xmrig | 9a830dca86c4c0d5e5fae1a942b802cc4c5e201af12559569fd5cfc26022d2fa

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 01:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
Size

1.7MB
MD5

1a36382afde44a9c8bd30d30fa95c400
SHA1

7904721895a2985f227bd72c6d3ed3af93675e63
SHA256

9a830dca86c4c0d5e5fae1a942b802cc4c5e201af12559569fd5cfc26022d2fa
SHA512

dc7c82ed520d8dc1148b5390b27263f644f287ae09a88320e855586c694560ee4692737d94e7b9ef8ce2f98be91a5f829c376cb7430510a5409d332cf5d02d31
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727F15qbrund+fT+xLTlHLnEPr33Il+8F37XeB9bOLar:ROdWCCi7/rahlqOdg6VLEL3e7/Bm

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/3196-558-0x00007FF679010000-0x00007FF679361000-memory.dmp	xmrig
behavioral2/memory/3128-559-0x00007FF7FBD70000-0x00007FF7FC0C1000-memory.dmp	xmrig
behavioral2/memory/2360-561-0x00007FF6D2E00000-0x00007FF6D3151000-memory.dmp	xmrig
behavioral2/memory/4552-560-0x00007FF61C830000-0x00007FF61CB81000-memory.dmp	xmrig
behavioral2/memory/2244-562-0x00007FF6B1E60000-0x00007FF6B21B1000-memory.dmp	xmrig
behavioral2/memory/1692-58-0x00007FF6BD370000-0x00007FF6BD6C1000-memory.dmp	xmrig
behavioral2/memory/1360-57-0x00007FF75BB80000-0x00007FF75BED1000-memory.dmp	xmrig
behavioral2/memory/2208-42-0x00007FF65EFC0000-0x00007FF65F311000-memory.dmp	xmrig
behavioral2/memory/4816-25-0x00007FF7BED90000-0x00007FF7BF0E1000-memory.dmp	xmrig
behavioral2/memory/932-10-0x00007FF79C190000-0x00007FF79C4E1000-memory.dmp	xmrig
behavioral2/memory/4908-564-0x00007FF62E8C0000-0x00007FF62EC11000-memory.dmp	xmrig
behavioral2/memory/2172-563-0x00007FF7EC530000-0x00007FF7EC881000-memory.dmp	xmrig
behavioral2/memory/2968-568-0x00007FF757660000-0x00007FF7579B1000-memory.dmp	xmrig
behavioral2/memory/3516-567-0x00007FF7F0D20000-0x00007FF7F1071000-memory.dmp	xmrig
behavioral2/memory/3204-581-0x00007FF7B51D0000-0x00007FF7B5521000-memory.dmp	xmrig
behavioral2/memory/1216-576-0x00007FF73B040000-0x00007FF73B391000-memory.dmp	xmrig
behavioral2/memory/4960-574-0x00007FF6CDFD0000-0x00007FF6CE321000-memory.dmp	xmrig
behavioral2/memory/5040-589-0x00007FF7BC320000-0x00007FF7BC671000-memory.dmp	xmrig
behavioral2/memory/3752-593-0x00007FF65BD00000-0x00007FF65C051000-memory.dmp	xmrig
behavioral2/memory/2200-596-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp	xmrig
behavioral2/memory/656-590-0x00007FF780F30000-0x00007FF781281000-memory.dmp	xmrig
behavioral2/memory/1092-2196-0x00007FF70F8A0000-0x00007FF70FBF1000-memory.dmp	xmrig
behavioral2/memory/3508-2197-0x00007FF741940000-0x00007FF741C91000-memory.dmp	xmrig
behavioral2/memory/1360-2198-0x00007FF75BB80000-0x00007FF75BED1000-memory.dmp	xmrig
behavioral2/memory/3192-2205-0x00007FF6F3840000-0x00007FF6F3B91000-memory.dmp	xmrig
behavioral2/memory/1972-2206-0x00007FF778B50000-0x00007FF778EA1000-memory.dmp	xmrig
behavioral2/memory/3560-2211-0x00007FF615D00000-0x00007FF616051000-memory.dmp	xmrig
behavioral2/memory/4896-2234-0x00007FF6D9B70000-0x00007FF6D9EC1000-memory.dmp	xmrig
behavioral2/memory/2272-2235-0x00007FF63B490000-0x00007FF63B7E1000-memory.dmp	xmrig
behavioral2/memory/752-2236-0x00007FF6106B0000-0x00007FF610A01000-memory.dmp	xmrig
behavioral2/memory/932-2257-0x00007FF79C190000-0x00007FF79C4E1000-memory.dmp	xmrig
behavioral2/memory/1092-2259-0x00007FF70F8A0000-0x00007FF70FBF1000-memory.dmp	xmrig
behavioral2/memory/4816-2261-0x00007FF7BED90000-0x00007FF7BF0E1000-memory.dmp	xmrig
behavioral2/memory/2208-2263-0x00007FF65EFC0000-0x00007FF65F311000-memory.dmp	xmrig
behavioral2/memory/1692-2271-0x00007FF6BD370000-0x00007FF6BD6C1000-memory.dmp	xmrig
behavioral2/memory/3508-2269-0x00007FF741940000-0x00007FF741C91000-memory.dmp	xmrig
behavioral2/memory/3192-2267-0x00007FF6F3840000-0x00007FF6F3B91000-memory.dmp	xmrig
behavioral2/memory/1360-2265-0x00007FF75BB80000-0x00007FF75BED1000-memory.dmp	xmrig
behavioral2/memory/3560-2274-0x00007FF615D00000-0x00007FF616051000-memory.dmp	xmrig
behavioral2/memory/1972-2275-0x00007FF778B50000-0x00007FF778EA1000-memory.dmp	xmrig
behavioral2/memory/3196-2283-0x00007FF679010000-0x00007FF679361000-memory.dmp	xmrig
behavioral2/memory/2244-2291-0x00007FF6B1E60000-0x00007FF6B21B1000-memory.dmp	xmrig
behavioral2/memory/4908-2295-0x00007FF62E8C0000-0x00007FF62EC11000-memory.dmp	xmrig
behavioral2/memory/3516-2297-0x00007FF7F0D20000-0x00007FF7F1071000-memory.dmp	xmrig
behavioral2/memory/2172-2293-0x00007FF7EC530000-0x00007FF7EC881000-memory.dmp	xmrig
behavioral2/memory/2360-2289-0x00007FF6D2E00000-0x00007FF6D3151000-memory.dmp	xmrig
behavioral2/memory/4552-2287-0x00007FF61C830000-0x00007FF61CB81000-memory.dmp	xmrig
behavioral2/memory/2272-2281-0x00007FF63B490000-0x00007FF63B7E1000-memory.dmp	xmrig
behavioral2/memory/752-2279-0x00007FF6106B0000-0x00007FF610A01000-memory.dmp	xmrig
behavioral2/memory/4896-2277-0x00007FF6D9B70000-0x00007FF6D9EC1000-memory.dmp	xmrig
behavioral2/memory/3128-2285-0x00007FF7FBD70000-0x00007FF7FC0C1000-memory.dmp	xmrig
behavioral2/memory/3752-2330-0x00007FF65BD00000-0x00007FF65C051000-memory.dmp	xmrig
behavioral2/memory/656-2320-0x00007FF780F30000-0x00007FF781281000-memory.dmp	xmrig
behavioral2/memory/2200-2315-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp	xmrig
behavioral2/memory/4960-2307-0x00007FF6CDFD0000-0x00007FF6CE321000-memory.dmp	xmrig
behavioral2/memory/1216-2303-0x00007FF73B040000-0x00007FF73B391000-memory.dmp	xmrig
behavioral2/memory/5040-2301-0x00007FF7BC320000-0x00007FF7BC671000-memory.dmp	xmrig
behavioral2/memory/3204-2305-0x00007FF7B51D0000-0x00007FF7B5521000-memory.dmp	xmrig
behavioral2/memory/2968-2299-0x00007FF757660000-0x00007FF7579B1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
932	ObnxdFd.exe
1092	icaNmIu.exe
4816	JRiJPUB.exe
2208	DwxTxps.exe
1692	gVptnuK.exe
3192	YFWBJKX.exe
3508	shUCjbm.exe
1360	oKbpfzm.exe
1972	MAlPnpW.exe
3560	KnlRJaQ.exe
4896	KrjXUJF.exe
2272	mpConEN.exe
752	qfoGUHW.exe
3196	sDAqRFA.exe
3128	NdZhUxm.exe
4552	mnXyhQc.exe
2360	OIYdkqS.exe
2244	MGbHeFK.exe
2172	tXKsNos.exe
4908	VtTjUYu.exe
3516	FbUuAzC.exe
2968	IiFAuCy.exe
4960	eibluzB.exe
1216	ztUAEek.exe
3204	zNNfxFg.exe
5040	upbHVih.exe
656	YstQckO.exe
3752	gmeBpPe.exe
2200	UDQhxuE.exe
976	pSqesHy.exe
1420	RCgeVAs.exe
3168	ZVkQqcg.exe
3836	WcGwIpW.exe
3040	EqHJNSr.exe
3188	rDucKSs.exe
1228	sSjvSqm.exe
2768	eITdybP.exe
2460	Zgetqsc.exe
4232	iNrUgjZ.exe
1508	piyfgWN.exe
1308	jBsMxgV.exe
4560	emIPGDW.exe
3716	bdcsplX.exe
1140	WCszgSR.exe
3744	ZiYSRMY.exe
4424	CpPiRfv.exe
5032	EsnoSOx.exe
4068	VrOAYAm.exe
3100	pMwgzBU.exe
3696	yhobrzC.exe
892	SLwdkZQ.exe
3432	BOpDoYo.exe
3656	bAyebNG.exe
4456	zpFlrQD.exe
1600	UEBvIdp.exe
1492	gxcFihD.exe
2552	HTLupIi.exe
2256	GQtxaLh.exe
1716	UXHZgJL.exe
4860	igDlrNo.exe
4108	uaYdTbF.exe
3876	uzzWogJ.exe
1220	DJzjbRq.exe
5092	UWDkNdZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3144-0-0x00007FF77E350000-0x00007FF77E6A1000-memory.dmp	upx
behavioral2/files/0x000900000002341d-5.dat	upx
behavioral2/files/0x000700000002342c-9.dat	upx
behavioral2/files/0x000700000002342e-20.dat	upx
behavioral2/files/0x000700000002342f-26.dat	upx
behavioral2/files/0x0007000000023433-46.dat	upx
behavioral2/memory/3508-52-0x00007FF741940000-0x00007FF741C91000-memory.dmp	upx
behavioral2/files/0x0007000000023435-59.dat	upx
behavioral2/files/0x0007000000023437-73.dat	upx
behavioral2/memory/752-78-0x00007FF6106B0000-0x00007FF610A01000-memory.dmp	upx
behavioral2/files/0x000700000002343b-101.dat	upx
behavioral2/files/0x0007000000023441-131.dat	upx
behavioral2/files/0x0007000000023442-144.dat	upx
behavioral2/files/0x0007000000023445-159.dat	upx
behavioral2/memory/3196-558-0x00007FF679010000-0x00007FF679361000-memory.dmp	upx
behavioral2/memory/3128-559-0x00007FF7FBD70000-0x00007FF7FC0C1000-memory.dmp	upx
behavioral2/memory/2360-561-0x00007FF6D2E00000-0x00007FF6D3151000-memory.dmp	upx
behavioral2/memory/4552-560-0x00007FF61C830000-0x00007FF61CB81000-memory.dmp	upx
behavioral2/files/0x000700000002344a-176.dat	upx
behavioral2/files/0x0007000000023448-174.dat	upx
behavioral2/files/0x0007000000023449-171.dat	upx
behavioral2/files/0x0007000000023447-169.dat	upx
behavioral2/files/0x0007000000023446-164.dat	upx
behavioral2/files/0x0007000000023444-154.dat	upx
behavioral2/files/0x0007000000023443-149.dat	upx
behavioral2/files/0x0007000000023440-134.dat	upx
behavioral2/files/0x000700000002343f-127.dat	upx
behavioral2/memory/2244-562-0x00007FF6B1E60000-0x00007FF6B21B1000-memory.dmp	upx
behavioral2/files/0x000700000002343e-122.dat	upx
behavioral2/files/0x000700000002343d-119.dat	upx
behavioral2/files/0x000700000002343c-114.dat	upx
behavioral2/files/0x000700000002343a-104.dat	upx
behavioral2/files/0x0007000000023439-99.dat	upx
behavioral2/files/0x0009000000023425-94.dat	upx
behavioral2/files/0x0007000000023438-87.dat	upx
behavioral2/files/0x0007000000023436-76.dat	upx
behavioral2/memory/2272-75-0x00007FF63B490000-0x00007FF63B7E1000-memory.dmp	upx
behavioral2/memory/4896-74-0x00007FF6D9B70000-0x00007FF6D9EC1000-memory.dmp	upx
behavioral2/memory/3560-69-0x00007FF615D00000-0x00007FF616051000-memory.dmp	upx
behavioral2/files/0x0007000000023434-63.dat	upx
behavioral2/memory/1972-62-0x00007FF778B50000-0x00007FF778EA1000-memory.dmp	upx
behavioral2/memory/1692-58-0x00007FF6BD370000-0x00007FF6BD6C1000-memory.dmp	upx
behavioral2/memory/1360-57-0x00007FF75BB80000-0x00007FF75BED1000-memory.dmp	upx
behavioral2/files/0x0007000000023432-51.dat	upx
behavioral2/files/0x0007000000023431-45.dat	upx
behavioral2/files/0x0007000000023430-44.dat	upx
behavioral2/memory/3192-43-0x00007FF6F3840000-0x00007FF6F3B91000-memory.dmp	upx
behavioral2/memory/2208-42-0x00007FF65EFC0000-0x00007FF65F311000-memory.dmp	upx
behavioral2/files/0x000700000002342d-29.dat	upx
behavioral2/memory/4816-25-0x00007FF7BED90000-0x00007FF7BF0E1000-memory.dmp	upx
behavioral2/memory/1092-13-0x00007FF70F8A0000-0x00007FF70FBF1000-memory.dmp	upx
behavioral2/memory/932-10-0x00007FF79C190000-0x00007FF79C4E1000-memory.dmp	upx
behavioral2/memory/4908-564-0x00007FF62E8C0000-0x00007FF62EC11000-memory.dmp	upx
behavioral2/memory/2172-563-0x00007FF7EC530000-0x00007FF7EC881000-memory.dmp	upx
behavioral2/memory/2968-568-0x00007FF757660000-0x00007FF7579B1000-memory.dmp	upx
behavioral2/memory/3516-567-0x00007FF7F0D20000-0x00007FF7F1071000-memory.dmp	upx
behavioral2/memory/3204-581-0x00007FF7B51D0000-0x00007FF7B5521000-memory.dmp	upx
behavioral2/memory/1216-576-0x00007FF73B040000-0x00007FF73B391000-memory.dmp	upx
behavioral2/memory/4960-574-0x00007FF6CDFD0000-0x00007FF6CE321000-memory.dmp	upx
behavioral2/memory/5040-589-0x00007FF7BC320000-0x00007FF7BC671000-memory.dmp	upx
behavioral2/memory/3752-593-0x00007FF65BD00000-0x00007FF65C051000-memory.dmp	upx
behavioral2/memory/2200-596-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp	upx
behavioral2/memory/656-590-0x00007FF780F30000-0x00007FF781281000-memory.dmp	upx
behavioral2/memory/1092-2196-0x00007FF70F8A0000-0x00007FF70FBF1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PztSLyj.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\sdoQJGU.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\msnwIrZ.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\MfXqBqE.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\YFWBJKX.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\dMLuoEy.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\vkXxACP.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\wIoTQAC.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\ekdEzSM.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\mRCthrz.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\orSSbgJ.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\cbTvAQt.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\TmJnKGP.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\SaFTtNU.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\yhobrzC.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\HTLupIi.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\cBWVQIm.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\uXOYOkX.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\LHZbvly.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\cEegOCr.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\BNSnanq.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\KlEmalX.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\PeYXcdc.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\mQVfRlf.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\KNcOaSW.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\EqHJNSr.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\bHKcwEr.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\HLDmNsY.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\bdcsplX.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\dPxyeTF.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\dsiLsCN.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\OfHevJu.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\guYwlTV.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\ooELLtR.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\kebMhgv.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\ZsbYfGC.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\QwmYPTW.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\MsaRQWs.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\XQzgalu.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\dXeQxyq.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\WcGwIpW.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\igDlrNo.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\yCdxzGQ.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\lHrnQFq.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\XGElOQY.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\AHRtqvy.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\ociYEdf.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\DdqODAZ.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\vOLJfIU.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\dhxWjnS.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\aYlVtHk.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\koeHHBg.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\aMzzTFE.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\DBEfEtP.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\IuRVnWf.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\aQcevtP.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\FUngtyk.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\ZYvFxYb.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\nIuuxSa.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\vTDAUpy.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\KyKIHBX.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\PgEqzXR.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\mbPQeJp.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
File created	C:\Windows\System\rFKlDXb.exe	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3608	dwm.exe
Token: SeChangeNotifyPrivilege	3608	dwm.exe
Token: 33	3608	dwm.exe
Token: SeIncBasePriorityPrivilege	3608	dwm.exe
Token: SeShutdownPrivilege	3608	dwm.exe
Token: SeCreatePagefilePrivilege	3608	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 932	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	85
PID 3144 wrote to memory of 932	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	85
PID 3144 wrote to memory of 1092	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	86
PID 3144 wrote to memory of 1092	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	86
PID 3144 wrote to memory of 2208	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	87
PID 3144 wrote to memory of 2208	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	87
PID 3144 wrote to memory of 4816	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	88
PID 3144 wrote to memory of 4816	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	88
PID 3144 wrote to memory of 1692	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	89
PID 3144 wrote to memory of 1692	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	89
PID 3144 wrote to memory of 3192	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	90
PID 3144 wrote to memory of 3192	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	90
PID 3144 wrote to memory of 3508	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	91
PID 3144 wrote to memory of 3508	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	91
PID 3144 wrote to memory of 1360	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	92
PID 3144 wrote to memory of 1360	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	92
PID 3144 wrote to memory of 1972	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	93
PID 3144 wrote to memory of 1972	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	93
PID 3144 wrote to memory of 3560	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	94
PID 3144 wrote to memory of 3560	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	94
PID 3144 wrote to memory of 4896	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	95
PID 3144 wrote to memory of 4896	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	95
PID 3144 wrote to memory of 2272	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	96
PID 3144 wrote to memory of 2272	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	96
PID 3144 wrote to memory of 752	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	97
PID 3144 wrote to memory of 752	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	97
PID 3144 wrote to memory of 3196	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	98
PID 3144 wrote to memory of 3196	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	98
PID 3144 wrote to memory of 3128	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	99
PID 3144 wrote to memory of 3128	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	99
PID 3144 wrote to memory of 4552	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	100
PID 3144 wrote to memory of 4552	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	100
PID 3144 wrote to memory of 2360	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	101
PID 3144 wrote to memory of 2360	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	101
PID 3144 wrote to memory of 2244	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	102
PID 3144 wrote to memory of 2244	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	102
PID 3144 wrote to memory of 2172	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	103
PID 3144 wrote to memory of 2172	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	103
PID 3144 wrote to memory of 4908	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	104
PID 3144 wrote to memory of 4908	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	104
PID 3144 wrote to memory of 3516	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	105
PID 3144 wrote to memory of 3516	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	105
PID 3144 wrote to memory of 2968	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	106
PID 3144 wrote to memory of 2968	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	106
PID 3144 wrote to memory of 4960	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	107
PID 3144 wrote to memory of 4960	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	107
PID 3144 wrote to memory of 1216	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	108
PID 3144 wrote to memory of 1216	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	108
PID 3144 wrote to memory of 3204	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	109
PID 3144 wrote to memory of 3204	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	109
PID 3144 wrote to memory of 5040	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	110
PID 3144 wrote to memory of 5040	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	110
PID 3144 wrote to memory of 656	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	111
PID 3144 wrote to memory of 656	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	111
PID 3144 wrote to memory of 3752	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	112
PID 3144 wrote to memory of 3752	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	112
PID 3144 wrote to memory of 2200	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	113
PID 3144 wrote to memory of 2200	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	113
PID 3144 wrote to memory of 976	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	114
PID 3144 wrote to memory of 976	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	114
PID 3144 wrote to memory of 1420	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	115
PID 3144 wrote to memory of 1420	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	115
PID 3144 wrote to memory of 3168	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	116
PID 3144 wrote to memory of 3168	3144	1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1a36382afde44a9c8bd30d30fa95c400_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Windows\System\ObnxdFd.exe
  C:\Windows\System\ObnxdFd.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\icaNmIu.exe
  C:\Windows\System\icaNmIu.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\DwxTxps.exe
  C:\Windows\System\DwxTxps.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\JRiJPUB.exe
  C:\Windows\System\JRiJPUB.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\gVptnuK.exe
  C:\Windows\System\gVptnuK.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\YFWBJKX.exe
  C:\Windows\System\YFWBJKX.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\shUCjbm.exe
  C:\Windows\System\shUCjbm.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\oKbpfzm.exe
  C:\Windows\System\oKbpfzm.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\MAlPnpW.exe
  C:\Windows\System\MAlPnpW.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\KnlRJaQ.exe
  C:\Windows\System\KnlRJaQ.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\KrjXUJF.exe
  C:\Windows\System\KrjXUJF.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\mpConEN.exe
  C:\Windows\System\mpConEN.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\qfoGUHW.exe
  C:\Windows\System\qfoGUHW.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\sDAqRFA.exe
  C:\Windows\System\sDAqRFA.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\NdZhUxm.exe
  C:\Windows\System\NdZhUxm.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\mnXyhQc.exe
  C:\Windows\System\mnXyhQc.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\OIYdkqS.exe
  C:\Windows\System\OIYdkqS.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\MGbHeFK.exe
  C:\Windows\System\MGbHeFK.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\tXKsNos.exe
  C:\Windows\System\tXKsNos.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\VtTjUYu.exe
  C:\Windows\System\VtTjUYu.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\FbUuAzC.exe
  C:\Windows\System\FbUuAzC.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\IiFAuCy.exe
  C:\Windows\System\IiFAuCy.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\eibluzB.exe
  C:\Windows\System\eibluzB.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\ztUAEek.exe
  C:\Windows\System\ztUAEek.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\zNNfxFg.exe
  C:\Windows\System\zNNfxFg.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\upbHVih.exe
  C:\Windows\System\upbHVih.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\YstQckO.exe
  C:\Windows\System\YstQckO.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\gmeBpPe.exe
  C:\Windows\System\gmeBpPe.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\UDQhxuE.exe
  C:\Windows\System\UDQhxuE.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\pSqesHy.exe
  C:\Windows\System\pSqesHy.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\RCgeVAs.exe
  C:\Windows\System\RCgeVAs.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\ZVkQqcg.exe
  C:\Windows\System\ZVkQqcg.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\WcGwIpW.exe
  C:\Windows\System\WcGwIpW.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\EqHJNSr.exe
  C:\Windows\System\EqHJNSr.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\rDucKSs.exe
  C:\Windows\System\rDucKSs.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\sSjvSqm.exe
  C:\Windows\System\sSjvSqm.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\eITdybP.exe
  C:\Windows\System\eITdybP.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\Zgetqsc.exe
  C:\Windows\System\Zgetqsc.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\iNrUgjZ.exe
  C:\Windows\System\iNrUgjZ.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\piyfgWN.exe
  C:\Windows\System\piyfgWN.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\jBsMxgV.exe
  C:\Windows\System\jBsMxgV.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\emIPGDW.exe
  C:\Windows\System\emIPGDW.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\bdcsplX.exe
  C:\Windows\System\bdcsplX.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\WCszgSR.exe
  C:\Windows\System\WCszgSR.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\ZiYSRMY.exe
  C:\Windows\System\ZiYSRMY.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\CpPiRfv.exe
  C:\Windows\System\CpPiRfv.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\EsnoSOx.exe
  C:\Windows\System\EsnoSOx.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\VrOAYAm.exe
  C:\Windows\System\VrOAYAm.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\pMwgzBU.exe
  C:\Windows\System\pMwgzBU.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\yhobrzC.exe
  C:\Windows\System\yhobrzC.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\SLwdkZQ.exe
  C:\Windows\System\SLwdkZQ.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\BOpDoYo.exe
  C:\Windows\System\BOpDoYo.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\bAyebNG.exe
  C:\Windows\System\bAyebNG.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\zpFlrQD.exe
  C:\Windows\System\zpFlrQD.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\UEBvIdp.exe
  C:\Windows\System\UEBvIdp.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\gxcFihD.exe
  C:\Windows\System\gxcFihD.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\HTLupIi.exe
  C:\Windows\System\HTLupIi.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\GQtxaLh.exe
  C:\Windows\System\GQtxaLh.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\UXHZgJL.exe
  C:\Windows\System\UXHZgJL.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\igDlrNo.exe
  C:\Windows\System\igDlrNo.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\uaYdTbF.exe
  C:\Windows\System\uaYdTbF.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\uzzWogJ.exe
  C:\Windows\System\uzzWogJ.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\DJzjbRq.exe
  C:\Windows\System\DJzjbRq.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\UWDkNdZ.exe
  C:\Windows\System\UWDkNdZ.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\xAgCdBN.exe
  C:\Windows\System\xAgCdBN.exe
  2⤵
  PID:2844
- C:\Windows\System\jeVKJdT.exe
  C:\Windows\System\jeVKJdT.exe
  2⤵
  PID:4876
- C:\Windows\System\oHJJHsQ.exe
  C:\Windows\System\oHJJHsQ.exe
  2⤵
  PID:2164
- C:\Windows\System\CLSROaP.exe
  C:\Windows\System\CLSROaP.exe
  2⤵
  PID:1208
- C:\Windows\System\MjisjJU.exe
  C:\Windows\System\MjisjJU.exe
  2⤵
  PID:3184
- C:\Windows\System\kMhsFmK.exe
  C:\Windows\System\kMhsFmK.exe
  2⤵
  PID:3688
- C:\Windows\System\aYlVtHk.exe
  C:\Windows\System\aYlVtHk.exe
  2⤵
  PID:4296
- C:\Windows\System\JlCGHEO.exe
  C:\Windows\System\JlCGHEO.exe
  2⤵
  PID:2944
- C:\Windows\System\hIbGZhj.exe
  C:\Windows\System\hIbGZhj.exe
  2⤵
  PID:1448
- C:\Windows\System\tyhvceZ.exe
  C:\Windows\System\tyhvceZ.exe
  2⤵
  PID:1736
- C:\Windows\System\NLEZZRk.exe
  C:\Windows\System\NLEZZRk.exe
  2⤵
  PID:4580
- C:\Windows\System\cADFATM.exe
  C:\Windows\System\cADFATM.exe
  2⤵
  PID:5144
- C:\Windows\System\UelTqei.exe
  C:\Windows\System\UelTqei.exe
  2⤵
  PID:5172
- C:\Windows\System\AEDzSET.exe
  C:\Windows\System\AEDzSET.exe
  2⤵
  PID:5200
- C:\Windows\System\rFKlDXb.exe
  C:\Windows\System\rFKlDXb.exe
  2⤵
  PID:5228
- C:\Windows\System\LxQQXFZ.exe
  C:\Windows\System\LxQQXFZ.exe
  2⤵
  PID:5256
- C:\Windows\System\dPxyeTF.exe
  C:\Windows\System\dPxyeTF.exe
  2⤵
  PID:5284
- C:\Windows\System\XGElOQY.exe
  C:\Windows\System\XGElOQY.exe
  2⤵
  PID:5312
- C:\Windows\System\mRCthrz.exe
  C:\Windows\System\mRCthrz.exe
  2⤵
  PID:5340
- C:\Windows\System\oGFRTSp.exe
  C:\Windows\System\oGFRTSp.exe
  2⤵
  PID:5368
- C:\Windows\System\uqqtvqD.exe
  C:\Windows\System\uqqtvqD.exe
  2⤵
  PID:5396
- C:\Windows\System\vazvDYD.exe
  C:\Windows\System\vazvDYD.exe
  2⤵
  PID:5428
- C:\Windows\System\ePNmbRy.exe
  C:\Windows\System\ePNmbRy.exe
  2⤵
  PID:5452
- C:\Windows\System\OSRqUiF.exe
  C:\Windows\System\OSRqUiF.exe
  2⤵
  PID:5484
- C:\Windows\System\sUIYeHR.exe
  C:\Windows\System\sUIYeHR.exe
  2⤵
  PID:5512
- C:\Windows\System\VOrGCGU.exe
  C:\Windows\System\VOrGCGU.exe
  2⤵
  PID:5540
- C:\Windows\System\aXoEucg.exe
  C:\Windows\System\aXoEucg.exe
  2⤵
  PID:5568
- C:\Windows\System\PYIboVU.exe
  C:\Windows\System\PYIboVU.exe
  2⤵
  PID:5592
- C:\Windows\System\TEDDUbZ.exe
  C:\Windows\System\TEDDUbZ.exe
  2⤵
  PID:5620
- C:\Windows\System\VquwABg.exe
  C:\Windows\System\VquwABg.exe
  2⤵
  PID:5644
- C:\Windows\System\TAAbmHT.exe
  C:\Windows\System\TAAbmHT.exe
  2⤵
  PID:5676
- C:\Windows\System\joaXHTl.exe
  C:\Windows\System\joaXHTl.exe
  2⤵
  PID:5704
- C:\Windows\System\iOozOuW.exe
  C:\Windows\System\iOozOuW.exe
  2⤵
  PID:5732
- C:\Windows\System\PztSLyj.exe
  C:\Windows\System\PztSLyj.exe
  2⤵
  PID:5760
- C:\Windows\System\qEczrDs.exe
  C:\Windows\System\qEczrDs.exe
  2⤵
  PID:5788
- C:\Windows\System\GRtjOyu.exe
  C:\Windows\System\GRtjOyu.exe
  2⤵
  PID:5816
- C:\Windows\System\yedOnub.exe
  C:\Windows\System\yedOnub.exe
  2⤵
  PID:5844
- C:\Windows\System\dsiLsCN.exe
  C:\Windows\System\dsiLsCN.exe
  2⤵
  PID:5868
- C:\Windows\System\guMpfHT.exe
  C:\Windows\System\guMpfHT.exe
  2⤵
  PID:5900
- C:\Windows\System\cHoIbOA.exe
  C:\Windows\System\cHoIbOA.exe
  2⤵
  PID:5916
- C:\Windows\System\WxCxwbI.exe
  C:\Windows\System\WxCxwbI.exe
  2⤵
  PID:5952
- C:\Windows\System\mIpzikB.exe
  C:\Windows\System\mIpzikB.exe
  2⤵
  PID:5980
- C:\Windows\System\PRJonCg.exe
  C:\Windows\System\PRJonCg.exe
  2⤵
  PID:6012
- C:\Windows\System\DlZpIhU.exe
  C:\Windows\System\DlZpIhU.exe
  2⤵
  PID:6040
- C:\Windows\System\YHPHvVs.exe
  C:\Windows\System\YHPHvVs.exe
  2⤵
  PID:6064
- C:\Windows\System\ZpahCiu.exe
  C:\Windows\System\ZpahCiu.exe
  2⤵
  PID:6092
- C:\Windows\System\LFFwjao.exe
  C:\Windows\System\LFFwjao.exe
  2⤵
  PID:6120
- C:\Windows\System\bJMoTtZ.exe
  C:\Windows\System\bJMoTtZ.exe
  2⤵
  PID:1280
- C:\Windows\System\ZsSFXBd.exe
  C:\Windows\System\ZsSFXBd.exe
  2⤵
  PID:1328
- C:\Windows\System\jXgAiBT.exe
  C:\Windows\System\jXgAiBT.exe
  2⤵
  PID:1324
- C:\Windows\System\dLPLrzj.exe
  C:\Windows\System\dLPLrzj.exe
  2⤵
  PID:3236
- C:\Windows\System\YNhtxDZ.exe
  C:\Windows\System\YNhtxDZ.exe
  2⤵
  PID:3396
- C:\Windows\System\YXxwoil.exe
  C:\Windows\System\YXxwoil.exe
  2⤵
  PID:5128
- C:\Windows\System\fOVUmDi.exe
  C:\Windows\System\fOVUmDi.exe
  2⤵
  PID:5188
- C:\Windows\System\WwmiJfS.exe
  C:\Windows\System\WwmiJfS.exe
  2⤵
  PID:5248
- C:\Windows\System\prnoSgy.exe
  C:\Windows\System\prnoSgy.exe
  2⤵
  PID:5304
- C:\Windows\System\DRWRzbs.exe
  C:\Windows\System\DRWRzbs.exe
  2⤵
  PID:5380
- C:\Windows\System\VdNXAcl.exe
  C:\Windows\System\VdNXAcl.exe
  2⤵
  PID:5436
- C:\Windows\System\OqITIJy.exe
  C:\Windows\System\OqITIJy.exe
  2⤵
  PID:5500
- C:\Windows\System\TNVRfLf.exe
  C:\Windows\System\TNVRfLf.exe
  2⤵
  PID:5560
- C:\Windows\System\MwFLqbe.exe
  C:\Windows\System\MwFLqbe.exe
  2⤵
  PID:5632
- C:\Windows\System\eFmFwRf.exe
  C:\Windows\System\eFmFwRf.exe
  2⤵
  PID:5692
- C:\Windows\System\lnJDSiM.exe
  C:\Windows\System\lnJDSiM.exe
  2⤵
  PID:5752
- C:\Windows\System\mxSETcj.exe
  C:\Windows\System\mxSETcj.exe
  2⤵
  PID:5800
- C:\Windows\System\ybMQYZf.exe
  C:\Windows\System\ybMQYZf.exe
  2⤵
  PID:5860
- C:\Windows\System\MpuaWIj.exe
  C:\Windows\System\MpuaWIj.exe
  2⤵
  PID:1712
- C:\Windows\System\plqsGMz.exe
  C:\Windows\System\plqsGMz.exe
  2⤵
  PID:4648
- C:\Windows\System\drioIjb.exe
  C:\Windows\System\drioIjb.exe
  2⤵
  PID:6028
- C:\Windows\System\EdwbNsZ.exe
  C:\Windows\System\EdwbNsZ.exe
  2⤵
  PID:6084
- C:\Windows\System\lVmGICu.exe
  C:\Windows\System\lVmGICu.exe
  2⤵
  PID:4132
- C:\Windows\System\rchXwae.exe
  C:\Windows\System\rchXwae.exe
  2⤵
  PID:3276
- C:\Windows\System\WnRchfo.exe
  C:\Windows\System\WnRchfo.exe
  2⤵
  PID:316
- C:\Windows\System\zzYhsoi.exe
  C:\Windows\System\zzYhsoi.exe
  2⤵
  PID:5216
- C:\Windows\System\ZcmxpJN.exe
  C:\Windows\System\ZcmxpJN.exe
  2⤵
  PID:5296
- C:\Windows\System\hrlGYDL.exe
  C:\Windows\System\hrlGYDL.exe
  2⤵
  PID:5464
- C:\Windows\System\sdoQJGU.exe
  C:\Windows\System\sdoQJGU.exe
  2⤵
  PID:5604
- C:\Windows\System\ZsbYfGC.exe
  C:\Windows\System\ZsbYfGC.exe
  2⤵
  PID:5724
- C:\Windows\System\GQpfvWb.exe
  C:\Windows\System\GQpfvWb.exe
  2⤵
  PID:5888
- C:\Windows\System\HDJEqLg.exe
  C:\Windows\System\HDJEqLg.exe
  2⤵
  PID:5996
- C:\Windows\System\orSSbgJ.exe
  C:\Windows\System\orSSbgJ.exe
  2⤵
  PID:6136
- C:\Windows\System\ZbNxLRx.exe
  C:\Windows\System\ZbNxLRx.exe
  2⤵
  PID:848
- C:\Windows\System\OTvHvFZ.exe
  C:\Windows\System\OTvHvFZ.exe
  2⤵
  PID:5160
- C:\Windows\System\HwAjbgZ.exe
  C:\Windows\System\HwAjbgZ.exe
  2⤵
  PID:4228
- C:\Windows\System\lyiDBDY.exe
  C:\Windows\System\lyiDBDY.exe
  2⤵
  PID:6156
- C:\Windows\System\TRSIRfM.exe
  C:\Windows\System\TRSIRfM.exe
  2⤵
  PID:6184
- C:\Windows\System\gQYmcGh.exe
  C:\Windows\System\gQYmcGh.exe
  2⤵
  PID:6212
- C:\Windows\System\PWSCdzB.exe
  C:\Windows\System\PWSCdzB.exe
  2⤵
  PID:6240
- C:\Windows\System\tKbxnTY.exe
  C:\Windows\System\tKbxnTY.exe
  2⤵
  PID:6268
- C:\Windows\System\EJWMDKL.exe
  C:\Windows\System\EJWMDKL.exe
  2⤵
  PID:6292
- C:\Windows\System\EzPvwEC.exe
  C:\Windows\System\EzPvwEC.exe
  2⤵
  PID:6320
- C:\Windows\System\talsetU.exe
  C:\Windows\System\talsetU.exe
  2⤵
  PID:6352
- C:\Windows\System\kTmgMDQ.exe
  C:\Windows\System\kTmgMDQ.exe
  2⤵
  PID:6380
- C:\Windows\System\HkTeByB.exe
  C:\Windows\System\HkTeByB.exe
  2⤵
  PID:6408
- C:\Windows\System\Mwwhwyn.exe
  C:\Windows\System\Mwwhwyn.exe
  2⤵
  PID:6436
- C:\Windows\System\zfoHPyD.exe
  C:\Windows\System\zfoHPyD.exe
  2⤵
  PID:6464
- C:\Windows\System\KCmRqyF.exe
  C:\Windows\System\KCmRqyF.exe
  2⤵
  PID:6492
- C:\Windows\System\cBWVQIm.exe
  C:\Windows\System\cBWVQIm.exe
  2⤵
  PID:6520
- C:\Windows\System\yjEDPfP.exe
  C:\Windows\System\yjEDPfP.exe
  2⤵
  PID:6640
- C:\Windows\System\uEcCRbD.exe
  C:\Windows\System\uEcCRbD.exe
  2⤵
  PID:6676
- C:\Windows\System\TKGVzNF.exe
  C:\Windows\System\TKGVzNF.exe
  2⤵
  PID:6724
- C:\Windows\System\PYkXiTN.exe
  C:\Windows\System\PYkXiTN.exe
  2⤵
  PID:6748
- C:\Windows\System\ISVYNTU.exe
  C:\Windows\System\ISVYNTU.exe
  2⤵
  PID:6768
- C:\Windows\System\wZEkFmi.exe
  C:\Windows\System\wZEkFmi.exe
  2⤵
  PID:6796
- C:\Windows\System\vbOiMcK.exe
  C:\Windows\System\vbOiMcK.exe
  2⤵
  PID:6832
- C:\Windows\System\wqjlaCP.exe
  C:\Windows\System\wqjlaCP.exe
  2⤵
  PID:6852
- C:\Windows\System\yaekkkD.exe
  C:\Windows\System\yaekkkD.exe
  2⤵
  PID:6924
- C:\Windows\System\akbcbRt.exe
  C:\Windows\System\akbcbRt.exe
  2⤵
  PID:6940
- C:\Windows\System\KYxOeTt.exe
  C:\Windows\System\KYxOeTt.exe
  2⤵
  PID:6956
- C:\Windows\System\XXglbcf.exe
  C:\Windows\System\XXglbcf.exe
  2⤵
  PID:6972
- C:\Windows\System\OfHevJu.exe
  C:\Windows\System\OfHevJu.exe
  2⤵
  PID:6996
- C:\Windows\System\YLWShgI.exe
  C:\Windows\System\YLWShgI.exe
  2⤵
  PID:7024
- C:\Windows\System\ovTBPsu.exe
  C:\Windows\System\ovTBPsu.exe
  2⤵
  PID:7044
- C:\Windows\System\nlosDsk.exe
  C:\Windows\System\nlosDsk.exe
  2⤵
  PID:7064
- C:\Windows\System\MtxPmMk.exe
  C:\Windows\System\MtxPmMk.exe
  2⤵
  PID:7096
- C:\Windows\System\kzfiszI.exe
  C:\Windows\System\kzfiszI.exe
  2⤵
  PID:7128
- C:\Windows\System\ihsaVyD.exe
  C:\Windows\System\ihsaVyD.exe
  2⤵
  PID:5668
- C:\Windows\System\dmBurIo.exe
  C:\Windows\System\dmBurIo.exe
  2⤵
  PID:5944
- C:\Windows\System\ZNEVpLv.exe
  C:\Windows\System\ZNEVpLv.exe
  2⤵
  PID:4236
- C:\Windows\System\DVuLPVV.exe
  C:\Windows\System\DVuLPVV.exe
  2⤵
  PID:2744
- C:\Windows\System\WekbLAF.exe
  C:\Windows\System\WekbLAF.exe
  2⤵
  PID:1432
- C:\Windows\System\xwgWQAa.exe
  C:\Windows\System\xwgWQAa.exe
  2⤵
  PID:6228
- C:\Windows\System\TmKCIzF.exe
  C:\Windows\System\TmKCIzF.exe
  2⤵
  PID:6252
- C:\Windows\System\dIhdJXc.exe
  C:\Windows\System\dIhdJXc.exe
  2⤵
  PID:6288
- C:\Windows\System\bHKcwEr.exe
  C:\Windows\System\bHKcwEr.exe
  2⤵
  PID:6340
- C:\Windows\System\ZWgGWhm.exe
  C:\Windows\System\ZWgGWhm.exe
  2⤵
  PID:6372
- C:\Windows\System\cqQkIPr.exe
  C:\Windows\System\cqQkIPr.exe
  2⤵
  PID:6424
- C:\Windows\System\yXmiVDv.exe
  C:\Windows\System\yXmiVDv.exe
  2⤵
  PID:4488
- C:\Windows\System\VsydQRx.exe
  C:\Windows\System\VsydQRx.exe
  2⤵
  PID:6556
- C:\Windows\System\dMLuoEy.exe
  C:\Windows\System\dMLuoEy.exe
  2⤵
  PID:3116
- C:\Windows\System\FDHcVgX.exe
  C:\Windows\System\FDHcVgX.exe
  2⤵
  PID:3792
- C:\Windows\System\zbgoLuy.exe
  C:\Windows\System\zbgoLuy.exe
  2⤵
  PID:3912
- C:\Windows\System\qJgpHgA.exe
  C:\Windows\System\qJgpHgA.exe
  2⤵
  PID:1192
- C:\Windows\System\xPgDKOZ.exe
  C:\Windows\System\xPgDKOZ.exe
  2⤵
  PID:2064
- C:\Windows\System\FjmKLuX.exe
  C:\Windows\System\FjmKLuX.exe
  2⤵
  PID:2692
- C:\Windows\System\uOAkOFu.exe
  C:\Windows\System\uOAkOFu.exe
  2⤵
  PID:6672
- C:\Windows\System\vyOTJEu.exe
  C:\Windows\System\vyOTJEu.exe
  2⤵
  PID:6616
- C:\Windows\System\AHRtqvy.exe
  C:\Windows\System\AHRtqvy.exe
  2⤵
  PID:6828
- C:\Windows\System\lalAYVd.exe
  C:\Windows\System\lalAYVd.exe
  2⤵
  PID:6892
- C:\Windows\System\IWYdJjx.exe
  C:\Windows\System\IWYdJjx.exe
  2⤵
  PID:6936
- C:\Windows\System\unUvekR.exe
  C:\Windows\System\unUvekR.exe
  2⤵
  PID:7020
- C:\Windows\System\PeuOWEI.exe
  C:\Windows\System\PeuOWEI.exe
  2⤵
  PID:6984
- C:\Windows\System\WQaREpc.exe
  C:\Windows\System\WQaREpc.exe
  2⤵
  PID:7156
- C:\Windows\System\CukaCYf.exe
  C:\Windows\System\CukaCYf.exe
  2⤵
  PID:5356
- C:\Windows\System\CUKBFYZ.exe
  C:\Windows\System\CUKBFYZ.exe
  2⤵
  PID:6200
- C:\Windows\System\YxbPpmq.exe
  C:\Windows\System\YxbPpmq.exe
  2⤵
  PID:1980
- C:\Windows\System\JjuJvXl.exe
  C:\Windows\System\JjuJvXl.exe
  2⤵
  PID:4868
- C:\Windows\System\VmuCvOu.exe
  C:\Windows\System\VmuCvOu.exe
  2⤵
  PID:3084
- C:\Windows\System\cbTvAQt.exe
  C:\Windows\System\cbTvAQt.exe
  2⤵
  PID:2792
- C:\Windows\System\FUngtyk.exe
  C:\Windows\System\FUngtyk.exe
  2⤵
  PID:2840
- C:\Windows\System\zcgOJbU.exe
  C:\Windows\System\zcgOJbU.exe
  2⤵
  PID:6584
- C:\Windows\System\WySoKRc.exe
  C:\Windows\System\WySoKRc.exe
  2⤵
  PID:6588
- C:\Windows\System\IGzxomG.exe
  C:\Windows\System\IGzxomG.exe
  2⤵
  PID:2508
- C:\Windows\System\pTbqhbi.exe
  C:\Windows\System\pTbqhbi.exe
  2⤵
  PID:6708
- C:\Windows\System\PQoYlrb.exe
  C:\Windows\System\PQoYlrb.exe
  2⤵
  PID:6712
- C:\Windows\System\osPklEY.exe
  C:\Windows\System\osPklEY.exe
  2⤵
  PID:6920
- C:\Windows\System\CsCIJEY.exe
  C:\Windows\System\CsCIJEY.exe
  2⤵
  PID:7104
- C:\Windows\System\qzsVsiR.exe
  C:\Windows\System\qzsVsiR.exe
  2⤵
  PID:1356
- C:\Windows\System\pbiZsHT.exe
  C:\Windows\System\pbiZsHT.exe
  2⤵
  PID:6396
- C:\Windows\System\RDDxgME.exe
  C:\Windows\System\RDDxgME.exe
  2⤵
  PID:6480
- C:\Windows\System\UBXxcYo.exe
  C:\Windows\System\UBXxcYo.exe
  2⤵
  PID:6756
- C:\Windows\System\tjyiShg.exe
  C:\Windows\System\tjyiShg.exe
  2⤵
  PID:5532
- C:\Windows\System\dHghmqq.exe
  C:\Windows\System\dHghmqq.exe
  2⤵
  PID:6168
- C:\Windows\System\NcFqiQB.exe
  C:\Windows\System\NcFqiQB.exe
  2⤵
  PID:7180
- C:\Windows\System\BoWaMQg.exe
  C:\Windows\System\BoWaMQg.exe
  2⤵
  PID:7220
- C:\Windows\System\TNwucpv.exe
  C:\Windows\System\TNwucpv.exe
  2⤵
  PID:7240
- C:\Windows\System\hNLfKpH.exe
  C:\Windows\System\hNLfKpH.exe
  2⤵
  PID:7284
- C:\Windows\System\OWKugID.exe
  C:\Windows\System\OWKugID.exe
  2⤵
  PID:7316
- C:\Windows\System\yfCxQzT.exe
  C:\Windows\System\yfCxQzT.exe
  2⤵
  PID:7336
- C:\Windows\System\gxbCNlL.exe
  C:\Windows\System\gxbCNlL.exe
  2⤵
  PID:7364
- C:\Windows\System\enplsQw.exe
  C:\Windows\System\enplsQw.exe
  2⤵
  PID:7400
- C:\Windows\System\mHGNZxw.exe
  C:\Windows\System\mHGNZxw.exe
  2⤵
  PID:7420
- C:\Windows\System\MeQurZW.exe
  C:\Windows\System\MeQurZW.exe
  2⤵
  PID:7440
- C:\Windows\System\fnZDxRh.exe
  C:\Windows\System\fnZDxRh.exe
  2⤵
  PID:7500
- C:\Windows\System\OHMlkHo.exe
  C:\Windows\System\OHMlkHo.exe
  2⤵
  PID:7524
- C:\Windows\System\cXLzCjG.exe
  C:\Windows\System\cXLzCjG.exe
  2⤵
  PID:7556
- C:\Windows\System\tEnXClb.exe
  C:\Windows\System\tEnXClb.exe
  2⤵
  PID:7584
- C:\Windows\System\TvcJmLc.exe
  C:\Windows\System\TvcJmLc.exe
  2⤵
  PID:7620
- C:\Windows\System\BvXGRKj.exe
  C:\Windows\System\BvXGRKj.exe
  2⤵
  PID:7648
- C:\Windows\System\ITIRDsZ.exe
  C:\Windows\System\ITIRDsZ.exe
  2⤵
  PID:7672
- C:\Windows\System\ePSOWxH.exe
  C:\Windows\System\ePSOWxH.exe
  2⤵
  PID:7688
- C:\Windows\System\msnwIrZ.exe
  C:\Windows\System\msnwIrZ.exe
  2⤵
  PID:7732
- C:\Windows\System\ZGdNtWp.exe
  C:\Windows\System\ZGdNtWp.exe
  2⤵
  PID:7756
- C:\Windows\System\VIKmEPt.exe
  C:\Windows\System\VIKmEPt.exe
  2⤵
  PID:7796
- C:\Windows\System\DMKvzeD.exe
  C:\Windows\System\DMKvzeD.exe
  2⤵
  PID:7816
- C:\Windows\System\ymVdWaG.exe
  C:\Windows\System\ymVdWaG.exe
  2⤵
  PID:7852
- C:\Windows\System\uCMNpPk.exe
  C:\Windows\System\uCMNpPk.exe
  2⤵
  PID:7876
- C:\Windows\System\guYwlTV.exe
  C:\Windows\System\guYwlTV.exe
  2⤵
  PID:7892
- C:\Windows\System\JGuZQlb.exe
  C:\Windows\System\JGuZQlb.exe
  2⤵
  PID:7916
- C:\Windows\System\zozRQAh.exe
  C:\Windows\System\zozRQAh.exe
  2⤵
  PID:7940
- C:\Windows\System\TMeZMsY.exe
  C:\Windows\System\TMeZMsY.exe
  2⤵
  PID:7960
- C:\Windows\System\xUmgcHO.exe
  C:\Windows\System\xUmgcHO.exe
  2⤵
  PID:7980
- C:\Windows\System\zeXbePh.exe
  C:\Windows\System\zeXbePh.exe
  2⤵
  PID:8028
- C:\Windows\System\LSdOsDO.exe
  C:\Windows\System\LSdOsDO.exe
  2⤵
  PID:8052
- C:\Windows\System\iEZWKlZ.exe
  C:\Windows\System\iEZWKlZ.exe
  2⤵
  PID:8072
- C:\Windows\System\FJvsbSX.exe
  C:\Windows\System\FJvsbSX.exe
  2⤵
  PID:8092
- C:\Windows\System\yEieGkt.exe
  C:\Windows\System\yEieGkt.exe
  2⤵
  PID:8112
- C:\Windows\System\tchsoVA.exe
  C:\Windows\System\tchsoVA.exe
  2⤵
  PID:8132
- C:\Windows\System\nHWUvRV.exe
  C:\Windows\System\nHWUvRV.exe
  2⤵
  PID:8156
- C:\Windows\System\bJrzFMc.exe
  C:\Windows\System\bJrzFMc.exe
  2⤵
  PID:8180
- C:\Windows\System\UTZWEiP.exe
  C:\Windows\System\UTZWEiP.exe
  2⤵
  PID:1864
- C:\Windows\System\vstcRNL.exe
  C:\Windows\System\vstcRNL.exe
  2⤵
  PID:7172
- C:\Windows\System\BLYfVeb.exe
  C:\Windows\System\BLYfVeb.exe
  2⤵
  PID:7176
- C:\Windows\System\Adkgwse.exe
  C:\Windows\System\Adkgwse.exe
  2⤵
  PID:7296
- C:\Windows\System\bAHfDaP.exe
  C:\Windows\System\bAHfDaP.exe
  2⤵
  PID:7392
- C:\Windows\System\QwmYPTW.exe
  C:\Windows\System\QwmYPTW.exe
  2⤵
  PID:7416
- C:\Windows\System\NfSyCaS.exe
  C:\Windows\System\NfSyCaS.exe
  2⤵
  PID:7532
- C:\Windows\System\unyqRAf.exe
  C:\Windows\System\unyqRAf.exe
  2⤵
  PID:7616
- C:\Windows\System\fpmpEtX.exe
  C:\Windows\System\fpmpEtX.exe
  2⤵
  PID:7704
- C:\Windows\System\FYpAjvA.exe
  C:\Windows\System\FYpAjvA.exe
  2⤵
  PID:7724
- C:\Windows\System\QabgpHM.exe
  C:\Windows\System\QabgpHM.exe
  2⤵
  PID:7808
- C:\Windows\System\GnqeNme.exe
  C:\Windows\System\GnqeNme.exe
  2⤵
  PID:7888
- C:\Windows\System\hFKWrIX.exe
  C:\Windows\System\hFKWrIX.exe
  2⤵
  PID:7908
- C:\Windows\System\CmdZrrD.exe
  C:\Windows\System\CmdZrrD.exe
  2⤵
  PID:8000
- C:\Windows\System\cRPyfwJ.exe
  C:\Windows\System\cRPyfwJ.exe
  2⤵
  PID:8124
- C:\Windows\System\MsaRQWs.exe
  C:\Windows\System\MsaRQWs.exe
  2⤵
  PID:8172
- C:\Windows\System\jSnBTno.exe
  C:\Windows\System\jSnBTno.exe
  2⤵
  PID:7248
- C:\Windows\System\gjgfXVC.exe
  C:\Windows\System\gjgfXVC.exe
  2⤵
  PID:7360
- C:\Windows\System\ucblAET.exe
  C:\Windows\System\ucblAET.exe
  2⤵
  PID:7272
- C:\Windows\System\mOCeRRT.exe
  C:\Windows\System\mOCeRRT.exe
  2⤵
  PID:7468
- C:\Windows\System\vSemZsV.exe
  C:\Windows\System\vSemZsV.exe
  2⤵
  PID:7612
- C:\Windows\System\uXOYOkX.exe
  C:\Windows\System\uXOYOkX.exe
  2⤵
  PID:7668
- C:\Windows\System\owLQcUZ.exe
  C:\Windows\System\owLQcUZ.exe
  2⤵
  PID:7832
- C:\Windows\System\xiZeueK.exe
  C:\Windows\System\xiZeueK.exe
  2⤵
  PID:8164
- C:\Windows\System\zLYVrjq.exe
  C:\Windows\System\zLYVrjq.exe
  2⤵
  PID:6700
- C:\Windows\System\PGqSURy.exe
  C:\Windows\System\PGqSURy.exe
  2⤵
  PID:7408
- C:\Windows\System\UjlLeWE.exe
  C:\Windows\System\UjlLeWE.exe
  2⤵
  PID:7664
- C:\Windows\System\ZTPLUau.exe
  C:\Windows\System\ZTPLUau.exe
  2⤵
  PID:8176
- C:\Windows\System\pYNRNOg.exe
  C:\Windows\System\pYNRNOg.exe
  2⤵
  PID:7552
- C:\Windows\System\DnplTNg.exe
  C:\Windows\System\DnplTNg.exe
  2⤵
  PID:7948
- C:\Windows\System\omoNkCw.exe
  C:\Windows\System\omoNkCw.exe
  2⤵
  PID:8224
- C:\Windows\System\WMwvjTd.exe
  C:\Windows\System\WMwvjTd.exe
  2⤵
  PID:8240
- C:\Windows\System\ZnvsVAU.exe
  C:\Windows\System\ZnvsVAU.exe
  2⤵
  PID:8260
- C:\Windows\System\CJiznfh.exe
  C:\Windows\System\CJiznfh.exe
  2⤵
  PID:8280
- C:\Windows\System\CFtiurU.exe
  C:\Windows\System\CFtiurU.exe
  2⤵
  PID:8304
- C:\Windows\System\WOKqlXH.exe
  C:\Windows\System\WOKqlXH.exe
  2⤵
  PID:8328
- C:\Windows\System\DJjsACF.exe
  C:\Windows\System\DJjsACF.exe
  2⤵
  PID:8388
- C:\Windows\System\ficypnz.exe
  C:\Windows\System\ficypnz.exe
  2⤵
  PID:8412
- C:\Windows\System\jccnFcy.exe
  C:\Windows\System\jccnFcy.exe
  2⤵
  PID:8460
- C:\Windows\System\ZBnXPhg.exe
  C:\Windows\System\ZBnXPhg.exe
  2⤵
  PID:8480
- C:\Windows\System\TNwFjkr.exe
  C:\Windows\System\TNwFjkr.exe
  2⤵
  PID:8500
- C:\Windows\System\ZYftCJd.exe
  C:\Windows\System\ZYftCJd.exe
  2⤵
  PID:8532
- C:\Windows\System\vgSFWte.exe
  C:\Windows\System\vgSFWte.exe
  2⤵
  PID:8572
- C:\Windows\System\gPrBwDd.exe
  C:\Windows\System\gPrBwDd.exe
  2⤵
  PID:8592
- C:\Windows\System\IKToHjP.exe
  C:\Windows\System\IKToHjP.exe
  2⤵
  PID:8612
- C:\Windows\System\gixvvhK.exe
  C:\Windows\System\gixvvhK.exe
  2⤵
  PID:8632
- C:\Windows\System\UYiYwhY.exe
  C:\Windows\System\UYiYwhY.exe
  2⤵
  PID:8684
- C:\Windows\System\aFBkOUq.exe
  C:\Windows\System\aFBkOUq.exe
  2⤵
  PID:8716
- C:\Windows\System\wxNjJBA.exe
  C:\Windows\System\wxNjJBA.exe
  2⤵
  PID:8748
- C:\Windows\System\IQhzsLP.exe
  C:\Windows\System\IQhzsLP.exe
  2⤵
  PID:8764
- C:\Windows\System\yuXJxZW.exe
  C:\Windows\System\yuXJxZW.exe
  2⤵
  PID:8780
- C:\Windows\System\XQzgalu.exe
  C:\Windows\System\XQzgalu.exe
  2⤵
  PID:8828
- C:\Windows\System\pQFhEKJ.exe
  C:\Windows\System\pQFhEKJ.exe
  2⤵
  PID:8848
- C:\Windows\System\BBURFQr.exe
  C:\Windows\System\BBURFQr.exe
  2⤵
  PID:8868
- C:\Windows\System\NLjlogS.exe
  C:\Windows\System\NLjlogS.exe
  2⤵
  PID:8916
- C:\Windows\System\unusITP.exe
  C:\Windows\System\unusITP.exe
  2⤵
  PID:8932
- C:\Windows\System\qfGtXXV.exe
  C:\Windows\System\qfGtXXV.exe
  2⤵
  PID:8972
- C:\Windows\System\ySORIho.exe
  C:\Windows\System\ySORIho.exe
  2⤵
  PID:8992
- C:\Windows\System\niNZRtb.exe
  C:\Windows\System\niNZRtb.exe
  2⤵
  PID:9016
- C:\Windows\System\mvUJxTg.exe
  C:\Windows\System\mvUJxTg.exe
  2⤵
  PID:9036
- C:\Windows\System\DRrsxVY.exe
  C:\Windows\System\DRrsxVY.exe
  2⤵
  PID:9072
- C:\Windows\System\SZiZVSm.exe
  C:\Windows\System\SZiZVSm.exe
  2⤵
  PID:9092
- C:\Windows\System\ztdqyrY.exe
  C:\Windows\System\ztdqyrY.exe
  2⤵
  PID:9108
- C:\Windows\System\eSMVQKm.exe
  C:\Windows\System\eSMVQKm.exe
  2⤵
  PID:9132
- C:\Windows\System\ylgpoqX.exe
  C:\Windows\System\ylgpoqX.exe
  2⤵
  PID:9168
- C:\Windows\System\cXkqMPl.exe
  C:\Windows\System\cXkqMPl.exe
  2⤵
  PID:9192
- C:\Windows\System\JUJjgWV.exe
  C:\Windows\System\JUJjgWV.exe
  2⤵
  PID:9212
- C:\Windows\System\gbBIBnK.exe
  C:\Windows\System\gbBIBnK.exe
  2⤵
  PID:3780
- C:\Windows\System\xhhjVjn.exe
  C:\Windows\System\xhhjVjn.exe
  2⤵
  PID:8276
- C:\Windows\System\mpnjeMP.exe
  C:\Windows\System\mpnjeMP.exe
  2⤵
  PID:8312
- C:\Windows\System\VXelfUR.exe
  C:\Windows\System\VXelfUR.exe
  2⤵
  PID:8420
- C:\Windows\System\JhzplAE.exe
  C:\Windows\System\JhzplAE.exe
  2⤵
  PID:8452
- C:\Windows\System\xqQKPFg.exe
  C:\Windows\System\xqQKPFg.exe
  2⤵
  PID:8476
- C:\Windows\System\YqColzQ.exe
  C:\Windows\System\YqColzQ.exe
  2⤵
  PID:8492
- C:\Windows\System\gNhEtBq.exe
  C:\Windows\System\gNhEtBq.exe
  2⤵
  PID:8600
- C:\Windows\System\MVTeJkB.exe
  C:\Windows\System\MVTeJkB.exe
  2⤵
  PID:8640
- C:\Windows\System\IqZYOEG.exe
  C:\Windows\System\IqZYOEG.exe
  2⤵
  PID:8736
- C:\Windows\System\ooELLtR.exe
  C:\Windows\System\ooELLtR.exe
  2⤵
  PID:8892
- C:\Windows\System\ociYEdf.exe
  C:\Windows\System\ociYEdf.exe
  2⤵
  PID:9064
- C:\Windows\System\AjwsmrO.exe
  C:\Windows\System\AjwsmrO.exe
  2⤵
  PID:9128
- C:\Windows\System\jRdqkJU.exe
  C:\Windows\System\jRdqkJU.exe
  2⤵
  PID:9160
- C:\Windows\System\yZsydmo.exe
  C:\Windows\System\yZsydmo.exe
  2⤵
  PID:9200
- C:\Windows\System\JwzTJjH.exe
  C:\Windows\System\JwzTJjH.exe
  2⤵
  PID:8256
- C:\Windows\System\NXuEIbJ.exe
  C:\Windows\System\NXuEIbJ.exe
  2⤵
  PID:8552
- C:\Windows\System\TfpzlRI.exe
  C:\Windows\System\TfpzlRI.exe
  2⤵
  PID:8496
- C:\Windows\System\iuqhyQd.exe
  C:\Windows\System\iuqhyQd.exe
  2⤵
  PID:8628
- C:\Windows\System\hiwlAkj.exe
  C:\Windows\System\hiwlAkj.exe
  2⤵
  PID:8712
- C:\Windows\System\DdqODAZ.exe
  C:\Windows\System\DdqODAZ.exe
  2⤵
  PID:9004
- C:\Windows\System\ZYvFxYb.exe
  C:\Windows\System\ZYvFxYb.exe
  2⤵
  PID:9084
- C:\Windows\System\YadkCGC.exe
  C:\Windows\System\YadkCGC.exe
  2⤵
  PID:8376
- C:\Windows\System\cSzycVJ.exe
  C:\Windows\System\cSzycVJ.exe
  2⤵
  PID:8732
- C:\Windows\System\dXeQxyq.exe
  C:\Windows\System\dXeQxyq.exe
  2⤵
  PID:8544
- C:\Windows\System\AmQvKMO.exe
  C:\Windows\System\AmQvKMO.exe
  2⤵
  PID:8428
- C:\Windows\System\oXQYdLQ.exe
  C:\Windows\System\oXQYdLQ.exe
  2⤵
  PID:9252
- C:\Windows\System\doEOhmC.exe
  C:\Windows\System\doEOhmC.exe
  2⤵
  PID:9276
- C:\Windows\System\AsemBtf.exe
  C:\Windows\System\AsemBtf.exe
  2⤵
  PID:9336
- C:\Windows\System\VSMspPH.exe
  C:\Windows\System\VSMspPH.exe
  2⤵
  PID:9372
- C:\Windows\System\SXNaylY.exe
  C:\Windows\System\SXNaylY.exe
  2⤵
  PID:9396
- C:\Windows\System\OJqlLvf.exe
  C:\Windows\System\OJqlLvf.exe
  2⤵
  PID:9416
- C:\Windows\System\SNEALvR.exe
  C:\Windows\System\SNEALvR.exe
  2⤵
  PID:9432
- C:\Windows\System\pxEMNEN.exe
  C:\Windows\System\pxEMNEN.exe
  2⤵
  PID:9448
- C:\Windows\System\zFbRbHT.exe
  C:\Windows\System\zFbRbHT.exe
  2⤵
  PID:9464
- C:\Windows\System\rHzwrFG.exe
  C:\Windows\System\rHzwrFG.exe
  2⤵
  PID:9560
- C:\Windows\System\ZANZRCY.exe
  C:\Windows\System\ZANZRCY.exe
  2⤵
  PID:9580
- C:\Windows\System\ZxSQyQu.exe
  C:\Windows\System\ZxSQyQu.exe
  2⤵
  PID:9608
- C:\Windows\System\lKuIXUT.exe
  C:\Windows\System\lKuIXUT.exe
  2⤵
  PID:9628
- C:\Windows\System\stHtJpk.exe
  C:\Windows\System\stHtJpk.exe
  2⤵
  PID:9668
- C:\Windows\System\MyylcsM.exe
  C:\Windows\System\MyylcsM.exe
  2⤵
  PID:9744
- C:\Windows\System\oHzxZFR.exe
  C:\Windows\System\oHzxZFR.exe
  2⤵
  PID:9768
- C:\Windows\System\pYdLUUV.exe
  C:\Windows\System\pYdLUUV.exe
  2⤵
  PID:9788
- C:\Windows\System\ocuRgMU.exe
  C:\Windows\System\ocuRgMU.exe
  2⤵
  PID:9812
- C:\Windows\System\NjrpUBw.exe
  C:\Windows\System\NjrpUBw.exe
  2⤵
  PID:9832
- C:\Windows\System\eudAJCU.exe
  C:\Windows\System\eudAJCU.exe
  2⤵
  PID:9860
- C:\Windows\System\dVYsJoJ.exe
  C:\Windows\System\dVYsJoJ.exe
  2⤵
  PID:9900
- C:\Windows\System\BCzBvJH.exe
  C:\Windows\System\BCzBvJH.exe
  2⤵
  PID:9944
- C:\Windows\System\SJIAKIZ.exe
  C:\Windows\System\SJIAKIZ.exe
  2⤵
  PID:9964
- C:\Windows\System\XPAvZyd.exe
  C:\Windows\System\XPAvZyd.exe
  2⤵
  PID:9980
- C:\Windows\System\mCSywLh.exe
  C:\Windows\System\mCSywLh.exe
  2⤵
  PID:9996
- C:\Windows\System\VZSbRct.exe
  C:\Windows\System\VZSbRct.exe
  2⤵
  PID:10016
- C:\Windows\System\WcYTkmt.exe
  C:\Windows\System\WcYTkmt.exe
  2⤵
  PID:10068
- C:\Windows\System\ZlREVpo.exe
  C:\Windows\System\ZlREVpo.exe
  2⤵
  PID:10112
- C:\Windows\System\kTKTwHK.exe
  C:\Windows\System\kTKTwHK.exe
  2⤵
  PID:10132
- C:\Windows\System\dPSkbaH.exe
  C:\Windows\System\dPSkbaH.exe
  2⤵
  PID:10172
- C:\Windows\System\IHObtKr.exe
  C:\Windows\System\IHObtKr.exe
  2⤵
  PID:10188
- C:\Windows\System\HLDmNsY.exe
  C:\Windows\System\HLDmNsY.exe
  2⤵
  PID:10208
- C:\Windows\System\yWRHnII.exe
  C:\Windows\System\yWRHnII.exe
  2⤵
  PID:10232
- C:\Windows\System\hojmOKp.exe
  C:\Windows\System\hojmOKp.exe
  2⤵
  PID:428
- C:\Windows\System\HtJajHJ.exe
  C:\Windows\System\HtJajHJ.exe
  2⤵
  PID:9308
- C:\Windows\System\DaQOvfm.exe
  C:\Windows\System\DaQOvfm.exe
  2⤵
  PID:9384
- C:\Windows\System\koeHHBg.exe
  C:\Windows\System\koeHHBg.exe
  2⤵
  PID:9304
- C:\Windows\System\FxSouTG.exe
  C:\Windows\System\FxSouTG.exe
  2⤵
  PID:8624
- C:\Windows\System\wufscny.exe
  C:\Windows\System\wufscny.exe
  2⤵
  PID:9240
- C:\Windows\System\ClGhaEP.exe
  C:\Windows\System\ClGhaEP.exe
  2⤵
  PID:9508
- C:\Windows\System\wOlLrLr.exe
  C:\Windows\System\wOlLrLr.exe
  2⤵
  PID:9456
- C:\Windows\System\QQEnsBZ.exe
  C:\Windows\System\QQEnsBZ.exe
  2⤵
  PID:9572
- C:\Windows\System\Cdgrcrz.exe
  C:\Windows\System\Cdgrcrz.exe
  2⤵
  PID:9624
- C:\Windows\System\TSjPfyh.exe
  C:\Windows\System\TSjPfyh.exe
  2⤵
  PID:9696
- C:\Windows\System\KYOCHDl.exe
  C:\Windows\System\KYOCHDl.exe
  2⤵
  PID:9828
- C:\Windows\System\XMQBXlo.exe
  C:\Windows\System\XMQBXlo.exe
  2⤵
  PID:9856
- C:\Windows\System\yiVSwDM.exe
  C:\Windows\System\yiVSwDM.exe
  2⤵
  PID:9976
- C:\Windows\System\RUvAewL.exe
  C:\Windows\System\RUvAewL.exe
  2⤵
  PID:10012
- C:\Windows\System\plspZZO.exe
  C:\Windows\System\plspZZO.exe
  2⤵
  PID:10084
- C:\Windows\System\pBkkSZN.exe
  C:\Windows\System\pBkkSZN.exe
  2⤵
  PID:10148
- C:\Windows\System\dExPMYM.exe
  C:\Windows\System\dExPMYM.exe
  2⤵
  PID:10216
- C:\Windows\System\aMzzTFE.exe
  C:\Windows\System\aMzzTFE.exe
  2⤵
  PID:9300
- C:\Windows\System\ecCViyC.exe
  C:\Windows\System\ecCViyC.exe
  2⤵
  PID:9296
- C:\Windows\System\EYICwrV.exe
  C:\Windows\System\EYICwrV.exe
  2⤵
  PID:9260
- C:\Windows\System\ZsgyJjm.exe
  C:\Windows\System\ZsgyJjm.exe
  2⤵
  PID:9444
- C:\Windows\System\gxrrqZE.exe
  C:\Windows\System\gxrrqZE.exe
  2⤵
  PID:9796
- C:\Windows\System\ydCmXJO.exe
  C:\Windows\System\ydCmXJO.exe
  2⤵
  PID:9920
- C:\Windows\System\kebMhgv.exe
  C:\Windows\System\kebMhgv.exe
  2⤵
  PID:9992
- C:\Windows\System\rPOYdpK.exe
  C:\Windows\System\rPOYdpK.exe
  2⤵
  PID:2780
- C:\Windows\System\AhHHEOU.exe
  C:\Windows\System\AhHHEOU.exe
  2⤵
  PID:9364
- C:\Windows\System\vkXxACP.exe
  C:\Windows\System\vkXxACP.exe
  2⤵
  PID:9784
- C:\Windows\System\TRWupkl.exe
  C:\Windows\System\TRWupkl.exe
  2⤵
  PID:9952
- C:\Windows\System\FRimIoB.exe
  C:\Windows\System\FRimIoB.exe
  2⤵
  PID:10200
- C:\Windows\System\BdlkQqU.exe
  C:\Windows\System\BdlkQqU.exe
  2⤵
  PID:9440
- C:\Windows\System\tojppar.exe
  C:\Windows\System\tojppar.exe
  2⤵
  PID:10244
- C:\Windows\System\EEwFbah.exe
  C:\Windows\System\EEwFbah.exe
  2⤵
  PID:10264
- C:\Windows\System\MRKEIWH.exe
  C:\Windows\System\MRKEIWH.exe
  2⤵
  PID:10288
- C:\Windows\System\IlvVzzq.exe
  C:\Windows\System\IlvVzzq.exe
  2⤵
  PID:10304
- C:\Windows\System\oTCcJnL.exe
  C:\Windows\System\oTCcJnL.exe
  2⤵
  PID:10372
- C:\Windows\System\jussihF.exe
  C:\Windows\System\jussihF.exe
  2⤵
  PID:10400
- C:\Windows\System\eieXssW.exe
  C:\Windows\System\eieXssW.exe
  2⤵
  PID:10436
- C:\Windows\System\AItwTEe.exe
  C:\Windows\System\AItwTEe.exe
  2⤵
  PID:10464
- C:\Windows\System\XXwdnVT.exe
  C:\Windows\System\XXwdnVT.exe
  2⤵
  PID:10500
- C:\Windows\System\sTFnYiz.exe
  C:\Windows\System\sTFnYiz.exe
  2⤵
  PID:10528
- C:\Windows\System\TJzOzvl.exe
  C:\Windows\System\TJzOzvl.exe
  2⤵
  PID:10548
- C:\Windows\System\WpVvkml.exe
  C:\Windows\System\WpVvkml.exe
  2⤵
  PID:10568
- C:\Windows\System\nRQVXhy.exe
  C:\Windows\System\nRQVXhy.exe
  2⤵
  PID:10588
- C:\Windows\System\KOguazB.exe
  C:\Windows\System\KOguazB.exe
  2⤵
  PID:10612
- C:\Windows\System\nIuuxSa.exe
  C:\Windows\System\nIuuxSa.exe
  2⤵
  PID:10656
- C:\Windows\System\KezIGyU.exe
  C:\Windows\System\KezIGyU.exe
  2⤵
  PID:10676
- C:\Windows\System\ftVPXoI.exe
  C:\Windows\System\ftVPXoI.exe
  2⤵
  PID:10696
- C:\Windows\System\LFaxcGp.exe
  C:\Windows\System\LFaxcGp.exe
  2⤵
  PID:10748
- C:\Windows\System\GjwRmBD.exe
  C:\Windows\System\GjwRmBD.exe
  2⤵
  PID:10768
- C:\Windows\System\vjyeMho.exe
  C:\Windows\System\vjyeMho.exe
  2⤵
  PID:10792
- C:\Windows\System\MbCAstw.exe
  C:\Windows\System\MbCAstw.exe
  2⤵
  PID:10820
- C:\Windows\System\AlVCfmL.exe
  C:\Windows\System\AlVCfmL.exe
  2⤵
  PID:10876
- C:\Windows\System\xqGpAkQ.exe
  C:\Windows\System\xqGpAkQ.exe
  2⤵
  PID:10900
- C:\Windows\System\QwJcRlF.exe
  C:\Windows\System\QwJcRlF.exe
  2⤵
  PID:10928
- C:\Windows\System\IaBfdnd.exe
  C:\Windows\System\IaBfdnd.exe
  2⤵
  PID:10944
- C:\Windows\System\osdcFER.exe
  C:\Windows\System\osdcFER.exe
  2⤵
  PID:10980
- C:\Windows\System\bWahzlA.exe
  C:\Windows\System\bWahzlA.exe
  2⤵
  PID:11000
- C:\Windows\System\zOyUWEu.exe
  C:\Windows\System\zOyUWEu.exe
  2⤵
  PID:11020
- C:\Windows\System\YqSzBVR.exe
  C:\Windows\System\YqSzBVR.exe
  2⤵
  PID:11044
- C:\Windows\System\bPsELsb.exe
  C:\Windows\System\bPsELsb.exe
  2⤵
  PID:11064
- C:\Windows\System\KAkZXfS.exe
  C:\Windows\System\KAkZXfS.exe
  2⤵
  PID:11092
- C:\Windows\System\hoOmcYt.exe
  C:\Windows\System\hoOmcYt.exe
  2⤵
  PID:11108
- C:\Windows\System\vWBaccZ.exe
  C:\Windows\System\vWBaccZ.exe
  2⤵
  PID:11132
- C:\Windows\System\phIEesy.exe
  C:\Windows\System\phIEesy.exe
  2⤵
  PID:11156
- C:\Windows\System\LpdJKxu.exe
  C:\Windows\System\LpdJKxu.exe
  2⤵
  PID:11180
- C:\Windows\System\ZKqaoyY.exe
  C:\Windows\System\ZKqaoyY.exe
  2⤵
  PID:11200
- C:\Windows\System\lLbOeqF.exe
  C:\Windows\System\lLbOeqF.exe
  2⤵
  PID:10260
- C:\Windows\System\SVFhqZq.exe
  C:\Windows\System\SVFhqZq.exe
  2⤵
  PID:9936
- C:\Windows\System\JXyVmBk.exe
  C:\Windows\System\JXyVmBk.exe
  2⤵
  PID:10300
- C:\Windows\System\VSuRAFd.exe
  C:\Windows\System\VSuRAFd.exe
  2⤵
  PID:10456
- C:\Windows\System\WCAYOIL.exe
  C:\Windows\System\WCAYOIL.exe
  2⤵
  PID:10492
- C:\Windows\System\cEegOCr.exe
  C:\Windows\System\cEegOCr.exe
  2⤵
  PID:10620
- C:\Windows\System\tTfToSK.exe
  C:\Windows\System\tTfToSK.exe
  2⤵
  PID:10604
- C:\Windows\System\IiztZgJ.exe
  C:\Windows\System\IiztZgJ.exe
  2⤵
  PID:10712
- C:\Windows\System\BNSnanq.exe
  C:\Windows\System\BNSnanq.exe
  2⤵
  PID:10732
- C:\Windows\System\TjAuXmQ.exe
  C:\Windows\System\TjAuXmQ.exe
  2⤵
  PID:10800
- C:\Windows\System\AWIMsMe.exe
  C:\Windows\System\AWIMsMe.exe
  2⤵
  PID:10888
- C:\Windows\System\IrYqBEI.exe
  C:\Windows\System\IrYqBEI.exe
  2⤵
  PID:10964
- C:\Windows\System\TmJnKGP.exe
  C:\Windows\System\TmJnKGP.exe
  2⤵
  PID:11008
- C:\Windows\System\BXYLYpN.exe
  C:\Windows\System\BXYLYpN.exe
  2⤵
  PID:11100
- C:\Windows\System\JTKfWMI.exe
  C:\Windows\System\JTKfWMI.exe
  2⤵
  PID:11208
- C:\Windows\System\yrvxUWz.exe
  C:\Windows\System\yrvxUWz.exe
  2⤵
  PID:11256
- C:\Windows\System\clUttjy.exe
  C:\Windows\System\clUttjy.exe
  2⤵
  PID:9620
- C:\Windows\System\MnWWNlL.exe
  C:\Windows\System\MnWWNlL.exe
  2⤵
  PID:10512
- C:\Windows\System\YBulsku.exe
  C:\Windows\System\YBulsku.exe
  2⤵
  PID:10584
- C:\Windows\System\PsIFyAk.exe
  C:\Windows\System\PsIFyAk.exe
  2⤵
  PID:10688
- C:\Windows\System\GvsbzQe.exe
  C:\Windows\System\GvsbzQe.exe
  2⤵
  PID:10972
- C:\Windows\System\JUVLakT.exe
  C:\Windows\System\JUVLakT.exe
  2⤵
  PID:11128
- C:\Windows\System\yCdxzGQ.exe
  C:\Windows\System\yCdxzGQ.exe
  2⤵
  PID:11236
- C:\Windows\System\nSpoaCL.exe
  C:\Windows\System\nSpoaCL.exe
  2⤵
  PID:10416
- C:\Windows\System\fowwmdp.exe
  C:\Windows\System\fowwmdp.exe
  2⤵
  PID:10764
- C:\Windows\System\XLeqoyN.exe
  C:\Windows\System\XLeqoyN.exe
  2⤵
  PID:10396
- C:\Windows\System\twoMBfz.exe
  C:\Windows\System\twoMBfz.exe
  2⤵
  PID:10920
- C:\Windows\System\IiKHdPs.exe
  C:\Windows\System\IiKHdPs.exe
  2⤵
  PID:11280
- C:\Windows\System\CsoyWjN.exe
  C:\Windows\System\CsoyWjN.exe
  2⤵
  PID:11300
- C:\Windows\System\dauHRyR.exe
  C:\Windows\System\dauHRyR.exe
  2⤵
  PID:11316
- C:\Windows\System\bgBgfHM.exe
  C:\Windows\System\bgBgfHM.exe
  2⤵
  PID:11340
- C:\Windows\System\cHcCCVs.exe
  C:\Windows\System\cHcCCVs.exe
  2⤵
  PID:11360
- C:\Windows\System\RwLtQgk.exe
  C:\Windows\System\RwLtQgk.exe
  2⤵
  PID:11392
- C:\Windows\System\fWgvScr.exe
  C:\Windows\System\fWgvScr.exe
  2⤵
  PID:11420
- C:\Windows\System\bEymKnu.exe
  C:\Windows\System\bEymKnu.exe
  2⤵
  PID:11440
- C:\Windows\System\qEFuttg.exe
  C:\Windows\System\qEFuttg.exe
  2⤵
  PID:11476
- C:\Windows\System\bOaShYe.exe
  C:\Windows\System\bOaShYe.exe
  2⤵
  PID:11500
- C:\Windows\System\AFmtSfF.exe
  C:\Windows\System\AFmtSfF.exe
  2⤵
  PID:11524
- C:\Windows\System\LPoeFgf.exe
  C:\Windows\System\LPoeFgf.exe
  2⤵
  PID:11572
- C:\Windows\System\gxezHFS.exe
  C:\Windows\System\gxezHFS.exe
  2⤵
  PID:11600
- C:\Windows\System\DDgpDTi.exe
  C:\Windows\System\DDgpDTi.exe
  2⤵
  PID:11644
- C:\Windows\System\rSvYRLZ.exe
  C:\Windows\System\rSvYRLZ.exe
  2⤵
  PID:11676
- C:\Windows\System\kHwcBiP.exe
  C:\Windows\System\kHwcBiP.exe
  2⤵
  PID:11696
- C:\Windows\System\rSNWrIo.exe
  C:\Windows\System\rSNWrIo.exe
  2⤵
  PID:11716
- C:\Windows\System\ZOzYFWS.exe
  C:\Windows\System\ZOzYFWS.exe
  2⤵
  PID:11760
- C:\Windows\System\ooYnDLg.exe
  C:\Windows\System\ooYnDLg.exe
  2⤵
  PID:11792
- C:\Windows\System\NEUrodT.exe
  C:\Windows\System\NEUrodT.exe
  2⤵
  PID:11820
- C:\Windows\System\BLdRUde.exe
  C:\Windows\System\BLdRUde.exe
  2⤵
  PID:11848
- C:\Windows\System\tWwKqJk.exe
  C:\Windows\System\tWwKqJk.exe
  2⤵
  PID:11872
- C:\Windows\System\IcvIOpW.exe
  C:\Windows\System\IcvIOpW.exe
  2⤵
  PID:11888
- C:\Windows\System\ZiNbgmS.exe
  C:\Windows\System\ZiNbgmS.exe
  2⤵
  PID:11912
- C:\Windows\System\GWScetW.exe
  C:\Windows\System\GWScetW.exe
  2⤵
  PID:11940
- C:\Windows\System\HepVAAp.exe
  C:\Windows\System\HepVAAp.exe
  2⤵
  PID:11972
- C:\Windows\System\YkjEezK.exe
  C:\Windows\System\YkjEezK.exe
  2⤵
  PID:12004
- C:\Windows\System\vOLJfIU.exe
  C:\Windows\System\vOLJfIU.exe
  2⤵
  PID:12032
- C:\Windows\System\aGUAdFr.exe
  C:\Windows\System\aGUAdFr.exe
  2⤵
  PID:12064
- C:\Windows\System\qXENhSy.exe
  C:\Windows\System\qXENhSy.exe
  2⤵
  PID:12112
- C:\Windows\System\kLXRsES.exe
  C:\Windows\System\kLXRsES.exe
  2⤵
  PID:12128
- C:\Windows\System\kockrRI.exe
  C:\Windows\System\kockrRI.exe
  2⤵
  PID:12152
- C:\Windows\System\NtNkHzc.exe
  C:\Windows\System\NtNkHzc.exe
  2⤵
  PID:12172
- C:\Windows\System\gdSJrKA.exe
  C:\Windows\System\gdSJrKA.exe
  2⤵
  PID:12208
- C:\Windows\System\oLQVqFx.exe
  C:\Windows\System\oLQVqFx.exe
  2⤵
  PID:12244
- C:\Windows\System\wvDrNWH.exe
  C:\Windows\System\wvDrNWH.exe
  2⤵
  PID:12268
- C:\Windows\System\jPMELnt.exe
  C:\Windows\System\jPMELnt.exe
  2⤵
  PID:11224
- C:\Windows\System\MvPYJHG.exe
  C:\Windows\System\MvPYJHG.exe
  2⤵
  PID:1688
- C:\Windows\System\mVtTvFR.exe
  C:\Windows\System\mVtTvFR.exe
  2⤵
  PID:11412
- C:\Windows\System\BhCDOJi.exe
  C:\Windows\System\BhCDOJi.exe
  2⤵
  PID:11448
- C:\Windows\System\mRmxytj.exe
  C:\Windows\System\mRmxytj.exe
  2⤵
  PID:11468
- C:\Windows\System\gixZQiR.exe
  C:\Windows\System\gixZQiR.exe
  2⤵
  PID:11520
- C:\Windows\System\HBCHkux.exe
  C:\Windows\System\HBCHkux.exe
  2⤵
  PID:11636
- C:\Windows\System\emuaUpO.exe
  C:\Windows\System\emuaUpO.exe
  2⤵
  PID:11660
- C:\Windows\System\KmkXdcc.exe
  C:\Windows\System\KmkXdcc.exe
  2⤵
  PID:11712
- C:\Windows\System\GPgiUuZ.exe
  C:\Windows\System\GPgiUuZ.exe
  2⤵
  PID:11800
- C:\Windows\System\TdtAFUc.exe
  C:\Windows\System\TdtAFUc.exe
  2⤵
  PID:11812
- C:\Windows\System\aWUCjra.exe
  C:\Windows\System\aWUCjra.exe
  2⤵
  PID:11856
- C:\Windows\System\Wssktrz.exe
  C:\Windows\System\Wssktrz.exe
  2⤵
  PID:12016
- C:\Windows\System\lHrnQFq.exe
  C:\Windows\System\lHrnQFq.exe
  2⤵
  PID:12052
- C:\Windows\System\TjMhmFG.exe
  C:\Windows\System\TjMhmFG.exe
  2⤵
  PID:12108
- C:\Windows\System\YzmfsEV.exe
  C:\Windows\System\YzmfsEV.exe
  2⤵
  PID:12148
- C:\Windows\System\GZYQwKt.exe
  C:\Windows\System\GZYQwKt.exe
  2⤵
  PID:12200
- C:\Windows\System\IbdRjvf.exe
  C:\Windows\System\IbdRjvf.exe
  2⤵
  PID:12232
- C:\Windows\System\YydaYFE.exe
  C:\Windows\System\YydaYFE.exe
  2⤵
  PID:10564
- C:\Windows\System\XFqxxHm.exe
  C:\Windows\System\XFqxxHm.exe
  2⤵
  PID:11864
- C:\Windows\System\pZgajjW.exe
  C:\Windows\System\pZgajjW.exe
  2⤵
  PID:11652
- C:\Windows\System\iVjRpQN.exe
  C:\Windows\System\iVjRpQN.exe
  2⤵
  PID:11740
- C:\Windows\System\IYHzWfx.exe
  C:\Windows\System\IYHzWfx.exe
  2⤵
  PID:12088
- C:\Windows\System\qPbAJrq.exe
  C:\Windows\System\qPbAJrq.exe
  2⤵
  PID:12164
- C:\Windows\System\ySTnyci.exe
  C:\Windows\System\ySTnyci.exe
  2⤵
  PID:11684
- C:\Windows\System\ySoGxUk.exe
  C:\Windows\System\ySoGxUk.exe
  2⤵
  PID:12124
- C:\Windows\System\DBEfEtP.exe
  C:\Windows\System\DBEfEtP.exe
  2⤵
  PID:12264
- C:\Windows\System\xiCPsMB.exe
  C:\Windows\System\xiCPsMB.exe
  2⤵
  PID:12292
- C:\Windows\System\RhORnER.exe
  C:\Windows\System\RhORnER.exe
  2⤵
  PID:12316
- C:\Windows\System\LHZbvly.exe
  C:\Windows\System\LHZbvly.exe
  2⤵
  PID:12356
- C:\Windows\System\lVcTPFa.exe
  C:\Windows\System\lVcTPFa.exe
  2⤵
  PID:12380
- C:\Windows\System\zZwffoe.exe
  C:\Windows\System\zZwffoe.exe
  2⤵
  PID:12404
- C:\Windows\System\sVpkEIo.exe
  C:\Windows\System\sVpkEIo.exe
  2⤵
  PID:12428
- C:\Windows\System\vTDAUpy.exe
  C:\Windows\System\vTDAUpy.exe
  2⤵
  PID:12444
- C:\Windows\System\EyUEZNw.exe
  C:\Windows\System\EyUEZNw.exe
  2⤵
  PID:12488
- C:\Windows\System\HNbuTzl.exe
  C:\Windows\System\HNbuTzl.exe
  2⤵
  PID:12524
- C:\Windows\System\KlEmalX.exe
  C:\Windows\System\KlEmalX.exe
  2⤵
  PID:12540
- C:\Windows\System\XbxzSRU.exe
  C:\Windows\System\XbxzSRU.exe
  2⤵
  PID:12576
- C:\Windows\System\CRuisPQ.exe
  C:\Windows\System\CRuisPQ.exe
  2⤵
  PID:12604
- C:\Windows\System\RzYMHly.exe
  C:\Windows\System\RzYMHly.exe
  2⤵
  PID:12624
- C:\Windows\System\ygwAEKa.exe
  C:\Windows\System\ygwAEKa.exe
  2⤵
  PID:12652
- C:\Windows\System\SRIYcAY.exe
  C:\Windows\System\SRIYcAY.exe
  2⤵
  PID:12684
- C:\Windows\System\BmnuvRs.exe
  C:\Windows\System\BmnuvRs.exe
  2⤵
  PID:12724
- C:\Windows\System\kJHqeXn.exe
  C:\Windows\System\kJHqeXn.exe
  2⤵
  PID:12752
- C:\Windows\System\xUHnRsp.exe
  C:\Windows\System\xUHnRsp.exe
  2⤵
  PID:12784
- C:\Windows\System\XKGGAqz.exe
  C:\Windows\System\XKGGAqz.exe
  2⤵
  PID:12848
- C:\Windows\System\DJVdgJj.exe
  C:\Windows\System\DJVdgJj.exe
  2⤵
  PID:12868
- C:\Windows\System\mbPQeJp.exe
  C:\Windows\System\mbPQeJp.exe
  2⤵
  PID:12884
- C:\Windows\System\rDQkDfM.exe
  C:\Windows\System\rDQkDfM.exe
  2⤵
  PID:12900
- C:\Windows\System\wIoTQAC.exe
  C:\Windows\System\wIoTQAC.exe
  2⤵
  PID:12916
- C:\Windows\System\zXrzedo.exe
  C:\Windows\System\zXrzedo.exe
  2⤵
  PID:12936
- C:\Windows\System\IuRVnWf.exe
  C:\Windows\System\IuRVnWf.exe
  2⤵
  PID:12956
- C:\Windows\System\fmimTsV.exe
  C:\Windows\System\fmimTsV.exe
  2⤵
  PID:12976
- C:\Windows\System\ZKTsdkU.exe
  C:\Windows\System\ZKTsdkU.exe
  2⤵
  PID:13020
- C:\Windows\System\CekWfOE.exe
  C:\Windows\System\CekWfOE.exe
  2⤵
  PID:13052
- C:\Windows\System\Aoagzva.exe
  C:\Windows\System\Aoagzva.exe
  2⤵
  PID:13076
- C:\Windows\System\KzHNmLv.exe
  C:\Windows\System\KzHNmLv.exe
  2⤵
  PID:13100
- C:\Windows\System\aVOfZfM.exe
  C:\Windows\System\aVOfZfM.exe
  2⤵
  PID:13120
- C:\Windows\System\CLzGcWU.exe
  C:\Windows\System\CLzGcWU.exe
  2⤵
  PID:13196
- C:\Windows\System\yEJnptV.exe
  C:\Windows\System\yEJnptV.exe
  2⤵
  PID:13236
- C:\Windows\System\nBOqXWz.exe
  C:\Windows\System\nBOqXWz.exe
  2⤵
  PID:13260
- C:\Windows\System\NVcYsdr.exe
  C:\Windows\System\NVcYsdr.exe
  2⤵
  PID:13280
- C:\Windows\System\UjPpqPp.exe
  C:\Windows\System\UjPpqPp.exe
  2⤵
  PID:13296
- C:\Windows\System\wyVvYeu.exe
  C:\Windows\System\wyVvYeu.exe
  2⤵
  PID:11508
- C:\Windows\System\wrsOMpp.exe
  C:\Windows\System\wrsOMpp.exe
  2⤵
  PID:12312
- C:\Windows\System\aReEIQd.exe
  C:\Windows\System\aReEIQd.exe
  2⤵
  PID:12460
- C:\Windows\System\XYKdnzP.exe
  C:\Windows\System\XYKdnzP.exe
  2⤵
  PID:12464
- C:\Windows\System\hOsRPKP.exe
  C:\Windows\System\hOsRPKP.exe
  2⤵
  PID:12596
- C:\Windows\System\hdESTlH.exe
  C:\Windows\System\hdESTlH.exe
  2⤵
  PID:12644
- C:\Windows\System\nmmesRv.exe
  C:\Windows\System\nmmesRv.exe
  2⤵
  PID:12704
- C:\Windows\System\QrqNKCx.exe
  C:\Windows\System\QrqNKCx.exe
  2⤵
  PID:12792
- C:\Windows\System\BDbrMrc.exe
  C:\Windows\System\BDbrMrc.exe
  2⤵
  PID:12816
- C:\Windows\System\pdSOIqy.exe
  C:\Windows\System\pdSOIqy.exe
  2⤵
  PID:12860
- C:\Windows\System\GrpYitl.exe
  C:\Windows\System\GrpYitl.exe
  2⤵
  PID:12880
- C:\Windows\System\fbASywn.exe
  C:\Windows\System\fbASywn.exe
  2⤵
  PID:12892
- C:\Windows\System\wWxwAvS.exe
  C:\Windows\System\wWxwAvS.exe
  2⤵
  PID:13004
- C:\Windows\System\pvPIoRq.exe
  C:\Windows\System\pvPIoRq.exe
  2⤵
  PID:13036
- C:\Windows\System\DbHndaV.exe
  C:\Windows\System\DbHndaV.exe
  2⤵
  PID:13132
- C:\Windows\System\rFLasQk.exe
  C:\Windows\System\rFLasQk.exe
  2⤵
  PID:13188
- C:\Windows\System\ExEheoz.exe
  C:\Windows\System\ExEheoz.exe
  2⤵
  PID:11640
- C:\Windows\System\tnKDxae.exe
  C:\Windows\System\tnKDxae.exe
  2⤵
  PID:12504
- C:\Windows\System\Swxrlqd.exe
  C:\Windows\System\Swxrlqd.exe
  2⤵
  PID:12468
- C:\Windows\System\HcVySag.exe
  C:\Windows\System\HcVySag.exe
  2⤵
  PID:12676
- C:\Windows\System\HJyplYM.exe
  C:\Windows\System\HJyplYM.exe
  2⤵
  PID:12780
- C:\Windows\System\UMDSQiJ.exe
  C:\Windows\System\UMDSQiJ.exe
  2⤵
  PID:12944
- C:\Windows\System\XiCspyk.exe
  C:\Windows\System\XiCspyk.exe
  2⤵
  PID:13048
- C:\Windows\System\iIbnHWY.exe
  C:\Windows\System\iIbnHWY.exe
  2⤵
  PID:13288
- C:\Windows\System\dhxWjnS.exe
  C:\Windows\System\dhxWjnS.exe
  2⤵
  PID:12416
- C:\Windows\System\VCKyMfM.exe
  C:\Windows\System\VCKyMfM.exe
  2⤵
  PID:12864
- C:\Windows\System\AxPrXvp.exe
  C:\Windows\System\AxPrXvp.exe
  2⤵
  PID:1628
- C:\Windows\System\bDvhHlJ.exe
  C:\Windows\System\bDvhHlJ.exe
  2⤵
  PID:4660
- C:\Windows\System\lvqLlDK.exe
  C:\Windows\System\lvqLlDK.exe
  2⤵
  PID:13092
- C:\Windows\System\khpqcoT.exe
  C:\Windows\System\khpqcoT.exe
  2⤵
  PID:12308
- C:\Windows\System\YOMVNVn.exe
  C:\Windows\System\YOMVNVn.exe
  2⤵
  PID:13320
- C:\Windows\System\SaFTtNU.exe
  C:\Windows\System\SaFTtNU.exe
  2⤵
  PID:13344
- C:\Windows\System\ajltewK.exe
  C:\Windows\System\ajltewK.exe
  2⤵
  PID:13360
- C:\Windows\System\MfXqBqE.exe
  C:\Windows\System\MfXqBqE.exe
  2⤵
  PID:13412
- C:\Windows\System\MHmZHpq.exe
  C:\Windows\System\MHmZHpq.exe
  2⤵
  PID:13436
- C:\Windows\System\kNWsOIL.exe
  C:\Windows\System\kNWsOIL.exe
  2⤵
  PID:13476
- C:\Windows\System\YGNbGtr.exe
  C:\Windows\System\YGNbGtr.exe
  2⤵
  PID:13496
- C:\Windows\System\EIGFkJP.exe
  C:\Windows\System\EIGFkJP.exe
  2⤵
  PID:13520
- C:\Windows\System\PBtZtTx.exe
  C:\Windows\System\PBtZtTx.exe
  2⤵
  PID:13544
- C:\Windows\System\qvSluHo.exe
  C:\Windows\System\qvSluHo.exe
  2⤵
  PID:13560
- C:\Windows\System\ltrddNq.exe
  C:\Windows\System\ltrddNq.exe
  2⤵
  PID:13600
- C:\Windows\System\VDWFcNq.exe
  C:\Windows\System\VDWFcNq.exe
  2⤵
  PID:13624
- C:\Windows\System\XGbJssS.exe
  C:\Windows\System\XGbJssS.exe
  2⤵
  PID:13656
- C:\Windows\System\zqAACEz.exe
  C:\Windows\System\zqAACEz.exe
  2⤵
  PID:13684
- C:\Windows\System\AKPVOiv.exe
  C:\Windows\System\AKPVOiv.exe
  2⤵
  PID:13704
- C:\Windows\System\aQcevtP.exe
  C:\Windows\System\aQcevtP.exe
  2⤵
  PID:13740
- C:\Windows\System\hKykmIj.exe
  C:\Windows\System\hKykmIj.exe
  2⤵
  PID:13772
- C:\Windows\System\onqAYuI.exe
  C:\Windows\System\onqAYuI.exe
  2⤵
  PID:13792
- C:\Windows\System\JsRzFkL.exe
  C:\Windows\System\JsRzFkL.exe
  2⤵
  PID:13836
- C:\Windows\System\xvBDrzt.exe
  C:\Windows\System\xvBDrzt.exe
  2⤵
  PID:13864
- C:\Windows\System\FLQCSsE.exe
  C:\Windows\System\FLQCSsE.exe
  2⤵
  PID:13904
- C:\Windows\System\blsOELy.exe
  C:\Windows\System\blsOELy.exe
  2⤵
  PID:13928
- C:\Windows\System\siyrHkr.exe
  C:\Windows\System\siyrHkr.exe
  2⤵
  PID:13964
- C:\Windows\System\hjEfAiY.exe
  C:\Windows\System\hjEfAiY.exe
  2⤵
  PID:14000
- C:\Windows\System\vNxrEpZ.exe
  C:\Windows\System\vNxrEpZ.exe
  2⤵
  PID:14036
- C:\Windows\System\PeYXcdc.exe
  C:\Windows\System\PeYXcdc.exe
  2⤵
  PID:14068
- C:\Windows\System\IPNJgpw.exe
  C:\Windows\System\IPNJgpw.exe
  2⤵
  PID:14092
- C:\Windows\System\tWHqlPn.exe
  C:\Windows\System\tWHqlPn.exe
  2⤵
  PID:14112
- C:\Windows\System\wVHjSIv.exe
  C:\Windows\System\wVHjSIv.exe
  2⤵
  PID:14136
- C:\Windows\System\cLwAaWF.exe
  C:\Windows\System\cLwAaWF.exe
  2⤵
  PID:14156
- C:\Windows\System\hwDzxym.exe
  C:\Windows\System\hwDzxym.exe
  2⤵
  PID:14176
- C:\Windows\System\TuyqnQo.exe
  C:\Windows\System\TuyqnQo.exe
  2⤵
  PID:14204
- C:\Windows\System\qwgNAWx.exe
  C:\Windows\System\qwgNAWx.exe
  2⤵
  PID:14232
- C:\Windows\System\vxRYqjR.exe
  C:\Windows\System\vxRYqjR.exe
  2⤵
  PID:14252
- C:\Windows\System\GXDiIrC.exe
  C:\Windows\System\GXDiIrC.exe
  2⤵
  PID:14276
- C:\Windows\System\WuhVzdJ.exe
  C:\Windows\System\WuhVzdJ.exe
  2⤵
  PID:14300
- C:\Windows\System\yUdPsUN.exe
  C:\Windows\System\yUdPsUN.exe
  2⤵
  PID:14320
- C:\Windows\System\wgQBROQ.exe
  C:\Windows\System\wgQBROQ.exe
  2⤵
  PID:636
- C:\Windows\System\KyKIHBX.exe
  C:\Windows\System\KyKIHBX.exe
  2⤵
  PID:13420
- C:\Windows\System\SfObJsw.exe
  C:\Windows\System\SfObJsw.exe
  2⤵
  PID:13484
- C:\Windows\System\tddRFPz.exe
  C:\Windows\System\tddRFPz.exe
  2⤵
  PID:13532
- C:\Windows\System\rLppkhC.exe
  C:\Windows\System\rLppkhC.exe
  2⤵
  PID:13652
- C:\Windows\System\mKUrwVz.exe
  C:\Windows\System\mKUrwVz.exe
  2⤵
  PID:13648
- C:\Windows\System\XnlFVif.exe
  C:\Windows\System\XnlFVif.exe
  2⤵
  PID:13676
- C:\Windows\System\swOBhfS.exe
  C:\Windows\System\swOBhfS.exe
  2⤵
  PID:13844
- C:\Windows\System\HkzNsaY.exe
  C:\Windows\System\HkzNsaY.exe
  2⤵
  PID:13956
- C:\Windows\System\DpTYGpR.exe
  C:\Windows\System\DpTYGpR.exe
  2⤵
  PID:13984
- C:\Windows\System\DPhuAzj.exe
  C:\Windows\System\DPhuAzj.exe
  2⤵
  PID:14060
- C:\Windows\System\RzcXgUv.exe
  C:\Windows\System\RzcXgUv.exe
  2⤵
  PID:14104
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14104 -s 248
    3⤵
    PID:14288
- C:\Windows\System\xEdpCuP.exe
  C:\Windows\System\xEdpCuP.exe
  2⤵
  PID:14188
- C:\Windows\System\eUGaFnu.exe
  C:\Windows\System\eUGaFnu.exe
  2⤵
  PID:14196
- C:\Windows\System\mQVfRlf.exe
  C:\Windows\System\mQVfRlf.exe
  2⤵
  PID:14248
- C:\Windows\System\OlFEMVo.exe
  C:\Windows\System\OlFEMVo.exe
  2⤵
  PID:14312
- C:\Windows\System\nurcxtP.exe
  C:\Windows\System\nurcxtP.exe
  2⤵
  PID:13112
- C:\Windows\System\ekdEzSM.exe
  C:\Windows\System\ekdEzSM.exe
  2⤵
  PID:14260
- C:\Windows\System\WsjeUDY.exe
  C:\Windows\System\WsjeUDY.exe
  2⤵
  PID:13396

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DwxTxps.exe

Filesize
1.7MB

MD5
8cb25bb87bb4b52d4b20659c9d480004

SHA1
e1916116b17d0d9478be9edd893c3a03f77cb398

SHA256
4f00eacf8d5ee70440ebaf58b199718ec3712fb6bcf0767d62bd48788faf45ff

SHA512
1ac725d50abc2e20970b66c3197b22398f6e17fe9d87fb1006a43f5550fd38e1083c798f83870a3d0d8298b6bc9a1254bc3f86d337dbe0ff49f20073a86ddc68

Download Submit
C:\Windows\System\FbUuAzC.exe

Filesize
1.7MB

MD5
fb214683c8f19a201ab05966f09e54d7

SHA1
330687e602830acbbc15c57d6eb6d4e3b140a983

SHA256
367ddf69cf4f0af1ee4dd7e613fbd32690b02cddedc9a04dfd219881ddcb7343

SHA512
46302202a6dc02415704ff16f1c677de3b0d4c51ea1cdfe0d6ebeeb08f4be9d8f2cf050c15a49ec4e98c659bf4077b04a17e9cd0b4973202a19449ed77878a69

Download Submit
C:\Windows\System\IiFAuCy.exe

Filesize
1.7MB

MD5
efb6e8a74ce8b0c4dd718731d36dfb7e

SHA1
f07a9ff40e456da963ed7702c9a8cf0562a5303a

SHA256
0d27e7ccf4821fd53d136e9f3ab0b64e5d6fd66bd326ac043ab7dcd1b08241ea

SHA512
d055e2c2fbb7f4f386394ebf422d97e239055a90c57c072e0b06a2cd7a5546cce86c42ca4e62a3e87ea378ae37cbe0294ba6a811b8feb464adad1edf3216615c

Download Submit
C:\Windows\System\JRiJPUB.exe

Filesize
1.7MB

MD5
63124ba5022309ed27cb7ec3192fb744

SHA1
3ee2361c8e3833c48b36082641a1218794922097

SHA256
f6a43d3b008dc18397bafe4591d2925fcd5bac7f200474d770940d2cc2b7861d

SHA512
918211773a90b7a40287f6ea0730e08195bb1ecfd1135d08618bb1fb74c8a12768577d21ff23f884f570a857d5be1aaa190d71f6303031db68287fdbf9e8e18f

Download Submit
C:\Windows\System\KnlRJaQ.exe

Filesize
1.7MB

MD5
abe1ac2a9c9d7fd2357c2d0d749a3bbe

SHA1
7fe316fccb9f0a7fca4112bb62027ac115d897a3

SHA256
e2aeab7163ec289df7b8d8e6d02bdaa9bdf056afd81b10d8bf967984e7cc9b9a

SHA512
1d695211555b6e7a05ac2bc11b463bd155a911f502b470313741a2cf4eb7a505293575d8f4c5e9f4cd7151a38659deab61eab2a5f288aa5f6135d5b311951d95

Download Submit
C:\Windows\System\KrjXUJF.exe

Filesize
1.7MB

MD5
ddbd4145326b1869a6f34d7587ec75d3

SHA1
96f8c503b86922b0dab18706ef2fdc1769b59af3

SHA256
6fec494d46c5a6d5a2370d0d292bd4929272edfe5cbe32904fe0d50b36569f37

SHA512
f2bceda0e0630035bd45fa626cd1a70517c3564b46e242fe82c749e2c418450ff4bb0e6e3a621328d3ad547cbe275b23548788efc033383d946b206e0d66a161

Download Submit
C:\Windows\System\MAlPnpW.exe

Filesize
1.7MB

MD5
169860b96ccc17eba044b44796db8438

SHA1
c6275dcf4db2626b7de984529370c7527f3da1b4

SHA256
d0228185bd980261188419bd8fcca35f00f14f29025ad6d834e00e9d783e1a96

SHA512
7032970d0fc65aed48b0467a000ff39d5aa0f6af194a6c513d85a4c9e7b8467879d0753f74e616e2a0c1e7c8797d491e92331f9ec070fa1a0dc0f5aad6aac360

Download Submit
C:\Windows\System\MGbHeFK.exe

Filesize
1.7MB

MD5
b9e810616b4d795bd9103663c6f14351

SHA1
233332d46c39f3d82121d4cc26653482d3fe561d

SHA256
3c1fb8a1b92ce30e10608db51e2a6c9e01d512d12f820ed5c66cc09394fe80df

SHA512
e76d65c12d2a7509e3ad1bef008af7405b522dff57612f8f6c48c22eb3be7985fbbc629f8c3f39520b0d8c91ad73cb93741d1b3e1a93c9ed9852ea4458a13938

Download Submit
C:\Windows\System\NdZhUxm.exe

Filesize
1.7MB

MD5
d2fb6074199bed1b91d18749c90dc4fd

SHA1
89edd1160fc9d4df07da48f38c023e5656a2d2f7

SHA256
fe4080565e1d1299288924f57f8a15cb3f42e63921e45d18b445612aab44e7f0

SHA512
220c875a1dfae22ae46b89ea88753246d32847578692accda0803d4e4a31ae6e517e99653c9498f956adb6b7c3d65dca12183c65ebdc812d509ddd57301eedca

Download Submit
C:\Windows\System\OIYdkqS.exe

Filesize
1.7MB

MD5
078dc0277430b94201b42707a3f57eb7

SHA1
8bbe1242098a693e7d88a282a5023734f778ce45

SHA256
4fe6815b7c70bd2ec3662be64964007a037eea7a8456c0c8ec9a95969857562d

SHA512
24356679484f85715991694f85de008623b8477ef26a353ae54dd2b37c2033b56945e7288638328f7612be589b8d172e8be4c83a7859bb8a526841f10c6635a7

Download Submit
C:\Windows\System\ObnxdFd.exe

Filesize
1.7MB

MD5
aa92b29b898251d06dc4dd0ec0ab4336

SHA1
a9676c7ae51b6790e9f3590b63ec87a960d2a169

SHA256
edec125d1b40cb82bd8c5089ea145ec6ff8a88448b394976ace8995414666e83

SHA512
03be0043e70b7b40de7339f58c81e3720a906acbed3334d6a44540e172440c9c96936fe018d800d998350aa0b54f2a4eeb65bbd6507c9b8753af024a5e4cf7de

Download Submit
C:\Windows\System\RCgeVAs.exe

Filesize
1.7MB

MD5
8303c41f8b3d46811c34ea6cbef212b4

SHA1
b4ed814fe946d3fd03979f568715a1da574edb91

SHA256
f20e62c4d98f33d0880204f2280e26d2fff259ab8f208788ebe421c8c90e7832

SHA512
4d6909a6c72347c112fd6def6e6345a21512aea95579e138e6c23e78d3e81bf3368fcf69e3a1a63302cc717871e78f415942dfb3d3b3aa6d68a2a52d725d6f51

Download Submit
C:\Windows\System\UDQhxuE.exe

Filesize
1.7MB

MD5
eb13fdda73d4e08e6f5720c9dd14ebac

SHA1
9bb29c0f2c2bc736d30e8ca75bec169ea3a4249d

SHA256
a162e4e12bd99f073884987327cd3a1583f15f2208a8b7ce72873d2878f7a244

SHA512
9efe423943092ddc856205ea654b6e4c6cc3aedb9b239bf26ea96f8240ccfdc86d87ec10ae550f1db05847d579d53b8b046c344d7b216ee18ed0ad6a415da15a

Download Submit
C:\Windows\System\VtTjUYu.exe

Filesize
1.7MB

MD5
5f099812ec0fc4563bb95d94055d7cfb

SHA1
0e6ca646525ddc88a0afe6502ea8107dcfeae5aa

SHA256
c8e9ed743294f30903c170cb15876f89b943d5a8694dad6898e1e4c06b1729b6

SHA512
73ef6b583bd63a6c45587a911d2d1d7ea01361474a595f797688acdee8b58e06472d2a0581e2e20b8b789a60757fba2935ae7522d0d2a7adabd02b931be70ef8

Download Submit
C:\Windows\System\WcGwIpW.exe

Filesize
1.7MB

MD5
5d189842620d69ba71bdcf80bfc87253

SHA1
ca36b5e85f91ed6165caca0f8c7f6ec742c1d6a6

SHA256
b0baffc9969df2328d7d61a7a3cfabd105a997589b54289b4ac7571e175d25dc

SHA512
983556aa31ab113d156f151a7ddf9bb6050e37d2e1ee4cce341878a401a6e65ba0af922c5e6130f55d016b895b5c5355da213437138fa3aeb6bfafeb7a915b31

Download Submit
C:\Windows\System\YFWBJKX.exe

Filesize
1.7MB

MD5
09dbdead379a904a6a1c84686193a293

SHA1
1426602205708f7b407a13d730360c54d2d0e9c9

SHA256
c1de8ef870c57a68c25f6fee63d00491e0121eb31f3a7bda66da5668a56af611

SHA512
50657225dd05b5106e885d9e4b95594f2fd958cb02d5787591deaa30aab5f44f5b5ab20f7c69dc7f95e365fc43eedd0c2ef807ec36196bfd3cd04d53976bd09b

Download Submit
C:\Windows\System\YstQckO.exe

Filesize
1.7MB

MD5
884abc3400aac79a90a1d699054fdbe3

SHA1
39181b6cd0a8ee56e38d0d943a50de9b01dfac11

SHA256
d4bcc34b5f2db34c6bc208704095fa4fb66caaa60b908a46a639ab9544b7e609

SHA512
bb516d77178ac3606dda06fbedf4eb1a8a16f76d67140176d156b89044ad6fcb3bc72d9b5b29467ff82172dd198376eaf2b122679055173f7ccd5b21d5d286aa

Download Submit
C:\Windows\System\ZVkQqcg.exe

Filesize
1.7MB

MD5
0b6c3d49aae5528cb81b4036b829540f

SHA1
5b0bfdb5f1f0f7f42f0ad3f9d7e2749253bc4c6f

SHA256
76724c5535527fee4afeb81a7338cfe9f01c1d80e3618372e3cf6aa6d977417e

SHA512
b3fd84458305a53843f3158cf830e1ce15d8c7d021bf09ea19aa411a83f9518f6cb638035b1776b2f6d31b06ea94c3f7a8a9d0fa89448b4fa0283308664ae3d1

Download Submit
C:\Windows\System\eibluzB.exe

Filesize
1.7MB

MD5
318d863b75c803ede3530ddb6546cbdc

SHA1
95728aeb3909cdca06b494f740c36a5a79a85d36

SHA256
360be807c881fe4a83070e61143cddec63ae1f1a8fd007eea7b79d0bed4a48cd

SHA512
7dcf51fcf1b801bc4920f174248fb71a0d870eb8ef21a55a4ddbfae22ddeabbcaca1dd89e5bccbe4a1efb40d02d2acc6d808eb63c1240b59b9d973dbffacd531

Download Submit
C:\Windows\System\gVptnuK.exe

Filesize
1.7MB

MD5
51b0cb535bbeaa9a93108edc91def4b1

SHA1
8f1625972ae4f992fb413a22cde965a3cc78a4ff

SHA256
128db297c42ca224b03cbe7171e498949956549dfc1d06dfd123046ebcd092e6

SHA512
0e81294ad9eee4bfecf2ed550f712276a46f64ae5194ce05242c2a7923cfc36c3d328622e49c9eea781fdfbaaacebc4a49ed2ca052b2e0aa3431cbab7b59f5c4

Download Submit
C:\Windows\System\gmeBpPe.exe

Filesize
1.7MB

MD5
e143d107ee7b00bfe5b7bf00bb27347d

SHA1
107c5fd86f69c508eb1b98d291f03fbba4fb7c03

SHA256
76c900b86b82ebcc765d090a304a769269862d1b00e3d08862a642599c2300d3

SHA512
71e0db42adb8dd3db7be84cf25820816ce205f899d202135911b7e9f244401aa80d38c23a863c404dc29afd0a4424de80261128d9d5379e6499a438a76b41bff

Download Submit
C:\Windows\System\icaNmIu.exe

Filesize
1.7MB

MD5
2f7ebc1f66ace8302a3252ac16111c9b

SHA1
19bb095216311db19ffc76df7d4fe9810515641a

SHA256
251ebd4db2b962d12e8935d9d218265c73bfb98c6e347728b6810d81b783f0c4

SHA512
17e673abc57c39420fca8669fb88b730c23e6e30999b8f9f80b4eadc9222244c9fb2d84e788691c177812d8f8435f46a1753f411bdbd66a0096be1f15cdd8cca

Download Submit
C:\Windows\System\mnXyhQc.exe

Filesize
1.7MB

MD5
3340f231a89c51b91981a3bf55df0340

SHA1
77dc4fe7b2522d9ac2d4cfd253994e6ba586fd1d

SHA256
be649508084340b7202dfd0a9f406cc1643b699997980dc1af4cc021f6816cd5

SHA512
1d2a4960c511a5491a47b146661e64c5621e14bb1f674a8519d355eb3962d8af546320db7cb7760313a932933d732c1c4c0569b9aef88c168c546e31b9ba1330

Download Submit
C:\Windows\System\mpConEN.exe

Filesize
1.7MB

MD5
2780866a8c61c77c6b7d4e65085c1aa1

SHA1
f86ef4ec300fa24672a47f76be3ef2026efc6444

SHA256
2983e9b8581d259a0a3424052896b625f06023582a85fe1cf316497bc78c4560

SHA512
5daddf76cfc5c97aa3865dcc1cf524541e63e91eac42933142c93dd431be9f08ee11e209ab0e3246bc81ee779a3347bc0cbb13e544211066e60803ae79433119

Download Submit
C:\Windows\System\oKbpfzm.exe

Filesize
1.7MB

MD5
ad176c447f303966a7dc76fafd511280

SHA1
c999e5ed03e14e5c043280477405bd658048011f

SHA256
cbd7e9fe73094beaa582bc8f4d22c037d3196d5dc719c7b735809a6cd95a5197

SHA512
f08d7be320777c48d27ef04036ad78dd0767b980af2da07f514dec3de9fcbbbda43ef589e0af900c89547afb8317967fb26295310ed48a9641887513dee09d73

Download Submit
C:\Windows\System\pSqesHy.exe

Filesize
1.7MB

MD5
26b5e1458c35c4f76d5ff9f72183e15f

SHA1
601cf82826f2a6cb683ba9a839b28da41671a2f5

SHA256
3cc360e17868eac76a4a06312efa454ce4edf5d3a3676f70f9d4b8e815dc79f3

SHA512
8a7aaf94868c0eee461293d0bec45a20d39a1ecec60e61767c5e23bfc029fcc2e48507e25b1c94e2524f319dc50cb23cc30b49e6df790e41ab9dd082f0b5612a

Download Submit
C:\Windows\System\qfoGUHW.exe

Filesize
1.7MB

MD5
f5e065a2e045156aed8d8e9394ad02a6

SHA1
271cc9da0a22312780282bd55572ae377ce63876

SHA256
af3c05f4648f574a9516ed60768c3d3c6f6216f1a487af4f84074e6672e75a67

SHA512
a7f779b4dfc6ab68f820bd5c703215c6e18faf8eaa40235768f65cd02d42b9a871df6e0b859f2e04a2ecbcb91525619ad938508dfc12fc87b973ab7befba3499

Download Submit
C:\Windows\System\sDAqRFA.exe

Filesize
1.7MB

MD5
70ed457240252be265bb5a4c79145480

SHA1
885043e8d77f392727f0ee8c0d0b07ee2fb2d252

SHA256
cb1f78a4afa590b5ec0934eb109ea5fb68db73c08b1bdc31be84f50b39ab8332

SHA512
233a80fff8d532d4478a4bed22b091ad4f72a29a917c4fd37b9bbb38acbac5688ce7ab95ed62b365866bc4a0183a0f5117d844fb53a58a4ec39f2f5b7d632ebd

Download Submit
C:\Windows\System\shUCjbm.exe

Filesize
1.7MB

MD5
c59c173d060bc6005560b458e328ad50

SHA1
d504241a901e04082321023ceccdd26eda975104

SHA256
7b77a6f2d8fbef54d5a6727099b221394d9216d7cd072aa6587ac8ceedf533f2

SHA512
e0f6e1e2bdfbf08c41987c389a558d1e57480b6811c5b8f689f4ac3fe88f988faab4a8f893bcbf56d9aa7a211cc5018e19ffa215ebb8d4b8f2778aec8a79fa00

Download Submit
C:\Windows\System\tXKsNos.exe

Filesize
1.7MB

MD5
fa6bdba5433c5174ed4eb9c42eb39298

SHA1
feee14ef9abb12e1afb34c2683cf2fe0354e7bcd

SHA256
af34a55ea800e10de2e8eca554526288fbaa688deb9b64af4a24a9229a301c4c

SHA512
0df9b4d6206128cafdfbd0b2289956dd7f536d5f51139881ec12b8c1ce68b2a87472d59b7ba5e08bcb2ca9f717505128070e23586094f78138bc8706db9d3012

Download Submit
C:\Windows\System\upbHVih.exe

Filesize
1.7MB

MD5
1d564bbc5feb1be052560d115bffefe8

SHA1
4e938aec925b90a4fa9e4ba5e07622951a1f4783

SHA256
beee398e7d5a01c5ca94208d76b91a4af0dc2d8735997ea0492b43051ce319e5

SHA512
f57fb16de722f8b3d6456637fbae285ac05003ac2a52bc5762e9be5597e548bc74833d96b59c403ad2207af2cb6a9fe85a73b35e9ff6673c51558bdb9ec9564f

Download Submit
C:\Windows\System\zNNfxFg.exe

Filesize
1.7MB

MD5
c867f44cc9f89d696685483ce68f4922

SHA1
a905e8ea397cfe64d47f3b2136a5a9cb726cfd7b

SHA256
4a87f29a00c1f53e47716ed2d15bb910db66d34faba92c8830e703cc1dad364d

SHA512
308ee6dab02fda96ea38ba70b1dece8e2e199c92d754df8caf7a5a36668b8b70c665ef60b076523f145e530e835a14a8b6453ea5186ee2461082ef87d145bee3

Download Submit
C:\Windows\System\ztUAEek.exe

Filesize
1.7MB

MD5
c42540f64306119a21b275d2ad21aa0e

SHA1
6bcca39bf4d3db3b4c0778b5e085c347142d0975

SHA256
f2b3f1e30935e01cc86ef5dcee78f6d4cf779d273594810f5000810014ae90c7

SHA512
18e4f97108e69dfb3a6c1f662bea9838789ee326a325a141aaf6c18213e1e7d96110a5015016b321656981e0fc95d003b2ed219031674ffaf5df83dc2b85a1af

Download Submit
memory/656-2320-0x00007FF780F30000-0x00007FF781281000-memory.dmp

Filesize
3.3MB

Download
memory/656-590-0x00007FF780F30000-0x00007FF781281000-memory.dmp

Filesize
3.3MB

Download
memory/752-2236-0x00007FF6106B0000-0x00007FF610A01000-memory.dmp

Filesize
3.3MB

Download
memory/752-2279-0x00007FF6106B0000-0x00007FF610A01000-memory.dmp

Filesize
3.3MB

Download
memory/752-78-0x00007FF6106B0000-0x00007FF610A01000-memory.dmp

Filesize
3.3MB

Download
memory/932-2257-0x00007FF79C190000-0x00007FF79C4E1000-memory.dmp

Filesize
3.3MB

Download
memory/932-10-0x00007FF79C190000-0x00007FF79C4E1000-memory.dmp

Filesize
3.3MB

Download
memory/1092-13-0x00007FF70F8A0000-0x00007FF70FBF1000-memory.dmp

Filesize
3.3MB

Download
memory/1092-2259-0x00007FF70F8A0000-0x00007FF70FBF1000-memory.dmp

Filesize
3.3MB

Download
memory/1092-2196-0x00007FF70F8A0000-0x00007FF70FBF1000-memory.dmp

Filesize
3.3MB

Download
memory/1216-576-0x00007FF73B040000-0x00007FF73B391000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2303-0x00007FF73B040000-0x00007FF73B391000-memory.dmp

Filesize
3.3MB

Download
memory/1360-2198-0x00007FF75BB80000-0x00007FF75BED1000-memory.dmp

Filesize
3.3MB

Download
memory/1360-57-0x00007FF75BB80000-0x00007FF75BED1000-memory.dmp

Filesize
3.3MB

Download
memory/1360-2265-0x00007FF75BB80000-0x00007FF75BED1000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2271-0x00007FF6BD370000-0x00007FF6BD6C1000-memory.dmp

Filesize
3.3MB

Download
memory/1692-58-0x00007FF6BD370000-0x00007FF6BD6C1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-2206-0x00007FF778B50000-0x00007FF778EA1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-62-0x00007FF778B50000-0x00007FF778EA1000-memory.dmp

Filesize
3.3MB

Download
memory/1972-2275-0x00007FF778B50000-0x00007FF778EA1000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2293-0x00007FF7EC530000-0x00007FF7EC881000-memory.dmp

Filesize
3.3MB

Download
memory/2172-563-0x00007FF7EC530000-0x00007FF7EC881000-memory.dmp

Filesize
3.3MB

Download
memory/2200-2315-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp

Filesize
3.3MB

Download
memory/2200-596-0x00007FF7DDF30000-0x00007FF7DE281000-memory.dmp

Filesize
3.3MB

Download
memory/2208-2263-0x00007FF65EFC0000-0x00007FF65F311000-memory.dmp

Filesize
3.3MB

Download
memory/2208-42-0x00007FF65EFC0000-0x00007FF65F311000-memory.dmp

Filesize
3.3MB

Download
memory/2244-562-0x00007FF6B1E60000-0x00007FF6B21B1000-memory.dmp

Filesize
3.3MB

Download
memory/2244-2291-0x00007FF6B1E60000-0x00007FF6B21B1000-memory.dmp

Filesize
3.3MB

Download
memory/2272-75-0x00007FF63B490000-0x00007FF63B7E1000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2281-0x00007FF63B490000-0x00007FF63B7E1000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2235-0x00007FF63B490000-0x00007FF63B7E1000-memory.dmp

Filesize
3.3MB

Download
memory/2360-2289-0x00007FF6D2E00000-0x00007FF6D3151000-memory.dmp

Filesize
3.3MB

Download
memory/2360-561-0x00007FF6D2E00000-0x00007FF6D3151000-memory.dmp

Filesize
3.3MB

Download
memory/2968-568-0x00007FF757660000-0x00007FF7579B1000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2299-0x00007FF757660000-0x00007FF7579B1000-memory.dmp

Filesize
3.3MB

Download
memory/3128-559-0x00007FF7FBD70000-0x00007FF7FC0C1000-memory.dmp

Filesize
3.3MB

Download
memory/3128-2285-0x00007FF7FBD70000-0x00007FF7FC0C1000-memory.dmp

Filesize
3.3MB

Download
memory/3144-1-0x000002D2A8D90000-0x000002D2A8DA0000-memory.dmp

Filesize
64KB

Download
memory/3144-0-0x00007FF77E350000-0x00007FF77E6A1000-memory.dmp

Filesize
3.3MB

Download
memory/3192-43-0x00007FF6F3840000-0x00007FF6F3B91000-memory.dmp

Filesize
3.3MB

Download
memory/3192-2205-0x00007FF6F3840000-0x00007FF6F3B91000-memory.dmp

Filesize
3.3MB

Download
memory/3192-2267-0x00007FF6F3840000-0x00007FF6F3B91000-memory.dmp

Filesize
3.3MB

Download
memory/3196-558-0x00007FF679010000-0x00007FF679361000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2283-0x00007FF679010000-0x00007FF679361000-memory.dmp

Filesize
3.3MB

Download
memory/3204-581-0x00007FF7B51D0000-0x00007FF7B5521000-memory.dmp

Filesize
3.3MB

Download
memory/3204-2305-0x00007FF7B51D0000-0x00007FF7B5521000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2197-0x00007FF741940000-0x00007FF741C91000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2269-0x00007FF741940000-0x00007FF741C91000-memory.dmp

Filesize
3.3MB

Download
memory/3508-52-0x00007FF741940000-0x00007FF741C91000-memory.dmp

Filesize
3.3MB

Download
memory/3516-567-0x00007FF7F0D20000-0x00007FF7F1071000-memory.dmp

Filesize
3.3MB

Download
memory/3516-2297-0x00007FF7F0D20000-0x00007FF7F1071000-memory.dmp

Filesize
3.3MB

Download
memory/3560-69-0x00007FF615D00000-0x00007FF616051000-memory.dmp

Filesize
3.3MB

Download
memory/3560-2274-0x00007FF615D00000-0x00007FF616051000-memory.dmp

Filesize
3.3MB

Download
memory/3560-2211-0x00007FF615D00000-0x00007FF616051000-memory.dmp

Filesize
3.3MB

Download
memory/3752-593-0x00007FF65BD00000-0x00007FF65C051000-memory.dmp

Filesize
3.3MB

Download
memory/3752-2330-0x00007FF65BD00000-0x00007FF65C051000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2287-0x00007FF61C830000-0x00007FF61CB81000-memory.dmp

Filesize
3.3MB

Download
memory/4552-560-0x00007FF61C830000-0x00007FF61CB81000-memory.dmp

Filesize
3.3MB

Download
memory/4816-25-0x00007FF7BED90000-0x00007FF7BF0E1000-memory.dmp

Filesize
3.3MB

Download
memory/4816-2261-0x00007FF7BED90000-0x00007FF7BF0E1000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2234-0x00007FF6D9B70000-0x00007FF6D9EC1000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2277-0x00007FF6D9B70000-0x00007FF6D9EC1000-memory.dmp

Filesize
3.3MB

Download
memory/4896-74-0x00007FF6D9B70000-0x00007FF6D9EC1000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2295-0x00007FF62E8C0000-0x00007FF62EC11000-memory.dmp

Filesize
3.3MB

Download
memory/4908-564-0x00007FF62E8C0000-0x00007FF62EC11000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2307-0x00007FF6CDFD0000-0x00007FF6CE321000-memory.dmp

Filesize
3.3MB

Download
memory/4960-574-0x00007FF6CDFD0000-0x00007FF6CE321000-memory.dmp

Filesize
3.3MB

Download
memory/5040-2301-0x00007FF7BC320000-0x00007FF7BC671000-memory.dmp

Filesize
3.3MB

Download
memory/5040-589-0x00007FF7BC320000-0x00007FF7BC671000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads