xmrig | fecf0a202543bca1a74d7a2fcc17d737ff459fd3e6688e7a9e5f127670c7d407

Analysis

max time kernel
149s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
Size

1.8MB
MD5

206821546cdf9b91063b44463f1903c0
SHA1

fadfe6a7c0803452909b0dc2b986e6ad85716b34
SHA256

fecf0a202543bca1a74d7a2fcc17d737ff459fd3e6688e7a9e5f127670c7d407
SHA512

11c9dd01ec6115f7c557449a2510c7804348c7a12234fa22952153acf395bb7d58947ac8f4389ca8f362742d2bb0582b3e1bbf787c28a51cc818141aabc402f1
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AKavC2b:BemTLkNdfE0pZrI

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4820-0-0x00007FF7A4630000-0x00007FF7A4984000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-10.dat	xmrig
behavioral2/files/0x0007000000023421-17.dat	xmrig
behavioral2/files/0x0007000000023425-41.dat	xmrig
behavioral2/files/0x0007000000023429-62.dat	xmrig
behavioral2/files/0x000700000002342c-78.dat	xmrig
behavioral2/memory/1332-84-0x00007FF675840000-0x00007FF675B94000-memory.dmp	xmrig
behavioral2/memory/4916-116-0x00007FF6E8790000-0x00007FF6E8AE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-131.dat	xmrig
behavioral2/files/0x0007000000023439-150.dat	xmrig
behavioral2/memory/544-502-0x00007FF7AB660000-0x00007FF7AB9B4000-memory.dmp	xmrig
behavioral2/memory/4396-513-0x00007FF748200000-0x00007FF748554000-memory.dmp	xmrig
behavioral2/memory/2788-518-0x00007FF6C3C70000-0x00007FF6C3FC4000-memory.dmp	xmrig
behavioral2/memory/332-525-0x00007FF6A8C00000-0x00007FF6A8F54000-memory.dmp	xmrig
behavioral2/memory/2228-531-0x00007FF6C90D0000-0x00007FF6C9424000-memory.dmp	xmrig
behavioral2/memory/2272-532-0x00007FF625C50000-0x00007FF625FA4000-memory.dmp	xmrig
behavioral2/memory/1032-530-0x00007FF787320000-0x00007FF787674000-memory.dmp	xmrig
behavioral2/memory/816-526-0x00007FF6F9BC0000-0x00007FF6F9F14000-memory.dmp	xmrig
behavioral2/memory/2908-524-0x00007FF7BB6B0000-0x00007FF7BBA04000-memory.dmp	xmrig
behavioral2/memory/2072-520-0x00007FF7D08E0000-0x00007FF7D0C34000-memory.dmp	xmrig
behavioral2/memory/316-517-0x00007FF7AB2F0000-0x00007FF7AB644000-memory.dmp	xmrig
behavioral2/memory/1612-1707-0x00007FF7E3710000-0x00007FF7E3A64000-memory.dmp	xmrig
behavioral2/memory/2104-2112-0x00007FF612FF0000-0x00007FF613344000-memory.dmp	xmrig
behavioral2/memory/3388-934-0x00007FF7670A0000-0x00007FF7673F4000-memory.dmp	xmrig
behavioral2/memory/4820-931-0x00007FF7A4630000-0x00007FF7A4984000-memory.dmp	xmrig
behavioral2/memory/2596-2113-0x00007FF72EB40000-0x00007FF72EE94000-memory.dmp	xmrig
behavioral2/memory/3584-508-0x00007FF6676B0000-0x00007FF667A04000-memory.dmp	xmrig
behavioral2/memory/1792-499-0x00007FF748810000-0x00007FF748B64000-memory.dmp	xmrig
behavioral2/memory/3148-494-0x00007FF758380000-0x00007FF7586D4000-memory.dmp	xmrig
behavioral2/memory/4340-2114-0x00007FF6792C0000-0x00007FF679614000-memory.dmp	xmrig
behavioral2/memory/1676-2116-0x00007FF6A5800000-0x00007FF6A5B54000-memory.dmp	xmrig
behavioral2/memory/4916-2115-0x00007FF6E8790000-0x00007FF6E8AE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343f-178.dat	xmrig
behavioral2/files/0x000700000002343d-174.dat	xmrig
behavioral2/files/0x000700000002343e-173.dat	xmrig
behavioral2/files/0x000700000002343c-168.dat	xmrig
behavioral2/files/0x000700000002343b-164.dat	xmrig
behavioral2/files/0x000700000002343a-158.dat	xmrig
behavioral2/files/0x0007000000023438-146.dat	xmrig
behavioral2/files/0x0007000000023437-141.dat	xmrig
behavioral2/files/0x0007000000023436-136.dat	xmrig
behavioral2/files/0x0007000000023432-128.dat	xmrig
behavioral2/files/0x0007000000023433-127.dat	xmrig
behavioral2/memory/1676-123-0x00007FF6A5800000-0x00007FF6A5B54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-126.dat	xmrig
behavioral2/files/0x0007000000023431-124.dat	xmrig
behavioral2/files/0x0007000000023434-118.dat	xmrig
behavioral2/files/0x000700000002342f-110.dat	xmrig
behavioral2/files/0x000700000002342e-107.dat	xmrig
behavioral2/memory/4340-104-0x00007FF6792C0000-0x00007FF679614000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-100.dat	xmrig
behavioral2/memory/4164-91-0x00007FF61FA80000-0x00007FF61FDD4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-95.dat	xmrig
behavioral2/memory/2616-81-0x00007FF6CA6A0000-0x00007FF6CA9F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-88.dat	xmrig
behavioral2/files/0x000700000002342a-75.dat	xmrig
behavioral2/files/0x000700000002342b-71.dat	xmrig
behavioral2/files/0x0007000000023427-69.dat	xmrig
behavioral2/memory/2104-66-0x00007FF612FF0000-0x00007FF613344000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-54.dat	xmrig
behavioral2/files/0x0007000000023426-51.dat	xmrig
behavioral2/memory/2596-56-0x00007FF72EB40000-0x00007FF72EE94000-memory.dmp	xmrig
behavioral2/memory/2100-49-0x00007FF773560000-0x00007FF7738B4000-memory.dmp	xmrig
behavioral2/memory/2920-42-0x00007FF619510000-0x00007FF619864000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3388	WImhKkC.exe
716	WgnfUap.exe
1816	wTXRHav.exe
1612	pthedvk.exe
364	dOftAID.exe
2920	RdOOEnq.exe
2100	MecscBo.exe
2596	iPxvgSv.exe
2616	wAZKQan.exe
2104	FdxbZGu.exe
1332	HJJGDia.exe
2072	OIBlKoM.exe
4164	ACvBEVH.exe
2908	fZTuora.exe
4340	GrclTcC.exe
332	dSXsUEc.exe
4916	ciCYlpq.exe
816	MbjNJXe.exe
1676	gkeDPhJ.exe
1032	AyKJsur.exe
3148	bxggXvO.exe
2228	qKEYLMF.exe
1792	soiDJbZ.exe
544	ZezGIdp.exe
3584	GqsBTzS.exe
4396	nBAtilR.exe
2272	jCVBrID.exe
316	YWQkGDY.exe
2788	wJwuJNI.exe
2176	cYeDnPK.exe
2692	RbRfPUe.exe
3760	skhJusW.exe
2964	BvlFJFL.exe
2244	vJTvqlV.exe
3456	EqlBbnu.exe
2028	GYEwnPC.exe
2600	itjlIeF.exe
524	KgDuefT.exe
3648	lZVjAAK.exe
4936	HUpcjvg.exe
4148	ffLYxkz.exe
2636	ooJlefk.exe
3028	HNKcsnC.exe
4484	cdjaokR.exe
528	JAPyODP.exe
2632	HCoMJkE.exe
1984	BHHwULl.exe
4260	LUXwFro.exe
1068	ROZMgvv.exe
2364	RWvoxsv.exe
400	NSeAKER.exe
2008	wKaVCIe.exe
5000	NgOvXQJ.exe
4240	UhQJUWO.exe
3720	uzODMwV.exe
3184	QkPWEAz.exe
944	bbDmFRv.exe
432	irVdtDX.exe
992	EFuqGOQ.exe
4696	AozQPrt.exe
1900	VsEecJk.exe
3284	ZCqiKiP.exe
2468	hzECHQx.exe
1772	CTLYzcc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4820-0-0x00007FF7A4630000-0x00007FF7A4984000-memory.dmp	upx
behavioral2/files/0x0007000000023420-10.dat	upx
behavioral2/files/0x0007000000023421-17.dat	upx
behavioral2/files/0x0007000000023425-41.dat	upx
behavioral2/files/0x0007000000023429-62.dat	upx
behavioral2/files/0x000700000002342c-78.dat	upx
behavioral2/memory/1332-84-0x00007FF675840000-0x00007FF675B94000-memory.dmp	upx
behavioral2/memory/4916-116-0x00007FF6E8790000-0x00007FF6E8AE4000-memory.dmp	upx
behavioral2/files/0x0007000000023435-131.dat	upx
behavioral2/files/0x0007000000023439-150.dat	upx
behavioral2/memory/544-502-0x00007FF7AB660000-0x00007FF7AB9B4000-memory.dmp	upx
behavioral2/memory/4396-513-0x00007FF748200000-0x00007FF748554000-memory.dmp	upx
behavioral2/memory/2788-518-0x00007FF6C3C70000-0x00007FF6C3FC4000-memory.dmp	upx
behavioral2/memory/332-525-0x00007FF6A8C00000-0x00007FF6A8F54000-memory.dmp	upx
behavioral2/memory/2228-531-0x00007FF6C90D0000-0x00007FF6C9424000-memory.dmp	upx
behavioral2/memory/2272-532-0x00007FF625C50000-0x00007FF625FA4000-memory.dmp	upx
behavioral2/memory/1032-530-0x00007FF787320000-0x00007FF787674000-memory.dmp	upx
behavioral2/memory/816-526-0x00007FF6F9BC0000-0x00007FF6F9F14000-memory.dmp	upx
behavioral2/memory/2908-524-0x00007FF7BB6B0000-0x00007FF7BBA04000-memory.dmp	upx
behavioral2/memory/2072-520-0x00007FF7D08E0000-0x00007FF7D0C34000-memory.dmp	upx
behavioral2/memory/316-517-0x00007FF7AB2F0000-0x00007FF7AB644000-memory.dmp	upx
behavioral2/memory/1612-1707-0x00007FF7E3710000-0x00007FF7E3A64000-memory.dmp	upx
behavioral2/memory/2104-2112-0x00007FF612FF0000-0x00007FF613344000-memory.dmp	upx
behavioral2/memory/3388-934-0x00007FF7670A0000-0x00007FF7673F4000-memory.dmp	upx
behavioral2/memory/4820-931-0x00007FF7A4630000-0x00007FF7A4984000-memory.dmp	upx
behavioral2/memory/2596-2113-0x00007FF72EB40000-0x00007FF72EE94000-memory.dmp	upx
behavioral2/memory/3584-508-0x00007FF6676B0000-0x00007FF667A04000-memory.dmp	upx
behavioral2/memory/1792-499-0x00007FF748810000-0x00007FF748B64000-memory.dmp	upx
behavioral2/memory/3148-494-0x00007FF758380000-0x00007FF7586D4000-memory.dmp	upx
behavioral2/memory/4340-2114-0x00007FF6792C0000-0x00007FF679614000-memory.dmp	upx
behavioral2/memory/1676-2116-0x00007FF6A5800000-0x00007FF6A5B54000-memory.dmp	upx
behavioral2/memory/4916-2115-0x00007FF6E8790000-0x00007FF6E8AE4000-memory.dmp	upx
behavioral2/files/0x000700000002343f-178.dat	upx
behavioral2/files/0x000700000002343d-174.dat	upx
behavioral2/files/0x000700000002343e-173.dat	upx
behavioral2/files/0x000700000002343c-168.dat	upx
behavioral2/files/0x000700000002343b-164.dat	upx
behavioral2/files/0x000700000002343a-158.dat	upx
behavioral2/files/0x0007000000023438-146.dat	upx
behavioral2/files/0x0007000000023437-141.dat	upx
behavioral2/files/0x0007000000023436-136.dat	upx
behavioral2/files/0x0007000000023432-128.dat	upx
behavioral2/files/0x0007000000023433-127.dat	upx
behavioral2/memory/1676-123-0x00007FF6A5800000-0x00007FF6A5B54000-memory.dmp	upx
behavioral2/files/0x0007000000023435-126.dat	upx
behavioral2/files/0x0007000000023431-124.dat	upx
behavioral2/files/0x0007000000023434-118.dat	upx
behavioral2/files/0x000700000002342f-110.dat	upx
behavioral2/files/0x000700000002342e-107.dat	upx
behavioral2/memory/4340-104-0x00007FF6792C0000-0x00007FF679614000-memory.dmp	upx
behavioral2/files/0x0007000000023430-100.dat	upx
behavioral2/memory/4164-91-0x00007FF61FA80000-0x00007FF61FDD4000-memory.dmp	upx
behavioral2/files/0x000700000002342d-95.dat	upx
behavioral2/memory/2616-81-0x00007FF6CA6A0000-0x00007FF6CA9F4000-memory.dmp	upx
behavioral2/files/0x000700000002342b-88.dat	upx
behavioral2/files/0x000700000002342a-75.dat	upx
behavioral2/files/0x000700000002342b-71.dat	upx
behavioral2/files/0x0007000000023427-69.dat	upx
behavioral2/memory/2104-66-0x00007FF612FF0000-0x00007FF613344000-memory.dmp	upx
behavioral2/files/0x0007000000023428-54.dat	upx
behavioral2/files/0x0007000000023426-51.dat	upx
behavioral2/memory/2596-56-0x00007FF72EB40000-0x00007FF72EE94000-memory.dmp	upx
behavioral2/memory/2100-49-0x00007FF773560000-0x00007FF7738B4000-memory.dmp	upx
behavioral2/memory/2920-42-0x00007FF619510000-0x00007FF619864000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JfdlKWF.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\tsyVtVp.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\zjGtTxO.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\CTEpfUC.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\xnzMUik.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\ghvunHY.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZezGIdp.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\fCIlKMo.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\sFwEVMf.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\nhFIbPA.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\kgGpwxU.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\cFycZOK.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\rirwwRU.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\upGMkNY.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\VbTeGlg.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\MNDNaRQ.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\ytaLLwq.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\OIBlKoM.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\PhUrftp.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\VRpCjOY.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\mIDZtSt.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\elfpiPg.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\iQgLowN.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\IiIiPTY.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\KQUPBec.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\OxjWjaj.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\hjXUpGp.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\bvjPEnb.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\oIQiriq.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\bqebLmx.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\qQHdNVR.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\uzODMwV.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\iohrmFo.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\XhKppOU.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\zSOSqHB.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\muohylf.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\GfxSRMR.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\nZpfqJH.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\EOiYrzz.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\rIJIvua.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\oTHADbI.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\bAZzIwd.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\zONxXYR.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\AhytJmn.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\HUoWEGJ.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\VAqXIwp.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\juoJaaH.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZgqrSMB.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\VDgfeEq.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\MmxNXkJ.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\DOldbBR.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\KgDuefT.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\EUxElxC.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\MdADejX.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\eNabzUF.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\AknrcdG.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\xxpGjXr.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\BOZpgyH.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\kqKugNH.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\FAGJyeO.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\rLHdfcy.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\tHTgWLq.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\VSXfglg.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
File created	C:\Windows\System\SMZCYvH.exe	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15300	dwm.exe
Token: SeChangeNotifyPrivilege	15300	dwm.exe
Token: 33	15300	dwm.exe
Token: SeIncBasePriorityPrivilege	15300	dwm.exe
Token: SeShutdownPrivilege	15300	dwm.exe
Token: SeCreatePagefilePrivilege	15300	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 3388	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	84
PID 4820 wrote to memory of 3388	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	84
PID 4820 wrote to memory of 716	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	85
PID 4820 wrote to memory of 716	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	85
PID 4820 wrote to memory of 1816	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	86
PID 4820 wrote to memory of 1816	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	86
PID 4820 wrote to memory of 1612	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	87
PID 4820 wrote to memory of 1612	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	87
PID 4820 wrote to memory of 364	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	88
PID 4820 wrote to memory of 364	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	88
PID 4820 wrote to memory of 2920	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	89
PID 4820 wrote to memory of 2920	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	89
PID 4820 wrote to memory of 2100	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	90
PID 4820 wrote to memory of 2100	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	90
PID 4820 wrote to memory of 2596	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	91
PID 4820 wrote to memory of 2596	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	91
PID 4820 wrote to memory of 2616	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	92
PID 4820 wrote to memory of 2616	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	92
PID 4820 wrote to memory of 2104	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	93
PID 4820 wrote to memory of 2104	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	93
PID 4820 wrote to memory of 1332	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	94
PID 4820 wrote to memory of 1332	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	94
PID 4820 wrote to memory of 2072	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	95
PID 4820 wrote to memory of 2072	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	95
PID 4820 wrote to memory of 4164	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	96
PID 4820 wrote to memory of 4164	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	96
PID 4820 wrote to memory of 2908	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	97
PID 4820 wrote to memory of 2908	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	97
PID 4820 wrote to memory of 4340	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	98
PID 4820 wrote to memory of 4340	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	98
PID 4820 wrote to memory of 332	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	99
PID 4820 wrote to memory of 332	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	99
PID 4820 wrote to memory of 4916	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	100
PID 4820 wrote to memory of 4916	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	100
PID 4820 wrote to memory of 816	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	101
PID 4820 wrote to memory of 816	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	101
PID 4820 wrote to memory of 1676	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	102
PID 4820 wrote to memory of 1676	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	102
PID 4820 wrote to memory of 1032	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	103
PID 4820 wrote to memory of 1032	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	103
PID 4820 wrote to memory of 3148	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	104
PID 4820 wrote to memory of 3148	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	104
PID 4820 wrote to memory of 2228	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	105
PID 4820 wrote to memory of 2228	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	105
PID 4820 wrote to memory of 1792	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	106
PID 4820 wrote to memory of 1792	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	106
PID 4820 wrote to memory of 544	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	107
PID 4820 wrote to memory of 544	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	107
PID 4820 wrote to memory of 3584	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	108
PID 4820 wrote to memory of 3584	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	108
PID 4820 wrote to memory of 4396	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	109
PID 4820 wrote to memory of 4396	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	109
PID 4820 wrote to memory of 2272	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	110
PID 4820 wrote to memory of 2272	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	110
PID 4820 wrote to memory of 316	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	111
PID 4820 wrote to memory of 316	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	111
PID 4820 wrote to memory of 2788	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	112
PID 4820 wrote to memory of 2788	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	112
PID 4820 wrote to memory of 2176	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	113
PID 4820 wrote to memory of 2176	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	113
PID 4820 wrote to memory of 2692	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	114
PID 4820 wrote to memory of 2692	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	114
PID 4820 wrote to memory of 3760	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	115
PID 4820 wrote to memory of 3760	4820	206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\2600857222\zmstage.exe
C:\Users\Admin\AppData\Local\Temp\2600857222\zmstage.exe
1⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\206821546cdf9b91063b44463f1903c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Windows\System\WImhKkC.exe
  C:\Windows\System\WImhKkC.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\WgnfUap.exe
  C:\Windows\System\WgnfUap.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\wTXRHav.exe
  C:\Windows\System\wTXRHav.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\pthedvk.exe
  C:\Windows\System\pthedvk.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\dOftAID.exe
  C:\Windows\System\dOftAID.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\RdOOEnq.exe
  C:\Windows\System\RdOOEnq.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\MecscBo.exe
  C:\Windows\System\MecscBo.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\iPxvgSv.exe
  C:\Windows\System\iPxvgSv.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\wAZKQan.exe
  C:\Windows\System\wAZKQan.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\FdxbZGu.exe
  C:\Windows\System\FdxbZGu.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\HJJGDia.exe
  C:\Windows\System\HJJGDia.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\OIBlKoM.exe
  C:\Windows\System\OIBlKoM.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\ACvBEVH.exe
  C:\Windows\System\ACvBEVH.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\fZTuora.exe
  C:\Windows\System\fZTuora.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\GrclTcC.exe
  C:\Windows\System\GrclTcC.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\dSXsUEc.exe
  C:\Windows\System\dSXsUEc.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\ciCYlpq.exe
  C:\Windows\System\ciCYlpq.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\MbjNJXe.exe
  C:\Windows\System\MbjNJXe.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\gkeDPhJ.exe
  C:\Windows\System\gkeDPhJ.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\AyKJsur.exe
  C:\Windows\System\AyKJsur.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\bxggXvO.exe
  C:\Windows\System\bxggXvO.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\qKEYLMF.exe
  C:\Windows\System\qKEYLMF.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\soiDJbZ.exe
  C:\Windows\System\soiDJbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\ZezGIdp.exe
  C:\Windows\System\ZezGIdp.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\GqsBTzS.exe
  C:\Windows\System\GqsBTzS.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\nBAtilR.exe
  C:\Windows\System\nBAtilR.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\jCVBrID.exe
  C:\Windows\System\jCVBrID.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\YWQkGDY.exe
  C:\Windows\System\YWQkGDY.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\wJwuJNI.exe
  C:\Windows\System\wJwuJNI.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\cYeDnPK.exe
  C:\Windows\System\cYeDnPK.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\RbRfPUe.exe
  C:\Windows\System\RbRfPUe.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\skhJusW.exe
  C:\Windows\System\skhJusW.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\BvlFJFL.exe
  C:\Windows\System\BvlFJFL.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\vJTvqlV.exe
  C:\Windows\System\vJTvqlV.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\EqlBbnu.exe
  C:\Windows\System\EqlBbnu.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\GYEwnPC.exe
  C:\Windows\System\GYEwnPC.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\itjlIeF.exe
  C:\Windows\System\itjlIeF.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\KgDuefT.exe
  C:\Windows\System\KgDuefT.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\lZVjAAK.exe
  C:\Windows\System\lZVjAAK.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\HUpcjvg.exe
  C:\Windows\System\HUpcjvg.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\ffLYxkz.exe
  C:\Windows\System\ffLYxkz.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\ooJlefk.exe
  C:\Windows\System\ooJlefk.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\HNKcsnC.exe
  C:\Windows\System\HNKcsnC.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\cdjaokR.exe
  C:\Windows\System\cdjaokR.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\JAPyODP.exe
  C:\Windows\System\JAPyODP.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\HCoMJkE.exe
  C:\Windows\System\HCoMJkE.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\BHHwULl.exe
  C:\Windows\System\BHHwULl.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\LUXwFro.exe
  C:\Windows\System\LUXwFro.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\ROZMgvv.exe
  C:\Windows\System\ROZMgvv.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\RWvoxsv.exe
  C:\Windows\System\RWvoxsv.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\NSeAKER.exe
  C:\Windows\System\NSeAKER.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\wKaVCIe.exe
  C:\Windows\System\wKaVCIe.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\NgOvXQJ.exe
  C:\Windows\System\NgOvXQJ.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\UhQJUWO.exe
  C:\Windows\System\UhQJUWO.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\uzODMwV.exe
  C:\Windows\System\uzODMwV.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\QkPWEAz.exe
  C:\Windows\System\QkPWEAz.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\bbDmFRv.exe
  C:\Windows\System\bbDmFRv.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\irVdtDX.exe
  C:\Windows\System\irVdtDX.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\EFuqGOQ.exe
  C:\Windows\System\EFuqGOQ.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\AozQPrt.exe
  C:\Windows\System\AozQPrt.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\VsEecJk.exe
  C:\Windows\System\VsEecJk.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\ZCqiKiP.exe
  C:\Windows\System\ZCqiKiP.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\hzECHQx.exe
  C:\Windows\System\hzECHQx.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\CTLYzcc.exe
  C:\Windows\System\CTLYzcc.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\loNLwIU.exe
  C:\Windows\System\loNLwIU.exe
  2⤵
  PID:1228
- C:\Windows\System\QWFwYKz.exe
  C:\Windows\System\QWFwYKz.exe
  2⤵
  PID:3980
- C:\Windows\System\IlperhD.exe
  C:\Windows\System\IlperhD.exe
  2⤵
  PID:4564
- C:\Windows\System\LTUQtvN.exe
  C:\Windows\System\LTUQtvN.exe
  2⤵
  PID:2860
- C:\Windows\System\HKbjcOH.exe
  C:\Windows\System\HKbjcOH.exe
  2⤵
  PID:4292
- C:\Windows\System\eAkYLDV.exe
  C:\Windows\System\eAkYLDV.exe
  2⤵
  PID:3204
- C:\Windows\System\GsqWwSv.exe
  C:\Windows\System\GsqWwSv.exe
  2⤵
  PID:3356
- C:\Windows\System\JnAqAnF.exe
  C:\Windows\System\JnAqAnF.exe
  2⤵
  PID:2480
- C:\Windows\System\OzHksSZ.exe
  C:\Windows\System\OzHksSZ.exe
  2⤵
  PID:3772
- C:\Windows\System\EjPwczR.exe
  C:\Windows\System\EjPwczR.exe
  2⤵
  PID:1752
- C:\Windows\System\fzkKRtX.exe
  C:\Windows\System\fzkKRtX.exe
  2⤵
  PID:1160
- C:\Windows\System\tBNzJff.exe
  C:\Windows\System\tBNzJff.exe
  2⤵
  PID:568
- C:\Windows\System\PJQKsXI.exe
  C:\Windows\System\PJQKsXI.exe
  2⤵
  PID:4556
- C:\Windows\System\ttggbFk.exe
  C:\Windows\System\ttggbFk.exe
  2⤵
  PID:3236
- C:\Windows\System\tvAGHPn.exe
  C:\Windows\System\tvAGHPn.exe
  2⤵
  PID:1368
- C:\Windows\System\xrJZfEK.exe
  C:\Windows\System\xrJZfEK.exe
  2⤵
  PID:5144
- C:\Windows\System\fwfDNqH.exe
  C:\Windows\System\fwfDNqH.exe
  2⤵
  PID:5168
- C:\Windows\System\TuDSjiv.exe
  C:\Windows\System\TuDSjiv.exe
  2⤵
  PID:5196
- C:\Windows\System\oIQqksx.exe
  C:\Windows\System\oIQqksx.exe
  2⤵
  PID:5224
- C:\Windows\System\hIxMLRR.exe
  C:\Windows\System\hIxMLRR.exe
  2⤵
  PID:5252
- C:\Windows\System\YlnegHf.exe
  C:\Windows\System\YlnegHf.exe
  2⤵
  PID:5280
- C:\Windows\System\rLHdfcy.exe
  C:\Windows\System\rLHdfcy.exe
  2⤵
  PID:5308
- C:\Windows\System\kVXZLFg.exe
  C:\Windows\System\kVXZLFg.exe
  2⤵
  PID:5336
- C:\Windows\System\UKMOKlK.exe
  C:\Windows\System\UKMOKlK.exe
  2⤵
  PID:5368
- C:\Windows\System\iohrmFo.exe
  C:\Windows\System\iohrmFo.exe
  2⤵
  PID:5392
- C:\Windows\System\oBaskuL.exe
  C:\Windows\System\oBaskuL.exe
  2⤵
  PID:5420
- C:\Windows\System\JBDfrXY.exe
  C:\Windows\System\JBDfrXY.exe
  2⤵
  PID:5448
- C:\Windows\System\clrOKQu.exe
  C:\Windows\System\clrOKQu.exe
  2⤵
  PID:5476
- C:\Windows\System\UBAwGSj.exe
  C:\Windows\System\UBAwGSj.exe
  2⤵
  PID:5504
- C:\Windows\System\cTWNkzb.exe
  C:\Windows\System\cTWNkzb.exe
  2⤵
  PID:5536
- C:\Windows\System\lEjGrMy.exe
  C:\Windows\System\lEjGrMy.exe
  2⤵
  PID:5560
- C:\Windows\System\XFpxjly.exe
  C:\Windows\System\XFpxjly.exe
  2⤵
  PID:5592
- C:\Windows\System\XRZBEsQ.exe
  C:\Windows\System\XRZBEsQ.exe
  2⤵
  PID:5616
- C:\Windows\System\ZqkATVj.exe
  C:\Windows\System\ZqkATVj.exe
  2⤵
  PID:5644
- C:\Windows\System\NfKdZxN.exe
  C:\Windows\System\NfKdZxN.exe
  2⤵
  PID:5672
- C:\Windows\System\rIJIvua.exe
  C:\Windows\System\rIJIvua.exe
  2⤵
  PID:5700
- C:\Windows\System\SmoZPDm.exe
  C:\Windows\System\SmoZPDm.exe
  2⤵
  PID:5728
- C:\Windows\System\NRaftqh.exe
  C:\Windows\System\NRaftqh.exe
  2⤵
  PID:5756
- C:\Windows\System\NMHZCSS.exe
  C:\Windows\System\NMHZCSS.exe
  2⤵
  PID:5784
- C:\Windows\System\mreKFsy.exe
  C:\Windows\System\mreKFsy.exe
  2⤵
  PID:5812
- C:\Windows\System\emlrsJq.exe
  C:\Windows\System\emlrsJq.exe
  2⤵
  PID:5840
- C:\Windows\System\FDsTYmY.exe
  C:\Windows\System\FDsTYmY.exe
  2⤵
  PID:5868
- C:\Windows\System\ZHWmtsx.exe
  C:\Windows\System\ZHWmtsx.exe
  2⤵
  PID:5900
- C:\Windows\System\YhfMphJ.exe
  C:\Windows\System\YhfMphJ.exe
  2⤵
  PID:5924
- C:\Windows\System\BGfTzxT.exe
  C:\Windows\System\BGfTzxT.exe
  2⤵
  PID:5960
- C:\Windows\System\PSlPqrK.exe
  C:\Windows\System\PSlPqrK.exe
  2⤵
  PID:5980
- C:\Windows\System\PhUrftp.exe
  C:\Windows\System\PhUrftp.exe
  2⤵
  PID:6012
- C:\Windows\System\kqKugNH.exe
  C:\Windows\System\kqKugNH.exe
  2⤵
  PID:6036
- C:\Windows\System\MiHKsny.exe
  C:\Windows\System\MiHKsny.exe
  2⤵
  PID:6088
- C:\Windows\System\gEjBUjk.exe
  C:\Windows\System\gEjBUjk.exe
  2⤵
  PID:6104
- C:\Windows\System\dlWDEQx.exe
  C:\Windows\System\dlWDEQx.exe
  2⤵
  PID:6120
- C:\Windows\System\YyjSSmT.exe
  C:\Windows\System\YyjSSmT.exe
  2⤵
  PID:1920
- C:\Windows\System\FddOGeU.exe
  C:\Windows\System\FddOGeU.exe
  2⤵
  PID:5068
- C:\Windows\System\gYqEIBC.exe
  C:\Windows\System\gYqEIBC.exe
  2⤵
  PID:4992
- C:\Windows\System\LNaZYXx.exe
  C:\Windows\System\LNaZYXx.exe
  2⤵
  PID:4500
- C:\Windows\System\xbvBwgY.exe
  C:\Windows\System\xbvBwgY.exe
  2⤵
  PID:5156
- C:\Windows\System\QpkEFAN.exe
  C:\Windows\System\QpkEFAN.exe
  2⤵
  PID:5216
- C:\Windows\System\SEPVbCr.exe
  C:\Windows\System\SEPVbCr.exe
  2⤵
  PID:5292
- C:\Windows\System\EFhZWPL.exe
  C:\Windows\System\EFhZWPL.exe
  2⤵
  PID:5352
- C:\Windows\System\FEOezlN.exe
  C:\Windows\System\FEOezlN.exe
  2⤵
  PID:5408
- C:\Windows\System\yHqUKOb.exe
  C:\Windows\System\yHqUKOb.exe
  2⤵
  PID:5468
- C:\Windows\System\epFwFDY.exe
  C:\Windows\System\epFwFDY.exe
  2⤵
  PID:5524
- C:\Windows\System\oTHADbI.exe
  C:\Windows\System\oTHADbI.exe
  2⤵
  PID:5580
- C:\Windows\System\YhYVOsN.exe
  C:\Windows\System\YhYVOsN.exe
  2⤵
  PID:1580
- C:\Windows\System\uEzFsTI.exe
  C:\Windows\System\uEzFsTI.exe
  2⤵
  PID:5712
- C:\Windows\System\CKtDbWd.exe
  C:\Windows\System\CKtDbWd.exe
  2⤵
  PID:5768
- C:\Windows\System\KJkJbHe.exe
  C:\Windows\System\KJkJbHe.exe
  2⤵
  PID:5828
- C:\Windows\System\vuXrBtM.exe
  C:\Windows\System\vuXrBtM.exe
  2⤵
  PID:5888
- C:\Windows\System\IRWpiIS.exe
  C:\Windows\System\IRWpiIS.exe
  2⤵
  PID:5944
- C:\Windows\System\lXJLCQO.exe
  C:\Windows\System\lXJLCQO.exe
  2⤵
  PID:6000
- C:\Windows\System\izUBYFs.exe
  C:\Windows\System\izUBYFs.exe
  2⤵
  PID:6080
- C:\Windows\System\otwMsEv.exe
  C:\Windows\System\otwMsEv.exe
  2⤵
  PID:3504
- C:\Windows\System\aGRTtpF.exe
  C:\Windows\System\aGRTtpF.exe
  2⤵
  PID:1500
- C:\Windows\System\soTHCgz.exe
  C:\Windows\System\soTHCgz.exe
  2⤵
  PID:5128
- C:\Windows\System\fCIlKMo.exe
  C:\Windows\System\fCIlKMo.exe
  2⤵
  PID:5320
- C:\Windows\System\apZSEtL.exe
  C:\Windows\System\apZSEtL.exe
  2⤵
  PID:5404
- C:\Windows\System\zvruKpI.exe
  C:\Windows\System\zvruKpI.exe
  2⤵
  PID:4172
- C:\Windows\System\yaADKSn.exe
  C:\Windows\System\yaADKSn.exe
  2⤵
  PID:5628
- C:\Windows\System\HKcEaUu.exe
  C:\Windows\System\HKcEaUu.exe
  2⤵
  PID:5804
- C:\Windows\System\dmpkeAc.exe
  C:\Windows\System\dmpkeAc.exe
  2⤵
  PID:5992
- C:\Windows\System\JXPQiJt.exe
  C:\Windows\System\JXPQiJt.exe
  2⤵
  PID:5328
- C:\Windows\System\TniKbxk.exe
  C:\Windows\System\TniKbxk.exe
  2⤵
  PID:488
- C:\Windows\System\xDgdbjZ.exe
  C:\Windows\System\xDgdbjZ.exe
  2⤵
  PID:5740
- C:\Windows\System\YXbTTVA.exe
  C:\Windows\System\YXbTTVA.exe
  2⤵
  PID:2496
- C:\Windows\System\CDmfCQQ.exe
  C:\Windows\System\CDmfCQQ.exe
  2⤵
  PID:3276
- C:\Windows\System\DMPXjfB.exe
  C:\Windows\System\DMPXjfB.exe
  2⤵
  PID:3448
- C:\Windows\System\OTcTKCU.exe
  C:\Windows\System\OTcTKCU.exe
  2⤵
  PID:6196
- C:\Windows\System\FAbcfNH.exe
  C:\Windows\System\FAbcfNH.exe
  2⤵
  PID:6212
- C:\Windows\System\AaChAVD.exe
  C:\Windows\System\AaChAVD.exe
  2⤵
  PID:6256
- C:\Windows\System\GfxSRMR.exe
  C:\Windows\System\GfxSRMR.exe
  2⤵
  PID:6304
- C:\Windows\System\waTYaPl.exe
  C:\Windows\System\waTYaPl.exe
  2⤵
  PID:6340
- C:\Windows\System\bNChYPG.exe
  C:\Windows\System\bNChYPG.exe
  2⤵
  PID:6368
- C:\Windows\System\BrtJynO.exe
  C:\Windows\System\BrtJynO.exe
  2⤵
  PID:6396
- C:\Windows\System\rPFDmeO.exe
  C:\Windows\System\rPFDmeO.exe
  2⤵
  PID:6432
- C:\Windows\System\PGVaMuj.exe
  C:\Windows\System\PGVaMuj.exe
  2⤵
  PID:6456
- C:\Windows\System\cgKYiXK.exe
  C:\Windows\System\cgKYiXK.exe
  2⤵
  PID:6580
- C:\Windows\System\ATtKUJa.exe
  C:\Windows\System\ATtKUJa.exe
  2⤵
  PID:6608
- C:\Windows\System\QybnHls.exe
  C:\Windows\System\QybnHls.exe
  2⤵
  PID:6648
- C:\Windows\System\XajtRck.exe
  C:\Windows\System\XajtRck.exe
  2⤵
  PID:6692
- C:\Windows\System\PouKUfM.exe
  C:\Windows\System\PouKUfM.exe
  2⤵
  PID:6720
- C:\Windows\System\iKQMQHX.exe
  C:\Windows\System\iKQMQHX.exe
  2⤵
  PID:6748
- C:\Windows\System\MJadYKc.exe
  C:\Windows\System\MJadYKc.exe
  2⤵
  PID:6776
- C:\Windows\System\SnZltTs.exe
  C:\Windows\System\SnZltTs.exe
  2⤵
  PID:6812
- C:\Windows\System\Jkawils.exe
  C:\Windows\System\Jkawils.exe
  2⤵
  PID:6828
- C:\Windows\System\MFOGfRu.exe
  C:\Windows\System\MFOGfRu.exe
  2⤵
  PID:6848
- C:\Windows\System\zlsYmho.exe
  C:\Windows\System\zlsYmho.exe
  2⤵
  PID:6888
- C:\Windows\System\sgLPptP.exe
  C:\Windows\System\sgLPptP.exe
  2⤵
  PID:6936
- C:\Windows\System\GZPMDIG.exe
  C:\Windows\System\GZPMDIG.exe
  2⤵
  PID:6976
- C:\Windows\System\VeMGmjn.exe
  C:\Windows\System\VeMGmjn.exe
  2⤵
  PID:7004
- C:\Windows\System\lPMvIVm.exe
  C:\Windows\System\lPMvIVm.exe
  2⤵
  PID:7024
- C:\Windows\System\AzWYfZC.exe
  C:\Windows\System\AzWYfZC.exe
  2⤵
  PID:7048
- C:\Windows\System\rLrfazP.exe
  C:\Windows\System\rLrfazP.exe
  2⤵
  PID:7084
- C:\Windows\System\lWhdNwj.exe
  C:\Windows\System\lWhdNwj.exe
  2⤵
  PID:7108
- C:\Windows\System\oYYBhKc.exe
  C:\Windows\System\oYYBhKc.exe
  2⤵
  PID:7148
- C:\Windows\System\iiUFIzt.exe
  C:\Windows\System\iiUFIzt.exe
  2⤵
  PID:824
- C:\Windows\System\CaTLiKx.exe
  C:\Windows\System\CaTLiKx.exe
  2⤵
  PID:3192
- C:\Windows\System\hRGpYNT.exe
  C:\Windows\System\hRGpYNT.exe
  2⤵
  PID:5104
- C:\Windows\System\XfnItun.exe
  C:\Windows\System\XfnItun.exe
  2⤵
  PID:3976
- C:\Windows\System\KPfItFS.exe
  C:\Windows\System\KPfItFS.exe
  2⤵
  PID:6160
- C:\Windows\System\JxEvftA.exe
  C:\Windows\System\JxEvftA.exe
  2⤵
  PID:6208
- C:\Windows\System\nLAHLkV.exe
  C:\Windows\System\nLAHLkV.exe
  2⤵
  PID:1660
- C:\Windows\System\ubjwTGf.exe
  C:\Windows\System\ubjwTGf.exe
  2⤵
  PID:6352
- C:\Windows\System\tbWgMNB.exe
  C:\Windows\System\tbWgMNB.exe
  2⤵
  PID:1008
- C:\Windows\System\JfdlKWF.exe
  C:\Windows\System\JfdlKWF.exe
  2⤵
  PID:5572
- C:\Windows\System\noWkQgt.exe
  C:\Windows\System\noWkQgt.exe
  2⤵
  PID:6576
- C:\Windows\System\WhYDpvI.exe
  C:\Windows\System\WhYDpvI.exe
  2⤵
  PID:6628
- C:\Windows\System\KynHhgI.exe
  C:\Windows\System\KynHhgI.exe
  2⤵
  PID:1544
- C:\Windows\System\mVCiZkL.exe
  C:\Windows\System\mVCiZkL.exe
  2⤵
  PID:6488
- C:\Windows\System\CcwtMra.exe
  C:\Windows\System\CcwtMra.exe
  2⤵
  PID:4200
- C:\Windows\System\FBnqUCi.exe
  C:\Windows\System\FBnqUCi.exe
  2⤵
  PID:6316
- C:\Windows\System\oLEUdWx.exe
  C:\Windows\System\oLEUdWx.exe
  2⤵
  PID:6768
- C:\Windows\System\eUpPqZp.exe
  C:\Windows\System\eUpPqZp.exe
  2⤵
  PID:6840
- C:\Windows\System\zSOSqHB.exe
  C:\Windows\System\zSOSqHB.exe
  2⤵
  PID:6908
- C:\Windows\System\eliwSgs.exe
  C:\Windows\System\eliwSgs.exe
  2⤵
  PID:7000
- C:\Windows\System\NmtGZvn.exe
  C:\Windows\System\NmtGZvn.exe
  2⤵
  PID:7060
- C:\Windows\System\wcnFyOc.exe
  C:\Windows\System\wcnFyOc.exe
  2⤵
  PID:3128
- C:\Windows\System\CVmAqZy.exe
  C:\Windows\System\CVmAqZy.exe
  2⤵
  PID:2944
- C:\Windows\System\ETsijZZ.exe
  C:\Windows\System\ETsijZZ.exe
  2⤵
  PID:5636
- C:\Windows\System\IUSsBMc.exe
  C:\Windows\System\IUSsBMc.exe
  2⤵
  PID:6204
- C:\Windows\System\ZGVnsJZ.exe
  C:\Windows\System\ZGVnsJZ.exe
  2⤵
  PID:6384
- C:\Windows\System\DuLWXbf.exe
  C:\Windows\System\DuLWXbf.exe
  2⤵
  PID:6100
- C:\Windows\System\mOvkbto.exe
  C:\Windows\System\mOvkbto.exe
  2⤵
  PID:6600
- C:\Windows\System\rWXPPDW.exe
  C:\Windows\System\rWXPPDW.exe
  2⤵
  PID:2680
- C:\Windows\System\CzfbzAd.exe
  C:\Windows\System\CzfbzAd.exe
  2⤵
  PID:6744
- C:\Windows\System\iJahvSJ.exe
  C:\Windows\System\iJahvSJ.exe
  2⤵
  PID:6880
- C:\Windows\System\zqeiOQY.exe
  C:\Windows\System\zqeiOQY.exe
  2⤵
  PID:7092
- C:\Windows\System\uDYyMHt.exe
  C:\Windows\System\uDYyMHt.exe
  2⤵
  PID:4324
- C:\Windows\System\eNabzUF.exe
  C:\Windows\System\eNabzUF.exe
  2⤵
  PID:6356
- C:\Windows\System\FfMsgcl.exe
  C:\Windows\System\FfMsgcl.exe
  2⤵
  PID:6660
- C:\Windows\System\RZCpszd.exe
  C:\Windows\System\RZCpszd.exe
  2⤵
  PID:6804
- C:\Windows\System\nNQfthW.exe
  C:\Windows\System\nNQfthW.exe
  2⤵
  PID:552
- C:\Windows\System\OxjWjaj.exe
  C:\Windows\System\OxjWjaj.exe
  2⤵
  PID:1516
- C:\Windows\System\NcKJYDQ.exe
  C:\Windows\System\NcKJYDQ.exe
  2⤵
  PID:6564
- C:\Windows\System\UjqqkZe.exe
  C:\Windows\System\UjqqkZe.exe
  2⤵
  PID:7184
- C:\Windows\System\PNUZcWJ.exe
  C:\Windows\System\PNUZcWJ.exe
  2⤵
  PID:7212
- C:\Windows\System\cshgKVj.exe
  C:\Windows\System\cshgKVj.exe
  2⤵
  PID:7240
- C:\Windows\System\LXkhwUp.exe
  C:\Windows\System\LXkhwUp.exe
  2⤵
  PID:7268
- C:\Windows\System\IGfTgui.exe
  C:\Windows\System\IGfTgui.exe
  2⤵
  PID:7296
- C:\Windows\System\EUxElxC.exe
  C:\Windows\System\EUxElxC.exe
  2⤵
  PID:7324
- C:\Windows\System\IgFfECF.exe
  C:\Windows\System\IgFfECF.exe
  2⤵
  PID:7340
- C:\Windows\System\AWpcUsb.exe
  C:\Windows\System\AWpcUsb.exe
  2⤵
  PID:7356
- C:\Windows\System\TcvhtBW.exe
  C:\Windows\System\TcvhtBW.exe
  2⤵
  PID:7372
- C:\Windows\System\CXjjliH.exe
  C:\Windows\System\CXjjliH.exe
  2⤵
  PID:7392
- C:\Windows\System\lhqRNuv.exe
  C:\Windows\System\lhqRNuv.exe
  2⤵
  PID:7424
- C:\Windows\System\DMcSMcY.exe
  C:\Windows\System\DMcSMcY.exe
  2⤵
  PID:7452
- C:\Windows\System\piwskdR.exe
  C:\Windows\System\piwskdR.exe
  2⤵
  PID:7496
- C:\Windows\System\rSOCUVr.exe
  C:\Windows\System\rSOCUVr.exe
  2⤵
  PID:7528
- C:\Windows\System\hjXUpGp.exe
  C:\Windows\System\hjXUpGp.exe
  2⤵
  PID:7576
- C:\Windows\System\wUAvXGk.exe
  C:\Windows\System\wUAvXGk.exe
  2⤵
  PID:7592
- C:\Windows\System\eRjNCNM.exe
  C:\Windows\System\eRjNCNM.exe
  2⤵
  PID:7608
- C:\Windows\System\reqHcPe.exe
  C:\Windows\System\reqHcPe.exe
  2⤵
  PID:7640
- C:\Windows\System\rWOaVYp.exe
  C:\Windows\System\rWOaVYp.exe
  2⤵
  PID:7688
- C:\Windows\System\uBoZYZu.exe
  C:\Windows\System\uBoZYZu.exe
  2⤵
  PID:7716
- C:\Windows\System\ioUEaZg.exe
  C:\Windows\System\ioUEaZg.exe
  2⤵
  PID:7744
- C:\Windows\System\MRTycPu.exe
  C:\Windows\System\MRTycPu.exe
  2⤵
  PID:7772
- C:\Windows\System\eRdYGxO.exe
  C:\Windows\System\eRdYGxO.exe
  2⤵
  PID:7804
- C:\Windows\System\prSpzYu.exe
  C:\Windows\System\prSpzYu.exe
  2⤵
  PID:7832
- C:\Windows\System\UOjgpho.exe
  C:\Windows\System\UOjgpho.exe
  2⤵
  PID:7860
- C:\Windows\System\IiIiPTY.exe
  C:\Windows\System\IiIiPTY.exe
  2⤵
  PID:7888
- C:\Windows\System\zvnyqYV.exe
  C:\Windows\System\zvnyqYV.exe
  2⤵
  PID:7916
- C:\Windows\System\qKkzRji.exe
  C:\Windows\System\qKkzRji.exe
  2⤵
  PID:7944
- C:\Windows\System\JRTGGJr.exe
  C:\Windows\System\JRTGGJr.exe
  2⤵
  PID:7972
- C:\Windows\System\MVjcGhN.exe
  C:\Windows\System\MVjcGhN.exe
  2⤵
  PID:8000
- C:\Windows\System\nQwtQBU.exe
  C:\Windows\System\nQwtQBU.exe
  2⤵
  PID:8028
- C:\Windows\System\NdILITL.exe
  C:\Windows\System\NdILITL.exe
  2⤵
  PID:8052
- C:\Windows\System\iBhLeJD.exe
  C:\Windows\System\iBhLeJD.exe
  2⤵
  PID:8084
- C:\Windows\System\GjEONSE.exe
  C:\Windows\System\GjEONSE.exe
  2⤵
  PID:8112
- C:\Windows\System\cfjqToY.exe
  C:\Windows\System\cfjqToY.exe
  2⤵
  PID:8140
- C:\Windows\System\BLwYjpw.exe
  C:\Windows\System\BLwYjpw.exe
  2⤵
  PID:8168
- C:\Windows\System\ZgqrSMB.exe
  C:\Windows\System\ZgqrSMB.exe
  2⤵
  PID:7176
- C:\Windows\System\WahnOfJ.exe
  C:\Windows\System\WahnOfJ.exe
  2⤵
  PID:7232
- C:\Windows\System\WvSniAn.exe
  C:\Windows\System\WvSniAn.exe
  2⤵
  PID:7292
- C:\Windows\System\tsyVtVp.exe
  C:\Windows\System\tsyVtVp.exe
  2⤵
  PID:7348
- C:\Windows\System\pySIEST.exe
  C:\Windows\System\pySIEST.exe
  2⤵
  PID:7416
- C:\Windows\System\HXiOZtj.exe
  C:\Windows\System\HXiOZtj.exe
  2⤵
  PID:7472
- C:\Windows\System\sibsgfX.exe
  C:\Windows\System\sibsgfX.exe
  2⤵
  PID:7556
- C:\Windows\System\qVjpuqg.exe
  C:\Windows\System\qVjpuqg.exe
  2⤵
  PID:7636
- C:\Windows\System\KgDhrmz.exe
  C:\Windows\System\KgDhrmz.exe
  2⤵
  PID:7708
- C:\Windows\System\vqWXbuf.exe
  C:\Windows\System\vqWXbuf.exe
  2⤵
  PID:5008
- C:\Windows\System\RWOpXDl.exe
  C:\Windows\System\RWOpXDl.exe
  2⤵
  PID:7848
- C:\Windows\System\bwXtAfJ.exe
  C:\Windows\System\bwXtAfJ.exe
  2⤵
  PID:7904
- C:\Windows\System\tHTgWLq.exe
  C:\Windows\System\tHTgWLq.exe
  2⤵
  PID:7996
- C:\Windows\System\OzaNuXg.exe
  C:\Windows\System\OzaNuXg.exe
  2⤵
  PID:8096
- C:\Windows\System\YbwEBTZ.exe
  C:\Windows\System\YbwEBTZ.exe
  2⤵
  PID:8160
- C:\Windows\System\EHFQGuX.exe
  C:\Windows\System\EHFQGuX.exe
  2⤵
  PID:7280
- C:\Windows\System\gjHdTKi.exe
  C:\Windows\System\gjHdTKi.exe
  2⤵
  PID:7412
- C:\Windows\System\aCdoYFA.exe
  C:\Windows\System\aCdoYFA.exe
  2⤵
  PID:7568
- C:\Windows\System\zjGtTxO.exe
  C:\Windows\System\zjGtTxO.exe
  2⤵
  PID:1560
- C:\Windows\System\ejdkBBC.exe
  C:\Windows\System\ejdkBBC.exe
  2⤵
  PID:7872
- C:\Windows\System\HgnFLDI.exe
  C:\Windows\System\HgnFLDI.exe
  2⤵
  PID:8076
- C:\Windows\System\oqrXRPM.exe
  C:\Windows\System\oqrXRPM.exe
  2⤵
  PID:7224
- C:\Windows\System\agERolU.exe
  C:\Windows\System\agERolU.exe
  2⤵
  PID:7504
- C:\Windows\System\sSXvbhW.exe
  C:\Windows\System\sSXvbhW.exe
  2⤵
  PID:7668
- C:\Windows\System\muohylf.exe
  C:\Windows\System\muohylf.exe
  2⤵
  PID:7536
- C:\Windows\System\SUQAdKu.exe
  C:\Windows\System\SUQAdKu.exe
  2⤵
  PID:7824
- C:\Windows\System\IXuPVun.exe
  C:\Windows\System\IXuPVun.exe
  2⤵
  PID:8208
- C:\Windows\System\YuiioPO.exe
  C:\Windows\System\YuiioPO.exe
  2⤵
  PID:8236
- C:\Windows\System\wlZOyuA.exe
  C:\Windows\System\wlZOyuA.exe
  2⤵
  PID:8256
- C:\Windows\System\niXYodB.exe
  C:\Windows\System\niXYodB.exe
  2⤵
  PID:8284
- C:\Windows\System\oQXFtwS.exe
  C:\Windows\System\oQXFtwS.exe
  2⤵
  PID:8316
- C:\Windows\System\ddccher.exe
  C:\Windows\System\ddccher.exe
  2⤵
  PID:8352
- C:\Windows\System\cypIfYM.exe
  C:\Windows\System\cypIfYM.exe
  2⤵
  PID:8388
- C:\Windows\System\DiqfQfS.exe
  C:\Windows\System\DiqfQfS.exe
  2⤵
  PID:8420
- C:\Windows\System\SjClsIz.exe
  C:\Windows\System\SjClsIz.exe
  2⤵
  PID:8452
- C:\Windows\System\KQUPBec.exe
  C:\Windows\System\KQUPBec.exe
  2⤵
  PID:8480
- C:\Windows\System\PoBjbVn.exe
  C:\Windows\System\PoBjbVn.exe
  2⤵
  PID:8508
- C:\Windows\System\pCMpvFV.exe
  C:\Windows\System\pCMpvFV.exe
  2⤵
  PID:8528
- C:\Windows\System\iFytnYQ.exe
  C:\Windows\System\iFytnYQ.exe
  2⤵
  PID:8552
- C:\Windows\System\lUzrvYg.exe
  C:\Windows\System\lUzrvYg.exe
  2⤵
  PID:8584
- C:\Windows\System\cXfQhKD.exe
  C:\Windows\System\cXfQhKD.exe
  2⤵
  PID:8620
- C:\Windows\System\mdfgIxA.exe
  C:\Windows\System\mdfgIxA.exe
  2⤵
  PID:8648
- C:\Windows\System\iQhQTIq.exe
  C:\Windows\System\iQhQTIq.exe
  2⤵
  PID:8680
- C:\Windows\System\bnEdThY.exe
  C:\Windows\System\bnEdThY.exe
  2⤵
  PID:8704
- C:\Windows\System\RzLgMQv.exe
  C:\Windows\System\RzLgMQv.exe
  2⤵
  PID:8732
- C:\Windows\System\jPueZBH.exe
  C:\Windows\System\jPueZBH.exe
  2⤵
  PID:8760
- C:\Windows\System\jTRswvd.exe
  C:\Windows\System\jTRswvd.exe
  2⤵
  PID:8788
- C:\Windows\System\jJJPhQt.exe
  C:\Windows\System\jJJPhQt.exe
  2⤵
  PID:8816
- C:\Windows\System\OgHyGTv.exe
  C:\Windows\System\OgHyGTv.exe
  2⤵
  PID:8844
- C:\Windows\System\WvDZqIb.exe
  C:\Windows\System\WvDZqIb.exe
  2⤵
  PID:8872
- C:\Windows\System\mVRnlDo.exe
  C:\Windows\System\mVRnlDo.exe
  2⤵
  PID:8900
- C:\Windows\System\kDrjZyW.exe
  C:\Windows\System\kDrjZyW.exe
  2⤵
  PID:8928
- C:\Windows\System\VSXfglg.exe
  C:\Windows\System\VSXfglg.exe
  2⤵
  PID:8956
- C:\Windows\System\aABSlfb.exe
  C:\Windows\System\aABSlfb.exe
  2⤵
  PID:8984
- C:\Windows\System\nXjLjcS.exe
  C:\Windows\System\nXjLjcS.exe
  2⤵
  PID:9012
- C:\Windows\System\IicIYOE.exe
  C:\Windows\System\IicIYOE.exe
  2⤵
  PID:9040
- C:\Windows\System\hVMEYXz.exe
  C:\Windows\System\hVMEYXz.exe
  2⤵
  PID:9068
- C:\Windows\System\VgTKlzh.exe
  C:\Windows\System\VgTKlzh.exe
  2⤵
  PID:9096
- C:\Windows\System\VRpCjOY.exe
  C:\Windows\System\VRpCjOY.exe
  2⤵
  PID:9124
- C:\Windows\System\CTEpfUC.exe
  C:\Windows\System\CTEpfUC.exe
  2⤵
  PID:9156
- C:\Windows\System\MUssPpu.exe
  C:\Windows\System\MUssPpu.exe
  2⤵
  PID:9200
- C:\Windows\System\stEXJAB.exe
  C:\Windows\System\stEXJAB.exe
  2⤵
  PID:7404
- C:\Windows\System\RjtXAls.exe
  C:\Windows\System\RjtXAls.exe
  2⤵
  PID:8276
- C:\Windows\System\LEPDOPO.exe
  C:\Windows\System\LEPDOPO.exe
  2⤵
  PID:8360
- C:\Windows\System\qEMhfMI.exe
  C:\Windows\System\qEMhfMI.exe
  2⤵
  PID:8412
- C:\Windows\System\tKsglIZ.exe
  C:\Windows\System\tKsglIZ.exe
  2⤵
  PID:8476
- C:\Windows\System\VbTeGlg.exe
  C:\Windows\System\VbTeGlg.exe
  2⤵
  PID:8496
- C:\Windows\System\uJrzaax.exe
  C:\Windows\System\uJrzaax.exe
  2⤵
  PID:8544
- C:\Windows\System\xVbhOOM.exe
  C:\Windows\System\xVbhOOM.exe
  2⤵
  PID:8616
- C:\Windows\System\SFCztYx.exe
  C:\Windows\System\SFCztYx.exe
  2⤵
  PID:8716
- C:\Windows\System\QlVyGgj.exe
  C:\Windows\System\QlVyGgj.exe
  2⤵
  PID:8772
- C:\Windows\System\OKXswgS.exe
  C:\Windows\System\OKXswgS.exe
  2⤵
  PID:8868
- C:\Windows\System\xnzMUik.exe
  C:\Windows\System\xnzMUik.exe
  2⤵
  PID:9060
- C:\Windows\System\jdbelYx.exe
  C:\Windows\System\jdbelYx.exe
  2⤵
  PID:9120
- C:\Windows\System\SGQFeNO.exe
  C:\Windows\System\SGQFeNO.exe
  2⤵
  PID:7352
- C:\Windows\System\AUEoTce.exe
  C:\Windows\System\AUEoTce.exe
  2⤵
  PID:8308
- C:\Windows\System\uOgdcAf.exe
  C:\Windows\System\uOgdcAf.exe
  2⤵
  PID:8448
- C:\Windows\System\ghvunHY.exe
  C:\Windows\System\ghvunHY.exe
  2⤵
  PID:8700
- C:\Windows\System\onjzOva.exe
  C:\Windows\System\onjzOva.exe
  2⤵
  PID:8856
- C:\Windows\System\iDlCYgt.exe
  C:\Windows\System\iDlCYgt.exe
  2⤵
  PID:9148
- C:\Windows\System\REeUZlL.exe
  C:\Windows\System\REeUZlL.exe
  2⤵
  PID:9116
- C:\Windows\System\DCwGhIg.exe
  C:\Windows\System\DCwGhIg.exe
  2⤵
  PID:9240
- C:\Windows\System\xcPWZZe.exe
  C:\Windows\System\xcPWZZe.exe
  2⤵
  PID:9280
- C:\Windows\System\niIEfCl.exe
  C:\Windows\System\niIEfCl.exe
  2⤵
  PID:9320
- C:\Windows\System\ZPuWvGQ.exe
  C:\Windows\System\ZPuWvGQ.exe
  2⤵
  PID:9356
- C:\Windows\System\bvjPEnb.exe
  C:\Windows\System\bvjPEnb.exe
  2⤵
  PID:9388
- C:\Windows\System\FidUJoI.exe
  C:\Windows\System\FidUJoI.exe
  2⤵
  PID:9420
- C:\Windows\System\wefqemy.exe
  C:\Windows\System\wefqemy.exe
  2⤵
  PID:9448
- C:\Windows\System\NnePwKr.exe
  C:\Windows\System\NnePwKr.exe
  2⤵
  PID:9476
- C:\Windows\System\cOXuBhD.exe
  C:\Windows\System\cOXuBhD.exe
  2⤵
  PID:9508
- C:\Windows\System\KIlYCPT.exe
  C:\Windows\System\KIlYCPT.exe
  2⤵
  PID:9540
- C:\Windows\System\ahSgpFy.exe
  C:\Windows\System\ahSgpFy.exe
  2⤵
  PID:9560
- C:\Windows\System\zONxXYR.exe
  C:\Windows\System\zONxXYR.exe
  2⤵
  PID:9584
- C:\Windows\System\TFgDPxA.exe
  C:\Windows\System\TFgDPxA.exe
  2⤵
  PID:9600
- C:\Windows\System\PYpvUOX.exe
  C:\Windows\System\PYpvUOX.exe
  2⤵
  PID:9620
- C:\Windows\System\MliLpnA.exe
  C:\Windows\System\MliLpnA.exe
  2⤵
  PID:9636
- C:\Windows\System\PirKHNU.exe
  C:\Windows\System\PirKHNU.exe
  2⤵
  PID:9688
- C:\Windows\System\yoOzunh.exe
  C:\Windows\System\yoOzunh.exe
  2⤵
  PID:9720
- C:\Windows\System\oIQiriq.exe
  C:\Windows\System\oIQiriq.exe
  2⤵
  PID:9752
- C:\Windows\System\ijTcTqE.exe
  C:\Windows\System\ijTcTqE.exe
  2⤵
  PID:9776
- C:\Windows\System\nZpfqJH.exe
  C:\Windows\System\nZpfqJH.exe
  2⤵
  PID:9808
- C:\Windows\System\osaBTEH.exe
  C:\Windows\System\osaBTEH.exe
  2⤵
  PID:9832
- C:\Windows\System\GaVqCvT.exe
  C:\Windows\System\GaVqCvT.exe
  2⤵
  PID:9868
- C:\Windows\System\rirwwRU.exe
  C:\Windows\System\rirwwRU.exe
  2⤵
  PID:9912
- C:\Windows\System\ShFaXxb.exe
  C:\Windows\System\ShFaXxb.exe
  2⤵
  PID:9940
- C:\Windows\System\sJjoFQL.exe
  C:\Windows\System\sJjoFQL.exe
  2⤵
  PID:9968
- C:\Windows\System\APxvXOC.exe
  C:\Windows\System\APxvXOC.exe
  2⤵
  PID:9988
- C:\Windows\System\RmdRUPG.exe
  C:\Windows\System\RmdRUPG.exe
  2⤵
  PID:10032
- C:\Windows\System\VDgfeEq.exe
  C:\Windows\System\VDgfeEq.exe
  2⤵
  PID:10060
- C:\Windows\System\suMQMGJ.exe
  C:\Windows\System\suMQMGJ.exe
  2⤵
  PID:10088
- C:\Windows\System\BYYjTVc.exe
  C:\Windows\System\BYYjTVc.exe
  2⤵
  PID:10120
- C:\Windows\System\NcnQwvM.exe
  C:\Windows\System\NcnQwvM.exe
  2⤵
  PID:10148
- C:\Windows\System\INSRxnE.exe
  C:\Windows\System\INSRxnE.exe
  2⤵
  PID:10180
- C:\Windows\System\ThTZbut.exe
  C:\Windows\System\ThTZbut.exe
  2⤵
  PID:10212
- C:\Windows\System\uMrunqa.exe
  C:\Windows\System\uMrunqa.exe
  2⤵
  PID:9028
- C:\Windows\System\JoMRUPE.exe
  C:\Windows\System\JoMRUPE.exe
  2⤵
  PID:648
- C:\Windows\System\PtJclUw.exe
  C:\Windows\System\PtJclUw.exe
  2⤵
  PID:9368
- C:\Windows\System\JnMihbW.exe
  C:\Windows\System\JnMihbW.exe
  2⤵
  PID:9432
- C:\Windows\System\VobUtCZ.exe
  C:\Windows\System\VobUtCZ.exe
  2⤵
  PID:9500
- C:\Windows\System\CkRkuFG.exe
  C:\Windows\System\CkRkuFG.exe
  2⤵
  PID:9580
- C:\Windows\System\sUEkDvK.exe
  C:\Windows\System\sUEkDvK.exe
  2⤵
  PID:9608
- C:\Windows\System\EOiYrzz.exe
  C:\Windows\System\EOiYrzz.exe
  2⤵
  PID:9684
- C:\Windows\System\HVTlemo.exe
  C:\Windows\System\HVTlemo.exe
  2⤵
  PID:9796
- C:\Windows\System\xOTzeMb.exe
  C:\Windows\System\xOTzeMb.exe
  2⤵
  PID:9820
- C:\Windows\System\iGFBjEw.exe
  C:\Windows\System\iGFBjEw.exe
  2⤵
  PID:9924
- C:\Windows\System\nCGjDCL.exe
  C:\Windows\System\nCGjDCL.exe
  2⤵
  PID:9984
- C:\Windows\System\xvXWdnJ.exe
  C:\Windows\System\xvXWdnJ.exe
  2⤵
  PID:10044
- C:\Windows\System\CzAwzcz.exe
  C:\Windows\System\CzAwzcz.exe
  2⤵
  PID:10144
- C:\Windows\System\mkSPZNo.exe
  C:\Windows\System\mkSPZNo.exe
  2⤵
  PID:10204
- C:\Windows\System\KiqHMTG.exe
  C:\Windows\System\KiqHMTG.exe
  2⤵
  PID:9276
- C:\Windows\System\upGMkNY.exe
  C:\Windows\System\upGMkNY.exe
  2⤵
  PID:9492
- C:\Windows\System\mmHKcxI.exe
  C:\Windows\System\mmHKcxI.exe
  2⤵
  PID:9652
- C:\Windows\System\CKNtbnQ.exe
  C:\Windows\System\CKNtbnQ.exe
  2⤵
  PID:9784
- C:\Windows\System\KeovmTi.exe
  C:\Windows\System\KeovmTi.exe
  2⤵
  PID:9952
- C:\Windows\System\LAXaRLw.exe
  C:\Windows\System\LAXaRLw.exe
  2⤵
  PID:10100
- C:\Windows\System\iFXykfY.exe
  C:\Windows\System\iFXykfY.exe
  2⤵
  PID:10232
- C:\Windows\System\jrDAWor.exe
  C:\Windows\System\jrDAWor.exe
  2⤵
  PID:9700
- C:\Windows\System\GYHuALY.exe
  C:\Windows\System\GYHuALY.exe
  2⤵
  PID:10084
- C:\Windows\System\YofDUGy.exe
  C:\Windows\System\YofDUGy.exe
  2⤵
  PID:9592
- C:\Windows\System\DbgcOXk.exe
  C:\Windows\System\DbgcOXk.exe
  2⤵
  PID:10016
- C:\Windows\System\xLDWtWD.exe
  C:\Windows\System\xLDWtWD.exe
  2⤵
  PID:10260
- C:\Windows\System\vNySZjD.exe
  C:\Windows\System\vNySZjD.exe
  2⤵
  PID:10292
- C:\Windows\System\sERDwZN.exe
  C:\Windows\System\sERDwZN.exe
  2⤵
  PID:10320
- C:\Windows\System\EJuahjI.exe
  C:\Windows\System\EJuahjI.exe
  2⤵
  PID:10348
- C:\Windows\System\stAkHeB.exe
  C:\Windows\System\stAkHeB.exe
  2⤵
  PID:10376
- C:\Windows\System\nyKwciO.exe
  C:\Windows\System\nyKwciO.exe
  2⤵
  PID:10400
- C:\Windows\System\AcNqaae.exe
  C:\Windows\System\AcNqaae.exe
  2⤵
  PID:10416
- C:\Windows\System\sRrFuxa.exe
  C:\Windows\System\sRrFuxa.exe
  2⤵
  PID:10432
- C:\Windows\System\PIfjumT.exe
  C:\Windows\System\PIfjumT.exe
  2⤵
  PID:10468
- C:\Windows\System\yWhipDl.exe
  C:\Windows\System\yWhipDl.exe
  2⤵
  PID:10504
- C:\Windows\System\jFzzjli.exe
  C:\Windows\System\jFzzjli.exe
  2⤵
  PID:10544
- C:\Windows\System\JheQPzV.exe
  C:\Windows\System\JheQPzV.exe
  2⤵
  PID:10572
- C:\Windows\System\swcRPBU.exe
  C:\Windows\System\swcRPBU.exe
  2⤵
  PID:10600
- C:\Windows\System\FAGJyeO.exe
  C:\Windows\System\FAGJyeO.exe
  2⤵
  PID:10628
- C:\Windows\System\VKzzaAK.exe
  C:\Windows\System\VKzzaAK.exe
  2⤵
  PID:10656
- C:\Windows\System\LndHyFY.exe
  C:\Windows\System\LndHyFY.exe
  2⤵
  PID:10684
- C:\Windows\System\okLnyRN.exe
  C:\Windows\System\okLnyRN.exe
  2⤵
  PID:10712
- C:\Windows\System\ovucpBI.exe
  C:\Windows\System\ovucpBI.exe
  2⤵
  PID:10740
- C:\Windows\System\AEGXIlS.exe
  C:\Windows\System\AEGXIlS.exe
  2⤵
  PID:10768
- C:\Windows\System\vXCEfVe.exe
  C:\Windows\System\vXCEfVe.exe
  2⤵
  PID:10796
- C:\Windows\System\MmxNXkJ.exe
  C:\Windows\System\MmxNXkJ.exe
  2⤵
  PID:10824
- C:\Windows\System\CyaoSKs.exe
  C:\Windows\System\CyaoSKs.exe
  2⤵
  PID:10852
- C:\Windows\System\TAESdNg.exe
  C:\Windows\System\TAESdNg.exe
  2⤵
  PID:10880
- C:\Windows\System\qJxtxvF.exe
  C:\Windows\System\qJxtxvF.exe
  2⤵
  PID:10908
- C:\Windows\System\EmKvNaz.exe
  C:\Windows\System\EmKvNaz.exe
  2⤵
  PID:10936
- C:\Windows\System\pTWpGrs.exe
  C:\Windows\System\pTWpGrs.exe
  2⤵
  PID:10964
- C:\Windows\System\UnFAxhX.exe
  C:\Windows\System\UnFAxhX.exe
  2⤵
  PID:10992
- C:\Windows\System\hWQHoCM.exe
  C:\Windows\System\hWQHoCM.exe
  2⤵
  PID:11024
- C:\Windows\System\jiKIBnh.exe
  C:\Windows\System\jiKIBnh.exe
  2⤵
  PID:11052
- C:\Windows\System\EofUmBr.exe
  C:\Windows\System\EofUmBr.exe
  2⤵
  PID:11084
- C:\Windows\System\ycLlbnz.exe
  C:\Windows\System\ycLlbnz.exe
  2⤵
  PID:11112
- C:\Windows\System\xKFVpzh.exe
  C:\Windows\System\xKFVpzh.exe
  2⤵
  PID:11140
- C:\Windows\System\xxTtuTs.exe
  C:\Windows\System\xxTtuTs.exe
  2⤵
  PID:11168
- C:\Windows\System\FDkemgm.exe
  C:\Windows\System\FDkemgm.exe
  2⤵
  PID:11188
- C:\Windows\System\eZLsHgz.exe
  C:\Windows\System\eZLsHgz.exe
  2⤵
  PID:11224
- C:\Windows\System\fVfMOJS.exe
  C:\Windows\System\fVfMOJS.exe
  2⤵
  PID:11252
- C:\Windows\System\RWUxylD.exe
  C:\Windows\System\RWUxylD.exe
  2⤵
  PID:10288
- C:\Windows\System\STrLifB.exe
  C:\Windows\System\STrLifB.exe
  2⤵
  PID:2336
- C:\Windows\System\nVuknwo.exe
  C:\Windows\System\nVuknwo.exe
  2⤵
  PID:10388
- C:\Windows\System\FZsNnBs.exe
  C:\Windows\System\FZsNnBs.exe
  2⤵
  PID:10480
- C:\Windows\System\ZetIlzv.exe
  C:\Windows\System\ZetIlzv.exe
  2⤵
  PID:10540
- C:\Windows\System\RJxEQvQ.exe
  C:\Windows\System\RJxEQvQ.exe
  2⤵
  PID:10612
- C:\Windows\System\aBeyIau.exe
  C:\Windows\System\aBeyIau.exe
  2⤵
  PID:10676
- C:\Windows\System\NPooecL.exe
  C:\Windows\System\NPooecL.exe
  2⤵
  PID:10736
- C:\Windows\System\JvPtOAK.exe
  C:\Windows\System\JvPtOAK.exe
  2⤵
  PID:10812
- C:\Windows\System\mBdMjtP.exe
  C:\Windows\System\mBdMjtP.exe
  2⤵
  PID:10872
- C:\Windows\System\qvIgaPf.exe
  C:\Windows\System\qvIgaPf.exe
  2⤵
  PID:10928
- C:\Windows\System\XYCPyVh.exe
  C:\Windows\System\XYCPyVh.exe
  2⤵
  PID:11048
- C:\Windows\System\sFwEVMf.exe
  C:\Windows\System\sFwEVMf.exe
  2⤵
  PID:11136
- C:\Windows\System\SMZCYvH.exe
  C:\Windows\System\SMZCYvH.exe
  2⤵
  PID:11196
- C:\Windows\System\XXMKLsg.exe
  C:\Windows\System\XXMKLsg.exe
  2⤵
  PID:10256
- C:\Windows\System\uVHhamI.exe
  C:\Windows\System\uVHhamI.exe
  2⤵
  PID:10384
- C:\Windows\System\AknrcdG.exe
  C:\Windows\System\AknrcdG.exe
  2⤵
  PID:10536
- C:\Windows\System\uDbqwUk.exe
  C:\Windows\System\uDbqwUk.exe
  2⤵
  PID:10708
- C:\Windows\System\TZLCZWw.exe
  C:\Windows\System\TZLCZWw.exe
  2⤵
  PID:10844
- C:\Windows\System\BaXyqaw.exe
  C:\Windows\System\BaXyqaw.exe
  2⤵
  PID:11008
- C:\Windows\System\nhFIbPA.exe
  C:\Windows\System\nhFIbPA.exe
  2⤵
  PID:11184
- C:\Windows\System\PszPLSP.exe
  C:\Windows\System\PszPLSP.exe
  2⤵
  PID:10448
- C:\Windows\System\pDzHdPg.exe
  C:\Windows\System\pDzHdPg.exe
  2⤵
  PID:10788
- C:\Windows\System\bqebLmx.exe
  C:\Windows\System\bqebLmx.exe
  2⤵
  PID:11160
- C:\Windows\System\fuvVUtM.exe
  C:\Windows\System\fuvVUtM.exe
  2⤵
  PID:10224
- C:\Windows\System\skXbchu.exe
  C:\Windows\System\skXbchu.exe
  2⤵
  PID:10672
- C:\Windows\System\SlTJwIO.exe
  C:\Windows\System\SlTJwIO.exe
  2⤵
  PID:11288
- C:\Windows\System\QvIYOUY.exe
  C:\Windows\System\QvIYOUY.exe
  2⤵
  PID:11316
- C:\Windows\System\LCfBgYr.exe
  C:\Windows\System\LCfBgYr.exe
  2⤵
  PID:11344
- C:\Windows\System\yviJfmm.exe
  C:\Windows\System\yviJfmm.exe
  2⤵
  PID:11372
- C:\Windows\System\qyIwexq.exe
  C:\Windows\System\qyIwexq.exe
  2⤵
  PID:11400
- C:\Windows\System\vtRCYae.exe
  C:\Windows\System\vtRCYae.exe
  2⤵
  PID:11428
- C:\Windows\System\WaCxmhs.exe
  C:\Windows\System\WaCxmhs.exe
  2⤵
  PID:11456
- C:\Windows\System\SfvYPSx.exe
  C:\Windows\System\SfvYPSx.exe
  2⤵
  PID:11484
- C:\Windows\System\fGBWqKi.exe
  C:\Windows\System\fGBWqKi.exe
  2⤵
  PID:11512
- C:\Windows\System\PLlwqec.exe
  C:\Windows\System\PLlwqec.exe
  2⤵
  PID:11540
- C:\Windows\System\JIOTjVm.exe
  C:\Windows\System\JIOTjVm.exe
  2⤵
  PID:11568
- C:\Windows\System\evFgZvX.exe
  C:\Windows\System\evFgZvX.exe
  2⤵
  PID:11596
- C:\Windows\System\bwUwKhy.exe
  C:\Windows\System\bwUwKhy.exe
  2⤵
  PID:11624
- C:\Windows\System\GKZpTcp.exe
  C:\Windows\System\GKZpTcp.exe
  2⤵
  PID:11652
- C:\Windows\System\sBtIzar.exe
  C:\Windows\System\sBtIzar.exe
  2⤵
  PID:11680
- C:\Windows\System\ADxpQJK.exe
  C:\Windows\System\ADxpQJK.exe
  2⤵
  PID:11728
- C:\Windows\System\sDStYlt.exe
  C:\Windows\System\sDStYlt.exe
  2⤵
  PID:11768
- C:\Windows\System\KmsPMXr.exe
  C:\Windows\System\KmsPMXr.exe
  2⤵
  PID:11800
- C:\Windows\System\ERKUMjV.exe
  C:\Windows\System\ERKUMjV.exe
  2⤵
  PID:11828
- C:\Windows\System\OSuRBxu.exe
  C:\Windows\System\OSuRBxu.exe
  2⤵
  PID:11856
- C:\Windows\System\YUzLkvy.exe
  C:\Windows\System\YUzLkvy.exe
  2⤵
  PID:11884
- C:\Windows\System\TsTRATL.exe
  C:\Windows\System\TsTRATL.exe
  2⤵
  PID:11912
- C:\Windows\System\cyGlkJk.exe
  C:\Windows\System\cyGlkJk.exe
  2⤵
  PID:11940
- C:\Windows\System\OAhiOCC.exe
  C:\Windows\System\OAhiOCC.exe
  2⤵
  PID:11968
- C:\Windows\System\OdGZpPF.exe
  C:\Windows\System\OdGZpPF.exe
  2⤵
  PID:11996
- C:\Windows\System\XYfwgvk.exe
  C:\Windows\System\XYfwgvk.exe
  2⤵
  PID:12024
- C:\Windows\System\ywtmWyH.exe
  C:\Windows\System\ywtmWyH.exe
  2⤵
  PID:12052
- C:\Windows\System\WhccYaJ.exe
  C:\Windows\System\WhccYaJ.exe
  2⤵
  PID:12080
- C:\Windows\System\FIzPVpF.exe
  C:\Windows\System\FIzPVpF.exe
  2⤵
  PID:12108
- C:\Windows\System\BNQmyzD.exe
  C:\Windows\System\BNQmyzD.exe
  2⤵
  PID:12136
- C:\Windows\System\mTMoTKs.exe
  C:\Windows\System\mTMoTKs.exe
  2⤵
  PID:12164
- C:\Windows\System\foPmEkd.exe
  C:\Windows\System\foPmEkd.exe
  2⤵
  PID:12192
- C:\Windows\System\FXLiVNi.exe
  C:\Windows\System\FXLiVNi.exe
  2⤵
  PID:12220
- C:\Windows\System\QRhukxC.exe
  C:\Windows\System\QRhukxC.exe
  2⤵
  PID:12248
- C:\Windows\System\yFgKELm.exe
  C:\Windows\System\yFgKELm.exe
  2⤵
  PID:12276
- C:\Windows\System\vWdifKb.exe
  C:\Windows\System\vWdifKb.exe
  2⤵
  PID:11308
- C:\Windows\System\ZyQlEZx.exe
  C:\Windows\System\ZyQlEZx.exe
  2⤵
  PID:11368
- C:\Windows\System\zUhUPgs.exe
  C:\Windows\System\zUhUPgs.exe
  2⤵
  PID:11444
- C:\Windows\System\EXGbHCH.exe
  C:\Windows\System\EXGbHCH.exe
  2⤵
  PID:11500
- C:\Windows\System\AhytJmn.exe
  C:\Windows\System\AhytJmn.exe
  2⤵
  PID:11560
- C:\Windows\System\cUHMOvS.exe
  C:\Windows\System\cUHMOvS.exe
  2⤵
  PID:11620
- C:\Windows\System\HJgmXdl.exe
  C:\Windows\System\HJgmXdl.exe
  2⤵
  PID:11700
- C:\Windows\System\YcWsEXx.exe
  C:\Windows\System\YcWsEXx.exe
  2⤵
  PID:11788
- C:\Windows\System\NxLepje.exe
  C:\Windows\System\NxLepje.exe
  2⤵
  PID:11848
- C:\Windows\System\likOfUQ.exe
  C:\Windows\System\likOfUQ.exe
  2⤵
  PID:11908
- C:\Windows\System\oZZGRLh.exe
  C:\Windows\System\oZZGRLh.exe
  2⤵
  PID:11980
- C:\Windows\System\piazGQg.exe
  C:\Windows\System\piazGQg.exe
  2⤵
  PID:12044
- C:\Windows\System\nrDxfOM.exe
  C:\Windows\System\nrDxfOM.exe
  2⤵
  PID:12104
- C:\Windows\System\CnNSOoV.exe
  C:\Windows\System\CnNSOoV.exe
  2⤵
  PID:12180
- C:\Windows\System\kHRbWoy.exe
  C:\Windows\System\kHRbWoy.exe
  2⤵
  PID:12240
- C:\Windows\System\wfgbbkA.exe
  C:\Windows\System\wfgbbkA.exe
  2⤵
  PID:11284
- C:\Windows\System\KRNdPxc.exe
  C:\Windows\System\KRNdPxc.exe
  2⤵
  PID:11472
- C:\Windows\System\cvZCuLt.exe
  C:\Windows\System\cvZCuLt.exe
  2⤵
  PID:11608
- C:\Windows\System\KYnSMsp.exe
  C:\Windows\System\KYnSMsp.exe
  2⤵
  PID:11776
- C:\Windows\System\ZUEsbXO.exe
  C:\Windows\System\ZUEsbXO.exe
  2⤵
  PID:11960
- C:\Windows\System\pPJjEMR.exe
  C:\Windows\System\pPJjEMR.exe
  2⤵
  PID:12100
- C:\Windows\System\xrlSFif.exe
  C:\Windows\System\xrlSFif.exe
  2⤵
  PID:12272
- C:\Windows\System\anzvalZ.exe
  C:\Windows\System\anzvalZ.exe
  2⤵
  PID:11536
- C:\Windows\System\xSLvhgE.exe
  C:\Windows\System\xSLvhgE.exe
  2⤵
  PID:11896
- C:\Windows\System\MNDNaRQ.exe
  C:\Windows\System\MNDNaRQ.exe
  2⤵
  PID:12236
- C:\Windows\System\Baskdmo.exe
  C:\Windows\System\Baskdmo.exe
  2⤵
  PID:12072
- C:\Windows\System\heaklJq.exe
  C:\Windows\System\heaklJq.exe
  2⤵
  PID:11744
- C:\Windows\System\NlqTjvO.exe
  C:\Windows\System\NlqTjvO.exe
  2⤵
  PID:12316
- C:\Windows\System\kgGpwxU.exe
  C:\Windows\System\kgGpwxU.exe
  2⤵
  PID:12344
- C:\Windows\System\dLRisiW.exe
  C:\Windows\System\dLRisiW.exe
  2⤵
  PID:12372
- C:\Windows\System\ByXeaLK.exe
  C:\Windows\System\ByXeaLK.exe
  2⤵
  PID:12400
- C:\Windows\System\jAcUCyz.exe
  C:\Windows\System\jAcUCyz.exe
  2⤵
  PID:12428
- C:\Windows\System\uXwnzqs.exe
  C:\Windows\System\uXwnzqs.exe
  2⤵
  PID:12456
- C:\Windows\System\bPVmBsg.exe
  C:\Windows\System\bPVmBsg.exe
  2⤵
  PID:12484
- C:\Windows\System\uLadKBY.exe
  C:\Windows\System\uLadKBY.exe
  2⤵
  PID:12516
- C:\Windows\System\DbIftPB.exe
  C:\Windows\System\DbIftPB.exe
  2⤵
  PID:12544
- C:\Windows\System\wLgVOUJ.exe
  C:\Windows\System\wLgVOUJ.exe
  2⤵
  PID:12572
- C:\Windows\System\nuLAIHp.exe
  C:\Windows\System\nuLAIHp.exe
  2⤵
  PID:12600
- C:\Windows\System\ROObKuM.exe
  C:\Windows\System\ROObKuM.exe
  2⤵
  PID:12628
- C:\Windows\System\RiaPrtd.exe
  C:\Windows\System\RiaPrtd.exe
  2⤵
  PID:12656
- C:\Windows\System\SKqFIfN.exe
  C:\Windows\System\SKqFIfN.exe
  2⤵
  PID:12684
- C:\Windows\System\ubUCNSL.exe
  C:\Windows\System\ubUCNSL.exe
  2⤵
  PID:12708
- C:\Windows\System\UNzlFFL.exe
  C:\Windows\System\UNzlFFL.exe
  2⤵
  PID:12740
- C:\Windows\System\wrCQbtc.exe
  C:\Windows\System\wrCQbtc.exe
  2⤵
  PID:12768
- C:\Windows\System\uqIXWrA.exe
  C:\Windows\System\uqIXWrA.exe
  2⤵
  PID:12796
- C:\Windows\System\ReSnZOs.exe
  C:\Windows\System\ReSnZOs.exe
  2⤵
  PID:12824
- C:\Windows\System\EkGQTgw.exe
  C:\Windows\System\EkGQTgw.exe
  2⤵
  PID:12856
- C:\Windows\System\qQHdNVR.exe
  C:\Windows\System\qQHdNVR.exe
  2⤵
  PID:12896
- C:\Windows\System\gMPpUhF.exe
  C:\Windows\System\gMPpUhF.exe
  2⤵
  PID:12912
- C:\Windows\System\isAYCHn.exe
  C:\Windows\System\isAYCHn.exe
  2⤵
  PID:12940
- C:\Windows\System\oGOcbxf.exe
  C:\Windows\System\oGOcbxf.exe
  2⤵
  PID:12968
- C:\Windows\System\eaePpwt.exe
  C:\Windows\System\eaePpwt.exe
  2⤵
  PID:12996
- C:\Windows\System\gfdpDld.exe
  C:\Windows\System\gfdpDld.exe
  2⤵
  PID:13016
- C:\Windows\System\SohbASy.exe
  C:\Windows\System\SohbASy.exe
  2⤵
  PID:13056
- C:\Windows\System\onsfzRo.exe
  C:\Windows\System\onsfzRo.exe
  2⤵
  PID:13084
- C:\Windows\System\FkSAZbb.exe
  C:\Windows\System\FkSAZbb.exe
  2⤵
  PID:13112
- C:\Windows\System\HUoWEGJ.exe
  C:\Windows\System\HUoWEGJ.exe
  2⤵
  PID:13140
- C:\Windows\System\JJaTBnx.exe
  C:\Windows\System\JJaTBnx.exe
  2⤵
  PID:13168
- C:\Windows\System\hJhEfpO.exe
  C:\Windows\System\hJhEfpO.exe
  2⤵
  PID:13196
- C:\Windows\System\ABRcHIp.exe
  C:\Windows\System\ABRcHIp.exe
  2⤵
  PID:13224
- C:\Windows\System\hTiYrhY.exe
  C:\Windows\System\hTiYrhY.exe
  2⤵
  PID:13252
- C:\Windows\System\QFUXhna.exe
  C:\Windows\System\QFUXhna.exe
  2⤵
  PID:13280
- C:\Windows\System\ytglGho.exe
  C:\Windows\System\ytglGho.exe
  2⤵
  PID:13308
- C:\Windows\System\QzbulDU.exe
  C:\Windows\System\QzbulDU.exe
  2⤵
  PID:12360
- C:\Windows\System\lvUWPYf.exe
  C:\Windows\System\lvUWPYf.exe
  2⤵
  PID:12420
- C:\Windows\System\LrGUJlQ.exe
  C:\Windows\System\LrGUJlQ.exe
  2⤵
  PID:3112
- C:\Windows\System\iRUOirt.exe
  C:\Windows\System\iRUOirt.exe
  2⤵
  PID:12528
- C:\Windows\System\PtolEUp.exe
  C:\Windows\System\PtolEUp.exe
  2⤵
  PID:12596
- C:\Windows\System\JcRJljr.exe
  C:\Windows\System\JcRJljr.exe
  2⤵
  PID:12672
- C:\Windows\System\ehJMguH.exe
  C:\Windows\System\ehJMguH.exe
  2⤵
  PID:12732
- C:\Windows\System\pGQYAMY.exe
  C:\Windows\System\pGQYAMY.exe
  2⤵
  PID:12792
- C:\Windows\System\LBlvxbA.exe
  C:\Windows\System\LBlvxbA.exe
  2⤵
  PID:12872
- C:\Windows\System\iEnntDv.exe
  C:\Windows\System\iEnntDv.exe
  2⤵
  PID:12924
- C:\Windows\System\MTXWmNg.exe
  C:\Windows\System\MTXWmNg.exe
  2⤵
  PID:13008
- C:\Windows\System\AxDofSl.exe
  C:\Windows\System\AxDofSl.exe
  2⤵
  PID:13076
- C:\Windows\System\gehmaKv.exe
  C:\Windows\System\gehmaKv.exe
  2⤵
  PID:13132
- C:\Windows\System\OOuLPYz.exe
  C:\Windows\System\OOuLPYz.exe
  2⤵
  PID:13192
- C:\Windows\System\XJprkBI.exe
  C:\Windows\System\XJprkBI.exe
  2⤵
  PID:13268
- C:\Windows\System\DazdXmD.exe
  C:\Windows\System\DazdXmD.exe
  2⤵
  PID:12312
- C:\Windows\System\ozWpbsq.exe
  C:\Windows\System\ozWpbsq.exe
  2⤵
  PID:12468
- C:\Windows\System\jzgCiLw.exe
  C:\Windows\System\jzgCiLw.exe
  2⤵
  PID:12592
- C:\Windows\System\UYhYqIs.exe
  C:\Windows\System\UYhYqIs.exe
  2⤵
  PID:12764
- C:\Windows\System\HKVNxCu.exe
  C:\Windows\System\HKVNxCu.exe
  2⤵
  PID:12928
- C:\Windows\System\xxpGjXr.exe
  C:\Windows\System\xxpGjXr.exe
  2⤵
  PID:13072
- C:\Windows\System\CYdBZpm.exe
  C:\Windows\System\CYdBZpm.exe
  2⤵
  PID:13220
- C:\Windows\System\DoBubze.exe
  C:\Windows\System\DoBubze.exe
  2⤵
  PID:12416
- C:\Windows\System\mIDZtSt.exe
  C:\Windows\System\mIDZtSt.exe
  2⤵
  PID:12716
- C:\Windows\System\QOaIyAf.exe
  C:\Windows\System\QOaIyAf.exe
  2⤵
  PID:13048
- C:\Windows\System\aLCjMAd.exe
  C:\Windows\System\aLCjMAd.exe
  2⤵
  PID:12584
- C:\Windows\System\MdADejX.exe
  C:\Windows\System\MdADejX.exe
  2⤵
  PID:12396
- C:\Windows\System\Pnkbxpb.exe
  C:\Windows\System\Pnkbxpb.exe
  2⤵
  PID:12840
- C:\Windows\System\fJFzHga.exe
  C:\Windows\System\fJFzHga.exe
  2⤵
  PID:13340
- C:\Windows\System\zruYJLV.exe
  C:\Windows\System\zruYJLV.exe
  2⤵
  PID:13372
- C:\Windows\System\lARSFwx.exe
  C:\Windows\System\lARSFwx.exe
  2⤵
  PID:13400
- C:\Windows\System\kyieQsd.exe
  C:\Windows\System\kyieQsd.exe
  2⤵
  PID:13428
- C:\Windows\System\vfINLAb.exe
  C:\Windows\System\vfINLAb.exe
  2⤵
  PID:13456
- C:\Windows\System\TBgMyLe.exe
  C:\Windows\System\TBgMyLe.exe
  2⤵
  PID:13484
- C:\Windows\System\CMXqhIc.exe
  C:\Windows\System\CMXqhIc.exe
  2⤵
  PID:13512
- C:\Windows\System\jXInWUF.exe
  C:\Windows\System\jXInWUF.exe
  2⤵
  PID:13540
- C:\Windows\System\zYaWRqA.exe
  C:\Windows\System\zYaWRqA.exe
  2⤵
  PID:13568
- C:\Windows\System\YElfqAs.exe
  C:\Windows\System\YElfqAs.exe
  2⤵
  PID:13600
- C:\Windows\System\bIeaJcs.exe
  C:\Windows\System\bIeaJcs.exe
  2⤵
  PID:13620
- C:\Windows\System\StYMTju.exe
  C:\Windows\System\StYMTju.exe
  2⤵
  PID:13656
- C:\Windows\System\AuMtOlD.exe
  C:\Windows\System\AuMtOlD.exe
  2⤵
  PID:13684
- C:\Windows\System\HXkyZgm.exe
  C:\Windows\System\HXkyZgm.exe
  2⤵
  PID:13712
- C:\Windows\System\rmIZViG.exe
  C:\Windows\System\rmIZViG.exe
  2⤵
  PID:13740
- C:\Windows\System\GSigzii.exe
  C:\Windows\System\GSigzii.exe
  2⤵
  PID:13768
- C:\Windows\System\eszSEKK.exe
  C:\Windows\System\eszSEKK.exe
  2⤵
  PID:13796
- C:\Windows\System\XhKppOU.exe
  C:\Windows\System\XhKppOU.exe
  2⤵
  PID:13824
- C:\Windows\System\pvBoYLa.exe
  C:\Windows\System\pvBoYLa.exe
  2⤵
  PID:13852
- C:\Windows\System\xrAjKzX.exe
  C:\Windows\System\xrAjKzX.exe
  2⤵
  PID:13880
- C:\Windows\System\wVmsUvQ.exe
  C:\Windows\System\wVmsUvQ.exe
  2⤵
  PID:13924
- C:\Windows\System\rgnwpJL.exe
  C:\Windows\System\rgnwpJL.exe
  2⤵
  PID:13940
- C:\Windows\System\flofnBO.exe
  C:\Windows\System\flofnBO.exe
  2⤵
  PID:13968
- C:\Windows\System\xbjPurE.exe
  C:\Windows\System\xbjPurE.exe
  2⤵
  PID:13996
- C:\Windows\System\jDfpnVP.exe
  C:\Windows\System\jDfpnVP.exe
  2⤵
  PID:14024
- C:\Windows\System\AWDqIxV.exe
  C:\Windows\System\AWDqIxV.exe
  2⤵
  PID:14052
- C:\Windows\System\jWJIWRj.exe
  C:\Windows\System\jWJIWRj.exe
  2⤵
  PID:14080
- C:\Windows\System\baGEUuK.exe
  C:\Windows\System\baGEUuK.exe
  2⤵
  PID:14108
- C:\Windows\System\QPMZnkG.exe
  C:\Windows\System\QPMZnkG.exe
  2⤵
  PID:14136
- C:\Windows\System\WOZrsVK.exe
  C:\Windows\System\WOZrsVK.exe
  2⤵
  PID:14164
- C:\Windows\System\PqUxaLq.exe
  C:\Windows\System\PqUxaLq.exe
  2⤵
  PID:14192
- C:\Windows\System\VYDpPKc.exe
  C:\Windows\System\VYDpPKc.exe
  2⤵
  PID:14220
- C:\Windows\System\dKxuzjw.exe
  C:\Windows\System\dKxuzjw.exe
  2⤵
  PID:14248
- C:\Windows\System\lDJQqcx.exe
  C:\Windows\System\lDJQqcx.exe
  2⤵
  PID:14288
- C:\Windows\System\EcyKcVB.exe
  C:\Windows\System\EcyKcVB.exe
  2⤵
  PID:14324
- C:\Windows\System\elfpiPg.exe
  C:\Windows\System\elfpiPg.exe
  2⤵
  PID:13452
- C:\Windows\System\bMnhdjJ.exe
  C:\Windows\System\bMnhdjJ.exe
  2⤵
  PID:13524
- C:\Windows\System\cuZxVKb.exe
  C:\Windows\System\cuZxVKb.exe
  2⤵
  PID:13652
- C:\Windows\System\cRPMDel.exe
  C:\Windows\System\cRPMDel.exe
  2⤵
  PID:13724
- C:\Windows\System\zMBMnOS.exe
  C:\Windows\System\zMBMnOS.exe
  2⤵
  PID:13840
- C:\Windows\System\DOldbBR.exe
  C:\Windows\System\DOldbBR.exe
  2⤵
  PID:13920
- C:\Windows\System\QDIdqyk.exe
  C:\Windows\System\QDIdqyk.exe
  2⤵
  PID:2460
- C:\Windows\System\tYGXoJc.exe
  C:\Windows\System\tYGXoJc.exe
  2⤵
  PID:13960
- C:\Windows\System\gPDftVc.exe
  C:\Windows\System\gPDftVc.exe
  2⤵
  PID:14020
- C:\Windows\System\wAahhve.exe
  C:\Windows\System\wAahhve.exe
  2⤵
  PID:14104
- C:\Windows\System\bAZzIwd.exe
  C:\Windows\System\bAZzIwd.exe
  2⤵
  PID:14184
- C:\Windows\System\YYNYnMC.exe
  C:\Windows\System\YYNYnMC.exe
  2⤵
  PID:14272
- C:\Windows\System\tUfYEeS.exe
  C:\Windows\System\tUfYEeS.exe
  2⤵
  PID:13384
- C:\Windows\System\ROYyQPc.exe
  C:\Windows\System\ROYyQPc.exe
  2⤵
  PID:13616
- C:\Windows\System\Mpjyttw.exe
  C:\Windows\System\Mpjyttw.exe
  2⤵
  PID:13892
- C:\Windows\System\cFycZOK.exe
  C:\Windows\System\cFycZOK.exe
  2⤵
  PID:14012
- C:\Windows\System\pdJMpyP.exe
  C:\Windows\System\pdJMpyP.exe
  2⤵
  PID:14100
- C:\Windows\System\sVqGFwr.exe
  C:\Windows\System\sVqGFwr.exe
  2⤵
  PID:14300
- C:\Windows\System\AkofOOk.exe
  C:\Windows\System\AkofOOk.exe
  2⤵
  PID:13816
- C:\Windows\System\WctQivs.exe
  C:\Windows\System\WctQivs.exe
  2⤵
  PID:14076
- C:\Windows\System\hlUDZsm.exe
  C:\Windows\System\hlUDZsm.exe
  2⤵
  PID:13992
- C:\Windows\System\ENttPpe.exe
  C:\Windows\System\ENttPpe.exe
  2⤵
  PID:14344
- C:\Windows\System\KUeYzdG.exe
  C:\Windows\System\KUeYzdG.exe
  2⤵
  PID:14372
- C:\Windows\System\WvatkkV.exe
  C:\Windows\System\WvatkkV.exe
  2⤵
  PID:14400
- C:\Windows\System\UJyIuht.exe
  C:\Windows\System\UJyIuht.exe
  2⤵
  PID:14416
- C:\Windows\System\TvzFlFC.exe
  C:\Windows\System\TvzFlFC.exe
  2⤵
  PID:14440
- C:\Windows\System\VAqXIwp.exe
  C:\Windows\System\VAqXIwp.exe
  2⤵
  PID:14472
- C:\Windows\System\BMAXHGX.exe
  C:\Windows\System\BMAXHGX.exe
  2⤵
  PID:14504
- C:\Windows\System\CPnBEEz.exe
  C:\Windows\System\CPnBEEz.exe
  2⤵
  PID:14536
- C:\Windows\System\HZnLzmH.exe
  C:\Windows\System\HZnLzmH.exe
  2⤵
  PID:14572
- C:\Windows\System\xbcoWny.exe
  C:\Windows\System\xbcoWny.exe
  2⤵
  PID:14600
- C:\Windows\System\pSrRyrs.exe
  C:\Windows\System\pSrRyrs.exe
  2⤵
  PID:14628
- C:\Windows\System\ZKJOVjS.exe
  C:\Windows\System\ZKJOVjS.exe
  2⤵
  PID:14656
- C:\Windows\System\rBxqSSq.exe
  C:\Windows\System\rBxqSSq.exe
  2⤵
  PID:14684
- C:\Windows\System\IyZorHA.exe
  C:\Windows\System\IyZorHA.exe
  2⤵
  PID:14712
- C:\Windows\System\IeQWNjq.exe
  C:\Windows\System\IeQWNjq.exe
  2⤵
  PID:14744
- C:\Windows\System\nZUUlvC.exe
  C:\Windows\System\nZUUlvC.exe
  2⤵
  PID:14772
- C:\Windows\System\lybGWUo.exe
  C:\Windows\System\lybGWUo.exe
  2⤵
  PID:14800
- C:\Windows\System\KUNTzOP.exe
  C:\Windows\System\KUNTzOP.exe
  2⤵
  PID:14828

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ACvBEVH.exe

Filesize
1.2MB

MD5
cd5ef36ef03eac2b20cce67daca8e60e

SHA1
78ffe5bdf11fd5c1af061891a6f825c7e6d5971e

SHA256
c9394411c09cedeb6199f3ce46bf92c0c6fd19fa68844008591c10a1cf195974

SHA512
5806b974fa088e66d040826bc66b929a74fa0017878d780c1b5daeca898125a6d7965ed63fbdb5f892a98e1909fc8fae29ef3faa316e6f8db54adbdaa8571a2a

Download Submit
C:\Windows\System\ACvBEVH.exe

Filesize
1.8MB

MD5
cb54e1c2384667a8fd2c6c7171a76343

SHA1
da5454d0edae737da04e8534c5ab6ed1dfdf6a7a

SHA256
46de2d06d6ac75037ebfe30f8ed6d00eaef06d9e513d25c99ff8ccebda0b11a3

SHA512
52a1cfd04dc3e1e5dbe4e26f96a3a0546a95e01d40c2f9e5e20c583ff58025017e456207993aa1f5155dadbbf303ff0970d581e2aa2d33c26d3276a3669fc805

Download Submit
C:\Windows\System\AyKJsur.exe

Filesize
1.8MB

MD5
cc0bfd4a49099cb3c14bc3c5e9b61abb

SHA1
7ebad83f7b3a8f207fe84fb4c37614564b3387d6

SHA256
1f40effb1ed5777753eb7c042133c7fc5fb07edf3e62498c7636638d6a4c12f5

SHA512
19a2842312e0ecaa8dacf1f631f28bf5625827bd18eb9b972c153b16ba58f912b95c39585b35bf6afb850a3fa7014084b4104f9242491b040964d9bf6c710f4b

Download Submit
C:\Windows\System\BvlFJFL.exe

Filesize
1.9MB

MD5
5d4b3101459048b248608c3b31e935be

SHA1
82be24e08ca28ce6d2d9d51ca835f72b4c926446

SHA256
36289db7a81bc124cac17343c8379c111eafaa901a1f21057029b902800d986d

SHA512
160b186fd7bd125a020f553adc3d9cc93d6406678935bcde5f88f50e4fc43d8a053fb6d9b523800f301c292e4457c4d16da0982099fe90b79cfb56d01958d1b2

Download Submit
C:\Windows\System\FdxbZGu.exe

Filesize
1.8MB

MD5
1bdad0b69ae6df18ecaa26644699a117

SHA1
59f859df0f595c1f9bb805909774ea542c298938

SHA256
7d80cb2229e5da2b7c969754ee2cff4beb440e705dcb80f0ce427537f61c097b

SHA512
5e899902c3fe8d2049e3f031041879a1c3f9efe9e7cb0e50e8d8bd3aa47af833ea3cd0d495c771fc4e1d8c76ef377a5079bf2d25aca6050a7626e22f8e623258

Download Submit
C:\Windows\System\GqsBTzS.exe

Filesize
1.8MB

MD5
2035e57e30877b2698299404d1044559

SHA1
4cce796f36b828c2d64ce9ee800ddf1a5f423bdd

SHA256
e81a8999b10ad3ba3b1dc7778cb0823d09139bb9a8d34d9ba73d68ddceca456d

SHA512
bea0a4874fe3392838e9fc78776f9e77f8728b1551087837016c929c4f4c1f8fc568f475fc6e2beb4f0f96ef867649505a38bd6834ac03854fb0d3976116faab

Download Submit
C:\Windows\System\GrclTcC.exe

Filesize
1.8MB

MD5
83fe7da27f416b2072388253c2e7e9e1

SHA1
02b71ab7fd73d7b1288551d36fa6462a9018eca5

SHA256
590925fd3b9e0d66c339f741c5db3b1222b13c2490c6207545393a8ece4dca1d

SHA512
bae275a1dd622ed7c3577c5115320c3641fa13aec3f0837419793847b82b35b8a831a35620fd268a359ab4bc3025a4d8fe3c9d4153a35b796c874f497e9251d6

Download Submit
C:\Windows\System\HJJGDia.exe

Filesize
1.8MB

MD5
fe7ad8769f8c6818ca2cd822adb3a51a

SHA1
79df81e527720212910b9f13e9cb79469ef7f11a

SHA256
4a8a716d631a027324e7366369c815777b4ca07fab80a534efea79a0df92b237

SHA512
6cb54b74fa2330549213fc50295f87f4e817d93a4aa68d20752b4ee9f48d3f2247baf80f76e6724c0908a2956ee48c4cbe8e9ffc0c59ff2a9b1537439656ddc1

Download Submit
C:\Windows\System\MbjNJXe.exe

Filesize
1.8MB

MD5
1761b80744e3352f075fdb360dda3f51

SHA1
72d3818f7581d062bb1c83a3be1fd81b9ca8baef

SHA256
fe0358bc6a8f12fe1a42d0282e8673209e21f01e5e24da3692fd1e550764ddf9

SHA512
32c19bf8a067952d8e8cd8d30d165003006c2830314a433d53dad4c2f6519bcba1e769a3760dcae6683089b35e96b0be1b8d059b1b39f99bd647c0bf39929ea5

Download Submit
C:\Windows\System\MecscBo.exe

Filesize
1.8MB

MD5
5475ac2272c37eb2fc18250abbf2a235

SHA1
77e24a4762df120e62c781ae24f3bf06ad9c1bca

SHA256
61d73dfe516c33a7b99cfd3843d2fb892b6d3a962855dca58a612048305ef094

SHA512
f43da090fc6014664c5e2a6ba73df77ec78e8c8dce9ecca0cc04a1a6e9dad7101ae1e628ae99e01f0ab3ba23f314e01966ecb798cda6f57e023d588b5d24a8e4

Download Submit
C:\Windows\System\OIBlKoM.exe

Filesize
1.8MB

MD5
4fc7643a0829541849ec0852b08c3f3a

SHA1
e00392e5244a2d787ce89db4475ae6061d2e56ca

SHA256
b9ee33ce07ce5c0a949caa2b8c9460cf23d47b555aa902c155e184523b678a68

SHA512
829ad25de5d0238396669f49b6a25690ea8b74addb0c285757ce6625a3833b0aa462849e927c9656adc7299c838faed92105a624161109aea9868f99b5d21021

Download Submit
C:\Windows\System\RbRfPUe.exe

Filesize
1.8MB

MD5
5fbd08e98454506d6448bab2699819bf

SHA1
390f6bfd58374ecb2e3c408403e38202dcfb55ef

SHA256
dd2dc75473088280902b02affe896c8644a1d77f7430b6cd1b4f62d6381b6d5e

SHA512
2716d6cd1e828125ff79c37e2b2e891ac3df557463ea2110908752ef1773cb1f056c080d598e5b22f7dae968f3d8c17150027aeed20a17f621c4278627b1c1f4

Download Submit
C:\Windows\System\RdOOEnq.exe

Filesize
1.8MB

MD5
dfe3673fb5556cf613f66535ba7e6347

SHA1
81e05ab92800b6762321b32229729d0cd95b0bdd

SHA256
6f5ad7aae6f298b0f800a116dc2bd0970c3775df82188a1e2d605a8150ef5fcd

SHA512
5e5e79807d6dc45f348dcffce38615b61f5ee504d290e86684ea08264bbc27d320df34dc50501a21541a1902090e9b8ff0b6aba8a2e9b29b68827d5e973cccce

Download Submit
C:\Windows\System\WImhKkC.exe

Filesize
1.8MB

MD5
5be70eb9ca5674d3871006e8e419df02

SHA1
364fccc45a11a214df902b3117a83a5e37dc7836

SHA256
98f3b8d3f3cf961224a14d7779993cc050ec02fa29672f9175a07a21ae131c3a

SHA512
386e3a73a0a4bb60d082e3b012d36e5696c02db3ecfa43c0b5453a3d5807abb51ef74389fcefb997afa777330a3b7006e73d20cf3b26a5485b471d1e32a5e4a1

Download Submit
C:\Windows\System\WgnfUap.exe

Filesize
1.8MB

MD5
8bbbc1211d6d48c87e432e46f9297f39

SHA1
1b6d148ce16394b9898a69f1db3ace6e147ee42e

SHA256
98165efba028ef0f3b7a71af5538acec8491bf537d37bbb2adad864e89cad922

SHA512
dba3b19e2826ffeb6404d469be6c0e37e08be3c6f12efd022d78b1bc4ffa9647e7e808a9161cc7f4763704285db2944172f3ffd0d8dc24229205964d95c2d109

Download Submit
C:\Windows\System\YWQkGDY.exe

Filesize
1.8MB

MD5
5324d2e23562451e0f6d22a7db3b0a85

SHA1
433c24b5ef473f51ba07c3b4f46e05109e9b05bd

SHA256
0fc7f06f3c3d9d5ce24b362234f7041fd33568267c858a85f01f866f6033bbd4

SHA512
22d043626cdd67fb35ecac2a14273325ea1f9faa3c4b2067a14b723cd57d6b287f316be3d55e5ec8b30918f9f0a2b909e38d2923a097179ed18df1806bb284c7

Download Submit
C:\Windows\System\ZezGIdp.exe

Filesize
1.8MB

MD5
cddb6b6f76f3944cae003fef7fb269b3

SHA1
b764c941b6621999ccafd444c6d8c89124bca5be

SHA256
18d9a90d324c404e01d632656dda092677f0340084e0c3c304ee2e9f1220ac22

SHA512
cbffb0bbf8bfaaf1561420148096eedfd568b42589b6d5e97a0966039bc4c7621070dcb4fb0968fb302f4751ffc24baee719de019576b7fb768100f84d06b066

Download Submit
C:\Windows\System\bxggXvO.exe

Filesize
1.8MB

MD5
7961b76fa6907f21c89bd03aa0f58421

SHA1
48d48b4e90bcd3752c97a5aa5c6da4b7c68d94bc

SHA256
c8c25d629552c1479a04cc3555c832b44cb26f8accd71cb60a02f6a40aadb087

SHA512
808225a87a42e71853b92131b73de230c7ba200a8420b3e63d10c9e37eedff54682d1625376aaf924d3762d00463d3a8d0aa95a1b4efa68d627dde1739fed893

Download Submit
C:\Windows\System\cYeDnPK.exe

Filesize
1.8MB

MD5
7e53df93015ec7365a180eb47ac0a512

SHA1
97cfb198bb5f81724c87f6ef6cbec62da5d16ba9

SHA256
523f39217114e13113d494bfa3b3fa603759c92656f4632aa53901a70d5000f0

SHA512
38538d0873267b9399eb28066ca35e87dba2e206eba0e9ff250565ab6a349cdab496ae505fd7d7920561f124c040b58ad28926a3e9a31161f8b48de18b8b8c4c

Download Submit
C:\Windows\System\ciCYlpq.exe

Filesize
1.8MB

MD5
1655d55e37434d1c08f7972c500ca992

SHA1
4e8688fd5c7e6ee2b37b4bc609b9983a571e9957

SHA256
73531d698ff0ac23b26a9f5110bdaa8f9e6835e0aa1b2292e1aa4d5e2f742df8

SHA512
a757e672d5bde33db5655eb377d3f83aeac43d52236d41b86e3b93896d0c414996eb8dc976a93d5aa985ce82ca2ea4646c6afbd43a33ffd936107e32580dc8b7

Download Submit
C:\Windows\System\dOftAID.exe

Filesize
1.8MB

MD5
bf9a6a5aa18388b4455322c808365bc9

SHA1
2b96d974e7950ab3e5c59f636031553b14e82069

SHA256
03a8d3296dbe9ee3bc7c3cb8ed7b273941da897cfc20f988eae75f3a2f0c941a

SHA512
956dd8be2a5c00de2812a021b2b85823113459d6bc087628a75137f0bff0b2468cddee6688d8db8e789f82d15df6163d60f66e211392d179986051b05e61c2e1

Download Submit
C:\Windows\System\dSXsUEc.exe

Filesize
1.8MB

MD5
9915abac33a76fbac3a1c75bc35e262d

SHA1
c8db6948c47a08596931f60b3859fcec48a77955

SHA256
7bb3910361abfd93abf1b33f6d1eefbfd1a1a0ea0d1c487b5a66bc8978faf2e9

SHA512
624b155e8ae05c3a75a65543da731bf742699c4122833bddbfa306997801f608d7fe4280789c1eabc1431ef888256361b2981c1864e534b2d7da0540f82c3059

Download Submit
C:\Windows\System\fZTuora.exe

Filesize
1.8MB

MD5
de9ce56c2b8a97143d92f6a9ca2c3a29

SHA1
800c5c48e7c5ce318c500c144cf738def62de909

SHA256
3255f4a3ad32502868592b9735bbe5a11b1e51aa52eb786a45ef20fe5dff2e22

SHA512
088d757b3fa71b5c073c33001d3719d1cfb8cff60140c4f6c374b4e687492b477e897de84cde274d97ec7453cf945b98fa32abfb18a6ca95578d28a7379b8a0b

Download Submit
C:\Windows\System\gkeDPhJ.exe

Filesize
1.8MB

MD5
76c1143345c37f4b2bf0776faf7b135d

SHA1
d7dd81fb716ede9e5f376475e589ba86dbd1737a

SHA256
6963ae815bbdac90390385d947e07d014afb6341ab0a7ec62007123bfc8e395f

SHA512
6b0c888633710494f63b9174d82092ce518595ba85a37503c1ac6b3497c21fb65cfe30dbbbd1da3beddb2ebe79bbc8e002ad574ddc6c576b483bd05383e9dd7b

Download Submit
C:\Windows\System\iPxvgSv.exe

Filesize
1.8MB

MD5
3b2bc9a565acee92c8e1685840a9e20d

SHA1
07e11bbe83246acd4fb288b806b8dbede18de003

SHA256
2142b13c014db96afece3f4a4eaf1e8f7c5404074cabebc194fe367a277010fc

SHA512
f8550371f2b17ae492e89431e35e26efafbc8b4c017e209e8499a17106ac510d1e88a58ecaabd1680f20d1b7491a4b6f939085160745753ed53cbc9c06b415f7

Download Submit
C:\Windows\System\jCVBrID.exe

Filesize
1.8MB

MD5
cc4798646ede72a58b1c6f656c802a33

SHA1
c3b9eed6bf69e247690952104550c7297ff53360

SHA256
3eec08b859d1e6e802bc79328b7eb7d60f7cdc1f4460b06bbc401d73e0fcbb39

SHA512
af85416877b32acec2a57d6aeef3c83fef25d8e37de56496526266a5ba36effaf8db026864bce4711aeff97f55ead05da3ca080c4f39918592e5dc321db28e2b

Download Submit
C:\Windows\System\nBAtilR.exe

Filesize
1.8MB

MD5
a6202f80b905fbc8ac42e502c65cbe9b

SHA1
e2526b09b459e56ddedffa7e9e97d3ccaf3f2ad0

SHA256
77ab350dc674e0c91fa817cd8d46e37ed41a4390b11ece2f52ce76dd69efcfcb

SHA512
132ddd41a6cd14686655e69a52854656bee67aa1ecc34f389a7c733a23c29e37dae3547bb91c8865064c7e3bc163c51d26e8ce0ca8efeae1e6e22ad87b725d01

Download Submit
C:\Windows\System\pthedvk.exe

Filesize
1.8MB

MD5
831c5e4287b84928c8c9674b9b934da3

SHA1
4671014b5faa2e23dbb0714a63dc45740f4aa085

SHA256
4b6df83b18438fdc0849d294e75296b44c22f65e539f3c169fbc1a3bae182c52

SHA512
2cc3a9d0386852c16dabaa4c5ddfe61ad786593fe63e06d8a4e72897f044ad9a94bfadd94063ee4abc09d24f61796de6ffb00bedc477164f81ff46e71736e293

Download Submit
C:\Windows\System\qKEYLMF.exe

Filesize
1.8MB

MD5
7d4bb12f75f6dd9376466b108f575ec7

SHA1
4909cce276610b3961aad977eb6bb67003d872a5

SHA256
5417bb058856554e9d3a1cadc6e5b22746c6fa62b7293cac66a141917441b3ef

SHA512
d395af63c1b78590e50f90778eb3196eb04a6beb31b31980ca3a622b7bab58bc7147f16a28a4645257d2be6b18c31e05d301dbe132952f315795bc7216e4d4bf

Download Submit
C:\Windows\System\skhJusW.exe

Filesize
1.9MB

MD5
9caed83d78d693ff9bcf864a6b83ce0c

SHA1
6e3cbe35259ee3822c9656a2b3e9fb7a41b7fb96

SHA256
3ce025ed7ba501ea12c1271e67cd1445feb871c346eb652029fb0453b6a75b20

SHA512
4e698bfcf5c871f41274d287d52a044fc4e2ef9fff7e135267e80e71aa68492b328b6d88026982d6e320e6bdc2c0e097a665f58a9077180ec787aeea08304349

Download Submit
C:\Windows\System\soiDJbZ.exe

Filesize
1.8MB

MD5
4344431831af46903b409ad42dc1fb75

SHA1
71c933eee4d20a3a3b8f25982186b25150febf1a

SHA256
e1e91a0f15f1c08df528d7eebc927aa7b99bd7efd1e0261dce3cad9363f4ad66

SHA512
05fa3de38b80818e356b464792c8b9dbccea572a0567ead6c3d55eb815f71716b59e32815aa14e8a526e317071e6b5f39f5135b3e0f22de739890efe1ed8c8f1

Download Submit
C:\Windows\System\soiDJbZ.exe

Filesize
1.8MB

MD5
d57eaa1e9bef65ef9d87d7a131c9ef33

SHA1
a7437e008f3efd168638006ba091771a86658fdd

SHA256
cecc348cc478e9b2bc88265380e8e0e2788a291a063d2361cc975f1103bd66da

SHA512
062b241456c67297980bee630be5202fdfac252624aa2b1a94b9321acc06cc94f903e670660dd4073b52480d811d6c6c94a7d7a1df56ca58a23a049e1c0fbb40

Download Submit
C:\Windows\System\wAZKQan.exe

Filesize
1.8MB

MD5
e893585a0c139851366f1e443a24b321

SHA1
d35d99ecde87e3820b3a448f7b2ce45de9ee2bfe

SHA256
bb22301aa9e8998e21c822e5b5a7884a14ae34d4ee371d60882c84b3caa5832a

SHA512
4da2cf0a7f8a0ffc220992bf2e6647d9d9f57ea191a4475b64e98273f92a71f89a6297983a891587554c305317b1213263beae1a499fb19366cf75a9a621fdef

Download Submit
C:\Windows\System\wJwuJNI.exe

Filesize
1.8MB

MD5
d5aaa3fbfd1cd428fe35e6ed6537f08e

SHA1
84299da0848f6cab6f2183389106aaef562fe7a0

SHA256
f1e1f046d9621858af7ed356022c92f8360c62a0e154b10b5211c99f9f92fca8

SHA512
97673b0f5b4cc0e42332bd60366482452ccde400c8c94635580505eb05c9709dfb3ab08598616bf8b54e4f98331d0037f332e8d4b800c1e58f28ff6a21d2c082

Download Submit
C:\Windows\System\wTXRHav.exe

Filesize
1.8MB

MD5
296a98ebda12ec1bbd61b5f475e0fd10

SHA1
01eabada1c744348c8d5bce0f0ff2d46836f0d00

SHA256
af87f15519e5408708b62f1784e0d94a01fb9802f5f8b73c5cadbd08a3a34c5c

SHA512
f8bd55355fbf9002e66afdf67010167ad9b2960d5b74bef132de4ecffe95172f0e2cb3b8ab3a6d0b0dfd4da778da6ecdb00320aa91a3dabf79b691578b34aa64

Download Submit
memory/316-2138-0x00007FF7AB2F0000-0x00007FF7AB644000-memory.dmp

Filesize
3.3MB

Download
memory/316-517-0x00007FF7AB2F0000-0x00007FF7AB644000-memory.dmp

Filesize
3.3MB

Download
memory/332-2133-0x00007FF6A8C00000-0x00007FF6A8F54000-memory.dmp

Filesize
3.3MB

Download
memory/332-525-0x00007FF6A8C00000-0x00007FF6A8F54000-memory.dmp

Filesize
3.3MB

Download
memory/364-34-0x00007FF7C88F0000-0x00007FF7C8C44000-memory.dmp

Filesize
3.3MB

Download
memory/364-2122-0x00007FF7C88F0000-0x00007FF7C8C44000-memory.dmp

Filesize
3.3MB

Download
memory/544-502-0x00007FF7AB660000-0x00007FF7AB9B4000-memory.dmp

Filesize
3.3MB

Download
memory/544-2136-0x00007FF7AB660000-0x00007FF7AB9B4000-memory.dmp

Filesize
3.3MB

Download
memory/716-2119-0x00007FF7BEEB0000-0x00007FF7BF204000-memory.dmp

Filesize
3.3MB

Download
memory/716-23-0x00007FF7BEEB0000-0x00007FF7BF204000-memory.dmp

Filesize
3.3MB

Download
memory/816-2134-0x00007FF6F9BC0000-0x00007FF6F9F14000-memory.dmp

Filesize
3.3MB

Download
memory/816-526-0x00007FF6F9BC0000-0x00007FF6F9F14000-memory.dmp

Filesize
3.3MB

Download
memory/1032-2145-0x00007FF787320000-0x00007FF787674000-memory.dmp

Filesize
3.3MB

Download
memory/1032-530-0x00007FF787320000-0x00007FF787674000-memory.dmp

Filesize
3.3MB

Download
memory/1332-84-0x00007FF675840000-0x00007FF675B94000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2127-0x00007FF675840000-0x00007FF675B94000-memory.dmp

Filesize
3.3MB

Download
memory/1612-25-0x00007FF7E3710000-0x00007FF7E3A64000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2121-0x00007FF7E3710000-0x00007FF7E3A64000-memory.dmp

Filesize
3.3MB

Download
memory/1612-1707-0x00007FF7E3710000-0x00007FF7E3A64000-memory.dmp

Filesize
3.3MB

Download
memory/1676-123-0x00007FF6A5800000-0x00007FF6A5B54000-memory.dmp

Filesize
3.3MB

Download
memory/1676-2144-0x00007FF6A5800000-0x00007FF6A5B54000-memory.dmp

Filesize
3.3MB

Download
memory/1676-2116-0x00007FF6A5800000-0x00007FF6A5B54000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2135-0x00007FF748810000-0x00007FF748B64000-memory.dmp

Filesize
3.3MB

Download
memory/1792-499-0x00007FF748810000-0x00007FF748B64000-memory.dmp

Filesize
3.3MB

Download
memory/1816-29-0x00007FF68F070000-0x00007FF68F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-2120-0x00007FF68F070000-0x00007FF68F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-520-0x00007FF7D08E0000-0x00007FF7D0C34000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2129-0x00007FF7D08E0000-0x00007FF7D0C34000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2123-0x00007FF773560000-0x00007FF7738B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-49-0x00007FF773560000-0x00007FF7738B4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2112-0x00007FF612FF0000-0x00007FF613344000-memory.dmp

Filesize
3.3MB

Download
memory/2104-66-0x00007FF612FF0000-0x00007FF613344000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2126-0x00007FF612FF0000-0x00007FF613344000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2141-0x00007FF6C90D0000-0x00007FF6C9424000-memory.dmp

Filesize
3.3MB

Download
memory/2228-531-0x00007FF6C90D0000-0x00007FF6C9424000-memory.dmp

Filesize
3.3MB

Download
memory/2272-2142-0x00007FF625C50000-0x00007FF625FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-532-0x00007FF625C50000-0x00007FF625FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2113-0x00007FF72EB40000-0x00007FF72EE94000-memory.dmp

Filesize
3.3MB

Download
memory/2596-56-0x00007FF72EB40000-0x00007FF72EE94000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2125-0x00007FF72EB40000-0x00007FF72EE94000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2128-0x00007FF6CA6A0000-0x00007FF6CA9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-81-0x00007FF6CA6A0000-0x00007FF6CA9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-518-0x00007FF6C3C70000-0x00007FF6C3FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2137-0x00007FF6C3C70000-0x00007FF6C3FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-524-0x00007FF7BB6B0000-0x00007FF7BBA04000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2132-0x00007FF7BB6B0000-0x00007FF7BBA04000-memory.dmp

Filesize
3.3MB

Download
memory/2920-42-0x00007FF619510000-0x00007FF619864000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2124-0x00007FF619510000-0x00007FF619864000-memory.dmp

Filesize
3.3MB

Download
memory/3148-494-0x00007FF758380000-0x00007FF7586D4000-memory.dmp

Filesize
3.3MB

Download
memory/3148-2146-0x00007FF758380000-0x00007FF7586D4000-memory.dmp

Filesize
3.3MB

Download
memory/3388-2118-0x00007FF7670A0000-0x00007FF7673F4000-memory.dmp

Filesize
3.3MB

Download
memory/3388-934-0x00007FF7670A0000-0x00007FF7673F4000-memory.dmp

Filesize
3.3MB

Download
memory/3388-13-0x00007FF7670A0000-0x00007FF7673F4000-memory.dmp

Filesize
3.3MB

Download
memory/3584-2140-0x00007FF6676B0000-0x00007FF667A04000-memory.dmp

Filesize
3.3MB

Download
memory/3584-508-0x00007FF6676B0000-0x00007FF667A04000-memory.dmp

Filesize
3.3MB

Download
memory/4164-91-0x00007FF61FA80000-0x00007FF61FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2131-0x00007FF61FA80000-0x00007FF61FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2117-0x00007FF61FA80000-0x00007FF61FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4340-2114-0x00007FF6792C0000-0x00007FF679614000-memory.dmp

Filesize
3.3MB

Download
memory/4340-104-0x00007FF6792C0000-0x00007FF679614000-memory.dmp

Filesize
3.3MB

Download
memory/4340-2130-0x00007FF6792C0000-0x00007FF679614000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2139-0x00007FF748200000-0x00007FF748554000-memory.dmp

Filesize
3.3MB

Download
memory/4396-513-0x00007FF748200000-0x00007FF748554000-memory.dmp

Filesize
3.3MB

Download
memory/4820-1-0x00000161ED500000-0x00000161ED510000-memory.dmp

Filesize
64KB

Download
memory/4820-931-0x00007FF7A4630000-0x00007FF7A4984000-memory.dmp

Filesize
3.3MB

Download
memory/4820-0-0x00007FF7A4630000-0x00007FF7A4984000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2115-0x00007FF6E8790000-0x00007FF6E8AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2143-0x00007FF6E8790000-0x00007FF6E8AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-116-0x00007FF6E8790000-0x00007FF6E8AE4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads