xmrig | 3cbe52334f300b4ee24a90bb74291d1371664c7905327d6368f78151da45aa79

Analysis

max time kernel
121s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 17:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
Size

2.3MB
MD5

acfecfe0f5681a47fabd55f864dc2a30
SHA1

77a2d43faa65299f1104c569cae170df8faaa396
SHA256

3cbe52334f300b4ee24a90bb74291d1371664c7905327d6368f78151da45aa79
SHA512

28a55a33204d47897859bab32c8c50d5f7c26a09cc5fd86272875c72a522d79ca3642fa2a0487161b14efcc3d1b4df5879289836dec87d572bec20aada1f5b38
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wINF/Y2PgtkvV8oFwunvv:BemTLkNdfE0pZr1

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1976-0-0x00007FF76CDD0000-0x00007FF76D124000-memory.dmp	xmrig
behavioral2/files/0x00060000000232a4-5.dat	xmrig
behavioral2/files/0x0008000000023406-7.dat	xmrig
behavioral2/files/0x0007000000023407-17.dat	xmrig
behavioral2/files/0x0008000000023403-18.dat	xmrig
behavioral2/files/0x0007000000023408-35.dat	xmrig
behavioral2/files/0x000700000002340d-50.dat	xmrig
behavioral2/memory/2596-65-0x00007FF66DF10000-0x00007FF66E264000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-80.dat	xmrig
behavioral2/memory/1484-87-0x00007FF633EC0000-0x00007FF634214000-memory.dmp	xmrig
behavioral2/memory/2044-110-0x00007FF7B5330000-0x00007FF7B5684000-memory.dmp	xmrig
behavioral2/memory/2784-127-0x00007FF6E9170000-0x00007FF6E94C4000-memory.dmp	xmrig
behavioral2/memory/784-131-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp	xmrig
behavioral2/memory/2776-134-0x00007FF6B0B60000-0x00007FF6B0EB4000-memory.dmp	xmrig
behavioral2/memory/1384-133-0x00007FF7C42F0000-0x00007FF7C4644000-memory.dmp	xmrig
behavioral2/memory/1804-132-0x00007FF71A7D0000-0x00007FF71AB24000-memory.dmp	xmrig
behavioral2/memory/3228-130-0x00007FF6D84B0000-0x00007FF6D8804000-memory.dmp	xmrig
behavioral2/memory/1656-129-0x00007FF6CA2C0000-0x00007FF6CA614000-memory.dmp	xmrig
behavioral2/memory/1156-128-0x00007FF703100000-0x00007FF703454000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-125.dat	xmrig
behavioral2/files/0x0007000000023418-123.dat	xmrig
behavioral2/files/0x0007000000023417-121.dat	xmrig
behavioral2/files/0x0007000000023416-119.dat	xmrig
behavioral2/files/0x0007000000023415-117.dat	xmrig
behavioral2/files/0x0007000000023414-115.dat	xmrig
behavioral2/files/0x0007000000023413-113.dat	xmrig
behavioral2/memory/4428-112-0x00007FF6D21E0000-0x00007FF6D2534000-memory.dmp	xmrig
behavioral2/memory/3924-111-0x00007FF68A2A0000-0x00007FF68A5F4000-memory.dmp	xmrig
behavioral2/memory/2672-100-0x00007FF767340000-0x00007FF767694000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-84.dat	xmrig
behavioral2/files/0x0007000000023411-82.dat	xmrig
behavioral2/memory/2312-79-0x00007FF6F20A0000-0x00007FF6F23F4000-memory.dmp	xmrig
behavioral2/memory/1668-78-0x00007FF64A610000-0x00007FF64A964000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-76.dat	xmrig
behavioral2/files/0x000700000002340f-74.dat	xmrig
behavioral2/memory/1828-73-0x00007FF7BCDD0000-0x00007FF7BD124000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-68.dat	xmrig
behavioral2/files/0x000700000002340b-57.dat	xmrig
behavioral2/memory/1940-54-0x00007FF6ACD70000-0x00007FF6AD0C4000-memory.dmp	xmrig
behavioral2/memory/1852-53-0x00007FF77F5E0000-0x00007FF77F934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-46.dat	xmrig
behavioral2/files/0x000700000002340a-40.dat	xmrig
behavioral2/memory/3440-31-0x00007FF707EB0000-0x00007FF708204000-memory.dmp	xmrig
behavioral2/memory/4484-29-0x00007FF72CED0000-0x00007FF72D224000-memory.dmp	xmrig
behavioral2/memory/4840-11-0x00007FF6DEC30000-0x00007FF6DEF84000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-137.dat	xmrig
behavioral2/files/0x0007000000023420-170.dat	xmrig
behavioral2/files/0x000700000002341f-167.dat	xmrig
behavioral2/memory/4128-164-0x00007FF6C8B00000-0x00007FF6C8E54000-memory.dmp	xmrig
behavioral2/memory/4232-158-0x00007FF78BFF0000-0x00007FF78C344000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-150.dat	xmrig
behavioral2/files/0x000700000002341e-159.dat	xmrig
behavioral2/files/0x0008000000023404-145.dat	xmrig
behavioral2/files/0x000700000002341d-153.dat	xmrig
behavioral2/files/0x000700000002341b-149.dat	xmrig
behavioral2/files/0x0007000000023425-187.dat	xmrig
behavioral2/memory/368-212-0x00007FF6C4F60000-0x00007FF6C52B4000-memory.dmp	xmrig
behavioral2/memory/4732-222-0x00007FF69BC40000-0x00007FF69BF94000-memory.dmp	xmrig
behavioral2/memory/740-230-0x00007FF7E5250000-0x00007FF7E55A4000-memory.dmp	xmrig
behavioral2/memory/1200-200-0x00007FF763D60000-0x00007FF7640B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-196.dat	xmrig
behavioral2/memory/3624-185-0x00007FF66A790000-0x00007FF66AAE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-184.dat	xmrig
behavioral2/files/0x0007000000023422-183.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4840	ubpvNLS.exe
4484	itxozet.exe
3440	TXCyrtO.exe
1852	oQoyYMG.exe
2044	fOHwqTE.exe
3924	sYAbNuv.exe
1940	EsKcoma.exe
2596	ufrtUFJ.exe
1828	oMLXFXg.exe
1668	vhrGWNz.exe
4428	FpXDPpI.exe
2312	dpbxLBq.exe
2784	lmtHHTf.exe
1484	VqCDUVE.exe
2672	tUymFeP.exe
2776	wNWVEBh.exe
1156	GWvAthj.exe
1656	andHsyh.exe
3228	ffLHoym.exe
784	xKSEpMD.exe
1804	JKqkkaV.exe
1384	xhRBgPr.exe
4232	jOyPJhx.exe
1200	sWDxuHF.exe
368	WVjssph.exe
4128	iLnENIY.exe
3624	zqicAxi.exe
4732	VXIcNpJ.exe
740	NkKjSvq.exe
4908	xhHnAGd.exe
1028	LGJCHCR.exe
3868	YkDlUsT.exe
4900	Rafuiaa.exe
1968	tOLSfOv.exe
4744	nelNPQR.exe
1044	JhIWzkG.exe
640	WMaaXhr.exe
3952	BRHatoH.exe
3796	YMhnyYE.exe
1392	PZIgeQM.exe
1488	iVnuIqn.exe
4168	jLwKaQL.exe
1120	lKrIMha.exe
1892	hTTzrkZ.exe
4532	sQdsrEm.exe
4984	YTHnZSL.exe
1780	zQZdosF.exe
4264	ADimcKW.exe
3504	HFQWURR.exe
3508	LHKNpPi.exe
3892	QGQrGqc.exe
4584	QBhTroa.exe
2228	tZjOJjl.exe
64	wLwySYc.exe
3704	eNNaYwN.exe
2068	PGrElsQ.exe
448	hQrbXfF.exe
2220	iNVswcK.exe
2760	qVGcpkj.exe
1576	xmfsmbr.exe
2772	SyjxLfq.exe
5008	falNWBg.exe
1160	LLRJxjB.exe
4636	ZCQokYk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1976-0-0x00007FF76CDD0000-0x00007FF76D124000-memory.dmp	upx
behavioral2/files/0x00060000000232a4-5.dat	upx
behavioral2/files/0x0008000000023406-7.dat	upx
behavioral2/files/0x0007000000023407-17.dat	upx
behavioral2/files/0x0008000000023403-18.dat	upx
behavioral2/files/0x0007000000023408-35.dat	upx
behavioral2/files/0x000700000002340d-50.dat	upx
behavioral2/memory/2596-65-0x00007FF66DF10000-0x00007FF66E264000-memory.dmp	upx
behavioral2/files/0x000700000002340e-80.dat	upx
behavioral2/memory/1484-87-0x00007FF633EC0000-0x00007FF634214000-memory.dmp	upx
behavioral2/memory/2044-110-0x00007FF7B5330000-0x00007FF7B5684000-memory.dmp	upx
behavioral2/memory/2784-127-0x00007FF6E9170000-0x00007FF6E94C4000-memory.dmp	upx
behavioral2/memory/784-131-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp	upx
behavioral2/memory/2776-134-0x00007FF6B0B60000-0x00007FF6B0EB4000-memory.dmp	upx
behavioral2/memory/1384-133-0x00007FF7C42F0000-0x00007FF7C4644000-memory.dmp	upx
behavioral2/memory/1804-132-0x00007FF71A7D0000-0x00007FF71AB24000-memory.dmp	upx
behavioral2/memory/3228-130-0x00007FF6D84B0000-0x00007FF6D8804000-memory.dmp	upx
behavioral2/memory/1656-129-0x00007FF6CA2C0000-0x00007FF6CA614000-memory.dmp	upx
behavioral2/memory/1156-128-0x00007FF703100000-0x00007FF703454000-memory.dmp	upx
behavioral2/files/0x0007000000023419-125.dat	upx
behavioral2/files/0x0007000000023418-123.dat	upx
behavioral2/files/0x0007000000023417-121.dat	upx
behavioral2/files/0x0007000000023416-119.dat	upx
behavioral2/files/0x0007000000023415-117.dat	upx
behavioral2/files/0x0007000000023414-115.dat	upx
behavioral2/files/0x0007000000023413-113.dat	upx
behavioral2/memory/4428-112-0x00007FF6D21E0000-0x00007FF6D2534000-memory.dmp	upx
behavioral2/memory/3924-111-0x00007FF68A2A0000-0x00007FF68A5F4000-memory.dmp	upx
behavioral2/memory/2672-100-0x00007FF767340000-0x00007FF767694000-memory.dmp	upx
behavioral2/files/0x0007000000023412-84.dat	upx
behavioral2/files/0x0007000000023411-82.dat	upx
behavioral2/memory/2312-79-0x00007FF6F20A0000-0x00007FF6F23F4000-memory.dmp	upx
behavioral2/memory/1668-78-0x00007FF64A610000-0x00007FF64A964000-memory.dmp	upx
behavioral2/files/0x0007000000023410-76.dat	upx
behavioral2/files/0x000700000002340f-74.dat	upx
behavioral2/memory/1828-73-0x00007FF7BCDD0000-0x00007FF7BD124000-memory.dmp	upx
behavioral2/files/0x000700000002340c-68.dat	upx
behavioral2/files/0x000700000002340b-57.dat	upx
behavioral2/memory/1940-54-0x00007FF6ACD70000-0x00007FF6AD0C4000-memory.dmp	upx
behavioral2/memory/1852-53-0x00007FF77F5E0000-0x00007FF77F934000-memory.dmp	upx
behavioral2/files/0x0007000000023409-46.dat	upx
behavioral2/files/0x000700000002340a-40.dat	upx
behavioral2/memory/3440-31-0x00007FF707EB0000-0x00007FF708204000-memory.dmp	upx
behavioral2/memory/4484-29-0x00007FF72CED0000-0x00007FF72D224000-memory.dmp	upx
behavioral2/memory/4840-11-0x00007FF6DEC30000-0x00007FF6DEF84000-memory.dmp	upx
behavioral2/files/0x000700000002341a-137.dat	upx
behavioral2/files/0x0007000000023420-170.dat	upx
behavioral2/files/0x000700000002341f-167.dat	upx
behavioral2/memory/4128-164-0x00007FF6C8B00000-0x00007FF6C8E54000-memory.dmp	upx
behavioral2/memory/4232-158-0x00007FF78BFF0000-0x00007FF78C344000-memory.dmp	upx
behavioral2/files/0x000700000002341c-150.dat	upx
behavioral2/files/0x000700000002341e-159.dat	upx
behavioral2/files/0x0008000000023404-145.dat	upx
behavioral2/files/0x000700000002341d-153.dat	upx
behavioral2/files/0x000700000002341b-149.dat	upx
behavioral2/files/0x0007000000023425-187.dat	upx
behavioral2/memory/368-212-0x00007FF6C4F60000-0x00007FF6C52B4000-memory.dmp	upx
behavioral2/memory/4732-222-0x00007FF69BC40000-0x00007FF69BF94000-memory.dmp	upx
behavioral2/memory/740-230-0x00007FF7E5250000-0x00007FF7E55A4000-memory.dmp	upx
behavioral2/memory/1200-200-0x00007FF763D60000-0x00007FF7640B4000-memory.dmp	upx
behavioral2/files/0x0007000000023423-196.dat	upx
behavioral2/memory/3624-185-0x00007FF66A790000-0x00007FF66AAE4000-memory.dmp	upx
behavioral2/files/0x0007000000023424-184.dat	upx
behavioral2/files/0x0007000000023422-183.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RvFlyeF.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\DlUyeyi.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\PlVphIe.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\ZwhrMLG.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\rufTrka.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\LHKNpPi.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\LXzjThL.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\kDaGtcZ.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\WMaaXhr.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\JqplTRL.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\xQujfgE.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\XJWKHIL.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\LsZQRRG.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\ZwwUwmD.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\ZkEYvUl.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\RYFyxhg.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\PGrElsQ.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\JfPiWDy.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\EnBhnjz.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\guruwRv.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\tUymFeP.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\QMgCdNs.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\rfnsnCr.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\ifRZCnv.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\JCpjGbp.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\eSmTkPm.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\KhHCGZI.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\cpGCFaj.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\YYJbgOv.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\uijgVVQ.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\IrsNzRd.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\JLKTKZj.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\KGFRCDS.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\UbsvJGs.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\eVSzRKP.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\nelNPQR.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\MlWodIN.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\BPmfUkk.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\DwxsDPF.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\gaQXSbS.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\MLLRKPH.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\CkoeZCz.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\PfcQCSf.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\FizrBQU.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\xpHsMoQ.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\aDwnFdj.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\fQDpgAZ.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\SBGLPlR.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\OrUZwBI.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\huYySDx.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\qXgxdfL.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\XXwSynR.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\wKBuqFp.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\zSFevHk.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\EsKcoma.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\rRciiJM.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\hButSqS.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\OdEjlTx.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\gBsrfoY.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\TdLGcKD.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\idqfMcE.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\RXAQpaz.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\aqyMWSv.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
File created	C:\Windows\System\NcWUoBC.exe	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3520	dwm.exe
Token: SeChangeNotifyPrivilege	3520	dwm.exe
Token: 33	3520	dwm.exe
Token: SeIncBasePriorityPrivilege	3520	dwm.exe
Token: SeShutdownPrivilege	3520	dwm.exe
Token: SeCreatePagefilePrivilege	3520	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 4840	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	81
PID 1976 wrote to memory of 4840	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	81
PID 1976 wrote to memory of 4484	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	82
PID 1976 wrote to memory of 4484	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	82
PID 1976 wrote to memory of 3440	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	83
PID 1976 wrote to memory of 3440	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	83
PID 1976 wrote to memory of 1852	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	84
PID 1976 wrote to memory of 1852	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	84
PID 1976 wrote to memory of 2044	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	85
PID 1976 wrote to memory of 2044	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	85
PID 1976 wrote to memory of 1940	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	86
PID 1976 wrote to memory of 1940	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	86
PID 1976 wrote to memory of 3924	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	87
PID 1976 wrote to memory of 3924	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	87
PID 1976 wrote to memory of 2596	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	88
PID 1976 wrote to memory of 2596	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	88
PID 1976 wrote to memory of 1828	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	89
PID 1976 wrote to memory of 1828	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	89
PID 1976 wrote to memory of 1668	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	90
PID 1976 wrote to memory of 1668	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	90
PID 1976 wrote to memory of 2784	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	91
PID 1976 wrote to memory of 2784	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	91
PID 1976 wrote to memory of 4428	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	92
PID 1976 wrote to memory of 4428	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	92
PID 1976 wrote to memory of 2312	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	93
PID 1976 wrote to memory of 2312	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	93
PID 1976 wrote to memory of 1484	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	94
PID 1976 wrote to memory of 1484	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	94
PID 1976 wrote to memory of 2672	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	95
PID 1976 wrote to memory of 2672	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	95
PID 1976 wrote to memory of 2776	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	96
PID 1976 wrote to memory of 2776	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	96
PID 1976 wrote to memory of 1156	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	97
PID 1976 wrote to memory of 1156	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	97
PID 1976 wrote to memory of 1656	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	98
PID 1976 wrote to memory of 1656	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	98
PID 1976 wrote to memory of 3228	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	99
PID 1976 wrote to memory of 3228	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	99
PID 1976 wrote to memory of 784	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	100
PID 1976 wrote to memory of 784	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	100
PID 1976 wrote to memory of 1804	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	101
PID 1976 wrote to memory of 1804	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	101
PID 1976 wrote to memory of 1384	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	102
PID 1976 wrote to memory of 1384	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	102
PID 1976 wrote to memory of 4232	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	103
PID 1976 wrote to memory of 4232	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	103
PID 1976 wrote to memory of 1200	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	104
PID 1976 wrote to memory of 1200	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	104
PID 1976 wrote to memory of 368	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	105
PID 1976 wrote to memory of 368	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	105
PID 1976 wrote to memory of 4128	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	106
PID 1976 wrote to memory of 4128	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	106
PID 1976 wrote to memory of 3624	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	107
PID 1976 wrote to memory of 3624	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	107
PID 1976 wrote to memory of 4732	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	108
PID 1976 wrote to memory of 4732	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	108
PID 1976 wrote to memory of 740	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	109
PID 1976 wrote to memory of 740	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	109
PID 1976 wrote to memory of 4908	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	110
PID 1976 wrote to memory of 4908	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	110
PID 1976 wrote to memory of 1028	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	111
PID 1976 wrote to memory of 1028	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	111
PID 1976 wrote to memory of 3868	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	112
PID 1976 wrote to memory of 3868	1976	acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe	112

C:\Users\Admin\AppData\Local\Temp\acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\acfecfe0f5681a47fabd55f864dc2a30_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\System\ubpvNLS.exe
  C:\Windows\System\ubpvNLS.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\itxozet.exe
  C:\Windows\System\itxozet.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\TXCyrtO.exe
  C:\Windows\System\TXCyrtO.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\oQoyYMG.exe
  C:\Windows\System\oQoyYMG.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\fOHwqTE.exe
  C:\Windows\System\fOHwqTE.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\EsKcoma.exe
  C:\Windows\System\EsKcoma.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\sYAbNuv.exe
  C:\Windows\System\sYAbNuv.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\ufrtUFJ.exe
  C:\Windows\System\ufrtUFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\oMLXFXg.exe
  C:\Windows\System\oMLXFXg.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\vhrGWNz.exe
  C:\Windows\System\vhrGWNz.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\lmtHHTf.exe
  C:\Windows\System\lmtHHTf.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\FpXDPpI.exe
  C:\Windows\System\FpXDPpI.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\dpbxLBq.exe
  C:\Windows\System\dpbxLBq.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\VqCDUVE.exe
  C:\Windows\System\VqCDUVE.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\tUymFeP.exe
  C:\Windows\System\tUymFeP.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\wNWVEBh.exe
  C:\Windows\System\wNWVEBh.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\GWvAthj.exe
  C:\Windows\System\GWvAthj.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\andHsyh.exe
  C:\Windows\System\andHsyh.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\ffLHoym.exe
  C:\Windows\System\ffLHoym.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\xKSEpMD.exe
  C:\Windows\System\xKSEpMD.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\JKqkkaV.exe
  C:\Windows\System\JKqkkaV.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\xhRBgPr.exe
  C:\Windows\System\xhRBgPr.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\jOyPJhx.exe
  C:\Windows\System\jOyPJhx.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\sWDxuHF.exe
  C:\Windows\System\sWDxuHF.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\WVjssph.exe
  C:\Windows\System\WVjssph.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\iLnENIY.exe
  C:\Windows\System\iLnENIY.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\zqicAxi.exe
  C:\Windows\System\zqicAxi.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\VXIcNpJ.exe
  C:\Windows\System\VXIcNpJ.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\NkKjSvq.exe
  C:\Windows\System\NkKjSvq.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\xhHnAGd.exe
  C:\Windows\System\xhHnAGd.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\LGJCHCR.exe
  C:\Windows\System\LGJCHCR.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\YkDlUsT.exe
  C:\Windows\System\YkDlUsT.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\JhIWzkG.exe
  C:\Windows\System\JhIWzkG.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\Rafuiaa.exe
  C:\Windows\System\Rafuiaa.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\tOLSfOv.exe
  C:\Windows\System\tOLSfOv.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\nelNPQR.exe
  C:\Windows\System\nelNPQR.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\WMaaXhr.exe
  C:\Windows\System\WMaaXhr.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\BRHatoH.exe
  C:\Windows\System\BRHatoH.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\YMhnyYE.exe
  C:\Windows\System\YMhnyYE.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\PZIgeQM.exe
  C:\Windows\System\PZIgeQM.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\iVnuIqn.exe
  C:\Windows\System\iVnuIqn.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\jLwKaQL.exe
  C:\Windows\System\jLwKaQL.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\lKrIMha.exe
  C:\Windows\System\lKrIMha.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\hTTzrkZ.exe
  C:\Windows\System\hTTzrkZ.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\sQdsrEm.exe
  C:\Windows\System\sQdsrEm.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\YTHnZSL.exe
  C:\Windows\System\YTHnZSL.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\zQZdosF.exe
  C:\Windows\System\zQZdosF.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\ADimcKW.exe
  C:\Windows\System\ADimcKW.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\HFQWURR.exe
  C:\Windows\System\HFQWURR.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\LHKNpPi.exe
  C:\Windows\System\LHKNpPi.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\QGQrGqc.exe
  C:\Windows\System\QGQrGqc.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\QBhTroa.exe
  C:\Windows\System\QBhTroa.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\tZjOJjl.exe
  C:\Windows\System\tZjOJjl.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\wLwySYc.exe
  C:\Windows\System\wLwySYc.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\eNNaYwN.exe
  C:\Windows\System\eNNaYwN.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\PGrElsQ.exe
  C:\Windows\System\PGrElsQ.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\hQrbXfF.exe
  C:\Windows\System\hQrbXfF.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\iNVswcK.exe
  C:\Windows\System\iNVswcK.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\qVGcpkj.exe
  C:\Windows\System\qVGcpkj.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\xmfsmbr.exe
  C:\Windows\System\xmfsmbr.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\SyjxLfq.exe
  C:\Windows\System\SyjxLfq.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\falNWBg.exe
  C:\Windows\System\falNWBg.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\LLRJxjB.exe
  C:\Windows\System\LLRJxjB.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\ZCQokYk.exe
  C:\Windows\System\ZCQokYk.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\RaEjFkZ.exe
  C:\Windows\System\RaEjFkZ.exe
  2⤵
  PID:4644
- C:\Windows\System\BKssldE.exe
  C:\Windows\System\BKssldE.exe
  2⤵
  PID:2328
- C:\Windows\System\PRnZWjk.exe
  C:\Windows\System\PRnZWjk.exe
  2⤵
  PID:1580
- C:\Windows\System\FCyEHqc.exe
  C:\Windows\System\FCyEHqc.exe
  2⤵
  PID:1796
- C:\Windows\System\cpGCFaj.exe
  C:\Windows\System\cpGCFaj.exe
  2⤵
  PID:4988
- C:\Windows\System\vRoLJlg.exe
  C:\Windows\System\vRoLJlg.exe
  2⤵
  PID:4724
- C:\Windows\System\llhyrpv.exe
  C:\Windows\System\llhyrpv.exe
  2⤵
  PID:4956
- C:\Windows\System\WzduQuu.exe
  C:\Windows\System\WzduQuu.exe
  2⤵
  PID:1876
- C:\Windows\System\HdruUFg.exe
  C:\Windows\System\HdruUFg.exe
  2⤵
  PID:4884
- C:\Windows\System\huYySDx.exe
  C:\Windows\System\huYySDx.exe
  2⤵
  PID:3676
- C:\Windows\System\TzrvXRs.exe
  C:\Windows\System\TzrvXRs.exe
  2⤵
  PID:4968
- C:\Windows\System\JqplTRL.exe
  C:\Windows\System\JqplTRL.exe
  2⤵
  PID:3700
- C:\Windows\System\PumDZQe.exe
  C:\Windows\System\PumDZQe.exe
  2⤵
  PID:4032
- C:\Windows\System\GskFyob.exe
  C:\Windows\System\GskFyob.exe
  2⤵
  PID:1332
- C:\Windows\System\gSurKTD.exe
  C:\Windows\System\gSurKTD.exe
  2⤵
  PID:3540
- C:\Windows\System\dtMFcIi.exe
  C:\Windows\System\dtMFcIi.exe
  2⤵
  PID:4516
- C:\Windows\System\gVwpimJ.exe
  C:\Windows\System\gVwpimJ.exe
  2⤵
  PID:1724
- C:\Windows\System\vcjRqmi.exe
  C:\Windows\System\vcjRqmi.exe
  2⤵
  PID:3232
- C:\Windows\System\OrmisLE.exe
  C:\Windows\System\OrmisLE.exe
  2⤵
  PID:2204
- C:\Windows\System\fNfdfBi.exe
  C:\Windows\System\fNfdfBi.exe
  2⤵
  PID:4660
- C:\Windows\System\jAbaZIi.exe
  C:\Windows\System\jAbaZIi.exe
  2⤵
  PID:628
- C:\Windows\System\jGciCeF.exe
  C:\Windows\System\jGciCeF.exe
  2⤵
  PID:2288
- C:\Windows\System\sQBxExl.exe
  C:\Windows\System\sQBxExl.exe
  2⤵
  PID:1380
- C:\Windows\System\WOpgSVg.exe
  C:\Windows\System\WOpgSVg.exe
  2⤵
  PID:2056
- C:\Windows\System\dQRVJMW.exe
  C:\Windows\System\dQRVJMW.exe
  2⤵
  PID:1908
- C:\Windows\System\OdEjlTx.exe
  C:\Windows\System\OdEjlTx.exe
  2⤵
  PID:1812
- C:\Windows\System\zINyBdZ.exe
  C:\Windows\System\zINyBdZ.exe
  2⤵
  PID:3828
- C:\Windows\System\FtAgwuI.exe
  C:\Windows\System\FtAgwuI.exe
  2⤵
  PID:1784
- C:\Windows\System\MRZuwGZ.exe
  C:\Windows\System\MRZuwGZ.exe
  2⤵
  PID:2144
- C:\Windows\System\aMSmoKZ.exe
  C:\Windows\System\aMSmoKZ.exe
  2⤵
  PID:3660
- C:\Windows\System\EPRkiMU.exe
  C:\Windows\System\EPRkiMU.exe
  2⤵
  PID:4868
- C:\Windows\System\JfPiWDy.exe
  C:\Windows\System\JfPiWDy.exe
  2⤵
  PID:3340
- C:\Windows\System\gVEBsvW.exe
  C:\Windows\System\gVEBsvW.exe
  2⤵
  PID:4716
- C:\Windows\System\JYkLucY.exe
  C:\Windows\System\JYkLucY.exe
  2⤵
  PID:3108
- C:\Windows\System\RTNCovz.exe
  C:\Windows\System\RTNCovz.exe
  2⤵
  PID:2788
- C:\Windows\System\gBsrfoY.exe
  C:\Windows\System\gBsrfoY.exe
  2⤵
  PID:3804
- C:\Windows\System\CkoeZCz.exe
  C:\Windows\System\CkoeZCz.exe
  2⤵
  PID:2592
- C:\Windows\System\LDxZytD.exe
  C:\Windows\System\LDxZytD.exe
  2⤵
  PID:5136
- C:\Windows\System\bUcFOnr.exe
  C:\Windows\System\bUcFOnr.exe
  2⤵
  PID:5164
- C:\Windows\System\kPQqEIc.exe
  C:\Windows\System\kPQqEIc.exe
  2⤵
  PID:5188
- C:\Windows\System\nJJLCQq.exe
  C:\Windows\System\nJJLCQq.exe
  2⤵
  PID:5204
- C:\Windows\System\nQXYCrO.exe
  C:\Windows\System\nQXYCrO.exe
  2⤵
  PID:5240
- C:\Windows\System\FHUvLJe.exe
  C:\Windows\System\FHUvLJe.exe
  2⤵
  PID:5276
- C:\Windows\System\GUHHKwH.exe
  C:\Windows\System\GUHHKwH.exe
  2⤵
  PID:5316
- C:\Windows\System\bDRLHiM.exe
  C:\Windows\System\bDRLHiM.exe
  2⤵
  PID:5348
- C:\Windows\System\fEundNZ.exe
  C:\Windows\System\fEundNZ.exe
  2⤵
  PID:5376
- C:\Windows\System\JYUiGsB.exe
  C:\Windows\System\JYUiGsB.exe
  2⤵
  PID:5396
- C:\Windows\System\PYOFvPc.exe
  C:\Windows\System\PYOFvPc.exe
  2⤵
  PID:5432
- C:\Windows\System\FxxKPEM.exe
  C:\Windows\System\FxxKPEM.exe
  2⤵
  PID:5460
- C:\Windows\System\gWZYxGG.exe
  C:\Windows\System\gWZYxGG.exe
  2⤵
  PID:5476
- C:\Windows\System\PpwfcyE.exe
  C:\Windows\System\PpwfcyE.exe
  2⤵
  PID:5512
- C:\Windows\System\tSbkRiy.exe
  C:\Windows\System\tSbkRiy.exe
  2⤵
  PID:5544
- C:\Windows\System\hEDfCbZ.exe
  C:\Windows\System\hEDfCbZ.exe
  2⤵
  PID:5572
- C:\Windows\System\KRzfkCT.exe
  C:\Windows\System\KRzfkCT.exe
  2⤵
  PID:5588
- C:\Windows\System\BGyhyVl.exe
  C:\Windows\System\BGyhyVl.exe
  2⤵
  PID:5608
- C:\Windows\System\BRuUiVy.exe
  C:\Windows\System\BRuUiVy.exe
  2⤵
  PID:5644
- C:\Windows\System\ZNKibeE.exe
  C:\Windows\System\ZNKibeE.exe
  2⤵
  PID:5672
- C:\Windows\System\VPRxYRM.exe
  C:\Windows\System\VPRxYRM.exe
  2⤵
  PID:5704
- C:\Windows\System\pQMOlOm.exe
  C:\Windows\System\pQMOlOm.exe
  2⤵
  PID:5748
- C:\Windows\System\ToymDVh.exe
  C:\Windows\System\ToymDVh.exe
  2⤵
  PID:5772
- C:\Windows\System\tdTVTKH.exe
  C:\Windows\System\tdTVTKH.exe
  2⤵
  PID:5800
- C:\Windows\System\eAyehOz.exe
  C:\Windows\System\eAyehOz.exe
  2⤵
  PID:5844
- C:\Windows\System\IWVDoHd.exe
  C:\Windows\System\IWVDoHd.exe
  2⤵
  PID:5876
- C:\Windows\System\YfEHOwz.exe
  C:\Windows\System\YfEHOwz.exe
  2⤵
  PID:5904
- C:\Windows\System\kbIPLhp.exe
  C:\Windows\System\kbIPLhp.exe
  2⤵
  PID:5932
- C:\Windows\System\telqSek.exe
  C:\Windows\System\telqSek.exe
  2⤵
  PID:5960
- C:\Windows\System\EEKmYjP.exe
  C:\Windows\System\EEKmYjP.exe
  2⤵
  PID:5992
- C:\Windows\System\BSBxCtQ.exe
  C:\Windows\System\BSBxCtQ.exe
  2⤵
  PID:6028
- C:\Windows\System\XBHuCke.exe
  C:\Windows\System\XBHuCke.exe
  2⤵
  PID:6064
- C:\Windows\System\xQujfgE.exe
  C:\Windows\System\xQujfgE.exe
  2⤵
  PID:6084
- C:\Windows\System\GpSaJUp.exe
  C:\Windows\System\GpSaJUp.exe
  2⤵
  PID:6120
- C:\Windows\System\goeModM.exe
  C:\Windows\System\goeModM.exe
  2⤵
  PID:3380
- C:\Windows\System\BNDZUTW.exe
  C:\Windows\System\BNDZUTW.exe
  2⤵
  PID:5200
- C:\Windows\System\bjycRnk.exe
  C:\Windows\System\bjycRnk.exe
  2⤵
  PID:5304
- C:\Windows\System\uMfpqKZ.exe
  C:\Windows\System\uMfpqKZ.exe
  2⤵
  PID:5388
- C:\Windows\System\UbsvJGs.exe
  C:\Windows\System\UbsvJGs.exe
  2⤵
  PID:5452
- C:\Windows\System\LXzjThL.exe
  C:\Windows\System\LXzjThL.exe
  2⤵
  PID:5532
- C:\Windows\System\SMpeuLj.exe
  C:\Windows\System\SMpeuLj.exe
  2⤵
  PID:5596
- C:\Windows\System\GqlzdCE.exe
  C:\Windows\System\GqlzdCE.exe
  2⤵
  PID:5664
- C:\Windows\System\CDQfKSA.exe
  C:\Windows\System\CDQfKSA.exe
  2⤵
  PID:5756
- C:\Windows\System\WqIOlMp.exe
  C:\Windows\System\WqIOlMp.exe
  2⤵
  PID:5824
- C:\Windows\System\wdkRwME.exe
  C:\Windows\System\wdkRwME.exe
  2⤵
  PID:5896
- C:\Windows\System\TdLGcKD.exe
  C:\Windows\System\TdLGcKD.exe
  2⤵
  PID:5944
- C:\Windows\System\sTpdCdv.exe
  C:\Windows\System\sTpdCdv.exe
  2⤵
  PID:6040
- C:\Windows\System\NPTuymK.exe
  C:\Windows\System\NPTuymK.exe
  2⤵
  PID:6080
- C:\Windows\System\swouBCV.exe
  C:\Windows\System\swouBCV.exe
  2⤵
  PID:5156
- C:\Windows\System\FAMilVg.exe
  C:\Windows\System\FAMilVg.exe
  2⤵
  PID:5220
- C:\Windows\System\VriQRcM.exe
  C:\Windows\System\VriQRcM.exe
  2⤵
  PID:5356
- C:\Windows\System\jMzCkzQ.exe
  C:\Windows\System\jMzCkzQ.exe
  2⤵
  PID:5668
- C:\Windows\System\fEXnpdn.exe
  C:\Windows\System\fEXnpdn.exe
  2⤵
  PID:5784
- C:\Windows\System\kDaGtcZ.exe
  C:\Windows\System\kDaGtcZ.exe
  2⤵
  PID:6016
- C:\Windows\System\nadkkAS.exe
  C:\Windows\System\nadkkAS.exe
  2⤵
  PID:6056
- C:\Windows\System\tCRDuww.exe
  C:\Windows\System\tCRDuww.exe
  2⤵
  PID:5556
- C:\Windows\System\euhaOHC.exe
  C:\Windows\System\euhaOHC.exe
  2⤵
  PID:6148
- C:\Windows\System\dXBKuSt.exe
  C:\Windows\System\dXBKuSt.exe
  2⤵
  PID:6180
- C:\Windows\System\jQGQncF.exe
  C:\Windows\System\jQGQncF.exe
  2⤵
  PID:6220
- C:\Windows\System\TYUVOWn.exe
  C:\Windows\System\TYUVOWn.exe
  2⤵
  PID:6256
- C:\Windows\System\GHCWFAW.exe
  C:\Windows\System\GHCWFAW.exe
  2⤵
  PID:6288
- C:\Windows\System\rcRDHnY.exe
  C:\Windows\System\rcRDHnY.exe
  2⤵
  PID:6324
- C:\Windows\System\IeGkTRt.exe
  C:\Windows\System\IeGkTRt.exe
  2⤵
  PID:6352
- C:\Windows\System\XcMBmNa.exe
  C:\Windows\System\XcMBmNa.exe
  2⤵
  PID:6384
- C:\Windows\System\pnHgNvc.exe
  C:\Windows\System\pnHgNvc.exe
  2⤵
  PID:6452
- C:\Windows\System\qrzaDXg.exe
  C:\Windows\System\qrzaDXg.exe
  2⤵
  PID:6468
- C:\Windows\System\iiSxNjj.exe
  C:\Windows\System\iiSxNjj.exe
  2⤵
  PID:6508
- C:\Windows\System\TNSnQWj.exe
  C:\Windows\System\TNSnQWj.exe
  2⤵
  PID:6536
- C:\Windows\System\kSRUolg.exe
  C:\Windows\System\kSRUolg.exe
  2⤵
  PID:6564
- C:\Windows\System\jIvnKfT.exe
  C:\Windows\System\jIvnKfT.exe
  2⤵
  PID:6592
- C:\Windows\System\vrcevSr.exe
  C:\Windows\System\vrcevSr.exe
  2⤵
  PID:6620
- C:\Windows\System\jOXPOLf.exe
  C:\Windows\System\jOXPOLf.exe
  2⤵
  PID:6636
- C:\Windows\System\VgZqDZV.exe
  C:\Windows\System\VgZqDZV.exe
  2⤵
  PID:6652
- C:\Windows\System\rRciiJM.exe
  C:\Windows\System\rRciiJM.exe
  2⤵
  PID:6668
- C:\Windows\System\bxRxJWj.exe
  C:\Windows\System\bxRxJWj.exe
  2⤵
  PID:6700
- C:\Windows\System\noeDqol.exe
  C:\Windows\System\noeDqol.exe
  2⤵
  PID:6724
- C:\Windows\System\axPcDLe.exe
  C:\Windows\System\axPcDLe.exe
  2⤵
  PID:6764
- C:\Windows\System\MlWodIN.exe
  C:\Windows\System\MlWodIN.exe
  2⤵
  PID:6804
- C:\Windows\System\ahRUJRB.exe
  C:\Windows\System\ahRUJRB.exe
  2⤵
  PID:6848
- C:\Windows\System\ejuSFVl.exe
  C:\Windows\System\ejuSFVl.exe
  2⤵
  PID:6876
- C:\Windows\System\idqfMcE.exe
  C:\Windows\System\idqfMcE.exe
  2⤵
  PID:6904
- C:\Windows\System\DWPENyf.exe
  C:\Windows\System\DWPENyf.exe
  2⤵
  PID:6932
- C:\Windows\System\UFIpLIY.exe
  C:\Windows\System\UFIpLIY.exe
  2⤵
  PID:6960
- C:\Windows\System\FRSEImu.exe
  C:\Windows\System\FRSEImu.exe
  2⤵
  PID:6988
- C:\Windows\System\AWfsYkx.exe
  C:\Windows\System\AWfsYkx.exe
  2⤵
  PID:7016
- C:\Windows\System\hCrFMiq.exe
  C:\Windows\System\hCrFMiq.exe
  2⤵
  PID:7044
- C:\Windows\System\bQNbhfa.exe
  C:\Windows\System\bQNbhfa.exe
  2⤵
  PID:7076
- C:\Windows\System\KwIzCzo.exe
  C:\Windows\System\KwIzCzo.exe
  2⤵
  PID:7100
- C:\Windows\System\EhsURHf.exe
  C:\Windows\System\EhsURHf.exe
  2⤵
  PID:7128
- C:\Windows\System\IfFIdwH.exe
  C:\Windows\System\IfFIdwH.exe
  2⤵
  PID:7160
- C:\Windows\System\AXBYyDX.exe
  C:\Windows\System\AXBYyDX.exe
  2⤵
  PID:5980
- C:\Windows\System\GwouOjw.exe
  C:\Windows\System\GwouOjw.exe
  2⤵
  PID:6200
- C:\Windows\System\nkdmDuU.exe
  C:\Windows\System\nkdmDuU.exe
  2⤵
  PID:6204
- C:\Windows\System\KwnlRby.exe
  C:\Windows\System\KwnlRby.exe
  2⤵
  PID:6272
- C:\Windows\System\NBwWDAu.exe
  C:\Windows\System\NBwWDAu.exe
  2⤵
  PID:6344
- C:\Windows\System\GdKbXEi.exe
  C:\Windows\System\GdKbXEi.exe
  2⤵
  PID:6400
- C:\Windows\System\KyctmxT.exe
  C:\Windows\System\KyctmxT.exe
  2⤵
  PID:6500
- C:\Windows\System\annFgMV.exe
  C:\Windows\System\annFgMV.exe
  2⤵
  PID:5984
- C:\Windows\System\KGFRCDS.exe
  C:\Windows\System\KGFRCDS.exe
  2⤵
  PID:6588
- C:\Windows\System\TMjDqSi.exe
  C:\Windows\System\TMjDqSi.exe
  2⤵
  PID:6664
- C:\Windows\System\viHvzmz.exe
  C:\Windows\System\viHvzmz.exe
  2⤵
  PID:6684
- C:\Windows\System\XrVFgyO.exe
  C:\Windows\System\XrVFgyO.exe
  2⤵
  PID:6788
- C:\Windows\System\DerxYTD.exe
  C:\Windows\System\DerxYTD.exe
  2⤵
  PID:6868
- C:\Windows\System\nNewkZw.exe
  C:\Windows\System\nNewkZw.exe
  2⤵
  PID:6928
- C:\Windows\System\eoLPGfm.exe
  C:\Windows\System\eoLPGfm.exe
  2⤵
  PID:7008
- C:\Windows\System\jBYLtRg.exe
  C:\Windows\System\jBYLtRg.exe
  2⤵
  PID:7056
- C:\Windows\System\hAKKMXT.exe
  C:\Windows\System\hAKKMXT.exe
  2⤵
  PID:7148
- C:\Windows\System\XaROaKX.exe
  C:\Windows\System\XaROaKX.exe
  2⤵
  PID:5712
- C:\Windows\System\byzywoy.exe
  C:\Windows\System\byzywoy.exe
  2⤵
  PID:6336
- C:\Windows\System\AGaIDEK.exe
  C:\Windows\System\AGaIDEK.exe
  2⤵
  PID:5264
- C:\Windows\System\UInJSnT.exe
  C:\Windows\System\UInJSnT.exe
  2⤵
  PID:6308
- C:\Windows\System\RXAQpaz.exe
  C:\Windows\System\RXAQpaz.exe
  2⤵
  PID:6712
- C:\Windows\System\gqnNpLj.exe
  C:\Windows\System\gqnNpLj.exe
  2⤵
  PID:6832
- C:\Windows\System\RvPXDOV.exe
  C:\Windows\System\RvPXDOV.exe
  2⤵
  PID:6924
- C:\Windows\System\ZlYSETc.exe
  C:\Windows\System\ZlYSETc.exe
  2⤵
  PID:7068
- C:\Windows\System\QEtyLHN.exe
  C:\Windows\System\QEtyLHN.exe
  2⤵
  PID:5868
- C:\Windows\System\hvpEkyo.exe
  C:\Windows\System\hvpEkyo.exe
  2⤵
  PID:6628
- C:\Windows\System\TqxAcdV.exe
  C:\Windows\System\TqxAcdV.exe
  2⤵
  PID:7000
- C:\Windows\System\taJQJLl.exe
  C:\Windows\System\taJQJLl.exe
  2⤵
  PID:7192
- C:\Windows\System\aEYOrga.exe
  C:\Windows\System\aEYOrga.exe
  2⤵
  PID:7212
- C:\Windows\System\FSFJogC.exe
  C:\Windows\System\FSFJogC.exe
  2⤵
  PID:7240
- C:\Windows\System\NiCvLpA.exe
  C:\Windows\System\NiCvLpA.exe
  2⤵
  PID:7268
- C:\Windows\System\JNmroAk.exe
  C:\Windows\System\JNmroAk.exe
  2⤵
  PID:7284
- C:\Windows\System\AaPQGvH.exe
  C:\Windows\System\AaPQGvH.exe
  2⤵
  PID:7316
- C:\Windows\System\YXyyfMQ.exe
  C:\Windows\System\YXyyfMQ.exe
  2⤵
  PID:7340
- C:\Windows\System\WWkzOSh.exe
  C:\Windows\System\WWkzOSh.exe
  2⤵
  PID:7376
- C:\Windows\System\HHJwguE.exe
  C:\Windows\System\HHJwguE.exe
  2⤵
  PID:7408
- C:\Windows\System\hButSqS.exe
  C:\Windows\System\hButSqS.exe
  2⤵
  PID:7424
- C:\Windows\System\yuRvIeo.exe
  C:\Windows\System\yuRvIeo.exe
  2⤵
  PID:7452
- C:\Windows\System\ftWfBMv.exe
  C:\Windows\System\ftWfBMv.exe
  2⤵
  PID:7472
- C:\Windows\System\RmiLlMb.exe
  C:\Windows\System\RmiLlMb.exe
  2⤵
  PID:7512
- C:\Windows\System\VrJMQpS.exe
  C:\Windows\System\VrJMQpS.exe
  2⤵
  PID:7548
- C:\Windows\System\rttaGRj.exe
  C:\Windows\System\rttaGRj.exe
  2⤵
  PID:7576
- C:\Windows\System\qLBhIMo.exe
  C:\Windows\System\qLBhIMo.exe
  2⤵
  PID:7604
- C:\Windows\System\HesawLJ.exe
  C:\Windows\System\HesawLJ.exe
  2⤵
  PID:7636
- C:\Windows\System\zmgZkyC.exe
  C:\Windows\System\zmgZkyC.exe
  2⤵
  PID:7660
- C:\Windows\System\azhZSan.exe
  C:\Windows\System\azhZSan.exe
  2⤵
  PID:7688
- C:\Windows\System\XybuKih.exe
  C:\Windows\System\XybuKih.exe
  2⤵
  PID:7716
- C:\Windows\System\ccjwvkV.exe
  C:\Windows\System\ccjwvkV.exe
  2⤵
  PID:7744
- C:\Windows\System\fZvPHox.exe
  C:\Windows\System\fZvPHox.exe
  2⤵
  PID:7776
- C:\Windows\System\ytXmZja.exe
  C:\Windows\System\ytXmZja.exe
  2⤵
  PID:7800
- C:\Windows\System\vFqCVhK.exe
  C:\Windows\System\vFqCVhK.exe
  2⤵
  PID:7824
- C:\Windows\System\GDvHdxe.exe
  C:\Windows\System\GDvHdxe.exe
  2⤵
  PID:7860
- C:\Windows\System\sXGPhjW.exe
  C:\Windows\System\sXGPhjW.exe
  2⤵
  PID:7884
- C:\Windows\System\ewyahbn.exe
  C:\Windows\System\ewyahbn.exe
  2⤵
  PID:7916
- C:\Windows\System\hEwnBPy.exe
  C:\Windows\System\hEwnBPy.exe
  2⤵
  PID:7944
- C:\Windows\System\RkjHDKW.exe
  C:\Windows\System\RkjHDKW.exe
  2⤵
  PID:7972
- C:\Windows\System\sUfDiCB.exe
  C:\Windows\System\sUfDiCB.exe
  2⤵
  PID:8000
- C:\Windows\System\BmUoKeH.exe
  C:\Windows\System\BmUoKeH.exe
  2⤵
  PID:8028
- C:\Windows\System\WCdhPda.exe
  C:\Windows\System\WCdhPda.exe
  2⤵
  PID:8044
- C:\Windows\System\CHbZJes.exe
  C:\Windows\System\CHbZJes.exe
  2⤵
  PID:8072
- C:\Windows\System\cJkzAnU.exe
  C:\Windows\System\cJkzAnU.exe
  2⤵
  PID:8108
- C:\Windows\System\IcNYvgS.exe
  C:\Windows\System\IcNYvgS.exe
  2⤵
  PID:8140
- C:\Windows\System\oHOdqyr.exe
  C:\Windows\System\oHOdqyr.exe
  2⤵
  PID:8160
- C:\Windows\System\ScVuncu.exe
  C:\Windows\System\ScVuncu.exe
  2⤵
  PID:6916
- C:\Windows\System\IWPByeo.exe
  C:\Windows\System\IWPByeo.exe
  2⤵
  PID:7200
- C:\Windows\System\tGSjjto.exe
  C:\Windows\System\tGSjjto.exe
  2⤵
  PID:7264
- C:\Windows\System\SYPRlJV.exe
  C:\Windows\System\SYPRlJV.exe
  2⤵
  PID:7324
- C:\Windows\System\QrfDdIS.exe
  C:\Windows\System\QrfDdIS.exe
  2⤵
  PID:7400
- C:\Windows\System\uWoKjvm.exe
  C:\Windows\System\uWoKjvm.exe
  2⤵
  PID:7448
- C:\Windows\System\zSGcCCX.exe
  C:\Windows\System\zSGcCCX.exe
  2⤵
  PID:7544
- C:\Windows\System\JoQgphj.exe
  C:\Windows\System\JoQgphj.exe
  2⤵
  PID:7596
- C:\Windows\System\WAnbcDM.exe
  C:\Windows\System\WAnbcDM.exe
  2⤵
  PID:7656
- C:\Windows\System\LCLRAVp.exe
  C:\Windows\System\LCLRAVp.exe
  2⤵
  PID:7728
- C:\Windows\System\wgSDZAB.exe
  C:\Windows\System\wgSDZAB.exe
  2⤵
  PID:7788
- C:\Windows\System\MBiCRNX.exe
  C:\Windows\System\MBiCRNX.exe
  2⤵
  PID:7820
- C:\Windows\System\IrtiPqE.exe
  C:\Windows\System\IrtiPqE.exe
  2⤵
  PID:7896
- C:\Windows\System\sLXPMbZ.exe
  C:\Windows\System\sLXPMbZ.exe
  2⤵
  PID:7956
- C:\Windows\System\ciAkAsL.exe
  C:\Windows\System\ciAkAsL.exe
  2⤵
  PID:8020
- C:\Windows\System\fHcjeAi.exe
  C:\Windows\System\fHcjeAi.exe
  2⤵
  PID:8084
- C:\Windows\System\ErezduN.exe
  C:\Windows\System\ErezduN.exe
  2⤵
  PID:8168
- C:\Windows\System\XJWKHIL.exe
  C:\Windows\System\XJWKHIL.exe
  2⤵
  PID:7140
- C:\Windows\System\TocIbjs.exe
  C:\Windows\System\TocIbjs.exe
  2⤵
  PID:7392
- C:\Windows\System\vxnbBJl.exe
  C:\Windows\System\vxnbBJl.exe
  2⤵
  PID:7588
- C:\Windows\System\wrxcnIJ.exe
  C:\Windows\System\wrxcnIJ.exe
  2⤵
  PID:7712
- C:\Windows\System\ZTQHoQf.exe
  C:\Windows\System\ZTQHoQf.exe
  2⤵
  PID:7816
- C:\Windows\System\PSyJTAL.exe
  C:\Windows\System\PSyJTAL.exe
  2⤵
  PID:7988
- C:\Windows\System\nBvsuUw.exe
  C:\Windows\System\nBvsuUw.exe
  2⤵
  PID:8024
- C:\Windows\System\evFBlcA.exe
  C:\Windows\System\evFBlcA.exe
  2⤵
  PID:7312
- C:\Windows\System\kGbOIMo.exe
  C:\Windows\System\kGbOIMo.exe
  2⤵
  PID:7684
- C:\Windows\System\YLoLahq.exe
  C:\Windows\System\YLoLahq.exe
  2⤵
  PID:7936
- C:\Windows\System\eWGceRt.exe
  C:\Windows\System\eWGceRt.exe
  2⤵
  PID:7460
- C:\Windows\System\uYSjXSD.exe
  C:\Windows\System\uYSjXSD.exe
  2⤵
  PID:6192
- C:\Windows\System\hSVCqoh.exe
  C:\Windows\System\hSVCqoh.exe
  2⤵
  PID:8200
- C:\Windows\System\YYJbgOv.exe
  C:\Windows\System\YYJbgOv.exe
  2⤵
  PID:8232
- C:\Windows\System\gviMiBd.exe
  C:\Windows\System\gviMiBd.exe
  2⤵
  PID:8256
- C:\Windows\System\tqVJnjD.exe
  C:\Windows\System\tqVJnjD.exe
  2⤵
  PID:8284
- C:\Windows\System\ZijCucB.exe
  C:\Windows\System\ZijCucB.exe
  2⤵
  PID:8312
- C:\Windows\System\LsZQRRG.exe
  C:\Windows\System\LsZQRRG.exe
  2⤵
  PID:8340
- C:\Windows\System\WxYDMXy.exe
  C:\Windows\System\WxYDMXy.exe
  2⤵
  PID:8368
- C:\Windows\System\KpEVnku.exe
  C:\Windows\System\KpEVnku.exe
  2⤵
  PID:8396
- C:\Windows\System\smCzyzG.exe
  C:\Windows\System\smCzyzG.exe
  2⤵
  PID:8412
- C:\Windows\System\GAkRtpd.exe
  C:\Windows\System\GAkRtpd.exe
  2⤵
  PID:8436
- C:\Windows\System\ktVHkBl.exe
  C:\Windows\System\ktVHkBl.exe
  2⤵
  PID:8468
- C:\Windows\System\ZuUJYYD.exe
  C:\Windows\System\ZuUJYYD.exe
  2⤵
  PID:8496
- C:\Windows\System\rgbjxlr.exe
  C:\Windows\System\rgbjxlr.exe
  2⤵
  PID:8524
- C:\Windows\System\iobGzEy.exe
  C:\Windows\System\iobGzEy.exe
  2⤵
  PID:8552
- C:\Windows\System\lqYpRUK.exe
  C:\Windows\System\lqYpRUK.exe
  2⤵
  PID:8580
- C:\Windows\System\qnpxqal.exe
  C:\Windows\System\qnpxqal.exe
  2⤵
  PID:8620
- C:\Windows\System\NnKRiMB.exe
  C:\Windows\System\NnKRiMB.exe
  2⤵
  PID:8648
- C:\Windows\System\yUFPqTj.exe
  C:\Windows\System\yUFPqTj.exe
  2⤵
  PID:8676
- C:\Windows\System\vFTCUEE.exe
  C:\Windows\System\vFTCUEE.exe
  2⤵
  PID:8704
- C:\Windows\System\WmyLjkD.exe
  C:\Windows\System\WmyLjkD.exe
  2⤵
  PID:8732
- C:\Windows\System\TtkKNiq.exe
  C:\Windows\System\TtkKNiq.exe
  2⤵
  PID:8760
- C:\Windows\System\uRhRula.exe
  C:\Windows\System\uRhRula.exe
  2⤵
  PID:8788
- C:\Windows\System\OKcvNRz.exe
  C:\Windows\System\OKcvNRz.exe
  2⤵
  PID:8804
- C:\Windows\System\BnZnXVQ.exe
  C:\Windows\System\BnZnXVQ.exe
  2⤵
  PID:8836
- C:\Windows\System\EnBhnjz.exe
  C:\Windows\System\EnBhnjz.exe
  2⤵
  PID:8880
- C:\Windows\System\ZhJdfaw.exe
  C:\Windows\System\ZhJdfaw.exe
  2⤵
  PID:8904
- C:\Windows\System\FhyFzew.exe
  C:\Windows\System\FhyFzew.exe
  2⤵
  PID:8932
- C:\Windows\System\HBFraGI.exe
  C:\Windows\System\HBFraGI.exe
  2⤵
  PID:8960
- C:\Windows\System\xezshXT.exe
  C:\Windows\System\xezshXT.exe
  2⤵
  PID:8984
- C:\Windows\System\TWOecTB.exe
  C:\Windows\System\TWOecTB.exe
  2⤵
  PID:9004
- C:\Windows\System\YKRAlaf.exe
  C:\Windows\System\YKRAlaf.exe
  2⤵
  PID:9044
- C:\Windows\System\FtaiSGp.exe
  C:\Windows\System\FtaiSGp.exe
  2⤵
  PID:9092
- C:\Windows\System\YlWIdqF.exe
  C:\Windows\System\YlWIdqF.exe
  2⤵
  PID:9108
- C:\Windows\System\cWLxBzG.exe
  C:\Windows\System\cWLxBzG.exe
  2⤵
  PID:9144
- C:\Windows\System\qibqlEy.exe
  C:\Windows\System\qibqlEy.exe
  2⤵
  PID:9184
- C:\Windows\System\UKPSGBl.exe
  C:\Windows\System\UKPSGBl.exe
  2⤵
  PID:9212
- C:\Windows\System\QQLQrBr.exe
  C:\Windows\System\QQLQrBr.exe
  2⤵
  PID:8240
- C:\Windows\System\lQeOxOg.exe
  C:\Windows\System\lQeOxOg.exe
  2⤵
  PID:8304
- C:\Windows\System\uRgXxpI.exe
  C:\Windows\System\uRgXxpI.exe
  2⤵
  PID:8360
- C:\Windows\System\BPmfUkk.exe
  C:\Windows\System\BPmfUkk.exe
  2⤵
  PID:8392
- C:\Windows\System\osrLCFJ.exe
  C:\Windows\System\osrLCFJ.exe
  2⤵
  PID:8448
- C:\Windows\System\utNqIve.exe
  C:\Windows\System\utNqIve.exe
  2⤵
  PID:8488
- C:\Windows\System\UgGeXac.exe
  C:\Windows\System\UgGeXac.exe
  2⤵
  PID:8536
- C:\Windows\System\fSGyVOe.exe
  C:\Windows\System\fSGyVOe.exe
  2⤵
  PID:8604
- C:\Windows\System\uarDkFN.exe
  C:\Windows\System\uarDkFN.exe
  2⤵
  PID:8672
- C:\Windows\System\qEXiZgc.exe
  C:\Windows\System\qEXiZgc.exe
  2⤵
  PID:8720
- C:\Windows\System\CtoYyKU.exe
  C:\Windows\System\CtoYyKU.exe
  2⤵
  PID:8780
- C:\Windows\System\UngzAUv.exe
  C:\Windows\System\UngzAUv.exe
  2⤵
  PID:8844
- C:\Windows\System\rufTrka.exe
  C:\Windows\System\rufTrka.exe
  2⤵
  PID:8900
- C:\Windows\System\aqyMWSv.exe
  C:\Windows\System\aqyMWSv.exe
  2⤵
  PID:8944
- C:\Windows\System\PLcvIcu.exe
  C:\Windows\System\PLcvIcu.exe
  2⤵
  PID:9016
- C:\Windows\System\ZSJZRzD.exe
  C:\Windows\System\ZSJZRzD.exe
  2⤵
  PID:3028
- C:\Windows\System\mGbhhIl.exe
  C:\Windows\System\mGbhhIl.exe
  2⤵
  PID:9120
- C:\Windows\System\ArLJGxe.exe
  C:\Windows\System\ArLJGxe.exe
  2⤵
  PID:8212
- C:\Windows\System\jouUWQo.exe
  C:\Windows\System\jouUWQo.exe
  2⤵
  PID:8380
- C:\Windows\System\qFDLJvk.exe
  C:\Windows\System\qFDLJvk.exe
  2⤵
  PID:8512
- C:\Windows\System\zEioeWs.exe
  C:\Windows\System\zEioeWs.exe
  2⤵
  PID:8832
- C:\Windows\System\yxqIlRt.exe
  C:\Windows\System\yxqIlRt.exe
  2⤵
  PID:8800
- C:\Windows\System\GdqkObs.exe
  C:\Windows\System\GdqkObs.exe
  2⤵
  PID:9088
- C:\Windows\System\EyMmKQo.exe
  C:\Windows\System\EyMmKQo.exe
  2⤵
  PID:8644
- C:\Windows\System\LbVyBpg.exe
  C:\Windows\System\LbVyBpg.exe
  2⤵
  PID:9064
- C:\Windows\System\AIGorTE.exe
  C:\Windows\System\AIGorTE.exe
  2⤵
  PID:8980
- C:\Windows\System\bKBdfkq.exe
  C:\Windows\System\bKBdfkq.exe
  2⤵
  PID:8824
- C:\Windows\System\XRzGqWL.exe
  C:\Windows\System\XRzGqWL.exe
  2⤵
  PID:8328
- C:\Windows\System\ZKTMhFc.exe
  C:\Windows\System\ZKTMhFc.exe
  2⤵
  PID:9220
- C:\Windows\System\ZBstlRT.exe
  C:\Windows\System\ZBstlRT.exe
  2⤵
  PID:9248
- C:\Windows\System\mzXUZdV.exe
  C:\Windows\System\mzXUZdV.exe
  2⤵
  PID:9276
- C:\Windows\System\iFCnyJr.exe
  C:\Windows\System\iFCnyJr.exe
  2⤵
  PID:9304
- C:\Windows\System\NFflAlF.exe
  C:\Windows\System\NFflAlF.exe
  2⤵
  PID:9344
- C:\Windows\System\XohgBSc.exe
  C:\Windows\System\XohgBSc.exe
  2⤵
  PID:9376
- C:\Windows\System\jcreIPj.exe
  C:\Windows\System\jcreIPj.exe
  2⤵
  PID:9400
- C:\Windows\System\fLQpOzp.exe
  C:\Windows\System\fLQpOzp.exe
  2⤵
  PID:9420
- C:\Windows\System\EklCsCd.exe
  C:\Windows\System\EklCsCd.exe
  2⤵
  PID:9448
- C:\Windows\System\VEWXPFB.exe
  C:\Windows\System\VEWXPFB.exe
  2⤵
  PID:9488
- C:\Windows\System\gIZnVKU.exe
  C:\Windows\System\gIZnVKU.exe
  2⤵
  PID:9512
- C:\Windows\System\roEOGaI.exe
  C:\Windows\System\roEOGaI.exe
  2⤵
  PID:9544
- C:\Windows\System\wfVvLxa.exe
  C:\Windows\System\wfVvLxa.exe
  2⤵
  PID:9572
- C:\Windows\System\PQLfThJ.exe
  C:\Windows\System\PQLfThJ.exe
  2⤵
  PID:9604
- C:\Windows\System\eVSzRKP.exe
  C:\Windows\System\eVSzRKP.exe
  2⤵
  PID:9628
- C:\Windows\System\YqqIWNn.exe
  C:\Windows\System\YqqIWNn.exe
  2⤵
  PID:9656
- C:\Windows\System\skmqHtg.exe
  C:\Windows\System\skmqHtg.exe
  2⤵
  PID:9672
- C:\Windows\System\BsIpgdu.exe
  C:\Windows\System\BsIpgdu.exe
  2⤵
  PID:9700
- C:\Windows\System\Symxyip.exe
  C:\Windows\System\Symxyip.exe
  2⤵
  PID:9728
- C:\Windows\System\eSXdmHN.exe
  C:\Windows\System\eSXdmHN.exe
  2⤵
  PID:9768
- C:\Windows\System\lnZBQbt.exe
  C:\Windows\System\lnZBQbt.exe
  2⤵
  PID:9796
- C:\Windows\System\HuJGLWq.exe
  C:\Windows\System\HuJGLWq.exe
  2⤵
  PID:9812
- C:\Windows\System\aDUtogk.exe
  C:\Windows\System\aDUtogk.exe
  2⤵
  PID:9840
- C:\Windows\System\zbvpCaB.exe
  C:\Windows\System\zbvpCaB.exe
  2⤵
  PID:9868
- C:\Windows\System\EdOFkJE.exe
  C:\Windows\System\EdOFkJE.exe
  2⤵
  PID:9904
- C:\Windows\System\idFIumP.exe
  C:\Windows\System\idFIumP.exe
  2⤵
  PID:9936
- C:\Windows\System\RtrDVQQ.exe
  C:\Windows\System\RtrDVQQ.exe
  2⤵
  PID:9960
- C:\Windows\System\dOBZwhq.exe
  C:\Windows\System\dOBZwhq.exe
  2⤵
  PID:9980
- C:\Windows\System\iijaVlH.exe
  C:\Windows\System\iijaVlH.exe
  2⤵
  PID:10008
- C:\Windows\System\JXTaVar.exe
  C:\Windows\System\JXTaVar.exe
  2⤵
  PID:10028
- C:\Windows\System\PfcQCSf.exe
  C:\Windows\System\PfcQCSf.exe
  2⤵
  PID:10052
- C:\Windows\System\Hdpmreo.exe
  C:\Windows\System\Hdpmreo.exe
  2⤵
  PID:10092
- C:\Windows\System\snqWKbH.exe
  C:\Windows\System\snqWKbH.exe
  2⤵
  PID:10120
- C:\Windows\System\DydZltN.exe
  C:\Windows\System\DydZltN.exe
  2⤵
  PID:10136
- C:\Windows\System\gDPGlSC.exe
  C:\Windows\System\gDPGlSC.exe
  2⤵
  PID:10168
- C:\Windows\System\UxfwknJ.exe
  C:\Windows\System\UxfwknJ.exe
  2⤵
  PID:10204
- C:\Windows\System\QMgCdNs.exe
  C:\Windows\System\QMgCdNs.exe
  2⤵
  PID:10232
- C:\Windows\System\OgXeTaB.exe
  C:\Windows\System\OgXeTaB.exe
  2⤵
  PID:1848
- C:\Windows\System\IzUqPUr.exe
  C:\Windows\System\IzUqPUr.exe
  2⤵
  PID:9288
- C:\Windows\System\aNxLwJk.exe
  C:\Windows\System\aNxLwJk.exe
  2⤵
  PID:9360
- C:\Windows\System\vWMdEpt.exe
  C:\Windows\System\vWMdEpt.exe
  2⤵
  PID:9436
- C:\Windows\System\RXLEqyT.exe
  C:\Windows\System\RXLEqyT.exe
  2⤵
  PID:9508
- C:\Windows\System\hyDsysq.exe
  C:\Windows\System\hyDsysq.exe
  2⤵
  PID:9556
- C:\Windows\System\FizrBQU.exe
  C:\Windows\System\FizrBQU.exe
  2⤵
  PID:9620
- C:\Windows\System\ZwwUwmD.exe
  C:\Windows\System\ZwwUwmD.exe
  2⤵
  PID:9664
- C:\Windows\System\BkWihHj.exe
  C:\Windows\System\BkWihHj.exe
  2⤵
  PID:9752
- C:\Windows\System\mspZliy.exe
  C:\Windows\System\mspZliy.exe
  2⤵
  PID:9832
- C:\Windows\System\oyTjaYZ.exe
  C:\Windows\System\oyTjaYZ.exe
  2⤵
  PID:9860
- C:\Windows\System\WagVhgn.exe
  C:\Windows\System\WagVhgn.exe
  2⤵
  PID:9952
- C:\Windows\System\rRgEKIE.exe
  C:\Windows\System\rRgEKIE.exe
  2⤵
  PID:10020
- C:\Windows\System\pOfejlU.exe
  C:\Windows\System\pOfejlU.exe
  2⤵
  PID:10080
- C:\Windows\System\zWRVIYa.exe
  C:\Windows\System\zWRVIYa.exe
  2⤵
  PID:10152
- C:\Windows\System\wFogtQC.exe
  C:\Windows\System\wFogtQC.exe
  2⤵
  PID:2884
- C:\Windows\System\CPofYWZ.exe
  C:\Windows\System\CPofYWZ.exe
  2⤵
  PID:10216
- C:\Windows\System\EAjjiRb.exe
  C:\Windows\System\EAjjiRb.exe
  2⤵
  PID:9236
- C:\Windows\System\YZNelKG.exe
  C:\Windows\System\YZNelKG.exe
  2⤵
  PID:9476
- C:\Windows\System\yNWvqFB.exe
  C:\Windows\System\yNWvqFB.exe
  2⤵
  PID:9684
- C:\Windows\System\bCJyhAO.exe
  C:\Windows\System\bCJyhAO.exe
  2⤵
  PID:9692
- C:\Windows\System\LUCUfiA.exe
  C:\Windows\System\LUCUfiA.exe
  2⤵
  PID:9924
- C:\Windows\System\PiNcBWI.exe
  C:\Windows\System\PiNcBWI.exe
  2⤵
  PID:9972
- C:\Windows\System\iKMdwPD.exe
  C:\Windows\System\iKMdwPD.exe
  2⤵
  PID:3436
- C:\Windows\System\ylxGMvG.exe
  C:\Windows\System\ylxGMvG.exe
  2⤵
  PID:9336
- C:\Windows\System\NcWUoBC.exe
  C:\Windows\System\NcWUoBC.exe
  2⤵
  PID:9540
- C:\Windows\System\aYcgCDZ.exe
  C:\Windows\System\aYcgCDZ.exe
  2⤵
  PID:9976
- C:\Windows\System\CxgzTOQ.exe
  C:\Windows\System\CxgzTOQ.exe
  2⤵
  PID:10156
- C:\Windows\System\SlMbPUZ.exe
  C:\Windows\System\SlMbPUZ.exe
  2⤵
  PID:9856
- C:\Windows\System\AeQoCeu.exe
  C:\Windows\System\AeQoCeu.exe
  2⤵
  PID:10260
- C:\Windows\System\dbVQMRO.exe
  C:\Windows\System\dbVQMRO.exe
  2⤵
  PID:10280
- C:\Windows\System\gmYjHXr.exe
  C:\Windows\System\gmYjHXr.exe
  2⤵
  PID:10308
- C:\Windows\System\oOMJsxC.exe
  C:\Windows\System\oOMJsxC.exe
  2⤵
  PID:10336
- C:\Windows\System\dkUiwhI.exe
  C:\Windows\System\dkUiwhI.exe
  2⤵
  PID:10360
- C:\Windows\System\rfnsnCr.exe
  C:\Windows\System\rfnsnCr.exe
  2⤵
  PID:10388
- C:\Windows\System\FXdrSzB.exe
  C:\Windows\System\FXdrSzB.exe
  2⤵
  PID:10416
- C:\Windows\System\HLhESFP.exe
  C:\Windows\System\HLhESFP.exe
  2⤵
  PID:10432
- C:\Windows\System\vygDWVW.exe
  C:\Windows\System\vygDWVW.exe
  2⤵
  PID:10456
- C:\Windows\System\xpHsMoQ.exe
  C:\Windows\System\xpHsMoQ.exe
  2⤵
  PID:10476
- C:\Windows\System\gVgmWCk.exe
  C:\Windows\System\gVgmWCk.exe
  2⤵
  PID:10508
- C:\Windows\System\AMRyGNg.exe
  C:\Windows\System\AMRyGNg.exe
  2⤵
  PID:10532
- C:\Windows\System\EGSWQjM.exe
  C:\Windows\System\EGSWQjM.exe
  2⤵
  PID:10564
- C:\Windows\System\FsHyGBA.exe
  C:\Windows\System\FsHyGBA.exe
  2⤵
  PID:10600
- C:\Windows\System\EiZNCwz.exe
  C:\Windows\System\EiZNCwz.exe
  2⤵
  PID:10620
- C:\Windows\System\TyMvmrO.exe
  C:\Windows\System\TyMvmrO.exe
  2⤵
  PID:10648
- C:\Windows\System\EKOICJc.exe
  C:\Windows\System\EKOICJc.exe
  2⤵
  PID:10676
- C:\Windows\System\uijgVVQ.exe
  C:\Windows\System\uijgVVQ.exe
  2⤵
  PID:10708
- C:\Windows\System\nsmUAuL.exe
  C:\Windows\System\nsmUAuL.exe
  2⤵
  PID:10740
- C:\Windows\System\OkHNuWi.exe
  C:\Windows\System\OkHNuWi.exe
  2⤵
  PID:10760
- C:\Windows\System\MZuEBpd.exe
  C:\Windows\System\MZuEBpd.exe
  2⤵
  PID:10796
- C:\Windows\System\AcxkyEE.exe
  C:\Windows\System\AcxkyEE.exe
  2⤵
  PID:10832
- C:\Windows\System\aGFqJSN.exe
  C:\Windows\System\aGFqJSN.exe
  2⤵
  PID:10852
- C:\Windows\System\XXwSynR.exe
  C:\Windows\System\XXwSynR.exe
  2⤵
  PID:10876
- C:\Windows\System\nrdpxcq.exe
  C:\Windows\System\nrdpxcq.exe
  2⤵
  PID:10916
- C:\Windows\System\honUpXc.exe
  C:\Windows\System\honUpXc.exe
  2⤵
  PID:10936
- C:\Windows\System\mcYTPTJ.exe
  C:\Windows\System\mcYTPTJ.exe
  2⤵
  PID:10980
- C:\Windows\System\ZluLNwd.exe
  C:\Windows\System\ZluLNwd.exe
  2⤵
  PID:11004
- C:\Windows\System\IscpRJD.exe
  C:\Windows\System\IscpRJD.exe
  2⤵
  PID:11032
- C:\Windows\System\YgwfCjl.exe
  C:\Windows\System\YgwfCjl.exe
  2⤵
  PID:11084
- C:\Windows\System\NRkblGc.exe
  C:\Windows\System\NRkblGc.exe
  2⤵
  PID:11100
- C:\Windows\System\JWDANFe.exe
  C:\Windows\System\JWDANFe.exe
  2⤵
  PID:11128
- C:\Windows\System\pbAWWCR.exe
  C:\Windows\System\pbAWWCR.exe
  2⤵
  PID:11156
- C:\Windows\System\hIFzJRo.exe
  C:\Windows\System\hIFzJRo.exe
  2⤵
  PID:11192
- C:\Windows\System\aDwnFdj.exe
  C:\Windows\System\aDwnFdj.exe
  2⤵
  PID:11216
- C:\Windows\System\fQDpgAZ.exe
  C:\Windows\System\fQDpgAZ.exe
  2⤵
  PID:11252
- C:\Windows\System\ztSjBau.exe
  C:\Windows\System\ztSjBau.exe
  2⤵
  PID:10256
- C:\Windows\System\OvheOvT.exe
  C:\Windows\System\OvheOvT.exe
  2⤵
  PID:10296
- C:\Windows\System\jZskpcB.exe
  C:\Windows\System\jZskpcB.exe
  2⤵
  PID:10356
- C:\Windows\System\jPWBeAO.exe
  C:\Windows\System\jPWBeAO.exe
  2⤵
  PID:10384
- C:\Windows\System\ifRZCnv.exe
  C:\Windows\System\ifRZCnv.exe
  2⤵
  PID:10448
- C:\Windows\System\guruwRv.exe
  C:\Windows\System\guruwRv.exe
  2⤵
  PID:10540
- C:\Windows\System\zygJGXk.exe
  C:\Windows\System\zygJGXk.exe
  2⤵
  PID:10524
- C:\Windows\System\tRgbTgu.exe
  C:\Windows\System\tRgbTgu.exe
  2⤵
  PID:10616
- C:\Windows\System\iJYnMof.exe
  C:\Windows\System\iJYnMof.exe
  2⤵
  PID:10640
- C:\Windows\System\ikePxoY.exe
  C:\Windows\System\ikePxoY.exe
  2⤵
  PID:10704
- C:\Windows\System\TyUFTHs.exe
  C:\Windows\System\TyUFTHs.exe
  2⤵
  PID:10816
- C:\Windows\System\ijibPSY.exe
  C:\Windows\System\ijibPSY.exe
  2⤵
  PID:10952
- C:\Windows\System\rLPUbbg.exe
  C:\Windows\System\rLPUbbg.exe
  2⤵
  PID:10996
- C:\Windows\System\iiQfmvQ.exe
  C:\Windows\System\iiQfmvQ.exe
  2⤵
  PID:11052
- C:\Windows\System\SEyjhUQ.exe
  C:\Windows\System\SEyjhUQ.exe
  2⤵
  PID:11112
- C:\Windows\System\hjzidpz.exe
  C:\Windows\System\hjzidpz.exe
  2⤵
  PID:11200
- C:\Windows\System\aMqESOu.exe
  C:\Windows\System\aMqESOu.exe
  2⤵
  PID:9432
- C:\Windows\System\FgooxmT.exe
  C:\Windows\System\FgooxmT.exe
  2⤵
  PID:10300
- C:\Windows\System\SssrmUe.exe
  C:\Windows\System\SssrmUe.exe
  2⤵
  PID:10528
- C:\Windows\System\sudsuDQ.exe
  C:\Windows\System\sudsuDQ.exe
  2⤵
  PID:10588
- C:\Windows\System\bOFXtGR.exe
  C:\Windows\System\bOFXtGR.exe
  2⤵
  PID:10700
- C:\Windows\System\gGkZIfJ.exe
  C:\Windows\System\gGkZIfJ.exe
  2⤵
  PID:10864
- C:\Windows\System\vUOQMRd.exe
  C:\Windows\System\vUOQMRd.exe
  2⤵
  PID:11000
- C:\Windows\System\AfvmnCM.exe
  C:\Windows\System\AfvmnCM.exe
  2⤵
  PID:11236
- C:\Windows\System\AdxkvlH.exe
  C:\Windows\System\AdxkvlH.exe
  2⤵
  PID:10516
- C:\Windows\System\EWhOQsl.exe
  C:\Windows\System\EWhOQsl.exe
  2⤵
  PID:10720
- C:\Windows\System\ceUwIpr.exe
  C:\Windows\System\ceUwIpr.exe
  2⤵
  PID:11096
- C:\Windows\System\ZkEYvUl.exe
  C:\Windows\System\ZkEYvUl.exe
  2⤵
  PID:9592
- C:\Windows\System\UHdAbAq.exe
  C:\Windows\System\UHdAbAq.exe
  2⤵
  PID:11284
- C:\Windows\System\QreShTW.exe
  C:\Windows\System\QreShTW.exe
  2⤵
  PID:11312
- C:\Windows\System\uaIoTmP.exe
  C:\Windows\System\uaIoTmP.exe
  2⤵
  PID:11336
- C:\Windows\System\DwxsDPF.exe
  C:\Windows\System\DwxsDPF.exe
  2⤵
  PID:11368
- C:\Windows\System\UlLMYOF.exe
  C:\Windows\System\UlLMYOF.exe
  2⤵
  PID:11396
- C:\Windows\System\DCGwNmS.exe
  C:\Windows\System\DCGwNmS.exe
  2⤵
  PID:11412
- C:\Windows\System\vWYFPvx.exe
  C:\Windows\System\vWYFPvx.exe
  2⤵
  PID:11436
- C:\Windows\System\oNQZuDL.exe
  C:\Windows\System\oNQZuDL.exe
  2⤵
  PID:11468
- C:\Windows\System\VWISskq.exe
  C:\Windows\System\VWISskq.exe
  2⤵
  PID:11496
- C:\Windows\System\dTvvEHE.exe
  C:\Windows\System\dTvvEHE.exe
  2⤵
  PID:11520
- C:\Windows\System\wiSVvkQ.exe
  C:\Windows\System\wiSVvkQ.exe
  2⤵
  PID:11552
- C:\Windows\System\jRVWAkD.exe
  C:\Windows\System\jRVWAkD.exe
  2⤵
  PID:11576
- C:\Windows\System\gaQXSbS.exe
  C:\Windows\System\gaQXSbS.exe
  2⤵
  PID:11604
- C:\Windows\System\FpwEIpG.exe
  C:\Windows\System\FpwEIpG.exe
  2⤵
  PID:11632
- C:\Windows\System\KpRVNtu.exe
  C:\Windows\System\KpRVNtu.exe
  2⤵
  PID:11660
- C:\Windows\System\RYUsOSJ.exe
  C:\Windows\System\RYUsOSJ.exe
  2⤵
  PID:11688
- C:\Windows\System\SBGLPlR.exe
  C:\Windows\System\SBGLPlR.exe
  2⤵
  PID:11724
- C:\Windows\System\gKAsvFD.exe
  C:\Windows\System\gKAsvFD.exe
  2⤵
  PID:11752
- C:\Windows\System\sQjXBhv.exe
  C:\Windows\System\sQjXBhv.exe
  2⤵
  PID:11784
- C:\Windows\System\uPIKgZv.exe
  C:\Windows\System\uPIKgZv.exe
  2⤵
  PID:11804
- C:\Windows\System\uUPxaxu.exe
  C:\Windows\System\uUPxaxu.exe
  2⤵
  PID:11840
- C:\Windows\System\VFIyzqF.exe
  C:\Windows\System\VFIyzqF.exe
  2⤵
  PID:11884
- C:\Windows\System\kBuxMme.exe
  C:\Windows\System\kBuxMme.exe
  2⤵
  PID:11900
- C:\Windows\System\XBwEwYQ.exe
  C:\Windows\System\XBwEwYQ.exe
  2⤵
  PID:11928
- C:\Windows\System\dsDmaYT.exe
  C:\Windows\System\dsDmaYT.exe
  2⤵
  PID:11956
- C:\Windows\System\GTvhurb.exe
  C:\Windows\System\GTvhurb.exe
  2⤵
  PID:11984
- C:\Windows\System\VqQnFyF.exe
  C:\Windows\System\VqQnFyF.exe
  2⤵
  PID:12012
- C:\Windows\System\LriiwET.exe
  C:\Windows\System\LriiwET.exe
  2⤵
  PID:12028
- C:\Windows\System\ReaQhiI.exe
  C:\Windows\System\ReaQhiI.exe
  2⤵
  PID:12068
- C:\Windows\System\oJLySUQ.exe
  C:\Windows\System\oJLySUQ.exe
  2⤵
  PID:12096
- C:\Windows\System\AEUFoxF.exe
  C:\Windows\System\AEUFoxF.exe
  2⤵
  PID:12128
- C:\Windows\System\SnBgnJZ.exe
  C:\Windows\System\SnBgnJZ.exe
  2⤵
  PID:12152
- C:\Windows\System\NOBhMCG.exe
  C:\Windows\System\NOBhMCG.exe
  2⤵
  PID:12180
- C:\Windows\System\bIlkmoQ.exe
  C:\Windows\System\bIlkmoQ.exe
  2⤵
  PID:12208
- C:\Windows\System\sMEVxON.exe
  C:\Windows\System\sMEVxON.exe
  2⤵
  PID:12224
- C:\Windows\System\acFoodu.exe
  C:\Windows\System\acFoodu.exe
  2⤵
  PID:12256
- C:\Windows\System\eQehtyF.exe
  C:\Windows\System\eQehtyF.exe
  2⤵
  PID:10664
- C:\Windows\System\OrUZwBI.exe
  C:\Windows\System\OrUZwBI.exe
  2⤵
  PID:11300
- C:\Windows\System\MNKuOFC.exe
  C:\Windows\System\MNKuOFC.exe
  2⤵
  PID:11388
- C:\Windows\System\oKhCysT.exe
  C:\Windows\System\oKhCysT.exe
  2⤵
  PID:11460
- C:\Windows\System\dnXCruW.exe
  C:\Windows\System\dnXCruW.exe
  2⤵
  PID:11492
- C:\Windows\System\VGpDKkx.exe
  C:\Windows\System\VGpDKkx.exe
  2⤵
  PID:11564
- C:\Windows\System\AaBKBZb.exe
  C:\Windows\System\AaBKBZb.exe
  2⤵
  PID:11628
- C:\Windows\System\nqLjNIG.exe
  C:\Windows\System\nqLjNIG.exe
  2⤵
  PID:11684
- C:\Windows\System\wKBuqFp.exe
  C:\Windows\System\wKBuqFp.exe
  2⤵
  PID:11708
- C:\Windows\System\wQqTiUa.exe
  C:\Windows\System\wQqTiUa.exe
  2⤵
  PID:4008
- C:\Windows\System\dHKGHQy.exe
  C:\Windows\System\dHKGHQy.exe
  2⤵
  PID:11828
- C:\Windows\System\JoUeNOx.exe
  C:\Windows\System\JoUeNOx.exe
  2⤵
  PID:11952
- C:\Windows\System\kobnVlO.exe
  C:\Windows\System\kobnVlO.exe
  2⤵
  PID:11996
- C:\Windows\System\SbJrrwn.exe
  C:\Windows\System\SbJrrwn.exe
  2⤵
  PID:12048
- C:\Windows\System\OVvVjKR.exe
  C:\Windows\System\OVvVjKR.exe
  2⤵
  PID:12192
- C:\Windows\System\JTFjxCK.exe
  C:\Windows\System\JTFjxCK.exe
  2⤵
  PID:12272
- C:\Windows\System\JNsKohp.exe
  C:\Windows\System\JNsKohp.exe
  2⤵
  PID:11296
- C:\Windows\System\xymqjaF.exe
  C:\Windows\System\xymqjaF.exe
  2⤵
  PID:11352
- C:\Windows\System\QyIRaZj.exe
  C:\Windows\System\QyIRaZj.exe
  2⤵
  PID:11512
- C:\Windows\System\nghmASV.exe
  C:\Windows\System\nghmASV.exe
  2⤵
  PID:11624
- C:\Windows\System\yCFGwek.exe
  C:\Windows\System\yCFGwek.exe
  2⤵
  PID:11748
- C:\Windows\System\JCpjGbp.exe
  C:\Windows\System\JCpjGbp.exe
  2⤵
  PID:11768
- C:\Windows\System\EppStcI.exe
  C:\Windows\System\EppStcI.exe
  2⤵
  PID:12136
- C:\Windows\System\oZvcCEv.exe
  C:\Windows\System\oZvcCEv.exe
  2⤵
  PID:11356
- C:\Windows\System\Ycrqasb.exe
  C:\Windows\System\Ycrqasb.exe
  2⤵
  PID:11596
- C:\Windows\System\aTHsCJv.exe
  C:\Windows\System\aTHsCJv.exe
  2⤵
  PID:11912
- C:\Windows\System\jjlPxeC.exe
  C:\Windows\System\jjlPxeC.exe
  2⤵
  PID:12236
- C:\Windows\System\shUujYv.exe
  C:\Windows\System\shUujYv.exe
  2⤵
  PID:12084
- C:\Windows\System\ELuPKyI.exe
  C:\Windows\System\ELuPKyI.exe
  2⤵
  PID:12304
- C:\Windows\System\ZLButEW.exe
  C:\Windows\System\ZLButEW.exe
  2⤵
  PID:12328
- C:\Windows\System\TNwtoRx.exe
  C:\Windows\System\TNwtoRx.exe
  2⤵
  PID:12356
- C:\Windows\System\qXgxdfL.exe
  C:\Windows\System\qXgxdfL.exe
  2⤵
  PID:12384
- C:\Windows\System\JukPaiq.exe
  C:\Windows\System\JukPaiq.exe
  2⤵
  PID:12420
- C:\Windows\System\WTiaszc.exe
  C:\Windows\System\WTiaszc.exe
  2⤵
  PID:12440
- C:\Windows\System\ryxyyeS.exe
  C:\Windows\System\ryxyyeS.exe
  2⤵
  PID:12468
- C:\Windows\System\dNzKXct.exe
  C:\Windows\System\dNzKXct.exe
  2⤵
  PID:12496
- C:\Windows\System\eJApwbL.exe
  C:\Windows\System\eJApwbL.exe
  2⤵
  PID:12524
- C:\Windows\System\iOqRwit.exe
  C:\Windows\System\iOqRwit.exe
  2⤵
  PID:12552
- C:\Windows\System\WlVbYeR.exe
  C:\Windows\System\WlVbYeR.exe
  2⤵
  PID:12592
- C:\Windows\System\LTYcaRW.exe
  C:\Windows\System\LTYcaRW.exe
  2⤵
  PID:12620
- C:\Windows\System\QMkpcVk.exe
  C:\Windows\System\QMkpcVk.exe
  2⤵
  PID:12648
- C:\Windows\System\sgGVnCj.exe
  C:\Windows\System\sgGVnCj.exe
  2⤵
  PID:12676
- C:\Windows\System\YwMMbma.exe
  C:\Windows\System\YwMMbma.exe
  2⤵
  PID:12692
- C:\Windows\System\RvFlyeF.exe
  C:\Windows\System\RvFlyeF.exe
  2⤵
  PID:12728
- C:\Windows\System\KfqRlek.exe
  C:\Windows\System\KfqRlek.exe
  2⤵
  PID:12752
- C:\Windows\System\SwMuEEq.exe
  C:\Windows\System\SwMuEEq.exe
  2⤵
  PID:12784
- C:\Windows\System\EuZlLkc.exe
  C:\Windows\System\EuZlLkc.exe
  2⤵
  PID:12804
- C:\Windows\System\PCCoaRj.exe
  C:\Windows\System\PCCoaRj.exe
  2⤵
  PID:12824
- C:\Windows\System\ablYubc.exe
  C:\Windows\System\ablYubc.exe
  2⤵
  PID:12860
- C:\Windows\System\IIPglAJ.exe
  C:\Windows\System\IIPglAJ.exe
  2⤵
  PID:12876
- C:\Windows\System\AAWWPVP.exe
  C:\Windows\System\AAWWPVP.exe
  2⤵
  PID:12896
- C:\Windows\System\DlUyeyi.exe
  C:\Windows\System\DlUyeyi.exe
  2⤵
  PID:12944
- C:\Windows\System\GINDgpx.exe
  C:\Windows\System\GINDgpx.exe
  2⤵
  PID:12960
- C:\Windows\System\MehYZyd.exe
  C:\Windows\System\MehYZyd.exe
  2⤵
  PID:13000
- C:\Windows\System\zGlAtxg.exe
  C:\Windows\System\zGlAtxg.exe
  2⤵
  PID:13024
- C:\Windows\System\peCKafC.exe
  C:\Windows\System\peCKafC.exe
  2⤵
  PID:13064
- C:\Windows\System\kdvhfmJ.exe
  C:\Windows\System\kdvhfmJ.exe
  2⤵
  PID:13096
- C:\Windows\System\LVvKzLi.exe
  C:\Windows\System\LVvKzLi.exe
  2⤵
  PID:13112
- C:\Windows\System\gHmQWqn.exe
  C:\Windows\System\gHmQWqn.exe
  2⤵
  PID:13128
- C:\Windows\System\zYHaGmG.exe
  C:\Windows\System\zYHaGmG.exe
  2⤵
  PID:13156
- C:\Windows\System\UzSsUWN.exe
  C:\Windows\System\UzSsUWN.exe
  2⤵
  PID:13180
- C:\Windows\System\ugvDePA.exe
  C:\Windows\System\ugvDePA.exe
  2⤵
  PID:13220
- C:\Windows\System\dMpWDQw.exe
  C:\Windows\System\dMpWDQw.exe
  2⤵
  PID:13240
- C:\Windows\System\rJlOYpa.exe
  C:\Windows\System\rJlOYpa.exe
  2⤵
  PID:13272
- C:\Windows\System\gXwyJJJ.exe
  C:\Windows\System\gXwyJJJ.exe
  2⤵
  PID:12340
- C:\Windows\System\cpIUkof.exe
  C:\Windows\System\cpIUkof.exe
  2⤵
  PID:12352
- C:\Windows\System\ihxZRFi.exe
  C:\Windows\System\ihxZRFi.exe
  2⤵
  PID:12408
- C:\Windows\System\wDQaIYe.exe
  C:\Windows\System\wDQaIYe.exe
  2⤵
  PID:12460
- C:\Windows\System\stYfpub.exe
  C:\Windows\System\stYfpub.exe
  2⤵
  PID:12540
- C:\Windows\System\GIAtTZg.exe
  C:\Windows\System\GIAtTZg.exe
  2⤵
  PID:12584
- C:\Windows\System\kEqmtoI.exe
  C:\Windows\System\kEqmtoI.exe
  2⤵
  PID:12660
- C:\Windows\System\VsIbSrN.exe
  C:\Windows\System\VsIbSrN.exe
  2⤵
  PID:12704
- C:\Windows\System\bYAPrQm.exe
  C:\Windows\System\bYAPrQm.exe
  2⤵
  PID:12792
- C:\Windows\System\ZbhTnBy.exe
  C:\Windows\System\ZbhTnBy.exe
  2⤵
  PID:12820
- C:\Windows\System\MNtxDvL.exe
  C:\Windows\System\MNtxDvL.exe
  2⤵
  PID:12888
- C:\Windows\System\AnyFVWt.exe
  C:\Windows\System\AnyFVWt.exe
  2⤵
  PID:12956
- C:\Windows\System\kSPlgrX.exe
  C:\Windows\System\kSPlgrX.exe
  2⤵
  PID:13032
- C:\Windows\System\AcPkkFu.exe
  C:\Windows\System\AcPkkFu.exe
  2⤵
  PID:13072
- C:\Windows\System\eFFHaUM.exe
  C:\Windows\System\eFFHaUM.exe
  2⤵
  PID:13144
- C:\Windows\System\eNoeUWY.exe
  C:\Windows\System\eNoeUWY.exe
  2⤵
  PID:13168
- C:\Windows\System\ljDdSrp.exe
  C:\Windows\System\ljDdSrp.exe
  2⤵
  PID:13288
- C:\Windows\System\wWxgSAN.exe
  C:\Windows\System\wWxgSAN.exe
  2⤵
  PID:312
- C:\Windows\System\OSXAQBZ.exe
  C:\Windows\System\OSXAQBZ.exe
  2⤵
  PID:12020
- C:\Windows\System\eBRMTHw.exe
  C:\Windows\System\eBRMTHw.exe
  2⤵
  PID:12544
- C:\Windows\System\hJJhdLu.exe
  C:\Windows\System\hJJhdLu.exe
  2⤵
  PID:12632
- C:\Windows\System\wUoWLhm.exe
  C:\Windows\System\wUoWLhm.exe
  2⤵
  PID:12772
- C:\Windows\System\nMoMgQB.exe
  C:\Windows\System\nMoMgQB.exe
  2⤵
  PID:12928
- C:\Windows\System\VwRrnod.exe
  C:\Windows\System\VwRrnod.exe
  2⤵
  PID:13084
- C:\Windows\System\RGfxIxk.exe
  C:\Windows\System\RGfxIxk.exe
  2⤵
  PID:13256
- C:\Windows\System\PeoBWoQ.exe
  C:\Windows\System\PeoBWoQ.exe
  2⤵
  PID:1600
- C:\Windows\System\TpUQcPe.exe
  C:\Windows\System\TpUQcPe.exe
  2⤵
  PID:12508
- C:\Windows\System\idVeodP.exe
  C:\Windows\System\idVeodP.exe
  2⤵
  PID:13088
- C:\Windows\System\SFbOmNg.exe
  C:\Windows\System\SFbOmNg.exe
  2⤵
  PID:13036
- C:\Windows\System\isLbkQG.exe
  C:\Windows\System\isLbkQG.exe
  2⤵
  PID:12688
- C:\Windows\System\wiFmeSd.exe
  C:\Windows\System\wiFmeSd.exe
  2⤵
  PID:13324
- C:\Windows\System\bzVbama.exe
  C:\Windows\System\bzVbama.exe
  2⤵
  PID:13344
- C:\Windows\System\OMbIfUo.exe
  C:\Windows\System\OMbIfUo.exe
  2⤵
  PID:13368
- C:\Windows\System\ofelokI.exe
  C:\Windows\System\ofelokI.exe
  2⤵
  PID:13408
- C:\Windows\System\cWcvxra.exe
  C:\Windows\System\cWcvxra.exe
  2⤵
  PID:13424
- C:\Windows\System\AoeXhbB.exe
  C:\Windows\System\AoeXhbB.exe
  2⤵
  PID:13464
- C:\Windows\System\DLEcRrP.exe
  C:\Windows\System\DLEcRrP.exe
  2⤵
  PID:13492
- C:\Windows\System\wynHvyC.exe
  C:\Windows\System\wynHvyC.exe
  2⤵
  PID:13524
- C:\Windows\System\IrsNzRd.exe
  C:\Windows\System\IrsNzRd.exe
  2⤵
  PID:13556
- C:\Windows\System\MxxcGpy.exe
  C:\Windows\System\MxxcGpy.exe
  2⤵
  PID:13596
- C:\Windows\System\RmypkKR.exe
  C:\Windows\System\RmypkKR.exe
  2⤵
  PID:13624
- C:\Windows\System\DSjPPDK.exe
  C:\Windows\System\DSjPPDK.exe
  2⤵
  PID:13656
- C:\Windows\System\kANTVly.exe
  C:\Windows\System\kANTVly.exe
  2⤵
  PID:13684
- C:\Windows\System\BmtGcKQ.exe
  C:\Windows\System\BmtGcKQ.exe
  2⤵
  PID:13724
- C:\Windows\System\JrXvYre.exe
  C:\Windows\System\JrXvYre.exe
  2⤵
  PID:13744
- C:\Windows\System\CNeqAuM.exe
  C:\Windows\System\CNeqAuM.exe
  2⤵
  PID:13776
- C:\Windows\System\jbKyjwc.exe
  C:\Windows\System\jbKyjwc.exe
  2⤵
  PID:13808
- C:\Windows\System\BRTPOZg.exe
  C:\Windows\System\BRTPOZg.exe
  2⤵
  PID:13836
- C:\Windows\System\zLadeAV.exe
  C:\Windows\System\zLadeAV.exe
  2⤵
  PID:13860
- C:\Windows\System\PlVphIe.exe
  C:\Windows\System\PlVphIe.exe
  2⤵
  PID:13892
- C:\Windows\System\pknYNiY.exe
  C:\Windows\System\pknYNiY.exe
  2⤵
  PID:13924
- C:\Windows\System\ZDIDaBO.exe
  C:\Windows\System\ZDIDaBO.exe
  2⤵
  PID:13948
- C:\Windows\System\SmzEjWW.exe
  C:\Windows\System\SmzEjWW.exe
  2⤵
  PID:13976
- C:\Windows\System\otqsMUM.exe
  C:\Windows\System\otqsMUM.exe
  2⤵
  PID:13996
- C:\Windows\System\VgKPeZQ.exe
  C:\Windows\System\VgKPeZQ.exe
  2⤵
  PID:14012
- C:\Windows\System\EVHYfhQ.exe
  C:\Windows\System\EVHYfhQ.exe
  2⤵
  PID:14036
- C:\Windows\System\gwaXIhK.exe
  C:\Windows\System\gwaXIhK.exe
  2⤵
  PID:14056
- C:\Windows\System\hoGxmlF.exe
  C:\Windows\System\hoGxmlF.exe
  2⤵
  PID:14072
- C:\Windows\System\FnXpPZE.exe
  C:\Windows\System\FnXpPZE.exe
  2⤵
  PID:14100
- C:\Windows\System\GbRJCzi.exe
  C:\Windows\System\GbRJCzi.exe
  2⤵
  PID:14116
- C:\Windows\System\ueIbAjq.exe
  C:\Windows\System\ueIbAjq.exe
  2⤵
  PID:14140
- C:\Windows\System\qpzzssY.exe
  C:\Windows\System\qpzzssY.exe
  2⤵
  PID:14168
- C:\Windows\System\lPFKRmR.exe
  C:\Windows\System\lPFKRmR.exe
  2⤵
  PID:14184
- C:\Windows\System\MLLRKPH.exe
  C:\Windows\System\MLLRKPH.exe
  2⤵
  PID:14208
- C:\Windows\System\KHEnQrg.exe
  C:\Windows\System\KHEnQrg.exe
  2⤵
  PID:14232
- C:\Windows\System\JLLqgEH.exe
  C:\Windows\System\JLLqgEH.exe
  2⤵
  PID:14256
- C:\Windows\System\xqbBwoW.exe
  C:\Windows\System\xqbBwoW.exe
  2⤵
  PID:14276
- C:\Windows\System\fDjbnJL.exe
  C:\Windows\System\fDjbnJL.exe
  2⤵
  PID:14312
- C:\Windows\System\eSmTkPm.exe
  C:\Windows\System\eSmTkPm.exe
  2⤵
  PID:13332
- C:\Windows\System\UpqAMBO.exe
  C:\Windows\System\UpqAMBO.exe
  2⤵
  PID:13356
- C:\Windows\System\DOnqOzb.exe
  C:\Windows\System\DOnqOzb.exe
  2⤵
  PID:13420
- C:\Windows\System\tjICGMB.exe
  C:\Windows\System\tjICGMB.exe
  2⤵
  PID:13484
- C:\Windows\System\zSFevHk.exe
  C:\Windows\System\zSFevHk.exe
  2⤵
  PID:13508
- C:\Windows\System\BwRFWTY.exe
  C:\Windows\System\BwRFWTY.exe
  2⤵
  PID:13612
- C:\Windows\System\IDzKFiF.exe
  C:\Windows\System\IDzKFiF.exe
  2⤵
  PID:13672
- C:\Windows\System\RMxoZiL.exe
  C:\Windows\System\RMxoZiL.exe
  2⤵
  PID:13796
- C:\Windows\System\ncYiXTl.exe
  C:\Windows\System\ncYiXTl.exe
  2⤵
  PID:13844
- C:\Windows\System\GrQenXZ.exe
  C:\Windows\System\GrQenXZ.exe
  2⤵
  PID:13968
- C:\Windows\System\MPKMSaZ.exe
  C:\Windows\System\MPKMSaZ.exe
  2⤵
  PID:14004
- C:\Windows\System\JLKTKZj.exe
  C:\Windows\System\JLKTKZj.exe
  2⤵
  PID:14096
- C:\Windows\System\wQHHGlb.exe
  C:\Windows\System\wQHHGlb.exe
  2⤵
  PID:13916
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 13916 -s 248
    3⤵
    PID:3032
- C:\Windows\System\WEnhGAi.exe
  C:\Windows\System\WEnhGAi.exe
  2⤵
  PID:13736
- C:\Windows\System\DorYKBC.exe
  C:\Windows\System\DorYKBC.exe
  2⤵
  PID:14272
- C:\Windows\System\CUYkHkQ.exe
  C:\Windows\System\CUYkHkQ.exe
  2⤵
  PID:13404
- C:\Windows\System\RpKsLhf.exe
  C:\Windows\System\RpKsLhf.exe
  2⤵
  PID:13824

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EsKcoma.exe

Filesize
2.3MB

MD5
276cdb6f52568e02892f8a19e2c5b260

SHA1
08b501d933b60bb663f70ae5a44e0444faf4e5b3

SHA256
50f778d1dd88e02900d2c93569f4e4cdd7901d89df1f37be7992bbdec93f7aa8

SHA512
0f404447add5ca883943f4a0ac5d04497d5789ec8d4153e0ffac377edfae71f0cb4e6cbc26742f4ed7c63dafe83e8e3e2329a7c14e9e428696bfee9f2840ccd0

Download Submit
C:\Windows\System\FpXDPpI.exe

Filesize
2.3MB

MD5
e2bc1513db709b3e2f151a194e77a566

SHA1
f9da2a898e818e1bccdb163352c8c5c016e87adc

SHA256
a79632e3c070cf083bb3317b22a067376b952face7d190b36acfce4c041f965c

SHA512
06ddc8721da77bd98722a77bf145bdce9069acbdf1f49f81b8e49b9a22d013d8f4fb9cc0a9b73d416f47d3a662574ed16a73516f683aecfce8eaf06f96c02a85

Download Submit
C:\Windows\System\GWvAthj.exe

Filesize
2.3MB

MD5
830c568396ed52423115c4afe4c5f486

SHA1
81b5517de0a5d7b0fc842a09e5993033c3f6ffdb

SHA256
c499a05af7b83b3395df32e1a2d065dde9efdfc4da5d2d391e41e1f88021ba6e

SHA512
831aa6637bb664a7b95e61c757a4c41a1a3ceeabbf0a5bf40ce6acdb2dbe568da969376ad2a8a54c16586e7684e88a3899970a7698d1753d4095fed4d37a4065

Download Submit
C:\Windows\System\JKqkkaV.exe

Filesize
2.3MB

MD5
b4c35d6427d3568461015bb66bc70477

SHA1
3de8f8f7e70ca6d2ecfcca9ed6bee7b71b5c1aa3

SHA256
b4c9c5eb047b3a7696577d8b3863fa9f2555b5a670c1b4c538eaf488eb0003f4

SHA512
9e1fbbb5a717d4a24ef06456e0eda1b362b6bb2ff351a977cb93e5811777137feabfe1f2654e5419259f22eb2549d34c9ff08717465ff295b430eda655e415de

Download Submit
C:\Windows\System\JhIWzkG.exe

Filesize
2.3MB

MD5
801b00190ab32b26139d3b004184f3f1

SHA1
03c69b98fa6d58cd174d2d4dadb78c42cb1cd372

SHA256
1479655f58a038967e903221a2248c217c499b8d07f989804c85e15877fa73a1

SHA512
271a351d33ca8bacb0d9b5437cc68d1e9db9af5d67c93c7a17b9a14d80aec2876ef2f11a409015cb3d155fd76d41638e7df096483733919c785521b294e19aff

Download Submit
C:\Windows\System\LGJCHCR.exe

Filesize
2.3MB

MD5
5666ab9befca91d45d9bd9555c5cf374

SHA1
7fe237d57f789624426e6d81812773ed847bca2c

SHA256
f223f83ada2c2434e852410d0e67f3238f24c49c18bba3ff965e68e46ff607f3

SHA512
9845fe9b0386df395f8b3035a509bc4d950cac5161098f42f05b64427f4438b2cc3448548befd8f72eec2af41b6a58ab67dfc4939a59ac52c4066d5b7fe41d44

Download Submit
C:\Windows\System\NkKjSvq.exe

Filesize
2.3MB

MD5
a15b8a188de006d33476cc9350a995b4

SHA1
26b0ee356872d2021274f1ea55d2e7e5fd41e882

SHA256
5e2c28c9b71f00aff9c1c88470d0c5678ec864b1fe68b24cf4d2752bda91c456

SHA512
dbabd68925a2debe29f6fe84410a3914e415e1ffe53b5494865c230f737011a1ac6ac1ee368f20cda0e385f85d0d98f5a5d851962d20bef0ebfadb97ce9232a8

Download Submit
C:\Windows\System\Rafuiaa.exe

Filesize
2.3MB

MD5
887426296c07a49bafb936e1fa0fb55a

SHA1
ee9929ada177d5e7c4af0c449e1167a22cfec3db

SHA256
4975d671cec58e71460bea2251cd4df709f779fa7c274db8455762964edd9661

SHA512
f0bc7adedeae8d8aec1f211b988f2bbfe1c13397ae8f6e240228829e8da021c7d799d4dd5cd359bc0535a6a907846e3f5ba25778a4f9d9b2600cbd1ef1ca0e4f

Download Submit
C:\Windows\System\TXCyrtO.exe

Filesize
2.3MB

MD5
047c207fbeff32a39979d22872376ccc

SHA1
1d6b48f463be1aa87f090631560044441cc26e9b

SHA256
065290bb8f32bfffe54cd768ee477f04f2ff786d073b93d09c61cf65d9ed1297

SHA512
0eccbb535e6d5c079ba3ae995a165097429bb3299a0f3ca9f7f64d8b150b2326db540c7985c3c6e84ab930ca5318a49a96d089935a5bdfa761354ef5f5c13546

Download Submit
C:\Windows\System\VXIcNpJ.exe

Filesize
2.3MB

MD5
e4647a182466842df93ff5eb03ed92ba

SHA1
5c83fb753ea298e6065ccbea339bb8ab92b8a52d

SHA256
b87e73abce5daaf48de3888424c688c93c6f070941f8b3206943b4d3625c3f24

SHA512
ae1b5f420fca34424ffa7156c09cedc8def00f7ad5c05ba7836a3e2d6bb382a547967e145da3def0c9742fbfadc2c864589b9d08e00287f74235f3d0a18674fb

Download Submit
C:\Windows\System\VqCDUVE.exe

Filesize
2.3MB

MD5
f3633ed2b837878997934d1008a02ebc

SHA1
511f8f9af684b527b963680df7fad035e999420f

SHA256
91c67c4e8eca8e5cbe5e73067ea7eb0c8a1c1b408137ed7f80bd2a9560bfa580

SHA512
5f5d2e4fe932930b84e01f606239714f4d5fa8a65b5315a76d6649eb109606cf0c3ed7d507438f2121f64d34ef906e49652b46926c865fe9bdb88b012b11bc3f

Download Submit
C:\Windows\System\WVjssph.exe

Filesize
2.3MB

MD5
36840fad59d32dbda91e3e07eea0a7d7

SHA1
02dce654577cf74e5ebcb00111583bee3e36b52d

SHA256
48a3e29db53f982a4e923c0181fcc14496866e514f770e1e19afdc9cb8e6776f

SHA512
39ea2fe85fa797e800660a09da71f5aaaa9df0f10739a7ed24b25858de2d545d78541d9e6688913713f889d1afafbc59a329eef701230ceeeecbc706ed6725ca

Download Submit
C:\Windows\System\YkDlUsT.exe

Filesize
2.3MB

MD5
1fe89a8e7a98bc7fa69b0b9df451dc8c

SHA1
8ef6cc06ec51ae132e7ff4a4196d68e84f8df207

SHA256
5f8927b314337ad84cb0cecbe7043309bbd01b6db4cb7ca79c428c568183b446

SHA512
ca94da6b630da2e55014eb59b1328e286d234662a478a3d476a49b082c350efecb3424e9757b6cb723af8d77ef8d86df8df22c19ef67cc642f68cbf4d0780fc2

Download Submit
C:\Windows\System\andHsyh.exe

Filesize
2.3MB

MD5
23a21c66c9b2a59c0b7b23e775dff3b7

SHA1
6457fb1b0e6f02f4a974ebee0e59d09da970fd8f

SHA256
72ba76e8702a0739ac9acad55a1dca6e9559116077ecc78dd992bd42bf6ee13a

SHA512
811b131a3a3e85c56d68e125c77a829c5963b166c1514d5f23cbdb62b61453dde83cd1307b31f422b713f90d64d571de9657460d25e2b26d569ce1306004ff82

Download Submit
C:\Windows\System\dpbxLBq.exe

Filesize
2.3MB

MD5
3dec0c7790787da779c30db0f3aaddd8

SHA1
dbf10cfee3a0dd9385d3451a296b3d9c08024b98

SHA256
540b849ea6d034d28fc1ddbd7cbcaf03d69f6ef90ad6a4082798fd85d2cef273

SHA512
0ea6bafe2819ca82664df512876f958431446fcabee52959b94203152f93353afea9198ffe83aa774b5dd23590d483300a8ce56301fc16cbb2be3df4f1597b85

Download Submit
C:\Windows\System\fOHwqTE.exe

Filesize
2.3MB

MD5
e70bb42dff56b70fb38cd506ef4b61db

SHA1
0a650d3a2da2d5d1694b95d5cdddb3395364365f

SHA256
8d423dfc4d606fd3c0b10bcb817382d40be0d53e88b85e205c827e65697560a1

SHA512
3a3d0d2fd9a2e6a11364fcf76bfaf3eba9188fc16069e8c460a2b10ac9e3ff59c626d525180ed8a9dc45663d3f6156839a51786f23da00906ff47801e6b66233

Download Submit
C:\Windows\System\ffLHoym.exe

Filesize
2.3MB

MD5
addb241371f4581532e2c3dd8c761fb1

SHA1
7a45a933c0f640e720ced98e688ce7d2690678e2

SHA256
3e0bc6a9966f03fb60d2fd9d0797eed8e6a94765ed88bd414707291a8d90dd6c

SHA512
085ebea3601a717186240277a809440f6d55ca056465f62ae6c4c01bb700147120d931eb6d92254c70b16a0315ef9dc7df2b8c8824bce10e2925ead0749ad85b

Download Submit
C:\Windows\System\iLnENIY.exe

Filesize
2.3MB

MD5
2c3edfed92d531dfcbd43da3e575d1b6

SHA1
1ef204c244e27c2ecb0c3a6b506d3294dd002c96

SHA256
c0542865afaeeb3f8133a54ef69e2d883cda885398434c96a46fc5b91ca3526f

SHA512
256074b6ec99e3fa359150a61829efff056e02288cfbba97e21345ef5c719b185bb998ead1f8d7ba89834c06e72bf168e2c080ef2a97ed2473e6aefc77246668

Download Submit
C:\Windows\System\itxozet.exe

Filesize
2.3MB

MD5
f144272dac63bd897e8eee5fb6e3f6eb

SHA1
2ce75ecae01e11e286d6be00007010a203c1b278

SHA256
96b94d2d0dd27a3aa413f02657068afcf0c7db5a5b5664576b42bd3af648cf3d

SHA512
137dd02bf16cf50a086821465298e6395fd12f6984fa3e60561dca447fb3cbe5b8b7c644ceb8512ecb3e2d6a11334cc6bce1e2e6d1762aa04c0bc41669eaac1d

Download Submit
C:\Windows\System\jOyPJhx.exe

Filesize
2.3MB

MD5
77feb9c87819764c129fbaa5d1072367

SHA1
044f1b6e5d060e342ed19da0a97d73e84c97d0f3

SHA256
8db218dba9667603fcb130094e78590deecea4ba317a05e5481ac2293f414b09

SHA512
0f36d01d10de4261bbc6b5bbae6d5e7c40556d06cf28156efb7f35370ef4758f1582eac424d84fe40a60f4a42758b3e86cf685e44d640a9c9501382cd9df4f9b

Download Submit
C:\Windows\System\lmtHHTf.exe

Filesize
2.3MB

MD5
e414d21ccf78331d67eb78fe31688f65

SHA1
26eb723013817a2dda07cd0ea803d387a616dd9f

SHA256
e8c033b26dff471f238915a10cd8a18973077d25910fd073585a0028085b891e

SHA512
8556929be22f98c7c01882cd7623e07ef4f6c8cff47f6caaf36368c65a84eb165fbb8bc8ccee40fa803106882b9d43fb70ced72b7adfcbc406b7336329fd1519

Download Submit
C:\Windows\System\nelNPQR.exe

Filesize
2.3MB

MD5
94fe107967ac71e186e5194679a09f4f

SHA1
f046bfca4d555c1e62c321ba52ebe5654dd89574

SHA256
73c2d23d574af764f32c8e0bac08ed625d89fc949f7dd4ac690f2ad57b9b0576

SHA512
d5fd925734e95baaafa4fc387f3ff268baedb2fec68d31b20ef7fd14c1a895526077e0ef4454e952e80122febe8727a7273f20d4ca4b2df7209207a9a837daff

Download Submit
C:\Windows\System\oMLXFXg.exe

Filesize
2.3MB

MD5
32cd3e2800cb9b95ba36a740944a5b56

SHA1
b72192c247426d480b9ea21caa0b50fb53b21771

SHA256
b248d123883d514b2cf359409a99416eaa6ba9ba548fe317134a7850806146e3

SHA512
8190a08116f690d2f175f18917d36a5b5ae03bd8b2ee9e68ef63e464853cddb8a8a28a97c78cd79f26ff281f622e5ed0975ccbd028e8fa5d6fcaef7776f0db3c

Download Submit
C:\Windows\System\oQoyYMG.exe

Filesize
2.3MB

MD5
a035a3b64ca8cc98734679caaef73a78

SHA1
866f2738285ca64c267a32f74eab7a1f9ac97b8f

SHA256
2ce24f908dbf5df0bd8ecd7ae327c011857faafce4e99939e91ae4783db8788a

SHA512
894160ccb3ed9ade9d9d52d019304d6fab15cb1359966f923d1ba4b77607bba06f669119103666a22aa369f083c65f04bfe3bffde6f26cc761e4d8f2fae252c4

Download Submit
C:\Windows\System\sWDxuHF.exe

Filesize
2.3MB

MD5
9e7a5d6aa5ed4cdcb4e5053c14c1bacc

SHA1
e3e279637b809d9f19d9d834005b821eb4d33c0e

SHA256
3d010b95eb09287bdd1b9c8a3eda0ecea7ff869d095fe815067c851aae1bbf8a

SHA512
dd2dae37781b888efde3b48d64fbcb98c1ead70f4b0783beaf74cedb7d7c07be9f974478b491ea514ad0cd4310ed8abe886896f809ed33593a43a4d8a5d293e8

Download Submit
C:\Windows\System\sYAbNuv.exe

Filesize
2.3MB

MD5
6ee588bf03d303efa0eb7dafb4b56319

SHA1
c2fa202f3b4ad90226c65f7e5f1b1a38f6c0bca1

SHA256
9981b91fb1f5855140f5542df0b5045d52900dac5ff6c75ba5833c8af3a6260e

SHA512
fb4b88ace2c8f8b56354c1605a0ddd255f89fd5d7387fdfcda9b00abfb1edd504e67f534003dc652b3dcd8b9042d0d844e5993229d8474d6e61c0ab4a214a72f

Download Submit
C:\Windows\System\tOLSfOv.exe

Filesize
2.3MB

MD5
b4d9b7ffcfd490d58ab691a4072870a2

SHA1
8fa17fc89a189b4f2da0d78c2ef1b21fb3fba237

SHA256
34142ed74cea0610a5ebfc76a8e2fcb653e0fec7f6266b2ffc460f29d45856aa

SHA512
26b39cd2af8498cbd74cd260b5325c13df433688f1ef34028ffab4d57a3b192cf8af10c9f37d6e634ad896c5bd0ee8e2fe94b49e5e801863551c2ba91bdaad87

Download Submit
C:\Windows\System\tUymFeP.exe

Filesize
2.3MB

MD5
a6d4ec04a67e7d148d334715ac0ecdf9

SHA1
66f2ead184974b73fc0aa6dbdd98416d2fbc36b7

SHA256
610304f3db81759be863e4f3534086ee99285955cbe7d1fb821ed4872c03323c

SHA512
2c6c229d4f578df073a6ecd231a5774312e51ce64fcc34bf96d786c80cdd046d2ec6e1fa66bc8d427af0e1c8d10b37991fdd5204bbb4de98bd697a47dbedd359

Download Submit
C:\Windows\System\ubpvNLS.exe

Filesize
2.3MB

MD5
7e483ac8343c06baa7b65846a14216b6

SHA1
0f1aeca4b43aa9330b05076a6e63cb5512fd17da

SHA256
2b4d3ad08daaa98bbf99b56993a02e3dcf5e1d4398b1a9023ca9becbe7c60821

SHA512
b6bb9d5d5568b6a0eb567f6504074078ad64a23035b463d08f0aac88dce92e117bfe6161183d2bc506b91528eec54cfd46bfdf7920d028ee406c4018a4a7e711

Download Submit
C:\Windows\System\ufrtUFJ.exe

Filesize
2.3MB

MD5
30184b1e3b9ca8357abf3922abdac0b1

SHA1
5796152a15558391b97bf41acdc7161885cc8f1c

SHA256
433b5b384782d2e5be7b812adfddb38d506a073ec0dcd0bcb9810ed8c989fe2f

SHA512
bbcf309d8a105769f185e7eceabd385f5b6384047a3f89dcd610a5025beb561ff9394eb32b02c6f7a32ead285fc2108904265213e8efe889b226b4e04bbfe58d

Download Submit
C:\Windows\System\vhrGWNz.exe

Filesize
2.3MB

MD5
587cfd13dd50fa311f82f8fbae4b4a44

SHA1
763b77c0caf06fa1c54d864f2264c5809e7700d4

SHA256
30f91966d358b6103fa8797dbedba5e551564457cd9ec48404cd0204fabb4e46

SHA512
681eb738a0e15eb7ca6d3030f3dbaebbeb5353c05946ea6752765c7f9de95d198d85cea6ecc779326d4e7c389e429582d616de1cab76045854fa3ab575c2306d

Download Submit
C:\Windows\System\wNWVEBh.exe

Filesize
2.3MB

MD5
27d784f4c9be6e19dbdfca6e2ebad4d5

SHA1
13f329a620fc58ac47d45ad328bb29dcb173a613

SHA256
65c312350ce24a56a4cda9e953fb575c3e61f7e8d7998345f3e18f12556aa33d

SHA512
e6c1e668b5baeefe53a8846a8d8a2825a00ece2d715b996c4e6004529d9e50bba2ae434329e26687943b7fc0005edae6cab83429e8b35dedc213d375c40027ad

Download Submit
C:\Windows\System\xKSEpMD.exe

Filesize
2.3MB

MD5
06878558dae2a5cc4dec1ee75c651190

SHA1
16e470ea0ede329977e0de969f89d1df30978ea3

SHA256
7fbe49e21d93e494c2691c4cedce4c54a5f1c483c47a7d73273fd472f3c6a753

SHA512
080c8053d3cdcdac0e9806506846af007a18dd59501d6fc2c94a32e9ba5b1f79eba65a56746df4c9657960c837fe48b6317d6135083d35122f935a3eab99a085

Download Submit
C:\Windows\System\xhHnAGd.exe

Filesize
2.3MB

MD5
6dc897915f34e4e6b3cbf98b94973a34

SHA1
3c43ca7d143d78883a10305a12ffdc15e65ebd4b

SHA256
85719cd80cf66090ef230d9c913a89760da43a1fe6ff0e169f47b134fa6e94a6

SHA512
81dd3190a62106bbe16ed3d9194bcd2b2bb10948c97827bc881167a1aa9193e77120dab785618c97396e161e97044bc4495638b6612bb1c58e0485042e1ef9cc

Download Submit
C:\Windows\System\xhRBgPr.exe

Filesize
2.3MB

MD5
9ab6dece82375c2127d7cc08dc91a494

SHA1
df38cf43d9a0bf31513f5e0c97da9259d61950e2

SHA256
382fc8334ef0f162d15a7b4567e97ac1378a8a0603cfa43bd61fd032e3490c48

SHA512
427ad6dd589fb0764442ca52e17965b2cf8596aec3b5267b806cb97deb5a92e3ac21b6552e9232894f07511f7a778464a5891b7dac9ed17edbb1585b2d8bb174

Download Submit
C:\Windows\System\zqicAxi.exe

Filesize
2.3MB

MD5
b7420c101e5f2dcea6e979776aa486eb

SHA1
828cfe184ebaa6b078c0cfc5a3e176ef7eb7181c

SHA256
355f1f6991a11a5f5a656aaa9a7bd038bb5b44987cc4fdca1688384b2da0280d

SHA512
e45e702edfa8087b189b88691ff3d974b3b20ffdb7fa33b94436983e436a71c257dcc17b77b30bb75d01d9ae2e8e58ca09e9f55b51e1ea17cc20292f606580d1

Download Submit
memory/368-212-0x00007FF6C4F60000-0x00007FF6C52B4000-memory.dmp

Filesize
3.3MB

Download
memory/368-2182-0x00007FF6C4F60000-0x00007FF6C52B4000-memory.dmp

Filesize
3.3MB

Download
memory/740-230-0x00007FF7E5250000-0x00007FF7E55A4000-memory.dmp

Filesize
3.3MB

Download
memory/740-2186-0x00007FF7E5250000-0x00007FF7E55A4000-memory.dmp

Filesize
3.3MB

Download
memory/784-131-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp

Filesize
3.3MB

Download
memory/784-2173-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-2172-0x00007FF703100000-0x00007FF703454000-memory.dmp

Filesize
3.3MB

Download
memory/1156-128-0x00007FF703100000-0x00007FF703454000-memory.dmp

Filesize
3.3MB

Download
memory/1200-200-0x00007FF763D60000-0x00007FF7640B4000-memory.dmp

Filesize
3.3MB

Download
memory/1200-2181-0x00007FF763D60000-0x00007FF7640B4000-memory.dmp

Filesize
3.3MB

Download
memory/1384-133-0x00007FF7C42F0000-0x00007FF7C4644000-memory.dmp

Filesize
3.3MB

Download
memory/1384-2179-0x00007FF7C42F0000-0x00007FF7C4644000-memory.dmp

Filesize
3.3MB

Download
memory/1484-87-0x00007FF633EC0000-0x00007FF634214000-memory.dmp

Filesize
3.3MB

Download
memory/1484-2175-0x00007FF633EC0000-0x00007FF634214000-memory.dmp

Filesize
3.3MB

Download
memory/1656-129-0x00007FF6CA2C0000-0x00007FF6CA614000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2171-0x00007FF6CA2C0000-0x00007FF6CA614000-memory.dmp

Filesize
3.3MB

Download
memory/1668-2168-0x00007FF64A610000-0x00007FF64A964000-memory.dmp

Filesize
3.3MB

Download
memory/1668-78-0x00007FF64A610000-0x00007FF64A964000-memory.dmp

Filesize
3.3MB

Download
memory/1804-132-0x00007FF71A7D0000-0x00007FF71AB24000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2180-0x00007FF71A7D0000-0x00007FF71AB24000-memory.dmp

Filesize
3.3MB

Download
memory/1828-2155-0x00007FF7BCDD0000-0x00007FF7BD124000-memory.dmp

Filesize
3.3MB

Download
memory/1828-73-0x00007FF7BCDD0000-0x00007FF7BD124000-memory.dmp

Filesize
3.3MB

Download
memory/1828-2167-0x00007FF7BCDD0000-0x00007FF7BD124000-memory.dmp

Filesize
3.3MB

Download
memory/1852-2162-0x00007FF77F5E0000-0x00007FF77F934000-memory.dmp

Filesize
3.3MB

Download
memory/1852-53-0x00007FF77F5E0000-0x00007FF77F934000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1989-0x00007FF6ACD70000-0x00007FF6AD0C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2163-0x00007FF6ACD70000-0x00007FF6AD0C4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-54-0x00007FF6ACD70000-0x00007FF6AD0C4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1982-0x00007FF76CDD0000-0x00007FF76D124000-memory.dmp

Filesize
3.3MB

Download
memory/1976-0-0x00007FF76CDD0000-0x00007FF76D124000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1-0x0000017D8E140000-0x0000017D8E150000-memory.dmp

Filesize
64KB

Download
memory/2044-110-0x00007FF7B5330000-0x00007FF7B5684000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2166-0x00007FF7B5330000-0x00007FF7B5684000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2170-0x00007FF6F20A0000-0x00007FF6F23F4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-79-0x00007FF6F20A0000-0x00007FF6F23F4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2164-0x00007FF66DF10000-0x00007FF66E264000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2154-0x00007FF66DF10000-0x00007FF66E264000-memory.dmp

Filesize
3.3MB

Download
memory/2596-65-0x00007FF66DF10000-0x00007FF66E264000-memory.dmp

Filesize
3.3MB

Download
memory/2672-100-0x00007FF767340000-0x00007FF767694000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2177-0x00007FF767340000-0x00007FF767694000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2174-0x00007FF6B0B60000-0x00007FF6B0EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-134-0x00007FF6B0B60000-0x00007FF6B0EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-127-0x00007FF6E9170000-0x00007FF6E94C4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2176-0x00007FF6E9170000-0x00007FF6E94C4000-memory.dmp

Filesize
3.3MB

Download
memory/3228-2178-0x00007FF6D84B0000-0x00007FF6D8804000-memory.dmp

Filesize
3.3MB

Download
memory/3228-130-0x00007FF6D84B0000-0x00007FF6D8804000-memory.dmp

Filesize
3.3MB

Download
memory/3440-31-0x00007FF707EB0000-0x00007FF708204000-memory.dmp

Filesize
3.3MB

Download
memory/3440-2161-0x00007FF707EB0000-0x00007FF708204000-memory.dmp

Filesize
3.3MB

Download
memory/3624-2187-0x00007FF66A790000-0x00007FF66AAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3624-2157-0x00007FF66A790000-0x00007FF66AAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3624-185-0x00007FF66A790000-0x00007FF66AAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3924-2165-0x00007FF68A2A0000-0x00007FF68A5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3924-111-0x00007FF68A2A0000-0x00007FF68A5F4000-memory.dmp

Filesize
3.3MB

Download
memory/4128-2158-0x00007FF6C8B00000-0x00007FF6C8E54000-memory.dmp

Filesize
3.3MB

Download
memory/4128-2184-0x00007FF6C8B00000-0x00007FF6C8E54000-memory.dmp

Filesize
3.3MB

Download
memory/4128-164-0x00007FF6C8B00000-0x00007FF6C8E54000-memory.dmp

Filesize
3.3MB

Download
memory/4232-158-0x00007FF78BFF0000-0x00007FF78C344000-memory.dmp

Filesize
3.3MB

Download
memory/4232-2156-0x00007FF78BFF0000-0x00007FF78C344000-memory.dmp

Filesize
3.3MB

Download
memory/4232-2185-0x00007FF78BFF0000-0x00007FF78C344000-memory.dmp

Filesize
3.3MB

Download
memory/4428-112-0x00007FF6D21E0000-0x00007FF6D2534000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2169-0x00007FF6D21E0000-0x00007FF6D2534000-memory.dmp

Filesize
3.3MB

Download
memory/4484-29-0x00007FF72CED0000-0x00007FF72D224000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2160-0x00007FF72CED0000-0x00007FF72D224000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2183-0x00007FF69BC40000-0x00007FF69BF94000-memory.dmp

Filesize
3.3MB

Download
memory/4732-222-0x00007FF69BC40000-0x00007FF69BF94000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2159-0x00007FF6DEC30000-0x00007FF6DEF84000-memory.dmp

Filesize
3.3MB

Download
memory/4840-11-0x00007FF6DEC30000-0x00007FF6DEF84000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2153-0x00007FF6DEC30000-0x00007FF6DEF84000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads