xmrig | aed2e1ef6fc51b622d538c1b71656d74e0c4234af9b42cb880f733064f247be7

Analysis

max time kernel
113s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 20:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
Size

2.1MB
MD5

f5932107c21e2fec82ef09b5c024f2d0
SHA1

d154f9b0073f829a57ebc8926b8065bec617b75a
SHA256

aed2e1ef6fc51b622d538c1b71656d74e0c4234af9b42cb880f733064f247be7
SHA512

f19de8074a736a814b3a70d9be272cebf81229bbf02f224a72050c86f256f284b08fe8c03facdf0bb5e0767e1f0dcff21d1eb5d45b937aaaeee86db52c6efc74
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQFD2PrtGAYWRFvkrJ:BemTLkNdfE0pZrQ7

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2184-0-0x00007FF6B1060000-0x00007FF6B13B4000-memory.dmp	xmrig
behavioral2/files/0x000a0000000233c0-5.dat	xmrig
behavioral2/files/0x000800000002340b-7.dat	xmrig
behavioral2/memory/4896-9-0x00007FF7D7AE0000-0x00007FF7D7E34000-memory.dmp	xmrig
behavioral2/files/0x00090000000233f4-18.dat	xmrig
behavioral2/files/0x000700000002340d-31.dat	xmrig
behavioral2/memory/2984-43-0x00007FF7D6A90000-0x00007FF7D6DE4000-memory.dmp	xmrig
behavioral2/memory/1436-45-0x00007FF7EFD90000-0x00007FF7F00E4000-memory.dmp	xmrig
behavioral2/memory/4772-51-0x00007FF79BBA0000-0x00007FF79BEF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-58.dat	xmrig
behavioral2/files/0x0007000000023414-65.dat	xmrig
behavioral2/files/0x000700000002341b-101.dat	xmrig
behavioral2/files/0x000700000002341f-123.dat	xmrig
behavioral2/memory/4584-141-0x00007FF773B10000-0x00007FF773E64000-memory.dmp	xmrig
behavioral2/memory/4064-159-0x00007FF79AE50000-0x00007FF79B1A4000-memory.dmp	xmrig
behavioral2/memory/2220-163-0x00007FF7EE530000-0x00007FF7EE884000-memory.dmp	xmrig
behavioral2/memory/4312-168-0x00007FF61C240000-0x00007FF61C594000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-181.dat	xmrig
behavioral2/files/0x0007000000023429-196.dat	xmrig
behavioral2/memory/4612-233-0x00007FF6A4F80000-0x00007FF6A52D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-193.dat	xmrig
behavioral2/files/0x0007000000023427-190.dat	xmrig
behavioral2/files/0x0007000000023425-184.dat	xmrig
behavioral2/files/0x0007000000023424-174.dat	xmrig
behavioral2/memory/3108-170-0x00007FF78B6C0000-0x00007FF78BA14000-memory.dmp	xmrig
behavioral2/memory/4620-169-0x00007FF764710000-0x00007FF764A64000-memory.dmp	xmrig
behavioral2/memory/2260-167-0x00007FF7C7090000-0x00007FF7C73E4000-memory.dmp	xmrig
behavioral2/memory/1580-166-0x00007FF709810000-0x00007FF709B64000-memory.dmp	xmrig
behavioral2/memory/4764-165-0x00007FF7ACC40000-0x00007FF7ACF94000-memory.dmp	xmrig
behavioral2/memory/5032-164-0x00007FF7BE820000-0x00007FF7BEB74000-memory.dmp	xmrig
behavioral2/memory/4608-162-0x00007FF6EF1D0000-0x00007FF6EF524000-memory.dmp	xmrig
behavioral2/memory/4940-161-0x00007FF7F34D0000-0x00007FF7F3824000-memory.dmp	xmrig
behavioral2/memory/3552-160-0x00007FF7D4C10000-0x00007FF7D4F64000-memory.dmp	xmrig
behavioral2/memory/4944-158-0x00007FF7F55C0000-0x00007FF7F5914000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-156.dat	xmrig
behavioral2/files/0x0007000000023422-154.dat	xmrig
behavioral2/files/0x0007000000023421-152.dat	xmrig
behavioral2/files/0x0007000000023420-150.dat	xmrig
behavioral2/files/0x0008000000023409-148.dat	xmrig
behavioral2/files/0x0007000000023419-144.dat	xmrig
behavioral2/files/0x000700000002341e-142.dat	xmrig
behavioral2/memory/1232-140-0x00007FF6389A0000-0x00007FF638CF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-138.dat	xmrig
behavioral2/files/0x000700000002341c-136.dat	xmrig
behavioral2/files/0x000700000002341a-132.dat	xmrig
behavioral2/memory/3040-131-0x00007FF6F5240000-0x00007FF6F5594000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-128.dat	xmrig
behavioral2/memory/1464-118-0x00007FF7253B0000-0x00007FF725704000-memory.dmp	xmrig
behavioral2/files/0x0007000000023417-105.dat	xmrig
behavioral2/memory/3512-96-0x00007FF64A950000-0x00007FF64ACA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-90.dat	xmrig
behavioral2/files/0x0007000000023416-78.dat	xmrig
behavioral2/memory/3452-76-0x00007FF674710000-0x00007FF674A64000-memory.dmp	xmrig
behavioral2/memory/2996-72-0x00007FF6B0690000-0x00007FF6B09E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-67.dat	xmrig
behavioral2/files/0x0007000000023412-62.dat	xmrig
behavioral2/files/0x0007000000023410-49.dat	xmrig
behavioral2/files/0x000700000002340f-46.dat	xmrig
behavioral2/memory/512-44-0x00007FF638D90000-0x00007FF6390E4000-memory.dmp	xmrig
behavioral2/memory/4884-40-0x00007FF671B80000-0x00007FF671ED4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-36.dat	xmrig
behavioral2/memory/2664-33-0x00007FF76EA00000-0x00007FF76ED54000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-28.dat	xmrig
behavioral2/memory/2088-23-0x00007FF760F60000-0x00007FF7612B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4896	OQHlURJ.exe
2088	huxpXeF.exe
2664	YYKzjVr.exe
4884	iZsTIaZ.exe
2984	GFrtGTy.exe
512	bXewpQE.exe
4772	EWLkPXn.exe
1436	EuKmqSm.exe
2996	IRxWZnT.exe
3452	OdMhsmy.exe
3512	bDyGzfY.exe
1464	YEyYXoZ.exe
3040	cpJwtRK.exe
4312	vJDoths.exe
1232	RXvmcEN.exe
4620	aNVLLhz.exe
4584	UDYtOkj.exe
4944	lSGrgNn.exe
4064	gGyhTGU.exe
3552	xmlvZXu.exe
3108	DAUSHTc.exe
4940	PHhxSRe.exe
4608	xEcteBM.exe
2220	VkphMUO.exe
5032	uCjUXui.exe
4764	utZGKZO.exe
1580	qvqoUwh.exe
2260	dWDjlbK.exe
4612	dGYOmzZ.exe
3084	ktaEHTE.exe
2968	IIsnjYk.exe
1664	yWiXWVe.exe
4404	StNmFxy.exe
1396	dFPcvle.exe
2032	EotkAHf.exe
3808	byijHuy.exe
3980	FAszHCz.exe
1752	DZbouDr.exe
1272	vdecbNw.exe
1532	gJUcsEC.exe
1828	XyAawHN.exe
4844	IgOQGcL.exe
4868	bUKgfgv.exe
2140	rNzUUDQ.exe
4556	hZJfutl.exe
5040	hrwlAMs.exe
1144	bZgnjMA.exe
1564	pIvpqkV.exe
1388	TxvElDC.exe
3176	bBWSQTp.exe
1968	yyuFOII.exe
1548	LwFYGFF.exe
548	EnrNBZw.exe
2104	HHsTzRv.exe
3624	TBhkgCI.exe
1944	QOjowOH.exe
3768	fsxQMXW.exe
3420	ByCstoS.exe
2928	zbpPtEn.exe
464	CnsDqLG.exe
1284	VBwWgYP.exe
2704	NOtYjFm.exe
4148	HsvRBWq.exe
376	xTZJfHa.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2184-0-0x00007FF6B1060000-0x00007FF6B13B4000-memory.dmp	upx
behavioral2/files/0x000a0000000233c0-5.dat	upx
behavioral2/files/0x000800000002340b-7.dat	upx
behavioral2/memory/4896-9-0x00007FF7D7AE0000-0x00007FF7D7E34000-memory.dmp	upx
behavioral2/files/0x00090000000233f4-18.dat	upx
behavioral2/files/0x000700000002340d-31.dat	upx
behavioral2/memory/2984-43-0x00007FF7D6A90000-0x00007FF7D6DE4000-memory.dmp	upx
behavioral2/memory/1436-45-0x00007FF7EFD90000-0x00007FF7F00E4000-memory.dmp	upx
behavioral2/memory/4772-51-0x00007FF79BBA0000-0x00007FF79BEF4000-memory.dmp	upx
behavioral2/files/0x0007000000023411-58.dat	upx
behavioral2/files/0x0007000000023414-65.dat	upx
behavioral2/files/0x000700000002341b-101.dat	upx
behavioral2/files/0x000700000002341f-123.dat	upx
behavioral2/memory/4584-141-0x00007FF773B10000-0x00007FF773E64000-memory.dmp	upx
behavioral2/memory/4064-159-0x00007FF79AE50000-0x00007FF79B1A4000-memory.dmp	upx
behavioral2/memory/2220-163-0x00007FF7EE530000-0x00007FF7EE884000-memory.dmp	upx
behavioral2/memory/4312-168-0x00007FF61C240000-0x00007FF61C594000-memory.dmp	upx
behavioral2/files/0x0007000000023426-181.dat	upx
behavioral2/files/0x0007000000023429-196.dat	upx
behavioral2/memory/4612-233-0x00007FF6A4F80000-0x00007FF6A52D4000-memory.dmp	upx
behavioral2/files/0x0007000000023428-193.dat	upx
behavioral2/files/0x0007000000023427-190.dat	upx
behavioral2/files/0x0007000000023425-184.dat	upx
behavioral2/files/0x0007000000023424-174.dat	upx
behavioral2/memory/3108-170-0x00007FF78B6C0000-0x00007FF78BA14000-memory.dmp	upx
behavioral2/memory/4620-169-0x00007FF764710000-0x00007FF764A64000-memory.dmp	upx
behavioral2/memory/2260-167-0x00007FF7C7090000-0x00007FF7C73E4000-memory.dmp	upx
behavioral2/memory/1580-166-0x00007FF709810000-0x00007FF709B64000-memory.dmp	upx
behavioral2/memory/4764-165-0x00007FF7ACC40000-0x00007FF7ACF94000-memory.dmp	upx
behavioral2/memory/5032-164-0x00007FF7BE820000-0x00007FF7BEB74000-memory.dmp	upx
behavioral2/memory/4608-162-0x00007FF6EF1D0000-0x00007FF6EF524000-memory.dmp	upx
behavioral2/memory/4940-161-0x00007FF7F34D0000-0x00007FF7F3824000-memory.dmp	upx
behavioral2/memory/3552-160-0x00007FF7D4C10000-0x00007FF7D4F64000-memory.dmp	upx
behavioral2/memory/4944-158-0x00007FF7F55C0000-0x00007FF7F5914000-memory.dmp	upx
behavioral2/files/0x0007000000023423-156.dat	upx
behavioral2/files/0x0007000000023422-154.dat	upx
behavioral2/files/0x0007000000023421-152.dat	upx
behavioral2/files/0x0007000000023420-150.dat	upx
behavioral2/files/0x0008000000023409-148.dat	upx
behavioral2/files/0x0007000000023419-144.dat	upx
behavioral2/files/0x000700000002341e-142.dat	upx
behavioral2/memory/1232-140-0x00007FF6389A0000-0x00007FF638CF4000-memory.dmp	upx
behavioral2/files/0x000700000002341d-138.dat	upx
behavioral2/files/0x000700000002341c-136.dat	upx
behavioral2/files/0x000700000002341a-132.dat	upx
behavioral2/memory/3040-131-0x00007FF6F5240000-0x00007FF6F5594000-memory.dmp	upx
behavioral2/files/0x0007000000023418-128.dat	upx
behavioral2/memory/1464-118-0x00007FF7253B0000-0x00007FF725704000-memory.dmp	upx
behavioral2/files/0x0007000000023417-105.dat	upx
behavioral2/memory/3512-96-0x00007FF64A950000-0x00007FF64ACA4000-memory.dmp	upx
behavioral2/files/0x0007000000023415-90.dat	upx
behavioral2/files/0x0007000000023416-78.dat	upx
behavioral2/memory/3452-76-0x00007FF674710000-0x00007FF674A64000-memory.dmp	upx
behavioral2/memory/2996-72-0x00007FF6B0690000-0x00007FF6B09E4000-memory.dmp	upx
behavioral2/files/0x0007000000023413-67.dat	upx
behavioral2/files/0x0007000000023412-62.dat	upx
behavioral2/files/0x0007000000023410-49.dat	upx
behavioral2/files/0x000700000002340f-46.dat	upx
behavioral2/memory/512-44-0x00007FF638D90000-0x00007FF6390E4000-memory.dmp	upx
behavioral2/memory/4884-40-0x00007FF671B80000-0x00007FF671ED4000-memory.dmp	upx
behavioral2/files/0x000700000002340e-36.dat	upx
behavioral2/memory/2664-33-0x00007FF76EA00000-0x00007FF76ED54000-memory.dmp	upx
behavioral2/files/0x000700000002340c-28.dat	upx
behavioral2/memory/2088-23-0x00007FF760F60000-0x00007FF7612B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EJhPgmb.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\UNuilol.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\bLOxctF.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\cJlawWr.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\MdUHnUv.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\GmdTXtq.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\lEFofbJ.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\DmnuxrY.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\uocjGyu.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\xKejHSo.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\obkaEDF.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\IOMcuhE.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\HWhpxmn.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\KzFVBGV.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\KrOrpXa.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\hGazVuJ.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\WqKykKB.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\yjbWunm.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\eVmOvZw.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\bNnklXP.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\MfUYFOC.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\qGcCLih.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\PonflZu.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\oNTTBXd.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\rIyQsGl.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\JJOsVrL.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\EuKmqSm.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\DAUSHTc.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\kfqAGhi.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\SJISPCN.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\wUlBrDT.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\EDekVNe.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\hzxSsUU.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\BmxOxIc.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\GmoQktu.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\CKwlHXl.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\IBNpAVH.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\USIDjYo.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\hGyEhYm.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\rtqdNbh.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\SZKNCof.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\bZgnjMA.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\stPiQTZ.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\GlNzeZf.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\BAFTcEP.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\XlxuiRF.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\JLHqhJY.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\urlHDeq.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\ovjpRYz.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\xTZJfHa.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\WaNtqDx.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\DJsfqeV.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\LNJaIgK.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\icqLfyb.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\lAxvbCx.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\DxXYImU.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\MivdNrQ.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\pkIsMDf.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\clfgHnI.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\tzgHyMF.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\ecfXivp.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\oMaEPqf.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\QOjowOH.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
File created	C:\Windows\System\CeYnBGy.exe	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14200	dwm.exe
Token: SeChangeNotifyPrivilege	14200	dwm.exe
Token: 33	14200	dwm.exe
Token: SeIncBasePriorityPrivilege	14200	dwm.exe
Token: SeShutdownPrivilege	14200	dwm.exe
Token: SeCreatePagefilePrivilege	14200	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 4896	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	84
PID 2184 wrote to memory of 4896	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	84
PID 2184 wrote to memory of 2088	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	85
PID 2184 wrote to memory of 2088	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	85
PID 2184 wrote to memory of 2664	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	86
PID 2184 wrote to memory of 2664	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	86
PID 2184 wrote to memory of 4884	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	87
PID 2184 wrote to memory of 4884	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	87
PID 2184 wrote to memory of 2984	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	88
PID 2184 wrote to memory of 2984	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	88
PID 2184 wrote to memory of 512	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	89
PID 2184 wrote to memory of 512	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	89
PID 2184 wrote to memory of 4772	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	90
PID 2184 wrote to memory of 4772	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	90
PID 2184 wrote to memory of 1436	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	91
PID 2184 wrote to memory of 1436	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	91
PID 2184 wrote to memory of 3512	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	92
PID 2184 wrote to memory of 3512	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	92
PID 2184 wrote to memory of 2996	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	93
PID 2184 wrote to memory of 2996	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	93
PID 2184 wrote to memory of 3452	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	94
PID 2184 wrote to memory of 3452	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	94
PID 2184 wrote to memory of 1464	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	95
PID 2184 wrote to memory of 1464	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	95
PID 2184 wrote to memory of 3040	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	96
PID 2184 wrote to memory of 3040	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	96
PID 2184 wrote to memory of 4312	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	97
PID 2184 wrote to memory of 4312	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	97
PID 2184 wrote to memory of 1232	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	98
PID 2184 wrote to memory of 1232	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	98
PID 2184 wrote to memory of 4620	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	99
PID 2184 wrote to memory of 4620	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	99
PID 2184 wrote to memory of 4940	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	100
PID 2184 wrote to memory of 4940	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	100
PID 2184 wrote to memory of 4584	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	101
PID 2184 wrote to memory of 4584	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	101
PID 2184 wrote to memory of 4944	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	102
PID 2184 wrote to memory of 4944	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	102
PID 2184 wrote to memory of 4064	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	103
PID 2184 wrote to memory of 4064	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	103
PID 2184 wrote to memory of 3552	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	104
PID 2184 wrote to memory of 3552	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	104
PID 2184 wrote to memory of 3108	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	105
PID 2184 wrote to memory of 3108	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	105
PID 2184 wrote to memory of 4608	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	106
PID 2184 wrote to memory of 4608	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	106
PID 2184 wrote to memory of 2220	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	107
PID 2184 wrote to memory of 2220	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	107
PID 2184 wrote to memory of 5032	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	108
PID 2184 wrote to memory of 5032	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	108
PID 2184 wrote to memory of 4764	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	109
PID 2184 wrote to memory of 4764	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	109
PID 2184 wrote to memory of 1580	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	110
PID 2184 wrote to memory of 1580	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	110
PID 2184 wrote to memory of 2260	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	111
PID 2184 wrote to memory of 2260	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	111
PID 2184 wrote to memory of 4612	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	112
PID 2184 wrote to memory of 4612	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	112
PID 2184 wrote to memory of 3084	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	113
PID 2184 wrote to memory of 3084	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	113
PID 2184 wrote to memory of 2968	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	114
PID 2184 wrote to memory of 2968	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	114
PID 2184 wrote to memory of 1664	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	115
PID 2184 wrote to memory of 1664	2184	f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\f5932107c21e2fec82ef09b5c024f2d0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\System\OQHlURJ.exe
  C:\Windows\System\OQHlURJ.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\huxpXeF.exe
  C:\Windows\System\huxpXeF.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\YYKzjVr.exe
  C:\Windows\System\YYKzjVr.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\iZsTIaZ.exe
  C:\Windows\System\iZsTIaZ.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\GFrtGTy.exe
  C:\Windows\System\GFrtGTy.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\bXewpQE.exe
  C:\Windows\System\bXewpQE.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\EWLkPXn.exe
  C:\Windows\System\EWLkPXn.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\EuKmqSm.exe
  C:\Windows\System\EuKmqSm.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\bDyGzfY.exe
  C:\Windows\System\bDyGzfY.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\IRxWZnT.exe
  C:\Windows\System\IRxWZnT.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\OdMhsmy.exe
  C:\Windows\System\OdMhsmy.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\YEyYXoZ.exe
  C:\Windows\System\YEyYXoZ.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\cpJwtRK.exe
  C:\Windows\System\cpJwtRK.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\vJDoths.exe
  C:\Windows\System\vJDoths.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\RXvmcEN.exe
  C:\Windows\System\RXvmcEN.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\aNVLLhz.exe
  C:\Windows\System\aNVLLhz.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\PHhxSRe.exe
  C:\Windows\System\PHhxSRe.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\UDYtOkj.exe
  C:\Windows\System\UDYtOkj.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\lSGrgNn.exe
  C:\Windows\System\lSGrgNn.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\gGyhTGU.exe
  C:\Windows\System\gGyhTGU.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\xmlvZXu.exe
  C:\Windows\System\xmlvZXu.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\DAUSHTc.exe
  C:\Windows\System\DAUSHTc.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\xEcteBM.exe
  C:\Windows\System\xEcteBM.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\VkphMUO.exe
  C:\Windows\System\VkphMUO.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\uCjUXui.exe
  C:\Windows\System\uCjUXui.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\utZGKZO.exe
  C:\Windows\System\utZGKZO.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\qvqoUwh.exe
  C:\Windows\System\qvqoUwh.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\dWDjlbK.exe
  C:\Windows\System\dWDjlbK.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\dGYOmzZ.exe
  C:\Windows\System\dGYOmzZ.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\ktaEHTE.exe
  C:\Windows\System\ktaEHTE.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\IIsnjYk.exe
  C:\Windows\System\IIsnjYk.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\yWiXWVe.exe
  C:\Windows\System\yWiXWVe.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\StNmFxy.exe
  C:\Windows\System\StNmFxy.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\dFPcvle.exe
  C:\Windows\System\dFPcvle.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\EotkAHf.exe
  C:\Windows\System\EotkAHf.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\byijHuy.exe
  C:\Windows\System\byijHuy.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\FAszHCz.exe
  C:\Windows\System\FAszHCz.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\DZbouDr.exe
  C:\Windows\System\DZbouDr.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\vdecbNw.exe
  C:\Windows\System\vdecbNw.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\gJUcsEC.exe
  C:\Windows\System\gJUcsEC.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\XyAawHN.exe
  C:\Windows\System\XyAawHN.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\IgOQGcL.exe
  C:\Windows\System\IgOQGcL.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\bUKgfgv.exe
  C:\Windows\System\bUKgfgv.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\rNzUUDQ.exe
  C:\Windows\System\rNzUUDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\hZJfutl.exe
  C:\Windows\System\hZJfutl.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\hrwlAMs.exe
  C:\Windows\System\hrwlAMs.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\bZgnjMA.exe
  C:\Windows\System\bZgnjMA.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\pIvpqkV.exe
  C:\Windows\System\pIvpqkV.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\TxvElDC.exe
  C:\Windows\System\TxvElDC.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\bBWSQTp.exe
  C:\Windows\System\bBWSQTp.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\yyuFOII.exe
  C:\Windows\System\yyuFOII.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\LwFYGFF.exe
  C:\Windows\System\LwFYGFF.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\EnrNBZw.exe
  C:\Windows\System\EnrNBZw.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\HHsTzRv.exe
  C:\Windows\System\HHsTzRv.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\TBhkgCI.exe
  C:\Windows\System\TBhkgCI.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\QOjowOH.exe
  C:\Windows\System\QOjowOH.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\fsxQMXW.exe
  C:\Windows\System\fsxQMXW.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\ByCstoS.exe
  C:\Windows\System\ByCstoS.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\zbpPtEn.exe
  C:\Windows\System\zbpPtEn.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\CnsDqLG.exe
  C:\Windows\System\CnsDqLG.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\VBwWgYP.exe
  C:\Windows\System\VBwWgYP.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\NOtYjFm.exe
  C:\Windows\System\NOtYjFm.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\HsvRBWq.exe
  C:\Windows\System\HsvRBWq.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\xTZJfHa.exe
  C:\Windows\System\xTZJfHa.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\LqErZsM.exe
  C:\Windows\System\LqErZsM.exe
  2⤵
  PID:3724
- C:\Windows\System\YnmHvOB.exe
  C:\Windows\System\YnmHvOB.exe
  2⤵
  PID:2936
- C:\Windows\System\bXZzczk.exe
  C:\Windows\System\bXZzczk.exe
  2⤵
  PID:1840
- C:\Windows\System\imlgmci.exe
  C:\Windows\System\imlgmci.exe
  2⤵
  PID:4528
- C:\Windows\System\FMUvTVX.exe
  C:\Windows\System\FMUvTVX.exe
  2⤵
  PID:4904
- C:\Windows\System\NWgvbhv.exe
  C:\Windows\System\NWgvbhv.exe
  2⤵
  PID:2728
- C:\Windows\System\AuJvGZV.exe
  C:\Windows\System\AuJvGZV.exe
  2⤵
  PID:4344
- C:\Windows\System\hoovIVq.exe
  C:\Windows\System\hoovIVq.exe
  2⤵
  PID:4304
- C:\Windows\System\jRqPhfm.exe
  C:\Windows\System\jRqPhfm.exe
  2⤵
  PID:4568
- C:\Windows\System\oUhmoiI.exe
  C:\Windows\System\oUhmoiI.exe
  2⤵
  PID:1624
- C:\Windows\System\XZEdVmc.exe
  C:\Windows\System\XZEdVmc.exe
  2⤵
  PID:3096
- C:\Windows\System\sMHcvjr.exe
  C:\Windows\System\sMHcvjr.exe
  2⤵
  PID:3180
- C:\Windows\System\JUdeaHo.exe
  C:\Windows\System\JUdeaHo.exe
  2⤵
  PID:624
- C:\Windows\System\GDyozWu.exe
  C:\Windows\System\GDyozWu.exe
  2⤵
  PID:4540
- C:\Windows\System\BdWeOJh.exe
  C:\Windows\System\BdWeOJh.exe
  2⤵
  PID:1068
- C:\Windows\System\nOWLVNW.exe
  C:\Windows\System\nOWLVNW.exe
  2⤵
  PID:2752
- C:\Windows\System\cWLZGvt.exe
  C:\Windows\System\cWLZGvt.exe
  2⤵
  PID:2548
- C:\Windows\System\vwKrXCG.exe
  C:\Windows\System\vwKrXCG.exe
  2⤵
  PID:3380
- C:\Windows\System\PeogPjE.exe
  C:\Windows\System\PeogPjE.exe
  2⤵
  PID:2952
- C:\Windows\System\eVmOvZw.exe
  C:\Windows\System\eVmOvZw.exe
  2⤵
  PID:4964
- C:\Windows\System\kUyvBiM.exe
  C:\Windows\System\kUyvBiM.exe
  2⤵
  PID:2328
- C:\Windows\System\woXGpYg.exe
  C:\Windows\System\woXGpYg.exe
  2⤵
  PID:1576
- C:\Windows\System\NmATSrF.exe
  C:\Windows\System\NmATSrF.exe
  2⤵
  PID:1256
- C:\Windows\System\WaJqcRo.exe
  C:\Windows\System\WaJqcRo.exe
  2⤵
  PID:4700
- C:\Windows\System\yCBXSnK.exe
  C:\Windows\System\yCBXSnK.exe
  2⤵
  PID:2068
- C:\Windows\System\fVvPmrS.exe
  C:\Windows\System\fVvPmrS.exe
  2⤵
  PID:400
- C:\Windows\System\xjghLzS.exe
  C:\Windows\System\xjghLzS.exe
  2⤵
  PID:3456
- C:\Windows\System\qROZDSv.exe
  C:\Windows\System\qROZDSv.exe
  2⤵
  PID:2536
- C:\Windows\System\mkSkbsw.exe
  C:\Windows\System\mkSkbsw.exe
  2⤵
  PID:4216
- C:\Windows\System\wFMDOJQ.exe
  C:\Windows\System\wFMDOJQ.exe
  2⤵
  PID:4784
- C:\Windows\System\hTPQCwN.exe
  C:\Windows\System\hTPQCwN.exe
  2⤵
  PID:4500
- C:\Windows\System\auwKLVq.exe
  C:\Windows\System\auwKLVq.exe
  2⤵
  PID:4524
- C:\Windows\System\oLiFYVS.exe
  C:\Windows\System\oLiFYVS.exe
  2⤵
  PID:3212
- C:\Windows\System\rQhkKwp.exe
  C:\Windows\System\rQhkKwp.exe
  2⤵
  PID:4408
- C:\Windows\System\yYNMQTi.exe
  C:\Windows\System\yYNMQTi.exe
  2⤵
  PID:2788
- C:\Windows\System\gevpcYk.exe
  C:\Windows\System\gevpcYk.exe
  2⤵
  PID:3100
- C:\Windows\System\MivdNrQ.exe
  C:\Windows\System\MivdNrQ.exe
  2⤵
  PID:4272
- C:\Windows\System\OvpXbZT.exe
  C:\Windows\System\OvpXbZT.exe
  2⤵
  PID:4992
- C:\Windows\System\HTWuMmm.exe
  C:\Windows\System\HTWuMmm.exe
  2⤵
  PID:2044
- C:\Windows\System\XALvCps.exe
  C:\Windows\System\XALvCps.exe
  2⤵
  PID:1240
- C:\Windows\System\WaNtqDx.exe
  C:\Windows\System\WaNtqDx.exe
  2⤵
  PID:5084
- C:\Windows\System\ErZXCjr.exe
  C:\Windows\System\ErZXCjr.exe
  2⤵
  PID:4212
- C:\Windows\System\lLNQGxd.exe
  C:\Windows\System\lLNQGxd.exe
  2⤵
  PID:8
- C:\Windows\System\KnPypMZ.exe
  C:\Windows\System\KnPypMZ.exe
  2⤵
  PID:2448
- C:\Windows\System\ARKvduk.exe
  C:\Windows\System\ARKvduk.exe
  2⤵
  PID:5148
- C:\Windows\System\zLGfHEQ.exe
  C:\Windows\System\zLGfHEQ.exe
  2⤵
  PID:5176
- C:\Windows\System\hEqUnGB.exe
  C:\Windows\System\hEqUnGB.exe
  2⤵
  PID:5204
- C:\Windows\System\SAntofk.exe
  C:\Windows\System\SAntofk.exe
  2⤵
  PID:5240
- C:\Windows\System\pkIsMDf.exe
  C:\Windows\System\pkIsMDf.exe
  2⤵
  PID:5272
- C:\Windows\System\tnhRwMF.exe
  C:\Windows\System\tnhRwMF.exe
  2⤵
  PID:5304
- C:\Windows\System\pTpXhUz.exe
  C:\Windows\System\pTpXhUz.exe
  2⤵
  PID:5336
- C:\Windows\System\NUxRNtm.exe
  C:\Windows\System\NUxRNtm.exe
  2⤵
  PID:5380
- C:\Windows\System\nsTNTET.exe
  C:\Windows\System\nsTNTET.exe
  2⤵
  PID:5400
- C:\Windows\System\irTLULM.exe
  C:\Windows\System\irTLULM.exe
  2⤵
  PID:5416
- C:\Windows\System\bNnklXP.exe
  C:\Windows\System\bNnklXP.exe
  2⤵
  PID:5456
- C:\Windows\System\zpfnHCe.exe
  C:\Windows\System\zpfnHCe.exe
  2⤵
  PID:5500
- C:\Windows\System\ayFNSbl.exe
  C:\Windows\System\ayFNSbl.exe
  2⤵
  PID:5536
- C:\Windows\System\DJsfqeV.exe
  C:\Windows\System\DJsfqeV.exe
  2⤵
  PID:5568
- C:\Windows\System\aeqAFLQ.exe
  C:\Windows\System\aeqAFLQ.exe
  2⤵
  PID:5604
- C:\Windows\System\iHFTAdt.exe
  C:\Windows\System\iHFTAdt.exe
  2⤵
  PID:5632
- C:\Windows\System\stPiQTZ.exe
  C:\Windows\System\stPiQTZ.exe
  2⤵
  PID:5668
- C:\Windows\System\VENlniZ.exe
  C:\Windows\System\VENlniZ.exe
  2⤵
  PID:5700
- C:\Windows\System\VnLvqUM.exe
  C:\Windows\System\VnLvqUM.exe
  2⤵
  PID:5744
- C:\Windows\System\tyOwhgu.exe
  C:\Windows\System\tyOwhgu.exe
  2⤵
  PID:5764
- C:\Windows\System\ncIGGpc.exe
  C:\Windows\System\ncIGGpc.exe
  2⤵
  PID:5792
- C:\Windows\System\MfUYFOC.exe
  C:\Windows\System\MfUYFOC.exe
  2⤵
  PID:5828
- C:\Windows\System\bLOxctF.exe
  C:\Windows\System\bLOxctF.exe
  2⤵
  PID:5856
- C:\Windows\System\sSVGhDV.exe
  C:\Windows\System\sSVGhDV.exe
  2⤵
  PID:5888
- C:\Windows\System\BtyMaSx.exe
  C:\Windows\System\BtyMaSx.exe
  2⤵
  PID:5916
- C:\Windows\System\ldpOScQ.exe
  C:\Windows\System\ldpOScQ.exe
  2⤵
  PID:5944
- C:\Windows\System\rTGkDkW.exe
  C:\Windows\System\rTGkDkW.exe
  2⤵
  PID:5972
- C:\Windows\System\ehorWAN.exe
  C:\Windows\System\ehorWAN.exe
  2⤵
  PID:5988
- C:\Windows\System\BwugLJm.exe
  C:\Windows\System\BwugLJm.exe
  2⤵
  PID:6016
- C:\Windows\System\NNaMlVc.exe
  C:\Windows\System\NNaMlVc.exe
  2⤵
  PID:6044
- C:\Windows\System\CbZQWft.exe
  C:\Windows\System\CbZQWft.exe
  2⤵
  PID:6072
- C:\Windows\System\qJpMsnn.exe
  C:\Windows\System\qJpMsnn.exe
  2⤵
  PID:6100
- C:\Windows\System\qhATdyt.exe
  C:\Windows\System\qhATdyt.exe
  2⤵
  PID:6128
- C:\Windows\System\QVuJyid.exe
  C:\Windows\System\QVuJyid.exe
  2⤵
  PID:5140
- C:\Windows\System\dUBjewr.exe
  C:\Windows\System\dUBjewr.exe
  2⤵
  PID:5196
- C:\Windows\System\AmBztgY.exe
  C:\Windows\System\AmBztgY.exe
  2⤵
  PID:5292
- C:\Windows\System\PRwtYXv.exe
  C:\Windows\System\PRwtYXv.exe
  2⤵
  PID:5364
- C:\Windows\System\fXmUGgs.exe
  C:\Windows\System\fXmUGgs.exe
  2⤵
  PID:5452
- C:\Windows\System\BEIINNF.exe
  C:\Windows\System\BEIINNF.exe
  2⤵
  PID:5548
- C:\Windows\System\OsNrsCm.exe
  C:\Windows\System\OsNrsCm.exe
  2⤵
  PID:5592
- C:\Windows\System\qslTJBX.exe
  C:\Windows\System\qslTJBX.exe
  2⤵
  PID:5664
- C:\Windows\System\okVjQCu.exe
  C:\Windows\System\okVjQCu.exe
  2⤵
  PID:5752
- C:\Windows\System\lRDOwTM.exe
  C:\Windows\System\lRDOwTM.exe
  2⤵
  PID:5844
- C:\Windows\System\TyqyGrJ.exe
  C:\Windows\System\TyqyGrJ.exe
  2⤵
  PID:5912
- C:\Windows\System\cWnLtZU.exe
  C:\Windows\System\cWnLtZU.exe
  2⤵
  PID:5984
- C:\Windows\System\hfbiRVx.exe
  C:\Windows\System\hfbiRVx.exe
  2⤵
  PID:6032
- C:\Windows\System\cJlawWr.exe
  C:\Windows\System\cJlawWr.exe
  2⤵
  PID:6124
- C:\Windows\System\BHZbJHV.exe
  C:\Windows\System\BHZbJHV.exe
  2⤵
  PID:5316
- C:\Windows\System\HxWwLRA.exe
  C:\Windows\System\HxWwLRA.exe
  2⤵
  PID:5532
- C:\Windows\System\XlxuiRF.exe
  C:\Windows\System\XlxuiRF.exe
  2⤵
  PID:5692
- C:\Windows\System\sbrmJGQ.exe
  C:\Windows\System\sbrmJGQ.exe
  2⤵
  PID:5880
- C:\Windows\System\vILnqSa.exe
  C:\Windows\System\vILnqSa.exe
  2⤵
  PID:6060
- C:\Windows\System\hxWIULa.exe
  C:\Windows\System\hxWIULa.exe
  2⤵
  PID:5328
- C:\Windows\System\FRIywOz.exe
  C:\Windows\System\FRIywOz.exe
  2⤵
  PID:5840
- C:\Windows\System\clfgHnI.exe
  C:\Windows\System\clfgHnI.exe
  2⤵
  PID:5172
- C:\Windows\System\XqjIlNX.exe
  C:\Windows\System\XqjIlNX.exe
  2⤵
  PID:6156
- C:\Windows\System\UGtNOpx.exe
  C:\Windows\System\UGtNOpx.exe
  2⤵
  PID:6184
- C:\Windows\System\nqyHYRY.exe
  C:\Windows\System\nqyHYRY.exe
  2⤵
  PID:6212
- C:\Windows\System\RZlZQUx.exe
  C:\Windows\System\RZlZQUx.exe
  2⤵
  PID:6244
- C:\Windows\System\mGUIbjZ.exe
  C:\Windows\System\mGUIbjZ.exe
  2⤵
  PID:6268
- C:\Windows\System\zmHJMcL.exe
  C:\Windows\System\zmHJMcL.exe
  2⤵
  PID:6296
- C:\Windows\System\ljNZVef.exe
  C:\Windows\System\ljNZVef.exe
  2⤵
  PID:6312
- C:\Windows\System\oclbEJa.exe
  C:\Windows\System\oclbEJa.exe
  2⤵
  PID:6344
- C:\Windows\System\oVhdGkQ.exe
  C:\Windows\System\oVhdGkQ.exe
  2⤵
  PID:6380
- C:\Windows\System\nouBAwb.exe
  C:\Windows\System\nouBAwb.exe
  2⤵
  PID:6408
- C:\Windows\System\sDPXmfG.exe
  C:\Windows\System\sDPXmfG.exe
  2⤵
  PID:6436
- C:\Windows\System\BKtBhaT.exe
  C:\Windows\System\BKtBhaT.exe
  2⤵
  PID:6456
- C:\Windows\System\TXoUqra.exe
  C:\Windows\System\TXoUqra.exe
  2⤵
  PID:6492
- C:\Windows\System\enOxskB.exe
  C:\Windows\System\enOxskB.exe
  2⤵
  PID:6508
- C:\Windows\System\rAlIeIh.exe
  C:\Windows\System\rAlIeIh.exe
  2⤵
  PID:6536
- C:\Windows\System\emOhPUB.exe
  C:\Windows\System\emOhPUB.exe
  2⤵
  PID:6568
- C:\Windows\System\rPEfgcp.exe
  C:\Windows\System\rPEfgcp.exe
  2⤵
  PID:6600
- C:\Windows\System\WbZVbHQ.exe
  C:\Windows\System\WbZVbHQ.exe
  2⤵
  PID:6632
- C:\Windows\System\HWhpxmn.exe
  C:\Windows\System\HWhpxmn.exe
  2⤵
  PID:6648
- C:\Windows\System\KmQKHOx.exe
  C:\Windows\System\KmQKHOx.exe
  2⤵
  PID:6684
- C:\Windows\System\imhYMFR.exe
  C:\Windows\System\imhYMFR.exe
  2⤵
  PID:6708
- C:\Windows\System\ARAvGdi.exe
  C:\Windows\System\ARAvGdi.exe
  2⤵
  PID:6744
- C:\Windows\System\heOynUM.exe
  C:\Windows\System\heOynUM.exe
  2⤵
  PID:6776
- C:\Windows\System\yrtLcDg.exe
  C:\Windows\System\yrtLcDg.exe
  2⤵
  PID:6804
- C:\Windows\System\kfqAGhi.exe
  C:\Windows\System\kfqAGhi.exe
  2⤵
  PID:6836
- C:\Windows\System\XKDIPuC.exe
  C:\Windows\System\XKDIPuC.exe
  2⤵
  PID:6860
- C:\Windows\System\qGcCLih.exe
  C:\Windows\System\qGcCLih.exe
  2⤵
  PID:6876
- C:\Windows\System\Bjeykbs.exe
  C:\Windows\System\Bjeykbs.exe
  2⤵
  PID:6904
- C:\Windows\System\qrgtqZW.exe
  C:\Windows\System\qrgtqZW.exe
  2⤵
  PID:6936
- C:\Windows\System\FmIvMEJ.exe
  C:\Windows\System\FmIvMEJ.exe
  2⤵
  PID:6952
- C:\Windows\System\JBAEmLd.exe
  C:\Windows\System\JBAEmLd.exe
  2⤵
  PID:6968
- C:\Windows\System\EmEOSbJ.exe
  C:\Windows\System\EmEOSbJ.exe
  2⤵
  PID:6992
- C:\Windows\System\lvZGAFa.exe
  C:\Windows\System\lvZGAFa.exe
  2⤵
  PID:7008
- C:\Windows\System\ppXMBUB.exe
  C:\Windows\System\ppXMBUB.exe
  2⤵
  PID:7036
- C:\Windows\System\UnuLRFu.exe
  C:\Windows\System\UnuLRFu.exe
  2⤵
  PID:7052
- C:\Windows\System\APfCsiD.exe
  C:\Windows\System\APfCsiD.exe
  2⤵
  PID:7084
- C:\Windows\System\nLqaWUI.exe
  C:\Windows\System\nLqaWUI.exe
  2⤵
  PID:7136
- C:\Windows\System\WCpfVKj.exe
  C:\Windows\System\WCpfVKj.exe
  2⤵
  PID:7156
- C:\Windows\System\agNSpND.exe
  C:\Windows\System\agNSpND.exe
  2⤵
  PID:3864
- C:\Windows\System\dmRjAnv.exe
  C:\Windows\System\dmRjAnv.exe
  2⤵
  PID:6236
- C:\Windows\System\fRtBuWs.exe
  C:\Windows\System\fRtBuWs.exe
  2⤵
  PID:6336
- C:\Windows\System\IxwfzCC.exe
  C:\Windows\System\IxwfzCC.exe
  2⤵
  PID:6400
- C:\Windows\System\drJXFvJ.exe
  C:\Windows\System\drJXFvJ.exe
  2⤵
  PID:6476
- C:\Windows\System\rPLWVpe.exe
  C:\Windows\System\rPLWVpe.exe
  2⤵
  PID:6528
- C:\Windows\System\KrBJrsn.exe
  C:\Windows\System\KrBJrsn.exe
  2⤵
  PID:6596
- C:\Windows\System\VcNLmKe.exe
  C:\Windows\System\VcNLmKe.exe
  2⤵
  PID:6660
- C:\Windows\System\MhLgErq.exe
  C:\Windows\System\MhLgErq.exe
  2⤵
  PID:6728
- C:\Windows\System\IMyLKvp.exe
  C:\Windows\System\IMyLKvp.exe
  2⤵
  PID:6824
- C:\Windows\System\sUAOtdC.exe
  C:\Windows\System\sUAOtdC.exe
  2⤵
  PID:6888
- C:\Windows\System\KOSWSfI.exe
  C:\Windows\System\KOSWSfI.exe
  2⤵
  PID:6988
- C:\Windows\System\vrPJAjC.exe
  C:\Windows\System\vrPJAjC.exe
  2⤵
  PID:7000
- C:\Windows\System\DLyOmhI.exe
  C:\Windows\System\DLyOmhI.exe
  2⤵
  PID:7116
- C:\Windows\System\lYNlrIa.exe
  C:\Windows\System\lYNlrIa.exe
  2⤵
  PID:6168
- C:\Windows\System\qnkTtaU.exe
  C:\Windows\System\qnkTtaU.exe
  2⤵
  PID:6260
- C:\Windows\System\DPdVjQj.exe
  C:\Windows\System\DPdVjQj.exe
  2⤵
  PID:6452
- C:\Windows\System\oBGlxxj.exe
  C:\Windows\System\oBGlxxj.exe
  2⤵
  PID:6560
- C:\Windows\System\DFoPAnF.exe
  C:\Windows\System\DFoPAnF.exe
  2⤵
  PID:6716
- C:\Windows\System\hsDMGmb.exe
  C:\Windows\System\hsDMGmb.exe
  2⤵
  PID:6872
- C:\Windows\System\gNOSWTA.exe
  C:\Windows\System\gNOSWTA.exe
  2⤵
  PID:7020
- C:\Windows\System\VLaiJTt.exe
  C:\Windows\System\VLaiJTt.exe
  2⤵
  PID:7148
- C:\Windows\System\sAEFZbB.exe
  C:\Windows\System\sAEFZbB.exe
  2⤵
  PID:6420
- C:\Windows\System\EYqVwzd.exe
  C:\Windows\System\EYqVwzd.exe
  2⤵
  PID:6960
- C:\Windows\System\oYIskhV.exe
  C:\Windows\System\oYIskhV.exe
  2⤵
  PID:6288
- C:\Windows\System\HxindHm.exe
  C:\Windows\System\HxindHm.exe
  2⤵
  PID:7072
- C:\Windows\System\GbHQOQV.exe
  C:\Windows\System\GbHQOQV.exe
  2⤵
  PID:7180
- C:\Windows\System\xRUlKXC.exe
  C:\Windows\System\xRUlKXC.exe
  2⤵
  PID:7208
- C:\Windows\System\nVqICvs.exe
  C:\Windows\System\nVqICvs.exe
  2⤵
  PID:7224
- C:\Windows\System\RwEWtdd.exe
  C:\Windows\System\RwEWtdd.exe
  2⤵
  PID:7256
- C:\Windows\System\uemZuUS.exe
  C:\Windows\System\uemZuUS.exe
  2⤵
  PID:7292
- C:\Windows\System\zzoqrPL.exe
  C:\Windows\System\zzoqrPL.exe
  2⤵
  PID:7316
- C:\Windows\System\fFPHSFW.exe
  C:\Windows\System\fFPHSFW.exe
  2⤵
  PID:7348
- C:\Windows\System\XCnhQxT.exe
  C:\Windows\System\XCnhQxT.exe
  2⤵
  PID:7364
- C:\Windows\System\wTYlMeY.exe
  C:\Windows\System\wTYlMeY.exe
  2⤵
  PID:7392
- C:\Windows\System\PonflZu.exe
  C:\Windows\System\PonflZu.exe
  2⤵
  PID:7420
- C:\Windows\System\IDggVAO.exe
  C:\Windows\System\IDggVAO.exe
  2⤵
  PID:7448
- C:\Windows\System\pRPETUw.exe
  C:\Windows\System\pRPETUw.exe
  2⤵
  PID:7480
- C:\Windows\System\GAsGZLd.exe
  C:\Windows\System\GAsGZLd.exe
  2⤵
  PID:7504
- C:\Windows\System\hmyPkYh.exe
  C:\Windows\System\hmyPkYh.exe
  2⤵
  PID:7532
- C:\Windows\System\CmjNPxx.exe
  C:\Windows\System\CmjNPxx.exe
  2⤵
  PID:7572
- C:\Windows\System\vftqzIX.exe
  C:\Windows\System\vftqzIX.exe
  2⤵
  PID:7600
- C:\Windows\System\XTfvEUK.exe
  C:\Windows\System\XTfvEUK.exe
  2⤵
  PID:7628
- C:\Windows\System\uocjGyu.exe
  C:\Windows\System\uocjGyu.exe
  2⤵
  PID:7652
- C:\Windows\System\TyqTLQD.exe
  C:\Windows\System\TyqTLQD.exe
  2⤵
  PID:7672
- C:\Windows\System\zigExXo.exe
  C:\Windows\System\zigExXo.exe
  2⤵
  PID:7700
- C:\Windows\System\mttkIRU.exe
  C:\Windows\System\mttkIRU.exe
  2⤵
  PID:7732
- C:\Windows\System\VrTbWVk.exe
  C:\Windows\System\VrTbWVk.exe
  2⤵
  PID:7760
- C:\Windows\System\gFDtCPW.exe
  C:\Windows\System\gFDtCPW.exe
  2⤵
  PID:7788
- C:\Windows\System\zONyOec.exe
  C:\Windows\System\zONyOec.exe
  2⤵
  PID:7824
- C:\Windows\System\BgvKRPR.exe
  C:\Windows\System\BgvKRPR.exe
  2⤵
  PID:7856
- C:\Windows\System\DzKaxJW.exe
  C:\Windows\System\DzKaxJW.exe
  2⤵
  PID:7876
- C:\Windows\System\vgLJUDX.exe
  C:\Windows\System\vgLJUDX.exe
  2⤵
  PID:7900
- C:\Windows\System\MrxCGBO.exe
  C:\Windows\System\MrxCGBO.exe
  2⤵
  PID:7928
- C:\Windows\System\LnriChI.exe
  C:\Windows\System\LnriChI.exe
  2⤵
  PID:7960
- C:\Windows\System\aVwQbNx.exe
  C:\Windows\System\aVwQbNx.exe
  2⤵
  PID:7996
- C:\Windows\System\SZdPaAt.exe
  C:\Windows\System\SZdPaAt.exe
  2⤵
  PID:8024
- C:\Windows\System\JDMfjBt.exe
  C:\Windows\System\JDMfjBt.exe
  2⤵
  PID:8052
- C:\Windows\System\drJqYxo.exe
  C:\Windows\System\drJqYxo.exe
  2⤵
  PID:8080
- C:\Windows\System\CeYnBGy.exe
  C:\Windows\System\CeYnBGy.exe
  2⤵
  PID:8108
- C:\Windows\System\iWLZJoW.exe
  C:\Windows\System\iWLZJoW.exe
  2⤵
  PID:8136
- C:\Windows\System\MEHFJxv.exe
  C:\Windows\System\MEHFJxv.exe
  2⤵
  PID:8168
- C:\Windows\System\dkpBATL.exe
  C:\Windows\System\dkpBATL.exe
  2⤵
  PID:8188
- C:\Windows\System\tlMupxJ.exe
  C:\Windows\System\tlMupxJ.exe
  2⤵
  PID:7236
- C:\Windows\System\QKSjkIb.exe
  C:\Windows\System\QKSjkIb.exe
  2⤵
  PID:7308
- C:\Windows\System\sEBhmko.exe
  C:\Windows\System\sEBhmko.exe
  2⤵
  PID:7376
- C:\Windows\System\ndiDEXP.exe
  C:\Windows\System\ndiDEXP.exe
  2⤵
  PID:7404
- C:\Windows\System\OCeivlP.exe
  C:\Windows\System\OCeivlP.exe
  2⤵
  PID:7488
- C:\Windows\System\AloahLg.exe
  C:\Windows\System\AloahLg.exe
  2⤵
  PID:7524
- C:\Windows\System\TKUhWQj.exe
  C:\Windows\System\TKUhWQj.exe
  2⤵
  PID:7592
- C:\Windows\System\hHLOQIk.exe
  C:\Windows\System\hHLOQIk.exe
  2⤵
  PID:7692
- C:\Windows\System\hzuxMiv.exe
  C:\Windows\System\hzuxMiv.exe
  2⤵
  PID:7712
- C:\Windows\System\VYCzEqP.exe
  C:\Windows\System\VYCzEqP.exe
  2⤵
  PID:7780
- C:\Windows\System\HDxqhdE.exe
  C:\Windows\System\HDxqhdE.exe
  2⤵
  PID:7844
- C:\Windows\System\GQjCHLI.exe
  C:\Windows\System\GQjCHLI.exe
  2⤵
  PID:7892
- C:\Windows\System\CGMoLrK.exe
  C:\Windows\System\CGMoLrK.exe
  2⤵
  PID:7968
- C:\Windows\System\UzwgwFn.exe
  C:\Windows\System\UzwgwFn.exe
  2⤵
  PID:8048
- C:\Windows\System\HawkZBO.exe
  C:\Windows\System\HawkZBO.exe
  2⤵
  PID:8124
- C:\Windows\System\rUxXKCn.exe
  C:\Windows\System\rUxXKCn.exe
  2⤵
  PID:8176
- C:\Windows\System\KzFVBGV.exe
  C:\Windows\System\KzFVBGV.exe
  2⤵
  PID:7280
- C:\Windows\System\SJISPCN.exe
  C:\Windows\System\SJISPCN.exe
  2⤵
  PID:7464
- C:\Windows\System\tfiUYtz.exe
  C:\Windows\System\tfiUYtz.exe
  2⤵
  PID:7636
- C:\Windows\System\vvevvAC.exe
  C:\Windows\System\vvevvAC.exe
  2⤵
  PID:7748
- C:\Windows\System\vdPgbXF.exe
  C:\Windows\System\vdPgbXF.exe
  2⤵
  PID:7872
- C:\Windows\System\fqnUrwd.exe
  C:\Windows\System\fqnUrwd.exe
  2⤵
  PID:8156
- C:\Windows\System\tzMmCOP.exe
  C:\Windows\System\tzMmCOP.exe
  2⤵
  PID:8184
- C:\Windows\System\VLitFoM.exe
  C:\Windows\System\VLitFoM.exe
  2⤵
  PID:7612
- C:\Windows\System\WSWzwhx.exe
  C:\Windows\System\WSWzwhx.exe
  2⤵
  PID:7944
- C:\Windows\System\fhKBHHW.exe
  C:\Windows\System\fhKBHHW.exe
  2⤵
  PID:7408
- C:\Windows\System\DLXNBkw.exe
  C:\Windows\System\DLXNBkw.exe
  2⤵
  PID:8020
- C:\Windows\System\ngOBchk.exe
  C:\Windows\System\ngOBchk.exe
  2⤵
  PID:8216
- C:\Windows\System\GmoQktu.exe
  C:\Windows\System\GmoQktu.exe
  2⤵
  PID:8244
- C:\Windows\System\iATmgrQ.exe
  C:\Windows\System\iATmgrQ.exe
  2⤵
  PID:8272
- C:\Windows\System\FfinTXQ.exe
  C:\Windows\System\FfinTXQ.exe
  2⤵
  PID:8300
- C:\Windows\System\GneFgKX.exe
  C:\Windows\System\GneFgKX.exe
  2⤵
  PID:8328
- C:\Windows\System\entkTdB.exe
  C:\Windows\System\entkTdB.exe
  2⤵
  PID:8356
- C:\Windows\System\dCrveNR.exe
  C:\Windows\System\dCrveNR.exe
  2⤵
  PID:8384
- C:\Windows\System\TLXeiKk.exe
  C:\Windows\System\TLXeiKk.exe
  2⤵
  PID:8412
- C:\Windows\System\Lmyinqe.exe
  C:\Windows\System\Lmyinqe.exe
  2⤵
  PID:8428
- C:\Windows\System\MTxYZyp.exe
  C:\Windows\System\MTxYZyp.exe
  2⤵
  PID:8456
- C:\Windows\System\XwxVSmf.exe
  C:\Windows\System\XwxVSmf.exe
  2⤵
  PID:8496
- C:\Windows\System\CkQkOIR.exe
  C:\Windows\System\CkQkOIR.exe
  2⤵
  PID:8528
- C:\Windows\System\wXALkva.exe
  C:\Windows\System\wXALkva.exe
  2⤵
  PID:8564
- C:\Windows\System\qWDSptP.exe
  C:\Windows\System\qWDSptP.exe
  2⤵
  PID:8580
- C:\Windows\System\GnzGeyY.exe
  C:\Windows\System\GnzGeyY.exe
  2⤵
  PID:8608
- C:\Windows\System\VHNySth.exe
  C:\Windows\System\VHNySth.exe
  2⤵
  PID:8648
- C:\Windows\System\pCFHwaw.exe
  C:\Windows\System\pCFHwaw.exe
  2⤵
  PID:8668
- C:\Windows\System\ynVlIdf.exe
  C:\Windows\System\ynVlIdf.exe
  2⤵
  PID:8696
- C:\Windows\System\tzgHyMF.exe
  C:\Windows\System\tzgHyMF.exe
  2⤵
  PID:8716
- C:\Windows\System\rbtoIOl.exe
  C:\Windows\System\rbtoIOl.exe
  2⤵
  PID:8736
- C:\Windows\System\vKqwvkK.exe
  C:\Windows\System\vKqwvkK.exe
  2⤵
  PID:8764
- C:\Windows\System\YuOHTbI.exe
  C:\Windows\System\YuOHTbI.exe
  2⤵
  PID:8808
- C:\Windows\System\jqxebhE.exe
  C:\Windows\System\jqxebhE.exe
  2⤵
  PID:8828
- C:\Windows\System\scXMiWc.exe
  C:\Windows\System\scXMiWc.exe
  2⤵
  PID:8848
- C:\Windows\System\pcbKxYt.exe
  C:\Windows\System\pcbKxYt.exe
  2⤵
  PID:8868
- C:\Windows\System\oFuGKoH.exe
  C:\Windows\System\oFuGKoH.exe
  2⤵
  PID:8904
- C:\Windows\System\CSqNFee.exe
  C:\Windows\System\CSqNFee.exe
  2⤵
  PID:8940
- C:\Windows\System\mTTTZlN.exe
  C:\Windows\System\mTTTZlN.exe
  2⤵
  PID:8964
- C:\Windows\System\pApKgSv.exe
  C:\Windows\System\pApKgSv.exe
  2⤵
  PID:9000
- C:\Windows\System\ZfriSEO.exe
  C:\Windows\System\ZfriSEO.exe
  2⤵
  PID:9028
- C:\Windows\System\sDAiEkE.exe
  C:\Windows\System\sDAiEkE.exe
  2⤵
  PID:9048
- C:\Windows\System\HCGTCfQ.exe
  C:\Windows\System\HCGTCfQ.exe
  2⤵
  PID:9084
- C:\Windows\System\XMgQoPw.exe
  C:\Windows\System\XMgQoPw.exe
  2⤵
  PID:9116
- C:\Windows\System\gucmhUW.exe
  C:\Windows\System\gucmhUW.exe
  2⤵
  PID:9144
- C:\Windows\System\qOvIiNT.exe
  C:\Windows\System\qOvIiNT.exe
  2⤵
  PID:9176
- C:\Windows\System\rpjBkno.exe
  C:\Windows\System\rpjBkno.exe
  2⤵
  PID:9208
- C:\Windows\System\QLWmyLd.exe
  C:\Windows\System\QLWmyLd.exe
  2⤵
  PID:8208
- C:\Windows\System\bbDjhpG.exe
  C:\Windows\System\bbDjhpG.exe
  2⤵
  PID:8296
- C:\Windows\System\HGBTdQx.exe
  C:\Windows\System\HGBTdQx.exe
  2⤵
  PID:7680
- C:\Windows\System\IwQmWYN.exe
  C:\Windows\System\IwQmWYN.exe
  2⤵
  PID:8400
- C:\Windows\System\xKejHSo.exe
  C:\Windows\System\xKejHSo.exe
  2⤵
  PID:8440
- C:\Windows\System\Rutlucn.exe
  C:\Windows\System\Rutlucn.exe
  2⤵
  PID:8480
- C:\Windows\System\lPeWKxk.exe
  C:\Windows\System\lPeWKxk.exe
  2⤵
  PID:8592
- C:\Windows\System\qNqRPte.exe
  C:\Windows\System\qNqRPte.exe
  2⤵
  PID:8640
- C:\Windows\System\ANLrQQe.exe
  C:\Windows\System\ANLrQQe.exe
  2⤵
  PID:8752
- C:\Windows\System\gKClQNV.exe
  C:\Windows\System\gKClQNV.exe
  2⤵
  PID:8784
- C:\Windows\System\fuCRnsw.exe
  C:\Windows\System\fuCRnsw.exe
  2⤵
  PID:8836
- C:\Windows\System\fjafHfc.exe
  C:\Windows\System\fjafHfc.exe
  2⤵
  PID:8900
- C:\Windows\System\yThvyWD.exe
  C:\Windows\System\yThvyWD.exe
  2⤵
  PID:9016
- C:\Windows\System\zwUFymj.exe
  C:\Windows\System\zwUFymj.exe
  2⤵
  PID:9056
- C:\Windows\System\EIJoFSO.exe
  C:\Windows\System\EIJoFSO.exe
  2⤵
  PID:9108
- C:\Windows\System\XRSyInZ.exe
  C:\Windows\System\XRSyInZ.exe
  2⤵
  PID:9160
- C:\Windows\System\qrLokgj.exe
  C:\Windows\System\qrLokgj.exe
  2⤵
  PID:8236
- C:\Windows\System\wUlBrDT.exe
  C:\Windows\System\wUlBrDT.exe
  2⤵
  PID:8372
- C:\Windows\System\GlNzeZf.exe
  C:\Windows\System\GlNzeZf.exe
  2⤵
  PID:8560
- C:\Windows\System\SYLhlxD.exe
  C:\Windows\System\SYLhlxD.exe
  2⤵
  PID:8704
- C:\Windows\System\CKwlHXl.exe
  C:\Windows\System\CKwlHXl.exe
  2⤵
  PID:8792
- C:\Windows\System\WhbqqZb.exe
  C:\Windows\System\WhbqqZb.exe
  2⤵
  PID:9012
- C:\Windows\System\yaradOz.exe
  C:\Windows\System\yaradOz.exe
  2⤵
  PID:8492
- C:\Windows\System\UDbkbvP.exe
  C:\Windows\System\UDbkbvP.exe
  2⤵
  PID:8540
- C:\Windows\System\EDekVNe.exe
  C:\Windows\System\EDekVNe.exe
  2⤵
  PID:8840
- C:\Windows\System\vAVeGJj.exe
  C:\Windows\System\vAVeGJj.exe
  2⤵
  PID:9168
- C:\Windows\System\jMWttOz.exe
  C:\Windows\System\jMWttOz.exe
  2⤵
  PID:8980
- C:\Windows\System\PblrzAJ.exe
  C:\Windows\System\PblrzAJ.exe
  2⤵
  PID:9224
- C:\Windows\System\CgdbnQE.exe
  C:\Windows\System\CgdbnQE.exe
  2⤵
  PID:9244
- C:\Windows\System\coaZkIe.exe
  C:\Windows\System\coaZkIe.exe
  2⤵
  PID:9272
- C:\Windows\System\cnDqTKG.exe
  C:\Windows\System\cnDqTKG.exe
  2⤵
  PID:9308
- C:\Windows\System\WWgKmkA.exe
  C:\Windows\System\WWgKmkA.exe
  2⤵
  PID:9324
- C:\Windows\System\XnbYxYn.exe
  C:\Windows\System\XnbYxYn.exe
  2⤵
  PID:9356
- C:\Windows\System\LUZgbBM.exe
  C:\Windows\System\LUZgbBM.exe
  2⤵
  PID:9380
- C:\Windows\System\IBcXVIU.exe
  C:\Windows\System\IBcXVIU.exe
  2⤵
  PID:9412
- C:\Windows\System\sioLjjp.exe
  C:\Windows\System\sioLjjp.exe
  2⤵
  PID:9428
- C:\Windows\System\hQIIGkq.exe
  C:\Windows\System\hQIIGkq.exe
  2⤵
  PID:9452
- C:\Windows\System\dUFEnYj.exe
  C:\Windows\System\dUFEnYj.exe
  2⤵
  PID:9480
- C:\Windows\System\sENQqPO.exe
  C:\Windows\System\sENQqPO.exe
  2⤵
  PID:9504
- C:\Windows\System\vbRBVnB.exe
  C:\Windows\System\vbRBVnB.exe
  2⤵
  PID:9536
- C:\Windows\System\ssDfxfz.exe
  C:\Windows\System\ssDfxfz.exe
  2⤵
  PID:9564
- C:\Windows\System\HxLmfFK.exe
  C:\Windows\System\HxLmfFK.exe
  2⤵
  PID:9592
- C:\Windows\System\SiQxteX.exe
  C:\Windows\System\SiQxteX.exe
  2⤵
  PID:9628
- C:\Windows\System\rYjRrFm.exe
  C:\Windows\System\rYjRrFm.exe
  2⤵
  PID:9652
- C:\Windows\System\KmXZhTc.exe
  C:\Windows\System\KmXZhTc.exe
  2⤵
  PID:9684
- C:\Windows\System\DRUBtMI.exe
  C:\Windows\System\DRUBtMI.exe
  2⤵
  PID:9716
- C:\Windows\System\qDBQVat.exe
  C:\Windows\System\qDBQVat.exe
  2⤵
  PID:9744
- C:\Windows\System\mYQxkQz.exe
  C:\Windows\System\mYQxkQz.exe
  2⤵
  PID:9776
- C:\Windows\System\Ymtfcwc.exe
  C:\Windows\System\Ymtfcwc.exe
  2⤵
  PID:9796
- C:\Windows\System\ONAVYYe.exe
  C:\Windows\System\ONAVYYe.exe
  2⤵
  PID:9824
- C:\Windows\System\LNJaIgK.exe
  C:\Windows\System\LNJaIgK.exe
  2⤵
  PID:9864
- C:\Windows\System\JLHqhJY.exe
  C:\Windows\System\JLHqhJY.exe
  2⤵
  PID:9896
- C:\Windows\System\fViClaT.exe
  C:\Windows\System\fViClaT.exe
  2⤵
  PID:9920
- C:\Windows\System\uZjWBUL.exe
  C:\Windows\System\uZjWBUL.exe
  2⤵
  PID:9948
- C:\Windows\System\HJQubHP.exe
  C:\Windows\System\HJQubHP.exe
  2⤵
  PID:9976
- C:\Windows\System\WHKxxrW.exe
  C:\Windows\System\WHKxxrW.exe
  2⤵
  PID:10004
- C:\Windows\System\oUUwNLB.exe
  C:\Windows\System\oUUwNLB.exe
  2⤵
  PID:10036
- C:\Windows\System\LuSaRxU.exe
  C:\Windows\System\LuSaRxU.exe
  2⤵
  PID:10068
- C:\Windows\System\WHlvtBX.exe
  C:\Windows\System\WHlvtBX.exe
  2⤵
  PID:10088
- C:\Windows\System\qTtpAyH.exe
  C:\Windows\System\qTtpAyH.exe
  2⤵
  PID:10112
- C:\Windows\System\oNTTBXd.exe
  C:\Windows\System\oNTTBXd.exe
  2⤵
  PID:10144
- C:\Windows\System\eIVzXLN.exe
  C:\Windows\System\eIVzXLN.exe
  2⤵
  PID:10172
- C:\Windows\System\EdXoXxC.exe
  C:\Windows\System\EdXoXxC.exe
  2⤵
  PID:10200
- C:\Windows\System\sePmCfL.exe
  C:\Windows\System\sePmCfL.exe
  2⤵
  PID:10232
- C:\Windows\System\QwMXWzL.exe
  C:\Windows\System\QwMXWzL.exe
  2⤵
  PID:9240
- C:\Windows\System\PadplEA.exe
  C:\Windows\System\PadplEA.exe
  2⤵
  PID:388
- C:\Windows\System\WHdaNPA.exe
  C:\Windows\System\WHdaNPA.exe
  2⤵
  PID:9376
- C:\Windows\System\JWYeYZZ.exe
  C:\Windows\System\JWYeYZZ.exe
  2⤵
  PID:9448
- C:\Windows\System\ampsvXC.exe
  C:\Windows\System\ampsvXC.exe
  2⤵
  PID:9496
- C:\Windows\System\IUiiAQD.exe
  C:\Windows\System\IUiiAQD.exe
  2⤵
  PID:9548
- C:\Windows\System\euUETlV.exe
  C:\Windows\System\euUETlV.exe
  2⤵
  PID:9580
- C:\Windows\System\sArPZpm.exe
  C:\Windows\System\sArPZpm.exe
  2⤵
  PID:9664
- C:\Windows\System\MdUHnUv.exe
  C:\Windows\System\MdUHnUv.exe
  2⤵
  PID:9728
- C:\Windows\System\WqKykKB.exe
  C:\Windows\System\WqKykKB.exe
  2⤵
  PID:9788
- C:\Windows\System\GqYvUnl.exe
  C:\Windows\System\GqYvUnl.exe
  2⤵
  PID:9860
- C:\Windows\System\QWxMMCf.exe
  C:\Windows\System\QWxMMCf.exe
  2⤵
  PID:9960
- C:\Windows\System\ofLJFws.exe
  C:\Windows\System\ofLJFws.exe
  2⤵
  PID:10032
- C:\Windows\System\IBNpAVH.exe
  C:\Windows\System\IBNpAVH.exe
  2⤵
  PID:10104
- C:\Windows\System\CAmtGxO.exe
  C:\Windows\System\CAmtGxO.exe
  2⤵
  PID:10184
- C:\Windows\System\YcACYAK.exe
  C:\Windows\System\YcACYAK.exe
  2⤵
  PID:10196
- C:\Windows\System\qArEgOv.exe
  C:\Windows\System\qArEgOv.exe
  2⤵
  PID:9520
- C:\Windows\System\GpmtsSg.exe
  C:\Windows\System\GpmtsSg.exe
  2⤵
  PID:9528
- C:\Windows\System\zjsfoXx.exe
  C:\Windows\System\zjsfoXx.exe
  2⤵
  PID:9700
- C:\Windows\System\oXFSiEi.exe
  C:\Windows\System\oXFSiEi.exe
  2⤵
  PID:9736
- C:\Windows\System\MZCcAFi.exe
  C:\Windows\System\MZCcAFi.exe
  2⤵
  PID:9892
- C:\Windows\System\KKWbpSB.exe
  C:\Windows\System\KKWbpSB.exe
  2⤵
  PID:10076
- C:\Windows\System\TKXGjHb.exe
  C:\Windows\System\TKXGjHb.exe
  2⤵
  PID:9232
- C:\Windows\System\SfMTZSF.exe
  C:\Windows\System\SfMTZSF.exe
  2⤵
  PID:8312
- C:\Windows\System\rKQHviU.exe
  C:\Windows\System\rKQHviU.exe
  2⤵
  PID:9492
- C:\Windows\System\WXAaEkq.exe
  C:\Windows\System\WXAaEkq.exe
  2⤵
  PID:10152
- C:\Windows\System\ohMkJpQ.exe
  C:\Windows\System\ohMkJpQ.exe
  2⤵
  PID:9292
- C:\Windows\System\rtBjptW.exe
  C:\Windows\System\rtBjptW.exe
  2⤵
  PID:9348
- C:\Windows\System\oJwePBa.exe
  C:\Windows\System\oJwePBa.exe
  2⤵
  PID:10272
- C:\Windows\System\uxaSkSt.exe
  C:\Windows\System\uxaSkSt.exe
  2⤵
  PID:10300
- C:\Windows\System\omDKDCi.exe
  C:\Windows\System\omDKDCi.exe
  2⤵
  PID:10328
- C:\Windows\System\HVxtpvt.exe
  C:\Windows\System\HVxtpvt.exe
  2⤵
  PID:10356
- C:\Windows\System\dqjKMWm.exe
  C:\Windows\System\dqjKMWm.exe
  2⤵
  PID:10384
- C:\Windows\System\HFFYsHB.exe
  C:\Windows\System\HFFYsHB.exe
  2⤵
  PID:10420
- C:\Windows\System\gevmKwy.exe
  C:\Windows\System\gevmKwy.exe
  2⤵
  PID:10440
- C:\Windows\System\RYTSvbt.exe
  C:\Windows\System\RYTSvbt.exe
  2⤵
  PID:10468
- C:\Windows\System\pvtfekr.exe
  C:\Windows\System\pvtfekr.exe
  2⤵
  PID:10496
- C:\Windows\System\zizzEBY.exe
  C:\Windows\System\zizzEBY.exe
  2⤵
  PID:10532
- C:\Windows\System\vlFEcmi.exe
  C:\Windows\System\vlFEcmi.exe
  2⤵
  PID:10560
- C:\Windows\System\KrOrpXa.exe
  C:\Windows\System\KrOrpXa.exe
  2⤵
  PID:10592
- C:\Windows\System\kPbqtPY.exe
  C:\Windows\System\kPbqtPY.exe
  2⤵
  PID:10612
- C:\Windows\System\mdjgZTq.exe
  C:\Windows\System\mdjgZTq.exe
  2⤵
  PID:10648
- C:\Windows\System\vjrAhjS.exe
  C:\Windows\System\vjrAhjS.exe
  2⤵
  PID:10664
- C:\Windows\System\icqLfyb.exe
  C:\Windows\System\icqLfyb.exe
  2⤵
  PID:10688
- C:\Windows\System\GmdTXtq.exe
  C:\Windows\System\GmdTXtq.exe
  2⤵
  PID:10720
- C:\Windows\System\xYgFAsA.exe
  C:\Windows\System\xYgFAsA.exe
  2⤵
  PID:10756
- C:\Windows\System\ubNxtKy.exe
  C:\Windows\System\ubNxtKy.exe
  2⤵
  PID:10772
- C:\Windows\System\ftkvxXb.exe
  C:\Windows\System\ftkvxXb.exe
  2⤵
  PID:10804
- C:\Windows\System\eoSdQsa.exe
  C:\Windows\System\eoSdQsa.exe
  2⤵
  PID:10840
- C:\Windows\System\jQOEWql.exe
  C:\Windows\System\jQOEWql.exe
  2⤵
  PID:10856
- C:\Windows\System\gHKmXjj.exe
  C:\Windows\System\gHKmXjj.exe
  2⤵
  PID:10888
- C:\Windows\System\IdFGXNn.exe
  C:\Windows\System\IdFGXNn.exe
  2⤵
  PID:10912
- C:\Windows\System\kFykuLy.exe
  C:\Windows\System\kFykuLy.exe
  2⤵
  PID:10932
- C:\Windows\System\EnWdqkK.exe
  C:\Windows\System\EnWdqkK.exe
  2⤵
  PID:10960
- C:\Windows\System\gnVBunq.exe
  C:\Windows\System\gnVBunq.exe
  2⤵
  PID:10996
- C:\Windows\System\kTHNlro.exe
  C:\Windows\System\kTHNlro.exe
  2⤵
  PID:11024
- C:\Windows\System\nBUiIJb.exe
  C:\Windows\System\nBUiIJb.exe
  2⤵
  PID:11056
- C:\Windows\System\QIpziRU.exe
  C:\Windows\System\QIpziRU.exe
  2⤵
  PID:11084
- C:\Windows\System\BmfMEOp.exe
  C:\Windows\System\BmfMEOp.exe
  2⤵
  PID:11120
- C:\Windows\System\RieHhUS.exe
  C:\Windows\System\RieHhUS.exe
  2⤵
  PID:11140
- C:\Windows\System\vqpvvpQ.exe
  C:\Windows\System\vqpvvpQ.exe
  2⤵
  PID:11168
- C:\Windows\System\dcHQglp.exe
  C:\Windows\System\dcHQglp.exe
  2⤵
  PID:11196
- C:\Windows\System\KQiJBWv.exe
  C:\Windows\System\KQiJBWv.exe
  2⤵
  PID:11216
- C:\Windows\System\gPDgWFn.exe
  C:\Windows\System\gPDgWFn.exe
  2⤵
  PID:11240
- C:\Windows\System\obkaEDF.exe
  C:\Windows\System\obkaEDF.exe
  2⤵
  PID:10020
- C:\Windows\System\PFCgqtP.exe
  C:\Windows\System\PFCgqtP.exe
  2⤵
  PID:10288
- C:\Windows\System\qLvJYvm.exe
  C:\Windows\System\qLvJYvm.exe
  2⤵
  PID:10348
- C:\Windows\System\ynuhVmp.exe
  C:\Windows\System\ynuhVmp.exe
  2⤵
  PID:10380
- C:\Windows\System\CDcVbyO.exe
  C:\Windows\System\CDcVbyO.exe
  2⤵
  PID:10460
- C:\Windows\System\BAFTcEP.exe
  C:\Windows\System\BAFTcEP.exe
  2⤵
  PID:10540
- C:\Windows\System\JRyWZzI.exe
  C:\Windows\System\JRyWZzI.exe
  2⤵
  PID:10608
- C:\Windows\System\YbTGTKY.exe
  C:\Windows\System\YbTGTKY.exe
  2⤵
  PID:10656
- C:\Windows\System\oUPVwsk.exe
  C:\Windows\System\oUPVwsk.exe
  2⤵
  PID:10732
- C:\Windows\System\uuRkQVu.exe
  C:\Windows\System\uuRkQVu.exe
  2⤵
  PID:10784
- C:\Windows\System\FgszImN.exe
  C:\Windows\System\FgszImN.exe
  2⤵
  PID:10828
- C:\Windows\System\VThHHAp.exe
  C:\Windows\System\VThHHAp.exe
  2⤵
  PID:10848
- C:\Windows\System\VXcAxHy.exe
  C:\Windows\System\VXcAxHy.exe
  2⤵
  PID:10952
- C:\Windows\System\qvYVYgj.exe
  C:\Windows\System\qvYVYgj.exe
  2⤵
  PID:11012
- C:\Windows\System\rIyQsGl.exe
  C:\Windows\System\rIyQsGl.exe
  2⤵
  PID:11080
- C:\Windows\System\VvpGFWJ.exe
  C:\Windows\System\VvpGFWJ.exe
  2⤵
  PID:11152
- C:\Windows\System\iSRMTsy.exe
  C:\Windows\System\iSRMTsy.exe
  2⤵
  PID:11224
- C:\Windows\System\lGRqLES.exe
  C:\Windows\System\lGRqLES.exe
  2⤵
  PID:10244
- C:\Windows\System\EssCEuu.exe
  C:\Windows\System\EssCEuu.exe
  2⤵
  PID:10400
- C:\Windows\System\LHNWBcx.exe
  C:\Windows\System\LHNWBcx.exe
  2⤵
  PID:10544
- C:\Windows\System\kTzUhBM.exe
  C:\Windows\System\kTzUhBM.exe
  2⤵
  PID:1692
- C:\Windows\System\uiSUegG.exe
  C:\Windows\System\uiSUegG.exe
  2⤵
  PID:10908
- C:\Windows\System\KzLbeVV.exe
  C:\Windows\System\KzLbeVV.exe
  2⤵
  PID:10868
- C:\Windows\System\eoubUnU.exe
  C:\Windows\System\eoubUnU.exe
  2⤵
  PID:11180
- C:\Windows\System\mfToUjm.exe
  C:\Windows\System\mfToUjm.exe
  2⤵
  PID:10572
- C:\Windows\System\suyHPAr.exe
  C:\Windows\System\suyHPAr.exe
  2⤵
  PID:10680
- C:\Windows\System\ZBXicwI.exe
  C:\Windows\System\ZBXicwI.exe
  2⤵
  PID:10972
- C:\Windows\System\VtjflpH.exe
  C:\Windows\System\VtjflpH.exe
  2⤵
  PID:10368
- C:\Windows\System\lifHrka.exe
  C:\Windows\System\lifHrka.exe
  2⤵
  PID:10764
- C:\Windows\System\eUADKMg.exe
  C:\Windows\System\eUADKMg.exe
  2⤵
  PID:11276
- C:\Windows\System\quSwzlA.exe
  C:\Windows\System\quSwzlA.exe
  2⤵
  PID:11308
- C:\Windows\System\WobGhIg.exe
  C:\Windows\System\WobGhIg.exe
  2⤵
  PID:11324
- C:\Windows\System\kaLXSAa.exe
  C:\Windows\System\kaLXSAa.exe
  2⤵
  PID:11356
- C:\Windows\System\Oudehnf.exe
  C:\Windows\System\Oudehnf.exe
  2⤵
  PID:11396
- C:\Windows\System\YJgPqgA.exe
  C:\Windows\System\YJgPqgA.exe
  2⤵
  PID:11424
- C:\Windows\System\yHMZmQx.exe
  C:\Windows\System\yHMZmQx.exe
  2⤵
  PID:11452
- C:\Windows\System\IKKfSae.exe
  C:\Windows\System\IKKfSae.exe
  2⤵
  PID:11480
- C:\Windows\System\FniacnG.exe
  C:\Windows\System\FniacnG.exe
  2⤵
  PID:11512
- C:\Windows\System\qRQpyIQ.exe
  C:\Windows\System\qRQpyIQ.exe
  2⤵
  PID:11544
- C:\Windows\System\sWKKCiA.exe
  C:\Windows\System\sWKKCiA.exe
  2⤵
  PID:11576
- C:\Windows\System\lEFofbJ.exe
  C:\Windows\System\lEFofbJ.exe
  2⤵
  PID:11592
- C:\Windows\System\bhuGUbJ.exe
  C:\Windows\System\bhuGUbJ.exe
  2⤵
  PID:11616
- C:\Windows\System\ESDGBtM.exe
  C:\Windows\System\ESDGBtM.exe
  2⤵
  PID:11644
- C:\Windows\System\tWPoGqz.exe
  C:\Windows\System\tWPoGqz.exe
  2⤵
  PID:11676
- C:\Windows\System\hGazVuJ.exe
  C:\Windows\System\hGazVuJ.exe
  2⤵
  PID:11704
- C:\Windows\System\fuSQdDY.exe
  C:\Windows\System\fuSQdDY.exe
  2⤵
  PID:11728
- C:\Windows\System\xnBoVEV.exe
  C:\Windows\System\xnBoVEV.exe
  2⤵
  PID:11748
- C:\Windows\System\PKryZJN.exe
  C:\Windows\System\PKryZJN.exe
  2⤵
  PID:11784
- C:\Windows\System\pjcWDcX.exe
  C:\Windows\System\pjcWDcX.exe
  2⤵
  PID:11812
- C:\Windows\System\KLPodbm.exe
  C:\Windows\System\KLPodbm.exe
  2⤵
  PID:11836
- C:\Windows\System\FuNUQWc.exe
  C:\Windows\System\FuNUQWc.exe
  2⤵
  PID:11876
- C:\Windows\System\CxklbtZ.exe
  C:\Windows\System\CxklbtZ.exe
  2⤵
  PID:11904
- C:\Windows\System\IiBuAyk.exe
  C:\Windows\System\IiBuAyk.exe
  2⤵
  PID:11932
- C:\Windows\System\ecfXivp.exe
  C:\Windows\System\ecfXivp.exe
  2⤵
  PID:11952
- C:\Windows\System\vurkRVD.exe
  C:\Windows\System\vurkRVD.exe
  2⤵
  PID:11984
- C:\Windows\System\SUllplo.exe
  C:\Windows\System\SUllplo.exe
  2⤵
  PID:12008
- C:\Windows\System\fFaEiqV.exe
  C:\Windows\System\fFaEiqV.exe
  2⤵
  PID:12028
- C:\Windows\System\bjbhbOW.exe
  C:\Windows\System\bjbhbOW.exe
  2⤵
  PID:12052
- C:\Windows\System\pqDIHXv.exe
  C:\Windows\System\pqDIHXv.exe
  2⤵
  PID:12076
- C:\Windows\System\MLwMITE.exe
  C:\Windows\System\MLwMITE.exe
  2⤵
  PID:12120
- C:\Windows\System\KvEcORV.exe
  C:\Windows\System\KvEcORV.exe
  2⤵
  PID:12140
- C:\Windows\System\USIDjYo.exe
  C:\Windows\System\USIDjYo.exe
  2⤵
  PID:12168
- C:\Windows\System\SEdbgWx.exe
  C:\Windows\System\SEdbgWx.exe
  2⤵
  PID:12204
- C:\Windows\System\CkmESlh.exe
  C:\Windows\System\CkmESlh.exe
  2⤵
  PID:12236
- C:\Windows\System\RJFVBDO.exe
  C:\Windows\System\RJFVBDO.exe
  2⤵
  PID:12272
- C:\Windows\System\sAwBIIJ.exe
  C:\Windows\System\sAwBIIJ.exe
  2⤵
  PID:1104
- C:\Windows\System\GlKKdbI.exe
  C:\Windows\System\GlKKdbI.exe
  2⤵
  PID:11376
- C:\Windows\System\hRdXRDs.exe
  C:\Windows\System\hRdXRDs.exe
  2⤵
  PID:2304
- C:\Windows\System\YkfMnDY.exe
  C:\Windows\System\YkfMnDY.exe
  2⤵
  PID:11412
- C:\Windows\System\JaRnLvi.exe
  C:\Windows\System\JaRnLvi.exe
  2⤵
  PID:11500
- C:\Windows\System\SbnqHrZ.exe
  C:\Windows\System\SbnqHrZ.exe
  2⤵
  PID:11528
- C:\Windows\System\LPMCOKL.exe
  C:\Windows\System\LPMCOKL.exe
  2⤵
  PID:11584
- C:\Windows\System\RowbsZw.exe
  C:\Windows\System\RowbsZw.exe
  2⤵
  PID:11628
- C:\Windows\System\dtcbBGl.exe
  C:\Windows\System\dtcbBGl.exe
  2⤵
  PID:11692
- C:\Windows\System\lAxvbCx.exe
  C:\Windows\System\lAxvbCx.exe
  2⤵
  PID:11740
- C:\Windows\System\DmnuxrY.exe
  C:\Windows\System\DmnuxrY.exe
  2⤵
  PID:11792
- C:\Windows\System\tflkmZe.exe
  C:\Windows\System\tflkmZe.exe
  2⤵
  PID:11892
- C:\Windows\System\BYFrLAP.exe
  C:\Windows\System\BYFrLAP.exe
  2⤵
  PID:11976
- C:\Windows\System\LxOnvuw.exe
  C:\Windows\System\LxOnvuw.exe
  2⤵
  PID:12024
- C:\Windows\System\gCiEOPK.exe
  C:\Windows\System\gCiEOPK.exe
  2⤵
  PID:12064
- C:\Windows\System\XHTetWd.exe
  C:\Windows\System\XHTetWd.exe
  2⤵
  PID:12128
- C:\Windows\System\gLhFOnp.exe
  C:\Windows\System\gLhFOnp.exe
  2⤵
  PID:12232
- C:\Windows\System\dCpMXVi.exe
  C:\Windows\System\dCpMXVi.exe
  2⤵
  PID:11268
- C:\Windows\System\mCbJmQb.exe
  C:\Windows\System\mCbJmQb.exe
  2⤵
  PID:4592
- C:\Windows\System\zyYFzmo.exe
  C:\Windows\System\zyYFzmo.exe
  2⤵
  PID:11624
- C:\Windows\System\Hbjvlaz.exe
  C:\Windows\System\Hbjvlaz.exe
  2⤵
  PID:11760
- C:\Windows\System\tgmRCWU.exe
  C:\Windows\System\tgmRCWU.exe
  2⤵
  PID:11828
- C:\Windows\System\Agnonqx.exe
  C:\Windows\System\Agnonqx.exe
  2⤵
  PID:12100
- C:\Windows\System\flAdHlz.exe
  C:\Windows\System\flAdHlz.exe
  2⤵
  PID:11316
- C:\Windows\System\QQQSGfC.exe
  C:\Windows\System\QQQSGfC.exe
  2⤵
  PID:11608
- C:\Windows\System\XiAspEQ.exe
  C:\Windows\System\XiAspEQ.exe
  2⤵
  PID:11600
- C:\Windows\System\rISNvKL.exe
  C:\Windows\System\rISNvKL.exe
  2⤵
  PID:12184
- C:\Windows\System\FUFZclg.exe
  C:\Windows\System\FUFZclg.exe
  2⤵
  PID:12292
- C:\Windows\System\JNrifXT.exe
  C:\Windows\System\JNrifXT.exe
  2⤵
  PID:12308
- C:\Windows\System\EJhPgmb.exe
  C:\Windows\System\EJhPgmb.exe
  2⤵
  PID:12348
- C:\Windows\System\EPIcpkJ.exe
  C:\Windows\System\EPIcpkJ.exe
  2⤵
  PID:12364
- C:\Windows\System\zgusOGF.exe
  C:\Windows\System\zgusOGF.exe
  2⤵
  PID:12392
- C:\Windows\System\fjwlbJv.exe
  C:\Windows\System\fjwlbJv.exe
  2⤵
  PID:12412
- C:\Windows\System\hGyEhYm.exe
  C:\Windows\System\hGyEhYm.exe
  2⤵
  PID:12448
- C:\Windows\System\pMqLDZM.exe
  C:\Windows\System\pMqLDZM.exe
  2⤵
  PID:12484
- C:\Windows\System\GhXpPua.exe
  C:\Windows\System\GhXpPua.exe
  2⤵
  PID:12520
- C:\Windows\System\EDzrWFX.exe
  C:\Windows\System\EDzrWFX.exe
  2⤵
  PID:12540
- C:\Windows\System\XuzIJjw.exe
  C:\Windows\System\XuzIJjw.exe
  2⤵
  PID:12560
- C:\Windows\System\UVDbrOZ.exe
  C:\Windows\System\UVDbrOZ.exe
  2⤵
  PID:12584
- C:\Windows\System\CPwuksZ.exe
  C:\Windows\System\CPwuksZ.exe
  2⤵
  PID:12612
- C:\Windows\System\YEJmzhZ.exe
  C:\Windows\System\YEJmzhZ.exe
  2⤵
  PID:12640
- C:\Windows\System\urlHDeq.exe
  C:\Windows\System\urlHDeq.exe
  2⤵
  PID:12672
- C:\Windows\System\qayNLTn.exe
  C:\Windows\System\qayNLTn.exe
  2⤵
  PID:12692
- C:\Windows\System\yDrYURC.exe
  C:\Windows\System\yDrYURC.exe
  2⤵
  PID:12720
- C:\Windows\System\exZiynw.exe
  C:\Windows\System\exZiynw.exe
  2⤵
  PID:12748
- C:\Windows\System\KkVpCsS.exe
  C:\Windows\System\KkVpCsS.exe
  2⤵
  PID:12780
- C:\Windows\System\NnmDvRE.exe
  C:\Windows\System\NnmDvRE.exe
  2⤵
  PID:12800
- C:\Windows\System\chUugkM.exe
  C:\Windows\System\chUugkM.exe
  2⤵
  PID:12832
- C:\Windows\System\QSdxgtI.exe
  C:\Windows\System\QSdxgtI.exe
  2⤵
  PID:12864
- C:\Windows\System\vAZKkpU.exe
  C:\Windows\System\vAZKkpU.exe
  2⤵
  PID:12904
- C:\Windows\System\uTEsqRz.exe
  C:\Windows\System\uTEsqRz.exe
  2⤵
  PID:12924
- C:\Windows\System\yjbWunm.exe
  C:\Windows\System\yjbWunm.exe
  2⤵
  PID:12956
- C:\Windows\System\BHqEdPI.exe
  C:\Windows\System\BHqEdPI.exe
  2⤵
  PID:12976
- C:\Windows\System\EdoxxBp.exe
  C:\Windows\System\EdoxxBp.exe
  2⤵
  PID:13016
- C:\Windows\System\WQRPPtW.exe
  C:\Windows\System\WQRPPtW.exe
  2⤵
  PID:13044
- C:\Windows\System\knGMffO.exe
  C:\Windows\System\knGMffO.exe
  2⤵
  PID:13072
- C:\Windows\System\xCRAAOJ.exe
  C:\Windows\System\xCRAAOJ.exe
  2⤵
  PID:13096
- C:\Windows\System\hBdvvZh.exe
  C:\Windows\System\hBdvvZh.exe
  2⤵
  PID:13124
- C:\Windows\System\VXAFqaC.exe
  C:\Windows\System\VXAFqaC.exe
  2⤵
  PID:13140
- C:\Windows\System\uIBClIv.exe
  C:\Windows\System\uIBClIv.exe
  2⤵
  PID:13160
- C:\Windows\System\gWdeFGO.exe
  C:\Windows\System\gWdeFGO.exe
  2⤵
  PID:13180
- C:\Windows\System\wPsXjYJ.exe
  C:\Windows\System\wPsXjYJ.exe
  2⤵
  PID:13212
- C:\Windows\System\zdoEjAF.exe
  C:\Windows\System\zdoEjAF.exe
  2⤵
  PID:13240
- C:\Windows\System\OUdLdLH.exe
  C:\Windows\System\OUdLdLH.exe
  2⤵
  PID:13268
- C:\Windows\System\JbFSvdH.exe
  C:\Windows\System\JbFSvdH.exe
  2⤵
  PID:13308
- C:\Windows\System\jKLXFzB.exe
  C:\Windows\System\jKLXFzB.exe
  2⤵
  PID:12260
- C:\Windows\System\TVfooEz.exe
  C:\Windows\System\TVfooEz.exe
  2⤵
  PID:12336
- C:\Windows\System\JJOsVrL.exe
  C:\Windows\System\JJOsVrL.exe
  2⤵
  PID:12420
- C:\Windows\System\bKPSEXB.exe
  C:\Windows\System\bKPSEXB.exe
  2⤵
  PID:12464
- C:\Windows\System\OWMzKav.exe
  C:\Windows\System\OWMzKav.exe
  2⤵
  PID:12552
- C:\Windows\System\xqXvFck.exe
  C:\Windows\System\xqXvFck.exe
  2⤵
  PID:12572
- C:\Windows\System\PCekedc.exe
  C:\Windows\System\PCekedc.exe
  2⤵
  PID:12796
- C:\Windows\System\DtnHjpW.exe
  C:\Windows\System\DtnHjpW.exe
  2⤵
  PID:12808
- C:\Windows\System\pOQlRhV.exe
  C:\Windows\System\pOQlRhV.exe
  2⤵
  PID:12916
- C:\Windows\System\dLDceua.exe
  C:\Windows\System\dLDceua.exe
  2⤵
  PID:12932
- C:\Windows\System\ncSGfFw.exe
  C:\Windows\System\ncSGfFw.exe
  2⤵
  PID:12964
- C:\Windows\System\ovjpRYz.exe
  C:\Windows\System\ovjpRYz.exe
  2⤵
  PID:13036
- C:\Windows\System\VlCcjDu.exe
  C:\Windows\System\VlCcjDu.exe
  2⤵
  PID:13104
- C:\Windows\System\GhDnkmA.exe
  C:\Windows\System\GhDnkmA.exe
  2⤵
  PID:13172
- C:\Windows\System\gqksOkk.exe
  C:\Windows\System\gqksOkk.exe
  2⤵
  PID:13256
- C:\Windows\System\VcgUltz.exe
  C:\Windows\System\VcgUltz.exe
  2⤵
  PID:13224
- C:\Windows\System\gjRSwUP.exe
  C:\Windows\System\gjRSwUP.exe
  2⤵
  PID:12320
- C:\Windows\System\WTbXWMF.exe
  C:\Windows\System\WTbXWMF.exe
  2⤵
  PID:12456
- C:\Windows\System\wdAEpKG.exe
  C:\Windows\System\wdAEpKG.exe
  2⤵
  PID:12608
- C:\Windows\System\VLPeHEo.exe
  C:\Windows\System\VLPeHEo.exe
  2⤵
  PID:2896
- C:\Windows\System\ehJIWtd.exe
  C:\Windows\System\ehJIWtd.exe
  2⤵
  PID:4072
- C:\Windows\System\ihIauPz.exe
  C:\Windows\System\ihIauPz.exe
  2⤵
  PID:12884
- C:\Windows\System\LObxVWA.exe
  C:\Windows\System\LObxVWA.exe
  2⤵
  PID:948
- C:\Windows\System\sjmhyQa.exe
  C:\Windows\System\sjmhyQa.exe
  2⤵
  PID:13064
- C:\Windows\System\ySmANbL.exe
  C:\Windows\System\ySmANbL.exe
  2⤵
  PID:13248
- C:\Windows\System\iMvLULT.exe
  C:\Windows\System\iMvLULT.exe
  2⤵
  PID:11772
- C:\Windows\System\fVmLtdX.exe
  C:\Windows\System\fVmLtdX.exe
  2⤵
  PID:12708
- C:\Windows\System\mVIsCml.exe
  C:\Windows\System\mVIsCml.exe
  2⤵
  PID:12896
- C:\Windows\System\ktfLxRs.exe
  C:\Windows\System\ktfLxRs.exe
  2⤵
  PID:12944
- C:\Windows\System\IOMcuhE.exe
  C:\Windows\System\IOMcuhE.exe
  2⤵
  PID:12548
- C:\Windows\System\exGLFcT.exe
  C:\Windows\System\exGLFcT.exe
  2⤵
  PID:12380
- C:\Windows\System\HYrJGZF.exe
  C:\Windows\System\HYrJGZF.exe
  2⤵
  PID:13332
- C:\Windows\System\SZKNCof.exe
  C:\Windows\System\SZKNCof.exe
  2⤵
  PID:13348
- C:\Windows\System\oMaEPqf.exe
  C:\Windows\System\oMaEPqf.exe
  2⤵
  PID:13368
- C:\Windows\System\KoXDtNI.exe
  C:\Windows\System\KoXDtNI.exe
  2⤵
  PID:13400
- C:\Windows\System\YoiIfHP.exe
  C:\Windows\System\YoiIfHP.exe
  2⤵
  PID:13428
- C:\Windows\System\yLyHQkl.exe
  C:\Windows\System\yLyHQkl.exe
  2⤵
  PID:13460
- C:\Windows\System\PNWgxxH.exe
  C:\Windows\System\PNWgxxH.exe
  2⤵
  PID:13492
- C:\Windows\System\sFpPwgN.exe
  C:\Windows\System\sFpPwgN.exe
  2⤵
  PID:13516
- C:\Windows\System\SQfHoWa.exe
  C:\Windows\System\SQfHoWa.exe
  2⤵
  PID:13552
- C:\Windows\System\BOJIsvH.exe
  C:\Windows\System\BOJIsvH.exe
  2⤵
  PID:13576
- C:\Windows\System\eoqMvob.exe
  C:\Windows\System\eoqMvob.exe
  2⤵
  PID:13604
- C:\Windows\System\yHDiTug.exe
  C:\Windows\System\yHDiTug.exe
  2⤵
  PID:13632
- C:\Windows\System\iTDTNHX.exe
  C:\Windows\System\iTDTNHX.exe
  2⤵
  PID:13668
- C:\Windows\System\RZwOkLg.exe
  C:\Windows\System\RZwOkLg.exe
  2⤵
  PID:13700
- C:\Windows\System\KxoMRzR.exe
  C:\Windows\System\KxoMRzR.exe
  2⤵
  PID:13728
- C:\Windows\System\IBFxfdZ.exe
  C:\Windows\System\IBFxfdZ.exe
  2⤵
  PID:13752
- C:\Windows\System\gdBvcyU.exe
  C:\Windows\System\gdBvcyU.exe
  2⤵
  PID:13792
- C:\Windows\System\yckLjYx.exe
  C:\Windows\System\yckLjYx.exe
  2⤵
  PID:13820
- C:\Windows\System\SHaynqZ.exe
  C:\Windows\System\SHaynqZ.exe
  2⤵
  PID:13848
- C:\Windows\System\HsmvtGX.exe
  C:\Windows\System\HsmvtGX.exe
  2⤵
  PID:13872
- C:\Windows\System\NAyNTLv.exe
  C:\Windows\System\NAyNTLv.exe
  2⤵
  PID:13900
- C:\Windows\System\gYgWVvM.exe
  C:\Windows\System\gYgWVvM.exe
  2⤵
  PID:13928
- C:\Windows\System\UNuilol.exe
  C:\Windows\System\UNuilol.exe
  2⤵
  PID:13972
- C:\Windows\System\hHjTKlC.exe
  C:\Windows\System\hHjTKlC.exe
  2⤵
  PID:13992
- C:\Windows\System\FRTgqwm.exe
  C:\Windows\System\FRTgqwm.exe
  2⤵
  PID:14028
- C:\Windows\System\uOApbeO.exe
  C:\Windows\System\uOApbeO.exe
  2⤵
  PID:14056
- C:\Windows\System\CcKgSJc.exe
  C:\Windows\System\CcKgSJc.exe
  2⤵
  PID:14084
- C:\Windows\System\qODdcEH.exe
  C:\Windows\System\qODdcEH.exe
  2⤵
  PID:14108
- C:\Windows\System\lxVURNs.exe
  C:\Windows\System\lxVURNs.exe
  2⤵
  PID:14136
- C:\Windows\System\CXSzzQn.exe
  C:\Windows\System\CXSzzQn.exe
  2⤵
  PID:14156
- C:\Windows\System\DmHGYkS.exe
  C:\Windows\System\DmHGYkS.exe
  2⤵
  PID:14180
- C:\Windows\System\smFwTsb.exe
  C:\Windows\System\smFwTsb.exe
  2⤵
  PID:14208
- C:\Windows\System\MmmkmNA.exe
  C:\Windows\System\MmmkmNA.exe
  2⤵
  PID:14232
- C:\Windows\System\ZwaiXPa.exe
  C:\Windows\System\ZwaiXPa.exe
  2⤵
  PID:14260
- C:\Windows\System\qEpFRlm.exe
  C:\Windows\System\qEpFRlm.exe
  2⤵
  PID:14280
- C:\Windows\System\kmoGzwI.exe
  C:\Windows\System\kmoGzwI.exe
  2⤵
  PID:14324
- C:\Windows\System\dMKgZPj.exe
  C:\Windows\System\dMKgZPj.exe
  2⤵
  PID:13200
- C:\Windows\System\hddBGyc.exe
  C:\Windows\System\hddBGyc.exe
  2⤵
  PID:32
- C:\Windows\System\labduED.exe
  C:\Windows\System\labduED.exe
  2⤵
  PID:13436
- C:\Windows\System\xjBhfeQ.exe
  C:\Windows\System\xjBhfeQ.exe
  2⤵
  PID:13452
- C:\Windows\System\rtqdNbh.exe
  C:\Windows\System\rtqdNbh.exe
  2⤵
  PID:13536
- C:\Windows\System\SucDlks.exe
  C:\Windows\System\SucDlks.exe
  2⤵
  PID:13628
- C:\Windows\System\IMcroFZ.exe
  C:\Windows\System\IMcroFZ.exe
  2⤵
  PID:13864

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DAUSHTc.exe

Filesize
2.1MB

MD5
f9612dc4c3d1c8307fd18660138fe9d3

SHA1
e09b09d56153a33ffededded8372eb2929e5df46

SHA256
5d8ef65f3cddf59ce69cba500f4f01aae9d9f156e59d09410ab21c00381f9813

SHA512
02afed672a35808aaecc1b909ce1502124bdfe229341d60868e3990c7def94739ce31d2dcc23f3ce8914cb7c41d55123ed5497e6b69dd4081dc7945188c85d51

Download Submit
C:\Windows\System\EWLkPXn.exe

Filesize
2.1MB

MD5
cfbce0d3ec0d213c947098ac7aedfbfc

SHA1
21f8c6bca4f473739c28a14f7f6db49fd8a90dda

SHA256
6e2995331b4e7bd1d585a888176b221832189437a0fc2ffe27ad90838b26f6f0

SHA512
b900684e46ad370276d7587823052e3321430a6ce8dac5b76b125a00e37aabc33aa5ef9c05b958c84a738a023d2cc4f2b3028479c9672d0d0cc8e126d79842df

Download Submit
C:\Windows\System\EuKmqSm.exe

Filesize
2.1MB

MD5
33b6414e5cddb452487f3795c81b890d

SHA1
f0665d732524298cd7f4c97c0cf97b1181d6dae1

SHA256
d474dfd92f881be5d19480ecf9184710e7cc5b011f85a7fc0856aea56008ef8a

SHA512
240ca165d818ba66082787b11f96a4bec0d029e6c89fe6aa1708ad1d0013268a4a2c790a6e177ac1df6633b16de4b4de2c65f4d95113e1fb56256110fd503110

Download Submit
C:\Windows\System\GFrtGTy.exe

Filesize
2.1MB

MD5
f7d543287b300e3765a65a13ae95a239

SHA1
a917b12327830235956cd37816464871fb735999

SHA256
79e83d82a771cf9a382abd4316b1f51c5b4250cd47b333c2f7ea54839cecb5b6

SHA512
f83847c0be956d06f2ec0e22ef1e606b5d50c1630ee017c26c06d41c7b739425d8b7f54db8e9da02789cb30bdca76bf02da8b4ded25fc9bb41d4906e6254d5ca

Download Submit
C:\Windows\System\IIsnjYk.exe

Filesize
2.1MB

MD5
a0abe2b6892acdbc1967eca2548fb034

SHA1
17bcf3243c09f80c6f8157d62941dfe46b657704

SHA256
fe9a57d107c080eb927e52f4429794fa9451376f992b76a64331de35909835f1

SHA512
d4aadfd31b96eacf88f4deb81530a2007756128ab3b36baee2bf04dfd138bafcb3b480c7aae3dbc0e7672d2bc31b833d110f065062e3aa9c03e0bde7067fd432

Download Submit
C:\Windows\System\IRxWZnT.exe

Filesize
2.1MB

MD5
53f6823c0a48c8582405d347e53af6d8

SHA1
64b3b779db68b6403a675bbc91a20bd5ac4f5e2d

SHA256
0a16f8d8cb26d0af1edf66556f9d2a452833311dd3d349b09a91871c419a7aa3

SHA512
813fc4e2a5d0a4f711a66944073b0a33cea3c5b7e7f22177ca97baae6fb92bde9bf223947d7930830a20e939f68969b8ab908abeb6239a3febd8f1c27833d109

Download Submit
C:\Windows\System\OQHlURJ.exe

Filesize
2.1MB

MD5
2a1b1b71082149be36296ec988496876

SHA1
0dc41b43693579c9dc4e6c7c97031e31bece8938

SHA256
e3f11bbfb1557ebd24cd88dacd3f9203e5abf567d73d17562e0c86344d6f6641

SHA512
f16d3f841113f853b4afe4cab7a9fb497e959051033e2d613a04d1e9bf42ba259bcac14c529e5cfcd1458084bfc4c076badb089f41ddde7cde779bafc9c6557a

Download Submit
C:\Windows\System\OdMhsmy.exe

Filesize
2.1MB

MD5
07f76c85fa6ecb2e21b6138d3ebfe570

SHA1
6a835785feccb85ff802a930c6ae695fdfdd3443

SHA256
dff4cf84059956b12253e69c5fdc71f0745143d8bdd6f4e713a303be6f6f16fa

SHA512
745c5ce382adb3a80124bb761348d7d324292b82f32749abf2e2ea7f660b21fb0fe05b8545b3468cdfd68952f8fe365c407f944857c6a0e28769cddbd9f79e72

Download Submit
C:\Windows\System\PHhxSRe.exe

Filesize
2.1MB

MD5
ce6db796e2e4e315b427fd202a537a1b

SHA1
3507e46e2fddf6e263807896aa7d658a402bfa76

SHA256
448d6006b00ff72f10e1e38696b3a6c7e21481aa2387e145198bea5e8d76e3e4

SHA512
94bf32263d6a471fcf2c2fad1af8cb85a43be124d1ac262b56af068c68c2b42e1b8cd83192a32a5f579ee335bb6f4b2b479e43f79e858ae3b18c8c1e6ea74398

Download Submit
C:\Windows\System\RXvmcEN.exe

Filesize
2.1MB

MD5
1e7a7515c43bbb2cd5af5f9991e770b4

SHA1
4569837f68de8de72f3f37600a84ee37a4530d5f

SHA256
109fb5a2d3f0844560222007ca39ca7a51235678e8c6132aeed34e383d3a2907

SHA512
1fee5d41d504c44f481cfc2cf567abdb5e01076294e96c98dda6c279452cb8ec6e07bf15957007dd6cbbbc0ebcba9dc322df9d292ba2abd15edb09bff1ab3539

Download Submit
C:\Windows\System\StNmFxy.exe

Filesize
2.1MB

MD5
eac003797179e2287d67baf23e7935a1

SHA1
a95b4674431ea0aca81254da938ff8cae6c75f32

SHA256
243c7f4d7758ca6f762340a6d1e2e850ab7f5a08fd3b66c7b96de8c04b1ec3d3

SHA512
e4e8fe2816f2a115657d2174aaee5b1bda01d20d4e40de2287caa5ef3cea378ac6308573d6bc5657ca4efae37893769cf317dad6130282b5f758e5c72d5a5847

Download Submit
C:\Windows\System\UDYtOkj.exe

Filesize
2.1MB

MD5
75a56f23c7cefdd14f321fb343215458

SHA1
fabdd2f21246b2f8097a626a16bba1241adb4229

SHA256
663f4d0c59d7627600b7ff73816f98f85bf3c5d9949dcaabcefd6be8afa96bbc

SHA512
a93b1d3c16b0c38c193a49c203c170d162fa2466273693373251bf66de08366ae5150a3d99095a80a802af032eb8bbf73ce4c04bf5de5b1002df54d31e8d04c8

Download Submit
C:\Windows\System\VkphMUO.exe

Filesize
2.1MB

MD5
7ed54713289f9269affd55d34ef7aebc

SHA1
78fef657aa013a9402f130696b60b84ddc2613a8

SHA256
5181b8f8150cdb2d6e0758c15ab024a18b133820e3347d27c7e4ada1d6fdc192

SHA512
cd134f4d606134bde2efdc816443d1fa5766e231202b53bf01ca3884d33a3f261f96779e9ed81f191b76ce572fbbd2dd1a5c034b7463e6c4e523cc2e0e21d467

Download Submit
C:\Windows\System\YEyYXoZ.exe

Filesize
2.1MB

MD5
cf1dabb60d485d982f7431bedb3c632b

SHA1
7fc3941899727cd9225dc7925ef63d83f09f57a0

SHA256
0f87f20736eed871c102c25cfa8edf16bd5520e49783a6a842200793019ec963

SHA512
840a1014470639926f5b9e9162a7d9cfc2e3d204d05b9ba47edaf44a45f9926afd13b40727de664e066af5fee57d2f55c49b4e6115a5e840277f5440dc900e7b

Download Submit
C:\Windows\System\YYKzjVr.exe

Filesize
2.1MB

MD5
fb3a2ec6a9df02be9b48621e41a1329f

SHA1
031a90c9efbd6051206a3ff7fd24d23bf0d4213e

SHA256
77287a7e15b350155f12da85047df50fa4689560d5975fa052403d5dfdd461e4

SHA512
79b8f4705733878d0418d36033fa4c34e748288cad78061fa63bd7ce784ba319ec60a0934d9b9447a1189def51e1e3a912243abd11b2379a647097a1def52402

Download Submit
C:\Windows\System\aNVLLhz.exe

Filesize
2.1MB

MD5
1c05bbf3f3e0e42fb47e4b52956fcb0a

SHA1
3f029119ef413ce8626d79909a672cea2bf1786b

SHA256
b9d042c771461185b9f0c97c31c817d1c607416266b3c0f8bdd38d22ea4b8ce5

SHA512
5b180e03b449046300a775efdc3c08f6ea58a19aef69dff8f9efd6b74fc238067c753b7dc868014875b2b78ef6864e93b857e7d5fdb8f4ab2ac9ab921ef68224

Download Submit
C:\Windows\System\bDyGzfY.exe

Filesize
2.1MB

MD5
c662136315cacb0d84eabe6528362dff

SHA1
9d441e8ac722728d49cef0f0c394efcb1b98156c

SHA256
6b9334fbebdb7e242b33547d183b2e46b8961ecb9e81bde63db65ab0d9672720

SHA512
800084fdf7cbf0d847e76996e51a0b80627ba882782c866fec53cc1ddffa5ae30bdf387c64d5878ccd22f500757ddd25d6e070c3ec9e57e2b399cc3982fb4649

Download Submit
C:\Windows\System\bXewpQE.exe

Filesize
2.1MB

MD5
ee605689042dbf87336d629de132bed3

SHA1
8bc1d6ca2450a96987709ac844c4717dfe82422a

SHA256
3637f716077510caaea998b7caf6d6c2e1b86018435eb58f54cd5eeaf154b52d

SHA512
2462908ccc35076ce7ad4eb314ae9c525e1f95064e35c56d9f363bd8aa85bab2eca3c5332b4074f83febd06565a57249debaf87de4510428e1853cdbba6d4a17

Download Submit
C:\Windows\System\cpJwtRK.exe

Filesize
2.1MB

MD5
6537b444cdcb75eced456d28af5ed7b7

SHA1
eeb6301e54c1824294d99c19b0ef2de28a0cf376

SHA256
3ef946194118c263107806c51a35c3d691c61d51d4e4ee516c515a8836241198

SHA512
f250db28b6f26a76c661b9bf349e24104cdc0cd90388781d7f830e03235b8536e81597a12a2d8efe5676d05e5a40f53be652ce08daee6bd133a3603f757733c9

Download Submit
C:\Windows\System\dFPcvle.exe

Filesize
2.1MB

MD5
d453286b701594319a8647022c966423

SHA1
85903411269aa2de45c668b9c08e42bfd23da2ed

SHA256
e4215df560796fa3dd186b537e2635fb5474a7c5d8db581664d5fda0ae1ec054

SHA512
6fc23a181c8b2cdff2ae7e1a79335cead51b6176104e2b6c3893b0c5b3fcad99c0e1fef6451d4bb708a8c1b565260df6bcd59eae8633db3046b698c4e65c2aee

Download Submit
C:\Windows\System\dGYOmzZ.exe

Filesize
2.1MB

MD5
6c5295456090b7db3c1911f29ca18930

SHA1
ab2512a6b803ae4c629c566eb972f515cf6dc3e0

SHA256
13cf75e6bd26a00f44b4e320ce78d482b3e8d8e2f123ef29f06bf7b455c5aff1

SHA512
3a8bb73dc78d7d80f034b28d6d350192a3e548c072aa4efb6a3d36a67414dfb00a9fba4d53dc4a5ebc1370cfa60502c92e0dd347ef09ba444203f70c2725c430

Download Submit
C:\Windows\System\dWDjlbK.exe

Filesize
2.1MB

MD5
9d9deb9cf7283adad34cafb10bffd0c1

SHA1
f628644a54bfd80e6fe15b873a7306ee7aedf491

SHA256
1d1198426506fa908dd65bc2395f87ce259380a1f0eb30135ddc901add0a5009

SHA512
73aedddada835d9b24d27785e0b16991c009da84fd003981aaafcf3a5a01fa0420165298e3cf21b195a98465fac7c218f29a21555770eaf4871b853bd61e9998

Download Submit
C:\Windows\System\gGyhTGU.exe

Filesize
2.1MB

MD5
a62772812226f98f5e16e13ce4183fa9

SHA1
457244a35472024631b207592452f2a02f73db00

SHA256
a6212b80d78dcd9d6cdaa16221fa5029ca0c2539e3ee2b2cd9010e986ba65d8a

SHA512
0a28684e198eaab1922bf293fc711f61aa3326f9988099c69f0e06618b44d5425cdcf30cf15f4e1e327b4c6c6560f0d9a9e4ce575349ffb6df39d31f8bf06797

Download Submit
C:\Windows\System\huxpXeF.exe

Filesize
2.1MB

MD5
f15e8974ea14f6c8f0cf2b4d556d12b2

SHA1
666cbafa35899697a04cba7b792b7819c9b0d3d9

SHA256
fe7b52d2d9929caabe4f8afe266e6913e6350f37b0f3928bc082daeedc10781a

SHA512
3d5a1f0447fb25cf1f46571ffa7b75b165884ecd36d9810fa5912a0d1c957759d4057b5e7a2524c5d89e957fdf9708e2410de0283103db4f4e62ed4468ab7756

Download Submit
C:\Windows\System\iZsTIaZ.exe

Filesize
2.1MB

MD5
007413f25953cc1a13de7f64e7d337d8

SHA1
b6e2201258b4e31bd97e67237eb7979985588248

SHA256
f5cafe46de740e93a66fc5598b7a64f6cd46e49deee3b497cfc011f866344835

SHA512
eccd3af4d5a817abf69292edb7513841526fb56577b2219c14ab19544bfeb1efe4d18214dedea71ce85d4873c26e2775fbb253f7451871cb74925d2893509783

Download Submit
C:\Windows\System\ktaEHTE.exe

Filesize
2.1MB

MD5
722c67246f2a0c38beea3b9ebf6b09b3

SHA1
07b954203681573cef20e6b9020387987820c727

SHA256
74e08114ff8618f5818efd221b2760d60d379fc139dbecc1b7cf17a91959986f

SHA512
0510746af191619c709b464e006ae2528a217c4ea4b9b7be1c902e79b82fa66ae94982450f459f6d0346da78722d8db96bbb672310a31ddc8e034b522f553ee6

Download Submit
C:\Windows\System\lSGrgNn.exe

Filesize
2.1MB

MD5
d1fcbd5d72348d97d418f1d98076b887

SHA1
7ebbebb942dcc8fb80c564c1d21567f6074db5ca

SHA256
4c92314d29991c66a4c6f7f6820d40d1683d2065ef653054c40b384f076bb3f9

SHA512
1c11c2c913a9039b8b14bc28c89c1f7387234c2fd5a20428b0e45862b577e43186b7d6aa1736dec3b0b7824888052ea5de1217e382e7e338716ec3c91f641586

Download Submit
C:\Windows\System\qvqoUwh.exe

Filesize
2.1MB

MD5
010580989f4ec72023d64c01c436fb2a

SHA1
ff9870e4b14b020eb49a7a5d446161ce683cea9f

SHA256
5536c07f59ad45d24a58a9524f21cd6ae5b22db0b3ce6cb29c8f07aba4c657f1

SHA512
f7d1236fae90082f5d9502f04483ca2fe5104b92050849170a2f74752fec3928f8b2a91eb769672847de661d89390ef8333dd7d5a00b4fcde5709358646e5dd6

Download Submit
C:\Windows\System\uCjUXui.exe

Filesize
2.1MB

MD5
4dd6f7010eb793c99529fc947658fa52

SHA1
67233db9088de1c7c740fe86d103c17fa0eaddb7

SHA256
ce24b0215e005e03053d1e31495c895e655a371cd934751cd832ee091b950e39

SHA512
7e93407194bf166328035406dc15044518de26a6e332a88f3b5b83e8d53289a568361659d04e73915adda22f158fa03db6f906c1dca25f5f18240fc57ea5b0b7

Download Submit
C:\Windows\System\utZGKZO.exe

Filesize
2.1MB

MD5
a2db40f8fe36323c55504d864a3c4b29

SHA1
686171ec23edbf58fb6978a9c066c1651c824b33

SHA256
6ebdec8d7c3bada3cc16c49b883a2ce40392dd1b988c70b13511610ea4a2074b

SHA512
0b8e3f01dc74b694015abba53f678a78bce8aa46601474cd292562a000c09fdf5356e771fe145f257e1319c73622a6f5b7892e7b267da76ee0ec78463755f4a4

Download Submit
C:\Windows\System\vJDoths.exe

Filesize
2.1MB

MD5
9a09cd31e57486a2276dc6cfaaf2f866

SHA1
43f6173feb0eafc621305c3aa9e9cba732d98f3c

SHA256
63f315d50a710874c0fcf64c12fd7e6bafd0a533aa8adc768c05e9fd8669f2c8

SHA512
7c4626fc980481411626156de671cd9ed8dc1a41d33b57df17a9ffb2faa0daeec113d94deb8de7c3b106659306fe05443603ab52a99c7397ecb0a36e2cd970a7

Download Submit
C:\Windows\System\xEcteBM.exe

Filesize
2.1MB

MD5
39bb4b24969b13d6fe79a2d39d9fb0a1

SHA1
dfe37035aa839f26f4cf574f12ae7297d5ac3389

SHA256
0cb668e8e2f95b850ed3dd0b5dd872f1cf3d608459a9813e93de9ec62de0aaa6

SHA512
17631866cf3af33953428a2dec6d926deb3a8fe773fb34b78805c8a3e6a12b5f5934ab98314c534f2d961aca1a317234d58c7b12bfcc7adae0257450ba72088d

Download Submit
C:\Windows\System\xmlvZXu.exe

Filesize
2.1MB

MD5
57d8bc0ee80a7957a3991e1ddc15908e

SHA1
863d19d6e282eb015265d0b9d25eb7fbf6bc522b

SHA256
121eae4323940be9d71759371552560e74154140405f0b1fb69f550ff7f30ad9

SHA512
e2bab226bd0ad22e956869fe1e7b2fb5a4516547459f61e8e92fb0faeffe84180b7e0d69e59925bcfbb3cc0d52633086dafa5446c9a811703f2ac46b9849ebe3

Download Submit
C:\Windows\System\yWiXWVe.exe

Filesize
2.1MB

MD5
9b1c2477b0ec2ccf9a3821ee9b153ef2

SHA1
219af9c8446aa560e7d2a058cb6f01974a7368e2

SHA256
de9e32d909997887685435182b0727374568e9cfe477dde58818240cbba2fbdd

SHA512
5f96b9e3bf124abc2245def4660abfa52050d1767c81931893a4dcf8c9214fe9de949c9752043d82bb1a128a3504823c35870cd175b5e35457417adab9167456

Download Submit
memory/512-44-0x00007FF638D90000-0x00007FF6390E4000-memory.dmp

Filesize
3.3MB

Download
memory/512-2127-0x00007FF638D90000-0x00007FF6390E4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-2135-0x00007FF6389A0000-0x00007FF638CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-140-0x00007FF6389A0000-0x00007FF638CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-2130-0x00007FF7EFD90000-0x00007FF7F00E4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-45-0x00007FF7EFD90000-0x00007FF7F00E4000-memory.dmp

Filesize
3.3MB

Download
memory/1436-2119-0x00007FF7EFD90000-0x00007FF7F00E4000-memory.dmp

Filesize
3.3MB

Download
memory/1464-2136-0x00007FF7253B0000-0x00007FF725704000-memory.dmp

Filesize
3.3MB

Download
memory/1464-118-0x00007FF7253B0000-0x00007FF725704000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2145-0x00007FF709810000-0x00007FF709B64000-memory.dmp

Filesize
3.3MB

Download
memory/1580-166-0x00007FF709810000-0x00007FF709B64000-memory.dmp

Filesize
3.3MB

Download
memory/2088-23-0x00007FF760F60000-0x00007FF7612B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-2123-0x00007FF760F60000-0x00007FF7612B4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-1-0x000001977FC60000-0x000001977FC70000-memory.dmp

Filesize
64KB

Download
memory/2184-1621-0x00007FF6B1060000-0x00007FF6B13B4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-0-0x00007FF6B1060000-0x00007FF6B13B4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-163-0x00007FF7EE530000-0x00007FF7EE884000-memory.dmp

Filesize
3.3MB

Download
memory/2220-2144-0x00007FF7EE530000-0x00007FF7EE884000-memory.dmp

Filesize
3.3MB

Download
memory/2260-2140-0x00007FF7C7090000-0x00007FF7C73E4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-167-0x00007FF7C7090000-0x00007FF7C73E4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-33-0x00007FF76EA00000-0x00007FF76ED54000-memory.dmp

Filesize
3.3MB

Download
memory/2664-2118-0x00007FF76EA00000-0x00007FF76ED54000-memory.dmp

Filesize
3.3MB

Download
memory/2664-2126-0x00007FF76EA00000-0x00007FF76ED54000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2124-0x00007FF7D6A90000-0x00007FF7D6DE4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-43-0x00007FF7D6A90000-0x00007FF7D6DE4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2121-0x00007FF6B0690000-0x00007FF6B09E4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-72-0x00007FF6B0690000-0x00007FF6B09E4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2129-0x00007FF6B0690000-0x00007FF6B09E4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-131-0x00007FF6F5240000-0x00007FF6F5594000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2134-0x00007FF6F5240000-0x00007FF6F5594000-memory.dmp

Filesize
3.3MB

Download
memory/3108-170-0x00007FF78B6C0000-0x00007FF78BA14000-memory.dmp

Filesize
3.3MB

Download
memory/3108-2147-0x00007FF78B6C0000-0x00007FF78BA14000-memory.dmp

Filesize
3.3MB

Download
memory/3452-2132-0x00007FF674710000-0x00007FF674A64000-memory.dmp

Filesize
3.3MB

Download
memory/3452-76-0x00007FF674710000-0x00007FF674A64000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2131-0x00007FF64A950000-0x00007FF64ACA4000-memory.dmp

Filesize
3.3MB

Download
memory/3512-96-0x00007FF64A950000-0x00007FF64ACA4000-memory.dmp

Filesize
3.3MB

Download
memory/3552-160-0x00007FF7D4C10000-0x00007FF7D4F64000-memory.dmp

Filesize
3.3MB

Download
memory/3552-2149-0x00007FF7D4C10000-0x00007FF7D4F64000-memory.dmp

Filesize
3.3MB

Download
memory/4064-2139-0x00007FF79AE50000-0x00007FF79B1A4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-159-0x00007FF79AE50000-0x00007FF79B1A4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-168-0x00007FF61C240000-0x00007FF61C594000-memory.dmp

Filesize
3.3MB

Download
memory/4312-2133-0x00007FF61C240000-0x00007FF61C594000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2137-0x00007FF773B10000-0x00007FF773E64000-memory.dmp

Filesize
3.3MB

Download
memory/4584-141-0x00007FF773B10000-0x00007FF773E64000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2150-0x00007FF6EF1D0000-0x00007FF6EF524000-memory.dmp

Filesize
3.3MB

Download
memory/4608-162-0x00007FF6EF1D0000-0x00007FF6EF524000-memory.dmp

Filesize
3.3MB

Download
memory/4612-2148-0x00007FF6A4F80000-0x00007FF6A52D4000-memory.dmp

Filesize
3.3MB

Download
memory/4612-233-0x00007FF6A4F80000-0x00007FF6A52D4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-2141-0x00007FF764710000-0x00007FF764A64000-memory.dmp

Filesize
3.3MB

Download
memory/4620-169-0x00007FF764710000-0x00007FF764A64000-memory.dmp

Filesize
3.3MB

Download
memory/4764-165-0x00007FF7ACC40000-0x00007FF7ACF94000-memory.dmp

Filesize
3.3MB

Download
memory/4764-2142-0x00007FF7ACC40000-0x00007FF7ACF94000-memory.dmp

Filesize
3.3MB

Download
memory/4772-2128-0x00007FF79BBA0000-0x00007FF79BEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-2120-0x00007FF79BBA0000-0x00007FF79BEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4772-51-0x00007FF79BBA0000-0x00007FF79BEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-40-0x00007FF671B80000-0x00007FF671ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2125-0x00007FF671B80000-0x00007FF671ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4896-2122-0x00007FF7D7AE0000-0x00007FF7D7E34000-memory.dmp

Filesize
3.3MB

Download
memory/4896-9-0x00007FF7D7AE0000-0x00007FF7D7E34000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2146-0x00007FF7F34D0000-0x00007FF7F3824000-memory.dmp

Filesize
3.3MB

Download
memory/4940-161-0x00007FF7F34D0000-0x00007FF7F3824000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2138-0x00007FF7F55C0000-0x00007FF7F5914000-memory.dmp

Filesize
3.3MB

Download
memory/4944-158-0x00007FF7F55C0000-0x00007FF7F5914000-memory.dmp

Filesize
3.3MB

Download
memory/5032-2143-0x00007FF7BE820000-0x00007FF7BEB74000-memory.dmp

Filesize
3.3MB

Download
memory/5032-164-0x00007FF7BE820000-0x00007FF7BEB74000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads