xmrig | e5f42260460a23ff397bfc1b47a21c98cd679ed25c45e77c7f52c6f27ab81035

Analysis

max time kernel
119s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
Size

2.7MB
MD5

7c03264bbdff6a46aceefd0f61d7f1f0
SHA1

5974334f584df5176584be908c5381fa4f9e6821
SHA256

e5f42260460a23ff397bfc1b47a21c98cd679ed25c45e77c7f52c6f27ab81035
SHA512

22ddcabe47c0bc4768ae4d4a3157a42135c177a1325bab273643ee399d3964afa8ac7e030d16d375a02eb4e15beacc032243b993a71ae87d0bc22930e5aaeb6e
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdMKPFoo5Ec6tqa:BemTLkNdfE0pZrV56utgpPFop

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2724-0-0x00007FF71D030000-0x00007FF71D384000-memory.dmp	xmrig
behavioral2/files/0x000a000000023423-5.dat	xmrig
behavioral2/files/0x0008000000023427-9.dat	xmrig
behavioral2/memory/5044-13-0x00007FF6C0050000-0x00007FF6C03A4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-16.dat	xmrig
behavioral2/files/0x000700000002342c-21.dat	xmrig
behavioral2/memory/1304-26-0x00007FF6C9890000-0x00007FF6C9BE4000-memory.dmp	xmrig
behavioral2/memory/1816-31-0x00007FF606F80000-0x00007FF6072D4000-memory.dmp	xmrig
behavioral2/memory/4204-33-0x00007FF746A10000-0x00007FF746D64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-44.dat	xmrig
behavioral2/files/0x0007000000023431-48.dat	xmrig
behavioral2/files/0x0007000000023434-71.dat	xmrig
behavioral2/files/0x000700000002343a-95.dat	xmrig
behavioral2/files/0x000700000002343e-115.dat	xmrig
behavioral2/files/0x0007000000023440-125.dat	xmrig
behavioral2/files/0x0007000000023445-150.dat	xmrig
behavioral2/files/0x0007000000023447-160.dat	xmrig
behavioral2/memory/3300-542-0x00007FF7648D0000-0x00007FF764C24000-memory.dmp	xmrig
behavioral2/memory/4600-543-0x00007FF7E2BC0000-0x00007FF7E2F14000-memory.dmp	xmrig
behavioral2/memory/3128-544-0x00007FF656CA0000-0x00007FF656FF4000-memory.dmp	xmrig
behavioral2/memory/4184-546-0x00007FF78D410000-0x00007FF78D764000-memory.dmp	xmrig
behavioral2/memory/2388-545-0x00007FF6157E0000-0x00007FF615B34000-memory.dmp	xmrig
behavioral2/memory/1496-547-0x00007FF6815D0000-0x00007FF681924000-memory.dmp	xmrig
behavioral2/memory/4572-541-0x00007FF6D6410000-0x00007FF6D6764000-memory.dmp	xmrig
behavioral2/memory/4192-548-0x00007FF651DF0000-0x00007FF652144000-memory.dmp	xmrig
behavioral2/memory/3280-549-0x00007FF7B2BF0000-0x00007FF7B2F44000-memory.dmp	xmrig
behavioral2/memory/3792-555-0x00007FF7E9190000-0x00007FF7E94E4000-memory.dmp	xmrig
behavioral2/memory/4476-564-0x00007FF67B7E0000-0x00007FF67BB34000-memory.dmp	xmrig
behavioral2/memory/1068-568-0x00007FF7F7EF0000-0x00007FF7F8244000-memory.dmp	xmrig
behavioral2/memory/4620-589-0x00007FF781A40000-0x00007FF781D94000-memory.dmp	xmrig
behavioral2/memory/1368-594-0x00007FF7F0D50000-0x00007FF7F10A4000-memory.dmp	xmrig
behavioral2/memory/4124-592-0x00007FF7786D0000-0x00007FF778A24000-memory.dmp	xmrig
behavioral2/memory/2764-586-0x00007FF798DE0000-0x00007FF799134000-memory.dmp	xmrig
behavioral2/memory/4532-583-0x00007FF6206C0000-0x00007FF620A14000-memory.dmp	xmrig
behavioral2/memory/4500-577-0x00007FF68C600000-0x00007FF68C954000-memory.dmp	xmrig
behavioral2/memory/5096-575-0x00007FF7CF300000-0x00007FF7CF654000-memory.dmp	xmrig
behavioral2/memory/4640-567-0x00007FF793060000-0x00007FF7933B4000-memory.dmp	xmrig
behavioral2/memory/3624-559-0x00007FF65B620000-0x00007FF65B974000-memory.dmp	xmrig
behavioral2/memory/3536-550-0x00007FF6178A0000-0x00007FF617BF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023449-170.dat	xmrig
behavioral2/files/0x0007000000023448-165.dat	xmrig
behavioral2/files/0x0007000000023446-163.dat	xmrig
behavioral2/files/0x0007000000023444-153.dat	xmrig
behavioral2/files/0x0007000000023443-148.dat	xmrig
behavioral2/files/0x0007000000023442-143.dat	xmrig
behavioral2/files/0x0007000000023441-138.dat	xmrig
behavioral2/files/0x000700000002343f-128.dat	xmrig
behavioral2/files/0x000700000002343d-118.dat	xmrig
behavioral2/files/0x000700000002343c-113.dat	xmrig
behavioral2/files/0x000700000002343b-108.dat	xmrig
behavioral2/files/0x0007000000023439-98.dat	xmrig
behavioral2/files/0x0007000000023438-93.dat	xmrig
behavioral2/files/0x0007000000023437-85.dat	xmrig
behavioral2/files/0x0007000000023436-81.dat	xmrig
behavioral2/files/0x0007000000023435-75.dat	xmrig
behavioral2/files/0x0007000000023433-65.dat	xmrig
behavioral2/files/0x0007000000023432-61.dat	xmrig
behavioral2/files/0x000700000002342f-51.dat	xmrig
behavioral2/memory/1216-47-0x00007FF6990C0000-0x00007FF699414000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-37.dat	xmrig
behavioral2/files/0x000700000002342d-36.dat	xmrig
behavioral2/memory/916-34-0x00007FF717A10000-0x00007FF717D64000-memory.dmp	xmrig
behavioral2/memory/5000-22-0x00007FF721040000-0x00007FF721394000-memory.dmp	xmrig
behavioral2/memory/2724-1278-0x00007FF71D030000-0x00007FF71D384000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5044	XjyQKrZ.exe
5000	SOIooDv.exe
1816	ZBPHccz.exe
1304	YpvRPox.exe
4204	MpxvYNi.exe
916	zBqVycw.exe
1216	eJxUgLR.exe
4124	rIjFYqZ.exe
1368	KpyGDhC.exe
4572	iHjNVzB.exe
3300	OAcKgmn.exe
4600	hedQSQI.exe
3128	AwPWOIA.exe
2388	XPdrSOG.exe
4184	FXeGPvB.exe
1496	mIuMXjJ.exe
4192	gszGERy.exe
3280	tYxibhN.exe
3536	WzLsHSV.exe
3792	iSJehCZ.exe
3624	HFMSrgX.exe
4476	PjGfCHh.exe
4640	vXPHWjA.exe
1068	UOnDgRq.exe
5096	kpDsUYA.exe
4500	ciihslE.exe
4532	WAmLFMn.exe
2764	FhxRosG.exe
4620	XABEfZV.exe
4244	GGLNdza.exe
3252	dghiDoe.exe
4100	GZNrdRW.exe
3620	aHWxbPx.exe
3992	BCBTfra.exe
1852	gMUftTo.exe
1772	gYXbMrn.exe
3156	XJajJuL.exe
3164	WJTdLvI.exe
3008	KZGLrJl.exe
1420	wzsxiqn.exe
4220	sORhQaN.exe
2308	lRDwNLp.exe
4328	MVselpB.exe
1744	huxajJh.exe
1144	ZFHkSZp.exe
5020	gqRaSIs.exe
1752	Vzwhpxa.exe
3704	HqQSucR.exe
4928	yFJPkec.exe
4492	XdkfLPu.exe
4364	VkaLCzo.exe
3552	NaEVvzq.exe
4676	qnKOdoE.exe
1820	sgCrWLr.exe
4044	lHXguML.exe
1156	ZirZzKh.exe
1372	eEvQzXI.exe
3372	OpXjQXI.exe
4172	LGCiCYF.exe
4056	zOmwTGg.exe
3632	AHatcnn.exe
1756	iomPlNT.exe
1552	PshShaV.exe
400	HlVhpdS.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2724-0-0x00007FF71D030000-0x00007FF71D384000-memory.dmp	upx
behavioral2/files/0x000a000000023423-5.dat	upx
behavioral2/files/0x0008000000023427-9.dat	upx
behavioral2/memory/5044-13-0x00007FF6C0050000-0x00007FF6C03A4000-memory.dmp	upx
behavioral2/files/0x000700000002342b-16.dat	upx
behavioral2/files/0x000700000002342c-21.dat	upx
behavioral2/memory/1304-26-0x00007FF6C9890000-0x00007FF6C9BE4000-memory.dmp	upx
behavioral2/memory/1816-31-0x00007FF606F80000-0x00007FF6072D4000-memory.dmp	upx
behavioral2/memory/4204-33-0x00007FF746A10000-0x00007FF746D64000-memory.dmp	upx
behavioral2/files/0x0007000000023430-44.dat	upx
behavioral2/files/0x0007000000023431-48.dat	upx
behavioral2/files/0x0007000000023434-71.dat	upx
behavioral2/files/0x000700000002343a-95.dat	upx
behavioral2/files/0x000700000002343e-115.dat	upx
behavioral2/files/0x0007000000023440-125.dat	upx
behavioral2/files/0x0007000000023445-150.dat	upx
behavioral2/files/0x0007000000023447-160.dat	upx
behavioral2/memory/3300-542-0x00007FF7648D0000-0x00007FF764C24000-memory.dmp	upx
behavioral2/memory/4600-543-0x00007FF7E2BC0000-0x00007FF7E2F14000-memory.dmp	upx
behavioral2/memory/3128-544-0x00007FF656CA0000-0x00007FF656FF4000-memory.dmp	upx
behavioral2/memory/4184-546-0x00007FF78D410000-0x00007FF78D764000-memory.dmp	upx
behavioral2/memory/2388-545-0x00007FF6157E0000-0x00007FF615B34000-memory.dmp	upx
behavioral2/memory/1496-547-0x00007FF6815D0000-0x00007FF681924000-memory.dmp	upx
behavioral2/memory/4572-541-0x00007FF6D6410000-0x00007FF6D6764000-memory.dmp	upx
behavioral2/memory/4192-548-0x00007FF651DF0000-0x00007FF652144000-memory.dmp	upx
behavioral2/memory/3280-549-0x00007FF7B2BF0000-0x00007FF7B2F44000-memory.dmp	upx
behavioral2/memory/3792-555-0x00007FF7E9190000-0x00007FF7E94E4000-memory.dmp	upx
behavioral2/memory/4476-564-0x00007FF67B7E0000-0x00007FF67BB34000-memory.dmp	upx
behavioral2/memory/1068-568-0x00007FF7F7EF0000-0x00007FF7F8244000-memory.dmp	upx
behavioral2/memory/4620-589-0x00007FF781A40000-0x00007FF781D94000-memory.dmp	upx
behavioral2/memory/1368-594-0x00007FF7F0D50000-0x00007FF7F10A4000-memory.dmp	upx
behavioral2/memory/4124-592-0x00007FF7786D0000-0x00007FF778A24000-memory.dmp	upx
behavioral2/memory/2764-586-0x00007FF798DE0000-0x00007FF799134000-memory.dmp	upx
behavioral2/memory/4532-583-0x00007FF6206C0000-0x00007FF620A14000-memory.dmp	upx
behavioral2/memory/4500-577-0x00007FF68C600000-0x00007FF68C954000-memory.dmp	upx
behavioral2/memory/5096-575-0x00007FF7CF300000-0x00007FF7CF654000-memory.dmp	upx
behavioral2/memory/4640-567-0x00007FF793060000-0x00007FF7933B4000-memory.dmp	upx
behavioral2/memory/3624-559-0x00007FF65B620000-0x00007FF65B974000-memory.dmp	upx
behavioral2/memory/3536-550-0x00007FF6178A0000-0x00007FF617BF4000-memory.dmp	upx
behavioral2/files/0x0007000000023449-170.dat	upx
behavioral2/files/0x0007000000023448-165.dat	upx
behavioral2/files/0x0007000000023446-163.dat	upx
behavioral2/files/0x0007000000023444-153.dat	upx
behavioral2/files/0x0007000000023443-148.dat	upx
behavioral2/files/0x0007000000023442-143.dat	upx
behavioral2/files/0x0007000000023441-138.dat	upx
behavioral2/files/0x000700000002343f-128.dat	upx
behavioral2/files/0x000700000002343d-118.dat	upx
behavioral2/files/0x000700000002343c-113.dat	upx
behavioral2/files/0x000700000002343b-108.dat	upx
behavioral2/files/0x0007000000023439-98.dat	upx
behavioral2/files/0x0007000000023438-93.dat	upx
behavioral2/files/0x0007000000023437-85.dat	upx
behavioral2/files/0x0007000000023436-81.dat	upx
behavioral2/files/0x0007000000023435-75.dat	upx
behavioral2/files/0x0007000000023433-65.dat	upx
behavioral2/files/0x0007000000023432-61.dat	upx
behavioral2/files/0x000700000002342f-51.dat	upx
behavioral2/memory/1216-47-0x00007FF6990C0000-0x00007FF699414000-memory.dmp	upx
behavioral2/files/0x000700000002342e-37.dat	upx
behavioral2/files/0x000700000002342d-36.dat	upx
behavioral2/memory/916-34-0x00007FF717A10000-0x00007FF717D64000-memory.dmp	upx
behavioral2/memory/5000-22-0x00007FF721040000-0x00007FF721394000-memory.dmp	upx
behavioral2/memory/2724-1278-0x00007FF71D030000-0x00007FF71D384000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uDglWrK.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\qaLzQTv.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\LRAmMeY.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\XhOHQfr.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\iWARLii.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\UDScSpG.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\zgkwXHw.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\aQBJZlR.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\ASexNtc.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\gbndYlC.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZZsMpIo.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\huxajJh.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\QgPzZdG.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\syRMRUj.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\IiWmEup.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\TyEViGT.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\KZlOcdQ.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\CJqchEv.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZYVmrwp.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\pUVlHqw.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\YSMnkLQ.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\vWGIOMu.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\NTmSqqn.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\GFaRdhg.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\OaZBrIx.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\BFzVwfN.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\cgEovVc.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\xJtDOJR.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\iaqWXSx.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\vAdULoz.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\FvBOyod.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\fXEyngk.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\tTsWfGa.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\sblhUMR.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\vhSopnt.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\rFxmVTO.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\AOJFPzm.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\aqOWaAD.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\tXVxahp.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\szPDEbQ.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\VDSdSqy.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\eccACvR.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\fjNevxD.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\pjwJuri.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\HYGKqIN.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZNiMvoG.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\XJajJuL.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\CHWOGAj.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\UFeZhXW.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\ibYxAmx.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\EBQBUMv.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\BkinIdw.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\zFFGhFh.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\pPuELmj.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\bENJpRD.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\uQYluAQ.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\MpxvYNi.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\VaBnsSt.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\TBiACJk.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\POtZpxr.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\pojMQVn.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\GvvWxPD.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\YqEtToQ.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
File created	C:\Windows\System\RErNoVN.exe	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15152	dwm.exe
Token: SeChangeNotifyPrivilege	15152	dwm.exe
Token: 33	15152	dwm.exe
Token: SeIncBasePriorityPrivilege	15152	dwm.exe
Token: SeShutdownPrivilege	15152	dwm.exe
Token: SeCreatePagefilePrivilege	15152	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 5044	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	83
PID 2724 wrote to memory of 5044	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	83
PID 2724 wrote to memory of 5000	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	84
PID 2724 wrote to memory of 5000	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	84
PID 2724 wrote to memory of 1816	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	85
PID 2724 wrote to memory of 1816	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	85
PID 2724 wrote to memory of 1304	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	86
PID 2724 wrote to memory of 1304	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	86
PID 2724 wrote to memory of 4204	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	87
PID 2724 wrote to memory of 4204	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	87
PID 2724 wrote to memory of 916	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	88
PID 2724 wrote to memory of 916	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	88
PID 2724 wrote to memory of 1216	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	89
PID 2724 wrote to memory of 1216	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	89
PID 2724 wrote to memory of 4124	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	90
PID 2724 wrote to memory of 4124	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	90
PID 2724 wrote to memory of 1368	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	91
PID 2724 wrote to memory of 1368	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	91
PID 2724 wrote to memory of 4572	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	92
PID 2724 wrote to memory of 4572	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	92
PID 2724 wrote to memory of 3300	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	93
PID 2724 wrote to memory of 3300	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	93
PID 2724 wrote to memory of 4600	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	94
PID 2724 wrote to memory of 4600	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	94
PID 2724 wrote to memory of 3128	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	95
PID 2724 wrote to memory of 3128	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	95
PID 2724 wrote to memory of 2388	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	96
PID 2724 wrote to memory of 2388	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	96
PID 2724 wrote to memory of 4184	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	97
PID 2724 wrote to memory of 4184	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	97
PID 2724 wrote to memory of 1496	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	98
PID 2724 wrote to memory of 1496	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	98
PID 2724 wrote to memory of 4192	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	99
PID 2724 wrote to memory of 4192	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	99
PID 2724 wrote to memory of 3280	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	100
PID 2724 wrote to memory of 3280	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	100
PID 2724 wrote to memory of 3536	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	101
PID 2724 wrote to memory of 3536	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	101
PID 2724 wrote to memory of 3792	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	102
PID 2724 wrote to memory of 3792	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	102
PID 2724 wrote to memory of 3624	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	103
PID 2724 wrote to memory of 3624	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	103
PID 2724 wrote to memory of 4476	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	104
PID 2724 wrote to memory of 4476	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	104
PID 2724 wrote to memory of 4640	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	105
PID 2724 wrote to memory of 4640	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	105
PID 2724 wrote to memory of 1068	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	106
PID 2724 wrote to memory of 1068	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	106
PID 2724 wrote to memory of 5096	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	107
PID 2724 wrote to memory of 5096	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	107
PID 2724 wrote to memory of 4500	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	108
PID 2724 wrote to memory of 4500	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	108
PID 2724 wrote to memory of 4532	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	109
PID 2724 wrote to memory of 4532	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	109
PID 2724 wrote to memory of 2764	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	110
PID 2724 wrote to memory of 2764	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	110
PID 2724 wrote to memory of 4620	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	111
PID 2724 wrote to memory of 4620	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	111
PID 2724 wrote to memory of 4244	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	112
PID 2724 wrote to memory of 4244	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	112
PID 2724 wrote to memory of 3252	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	113
PID 2724 wrote to memory of 3252	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	113
PID 2724 wrote to memory of 4100	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	114
PID 2724 wrote to memory of 4100	2724	7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7c03264bbdff6a46aceefd0f61d7f1f0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\System\XjyQKrZ.exe
  C:\Windows\System\XjyQKrZ.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\SOIooDv.exe
  C:\Windows\System\SOIooDv.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\ZBPHccz.exe
  C:\Windows\System\ZBPHccz.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\YpvRPox.exe
  C:\Windows\System\YpvRPox.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\MpxvYNi.exe
  C:\Windows\System\MpxvYNi.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\zBqVycw.exe
  C:\Windows\System\zBqVycw.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\eJxUgLR.exe
  C:\Windows\System\eJxUgLR.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\rIjFYqZ.exe
  C:\Windows\System\rIjFYqZ.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\KpyGDhC.exe
  C:\Windows\System\KpyGDhC.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\iHjNVzB.exe
  C:\Windows\System\iHjNVzB.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\OAcKgmn.exe
  C:\Windows\System\OAcKgmn.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\hedQSQI.exe
  C:\Windows\System\hedQSQI.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\AwPWOIA.exe
  C:\Windows\System\AwPWOIA.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\XPdrSOG.exe
  C:\Windows\System\XPdrSOG.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\FXeGPvB.exe
  C:\Windows\System\FXeGPvB.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\mIuMXjJ.exe
  C:\Windows\System\mIuMXjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\gszGERy.exe
  C:\Windows\System\gszGERy.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\tYxibhN.exe
  C:\Windows\System\tYxibhN.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\WzLsHSV.exe
  C:\Windows\System\WzLsHSV.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\iSJehCZ.exe
  C:\Windows\System\iSJehCZ.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\HFMSrgX.exe
  C:\Windows\System\HFMSrgX.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\PjGfCHh.exe
  C:\Windows\System\PjGfCHh.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\vXPHWjA.exe
  C:\Windows\System\vXPHWjA.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\UOnDgRq.exe
  C:\Windows\System\UOnDgRq.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\kpDsUYA.exe
  C:\Windows\System\kpDsUYA.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\ciihslE.exe
  C:\Windows\System\ciihslE.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\WAmLFMn.exe
  C:\Windows\System\WAmLFMn.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\FhxRosG.exe
  C:\Windows\System\FhxRosG.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\XABEfZV.exe
  C:\Windows\System\XABEfZV.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\GGLNdza.exe
  C:\Windows\System\GGLNdza.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\dghiDoe.exe
  C:\Windows\System\dghiDoe.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\GZNrdRW.exe
  C:\Windows\System\GZNrdRW.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\aHWxbPx.exe
  C:\Windows\System\aHWxbPx.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\BCBTfra.exe
  C:\Windows\System\BCBTfra.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\gMUftTo.exe
  C:\Windows\System\gMUftTo.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\gYXbMrn.exe
  C:\Windows\System\gYXbMrn.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\XJajJuL.exe
  C:\Windows\System\XJajJuL.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\WJTdLvI.exe
  C:\Windows\System\WJTdLvI.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\KZGLrJl.exe
  C:\Windows\System\KZGLrJl.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\wzsxiqn.exe
  C:\Windows\System\wzsxiqn.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\sORhQaN.exe
  C:\Windows\System\sORhQaN.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\lRDwNLp.exe
  C:\Windows\System\lRDwNLp.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\MVselpB.exe
  C:\Windows\System\MVselpB.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\huxajJh.exe
  C:\Windows\System\huxajJh.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\ZFHkSZp.exe
  C:\Windows\System\ZFHkSZp.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\gqRaSIs.exe
  C:\Windows\System\gqRaSIs.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\Vzwhpxa.exe
  C:\Windows\System\Vzwhpxa.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\HqQSucR.exe
  C:\Windows\System\HqQSucR.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\yFJPkec.exe
  C:\Windows\System\yFJPkec.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\XdkfLPu.exe
  C:\Windows\System\XdkfLPu.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\VkaLCzo.exe
  C:\Windows\System\VkaLCzo.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\NaEVvzq.exe
  C:\Windows\System\NaEVvzq.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\qnKOdoE.exe
  C:\Windows\System\qnKOdoE.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\sgCrWLr.exe
  C:\Windows\System\sgCrWLr.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\lHXguML.exe
  C:\Windows\System\lHXguML.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\ZirZzKh.exe
  C:\Windows\System\ZirZzKh.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\eEvQzXI.exe
  C:\Windows\System\eEvQzXI.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\OpXjQXI.exe
  C:\Windows\System\OpXjQXI.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\LGCiCYF.exe
  C:\Windows\System\LGCiCYF.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\zOmwTGg.exe
  C:\Windows\System\zOmwTGg.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\AHatcnn.exe
  C:\Windows\System\AHatcnn.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\iomPlNT.exe
  C:\Windows\System\iomPlNT.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\PshShaV.exe
  C:\Windows\System\PshShaV.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\HlVhpdS.exe
  C:\Windows\System\HlVhpdS.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\TNbTPRO.exe
  C:\Windows\System\TNbTPRO.exe
  2⤵
  PID:2060
- C:\Windows\System\wQvwhDl.exe
  C:\Windows\System\wQvwhDl.exe
  2⤵
  PID:1220
- C:\Windows\System\vJxUmBQ.exe
  C:\Windows\System\vJxUmBQ.exe
  2⤵
  PID:4940
- C:\Windows\System\WIRWudR.exe
  C:\Windows\System\WIRWudR.exe
  2⤵
  PID:1312
- C:\Windows\System\iuHctNW.exe
  C:\Windows\System\iuHctNW.exe
  2⤵
  PID:3384
- C:\Windows\System\nAyWkZE.exe
  C:\Windows\System\nAyWkZE.exe
  2⤵
  PID:2472
- C:\Windows\System\nncaiFt.exe
  C:\Windows\System\nncaiFt.exe
  2⤵
  PID:1660
- C:\Windows\System\YjdQdQK.exe
  C:\Windows\System\YjdQdQK.exe
  2⤵
  PID:964
- C:\Windows\System\YHPnzod.exe
  C:\Windows\System\YHPnzod.exe
  2⤵
  PID:1988
- C:\Windows\System\iiphFcl.exe
  C:\Windows\System\iiphFcl.exe
  2⤵
  PID:4144
- C:\Windows\System\GXoAhSp.exe
  C:\Windows\System\GXoAhSp.exe
  2⤵
  PID:5056
- C:\Windows\System\HWtAbrG.exe
  C:\Windows\System\HWtAbrG.exe
  2⤵
  PID:3184
- C:\Windows\System\zyeUZSZ.exe
  C:\Windows\System\zyeUZSZ.exe
  2⤵
  PID:692
- C:\Windows\System\zZQQFOw.exe
  C:\Windows\System\zZQQFOw.exe
  2⤵
  PID:3452
- C:\Windows\System\ZjqEhXe.exe
  C:\Windows\System\ZjqEhXe.exe
  2⤵
  PID:4016
- C:\Windows\System\mYkbRuS.exe
  C:\Windows\System\mYkbRuS.exe
  2⤵
  PID:1308
- C:\Windows\System\vZsLiDR.exe
  C:\Windows\System\vZsLiDR.exe
  2⤵
  PID:2352
- C:\Windows\System\AGKkMqE.exe
  C:\Windows\System\AGKkMqE.exe
  2⤵
  PID:4684
- C:\Windows\System\TVspfVc.exe
  C:\Windows\System\TVspfVc.exe
  2⤵
  PID:3668
- C:\Windows\System\xywXURN.exe
  C:\Windows\System\xywXURN.exe
  2⤵
  PID:4092
- C:\Windows\System\mBeZvTa.exe
  C:\Windows\System\mBeZvTa.exe
  2⤵
  PID:5076
- C:\Windows\System\yhSSlbv.exe
  C:\Windows\System\yhSSlbv.exe
  2⤵
  PID:4896
- C:\Windows\System\nVqkiJv.exe
  C:\Windows\System\nVqkiJv.exe
  2⤵
  PID:1844
- C:\Windows\System\rJTFRHf.exe
  C:\Windows\System\rJTFRHf.exe
  2⤵
  PID:4660
- C:\Windows\System\VjIcinf.exe
  C:\Windows\System\VjIcinf.exe
  2⤵
  PID:4740
- C:\Windows\System\DuXdWjZ.exe
  C:\Windows\System\DuXdWjZ.exe
  2⤵
  PID:4848
- C:\Windows\System\RksBTgz.exe
  C:\Windows\System\RksBTgz.exe
  2⤵
  PID:4460
- C:\Windows\System\oSWorMr.exe
  C:\Windows\System\oSWorMr.exe
  2⤵
  PID:5144
- C:\Windows\System\UiKhqKO.exe
  C:\Windows\System\UiKhqKO.exe
  2⤵
  PID:5172
- C:\Windows\System\CHWOGAj.exe
  C:\Windows\System\CHWOGAj.exe
  2⤵
  PID:5200
- C:\Windows\System\bTAejDR.exe
  C:\Windows\System\bTAejDR.exe
  2⤵
  PID:5228
- C:\Windows\System\DCIYuuZ.exe
  C:\Windows\System\DCIYuuZ.exe
  2⤵
  PID:5256
- C:\Windows\System\qFIalyc.exe
  C:\Windows\System\qFIalyc.exe
  2⤵
  PID:5280
- C:\Windows\System\wtuepmv.exe
  C:\Windows\System\wtuepmv.exe
  2⤵
  PID:5312
- C:\Windows\System\nmnPFKL.exe
  C:\Windows\System\nmnPFKL.exe
  2⤵
  PID:5340
- C:\Windows\System\urtqoNE.exe
  C:\Windows\System\urtqoNE.exe
  2⤵
  PID:5368
- C:\Windows\System\UMbJCiL.exe
  C:\Windows\System\UMbJCiL.exe
  2⤵
  PID:5396
- C:\Windows\System\WQIMJBV.exe
  C:\Windows\System\WQIMJBV.exe
  2⤵
  PID:5424
- C:\Windows\System\MpjdAtF.exe
  C:\Windows\System\MpjdAtF.exe
  2⤵
  PID:5452
- C:\Windows\System\SbQLtne.exe
  C:\Windows\System\SbQLtne.exe
  2⤵
  PID:5480
- C:\Windows\System\fXEyngk.exe
  C:\Windows\System\fXEyngk.exe
  2⤵
  PID:5504
- C:\Windows\System\ZzlhFst.exe
  C:\Windows\System\ZzlhFst.exe
  2⤵
  PID:5536
- C:\Windows\System\fWrWqwv.exe
  C:\Windows\System\fWrWqwv.exe
  2⤵
  PID:5560
- C:\Windows\System\CcEivHj.exe
  C:\Windows\System\CcEivHj.exe
  2⤵
  PID:5592
- C:\Windows\System\ZULRLxM.exe
  C:\Windows\System\ZULRLxM.exe
  2⤵
  PID:5620
- C:\Windows\System\WeKEQoV.exe
  C:\Windows\System\WeKEQoV.exe
  2⤵
  PID:5648
- C:\Windows\System\FrByMON.exe
  C:\Windows\System\FrByMON.exe
  2⤵
  PID:5676
- C:\Windows\System\bUqqNTq.exe
  C:\Windows\System\bUqqNTq.exe
  2⤵
  PID:5704
- C:\Windows\System\FCrykQt.exe
  C:\Windows\System\FCrykQt.exe
  2⤵
  PID:5728
- C:\Windows\System\IUflqZj.exe
  C:\Windows\System\IUflqZj.exe
  2⤵
  PID:5760
- C:\Windows\System\oHxfcoR.exe
  C:\Windows\System\oHxfcoR.exe
  2⤵
  PID:5784
- C:\Windows\System\ZuUsnDD.exe
  C:\Windows\System\ZuUsnDD.exe
  2⤵
  PID:5816
- C:\Windows\System\LlwilyM.exe
  C:\Windows\System\LlwilyM.exe
  2⤵
  PID:5840
- C:\Windows\System\zFKcuQK.exe
  C:\Windows\System\zFKcuQK.exe
  2⤵
  PID:5872
- C:\Windows\System\AasGxxB.exe
  C:\Windows\System\AasGxxB.exe
  2⤵
  PID:5900
- C:\Windows\System\ZCUPKOV.exe
  C:\Windows\System\ZCUPKOV.exe
  2⤵
  PID:5928
- C:\Windows\System\ZQTkhxS.exe
  C:\Windows\System\ZQTkhxS.exe
  2⤵
  PID:5956
- C:\Windows\System\QgPzZdG.exe
  C:\Windows\System\QgPzZdG.exe
  2⤵
  PID:5984
- C:\Windows\System\oYUaEEF.exe
  C:\Windows\System\oYUaEEF.exe
  2⤵
  PID:6012
- C:\Windows\System\scynBFw.exe
  C:\Windows\System\scynBFw.exe
  2⤵
  PID:6036
- C:\Windows\System\yNUkCOm.exe
  C:\Windows\System\yNUkCOm.exe
  2⤵
  PID:6064
- C:\Windows\System\YkDMatL.exe
  C:\Windows\System\YkDMatL.exe
  2⤵
  PID:6096
- C:\Windows\System\mvtwCym.exe
  C:\Windows\System\mvtwCym.exe
  2⤵
  PID:6124
- C:\Windows\System\jpbHWua.exe
  C:\Windows\System\jpbHWua.exe
  2⤵
  PID:404
- C:\Windows\System\QPCWjpL.exe
  C:\Windows\System\QPCWjpL.exe
  2⤵
  PID:4404
- C:\Windows\System\pZauhrY.exe
  C:\Windows\System\pZauhrY.exe
  2⤵
  PID:5160
- C:\Windows\System\rMqIPCO.exe
  C:\Windows\System\rMqIPCO.exe
  2⤵
  PID:5216
- C:\Windows\System\YzAfLEk.exe
  C:\Windows\System\YzAfLEk.exe
  2⤵
  PID:5276
- C:\Windows\System\CQUwWJf.exe
  C:\Windows\System\CQUwWJf.exe
  2⤵
  PID:5332
- C:\Windows\System\PeArfob.exe
  C:\Windows\System\PeArfob.exe
  2⤵
  PID:5412
- C:\Windows\System\bsMxWkJ.exe
  C:\Windows\System\bsMxWkJ.exe
  2⤵
  PID:5468
- C:\Windows\System\fsaKyeA.exe
  C:\Windows\System\fsaKyeA.exe
  2⤵
  PID:5528
- C:\Windows\System\tltHZQg.exe
  C:\Windows\System\tltHZQg.exe
  2⤵
  PID:5604
- C:\Windows\System\pTaTeIi.exe
  C:\Windows\System\pTaTeIi.exe
  2⤵
  PID:5660
- C:\Windows\System\grLZytI.exe
  C:\Windows\System\grLZytI.exe
  2⤵
  PID:5720
- C:\Windows\System\afjsmwL.exe
  C:\Windows\System\afjsmwL.exe
  2⤵
  PID:5776
- C:\Windows\System\IFAgAyv.exe
  C:\Windows\System\IFAgAyv.exe
  2⤵
  PID:5836
- C:\Windows\System\jOYmypd.exe
  C:\Windows\System\jOYmypd.exe
  2⤵
  PID:5892
- C:\Windows\System\kvvmlFi.exe
  C:\Windows\System\kvvmlFi.exe
  2⤵
  PID:5948
- C:\Windows\System\ZUlNkAb.exe
  C:\Windows\System\ZUlNkAb.exe
  2⤵
  PID:6004
- C:\Windows\System\rayUHOf.exe
  C:\Windows\System\rayUHOf.exe
  2⤵
  PID:6080
- C:\Windows\System\KWDpYGD.exe
  C:\Windows\System\KWDpYGD.exe
  2⤵
  PID:6140
- C:\Windows\System\flJRLUI.exe
  C:\Windows\System\flJRLUI.exe
  2⤵
  PID:368
- C:\Windows\System\oGIwkxY.exe
  C:\Windows\System\oGIwkxY.exe
  2⤵
  PID:5248
- C:\Windows\System\WucqnmD.exe
  C:\Windows\System\WucqnmD.exe
  2⤵
  PID:3732
- C:\Windows\System\oqbJSlE.exe
  C:\Windows\System\oqbJSlE.exe
  2⤵
  PID:5556
- C:\Windows\System\XWmehJJ.exe
  C:\Windows\System\XWmehJJ.exe
  2⤵
  PID:5688
- C:\Windows\System\rViWalC.exe
  C:\Windows\System\rViWalC.exe
  2⤵
  PID:5804
- C:\Windows\System\fpCUnoJ.exe
  C:\Windows\System\fpCUnoJ.exe
  2⤵
  PID:5916
- C:\Windows\System\dnnLbRU.exe
  C:\Windows\System\dnnLbRU.exe
  2⤵
  PID:6056
- C:\Windows\System\VAqWBIA.exe
  C:\Windows\System\VAqWBIA.exe
  2⤵
  PID:2292
- C:\Windows\System\XqwLBpz.exe
  C:\Windows\System\XqwLBpz.exe
  2⤵
  PID:5328
- C:\Windows\System\uRWQSfE.exe
  C:\Windows\System\uRWQSfE.exe
  2⤵
  PID:5632
- C:\Windows\System\aJGTCre.exe
  C:\Windows\System\aJGTCre.exe
  2⤵
  PID:6116
- C:\Windows\System\qtxfhkT.exe
  C:\Windows\System\qtxfhkT.exe
  2⤵
  PID:6156
- C:\Windows\System\LReDUXa.exe
  C:\Windows\System\LReDUXa.exe
  2⤵
  PID:6188
- C:\Windows\System\XfzXGLC.exe
  C:\Windows\System\XfzXGLC.exe
  2⤵
  PID:6216
- C:\Windows\System\SnGowPx.exe
  C:\Windows\System\SnGowPx.exe
  2⤵
  PID:6236
- C:\Windows\System\QZGmxhY.exe
  C:\Windows\System\QZGmxhY.exe
  2⤵
  PID:6252
- C:\Windows\System\cJtdmpt.exe
  C:\Windows\System\cJtdmpt.exe
  2⤵
  PID:6284
- C:\Windows\System\HCMbDel.exe
  C:\Windows\System\HCMbDel.exe
  2⤵
  PID:6308
- C:\Windows\System\mZKYaVG.exe
  C:\Windows\System\mZKYaVG.exe
  2⤵
  PID:6356
- C:\Windows\System\TEZtzHg.exe
  C:\Windows\System\TEZtzHg.exe
  2⤵
  PID:6424
- C:\Windows\System\eROlEaf.exe
  C:\Windows\System\eROlEaf.exe
  2⤵
  PID:6456
- C:\Windows\System\mftfkXj.exe
  C:\Windows\System\mftfkXj.exe
  2⤵
  PID:6504
- C:\Windows\System\fjNIORT.exe
  C:\Windows\System\fjNIORT.exe
  2⤵
  PID:6556
- C:\Windows\System\cmClEDL.exe
  C:\Windows\System\cmClEDL.exe
  2⤵
  PID:6576
- C:\Windows\System\njYmxSb.exe
  C:\Windows\System\njYmxSb.exe
  2⤵
  PID:6608
- C:\Windows\System\TgXBMzp.exe
  C:\Windows\System\TgXBMzp.exe
  2⤵
  PID:6624
- C:\Windows\System\QBQzglS.exe
  C:\Windows\System\QBQzglS.exe
  2⤵
  PID:6644
- C:\Windows\System\IqfndkO.exe
  C:\Windows\System\IqfndkO.exe
  2⤵
  PID:6680
- C:\Windows\System\ZYDJvRk.exe
  C:\Windows\System\ZYDJvRk.exe
  2⤵
  PID:6780
- C:\Windows\System\UHVtCVY.exe
  C:\Windows\System\UHVtCVY.exe
  2⤵
  PID:6816
- C:\Windows\System\TxZFwbB.exe
  C:\Windows\System\TxZFwbB.exe
  2⤵
  PID:6852
- C:\Windows\System\QgATGpM.exe
  C:\Windows\System\QgATGpM.exe
  2⤵
  PID:6888
- C:\Windows\System\IeVXMoL.exe
  C:\Windows\System\IeVXMoL.exe
  2⤵
  PID:6928
- C:\Windows\System\zZxFhJi.exe
  C:\Windows\System\zZxFhJi.exe
  2⤵
  PID:6956
- C:\Windows\System\yeDqADA.exe
  C:\Windows\System\yeDqADA.exe
  2⤵
  PID:6984
- C:\Windows\System\idHIeDL.exe
  C:\Windows\System\idHIeDL.exe
  2⤵
  PID:7000
- C:\Windows\System\urxjSKS.exe
  C:\Windows\System\urxjSKS.exe
  2⤵
  PID:7016
- C:\Windows\System\pojMQVn.exe
  C:\Windows\System\pojMQVn.exe
  2⤵
  PID:7056
- C:\Windows\System\JoWnLKZ.exe
  C:\Windows\System\JoWnLKZ.exe
  2⤵
  PID:7096
- C:\Windows\System\ocSMqIm.exe
  C:\Windows\System\ocSMqIm.exe
  2⤵
  PID:7124
- C:\Windows\System\djWqSBg.exe
  C:\Windows\System\djWqSBg.exe
  2⤵
  PID:7152
- C:\Windows\System\ZFaDfYP.exe
  C:\Windows\System\ZFaDfYP.exe
  2⤵
  PID:2088
- C:\Windows\System\qHSqpLy.exe
  C:\Windows\System\qHSqpLy.exe
  2⤵
  PID:3456
- C:\Windows\System\sRakhUZ.exe
  C:\Windows\System\sRakhUZ.exe
  2⤵
  PID:3064
- C:\Windows\System\KnprUfr.exe
  C:\Windows\System\KnprUfr.exe
  2⤵
  PID:4636
- C:\Windows\System\UFeZhXW.exe
  C:\Windows\System\UFeZhXW.exe
  2⤵
  PID:1032
- C:\Windows\System\XbzPyjF.exe
  C:\Windows\System\XbzPyjF.exe
  2⤵
  PID:6204
- C:\Windows\System\RsySZmV.exe
  C:\Windows\System\RsySZmV.exe
  2⤵
  PID:6248
- C:\Windows\System\npIMeEO.exe
  C:\Windows\System\npIMeEO.exe
  2⤵
  PID:6396
- C:\Windows\System\oIYOjQm.exe
  C:\Windows\System\oIYOjQm.exe
  2⤵
  PID:6448
- C:\Windows\System\zfuBBsh.exe
  C:\Windows\System\zfuBBsh.exe
  2⤵
  PID:6564
- C:\Windows\System\jVxEQkP.exe
  C:\Windows\System\jVxEQkP.exe
  2⤵
  PID:6668
- C:\Windows\System\simjMDX.exe
  C:\Windows\System\simjMDX.exe
  2⤵
  PID:6812
- C:\Windows\System\zDktlOL.exe
  C:\Windows\System\zDktlOL.exe
  2⤵
  PID:6920
- C:\Windows\System\SuWYiJB.exe
  C:\Windows\System\SuWYiJB.exe
  2⤵
  PID:6952
- C:\Windows\System\MFdZfQp.exe
  C:\Windows\System\MFdZfQp.exe
  2⤵
  PID:7028
- C:\Windows\System\JHCpDGn.exe
  C:\Windows\System\JHCpDGn.exe
  2⤵
  PID:7144
- C:\Windows\System\XeiPovC.exe
  C:\Windows\System\XeiPovC.exe
  2⤵
  PID:3600
- C:\Windows\System\zTcxldQ.exe
  C:\Windows\System\zTcxldQ.exe
  2⤵
  PID:4520
- C:\Windows\System\MWGqEEp.exe
  C:\Windows\System\MWGqEEp.exe
  2⤵
  PID:6316
- C:\Windows\System\OXqtqFh.exe
  C:\Windows\System\OXqtqFh.exe
  2⤵
  PID:6604
- C:\Windows\System\WbdGHfE.exe
  C:\Windows\System\WbdGHfE.exe
  2⤵
  PID:6824
- C:\Windows\System\aTupZhY.exe
  C:\Windows\System\aTupZhY.exe
  2⤵
  PID:7012
- C:\Windows\System\pvhUjWG.exe
  C:\Windows\System\pvhUjWG.exe
  2⤵
  PID:2664
- C:\Windows\System\AOJFPzm.exe
  C:\Windows\System\AOJFPzm.exe
  2⤵
  PID:6528
- C:\Windows\System\ZYVmrwp.exe
  C:\Windows\System\ZYVmrwp.exe
  2⤵
  PID:6940
- C:\Windows\System\TmZeFpo.exe
  C:\Windows\System\TmZeFpo.exe
  2⤵
  PID:6200
- C:\Windows\System\kXrRhWv.exe
  C:\Windows\System\kXrRhWv.exe
  2⤵
  PID:6620
- C:\Windows\System\ibYxAmx.exe
  C:\Windows\System\ibYxAmx.exe
  2⤵
  PID:1792
- C:\Windows\System\MLOEKXy.exe
  C:\Windows\System\MLOEKXy.exe
  2⤵
  PID:6948
- C:\Windows\System\QWiHsSc.exe
  C:\Windows\System\QWiHsSc.exe
  2⤵
  PID:6800
- C:\Windows\System\IDvFfMR.exe
  C:\Windows\System\IDvFfMR.exe
  2⤵
  PID:6196
- C:\Windows\System\eSbfUAW.exe
  C:\Windows\System\eSbfUAW.exe
  2⤵
  PID:7184
- C:\Windows\System\PtJGlzX.exe
  C:\Windows\System\PtJGlzX.exe
  2⤵
  PID:7220
- C:\Windows\System\LtrNrPV.exe
  C:\Windows\System\LtrNrPV.exe
  2⤵
  PID:7264
- C:\Windows\System\pQSRhrY.exe
  C:\Windows\System\pQSRhrY.exe
  2⤵
  PID:7312
- C:\Windows\System\MyfVVQX.exe
  C:\Windows\System\MyfVVQX.exe
  2⤵
  PID:7336
- C:\Windows\System\fcbxENb.exe
  C:\Windows\System\fcbxENb.exe
  2⤵
  PID:7372
- C:\Windows\System\FNpYCZg.exe
  C:\Windows\System\FNpYCZg.exe
  2⤵
  PID:7392
- C:\Windows\System\zmDfBPR.exe
  C:\Windows\System\zmDfBPR.exe
  2⤵
  PID:7424
- C:\Windows\System\bABtyCd.exe
  C:\Windows\System\bABtyCd.exe
  2⤵
  PID:7468
- C:\Windows\System\ExDecRk.exe
  C:\Windows\System\ExDecRk.exe
  2⤵
  PID:7500
- C:\Windows\System\KfxQsWa.exe
  C:\Windows\System\KfxQsWa.exe
  2⤵
  PID:7532
- C:\Windows\System\dDdwojy.exe
  C:\Windows\System\dDdwojy.exe
  2⤵
  PID:7560
- C:\Windows\System\sEQNASU.exe
  C:\Windows\System\sEQNASU.exe
  2⤵
  PID:7588
- C:\Windows\System\ayGtfgA.exe
  C:\Windows\System\ayGtfgA.exe
  2⤵
  PID:7616
- C:\Windows\System\HIxbeZW.exe
  C:\Windows\System\HIxbeZW.exe
  2⤵
  PID:7644
- C:\Windows\System\faompuc.exe
  C:\Windows\System\faompuc.exe
  2⤵
  PID:7672
- C:\Windows\System\RBOnpIb.exe
  C:\Windows\System\RBOnpIb.exe
  2⤵
  PID:7704
- C:\Windows\System\IqRryyy.exe
  C:\Windows\System\IqRryyy.exe
  2⤵
  PID:7728
- C:\Windows\System\GfYabgV.exe
  C:\Windows\System\GfYabgV.exe
  2⤵
  PID:7756
- C:\Windows\System\syRMRUj.exe
  C:\Windows\System\syRMRUj.exe
  2⤵
  PID:7784
- C:\Windows\System\BhXXOmL.exe
  C:\Windows\System\BhXXOmL.exe
  2⤵
  PID:7816
- C:\Windows\System\UHJpeGf.exe
  C:\Windows\System\UHJpeGf.exe
  2⤵
  PID:7844
- C:\Windows\System\QvOUXMh.exe
  C:\Windows\System\QvOUXMh.exe
  2⤵
  PID:7872
- C:\Windows\System\LShRUxE.exe
  C:\Windows\System\LShRUxE.exe
  2⤵
  PID:7912
- C:\Windows\System\XhOHQfr.exe
  C:\Windows\System\XhOHQfr.exe
  2⤵
  PID:7952
- C:\Windows\System\siGSdjw.exe
  C:\Windows\System\siGSdjw.exe
  2⤵
  PID:7976
- C:\Windows\System\deygZYO.exe
  C:\Windows\System\deygZYO.exe
  2⤵
  PID:8004
- C:\Windows\System\xYXXCbA.exe
  C:\Windows\System\xYXXCbA.exe
  2⤵
  PID:8040
- C:\Windows\System\KZoBdpj.exe
  C:\Windows\System\KZoBdpj.exe
  2⤵
  PID:8068
- C:\Windows\System\BLZdCaQ.exe
  C:\Windows\System\BLZdCaQ.exe
  2⤵
  PID:8096
- C:\Windows\System\vSJZswd.exe
  C:\Windows\System\vSJZswd.exe
  2⤵
  PID:8124
- C:\Windows\System\BFzVwfN.exe
  C:\Windows\System\BFzVwfN.exe
  2⤵
  PID:8152
- C:\Windows\System\OpIHkya.exe
  C:\Windows\System\OpIHkya.exe
  2⤵
  PID:8180
- C:\Windows\System\TmGUEzN.exe
  C:\Windows\System\TmGUEzN.exe
  2⤵
  PID:7180
- C:\Windows\System\wdJIWGo.exe
  C:\Windows\System\wdJIWGo.exe
  2⤵
  PID:7288
- C:\Windows\System\HkxfyXc.exe
  C:\Windows\System\HkxfyXc.exe
  2⤵
  PID:7300
- C:\Windows\System\STqvhva.exe
  C:\Windows\System\STqvhva.exe
  2⤵
  PID:7360
- C:\Windows\System\IiWmEup.exe
  C:\Windows\System\IiWmEup.exe
  2⤵
  PID:7388
- C:\Windows\System\MWAveqL.exe
  C:\Windows\System\MWAveqL.exe
  2⤵
  PID:7512
- C:\Windows\System\VaBnsSt.exe
  C:\Windows\System\VaBnsSt.exe
  2⤵
  PID:7556
- C:\Windows\System\RsVCLmo.exe
  C:\Windows\System\RsVCLmo.exe
  2⤵
  PID:7628
- C:\Windows\System\kiTncHx.exe
  C:\Windows\System\kiTncHx.exe
  2⤵
  PID:7692
- C:\Windows\System\XxWABef.exe
  C:\Windows\System\XxWABef.exe
  2⤵
  PID:6404
- C:\Windows\System\YinlMjp.exe
  C:\Windows\System\YinlMjp.exe
  2⤵
  PID:7812
- C:\Windows\System\ruxeBJr.exe
  C:\Windows\System\ruxeBJr.exe
  2⤵
  PID:7884
- C:\Windows\System\wxsPXCs.exe
  C:\Windows\System\wxsPXCs.exe
  2⤵
  PID:7960
- C:\Windows\System\RedoaFo.exe
  C:\Windows\System\RedoaFo.exe
  2⤵
  PID:8032
- C:\Windows\System\exHHlCO.exe
  C:\Windows\System\exHHlCO.exe
  2⤵
  PID:8116
- C:\Windows\System\NTmSqqn.exe
  C:\Windows\System\NTmSqqn.exe
  2⤵
  PID:8176
- C:\Windows\System\wZqFPPq.exe
  C:\Windows\System\wZqFPPq.exe
  2⤵
  PID:7296
- C:\Windows\System\IrGkCmz.exe
  C:\Windows\System\IrGkCmz.exe
  2⤵
  PID:7496
- C:\Windows\System\ENdOgpA.exe
  C:\Windows\System\ENdOgpA.exe
  2⤵
  PID:7740
- C:\Windows\System\erlUBnd.exe
  C:\Windows\System\erlUBnd.exe
  2⤵
  PID:4632
- C:\Windows\System\JvlIkux.exe
  C:\Windows\System\JvlIkux.exe
  2⤵
  PID:8000
- C:\Windows\System\gSgTaMO.exe
  C:\Windows\System\gSgTaMO.exe
  2⤵
  PID:8144
- C:\Windows\System\kWwuTYw.exe
  C:\Windows\System\kWwuTYw.exe
  2⤵
  PID:7348
- C:\Windows\System\LVQwfDL.exe
  C:\Windows\System\LVQwfDL.exe
  2⤵
  PID:8200
- C:\Windows\System\pUVlHqw.exe
  C:\Windows\System\pUVlHqw.exe
  2⤵
  PID:8224
- C:\Windows\System\yibCbjT.exe
  C:\Windows\System\yibCbjT.exe
  2⤵
  PID:8244
- C:\Windows\System\VUSwUAH.exe
  C:\Windows\System\VUSwUAH.exe
  2⤵
  PID:8272
- C:\Windows\System\qKNjxnx.exe
  C:\Windows\System\qKNjxnx.exe
  2⤵
  PID:8304
- C:\Windows\System\qpKKmDC.exe
  C:\Windows\System\qpKKmDC.exe
  2⤵
  PID:8340
- C:\Windows\System\SrMvGTp.exe
  C:\Windows\System\SrMvGTp.exe
  2⤵
  PID:8364
- C:\Windows\System\RLUPyPo.exe
  C:\Windows\System\RLUPyPo.exe
  2⤵
  PID:8396
- C:\Windows\System\liIQyIs.exe
  C:\Windows\System\liIQyIs.exe
  2⤵
  PID:8428
- C:\Windows\System\GvvWxPD.exe
  C:\Windows\System\GvvWxPD.exe
  2⤵
  PID:8452
- C:\Windows\System\DSdDzdX.exe
  C:\Windows\System\DSdDzdX.exe
  2⤵
  PID:8488
- C:\Windows\System\Mlpfnns.exe
  C:\Windows\System\Mlpfnns.exe
  2⤵
  PID:8512
- C:\Windows\System\AVMxLoa.exe
  C:\Windows\System\AVMxLoa.exe
  2⤵
  PID:8540
- C:\Windows\System\slEYVFL.exe
  C:\Windows\System\slEYVFL.exe
  2⤵
  PID:8572
- C:\Windows\System\banTlqs.exe
  C:\Windows\System\banTlqs.exe
  2⤵
  PID:8604
- C:\Windows\System\oQonFlo.exe
  C:\Windows\System\oQonFlo.exe
  2⤵
  PID:8624
- C:\Windows\System\tyPlUlP.exe
  C:\Windows\System\tyPlUlP.exe
  2⤵
  PID:8652
- C:\Windows\System\vZGFSXp.exe
  C:\Windows\System\vZGFSXp.exe
  2⤵
  PID:8680
- C:\Windows\System\aQBJZlR.exe
  C:\Windows\System\aQBJZlR.exe
  2⤵
  PID:8712
- C:\Windows\System\MmStDck.exe
  C:\Windows\System\MmStDck.exe
  2⤵
  PID:8736
- C:\Windows\System\kRlXPYr.exe
  C:\Windows\System\kRlXPYr.exe
  2⤵
  PID:8768
- C:\Windows\System\WKRrtXF.exe
  C:\Windows\System\WKRrtXF.exe
  2⤵
  PID:8792
- C:\Windows\System\pPUUTVP.exe
  C:\Windows\System\pPUUTVP.exe
  2⤵
  PID:8824
- C:\Windows\System\pFFBOIS.exe
  C:\Windows\System\pFFBOIS.exe
  2⤵
  PID:8852
- C:\Windows\System\iWARLii.exe
  C:\Windows\System\iWARLii.exe
  2⤵
  PID:8880
- C:\Windows\System\iejwPId.exe
  C:\Windows\System\iejwPId.exe
  2⤵
  PID:8916
- C:\Windows\System\xiUlXYc.exe
  C:\Windows\System\xiUlXYc.exe
  2⤵
  PID:8940
- C:\Windows\System\wcOyzqj.exe
  C:\Windows\System\wcOyzqj.exe
  2⤵
  PID:8968
- C:\Windows\System\fIyPVDz.exe
  C:\Windows\System\fIyPVDz.exe
  2⤵
  PID:9000
- C:\Windows\System\jTlaECJ.exe
  C:\Windows\System\jTlaECJ.exe
  2⤵
  PID:9024
- C:\Windows\System\HveCyhN.exe
  C:\Windows\System\HveCyhN.exe
  2⤵
  PID:9056
- C:\Windows\System\EaGKOJt.exe
  C:\Windows\System\EaGKOJt.exe
  2⤵
  PID:9080
- C:\Windows\System\XcZIpHx.exe
  C:\Windows\System\XcZIpHx.exe
  2⤵
  PID:9108
- C:\Windows\System\EaBnddH.exe
  C:\Windows\System\EaBnddH.exe
  2⤵
  PID:9136
- C:\Windows\System\MCBfzaH.exe
  C:\Windows\System\MCBfzaH.exe
  2⤵
  PID:9152
- C:\Windows\System\fvUPXNY.exe
  C:\Windows\System\fvUPXNY.exe
  2⤵
  PID:9208
- C:\Windows\System\ryjzlEO.exe
  C:\Windows\System\ryjzlEO.exe
  2⤵
  PID:8208
- C:\Windows\System\ALouuRT.exe
  C:\Windows\System\ALouuRT.exe
  2⤵
  PID:8296
- C:\Windows\System\MVudWkK.exe
  C:\Windows\System\MVudWkK.exe
  2⤵
  PID:8356
- C:\Windows\System\lYOMXOw.exe
  C:\Windows\System\lYOMXOw.exe
  2⤵
  PID:8444
- C:\Windows\System\fOzYduI.exe
  C:\Windows\System\fOzYduI.exe
  2⤵
  PID:8500
- C:\Windows\System\TBiACJk.exe
  C:\Windows\System\TBiACJk.exe
  2⤵
  PID:8592
- C:\Windows\System\PPyLweN.exe
  C:\Windows\System\PPyLweN.exe
  2⤵
  PID:8676
- C:\Windows\System\qRkwxMR.exe
  C:\Windows\System\qRkwxMR.exe
  2⤵
  PID:8780
- C:\Windows\System\RExZTjl.exe
  C:\Windows\System\RExZTjl.exe
  2⤵
  PID:8860
- C:\Windows\System\xLMDKPf.exe
  C:\Windows\System\xLMDKPf.exe
  2⤵
  PID:8928
- C:\Windows\System\OsMJPVh.exe
  C:\Windows\System\OsMJPVh.exe
  2⤵
  PID:9020
- C:\Windows\System\MdUyaCi.exe
  C:\Windows\System\MdUyaCi.exe
  2⤵
  PID:9100
- C:\Windows\System\EVblWmE.exe
  C:\Windows\System\EVblWmE.exe
  2⤵
  PID:9148
- C:\Windows\System\CqBvFua.exe
  C:\Windows\System\CqBvFua.exe
  2⤵
  PID:8236
- C:\Windows\System\zNTHTyb.exe
  C:\Windows\System\zNTHTyb.exe
  2⤵
  PID:8268
- C:\Windows\System\VDSdSqy.exe
  C:\Windows\System\VDSdSqy.exe
  2⤵
  PID:8580
- C:\Windows\System\cgEovVc.exe
  C:\Windows\System\cgEovVc.exe
  2⤵
  PID:8924
- C:\Windows\System\OitmbTE.exe
  C:\Windows\System\OitmbTE.exe
  2⤵
  PID:9008
- C:\Windows\System\TXgGnMt.exe
  C:\Windows\System\TXgGnMt.exe
  2⤵
  PID:8348
- C:\Windows\System\myTsCER.exe
  C:\Windows\System\myTsCER.exe
  2⤵
  PID:9076
- C:\Windows\System\kProLgh.exe
  C:\Windows\System\kProLgh.exe
  2⤵
  PID:8700
- C:\Windows\System\MZVpjnT.exe
  C:\Windows\System\MZVpjnT.exe
  2⤵
  PID:9232
- C:\Windows\System\UDScSpG.exe
  C:\Windows\System\UDScSpG.exe
  2⤵
  PID:9280
- C:\Windows\System\gMWibft.exe
  C:\Windows\System\gMWibft.exe
  2⤵
  PID:9312
- C:\Windows\System\TosBIQJ.exe
  C:\Windows\System\TosBIQJ.exe
  2⤵
  PID:9344
- C:\Windows\System\lvSvPas.exe
  C:\Windows\System\lvSvPas.exe
  2⤵
  PID:9384
- C:\Windows\System\VvOgLjJ.exe
  C:\Windows\System\VvOgLjJ.exe
  2⤵
  PID:9428
- C:\Windows\System\qHOOXSM.exe
  C:\Windows\System\qHOOXSM.exe
  2⤵
  PID:9464
- C:\Windows\System\PvjDuID.exe
  C:\Windows\System\PvjDuID.exe
  2⤵
  PID:9480
- C:\Windows\System\YSMnkLQ.exe
  C:\Windows\System\YSMnkLQ.exe
  2⤵
  PID:9508
- C:\Windows\System\iqzwqWx.exe
  C:\Windows\System\iqzwqWx.exe
  2⤵
  PID:9536
- C:\Windows\System\JAxQptf.exe
  C:\Windows\System\JAxQptf.exe
  2⤵
  PID:9564
- C:\Windows\System\lfekbEP.exe
  C:\Windows\System\lfekbEP.exe
  2⤵
  PID:9604
- C:\Windows\System\kSMHpJZ.exe
  C:\Windows\System\kSMHpJZ.exe
  2⤵
  PID:9632
- C:\Windows\System\WxpdYDr.exe
  C:\Windows\System\WxpdYDr.exe
  2⤵
  PID:9660
- C:\Windows\System\IhPUMeY.exe
  C:\Windows\System\IhPUMeY.exe
  2⤵
  PID:9680
- C:\Windows\System\ApdBiiq.exe
  C:\Windows\System\ApdBiiq.exe
  2⤵
  PID:9704
- C:\Windows\System\TLYJUnx.exe
  C:\Windows\System\TLYJUnx.exe
  2⤵
  PID:9736
- C:\Windows\System\EGRThBn.exe
  C:\Windows\System\EGRThBn.exe
  2⤵
  PID:9772
- C:\Windows\System\fjNevxD.exe
  C:\Windows\System\fjNevxD.exe
  2⤵
  PID:9808
- C:\Windows\System\KlDNlwa.exe
  C:\Windows\System\KlDNlwa.exe
  2⤵
  PID:9836
- C:\Windows\System\MyPvQff.exe
  C:\Windows\System\MyPvQff.exe
  2⤵
  PID:9864
- C:\Windows\System\LollgvW.exe
  C:\Windows\System\LollgvW.exe
  2⤵
  PID:9892
- C:\Windows\System\AJgCFaM.exe
  C:\Windows\System\AJgCFaM.exe
  2⤵
  PID:9912
- C:\Windows\System\MPOGVaN.exe
  C:\Windows\System\MPOGVaN.exe
  2⤵
  PID:9944
- C:\Windows\System\tTsWfGa.exe
  C:\Windows\System\tTsWfGa.exe
  2⤵
  PID:9964
- C:\Windows\System\ORqiUSH.exe
  C:\Windows\System\ORqiUSH.exe
  2⤵
  PID:10004
- C:\Windows\System\zwfKoWw.exe
  C:\Windows\System\zwfKoWw.exe
  2⤵
  PID:10036
- C:\Windows\System\LjtZLfr.exe
  C:\Windows\System\LjtZLfr.exe
  2⤵
  PID:10052
- C:\Windows\System\OFhegPZ.exe
  C:\Windows\System\OFhegPZ.exe
  2⤵
  PID:10096
- C:\Windows\System\Obmnbos.exe
  C:\Windows\System\Obmnbos.exe
  2⤵
  PID:10128
- C:\Windows\System\MlFYYWu.exe
  C:\Windows\System\MlFYYWu.exe
  2⤵
  PID:10156
- C:\Windows\System\zgkwXHw.exe
  C:\Windows\System\zgkwXHw.exe
  2⤵
  PID:10184
- C:\Windows\System\mbkIZZE.exe
  C:\Windows\System\mbkIZZE.exe
  2⤵
  PID:10200
- C:\Windows\System\LQaaWuF.exe
  C:\Windows\System\LQaaWuF.exe
  2⤵
  PID:10220
- C:\Windows\System\cHrlSpi.exe
  C:\Windows\System\cHrlSpi.exe
  2⤵
  PID:8528
- C:\Windows\System\UAkiTME.exe
  C:\Windows\System\UAkiTME.exe
  2⤵
  PID:9244
- C:\Windows\System\rrPsNTG.exe
  C:\Windows\System\rrPsNTG.exe
  2⤵
  PID:9408
- C:\Windows\System\BINidOb.exe
  C:\Windows\System\BINidOb.exe
  2⤵
  PID:9496
- C:\Windows\System\jIhZBEr.exe
  C:\Windows\System\jIhZBEr.exe
  2⤵
  PID:9532
- C:\Windows\System\POtZpxr.exe
  C:\Windows\System\POtZpxr.exe
  2⤵
  PID:9616
- C:\Windows\System\WiwxWuw.exe
  C:\Windows\System\WiwxWuw.exe
  2⤵
  PID:9696
- C:\Windows\System\LKCnAuK.exe
  C:\Windows\System\LKCnAuK.exe
  2⤵
  PID:9760
- C:\Windows\System\ideTrAf.exe
  C:\Windows\System\ideTrAf.exe
  2⤵
  PID:3688
- C:\Windows\System\zoxjgSK.exe
  C:\Windows\System\zoxjgSK.exe
  2⤵
  PID:9908
- C:\Windows\System\kNsZsum.exe
  C:\Windows\System\kNsZsum.exe
  2⤵
  PID:9956
- C:\Windows\System\jmjVTJZ.exe
  C:\Windows\System\jmjVTJZ.exe
  2⤵
  PID:10048
- C:\Windows\System\zFFGhFh.exe
  C:\Windows\System\zFFGhFh.exe
  2⤵
  PID:10124
- C:\Windows\System\VvnVIvp.exe
  C:\Windows\System\VvnVIvp.exe
  2⤵
  PID:10176
- C:\Windows\System\VqNWHyI.exe
  C:\Windows\System\VqNWHyI.exe
  2⤵
  PID:10216
- C:\Windows\System\lhgaxJS.exe
  C:\Windows\System\lhgaxJS.exe
  2⤵
  PID:9420
- C:\Windows\System\pjwJuri.exe
  C:\Windows\System\pjwJuri.exe
  2⤵
  PID:9596
- C:\Windows\System\KfMxdnJ.exe
  C:\Windows\System\KfMxdnJ.exe
  2⤵
  PID:9716
- C:\Windows\System\xDHMutL.exe
  C:\Windows\System\xDHMutL.exe
  2⤵
  PID:9828
- C:\Windows\System\bWvOIDR.exe
  C:\Windows\System\bWvOIDR.exe
  2⤵
  PID:10024
- C:\Windows\System\USdggdt.exe
  C:\Windows\System\USdggdt.exe
  2⤵
  PID:10228
- C:\Windows\System\eLGsAzX.exe
  C:\Windows\System\eLGsAzX.exe
  2⤵
  PID:9524
- C:\Windows\System\LXqxPYM.exe
  C:\Windows\System\LXqxPYM.exe
  2⤵
  PID:9888
- C:\Windows\System\rGFHLrD.exe
  C:\Windows\System\rGFHLrD.exe
  2⤵
  PID:9452
- C:\Windows\System\abmHSUq.exe
  C:\Windows\System\abmHSUq.exe
  2⤵
  PID:10144
- C:\Windows\System\YLytwyX.exe
  C:\Windows\System\YLytwyX.exe
  2⤵
  PID:9900
- C:\Windows\System\surhWmQ.exe
  C:\Windows\System\surhWmQ.exe
  2⤵
  PID:10256
- C:\Windows\System\SnBLQkn.exe
  C:\Windows\System\SnBLQkn.exe
  2⤵
  PID:10276
- C:\Windows\System\VlTgcJR.exe
  C:\Windows\System\VlTgcJR.exe
  2⤵
  PID:10312
- C:\Windows\System\wiqLPbH.exe
  C:\Windows\System\wiqLPbH.exe
  2⤵
  PID:10332
- C:\Windows\System\FfQsqap.exe
  C:\Windows\System\FfQsqap.exe
  2⤵
  PID:10364
- C:\Windows\System\lXyxDmD.exe
  C:\Windows\System\lXyxDmD.exe
  2⤵
  PID:10384
- C:\Windows\System\gCQAgPu.exe
  C:\Windows\System\gCQAgPu.exe
  2⤵
  PID:10432
- C:\Windows\System\ifqdTMv.exe
  C:\Windows\System\ifqdTMv.exe
  2⤵
  PID:10472
- C:\Windows\System\JiMvtUb.exe
  C:\Windows\System\JiMvtUb.exe
  2⤵
  PID:10500
- C:\Windows\System\XNaEohO.exe
  C:\Windows\System\XNaEohO.exe
  2⤵
  PID:10528
- C:\Windows\System\iZzAbjs.exe
  C:\Windows\System\iZzAbjs.exe
  2⤵
  PID:10556
- C:\Windows\System\aFQSfaO.exe
  C:\Windows\System\aFQSfaO.exe
  2⤵
  PID:10584
- C:\Windows\System\xmGLQgV.exe
  C:\Windows\System\xmGLQgV.exe
  2⤵
  PID:10612
- C:\Windows\System\lyFOYja.exe
  C:\Windows\System\lyFOYja.exe
  2⤵
  PID:10628
- C:\Windows\System\ewqQXeF.exe
  C:\Windows\System\ewqQXeF.exe
  2⤵
  PID:10660
- C:\Windows\System\OSJDNIV.exe
  C:\Windows\System\OSJDNIV.exe
  2⤵
  PID:10684
- C:\Windows\System\aqOWaAD.exe
  C:\Windows\System\aqOWaAD.exe
  2⤵
  PID:10712
- C:\Windows\System\gklRRoW.exe
  C:\Windows\System\gklRRoW.exe
  2⤵
  PID:10752
- C:\Windows\System\RkxXTMx.exe
  C:\Windows\System\RkxXTMx.exe
  2⤵
  PID:10780
- C:\Windows\System\sMMDAWa.exe
  C:\Windows\System\sMMDAWa.exe
  2⤵
  PID:10808
- C:\Windows\System\ekgKguf.exe
  C:\Windows\System\ekgKguf.exe
  2⤵
  PID:10824
- C:\Windows\System\ENtORSX.exe
  C:\Windows\System\ENtORSX.exe
  2⤵
  PID:10864
- C:\Windows\System\OUmpywq.exe
  C:\Windows\System\OUmpywq.exe
  2⤵
  PID:10892
- C:\Windows\System\CWqSrAX.exe
  C:\Windows\System\CWqSrAX.exe
  2⤵
  PID:10920
- C:\Windows\System\BKObNql.exe
  C:\Windows\System\BKObNql.exe
  2⤵
  PID:10948
- C:\Windows\System\FzdtvHs.exe
  C:\Windows\System\FzdtvHs.exe
  2⤵
  PID:10976
- C:\Windows\System\dyTcmDt.exe
  C:\Windows\System\dyTcmDt.exe
  2⤵
  PID:11004
- C:\Windows\System\bQOkPke.exe
  C:\Windows\System\bQOkPke.exe
  2⤵
  PID:11020
- C:\Windows\System\QLJZIEI.exe
  C:\Windows\System\QLJZIEI.exe
  2⤵
  PID:11060
- C:\Windows\System\jJtIdwE.exe
  C:\Windows\System\jJtIdwE.exe
  2⤵
  PID:11088
- C:\Windows\System\NKWcEPX.exe
  C:\Windows\System\NKWcEPX.exe
  2⤵
  PID:11116
- C:\Windows\System\nQptzJg.exe
  C:\Windows\System\nQptzJg.exe
  2⤵
  PID:11144
- C:\Windows\System\mvKyqFc.exe
  C:\Windows\System\mvKyqFc.exe
  2⤵
  PID:11172
- C:\Windows\System\cdbKILW.exe
  C:\Windows\System\cdbKILW.exe
  2⤵
  PID:11200
- C:\Windows\System\uDglWrK.exe
  C:\Windows\System\uDglWrK.exe
  2⤵
  PID:11228
- C:\Windows\System\xJtDOJR.exe
  C:\Windows\System\xJtDOJR.exe
  2⤵
  PID:11256
- C:\Windows\System\hKAOfKB.exe
  C:\Windows\System\hKAOfKB.exe
  2⤵
  PID:10356
- C:\Windows\System\OtZDqdG.exe
  C:\Windows\System\OtZDqdG.exe
  2⤵
  PID:10352
- C:\Windows\System\odxJAho.exe
  C:\Windows\System\odxJAho.exe
  2⤵
  PID:10420
- C:\Windows\System\KuZAHoS.exe
  C:\Windows\System\KuZAHoS.exe
  2⤵
  PID:10496
- C:\Windows\System\zOSSbeu.exe
  C:\Windows\System\zOSSbeu.exe
  2⤵
  PID:10548
- C:\Windows\System\MHbFYyy.exe
  C:\Windows\System\MHbFYyy.exe
  2⤵
  PID:10596
- C:\Windows\System\kPwnPXn.exe
  C:\Windows\System\kPwnPXn.exe
  2⤵
  PID:10672
- C:\Windows\System\uUXHroU.exe
  C:\Windows\System\uUXHroU.exe
  2⤵
  PID:10744
- C:\Windows\System\akOLCTK.exe
  C:\Windows\System\akOLCTK.exe
  2⤵
  PID:10772
- C:\Windows\System\vFEjiQV.exe
  C:\Windows\System\vFEjiQV.exe
  2⤵
  PID:10848
- C:\Windows\System\hPdsFVV.exe
  C:\Windows\System\hPdsFVV.exe
  2⤵
  PID:10936
- C:\Windows\System\pPSRQNI.exe
  C:\Windows\System\pPSRQNI.exe
  2⤵
  PID:11000
- C:\Windows\System\wACrcIA.exe
  C:\Windows\System\wACrcIA.exe
  2⤵
  PID:11076
- C:\Windows\System\kErnRhB.exe
  C:\Windows\System\kErnRhB.exe
  2⤵
  PID:11136
- C:\Windows\System\nrTrYPu.exe
  C:\Windows\System\nrTrYPu.exe
  2⤵
  PID:11196
- C:\Windows\System\WssjhlF.exe
  C:\Windows\System\WssjhlF.exe
  2⤵
  PID:11240
- C:\Windows\System\xMyXhbd.exe
  C:\Windows\System\xMyXhbd.exe
  2⤵
  PID:10372
- C:\Windows\System\ofYrpdd.exe
  C:\Windows\System\ofYrpdd.exe
  2⤵
  PID:10600
- C:\Windows\System\cwGfaPO.exe
  C:\Windows\System\cwGfaPO.exe
  2⤵
  PID:10736
- C:\Windows\System\pPuELmj.exe
  C:\Windows\System\pPuELmj.exe
  2⤵
  PID:10904
- C:\Windows\System\CTXykmb.exe
  C:\Windows\System\CTXykmb.exe
  2⤵
  PID:11052
- C:\Windows\System\KbhadxK.exe
  C:\Windows\System\KbhadxK.exe
  2⤵
  PID:11184
- C:\Windows\System\rFuJzww.exe
  C:\Windows\System\rFuJzww.exe
  2⤵
  PID:10412
- C:\Windows\System\VoboDqq.exe
  C:\Windows\System\VoboDqq.exe
  2⤵
  PID:10804
- C:\Windows\System\NRbKsCD.exe
  C:\Windows\System\NRbKsCD.exe
  2⤵
  PID:10724
- C:\Windows\System\wCYDpeV.exe
  C:\Windows\System\wCYDpeV.exe
  2⤵
  PID:11284
- C:\Windows\System\uiMRJfV.exe
  C:\Windows\System\uiMRJfV.exe
  2⤵
  PID:11312
- C:\Windows\System\dcuQaqe.exe
  C:\Windows\System\dcuQaqe.exe
  2⤵
  PID:11344
- C:\Windows\System\uXjpjbm.exe
  C:\Windows\System\uXjpjbm.exe
  2⤵
  PID:11360
- C:\Windows\System\kYyfVeW.exe
  C:\Windows\System\kYyfVeW.exe
  2⤵
  PID:11400
- C:\Windows\System\WaByebu.exe
  C:\Windows\System\WaByebu.exe
  2⤵
  PID:11428
- C:\Windows\System\PMNyoEE.exe
  C:\Windows\System\PMNyoEE.exe
  2⤵
  PID:11456
- C:\Windows\System\tXVxahp.exe
  C:\Windows\System\tXVxahp.exe
  2⤵
  PID:11484
- C:\Windows\System\yufGTcr.exe
  C:\Windows\System\yufGTcr.exe
  2⤵
  PID:11512
- C:\Windows\System\MkHRjwV.exe
  C:\Windows\System\MkHRjwV.exe
  2⤵
  PID:11540
- C:\Windows\System\gIrAaAS.exe
  C:\Windows\System\gIrAaAS.exe
  2⤵
  PID:11556
- C:\Windows\System\IJzPUcp.exe
  C:\Windows\System\IJzPUcp.exe
  2⤵
  PID:11592
- C:\Windows\System\cpOyhoz.exe
  C:\Windows\System\cpOyhoz.exe
  2⤵
  PID:11624
- C:\Windows\System\YtMuMAK.exe
  C:\Windows\System\YtMuMAK.exe
  2⤵
  PID:11652
- C:\Windows\System\GXKGivA.exe
  C:\Windows\System\GXKGivA.exe
  2⤵
  PID:11676
- C:\Windows\System\ArXBtpD.exe
  C:\Windows\System\ArXBtpD.exe
  2⤵
  PID:11704
- C:\Windows\System\tRvUztv.exe
  C:\Windows\System\tRvUztv.exe
  2⤵
  PID:11736
- C:\Windows\System\zoUmEiH.exe
  C:\Windows\System\zoUmEiH.exe
  2⤵
  PID:11764
- C:\Windows\System\tKzZqEd.exe
  C:\Windows\System\tKzZqEd.exe
  2⤵
  PID:11792
- C:\Windows\System\ASexNtc.exe
  C:\Windows\System\ASexNtc.exe
  2⤵
  PID:11820
- C:\Windows\System\YiNQrrm.exe
  C:\Windows\System\YiNQrrm.exe
  2⤵
  PID:11836
- C:\Windows\System\kVvVySH.exe
  C:\Windows\System\kVvVySH.exe
  2⤵
  PID:11868
- C:\Windows\System\DrveonS.exe
  C:\Windows\System\DrveonS.exe
  2⤵
  PID:11904
- C:\Windows\System\PwgbAdv.exe
  C:\Windows\System\PwgbAdv.exe
  2⤵
  PID:11932
- C:\Windows\System\BlzfANv.exe
  C:\Windows\System\BlzfANv.exe
  2⤵
  PID:11960
- C:\Windows\System\JFAVGJT.exe
  C:\Windows\System\JFAVGJT.exe
  2⤵
  PID:11976
- C:\Windows\System\MVDnZTl.exe
  C:\Windows\System\MVDnZTl.exe
  2⤵
  PID:12016
- C:\Windows\System\qaLzQTv.exe
  C:\Windows\System\qaLzQTv.exe
  2⤵
  PID:12044
- C:\Windows\System\lJhoabk.exe
  C:\Windows\System\lJhoabk.exe
  2⤵
  PID:12064
- C:\Windows\System\dSRozkn.exe
  C:\Windows\System\dSRozkn.exe
  2⤵
  PID:12100
- C:\Windows\System\uBnSoXz.exe
  C:\Windows\System\uBnSoXz.exe
  2⤵
  PID:12116
- C:\Windows\System\CZNIeyY.exe
  C:\Windows\System\CZNIeyY.exe
  2⤵
  PID:12132
- C:\Windows\System\TNsHNDA.exe
  C:\Windows\System\TNsHNDA.exe
  2⤵
  PID:12152
- C:\Windows\System\QvSOpJu.exe
  C:\Windows\System\QvSOpJu.exe
  2⤵
  PID:12180
- C:\Windows\System\Gdbrrby.exe
  C:\Windows\System\Gdbrrby.exe
  2⤵
  PID:12224
- C:\Windows\System\GdAyVQa.exe
  C:\Windows\System\GdAyVQa.exe
  2⤵
  PID:12268
- C:\Windows\System\NtTKhGW.exe
  C:\Windows\System\NtTKhGW.exe
  2⤵
  PID:11292
- C:\Windows\System\ZCSIsof.exe
  C:\Windows\System\ZCSIsof.exe
  2⤵
  PID:11340
- C:\Windows\System\mVvGmFe.exe
  C:\Windows\System\mVvGmFe.exe
  2⤵
  PID:11412
- C:\Windows\System\KGbvFjf.exe
  C:\Windows\System\KGbvFjf.exe
  2⤵
  PID:11468
- C:\Windows\System\QCZwFre.exe
  C:\Windows\System\QCZwFre.exe
  2⤵
  PID:11552
- C:\Windows\System\sblhUMR.exe
  C:\Windows\System\sblhUMR.exe
  2⤵
  PID:11612
- C:\Windows\System\vWGIOMu.exe
  C:\Windows\System\vWGIOMu.exe
  2⤵
  PID:11668
- C:\Windows\System\SZiQQSG.exe
  C:\Windows\System\SZiQQSG.exe
  2⤵
  PID:11724
- C:\Windows\System\CgIiTyi.exe
  C:\Windows\System\CgIiTyi.exe
  2⤵
  PID:11816
- C:\Windows\System\bcqMGWf.exe
  C:\Windows\System\bcqMGWf.exe
  2⤵
  PID:11892
- C:\Windows\System\yaJdLWc.exe
  C:\Windows\System\yaJdLWc.exe
  2⤵
  PID:11948
- C:\Windows\System\EMGqDrF.exe
  C:\Windows\System\EMGqDrF.exe
  2⤵
  PID:11992
- C:\Windows\System\eUrwjPH.exe
  C:\Windows\System\eUrwjPH.exe
  2⤵
  PID:12084
- C:\Windows\System\QIdplDb.exe
  C:\Windows\System\QIdplDb.exe
  2⤵
  PID:12124
- C:\Windows\System\FAeuIGu.exe
  C:\Windows\System\FAeuIGu.exe
  2⤵
  PID:12204
- C:\Windows\System\QOAXaUN.exe
  C:\Windows\System\QOAXaUN.exe
  2⤵
  PID:12260
- C:\Windows\System\DwCrTUq.exe
  C:\Windows\System\DwCrTUq.exe
  2⤵
  PID:11388
- C:\Windows\System\GHMeHZB.exe
  C:\Windows\System\GHMeHZB.exe
  2⤵
  PID:11444
- C:\Windows\System\wYqaEFI.exe
  C:\Windows\System\wYqaEFI.exe
  2⤵
  PID:11712
- C:\Windows\System\XEjSDsP.exe
  C:\Windows\System\XEjSDsP.exe
  2⤵
  PID:11848
- C:\Windows\System\vAQjyyg.exe
  C:\Windows\System\vAQjyyg.exe
  2⤵
  PID:11972
- C:\Windows\System\gAtVrNl.exe
  C:\Windows\System\gAtVrNl.exe
  2⤵
  PID:12112
- C:\Windows\System\KRwmtNC.exe
  C:\Windows\System\KRwmtNC.exe
  2⤵
  PID:12192
- C:\Windows\System\HLJpVjD.exe
  C:\Windows\System\HLJpVjD.exe
  2⤵
  PID:12264
- C:\Windows\System\jhesLbx.exe
  C:\Windows\System\jhesLbx.exe
  2⤵
  PID:11776
- C:\Windows\System\vhSopnt.exe
  C:\Windows\System\vhSopnt.exe
  2⤵
  PID:12248
- C:\Windows\System\QMBBFLw.exe
  C:\Windows\System\QMBBFLw.exe
  2⤵
  PID:11608
- C:\Windows\System\OGSaWXr.exe
  C:\Windows\System\OGSaWXr.exe
  2⤵
  PID:12296
- C:\Windows\System\kGYYRvz.exe
  C:\Windows\System\kGYYRvz.exe
  2⤵
  PID:12320
- C:\Windows\System\kiOHFEb.exe
  C:\Windows\System\kiOHFEb.exe
  2⤵
  PID:12356
- C:\Windows\System\lveasBz.exe
  C:\Windows\System\lveasBz.exe
  2⤵
  PID:12388
- C:\Windows\System\MngWdhg.exe
  C:\Windows\System\MngWdhg.exe
  2⤵
  PID:12416
- C:\Windows\System\LKGhCtG.exe
  C:\Windows\System\LKGhCtG.exe
  2⤵
  PID:12444
- C:\Windows\System\osjHHTs.exe
  C:\Windows\System\osjHHTs.exe
  2⤵
  PID:12460
- C:\Windows\System\nnZGcvQ.exe
  C:\Windows\System\nnZGcvQ.exe
  2⤵
  PID:12500
- C:\Windows\System\HYGKqIN.exe
  C:\Windows\System\HYGKqIN.exe
  2⤵
  PID:12528
- C:\Windows\System\CJqchEv.exe
  C:\Windows\System\CJqchEv.exe
  2⤵
  PID:12556
- C:\Windows\System\tdXUIYs.exe
  C:\Windows\System\tdXUIYs.exe
  2⤵
  PID:12572
- C:\Windows\System\vDLmFUe.exe
  C:\Windows\System\vDLmFUe.exe
  2⤵
  PID:12612
- C:\Windows\System\MkEMqZC.exe
  C:\Windows\System\MkEMqZC.exe
  2⤵
  PID:12640
- C:\Windows\System\mHtCmFJ.exe
  C:\Windows\System\mHtCmFJ.exe
  2⤵
  PID:12668
- C:\Windows\System\NXvmxpR.exe
  C:\Windows\System\NXvmxpR.exe
  2⤵
  PID:12696
- C:\Windows\System\WBBHLRy.exe
  C:\Windows\System\WBBHLRy.exe
  2⤵
  PID:12724
- C:\Windows\System\OFHClGm.exe
  C:\Windows\System\OFHClGm.exe
  2⤵
  PID:12752
- C:\Windows\System\IbOvppC.exe
  C:\Windows\System\IbOvppC.exe
  2⤵
  PID:12780
- C:\Windows\System\szPDEbQ.exe
  C:\Windows\System\szPDEbQ.exe
  2⤵
  PID:12808
- C:\Windows\System\GcZxEwm.exe
  C:\Windows\System\GcZxEwm.exe
  2⤵
  PID:12824
- C:\Windows\System\qyDxDgl.exe
  C:\Windows\System\qyDxDgl.exe
  2⤵
  PID:12864
- C:\Windows\System\iVbWBHP.exe
  C:\Windows\System\iVbWBHP.exe
  2⤵
  PID:12892
- C:\Windows\System\lAbRkoj.exe
  C:\Windows\System\lAbRkoj.exe
  2⤵
  PID:12908
- C:\Windows\System\nhoZKCc.exe
  C:\Windows\System\nhoZKCc.exe
  2⤵
  PID:12936
- C:\Windows\System\uACmoUo.exe
  C:\Windows\System\uACmoUo.exe
  2⤵
  PID:12976
- C:\Windows\System\KUSggpN.exe
  C:\Windows\System\KUSggpN.exe
  2⤵
  PID:12996
- C:\Windows\System\olsaREc.exe
  C:\Windows\System\olsaREc.exe
  2⤵
  PID:13032
- C:\Windows\System\AqUyPBR.exe
  C:\Windows\System\AqUyPBR.exe
  2⤵
  PID:13052
- C:\Windows\System\zeFAhyn.exe
  C:\Windows\System\zeFAhyn.exe
  2⤵
  PID:13088
- C:\Windows\System\fEXpCWV.exe
  C:\Windows\System\fEXpCWV.exe
  2⤵
  PID:13120
- C:\Windows\System\TjLGzZS.exe
  C:\Windows\System\TjLGzZS.exe
  2⤵
  PID:13136
- C:\Windows\System\NiBJqJW.exe
  C:\Windows\System\NiBJqJW.exe
  2⤵
  PID:13176
- C:\Windows\System\WMkFcHF.exe
  C:\Windows\System\WMkFcHF.exe
  2⤵
  PID:13204
- C:\Windows\System\IhNamNr.exe
  C:\Windows\System\IhNamNr.exe
  2⤵
  PID:13232
- C:\Windows\System\EhMtlsw.exe
  C:\Windows\System\EhMtlsw.exe
  2⤵
  PID:13260
- C:\Windows\System\TlEUzUp.exe
  C:\Windows\System\TlEUzUp.exe
  2⤵
  PID:13276
- C:\Windows\System\ivnvLRQ.exe
  C:\Windows\System\ivnvLRQ.exe
  2⤵
  PID:12348
- C:\Windows\System\PTmCywm.exe
  C:\Windows\System\PTmCywm.exe
  2⤵
  PID:12384
- C:\Windows\System\fTEClNi.exe
  C:\Windows\System\fTEClNi.exe
  2⤵
  PID:12428
- C:\Windows\System\clSHBGJ.exe
  C:\Windows\System\clSHBGJ.exe
  2⤵
  PID:12488
- C:\Windows\System\gAWeDwG.exe
  C:\Windows\System\gAWeDwG.exe
  2⤵
  PID:12564
- C:\Windows\System\rzqmeJF.exe
  C:\Windows\System\rzqmeJF.exe
  2⤵
  PID:12636
- C:\Windows\System\hUpSqEy.exe
  C:\Windows\System\hUpSqEy.exe
  2⤵
  PID:12712
- C:\Windows\System\aTFCdgT.exe
  C:\Windows\System\aTFCdgT.exe
  2⤵
  PID:12816
- C:\Windows\System\GzjTvwU.exe
  C:\Windows\System\GzjTvwU.exe
  2⤵
  PID:12928
- C:\Windows\System\pCBSOpL.exe
  C:\Windows\System\pCBSOpL.exe
  2⤵
  PID:13004
- C:\Windows\System\ZuLPpwx.exe
  C:\Windows\System\ZuLPpwx.exe
  2⤵
  PID:13064
- C:\Windows\System\GghkiMv.exe
  C:\Windows\System\GghkiMv.exe
  2⤵
  PID:13128
- C:\Windows\System\ReqhEwd.exe
  C:\Windows\System\ReqhEwd.exe
  2⤵
  PID:13192
- C:\Windows\System\yqziibE.exe
  C:\Windows\System\yqziibE.exe
  2⤵
  PID:13256
- C:\Windows\System\zlvUrzj.exe
  C:\Windows\System\zlvUrzj.exe
  2⤵
  PID:12292
- C:\Windows\System\oDNakMi.exe
  C:\Windows\System\oDNakMi.exe
  2⤵
  PID:12472
- C:\Windows\System\VYnfblh.exe
  C:\Windows\System\VYnfblh.exe
  2⤵
  PID:12660
- C:\Windows\System\cKMWBPn.exe
  C:\Windows\System\cKMWBPn.exe
  2⤵
  PID:6744
- C:\Windows\System\eccACvR.exe
  C:\Windows\System\eccACvR.exe
  2⤵
  PID:12844
- C:\Windows\System\aBBJZTC.exe
  C:\Windows\System\aBBJZTC.exe
  2⤵
  PID:12984
- C:\Windows\System\EdQkJki.exe
  C:\Windows\System\EdQkJki.exe
  2⤵
  PID:13160
- C:\Windows\System\OspNNii.exe
  C:\Windows\System\OspNNii.exe
  2⤵
  PID:12308
- C:\Windows\System\vAdULoz.exe
  C:\Windows\System\vAdULoz.exe
  2⤵
  PID:12604
- C:\Windows\System\iBEeMcW.exe
  C:\Windows\System\iBEeMcW.exe
  2⤵
  PID:12972
- C:\Windows\System\EaPATXJ.exe
  C:\Windows\System\EaPATXJ.exe
  2⤵
  PID:12412
- C:\Windows\System\HxqQMZw.exe
  C:\Windows\System\HxqQMZw.exe
  2⤵
  PID:13220
- C:\Windows\System\KDAmYlD.exe
  C:\Windows\System\KDAmYlD.exe
  2⤵
  PID:13356
- C:\Windows\System\Txniwpl.exe
  C:\Windows\System\Txniwpl.exe
  2⤵
  PID:13392
- C:\Windows\System\RAhwYIA.exe
  C:\Windows\System\RAhwYIA.exe
  2⤵
  PID:13420
- C:\Windows\System\VtdGcRg.exe
  C:\Windows\System\VtdGcRg.exe
  2⤵
  PID:13444
- C:\Windows\System\RwODACs.exe
  C:\Windows\System\RwODACs.exe
  2⤵
  PID:13484
- C:\Windows\System\vfRieVF.exe
  C:\Windows\System\vfRieVF.exe
  2⤵
  PID:13520
- C:\Windows\System\biFDSdB.exe
  C:\Windows\System\biFDSdB.exe
  2⤵
  PID:13560
- C:\Windows\System\xyVuvLX.exe
  C:\Windows\System\xyVuvLX.exe
  2⤵
  PID:13584
- C:\Windows\System\VgsSOYf.exe
  C:\Windows\System\VgsSOYf.exe
  2⤵
  PID:13616
- C:\Windows\System\rVzXCPL.exe
  C:\Windows\System\rVzXCPL.exe
  2⤵
  PID:13648
- C:\Windows\System\LLKAKCn.exe
  C:\Windows\System\LLKAKCn.exe
  2⤵
  PID:13664
- C:\Windows\System\XMyHZSt.exe
  C:\Windows\System\XMyHZSt.exe
  2⤵
  PID:13680
- C:\Windows\System\VuoDvZK.exe
  C:\Windows\System\VuoDvZK.exe
  2⤵
  PID:13740
- C:\Windows\System\NbuitoL.exe
  C:\Windows\System\NbuitoL.exe
  2⤵
  PID:13756
- C:\Windows\System\BSOqiIi.exe
  C:\Windows\System\BSOqiIi.exe
  2⤵
  PID:13796
- C:\Windows\System\fqHePXp.exe
  C:\Windows\System\fqHePXp.exe
  2⤵
  PID:13824
- C:\Windows\System\PWqsBFF.exe
  C:\Windows\System\PWqsBFF.exe
  2⤵
  PID:13852
- C:\Windows\System\amRYuIr.exe
  C:\Windows\System\amRYuIr.exe
  2⤵
  PID:13880
- C:\Windows\System\BSfGeyj.exe
  C:\Windows\System\BSfGeyj.exe
  2⤵
  PID:13908
- C:\Windows\System\EKDzJmd.exe
  C:\Windows\System\EKDzJmd.exe
  2⤵
  PID:13936
- C:\Windows\System\Bevylak.exe
  C:\Windows\System\Bevylak.exe
  2⤵
  PID:13964
- C:\Windows\System\ywWpHjA.exe
  C:\Windows\System\ywWpHjA.exe
  2⤵
  PID:13992
- C:\Windows\System\cWJNiQt.exe
  C:\Windows\System\cWJNiQt.exe
  2⤵
  PID:14020
- C:\Windows\System\aRdXnuK.exe
  C:\Windows\System\aRdXnuK.exe
  2⤵
  PID:14048
- C:\Windows\System\AIrlINn.exe
  C:\Windows\System\AIrlINn.exe
  2⤵
  PID:14076
- C:\Windows\System\fXOIubK.exe
  C:\Windows\System\fXOIubK.exe
  2⤵
  PID:14104
- C:\Windows\System\YysHAyK.exe
  C:\Windows\System\YysHAyK.exe
  2⤵
  PID:14132
- C:\Windows\System\XCayuLq.exe
  C:\Windows\System\XCayuLq.exe
  2⤵
  PID:14160
- C:\Windows\System\oJovdYM.exe
  C:\Windows\System\oJovdYM.exe
  2⤵
  PID:14188
- C:\Windows\System\WFgUugJ.exe
  C:\Windows\System\WFgUugJ.exe
  2⤵
  PID:14216
- C:\Windows\System\kxgSJqn.exe
  C:\Windows\System\kxgSJqn.exe
  2⤵
  PID:14244
- C:\Windows\System\vMFdtmG.exe
  C:\Windows\System\vMFdtmG.exe
  2⤵
  PID:14272
- C:\Windows\System\zWnbUNz.exe
  C:\Windows\System\zWnbUNz.exe
  2⤵
  PID:14300
- C:\Windows\System\YqEtToQ.exe
  C:\Windows\System\YqEtToQ.exe
  2⤵
  PID:14328
- C:\Windows\System\EBaEeQf.exe
  C:\Windows\System\EBaEeQf.exe
  2⤵
  PID:13332
- C:\Windows\System\ZUbeCoa.exe
  C:\Windows\System\ZUbeCoa.exe
  2⤵
  PID:13416
- C:\Windows\System\rVaVXOx.exe
  C:\Windows\System\rVaVXOx.exe
  2⤵
  PID:13476
- C:\Windows\System\xexcDSd.exe
  C:\Windows\System\xexcDSd.exe
  2⤵
  PID:13572
- C:\Windows\System\qQXlvMI.exe
  C:\Windows\System\qQXlvMI.exe
  2⤵
  PID:13660
- C:\Windows\System\waJEQmk.exe
  C:\Windows\System\waJEQmk.exe
  2⤵
  PID:13720
- C:\Windows\System\LiEnURe.exe
  C:\Windows\System\LiEnURe.exe
  2⤵
  PID:13780
- C:\Windows\System\OJGTSRA.exe
  C:\Windows\System\OJGTSRA.exe
  2⤵
  PID:13864
- C:\Windows\System\BYnkhMS.exe
  C:\Windows\System\BYnkhMS.exe
  2⤵
  PID:13904
- C:\Windows\System\OMURZSf.exe
  C:\Windows\System\OMURZSf.exe
  2⤵
  PID:13980
- C:\Windows\System\hVvfbCB.exe
  C:\Windows\System\hVvfbCB.exe
  2⤵
  PID:14040
- C:\Windows\System\KyMIQbc.exe
  C:\Windows\System\KyMIQbc.exe
  2⤵
  PID:14100
- C:\Windows\System\DJdXcwu.exe
  C:\Windows\System\DJdXcwu.exe
  2⤵
  PID:14172
- C:\Windows\System\vuYBiVZ.exe
  C:\Windows\System\vuYBiVZ.exe
  2⤵
  PID:14236
- C:\Windows\System\IqXlDaj.exe
  C:\Windows\System\IqXlDaj.exe
  2⤵
  PID:14296
- C:\Windows\System\nNZoWhN.exe
  C:\Windows\System\nNZoWhN.exe
  2⤵
  PID:13364
- C:\Windows\System\rFxmVTO.exe
  C:\Windows\System\rFxmVTO.exe
  2⤵
  PID:13552
- C:\Windows\System\GBsUvyN.exe
  C:\Windows\System\GBsUvyN.exe
  2⤵
  PID:13712
- C:\Windows\System\LSuiUpP.exe
  C:\Windows\System\LSuiUpP.exe
  2⤵
  PID:13872
- C:\Windows\System\gbndYlC.exe
  C:\Windows\System\gbndYlC.exe
  2⤵
  PID:14016
- C:\Windows\System\ZZsMpIo.exe
  C:\Windows\System\ZZsMpIo.exe
  2⤵
  PID:14152
- C:\Windows\System\cetIIir.exe
  C:\Windows\System\cetIIir.exe
  2⤵
  PID:14292
- C:\Windows\System\ITcsRAC.exe
  C:\Windows\System\ITcsRAC.exe
  2⤵
  PID:13676
- C:\Windows\System\MQWBZSs.exe
  C:\Windows\System\MQWBZSs.exe
  2⤵
  PID:13960
- C:\Windows\System\OwLdTcD.exe
  C:\Windows\System\OwLdTcD.exe
  2⤵
  PID:3508
- C:\Windows\System\VlsvzyG.exe
  C:\Windows\System\VlsvzyG.exe
  2⤵
  PID:13612
- C:\Windows\System\vsWvZKF.exe
  C:\Windows\System\vsWvZKF.exe
  2⤵
  PID:14352
- C:\Windows\System\TyEViGT.exe
  C:\Windows\System\TyEViGT.exe
  2⤵
  PID:14380
- C:\Windows\System\ZNiMvoG.exe
  C:\Windows\System\ZNiMvoG.exe
  2⤵
  PID:14408
- C:\Windows\System\kSNoFOo.exe
  C:\Windows\System\kSNoFOo.exe
  2⤵
  PID:14436
- C:\Windows\System\zLqCrzG.exe
  C:\Windows\System\zLqCrzG.exe
  2⤵
  PID:14464
- C:\Windows\System\uwvsKZh.exe
  C:\Windows\System\uwvsKZh.exe
  2⤵
  PID:14492
- C:\Windows\System\CrnFOFP.exe
  C:\Windows\System\CrnFOFP.exe
  2⤵
  PID:14520
- C:\Windows\System\OwjcUpY.exe
  C:\Windows\System\OwjcUpY.exe
  2⤵
  PID:14548
- C:\Windows\System\qrfvxyN.exe
  C:\Windows\System\qrfvxyN.exe
  2⤵
  PID:14576
- C:\Windows\System\bdLGwfw.exe
  C:\Windows\System\bdLGwfw.exe
  2⤵
  PID:14604
- C:\Windows\System\dFEtRzl.exe
  C:\Windows\System\dFEtRzl.exe
  2⤵
  PID:14632
- C:\Windows\System\RErNoVN.exe
  C:\Windows\System\RErNoVN.exe
  2⤵
  PID:14660
- C:\Windows\System\fgOtjRJ.exe
  C:\Windows\System\fgOtjRJ.exe
  2⤵
  PID:14736
- C:\Windows\System\YotEXur.exe
  C:\Windows\System\YotEXur.exe
  2⤵
  PID:14752

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AwPWOIA.exe

Filesize
2.7MB

MD5
fe9275c1f69e9469e07528af540262ed

SHA1
79dbf89c71d3af01f007eb946afdd6e8807c0048

SHA256
bfa04937bc174550762ed5b40c50948cd3e39d8ae9b6bcbe8f284c512b568b73

SHA512
3580658c1150dd2b568184c6b762c17137fac85c7d09bdfd22cf2fa7513ae26216b2348f61e8dd7d8a222df002ce59279618eca066e72ed97ba261dada293778

Download Submit
C:\Windows\System\FXeGPvB.exe

Filesize
2.7MB

MD5
ab0cef5fff3c7d36d6e1ff7db0060611

SHA1
8d5fb41625978cedfc8adb85dba78a22c72bf57d

SHA256
1a6d8450fb5166b25fc78a851693254256a23d70a6ccbd6bb5063ffbcafe6c25

SHA512
3b27bdab25314011e325fa1aa575b8840a00d684c7335a968b208367e4d996c42b14d89e3cb9367706d59f95e4986f2b245f5adca7aa3ae289a2032eaa3801b8

Download Submit
C:\Windows\System\FhxRosG.exe

Filesize
2.7MB

MD5
34b3306a23df74f39231f18408547a79

SHA1
a79dda21c00b4b23a7fb7af4c473fe8c4148437b

SHA256
82e60a334adb5720cff27140ba5435a15e80b300488ed9dc59c2242d173df21e

SHA512
235016c1f5c4a5641a3a3b96642c094e893aea3b64a0232f7ec261432d7153b644d8de8c1f9debd0b8b9057712bdaa9aa9410c77db5a7e57961f25ffc78e9ba1

Download Submit
C:\Windows\System\GGLNdza.exe

Filesize
2.7MB

MD5
0693a4e0df7392a1f8eb238d3894b685

SHA1
1c7d9ab4c58127c7d3caacdf4387cd253dbb5fdf

SHA256
77a01bd0b65bebb52cf9b73eac3c2d7de5a6d774a37fb0d79476315494ffd6f3

SHA512
b7dda2e8626c07d31d3c4df72a4feefdc311c061a034c165e868fb226f541edf7efc5b150215a8d7f2ce34b73e97efc9db0328b4112e3101241eed2578e2e16e

Download Submit
C:\Windows\System\GZNrdRW.exe

Filesize
2.7MB

MD5
7d8add48f368672a374fea975e2879c9

SHA1
6f7a8dbcfbb2479807e892cff7cc659328b0a6d3

SHA256
b2b69bbbfd557ff4ee4afe31ced2a53c3079ee76f9057b9e2aa5612146f17387

SHA512
b905fd6073e953e5ca802cbe0b1d4eeac9d75e2308cb4501019e398a235cd6271faf4ddad77bed25c6e075c28f9f9663275598b224e8a8b11780e308e2db3a06

Download Submit
C:\Windows\System\HFMSrgX.exe

Filesize
2.7MB

MD5
44612fd3475d3f54cc025b7b0efd98ec

SHA1
cbba1d4258573a2cced048d3f52efdad0b773113

SHA256
5bcb6b2de1b0e3a6b1dd28a819e227031ca8ac344a441733799edbd0a0b895a8

SHA512
540d4826afd93dcb8dfd5ef9fbd45017c47237b82e7a7007e3a83e73977bd0f75a6042268eedd8051fc0c9819a89eac400223fea36ce5b268931eb7f886dd351

Download Submit
C:\Windows\System\KpyGDhC.exe

Filesize
2.7MB

MD5
3fe88b73487f2669a6c559c338e42371

SHA1
9d3a854143e1a01c09ebc12f1944889149c93711

SHA256
95abba3e995018c583b6f80025fabca3c16f2e8e8451cfa51fe41d1201fb0531

SHA512
c6b080981a96093e2c3301b0cf72f4c11108308596dc028621c821c59dde9d019f61aee3735f9953c043790d8a2183329295755f72dab2095950c44faa33933b

Download Submit
C:\Windows\System\MpxvYNi.exe

Filesize
2.7MB

MD5
ceca0f6c2b6778261bed3a56843828dc

SHA1
1b2543703ff93b7cd053f7ba4a7d69b606f68297

SHA256
dc82c4ceb362b502c4fcd113ccc408af93c8cb537bcf1eb3f45b38f5b20cbe5d

SHA512
c16e28da861e7591b07257a74ed773e64738a62e8ff86e0c4f3a93bab90087caf97fef8e75ed83bfbaf948bf2947534bb096ee3bd627c5f9b46e9535cb48ecdd

Download Submit
C:\Windows\System\OAcKgmn.exe

Filesize
2.7MB

MD5
6b8e7cc2b65c6d883783b496dacaeb54

SHA1
6c122697e1e536af8dae2e085375311cc22975a9

SHA256
5fd38bb206823a5592bcce4b7348dcc9aa9c423ace0ddbc5793c44df46ca3fbf

SHA512
54cbdd3b8b4a4036560251d97cecd5028da61da1a6bca3f05fa74fdb5345e579dba9727d6071495b40e6db29404e5d1b3b30ca9c1574242d9c406ac80e5ec270

Download Submit
C:\Windows\System\PjGfCHh.exe

Filesize
2.7MB

MD5
b78bcbc4503a72ef013a753bf6412f47

SHA1
366d3cec847d369f6aed86e6aed04f79f9d5150f

SHA256
8c2a7cf5411a7671214f0aa6335faac2642d7979181e613a0b9bbd7cbfa3132f

SHA512
b330f30ea5a4236592ff636e93ad900f303cba9afd29b9f8ade21c670bcd0ca08100596921afc5b2eed11e85ead6ab6a4175ede326d8ec6e1058dffc21551c0e

Download Submit
C:\Windows\System\SOIooDv.exe

Filesize
2.7MB

MD5
f99ed8322cdf65fa0cc452144945eaee

SHA1
7115b187b4b1b2fb53260a0b1f3c386b81b367b6

SHA256
9dfaf3009c39fc179adb2a4c61115a91f5438cc0ac2dba089d3d981fbfdf8990

SHA512
b1d31225573ed68a72a05b5585c6b66e2749c2aebf08746ba5be17b6da461a9e4d33615ce0924a59da25f293965d2e0b4927cee9ea88dd5a935761d5f1dd46cf

Download Submit
C:\Windows\System\UOnDgRq.exe

Filesize
2.7MB

MD5
fb984921a1bfc1be710a479823e8bf48

SHA1
d6d74c124880f09b72e21ea77827779bf88e6e39

SHA256
e80e4155753769540101301facaa8b328f0ceef36cd41383e3a58d6274b6271d

SHA512
b265eb87e000e13b6a66806c5d0437a54be58e137b6dd2e29ab23953f41f18f9b07270650cc0f900068c0dac712a8e94a9786ceb2caee0a8ec698034cf2256e6

Download Submit
C:\Windows\System\WAmLFMn.exe

Filesize
2.7MB

MD5
e98415be5862560812c0e7b4cb14131e

SHA1
0d24d631aa243a0095b2047dd899d892ee88ca11

SHA256
eb25019ab1943d346de3b3797a3b8ec9fbe64f9c8be52f3382bdcc9011a17d6c

SHA512
34af4bcc77c1ea92ba822494977e6c62a785cbd012ad497d6fc6ba75a22fd799f7455e2e0f2a3329f510e4dac958a11eb58d5680a045622e30d0e61e51c71585

Download Submit
C:\Windows\System\WzLsHSV.exe

Filesize
2.7MB

MD5
7942145bcf35b21bedd5b1889da8b9dd

SHA1
9f9b2388102c3e9a5d2ef108018f9dce32499fae

SHA256
6ed88d59a511551abdc12c76a1dae92548b88c92d86ed2d52db9cbbdd0953e01

SHA512
aed65aadfa1a399ed0158000fed3ce04dd133ba250d5643d5c7474c1d973c97177e7555c5fe2f875358bcf5cd48528ca39039539dc393ed465a8de8e33efef9e

Download Submit
C:\Windows\System\XABEfZV.exe

Filesize
2.7MB

MD5
466c7a932d49e793c1824dc4f204e563

SHA1
4bb4d10515bb4a8d90c3d2a16f61a190d35f4a69

SHA256
369844b80dbe9f41171d5fe173168dc22871aa30a1b3c9589e30af3cb9de7ab4

SHA512
9fbd7f546ede47cff7d8e55cdc9c50f9870d5170c13cba066dd955c47559a153a454b5849b9d61774c0f9e2891c7c36575607a595f816570a2b5b96935a92b2e

Download Submit
C:\Windows\System\XPdrSOG.exe

Filesize
2.7MB

MD5
2039587af7cffe2db6ab8784eaad61eb

SHA1
ca140b935978b92195916e3232d34b8b8e9fef2b

SHA256
7c41de43ee9370f4fbc0418fada9fd5e59d8070d72325813ae048bbf55819fae

SHA512
1eaf14029439bba47ad9d3b67aa749bb56b9d9dc6ec6fdb4f16dac72293968ee024d70551ae5c2c5a5b9cd1113f664de8d021a087e750fd2ffe399c8035df45b

Download Submit
C:\Windows\System\XjyQKrZ.exe

Filesize
2.7MB

MD5
2e58a09c679d3b926b28683f5444bc1d

SHA1
ca2e17459edfdd7cfeba3317735275f018be0d53

SHA256
98fef5928cb24a21a394e052c3efbc4e6a2446a0377e85cea41e9ebae5b9239f

SHA512
4755244d90e851d943b7a6eee7482c677dcf419428adf18cdf150882dd37743f836d5a3f0b38e3a92ebd3b6123e7143f0c4fe94cfd4433fd99be82068e712373

Download Submit
C:\Windows\System\YpvRPox.exe

Filesize
2.7MB

MD5
4a343761cffb0fd89e50556bbdfd401a

SHA1
ef5e2c283a94c8b30e1383a97df085863c87f5bc

SHA256
3859d782dd0cdb40e316a23a0335907bad89b5631fa1f8d9efc0258ade68f366

SHA512
fa5af8d3529e09c98386154ec4e328f4cf50cf6d6a8a43a1af701431a96b874f92c803c52696cebc08c9cba7a802532da34c4cae0e29dec66be5a1947ca61218

Download Submit
C:\Windows\System\ZBPHccz.exe

Filesize
2.7MB

MD5
fffa332ce8ccc9f970bb20e6604cb10c

SHA1
26b045cf61a2c683c606d772555a9d191ccb23ca

SHA256
a6caa58c70ae23c59e18f0ecda4f7446778bbf67d0f7ed3da69b5ce2373f2f54

SHA512
9ce1f378fedb77f758715451e08a5e66bda149d01257ad1bba419487fce1e22a24623fb5bf5a1a7a488e5a91dc95df092835204ead9fa255843741cc0363cfbb

Download Submit
C:\Windows\System\aHWxbPx.exe

Filesize
2.7MB

MD5
9f8eca7e23c76490e5561c60352cd7c9

SHA1
7776a99ac99ab123c812b8b81f0f8759f2b7d1a1

SHA256
f61896beb23e9d547f512f99ee8107965213f323f50e785f8f1d1c4b76570c04

SHA512
aea38811ca2e20f5536288b8fd5dae07d44541891853fee46e133d5c6d6c4b0eb7dda52c6c5451d4bd1ed6391a510bf003dd018862bfdbfef0d5c7553d5f3ae8

Download Submit
C:\Windows\System\ciihslE.exe

Filesize
2.7MB

MD5
02dbd91657941d4398ea5b632a9e9b4e

SHA1
5d02454536f4543907afa39845e801fc1588db7c

SHA256
21955b12d5adb61d344969c84c931396fc61af465ffb9b6aa61e73d63f7550e4

SHA512
9f842d16e57d700797f53cd39cfb5ddda0d9ff4649e39e46f7f28e00ff3fb7a8509efccb456cef1d42549a1d28e51665215524f08be1f617e42396ee38fb952f

Download Submit
C:\Windows\System\dghiDoe.exe

Filesize
2.7MB

MD5
6775dac4bbdc4d6b110fe22333fd2294

SHA1
8a699745556b6ac915ec81574668475025bca1c1

SHA256
8f51facf7ee930880dc2c08b3efb00ec452936b71bb7551321967e1e3cc5f74e

SHA512
26640b85810f1c7b234e500a67317e7f1cdfe6f15f613fdd787db08d9e360356b396b3febff53635c45075739851972235799fc651e192d10a6cf0b6ec3d82d4

Download Submit
C:\Windows\System\eJxUgLR.exe

Filesize
2.7MB

MD5
b9e0f7bd2f66e635e828458fac690a97

SHA1
edbf9e3eb534a72ac11ce11a4099c946c3f7a2a5

SHA256
12ce31d85866819cd7a7ecec211cfb45adf3a21c31578972dd00c7d4ac09b089

SHA512
b17080cc5d0abe9ba31e3bafce64a6e0cd6237fa7649151bb22d2d379e8ad9c6ff57d5631243a90547eca25edb0a7742511b83556cbbb02c1eda4902f1baff40

Download Submit
C:\Windows\System\gszGERy.exe

Filesize
2.7MB

MD5
8946f286d6d94bd04614b6b3434fc867

SHA1
1992ba20bdf24e04d28b61c18b96f9969f6c7e7a

SHA256
87459b9c9839a29446a396bf8124528aec387f16ba96cfbcebde75e3ef4ba00c

SHA512
ef770da08d49ffd8ff1519107932cf64c4d4bb472d311623861686c76d4a004d2d92b166e931738849d2b4a4e7d42c4c6a5148a1c439fb3bc11b236016d7bc0a

Download Submit
C:\Windows\System\hedQSQI.exe

Filesize
2.7MB

MD5
3a00adaaee07ceef09bd1f5d1466a999

SHA1
248a2c0f7afc7b79a755f91a506db07662413339

SHA256
3b4146365b5d8c6993f8c739f65b54f767311fce92610b0de698bdda46167e17

SHA512
9390400694a1d715f940982290a95a3d5d0f964795e175050714a49acb42bd82a50bf5cabc5d5e825bcde368fedc705044ac30c79bf6c9c6c595d01f27b6dc95

Download Submit
C:\Windows\System\iHjNVzB.exe

Filesize
2.7MB

MD5
0e2df63e80d2df9825e3ea204cb64a32

SHA1
7a32c1e5633cf5221e9d1223d156eb97170c063a

SHA256
4bdaf950fd88a609cafc711ef78960d7f7e64f9f1a4c4075a1c5c34949d1cdb6

SHA512
0338309c0682a068b43e19376ef4dd540923ef78c283f09908dfc707b3b83133fc6baf0d71349187afdcd49041c8f8d4ac8d1345f59550a0565f481e93903f55

Download Submit
C:\Windows\System\iSJehCZ.exe

Filesize
2.7MB

MD5
5506c121b49cfc66d90ae0d420ba4025

SHA1
ab1ba3c40ff14bff629bbe296a3d762790c61113

SHA256
fec833b1585494a69569e3524910d44c5b666f9d81add709c5ba5f5422d6b2a6

SHA512
bf091ae63eeedde09b021b2bfaf4a23252ed7eebe92e4c020c6b33cf45b4f61a8f71ef4f49ddbec4c8266b9572bf16caf1450e26d9f646a1f1b8fef08412afbb

Download Submit
C:\Windows\System\kpDsUYA.exe

Filesize
2.7MB

MD5
b32915b23bead09766f8fbfe7e77a0d2

SHA1
bf523888ab828ad07e1953d41cfebb33c5218ad5

SHA256
d3996ca01f85cb5d06907af653882ab5b468580715bd69780b35f40792a00677

SHA512
b165fff5fd17fa1dca80e8a00b82ad827d32bffecd348d176b8a3fdd89ee4c7589e8ece143d8846ad76fb14cea43a16d2a88f463454349dffaca5a55d67b2a56

Download Submit
C:\Windows\System\mIuMXjJ.exe

Filesize
2.7MB

MD5
6d2a661723db4395596842a41428796c

SHA1
432e61f8bbf0d970c5e6ab79a0799a058006a2ba

SHA256
52efc2c9b2e777c5b8dcec357733c3faf82dbd18f673c56122285aa4eb963ef0

SHA512
75fddd5995c82dd7576d2154e3c9b1cd6bc9584cca325f4d1b2f2702b2fcafeb97428001ceadbcbc33ef2b8a9ba98d83f4714fcdd4f71303f747398f9ab92d2f

Download Submit
C:\Windows\System\rIjFYqZ.exe

Filesize
2.7MB

MD5
4eec2104269cc9e486f7ca2055d093d2

SHA1
f4ff08926046a611560b7e02fad9491b43adfc8b

SHA256
32827cfd9564bf881a3cd31d914fe7c8b1d3486b6f2e0708806aea7cd3f3e825

SHA512
a90bae5f87c2e7c1fadeb194fcff5ad7695d06f8d880c876c6f331e781c70bbdf9ddb60999c104062871a63cf2b97857b14f19214e9dedc9cc81aff076a0e7a6

Download Submit
C:\Windows\System\tYxibhN.exe

Filesize
2.7MB

MD5
4d60ca9f9f1333c69e762219bd385555

SHA1
a7b95bedd863b4449baa45a99a5e4c7c30646c37

SHA256
01f00eaba71f204b5407c72eb113de3f18d0a4d0a9e7c4c0c3445b2f8785431d

SHA512
82237dd8202e7b65354bc869e29ac79cc0664163aae83c08cd46fc5d5477e4b96ac52f6649b532928b30354aca3801e571a8034dc8230ebbe43f907d222d8e56

Download Submit
C:\Windows\System\vXPHWjA.exe

Filesize
2.7MB

MD5
8f6c1b37638a2dcec37115b88ba5b545

SHA1
ab00fb93a8aa4b5abe75e75615b1b5e8220968b4

SHA256
4c7ba60256af1da23c15b7f21e06a8a6ffb373224e0c04161d3f6c1821958d70

SHA512
3399aff278657443f3c6f3cb94d030cab4689d30d1db03530ff71a8398bbbdea03a27405976be28be637f9efb81fbbda2360f873abf4475429ee191280b44387

Download Submit
C:\Windows\System\zBqVycw.exe

Filesize
2.7MB

MD5
237261ae9145f5ae493fe9c99abad7d5

SHA1
b9e661782e13f2d00fe31b71ac7aac85eea4fd85

SHA256
b4420a4c4f4bbe8d2b1c46a9dc667f3388edd508489486b111f7025153cf4df6

SHA512
d90869cc098880e594ef12498edf0ac29cd54b02762c3c3072fc5c0218d93fc0ccfb8eccb470e2f03728bb1a741ece7374de9d8dfb75496c9e82eb0e2d507b1a

Download Submit
memory/916-34-0x00007FF717A10000-0x00007FF717D64000-memory.dmp

Filesize
3.3MB

Download
memory/916-2107-0x00007FF717A10000-0x00007FF717D64000-memory.dmp

Filesize
3.3MB

Download
memory/916-2101-0x00007FF717A10000-0x00007FF717D64000-memory.dmp

Filesize
3.3MB

Download
memory/1068-2126-0x00007FF7F7EF0000-0x00007FF7F8244000-memory.dmp

Filesize
3.3MB

Download
memory/1068-568-0x00007FF7F7EF0000-0x00007FF7F8244000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2102-0x00007FF6990C0000-0x00007FF699414000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2112-0x00007FF6990C0000-0x00007FF699414000-memory.dmp

Filesize
3.3MB

Download
memory/1216-47-0x00007FF6990C0000-0x00007FF699414000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2106-0x00007FF6C9890000-0x00007FF6C9BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-26-0x00007FF6C9890000-0x00007FF6C9BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2099-0x00007FF6C9890000-0x00007FF6C9BE4000-memory.dmp

Filesize
3.3MB

Download
memory/1368-594-0x00007FF7F0D50000-0x00007FF7F10A4000-memory.dmp

Filesize
3.3MB

Download
memory/1368-2111-0x00007FF7F0D50000-0x00007FF7F10A4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-547-0x00007FF6815D0000-0x00007FF681924000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2118-0x00007FF6815D0000-0x00007FF681924000-memory.dmp

Filesize
3.3MB

Download
memory/1816-2105-0x00007FF606F80000-0x00007FF6072D4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-31-0x00007FF606F80000-0x00007FF6072D4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-545-0x00007FF6157E0000-0x00007FF615B34000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2116-0x00007FF6157E0000-0x00007FF615B34000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1-0x00000253B6680000-0x00000253B6690000-memory.dmp

Filesize
64KB

Download
memory/2724-0-0x00007FF71D030000-0x00007FF71D384000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1278-0x00007FF71D030000-0x00007FF71D384000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2130-0x00007FF798DE0000-0x00007FF799134000-memory.dmp

Filesize
3.3MB

Download
memory/2764-586-0x00007FF798DE0000-0x00007FF799134000-memory.dmp

Filesize
3.3MB

Download
memory/3128-2109-0x00007FF656CA0000-0x00007FF656FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3128-544-0x00007FF656CA0000-0x00007FF656FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3280-549-0x00007FF7B2BF0000-0x00007FF7B2F44000-memory.dmp

Filesize
3.3MB

Download
memory/3280-2121-0x00007FF7B2BF0000-0x00007FF7B2F44000-memory.dmp

Filesize
3.3MB

Download
memory/3300-542-0x00007FF7648D0000-0x00007FF764C24000-memory.dmp

Filesize
3.3MB

Download
memory/3300-2113-0x00007FF7648D0000-0x00007FF764C24000-memory.dmp

Filesize
3.3MB

Download
memory/3536-2122-0x00007FF6178A0000-0x00007FF617BF4000-memory.dmp

Filesize
3.3MB

Download
memory/3536-550-0x00007FF6178A0000-0x00007FF617BF4000-memory.dmp

Filesize
3.3MB

Download
memory/3624-2123-0x00007FF65B620000-0x00007FF65B974000-memory.dmp

Filesize
3.3MB

Download
memory/3624-559-0x00007FF65B620000-0x00007FF65B974000-memory.dmp

Filesize
3.3MB

Download
memory/3792-555-0x00007FF7E9190000-0x00007FF7E94E4000-memory.dmp

Filesize
3.3MB

Download
memory/3792-2124-0x00007FF7E9190000-0x00007FF7E94E4000-memory.dmp

Filesize
3.3MB

Download
memory/4124-2110-0x00007FF7786D0000-0x00007FF778A24000-memory.dmp

Filesize
3.3MB

Download
memory/4124-592-0x00007FF7786D0000-0x00007FF778A24000-memory.dmp

Filesize
3.3MB

Download
memory/4184-2117-0x00007FF78D410000-0x00007FF78D764000-memory.dmp

Filesize
3.3MB

Download
memory/4184-546-0x00007FF78D410000-0x00007FF78D764000-memory.dmp

Filesize
3.3MB

Download
memory/4192-548-0x00007FF651DF0000-0x00007FF652144000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2119-0x00007FF651DF0000-0x00007FF652144000-memory.dmp

Filesize
3.3MB

Download
memory/4204-33-0x00007FF746A10000-0x00007FF746D64000-memory.dmp

Filesize
3.3MB

Download
memory/4204-2108-0x00007FF746A10000-0x00007FF746D64000-memory.dmp

Filesize
3.3MB

Download
memory/4204-2100-0x00007FF746A10000-0x00007FF746D64000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2125-0x00007FF67B7E0000-0x00007FF67BB34000-memory.dmp

Filesize
3.3MB

Download
memory/4476-564-0x00007FF67B7E0000-0x00007FF67BB34000-memory.dmp

Filesize
3.3MB

Download
memory/4500-577-0x00007FF68C600000-0x00007FF68C954000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2127-0x00007FF68C600000-0x00007FF68C954000-memory.dmp

Filesize
3.3MB

Download
memory/4532-583-0x00007FF6206C0000-0x00007FF620A14000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2131-0x00007FF6206C0000-0x00007FF620A14000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2114-0x00007FF6D6410000-0x00007FF6D6764000-memory.dmp

Filesize
3.3MB

Download
memory/4572-541-0x00007FF6D6410000-0x00007FF6D6764000-memory.dmp

Filesize
3.3MB

Download
memory/4600-2115-0x00007FF7E2BC0000-0x00007FF7E2F14000-memory.dmp

Filesize
3.3MB

Download
memory/4600-543-0x00007FF7E2BC0000-0x00007FF7E2F14000-memory.dmp

Filesize
3.3MB

Download
memory/4620-2129-0x00007FF781A40000-0x00007FF781D94000-memory.dmp

Filesize
3.3MB

Download
memory/4620-589-0x00007FF781A40000-0x00007FF781D94000-memory.dmp

Filesize
3.3MB

Download
memory/4640-2120-0x00007FF793060000-0x00007FF7933B4000-memory.dmp

Filesize
3.3MB

Download
memory/4640-567-0x00007FF793060000-0x00007FF7933B4000-memory.dmp

Filesize
3.3MB

Download
memory/5000-22-0x00007FF721040000-0x00007FF721394000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2103-0x00007FF721040000-0x00007FF721394000-memory.dmp

Filesize
3.3MB

Download
memory/5044-1622-0x00007FF6C0050000-0x00007FF6C03A4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-2104-0x00007FF6C0050000-0x00007FF6C03A4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-13-0x00007FF6C0050000-0x00007FF6C03A4000-memory.dmp

Filesize
3.3MB

Download
memory/5096-575-0x00007FF7CF300000-0x00007FF7CF654000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2128-0x00007FF7CF300000-0x00007FF7CF654000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads