xmrig | 55798ed91969da102734ede260b890b87d8ce81c4509fd8d697e52932fe4a698

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 03:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
Size

1.4MB
MD5

d085c9df4f0cf33dcb69ab863a3bd740
SHA1

2bdfee2ff1ff7623cde2249347b77d2a05e0e5f9
SHA256

55798ed91969da102734ede260b890b87d8ce81c4509fd8d697e52932fe4a698
SHA512

74d83f32412d9fa62be86b33ea66b34970635d65c6b2f53c13ff0c8dee35ff8a422d3478f6b1c92f15b0dd6b6b30129943478bac295c2a7b411addea7fb4b937
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727ZvhwJWe9pY4p9XvOjeUlV/oPVHsv4Tz2T3o3K:ROdWCCi7/rahoyS6SHb0l

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/1360-54-0x00007FF7AE9E0000-0x00007FF7AED31000-memory.dmp	xmrig
behavioral2/memory/4044-468-0x00007FF655B20000-0x00007FF655E71000-memory.dmp	xmrig
behavioral2/memory/2188-470-0x00007FF6C02E0000-0x00007FF6C0631000-memory.dmp	xmrig
behavioral2/memory/1748-472-0x00007FF634840000-0x00007FF634B91000-memory.dmp	xmrig
behavioral2/memory/2004-473-0x00007FF6CE050000-0x00007FF6CE3A1000-memory.dmp	xmrig
behavioral2/memory/1436-475-0x00007FF70BEF0000-0x00007FF70C241000-memory.dmp	xmrig
behavioral2/memory/3284-477-0x00007FF73CB40000-0x00007FF73CE91000-memory.dmp	xmrig
behavioral2/memory/4288-479-0x00007FF7614E0000-0x00007FF761831000-memory.dmp	xmrig
behavioral2/memory/1064-480-0x00007FF7F0180000-0x00007FF7F04D1000-memory.dmp	xmrig
behavioral2/memory/4716-483-0x00007FF69B070000-0x00007FF69B3C1000-memory.dmp	xmrig
behavioral2/memory/5080-485-0x00007FF706AC0000-0x00007FF706E11000-memory.dmp	xmrig
behavioral2/memory/1040-484-0x00007FF661280000-0x00007FF6615D1000-memory.dmp	xmrig
behavioral2/memory/3420-482-0x00007FF70D180000-0x00007FF70D4D1000-memory.dmp	xmrig
behavioral2/memory/2164-481-0x00007FF6C3050000-0x00007FF6C33A1000-memory.dmp	xmrig
behavioral2/memory/4940-478-0x00007FF711100000-0x00007FF711451000-memory.dmp	xmrig
behavioral2/memory/4104-476-0x00007FF62FF00000-0x00007FF630251000-memory.dmp	xmrig
behavioral2/memory/1204-474-0x00007FF677500000-0x00007FF677851000-memory.dmp	xmrig
behavioral2/memory/2892-471-0x00007FF6A10C0000-0x00007FF6A1411000-memory.dmp	xmrig
behavioral2/memory/2548-469-0x00007FF7EFF70000-0x00007FF7F02C1000-memory.dmp	xmrig
behavioral2/memory/640-59-0x00007FF63DCF0000-0x00007FF63E041000-memory.dmp	xmrig
behavioral2/memory/456-51-0x00007FF6E3B90000-0x00007FF6E3EE1000-memory.dmp	xmrig
behavioral2/memory/4844-38-0x00007FF6906F0000-0x00007FF690A41000-memory.dmp	xmrig
behavioral2/memory/3212-2177-0x00007FF690B60000-0x00007FF690EB1000-memory.dmp	xmrig
behavioral2/memory/220-2178-0x00007FF7671B0000-0x00007FF767501000-memory.dmp	xmrig
behavioral2/memory/2380-2179-0x00007FF777B20000-0x00007FF777E71000-memory.dmp	xmrig
behavioral2/memory/4844-2180-0x00007FF6906F0000-0x00007FF690A41000-memory.dmp	xmrig
behavioral2/memory/3064-2181-0x00007FF797F60000-0x00007FF7982B1000-memory.dmp	xmrig
behavioral2/memory/3092-2214-0x00007FF71D280000-0x00007FF71D5D1000-memory.dmp	xmrig
behavioral2/memory/2108-2219-0x00007FF612520000-0x00007FF612871000-memory.dmp	xmrig
behavioral2/memory/2872-2221-0x00007FF610240000-0x00007FF610591000-memory.dmp	xmrig
behavioral2/memory/3212-2223-0x00007FF690B60000-0x00007FF690EB1000-memory.dmp	xmrig
behavioral2/memory/456-2227-0x00007FF6E3B90000-0x00007FF6E3EE1000-memory.dmp	xmrig
behavioral2/memory/4844-2231-0x00007FF6906F0000-0x00007FF690A41000-memory.dmp	xmrig
behavioral2/memory/220-2229-0x00007FF7671B0000-0x00007FF767501000-memory.dmp	xmrig
behavioral2/memory/2380-2225-0x00007FF777B20000-0x00007FF777E71000-memory.dmp	xmrig
behavioral2/memory/640-2233-0x00007FF63DCF0000-0x00007FF63E041000-memory.dmp	xmrig
behavioral2/memory/1360-2235-0x00007FF7AE9E0000-0x00007FF7AED31000-memory.dmp	xmrig
behavioral2/memory/3284-2267-0x00007FF73CB40000-0x00007FF73CE91000-memory.dmp	xmrig
behavioral2/memory/4104-2269-0x00007FF62FF00000-0x00007FF630251000-memory.dmp	xmrig
behavioral2/memory/3420-2271-0x00007FF70D180000-0x00007FF70D4D1000-memory.dmp	xmrig
behavioral2/memory/5080-2275-0x00007FF706AC0000-0x00007FF706E11000-memory.dmp	xmrig
behavioral2/memory/4716-2273-0x00007FF69B070000-0x00007FF69B3C1000-memory.dmp	xmrig
behavioral2/memory/1040-2277-0x00007FF661280000-0x00007FF6615D1000-memory.dmp	xmrig
behavioral2/memory/4940-2265-0x00007FF711100000-0x00007FF711451000-memory.dmp	xmrig
behavioral2/memory/1064-2263-0x00007FF7F0180000-0x00007FF7F04D1000-memory.dmp	xmrig
behavioral2/memory/1436-2261-0x00007FF70BEF0000-0x00007FF70C241000-memory.dmp	xmrig
behavioral2/memory/4288-2260-0x00007FF7614E0000-0x00007FF761831000-memory.dmp	xmrig
behavioral2/memory/2164-2257-0x00007FF6C3050000-0x00007FF6C33A1000-memory.dmp	xmrig
behavioral2/memory/3092-2255-0x00007FF71D280000-0x00007FF71D5D1000-memory.dmp	xmrig
behavioral2/memory/2108-2253-0x00007FF612520000-0x00007FF612871000-memory.dmp	xmrig
behavioral2/memory/4044-2251-0x00007FF655B20000-0x00007FF655E71000-memory.dmp	xmrig
behavioral2/memory/2548-2247-0x00007FF7EFF70000-0x00007FF7F02C1000-memory.dmp	xmrig
behavioral2/memory/1748-2245-0x00007FF634840000-0x00007FF634B91000-memory.dmp	xmrig
behavioral2/memory/2004-2241-0x00007FF6CE050000-0x00007FF6CE3A1000-memory.dmp	xmrig
behavioral2/memory/1204-2239-0x00007FF677500000-0x00007FF677851000-memory.dmp	xmrig
behavioral2/memory/3064-2237-0x00007FF797F60000-0x00007FF7982B1000-memory.dmp	xmrig
behavioral2/memory/2188-2249-0x00007FF6C02E0000-0x00007FF6C0631000-memory.dmp	xmrig
behavioral2/memory/2892-2243-0x00007FF6A10C0000-0x00007FF6A1411000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2872	qDOgQFS.exe
3212	UMMIMda.exe
2380	kkKuzQh.exe
220	KLqoJjL.exe
456	WZwwmBO.exe
4844	ZjPlPlh.exe
640	KRaoDTa.exe
1360	igkyrrd.exe
3064	YbcVOwh.exe
3092	ciMwLQx.exe
2108	jSXOViP.exe
4044	EbMnPEV.exe
2548	baBeCZy.exe
2188	xiJsRmA.exe
2892	davasGs.exe
1748	seISDec.exe
2004	pliAwgp.exe
1204	NpVKaHj.exe
1436	OioqAqJ.exe
4104	uCUeULG.exe
3284	FmpISPq.exe
4940	wGIBHBw.exe
4288	EThkttw.exe
1064	zdjMSxC.exe
2164	UDFliGF.exe
3420	ACtAoCW.exe
4716	SkRLpPF.exe
1040	mDBOnkY.exe
5080	FwsnITK.exe
1624	NfNBsAi.exe
2336	eVLXXVC.exe
2636	mACOdcL.exe
2800	ZCGXmdM.exe
3980	nMxjjyt.exe
8	EtpwXQC.exe
2236	EyhqKww.exe
4184	aXyLeCo.exe
3900	QnfnvSX.exe
2028	SxQEllx.exe
1916	XGBMfvO.exe
4856	XDLodWZ.exe
3744	vlWEOrF.exe
4628	tELmKWl.exe
4576	MyCyiBk.exe
3972	SEwNUUu.exe
5064	JMJIOhg.exe
3552	rqtEUxi.exe
4376	purXucS.exe
4648	KuhvbDG.exe
4720	cINIIdN.exe
228	HnzAjAy.exe
860	sLPtlEA.exe
4924	rfUAaYR.exe
1776	mEHeHdJ.exe
3248	xKRQmvM.exe
3860	sqjthOP.exe
1112	FMPnGeP.exe
2728	semWiYu.exe
5104	pfEhtqS.exe
2836	gPlfyTC.exe
2468	dpixhGh.exe
3604	uDOqAbU.exe
4724	iXxNDLL.exe
1236	oDJyICe.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1104-0-0x00007FF7F1130000-0x00007FF7F1481000-memory.dmp	upx
behavioral2/files/0x00080000000233fe-9.dat	upx
behavioral2/files/0x0007000000023402-8.dat	upx
behavioral2/files/0x0007000000023404-31.dat	upx
behavioral2/files/0x0007000000023407-43.dat	upx
behavioral2/memory/1360-54-0x00007FF7AE9E0000-0x00007FF7AED31000-memory.dmp	upx
behavioral2/files/0x0007000000023408-57.dat	upx
behavioral2/memory/3092-63-0x00007FF71D280000-0x00007FF71D5D1000-memory.dmp	upx
behavioral2/files/0x000700000002340a-69.dat	upx
behavioral2/files/0x000700000002340c-82.dat	upx
behavioral2/files/0x000700000002340e-92.dat	upx
behavioral2/files/0x0007000000023413-117.dat	upx
behavioral2/files/0x0007000000023416-132.dat	upx
behavioral2/files/0x0007000000023419-147.dat	upx
behavioral2/files/0x000700000002341c-162.dat	upx
behavioral2/memory/4044-468-0x00007FF655B20000-0x00007FF655E71000-memory.dmp	upx
behavioral2/memory/2188-470-0x00007FF6C02E0000-0x00007FF6C0631000-memory.dmp	upx
behavioral2/memory/1748-472-0x00007FF634840000-0x00007FF634B91000-memory.dmp	upx
behavioral2/memory/2004-473-0x00007FF6CE050000-0x00007FF6CE3A1000-memory.dmp	upx
behavioral2/memory/1436-475-0x00007FF70BEF0000-0x00007FF70C241000-memory.dmp	upx
behavioral2/memory/3284-477-0x00007FF73CB40000-0x00007FF73CE91000-memory.dmp	upx
behavioral2/memory/4288-479-0x00007FF7614E0000-0x00007FF761831000-memory.dmp	upx
behavioral2/memory/1064-480-0x00007FF7F0180000-0x00007FF7F04D1000-memory.dmp	upx
behavioral2/memory/4716-483-0x00007FF69B070000-0x00007FF69B3C1000-memory.dmp	upx
behavioral2/memory/5080-485-0x00007FF706AC0000-0x00007FF706E11000-memory.dmp	upx
behavioral2/memory/1040-484-0x00007FF661280000-0x00007FF6615D1000-memory.dmp	upx
behavioral2/memory/3420-482-0x00007FF70D180000-0x00007FF70D4D1000-memory.dmp	upx
behavioral2/memory/2164-481-0x00007FF6C3050000-0x00007FF6C33A1000-memory.dmp	upx
behavioral2/memory/4940-478-0x00007FF711100000-0x00007FF711451000-memory.dmp	upx
behavioral2/memory/4104-476-0x00007FF62FF00000-0x00007FF630251000-memory.dmp	upx
behavioral2/memory/1204-474-0x00007FF677500000-0x00007FF677851000-memory.dmp	upx
behavioral2/memory/2892-471-0x00007FF6A10C0000-0x00007FF6A1411000-memory.dmp	upx
behavioral2/memory/2548-469-0x00007FF7EFF70000-0x00007FF7F02C1000-memory.dmp	upx
behavioral2/files/0x0007000000023420-174.dat	upx
behavioral2/files/0x000700000002341e-172.dat	upx
behavioral2/files/0x000700000002341f-169.dat	upx
behavioral2/files/0x000700000002341d-167.dat	upx
behavioral2/files/0x000700000002341b-157.dat	upx
behavioral2/files/0x000700000002341a-152.dat	upx
behavioral2/files/0x0007000000023418-142.dat	upx
behavioral2/files/0x0007000000023417-137.dat	upx
behavioral2/files/0x0007000000023415-127.dat	upx
behavioral2/files/0x0007000000023414-122.dat	upx
behavioral2/files/0x0007000000023412-112.dat	upx
behavioral2/files/0x0007000000023411-107.dat	upx
behavioral2/files/0x0007000000023410-102.dat	upx
behavioral2/files/0x000700000002340f-97.dat	upx
behavioral2/files/0x000700000002340d-87.dat	upx
behavioral2/files/0x000700000002340b-77.dat	upx
behavioral2/memory/2108-68-0x00007FF612520000-0x00007FF612871000-memory.dmp	upx
behavioral2/files/0x0007000000023409-64.dat	upx
behavioral2/memory/640-59-0x00007FF63DCF0000-0x00007FF63E041000-memory.dmp	upx
behavioral2/memory/3064-55-0x00007FF797F60000-0x00007FF7982B1000-memory.dmp	upx
behavioral2/memory/456-51-0x00007FF6E3B90000-0x00007FF6E3EE1000-memory.dmp	upx
behavioral2/files/0x0007000000023406-47.dat	upx
behavioral2/memory/4844-38-0x00007FF6906F0000-0x00007FF690A41000-memory.dmp	upx
behavioral2/memory/2380-34-0x00007FF777B20000-0x00007FF777E71000-memory.dmp	upx
behavioral2/files/0x0007000000023405-32.dat	upx
behavioral2/files/0x0007000000023403-30.dat	upx
behavioral2/memory/220-25-0x00007FF7671B0000-0x00007FF767501000-memory.dmp	upx
behavioral2/memory/2872-11-0x00007FF610240000-0x00007FF610591000-memory.dmp	upx
behavioral2/memory/3212-16-0x00007FF690B60000-0x00007FF690EB1000-memory.dmp	upx
behavioral2/files/0x000700000002328e-6.dat	upx
behavioral2/memory/3212-2177-0x00007FF690B60000-0x00007FF690EB1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pfEhtqS.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\zDsSOeg.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\qTFHWIy.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\sLpHQtG.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\HnzAjAy.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\YCNGavb.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\uCGAAhf.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\TmNCyqL.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\IpMzNUr.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\tQhtijy.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\EtpwXQC.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\gGDeVBN.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\NFYwbXO.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\iPGXbFH.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\ozQcChN.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\DRhEQsD.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\JhHYAMa.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\owfmMuo.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\JMJIOhg.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\kcqbfJF.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\LwudKKe.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\laQLQtZ.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\nKlAKPj.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\SHMNkra.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\WSimgsk.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\RDeelFH.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\OPZuHUg.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\mtAMtrz.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\Qddkkkt.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\GaGfGzZ.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\OEUtqWH.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\ModaHKc.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\YCRhCUI.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\yvWrOcK.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\XhyqUOa.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\zwMtUXz.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\fZSLywX.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\fqhhnJH.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\bMgzdNO.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\dBbcvcI.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\Beoesmq.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\NKcqkCC.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\YfUyxfv.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\NFkoPbl.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\JhSSpOI.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\kkKuzQh.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\WZwwmBO.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\uuOkmMC.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\GvHxXfz.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\xISSKmb.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\uMavWSh.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\JiTqtCH.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\xWcqiZW.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\aIjwPlZ.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\eRwPvhd.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\alJgdJH.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\vvlkAFv.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\sgeKgOQ.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\QEoCUnm.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\MCMETRY.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\MBngMZF.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\XGBMfvO.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\jbBRYIr.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
File created	C:\Windows\System\jJwnNYb.exe	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13476	dwm.exe
Token: SeChangeNotifyPrivilege	13476	dwm.exe
Token: 33	13476	dwm.exe
Token: SeIncBasePriorityPrivilege	13476	dwm.exe
Token: SeShutdownPrivilege	13476	dwm.exe
Token: SeCreatePagefilePrivilege	13476	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 2872	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	83
PID 1104 wrote to memory of 2872	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	83
PID 1104 wrote to memory of 3212	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	84
PID 1104 wrote to memory of 3212	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	84
PID 1104 wrote to memory of 2380	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	85
PID 1104 wrote to memory of 2380	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	85
PID 1104 wrote to memory of 220	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	86
PID 1104 wrote to memory of 220	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	86
PID 1104 wrote to memory of 456	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	87
PID 1104 wrote to memory of 456	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	87
PID 1104 wrote to memory of 4844	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	88
PID 1104 wrote to memory of 4844	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	88
PID 1104 wrote to memory of 640	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	89
PID 1104 wrote to memory of 640	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	89
PID 1104 wrote to memory of 1360	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	90
PID 1104 wrote to memory of 1360	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	90
PID 1104 wrote to memory of 3064	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	91
PID 1104 wrote to memory of 3064	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	91
PID 1104 wrote to memory of 3092	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	92
PID 1104 wrote to memory of 3092	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	92
PID 1104 wrote to memory of 2108	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	93
PID 1104 wrote to memory of 2108	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	93
PID 1104 wrote to memory of 4044	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	94
PID 1104 wrote to memory of 4044	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	94
PID 1104 wrote to memory of 2548	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	95
PID 1104 wrote to memory of 2548	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	95
PID 1104 wrote to memory of 2188	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	96
PID 1104 wrote to memory of 2188	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	96
PID 1104 wrote to memory of 2892	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	97
PID 1104 wrote to memory of 2892	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	97
PID 1104 wrote to memory of 1748	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	98
PID 1104 wrote to memory of 1748	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	98
PID 1104 wrote to memory of 2004	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	99
PID 1104 wrote to memory of 2004	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	99
PID 1104 wrote to memory of 1204	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	100
PID 1104 wrote to memory of 1204	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	100
PID 1104 wrote to memory of 1436	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	101
PID 1104 wrote to memory of 1436	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	101
PID 1104 wrote to memory of 4104	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	102
PID 1104 wrote to memory of 4104	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	102
PID 1104 wrote to memory of 3284	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	103
PID 1104 wrote to memory of 3284	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	103
PID 1104 wrote to memory of 4940	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	104
PID 1104 wrote to memory of 4940	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	104
PID 1104 wrote to memory of 4288	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	105
PID 1104 wrote to memory of 4288	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	105
PID 1104 wrote to memory of 1064	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	106
PID 1104 wrote to memory of 1064	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	106
PID 1104 wrote to memory of 2164	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	107
PID 1104 wrote to memory of 2164	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	107
PID 1104 wrote to memory of 3420	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	108
PID 1104 wrote to memory of 3420	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	108
PID 1104 wrote to memory of 4716	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	109
PID 1104 wrote to memory of 4716	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	109
PID 1104 wrote to memory of 1040	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	110
PID 1104 wrote to memory of 1040	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	110
PID 1104 wrote to memory of 5080	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	111
PID 1104 wrote to memory of 5080	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	111
PID 1104 wrote to memory of 1624	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	112
PID 1104 wrote to memory of 1624	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	112
PID 1104 wrote to memory of 2336	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	113
PID 1104 wrote to memory of 2336	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	113
PID 1104 wrote to memory of 2636	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	114
PID 1104 wrote to memory of 2636	1104	d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d085c9df4f0cf33dcb69ab863a3bd740_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\System\qDOgQFS.exe
  C:\Windows\System\qDOgQFS.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\UMMIMda.exe
  C:\Windows\System\UMMIMda.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\kkKuzQh.exe
  C:\Windows\System\kkKuzQh.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\KLqoJjL.exe
  C:\Windows\System\KLqoJjL.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\WZwwmBO.exe
  C:\Windows\System\WZwwmBO.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\ZjPlPlh.exe
  C:\Windows\System\ZjPlPlh.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\KRaoDTa.exe
  C:\Windows\System\KRaoDTa.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\igkyrrd.exe
  C:\Windows\System\igkyrrd.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\YbcVOwh.exe
  C:\Windows\System\YbcVOwh.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ciMwLQx.exe
  C:\Windows\System\ciMwLQx.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\jSXOViP.exe
  C:\Windows\System\jSXOViP.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\EbMnPEV.exe
  C:\Windows\System\EbMnPEV.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\baBeCZy.exe
  C:\Windows\System\baBeCZy.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\xiJsRmA.exe
  C:\Windows\System\xiJsRmA.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\davasGs.exe
  C:\Windows\System\davasGs.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\seISDec.exe
  C:\Windows\System\seISDec.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\pliAwgp.exe
  C:\Windows\System\pliAwgp.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\NpVKaHj.exe
  C:\Windows\System\NpVKaHj.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\OioqAqJ.exe
  C:\Windows\System\OioqAqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\uCUeULG.exe
  C:\Windows\System\uCUeULG.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\FmpISPq.exe
  C:\Windows\System\FmpISPq.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\wGIBHBw.exe
  C:\Windows\System\wGIBHBw.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\EThkttw.exe
  C:\Windows\System\EThkttw.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\zdjMSxC.exe
  C:\Windows\System\zdjMSxC.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\UDFliGF.exe
  C:\Windows\System\UDFliGF.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ACtAoCW.exe
  C:\Windows\System\ACtAoCW.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\SkRLpPF.exe
  C:\Windows\System\SkRLpPF.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\mDBOnkY.exe
  C:\Windows\System\mDBOnkY.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\FwsnITK.exe
  C:\Windows\System\FwsnITK.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\NfNBsAi.exe
  C:\Windows\System\NfNBsAi.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\eVLXXVC.exe
  C:\Windows\System\eVLXXVC.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\mACOdcL.exe
  C:\Windows\System\mACOdcL.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\ZCGXmdM.exe
  C:\Windows\System\ZCGXmdM.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\nMxjjyt.exe
  C:\Windows\System\nMxjjyt.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\EtpwXQC.exe
  C:\Windows\System\EtpwXQC.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\EyhqKww.exe
  C:\Windows\System\EyhqKww.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\aXyLeCo.exe
  C:\Windows\System\aXyLeCo.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\QnfnvSX.exe
  C:\Windows\System\QnfnvSX.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\SxQEllx.exe
  C:\Windows\System\SxQEllx.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\XGBMfvO.exe
  C:\Windows\System\XGBMfvO.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\XDLodWZ.exe
  C:\Windows\System\XDLodWZ.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\vlWEOrF.exe
  C:\Windows\System\vlWEOrF.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\tELmKWl.exe
  C:\Windows\System\tELmKWl.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\MyCyiBk.exe
  C:\Windows\System\MyCyiBk.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\SEwNUUu.exe
  C:\Windows\System\SEwNUUu.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\JMJIOhg.exe
  C:\Windows\System\JMJIOhg.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\rqtEUxi.exe
  C:\Windows\System\rqtEUxi.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\purXucS.exe
  C:\Windows\System\purXucS.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\KuhvbDG.exe
  C:\Windows\System\KuhvbDG.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\cINIIdN.exe
  C:\Windows\System\cINIIdN.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\HnzAjAy.exe
  C:\Windows\System\HnzAjAy.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\sLPtlEA.exe
  C:\Windows\System\sLPtlEA.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\rfUAaYR.exe
  C:\Windows\System\rfUAaYR.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\mEHeHdJ.exe
  C:\Windows\System\mEHeHdJ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\xKRQmvM.exe
  C:\Windows\System\xKRQmvM.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\sqjthOP.exe
  C:\Windows\System\sqjthOP.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\FMPnGeP.exe
  C:\Windows\System\FMPnGeP.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\semWiYu.exe
  C:\Windows\System\semWiYu.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\pfEhtqS.exe
  C:\Windows\System\pfEhtqS.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\gPlfyTC.exe
  C:\Windows\System\gPlfyTC.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\dpixhGh.exe
  C:\Windows\System\dpixhGh.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\uDOqAbU.exe
  C:\Windows\System\uDOqAbU.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\iXxNDLL.exe
  C:\Windows\System\iXxNDLL.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\oDJyICe.exe
  C:\Windows\System\oDJyICe.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\mSBLOPF.exe
  C:\Windows\System\mSBLOPF.exe
  2⤵
  PID:4352
- C:\Windows\System\vTRdsCc.exe
  C:\Windows\System\vTRdsCc.exe
  2⤵
  PID:904
- C:\Windows\System\yUDBlLD.exe
  C:\Windows\System\yUDBlLD.exe
  2⤵
  PID:536
- C:\Windows\System\INWSojV.exe
  C:\Windows\System\INWSojV.exe
  2⤵
  PID:440
- C:\Windows\System\fwubMwZ.exe
  C:\Windows\System\fwubMwZ.exe
  2⤵
  PID:3648
- C:\Windows\System\RzuIsGX.exe
  C:\Windows\System\RzuIsGX.exe
  2⤵
  PID:4416
- C:\Windows\System\yRPnoWW.exe
  C:\Windows\System\yRPnoWW.exe
  2⤵
  PID:2424
- C:\Windows\System\wFLKgbU.exe
  C:\Windows\System\wFLKgbU.exe
  2⤵
  PID:3892
- C:\Windows\System\YCRhCUI.exe
  C:\Windows\System\YCRhCUI.exe
  2⤵
  PID:4332
- C:\Windows\System\xjwAIBy.exe
  C:\Windows\System\xjwAIBy.exe
  2⤵
  PID:5092
- C:\Windows\System\UfgIcnW.exe
  C:\Windows\System\UfgIcnW.exe
  2⤵
  PID:1300
- C:\Windows\System\jVxRpFU.exe
  C:\Windows\System\jVxRpFU.exe
  2⤵
  PID:3308
- C:\Windows\System\aWinVcx.exe
  C:\Windows\System\aWinVcx.exe
  2⤵
  PID:1464
- C:\Windows\System\QrdjDgs.exe
  C:\Windows\System\QrdjDgs.exe
  2⤵
  PID:4404
- C:\Windows\System\rNFEkRJ.exe
  C:\Windows\System\rNFEkRJ.exe
  2⤵
  PID:3760
- C:\Windows\System\wKNMsEx.exe
  C:\Windows\System\wKNMsEx.exe
  2⤵
  PID:2904
- C:\Windows\System\bpkUhbE.exe
  C:\Windows\System\bpkUhbE.exe
  2⤵
  PID:1440
- C:\Windows\System\aslnWit.exe
  C:\Windows\System\aslnWit.exe
  2⤵
  PID:2416
- C:\Windows\System\kcqbfJF.exe
  C:\Windows\System\kcqbfJF.exe
  2⤵
  PID:2148
- C:\Windows\System\QnewHpy.exe
  C:\Windows\System\QnewHpy.exe
  2⤵
  PID:1364
- C:\Windows\System\noWqKTY.exe
  C:\Windows\System\noWqKTY.exe
  2⤵
  PID:1840
- C:\Windows\System\LwudKKe.exe
  C:\Windows\System\LwudKKe.exe
  2⤵
  PID:3956
- C:\Windows\System\gGDeVBN.exe
  C:\Windows\System\gGDeVBN.exe
  2⤵
  PID:1100
- C:\Windows\System\nLVdqEu.exe
  C:\Windows\System\nLVdqEu.exe
  2⤵
  PID:1136
- C:\Windows\System\TxLQavY.exe
  C:\Windows\System\TxLQavY.exe
  2⤵
  PID:1612
- C:\Windows\System\xoxqyGk.exe
  C:\Windows\System\xoxqyGk.exe
  2⤵
  PID:5148
- C:\Windows\System\HGKHFAB.exe
  C:\Windows\System\HGKHFAB.exe
  2⤵
  PID:5172
- C:\Windows\System\YHuPZWL.exe
  C:\Windows\System\YHuPZWL.exe
  2⤵
  PID:5200
- C:\Windows\System\zUpQCpZ.exe
  C:\Windows\System\zUpQCpZ.exe
  2⤵
  PID:5228
- C:\Windows\System\YCNGavb.exe
  C:\Windows\System\YCNGavb.exe
  2⤵
  PID:5252
- C:\Windows\System\zNNDiRD.exe
  C:\Windows\System\zNNDiRD.exe
  2⤵
  PID:5280
- C:\Windows\System\fPabUHg.exe
  C:\Windows\System\fPabUHg.exe
  2⤵
  PID:5312
- C:\Windows\System\IyOcPtV.exe
  C:\Windows\System\IyOcPtV.exe
  2⤵
  PID:5336
- C:\Windows\System\JBIiQbC.exe
  C:\Windows\System\JBIiQbC.exe
  2⤵
  PID:5364
- C:\Windows\System\ZufBdGH.exe
  C:\Windows\System\ZufBdGH.exe
  2⤵
  PID:5396
- C:\Windows\System\kdeqIWY.exe
  C:\Windows\System\kdeqIWY.exe
  2⤵
  PID:5420
- C:\Windows\System\MqsyKKA.exe
  C:\Windows\System\MqsyKKA.exe
  2⤵
  PID:5452
- C:\Windows\System\cBrfnlf.exe
  C:\Windows\System\cBrfnlf.exe
  2⤵
  PID:5480
- C:\Windows\System\eRwPvhd.exe
  C:\Windows\System\eRwPvhd.exe
  2⤵
  PID:5508
- C:\Windows\System\lJZidrc.exe
  C:\Windows\System\lJZidrc.exe
  2⤵
  PID:5532
- C:\Windows\System\sJPrKyG.exe
  C:\Windows\System\sJPrKyG.exe
  2⤵
  PID:5560
- C:\Windows\System\alJgdJH.exe
  C:\Windows\System\alJgdJH.exe
  2⤵
  PID:5592
- C:\Windows\System\wcPdEMx.exe
  C:\Windows\System\wcPdEMx.exe
  2⤵
  PID:5616
- C:\Windows\System\zbNomPG.exe
  C:\Windows\System\zbNomPG.exe
  2⤵
  PID:5644
- C:\Windows\System\MersgHL.exe
  C:\Windows\System\MersgHL.exe
  2⤵
  PID:5672
- C:\Windows\System\lDAvKbs.exe
  C:\Windows\System\lDAvKbs.exe
  2⤵
  PID:5704
- C:\Windows\System\zGkjMjN.exe
  C:\Windows\System\zGkjMjN.exe
  2⤵
  PID:5732
- C:\Windows\System\WTLNhiZ.exe
  C:\Windows\System\WTLNhiZ.exe
  2⤵
  PID:5760
- C:\Windows\System\IboVfDX.exe
  C:\Windows\System\IboVfDX.exe
  2⤵
  PID:5788
- C:\Windows\System\RVnjkQW.exe
  C:\Windows\System\RVnjkQW.exe
  2⤵
  PID:5816
- C:\Windows\System\tGXYfaN.exe
  C:\Windows\System\tGXYfaN.exe
  2⤵
  PID:5840
- C:\Windows\System\kZlBoky.exe
  C:\Windows\System\kZlBoky.exe
  2⤵
  PID:5872
- C:\Windows\System\ytkztdk.exe
  C:\Windows\System\ytkztdk.exe
  2⤵
  PID:5900
- C:\Windows\System\TvGQZgN.exe
  C:\Windows\System\TvGQZgN.exe
  2⤵
  PID:5928
- C:\Windows\System\hXqqjry.exe
  C:\Windows\System\hXqqjry.exe
  2⤵
  PID:5952
- C:\Windows\System\MOHsWMB.exe
  C:\Windows\System\MOHsWMB.exe
  2⤵
  PID:5984
- C:\Windows\System\NFYwbXO.exe
  C:\Windows\System\NFYwbXO.exe
  2⤵
  PID:6008
- C:\Windows\System\WoOcWBN.exe
  C:\Windows\System\WoOcWBN.exe
  2⤵
  PID:6040
- C:\Windows\System\sFdloUf.exe
  C:\Windows\System\sFdloUf.exe
  2⤵
  PID:6064
- C:\Windows\System\bSlImNl.exe
  C:\Windows\System\bSlImNl.exe
  2⤵
  PID:6096
- C:\Windows\System\SvZRDYn.exe
  C:\Windows\System\SvZRDYn.exe
  2⤵
  PID:6124
- C:\Windows\System\ydeuzdd.exe
  C:\Windows\System\ydeuzdd.exe
  2⤵
  PID:408
- C:\Windows\System\AsfGmRm.exe
  C:\Windows\System\AsfGmRm.exe
  2⤵
  PID:3884
- C:\Windows\System\TaAfJxc.exe
  C:\Windows\System\TaAfJxc.exe
  2⤵
  PID:216
- C:\Windows\System\AmWpGiI.exe
  C:\Windows\System\AmWpGiI.exe
  2⤵
  PID:212
- C:\Windows\System\cGqeOtn.exe
  C:\Windows\System\cGqeOtn.exe
  2⤵
  PID:3336
- C:\Windows\System\aDTFzwq.exe
  C:\Windows\System\aDTFzwq.exe
  2⤵
  PID:5140
- C:\Windows\System\OJwDRnj.exe
  C:\Windows\System\OJwDRnj.exe
  2⤵
  PID:5188
- C:\Windows\System\aTMrGAa.exe
  C:\Windows\System\aTMrGAa.exe
  2⤵
  PID:5604
- C:\Windows\System\nimGnLB.exe
  C:\Windows\System\nimGnLB.exe
  2⤵
  PID:5632
- C:\Windows\System\nIbqzCi.exe
  C:\Windows\System\nIbqzCi.exe
  2⤵
  PID:5664
- C:\Windows\System\xuxgxWd.exe
  C:\Windows\System\xuxgxWd.exe
  2⤵
  PID:5716
- C:\Windows\System\WvpwJtF.exe
  C:\Windows\System\WvpwJtF.exe
  2⤵
  PID:5772
- C:\Windows\System\dUbNCTk.exe
  C:\Windows\System\dUbNCTk.exe
  2⤵
  PID:4100
- C:\Windows\System\YstUxSW.exe
  C:\Windows\System\YstUxSW.exe
  2⤵
  PID:5864
- C:\Windows\System\bQbXWqC.exe
  C:\Windows\System\bQbXWqC.exe
  2⤵
  PID:1908
- C:\Windows\System\cpfhozB.exe
  C:\Windows\System\cpfhozB.exe
  2⤵
  PID:5948
- C:\Windows\System\ZZbQbeY.exe
  C:\Windows\System\ZZbQbeY.exe
  2⤵
  PID:5996
- C:\Windows\System\aOJxXFd.exe
  C:\Windows\System\aOJxXFd.exe
  2⤵
  PID:6032
- C:\Windows\System\iTlGlfx.exe
  C:\Windows\System\iTlGlfx.exe
  2⤵
  PID:3232
- C:\Windows\System\vvlkAFv.exe
  C:\Windows\System\vvlkAFv.exe
  2⤵
  PID:6136
- C:\Windows\System\XHSwvUM.exe
  C:\Windows\System\XHSwvUM.exe
  2⤵
  PID:1960
- C:\Windows\System\VtElzzD.exe
  C:\Windows\System\VtElzzD.exe
  2⤵
  PID:3864
- C:\Windows\System\PqdxVHm.exe
  C:\Windows\System\PqdxVHm.exe
  2⤵
  PID:5088
- C:\Windows\System\YeThftd.exe
  C:\Windows\System\YeThftd.exe
  2⤵
  PID:2060
- C:\Windows\System\ntexwPl.exe
  C:\Windows\System\ntexwPl.exe
  2⤵
  PID:5168
- C:\Windows\System\ErPMABO.exe
  C:\Windows\System\ErPMABO.exe
  2⤵
  PID:4392
- C:\Windows\System\bYfSLKc.exe
  C:\Windows\System\bYfSLKc.exe
  2⤵
  PID:468
- C:\Windows\System\fEXZcgm.exe
  C:\Windows\System\fEXZcgm.exe
  2⤵
  PID:1552
- C:\Windows\System\YJygcIs.exe
  C:\Windows\System\YJygcIs.exe
  2⤵
  PID:5524
- C:\Windows\System\rkIkxrS.exe
  C:\Windows\System\rkIkxrS.exe
  2⤵
  PID:5688
- C:\Windows\System\jiMnJEu.exe
  C:\Windows\System\jiMnJEu.exe
  2⤵
  PID:5804
- C:\Windows\System\QzSjoqu.exe
  C:\Windows\System\QzSjoqu.exe
  2⤵
  PID:2216
- C:\Windows\System\znwTiOE.exe
  C:\Windows\System\znwTiOE.exe
  2⤵
  PID:5976
- C:\Windows\System\XUcSUMb.exe
  C:\Windows\System\XUcSUMb.exe
  2⤵
  PID:6080
- C:\Windows\System\jbBRYIr.exe
  C:\Windows\System\jbBRYIr.exe
  2⤵
  PID:4636
- C:\Windows\System\EfIHnuC.exe
  C:\Windows\System\EfIHnuC.exe
  2⤵
  PID:2864
- C:\Windows\System\GmrCqtg.exe
  C:\Windows\System\GmrCqtg.exe
  2⤵
  PID:4676
- C:\Windows\System\BPZAMiB.exe
  C:\Windows\System\BPZAMiB.exe
  2⤵
  PID:3272
- C:\Windows\System\JtZZMfI.exe
  C:\Windows\System\JtZZMfI.exe
  2⤵
  PID:3140
- C:\Windows\System\lNRzznu.exe
  C:\Windows\System\lNRzznu.exe
  2⤵
  PID:5612
- C:\Windows\System\jJwnNYb.exe
  C:\Windows\System\jJwnNYb.exe
  2⤵
  PID:5748
- C:\Windows\System\vGDtDoZ.exe
  C:\Windows\System\vGDtDoZ.exe
  2⤵
  PID:5860
- C:\Windows\System\VEZaaZY.exe
  C:\Windows\System\VEZaaZY.exe
  2⤵
  PID:3260
- C:\Windows\System\lSdZnjI.exe
  C:\Windows\System\lSdZnjI.exe
  2⤵
  PID:6152
- C:\Windows\System\DuBaVMy.exe
  C:\Windows\System\DuBaVMy.exe
  2⤵
  PID:6168
- C:\Windows\System\FxQxnxN.exe
  C:\Windows\System\FxQxnxN.exe
  2⤵
  PID:6184
- C:\Windows\System\IWqxgcM.exe
  C:\Windows\System\IWqxgcM.exe
  2⤵
  PID:6204
- C:\Windows\System\FzedDAW.exe
  C:\Windows\System\FzedDAW.exe
  2⤵
  PID:6232
- C:\Windows\System\OFtUcJA.exe
  C:\Windows\System\OFtUcJA.exe
  2⤵
  PID:6248
- C:\Windows\System\kgVKCwz.exe
  C:\Windows\System\kgVKCwz.exe
  2⤵
  PID:6268
- C:\Windows\System\OjLIYuJ.exe
  C:\Windows\System\OjLIYuJ.exe
  2⤵
  PID:6284
- C:\Windows\System\FaJyhYs.exe
  C:\Windows\System\FaJyhYs.exe
  2⤵
  PID:6328
- C:\Windows\System\UeCzNxM.exe
  C:\Windows\System\UeCzNxM.exe
  2⤵
  PID:6356
- C:\Windows\System\xKHYffK.exe
  C:\Windows\System\xKHYffK.exe
  2⤵
  PID:6376
- C:\Windows\System\xKpcZcT.exe
  C:\Windows\System\xKpcZcT.exe
  2⤵
  PID:6404
- C:\Windows\System\gzlbsoB.exe
  C:\Windows\System\gzlbsoB.exe
  2⤵
  PID:6428
- C:\Windows\System\hFmdnjJ.exe
  C:\Windows\System\hFmdnjJ.exe
  2⤵
  PID:6448
- C:\Windows\System\hbUTDwu.exe
  C:\Windows\System\hbUTDwu.exe
  2⤵
  PID:6464
- C:\Windows\System\vhTYfNV.exe
  C:\Windows\System\vhTYfNV.exe
  2⤵
  PID:6488
- C:\Windows\System\iLbpOYB.exe
  C:\Windows\System\iLbpOYB.exe
  2⤵
  PID:6504
- C:\Windows\System\fNHXKol.exe
  C:\Windows\System\fNHXKol.exe
  2⤵
  PID:6524
- C:\Windows\System\hzKOyQR.exe
  C:\Windows\System\hzKOyQR.exe
  2⤵
  PID:6548
- C:\Windows\System\iPWEXYE.exe
  C:\Windows\System\iPWEXYE.exe
  2⤵
  PID:6564
- C:\Windows\System\pcIaCbO.exe
  C:\Windows\System\pcIaCbO.exe
  2⤵
  PID:6588
- C:\Windows\System\BxTaVct.exe
  C:\Windows\System\BxTaVct.exe
  2⤵
  PID:6604
- C:\Windows\System\fQnTnqg.exe
  C:\Windows\System\fQnTnqg.exe
  2⤵
  PID:6628
- C:\Windows\System\gZHVDrs.exe
  C:\Windows\System\gZHVDrs.exe
  2⤵
  PID:6648
- C:\Windows\System\aFYuKVj.exe
  C:\Windows\System\aFYuKVj.exe
  2⤵
  PID:6664
- C:\Windows\System\llelQfQ.exe
  C:\Windows\System\llelQfQ.exe
  2⤵
  PID:6684
- C:\Windows\System\ZPjaifk.exe
  C:\Windows\System\ZPjaifk.exe
  2⤵
  PID:6720
- C:\Windows\System\BnYghPs.exe
  C:\Windows\System\BnYghPs.exe
  2⤵
  PID:6740
- C:\Windows\System\oapsybM.exe
  C:\Windows\System\oapsybM.exe
  2⤵
  PID:6760
- C:\Windows\System\pgdfNoL.exe
  C:\Windows\System\pgdfNoL.exe
  2⤵
  PID:6788
- C:\Windows\System\kkAUQZO.exe
  C:\Windows\System\kkAUQZO.exe
  2⤵
  PID:6808
- C:\Windows\System\Zvzykzc.exe
  C:\Windows\System\Zvzykzc.exe
  2⤵
  PID:6832
- C:\Windows\System\fqhhnJH.exe
  C:\Windows\System\fqhhnJH.exe
  2⤵
  PID:6852
- C:\Windows\System\HgOzsIg.exe
  C:\Windows\System\HgOzsIg.exe
  2⤵
  PID:6872
- C:\Windows\System\HMlYeor.exe
  C:\Windows\System\HMlYeor.exe
  2⤵
  PID:6896
- C:\Windows\System\gqKbSPk.exe
  C:\Windows\System\gqKbSPk.exe
  2⤵
  PID:6912
- C:\Windows\System\gYjRgnT.exe
  C:\Windows\System\gYjRgnT.exe
  2⤵
  PID:6932
- C:\Windows\System\GCTtCAo.exe
  C:\Windows\System\GCTtCAo.exe
  2⤵
  PID:6948
- C:\Windows\System\lJaBRsO.exe
  C:\Windows\System\lJaBRsO.exe
  2⤵
  PID:6964
- C:\Windows\System\zPpSnQi.exe
  C:\Windows\System\zPpSnQi.exe
  2⤵
  PID:6988
- C:\Windows\System\PUvfSAh.exe
  C:\Windows\System\PUvfSAh.exe
  2⤵
  PID:7004
- C:\Windows\System\ZWyboYq.exe
  C:\Windows\System\ZWyboYq.exe
  2⤵
  PID:7036
- C:\Windows\System\dbytrWD.exe
  C:\Windows\System\dbytrWD.exe
  2⤵
  PID:7056
- C:\Windows\System\rMydBVh.exe
  C:\Windows\System\rMydBVh.exe
  2⤵
  PID:7080
- C:\Windows\System\zwbVwCO.exe
  C:\Windows\System\zwbVwCO.exe
  2⤵
  PID:7100
- C:\Windows\System\rzrklFO.exe
  C:\Windows\System\rzrklFO.exe
  2⤵
  PID:7116
- C:\Windows\System\IalgRiq.exe
  C:\Windows\System\IalgRiq.exe
  2⤵
  PID:7136
- C:\Windows\System\BtFdRlP.exe
  C:\Windows\System\BtFdRlP.exe
  2⤵
  PID:7160
- C:\Windows\System\EugiBKR.exe
  C:\Windows\System\EugiBKR.exe
  2⤵
  PID:5640
- C:\Windows\System\mTSEGIN.exe
  C:\Windows\System\mTSEGIN.exe
  2⤵
  PID:1416
- C:\Windows\System\BGNVykV.exe
  C:\Windows\System\BGNVykV.exe
  2⤵
  PID:1660
- C:\Windows\System\Lywbczx.exe
  C:\Windows\System\Lywbczx.exe
  2⤵
  PID:6260
- C:\Windows\System\nSqbkdk.exe
  C:\Windows\System\nSqbkdk.exe
  2⤵
  PID:6176
- C:\Windows\System\LKEStpY.exe
  C:\Windows\System\LKEStpY.exe
  2⤵
  PID:6212
- C:\Windows\System\xIBIgHg.exe
  C:\Windows\System\xIBIgHg.exe
  2⤵
  PID:6264
- C:\Windows\System\aOwQIvP.exe
  C:\Windows\System\aOwQIvP.exe
  2⤵
  PID:6336
- C:\Windows\System\ALfKSGa.exe
  C:\Windows\System\ALfKSGa.exe
  2⤵
  PID:6372
- C:\Windows\System\BHpvUuI.exe
  C:\Windows\System\BHpvUuI.exe
  2⤵
  PID:6600
- C:\Windows\System\fBXIHFt.exe
  C:\Windows\System\fBXIHFt.exe
  2⤵
  PID:6756
- C:\Windows\System\HMJfXan.exe
  C:\Windows\System\HMJfXan.exe
  2⤵
  PID:6848
- C:\Windows\System\EtKcxjZ.exe
  C:\Windows\System\EtKcxjZ.exe
  2⤵
  PID:6996
- C:\Windows\System\EjjlPze.exe
  C:\Windows\System\EjjlPze.exe
  2⤵
  PID:6444
- C:\Windows\System\ZCCWKIM.exe
  C:\Windows\System\ZCCWKIM.exe
  2⤵
  PID:6496
- C:\Windows\System\UfdLtVd.exe
  C:\Windows\System\UfdLtVd.exe
  2⤵
  PID:6520
- C:\Windows\System\nsdXlPJ.exe
  C:\Windows\System\nsdXlPJ.exe
  2⤵
  PID:6576
- C:\Windows\System\ivrlmaq.exe
  C:\Windows\System\ivrlmaq.exe
  2⤵
  PID:6612
- C:\Windows\System\ZePyiwk.exe
  C:\Windows\System\ZePyiwk.exe
  2⤵
  PID:6660
- C:\Windows\System\MbUFgNh.exe
  C:\Windows\System\MbUFgNh.exe
  2⤵
  PID:7000
- C:\Windows\System\dQsjMvn.exe
  C:\Windows\System\dQsjMvn.exe
  2⤵
  PID:5472
- C:\Windows\System\rITIIbf.exe
  C:\Windows\System\rITIIbf.exe
  2⤵
  PID:6148
- C:\Windows\System\BoXwTpN.exe
  C:\Windows\System\BoXwTpN.exe
  2⤵
  PID:7188
- C:\Windows\System\oYPhNVf.exe
  C:\Windows\System\oYPhNVf.exe
  2⤵
  PID:7212
- C:\Windows\System\ocgTLZI.exe
  C:\Windows\System\ocgTLZI.exe
  2⤵
  PID:7232
- C:\Windows\System\qbEgjQU.exe
  C:\Windows\System\qbEgjQU.exe
  2⤵
  PID:7252
- C:\Windows\System\odCqDZB.exe
  C:\Windows\System\odCqDZB.exe
  2⤵
  PID:7276
- C:\Windows\System\DsjGxMU.exe
  C:\Windows\System\DsjGxMU.exe
  2⤵
  PID:7292
- C:\Windows\System\dFMkgik.exe
  C:\Windows\System\dFMkgik.exe
  2⤵
  PID:7316
- C:\Windows\System\EFlOnHE.exe
  C:\Windows\System\EFlOnHE.exe
  2⤵
  PID:7340
- C:\Windows\System\aeQfGpG.exe
  C:\Windows\System\aeQfGpG.exe
  2⤵
  PID:7360
- C:\Windows\System\UISBEjr.exe
  C:\Windows\System\UISBEjr.exe
  2⤵
  PID:7376
- C:\Windows\System\zgfVhif.exe
  C:\Windows\System\zgfVhif.exe
  2⤵
  PID:7408
- C:\Windows\System\iPGXbFH.exe
  C:\Windows\System\iPGXbFH.exe
  2⤵
  PID:7424
- C:\Windows\System\oFHlquJ.exe
  C:\Windows\System\oFHlquJ.exe
  2⤵
  PID:7452
- C:\Windows\System\GHhbsie.exe
  C:\Windows\System\GHhbsie.exe
  2⤵
  PID:7468
- C:\Windows\System\UJqFVVX.exe
  C:\Windows\System\UJqFVVX.exe
  2⤵
  PID:7488
- C:\Windows\System\qrSeJbp.exe
  C:\Windows\System\qrSeJbp.exe
  2⤵
  PID:7512
- C:\Windows\System\flxKnQC.exe
  C:\Windows\System\flxKnQC.exe
  2⤵
  PID:7536
- C:\Windows\System\IVOpaPV.exe
  C:\Windows\System\IVOpaPV.exe
  2⤵
  PID:7556
- C:\Windows\System\ISkivjR.exe
  C:\Windows\System\ISkivjR.exe
  2⤵
  PID:7576
- C:\Windows\System\ngiUKnr.exe
  C:\Windows\System\ngiUKnr.exe
  2⤵
  PID:7596
- C:\Windows\System\uuOkmMC.exe
  C:\Windows\System\uuOkmMC.exe
  2⤵
  PID:7612
- C:\Windows\System\JTVjDvJ.exe
  C:\Windows\System\JTVjDvJ.exe
  2⤵
  PID:7636
- C:\Windows\System\UZmrpUo.exe
  C:\Windows\System\UZmrpUo.exe
  2⤵
  PID:7656
- C:\Windows\System\ozQcChN.exe
  C:\Windows\System\ozQcChN.exe
  2⤵
  PID:7676
- C:\Windows\System\WrWMJht.exe
  C:\Windows\System\WrWMJht.exe
  2⤵
  PID:7696
- C:\Windows\System\PxkamyY.exe
  C:\Windows\System\PxkamyY.exe
  2⤵
  PID:7720
- C:\Windows\System\KLwSnhk.exe
  C:\Windows\System\KLwSnhk.exe
  2⤵
  PID:7736
- C:\Windows\System\YNRfzCt.exe
  C:\Windows\System\YNRfzCt.exe
  2⤵
  PID:7760
- C:\Windows\System\gNYCPgH.exe
  C:\Windows\System\gNYCPgH.exe
  2⤵
  PID:7784
- C:\Windows\System\laQLQtZ.exe
  C:\Windows\System\laQLQtZ.exe
  2⤵
  PID:7800
- C:\Windows\System\HoDFNtW.exe
  C:\Windows\System\HoDFNtW.exe
  2⤵
  PID:7820
- C:\Windows\System\jEEBsuD.exe
  C:\Windows\System\jEEBsuD.exe
  2⤵
  PID:7848
- C:\Windows\System\pOplZIq.exe
  C:\Windows\System\pOplZIq.exe
  2⤵
  PID:7872
- C:\Windows\System\DkBrmEN.exe
  C:\Windows\System\DkBrmEN.exe
  2⤵
  PID:7892
- C:\Windows\System\EOCpXDg.exe
  C:\Windows\System\EOCpXDg.exe
  2⤵
  PID:7912
- C:\Windows\System\zpajCLZ.exe
  C:\Windows\System\zpajCLZ.exe
  2⤵
  PID:7936
- C:\Windows\System\zJoRMMk.exe
  C:\Windows\System\zJoRMMk.exe
  2⤵
  PID:7964
- C:\Windows\System\LnZNgjw.exe
  C:\Windows\System\LnZNgjw.exe
  2⤵
  PID:7984
- C:\Windows\System\yvWrOcK.exe
  C:\Windows\System\yvWrOcK.exe
  2⤵
  PID:8004
- C:\Windows\System\sgeKgOQ.exe
  C:\Windows\System\sgeKgOQ.exe
  2⤵
  PID:8028
- C:\Windows\System\BfkUtve.exe
  C:\Windows\System\BfkUtve.exe
  2⤵
  PID:8048
- C:\Windows\System\uqCBuHf.exe
  C:\Windows\System\uqCBuHf.exe
  2⤵
  PID:8068
- C:\Windows\System\WqTNRPz.exe
  C:\Windows\System\WqTNRPz.exe
  2⤵
  PID:8088
- C:\Windows\System\utZlZuc.exe
  C:\Windows\System\utZlZuc.exe
  2⤵
  PID:8112
- C:\Windows\System\aUlUEXG.exe
  C:\Windows\System\aUlUEXG.exe
  2⤵
  PID:8132
- C:\Windows\System\zFStuZr.exe
  C:\Windows\System\zFStuZr.exe
  2⤵
  PID:8156
- C:\Windows\System\cGikzdM.exe
  C:\Windows\System\cGikzdM.exe
  2⤵
  PID:8172
- C:\Windows\System\QXFZWEw.exe
  C:\Windows\System\QXFZWEw.exe
  2⤵
  PID:8188
- C:\Windows\System\GvHxXfz.exe
  C:\Windows\System\GvHxXfz.exe
  2⤵
  PID:6708
- C:\Windows\System\LCygxsF.exe
  C:\Windows\System\LCygxsF.exe
  2⤵
  PID:6748
- C:\Windows\System\ZNcPvLG.exe
  C:\Windows\System\ZNcPvLG.exe
  2⤵
  PID:6816
- C:\Windows\System\TgSZfVZ.exe
  C:\Windows\System\TgSZfVZ.exe
  2⤵
  PID:6904
- C:\Windows\System\grUUfln.exe
  C:\Windows\System\grUUfln.exe
  2⤵
  PID:6924
- C:\Windows\System\hevoFkG.exe
  C:\Windows\System\hevoFkG.exe
  2⤵
  PID:7148
- C:\Windows\System\JUPbDBu.exe
  C:\Windows\System\JUPbDBu.exe
  2⤵
  PID:7172
- C:\Windows\System\NTADzDK.exe
  C:\Windows\System\NTADzDK.exe
  2⤵
  PID:6292
- C:\Windows\System\LbwmEQb.exe
  C:\Windows\System\LbwmEQb.exe
  2⤵
  PID:3316
- C:\Windows\System\djUlkHc.exe
  C:\Windows\System\djUlkHc.exe
  2⤵
  PID:7372
- C:\Windows\System\SYSvHIC.exe
  C:\Windows\System\SYSvHIC.exe
  2⤵
  PID:7052
- C:\Windows\System\goSRrNJ.exe
  C:\Windows\System\goSRrNJ.exe
  2⤵
  PID:7496
- C:\Windows\System\HTzMmAs.exe
  C:\Windows\System\HTzMmAs.exe
  2⤵
  PID:7564
- C:\Windows\System\iuUNcHm.exe
  C:\Windows\System\iuUNcHm.exe
  2⤵
  PID:6640
- C:\Windows\System\nmymppB.exe
  C:\Windows\System\nmymppB.exe
  2⤵
  PID:5940
- C:\Windows\System\ZaLErVa.exe
  C:\Windows\System\ZaLErVa.exe
  2⤵
  PID:8200
- C:\Windows\System\POfJrXX.exe
  C:\Windows\System\POfJrXX.exe
  2⤵
  PID:8216
- C:\Windows\System\xISSKmb.exe
  C:\Windows\System\xISSKmb.exe
  2⤵
  PID:8236
- C:\Windows\System\zDsSOeg.exe
  C:\Windows\System\zDsSOeg.exe
  2⤵
  PID:8260
- C:\Windows\System\zUFTxJS.exe
  C:\Windows\System\zUFTxJS.exe
  2⤵
  PID:8276
- C:\Windows\System\ORqpdaJ.exe
  C:\Windows\System\ORqpdaJ.exe
  2⤵
  PID:8296
- C:\Windows\System\RRnHrIl.exe
  C:\Windows\System\RRnHrIl.exe
  2⤵
  PID:8320
- C:\Windows\System\hoMqkVk.exe
  C:\Windows\System\hoMqkVk.exe
  2⤵
  PID:8336
- C:\Windows\System\fKlJums.exe
  C:\Windows\System\fKlJums.exe
  2⤵
  PID:8352
- C:\Windows\System\POqqrFO.exe
  C:\Windows\System\POqqrFO.exe
  2⤵
  PID:8372
- C:\Windows\System\YUVwDEH.exe
  C:\Windows\System\YUVwDEH.exe
  2⤵
  PID:8396
- C:\Windows\System\xDllyjA.exe
  C:\Windows\System\xDllyjA.exe
  2⤵
  PID:8416
- C:\Windows\System\gdKxEkX.exe
  C:\Windows\System\gdKxEkX.exe
  2⤵
  PID:8440
- C:\Windows\System\uvfoiDb.exe
  C:\Windows\System\uvfoiDb.exe
  2⤵
  PID:8464
- C:\Windows\System\CJKRjgU.exe
  C:\Windows\System\CJKRjgU.exe
  2⤵
  PID:8480
- C:\Windows\System\xHLoGtO.exe
  C:\Windows\System\xHLoGtO.exe
  2⤵
  PID:8504
- C:\Windows\System\nbKYIHx.exe
  C:\Windows\System\nbKYIHx.exe
  2⤵
  PID:8524
- C:\Windows\System\bFkBxxc.exe
  C:\Windows\System\bFkBxxc.exe
  2⤵
  PID:8540
- C:\Windows\System\XhMKtaY.exe
  C:\Windows\System\XhMKtaY.exe
  2⤵
  PID:8560
- C:\Windows\System\TJuhcOT.exe
  C:\Windows\System\TJuhcOT.exe
  2⤵
  PID:8580
- C:\Windows\System\xriBKQH.exe
  C:\Windows\System\xriBKQH.exe
  2⤵
  PID:8600
- C:\Windows\System\nKlAKPj.exe
  C:\Windows\System\nKlAKPj.exe
  2⤵
  PID:8616
- C:\Windows\System\yZkqtTq.exe
  C:\Windows\System\yZkqtTq.exe
  2⤵
  PID:8636
- C:\Windows\System\DtGWGTS.exe
  C:\Windows\System\DtGWGTS.exe
  2⤵
  PID:8660
- C:\Windows\System\HAWjJri.exe
  C:\Windows\System\HAWjJri.exe
  2⤵
  PID:8676
- C:\Windows\System\IEKorVE.exe
  C:\Windows\System\IEKorVE.exe
  2⤵
  PID:8696
- C:\Windows\System\nuFGubW.exe
  C:\Windows\System\nuFGubW.exe
  2⤵
  PID:8716
- C:\Windows\System\FrYGZqY.exe
  C:\Windows\System\FrYGZqY.exe
  2⤵
  PID:8736
- C:\Windows\System\HWnIrfo.exe
  C:\Windows\System\HWnIrfo.exe
  2⤵
  PID:8764
- C:\Windows\System\AibEiaM.exe
  C:\Windows\System\AibEiaM.exe
  2⤵
  PID:8796
- C:\Windows\System\XhyqUOa.exe
  C:\Windows\System\XhyqUOa.exe
  2⤵
  PID:8816
- C:\Windows\System\tTnXvuH.exe
  C:\Windows\System\tTnXvuH.exe
  2⤵
  PID:8840
- C:\Windows\System\dhzwxcy.exe
  C:\Windows\System\dhzwxcy.exe
  2⤵
  PID:8860
- C:\Windows\System\NpWbAnN.exe
  C:\Windows\System\NpWbAnN.exe
  2⤵
  PID:8884
- C:\Windows\System\VpUlpmp.exe
  C:\Windows\System\VpUlpmp.exe
  2⤵
  PID:8904
- C:\Windows\System\VePGSBF.exe
  C:\Windows\System\VePGSBF.exe
  2⤵
  PID:8924
- C:\Windows\System\DhKgcDN.exe
  C:\Windows\System\DhKgcDN.exe
  2⤵
  PID:8944
- C:\Windows\System\sOUDmcr.exe
  C:\Windows\System\sOUDmcr.exe
  2⤵
  PID:8968
- C:\Windows\System\TpJXain.exe
  C:\Windows\System\TpJXain.exe
  2⤵
  PID:8984
- C:\Windows\System\CFyhhoX.exe
  C:\Windows\System\CFyhhoX.exe
  2⤵
  PID:9012
- C:\Windows\System\ZnXDuTg.exe
  C:\Windows\System\ZnXDuTg.exe
  2⤵
  PID:9028
- C:\Windows\System\vuIOIYO.exe
  C:\Windows\System\vuIOIYO.exe
  2⤵
  PID:9052
- C:\Windows\System\RMfapvW.exe
  C:\Windows\System\RMfapvW.exe
  2⤵
  PID:9072
- C:\Windows\System\cwgUHlc.exe
  C:\Windows\System\cwgUHlc.exe
  2⤵
  PID:9092
- C:\Windows\System\yjcvhHE.exe
  C:\Windows\System\yjcvhHE.exe
  2⤵
  PID:9112
- C:\Windows\System\dGRMvxg.exe
  C:\Windows\System\dGRMvxg.exe
  2⤵
  PID:9128
- C:\Windows\System\oGNLyYF.exe
  C:\Windows\System\oGNLyYF.exe
  2⤵
  PID:9152
- C:\Windows\System\RNpOgkV.exe
  C:\Windows\System\RNpOgkV.exe
  2⤵
  PID:9168
- C:\Windows\System\SflPefI.exe
  C:\Windows\System\SflPefI.exe
  2⤵
  PID:9196
- C:\Windows\System\pgTZVDT.exe
  C:\Windows\System\pgTZVDT.exe
  2⤵
  PID:6320
- C:\Windows\System\zqEeqzh.exe
  C:\Windows\System\zqEeqzh.exe
  2⤵
  PID:6840
- C:\Windows\System\npfMfce.exe
  C:\Windows\System\npfMfce.exe
  2⤵
  PID:7436
- C:\Windows\System\AlgoamA.exe
  C:\Windows\System\AlgoamA.exe
  2⤵
  PID:7464
- C:\Windows\System\bVJqAHi.exe
  C:\Windows\System\bVJqAHi.exe
  2⤵
  PID:7476
- C:\Windows\System\vdHRymB.exe
  C:\Windows\System\vdHRymB.exe
  2⤵
  PID:8976
- C:\Windows\System\GXXnONw.exe
  C:\Windows\System\GXXnONw.exe
  2⤵
  PID:7204
- C:\Windows\System\jKKMdGs.exe
  C:\Windows\System\jKKMdGs.exe
  2⤵
  PID:9108
- C:\Windows\System\WDvacIC.exe
  C:\Windows\System\WDvacIC.exe
  2⤵
  PID:9144
- C:\Windows\System\dvjBsvN.exe
  C:\Windows\System\dvjBsvN.exe
  2⤵
  PID:9464
- C:\Windows\System\qTFHWIy.exe
  C:\Windows\System\qTFHWIy.exe
  2⤵
  PID:9484
- C:\Windows\System\tFkqtfx.exe
  C:\Windows\System\tFkqtfx.exe
  2⤵
  PID:9616
- C:\Windows\System\JMOXeDW.exe
  C:\Windows\System\JMOXeDW.exe
  2⤵
  PID:9640
- C:\Windows\System\kLGzuIn.exe
  C:\Windows\System\kLGzuIn.exe
  2⤵
  PID:9664
- C:\Windows\System\owTLqEF.exe
  C:\Windows\System\owTLqEF.exe
  2⤵
  PID:9804
- C:\Windows\System\omlGxjp.exe
  C:\Windows\System\omlGxjp.exe
  2⤵
  PID:9832
- C:\Windows\System\WbttFNo.exe
  C:\Windows\System\WbttFNo.exe
  2⤵
  PID:9900
- C:\Windows\System\AphpTks.exe
  C:\Windows\System\AphpTks.exe
  2⤵
  PID:9920
- C:\Windows\System\mYONBiA.exe
  C:\Windows\System\mYONBiA.exe
  2⤵
  PID:9940
- C:\Windows\System\GGrCnQZ.exe
  C:\Windows\System\GGrCnQZ.exe
  2⤵
  PID:9988
- C:\Windows\System\CBgyHhf.exe
  C:\Windows\System\CBgyHhf.exe
  2⤵
  PID:10028
- C:\Windows\System\AsEHAoW.exe
  C:\Windows\System\AsEHAoW.exe
  2⤵
  PID:10052
- C:\Windows\System\jyfxBeK.exe
  C:\Windows\System\jyfxBeK.exe
  2⤵
  PID:10068
- C:\Windows\System\fqOkHaO.exe
  C:\Windows\System\fqOkHaO.exe
  2⤵
  PID:10088
- C:\Windows\System\dkiUHGi.exe
  C:\Windows\System\dkiUHGi.exe
  2⤵
  PID:10116
- C:\Windows\System\nLAHujQ.exe
  C:\Windows\System\nLAHujQ.exe
  2⤵
  PID:10136
- C:\Windows\System\bMgzdNO.exe
  C:\Windows\System\bMgzdNO.exe
  2⤵
  PID:10156
- C:\Windows\System\gMtjyeY.exe
  C:\Windows\System\gMtjyeY.exe
  2⤵
  PID:10172
- C:\Windows\System\XBXZLty.exe
  C:\Windows\System\XBXZLty.exe
  2⤵
  PID:10192
- C:\Windows\System\QEoCUnm.exe
  C:\Windows\System\QEoCUnm.exe
  2⤵
  PID:9164
- C:\Windows\System\klpJmLm.exe
  C:\Windows\System\klpJmLm.exe
  2⤵
  PID:9212
- C:\Windows\System\kWItxCh.exe
  C:\Windows\System\kWItxCh.exe
  2⤵
  PID:7956
- C:\Windows\System\MHdraHx.exe
  C:\Windows\System\MHdraHx.exe
  2⤵
  PID:7312
- C:\Windows\System\kVScoed.exe
  C:\Windows\System\kVScoed.exe
  2⤵
  PID:8612
- C:\Windows\System\HSBUPBU.exe
  C:\Windows\System\HSBUPBU.exe
  2⤵
  PID:8956
- C:\Windows\System\RXdjhEc.exe
  C:\Windows\System\RXdjhEc.exe
  2⤵
  PID:8808
- C:\Windows\System\uiIoXdh.exe
  C:\Windows\System\uiIoXdh.exe
  2⤵
  PID:8448
- C:\Windows\System\DRhEQsD.exe
  C:\Windows\System\DRhEQsD.exe
  2⤵
  PID:8516
- C:\Windows\System\NYmWfUp.exe
  C:\Windows\System\NYmWfUp.exe
  2⤵
  PID:6920
- C:\Windows\System\vYluLxi.exe
  C:\Windows\System\vYluLxi.exe
  2⤵
  PID:6828
- C:\Windows\System\cSIbVVa.exe
  C:\Windows\System\cSIbVVa.exe
  2⤵
  PID:9496
- C:\Windows\System\PMREyzq.exe
  C:\Windows\System\PMREyzq.exe
  2⤵
  PID:7924
- C:\Windows\System\cwCROHU.exe
  C:\Windows\System\cwCROHU.exe
  2⤵
  PID:9368
- C:\Windows\System\hwlZfOJ.exe
  C:\Windows\System\hwlZfOJ.exe
  2⤵
  PID:8960
- C:\Windows\System\KACQQFe.exe
  C:\Windows\System\KACQQFe.exe
  2⤵
  PID:9624
- C:\Windows\System\JhHYAMa.exe
  C:\Windows\System\JhHYAMa.exe
  2⤵
  PID:9532
- C:\Windows\System\xHqSRYe.exe
  C:\Windows\System\xHqSRYe.exe
  2⤵
  PID:9708
- C:\Windows\System\owfmMuo.exe
  C:\Windows\System\owfmMuo.exe
  2⤵
  PID:9268
- C:\Windows\System\ezohmzs.exe
  C:\Windows\System\ezohmzs.exe
  2⤵
  PID:9568
- C:\Windows\System\yqTpRhT.exe
  C:\Windows\System\yqTpRhT.exe
  2⤵
  PID:9752
- C:\Windows\System\fxKyYZL.exe
  C:\Windows\System\fxKyYZL.exe
  2⤵
  PID:9856
- C:\Windows\System\eEhOjVv.exe
  C:\Windows\System\eEhOjVv.exe
  2⤵
  PID:9868
- C:\Windows\System\kYlKcyo.exe
  C:\Windows\System\kYlKcyo.exe
  2⤵
  PID:10036
- C:\Windows\System\cFrRCUx.exe
  C:\Windows\System\cFrRCUx.exe
  2⤵
  PID:10020
- C:\Windows\System\SHMNkra.exe
  C:\Windows\System\SHMNkra.exe
  2⤵
  PID:10152
- C:\Windows\System\IYuYzJp.exe
  C:\Windows\System\IYuYzJp.exe
  2⤵
  PID:10188
- C:\Windows\System\xoCchxW.exe
  C:\Windows\System\xoCchxW.exe
  2⤵
  PID:9136
- C:\Windows\System\fajcMJO.exe
  C:\Windows\System\fajcMJO.exe
  2⤵
  PID:10224
- C:\Windows\System\rUmSozV.exe
  C:\Windows\System\rUmSozV.exe
  2⤵
  PID:8272
- C:\Windows\System\vGnGJFC.exe
  C:\Windows\System\vGnGJFC.exe
  2⤵
  PID:8628
- C:\Windows\System\rMRquoc.exe
  C:\Windows\System\rMRquoc.exe
  2⤵
  PID:7672
- C:\Windows\System\yJicdGr.exe
  C:\Windows\System\yJicdGr.exe
  2⤵
  PID:9024
- C:\Windows\System\vFpVVRx.exe
  C:\Windows\System\vFpVVRx.exe
  2⤵
  PID:9384
- C:\Windows\System\QoNghnL.exe
  C:\Windows\System\QoNghnL.exe
  2⤵
  PID:8212
- C:\Windows\System\oTttFyW.exe
  C:\Windows\System\oTttFyW.exe
  2⤵
  PID:9260
- C:\Windows\System\uCGAAhf.exe
  C:\Windows\System\uCGAAhf.exe
  2⤵
  PID:9912
- C:\Windows\System\FzXQJNN.exe
  C:\Windows\System\FzXQJNN.exe
  2⤵
  PID:10096
- C:\Windows\System\DXtZbYc.exe
  C:\Windows\System\DXtZbYc.exe
  2⤵
  PID:10100
- C:\Windows\System\NPGNRgD.exe
  C:\Windows\System\NPGNRgD.exe
  2⤵
  PID:10128
- C:\Windows\System\zylUVMb.exe
  C:\Windows\System\zylUVMb.exe
  2⤵
  PID:8648
- C:\Windows\System\RrjoBPQ.exe
  C:\Windows\System\RrjoBPQ.exe
  2⤵
  PID:9388
- C:\Windows\System\FmCsTer.exe
  C:\Windows\System\FmCsTer.exe
  2⤵
  PID:9732
- C:\Windows\System\dBbcvcI.exe
  C:\Windows\System\dBbcvcI.exe
  2⤵
  PID:5028
- C:\Windows\System\EmJtQqH.exe
  C:\Windows\System\EmJtQqH.exe
  2⤵
  PID:7604
- C:\Windows\System\FHaRVtC.exe
  C:\Windows\System\FHaRVtC.exe
  2⤵
  PID:9584
- C:\Windows\System\UqWRYvG.exe
  C:\Windows\System\UqWRYvG.exe
  2⤵
  PID:10164
- C:\Windows\System\Qddkkkt.exe
  C:\Windows\System\Qddkkkt.exe
  2⤵
  PID:9872
- C:\Windows\System\rPlRuuk.exe
  C:\Windows\System\rPlRuuk.exe
  2⤵
  PID:10272
- C:\Windows\System\kWAAFef.exe
  C:\Windows\System\kWAAFef.exe
  2⤵
  PID:10304
- C:\Windows\System\XIUEpGz.exe
  C:\Windows\System\XIUEpGz.exe
  2⤵
  PID:10324
- C:\Windows\System\xxsMKfB.exe
  C:\Windows\System\xxsMKfB.exe
  2⤵
  PID:10344
- C:\Windows\System\WiUJptr.exe
  C:\Windows\System\WiUJptr.exe
  2⤵
  PID:10368
- C:\Windows\System\rEejKwP.exe
  C:\Windows\System\rEejKwP.exe
  2⤵
  PID:10384
- C:\Windows\System\AfYTbyi.exe
  C:\Windows\System\AfYTbyi.exe
  2⤵
  PID:10404
- C:\Windows\System\JprTBiW.exe
  C:\Windows\System\JprTBiW.exe
  2⤵
  PID:10424
- C:\Windows\System\QVrSgJi.exe
  C:\Windows\System\QVrSgJi.exe
  2⤵
  PID:10452
- C:\Windows\System\Hpmpvyi.exe
  C:\Windows\System\Hpmpvyi.exe
  2⤵
  PID:10476
- C:\Windows\System\btpaPpF.exe
  C:\Windows\System\btpaPpF.exe
  2⤵
  PID:10548
- C:\Windows\System\wBDWtYt.exe
  C:\Windows\System\wBDWtYt.exe
  2⤵
  PID:10572
- C:\Windows\System\ofKwpUz.exe
  C:\Windows\System\ofKwpUz.exe
  2⤵
  PID:10596
- C:\Windows\System\LXFAgfP.exe
  C:\Windows\System\LXFAgfP.exe
  2⤵
  PID:10620
- C:\Windows\System\LmnHNJr.exe
  C:\Windows\System\LmnHNJr.exe
  2⤵
  PID:10636
- C:\Windows\System\ebfjACf.exe
  C:\Windows\System\ebfjACf.exe
  2⤵
  PID:10656
- C:\Windows\System\aKrbdiT.exe
  C:\Windows\System\aKrbdiT.exe
  2⤵
  PID:10676
- C:\Windows\System\GLuiATQ.exe
  C:\Windows\System\GLuiATQ.exe
  2⤵
  PID:10696
- C:\Windows\System\jWgGFqQ.exe
  C:\Windows\System\jWgGFqQ.exe
  2⤵
  PID:10716
- C:\Windows\System\yfXwhpi.exe
  C:\Windows\System\yfXwhpi.exe
  2⤵
  PID:10788
- C:\Windows\System\IpMzNUr.exe
  C:\Windows\System\IpMzNUr.exe
  2⤵
  PID:10812
- C:\Windows\System\QFiNBsG.exe
  C:\Windows\System\QFiNBsG.exe
  2⤵
  PID:10868
- C:\Windows\System\rakiaqg.exe
  C:\Windows\System\rakiaqg.exe
  2⤵
  PID:10888
- C:\Windows\System\jKaiJcV.exe
  C:\Windows\System\jKaiJcV.exe
  2⤵
  PID:10904
- C:\Windows\System\QEftnUq.exe
  C:\Windows\System\QEftnUq.exe
  2⤵
  PID:10924
- C:\Windows\System\FsOkRvW.exe
  C:\Windows\System\FsOkRvW.exe
  2⤵
  PID:10948
- C:\Windows\System\cpVboOT.exe
  C:\Windows\System\cpVboOT.exe
  2⤵
  PID:11004
- C:\Windows\System\nzMZtZY.exe
  C:\Windows\System\nzMZtZY.exe
  2⤵
  PID:11024
- C:\Windows\System\QWuTLYr.exe
  C:\Windows\System\QWuTLYr.exe
  2⤵
  PID:11072
- C:\Windows\System\NgFvKkw.exe
  C:\Windows\System\NgFvKkw.exe
  2⤵
  PID:11088
- C:\Windows\System\GpigcTD.exe
  C:\Windows\System\GpigcTD.exe
  2⤵
  PID:11108
- C:\Windows\System\rhFZssr.exe
  C:\Windows\System\rhFZssr.exe
  2⤵
  PID:11132
- C:\Windows\System\YYlRqaj.exe
  C:\Windows\System\YYlRqaj.exe
  2⤵
  PID:11148
- C:\Windows\System\YnJOzBW.exe
  C:\Windows\System\YnJOzBW.exe
  2⤵
  PID:11176
- C:\Windows\System\cBxLllq.exe
  C:\Windows\System\cBxLllq.exe
  2⤵
  PID:11196
- C:\Windows\System\sqESWbT.exe
  C:\Windows\System\sqESWbT.exe
  2⤵
  PID:11224
- C:\Windows\System\CrtlFbb.exe
  C:\Windows\System\CrtlFbb.exe
  2⤵
  PID:11248
- C:\Windows\System\WSimgsk.exe
  C:\Windows\System\WSimgsk.exe
  2⤵
  PID:10256
- C:\Windows\System\rQwpHir.exe
  C:\Windows\System\rQwpHir.exe
  2⤵
  PID:10316
- C:\Windows\System\SqhefGS.exe
  C:\Windows\System\SqhefGS.exe
  2⤵
  PID:10412
- C:\Windows\System\OnPKhHf.exe
  C:\Windows\System\OnPKhHf.exe
  2⤵
  PID:10536
- C:\Windows\System\PanqUoq.exe
  C:\Windows\System\PanqUoq.exe
  2⤵
  PID:10608
- C:\Windows\System\KLKfOzh.exe
  C:\Windows\System\KLKfOzh.exe
  2⤵
  PID:10632
- C:\Windows\System\EXGddiE.exe
  C:\Windows\System\EXGddiE.exe
  2⤵
  PID:10668
- C:\Windows\System\rLbnsFr.exe
  C:\Windows\System\rLbnsFr.exe
  2⤵
  PID:10808
- C:\Windows\System\yGGnkda.exe
  C:\Windows\System\yGGnkda.exe
  2⤵
  PID:10840
- C:\Windows\System\QgGayai.exe
  C:\Windows\System\QgGayai.exe
  2⤵
  PID:10880
- C:\Windows\System\YiIAZee.exe
  C:\Windows\System\YiIAZee.exe
  2⤵
  PID:10900
- C:\Windows\System\MCMETRY.exe
  C:\Windows\System\MCMETRY.exe
  2⤵
  PID:10988
- C:\Windows\System\lxPtLJB.exe
  C:\Windows\System\lxPtLJB.exe
  2⤵
  PID:11080
- C:\Windows\System\yckESOS.exe
  C:\Windows\System\yckESOS.exe
  2⤵
  PID:11144
- C:\Windows\System\EwofMmV.exe
  C:\Windows\System\EwofMmV.exe
  2⤵
  PID:11188
- C:\Windows\System\jmfMHgO.exe
  C:\Windows\System\jmfMHgO.exe
  2⤵
  PID:11244
- C:\Windows\System\jnYzWmY.exe
  C:\Windows\System\jnYzWmY.exe
  2⤵
  PID:10312
- C:\Windows\System\VwCqLmv.exe
  C:\Windows\System\VwCqLmv.exe
  2⤵
  PID:10560
- C:\Windows\System\WpCerSy.exe
  C:\Windows\System\WpCerSy.exe
  2⤵
  PID:10664
- C:\Windows\System\razPqfJ.exe
  C:\Windows\System\razPqfJ.exe
  2⤵
  PID:10856
- C:\Windows\System\ijCWKfa.exe
  C:\Windows\System\ijCWKfa.exe
  2⤵
  PID:11016
- C:\Windows\System\ABbzPal.exe
  C:\Windows\System\ABbzPal.exe
  2⤵
  PID:11232
- C:\Windows\System\aJKuAQO.exe
  C:\Windows\System\aJKuAQO.exe
  2⤵
  PID:10564
- C:\Windows\System\JiTqtCH.exe
  C:\Windows\System\JiTqtCH.exe
  2⤵
  PID:10944
- C:\Windows\System\SaQHyuO.exe
  C:\Windows\System\SaQHyuO.exe
  2⤵
  PID:10244
- C:\Windows\System\aIjwPlZ.exe
  C:\Windows\System\aIjwPlZ.exe
  2⤵
  PID:10356
- C:\Windows\System\TTfdZrm.exe
  C:\Windows\System\TTfdZrm.exe
  2⤵
  PID:11272
- C:\Windows\System\igeOmQc.exe
  C:\Windows\System\igeOmQc.exe
  2⤵
  PID:11288
- C:\Windows\System\awNHIVG.exe
  C:\Windows\System\awNHIVG.exe
  2⤵
  PID:11352
- C:\Windows\System\DAFloAJ.exe
  C:\Windows\System\DAFloAJ.exe
  2⤵
  PID:11368
- C:\Windows\System\xWcqiZW.exe
  C:\Windows\System\xWcqiZW.exe
  2⤵
  PID:11388
- C:\Windows\System\LnuZAYP.exe
  C:\Windows\System\LnuZAYP.exe
  2⤵
  PID:11412
- C:\Windows\System\IGvnuxu.exe
  C:\Windows\System\IGvnuxu.exe
  2⤵
  PID:11428
- C:\Windows\System\dNUNnqN.exe
  C:\Windows\System\dNUNnqN.exe
  2⤵
  PID:11448
- C:\Windows\System\qZxJQZX.exe
  C:\Windows\System\qZxJQZX.exe
  2⤵
  PID:11500
- C:\Windows\System\EgbkORd.exe
  C:\Windows\System\EgbkORd.exe
  2⤵
  PID:11520
- C:\Windows\System\SEIPtwz.exe
  C:\Windows\System\SEIPtwz.exe
  2⤵
  PID:11548
- C:\Windows\System\RZinBVj.exe
  C:\Windows\System\RZinBVj.exe
  2⤵
  PID:11588
- C:\Windows\System\nLRmrpE.exe
  C:\Windows\System\nLRmrpE.exe
  2⤵
  PID:11636
- C:\Windows\System\YfUyxfv.exe
  C:\Windows\System\YfUyxfv.exe
  2⤵
  PID:11652
- C:\Windows\System\uMsNsVj.exe
  C:\Windows\System\uMsNsVj.exe
  2⤵
  PID:11672
- C:\Windows\System\NAWzQfL.exe
  C:\Windows\System\NAWzQfL.exe
  2⤵
  PID:11696
- C:\Windows\System\oqexOcV.exe
  C:\Windows\System\oqexOcV.exe
  2⤵
  PID:11716
- C:\Windows\System\kutybdI.exe
  C:\Windows\System\kutybdI.exe
  2⤵
  PID:11740
- C:\Windows\System\bhaNOSw.exe
  C:\Windows\System\bhaNOSw.exe
  2⤵
  PID:11760
- C:\Windows\System\KBhZMli.exe
  C:\Windows\System\KBhZMli.exe
  2⤵
  PID:11784
- C:\Windows\System\kxowEDC.exe
  C:\Windows\System\kxowEDC.exe
  2⤵
  PID:11816
- C:\Windows\System\GBFHaNP.exe
  C:\Windows\System\GBFHaNP.exe
  2⤵
  PID:11872
- C:\Windows\System\hutatHm.exe
  C:\Windows\System\hutatHm.exe
  2⤵
  PID:11892
- C:\Windows\System\NWeajmh.exe
  C:\Windows\System\NWeajmh.exe
  2⤵
  PID:11920
- C:\Windows\System\zToFDqu.exe
  C:\Windows\System\zToFDqu.exe
  2⤵
  PID:11948
- C:\Windows\System\DgjFwlC.exe
  C:\Windows\System\DgjFwlC.exe
  2⤵
  PID:11984
- C:\Windows\System\YLVTvUt.exe
  C:\Windows\System\YLVTvUt.exe
  2⤵
  PID:12004
- C:\Windows\System\VdgELki.exe
  C:\Windows\System\VdgELki.exe
  2⤵
  PID:12044
- C:\Windows\System\sLpHQtG.exe
  C:\Windows\System\sLpHQtG.exe
  2⤵
  PID:12064
- C:\Windows\System\dwxTMAq.exe
  C:\Windows\System\dwxTMAq.exe
  2⤵
  PID:12092
- C:\Windows\System\KKLhhZo.exe
  C:\Windows\System\KKLhhZo.exe
  2⤵
  PID:12112
- C:\Windows\System\leQQdyz.exe
  C:\Windows\System\leQQdyz.exe
  2⤵
  PID:12136
- C:\Windows\System\jmjnQsw.exe
  C:\Windows\System\jmjnQsw.exe
  2⤵
  PID:12176
- C:\Windows\System\QMlGyYS.exe
  C:\Windows\System\QMlGyYS.exe
  2⤵
  PID:12200
- C:\Windows\System\iXcnGEk.exe
  C:\Windows\System\iXcnGEk.exe
  2⤵
  PID:12216
- C:\Windows\System\kpdYusM.exe
  C:\Windows\System\kpdYusM.exe
  2⤵
  PID:12244
- C:\Windows\System\SINepXt.exe
  C:\Windows\System\SINepXt.exe
  2⤵
  PID:10920
- C:\Windows\System\QorGegE.exe
  C:\Windows\System\QorGegE.exe
  2⤵
  PID:11332
- C:\Windows\System\NFkoPbl.exe
  C:\Windows\System\NFkoPbl.exe
  2⤵
  PID:11360
- C:\Windows\System\TnaeHZo.exe
  C:\Windows\System\TnaeHZo.exe
  2⤵
  PID:11404
- C:\Windows\System\KtlHqUd.exe
  C:\Windows\System\KtlHqUd.exe
  2⤵
  PID:11456
- C:\Windows\System\NLwCHhR.exe
  C:\Windows\System\NLwCHhR.exe
  2⤵
  PID:11564
- C:\Windows\System\whdsJbw.exe
  C:\Windows\System\whdsJbw.exe
  2⤵
  PID:11644
- C:\Windows\System\mtjVwBd.exe
  C:\Windows\System\mtjVwBd.exe
  2⤵
  PID:11708
- C:\Windows\System\QNIZDHb.exe
  C:\Windows\System\QNIZDHb.exe
  2⤵
  PID:11768
- C:\Windows\System\vRrMhby.exe
  C:\Windows\System\vRrMhby.exe
  2⤵
  PID:11780
- C:\Windows\System\yqTDibq.exe
  C:\Windows\System\yqTDibq.exe
  2⤵
  PID:11828
- C:\Windows\System\HeUHIQn.exe
  C:\Windows\System\HeUHIQn.exe
  2⤵
  PID:11888
- C:\Windows\System\XVnfBlR.exe
  C:\Windows\System\XVnfBlR.exe
  2⤵
  PID:11940
- C:\Windows\System\nVobnkk.exe
  C:\Windows\System\nVobnkk.exe
  2⤵
  PID:12040
- C:\Windows\System\JhSSpOI.exe
  C:\Windows\System\JhSSpOI.exe
  2⤵
  PID:12076
- C:\Windows\System\ByUzCqx.exe
  C:\Windows\System\ByUzCqx.exe
  2⤵
  PID:12264
- C:\Windows\System\UHNlFGr.exe
  C:\Windows\System\UHNlFGr.exe
  2⤵
  PID:12268
- C:\Windows\System\Tmshaqy.exe
  C:\Windows\System\Tmshaqy.exe
  2⤵
  PID:11328
- C:\Windows\System\PqIWmsT.exe
  C:\Windows\System\PqIWmsT.exe
  2⤵
  PID:11484
- C:\Windows\System\uyGxttC.exe
  C:\Windows\System\uyGxttC.exe
  2⤵
  PID:11492
- C:\Windows\System\aTNLCLq.exe
  C:\Windows\System\aTNLCLq.exe
  2⤵
  PID:11776
- C:\Windows\System\vPgBDqa.exe
  C:\Windows\System\vPgBDqa.exe
  2⤵
  PID:11860
- C:\Windows\System\TeJpyiV.exe
  C:\Windows\System\TeJpyiV.exe
  2⤵
  PID:12020
- C:\Windows\System\zGGmJSv.exe
  C:\Windows\System\zGGmJSv.exe
  2⤵
  PID:12148
- C:\Windows\System\qHyHAVX.exe
  C:\Windows\System\qHyHAVX.exe
  2⤵
  PID:11324
- C:\Windows\System\pyhhrdZ.exe
  C:\Windows\System\pyhhrdZ.exe
  2⤵
  PID:11724
- C:\Windows\System\fDQoivB.exe
  C:\Windows\System\fDQoivB.exe
  2⤵
  PID:11808
- C:\Windows\System\bhsdbam.exe
  C:\Windows\System\bhsdbam.exe
  2⤵
  PID:12292
- C:\Windows\System\wohwQlB.exe
  C:\Windows\System\wohwQlB.exe
  2⤵
  PID:12316
- C:\Windows\System\WkJhrST.exe
  C:\Windows\System\WkJhrST.exe
  2⤵
  PID:12352
- C:\Windows\System\vypqTDv.exe
  C:\Windows\System\vypqTDv.exe
  2⤵
  PID:12420
- C:\Windows\System\vLMNuDW.exe
  C:\Windows\System\vLMNuDW.exe
  2⤵
  PID:12440
- C:\Windows\System\iYrgQne.exe
  C:\Windows\System\iYrgQne.exe
  2⤵
  PID:12560
- C:\Windows\System\vxYHoBN.exe
  C:\Windows\System\vxYHoBN.exe
  2⤵
  PID:12596
- C:\Windows\System\xWWAYmU.exe
  C:\Windows\System\xWWAYmU.exe
  2⤵
  PID:12616
- C:\Windows\System\kDckjzF.exe
  C:\Windows\System\kDckjzF.exe
  2⤵
  PID:12632
- C:\Windows\System\utqVYiR.exe
  C:\Windows\System\utqVYiR.exe
  2⤵
  PID:12660
- C:\Windows\System\JJVOLSF.exe
  C:\Windows\System\JJVOLSF.exe
  2⤵
  PID:12680
- C:\Windows\System\suSFAEm.exe
  C:\Windows\System\suSFAEm.exe
  2⤵
  PID:12696
- C:\Windows\System\eTFvzpU.exe
  C:\Windows\System\eTFvzpU.exe
  2⤵
  PID:12776
- C:\Windows\System\TUWiSae.exe
  C:\Windows\System\TUWiSae.exe
  2⤵
  PID:12800
- C:\Windows\System\XzNJCEh.exe
  C:\Windows\System\XzNJCEh.exe
  2⤵
  PID:12828
- C:\Windows\System\zwMtUXz.exe
  C:\Windows\System\zwMtUXz.exe
  2⤵
  PID:12848
- C:\Windows\System\VHQBwfy.exe
  C:\Windows\System\VHQBwfy.exe
  2⤵
  PID:12876
- C:\Windows\System\BkJZUlh.exe
  C:\Windows\System\BkJZUlh.exe
  2⤵
  PID:12904
- C:\Windows\System\zRMxRgp.exe
  C:\Windows\System\zRMxRgp.exe
  2⤵
  PID:12924
- C:\Windows\System\HryZtep.exe
  C:\Windows\System\HryZtep.exe
  2⤵
  PID:12964
- C:\Windows\System\FeYElxJ.exe
  C:\Windows\System\FeYElxJ.exe
  2⤵
  PID:12984
- C:\Windows\System\ulNLsha.exe
  C:\Windows\System\ulNLsha.exe
  2⤵
  PID:13008
- C:\Windows\System\PdJAPcs.exe
  C:\Windows\System\PdJAPcs.exe
  2⤵
  PID:13032
- C:\Windows\System\CGpaQbD.exe
  C:\Windows\System\CGpaQbD.exe
  2⤵
  PID:13052
- C:\Windows\System\RKcfFdj.exe
  C:\Windows\System\RKcfFdj.exe
  2⤵
  PID:13072
- C:\Windows\System\KruZKKF.exe
  C:\Windows\System\KruZKKF.exe
  2⤵
  PID:13088
- C:\Windows\System\BzIBnWV.exe
  C:\Windows\System\BzIBnWV.exe
  2⤵
  PID:13104
- C:\Windows\System\yrQyKQl.exe
  C:\Windows\System\yrQyKQl.exe
  2⤵
  PID:13184
- C:\Windows\System\Hbrstyi.exe
  C:\Windows\System\Hbrstyi.exe
  2⤵
  PID:13204
- C:\Windows\System\tUEDVSn.exe
  C:\Windows\System\tUEDVSn.exe
  2⤵
  PID:13248
- C:\Windows\System\cuhESVC.exe
  C:\Windows\System\cuhESVC.exe
  2⤵
  PID:13268
- C:\Windows\System\TWdVGeP.exe
  C:\Windows\System\TWdVGeP.exe
  2⤵
  PID:13292
- C:\Windows\System\nAUtnIF.exe
  C:\Windows\System\nAUtnIF.exe
  2⤵
  PID:11664
- C:\Windows\System\RoVrFmk.exe
  C:\Windows\System\RoVrFmk.exe
  2⤵
  PID:11960
- C:\Windows\System\QfSpNmK.exe
  C:\Windows\System\QfSpNmK.exe
  2⤵
  PID:12348
- C:\Windows\System\ineFqdc.exe
  C:\Windows\System\ineFqdc.exe
  2⤵
  PID:12532
- C:\Windows\System\QmyzVil.exe
  C:\Windows\System\QmyzVil.exe
  2⤵
  PID:1012
- C:\Windows\System\BvdNOLH.exe
  C:\Windows\System\BvdNOLH.exe
  2⤵
  PID:12556
- C:\Windows\System\sVhVIOb.exe
  C:\Windows\System\sVhVIOb.exe
  2⤵
  PID:12468
- C:\Windows\System\JBICxSh.exe
  C:\Windows\System\JBICxSh.exe
  2⤵
  PID:12492
- C:\Windows\System\lbIrMSr.exe
  C:\Windows\System\lbIrMSr.exe
  2⤵
  PID:12508
- C:\Windows\System\aPVRyQj.exe
  C:\Windows\System\aPVRyQj.exe
  2⤵
  PID:3628
- C:\Windows\System\EVLtjQi.exe
  C:\Windows\System\EVLtjQi.exe
  2⤵
  PID:12648
- C:\Windows\System\XkvTeAE.exe
  C:\Windows\System\XkvTeAE.exe
  2⤵
  PID:12720
- C:\Windows\System\GwTvtLo.exe
  C:\Windows\System\GwTvtLo.exe
  2⤵
  PID:12740
- C:\Windows\System\MBngMZF.exe
  C:\Windows\System\MBngMZF.exe
  2⤵
  PID:3088
- C:\Windows\System\snHNyXP.exe
  C:\Windows\System\snHNyXP.exe
  2⤵
  PID:12844
- C:\Windows\System\PVKWLRu.exe
  C:\Windows\System\PVKWLRu.exe
  2⤵
  PID:13000
- C:\Windows\System\gFdyelG.exe
  C:\Windows\System\gFdyelG.exe
  2⤵
  PID:13020
- C:\Windows\System\xPOYiXK.exe
  C:\Windows\System\xPOYiXK.exe
  2⤵
  PID:13080
- C:\Windows\System\yuWFKDh.exe
  C:\Windows\System\yuWFKDh.exe
  2⤵
  PID:13164
- C:\Windows\System\gBcZQuY.exe
  C:\Windows\System\gBcZQuY.exe
  2⤵
  PID:13264
- C:\Windows\System\xKGlBuX.exe
  C:\Windows\System\xKGlBuX.exe
  2⤵
  PID:13304
- C:\Windows\System\ucQKpfp.exe
  C:\Windows\System\ucQKpfp.exe
  2⤵
  PID:2120
- C:\Windows\System\ZCZaSuo.exe
  C:\Windows\System\ZCZaSuo.exe
  2⤵
  PID:12576
- C:\Windows\System\zuhnoZR.exe
  C:\Windows\System\zuhnoZR.exe
  2⤵
  PID:12768
- C:\Windows\System\BoednuQ.exe
  C:\Windows\System\BoednuQ.exe
  2⤵
  PID:12688
- C:\Windows\System\wytpBas.exe
  C:\Windows\System\wytpBas.exe
  2⤵
  PID:12836
- C:\Windows\System\RDeelFH.exe
  C:\Windows\System\RDeelFH.exe
  2⤵
  PID:13048
- C:\Windows\System\Beoesmq.exe
  C:\Windows\System\Beoesmq.exe
  2⤵
  PID:13096
- C:\Windows\System\wprLqiA.exe
  C:\Windows\System\wprLqiA.exe
  2⤵
  PID:13200
- C:\Windows\System\wQfLHxp.exe
  C:\Windows\System\wQfLHxp.exe
  2⤵
  PID:12524
- C:\Windows\System\fqadBGU.exe
  C:\Windows\System\fqadBGU.exe
  2⤵
  PID:12604
- C:\Windows\System\VSukgNE.exe
  C:\Windows\System\VSukgNE.exe
  2⤵
  PID:12796
- C:\Windows\System\OPZuHUg.exe
  C:\Windows\System\OPZuHUg.exe
  2⤵
  PID:12976
- C:\Windows\System\XOqIzsN.exe
  C:\Windows\System\XOqIzsN.exe
  2⤵
  PID:11408
- C:\Windows\System\qlpZksi.exe
  C:\Windows\System\qlpZksi.exe
  2⤵
  PID:12504
- C:\Windows\System\agpfTbR.exe
  C:\Windows\System\agpfTbR.exe
  2⤵
  PID:13352
- C:\Windows\System\UvYcCCb.exe
  C:\Windows\System\UvYcCCb.exe
  2⤵
  PID:13376
- C:\Windows\System\blrwMpO.exe
  C:\Windows\System\blrwMpO.exe
  2⤵
  PID:13412
- C:\Windows\System\FCdjkpZ.exe
  C:\Windows\System\FCdjkpZ.exe
  2⤵
  PID:13432
- C:\Windows\System\vwSThwO.exe
  C:\Windows\System\vwSThwO.exe
  2⤵
  PID:13448
- C:\Windows\System\mtAMtrz.exe
  C:\Windows\System\mtAMtrz.exe
  2⤵
  PID:13500
- C:\Windows\System\NKcqkCC.exe
  C:\Windows\System\NKcqkCC.exe
  2⤵
  PID:13516
- C:\Windows\System\akZzjvs.exe
  C:\Windows\System\akZzjvs.exe
  2⤵
  PID:13536
- C:\Windows\System\lZYlvSe.exe
  C:\Windows\System\lZYlvSe.exe
  2⤵
  PID:13564
- C:\Windows\System\xYBuiRh.exe
  C:\Windows\System\xYBuiRh.exe
  2⤵
  PID:13588
- C:\Windows\System\rzoYNME.exe
  C:\Windows\System\rzoYNME.exe
  2⤵
  PID:13608
- C:\Windows\System\ULzFHfl.exe
  C:\Windows\System\ULzFHfl.exe
  2⤵
  PID:13660
- C:\Windows\System\AVeHeNn.exe
  C:\Windows\System\AVeHeNn.exe
  2⤵
  PID:13704
- C:\Windows\System\wpJstBV.exe
  C:\Windows\System\wpJstBV.exe
  2⤵
  PID:13724
- C:\Windows\System\ATfOQQz.exe
  C:\Windows\System\ATfOQQz.exe
  2⤵
  PID:13740
- C:\Windows\System\DVsbFvB.exe
  C:\Windows\System\DVsbFvB.exe
  2⤵
  PID:13756
- C:\Windows\System\dZmCENg.exe
  C:\Windows\System\dZmCENg.exe
  2⤵
  PID:13772
- C:\Windows\System\hRlydtT.exe
  C:\Windows\System\hRlydtT.exe
  2⤵
  PID:13824
- C:\Windows\System\eABuUPy.exe
  C:\Windows\System\eABuUPy.exe
  2⤵
  PID:13852
- C:\Windows\System\fZSLywX.exe
  C:\Windows\System\fZSLywX.exe
  2⤵
  PID:13896
- C:\Windows\System\pnHBOKv.exe
  C:\Windows\System\pnHBOKv.exe
  2⤵
  PID:13936
- C:\Windows\System\jGqyDFw.exe
  C:\Windows\System\jGqyDFw.exe
  2⤵
  PID:13960
- C:\Windows\System\bnTuqQq.exe
  C:\Windows\System\bnTuqQq.exe
  2⤵
  PID:13976
- C:\Windows\System\RonLxLg.exe
  C:\Windows\System\RonLxLg.exe
  2⤵
  PID:14008
- C:\Windows\System\CDmrWpb.exe
  C:\Windows\System\CDmrWpb.exe
  2⤵
  PID:14060
- C:\Windows\System\pHtDFsp.exe
  C:\Windows\System\pHtDFsp.exe
  2⤵
  PID:14084
- C:\Windows\System\rjsTxmU.exe
  C:\Windows\System\rjsTxmU.exe
  2⤵
  PID:14108
- C:\Windows\System\mYoHodI.exe
  C:\Windows\System\mYoHodI.exe
  2⤵
  PID:14124
- C:\Windows\System\tQhtijy.exe
  C:\Windows\System\tQhtijy.exe
  2⤵
  PID:14160
- C:\Windows\System\ESRQunQ.exe
  C:\Windows\System\ESRQunQ.exe
  2⤵
  PID:14196
- C:\Windows\System\GaGfGzZ.exe
  C:\Windows\System\GaGfGzZ.exe
  2⤵
  PID:14212
- C:\Windows\System\xcdMPUh.exe
  C:\Windows\System\xcdMPUh.exe
  2⤵
  PID:14240
- C:\Windows\System\svfkTsB.exe
  C:\Windows\System\svfkTsB.exe
  2⤵
  PID:14260
- C:\Windows\System\yqdqexW.exe
  C:\Windows\System\yqdqexW.exe
  2⤵
  PID:14276
- C:\Windows\System\tVVDOjh.exe
  C:\Windows\System\tVVDOjh.exe
  2⤵
  PID:14312
- C:\Windows\System\AjeJvWP.exe
  C:\Windows\System\AjeJvWP.exe
  2⤵
  PID:12972
- C:\Windows\System\ZBxeZmd.exe
  C:\Windows\System\ZBxeZmd.exe
  2⤵
  PID:13320
- C:\Windows\System\vzuWRcg.exe
  C:\Windows\System\vzuWRcg.exe
  2⤵
  PID:13364
- C:\Windows\System\wWUszny.exe
  C:\Windows\System\wWUszny.exe
  2⤵
  PID:13420
- C:\Windows\System\LSXTmXy.exe
  C:\Windows\System\LSXTmXy.exe
  2⤵
  PID:13464
- C:\Windows\System\ZrQHArN.exe
  C:\Windows\System\ZrQHArN.exe
  2⤵
  PID:13544
- C:\Windows\System\iCUoEBj.exe
  C:\Windows\System\iCUoEBj.exe
  2⤵
  PID:13572
- C:\Windows\System\dzEmoqf.exe
  C:\Windows\System\dzEmoqf.exe
  2⤵
  PID:13680
- C:\Windows\System\JiBwndm.exe
  C:\Windows\System\JiBwndm.exe
  2⤵
  PID:13716
- C:\Windows\System\kNHAuni.exe
  C:\Windows\System\kNHAuni.exe
  2⤵
  PID:13752
- C:\Windows\System\ZIPxxon.exe
  C:\Windows\System\ZIPxxon.exe
  2⤵
  PID:13800
- C:\Windows\System\qigxUnZ.exe
  C:\Windows\System\qigxUnZ.exe
  2⤵
  PID:13848
- C:\Windows\System\sKjCcYJ.exe
  C:\Windows\System\sKjCcYJ.exe
  2⤵
  PID:14224

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ACtAoCW.exe

Filesize
1.4MB

MD5
c851ccb4ad43149790c0d9aa21fb164c

SHA1
a6181f95cd4942f5ffd111b04ff8ddd2c8115d48

SHA256
f5f4f9da9aaa6beeef199669f73120b5fe3f4a6aa5221c378712b93b1d772a21

SHA512
7a0812c45f34be704a5b578fa9f1c82b6b1b5e24451f17ce19f5ea46baa6d59feb2afc3eb8d1045d93de0a204e2383ab4d505c4c529939444c2375dced8580c1

Download Submit
C:\Windows\System\EThkttw.exe

Filesize
1.4MB

MD5
7ff0d4116684064f32ce7c10034a3cb2

SHA1
fb6c98dfdf9a2c52ff89428cc1cdb8189b22ed37

SHA256
47c1146c12bd3da62c03822d5dc8731d0112c60d1b812cbbd8e82d81759b9f49

SHA512
542418511e0bd81f6aa46bdd380a699124bd8f01e2fa24525bec2136e9e33c4d0c88fb17186c6eb7f11fc84d26bc2fe738cb15b8256223f9db49bcc672effcee

Download Submit
C:\Windows\System\EbMnPEV.exe

Filesize
1.4MB

MD5
29bbd4632fef0fac591c533a8a0fa559

SHA1
83f2c6630a2e01dae4ea40bc8046ea138d15d567

SHA256
edfc5d6c1b571e9e5e15f83d2f732e76b07d978609e945599becad9fc7065a6f

SHA512
537ed3c95d5e9a17563e62ee516de81ca2b8dcef3cd06b5cb3a4647a69230c1ba0594ba2f7e7e259e24e6291e4f90cb1ae987f9a7c4c14a83eaaf7f220af72d0

Download Submit
C:\Windows\System\FmpISPq.exe

Filesize
1.4MB

MD5
35ec50e63b40ce13f73599657ac96d58

SHA1
2a2d0cb513c304497dfd7d59e7337beda5b37a0b

SHA256
ba4fd0963c5f1c252b581d4612c9ffb29d689bfa45e18b69d6fa3431232d4bf2

SHA512
0ac984d89a1c4fe3fc3e8fab2a66b513992293ebf0523f111650dde11bb89d07ef9f1985d2d95419a00a096e24e434297fde6fef3a64166a316b22c8dc8b0f6f

Download Submit
C:\Windows\System\FwsnITK.exe

Filesize
1.4MB

MD5
b25818b939bb5e72f1692c4ff99c661c

SHA1
21f3476913184c2ed428300938daf011c58bd280

SHA256
979d076bf06b647ce685c05078ee13389d327224e2d16612b8bf9781c473b85e

SHA512
77f73376d7f3e95d74e76233c4666ad9d5e03b567eb05b1187c1022e7592467b909eda0d5ee4c1f9ec20743156a5688c3401ef81fe18ab15d3f651ba2aa0aa6d

Download Submit
C:\Windows\System\KLqoJjL.exe

Filesize
1.4MB

MD5
3c0a48dd08872dd060e5425210591109

SHA1
0239b81c534bf7c4082fd215d2807a8218df9ea9

SHA256
0ac498d58777db68daf235f8d962f5daa3ba8081666fc0cefadaba90fd81b493

SHA512
52c22ce5a7446e65a1a27618fb6ebc880b3457c83b1fc65d027773f74d3c4e2f900495d3b193d27bdf372109b142e902dc13ee28e07ff4973d815528b6dd6ce4

Download Submit
C:\Windows\System\KRaoDTa.exe

Filesize
1.4MB

MD5
f72a68e6920ffc1418de0a811a81ff22

SHA1
1abcb13ee8aa2d37380f6aa4f672b2302e99cbfe

SHA256
e77a42359dfc6099993ee2c7d42dabab149cc7ec597837b1d9fdc919f22a26fd

SHA512
7e985f272db4571a6c1b4fa30c56cc7bcf6112a44912c9a7a96a2917ac148d4d6f2238ea6b4149e8a3618d90a8bf34eeaa06d0f102bdd54b4e6e5991d2afdbd7

Download Submit
C:\Windows\System\NfNBsAi.exe

Filesize
1.4MB

MD5
d93eaf815998da6ee57193bd0fc942d2

SHA1
7cfb4fde5a947eb9a2f6dd663967882c54ef3b0e

SHA256
fae8a189caf681ebf7b53c0f442e8af4bc84a842a189f5350d452b9d9017b24d

SHA512
d183390108e957ece27e19bc8929e46d8f2533ddf592b0b5e2203d102d2d9782e27ffab58785c306f78a3ad65e7d433687f8f8070400f35a11cf9fad7767fc62

Download Submit
C:\Windows\System\NpVKaHj.exe

Filesize
1.4MB

MD5
1e46ad29422aec348b52c7fa653d6fed

SHA1
83f289c85fe00b43fea2a830487286d677faabe6

SHA256
15883406b198cae414e9e6b28c6163899d83886055b496162a6a8027a85cd031

SHA512
c6fe4517aa5114ea0c9a36d3e6916510442afc21bc21010713b75ae6a8ba81cae25f554b7c17fbd8d0bca578ff9b248014da8e94ca3dafba21efe47e3a91e3d1

Download Submit
C:\Windows\System\OioqAqJ.exe

Filesize
1.4MB

MD5
9b442b50f548895a84947c698668466e

SHA1
5fa759b8d5d928ce83db00c9ac4fb33a55a2ee57

SHA256
917a1e325894db1cfbcc17577268525c4403bd2364422326fd4298d666fc8bf7

SHA512
6b5276ee73bcd3af76c6c22d3670c57ea3cfa23bb6520ff479829773ee61e391e7f3b6ffad12897ddc7f5d3e139a3439c49d28c71c0a297c52e22ed80b4ae662

Download Submit
C:\Windows\System\SkRLpPF.exe

Filesize
1.4MB

MD5
52ae7a26fe8bbde6c1843d758efa3117

SHA1
627b3650a21ca16de0e5b3f0575acf2d688a8373

SHA256
e4a76624c1aff307e9fc8d74ac7034185a45f55636b19f979e9d0359c7ac08d8

SHA512
a4e44c5c828d7aeeb057f2a4eefdeda7c4281a8e5ae2d03041458399aec4a932799ca7428fc575c2835799c9356ede78206bdd16f360774e48f1b6ab3aa4029b

Download Submit
C:\Windows\System\UDFliGF.exe

Filesize
1.4MB

MD5
dea6b9cfaaf5e08ffc39f7b20ee263d1

SHA1
031db007765d18bc39c3e15382cb3dd169bf824d

SHA256
6f29f7a307d886c4c91b1776aecffca3b399f59f87150a32ea5ef78ab012f46d

SHA512
1159fdb2c16a9de2243fd652552cfbb070d83f7965a8466fbfd51cc5e07f2989779f395d9d9f8e28ecef4a1b224dc097ebb38ac0da7ad9a0a78779ec2aa5f97b

Download Submit
C:\Windows\System\UMMIMda.exe

Filesize
1.4MB

MD5
06b10e5c27c84a7fefea645ea3b4298e

SHA1
6eaa8067c7aa987a4031241c8dd202355654e139

SHA256
a2b7e54445dd14fca3967380a7d6476523b19d6465840b488b31e82289eabfc4

SHA512
b05c7bd790f1c500d02eaf90c0e4d730a0acb81787fdfbdb91074eaf9c4777b1950197cea4a390d3158939cc0c4893c4eea85d2972ba0cf89a77a79595032099

Download Submit
C:\Windows\System\WZwwmBO.exe

Filesize
1.4MB

MD5
824eac70163607a264a55709fddf73e6

SHA1
23f4c7fa600cf2c2213b2cdd9ba05e6b2949c0e8

SHA256
a7236eb4aa85cee8842f12dfb025d2e23c6e76d9283bd81ec180ba57282d0870

SHA512
b4b166ce391134a0829a110e884d51a1165cd567c74bab7d390e1ad219b4810e53379d01284e880f07c3d60404d20fd3f252c58707773f9af639553f8c96dae4

Download Submit
C:\Windows\System\YbcVOwh.exe

Filesize
1.4MB

MD5
4dde56536b2e4c0a24b328a4481198d9

SHA1
d97c9d0a8457b3a10155dbfe8f12feb0e5a44b11

SHA256
86da6e289cbce4872174171ed6bbb7d4fa7b185ed2f4c1d99e3109e428625589

SHA512
c286982a0cd9274d43fcc38dd073f76e6e8c4da3b73d9a94185652c20787cbbf2ad19ea9b1c9f4a5f57b267462867f8539a32f1733256ee783631e2d1401bb5d

Download Submit
C:\Windows\System\ZCGXmdM.exe

Filesize
1.4MB

MD5
c272dc9ae3870462c6e78d79f6fa96f7

SHA1
b33dd4abf1ecea6d2bfd7963d6943e210abffadd

SHA256
2b412ba165cc8d296f20b1a92798bcdfff558db017a9072050cd2ff6f273830d

SHA512
62fb26f484781173f0d9dd5476210d68b8486975fc21581238120bb072b36188e0239f3f90df8d179107d31d91ba7f7fcd0e7f1e7df266511124a07d659316d7

Download Submit
C:\Windows\System\ZjPlPlh.exe

Filesize
1.4MB

MD5
e7a4c33969209183a4c1f6daa151b466

SHA1
b995fc62cb38dc3e86f1d5ec3d36ebb61c5ba791

SHA256
acc2de0a7f393c075ec8de330023de113d6ecc4a4aba1b4ae5d94799be44b4cf

SHA512
219a1f838eff466df1358b1c0a1c5bdf4984675c8ae6281d1bcf97da4266800741a1d71dffac4f0d52b25092b44c0049c1e05c1a1b2af805aaa108afbd107bf9

Download Submit
C:\Windows\System\baBeCZy.exe

Filesize
1.4MB

MD5
bab7ada9e7fbad78ed2608413499c986

SHA1
e2fd29ac92c721a552ecc9d7dfec6fdeb2e8d4e9

SHA256
f8ca94fee97c8202df1faaa95d28ba8d7246bb692f29917d97359b427e375a1b

SHA512
31ba7aebe338356c09fd4b71fc9d3f4f88a4086b69fe74ed95bbed16d6d82885100f6f1728c58a502f85bf1c8e653c98d32d6c42d52aabb4bf752eab8654872d

Download Submit
C:\Windows\System\ciMwLQx.exe

Filesize
1.4MB

MD5
bce14a1aaa70cbb0261033107ff624f9

SHA1
e81e60365f9e596542b5f36efeba66ecc7ce431b

SHA256
669826ac6cc654e3b1d07b5db6c435f670a69aaa44806cd0d574ff539332694e

SHA512
a1646fdbc8954f53d21607724cfd0decc94c47d129f05338719f99e5286248551f58a1590e939f9f2ca5a45972ac99c112c59bd43c1d4a71772aea5a9315d5e0

Download Submit
C:\Windows\System\davasGs.exe

Filesize
1.4MB

MD5
31af6cdda7b463e920c0b3665d29e6cf

SHA1
9815a5fd2b157414cc43a3691cc47a5c95fe0b94

SHA256
cc2c4194bea81dba8e74606e00a8f91cc8623df05ee481a5665fb6c5638b1d74

SHA512
19c561f053405d6380813fa4b0cfdbb77ac7f59a3bed24b6b6dc1af344b8a9e14cc3f42c4bbe3e1cb00009131de34ef5cdadb832f36dd70e6f1b40f717b31e5c

Download Submit
C:\Windows\System\eVLXXVC.exe

Filesize
1.4MB

MD5
39583151fb185f123b287f18c3193e86

SHA1
245ebba9d3f42b2467688d353937a5dae8a6fe7f

SHA256
9be93e53cab3e40a6850a2e7e3ccecb348dff0a17ec8329dfe3e3a935e0cb2fc

SHA512
71dce0281c91cad11cad672c2ef90b446599d30cb8b9e108143543056e775bd89759ee49b221eefc2ba7167ef619eb387592093e3aebaace04797a30f2f27a2a

Download Submit
C:\Windows\System\igkyrrd.exe

Filesize
1.4MB

MD5
f89493bc153926d1b957d3933a44463a

SHA1
ad354f4b581c909b61e329702f1568cf9b239d1d

SHA256
ad942f677dc4a342ef35534f852ab9c84c909ac745383fff11a6f96b64b73568

SHA512
70f522f73747b7b28ee3dcce1a4cd725b6f9833c82c34609473a892085713b1f05c67e98a8bd8645a1aa406ddc6d1a6635033d1ad0afb7c48ab1cec0bdf6878f

Download Submit
C:\Windows\System\jSXOViP.exe

Filesize
1.4MB

MD5
6e21f50871fb4711352522d7803e1051

SHA1
d3a6f9834944e60237a6c55fec318d55c985b79f

SHA256
21c1bcca0dbbac878c0cc8f17ef7a8a95685bd0af18647aa839e2631a975d6a5

SHA512
3a7571a55ddc628dbb3c94fdd51b1558061be793934167e1f2de2337503a86687d40cf7382adebcea3d4a30db6026ce3ed2d7b49dcc0f6b4f129e05f6729d368

Download Submit
C:\Windows\System\kkKuzQh.exe

Filesize
1.4MB

MD5
d09366019eff91b08ac220e01674ed01

SHA1
15ae23ddc9ec0975307c0b5c4c7cb992170e29d0

SHA256
b64213b4aa227993814ae9cf3bcd2acd573a175804b4073f3bc89b5c10da8ca1

SHA512
f77d4b8e6e5f8f7ae2f56d62b8eb57f935e6a8a4738f9bf3408fde8cd5d2b59921215855028ec47f7de39572b4e8277d37804a6f16b773f5b45ed5601aae3c7d

Download Submit
C:\Windows\System\mACOdcL.exe

Filesize
1.4MB

MD5
af4b63db3474d1a865c92720bb7349ce

SHA1
275c13e7be99ba30f2dd43666b99ed38f5ef82b9

SHA256
19b19b351d61c716d10291bb0dfbeaf231b9d4f9d9cc873c620359ea2d15f2c0

SHA512
19462d312945d6de190688e69c8d8452821f07538913689e3223ce4fefb37c74d0a98744a14f2a7ee926ddb20cd6ecb7e5e5f6d708f216cf5cd51e02c00c942a

Download Submit
C:\Windows\System\mDBOnkY.exe

Filesize
1.4MB

MD5
97651305b9622d7d3704fe63db4ab24f

SHA1
7c9ac2c04ca9f186cb448eea4fa78d85c1f68272

SHA256
823fb45944373367c83e0ec2552fa0d6d25f7b2f02ed1a9f91be1f41108207e3

SHA512
2e270a85b4e87d42d2ba730b820b21758b274e42a41aed779611727461ad205c55bf1d8ef7cd1ce617384c6d62fcfcac391575a3af348da771d31100c5328459

Download Submit
C:\Windows\System\pliAwgp.exe

Filesize
1.4MB

MD5
65894b0308bdb5f35dc5b3e5b8dfc15d

SHA1
d1beb64b74b6dbc78175f7e3776bcd2e1d361c52

SHA256
6a3221500fd41621d1528e26585273e0e1d7e9c9c7627acbe70dd2fec97ce130

SHA512
381a45fc4d078390e94d7fa5d70045811f70b5d138a9ff83b322ad3efa0d91a3800a96587298679e34f4f020aab07b75e39b11ca807af57d211a35fc67b997f6

Download Submit
C:\Windows\System\qDOgQFS.exe

Filesize
1.4MB

MD5
c97f613578708b689a0886f4def9df6a

SHA1
72f57a7cf5665a6c9f5693aedb585afce84ffe10

SHA256
90c25ceb44eb51940b05395a45799fd3e359a73545de39e103d2466082a357f2

SHA512
80287da606a28c594f4a876c06331b138731ace22f04a07715723a41dcf0fc035ac7eca8e8008a5de2b1b4e234345275edbfd3a3092efcfc167a5e2ab2290ae0

Download Submit
C:\Windows\System\seISDec.exe

Filesize
1.4MB

MD5
4edc67239cb005fdbfabc4e5baa14d94

SHA1
e953d23db58fd02e32cede8456dc2cec22637d55

SHA256
6eb693e8fc6db42f0cd9482073da27f12cc3b70a5e6e2f84d585ee4e161eefc4

SHA512
adcc642a80fdfee3379831c7aad8d20841559f0e8afe423f679d16f741433ec17c5fd7bab0ade484bc06f3c085eab25d86f6e2e9a076113e6be92557c38fa8b3

Download Submit
C:\Windows\System\uCUeULG.exe

Filesize
1.4MB

MD5
05d1b5cfe58f9a170c24155fbb528d81

SHA1
309eab82abda22b8d1bfebbceffb7cdf2fe0c252

SHA256
f3735c2241655f0ce3ed74e1a251a267bff29eb93bbb4e61e447114ffe60a471

SHA512
194f6c030ac539dba4929d52b3702ccb8a033afcfbb41a1d90266a2453ae8bc26149dd9cdb54f4e51e2ddf3f0691d5a05ecff6e9f89bde72255d17b45e4c4006

Download Submit
C:\Windows\System\wGIBHBw.exe

Filesize
1.4MB

MD5
2da23555c4da69ef14a041896cb39089

SHA1
8e0813da65a11d3f7fa9d5f4f2a3850be0b36c05

SHA256
3d4eb82f3b44c8ba4536ed2fe3ba2ba4c611067d5494246c4fa4193d164f1ae3

SHA512
103a93678f8f9cd1c4864e7175950d1d8172e382bf7d6d5e48d42e4ce4f12f88b7f1a755da6ce5b849713fcf152aba460304953c1e358194158e09883ae452f9

Download Submit
C:\Windows\System\xiJsRmA.exe

Filesize
1.4MB

MD5
9e62a3453a02befce25d3a934157a003

SHA1
888e967041cb8496c2e273a936e4d6298ddecd70

SHA256
d30d52ca7471c083abd97e6ff493cf04df089cbf10387b3cd610dd11d9aa5cd6

SHA512
9aeb0dda707056d66dbddc73198aaf27dc3b71c63efc8e71193334cb0da51f8c1f603f0dcba628232290efc57dab6700ee740ad5fda208e7bb2943522076f207

Download Submit
C:\Windows\System\zdjMSxC.exe

Filesize
1.4MB

MD5
702f1a15c01bafce84a21da2a2b3ce66

SHA1
e1ccbcbf74f7ee874d2e83fc1b343d9222453e84

SHA256
a67b11c25934b9a7439583a4a7eaa06657075b88b39c1cad8515fc4387a2856f

SHA512
658b1ae6d92d8fbfd6840ecf89545af30f1b484092d310220d542cce2f34fa8e4db86c02a42adedbd2b01378ec4ae09bee7b33aa385cbd83e7f5d45aa6523b36

Download Submit
memory/220-25-0x00007FF7671B0000-0x00007FF767501000-memory.dmp

Filesize
3.3MB

Download
memory/220-2229-0x00007FF7671B0000-0x00007FF767501000-memory.dmp

Filesize
3.3MB

Download
memory/220-2178-0x00007FF7671B0000-0x00007FF767501000-memory.dmp

Filesize
3.3MB

Download
memory/456-51-0x00007FF6E3B90000-0x00007FF6E3EE1000-memory.dmp

Filesize
3.3MB

Download
memory/456-2227-0x00007FF6E3B90000-0x00007FF6E3EE1000-memory.dmp

Filesize
3.3MB

Download
memory/640-2233-0x00007FF63DCF0000-0x00007FF63E041000-memory.dmp

Filesize
3.3MB

Download
memory/640-59-0x00007FF63DCF0000-0x00007FF63E041000-memory.dmp

Filesize
3.3MB

Download
memory/1040-2277-0x00007FF661280000-0x00007FF6615D1000-memory.dmp

Filesize
3.3MB

Download
memory/1040-484-0x00007FF661280000-0x00007FF6615D1000-memory.dmp

Filesize
3.3MB

Download
memory/1064-2263-0x00007FF7F0180000-0x00007FF7F04D1000-memory.dmp

Filesize
3.3MB

Download
memory/1064-480-0x00007FF7F0180000-0x00007FF7F04D1000-memory.dmp

Filesize
3.3MB

Download
memory/1104-1-0x0000021520310000-0x0000021520320000-memory.dmp

Filesize
64KB

Download
memory/1104-0-0x00007FF7F1130000-0x00007FF7F1481000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2239-0x00007FF677500000-0x00007FF677851000-memory.dmp

Filesize
3.3MB

Download
memory/1204-474-0x00007FF677500000-0x00007FF677851000-memory.dmp

Filesize
3.3MB

Download
memory/1360-2235-0x00007FF7AE9E0000-0x00007FF7AED31000-memory.dmp

Filesize
3.3MB

Download
memory/1360-54-0x00007FF7AE9E0000-0x00007FF7AED31000-memory.dmp

Filesize
3.3MB

Download
memory/1436-2261-0x00007FF70BEF0000-0x00007FF70C241000-memory.dmp

Filesize
3.3MB

Download
memory/1436-475-0x00007FF70BEF0000-0x00007FF70C241000-memory.dmp

Filesize
3.3MB

Download
memory/1748-472-0x00007FF634840000-0x00007FF634B91000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2245-0x00007FF634840000-0x00007FF634B91000-memory.dmp

Filesize
3.3MB

Download
memory/2004-473-0x00007FF6CE050000-0x00007FF6CE3A1000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2241-0x00007FF6CE050000-0x00007FF6CE3A1000-memory.dmp

Filesize
3.3MB

Download
memory/2108-68-0x00007FF612520000-0x00007FF612871000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2253-0x00007FF612520000-0x00007FF612871000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2219-0x00007FF612520000-0x00007FF612871000-memory.dmp

Filesize
3.3MB

Download
memory/2164-2257-0x00007FF6C3050000-0x00007FF6C33A1000-memory.dmp

Filesize
3.3MB

Download
memory/2164-481-0x00007FF6C3050000-0x00007FF6C33A1000-memory.dmp

Filesize
3.3MB

Download
memory/2188-470-0x00007FF6C02E0000-0x00007FF6C0631000-memory.dmp

Filesize
3.3MB

Download
memory/2188-2249-0x00007FF6C02E0000-0x00007FF6C0631000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2225-0x00007FF777B20000-0x00007FF777E71000-memory.dmp

Filesize
3.3MB

Download
memory/2380-34-0x00007FF777B20000-0x00007FF777E71000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2179-0x00007FF777B20000-0x00007FF777E71000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2247-0x00007FF7EFF70000-0x00007FF7F02C1000-memory.dmp

Filesize
3.3MB

Download
memory/2548-469-0x00007FF7EFF70000-0x00007FF7F02C1000-memory.dmp

Filesize
3.3MB

Download
memory/2872-11-0x00007FF610240000-0x00007FF610591000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2221-0x00007FF610240000-0x00007FF610591000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2243-0x00007FF6A10C0000-0x00007FF6A1411000-memory.dmp

Filesize
3.3MB

Download
memory/2892-471-0x00007FF6A10C0000-0x00007FF6A1411000-memory.dmp

Filesize
3.3MB

Download
memory/3064-55-0x00007FF797F60000-0x00007FF7982B1000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2237-0x00007FF797F60000-0x00007FF7982B1000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2181-0x00007FF797F60000-0x00007FF7982B1000-memory.dmp

Filesize
3.3MB

Download
memory/3092-63-0x00007FF71D280000-0x00007FF71D5D1000-memory.dmp

Filesize
3.3MB

Download
memory/3092-2214-0x00007FF71D280000-0x00007FF71D5D1000-memory.dmp

Filesize
3.3MB

Download
memory/3092-2255-0x00007FF71D280000-0x00007FF71D5D1000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2177-0x00007FF690B60000-0x00007FF690EB1000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2223-0x00007FF690B60000-0x00007FF690EB1000-memory.dmp

Filesize
3.3MB

Download
memory/3212-16-0x00007FF690B60000-0x00007FF690EB1000-memory.dmp

Filesize
3.3MB

Download
memory/3284-477-0x00007FF73CB40000-0x00007FF73CE91000-memory.dmp

Filesize
3.3MB

Download
memory/3284-2267-0x00007FF73CB40000-0x00007FF73CE91000-memory.dmp

Filesize
3.3MB

Download
memory/3420-2271-0x00007FF70D180000-0x00007FF70D4D1000-memory.dmp

Filesize
3.3MB

Download
memory/3420-482-0x00007FF70D180000-0x00007FF70D4D1000-memory.dmp

Filesize
3.3MB

Download
memory/4044-468-0x00007FF655B20000-0x00007FF655E71000-memory.dmp

Filesize
3.3MB

Download
memory/4044-2251-0x00007FF655B20000-0x00007FF655E71000-memory.dmp

Filesize
3.3MB

Download
memory/4104-476-0x00007FF62FF00000-0x00007FF630251000-memory.dmp

Filesize
3.3MB

Download
memory/4104-2269-0x00007FF62FF00000-0x00007FF630251000-memory.dmp

Filesize
3.3MB

Download
memory/4288-479-0x00007FF7614E0000-0x00007FF761831000-memory.dmp

Filesize
3.3MB

Download
memory/4288-2260-0x00007FF7614E0000-0x00007FF761831000-memory.dmp

Filesize
3.3MB

Download
memory/4716-483-0x00007FF69B070000-0x00007FF69B3C1000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2273-0x00007FF69B070000-0x00007FF69B3C1000-memory.dmp

Filesize
3.3MB

Download
memory/4844-38-0x00007FF6906F0000-0x00007FF690A41000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2231-0x00007FF6906F0000-0x00007FF690A41000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2180-0x00007FF6906F0000-0x00007FF690A41000-memory.dmp

Filesize
3.3MB

Download
memory/4940-478-0x00007FF711100000-0x00007FF711451000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2265-0x00007FF711100000-0x00007FF711451000-memory.dmp

Filesize
3.3MB

Download
memory/5080-485-0x00007FF706AC0000-0x00007FF706E11000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2275-0x00007FF706AC0000-0x00007FF706E11000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads