xmrig | ef656df45908521daeaf47f839f6d747ce341de925c0392602994c4d1d33c585

Analysis

max time kernel
137s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
Size

2.2MB
MD5

22a43209ab55927d26db0095d7854e60
SHA1

c12e877d5ed777b0c24b850458e1d3acd8e686bb
SHA256

ef656df45908521daeaf47f839f6d747ce341de925c0392602994c4d1d33c585
SHA512

939c58e3b0e53d98d92b27e2ee862e3367de1bdf149c1499cac93120ca5e3a4143d6e41ad50de51f597ceecbfd075aaec99e55914faf5f60dbe8eda0a959c402
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEd2EiTgc:BemTLkNdfE0pZrV56utga

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1240-0-0x00007FF6F8360000-0x00007FF6F86B4000-memory.dmp	xmrig
behavioral2/files/0x0006000000023288-4.dat	xmrig
behavioral2/memory/3772-10-0x00007FF6193E0000-0x00007FF619734000-memory.dmp	xmrig
behavioral2/files/0x000800000002340c-11.dat	xmrig
behavioral2/files/0x0007000000023410-9.dat	xmrig
behavioral2/memory/4996-16-0x00007FF6E4B80000-0x00007FF6E4ED4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-24.dat	xmrig
behavioral2/files/0x0007000000023413-29.dat	xmrig
behavioral2/files/0x0007000000023414-32.dat	xmrig
behavioral2/memory/4076-35-0x00007FF629380000-0x00007FF6296D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-40.dat	xmrig
behavioral2/memory/3868-36-0x00007FF6746D0000-0x00007FF674A24000-memory.dmp	xmrig
behavioral2/memory/748-28-0x00007FF679880000-0x00007FF679BD4000-memory.dmp	xmrig
behavioral2/memory/3364-22-0x00007FF6A0ED0000-0x00007FF6A1224000-memory.dmp	xmrig
behavioral2/memory/2448-44-0x00007FF7551E0000-0x00007FF755534000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-47.dat	xmrig
behavioral2/files/0x000800000002340d-52.dat	xmrig
behavioral2/files/0x0007000000023418-59.dat	xmrig
behavioral2/files/0x0007000000023419-63.dat	xmrig
behavioral2/files/0x000700000002341a-76.dat	xmrig
behavioral2/files/0x000700000002341c-78.dat	xmrig
behavioral2/memory/1240-82-0x00007FF6F8360000-0x00007FF6F86B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-79.dat	xmrig
behavioral2/files/0x000700000002341d-85.dat	xmrig
behavioral2/files/0x000700000002341e-100.dat	xmrig
behavioral2/files/0x000700000002341f-107.dat	xmrig
behavioral2/files/0x0007000000023422-115.dat	xmrig
behavioral2/files/0x0007000000023423-127.dat	xmrig
behavioral2/files/0x0007000000023426-142.dat	xmrig
behavioral2/memory/3820-520-0x00007FF7D6460000-0x00007FF7D67B4000-memory.dmp	xmrig
behavioral2/memory/3084-522-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp	xmrig
behavioral2/memory/4832-521-0x00007FF7CAFC0000-0x00007FF7CB314000-memory.dmp	xmrig
behavioral2/memory/1808-519-0x00007FF6A3D00000-0x00007FF6A4054000-memory.dmp	xmrig
behavioral2/memory/4416-523-0x00007FF701B30000-0x00007FF701E84000-memory.dmp	xmrig
behavioral2/memory/4072-524-0x00007FF7075D0000-0x00007FF707924000-memory.dmp	xmrig
behavioral2/memory/1536-526-0x00007FF7AB120000-0x00007FF7AB474000-memory.dmp	xmrig
behavioral2/memory/4212-528-0x00007FF78C940000-0x00007FF78CC94000-memory.dmp	xmrig
behavioral2/memory/2888-527-0x00007FF660BF0000-0x00007FF660F44000-memory.dmp	xmrig
behavioral2/memory/1764-529-0x00007FF6322F0000-0x00007FF632644000-memory.dmp	xmrig
behavioral2/memory/1768-525-0x00007FF718AC0000-0x00007FF718E14000-memory.dmp	xmrig
behavioral2/memory/3868-1277-0x00007FF6746D0000-0x00007FF674A24000-memory.dmp	xmrig
behavioral2/files/0x000700000002342f-182.dat	xmrig
behavioral2/files/0x000700000002342e-179.dat	xmrig
behavioral2/files/0x000700000002342d-177.dat	xmrig
behavioral2/files/0x000700000002342c-173.dat	xmrig
behavioral2/files/0x000700000002342b-168.dat	xmrig
behavioral2/files/0x000700000002342a-163.dat	xmrig
behavioral2/files/0x0007000000023429-157.dat	xmrig
behavioral2/files/0x0007000000023428-153.dat	xmrig
behavioral2/files/0x0007000000023427-148.dat	xmrig
behavioral2/files/0x0007000000023425-138.dat	xmrig
behavioral2/files/0x0007000000023424-133.dat	xmrig
behavioral2/files/0x0007000000023420-118.dat	xmrig
behavioral2/files/0x0007000000023421-116.dat	xmrig
behavioral2/memory/4580-111-0x00007FF6004F0000-0x00007FF600844000-memory.dmp	xmrig
behavioral2/memory/60-105-0x00007FF6886E0000-0x00007FF688A34000-memory.dmp	xmrig
behavioral2/memory/1848-104-0x00007FF7C68C0000-0x00007FF7C6C14000-memory.dmp	xmrig
behavioral2/memory/3972-93-0x00007FF7C4BE0000-0x00007FF7C4F34000-memory.dmp	xmrig
behavioral2/memory/3168-89-0x00007FF622870000-0x00007FF622BC4000-memory.dmp	xmrig
behavioral2/memory/1628-87-0x00007FF695A70000-0x00007FF695DC4000-memory.dmp	xmrig
behavioral2/memory/2160-77-0x00007FF7760B0000-0x00007FF776404000-memory.dmp	xmrig
behavioral2/memory/3936-72-0x00007FF7E1870000-0x00007FF7E1BC4000-memory.dmp	xmrig
behavioral2/memory/2040-67-0x00007FF6FF850000-0x00007FF6FFBA4000-memory.dmp	xmrig
behavioral2/memory/1408-62-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3772	IXgyQUy.exe
4996	NmBYcqb.exe
3364	ojvPwET.exe
748	SAuNuuT.exe
4076	rWmilvv.exe
3868	oDLGzJH.exe
2448	nrzQyGP.exe
2276	pllzwzA.exe
1408	yRILNIh.exe
3936	HjuPrby.exe
2040	JCxeXir.exe
2160	pOLedpM.exe
1628	xdJdovo.exe
3168	dFQtjdT.exe
1848	EnwmKzp.exe
3972	EqHuWVD.exe
60	zkibrmV.exe
4580	bkeqvxu.exe
1808	ujuNUFH.exe
3820	eMOoSeo.exe
4832	pZfIUlp.exe
3084	DxaBDjY.exe
4416	lqagOVo.exe
4072	jRvIMxG.exe
1768	YZASzWe.exe
1536	DVJrJZh.exe
2888	KunPQoS.exe
4212	CfthMhd.exe
1764	gVvxJQb.exe
2044	wZJQHEm.exe
1080	KgJlaeg.exe
4376	gqNejfX.exe
3172	eckVEKO.exe
4836	uxlrrSY.exe
440	xAGRvHJ.exe
228	BVAljUm.exe
4040	xnZhVTS.exe
4780	iMxNjjL.exe
3156	MdXRUlC.exe
3944	GtWCFXZ.exe
4324	gVoUtpp.exe
3064	XoOQGOt.exe
2020	bpEgkXD.exe
920	KyCCblQ.exe
1484	MdURISF.exe
2224	lJZfpCa.exe
2848	nzXsZrz.exe
5028	GxiVRvP.exe
968	sHnsVjn.exe
2876	JSouieC.exe
4036	eAEVjlB.exe
3188	RMnDCFO.exe
632	ZFWIYRo.exe
4476	BcGHVPr.exe
1516	wDHsoHE.exe
3600	BcTghBR.exe
1948	ROmUAMI.exe
2688	tcAAwrb.exe
400	aXpwSkt.exe
4808	yTeNUnn.exe
2652	oMJbieX.exe
1268	WkhBErJ.exe
1660	IGKBXIc.exe
1804	drvWkqn.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1240-0-0x00007FF6F8360000-0x00007FF6F86B4000-memory.dmp	upx
behavioral2/files/0x0006000000023288-4.dat	upx
behavioral2/memory/3772-10-0x00007FF6193E0000-0x00007FF619734000-memory.dmp	upx
behavioral2/files/0x000800000002340c-11.dat	upx
behavioral2/files/0x0007000000023410-9.dat	upx
behavioral2/memory/4996-16-0x00007FF6E4B80000-0x00007FF6E4ED4000-memory.dmp	upx
behavioral2/files/0x0007000000023412-24.dat	upx
behavioral2/files/0x0007000000023413-29.dat	upx
behavioral2/files/0x0007000000023414-32.dat	upx
behavioral2/memory/4076-35-0x00007FF629380000-0x00007FF6296D4000-memory.dmp	upx
behavioral2/files/0x0007000000023415-40.dat	upx
behavioral2/memory/3868-36-0x00007FF6746D0000-0x00007FF674A24000-memory.dmp	upx
behavioral2/memory/748-28-0x00007FF679880000-0x00007FF679BD4000-memory.dmp	upx
behavioral2/memory/3364-22-0x00007FF6A0ED0000-0x00007FF6A1224000-memory.dmp	upx
behavioral2/memory/2448-44-0x00007FF7551E0000-0x00007FF755534000-memory.dmp	upx
behavioral2/files/0x0007000000023416-47.dat	upx
behavioral2/files/0x000800000002340d-52.dat	upx
behavioral2/files/0x0007000000023418-59.dat	upx
behavioral2/files/0x0007000000023419-63.dat	upx
behavioral2/files/0x000700000002341a-76.dat	upx
behavioral2/files/0x000700000002341c-78.dat	upx
behavioral2/memory/1240-82-0x00007FF6F8360000-0x00007FF6F86B4000-memory.dmp	upx
behavioral2/files/0x000700000002341b-79.dat	upx
behavioral2/files/0x000700000002341d-85.dat	upx
behavioral2/files/0x000700000002341e-100.dat	upx
behavioral2/files/0x000700000002341f-107.dat	upx
behavioral2/files/0x0007000000023422-115.dat	upx
behavioral2/files/0x0007000000023423-127.dat	upx
behavioral2/files/0x0007000000023426-142.dat	upx
behavioral2/memory/3820-520-0x00007FF7D6460000-0x00007FF7D67B4000-memory.dmp	upx
behavioral2/memory/3084-522-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp	upx
behavioral2/memory/4832-521-0x00007FF7CAFC0000-0x00007FF7CB314000-memory.dmp	upx
behavioral2/memory/1808-519-0x00007FF6A3D00000-0x00007FF6A4054000-memory.dmp	upx
behavioral2/memory/4416-523-0x00007FF701B30000-0x00007FF701E84000-memory.dmp	upx
behavioral2/memory/4072-524-0x00007FF7075D0000-0x00007FF707924000-memory.dmp	upx
behavioral2/memory/1536-526-0x00007FF7AB120000-0x00007FF7AB474000-memory.dmp	upx
behavioral2/memory/4212-528-0x00007FF78C940000-0x00007FF78CC94000-memory.dmp	upx
behavioral2/memory/2888-527-0x00007FF660BF0000-0x00007FF660F44000-memory.dmp	upx
behavioral2/memory/1764-529-0x00007FF6322F0000-0x00007FF632644000-memory.dmp	upx
behavioral2/memory/1768-525-0x00007FF718AC0000-0x00007FF718E14000-memory.dmp	upx
behavioral2/memory/3868-1277-0x00007FF6746D0000-0x00007FF674A24000-memory.dmp	upx
behavioral2/files/0x000700000002342f-182.dat	upx
behavioral2/files/0x000700000002342e-179.dat	upx
behavioral2/files/0x000700000002342d-177.dat	upx
behavioral2/files/0x000700000002342c-173.dat	upx
behavioral2/files/0x000700000002342b-168.dat	upx
behavioral2/files/0x000700000002342a-163.dat	upx
behavioral2/files/0x0007000000023429-157.dat	upx
behavioral2/files/0x0007000000023428-153.dat	upx
behavioral2/files/0x0007000000023427-148.dat	upx
behavioral2/files/0x0007000000023425-138.dat	upx
behavioral2/files/0x0007000000023424-133.dat	upx
behavioral2/files/0x0007000000023420-118.dat	upx
behavioral2/files/0x0007000000023421-116.dat	upx
behavioral2/memory/4580-111-0x00007FF6004F0000-0x00007FF600844000-memory.dmp	upx
behavioral2/memory/60-105-0x00007FF6886E0000-0x00007FF688A34000-memory.dmp	upx
behavioral2/memory/1848-104-0x00007FF7C68C0000-0x00007FF7C6C14000-memory.dmp	upx
behavioral2/memory/3972-93-0x00007FF7C4BE0000-0x00007FF7C4F34000-memory.dmp	upx
behavioral2/memory/3168-89-0x00007FF622870000-0x00007FF622BC4000-memory.dmp	upx
behavioral2/memory/1628-87-0x00007FF695A70000-0x00007FF695DC4000-memory.dmp	upx
behavioral2/memory/2160-77-0x00007FF7760B0000-0x00007FF776404000-memory.dmp	upx
behavioral2/memory/3936-72-0x00007FF7E1870000-0x00007FF7E1BC4000-memory.dmp	upx
behavioral2/memory/2040-67-0x00007FF6FF850000-0x00007FF6FFBA4000-memory.dmp	upx
behavioral2/memory/1408-62-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nPmBKiD.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\svksrCQ.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\GVpkNvq.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\ZWJTZpY.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\oLHwKvw.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\WwEVgVE.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\TryMrzE.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\GJYkixd.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\oMJbieX.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\nEcxPtq.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\aPKHiUe.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\wRzyBLn.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\rOARrzU.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\wRShsih.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\DbKEiQO.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\AqMHwVc.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\IWyqxmI.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\JCxeXir.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\zyeOkks.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\BafUTGe.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\KvfZKrh.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\tguQhGq.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\eEIdqkK.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\TVxigZG.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\gyQIpBc.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\IXgyQUy.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\bkeqvxu.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\SAMNHup.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\nDqQEBq.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\YUsoOUq.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\XaOBaPj.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\zyLmNzt.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\VkTkseP.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\YqzOtay.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\WFEpenA.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\qQGwDWD.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\nfzUcBg.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\ReOEqvY.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\lZKasTj.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\wAKlDdf.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\SIXgCTR.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\ESCJajK.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\tmhWgVb.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\qoJqjQR.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\rKcyLzw.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\TMMzyJe.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\VlUYlkv.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\WVxNpim.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\zIHhvLX.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\xNUBBZE.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\pULSMbz.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\EqHuWVD.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\DxaBDjY.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\sOQLFdJ.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\pmuJzWU.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\BcGHVPr.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\ItlKvKO.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\GxiVRvP.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\drvWkqn.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\FzFVwcS.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\tQHBiFz.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\lohWffV.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\bLJFhwN.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
File created	C:\Windows\System\OSTuZwH.exe	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14352	dwm.exe
Token: SeChangeNotifyPrivilege	14352	dwm.exe
Token: 33	14352	dwm.exe
Token: SeIncBasePriorityPrivilege	14352	dwm.exe
Token: SeShutdownPrivilege	14352	dwm.exe
Token: SeCreatePagefilePrivilege	14352	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 3772	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	83
PID 1240 wrote to memory of 3772	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	83
PID 1240 wrote to memory of 4996	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	84
PID 1240 wrote to memory of 4996	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	84
PID 1240 wrote to memory of 3364	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	85
PID 1240 wrote to memory of 3364	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	85
PID 1240 wrote to memory of 748	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	87
PID 1240 wrote to memory of 748	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	87
PID 1240 wrote to memory of 4076	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	88
PID 1240 wrote to memory of 4076	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	88
PID 1240 wrote to memory of 3868	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	89
PID 1240 wrote to memory of 3868	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	89
PID 1240 wrote to memory of 2448	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	90
PID 1240 wrote to memory of 2448	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	90
PID 1240 wrote to memory of 2276	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	92
PID 1240 wrote to memory of 2276	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	92
PID 1240 wrote to memory of 1408	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	93
PID 1240 wrote to memory of 1408	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	93
PID 1240 wrote to memory of 3936	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	94
PID 1240 wrote to memory of 3936	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	94
PID 1240 wrote to memory of 2040	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	95
PID 1240 wrote to memory of 2040	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	95
PID 1240 wrote to memory of 2160	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	96
PID 1240 wrote to memory of 2160	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	96
PID 1240 wrote to memory of 3168	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	97
PID 1240 wrote to memory of 3168	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	97
PID 1240 wrote to memory of 1628	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	98
PID 1240 wrote to memory of 1628	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	98
PID 1240 wrote to memory of 1848	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	99
PID 1240 wrote to memory of 1848	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	99
PID 1240 wrote to memory of 3972	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	101
PID 1240 wrote to memory of 3972	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	101
PID 1240 wrote to memory of 60	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	102
PID 1240 wrote to memory of 60	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	102
PID 1240 wrote to memory of 4580	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	103
PID 1240 wrote to memory of 4580	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	103
PID 1240 wrote to memory of 1808	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	104
PID 1240 wrote to memory of 1808	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	104
PID 1240 wrote to memory of 3820	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	105
PID 1240 wrote to memory of 3820	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	105
PID 1240 wrote to memory of 4832	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	106
PID 1240 wrote to memory of 4832	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	106
PID 1240 wrote to memory of 3084	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	107
PID 1240 wrote to memory of 3084	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	107
PID 1240 wrote to memory of 4416	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	108
PID 1240 wrote to memory of 4416	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	108
PID 1240 wrote to memory of 4072	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	109
PID 1240 wrote to memory of 4072	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	109
PID 1240 wrote to memory of 1768	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	110
PID 1240 wrote to memory of 1768	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	110
PID 1240 wrote to memory of 1536	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	111
PID 1240 wrote to memory of 1536	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	111
PID 1240 wrote to memory of 2888	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	112
PID 1240 wrote to memory of 2888	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	112
PID 1240 wrote to memory of 4212	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	113
PID 1240 wrote to memory of 4212	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	113
PID 1240 wrote to memory of 1764	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	114
PID 1240 wrote to memory of 1764	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	114
PID 1240 wrote to memory of 2044	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	115
PID 1240 wrote to memory of 2044	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	115
PID 1240 wrote to memory of 1080	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	116
PID 1240 wrote to memory of 1080	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	116
PID 1240 wrote to memory of 4376	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	117
PID 1240 wrote to memory of 4376	1240	22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\22a43209ab55927d26db0095d7854e60_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Windows\System\IXgyQUy.exe
  C:\Windows\System\IXgyQUy.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\NmBYcqb.exe
  C:\Windows\System\NmBYcqb.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\ojvPwET.exe
  C:\Windows\System\ojvPwET.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\SAuNuuT.exe
  C:\Windows\System\SAuNuuT.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\rWmilvv.exe
  C:\Windows\System\rWmilvv.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\oDLGzJH.exe
  C:\Windows\System\oDLGzJH.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\nrzQyGP.exe
  C:\Windows\System\nrzQyGP.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\pllzwzA.exe
  C:\Windows\System\pllzwzA.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\yRILNIh.exe
  C:\Windows\System\yRILNIh.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\HjuPrby.exe
  C:\Windows\System\HjuPrby.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\JCxeXir.exe
  C:\Windows\System\JCxeXir.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\pOLedpM.exe
  C:\Windows\System\pOLedpM.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\dFQtjdT.exe
  C:\Windows\System\dFQtjdT.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\xdJdovo.exe
  C:\Windows\System\xdJdovo.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\EnwmKzp.exe
  C:\Windows\System\EnwmKzp.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\EqHuWVD.exe
  C:\Windows\System\EqHuWVD.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\zkibrmV.exe
  C:\Windows\System\zkibrmV.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\bkeqvxu.exe
  C:\Windows\System\bkeqvxu.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\ujuNUFH.exe
  C:\Windows\System\ujuNUFH.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\eMOoSeo.exe
  C:\Windows\System\eMOoSeo.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\pZfIUlp.exe
  C:\Windows\System\pZfIUlp.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\DxaBDjY.exe
  C:\Windows\System\DxaBDjY.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\lqagOVo.exe
  C:\Windows\System\lqagOVo.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\jRvIMxG.exe
  C:\Windows\System\jRvIMxG.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\YZASzWe.exe
  C:\Windows\System\YZASzWe.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\DVJrJZh.exe
  C:\Windows\System\DVJrJZh.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\KunPQoS.exe
  C:\Windows\System\KunPQoS.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\CfthMhd.exe
  C:\Windows\System\CfthMhd.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\gVvxJQb.exe
  C:\Windows\System\gVvxJQb.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\wZJQHEm.exe
  C:\Windows\System\wZJQHEm.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\KgJlaeg.exe
  C:\Windows\System\KgJlaeg.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\gqNejfX.exe
  C:\Windows\System\gqNejfX.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\eckVEKO.exe
  C:\Windows\System\eckVEKO.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\uxlrrSY.exe
  C:\Windows\System\uxlrrSY.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\xAGRvHJ.exe
  C:\Windows\System\xAGRvHJ.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\BVAljUm.exe
  C:\Windows\System\BVAljUm.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\xnZhVTS.exe
  C:\Windows\System\xnZhVTS.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\iMxNjjL.exe
  C:\Windows\System\iMxNjjL.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\MdXRUlC.exe
  C:\Windows\System\MdXRUlC.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\GtWCFXZ.exe
  C:\Windows\System\GtWCFXZ.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\gVoUtpp.exe
  C:\Windows\System\gVoUtpp.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\XoOQGOt.exe
  C:\Windows\System\XoOQGOt.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\bpEgkXD.exe
  C:\Windows\System\bpEgkXD.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\KyCCblQ.exe
  C:\Windows\System\KyCCblQ.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\MdURISF.exe
  C:\Windows\System\MdURISF.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\lJZfpCa.exe
  C:\Windows\System\lJZfpCa.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\nzXsZrz.exe
  C:\Windows\System\nzXsZrz.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\GxiVRvP.exe
  C:\Windows\System\GxiVRvP.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\sHnsVjn.exe
  C:\Windows\System\sHnsVjn.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\JSouieC.exe
  C:\Windows\System\JSouieC.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\eAEVjlB.exe
  C:\Windows\System\eAEVjlB.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\RMnDCFO.exe
  C:\Windows\System\RMnDCFO.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\ZFWIYRo.exe
  C:\Windows\System\ZFWIYRo.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\BcGHVPr.exe
  C:\Windows\System\BcGHVPr.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\wDHsoHE.exe
  C:\Windows\System\wDHsoHE.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\BcTghBR.exe
  C:\Windows\System\BcTghBR.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\ROmUAMI.exe
  C:\Windows\System\ROmUAMI.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\tcAAwrb.exe
  C:\Windows\System\tcAAwrb.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\aXpwSkt.exe
  C:\Windows\System\aXpwSkt.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\yTeNUnn.exe
  C:\Windows\System\yTeNUnn.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\oMJbieX.exe
  C:\Windows\System\oMJbieX.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\WkhBErJ.exe
  C:\Windows\System\WkhBErJ.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\IGKBXIc.exe
  C:\Windows\System\IGKBXIc.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\drvWkqn.exe
  C:\Windows\System\drvWkqn.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\zRwggwb.exe
  C:\Windows\System\zRwggwb.exe
  2⤵
  PID:3024
- C:\Windows\System\WIKdKgS.exe
  C:\Windows\System\WIKdKgS.exe
  2⤵
  PID:944
- C:\Windows\System\KlObTER.exe
  C:\Windows\System\KlObTER.exe
  2⤵
  PID:5012
- C:\Windows\System\oIgTIiy.exe
  C:\Windows\System\oIgTIiy.exe
  2⤵
  PID:560
- C:\Windows\System\WqZybVZ.exe
  C:\Windows\System\WqZybVZ.exe
  2⤵
  PID:4964
- C:\Windows\System\cCUywMA.exe
  C:\Windows\System\cCUywMA.exe
  2⤵
  PID:5136
- C:\Windows\System\jLsqlOC.exe
  C:\Windows\System\jLsqlOC.exe
  2⤵
  PID:5164
- C:\Windows\System\VbzuwuR.exe
  C:\Windows\System\VbzuwuR.exe
  2⤵
  PID:5192
- C:\Windows\System\CsBsVKf.exe
  C:\Windows\System\CsBsVKf.exe
  2⤵
  PID:5220
- C:\Windows\System\XChmDsw.exe
  C:\Windows\System\XChmDsw.exe
  2⤵
  PID:5248
- C:\Windows\System\seXERBp.exe
  C:\Windows\System\seXERBp.exe
  2⤵
  PID:5276
- C:\Windows\System\VupaJLf.exe
  C:\Windows\System\VupaJLf.exe
  2⤵
  PID:5304
- C:\Windows\System\UhVmDtF.exe
  C:\Windows\System\UhVmDtF.exe
  2⤵
  PID:5332
- C:\Windows\System\OwHvUeC.exe
  C:\Windows\System\OwHvUeC.exe
  2⤵
  PID:5360
- C:\Windows\System\rOARrzU.exe
  C:\Windows\System\rOARrzU.exe
  2⤵
  PID:5388
- C:\Windows\System\xontjAm.exe
  C:\Windows\System\xontjAm.exe
  2⤵
  PID:5416
- C:\Windows\System\DMfbFSM.exe
  C:\Windows\System\DMfbFSM.exe
  2⤵
  PID:5444
- C:\Windows\System\xalgPux.exe
  C:\Windows\System\xalgPux.exe
  2⤵
  PID:5472
- C:\Windows\System\XcpcamK.exe
  C:\Windows\System\XcpcamK.exe
  2⤵
  PID:5500
- C:\Windows\System\WwEVgVE.exe
  C:\Windows\System\WwEVgVE.exe
  2⤵
  PID:5528
- C:\Windows\System\MtDkKdm.exe
  C:\Windows\System\MtDkKdm.exe
  2⤵
  PID:5552
- C:\Windows\System\EeBcBGo.exe
  C:\Windows\System\EeBcBGo.exe
  2⤵
  PID:5584
- C:\Windows\System\HxGOrqP.exe
  C:\Windows\System\HxGOrqP.exe
  2⤵
  PID:5620
- C:\Windows\System\nIMEKTi.exe
  C:\Windows\System\nIMEKTi.exe
  2⤵
  PID:5652
- C:\Windows\System\ujUKVRg.exe
  C:\Windows\System\ujUKVRg.exe
  2⤵
  PID:5676
- C:\Windows\System\BafUTGe.exe
  C:\Windows\System\BafUTGe.exe
  2⤵
  PID:5704
- C:\Windows\System\zctmpTX.exe
  C:\Windows\System\zctmpTX.exe
  2⤵
  PID:5732
- C:\Windows\System\rqtoiFD.exe
  C:\Windows\System\rqtoiFD.exe
  2⤵
  PID:5760
- C:\Windows\System\zyiXSTb.exe
  C:\Windows\System\zyiXSTb.exe
  2⤵
  PID:5788
- C:\Windows\System\WPCRBhQ.exe
  C:\Windows\System\WPCRBhQ.exe
  2⤵
  PID:5808
- C:\Windows\System\KZPXcKt.exe
  C:\Windows\System\KZPXcKt.exe
  2⤵
  PID:5836
- C:\Windows\System\KnyItRw.exe
  C:\Windows\System\KnyItRw.exe
  2⤵
  PID:5864
- C:\Windows\System\lsRBldh.exe
  C:\Windows\System\lsRBldh.exe
  2⤵
  PID:5888
- C:\Windows\System\DyNjqIT.exe
  C:\Windows\System\DyNjqIT.exe
  2⤵
  PID:5920
- C:\Windows\System\vGzEHzm.exe
  C:\Windows\System\vGzEHzm.exe
  2⤵
  PID:5944
- C:\Windows\System\eXUNWIg.exe
  C:\Windows\System\eXUNWIg.exe
  2⤵
  PID:5976
- C:\Windows\System\qgtniMC.exe
  C:\Windows\System\qgtniMC.exe
  2⤵
  PID:6004
- C:\Windows\System\VlUYlkv.exe
  C:\Windows\System\VlUYlkv.exe
  2⤵
  PID:6032
- C:\Windows\System\heYMlqu.exe
  C:\Windows\System\heYMlqu.exe
  2⤵
  PID:6060
- C:\Windows\System\FjQkuNm.exe
  C:\Windows\System\FjQkuNm.exe
  2⤵
  PID:6088
- C:\Windows\System\GFBiTrE.exe
  C:\Windows\System\GFBiTrE.exe
  2⤵
  PID:6116
- C:\Windows\System\lBStBlh.exe
  C:\Windows\System\lBStBlh.exe
  2⤵
  PID:1992
- C:\Windows\System\ICPXScz.exe
  C:\Windows\System\ICPXScz.exe
  2⤵
  PID:1644
- C:\Windows\System\fajilIf.exe
  C:\Windows\System\fajilIf.exe
  2⤵
  PID:1264
- C:\Windows\System\XdsKyzC.exe
  C:\Windows\System\XdsKyzC.exe
  2⤵
  PID:1416
- C:\Windows\System\vkSGkbZ.exe
  C:\Windows\System\vkSGkbZ.exe
  2⤵
  PID:5128
- C:\Windows\System\JIpCCCU.exe
  C:\Windows\System\JIpCCCU.exe
  2⤵
  PID:5184
- C:\Windows\System\qLbGWRk.exe
  C:\Windows\System\qLbGWRk.exe
  2⤵
  PID:5240
- C:\Windows\System\zhaarOU.exe
  C:\Windows\System\zhaarOU.exe
  2⤵
  PID:5296
- C:\Windows\System\TryMrzE.exe
  C:\Windows\System\TryMrzE.exe
  2⤵
  PID:5352
- C:\Windows\System\LMqYXev.exe
  C:\Windows\System\LMqYXev.exe
  2⤵
  PID:5428
- C:\Windows\System\geryAXV.exe
  C:\Windows\System\geryAXV.exe
  2⤵
  PID:5488
- C:\Windows\System\flKJGIb.exe
  C:\Windows\System\flKJGIb.exe
  2⤵
  PID:5548
- C:\Windows\System\BfzMkKV.exe
  C:\Windows\System\BfzMkKV.exe
  2⤵
  PID:5616
- C:\Windows\System\LSaqHmH.exe
  C:\Windows\System\LSaqHmH.exe
  2⤵
  PID:5692
- C:\Windows\System\uKPUwrQ.exe
  C:\Windows\System\uKPUwrQ.exe
  2⤵
  PID:5752
- C:\Windows\System\RkKwJVX.exe
  C:\Windows\System\RkKwJVX.exe
  2⤵
  PID:5820
- C:\Windows\System\NzjPOur.exe
  C:\Windows\System\NzjPOur.exe
  2⤵
  PID:404
- C:\Windows\System\dBzVFFV.exe
  C:\Windows\System\dBzVFFV.exe
  2⤵
  PID:5936
- C:\Windows\System\lbKokYm.exe
  C:\Windows\System\lbKokYm.exe
  2⤵
  PID:5996
- C:\Windows\System\REngFBf.exe
  C:\Windows\System\REngFBf.exe
  2⤵
  PID:6052
- C:\Windows\System\ZuOyheP.exe
  C:\Windows\System\ZuOyheP.exe
  2⤵
  PID:6128
- C:\Windows\System\PRaJBcQ.exe
  C:\Windows\System\PRaJBcQ.exe
  2⤵
  PID:788
- C:\Windows\System\SaWKaFS.exe
  C:\Windows\System\SaWKaFS.exe
  2⤵
  PID:4320
- C:\Windows\System\VITvtBZ.exe
  C:\Windows\System\VITvtBZ.exe
  2⤵
  PID:1144
- C:\Windows\System\TzEhDSa.exe
  C:\Windows\System\TzEhDSa.exe
  2⤵
  PID:5348
- C:\Windows\System\YiOeQYS.exe
  C:\Windows\System\YiOeQYS.exe
  2⤵
  PID:5520
- C:\Windows\System\wAKlDdf.exe
  C:\Windows\System\wAKlDdf.exe
  2⤵
  PID:4408
- C:\Windows\System\moBOoEA.exe
  C:\Windows\System\moBOoEA.exe
  2⤵
  PID:5784
- C:\Windows\System\nFsnOhX.exe
  C:\Windows\System\nFsnOhX.exe
  2⤵
  PID:5912
- C:\Windows\System\WkYSdcW.exe
  C:\Windows\System\WkYSdcW.exe
  2⤵
  PID:6044
- C:\Windows\System\QEYYHpy.exe
  C:\Windows\System\QEYYHpy.exe
  2⤵
  PID:872
- C:\Windows\System\SfGaRtn.exe
  C:\Windows\System\SfGaRtn.exe
  2⤵
  PID:5320
- C:\Windows\System\gMRFZlZ.exe
  C:\Windows\System\gMRFZlZ.exe
  2⤵
  PID:5644
- C:\Windows\System\INflqoC.exe
  C:\Windows\System\INflqoC.exe
  2⤵
  PID:5856
- C:\Windows\System\zyeOkks.exe
  C:\Windows\System\zyeOkks.exe
  2⤵
  PID:6152
- C:\Windows\System\ncUSZKK.exe
  C:\Windows\System\ncUSZKK.exe
  2⤵
  PID:6180
- C:\Windows\System\JOsKcAO.exe
  C:\Windows\System\JOsKcAO.exe
  2⤵
  PID:6208
- C:\Windows\System\FGEmfZk.exe
  C:\Windows\System\FGEmfZk.exe
  2⤵
  PID:6232
- C:\Windows\System\gUJHDcR.exe
  C:\Windows\System\gUJHDcR.exe
  2⤵
  PID:6264
- C:\Windows\System\eZExrIk.exe
  C:\Windows\System\eZExrIk.exe
  2⤵
  PID:6292
- C:\Windows\System\zWCtJbj.exe
  C:\Windows\System\zWCtJbj.exe
  2⤵
  PID:6320
- C:\Windows\System\hDmivjB.exe
  C:\Windows\System\hDmivjB.exe
  2⤵
  PID:6408
- C:\Windows\System\xLVDqqd.exe
  C:\Windows\System\xLVDqqd.exe
  2⤵
  PID:6440
- C:\Windows\System\HiVbIiK.exe
  C:\Windows\System\HiVbIiK.exe
  2⤵
  PID:6456
- C:\Windows\System\zzAPFvx.exe
  C:\Windows\System\zzAPFvx.exe
  2⤵
  PID:6508
- C:\Windows\System\HhhZtqa.exe
  C:\Windows\System\HhhZtqa.exe
  2⤵
  PID:6556
- C:\Windows\System\AcDLDpF.exe
  C:\Windows\System\AcDLDpF.exe
  2⤵
  PID:6588
- C:\Windows\System\miMvHCX.exe
  C:\Windows\System\miMvHCX.exe
  2⤵
  PID:6620
- C:\Windows\System\wlHoMHs.exe
  C:\Windows\System\wlHoMHs.exe
  2⤵
  PID:6668
- C:\Windows\System\ljMpQOh.exe
  C:\Windows\System\ljMpQOh.exe
  2⤵
  PID:6704
- C:\Windows\System\PJpYrLT.exe
  C:\Windows\System\PJpYrLT.exe
  2⤵
  PID:6748
- C:\Windows\System\cxDQzTX.exe
  C:\Windows\System\cxDQzTX.exe
  2⤵
  PID:6768
- C:\Windows\System\zwuIAtz.exe
  C:\Windows\System\zwuIAtz.exe
  2⤵
  PID:6808
- C:\Windows\System\wXNleBk.exe
  C:\Windows\System\wXNleBk.exe
  2⤵
  PID:6828
- C:\Windows\System\pDliGrM.exe
  C:\Windows\System\pDliGrM.exe
  2⤵
  PID:6852
- C:\Windows\System\etSLGdy.exe
  C:\Windows\System\etSLGdy.exe
  2⤵
  PID:6892
- C:\Windows\System\IJObIKy.exe
  C:\Windows\System\IJObIKy.exe
  2⤵
  PID:6912
- C:\Windows\System\iuzfKjE.exe
  C:\Windows\System\iuzfKjE.exe
  2⤵
  PID:6956
- C:\Windows\System\VlwmhqM.exe
  C:\Windows\System\VlwmhqM.exe
  2⤵
  PID:6988
- C:\Windows\System\cbucGBG.exe
  C:\Windows\System\cbucGBG.exe
  2⤵
  PID:7028
- C:\Windows\System\giGbEME.exe
  C:\Windows\System\giGbEME.exe
  2⤵
  PID:7076
- C:\Windows\System\dPMobNX.exe
  C:\Windows\System\dPMobNX.exe
  2⤵
  PID:7096
- C:\Windows\System\FyHGDMS.exe
  C:\Windows\System\FyHGDMS.exe
  2⤵
  PID:7124
- C:\Windows\System\yUxolwB.exe
  C:\Windows\System\yUxolwB.exe
  2⤵
  PID:5212
- C:\Windows\System\QEvRuBU.exe
  C:\Windows\System\QEvRuBU.exe
  2⤵
  PID:4640
- C:\Windows\System\uFAFlRi.exe
  C:\Windows\System\uFAFlRi.exe
  2⤵
  PID:6196
- C:\Windows\System\rbcDHiA.exe
  C:\Windows\System\rbcDHiA.exe
  2⤵
  PID:6248
- C:\Windows\System\XaOBaPj.exe
  C:\Windows\System\XaOBaPj.exe
  2⤵
  PID:1364
- C:\Windows\System\bnoZeCW.exe
  C:\Windows\System\bnoZeCW.exe
  2⤵
  PID:6332
- C:\Windows\System\eSHJXXU.exe
  C:\Windows\System\eSHJXXU.exe
  2⤵
  PID:1044
- C:\Windows\System\zoGVxrc.exe
  C:\Windows\System\zoGVxrc.exe
  2⤵
  PID:4160
- C:\Windows\System\NkJipfw.exe
  C:\Windows\System\NkJipfw.exe
  2⤵
  PID:4856
- C:\Windows\System\FDmICEe.exe
  C:\Windows\System\FDmICEe.exe
  2⤵
  PID:2204
- C:\Windows\System\JLOtSEO.exe
  C:\Windows\System\JLOtSEO.exe
  2⤵
  PID:4644
- C:\Windows\System\SIXgCTR.exe
  C:\Windows\System\SIXgCTR.exe
  2⤵
  PID:6428
- C:\Windows\System\lohWffV.exe
  C:\Windows\System\lohWffV.exe
  2⤵
  PID:3788
- C:\Windows\System\wGEywet.exe
  C:\Windows\System\wGEywet.exe
  2⤵
  PID:6496
- C:\Windows\System\YyBCHak.exe
  C:\Windows\System\YyBCHak.exe
  2⤵
  PID:6536
- C:\Windows\System\TyEeStA.exe
  C:\Windows\System\TyEeStA.exe
  2⤵
  PID:1936
- C:\Windows\System\PPFOFjT.exe
  C:\Windows\System\PPFOFjT.exe
  2⤵
  PID:6616
- C:\Windows\System\qnvECWi.exe
  C:\Windows\System\qnvECWi.exe
  2⤵
  PID:6696
- C:\Windows\System\xCTlMmk.exe
  C:\Windows\System\xCTlMmk.exe
  2⤵
  PID:6760
- C:\Windows\System\CqWdQXO.exe
  C:\Windows\System\CqWdQXO.exe
  2⤵
  PID:1772
- C:\Windows\System\pPzhntf.exe
  C:\Windows\System\pPzhntf.exe
  2⤵
  PID:6864
- C:\Windows\System\nPmBKiD.exe
  C:\Windows\System\nPmBKiD.exe
  2⤵
  PID:6980
- C:\Windows\System\ZpdLnxe.exe
  C:\Windows\System\ZpdLnxe.exe
  2⤵
  PID:7060
- C:\Windows\System\vGyltNo.exe
  C:\Windows\System\vGyltNo.exe
  2⤵
  PID:2244
- C:\Windows\System\iWqsflk.exe
  C:\Windows\System\iWqsflk.exe
  2⤵
  PID:468
- C:\Windows\System\NhMpqYx.exe
  C:\Windows\System\NhMpqYx.exe
  2⤵
  PID:6728
- C:\Windows\System\Itswokv.exe
  C:\Windows\System\Itswokv.exe
  2⤵
  PID:6024
- C:\Windows\System\iwfAzaO.exe
  C:\Windows\System\iwfAzaO.exe
  2⤵
  PID:456
- C:\Windows\System\aYHUrDq.exe
  C:\Windows\System\aYHUrDq.exe
  2⤵
  PID:3768
- C:\Windows\System\UwZxdgb.exe
  C:\Windows\System\UwZxdgb.exe
  2⤵
  PID:4948
- C:\Windows\System\XdUbZAs.exe
  C:\Windows\System\XdUbZAs.exe
  2⤵
  PID:6484
- C:\Windows\System\VWSiZoq.exe
  C:\Windows\System\VWSiZoq.exe
  2⤵
  PID:2540
- C:\Windows\System\XTqdeTJ.exe
  C:\Windows\System\XTqdeTJ.exe
  2⤵
  PID:2728
- C:\Windows\System\BkbChDO.exe
  C:\Windows\System\BkbChDO.exe
  2⤵
  PID:6844
- C:\Windows\System\UFYANwr.exe
  C:\Windows\System\UFYANwr.exe
  2⤵
  PID:7024
- C:\Windows\System\IreUVaq.exe
  C:\Windows\System\IreUVaq.exe
  2⤵
  PID:1700
- C:\Windows\System\XYJRvue.exe
  C:\Windows\System\XYJRvue.exe
  2⤵
  PID:4292
- C:\Windows\System\OVRCuIA.exe
  C:\Windows\System\OVRCuIA.exe
  2⤵
  PID:912
- C:\Windows\System\BpUotCe.exe
  C:\Windows\System\BpUotCe.exe
  2⤵
  PID:3612
- C:\Windows\System\buNAFQD.exe
  C:\Windows\System\buNAFQD.exe
  2⤵
  PID:6928
- C:\Windows\System\PaBHOkq.exe
  C:\Windows\System\PaBHOkq.exe
  2⤵
  PID:5728
- C:\Windows\System\OhNBGQp.exe
  C:\Windows\System\OhNBGQp.exe
  2⤵
  PID:6796
- C:\Windows\System\DgtSLJz.exe
  C:\Windows\System\DgtSLJz.exe
  2⤵
  PID:6552
- C:\Windows\System\aIfvYeg.exe
  C:\Windows\System\aIfvYeg.exe
  2⤵
  PID:7176
- C:\Windows\System\zuAJUzO.exe
  C:\Windows\System\zuAJUzO.exe
  2⤵
  PID:7208
- C:\Windows\System\msCsdLg.exe
  C:\Windows\System\msCsdLg.exe
  2⤵
  PID:7236
- C:\Windows\System\GFsNzII.exe
  C:\Windows\System\GFsNzII.exe
  2⤵
  PID:7264
- C:\Windows\System\KvfZKrh.exe
  C:\Windows\System\KvfZKrh.exe
  2⤵
  PID:7292
- C:\Windows\System\SMTqXiI.exe
  C:\Windows\System\SMTqXiI.exe
  2⤵
  PID:7320
- C:\Windows\System\vnwjvxR.exe
  C:\Windows\System\vnwjvxR.exe
  2⤵
  PID:7348
- C:\Windows\System\fZlyCZO.exe
  C:\Windows\System\fZlyCZO.exe
  2⤵
  PID:7376
- C:\Windows\System\WFEpenA.exe
  C:\Windows\System\WFEpenA.exe
  2⤵
  PID:7404
- C:\Windows\System\leSkJnu.exe
  C:\Windows\System\leSkJnu.exe
  2⤵
  PID:7432
- C:\Windows\System\OyafXuo.exe
  C:\Windows\System\OyafXuo.exe
  2⤵
  PID:7460
- C:\Windows\System\JAfRoZx.exe
  C:\Windows\System\JAfRoZx.exe
  2⤵
  PID:7492
- C:\Windows\System\McObRdQ.exe
  C:\Windows\System\McObRdQ.exe
  2⤵
  PID:7516
- C:\Windows\System\aFSGQwY.exe
  C:\Windows\System\aFSGQwY.exe
  2⤵
  PID:7532
- C:\Windows\System\KyBeQZl.exe
  C:\Windows\System\KyBeQZl.exe
  2⤵
  PID:7548
- C:\Windows\System\WAsJjoF.exe
  C:\Windows\System\WAsJjoF.exe
  2⤵
  PID:7564
- C:\Windows\System\vDTAVKN.exe
  C:\Windows\System\vDTAVKN.exe
  2⤵
  PID:7580
- C:\Windows\System\bYZwcye.exe
  C:\Windows\System\bYZwcye.exe
  2⤵
  PID:7608
- C:\Windows\System\svksrCQ.exe
  C:\Windows\System\svksrCQ.exe
  2⤵
  PID:7648
- C:\Windows\System\UQcpxuG.exe
  C:\Windows\System\UQcpxuG.exe
  2⤵
  PID:7692
- C:\Windows\System\SgETVHy.exe
  C:\Windows\System\SgETVHy.exe
  2⤵
  PID:7720
- C:\Windows\System\dnaEBjX.exe
  C:\Windows\System\dnaEBjX.exe
  2⤵
  PID:7752
- C:\Windows\System\TRyIWUH.exe
  C:\Windows\System\TRyIWUH.exe
  2⤵
  PID:7772
- C:\Windows\System\oXeWUrV.exe
  C:\Windows\System\oXeWUrV.exe
  2⤵
  PID:7816
- C:\Windows\System\ZLRhVhH.exe
  C:\Windows\System\ZLRhVhH.exe
  2⤵
  PID:7852
- C:\Windows\System\rCFYYEU.exe
  C:\Windows\System\rCFYYEU.exe
  2⤵
  PID:7880
- C:\Windows\System\ehZeOTk.exe
  C:\Windows\System\ehZeOTk.exe
  2⤵
  PID:7896
- C:\Windows\System\VckldWM.exe
  C:\Windows\System\VckldWM.exe
  2⤵
  PID:7920
- C:\Windows\System\MreArwg.exe
  C:\Windows\System\MreArwg.exe
  2⤵
  PID:7968
- C:\Windows\System\qqQAAys.exe
  C:\Windows\System\qqQAAys.exe
  2⤵
  PID:7996
- C:\Windows\System\tAHQolk.exe
  C:\Windows\System\tAHQolk.exe
  2⤵
  PID:8028
- C:\Windows\System\cfPWbxw.exe
  C:\Windows\System\cfPWbxw.exe
  2⤵
  PID:8052
- C:\Windows\System\PyKyRCX.exe
  C:\Windows\System\PyKyRCX.exe
  2⤵
  PID:8080
- C:\Windows\System\DVNGCmm.exe
  C:\Windows\System\DVNGCmm.exe
  2⤵
  PID:8108
- C:\Windows\System\xFcdQhL.exe
  C:\Windows\System\xFcdQhL.exe
  2⤵
  PID:8144
- C:\Windows\System\giMesRe.exe
  C:\Windows\System\giMesRe.exe
  2⤵
  PID:8180
- C:\Windows\System\FkwgCnH.exe
  C:\Windows\System\FkwgCnH.exe
  2⤵
  PID:7232
- C:\Windows\System\QlBhrfp.exe
  C:\Windows\System\QlBhrfp.exe
  2⤵
  PID:7332
- C:\Windows\System\wJSdwVJ.exe
  C:\Windows\System\wJSdwVJ.exe
  2⤵
  PID:7400
- C:\Windows\System\GVpkNvq.exe
  C:\Windows\System\GVpkNvq.exe
  2⤵
  PID:7484
- C:\Windows\System\flNuxEd.exe
  C:\Windows\System\flNuxEd.exe
  2⤵
  PID:7560
- C:\Windows\System\DHJATkK.exe
  C:\Windows\System\DHJATkK.exe
  2⤵
  PID:7556
- C:\Windows\System\HlehfBh.exe
  C:\Windows\System\HlehfBh.exe
  2⤵
  PID:7708
- C:\Windows\System\FZFlaBN.exe
  C:\Windows\System\FZFlaBN.exe
  2⤵
  PID:7704
- C:\Windows\System\sFrzAJq.exe
  C:\Windows\System\sFrzAJq.exe
  2⤵
  PID:7788
- C:\Windows\System\hJoVdvF.exe
  C:\Windows\System\hJoVdvF.exe
  2⤵
  PID:7872
- C:\Windows\System\ExOLsTX.exe
  C:\Windows\System\ExOLsTX.exe
  2⤵
  PID:7936
- C:\Windows\System\gislXNs.exe
  C:\Windows\System\gislXNs.exe
  2⤵
  PID:8016
- C:\Windows\System\nEcxPtq.exe
  C:\Windows\System\nEcxPtq.exe
  2⤵
  PID:8076
- C:\Windows\System\mOvqBaz.exe
  C:\Windows\System\mOvqBaz.exe
  2⤵
  PID:8132
- C:\Windows\System\kPhodZt.exe
  C:\Windows\System\kPhodZt.exe
  2⤵
  PID:2400
- C:\Windows\System\HWXlxiU.exe
  C:\Windows\System\HWXlxiU.exe
  2⤵
  PID:7396
- C:\Windows\System\mLBWNvi.exe
  C:\Windows\System\mLBWNvi.exe
  2⤵
  PID:7540
- C:\Windows\System\EyLFwnY.exe
  C:\Windows\System\EyLFwnY.exe
  2⤵
  PID:6352
- C:\Windows\System\fmbTxMb.exe
  C:\Windows\System\fmbTxMb.exe
  2⤵
  PID:7804
- C:\Windows\System\cjgnCHQ.exe
  C:\Windows\System\cjgnCHQ.exe
  2⤵
  PID:7940
- C:\Windows\System\ALLrOPt.exe
  C:\Windows\System\ALLrOPt.exe
  2⤵
  PID:4600
- C:\Windows\System\QrffePr.exe
  C:\Windows\System\QrffePr.exe
  2⤵
  PID:7288
- C:\Windows\System\qQGwDWD.exe
  C:\Windows\System\qQGwDWD.exe
  2⤵
  PID:7628
- C:\Windows\System\cFzmbMW.exe
  C:\Windows\System\cFzmbMW.exe
  2⤵
  PID:7944
- C:\Windows\System\LiWkPQQ.exe
  C:\Windows\System\LiWkPQQ.exe
  2⤵
  PID:7228
- C:\Windows\System\vylbdqO.exe
  C:\Windows\System\vylbdqO.exe
  2⤵
  PID:7796
- C:\Windows\System\WVxNpim.exe
  C:\Windows\System\WVxNpim.exe
  2⤵
  PID:8196
- C:\Windows\System\iwdPJSk.exe
  C:\Windows\System\iwdPJSk.exe
  2⤵
  PID:8232
- C:\Windows\System\pokwELR.exe
  C:\Windows\System\pokwELR.exe
  2⤵
  PID:8260
- C:\Windows\System\oclfKkZ.exe
  C:\Windows\System\oclfKkZ.exe
  2⤵
  PID:8292
- C:\Windows\System\OZsttBd.exe
  C:\Windows\System\OZsttBd.exe
  2⤵
  PID:8316
- C:\Windows\System\rpKmOHv.exe
  C:\Windows\System\rpKmOHv.exe
  2⤵
  PID:8348
- C:\Windows\System\glNXIFj.exe
  C:\Windows\System\glNXIFj.exe
  2⤵
  PID:8376
- C:\Windows\System\ESCJajK.exe
  C:\Windows\System\ESCJajK.exe
  2⤵
  PID:8404
- C:\Windows\System\zyLmNzt.exe
  C:\Windows\System\zyLmNzt.exe
  2⤵
  PID:8432
- C:\Windows\System\CVXDihi.exe
  C:\Windows\System\CVXDihi.exe
  2⤵
  PID:8460
- C:\Windows\System\IkPzJVD.exe
  C:\Windows\System\IkPzJVD.exe
  2⤵
  PID:8488
- C:\Windows\System\ndbivaO.exe
  C:\Windows\System\ndbivaO.exe
  2⤵
  PID:8524
- C:\Windows\System\wcicTqq.exe
  C:\Windows\System\wcicTqq.exe
  2⤵
  PID:8544
- C:\Windows\System\pyQucMz.exe
  C:\Windows\System\pyQucMz.exe
  2⤵
  PID:8572
- C:\Windows\System\EoNHLLI.exe
  C:\Windows\System\EoNHLLI.exe
  2⤵
  PID:8596
- C:\Windows\System\waaemhM.exe
  C:\Windows\System\waaemhM.exe
  2⤵
  PID:8628
- C:\Windows\System\BpJYDXj.exe
  C:\Windows\System\BpJYDXj.exe
  2⤵
  PID:8656
- C:\Windows\System\eoiZbEO.exe
  C:\Windows\System\eoiZbEO.exe
  2⤵
  PID:8684
- C:\Windows\System\DxKXdMU.exe
  C:\Windows\System\DxKXdMU.exe
  2⤵
  PID:8712
- C:\Windows\System\qrJvNPJ.exe
  C:\Windows\System\qrJvNPJ.exe
  2⤵
  PID:8740
- C:\Windows\System\cAiiHHl.exe
  C:\Windows\System\cAiiHHl.exe
  2⤵
  PID:8768
- C:\Windows\System\JRzYwZz.exe
  C:\Windows\System\JRzYwZz.exe
  2⤵
  PID:8804
- C:\Windows\System\ffuDvTa.exe
  C:\Windows\System\ffuDvTa.exe
  2⤵
  PID:8840
- C:\Windows\System\XXdtgwP.exe
  C:\Windows\System\XXdtgwP.exe
  2⤵
  PID:8868
- C:\Windows\System\wIWvtkq.exe
  C:\Windows\System\wIWvtkq.exe
  2⤵
  PID:8896
- C:\Windows\System\LaKXVAD.exe
  C:\Windows\System\LaKXVAD.exe
  2⤵
  PID:8932
- C:\Windows\System\GDFRZTs.exe
  C:\Windows\System\GDFRZTs.exe
  2⤵
  PID:8980
- C:\Windows\System\gYOSFNI.exe
  C:\Windows\System\gYOSFNI.exe
  2⤵
  PID:9032
- C:\Windows\System\rEFEmaI.exe
  C:\Windows\System\rEFEmaI.exe
  2⤵
  PID:9068
- C:\Windows\System\cNtzbXf.exe
  C:\Windows\System\cNtzbXf.exe
  2⤵
  PID:9084
- C:\Windows\System\LpUZUmU.exe
  C:\Windows\System\LpUZUmU.exe
  2⤵
  PID:9128
- C:\Windows\System\FRqWoUv.exe
  C:\Windows\System\FRqWoUv.exe
  2⤵
  PID:9160
- C:\Windows\System\NgiTpTJ.exe
  C:\Windows\System\NgiTpTJ.exe
  2⤵
  PID:9208
- C:\Windows\System\nySxKPh.exe
  C:\Windows\System\nySxKPh.exe
  2⤵
  PID:8228
- C:\Windows\System\SkFBBba.exe
  C:\Windows\System\SkFBBba.exe
  2⤵
  PID:8304
- C:\Windows\System\XYvUIZY.exe
  C:\Windows\System\XYvUIZY.exe
  2⤵
  PID:8388
- C:\Windows\System\NgcJJmy.exe
  C:\Windows\System\NgcJJmy.exe
  2⤵
  PID:8504
- C:\Windows\System\reiApiS.exe
  C:\Windows\System\reiApiS.exe
  2⤵
  PID:8584
- C:\Windows\System\DEkRuxC.exe
  C:\Windows\System\DEkRuxC.exe
  2⤵
  PID:8648
- C:\Windows\System\PQrNpRg.exe
  C:\Windows\System\PQrNpRg.exe
  2⤵
  PID:8704
- C:\Windows\System\auhpyJX.exe
  C:\Windows\System\auhpyJX.exe
  2⤵
  PID:8764
- C:\Windows\System\vGAvJdZ.exe
  C:\Windows\System\vGAvJdZ.exe
  2⤵
  PID:8856
- C:\Windows\System\xxMxObU.exe
  C:\Windows\System\xxMxObU.exe
  2⤵
  PID:8924
- C:\Windows\System\ZNUHqkp.exe
  C:\Windows\System\ZNUHqkp.exe
  2⤵
  PID:9012
- C:\Windows\System\jHZCpaI.exe
  C:\Windows\System\jHZCpaI.exe
  2⤵
  PID:9060
- C:\Windows\System\IpYxBXi.exe
  C:\Windows\System\IpYxBXi.exe
  2⤵
  PID:9192
- C:\Windows\System\bWfhdxL.exe
  C:\Windows\System\bWfhdxL.exe
  2⤵
  PID:8336
- C:\Windows\System\LgmQMXY.exe
  C:\Windows\System\LgmQMXY.exe
  2⤵
  PID:8540
- C:\Windows\System\rTFpAFd.exe
  C:\Windows\System\rTFpAFd.exe
  2⤵
  PID:8680
- C:\Windows\System\wRShsih.exe
  C:\Windows\System\wRShsih.exe
  2⤵
  PID:8968
- C:\Windows\System\PUpWAqQ.exe
  C:\Windows\System\PUpWAqQ.exe
  2⤵
  PID:9152
- C:\Windows\System\QnAmZdU.exe
  C:\Windows\System\QnAmZdU.exe
  2⤵
  PID:8536
- C:\Windows\System\bLJFhwN.exe
  C:\Windows\System\bLJFhwN.exe
  2⤵
  PID:9052
- C:\Windows\System\aTDATby.exe
  C:\Windows\System\aTDATby.exe
  2⤵
  PID:8912
- C:\Windows\System\fRDePym.exe
  C:\Windows\System\fRDePym.exe
  2⤵
  PID:9224
- C:\Windows\System\vmWLaJY.exe
  C:\Windows\System\vmWLaJY.exe
  2⤵
  PID:9252
- C:\Windows\System\VOcTDWr.exe
  C:\Windows\System\VOcTDWr.exe
  2⤵
  PID:9280
- C:\Windows\System\GkgNfmc.exe
  C:\Windows\System\GkgNfmc.exe
  2⤵
  PID:9308
- C:\Windows\System\uICnztT.exe
  C:\Windows\System\uICnztT.exe
  2⤵
  PID:9336
- C:\Windows\System\RIaYdYC.exe
  C:\Windows\System\RIaYdYC.exe
  2⤵
  PID:9364
- C:\Windows\System\pTCSWfz.exe
  C:\Windows\System\pTCSWfz.exe
  2⤵
  PID:9392
- C:\Windows\System\pZGOekX.exe
  C:\Windows\System\pZGOekX.exe
  2⤵
  PID:9420
- C:\Windows\System\XoRLekG.exe
  C:\Windows\System\XoRLekG.exe
  2⤵
  PID:9448
- C:\Windows\System\xzlQJnH.exe
  C:\Windows\System\xzlQJnH.exe
  2⤵
  PID:9480
- C:\Windows\System\ukaLfDn.exe
  C:\Windows\System\ukaLfDn.exe
  2⤵
  PID:9504
- C:\Windows\System\CprGWMO.exe
  C:\Windows\System\CprGWMO.exe
  2⤵
  PID:9532
- C:\Windows\System\AYgGwLH.exe
  C:\Windows\System\AYgGwLH.exe
  2⤵
  PID:9560
- C:\Windows\System\CocHjFd.exe
  C:\Windows\System\CocHjFd.exe
  2⤵
  PID:9588
- C:\Windows\System\yCeUnMj.exe
  C:\Windows\System\yCeUnMj.exe
  2⤵
  PID:9616
- C:\Windows\System\cdQkJBQ.exe
  C:\Windows\System\cdQkJBQ.exe
  2⤵
  PID:9644
- C:\Windows\System\PstjMnC.exe
  C:\Windows\System\PstjMnC.exe
  2⤵
  PID:9676
- C:\Windows\System\ItlKvKO.exe
  C:\Windows\System\ItlKvKO.exe
  2⤵
  PID:9700
- C:\Windows\System\YUsoOUq.exe
  C:\Windows\System\YUsoOUq.exe
  2⤵
  PID:9728
- C:\Windows\System\xLsvBgu.exe
  C:\Windows\System\xLsvBgu.exe
  2⤵
  PID:9760
- C:\Windows\System\TwSqRhA.exe
  C:\Windows\System\TwSqRhA.exe
  2⤵
  PID:9788
- C:\Windows\System\lHVpDqw.exe
  C:\Windows\System\lHVpDqw.exe
  2⤵
  PID:9820
- C:\Windows\System\QaxFPUO.exe
  C:\Windows\System\QaxFPUO.exe
  2⤵
  PID:9844
- C:\Windows\System\TIgpzZD.exe
  C:\Windows\System\TIgpzZD.exe
  2⤵
  PID:9876
- C:\Windows\System\EeJizFn.exe
  C:\Windows\System\EeJizFn.exe
  2⤵
  PID:9904
- C:\Windows\System\aPKHiUe.exe
  C:\Windows\System\aPKHiUe.exe
  2⤵
  PID:9932
- C:\Windows\System\pqbulVl.exe
  C:\Windows\System\pqbulVl.exe
  2⤵
  PID:9972
- C:\Windows\System\KqupKxK.exe
  C:\Windows\System\KqupKxK.exe
  2⤵
  PID:10008
- C:\Windows\System\CwgPyoF.exe
  C:\Windows\System\CwgPyoF.exe
  2⤵
  PID:10036
- C:\Windows\System\VBTFxws.exe
  C:\Windows\System\VBTFxws.exe
  2⤵
  PID:10064
- C:\Windows\System\yukZftj.exe
  C:\Windows\System\yukZftj.exe
  2⤵
  PID:10092
- C:\Windows\System\JmurYbp.exe
  C:\Windows\System\JmurYbp.exe
  2⤵
  PID:10120
- C:\Windows\System\BRbOzSi.exe
  C:\Windows\System\BRbOzSi.exe
  2⤵
  PID:10148
- C:\Windows\System\fHtzVyY.exe
  C:\Windows\System\fHtzVyY.exe
  2⤵
  PID:10176
- C:\Windows\System\EBAIeEM.exe
  C:\Windows\System\EBAIeEM.exe
  2⤵
  PID:10204
- C:\Windows\System\zMonQix.exe
  C:\Windows\System\zMonQix.exe
  2⤵
  PID:8484
- C:\Windows\System\GQQBVXS.exe
  C:\Windows\System\GQQBVXS.exe
  2⤵
  PID:9264
- C:\Windows\System\mwsGlNr.exe
  C:\Windows\System\mwsGlNr.exe
  2⤵
  PID:9332
- C:\Windows\System\sYNfvIJ.exe
  C:\Windows\System\sYNfvIJ.exe
  2⤵
  PID:9388
- C:\Windows\System\pvetCTf.exe
  C:\Windows\System\pvetCTf.exe
  2⤵
  PID:9460
- C:\Windows\System\NkQOXBD.exe
  C:\Windows\System\NkQOXBD.exe
  2⤵
  PID:9524
- C:\Windows\System\DYsZczL.exe
  C:\Windows\System\DYsZczL.exe
  2⤵
  PID:9584
- C:\Windows\System\dhudUom.exe
  C:\Windows\System\dhudUom.exe
  2⤵
  PID:9656
- C:\Windows\System\nmPIMRG.exe
  C:\Windows\System\nmPIMRG.exe
  2⤵
  PID:9720
- C:\Windows\System\gbjRtpj.exe
  C:\Windows\System\gbjRtpj.exe
  2⤵
  PID:9780
- C:\Windows\System\qFvKAEQ.exe
  C:\Windows\System\qFvKAEQ.exe
  2⤵
  PID:9864
- C:\Windows\System\wnnyWYj.exe
  C:\Windows\System\wnnyWYj.exe
  2⤵
  PID:9924
- C:\Windows\System\tGsrXpc.exe
  C:\Windows\System\tGsrXpc.exe
  2⤵
  PID:10028
- C:\Windows\System\qzDxTww.exe
  C:\Windows\System\qzDxTww.exe
  2⤵
  PID:10076
- C:\Windows\System\FOuDDOZ.exe
  C:\Windows\System\FOuDDOZ.exe
  2⤵
  PID:10144
- C:\Windows\System\RVHlGRh.exe
  C:\Windows\System\RVHlGRh.exe
  2⤵
  PID:10200
- C:\Windows\System\RRtMbeW.exe
  C:\Windows\System\RRtMbeW.exe
  2⤵
  PID:9300
- C:\Windows\System\awqNEkm.exe
  C:\Windows\System\awqNEkm.exe
  2⤵
  PID:9440
- C:\Windows\System\TitQPsM.exe
  C:\Windows\System\TitQPsM.exe
  2⤵
  PID:9580
- C:\Windows\System\MNsxAZR.exe
  C:\Windows\System\MNsxAZR.exe
  2⤵
  PID:9752
- C:\Windows\System\ugaWufx.exe
  C:\Windows\System\ugaWufx.exe
  2⤵
  PID:9916
- C:\Windows\System\FQQZphM.exe
  C:\Windows\System\FQQZphM.exe
  2⤵
  PID:10060
- C:\Windows\System\UfALjxo.exe
  C:\Windows\System\UfALjxo.exe
  2⤵
  PID:9236
- C:\Windows\System\TUCCbAn.exe
  C:\Windows\System\TUCCbAn.exe
  2⤵
  PID:9556
- C:\Windows\System\RiBJcHZ.exe
  C:\Windows\System\RiBJcHZ.exe
  2⤵
  PID:9896
- C:\Windows\System\ZAZJNmD.exe
  C:\Windows\System\ZAZJNmD.exe
  2⤵
  PID:9384
- C:\Windows\System\iFHSZMJ.exe
  C:\Windows\System\iFHSZMJ.exe
  2⤵
  PID:10196
- C:\Windows\System\oSAWpJO.exe
  C:\Windows\System\oSAWpJO.exe
  2⤵
  PID:10252
- C:\Windows\System\nYdkBRZ.exe
  C:\Windows\System\nYdkBRZ.exe
  2⤵
  PID:10280
- C:\Windows\System\Beegdul.exe
  C:\Windows\System\Beegdul.exe
  2⤵
  PID:10308
- C:\Windows\System\MRSFlVP.exe
  C:\Windows\System\MRSFlVP.exe
  2⤵
  PID:10336
- C:\Windows\System\UkvWvoP.exe
  C:\Windows\System\UkvWvoP.exe
  2⤵
  PID:10364
- C:\Windows\System\gPvKqaL.exe
  C:\Windows\System\gPvKqaL.exe
  2⤵
  PID:10380
- C:\Windows\System\jwOkJKO.exe
  C:\Windows\System\jwOkJKO.exe
  2⤵
  PID:10424
- C:\Windows\System\HTUtete.exe
  C:\Windows\System\HTUtete.exe
  2⤵
  PID:10452
- C:\Windows\System\fiSuJxK.exe
  C:\Windows\System\fiSuJxK.exe
  2⤵
  PID:10480
- C:\Windows\System\VhtXpjK.exe
  C:\Windows\System\VhtXpjK.exe
  2⤵
  PID:10508
- C:\Windows\System\sQtKVQv.exe
  C:\Windows\System\sQtKVQv.exe
  2⤵
  PID:10536
- C:\Windows\System\WEFWWRW.exe
  C:\Windows\System\WEFWWRW.exe
  2⤵
  PID:10564
- C:\Windows\System\rlelodQ.exe
  C:\Windows\System\rlelodQ.exe
  2⤵
  PID:10592
- C:\Windows\System\yleMWmj.exe
  C:\Windows\System\yleMWmj.exe
  2⤵
  PID:10620
- C:\Windows\System\VIUtoNf.exe
  C:\Windows\System\VIUtoNf.exe
  2⤵
  PID:10648
- C:\Windows\System\EWMXnuv.exe
  C:\Windows\System\EWMXnuv.exe
  2⤵
  PID:10676
- C:\Windows\System\YoDAgSW.exe
  C:\Windows\System\YoDAgSW.exe
  2⤵
  PID:10704
- C:\Windows\System\SZaoZBm.exe
  C:\Windows\System\SZaoZBm.exe
  2⤵
  PID:10732
- C:\Windows\System\GxmPPGw.exe
  C:\Windows\System\GxmPPGw.exe
  2⤵
  PID:10760
- C:\Windows\System\YcjcEgY.exe
  C:\Windows\System\YcjcEgY.exe
  2⤵
  PID:10788
- C:\Windows\System\tguQhGq.exe
  C:\Windows\System\tguQhGq.exe
  2⤵
  PID:10816
- C:\Windows\System\NYKKbsW.exe
  C:\Windows\System\NYKKbsW.exe
  2⤵
  PID:10844
- C:\Windows\System\SfkSFsq.exe
  C:\Windows\System\SfkSFsq.exe
  2⤵
  PID:10872
- C:\Windows\System\oSZySyn.exe
  C:\Windows\System\oSZySyn.exe
  2⤵
  PID:10900
- C:\Windows\System\nEkMpgA.exe
  C:\Windows\System\nEkMpgA.exe
  2⤵
  PID:10928
- C:\Windows\System\YWNsEQU.exe
  C:\Windows\System\YWNsEQU.exe
  2⤵
  PID:10956
- C:\Windows\System\WSXImDO.exe
  C:\Windows\System\WSXImDO.exe
  2⤵
  PID:10976
- C:\Windows\System\eEKRxBB.exe
  C:\Windows\System\eEKRxBB.exe
  2⤵
  PID:10992
- C:\Windows\System\JpnCloL.exe
  C:\Windows\System\JpnCloL.exe
  2⤵
  PID:11040
- C:\Windows\System\UuoczOu.exe
  C:\Windows\System\UuoczOu.exe
  2⤵
  PID:11068
- C:\Windows\System\IenoUPb.exe
  C:\Windows\System\IenoUPb.exe
  2⤵
  PID:11096
- C:\Windows\System\uMTKspj.exe
  C:\Windows\System\uMTKspj.exe
  2⤵
  PID:11116
- C:\Windows\System\jjlhMRn.exe
  C:\Windows\System\jjlhMRn.exe
  2⤵
  PID:11148
- C:\Windows\System\PzdcQah.exe
  C:\Windows\System\PzdcQah.exe
  2⤵
  PID:11172
- C:\Windows\System\spABSJN.exe
  C:\Windows\System\spABSJN.exe
  2⤵
  PID:11200
- C:\Windows\System\SuweaMj.exe
  C:\Windows\System\SuweaMj.exe
  2⤵
  PID:11236
- C:\Windows\System\eEIdqkK.exe
  C:\Windows\System\eEIdqkK.exe
  2⤵
  PID:10248
- C:\Windows\System\zIHhvLX.exe
  C:\Windows\System\zIHhvLX.exe
  2⤵
  PID:10324
- C:\Windows\System\QxcbthW.exe
  C:\Windows\System\QxcbthW.exe
  2⤵
  PID:10376
- C:\Windows\System\EuNKQnD.exe
  C:\Windows\System\EuNKQnD.exe
  2⤵
  PID:10448
- C:\Windows\System\CDVngvQ.exe
  C:\Windows\System\CDVngvQ.exe
  2⤵
  PID:10524
- C:\Windows\System\sZmhOUd.exe
  C:\Windows\System\sZmhOUd.exe
  2⤵
  PID:10556
- C:\Windows\System\ZJliFjR.exe
  C:\Windows\System\ZJliFjR.exe
  2⤵
  PID:10640
- C:\Windows\System\DTFyxZE.exe
  C:\Windows\System\DTFyxZE.exe
  2⤵
  PID:10716
- C:\Windows\System\rpkiCCG.exe
  C:\Windows\System\rpkiCCG.exe
  2⤵
  PID:10780
- C:\Windows\System\sNFytLz.exe
  C:\Windows\System\sNFytLz.exe
  2⤵
  PID:10840
- C:\Windows\System\gJlnyqK.exe
  C:\Windows\System\gJlnyqK.exe
  2⤵
  PID:10912
- C:\Windows\System\fsIUvYt.exe
  C:\Windows\System\fsIUvYt.exe
  2⤵
  PID:10964
- C:\Windows\System\NTKtFJJ.exe
  C:\Windows\System\NTKtFJJ.exe
  2⤵
  PID:11012
- C:\Windows\System\NTtbhOL.exe
  C:\Windows\System\NTtbhOL.exe
  2⤵
  PID:11064
- C:\Windows\System\OnrssaK.exe
  C:\Windows\System\OnrssaK.exe
  2⤵
  PID:5176
- C:\Windows\System\lpsFvME.exe
  C:\Windows\System\lpsFvME.exe
  2⤵
  PID:7116
- C:\Windows\System\hFKXopj.exe
  C:\Windows\System\hFKXopj.exe
  2⤵
  PID:10392
- C:\Windows\System\TKAcscw.exe
  C:\Windows\System\TKAcscw.exe
  2⤵
  PID:11184
- C:\Windows\System\qoJqjQR.exe
  C:\Windows\System\qoJqjQR.exe
  2⤵
  PID:11244
- C:\Windows\System\noIhnIS.exe
  C:\Windows\System\noIhnIS.exe
  2⤵
  PID:6944
- C:\Windows\System\VkTkseP.exe
  C:\Windows\System\VkTkseP.exe
  2⤵
  PID:10500
- C:\Windows\System\GJYkixd.exe
  C:\Windows\System\GJYkixd.exe
  2⤵
  PID:10672
- C:\Windows\System\lRqBjtV.exe
  C:\Windows\System\lRqBjtV.exe
  2⤵
  PID:10776
- C:\Windows\System\fKxcfFX.exe
  C:\Windows\System\fKxcfFX.exe
  2⤵
  PID:10940
- C:\Windows\System\DCJCoud.exe
  C:\Windows\System\DCJCoud.exe
  2⤵
  PID:5596
- C:\Windows\System\ndRourt.exe
  C:\Windows\System\ndRourt.exe
  2⤵
  PID:11128
- C:\Windows\System\CVZFjfp.exe
  C:\Windows\System\CVZFjfp.exe
  2⤵
  PID:10304
- C:\Windows\System\MuvtuTy.exe
  C:\Windows\System\MuvtuTy.exe
  2⤵
  PID:10756
- C:\Windows\System\AZrNfld.exe
  C:\Windows\System\AZrNfld.exe
  2⤵
  PID:6404
- C:\Windows\System\eCMpHmt.exe
  C:\Windows\System\eCMpHmt.exe
  2⤵
  PID:10988
- C:\Windows\System\wFKKZNg.exe
  C:\Windows\System\wFKKZNg.exe
  2⤵
  PID:11300
- C:\Windows\System\cFAdoXz.exe
  C:\Windows\System\cFAdoXz.exe
  2⤵
  PID:11324
- C:\Windows\System\YcbgumL.exe
  C:\Windows\System\YcbgumL.exe
  2⤵
  PID:11344
- C:\Windows\System\CDvbfiH.exe
  C:\Windows\System\CDvbfiH.exe
  2⤵
  PID:11400
- C:\Windows\System\TVxigZG.exe
  C:\Windows\System\TVxigZG.exe
  2⤵
  PID:11416
- C:\Windows\System\JkrQeyB.exe
  C:\Windows\System\JkrQeyB.exe
  2⤵
  PID:11444
- C:\Windows\System\vJeSYCJ.exe
  C:\Windows\System\vJeSYCJ.exe
  2⤵
  PID:11472
- C:\Windows\System\wRzyBLn.exe
  C:\Windows\System\wRzyBLn.exe
  2⤵
  PID:11488
- C:\Windows\System\yvffaAH.exe
  C:\Windows\System\yvffaAH.exe
  2⤵
  PID:11524
- C:\Windows\System\GtsFjKy.exe
  C:\Windows\System\GtsFjKy.exe
  2⤵
  PID:11556
- C:\Windows\System\UzLCrPQ.exe
  C:\Windows\System\UzLCrPQ.exe
  2⤵
  PID:11584
- C:\Windows\System\fPbxQor.exe
  C:\Windows\System\fPbxQor.exe
  2⤵
  PID:11612
- C:\Windows\System\xNUBBZE.exe
  C:\Windows\System\xNUBBZE.exe
  2⤵
  PID:11640
- C:\Windows\System\buelNEC.exe
  C:\Windows\System\buelNEC.exe
  2⤵
  PID:11668
- C:\Windows\System\UlAZDSI.exe
  C:\Windows\System\UlAZDSI.exe
  2⤵
  PID:11696
- C:\Windows\System\kSvoKzO.exe
  C:\Windows\System\kSvoKzO.exe
  2⤵
  PID:11716
- C:\Windows\System\mZRdtQK.exe
  C:\Windows\System\mZRdtQK.exe
  2⤵
  PID:11740
- C:\Windows\System\GnJDRkT.exe
  C:\Windows\System\GnJDRkT.exe
  2⤵
  PID:11768
- C:\Windows\System\LGuIvcB.exe
  C:\Windows\System\LGuIvcB.exe
  2⤵
  PID:11796
- C:\Windows\System\maNsjzl.exe
  C:\Windows\System\maNsjzl.exe
  2⤵
  PID:11836
- C:\Windows\System\DbKEiQO.exe
  C:\Windows\System\DbKEiQO.exe
  2⤵
  PID:11864
- C:\Windows\System\oYimYiJ.exe
  C:\Windows\System\oYimYiJ.exe
  2⤵
  PID:11892
- C:\Windows\System\JvSkCuz.exe
  C:\Windows\System\JvSkCuz.exe
  2⤵
  PID:11920
- C:\Windows\System\LUdwxBL.exe
  C:\Windows\System\LUdwxBL.exe
  2⤵
  PID:11948
- C:\Windows\System\fQKpIho.exe
  C:\Windows\System\fQKpIho.exe
  2⤵
  PID:11976
- C:\Windows\System\kxhsiYi.exe
  C:\Windows\System\kxhsiYi.exe
  2⤵
  PID:12004
- C:\Windows\System\dGAmEfc.exe
  C:\Windows\System\dGAmEfc.exe
  2⤵
  PID:12032
- C:\Windows\System\uUInTHx.exe
  C:\Windows\System\uUInTHx.exe
  2⤵
  PID:12060
- C:\Windows\System\glAyeXL.exe
  C:\Windows\System\glAyeXL.exe
  2⤵
  PID:12084
- C:\Windows\System\Ouozxjp.exe
  C:\Windows\System\Ouozxjp.exe
  2⤵
  PID:12116
- C:\Windows\System\aFGeakZ.exe
  C:\Windows\System\aFGeakZ.exe
  2⤵
  PID:12144
- C:\Windows\System\gwPWJsy.exe
  C:\Windows\System\gwPWJsy.exe
  2⤵
  PID:12172
- C:\Windows\System\HvEaDBP.exe
  C:\Windows\System\HvEaDBP.exe
  2⤵
  PID:12200
- C:\Windows\System\fWTSszQ.exe
  C:\Windows\System\fWTSszQ.exe
  2⤵
  PID:12228
- C:\Windows\System\EVVYYgv.exe
  C:\Windows\System\EVVYYgv.exe
  2⤵
  PID:12248
- C:\Windows\System\AqMHwVc.exe
  C:\Windows\System\AqMHwVc.exe
  2⤵
  PID:11268
- C:\Windows\System\ZCqWuFv.exe
  C:\Windows\System\ZCqWuFv.exe
  2⤵
  PID:11280
- C:\Windows\System\bKmmxIe.exe
  C:\Windows\System\bKmmxIe.exe
  2⤵
  PID:11364
- C:\Windows\System\AmlwKFh.exe
  C:\Windows\System\AmlwKFh.exe
  2⤵
  PID:11436
- C:\Windows\System\WsGyGQY.exe
  C:\Windows\System\WsGyGQY.exe
  2⤵
  PID:11500
- C:\Windows\System\ZRIBZRo.exe
  C:\Windows\System\ZRIBZRo.exe
  2⤵
  PID:11572
- C:\Windows\System\rGinjdn.exe
  C:\Windows\System\rGinjdn.exe
  2⤵
  PID:11632
- C:\Windows\System\QXsTfcu.exe
  C:\Windows\System\QXsTfcu.exe
  2⤵
  PID:11680
- C:\Windows\System\ZWJTZpY.exe
  C:\Windows\System\ZWJTZpY.exe
  2⤵
  PID:11752
- C:\Windows\System\jAKibFq.exe
  C:\Windows\System\jAKibFq.exe
  2⤵
  PID:11780
- C:\Windows\System\cVfsdDx.exe
  C:\Windows\System\cVfsdDx.exe
  2⤵
  PID:11876
- C:\Windows\System\lrNgDVe.exe
  C:\Windows\System\lrNgDVe.exe
  2⤵
  PID:11916
- C:\Windows\System\nfzUcBg.exe
  C:\Windows\System\nfzUcBg.exe
  2⤵
  PID:11988
- C:\Windows\System\WqVGXJc.exe
  C:\Windows\System\WqVGXJc.exe
  2⤵
  PID:12056
- C:\Windows\System\IgpBHZQ.exe
  C:\Windows\System\IgpBHZQ.exe
  2⤵
  PID:12136
- C:\Windows\System\lAzMhNM.exe
  C:\Windows\System\lAzMhNM.exe
  2⤵
  PID:12184
- C:\Windows\System\eqocbWV.exe
  C:\Windows\System\eqocbWV.exe
  2⤵
  PID:12220
- C:\Windows\System\dwqIWNm.exe
  C:\Windows\System\dwqIWNm.exe
  2⤵
  PID:11360
- C:\Windows\System\HRMxuZo.exe
  C:\Windows\System\HRMxuZo.exe
  2⤵
  PID:11540
- C:\Windows\System\wCxEkpn.exe
  C:\Windows\System\wCxEkpn.exe
  2⤵
  PID:11660
- C:\Windows\System\gFWTYhL.exe
  C:\Windows\System\gFWTYhL.exe
  2⤵
  PID:11792
- C:\Windows\System\ZsfgUel.exe
  C:\Windows\System\ZsfgUel.exe
  2⤵
  PID:11888
- C:\Windows\System\ZpiisLC.exe
  C:\Windows\System\ZpiisLC.exe
  2⤵
  PID:12028
- C:\Windows\System\oeZxlVG.exe
  C:\Windows\System\oeZxlVG.exe
  2⤵
  PID:12284
- C:\Windows\System\xvjxIxs.exe
  C:\Windows\System\xvjxIxs.exe
  2⤵
  PID:11596
- C:\Windows\System\OecGaTr.exe
  C:\Windows\System\OecGaTr.exe
  2⤵
  PID:11080
- C:\Windows\System\otqPfbi.exe
  C:\Windows\System\otqPfbi.exe
  2⤵
  PID:12236
- C:\Windows\System\zFVJtTO.exe
  C:\Windows\System\zFVJtTO.exe
  2⤵
  PID:12068
- C:\Windows\System\FfGLvVo.exe
  C:\Windows\System\FfGLvVo.exe
  2⤵
  PID:12296
- C:\Windows\System\wikbvln.exe
  C:\Windows\System\wikbvln.exe
  2⤵
  PID:12312
- C:\Windows\System\nxfScvE.exe
  C:\Windows\System\nxfScvE.exe
  2⤵
  PID:12328
- C:\Windows\System\FzFVwcS.exe
  C:\Windows\System\FzFVwcS.exe
  2⤵
  PID:12388
- C:\Windows\System\FGliEdy.exe
  C:\Windows\System\FGliEdy.exe
  2⤵
  PID:12420
- C:\Windows\System\lmQCcaU.exe
  C:\Windows\System\lmQCcaU.exe
  2⤵
  PID:12444
- C:\Windows\System\AEvvMvQ.exe
  C:\Windows\System\AEvvMvQ.exe
  2⤵
  PID:12464
- C:\Windows\System\hppEdgv.exe
  C:\Windows\System\hppEdgv.exe
  2⤵
  PID:12492
- C:\Windows\System\GREJWit.exe
  C:\Windows\System\GREJWit.exe
  2⤵
  PID:12532
- C:\Windows\System\sYTECJL.exe
  C:\Windows\System\sYTECJL.exe
  2⤵
  PID:12564
- C:\Windows\System\hmzFRJk.exe
  C:\Windows\System\hmzFRJk.exe
  2⤵
  PID:12600
- C:\Windows\System\Xcdltso.exe
  C:\Windows\System\Xcdltso.exe
  2⤵
  PID:12628
- C:\Windows\System\VneOVew.exe
  C:\Windows\System\VneOVew.exe
  2⤵
  PID:12648
- C:\Windows\System\rKcyLzw.exe
  C:\Windows\System\rKcyLzw.exe
  2⤵
  PID:12672
- C:\Windows\System\WIizeBs.exe
  C:\Windows\System\WIizeBs.exe
  2⤵
  PID:12708
- C:\Windows\System\knwLKYH.exe
  C:\Windows\System\knwLKYH.exe
  2⤵
  PID:12740
- C:\Windows\System\cykGMwI.exe
  C:\Windows\System\cykGMwI.exe
  2⤵
  PID:12768
- C:\Windows\System\Hmmvdbj.exe
  C:\Windows\System\Hmmvdbj.exe
  2⤵
  PID:12796
- C:\Windows\System\WyGnfhk.exe
  C:\Windows\System\WyGnfhk.exe
  2⤵
  PID:12824
- C:\Windows\System\CGYfXKk.exe
  C:\Windows\System\CGYfXKk.exe
  2⤵
  PID:12840
- C:\Windows\System\ziKtuvE.exe
  C:\Windows\System\ziKtuvE.exe
  2⤵
  PID:12868
- C:\Windows\System\TbomIPQ.exe
  C:\Windows\System\TbomIPQ.exe
  2⤵
  PID:13000
- C:\Windows\System\YMBOsvj.exe
  C:\Windows\System\YMBOsvj.exe
  2⤵
  PID:13032
- C:\Windows\System\tpxJhqY.exe
  C:\Windows\System\tpxJhqY.exe
  2⤵
  PID:13060
- C:\Windows\System\JiYSDIY.exe
  C:\Windows\System\JiYSDIY.exe
  2⤵
  PID:13088
- C:\Windows\System\eknKEkT.exe
  C:\Windows\System\eknKEkT.exe
  2⤵
  PID:13116
- C:\Windows\System\tKLpfmo.exe
  C:\Windows\System\tKLpfmo.exe
  2⤵
  PID:13144
- C:\Windows\System\jKzgGuh.exe
  C:\Windows\System\jKzgGuh.exe
  2⤵
  PID:13172
- C:\Windows\System\hJxYZww.exe
  C:\Windows\System\hJxYZww.exe
  2⤵
  PID:13200
- C:\Windows\System\boyqZex.exe
  C:\Windows\System\boyqZex.exe
  2⤵
  PID:13228
- C:\Windows\System\wmTaUIv.exe
  C:\Windows\System\wmTaUIv.exe
  2⤵
  PID:13256
- C:\Windows\System\cCqxoRw.exe
  C:\Windows\System\cCqxoRw.exe
  2⤵
  PID:13276
- C:\Windows\System\QGxRTsd.exe
  C:\Windows\System\QGxRTsd.exe
  2⤵
  PID:13304
- C:\Windows\System\DbBOnpe.exe
  C:\Windows\System\DbBOnpe.exe
  2⤵
  PID:12320
- C:\Windows\System\YaRsuIH.exe
  C:\Windows\System\YaRsuIH.exe
  2⤵
  PID:12396
- C:\Windows\System\ONwzhwA.exe
  C:\Windows\System\ONwzhwA.exe
  2⤵
  PID:12436
- C:\Windows\System\iaeIXnR.exe
  C:\Windows\System\iaeIXnR.exe
  2⤵
  PID:12524
- C:\Windows\System\wPpaofS.exe
  C:\Windows\System\wPpaofS.exe
  2⤵
  PID:12620
- C:\Windows\System\OlKwNZw.exe
  C:\Windows\System\OlKwNZw.exe
  2⤵
  PID:12656
- C:\Windows\System\kCYKJUT.exe
  C:\Windows\System\kCYKJUT.exe
  2⤵
  PID:12724
- C:\Windows\System\nCajvGZ.exe
  C:\Windows\System\nCajvGZ.exe
  2⤵
  PID:12780
- C:\Windows\System\pnYLgoy.exe
  C:\Windows\System\pnYLgoy.exe
  2⤵
  PID:12836
- C:\Windows\System\IWyqxmI.exe
  C:\Windows\System\IWyqxmI.exe
  2⤵
  PID:12920
- C:\Windows\System\vDtKSVa.exe
  C:\Windows\System\vDtKSVa.exe
  2⤵
  PID:12900
- C:\Windows\System\rpiLzzA.exe
  C:\Windows\System\rpiLzzA.exe
  2⤵
  PID:12936
- C:\Windows\System\EfsdVfA.exe
  C:\Windows\System\EfsdVfA.exe
  2⤵
  PID:12880
- C:\Windows\System\qQfHJbl.exe
  C:\Windows\System\qQfHJbl.exe
  2⤵
  PID:13024
- C:\Windows\System\ICfxvKD.exe
  C:\Windows\System\ICfxvKD.exe
  2⤵
  PID:13076
- C:\Windows\System\pULSMbz.exe
  C:\Windows\System\pULSMbz.exe
  2⤵
  PID:13136
- C:\Windows\System\raEHUYV.exe
  C:\Windows\System\raEHUYV.exe
  2⤵
  PID:13224
- C:\Windows\System\anLdfcG.exe
  C:\Windows\System\anLdfcG.exe
  2⤵
  PID:11904
- C:\Windows\System\SVdRxNx.exe
  C:\Windows\System\SVdRxNx.exe
  2⤵
  PID:12428
- C:\Windows\System\iTqPiUW.exe
  C:\Windows\System\iTqPiUW.exe
  2⤵
  PID:12528
- C:\Windows\System\SYUrmxY.exe
  C:\Windows\System\SYUrmxY.exe
  2⤵
  PID:12760
- C:\Windows\System\zQWQUhd.exe
  C:\Windows\System\zQWQUhd.exe
  2⤵
  PID:12808
- C:\Windows\System\JdrOVyF.exe
  C:\Windows\System\JdrOVyF.exe
  2⤵
  PID:12956
- C:\Windows\System\OJwnevu.exe
  C:\Windows\System\OJwnevu.exe
  2⤵
  PID:13048
- C:\Windows\System\GqwesCh.exe
  C:\Windows\System\GqwesCh.exe
  2⤵
  PID:13188
- C:\Windows\System\FJGxWkf.exe
  C:\Windows\System\FJGxWkf.exe
  2⤵
  PID:12292
- C:\Windows\System\uBXfcga.exe
  C:\Windows\System\uBXfcga.exe
  2⤵
  PID:12592
- C:\Windows\System\kSjqLCP.exe
  C:\Windows\System\kSjqLCP.exe
  2⤵
  PID:12888
- C:\Windows\System\gyQIpBc.exe
  C:\Windows\System\gyQIpBc.exe
  2⤵
  PID:13264
- C:\Windows\System\IOBUGTJ.exe
  C:\Windows\System\IOBUGTJ.exe
  2⤵
  PID:12756
- C:\Windows\System\wtsGjSc.exe
  C:\Windows\System\wtsGjSc.exe
  2⤵
  PID:13340
- C:\Windows\System\qNPfDWX.exe
  C:\Windows\System\qNPfDWX.exe
  2⤵
  PID:13368
- C:\Windows\System\sOQLFdJ.exe
  C:\Windows\System\sOQLFdJ.exe
  2⤵
  PID:13396
- C:\Windows\System\NJFwJKQ.exe
  C:\Windows\System\NJFwJKQ.exe
  2⤵
  PID:13416
- C:\Windows\System\BPlKoWd.exe
  C:\Windows\System\BPlKoWd.exe
  2⤵
  PID:13452
- C:\Windows\System\RTYRixJ.exe
  C:\Windows\System\RTYRixJ.exe
  2⤵
  PID:13476
- C:\Windows\System\SPKaYSU.exe
  C:\Windows\System\SPKaYSU.exe
  2⤵
  PID:13508
- C:\Windows\System\sVKBxBG.exe
  C:\Windows\System\sVKBxBG.exe
  2⤵
  PID:13532
- C:\Windows\System\TMMzyJe.exe
  C:\Windows\System\TMMzyJe.exe
  2⤵
  PID:13552
- C:\Windows\System\KKylrrp.exe
  C:\Windows\System\KKylrrp.exe
  2⤵
  PID:13600
- C:\Windows\System\zeQzUhT.exe
  C:\Windows\System\zeQzUhT.exe
  2⤵
  PID:13728
- C:\Windows\System\SAdCLmU.exe
  C:\Windows\System\SAdCLmU.exe
  2⤵
  PID:13752
- C:\Windows\System\NjdAhaY.exe
  C:\Windows\System\NjdAhaY.exe
  2⤵
  PID:13780
- C:\Windows\System\bZGesAU.exe
  C:\Windows\System\bZGesAU.exe
  2⤵
  PID:13816
- C:\Windows\System\oLHwKvw.exe
  C:\Windows\System\oLHwKvw.exe
  2⤵
  PID:13844
- C:\Windows\System\mRXgqft.exe
  C:\Windows\System\mRXgqft.exe
  2⤵
  PID:13904
- C:\Windows\System\qdUmGBj.exe
  C:\Windows\System\qdUmGBj.exe
  2⤵
  PID:13932
- C:\Windows\System\antxGeP.exe
  C:\Windows\System\antxGeP.exe
  2⤵
  PID:13960
- C:\Windows\System\MuQAMOk.exe
  C:\Windows\System\MuQAMOk.exe
  2⤵
  PID:13976
- C:\Windows\System\hdTAGpj.exe
  C:\Windows\System\hdTAGpj.exe
  2⤵
  PID:14008
- C:\Windows\System\tQHBiFz.exe
  C:\Windows\System\tQHBiFz.exe
  2⤵
  PID:14052
- C:\Windows\System\ZFhxDLz.exe
  C:\Windows\System\ZFhxDLz.exe
  2⤵
  PID:14072
- C:\Windows\System\ufJiSgf.exe
  C:\Windows\System\ufJiSgf.exe
  2⤵
  PID:14088
- C:\Windows\System\ReOEqvY.exe
  C:\Windows\System\ReOEqvY.exe
  2⤵
  PID:14140
- C:\Windows\System\gAmLIsX.exe
  C:\Windows\System\gAmLIsX.exe
  2⤵
  PID:14164
- C:\Windows\System\SZUJNyC.exe
  C:\Windows\System\SZUJNyC.exe
  2⤵
  PID:14196
- C:\Windows\System\pmuJzWU.exe
  C:\Windows\System\pmuJzWU.exe
  2⤵
  PID:14224
- C:\Windows\System\NomTMdU.exe
  C:\Windows\System\NomTMdU.exe
  2⤵
  PID:14252
- C:\Windows\System\lzsOihB.exe
  C:\Windows\System\lzsOihB.exe
  2⤵
  PID:14280
- C:\Windows\System\MDHZKZP.exe
  C:\Windows\System\MDHZKZP.exe
  2⤵
  PID:14308
- C:\Windows\System\dajDxvs.exe
  C:\Windows\System\dajDxvs.exe
  2⤵
  PID:13112
- C:\Windows\System\SAMNHup.exe
  C:\Windows\System\SAMNHup.exe
  2⤵
  PID:13336
- C:\Windows\System\oAuEbQR.exe
  C:\Windows\System\oAuEbQR.exe
  2⤵
  PID:13408
- C:\Windows\System\mAiFNKu.exe
  C:\Windows\System\mAiFNKu.exe
  2⤵
  PID:13468
- C:\Windows\System\PWHGVZA.exe
  C:\Windows\System\PWHGVZA.exe
  2⤵
  PID:13504
- C:\Windows\System\OSTuZwH.exe
  C:\Windows\System\OSTuZwH.exe
  2⤵
  PID:13544
- C:\Windows\System\eHNlFIt.exe
  C:\Windows\System\eHNlFIt.exe
  2⤵
  PID:13624
- C:\Windows\System\ckiAFFx.exe
  C:\Windows\System\ckiAFFx.exe
  2⤵
  PID:13668
- C:\Windows\System\uYPvXzT.exe
  C:\Windows\System\uYPvXzT.exe
  2⤵
  PID:4532
- C:\Windows\System\WNbpDCa.exe
  C:\Windows\System\WNbpDCa.exe
  2⤵
  PID:13696
- C:\Windows\System\SVauAuX.exe
  C:\Windows\System\SVauAuX.exe
  2⤵
  PID:13712
- C:\Windows\System\akRONCI.exe
  C:\Windows\System\akRONCI.exe
  2⤵
  PID:13788
- C:\Windows\System\auGImOM.exe
  C:\Windows\System\auGImOM.exe
  2⤵
  PID:13896
- C:\Windows\System\tJneEuH.exe
  C:\Windows\System\tJneEuH.exe
  2⤵
  PID:14016
- C:\Windows\System\WFMhIcC.exe
  C:\Windows\System\WFMhIcC.exe
  2⤵
  PID:14044
- C:\Windows\System\tmhWgVb.exe
  C:\Windows\System\tmhWgVb.exe
  2⤵
  PID:14100
- C:\Windows\System\hqVmwaI.exe
  C:\Windows\System\hqVmwaI.exe
  2⤵
  PID:14136
- C:\Windows\System\EyRmUeg.exe
  C:\Windows\System\EyRmUeg.exe
  2⤵
  PID:14180
- C:\Windows\System\RShbLdv.exe
  C:\Windows\System\RShbLdv.exe
  2⤵
  PID:14268
- C:\Windows\System\ZgUyAGD.exe
  C:\Windows\System\ZgUyAGD.exe
  2⤵
  PID:14304
- C:\Windows\System\lxhMYaG.exe
  C:\Windows\System\lxhMYaG.exe
  2⤵
  PID:13484
- C:\Windows\System\jzELoJR.exe
  C:\Windows\System\jzELoJR.exe
  2⤵
  PID:13640
- C:\Windows\System\rxplLFS.exe
  C:\Windows\System\rxplLFS.exe
  2⤵
  PID:13688
- C:\Windows\System\GPCxeCq.exe
  C:\Windows\System\GPCxeCq.exe
  2⤵
  PID:1360
- C:\Windows\System\iERLPzA.exe
  C:\Windows\System\iERLPzA.exe
  2⤵
  PID:13720
- C:\Windows\System\gdpWsBa.exe
  C:\Windows\System\gdpWsBa.exe
  2⤵
  PID:13996
- C:\Windows\System\iXFZSdJ.exe
  C:\Windows\System\iXFZSdJ.exe
  2⤵
  PID:14120
- C:\Windows\System\SudoNUf.exe
  C:\Windows\System\SudoNUf.exe
  2⤵
  PID:13392
- C:\Windows\System\bNwHinp.exe
  C:\Windows\System\bNwHinp.exe
  2⤵
  PID:13684
- C:\Windows\System\IkCZEaq.exe
  C:\Windows\System\IkCZEaq.exe
  2⤵
  PID:13956
- C:\Windows\System\YCCptvn.exe
  C:\Windows\System\YCCptvn.exe
  2⤵
  PID:14276
- C:\Windows\System\YMVaaTF.exe
  C:\Windows\System\YMVaaTF.exe
  2⤵
  PID:13612
- C:\Windows\System\lrOzdsC.exe
  C:\Windows\System\lrOzdsC.exe
  2⤵
  PID:14172
- C:\Windows\System\klrtbOl.exe
  C:\Windows\System\klrtbOl.exe
  2⤵
  PID:14356
- C:\Windows\System\QlBgWgk.exe
  C:\Windows\System\QlBgWgk.exe
  2⤵
  PID:14372
- C:\Windows\System\BHlofNd.exe
  C:\Windows\System\BHlofNd.exe
  2⤵
  PID:14404
- C:\Windows\System\MDmDhFi.exe
  C:\Windows\System\MDmDhFi.exe
  2⤵
  PID:14440
- C:\Windows\System\dmnvOmM.exe
  C:\Windows\System\dmnvOmM.exe
  2⤵
  PID:14468
- C:\Windows\System\XWuRMVo.exe
  C:\Windows\System\XWuRMVo.exe
  2⤵
  PID:14484
- C:\Windows\System\GrNmIFz.exe
  C:\Windows\System\GrNmIFz.exe
  2⤵
  PID:14520
- C:\Windows\System\pMYQUHS.exe
  C:\Windows\System\pMYQUHS.exe
  2⤵
  PID:14552
- C:\Windows\System\ARhGJOQ.exe
  C:\Windows\System\ARhGJOQ.exe
  2⤵
  PID:14568
- C:\Windows\System\jsrrfUH.exe
  C:\Windows\System\jsrrfUH.exe
  2⤵
  PID:14592
- C:\Windows\System\gODvViy.exe
  C:\Windows\System\gODvViy.exe
  2⤵
  PID:14608
- C:\Windows\System\TfnqZaX.exe
  C:\Windows\System\TfnqZaX.exe
  2⤵
  PID:14632
- C:\Windows\System\htDlaVV.exe
  C:\Windows\System\htDlaVV.exe
  2⤵
  PID:14652
- C:\Windows\System\NBLvFhL.exe
  C:\Windows\System\NBLvFhL.exe
  2⤵
  PID:14676
- C:\Windows\System\yZohiKv.exe
  C:\Windows\System\yZohiKv.exe
  2⤵
  PID:14744
- C:\Windows\System\XXdQdCj.exe
  C:\Windows\System\XXdQdCj.exe
  2⤵
  PID:14784
- C:\Windows\System\nDqQEBq.exe
  C:\Windows\System\nDqQEBq.exe
  2⤵
  PID:14804
- C:\Windows\System\avgLqPy.exe
  C:\Windows\System\avgLqPy.exe
  2⤵
  PID:14844

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CfthMhd.exe

Filesize
2.2MB

MD5
88afb841809f795c9e40e4e55d602deb

SHA1
5cd87f0e0b668d1e901c13382bbaf3569c12c018

SHA256
bc8849dbb7a067a058a308a38f2b63cd462ecd18e4578535b4bdf328f366e43b

SHA512
efcbc06994e707d4d9de50013d02d1e3b8e227237747631ba810796d0bfda9081a1f664cf8ba052b93584569ce9ea6fcd8ffa84dcdf7b6c7dad8d19360c3d39c

Download Submit
C:\Windows\System\DVJrJZh.exe

Filesize
2.2MB

MD5
33871780d3daad54ee71358d1fdeb725

SHA1
d6cf5bc252cb87205fe73534a6e22b098fbf2dc4

SHA256
b07eacd22b2c01e95c2f02138d3a250772da4d47326f45003435baa2cc122a4e

SHA512
cfb89530b37cebef8d785bf81bf9dfec610340f8413cb0d2c0519f8564e5d0c2d54add8a8f0e72ba5f9fcfea0f819771dffd5efd6f4c90368ad191b4b432fe99

Download Submit
C:\Windows\System\DxaBDjY.exe

Filesize
2.2MB

MD5
8d72949d74f05b6d2321a9b54c8199aa

SHA1
2c869664d21555f23281474304a1b03b81258360

SHA256
0215c179b6c01b5c4e570037fe9ca764e31a75033c8749fa59c2e92ecb6da814

SHA512
f4734574e92f5ab6979c754b714f9d9f60aa866d24cac29ca184a675c63812ab2adc02b6faa8a8a33a69b09f9005e9558488c5fe2767d7a7b6cfaaf3a9da9d9f

Download Submit
C:\Windows\System\EnwmKzp.exe

Filesize
2.2MB

MD5
764b95590ee8ee3a9d6923260e3ce51a

SHA1
84c16933c469733e3da855bdb45b4356ffe05518

SHA256
dfe97e3b7997f5757443e8398fe7ec2270cc19e4f4ba12f66a0ab3d70255e285

SHA512
94ab374a9001dc85066af83d94b371bb9849502d870909e1193e77a99142572f431bb429c202cb81b05cfec5a7bff34acb3461b0ffc35ad6084410ecce43bceb

Download Submit
C:\Windows\System\EqHuWVD.exe

Filesize
2.2MB

MD5
fb39f4fd2ebf27d71b03be43228ec2d1

SHA1
37b814f1ab14cb19d4316ffa46eef4ca4a7143a0

SHA256
55046e23c2de85ce754f0539248dfafb41651e0dd5d9972c161892dfb49538e2

SHA512
b19cf2a758a13bf730773500322582426648a062cc5a3ec666cb4bc6291a1c2b64c26e2c17cd4c89f2970cc59564a70bbdcb619a06c0c1270ffc15b542f0960d

Download Submit
C:\Windows\System\HjuPrby.exe

Filesize
2.2MB

MD5
09bec5eb58a2a99df6b43b8234b484b1

SHA1
e4b9ab2f92c20275e753e633976a08c0768a0156

SHA256
3efbac605764383c53dc2d3be93d51fd910cce86e6ea6025d16c72e40536c94f

SHA512
5d494b80c866d02ef20f693d8b004b5ec545ebc35000f48295deaa4630bf2561eb13a970f5eb5d2b3106d36892d2bb1cfee5056d72b8104a43f05e237ee0c987

Download Submit
C:\Windows\System\IXgyQUy.exe

Filesize
2.2MB

MD5
27a6afbf9c79bcbf668f6cfafa8dca94

SHA1
4a713cd0b7bc5a9eb7147e43b02a5612b55b65b0

SHA256
ee8527e3c0f0f07c1e504be535bd1b5b5ba608453ea2484e8131ad04d8bd36be

SHA512
791167e4dcca9914075fb498af09fc5e6238a969894bb99d8c79c6d98656f400ecab298d30b35ec8a620a13745c51bdf601b9dc6a6a2b131bfb11a9bbd89bfce

Download Submit
C:\Windows\System\JCxeXir.exe

Filesize
2.2MB

MD5
9b18a31fe47f7cc1212d3d32a01430d9

SHA1
eeeb14ec5de7f7a8df65d4c617299b17c8aa63e8

SHA256
793bbc407857aab588d0eda75e63fe270086a48bf4f3aac8a2ae9f4453e83dde

SHA512
5c759458b3cfef8c1faa88056ad5e8926100e5477f946ae2834266df7ecebf09335fec1f1a3307ab14d1086c52d7a727ca24815c8921e83fc0a697c49eb20701

Download Submit
C:\Windows\System\KgJlaeg.exe

Filesize
2.2MB

MD5
0a109536b277b0b27b5a336e44decfe3

SHA1
4edcb3708f5e009d78d0f67e10455c422ab6efb3

SHA256
aaadd52c699b041eb8706f6347a8947c352196b22a02dc68deb61de8c0031f5e

SHA512
270be8fd543c920dd1854648047bf80ce5e6e45f7522fba46883b7aa8a93f4f5b6788961238fa72e82a211d2b2dec465be723574ffc30659fcfdebf8dd4425af

Download Submit
C:\Windows\System\KunPQoS.exe

Filesize
2.2MB

MD5
c190c1355c959f375dfa0bb4f1121309

SHA1
99b9fe9431badb602b0293779e781e6ada7b84d4

SHA256
e8ee3db06ba7f091537c1486be4dd25edfca3c74c55324e18b15cb7c91a46401

SHA512
08400b552f6a825fea7fb160efdd8940e03888dba3a7cba92e433fc026f9004cb29fad8e206b9e44bf9ad2657ee937b14ca6487a6a9c1296c7c4e831db70f7b1

Download Submit
C:\Windows\System\NmBYcqb.exe

Filesize
2.2MB

MD5
a83aff4313856582af46fd1024522f62

SHA1
f2fee64a197a0e19d73db4a4aef523b066b65a8c

SHA256
6cdefdc8bd3da9184b39b1b623d04f7d975c191b89d55c0e376bde93ceac780d

SHA512
42cadd4da75e026a32d30851486fd5f1bed4c670ad60299323356415990311a41c3d693d294be4adcec01aa65b03591c32726000b282e7c3bf2c115e5a3f6862

Download Submit
C:\Windows\System\SAuNuuT.exe

Filesize
2.2MB

MD5
3ae174ed6b30259740ef840a39f0809c

SHA1
117250727a59fb65285953211e95e0731036e9cc

SHA256
d3e94e74c33b56e0fb4b9665d6a21aa83fcc49b6c6d376b33dbab74d722b9cf7

SHA512
a54810038fe57e3da83e6e5d99ace0570399e67f1bfacec195bf751b22adec6730288110543fd18fdbd291c3f886f45f9d0614c7d9a43070dc8850b26b96a82a

Download Submit
C:\Windows\System\YZASzWe.exe

Filesize
2.2MB

MD5
8e0263b8ebd292e9bf53ced5e76f52ab

SHA1
a0d9b46a268fbe05b83dd3fa56bb6a8738e4d5da

SHA256
edbd19119526679e00606ed8016ba3133d85f9bfd79146bc980a1e2cebcfd2d5

SHA512
d520e6219a78d7993d3792f550bcfc5d7c6f2dae7ca7eb5f379af1a4edfbbf7121c5952439f7f53f0089376b5cfe9c73f43b3e918c744b6c259ba13ad108276c

Download Submit
C:\Windows\System\bkeqvxu.exe

Filesize
2.2MB

MD5
9b977796210bdda64d835b354ea9a8e5

SHA1
77025dd49a2c002efce396aad6b2ed612b96adb9

SHA256
f7b1c70d479a30570175024b04032f2ef47f76059f75876ddaf67077943165e1

SHA512
18674f3c582a56decf317fabb5c1282b0734c45cabb9a886100716f1a467e48ce4a2e83c78ee7b137f34a054aa1fcf47614dffe0afa50adedd7cb56366c7de86

Download Submit
C:\Windows\System\dFQtjdT.exe

Filesize
2.2MB

MD5
118e291eae987c3bd749df0dab396ff3

SHA1
61de2b3a806fb59b1324520ef0f885b18995a61c

SHA256
8de0597e069ec1e8d4a3f33f46ec094959438c39c8d19e70eca44dd49d75c01d

SHA512
8ed65e1154bd409292fae3726e6322a923ed262fda5086f8aee51a6bf69a32d705c2496602a1e12edd1ed35e9882440b91abd10512b98c5ad1afbcd0b1c9ad81

Download Submit
C:\Windows\System\eMOoSeo.exe

Filesize
2.2MB

MD5
84a469beccbd1a0502b3596923f41bef

SHA1
3638fce3e7c09034da01fc1cfa2a2630bcc8f15a

SHA256
b940af092658114c64f6b63d3e9883c28093d80c8a1ad200973712a4cc239b69

SHA512
133481d1792c07113ce948e429a9103c07e381692fc703d64949e8b551029bdf73326fe45c27591a637ce38c12a892abdd9e4448919101fb8bc3950a3c03a542

Download Submit
C:\Windows\System\eckVEKO.exe

Filesize
2.2MB

MD5
55f7cee2adebc6db47be4ae7f03d486c

SHA1
bfe0dd3805587595af77750a93d4e71b097b9d3a

SHA256
50b945c5ca3196ec04fd63829dd6f4f03c5f3262d95393025c73029fde23f296

SHA512
c69af94e1ef334630c6a861959b5c08c26371bd1bddaf863687df45a7cd5721eade363bd7e4b450b640c6a623b20db8009f6cbeee2e2dfffd9d4d3e15459ff23

Download Submit
C:\Windows\System\gVvxJQb.exe

Filesize
2.2MB

MD5
cb946f8e9a927eb10a5a499fd6a5b3d6

SHA1
475b6c118ac5c44d31a5ba6c11fe405e92dbd028

SHA256
56990dee66e4a586074eaa539677c250a01ffca2f56956864572be85d1214a77

SHA512
15c1fa7fef3a6d17d1d0a0a4fb61b2c68d2f765dbed5ef6d0c29f1ceeec7bd52f9955ebdcdadb7d887f13a96b3258bb7b208b9950fcf00287cd00a4f3ff8bedf

Download Submit
C:\Windows\System\gqNejfX.exe

Filesize
2.2MB

MD5
b6d1143a59a2c63596ce224710f80b06

SHA1
0ca5e5e7574442d3c2aa9b17aee9356388929e65

SHA256
9febe8dacccf89051b201595fcca5ee0647f9757885739ffd164dbd95caff12a

SHA512
4c12697f02505a1fd6a3fefd82cbcf3234237f8457f205f7c55079bcf296097c0bbe607044e55803c28bff1a87bc39286ab4614b02dfc57a9eca032edea07045

Download Submit
C:\Windows\System\jRvIMxG.exe

Filesize
2.2MB

MD5
206c2d226eeef5227ec9afea1c9172d1

SHA1
25a81c8c0c63fe56984bad64891ed981a1961161

SHA256
15f66d0657a89e92b4ad4d6c893f2347ff030ebe1ed8ac283e99a5cc3cdb295d

SHA512
6411611f1b66aa7f3e38887f4e82fe9b7bb486f51948590d67d6f92b5c2ddbaaa1befeab0c1b892b1ba6038768887f535f600faeaca4ed1c273da26574c0d2b2

Download Submit
C:\Windows\System\lqagOVo.exe

Filesize
2.2MB

MD5
cd48e49c5946933d2e98588cbf860463

SHA1
13f9e4df1e47778ca3446df8b86a439bd58fc05b

SHA256
dbbbd11983fbf8117d6749feb06a9982eab379bc3378bb691104ff95e1ea52ee

SHA512
a73f12b2ea78ac484f4175616c98afc419a7fc80d59b7216ad7f276000372f45da59cac79ce3f4f6acd5276e1b4c268c7ad2754971b9aa2fa17f4c8fa16c3ef1

Download Submit
C:\Windows\System\nrzQyGP.exe

Filesize
2.2MB

MD5
4f991a4e745382fb1de74a260c163c1b

SHA1
7bdc2bbaf28aa4249515e74163002e61b2c200d5

SHA256
b356d678fbd9f595e5ed8d6d4d906224c92917dbce878c5ecfb67f011193a556

SHA512
95b93f72328a86213aa1a8b6a734257702d68db833e34b99135f38cc6cbf6a61b4a55f8dc7d12d324571d7035c6177b0d1d3374d03e8d562c764927ecba32cbe

Download Submit
C:\Windows\System\oDLGzJH.exe

Filesize
2.2MB

MD5
d65539de21021cdc371e281448e72c4c

SHA1
541996d7acf5a2c237ba691db27e39dcddcb20b2

SHA256
b7add92adde88d7d28b9e435e14d6958babb4f43a0eaf58fa27f0ba08957e1b1

SHA512
526cf14af88ca4fb6052f1cc5e664ea5801a65bf585ac7c25a3a187680ec848f067107ac92f17ebf2d3496ed12b29f0f4c3e4e070c2ab9d8eb40c84bbbf56d5a

Download Submit
C:\Windows\System\ojvPwET.exe

Filesize
2.2MB

MD5
c0398cb0b76f9f4ea3a54e0e1e75a494

SHA1
6d38bb1382f2759ecd32ee4f917338a889553fa0

SHA256
672d4488b213014057485704ed3edcda7d6f67efa057f3ed2ff59d79db1e78b0

SHA512
39b3d5731b2a8fbf51dd491200ef56897c763f8d0f5079d5a0f2a8b07bf6ebc74ce704368101ad0819b22fc7de4462d4fa27e54fb44dabe1ae16518661a4ef55

Download Submit
C:\Windows\System\pOLedpM.exe

Filesize
2.2MB

MD5
f29065379c81f84384253c8e2b7ec03d

SHA1
a2d6d708421623191aea79cb99818e938dd0669b

SHA256
b55deb40f0c7897c7f9b5e24188efddb4ec430190536f99c0d1b50abe914a4aa

SHA512
54748f9fec4b124fd002f8f3cfab5b9298cc4587992f606221100cae04f4f947b0f2edfbb38d56a42c45270bb04ebc18bb65149555db93a96a652fa04c9e91da

Download Submit
C:\Windows\System\pZfIUlp.exe

Filesize
2.2MB

MD5
e6e9fe7b8a3b493c0f12da9f4bd5aae4

SHA1
22c2b0da7db2b746bbf9b9fd40d6e0d769208287

SHA256
dad7b90be5b3750820261871ed1a5bf0ef41e612858209ecb55d26c2171a53ab

SHA512
93be579ae1ba75a01e5b25d31715b9fca0f4aeb9e04a6ee8f1b3a1ebb389dd77ad10e710ac8de54ac9aa1826a7ceecbc4387160c663d4c815296deb300987136

Download Submit
C:\Windows\System\pllzwzA.exe

Filesize
2.2MB

MD5
a1de18107b3f79612f4613ea4e3bbad8

SHA1
43e71f41da81bd8ed8d6a958927338cf977175b1

SHA256
2ce45f55779ff73026dcce227b876962fa4e45c11609a15fee1d0838109658b9

SHA512
637d016d79847576e9dd28ef838812f09ce3655398878a0e056b8771dbf710b96713275737e168d7017328d5bc6c5714a3a549911d94efb0feb5c5085d410abb

Download Submit
C:\Windows\System\rWmilvv.exe

Filesize
2.2MB

MD5
68b235d6dd818c35d68eed05edd05787

SHA1
4470a91e807362c68a98f850ca3755151bdfdf94

SHA256
1f713458a047743a401e7f3fb16b59164be270e030f6fe703759637cfdc303f8

SHA512
5e1dbe8ce9184b8d3f1b9606c73349883a6c364b4a64c24f8afa641fd733a5aa51156f28cad5c63948f4f381f293cc444dda8c5444de32505a83be9cb93a48d0

Download Submit
C:\Windows\System\ujuNUFH.exe

Filesize
2.2MB

MD5
07f80c02e77bfd14a5c56f27358b039d

SHA1
0f469b1214ed6a53c3e8de69e2eefe79ee898d1e

SHA256
2c2a0b75a6c561ffc1e64d9490a68d1dce87b89c17673ddc635c42f95e179ce1

SHA512
90a96fe83eac799f65548242ba50e533d6f908d0db8a8d509799c65a9bb1857912fc8248b8db69948aa7ea657e9c640946481d992a42f83b467210cb2c440c47

Download Submit
C:\Windows\System\wZJQHEm.exe

Filesize
2.2MB

MD5
460e8f111e0fbdb7e5a60a888df08dcb

SHA1
25f929fa169dc012588b69e8cbfae47265335c3c

SHA256
260f7a8d8b6763320a0b1dad8ace2db680c7e09df8188714857d387a61cd597d

SHA512
8b3533c95acc2b754c012c40a5afca0aaea64c321c3be86f6e88e35bcbb5cbf68faa0b2b894a70b2b77cf21d3389dc7f1c354c5b9d77fb140f50302c4fb43d8b

Download Submit
C:\Windows\System\xdJdovo.exe

Filesize
2.2MB

MD5
fd82d248746c5839d475063929d72879

SHA1
fd7c1d832df12a7ca5e5d353ec5386b292cb6cee

SHA256
df5954d55d961760fee9da445dd135257816196b2b56f5a8450575cec18124cb

SHA512
4d6778c93732a8111e231cd11e434aef1ac9b49b2492a2a8646d25b3ee527d409cf4499089c16f00e5adf3cce1460a8c3cea0bffbaa9b47c4aa7bfebe3a196df

Download Submit
C:\Windows\System\yRILNIh.exe

Filesize
2.2MB

MD5
2cee6dacb0a3a7b7054e0e0b357c2de6

SHA1
89a853cab1cb73a3e61046527ca54df965fb7bc5

SHA256
d3a5d72b62d5e35935f084401d9a633759eabf4c72019c878898d4f206ff3a7a

SHA512
198c1b987ddcee0937b06008fd49c3da94c45c847250efab69426b70e3c24b6a72fa950ce92f85e8f165f20ba3c1d25b6d2f1bfd4213cdd66efd3a15d9afe6a7

Download Submit
C:\Windows\System\zkibrmV.exe

Filesize
2.2MB

MD5
60be24898cda9fda885106acbd9e5bea

SHA1
7f0d9f483226cd338a03d739636d50a57717f285

SHA256
ac9a0764f03d712490f7175d5a06adfe07ae61142f72ef750b6882393430963a

SHA512
5486da3e213a3565241f85c062726aebd2f24b8e8513d6eb187f27bdafd1e29c2fb2662163dc25b018b0dc337ebd576b8f491ae3f0559ee29807606e0b91ef37

Download Submit
memory/60-105-0x00007FF6886E0000-0x00007FF688A34000-memory.dmp

Filesize
3.3MB

Download
memory/60-2152-0x00007FF6886E0000-0x00007FF688A34000-memory.dmp

Filesize
3.3MB

Download
memory/60-2171-0x00007FF6886E0000-0x00007FF688A34000-memory.dmp

Filesize
3.3MB

Download
memory/748-2157-0x00007FF679880000-0x00007FF679BD4000-memory.dmp

Filesize
3.3MB

Download
memory/748-28-0x00007FF679880000-0x00007FF679BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1240-1-0x00000192D8500000-0x00000192D8510000-memory.dmp

Filesize
64KB

Download
memory/1240-0-0x00007FF6F8360000-0x00007FF6F86B4000-memory.dmp

Filesize
3.3MB

Download
memory/1240-82-0x00007FF6F8360000-0x00007FF6F86B4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2052-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp

Filesize
3.3MB

Download
memory/1408-62-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp

Filesize
3.3MB

Download
memory/1408-2162-0x00007FF7AF3D0000-0x00007FF7AF724000-memory.dmp

Filesize
3.3MB

Download
memory/1536-526-0x00007FF7AB120000-0x00007FF7AB474000-memory.dmp

Filesize
3.3MB

Download
memory/1536-2178-0x00007FF7AB120000-0x00007FF7AB474000-memory.dmp

Filesize
3.3MB

Download
memory/1628-2173-0x00007FF695A70000-0x00007FF695DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-2149-0x00007FF695A70000-0x00007FF695DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-87-0x00007FF695A70000-0x00007FF695DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2176-0x00007FF6322F0000-0x00007FF632644000-memory.dmp

Filesize
3.3MB

Download
memory/1764-529-0x00007FF6322F0000-0x00007FF632644000-memory.dmp

Filesize
3.3MB

Download
memory/1768-2179-0x00007FF718AC0000-0x00007FF718E14000-memory.dmp

Filesize
3.3MB

Download
memory/1768-525-0x00007FF718AC0000-0x00007FF718E14000-memory.dmp

Filesize
3.3MB

Download
memory/1808-2169-0x00007FF6A3D00000-0x00007FF6A4054000-memory.dmp

Filesize
3.3MB

Download
memory/1808-519-0x00007FF6A3D00000-0x00007FF6A4054000-memory.dmp

Filesize
3.3MB

Download
memory/1848-104-0x00007FF7C68C0000-0x00007FF7C6C14000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2166-0x00007FF7C68C0000-0x00007FF7C6C14000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2055-0x00007FF6FF850000-0x00007FF6FFBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2163-0x00007FF6FF850000-0x00007FF6FFBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-67-0x00007FF6FF850000-0x00007FF6FFBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-2147-0x00007FF7760B0000-0x00007FF776404000-memory.dmp

Filesize
3.3MB

Download
memory/2160-77-0x00007FF7760B0000-0x00007FF776404000-memory.dmp

Filesize
3.3MB

Download
memory/2160-2165-0x00007FF7760B0000-0x00007FF776404000-memory.dmp

Filesize
3.3MB

Download
memory/2276-53-0x00007FF6C25E0000-0x00007FF6C2934000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2161-0x00007FF6C25E0000-0x00007FF6C2934000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2160-0x00007FF7551E0000-0x00007FF755534000-memory.dmp

Filesize
3.3MB

Download
memory/2448-44-0x00007FF7551E0000-0x00007FF755534000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2180-0x00007FF660BF0000-0x00007FF660F44000-memory.dmp

Filesize
3.3MB

Download
memory/2888-527-0x00007FF660BF0000-0x00007FF660F44000-memory.dmp

Filesize
3.3MB

Download
memory/3084-2182-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3084-522-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3168-89-0x00007FF622870000-0x00007FF622BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3168-2151-0x00007FF622870000-0x00007FF622BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3168-2167-0x00007FF622870000-0x00007FF622BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3364-2156-0x00007FF6A0ED0000-0x00007FF6A1224000-memory.dmp

Filesize
3.3MB

Download
memory/3364-22-0x00007FF6A0ED0000-0x00007FF6A1224000-memory.dmp

Filesize
3.3MB

Download
memory/3772-2154-0x00007FF6193E0000-0x00007FF619734000-memory.dmp

Filesize
3.3MB

Download
memory/3772-10-0x00007FF6193E0000-0x00007FF619734000-memory.dmp

Filesize
3.3MB

Download
memory/3820-2168-0x00007FF7D6460000-0x00007FF7D67B4000-memory.dmp

Filesize
3.3MB

Download
memory/3820-520-0x00007FF7D6460000-0x00007FF7D67B4000-memory.dmp

Filesize
3.3MB

Download
memory/3868-2159-0x00007FF6746D0000-0x00007FF674A24000-memory.dmp

Filesize
3.3MB

Download
memory/3868-36-0x00007FF6746D0000-0x00007FF674A24000-memory.dmp

Filesize
3.3MB

Download
memory/3868-1277-0x00007FF6746D0000-0x00007FF674A24000-memory.dmp

Filesize
3.3MB

Download
memory/3936-72-0x00007FF7E1870000-0x00007FF7E1BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-2164-0x00007FF7E1870000-0x00007FF7E1BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3972-2172-0x00007FF7C4BE0000-0x00007FF7C4F34000-memory.dmp

Filesize
3.3MB

Download
memory/3972-2150-0x00007FF7C4BE0000-0x00007FF7C4F34000-memory.dmp

Filesize
3.3MB

Download
memory/3972-93-0x00007FF7C4BE0000-0x00007FF7C4F34000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2181-0x00007FF7075D0000-0x00007FF707924000-memory.dmp

Filesize
3.3MB

Download
memory/4072-524-0x00007FF7075D0000-0x00007FF707924000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2158-0x00007FF629380000-0x00007FF6296D4000-memory.dmp

Filesize
3.3MB

Download
memory/4076-35-0x00007FF629380000-0x00007FF6296D4000-memory.dmp

Filesize
3.3MB

Download
memory/4212-528-0x00007FF78C940000-0x00007FF78CC94000-memory.dmp

Filesize
3.3MB

Download
memory/4212-2177-0x00007FF78C940000-0x00007FF78CC94000-memory.dmp

Filesize
3.3MB

Download
memory/4416-523-0x00007FF701B30000-0x00007FF701E84000-memory.dmp

Filesize
3.3MB

Download
memory/4416-2175-0x00007FF701B30000-0x00007FF701E84000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2153-0x00007FF6004F0000-0x00007FF600844000-memory.dmp

Filesize
3.3MB

Download
memory/4580-111-0x00007FF6004F0000-0x00007FF600844000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2170-0x00007FF6004F0000-0x00007FF600844000-memory.dmp

Filesize
3.3MB

Download
memory/4832-521-0x00007FF7CAFC0000-0x00007FF7CB314000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2174-0x00007FF7CAFC0000-0x00007FF7CB314000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2155-0x00007FF6E4B80000-0x00007FF6E4ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4996-16-0x00007FF6E4B80000-0x00007FF6E4ED4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads