xmrig | 3fa8c739a1bfb1ba4ee222b40d4c18a5f1ca45acacb72ac1bba87f94b6ea1e74

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 02:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
Size

2.5MB
MD5

2cef15fca518f2c9a34bb2aa8a438fe0
SHA1

0aed0defbcc056ae198c2ccf3609a442839c4ada
SHA256

3fa8c739a1bfb1ba4ee222b40d4c18a5f1ca45acacb72ac1bba87f94b6ea1e74
SHA512

ca1bff2bbe3d1b0adf35b974bcedd9f3bdb6c9018c4af22ca48394d3a318f700a73b1c6f51773fb854fa7550a5792b6eb657e5f66702b857a43fd18c55a9cb54
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQlqOdg6VLEL3e73DpSz:oemTLkNdfE0pZrQS

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4040-0-0x00007FF797390000-0x00007FF7976E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023276-5.dat	xmrig
behavioral2/memory/4124-11-0x00007FF72F9A0000-0x00007FF72FCF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-17.dat	xmrig
behavioral2/files/0x0008000000023416-18.dat	xmrig
behavioral2/memory/3604-38-0x00007FF776C40000-0x00007FF776F94000-memory.dmp	xmrig
behavioral2/files/0x000700000002341f-39.dat	xmrig
behavioral2/files/0x0007000000023421-47.dat	xmrig
behavioral2/files/0x000700000002341e-46.dat	xmrig
behavioral2/files/0x0007000000023427-84.dat	xmrig
behavioral2/files/0x0007000000023424-97.dat	xmrig
behavioral2/files/0x000700000002342a-108.dat	xmrig
behavioral2/memory/4080-114-0x00007FF6D6AB0000-0x00007FF6D6E04000-memory.dmp	xmrig
behavioral2/memory/2516-118-0x00007FF7673F0000-0x00007FF767744000-memory.dmp	xmrig
behavioral2/memory/3464-122-0x00007FF7FBCC0000-0x00007FF7FC014000-memory.dmp	xmrig
behavioral2/memory/5012-121-0x00007FF6C88B0000-0x00007FF6C8C04000-memory.dmp	xmrig
behavioral2/memory/4248-120-0x00007FF62CB00000-0x00007FF62CE54000-memory.dmp	xmrig
behavioral2/memory/3084-119-0x00007FF66E050000-0x00007FF66E3A4000-memory.dmp	xmrig
behavioral2/memory/4348-117-0x00007FF711C50000-0x00007FF711FA4000-memory.dmp	xmrig
behavioral2/memory/4536-116-0x00007FF75ECC0000-0x00007FF75F014000-memory.dmp	xmrig
behavioral2/memory/4092-115-0x00007FF74EAB0000-0x00007FF74EE04000-memory.dmp	xmrig
behavioral2/memory/3460-113-0x00007FF7DE380000-0x00007FF7DE6D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-111.dat	xmrig
behavioral2/memory/4760-110-0x00007FF7686C0000-0x00007FF768A14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-106.dat	xmrig
behavioral2/files/0x0007000000023428-104.dat	xmrig
behavioral2/memory/2076-101-0x00007FF61F7C0000-0x00007FF61FB14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023425-99.dat	xmrig
behavioral2/files/0x0007000000023423-95.dat	xmrig
behavioral2/memory/4904-91-0x00007FF6E5600000-0x00007FF6E5954000-memory.dmp	xmrig
behavioral2/memory/2524-90-0x00007FF742000000-0x00007FF742354000-memory.dmp	xmrig
behavioral2/files/0x0007000000023422-85.dat	xmrig
behavioral2/files/0x0007000000023426-79.dat	xmrig
behavioral2/memory/1516-74-0x00007FF62E8F0000-0x00007FF62EC44000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-64.dat	xmrig
behavioral2/memory/4360-54-0x00007FF6D7CE0000-0x00007FF6D8034000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-61.dat	xmrig
behavioral2/files/0x000700000002341c-45.dat	xmrig
behavioral2/memory/4964-34-0x00007FF6AD820000-0x00007FF6ADB74000-memory.dmp	xmrig
behavioral2/memory/4016-23-0x00007FF721B10000-0x00007FF721E64000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-20.dat	xmrig
behavioral2/files/0x000700000002342c-125.dat	xmrig
behavioral2/files/0x0008000000023417-128.dat	xmrig
behavioral2/files/0x000700000002342d-139.dat	xmrig
behavioral2/files/0x0007000000023430-143.dat	xmrig
behavioral2/files/0x0007000000023436-178.dat	xmrig
behavioral2/files/0x0007000000023435-184.dat	xmrig
behavioral2/files/0x0007000000023437-190.dat	xmrig
behavioral2/memory/4632-192-0x00007FF7A6BF0000-0x00007FF7A6F44000-memory.dmp	xmrig
behavioral2/memory/3660-186-0x00007FF72C460000-0x00007FF72C7B4000-memory.dmp	xmrig
behavioral2/memory/1272-182-0x00007FF7A7870000-0x00007FF7A7BC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-179.dat	xmrig
behavioral2/memory/400-174-0x00007FF79F510000-0x00007FF79F864000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-169.dat	xmrig
behavioral2/files/0x0007000000023433-176.dat	xmrig
behavioral2/memory/1952-166-0x00007FF6E02F0000-0x00007FF6E0644000-memory.dmp	xmrig
behavioral2/files/0x0007000000023431-167.dat	xmrig
behavioral2/memory/4328-158-0x00007FF6AFFC0000-0x00007FF6B0314000-memory.dmp	xmrig
behavioral2/memory/3240-149-0x00007FF6FBFD0000-0x00007FF6FC324000-memory.dmp	xmrig
behavioral2/files/0x000700000002342f-146.dat	xmrig
behavioral2/memory/556-138-0x00007FF7C00D0000-0x00007FF7C0424000-memory.dmp	xmrig
behavioral2/memory/2124-132-0x00007FF7D7730000-0x00007FF7D7A84000-memory.dmp	xmrig
behavioral2/memory/4360-886-0x00007FF6D7CE0000-0x00007FF6D8034000-memory.dmp	xmrig
behavioral2/memory/4040-1271-0x00007FF797390000-0x00007FF7976E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4124	ThIwbwe.exe
4016	cqvwYKR.exe
4964	lzJtPVO.exe
3604	GqDigrL.exe
4348	oiQbeoq.exe
4360	vTLZRLC.exe
2516	CGknSMA.exe
1516	ZAYltdi.exe
3084	gEqdlqA.exe
2524	VzuXuKX.exe
4904	bbsPNbM.exe
4248	PXkBPyw.exe
2076	WZgUehI.exe
4760	xpcgwUk.exe
5012	UNyTpJp.exe
3460	kXiLxdL.exe
4080	bVzQbXZ.exe
4092	srfHELQ.exe
4536	wpbtFba.exe
3464	HoeNnrL.exe
2124	PnIseXg.exe
556	tbiZwpW.exe
3240	qsBOYcp.exe
4328	xJVTFZa.exe
1272	SDlUzEu.exe
3660	PEZieDa.exe
4632	tRmxtTH.exe
1952	NohadGo.exe
400	GWHTzrJ.exe
2308	zuqBqGz.exe
644	oxQhZLF.exe
4384	iVHquFN.exe
4588	FMHPULy.exe
916	kOLfaBd.exe
3484	PLaCzZV.exe
808	OlViJop.exe
628	WuykHnt.exe
2272	hmtnmMh.exe
4572	TwtXiwB.exe
1296	dCBSABU.exe
4692	uJFeqLJ.exe
4436	FlyHmtN.exe
2928	tSaNbfC.exe
1812	yKSRAqy.exe
2296	zaHAdzU.exe
4712	oayaqhv.exe
4752	UVtBUCf.exe
2504	PyZAWjY.exe
3964	ELaFxST.exe
696	ofmYnJg.exe
4880	HubpTOt.exe
3468	IdhgJtD.exe
3868	WmFqEot.exe
980	HWIIoNn.exe
3832	ENSmUCO.exe
3384	kEwQwiu.exe
3564	cybJBXs.exe
3300	nArPqzt.exe
3264	LFKUAwS.exe
1552	YFzzlQE.exe
912	zXllRfJ.exe
3020	trRlzPq.exe
4008	gyosMTh.exe
8	bnagEyk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4040-0-0x00007FF797390000-0x00007FF7976E4000-memory.dmp	upx
behavioral2/files/0x0007000000023276-5.dat	upx
behavioral2/memory/4124-11-0x00007FF72F9A0000-0x00007FF72FCF4000-memory.dmp	upx
behavioral2/files/0x000700000002341b-17.dat	upx
behavioral2/files/0x0008000000023416-18.dat	upx
behavioral2/memory/3604-38-0x00007FF776C40000-0x00007FF776F94000-memory.dmp	upx
behavioral2/files/0x000700000002341f-39.dat	upx
behavioral2/files/0x0007000000023421-47.dat	upx
behavioral2/files/0x000700000002341e-46.dat	upx
behavioral2/files/0x0007000000023427-84.dat	upx
behavioral2/files/0x0007000000023424-97.dat	upx
behavioral2/files/0x000700000002342a-108.dat	upx
behavioral2/memory/4080-114-0x00007FF6D6AB0000-0x00007FF6D6E04000-memory.dmp	upx
behavioral2/memory/2516-118-0x00007FF7673F0000-0x00007FF767744000-memory.dmp	upx
behavioral2/memory/3464-122-0x00007FF7FBCC0000-0x00007FF7FC014000-memory.dmp	upx
behavioral2/memory/5012-121-0x00007FF6C88B0000-0x00007FF6C8C04000-memory.dmp	upx
behavioral2/memory/4248-120-0x00007FF62CB00000-0x00007FF62CE54000-memory.dmp	upx
behavioral2/memory/3084-119-0x00007FF66E050000-0x00007FF66E3A4000-memory.dmp	upx
behavioral2/memory/4348-117-0x00007FF711C50000-0x00007FF711FA4000-memory.dmp	upx
behavioral2/memory/4536-116-0x00007FF75ECC0000-0x00007FF75F014000-memory.dmp	upx
behavioral2/memory/4092-115-0x00007FF74EAB0000-0x00007FF74EE04000-memory.dmp	upx
behavioral2/memory/3460-113-0x00007FF7DE380000-0x00007FF7DE6D4000-memory.dmp	upx
behavioral2/files/0x000700000002342b-111.dat	upx
behavioral2/memory/4760-110-0x00007FF7686C0000-0x00007FF768A14000-memory.dmp	upx
behavioral2/files/0x0007000000023429-106.dat	upx
behavioral2/files/0x0007000000023428-104.dat	upx
behavioral2/memory/2076-101-0x00007FF61F7C0000-0x00007FF61FB14000-memory.dmp	upx
behavioral2/files/0x0007000000023425-99.dat	upx
behavioral2/files/0x0007000000023423-95.dat	upx
behavioral2/memory/4904-91-0x00007FF6E5600000-0x00007FF6E5954000-memory.dmp	upx
behavioral2/memory/2524-90-0x00007FF742000000-0x00007FF742354000-memory.dmp	upx
behavioral2/files/0x0007000000023422-85.dat	upx
behavioral2/files/0x0007000000023426-79.dat	upx
behavioral2/memory/1516-74-0x00007FF62E8F0000-0x00007FF62EC44000-memory.dmp	upx
behavioral2/files/0x000700000002341d-64.dat	upx
behavioral2/memory/4360-54-0x00007FF6D7CE0000-0x00007FF6D8034000-memory.dmp	upx
behavioral2/files/0x0007000000023420-61.dat	upx
behavioral2/files/0x000700000002341c-45.dat	upx
behavioral2/memory/4964-34-0x00007FF6AD820000-0x00007FF6ADB74000-memory.dmp	upx
behavioral2/memory/4016-23-0x00007FF721B10000-0x00007FF721E64000-memory.dmp	upx
behavioral2/files/0x000700000002341a-20.dat	upx
behavioral2/files/0x000700000002342c-125.dat	upx
behavioral2/files/0x0008000000023417-128.dat	upx
behavioral2/files/0x000700000002342d-139.dat	upx
behavioral2/files/0x0007000000023430-143.dat	upx
behavioral2/files/0x0007000000023436-178.dat	upx
behavioral2/files/0x0007000000023435-184.dat	upx
behavioral2/files/0x0007000000023437-190.dat	upx
behavioral2/memory/4632-192-0x00007FF7A6BF0000-0x00007FF7A6F44000-memory.dmp	upx
behavioral2/memory/3660-186-0x00007FF72C460000-0x00007FF72C7B4000-memory.dmp	upx
behavioral2/memory/1272-182-0x00007FF7A7870000-0x00007FF7A7BC4000-memory.dmp	upx
behavioral2/files/0x0007000000023434-179.dat	upx
behavioral2/memory/400-174-0x00007FF79F510000-0x00007FF79F864000-memory.dmp	upx
behavioral2/files/0x0007000000023432-169.dat	upx
behavioral2/files/0x0007000000023433-176.dat	upx
behavioral2/memory/1952-166-0x00007FF6E02F0000-0x00007FF6E0644000-memory.dmp	upx
behavioral2/files/0x0007000000023431-167.dat	upx
behavioral2/memory/4328-158-0x00007FF6AFFC0000-0x00007FF6B0314000-memory.dmp	upx
behavioral2/memory/3240-149-0x00007FF6FBFD0000-0x00007FF6FC324000-memory.dmp	upx
behavioral2/files/0x000700000002342f-146.dat	upx
behavioral2/memory/556-138-0x00007FF7C00D0000-0x00007FF7C0424000-memory.dmp	upx
behavioral2/memory/2124-132-0x00007FF7D7730000-0x00007FF7D7A84000-memory.dmp	upx
behavioral2/memory/4360-886-0x00007FF6D7CE0000-0x00007FF6D8034000-memory.dmp	upx
behavioral2/memory/4040-1271-0x00007FF797390000-0x00007FF7976E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tMjgUkQ.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\cqvwYKR.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\CfclgWI.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\jCNWcRr.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\tyVZexH.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\FPcHFQK.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\GKOeDCc.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\sRkYcuY.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\femAtRZ.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\PyZAWjY.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\VYlLSdr.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\CTumjDh.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\bvFXGkz.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\zLqdets.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\HWIIoNn.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\zGDajxX.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\VtsTmdJ.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\DFhrVfX.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\BrTFGHi.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\mEuSnYA.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\hLiUHfL.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\tQMTHHG.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\QWVINeL.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\WeKeoYO.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\aRcthIZ.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\djYbOnt.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\baLMSZD.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\qZggwUC.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\eRYrczz.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\xXBJkea.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\zmufpJY.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\loUwsfA.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\SWIXUdx.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\SofQmKB.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\GQXSLbX.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\lFsZqcs.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\zGLfxNb.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\sfGwjoX.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\igwCsck.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\mWTAAty.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\VRgYJjd.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\RRYBnxK.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\depidFP.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\FKVLLfY.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\HLAZGMr.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\FUDvXtP.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\jHDVbgt.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\cvCunSV.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\vitXjIh.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\YaeOfKw.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\OerXNmx.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\qyTXJyD.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\jdlhxRc.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\YqlZFzm.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\jaruhrY.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\foGvfIq.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\TbaJvCT.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\lbBaXVY.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\lLjrpNN.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\hLzSIGX.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\FRxHcde.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\JryVBbi.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\RSnMtcg.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
File created	C:\Windows\System\SqGQHEo.exe	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14700	dwm.exe
Token: SeChangeNotifyPrivilege	14700	dwm.exe
Token: 33	14700	dwm.exe
Token: SeIncBasePriorityPrivilege	14700	dwm.exe
Token: SeShutdownPrivilege	14700	dwm.exe
Token: SeCreatePagefilePrivilege	14700	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 4124	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	83
PID 4040 wrote to memory of 4124	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	83
PID 4040 wrote to memory of 4016	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	84
PID 4040 wrote to memory of 4016	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	84
PID 4040 wrote to memory of 4964	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	85
PID 4040 wrote to memory of 4964	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	85
PID 4040 wrote to memory of 3604	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	86
PID 4040 wrote to memory of 3604	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	86
PID 4040 wrote to memory of 4348	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	87
PID 4040 wrote to memory of 4348	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	87
PID 4040 wrote to memory of 4360	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	88
PID 4040 wrote to memory of 4360	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	88
PID 4040 wrote to memory of 3084	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	89
PID 4040 wrote to memory of 3084	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	89
PID 4040 wrote to memory of 2516	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	90
PID 4040 wrote to memory of 2516	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	90
PID 4040 wrote to memory of 1516	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	91
PID 4040 wrote to memory of 1516	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	91
PID 4040 wrote to memory of 2524	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	92
PID 4040 wrote to memory of 2524	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	92
PID 4040 wrote to memory of 4904	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	93
PID 4040 wrote to memory of 4904	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	93
PID 4040 wrote to memory of 4248	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	94
PID 4040 wrote to memory of 4248	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	94
PID 4040 wrote to memory of 2076	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	95
PID 4040 wrote to memory of 2076	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	95
PID 4040 wrote to memory of 4760	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	96
PID 4040 wrote to memory of 4760	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	96
PID 4040 wrote to memory of 5012	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	97
PID 4040 wrote to memory of 5012	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	97
PID 4040 wrote to memory of 3460	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	98
PID 4040 wrote to memory of 3460	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	98
PID 4040 wrote to memory of 4080	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	99
PID 4040 wrote to memory of 4080	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	99
PID 4040 wrote to memory of 4092	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	100
PID 4040 wrote to memory of 4092	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	100
PID 4040 wrote to memory of 4536	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	101
PID 4040 wrote to memory of 4536	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	101
PID 4040 wrote to memory of 3464	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	102
PID 4040 wrote to memory of 3464	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	102
PID 4040 wrote to memory of 2124	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	103
PID 4040 wrote to memory of 2124	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	103
PID 4040 wrote to memory of 556	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	104
PID 4040 wrote to memory of 556	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	104
PID 4040 wrote to memory of 3240	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	105
PID 4040 wrote to memory of 3240	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	105
PID 4040 wrote to memory of 4328	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	106
PID 4040 wrote to memory of 4328	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	106
PID 4040 wrote to memory of 1272	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	107
PID 4040 wrote to memory of 1272	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	107
PID 4040 wrote to memory of 3660	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	108
PID 4040 wrote to memory of 3660	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	108
PID 4040 wrote to memory of 4632	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	109
PID 4040 wrote to memory of 4632	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	109
PID 4040 wrote to memory of 1952	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	110
PID 4040 wrote to memory of 1952	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	110
PID 4040 wrote to memory of 400	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	111
PID 4040 wrote to memory of 400	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	111
PID 4040 wrote to memory of 2308	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	112
PID 4040 wrote to memory of 2308	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	112
PID 4040 wrote to memory of 644	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	113
PID 4040 wrote to memory of 644	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	113
PID 4040 wrote to memory of 4384	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	114
PID 4040 wrote to memory of 4384	4040	2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2cef15fca518f2c9a34bb2aa8a438fe0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Windows\System\ThIwbwe.exe
  C:\Windows\System\ThIwbwe.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\cqvwYKR.exe
  C:\Windows\System\cqvwYKR.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\lzJtPVO.exe
  C:\Windows\System\lzJtPVO.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\GqDigrL.exe
  C:\Windows\System\GqDigrL.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\oiQbeoq.exe
  C:\Windows\System\oiQbeoq.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\vTLZRLC.exe
  C:\Windows\System\vTLZRLC.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\gEqdlqA.exe
  C:\Windows\System\gEqdlqA.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\CGknSMA.exe
  C:\Windows\System\CGknSMA.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ZAYltdi.exe
  C:\Windows\System\ZAYltdi.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\VzuXuKX.exe
  C:\Windows\System\VzuXuKX.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\bbsPNbM.exe
  C:\Windows\System\bbsPNbM.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\PXkBPyw.exe
  C:\Windows\System\PXkBPyw.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\WZgUehI.exe
  C:\Windows\System\WZgUehI.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\xpcgwUk.exe
  C:\Windows\System\xpcgwUk.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\UNyTpJp.exe
  C:\Windows\System\UNyTpJp.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\kXiLxdL.exe
  C:\Windows\System\kXiLxdL.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\bVzQbXZ.exe
  C:\Windows\System\bVzQbXZ.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\srfHELQ.exe
  C:\Windows\System\srfHELQ.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\wpbtFba.exe
  C:\Windows\System\wpbtFba.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\HoeNnrL.exe
  C:\Windows\System\HoeNnrL.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\PnIseXg.exe
  C:\Windows\System\PnIseXg.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\tbiZwpW.exe
  C:\Windows\System\tbiZwpW.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\qsBOYcp.exe
  C:\Windows\System\qsBOYcp.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\xJVTFZa.exe
  C:\Windows\System\xJVTFZa.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\SDlUzEu.exe
  C:\Windows\System\SDlUzEu.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\PEZieDa.exe
  C:\Windows\System\PEZieDa.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\tRmxtTH.exe
  C:\Windows\System\tRmxtTH.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\NohadGo.exe
  C:\Windows\System\NohadGo.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\GWHTzrJ.exe
  C:\Windows\System\GWHTzrJ.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\zuqBqGz.exe
  C:\Windows\System\zuqBqGz.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\oxQhZLF.exe
  C:\Windows\System\oxQhZLF.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\iVHquFN.exe
  C:\Windows\System\iVHquFN.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\FMHPULy.exe
  C:\Windows\System\FMHPULy.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\kOLfaBd.exe
  C:\Windows\System\kOLfaBd.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\PLaCzZV.exe
  C:\Windows\System\PLaCzZV.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\OlViJop.exe
  C:\Windows\System\OlViJop.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\WuykHnt.exe
  C:\Windows\System\WuykHnt.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\hmtnmMh.exe
  C:\Windows\System\hmtnmMh.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\TwtXiwB.exe
  C:\Windows\System\TwtXiwB.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\dCBSABU.exe
  C:\Windows\System\dCBSABU.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\uJFeqLJ.exe
  C:\Windows\System\uJFeqLJ.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\FlyHmtN.exe
  C:\Windows\System\FlyHmtN.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\tSaNbfC.exe
  C:\Windows\System\tSaNbfC.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\yKSRAqy.exe
  C:\Windows\System\yKSRAqy.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\zaHAdzU.exe
  C:\Windows\System\zaHAdzU.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\oayaqhv.exe
  C:\Windows\System\oayaqhv.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\UVtBUCf.exe
  C:\Windows\System\UVtBUCf.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\PyZAWjY.exe
  C:\Windows\System\PyZAWjY.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\ELaFxST.exe
  C:\Windows\System\ELaFxST.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\ofmYnJg.exe
  C:\Windows\System\ofmYnJg.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\HubpTOt.exe
  C:\Windows\System\HubpTOt.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\IdhgJtD.exe
  C:\Windows\System\IdhgJtD.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\WmFqEot.exe
  C:\Windows\System\WmFqEot.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\HWIIoNn.exe
  C:\Windows\System\HWIIoNn.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\ENSmUCO.exe
  C:\Windows\System\ENSmUCO.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\kEwQwiu.exe
  C:\Windows\System\kEwQwiu.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\cybJBXs.exe
  C:\Windows\System\cybJBXs.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\nArPqzt.exe
  C:\Windows\System\nArPqzt.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\LFKUAwS.exe
  C:\Windows\System\LFKUAwS.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\YFzzlQE.exe
  C:\Windows\System\YFzzlQE.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\zXllRfJ.exe
  C:\Windows\System\zXllRfJ.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\trRlzPq.exe
  C:\Windows\System\trRlzPq.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\gyosMTh.exe
  C:\Windows\System\gyosMTh.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\bnagEyk.exe
  C:\Windows\System\bnagEyk.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\YcHnDPT.exe
  C:\Windows\System\YcHnDPT.exe
  2⤵
  PID:2464
- C:\Windows\System\KPIninG.exe
  C:\Windows\System\KPIninG.exe
  2⤵
  PID:4988
- C:\Windows\System\ebYASXs.exe
  C:\Windows\System\ebYASXs.exe
  2⤵
  PID:2480
- C:\Windows\System\zGDajxX.exe
  C:\Windows\System\zGDajxX.exe
  2⤵
  PID:1648
- C:\Windows\System\rebhUno.exe
  C:\Windows\System\rebhUno.exe
  2⤵
  PID:740
- C:\Windows\System\YerMwjw.exe
  C:\Windows\System\YerMwjw.exe
  2⤵
  PID:2280
- C:\Windows\System\qZggwUC.exe
  C:\Windows\System\qZggwUC.exe
  2⤵
  PID:4980
- C:\Windows\System\vUFZuTP.exe
  C:\Windows\System\vUFZuTP.exe
  2⤵
  PID:4196
- C:\Windows\System\JzgYRVW.exe
  C:\Windows\System\JzgYRVW.exe
  2⤵
  PID:2560
- C:\Windows\System\LQcqVXt.exe
  C:\Windows\System\LQcqVXt.exe
  2⤵
  PID:2900
- C:\Windows\System\qTsPajJ.exe
  C:\Windows\System\qTsPajJ.exe
  2⤵
  PID:3120
- C:\Windows\System\NYmpEUE.exe
  C:\Windows\System\NYmpEUE.exe
  2⤵
  PID:3016
- C:\Windows\System\ujQatmp.exe
  C:\Windows\System\ujQatmp.exe
  2⤵
  PID:1084
- C:\Windows\System\GoBheHU.exe
  C:\Windows\System\GoBheHU.exe
  2⤵
  PID:3756
- C:\Windows\System\cdXgSJf.exe
  C:\Windows\System\cdXgSJf.exe
  2⤵
  PID:1872
- C:\Windows\System\cuCoZhr.exe
  C:\Windows\System\cuCoZhr.exe
  2⤵
  PID:1760
- C:\Windows\System\diUoCXv.exe
  C:\Windows\System\diUoCXv.exe
  2⤵
  PID:2364
- C:\Windows\System\gZblNUf.exe
  C:\Windows\System\gZblNUf.exe
  2⤵
  PID:2444
- C:\Windows\System\KgFSaeI.exe
  C:\Windows\System\KgFSaeI.exe
  2⤵
  PID:332
- C:\Windows\System\wJdBSsG.exe
  C:\Windows\System\wJdBSsG.exe
  2⤵
  PID:1668
- C:\Windows\System\LaAjeEH.exe
  C:\Windows\System\LaAjeEH.exe
  2⤵
  PID:1032
- C:\Windows\System\ogwIVSq.exe
  C:\Windows\System\ogwIVSq.exe
  2⤵
  PID:4780
- C:\Windows\System\sNVKPUo.exe
  C:\Windows\System\sNVKPUo.exe
  2⤵
  PID:4884
- C:\Windows\System\wzfEMYn.exe
  C:\Windows\System\wzfEMYn.exe
  2⤵
  PID:1860
- C:\Windows\System\RRYBnxK.exe
  C:\Windows\System\RRYBnxK.exe
  2⤵
  PID:1484
- C:\Windows\System\wHVZMMk.exe
  C:\Windows\System\wHVZMMk.exe
  2⤵
  PID:2100
- C:\Windows\System\MqEqbss.exe
  C:\Windows\System\MqEqbss.exe
  2⤵
  PID:3892
- C:\Windows\System\KwuUNqX.exe
  C:\Windows\System\KwuUNqX.exe
  2⤵
  PID:4352
- C:\Windows\System\UVJPUXg.exe
  C:\Windows\System\UVJPUXg.exe
  2⤵
  PID:3696
- C:\Windows\System\OwMEXXR.exe
  C:\Windows\System\OwMEXXR.exe
  2⤵
  PID:4480
- C:\Windows\System\ikvOJIJ.exe
  C:\Windows\System\ikvOJIJ.exe
  2⤵
  PID:4220
- C:\Windows\System\fAIUDIy.exe
  C:\Windows\System\fAIUDIy.exe
  2⤵
  PID:1432
- C:\Windows\System\jZfijKl.exe
  C:\Windows\System\jZfijKl.exe
  2⤵
  PID:5132
- C:\Windows\System\NfWtrng.exe
  C:\Windows\System\NfWtrng.exe
  2⤵
  PID:5156
- C:\Windows\System\rHPdPHF.exe
  C:\Windows\System\rHPdPHF.exe
  2⤵
  PID:5192
- C:\Windows\System\oEJSDqO.exe
  C:\Windows\System\oEJSDqO.exe
  2⤵
  PID:5220
- C:\Windows\System\VYlLSdr.exe
  C:\Windows\System\VYlLSdr.exe
  2⤵
  PID:5248
- C:\Windows\System\snSwLXQ.exe
  C:\Windows\System\snSwLXQ.exe
  2⤵
  PID:5276
- C:\Windows\System\pyhfTnm.exe
  C:\Windows\System\pyhfTnm.exe
  2⤵
  PID:5304
- C:\Windows\System\InLYkKl.exe
  C:\Windows\System\InLYkKl.exe
  2⤵
  PID:5332
- C:\Windows\System\qdgHPnN.exe
  C:\Windows\System\qdgHPnN.exe
  2⤵
  PID:5360
- C:\Windows\System\QofJmYw.exe
  C:\Windows\System\QofJmYw.exe
  2⤵
  PID:5388
- C:\Windows\System\hTRvmWM.exe
  C:\Windows\System\hTRvmWM.exe
  2⤵
  PID:5420
- C:\Windows\System\ALSnJFm.exe
  C:\Windows\System\ALSnJFm.exe
  2⤵
  PID:5436
- C:\Windows\System\GgUBjUL.exe
  C:\Windows\System\GgUBjUL.exe
  2⤵
  PID:5464
- C:\Windows\System\QtJlgWr.exe
  C:\Windows\System\QtJlgWr.exe
  2⤵
  PID:5496
- C:\Windows\System\eQfksNL.exe
  C:\Windows\System\eQfksNL.exe
  2⤵
  PID:5524
- C:\Windows\System\UTYTrGI.exe
  C:\Windows\System\UTYTrGI.exe
  2⤵
  PID:5556
- C:\Windows\System\ZHjIuNz.exe
  C:\Windows\System\ZHjIuNz.exe
  2⤵
  PID:5596
- C:\Windows\System\zpyJPrt.exe
  C:\Windows\System\zpyJPrt.exe
  2⤵
  PID:5624
- C:\Windows\System\UguugNG.exe
  C:\Windows\System\UguugNG.exe
  2⤵
  PID:5640
- C:\Windows\System\iwcDrND.exe
  C:\Windows\System\iwcDrND.exe
  2⤵
  PID:5684
- C:\Windows\System\jXlzKnQ.exe
  C:\Windows\System\jXlzKnQ.exe
  2⤵
  PID:5716
- C:\Windows\System\YaieohL.exe
  C:\Windows\System\YaieohL.exe
  2⤵
  PID:5744
- C:\Windows\System\JHtHgXt.exe
  C:\Windows\System\JHtHgXt.exe
  2⤵
  PID:5776
- C:\Windows\System\mOHZytx.exe
  C:\Windows\System\mOHZytx.exe
  2⤵
  PID:5800
- C:\Windows\System\rdgztVT.exe
  C:\Windows\System\rdgztVT.exe
  2⤵
  PID:5836
- C:\Windows\System\hxbRCHb.exe
  C:\Windows\System\hxbRCHb.exe
  2⤵
  PID:5856
- C:\Windows\System\jEEPUXn.exe
  C:\Windows\System\jEEPUXn.exe
  2⤵
  PID:5872
- C:\Windows\System\hGulapr.exe
  C:\Windows\System\hGulapr.exe
  2⤵
  PID:5888
- C:\Windows\System\sxHmPUO.exe
  C:\Windows\System\sxHmPUO.exe
  2⤵
  PID:5904
- C:\Windows\System\YGzZAmY.exe
  C:\Windows\System\YGzZAmY.exe
  2⤵
  PID:5936
- C:\Windows\System\oTKYDcP.exe
  C:\Windows\System\oTKYDcP.exe
  2⤵
  PID:5976
- C:\Windows\System\VItFELN.exe
  C:\Windows\System\VItFELN.exe
  2⤵
  PID:6016
- C:\Windows\System\EbXsldL.exe
  C:\Windows\System\EbXsldL.exe
  2⤵
  PID:6060
- C:\Windows\System\ijJaDWj.exe
  C:\Windows\System\ijJaDWj.exe
  2⤵
  PID:6076
- C:\Windows\System\taSEpFj.exe
  C:\Windows\System\taSEpFj.exe
  2⤵
  PID:6116
- C:\Windows\System\fkvBsiZ.exe
  C:\Windows\System\fkvBsiZ.exe
  2⤵
  PID:5124
- C:\Windows\System\IIqrqnm.exe
  C:\Windows\System\IIqrqnm.exe
  2⤵
  PID:5200
- C:\Windows\System\xqssIig.exe
  C:\Windows\System\xqssIig.exe
  2⤵
  PID:5264
- C:\Windows\System\ckWkFph.exe
  C:\Windows\System\ckWkFph.exe
  2⤵
  PID:5352
- C:\Windows\System\JBkPmwu.exe
  C:\Windows\System\JBkPmwu.exe
  2⤵
  PID:5416
- C:\Windows\System\JcxukPy.exe
  C:\Windows\System\JcxukPy.exe
  2⤵
  PID:5476
- C:\Windows\System\nRfaWpJ.exe
  C:\Windows\System\nRfaWpJ.exe
  2⤵
  PID:5584
- C:\Windows\System\LluEfJb.exe
  C:\Windows\System\LluEfJb.exe
  2⤵
  PID:5676
- C:\Windows\System\PDeXWlz.exe
  C:\Windows\System\PDeXWlz.exe
  2⤵
  PID:5764
- C:\Windows\System\foGvfIq.exe
  C:\Windows\System\foGvfIq.exe
  2⤵
  PID:5824
- C:\Windows\System\dguxJJj.exe
  C:\Windows\System\dguxJJj.exe
  2⤵
  PID:5920
- C:\Windows\System\HvZehgp.exe
  C:\Windows\System\HvZehgp.exe
  2⤵
  PID:4528
- C:\Windows\System\qQsJUvs.exe
  C:\Windows\System\qQsJUvs.exe
  2⤵
  PID:5964
- C:\Windows\System\vngmCqp.exe
  C:\Windows\System\vngmCqp.exe
  2⤵
  PID:6036
- C:\Windows\System\OWMaOuv.exe
  C:\Windows\System\OWMaOuv.exe
  2⤵
  PID:6140
- C:\Windows\System\BuKDqOq.exe
  C:\Windows\System\BuKDqOq.exe
  2⤵
  PID:5240
- C:\Windows\System\ITomHQY.exe
  C:\Windows\System\ITomHQY.exe
  2⤵
  PID:5328
- C:\Windows\System\FVbftGP.exe
  C:\Windows\System\FVbftGP.exe
  2⤵
  PID:5448
- C:\Windows\System\TbaJvCT.exe
  C:\Windows\System\TbaJvCT.exe
  2⤵
  PID:5732
- C:\Windows\System\hLiUHfL.exe
  C:\Windows\System\hLiUHfL.exe
  2⤵
  PID:4216
- C:\Windows\System\lFsZqcs.exe
  C:\Windows\System\lFsZqcs.exe
  2⤵
  PID:6004
- C:\Windows\System\cxbAMZg.exe
  C:\Windows\System\cxbAMZg.exe
  2⤵
  PID:5180
- C:\Windows\System\LRwJFzv.exe
  C:\Windows\System\LRwJFzv.exe
  2⤵
  PID:5568
- C:\Windows\System\cvCunSV.exe
  C:\Windows\System\cvCunSV.exe
  2⤵
  PID:6088
- C:\Windows\System\vmfsSAp.exe
  C:\Windows\System\vmfsSAp.exe
  2⤵
  PID:5880
- C:\Windows\System\DrNUpAv.exe
  C:\Windows\System\DrNUpAv.exe
  2⤵
  PID:6152
- C:\Windows\System\BnItCHv.exe
  C:\Windows\System\BnItCHv.exe
  2⤵
  PID:6180
- C:\Windows\System\LwaNmUI.exe
  C:\Windows\System\LwaNmUI.exe
  2⤵
  PID:6196
- C:\Windows\System\fCHnlIk.exe
  C:\Windows\System\fCHnlIk.exe
  2⤵
  PID:6236
- C:\Windows\System\mzzqQgi.exe
  C:\Windows\System\mzzqQgi.exe
  2⤵
  PID:6252
- C:\Windows\System\ULIkRfD.exe
  C:\Windows\System\ULIkRfD.exe
  2⤵
  PID:6292
- C:\Windows\System\tBSByCG.exe
  C:\Windows\System\tBSByCG.exe
  2⤵
  PID:6320
- C:\Windows\System\jZtALLh.exe
  C:\Windows\System\jZtALLh.exe
  2⤵
  PID:6348
- C:\Windows\System\bwKjaTu.exe
  C:\Windows\System\bwKjaTu.exe
  2⤵
  PID:6380
- C:\Windows\System\zmDoGiZ.exe
  C:\Windows\System\zmDoGiZ.exe
  2⤵
  PID:6404
- C:\Windows\System\rZigJKJ.exe
  C:\Windows\System\rZigJKJ.exe
  2⤵
  PID:6432
- C:\Windows\System\BAnGMLG.exe
  C:\Windows\System\BAnGMLG.exe
  2⤵
  PID:6468
- C:\Windows\System\GivFuLQ.exe
  C:\Windows\System\GivFuLQ.exe
  2⤵
  PID:6488
- C:\Windows\System\ciGvOxL.exe
  C:\Windows\System\ciGvOxL.exe
  2⤵
  PID:6516
- C:\Windows\System\uPHWReW.exe
  C:\Windows\System\uPHWReW.exe
  2⤵
  PID:6548
- C:\Windows\System\amoqMbo.exe
  C:\Windows\System\amoqMbo.exe
  2⤵
  PID:6576
- C:\Windows\System\GRQXxGa.exe
  C:\Windows\System\GRQXxGa.exe
  2⤵
  PID:6604
- C:\Windows\System\kqFJQSt.exe
  C:\Windows\System\kqFJQSt.exe
  2⤵
  PID:6628
- C:\Windows\System\EAZKWsN.exe
  C:\Windows\System\EAZKWsN.exe
  2⤵
  PID:6656
- C:\Windows\System\aTxOQvR.exe
  C:\Windows\System\aTxOQvR.exe
  2⤵
  PID:6688
- C:\Windows\System\NDcNOYx.exe
  C:\Windows\System\NDcNOYx.exe
  2⤵
  PID:6724
- C:\Windows\System\syJXspv.exe
  C:\Windows\System\syJXspv.exe
  2⤵
  PID:6748
- C:\Windows\System\SFJbgqb.exe
  C:\Windows\System\SFJbgqb.exe
  2⤵
  PID:6768
- C:\Windows\System\hlbfvZm.exe
  C:\Windows\System\hlbfvZm.exe
  2⤵
  PID:6796
- C:\Windows\System\qvvNboU.exe
  C:\Windows\System\qvvNboU.exe
  2⤵
  PID:6836
- C:\Windows\System\VzMWGIW.exe
  C:\Windows\System\VzMWGIW.exe
  2⤵
  PID:6880
- C:\Windows\System\uZwmtvm.exe
  C:\Windows\System\uZwmtvm.exe
  2⤵
  PID:6896
- C:\Windows\System\dTZKReM.exe
  C:\Windows\System\dTZKReM.exe
  2⤵
  PID:6920
- C:\Windows\System\xelbofA.exe
  C:\Windows\System\xelbofA.exe
  2⤵
  PID:6940
- C:\Windows\System\VdozKkO.exe
  C:\Windows\System\VdozKkO.exe
  2⤵
  PID:6980
- C:\Windows\System\LmBNmcU.exe
  C:\Windows\System\LmBNmcU.exe
  2⤵
  PID:7016
- C:\Windows\System\iopetlk.exe
  C:\Windows\System\iopetlk.exe
  2⤵
  PID:7056
- C:\Windows\System\CnlCMtv.exe
  C:\Windows\System\CnlCMtv.exe
  2⤵
  PID:7072
- C:\Windows\System\OxITozN.exe
  C:\Windows\System\OxITozN.exe
  2⤵
  PID:7104
- C:\Windows\System\UCmybHP.exe
  C:\Windows\System\UCmybHP.exe
  2⤵
  PID:7140
- C:\Windows\System\tIcaztb.exe
  C:\Windows\System\tIcaztb.exe
  2⤵
  PID:6188
- C:\Windows\System\YwXcdSG.exe
  C:\Windows\System\YwXcdSG.exe
  2⤵
  PID:6272
- C:\Windows\System\HjsEwaR.exe
  C:\Windows\System\HjsEwaR.exe
  2⤵
  PID:6388
- C:\Windows\System\GMmMANO.exe
  C:\Windows\System\GMmMANO.exe
  2⤵
  PID:6476
- C:\Windows\System\DDoaSnu.exe
  C:\Windows\System\DDoaSnu.exe
  2⤵
  PID:3852
- C:\Windows\System\qKjgDoG.exe
  C:\Windows\System\qKjgDoG.exe
  2⤵
  PID:6556
- C:\Windows\System\anGbyhv.exe
  C:\Windows\System\anGbyhv.exe
  2⤵
  PID:6596
- C:\Windows\System\BDiTgxo.exe
  C:\Windows\System\BDiTgxo.exe
  2⤵
  PID:5384
- C:\Windows\System\htGBtOm.exe
  C:\Windows\System\htGBtOm.exe
  2⤵
  PID:6828
- C:\Windows\System\Fibtbtg.exe
  C:\Windows\System\Fibtbtg.exe
  2⤵
  PID:6916
- C:\Windows\System\odKWcsw.exe
  C:\Windows\System\odKWcsw.exe
  2⤵
  PID:7044
- C:\Windows\System\dzgAckx.exe
  C:\Windows\System\dzgAckx.exe
  2⤵
  PID:7136
- C:\Windows\System\AaJsicl.exe
  C:\Windows\System\AaJsicl.exe
  2⤵
  PID:6368
- C:\Windows\System\ORPhBnX.exe
  C:\Windows\System\ORPhBnX.exe
  2⤵
  PID:6456
- C:\Windows\System\BJwumLI.exe
  C:\Windows\System\BJwumLI.exe
  2⤵
  PID:6508
- C:\Windows\System\PtwPuih.exe
  C:\Windows\System\PtwPuih.exe
  2⤵
  PID:6696
- C:\Windows\System\BqtSfmt.exe
  C:\Windows\System\BqtSfmt.exe
  2⤵
  PID:7132
- C:\Windows\System\BWauMct.exe
  C:\Windows\System\BWauMct.exe
  2⤵
  PID:3096
- C:\Windows\System\WvtQCNv.exe
  C:\Windows\System\WvtQCNv.exe
  2⤵
  PID:6672
- C:\Windows\System\aCKECza.exe
  C:\Windows\System\aCKECza.exe
  2⤵
  PID:7176
- C:\Windows\System\gakKGXY.exe
  C:\Windows\System\gakKGXY.exe
  2⤵
  PID:7216
- C:\Windows\System\hLRzQmT.exe
  C:\Windows\System\hLRzQmT.exe
  2⤵
  PID:7248
- C:\Windows\System\WidMrZE.exe
  C:\Windows\System\WidMrZE.exe
  2⤵
  PID:7276
- C:\Windows\System\RSnMtcg.exe
  C:\Windows\System\RSnMtcg.exe
  2⤵
  PID:7308
- C:\Windows\System\nljytBC.exe
  C:\Windows\System\nljytBC.exe
  2⤵
  PID:7356
- C:\Windows\System\LavVXwI.exe
  C:\Windows\System\LavVXwI.exe
  2⤵
  PID:7372
- C:\Windows\System\kLFtDyB.exe
  C:\Windows\System\kLFtDyB.exe
  2⤵
  PID:7408
- C:\Windows\System\NiKLwNq.exe
  C:\Windows\System\NiKLwNq.exe
  2⤵
  PID:7440
- C:\Windows\System\nMdCSap.exe
  C:\Windows\System\nMdCSap.exe
  2⤵
  PID:7460
- C:\Windows\System\kpjJWzW.exe
  C:\Windows\System\kpjJWzW.exe
  2⤵
  PID:7492
- C:\Windows\System\IIwYSaP.exe
  C:\Windows\System\IIwYSaP.exe
  2⤵
  PID:7516
- C:\Windows\System\BBWGemK.exe
  C:\Windows\System\BBWGemK.exe
  2⤵
  PID:7548
- C:\Windows\System\vQkyJBS.exe
  C:\Windows\System\vQkyJBS.exe
  2⤵
  PID:7564
- C:\Windows\System\TCrJnJm.exe
  C:\Windows\System\TCrJnJm.exe
  2⤵
  PID:7580
- C:\Windows\System\MiMLinE.exe
  C:\Windows\System\MiMLinE.exe
  2⤵
  PID:7620
- C:\Windows\System\ZLLFtiH.exe
  C:\Windows\System\ZLLFtiH.exe
  2⤵
  PID:7660
- C:\Windows\System\xGiQUaT.exe
  C:\Windows\System\xGiQUaT.exe
  2⤵
  PID:7692
- C:\Windows\System\OPqLBjt.exe
  C:\Windows\System\OPqLBjt.exe
  2⤵
  PID:7716
- C:\Windows\System\CilxXTl.exe
  C:\Windows\System\CilxXTl.exe
  2⤵
  PID:7732
- C:\Windows\System\gWYcQfi.exe
  C:\Windows\System\gWYcQfi.exe
  2⤵
  PID:7764
- C:\Windows\System\kDuIDdY.exe
  C:\Windows\System\kDuIDdY.exe
  2⤵
  PID:7800
- C:\Windows\System\FMXejSt.exe
  C:\Windows\System\FMXejSt.exe
  2⤵
  PID:7828
- C:\Windows\System\CsgtVfc.exe
  C:\Windows\System\CsgtVfc.exe
  2⤵
  PID:7864
- C:\Windows\System\hGoQAfN.exe
  C:\Windows\System\hGoQAfN.exe
  2⤵
  PID:7884
- C:\Windows\System\nqqstVR.exe
  C:\Windows\System\nqqstVR.exe
  2⤵
  PID:7916
- C:\Windows\System\fZSMvOJ.exe
  C:\Windows\System\fZSMvOJ.exe
  2⤵
  PID:7944
- C:\Windows\System\HTFwuNC.exe
  C:\Windows\System\HTFwuNC.exe
  2⤵
  PID:7976
- C:\Windows\System\NNwRWej.exe
  C:\Windows\System\NNwRWej.exe
  2⤵
  PID:8000
- C:\Windows\System\aeWdtUL.exe
  C:\Windows\System\aeWdtUL.exe
  2⤵
  PID:8028
- C:\Windows\System\IBKRPVn.exe
  C:\Windows\System\IBKRPVn.exe
  2⤵
  PID:8056
- C:\Windows\System\HCTFwVe.exe
  C:\Windows\System\HCTFwVe.exe
  2⤵
  PID:8092
- C:\Windows\System\SqGQHEo.exe
  C:\Windows\System\SqGQHEo.exe
  2⤵
  PID:8112
- C:\Windows\System\nnEGFLk.exe
  C:\Windows\System\nnEGFLk.exe
  2⤵
  PID:8140
- C:\Windows\System\aPQDAyB.exe
  C:\Windows\System\aPQDAyB.exe
  2⤵
  PID:8168
- C:\Windows\System\OpHoFbQ.exe
  C:\Windows\System\OpHoFbQ.exe
  2⤵
  PID:7068
- C:\Windows\System\eRYrczz.exe
  C:\Windows\System\eRYrczz.exe
  2⤵
  PID:7212
- C:\Windows\System\KDOkGfF.exe
  C:\Windows\System\KDOkGfF.exe
  2⤵
  PID:7272
- C:\Windows\System\sTTZXUw.exe
  C:\Windows\System\sTTZXUw.exe
  2⤵
  PID:2008
- C:\Windows\System\DItFZKx.exe
  C:\Windows\System\DItFZKx.exe
  2⤵
  PID:7400
- C:\Windows\System\ifQopxm.exe
  C:\Windows\System\ifQopxm.exe
  2⤵
  PID:7472
- C:\Windows\System\WnJSlkk.exe
  C:\Windows\System\WnJSlkk.exe
  2⤵
  PID:7540
- C:\Windows\System\ScJTckB.exe
  C:\Windows\System\ScJTckB.exe
  2⤵
  PID:7576
- C:\Windows\System\JLDLlsZ.exe
  C:\Windows\System\JLDLlsZ.exe
  2⤵
  PID:7656
- C:\Windows\System\HJSOVGW.exe
  C:\Windows\System\HJSOVGW.exe
  2⤵
  PID:7724
- C:\Windows\System\SKgzxJq.exe
  C:\Windows\System\SKgzxJq.exe
  2⤵
  PID:7784
- C:\Windows\System\LusCCPL.exe
  C:\Windows\System\LusCCPL.exe
  2⤵
  PID:7848
- C:\Windows\System\CRFvxHo.exe
  C:\Windows\System\CRFvxHo.exe
  2⤵
  PID:7908
- C:\Windows\System\VepwPSm.exe
  C:\Windows\System\VepwPSm.exe
  2⤵
  PID:7984
- C:\Windows\System\bHpCbGR.exe
  C:\Windows\System\bHpCbGR.exe
  2⤵
  PID:8048
- C:\Windows\System\CTumjDh.exe
  C:\Windows\System\CTumjDh.exe
  2⤵
  PID:8108
- C:\Windows\System\qCUvlap.exe
  C:\Windows\System\qCUvlap.exe
  2⤵
  PID:8164
- C:\Windows\System\zgmjNMV.exe
  C:\Windows\System\zgmjNMV.exe
  2⤵
  PID:7196
- C:\Windows\System\SMabMNS.exe
  C:\Windows\System\SMabMNS.exe
  2⤵
  PID:7364
- C:\Windows\System\UcBjctc.exe
  C:\Windows\System\UcBjctc.exe
  2⤵
  PID:7448
- C:\Windows\System\zLDmhIx.exe
  C:\Windows\System\zLDmhIx.exe
  2⤵
  PID:7572
- C:\Windows\System\JgkhEwQ.exe
  C:\Windows\System\JgkhEwQ.exe
  2⤵
  PID:7728
- C:\Windows\System\datmowx.exe
  C:\Windows\System\datmowx.exe
  2⤵
  PID:632
- C:\Windows\System\mpHqHjB.exe
  C:\Windows\System\mpHqHjB.exe
  2⤵
  PID:7512
- C:\Windows\System\ogHGMTc.exe
  C:\Windows\System\ogHGMTc.exe
  2⤵
  PID:7812
- C:\Windows\System\uVjVYXj.exe
  C:\Windows\System\uVjVYXj.exe
  2⤵
  PID:7484
- C:\Windows\System\KLkLSyf.exe
  C:\Windows\System\KLkLSyf.exe
  2⤵
  PID:7368
- C:\Windows\System\zDUdUJb.exe
  C:\Windows\System\zDUdUJb.exe
  2⤵
  PID:8224
- C:\Windows\System\TCAqNFI.exe
  C:\Windows\System\TCAqNFI.exe
  2⤵
  PID:8252
- C:\Windows\System\RWpNVRC.exe
  C:\Windows\System\RWpNVRC.exe
  2⤵
  PID:8268
- C:\Windows\System\IGdvXdz.exe
  C:\Windows\System\IGdvXdz.exe
  2⤵
  PID:8304
- C:\Windows\System\qvtTPiw.exe
  C:\Windows\System\qvtTPiw.exe
  2⤵
  PID:8324
- C:\Windows\System\EHsVFXP.exe
  C:\Windows\System\EHsVFXP.exe
  2⤵
  PID:8352
- C:\Windows\System\depidFP.exe
  C:\Windows\System\depidFP.exe
  2⤵
  PID:8380
- C:\Windows\System\nZBvSYR.exe
  C:\Windows\System\nZBvSYR.exe
  2⤵
  PID:8408
- C:\Windows\System\pQbUEbY.exe
  C:\Windows\System\pQbUEbY.exe
  2⤵
  PID:8440
- C:\Windows\System\qrJuAfV.exe
  C:\Windows\System\qrJuAfV.exe
  2⤵
  PID:8468
- C:\Windows\System\hdIEEho.exe
  C:\Windows\System\hdIEEho.exe
  2⤵
  PID:8492
- C:\Windows\System\vMniDno.exe
  C:\Windows\System\vMniDno.exe
  2⤵
  PID:8520
- C:\Windows\System\XdtRaar.exe
  C:\Windows\System\XdtRaar.exe
  2⤵
  PID:8548
- C:\Windows\System\eZRZcRS.exe
  C:\Windows\System\eZRZcRS.exe
  2⤵
  PID:8588
- C:\Windows\System\dbehCda.exe
  C:\Windows\System\dbehCda.exe
  2⤵
  PID:8604
- C:\Windows\System\KMcxeXJ.exe
  C:\Windows\System\KMcxeXJ.exe
  2⤵
  PID:8632
- C:\Windows\System\lbBaXVY.exe
  C:\Windows\System\lbBaXVY.exe
  2⤵
  PID:8664
- C:\Windows\System\CUjuzBR.exe
  C:\Windows\System\CUjuzBR.exe
  2⤵
  PID:8692
- C:\Windows\System\qMPRDMN.exe
  C:\Windows\System\qMPRDMN.exe
  2⤵
  PID:8720
- C:\Windows\System\KNsuftM.exe
  C:\Windows\System\KNsuftM.exe
  2⤵
  PID:8740
- C:\Windows\System\vitXjIh.exe
  C:\Windows\System\vitXjIh.exe
  2⤵
  PID:8768
- C:\Windows\System\sPQBZgA.exe
  C:\Windows\System\sPQBZgA.exe
  2⤵
  PID:8808
- C:\Windows\System\hrGSNUD.exe
  C:\Windows\System\hrGSNUD.exe
  2⤵
  PID:8836
- C:\Windows\System\YCcOppX.exe
  C:\Windows\System\YCcOppX.exe
  2⤵
  PID:8868
- C:\Windows\System\hfIdxhN.exe
  C:\Windows\System\hfIdxhN.exe
  2⤵
  PID:8896
- C:\Windows\System\qskLgic.exe
  C:\Windows\System\qskLgic.exe
  2⤵
  PID:8936
- C:\Windows\System\iVbfutg.exe
  C:\Windows\System\iVbfutg.exe
  2⤵
  PID:8980
- C:\Windows\System\gDIETtV.exe
  C:\Windows\System\gDIETtV.exe
  2⤵
  PID:9008
- C:\Windows\System\iQXWcrO.exe
  C:\Windows\System\iQXWcrO.exe
  2⤵
  PID:9036
- C:\Windows\System\WiSRRfV.exe
  C:\Windows\System\WiSRRfV.exe
  2⤵
  PID:9072
- C:\Windows\System\tQMTHHG.exe
  C:\Windows\System\tQMTHHG.exe
  2⤵
  PID:9096
- C:\Windows\System\kEIMxKd.exe
  C:\Windows\System\kEIMxKd.exe
  2⤵
  PID:9132
- C:\Windows\System\UMsKNmb.exe
  C:\Windows\System\UMsKNmb.exe
  2⤵
  PID:9152
- C:\Windows\System\DlUDjCx.exe
  C:\Windows\System\DlUDjCx.exe
  2⤵
  PID:9188
- C:\Windows\System\wdulfOu.exe
  C:\Windows\System\wdulfOu.exe
  2⤵
  PID:8200
- C:\Windows\System\geciMRA.exe
  C:\Windows\System\geciMRA.exe
  2⤵
  PID:8280
- C:\Windows\System\ENglVdi.exe
  C:\Windows\System\ENglVdi.exe
  2⤵
  PID:8320
- C:\Windows\System\aAHUdll.exe
  C:\Windows\System\aAHUdll.exe
  2⤵
  PID:8456
- C:\Windows\System\ipsytxO.exe
  C:\Windows\System\ipsytxO.exe
  2⤵
  PID:8448
- C:\Windows\System\xXBJkea.exe
  C:\Windows\System\xXBJkea.exe
  2⤵
  PID:8540
- C:\Windows\System\qaWZdkv.exe
  C:\Windows\System\qaWZdkv.exe
  2⤵
  PID:8628
- C:\Windows\System\SWIXUdx.exe
  C:\Windows\System\SWIXUdx.exe
  2⤵
  PID:8684
- C:\Windows\System\ivmzzQt.exe
  C:\Windows\System\ivmzzQt.exe
  2⤵
  PID:8704
- C:\Windows\System\GniHjKO.exe
  C:\Windows\System\GniHjKO.exe
  2⤵
  PID:4336
- C:\Windows\System\IMbMgoT.exe
  C:\Windows\System\IMbMgoT.exe
  2⤵
  PID:8912
- C:\Windows\System\OJeOXEL.exe
  C:\Windows\System\OJeOXEL.exe
  2⤵
  PID:8956
- C:\Windows\System\NyTAdPL.exe
  C:\Windows\System\NyTAdPL.exe
  2⤵
  PID:9032
- C:\Windows\System\pAcUXOR.exe
  C:\Windows\System\pAcUXOR.exe
  2⤵
  PID:9084
- C:\Windows\System\bNZSByq.exe
  C:\Windows\System\bNZSByq.exe
  2⤵
  PID:9176
- C:\Windows\System\zztaKlH.exe
  C:\Windows\System\zztaKlH.exe
  2⤵
  PID:8236
- C:\Windows\System\xmGEtAe.exe
  C:\Windows\System\xmGEtAe.exe
  2⤵
  PID:8336
- C:\Windows\System\bIfnAUj.exe
  C:\Windows\System\bIfnAUj.exe
  2⤵
  PID:8532
- C:\Windows\System\zPgUAWS.exe
  C:\Windows\System\zPgUAWS.exe
  2⤵
  PID:8672
- C:\Windows\System\mVLGCDl.exe
  C:\Windows\System\mVLGCDl.exe
  2⤵
  PID:8876
- C:\Windows\System\YaeOfKw.exe
  C:\Windows\System\YaeOfKw.exe
  2⤵
  PID:9024
- C:\Windows\System\tyVZexH.exe
  C:\Windows\System\tyVZexH.exe
  2⤵
  PID:9148
- C:\Windows\System\PoQnjpn.exe
  C:\Windows\System\PoQnjpn.exe
  2⤵
  PID:8452
- C:\Windows\System\shjPOyi.exe
  C:\Windows\System\shjPOyi.exe
  2⤵
  PID:8764
- C:\Windows\System\XoGGMYI.exe
  C:\Windows\System\XoGGMYI.exe
  2⤵
  PID:9004
- C:\Windows\System\SwebPil.exe
  C:\Windows\System\SwebPil.exe
  2⤵
  PID:8916
- C:\Windows\System\AbxIMoM.exe
  C:\Windows\System\AbxIMoM.exe
  2⤵
  PID:9220
- C:\Windows\System\jTygMPH.exe
  C:\Windows\System\jTygMPH.exe
  2⤵
  PID:9252
- C:\Windows\System\sKPugQw.exe
  C:\Windows\System\sKPugQw.exe
  2⤵
  PID:9280
- C:\Windows\System\pOuUYbl.exe
  C:\Windows\System\pOuUYbl.exe
  2⤵
  PID:9312
- C:\Windows\System\AYjFiFZ.exe
  C:\Windows\System\AYjFiFZ.exe
  2⤵
  PID:9336
- C:\Windows\System\eBWsdut.exe
  C:\Windows\System\eBWsdut.exe
  2⤵
  PID:9364
- C:\Windows\System\WeKeoYO.exe
  C:\Windows\System\WeKeoYO.exe
  2⤵
  PID:9392
- C:\Windows\System\foGvtnJ.exe
  C:\Windows\System\foGvtnJ.exe
  2⤵
  PID:9420
- C:\Windows\System\FPcHFQK.exe
  C:\Windows\System\FPcHFQK.exe
  2⤵
  PID:9448
- C:\Windows\System\aRcthIZ.exe
  C:\Windows\System\aRcthIZ.exe
  2⤵
  PID:9476
- C:\Windows\System\ZXozXla.exe
  C:\Windows\System\ZXozXla.exe
  2⤵
  PID:9504
- C:\Windows\System\ogKdwrU.exe
  C:\Windows\System\ogKdwrU.exe
  2⤵
  PID:9532
- C:\Windows\System\zjItCIN.exe
  C:\Windows\System\zjItCIN.exe
  2⤵
  PID:9564
- C:\Windows\System\qLTywBh.exe
  C:\Windows\System\qLTywBh.exe
  2⤵
  PID:9592
- C:\Windows\System\anNFMKj.exe
  C:\Windows\System\anNFMKj.exe
  2⤵
  PID:9620
- C:\Windows\System\CZmsdbu.exe
  C:\Windows\System\CZmsdbu.exe
  2⤵
  PID:9648
- C:\Windows\System\PFcGuuD.exe
  C:\Windows\System\PFcGuuD.exe
  2⤵
  PID:9676
- C:\Windows\System\TIexDib.exe
  C:\Windows\System\TIexDib.exe
  2⤵
  PID:9700
- C:\Windows\System\OerXNmx.exe
  C:\Windows\System\OerXNmx.exe
  2⤵
  PID:9732
- C:\Windows\System\SofQmKB.exe
  C:\Windows\System\SofQmKB.exe
  2⤵
  PID:9760
- C:\Windows\System\SUaJpsl.exe
  C:\Windows\System\SUaJpsl.exe
  2⤵
  PID:9784
- C:\Windows\System\huIprTq.exe
  C:\Windows\System\huIprTq.exe
  2⤵
  PID:9808
- C:\Windows\System\FAGBxys.exe
  C:\Windows\System\FAGBxys.exe
  2⤵
  PID:9840
- C:\Windows\System\wpTHbTX.exe
  C:\Windows\System\wpTHbTX.exe
  2⤵
  PID:9872
- C:\Windows\System\lQbbtyi.exe
  C:\Windows\System\lQbbtyi.exe
  2⤵
  PID:9900
- C:\Windows\System\yVvfpse.exe
  C:\Windows\System\yVvfpse.exe
  2⤵
  PID:9920
- C:\Windows\System\CGBpEUq.exe
  C:\Windows\System\CGBpEUq.exe
  2⤵
  PID:9940
- C:\Windows\System\WwtJzCr.exe
  C:\Windows\System\WwtJzCr.exe
  2⤵
  PID:9964
- C:\Windows\System\vMpicio.exe
  C:\Windows\System\vMpicio.exe
  2⤵
  PID:9988
- C:\Windows\System\ovrxiKq.exe
  C:\Windows\System\ovrxiKq.exe
  2⤵
  PID:10024
- C:\Windows\System\weFODdI.exe
  C:\Windows\System\weFODdI.exe
  2⤵
  PID:10048
- C:\Windows\System\QNkRnhA.exe
  C:\Windows\System\QNkRnhA.exe
  2⤵
  PID:10088
- C:\Windows\System\rSbsJdH.exe
  C:\Windows\System\rSbsJdH.exe
  2⤵
  PID:10112
- C:\Windows\System\ZKvHRIj.exe
  C:\Windows\System\ZKvHRIj.exe
  2⤵
  PID:10144
- C:\Windows\System\mrIDeDN.exe
  C:\Windows\System\mrIDeDN.exe
  2⤵
  PID:10172
- C:\Windows\System\kRezpmM.exe
  C:\Windows\System\kRezpmM.exe
  2⤵
  PID:10188
- C:\Windows\System\PLbZRuR.exe
  C:\Windows\System\PLbZRuR.exe
  2⤵
  PID:10216
- C:\Windows\System\pjvVKgV.exe
  C:\Windows\System\pjvVKgV.exe
  2⤵
  PID:9240
- C:\Windows\System\LgwGVaV.exe
  C:\Windows\System\LgwGVaV.exe
  2⤵
  PID:9300
- C:\Windows\System\VuChxKv.exe
  C:\Windows\System\VuChxKv.exe
  2⤵
  PID:9380
- C:\Windows\System\syKTxus.exe
  C:\Windows\System\syKTxus.exe
  2⤵
  PID:9460
- C:\Windows\System\FQPXbKc.exe
  C:\Windows\System\FQPXbKc.exe
  2⤵
  PID:9524
- C:\Windows\System\KLVwvHD.exe
  C:\Windows\System\KLVwvHD.exe
  2⤵
  PID:9556
- C:\Windows\System\ltsmxKb.exe
  C:\Windows\System\ltsmxKb.exe
  2⤵
  PID:9632
- C:\Windows\System\DBtwYnA.exe
  C:\Windows\System\DBtwYnA.exe
  2⤵
  PID:9712
- C:\Windows\System\jPWqOxq.exe
  C:\Windows\System\jPWqOxq.exe
  2⤵
  PID:9772
- C:\Windows\System\cPOqcQw.exe
  C:\Windows\System\cPOqcQw.exe
  2⤵
  PID:9800
- C:\Windows\System\xYgWesD.exe
  C:\Windows\System\xYgWesD.exe
  2⤵
  PID:9864
- C:\Windows\System\bDYBgFT.exe
  C:\Windows\System\bDYBgFT.exe
  2⤵
  PID:9928
- C:\Windows\System\AoWyzLf.exe
  C:\Windows\System\AoWyzLf.exe
  2⤵
  PID:10008
- C:\Windows\System\HLAZGMr.exe
  C:\Windows\System\HLAZGMr.exe
  2⤵
  PID:10060
- C:\Windows\System\WuKFlMt.exe
  C:\Windows\System\WuKFlMt.exe
  2⤵
  PID:10136
- C:\Windows\System\VtsTmdJ.exe
  C:\Windows\System\VtsTmdJ.exe
  2⤵
  PID:10184
- C:\Windows\System\JggJSsr.exe
  C:\Windows\System\JggJSsr.exe
  2⤵
  PID:9292
- C:\Windows\System\aJmEDfD.exe
  C:\Windows\System\aJmEDfD.exe
  2⤵
  PID:9412
- C:\Windows\System\GKOeDCc.exe
  C:\Windows\System\GKOeDCc.exe
  2⤵
  PID:9584
- C:\Windows\System\bbdiQqD.exe
  C:\Windows\System\bbdiQqD.exe
  2⤵
  PID:9768
- C:\Windows\System\qyTXJyD.exe
  C:\Windows\System\qyTXJyD.exe
  2⤵
  PID:9956
- C:\Windows\System\cRbjeAm.exe
  C:\Windows\System\cRbjeAm.exe
  2⤵
  PID:10068
- C:\Windows\System\CTPQYCd.exe
  C:\Windows\System\CTPQYCd.exe
  2⤵
  PID:9348
- C:\Windows\System\tdjBsMB.exe
  C:\Windows\System\tdjBsMB.exe
  2⤵
  PID:9604
- C:\Windows\System\mqZjCBU.exe
  C:\Windows\System\mqZjCBU.exe
  2⤵
  PID:9740
- C:\Windows\System\arDDQjA.exe
  C:\Windows\System\arDDQjA.exe
  2⤵
  PID:10040
- C:\Windows\System\OOUirnG.exe
  C:\Windows\System\OOUirnG.exe
  2⤵
  PID:10248
- C:\Windows\System\zlGqYvH.exe
  C:\Windows\System\zlGqYvH.exe
  2⤵
  PID:10268
- C:\Windows\System\VMGwtCA.exe
  C:\Windows\System\VMGwtCA.exe
  2⤵
  PID:10300
- C:\Windows\System\yobBGfg.exe
  C:\Windows\System\yobBGfg.exe
  2⤵
  PID:10320
- C:\Windows\System\ddrpqNU.exe
  C:\Windows\System\ddrpqNU.exe
  2⤵
  PID:10360
- C:\Windows\System\wmSTVld.exe
  C:\Windows\System\wmSTVld.exe
  2⤵
  PID:10392
- C:\Windows\System\neDWYJP.exe
  C:\Windows\System\neDWYJP.exe
  2⤵
  PID:10432
- C:\Windows\System\YcaLDxn.exe
  C:\Windows\System\YcaLDxn.exe
  2⤵
  PID:10464
- C:\Windows\System\WGUVAHZ.exe
  C:\Windows\System\WGUVAHZ.exe
  2⤵
  PID:10488
- C:\Windows\System\FKVLLfY.exe
  C:\Windows\System\FKVLLfY.exe
  2⤵
  PID:10512
- C:\Windows\System\AoFWKRd.exe
  C:\Windows\System\AoFWKRd.exe
  2⤵
  PID:10548
- C:\Windows\System\EiPduBL.exe
  C:\Windows\System\EiPduBL.exe
  2⤵
  PID:10584
- C:\Windows\System\IyBipEA.exe
  C:\Windows\System\IyBipEA.exe
  2⤵
  PID:10612
- C:\Windows\System\QwStyxi.exe
  C:\Windows\System\QwStyxi.exe
  2⤵
  PID:10628
- C:\Windows\System\kSoKYbC.exe
  C:\Windows\System\kSoKYbC.exe
  2⤵
  PID:10644
- C:\Windows\System\wzpaHpT.exe
  C:\Windows\System\wzpaHpT.exe
  2⤵
  PID:10672
- C:\Windows\System\WXGtRqa.exe
  C:\Windows\System\WXGtRqa.exe
  2⤵
  PID:10700
- C:\Windows\System\BbLnmst.exe
  C:\Windows\System\BbLnmst.exe
  2⤵
  PID:10732
- C:\Windows\System\AIAuwDT.exe
  C:\Windows\System\AIAuwDT.exe
  2⤵
  PID:10776
- C:\Windows\System\SiNCxuO.exe
  C:\Windows\System\SiNCxuO.exe
  2⤵
  PID:10796
- C:\Windows\System\veRjyjN.exe
  C:\Windows\System\veRjyjN.exe
  2⤵
  PID:10832
- C:\Windows\System\ejxqkWR.exe
  C:\Windows\System\ejxqkWR.exe
  2⤵
  PID:10868
- C:\Windows\System\yKFALLE.exe
  C:\Windows\System\yKFALLE.exe
  2⤵
  PID:10896
- C:\Windows\System\BbgaPuz.exe
  C:\Windows\System\BbgaPuz.exe
  2⤵
  PID:10912
- C:\Windows\System\hpOhpBl.exe
  C:\Windows\System\hpOhpBl.exe
  2⤵
  PID:10940
- C:\Windows\System\BsrfHZb.exe
  C:\Windows\System\BsrfHZb.exe
  2⤵
  PID:10972
- C:\Windows\System\DUbrSUO.exe
  C:\Windows\System\DUbrSUO.exe
  2⤵
  PID:11008
- C:\Windows\System\yxxjFvr.exe
  C:\Windows\System\yxxjFvr.exe
  2⤵
  PID:11036
- C:\Windows\System\KYTLtrD.exe
  C:\Windows\System\KYTLtrD.exe
  2⤵
  PID:11064
- C:\Windows\System\mFLVmuR.exe
  C:\Windows\System\mFLVmuR.exe
  2⤵
  PID:11080
- C:\Windows\System\uqRAcTM.exe
  C:\Windows\System\uqRAcTM.exe
  2⤵
  PID:11104
- C:\Windows\System\orZNlpB.exe
  C:\Windows\System\orZNlpB.exe
  2⤵
  PID:11148
- C:\Windows\System\Aszdcst.exe
  C:\Windows\System\Aszdcst.exe
  2⤵
  PID:11164
- C:\Windows\System\ZMlKmQV.exe
  C:\Windows\System\ZMlKmQV.exe
  2⤵
  PID:11188
- C:\Windows\System\vPpUYsg.exe
  C:\Windows\System\vPpUYsg.exe
  2⤵
  PID:11220
- C:\Windows\System\esJVeim.exe
  C:\Windows\System\esJVeim.exe
  2⤵
  PID:11240
- C:\Windows\System\NGOSJHX.exe
  C:\Windows\System\NGOSJHX.exe
  2⤵
  PID:11256
- C:\Windows\System\FUDvXtP.exe
  C:\Windows\System\FUDvXtP.exe
  2⤵
  PID:9552
- C:\Windows\System\MsRDJXJ.exe
  C:\Windows\System\MsRDJXJ.exe
  2⤵
  PID:10328
- C:\Windows\System\YmOEsnt.exe
  C:\Windows\System\YmOEsnt.exe
  2⤵
  PID:10420
- C:\Windows\System\inkyTaN.exe
  C:\Windows\System\inkyTaN.exe
  2⤵
  PID:10472
- C:\Windows\System\JTaaYbq.exe
  C:\Windows\System\JTaaYbq.exe
  2⤵
  PID:10576
- C:\Windows\System\FWEHjdR.exe
  C:\Windows\System\FWEHjdR.exe
  2⤵
  PID:10608
- C:\Windows\System\FqLPDXL.exe
  C:\Windows\System\FqLPDXL.exe
  2⤵
  PID:10660
- C:\Windows\System\fHAQGvF.exe
  C:\Windows\System\fHAQGvF.exe
  2⤵
  PID:10816
- C:\Windows\System\tSZFVJY.exe
  C:\Windows\System\tSZFVJY.exe
  2⤵
  PID:10892
- C:\Windows\System\xDecIDf.exe
  C:\Windows\System\xDecIDf.exe
  2⤵
  PID:10928
- C:\Windows\System\jdlhxRc.exe
  C:\Windows\System\jdlhxRc.exe
  2⤵
  PID:11032
- C:\Windows\System\sfGwjoX.exe
  C:\Windows\System\sfGwjoX.exe
  2⤵
  PID:11116
- C:\Windows\System\nRwisDS.exe
  C:\Windows\System\nRwisDS.exe
  2⤵
  PID:11204
- C:\Windows\System\RESZZhO.exe
  C:\Windows\System\RESZZhO.exe
  2⤵
  PID:10260
- C:\Windows\System\luefxUa.exe
  C:\Windows\System\luefxUa.exe
  2⤵
  PID:10404
- C:\Windows\System\hKXzrDt.exe
  C:\Windows\System\hKXzrDt.exe
  2⤵
  PID:10596
- C:\Windows\System\AmasoTh.exe
  C:\Windows\System\AmasoTh.exe
  2⤵
  PID:10924
- C:\Windows\System\NQyNKsr.exe
  C:\Windows\System\NQyNKsr.exe
  2⤵
  PID:11004
- C:\Windows\System\KMFZgLx.exe
  C:\Windows\System\KMFZgLx.exe
  2⤵
  PID:11228
- C:\Windows\System\gKJUQbj.exe
  C:\Windows\System\gKJUQbj.exe
  2⤵
  PID:11248
- C:\Windows\System\TJoxLok.exe
  C:\Windows\System\TJoxLok.exe
  2⤵
  PID:10664
- C:\Windows\System\dMveVNZ.exe
  C:\Windows\System\dMveVNZ.exe
  2⤵
  PID:10932
- C:\Windows\System\QKRGkEv.exe
  C:\Windows\System\QKRGkEv.exe
  2⤵
  PID:11288
- C:\Windows\System\AjnamJn.exe
  C:\Windows\System\AjnamJn.exe
  2⤵
  PID:11324
- C:\Windows\System\YrnheaO.exe
  C:\Windows\System\YrnheaO.exe
  2⤵
  PID:11352
- C:\Windows\System\yyGsKAO.exe
  C:\Windows\System\yyGsKAO.exe
  2⤵
  PID:11376
- C:\Windows\System\XVvEzuN.exe
  C:\Windows\System\XVvEzuN.exe
  2⤵
  PID:11424
- C:\Windows\System\KGybWvG.exe
  C:\Windows\System\KGybWvG.exe
  2⤵
  PID:11452
- C:\Windows\System\QWVINeL.exe
  C:\Windows\System\QWVINeL.exe
  2⤵
  PID:11472
- C:\Windows\System\TVmqNcY.exe
  C:\Windows\System\TVmqNcY.exe
  2⤵
  PID:11508
- C:\Windows\System\sXgatWn.exe
  C:\Windows\System\sXgatWn.exe
  2⤵
  PID:11544
- C:\Windows\System\njimHwE.exe
  C:\Windows\System\njimHwE.exe
  2⤵
  PID:11568
- C:\Windows\System\hOuotEb.exe
  C:\Windows\System\hOuotEb.exe
  2⤵
  PID:11596
- C:\Windows\System\RTuAylS.exe
  C:\Windows\System\RTuAylS.exe
  2⤵
  PID:11612
- C:\Windows\System\EZEMxaB.exe
  C:\Windows\System\EZEMxaB.exe
  2⤵
  PID:11632
- C:\Windows\System\FODduLs.exe
  C:\Windows\System\FODduLs.exe
  2⤵
  PID:11648
- C:\Windows\System\DFhrVfX.exe
  C:\Windows\System\DFhrVfX.exe
  2⤵
  PID:11680
- C:\Windows\System\VwaSkoA.exe
  C:\Windows\System\VwaSkoA.exe
  2⤵
  PID:11696
- C:\Windows\System\TJLijnS.exe
  C:\Windows\System\TJLijnS.exe
  2⤵
  PID:11716
- C:\Windows\System\InHIJJg.exe
  C:\Windows\System\InHIJJg.exe
  2⤵
  PID:11744
- C:\Windows\System\VJoPMZR.exe
  C:\Windows\System\VJoPMZR.exe
  2⤵
  PID:11768
- C:\Windows\System\TIsHQDo.exe
  C:\Windows\System\TIsHQDo.exe
  2⤵
  PID:11812
- C:\Windows\System\oLEbiAn.exe
  C:\Windows\System\oLEbiAn.exe
  2⤵
  PID:11860
- C:\Windows\System\gmKjbEd.exe
  C:\Windows\System\gmKjbEd.exe
  2⤵
  PID:11892
- C:\Windows\System\BZUgprr.exe
  C:\Windows\System\BZUgprr.exe
  2⤵
  PID:11924
- C:\Windows\System\xpjGPSK.exe
  C:\Windows\System\xpjGPSK.exe
  2⤵
  PID:11948
- C:\Windows\System\eUDUDuL.exe
  C:\Windows\System\eUDUDuL.exe
  2⤵
  PID:11976
- C:\Windows\System\WgtblIG.exe
  C:\Windows\System\WgtblIG.exe
  2⤵
  PID:12012
- C:\Windows\System\qvURhkD.exe
  C:\Windows\System\qvURhkD.exe
  2⤵
  PID:12044
- C:\Windows\System\lezTaYj.exe
  C:\Windows\System\lezTaYj.exe
  2⤵
  PID:12068
- C:\Windows\System\TpsiYzf.exe
  C:\Windows\System\TpsiYzf.exe
  2⤵
  PID:12116
- C:\Windows\System\dDVidlJ.exe
  C:\Windows\System\dDVidlJ.exe
  2⤵
  PID:12152
- C:\Windows\System\WQerRth.exe
  C:\Windows\System\WQerRth.exe
  2⤵
  PID:12172
- C:\Windows\System\cEvxtes.exe
  C:\Windows\System\cEvxtes.exe
  2⤵
  PID:12200
- C:\Windows\System\GyFkvVn.exe
  C:\Windows\System\GyFkvVn.exe
  2⤵
  PID:12236
- C:\Windows\System\XMtifCr.exe
  C:\Windows\System\XMtifCr.exe
  2⤵
  PID:12264
- C:\Windows\System\nUxOFas.exe
  C:\Windows\System\nUxOFas.exe
  2⤵
  PID:11280
- C:\Windows\System\rEpOKlS.exe
  C:\Windows\System\rEpOKlS.exe
  2⤵
  PID:11316
- C:\Windows\System\CbEYmjq.exe
  C:\Windows\System\CbEYmjq.exe
  2⤵
  PID:11404
- C:\Windows\System\sRkYcuY.exe
  C:\Windows\System\sRkYcuY.exe
  2⤵
  PID:11444
- C:\Windows\System\NYOQOkj.exe
  C:\Windows\System\NYOQOkj.exe
  2⤵
  PID:11524
- C:\Windows\System\RGwoUcf.exe
  C:\Windows\System\RGwoUcf.exe
  2⤵
  PID:11556
- C:\Windows\System\thmhIUu.exe
  C:\Windows\System\thmhIUu.exe
  2⤵
  PID:11676
- C:\Windows\System\DedmEhz.exe
  C:\Windows\System\DedmEhz.exe
  2⤵
  PID:11708
- C:\Windows\System\jqTvbIv.exe
  C:\Windows\System\jqTvbIv.exe
  2⤵
  PID:11728
- C:\Windows\System\dEJKcLK.exe
  C:\Windows\System\dEJKcLK.exe
  2⤵
  PID:11832
- C:\Windows\System\jftdKVx.exe
  C:\Windows\System\jftdKVx.exe
  2⤵
  PID:11904
- C:\Windows\System\PtTBMJt.exe
  C:\Windows\System\PtTBMJt.exe
  2⤵
  PID:11932
- C:\Windows\System\AnugAht.exe
  C:\Windows\System\AnugAht.exe
  2⤵
  PID:10756
- C:\Windows\System\YpOelNm.exe
  C:\Windows\System\YpOelNm.exe
  2⤵
  PID:12088
- C:\Windows\System\YqlZFzm.exe
  C:\Windows\System\YqlZFzm.exe
  2⤵
  PID:12128
- C:\Windows\System\HgLiWyw.exe
  C:\Windows\System\HgLiWyw.exe
  2⤵
  PID:12244
- C:\Windows\System\RMuDjnO.exe
  C:\Windows\System\RMuDjnO.exe
  2⤵
  PID:12280
- C:\Windows\System\VflTGZV.exe
  C:\Windows\System\VflTGZV.exe
  2⤵
  PID:11492
- C:\Windows\System\UznIOrA.exe
  C:\Windows\System\UznIOrA.exe
  2⤵
  PID:11656
- C:\Windows\System\zLQDdIh.exe
  C:\Windows\System\zLQDdIh.exe
  2⤵
  PID:11760
- C:\Windows\System\ufTjDDj.exe
  C:\Windows\System\ufTjDDj.exe
  2⤵
  PID:11972
- C:\Windows\System\hSvJxiM.exe
  C:\Windows\System\hSvJxiM.exe
  2⤵
  PID:12028
- C:\Windows\System\LmRYuTc.exe
  C:\Windows\System\LmRYuTc.exe
  2⤵
  PID:12168
- C:\Windows\System\VxyMoTm.exe
  C:\Windows\System\VxyMoTm.exe
  2⤵
  PID:11312
- C:\Windows\System\OVeqAch.exe
  C:\Windows\System\OVeqAch.exe
  2⤵
  PID:11496
- C:\Windows\System\GbCgxOU.exe
  C:\Windows\System\GbCgxOU.exe
  2⤵
  PID:11776
- C:\Windows\System\XqvVdJH.exe
  C:\Windows\System\XqvVdJH.exe
  2⤵
  PID:12296
- C:\Windows\System\veJnfzJ.exe
  C:\Windows\System\veJnfzJ.exe
  2⤵
  PID:12316
- C:\Windows\System\SqWjzDX.exe
  C:\Windows\System\SqWjzDX.exe
  2⤵
  PID:12404
- C:\Windows\System\UDYnjvB.exe
  C:\Windows\System\UDYnjvB.exe
  2⤵
  PID:12420
- C:\Windows\System\cXALLEz.exe
  C:\Windows\System\cXALLEz.exe
  2⤵
  PID:12436
- C:\Windows\System\kvCRTAy.exe
  C:\Windows\System\kvCRTAy.exe
  2⤵
  PID:12452
- C:\Windows\System\djYbOnt.exe
  C:\Windows\System\djYbOnt.exe
  2⤵
  PID:12488
- C:\Windows\System\femAtRZ.exe
  C:\Windows\System\femAtRZ.exe
  2⤵
  PID:12508
- C:\Windows\System\NrZddSP.exe
  C:\Windows\System\NrZddSP.exe
  2⤵
  PID:12540
- C:\Windows\System\yjROezh.exe
  C:\Windows\System\yjROezh.exe
  2⤵
  PID:12564
- C:\Windows\System\jaruhrY.exe
  C:\Windows\System\jaruhrY.exe
  2⤵
  PID:12588
- C:\Windows\System\MQTWJoX.exe
  C:\Windows\System\MQTWJoX.exe
  2⤵
  PID:12620
- C:\Windows\System\yrueqgw.exe
  C:\Windows\System\yrueqgw.exe
  2⤵
  PID:12652
- C:\Windows\System\mtckwos.exe
  C:\Windows\System\mtckwos.exe
  2⤵
  PID:12680
- C:\Windows\System\BynzTNs.exe
  C:\Windows\System\BynzTNs.exe
  2⤵
  PID:12716
- C:\Windows\System\lLjrpNN.exe
  C:\Windows\System\lLjrpNN.exe
  2⤵
  PID:12740
- C:\Windows\System\pGdeLZQ.exe
  C:\Windows\System\pGdeLZQ.exe
  2⤵
  PID:12780
- C:\Windows\System\HnmPlNh.exe
  C:\Windows\System\HnmPlNh.exe
  2⤵
  PID:12804
- C:\Windows\System\bSEoCgS.exe
  C:\Windows\System\bSEoCgS.exe
  2⤵
  PID:12836
- C:\Windows\System\WxwwRrW.exe
  C:\Windows\System\WxwwRrW.exe
  2⤵
  PID:12852
- C:\Windows\System\KiIdlow.exe
  C:\Windows\System\KiIdlow.exe
  2⤵
  PID:12892
- C:\Windows\System\XkYqxwp.exe
  C:\Windows\System\XkYqxwp.exe
  2⤵
  PID:12924
- C:\Windows\System\GQXSLbX.exe
  C:\Windows\System\GQXSLbX.exe
  2⤵
  PID:12952
- C:\Windows\System\sxiYoVq.exe
  C:\Windows\System\sxiYoVq.exe
  2⤵
  PID:12976
- C:\Windows\System\aXNAFZc.exe
  C:\Windows\System\aXNAFZc.exe
  2⤵
  PID:13004
- C:\Windows\System\baLMSZD.exe
  C:\Windows\System\baLMSZD.exe
  2⤵
  PID:13032
- C:\Windows\System\KaAZcvW.exe
  C:\Windows\System\KaAZcvW.exe
  2⤵
  PID:13056
- C:\Windows\System\yjWgzBL.exe
  C:\Windows\System\yjWgzBL.exe
  2⤵
  PID:13088
- C:\Windows\System\JGKwaUR.exe
  C:\Windows\System\JGKwaUR.exe
  2⤵
  PID:13116
- C:\Windows\System\TNzWwLX.exe
  C:\Windows\System\TNzWwLX.exe
  2⤵
  PID:13144
- C:\Windows\System\igwCsck.exe
  C:\Windows\System\igwCsck.exe
  2⤵
  PID:13180
- C:\Windows\System\ZBVnNOP.exe
  C:\Windows\System\ZBVnNOP.exe
  2⤵
  PID:13212
- C:\Windows\System\zmufpJY.exe
  C:\Windows\System\zmufpJY.exe
  2⤵
  PID:13228
- C:\Windows\System\JKaJqst.exe
  C:\Windows\System\JKaJqst.exe
  2⤵
  PID:13256
- C:\Windows\System\JPvomCE.exe
  C:\Windows\System\JPvomCE.exe
  2⤵
  PID:13284
- C:\Windows\System\paEBejK.exe
  C:\Windows\System\paEBejK.exe
  2⤵
  PID:12188
- C:\Windows\System\ZQhCzGK.exe
  C:\Windows\System\ZQhCzGK.exe
  2⤵
  PID:12304
- C:\Windows\System\tHZtgmw.exe
  C:\Windows\System\tHZtgmw.exe
  2⤵
  PID:12056
- C:\Windows\System\dwQpZhL.exe
  C:\Windows\System\dwQpZhL.exe
  2⤵
  PID:3420
- C:\Windows\System\FFURHYq.exe
  C:\Windows\System\FFURHYq.exe
  2⤵
  PID:12444
- C:\Windows\System\BmeYyqc.exe
  C:\Windows\System\BmeYyqc.exe
  2⤵
  PID:12548
- C:\Windows\System\DGtgkXi.exe
  C:\Windows\System\DGtgkXi.exe
  2⤵
  PID:12608
- C:\Windows\System\XUNWRFC.exe
  C:\Windows\System\XUNWRFC.exe
  2⤵
  PID:12672
- C:\Windows\System\udstSeN.exe
  C:\Windows\System\udstSeN.exe
  2⤵
  PID:12728
- C:\Windows\System\xIsjAJw.exe
  C:\Windows\System\xIsjAJw.exe
  2⤵
  PID:12796
- C:\Windows\System\kQyZbwz.exe
  C:\Windows\System\kQyZbwz.exe
  2⤵
  PID:12848
- C:\Windows\System\JWwkcVZ.exe
  C:\Windows\System\JWwkcVZ.exe
  2⤵
  PID:12932
- C:\Windows\System\cMkoyAT.exe
  C:\Windows\System\cMkoyAT.exe
  2⤵
  PID:12960
- C:\Windows\System\fvnvUld.exe
  C:\Windows\System\fvnvUld.exe
  2⤵
  PID:13024
- C:\Windows\System\nAqHNnU.exe
  C:\Windows\System\nAqHNnU.exe
  2⤵
  PID:13072
- C:\Windows\System\RuUurlJ.exe
  C:\Windows\System\RuUurlJ.exe
  2⤵
  PID:13188
- C:\Windows\System\CIAfAnF.exe
  C:\Windows\System\CIAfAnF.exe
  2⤵
  PID:13220
- C:\Windows\System\CfclgWI.exe
  C:\Windows\System\CfclgWI.exe
  2⤵
  PID:13268
- C:\Windows\System\IglkKhc.exe
  C:\Windows\System\IglkKhc.exe
  2⤵
  PID:12396
- C:\Windows\System\SnnIHLX.exe
  C:\Windows\System\SnnIHLX.exe
  2⤵
  PID:12412
- C:\Windows\System\TyHFHBX.exe
  C:\Windows\System\TyHFHBX.exe
  2⤵
  PID:12524
- C:\Windows\System\nPcDbiR.exe
  C:\Windows\System\nPcDbiR.exe
  2⤵
  PID:12724
- C:\Windows\System\BrTFGHi.exe
  C:\Windows\System\BrTFGHi.exe
  2⤵
  PID:12920
- C:\Windows\System\ibIcJzY.exe
  C:\Windows\System\ibIcJzY.exe
  2⤵
  PID:13300
- C:\Windows\System\KkUkKnF.exe
  C:\Windows\System\KkUkKnF.exe
  2⤵
  PID:12476
- C:\Windows\System\UPwDgFs.exe
  C:\Windows\System\UPwDgFs.exe
  2⤵
  PID:12904
- C:\Windows\System\CUkOVIU.exe
  C:\Windows\System\CUkOVIU.exe
  2⤵
  PID:13140
- C:\Windows\System\gUmSxwf.exe
  C:\Windows\System\gUmSxwf.exe
  2⤵
  PID:13132
- C:\Windows\System\pOYTMku.exe
  C:\Windows\System\pOYTMku.exe
  2⤵
  PID:13320
- C:\Windows\System\JryKiPe.exe
  C:\Windows\System\JryKiPe.exe
  2⤵
  PID:13352
- C:\Windows\System\tQOVHmd.exe
  C:\Windows\System\tQOVHmd.exe
  2⤵
  PID:13368
- C:\Windows\System\yPTOGvx.exe
  C:\Windows\System\yPTOGvx.exe
  2⤵
  PID:13388
- C:\Windows\System\bvFXGkz.exe
  C:\Windows\System\bvFXGkz.exe
  2⤵
  PID:13416
- C:\Windows\System\HxHrPTN.exe
  C:\Windows\System\HxHrPTN.exe
  2⤵
  PID:13452
- C:\Windows\System\mWTAAty.exe
  C:\Windows\System\mWTAAty.exe
  2⤵
  PID:13480
- C:\Windows\System\XHSUbHj.exe
  C:\Windows\System\XHSUbHj.exe
  2⤵
  PID:13508
- C:\Windows\System\qgYlQft.exe
  C:\Windows\System\qgYlQft.exe
  2⤵
  PID:13536
- C:\Windows\System\tXLDQvB.exe
  C:\Windows\System\tXLDQvB.exe
  2⤵
  PID:13564
- C:\Windows\System\RJgAvKT.exe
  C:\Windows\System\RJgAvKT.exe
  2⤵
  PID:13600
- C:\Windows\System\gCwdYNF.exe
  C:\Windows\System\gCwdYNF.exe
  2⤵
  PID:13620
- C:\Windows\System\WMBYwho.exe
  C:\Windows\System\WMBYwho.exe
  2⤵
  PID:13648
- C:\Windows\System\XtlTdBH.exe
  C:\Windows\System\XtlTdBH.exe
  2⤵
  PID:13688
- C:\Windows\System\jddplWp.exe
  C:\Windows\System\jddplWp.exe
  2⤵
  PID:13704
- C:\Windows\System\UEIoPSw.exe
  C:\Windows\System\UEIoPSw.exe
  2⤵
  PID:13736
- C:\Windows\System\SagFnDh.exe
  C:\Windows\System\SagFnDh.exe
  2⤵
  PID:13760
- C:\Windows\System\gRBoENr.exe
  C:\Windows\System\gRBoENr.exe
  2⤵
  PID:13796
- C:\Windows\System\hRtQxPN.exe
  C:\Windows\System\hRtQxPN.exe
  2⤵
  PID:13816
- C:\Windows\System\RWhEbuy.exe
  C:\Windows\System\RWhEbuy.exe
  2⤵
  PID:13852
- C:\Windows\System\CDvIqMy.exe
  C:\Windows\System\CDvIqMy.exe
  2⤵
  PID:13876
- C:\Windows\System\UrJFpRV.exe
  C:\Windows\System\UrJFpRV.exe
  2⤵
  PID:13904
- C:\Windows\System\DjTTFAv.exe
  C:\Windows\System\DjTTFAv.exe
  2⤵
  PID:13940
- C:\Windows\System\yHGsMtH.exe
  C:\Windows\System\yHGsMtH.exe
  2⤵
  PID:13964
- C:\Windows\System\uljYDbJ.exe
  C:\Windows\System\uljYDbJ.exe
  2⤵
  PID:13988
- C:\Windows\System\qtAOzWR.exe
  C:\Windows\System\qtAOzWR.exe
  2⤵
  PID:14004
- C:\Windows\System\RvlLXmz.exe
  C:\Windows\System\RvlLXmz.exe
  2⤵
  PID:14032
- C:\Windows\System\taaXjMB.exe
  C:\Windows\System\taaXjMB.exe
  2⤵
  PID:14072
- C:\Windows\System\KuSntbf.exe
  C:\Windows\System\KuSntbf.exe
  2⤵
  PID:14100
- C:\Windows\System\wGuhneD.exe
  C:\Windows\System\wGuhneD.exe
  2⤵
  PID:14128
- C:\Windows\System\uFhOyjN.exe
  C:\Windows\System\uFhOyjN.exe
  2⤵
  PID:14144
- C:\Windows\System\WSMukof.exe
  C:\Windows\System\WSMukof.exe
  2⤵
  PID:14172
- C:\Windows\System\jCNWcRr.exe
  C:\Windows\System\jCNWcRr.exe
  2⤵
  PID:14200
- C:\Windows\System\IjTHRoR.exe
  C:\Windows\System\IjTHRoR.exe
  2⤵
  PID:14240
- C:\Windows\System\JryVBbi.exe
  C:\Windows\System\JryVBbi.exe
  2⤵
  PID:14272
- C:\Windows\System\iKvdOtP.exe
  C:\Windows\System\iKvdOtP.exe
  2⤵
  PID:14300
- C:\Windows\System\lESMIcm.exe
  C:\Windows\System\lESMIcm.exe
  2⤵
  PID:14320
- C:\Windows\System\hLzSIGX.exe
  C:\Windows\System\hLzSIGX.exe
  2⤵
  PID:13336
- C:\Windows\System\iOMvVwG.exe
  C:\Windows\System\iOMvVwG.exe
  2⤵
  PID:3876
- C:\Windows\System\udoHQWE.exe
  C:\Windows\System\udoHQWE.exe
  2⤵
  PID:2776
- C:\Windows\System\JhqAAhy.exe
  C:\Windows\System\JhqAAhy.exe
  2⤵
  PID:13424
- C:\Windows\System\yQbfuKS.exe
  C:\Windows\System\yQbfuKS.exe
  2⤵
  PID:13492
- C:\Windows\System\yFDenDj.exe
  C:\Windows\System\yFDenDj.exe
  2⤵
  PID:13548
- C:\Windows\System\qbjFhzl.exe
  C:\Windows\System\qbjFhzl.exe
  2⤵
  PID:13612
- C:\Windows\System\DlIIlgh.exe
  C:\Windows\System\DlIIlgh.exe
  2⤵
  PID:13696
- C:\Windows\System\LQzcZOB.exe
  C:\Windows\System\LQzcZOB.exe
  2⤵
  PID:13780
- C:\Windows\System\FSWthEB.exe
  C:\Windows\System\FSWthEB.exe
  2⤵
  PID:13840
- C:\Windows\System\KOOgehK.exe
  C:\Windows\System\KOOgehK.exe
  2⤵
  PID:13892
- C:\Windows\System\kCGPnzS.exe
  C:\Windows\System\kCGPnzS.exe
  2⤵
  PID:14020
- C:\Windows\System\wOokNZH.exe
  C:\Windows\System\wOokNZH.exe
  2⤵
  PID:14056
- C:\Windows\System\WVqaFJV.exe
  C:\Windows\System\WVqaFJV.exe
  2⤵
  PID:14112
- C:\Windows\System\zQwBteh.exe
  C:\Windows\System\zQwBteh.exe
  2⤵
  PID:14196
- C:\Windows\System\NRDuxoe.exe
  C:\Windows\System\NRDuxoe.exe
  2⤵
  PID:14208
- C:\Windows\System\QijXkhY.exe
  C:\Windows\System\QijXkhY.exe
  2⤵
  PID:14308
- C:\Windows\System\zLqdets.exe
  C:\Windows\System\zLqdets.exe
  2⤵
  PID:1244
- C:\Windows\System\ybhPBDX.exe
  C:\Windows\System\ybhPBDX.exe
  2⤵
  PID:12580
- C:\Windows\System\CnXUkCS.exe
  C:\Windows\System\CnXUkCS.exe
  2⤵
  PID:13664
- C:\Windows\System\njDzfSr.exe
  C:\Windows\System\njDzfSr.exe
  2⤵
  PID:13744
- C:\Windows\System\vVnRAdp.exe
  C:\Windows\System\vVnRAdp.exe
  2⤵
  PID:13936
- C:\Windows\System\rbTZwVq.exe
  C:\Windows\System\rbTZwVq.exe
  2⤵
  PID:14060
- C:\Windows\System\SQTBwiU.exe
  C:\Windows\System\SQTBwiU.exe
  2⤵
  PID:14232
- C:\Windows\System\BFQwjGW.exe
  C:\Windows\System\BFQwjGW.exe
  2⤵
  PID:14256
- C:\Windows\System\aJxPRmH.exe
  C:\Windows\System\aJxPRmH.exe
  2⤵
  PID:13588
- C:\Windows\System\xxjNEbc.exe
  C:\Windows\System\xxjNEbc.exe
  2⤵
  PID:13808
- C:\Windows\System\SnODHoc.exe
  C:\Windows\System\SnODHoc.exe
  2⤵
  PID:13344
- C:\Windows\System\dWRfejl.exe
  C:\Windows\System\dWRfejl.exe
  2⤵
  PID:13812
- C:\Windows\System\WjDpdos.exe
  C:\Windows\System\WjDpdos.exe
  2⤵
  PID:14216
- C:\Windows\System\fbisYgZ.exe
  C:\Windows\System\fbisYgZ.exe
  2⤵
  PID:14376
- C:\Windows\System\tMjgUkQ.exe
  C:\Windows\System\tMjgUkQ.exe
  2⤵
  PID:14408
- C:\Windows\System\elWIVRO.exe
  C:\Windows\System\elWIVRO.exe
  2⤵
  PID:14436
- C:\Windows\System\pnwXVPu.exe
  C:\Windows\System\pnwXVPu.exe
  2⤵
  PID:14460
- C:\Windows\System\UkEySbb.exe
  C:\Windows\System\UkEySbb.exe
  2⤵
  PID:14492
- C:\Windows\System\TSBGjyV.exe
  C:\Windows\System\TSBGjyV.exe
  2⤵
  PID:14520
- C:\Windows\System\rLOUKec.exe
  C:\Windows\System\rLOUKec.exe
  2⤵
  PID:14548
- C:\Windows\System\gsYjDLz.exe
  C:\Windows\System\gsYjDLz.exe
  2⤵
  PID:14580
- C:\Windows\System\OcnTfAf.exe
  C:\Windows\System\OcnTfAf.exe
  2⤵
  PID:14616
- C:\Windows\System\yJnlUkE.exe
  C:\Windows\System\yJnlUkE.exe
  2⤵
  PID:14632
- C:\Windows\System\nvwCVdm.exe
  C:\Windows\System\nvwCVdm.exe
  2⤵
  PID:14648
- C:\Windows\System\ekQTlNn.exe
  C:\Windows\System\ekQTlNn.exe
  2⤵
  PID:14684
- C:\Windows\System\YLirtGH.exe
  C:\Windows\System\YLirtGH.exe
  2⤵
  PID:14716
- C:\Windows\System\CsbUoiO.exe
  C:\Windows\System\CsbUoiO.exe
  2⤵
  PID:14736
- C:\Windows\System\wwLpCuy.exe
  C:\Windows\System\wwLpCuy.exe
  2⤵
  PID:14772
- C:\Windows\System\mEuSnYA.exe
  C:\Windows\System\mEuSnYA.exe
  2⤵
  PID:14800
- C:\Windows\System\wWpFHdr.exe
  C:\Windows\System\wWpFHdr.exe
  2⤵
  PID:14820
- C:\Windows\System\aLeySNN.exe
  C:\Windows\System\aLeySNN.exe
  2⤵
  PID:14844

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CGknSMA.exe

Filesize
2.5MB

MD5
cc8edbbb1188086381b88264f9d17f6d

SHA1
3d768c224926e4242561ce19a1e082d7932984ca

SHA256
74a52315f0a38592b6c90d5e12749431c2d0953cf7c33d73750de245f92abe38

SHA512
1f996319337ee939604393971c38c6341ba6c2a41fd0c4f73182ae2afb5597fe17f7091558ea1f96e2002353374076e34bcd2484790b5f19ead955d8676dc91a

Download Submit
C:\Windows\System\GWHTzrJ.exe

Filesize
2.5MB

MD5
32d9cf7c887686706bc8b75cb5113823

SHA1
5421c159258978bf876bafbb7535d2f467795b47

SHA256
2387afd8c5aabd159c32118a81b3581bd2bf52cfcb95d958c958610fa7eff21b

SHA512
6f438174ce80e30f11f12962c17697bf6fe437bb53dcc6d538c595e9a5c1587d677bfc17273406e0293939e7bde45f984c4f75c4fc043b97b489125b137e33b3

Download Submit
C:\Windows\System\GqDigrL.exe

Filesize
2.5MB

MD5
17a715e5d2c0aea36b040a6a7b77e1ee

SHA1
ebd93856003ef4c836d384e0fa097e4cf211ec61

SHA256
cef22c6c0f80319d12a1b2b74a60a50610afa6fb3de16fcf7c0a7a6d3a149da9

SHA512
4063460b5894d4bdc14693efd373a80438f135fd9fad29c96ad1457585677919567a29d1150da4a73087e12183a90cdb783f37758796dfc98605141b895830b3

Download Submit
C:\Windows\System\HoeNnrL.exe

Filesize
2.5MB

MD5
62f0011c40514bbf1524c2ee3eb4e0ad

SHA1
b1a2bdb90fb6e16d6448c151a47a8eaf50c88619

SHA256
63856d61f019b60d28a65e63559b6eacea745e0184cbea13eaea255c314dc1c2

SHA512
c8fa0caa789f98c6e86850ba1c24a7e141c1299219fa48733609eccb89338ffb277479c997672d06bfa246bd6baeea47a8dc5ae5eb6f4d75bb02c86abd6c686a

Download Submit
C:\Windows\System\NohadGo.exe

Filesize
2.5MB

MD5
ffcffea6385f24cad8c06fe8372db784

SHA1
c854b5b076511df986b4c5a77849780ad0e7bf59

SHA256
43a0211b89e93161e9d52e0a92e44ef423f438d29687addf92a2e8e3f629c12e

SHA512
f9b5e11e07a597762fa236f2652deb362bfae8401f35cfe329d8ddc2568dc0fa8866ce5eefa42058db9da6c70c29a2771d0ec438283f6724369f3dc7df5b7a85

Download Submit
C:\Windows\System\PEZieDa.exe

Filesize
2.5MB

MD5
b16949d108a6d4d21c5a8b9bb8c4e855

SHA1
ea525ecb44cc7d5f37a48afd814b95bcee2f781c

SHA256
bd5426fdf222d32f5cc8383af28c7d700eddc64e98bf368d92dae4eebe818ad4

SHA512
4a82a5d35b5f17a35b5e657840332c925be6f28d0cf9a42678324a48396c6329759c761d68ffc7fe460dc50b7e25e362dd2e21b94fd9ad6ef08c38cb6aa3dc03

Download Submit
C:\Windows\System\PXkBPyw.exe

Filesize
2.5MB

MD5
a3ad432e4a98e812462ae85c0cdc72ab

SHA1
6a32fa501fcfa5b582ad6d73230515659e335cf3

SHA256
4684be851a37eef0029aae7756c00e9143810ad96439eccd06eb1c560ef45524

SHA512
8da796008ed6b755f9ca401ce3add8dcbaf749ade3110ff948b867f1298875c99a48fe8b81fcaa7d3d2e5e6fe832ba0017677be04b6ceb0688f5a98713b0d1d0

Download Submit
C:\Windows\System\PnIseXg.exe

Filesize
2.5MB

MD5
470020567f18029d4a1afb915bce0cda

SHA1
623438376976c7edd4fcae888839fcde29d887b6

SHA256
f3b4d82a6ec9add4fe2b48ac7c91c6f737d2e6201ffdeb852f2201d8e733c386

SHA512
b96ff934ef69372ad9931eac9a295ef68dc7a8a83e6e5375aeb2122094105797cb69373f5fe1f2d68bb15614c76fdd236e816ff4ddd9aff29e3927c350bb99d1

Download Submit
C:\Windows\System\SDlUzEu.exe

Filesize
2.5MB

MD5
38f7bbe978827a0cf2e2a2708830b7e6

SHA1
717ca8e511b1e81681eb5ae4bfaad7ba8fbade7f

SHA256
a657894300eb57aa5281a8366c2439e46933d74833825ba61ae5cdb13c977ac0

SHA512
421863134bec901effa8f006fe90fcfb562bec4c552f3183d121948203b4e776b870c125f43e995bbdc96eef1ef13281f46ef1f224d3e9c3de1cbfd41c7907e3

Download Submit
C:\Windows\System\ThIwbwe.exe

Filesize
2.5MB

MD5
99ab011c94813ef8ae5b91f630c6c8df

SHA1
f270db7625dc59220020b9cccbc04ad92766ccbe

SHA256
07b90d9b1607c0b24e7d80d0b2c09917a857d26b0229f25cd0c500f60e84e6ce

SHA512
85f4c8c34a52fce6af5cc75889d6a10b010cca3455742e72d38ade3f5be22bc01de9014b17ba789df34a64299885f79337810f4f42cfb9e614a56c19f025316d

Download Submit
C:\Windows\System\UNyTpJp.exe

Filesize
2.5MB

MD5
6a4588af77569b07322bc62990967252

SHA1
59c01180be6c123dd75f078af7d98874faa23495

SHA256
cf023b89af872a8755b8e25117dfd73ddc10d6f94ec6d9750d951202516afce7

SHA512
b9ae355f5fb27604a8f89da2038827e244a8e9ffcd1e6274329720cbf60af59d13baa9a9c1e1c042b94ac322140033db51344aa5ca0916cb35fac19b578562d5

Download Submit
C:\Windows\System\VzuXuKX.exe

Filesize
2.5MB

MD5
72208abccfa459cc89b62b6df999735a

SHA1
7e2bad94af6f52cda80288299ea440de5f6fecb4

SHA256
bcd74b3d6cf95dcaf36fc5fde2199d29c01838fd0ed838b2a0f7f6df73f0c77d

SHA512
d730a6c7dc9fcb10f634859a4c6d399af379d79e00e7105431871d33024a21e28b93989d75de75b1ecc845246719f3d79be1f7e0c00eb66b1512731f612c7744

Download Submit
C:\Windows\System\WZgUehI.exe

Filesize
2.5MB

MD5
81425421bdbf984fe200713d84d51235

SHA1
7129aef113ac2c7b1448044dcc4123a54ed4471b

SHA256
e2f6461535f96533cca0da0e61276596a6147ac2e432485b988c0bbfffc07d7c

SHA512
896f6708c2333e487e8f05949d76fdb6bff11918584a9ba4c0131efa581020a89307d545d140c3426738f43701bbfd4f6ab34843bd6b67b36d510b8077990169

Download Submit
C:\Windows\System\ZAYltdi.exe

Filesize
2.5MB

MD5
a7db7f01c241b8cab404e7eee08e6737

SHA1
837f5b4cb5943097e5c18b7061e1570e5281db00

SHA256
74137de77fd068d5673267e93b3d33bf6215eafc27b34c730cd6ff24a674d7a3

SHA512
833400f579d91c2534221074023bc25cc720b5eb4068bdd2b41f3c24981358adebcb5a3fc2e4587753cbb05111ddf1eee4322c972a429f935e806544e6a90b2d

Download Submit
C:\Windows\System\bVzQbXZ.exe

Filesize
2.5MB

MD5
11a3042763b01e7d1f6e6f0c853faabb

SHA1
28cf3fa0de7045b40d09e1ded0afd208bd768fea

SHA256
7ae25244e0091e20135a2ea95aad64248e7def5e766c53901e58714eaa65ed8c

SHA512
f0504fd202c346a83db3ecb4320cf0471c35c65a6e913b493257ad3f94d2d0817082271c6a7a29afb62120109665cf8ac0561a0c6215879af05fe62ec76a89c0

Download Submit
C:\Windows\System\bbsPNbM.exe

Filesize
2.5MB

MD5
0408651c0ebd2a0c4a6ec6e696f97b99

SHA1
3afe265d018100a21b4c47defe53eaf52f50039d

SHA256
1013a00c006aa043ae91fb2ed7e7c53557844ea61f3f3cbe41d2cf8f116b5c77

SHA512
a1c933de2ab8cebaceade17191518918eb5e2b01af3856b7c0a7c35643048ea1099dbf02593125f4c4781d733a197ed4aad09f02d1e40649e123aa12e6d37bca

Download Submit
C:\Windows\System\cqvwYKR.exe

Filesize
2.5MB

MD5
154cf565680b3d995cebfa8a6a502136

SHA1
da99e0a81dbea427067f684669fc848fb525723b

SHA256
06d9762cd58a6693aa8bd145f4fc93906e94249793811918c68cbb1e7d78cad5

SHA512
cc3b346122e6464bc906f7b94873228c2672fcb9bf906dabb1bdcbb437cf2415825a912da27438ac20c19edc4ae3f5ba6cba49839ff07fa1d08218f797d32fcf

Download Submit
C:\Windows\System\gEqdlqA.exe

Filesize
2.5MB

MD5
3525747cb3a7b6a49186849a9cd18516

SHA1
645e1bb3d214c13c676251f1f2ca1f6f3aab4c85

SHA256
a241a1cb2d757d1ec5e3066d9f911d6bc87b45bb20145563315fe30a32f5bc97

SHA512
fbc2d8547a2f49593d186ad6b2cd59236c9b2d825cdb5c5bfa1414829eee4d0d01fcc1316497860cfcdfdc56bcb6af04b33bfd67c9c9f74015f7a1b50e1cb75f

Download Submit
C:\Windows\System\iVHquFN.exe

Filesize
2.5MB

MD5
0a756ee4f7e9db46419d08763c8e6b6d

SHA1
acecce2bc51dc2681ecf14f043a8c929caa603ee

SHA256
71924f26563539047752b8cd7bf7a928182bcc6710d9f3468510ed167d044433

SHA512
49eef330fba3dc5a2948d5d8bcd02d9422c9d8a8bf506170e1601f7c6e70ada934f37451329cb2a416e52cc1c19a2610d32402e7129aaf718315a8d180f2b03a

Download Submit
C:\Windows\System\kXiLxdL.exe

Filesize
2.5MB

MD5
fc3ba147278016a801984e412b2b5102

SHA1
5fd9318de312714f1c16313af0cf2cf1a2a9bce8

SHA256
ba2f495c816d820c1a672cb9b1f5f50da8244fed34e484e344dbf90db4b50a93

SHA512
c37cf85f540c726bf71da337ac05739bee6b20687cd28474ad0ef57e7a1753e0583ca28a57dcf469ea3f0d065251aeaa1afaac7f835e422e01773055425da9be

Download Submit
C:\Windows\System\lzJtPVO.exe

Filesize
2.5MB

MD5
19b9518d375435abde8e93510500a9cb

SHA1
d0769f2f03a3cf65337bcf5149f54d7b0658e0ae

SHA256
466ba3e3c38163164c2ea45090d9202749b67781e8c62d76db0294e985cc8763

SHA512
3119873ef9816fdcf793c54f9f830d936e8cdd1c1c6c8710cafe5284d3d1f86cfbee9d9518094b95e7a1ec8ba17443c201350dadb9853a32ab9ed012c575a43f

Download Submit
C:\Windows\System\oiQbeoq.exe

Filesize
2.5MB

MD5
3ac0b03a5e153733d61bd3156f4908c5

SHA1
f95eb2bf5588c79e23e506591fa6cce41c9433a5

SHA256
bd74abfe2a2c226a782fcbf2cd82a0a7f61abbcd4d44645118c33568c99dbde5

SHA512
72cf1cac4ed2e50258322c569084cf925a03c19000e6160d5dcac3ee88010a0965c7c6671abe03b3314eb5540fd397c509687ad0f8a417cffaeb4b18ca1bfbf2

Download Submit
C:\Windows\System\oxQhZLF.exe

Filesize
2.5MB

MD5
b82b987972921dfb4db5158a036027d8

SHA1
7d8ae990795f85ec3931282089397d5d7ce9ee8e

SHA256
cad65d190a6b16de023ef17a337e5e78df84545ecf3eabfed5d663761a1229c1

SHA512
0363c4fe3100c3dcb2cf2f62b1545faf8f3207bcfc17c1246bca06f8c14337b0b5497c0067377155680cdc5845bf8e2c8b2344b0e0d16d385fa0657d28be22d1

Download Submit
C:\Windows\System\qsBOYcp.exe

Filesize
2.5MB

MD5
2bc617d5ea4206c6c813455565bdbac0

SHA1
35b2aa75e4c8240a664a4c0ecbed265e2a64c35d

SHA256
e71d55278c051150ea01be645ab5ca14db3d7619a7d8a25d05b31e41a177baac

SHA512
ae2537ee5f96812cb56052209c7f8dd54319f561c00982c7496783f32450abf83558f64d0f27500c03b2657a60e662a25ac6b7a9f197a05de0397cf2f1b64763

Download Submit
C:\Windows\System\srfHELQ.exe

Filesize
2.5MB

MD5
30659137171c56d506675a9a3e783c94

SHA1
a316c72936aa549c08693de8e10e7da8ecfca3da

SHA256
314ae2998a4e9425371f94bb3d48c00b4f44d90a0612c3bda65ea40863e01249

SHA512
c42b2c094dd36d611eadfff5836c3ee9912373a989ea9f7ec641c2d247a5a5cb68e6f227abfea40c46a24e8dce7830d12910c496e4231cdbd45f80e8be142c08

Download Submit
C:\Windows\System\tRmxtTH.exe

Filesize
2.5MB

MD5
118fcac63bcf81d373788c6317a2c604

SHA1
eae26fc9f0253b2654debd7a02ad4757aaa1d576

SHA256
ccd99c2fbc08cfe12d52bda618f4b8289c40bdf5d0e8a24b6c11ccffa956412b

SHA512
d492ab06a21b29bf1170d89f1924c8ad1df8a8a80c561432abb86d90afe54b34f7e701c0a86c2ba412ae62e1b8c235ce33cd73114d5625c2d25cd829f98c75e5

Download Submit
C:\Windows\System\tbiZwpW.exe

Filesize
2.5MB

MD5
6cff775df0d6150f99d48ff1f77daecb

SHA1
6912256853cd4581f141a5192db4a5c67680e90e

SHA256
e30e620b159e10dd7da685142317350297d57cdd5e95972d20ca2f4f4bdccacd

SHA512
58892f1d99264776e884671806bb9b3269bae39e6e682dbc53a58d24c3e00fe361580fd12e4e39332f517ff17837cb560c8394bf50ad8782beb26ecb7514a7b2

Download Submit
C:\Windows\System\vTLZRLC.exe

Filesize
2.5MB

MD5
8c93baf8895305eb14f70602d47364ad

SHA1
7d180bbb856d37f8ebf09d4013bb547e7686f2cf

SHA256
4e0de84a9cc81ab1d48a95902a5ffb3f35b9a9a7a276f32880117e2eaf652fce

SHA512
5655a3915d1e1429a1abe45f4ec9aa0950c5bc8e5f69e98b1493807b479e2999605f07c5ec0ec4973273096cfbc90fe619ef5d6f7f679f37a181f6eb9b643ba6

Download Submit
C:\Windows\System\wpbtFba.exe

Filesize
2.5MB

MD5
345ad07a7d0b0406c83cb2ea342625de

SHA1
1c1bc314ed47f92d015c6faca88c704d65a47ddd

SHA256
6f89dc90190c458b2935effdd38d1c40347404baa2f18f27d0a5dda2f598de9d

SHA512
5755f564ac72e91163571e67ca350249457b9ad61e7ab2d37a8d25cb8a6d3c6e9b58c681a371080169be73d64c42379a5240a103c807d2c13563d49e453136e3

Download Submit
C:\Windows\System\xJVTFZa.exe

Filesize
2.5MB

MD5
fad475467946368b121b2e054c0773da

SHA1
b7aec11ea9d27030e385bd25de408b1bd9de6335

SHA256
68f55f4a86abe477a06c9bd271b69a129e6641cbd25d7fcd4c7f7a4ae2518ae7

SHA512
788311b0e46a7f5ed7ecbd173f8b7c17460a01dd814ace5c903760892de5a6a713381b5b84f7746ca0308c85daaad41b5d44c427d37dac4389a033d5f73a8678

Download Submit
C:\Windows\System\xpcgwUk.exe

Filesize
2.5MB

MD5
1f092625d23b0316f5d22cc3f8a989c7

SHA1
e0439039fb6c410763c456587dde03b9c3b832c2

SHA256
b07b5a04ee58029c750eec37a1964ca176f953c56bc6cae1dc5c6b242cbf4c55

SHA512
ef8ad01e730191db44c3724a9e47df6187370ac56b70e881c3ebffc6225c4c54e0db7948aee0d66777a3213d2bacc44c898c95c6a0021f06c354e224f117884c

Download Submit
C:\Windows\System\zuqBqGz.exe

Filesize
2.5MB

MD5
91cb0d1005ab1246fc40c11fdf7f3f67

SHA1
977cded190f5cddddaa055d755e730e24e21e14c

SHA256
5f11d87b901b4f5869c09ef2664dc7baeb5f593a4975f566cde1c934527569f3

SHA512
4cd6b7d45e0d4bb07b11013d356da8e619871a0dbc8bbd0dd966b22e246026ee458d6d77745b0622d5da5cef576ef5a09b1d28a6c18820004577e16a44b5fbf9

Download Submit
memory/400-2181-0x00007FF79F510000-0x00007FF79F864000-memory.dmp

Filesize
3.3MB

Download
memory/400-174-0x00007FF79F510000-0x00007FF79F864000-memory.dmp

Filesize
3.3MB

Download
memory/400-2209-0x00007FF79F510000-0x00007FF79F864000-memory.dmp

Filesize
3.3MB

Download
memory/556-138-0x00007FF7C00D0000-0x00007FF7C0424000-memory.dmp

Filesize
3.3MB

Download
memory/556-2202-0x00007FF7C00D0000-0x00007FF7C0424000-memory.dmp

Filesize
3.3MB

Download
memory/1272-182-0x00007FF7A7870000-0x00007FF7A7BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2207-0x00007FF7A7870000-0x00007FF7A7BC4000-memory.dmp

Filesize
3.3MB

Download
memory/1516-1786-0x00007FF62E8F0000-0x00007FF62EC44000-memory.dmp

Filesize
3.3MB

Download
memory/1516-2188-0x00007FF62E8F0000-0x00007FF62EC44000-memory.dmp

Filesize
3.3MB

Download
memory/1516-74-0x00007FF62E8F0000-0x00007FF62EC44000-memory.dmp

Filesize
3.3MB

Download
memory/1952-2180-0x00007FF6E02F0000-0x00007FF6E0644000-memory.dmp

Filesize
3.3MB

Download
memory/1952-2210-0x00007FF6E02F0000-0x00007FF6E0644000-memory.dmp

Filesize
3.3MB

Download
memory/1952-166-0x00007FF6E02F0000-0x00007FF6E0644000-memory.dmp

Filesize
3.3MB

Download
memory/2076-101-0x00007FF61F7C0000-0x00007FF61FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2076-2194-0x00007FF61F7C0000-0x00007FF61FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2177-0x00007FF7D7730000-0x00007FF7D7A84000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2203-0x00007FF7D7730000-0x00007FF7D7A84000-memory.dmp

Filesize
3.3MB

Download
memory/2124-132-0x00007FF7D7730000-0x00007FF7D7A84000-memory.dmp

Filesize
3.3MB

Download
memory/2516-2186-0x00007FF7673F0000-0x00007FF767744000-memory.dmp

Filesize
3.3MB

Download
memory/2516-118-0x00007FF7673F0000-0x00007FF767744000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2198-0x00007FF742000000-0x00007FF742354000-memory.dmp

Filesize
3.3MB

Download
memory/2524-90-0x00007FF742000000-0x00007FF742354000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1789-0x00007FF742000000-0x00007FF742354000-memory.dmp

Filesize
3.3MB

Download
memory/3084-119-0x00007FF66E050000-0x00007FF66E3A4000-memory.dmp

Filesize
3.3MB

Download
memory/3084-2196-0x00007FF66E050000-0x00007FF66E3A4000-memory.dmp

Filesize
3.3MB

Download
memory/3240-2206-0x00007FF6FBFD0000-0x00007FF6FC324000-memory.dmp

Filesize
3.3MB

Download
memory/3240-149-0x00007FF6FBFD0000-0x00007FF6FC324000-memory.dmp

Filesize
3.3MB

Download
memory/3240-2178-0x00007FF6FBFD0000-0x00007FF6FC324000-memory.dmp

Filesize
3.3MB

Download
memory/3460-2192-0x00007FF7DE380000-0x00007FF7DE6D4000-memory.dmp

Filesize
3.3MB

Download
memory/3460-113-0x00007FF7DE380000-0x00007FF7DE6D4000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2201-0x00007FF7FBCC0000-0x00007FF7FC014000-memory.dmp

Filesize
3.3MB

Download
memory/3464-122-0x00007FF7FBCC0000-0x00007FF7FC014000-memory.dmp

Filesize
3.3MB

Download
memory/3604-38-0x00007FF776C40000-0x00007FF776F94000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2184-0x00007FF776C40000-0x00007FF776F94000-memory.dmp

Filesize
3.3MB

Download
memory/3660-186-0x00007FF72C460000-0x00007FF72C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2208-0x00007FF72C460000-0x00007FF72C7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4016-2183-0x00007FF721B10000-0x00007FF721E64000-memory.dmp

Filesize
3.3MB

Download
memory/4016-23-0x00007FF721B10000-0x00007FF721E64000-memory.dmp

Filesize
3.3MB

Download
memory/4040-1-0x000001C245F00000-0x000001C245F10000-memory.dmp

Filesize
64KB

Download
memory/4040-0-0x00007FF797390000-0x00007FF7976E4000-memory.dmp

Filesize
3.3MB

Download
memory/4040-1271-0x00007FF797390000-0x00007FF7976E4000-memory.dmp

Filesize
3.3MB

Download
memory/4080-2191-0x00007FF6D6AB0000-0x00007FF6D6E04000-memory.dmp

Filesize
3.3MB

Download
memory/4080-114-0x00007FF6D6AB0000-0x00007FF6D6E04000-memory.dmp

Filesize
3.3MB

Download
memory/4092-115-0x00007FF74EAB0000-0x00007FF74EE04000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2190-0x00007FF74EAB0000-0x00007FF74EE04000-memory.dmp

Filesize
3.3MB

Download
memory/4124-2182-0x00007FF72F9A0000-0x00007FF72FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/4124-11-0x00007FF72F9A0000-0x00007FF72FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/4124-1775-0x00007FF72F9A0000-0x00007FF72FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/4248-120-0x00007FF62CB00000-0x00007FF62CE54000-memory.dmp

Filesize
3.3MB

Download
memory/4248-2195-0x00007FF62CB00000-0x00007FF62CE54000-memory.dmp

Filesize
3.3MB

Download
memory/4328-2204-0x00007FF6AFFC0000-0x00007FF6B0314000-memory.dmp

Filesize
3.3MB

Download
memory/4328-158-0x00007FF6AFFC0000-0x00007FF6B0314000-memory.dmp

Filesize
3.3MB

Download
memory/4328-2179-0x00007FF6AFFC0000-0x00007FF6B0314000-memory.dmp

Filesize
3.3MB

Download
memory/4348-2187-0x00007FF711C50000-0x00007FF711FA4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-117-0x00007FF711C50000-0x00007FF711FA4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-2200-0x00007FF6D7CE0000-0x00007FF6D8034000-memory.dmp

Filesize
3.3MB

Download
memory/4360-54-0x00007FF6D7CE0000-0x00007FF6D8034000-memory.dmp

Filesize
3.3MB

Download
memory/4360-886-0x00007FF6D7CE0000-0x00007FF6D8034000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2189-0x00007FF75ECC0000-0x00007FF75F014000-memory.dmp

Filesize
3.3MB

Download
memory/4536-116-0x00007FF75ECC0000-0x00007FF75F014000-memory.dmp

Filesize
3.3MB

Download
memory/4632-192-0x00007FF7A6BF0000-0x00007FF7A6F44000-memory.dmp

Filesize
3.3MB

Download
memory/4632-2205-0x00007FF7A6BF0000-0x00007FF7A6F44000-memory.dmp

Filesize
3.3MB

Download
memory/4760-2193-0x00007FF7686C0000-0x00007FF768A14000-memory.dmp

Filesize
3.3MB

Download
memory/4760-110-0x00007FF7686C0000-0x00007FF768A14000-memory.dmp

Filesize
3.3MB

Download
memory/4904-91-0x00007FF6E5600000-0x00007FF6E5954000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2197-0x00007FF6E5600000-0x00007FF6E5954000-memory.dmp

Filesize
3.3MB

Download
memory/4964-34-0x00007FF6AD820000-0x00007FF6ADB74000-memory.dmp

Filesize
3.3MB

Download
memory/4964-2185-0x00007FF6AD820000-0x00007FF6ADB74000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1777-0x00007FF6AD820000-0x00007FF6ADB74000-memory.dmp

Filesize
3.3MB

Download
memory/5012-121-0x00007FF6C88B0000-0x00007FF6C8C04000-memory.dmp

Filesize
3.3MB

Download
memory/5012-2199-0x00007FF6C88B0000-0x00007FF6C8C04000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads