xmrig | 5fe89071b73b573e37aa4084cfada1e855d4bd97da891f75c2c7c8b930ceb982

Analysis

max time kernel
116s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
Size

1.9MB
MD5

120a1a77d1cc75db74dd09d2f5702530
SHA1

d6898524d4f97abeb90d87a2677bb09845ac8bbf
SHA256

5fe89071b73b573e37aa4084cfada1e855d4bd97da891f75c2c7c8b930ceb982
SHA512

7c39b28ef6cebff069d5623710720794ee2ac2df186f9d4bf2b2fd2bf0fbd0c1195438f78af53c957697cf81f3a67431fb0649ebc3d2c27d8e09d1e55aac592b
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727F15qbrund+fT+xLTlHLnEPr33Il+8F37XeB9b7UkA:ROdWCCi7/rahlqOdg6VLEL3e73DpwZ4

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral2/memory/3212-21-0x00007FF68CB90000-0x00007FF68CEE1000-memory.dmp	xmrig
behavioral2/memory/2508-29-0x00007FF719310000-0x00007FF719661000-memory.dmp	xmrig
behavioral2/memory/852-10-0x00007FF655CC0000-0x00007FF656011000-memory.dmp	xmrig
behavioral2/memory/324-53-0x00007FF673C10000-0x00007FF673F61000-memory.dmp	xmrig
behavioral2/memory/4548-49-0x00007FF79DFA0000-0x00007FF79E2F1000-memory.dmp	xmrig
behavioral2/memory/1548-40-0x00007FF7A7FF0000-0x00007FF7A8341000-memory.dmp	xmrig
behavioral2/memory/3628-338-0x00007FF75D1D0000-0x00007FF75D521000-memory.dmp	xmrig
behavioral2/memory/2580-339-0x00007FF65F650000-0x00007FF65F9A1000-memory.dmp	xmrig
behavioral2/memory/2544-362-0x00007FF7F1A80000-0x00007FF7F1DD1000-memory.dmp	xmrig
behavioral2/memory/1984-366-0x00007FF762FB0000-0x00007FF763301000-memory.dmp	xmrig
behavioral2/memory/1572-370-0x00007FF7D4950000-0x00007FF7D4CA1000-memory.dmp	xmrig
behavioral2/memory/2260-379-0x00007FF6965F0000-0x00007FF696941000-memory.dmp	xmrig
behavioral2/memory/3984-387-0x00007FF6FDE80000-0x00007FF6FE1D1000-memory.dmp	xmrig
behavioral2/memory/732-401-0x00007FF6DEB00000-0x00007FF6DEE51000-memory.dmp	xmrig
behavioral2/memory/4296-369-0x00007FF6CFEC0000-0x00007FF6D0211000-memory.dmp	xmrig
behavioral2/memory/1492-355-0x00007FF6B5090000-0x00007FF6B53E1000-memory.dmp	xmrig
behavioral2/memory/2832-346-0x00007FF61A390000-0x00007FF61A6E1000-memory.dmp	xmrig
behavioral2/memory/2816-434-0x00007FF6E84D0000-0x00007FF6E8821000-memory.dmp	xmrig
behavioral2/memory/1708-431-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp	xmrig
behavioral2/memory/5112-423-0x00007FF60B240000-0x00007FF60B591000-memory.dmp	xmrig
behavioral2/memory/2588-420-0x00007FF64BED0000-0x00007FF64C221000-memory.dmp	xmrig
behavioral2/memory/2804-78-0x00007FF71C880000-0x00007FF71CBD1000-memory.dmp	xmrig
behavioral2/memory/2044-68-0x00007FF788C00000-0x00007FF788F51000-memory.dmp	xmrig
behavioral2/memory/3212-1110-0x00007FF68CB90000-0x00007FF68CEE1000-memory.dmp	xmrig
behavioral2/memory/532-1109-0x00007FF636350000-0x00007FF6366A1000-memory.dmp	xmrig
behavioral2/memory/3284-1737-0x00007FF6710C0000-0x00007FF671411000-memory.dmp	xmrig
behavioral2/memory/2044-2174-0x00007FF788C00000-0x00007FF788F51000-memory.dmp	xmrig
behavioral2/memory/2480-2175-0x00007FF74CD20000-0x00007FF74D071000-memory.dmp	xmrig
behavioral2/memory/3980-2205-0x00007FF6F0CC0000-0x00007FF6F1011000-memory.dmp	xmrig
behavioral2/memory/5040-2203-0x00007FF67E470000-0x00007FF67E7C1000-memory.dmp	xmrig
behavioral2/memory/2780-2210-0x00007FF64EB00000-0x00007FF64EE51000-memory.dmp	xmrig
behavioral2/memory/2020-2206-0x00007FF7B8AF0000-0x00007FF7B8E41000-memory.dmp	xmrig
behavioral2/memory/852-2228-0x00007FF655CC0000-0x00007FF656011000-memory.dmp	xmrig
behavioral2/memory/3212-2232-0x00007FF68CB90000-0x00007FF68CEE1000-memory.dmp	xmrig
behavioral2/memory/532-2230-0x00007FF636350000-0x00007FF6366A1000-memory.dmp	xmrig
behavioral2/memory/2508-2234-0x00007FF719310000-0x00007FF719661000-memory.dmp	xmrig
behavioral2/memory/3284-2236-0x00007FF6710C0000-0x00007FF671411000-memory.dmp	xmrig
behavioral2/memory/1548-2238-0x00007FF7A7FF0000-0x00007FF7A8341000-memory.dmp	xmrig
behavioral2/memory/4548-2240-0x00007FF79DFA0000-0x00007FF79E2F1000-memory.dmp	xmrig
behavioral2/memory/2480-2242-0x00007FF74CD20000-0x00007FF74D071000-memory.dmp	xmrig
behavioral2/memory/324-2244-0x00007FF673C10000-0x00007FF673F61000-memory.dmp	xmrig
behavioral2/memory/2044-2246-0x00007FF788C00000-0x00007FF788F51000-memory.dmp	xmrig
behavioral2/memory/5112-2248-0x00007FF60B240000-0x00007FF60B591000-memory.dmp	xmrig
behavioral2/memory/5040-2251-0x00007FF67E470000-0x00007FF67E7C1000-memory.dmp	xmrig
behavioral2/memory/3628-2252-0x00007FF75D1D0000-0x00007FF75D521000-memory.dmp	xmrig
behavioral2/memory/2020-2256-0x00007FF7B8AF0000-0x00007FF7B8E41000-memory.dmp	xmrig
behavioral2/memory/1708-2254-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp	xmrig
behavioral2/memory/2780-2258-0x00007FF64EB00000-0x00007FF64EE51000-memory.dmp	xmrig
behavioral2/memory/3980-2260-0x00007FF6F0CC0000-0x00007FF6F1011000-memory.dmp	xmrig
behavioral2/memory/2832-2266-0x00007FF61A390000-0x00007FF61A6E1000-memory.dmp	xmrig
behavioral2/memory/2816-2264-0x00007FF6E84D0000-0x00007FF6E8821000-memory.dmp	xmrig
behavioral2/memory/2580-2262-0x00007FF65F650000-0x00007FF65F9A1000-memory.dmp	xmrig
behavioral2/memory/1492-2268-0x00007FF6B5090000-0x00007FF6B53E1000-memory.dmp	xmrig
behavioral2/memory/4296-2276-0x00007FF6CFEC0000-0x00007FF6D0211000-memory.dmp	xmrig
behavioral2/memory/1572-2284-0x00007FF7D4950000-0x00007FF7D4CA1000-memory.dmp	xmrig
behavioral2/memory/732-2282-0x00007FF6DEB00000-0x00007FF6DEE51000-memory.dmp	xmrig
behavioral2/memory/2588-2280-0x00007FF64BED0000-0x00007FF64C221000-memory.dmp	xmrig
behavioral2/memory/1984-2278-0x00007FF762FB0000-0x00007FF763301000-memory.dmp	xmrig
behavioral2/memory/3984-2274-0x00007FF6FDE80000-0x00007FF6FE1D1000-memory.dmp	xmrig
behavioral2/memory/2260-2272-0x00007FF6965F0000-0x00007FF696941000-memory.dmp	xmrig
behavioral2/memory/2544-2270-0x00007FF7F1A80000-0x00007FF7F1DD1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
852	aQHWXTT.exe
532	InfFuoX.exe
3212	qzBZOOS.exe
2508	WtGBAba.exe
3284	wWCihtR.exe
1548	CZsOYGQ.exe
4548	yzWGBia.exe
324	EvGkTFa.exe
2480	AfWYbjt.exe
2044	viyIdms.exe
5040	jVjDyHU.exe
3980	FmKGmWt.exe
2020	eGHvuFd.exe
5112	BmZCKPq.exe
2780	vRkWGgP.exe
3628	eUaBGsa.exe
1708	IDwIvRx.exe
2580	GSXxRbg.exe
2832	ZysORQH.exe
2816	CrMXxXU.exe
1492	RCiSHwM.exe
2544	cJRApsk.exe
1984	nbhGucV.exe
4296	bRQqwrO.exe
1572	NqwhSMg.exe
2260	UJNgzYK.exe
3984	ykWckSD.exe
732	jhnSUDr.exe
2588	WoglXVq.exe
3516	VuVpsxI.exe
1664	VXZxGua.exe
3400	jmpkSts.exe
3460	pgVwJiA.exe
3100	upZCNYO.exe
1712	ObfnrNz.exe
2680	sitRIJy.exe
4260	bPaddsZ.exe
2576	cqxylwB.exe
1780	ujCWGpz.exe
4024	mWlEagf.exe
100	ypLZePy.exe
4324	KlVnSzs.exe
3540	TsvuQgl.exe
4264	Jqntfcz.exe
1952	WnYEZNE.exe
4376	eSMqgUY.exe
4348	lpvfSez.exe
1252	HrWErYh.exe
4128	tKkIcqd.exe
4560	yRNMPOD.exe
5000	pwSbcol.exe
4624	DUCikkE.exe
2820	HqgMARQ.exe
4776	NhouhMJ.exe
3388	etzCuiK.exe
2980	zOXIZyE.exe
4444	VYwoWan.exe
3544	TyJWkZN.exe
1876	BsNnyte.exe
4416	qBTfOCI.exe
812	IWxRUxi.exe
2696	xozaRlh.exe
2532	VDXPRWt.exe
3988	tAMLIeK.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2804-0-0x00007FF71C880000-0x00007FF71CBD1000-memory.dmp	upx
behavioral2/files/0x0008000000023404-4.dat	upx
behavioral2/files/0x0007000000023409-8.dat	upx
behavioral2/memory/3212-21-0x00007FF68CB90000-0x00007FF68CEE1000-memory.dmp	upx
behavioral2/files/0x000700000002340a-27.dat	upx
behavioral2/files/0x000700000002340b-26.dat	upx
behavioral2/memory/3284-30-0x00007FF6710C0000-0x00007FF671411000-memory.dmp	upx
behavioral2/memory/2508-29-0x00007FF719310000-0x00007FF719661000-memory.dmp	upx
behavioral2/memory/532-19-0x00007FF636350000-0x00007FF6366A1000-memory.dmp	upx
behavioral2/files/0x0007000000023408-15.dat	upx
behavioral2/memory/852-10-0x00007FF655CC0000-0x00007FF656011000-memory.dmp	upx
behavioral2/files/0x000700000002340c-36.dat	upx
behavioral2/files/0x0006000000022960-41.dat	upx
behavioral2/files/0x000d000000023369-52.dat	upx
behavioral2/memory/2480-54-0x00007FF74CD20000-0x00007FF74D071000-memory.dmp	upx
behavioral2/memory/324-53-0x00007FF673C10000-0x00007FF673F61000-memory.dmp	upx
behavioral2/memory/4548-49-0x00007FF79DFA0000-0x00007FF79E2F1000-memory.dmp	upx
behavioral2/files/0x000d000000023368-47.dat	upx
behavioral2/memory/1548-40-0x00007FF7A7FF0000-0x00007FF7A8341000-memory.dmp	upx
behavioral2/files/0x000700000002340d-59.dat	upx
behavioral2/files/0x000700000002340e-66.dat	upx
behavioral2/files/0x000700000002340f-71.dat	upx
behavioral2/files/0x0007000000023411-83.dat	upx
behavioral2/memory/2020-90-0x00007FF7B8AF0000-0x00007FF7B8E41000-memory.dmp	upx
behavioral2/files/0x0007000000023415-107.dat	upx
behavioral2/files/0x0007000000023414-109.dat	upx
behavioral2/files/0x0007000000023416-116.dat	upx
behavioral2/files/0x0007000000023419-130.dat	upx
behavioral2/files/0x000700000002341e-159.dat	upx
behavioral2/files/0x0007000000023420-169.dat	upx
behavioral2/memory/3628-338-0x00007FF75D1D0000-0x00007FF75D521000-memory.dmp	upx
behavioral2/memory/2580-339-0x00007FF65F650000-0x00007FF65F9A1000-memory.dmp	upx
behavioral2/memory/2544-362-0x00007FF7F1A80000-0x00007FF7F1DD1000-memory.dmp	upx
behavioral2/memory/1984-366-0x00007FF762FB0000-0x00007FF763301000-memory.dmp	upx
behavioral2/memory/1572-370-0x00007FF7D4950000-0x00007FF7D4CA1000-memory.dmp	upx
behavioral2/memory/2260-379-0x00007FF6965F0000-0x00007FF696941000-memory.dmp	upx
behavioral2/memory/3984-387-0x00007FF6FDE80000-0x00007FF6FE1D1000-memory.dmp	upx
behavioral2/memory/732-401-0x00007FF6DEB00000-0x00007FF6DEE51000-memory.dmp	upx
behavioral2/memory/4296-369-0x00007FF6CFEC0000-0x00007FF6D0211000-memory.dmp	upx
behavioral2/memory/1492-355-0x00007FF6B5090000-0x00007FF6B53E1000-memory.dmp	upx
behavioral2/memory/2832-346-0x00007FF61A390000-0x00007FF61A6E1000-memory.dmp	upx
behavioral2/memory/2816-434-0x00007FF6E84D0000-0x00007FF6E8821000-memory.dmp	upx
behavioral2/memory/1708-431-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp	upx
behavioral2/memory/5112-423-0x00007FF60B240000-0x00007FF60B591000-memory.dmp	upx
behavioral2/memory/2588-420-0x00007FF64BED0000-0x00007FF64C221000-memory.dmp	upx
behavioral2/files/0x0007000000023422-178.dat	upx
behavioral2/files/0x0007000000023421-174.dat	upx
behavioral2/files/0x000700000002341f-164.dat	upx
behavioral2/files/0x000700000002341d-154.dat	upx
behavioral2/files/0x000700000002341c-149.dat	upx
behavioral2/files/0x000700000002341b-144.dat	upx
behavioral2/files/0x000700000002341a-138.dat	upx
behavioral2/files/0x0007000000023418-128.dat	upx
behavioral2/files/0x0007000000023417-124.dat	upx
behavioral2/memory/2780-104-0x00007FF64EB00000-0x00007FF64EE51000-memory.dmp	upx
behavioral2/files/0x000500000002296a-98.dat	upx
behavioral2/files/0x0007000000023413-94.dat	upx
behavioral2/files/0x0007000000023410-84.dat	upx
behavioral2/files/0x0007000000023412-89.dat	upx
behavioral2/memory/2804-78-0x00007FF71C880000-0x00007FF71CBD1000-memory.dmp	upx
behavioral2/memory/5040-74-0x00007FF67E470000-0x00007FF67E7C1000-memory.dmp	upx
behavioral2/memory/3980-77-0x00007FF6F0CC0000-0x00007FF6F1011000-memory.dmp	upx
behavioral2/memory/2044-68-0x00007FF788C00000-0x00007FF788F51000-memory.dmp	upx
behavioral2/memory/3212-1110-0x00007FF68CB90000-0x00007FF68CEE1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IDwIvRx.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\dCoXcCC.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\JbAroaU.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\xwLsYAd.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\mPoyzQW.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\dwCjUNF.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\GpZLrnc.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\ZQMNXOX.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\pSnRHin.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\UVahkzX.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\ERiWdsr.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\ctItDEp.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\VFLbgXj.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\mBMNMVe.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\ujCWGpz.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\KlVnSzs.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\tXlvqzH.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\biMcyKe.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\QhOowux.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\pDJnULN.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\mAnBMKe.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\IUrqpHe.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\LCeswZn.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\voQfmeu.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\PdZRdeD.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\etzCuiK.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\AXsDxaM.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\QjShyMD.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\bzhiiBm.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\VfGctjV.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\oAnXmYL.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\PVEkPZI.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\kjxNgQX.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\GmfFAvO.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\eSoWgcH.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\BkpZfih.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\pxHLseW.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\DLRogGJ.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\xvdeQCC.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\XsntDVG.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\vdODQMQ.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\sPsvBRF.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\jEyVIrh.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\eUaBGsa.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\RjQFfTx.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\mcHtBNG.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\vlPoegp.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\YxqMVTb.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\iYFezpY.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\IlgqHnL.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\bPaddsZ.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\ksKOWkN.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\qfmmeIe.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\wzjjxyw.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\rIEvcFo.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\OmYNjRW.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\UjScLdZ.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\mzTuaLs.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\oiWMsQm.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\KgttKyK.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\EHeMQlz.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\VDWKGcM.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\xiTFgRg.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
File created	C:\Windows\System\SrbvilH.exe	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15156	dwm.exe
Token: SeChangeNotifyPrivilege	15156	dwm.exe
Token: 33	15156	dwm.exe
Token: SeIncBasePriorityPrivilege	15156	dwm.exe
Token: SeShutdownPrivilege	15156	dwm.exe
Token: SeCreatePagefilePrivilege	15156	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 852	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	83
PID 2804 wrote to memory of 852	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	83
PID 2804 wrote to memory of 532	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	84
PID 2804 wrote to memory of 532	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	84
PID 2804 wrote to memory of 3212	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	85
PID 2804 wrote to memory of 3212	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	85
PID 2804 wrote to memory of 2508	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	86
PID 2804 wrote to memory of 2508	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	86
PID 2804 wrote to memory of 3284	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	87
PID 2804 wrote to memory of 3284	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	87
PID 2804 wrote to memory of 1548	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	89
PID 2804 wrote to memory of 1548	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	89
PID 2804 wrote to memory of 4548	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	92
PID 2804 wrote to memory of 4548	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	92
PID 2804 wrote to memory of 324	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	93
PID 2804 wrote to memory of 324	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	93
PID 2804 wrote to memory of 2480	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	94
PID 2804 wrote to memory of 2480	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	94
PID 2804 wrote to memory of 2044	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	95
PID 2804 wrote to memory of 2044	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	95
PID 2804 wrote to memory of 3980	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	96
PID 2804 wrote to memory of 3980	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	96
PID 2804 wrote to memory of 5040	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	97
PID 2804 wrote to memory of 5040	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	97
PID 2804 wrote to memory of 2020	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	98
PID 2804 wrote to memory of 2020	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	98
PID 2804 wrote to memory of 5112	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	99
PID 2804 wrote to memory of 5112	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	99
PID 2804 wrote to memory of 2780	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	100
PID 2804 wrote to memory of 2780	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	100
PID 2804 wrote to memory of 3628	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	101
PID 2804 wrote to memory of 3628	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	101
PID 2804 wrote to memory of 1708	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	102
PID 2804 wrote to memory of 1708	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	102
PID 2804 wrote to memory of 2580	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	103
PID 2804 wrote to memory of 2580	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	103
PID 2804 wrote to memory of 2832	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	104
PID 2804 wrote to memory of 2832	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	104
PID 2804 wrote to memory of 2816	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	105
PID 2804 wrote to memory of 2816	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	105
PID 2804 wrote to memory of 1492	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	106
PID 2804 wrote to memory of 1492	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	106
PID 2804 wrote to memory of 2544	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	107
PID 2804 wrote to memory of 2544	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	107
PID 2804 wrote to memory of 1984	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	108
PID 2804 wrote to memory of 1984	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	108
PID 2804 wrote to memory of 4296	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	109
PID 2804 wrote to memory of 4296	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	109
PID 2804 wrote to memory of 1572	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	110
PID 2804 wrote to memory of 1572	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	110
PID 2804 wrote to memory of 2260	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	111
PID 2804 wrote to memory of 2260	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	111
PID 2804 wrote to memory of 3984	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	112
PID 2804 wrote to memory of 3984	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	112
PID 2804 wrote to memory of 732	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	113
PID 2804 wrote to memory of 732	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	113
PID 2804 wrote to memory of 2588	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	114
PID 2804 wrote to memory of 2588	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	114
PID 2804 wrote to memory of 3516	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	115
PID 2804 wrote to memory of 3516	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	115
PID 2804 wrote to memory of 1664	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	116
PID 2804 wrote to memory of 1664	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	116
PID 2804 wrote to memory of 3400	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	117
PID 2804 wrote to memory of 3400	2804	120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\120a1a77d1cc75db74dd09d2f5702530_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\System\aQHWXTT.exe
  C:\Windows\System\aQHWXTT.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\InfFuoX.exe
  C:\Windows\System\InfFuoX.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\qzBZOOS.exe
  C:\Windows\System\qzBZOOS.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\WtGBAba.exe
  C:\Windows\System\WtGBAba.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\wWCihtR.exe
  C:\Windows\System\wWCihtR.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\CZsOYGQ.exe
  C:\Windows\System\CZsOYGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\yzWGBia.exe
  C:\Windows\System\yzWGBia.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\EvGkTFa.exe
  C:\Windows\System\EvGkTFa.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\AfWYbjt.exe
  C:\Windows\System\AfWYbjt.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\viyIdms.exe
  C:\Windows\System\viyIdms.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\FmKGmWt.exe
  C:\Windows\System\FmKGmWt.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\jVjDyHU.exe
  C:\Windows\System\jVjDyHU.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\eGHvuFd.exe
  C:\Windows\System\eGHvuFd.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\BmZCKPq.exe
  C:\Windows\System\BmZCKPq.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\vRkWGgP.exe
  C:\Windows\System\vRkWGgP.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\eUaBGsa.exe
  C:\Windows\System\eUaBGsa.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\IDwIvRx.exe
  C:\Windows\System\IDwIvRx.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\GSXxRbg.exe
  C:\Windows\System\GSXxRbg.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\ZysORQH.exe
  C:\Windows\System\ZysORQH.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\CrMXxXU.exe
  C:\Windows\System\CrMXxXU.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\RCiSHwM.exe
  C:\Windows\System\RCiSHwM.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\cJRApsk.exe
  C:\Windows\System\cJRApsk.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\nbhGucV.exe
  C:\Windows\System\nbhGucV.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\bRQqwrO.exe
  C:\Windows\System\bRQqwrO.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\NqwhSMg.exe
  C:\Windows\System\NqwhSMg.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\UJNgzYK.exe
  C:\Windows\System\UJNgzYK.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\ykWckSD.exe
  C:\Windows\System\ykWckSD.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\jhnSUDr.exe
  C:\Windows\System\jhnSUDr.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\WoglXVq.exe
  C:\Windows\System\WoglXVq.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\VuVpsxI.exe
  C:\Windows\System\VuVpsxI.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\VXZxGua.exe
  C:\Windows\System\VXZxGua.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\jmpkSts.exe
  C:\Windows\System\jmpkSts.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\pgVwJiA.exe
  C:\Windows\System\pgVwJiA.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\upZCNYO.exe
  C:\Windows\System\upZCNYO.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\ObfnrNz.exe
  C:\Windows\System\ObfnrNz.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\sitRIJy.exe
  C:\Windows\System\sitRIJy.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\bPaddsZ.exe
  C:\Windows\System\bPaddsZ.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\cqxylwB.exe
  C:\Windows\System\cqxylwB.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ujCWGpz.exe
  C:\Windows\System\ujCWGpz.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\mWlEagf.exe
  C:\Windows\System\mWlEagf.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\ypLZePy.exe
  C:\Windows\System\ypLZePy.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\KlVnSzs.exe
  C:\Windows\System\KlVnSzs.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\TsvuQgl.exe
  C:\Windows\System\TsvuQgl.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\Jqntfcz.exe
  C:\Windows\System\Jqntfcz.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\WnYEZNE.exe
  C:\Windows\System\WnYEZNE.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\eSMqgUY.exe
  C:\Windows\System\eSMqgUY.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\lpvfSez.exe
  C:\Windows\System\lpvfSez.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\HrWErYh.exe
  C:\Windows\System\HrWErYh.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\tKkIcqd.exe
  C:\Windows\System\tKkIcqd.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\yRNMPOD.exe
  C:\Windows\System\yRNMPOD.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\pwSbcol.exe
  C:\Windows\System\pwSbcol.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\DUCikkE.exe
  C:\Windows\System\DUCikkE.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\HqgMARQ.exe
  C:\Windows\System\HqgMARQ.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\NhouhMJ.exe
  C:\Windows\System\NhouhMJ.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\etzCuiK.exe
  C:\Windows\System\etzCuiK.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\zOXIZyE.exe
  C:\Windows\System\zOXIZyE.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\VYwoWan.exe
  C:\Windows\System\VYwoWan.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\TyJWkZN.exe
  C:\Windows\System\TyJWkZN.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\BsNnyte.exe
  C:\Windows\System\BsNnyte.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\qBTfOCI.exe
  C:\Windows\System\qBTfOCI.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\IWxRUxi.exe
  C:\Windows\System\IWxRUxi.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\xozaRlh.exe
  C:\Windows\System\xozaRlh.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\VDXPRWt.exe
  C:\Windows\System\VDXPRWt.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\tAMLIeK.exe
  C:\Windows\System\tAMLIeK.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\CQRexKA.exe
  C:\Windows\System\CQRexKA.exe
  2⤵
  PID:1848
- C:\Windows\System\dOYUhXS.exe
  C:\Windows\System\dOYUhXS.exe
  2⤵
  PID:548
- C:\Windows\System\gqJywwJ.exe
  C:\Windows\System\gqJywwJ.exe
  2⤵
  PID:1644
- C:\Windows\System\gCuasAh.exe
  C:\Windows\System\gCuasAh.exe
  2⤵
  PID:4564
- C:\Windows\System\jTsYEjb.exe
  C:\Windows\System\jTsYEjb.exe
  2⤵
  PID:3564
- C:\Windows\System\dCoXcCC.exe
  C:\Windows\System\dCoXcCC.exe
  2⤵
  PID:3528
- C:\Windows\System\wyeSjSD.exe
  C:\Windows\System\wyeSjSD.exe
  2⤵
  PID:4536
- C:\Windows\System\DQGTYxZ.exe
  C:\Windows\System\DQGTYxZ.exe
  2⤵
  PID:4352
- C:\Windows\System\DoVPIhM.exe
  C:\Windows\System\DoVPIhM.exe
  2⤵
  PID:4648
- C:\Windows\System\LttBDiD.exe
  C:\Windows\System\LttBDiD.exe
  2⤵
  PID:4924
- C:\Windows\System\SyTnRDS.exe
  C:\Windows\System\SyTnRDS.exe
  2⤵
  PID:3936
- C:\Windows\System\QNfDxER.exe
  C:\Windows\System\QNfDxER.exe
  2⤵
  PID:4340
- C:\Windows\System\bzBTxCZ.exe
  C:\Windows\System\bzBTxCZ.exe
  2⤵
  PID:3968
- C:\Windows\System\DLRogGJ.exe
  C:\Windows\System\DLRogGJ.exe
  2⤵
  PID:2756
- C:\Windows\System\vLeqFNA.exe
  C:\Windows\System\vLeqFNA.exe
  2⤵
  PID:2460
- C:\Windows\System\aMaOWxe.exe
  C:\Windows\System\aMaOWxe.exe
  2⤵
  PID:3640
- C:\Windows\System\DrwaEtu.exe
  C:\Windows\System\DrwaEtu.exe
  2⤵
  PID:4580
- C:\Windows\System\tXlvqzH.exe
  C:\Windows\System\tXlvqzH.exe
  2⤵
  PID:4588
- C:\Windows\System\UIishyb.exe
  C:\Windows\System\UIishyb.exe
  2⤵
  PID:4872
- C:\Windows\System\deAsOaC.exe
  C:\Windows\System\deAsOaC.exe
  2⤵
  PID:1704
- C:\Windows\System\yrPBdXM.exe
  C:\Windows\System\yrPBdXM.exe
  2⤵
  PID:2524
- C:\Windows\System\Hbjfktz.exe
  C:\Windows\System\Hbjfktz.exe
  2⤵
  PID:1788
- C:\Windows\System\KULNYSD.exe
  C:\Windows\System\KULNYSD.exe
  2⤵
  PID:4072
- C:\Windows\System\IXNIlxU.exe
  C:\Windows\System\IXNIlxU.exe
  2⤵
  PID:1456
- C:\Windows\System\CYJTSsh.exe
  C:\Windows\System\CYJTSsh.exe
  2⤵
  PID:2172
- C:\Windows\System\bSFsvbQ.exe
  C:\Windows\System\bSFsvbQ.exe
  2⤵
  PID:5140
- C:\Windows\System\iOUEdKE.exe
  C:\Windows\System\iOUEdKE.exe
  2⤵
  PID:5160
- C:\Windows\System\lOWmbWB.exe
  C:\Windows\System\lOWmbWB.exe
  2⤵
  PID:5180
- C:\Windows\System\FuTkDXx.exe
  C:\Windows\System\FuTkDXx.exe
  2⤵
  PID:5204
- C:\Windows\System\fAIGOqw.exe
  C:\Windows\System\fAIGOqw.exe
  2⤵
  PID:5240
- C:\Windows\System\RiJbYhg.exe
  C:\Windows\System\RiJbYhg.exe
  2⤵
  PID:5292
- C:\Windows\System\bqJOGCW.exe
  C:\Windows\System\bqJOGCW.exe
  2⤵
  PID:5320
- C:\Windows\System\ivdCXNs.exe
  C:\Windows\System\ivdCXNs.exe
  2⤵
  PID:5344
- C:\Windows\System\NUFnlsh.exe
  C:\Windows\System\NUFnlsh.exe
  2⤵
  PID:5368
- C:\Windows\System\bOlKMUJ.exe
  C:\Windows\System\bOlKMUJ.exe
  2⤵
  PID:5388
- C:\Windows\System\jyAYDKk.exe
  C:\Windows\System\jyAYDKk.exe
  2⤵
  PID:5428
- C:\Windows\System\biMcyKe.exe
  C:\Windows\System\biMcyKe.exe
  2⤵
  PID:5444
- C:\Windows\System\ByEtABW.exe
  C:\Windows\System\ByEtABW.exe
  2⤵
  PID:5492
- C:\Windows\System\cPBvJzR.exe
  C:\Windows\System\cPBvJzR.exe
  2⤵
  PID:5556
- C:\Windows\System\joVKvlC.exe
  C:\Windows\System\joVKvlC.exe
  2⤵
  PID:5584
- C:\Windows\System\AzGHBTa.exe
  C:\Windows\System\AzGHBTa.exe
  2⤵
  PID:5600
- C:\Windows\System\mullNPd.exe
  C:\Windows\System\mullNPd.exe
  2⤵
  PID:5632
- C:\Windows\System\FOtwxRN.exe
  C:\Windows\System\FOtwxRN.exe
  2⤵
  PID:5672
- C:\Windows\System\RjQFfTx.exe
  C:\Windows\System\RjQFfTx.exe
  2⤵
  PID:5732
- C:\Windows\System\hoNnIrM.exe
  C:\Windows\System\hoNnIrM.exe
  2⤵
  PID:5748
- C:\Windows\System\PVEkPZI.exe
  C:\Windows\System\PVEkPZI.exe
  2⤵
  PID:5764
- C:\Windows\System\afzlHvS.exe
  C:\Windows\System\afzlHvS.exe
  2⤵
  PID:5804
- C:\Windows\System\HNDWNAz.exe
  C:\Windows\System\HNDWNAz.exe
  2⤵
  PID:5824
- C:\Windows\System\KSiEPSe.exe
  C:\Windows\System\KSiEPSe.exe
  2⤵
  PID:5844
- C:\Windows\System\zyuMeTW.exe
  C:\Windows\System\zyuMeTW.exe
  2⤵
  PID:5864
- C:\Windows\System\CGjjcLB.exe
  C:\Windows\System\CGjjcLB.exe
  2⤵
  PID:5940
- C:\Windows\System\ITMdzvp.exe
  C:\Windows\System\ITMdzvp.exe
  2⤵
  PID:5996
- C:\Windows\System\UVahkzX.exe
  C:\Windows\System\UVahkzX.exe
  2⤵
  PID:6028
- C:\Windows\System\pmhzCBu.exe
  C:\Windows\System\pmhzCBu.exe
  2⤵
  PID:6048
- C:\Windows\System\tnRyYvt.exe
  C:\Windows\System\tnRyYvt.exe
  2⤵
  PID:6072
- C:\Windows\System\mcHtBNG.exe
  C:\Windows\System\mcHtBNG.exe
  2⤵
  PID:6100
- C:\Windows\System\cPaNjtV.exe
  C:\Windows\System\cPaNjtV.exe
  2⤵
  PID:6124
- C:\Windows\System\GJHGdcZ.exe
  C:\Windows\System\GJHGdcZ.exe
  2⤵
  PID:4224
- C:\Windows\System\KBIopYO.exe
  C:\Windows\System\KBIopYO.exe
  2⤵
  PID:3064
- C:\Windows\System\LkTSVjT.exe
  C:\Windows\System\LkTSVjT.exe
  2⤵
  PID:4400
- C:\Windows\System\hYCikMF.exe
  C:\Windows\System\hYCikMF.exe
  2⤵
  PID:3244
- C:\Windows\System\jsCKLlq.exe
  C:\Windows\System\jsCKLlq.exe
  2⤵
  PID:888
- C:\Windows\System\HZZAcMt.exe
  C:\Windows\System\HZZAcMt.exe
  2⤵
  PID:3700
- C:\Windows\System\uuVueDa.exe
  C:\Windows\System\uuVueDa.exe
  2⤵
  PID:3124
- C:\Windows\System\RuzLJlX.exe
  C:\Windows\System\RuzLJlX.exe
  2⤵
  PID:5284
- C:\Windows\System\HfDooFm.exe
  C:\Windows\System\HfDooFm.exe
  2⤵
  PID:5316
- C:\Windows\System\cWOUJos.exe
  C:\Windows\System\cWOUJos.exe
  2⤵
  PID:2156
- C:\Windows\System\gGivGMT.exe
  C:\Windows\System\gGivGMT.exe
  2⤵
  PID:5436
- C:\Windows\System\vlPoegp.exe
  C:\Windows\System\vlPoegp.exe
  2⤵
  PID:2960
- C:\Windows\System\TasIRwS.exe
  C:\Windows\System\TasIRwS.exe
  2⤵
  PID:5484
- C:\Windows\System\GPRHTrh.exe
  C:\Windows\System\GPRHTrh.exe
  2⤵
  PID:5552
- C:\Windows\System\XJZkPgY.exe
  C:\Windows\System\XJZkPgY.exe
  2⤵
  PID:5624
- C:\Windows\System\SPkpXjF.exe
  C:\Windows\System\SPkpXjF.exe
  2⤵
  PID:5664
- C:\Windows\System\cluTsFO.exe
  C:\Windows\System\cluTsFO.exe
  2⤵
  PID:2284
- C:\Windows\System\gSelzyg.exe
  C:\Windows\System\gSelzyg.exe
  2⤵
  PID:5760
- C:\Windows\System\AXsDxaM.exe
  C:\Windows\System\AXsDxaM.exe
  2⤵
  PID:5816
- C:\Windows\System\gcpFswR.exe
  C:\Windows\System\gcpFswR.exe
  2⤵
  PID:5936
- C:\Windows\System\TPhNApz.exe
  C:\Windows\System\TPhNApz.exe
  2⤵
  PID:5896
- C:\Windows\System\bcsqdTW.exe
  C:\Windows\System\bcsqdTW.exe
  2⤵
  PID:5984
- C:\Windows\System\eQEdtZq.exe
  C:\Windows\System\eQEdtZq.exe
  2⤵
  PID:5268
- C:\Windows\System\KKMsCdi.exe
  C:\Windows\System\KKMsCdi.exe
  2⤵
  PID:6064
- C:\Windows\System\FMoVlaN.exe
  C:\Windows\System\FMoVlaN.exe
  2⤵
  PID:3896
- C:\Windows\System\sryDxaP.exe
  C:\Windows\System\sryDxaP.exe
  2⤵
  PID:5196
- C:\Windows\System\rlQgXWB.exe
  C:\Windows\System\rlQgXWB.exe
  2⤵
  PID:3316
- C:\Windows\System\XxCivpY.exe
  C:\Windows\System\XxCivpY.exe
  2⤵
  PID:4516
- C:\Windows\System\kjxNgQX.exe
  C:\Windows\System\kjxNgQX.exe
  2⤵
  PID:5420
- C:\Windows\System\QjShyMD.exe
  C:\Windows\System\QjShyMD.exe
  2⤵
  PID:5568
- C:\Windows\System\KukABBi.exe
  C:\Windows\System\KukABBi.exe
  2⤵
  PID:5596
- C:\Windows\System\Ndnowdo.exe
  C:\Windows\System\Ndnowdo.exe
  2⤵
  PID:5716
- C:\Windows\System\eokZecf.exe
  C:\Windows\System\eokZecf.exe
  2⤵
  PID:5304
- C:\Windows\System\jZRqdoC.exe
  C:\Windows\System\jZRqdoC.exe
  2⤵
  PID:5328
- C:\Windows\System\NqqsydK.exe
  C:\Windows\System\NqqsydK.exe
  2⤵
  PID:6040
- C:\Windows\System\VBoYCUo.exe
  C:\Windows\System\VBoYCUo.exe
  2⤵
  PID:5200
- C:\Windows\System\UObmMHv.exe
  C:\Windows\System\UObmMHv.exe
  2⤵
  PID:5832
- C:\Windows\System\EEOBSEv.exe
  C:\Windows\System\EEOBSEv.exe
  2⤵
  PID:5488
- C:\Windows\System\pmvCpHM.exe
  C:\Windows\System\pmvCpHM.exe
  2⤵
  PID:5548
- C:\Windows\System\SZWkNNS.exe
  C:\Windows\System\SZWkNNS.exe
  2⤵
  PID:5860
- C:\Windows\System\uZjKnCk.exe
  C:\Windows\System\uZjKnCk.exe
  2⤵
  PID:5912
- C:\Windows\System\hCikNSw.exe
  C:\Windows\System\hCikNSw.exe
  2⤵
  PID:6160
- C:\Windows\System\pRmPXrd.exe
  C:\Windows\System\pRmPXrd.exe
  2⤵
  PID:6188
- C:\Windows\System\ASpoZuS.exe
  C:\Windows\System\ASpoZuS.exe
  2⤵
  PID:6212
- C:\Windows\System\QhOowux.exe
  C:\Windows\System\QhOowux.exe
  2⤵
  PID:6268
- C:\Windows\System\dmtzBmE.exe
  C:\Windows\System\dmtzBmE.exe
  2⤵
  PID:6288
- C:\Windows\System\WtbqOBq.exe
  C:\Windows\System\WtbqOBq.exe
  2⤵
  PID:6328
- C:\Windows\System\ychYcoB.exe
  C:\Windows\System\ychYcoB.exe
  2⤵
  PID:6368
- C:\Windows\System\TkYcTti.exe
  C:\Windows\System\TkYcTti.exe
  2⤵
  PID:6388
- C:\Windows\System\TphXNnE.exe
  C:\Windows\System\TphXNnE.exe
  2⤵
  PID:6444
- C:\Windows\System\ouMgfXx.exe
  C:\Windows\System\ouMgfXx.exe
  2⤵
  PID:6464
- C:\Windows\System\JZEAezl.exe
  C:\Windows\System\JZEAezl.exe
  2⤵
  PID:6480
- C:\Windows\System\HiotjLy.exe
  C:\Windows\System\HiotjLy.exe
  2⤵
  PID:6500
- C:\Windows\System\HbQrKiQ.exe
  C:\Windows\System\HbQrKiQ.exe
  2⤵
  PID:6524
- C:\Windows\System\ksKOWkN.exe
  C:\Windows\System\ksKOWkN.exe
  2⤵
  PID:6544
- C:\Windows\System\SgcEsGc.exe
  C:\Windows\System\SgcEsGc.exe
  2⤵
  PID:6568
- C:\Windows\System\mgUCWoI.exe
  C:\Windows\System\mgUCWoI.exe
  2⤵
  PID:6588
- C:\Windows\System\UyqRPAd.exe
  C:\Windows\System\UyqRPAd.exe
  2⤵
  PID:6608
- C:\Windows\System\MobrvgE.exe
  C:\Windows\System\MobrvgE.exe
  2⤵
  PID:6628
- C:\Windows\System\WyCaDwt.exe
  C:\Windows\System\WyCaDwt.exe
  2⤵
  PID:6668
- C:\Windows\System\lGhbVcq.exe
  C:\Windows\System\lGhbVcq.exe
  2⤵
  PID:6688
- C:\Windows\System\bsAVjYy.exe
  C:\Windows\System\bsAVjYy.exe
  2⤵
  PID:6712
- C:\Windows\System\zstchzk.exe
  C:\Windows\System\zstchzk.exe
  2⤵
  PID:6732
- C:\Windows\System\PFcGSAd.exe
  C:\Windows\System\PFcGSAd.exe
  2⤵
  PID:6760
- C:\Windows\System\PtTdZtu.exe
  C:\Windows\System\PtTdZtu.exe
  2⤵
  PID:6796
- C:\Windows\System\nquCKGS.exe
  C:\Windows\System\nquCKGS.exe
  2⤵
  PID:6816
- C:\Windows\System\TpPlppd.exe
  C:\Windows\System\TpPlppd.exe
  2⤵
  PID:6840
- C:\Windows\System\gnmWfyc.exe
  C:\Windows\System\gnmWfyc.exe
  2⤵
  PID:6864
- C:\Windows\System\bzhiiBm.exe
  C:\Windows\System\bzhiiBm.exe
  2⤵
  PID:6916
- C:\Windows\System\viTnpQM.exe
  C:\Windows\System\viTnpQM.exe
  2⤵
  PID:6972
- C:\Windows\System\ghbjCDO.exe
  C:\Windows\System\ghbjCDO.exe
  2⤵
  PID:6996
- C:\Windows\System\zDdiaRF.exe
  C:\Windows\System\zDdiaRF.exe
  2⤵
  PID:7016
- C:\Windows\System\yLISapl.exe
  C:\Windows\System\yLISapl.exe
  2⤵
  PID:7040
- C:\Windows\System\YrZJEYX.exe
  C:\Windows\System\YrZJEYX.exe
  2⤵
  PID:7060
- C:\Windows\System\cIPHxqm.exe
  C:\Windows\System\cIPHxqm.exe
  2⤵
  PID:7084
- C:\Windows\System\snZlDHQ.exe
  C:\Windows\System\snZlDHQ.exe
  2⤵
  PID:7108
- C:\Windows\System\AEJQsNc.exe
  C:\Windows\System\AEJQsNc.exe
  2⤵
  PID:7128
- C:\Windows\System\zoEPPca.exe
  C:\Windows\System\zoEPPca.exe
  2⤵
  PID:6088
- C:\Windows\System\sUeLOZH.exe
  C:\Windows\System\sUeLOZH.exe
  2⤵
  PID:6012
- C:\Windows\System\vZfCraZ.exe
  C:\Windows\System\vZfCraZ.exe
  2⤵
  PID:6244
- C:\Windows\System\dpdPsOx.exe
  C:\Windows\System\dpdPsOx.exe
  2⤵
  PID:6284
- C:\Windows\System\DACddIq.exe
  C:\Windows\System\DACddIq.exe
  2⤵
  PID:6356
- C:\Windows\System\GMJSukV.exe
  C:\Windows\System\GMJSukV.exe
  2⤵
  PID:6396
- C:\Windows\System\zzbtdWu.exe
  C:\Windows\System\zzbtdWu.exe
  2⤵
  PID:6440
- C:\Windows\System\vpBuIJW.exe
  C:\Windows\System\vpBuIJW.exe
  2⤵
  PID:6552
- C:\Windows\System\dEaGGmP.exe
  C:\Windows\System\dEaGGmP.exe
  2⤵
  PID:6584
- C:\Windows\System\nVxhbQO.exe
  C:\Windows\System\nVxhbQO.exe
  2⤵
  PID:6772
- C:\Windows\System\AEQKlaA.exe
  C:\Windows\System\AEQKlaA.exe
  2⤵
  PID:6836
- C:\Windows\System\meCVMII.exe
  C:\Windows\System\meCVMII.exe
  2⤵
  PID:6848
- C:\Windows\System\VbobvZn.exe
  C:\Windows\System\VbobvZn.exe
  2⤵
  PID:7032
- C:\Windows\System\lChxyjf.exe
  C:\Windows\System\lChxyjf.exe
  2⤵
  PID:7052
- C:\Windows\System\qrPRMFh.exe
  C:\Windows\System\qrPRMFh.exe
  2⤵
  PID:6984
- C:\Windows\System\lqosRTq.exe
  C:\Windows\System\lqosRTq.exe
  2⤵
  PID:7120
- C:\Windows\System\GlcXeAx.exe
  C:\Windows\System\GlcXeAx.exe
  2⤵
  PID:7152
- C:\Windows\System\eRCtNUJ.exe
  C:\Windows\System\eRCtNUJ.exe
  2⤵
  PID:6432
- C:\Windows\System\jUBMEah.exe
  C:\Windows\System\jUBMEah.exe
  2⤵
  PID:6556
- C:\Windows\System\gOwdnVO.exe
  C:\Windows\System\gOwdnVO.exe
  2⤵
  PID:6728
- C:\Windows\System\CYjtctk.exe
  C:\Windows\System\CYjtctk.exe
  2⤵
  PID:6824
- C:\Windows\System\hRdTOek.exe
  C:\Windows\System\hRdTOek.exe
  2⤵
  PID:2748
- C:\Windows\System\WcmqFfA.exe
  C:\Windows\System\WcmqFfA.exe
  2⤵
  PID:7004
- C:\Windows\System\tCzGQtg.exe
  C:\Windows\System\tCzGQtg.exe
  2⤵
  PID:6236
- C:\Windows\System\eMevuQw.exe
  C:\Windows\System\eMevuQw.exe
  2⤵
  PID:6656
- C:\Windows\System\QzXwPaC.exe
  C:\Windows\System\QzXwPaC.exe
  2⤵
  PID:7124
- C:\Windows\System\WlCuBRf.exe
  C:\Windows\System\WlCuBRf.exe
  2⤵
  PID:6792
- C:\Windows\System\fmYHAMA.exe
  C:\Windows\System\fmYHAMA.exe
  2⤵
  PID:7176
- C:\Windows\System\JbAroaU.exe
  C:\Windows\System\JbAroaU.exe
  2⤵
  PID:7216
- C:\Windows\System\KDcJIpH.exe
  C:\Windows\System\KDcJIpH.exe
  2⤵
  PID:7236
- C:\Windows\System\iXEegcD.exe
  C:\Windows\System\iXEegcD.exe
  2⤵
  PID:7268
- C:\Windows\System\DrEuxQD.exe
  C:\Windows\System\DrEuxQD.exe
  2⤵
  PID:7292
- C:\Windows\System\mYYDGaW.exe
  C:\Windows\System\mYYDGaW.exe
  2⤵
  PID:7316
- C:\Windows\System\xwLsYAd.exe
  C:\Windows\System\xwLsYAd.exe
  2⤵
  PID:7336
- C:\Windows\System\gTgWsph.exe
  C:\Windows\System\gTgWsph.exe
  2⤵
  PID:7356
- C:\Windows\System\SzspFif.exe
  C:\Windows\System\SzspFif.exe
  2⤵
  PID:7376
- C:\Windows\System\nxHXIhc.exe
  C:\Windows\System\nxHXIhc.exe
  2⤵
  PID:7404
- C:\Windows\System\OtVYhkD.exe
  C:\Windows\System\OtVYhkD.exe
  2⤵
  PID:7424
- C:\Windows\System\rMGbwxx.exe
  C:\Windows\System\rMGbwxx.exe
  2⤵
  PID:7448
- C:\Windows\System\jRQikRj.exe
  C:\Windows\System\jRQikRj.exe
  2⤵
  PID:7484
- C:\Windows\System\TqYgGNk.exe
  C:\Windows\System\TqYgGNk.exe
  2⤵
  PID:7520
- C:\Windows\System\SrbvilH.exe
  C:\Windows\System\SrbvilH.exe
  2⤵
  PID:7544
- C:\Windows\System\mtXnFMh.exe
  C:\Windows\System\mtXnFMh.exe
  2⤵
  PID:7596
- C:\Windows\System\JWhNomr.exe
  C:\Windows\System\JWhNomr.exe
  2⤵
  PID:7616
- C:\Windows\System\IyvpRgd.exe
  C:\Windows\System\IyvpRgd.exe
  2⤵
  PID:7640
- C:\Windows\System\LtxVxMl.exe
  C:\Windows\System\LtxVxMl.exe
  2⤵
  PID:7660
- C:\Windows\System\lKFyuPU.exe
  C:\Windows\System\lKFyuPU.exe
  2⤵
  PID:7700
- C:\Windows\System\rcBDYbQ.exe
  C:\Windows\System\rcBDYbQ.exe
  2⤵
  PID:7736
- C:\Windows\System\UjScLdZ.exe
  C:\Windows\System\UjScLdZ.exe
  2⤵
  PID:7764
- C:\Windows\System\BjywALL.exe
  C:\Windows\System\BjywALL.exe
  2⤵
  PID:7784
- C:\Windows\System\xKOmJnr.exe
  C:\Windows\System\xKOmJnr.exe
  2⤵
  PID:7828
- C:\Windows\System\lqJBcIz.exe
  C:\Windows\System\lqJBcIz.exe
  2⤵
  PID:7860
- C:\Windows\System\OjNmbOm.exe
  C:\Windows\System\OjNmbOm.exe
  2⤵
  PID:7880
- C:\Windows\System\WNuPCcc.exe
  C:\Windows\System\WNuPCcc.exe
  2⤵
  PID:7904
- C:\Windows\System\rjcWxOr.exe
  C:\Windows\System\rjcWxOr.exe
  2⤵
  PID:7920
- C:\Windows\System\fgwGqBk.exe
  C:\Windows\System\fgwGqBk.exe
  2⤵
  PID:7940
- C:\Windows\System\vdODQMQ.exe
  C:\Windows\System\vdODQMQ.exe
  2⤵
  PID:7960
- C:\Windows\System\LpEiCZD.exe
  C:\Windows\System\LpEiCZD.exe
  2⤵
  PID:7992
- C:\Windows\System\YmEmgtc.exe
  C:\Windows\System\YmEmgtc.exe
  2⤵
  PID:8012
- C:\Windows\System\OlPxHfx.exe
  C:\Windows\System\OlPxHfx.exe
  2⤵
  PID:8064
- C:\Windows\System\WAXDHFK.exe
  C:\Windows\System\WAXDHFK.exe
  2⤵
  PID:8092
- C:\Windows\System\fNLLBsg.exe
  C:\Windows\System\fNLLBsg.exe
  2⤵
  PID:8116
- C:\Windows\System\rCZMbdX.exe
  C:\Windows\System\rCZMbdX.exe
  2⤵
  PID:8164
- C:\Windows\System\QtBYsgZ.exe
  C:\Windows\System\QtBYsgZ.exe
  2⤵
  PID:8184
- C:\Windows\System\HTYGJeV.exe
  C:\Windows\System\HTYGJeV.exe
  2⤵
  PID:7196
- C:\Windows\System\aepgAhv.exe
  C:\Windows\System\aepgAhv.exe
  2⤵
  PID:7248
- C:\Windows\System\kVabUqy.exe
  C:\Windows\System\kVabUqy.exe
  2⤵
  PID:7372
- C:\Windows\System\UmvgTHQ.exe
  C:\Windows\System\UmvgTHQ.exe
  2⤵
  PID:7400
- C:\Windows\System\XZyWNJU.exe
  C:\Windows\System\XZyWNJU.exe
  2⤵
  PID:7472
- C:\Windows\System\IIppETU.exe
  C:\Windows\System\IIppETU.exe
  2⤵
  PID:7516
- C:\Windows\System\nxICeKG.exe
  C:\Windows\System\nxICeKG.exe
  2⤵
  PID:7628
- C:\Windows\System\qalveao.exe
  C:\Windows\System\qalveao.exe
  2⤵
  PID:7656
- C:\Windows\System\KSFmVlG.exe
  C:\Windows\System\KSFmVlG.exe
  2⤵
  PID:7720
- C:\Windows\System\KbDzxhP.exe
  C:\Windows\System\KbDzxhP.exe
  2⤵
  PID:7776
- C:\Windows\System\pEckBvg.exe
  C:\Windows\System\pEckBvg.exe
  2⤵
  PID:7852
- C:\Windows\System\cgaLBIe.exe
  C:\Windows\System\cgaLBIe.exe
  2⤵
  PID:7928
- C:\Windows\System\zXEyRyv.exe
  C:\Windows\System\zXEyRyv.exe
  2⤵
  PID:7980
- C:\Windows\System\KBRgXkn.exe
  C:\Windows\System\KBRgXkn.exe
  2⤵
  PID:8008
- C:\Windows\System\GmfFAvO.exe
  C:\Windows\System\GmfFAvO.exe
  2⤵
  PID:8084
- C:\Windows\System\FQOlDaP.exe
  C:\Windows\System\FQOlDaP.exe
  2⤵
  PID:8156
- C:\Windows\System\uOvqTYS.exe
  C:\Windows\System\uOvqTYS.exe
  2⤵
  PID:6960
- C:\Windows\System\qVhwMmz.exe
  C:\Windows\System\qVhwMmz.exe
  2⤵
  PID:7364
- C:\Windows\System\pPXkgon.exe
  C:\Windows\System\pPXkgon.exe
  2⤵
  PID:7608
- C:\Windows\System\yVvaQHB.exe
  C:\Windows\System\yVvaQHB.exe
  2⤵
  PID:7760
- C:\Windows\System\xocBuYO.exe
  C:\Windows\System\xocBuYO.exe
  2⤵
  PID:8088
- C:\Windows\System\YmZlATd.exe
  C:\Windows\System\YmZlATd.exe
  2⤵
  PID:8112
- C:\Windows\System\okTySAf.exe
  C:\Windows\System\okTySAf.exe
  2⤵
  PID:7228
- C:\Windows\System\ERiWdsr.exe
  C:\Windows\System\ERiWdsr.exe
  2⤵
  PID:7444
- C:\Windows\System\LOSQnAH.exe
  C:\Windows\System\LOSQnAH.exe
  2⤵
  PID:7824
- C:\Windows\System\jlpPoQY.exe
  C:\Windows\System\jlpPoQY.exe
  2⤵
  PID:7172
- C:\Windows\System\EvmPxRN.exe
  C:\Windows\System\EvmPxRN.exe
  2⤵
  PID:7976
- C:\Windows\System\GkyhZbM.exe
  C:\Windows\System\GkyhZbM.exe
  2⤵
  PID:6200
- C:\Windows\System\lcdwGxH.exe
  C:\Windows\System\lcdwGxH.exe
  2⤵
  PID:8208
- C:\Windows\System\mzTuaLs.exe
  C:\Windows\System\mzTuaLs.exe
  2⤵
  PID:8264
- C:\Windows\System\NEZmuur.exe
  C:\Windows\System\NEZmuur.exe
  2⤵
  PID:8304
- C:\Windows\System\QfXQzTy.exe
  C:\Windows\System\QfXQzTy.exe
  2⤵
  PID:8324
- C:\Windows\System\hkICUyu.exe
  C:\Windows\System\hkICUyu.exe
  2⤵
  PID:8348
- C:\Windows\System\KrFDNBd.exe
  C:\Windows\System\KrFDNBd.exe
  2⤵
  PID:8380
- C:\Windows\System\Acjzybg.exe
  C:\Windows\System\Acjzybg.exe
  2⤵
  PID:8396
- C:\Windows\System\dyifhlw.exe
  C:\Windows\System\dyifhlw.exe
  2⤵
  PID:8416
- C:\Windows\System\IdXNSxM.exe
  C:\Windows\System\IdXNSxM.exe
  2⤵
  PID:8436
- C:\Windows\System\oOuHMpr.exe
  C:\Windows\System\oOuHMpr.exe
  2⤵
  PID:8484
- C:\Windows\System\pDJnULN.exe
  C:\Windows\System\pDJnULN.exe
  2⤵
  PID:8504
- C:\Windows\System\BgwKuER.exe
  C:\Windows\System\BgwKuER.exe
  2⤵
  PID:8536
- C:\Windows\System\mPoyzQW.exe
  C:\Windows\System\mPoyzQW.exe
  2⤵
  PID:8568
- C:\Windows\System\VzvetCJ.exe
  C:\Windows\System\VzvetCJ.exe
  2⤵
  PID:8588
- C:\Windows\System\UMBnkRo.exe
  C:\Windows\System\UMBnkRo.exe
  2⤵
  PID:8636
- C:\Windows\System\mVoNBQG.exe
  C:\Windows\System\mVoNBQG.exe
  2⤵
  PID:8660
- C:\Windows\System\tKGGzDV.exe
  C:\Windows\System\tKGGzDV.exe
  2⤵
  PID:8688
- C:\Windows\System\BAMvceE.exe
  C:\Windows\System\BAMvceE.exe
  2⤵
  PID:8712
- C:\Windows\System\hQBTjte.exe
  C:\Windows\System\hQBTjte.exe
  2⤵
  PID:8732
- C:\Windows\System\AtuXFrQ.exe
  C:\Windows\System\AtuXFrQ.exe
  2⤵
  PID:8760
- C:\Windows\System\wtBaFkr.exe
  C:\Windows\System\wtBaFkr.exe
  2⤵
  PID:8784
- C:\Windows\System\wckWnGW.exe
  C:\Windows\System\wckWnGW.exe
  2⤵
  PID:8828
- C:\Windows\System\qadWqHT.exe
  C:\Windows\System\qadWqHT.exe
  2⤵
  PID:8852
- C:\Windows\System\ffcfzig.exe
  C:\Windows\System\ffcfzig.exe
  2⤵
  PID:8872
- C:\Windows\System\OWfjfNa.exe
  C:\Windows\System\OWfjfNa.exe
  2⤵
  PID:8904
- C:\Windows\System\BQixwTy.exe
  C:\Windows\System\BQixwTy.exe
  2⤵
  PID:8928
- C:\Windows\System\sroJqdr.exe
  C:\Windows\System\sroJqdr.exe
  2⤵
  PID:8956
- C:\Windows\System\PYgxQuw.exe
  C:\Windows\System\PYgxQuw.exe
  2⤵
  PID:8976
- C:\Windows\System\OrYCvFG.exe
  C:\Windows\System\OrYCvFG.exe
  2⤵
  PID:8996
- C:\Windows\System\whEipST.exe
  C:\Windows\System\whEipST.exe
  2⤵
  PID:9012
- C:\Windows\System\wAqtXqC.exe
  C:\Windows\System\wAqtXqC.exe
  2⤵
  PID:9036
- C:\Windows\System\vfBbDwZ.exe
  C:\Windows\System\vfBbDwZ.exe
  2⤵
  PID:9060
- C:\Windows\System\xhuORuq.exe
  C:\Windows\System\xhuORuq.exe
  2⤵
  PID:9112
- C:\Windows\System\VhQTiav.exe
  C:\Windows\System\VhQTiav.exe
  2⤵
  PID:9140
- C:\Windows\System\fpbEnOt.exe
  C:\Windows\System\fpbEnOt.exe
  2⤵
  PID:9172
- C:\Windows\System\YxqMVTb.exe
  C:\Windows\System\YxqMVTb.exe
  2⤵
  PID:9188
- C:\Windows\System\qcQirpi.exe
  C:\Windows\System\qcQirpi.exe
  2⤵
  PID:8200
- C:\Windows\System\CuaSlwP.exe
  C:\Windows\System\CuaSlwP.exe
  2⤵
  PID:8204
- C:\Windows\System\oQVoWeG.exe
  C:\Windows\System\oQVoWeG.exe
  2⤵
  PID:8300
- C:\Windows\System\ozaIFlf.exe
  C:\Windows\System\ozaIFlf.exe
  2⤵
  PID:8320
- C:\Windows\System\VYfNJtG.exe
  C:\Windows\System\VYfNJtG.exe
  2⤵
  PID:8392
- C:\Windows\System\tuKgYWZ.exe
  C:\Windows\System\tuKgYWZ.exe
  2⤵
  PID:8452
- C:\Windows\System\AdWtmob.exe
  C:\Windows\System\AdWtmob.exe
  2⤵
  PID:8496
- C:\Windows\System\oyybBfH.exe
  C:\Windows\System\oyybBfH.exe
  2⤵
  PID:8532
- C:\Windows\System\viLBoFb.exe
  C:\Windows\System\viLBoFb.exe
  2⤵
  PID:8624
- C:\Windows\System\aRkzWgX.exe
  C:\Windows\System\aRkzWgX.exe
  2⤵
  PID:8896
- C:\Windows\System\AeVxXpG.exe
  C:\Windows\System\AeVxXpG.exe
  2⤵
  PID:9028
- C:\Windows\System\kMgvKXp.exe
  C:\Windows\System\kMgvKXp.exe
  2⤵
  PID:9048
- C:\Windows\System\mjKGiDj.exe
  C:\Windows\System\mjKGiDj.exe
  2⤵
  PID:9128
- C:\Windows\System\NAmMset.exe
  C:\Windows\System\NAmMset.exe
  2⤵
  PID:8260
- C:\Windows\System\vegjHsK.exe
  C:\Windows\System\vegjHsK.exe
  2⤵
  PID:9160
- C:\Windows\System\EQBXiij.exe
  C:\Windows\System\EQBXiij.exe
  2⤵
  PID:9208
- C:\Windows\System\OZtgxNE.exe
  C:\Windows\System\OZtgxNE.exe
  2⤵
  PID:8740
- C:\Windows\System\kmnRJyC.exe
  C:\Windows\System\kmnRJyC.exe
  2⤵
  PID:8576
- C:\Windows\System\BPOIpWJ.exe
  C:\Windows\System\BPOIpWJ.exe
  2⤵
  PID:8804
- C:\Windows\System\lsQsMZs.exe
  C:\Windows\System\lsQsMZs.exe
  2⤵
  PID:9076
- C:\Windows\System\ixOQEDs.exe
  C:\Windows\System\ixOQEDs.exe
  2⤵
  PID:8480
- C:\Windows\System\WmxGqwz.exe
  C:\Windows\System\WmxGqwz.exe
  2⤵
  PID:8344
- C:\Windows\System\koOXThH.exe
  C:\Windows\System\koOXThH.exe
  2⤵
  PID:8724
- C:\Windows\System\DCphrjc.exe
  C:\Windows\System\DCphrjc.exe
  2⤵
  PID:8780
- C:\Windows\System\TYTVQpl.exe
  C:\Windows\System\TYTVQpl.exe
  2⤵
  PID:9004
- C:\Windows\System\YAFtkcz.exe
  C:\Windows\System\YAFtkcz.exe
  2⤵
  PID:8656
- C:\Windows\System\mFPkPvO.exe
  C:\Windows\System\mFPkPvO.exe
  2⤵
  PID:9240
- C:\Windows\System\JeTtcic.exe
  C:\Windows\System\JeTtcic.exe
  2⤵
  PID:9260
- C:\Windows\System\eiEWAny.exe
  C:\Windows\System\eiEWAny.exe
  2⤵
  PID:9288
- C:\Windows\System\OCSYCeq.exe
  C:\Windows\System\OCSYCeq.exe
  2⤵
  PID:9308
- C:\Windows\System\BGgfWFg.exe
  C:\Windows\System\BGgfWFg.exe
  2⤵
  PID:9328
- C:\Windows\System\RqqxHqE.exe
  C:\Windows\System\RqqxHqE.exe
  2⤵
  PID:9372
- C:\Windows\System\kXotDXE.exe
  C:\Windows\System\kXotDXE.exe
  2⤵
  PID:9396
- C:\Windows\System\AbJAitR.exe
  C:\Windows\System\AbJAitR.exe
  2⤵
  PID:9432
- C:\Windows\System\DZKjESo.exe
  C:\Windows\System\DZKjESo.exe
  2⤵
  PID:9452
- C:\Windows\System\KZvbRjB.exe
  C:\Windows\System\KZvbRjB.exe
  2⤵
  PID:9472
- C:\Windows\System\WKxdjME.exe
  C:\Windows\System\WKxdjME.exe
  2⤵
  PID:9488
- C:\Windows\System\lNDdgPR.exe
  C:\Windows\System\lNDdgPR.exe
  2⤵
  PID:9516
- C:\Windows\System\lmPYsni.exe
  C:\Windows\System\lmPYsni.exe
  2⤵
  PID:9540
- C:\Windows\System\KlFSVEa.exe
  C:\Windows\System\KlFSVEa.exe
  2⤵
  PID:9564
- C:\Windows\System\ovZSJsq.exe
  C:\Windows\System\ovZSJsq.exe
  2⤵
  PID:9628
- C:\Windows\System\FQlaLhw.exe
  C:\Windows\System\FQlaLhw.exe
  2⤵
  PID:9648
- C:\Windows\System\muElUYF.exe
  C:\Windows\System\muElUYF.exe
  2⤵
  PID:9704
- C:\Windows\System\AMNkpQZ.exe
  C:\Windows\System\AMNkpQZ.exe
  2⤵
  PID:9724
- C:\Windows\System\WDLZbZO.exe
  C:\Windows\System\WDLZbZO.exe
  2⤵
  PID:9744
- C:\Windows\System\WlHQrsx.exe
  C:\Windows\System\WlHQrsx.exe
  2⤵
  PID:9768
- C:\Windows\System\LqMVwdp.exe
  C:\Windows\System\LqMVwdp.exe
  2⤵
  PID:9796
- C:\Windows\System\tlLmqnO.exe
  C:\Windows\System\tlLmqnO.exe
  2⤵
  PID:9816
- C:\Windows\System\UaIAPne.exe
  C:\Windows\System\UaIAPne.exe
  2⤵
  PID:9844
- C:\Windows\System\sUNNMbE.exe
  C:\Windows\System\sUNNMbE.exe
  2⤵
  PID:9900
- C:\Windows\System\aorusYp.exe
  C:\Windows\System\aorusYp.exe
  2⤵
  PID:9920
- C:\Windows\System\PVXGonx.exe
  C:\Windows\System\PVXGonx.exe
  2⤵
  PID:9940
- C:\Windows\System\oZbmyCS.exe
  C:\Windows\System\oZbmyCS.exe
  2⤵
  PID:9964
- C:\Windows\System\yxKmnvJ.exe
  C:\Windows\System\yxKmnvJ.exe
  2⤵
  PID:10008
- C:\Windows\System\eUydmfC.exe
  C:\Windows\System\eUydmfC.exe
  2⤵
  PID:10032
- C:\Windows\System\dbfwKcT.exe
  C:\Windows\System\dbfwKcT.exe
  2⤵
  PID:10052
- C:\Windows\System\wIDVPCb.exe
  C:\Windows\System\wIDVPCb.exe
  2⤵
  PID:10072
- C:\Windows\System\lSZMXaw.exe
  C:\Windows\System\lSZMXaw.exe
  2⤵
  PID:10096
- C:\Windows\System\rdZYUYl.exe
  C:\Windows\System\rdZYUYl.exe
  2⤵
  PID:10124
- C:\Windows\System\lFgliMd.exe
  C:\Windows\System\lFgliMd.exe
  2⤵
  PID:10148
- C:\Windows\System\hHMrKhN.exe
  C:\Windows\System\hHMrKhN.exe
  2⤵
  PID:10164
- C:\Windows\System\uPlSMuR.exe
  C:\Windows\System\uPlSMuR.exe
  2⤵
  PID:10196
- C:\Windows\System\HSTylRI.exe
  C:\Windows\System\HSTylRI.exe
  2⤵
  PID:9224
- C:\Windows\System\CfvbuCQ.exe
  C:\Windows\System\CfvbuCQ.exe
  2⤵
  PID:9256
- C:\Windows\System\ctItDEp.exe
  C:\Windows\System\ctItDEp.exe
  2⤵
  PID:9296
- C:\Windows\System\iOhudRa.exe
  C:\Windows\System\iOhudRa.exe
  2⤵
  PID:9424
- C:\Windows\System\mCFRlfL.exe
  C:\Windows\System\mCFRlfL.exe
  2⤵
  PID:9484
- C:\Windows\System\OJIcObi.exe
  C:\Windows\System\OJIcObi.exe
  2⤵
  PID:9584
- C:\Windows\System\vDmRQvU.exe
  C:\Windows\System\vDmRQvU.exe
  2⤵
  PID:9548
- C:\Windows\System\CvPWAiE.exe
  C:\Windows\System\CvPWAiE.exe
  2⤵
  PID:9620
- C:\Windows\System\OMPRJaD.exe
  C:\Windows\System\OMPRJaD.exe
  2⤵
  PID:9696
- C:\Windows\System\dwCjUNF.exe
  C:\Windows\System\dwCjUNF.exe
  2⤵
  PID:9720
- C:\Windows\System\fOCbppi.exe
  C:\Windows\System\fOCbppi.exe
  2⤵
  PID:9840
- C:\Windows\System\bgiARXM.exe
  C:\Windows\System\bgiARXM.exe
  2⤵
  PID:9912
- C:\Windows\System\cAqllYu.exe
  C:\Windows\System\cAqllYu.exe
  2⤵
  PID:10000
- C:\Windows\System\UDAIuEs.exe
  C:\Windows\System\UDAIuEs.exe
  2⤵
  PID:10016
- C:\Windows\System\iZKLWpQ.exe
  C:\Windows\System\iZKLWpQ.exe
  2⤵
  PID:10068
- C:\Windows\System\Qtnvqci.exe
  C:\Windows\System\Qtnvqci.exe
  2⤵
  PID:10160
- C:\Windows\System\xigKhMj.exe
  C:\Windows\System\xigKhMj.exe
  2⤵
  PID:10220
- C:\Windows\System\TvwUqzo.exe
  C:\Windows\System\TvwUqzo.exe
  2⤵
  PID:9276
- C:\Windows\System\hzsiQud.exe
  C:\Windows\System\hzsiQud.exe
  2⤵
  PID:9512
- C:\Windows\System\ejXrqdx.exe
  C:\Windows\System\ejXrqdx.exe
  2⤵
  PID:9780
- C:\Windows\System\VbgHYRM.exe
  C:\Windows\System\VbgHYRM.exe
  2⤵
  PID:9736
- C:\Windows\System\uAjwHRv.exe
  C:\Windows\System\uAjwHRv.exe
  2⤵
  PID:10024
- C:\Windows\System\AKnIxfe.exe
  C:\Windows\System\AKnIxfe.exe
  2⤵
  PID:9956
- C:\Windows\System\zINkqHs.exe
  C:\Windows\System\zINkqHs.exe
  2⤵
  PID:10212
- C:\Windows\System\AZUGPsO.exe
  C:\Windows\System\AZUGPsO.exe
  2⤵
  PID:9532
- C:\Windows\System\hmJoWgg.exe
  C:\Windows\System\hmJoWgg.exe
  2⤵
  PID:9864
- C:\Windows\System\DggBvLB.exe
  C:\Windows\System\DggBvLB.exe
  2⤵
  PID:10264
- C:\Windows\System\HfTDgPB.exe
  C:\Windows\System\HfTDgPB.exe
  2⤵
  PID:10312
- C:\Windows\System\XBrcGhI.exe
  C:\Windows\System\XBrcGhI.exe
  2⤵
  PID:10332
- C:\Windows\System\GpZLrnc.exe
  C:\Windows\System\GpZLrnc.exe
  2⤵
  PID:10352
- C:\Windows\System\BdMKJjy.exe
  C:\Windows\System\BdMKJjy.exe
  2⤵
  PID:10380
- C:\Windows\System\ZQMNXOX.exe
  C:\Windows\System\ZQMNXOX.exe
  2⤵
  PID:10420
- C:\Windows\System\OgVmacd.exe
  C:\Windows\System\OgVmacd.exe
  2⤵
  PID:10460
- C:\Windows\System\xMteDmU.exe
  C:\Windows\System\xMteDmU.exe
  2⤵
  PID:10484
- C:\Windows\System\lpMYbIY.exe
  C:\Windows\System\lpMYbIY.exe
  2⤵
  PID:10504
- C:\Windows\System\zrXjyIE.exe
  C:\Windows\System\zrXjyIE.exe
  2⤵
  PID:10520
- C:\Windows\System\WIpQoxD.exe
  C:\Windows\System\WIpQoxD.exe
  2⤵
  PID:10540
- C:\Windows\System\oiWMsQm.exe
  C:\Windows\System\oiWMsQm.exe
  2⤵
  PID:10568
- C:\Windows\System\VvainJh.exe
  C:\Windows\System\VvainJh.exe
  2⤵
  PID:10588
- C:\Windows\System\sPsvBRF.exe
  C:\Windows\System\sPsvBRF.exe
  2⤵
  PID:10604
- C:\Windows\System\xfrYaFz.exe
  C:\Windows\System\xfrYaFz.exe
  2⤵
  PID:10624
- C:\Windows\System\zgGOOEJ.exe
  C:\Windows\System\zgGOOEJ.exe
  2⤵
  PID:10648
- C:\Windows\System\qSiDMhs.exe
  C:\Windows\System\qSiDMhs.exe
  2⤵
  PID:10672
- C:\Windows\System\vhRUQKf.exe
  C:\Windows\System\vhRUQKf.exe
  2⤵
  PID:10692
- C:\Windows\System\yvOEpvd.exe
  C:\Windows\System\yvOEpvd.exe
  2⤵
  PID:10708
- C:\Windows\System\HpAoFnc.exe
  C:\Windows\System\HpAoFnc.exe
  2⤵
  PID:10744
- C:\Windows\System\ZJHpKdO.exe
  C:\Windows\System\ZJHpKdO.exe
  2⤵
  PID:10772
- C:\Windows\System\DZKlAnk.exe
  C:\Windows\System\DZKlAnk.exe
  2⤵
  PID:10868
- C:\Windows\System\iYFezpY.exe
  C:\Windows\System\iYFezpY.exe
  2⤵
  PID:10892
- C:\Windows\System\RPcRpAf.exe
  C:\Windows\System\RPcRpAf.exe
  2⤵
  PID:10936
- C:\Windows\System\itHCnuo.exe
  C:\Windows\System\itHCnuo.exe
  2⤵
  PID:10956
- C:\Windows\System\eSoWgcH.exe
  C:\Windows\System\eSoWgcH.exe
  2⤵
  PID:10984
- C:\Windows\System\BkpZfih.exe
  C:\Windows\System\BkpZfih.exe
  2⤵
  PID:11008
- C:\Windows\System\EjnTZaP.exe
  C:\Windows\System\EjnTZaP.exe
  2⤵
  PID:11032
- C:\Windows\System\CIoHEyO.exe
  C:\Windows\System\CIoHEyO.exe
  2⤵
  PID:11056
- C:\Windows\System\PtSPbcb.exe
  C:\Windows\System\PtSPbcb.exe
  2⤵
  PID:11080
- C:\Windows\System\dtrbabC.exe
  C:\Windows\System\dtrbabC.exe
  2⤵
  PID:11100
- C:\Windows\System\mQTzuGP.exe
  C:\Windows\System\mQTzuGP.exe
  2⤵
  PID:11136
- C:\Windows\System\FjpXFse.exe
  C:\Windows\System\FjpXFse.exe
  2⤵
  PID:11164
- C:\Windows\System\cHQHEco.exe
  C:\Windows\System\cHQHEco.exe
  2⤵
  PID:11192
- C:\Windows\System\uETmJuj.exe
  C:\Windows\System\uETmJuj.exe
  2⤵
  PID:11216
- C:\Windows\System\RReuwft.exe
  C:\Windows\System\RReuwft.exe
  2⤵
  PID:11232
- C:\Windows\System\qCAGLSA.exe
  C:\Windows\System\qCAGLSA.exe
  2⤵
  PID:9560
- C:\Windows\System\SchRfmR.exe
  C:\Windows\System\SchRfmR.exe
  2⤵
  PID:9668
- C:\Windows\System\NKhenfj.exe
  C:\Windows\System\NKhenfj.exe
  2⤵
  PID:10308
- C:\Windows\System\zUXOCWr.exe
  C:\Windows\System\zUXOCWr.exe
  2⤵
  PID:10324
- C:\Windows\System\BvgPIIe.exe
  C:\Windows\System\BvgPIIe.exe
  2⤵
  PID:10376
- C:\Windows\System\UfXHYZi.exe
  C:\Windows\System\UfXHYZi.exe
  2⤵
  PID:10436
- C:\Windows\System\VecZdhr.exe
  C:\Windows\System\VecZdhr.exe
  2⤵
  PID:10476
- C:\Windows\System\MXoXLXh.exe
  C:\Windows\System\MXoXLXh.exe
  2⤵
  PID:10512
- C:\Windows\System\nDHICkW.exe
  C:\Windows\System\nDHICkW.exe
  2⤵
  PID:10584
- C:\Windows\System\pqMwuXt.exe
  C:\Windows\System\pqMwuXt.exe
  2⤵
  PID:10680
- C:\Windows\System\ilKXXig.exe
  C:\Windows\System\ilKXXig.exe
  2⤵
  PID:10816
- C:\Windows\System\xpbHFIJ.exe
  C:\Windows\System\xpbHFIJ.exe
  2⤵
  PID:10864
- C:\Windows\System\iPMZPPv.exe
  C:\Windows\System\iPMZPPv.exe
  2⤵
  PID:10932
- C:\Windows\System\tULLIQw.exe
  C:\Windows\System\tULLIQw.exe
  2⤵
  PID:10992
- C:\Windows\System\iYCuZUE.exe
  C:\Windows\System\iYCuZUE.exe
  2⤵
  PID:11064
- C:\Windows\System\esmvxUn.exe
  C:\Windows\System\esmvxUn.exe
  2⤵
  PID:11128
- C:\Windows\System\UfJelzI.exe
  C:\Windows\System\UfJelzI.exe
  2⤵
  PID:11224
- C:\Windows\System\KIkyKPA.exe
  C:\Windows\System\KIkyKPA.exe
  2⤵
  PID:10256
- C:\Windows\System\YTqrPfw.exe
  C:\Windows\System\YTqrPfw.exe
  2⤵
  PID:10344
- C:\Windows\System\wwPhHUH.exe
  C:\Windows\System\wwPhHUH.exe
  2⤵
  PID:10412
- C:\Windows\System\DPDrAsk.exe
  C:\Windows\System\DPDrAsk.exe
  2⤵
  PID:10640
- C:\Windows\System\qJpbCTQ.exe
  C:\Windows\System\qJpbCTQ.exe
  2⤵
  PID:10564
- C:\Windows\System\MpnmjRp.exe
  C:\Windows\System\MpnmjRp.exe
  2⤵
  PID:10800
- C:\Windows\System\HpZySwH.exe
  C:\Windows\System\HpZySwH.exe
  2⤵
  PID:10888
- C:\Windows\System\jEyVIrh.exe
  C:\Windows\System\jEyVIrh.exe
  2⤵
  PID:11120
- C:\Windows\System\rKqcTWn.exe
  C:\Windows\System\rKqcTWn.exe
  2⤵
  PID:10304
- C:\Windows\System\qDzWulG.exe
  C:\Windows\System\qDzWulG.exe
  2⤵
  PID:10516
- C:\Windows\System\ORhiqMZ.exe
  C:\Windows\System\ORhiqMZ.exe
  2⤵
  PID:10792
- C:\Windows\System\uqQKHlq.exe
  C:\Windows\System\uqQKHlq.exe
  2⤵
  PID:11076
- C:\Windows\System\KjQDHZg.exe
  C:\Windows\System\KjQDHZg.exe
  2⤵
  PID:10044
- C:\Windows\System\HvAdavV.exe
  C:\Windows\System\HvAdavV.exe
  2⤵
  PID:11288
- C:\Windows\System\YNeSZLA.exe
  C:\Windows\System\YNeSZLA.exe
  2⤵
  PID:11348
- C:\Windows\System\xgnrNix.exe
  C:\Windows\System\xgnrNix.exe
  2⤵
  PID:11376
- C:\Windows\System\mAnBMKe.exe
  C:\Windows\System\mAnBMKe.exe
  2⤵
  PID:11396
- C:\Windows\System\NDgGORy.exe
  C:\Windows\System\NDgGORy.exe
  2⤵
  PID:11416
- C:\Windows\System\IUrqpHe.exe
  C:\Windows\System\IUrqpHe.exe
  2⤵
  PID:11456
- C:\Windows\System\edAWxWf.exe
  C:\Windows\System\edAWxWf.exe
  2⤵
  PID:11480
- C:\Windows\System\rIEvcFo.exe
  C:\Windows\System\rIEvcFo.exe
  2⤵
  PID:11512
- C:\Windows\System\rmdIVZA.exe
  C:\Windows\System\rmdIVZA.exe
  2⤵
  PID:11540
- C:\Windows\System\KqSHWLj.exe
  C:\Windows\System\KqSHWLj.exe
  2⤵
  PID:11584
- C:\Windows\System\tNcxnBl.exe
  C:\Windows\System\tNcxnBl.exe
  2⤵
  PID:11604
- C:\Windows\System\LIZlrUg.exe
  C:\Windows\System\LIZlrUg.exe
  2⤵
  PID:11624
- C:\Windows\System\jAQFonT.exe
  C:\Windows\System\jAQFonT.exe
  2⤵
  PID:11652
- C:\Windows\System\XHCpLlK.exe
  C:\Windows\System\XHCpLlK.exe
  2⤵
  PID:11672
- C:\Windows\System\GDWfZKQ.exe
  C:\Windows\System\GDWfZKQ.exe
  2⤵
  PID:11704
- C:\Windows\System\VfGctjV.exe
  C:\Windows\System\VfGctjV.exe
  2⤵
  PID:11724
- C:\Windows\System\mKFyMfa.exe
  C:\Windows\System\mKFyMfa.exe
  2⤵
  PID:11780
- C:\Windows\System\kdOhgJL.exe
  C:\Windows\System\kdOhgJL.exe
  2⤵
  PID:11800
- C:\Windows\System\VnUXhPL.exe
  C:\Windows\System\VnUXhPL.exe
  2⤵
  PID:11840
- C:\Windows\System\KgttKyK.exe
  C:\Windows\System\KgttKyK.exe
  2⤵
  PID:11860
- C:\Windows\System\hncPKKv.exe
  C:\Windows\System\hncPKKv.exe
  2⤵
  PID:11888
- C:\Windows\System\YMxPpmh.exe
  C:\Windows\System\YMxPpmh.exe
  2⤵
  PID:11912
- C:\Windows\System\gLePcmE.exe
  C:\Windows\System\gLePcmE.exe
  2⤵
  PID:11932
- C:\Windows\System\wYxVImu.exe
  C:\Windows\System\wYxVImu.exe
  2⤵
  PID:11960
- C:\Windows\System\UAEkToU.exe
  C:\Windows\System\UAEkToU.exe
  2⤵
  PID:12000
- C:\Windows\System\umBJZAk.exe
  C:\Windows\System\umBJZAk.exe
  2⤵
  PID:12024
- C:\Windows\System\JowuNde.exe
  C:\Windows\System\JowuNde.exe
  2⤵
  PID:12052
- C:\Windows\System\qrvglxL.exe
  C:\Windows\System\qrvglxL.exe
  2⤵
  PID:12084
- C:\Windows\System\xvdeQCC.exe
  C:\Windows\System\xvdeQCC.exe
  2⤵
  PID:12112
- C:\Windows\System\XsntDVG.exe
  C:\Windows\System\XsntDVG.exe
  2⤵
  PID:12140
- C:\Windows\System\Rxslnav.exe
  C:\Windows\System\Rxslnav.exe
  2⤵
  PID:12192
- C:\Windows\System\wxGskpJ.exe
  C:\Windows\System\wxGskpJ.exe
  2⤵
  PID:12208
- C:\Windows\System\LCeswZn.exe
  C:\Windows\System\LCeswZn.exe
  2⤵
  PID:12232
- C:\Windows\System\ZZicCYd.exe
  C:\Windows\System\ZZicCYd.exe
  2⤵
  PID:12252
- C:\Windows\System\BeKGifs.exe
  C:\Windows\System\BeKGifs.exe
  2⤵
  PID:11156
- C:\Windows\System\VzfzzuX.exe
  C:\Windows\System\VzfzzuX.exe
  2⤵
  PID:11360
- C:\Windows\System\YoyLTvS.exe
  C:\Windows\System\YoyLTvS.exe
  2⤵
  PID:11332
- C:\Windows\System\cAZwGvY.exe
  C:\Windows\System\cAZwGvY.exe
  2⤵
  PID:11412
- C:\Windows\System\dpshiYa.exe
  C:\Windows\System\dpshiYa.exe
  2⤵
  PID:11520
- C:\Windows\System\GoaqOry.exe
  C:\Windows\System\GoaqOry.exe
  2⤵
  PID:11576
- C:\Windows\System\KNUEzvp.exe
  C:\Windows\System\KNUEzvp.exe
  2⤵
  PID:11664
- C:\Windows\System\XzBvuqt.exe
  C:\Windows\System\XzBvuqt.exe
  2⤵
  PID:11716
- C:\Windows\System\zPbkXfd.exe
  C:\Windows\System\zPbkXfd.exe
  2⤵
  PID:11796
- C:\Windows\System\okyicRF.exe
  C:\Windows\System\okyicRF.exe
  2⤵
  PID:11836
- C:\Windows\System\iSfzlYJ.exe
  C:\Windows\System\iSfzlYJ.exe
  2⤵
  PID:11896
- C:\Windows\System\IlgqHnL.exe
  C:\Windows\System\IlgqHnL.exe
  2⤵
  PID:11928
- C:\Windows\System\oAnXmYL.exe
  C:\Windows\System\oAnXmYL.exe
  2⤵
  PID:12012
- C:\Windows\System\EYWfyjd.exe
  C:\Windows\System\EYWfyjd.exe
  2⤵
  PID:12068
- C:\Windows\System\DODZuQp.exe
  C:\Windows\System\DODZuQp.exe
  2⤵
  PID:12204
- C:\Windows\System\VFLbgXj.exe
  C:\Windows\System\VFLbgXj.exe
  2⤵
  PID:12244
- C:\Windows\System\axxfHSN.exe
  C:\Windows\System\axxfHSN.exe
  2⤵
  PID:11408
- C:\Windows\System\HeJgqHZ.exe
  C:\Windows\System\HeJgqHZ.exe
  2⤵
  PID:11508
- C:\Windows\System\pxOifsR.exe
  C:\Windows\System\pxOifsR.exe
  2⤵
  PID:11620
- C:\Windows\System\MIiVOeN.exe
  C:\Windows\System\MIiVOeN.exe
  2⤵
  PID:11816
- C:\Windows\System\kLHZRSR.exe
  C:\Windows\System\kLHZRSR.exe
  2⤵
  PID:11996
- C:\Windows\System\nAlwVfn.exe
  C:\Windows\System\nAlwVfn.exe
  2⤵
  PID:11476
- C:\Windows\System\aFRxktp.exe
  C:\Windows\System\aFRxktp.exe
  2⤵
  PID:12292
- C:\Windows\System\OmYNjRW.exe
  C:\Windows\System\OmYNjRW.exe
  2⤵
  PID:12308
- C:\Windows\System\fibMLtP.exe
  C:\Windows\System\fibMLtP.exe
  2⤵
  PID:12360
- C:\Windows\System\qVeVVlc.exe
  C:\Windows\System\qVeVVlc.exe
  2⤵
  PID:12388
- C:\Windows\System\wxktQWS.exe
  C:\Windows\System\wxktQWS.exe
  2⤵
  PID:12412
- C:\Windows\System\uCkswip.exe
  C:\Windows\System\uCkswip.exe
  2⤵
  PID:12440
- C:\Windows\System\PfVNxcW.exe
  C:\Windows\System\PfVNxcW.exe
  2⤵
  PID:12460
- C:\Windows\System\aXmxghL.exe
  C:\Windows\System\aXmxghL.exe
  2⤵
  PID:12496
- C:\Windows\System\mIZgDGU.exe
  C:\Windows\System\mIZgDGU.exe
  2⤵
  PID:12528
- C:\Windows\System\PBNTCtQ.exe
  C:\Windows\System\PBNTCtQ.exe
  2⤵
  PID:12564
- C:\Windows\System\qwxXDYp.exe
  C:\Windows\System\qwxXDYp.exe
  2⤵
  PID:12624
- C:\Windows\System\XGjNzLH.exe
  C:\Windows\System\XGjNzLH.exe
  2⤵
  PID:12644
- C:\Windows\System\EHeMQlz.exe
  C:\Windows\System\EHeMQlz.exe
  2⤵
  PID:12680
- C:\Windows\System\fDvPgMu.exe
  C:\Windows\System\fDvPgMu.exe
  2⤵
  PID:12704
- C:\Windows\System\mcwMfBT.exe
  C:\Windows\System\mcwMfBT.exe
  2⤵
  PID:12736
- C:\Windows\System\tGmZCxY.exe
  C:\Windows\System\tGmZCxY.exe
  2⤵
  PID:12756
- C:\Windows\System\YypnDOb.exe
  C:\Windows\System\YypnDOb.exe
  2⤵
  PID:12796
- C:\Windows\System\iwpgbtR.exe
  C:\Windows\System\iwpgbtR.exe
  2⤵
  PID:12820
- C:\Windows\System\GIVeSAR.exe
  C:\Windows\System\GIVeSAR.exe
  2⤵
  PID:12848
- C:\Windows\System\VDWKGcM.exe
  C:\Windows\System\VDWKGcM.exe
  2⤵
  PID:12880
- C:\Windows\System\ilYbdqc.exe
  C:\Windows\System\ilYbdqc.exe
  2⤵
  PID:12896
- C:\Windows\System\GEzQKWh.exe
  C:\Windows\System\GEzQKWh.exe
  2⤵
  PID:12924
- C:\Windows\System\anbvSQz.exe
  C:\Windows\System\anbvSQz.exe
  2⤵
  PID:12944
- C:\Windows\System\xiTFgRg.exe
  C:\Windows\System\xiTFgRg.exe
  2⤵
  PID:12964
- C:\Windows\System\xYwkrft.exe
  C:\Windows\System\xYwkrft.exe
  2⤵
  PID:12984
- C:\Windows\System\VzldyFm.exe
  C:\Windows\System\VzldyFm.exe
  2⤵
  PID:13012
- C:\Windows\System\XOsaHEI.exe
  C:\Windows\System\XOsaHEI.exe
  2⤵
  PID:13072
- C:\Windows\System\ZuUxNqx.exe
  C:\Windows\System\ZuUxNqx.exe
  2⤵
  PID:13092
- C:\Windows\System\GTpboPG.exe
  C:\Windows\System\GTpboPG.exe
  2⤵
  PID:13132
- C:\Windows\System\qfmmeIe.exe
  C:\Windows\System\qfmmeIe.exe
  2⤵
  PID:13152
- C:\Windows\System\ELxAtHy.exe
  C:\Windows\System\ELxAtHy.exe
  2⤵
  PID:13176
- C:\Windows\System\cXoZzsp.exe
  C:\Windows\System\cXoZzsp.exe
  2⤵
  PID:13196
- C:\Windows\System\dyvaJaM.exe
  C:\Windows\System\dyvaJaM.exe
  2⤵
  PID:13224
- C:\Windows\System\SWGuoJd.exe
  C:\Windows\System\SWGuoJd.exe
  2⤵
  PID:13248
- C:\Windows\System\qRbueiL.exe
  C:\Windows\System\qRbueiL.exe
  2⤵
  PID:13268
- C:\Windows\System\NYbwHzV.exe
  C:\Windows\System\NYbwHzV.exe
  2⤵
  PID:13296
- C:\Windows\System\HyBfqwO.exe
  C:\Windows\System\HyBfqwO.exe
  2⤵
  PID:11940
- C:\Windows\System\euaLlxC.exe
  C:\Windows\System\euaLlxC.exe
  2⤵
  PID:11992
- C:\Windows\System\gFnvbhS.exe
  C:\Windows\System\gFnvbhS.exe
  2⤵
  PID:12268
- C:\Windows\System\hotXvwC.exe
  C:\Windows\System\hotXvwC.exe
  2⤵
  PID:12300
- C:\Windows\System\cnNqLEt.exe
  C:\Windows\System\cnNqLEt.exe
  2⤵
  PID:12380
- C:\Windows\System\XREzCYF.exe
  C:\Windows\System\XREzCYF.exe
  2⤵
  PID:12424
- C:\Windows\System\IOOYpKA.exe
  C:\Windows\System\IOOYpKA.exe
  2⤵
  PID:12540
- C:\Windows\System\UdYpFLH.exe
  C:\Windows\System\UdYpFLH.exe
  2⤵
  PID:12484
- C:\Windows\System\NSwKDKV.exe
  C:\Windows\System\NSwKDKV.exe
  2⤵
  PID:12656
- C:\Windows\System\UiCGfFz.exe
  C:\Windows\System\UiCGfFz.exe
  2⤵
  PID:12716
- C:\Windows\System\xpUXpdD.exe
  C:\Windows\System\xpUXpdD.exe
  2⤵
  PID:12328
- C:\Windows\System\uOwPwwL.exe
  C:\Windows\System\uOwPwwL.exe
  2⤵
  PID:12816
- C:\Windows\System\WzQkVOR.exe
  C:\Windows\System\WzQkVOR.exe
  2⤵
  PID:12868
- C:\Windows\System\gmxUNDU.exe
  C:\Windows\System\gmxUNDU.exe
  2⤵
  PID:12956
- C:\Windows\System\ZwdVrtD.exe
  C:\Windows\System\ZwdVrtD.exe
  2⤵
  PID:13044
- C:\Windows\System\pxHLseW.exe
  C:\Windows\System\pxHLseW.exe
  2⤵
  PID:13108
- C:\Windows\System\ggqsBtG.exe
  C:\Windows\System\ggqsBtG.exe
  2⤵
  PID:13168
- C:\Windows\System\vDhAjXb.exe
  C:\Windows\System\vDhAjXb.exe
  2⤵
  PID:13244
- C:\Windows\System\hvuJeTc.exe
  C:\Windows\System\hvuJeTc.exe
  2⤵
  PID:13240
- C:\Windows\System\QhjyflO.exe
  C:\Windows\System\QhjyflO.exe
  2⤵
  PID:11392
- C:\Windows\System\gTcJMwP.exe
  C:\Windows\System\gTcJMwP.exe
  2⤵
  PID:12348
- C:\Windows\System\NLVpZVK.exe
  C:\Windows\System\NLVpZVK.exe
  2⤵
  PID:12504
- C:\Windows\System\mBMNMVe.exe
  C:\Windows\System\mBMNMVe.exe
  2⤵
  PID:12752
- C:\Windows\System\czKasbb.exe
  C:\Windows\System\czKasbb.exe
  2⤵
  PID:12856
- C:\Windows\System\WboWbYj.exe
  C:\Windows\System\WboWbYj.exe
  2⤵
  PID:12916
- C:\Windows\System\EXFhWJN.exe
  C:\Windows\System\EXFhWJN.exe
  2⤵
  PID:13040
- C:\Windows\System\comRodQ.exe
  C:\Windows\System\comRodQ.exe
  2⤵
  PID:13192
- C:\Windows\System\NbbvMee.exe
  C:\Windows\System\NbbvMee.exe
  2⤵
  PID:12692
- C:\Windows\System\voQfmeu.exe
  C:\Windows\System\voQfmeu.exe
  2⤵
  PID:12748
- C:\Windows\System\uYOeMRa.exe
  C:\Windows\System\uYOeMRa.exe
  2⤵
  PID:12808
- C:\Windows\System\EBaBNNi.exe
  C:\Windows\System\EBaBNNi.exe
  2⤵
  PID:12124
- C:\Windows\System\YwiJApj.exe
  C:\Windows\System\YwiJApj.exe
  2⤵
  PID:13020
- C:\Windows\System\AQsoRQm.exe
  C:\Windows\System\AQsoRQm.exe
  2⤵
  PID:13332
- C:\Windows\System\diQKGHK.exe
  C:\Windows\System\diQKGHK.exe
  2⤵
  PID:13364
- C:\Windows\System\kfuFTjM.exe
  C:\Windows\System\kfuFTjM.exe
  2⤵
  PID:13380
- C:\Windows\System\IATpNQa.exe
  C:\Windows\System\IATpNQa.exe
  2⤵
  PID:13456
- C:\Windows\System\sguUdON.exe
  C:\Windows\System\sguUdON.exe
  2⤵
  PID:13476
- C:\Windows\System\EuCpOyA.exe
  C:\Windows\System\EuCpOyA.exe
  2⤵
  PID:13496
- C:\Windows\System\IkUfecp.exe
  C:\Windows\System\IkUfecp.exe
  2⤵
  PID:13528
- C:\Windows\System\zkKRvYq.exe
  C:\Windows\System\zkKRvYq.exe
  2⤵
  PID:13548
- C:\Windows\System\dDuchPh.exe
  C:\Windows\System\dDuchPh.exe
  2⤵
  PID:13572
- C:\Windows\System\IQKPIeo.exe
  C:\Windows\System\IQKPIeo.exe
  2⤵
  PID:13616
- C:\Windows\System\FFEaHoG.exe
  C:\Windows\System\FFEaHoG.exe
  2⤵
  PID:13660
- C:\Windows\System\PsHJbzF.exe
  C:\Windows\System\PsHJbzF.exe
  2⤵
  PID:13684
- C:\Windows\System\ohMKqLs.exe
  C:\Windows\System\ohMKqLs.exe
  2⤵
  PID:13708
- C:\Windows\System\ACafIWn.exe
  C:\Windows\System\ACafIWn.exe
  2⤵
  PID:13784
- C:\Windows\System\lrPQXZy.exe
  C:\Windows\System\lrPQXZy.exe
  2⤵
  PID:13816
- C:\Windows\System\PtwcbkP.exe
  C:\Windows\System\PtwcbkP.exe
  2⤵
  PID:13848
- C:\Windows\System\KLLfFlB.exe
  C:\Windows\System\KLLfFlB.exe
  2⤵
  PID:13872
- C:\Windows\System\cDEbeUO.exe
  C:\Windows\System\cDEbeUO.exe
  2⤵
  PID:13888
- C:\Windows\System\YdkCpvr.exe
  C:\Windows\System\YdkCpvr.exe
  2⤵
  PID:13912
- C:\Windows\System\yRFQrnz.exe
  C:\Windows\System\yRFQrnz.exe
  2⤵
  PID:13940
- C:\Windows\System\TkvJEQv.exe
  C:\Windows\System\TkvJEQv.exe
  2⤵
  PID:13968
- C:\Windows\System\gNTJOvG.exe
  C:\Windows\System\gNTJOvG.exe
  2⤵
  PID:13992
- C:\Windows\System\taSMEgY.exe
  C:\Windows\System\taSMEgY.exe
  2⤵
  PID:14016
- C:\Windows\System\vyLJCDj.exe
  C:\Windows\System\vyLJCDj.exe
  2⤵
  PID:14068
- C:\Windows\System\gMgoeuO.exe
  C:\Windows\System\gMgoeuO.exe
  2⤵
  PID:14112
- C:\Windows\System\bdfjkXV.exe
  C:\Windows\System\bdfjkXV.exe
  2⤵
  PID:14148
- C:\Windows\System\kqYkglu.exe
  C:\Windows\System\kqYkglu.exe
  2⤵
  PID:14196
- C:\Windows\System\wGhDAER.exe
  C:\Windows\System\wGhDAER.exe
  2⤵
  PID:14216
- C:\Windows\System\WSdQPub.exe
  C:\Windows\System\WSdQPub.exe
  2⤵
  PID:14252
- C:\Windows\System\mmAzKoX.exe
  C:\Windows\System\mmAzKoX.exe
  2⤵
  PID:14280
- C:\Windows\System\wzjjxyw.exe
  C:\Windows\System\wzjjxyw.exe
  2⤵
  PID:14312
- C:\Windows\System\XAUArFB.exe
  C:\Windows\System\XAUArFB.exe
  2⤵
  PID:12636
- C:\Windows\System\NdItDgy.exe
  C:\Windows\System\NdItDgy.exe
  2⤵
  PID:13320
- C:\Windows\System\dYeYYRN.exe
  C:\Windows\System\dYeYYRN.exe
  2⤵
  PID:13468
- C:\Windows\System\PNGUwFz.exe
  C:\Windows\System\PNGUwFz.exe
  2⤵
  PID:13556
- C:\Windows\System\LPrPWDX.exe
  C:\Windows\System\LPrPWDX.exe
  2⤵
  PID:13564
- C:\Windows\System\UeQbscl.exe
  C:\Windows\System\UeQbscl.exe
  2⤵
  PID:13676
- C:\Windows\System\eqcRWuO.exe
  C:\Windows\System\eqcRWuO.exe
  2⤵
  PID:13648
- C:\Windows\System\VvtsabA.exe
  C:\Windows\System\VvtsabA.exe
  2⤵
  PID:13808
- C:\Windows\System\WiFbzlR.exe
  C:\Windows\System\WiFbzlR.exe
  2⤵
  PID:13884
- C:\Windows\System\GElfCox.exe
  C:\Windows\System\GElfCox.exe
  2⤵
  PID:14000
- C:\Windows\System\bufAOLV.exe
  C:\Windows\System\bufAOLV.exe
  2⤵
  PID:14008
- C:\Windows\System\vAIwlfL.exe
  C:\Windows\System\vAIwlfL.exe
  2⤵
  PID:14084
- C:\Windows\System\PxztwIH.exe
  C:\Windows\System\PxztwIH.exe
  2⤵
  PID:14104
- C:\Windows\System\drfvddP.exe
  C:\Windows\System\drfvddP.exe
  2⤵
  PID:14212
- C:\Windows\System\GnkzLTQ.exe
  C:\Windows\System\GnkzLTQ.exe
  2⤵
  PID:13348
- C:\Windows\System\YxdcWde.exe
  C:\Windows\System\YxdcWde.exe
  2⤵
  PID:13636
- C:\Windows\System\SUdgZVi.exe
  C:\Windows\System\SUdgZVi.exe
  2⤵
  PID:13792
- C:\Windows\System\CSHXVtH.exe
  C:\Windows\System\CSHXVtH.exe
  2⤵
  PID:13908
- C:\Windows\System\skmTPjB.exe
  C:\Windows\System\skmTPjB.exe
  2⤵
  PID:14092
- C:\Windows\System\JNJmDmo.exe
  C:\Windows\System\JNJmDmo.exe
  2⤵
  PID:13880
- C:\Windows\System\pSnRHin.exe
  C:\Windows\System\pSnRHin.exe
  2⤵
  PID:14132
- C:\Windows\System\rbFwbiM.exe
  C:\Windows\System\rbFwbiM.exe
  2⤵
  PID:13780
- C:\Windows\System\SVSxGlF.exe
  C:\Windows\System\SVSxGlF.exe
  2⤵
  PID:13864
- C:\Windows\System\PdZRdeD.exe
  C:\Windows\System\PdZRdeD.exe
  2⤵
  PID:14360
- C:\Windows\System\XGDvzMs.exe
  C:\Windows\System\XGDvzMs.exe
  2⤵
  PID:14388
- C:\Windows\System\NyUAFyI.exe
  C:\Windows\System\NyUAFyI.exe
  2⤵
  PID:14412
- C:\Windows\System\bFwFycq.exe
  C:\Windows\System\bFwFycq.exe
  2⤵
  PID:14444
- C:\Windows\System\MhFdjdN.exe
  C:\Windows\System\MhFdjdN.exe
  2⤵
  PID:14468
- C:\Windows\System\NyPgBXF.exe
  C:\Windows\System\NyPgBXF.exe
  2⤵
  PID:14488
- C:\Windows\System\PeLZdkm.exe
  C:\Windows\System\PeLZdkm.exe
  2⤵
  PID:14512
- C:\Windows\System\jLlpPcu.exe
  C:\Windows\System\jLlpPcu.exe
  2⤵
  PID:14540
- C:\Windows\System\yxswilF.exe
  C:\Windows\System\yxswilF.exe
  2⤵
  PID:14600

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AfWYbjt.exe

Filesize
1.9MB

MD5
da17e867e6ffce860050b9e53e0cf6cf

SHA1
ca6689732f26a628f05f11b131a56abe5e37901b

SHA256
28419c2c1d1047c8dd8a4cf871be0397510f67103f7f3f36572f05c184710f19

SHA512
e337988544befea8e5c71db53f9328ea7ec8618d220894ee1ae26e60d71bda9545f450c096f043a6edc0cd6c958dec5c4b2cefad8281fba4b91b29019d0a6662

Download Submit
C:\Windows\System\BmZCKPq.exe

Filesize
1.9MB

MD5
ad48b741048bfb660d75e48f6333e3f9

SHA1
e16a1a46e028ed8aee25c3974a7784fac5ebe486

SHA256
e09218f12f99165c16ed17af79a456e169f6ba58b6e8c140b64063f9f8c37501

SHA512
63c3d84d3da09708cba99eb562e2d8dec23e4923d35a63797a9a5633624275a249d61ba05b14ebc769f313dda4658a55e466a67fc5938e1e88bf3253e02b0a5d

Download Submit
C:\Windows\System\CZsOYGQ.exe

Filesize
1.9MB

MD5
6241696fc30b248929819a65f977589b

SHA1
7b5875fcfd510dac3af3d5e86f3799676bfc61ae

SHA256
eb7c854d6797a1addca611a2ae3cac7f47c7d3a5902a5673de2152a534a1ce82

SHA512
026616c50a1e179d415949dac14c53c647f1d91495d1891b2b7064a9a92c391380b0adf2bef02c580bb1d56d44cf46dfcd32d6105460c19365aa45dee1dd3d54

Download Submit
C:\Windows\System\CrMXxXU.exe

Filesize
1.9MB

MD5
f71869b90d8647d1708a937ee8e73ca0

SHA1
d85b7dba48204df7e4ce4224eb567dd41a7a810e

SHA256
edfc89ac8c024fbba9dbecfa3f1e6103330314ee8e58b1008fcb9c5b5ff91455

SHA512
5b4d74ae4ce951deab50fa8a61edcaad100ca3aca1542f74765213238adfba5e4ecc3ee7b1658535ca08b51bff86a893dcfe47e392bcea0ea6ab7a0ab8874d55

Download Submit
C:\Windows\System\EvGkTFa.exe

Filesize
1.9MB

MD5
bd8549abc16ebc6a7ec5f1af7ae4fdfb

SHA1
3bafd423d3ba14cf297bff56c292cb7edd10d625

SHA256
693fa32efb49aa387f6734b05c50b69a8513435f70efbb6c3e44b4bb8d6c99ea

SHA512
a00b77d5d4341ffe5a50e21407a0b80823610693b2bc821972e4ffcf193404c092c12966c395718001eca80edf4c9a2a238485a92fc6fbecca19b02c6e633c94

Download Submit
C:\Windows\System\FmKGmWt.exe

Filesize
1.9MB

MD5
f75ed5b8b8d591421b788ad59ed5e0d3

SHA1
f3f71d86c641d18921a3d16a76681ea467fbb0ab

SHA256
169c2b1519f0a04d76b00e875d5ed38e1c4805cb733b67efc023af10ea21e89f

SHA512
e0bebdab8034f8264f9f42371668828020970e5659c0378d20e9b8c945dbe92d06050b1951fb16c66c20a165f824a19e799dea58d5cc39c1895c21cbca3d3c5b

Download Submit
C:\Windows\System\GSXxRbg.exe

Filesize
1.9MB

MD5
da74e5b3b1245f73c92145886bf67165

SHA1
85c040bdf7ee011e7c322b97f6199295b37f39ef

SHA256
04c76dca9adefed25097c87f6c0ec2f17347d45492879595a5b721dfcdc04f30

SHA512
5c09e584225fa690ed864da6d9c9dc89afa1ebb99464c433c3a9ec9300030768251078b90f5824a3d3bf32bc65ab11095a455840adedc169a1ea1978c892c943

Download Submit
C:\Windows\System\IDwIvRx.exe

Filesize
1.9MB

MD5
15762ac1783ce28a5a8df7e4ceb358f6

SHA1
73650553524a3e9db1c1619d2aa8f8aa4e5e505e

SHA256
7df48950e77439005ce44482add648e8299d2903064ac7068240e46b94bc72b8

SHA512
043773d80414ea5dbd05dcf645976d873d82d5cb4a2b0217cfb6838a1498bf3782c97965daabfc376e303d02e549a30e2b2a8f8a646e063c7f2710aae455d034

Download Submit
C:\Windows\System\InfFuoX.exe

Filesize
1.9MB

MD5
6bf71494e7fd0503673c112e5484fecc

SHA1
a38d19e019b1c1f5d27ae1fca5ce211dd4b72ace

SHA256
bdd092274e41e15a0e10aaeef7be6363640cc6ff15db8ad04eb75f03962cb2f8

SHA512
5fd9b8ab5b740fee4339fd71f4a08bbcb447e931364d9bec3a9de97c39c2570ef829c993fe35dcd3602c956b40c97992a66371d5bb5ad3ce4259dba456c255f4

Download Submit
C:\Windows\System\NqwhSMg.exe

Filesize
1.9MB

MD5
6a378bdf2a9a98cff0f2a37e44e33ea5

SHA1
5aa9c2ea9894dd689b40fe996aa4ddca03ea6be6

SHA256
04f2b42b35049e6b1de36432a8fa8ae9e9c2e07205a3e241db36440533a31eac

SHA512
b22bda11f140007ae50f53831bb6f8047776f55fbdf1af5212029fa1f3f389099204e8e6fa968aa93bf318d229ce83e05a17c8249374c11ea0748d94d8123c6d

Download Submit
C:\Windows\System\RCiSHwM.exe

Filesize
1.9MB

MD5
96fce70cb417c91128d5028c17f7bdd1

SHA1
5e33a40e95535ebd7d36738135f6f6c1d4f62a42

SHA256
90edee1bcc41d2e55489664715561f611dff6870f4efcbab9386a9f90a533bb1

SHA512
06b9d3633ecc1aa66b1701d8cc01cc9607206d28aee7e0907c7386d7a4b62dc45cf2d4e5fd4aee2fd798f0f288d7cfdfac9b5b4dcfe7a91e32ee5786299bfd38

Download Submit
C:\Windows\System\UJNgzYK.exe

Filesize
1.9MB

MD5
420988cc8a23b6ecef915a5e216e9f60

SHA1
19f9433e358b6fb591b223df690919f4828da80e

SHA256
25b77d2b6d3bf035232b11b9d6b8c00fba6fc6bc53c817d9001b7e342d9e079b

SHA512
73a0e57dc9ad1b0ec9a6dc29d06677448b11b39bb8d192436181879d8c9bf7014edb0120befe08482de0033b7cb15f02060e7fd5797df83e8a5857271e2d2857

Download Submit
C:\Windows\System\VXZxGua.exe

Filesize
1.9MB

MD5
749978465956839e1833a80c14eb6aae

SHA1
0a661896e25eeb56d3f9a2424922f088e7a9236c

SHA256
f69b27e856feac89273e2c97ce1006561f4201cf1c3349cc671c8723bcabd5b1

SHA512
c10f41bee5fdc7d63ff914844023657630751cc13e430b4c777dea9e9bcb9626d28dd76be0c2c053e0c8f9d600e1eec9b9f28dd9f7b57382abcc09da94d51929

Download Submit
C:\Windows\System\VuVpsxI.exe

Filesize
1.9MB

MD5
6ce29e8ea8458ba123f622c0b1c824f8

SHA1
312b9ea44e7791b056be61d910ab6b493e0b9692

SHA256
f206d7a2b9b10ab2f6057cfba173aa56d45c75ff7ffc2f76cddaefec10e828db

SHA512
10d13d7b74242f91d598de469837cad21a8bc3b99230096052f97922c4d3bcaa424ca87dcf79f5e049992b09f2ac0fef2f3a8c4e887ce8907d240412c9839ba8

Download Submit
C:\Windows\System\WoglXVq.exe

Filesize
1.9MB

MD5
8b7f19a5cfb9605abb2528800769afc9

SHA1
85857f017aa4a3a1d936c33fea7536dc85eaae0d

SHA256
1fab7e93c654df92a68bbf00d1b90145cef7666366a64b9343ddc4d23e90f9a3

SHA512
78e3395912597b5eca9a741211fafc72c0651f80d0306f576460de71e6a4ad2b25cce082492838bbbf8bd667b26c2bc3039c6e3d6e22133961cc551068d29ed6

Download Submit
C:\Windows\System\WtGBAba.exe

Filesize
1.9MB

MD5
8e14baccf140b3b5d6ee31ea8c8dc42e

SHA1
34e9f3325cdd43c165e235223f5792b812c9201b

SHA256
68f386728d009ea8c1fe02a62778c5b8f7d8f3c363bbaa322ad3187d0542f5e5

SHA512
89d896f785db32b8782ec512b9bf5dc21074c4769c8bf8bd7f24c83dc7f64e892e80d94fbf85b3172357ed43b1922af606509d6d039babbdd42992d270e6e5aa

Download Submit
C:\Windows\System\ZysORQH.exe

Filesize
1.9MB

MD5
67d8bc3b30e0a562eb6d7b9e558128c8

SHA1
c2208f2ac7a2c2d676ea797bc66259f26cfa8c32

SHA256
cb4664e509c404e88285fcf17d4ae2e9d92d5fbae59e04dcb6b6a0a97482b468

SHA512
d5bcffa95b5c2607c7929fbd2976ad644ed834c661a1ac672a1096222ac7a72cf8c67ec89cc971e7d800ccc082f56f184929880b2ad53afc8cbaee525c3bc39b

Download Submit
C:\Windows\System\aQHWXTT.exe

Filesize
1.9MB

MD5
dd2ec5dd2c18c2f496d152e771b4c756

SHA1
60337819f0b737b49f468a59fc834f3209844e88

SHA256
0b10a7535830bbeaf562d00bab848ea5f947f6dbef4851563befd35638aeffa8

SHA512
b94fb19c0cdcfc348508bc0129a8c81c4dd35ae61dfd5fc00625dd7756687c9b33208d16440440643024c3c4617122bc3e081435cd0262dbdaf10ed8c9ab1872

Download Submit
C:\Windows\System\bRQqwrO.exe

Filesize
1.9MB

MD5
89226fc9301ed1bfe8f17c112791cf3b

SHA1
0ddd7bf5b580678e1c2b2087cf2d0c1af1bb453d

SHA256
4d073e1e19eb155ac4f158d753f1442740a1a1505d43b12c7ba2d429b7f0e821

SHA512
7e626fa9bfae1feea10cd1212e50a77d062c28a41055b67a075a6e5a2d568b9ccec65b77a509c86b1a76630525f519dcbb37c61cf4eac879ddae27b5eb6cc28a

Download Submit
C:\Windows\System\cJRApsk.exe

Filesize
1.9MB

MD5
e6ef56305e44bc98b47509229cfd7fa1

SHA1
cb2290805d63b44f89824f0bbb3386ff23066e59

SHA256
a1a4744f46498c9504a26d0b3728e4d0e8207bd3568df3bc81f18ff86160612e

SHA512
dd05ff21936c04cd8387334db5212f08f29b4da641a676a13fa68719460699a3f6fb0263422731fcee75d5d6903aadf1a381e2c4c885a6c51d0a3a0e9e3ed86d

Download Submit
C:\Windows\System\eGHvuFd.exe

Filesize
1.9MB

MD5
52697467d07762743feb07e7278ce5c4

SHA1
0a6bfb6c8f3354c093347a1e371bb6c4688382d4

SHA256
72a0129bc8cae630d765e7061eadf056f0ebcccf4a482e1ed044e422e1e05fb8

SHA512
29cd940e1658445fcd9c98b742ea91b043b582ed0480ac1cd26fb1c4778a620ed52002d44af4ad7ca7d9c4d65401df35df77df52ce3507f0e4451deffb97dce6

Download Submit
C:\Windows\System\eUaBGsa.exe

Filesize
1.9MB

MD5
45346187e71e7606f3dca3b2c71d8576

SHA1
f04648bac507e50d2c67e86ac7df5d7ee310e96c

SHA256
36fdacd40e543c9cc6fdb7a507671aef29ec607fdeab4bbe36d3bc3936193f0d

SHA512
3ebb847ea91eef86eb704c84cd76fd53be03655d1ab276fe448e3c287a213629aec255d3c23ce6de9f6427f9f70d6733e89fc7b5206c80e6be228a8b5372cf8b

Download Submit
C:\Windows\System\jVjDyHU.exe

Filesize
1.9MB

MD5
69bbe0e75c631c57c07e75d8f5bb777c

SHA1
4e61cec50a21ee70bee03fe84e059a4b6ee98766

SHA256
d607b2e73620842a74df23d68583bd984d4403e1c047cc154255930d4ef355e3

SHA512
d569de1da97bc7815ab0866a0dab843ae9f046043b617ce0eee919d45dee6c860a830c4b45aa23630280f061c495195f213396adc1c72de0c3628ef1fa4e968e

Download Submit
C:\Windows\System\jhnSUDr.exe

Filesize
1.9MB

MD5
186700255908f0f6c704526a6b1bf6f5

SHA1
74cd623caef68fd174e2d11a948e27d7b387d5a2

SHA256
38f72fa3e5050d0e09f7247f8fb569bcd642f46c530589edf36839a67df1533e

SHA512
8350b52b30d00240b13443a0e16708ca8dce311cd40302b51135fd599c114b459b54d623ea3c4c9714a88483ce5c9f6553ef05368292017d876190da7fe1ec38

Download Submit
C:\Windows\System\jmpkSts.exe

Filesize
1.9MB

MD5
dba7484fac129a839efb854b34b00c57

SHA1
92c790902edabeecd0cb88ff33be1b89740c6178

SHA256
bbad27147fa7eb22116964b9add106d8132d4588a03b101489cc0bc9b1a07d24

SHA512
0a8b40ef4ac52a309b33a66a2f0b2e74c7a8fc04b92faa5bd0c5e7654cccea23dada5ff5ef8d9776bbe3ec58b2347e37f728e68477ab003dd4ca8074f2287413

Download Submit
C:\Windows\System\nbhGucV.exe

Filesize
1.9MB

MD5
604e91db2cb210477b7a04ebe6586f5d

SHA1
7b04c27e4b3109fbeb20fdfeec4412910d4bc36d

SHA256
c7aa329ea8b95ba3c3e19d7d0bdad5ad5529c97619766c054e9df444daa901b5

SHA512
cac08bbcbdd9a8dfa2098e2f203709a0942c3a94304eec9f746a97e2698ec7c1c5698a3feb490aed1f8fe4964935117bc16e89b44261217631a135be7bfc5970

Download Submit
C:\Windows\System\qzBZOOS.exe

Filesize
1.9MB

MD5
8340b6ce64fd11547299c02389400640

SHA1
eb2ea31b8a136a6ad53d85e17923c0412bf9e101

SHA256
310f0c93a8d56b9141a53642f7d5e2a0e2b0c144491d776053695a081678d845

SHA512
c4cf8b4545e6d29eb0d78a5b84670bec6baf661a5eb4ac3a9e228c224cf12668a7541e7ae197728ad481e0d5aa3ef7ba54ab28aabb35add6dea50ecb25ee8553

Download Submit
C:\Windows\System\vRkWGgP.exe

Filesize
1.9MB

MD5
f2b492c42011c9f4fc329f21ed93d158

SHA1
6e2c52fc93171b671f72fda7b060dedd12e86057

SHA256
c84376c7724abde3acfdbb229e57667fc1b8b2c57f1c08553fece1fcf7d06556

SHA512
0937096ddc955b01f3baefbefe3ee26165956ca58d555709bc5338a87a4cbdd4650686c27c1cb9f9a9dca1c8f48f5d28817645fff91cc2a4fe02d386b055a4a3

Download Submit
C:\Windows\System\viyIdms.exe

Filesize
1.9MB

MD5
7b31bc220c80eff967c424961e79742b

SHA1
0e804c7e6240aab2b21b33dda5c91798de5ad55f

SHA256
dbb46a432d4af33d3c8f0b11f5739493171ede3b85605e62226a07e374517f0d

SHA512
20ad69c21c394278659e8679f898cb722de626fb6a1173c91d9eacb94ece9d974129dc928319608034c03df52c061ba3acc1a791466d2d3d3a46a06048bb9a5f

Download Submit
C:\Windows\System\wWCihtR.exe

Filesize
1.9MB

MD5
5555c0c5449c708b26739a0ae977f514

SHA1
d458824b16d8a1a0f42934a15b26629e2c2ac414

SHA256
d1ff341777e174af2632a7dfe21ac6825660c2ff4aa9268e0eed43ad4b146af3

SHA512
c3f6fbd33ec18250f86614095e459aa74f2995f1bdc9f695a2237b0f4bc317c82287004260704a4e1b9509cb1770ba19c3c99c28d8b38d7512a6d6bbea182185

Download Submit
C:\Windows\System\ykWckSD.exe

Filesize
1.9MB

MD5
44c1ec76ba4f994cbbe181ed931aa339

SHA1
c7db3bf8497c3305634c7943df8dcd57b3b87740

SHA256
dbf341c1d6b8f0839fc9127d8c07a95504728a5f015edd992acb4d622932e237

SHA512
cab644bc4cd33b8cf4dc294718454553407b3095db50842876e62fe1af4ac8fac3a132e255ad84e80909b22aa0c05f7fb406603ed6c068d2c1536747f33b85f4

Download Submit
C:\Windows\System\yzWGBia.exe

Filesize
1.9MB

MD5
a965eed6c694954e42ab98dbd68fd127

SHA1
b7f089a0405798a7a31c8f9dd81bffe9aaf8c2e9

SHA256
74307e088ca1e619932565c3bcb7d550a853403a650fbf915729c9a0d164f02f

SHA512
a78f8e63b6e79364359705ea64830de0c2a9eda37a58ee137043f63b14bc3e51eb5952926e33eafd8d36c98931e230b6472666fb6619f8018676b2ffd64f6123

Download Submit
memory/324-2244-0x00007FF673C10000-0x00007FF673F61000-memory.dmp

Filesize
3.3MB

Download
memory/324-53-0x00007FF673C10000-0x00007FF673F61000-memory.dmp

Filesize
3.3MB

Download
memory/532-2230-0x00007FF636350000-0x00007FF6366A1000-memory.dmp

Filesize
3.3MB

Download
memory/532-1109-0x00007FF636350000-0x00007FF6366A1000-memory.dmp

Filesize
3.3MB

Download
memory/532-19-0x00007FF636350000-0x00007FF6366A1000-memory.dmp

Filesize
3.3MB

Download
memory/732-401-0x00007FF6DEB00000-0x00007FF6DEE51000-memory.dmp

Filesize
3.3MB

Download
memory/732-2282-0x00007FF6DEB00000-0x00007FF6DEE51000-memory.dmp

Filesize
3.3MB

Download
memory/852-2228-0x00007FF655CC0000-0x00007FF656011000-memory.dmp

Filesize
3.3MB

Download
memory/852-10-0x00007FF655CC0000-0x00007FF656011000-memory.dmp

Filesize
3.3MB

Download
memory/1492-355-0x00007FF6B5090000-0x00007FF6B53E1000-memory.dmp

Filesize
3.3MB

Download
memory/1492-2268-0x00007FF6B5090000-0x00007FF6B53E1000-memory.dmp

Filesize
3.3MB

Download
memory/1548-2238-0x00007FF7A7FF0000-0x00007FF7A8341000-memory.dmp

Filesize
3.3MB

Download
memory/1548-40-0x00007FF7A7FF0000-0x00007FF7A8341000-memory.dmp

Filesize
3.3MB

Download
memory/1572-370-0x00007FF7D4950000-0x00007FF7D4CA1000-memory.dmp

Filesize
3.3MB

Download
memory/1572-2284-0x00007FF7D4950000-0x00007FF7D4CA1000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2254-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp

Filesize
3.3MB

Download
memory/1708-431-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp

Filesize
3.3MB

Download
memory/1984-366-0x00007FF762FB0000-0x00007FF763301000-memory.dmp

Filesize
3.3MB

Download
memory/1984-2278-0x00007FF762FB0000-0x00007FF763301000-memory.dmp

Filesize
3.3MB

Download
memory/2020-2206-0x00007FF7B8AF0000-0x00007FF7B8E41000-memory.dmp

Filesize
3.3MB

Download
memory/2020-90-0x00007FF7B8AF0000-0x00007FF7B8E41000-memory.dmp

Filesize
3.3MB

Download
memory/2020-2256-0x00007FF7B8AF0000-0x00007FF7B8E41000-memory.dmp

Filesize
3.3MB

Download
memory/2044-68-0x00007FF788C00000-0x00007FF788F51000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2246-0x00007FF788C00000-0x00007FF788F51000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2174-0x00007FF788C00000-0x00007FF788F51000-memory.dmp

Filesize
3.3MB

Download
memory/2260-379-0x00007FF6965F0000-0x00007FF696941000-memory.dmp

Filesize
3.3MB

Download
memory/2260-2272-0x00007FF6965F0000-0x00007FF696941000-memory.dmp

Filesize
3.3MB

Download
memory/2480-54-0x00007FF74CD20000-0x00007FF74D071000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2242-0x00007FF74CD20000-0x00007FF74D071000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2175-0x00007FF74CD20000-0x00007FF74D071000-memory.dmp

Filesize
3.3MB

Download
memory/2508-29-0x00007FF719310000-0x00007FF719661000-memory.dmp

Filesize
3.3MB

Download
memory/2508-2234-0x00007FF719310000-0x00007FF719661000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2270-0x00007FF7F1A80000-0x00007FF7F1DD1000-memory.dmp

Filesize
3.3MB

Download
memory/2544-362-0x00007FF7F1A80000-0x00007FF7F1DD1000-memory.dmp

Filesize
3.3MB

Download
memory/2580-339-0x00007FF65F650000-0x00007FF65F9A1000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2262-0x00007FF65F650000-0x00007FF65F9A1000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2280-0x00007FF64BED0000-0x00007FF64C221000-memory.dmp

Filesize
3.3MB

Download
memory/2588-420-0x00007FF64BED0000-0x00007FF64C221000-memory.dmp

Filesize
3.3MB

Download
memory/2780-104-0x00007FF64EB00000-0x00007FF64EE51000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2258-0x00007FF64EB00000-0x00007FF64EE51000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2210-0x00007FF64EB00000-0x00007FF64EE51000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1-0x000001B9CE440000-0x000001B9CE450000-memory.dmp

Filesize
64KB

Download
memory/2804-78-0x00007FF71C880000-0x00007FF71CBD1000-memory.dmp

Filesize
3.3MB

Download
memory/2804-0-0x00007FF71C880000-0x00007FF71CBD1000-memory.dmp

Filesize
3.3MB

Download
memory/2816-434-0x00007FF6E84D0000-0x00007FF6E8821000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2264-0x00007FF6E84D0000-0x00007FF6E8821000-memory.dmp

Filesize
3.3MB

Download
memory/2832-346-0x00007FF61A390000-0x00007FF61A6E1000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2266-0x00007FF61A390000-0x00007FF61A6E1000-memory.dmp

Filesize
3.3MB

Download
memory/3212-21-0x00007FF68CB90000-0x00007FF68CEE1000-memory.dmp

Filesize
3.3MB

Download
memory/3212-1110-0x00007FF68CB90000-0x00007FF68CEE1000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2232-0x00007FF68CB90000-0x00007FF68CEE1000-memory.dmp

Filesize
3.3MB

Download
memory/3284-1737-0x00007FF6710C0000-0x00007FF671411000-memory.dmp

Filesize
3.3MB

Download
memory/3284-30-0x00007FF6710C0000-0x00007FF671411000-memory.dmp

Filesize
3.3MB

Download
memory/3284-2236-0x00007FF6710C0000-0x00007FF671411000-memory.dmp

Filesize
3.3MB

Download
memory/3628-2252-0x00007FF75D1D0000-0x00007FF75D521000-memory.dmp

Filesize
3.3MB

Download
memory/3628-338-0x00007FF75D1D0000-0x00007FF75D521000-memory.dmp

Filesize
3.3MB

Download
memory/3980-2205-0x00007FF6F0CC0000-0x00007FF6F1011000-memory.dmp

Filesize
3.3MB

Download
memory/3980-2260-0x00007FF6F0CC0000-0x00007FF6F1011000-memory.dmp

Filesize
3.3MB

Download
memory/3980-77-0x00007FF6F0CC0000-0x00007FF6F1011000-memory.dmp

Filesize
3.3MB

Download
memory/3984-2274-0x00007FF6FDE80000-0x00007FF6FE1D1000-memory.dmp

Filesize
3.3MB

Download
memory/3984-387-0x00007FF6FDE80000-0x00007FF6FE1D1000-memory.dmp

Filesize
3.3MB

Download
memory/4296-369-0x00007FF6CFEC0000-0x00007FF6D0211000-memory.dmp

Filesize
3.3MB

Download
memory/4296-2276-0x00007FF6CFEC0000-0x00007FF6D0211000-memory.dmp

Filesize
3.3MB

Download
memory/4548-49-0x00007FF79DFA0000-0x00007FF79E2F1000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2240-0x00007FF79DFA0000-0x00007FF79E2F1000-memory.dmp

Filesize
3.3MB

Download
memory/5040-2251-0x00007FF67E470000-0x00007FF67E7C1000-memory.dmp

Filesize
3.3MB

Download
memory/5040-74-0x00007FF67E470000-0x00007FF67E7C1000-memory.dmp

Filesize
3.3MB

Download
memory/5040-2203-0x00007FF67E470000-0x00007FF67E7C1000-memory.dmp

Filesize
3.3MB

Download
memory/5112-423-0x00007FF60B240000-0x00007FF60B591000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2248-0x00007FF60B240000-0x00007FF60B591000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads