xmrig | 699b07ab9c61481f42572828e80287251e8016f66711e299796abd134759bb93

Analysis

max time kernel
149s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
Size

2.3MB
MD5

4a4ac7bf0318c2f882a331228408c9f0
SHA1

be5d8f6e296eb9830f3c2b7f189a51d61260593b
SHA256

699b07ab9c61481f42572828e80287251e8016f66711e299796abd134759bb93
SHA512

ef98c926ff8a20b794e94cfad37c4ffdb7e3ace9c52817b76538d186014f5233a5e8f9ae336de1a884b5c732def839f47a248a8c47f9a71a079f584dc44b7850
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQUUvXjVTXptRmKWXkO1t7EjE:BemTLkNdfE0pZrQ4

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2496-0-0x00007FF614190000-0x00007FF6144E4000-memory.dmp	xmrig
behavioral2/files/0x000a00000002328e-6.dat	xmrig
behavioral2/files/0x000800000002340f-10.dat	xmrig
behavioral2/files/0x0007000000023410-9.dat	xmrig
behavioral2/memory/3960-14-0x00007FF68E1A0000-0x00007FF68E4F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-21.dat	xmrig
behavioral2/files/0x0007000000023416-42.dat	xmrig
behavioral2/files/0x0007000000023415-47.dat	xmrig
behavioral2/memory/2872-55-0x00007FF7B98B0000-0x00007FF7B9C04000-memory.dmp	xmrig
behavioral2/memory/1012-56-0x00007FF6A9000000-0x00007FF6A9354000-memory.dmp	xmrig
behavioral2/memory/2860-54-0x00007FF738F00000-0x00007FF739254000-memory.dmp	xmrig
behavioral2/memory/4428-48-0x00007FF6ED3D0000-0x00007FF6ED724000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-46.dat	xmrig
behavioral2/files/0x0007000000023413-44.dat	xmrig
behavioral2/memory/5104-43-0x00007FF67FE60000-0x00007FF6801B4000-memory.dmp	xmrig
behavioral2/memory/4924-39-0x00007FF764980000-0x00007FF764CD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-38.dat	xmrig
behavioral2/memory/3432-30-0x00007FF647CD0000-0x00007FF648024000-memory.dmp	xmrig
behavioral2/memory/2572-24-0x00007FF628FE0000-0x00007FF629334000-memory.dmp	xmrig
behavioral2/files/0x0007000000023417-59.dat	xmrig
behavioral2/files/0x000800000002340d-66.dat	xmrig
behavioral2/files/0x0007000000023419-72.dat	xmrig
behavioral2/files/0x000700000002341a-80.dat	xmrig
behavioral2/memory/4812-82-0x00007FF618540000-0x00007FF618894000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-97.dat	xmrig
behavioral2/files/0x000700000002341e-105.dat	xmrig
behavioral2/files/0x000700000002341f-109.dat	xmrig
behavioral2/files/0x0007000000023420-113.dat	xmrig
behavioral2/memory/556-125-0x00007FF725530000-0x00007FF725884000-memory.dmp	xmrig
behavioral2/memory/3340-128-0x00007FF69EF60000-0x00007FF69F2B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-181.dat	xmrig
behavioral2/files/0x000700000002342d-184.dat	xmrig
behavioral2/files/0x000700000002342b-179.dat	xmrig
behavioral2/files/0x000700000002342a-175.dat	xmrig
behavioral2/files/0x0007000000023429-169.dat	xmrig
behavioral2/files/0x0007000000023428-165.dat	xmrig
behavioral2/files/0x0007000000023427-159.dat	xmrig
behavioral2/files/0x0007000000023426-155.dat	xmrig
behavioral2/files/0x0007000000023425-149.dat	xmrig
behavioral2/files/0x0007000000023424-145.dat	xmrig
behavioral2/files/0x0007000000023423-140.dat	xmrig
behavioral2/files/0x0007000000023422-135.dat	xmrig
behavioral2/files/0x0007000000023421-126.dat	xmrig
behavioral2/memory/4092-122-0x00007FF7073E0000-0x00007FF707734000-memory.dmp	xmrig
behavioral2/memory/2000-116-0x00007FF7BAB40000-0x00007FF7BAE94000-memory.dmp	xmrig
behavioral2/memory/1508-112-0x00007FF6D8810000-0x00007FF6D8B64000-memory.dmp	xmrig
behavioral2/memory/2644-108-0x00007FF7C1950000-0x00007FF7C1CA4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-103.dat	xmrig
behavioral2/memory/4864-102-0x00007FF74D8D0000-0x00007FF74DC24000-memory.dmp	xmrig
behavioral2/memory/4848-101-0x00007FF7B89D0000-0x00007FF7B8D24000-memory.dmp	xmrig
behavioral2/memory/2808-95-0x00007FF6F3D60000-0x00007FF6F40B4000-memory.dmp	xmrig
behavioral2/memory/4232-90-0x00007FF6D5240000-0x00007FF6D5594000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-93.dat	xmrig
behavioral2/memory/1456-83-0x00007FF705B00000-0x00007FF705E54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-68.dat	xmrig
behavioral2/memory/516-671-0x00007FF7AB170000-0x00007FF7AB4C4000-memory.dmp	xmrig
behavioral2/memory/2068-694-0x00007FF6274F0000-0x00007FF627844000-memory.dmp	xmrig
behavioral2/memory/1084-687-0x00007FF688B90000-0x00007FF688EE4000-memory.dmp	xmrig
behavioral2/memory/3908-681-0x00007FF64E330000-0x00007FF64E684000-memory.dmp	xmrig
behavioral2/memory/1672-680-0x00007FF67DB20000-0x00007FF67DE74000-memory.dmp	xmrig
behavioral2/memory/5088-679-0x00007FF7EA3E0000-0x00007FF7EA734000-memory.dmp	xmrig
behavioral2/memory/3212-669-0x00007FF6D6940000-0x00007FF6D6C94000-memory.dmp	xmrig
behavioral2/memory/2204-698-0x00007FF6AC3B0000-0x00007FF6AC704000-memory.dmp	xmrig
behavioral2/memory/2496-1474-0x00007FF614190000-0x00007FF6144E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3960	ifZENHI.exe
3432	BdtDwKj.exe
2572	sQgNyUe.exe
4924	BDupiRG.exe
2872	IKAZapZ.exe
1012	NBWmcKe.exe
5104	DiwIWWi.exe
4428	JjFNewO.exe
2860	RSwuwMV.exe
4812	vfMQKsS.exe
4848	TAnDIHC.exe
1456	HZAhOXM.exe
4864	CnrqPUB.exe
4232	YTwEqVA.exe
2644	kyAAAuA.exe
2808	MaqNlxb.exe
1508	qDQNGmD.exe
2000	KKaApeL.exe
4092	pgnagzb.exe
556	QSHmYwz.exe
3340	TwBIjWg.exe
3212	RMVYQsR.exe
516	oougNQQ.exe
5088	LqEskTr.exe
1672	pFApqhj.exe
3908	laLkJsv.exe
1084	DIYalzl.exe
2068	jXklWEn.exe
2204	yMdsVKY.exe
4960	AzEKSsp.exe
1872	XPVzGhF.exe
4908	EgDddMh.exe
1428	bUvajxc.exe
1324	nXUNnxn.exe
5040	KHmlzZn.exe
2676	UspiMUk.exe
1484	rPjDyar.exe
4792	QSdhiAx.exe
1412	bVNXabn.exe
1688	QeXLvHq.exe
3900	tnOMpDL.exe
3280	hWZKwug.exe
2700	mrvdWKZ.exe
4596	fRqHpls.exe
1264	bFhGdlk.exe
1676	cGZfFMq.exe
1580	loTSiCV.exe
4332	VpnPTLW.exe
5036	bunTSQc.exe
1528	vriRZth.exe
3664	PAYLsxj.exe
688	lOEsmDO.exe
1112	WnnVSnd.exe
4416	dySIUNt.exe
2468	YengWZR.exe
1408	owzCeXd.exe
3668	WroKidf.exe
3024	WaOtdKo.exe
4820	uwSilVe.exe
1404	LUASNBo.exe
2720	GucPXNW.exe
5000	DyNhnaT.exe
5024	oephOUj.exe
836	RqKCWjc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2496-0-0x00007FF614190000-0x00007FF6144E4000-memory.dmp	upx
behavioral2/files/0x000a00000002328e-6.dat	upx
behavioral2/files/0x000800000002340f-10.dat	upx
behavioral2/files/0x0007000000023410-9.dat	upx
behavioral2/memory/3960-14-0x00007FF68E1A0000-0x00007FF68E4F4000-memory.dmp	upx
behavioral2/files/0x0007000000023411-21.dat	upx
behavioral2/files/0x0007000000023416-42.dat	upx
behavioral2/files/0x0007000000023415-47.dat	upx
behavioral2/memory/2872-55-0x00007FF7B98B0000-0x00007FF7B9C04000-memory.dmp	upx
behavioral2/memory/1012-56-0x00007FF6A9000000-0x00007FF6A9354000-memory.dmp	upx
behavioral2/memory/2860-54-0x00007FF738F00000-0x00007FF739254000-memory.dmp	upx
behavioral2/memory/4428-48-0x00007FF6ED3D0000-0x00007FF6ED724000-memory.dmp	upx
behavioral2/files/0x0007000000023414-46.dat	upx
behavioral2/files/0x0007000000023413-44.dat	upx
behavioral2/memory/5104-43-0x00007FF67FE60000-0x00007FF6801B4000-memory.dmp	upx
behavioral2/memory/4924-39-0x00007FF764980000-0x00007FF764CD4000-memory.dmp	upx
behavioral2/files/0x0007000000023412-38.dat	upx
behavioral2/memory/3432-30-0x00007FF647CD0000-0x00007FF648024000-memory.dmp	upx
behavioral2/memory/2572-24-0x00007FF628FE0000-0x00007FF629334000-memory.dmp	upx
behavioral2/files/0x0007000000023417-59.dat	upx
behavioral2/files/0x000800000002340d-66.dat	upx
behavioral2/files/0x0007000000023419-72.dat	upx
behavioral2/files/0x000700000002341a-80.dat	upx
behavioral2/memory/4812-82-0x00007FF618540000-0x00007FF618894000-memory.dmp	upx
behavioral2/files/0x000700000002341c-97.dat	upx
behavioral2/files/0x000700000002341e-105.dat	upx
behavioral2/files/0x000700000002341f-109.dat	upx
behavioral2/files/0x0007000000023420-113.dat	upx
behavioral2/memory/556-125-0x00007FF725530000-0x00007FF725884000-memory.dmp	upx
behavioral2/memory/3340-128-0x00007FF69EF60000-0x00007FF69F2B4000-memory.dmp	upx
behavioral2/files/0x000700000002342c-181.dat	upx
behavioral2/files/0x000700000002342d-184.dat	upx
behavioral2/files/0x000700000002342b-179.dat	upx
behavioral2/files/0x000700000002342a-175.dat	upx
behavioral2/files/0x0007000000023429-169.dat	upx
behavioral2/files/0x0007000000023428-165.dat	upx
behavioral2/files/0x0007000000023427-159.dat	upx
behavioral2/files/0x0007000000023426-155.dat	upx
behavioral2/files/0x0007000000023425-149.dat	upx
behavioral2/files/0x0007000000023424-145.dat	upx
behavioral2/files/0x0007000000023423-140.dat	upx
behavioral2/files/0x0007000000023422-135.dat	upx
behavioral2/files/0x0007000000023421-126.dat	upx
behavioral2/memory/4092-122-0x00007FF7073E0000-0x00007FF707734000-memory.dmp	upx
behavioral2/memory/2000-116-0x00007FF7BAB40000-0x00007FF7BAE94000-memory.dmp	upx
behavioral2/memory/1508-112-0x00007FF6D8810000-0x00007FF6D8B64000-memory.dmp	upx
behavioral2/memory/2644-108-0x00007FF7C1950000-0x00007FF7C1CA4000-memory.dmp	upx
behavioral2/files/0x000700000002341d-103.dat	upx
behavioral2/memory/4864-102-0x00007FF74D8D0000-0x00007FF74DC24000-memory.dmp	upx
behavioral2/memory/4848-101-0x00007FF7B89D0000-0x00007FF7B8D24000-memory.dmp	upx
behavioral2/memory/2808-95-0x00007FF6F3D60000-0x00007FF6F40B4000-memory.dmp	upx
behavioral2/memory/4232-90-0x00007FF6D5240000-0x00007FF6D5594000-memory.dmp	upx
behavioral2/files/0x000700000002341b-93.dat	upx
behavioral2/memory/1456-83-0x00007FF705B00000-0x00007FF705E54000-memory.dmp	upx
behavioral2/files/0x0007000000023418-68.dat	upx
behavioral2/memory/516-671-0x00007FF7AB170000-0x00007FF7AB4C4000-memory.dmp	upx
behavioral2/memory/2068-694-0x00007FF6274F0000-0x00007FF627844000-memory.dmp	upx
behavioral2/memory/1084-687-0x00007FF688B90000-0x00007FF688EE4000-memory.dmp	upx
behavioral2/memory/3908-681-0x00007FF64E330000-0x00007FF64E684000-memory.dmp	upx
behavioral2/memory/1672-680-0x00007FF67DB20000-0x00007FF67DE74000-memory.dmp	upx
behavioral2/memory/5088-679-0x00007FF7EA3E0000-0x00007FF7EA734000-memory.dmp	upx
behavioral2/memory/3212-669-0x00007FF6D6940000-0x00007FF6D6C94000-memory.dmp	upx
behavioral2/memory/2204-698-0x00007FF6AC3B0000-0x00007FF6AC704000-memory.dmp	upx
behavioral2/memory/2496-1474-0x00007FF614190000-0x00007FF6144E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IEsnsbM.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\byAMHaX.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\MGXAvsv.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\sDljSgk.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZntRtSp.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\rRmcbcM.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\QeXLvHq.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\PAYLsxj.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\ElukjrN.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\PbyHQXW.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\paPETOI.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\BiMYPaB.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\rErnXru.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\VvAbnQC.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\yMdsVKY.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\bunTSQc.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\VQmbdlk.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\bYovmYq.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\AskyRwH.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\CwHMgHR.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\QSdhiAx.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\bVNXabn.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\kHaFwTv.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\zvkzxbT.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\Uqljgfw.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\jXklWEn.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\CRwCAek.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\HvLWwTQ.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\pKhnJVS.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\oWenQds.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\uCDZWAr.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\ImZrzUP.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\uwSilVe.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\JQsRkeA.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\uaaPbZI.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\SFMLjoQ.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\mXEKrNH.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\ytdUJcC.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\kADXmHC.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\hWYjeyf.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\DEKNlSt.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\hYKJgLJ.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZXsopfC.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\MIPtgFr.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\ziFAzAV.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\xBQzuWw.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\bwIscpr.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\DIYalzl.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\qidNTgg.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\EGmYupQ.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\PorxBow.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\PiKTVru.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZufNNsI.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\yFwJsbc.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\briNObe.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\kffMCIS.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\jcsiWgq.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\mbofVhX.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\QSHmYwz.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\oULtFzq.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\FPGfxjh.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\iOlEUBk.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\MMBzRJD.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
File created	C:\Windows\System\ueSokHk.exe	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14444	dwm.exe
Token: SeChangeNotifyPrivilege	14444	dwm.exe
Token: 33	14444	dwm.exe
Token: SeIncBasePriorityPrivilege	14444	dwm.exe
Token: SeShutdownPrivilege	14444	dwm.exe
Token: SeCreatePagefilePrivilege	14444	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 3960	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	83
PID 2496 wrote to memory of 3960	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	83
PID 2496 wrote to memory of 3432	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	84
PID 2496 wrote to memory of 3432	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	84
PID 2496 wrote to memory of 2572	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	85
PID 2496 wrote to memory of 2572	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	85
PID 2496 wrote to memory of 4924	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	86
PID 2496 wrote to memory of 4924	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	86
PID 2496 wrote to memory of 2872	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	87
PID 2496 wrote to memory of 2872	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	87
PID 2496 wrote to memory of 1012	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	88
PID 2496 wrote to memory of 1012	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	88
PID 2496 wrote to memory of 5104	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	89
PID 2496 wrote to memory of 5104	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	89
PID 2496 wrote to memory of 4428	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	90
PID 2496 wrote to memory of 4428	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	90
PID 2496 wrote to memory of 2860	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	91
PID 2496 wrote to memory of 2860	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	91
PID 2496 wrote to memory of 4812	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	92
PID 2496 wrote to memory of 4812	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	92
PID 2496 wrote to memory of 4848	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	93
PID 2496 wrote to memory of 4848	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	93
PID 2496 wrote to memory of 1456	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	94
PID 2496 wrote to memory of 1456	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	94
PID 2496 wrote to memory of 4864	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	95
PID 2496 wrote to memory of 4864	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	95
PID 2496 wrote to memory of 4232	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	96
PID 2496 wrote to memory of 4232	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	96
PID 2496 wrote to memory of 2644	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	97
PID 2496 wrote to memory of 2644	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	97
PID 2496 wrote to memory of 2808	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	98
PID 2496 wrote to memory of 2808	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	98
PID 2496 wrote to memory of 1508	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	99
PID 2496 wrote to memory of 1508	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	99
PID 2496 wrote to memory of 2000	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	101
PID 2496 wrote to memory of 2000	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	101
PID 2496 wrote to memory of 4092	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	102
PID 2496 wrote to memory of 4092	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	102
PID 2496 wrote to memory of 556	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	103
PID 2496 wrote to memory of 556	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	103
PID 2496 wrote to memory of 3340	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	104
PID 2496 wrote to memory of 3340	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	104
PID 2496 wrote to memory of 3212	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	105
PID 2496 wrote to memory of 3212	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	105
PID 2496 wrote to memory of 516	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	107
PID 2496 wrote to memory of 516	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	107
PID 2496 wrote to memory of 5088	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	108
PID 2496 wrote to memory of 5088	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	108
PID 2496 wrote to memory of 1672	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	109
PID 2496 wrote to memory of 1672	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	109
PID 2496 wrote to memory of 3908	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	110
PID 2496 wrote to memory of 3908	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	110
PID 2496 wrote to memory of 1084	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	111
PID 2496 wrote to memory of 1084	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	111
PID 2496 wrote to memory of 2068	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	112
PID 2496 wrote to memory of 2068	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	112
PID 2496 wrote to memory of 2204	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	113
PID 2496 wrote to memory of 2204	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	113
PID 2496 wrote to memory of 4960	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	114
PID 2496 wrote to memory of 4960	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	114
PID 2496 wrote to memory of 1872	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	115
PID 2496 wrote to memory of 1872	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	115
PID 2496 wrote to memory of 4908	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	116
PID 2496 wrote to memory of 4908	2496	4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4a4ac7bf0318c2f882a331228408c9f0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\System\ifZENHI.exe
  C:\Windows\System\ifZENHI.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\BdtDwKj.exe
  C:\Windows\System\BdtDwKj.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\sQgNyUe.exe
  C:\Windows\System\sQgNyUe.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\BDupiRG.exe
  C:\Windows\System\BDupiRG.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\IKAZapZ.exe
  C:\Windows\System\IKAZapZ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\NBWmcKe.exe
  C:\Windows\System\NBWmcKe.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\DiwIWWi.exe
  C:\Windows\System\DiwIWWi.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\JjFNewO.exe
  C:\Windows\System\JjFNewO.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\RSwuwMV.exe
  C:\Windows\System\RSwuwMV.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\vfMQKsS.exe
  C:\Windows\System\vfMQKsS.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\TAnDIHC.exe
  C:\Windows\System\TAnDIHC.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\HZAhOXM.exe
  C:\Windows\System\HZAhOXM.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\CnrqPUB.exe
  C:\Windows\System\CnrqPUB.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\YTwEqVA.exe
  C:\Windows\System\YTwEqVA.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\kyAAAuA.exe
  C:\Windows\System\kyAAAuA.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\MaqNlxb.exe
  C:\Windows\System\MaqNlxb.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\qDQNGmD.exe
  C:\Windows\System\qDQNGmD.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\KKaApeL.exe
  C:\Windows\System\KKaApeL.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\pgnagzb.exe
  C:\Windows\System\pgnagzb.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\QSHmYwz.exe
  C:\Windows\System\QSHmYwz.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\TwBIjWg.exe
  C:\Windows\System\TwBIjWg.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\RMVYQsR.exe
  C:\Windows\System\RMVYQsR.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\oougNQQ.exe
  C:\Windows\System\oougNQQ.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\LqEskTr.exe
  C:\Windows\System\LqEskTr.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\pFApqhj.exe
  C:\Windows\System\pFApqhj.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\laLkJsv.exe
  C:\Windows\System\laLkJsv.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\DIYalzl.exe
  C:\Windows\System\DIYalzl.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\jXklWEn.exe
  C:\Windows\System\jXklWEn.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\yMdsVKY.exe
  C:\Windows\System\yMdsVKY.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\AzEKSsp.exe
  C:\Windows\System\AzEKSsp.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\XPVzGhF.exe
  C:\Windows\System\XPVzGhF.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\EgDddMh.exe
  C:\Windows\System\EgDddMh.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\bUvajxc.exe
  C:\Windows\System\bUvajxc.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\nXUNnxn.exe
  C:\Windows\System\nXUNnxn.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\KHmlzZn.exe
  C:\Windows\System\KHmlzZn.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\UspiMUk.exe
  C:\Windows\System\UspiMUk.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\rPjDyar.exe
  C:\Windows\System\rPjDyar.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\QSdhiAx.exe
  C:\Windows\System\QSdhiAx.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\bVNXabn.exe
  C:\Windows\System\bVNXabn.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\QeXLvHq.exe
  C:\Windows\System\QeXLvHq.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\tnOMpDL.exe
  C:\Windows\System\tnOMpDL.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\hWZKwug.exe
  C:\Windows\System\hWZKwug.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\mrvdWKZ.exe
  C:\Windows\System\mrvdWKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\fRqHpls.exe
  C:\Windows\System\fRqHpls.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\bFhGdlk.exe
  C:\Windows\System\bFhGdlk.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\cGZfFMq.exe
  C:\Windows\System\cGZfFMq.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\loTSiCV.exe
  C:\Windows\System\loTSiCV.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\VpnPTLW.exe
  C:\Windows\System\VpnPTLW.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\bunTSQc.exe
  C:\Windows\System\bunTSQc.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\vriRZth.exe
  C:\Windows\System\vriRZth.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\PAYLsxj.exe
  C:\Windows\System\PAYLsxj.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\lOEsmDO.exe
  C:\Windows\System\lOEsmDO.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\WnnVSnd.exe
  C:\Windows\System\WnnVSnd.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\dySIUNt.exe
  C:\Windows\System\dySIUNt.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\YengWZR.exe
  C:\Windows\System\YengWZR.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\owzCeXd.exe
  C:\Windows\System\owzCeXd.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\WroKidf.exe
  C:\Windows\System\WroKidf.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\WaOtdKo.exe
  C:\Windows\System\WaOtdKo.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\uwSilVe.exe
  C:\Windows\System\uwSilVe.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\LUASNBo.exe
  C:\Windows\System\LUASNBo.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\GucPXNW.exe
  C:\Windows\System\GucPXNW.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\DyNhnaT.exe
  C:\Windows\System\DyNhnaT.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\oephOUj.exe
  C:\Windows\System\oephOUj.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\RqKCWjc.exe
  C:\Windows\System\RqKCWjc.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\RjpxHzj.exe
  C:\Windows\System\RjpxHzj.exe
  2⤵
  PID:1140
- C:\Windows\System\IlyOtXr.exe
  C:\Windows\System\IlyOtXr.exe
  2⤵
  PID:4012
- C:\Windows\System\SyUqoUx.exe
  C:\Windows\System\SyUqoUx.exe
  2⤵
  PID:3816
- C:\Windows\System\Zrywtcx.exe
  C:\Windows\System\Zrywtcx.exe
  2⤵
  PID:3116
- C:\Windows\System\AvyxhZU.exe
  C:\Windows\System\AvyxhZU.exe
  2⤵
  PID:4144
- C:\Windows\System\CIwqXqT.exe
  C:\Windows\System\CIwqXqT.exe
  2⤵
  PID:1332
- C:\Windows\System\ZRAPrTG.exe
  C:\Windows\System\ZRAPrTG.exe
  2⤵
  PID:2460
- C:\Windows\System\TvPYJDh.exe
  C:\Windows\System\TvPYJDh.exe
  2⤵
  PID:4612
- C:\Windows\System\nmowGOJ.exe
  C:\Windows\System\nmowGOJ.exe
  2⤵
  PID:1376
- C:\Windows\System\mRGPiUw.exe
  C:\Windows\System\mRGPiUw.exe
  2⤵
  PID:2296
- C:\Windows\System\vIebCSX.exe
  C:\Windows\System\vIebCSX.exe
  2⤵
  PID:4556
- C:\Windows\System\zKKpHDu.exe
  C:\Windows\System\zKKpHDu.exe
  2⤵
  PID:1808
- C:\Windows\System\DEKNlSt.exe
  C:\Windows\System\DEKNlSt.exe
  2⤵
  PID:1976
- C:\Windows\System\zpnYoPS.exe
  C:\Windows\System\zpnYoPS.exe
  2⤵
  PID:3272
- C:\Windows\System\OhAfArv.exe
  C:\Windows\System\OhAfArv.exe
  2⤵
  PID:3824
- C:\Windows\System\RtcuGRj.exe
  C:\Windows\System\RtcuGRj.exe
  2⤵
  PID:2312
- C:\Windows\System\cVMVLrP.exe
  C:\Windows\System\cVMVLrP.exe
  2⤵
  PID:4528
- C:\Windows\System\IrgwWKB.exe
  C:\Windows\System\IrgwWKB.exe
  2⤵
  PID:4360
- C:\Windows\System\ppeykcx.exe
  C:\Windows\System\ppeykcx.exe
  2⤵
  PID:4852
- C:\Windows\System\RDeeYJQ.exe
  C:\Windows\System\RDeeYJQ.exe
  2⤵
  PID:1492
- C:\Windows\System\FkvYFkb.exe
  C:\Windows\System\FkvYFkb.exe
  2⤵
  PID:940
- C:\Windows\System\BgEDWdj.exe
  C:\Windows\System\BgEDWdj.exe
  2⤵
  PID:3988
- C:\Windows\System\iHkibXK.exe
  C:\Windows\System\iHkibXK.exe
  2⤵
  PID:2456
- C:\Windows\System\zHycXmL.exe
  C:\Windows\System\zHycXmL.exe
  2⤵
  PID:1436
- C:\Windows\System\vZSkwpF.exe
  C:\Windows\System\vZSkwpF.exe
  2⤵
  PID:5148
- C:\Windows\System\tCsdaFA.exe
  C:\Windows\System\tCsdaFA.exe
  2⤵
  PID:5176
- C:\Windows\System\Yiggkqd.exe
  C:\Windows\System\Yiggkqd.exe
  2⤵
  PID:5204
- C:\Windows\System\HHENQiC.exe
  C:\Windows\System\HHENQiC.exe
  2⤵
  PID:5232
- C:\Windows\System\reNYrAC.exe
  C:\Windows\System\reNYrAC.exe
  2⤵
  PID:5260
- C:\Windows\System\jZcNhkY.exe
  C:\Windows\System\jZcNhkY.exe
  2⤵
  PID:5288
- C:\Windows\System\MAAMirl.exe
  C:\Windows\System\MAAMirl.exe
  2⤵
  PID:5316
- C:\Windows\System\wcMTine.exe
  C:\Windows\System\wcMTine.exe
  2⤵
  PID:5344
- C:\Windows\System\CDubepz.exe
  C:\Windows\System\CDubepz.exe
  2⤵
  PID:5372
- C:\Windows\System\jXJgSXI.exe
  C:\Windows\System\jXJgSXI.exe
  2⤵
  PID:5400
- C:\Windows\System\VdCOnCP.exe
  C:\Windows\System\VdCOnCP.exe
  2⤵
  PID:5428
- C:\Windows\System\oULtFzq.exe
  C:\Windows\System\oULtFzq.exe
  2⤵
  PID:5456
- C:\Windows\System\PpDOZFc.exe
  C:\Windows\System\PpDOZFc.exe
  2⤵
  PID:5484
- C:\Windows\System\CrLMCAG.exe
  C:\Windows\System\CrLMCAG.exe
  2⤵
  PID:5512
- C:\Windows\System\zCeoayV.exe
  C:\Windows\System\zCeoayV.exe
  2⤵
  PID:5540
- C:\Windows\System\uiwwQMu.exe
  C:\Windows\System\uiwwQMu.exe
  2⤵
  PID:5568
- C:\Windows\System\QAnobDx.exe
  C:\Windows\System\QAnobDx.exe
  2⤵
  PID:5596
- C:\Windows\System\zWBIEBh.exe
  C:\Windows\System\zWBIEBh.exe
  2⤵
  PID:5624
- C:\Windows\System\aVDQcMF.exe
  C:\Windows\System\aVDQcMF.exe
  2⤵
  PID:5652
- C:\Windows\System\snBxqHz.exe
  C:\Windows\System\snBxqHz.exe
  2⤵
  PID:5680
- C:\Windows\System\mSMZBBl.exe
  C:\Windows\System\mSMZBBl.exe
  2⤵
  PID:5708
- C:\Windows\System\ReocLvu.exe
  C:\Windows\System\ReocLvu.exe
  2⤵
  PID:5736
- C:\Windows\System\rlWXrfU.exe
  C:\Windows\System\rlWXrfU.exe
  2⤵
  PID:5764
- C:\Windows\System\FPGfxjh.exe
  C:\Windows\System\FPGfxjh.exe
  2⤵
  PID:5792
- C:\Windows\System\VQmbdlk.exe
  C:\Windows\System\VQmbdlk.exe
  2⤵
  PID:5820
- C:\Windows\System\CRwCAek.exe
  C:\Windows\System\CRwCAek.exe
  2⤵
  PID:5848
- C:\Windows\System\UhezSgu.exe
  C:\Windows\System\UhezSgu.exe
  2⤵
  PID:5876
- C:\Windows\System\iOlEUBk.exe
  C:\Windows\System\iOlEUBk.exe
  2⤵
  PID:5904
- C:\Windows\System\AebkkxO.exe
  C:\Windows\System\AebkkxO.exe
  2⤵
  PID:5932
- C:\Windows\System\eaUCMeD.exe
  C:\Windows\System\eaUCMeD.exe
  2⤵
  PID:5960
- C:\Windows\System\IiacUyd.exe
  C:\Windows\System\IiacUyd.exe
  2⤵
  PID:5988
- C:\Windows\System\imFLPTe.exe
  C:\Windows\System\imFLPTe.exe
  2⤵
  PID:6016
- C:\Windows\System\xULaAQP.exe
  C:\Windows\System\xULaAQP.exe
  2⤵
  PID:6044
- C:\Windows\System\BFNJqRX.exe
  C:\Windows\System\BFNJqRX.exe
  2⤵
  PID:6072
- C:\Windows\System\uIAfcjB.exe
  C:\Windows\System\uIAfcjB.exe
  2⤵
  PID:6100
- C:\Windows\System\lFsfqZV.exe
  C:\Windows\System\lFsfqZV.exe
  2⤵
  PID:6128
- C:\Windows\System\IEsnsbM.exe
  C:\Windows\System\IEsnsbM.exe
  2⤵
  PID:4952
- C:\Windows\System\kJZyNAQ.exe
  C:\Windows\System\kJZyNAQ.exe
  2⤵
  PID:1088
- C:\Windows\System\uqvGXqP.exe
  C:\Windows\System\uqvGXqP.exe
  2⤵
  PID:4636
- C:\Windows\System\kYibjhz.exe
  C:\Windows\System\kYibjhz.exe
  2⤵
  PID:3656
- C:\Windows\System\FcyKvLG.exe
  C:\Windows\System\FcyKvLG.exe
  2⤵
  PID:4316
- C:\Windows\System\JtoWblu.exe
  C:\Windows\System\JtoWblu.exe
  2⤵
  PID:5164
- C:\Windows\System\HgwniqR.exe
  C:\Windows\System\HgwniqR.exe
  2⤵
  PID:5224
- C:\Windows\System\FGYXHqf.exe
  C:\Windows\System\FGYXHqf.exe
  2⤵
  PID:5300
- C:\Windows\System\fjnWYfz.exe
  C:\Windows\System\fjnWYfz.exe
  2⤵
  PID:5360
- C:\Windows\System\JQsRkeA.exe
  C:\Windows\System\JQsRkeA.exe
  2⤵
  PID:5420
- C:\Windows\System\LjKlPou.exe
  C:\Windows\System\LjKlPou.exe
  2⤵
  PID:5496
- C:\Windows\System\OTcREZK.exe
  C:\Windows\System\OTcREZK.exe
  2⤵
  PID:5556
- C:\Windows\System\BlTmnYl.exe
  C:\Windows\System\BlTmnYl.exe
  2⤵
  PID:5616
- C:\Windows\System\QYlHiao.exe
  C:\Windows\System\QYlHiao.exe
  2⤵
  PID:5692
- C:\Windows\System\OIUFFvP.exe
  C:\Windows\System\OIUFFvP.exe
  2⤵
  PID:5752
- C:\Windows\System\TByhzjT.exe
  C:\Windows\System\TByhzjT.exe
  2⤵
  PID:5812
- C:\Windows\System\zJlRIuS.exe
  C:\Windows\System\zJlRIuS.exe
  2⤵
  PID:5888
- C:\Windows\System\SZLPxsq.exe
  C:\Windows\System\SZLPxsq.exe
  2⤵
  PID:5944
- C:\Windows\System\whNEqlb.exe
  C:\Windows\System\whNEqlb.exe
  2⤵
  PID:6008
- C:\Windows\System\tdSVkMs.exe
  C:\Windows\System\tdSVkMs.exe
  2⤵
  PID:6088
- C:\Windows\System\fWZtzQf.exe
  C:\Windows\System\fWZtzQf.exe
  2⤵
  PID:2372
- C:\Windows\System\hYKJgLJ.exe
  C:\Windows\System\hYKJgLJ.exe
  2⤵
  PID:396
- C:\Windows\System\kqNSkUZ.exe
  C:\Windows\System\kqNSkUZ.exe
  2⤵
  PID:5136
- C:\Windows\System\HiOJIWZ.exe
  C:\Windows\System\HiOJIWZ.exe
  2⤵
  PID:5276
- C:\Windows\System\fAUNXpP.exe
  C:\Windows\System\fAUNXpP.exe
  2⤵
  PID:5412
- C:\Windows\System\LzpoCCR.exe
  C:\Windows\System\LzpoCCR.exe
  2⤵
  PID:5528
- C:\Windows\System\hIgccOc.exe
  C:\Windows\System\hIgccOc.exe
  2⤵
  PID:5584
- C:\Windows\System\bYMiabZ.exe
  C:\Windows\System\bYMiabZ.exe
  2⤵
  PID:5724
- C:\Windows\System\dwetyFL.exe
  C:\Windows\System\dwetyFL.exe
  2⤵
  PID:5860
- C:\Windows\System\nTgIwnC.exe
  C:\Windows\System\nTgIwnC.exe
  2⤵
  PID:6004
- C:\Windows\System\PslckQb.exe
  C:\Windows\System\PslckQb.exe
  2⤵
  PID:6140
- C:\Windows\System\LKpEEhp.exe
  C:\Windows\System\LKpEEhp.exe
  2⤵
  PID:5132
- C:\Windows\System\mgcBCgx.exe
  C:\Windows\System\mgcBCgx.exe
  2⤵
  PID:1532
- C:\Windows\System\HlZwGDq.exe
  C:\Windows\System\HlZwGDq.exe
  2⤵
  PID:3360
- C:\Windows\System\eXSoAtZ.exe
  C:\Windows\System\eXSoAtZ.exe
  2⤵
  PID:6176
- C:\Windows\System\vgKiaEg.exe
  C:\Windows\System\vgKiaEg.exe
  2⤵
  PID:6204
- C:\Windows\System\KMuXrJx.exe
  C:\Windows\System\KMuXrJx.exe
  2⤵
  PID:6232
- C:\Windows\System\VXOISqQ.exe
  C:\Windows\System\VXOISqQ.exe
  2⤵
  PID:6260
- C:\Windows\System\zDmgnpo.exe
  C:\Windows\System\zDmgnpo.exe
  2⤵
  PID:6288
- C:\Windows\System\AxgDodE.exe
  C:\Windows\System\AxgDodE.exe
  2⤵
  PID:6320
- C:\Windows\System\JMyBdCy.exe
  C:\Windows\System\JMyBdCy.exe
  2⤵
  PID:6344
- C:\Windows\System\NHmPUoK.exe
  C:\Windows\System\NHmPUoK.exe
  2⤵
  PID:6372
- C:\Windows\System\MMBzRJD.exe
  C:\Windows\System\MMBzRJD.exe
  2⤵
  PID:6400
- C:\Windows\System\DqBdxuI.exe
  C:\Windows\System\DqBdxuI.exe
  2⤵
  PID:6428
- C:\Windows\System\IYaXXbe.exe
  C:\Windows\System\IYaXXbe.exe
  2⤵
  PID:6456
- C:\Windows\System\EyZvBqw.exe
  C:\Windows\System\EyZvBqw.exe
  2⤵
  PID:6484
- C:\Windows\System\MDoofoT.exe
  C:\Windows\System\MDoofoT.exe
  2⤵
  PID:6512
- C:\Windows\System\fHKJlup.exe
  C:\Windows\System\fHKJlup.exe
  2⤵
  PID:6540
- C:\Windows\System\LQmdSKw.exe
  C:\Windows\System\LQmdSKw.exe
  2⤵
  PID:6568
- C:\Windows\System\zrdJajs.exe
  C:\Windows\System\zrdJajs.exe
  2⤵
  PID:6596
- C:\Windows\System\mtqYvgj.exe
  C:\Windows\System\mtqYvgj.exe
  2⤵
  PID:6624
- C:\Windows\System\kdyAnAh.exe
  C:\Windows\System\kdyAnAh.exe
  2⤵
  PID:6652
- C:\Windows\System\gHaauSA.exe
  C:\Windows\System\gHaauSA.exe
  2⤵
  PID:6680
- C:\Windows\System\oWenQds.exe
  C:\Windows\System\oWenQds.exe
  2⤵
  PID:6708
- C:\Windows\System\sGxgQEb.exe
  C:\Windows\System\sGxgQEb.exe
  2⤵
  PID:6736
- C:\Windows\System\MhQTAOZ.exe
  C:\Windows\System\MhQTAOZ.exe
  2⤵
  PID:6764
- C:\Windows\System\JAGczBN.exe
  C:\Windows\System\JAGczBN.exe
  2⤵
  PID:6792
- C:\Windows\System\oITbawk.exe
  C:\Windows\System\oITbawk.exe
  2⤵
  PID:6820
- C:\Windows\System\doOoXDR.exe
  C:\Windows\System\doOoXDR.exe
  2⤵
  PID:6848
- C:\Windows\System\zTjyFxd.exe
  C:\Windows\System\zTjyFxd.exe
  2⤵
  PID:6876
- C:\Windows\System\WQDdlWq.exe
  C:\Windows\System\WQDdlWq.exe
  2⤵
  PID:6904
- C:\Windows\System\HvLWwTQ.exe
  C:\Windows\System\HvLWwTQ.exe
  2⤵
  PID:6932
- C:\Windows\System\xJmFkIK.exe
  C:\Windows\System\xJmFkIK.exe
  2⤵
  PID:6960
- C:\Windows\System\wtnkCNS.exe
  C:\Windows\System\wtnkCNS.exe
  2⤵
  PID:6988
- C:\Windows\System\ZufNNsI.exe
  C:\Windows\System\ZufNNsI.exe
  2⤵
  PID:7016
- C:\Windows\System\zOAjOuM.exe
  C:\Windows\System\zOAjOuM.exe
  2⤵
  PID:7044
- C:\Windows\System\gsIhjUv.exe
  C:\Windows\System\gsIhjUv.exe
  2⤵
  PID:7072
- C:\Windows\System\qGRMgFM.exe
  C:\Windows\System\qGRMgFM.exe
  2⤵
  PID:7100
- C:\Windows\System\hYxWCTA.exe
  C:\Windows\System\hYxWCTA.exe
  2⤵
  PID:2212
- C:\Windows\System\YlcXRZO.exe
  C:\Windows\System\YlcXRZO.exe
  2⤵
  PID:5668
- C:\Windows\System\KijasOD.exe
  C:\Windows\System\KijasOD.exe
  2⤵
  PID:5920
- C:\Windows\System\yHDMTUl.exe
  C:\Windows\System\yHDMTUl.exe
  2⤵
  PID:4244
- C:\Windows\System\YsUIEPZ.exe
  C:\Windows\System\YsUIEPZ.exe
  2⤵
  PID:6196
- C:\Windows\System\YHSrnLU.exe
  C:\Windows\System\YHSrnLU.exe
  2⤵
  PID:6272
- C:\Windows\System\mqWeNVS.exe
  C:\Windows\System\mqWeNVS.exe
  2⤵
  PID:6360
- C:\Windows\System\FjAnIFM.exe
  C:\Windows\System\FjAnIFM.exe
  2⤵
  PID:6412
- C:\Windows\System\feezfLt.exe
  C:\Windows\System\feezfLt.exe
  2⤵
  PID:6448
- C:\Windows\System\omHEEuy.exe
  C:\Windows\System\omHEEuy.exe
  2⤵
  PID:6500
- C:\Windows\System\jcuzYWs.exe
  C:\Windows\System\jcuzYWs.exe
  2⤵
  PID:6580
- C:\Windows\System\oigrhnP.exe
  C:\Windows\System\oigrhnP.exe
  2⤵
  PID:6664
- C:\Windows\System\xeoCnZF.exe
  C:\Windows\System\xeoCnZF.exe
  2⤵
  PID:6832
- C:\Windows\System\XEJBkqj.exe
  C:\Windows\System\XEJBkqj.exe
  2⤵
  PID:6840
- C:\Windows\System\scUNnyJ.exe
  C:\Windows\System\scUNnyJ.exe
  2⤵
  PID:6868
- C:\Windows\System\UJjguJL.exe
  C:\Windows\System\UJjguJL.exe
  2⤵
  PID:1548
- C:\Windows\System\KMlPhBi.exe
  C:\Windows\System\KMlPhBi.exe
  2⤵
  PID:1496
- C:\Windows\System\cFMAiTu.exe
  C:\Windows\System\cFMAiTu.exe
  2⤵
  PID:7056
- C:\Windows\System\BQrMtdX.exe
  C:\Windows\System\BQrMtdX.exe
  2⤵
  PID:2004
- C:\Windows\System\JrHQWoO.exe
  C:\Windows\System\JrHQWoO.exe
  2⤵
  PID:7088
- C:\Windows\System\PlwwCEZ.exe
  C:\Windows\System\PlwwCEZ.exe
  2⤵
  PID:3484
- C:\Windows\System\BYbJqYO.exe
  C:\Windows\System\BYbJqYO.exe
  2⤵
  PID:7156
- C:\Windows\System\ErZBDNu.exe
  C:\Windows\System\ErZBDNu.exe
  2⤵
  PID:5644
- C:\Windows\System\litKCuZ.exe
  C:\Windows\System\litKCuZ.exe
  2⤵
  PID:4560
- C:\Windows\System\QYHyGWM.exe
  C:\Windows\System\QYHyGWM.exe
  2⤵
  PID:6356
- C:\Windows\System\IPADusi.exe
  C:\Windows\System\IPADusi.exe
  2⤵
  PID:6244
- C:\Windows\System\aulUQvm.exe
  C:\Windows\System\aulUQvm.exe
  2⤵
  PID:6388
- C:\Windows\System\gLACLXj.exe
  C:\Windows\System\gLACLXj.exe
  2⤵
  PID:6476
- C:\Windows\System\oWUfZNR.exe
  C:\Windows\System\oWUfZNR.exe
  2⤵
  PID:6752
- C:\Windows\System\HHViKDN.exe
  C:\Windows\System\HHViKDN.exe
  2⤵
  PID:6780
- C:\Windows\System\gclcIjR.exe
  C:\Windows\System\gclcIjR.exe
  2⤵
  PID:6972
- C:\Windows\System\gInqcoH.exe
  C:\Windows\System\gInqcoH.exe
  2⤵
  PID:6304
- C:\Windows\System\OjwrjxD.exe
  C:\Windows\System\OjwrjxD.exe
  2⤵
  PID:3220
- C:\Windows\System\ObfGLjB.exe
  C:\Windows\System\ObfGLjB.exe
  2⤵
  PID:6188
- C:\Windows\System\QyVTFSn.exe
  C:\Windows\System\QyVTFSn.exe
  2⤵
  PID:6340
- C:\Windows\System\apCUNAG.exe
  C:\Windows\System\apCUNAG.exe
  2⤵
  PID:6612
- C:\Windows\System\tjgSKiG.exe
  C:\Windows\System\tjgSKiG.exe
  2⤵
  PID:6672
- C:\Windows\System\Ikukppq.exe
  C:\Windows\System\Ikukppq.exe
  2⤵
  PID:6980
- C:\Windows\System\hxamzEU.exe
  C:\Windows\System\hxamzEU.exe
  2⤵
  PID:4976
- C:\Windows\System\PjRzMHP.exe
  C:\Windows\System\PjRzMHP.exe
  2⤵
  PID:3800
- C:\Windows\System\FmfGqLU.exe
  C:\Windows\System\FmfGqLU.exe
  2⤵
  PID:6640
- C:\Windows\System\MnVriBk.exe
  C:\Windows\System\MnVriBk.exe
  2⤵
  PID:7176
- C:\Windows\System\dRvtGKD.exe
  C:\Windows\System\dRvtGKD.exe
  2⤵
  PID:7228
- C:\Windows\System\qidNTgg.exe
  C:\Windows\System\qidNTgg.exe
  2⤵
  PID:7244
- C:\Windows\System\uJVvoqQ.exe
  C:\Windows\System\uJVvoqQ.exe
  2⤵
  PID:7272
- C:\Windows\System\ZXsopfC.exe
  C:\Windows\System\ZXsopfC.exe
  2⤵
  PID:7300
- C:\Windows\System\GeDwpBi.exe
  C:\Windows\System\GeDwpBi.exe
  2⤵
  PID:7328
- C:\Windows\System\yPhqREH.exe
  C:\Windows\System\yPhqREH.exe
  2⤵
  PID:7344
- C:\Windows\System\sMcwajn.exe
  C:\Windows\System\sMcwajn.exe
  2⤵
  PID:7380
- C:\Windows\System\dbMyNyD.exe
  C:\Windows\System\dbMyNyD.exe
  2⤵
  PID:7400
- C:\Windows\System\qIffQfV.exe
  C:\Windows\System\qIffQfV.exe
  2⤵
  PID:7440
- C:\Windows\System\WdIVoUh.exe
  C:\Windows\System\WdIVoUh.exe
  2⤵
  PID:7460
- C:\Windows\System\MHUpybu.exe
  C:\Windows\System\MHUpybu.exe
  2⤵
  PID:7496
- C:\Windows\System\iYErWpp.exe
  C:\Windows\System\iYErWpp.exe
  2⤵
  PID:7524
- C:\Windows\System\KtoSygo.exe
  C:\Windows\System\KtoSygo.exe
  2⤵
  PID:7552
- C:\Windows\System\OsAybVF.exe
  C:\Windows\System\OsAybVF.exe
  2⤵
  PID:7572
- C:\Windows\System\nNdUgsN.exe
  C:\Windows\System\nNdUgsN.exe
  2⤵
  PID:7608
- C:\Windows\System\byAMHaX.exe
  C:\Windows\System\byAMHaX.exe
  2⤵
  PID:7624
- C:\Windows\System\yFwJsbc.exe
  C:\Windows\System\yFwJsbc.exe
  2⤵
  PID:7664
- C:\Windows\System\nnmQkSO.exe
  C:\Windows\System\nnmQkSO.exe
  2⤵
  PID:7692
- C:\Windows\System\ElukjrN.exe
  C:\Windows\System\ElukjrN.exe
  2⤵
  PID:7720
- C:\Windows\System\hZEiBPg.exe
  C:\Windows\System\hZEiBPg.exe
  2⤵
  PID:7740
- C:\Windows\System\zZKEtqH.exe
  C:\Windows\System\zZKEtqH.exe
  2⤵
  PID:7764
- C:\Windows\System\bYovmYq.exe
  C:\Windows\System\bYovmYq.exe
  2⤵
  PID:7784
- C:\Windows\System\qWGFznu.exe
  C:\Windows\System\qWGFznu.exe
  2⤵
  PID:7828
- C:\Windows\System\PdttYAM.exe
  C:\Windows\System\PdttYAM.exe
  2⤵
  PID:7860
- C:\Windows\System\sxWFQcL.exe
  C:\Windows\System\sxWFQcL.exe
  2⤵
  PID:7888
- C:\Windows\System\LRsNGXq.exe
  C:\Windows\System\LRsNGXq.exe
  2⤵
  PID:7916
- C:\Windows\System\MwYDNes.exe
  C:\Windows\System\MwYDNes.exe
  2⤵
  PID:7948
- C:\Windows\System\jfOgSnI.exe
  C:\Windows\System\jfOgSnI.exe
  2⤵
  PID:7964
- C:\Windows\System\eYnHzmd.exe
  C:\Windows\System\eYnHzmd.exe
  2⤵
  PID:8008
- C:\Windows\System\mIgWJOA.exe
  C:\Windows\System\mIgWJOA.exe
  2⤵
  PID:8032
- C:\Windows\System\edgbBhs.exe
  C:\Windows\System\edgbBhs.exe
  2⤵
  PID:8068
- C:\Windows\System\XJgnBcB.exe
  C:\Windows\System\XJgnBcB.exe
  2⤵
  PID:8096
- C:\Windows\System\XBcjfcq.exe
  C:\Windows\System\XBcjfcq.exe
  2⤵
  PID:8124
- C:\Windows\System\dKrQOUj.exe
  C:\Windows\System\dKrQOUj.exe
  2⤵
  PID:8148
- C:\Windows\System\icuQXFS.exe
  C:\Windows\System\icuQXFS.exe
  2⤵
  PID:8184
- C:\Windows\System\sdYqioH.exe
  C:\Windows\System\sdYqioH.exe
  2⤵
  PID:7224
- C:\Windows\System\wkscTzs.exe
  C:\Windows\System\wkscTzs.exe
  2⤵
  PID:7128
- C:\Windows\System\JKsJBXo.exe
  C:\Windows\System\JKsJBXo.exe
  2⤵
  PID:7316
- C:\Windows\System\CVKFnLV.exe
  C:\Windows\System\CVKFnLV.exe
  2⤵
  PID:7388
- C:\Windows\System\eLFHFeq.exe
  C:\Windows\System\eLFHFeq.exe
  2⤵
  PID:7432
- C:\Windows\System\cBdLvhS.exe
  C:\Windows\System\cBdLvhS.exe
  2⤵
  PID:7512
- C:\Windows\System\fKTBqCW.exe
  C:\Windows\System\fKTBqCW.exe
  2⤵
  PID:7580
- C:\Windows\System\RiBXOpw.exe
  C:\Windows\System\RiBXOpw.exe
  2⤵
  PID:7644
- C:\Windows\System\MIPtgFr.exe
  C:\Windows\System\MIPtgFr.exe
  2⤵
  PID:7732
- C:\Windows\System\AskyRwH.exe
  C:\Windows\System\AskyRwH.exe
  2⤵
  PID:7804
- C:\Windows\System\ejaSXrm.exe
  C:\Windows\System\ejaSXrm.exe
  2⤵
  PID:7848
- C:\Windows\System\HHCidKh.exe
  C:\Windows\System\HHCidKh.exe
  2⤵
  PID:7936
- C:\Windows\System\UIUQxSU.exe
  C:\Windows\System\UIUQxSU.exe
  2⤵
  PID:8016
- C:\Windows\System\eFUKllP.exe
  C:\Windows\System\eFUKllP.exe
  2⤵
  PID:8116
- C:\Windows\System\ZeFAppF.exe
  C:\Windows\System\ZeFAppF.exe
  2⤵
  PID:8176
- C:\Windows\System\NxrbeKU.exe
  C:\Windows\System\NxrbeKU.exe
  2⤵
  PID:7368
- C:\Windows\System\pwVrprz.exe
  C:\Windows\System\pwVrprz.exe
  2⤵
  PID:7424
- C:\Windows\System\fvmOUtc.exe
  C:\Windows\System\fvmOUtc.exe
  2⤵
  PID:7652
- C:\Windows\System\vwkXqJI.exe
  C:\Windows\System\vwkXqJI.exe
  2⤵
  PID:7852
- C:\Windows\System\zgTJGtB.exe
  C:\Windows\System\zgTJGtB.exe
  2⤵
  PID:7932
- C:\Windows\System\ewrFEPv.exe
  C:\Windows\System\ewrFEPv.exe
  2⤵
  PID:8164
- C:\Windows\System\XQXwqxz.exe
  C:\Windows\System\XQXwqxz.exe
  2⤵
  PID:7392
- C:\Windows\System\TXWkRnj.exe
  C:\Windows\System\TXWkRnj.exe
  2⤵
  PID:7792
- C:\Windows\System\clDImng.exe
  C:\Windows\System\clDImng.exe
  2⤵
  PID:7240
- C:\Windows\System\gEplVue.exe
  C:\Windows\System\gEplVue.exe
  2⤵
  PID:8240
- C:\Windows\System\ngEEEbl.exe
  C:\Windows\System\ngEEEbl.exe
  2⤵
  PID:8260
- C:\Windows\System\lTpfnGz.exe
  C:\Windows\System\lTpfnGz.exe
  2⤵
  PID:8292
- C:\Windows\System\ziFAzAV.exe
  C:\Windows\System\ziFAzAV.exe
  2⤵
  PID:8316
- C:\Windows\System\egdEwCy.exe
  C:\Windows\System\egdEwCy.exe
  2⤵
  PID:8352
- C:\Windows\System\MTbvSjB.exe
  C:\Windows\System\MTbvSjB.exe
  2⤵
  PID:8372
- C:\Windows\System\iiFMbeG.exe
  C:\Windows\System\iiFMbeG.exe
  2⤵
  PID:8392
- C:\Windows\System\xaLyKvB.exe
  C:\Windows\System\xaLyKvB.exe
  2⤵
  PID:8428
- C:\Windows\System\xBQzuWw.exe
  C:\Windows\System\xBQzuWw.exe
  2⤵
  PID:8468
- C:\Windows\System\GGeIaPM.exe
  C:\Windows\System\GGeIaPM.exe
  2⤵
  PID:8484
- C:\Windows\System\vBkOImn.exe
  C:\Windows\System\vBkOImn.exe
  2⤵
  PID:8516
- C:\Windows\System\YMkGYUp.exe
  C:\Windows\System\YMkGYUp.exe
  2⤵
  PID:8540
- C:\Windows\System\kBVublP.exe
  C:\Windows\System\kBVublP.exe
  2⤵
  PID:8556
- C:\Windows\System\PVAGzAZ.exe
  C:\Windows\System\PVAGzAZ.exe
  2⤵
  PID:8596
- C:\Windows\System\BveKFaV.exe
  C:\Windows\System\BveKFaV.exe
  2⤵
  PID:8636
- C:\Windows\System\CWmvyjQ.exe
  C:\Windows\System\CWmvyjQ.exe
  2⤵
  PID:8664
- C:\Windows\System\VbfKmra.exe
  C:\Windows\System\VbfKmra.exe
  2⤵
  PID:8696
- C:\Windows\System\svMQbBn.exe
  C:\Windows\System\svMQbBn.exe
  2⤵
  PID:8740
- C:\Windows\System\ICVSqcX.exe
  C:\Windows\System\ICVSqcX.exe
  2⤵
  PID:8772
- C:\Windows\System\AdZpuXY.exe
  C:\Windows\System\AdZpuXY.exe
  2⤵
  PID:8804
- C:\Windows\System\admIKIc.exe
  C:\Windows\System\admIKIc.exe
  2⤵
  PID:8832
- C:\Windows\System\SVlROvo.exe
  C:\Windows\System\SVlROvo.exe
  2⤵
  PID:8848
- C:\Windows\System\ffkydqO.exe
  C:\Windows\System\ffkydqO.exe
  2⤵
  PID:8880
- C:\Windows\System\mzNgRYE.exe
  C:\Windows\System\mzNgRYE.exe
  2⤵
  PID:8904
- C:\Windows\System\dOtBTdo.exe
  C:\Windows\System\dOtBTdo.exe
  2⤵
  PID:8944
- C:\Windows\System\WrxOdRu.exe
  C:\Windows\System\WrxOdRu.exe
  2⤵
  PID:8972
- C:\Windows\System\avbXcUC.exe
  C:\Windows\System\avbXcUC.exe
  2⤵
  PID:8996
- C:\Windows\System\DKAjbYM.exe
  C:\Windows\System\DKAjbYM.exe
  2⤵
  PID:9020
- C:\Windows\System\suBxMRn.exe
  C:\Windows\System\suBxMRn.exe
  2⤵
  PID:9060
- C:\Windows\System\xQBKEBE.exe
  C:\Windows\System\xQBKEBE.exe
  2⤵
  PID:9076
- C:\Windows\System\KqHVwCr.exe
  C:\Windows\System\KqHVwCr.exe
  2⤵
  PID:9116
- C:\Windows\System\DpwvGHs.exe
  C:\Windows\System\DpwvGHs.exe
  2⤵
  PID:9140
- C:\Windows\System\MGXAvsv.exe
  C:\Windows\System\MGXAvsv.exe
  2⤵
  PID:9180
- C:\Windows\System\CkyeePQ.exe
  C:\Windows\System\CkyeePQ.exe
  2⤵
  PID:9208
- C:\Windows\System\pMYieqN.exe
  C:\Windows\System\pMYieqN.exe
  2⤵
  PID:7880
- C:\Windows\System\uqzfdAO.exe
  C:\Windows\System\uqzfdAO.exe
  2⤵
  PID:8248
- C:\Windows\System\JfCPEEe.exe
  C:\Windows\System\JfCPEEe.exe
  2⤵
  PID:8304
- C:\Windows\System\atdHAnT.exe
  C:\Windows\System\atdHAnT.exe
  2⤵
  PID:8348
- C:\Windows\System\zzUZiAv.exe
  C:\Windows\System\zzUZiAv.exe
  2⤵
  PID:8444
- C:\Windows\System\mlDIIMh.exe
  C:\Windows\System\mlDIIMh.exe
  2⤵
  PID:8480
- C:\Windows\System\FXpDuKf.exe
  C:\Windows\System\FXpDuKf.exe
  2⤵
  PID:8532
- C:\Windows\System\sfqTGBm.exe
  C:\Windows\System\sfqTGBm.exe
  2⤵
  PID:8612
- C:\Windows\System\ECgXQpP.exe
  C:\Windows\System\ECgXQpP.exe
  2⤵
  PID:8764
- C:\Windows\System\zvYaecP.exe
  C:\Windows\System\zvYaecP.exe
  2⤵
  PID:8824
- C:\Windows\System\TUigpWG.exe
  C:\Windows\System\TUigpWG.exe
  2⤵
  PID:8888
- C:\Windows\System\LvanBfS.exe
  C:\Windows\System\LvanBfS.exe
  2⤵
  PID:8936
- C:\Windows\System\TAEGJji.exe
  C:\Windows\System\TAEGJji.exe
  2⤵
  PID:9004
- C:\Windows\System\PTdMDYh.exe
  C:\Windows\System\PTdMDYh.exe
  2⤵
  PID:9040
- C:\Windows\System\jxoIELr.exe
  C:\Windows\System\jxoIELr.exe
  2⤵
  PID:9152
- C:\Windows\System\YIYJxTE.exe
  C:\Windows\System\YIYJxTE.exe
  2⤵
  PID:9168
- C:\Windows\System\RVnbRTl.exe
  C:\Windows\System\RVnbRTl.exe
  2⤵
  PID:8228
- C:\Windows\System\briNObe.exe
  C:\Windows\System\briNObe.exe
  2⤵
  PID:8420
- C:\Windows\System\CcvWxnT.exe
  C:\Windows\System\CcvWxnT.exe
  2⤵
  PID:8512
- C:\Windows\System\KLHRCFS.exe
  C:\Windows\System\KLHRCFS.exe
  2⤵
  PID:8784
- C:\Windows\System\QvjQlAr.exe
  C:\Windows\System\QvjQlAr.exe
  2⤵
  PID:224
- C:\Windows\System\sDljSgk.exe
  C:\Windows\System\sDljSgk.exe
  2⤵
  PID:9044
- C:\Windows\System\SGsryvE.exe
  C:\Windows\System\SGsryvE.exe
  2⤵
  PID:9088
- C:\Windows\System\jccMyAv.exe
  C:\Windows\System\jccMyAv.exe
  2⤵
  PID:8280
- C:\Windows\System\CEopYVr.exe
  C:\Windows\System\CEopYVr.exe
  2⤵
  PID:8584
- C:\Windows\System\NbYfziK.exe
  C:\Windows\System\NbYfziK.exe
  2⤵
  PID:8928
- C:\Windows\System\QgnxGBb.exe
  C:\Windows\System\QgnxGBb.exe
  2⤵
  PID:4040
- C:\Windows\System\JDCZdHt.exe
  C:\Windows\System\JDCZdHt.exe
  2⤵
  PID:8252
- C:\Windows\System\ObncgJQ.exe
  C:\Windows\System\ObncgJQ.exe
  2⤵
  PID:8064
- C:\Windows\System\KIEHAvL.exe
  C:\Windows\System\KIEHAvL.exe
  2⤵
  PID:9244
- C:\Windows\System\BiABHGF.exe
  C:\Windows\System\BiABHGF.exe
  2⤵
  PID:9292
- C:\Windows\System\iokdzuu.exe
  C:\Windows\System\iokdzuu.exe
  2⤵
  PID:9320
- C:\Windows\System\WEpMibC.exe
  C:\Windows\System\WEpMibC.exe
  2⤵
  PID:9348
- C:\Windows\System\dtJpjJx.exe
  C:\Windows\System\dtJpjJx.exe
  2⤵
  PID:9376
- C:\Windows\System\zcIbndy.exe
  C:\Windows\System\zcIbndy.exe
  2⤵
  PID:9404
- C:\Windows\System\uaaPbZI.exe
  C:\Windows\System\uaaPbZI.exe
  2⤵
  PID:9432
- C:\Windows\System\uRabaBT.exe
  C:\Windows\System\uRabaBT.exe
  2⤵
  PID:9456
- C:\Windows\System\ucYqNvB.exe
  C:\Windows\System\ucYqNvB.exe
  2⤵
  PID:9492
- C:\Windows\System\RlqJWCS.exe
  C:\Windows\System\RlqJWCS.exe
  2⤵
  PID:9508
- C:\Windows\System\zQPWqwa.exe
  C:\Windows\System\zQPWqwa.exe
  2⤵
  PID:9536
- C:\Windows\System\SsGuUqE.exe
  C:\Windows\System\SsGuUqE.exe
  2⤵
  PID:9572
- C:\Windows\System\xqKStaL.exe
  C:\Windows\System\xqKStaL.exe
  2⤵
  PID:9592
- C:\Windows\System\uulIpnI.exe
  C:\Windows\System\uulIpnI.exe
  2⤵
  PID:9620
- C:\Windows\System\PbyHQXW.exe
  C:\Windows\System\PbyHQXW.exe
  2⤵
  PID:9648
- C:\Windows\System\FoyOyzN.exe
  C:\Windows\System\FoyOyzN.exe
  2⤵
  PID:9680
- C:\Windows\System\bhgWbts.exe
  C:\Windows\System\bhgWbts.exe
  2⤵
  PID:9716
- C:\Windows\System\VnTZAtq.exe
  C:\Windows\System\VnTZAtq.exe
  2⤵
  PID:9744
- C:\Windows\System\vfJhzuF.exe
  C:\Windows\System\vfJhzuF.exe
  2⤵
  PID:9772
- C:\Windows\System\pnxMGdH.exe
  C:\Windows\System\pnxMGdH.exe
  2⤵
  PID:9800
- C:\Windows\System\nmqybyX.exe
  C:\Windows\System\nmqybyX.exe
  2⤵
  PID:9828
- C:\Windows\System\kffMCIS.exe
  C:\Windows\System\kffMCIS.exe
  2⤵
  PID:9844
- C:\Windows\System\BSurzzJ.exe
  C:\Windows\System\BSurzzJ.exe
  2⤵
  PID:9884
- C:\Windows\System\zRPcRTZ.exe
  C:\Windows\System\zRPcRTZ.exe
  2⤵
  PID:9904
- C:\Windows\System\viURBoZ.exe
  C:\Windows\System\viURBoZ.exe
  2⤵
  PID:9940
- C:\Windows\System\ZidmTfc.exe
  C:\Windows\System\ZidmTfc.exe
  2⤵
  PID:9968
- C:\Windows\System\anyrNLR.exe
  C:\Windows\System\anyrNLR.exe
  2⤵
  PID:9996
- C:\Windows\System\bhBjrjw.exe
  C:\Windows\System\bhBjrjw.exe
  2⤵
  PID:10024
- C:\Windows\System\JpDISYt.exe
  C:\Windows\System\JpDISYt.exe
  2⤵
  PID:10052
- C:\Windows\System\wnxdwIw.exe
  C:\Windows\System\wnxdwIw.exe
  2⤵
  PID:10080
- C:\Windows\System\QKTAxbP.exe
  C:\Windows\System\QKTAxbP.exe
  2⤵
  PID:10124
- C:\Windows\System\YmfIolc.exe
  C:\Windows\System\YmfIolc.exe
  2⤵
  PID:10144
- C:\Windows\System\YGAREZW.exe
  C:\Windows\System\YGAREZW.exe
  2⤵
  PID:10172
- C:\Windows\System\cXmDyRz.exe
  C:\Windows\System\cXmDyRz.exe
  2⤵
  PID:10188
- C:\Windows\System\LyHZtQa.exe
  C:\Windows\System\LyHZtQa.exe
  2⤵
  PID:10216
- C:\Windows\System\YFMHwRs.exe
  C:\Windows\System\YFMHwRs.exe
  2⤵
  PID:9240
- C:\Windows\System\bVYdMGJ.exe
  C:\Windows\System\bVYdMGJ.exe
  2⤵
  PID:9284
- C:\Windows\System\paPETOI.exe
  C:\Windows\System\paPETOI.exe
  2⤵
  PID:9336
- C:\Windows\System\HmeZZZk.exe
  C:\Windows\System\HmeZZZk.exe
  2⤵
  PID:9396
- C:\Windows\System\mznNclf.exe
  C:\Windows\System\mznNclf.exe
  2⤵
  PID:9468
- C:\Windows\System\gDFsdtp.exe
  C:\Windows\System\gDFsdtp.exe
  2⤵
  PID:9528
- C:\Windows\System\jcsiWgq.exe
  C:\Windows\System\jcsiWgq.exe
  2⤵
  PID:9612
- C:\Windows\System\dUVVCKv.exe
  C:\Windows\System\dUVVCKv.exe
  2⤵
  PID:9660
- C:\Windows\System\TuECksj.exe
  C:\Windows\System\TuECksj.exe
  2⤵
  PID:9740
- C:\Windows\System\QsgmRxJ.exe
  C:\Windows\System\QsgmRxJ.exe
  2⤵
  PID:9768
- C:\Windows\System\OejGWQJ.exe
  C:\Windows\System\OejGWQJ.exe
  2⤵
  PID:9836
- C:\Windows\System\DhvMond.exe
  C:\Windows\System\DhvMond.exe
  2⤵
  PID:9900
- C:\Windows\System\rsCuTdS.exe
  C:\Windows\System\rsCuTdS.exe
  2⤵
  PID:9980
- C:\Windows\System\uUEysKc.exe
  C:\Windows\System\uUEysKc.exe
  2⤵
  PID:844
- C:\Windows\System\zssGQNX.exe
  C:\Windows\System\zssGQNX.exe
  2⤵
  PID:10076
- C:\Windows\System\ZlSssCg.exe
  C:\Windows\System\ZlSssCg.exe
  2⤵
  PID:10168
- C:\Windows\System\vKjaiJJ.exe
  C:\Windows\System\vKjaiJJ.exe
  2⤵
  PID:10200
- C:\Windows\System\DOoHCAG.exe
  C:\Windows\System\DOoHCAG.exe
  2⤵
  PID:3612
- C:\Windows\System\XNittWk.exe
  C:\Windows\System\XNittWk.exe
  2⤵
  PID:9444
- C:\Windows\System\kaeNhfi.exe
  C:\Windows\System\kaeNhfi.exe
  2⤵
  PID:9504
- C:\Windows\System\GODbkfA.exe
  C:\Windows\System\GODbkfA.exe
  2⤵
  PID:9700
- C:\Windows\System\qGEFAgR.exe
  C:\Windows\System\qGEFAgR.exe
  2⤵
  PID:9820
- C:\Windows\System\NScaabq.exe
  C:\Windows\System\NScaabq.exe
  2⤵
  PID:9992
- C:\Windows\System\gkIMSXm.exe
  C:\Windows\System\gkIMSXm.exe
  2⤵
  PID:10132
- C:\Windows\System\fxUlMqg.exe
  C:\Windows\System\fxUlMqg.exe
  2⤵
  PID:10184
- C:\Windows\System\sgSYLWT.exe
  C:\Windows\System\sgSYLWT.exe
  2⤵
  PID:9520
- C:\Windows\System\RpuChlR.exe
  C:\Windows\System\RpuChlR.exe
  2⤵
  PID:9924
- C:\Windows\System\WCkTMed.exe
  C:\Windows\System\WCkTMed.exe
  2⤵
  PID:9360
- C:\Windows\System\pdWfSgM.exe
  C:\Windows\System\pdWfSgM.exe
  2⤵
  PID:3556
- C:\Windows\System\fPSvypA.exe
  C:\Windows\System\fPSvypA.exe
  2⤵
  PID:9588
- C:\Windows\System\ueSokHk.exe
  C:\Windows\System\ueSokHk.exe
  2⤵
  PID:10264
- C:\Windows\System\dkpKYqe.exe
  C:\Windows\System\dkpKYqe.exe
  2⤵
  PID:10300
- C:\Windows\System\CFspKKu.exe
  C:\Windows\System\CFspKKu.exe
  2⤵
  PID:10332
- C:\Windows\System\YlTdKNt.exe
  C:\Windows\System\YlTdKNt.exe
  2⤵
  PID:10360
- C:\Windows\System\HRiKXfT.exe
  C:\Windows\System\HRiKXfT.exe
  2⤵
  PID:10388
- C:\Windows\System\rZVLcms.exe
  C:\Windows\System\rZVLcms.exe
  2⤵
  PID:10416
- C:\Windows\System\Pdusrct.exe
  C:\Windows\System\Pdusrct.exe
  2⤵
  PID:10432
- C:\Windows\System\pKhnJVS.exe
  C:\Windows\System\pKhnJVS.exe
  2⤵
  PID:10448
- C:\Windows\System\dDeWFzP.exe
  C:\Windows\System\dDeWFzP.exe
  2⤵
  PID:10488
- C:\Windows\System\AIdTUuL.exe
  C:\Windows\System\AIdTUuL.exe
  2⤵
  PID:10528
- C:\Windows\System\vGUwdtb.exe
  C:\Windows\System\vGUwdtb.exe
  2⤵
  PID:10544
- C:\Windows\System\fOgqVLZ.exe
  C:\Windows\System\fOgqVLZ.exe
  2⤵
  PID:10572
- C:\Windows\System\XIOKneT.exe
  C:\Windows\System\XIOKneT.exe
  2⤵
  PID:10592
- C:\Windows\System\ZFfFpMm.exe
  C:\Windows\System\ZFfFpMm.exe
  2⤵
  PID:10640
- C:\Windows\System\JbEStdR.exe
  C:\Windows\System\JbEStdR.exe
  2⤵
  PID:10668
- C:\Windows\System\WMZrkCV.exe
  C:\Windows\System\WMZrkCV.exe
  2⤵
  PID:10696
- C:\Windows\System\htRjoXW.exe
  C:\Windows\System\htRjoXW.exe
  2⤵
  PID:10724
- C:\Windows\System\qmchFcj.exe
  C:\Windows\System\qmchFcj.exe
  2⤵
  PID:10740
- C:\Windows\System\cVtDGnk.exe
  C:\Windows\System\cVtDGnk.exe
  2⤵
  PID:10768
- C:\Windows\System\FqxWmMx.exe
  C:\Windows\System\FqxWmMx.exe
  2⤵
  PID:10808
- C:\Windows\System\MKTyGSd.exe
  C:\Windows\System\MKTyGSd.exe
  2⤵
  PID:10836
- C:\Windows\System\mGfhGQA.exe
  C:\Windows\System\mGfhGQA.exe
  2⤵
  PID:10864
- C:\Windows\System\NpQNTEE.exe
  C:\Windows\System\NpQNTEE.exe
  2⤵
  PID:10892
- C:\Windows\System\eJmLclX.exe
  C:\Windows\System\eJmLclX.exe
  2⤵
  PID:10908
- C:\Windows\System\xHyruRv.exe
  C:\Windows\System\xHyruRv.exe
  2⤵
  PID:10948
- C:\Windows\System\bKBjPin.exe
  C:\Windows\System\bKBjPin.exe
  2⤵
  PID:10976
- C:\Windows\System\EoXxvcb.exe
  C:\Windows\System\EoXxvcb.exe
  2⤵
  PID:11004
- C:\Windows\System\MpRtrlC.exe
  C:\Windows\System\MpRtrlC.exe
  2⤵
  PID:11032
- C:\Windows\System\mbofVhX.exe
  C:\Windows\System\mbofVhX.exe
  2⤵
  PID:11052
- C:\Windows\System\qdtLSwk.exe
  C:\Windows\System\qdtLSwk.exe
  2⤵
  PID:11076
- C:\Windows\System\srhHHcg.exe
  C:\Windows\System\srhHHcg.exe
  2⤵
  PID:11100
- C:\Windows\System\EzTMvay.exe
  C:\Windows\System\EzTMvay.exe
  2⤵
  PID:11124
- C:\Windows\System\umiukGp.exe
  C:\Windows\System\umiukGp.exe
  2⤵
  PID:11160
- C:\Windows\System\UydzqOo.exe
  C:\Windows\System\UydzqOo.exe
  2⤵
  PID:11188
- C:\Windows\System\xeXCetZ.exe
  C:\Windows\System\xeXCetZ.exe
  2⤵
  PID:11204
- C:\Windows\System\QTKjSFv.exe
  C:\Windows\System\QTKjSFv.exe
  2⤵
  PID:11232
- C:\Windows\System\QhDCyTw.exe
  C:\Windows\System\QhDCyTw.exe
  2⤵
  PID:11256
- C:\Windows\System\jSKoCkk.exe
  C:\Windows\System\jSKoCkk.exe
  2⤵
  PID:10276
- C:\Windows\System\NNfcRSC.exe
  C:\Windows\System\NNfcRSC.exe
  2⤵
  PID:10384
- C:\Windows\System\tpWNLjP.exe
  C:\Windows\System\tpWNLjP.exe
  2⤵
  PID:10444
- C:\Windows\System\izAZXOt.exe
  C:\Windows\System\izAZXOt.exe
  2⤵
  PID:10460
- C:\Windows\System\PPjaaUt.exe
  C:\Windows\System\PPjaaUt.exe
  2⤵
  PID:10536
- C:\Windows\System\oDELJBQ.exe
  C:\Windows\System\oDELJBQ.exe
  2⤵
  PID:10588
- C:\Windows\System\iLqBurH.exe
  C:\Windows\System\iLqBurH.exe
  2⤵
  PID:10692
- C:\Windows\System\EYzULpB.exe
  C:\Windows\System\EYzULpB.exe
  2⤵
  PID:4496
- C:\Windows\System\nDEnvlx.exe
  C:\Windows\System\nDEnvlx.exe
  2⤵
  PID:10820
- C:\Windows\System\bhCNAzN.exe
  C:\Windows\System\bhCNAzN.exe
  2⤵
  PID:10932
- C:\Windows\System\RNPVJtU.exe
  C:\Windows\System\RNPVJtU.exe
  2⤵
  PID:10988
- C:\Windows\System\cWAHFjT.exe
  C:\Windows\System\cWAHFjT.exe
  2⤵
  PID:11068
- C:\Windows\System\rVOlKiM.exe
  C:\Windows\System\rVOlKiM.exe
  2⤵
  PID:11084
- C:\Windows\System\PorxBow.exe
  C:\Windows\System\PorxBow.exe
  2⤵
  PID:11180
- C:\Windows\System\BDcJgUC.exe
  C:\Windows\System\BDcJgUC.exe
  2⤵
  PID:11224
- C:\Windows\System\CqgGyPi.exe
  C:\Windows\System\CqgGyPi.exe
  2⤵
  PID:10252
- C:\Windows\System\kYwHPcE.exe
  C:\Windows\System\kYwHPcE.exe
  2⤵
  PID:3564
- C:\Windows\System\KzxKeWt.exe
  C:\Windows\System\KzxKeWt.exe
  2⤵
  PID:10524
- C:\Windows\System\fBKUaqc.exe
  C:\Windows\System\fBKUaqc.exe
  2⤵
  PID:10612
- C:\Windows\System\ApaJQjm.exe
  C:\Windows\System\ApaJQjm.exe
  2⤵
  PID:10660
- C:\Windows\System\EGmYupQ.exe
  C:\Windows\System\EGmYupQ.exe
  2⤵
  PID:10900
- C:\Windows\System\OaMdsSW.exe
  C:\Windows\System\OaMdsSW.exe
  2⤵
  PID:11016
- C:\Windows\System\zMXkOnM.exe
  C:\Windows\System\zMXkOnM.exe
  2⤵
  PID:11120
- C:\Windows\System\hmtAQjc.exe
  C:\Windows\System\hmtAQjc.exe
  2⤵
  PID:9232
- C:\Windows\System\pNFXPoe.exe
  C:\Windows\System\pNFXPoe.exe
  2⤵
  PID:10732
- C:\Windows\System\RCjUSQx.exe
  C:\Windows\System\RCjUSQx.exe
  2⤵
  PID:11064
- C:\Windows\System\qmfARxb.exe
  C:\Windows\System\qmfARxb.exe
  2⤵
  PID:10064
- C:\Windows\System\IsNWAwb.exe
  C:\Windows\System\IsNWAwb.exe
  2⤵
  PID:10636
- C:\Windows\System\VpAxZlS.exe
  C:\Windows\System\VpAxZlS.exe
  2⤵
  PID:11276
- C:\Windows\System\kNPIPsf.exe
  C:\Windows\System\kNPIPsf.exe
  2⤵
  PID:11304
- C:\Windows\System\Dbeczmp.exe
  C:\Windows\System\Dbeczmp.exe
  2⤵
  PID:11340
- C:\Windows\System\tmJenWy.exe
  C:\Windows\System\tmJenWy.exe
  2⤵
  PID:11368
- C:\Windows\System\SbjsaZf.exe
  C:\Windows\System\SbjsaZf.exe
  2⤵
  PID:11388
- C:\Windows\System\MMjAwrN.exe
  C:\Windows\System\MMjAwrN.exe
  2⤵
  PID:11416
- C:\Windows\System\zkqdZRU.exe
  C:\Windows\System\zkqdZRU.exe
  2⤵
  PID:11456
- C:\Windows\System\KrzuKbw.exe
  C:\Windows\System\KrzuKbw.exe
  2⤵
  PID:11484
- C:\Windows\System\yWJUdoQ.exe
  C:\Windows\System\yWJUdoQ.exe
  2⤵
  PID:11512
- C:\Windows\System\MxNDeVX.exe
  C:\Windows\System\MxNDeVX.exe
  2⤵
  PID:11528
- C:\Windows\System\RIJQDlX.exe
  C:\Windows\System\RIJQDlX.exe
  2⤵
  PID:11568
- C:\Windows\System\ueKVbEU.exe
  C:\Windows\System\ueKVbEU.exe
  2⤵
  PID:11592
- C:\Windows\System\eDbbLXu.exe
  C:\Windows\System\eDbbLXu.exe
  2⤵
  PID:11624
- C:\Windows\System\iEDgTYk.exe
  C:\Windows\System\iEDgTYk.exe
  2⤵
  PID:11652
- C:\Windows\System\YbWAiEE.exe
  C:\Windows\System\YbWAiEE.exe
  2⤵
  PID:11668
- C:\Windows\System\COhbTJB.exe
  C:\Windows\System\COhbTJB.exe
  2⤵
  PID:11696
- C:\Windows\System\qvUMGJt.exe
  C:\Windows\System\qvUMGJt.exe
  2⤵
  PID:11744
- C:\Windows\System\SbtYLEf.exe
  C:\Windows\System\SbtYLEf.exe
  2⤵
  PID:11768
- C:\Windows\System\NspkYfe.exe
  C:\Windows\System\NspkYfe.exe
  2⤵
  PID:11792
- C:\Windows\System\XtYJvai.exe
  C:\Windows\System\XtYJvai.exe
  2⤵
  PID:11816
- C:\Windows\System\WfXhdfl.exe
  C:\Windows\System\WfXhdfl.exe
  2⤵
  PID:11844
- C:\Windows\System\qPuSARr.exe
  C:\Windows\System\qPuSARr.exe
  2⤵
  PID:11872
- C:\Windows\System\kInfRIf.exe
  C:\Windows\System\kInfRIf.exe
  2⤵
  PID:11900
- C:\Windows\System\HLMnMot.exe
  C:\Windows\System\HLMnMot.exe
  2⤵
  PID:11928
- C:\Windows\System\cPJvzlh.exe
  C:\Windows\System\cPJvzlh.exe
  2⤵
  PID:11968
- C:\Windows\System\jiswfKo.exe
  C:\Windows\System\jiswfKo.exe
  2⤵
  PID:11996
- C:\Windows\System\fwAYHti.exe
  C:\Windows\System\fwAYHti.exe
  2⤵
  PID:12024
- C:\Windows\System\noPVaED.exe
  C:\Windows\System\noPVaED.exe
  2⤵
  PID:12048
- C:\Windows\System\rQOrwrC.exe
  C:\Windows\System\rQOrwrC.exe
  2⤵
  PID:12068
- C:\Windows\System\AGkoovA.exe
  C:\Windows\System\AGkoovA.exe
  2⤵
  PID:12096
- C:\Windows\System\SFuXmVQ.exe
  C:\Windows\System\SFuXmVQ.exe
  2⤵
  PID:12136
- C:\Windows\System\cbYPJPc.exe
  C:\Windows\System\cbYPJPc.exe
  2⤵
  PID:12164
- C:\Windows\System\SoBUJjm.exe
  C:\Windows\System\SoBUJjm.exe
  2⤵
  PID:12196
- C:\Windows\System\sjtdBng.exe
  C:\Windows\System\sjtdBng.exe
  2⤵
  PID:12224
- C:\Windows\System\lOKzrYM.exe
  C:\Windows\System\lOKzrYM.exe
  2⤵
  PID:12240
- C:\Windows\System\ywzBvBG.exe
  C:\Windows\System\ywzBvBG.exe
  2⤵
  PID:12268
- C:\Windows\System\WXmctuN.exe
  C:\Windows\System\WXmctuN.exe
  2⤵
  PID:11148
- C:\Windows\System\BMBGsrY.exe
  C:\Windows\System\BMBGsrY.exe
  2⤵
  PID:11360
- C:\Windows\System\kbekuke.exe
  C:\Windows\System\kbekuke.exe
  2⤵
  PID:11380
- C:\Windows\System\SZSSsQb.exe
  C:\Windows\System\SZSSsQb.exe
  2⤵
  PID:11480
- C:\Windows\System\qxdyMiS.exe
  C:\Windows\System\qxdyMiS.exe
  2⤵
  PID:11548
- C:\Windows\System\zUYEOAw.exe
  C:\Windows\System\zUYEOAw.exe
  2⤵
  PID:11616
- C:\Windows\System\UYdHZxg.exe
  C:\Windows\System\UYdHZxg.exe
  2⤵
  PID:11636
- C:\Windows\System\VWLYczS.exe
  C:\Windows\System\VWLYczS.exe
  2⤵
  PID:11716
- C:\Windows\System\tRUebee.exe
  C:\Windows\System\tRUebee.exe
  2⤵
  PID:11808
- C:\Windows\System\QVgLHSM.exe
  C:\Windows\System\QVgLHSM.exe
  2⤵
  PID:11860
- C:\Windows\System\GKSNIPe.exe
  C:\Windows\System\GKSNIPe.exe
  2⤵
  PID:11956
- C:\Windows\System\xWbvOly.exe
  C:\Windows\System\xWbvOly.exe
  2⤵
  PID:11992
- C:\Windows\System\BHPmuVk.exe
  C:\Windows\System\BHPmuVk.exe
  2⤵
  PID:12092
- C:\Windows\System\TSDCQCX.exe
  C:\Windows\System\TSDCQCX.exe
  2⤵
  PID:12132
- C:\Windows\System\mmJBdta.exe
  C:\Windows\System\mmJBdta.exe
  2⤵
  PID:12188
- C:\Windows\System\cwebnKu.exe
  C:\Windows\System\cwebnKu.exe
  2⤵
  PID:12256
- C:\Windows\System\zHTRvKw.exe
  C:\Windows\System\zHTRvKw.exe
  2⤵
  PID:11384
- C:\Windows\System\CywUqta.exe
  C:\Windows\System\CywUqta.exe
  2⤵
  PID:11448
- C:\Windows\System\CwHMgHR.exe
  C:\Windows\System\CwHMgHR.exe
  2⤵
  PID:11644
- C:\Windows\System\rideVbj.exe
  C:\Windows\System\rideVbj.exe
  2⤵
  PID:11836
- C:\Windows\System\CppLrwi.exe
  C:\Windows\System\CppLrwi.exe
  2⤵
  PID:11896
- C:\Windows\System\pCHvEoq.exe
  C:\Windows\System\pCHvEoq.exe
  2⤵
  PID:12080
- C:\Windows\System\SFMLjoQ.exe
  C:\Windows\System\SFMLjoQ.exe
  2⤵
  PID:12216
- C:\Windows\System\vboHAbR.exe
  C:\Windows\System\vboHAbR.exe
  2⤵
  PID:11468
- C:\Windows\System\vsbwLQx.exe
  C:\Windows\System\vsbwLQx.exe
  2⤵
  PID:11828
- C:\Windows\System\NIRJRLE.exe
  C:\Windows\System\NIRJRLE.exe
  2⤵
  PID:12160
- C:\Windows\System\MawuBfn.exe
  C:\Windows\System\MawuBfn.exe
  2⤵
  PID:11984
- C:\Windows\System\KcKfWdt.exe
  C:\Windows\System\KcKfWdt.exe
  2⤵
  PID:11292
- C:\Windows\System\NwFgQtt.exe
  C:\Windows\System\NwFgQtt.exe
  2⤵
  PID:12308
- C:\Windows\System\hWVgEzC.exe
  C:\Windows\System\hWVgEzC.exe
  2⤵
  PID:12336
- C:\Windows\System\nkGiHbh.exe
  C:\Windows\System\nkGiHbh.exe
  2⤵
  PID:12364
- C:\Windows\System\mHjcHAf.exe
  C:\Windows\System\mHjcHAf.exe
  2⤵
  PID:12384
- C:\Windows\System\gCtDRNn.exe
  C:\Windows\System\gCtDRNn.exe
  2⤵
  PID:12412
- C:\Windows\System\nNeonmq.exe
  C:\Windows\System\nNeonmq.exe
  2⤵
  PID:12440
- C:\Windows\System\IySEKXB.exe
  C:\Windows\System\IySEKXB.exe
  2⤵
  PID:12476
- C:\Windows\System\sRWtFPg.exe
  C:\Windows\System\sRWtFPg.exe
  2⤵
  PID:12504
- C:\Windows\System\BmvrsOF.exe
  C:\Windows\System\BmvrsOF.exe
  2⤵
  PID:12532
- C:\Windows\System\rErnXru.exe
  C:\Windows\System\rErnXru.exe
  2⤵
  PID:12548
- C:\Windows\System\UgvCQvI.exe
  C:\Windows\System\UgvCQvI.exe
  2⤵
  PID:12576
- C:\Windows\System\wEmmXTf.exe
  C:\Windows\System\wEmmXTf.exe
  2⤵
  PID:12604
- C:\Windows\System\xFPbhBF.exe
  C:\Windows\System\xFPbhBF.exe
  2⤵
  PID:12632
- C:\Windows\System\HififCW.exe
  C:\Windows\System\HififCW.exe
  2⤵
  PID:12648
- C:\Windows\System\AqTPVxV.exe
  C:\Windows\System\AqTPVxV.exe
  2⤵
  PID:12696
- C:\Windows\System\YVCzRTY.exe
  C:\Windows\System\YVCzRTY.exe
  2⤵
  PID:12728
- C:\Windows\System\nhyqinT.exe
  C:\Windows\System\nhyqinT.exe
  2⤵
  PID:12756
- C:\Windows\System\aJNVtjY.exe
  C:\Windows\System\aJNVtjY.exe
  2⤵
  PID:12780
- C:\Windows\System\xsUaFeE.exe
  C:\Windows\System\xsUaFeE.exe
  2⤵
  PID:12812
- C:\Windows\System\IhzEtUt.exe
  C:\Windows\System\IhzEtUt.exe
  2⤵
  PID:12844
- C:\Windows\System\coHmFME.exe
  C:\Windows\System\coHmFME.exe
  2⤵
  PID:12872
- C:\Windows\System\RcmBkea.exe
  C:\Windows\System\RcmBkea.exe
  2⤵
  PID:12900
- C:\Windows\System\AnVTOqJ.exe
  C:\Windows\System\AnVTOqJ.exe
  2⤵
  PID:12928
- C:\Windows\System\lBoGMWs.exe
  C:\Windows\System\lBoGMWs.exe
  2⤵
  PID:12956
- C:\Windows\System\uCDZWAr.exe
  C:\Windows\System\uCDZWAr.exe
  2⤵
  PID:12972
- C:\Windows\System\cxRhszT.exe
  C:\Windows\System\cxRhszT.exe
  2⤵
  PID:13000
- C:\Windows\System\PQAPmme.exe
  C:\Windows\System\PQAPmme.exe
  2⤵
  PID:13028
- C:\Windows\System\uZRpwVZ.exe
  C:\Windows\System\uZRpwVZ.exe
  2⤵
  PID:13056
- C:\Windows\System\KHrByAm.exe
  C:\Windows\System\KHrByAm.exe
  2⤵
  PID:13084
- C:\Windows\System\gUhMwOg.exe
  C:\Windows\System\gUhMwOg.exe
  2⤵
  PID:13124
- C:\Windows\System\jaIwOWP.exe
  C:\Windows\System\jaIwOWP.exe
  2⤵
  PID:13152
- C:\Windows\System\XfrAVcC.exe
  C:\Windows\System\XfrAVcC.exe
  2⤵
  PID:13168
- C:\Windows\System\FIzokxr.exe
  C:\Windows\System\FIzokxr.exe
  2⤵
  PID:13200
- C:\Windows\System\KEkmpYs.exe
  C:\Windows\System\KEkmpYs.exe
  2⤵
  PID:13224
- C:\Windows\System\kADXmHC.exe
  C:\Windows\System\kADXmHC.exe
  2⤵
  PID:13248
- C:\Windows\System\eEfBEGB.exe
  C:\Windows\System\eEfBEGB.exe
  2⤵
  PID:13276
- C:\Windows\System\bUyhXqM.exe
  C:\Windows\System\bUyhXqM.exe
  2⤵
  PID:13296
- C:\Windows\System\FKQXGsr.exe
  C:\Windows\System\FKQXGsr.exe
  2⤵
  PID:12392
- C:\Windows\System\PZrcVYv.exe
  C:\Windows\System\PZrcVYv.exe
  2⤵
  PID:12428
- C:\Windows\System\qoWDDfW.exe
  C:\Windows\System\qoWDDfW.exe
  2⤵
  PID:12468
- C:\Windows\System\JYilxYy.exe
  C:\Windows\System\JYilxYy.exe
  2⤵
  PID:12516
- C:\Windows\System\lBTnEuZ.exe
  C:\Windows\System\lBTnEuZ.exe
  2⤵
  PID:12588
- C:\Windows\System\fXOBjTZ.exe
  C:\Windows\System\fXOBjTZ.exe
  2⤵
  PID:12616
- C:\Windows\System\sEeRiUG.exe
  C:\Windows\System\sEeRiUG.exe
  2⤵
  PID:12740
- C:\Windows\System\mDkfkkB.exe
  C:\Windows\System\mDkfkkB.exe
  2⤵
  PID:12824
- C:\Windows\System\qLYMtor.exe
  C:\Windows\System\qLYMtor.exe
  2⤵
  PID:12888
- C:\Windows\System\KXdyDah.exe
  C:\Windows\System\KXdyDah.exe
  2⤵
  PID:12952
- C:\Windows\System\PQnXhHN.exe
  C:\Windows\System\PQnXhHN.exe
  2⤵
  PID:12984
- C:\Windows\System\sTKWppP.exe
  C:\Windows\System\sTKWppP.exe
  2⤵
  PID:13080
- C:\Windows\System\kQiIcCZ.exe
  C:\Windows\System\kQiIcCZ.exe
  2⤵
  PID:13136
- C:\Windows\System\NfwxVKt.exe
  C:\Windows\System\NfwxVKt.exe
  2⤵
  PID:13208
- C:\Windows\System\NdMthHU.exe
  C:\Windows\System\NdMthHU.exe
  2⤵
  PID:13236
- C:\Windows\System\BiMYPaB.exe
  C:\Windows\System\BiMYPaB.exe
  2⤵
  PID:12356
- C:\Windows\System\yMhJtou.exe
  C:\Windows\System\yMhJtou.exe
  2⤵
  PID:12500
- C:\Windows\System\UHkNASb.exe
  C:\Windows\System\UHkNASb.exe
  2⤵
  PID:12724
- C:\Windows\System\PBWjJsT.exe
  C:\Windows\System\PBWjJsT.exe
  2⤵
  PID:12796
- C:\Windows\System\kHaFwTv.exe
  C:\Windows\System\kHaFwTv.exe
  2⤵
  PID:12940
- C:\Windows\System\mHmiJIP.exe
  C:\Windows\System\mHmiJIP.exe
  2⤵
  PID:13072
- C:\Windows\System\HFgpzlU.exe
  C:\Windows\System\HFgpzlU.exe
  2⤵
  PID:13160
- C:\Windows\System\kMnbMRo.exe
  C:\Windows\System\kMnbMRo.exe
  2⤵
  PID:12300
- C:\Windows\System\vfYWYGW.exe
  C:\Windows\System\vfYWYGW.exe
  2⤵
  PID:12564
- C:\Windows\System\mFFJmOU.exe
  C:\Windows\System\mFFJmOU.exe
  2⤵
  PID:12788
- C:\Windows\System\cBAiBHt.exe
  C:\Windows\System\cBAiBHt.exe
  2⤵
  PID:12916
- C:\Windows\System\hWYjeyf.exe
  C:\Windows\System\hWYjeyf.exe
  2⤵
  PID:13244
- C:\Windows\System\eJDFJJU.exe
  C:\Windows\System\eJDFJJU.exe
  2⤵
  PID:12864
- C:\Windows\System\gYIBGln.exe
  C:\Windows\System\gYIBGln.exe
  2⤵
  PID:12828
- C:\Windows\System\rLlrlEo.exe
  C:\Windows\System\rLlrlEo.exe
  2⤵
  PID:13332
- C:\Windows\System\FNMPoUl.exe
  C:\Windows\System\FNMPoUl.exe
  2⤵
  PID:13364
- C:\Windows\System\oJWvYoY.exe
  C:\Windows\System\oJWvYoY.exe
  2⤵
  PID:13396
- C:\Windows\System\psifQhy.exe
  C:\Windows\System\psifQhy.exe
  2⤵
  PID:13412
- C:\Windows\System\UYHMPTa.exe
  C:\Windows\System\UYHMPTa.exe
  2⤵
  PID:13448
- C:\Windows\System\KNGkAUE.exe
  C:\Windows\System\KNGkAUE.exe
  2⤵
  PID:13468
- C:\Windows\System\ghiunoR.exe
  C:\Windows\System\ghiunoR.exe
  2⤵
  PID:13520
- C:\Windows\System\gfncmMF.exe
  C:\Windows\System\gfncmMF.exe
  2⤵
  PID:13548
- C:\Windows\System\fmvbgZd.exe
  C:\Windows\System\fmvbgZd.exe
  2⤵
  PID:13576
- C:\Windows\System\NKdXnFH.exe
  C:\Windows\System\NKdXnFH.exe
  2⤵
  PID:13604
- C:\Windows\System\HnjVsol.exe
  C:\Windows\System\HnjVsol.exe
  2⤵
  PID:13632
- C:\Windows\System\xoZbCMV.exe
  C:\Windows\System\xoZbCMV.exe
  2⤵
  PID:13660
- C:\Windows\System\bGXekUL.exe
  C:\Windows\System\bGXekUL.exe
  2⤵
  PID:13676
- C:\Windows\System\aGVyiVz.exe
  C:\Windows\System\aGVyiVz.exe
  2⤵
  PID:13704
- C:\Windows\System\sumgwlM.exe
  C:\Windows\System\sumgwlM.exe
  2⤵
  PID:13732
- C:\Windows\System\VvAbnQC.exe
  C:\Windows\System\VvAbnQC.exe
  2⤵
  PID:13772
- C:\Windows\System\ynTMwaR.exe
  C:\Windows\System\ynTMwaR.exe
  2⤵
  PID:13800
- C:\Windows\System\UgTSIUa.exe
  C:\Windows\System\UgTSIUa.exe
  2⤵
  PID:13828
- C:\Windows\System\mFGkRMD.exe
  C:\Windows\System\mFGkRMD.exe
  2⤵
  PID:13856
- C:\Windows\System\QjoTSTw.exe
  C:\Windows\System\QjoTSTw.exe
  2⤵
  PID:13884
- C:\Windows\System\LWClTKE.exe
  C:\Windows\System\LWClTKE.exe
  2⤵
  PID:13904
- C:\Windows\System\jxWYLxh.exe
  C:\Windows\System\jxWYLxh.exe
  2⤵
  PID:13940
- C:\Windows\System\RSXzgrI.exe
  C:\Windows\System\RSXzgrI.exe
  2⤵
  PID:13968
- C:\Windows\System\kcWeFGH.exe
  C:\Windows\System\kcWeFGH.exe
  2⤵
  PID:13996
- C:\Windows\System\YTLdbra.exe
  C:\Windows\System\YTLdbra.exe
  2⤵
  PID:14024
- C:\Windows\System\YWcuTkI.exe
  C:\Windows\System\YWcuTkI.exe
  2⤵
  PID:14052
- C:\Windows\System\zvkzxbT.exe
  C:\Windows\System\zvkzxbT.exe
  2⤵
  PID:14076
- C:\Windows\System\uzksHKP.exe
  C:\Windows\System\uzksHKP.exe
  2⤵
  PID:14096
- C:\Windows\System\HPzSWyj.exe
  C:\Windows\System\HPzSWyj.exe
  2⤵
  PID:14124
- C:\Windows\System\eUlgXNf.exe
  C:\Windows\System\eUlgXNf.exe
  2⤵
  PID:14140
- C:\Windows\System\ErWvZjM.exe
  C:\Windows\System\ErWvZjM.exe
  2⤵
  PID:14172
- C:\Windows\System\jhNfVWN.exe
  C:\Windows\System\jhNfVWN.exe
  2⤵
  PID:14212
- C:\Windows\System\GsXyYTH.exe
  C:\Windows\System\GsXyYTH.exe
  2⤵
  PID:14236
- C:\Windows\System\MvKatxO.exe
  C:\Windows\System\MvKatxO.exe
  2⤵
  PID:14276
- C:\Windows\System\rRmcbcM.exe
  C:\Windows\System\rRmcbcM.exe
  2⤵
  PID:14304
- C:\Windows\System\WHaHnBc.exe
  C:\Windows\System\WHaHnBc.exe
  2⤵
  PID:14320
- C:\Windows\System\XHOpgZa.exe
  C:\Windows\System\XHOpgZa.exe
  2⤵
  PID:12296
- C:\Windows\System\mRHDwRI.exe
  C:\Windows\System\mRHDwRI.exe
  2⤵
  PID:13424
- C:\Windows\System\kNojlqK.exe
  C:\Windows\System\kNojlqK.exe
  2⤵
  PID:13504
- C:\Windows\System\mSlCftf.exe
  C:\Windows\System\mSlCftf.exe
  2⤵
  PID:13532
- C:\Windows\System\XoNNQdO.exe
  C:\Windows\System\XoNNQdO.exe
  2⤵
  PID:13564
- C:\Windows\System\CmlgpfG.exe
  C:\Windows\System\CmlgpfG.exe
  2⤵
  PID:13656
- C:\Windows\System\pZMdtpC.exe
  C:\Windows\System\pZMdtpC.exe
  2⤵
  PID:13720
- C:\Windows\System\ZntRtSp.exe
  C:\Windows\System\ZntRtSp.exe
  2⤵
  PID:13784
- C:\Windows\System\AFzEmAu.exe
  C:\Windows\System\AFzEmAu.exe
  2⤵
  PID:13868
- C:\Windows\System\mXEKrNH.exe
  C:\Windows\System\mXEKrNH.exe
  2⤵
  PID:13900
- C:\Windows\System\bhmRjhK.exe
  C:\Windows\System\bhmRjhK.exe
  2⤵
  PID:13992
- C:\Windows\System\pnNXNQQ.exe
  C:\Windows\System\pnNXNQQ.exe
  2⤵
  PID:14060
- C:\Windows\System\kDhPQEE.exe
  C:\Windows\System\kDhPQEE.exe
  2⤵
  PID:14084
- C:\Windows\System\lSRpkfn.exe
  C:\Windows\System\lSRpkfn.exe
  2⤵
  PID:14132
- C:\Windows\System\OxFlrlU.exe
  C:\Windows\System\OxFlrlU.exe
  2⤵
  PID:14248
- C:\Windows\System\AcYhGnu.exe
  C:\Windows\System\AcYhGnu.exe
  2⤵
  PID:14316
- C:\Windows\System\Uqljgfw.exe
  C:\Windows\System\Uqljgfw.exe
  2⤵
  PID:13436
- C:\Windows\System\ImZrzUP.exe
  C:\Windows\System\ImZrzUP.exe
  2⤵
  PID:13540

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AzEKSsp.exe

Filesize
2.3MB

MD5
981de7cd3b78e902238d458b6265ffb4

SHA1
d97111efe77c28241badea1908a7d8f04a105e05

SHA256
37900cbbb7a2fa436dff01cdd9c3689e1eb4b0a6ced80f529108ed2fee221d09

SHA512
8c5c8d3d8cd2eb3a9af2b383c4967360e7bdbbee93d579ec5fe371bb93ed0c1de656650b67bc5fa95972c46d1c078c6ab5b3467bee178b75921206c6de29520b

Download Submit
C:\Windows\System\BDupiRG.exe

Filesize
2.3MB

MD5
62892d29b96715e275f14b5b0ded62a5

SHA1
b041d94a43d5dbbe353e905792155ad896c8310d

SHA256
9705a5aed46bcc5ae8dd5fcd01aafb1865ceb712bca103fe7ebe6d2ae5c48139

SHA512
f0f2ade55710863c8c731ff97350c2c5478eb45d6e3b483799404d9806e8c91a60c47cca75b83f182a0b6c0bb59ca7c5c0f062fa1716b172e83fa5dfa46a9d0e

Download Submit
C:\Windows\System\BdtDwKj.exe

Filesize
2.3MB

MD5
fce282f93f934c7f22a913596f766ebd

SHA1
78f85faab3ed150219b15b65bdc409f5a8885624

SHA256
13a773ed3c4e07e25e9b438ea89fed6970e88d09bb11cbd30a62cb9e3fba0400

SHA512
a29ad1285d9fa9564e27ede22a7023a0a664eeabad815d2e810928baf4a0144f546b327276dd8189623676185e1b9366676abb76fbcc90a2b274c845497c1e56

Download Submit
C:\Windows\System\CnrqPUB.exe

Filesize
2.3MB

MD5
7f6e07323c5d32924c39094570615dc7

SHA1
d343223b71e12966c945d86756a1028a21a6dbdc

SHA256
f7f5798ecfc50b59ec4cb23535caaf7437136185301947b618f04b361413c151

SHA512
b093b1209b4c1d7f3fd746f730d8116c669e4bdd44b8ac5775bf18edd3996167c5ff222c024c2a05ed11889c408a3cd2b0ad91a5ff386738446ea9c2863e878a

Download Submit
C:\Windows\System\DIYalzl.exe

Filesize
2.3MB

MD5
9caba362bf2302cab99f92933ede75db

SHA1
b71d4e7ce7db7d572155217427e7946bd31375d2

SHA256
67b5520a6c5bbb6fa1e86403f55b0aac117c8f27d42e80be44b5cbb8cd4ba28d

SHA512
686182b42e2c9b84b85eb84a056e03633d165b5ac1c624791f8681c3d0761b3b42a2388747126f8ecbcb437d44c57f1a56d83d6dc6c9d931e57c8c0a5f409d86

Download Submit
C:\Windows\System\DiwIWWi.exe

Filesize
2.3MB

MD5
098fe207b9c8639938455ba782852f97

SHA1
c98b3ce21fd2e75a50308809fb14b6d73e6b0757

SHA256
3dbb0dd6977184adc65cab708c5f79a5f0bc42e38441daa7662569e51a880e3d

SHA512
c2ffd8524c16479ef5423c15d17824ee6b629e96f77ca95ddabba94ba5c0935e8510b905cd0262d454e0870324ab1d92678045ddd90f9320d857eb5d59ce18c3

Download Submit
C:\Windows\System\EgDddMh.exe

Filesize
2.3MB

MD5
2a790241c59e6c6a58b112e07f28fa55

SHA1
4b76c0df1ce2c5a16733f84cbb95481af1e8b7f0

SHA256
9ab319ddfed1668538d2f3c1046e169fddef171cccd37612de08a8027929e2da

SHA512
b125705b27c0ec3266562890d4a57d71947562211db72cee45cdfa7576cf91be47b345165c8c903bc1064fd208fa81cd91c0d255486dba59b25758dd404b0ba2

Download Submit
C:\Windows\System\HZAhOXM.exe

Filesize
2.3MB

MD5
afedaafb5af6140b1f5ff1cea4e44bee

SHA1
88c5a653b85b29e2160070ce2eb1226ee9ddcd72

SHA256
c76b334bc67a4ee3659a826b023e6bade5d31a1ac9d281238f0719c13613d884

SHA512
4d4dbcacc49a17c5d3c100def1fe7551ee977f9cc555cda47647aed9bde1f9b3faf1a0648273ea057a8a3c64f919bfd60e1bc09740ed37552daa988735cf940d

Download Submit
C:\Windows\System\IKAZapZ.exe

Filesize
2.3MB

MD5
f49ac7167aff79e57687fa547b584b8c

SHA1
60db263298863cf457b6335987335459d524093d

SHA256
b35d71af7b544b126778bf262760557ad1b00e0a56d51a0fc2bfb3eb5fa36fa2

SHA512
e29ce751a885c106aeeb7fb57e5d0158cd56e1fc39564c7ebf8acfd34380b094daa72cce094991cfbdabfafa39c4b7bd818c3d9bf366ae85365d896d00b659ba

Download Submit
C:\Windows\System\JjFNewO.exe

Filesize
2.3MB

MD5
a56e119c1d3e1ee87fb92cafffc7b4a1

SHA1
14e9ba086b4cdae2bf53f7174c6b15a5b662b6b2

SHA256
04b3e53a1d3a57437fd4f25cad8f091cd432862085dcb98c2c4e6b1d3767b664

SHA512
35bf582393def2a15230fe6a381ac2bf43f7d7e71cd6c1657050f8db75a78ea2da9046239b7838ac8dbbe76bdfaf7252c96bb625889db885f72bd297a57385c8

Download Submit
C:\Windows\System\KKaApeL.exe

Filesize
2.3MB

MD5
f826bc789c4bc320f8b9de963a8ec82d

SHA1
2bb4a6a5c00db9bae6eb10b4345d24ab226cd965

SHA256
438df5eaad69ee0093a11dff9fad68f22c246388aa169de99fccb3fb98fe8d4b

SHA512
c4c18876c0efe04976d1ee58553c65b061c399169f46b2548e6e6d44651284806388667822443acc763aec20c7a363396d03dadde60fb663487ce8f48a36b8ea

Download Submit
C:\Windows\System\LqEskTr.exe

Filesize
2.3MB

MD5
7a7237ba14597c7e7072d01818e221c0

SHA1
ba751e895e704f330a52ab89a9e0340e0756c16a

SHA256
ff3c933a1156db8defbdcfd9b861a97edf56b891f5452fd34a7c5a36bf9fb0f5

SHA512
9d85b1a0b3dd0e18ef62b6e36cdfa24f87f62068b5032f555f4963b9c84151f5549c71406dd4b5af1e8cd9dda380448bb92ceb0b72989947291488210a5eca69

Download Submit
C:\Windows\System\MaqNlxb.exe

Filesize
2.3MB

MD5
b21df78ed9b3890b6b721a231bb1c81e

SHA1
ca7a80edc1107e19e1584d01f9c506ce7243386e

SHA256
fdd58de2d80716e415fd5581459518c62c348a14bf775c42f3be1ce246200e4f

SHA512
e1b51aa61c2e792ff4b8c037ffb28de05d9b738c537cbfda5e9bc9a2562323bf2319477282e3e5cac9be332f3b0b97af98cf9eb3a4dce24c79d2a672b753a119

Download Submit
C:\Windows\System\NBWmcKe.exe

Filesize
2.3MB

MD5
e411c077efee869cbaef316f7dc51373

SHA1
4c64918199727db22e27d5787416cf337b11e6b1

SHA256
31482791f59e3de411591fc851eb3b60881efd4cc9861e8682333b0201021432

SHA512
8d711ecd3b7a9cf9d451029ee8d71fef42aae321b6f3219f6413983f35d2f0405f8a01c6ad8b95be006d43f8043edf820041d82b5f045c91504db14115f4cba5

Download Submit
C:\Windows\System\QSHmYwz.exe

Filesize
2.3MB

MD5
6e7260fc06403e99c9dbca807efd0949

SHA1
9840dbc232589a291f81fac52afd7fcb7dda3b54

SHA256
d8cbec6c3211e6fbbe54f46f438e71a8692f3a28dde01fa02a5f13ad1e5713ac

SHA512
9fd436a64af02ab6101d2c299e8f632a775dfbbe30122d075e7e1f64c854700cf86bf202af4914cb6709f45524972498a061609c6cd6a48379526d2b61c8fce1

Download Submit
C:\Windows\System\RMVYQsR.exe

Filesize
2.3MB

MD5
3f7ea28a6bd81e8c67b894c67c0a37c2

SHA1
140cdff6cc8f6de73207700d5beef38217bf08e8

SHA256
6ac9b8c89a2c07fa6ec71050432c81f509286106fe25224463828ea13a07269a

SHA512
68f2f1cb51e3519ff9ff961effa548dd613b7ad8d34c02608121a3ac6925b528cefc5d0689dcfd7606a3eda488c1f55283c5eddd729a2b150f38eba23bcfd402

Download Submit
C:\Windows\System\RSwuwMV.exe

Filesize
2.3MB

MD5
c4cf769a006665af81612408547a2e8f

SHA1
34cc5a6129fa38d64558f718c513923373e6b338

SHA256
faa2035f844783b59e87d6470e585717a1b36caaac251955d6523b9471cd2da9

SHA512
e538037e0d7fcd5579732acdcb39285acf128ee93d3a51779ff8315f52f343635c20ebf2cf7ed60df861f9b94fd6f4e273606e67459a37274b72b88014d7851a

Download Submit
C:\Windows\System\TAnDIHC.exe

Filesize
2.3MB

MD5
69202de768a22920f87055c684676dfc

SHA1
76f774401d1392645620870cf534becdd28219a7

SHA256
b807f7e88a89832c0eb0d847d16d769b09933dd281e367a7be70d636cf6b5fe1

SHA512
ad7c92d3add26f3ee0c57d5e58bbbfa7799b4f336d84d2ed498e3ee770c37aaf59bff1812dece16df5603ac5b8ef80e509c4f3656b52b6cd8cab3abeb575353d

Download Submit
C:\Windows\System\TwBIjWg.exe

Filesize
2.3MB

MD5
75d48e3f56fd2df7767f46d60961d739

SHA1
d4557b35a58ce8c122aaf348a693938cd081d584

SHA256
b2824e99b5c70b109bf1a427102323c0a5687f1acc1680fd9e3ee67d45318abc

SHA512
6c6cab66628375497a3e7a56cdb315aed6e6e28af981d12d6d713ef9ffb240646591c9c4676c62222f3e5b70ef9b0fb02d477a6d683b4f8cc744281fcc96c854

Download Submit
C:\Windows\System\XPVzGhF.exe

Filesize
2.3MB

MD5
e00d09bc265b264962c8fd431b19ac68

SHA1
7374c40ba98b5f0ab1fd2687e31be93b11f00f1d

SHA256
3d3de7bb7772582de785a0728b81f4b8b424bf0405bd771cb347634ca939eec1

SHA512
dc406172c732568fe06de983a7815d51f688f90752a5ff12af60de69fc4504f624b1715811e2bee5f50f4e57c7ab10c3ab2d38a0ec71a569070cb4d88c488428

Download Submit
C:\Windows\System\YTwEqVA.exe

Filesize
2.3MB

MD5
4e13cc21ac92a7e748ede68b64aaad25

SHA1
9cd7954b6b4ee176a2f02e40ae2077ed26780769

SHA256
11a6c6f891ca8603ea7e9e8638f2bf416ae9d0f77471fb17ad7ebe1320387b0e

SHA512
194e5fe9dc2bfb02eba2de914949480a15e7e3517d18342beb8fe769e6949fdf815c6dfbe367756f8a4b804f7cf70a6bf9ddf058984ce8699b95dee1de70a8ea

Download Submit
C:\Windows\System\bUvajxc.exe

Filesize
2.3MB

MD5
20e1e08677edcb5abfc72f40e53e1db2

SHA1
4669defaf95f086110baf3b4112368b3653583da

SHA256
9063bc11398d79a83521649c57818583fe4c836182451e1be57397b3c91b8321

SHA512
f09447fbd620203b27634caed53d80a5051dd5b1b47aa55b56acc28594e7f2bf90026bb6ca4d841328aac88a97afc836b7fb26b2b4a8bf62a021d57129dfc338

Download Submit
C:\Windows\System\ifZENHI.exe

Filesize
2.3MB

MD5
1f233bd8d5e36791c7e92b1fdebac795

SHA1
e883cebc9540d685f31499f8f0127f7d34ec497c

SHA256
c11d1299c5e78b0f12f8d1f4a536102db64dbdf2d7a738fdc98d51af0f213618

SHA512
c309fad18dd1e6b394498a6d71ef72e9007b3b97db9a675cf3e4af9f7d6b04a9fcfce27651651fe843f83603081ee5a220d48647535e109864416d6528f15151

Download Submit
C:\Windows\System\jXklWEn.exe

Filesize
2.3MB

MD5
c726b6a821c9ba151f3a0a82c9c5afa7

SHA1
36917192823522a5310213d260b2721ff6cd8520

SHA256
679ee16873ac7309560457889a1efe043277444da5eb3bf68a2f79e31a65085a

SHA512
99df14a352f12639f8cd0f9cdb3a412a19328e0c05f8acffe55d9d91b355b729799d72c506dd93d9e90f39a43e0f9eed7e019d16f9f1d3067a1fd8d3df571ced

Download Submit
C:\Windows\System\kyAAAuA.exe

Filesize
2.3MB

MD5
ca0a1948814f771b5dee450223f93628

SHA1
b35fd7130dad4e87ac638faf29354e9388ba9c8b

SHA256
36ebf90d484cae5b2f02a373f4f0f9a54fb14995a4e1bf8dca04370e087c0624

SHA512
2a9900a5bb4d09881b714a605ab44809b736d3b6a29adb5dc5136cc62ba33f3734f4cc941b548ec202e84f3d5df230a4945c5705e8a12bb3d25535619457a1be

Download Submit
C:\Windows\System\laLkJsv.exe

Filesize
2.3MB

MD5
cebfd6bd3fd30a8c0a85be0fd6fc77ba

SHA1
109d28fb3f19cae7134cf53b898ed0f39fc54ed3

SHA256
286d5cfcc5248ba7c480a92db115dcd6515031c895c150426e85cf67b61763ae

SHA512
6362b32db0904af6802789860ffa5e840d9b7843871d17b5459afdda8801c8e29be37574993f592463bffaefa5a1e34552df30098e44834c82c47a837d8da617

Download Submit
C:\Windows\System\oougNQQ.exe

Filesize
2.3MB

MD5
a98a5ab0282bc76350eac27db5f079af

SHA1
829abd29ae581a0071e045490231a8077392d2f9

SHA256
f89838a507369746937b8e7ddf66cb8d31a7e660f1c80d64da7d2ee80b9fcc56

SHA512
8bf782dc158556f3a9aa5144f816410a46a1e836d59bcbee87bd8558c136901322b04df881070d176ddf5ccff447f90dcd4c76a89d2c4b425d6ca8efd08972e9

Download Submit
C:\Windows\System\pFApqhj.exe

Filesize
2.3MB

MD5
560ae548e122b06f4bf647e907a7ce83

SHA1
931395421df9c35353237aea5d3bd3ed7c13c5b9

SHA256
0461fdf01cf27ba3622389562413cd85ff0a110fe425e425bc3e33083810705c

SHA512
a0d420526fd41b311de56ce1aff4e9132facd2106f0c367a0bbb0af18d9d0980d906a72320a72b4b452119850ad8d4c7b4a569e84e53e8a60d4ec2710726d492

Download Submit
C:\Windows\System\pgnagzb.exe

Filesize
2.3MB

MD5
52466922d7c1e0499b26da1d37f70517

SHA1
06fb97bd06f70b9d5834f21a18c68455321d34f9

SHA256
9cec87e48658da0d27a94d4433dbe2c4b1d63a3fccfc963cd0f97b1deb4b7c74

SHA512
74cb58b301f594d8ec15d66d85ea20fd96d2175ef9961c90801acbca6e6060aea0c7917e189c328052ba570d25212309302f157b238a9610fab5f2b98291ee33

Download Submit
C:\Windows\System\qDQNGmD.exe

Filesize
2.3MB

MD5
5b73fd67b2df5bd9b6ade3c9a6868de4

SHA1
4ac5eb4c9196d38b0dadd41b3655f213c5055f55

SHA256
6f412a240e0ce7ee9f8ca14d67fda8e05ff932d6b9f37a5af6a13aeac714feb3

SHA512
ff757d702f43ba1064c8f4c259e1fc3c5c6eb8727d6960240f317d5944ed242a2592e71563fb34d99efbee1ae8a4ea4b62663397eea2d263e19486ef4ca5f7df

Download Submit
C:\Windows\System\sQgNyUe.exe

Filesize
2.3MB

MD5
84f7b104005e96623df17ab07dc59862

SHA1
e4dc4d81e84a59f6593256c11e49c41a4f82e7dd

SHA256
f7c2c90b3edea5436266dd16117385b586ca4a2827a12f6383803095fb4cefb9

SHA512
6bc31f26ef85a586b925df1a0a36964dc5b15fbdc7cf32c2661511cdb25d0ad09824b6f907b15a9b3dfd51b970019442b05fa6848db72ba7024b0896c7233d22

Download Submit
C:\Windows\System\vfMQKsS.exe

Filesize
2.3MB

MD5
ca2e9f83bda928bdfbdfb71cef1b5c85

SHA1
ea8ce7a5e92d89a5eca74358b710cc1484233575

SHA256
e6d8eaa91129433cd86d96a50d858bcd772ac7353692be00b19b2aa7e7552582

SHA512
f930fadee95851d85e31ffb3a45b79ddf7999933b51fa84581baade97e3242cbcb5ae491f9cacc464f35b730aee983e3a0ce06bb2d97a9fae5c0311d9ceb181f

Download Submit
C:\Windows\System\yMdsVKY.exe

Filesize
2.3MB

MD5
95da8fdedf173571c8242c2ab2b54eb4

SHA1
65913fae7ab99110b47342b4a7b5258073615f98

SHA256
2ffe6d44d1a84485ece940ab96d41386b11cb72035c89fd86e1a7d1978b7aae7

SHA512
f68e73b326e19f2eb164e4e43a4c659ff94951717971ae19228627e7556e5725962012e207e16e7e0d585ed3e78767017bc0577ff3f06ec35642064de8c5a373

Download Submit
memory/516-671-0x00007FF7AB170000-0x00007FF7AB4C4000-memory.dmp

Filesize
3.3MB

Download
memory/516-2174-0x00007FF7AB170000-0x00007FF7AB4C4000-memory.dmp

Filesize
3.3MB

Download
memory/556-2149-0x00007FF725530000-0x00007FF725884000-memory.dmp

Filesize
3.3MB

Download
memory/556-2169-0x00007FF725530000-0x00007FF725884000-memory.dmp

Filesize
3.3MB

Download
memory/556-125-0x00007FF725530000-0x00007FF725884000-memory.dmp

Filesize
3.3MB

Download
memory/1012-56-0x00007FF6A9000000-0x00007FF6A9354000-memory.dmp

Filesize
3.3MB

Download
memory/1012-2159-0x00007FF6A9000000-0x00007FF6A9354000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2176-0x00007FF688B90000-0x00007FF688EE4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-687-0x00007FF688B90000-0x00007FF688EE4000-memory.dmp

Filesize
3.3MB

Download
memory/1456-2161-0x00007FF705B00000-0x00007FF705E54000-memory.dmp

Filesize
3.3MB

Download
memory/1456-83-0x00007FF705B00000-0x00007FF705E54000-memory.dmp

Filesize
3.3MB

Download
memory/1508-112-0x00007FF6D8810000-0x00007FF6D8B64000-memory.dmp

Filesize
3.3MB

Download
memory/1508-2167-0x00007FF6D8810000-0x00007FF6D8B64000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2168-0x00007FF67DB20000-0x00007FF67DE74000-memory.dmp

Filesize
3.3MB

Download
memory/1672-680-0x00007FF67DB20000-0x00007FF67DE74000-memory.dmp

Filesize
3.3MB

Download
memory/2000-2170-0x00007FF7BAB40000-0x00007FF7BAE94000-memory.dmp

Filesize
3.3MB

Download
memory/2000-2147-0x00007FF7BAB40000-0x00007FF7BAE94000-memory.dmp

Filesize
3.3MB

Download
memory/2000-116-0x00007FF7BAB40000-0x00007FF7BAE94000-memory.dmp

Filesize
3.3MB

Download
memory/2068-2178-0x00007FF6274F0000-0x00007FF627844000-memory.dmp

Filesize
3.3MB

Download
memory/2068-694-0x00007FF6274F0000-0x00007FF627844000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2179-0x00007FF6AC3B0000-0x00007FF6AC704000-memory.dmp

Filesize
3.3MB

Download
memory/2204-698-0x00007FF6AC3B0000-0x00007FF6AC704000-memory.dmp

Filesize
3.3MB

Download
memory/2496-0-0x00007FF614190000-0x00007FF6144E4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1-0x000002310DA00000-0x000002310DA10000-memory.dmp

Filesize
64KB

Download
memory/2496-1474-0x00007FF614190000-0x00007FF6144E4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2152-0x00007FF628FE0000-0x00007FF629334000-memory.dmp

Filesize
3.3MB

Download
memory/2572-24-0x00007FF628FE0000-0x00007FF629334000-memory.dmp

Filesize
3.3MB

Download
memory/2644-2165-0x00007FF7C1950000-0x00007FF7C1CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-108-0x00007FF7C1950000-0x00007FF7C1CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2146-0x00007FF6F3D60000-0x00007FF6F40B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-95-0x00007FF6F3D60000-0x00007FF6F40B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2166-0x00007FF6F3D60000-0x00007FF6F40B4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2158-0x00007FF738F00000-0x00007FF739254000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1864-0x00007FF738F00000-0x00007FF739254000-memory.dmp

Filesize
3.3MB

Download
memory/2860-54-0x00007FF738F00000-0x00007FF739254000-memory.dmp

Filesize
3.3MB

Download
memory/2872-55-0x00007FF7B98B0000-0x00007FF7B9C04000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2155-0x00007FF7B98B0000-0x00007FF7B9C04000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2175-0x00007FF6D6940000-0x00007FF6D6C94000-memory.dmp

Filesize
3.3MB

Download
memory/3212-669-0x00007FF6D6940000-0x00007FF6D6C94000-memory.dmp

Filesize
3.3MB

Download
memory/3340-128-0x00007FF69EF60000-0x00007FF69F2B4000-memory.dmp

Filesize
3.3MB

Download
memory/3340-2150-0x00007FF69EF60000-0x00007FF69F2B4000-memory.dmp

Filesize
3.3MB

Download
memory/3340-2172-0x00007FF69EF60000-0x00007FF69F2B4000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2153-0x00007FF647CD0000-0x00007FF648024000-memory.dmp

Filesize
3.3MB

Download
memory/3432-30-0x00007FF647CD0000-0x00007FF648024000-memory.dmp

Filesize
3.3MB

Download
memory/3908-681-0x00007FF64E330000-0x00007FF64E684000-memory.dmp

Filesize
3.3MB

Download
memory/3908-2177-0x00007FF64E330000-0x00007FF64E684000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2151-0x00007FF68E1A0000-0x00007FF68E4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3960-14-0x00007FF68E1A0000-0x00007FF68E4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2148-0x00007FF7073E0000-0x00007FF707734000-memory.dmp

Filesize
3.3MB

Download
memory/4092-122-0x00007FF7073E0000-0x00007FF707734000-memory.dmp

Filesize
3.3MB

Download
memory/4092-2171-0x00007FF7073E0000-0x00007FF707734000-memory.dmp

Filesize
3.3MB

Download
memory/4232-2145-0x00007FF6D5240000-0x00007FF6D5594000-memory.dmp

Filesize
3.3MB

Download
memory/4232-90-0x00007FF6D5240000-0x00007FF6D5594000-memory.dmp

Filesize
3.3MB

Download
memory/4232-2164-0x00007FF6D5240000-0x00007FF6D5594000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2157-0x00007FF6ED3D0000-0x00007FF6ED724000-memory.dmp

Filesize
3.3MB

Download
memory/4428-48-0x00007FF6ED3D0000-0x00007FF6ED724000-memory.dmp

Filesize
3.3MB

Download
memory/4812-2160-0x00007FF618540000-0x00007FF618894000-memory.dmp

Filesize
3.3MB

Download
memory/4812-82-0x00007FF618540000-0x00007FF618894000-memory.dmp

Filesize
3.3MB

Download
memory/4848-2162-0x00007FF7B89D0000-0x00007FF7B8D24000-memory.dmp

Filesize
3.3MB

Download
memory/4848-101-0x00007FF7B89D0000-0x00007FF7B8D24000-memory.dmp

Filesize
3.3MB

Download
memory/4864-2163-0x00007FF74D8D0000-0x00007FF74DC24000-memory.dmp

Filesize
3.3MB

Download
memory/4864-102-0x00007FF74D8D0000-0x00007FF74DC24000-memory.dmp

Filesize
3.3MB

Download
memory/4924-2154-0x00007FF764980000-0x00007FF764CD4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-39-0x00007FF764980000-0x00007FF764CD4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-2173-0x00007FF7EA3E0000-0x00007FF7EA734000-memory.dmp

Filesize
3.3MB

Download
memory/5088-679-0x00007FF7EA3E0000-0x00007FF7EA734000-memory.dmp

Filesize
3.3MB

Download
memory/5104-43-0x00007FF67FE60000-0x00007FF6801B4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2144-0x00007FF67FE60000-0x00007FF6801B4000-memory.dmp

Filesize
3.3MB

Download
memory/5104-2156-0x00007FF67FE60000-0x00007FF6801B4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads