xmrig | d28a7a5b4be5ac8befb53d47437d688cef72f64b4f945a45fdaedd5c96855883

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
Size

2.4MB
MD5

028b189f2077fd654bdf8d2433dbb8a0
SHA1

78141e5989c54f9266781197d54e6c4b21b363aa
SHA256

d28a7a5b4be5ac8befb53d47437d688cef72f64b4f945a45fdaedd5c96855883
SHA512

a2170ed87a1c158231feff9e4ac21f1e3181fde5423763a6a81fd6ec7a0ca6a988b56e7e2bb74167d397c56bf6c4295f8fa085e2c2bd8b340c4cb98aa53538b0
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQHxWiVuZNV+pKfkaTb:BemTLkNdfE0pZrQw

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3772-0-0x00007FF6BCBA0000-0x00007FF6BCEF4000-memory.dmp	xmrig
behavioral2/files/0x0006000000023278-5.dat	xmrig
behavioral2/files/0x00080000000233f0-11.dat	xmrig
behavioral2/memory/3248-20-0x00007FF79B090000-0x00007FF79B3E4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f1-22.dat	xmrig
behavioral2/files/0x00070000000233f3-28.dat	xmrig
behavioral2/files/0x00070000000233fc-78.dat	xmrig
behavioral2/files/0x00070000000233ff-88.dat	xmrig
behavioral2/files/0x0007000000023409-140.dat	xmrig
behavioral2/files/0x000700000002340d-158.dat	xmrig
behavioral2/files/0x000700000002340f-168.dat	xmrig
behavioral2/files/0x000700000002340e-163.dat	xmrig
behavioral2/files/0x000700000002340c-161.dat	xmrig
behavioral2/files/0x000700000002340b-156.dat	xmrig
behavioral2/files/0x000700000002340a-149.dat	xmrig
behavioral2/files/0x0007000000023408-136.dat	xmrig
behavioral2/files/0x0007000000023407-134.dat	xmrig
behavioral2/files/0x0007000000023406-129.dat	xmrig
behavioral2/files/0x0007000000023405-124.dat	xmrig
behavioral2/files/0x0007000000023404-118.dat	xmrig
behavioral2/files/0x0007000000023403-114.dat	xmrig
behavioral2/files/0x0007000000023402-109.dat	xmrig
behavioral2/files/0x0007000000023401-104.dat	xmrig
behavioral2/files/0x0007000000023400-99.dat	xmrig
behavioral2/files/0x00070000000233fe-89.dat	xmrig
behavioral2/files/0x00070000000233fd-84.dat	xmrig
behavioral2/files/0x00070000000233fb-74.dat	xmrig
behavioral2/files/0x00070000000233fa-69.dat	xmrig
behavioral2/files/0x00070000000233f9-64.dat	xmrig
behavioral2/files/0x00070000000233f8-59.dat	xmrig
behavioral2/files/0x00070000000233f7-53.dat	xmrig
behavioral2/files/0x00070000000233f6-49.dat	xmrig
behavioral2/files/0x00070000000233f5-43.dat	xmrig
behavioral2/files/0x00070000000233f4-39.dat	xmrig
behavioral2/memory/4728-32-0x00007FF616B80000-0x00007FF616ED4000-memory.dmp	xmrig
behavioral2/memory/3944-29-0x00007FF6C0280000-0x00007FF6C05D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f2-25.dat	xmrig
behavioral2/memory/3220-17-0x00007FF7110A0000-0x00007FF7113F4000-memory.dmp	xmrig
behavioral2/memory/3344-8-0x00007FF7A1430000-0x00007FF7A1784000-memory.dmp	xmrig
behavioral2/memory/3320-822-0x00007FF634AA0000-0x00007FF634DF4000-memory.dmp	xmrig
behavioral2/memory/620-828-0x00007FF6A0250000-0x00007FF6A05A4000-memory.dmp	xmrig
behavioral2/memory/4544-857-0x00007FF74EC90000-0x00007FF74EFE4000-memory.dmp	xmrig
behavioral2/memory/676-854-0x00007FF7EB640000-0x00007FF7EB994000-memory.dmp	xmrig
behavioral2/memory/2624-843-0x00007FF62FE10000-0x00007FF630164000-memory.dmp	xmrig
behavioral2/memory/3024-840-0x00007FF6B4630000-0x00007FF6B4984000-memory.dmp	xmrig
behavioral2/memory/1880-838-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp	xmrig
behavioral2/memory/4504-832-0x00007FF65F3D0000-0x00007FF65F724000-memory.dmp	xmrig
behavioral2/memory/4396-872-0x00007FF6C05B0000-0x00007FF6C0904000-memory.dmp	xmrig
behavioral2/memory/1832-861-0x00007FF698490000-0x00007FF6987E4000-memory.dmp	xmrig
behavioral2/memory/5076-881-0x00007FF7DEC90000-0x00007FF7DEFE4000-memory.dmp	xmrig
behavioral2/memory/2168-895-0x00007FF79E200000-0x00007FF79E554000-memory.dmp	xmrig
behavioral2/memory/1544-904-0x00007FF6D1730000-0x00007FF6D1A84000-memory.dmp	xmrig
behavioral2/memory/3196-911-0x00007FF6A0310000-0x00007FF6A0664000-memory.dmp	xmrig
behavioral2/memory/2528-914-0x00007FF6275E0000-0x00007FF627934000-memory.dmp	xmrig
behavioral2/memory/3332-916-0x00007FF75CAC0000-0x00007FF75CE14000-memory.dmp	xmrig
behavioral2/memory/2832-918-0x00007FF7ECA60000-0x00007FF7ECDB4000-memory.dmp	xmrig
behavioral2/memory/3004-920-0x00007FF65B670000-0x00007FF65B9C4000-memory.dmp	xmrig
behavioral2/memory/3980-919-0x00007FF69DD00000-0x00007FF69E054000-memory.dmp	xmrig
behavioral2/memory/3480-917-0x00007FF6A4980000-0x00007FF6A4CD4000-memory.dmp	xmrig
behavioral2/memory/2728-915-0x00007FF7148B0000-0x00007FF714C04000-memory.dmp	xmrig
behavioral2/memory/2916-913-0x00007FF7A3A70000-0x00007FF7A3DC4000-memory.dmp	xmrig
behavioral2/memory/4916-887-0x00007FF790970000-0x00007FF790CC4000-memory.dmp	xmrig
behavioral2/memory/1988-879-0x00007FF689BF0000-0x00007FF689F44000-memory.dmp	xmrig
behavioral2/memory/3248-2155-0x00007FF79B090000-0x00007FF79B3E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3344	qDdOUuA.exe
3220	bbmyjfE.exe
3248	kvwSrzJ.exe
3944	bccVXqw.exe
4728	pUfUKCP.exe
3320	VaSsxvZ.exe
620	fiabjhr.exe
4504	HUdBgQn.exe
1880	iYfYvmZ.exe
3024	AkfCmxx.exe
2624	zygJgXC.exe
676	ElDDSxx.exe
4544	OsqpPuI.exe
1832	XkbdDIH.exe
4396	cxjQjbx.exe
1988	BGQFqAs.exe
5076	CGlZIKP.exe
4916	dgBDSNT.exe
2168	ihqgeYB.exe
1544	Axzfbxa.exe
3196	XmEauuC.exe
2916	GjDlNNb.exe
2528	IzIdCcY.exe
2728	afwekVd.exe
3332	pjTAvnu.exe
3480	yjgSCok.exe
2832	bCQgUco.exe
3980	pIfXEmI.exe
3004	JxjULmT.exe
1112	rGYconI.exe
4932	yodZUhb.exe
4708	BrsLwRb.exe
1984	JtHdDMC.exe
2140	tMMzQuA.exe
4360	NzHaLbq.exe
1496	jIjVooC.exe
2228	ldByDjm.exe
4952	shjaDwT.exe
3368	qNMuVdH.exe
2828	iNmSHOQ.exe
3064	tdKVkDr.exe
4392	YAMGcmR.exe
3696	wcfaXfg.exe
3968	fqXyWBj.exe
4928	HRACjFE.exe
1252	gYYAZMW.exe
732	lkozZMX.exe
684	YdCTtnq.exe
116	JPMEykH.exe
3372	KlRszBR.exe
4020	nuUFwjK.exe
2656	iFjIEwv.exe
1992	EOBwFbk.exe
4412	CzSfKmR.exe
4924	CBFJNoQ.exe
1920	Yvyiskb.exe
4236	lMEcTiX.exe
3812	JoTkxrG.exe
4376	smJbgUI.exe
4348	FFFtAQN.exe
4224	sqHpEeA.exe
4824	nYZovib.exe
1924	NNjMEZD.exe
3076	JNFMcIQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3772-0-0x00007FF6BCBA0000-0x00007FF6BCEF4000-memory.dmp	upx
behavioral2/files/0x0006000000023278-5.dat	upx
behavioral2/files/0x00080000000233f0-11.dat	upx
behavioral2/memory/3248-20-0x00007FF79B090000-0x00007FF79B3E4000-memory.dmp	upx
behavioral2/files/0x00070000000233f1-22.dat	upx
behavioral2/files/0x00070000000233f3-28.dat	upx
behavioral2/files/0x00070000000233fc-78.dat	upx
behavioral2/files/0x00070000000233ff-88.dat	upx
behavioral2/files/0x0007000000023409-140.dat	upx
behavioral2/files/0x000700000002340d-158.dat	upx
behavioral2/files/0x000700000002340f-168.dat	upx
behavioral2/files/0x000700000002340e-163.dat	upx
behavioral2/files/0x000700000002340c-161.dat	upx
behavioral2/files/0x000700000002340b-156.dat	upx
behavioral2/files/0x000700000002340a-149.dat	upx
behavioral2/files/0x0007000000023408-136.dat	upx
behavioral2/files/0x0007000000023407-134.dat	upx
behavioral2/files/0x0007000000023406-129.dat	upx
behavioral2/files/0x0007000000023405-124.dat	upx
behavioral2/files/0x0007000000023404-118.dat	upx
behavioral2/files/0x0007000000023403-114.dat	upx
behavioral2/files/0x0007000000023402-109.dat	upx
behavioral2/files/0x0007000000023401-104.dat	upx
behavioral2/files/0x0007000000023400-99.dat	upx
behavioral2/files/0x00070000000233fe-89.dat	upx
behavioral2/files/0x00070000000233fd-84.dat	upx
behavioral2/files/0x00070000000233fb-74.dat	upx
behavioral2/files/0x00070000000233fa-69.dat	upx
behavioral2/files/0x00070000000233f9-64.dat	upx
behavioral2/files/0x00070000000233f8-59.dat	upx
behavioral2/files/0x00070000000233f7-53.dat	upx
behavioral2/files/0x00070000000233f6-49.dat	upx
behavioral2/files/0x00070000000233f5-43.dat	upx
behavioral2/files/0x00070000000233f4-39.dat	upx
behavioral2/memory/4728-32-0x00007FF616B80000-0x00007FF616ED4000-memory.dmp	upx
behavioral2/memory/3944-29-0x00007FF6C0280000-0x00007FF6C05D4000-memory.dmp	upx
behavioral2/files/0x00070000000233f2-25.dat	upx
behavioral2/memory/3220-17-0x00007FF7110A0000-0x00007FF7113F4000-memory.dmp	upx
behavioral2/memory/3344-8-0x00007FF7A1430000-0x00007FF7A1784000-memory.dmp	upx
behavioral2/memory/3320-822-0x00007FF634AA0000-0x00007FF634DF4000-memory.dmp	upx
behavioral2/memory/620-828-0x00007FF6A0250000-0x00007FF6A05A4000-memory.dmp	upx
behavioral2/memory/4544-857-0x00007FF74EC90000-0x00007FF74EFE4000-memory.dmp	upx
behavioral2/memory/676-854-0x00007FF7EB640000-0x00007FF7EB994000-memory.dmp	upx
behavioral2/memory/2624-843-0x00007FF62FE10000-0x00007FF630164000-memory.dmp	upx
behavioral2/memory/3024-840-0x00007FF6B4630000-0x00007FF6B4984000-memory.dmp	upx
behavioral2/memory/1880-838-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp	upx
behavioral2/memory/4504-832-0x00007FF65F3D0000-0x00007FF65F724000-memory.dmp	upx
behavioral2/memory/4396-872-0x00007FF6C05B0000-0x00007FF6C0904000-memory.dmp	upx
behavioral2/memory/1832-861-0x00007FF698490000-0x00007FF6987E4000-memory.dmp	upx
behavioral2/memory/5076-881-0x00007FF7DEC90000-0x00007FF7DEFE4000-memory.dmp	upx
behavioral2/memory/2168-895-0x00007FF79E200000-0x00007FF79E554000-memory.dmp	upx
behavioral2/memory/1544-904-0x00007FF6D1730000-0x00007FF6D1A84000-memory.dmp	upx
behavioral2/memory/3196-911-0x00007FF6A0310000-0x00007FF6A0664000-memory.dmp	upx
behavioral2/memory/2528-914-0x00007FF6275E0000-0x00007FF627934000-memory.dmp	upx
behavioral2/memory/3332-916-0x00007FF75CAC0000-0x00007FF75CE14000-memory.dmp	upx
behavioral2/memory/2832-918-0x00007FF7ECA60000-0x00007FF7ECDB4000-memory.dmp	upx
behavioral2/memory/3004-920-0x00007FF65B670000-0x00007FF65B9C4000-memory.dmp	upx
behavioral2/memory/3980-919-0x00007FF69DD00000-0x00007FF69E054000-memory.dmp	upx
behavioral2/memory/3480-917-0x00007FF6A4980000-0x00007FF6A4CD4000-memory.dmp	upx
behavioral2/memory/2728-915-0x00007FF7148B0000-0x00007FF714C04000-memory.dmp	upx
behavioral2/memory/2916-913-0x00007FF7A3A70000-0x00007FF7A3DC4000-memory.dmp	upx
behavioral2/memory/4916-887-0x00007FF790970000-0x00007FF790CC4000-memory.dmp	upx
behavioral2/memory/1988-879-0x00007FF689BF0000-0x00007FF689F44000-memory.dmp	upx
behavioral2/memory/3248-2155-0x00007FF79B090000-0x00007FF79B3E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ExBiRhr.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\tHcNIdk.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\arIGQpw.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\fYdGjJk.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\JNEfVYY.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\mFiwQdg.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\cWfxDDK.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\SfdFOsN.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\vyttlwD.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\qCQHlxE.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\NOTowCM.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\MMsqcyn.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\higEMFk.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\NxAOshx.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\TjjNDue.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\EwCZlhC.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\MTdtsjM.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\itvZjfi.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\TuVfSTt.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\iuoVWKf.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\JMcnrhV.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\txvDKGe.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\qezYokv.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\UfOOpEl.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\UKngZHZ.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\eHaOrPc.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\IopPuaV.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\iMRSBZX.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\JqauKVr.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\BecmYTi.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\gxkzmaH.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\AkfCmxx.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\LmRSLZz.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\jjpuLYM.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\meXGKxT.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\pnVqCWg.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\qYzFHGX.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\kvAgVeD.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\UkSdUMJ.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\mTNYsme.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\pofnRbZ.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\tnfYhKV.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\XmEauuC.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\GPapPRA.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\WemRzaC.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\vlVwqdZ.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\PeSfSIN.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\vogjqwc.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\UZqMsHE.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\LjXMUwF.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\vlFnnaD.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\JLfCbeh.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\IMGdNjP.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\iXGPekc.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\FMbRfkp.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\bccVXqw.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\AHlPvmi.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\vjUaZpw.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\JEDZDTr.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\JlZWddc.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\aOgigSF.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\oHyPYeZ.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\WMgjrzX.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
File created	C:\Windows\System\BgfERcm.exe	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13864	dwm.exe
Token: SeChangeNotifyPrivilege	13864	dwm.exe
Token: 33	13864	dwm.exe
Token: SeIncBasePriorityPrivilege	13864	dwm.exe
Token: SeShutdownPrivilege	13864	dwm.exe
Token: SeCreatePagefilePrivilege	13864	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 3344	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	83
PID 3772 wrote to memory of 3344	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	83
PID 3772 wrote to memory of 3220	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	84
PID 3772 wrote to memory of 3220	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	84
PID 3772 wrote to memory of 3248	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	85
PID 3772 wrote to memory of 3248	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	85
PID 3772 wrote to memory of 3944	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	86
PID 3772 wrote to memory of 3944	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	86
PID 3772 wrote to memory of 4728	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	87
PID 3772 wrote to memory of 4728	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	87
PID 3772 wrote to memory of 3320	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	88
PID 3772 wrote to memory of 3320	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	88
PID 3772 wrote to memory of 620	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	89
PID 3772 wrote to memory of 620	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	89
PID 3772 wrote to memory of 4504	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	90
PID 3772 wrote to memory of 4504	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	90
PID 3772 wrote to memory of 1880	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	91
PID 3772 wrote to memory of 1880	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	91
PID 3772 wrote to memory of 3024	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	92
PID 3772 wrote to memory of 3024	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	92
PID 3772 wrote to memory of 2624	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	93
PID 3772 wrote to memory of 2624	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	93
PID 3772 wrote to memory of 676	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	94
PID 3772 wrote to memory of 676	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	94
PID 3772 wrote to memory of 4544	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	95
PID 3772 wrote to memory of 4544	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	95
PID 3772 wrote to memory of 1832	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	96
PID 3772 wrote to memory of 1832	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	96
PID 3772 wrote to memory of 4396	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	97
PID 3772 wrote to memory of 4396	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	97
PID 3772 wrote to memory of 1988	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	98
PID 3772 wrote to memory of 1988	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	98
PID 3772 wrote to memory of 5076	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	99
PID 3772 wrote to memory of 5076	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	99
PID 3772 wrote to memory of 4916	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	100
PID 3772 wrote to memory of 4916	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	100
PID 3772 wrote to memory of 2168	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	101
PID 3772 wrote to memory of 2168	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	101
PID 3772 wrote to memory of 1544	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	102
PID 3772 wrote to memory of 1544	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	102
PID 3772 wrote to memory of 3196	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	103
PID 3772 wrote to memory of 3196	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	103
PID 3772 wrote to memory of 2916	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	104
PID 3772 wrote to memory of 2916	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	104
PID 3772 wrote to memory of 2528	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	105
PID 3772 wrote to memory of 2528	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	105
PID 3772 wrote to memory of 2728	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	106
PID 3772 wrote to memory of 2728	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	106
PID 3772 wrote to memory of 3332	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	107
PID 3772 wrote to memory of 3332	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	107
PID 3772 wrote to memory of 3480	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	108
PID 3772 wrote to memory of 3480	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	108
PID 3772 wrote to memory of 2832	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	109
PID 3772 wrote to memory of 2832	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	109
PID 3772 wrote to memory of 3980	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	110
PID 3772 wrote to memory of 3980	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	110
PID 3772 wrote to memory of 3004	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	111
PID 3772 wrote to memory of 3004	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	111
PID 3772 wrote to memory of 1112	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	112
PID 3772 wrote to memory of 1112	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	112
PID 3772 wrote to memory of 4932	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	113
PID 3772 wrote to memory of 4932	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	113
PID 3772 wrote to memory of 4708	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	114
PID 3772 wrote to memory of 4708	3772	028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\028b189f2077fd654bdf8d2433dbb8a0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Windows\System\qDdOUuA.exe
  C:\Windows\System\qDdOUuA.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\bbmyjfE.exe
  C:\Windows\System\bbmyjfE.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\kvwSrzJ.exe
  C:\Windows\System\kvwSrzJ.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\bccVXqw.exe
  C:\Windows\System\bccVXqw.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\pUfUKCP.exe
  C:\Windows\System\pUfUKCP.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\VaSsxvZ.exe
  C:\Windows\System\VaSsxvZ.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\fiabjhr.exe
  C:\Windows\System\fiabjhr.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\HUdBgQn.exe
  C:\Windows\System\HUdBgQn.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\iYfYvmZ.exe
  C:\Windows\System\iYfYvmZ.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\AkfCmxx.exe
  C:\Windows\System\AkfCmxx.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\zygJgXC.exe
  C:\Windows\System\zygJgXC.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\ElDDSxx.exe
  C:\Windows\System\ElDDSxx.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\OsqpPuI.exe
  C:\Windows\System\OsqpPuI.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\XkbdDIH.exe
  C:\Windows\System\XkbdDIH.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\cxjQjbx.exe
  C:\Windows\System\cxjQjbx.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\BGQFqAs.exe
  C:\Windows\System\BGQFqAs.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\CGlZIKP.exe
  C:\Windows\System\CGlZIKP.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\dgBDSNT.exe
  C:\Windows\System\dgBDSNT.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\ihqgeYB.exe
  C:\Windows\System\ihqgeYB.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\Axzfbxa.exe
  C:\Windows\System\Axzfbxa.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\XmEauuC.exe
  C:\Windows\System\XmEauuC.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\GjDlNNb.exe
  C:\Windows\System\GjDlNNb.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\IzIdCcY.exe
  C:\Windows\System\IzIdCcY.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\afwekVd.exe
  C:\Windows\System\afwekVd.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\pjTAvnu.exe
  C:\Windows\System\pjTAvnu.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\yjgSCok.exe
  C:\Windows\System\yjgSCok.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\bCQgUco.exe
  C:\Windows\System\bCQgUco.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\pIfXEmI.exe
  C:\Windows\System\pIfXEmI.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\JxjULmT.exe
  C:\Windows\System\JxjULmT.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\rGYconI.exe
  C:\Windows\System\rGYconI.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\yodZUhb.exe
  C:\Windows\System\yodZUhb.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\BrsLwRb.exe
  C:\Windows\System\BrsLwRb.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\JtHdDMC.exe
  C:\Windows\System\JtHdDMC.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\tMMzQuA.exe
  C:\Windows\System\tMMzQuA.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\NzHaLbq.exe
  C:\Windows\System\NzHaLbq.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\jIjVooC.exe
  C:\Windows\System\jIjVooC.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\ldByDjm.exe
  C:\Windows\System\ldByDjm.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\shjaDwT.exe
  C:\Windows\System\shjaDwT.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\qNMuVdH.exe
  C:\Windows\System\qNMuVdH.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\iNmSHOQ.exe
  C:\Windows\System\iNmSHOQ.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\tdKVkDr.exe
  C:\Windows\System\tdKVkDr.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\YAMGcmR.exe
  C:\Windows\System\YAMGcmR.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\wcfaXfg.exe
  C:\Windows\System\wcfaXfg.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\fqXyWBj.exe
  C:\Windows\System\fqXyWBj.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\HRACjFE.exe
  C:\Windows\System\HRACjFE.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\gYYAZMW.exe
  C:\Windows\System\gYYAZMW.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\lkozZMX.exe
  C:\Windows\System\lkozZMX.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\YdCTtnq.exe
  C:\Windows\System\YdCTtnq.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\JPMEykH.exe
  C:\Windows\System\JPMEykH.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\KlRszBR.exe
  C:\Windows\System\KlRszBR.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\nuUFwjK.exe
  C:\Windows\System\nuUFwjK.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\iFjIEwv.exe
  C:\Windows\System\iFjIEwv.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\EOBwFbk.exe
  C:\Windows\System\EOBwFbk.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\CzSfKmR.exe
  C:\Windows\System\CzSfKmR.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\CBFJNoQ.exe
  C:\Windows\System\CBFJNoQ.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\Yvyiskb.exe
  C:\Windows\System\Yvyiskb.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\lMEcTiX.exe
  C:\Windows\System\lMEcTiX.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\JoTkxrG.exe
  C:\Windows\System\JoTkxrG.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\smJbgUI.exe
  C:\Windows\System\smJbgUI.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\FFFtAQN.exe
  C:\Windows\System\FFFtAQN.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\sqHpEeA.exe
  C:\Windows\System\sqHpEeA.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\nYZovib.exe
  C:\Windows\System\nYZovib.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\NNjMEZD.exe
  C:\Windows\System\NNjMEZD.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\JNFMcIQ.exe
  C:\Windows\System\JNFMcIQ.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\VJgWwKA.exe
  C:\Windows\System\VJgWwKA.exe
  2⤵
  PID:4740
- C:\Windows\System\ChSMbvs.exe
  C:\Windows\System\ChSMbvs.exe
  2⤵
  PID:4480
- C:\Windows\System\xIybyaw.exe
  C:\Windows\System\xIybyaw.exe
  2⤵
  PID:4904
- C:\Windows\System\iupLwHF.exe
  C:\Windows\System\iupLwHF.exe
  2⤵
  PID:2920
- C:\Windows\System\vlVwqdZ.exe
  C:\Windows\System\vlVwqdZ.exe
  2⤵
  PID:4656
- C:\Windows\System\SRgJsRI.exe
  C:\Windows\System\SRgJsRI.exe
  2⤵
  PID:4228
- C:\Windows\System\ahnxkoW.exe
  C:\Windows\System\ahnxkoW.exe
  2⤵
  PID:3904
- C:\Windows\System\uTJFPFn.exe
  C:\Windows\System\uTJFPFn.exe
  2⤵
  PID:3564
- C:\Windows\System\bUOpgpf.exe
  C:\Windows\System\bUOpgpf.exe
  2⤵
  PID:64
- C:\Windows\System\UhDUpBr.exe
  C:\Windows\System\UhDUpBr.exe
  2⤵
  PID:2092
- C:\Windows\System\fAlKnhZ.exe
  C:\Windows\System\fAlKnhZ.exe
  2⤵
  PID:3292
- C:\Windows\System\UfOOpEl.exe
  C:\Windows\System\UfOOpEl.exe
  2⤵
  PID:856
- C:\Windows\System\aiijarY.exe
  C:\Windows\System\aiijarY.exe
  2⤵
  PID:4536
- C:\Windows\System\FmaGyce.exe
  C:\Windows\System\FmaGyce.exe
  2⤵
  PID:4512
- C:\Windows\System\TjjNDue.exe
  C:\Windows\System\TjjNDue.exe
  2⤵
  PID:4976
- C:\Windows\System\sJtLfxJ.exe
  C:\Windows\System\sJtLfxJ.exe
  2⤵
  PID:4292
- C:\Windows\System\ksgrgAx.exe
  C:\Windows\System\ksgrgAx.exe
  2⤵
  PID:2252
- C:\Windows\System\AYynGVh.exe
  C:\Windows\System\AYynGVh.exe
  2⤵
  PID:2016
- C:\Windows\System\REDIvOw.exe
  C:\Windows\System\REDIvOw.exe
  2⤵
  PID:4072
- C:\Windows\System\EwCZlhC.exe
  C:\Windows\System\EwCZlhC.exe
  2⤵
  PID:1068
- C:\Windows\System\kMbqBgQ.exe
  C:\Windows\System\kMbqBgQ.exe
  2⤵
  PID:4548
- C:\Windows\System\BrmsAhG.exe
  C:\Windows\System\BrmsAhG.exe
  2⤵
  PID:948
- C:\Windows\System\kaOrIoA.exe
  C:\Windows\System\kaOrIoA.exe
  2⤵
  PID:5144
- C:\Windows\System\AHlPvmi.exe
  C:\Windows\System\AHlPvmi.exe
  2⤵
  PID:5172
- C:\Windows\System\eaERkoO.exe
  C:\Windows\System\eaERkoO.exe
  2⤵
  PID:5200
- C:\Windows\System\KpqCCAs.exe
  C:\Windows\System\KpqCCAs.exe
  2⤵
  PID:5228
- C:\Windows\System\UKngZHZ.exe
  C:\Windows\System\UKngZHZ.exe
  2⤵
  PID:5256
- C:\Windows\System\cWfxDDK.exe
  C:\Windows\System\cWfxDDK.exe
  2⤵
  PID:5284
- C:\Windows\System\YkMgqTA.exe
  C:\Windows\System\YkMgqTA.exe
  2⤵
  PID:5312
- C:\Windows\System\BkQsTcJ.exe
  C:\Windows\System\BkQsTcJ.exe
  2⤵
  PID:5340
- C:\Windows\System\VcRxXNq.exe
  C:\Windows\System\VcRxXNq.exe
  2⤵
  PID:5368
- C:\Windows\System\HOhFztc.exe
  C:\Windows\System\HOhFztc.exe
  2⤵
  PID:5396
- C:\Windows\System\EHBowFG.exe
  C:\Windows\System\EHBowFG.exe
  2⤵
  PID:5424
- C:\Windows\System\JOLNuzF.exe
  C:\Windows\System\JOLNuzF.exe
  2⤵
  PID:5452
- C:\Windows\System\IAdEhQG.exe
  C:\Windows\System\IAdEhQG.exe
  2⤵
  PID:5480
- C:\Windows\System\PNfmmqz.exe
  C:\Windows\System\PNfmmqz.exe
  2⤵
  PID:5508
- C:\Windows\System\rYJdKdf.exe
  C:\Windows\System\rYJdKdf.exe
  2⤵
  PID:5536
- C:\Windows\System\BiASnfp.exe
  C:\Windows\System\BiASnfp.exe
  2⤵
  PID:5564
- C:\Windows\System\DeZhAqj.exe
  C:\Windows\System\DeZhAqj.exe
  2⤵
  PID:5592
- C:\Windows\System\GcCiLks.exe
  C:\Windows\System\GcCiLks.exe
  2⤵
  PID:5620
- C:\Windows\System\BSXrXcP.exe
  C:\Windows\System\BSXrXcP.exe
  2⤵
  PID:5648
- C:\Windows\System\rWirXdy.exe
  C:\Windows\System\rWirXdy.exe
  2⤵
  PID:5676
- C:\Windows\System\bfWCaxd.exe
  C:\Windows\System\bfWCaxd.exe
  2⤵
  PID:5700
- C:\Windows\System\hdXmlaF.exe
  C:\Windows\System\hdXmlaF.exe
  2⤵
  PID:5732
- C:\Windows\System\MTdtsjM.exe
  C:\Windows\System\MTdtsjM.exe
  2⤵
  PID:5760
- C:\Windows\System\cffiHxu.exe
  C:\Windows\System\cffiHxu.exe
  2⤵
  PID:5788
- C:\Windows\System\dWTwVzg.exe
  C:\Windows\System\dWTwVzg.exe
  2⤵
  PID:5816
- C:\Windows\System\XChnBrl.exe
  C:\Windows\System\XChnBrl.exe
  2⤵
  PID:5844
- C:\Windows\System\svKqXWg.exe
  C:\Windows\System\svKqXWg.exe
  2⤵
  PID:5872
- C:\Windows\System\ykkkNif.exe
  C:\Windows\System\ykkkNif.exe
  2⤵
  PID:5900
- C:\Windows\System\UZpukZJ.exe
  C:\Windows\System\UZpukZJ.exe
  2⤵
  PID:5928
- C:\Windows\System\LmRSLZz.exe
  C:\Windows\System\LmRSLZz.exe
  2⤵
  PID:5956
- C:\Windows\System\AmKOskp.exe
  C:\Windows\System\AmKOskp.exe
  2⤵
  PID:5984
- C:\Windows\System\JfTOapB.exe
  C:\Windows\System\JfTOapB.exe
  2⤵
  PID:6012
- C:\Windows\System\wBcUuWS.exe
  C:\Windows\System\wBcUuWS.exe
  2⤵
  PID:6040
- C:\Windows\System\IfzcZWZ.exe
  C:\Windows\System\IfzcZWZ.exe
  2⤵
  PID:6068
- C:\Windows\System\lkGyjWs.exe
  C:\Windows\System\lkGyjWs.exe
  2⤵
  PID:6096
- C:\Windows\System\NBnLtfZ.exe
  C:\Windows\System\NBnLtfZ.exe
  2⤵
  PID:6124
- C:\Windows\System\PcOVNOX.exe
  C:\Windows\System\PcOVNOX.exe
  2⤵
  PID:3060
- C:\Windows\System\LouEucU.exe
  C:\Windows\System\LouEucU.exe
  2⤵
  PID:3708
- C:\Windows\System\FhINlAK.exe
  C:\Windows\System\FhINlAK.exe
  2⤵
  PID:2216
- C:\Windows\System\zfROJhm.exe
  C:\Windows\System\zfROJhm.exe
  2⤵
  PID:320
- C:\Windows\System\jFWvhlp.exe
  C:\Windows\System\jFWvhlp.exe
  2⤵
  PID:4372
- C:\Windows\System\uePhRzw.exe
  C:\Windows\System\uePhRzw.exe
  2⤵
  PID:2592
- C:\Windows\System\dWZozTk.exe
  C:\Windows\System\dWZozTk.exe
  2⤵
  PID:4340
- C:\Windows\System\AHgfvOW.exe
  C:\Windows\System\AHgfvOW.exe
  2⤵
  PID:5136
- C:\Windows\System\xAstOEd.exe
  C:\Windows\System\xAstOEd.exe
  2⤵
  PID:5212
- C:\Windows\System\SqPIPFO.exe
  C:\Windows\System\SqPIPFO.exe
  2⤵
  PID:5272
- C:\Windows\System\kKsdVyQ.exe
  C:\Windows\System\kKsdVyQ.exe
  2⤵
  PID:5332
- C:\Windows\System\LlMteYK.exe
  C:\Windows\System\LlMteYK.exe
  2⤵
  PID:5408
- C:\Windows\System\eHaOrPc.exe
  C:\Windows\System\eHaOrPc.exe
  2⤵
  PID:5468
- C:\Windows\System\ovQqNwQ.exe
  C:\Windows\System\ovQqNwQ.exe
  2⤵
  PID:5528
- C:\Windows\System\uuMJXEw.exe
  C:\Windows\System\uuMJXEw.exe
  2⤵
  PID:5604
- C:\Windows\System\CtjnQHW.exe
  C:\Windows\System\CtjnQHW.exe
  2⤵
  PID:5664
- C:\Windows\System\Nqmdbiw.exe
  C:\Windows\System\Nqmdbiw.exe
  2⤵
  PID:5720
- C:\Windows\System\DfvLGHM.exe
  C:\Windows\System\DfvLGHM.exe
  2⤵
  PID:5800
- C:\Windows\System\MQXnhup.exe
  C:\Windows\System\MQXnhup.exe
  2⤵
  PID:5884
- C:\Windows\System\jjpuLYM.exe
  C:\Windows\System\jjpuLYM.exe
  2⤵
  PID:5944
- C:\Windows\System\vgoelJE.exe
  C:\Windows\System\vgoelJE.exe
  2⤵
  PID:5996
- C:\Windows\System\JoZpsBL.exe
  C:\Windows\System\JoZpsBL.exe
  2⤵
  PID:6056
- C:\Windows\System\vjJUyaW.exe
  C:\Windows\System\vjJUyaW.exe
  2⤵
  PID:6112
- C:\Windows\System\xztrKjU.exe
  C:\Windows\System\xztrKjU.exe
  2⤵
  PID:4876
- C:\Windows\System\vjUaZpw.exe
  C:\Windows\System\vjUaZpw.exe
  2⤵
  PID:4888
- C:\Windows\System\CQSbamm.exe
  C:\Windows\System\CQSbamm.exe
  2⤵
  PID:1760
- C:\Windows\System\kphbnDT.exe
  C:\Windows\System\kphbnDT.exe
  2⤵
  PID:5240
- C:\Windows\System\OPavNoN.exe
  C:\Windows\System\OPavNoN.exe
  2⤵
  PID:5360
- C:\Windows\System\AHOMoNJ.exe
  C:\Windows\System\AHOMoNJ.exe
  2⤵
  PID:5520
- C:\Windows\System\SfdFOsN.exe
  C:\Windows\System\SfdFOsN.exe
  2⤵
  PID:5692
- C:\Windows\System\NfbUgWN.exe
  C:\Windows\System\NfbUgWN.exe
  2⤵
  PID:5828
- C:\Windows\System\VAMoKTu.exe
  C:\Windows\System\VAMoKTu.exe
  2⤵
  PID:5940
- C:\Windows\System\mCmQapP.exe
  C:\Windows\System\mCmQapP.exe
  2⤵
  PID:6172
- C:\Windows\System\ExBiRhr.exe
  C:\Windows\System\ExBiRhr.exe
  2⤵
  PID:6200
- C:\Windows\System\WDNNVlm.exe
  C:\Windows\System\WDNNVlm.exe
  2⤵
  PID:6228
- C:\Windows\System\LQVsROC.exe
  C:\Windows\System\LQVsROC.exe
  2⤵
  PID:6252
- C:\Windows\System\wXTwtxU.exe
  C:\Windows\System\wXTwtxU.exe
  2⤵
  PID:6280
- C:\Windows\System\ThlUwTD.exe
  C:\Windows\System\ThlUwTD.exe
  2⤵
  PID:6308
- C:\Windows\System\YixuIOu.exe
  C:\Windows\System\YixuIOu.exe
  2⤵
  PID:6340
- C:\Windows\System\FAmJMrE.exe
  C:\Windows\System\FAmJMrE.exe
  2⤵
  PID:6364
- C:\Windows\System\qwLLOvs.exe
  C:\Windows\System\qwLLOvs.exe
  2⤵
  PID:6392
- C:\Windows\System\vogjqwc.exe
  C:\Windows\System\vogjqwc.exe
  2⤵
  PID:6420
- C:\Windows\System\ngyAjZM.exe
  C:\Windows\System\ngyAjZM.exe
  2⤵
  PID:6452
- C:\Windows\System\meXGKxT.exe
  C:\Windows\System\meXGKxT.exe
  2⤵
  PID:6480
- C:\Windows\System\FMFATrs.exe
  C:\Windows\System\FMFATrs.exe
  2⤵
  PID:6504
- C:\Windows\System\FHNjxMq.exe
  C:\Windows\System\FHNjxMq.exe
  2⤵
  PID:6536
- C:\Windows\System\NgVtSuS.exe
  C:\Windows\System\NgVtSuS.exe
  2⤵
  PID:6564
- C:\Windows\System\lFsNWic.exe
  C:\Windows\System\lFsNWic.exe
  2⤵
  PID:6592
- C:\Windows\System\xTRLmpT.exe
  C:\Windows\System\xTRLmpT.exe
  2⤵
  PID:6620
- C:\Windows\System\vyttlwD.exe
  C:\Windows\System\vyttlwD.exe
  2⤵
  PID:6648
- C:\Windows\System\LVpRpwO.exe
  C:\Windows\System\LVpRpwO.exe
  2⤵
  PID:6676
- C:\Windows\System\ldUsPjr.exe
  C:\Windows\System\ldUsPjr.exe
  2⤵
  PID:6704
- C:\Windows\System\ZFrrkyO.exe
  C:\Windows\System\ZFrrkyO.exe
  2⤵
  PID:6732
- C:\Windows\System\DfThnSa.exe
  C:\Windows\System\DfThnSa.exe
  2⤵
  PID:6760
- C:\Windows\System\PeSfSIN.exe
  C:\Windows\System\PeSfSIN.exe
  2⤵
  PID:6784
- C:\Windows\System\tHcNIdk.exe
  C:\Windows\System\tHcNIdk.exe
  2⤵
  PID:6812
- C:\Windows\System\zoeMIWa.exe
  C:\Windows\System\zoeMIWa.exe
  2⤵
  PID:6840
- C:\Windows\System\gplrCVi.exe
  C:\Windows\System\gplrCVi.exe
  2⤵
  PID:6868
- C:\Windows\System\zluabLD.exe
  C:\Windows\System\zluabLD.exe
  2⤵
  PID:6900
- C:\Windows\System\almUldk.exe
  C:\Windows\System\almUldk.exe
  2⤵
  PID:6928
- C:\Windows\System\uHZrdlg.exe
  C:\Windows\System\uHZrdlg.exe
  2⤵
  PID:6952
- C:\Windows\System\KsrPexU.exe
  C:\Windows\System\KsrPexU.exe
  2⤵
  PID:6980
- C:\Windows\System\KKafyBV.exe
  C:\Windows\System\KKafyBV.exe
  2⤵
  PID:7012
- C:\Windows\System\PxXgyUS.exe
  C:\Windows\System\PxXgyUS.exe
  2⤵
  PID:7040
- C:\Windows\System\hqagCXE.exe
  C:\Windows\System\hqagCXE.exe
  2⤵
  PID:7068
- C:\Windows\System\NNlnYfD.exe
  C:\Windows\System\NNlnYfD.exe
  2⤵
  PID:7096
- C:\Windows\System\MMpXend.exe
  C:\Windows\System\MMpXend.exe
  2⤵
  PID:7124
- C:\Windows\System\MRjXfJU.exe
  C:\Windows\System\MRjXfJU.exe
  2⤵
  PID:7152
- C:\Windows\System\XvjKXNT.exe
  C:\Windows\System\XvjKXNT.exe
  2⤵
  PID:6032
- C:\Windows\System\mfVqJMl.exe
  C:\Windows\System\mfVqJMl.exe
  2⤵
  PID:2236
- C:\Windows\System\ehDWQEc.exe
  C:\Windows\System\ehDWQEc.exe
  2⤵
  PID:5164
- C:\Windows\System\UJbzEOW.exe
  C:\Windows\System\UJbzEOW.exe
  2⤵
  PID:5496
- C:\Windows\System\UwWhasn.exe
  C:\Windows\System\UwWhasn.exe
  2⤵
  PID:5864
- C:\Windows\System\aczklGO.exe
  C:\Windows\System\aczklGO.exe
  2⤵
  PID:6188
- C:\Windows\System\QgiPCuE.exe
  C:\Windows\System\QgiPCuE.exe
  2⤵
  PID:6248
- C:\Windows\System\gEpMaek.exe
  C:\Windows\System\gEpMaek.exe
  2⤵
  PID:6300
- C:\Windows\System\qOayxiq.exe
  C:\Windows\System\qOayxiq.exe
  2⤵
  PID:6360
- C:\Windows\System\IOAoZNX.exe
  C:\Windows\System\IOAoZNX.exe
  2⤵
  PID:6440
- C:\Windows\System\oBTghYx.exe
  C:\Windows\System\oBTghYx.exe
  2⤵
  PID:6496
- C:\Windows\System\nGLIEXz.exe
  C:\Windows\System\nGLIEXz.exe
  2⤵
  PID:6576
- C:\Windows\System\GYDAoRe.exe
  C:\Windows\System\GYDAoRe.exe
  2⤵
  PID:6632
- C:\Windows\System\YGZsmHk.exe
  C:\Windows\System\YGZsmHk.exe
  2⤵
  PID:6692
- C:\Windows\System\hqrwJrU.exe
  C:\Windows\System\hqrwJrU.exe
  2⤵
  PID:6772
- C:\Windows\System\itvZjfi.exe
  C:\Windows\System\itvZjfi.exe
  2⤵
  PID:6832
- C:\Windows\System\sGHNpMB.exe
  C:\Windows\System\sGHNpMB.exe
  2⤵
  PID:6888
- C:\Windows\System\pTlFufb.exe
  C:\Windows\System\pTlFufb.exe
  2⤵
  PID:6948
- C:\Windows\System\TkoZvQe.exe
  C:\Windows\System\TkoZvQe.exe
  2⤵
  PID:7004
- C:\Windows\System\VaVITjp.exe
  C:\Windows\System\VaVITjp.exe
  2⤵
  PID:7060
- C:\Windows\System\HPVdTzK.exe
  C:\Windows\System\HPVdTzK.exe
  2⤵
  PID:7140
- C:\Windows\System\TuVfSTt.exe
  C:\Windows\System\TuVfSTt.exe
  2⤵
  PID:2424
- C:\Windows\System\imTavNF.exe
  C:\Windows\System\imTavNF.exe
  2⤵
  PID:5440
- C:\Windows\System\eYABxok.exe
  C:\Windows\System\eYABxok.exe
  2⤵
  PID:6164
- C:\Windows\System\ImEMSid.exe
  C:\Windows\System\ImEMSid.exe
  2⤵
  PID:6296
- C:\Windows\System\xMtMBIx.exe
  C:\Windows\System\xMtMBIx.exe
  2⤵
  PID:6468
- C:\Windows\System\gqorijA.exe
  C:\Windows\System\gqorijA.exe
  2⤵
  PID:6608
- C:\Windows\System\rWFfrPC.exe
  C:\Windows\System\rWFfrPC.exe
  2⤵
  PID:6744
- C:\Windows\System\cyQeXYC.exe
  C:\Windows\System\cyQeXYC.exe
  2⤵
  PID:6884
- C:\Windows\System\pnVqCWg.exe
  C:\Windows\System\pnVqCWg.exe
  2⤵
  PID:6996
- C:\Windows\System\OXGjZyK.exe
  C:\Windows\System\OXGjZyK.exe
  2⤵
  PID:7188
- C:\Windows\System\aCsvqQm.exe
  C:\Windows\System\aCsvqQm.exe
  2⤵
  PID:7216
- C:\Windows\System\MwzGJJO.exe
  C:\Windows\System\MwzGJJO.exe
  2⤵
  PID:7244
- C:\Windows\System\WohIFvH.exe
  C:\Windows\System\WohIFvH.exe
  2⤵
  PID:7268
- C:\Windows\System\pUKEGne.exe
  C:\Windows\System\pUKEGne.exe
  2⤵
  PID:7300
- C:\Windows\System\arIGQpw.exe
  C:\Windows\System\arIGQpw.exe
  2⤵
  PID:7328
- C:\Windows\System\GExvZQD.exe
  C:\Windows\System\GExvZQD.exe
  2⤵
  PID:7356
- C:\Windows\System\gBqmeZY.exe
  C:\Windows\System\gBqmeZY.exe
  2⤵
  PID:7380
- C:\Windows\System\CTSFvMI.exe
  C:\Windows\System\CTSFvMI.exe
  2⤵
  PID:7408
- C:\Windows\System\cILAUwp.exe
  C:\Windows\System\cILAUwp.exe
  2⤵
  PID:7436
- C:\Windows\System\UlqOkoz.exe
  C:\Windows\System\UlqOkoz.exe
  2⤵
  PID:7468
- C:\Windows\System\fDcGTeG.exe
  C:\Windows\System\fDcGTeG.exe
  2⤵
  PID:7496
- C:\Windows\System\npphvXA.exe
  C:\Windows\System\npphvXA.exe
  2⤵
  PID:7524
- C:\Windows\System\JkyYKlg.exe
  C:\Windows\System\JkyYKlg.exe
  2⤵
  PID:7552
- C:\Windows\System\JEDZDTr.exe
  C:\Windows\System\JEDZDTr.exe
  2⤵
  PID:7580
- C:\Windows\System\qCQHlxE.exe
  C:\Windows\System\qCQHlxE.exe
  2⤵
  PID:7608
- C:\Windows\System\ZPkfbyp.exe
  C:\Windows\System\ZPkfbyp.exe
  2⤵
  PID:7636
- C:\Windows\System\WJOZLxr.exe
  C:\Windows\System\WJOZLxr.exe
  2⤵
  PID:7664
- C:\Windows\System\mrNGihj.exe
  C:\Windows\System\mrNGihj.exe
  2⤵
  PID:7692
- C:\Windows\System\TQAbhjt.exe
  C:\Windows\System\TQAbhjt.exe
  2⤵
  PID:7720
- C:\Windows\System\TuDbYqh.exe
  C:\Windows\System\TuDbYqh.exe
  2⤵
  PID:7748
- C:\Windows\System\qnnzIix.exe
  C:\Windows\System\qnnzIix.exe
  2⤵
  PID:7776
- C:\Windows\System\MHSrUMd.exe
  C:\Windows\System\MHSrUMd.exe
  2⤵
  PID:7804
- C:\Windows\System\CvqHCaK.exe
  C:\Windows\System\CvqHCaK.exe
  2⤵
  PID:7832
- C:\Windows\System\phiXLnj.exe
  C:\Windows\System\phiXLnj.exe
  2⤵
  PID:7860
- C:\Windows\System\PijpClq.exe
  C:\Windows\System\PijpClq.exe
  2⤵
  PID:7888
- C:\Windows\System\RzrcbQa.exe
  C:\Windows\System\RzrcbQa.exe
  2⤵
  PID:7916
- C:\Windows\System\TAvyMme.exe
  C:\Windows\System\TAvyMme.exe
  2⤵
  PID:8008
- C:\Windows\System\TnTvUAh.exe
  C:\Windows\System\TnTvUAh.exe
  2⤵
  PID:8024
- C:\Windows\System\cCCZfoF.exe
  C:\Windows\System\cCCZfoF.exe
  2⤵
  PID:8048
- C:\Windows\System\qEqcwxS.exe
  C:\Windows\System\qEqcwxS.exe
  2⤵
  PID:8072
- C:\Windows\System\UImFALS.exe
  C:\Windows\System\UImFALS.exe
  2⤵
  PID:8112
- C:\Windows\System\uzdeJxa.exe
  C:\Windows\System\uzdeJxa.exe
  2⤵
  PID:8128
- C:\Windows\System\tAHAiZe.exe
  C:\Windows\System\tAHAiZe.exe
  2⤵
  PID:8148
- C:\Windows\System\PzhQJBx.exe
  C:\Windows\System\PzhQJBx.exe
  2⤵
  PID:7112
- C:\Windows\System\MMDJbAo.exe
  C:\Windows\System\MMDJbAo.exe
  2⤵
  PID:3452
- C:\Windows\System\nNzXAdT.exe
  C:\Windows\System\nNzXAdT.exe
  2⤵
  PID:6356
- C:\Windows\System\nctAqhr.exe
  C:\Windows\System\nctAqhr.exe
  2⤵
  PID:6528
- C:\Windows\System\qYzFHGX.exe
  C:\Windows\System\qYzFHGX.exe
  2⤵
  PID:4840
- C:\Windows\System\cwZXxwK.exe
  C:\Windows\System\cwZXxwK.exe
  2⤵
  PID:6856
- C:\Windows\System\qxwKnnf.exe
  C:\Windows\System\qxwKnnf.exe
  2⤵
  PID:6976
- C:\Windows\System\jlwmpNl.exe
  C:\Windows\System\jlwmpNl.exe
  2⤵
  PID:4760
- C:\Windows\System\XAMCpdk.exe
  C:\Windows\System\XAMCpdk.exe
  2⤵
  PID:7228
- C:\Windows\System\iaSvNAX.exe
  C:\Windows\System\iaSvNAX.exe
  2⤵
  PID:7260
- C:\Windows\System\YboWtjZ.exe
  C:\Windows\System\YboWtjZ.exe
  2⤵
  PID:7340
- C:\Windows\System\GaSaUmy.exe
  C:\Windows\System\GaSaUmy.exe
  2⤵
  PID:4808
- C:\Windows\System\ZSTMJPR.exe
  C:\Windows\System\ZSTMJPR.exe
  2⤵
  PID:1196
- C:\Windows\System\BeNDRqe.exe
  C:\Windows\System\BeNDRqe.exe
  2⤵
  PID:7432
- C:\Windows\System\ARGOhXE.exe
  C:\Windows\System\ARGOhXE.exe
  2⤵
  PID:7512
- C:\Windows\System\xiOzWbA.exe
  C:\Windows\System\xiOzWbA.exe
  2⤵
  PID:1564
- C:\Windows\System\ZzgnMHa.exe
  C:\Windows\System\ZzgnMHa.exe
  2⤵
  PID:3612
- C:\Windows\System\UilGxLh.exe
  C:\Windows\System\UilGxLh.exe
  2⤵
  PID:1100
- C:\Windows\System\DPshXyG.exe
  C:\Windows\System\DPshXyG.exe
  2⤵
  PID:7732
- C:\Windows\System\oqcrhSo.exe
  C:\Windows\System\oqcrhSo.exe
  2⤵
  PID:464
- C:\Windows\System\iSJgamR.exe
  C:\Windows\System\iSJgamR.exe
  2⤵
  PID:7844
- C:\Windows\System\OHInQLo.exe
  C:\Windows\System\OHInQLo.exe
  2⤵
  PID:5036
- C:\Windows\System\vkpJPBv.exe
  C:\Windows\System\vkpJPBv.exe
  2⤵
  PID:7904
- C:\Windows\System\MLcqwDD.exe
  C:\Windows\System\MLcqwDD.exe
  2⤵
  PID:7108
- C:\Windows\System\lvnDbDg.exe
  C:\Windows\System\lvnDbDg.exe
  2⤵
  PID:6688
- C:\Windows\System\DcZZOTX.exe
  C:\Windows\System\DcZZOTX.exe
  2⤵
  PID:6552
- C:\Windows\System\QQOVAgO.exe
  C:\Windows\System\QQOVAgO.exe
  2⤵
  PID:7348
- C:\Windows\System\bJGPVOH.exe
  C:\Windows\System\bJGPVOH.exe
  2⤵
  PID:7312
- C:\Windows\System\cqqoKaU.exe
  C:\Windows\System\cqqoKaU.exe
  2⤵
  PID:7648
- C:\Windows\System\SLjqRkJ.exe
  C:\Windows\System\SLjqRkJ.exe
  2⤵
  PID:7484
- C:\Windows\System\FKjqJhs.exe
  C:\Windows\System\FKjqJhs.exe
  2⤵
  PID:7708
- C:\Windows\System\uSUdtOp.exe
  C:\Windows\System\uSUdtOp.exe
  2⤵
  PID:7824
- C:\Windows\System\EPkHIFo.exe
  C:\Windows\System\EPkHIFo.exe
  2⤵
  PID:7876
- C:\Windows\System\rskFiOB.exe
  C:\Windows\System\rskFiOB.exe
  2⤵
  PID:8004
- C:\Windows\System\rYEQgEZ.exe
  C:\Windows\System\rYEQgEZ.exe
  2⤵
  PID:7900
- C:\Windows\System\DlyPjMK.exe
  C:\Windows\System\DlyPjMK.exe
  2⤵
  PID:7180
- C:\Windows\System\UZqMsHE.exe
  C:\Windows\System\UZqMsHE.exe
  2⤵
  PID:8104
- C:\Windows\System\FMbRATY.exe
  C:\Windows\System\FMbRATY.exe
  2⤵
  PID:1260
- C:\Windows\System\gHZvxwN.exe
  C:\Windows\System\gHZvxwN.exe
  2⤵
  PID:7172
- C:\Windows\System\Dbtmoqi.exe
  C:\Windows\System\Dbtmoqi.exe
  2⤵
  PID:7424
- C:\Windows\System\HHEmIBr.exe
  C:\Windows\System\HHEmIBr.exe
  2⤵
  PID:7508
- C:\Windows\System\GGTOZGP.exe
  C:\Windows\System\GGTOZGP.exe
  2⤵
  PID:7740
- C:\Windows\System\MIHJPMr.exe
  C:\Windows\System\MIHJPMr.exe
  2⤵
  PID:7544
- C:\Windows\System\cqDsrOy.exe
  C:\Windows\System\cqDsrOy.exe
  2⤵
  PID:8092
- C:\Windows\System\cMtUVDB.exe
  C:\Windows\System\cMtUVDB.exe
  2⤵
  PID:4724
- C:\Windows\System\BTQIjfc.exe
  C:\Windows\System\BTQIjfc.exe
  2⤵
  PID:6548
- C:\Windows\System\iuoVWKf.exe
  C:\Windows\System\iuoVWKf.exe
  2⤵
  PID:5976
- C:\Windows\System\kyOZQzi.exe
  C:\Windows\System\kyOZQzi.exe
  2⤵
  PID:664
- C:\Windows\System\ACUIrkn.exe
  C:\Windows\System\ACUIrkn.exe
  2⤵
  PID:8220
- C:\Windows\System\ByaTAKZ.exe
  C:\Windows\System\ByaTAKZ.exe
  2⤵
  PID:8248
- C:\Windows\System\cwSaZUN.exe
  C:\Windows\System\cwSaZUN.exe
  2⤵
  PID:8264
- C:\Windows\System\OSaekCt.exe
  C:\Windows\System\OSaekCt.exe
  2⤵
  PID:8300
- C:\Windows\System\tjygRZh.exe
  C:\Windows\System\tjygRZh.exe
  2⤵
  PID:8332
- C:\Windows\System\ZWJbWnY.exe
  C:\Windows\System\ZWJbWnY.exe
  2⤵
  PID:8360
- C:\Windows\System\dsFZAaN.exe
  C:\Windows\System\dsFZAaN.exe
  2⤵
  PID:8388
- C:\Windows\System\JomKyQR.exe
  C:\Windows\System\JomKyQR.exe
  2⤵
  PID:8404
- C:\Windows\System\MxTZLjb.exe
  C:\Windows\System\MxTZLjb.exe
  2⤵
  PID:8444
- C:\Windows\System\rZbHnWg.exe
  C:\Windows\System\rZbHnWg.exe
  2⤵
  PID:8476
- C:\Windows\System\Fdqbdja.exe
  C:\Windows\System\Fdqbdja.exe
  2⤵
  PID:8504
- C:\Windows\System\wTpQBWJ.exe
  C:\Windows\System\wTpQBWJ.exe
  2⤵
  PID:8536
- C:\Windows\System\WaeebaL.exe
  C:\Windows\System\WaeebaL.exe
  2⤵
  PID:8552
- C:\Windows\System\jlYSyyl.exe
  C:\Windows\System\jlYSyyl.exe
  2⤵
  PID:8592
- C:\Windows\System\GPapPRA.exe
  C:\Windows\System\GPapPRA.exe
  2⤵
  PID:8620
- C:\Windows\System\UBgYtBv.exe
  C:\Windows\System\UBgYtBv.exe
  2⤵
  PID:8648
- C:\Windows\System\kBxpdxb.exe
  C:\Windows\System\kBxpdxb.exe
  2⤵
  PID:8664
- C:\Windows\System\YWgJduR.exe
  C:\Windows\System\YWgJduR.exe
  2⤵
  PID:8704
- C:\Windows\System\JkZXWCy.exe
  C:\Windows\System\JkZXWCy.exe
  2⤵
  PID:8732
- C:\Windows\System\pGXLsKO.exe
  C:\Windows\System\pGXLsKO.exe
  2⤵
  PID:8764
- C:\Windows\System\mtwXgHl.exe
  C:\Windows\System\mtwXgHl.exe
  2⤵
  PID:8792
- C:\Windows\System\FWwVVyq.exe
  C:\Windows\System\FWwVVyq.exe
  2⤵
  PID:8820
- C:\Windows\System\rjByBnv.exe
  C:\Windows\System\rjByBnv.exe
  2⤵
  PID:8848
- C:\Windows\System\ZYpgSUj.exe
  C:\Windows\System\ZYpgSUj.exe
  2⤵
  PID:8876
- C:\Windows\System\JvHcwcZ.exe
  C:\Windows\System\JvHcwcZ.exe
  2⤵
  PID:8904
- C:\Windows\System\HxJTmZG.exe
  C:\Windows\System\HxJTmZG.exe
  2⤵
  PID:8932
- C:\Windows\System\oHyPYeZ.exe
  C:\Windows\System\oHyPYeZ.exe
  2⤵
  PID:8960
- C:\Windows\System\pbdVduO.exe
  C:\Windows\System\pbdVduO.exe
  2⤵
  PID:8988
- C:\Windows\System\bIeyvGl.exe
  C:\Windows\System\bIeyvGl.exe
  2⤵
  PID:9024
- C:\Windows\System\iFiSKCd.exe
  C:\Windows\System\iFiSKCd.exe
  2⤵
  PID:9052
- C:\Windows\System\mLxNWYu.exe
  C:\Windows\System\mLxNWYu.exe
  2⤵
  PID:9080
- C:\Windows\System\mBvpHHp.exe
  C:\Windows\System\mBvpHHp.exe
  2⤵
  PID:9108
- C:\Windows\System\TKulCTi.exe
  C:\Windows\System\TKulCTi.exe
  2⤵
  PID:9124
- C:\Windows\System\higEMFk.exe
  C:\Windows\System\higEMFk.exe
  2⤵
  PID:9152
- C:\Windows\System\YVeIRwy.exe
  C:\Windows\System\YVeIRwy.exe
  2⤵
  PID:9180
- C:\Windows\System\tNOfXKI.exe
  C:\Windows\System\tNOfXKI.exe
  2⤵
  PID:9208
- C:\Windows\System\wSBdqYT.exe
  C:\Windows\System\wSBdqYT.exe
  2⤵
  PID:8260
- C:\Windows\System\lhmWZQr.exe
  C:\Windows\System\lhmWZQr.exe
  2⤵
  PID:8372
- C:\Windows\System\maOGYLg.exe
  C:\Windows\System\maOGYLg.exe
  2⤵
  PID:8400
- C:\Windows\System\axdipbx.exe
  C:\Windows\System\axdipbx.exe
  2⤵
  PID:5080
- C:\Windows\System\HOMxXMj.exe
  C:\Windows\System\HOMxXMj.exe
  2⤵
  PID:8496
- C:\Windows\System\gpsmzkW.exe
  C:\Windows\System\gpsmzkW.exe
  2⤵
  PID:8548
- C:\Windows\System\MvuWTyk.exe
  C:\Windows\System\MvuWTyk.exe
  2⤵
  PID:8612
- C:\Windows\System\OIDkTbG.exe
  C:\Windows\System\OIDkTbG.exe
  2⤵
  PID:8688
- C:\Windows\System\DLPsNyj.exe
  C:\Windows\System\DLPsNyj.exe
  2⤵
  PID:8728
- C:\Windows\System\otGkzOy.exe
  C:\Windows\System\otGkzOy.exe
  2⤵
  PID:8808
- C:\Windows\System\DdvDLWD.exe
  C:\Windows\System\DdvDLWD.exe
  2⤵
  PID:8872
- C:\Windows\System\qxirTYE.exe
  C:\Windows\System\qxirTYE.exe
  2⤵
  PID:8920
- C:\Windows\System\tpawRqt.exe
  C:\Windows\System\tpawRqt.exe
  2⤵
  PID:8976
- C:\Windows\System\LjDAZTd.exe
  C:\Windows\System\LjDAZTd.exe
  2⤵
  PID:9048
- C:\Windows\System\hiBIvFP.exe
  C:\Windows\System\hiBIvFP.exe
  2⤵
  PID:9140
- C:\Windows\System\SsDCIam.exe
  C:\Windows\System\SsDCIam.exe
  2⤵
  PID:2196
- C:\Windows\System\GJiikZj.exe
  C:\Windows\System\GJiikZj.exe
  2⤵
  PID:4456
- C:\Windows\System\MlFichw.exe
  C:\Windows\System\MlFichw.exe
  2⤵
  PID:8396
- C:\Windows\System\ozAtrDw.exe
  C:\Windows\System\ozAtrDw.exe
  2⤵
  PID:8492
- C:\Windows\System\qVhnvJT.exe
  C:\Windows\System\qVhnvJT.exe
  2⤵
  PID:8776
- C:\Windows\System\jQEqzSe.exe
  C:\Windows\System\jQEqzSe.exe
  2⤵
  PID:8840
- C:\Windows\System\ZuhzsMS.exe
  C:\Windows\System\ZuhzsMS.exe
  2⤵
  PID:9016
- C:\Windows\System\jhCQZSd.exe
  C:\Windows\System\jhCQZSd.exe
  2⤵
  PID:9172
- C:\Windows\System\NxAOshx.exe
  C:\Windows\System\NxAOshx.exe
  2⤵
  PID:8212
- C:\Windows\System\BsKQbuN.exe
  C:\Windows\System\BsKQbuN.exe
  2⤵
  PID:8632
- C:\Windows\System\lrHcDEE.exe
  C:\Windows\System\lrHcDEE.exe
  2⤵
  PID:2284
- C:\Windows\System\lAnhNRl.exe
  C:\Windows\System\lAnhNRl.exe
  2⤵
  PID:8584
- C:\Windows\System\aGsstNx.exe
  C:\Windows\System\aGsstNx.exe
  2⤵
  PID:4616
- C:\Windows\System\KQBGaUz.exe
  C:\Windows\System\KQBGaUz.exe
  2⤵
  PID:9224
- C:\Windows\System\OXjLbIz.exe
  C:\Windows\System\OXjLbIz.exe
  2⤵
  PID:9248
- C:\Windows\System\NlLBpih.exe
  C:\Windows\System\NlLBpih.exe
  2⤵
  PID:9288
- C:\Windows\System\BecmYTi.exe
  C:\Windows\System\BecmYTi.exe
  2⤵
  PID:9304
- C:\Windows\System\EbmJvUz.exe
  C:\Windows\System\EbmJvUz.exe
  2⤵
  PID:9336
- C:\Windows\System\cAtJggb.exe
  C:\Windows\System\cAtJggb.exe
  2⤵
  PID:9372
- C:\Windows\System\AIsYdsc.exe
  C:\Windows\System\AIsYdsc.exe
  2⤵
  PID:9396
- C:\Windows\System\rRxCdIS.exe
  C:\Windows\System\rRxCdIS.exe
  2⤵
  PID:9428
- C:\Windows\System\kWJZCOw.exe
  C:\Windows\System\kWJZCOw.exe
  2⤵
  PID:9456
- C:\Windows\System\daylWIZ.exe
  C:\Windows\System\daylWIZ.exe
  2⤵
  PID:9476
- C:\Windows\System\MCPlUPp.exe
  C:\Windows\System\MCPlUPp.exe
  2⤵
  PID:9504
- C:\Windows\System\aAAPnqa.exe
  C:\Windows\System\aAAPnqa.exe
  2⤵
  PID:9540
- C:\Windows\System\okdAmNo.exe
  C:\Windows\System\okdAmNo.exe
  2⤵
  PID:9568
- C:\Windows\System\DcIWQyz.exe
  C:\Windows\System\DcIWQyz.exe
  2⤵
  PID:9596
- C:\Windows\System\RSBDvDU.exe
  C:\Windows\System\RSBDvDU.exe
  2⤵
  PID:9620
- C:\Windows\System\itfOmZk.exe
  C:\Windows\System\itfOmZk.exe
  2⤵
  PID:9640
- C:\Windows\System\NOTowCM.exe
  C:\Windows\System\NOTowCM.exe
  2⤵
  PID:9664
- C:\Windows\System\ovpufpb.exe
  C:\Windows\System\ovpufpb.exe
  2⤵
  PID:9696
- C:\Windows\System\nWESfIF.exe
  C:\Windows\System\nWESfIF.exe
  2⤵
  PID:9712
- C:\Windows\System\Jhwqjxz.exe
  C:\Windows\System\Jhwqjxz.exe
  2⤵
  PID:9764
- C:\Windows\System\kNduGhQ.exe
  C:\Windows\System\kNduGhQ.exe
  2⤵
  PID:9792
- C:\Windows\System\cmNCegx.exe
  C:\Windows\System\cmNCegx.exe
  2⤵
  PID:9828
- C:\Windows\System\ThaMzIc.exe
  C:\Windows\System\ThaMzIc.exe
  2⤵
  PID:9844
- C:\Windows\System\ltcELXH.exe
  C:\Windows\System\ltcELXH.exe
  2⤵
  PID:9880
- C:\Windows\System\nBceqnq.exe
  C:\Windows\System\nBceqnq.exe
  2⤵
  PID:9908
- C:\Windows\System\XpLEzAR.exe
  C:\Windows\System\XpLEzAR.exe
  2⤵
  PID:9928
- C:\Windows\System\tNrTmSd.exe
  C:\Windows\System\tNrTmSd.exe
  2⤵
  PID:9956
- C:\Windows\System\CMLAvQw.exe
  C:\Windows\System\CMLAvQw.exe
  2⤵
  PID:9996
- C:\Windows\System\MvepJvk.exe
  C:\Windows\System\MvepJvk.exe
  2⤵
  PID:10032
- C:\Windows\System\xiWIaGL.exe
  C:\Windows\System\xiWIaGL.exe
  2⤵
  PID:10052
- C:\Windows\System\XiEFsUN.exe
  C:\Windows\System\XiEFsUN.exe
  2⤵
  PID:10072
- C:\Windows\System\uaxlPQW.exe
  C:\Windows\System\uaxlPQW.exe
  2⤵
  PID:10104
- C:\Windows\System\aGqKquy.exe
  C:\Windows\System\aGqKquy.exe
  2⤵
  PID:10152
- C:\Windows\System\JBCAvhQ.exe
  C:\Windows\System\JBCAvhQ.exe
  2⤵
  PID:10176
- C:\Windows\System\adZVZGO.exe
  C:\Windows\System\adZVZGO.exe
  2⤵
  PID:10196
- C:\Windows\System\FFQYqxe.exe
  C:\Windows\System\FFQYqxe.exe
  2⤵
  PID:10228
- C:\Windows\System\ERcPust.exe
  C:\Windows\System\ERcPust.exe
  2⤵
  PID:9244
- C:\Windows\System\oOtgclh.exe
  C:\Windows\System\oOtgclh.exe
  2⤵
  PID:9316
- C:\Windows\System\VYrvJbG.exe
  C:\Windows\System\VYrvJbG.exe
  2⤵
  PID:9412
- C:\Windows\System\YwEpNTi.exe
  C:\Windows\System\YwEpNTi.exe
  2⤵
  PID:9464
- C:\Windows\System\xkOnVBK.exe
  C:\Windows\System\xkOnVBK.exe
  2⤵
  PID:9552
- C:\Windows\System\MCPRAiD.exe
  C:\Windows\System\MCPRAiD.exe
  2⤵
  PID:9636
- C:\Windows\System\hZzKCfG.exe
  C:\Windows\System\hZzKCfG.exe
  2⤵
  PID:8356
- C:\Windows\System\HnQCueS.exe
  C:\Windows\System\HnQCueS.exe
  2⤵
  PID:9736
- C:\Windows\System\kfopYoL.exe
  C:\Windows\System\kfopYoL.exe
  2⤵
  PID:9776
- C:\Windows\System\aiWWEDR.exe
  C:\Windows\System\aiWWEDR.exe
  2⤵
  PID:9824
- C:\Windows\System\jxWsAlM.exe
  C:\Windows\System\jxWsAlM.exe
  2⤵
  PID:9900
- C:\Windows\System\HBOzTOz.exe
  C:\Windows\System\HBOzTOz.exe
  2⤵
  PID:9948
- C:\Windows\System\LIzTJKO.exe
  C:\Windows\System\LIzTJKO.exe
  2⤵
  PID:10008
- C:\Windows\System\mrijgZm.exe
  C:\Windows\System\mrijgZm.exe
  2⤵
  PID:10088
- C:\Windows\System\QqeXGuO.exe
  C:\Windows\System\QqeXGuO.exe
  2⤵
  PID:10208
- C:\Windows\System\rroSJmY.exe
  C:\Windows\System\rroSJmY.exe
  2⤵
  PID:9232
- C:\Windows\System\lyHKQsr.exe
  C:\Windows\System\lyHKQsr.exe
  2⤵
  PID:9356
- C:\Windows\System\WMgjrzX.exe
  C:\Windows\System\WMgjrzX.exe
  2⤵
  PID:9632
- C:\Windows\System\LyzFRfs.exe
  C:\Windows\System\LyzFRfs.exe
  2⤵
  PID:9760
- C:\Windows\System\OdmbxEk.exe
  C:\Windows\System\OdmbxEk.exe
  2⤵
  PID:9888
- C:\Windows\System\MHGWkLg.exe
  C:\Windows\System\MHGWkLg.exe
  2⤵
  PID:10060
- C:\Windows\System\iKPUUQX.exe
  C:\Windows\System\iKPUUQX.exe
  2⤵
  PID:9296
- C:\Windows\System\OUjtWvK.exe
  C:\Windows\System\OUjtWvK.exe
  2⤵
  PID:9524
- C:\Windows\System\pIcUSHC.exe
  C:\Windows\System\pIcUSHC.exe
  2⤵
  PID:9976
- C:\Windows\System\hFQVlOW.exe
  C:\Windows\System\hFQVlOW.exe
  2⤵
  PID:9516
- C:\Windows\System\RdTgSeU.exe
  C:\Windows\System\RdTgSeU.exe
  2⤵
  PID:10248
- C:\Windows\System\bLlmZCC.exe
  C:\Windows\System\bLlmZCC.exe
  2⤵
  PID:10264
- C:\Windows\System\dFjGsfI.exe
  C:\Windows\System\dFjGsfI.exe
  2⤵
  PID:10296
- C:\Windows\System\tAoqvHb.exe
  C:\Windows\System\tAoqvHb.exe
  2⤵
  PID:10324
- C:\Windows\System\NdLtzfj.exe
  C:\Windows\System\NdLtzfj.exe
  2⤵
  PID:10352
- C:\Windows\System\fYdGjJk.exe
  C:\Windows\System\fYdGjJk.exe
  2⤵
  PID:10376
- C:\Windows\System\SumnyjZ.exe
  C:\Windows\System\SumnyjZ.exe
  2⤵
  PID:10404
- C:\Windows\System\FqREeFe.exe
  C:\Windows\System\FqREeFe.exe
  2⤵
  PID:10436
- C:\Windows\System\IkLLVpt.exe
  C:\Windows\System\IkLLVpt.exe
  2⤵
  PID:10460
- C:\Windows\System\JozAmfx.exe
  C:\Windows\System\JozAmfx.exe
  2⤵
  PID:10476
- C:\Windows\System\uPfgqoc.exe
  C:\Windows\System\uPfgqoc.exe
  2⤵
  PID:10496
- C:\Windows\System\dkkUAqN.exe
  C:\Windows\System\dkkUAqN.exe
  2⤵
  PID:10528
- C:\Windows\System\CHBNCLT.exe
  C:\Windows\System\CHBNCLT.exe
  2⤵
  PID:10588
- C:\Windows\System\TMpjxHF.exe
  C:\Windows\System\TMpjxHF.exe
  2⤵
  PID:10608
- C:\Windows\System\DpOkncd.exe
  C:\Windows\System\DpOkncd.exe
  2⤵
  PID:10640
- C:\Windows\System\YPAkCac.exe
  C:\Windows\System\YPAkCac.exe
  2⤵
  PID:10668
- C:\Windows\System\UeFFLaV.exe
  C:\Windows\System\UeFFLaV.exe
  2⤵
  PID:10692
- C:\Windows\System\bOhBnEW.exe
  C:\Windows\System\bOhBnEW.exe
  2⤵
  PID:10732
- C:\Windows\System\tKkoeGl.exe
  C:\Windows\System\tKkoeGl.exe
  2⤵
  PID:10748
- C:\Windows\System\HISYtap.exe
  C:\Windows\System\HISYtap.exe
  2⤵
  PID:10788
- C:\Windows\System\GZWQaTj.exe
  C:\Windows\System\GZWQaTj.exe
  2⤵
  PID:10820
- C:\Windows\System\SZxhbNP.exe
  C:\Windows\System\SZxhbNP.exe
  2⤵
  PID:10848
- C:\Windows\System\IopPuaV.exe
  C:\Windows\System\IopPuaV.exe
  2⤵
  PID:10876
- C:\Windows\System\hixmxSZ.exe
  C:\Windows\System\hixmxSZ.exe
  2⤵
  PID:10892
- C:\Windows\System\PQTCLCA.exe
  C:\Windows\System\PQTCLCA.exe
  2⤵
  PID:10920
- C:\Windows\System\hzriuAU.exe
  C:\Windows\System\hzriuAU.exe
  2⤵
  PID:10960
- C:\Windows\System\RMYAFGE.exe
  C:\Windows\System\RMYAFGE.exe
  2⤵
  PID:10976
- C:\Windows\System\eVeizSi.exe
  C:\Windows\System\eVeizSi.exe
  2⤵
  PID:11016
- C:\Windows\System\KFRvhlj.exe
  C:\Windows\System\KFRvhlj.exe
  2⤵
  PID:11044
- C:\Windows\System\KaoDmiU.exe
  C:\Windows\System\KaoDmiU.exe
  2⤵
  PID:11072
- C:\Windows\System\JlZWddc.exe
  C:\Windows\System\JlZWddc.exe
  2⤵
  PID:11100
- C:\Windows\System\PBoBsLf.exe
  C:\Windows\System\PBoBsLf.exe
  2⤵
  PID:11120
- C:\Windows\System\DQuxQup.exe
  C:\Windows\System\DQuxQup.exe
  2⤵
  PID:11144
- C:\Windows\System\ekCjmiq.exe
  C:\Windows\System\ekCjmiq.exe
  2⤵
  PID:11184
- C:\Windows\System\AVVxVkf.exe
  C:\Windows\System\AVVxVkf.exe
  2⤵
  PID:11212
- C:\Windows\System\xlgmxiC.exe
  C:\Windows\System\xlgmxiC.exe
  2⤵
  PID:11232
- C:\Windows\System\AhVQkgP.exe
  C:\Windows\System\AhVQkgP.exe
  2⤵
  PID:10216
- C:\Windows\System\MCLzBBt.exe
  C:\Windows\System\MCLzBBt.exe
  2⤵
  PID:10292
- C:\Windows\System\rZiaedm.exe
  C:\Windows\System\rZiaedm.exe
  2⤵
  PID:10360
- C:\Windows\System\fdoXjKG.exe
  C:\Windows\System\fdoXjKG.exe
  2⤵
  PID:10452
- C:\Windows\System\UheZaXb.exe
  C:\Windows\System\UheZaXb.exe
  2⤵
  PID:10504
- C:\Windows\System\aOgigSF.exe
  C:\Windows\System\aOgigSF.exe
  2⤵
  PID:10568
- C:\Windows\System\IaUDwvb.exe
  C:\Windows\System\IaUDwvb.exe
  2⤵
  PID:10600
- C:\Windows\System\QDSfPjI.exe
  C:\Windows\System\QDSfPjI.exe
  2⤵
  PID:10676
- C:\Windows\System\OTKJyLy.exe
  C:\Windows\System\OTKJyLy.exe
  2⤵
  PID:10728
- C:\Windows\System\uNClSFX.exe
  C:\Windows\System\uNClSFX.exe
  2⤵
  PID:10784
- C:\Windows\System\fyYpxzo.exe
  C:\Windows\System\fyYpxzo.exe
  2⤵
  PID:10836
- C:\Windows\System\gEBPEwe.exe
  C:\Windows\System\gEBPEwe.exe
  2⤵
  PID:10952
- C:\Windows\System\JMcnrhV.exe
  C:\Windows\System\JMcnrhV.exe
  2⤵
  PID:11032
- C:\Windows\System\CFSXvDL.exe
  C:\Windows\System\CFSXvDL.exe
  2⤵
  PID:11088
- C:\Windows\System\RMbyWgu.exe
  C:\Windows\System\RMbyWgu.exe
  2⤵
  PID:11160
- C:\Windows\System\BmZSwPH.exe
  C:\Windows\System\BmZSwPH.exe
  2⤵
  PID:11200
- C:\Windows\System\vGcYTeA.exe
  C:\Windows\System\vGcYTeA.exe
  2⤵
  PID:11260
- C:\Windows\System\zdGknQk.exe
  C:\Windows\System\zdGknQk.exe
  2⤵
  PID:8204
- C:\Windows\System\rttITkL.exe
  C:\Windows\System\rttITkL.exe
  2⤵
  PID:8464
- C:\Windows\System\EbnKdqQ.exe
  C:\Windows\System\EbnKdqQ.exe
  2⤵
  PID:10472
- C:\Windows\System\KydXNJu.exe
  C:\Windows\System\KydXNJu.exe
  2⤵
  PID:10632
- C:\Windows\System\AmafYeu.exe
  C:\Windows\System\AmafYeu.exe
  2⤵
  PID:10712
- C:\Windows\System\agNqNzM.exe
  C:\Windows\System\agNqNzM.exe
  2⤵
  PID:10940
- C:\Windows\System\pYJkTID.exe
  C:\Windows\System\pYJkTID.exe
  2⤵
  PID:11128
- C:\Windows\System\KOQvUXJ.exe
  C:\Windows\System\KOQvUXJ.exe
  2⤵
  PID:11204
- C:\Windows\System\uCOWBlP.exe
  C:\Windows\System\uCOWBlP.exe
  2⤵
  PID:10368
- C:\Windows\System\IAcQVzY.exe
  C:\Windows\System\IAcQVzY.exe
  2⤵
  PID:10764
- C:\Windows\System\Edsrpls.exe
  C:\Windows\System\Edsrpls.exe
  2⤵
  PID:10604
- C:\Windows\System\zNsyoss.exe
  C:\Windows\System\zNsyoss.exe
  2⤵
  PID:6108
- C:\Windows\System\UuLUKNU.exe
  C:\Windows\System\UuLUKNU.exe
  2⤵
  PID:11064
- C:\Windows\System\txvDKGe.exe
  C:\Windows\System\txvDKGe.exe
  2⤵
  PID:10284
- C:\Windows\System\RWwRwzj.exe
  C:\Windows\System\RWwRwzj.exe
  2⤵
  PID:11284
- C:\Windows\System\HnPEAgo.exe
  C:\Windows\System\HnPEAgo.exe
  2⤵
  PID:11304
- C:\Windows\System\ylBrnjv.exe
  C:\Windows\System\ylBrnjv.exe
  2⤵
  PID:11324
- C:\Windows\System\eisqkMF.exe
  C:\Windows\System\eisqkMF.exe
  2⤵
  PID:11364
- C:\Windows\System\KuokFEb.exe
  C:\Windows\System\KuokFEb.exe
  2⤵
  PID:11388
- C:\Windows\System\dimbAWX.exe
  C:\Windows\System\dimbAWX.exe
  2⤵
  PID:11436
- C:\Windows\System\NYtOJAz.exe
  C:\Windows\System\NYtOJAz.exe
  2⤵
  PID:11460
- C:\Windows\System\lcmSikt.exe
  C:\Windows\System\lcmSikt.exe
  2⤵
  PID:11496
- C:\Windows\System\eZlaJBN.exe
  C:\Windows\System\eZlaJBN.exe
  2⤵
  PID:11528
- C:\Windows\System\BIDJixy.exe
  C:\Windows\System\BIDJixy.exe
  2⤵
  PID:11556
- C:\Windows\System\PVdkFGY.exe
  C:\Windows\System\PVdkFGY.exe
  2⤵
  PID:11584
- C:\Windows\System\CmwqCcO.exe
  C:\Windows\System\CmwqCcO.exe
  2⤵
  PID:11612
- C:\Windows\System\khLkmJZ.exe
  C:\Windows\System\khLkmJZ.exe
  2⤵
  PID:11636
- C:\Windows\System\hFsfOqu.exe
  C:\Windows\System\hFsfOqu.exe
  2⤵
  PID:11664
- C:\Windows\System\TGkYcKK.exe
  C:\Windows\System\TGkYcKK.exe
  2⤵
  PID:11688
- C:\Windows\System\xOCJQaF.exe
  C:\Windows\System\xOCJQaF.exe
  2⤵
  PID:11724
- C:\Windows\System\ydTuNXt.exe
  C:\Windows\System\ydTuNXt.exe
  2⤵
  PID:11740
- C:\Windows\System\enqbanF.exe
  C:\Windows\System\enqbanF.exe
  2⤵
  PID:11768
- C:\Windows\System\yuLuxrp.exe
  C:\Windows\System\yuLuxrp.exe
  2⤵
  PID:11800
- C:\Windows\System\FrVZrxh.exe
  C:\Windows\System\FrVZrxh.exe
  2⤵
  PID:11824
- C:\Windows\System\pzFPwMU.exe
  C:\Windows\System\pzFPwMU.exe
  2⤵
  PID:11864
- C:\Windows\System\PdHemZX.exe
  C:\Windows\System\PdHemZX.exe
  2⤵
  PID:11892
- C:\Windows\System\eNPeROk.exe
  C:\Windows\System\eNPeROk.exe
  2⤵
  PID:11920
- C:\Windows\System\ytVafhM.exe
  C:\Windows\System\ytVafhM.exe
  2⤵
  PID:11940
- C:\Windows\System\FrHqWeC.exe
  C:\Windows\System\FrHqWeC.exe
  2⤵
  PID:11964
- C:\Windows\System\bduWkhy.exe
  C:\Windows\System\bduWkhy.exe
  2⤵
  PID:12004
- C:\Windows\System\swIJdaT.exe
  C:\Windows\System\swIJdaT.exe
  2⤵
  PID:12028
- C:\Windows\System\LjXMUwF.exe
  C:\Windows\System\LjXMUwF.exe
  2⤵
  PID:12048
- C:\Windows\System\lYnCztp.exe
  C:\Windows\System\lYnCztp.exe
  2⤵
  PID:12088
- C:\Windows\System\bhdBmSa.exe
  C:\Windows\System\bhdBmSa.exe
  2⤵
  PID:12116
- C:\Windows\System\MLUBZep.exe
  C:\Windows\System\MLUBZep.exe
  2⤵
  PID:12144
- C:\Windows\System\yDyEyUT.exe
  C:\Windows\System\yDyEyUT.exe
  2⤵
  PID:12164
- C:\Windows\System\lGzJLel.exe
  C:\Windows\System\lGzJLel.exe
  2⤵
  PID:12208
- C:\Windows\System\ptnuZEj.exe
  C:\Windows\System\ptnuZEj.exe
  2⤵
  PID:12236
- C:\Windows\System\TyJTvTj.exe
  C:\Windows\System\TyJTvTj.exe
  2⤵
  PID:12252
- C:\Windows\System\Rlcpesv.exe
  C:\Windows\System\Rlcpesv.exe
  2⤵
  PID:10656
- C:\Windows\System\RBerQGs.exe
  C:\Windows\System\RBerQGs.exe
  2⤵
  PID:11348
- C:\Windows\System\NWElrEs.exe
  C:\Windows\System\NWElrEs.exe
  2⤵
  PID:11376
- C:\Windows\System\BoEiOCG.exe
  C:\Windows\System\BoEiOCG.exe
  2⤵
  PID:11432
- C:\Windows\System\fuKptYk.exe
  C:\Windows\System\fuKptYk.exe
  2⤵
  PID:11504
- C:\Windows\System\YtEzSom.exe
  C:\Windows\System\YtEzSom.exe
  2⤵
  PID:11600
- C:\Windows\System\rkYNRen.exe
  C:\Windows\System\rkYNRen.exe
  2⤵
  PID:11708
- C:\Windows\System\ZTDPKvg.exe
  C:\Windows\System\ZTDPKvg.exe
  2⤵
  PID:11756
- C:\Windows\System\exvOVCY.exe
  C:\Windows\System\exvOVCY.exe
  2⤵
  PID:11820
- C:\Windows\System\PAmzhGW.exe
  C:\Windows\System\PAmzhGW.exe
  2⤵
  PID:11916
- C:\Windows\System\JNEfVYY.exe
  C:\Windows\System\JNEfVYY.exe
  2⤵
  PID:11948
- C:\Windows\System\gxkzmaH.exe
  C:\Windows\System\gxkzmaH.exe
  2⤵
  PID:12036
- C:\Windows\System\fNmtQjA.exe
  C:\Windows\System\fNmtQjA.exe
  2⤵
  PID:12080
- C:\Windows\System\otMjlgj.exe
  C:\Windows\System\otMjlgj.exe
  2⤵
  PID:12160
- C:\Windows\System\TGWuvpR.exe
  C:\Windows\System\TGWuvpR.exe
  2⤵
  PID:12224
- C:\Windows\System\rNzRSGl.exe
  C:\Windows\System\rNzRSGl.exe
  2⤵
  PID:11316
- C:\Windows\System\iMRSBZX.exe
  C:\Windows\System\iMRSBZX.exe
  2⤵
  PID:11404
- C:\Windows\System\hkyQfZc.exe
  C:\Windows\System\hkyQfZc.exe
  2⤵
  PID:11576
- C:\Windows\System\uZQutgg.exe
  C:\Windows\System\uZQutgg.exe
  2⤵
  PID:11736
- C:\Windows\System\QTcFYji.exe
  C:\Windows\System\QTcFYji.exe
  2⤵
  PID:11932
- C:\Windows\System\jwpIkvo.exe
  C:\Windows\System\jwpIkvo.exe
  2⤵
  PID:12040
- C:\Windows\System\HrWZmGp.exe
  C:\Windows\System\HrWZmGp.exe
  2⤵
  PID:11312
- C:\Windows\System\BiNcdbh.exe
  C:\Windows\System\BiNcdbh.exe
  2⤵
  PID:11544
- C:\Windows\System\aduikPE.exe
  C:\Windows\System\aduikPE.exe
  2⤵
  PID:11928
- C:\Windows\System\iPPZoMc.exe
  C:\Windows\System\iPPZoMc.exe
  2⤵
  PID:11384
- C:\Windows\System\tSFjkWB.exe
  C:\Windows\System\tSFjkWB.exe
  2⤵
  PID:12204
- C:\Windows\System\kvAgVeD.exe
  C:\Windows\System\kvAgVeD.exe
  2⤵
  PID:12296
- C:\Windows\System\vlFnnaD.exe
  C:\Windows\System\vlFnnaD.exe
  2⤵
  PID:12324
- C:\Windows\System\iXGPekc.exe
  C:\Windows\System\iXGPekc.exe
  2⤵
  PID:12340
- C:\Windows\System\NWyYWHe.exe
  C:\Windows\System\NWyYWHe.exe
  2⤵
  PID:12380
- C:\Windows\System\rgjQxAr.exe
  C:\Windows\System\rgjQxAr.exe
  2⤵
  PID:12408
- C:\Windows\System\JLfCbeh.exe
  C:\Windows\System\JLfCbeh.exe
  2⤵
  PID:12436
- C:\Windows\System\AONWiks.exe
  C:\Windows\System\AONWiks.exe
  2⤵
  PID:12452
- C:\Windows\System\MyXRppa.exe
  C:\Windows\System\MyXRppa.exe
  2⤵
  PID:12484
- C:\Windows\System\WikvywM.exe
  C:\Windows\System\WikvywM.exe
  2⤵
  PID:12516
- C:\Windows\System\UILcAgr.exe
  C:\Windows\System\UILcAgr.exe
  2⤵
  PID:12544
- C:\Windows\System\qzzfEVi.exe
  C:\Windows\System\qzzfEVi.exe
  2⤵
  PID:12576
- C:\Windows\System\QHbfLNB.exe
  C:\Windows\System\QHbfLNB.exe
  2⤵
  PID:12600
- C:\Windows\System\DZZuHuf.exe
  C:\Windows\System\DZZuHuf.exe
  2⤵
  PID:12632
- C:\Windows\System\LQTgsGL.exe
  C:\Windows\System\LQTgsGL.exe
  2⤵
  PID:12660
- C:\Windows\System\MQWJXKR.exe
  C:\Windows\System\MQWJXKR.exe
  2⤵
  PID:12688
- C:\Windows\System\dYNqILw.exe
  C:\Windows\System\dYNqILw.exe
  2⤵
  PID:12716
- C:\Windows\System\zvpFXuH.exe
  C:\Windows\System\zvpFXuH.exe
  2⤵
  PID:12748
- C:\Windows\System\GaXEpDD.exe
  C:\Windows\System\GaXEpDD.exe
  2⤵
  PID:12776
- C:\Windows\System\mkxmFbJ.exe
  C:\Windows\System\mkxmFbJ.exe
  2⤵
  PID:12792
- C:\Windows\System\NblrjcJ.exe
  C:\Windows\System\NblrjcJ.exe
  2⤵
  PID:12820
- C:\Windows\System\ZtlTLdI.exe
  C:\Windows\System\ZtlTLdI.exe
  2⤵
  PID:12864
- C:\Windows\System\mmrWiwK.exe
  C:\Windows\System\mmrWiwK.exe
  2⤵
  PID:12884
- C:\Windows\System\yOGonTy.exe
  C:\Windows\System\yOGonTy.exe
  2⤵
  PID:12908
- C:\Windows\System\MQEhMhw.exe
  C:\Windows\System\MQEhMhw.exe
  2⤵
  PID:12936
- C:\Windows\System\nXFIwnd.exe
  C:\Windows\System\nXFIwnd.exe
  2⤵
  PID:12968
- C:\Windows\System\JfzTZiz.exe
  C:\Windows\System\JfzTZiz.exe
  2⤵
  PID:12988
- C:\Windows\System\HBMwHQv.exe
  C:\Windows\System\HBMwHQv.exe
  2⤵
  PID:13020
- C:\Windows\System\tPRJTJG.exe
  C:\Windows\System\tPRJTJG.exe
  2⤵
  PID:13036
- C:\Windows\System\HVLDbuK.exe
  C:\Windows\System\HVLDbuK.exe
  2⤵
  PID:13084
- C:\Windows\System\vtRHuOG.exe
  C:\Windows\System\vtRHuOG.exe
  2⤵
  PID:13104
- C:\Windows\System\IwFnMtE.exe
  C:\Windows\System\IwFnMtE.exe
  2⤵
  PID:13128
- C:\Windows\System\mPxEAIg.exe
  C:\Windows\System\mPxEAIg.exe
  2⤵
  PID:13168
- C:\Windows\System\nlNcVub.exe
  C:\Windows\System\nlNcVub.exe
  2⤵
  PID:13200
- C:\Windows\System\hOGBcIm.exe
  C:\Windows\System\hOGBcIm.exe
  2⤵
  PID:13228
- C:\Windows\System\JqauKVr.exe
  C:\Windows\System\JqauKVr.exe
  2⤵
  PID:13248
- C:\Windows\System\dCAjrZI.exe
  C:\Windows\System\dCAjrZI.exe
  2⤵
  PID:13284
- C:\Windows\System\RNMImjQ.exe
  C:\Windows\System\RNMImjQ.exe
  2⤵
  PID:11888
- C:\Windows\System\vwiyrCK.exe
  C:\Windows\System\vwiyrCK.exe
  2⤵
  PID:12332
- C:\Windows\System\gVxBbdS.exe
  C:\Windows\System\gVxBbdS.exe
  2⤵
  PID:12420
- C:\Windows\System\NtNdOVz.exe
  C:\Windows\System\NtNdOVz.exe
  2⤵
  PID:12476
- C:\Windows\System\vFQJOhl.exe
  C:\Windows\System\vFQJOhl.exe
  2⤵
  PID:12560
- C:\Windows\System\bqgrGtZ.exe
  C:\Windows\System\bqgrGtZ.exe
  2⤵
  PID:12616
- C:\Windows\System\UkSdUMJ.exe
  C:\Windows\System\UkSdUMJ.exe
  2⤵
  PID:12672
- C:\Windows\System\cNnqISo.exe
  C:\Windows\System\cNnqISo.exe
  2⤵
  PID:12740
- C:\Windows\System\SZGUpbx.exe
  C:\Windows\System\SZGUpbx.exe
  2⤵
  PID:12804
- C:\Windows\System\TfNpkVY.exe
  C:\Windows\System\TfNpkVY.exe
  2⤵
  PID:12860
- C:\Windows\System\MZrjOUl.exe
  C:\Windows\System\MZrjOUl.exe
  2⤵
  PID:12896
- C:\Windows\System\cVaHSiH.exe
  C:\Windows\System\cVaHSiH.exe
  2⤵
  PID:12976
- C:\Windows\System\tnmWhKL.exe
  C:\Windows\System\tnmWhKL.exe
  2⤵
  PID:13056
- C:\Windows\System\wVLUFQx.exe
  C:\Windows\System\wVLUFQx.exe
  2⤵
  PID:13124
- C:\Windows\System\WYDLENe.exe
  C:\Windows\System\WYDLENe.exe
  2⤵
  PID:13192
- C:\Windows\System\Ujpcxwf.exe
  C:\Windows\System\Ujpcxwf.exe
  2⤵
  PID:13280
- C:\Windows\System\euAwYXf.exe
  C:\Windows\System\euAwYXf.exe
  2⤵
  PID:1816
- C:\Windows\System\IMGdNjP.exe
  C:\Windows\System\IMGdNjP.exe
  2⤵
  PID:13308
- C:\Windows\System\IohiAnu.exe
  C:\Windows\System\IohiAnu.exe
  2⤵
  PID:12448
- C:\Windows\System\xhKbNbF.exe
  C:\Windows\System\xhKbNbF.exe
  2⤵
  PID:12588
- C:\Windows\System\mTNYsme.exe
  C:\Windows\System\mTNYsme.exe
  2⤵
  PID:12728
- C:\Windows\System\HXyYNuv.exe
  C:\Windows\System\HXyYNuv.exe
  2⤵
  PID:12892
- C:\Windows\System\lnXGRef.exe
  C:\Windows\System\lnXGRef.exe
  2⤵
  PID:12984
- C:\Windows\System\FclWDcm.exe
  C:\Windows\System\FclWDcm.exe
  2⤵
  PID:13184
- C:\Windows\System\WemRzaC.exe
  C:\Windows\System\WemRzaC.exe
  2⤵
  PID:13296
- C:\Windows\System\nXkqUVd.exe
  C:\Windows\System\nXkqUVd.exe
  2⤵
  PID:12500
- C:\Windows\System\qCTXUoC.exe
  C:\Windows\System\qCTXUoC.exe
  2⤵
  PID:12836
- C:\Windows\System\tztUphn.exe
  C:\Windows\System\tztUphn.exe
  2⤵
  PID:13100
- C:\Windows\System\LnFlUlK.exe
  C:\Windows\System\LnFlUlK.exe
  2⤵
  PID:12812
- C:\Windows\System\hojDJlA.exe
  C:\Windows\System\hojDJlA.exe
  2⤵
  PID:12524
- C:\Windows\System\fwyvpvK.exe
  C:\Windows\System\fwyvpvK.exe
  2⤵
  PID:13320
- C:\Windows\System\qlCtYSM.exe
  C:\Windows\System\qlCtYSM.exe
  2⤵
  PID:13336
- C:\Windows\System\ySXZLaT.exe
  C:\Windows\System\ySXZLaT.exe
  2⤵
  PID:13368
- C:\Windows\System\NtKhgJY.exe
  C:\Windows\System\NtKhgJY.exe
  2⤵
  PID:13408
- C:\Windows\System\ReOKVOz.exe
  C:\Windows\System\ReOKVOz.exe
  2⤵
  PID:13436
- C:\Windows\System\SOJzxhG.exe
  C:\Windows\System\SOJzxhG.exe
  2⤵
  PID:13452
- C:\Windows\System\wsbGPVp.exe
  C:\Windows\System\wsbGPVp.exe
  2⤵
  PID:13492
- C:\Windows\System\SJRMLRp.exe
  C:\Windows\System\SJRMLRp.exe
  2⤵
  PID:13520
- C:\Windows\System\LEFvVBe.exe
  C:\Windows\System\LEFvVBe.exe
  2⤵
  PID:13548
- C:\Windows\System\LIXnNQY.exe
  C:\Windows\System\LIXnNQY.exe
  2⤵
  PID:13564
- C:\Windows\System\UuHdlQe.exe
  C:\Windows\System\UuHdlQe.exe
  2⤵
  PID:13592
- C:\Windows\System\dBKXiKl.exe
  C:\Windows\System\dBKXiKl.exe
  2⤵
  PID:13624
- C:\Windows\System\pFfBsLZ.exe
  C:\Windows\System\pFfBsLZ.exe
  2⤵
  PID:13648
- C:\Windows\System\ynPtdOc.exe
  C:\Windows\System\ynPtdOc.exe
  2⤵
  PID:13684
- C:\Windows\System\KHLZTas.exe
  C:\Windows\System\KHLZTas.exe
  2⤵
  PID:13716
- C:\Windows\System\DSBCrRl.exe
  C:\Windows\System\DSBCrRl.exe
  2⤵
  PID:13744
- C:\Windows\System\zgfFBTp.exe
  C:\Windows\System\zgfFBTp.exe
  2⤵
  PID:13764
- C:\Windows\System\RAdHdpx.exe
  C:\Windows\System\RAdHdpx.exe
  2⤵
  PID:13796
- C:\Windows\System\zPVRQxx.exe
  C:\Windows\System\zPVRQxx.exe
  2⤵
  PID:13812
- C:\Windows\System\fbVWCWb.exe
  C:\Windows\System\fbVWCWb.exe
  2⤵
  PID:13848
- C:\Windows\System\wJpglWR.exe
  C:\Windows\System\wJpglWR.exe
  2⤵
  PID:13876
- C:\Windows\System\ttXsNQy.exe
  C:\Windows\System\ttXsNQy.exe
  2⤵
  PID:13908
- C:\Windows\System\MMsqcyn.exe
  C:\Windows\System\MMsqcyn.exe
  2⤵
  PID:13940
- C:\Windows\System\rGHJmsP.exe
  C:\Windows\System\rGHJmsP.exe
  2⤵
  PID:13964
- C:\Windows\System\JWhJGAn.exe
  C:\Windows\System\JWhJGAn.exe
  2⤵
  PID:13984
- C:\Windows\System\CKkjsJV.exe
  C:\Windows\System\CKkjsJV.exe
  2⤵
  PID:14024
- C:\Windows\System\xundnCB.exe
  C:\Windows\System\xundnCB.exe
  2⤵
  PID:14052
- C:\Windows\System\KTLHmqg.exe
  C:\Windows\System\KTLHmqg.exe
  2⤵
  PID:14076
- C:\Windows\System\zGSLwAt.exe
  C:\Windows\System\zGSLwAt.exe
  2⤵
  PID:14096
- C:\Windows\System\JKfzFeN.exe
  C:\Windows\System\JKfzFeN.exe
  2⤵
  PID:14136
- C:\Windows\System\MmjSUir.exe
  C:\Windows\System\MmjSUir.exe
  2⤵
  PID:14164
- C:\Windows\System\ENzGEcY.exe
  C:\Windows\System\ENzGEcY.exe
  2⤵
  PID:14180
- C:\Windows\System\EYSnMeK.exe
  C:\Windows\System\EYSnMeK.exe
  2⤵
  PID:14220
- C:\Windows\System\KTmAyxL.exe
  C:\Windows\System\KTmAyxL.exe
  2⤵
  PID:14248
- C:\Windows\System\vlukRYD.exe
  C:\Windows\System\vlukRYD.exe
  2⤵
  PID:14276
- C:\Windows\System\zUssexE.exe
  C:\Windows\System\zUssexE.exe
  2⤵
  PID:14292
- C:\Windows\System\zhaCNwT.exe
  C:\Windows\System\zhaCNwT.exe
  2⤵
  PID:14320
- C:\Windows\System\UVbLtNs.exe
  C:\Windows\System\UVbLtNs.exe
  2⤵
  PID:13316
- C:\Windows\System\xnGTwfO.exe
  C:\Windows\System\xnGTwfO.exe
  2⤵
  PID:13396
- C:\Windows\System\ooPBdJq.exe
  C:\Windows\System\ooPBdJq.exe
  2⤵
  PID:13504

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AkfCmxx.exe

Filesize
2.4MB

MD5
f49741dfedbdc7b0fe17c8a7b982e44e

SHA1
84e766d0f0c700e16f82a835648a45f55e1f9fff

SHA256
4289237d5ea8e0d903473abd7c3f56dc910dbc2f37d7351fb4509ccca0640d31

SHA512
22c05ab1e957750e83bec11a4f002b79718d493e505b080e2fcd9124369f108327286110cf534e624daed4884fc631f0b98c7c3bcaa0859c84903b6815a7fc20

Download Submit
C:\Windows\System\Axzfbxa.exe

Filesize
2.4MB

MD5
630fc5dbc39baf18a33f357bfe3d3941

SHA1
4520f3577d34c3601357fc57834827b1203dfaee

SHA256
2d290dd8a1f8c07a49d89676a5a9ca8f7ad85fb7c0dda9211b46681e9dda3c98

SHA512
ad6b79f02844fa74fdb6b14a8e080a11599f1a1602e37aefc20fdae7a1714b32cfa47c53b39fab623859b949b12becc8bb9ac198fc2b5212811fb60d8fe62ca6

Download Submit
C:\Windows\System\BGQFqAs.exe

Filesize
2.4MB

MD5
60271ad5209b351602940d1f4e7a36ad

SHA1
0bcebda0ed619c6a8da55f7e9d5ecbb6b76610e5

SHA256
7d2fda6cb83f0f449f41fcc3c00c62595cd62841c469f042663e33807fe3fcf4

SHA512
ace2f42d45a5cf77dc709f21a3a8748ff32180ebfef1555b0f1dac29800c1be0999289a06c1f5eb32e8f178514aebe1e1f4e6baf7f403efbe869bda8341ab179

Download Submit
C:\Windows\System\BrsLwRb.exe

Filesize
2.4MB

MD5
27a6f497a350e0fa5f6fa8fa94aa7cf9

SHA1
532d21bff903de8b7af0bd5853d59656a37f4549

SHA256
b1e6c3a3c33eaeb75d45fe9ee13267fa38fea2134c2910b4da801498fbc62334

SHA512
ec889691291fc722e9972c56eb935be685ec89eb3c6f40575b237aafdbdecfa7a20afa85b9068ebb00be9c93c2c1c4a82fa836df93d5760cc3532e2fca03318e

Download Submit
C:\Windows\System\CGlZIKP.exe

Filesize
2.4MB

MD5
5d65561cdd74d53adf6937f3c00e10cd

SHA1
55db0155f43cc13d8e27eeacbcfa62756683bd5d

SHA256
3a8daf49f878541414465b37735e2b6afa0c1e7eb18718611dd37a8d05ae2ee5

SHA512
5af275cba5bb116fd2c144ae98cd04d0250de0087d80eb6fc31c55926d80d1bf51244d73db9c64192bc3db6a4e3d1489272fe6412e39930491ae2a9902f194cb

Download Submit
C:\Windows\System\ElDDSxx.exe

Filesize
2.4MB

MD5
561dcec732cade528b43e2c9dad5f15e

SHA1
c1f5eb9b0912e007c434c191ce5a2c8f08d90b86

SHA256
542a56eaa3d634fbf43ed26ef7827cdffaf5d4dc3da7a84c7729a115ab365442

SHA512
d6c4f96a28b4aa7dd9c4df3686be67ee92f16934947f2809d34c6b96c8d2e9355dbd8b973189fb5ff29738939294576f3253cfea30e377852683b36240377c3a

Download Submit
C:\Windows\System\GjDlNNb.exe

Filesize
2.4MB

MD5
665c486dd4ec7b3e85f57416d82578f3

SHA1
ff958586f0236acb3023f831a54427b5f3f446c5

SHA256
e6b9d7ae1e1e92147f8702a8e48b068f5c78af6c66bd2fb8420eb87a1f84174b

SHA512
9b225f49416538436716ef0dbf487886409812158d9e232655eee4f9ec66296daedefec7dfcd1da3fbb18e9b75a26eceb6304abdd0c8277337584039911690f0

Download Submit
C:\Windows\System\HUdBgQn.exe

Filesize
2.4MB

MD5
58c4c9db20c46819b888251eb6b16241

SHA1
a51b60d18dc7084b05024fd89b16dfbb4b0d62f7

SHA256
8d76787ebb1f26cc080b133425d58c76f8d66512ea1211755aa93a37db1def18

SHA512
930dccd419e303542d7a4c4112186833e6878c1ff455696aa1c48aa09c3ef7c6fc819283802e495c80d28d996ed611257ab19f38c4a96d2c4aaff6998840640c

Download Submit
C:\Windows\System\IzIdCcY.exe

Filesize
2.4MB

MD5
67e7b50e37389e36629be4d54118cbd6

SHA1
54f58a991496f8d8a1301fb399e4488006f41661

SHA256
fd73a9453a1ab1d37467e38e8e0a8460a2ed00b0f60fe3b5262474ffbca0b332

SHA512
2bfa48c4e492f7c4eb17bf19d734e8a2bcda2d249c9948ef97d78bf9d034d4bc6f19ac7696084053a53a6d2b22642dfd959e8ee368afc0accb6f1540f5b36193

Download Submit
C:\Windows\System\JtHdDMC.exe

Filesize
2.4MB

MD5
83c3423e20940cf5ffeed0824e68a820

SHA1
456d0c20a37f7b576b1e58c5106dc4fbd1d76703

SHA256
d87b07ee01cb8ad90728d63dbbd4e0918b091c9558738781520f35cbbd8f921d

SHA512
bc6c949107ec1544afce614f08ed0e7f89249e9c6c03491103857bc0d2dda8b1ef384a5e8173c0e185981bcb80d3c61c2a4f6c362abd55aefdcf4eeea67d8315

Download Submit
C:\Windows\System\JxjULmT.exe

Filesize
2.4MB

MD5
62e896cb98c9dca702e8454f7200a1dc

SHA1
4aea03c79311d50710d6b5a975fda66727a5b14f

SHA256
27d020ce26930e2a2466da0651d85876347ad6b34c2e7e27694499e939aabbcd

SHA512
5be14aa72c396c39c2db1734dcba035cb8decc116b611793ff4a4ee762b197e54db202c9db51785875e84ab06e6562c4ed81e9450e7ab3a37e6de766c1762ac0

Download Submit
C:\Windows\System\OsqpPuI.exe

Filesize
2.4MB

MD5
d4dae3ea7618d2ac3016353657282da4

SHA1
b81d127ad7c1761960d3899b9c1ff200ee43c360

SHA256
594d3dcbe3ab29764443a8cb9f3c2c3ab812950565700d713790c8c675b10b45

SHA512
5012e811ba71b0497ed45f714c4715018b50ca1ac76e6c93525c306bb9b1b2ff3c52ad74168bd44ccaecaf0096776c1c8beaca35533ee00383c2872426d533e1

Download Submit
C:\Windows\System\VaSsxvZ.exe

Filesize
2.4MB

MD5
75893f31b249ae218aedbd656b53e523

SHA1
1e7c5531986c19283460851a7704a2a68bdfebc8

SHA256
8ffcc5fbef151bdaf0ad78dee9cdf4afdb298120ebc7af4aaa15712e155f31f2

SHA512
faec3c5e8b61b1b0bba110aa602a3ed204adc7c9dbe01e93ea1bc7f471c3d9db652062995ceafad4e82e4f29b2486668ac60081b0a2f713a83dd26dfa7d686d2

Download Submit
C:\Windows\System\XkbdDIH.exe

Filesize
2.4MB

MD5
ba4978e1b1d4ada8ee5512a9efb505fc

SHA1
72e53d1d4545e4e7372a009979c53801113717a9

SHA256
828654e32fc3b7e3aa54d3d78e926fdec3cdf4b7e09671ac45435b3c3d41c928

SHA512
1555f8883657c9e3f0c5d7b924fcfbb43f8ce5275a208fa54c929280c39020a9ffcf5962b5c8d54687b010dde45543aa12982a62fa2f71a5df17d70a4d537bc7

Download Submit
C:\Windows\System\XmEauuC.exe

Filesize
2.4MB

MD5
32c412245c50572039643124c2ae44e4

SHA1
59d366e1ed172835ab6664be84e0fa18eafb2bfb

SHA256
7dc807e39258d49cf897f871bbcfa4b2faa28bab24daedfd3bc9578515ffe0fc

SHA512
ccc54afacfa7801095022c63cd7db49ad7ba095b3c6368c06682c03da05fec741a20ab6402e0c5e21f36333234462bf43997d1a7314157a0efe47039c8f5edf2

Download Submit
C:\Windows\System\afwekVd.exe

Filesize
2.4MB

MD5
769275622d3c22b7f3a1ef2c094174f8

SHA1
ad77de9f22b95736375185734be23db91e17c8ee

SHA256
79189f49f96cb3246c604c8f6d0a10441aefb1e4f40d627fccd235d4ce4d5ba4

SHA512
098b8644e3a5d57b688c695412ae5c047dd075cd18ea11e163108943cb07fe49304e64b8fe6826b78eed54790e2cd6e20f8beee83e46708573fa6c57ad0a4b85

Download Submit
C:\Windows\System\bCQgUco.exe

Filesize
2.4MB

MD5
0091a553f9f2ca9f0aa782b924e42046

SHA1
4167b27058d4569098ef8ef3c2383ddde5d6e8f1

SHA256
bb38686d949ea077f2e20ed23033e5b3871e34bc5d0541bee3b95b499ac4e3f0

SHA512
585e46ddeddc93bca83a01fcaafd643cf025ebe4c564fbab8c952ed40a424ab0a6b9d89df811285e1e57cb06dbb9d9e336562f560e3d074ffcf817def5ad131c

Download Submit
C:\Windows\System\bbmyjfE.exe

Filesize
2.4MB

MD5
a635e742e9d2a49dc873f7dbc09d12a7

SHA1
264c70f0f157a83d335e168063b191b4dd9a053e

SHA256
9101ac81695732dd6a75568bc85d8d61b51ea774b61b2f28b14a3e394c7c2b4d

SHA512
aa0dd15f5f78829c07c7237bc03e89e6b9f68d5b3c48412a57ce825fa2296241190d83409e3a489dc56189dad77047d325af1d70b640fe1bbf98cfc99327a201

Download Submit
C:\Windows\System\bccVXqw.exe

Filesize
2.4MB

MD5
c017c5cfe1a0d75e3eb0cd6170844a94

SHA1
1cee804b72ec83968fcff86a83cf4a107c987949

SHA256
7d43f99e97e13f43c05c8be25f10c0e5756988805e014945975468a32b8e9f38

SHA512
c109eb37b9479d35f96de6dd70a190dcf95af67831cb62a044388dc0caae024990bcd94f92ed9608d94e80cf45d8f7e6fe9bc054534e51febe1163e7d99b0ec0

Download Submit
C:\Windows\System\cxjQjbx.exe

Filesize
2.4MB

MD5
0115ac4c2ca8fcb9882131fe83203ff4

SHA1
233b3455dfd0fd78f3c80a06a8b10f24bf8c30de

SHA256
1742ce4995d4a8624632eeaadf5c25d3c56df5bceb0a0538284fdcfcbe991706

SHA512
73189c4ca495aa6bde17a6d93a45a03efde4bf7230ea9c8cd164130e64cc72058714e4c410452e8c6f56416f51d921401efa5313ec751413f8c39ddff14e18d2

Download Submit
C:\Windows\System\dgBDSNT.exe

Filesize
2.4MB

MD5
0ea801c1bfe6ae70ab6bba2e0e1c8920

SHA1
d5a7dcbfa1c58d85f0af3226bb2132975d670663

SHA256
23526ed983df19e8b6a4a8229196c9e2533e849696be2e377c45b3cebfea06b2

SHA512
6a63cc114c4155f5f12d0929f7c2f1eaf9797f16a46208dd6e4f8cca529faef21659a799930196b4afcfc2b4b4c408721b3cd78be6cef4fac8b9f11e1a89f75d

Download Submit
C:\Windows\System\fiabjhr.exe

Filesize
2.4MB

MD5
212d4f7e0869e4fce6ff2529721e5dd5

SHA1
35312c247fea1920b1ec33317da37ebfc776183b

SHA256
44ffb858232813de685189a01d66b3615f730148f0a6c94ca8d4d9e121b5b46b

SHA512
092ee314dbd82952d1513f65abba49fc22cddbca4e698bb68b3585156e2f9f5e31c8434e5c7bae9b302695047781c43d99364f248ec0f9bef9f632f5e7091d9c

Download Submit
C:\Windows\System\iYfYvmZ.exe

Filesize
2.4MB

MD5
bcd7b14cc61615450a3a05b1ce750949

SHA1
221a1ffae9590d333041958088d3d04541201c68

SHA256
ed19258787e54841bdfe9d618280432d6b3eb0c17c78deec53cb3e4ca84401bf

SHA512
b38f3b9134827dc380caaa0f04d7160b1d64f139602e68510d5f423b779d9f8bb383662462c37caa836c9b491fd93e26a00cc1beef113e914fc7b1c2b043740f

Download Submit
C:\Windows\System\ihqgeYB.exe

Filesize
2.4MB

MD5
0cd214e46860b7a0996526a41eacd29f

SHA1
a61618f11e60bb38aed61e087db6c5976c370730

SHA256
f6dd0a57ac24ea8b86c285a44abc278c281df60a0ca1e2ae40e7f7c6663e2f0c

SHA512
d231818a8751e52d045c2285c505a359adf545043cc76ec310ae231ff39bf78b61181b6c48245a0992263fbf70dcf9c143adc6cfa474614ff210311119e26279

Download Submit
C:\Windows\System\kvwSrzJ.exe

Filesize
2.4MB

MD5
c51bcebaf9c715f4ce0300af80e5efdf

SHA1
90a298fbff10017a17f83b1e2d810b59cae9265b

SHA256
44e9470c836605e8d5aa5dac7414ab3765db0c0bf7fdcbbd60ff17640cd4f327

SHA512
19ba89d3ad70070d96e041a3126beacf28e7fcce8b840c9d1a026ba4f23b0ce69569dbc44e96c6a7bbc137d2a55371f5a9835ec25c6b6d29fb34219f7acada44

Download Submit
C:\Windows\System\pIfXEmI.exe

Filesize
2.4MB

MD5
4d065e3e73b8d05d596e2a44b93513f2

SHA1
b167ab5f5fdd1c7fecc186ec35a25c04471fdad3

SHA256
63cbe74b9eec4316c013236985a25204019d5070d16bb858e7e61c2c1bea549e

SHA512
3b2f18c4364704ba99fd01a122bdff7a3c712a65c648150d5cd0de858fa2584b3e36ec679206b56d82be25379fcd79c7f670abb2fdcceb0c63af7adc2f0fe0f3

Download Submit
C:\Windows\System\pUfUKCP.exe

Filesize
2.4MB

MD5
33607f6f74aeace6fb37fa2e8de0b6c7

SHA1
c8677324e3d13baf7eaab62ce82699bd9ae9718c

SHA256
77031365d03012beee752aa737fa8cb85ef143199217eb8bdecc040380428063

SHA512
d96c7e07d2681867d41361898642bad9887420791213aac8e578b05921434ba2b8414bdeaaa52cb8c00bddc31eb2f8cf07afd32dad3b1b3aa35292583d786571

Download Submit
C:\Windows\System\pjTAvnu.exe

Filesize
2.4MB

MD5
fef95ac3b6a3f9e783811eddd957b427

SHA1
c01843c77bb0a50846d97bc8a30603b7f3232065

SHA256
c9a8b4cc2241cdd079f29844d7d738a32f807052f2df3f7ca92009bc7363c27c

SHA512
0ab7a91d6e21db501db7aaad8ded44e9f8190f4758799c83f8a00bbb67c3c240ed8a7611c213a22c49667a96fdfc919b2747ebb72aa355fb3d24c12f8b5c9de9

Download Submit
C:\Windows\System\qDdOUuA.exe

Filesize
2.4MB

MD5
144c2c95996baba7b759af3a6bd1b137

SHA1
38d069cae4b3e2f261fc4a1f093d0ef2129578b3

SHA256
9577ea7632711db4ec3201bb911f32c494b40d1fb0774aa9f8c90a3c3ae35223

SHA512
4e607cabacf9639c0c4b0ba7e28b94397e0d5dd6698aaf54f1c95900ae1e5f06cfb5e7e84f51ed04fe73cf75a1dfc0b7db0838e7fd712db483a98b101085fd29

Download Submit
C:\Windows\System\rGYconI.exe

Filesize
2.4MB

MD5
96f16830a1e37b560bab480e3079fbfd

SHA1
a89d84bb10756a02f976ae8a53ae91e5337d1ca3

SHA256
9cf27690ff26acec87f84648c67e5e10f0f6c0e90f543333ecbf1ad128de3765

SHA512
752c84c77a0516bb073ad8c98cb6ed9b8ee46025d4e53cf9dac714832606e9687e4259f4977f85aa094aa30d4110e473eeabd321928422eb54182298b161b722

Download Submit
C:\Windows\System\yjgSCok.exe

Filesize
2.4MB

MD5
65235698c45c0f4baa177769d8d3a77c

SHA1
5ebac53c0cfa634c08eed957ebbded7aae1615e5

SHA256
71c4cab716e8209aa1b23e25347d431e1de2af6e5c9522f3c1c216ca12772357

SHA512
bef036c6001e6c392357cd0ddaafc77f96c70410023182f5e7809cc3b08d26a7608ba073f992fbb0730de73678b859a2cba55f2428f99e388f822d8602b15617

Download Submit
C:\Windows\System\yodZUhb.exe

Filesize
2.4MB

MD5
ff7e640fbcd11b0785f686ddace0ad9c

SHA1
7c6f0d781c3e164dfe123a69debbbbc116c95902

SHA256
b27299f8900fc5c8bafc29e2117eb561a59d3c76a0f29988cb60100844dbdf28

SHA512
a4b4cc66570aa57edb76bed8c7c65da21cad57d4ba74acf2ef1ca7968b28e7f0eefe6e137bf0ba4eff3265f72dd03f51671f983aa5be6d5cf0e03884329e8724

Download Submit
C:\Windows\System\zygJgXC.exe

Filesize
2.4MB

MD5
950b8a08a78df067f071f78623e855ed

SHA1
7f9d8c6edd9d65a4872be2cf77ffd29fd2af8ec7

SHA256
398eb89c41f1df6496fe7872ca4a2cf48cca3fddbf83d60f4a0ec70e537eb5ae

SHA512
f92f5e5cce7ba10db7b127c4f037b7a822d7ff79524d7d68de48d140dd8ccebe514bcd5d894988e41812277dca9202c4dba44c4f55b9c6b7df17362085283a4c

Download Submit
memory/620-2160-0x00007FF6A0250000-0x00007FF6A05A4000-memory.dmp

Filesize
3.3MB

Download
memory/620-828-0x00007FF6A0250000-0x00007FF6A05A4000-memory.dmp

Filesize
3.3MB

Download
memory/676-2167-0x00007FF7EB640000-0x00007FF7EB994000-memory.dmp

Filesize
3.3MB

Download
memory/676-854-0x00007FF7EB640000-0x00007FF7EB994000-memory.dmp

Filesize
3.3MB

Download
memory/1544-2169-0x00007FF6D1730000-0x00007FF6D1A84000-memory.dmp

Filesize
3.3MB

Download
memory/1544-904-0x00007FF6D1730000-0x00007FF6D1A84000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2180-0x00007FF698490000-0x00007FF6987E4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-861-0x00007FF698490000-0x00007FF6987E4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-2163-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-838-0x00007FF69FA70000-0x00007FF69FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-2170-0x00007FF689BF0000-0x00007FF689F44000-memory.dmp

Filesize
3.3MB

Download
memory/1988-879-0x00007FF689BF0000-0x00007FF689F44000-memory.dmp

Filesize
3.3MB

Download
memory/2168-895-0x00007FF79E200000-0x00007FF79E554000-memory.dmp

Filesize
3.3MB

Download
memory/2168-2179-0x00007FF79E200000-0x00007FF79E554000-memory.dmp

Filesize
3.3MB

Download
memory/2528-914-0x00007FF6275E0000-0x00007FF627934000-memory.dmp

Filesize
3.3MB

Download
memory/2528-2182-0x00007FF6275E0000-0x00007FF627934000-memory.dmp

Filesize
3.3MB

Download
memory/2624-2166-0x00007FF62FE10000-0x00007FF630164000-memory.dmp

Filesize
3.3MB

Download
memory/2624-843-0x00007FF62FE10000-0x00007FF630164000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2184-0x00007FF7148B0000-0x00007FF714C04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-915-0x00007FF7148B0000-0x00007FF714C04000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2176-0x00007FF7ECA60000-0x00007FF7ECDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-918-0x00007FF7ECA60000-0x00007FF7ECDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-2168-0x00007FF7A3A70000-0x00007FF7A3DC4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-913-0x00007FF7A3A70000-0x00007FF7A3DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-920-0x00007FF65B670000-0x00007FF65B9C4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-2177-0x00007FF65B670000-0x00007FF65B9C4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-840-0x00007FF6B4630000-0x00007FF6B4984000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2165-0x00007FF6B4630000-0x00007FF6B4984000-memory.dmp

Filesize
3.3MB

Download
memory/3196-911-0x00007FF6A0310000-0x00007FF6A0664000-memory.dmp

Filesize
3.3MB

Download
memory/3196-2172-0x00007FF6A0310000-0x00007FF6A0664000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2157-0x00007FF7110A0000-0x00007FF7113F4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-17-0x00007FF7110A0000-0x00007FF7113F4000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2155-0x00007FF79B090000-0x00007FF79B3E4000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2159-0x00007FF79B090000-0x00007FF79B3E4000-memory.dmp

Filesize
3.3MB

Download
memory/3248-20-0x00007FF79B090000-0x00007FF79B3E4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-822-0x00007FF634AA0000-0x00007FF634DF4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2164-0x00007FF634AA0000-0x00007FF634DF4000-memory.dmp

Filesize
3.3MB

Download
memory/3332-2173-0x00007FF75CAC0000-0x00007FF75CE14000-memory.dmp

Filesize
3.3MB

Download
memory/3332-916-0x00007FF75CAC0000-0x00007FF75CE14000-memory.dmp

Filesize
3.3MB

Download
memory/3344-2156-0x00007FF7A1430000-0x00007FF7A1784000-memory.dmp

Filesize
3.3MB

Download
memory/3344-8-0x00007FF7A1430000-0x00007FF7A1784000-memory.dmp

Filesize
3.3MB

Download
memory/3480-2181-0x00007FF6A4980000-0x00007FF6A4CD4000-memory.dmp

Filesize
3.3MB

Download
memory/3480-917-0x00007FF6A4980000-0x00007FF6A4CD4000-memory.dmp

Filesize
3.3MB

Download
memory/3772-1-0x00000272EF420000-0x00000272EF430000-memory.dmp

Filesize
64KB

Download
memory/3772-0-0x00007FF6BCBA0000-0x00007FF6BCEF4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-29-0x00007FF6C0280000-0x00007FF6C05D4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-2158-0x00007FF6C0280000-0x00007FF6C05D4000-memory.dmp

Filesize
3.3MB

Download
memory/3980-2175-0x00007FF69DD00000-0x00007FF69E054000-memory.dmp

Filesize
3.3MB

Download
memory/3980-919-0x00007FF69DD00000-0x00007FF69E054000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2174-0x00007FF6C05B0000-0x00007FF6C0904000-memory.dmp

Filesize
3.3MB

Download
memory/4396-872-0x00007FF6C05B0000-0x00007FF6C0904000-memory.dmp

Filesize
3.3MB

Download
memory/4504-832-0x00007FF65F3D0000-0x00007FF65F724000-memory.dmp

Filesize
3.3MB

Download
memory/4504-2161-0x00007FF65F3D0000-0x00007FF65F724000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2183-0x00007FF74EC90000-0x00007FF74EFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-857-0x00007FF74EC90000-0x00007FF74EFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4728-32-0x00007FF616B80000-0x00007FF616ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4728-2162-0x00007FF616B80000-0x00007FF616ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-887-0x00007FF790970000-0x00007FF790CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2171-0x00007FF790970000-0x00007FF790CC4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-2178-0x00007FF7DEC90000-0x00007FF7DEFE4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-881-0x00007FF7DEC90000-0x00007FF7DEFE4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads