOE.exe
  2⤵
  PID:8460
- C:\Windows\System\fgQRyTv.exe
  C:\Windows\System\fgQRyTv.exe
  2⤵
  PID:8724
- C:\Windows\System\KnKEJPt.exe
  C:\Windows\System\KnKEJPt.exe
  2⤵
  PID:8900
- C:\Windows\System\vBSbzwR.exe
  C:\Windows\System\vBSbzwR.exe
  2⤵
  PID:8980
- C:\Windows\System\pxRultg.exe
  C:\Windows\System\pxRultg.exe
  2⤵
  PID:9112
- C:\Windows\System\hGDHXYu.exe
  C:\Windows\System\hGDHXYu.exe
  2⤵
  PID:9180
- C:\Windows\System\Uhceyra.exe
  C:\Windows\System\Uhceyra.exe
  2⤵
  PID:8596
- C:\Windows\System\nFZXsPw.exe
  C:\Windows\System\nFZXsPw.exe
  2⤵
  PID:8868
- C:\Windows\System\NgSGgoW.exe
  C:\Windows\System\NgSGgoW.exe
  2⤵
  PID:9244
- C:\Windows\System\lDSzIqA.exe
  C:\Windows\System\lDSzIqA.exe
  2⤵
  PID:9264
- C:\Windows\System\FOytWzK.exe
  C:\Windows\System\FOytWzK.exe
  2⤵
  PID:9288
- C:\Windows\System\OoDECbz.exe
  C:\Windows\System\OoDECbz.exe
  2⤵
  PID:9316
- C:\Windows\System\yaFACYQ.exe
  C:\Windows\System\yaFACYQ.exe
  2⤵
  PID:9344
- C:\Windows\System\ncQBxyg.exe
  C:\Windows\System\ncQBxyg.exe
  2⤵
  PID:9360
- C:\Windows\System\FipLWJA.exe
  C:\Windows\System\FipLWJA.exe
  2⤵
  PID:9384
- C:\Windows\System\rVYoFAk.exe
  C:\Windows\System\rVYoFAk.exe
  2⤵
  PID:9416
- C:\Windows\System\gEoOVCI.exe
  C:\Windows\System\gEoOVCI.exe
  2⤵
  PID:9440
- C:\Windows\System\GGiWFXo.exe
  C:\Windows\System\GGiWFXo.exe
  2⤵
  PID:9464
- C:\Windows\System\lAGWonW.exe
  C:\Windows\System\lAGWonW.exe
  2⤵
  PID:9512
- C:\Windows\System\OTmaJXr.exe
  C:\Windows\System\OTmaJXr.exe
  2⤵
  PID:9540
- C:\Windows\System\PZbFNIh.exe
  C:\Windows\System\PZbFNIh.exe
  2⤵
  PID:9560
- C:\Windows\System\pBjIBUm.exe
  C:\Windows\System\pBjIBUm.exe
  2⤵
  PID:9580
- C:\Windows\System\MMfZdQP.exe
  C:\Windows\System\MMfZdQP.exe
  2⤵
  PID:9608
- C:\Windows\System\pZEACmT.exe
  C:\Windows\System\pZEACmT.exe
  2⤵
  PID:9636
- C:\Windows\System\ypmsZvt.exe
  C:\Windows\System\ypmsZvt.exe
  2⤵
  PID:9660
- C:\Windows\System\xuOYycH.exe
  C:\Windows\System\xuOYycH.exe
  2⤵
  PID:9680
- C:\Windows\System\lyutaOj.exe
  C:\Windows\System\lyutaOj.exe
  2⤵
  PID:9704
- C:\Windows\System\sPfTVSE.exe
  C:\Windows\System\sPfTVSE.exe
  2⤵
  PID:9728
- C:\Windows\System\FrrCHBJ.exe
  C:\Windows\System\FrrCHBJ.exe
  2⤵
  PID:9756
- C:\Windows\System\cajAJRU.exe
  C:\Windows\System\cajAJRU.exe
  2⤵
  PID:9780
- C:\Windows\System\jJSxZuA.exe
  C:\Windows\System\jJSxZuA.exe
  2⤵
  PID:9804
- C:\Windows\System\tzMAylW.exe
  C:\Windows\System\tzMAylW.exe
  2⤵
  PID:9824
- C:\Windows\System\SwcBmLy.exe
  C:\Windows\System\SwcBmLy.exe
  2⤵
  PID:9868
- C:\Windows\System\DeBeEfn.exe
  C:\Windows\System\DeBeEfn.exe
  2⤵
  PID:9900
- C:\Windows\System\XPtQnrE.exe
  C:\Windows\System\XPtQnrE.exe
  2⤵
  PID:9924
- C:\Windows\System\hcUsalr.exe
  C:\Windows\System\hcUsalr.exe
  2⤵
  PID:9980
- C:\Windows\System\frVmtYt.exe
  C:\Windows\System\frVmtYt.exe
  2⤵
  PID:10016
- C:\Windows\System\ryyFxZW.exe
  C:\Windows\System\ryyFxZW.exe
  2⤵
  PID:10044
- C:\Windows\System\zBJOOVs.exe
  C:\Windows\System\zBJOOVs.exe
  2⤵
  PID:10064
- C:\Windows\System\GbZERFQ.exe
  C:\Windows\System\GbZERFQ.exe
  2⤵
  PID:10088
- C:\Windows\System\NEtMkUX.exe
  C:\Windows\System\NEtMkUX.exe
  2⤵
  PID:10120
- C:\Windows\System\TZuqwpx.exe
  C:\Windows\System\TZuqwpx.exe
  2⤵
  PID:10144
- C:\Windows\System\mcIAdRS.exe
  C:\Windows\System\mcIAdRS.exe
  2⤵
  PID:10172
- C:\Windows\System\yoVtxfM.exe
  C:\Windows\System\yoVtxfM.exe
  2⤵
  PID:10200
- C:\Windows\System\TnzIVXz.exe
  C:\Windows\System\TnzIVXz.exe
  2⤵
  PID:10224
- C:\Windows\System\XCZyviF.exe
  C:\Windows\System\XCZyviF.exe
  2⤵
  PID:8484
- C:\Windows\System\PMGaFra.exe
  C:\Windows\System\PMGaFra.exe
  2⤵
  PID:8940
- C:\Windows\System\MCcsfhq.exe
  C:\Windows\System\MCcsfhq.exe
  2⤵
  PID:9352
- C:\Windows\System\BLbuIfo.exe
  C:\Windows\System\BLbuIfo.exe
  2⤵
  PID:9432
- C:\Windows\System\IdVBKiZ.exe
  C:\Windows\System\IdVBKiZ.exe
  2⤵
  PID:9480
- C:\Windows\System\CtkpKnO.exe
  C:\Windows\System\CtkpKnO.exe
  2⤵
  PID:9548
- C:\Windows\System\PEEJYFz.exe
  C:\Windows\System\PEEJYFz.exe
  2⤵
  PID:9644
- C:\Windows\System\FHsXCHY.exe
  C:\Windows\System\FHsXCHY.exe
  2⤵
  PID:9712
- C:\Windows\System\Vyifulg.exe
  C:\Windows\System\Vyifulg.exe
  2⤵
  PID:9740
- C:\Windows\System\bafemPi.exe
  C:\Windows\System\bafemPi.exe
  2⤵
  PID:9796
- C:\Windows\System\OzuXBQT.exe
  C:\Windows\System\OzuXBQT.exe
  2⤵
  PID:9864
- C:\Windows\System\pRBIEXp.exe
  C:\Windows\System\pRBIEXp.exe
  2⤵
  PID:9912
- C:\Windows\System\yXxzeCI.exe
  C:\Windows\System\yXxzeCI.exe
  2⤵
  PID:10040
- C:\Windows\System\poqwIfP.exe
  C:\Windows\System\poqwIfP.exe
  2⤵
  PID:10108
- C:\Windows\System\bSJXMND.exe
  C:\Windows\System\bSJXMND.exe
  2⤵
  PID:10164
- C:\Windows\System\Ztbvtkx.exe
  C:\Windows\System\Ztbvtkx.exe
  2⤵
  PID:10188
- C:\Windows\System\VuqqEze.exe
  C:\Windows\System\VuqqEze.exe
  2⤵
  PID:9296
- C:\Windows\System\MhvsGFw.exe
  C:\Windows\System\MhvsGFw.exe
  2⤵
  PID:9336
- C:\Windows\System\dIIawxh.exe
  C:\Windows\System\dIIawxh.exe
  2⤵
  PID:9556
- C:\Windows\System\neTBxqp.exe
  C:\Windows\System\neTBxqp.exe
  2⤵
  PID:9524
- C:\Windows\System\dWDLZbZ.exe
  C:\Windows\System\dWDLZbZ.exe
  2⤵
  PID:9688
- C:\Windows\System\KRJtsrt.exe
  C:\Windows\System\KRJtsrt.exe
  2⤵
  PID:9832
- C:\Windows\System\sSKnwUG.exe
  C:\Windows\System\sSKnwUG.exe
  2⤵
  PID:5160
- C:\Windows\System\hjOaHrr.exe
  C:\Windows\System\hjOaHrr.exe
  2⤵
  PID:10220
- C:\Windows\System\CpWGYEc.exe
  C:\Windows\System\CpWGYEc.exe
  2⤵
  PID:9536
- C:\Windows\System\lzzznEH.exe
  C:\Windows\System\lzzznEH.exe
  2⤵
  PID:10008
- C:\Windows\System\JwVLuNQ.exe
  C:\Windows\System\JwVLuNQ.exe
  2⤵
  PID:1052
- C:\Windows\System\cVhNzQr.exe
  C:\Windows\System\cVhNzQr.exe
  2⤵
  PID:9376
- C:\Windows\System\lHxqZSc.exe
  C:\Windows\System\lHxqZSc.exe
  2⤵
  PID:9972
- C:\Windows\System\EYKTVrZ.exe
  C:\Windows\System\EYKTVrZ.exe
  2⤵
  PID:10276
- C:\Windows\System\nKareIh.exe
  C:\Windows\System\nKareIh.exe
  2⤵
  PID:10316
- C:\Windows\System\evzULyV.exe
  C:\Windows\System\evzULyV.exe
  2⤵
  PID:10332
- C:\Windows\System\hhrqsuN.exe
  C:\Windows\System\hhrqsuN.exe
  2⤵
  PID:10352
- C:\Windows\System\ZFzBUmj.exe
  C:\Windows\System\ZFzBUmj.exe
  2⤵
  PID:10388
- C:\Windows\System\Uzzmlvf.exe
  C:\Windows\System\Uzzmlvf.exe
  2⤵
  PID:10412
- C:\Windows\System\nAsZgcT.exe
  C:\Windows\System\nAsZgcT.exe
  2⤵
  PID:10436
- C:\Windows\System\nwPWnVZ.exe
  C:\Windows\System\nwPWnVZ.exe
  2⤵
  PID:10460
- C:\Windows\System\KyVrMyO.exe
  C:\Windows\System\KyVrMyO.exe
  2⤵
  PID:10480
- C:\Windows\System\MKhHbwr.exe
  C:\Windows\System\MKhHbwr.exe
  2⤵
  PID:10504
- C:\Windows\System\WBuKhru.exe
  C:\Windows\System\WBuKhru.exe
  2⤵
  PID:10568
- C:\Windows\System\ZlDSeHu.exe
  C:\Windows\System\ZlDSeHu.exe
  2⤵
  PID:10584
- C:\Windows\System\gVcCqOI.exe
  C:\Windows\System\gVcCqOI.exe
  2⤵
  PID:10624
- C:\Windows\System\yEaVbWO.exe
  C:\Windows\System\yEaVbWO.exe
  2⤵
  PID:10648
- C:\Windows\System\EMciTAR.exe
  C:\Windows\System\EMciTAR.exe
  2⤵
  PID:10672
- C:\Windows\System\ZhQWfzT.exe
  C:\Windows\System\ZhQWfzT.exe
  2⤵
  PID:10688
- C:\Windows\System\EhZUZdW.exe
  C:\Windows\System\EhZUZdW.exe
  2⤵
  PID:10712
- C:\Windows\System\kfhuyMh.exe
  C:\Windows\System\kfhuyMh.exe
  2⤵
  PID:10744
- C:\Windows\System\kwiHftF.exe
  C:\Windows\System\kwiHftF.exe
  2⤵
  PID:10764
- C:\Windows\System\eFtFguc.exe
  C:\Windows\System\eFtFguc.exe
  2⤵
  PID:10812
- C:\Windows\System\eFxexjW.exe
  C:\Windows\System\eFxexjW.exe
  2⤵
  PID:10840
- C:\Windows\System\rPArERy.exe
  C:\Windows\System\rPArERy.exe
  2⤵
  PID:10868
- C:\Windows\System\iDTsyfF.exe
  C:\Windows\System\iDTsyfF.exe
  2⤵
  PID:10884
- C:\Windows\System\MdeBTUg.exe
  C:\Windows\System\MdeBTUg.exe
  2⤵
  PID:10912
- C:\Windows\System\nFuOTAb.exe
  C:\Windows\System\nFuOTAb.exe
  2⤵
  PID:10960
- C:\Windows\System\IwZwHlW.exe
  C:\Windows\System\IwZwHlW.exe
  2⤵
  PID:10980
- C:\Windows\System\FLbeuOZ.exe
  C:\Windows\System\FLbeuOZ.exe
  2⤵
  PID:11004
- C:\Windows\System\bZWwSlr.exe
  C:\Windows\System\bZWwSlr.exe
  2⤵
  PID:11032
- C:\Windows\System\EtnNRFO.exe
  C:\Windows\System\EtnNRFO.exe
  2⤵
  PID:11060
- C:\Windows\System\lOwkMks.exe
  C:\Windows\System\lOwkMks.exe
  2⤵
  PID:11080
- C:\Windows\System\JvbVoXQ.exe
  C:\Windows\System\JvbVoXQ.exe
  2⤵
  PID:11108
- C:\Windows\System\JjdQYhS.exe
  C:\Windows\System\JjdQYhS.exe
  2⤵
  PID:11144
- C:\Windows\System\HxYIytS.exe
  C:\Windows\System\HxYIytS.exe
  2⤵
  PID:11164
- C:\Windows\System\DAzWoDG.exe
  C:\Windows\System\DAzWoDG.exe
  2⤵
  PID:11184
- C:\Windows\System\ftHonKo.exe
  C:\Windows\System\ftHonKo.exe
  2⤵
  PID:11212
- C:\Windows\System\CInqLlu.exe
  C:\Windows\System\CInqLlu.exe
  2⤵
  PID:11236
- C:\Windows\System\DXuouBM.exe
  C:\Windows\System\DXuouBM.exe
  2⤵
  PID:10248
- C:\Windows\System\OPIheAu.exe
  C:\Windows\System\OPIheAu.exe
  2⤵
  PID:10000
- C:\Windows\System\rKPgzGC.exe
  C:\Windows\System\rKPgzGC.exe
  2⤵
  PID:10348
- C:\Windows\System\ZPAqlOh.exe
  C:\Windows\System\ZPAqlOh.exe
  2⤵
  PID:10468
- C:\Windows\System\KcVTXEF.exe
  C:\Windows\System\KcVTXEF.exe
  2⤵
  PID:10488
- C:\Windows\System\TjFqqTq.exe
  C:\Windows\System\TjFqqTq.exe
  2⤵
  PID:10500
- C:\Windows\System\dKqrJGS.exe
  C:\Windows\System\dKqrJGS.exe
  2⤵
  PID:10576
- C:\Windows\System\gmzdapH.exe
  C:\Windows\System\gmzdapH.exe
  2⤵
  PID:10656
- C:\Windows\System\YsvhEbH.exe
  C:\Windows\System\YsvhEbH.exe
  2⤵
  PID:10680
- C:\Windows\System\UGOdANK.exe
  C:\Windows\System\UGOdANK.exe
  2⤵
  PID:10760
- C:\Windows\System\keiZwvZ.exe
  C:\Windows\System\keiZwvZ.exe
  2⤵
  PID:10800
- C:\Windows\System\YlTwOFV.exe
  C:\Windows\System\YlTwOFV.exe
  2⤵
  PID:10836
- C:\Windows\System\KNCqCJX.exe
  C:\Windows\System\KNCqCJX.exe
  2⤵
  PID:10876
- C:\Windows\System\vIywbxN.exe
  C:\Windows\System\vIywbxN.exe
  2⤵
  PID:10940
- C:\Windows\System\TTlNyJo.exe
  C:\Windows\System\TTlNyJo.exe
  2⤵
  PID:11152
- C:\Windows\System\zKzJUaT.exe
  C:\Windows\System\zKzJUaT.exe
  2⤵
  PID:10384
- C:\Windows\System\SsYJiSR.exe
  C:\Windows\System\SsYJiSR.exe
  2⤵
  PID:9328
- C:\Windows\System\KnRnBBr.exe
  C:\Windows\System\KnRnBBr.exe
  2⤵
  PID:10300
- C:\Windows\System\SEYdFin.exe
  C:\Windows\System\SEYdFin.exe
  2⤵
  PID:10528
- C:\Windows\System\KCXgZWR.exe
  C:\Windows\System\KCXgZWR.exe
  2⤵
  PID:10608
- C:\Windows\System\NnMQNWf.exe
  C:\Windows\System\NnMQNWf.exe
  2⤵
  PID:10820
- C:\Windows\System\mqAPIRj.exe
  C:\Windows\System\mqAPIRj.exe
  2⤵
  PID:10936
- C:\Windows\System\mZoUWZU.exe
  C:\Windows\System\mZoUWZU.exe
  2⤵
  PID:10996
- C:\Windows\System\xMzpdxn.exe
  C:\Windows\System\xMzpdxn.exe
  2⤵
  PID:11256
- C:\Windows\System\PhsLgLi.exe
  C:\Windows\System\PhsLgLi.exe
  2⤵
  PID:10684
- C:\Windows\System\oVZlWSM.exe
  C:\Windows\System\oVZlWSM.exe
  2⤵
  PID:10988
- C:\Windows\System\AlLcxiM.exe
  C:\Windows\System\AlLcxiM.exe
  2⤵
  PID:10476
- C:\Windows\System\cHEfDST.exe
  C:\Windows\System\cHEfDST.exe
  2⤵
  PID:11292
- C:\Windows\System\LPjGpWb.exe
  C:\Windows\System\LPjGpWb.exe
  2⤵
  PID:11320
- C:\Windows\System\FknmTbX.exe
  C:\Windows\System\FknmTbX.exe
  2⤵
  PID:11348
- C:\Windows\System\RSxJFbh.exe
  C:\Windows\System\RSxJFbh.exe
  2⤵
  PID:11372
- C:\Windows\System\hsJAujK.exe
  C:\Windows\System\hsJAujK.exe
  2⤵
  PID:11396
- C:\Windows\System\MqILsoc.exe
  C:\Windows\System\MqILsoc.exe
  2⤵
  PID:11424
- C:\Windows\System\kizKOGI.exe
  C:\Windows\System\kizKOGI.exe
  2⤵
  PID:11464
- C:\Windows\System\brGrTMP.exe
  C:\Windows\System\brGrTMP.exe
  2⤵
  PID:11484
- C:\Windows\System\bSNMbRk.exe
  C:\Windows\System\bSNMbRk.exe
  2⤵
  PID:11500
- C:\Windows\System\GusOKNR.exe
  C:\Windows\System\GusOKNR.exe
  2⤵
  PID:11544
- C:\Windows\System\DJzBdDp.exe
  C:\Windows\System\DJzBdDp.exe
  2⤵
  PID:11568
- C:\Windows\System\EGxRHKp.exe
  C:\Windows\System\EGxRHKp.exe
  2⤵
  PID:11592
- C:\Windows\System\yxaoprz.exe
  C:\Windows\System\yxaoprz.exe
  2⤵
  PID:11616
- C:\Windows\System\KAQeeBZ.exe
  C:\Windows\System\KAQeeBZ.exe
  2⤵
  PID:11680
- C:\Windows\System\QPkRScc.exe
  C:\Windows\System\QPkRScc.exe
  2⤵
  PID:11768
- C:\Windows\System\YScFluJ.exe
  C:\Windows\System\YScFluJ.exe
  2⤵
  PID:11804
- C:\Windows\System\EuTJeSx.exe
  C:\Windows\System\EuTJeSx.exe
  2⤵
  PID:11824
- C:\Windows\System\LEkmyzb.exe
  C:\Windows\System\LEkmyzb.exe
  2⤵
  PID:11852
- C:\Windows\System\NKdpuCb.exe
  C:\Windows\System\NKdpuCb.exe
  2⤵
  PID:11876
- C:\Windows\System\mivKZLz.exe
  C:\Windows\System\mivKZLz.exe
  2⤵
  PID:11896
- C:\Windows\System\RiSvVPd.exe
  C:\Windows\System\RiSvVPd.exe
  2⤵
  PID:11936
- C:\Windows\System\rrojFEQ.exe
  C:\Windows\System\rrojFEQ.exe
  2⤵
  PID:11964
- C:\Windows\System\ZVZTcBg.exe
  C:\Windows\System\ZVZTcBg.exe
  2⤵
  PID:12024
- C:\Windows\System\rotEmjV.exe
  C:\Windows\System\rotEmjV.exe
  2⤵
  PID:12040
- C:\Windows\System\WpszoVA.exe
  C:\Windows\System\WpszoVA.exe
  2⤵
  PID:12064
- C:\Windows\System\OQHTEUI.exe
  C:\Windows\System\OQHTEUI.exe
  2⤵
  PID:12088
- C:\Windows\System\KfAVoDR.exe
  C:\Windows\System\KfAVoDR.exe
  2⤵
  PID:12148
- C:\Windows\System\UtiDsHc.exe
  C:\Windows\System\UtiDsHc.exe
  2⤵
  PID:12172
- C:\Windows\System\VPFbjXk.exe
  C:\Windows\System\VPFbjXk.exe
  2⤵
  PID:12192
- C:\Windows\System\fMAzLOd.exe
  C:\Windows\System\fMAzLOd.exe
  2⤵
  PID:12208
- C:\Windows\System\LHSXEiX.exe
  C:\Windows\System\LHSXEiX.exe
  2⤵
  PID:12228
- C:\Windows\System\uRdmMgK.exe
  C:\Windows\System\uRdmMgK.exe
  2⤵
  PID:12248
- C:\Windows\System\efFACky.exe
  C:\Windows\System\efFACky.exe
  2⤵
  PID:12280
- C:\Windows\System\UbJbuHl.exe
  C:\Windows\System\UbJbuHl.exe
  2⤵
  PID:10756
- C:\Windows\System\eWAXKMh.exe
  C:\Windows\System\eWAXKMh.exe
  2⤵
  PID:11316
- C:\Windows\System\SpgqyFD.exe
  C:\Windows\System\SpgqyFD.exe
  2⤵
  PID:11440
- C:\Windows\System\XBplbBU.exe
  C:\Windows\System\XBplbBU.exe
  2⤵
  PID:11496
- C:\Windows\System\sAMaPrS.exe
  C:\Windows\System\sAMaPrS.exe
  2⤵
  PID:11564
- C:\Windows\System\kBccuag.exe
  C:\Windows\System\kBccuag.exe
  2⤵
  PID:11632
- C:\Windows\System\DljPWiw.exe
  C:\Windows\System\DljPWiw.exe
  2⤵
  PID:11688
- C:\Windows\System\VKMdRcT.exe
  C:\Windows\System\VKMdRcT.exe
  2⤵
  PID:11720
- C:\Windows\System\WMWDWAU.exe
  C:\Windows\System\WMWDWAU.exe
  2⤵
  PID:11652
- C:\Windows\System\JNtPbXu.exe
  C:\Windows\System\JNtPbXu.exe
  2⤵
  PID:11760
- C:\Windows\System\iJyxmAS.exe
  C:\Windows\System\iJyxmAS.exe
  2⤵
  PID:11868
- C:\Windows\System\wJsflSO.exe
  C:\Windows\System\wJsflSO.exe
  2⤵
  PID:11976
- C:\Windows\System\KdTfrJh.exe
  C:\Windows\System\KdTfrJh.exe
  2⤵
  PID:11956
- C:\Windows\System\FSzaHZY.exe
  C:\Windows\System\FSzaHZY.exe
  2⤵
  PID:12100
- C:\Windows\System\wROCIHq.exe
  C:\Windows\System\wROCIHq.exe
  2⤵
  PID:12124
- C:\Windows\System\VVqWYbF.exe
  C:\Windows\System\VVqWYbF.exe
  2⤵
  PID:12188
- C:\Windows\System\jLVjueC.exe
  C:\Windows\System\jLVjueC.exe
  2⤵
  PID:12204
- C:\Windows\System\utNlBOX.exe
  C:\Windows\System\utNlBOX.exe
  2⤵
  PID:12276
- C:\Windows\System\ZFEJlRa.exe
  C:\Windows\System\ZFEJlRa.exe
  2⤵
  PID:11456
- C:\Windows\System\fpzxQqw.exe
  C:\Windows\System\fpzxQqw.exe
  2⤵
  PID:11536
- C:\Windows\System\GuQiCkJ.exe
  C:\Windows\System\GuQiCkJ.exe
  2⤵
  PID:11704
- C:\Windows\System\hDKbwAi.exe
  C:\Windows\System\hDKbwAi.exe
  2⤵
  PID:11744
- C:\Windows\System\dBfZtbJ.exe
  C:\Windows\System\dBfZtbJ.exe
  2⤵
  PID:11848
- C:\Windows\System\vqbmPIM.exe
  C:\Windows\System\vqbmPIM.exe
  2⤵
  PID:5076
- C:\Windows\System\gXvWDUo.exe
  C:\Windows\System\gXvWDUo.exe
  2⤵
  PID:12080
- C:\Windows\System\fMlUdkB.exe
  C:\Windows\System\fMlUdkB.exe
  2⤵
  PID:12244
- C:\Windows\System\utzREOU.exe
  C:\Windows\System\utzREOU.exe
  2⤵
  PID:11492
- C:\Windows\System\GSrQaDG.exe
  C:\Windows\System\GSrQaDG.exe
  2⤵
  PID:11812
- C:\Windows\System\LqkAULZ.exe
  C:\Windows\System\LqkAULZ.exe
  2⤵
  PID:12164
- C:\Windows\System\OKHBHBG.exe
  C:\Windows\System\OKHBHBG.exe
  2⤵
  PID:11392
- C:\Windows\System\CFAevJq.exe
  C:\Windows\System\CFAevJq.exe
  2⤵
  PID:11476
- C:\Windows\System\QlUSjpU.exe
  C:\Windows\System\QlUSjpU.exe
  2⤵
  PID:12300
- C:\Windows\System\qcQXwIj.exe
  C:\Windows\System\qcQXwIj.exe
  2⤵
  PID:12328
- C:\Windows\System\wMcFTGu.exe
  C:\Windows\System\wMcFTGu.exe
  2⤵
  PID:12352
- C:\Windows\System\QuUYejM.exe
  C:\Windows\System\QuUYejM.exe
  2⤵
  PID:12392
- C:\Windows\System\rnKBQSo.exe
  C:\Windows\System\rnKBQSo.exe
  2⤵
  PID:12416
- C:\Windows\System\IvHttfV.exe
  C:\Windows\System\IvHttfV.exe
  2⤵
  PID:12440
- C:\Windows\System\MfLQJMv.exe
  C:\Windows\System\MfLQJMv.exe
  2⤵
  PID:12464
- C:\Windows\System\RNyuCwv.exe
  C:\Windows\System\RNyuCwv.exe
  2⤵
  PID:12484
- C:\Windows\System\juzgoFq.exe
  C:\Windows\System\juzgoFq.exe
  2⤵
  PID:12508
- C:\Windows\System\uHYLiOe.exe
  C:\Windows\System\uHYLiOe.exe
  2⤵
  PID:12528
- C:\Windows\System\HysKCPv.exe
  C:\Windows\System\HysKCPv.exe
  2⤵
  PID:12552
- C:\Windows\System\OExinge.exe
  C:\Windows\System\OExinge.exe
  2⤵
  PID:12576
- C:\Windows\System\JPwiBdc.exe
  C:\Windows\System\JPwiBdc.exe
  2⤵
  PID:12596
- C:\Windows\System\JLvvWJn.exe
  C:\Windows\System\JLvvWJn.exe
  2⤵
  PID:12676
- C:\Windows\System\coUvfCx.exe
  C:\Windows\System\coUvfCx.exe
  2⤵
  PID:12692
- C:\Windows\System\RzYMPhe.exe
  C:\Windows\System\RzYMPhe.exe
  2⤵
  PID:12724
- C:\Windows\System\HouTbvu.exe
  C:\Windows\System\HouTbvu.exe
  2⤵
  PID:12748
- C:\Windows\System\mFtexcT.exe
  C:\Windows\System\mFtexcT.exe
  2⤵
  PID:12764
- C:\Windows\System\kccsWyt.exe
  C:\Windows\System\kccsWyt.exe
  2⤵
  PID:12800
- C:\Windows\System\sJonldo.exe
  C:\Windows\System\sJonldo.exe
  2⤵
  PID:12824
- C:\Windows\System\SDNormW.exe
  C:\Windows\System\SDNormW.exe
  2⤵
  PID:12844
- C:\Windows\System\dxZoQyn.exe
  C:\Windows\System\dxZoQyn.exe
  2⤵
  PID:12872
- C:\Windows\System\XPDCNPV.exe
  C:\Windows\System\XPDCNPV.exe
  2⤵
  PID:12892
- C:\Windows\System\phtvStm.exe
  C:\Windows\System\phtvStm.exe
  2⤵
  PID:12912
- C:\Windows\System\ymfqPkH.exe
  C:\Windows\System\ymfqPkH.exe
  2⤵
  PID:12944
- C:\Windows\System\xEJtXAE.exe
  C:\Windows\System\xEJtXAE.exe
  2⤵
  PID:12996
- C:\Windows\System\daPxsjN.exe
  C:\Windows\System\daPxsjN.exe
  2⤵
  PID:13016
- C:\Windows\System\ijtakwx.exe
  C:\Windows\System\ijtakwx.exe
  2⤵
  PID:13036
- C:\Windows\System\YsaqbxJ.exe
  C:\Windows\System\YsaqbxJ.exe
  2⤵
  PID:13060
- C:\Windows\System\QaHedoF.exe
  C:\Windows\System\QaHedoF.exe
  2⤵
  PID:13120
- C:\Windows\System\ltuhygY.exe
  C:\Windows\System\ltuhygY.exe
  2⤵
  PID:13152
- C:\Windows\System\MCsKIRs.exe
  C:\Windows\System\MCsKIRs.exe
  2⤵
  PID:13172
- C:\Windows\System\wTSWtfl.exe
  C:\Windows\System\wTSWtfl.exe
  2⤵
  PID:13188
- C:\Windows\System\JuGPnJX.exe
  C:\Windows\System\JuGPnJX.exe
  2⤵
  PID:13216
- C:\Windows\System\nonFECY.exe
  C:\Windows\System\nonFECY.exe
  2⤵
  PID:13244
- C:\Windows\System\AhJrjWt.exe
  C:\Windows\System\AhJrjWt.exe
  2⤵
  PID:13268
- C:\Windows\System\VaNsHaa.exe
  C:\Windows\System\VaNsHaa.exe
  2⤵
  PID:13304
- C:\Windows\System\vlhozXG.exe
  C:\Windows\System\vlhozXG.exe
  2⤵
  PID:12336
- C:\Windows\System\CQplgsx.exe
  C:\Windows\System\CQplgsx.exe
  2⤵
  PID:12388
- C:\Windows\System\wKFtZLm.exe
  C:\Windows\System\wKFtZLm.exe
  2⤵
  PID:12424
- C:\Windows\System\haVajNB.exe
  C:\Windows\System\haVajNB.exe
  2⤵
  PID:12448
- C:\Windows\System\eyQpaYk.exe
  C:\Windows\System\eyQpaYk.exe
  2⤵
  PID:12564
- C:\Windows\System\ZGTtAXC.exe
  C:\Windows\System\ZGTtAXC.exe
  2⤵
  PID:12548
- C:\Windows\System\luOhIll.exe
  C:\Windows\System\luOhIll.exe
  2⤵
  PID:12588
- C:\Windows\System\KPflIwm.exe
  C:\Windows\System\KPflIwm.exe
  2⤵
  PID:12684
- C:\Windows\System\yFtGJwM.exe
  C:\Windows\System\yFtGJwM.exe
  2⤵
  PID:12836
- C:\Windows\System\msVYpcc.exe
  C:\Windows\System\msVYpcc.exe
  2⤵
  PID:12904
- C:\Windows\System\aolPTRH.exe
  C:\Windows\System\aolPTRH.exe
  2⤵
  PID:12976
- C:\Windows\System\WRijLkT.exe
  C:\Windows\System\WRijLkT.exe
  2⤵
  PID:13044
- C:\Windows\System\LOSWzvX.exe
  C:\Windows\System\LOSWzvX.exe
  2⤵
  PID:13076
- C:\Windows\System\hEbWqJZ.exe
  C:\Windows\System\hEbWqJZ.exe
  2⤵
  PID:13116
- C:\Windows\System\fpcPpwz.exe
  C:\Windows\System\fpcPpwz.exe
  2⤵
  PID:13168
- C:\Windows\System\hrigHsV.exe
  C:\Windows\System\hrigHsV.exe
  2⤵
  PID:13204
- C:\Windows\System\nMXHhrP.exe
  C:\Windows\System\nMXHhrP.exe
  2⤵
  PID:13264
- C:\Windows\System\ZdEQciB.exe
  C:\Windows\System\ZdEQciB.exe
  2⤵
  PID:12496
- C:\Windows\System\LJMgsiM.exe
  C:\Windows\System\LJMgsiM.exe
  2⤵
  PID:12644
- C:\Windows\System\sAoHiRS.exe
  C:\Windows\System\sAoHiRS.exe
  2⤵
  PID:12736
- C:\Windows\System\bYQhLNL.exe
  C:\Windows\System\bYQhLNL.exe
  2⤵
  PID:12796
- C:\Windows\System\EKVYBwH.exe
  C:\Windows\System\EKVYBwH.exe
  2⤵
  PID:12612
- C:\Windows\System\OKKPyOP.exe
  C:\Windows\System\OKKPyOP.exe
  2⤵
  PID:12480
- C:\Windows\System\ojGjuOK.exe
  C:\Windows\System\ojGjuOK.exe
  2⤵
  PID:12772
- C:\Windows\System\xaqpoIZ.exe
  C:\Windows\System\xaqpoIZ.exe
  2⤵
  PID:12888
- C:\Windows\System\vRUjacG.exe
  C:\Windows\System\vRUjacG.exe
  2⤵
  PID:12936
- C:\Windows\System\dvjFoxl.exe
  C:\Windows\System\dvjFoxl.exe
  2⤵
  PID:13328
- C:\Windows\System\yUBHBmE.exe
  C:\Windows\System\yUBHBmE.exe
  2⤵
  PID:13368
- C:\Windows\System\wpdbrpy.exe
  C:\Windows\System\wpdbrpy.exe
  2⤵
  PID:13400
- C:\Windows\System\ykypqru.exe
  C:\Windows\System\ykypqru.exe
  2⤵
  PID:13416
- C:\Windows\System\nTYuHCx.exe
  C:\Windows\System\nTYuHCx.exe
  2⤵
  PID:13448
- C:\Windows\System\qtpOZRD.exe
  C:\Windows\System\qtpOZRD.exe
  2⤵
  PID:13488
- C:\Windows\System\lMdrFcC.exe
  C:\Windows\System\lMdrFcC.exe
  2⤵
  PID:13512
- C:\Windows\System\DIUMylx.exe
  C:\Windows\System\DIUMylx.exe
  2⤵
  PID:13540
- C:\Windows\System\xiOVcis.exe
  C:\Windows\System\xiOVcis.exe
  2⤵
  PID:13560
- C:\Windows\System\KTqiHYL.exe
  C:\Windows\System\KTqiHYL.exe
  2⤵
  PID:13588
- C:\Windows\System\yZwmrbe.exe
  C:\Windows\System\yZwmrbe.exe
  2⤵
  PID:13632
- C:\Windows\System\OPYkrYt.exe
  C:\Windows\System\OPYkrYt.exe
  2⤵
  PID:13652
- C:\Windows\System\Ijptwcv.exe
  C:\Windows\System\Ijptwcv.exe
  2⤵
  PID:13672
- C:\Windows\System\ChJgMHa.exe
  C:\Windows\System\ChJgMHa.exe
  2⤵
  PID:13696
- C:\Windows\System\iZgISqK.exe
  C:\Windows\System\iZgISqK.exe
  2⤵
  PID:13712
- C:\Windows\System\JKwWpDQ.exe
  C:\Windows\System\JKwWpDQ.exe
  2⤵
  PID:13736
- C:\Windows\System\YXNnVqA.exe
  C:\Windows\System\YXNnVqA.exe
  2⤵
  PID:13756
- C:\Windows\System\yMKfpsq.exe
  C:\Windows\System\yMKfpsq.exe
  2⤵
  PID:13796
- C:\Windows\System\ALtcJou.exe
  C:\Windows\System\ALtcJou.exe
  2⤵
  PID:13820
- C:\Windows\System\JyZDiTo.exe
  C:\Windows\System\JyZDiTo.exe
  2⤵
  PID:13848
- C:\Windows\System\FVSquGM.exe
  C:\Windows\System\FVSquGM.exe
  2⤵
  PID:13868
- C:\Windows\System\snbpwio.exe
  C:\Windows\System\snbpwio.exe
  2⤵
  PID:13920
- C:\Windows\System\FOFZzCf.exe
  C:\Windows\System\FOFZzCf.exe
  2⤵
  PID:13952
- C:\Windows\System\YDhaZJl.exe
  C:\Windows\System\YDhaZJl.exe
  2⤵
  PID:13984
- C:\Windows\System\WtMjJdL.exe
  C:\Windows\System\WtMjJdL.exe
  2⤵
  PID:14008
- C:\Windows\System\zEeUDPc.exe
  C:\Windows\System\zEeUDPc.exe
  2⤵
  PID:14032
- C:\Windows\System\DFEWgvX.exe
  C:\Windows\System\DFEWgvX.exe
  2⤵
  PID:14064
- C:\Windows\System\ZngaMrq.exe
  C:\Windows\System\ZngaMrq.exe
  2⤵
  PID:14088
- C:\Windows\System\zbwcSDV.exe
  C:\Windows\System\zbwcSDV.exe
  2⤵
  PID:14120
- C:\Windows\System\dhPWjdL.exe
  C:\Windows\System\dhPWjdL.exe
  2⤵
  PID:14144
- C:\Windows\System\isBhHQB.exe
  C:\Windows\System\isBhHQB.exe
  2⤵
  PID:14168
- C:\Windows\System\mYGMWcs.exe
  C:\Windows\System\mYGMWcs.exe
  2⤵
  PID:14184
- C:\Windows\System\EeXMXgr.exe
  C:\Windows\System\EeXMXgr.exe
  2⤵
  PID:14204
- C:\Windows\System\AcLeFsu.exe
  C:\Windows\System\AcLeFsu.exe
  2⤵
  PID:14228
- C:\Windows\System\NSceNhD.exe
  C:\Windows\System\NSceNhD.exe
  2⤵
  PID:14244
- C:\Windows\System\ZSVGaxY.exe
  C:\Windows\System\ZSVGaxY.exe
  2⤵
  PID:14280
- C:\Windows\System\zHHhyrm.exe
  C:\Windows\System\zHHhyrm.exe
  2⤵
  PID:14304
- C:\Windows\System\VGIQSsh.exe
  C:\Windows\System\VGIQSsh.exe
  2⤵
  PID:14328
- C:\Windows\System\HYIazYa.exe
  C:\Windows\System\HYIazYa.exe
  2⤵
  PID:13376
- C:\Windows\System\PkiJwYw.exe
  C:\Windows\System\PkiJwYw.exe
  2⤵
  PID:13408
- C:\Windows\System\mzxIbiO.exe
  C:\Windows\System\mzxIbiO.exe
  2⤵
  PID:13524
- C:\Windows\System\QjitvSs.exe
  C:\Windows\System\QjitvSs.exe
  2⤵
  PID:13600
- C:\Windows\System\lMvhYCk.exe
  C:\Windows\System\lMvhYCk.exe
  2⤵
  PID:13680
- C:\Windows\System\KCLOldH.exe
  C:\Windows\System\KCLOldH.exe
  2⤵
  PID:13732
- C:\Windows\System\BsPXMNn.exe
  C:\Windows\System\BsPXMNn.exe
  2⤵
  PID:13836
- C:\Windows\System\FsVPbTa.exe
  C:\Windows\System\FsVPbTa.exe
  2⤵
  PID:13932
- C:\Windows\System\AFdlWnf.exe
  C:\Windows\System\AFdlWnf.exe
  2⤵
  PID:13948
- C:\Windows\System\aaXtEuK.exe
  C:\Windows\System\aaXtEuK.exe
  2⤵
  PID:14024
- C:\Windows\System\amOgXYB.exe
  C:\Windows\System\amOgXYB.exe
  2⤵
  PID:14060
- C:\Windows\System\TPOSMEU.exe
  C:\Windows\System\TPOSMEU.exe
  2⤵
  PID:14152
- C:\Windows\System\nbjweOn.exe
  C:\Windows\System\nbjweOn.exe
  2⤵
  PID:14180
- C:\Windows\System\rHkAMMN.exe
  C:\Windows\System\rHkAMMN.exe
  2⤵
  PID:14320
- C:\Windows\System\wukTLbG.exe
  C:\Windows\System\wukTLbG.exe
  2⤵
  PID:14312
- C:\Windows\System\AxQUCWL.exe
  C:\Windows\System\AxQUCWL.exe
  2⤵
  PID:13468

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AMwNDrJ.exe

Filesize
1.7MB

MD5
b020337d58ad9ce7a5549ef1fa3ba2dd

SHA1
925ff1a8fadc50660a66529c12ff2c6a1b176626

SHA256
4f8c80f82cc0c60909c856b84aa3309d8938a4d89e6abbd794669ec6b12f4898

SHA512
fefd2be830b4e6825631e3ca1d15629f6a9f733d1225d2708a67b16b1a91b41b30a2e099616fe20bbc880ff6dc2d8312142815f1e31773a30f5ffa3496b61ff3

Download Submit
C:\Windows\System\BwsnALH.exe

Filesize
1.7MB

MD5
b7e73801344ffc951b6c564a17b2634a

SHA1
b49eee6bb8757333605524c5abe51ca3f99984fb

SHA256
0596929c2e49ccb017845176ac7aa6ea9a2a14810be41438bfb22cb458c672ce

SHA512
535b4f0e4df22974fc9d65281492ef62ddb6c1767ebc0bddaaf9ef022e746b1ceef3e64efceef1e1f35ae230c2e86ad2d5a1f4e74bf7d0b66999804f49444b17

Download Submit
C:\Windows\System\BzTHZhg.exe

Filesize
1.7MB

MD5
4d6ed8910dd107d63a6780900dba05e7

SHA1
b21267134845193205d4b1ff2ada352860d41f43

SHA256
250ce068891127db030c0c399fb5b13094ae8205e1b771991bbb5c64ea44417d

SHA512
ae0c7c2f51d0fc954740a5dd16736e94c7789b0d4aa55b234e1e73d54b5d90722d534f7bbe182017385464d946e957457bd3bc5dfd8e55576cb891eaa12650b1

Download Submit
C:\Windows\System\DJBHBiY.exe

Filesize
1.7MB

MD5
21ec5f35ff2932495f485239baf138e4

SHA1
d7a9a7b61c5aaf634712b2c8f9fef1e2ebdb5125

SHA256
4ed8ed96b766e68148b6440c1d717139349546a0ff3d94beff41100e308625d7

SHA512
b17a6bdccf1b9f95bf9a974a61b16af528a5bcd2fb824ba5371aab373118574b293c661ea3f1954f0a6bf836bb287d8de345d2bef32a8e097275175bf60f352c

Download Submit
C:\Windows\System\HFUvFfU.exe

Filesize
1.7MB

MD5
70b36d1141ce0c99ced56cacbc9277b5

SHA1
613181ba561e4d3027c90c593a5b1b6c89fbe5de

SHA256
dbb364fa5d429a8845a354718fd19026ca5f35d6a1e3ef6f1de489636c985d5e

SHA512
497e6f8bebf542b385e3108198b87a115330b74eb67865a76269287614df1fecae1e7b11f3fc472f8175e24c92fe9e5a71b7314a3fbf6e9f7b61fa9328293359

Download Submit
C:\Windows\System\IUqdGgn.exe

Filesize
1.7MB

MD5
25b3eac894c0513a5ee72925a0b5f529

SHA1
5d5431426fde227484131ecacfc965b7dc2ccc7b

SHA256
e7b6e385164d4651a9f7e34f618c56c1e97c55193cda147e34e89afe08f7cf10

SHA512
6484d66e3cce5ed752c378063b2ee451ba000290baf5d45f9d8db4221dc3547c51558f5e5dca6f044c59baa73d5b2a6e48b6f50445b4604868599c9eeef5771d

Download Submit
C:\Windows\System\JFOKeAZ.exe

Filesize
1.7MB

MD5
ff648ecbdabb238d2ec0b0433590adf9

SHA1
4d28b68637379cb6ee6c0ee1692e64d056ba5e14

SHA256
166ad1672b06a17d67b31427e257bde939f47bd13f54f94b1496c63a52a36790

SHA512
c81a25eaae0baae98c52b488ed23639a9f97627445c9ce336cf32afdbacacc1a0299f8fc75e7f79c077735e2f213f812ffc7757b117e2a7959831dadad37ac88

Download Submit
C:\Windows\System\JTwjxbx.exe

Filesize
1.7MB

MD5
9c041169ab467eb674f6541acf5044f9

SHA1
7e1cfca56cfd42feac6ba2f4a9459401db07f5d1

SHA256
a7f2e51c55fb67daf4a9163592082ee90f79e95ba5a5803c15e60afe2fef2c3f

SHA512
55377732797115ec3ed795962ea64b3c0062e45850eb00369ec2efc3b86ee0d55ac72ac24f1509d07adbb6cdcc593ebbd4b2333bfac60b91a9455a87af394b40

Download Submit
C:\Windows\System\KvNTPtD.exe

Filesize
1.7MB

MD5
722ab21b8f7c410d9e1845f5f90fc322

SHA1
693d6f7947befdc79b773f80084d512ba918d5ee

SHA256
6685e1dfd7381bf0f4222698d0af62893e6d52c35e23531e0f604bab561dbabd

SHA512
1e4f551fb720bd234b739f27b0dcacfb2910e986844c576b0cb37b37c6a6b3f5bae9004420d4a1bd81af6d775403c93f53f3ed44ad2325581a6b2a4248832be2

Download Submit
C:\Windows\System\LnRzNui.exe

Filesize
1.7MB

MD5
5dfbb2e055af1321add625c3fa31e4c2

SHA1
ca081fdda570649a31e20380c9de8993b680a895

SHA256
f75e97d6f307ecb86301f22706ee1959dc0c683169cde665cd5128b70ec74c21

SHA512
7d82d9788024c59ba825292131013ba1f006a6a058f3998e802bb84f859b8a8ad6dd2d616f9341c5ca5205e8d708aa74fafcedff433a5c704a48ee16d71c809d

Download Submit
C:\Windows\System\LwjBgLU.exe

Filesize
1.7MB

MD5
4420c9b6d298c3be664ec9cc0d140cb2

SHA1
314ae989275f8d8fa93277954e56b58ea491251d

SHA256
661b6450ab79681744325000f59d654dca01188d6af0b696a8d57217b308bfa1

SHA512
c842fc1e6dc1625396847d75c3063fe322528cf4768e3b7d87abb421562ce0aab1183d2e1ba4a5acb8fcea1840ca894e1b9a7f8d08f719a1c0e28fe0bca58873

Download Submit
C:\Windows\System\MXUqHYi.exe

Filesize
1.7MB

MD5
9a0fb958394292357a7a7eff9075ca7e

SHA1
9791534defd2658503ee190cd7530e69efc22e60

SHA256
ab30344a42218c70174828b376248daec9306c0150aa49eab99a851072e3eaed

SHA512
566b9bf44db7782f3175aa9c2225eb7df1a5ace96eef6f20d1c401c229ef44967344b0758b50e994b58735fe13db75bbd181f418d6bd8799bdecf29a9501e016

Download Submit
C:\Windows\System\NPBzpwo.exe

Filesize
1.7MB

MD5
d7390a30665b6e1753a47fcae092c584

SHA1
1a5125481e12817f376010849dac9b62c6894e66

SHA256
9e2949be1ea977c27f4526a46c25366811741c6c782d60de45326adf25958bea

SHA512
d4de51608c06988fb4f2cf0bdfb8895008f6f9cb3538627623725b7b2215ec27595cde2b2d4b4f1650b289aa5e7274d01325078f854d220dc463d94e411396ca

Download Submit
C:\Windows\System\QIXSHYN.exe

Filesize
1.7MB

MD5
d227acfc27c41d553a2c41a369ebb699

SHA1
0a36780dc845e4f2c9f53324b1e716637d956e2d

SHA256
17cb0aa500ff4c84eb8a9ee8ac3afe8cc9663098258d75b82e9978b613fb9d4b

SHA512
f52ab419d7cc2e923a03e23b01efc7d24b201875f5581a911e9626ae015b95f643880fa7f635e1da0e4fe9f70b873f66f64851cf85371bc7ac93c7a30187d895

Download Submit
C:\Windows\System\QKQrNVK.exe

Filesize
1.7MB

MD5
095d209c847079626e79acc97c694a1e

SHA1
039d32e6dfcf37077ff89e16859e6f5d6a82a0ee

SHA256
a50ddc3192cf8d39582469771136e79d2410ef4059b55959c9bc473d99fe2737

SHA512
4e039074a5b434ab1c64a4aea1ea0ee91415d9a51ac913bbde16635181c42ca08a25f83127d3ece0e5ba169c39e283b2eeadf15ea709b3b2e458327101732b9d

Download Submit
C:\Windows\System\QZkvbCK.exe

Filesize
1.7MB

MD5
bcc856772d8d3a6175ad9231e32fd442

SHA1
4a03536f1ff0f0a4a435ba4565c22d850f9ed7da

SHA256
d97f7add8bd68211004f6c2e4d588163a4f7c8b77655aee84d691fa451dea63b

SHA512
93ab8b6de6338eb344ec1bd494d22be970332e7f0e57b4fca609d0023e12fa78d4fa1d51eefbd77e3c60d6e874e2a9b04d73c6522f4aabb4157050cd61afa94f

Download Submit
C:\Windows\System\RzzqKsQ.exe

Filesize
1.7MB

MD5
338bf89f03505ea66edb2791bc7a5dc8

SHA1
218c944e9c5de3367daf8a051382c688458cf748

SHA256
aadddb9405768d9d9971a06ae29361a403f8eace826bf4a94388e67aae326445

SHA512
4e5e5bac110cd13145929866cf77624af1912b1d84c5f7f69352170696a559f6377f24d14d855e78bac8583b639ccbfe6e5d288b5a9934a5939982d2f4130b23

Download Submit
C:\Windows\System\UYDUeoa.exe

Filesize
1.7MB

MD5
2a20065ae33fda68f99ca148fddae87f

SHA1
1f3bae095022d6ae578b9f3b3a8074a6ade9b3a3

SHA256
bbcdc26735b05881d9e9ab827e6a16a376a3f84ab5daf512adbd0403718fe3c7

SHA512
ead19dd7baa2a51deb3df34f571d59112f9907cbcee3f92f2441f7d7f44dd655a24308707f037a657d500cbae2dbc40b5f3d6d1c928f9d039ceb4e4920997f81

Download Submit
C:\Windows\System\adUUxfa.exe

Filesize
1.7MB

MD5
557088393bb9cb2234d6df43d7c9e272

SHA1
9ec948054fdcd8cecd2dee308c9ab3a513cc487c

SHA256
602f7627607dae6e24f61535fbbf7c7792f5c646228d544cf0cb30a852969262

SHA512
86f1520931e70f6e0b198ae6e617862554f3a03c60a37d3389e985ea117109d002afb6e84b3d8e0bd512bf37d20e67acb24b75cc117b2578fc0c368d777c650b

Download Submit
C:\Windows\System\dUpYrFY.exe

Filesize
1.7MB

MD5
968e13a9ef7a813c03ed106196ddf540

SHA1
dc7c8fd49af8e0384cbdc8339e5ecfa7869b0c4a

SHA256
1f6846a3ee1047abf3a18aee7493d471355703019d897d2828f85537ee393e32

SHA512
36175685ecb43d4dde8f5fb1bedc21c4950bec7ba60f3208938ec69343496e76e6094019d35563aee2a3d3060f056ee587543c12f58ec62a326312c865ad3dfc

Download Submit
C:\Windows\System\gNMtxjH.exe

Filesize
1.7MB

MD5
016d052ab5e3ed41d0510b87d6ab6270

SHA1
22055b3dd207ea1ea39b42eb7c6aa66a326efab3

SHA256
9d03853a9a3f986c91d6115c6b912f64f41bd281c0d2a08715dc3c4b6bec6483

SHA512
52a1e2b0e104f2b5d172122b208cfbb89d90be74d9ac98b029311e5dcc78c7b5f5ab15237f0a3fff46f2b71a54a56a8cdea71b7c087357406d4d5e6b6f734097

Download Submit
C:\Windows\System\hgMGjST.exe

Filesize
1.7MB

MD5
66b2c602203fb8641baeb3b38e954f1d

SHA1
f3aab4bcf6f2d0219d1200a153f05a4ccaee4e1e

SHA256
238d4c53e684142435b7f21db3cbcb021253911b77932c4fe1b210464e4ecf24

SHA512
cf75b7d313a75ca4148ce80cfc0c32f49573f740a906db7ddda18e2d72c6124bafd08a0c81353d3d110ba544205d9d681b86c37f848fec710bb377051b737d96

Download Submit
C:\Windows\System\jKIvdfr.exe

Filesize
1.7MB

MD5
b8a9d901ba758b342e2a9abeba132c26

SHA1
fdc767b0e1c9d6ce930a9ba3ea7b8ba60cdb67a0

SHA256
da4b0cacc02ccf995911add9a0e78f594d57eaf27e717c6b77b31ddf7e3252e6

SHA512
8101849fe4ca5bd3bb247faab00a016a67dcebf457c7de1d160ccc1a093972e46da0896783ddeb2936f42bc710f1360639f17019d7352622f4f27df59c664203

Download Submit
C:\Windows\System\jYlrrcz.exe

Filesize
1.7MB

MD5
82c10beebe1889c374e73e9914d34760

SHA1
e76c9b9c4c9a475322c9449a8461062f1c8d7ee4

SHA256
53e2d06c88659cfaa98c2d9f10eb123ee84b17b96f9c2dd8e4bd61cd0baea486

SHA512
67173be484e161239e1b682e6fb06b68d423f2853b437ff987544b0a58b9e1192d45c4b6159e799c008ea44bbcb5cd707abdb24705266e41c4f3f4aeabb64cda

Download Submit
C:\Windows\System\kupZTKY.exe

Filesize
1.7MB

MD5
5677436c0cfa5311f4d6d430c451221c

SHA1
0404d56047044d7d8e06a24fc89a4bc15efae1fb

SHA256
10a8640836fbb71555ea9da3ee61c3b8cfb1c4e942e4334ab507a3312e686281

SHA512
1134704363ade2cd43c3165b0f02a3d3ca347da184a2647645b9bca1fa0f38139a3bbdff43882ad9247fdd1c29682581f7a3a9285200e1fd138a6958d6d532a1

Download Submit
C:\Windows\System\oBViOjP.exe

Filesize
1.7MB

MD5
5510ed4f99298e6e5e0d196698161280

SHA1
542b21f55727b3c7f66b68152435f2d25ad9ca03

SHA256
b44bcc5cfd7e4d26e57188d9c804648ac8453c52e3d3296f0652f5010377378a

SHA512
a56d334323cbe360881e229cddba970649d035b6c4912e6fd5889b96f03328c6cd6f9f5d2fff2d69297b78c2e074f2063a14c83f49b3feecbaa473610b28dfdc

Download Submit
C:\Windows\System\qAdFeQq.exe

Filesize
1.7MB

MD5
128817501442b6c82d1cc958305f66f7

SHA1
8a92d995fb4b4c27d23efaae4caa27a8b4ad5e27

SHA256
7974f3c1dd579b675b1feb1603a26ce3cf8dbc689961efad9c1a25a70790b824

SHA512
98bd1936a24022d35dbfa28cf22769c6524505395764642167d408944222ed867e017b57ccdfde2ab0cc888061e8029918f7f8ec52a8fcfa93b32579b396c30c

Download Submit
C:\Windows\System\sVNpdMZ.exe

Filesize
1.7MB

MD5
baeb9fd2416f6b71fd14d28d0cf136bf

SHA1
11e3d2483ad7373492f4ac0a5d0262256e3fa1a7

SHA256
eba6095bbe7e7448c3f4f69c4ade2c94c82662813b3d1458a778ec74830eacaf

SHA512
7b40c390b2e075bbbaef1da12b2b7a1c8a32754058b54595e49d1be6b0b47a1fd751f6c8ed952fd6164067e62a6a07a5a3648952765fd7bbb47a3289dccf0039

Download Submit
C:\Windows\System\tOKyygu.exe

Filesize
1.7MB

MD5
7578fdb4af171376b9776114613c84e6

SHA1
60afa5cf9c0bb85171d909618741107fd7fde285

SHA256
8b78f3bf65f38457c585bdf244e45156d9c1749bab348d9cdedf740be61b004b

SHA512
2f2007d1befd4ffe3676fc783eb61d49f4f5f5c1f6cec0a6305f2f48fd91d38e57e7fa9da9682e657c9239aeb912e212ad672a0f282cabcea68458c26525fe00

Download Submit
C:\Windows\System\tTzVEPx.exe

Filesize
1.7MB

MD5
7c0f2237bf5e898a8afeec35bba5aea9

SHA1
74f3a331b0a8b753989f032ce5c4e42f59daab1e

SHA256
2c50441914549d37a5cd46d6238c6fa2e28a1e8cb942b05324b3daec0fe8e3ef

SHA512
dd7c092cb83024f327ec279597af7c6c720999b5db266d616cfe37954c045c6fd1b717425355034c9b49010553574ec984e9ac20a798e4473781513bfcc7ff83

Download Submit
C:\Windows\System\uxozadk.exe

Filesize
1.7MB

MD5
78844b664fdcec0412197e426d52726a

SHA1
12a90a02b44f9d5589e97ef85c37f6193578112d

SHA256
658fc1dfa8f346fa9875b36ffd9df4592c5092d0969b1f364d0cd949ae290449

SHA512
10292502febaaeba75de9ed66cc9b8c190a1666503c3a75706a1a6745011714c6d62d57f91ba493306210238e99a6f524189353e793c1a3e52f17543ec1b355f

Download Submit
C:\Windows\System\verfWpD.exe

Filesize
1.7MB

MD5
8d1f0bf07845d6cce88006a87ac6aa9b

SHA1
58bd764cd9a724985cccdeb74af571c8a6ed54ba

SHA256
2f58acefd4ab8916ecbc79d11f6730f3445090902b31c2c37a04142d8926a23d

SHA512
5203a0a831cfa0211ccd966be08009e3e06489578d004af21068db1d4147242dbb7c3db2df0e3875734b4cbd06c27e73ae78adf3d66a2d9f656ab84c9c742c16

Download Submit
C:\Windows\System\vmIXhFC.exe

Filesize
1.7MB

MD5
a7e5aa4de107af91d16f4308d9ce842d

SHA1
b887503b54fad01adb1f0c7dd0a637897864a550

SHA256
639e9667dc472f3e045ee55cc94c2b9821601e51fecb6eb463fdf625daec09e3

SHA512
afdab48afbd54a9de67243a6a2c7629e6199704edb1e132046dc4c0c9833609a0f5b5894bcc441c9ef4d7bf841cf55aecf32dfd38d93049ced4302d92b481be4

Download Submit
memory/460-2323-0x00007FF717C70000-0x00007FF717FC1000-memory.dmp

Filesize
3.3MB

Download
memory/460-411-0x00007FF717C70000-0x00007FF717FC1000-memory.dmp

Filesize
3.3MB

Download
memory/648-2219-0x00007FF6B83E0000-0x00007FF6B8731000-memory.dmp

Filesize
3.3MB

Download
memory/648-36-0x00007FF6B83E0000-0x00007FF6B8731000-memory.dmp

Filesize
3.3MB

Download
memory/648-2277-0x00007FF6B83E0000-0x00007FF6B8731000-memory.dmp

Filesize
3.3MB

Download
memory/1148-2319-0x00007FF6F8240000-0x00007FF6F8591000-memory.dmp

Filesize
3.3MB

Download
memory/1148-414-0x00007FF6F8240000-0x00007FF6F8591000-memory.dmp

Filesize
3.3MB

Download
memory/1412-2273-0x00007FF706D10000-0x00007FF707061000-memory.dmp

Filesize
3.3MB

Download
memory/1412-20-0x00007FF706D10000-0x00007FF707061000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2321-0x00007FF723E40000-0x00007FF724191000-memory.dmp

Filesize
3.3MB

Download
memory/1612-410-0x00007FF723E40000-0x00007FF724191000-memory.dmp

Filesize
3.3MB

Download
memory/1720-2305-0x00007FF61E7E0000-0x00007FF61EB31000-memory.dmp

Filesize
3.3MB

Download
memory/1720-2258-0x00007FF61E7E0000-0x00007FF61EB31000-memory.dmp

Filesize
3.3MB

Download
memory/1720-106-0x00007FF61E7E0000-0x00007FF61EB31000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2291-0x00007FF6789E0000-0x00007FF678D31000-memory.dmp

Filesize
3.3MB

Download
memory/1756-130-0x00007FF6789E0000-0x00007FF678D31000-memory.dmp

Filesize
3.3MB

Download
memory/2132-60-0x00007FF720CE0000-0x00007FF721031000-memory.dmp

Filesize
3.3MB

Download
memory/2132-2222-0x00007FF720CE0000-0x00007FF721031000-memory.dmp

Filesize
3.3MB

Download
memory/2132-2289-0x00007FF720CE0000-0x00007FF721031000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2271-0x00007FF72A8E0000-0x00007FF72AC31000-memory.dmp

Filesize
3.3MB

Download
memory/2548-11-0x00007FF72A8E0000-0x00007FF72AC31000-memory.dmp

Filesize
3.3MB

Download
memory/2548-1005-0x00007FF72A8E0000-0x00007FF72AC31000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2281-0x00007FF7884B0000-0x00007FF788801000-memory.dmp

Filesize
3.3MB

Download
memory/2672-68-0x00007FF7884B0000-0x00007FF788801000-memory.dmp

Filesize
3.3MB

Download
memory/2720-24-0x00007FF64E650000-0x00007FF64E9A1000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2218-0x00007FF64E650000-0x00007FF64E9A1000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2275-0x00007FF64E650000-0x00007FF64E9A1000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2257-0x00007FF6ADB50000-0x00007FF6ADEA1000-memory.dmp

Filesize
3.3MB

Download
memory/2836-93-0x00007FF6ADB50000-0x00007FF6ADEA1000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2303-0x00007FF6ADB50000-0x00007FF6ADEA1000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2260-0x00007FF630E90000-0x00007FF6311E1000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2301-0x00007FF630E90000-0x00007FF6311E1000-memory.dmp

Filesize
3.3MB

Download
memory/3248-115-0x00007FF630E90000-0x00007FF6311E1000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2307-0x00007FF6746F0000-0x00007FF674A41000-memory.dmp

Filesize
3.3MB

Download
memory/3600-413-0x00007FF6746F0000-0x00007FF674A41000-memory.dmp

Filesize
3.3MB

Download
memory/3860-2259-0x00007FF689DF0000-0x00007FF68A141000-memory.dmp

Filesize
3.3MB

Download
memory/3860-2315-0x00007FF689DF0000-0x00007FF68A141000-memory.dmp

Filesize
3.3MB

Download
memory/3860-407-0x00007FF689DF0000-0x00007FF68A141000-memory.dmp

Filesize
3.3MB

Download
memory/3884-77-0x00007FF72EC00000-0x00007FF72EF51000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2285-0x00007FF72EC00000-0x00007FF72EF51000-memory.dmp

Filesize
3.3MB

Download
memory/3940-2299-0x00007FF7125F0000-0x00007FF712941000-memory.dmp

Filesize
3.3MB

Download
memory/3940-136-0x00007FF7125F0000-0x00007FF712941000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2261-0x00007FF7A7A00000-0x00007FF7A7D51000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2309-0x00007FF7A7A00000-0x00007FF7A7D51000-memory.dmp

Filesize
3.3MB

Download
memory/3964-137-0x00007FF7A7A00000-0x00007FF7A7D51000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2262-0x00007FF6D91A0000-0x00007FF6D94F1000-memory.dmp

Filesize
3.3MB

Download
memory/4140-146-0x00007FF6D91A0000-0x00007FF6D94F1000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2313-0x00007FF6D91A0000-0x00007FF6D94F1000-memory.dmp

Filesize
3.3MB

Download
memory/4240-2283-0x00007FF68E220000-0x00007FF68E571000-memory.dmp

Filesize
3.3MB

Download
memory/4240-82-0x00007FF68E220000-0x00007FF68E571000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2287-0x00007FF732E60000-0x00007FF7331B1000-memory.dmp

Filesize
3.3MB

Download
memory/4264-55-0x00007FF732E60000-0x00007FF7331B1000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2221-0x00007FF732E60000-0x00007FF7331B1000-memory.dmp

Filesize
3.3MB

Download
memory/4512-2311-0x00007FF701120000-0x00007FF701471000-memory.dmp

Filesize
3.3MB

Download
memory/4512-409-0x00007FF701120000-0x00007FF701471000-memory.dmp

Filesize
3.3MB

Download
memory/4520-412-0x00007FF691EA0000-0x00007FF6921F1000-memory.dmp

Filesize
3.3MB

Download
memory/4520-2328-0x00007FF691EA0000-0x00007FF6921F1000-memory.dmp

Filesize
3.3MB

Download
memory/4604-2256-0x00007FF7C4F40000-0x00007FF7C5291000-memory.dmp

Filesize
3.3MB

Download
memory/4604-87-0x00007FF7C4F40000-0x00007FF7C5291000-memory.dmp

Filesize
3.3MB

Download
memory/4604-2295-0x00007FF7C4F40000-0x00007FF7C5291000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2317-0x00007FF71B180000-0x00007FF71B4D1000-memory.dmp

Filesize
3.3MB

Download
memory/4624-408-0x00007FF71B180000-0x00007FF71B4D1000-memory.dmp

Filesize
3.3MB

Download
memory/4644-0-0x00007FF765BA0000-0x00007FF765EF1000-memory.dmp

Filesize
3.3MB

Download
memory/4644-1001-0x00007FF765BA0000-0x00007FF765EF1000-memory.dmp

Filesize
3.3MB

Download
memory/4644-1-0x000001AA68160000-0x000001AA68170000-memory.dmp

Filesize
64KB

Download
memory/4708-2279-0x00007FF6F4500000-0x00007FF6F4851000-memory.dmp

Filesize
3.3MB

Download
memory/4708-2220-0x00007FF6F4500000-0x00007FF6F4851000-memory.dmp

Filesize
3.3MB

Download
memory/4708-46-0x00007FF6F4500000-0x00007FF6F4851000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2293-0x00007FF730800000-0x00007FF730B51000-memory.dmp

Filesize
3.3MB

Download
memory/4940-103-0x00007FF730800000-0x00007FF730B51000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2228-0x00007FF730800000-0x00007FF730B51000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2297-0x00007FF7C6BE0000-0x00007FF7C6F31000-memory.dmp

Filesize
3.3MB

Download
memory/4944-131-0x00007FF7C6BE0000-0x00007FF7C6F31000-memory.dmp

Filesize
3.3MB

Download
memory/5096-14-0x00007FF7A62F0000-0x00007FF7A6641000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2269-0x00007FF7A62F0000-0x00007FF7A6641000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads